From e27ce3d79054c267388e02566879e89804bd9121 Mon Sep 17 00:00:00 2001 From: Jeffrey Aven Date: Sat, 20 Apr 2024 08:33:27 +1000 Subject: [PATCH 1/3] updated aws --- providers/src/aws/v00.00.00000/provider.yaml | 1953 +- .../src/aws/v00.00.00000/services/.gitignore | 10 + .../aws/v00.00.00000/services/cloudhsm.yaml | 2091 + .../v00.00.00000/services/cloudwatch_api.yaml | 4741 + .../src/aws/v00.00.00000/services/ec2.yaml | 94387 +++------------- .../aws/v00.00.00000/services/ec2_api.yaml | 80190 +++++++++++++ .../src/aws/v00.00.00000/services/iam.yaml | 33443 +----- .../aws/v00.00.00000/services/iam_api.yaml | 31632 ++++++ .../src/aws/v00.00.00000/services/s3.yaml | 19836 +--- .../src/aws/v00.00.00000/services/s3_api.yaml | 17160 +++ 10 files changed, 157055 insertions(+), 128388 deletions(-) create mode 100644 providers/src/aws/v00.00.00000/services/.gitignore create mode 100644 providers/src/aws/v00.00.00000/services/cloudhsm.yaml create mode 100644 providers/src/aws/v00.00.00000/services/cloudwatch_api.yaml create mode 100644 providers/src/aws/v00.00.00000/services/ec2_api.yaml create mode 100644 providers/src/aws/v00.00.00000/services/iam_api.yaml create mode 100644 providers/src/aws/v00.00.00000/services/s3_api.yaml diff --git a/providers/src/aws/v00.00.00000/provider.yaml b/providers/src/aws/v00.00.00000/provider.yaml index 06cb03c0..fd7f30b2 100644 --- a/providers/src/aws/v00.00.00000/provider.yaml +++ b/providers/src/aws/v00.00.00000/provider.yaml @@ -2,24 +2,1599 @@ id: aws name: aws version: v00.00.00000 providerServices: + accessanalyzer: + id: accessanalyzer:v00.00.00000 + name: accessanalyzer + preferred: true + service: + $ref: aws/v00.00.00000/services/accessanalyzer.yaml + title: accessanalyzer + version: v00.00.00000 + description: accessanalyzer + acmpca: + id: acmpca:v00.00.00000 + name: acmpca + preferred: true + service: + $ref: aws/v00.00.00000/services/acmpca.yaml + title: acmpca + version: v00.00.00000 + description: acmpca + amplify: + id: amplify:v00.00.00000 + name: amplify + preferred: true + service: + $ref: aws/v00.00.00000/services/amplify.yaml + title: amplify + version: v00.00.00000 + description: amplify + amplifyuibuilder: + id: amplifyuibuilder:v00.00.00000 + name: amplifyuibuilder + preferred: true + service: + $ref: aws/v00.00.00000/services/amplifyuibuilder.yaml + title: amplifyuibuilder + version: v00.00.00000 + description: amplifyuibuilder + apigateway: + id: apigateway:v00.00.00000 + name: apigateway + preferred: true + service: + $ref: aws/v00.00.00000/services/apigateway.yaml + title: apigateway + version: v00.00.00000 + description: apigateway + apigatewayv2: + id: apigatewayv2:v00.00.00000 + name: apigatewayv2 + preferred: true + service: + $ref: aws/v00.00.00000/services/apigatewayv2.yaml + title: apigatewayv2 + version: v00.00.00000 + description: apigatewayv2 + appconfig: + id: appconfig:v00.00.00000 + name: appconfig + preferred: true + service: + $ref: aws/v00.00.00000/services/appconfig.yaml + title: appconfig + version: v00.00.00000 + description: appconfig + appflow: + id: appflow:v00.00.00000 + name: appflow + preferred: true + service: + $ref: aws/v00.00.00000/services/appflow.yaml + title: appflow + version: v00.00.00000 + description: appflow + appintegrations: + id: appintegrations:v00.00.00000 + name: appintegrations + preferred: true + service: + $ref: aws/v00.00.00000/services/appintegrations.yaml + title: appintegrations + version: v00.00.00000 + description: appintegrations + applicationautoscaling: + id: applicationautoscaling:v00.00.00000 + name: applicationautoscaling + preferred: true + service: + $ref: aws/v00.00.00000/services/applicationautoscaling.yaml + title: applicationautoscaling + version: v00.00.00000 + description: applicationautoscaling + applicationinsights: + id: applicationinsights:v00.00.00000 + name: applicationinsights + preferred: true + service: + $ref: aws/v00.00.00000/services/applicationinsights.yaml + title: applicationinsights + version: v00.00.00000 + description: applicationinsights + apprunner: + id: apprunner:v00.00.00000 + name: apprunner + preferred: true + service: + $ref: aws/v00.00.00000/services/apprunner.yaml + title: apprunner + version: v00.00.00000 + description: apprunner + appstream: + id: appstream:v00.00.00000 + name: appstream + preferred: true + service: + $ref: aws/v00.00.00000/services/appstream.yaml + title: appstream + version: v00.00.00000 + description: appstream + appsync: + id: appsync:v00.00.00000 + name: appsync + preferred: true + service: + $ref: aws/v00.00.00000/services/appsync.yaml + title: appsync + version: v00.00.00000 + description: appsync + aps: + id: aps:v00.00.00000 + name: aps + preferred: true + service: + $ref: aws/v00.00.00000/services/aps.yaml + title: aps + version: v00.00.00000 + description: aps + arczonalshift: + id: arczonalshift:v00.00.00000 + name: arczonalshift + preferred: true + service: + $ref: aws/v00.00.00000/services/arczonalshift.yaml + title: arczonalshift + version: v00.00.00000 + description: arczonalshift + athena: + id: athena:v00.00.00000 + name: athena + preferred: true + service: + $ref: aws/v00.00.00000/services/athena.yaml + title: athena + version: v00.00.00000 + description: athena + auditmanager: + id: auditmanager:v00.00.00000 + name: auditmanager + preferred: true + service: + $ref: aws/v00.00.00000/services/auditmanager.yaml + title: auditmanager + version: v00.00.00000 + description: auditmanager + autoscaling: + id: autoscaling:v00.00.00000 + name: autoscaling + preferred: true + service: + $ref: aws/v00.00.00000/services/autoscaling.yaml + title: autoscaling + version: v00.00.00000 + description: autoscaling + b2bi: + id: b2bi:v00.00.00000 + name: b2bi + preferred: true + service: + $ref: aws/v00.00.00000/services/b2bi.yaml + title: b2bi + version: v00.00.00000 + description: b2bi + backup: + id: backup:v00.00.00000 + name: backup + preferred: true + service: + $ref: aws/v00.00.00000/services/backup.yaml + title: backup + version: v00.00.00000 + description: backup + backupgateway: + id: backupgateway:v00.00.00000 + name: backupgateway + preferred: true + service: + $ref: aws/v00.00.00000/services/backupgateway.yaml + title: backupgateway + version: v00.00.00000 + description: backupgateway + batch: + id: batch:v00.00.00000 + name: batch + preferred: true + service: + $ref: aws/v00.00.00000/services/batch.yaml + title: batch + version: v00.00.00000 + description: batch + bcmdataexports: + id: bcmdataexports:v00.00.00000 + name: bcmdataexports + preferred: true + service: + $ref: aws/v00.00.00000/services/bcmdataexports.yaml + title: bcmdataexports + version: v00.00.00000 + description: bcmdataexports + bedrock: + id: bedrock:v00.00.00000 + name: bedrock + preferred: true + service: + $ref: aws/v00.00.00000/services/bedrock.yaml + title: bedrock + version: v00.00.00000 + description: bedrock + billingconductor: + id: billingconductor:v00.00.00000 + name: billingconductor + preferred: true + service: + $ref: aws/v00.00.00000/services/billingconductor.yaml + title: billingconductor + version: v00.00.00000 + description: billingconductor + budgets: + id: budgets:v00.00.00000 + name: budgets + preferred: true + service: + $ref: aws/v00.00.00000/services/budgets.yaml + title: budgets + version: v00.00.00000 + description: budgets + cassandra: + id: cassandra:v00.00.00000 + name: cassandra + preferred: true + service: + $ref: aws/v00.00.00000/services/cassandra.yaml + title: cassandra + version: v00.00.00000 + description: cassandra + ce: + id: ce:v00.00.00000 + name: ce + preferred: true + service: + $ref: aws/v00.00.00000/services/ce.yaml + title: ce + version: v00.00.00000 + description: ce + certificatemanager: + id: certificatemanager:v00.00.00000 + name: certificatemanager + preferred: true + service: + $ref: aws/v00.00.00000/services/certificatemanager.yaml + title: certificatemanager + version: v00.00.00000 + description: certificatemanager + chatbot: + id: chatbot:v00.00.00000 + name: chatbot + preferred: true + service: + $ref: aws/v00.00.00000/services/chatbot.yaml + title: chatbot + version: v00.00.00000 + description: chatbot + cleanrooms: + id: cleanrooms:v00.00.00000 + name: cleanrooms + preferred: true + service: + $ref: aws/v00.00.00000/services/cleanrooms.yaml + title: cleanrooms + version: v00.00.00000 + description: cleanrooms + cleanroomsml: + id: cleanroomsml:v00.00.00000 + name: cleanroomsml + preferred: true + service: + $ref: aws/v00.00.00000/services/cleanroomsml.yaml + title: cleanroomsml + version: v00.00.00000 + description: cleanroomsml + cloudformation: + id: cloudformation:v00.00.00000 + name: cloudformation + preferred: true + service: + $ref: aws/v00.00.00000/services/cloudformation.yaml + title: cloudformation + version: v00.00.00000 + description: cloudformation + cloudfront: + id: cloudfront:v00.00.00000 + name: cloudfront + preferred: true + service: + $ref: aws/v00.00.00000/services/cloudfront.yaml + title: cloudfront + version: v00.00.00000 + description: cloudfront + cloudtrail: + id: cloudtrail:v00.00.00000 + name: cloudtrail + preferred: true + service: + $ref: aws/v00.00.00000/services/cloudtrail.yaml + title: cloudtrail + version: v00.00.00000 + description: cloudtrail + cloudwatch: + id: cloudwatch:v00.00.00000 + name: cloudwatch + preferred: true + service: + $ref: aws/v00.00.00000/services/cloudwatch.yaml + title: cloudwatch + version: v00.00.00000 + description: cloudwatch + codeartifact: + id: codeartifact:v00.00.00000 + name: codeartifact + preferred: true + service: + $ref: aws/v00.00.00000/services/codeartifact.yaml + title: codeartifact + version: v00.00.00000 + description: codeartifact + codebuild: + id: codebuild:v00.00.00000 + name: codebuild + preferred: true + service: + $ref: aws/v00.00.00000/services/codebuild.yaml + title: codebuild + version: v00.00.00000 + description: codebuild + codeconnections: + id: codeconnections:v00.00.00000 + name: codeconnections + preferred: true + service: + $ref: aws/v00.00.00000/services/codeconnections.yaml + title: codeconnections + version: v00.00.00000 + description: codeconnections + codedeploy: + id: codedeploy:v00.00.00000 + name: codedeploy + preferred: true + service: + $ref: aws/v00.00.00000/services/codedeploy.yaml + title: codedeploy + version: v00.00.00000 + description: codedeploy + codeguruprofiler: + id: codeguruprofiler:v00.00.00000 + name: codeguruprofiler + preferred: true + service: + $ref: aws/v00.00.00000/services/codeguruprofiler.yaml + title: codeguruprofiler + version: v00.00.00000 + description: codeguruprofiler + codegurureviewer: + id: codegurureviewer:v00.00.00000 + name: codegurureviewer + preferred: true + service: + $ref: aws/v00.00.00000/services/codegurureviewer.yaml + title: codegurureviewer + version: v00.00.00000 + description: codegurureviewer + codepipeline: + id: codepipeline:v00.00.00000 + name: codepipeline + preferred: true + service: + $ref: aws/v00.00.00000/services/codepipeline.yaml + title: codepipeline + version: v00.00.00000 + description: codepipeline + codestarconnections: + id: codestarconnections:v00.00.00000 + name: codestarconnections + preferred: true + service: + $ref: aws/v00.00.00000/services/codestarconnections.yaml + title: codestarconnections + version: v00.00.00000 + description: codestarconnections + codestarnotifications: + id: codestarnotifications:v00.00.00000 + name: codestarnotifications + preferred: true + service: + $ref: aws/v00.00.00000/services/codestarnotifications.yaml + title: codestarnotifications + version: v00.00.00000 + description: codestarnotifications + cognito: + id: cognito:v00.00.00000 + name: cognito + preferred: true + service: + $ref: aws/v00.00.00000/services/cognito.yaml + title: cognito + version: v00.00.00000 + description: cognito + comprehend: + id: comprehend:v00.00.00000 + name: comprehend + preferred: true + service: + $ref: aws/v00.00.00000/services/comprehend.yaml + title: comprehend + version: v00.00.00000 + description: comprehend + config: + id: config:v00.00.00000 + name: config + preferred: true + service: + $ref: aws/v00.00.00000/services/config.yaml + title: config + version: v00.00.00000 + description: config + connect: + id: connect:v00.00.00000 + name: connect + preferred: true + service: + $ref: aws/v00.00.00000/services/connect.yaml + title: connect + version: v00.00.00000 + description: connect + connectcampaigns: + id: connectcampaigns:v00.00.00000 + name: connectcampaigns + preferred: true + service: + $ref: aws/v00.00.00000/services/connectcampaigns.yaml + title: connectcampaigns + version: v00.00.00000 + description: connectcampaigns + controltower: + id: controltower:v00.00.00000 + name: controltower + preferred: true + service: + $ref: aws/v00.00.00000/services/controltower.yaml + title: controltower + version: v00.00.00000 + description: controltower + cur: + id: cur:v00.00.00000 + name: cur + preferred: true + service: + $ref: aws/v00.00.00000/services/cur.yaml + title: cur + version: v00.00.00000 + description: cur + customerprofiles: + id: customerprofiles:v00.00.00000 + name: customerprofiles + preferred: true + service: + $ref: aws/v00.00.00000/services/customerprofiles.yaml + title: customerprofiles + version: v00.00.00000 + description: customerprofiles + databrew: + id: databrew:v00.00.00000 + name: databrew + preferred: true + service: + $ref: aws/v00.00.00000/services/databrew.yaml + title: databrew + version: v00.00.00000 + description: databrew + datapipeline: + id: datapipeline:v00.00.00000 + name: datapipeline + preferred: true + service: + $ref: aws/v00.00.00000/services/datapipeline.yaml + title: datapipeline + version: v00.00.00000 + description: datapipeline + datasync: + id: datasync:v00.00.00000 + name: datasync + preferred: true + service: + $ref: aws/v00.00.00000/services/datasync.yaml + title: datasync + version: v00.00.00000 + description: datasync + datazone: + id: datazone:v00.00.00000 + name: datazone + preferred: true + service: + $ref: aws/v00.00.00000/services/datazone.yaml + title: datazone + version: v00.00.00000 + description: datazone + deadline: + id: deadline:v00.00.00000 + name: deadline + preferred: true + service: + $ref: aws/v00.00.00000/services/deadline.yaml + title: deadline + version: v00.00.00000 + description: deadline + detective: + id: detective:v00.00.00000 + name: detective + preferred: true + service: + $ref: aws/v00.00.00000/services/detective.yaml + title: detective + version: v00.00.00000 + description: detective + devopsguru: + id: devopsguru:v00.00.00000 + name: devopsguru + preferred: true + service: + $ref: aws/v00.00.00000/services/devopsguru.yaml + title: devopsguru + version: v00.00.00000 + description: devopsguru + directoryservice: + id: directoryservice:v00.00.00000 + name: directoryservice + preferred: true + service: + $ref: aws/v00.00.00000/services/directoryservice.yaml + title: directoryservice + version: v00.00.00000 + description: directoryservice + dms: + id: dms:v00.00.00000 + name: dms + preferred: true + service: + $ref: aws/v00.00.00000/services/dms.yaml + title: dms + version: v00.00.00000 + description: dms + docdbelastic: + id: docdbelastic:v00.00.00000 + name: docdbelastic + preferred: true + service: + $ref: aws/v00.00.00000/services/docdbelastic.yaml + title: docdbelastic + version: v00.00.00000 + description: docdbelastic + dynamodb: + id: dynamodb:v00.00.00000 + name: dynamodb + preferred: true + service: + $ref: aws/v00.00.00000/services/dynamodb.yaml + title: dynamodb + version: v00.00.00000 + description: dynamodb ec2: id: ec2:v00.00.00000 name: ec2 preferred: true service: - $ref: aws/v00.00.00000/services/ec2.yaml - title: ec2 + $ref: aws/v00.00.00000/services/ec2.yaml + title: ec2 + version: v00.00.00000 + description: ec2 + ecr: + id: ecr:v00.00.00000 + name: ecr + preferred: true + service: + $ref: aws/v00.00.00000/services/ecr.yaml + title: ecr + version: v00.00.00000 + description: ecr + ecs: + id: ecs:v00.00.00000 + name: ecs + preferred: true + service: + $ref: aws/v00.00.00000/services/ecs.yaml + title: ecs + version: v00.00.00000 + description: ecs + efs: + id: efs:v00.00.00000 + name: efs + preferred: true + service: + $ref: aws/v00.00.00000/services/efs.yaml + title: efs + version: v00.00.00000 + description: efs + eks: + id: eks:v00.00.00000 + name: eks + preferred: true + service: + $ref: aws/v00.00.00000/services/eks.yaml + title: eks + version: v00.00.00000 + description: eks + elasticache: + id: elasticache:v00.00.00000 + name: elasticache + preferred: true + service: + $ref: aws/v00.00.00000/services/elasticache.yaml + title: elasticache + version: v00.00.00000 + description: elasticache + elasticbeanstalk: + id: elasticbeanstalk:v00.00.00000 + name: elasticbeanstalk + preferred: true + service: + $ref: aws/v00.00.00000/services/elasticbeanstalk.yaml + title: elasticbeanstalk + version: v00.00.00000 + description: elasticbeanstalk + elasticloadbalancingv2: + id: elasticloadbalancingv2:v00.00.00000 + name: elasticloadbalancingv2 + preferred: true + service: + $ref: aws/v00.00.00000/services/elasticloadbalancingv2.yaml + title: elasticloadbalancingv2 + version: v00.00.00000 + description: elasticloadbalancingv2 + emr: + id: emr:v00.00.00000 + name: emr + preferred: true + service: + $ref: aws/v00.00.00000/services/emr.yaml + title: emr + version: v00.00.00000 + description: emr + emrcontainers: + id: emrcontainers:v00.00.00000 + name: emrcontainers + preferred: true + service: + $ref: aws/v00.00.00000/services/emrcontainers.yaml + title: emrcontainers + version: v00.00.00000 + description: emrcontainers + emrserverless: + id: emrserverless:v00.00.00000 + name: emrserverless + preferred: true + service: + $ref: aws/v00.00.00000/services/emrserverless.yaml + title: emrserverless + version: v00.00.00000 + description: emrserverless + entityresolution: + id: entityresolution:v00.00.00000 + name: entityresolution + preferred: true + service: + $ref: aws/v00.00.00000/services/entityresolution.yaml + title: entityresolution + version: v00.00.00000 + description: entityresolution + events: + id: events:v00.00.00000 + name: events + preferred: true + service: + $ref: aws/v00.00.00000/services/events.yaml + title: events + version: v00.00.00000 + description: events + eventschemas: + id: eventschemas:v00.00.00000 + name: eventschemas + preferred: true + service: + $ref: aws/v00.00.00000/services/eventschemas.yaml + title: eventschemas + version: v00.00.00000 + description: eventschemas + evidently: + id: evidently:v00.00.00000 + name: evidently + preferred: true + service: + $ref: aws/v00.00.00000/services/evidently.yaml + title: evidently + version: v00.00.00000 + description: evidently + finspace: + id: finspace:v00.00.00000 + name: finspace + preferred: true + service: + $ref: aws/v00.00.00000/services/finspace.yaml + title: finspace + version: v00.00.00000 + description: finspace + fis: + id: fis:v00.00.00000 + name: fis + preferred: true + service: + $ref: aws/v00.00.00000/services/fis.yaml + title: fis + version: v00.00.00000 + description: fis + fms: + id: fms:v00.00.00000 + name: fms + preferred: true + service: + $ref: aws/v00.00.00000/services/fms.yaml + title: fms + version: v00.00.00000 + description: fms + forecast: + id: forecast:v00.00.00000 + name: forecast + preferred: true + service: + $ref: aws/v00.00.00000/services/forecast.yaml + title: forecast + version: v00.00.00000 + description: forecast + frauddetector: + id: frauddetector:v00.00.00000 + name: frauddetector + preferred: true + service: + $ref: aws/v00.00.00000/services/frauddetector.yaml + title: frauddetector + version: v00.00.00000 + description: frauddetector + fsx: + id: fsx:v00.00.00000 + name: fsx + preferred: true + service: + $ref: aws/v00.00.00000/services/fsx.yaml + title: fsx + version: v00.00.00000 + description: fsx + gamelift: + id: gamelift:v00.00.00000 + name: gamelift + preferred: true + service: + $ref: aws/v00.00.00000/services/gamelift.yaml + title: gamelift + version: v00.00.00000 + description: gamelift + globalaccelerator: + id: globalaccelerator:v00.00.00000 + name: globalaccelerator + preferred: true + service: + $ref: aws/v00.00.00000/services/globalaccelerator.yaml + title: globalaccelerator + version: v00.00.00000 + description: globalaccelerator + glue: + id: glue:v00.00.00000 + name: glue + preferred: true + service: + $ref: aws/v00.00.00000/services/glue.yaml + title: glue + version: v00.00.00000 + description: glue + grafana: + id: grafana:v00.00.00000 + name: grafana + preferred: true + service: + $ref: aws/v00.00.00000/services/grafana.yaml + title: grafana + version: v00.00.00000 + description: grafana + greengrassv2: + id: greengrassv2:v00.00.00000 + name: greengrassv2 + preferred: true + service: + $ref: aws/v00.00.00000/services/greengrassv2.yaml + title: greengrassv2 + version: v00.00.00000 + description: greengrassv2 + groundstation: + id: groundstation:v00.00.00000 + name: groundstation + preferred: true + service: + $ref: aws/v00.00.00000/services/groundstation.yaml + title: groundstation + version: v00.00.00000 + description: groundstation + guardduty: + id: guardduty:v00.00.00000 + name: guardduty + preferred: true + service: + $ref: aws/v00.00.00000/services/guardduty.yaml + title: guardduty + version: v00.00.00000 + description: guardduty + healthimaging: + id: healthimaging:v00.00.00000 + name: healthimaging + preferred: true + service: + $ref: aws/v00.00.00000/services/healthimaging.yaml + title: healthimaging + version: v00.00.00000 + description: healthimaging + healthlake: + id: healthlake:v00.00.00000 + name: healthlake + preferred: true + service: + $ref: aws/v00.00.00000/services/healthlake.yaml + title: healthlake + version: v00.00.00000 + description: healthlake + iam: + id: iam:v00.00.00000 + name: iam + preferred: true + service: + $ref: aws/v00.00.00000/services/iam.yaml + title: iam + version: v00.00.00000 + description: iam + identitystore: + id: identitystore:v00.00.00000 + name: identitystore + preferred: true + service: + $ref: aws/v00.00.00000/services/identitystore.yaml + title: identitystore + version: v00.00.00000 + description: identitystore + imagebuilder: + id: imagebuilder:v00.00.00000 + name: imagebuilder + preferred: true + service: + $ref: aws/v00.00.00000/services/imagebuilder.yaml + title: imagebuilder + version: v00.00.00000 + description: imagebuilder + inspector: + id: inspector:v00.00.00000 + name: inspector + preferred: true + service: + $ref: aws/v00.00.00000/services/inspector.yaml + title: inspector + version: v00.00.00000 + description: inspector + inspectorv2: + id: inspectorv2:v00.00.00000 + name: inspectorv2 + preferred: true + service: + $ref: aws/v00.00.00000/services/inspectorv2.yaml + title: inspectorv2 + version: v00.00.00000 + description: inspectorv2 + internetmonitor: + id: internetmonitor:v00.00.00000 + name: internetmonitor + preferred: true + service: + $ref: aws/v00.00.00000/services/internetmonitor.yaml + title: internetmonitor + version: v00.00.00000 + description: internetmonitor + iot: + id: iot:v00.00.00000 + name: iot + preferred: true + service: + $ref: aws/v00.00.00000/services/iot.yaml + title: iot + version: v00.00.00000 + description: iot + iotanalytics: + id: iotanalytics:v00.00.00000 + name: iotanalytics + preferred: true + service: + $ref: aws/v00.00.00000/services/iotanalytics.yaml + title: iotanalytics + version: v00.00.00000 + description: iotanalytics + iotcoredeviceadvisor: + id: iotcoredeviceadvisor:v00.00.00000 + name: iotcoredeviceadvisor + preferred: true + service: + $ref: aws/v00.00.00000/services/iotcoredeviceadvisor.yaml + title: iotcoredeviceadvisor + version: v00.00.00000 + description: iotcoredeviceadvisor + iotevents: + id: iotevents:v00.00.00000 + name: iotevents + preferred: true + service: + $ref: aws/v00.00.00000/services/iotevents.yaml + title: iotevents + version: v00.00.00000 + description: iotevents + iotfleethub: + id: iotfleethub:v00.00.00000 + name: iotfleethub + preferred: true + service: + $ref: aws/v00.00.00000/services/iotfleethub.yaml + title: iotfleethub + version: v00.00.00000 + description: iotfleethub + iotfleetwise: + id: iotfleetwise:v00.00.00000 + name: iotfleetwise + preferred: true + service: + $ref: aws/v00.00.00000/services/iotfleetwise.yaml + title: iotfleetwise + version: v00.00.00000 + description: iotfleetwise + iotsitewise: + id: iotsitewise:v00.00.00000 + name: iotsitewise + preferred: true + service: + $ref: aws/v00.00.00000/services/iotsitewise.yaml + title: iotsitewise + version: v00.00.00000 + description: iotsitewise + iottwinmaker: + id: iottwinmaker:v00.00.00000 + name: iottwinmaker + preferred: true + service: + $ref: aws/v00.00.00000/services/iottwinmaker.yaml + title: iottwinmaker + version: v00.00.00000 + description: iottwinmaker + iotwireless: + id: iotwireless:v00.00.00000 + name: iotwireless + preferred: true + service: + $ref: aws/v00.00.00000/services/iotwireless.yaml + title: iotwireless + version: v00.00.00000 + description: iotwireless + ivs: + id: ivs:v00.00.00000 + name: ivs + preferred: true + service: + $ref: aws/v00.00.00000/services/ivs.yaml + title: ivs + version: v00.00.00000 + description: ivs + ivschat: + id: ivschat:v00.00.00000 + name: ivschat + preferred: true + service: + $ref: aws/v00.00.00000/services/ivschat.yaml + title: ivschat + version: v00.00.00000 + description: ivschat + kafkaconnect: + id: kafkaconnect:v00.00.00000 + name: kafkaconnect + preferred: true + service: + $ref: aws/v00.00.00000/services/kafkaconnect.yaml + title: kafkaconnect + version: v00.00.00000 + description: kafkaconnect + kendra: + id: kendra:v00.00.00000 + name: kendra + preferred: true + service: + $ref: aws/v00.00.00000/services/kendra.yaml + title: kendra + version: v00.00.00000 + description: kendra + kendraranking: + id: kendraranking:v00.00.00000 + name: kendraranking + preferred: true + service: + $ref: aws/v00.00.00000/services/kendraranking.yaml + title: kendraranking + version: v00.00.00000 + description: kendraranking + kinesis: + id: kinesis:v00.00.00000 + name: kinesis + preferred: true + service: + $ref: aws/v00.00.00000/services/kinesis.yaml + title: kinesis + version: v00.00.00000 + description: kinesis + kinesisanalyticsv2: + id: kinesisanalyticsv2:v00.00.00000 + name: kinesisanalyticsv2 + preferred: true + service: + $ref: aws/v00.00.00000/services/kinesisanalyticsv2.yaml + title: kinesisanalyticsv2 + version: v00.00.00000 + description: kinesisanalyticsv2 + kinesisfirehose: + id: kinesisfirehose:v00.00.00000 + name: kinesisfirehose + preferred: true + service: + $ref: aws/v00.00.00000/services/kinesisfirehose.yaml + title: kinesisfirehose + version: v00.00.00000 + description: kinesisfirehose + kinesisvideo: + id: kinesisvideo:v00.00.00000 + name: kinesisvideo + preferred: true + service: + $ref: aws/v00.00.00000/services/kinesisvideo.yaml + title: kinesisvideo + version: v00.00.00000 + description: kinesisvideo + kms: + id: kms:v00.00.00000 + name: kms + preferred: true + service: + $ref: aws/v00.00.00000/services/kms.yaml + title: kms + version: v00.00.00000 + description: kms + lakeformation: + id: lakeformation:v00.00.00000 + name: lakeformation + preferred: true + service: + $ref: aws/v00.00.00000/services/lakeformation.yaml + title: lakeformation + version: v00.00.00000 + description: lakeformation + lambda: + id: lambda:v00.00.00000 + name: lambda + preferred: true + service: + $ref: aws/v00.00.00000/services/lambda.yaml + title: lambda + version: v00.00.00000 + description: lambda + lex: + id: lex:v00.00.00000 + name: lex + preferred: true + service: + $ref: aws/v00.00.00000/services/lex.yaml + title: lex + version: v00.00.00000 + description: lex + licensemanager: + id: licensemanager:v00.00.00000 + name: licensemanager + preferred: true + service: + $ref: aws/v00.00.00000/services/licensemanager.yaml + title: licensemanager + version: v00.00.00000 + description: licensemanager + lightsail: + id: lightsail:v00.00.00000 + name: lightsail + preferred: true + service: + $ref: aws/v00.00.00000/services/lightsail.yaml + title: lightsail + version: v00.00.00000 + description: lightsail + location: + id: location:v00.00.00000 + name: location + preferred: true + service: + $ref: aws/v00.00.00000/services/location.yaml + title: location + version: v00.00.00000 + description: location + logs: + id: logs:v00.00.00000 + name: logs + preferred: true + service: + $ref: aws/v00.00.00000/services/logs.yaml + title: logs + version: v00.00.00000 + description: logs + lookoutequipment: + id: lookoutequipment:v00.00.00000 + name: lookoutequipment + preferred: true + service: + $ref: aws/v00.00.00000/services/lookoutequipment.yaml + title: lookoutequipment + version: v00.00.00000 + description: lookoutequipment + lookoutmetrics: + id: lookoutmetrics:v00.00.00000 + name: lookoutmetrics + preferred: true + service: + $ref: aws/v00.00.00000/services/lookoutmetrics.yaml + title: lookoutmetrics + version: v00.00.00000 + description: lookoutmetrics + lookoutvision: + id: lookoutvision:v00.00.00000 + name: lookoutvision + preferred: true + service: + $ref: aws/v00.00.00000/services/lookoutvision.yaml + title: lookoutvision + version: v00.00.00000 + description: lookoutvision + m2: + id: m2:v00.00.00000 + name: m2 + preferred: true + service: + $ref: aws/v00.00.00000/services/m2.yaml + title: m2 + version: v00.00.00000 + description: m2 + macie: + id: macie:v00.00.00000 + name: macie + preferred: true + service: + $ref: aws/v00.00.00000/services/macie.yaml + title: macie + version: v00.00.00000 + description: macie + managedblockchain: + id: managedblockchain:v00.00.00000 + name: managedblockchain + preferred: true + service: + $ref: aws/v00.00.00000/services/managedblockchain.yaml + title: managedblockchain + version: v00.00.00000 + description: managedblockchain + mediaconnect: + id: mediaconnect:v00.00.00000 + name: mediaconnect + preferred: true + service: + $ref: aws/v00.00.00000/services/mediaconnect.yaml + title: mediaconnect version: v00.00.00000 - description: ec2 - iam: - id: iam:v00.00.00000 - name: iam + description: mediaconnect + medialive: + id: medialive:v00.00.00000 + name: medialive preferred: true service: - $ref: aws/v00.00.00000/services/iam.yaml - title: iam + $ref: aws/v00.00.00000/services/medialive.yaml + title: medialive version: v00.00.00000 - description: iam + description: medialive + mediapackage: + id: mediapackage:v00.00.00000 + name: mediapackage + preferred: true + service: + $ref: aws/v00.00.00000/services/mediapackage.yaml + title: mediapackage + version: v00.00.00000 + description: mediapackage + mediapackagev2: + id: mediapackagev2:v00.00.00000 + name: mediapackagev2 + preferred: true + service: + $ref: aws/v00.00.00000/services/mediapackagev2.yaml + title: mediapackagev2 + version: v00.00.00000 + description: mediapackagev2 + mediatailor: + id: mediatailor:v00.00.00000 + name: mediatailor + preferred: true + service: + $ref: aws/v00.00.00000/services/mediatailor.yaml + title: mediatailor + version: v00.00.00000 + description: mediatailor + memorydb: + id: memorydb:v00.00.00000 + name: memorydb + preferred: true + service: + $ref: aws/v00.00.00000/services/memorydb.yaml + title: memorydb + version: v00.00.00000 + description: memorydb + msk: + id: msk:v00.00.00000 + name: msk + preferred: true + service: + $ref: aws/v00.00.00000/services/msk.yaml + title: msk + version: v00.00.00000 + description: msk + mwaa: + id: mwaa:v00.00.00000 + name: mwaa + preferred: true + service: + $ref: aws/v00.00.00000/services/mwaa.yaml + title: mwaa + version: v00.00.00000 + description: mwaa + neptune: + id: neptune:v00.00.00000 + name: neptune + preferred: true + service: + $ref: aws/v00.00.00000/services/neptune.yaml + title: neptune + version: v00.00.00000 + description: neptune + neptunegraph: + id: neptunegraph:v00.00.00000 + name: neptunegraph + preferred: true + service: + $ref: aws/v00.00.00000/services/neptunegraph.yaml + title: neptunegraph + version: v00.00.00000 + description: neptunegraph + networkfirewall: + id: networkfirewall:v00.00.00000 + name: networkfirewall + preferred: true + service: + $ref: aws/v00.00.00000/services/networkfirewall.yaml + title: networkfirewall + version: v00.00.00000 + description: networkfirewall + networkmanager: + id: networkmanager:v00.00.00000 + name: networkmanager + preferred: true + service: + $ref: aws/v00.00.00000/services/networkmanager.yaml + title: networkmanager + version: v00.00.00000 + description: networkmanager + nimblestudio: + id: nimblestudio:v00.00.00000 + name: nimblestudio + preferred: true + service: + $ref: aws/v00.00.00000/services/nimblestudio.yaml + title: nimblestudio + version: v00.00.00000 + description: nimblestudio + oam: + id: oam:v00.00.00000 + name: oam + preferred: true + service: + $ref: aws/v00.00.00000/services/oam.yaml + title: oam + version: v00.00.00000 + description: oam + omics: + id: omics:v00.00.00000 + name: omics + preferred: true + service: + $ref: aws/v00.00.00000/services/omics.yaml + title: omics + version: v00.00.00000 + description: omics + opensearchserverless: + id: opensearchserverless:v00.00.00000 + name: opensearchserverless + preferred: true + service: + $ref: aws/v00.00.00000/services/opensearchserverless.yaml + title: opensearchserverless + version: v00.00.00000 + description: opensearchserverless + opensearchservice: + id: opensearchservice:v00.00.00000 + name: opensearchservice + preferred: true + service: + $ref: aws/v00.00.00000/services/opensearchservice.yaml + title: opensearchservice + version: v00.00.00000 + description: opensearchservice + opsworkscm: + id: opsworkscm:v00.00.00000 + name: opsworkscm + preferred: true + service: + $ref: aws/v00.00.00000/services/opsworkscm.yaml + title: opsworkscm + version: v00.00.00000 + description: opsworkscm + organizations: + id: organizations:v00.00.00000 + name: organizations + preferred: true + service: + $ref: aws/v00.00.00000/services/organizations.yaml + title: organizations + version: v00.00.00000 + description: organizations + osis: + id: osis:v00.00.00000 + name: osis + preferred: true + service: + $ref: aws/v00.00.00000/services/osis.yaml + title: osis + version: v00.00.00000 + description: osis + panorama: + id: panorama:v00.00.00000 + name: panorama + preferred: true + service: + $ref: aws/v00.00.00000/services/panorama.yaml + title: panorama + version: v00.00.00000 + description: panorama + pcaconnectorad: + id: pcaconnectorad:v00.00.00000 + name: pcaconnectorad + preferred: true + service: + $ref: aws/v00.00.00000/services/pcaconnectorad.yaml + title: pcaconnectorad + version: v00.00.00000 + description: pcaconnectorad + personalize: + id: personalize:v00.00.00000 + name: personalize + preferred: true + service: + $ref: aws/v00.00.00000/services/personalize.yaml + title: personalize + version: v00.00.00000 + description: personalize + pinpoint: + id: pinpoint:v00.00.00000 + name: pinpoint + preferred: true + service: + $ref: aws/v00.00.00000/services/pinpoint.yaml + title: pinpoint + version: v00.00.00000 + description: pinpoint + pipes: + id: pipes:v00.00.00000 + name: pipes + preferred: true + service: + $ref: aws/v00.00.00000/services/pipes.yaml + title: pipes + version: v00.00.00000 + description: pipes + proton: + id: proton:v00.00.00000 + name: proton + preferred: true + service: + $ref: aws/v00.00.00000/services/proton.yaml + title: proton + version: v00.00.00000 + description: proton + qldb: + id: qldb:v00.00.00000 + name: qldb + preferred: true + service: + $ref: aws/v00.00.00000/services/qldb.yaml + title: qldb + version: v00.00.00000 + description: qldb + quicksight: + id: quicksight:v00.00.00000 + name: quicksight + preferred: true + service: + $ref: aws/v00.00.00000/services/quicksight.yaml + title: quicksight + version: v00.00.00000 + description: quicksight + ram: + id: ram:v00.00.00000 + name: ram + preferred: true + service: + $ref: aws/v00.00.00000/services/ram.yaml + title: ram + version: v00.00.00000 + description: ram + rds: + id: rds:v00.00.00000 + name: rds + preferred: true + service: + $ref: aws/v00.00.00000/services/rds.yaml + title: rds + version: v00.00.00000 + description: rds + redshift: + id: redshift:v00.00.00000 + name: redshift + preferred: true + service: + $ref: aws/v00.00.00000/services/redshift.yaml + title: redshift + version: v00.00.00000 + description: redshift + redshiftserverless: + id: redshiftserverless:v00.00.00000 + name: redshiftserverless + preferred: true + service: + $ref: aws/v00.00.00000/services/redshiftserverless.yaml + title: redshiftserverless + version: v00.00.00000 + description: redshiftserverless + refactorspaces: + id: refactorspaces:v00.00.00000 + name: refactorspaces + preferred: true + service: + $ref: aws/v00.00.00000/services/refactorspaces.yaml + title: refactorspaces + version: v00.00.00000 + description: refactorspaces + rekognition: + id: rekognition:v00.00.00000 + name: rekognition + preferred: true + service: + $ref: aws/v00.00.00000/services/rekognition.yaml + title: rekognition + version: v00.00.00000 + description: rekognition + resiliencehub: + id: resiliencehub:v00.00.00000 + name: resiliencehub + preferred: true + service: + $ref: aws/v00.00.00000/services/resiliencehub.yaml + title: resiliencehub + version: v00.00.00000 + description: resiliencehub + resourceexplorer2: + id: resourceexplorer2:v00.00.00000 + name: resourceexplorer2 + preferred: true + service: + $ref: aws/v00.00.00000/services/resourceexplorer2.yaml + title: resourceexplorer2 + version: v00.00.00000 + description: resourceexplorer2 + resourcegroups: + id: resourcegroups:v00.00.00000 + name: resourcegroups + preferred: true + service: + $ref: aws/v00.00.00000/services/resourcegroups.yaml + title: resourcegroups + version: v00.00.00000 + description: resourcegroups + robomaker: + id: robomaker:v00.00.00000 + name: robomaker + preferred: true + service: + $ref: aws/v00.00.00000/services/robomaker.yaml + title: robomaker + version: v00.00.00000 + description: robomaker + rolesanywhere: + id: rolesanywhere:v00.00.00000 + name: rolesanywhere + preferred: true + service: + $ref: aws/v00.00.00000/services/rolesanywhere.yaml + title: rolesanywhere + version: v00.00.00000 + description: rolesanywhere + route53: + id: route53:v00.00.00000 + name: route53 + preferred: true + service: + $ref: aws/v00.00.00000/services/route53.yaml + title: route53 + version: v00.00.00000 + description: route53 + route53recoverycontrol: + id: route53recoverycontrol:v00.00.00000 + name: route53recoverycontrol + preferred: true + service: + $ref: aws/v00.00.00000/services/route53recoverycontrol.yaml + title: route53recoverycontrol + version: v00.00.00000 + description: route53recoverycontrol + route53recoveryreadiness: + id: route53recoveryreadiness:v00.00.00000 + name: route53recoveryreadiness + preferred: true + service: + $ref: aws/v00.00.00000/services/route53recoveryreadiness.yaml + title: route53recoveryreadiness + version: v00.00.00000 + description: route53recoveryreadiness + route53resolver: + id: route53resolver:v00.00.00000 + name: route53resolver + preferred: true + service: + $ref: aws/v00.00.00000/services/route53resolver.yaml + title: route53resolver + version: v00.00.00000 + description: route53resolver + rum: + id: rum:v00.00.00000 + name: rum + preferred: true + service: + $ref: aws/v00.00.00000/services/rum.yaml + title: rum + version: v00.00.00000 + description: rum s3: id: s3:v00.00.00000 name: s3 @@ -29,6 +1604,321 @@ providerServices: title: s3 version: v00.00.00000 description: s3 + s3express: + id: s3express:v00.00.00000 + name: s3express + preferred: true + service: + $ref: aws/v00.00.00000/services/s3express.yaml + title: s3express + version: v00.00.00000 + description: s3express + s3objectlambda: + id: s3objectlambda:v00.00.00000 + name: s3objectlambda + preferred: true + service: + $ref: aws/v00.00.00000/services/s3objectlambda.yaml + title: s3objectlambda + version: v00.00.00000 + description: s3objectlambda + s3outposts: + id: s3outposts:v00.00.00000 + name: s3outposts + preferred: true + service: + $ref: aws/v00.00.00000/services/s3outposts.yaml + title: s3outposts + version: v00.00.00000 + description: s3outposts + sagemaker: + id: sagemaker:v00.00.00000 + name: sagemaker + preferred: true + service: + $ref: aws/v00.00.00000/services/sagemaker.yaml + title: sagemaker + version: v00.00.00000 + description: sagemaker + scheduler: + id: scheduler:v00.00.00000 + name: scheduler + preferred: true + service: + $ref: aws/v00.00.00000/services/scheduler.yaml + title: scheduler + version: v00.00.00000 + description: scheduler + secretsmanager: + id: secretsmanager:v00.00.00000 + name: secretsmanager + preferred: true + service: + $ref: aws/v00.00.00000/services/secretsmanager.yaml + title: secretsmanager + version: v00.00.00000 + description: secretsmanager + securityhub: + id: securityhub:v00.00.00000 + name: securityhub + preferred: true + service: + $ref: aws/v00.00.00000/services/securityhub.yaml + title: securityhub + version: v00.00.00000 + description: securityhub + securitylake: + id: securitylake:v00.00.00000 + name: securitylake + preferred: true + service: + $ref: aws/v00.00.00000/services/securitylake.yaml + title: securitylake + version: v00.00.00000 + description: securitylake + servicecatalog: + id: servicecatalog:v00.00.00000 + name: servicecatalog + preferred: true + service: + $ref: aws/v00.00.00000/services/servicecatalog.yaml + title: servicecatalog + version: v00.00.00000 + description: servicecatalog + servicecatalogappregistry: + id: servicecatalogappregistry:v00.00.00000 + name: servicecatalogappregistry + preferred: true + service: + $ref: aws/v00.00.00000/services/servicecatalogappregistry.yaml + title: servicecatalogappregistry + version: v00.00.00000 + description: servicecatalogappregistry + ses: + id: ses:v00.00.00000 + name: ses + preferred: true + service: + $ref: aws/v00.00.00000/services/ses.yaml + title: ses + version: v00.00.00000 + description: ses + shield: + id: shield:v00.00.00000 + name: shield + preferred: true + service: + $ref: aws/v00.00.00000/services/shield.yaml + title: shield + version: v00.00.00000 + description: shield + signer: + id: signer:v00.00.00000 + name: signer + preferred: true + service: + $ref: aws/v00.00.00000/services/signer.yaml + title: signer + version: v00.00.00000 + description: signer + simspaceweaver: + id: simspaceweaver:v00.00.00000 + name: simspaceweaver + preferred: true + service: + $ref: aws/v00.00.00000/services/simspaceweaver.yaml + title: simspaceweaver + version: v00.00.00000 + description: simspaceweaver + sns: + id: sns:v00.00.00000 + name: sns + preferred: true + service: + $ref: aws/v00.00.00000/services/sns.yaml + title: sns + version: v00.00.00000 + description: sns + sqs: + id: sqs:v00.00.00000 + name: sqs + preferred: true + service: + $ref: aws/v00.00.00000/services/sqs.yaml + title: sqs + version: v00.00.00000 + description: sqs + ssm: + id: ssm:v00.00.00000 + name: ssm + preferred: true + service: + $ref: aws/v00.00.00000/services/ssm.yaml + title: ssm + version: v00.00.00000 + description: ssm + ssmcontacts: + id: ssmcontacts:v00.00.00000 + name: ssmcontacts + preferred: true + service: + $ref: aws/v00.00.00000/services/ssmcontacts.yaml + title: ssmcontacts + version: v00.00.00000 + description: ssmcontacts + ssmincidents: + id: ssmincidents:v00.00.00000 + name: ssmincidents + preferred: true + service: + $ref: aws/v00.00.00000/services/ssmincidents.yaml + title: ssmincidents + version: v00.00.00000 + description: ssmincidents + sso: + id: sso:v00.00.00000 + name: sso + preferred: true + service: + $ref: aws/v00.00.00000/services/sso.yaml + title: sso + version: v00.00.00000 + description: sso + stepfunctions: + id: stepfunctions:v00.00.00000 + name: stepfunctions + preferred: true + service: + $ref: aws/v00.00.00000/services/stepfunctions.yaml + title: stepfunctions + version: v00.00.00000 + description: stepfunctions + supportapp: + id: supportapp:v00.00.00000 + name: supportapp + preferred: true + service: + $ref: aws/v00.00.00000/services/supportapp.yaml + title: supportapp + version: v00.00.00000 + description: supportapp + synthetics: + id: synthetics:v00.00.00000 + name: synthetics + preferred: true + service: + $ref: aws/v00.00.00000/services/synthetics.yaml + title: synthetics + version: v00.00.00000 + description: synthetics + systemsmanagersap: + id: systemsmanagersap:v00.00.00000 + name: systemsmanagersap + preferred: true + service: + $ref: aws/v00.00.00000/services/systemsmanagersap.yaml + title: systemsmanagersap + version: v00.00.00000 + description: systemsmanagersap + timestream: + id: timestream:v00.00.00000 + name: timestream + preferred: true + service: + $ref: aws/v00.00.00000/services/timestream.yaml + title: timestream + version: v00.00.00000 + description: timestream + transfer: + id: transfer:v00.00.00000 + name: transfer + preferred: true + service: + $ref: aws/v00.00.00000/services/transfer.yaml + title: transfer + version: v00.00.00000 + description: transfer + verifiedpermissions: + id: verifiedpermissions:v00.00.00000 + name: verifiedpermissions + preferred: true + service: + $ref: aws/v00.00.00000/services/verifiedpermissions.yaml + title: verifiedpermissions + version: v00.00.00000 + description: verifiedpermissions + voiceid: + id: voiceid:v00.00.00000 + name: voiceid + preferred: true + service: + $ref: aws/v00.00.00000/services/voiceid.yaml + title: voiceid + version: v00.00.00000 + description: voiceid + vpclattice: + id: vpclattice:v00.00.00000 + name: vpclattice + preferred: true + service: + $ref: aws/v00.00.00000/services/vpclattice.yaml + title: vpclattice + version: v00.00.00000 + description: vpclattice + wafv2: + id: wafv2:v00.00.00000 + name: wafv2 + preferred: true + service: + $ref: aws/v00.00.00000/services/wafv2.yaml + title: wafv2 + version: v00.00.00000 + description: wafv2 + wisdom: + id: wisdom:v00.00.00000 + name: wisdom + preferred: true + service: + $ref: aws/v00.00.00000/services/wisdom.yaml + title: wisdom + version: v00.00.00000 + description: wisdom + workspaces: + id: workspaces:v00.00.00000 + name: workspaces + preferred: true + service: + $ref: aws/v00.00.00000/services/workspaces.yaml + title: workspaces + version: v00.00.00000 + description: workspaces + workspacesthinclient: + id: workspacesthinclient:v00.00.00000 + name: workspacesthinclient + preferred: true + service: + $ref: aws/v00.00.00000/services/workspacesthinclient.yaml + title: workspacesthinclient + version: v00.00.00000 + description: workspacesthinclient + workspacesweb: + id: workspacesweb:v00.00.00000 + name: workspacesweb + preferred: true + service: + $ref: aws/v00.00.00000/services/workspacesweb.yaml + title: workspacesweb + version: v00.00.00000 + description: workspacesweb + xray: + id: xray:v00.00.00000 + name: xray + preferred: true + service: + $ref: aws/v00.00.00000/services/xray.yaml + title: xray + version: v00.00.00000 + description: xray cloud_control: id: cloud_control:v00.00.00000 name: cloud_control @@ -38,6 +1928,51 @@ providerServices: title: cloud_control version: v00.00.00000 description: cloud_control + ec2_api: + id: ec2_api:v00.00.00000 + name: ec2_api + preferred: true + service: + $ref: aws/v00.00.00000/services/ec2_api.yaml + title: ec2_api + version: v00.00.00000 + description: ec2_api + iam_api: + id: iam_api:v00.00.00000 + name: iam_api + preferred: true + service: + $ref: aws/v00.00.00000/services/iam_api.yaml + title: iam_api + version: v00.00.00000 + description: iam_api + s3_api: + id: s3_api:v00.00.00000 + name: s3_api + preferred: true + service: + $ref: aws/v00.00.00000/services/s3_api.yaml + title: s3_api + version: v00.00.00000 + description: s3_api + cloudwatch_api: + id: cloudwatch_api:v00.00.00000 + name: cloudwatch_api + preferred: true + service: + $ref: aws/v00.00.00000/services/cloudwatch_api.yaml + title: cloudwatch_api + version: v00.00.00000 + description: cloudwatch_api + cloudhsm: + id: cloudhsm:v00.00.00000 + name: cloudhsm + preferred: true + service: + $ref: aws/v00.00.00000/services/cloudhsm.yaml + title: cloudhsm + version: v00.00.00000 + description: cloudhsm config: auth: type: aws_signing_v4 diff --git a/providers/src/aws/v00.00.00000/services/.gitignore b/providers/src/aws/v00.00.00000/services/.gitignore new file mode 100644 index 00000000..9ff339d5 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/.gitignore @@ -0,0 +1,10 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore +!cloud_control.yaml +!ec2_api.yaml +!iam_api.yaml +!s3_api.yaml +!cloudwatch_api.yaml +!cloudhsm.yaml \ No newline at end of file diff --git a/providers/src/aws/v00.00.00000/services/cloudhsm.yaml b/providers/src/aws/v00.00.00000/services/cloudhsm.yaml new file mode 100644 index 00000000..8cf35239 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/cloudhsm.yaml @@ -0,0 +1,2091 @@ +openapi: 3.0.0 +info: + version: '2017-04-28' + x-release: v4 + title: AWS CloudHSM V2 + description: 'For more information about AWS CloudHSM, see AWS CloudHSM and the AWS CloudHSM User Guide.' + x-logo: + url: 'https:/~1twitter.com/awscloud/profile_image?size=original' + backgroundColor: '#FFFFFF' + termsOfService: 'https:/~1aws.amazon.com/service-terms/' + contact: + name: Mike Ralphson + email: mike.ralphson@gmail.com + url: 'https:/~1github.com/mermade/aws2openapi' + x-twitter: PermittedSoc + license: + name: Apache 2.0 License + url: 'http:/~1www.apache.org/licenses/' + x-providerName: amazonaws.com + x-serviceName: cloudhsm + x-aws-signingName: cloudhsm + x-origin: + - contentType: application/json + url: 'https:/~1raw.githubusercontent.com/aws/aws-sdk-js/master/apis/cloudhsmv2-2017-04-28.normal.json' + converter: + url: 'https:/~1github.com/mermade/aws2openapi' + version: 1.0.0 + x-apisguru-driver: external + x-apiClientRegistration: + url: 'https:/~1portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct' + x-apisguru-categories: + - cloud + x-preferred: true +externalDocs: + description: Amazon Web Services documentation + url: 'https:/~1docs.aws.amazon.com/cloudhsmv2/' +servers: + - url: 'https://cloudhsmv2.{region}.amazonaws.com' + variables: + region: + description: The AWS region + enum: + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - us-gov-west-1 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-southeast-1 + - ap-southeast-2 + - ap-east-1 + - ap-south-1 + - sa-east-1 + - me-south-1 + default: us-east-1 + description: The CloudHSM V2 multi-region endpoint +x-hasEquivalentPaths: true +paths: + /#X-Amz-Target=BaldrApiService.CopyBackupToRegion: + post: + operationId: CopyBackupToRegion + description: Copy an AWS CloudHSM cluster backup to a different region. + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/CopyBackupToRegionResponse' + '480': + description: CloudHsmAccessDeniedException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmAccessDeniedException' + '481': + description: CloudHsmInternalFailureException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInternalFailureException' + '482': + description: CloudHsmInvalidRequestException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInvalidRequestException' + '483': + description: CloudHsmResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmResourceNotFoundException' + '484': + description: CloudHsmServiceException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmServiceException' + '485': + description: CloudHsmTagException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmTagException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/CopyBackupToRegionRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - BaldrApiService.CopyBackupToRegion + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=BaldrApiService.CreateCluster: + post: + operationId: CreateCluster + description: Creates a new AWS CloudHSM cluster. + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/CreateClusterResponse' + '480': + description: CloudHsmAccessDeniedException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmAccessDeniedException' + '481': + description: CloudHsmInternalFailureException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInternalFailureException' + '482': + description: CloudHsmInvalidRequestException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInvalidRequestException' + '483': + description: CloudHsmResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmResourceNotFoundException' + '484': + description: CloudHsmServiceException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmServiceException' + '485': + description: CloudHsmTagException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmTagException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/CreateClusterRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - BaldrApiService.CreateCluster + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=BaldrApiService.CreateHsm: + post: + operationId: CreateHsm + description: Creates a new hardware security module (HSM) in the specified AWS CloudHSM cluster. + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/CreateHsmResponse' + '480': + description: CloudHsmInternalFailureException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInternalFailureException' + '481': + description: CloudHsmServiceException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmServiceException' + '482': + description: CloudHsmInvalidRequestException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInvalidRequestException' + '483': + description: CloudHsmResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmResourceNotFoundException' + '484': + description: CloudHsmAccessDeniedException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmAccessDeniedException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/CreateHsmRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - BaldrApiService.CreateHsm + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=BaldrApiService.DeleteBackup: + post: + operationId: DeleteBackup + description: 'Deletes a specified AWS CloudHSM backup. A backup can be restored up to 7 days after the DeleteBackup request is made. For more information on restoring a backup, see RestoreBackup.' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteBackupResponse' + '480': + description: CloudHsmAccessDeniedException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmAccessDeniedException' + '481': + description: CloudHsmInternalFailureException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInternalFailureException' + '482': + description: CloudHsmInvalidRequestException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInvalidRequestException' + '483': + description: CloudHsmResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmResourceNotFoundException' + '484': + description: CloudHsmServiceException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmServiceException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteBackupRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - BaldrApiService.DeleteBackup + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=BaldrApiService.DeleteCluster: + post: + operationId: DeleteCluster + description: 'Deletes the specified AWS CloudHSM cluster. Before you can delete a cluster, you must delete all HSMs in the cluster. To see if the cluster contains any HSMs, use DescribeClusters. To delete an HSM, use DeleteHsm.' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteClusterResponse' + '480': + description: CloudHsmAccessDeniedException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmAccessDeniedException' + '481': + description: CloudHsmInternalFailureException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInternalFailureException' + '482': + description: CloudHsmInvalidRequestException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInvalidRequestException' + '483': + description: CloudHsmResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmResourceNotFoundException' + '484': + description: CloudHsmServiceException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmServiceException' + '485': + description: CloudHsmTagException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmTagException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteClusterRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - BaldrApiService.DeleteCluster + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=BaldrApiService.DeleteHsm: + post: + operationId: DeleteHsm + description: 'Deletes the specified HSM. To specify an HSM, you can use its identifier (ID), the IP address of the HSM''s elastic network interface (ENI), or the ID of the HSM''s ENI. You need to specify only one of these values. To find these values, use DescribeClusters.' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteHsmResponse' + '480': + description: CloudHsmInternalFailureException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInternalFailureException' + '481': + description: CloudHsmServiceException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmServiceException' + '482': + description: CloudHsmResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmResourceNotFoundException' + '483': + description: CloudHsmInvalidRequestException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInvalidRequestException' + '484': + description: CloudHsmAccessDeniedException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmAccessDeniedException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteHsmRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - BaldrApiService.DeleteHsm + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /?__X-Amz-Target=BaldrApiService.DescribeBackups: + post: + operationId: DescribeBackups + description: '

Gets information about backups of AWS CloudHSM clusters.

This is a paginated operation, which means that each response might contain only a subset of all the backups. When the response contains only a subset of backups, it includes a NextToken value. Use this value in a subsequent DescribeBackups request to get more backups. When you receive a response with no NextToken (or an empty or null value), that means there are no more backups to get.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeBackupsResponse' + '480': + description: CloudHsmAccessDeniedException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmAccessDeniedException' + '481': + description: CloudHsmInternalFailureException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInternalFailureException' + '482': + description: CloudHsmInvalidRequestException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInvalidRequestException' + '483': + description: CloudHsmResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmResourceNotFoundException' + '484': + description: CloudHsmServiceException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmServiceException' + '485': + description: CloudHsmTagException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmTagException' + requestBody: + content: + application/x-amz-json-1.1: + schema: + $ref: '#/components/schemas/DescribeBackupsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + - name: X-Amz-Target + in: header + schema: + type: string + default: BaldrApiService.DescribeBackups + enum: + - BaldrApiService.DescribeBackups + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /: + post: + operationId: DescribeClusters + description: '

Gets information about AWS CloudHSM clusters.

This is a paginated operation, which means that each response might contain only a subset of all the clusters. When the response contains only a subset of clusters, it includes a NextToken value. Use this value in a subsequent DescribeClusters request to get more clusters. When you receive a response with no NextToken (or an empty or null value), that means there are no more clusters to get.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeClustersResponse' + '480': + description: CloudHsmAccessDeniedException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmAccessDeniedException' + '481': + description: CloudHsmInternalFailureException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInternalFailureException' + '482': + description: CloudHsmInvalidRequestException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInvalidRequestException' + '483': + description: CloudHsmServiceException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmServiceException' + '484': + description: CloudHsmTagException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmTagException' + requestBody: + required: true + content: + application/x-amz-json-1.1: + schema: + $ref: '#/components/schemas/DescribeClustersRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + - name: X-Amz-Target + in: header + schema: + type: string + default: 'BaldrApiService.DescribeClusters' + description: Target operation + - name: Content-Type + in: header + schema: + type: string + default: 'application/x-amz-json-1.1' + description: Proprietary Content Type + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=BaldrApiService.InitializeCluster: + post: + operationId: InitializeCluster + description: 'Claims an AWS CloudHSM cluster by submitting the cluster certificate issued by your issuing certificate authority (CA) and the CA''s root certificate. Before you can claim a cluster, you must sign the cluster''s certificate signing request (CSR) with your issuing CA. To get the cluster''s CSR, use DescribeClusters.' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/InitializeClusterResponse' + '480': + description: CloudHsmAccessDeniedException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmAccessDeniedException' + '481': + description: CloudHsmInternalFailureException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInternalFailureException' + '482': + description: CloudHsmInvalidRequestException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInvalidRequestException' + '483': + description: CloudHsmResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmResourceNotFoundException' + '484': + description: CloudHsmServiceException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmServiceException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/InitializeClusterRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + default: BaldrApiService.InitializeCluster + enum: + - BaldrApiService.InitializeCluster + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=BaldrApiService.ListTags: + post: + operationId: ListTags + description: '

Gets a list of tags for the specified AWS CloudHSM cluster.

This is a paginated operation, which means that each response might contain only a subset of all the tags. When the response contains only a subset of tags, it includes a NextToken value. Use this value in a subsequent ListTags request to get more tags. When you receive a response with no NextToken (or an empty or null value), that means there are no more tags to get.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/ListTagsResponse' + '480': + description: CloudHsmAccessDeniedException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmAccessDeniedException' + '481': + description: CloudHsmInternalFailureException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInternalFailureException' + '482': + description: CloudHsmInvalidRequestException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInvalidRequestException' + '483': + description: CloudHsmResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmResourceNotFoundException' + '484': + description: CloudHsmServiceException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmServiceException' + '485': + description: CloudHsmTagException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmTagException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/ListTagsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - BaldrApiService.ListTags + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=BaldrApiService.ModifyBackupAttributes: + post: + operationId: ModifyBackupAttributes + description: Modifies attributes for AWS CloudHSM backup. + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/ModifyBackupAttributesResponse' + '480': + description: CloudHsmAccessDeniedException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmAccessDeniedException' + '481': + description: CloudHsmInternalFailureException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInternalFailureException' + '482': + description: CloudHsmInvalidRequestException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInvalidRequestException' + '483': + description: CloudHsmResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmResourceNotFoundException' + '484': + description: CloudHsmServiceException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmServiceException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/ModifyBackupAttributesRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - BaldrApiService.ModifyBackupAttributes + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=BaldrApiService.ModifyCluster: + post: + operationId: ModifyCluster + description: Modifies AWS CloudHSM cluster. + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/ModifyClusterResponse' + '480': + description: CloudHsmAccessDeniedException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmAccessDeniedException' + '481': + description: CloudHsmInternalFailureException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInternalFailureException' + '482': + description: CloudHsmInvalidRequestException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInvalidRequestException' + '483': + description: CloudHsmResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmResourceNotFoundException' + '484': + description: CloudHsmServiceException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmServiceException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/ModifyClusterRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - BaldrApiService.ModifyCluster + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=BaldrApiService.RestoreBackup: + post: + operationId: RestoreBackup + description: 'Restores a specified AWS CloudHSM backup that is in the PENDING_DELETION state. For mor information on deleting a backup, see DeleteBackup.' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/RestoreBackupResponse' + '480': + description: CloudHsmAccessDeniedException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmAccessDeniedException' + '481': + description: CloudHsmInternalFailureException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInternalFailureException' + '482': + description: CloudHsmInvalidRequestException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInvalidRequestException' + '483': + description: CloudHsmResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmResourceNotFoundException' + '484': + description: CloudHsmServiceException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmServiceException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/RestoreBackupRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - BaldrApiService.RestoreBackup + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=BaldrApiService.TagResource: + post: + operationId: TagResource + description: Adds or overwrites one or more tags for the specified AWS CloudHSM cluster. + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/TagResourceResponse' + '480': + description: CloudHsmAccessDeniedException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmAccessDeniedException' + '481': + description: CloudHsmInternalFailureException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInternalFailureException' + '482': + description: CloudHsmInvalidRequestException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInvalidRequestException' + '483': + description: CloudHsmResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmResourceNotFoundException' + '484': + description: CloudHsmServiceException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmServiceException' + '485': + description: CloudHsmTagException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmTagException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/TagResourceRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - BaldrApiService.TagResource + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=BaldrApiService.UntagResource: + post: + operationId: UntagResource + description: Removes the specified tag or tags from the specified AWS CloudHSM cluster. + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/UntagResourceResponse' + '480': + description: CloudHsmAccessDeniedException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmAccessDeniedException' + '481': + description: CloudHsmInternalFailureException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInternalFailureException' + '482': + description: CloudHsmInvalidRequestException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmInvalidRequestException' + '483': + description: CloudHsmResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmResourceNotFoundException' + '484': + description: CloudHsmServiceException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmServiceException' + '485': + description: CloudHsmTagException + content: + application/json: + schema: + $ref: '#/components/schemas/CloudHsmTagException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/UntagResourceRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - BaldrApiService.UntagResource + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' +components: + parameters: + X-Amz-Content-Sha256: + name: X-Amz-Content-Sha256 + in: header + schema: + type: string + required: false + X-Amz-Date: + name: X-Amz-Date + in: header + schema: + type: string + required: false + X-Amz-Algorithm: + name: X-Amz-Algorithm + in: header + schema: + type: string + required: false + X-Amz-Credential: + name: X-Amz-Credential + in: header + schema: + type: string + required: false + X-Amz-Security-Token: + name: X-Amz-Security-Token + in: header + schema: + type: string + required: false + X-Amz-Signature: + name: X-Amz-Signature + in: header + schema: + type: string + required: false + X-Amz-SignedHeaders: + name: X-Amz-SignedHeaders + in: header + schema: + type: string + required: false + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + schemas: + CopyBackupToRegionResponse: + type: object + properties: + DestinationBackup: + allOf: + - $ref: '#/components/schemas/DestinationBackup' + - description: '

Information on the backup that will be copied to the destination region, including CreateTimestamp, SourceBackup, SourceCluster, and Source Region. CreateTimestamp of the destination backup will be the same as that of the source backup.

You will need to use the sourceBackupID returned in this operation to use the DescribeBackups operation on the backup that will be copied to the destination region.

' + CopyBackupToRegionRequest: + type: object + required: + - DestinationRegion + - BackupId + title: CopyBackupToRegionRequest + properties: + DestinationRegion: + allOf: + - $ref: '#/components/schemas/Region' + - description: The AWS region that will contain your copied CloudHSM cluster backup. + BackupId: + allOf: + - $ref: '#/components/schemas/BackupId' + - description: 'The ID of the backup that will be copied to the destination region. ' + TagList: + allOf: + - $ref: '#/components/schemas/TagList' + - description: 'Tags to apply to the destination backup during creation. If you specify tags, only these tags will be applied to the destination backup. If you do not specify tags, the service copies tags from the source backup to the destination backup.' + CloudHsmAccessDeniedException: {} + CloudHsmInternalFailureException: {} + CloudHsmInvalidRequestException: {} + CloudHsmResourceNotFoundException: {} + CloudHsmServiceException: {} + CloudHsmTagException: {} + CreateClusterResponse: + type: object + properties: + Cluster: + allOf: + - $ref: '#/components/schemas/Cluster' + - description: Information about the cluster that was created. + CreateClusterRequest: + type: object + required: + - HsmType + - SubnetIds + title: CreateClusterRequest + properties: + BackupRetentionPolicy: + allOf: + - $ref: '#/components/schemas/BackupRetentionPolicy' + - description: A policy that defines how the service retains backups. + HsmType: + allOf: + - $ref: '#/components/schemas/HsmType' + - description: The type of HSM to use in the cluster. Currently the only allowed value is hsm1.medium. + SourceBackupId: + allOf: + - $ref: '#/components/schemas/BackupId' + - description: 'The identifier (ID) of the cluster backup to restore. Use this value to restore the cluster from a backup instead of creating a new cluster. To find the backup ID, use DescribeBackups.' + SubnetIds: + allOf: + - $ref: '#/components/schemas/SubnetIds' + - description: '

The identifiers (IDs) of the subnets where you are creating the cluster. You must specify at least one subnet. If you specify multiple subnets, they must meet the following criteria:

' + TagList: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Tags to apply to the CloudHSM cluster during creation. + CreateHsmResponse: + type: object + properties: + Hsm: + allOf: + - $ref: '#/components/schemas/Hsm' + - description: Information about the HSM that was created. + CreateHsmRequest: + type: object + required: + - ClusterId + - AvailabilityZone + title: CreateHsmRequest + properties: + ClusterId: + allOf: + - $ref: '#/components/schemas/ClusterId' + - description: 'The identifier (ID) of the HSM''s cluster. To find the cluster ID, use DescribeClusters.' + AvailabilityZone: + allOf: + - $ref: '#/components/schemas/ExternalAz' + - description: 'The Availability Zone where you are creating the HSM. To find the cluster''s Availability Zones, use DescribeClusters.' + IpAddress: + allOf: + - $ref: '#/components/schemas/IpAddress' + - description: 'The HSM''s IP address. If you specify an IP address, use an available address from the subnet that maps to the Availability Zone where you are creating the HSM. If you don''t specify an IP address, one is chosen for you from that subnet.' + DeleteBackupResponse: + type: object + properties: + Backup: + allOf: + - $ref: '#/components/schemas/Backup' + - description: Information on the Backup object deleted. + DeleteBackupRequest: + type: object + required: + - BackupId + title: DeleteBackupRequest + properties: + BackupId: + allOf: + - $ref: '#/components/schemas/BackupId' + - description: 'The ID of the backup to be deleted. To find the ID of a backup, use the DescribeBackups operation.' + DeleteClusterResponse: + type: object + properties: + Cluster: + allOf: + - $ref: '#/components/schemas/Cluster' + - description: Information about the cluster that was deleted. + DeleteClusterRequest: + type: object + required: + - ClusterId + title: DeleteClusterRequest + properties: + ClusterId: + allOf: + - $ref: '#/components/schemas/ClusterId' + - description: 'The identifier (ID) of the cluster that you are deleting. To find the cluster ID, use DescribeClusters.' + DeleteHsmResponse: + type: object + properties: + HsmId: + allOf: + - $ref: '#/components/schemas/HsmId' + - description: The identifier (ID) of the HSM that was deleted. + DeleteHsmRequest: + type: object + required: + - ClusterId + title: DeleteHsmRequest + properties: + ClusterId: + allOf: + - $ref: '#/components/schemas/ClusterId' + - description: The identifier (ID) of the cluster that contains the HSM that you are deleting. + HsmId: + allOf: + - $ref: '#/components/schemas/HsmId' + - description: The identifier (ID) of the HSM that you are deleting. + EniId: + allOf: + - $ref: '#/components/schemas/EniId' + - description: The identifier (ID) of the elastic network interface (ENI) of the HSM that you are deleting. + EniIp: + allOf: + - $ref: '#/components/schemas/IpAddress' + - description: The IP address of the elastic network interface (ENI) of the HSM that you are deleting. + DescribeBackupsResponse: + type: object + properties: + Backups: + type: array + items: + $ref: '#/components/schemas/Backup' + NextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: An opaque string that indicates that the response contains only a subset of backups. Use this value in a subsequent DescribeBackups request to get more backups. + DescribeBackupsRequest: + type: object + title: DescribeBackupsRequest + properties: + NextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The NextToken value that you received in the previous response. Use this value to get more backups. + MaxResults: + allOf: + - $ref: '#/components/schemas/BackupsMaxSize' + - description: 'The maximum number of backups to return in the response. When there are more backups than the number you specify, the response contains a NextToken value.' + Filters: + allOf: + - $ref: '#/components/schemas/Filters' + - description:

One or more filters to limit the items returned in the response.

Use the backupIds filter to return only the specified backups. Specify backups by their backup identifier (ID).

Use the sourceBackupIds filter to return only the backups created from a source backup. The sourceBackupID of a source backup is returned by the CopyBackupToRegion operation.

Use the clusterIds filter to return only the backups for the specified clusters. Specify clusters by their cluster identifier (ID).

Use the states filter to return only backups that match the specified state.

Use the neverExpires filter to return backups filtered by the value in the neverExpires parameter. True returns all backups exempt from the backup retention policy. False returns all backups with a backup retention policy defined at the cluster.

+ SortAscending: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Designates whether or not to sort the return backups by ascending chronological order of generation. + DescribeClustersResponse: + type: object + properties: + Clusters: + type: array + items: + $ref: '#/components/schemas/Cluster' + NextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: An opaque string that indicates that the response contains only a subset of clusters. Use this value in a subsequent DescribeClusters request to get more clusters. + DescribeClustersRequest: + type: object + title: DescribeClustersRequest + properties: + Filters: + type: object + additionalProperties: + $ref: '#/components/schemas/Strings' + NextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The NextToken value that you received in the previous response. Use this value to get more clusters. + MaxResults: + allOf: + - $ref: '#/components/schemas/ClustersMaxSize' + - description: 'The maximum number of clusters to return in the response. When there are more clusters than the number you specify, the response contains a NextToken value.' + InitializeClusterResponse: + type: object + properties: + State: + allOf: + - $ref: '#/components/schemas/ClusterState' + - description: The cluster's state. + StateMessage: + allOf: + - $ref: '#/components/schemas/StateMessage' + - description: A description of the cluster's state. + InitializeClusterRequest: + type: object + required: + - ClusterId + - SignedCert + - TrustAnchor + title: InitializeClusterRequest + properties: + ClusterId: + allOf: + - $ref: '#/components/schemas/ClusterId' + - description: 'The identifier (ID) of the cluster that you are claiming. To find the cluster ID, use DescribeClusters.' + SignedCert: + allOf: + - $ref: '#/components/schemas/Cert' + - description: The cluster certificate issued (signed) by your issuing certificate authority (CA). The certificate must be in PEM format and can contain a maximum of 5000 characters. + TrustAnchor: + allOf: + - $ref: '#/components/schemas/Cert' + - description: 'The issuing certificate of the issuing certificate authority (CA) that issued (signed) the cluster certificate. You must use a self-signed certificate. The certificate used to sign the HSM CSR must be directly available, and thus must be the root certificate. The certificate must be in PEM format and can contain a maximum of 5000 characters.' + ListTagsResponse: + type: object + required: + - TagList + properties: + TagList: + allOf: + - $ref: '#/components/schemas/TagList' + - description: A list of tags. + NextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: An opaque string that indicates that the response contains only a subset of tags. Use this value in a subsequent ListTags request to get more tags. + ListTagsRequest: + type: object + required: + - ResourceId + title: ListTagsRequest + properties: + ResourceId: + allOf: + - $ref: '#/components/schemas/ResourceId' + - description: 'The cluster identifier (ID) for the cluster whose tags you are getting. To find the cluster ID, use DescribeClusters.' + NextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The NextToken value that you received in the previous response. Use this value to get more tags. + MaxResults: + allOf: + - $ref: '#/components/schemas/MaxSize' + - description: 'The maximum number of tags to return in the response. When there are more tags than the number you specify, the response contains a NextToken value.' + ModifyBackupAttributesResponse: + type: object + properties: + Backup: + $ref: '#/components/schemas/Backup' + ModifyBackupAttributesRequest: + type: object + required: + - BackupId + - NeverExpires + title: ModifyBackupAttributesRequest + properties: + BackupId: + allOf: + - $ref: '#/components/schemas/BackupId' + - description: 'The identifier (ID) of the backup to modify. To find the ID of a backup, use the DescribeBackups operation.' + NeverExpires: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Specifies whether the service should exempt a backup from the retention policy for the cluster. True exempts a backup from the retention policy. False means the service applies the backup retention policy defined at the cluster. + ModifyClusterResponse: + type: object + properties: + Cluster: + $ref: '#/components/schemas/Cluster' + ModifyClusterRequest: + type: object + required: + - BackupRetentionPolicy + - ClusterId + title: ModifyClusterRequest + properties: + BackupRetentionPolicy: + allOf: + - $ref: '#/components/schemas/BackupRetentionPolicy' + - description: A policy that defines how the service retains backups. + ClusterId: + allOf: + - $ref: '#/components/schemas/ClusterId' + - description: 'The identifier (ID) of the cluster that you want to modify. To find the cluster ID, use DescribeClusters.' + RestoreBackupResponse: + type: object + properties: + Backup: + allOf: + - $ref: '#/components/schemas/Backup' + - description: Information on the Backup object created. + RestoreBackupRequest: + type: object + required: + - BackupId + title: RestoreBackupRequest + properties: + BackupId: + allOf: + - $ref: '#/components/schemas/BackupId' + - description: 'The ID of the backup to be restored. To find the ID of a backup, use the DescribeBackups operation.' + TagResourceResponse: + type: object + properties: {} + TagResourceRequest: + type: object + required: + - ResourceId + - TagList + title: TagResourceRequest + properties: + ResourceId: + allOf: + - $ref: '#/components/schemas/ResourceId' + - description: 'The cluster identifier (ID) for the cluster that you are tagging. To find the cluster ID, use DescribeClusters.' + TagList: + allOf: + - $ref: '#/components/schemas/TagList' + - description: A list of one or more tags. + UntagResourceResponse: + type: object + properties: {} + UntagResourceRequest: + type: object + required: + - ResourceId + - TagKeyList + title: UntagResourceRequest + properties: + ResourceId: + allOf: + - $ref: '#/components/schemas/ResourceId' + - description: 'The cluster identifier (ID) for the cluster whose tags you are removing. To find the cluster ID, use DescribeClusters.' + TagKeyList: + allOf: + - $ref: '#/components/schemas/TagKeyList' + - description: 'A list of one or more tag keys for the tags that you are removing. Specify only the tag keys, not the tag values.' + BackupId: + type: string + pattern: 'backup-[2-7a-zA-Z]{11,16}' + BackupState: + type: string + enum: + - CREATE_IN_PROGRESS + - READY + - DELETED + - PENDING_DELETION + ClusterId: + type: string + pattern: 'cluster-[2-7a-zA-Z]{11,16}' + Timestamp: + type: string + format: date-time + Boolean: + type: boolean + Region: + type: string + pattern: '[a-z]{2}(-(gov))?-(east|west|north|south|central){1,2}-\d' + TagList: + type: array + items: + $ref: '#/components/schemas/Tag' + minItems: 1 + maxItems: 50 + Backup: + type: object + required: + - BackupId + properties: + BackupId: + allOf: + - $ref: '#/components/schemas/BackupId' + - description: The identifier (ID) of the backup. + BackupState: + allOf: + - $ref: '#/components/schemas/BackupState' + - description: The state of the backup. + ClusterId: + allOf: + - $ref: '#/components/schemas/ClusterId' + - description: The identifier (ID) of the cluster that was backed up. + CreateTimestamp: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: The date and time when the backup was created. + CopyTimestamp: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: The date and time when the backup was copied from a source backup. + NeverExpires: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Specifies whether the service should exempt a backup from the retention policy for the cluster. True exempts a backup from the retention policy. False means the service applies the backup retention policy defined at the cluster. + SourceRegion: + allOf: + - $ref: '#/components/schemas/Region' + - description: The AWS Region that contains the source backup from which the new backup was copied. + SourceBackup: + allOf: + - $ref: '#/components/schemas/BackupId' + - description: The identifier (ID) of the source backup from which the new backup was copied. + SourceCluster: + allOf: + - $ref: '#/components/schemas/ClusterId' + - description: The identifier (ID) of the cluster containing the source backup from which the new backup was copied. + DeleteTimestamp: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: The date and time when the backup will be permanently deleted. + TagList: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The list of tags for the backup. + description: 'Contains information about a backup of an AWS CloudHSM cluster. All backup objects contain the BackupId, BackupState, ClusterId, and CreateTimestamp parameters. Backups that were copied into a destination region additionally contain the CopyTimestamp, SourceBackup, SourceCluster, and SourceRegion parameters. A backup that is pending deletion will include the DeleteTimestamp parameter.' + BackupPolicy: + type: string + enum: + - DEFAULT + BackupRetentionType: + type: string + enum: + - DAYS + BackupRetentionValue: + type: string + pattern: '[0-9]+' + minLength: 1 + maxLength: 3 + BackupRetentionPolicy: + type: object + properties: + Type: + allOf: + - $ref: '#/components/schemas/BackupRetentionType' + - description: 'The type of backup retention policy. For the DAYS type, the value is the number of days to retain backups.' + Value: + allOf: + - $ref: '#/components/schemas/BackupRetentionValue' + - description: Use a value between 7 - 379. + description: A policy that defines the number of days to retain backups. + Backups: + type: array + items: + $ref: '#/components/schemas/Backup' + BackupsMaxSize: + type: integer + minimum: 1 + maximum: 50 + Cert: + type: string + pattern: '[a-zA-Z0-9+-/=\s]*' + maxLength: 5000 + Certificates: + type: object + properties: + ClusterCsr: + allOf: + - $ref: '#/components/schemas/Cert' + - description: The cluster's certificate signing request (CSR). The CSR exists only when the cluster's state is UNINITIALIZED. + HsmCertificate: + allOf: + - $ref: '#/components/schemas/Cert' + - description: The HSM certificate issued (signed) by the HSM hardware. + AwsHardwareCertificate: + allOf: + - $ref: '#/components/schemas/Cert' + - description: The HSM hardware certificate issued (signed) by AWS CloudHSM. + ManufacturerHardwareCertificate: + allOf: + - $ref: '#/components/schemas/Cert' + - description: The HSM hardware certificate issued (signed) by the hardware manufacturer. + ClusterCertificate: + allOf: + - $ref: '#/components/schemas/Cert' + - description: The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner. + description: Contains one or more certificates or a certificate signing request (CSR). + Hsms: + type: array + items: + $ref: '#/components/schemas/Hsm' + HsmType: + type: string + pattern: (hsm1\.medium) + PreCoPassword: + type: string + minLength: 7 + maxLength: 32 + SecurityGroup: + type: string + pattern: 'sg-[0-9a-fA-F]{8,17}' + ClusterState: + type: string + enum: + - CREATE_IN_PROGRESS + - UNINITIALIZED + - INITIALIZE_IN_PROGRESS + - INITIALIZED + - ACTIVE + - UPDATE_IN_PROGRESS + - DELETE_IN_PROGRESS + - DELETED + - DEGRADED + StateMessage: + type: string + pattern: .* + maxLength: 300 + ExternalSubnetMapping: + type: object + additionalProperties: + $ref: '#/components/schemas/SubnetId' + VpcId: + type: string + pattern: 'vpc-[0-9a-fA-F]' + Cluster: + type: object + properties: + BackupPolicy: + allOf: + - $ref: '#/components/schemas/BackupPolicy' + - description: The cluster's backup policy. + BackupRetentionPolicy: + allOf: + - $ref: '#/components/schemas/BackupRetentionPolicy' + - description: A policy that defines how the service retains backups. + ClusterId: + allOf: + - $ref: '#/components/schemas/ClusterId' + - description: The cluster's identifier (ID). + CreateTimestamp: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: The date and time when the cluster was created. + Hsms: + allOf: + - $ref: '#/components/schemas/Hsms' + - description: Contains information about the HSMs in the cluster. + HsmType: + allOf: + - $ref: '#/components/schemas/HsmType' + - description: The type of HSM that the cluster contains. + PreCoPassword: + allOf: + - $ref: '#/components/schemas/PreCoPassword' + - description: The default password for the cluster's Pre-Crypto Officer (PRECO) user. + SecurityGroup: + allOf: + - $ref: '#/components/schemas/SecurityGroup' + - description: The identifier (ID) of the cluster's security group. + SourceBackupId: + allOf: + - $ref: '#/components/schemas/BackupId' + - description: The identifier (ID) of the backup used to create the cluster. This value exists only when the cluster was created from a backup. + State: + allOf: + - $ref: '#/components/schemas/ClusterState' + - description: The cluster's state. + StateMessage: + allOf: + - $ref: '#/components/schemas/StateMessage' + - description: A description of the cluster's state. + SubnetMapping: + allOf: + - $ref: '#/components/schemas/ExternalSubnetMapping' + - description: A map from availability zone to the cluster’s subnet in that availability zone. + VpcId: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The identifier (ID) of the virtual private cloud (VPC) that contains the cluster. + Certificates: + allOf: + - $ref: '#/components/schemas/Certificates' + - description: Contains one or more certificates or a certificate signing request (CSR). + TagList: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The list of tags for the cluster. + description: Contains information about an AWS CloudHSM cluster. + Clusters: + type: array + items: + $ref: '#/components/schemas/Cluster' + ClustersMaxSize: + type: integer + minimum: 1 + maximum: 25 + DestinationBackup: + type: object + properties: + CreateTimestamp: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: The date and time when both the source backup was created. + SourceRegion: + allOf: + - $ref: '#/components/schemas/Region' + - description: The AWS region that contains the source backup from which the new backup was copied. + SourceBackup: + allOf: + - $ref: '#/components/schemas/BackupId' + - description: The identifier (ID) of the source backup from which the new backup was copied. + SourceCluster: + allOf: + - $ref: '#/components/schemas/ClusterId' + - description: The identifier (ID) of the cluster containing the source backup from which the new backup was copied. + description: Contains information about the backup that will be copied and created by the CopyBackupToRegion operation. + SubnetIds: + type: array + items: + $ref: '#/components/schemas/SubnetId' + minItems: 1 + maxItems: 10 + ExternalAz: + type: string + pattern: '[a-z]{2}(-(gov))?-(east|west|north|south|central){1,2}-\d[a-z]' + IpAddress: + type: string + pattern: '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}' + Hsm: + type: object + required: + - HsmId + properties: + AvailabilityZone: + allOf: + - $ref: '#/components/schemas/ExternalAz' + - description: The Availability Zone that contains the HSM. + ClusterId: + allOf: + - $ref: '#/components/schemas/ClusterId' + - description: The identifier (ID) of the cluster that contains the HSM. + SubnetId: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: The subnet that contains the HSM's elastic network interface (ENI). + EniId: + allOf: + - $ref: '#/components/schemas/EniId' + - description: The identifier (ID) of the HSM's elastic network interface (ENI). + EniIp: + allOf: + - $ref: '#/components/schemas/IpAddress' + - description: The IP address of the HSM's elastic network interface (ENI). + HsmId: + allOf: + - $ref: '#/components/schemas/HsmId' + - description: The HSM's identifier (ID). + State: + allOf: + - $ref: '#/components/schemas/HsmState' + - description: The HSM's state. + StateMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the HSM's state. + description: Contains information about a hardware security module (HSM) in an AWS CloudHSM cluster. + HsmId: + type: string + pattern: 'hsm-[2-7a-zA-Z]{11,16}' + EniId: + type: string + pattern: 'eni-[0-9a-fA-F]{8,17}' + NextToken: + type: string + pattern: .* + maxLength: 256 + Filters: + type: object + additionalProperties: + $ref: '#/components/schemas/Strings' + SubnetId: + type: string + pattern: 'subnet-[0-9a-fA-F]{8,17}' + Field: + type: string + pattern: '[a-zA-Z0-9_-]+' + Strings: + type: array + items: + $ref: '#/components/schemas/String' + HsmState: + type: string + enum: + - CREATE_IN_PROGRESS + - ACTIVE + - DEGRADED + - DELETE_IN_PROGRESS + - DELETED + String: + type: string + ResourceId: + type: string + pattern: '(?:cluster|backup)-[2-7a-zA-Z]{11,16}' + MaxSize: + type: integer + minimum: 1 + maximum: 100 + TagKey: + type: string + pattern: '^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$' + minLength: 1 + maxLength: 128 + TagValue: + type: string + pattern: '^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$' + minLength: 0 + maxLength: 256 + Tag: + type: object + required: + - Key + - Value + properties: + Key: + allOf: + - $ref: '#/components/schemas/TagKey' + - description: The key of the tag. + Value: + allOf: + - $ref: '#/components/schemas/TagValue' + - description: The value of the tag. + description: Contains a tag. A tag is a key-value pair. + TagKeyList: + type: array + items: + $ref: '#/components/schemas/TagKey' + minItems: 1 + maxItems: 50 + x-stackQL-resources: + clusters: + name: clusters + methods: + create_cluster: + operation: + $ref: '#/paths/~1#X-Amz-Target=BaldrApiService.CreateCluster/post' + request: + mediaType: application/json + response: + mediaType: application/json + openAPIDocKey: '200' + delete_cluster: + operation: + $ref: '#/paths/~1#X-Amz-Target=BaldrApiService.DeleteCluster/post' + request: + mediaType: application/json + response: + mediaType: application/json + openAPIDocKey: '200' + describe_clusters: + operation: + $ref: '#/paths/~1/post' + request: + mediaType: application/x-amz-json-1.1 + default: | + { + "Filters": {} + } + response: + objectKey: '$.Clusters' + mediaType: application/json + openAPIDocKey: '200' + initialize_cluster: + operation: + $ref: '#/paths/~1#X-Amz-Target=BaldrApiService.InitializeCluster/post' + request: + mediaType: application/json + response: + mediaType: application/json + openAPIDocKey: '200' + modify_cluster: + operation: + $ref: '#/paths/~1#X-Amz-Target=BaldrApiService.ModifyCluster/post' + request: + mediaType: application/json + response: + mediaType: application/json + openAPIDocKey: '200' + id: aws.cloudhsm.clusters + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/clusters/methods/delete_cluster' + insert: + - $ref: '#/components/x-stackQL-resources/clusters/methods/create_cluster' + select: + - $ref: '#/components/x-stackQL-resources/clusters/methods/describe_clusters' + update: [] + title: clusters + hsm: + name: hsm + methods: + create_hsm: + operation: + $ref: '#/paths/~1#X-Amz-Target=BaldrApiService.CreateHsm/post' + request: + mediaType: application/json + response: + mediaType: application/json + openAPIDocKey: '200' + delete_hsm: + operation: + $ref: '#/paths/~1#X-Amz-Target=BaldrApiService.DeleteHsm/post' + request: + mediaType: application/json + response: + mediaType: application/json + openAPIDocKey: '200' + id: aws.cloudhsm.hsm + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/hsm/methods/delete_hsm' + insert: + - $ref: '#/components/x-stackQL-resources/hsm/methods/create_hsm' + select: [] + update: [] + title: hsm + backups: + name: backups + methods: + copy_backup_to_region: + operation: + $ref: '#/paths/~1#X-Amz-Target=BaldrApiService.CopyBackupToRegion/post' + request: + mediaType: application/json + response: + mediaType: application/json + openAPIDocKey: '200' + delete_backup: + operation: + $ref: '#/paths/~1#X-Amz-Target=BaldrApiService.DeleteBackup/post' + request: + mediaType: application/json + response: + mediaType: application/json + openAPIDocKey: '200' + describe_backups: + operation: + $ref: '#/paths/~1?__X-Amz-Target=BaldrApiService.DescribeBackups/post' + request: + mediaType: application/x-amz-json-1.1 + default: | + { + "Filters": {} + } + response: + mediaType: application/json + openAPIDocKey: '200' + objectKey: $.Backups + modify_backup_attributes: + operation: + $ref: '#/paths/~1#X-Amz-Target=BaldrApiService.ModifyBackupAttributes/post' + request: + mediaType: application/json + response: + mediaType: application/json + openAPIDocKey: '200' + restore_backup: + operation: + $ref: '#/paths/~1#X-Amz-Target=BaldrApiService.RestoreBackup/post' + request: + mediaType: application/json + response: + mediaType: application/json + openAPIDocKey: '200' + id: aws.cloudhsm.backups + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/backups/methods/delete_backup' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/backups/methods/describe_backups' + update: [] + title: backups + tags: + name: tags + methods: + list_tags: + operation: + $ref: '#/paths/~1#X-Amz-Target=BaldrApiService.ListTags/post' + request: + mediaType: application/json + response: + mediaType: application/json + openAPIDocKey: '200' + # objectKey: $.ResourceDescriptions + tag_resource: + operation: + $ref: '#/paths/~1#X-Amz-Target=BaldrApiService.TagResource/post' + request: + mediaType: application/json + response: + mediaType: application/json + openAPIDocKey: '200' + untag_resource: + operation: + $ref: '#/paths/~1#X-Amz-Target=BaldrApiService.UntagResource/post' + request: + mediaType: application/json + response: + mediaType: application/json + openAPIDocKey: '200' + id: aws.cloudhsm.tags + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/tags/methods/list_tags' + update: [] + title: tags +security: + - hmac: [] +x-stackQL-config: + requestTranslate: + algorithm: drop_double_underscore_params \ No newline at end of file diff --git a/providers/src/aws/v00.00.00000/services/cloudwatch_api.yaml b/providers/src/aws/v00.00.00000/services/cloudwatch_api.yaml new file mode 100644 index 00000000..97ffe447 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/cloudwatch_api.yaml @@ -0,0 +1,4741 @@ +openapi: 3.0.0 +info: + version: '2014-03-28' + x-release: v4 + title: Amazon CloudWatch Logs + description: '

You can use Amazon CloudWatch Logs to monitor, store, and access your log files from EC2 instances, CloudTrail, and other sources. You can then retrieve the associated log data from CloudWatch Logs using the CloudWatch console. Alternatively, you can use CloudWatch Logs commands in the Amazon Web Services CLI, CloudWatch Logs API, or CloudWatch Logs SDK.

You can use CloudWatch Logs to:

' + x-logo: + url: 'https://twitter.com/awscloud/profile_image?size=original' + backgroundColor: '#FFFFFF' + termsOfService: 'https://aws.amazon.com/service-terms/' + contact: + name: Mike Ralphson + email: mike.ralphson@gmail.com + url: 'https://github.com/mermade/aws2openapi' + x-twitter: PermittedSoc + license: + name: Apache 2.0 License + url: 'http://www.apache.org/licenses/' + x-providerName: amazonaws.com + x-serviceName: logs + x-origin: + - contentType: application/json + url: 'https://raw.githubusercontent.com/aws/aws-sdk-js/master/apis/logs-2014-03-28.normal.json' + converter: + url: 'https://github.com/mermade/aws2openapi' + version: 1.0.0 + x-apisguru-driver: external + x-apiClientRegistration: + url: 'https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct' + x-apisguru-categories: + - cloud + x-preferred: true +externalDocs: + description: Amazon Web Services documentation + url: 'https://docs.aws.amazon.com/logs/' +servers: + - url: 'https://logs.{region}.amazonaws.com' + variables: + region: + description: The AWS region + enum: + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - us-gov-west-1 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-southeast-1 + - ap-southeast-2 + - ap-east-1 + - ap-south-1 + - sa-east-1 + - me-south-1 + default: us-east-1 + description: The Amazon CloudWatch Logs multi-region endpoint +x-hasEquivalentPaths: true +paths: + /#X-Amz-Target=Logs_20140328.AssociateKmsKey: + post: + operationId: AssociateKmsKey + description: '

Associates the specified KMS key with the specified log group.

Associating a KMS key with a log group overrides any existing associations between the log group and a KMS key. After a KMS key is associated with a log group, all newly ingested data for the log group is encrypted using the KMS key. This association is stored as long as the data encrypted with the KMS keyis still within CloudWatch Logs. This enables CloudWatch Logs to decrypt this data whenever it is requested.

CloudWatch Logs supports only symmetric KMS keys. Do not use an associate an asymmetric KMS key with your log group. For more information, see Using Symmetric and Asymmetric Keys.

It can take up to 5 minutes for this operation to take effect.

If you attempt to associate a KMS key with a log group but the KMS key does not exist or the KMS key is disabled, you receive an InvalidParameterException error.

' + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/AssociateKmsKeyRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.AssociateKmsKey + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.CancelExportTask: + post: + operationId: CancelExportTask + description:

Cancels the specified export task.

The task must be in the PENDING or RUNNING state.

+ responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: InvalidOperationException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidOperationException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/CancelExportTaskRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.CancelExportTask + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.CreateExportTask: + post: + operationId: CreateExportTask + description: '

Creates an export task so that you can efficiently export data from a log group to an Amazon S3 bucket. When you perform a CreateExportTask operation, you must use credentials that have permission to write to the S3 bucket that you specify as the destination.

Exporting log data to S3 buckets that are encrypted by KMS is supported. Exporting log data to Amazon S3 buckets that have S3 Object Lock enabled with a retention period is also supported.

Exporting to S3 buckets that are encrypted with AES-256 is supported.

This is an asynchronous call. If all the required information is provided, this operation initiates an export task and responds with the ID of the task. After the task has started, you can use DescribeExportTasks to get the status of the export task. Each account can only have one active (RUNNING or PENDING) export task at a time. To cancel an export task, use CancelExportTask.

You can export logs from multiple log groups or multiple time ranges to the same S3 bucket. To separate log data for each export task, specify a prefix to be used as the Amazon S3 key prefix for all exported objects.

Time-based sorting on chunks of log data inside an exported file is not guaranteed. You can sort the exported log field data by using Linux utilities.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/CreateExportTaskResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: LimitExceededException + content: + application/json: + schema: + $ref: '#/components/schemas/LimitExceededException' + '482': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + '484': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '485': + description: ResourceAlreadyExistsException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceAlreadyExistsException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/CreateExportTaskRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.CreateExportTask + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.CreateLogGroup: + post: + operationId: CreateLogGroup + description: '

Creates a log group with the specified name. You can create up to 20,000 log groups per account.

You must use the following guidelines when naming a log group:

When you create a log group, by default the log events in the log group do not expire. To set a retention policy so that events expire and are deleted after a specified time, use PutRetentionPolicy.

If you associate an KMS key with the log group, ingested data is encrypted using the KMS key. This association is stored as long as the data encrypted with the KMS key is still within CloudWatch Logs. This enables CloudWatch Logs to decrypt this data whenever it is requested.

If you attempt to associate a KMS key with the log group but the KMS keydoes not exist or the KMS key is disabled, you receive an InvalidParameterException error.

CloudWatch Logs supports only symmetric KMS keys. Do not associate an asymmetric KMS key with your log group. For more information, see Using Symmetric and Asymmetric Keys.

' + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceAlreadyExistsException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceAlreadyExistsException' + '482': + description: LimitExceededException + content: + application/json: + schema: + $ref: '#/components/schemas/LimitExceededException' + '483': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '484': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/CreateLogGroupRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.CreateLogGroup + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.CreateLogStream: + post: + operationId: CreateLogStream + description: '

Creates a log stream for the specified log group. A log stream is a sequence of log events that originate from a single source, such as an application instance or a resource that is being monitored.

There is no limit on the number of log streams that you can create for a log group. There is a limit of 50 TPS on CreateLogStream operations, after which transactions are throttled.

You must use the following guidelines when naming a log stream:

' + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceAlreadyExistsException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceAlreadyExistsException' + '482': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/CreateLogStreamRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.CreateLogStream + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DeleteDataProtectionPolicy: + post: + operationId: DeleteDataProtectionPolicy + description: '

Deletes the data protection policy from the specified log group.

For more information about data protection policies, see PutDataProtectionPolicy.

' + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '482': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteDataProtectionPolicyRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DeleteDataProtectionPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DeleteDestination: + post: + operationId: DeleteDestination + description: 'Deletes the specified destination, and eventually disables all the subscription filters that publish to it. This operation does not delete the physical resource encapsulated by the destination.' + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteDestinationRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DeleteDestination + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DeleteLogGroup: + post: + operationId: DeleteLogGroup + description: Deletes the specified log group and permanently deletes all the archived log events associated with the log group. + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteLogGroupRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DeleteLogGroup + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DeleteLogStream: + post: + operationId: DeleteLogStream + description: Deletes the specified log stream and permanently deletes all the archived log events associated with the log stream. + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteLogStreamRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DeleteLogStream + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DeleteMetricFilter: + post: + operationId: DeleteMetricFilter + description: Deletes the specified metric filter. + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteMetricFilterRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DeleteMetricFilter + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DeleteQueryDefinition: + post: + operationId: DeleteQueryDefinition + description: '

Deletes a saved CloudWatch Logs Insights query definition. A query definition contains details about a saved CloudWatch Logs Insights query.

Each DeleteQueryDefinition operation can delete one query definition.

You must have the logs:DeleteQueryDefinition permission to be able to perform this operation.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteQueryDefinitionResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteQueryDefinitionRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DeleteQueryDefinition + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DeleteResourcePolicy: + post: + operationId: DeleteResourcePolicy + description: Deletes a resource policy from this account. This revokes the access of the identities in that policy to put log events to this account. + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteResourcePolicyRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DeleteResourcePolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DeleteRetentionPolicy: + post: + operationId: DeleteRetentionPolicy + description:

Deletes the specified retention policy.

Log events do not expire if they belong to log groups without a retention policy.

+ responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteRetentionPolicyRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DeleteRetentionPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DeleteSubscriptionFilter: + post: + operationId: DeleteSubscriptionFilter + description: Deletes the specified subscription filter. + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteSubscriptionFilterRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DeleteSubscriptionFilter + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DescribeDestinations: + post: + operationId: DescribeDestinations + description: Lists all your destinations. The results are ASCII-sorted by destination name. + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeDestinationsResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeDestinationsRequest' + parameters: + - name: limit + in: query + schema: + type: string + description: Pagination limit + required: false + - name: nextToken + in: query + schema: + type: string + description: Pagination token + required: false + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DescribeDestinations + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DescribeExportTasks: + post: + operationId: DescribeExportTasks + description: Lists the specified export tasks. You can list all your export tasks or filter the results based on task ID or task status. + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeExportTasksResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeExportTasksRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DescribeExportTasks + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DescribeLogGroups: + post: + operationId: DescribeLogGroups + description: '

Lists the specified log groups. You can list all your log groups or filter the results by prefix. The results are ASCII-sorted by log group name.

CloudWatch Logs doesn’t support IAM policies that control access to the DescribeLogGroups action by using the aws:ResourceTag/key-name condition key. Other CloudWatch Logs actions do support the use of the aws:ResourceTag/key-name condition key to control access. For more information about using tags to control access, see Controlling access to Amazon Web Services resources using tags.

If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account and view data from the linked source accounts. For more information, see CloudWatch cross-account observability.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeLogGroupsResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeLogGroupsRequest' + parameters: + - name: limit + in: query + schema: + type: string + description: Pagination limit + required: false + - name: nextToken + in: query + schema: + type: string + description: Pagination token + required: false + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DescribeLogGroups + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DescribeLogStreams: + post: + operationId: DescribeLogStreams + description: '

Lists the log streams for the specified log group. You can list all the log streams or filter the results by prefix. You can also control how the results are ordered.

You can specify the log group to search by using either logGroupIdentifier or logGroupName. You must include one of these two parameters, but you can''t include both.

This operation has a limit of five transactions per second, after which transactions are throttled.

If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account and view data from the linked source accounts. For more information, see CloudWatch cross-account observability.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeLogStreamsResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeLogStreamsRequest' + parameters: + - name: limit + in: query + schema: + type: string + description: Pagination limit + required: false + - name: nextToken + in: query + schema: + type: string + description: Pagination token + required: false + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DescribeLogStreams + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DescribeMetricFilters: + post: + operationId: DescribeMetricFilters + description: 'Lists the specified metric filters. You can list all of the metric filters or filter the results by log name, prefix, metric name, or metric namespace. The results are ASCII-sorted by filter name.' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeMetricFiltersResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeMetricFiltersRequest' + parameters: + - name: limit + in: query + schema: + type: string + description: Pagination limit + required: false + - name: nextToken + in: query + schema: + type: string + description: Pagination token + required: false + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DescribeMetricFilters + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DescribeQueries: + post: + operationId: DescribeQueries + description: 'Returns a list of CloudWatch Logs Insights queries that are scheduled, running, or have been run recently in this account. You can request all queries or limit it to queries of a specific log group or queries with a certain status.' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeQueriesResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeQueriesRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DescribeQueries + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DescribeQueryDefinitions: + post: + operationId: DescribeQueryDefinitions + description:

This operation returns a paginated list of your saved CloudWatch Logs Insights query definitions.

You can use the queryDefinitionNamePrefix parameter to limit the results to only the query definitions that have names that start with a certain string.

+ responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeQueryDefinitionsResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeQueryDefinitionsRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DescribeQueryDefinitions + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DescribeResourcePolicies: + post: + operationId: DescribeResourcePolicies + description: Lists the resource policies in this account. + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeResourcePoliciesResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeResourcePoliciesRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DescribeResourcePolicies + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DescribeSubscriptionFilters: + post: + operationId: DescribeSubscriptionFilters + description: Lists the subscription filters for the specified log group. You can list all the subscription filters or filter the results by prefix. The results are ASCII-sorted by filter name. + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeSubscriptionFiltersResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeSubscriptionFiltersRequest' + parameters: + - name: limit + in: query + schema: + type: string + description: Pagination limit + required: false + - name: nextToken + in: query + schema: + type: string + description: Pagination token + required: false + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DescribeSubscriptionFilters + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.DisassociateKmsKey: + post: + operationId: DisassociateKmsKey + description: '

Disassociates the associated KMS key from the specified log group.

After the KMS key is disassociated from the log group, CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and CloudWatch Logs requires permissions for the KMS key whenever the encrypted data is requested.

Note that it can take up to 5 minutes for this operation to take effect.

' + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DisassociateKmsKeyRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.DisassociateKmsKey + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.FilterLogEvents: + post: + operationId: FilterLogEvents + description: '

Lists log events from the specified log group. You can list all the log events or filter the results using a filter pattern, a time range, and the name of the log stream.

You must have the logs;FilterLogEvents permission to perform this operation.

You can specify the log group to search by using either logGroupIdentifier or logGroupName. You must include one of these two parameters, but you can''t include both.

By default, this operation returns as many log events as can fit in 1 MB (up to 10,000 log events) or all the events found within the specified time range. If the results include a token, that means there are more log events available. You can get additional results by specifying the token in a subsequent call. This operation can return empty results while there are more log events available through the token.

The returned log events are sorted by event timestamp, the timestamp when the event was ingested by CloudWatch Logs, and the ID of the PutLogEvents request.

If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account and view data from the linked source accounts. For more information, see CloudWatch cross-account observability.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/FilterLogEventsResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/FilterLogEventsRequest' + parameters: + - name: limit + in: query + schema: + type: string + description: Pagination limit + required: false + - name: nextToken + in: query + schema: + type: string + description: Pagination token + required: false + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.FilterLogEvents + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.GetDataProtectionPolicy: + post: + operationId: GetDataProtectionPolicy + description: Returns information about a log group data protection policy. + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/GetDataProtectionPolicyResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '482': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/GetDataProtectionPolicyRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.GetDataProtectionPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /: + post: + operationId: GetLogEvents + description: '

Lists log events from the specified log stream. You can list all of the log events or filter using a time range.

By default, this operation returns as many log events as can fit in a response size of 1MB (up to 10,000 log events). You can get additional log events by specifying one of the tokens in a subsequent call. This operation can return empty results while there are more log events available through the token.

If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account and view data from the linked source accounts. For more information, see CloudWatch cross-account observability.

You can specify the log group to search by using either logGroupIdentifier or logGroupName. You must include one of these two parameters, but you can''t include both.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/GetLogEventsResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/GetLogEventsRequest' + parameters: + - name: limit + in: query + schema: + type: string + description: Pagination limit + required: false + - name: nextToken + in: query + schema: + type: string + description: Pagination token + required: false + - name: X-Amz-Target + in: header + required: false + schema: + type: string + enum: + - Logs_20140328.GetLogEvents + default: Logs_20140328.GetLogEvents + - in: header + name: Content-Type + required: false + schema: + default: application/json + enum: + - application/json + type: string + - in: header + name: Content-Encoding + required: false + schema: + default: amz-1.0 + enum: + - amz-1.0 + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.GetLogGroupFields: + post: + operationId: GetLogGroupFields + description: '

Returns a list of the fields that are included in log events in the specified log group. Includes the percentage of log events that contain each field. The search is limited to a time period that you specify.

You can specify the log group to search by using either logGroupIdentifier or logGroupName. You must specify one of these parameters, but you can''t specify both.

In the results, fields that start with @ are fields generated by CloudWatch Logs. For example, @timestamp is the timestamp of each log event. For more information about the fields that are generated by CloudWatch logs, see Supported Logs and Discovered Fields.

The response results are sorted by the frequency percentage, starting with the highest percentage.

If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account and view data from the linked source accounts. For more information, see CloudWatch cross-account observability.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/GetLogGroupFieldsResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: LimitExceededException + content: + application/json: + schema: + $ref: '#/components/schemas/LimitExceededException' + '482': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/GetLogGroupFieldsRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.GetLogGroupFields + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.GetLogRecord: + post: + operationId: GetLogRecord + description: '

Retrieves all of the fields and values of a single log event. All fields are retrieved, even if the original query that produced the logRecordPointer retrieved only a subset of fields. Fields are returned as field name/field value pairs.

The full unparsed log event is returned within @message.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/GetLogRecordResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: LimitExceededException + content: + application/json: + schema: + $ref: '#/components/schemas/LimitExceededException' + '482': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/GetLogRecordRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.GetLogRecord + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.GetQueryResults: + post: + operationId: GetQueryResults + description: '

Returns the results from the specified query.

Only the fields requested in the query are returned, along with a @ptr field, which is the identifier for the log record. You can use the value of @ptr in a GetLogRecord operation to get the full log record.

GetQueryResults does not start running a query. To run a query, use StartQuery.

If the value of the Status field in the output is Running, this operation returns only partial results. If you see a value of Scheduled or Running for the status, you can retry the operation later to see the final results.

If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account to start queries in linked source accounts. For more information, see CloudWatch cross-account observability.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/GetQueryResultsResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/GetQueryResultsRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.GetQueryResults + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.ListTagsForResource: + post: + operationId: ListTagsForResource + description: 'Displays the tags associated with a CloudWatch Logs resource. Currently, log groups and destinations support tagging.' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/ListTagsForResourceResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/ListTagsForResourceRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.ListTagsForResource + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.ListTagsLogGroup: + post: + deprecated: true + operationId: ListTagsLogGroup + description: '

The ListTagsLogGroup operation is on the path to deprecation. We recommend that you use ListTagsForResource instead.

Lists the tags for the specified log group.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/ListTagsLogGroupResponse' + '480': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '481': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/ListTagsLogGroupRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.ListTagsLogGroup + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.PutDataProtectionPolicy: + post: + operationId: PutDataProtectionPolicy + description: '

Creates a data protection policy for the specified log group. A data protection policy can help safeguard sensitive data that''s ingested by the log group by auditing and masking the sensitive log data.

Sensitive data is detected and masked when it is ingested into the log group. When you set a data protection policy, log events ingested into the log group before that time are not masked.

By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the logs:Unmask permission can use a GetLogEvents or FilterLogEvents operation with the unmask parameter set to true to view the unmasked log events. Users with the logs:Unmask can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the unmask query command.

For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/PutDataProtectionPolicyResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: LimitExceededException + content: + application/json: + schema: + $ref: '#/components/schemas/LimitExceededException' + '482': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '483': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '484': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/PutDataProtectionPolicyRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.PutDataProtectionPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.PutDestination: + post: + operationId: PutDestination + description: '

Creates or updates a destination. This operation is used only to create destinations for cross-account subscriptions.

A destination encapsulates a physical resource (such as an Amazon Kinesis stream). With a destination, you can subscribe to a real-time stream of log events for a different account, ingested using PutLogEvents.

Through an access policy, a destination controls what is written to it. By default, PutDestination does not set any access policy with the destination, which means a cross-account user cannot call PutSubscriptionFilter against this destination. To enable this, the destination owner must call PutDestinationPolicy after PutDestination.

To perform a PutDestination operation, you must also have the iam:PassRole permission.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/PutDestinationResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/PutDestinationRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.PutDestination + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.PutDestinationPolicy: + post: + operationId: PutDestinationPolicy + description: 'Creates or updates an access policy associated with an existing destination. An access policy is an IAM policy document that is used to authorize claims to register a subscription filter against a given destination.' + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/PutDestinationPolicyRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.PutDestinationPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.PutLogEvents: + post: + operationId: PutLogEvents + description: '

Uploads a batch of log events to the specified log stream.

The sequence token is now ignored in PutLogEvents actions. PutLogEvents actions are always accepted and never return InvalidSequenceTokenException or DataAlreadyAcceptedException even if the sequence token is not valid. You can use parallel PutLogEvents actions on the same log stream.

The batch of events must satisfy the following constraints:

If a call to PutLogEvents returns "UnrecognizedClientException" the most likely cause is a non-valid Amazon Web Services access key ID or secret key.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/PutLogEventsResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: InvalidSequenceTokenException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidSequenceTokenException' + '482': + description: DataAlreadyAcceptedException + content: + application/json: + schema: + $ref: '#/components/schemas/DataAlreadyAcceptedException' + '483': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '484': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + '485': + description: UnrecognizedClientException + content: + application/json: + schema: + $ref: '#/components/schemas/UnrecognizedClientException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/PutLogEventsRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.PutLogEvents + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.PutMetricFilter: + post: + operationId: PutMetricFilter + description: '

Creates or updates a metric filter and associates it with the specified log group. With metric filters, you can configure rules to extract metric data from log events ingested through PutLogEvents.

The maximum number of metric filters that can be associated with a log group is 100.

When you create a metric filter, you can also optionally assign a unit and dimensions to the metric that is created.

Metrics extracted from log events are charged as custom metrics. To prevent unexpected high charges, do not specify high-cardinality fields such as IPAddress or requestID as dimensions. Each different value found for a dimension is treated as a separate metric and accrues charges as a separate custom metric.

CloudWatch Logs disables a metric filter if it generates 1,000 different name/value pairs for your specified dimensions within a certain amount of time. This helps to prevent accidental high charges.

You can also set up a billing alarm to alert you if your charges are higher than expected. For more information, see Creating a Billing Alarm to Monitor Your Estimated Amazon Web Services Charges.

' + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '483': + description: LimitExceededException + content: + application/json: + schema: + $ref: '#/components/schemas/LimitExceededException' + '484': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/PutMetricFilterRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.PutMetricFilter + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.PutQueryDefinition: + post: + operationId: PutQueryDefinition + description: '

Creates or updates a query definition for CloudWatch Logs Insights. For more information, see Analyzing Log Data with CloudWatch Logs Insights.

To update a query definition, specify its queryDefinitionId in your request. The values of name, queryString, and logGroupNames are changed to the values that you specify in your update operation. No current values are retained from the current query definition. For example, imagine updating a current query definition that includes log groups. If you don''t specify the logGroupNames parameter in your update operation, the query definition changes to contain no log groups.

You must have the logs:PutQueryDefinition permission to be able to perform this operation.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/PutQueryDefinitionResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: LimitExceededException + content: + application/json: + schema: + $ref: '#/components/schemas/LimitExceededException' + '482': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/PutQueryDefinitionRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.PutQueryDefinition + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.PutResourcePolicy: + post: + operationId: PutResourcePolicy + description: 'Creates or updates a resource policy allowing other Amazon Web Services services to put log events to this account, such as Amazon Route 53. An account can have up to 10 resource policies per Amazon Web Services Region.' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/PutResourcePolicyResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: LimitExceededException + content: + application/json: + schema: + $ref: '#/components/schemas/LimitExceededException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/PutResourcePolicyRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.PutResourcePolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.PutRetentionPolicy: + post: + operationId: PutRetentionPolicy + description: '

Sets the retention of the specified log group. With a retention policy, you can configure the number of days for which to retain log events in the specified log group.

CloudWatch Logs doesn’t immediately delete log events when they reach their retention setting. It typically takes up to 72 hours after that before log events are deleted, but in rare situations might take longer.

To illustrate, imagine that you change a log group to have a longer retention setting when it contains log events that are past the expiration date, but haven’t been deleted. Those log events will take up to 72 hours to be deleted after the new retention date is reached. To make sure that log data is deleted permanently, keep a log group at its lower retention setting until 72 hours after the previous retention period ends. Alternatively, wait to change the retention setting until you confirm that the earlier log events are deleted.

' + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '483': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/PutRetentionPolicyRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.PutRetentionPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.PutSubscriptionFilter: + post: + operationId: PutSubscriptionFilter + description: '

Creates or updates a subscription filter and associates it with the specified log group. With subscription filters, you can subscribe to a real-time stream of log events ingested through PutLogEvents and have them delivered to a specific destination. When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.

The following destinations are supported for subscription filters:

Each log group can have up to two subscription filters associated with it. If you are updating an existing filter, you must specify the correct name in filterName.

To perform a PutSubscriptionFilter operation, you must also have the iam:PassRole permission.

' + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: OperationAbortedException + content: + application/json: + schema: + $ref: '#/components/schemas/OperationAbortedException' + '483': + description: LimitExceededException + content: + application/json: + schema: + $ref: '#/components/schemas/LimitExceededException' + '484': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/PutSubscriptionFilterRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.PutSubscriptionFilter + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.StartQuery: + post: + operationId: StartQuery + description: '

Schedules a query of a log group using CloudWatch Logs Insights. You specify the log group and time range to query and the query string to use.

For more information, see CloudWatch Logs Insights Query Syntax.

Queries time out after 15 minutes of runtime. If your queries are timing out, reduce the time range being searched or partition your query into a number of queries.

If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account to start a query in a linked source account. For more information, see CloudWatch cross-account observability. For a cross-account StartQuery operation, the query definition must be defined in the monitoring account.

You can have up to 20 concurrent CloudWatch Logs insights queries, including queries that have been added to dashboards.

' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/StartQueryResponse' + '480': + description: MalformedQueryException + content: + application/json: + schema: + $ref: '#/components/schemas/MalformedQueryException' + '481': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '482': + description: LimitExceededException + content: + application/json: + schema: + $ref: '#/components/schemas/LimitExceededException' + '483': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '484': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/StartQueryRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.StartQuery + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.StopQuery: + post: + operationId: StopQuery + description: 'Stops a CloudWatch Logs Insights query that is in progress. If the query has already ended, the operation returns an error indicating that the specified query is not running.' + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/StopQueryResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/StopQueryRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.StopQuery + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.TagLogGroup: + post: + deprecated: true + operationId: TagLogGroup + description: '

The TagLogGroup operation is on the path to deprecation. We recommend that you use TagResource instead.

Adds or updates the specified tags for the specified log group.

To list the tags for a log group, use ListTagsForResource. To remove tags, use UntagResource.

For more information about tags, see Tag Log Groups in Amazon CloudWatch Logs in the Amazon CloudWatch Logs User Guide.

CloudWatch Logs doesn’t support IAM policies that prevent users from assigning specified tags to log groups using the aws:Resource/key-name or aws:TagKeys condition keys. For more information about using tags to control access, see Controlling access to Amazon Web Services resources using tags.

' + responses: + '200': + description: Success + '480': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '481': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/TagLogGroupRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.TagLogGroup + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.TagResource: + post: + operationId: TagResource + description: '

Assigns one or more tags (key-value pairs) to the specified CloudWatch Logs resource. Currently, the only CloudWatch Logs resources that can be tagged are log groups and destinations.

Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.

Tags don''t have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.

You can use the TagResource action with a resource that already has tags. If you specify a new tag key for the alarm, this tag is appended to the list of tags associated with the alarm. If you specify a tag key that is already associated with the alarm, the new tag value that you specify replaces the previous value for that tag.

You can associate as many as 50 tags with a CloudWatch Logs resource.

' + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + '483': + description: TooManyTagsException + content: + application/json: + schema: + $ref: '#/components/schemas/TooManyTagsException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/TagResourceRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.TagResource + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.TestMetricFilter: + post: + operationId: TestMetricFilter + description: Tests the filter pattern of a metric filter against a sample of log event messages. You can use this operation to validate the correctness of a metric filter pattern. + responses: + '200': + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/TestMetricFilterResponse' + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/TestMetricFilterRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.TestMetricFilter + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.UntagLogGroup: + post: + deprecated: true + operationId: UntagLogGroup + description: '

The UntagLogGroup operation is on the path to deprecation. We recommend that you use UntagResource instead.

Removes the specified tags from the specified log group.

To list the tags for a log group, use ListTagsForResource. To add tags, use TagResource.

CloudWatch Logs doesn’t support IAM policies that prevent users from assigning specified tags to log groups using the aws:Resource/key-name or aws:TagKeys condition keys.

' + responses: + '200': + description: Success + '480': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/UntagLogGroupRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.UntagLogGroup + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /#X-Amz-Target=Logs_20140328.UntagResource: + post: + operationId: UntagResource + description: Removes one or more tags from the specified resource. + responses: + '200': + description: Success + '480': + description: InvalidParameterException + content: + application/json: + schema: + $ref: '#/components/schemas/InvalidParameterException' + '481': + description: ResourceNotFoundException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceNotFoundException' + '482': + description: ServiceUnavailableException + content: + application/json: + schema: + $ref: '#/components/schemas/ServiceUnavailableException' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/UntagResourceRequest' + parameters: + - name: X-Amz-Target + in: header + required: true + schema: + type: string + enum: + - Logs_20140328.UntagResource + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' +components: + parameters: + X-Amz-Content-Sha256: + name: X-Amz-Content-Sha256 + in: header + schema: + type: string + required: false + X-Amz-Date: + name: X-Amz-Date + in: header + schema: + type: string + required: false + X-Amz-Algorithm: + name: X-Amz-Algorithm + in: header + schema: + type: string + required: false + X-Amz-Credential: + name: X-Amz-Credential + in: header + schema: + type: string + required: false + X-Amz-Security-Token: + name: X-Amz-Security-Token + in: header + schema: + type: string + required: false + X-Amz-Signature: + name: X-Amz-Signature + in: header + schema: + type: string + required: false + X-Amz-SignedHeaders: + name: X-Amz-SignedHeaders + in: header + schema: + type: string + required: false + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + schemas: + AssociateKmsKeyRequest: + type: object + required: + - logGroupName + - kmsKeyId + title: AssociateKmsKeyRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + kmsKeyId: + allOf: + - $ref: '#/components/schemas/KmsKeyId' + - description: 'The Amazon Resource Name (ARN) of the KMS key to use when encrypting log data. This must be a symmetric KMS key. For more information, see Amazon Resource Names and Using Symmetric and Asymmetric Keys.' + InvalidParameterException: {} + ResourceNotFoundException: {} + OperationAbortedException: {} + ServiceUnavailableException: {} + CancelExportTaskRequest: + type: object + required: + - taskId + title: CancelExportTaskRequest + properties: + taskId: + allOf: + - $ref: '#/components/schemas/ExportTaskId' + - description: The ID of the export task. + InvalidOperationException: {} + CreateExportTaskResponse: + type: object + properties: + taskId: + allOf: + - $ref: '#/components/schemas/ExportTaskId' + - description: The ID of the export task. + CreateExportTaskRequest: + type: object + required: + - logGroupName + - from + - to + - destination + title: CreateExportTaskRequest + properties: + taskName: + allOf: + - $ref: '#/components/schemas/ExportTaskName' + - description: The name of the export task. + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + logStreamNamePrefix: + allOf: + - $ref: '#/components/schemas/LogStreamName' + - description: 'Export only log streams that match the provided prefix. If you don''t specify a value, no prefix filter is applied.' + from: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The start time of the range for the request, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. Events with a timestamp earlier than this time are not exported.' + to: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: '

The end time of the range for the request, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. Events with a timestamp later than this time are not exported.

You must specify a time that is not earlier than when this log group was created.

' + destination: + allOf: + - $ref: '#/components/schemas/ExportDestinationBucket' + - description: The name of S3 bucket for the exported log data. The bucket must be in the same Amazon Web Services Region. + destinationPrefix: + allOf: + - $ref: '#/components/schemas/ExportDestinationPrefix' + - description: 'The prefix used as the start of the key for every object exported. If you don''t specify a value, the default is exportedlogs.' + LimitExceededException: {} + ResourceAlreadyExistsException: {} + CreateLogGroupRequest: + type: object + required: + - logGroupName + title: CreateLogGroupRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + kmsKeyId: + allOf: + - $ref: '#/components/schemas/KmsKeyId' + - description: 'The Amazon Resource Name (ARN) of the KMS key to use when encrypting log data. For more information, see Amazon Resource Names.' + tags: + allOf: + - $ref: '#/components/schemas/Tags' + - description: '

The key-value pairs to use for the tags.

You can grant users access to certain log groups while preventing them from accessing other log groups. To do so, tag your groups and use IAM policies that refer to those tags. To assign tags when you create a log group, you must have either the logs:TagResource or logs:TagLogGroup permission. For more information about tagging, see Tagging Amazon Web Services resources. For more information about using tags to control access, see Controlling access to Amazon Web Services resources using tags.

' + CreateLogStreamRequest: + type: object + required: + - logGroupName + - logStreamName + title: CreateLogStreamRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + logStreamName: + allOf: + - $ref: '#/components/schemas/LogStreamName' + - description: The name of the log stream. + DeleteDataProtectionPolicyRequest: + type: object + required: + - logGroupIdentifier + title: DeleteDataProtectionPolicyRequest + properties: + logGroupIdentifier: + allOf: + - $ref: '#/components/schemas/LogGroupIdentifier' + - description: The name or ARN of the log group that you want to delete the data protection policy for. + DeleteDestinationRequest: + type: object + required: + - destinationName + title: DeleteDestinationRequest + properties: + destinationName: + allOf: + - $ref: '#/components/schemas/DestinationName' + - description: The name of the destination. + DeleteLogGroupRequest: + type: object + required: + - logGroupName + title: DeleteLogGroupRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + DeleteLogStreamRequest: + type: object + required: + - logGroupName + - logStreamName + title: DeleteLogStreamRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + logStreamName: + allOf: + - $ref: '#/components/schemas/LogStreamName' + - description: The name of the log stream. + DeleteMetricFilterRequest: + type: object + required: + - logGroupName + - filterName + title: DeleteMetricFilterRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + filterName: + allOf: + - $ref: '#/components/schemas/FilterName' + - description: The name of the metric filter. + DeleteQueryDefinitionResponse: + type: object + properties: + success: + allOf: + - $ref: '#/components/schemas/Success' + - description: A value of TRUE indicates that the operation succeeded. FALSE indicates that the operation failed. + DeleteQueryDefinitionRequest: + type: object + required: + - queryDefinitionId + title: DeleteQueryDefinitionRequest + properties: + queryDefinitionId: + allOf: + - $ref: '#/components/schemas/QueryId' + - description: 'The ID of the query definition that you want to delete. You can use DescribeQueryDefinitions to retrieve the IDs of your saved query definitions.' + DeleteResourcePolicyRequest: + type: object + title: DeleteResourcePolicyRequest + properties: + policyName: + allOf: + - $ref: '#/components/schemas/PolicyName' + - description: The name of the policy to be revoked. This parameter is required. + DeleteRetentionPolicyRequest: + type: object + required: + - logGroupName + title: DeleteRetentionPolicyRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + DeleteSubscriptionFilterRequest: + type: object + required: + - logGroupName + - filterName + title: DeleteSubscriptionFilterRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + filterName: + allOf: + - $ref: '#/components/schemas/FilterName' + - description: The name of the subscription filter. + DescribeDestinationsResponse: + type: object + properties: + destinations: + allOf: + - $ref: '#/components/schemas/Destinations' + - description: The destinations. + nextToken: + $ref: '#/components/schemas/NextToken' + DescribeDestinationsRequest: + type: object + title: DescribeDestinationsRequest + properties: + DestinationNamePrefix: + allOf: + - $ref: '#/components/schemas/DestinationName' + - description: 'The prefix to match. If you don''t specify a value, no prefix filter is applied.' + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next set of items to return. (You received this token from a previous call.) + limit: + allOf: + - $ref: '#/components/schemas/DescribeLimit' + - description: 'The maximum number of items returned. If you don''t specify a value, the default maximum value of 50 items is used.' + DescribeExportTasksResponse: + type: object + properties: + exportTasks: + allOf: + - $ref: '#/components/schemas/ExportTasks' + - description: The export tasks. + nextToken: + $ref: '#/components/schemas/NextToken' + DescribeExportTasksRequest: + type: object + title: DescribeExportTasksRequest + properties: + taskId: + allOf: + - $ref: '#/components/schemas/ExportTaskId' + - description: The ID of the export task. Specifying a task ID filters the results to one or zero export tasks. + statusCode: + allOf: + - $ref: '#/components/schemas/ExportTaskStatusCode' + - description: The status code of the export task. Specifying a status code filters the results to zero or more export tasks. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next set of items to return. (You received this token from a previous call.) + limit: + allOf: + - $ref: '#/components/schemas/DescribeLimit' + - description: 'The maximum number of items returned. If you don''t specify a value, the default is up to 50 items.' + DescribeLogGroupsResponse: + type: object + properties: + logGroups: + allOf: + - $ref: '#/components/schemas/LogGroups' + - description: '

The log groups.

If the retentionInDays value is not included for a log group, then that log group''s events do not expire.

' + nextToken: + $ref: '#/components/schemas/NextToken' + DescribeLogGroupsRequest: + type: object + title: DescribeLogGroupsRequest + properties: + accountIdentifiers: + allOf: + - $ref: '#/components/schemas/AccountIds' + - description: 'When includeLinkedAccounts is set to True, use this parameter to specify the list of accounts to search. You can specify as many as 20 account IDs in the array. ' + logGroupNamePrefix: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description:

The prefix to match.

logGroupNamePrefix and logGroupNamePattern are mutually exclusive. Only one of these parameters can be passed.

+ logGroupNamePattern: + allOf: + - $ref: '#/components/schemas/LogGroupNamePattern' + - description: '

If you specify a string for this parameter, the operation returns only log groups that have names that match the string based on a case-sensitive substring search. For example, if you specify Foo, log groups named FooBar, aws/Foo, and GroupFoo would match, but foo, F/o/o and Froo would not match.

logGroupNamePattern and logGroupNamePrefix are mutually exclusive. Only one of these parameters can be passed.

' + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next set of items to return. (You received this token from a previous call.) + limit: + allOf: + - $ref: '#/components/schemas/DescribeLimit' + - description: 'The maximum number of items returned. If you don''t specify a value, the default is up to 50 items.' + includeLinkedAccounts: + allOf: + - $ref: '#/components/schemas/IncludeLinkedAccounts' + - description: '

If you are using a monitoring account, set this to True to have the operation return log groups in the accounts listed in accountIdentifiers.

If this parameter is set to true and accountIdentifiers contains a null value, the operation returns all log groups in the monitoring account and all log groups in all source accounts that are linked to the monitoring account.

If you specify includeLinkedAccounts in your request, then metricFilterCount, retentionInDays, and storedBytes are not included in the response.

' + DescribeLogStreamsResponse: + type: object + properties: + logStreams: + allOf: + - $ref: '#/components/schemas/LogStreams' + - description: The log streams. + nextToken: + $ref: '#/components/schemas/NextToken' + DescribeLogStreamsRequest: + type: object + title: DescribeLogStreamsRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: '

The name of the log group.

You must include either logGroupIdentifier or logGroupName, but not both.

' + logGroupIdentifier: + allOf: + - $ref: '#/components/schemas/LogGroupIdentifier' + - description: '

Specify either the name or ARN of the log group to view. If the log group is in a source account and you are using a monitoring account, you must use the log group ARN.

You must include either logGroupIdentifier or logGroupName, but not both.

' + logStreamNamePrefix: + allOf: + - $ref: '#/components/schemas/LogStreamName' + - description: '

The prefix to match.

If orderBy is LastEventTime, you cannot specify this parameter.

' + orderBy: + allOf: + - $ref: '#/components/schemas/OrderBy' + - description: '

If the value is LogStreamName, the results are ordered by log stream name. If the value is LastEventTime, the results are ordered by the event time. The default value is LogStreamName.

If you order the results by event time, you cannot specify the logStreamNamePrefix parameter.

lastEventTimestamp represents the time of the most recent log event in the log stream in CloudWatch Logs. This number is expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. lastEventTimestamp updates on an eventual consistency basis. It typically updates in less than an hour from ingestion, but in rare situations might take longer.

' + descending: + allOf: + - $ref: '#/components/schemas/Descending' + - description: 'If the value is true, results are returned in descending order. If the value is to false, results are returned in ascending order. The default value is false.' + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next set of items to return. (You received this token from a previous call.) + limit: + allOf: + - $ref: '#/components/schemas/DescribeLimit' + - description: 'The maximum number of items returned. If you don''t specify a value, the default is up to 50 items.' + DescribeMetricFiltersResponse: + type: object + properties: + metricFilters: + allOf: + - $ref: '#/components/schemas/MetricFilters' + - description: The metric filters. + nextToken: + $ref: '#/components/schemas/NextToken' + DescribeMetricFiltersRequest: + type: object + title: DescribeMetricFiltersRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + filterNamePrefix: + allOf: + - $ref: '#/components/schemas/FilterName' + - description: The prefix to match. CloudWatch Logs uses the value that you set here only if you also include the logGroupName parameter in your request. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next set of items to return. (You received this token from a previous call.) + limit: + allOf: + - $ref: '#/components/schemas/DescribeLimit' + - description: 'The maximum number of items returned. If you don''t specify a value, the default is up to 50 items.' + metricName: + allOf: + - $ref: '#/components/schemas/MetricName' + - description: 'Filters results to include only those with the specified metric name. If you include this parameter in your request, you must also include the metricNamespace parameter.' + metricNamespace: + allOf: + - $ref: '#/components/schemas/MetricNamespace' + - description: 'Filters results to include only those in the specified namespace. If you include this parameter in your request, you must also include the metricName parameter.' + DescribeQueriesResponse: + type: object + properties: + queries: + allOf: + - $ref: '#/components/schemas/QueryInfoList' + - description: The list of queries that match the request. + nextToken: + $ref: '#/components/schemas/NextToken' + DescribeQueriesRequest: + type: object + title: DescribeQueriesRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: Limits the returned queries to only those for the specified log group. + status: + allOf: + - $ref: '#/components/schemas/QueryStatus' + - description: 'Limits the returned queries to only those that have the specified status. Valid values are Cancelled, Complete, Failed, Running, and Scheduled.' + maxResults: + allOf: + - $ref: '#/components/schemas/DescribeQueriesMaxResults' + - description: Limits the number of returned queries to the specified number. + nextToken: + $ref: '#/components/schemas/NextToken' + DescribeQueryDefinitionsResponse: + type: object + properties: + queryDefinitions: + allOf: + - $ref: '#/components/schemas/QueryDefinitionList' + - description: The list of query definitions that match your request. + nextToken: + $ref: '#/components/schemas/NextToken' + DescribeQueryDefinitionsRequest: + type: object + title: DescribeQueryDefinitionsRequest + properties: + queryDefinitionNamePrefix: + allOf: + - $ref: '#/components/schemas/QueryDefinitionName' + - description: Use this parameter to filter your results to only the query definitions that have names that start with the prefix you specify. + maxResults: + allOf: + - $ref: '#/components/schemas/QueryListMaxResults' + - description: Limits the number of returned query definitions to the specified number. + nextToken: + $ref: '#/components/schemas/NextToken' + DescribeResourcePoliciesResponse: + type: object + properties: + resourcePolicies: + allOf: + - $ref: '#/components/schemas/ResourcePolicies' + - description: The resource policies that exist in this account. + nextToken: + $ref: '#/components/schemas/NextToken' + DescribeResourcePoliciesRequest: + type: object + title: DescribeResourcePoliciesRequest + properties: + nextToken: + $ref: '#/components/schemas/NextToken' + limit: + allOf: + - $ref: '#/components/schemas/DescribeLimit' + - description: The maximum number of resource policies to be displayed with one call of this API. + DescribeSubscriptionFiltersResponse: + type: object + properties: + subscriptionFilters: + allOf: + - $ref: '#/components/schemas/SubscriptionFilters' + - description: The subscription filters. + nextToken: + $ref: '#/components/schemas/NextToken' + DescribeSubscriptionFiltersRequest: + type: object + required: + - logGroupName + title: DescribeSubscriptionFiltersRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + filterNamePrefix: + allOf: + - $ref: '#/components/schemas/FilterName' + - description: 'The prefix to match. If you don''t specify a value, no prefix filter is applied.' + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next set of items to return. (You received this token from a previous call.) + limit: + allOf: + - $ref: '#/components/schemas/DescribeLimit' + - description: 'The maximum number of items returned. If you don''t specify a value, the default is up to 50 items.' + DisassociateKmsKeyRequest: + type: object + required: + - logGroupName + title: DisassociateKmsKeyRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + FilterLogEventsResponse: + type: object + properties: + events: + allOf: + - $ref: '#/components/schemas/FilteredLogEvents' + - description: The matched events. + searchedLogStreams: + allOf: + - $ref: '#/components/schemas/SearchedLogStreams' + - description: '

Important As of May 15, 2020, this parameter is no longer supported. This parameter returns an empty list.

Indicates which log streams have been searched and whether each has been searched completely.

' + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use when requesting the next set of items. The token expires after 24 hours. + FilterLogEventsRequest: + type: object + title: FilterLogEventsRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: '

The name of the log group to search.

You must include either logGroupIdentifier or logGroupName, but not both.

' + logGroupIdentifier: + allOf: + - $ref: '#/components/schemas/LogGroupIdentifier' + - description: '

Specify either the name or ARN of the log group to view log events from. If the log group is in a source account and you are using a monitoring account, you must use the log group ARN.

You must include either logGroupIdentifier or logGroupName, but not both.

' + logStreamNames: + allOf: + - $ref: '#/components/schemas/InputLogStreamNames' + - description: '

Filters the results to only logs from the log streams in this list.

If you specify a value for both logStreamNamePrefix and logStreamNames, the action returns an InvalidParameterException error.

' + logStreamNamePrefix: + allOf: + - $ref: '#/components/schemas/LogStreamName' + - description: '

Filters the results to include only events from log streams that have names starting with this prefix.

If you specify a value for both logStreamNamePrefix and logStreamNames, but the value for logStreamNamePrefix does not match any log stream names specified in logStreamNames, the action returns an InvalidParameterException error.

' + startTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The start of the time range, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. Events with a timestamp before this time are not returned.' + endTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The end of the time range, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. Events with a timestamp later than this time are not returned.' + filterPattern: + allOf: + - $ref: '#/components/schemas/FilterPattern' + - description: '

The filter pattern to use. For more information, see Filter and Pattern Syntax.

If not provided, all the events are matched.

' + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next set of events to return. (You received this token from a previous call.) + limit: + allOf: + - $ref: '#/components/schemas/EventsLimit' + - description: 'The maximum number of events to return. The default is 10,000 events.' + interleaved: + allOf: + - $ref: '#/components/schemas/Interleaved' + - deprecated: true + description: '

If the value is true, the operation attempts to provide responses that contain events from multiple log streams within the log group, interleaved in a single response. If the value is false, all the matched log events in the first log stream are searched first, then those in the next log stream, and so on.

Important As of June 17, 2019, this parameter is ignored and the value is assumed to be true. The response from this operation always interleaves events from multiple log streams within a log group.

Starting on June 17, 2019, this parameter will be ignored and the value will be assumed to be true. The response from this operation will always interleave events from multiple log streams within a log group.' + unmask: + allOf: + - $ref: '#/components/schemas/Unmask' + - description: '

Specify true to display the log event fields with all sensitive data unmasked and visible. The default is false.

To use this operation with this parameter, you must be signed into an account with the logs:Unmask permission.

' + GetDataProtectionPolicyResponse: + type: object + properties: + logGroupIdentifier: + allOf: + - $ref: '#/components/schemas/LogGroupIdentifier' + - description: The log group name or ARN that you specified in your request. + policyDocument: + allOf: + - $ref: '#/components/schemas/DataProtectionPolicyDocument' + - description: The data protection policy document for this log group. + lastUpdatedTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: The date and time that this policy was most recently updated. + GetDataProtectionPolicyRequest: + type: object + required: + - logGroupIdentifier + title: GetDataProtectionPolicyRequest + properties: + logGroupIdentifier: + allOf: + - $ref: '#/components/schemas/LogGroupIdentifier' + - description: The name or ARN of the log group that contains the data protection policy that you want to see. + GetLogEventsResponse: + type: object + properties: + events: + $ref: '#/components/schemas/OutputLogEvents' + description: The events. + nextForwardToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: 'The token for the next set of items in the forward direction. The token expires after 24 hours. If you have reached the end of the stream, it returns the same token you passed in.' + nextBackwardToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: 'The token for the next set of items in the backward direction. The token expires after 24 hours. This token is not null. If you have reached the end of the stream, it returns the same token you passed in.' + GetLogEventsRequest: + type: object + required: + - logStreamName + title: GetLogEventsRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: '

The name of the log group.

You must include either logGroupIdentifier or logGroupName, but not both.

' + logGroupIdentifier: + allOf: + - $ref: '#/components/schemas/LogGroupIdentifier' + - description: '

Specify either the name or ARN of the log group to view events from. If the log group is in a source account and you are using a monitoring account, you must use the log group ARN.

You must include either logGroupIdentifier or logGroupName, but not both.

' + logStreamName: + allOf: + - $ref: '#/components/schemas/LogStreamName' + - description: The name of the log stream. + startTime: + type: integer + minimum: 0 + endTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The end of the time range, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. Events with a timestamp equal to or later than this time are not included.' + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next set of items to return. (You received this token from a previous call.) + limit: + allOf: + - $ref: '#/components/schemas/EventsLimit' + - description: 'The maximum number of log events returned. If you don''t specify a limit, the default is as many log events as can fit in a response size of 1 MB (up to 10,000 log events).' + startFromHead: + allOf: + - $ref: '#/components/schemas/StartFromHead' + - description: '

If the value is true, the earliest log events are returned first. If the value is false, the latest log events are returned first. The default value is false.

If you are using a previous nextForwardToken value as the nextToken in this operation, you must specify true for startFromHead.

' + unmask: + allOf: + - $ref: '#/components/schemas/Unmask' + - description: '

Specify true to display the log event fields with all sensitive data unmasked and visible. The default is false.

To use this operation with this parameter, you must be signed into an account with the logs:Unmask permission.

' + GetLogGroupFieldsResponse: + type: object + properties: + logGroupFields: + allOf: + - $ref: '#/components/schemas/LogGroupFieldList' + - description: 'The array of fields found in the query. Each object in the array contains the name of the field, along with the percentage of time it appeared in the log events that were queried.' + GetLogGroupFieldsRequest: + type: object + title: GetLogGroupFieldsRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: '

The name of the log group to search.

You must include either logGroupIdentifier or logGroupName, but not both.

' + time: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: '

The time to set as the center of the query. If you specify time, the 15 minutes before this time are queries. If you omit time, the 8 minutes before and 8 minutes after this time are searched.

The time value is specified as epoch time, which is the number of seconds since January 1, 1970, 00:00:00 UTC.

' + logGroupIdentifier: + allOf: + - $ref: '#/components/schemas/LogGroupIdentifier' + - description: '

Specify either the name or ARN of the log group to view. If the log group is in a source account and you are using a monitoring account, you must specify the ARN.

You must include either logGroupIdentifier or logGroupName, but not both.

' + GetLogRecordResponse: + type: object + properties: + logRecord: + allOf: + - $ref: '#/components/schemas/LogRecord' + - description: 'The requested log event, as a JSON string.' + GetLogRecordRequest: + type: object + required: + - logRecordPointer + title: GetLogRecordRequest + properties: + logRecordPointer: + allOf: + - $ref: '#/components/schemas/LogRecordPointer' + - description: 'The pointer corresponding to the log event record you want to retrieve. You get this from the response of a GetQueryResults operation. In that response, the value of the @ptr field for a log event is the value to use as logRecordPointer to retrieve that complete log event record.' + unmask: + allOf: + - $ref: '#/components/schemas/Unmask' + - description: '

Specify true to display the log event fields with all sensitive data unmasked and visible. The default is false.

To use this operation with this parameter, you must be signed into an account with the logs:Unmask permission.

' + GetQueryResultsResponse: + type: object + properties: + results: + allOf: + - $ref: '#/components/schemas/QueryResults' + - description:

The log events that matched the query criteria during the most recent time it ran.

The results value is an array of arrays. Each log event is one object in the top-level array. Each of these log event objects is an array of field/value pairs.

+ statistics: + allOf: + - $ref: '#/components/schemas/QueryStatistics' + - description: 'Includes the number of log events scanned by the query, the number of log events that matched the query criteria, and the total number of bytes in the log events that were scanned. These values reflect the full raw results of the query.' + status: + allOf: + - $ref: '#/components/schemas/QueryStatus' + - description: '

The status of the most recent running of the query. Possible values are Cancelled, Complete, Failed, Running, Scheduled, Timeout, and Unknown.

Queries time out after 15 minutes of runtime. To avoid having your queries time out, reduce the time range being searched or partition your query into a number of queries.

' + GetQueryResultsRequest: + type: object + required: + - queryId + title: GetQueryResultsRequest + properties: + queryId: + allOf: + - $ref: '#/components/schemas/QueryId' + - description: The ID number of the query. + ListTagsForResourceResponse: + type: object + properties: + tags: + allOf: + - $ref: '#/components/schemas/Tags' + - description: The list of tags associated with the requested resource.> + ListTagsForResourceRequest: + type: object + required: + - resourceArn + title: ListTagsForResourceRequest + properties: + resourceArn: + allOf: + - $ref: '#/components/schemas/AmazonResourceName' + - description: '

The ARN of the resource that you want to view tags for.

The ARN format of a log group is arn:aws:logs:Region:account-id:log-group:log-group-name

The ARN format of a destination is arn:aws:logs:Region:account-id:destination:destination-name

For more information about ARN format, see CloudWatch Logs resources and operations.

' + ListTagsLogGroupResponse: + type: object + deprecated: true + properties: + tags: + allOf: + - $ref: '#/components/schemas/Tags' + - description: The tags for the log group. + description: Please use the generic tagging API model ListTagsForResourceRequest and ListTagsForResourceResponse + ListTagsLogGroupRequest: + type: object + required: + - logGroupName + deprecated: true + title: ListTagsLogGroupRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + description: Please use the generic tagging API model ListTagsForResourceRequest and ListTagsForResourceResponse + PutDataProtectionPolicyResponse: + type: object + properties: + logGroupIdentifier: + allOf: + - $ref: '#/components/schemas/LogGroupIdentifier' + - description: The log group name or ARN that you specified in your request. + policyDocument: + allOf: + - $ref: '#/components/schemas/DataProtectionPolicyDocument' + - description: The data protection policy used for this log group. + lastUpdatedTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: The date and time that this policy was most recently updated. + PutDataProtectionPolicyRequest: + type: object + required: + - logGroupIdentifier + - policyDocument + title: PutDataProtectionPolicyRequest + properties: + logGroupIdentifier: + allOf: + - $ref: '#/components/schemas/LogGroupIdentifier' + - description: Specify either the log group name or log group ARN. + policyDocument: + allOf: + - $ref: '#/components/schemas/DataProtectionPolicyDocument' + - description: '

Specify the data protection policy, in JSON.

This policy must include two JSON blocks:

For an example data protection policy, see the Examples section on this page.

The contents of two DataIdentifer arrays must match exactly.

' + PutDestinationResponse: + type: object + properties: + destination: + allOf: + - $ref: '#/components/schemas/Destination' + - description: The destination. + PutDestinationRequest: + type: object + required: + - destinationName + - targetArn + - roleArn + title: PutDestinationRequest + properties: + destinationName: + allOf: + - $ref: '#/components/schemas/DestinationName' + - description: A name for the destination. + targetArn: + allOf: + - $ref: '#/components/schemas/TargetArn' + - description: The ARN of an Amazon Kinesis stream to which to deliver matching log events. + roleArn: + allOf: + - $ref: '#/components/schemas/RoleArn' + - description: The ARN of an IAM role that grants CloudWatch Logs permissions to call the Amazon Kinesis PutRecord operation on the destination stream. + tags: + allOf: + - $ref: '#/components/schemas/Tags' + - description: '

An optional list of key-value pairs to associate with the resource.

For more information about tagging, see Tagging Amazon Web Services resources

' + PutDestinationPolicyRequest: + type: object + required: + - destinationName + - accessPolicy + title: PutDestinationPolicyRequest + properties: + destinationName: + allOf: + - $ref: '#/components/schemas/DestinationName' + - description: A name for an existing destination. + accessPolicy: + allOf: + - $ref: '#/components/schemas/AccessPolicy' + - description: An IAM policy document that authorizes cross-account users to deliver their log events to the associated destination. This can be up to 5120 bytes. + forceUpdate: + allOf: + - $ref: '#/components/schemas/ForceUpdate' + - description: '

Specify true if you are updating an existing destination policy to grant permission to an organization ID instead of granting permission to individual AWS accounts. Before you update a destination policy this way, you must first update the subscription filters in the accounts that send logs to this destination. If you do not, the subscription filters might stop working. By specifying true for forceUpdate, you are affirming that you have already updated the subscription filters. For more information, see Updating an existing cross-account subscription

If you omit this parameter, the default of false is used.

' + PutLogEventsResponse: + type: object + properties: + nextSequenceToken: + allOf: + - $ref: '#/components/schemas/SequenceToken' + - description:

The next sequence token.

This field has been deprecated.

The sequence token is now ignored in PutLogEvents actions. PutLogEvents actions are always accepted even if the sequence token is not valid. You can use parallel PutLogEvents actions on the same log stream and you do not need to wait for the response of a previous PutLogEvents action to obtain the nextSequenceToken value.

 + rejectedLogEventsInfo: + allOf: + - $ref: '#/components/schemas/RejectedLogEventsInfo' + - description: The rejected events. + PutLogEventsRequest: + type: object + required: + - logGroupName + - logStreamName + - logEvents + title: PutLogEventsRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + logStreamName: + allOf: + - $ref: '#/components/schemas/LogStreamName' + - description: The name of the log stream. + logEvents: + allOf: + - $ref: '#/components/schemas/InputLogEvents' + - description: The log events. + sequenceToken: + allOf: + - $ref: '#/components/schemas/SequenceToken' + - description:

The sequence token obtained from the response of the previous PutLogEvents call.

The sequenceToken parameter is now ignored in PutLogEvents actions. PutLogEvents actions are now accepted and never return InvalidSequenceTokenException or DataAlreadyAcceptedException even if the sequence token is not valid.

 + InvalidSequenceTokenException: {} + DataAlreadyAcceptedException: {} + UnrecognizedClientException: {} + PutMetricFilterRequest: + type: object + required: + - logGroupName + - filterName + - filterPattern + - metricTransformations + title: PutMetricFilterRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + filterName: + allOf: + - $ref: '#/components/schemas/FilterName' + - description: A name for the metric filter. + filterPattern: + allOf: + - $ref: '#/components/schemas/FilterPattern' + - description: A filter pattern for extracting metric data out of ingested log events. + metricTransformations: + allOf: + - $ref: '#/components/schemas/MetricTransformations' + - description: A collection of information that defines how metric data gets emitted. + PutQueryDefinitionResponse: + type: object + properties: + queryDefinitionId: + allOf: + - $ref: '#/components/schemas/QueryId' + - description: The ID of the query definition. + PutQueryDefinitionRequest: + type: object + required: + - name + - queryString + title: PutQueryDefinitionRequest + properties: + name: + allOf: + - $ref: '#/components/schemas/QueryDefinitionName' + - description: 'A name for the query definition. If you are saving numerous query definitions, we recommend that you name them. This way, you can find the ones you want by using the first part of the name as a filter in the queryDefinitionNamePrefix parameter of DescribeQueryDefinitions.' + queryDefinitionId: + allOf: + - $ref: '#/components/schemas/QueryId' + - description: '

If you are updating a query definition, use this parameter to specify the ID of the query definition that you want to update. You can use DescribeQueryDefinitions to retrieve the IDs of your saved query definitions.

If you are creating a query definition, do not specify this parameter. CloudWatch generates a unique ID for the new query definition and include it in the response to this operation.

' + logGroupNames: + allOf: + - $ref: '#/components/schemas/LogGroupNames' + - description: '

Use this parameter to include specific log groups as part of your query definition.

If you are updating a query definition and you omit this parameter, then the updated definition will contain no log groups.

' + queryString: + allOf: + - $ref: '#/components/schemas/QueryDefinitionString' + - description: 'The query string to use for this definition. For more information, see CloudWatch Logs Insights Query Syntax.' + PutResourcePolicyResponse: + type: object + properties: + resourcePolicy: + allOf: + - $ref: '#/components/schemas/ResourcePolicy' + - description: The new policy. + PutResourcePolicyRequest: + type: object + title: PutResourcePolicyRequest + properties: + policyName: + allOf: + - $ref: '#/components/schemas/PolicyName' + - description: Name of the new policy. This parameter is required. + policyDocument: + allOf: + - $ref: '#/components/schemas/PolicyDocument' + - description: "

Details of the new policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. This parameter is required.

The following example creates a resource policy enabling the Route 53 service to put DNS query logs in to the specified log group. Replace \"logArn\" with the ARN of your CloudWatch Logs resource, such as a log group or log stream.

CloudWatch Logs also supports aws:SourceArn and aws:SourceAccount condition context keys.

In the example resource policy, you would replace the value of SourceArn with the resource making the call from Route\_53 to CloudWatch Logs. You would also replace the value of SourceAccount with the Amazon Web Services account ID making that call.

{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"Route53LogsToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"route53.amazonaws.com\" ] }, \"Action\": \"logs:PutLogEvents\", \"Resource\": \"logArn\", \"Condition\": { \"ArnLike\": { \"aws:SourceArn\": \"myRoute53ResourceArn\" }, \"StringEquals\": { \"aws:SourceAccount\": \"myAwsAccountId\" } } } ] }

" + PutRetentionPolicyRequest: + type: object + required: + - logGroupName + - retentionInDays + title: PutRetentionPolicyRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + retentionInDays: + $ref: '#/components/schemas/Days' + PutSubscriptionFilterRequest: + type: object + required: + - logGroupName + - filterName + - filterPattern + - destinationArn + title: PutSubscriptionFilterRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + filterName: + allOf: + - $ref: '#/components/schemas/FilterName' + - description: 'A name for the subscription filter. If you are updating an existing filter, you must specify the correct name in filterName. To find the name of the filter currently associated with a log group, use DescribeSubscriptionFilters.' + filterPattern: + allOf: + - $ref: '#/components/schemas/FilterPattern' + - description: A filter pattern for subscribing to a filtered stream of log events. + destinationArn: + allOf: + - $ref: '#/components/schemas/DestinationArn' + - description: '

The ARN of the destination to deliver matching log events to. Currently, the supported destinations are:

' + roleArn: + allOf: + - $ref: '#/components/schemas/RoleArn' + - description: The ARN of an IAM role that grants CloudWatch Logs permissions to deliver ingested log events to the destination stream. You don't need to provide the ARN when you are working with a logical destination for cross-account delivery. + distribution: + allOf: + - $ref: '#/components/schemas/Distribution' + - description: 'The method used to distribute log data to the destination. By default, log data is grouped by log stream, but the grouping can be set to random for a more even distribution. This property is only applicable when the destination is an Amazon Kinesis data stream. ' + StartQueryResponse: + type: object + properties: + queryId: + allOf: + - $ref: '#/components/schemas/QueryId' + - description: 'The unique ID of the query. ' + StartQueryRequest: + type: object + required: + - startTime + - endTime + - queryString + title: StartQueryRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: '

The log group on which to perform the query.

A StartQuery operation must include exactly one of the following parameters: logGroupName, logGroupNames or logGroupIdentifiers.

' + logGroupNames: + allOf: + - $ref: '#/components/schemas/LogGroupNames' + - description: '

The list of log groups to be queried. You can include up to 50 log groups.

A StartQuery operation must include exactly one of the following parameters: logGroupName, logGroupNames or logGroupIdentifiers.

' + logGroupIdentifiers: + allOf: + - $ref: '#/components/schemas/LogGroupIdentifiers' + - description: '

The list of log groups to query. You can include up to 50 log groups.

You can specify them by the log group name or ARN. If a log group that you''re querying is in a source account and you''re using a monitoring account, you must specify the ARN of the log group here. The query definition must also be defined in the monitoring account.

If you specify an ARN, the ARN can''t end with an asterisk (*).

A StartQuery operation must include exactly one of the following parameters: logGroupName, logGroupNames or logGroupIdentifiers.

' + startTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The beginning of the time range to query. The range is inclusive, so the specified start time is included in the query. Specified as epoch time, the number of seconds since January 1, 1970, 00:00:00 UTC.' + endTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The end of the time range to query. The range is inclusive, so the specified end time is included in the query. Specified as epoch time, the number of seconds since January 1, 1970, 00:00:00 UTC.' + queryString: + allOf: + - $ref: '#/components/schemas/QueryString' + - description: 'The query string to use. For more information, see CloudWatch Logs Insights Query Syntax.' + limit: + allOf: + - $ref: '#/components/schemas/EventsLimit' + - description: 'The maximum number of log events to return in the query. If the query string uses the fields command, only the specified fields and their values are returned. The default is 1000.' + MalformedQueryException: {} + StopQueryResponse: + type: object + properties: + success: + allOf: + - $ref: '#/components/schemas/Success' + - description: This is true if the query was stopped by the StopQuery operation. + StopQueryRequest: + type: object + required: + - queryId + title: StopQueryRequest + properties: + queryId: + allOf: + - $ref: '#/components/schemas/QueryId' + - description: 'The ID number of the query to stop. To find this ID number, use DescribeQueries.' + TagLogGroupRequest: + type: object + required: + - logGroupName + - tags + deprecated: true + title: TagLogGroupRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + tags: + allOf: + - $ref: '#/components/schemas/Tags' + - description: The key-value pairs to use for the tags. + description: Please use the generic tagging API model TagResourceRequest + TagResourceRequest: + type: object + required: + - resourceArn + - tags + title: TagResourceRequest + properties: + resourceArn: + allOf: + - $ref: '#/components/schemas/AmazonResourceName' + - description: '

The ARN of the resource that you''re adding tags to.

The ARN format of a log group is arn:aws:logs:Region:account-id:log-group:log-group-name

The ARN format of a destination is arn:aws:logs:Region:account-id:destination:destination-name

For more information about ARN format, see CloudWatch Logs resources and operations.

' + tags: + allOf: + - $ref: '#/components/schemas/Tags' + - description: The list of key-value pairs to associate with the resource. + TooManyTagsException: {} + TestMetricFilterResponse: + type: object + properties: + matches: + allOf: + - $ref: '#/components/schemas/MetricFilterMatches' + - description: The matched events. + TestMetricFilterRequest: + type: object + required: + - filterPattern + - logEventMessages + title: TestMetricFilterRequest + properties: + filterPattern: + $ref: '#/components/schemas/FilterPattern' + logEventMessages: + allOf: + - $ref: '#/components/schemas/TestEventMessages' + - description: The log event messages to test. + UntagLogGroupRequest: + type: object + required: + - logGroupName + - tags + deprecated: true + title: UntagLogGroupRequest + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + tags: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tag keys. The corresponding tags are removed from the log group. + description: Please use the generic tagging API model UntagResourceRequest + UntagResourceRequest: + type: object + required: + - resourceArn + - tagKeys + title: UntagResourceRequest + properties: + resourceArn: + allOf: + - $ref: '#/components/schemas/AmazonResourceName' + - description: '

The ARN of the CloudWatch Logs resource that you''re removing tags from.

The ARN format of a log group is arn:aws:logs:Region:account-id:log-group:log-group-name

The ARN format of a destination is arn:aws:logs:Region:account-id:destination:destination-name

For more information about ARN format, see CloudWatch Logs resources and operations.

' + tagKeys: + allOf: + - $ref: '#/components/schemas/TagKeyList' + - description: The list of tag keys to remove from the resource. + AccessPolicy: + type: string + minLength: 1 + AccountId: + type: string + pattern: '^\d{12}$' + minLength: 12 + maxLength: 12 + AccountIds: + type: array + items: + $ref: '#/components/schemas/AccountId' + minItems: 0 + maxItems: 20 + AmazonResourceName: + type: string + pattern: '[\w+=/:,.@-]*' + minLength: 1 + maxLength: 1011 + Arn: + type: string + LogGroupName: + type: string + pattern: '[\.\-_/#A-Za-z0-9]+' + minLength: 1 + maxLength: 512 + KmsKeyId: + type: string + maxLength: 256 + ExportTaskId: + type: string + minLength: 1 + maxLength: 512 + ExportTaskName: + type: string + minLength: 1 + maxLength: 512 + LogStreamName: + type: string + pattern: '[^:*]*' + minLength: 1 + maxLength: 512 + Timestamp: + type: number + minimum: 0 + ExportDestinationBucket: + type: string + minLength: 1 + maxLength: 512 + ExportDestinationPrefix: + type: string + Tags: + type: object + minProperties: 1 + maxProperties: 50 + additionalProperties: + $ref: '#/components/schemas/TagValue' + DataProtectionPolicyDocument: + type: string + DataProtectionStatus: + type: string + enum: + - ACTIVATED + - DELETED + - ARCHIVED + - DISABLED + Days: + type: integer + description: '

The number of days to retain the log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, and 3653.

To set a log group so that its log events do not expire, use DeleteRetentionPolicy.

' + DefaultValue: + type: number + format: double + LogGroupIdentifier: + type: string + pattern: '[\w#+=/:,.@-]*' + minLength: 1 + maxLength: 2048 + DestinationName: + type: string + pattern: '[^:*]*' + minLength: 1 + maxLength: 512 + FilterName: + type: string + pattern: '[^:*]*' + minLength: 1 + maxLength: 512 + QueryId: + type: string + minLength: 0 + maxLength: 256 + Success: + type: boolean + PolicyName: + type: string + Descending: + type: boolean + NextToken: + type: string + description: The token for the next set of items to return. The token expires after 24 hours. + minLength: 1 + DescribeLimit: + type: integer + minimum: 1 + maximum: 50 + Destinations: + type: array + items: + $ref: '#/components/schemas/Destination' + ExportTaskStatusCode: + type: string + enum: + - CANCELLED + - COMPLETED + - FAILED + - PENDING + - PENDING_CANCEL + - RUNNING + ExportTasks: + type: array + items: + $ref: '#/components/schemas/ExportTask' + LogGroupNamePattern: + type: string + pattern: '[\.\-_/#A-Za-z0-9]*' + minLength: 0 + maxLength: 512 + IncludeLinkedAccounts: + type: boolean + LogGroups: + type: array + items: + $ref: '#/components/schemas/LogGroup' + OrderBy: + type: string + enum: + - LogStreamName + - LastEventTime + LogStreams: + type: array + items: + $ref: '#/components/schemas/LogStream' + MetricName: + type: string + pattern: '[^:*$]*' + description: 'The name of the CloudWatch metric to which the monitored log information should be published. For example, you might publish to a metric named ErrorCount.' + maxLength: 255 + MetricNamespace: + type: string + pattern: '[^:*$]*' + maxLength: 255 + MetricFilters: + type: array + items: + $ref: '#/components/schemas/MetricFilter' + DescribeQueriesMaxResults: + type: integer + minimum: 1 + maximum: 1000 + QueryStatus: + type: string + enum: + - Scheduled + - Running + - Complete + - Failed + - Cancelled + - Timeout + - Unknown + QueryInfoList: + type: array + items: + $ref: '#/components/schemas/QueryInfo' + QueryDefinitionName: + type: string + minLength: 1 + maxLength: 255 + QueryListMaxResults: + type: integer + minimum: 1 + maximum: 1000 + QueryDefinitionList: + type: array + items: + $ref: '#/components/schemas/QueryDefinition' + ResourcePolicies: + type: array + items: + $ref: '#/components/schemas/ResourcePolicy' + SubscriptionFilters: + type: array + items: + $ref: '#/components/schemas/SubscriptionFilter' + TargetArn: + type: string + minLength: 1 + RoleArn: + type: string + minLength: 1 + Destination: + type: object + properties: + destinationName: + allOf: + - $ref: '#/components/schemas/DestinationName' + - description: The name of the destination. + targetArn: + allOf: + - $ref: '#/components/schemas/TargetArn' + - description: 'The Amazon Resource Name (ARN) of the physical target where the log events are delivered (for example, a Kinesis stream).' + roleArn: + allOf: + - $ref: '#/components/schemas/RoleArn' + - description: 'A role for impersonation, used when delivering log events to the target.' + accessPolicy: + allOf: + - $ref: '#/components/schemas/AccessPolicy' + - description: An IAM policy document that governs which Amazon Web Services accounts can create subscription filters against this destination. + arn: + allOf: + - $ref: '#/components/schemas/Arn' + - description: The ARN of this destination. + creationTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The creation time of the destination, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.' + description: Represents a cross-account destination that receives subscription log events. + DestinationArn: + type: string + minLength: 1 + DimensionsValue: + type: string + maxLength: 255 + Dimensions: + type: object + additionalProperties: + $ref: '#/components/schemas/DimensionsValue' + DimensionsKey: + type: string + maxLength: 255 + Distribution: + type: string + enum: + - Random + - ByLogStream + description: 'The method used to distribute log data to the destination, which can be either random or grouped by log stream.' + EventId: + type: string + EventMessage: + type: string + minLength: 1 + EventNumber: + type: integer + EventsLimit: + type: integer + minimum: 1 + maximum: 10000 + ExportTaskStatus: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/ExportTaskStatusCode' + - description: The status code of the export task. + message: + allOf: + - $ref: '#/components/schemas/ExportTaskStatusMessage' + - description: The status message related to the status code. + description: Represents the status of an export task. + ExportTaskExecutionInfo: + type: object + properties: + creationTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The creation time of the export task, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.' + completionTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The completion time of the export task, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.' + description: Represents the status of an export task. + ExportTask: + type: object + properties: + taskId: + allOf: + - $ref: '#/components/schemas/ExportTaskId' + - description: The ID of the export task. + taskName: + allOf: + - $ref: '#/components/schemas/ExportTaskName' + - description: The name of the export task. + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group from which logs data was exported. + from: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The start time, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. Events with a timestamp before this time are not exported.' + to: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The end time, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. Events with a timestamp later than this time are not exported.' + destination: + allOf: + - $ref: '#/components/schemas/ExportDestinationBucket' + - description: The name of the S3 bucket to which the log data was exported. + destinationPrefix: + allOf: + - $ref: '#/components/schemas/ExportDestinationPrefix' + - description: The prefix that was used as the start of Amazon S3 key for every object exported. + status: + allOf: + - $ref: '#/components/schemas/ExportTaskStatus' + - description: The status of the export task. + executionInfo: + allOf: + - $ref: '#/components/schemas/ExportTaskExecutionInfo' + - description: Execution information about the export task. + description: Represents an export task. + ExportTaskStatusMessage: + type: string + Value: + type: string + ExtractedValues: + type: object + additionalProperties: + $ref: '#/components/schemas/Value' + Field: + type: string + FilterCount: + type: integer + InputLogStreamNames: + type: array + items: + $ref: '#/components/schemas/LogStreamName' + minItems: 1 + maxItems: 100 + FilterPattern: + type: string + description: 'A symbolic description of how CloudWatch Logs should interpret the data in each log event. For example, a log event can contain timestamps, IP addresses, strings, and so on. You use the filter pattern to specify what to look for in the log event message.' + minLength: 0 + maxLength: 1024 + Interleaved: + type: boolean + Unmask: + type: boolean + FilteredLogEvents: + type: array + items: + $ref: '#/components/schemas/FilteredLogEvent' + SearchedLogStreams: + type: array + items: + $ref: '#/components/schemas/SearchedLogStream' + FilteredLogEvent: + type: object + properties: + logStreamName: + allOf: + - $ref: '#/components/schemas/LogStreamName' + - description: The name of the log stream to which this event belongs. + timestamp: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The time the event occurred, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.' + message: + allOf: + - $ref: '#/components/schemas/EventMessage' + - description: The data contained in the log event. + ingestionTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The time the event was ingested, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.' + eventId: + allOf: + - $ref: '#/components/schemas/EventId' + - description: The ID of the event. + description: Represents a matched event. + ForceUpdate: + type: boolean + StartFromHead: + type: boolean + OutputLogEvents: + type: array + items: + $ref: '#/components/schemas/OutputLogEvent' + LogGroupFieldList: + type: array + items: + $ref: '#/components/schemas/LogGroupField' + LogRecordPointer: + type: string + LogRecord: + type: object + additionalProperties: + $ref: '#/components/schemas/Value' + QueryResults: + type: array + items: + $ref: '#/components/schemas/ResultRows' + QueryStatistics: + type: object + properties: + recordsMatched: + allOf: + - $ref: '#/components/schemas/StatsValue' + - description: The number of log events that matched the query string. + recordsScanned: + allOf: + - $ref: '#/components/schemas/StatsValue' + - description: The total number of log events scanned during the query. + bytesScanned: + allOf: + - $ref: '#/components/schemas/StatsValue' + - description: The total number of bytes in the log events scanned during the query. + description: 'Contains the number of log events scanned by the query, the number of log events that matched the query criteria, and the total number of bytes in the log events that were scanned.' + InputLogEvent: + type: object + required: + - timestamp + - message + properties: + timestamp: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The time the event occurred, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.' + message: + allOf: + - $ref: '#/components/schemas/EventMessage' + - description: The raw event message. + description: 'Represents a log event, which is a record of activity that was recorded by the application or resource being monitored.' + InputLogEvents: + type: array + items: + $ref: '#/components/schemas/InputLogEvent' + minItems: 1 + maxItems: 10000 + LogEventIndex: + type: integer + StoredBytes: + type: integer + minimum: 0 + LogGroup: + type: object + properties: + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + creationTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The creation time of the log group, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.' + retentionInDays: + $ref: '#/components/schemas/Days' + metricFilterCount: + allOf: + - $ref: '#/components/schemas/FilterCount' + - description: The number of metric filters. + arn: + allOf: + - $ref: '#/components/schemas/Arn' + - description: The Amazon Resource Name (ARN) of the log group. + storedBytes: + allOf: + - $ref: '#/components/schemas/StoredBytes' + - description: The number of bytes stored. + kmsKeyId: + allOf: + - $ref: '#/components/schemas/KmsKeyId' + - description: The Amazon Resource Name (ARN) of the KMS key to use when encrypting log data. + dataProtectionStatus: + allOf: + - $ref: '#/components/schemas/DataProtectionStatus' + - description: 'Displays whether this log group has a protection policy, or whether it had one in the past. For more information, see PutDataProtectionPolicy.' + description: Represents a log group. + Percentage: + type: integer + minimum: 0 + maximum: 100 + LogGroupField: + type: object + properties: + name: + allOf: + - $ref: '#/components/schemas/Field' + - description: The name of a log field. + percent: + allOf: + - $ref: '#/components/schemas/Percentage' + - description: The percentage of log events queried that contained the field. + description: 'The fields contained in log events found by a GetLogGroupFields operation, along with the percentage of queried log events in which each field appears.' + LogGroupIdentifiers: + type: array + items: + $ref: '#/components/schemas/LogGroupIdentifier' + LogGroupNames: + type: array + items: + $ref: '#/components/schemas/LogGroupName' + SequenceToken: + type: string + minLength: 1 + LogStream: + type: object + properties: + logStreamName: + allOf: + - $ref: '#/components/schemas/LogStreamName' + - description: The name of the log stream. + creationTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The creation time of the stream, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.' + firstEventTimestamp: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The time of the first event, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.' + lastEventTimestamp: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The time of the most recent log event in the log stream in CloudWatch Logs. This number is expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. The lastEventTime value updates on an eventual consistency basis. It typically updates in less than an hour from ingestion, but in rare situations might take longer.' + lastIngestionTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The ingestion time, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC The lastIngestionTime value updates on an eventual consistency basis. It typically updates in less than an hour after ingestion, but in rare situations might take longer.' + uploadSequenceToken: + allOf: + - $ref: '#/components/schemas/SequenceToken' + - description:

The sequence token.

The sequence token is now ignored in PutLogEvents actions. PutLogEvents actions are always accepted regardless of receiving an invalid sequence token. You don't need to obtain uploadSequenceToken to use a PutLogEvents action.

 + arn: + allOf: + - $ref: '#/components/schemas/Arn' + - description: The Amazon Resource Name (ARN) of the log stream. + storedBytes: + allOf: + - $ref: '#/components/schemas/StoredBytes' + - deprecated: true + description: '

The number of bytes stored.

Important: As of June 17, 2019, this parameter is no longer supported for log streams, and is always reported as zero. This change applies only to log streams. The storedBytes parameter for log groups is not affected.

Starting on June 17, 2019, this parameter will be deprecated for log streams, and will be reported as zero. This change applies only to log streams. The storedBytes parameter for log groups is not affected.' + description: 'Represents a log stream, which is a sequence of log events from a single emitter of logs.' + LogStreamSearchedCompletely: + type: boolean + MetricTransformations: + type: array + items: + $ref: '#/components/schemas/MetricTransformation' + minItems: 1 + maxItems: 1 + MetricFilter: + type: object + properties: + filterName: + allOf: + - $ref: '#/components/schemas/FilterName' + - description: The name of the metric filter. + filterPattern: + $ref: '#/components/schemas/FilterPattern' + metricTransformations: + allOf: + - $ref: '#/components/schemas/MetricTransformations' + - description: The metric transformations. + creationTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The creation time of the metric filter, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.' + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + description: Metric filters express how CloudWatch Logs would extract metric observations from ingested log events and transform them into metric data in a CloudWatch metric. + MetricFilterMatchRecord: + type: object + properties: + eventNumber: + allOf: + - $ref: '#/components/schemas/EventNumber' + - description: The event number. + eventMessage: + allOf: + - $ref: '#/components/schemas/EventMessage' + - description: The raw event data. + extractedValues: + allOf: + - $ref: '#/components/schemas/ExtractedValues' + - description: The values extracted from the event data by the filter. + description: Represents a matched event. + MetricFilterMatches: + type: array + items: + $ref: '#/components/schemas/MetricFilterMatchRecord' + MetricValue: + type: string + description: 'The value to publish to the CloudWatch metric. For example, if you''re counting the occurrences of a term like Error, the value is 1 for each occurrence. If you''re counting the bytes transferred, the value is the value in the log event.' + maxLength: 100 + StandardUnit: + type: string + enum: + - Seconds + - Microseconds + - Milliseconds + - Bytes + - Kilobytes + - Megabytes + - Gigabytes + - Terabytes + - Bits + - Kilobits + - Megabits + - Gigabits + - Terabits + - Percent + - Count + - Bytes/Second + - Kilobytes/Second + - Megabytes/Second + - Gigabytes/Second + - Terabytes/Second + - Bits/Second + - Kilobits/Second + - Megabits/Second + - Gigabits/Second + - Terabits/Second + - Count/Second + - None + MetricTransformation: + type: object + required: + - metricName + - metricNamespace + - metricValue + properties: + metricName: + allOf: + - $ref: '#/components/schemas/MetricName' + - description: The name of the CloudWatch metric. + metricNamespace: + allOf: + - $ref: '#/components/schemas/MetricNamespace' + - description: 'A custom namespace to contain your metric in CloudWatch. Use namespaces to group together metrics that are similar. For more information, see Namespaces.' + metricValue: + allOf: + - $ref: '#/components/schemas/MetricValue' + - description: The value to publish to the CloudWatch metric when a filter pattern matches a log event. + defaultValue: + allOf: + - $ref: '#/components/schemas/DefaultValue' + - description: (Optional) The value to emit when a filter pattern does not match a log event. This value can be null. + dimensions: + allOf: + - $ref: '#/components/schemas/Dimensions' + - description: '

The fields to use as dimensions for the metric. One metric filter can include as many as three dimensions.

Metrics extracted from log events are charged as custom metrics. To prevent unexpected high charges, do not specify high-cardinality fields such as IPAddress or requestID as dimensions. Each different value found for a dimension is treated as a separate metric and accrues charges as a separate custom metric.

CloudWatch Logs disables a metric filter if it generates 1000 different name/value pairs for your specified dimensions within a certain amount of time. This helps to prevent accidental high charges.

You can also set up a billing alarm to alert you if your charges are higher than expected. For more information, see Creating a Billing Alarm to Monitor Your Estimated Amazon Web Services Charges.

' + unit: + allOf: + - $ref: '#/components/schemas/StandardUnit' + - description: 'The unit to assign to the metric. If you omit this, the unit is set as None.' + description: Indicates how to transform ingested log events to metric data in a CloudWatch metric. + OutputLogEvent: + type: object + properties: + timestamp: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The time the event occurred, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.' + message: + allOf: + - $ref: '#/components/schemas/EventMessage' + - description: The data contained in the log event. + ingestionTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The time the event was ingested, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.' + description: Represents a log event. + PolicyDocument: + type: string + minLength: 1 + maxLength: 5120 + RejectedLogEventsInfo: + type: object + properties: + tooNewLogEventStartIndex: + allOf: + - $ref: '#/components/schemas/LogEventIndex' + - description: The log events that are too new. + tooOldLogEventEndIndex: + allOf: + - $ref: '#/components/schemas/LogEventIndex' + - description: The log events that are dated too far in the past. + expiredLogEventEndIndex: + allOf: + - $ref: '#/components/schemas/LogEventIndex' + - description: The expired log events. + description: Represents the rejected events. + QueryDefinitionString: + type: string + minLength: 1 + maxLength: 10000 + ResourcePolicy: + type: object + properties: + policyName: + allOf: + - $ref: '#/components/schemas/PolicyName' + - description: The name of the resource policy. + policyDocument: + allOf: + - $ref: '#/components/schemas/PolicyDocument' + - description: The details of the policy. + lastUpdatedTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'Timestamp showing when this policy was last updated, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.' + description: A policy enabling one or more entities to put logs to a log group in this account. + QueryDefinition: + type: object + properties: + queryDefinitionId: + allOf: + - $ref: '#/components/schemas/QueryId' + - description: The unique ID of the query definition. + name: + allOf: + - $ref: '#/components/schemas/QueryDefinitionName' + - description: The name of the query definition. + queryString: + allOf: + - $ref: '#/components/schemas/QueryDefinitionString' + - description: 'The query string to use for this definition. For more information, see CloudWatch Logs Insights Query Syntax.' + lastModified: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: The date that the query definition was most recently modified. + logGroupNames: + allOf: + - $ref: '#/components/schemas/LogGroupNames' + - description: 'If this query definition contains a list of log groups that it is limited to, that list appears here.' + description: This structure contains details about a saved CloudWatch Logs Insights query definition. + QueryString: + type: string + minLength: 0 + maxLength: 10000 + QueryInfo: + type: object + properties: + queryId: + allOf: + - $ref: '#/components/schemas/QueryId' + - description: The unique ID number of this query. + queryString: + allOf: + - $ref: '#/components/schemas/QueryString' + - description: The query string used in this query. + status: + allOf: + - $ref: '#/components/schemas/QueryStatus' + - description: 'The status of this query. Possible values are Cancelled, Complete, Failed, Running, Scheduled, and Unknown.' + createTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: The date and time that this query was created. + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group scanned by this query. + description: 'Information about one CloudWatch Logs Insights query that matches the request in a DescribeQueries operation. ' + ResultRows: + type: array + items: + $ref: '#/components/schemas/ResultField' + StatsValue: + type: number + format: double + ResultField: + type: object + properties: + field: + allOf: + - $ref: '#/components/schemas/Field' + - description: The log event field. + value: + allOf: + - $ref: '#/components/schemas/Value' + - description: The value of this field. + description: '

Contains one field from one log event returned by a CloudWatch Logs Insights query, along with the value of that field.

For more information about the fields that are generated by CloudWatch logs, see Supported Logs and Discovered Fields.

' + SearchedLogStream: + type: object + properties: + logStreamName: + allOf: + - $ref: '#/components/schemas/LogStreamName' + - description: The name of the log stream. + searchedCompletely: + allOf: + - $ref: '#/components/schemas/LogStreamSearchedCompletely' + - description: Indicates whether all the events in this log stream were searched. + description: Represents the search status of a log stream. + SubscriptionFilter: + type: object + properties: + filterName: + allOf: + - $ref: '#/components/schemas/FilterName' + - description: The name of the subscription filter. + logGroupName: + allOf: + - $ref: '#/components/schemas/LogGroupName' + - description: The name of the log group. + filterPattern: + $ref: '#/components/schemas/FilterPattern' + destinationArn: + allOf: + - $ref: '#/components/schemas/DestinationArn' + - description: The Amazon Resource Name (ARN) of the destination. + roleArn: + allOf: + - $ref: '#/components/schemas/RoleArn' + - description:

+ distribution: + $ref: '#/components/schemas/Distribution' + creationTime: + allOf: + - $ref: '#/components/schemas/Timestamp' + - description: 'The creation time of the subscription filter, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.' + description: Represents a subscription filter. + TagKey: + type: string + pattern: '^([\p{L}\p{Z}\p{N}_.:/=+\-@]+)$' + minLength: 1 + maxLength: 128 + TagKeyList: + type: array + items: + $ref: '#/components/schemas/TagKey' + minItems: 0 + maxItems: 50 + TagList: + type: array + items: + $ref: '#/components/schemas/TagKey' + minItems: 1 + TagValue: + type: string + pattern: '^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$' + maxLength: 256 + TestEventMessages: + type: array + items: + $ref: '#/components/schemas/EventMessage' + minItems: 1 + maxItems: 50 + Token: + type: string + x-stackQL-resources: + log_events: + id: aws.cloudwatch_api.log_events + methods: + GetLogEvents: + operation: + $ref: '#/paths/~1/post' + request: + mediaType: application/json + response: + mediaType: application/json + # objectKey: /*/OutputLogEvents + objectKey: $.events + openAPIDocKey: '200' + name: log_events + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/log_events/methods/GetLogEvents' + update: [] + title: log_events +security: + - hmac: [] +x-stackQL-config: + # queryParamTranspose: + # algorithm: AWSCanonical + # requestTranslate: + # algorithm: get_query_to_post_form_utf_8 \ No newline at end of file diff --git a/providers/src/aws/v00.00.00000/services/ec2.yaml b/providers/src/aws/v00.00.00000/services/ec2.yaml index 0bf6354e..e59928ae 100644 --- a/providers/src/aws/v00.00.00000/services/ec2.yaml +++ b/providers/src/aws/v00.00.00000/services/ec2.yaml @@ -1,80193 +1,14780 @@ openapi: 3.0.0 info: - version: '2016-11-15' - x-release: v4 - title: Amazon Elastic Compute Cloud api - description: 'Amazon Elastic Compute Cloud

Amazon Elastic Compute Cloud (Amazon EC2) provides secure and resizable computing capacity in the Amazon Web Services Cloud. Using Amazon EC2 eliminates the need to invest in hardware up front, so you can develop and deploy applications faster. Amazon Virtual Private Cloud (Amazon VPC) enables you to provision a logically isolated section of the Amazon Web Services Cloud where you can launch Amazon Web Services resources in a virtual network that you''ve defined. Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for use with EC2 instances. EBS volumes are highly available and reliable storage volumes that can be attached to any running instance and used like a hard drive.

To learn more, see the following resources:

' - x-logo: - url: 'https://twitter.com/awscloud/profile_image?size=original' - backgroundColor: '#FFFFFF' - termsOfService: 'https://aws.amazon.com/service-terms/' - contact: - name: Mike Ralphson - email: mike.ralphson@gmail.com - url: 'https://github.com/mermade/aws2openapi' - x-twitter: PermittedSoc - license: - name: Apache 2.0 License - url: 'http://www.apache.org/licenses/' - x-providerName: amazonaws.com - x-serviceName: ec2 - x-origin: - - contentType: application/json - url: 'https://raw.githubusercontent.com/aws/aws-sdk-js/master/apis/ec2-2016-11-15.normal.json' - converter: - url: 'https://github.com/mermade/aws2openapi' - version: 1.0.0 - x-apisguru-driver: external - x-apiClientRegistration: - url: 'https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct' - x-apisguru-categories: - - cloud - x-preferred: true -externalDocs: - description: Amazon Web Services documentation - url: 'https://docs.aws.amazon.com/ec2/' -servers: - - url: 'https://ec2.{region}.amazonaws.com' - variables: - region: - description: The AWS region - enum: - - us-east-1 - - us-east-2 - - us-west-1 - - us-west-2 - - us-gov-west-1 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-southeast-1 - - ap-southeast-2 - - ap-east-1 - - ap-south-1 - - sa-east-1 - - me-south-1 - default: us-east-1 - description: The Amazon EC2 multi-region endpoint - - url: 'https://ec2.amazonaws.com' - variables: {} - description: The general Amazon EC2 endpoint for US East (N. Virginia) - - url: 'https://ec2.{region}.amazonaws.com.cn' - variables: - region: - description: The AWS region - enum: - - cn-north-1 - - cn-northwest-1 - default: cn-north-1 - description: The Amazon EC2 endpoint for China (Beijing) and China (Ningxia) -paths: - /?Action=AcceptReservedInstancesExchangeQuote&Version=2016-11-15: - get: - x-aws-operation-name: AcceptReservedInstancesExchangeQuote - operationId: GET_AcceptReservedInstancesExchangeQuote - description: Accepts the Convertible Reserved Instance exchange quote described in the GetReservedInstancesExchangeQuote call. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptReservedInstancesExchangeQuoteResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ReservedInstanceId - in: query - required: true - description: The IDs of the Convertible Reserved Instances to exchange for another Convertible Reserved Instance of the same or higher value. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservationId' - - xml: - name: ReservedInstanceId - - name: TargetConfiguration - in: query - required: false - description: The configuration of the target Convertible Reserved Instance to exchange for your current Convertible Reserved Instances. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TargetConfigurationRequest' - - xml: - name: TargetConfigurationRequest - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AcceptReservedInstancesExchangeQuote - operationId: POST_AcceptReservedInstancesExchangeQuote - description: Accepts the Convertible Reserved Instance exchange quote described in the GetReservedInstancesExchangeQuote call. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptReservedInstancesExchangeQuoteResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptReservedInstancesExchangeQuoteRequest' - parameters: [] - /?Action=AcceptTransitGatewayMulticastDomainAssociations&Version=2016-11-15: - get: - x-aws-operation-name: AcceptTransitGatewayMulticastDomainAssociations - operationId: GET_AcceptTransitGatewayMulticastDomainAssociations - description: Accepts a request to associate subnets with a transit gateway multicast domain. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptTransitGatewayMulticastDomainAssociationsResult' - parameters: - - name: TransitGatewayMulticastDomainId - in: query - required: false - description: The ID of the transit gateway multicast domain. - schema: - type: string - - name: TransitGatewayAttachmentId - in: query - required: false - description: The ID of the transit gateway attachment. - schema: - type: string - - name: SubnetIds - in: query - required: false - description: The IDs of the subnets to associate with the transit gateway multicast domain. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AcceptTransitGatewayMulticastDomainAssociations - operationId: POST_AcceptTransitGatewayMulticastDomainAssociations - description: Accepts a request to associate subnets with a transit gateway multicast domain. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptTransitGatewayMulticastDomainAssociationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptTransitGatewayMulticastDomainAssociationsRequest' - parameters: [] - /?Action=AcceptTransitGatewayPeeringAttachment&Version=2016-11-15: - get: - x-aws-operation-name: AcceptTransitGatewayPeeringAttachment - operationId: GET_AcceptTransitGatewayPeeringAttachment - description: Accepts a transit gateway peering attachment request. The peering attachment must be in the pendingAcceptance state. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptTransitGatewayPeeringAttachmentResult' - parameters: - - name: TransitGatewayAttachmentId - in: query - required: true - description: The ID of the transit gateway attachment. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AcceptTransitGatewayPeeringAttachment - operationId: POST_AcceptTransitGatewayPeeringAttachment - description: Accepts a transit gateway peering attachment request. The peering attachment must be in the pendingAcceptance state. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptTransitGatewayPeeringAttachmentResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptTransitGatewayPeeringAttachmentRequest' - parameters: [] - /?Action=AcceptTransitGatewayVpcAttachment&Version=2016-11-15: - get: - x-aws-operation-name: AcceptTransitGatewayVpcAttachment - operationId: GET_AcceptTransitGatewayVpcAttachment - description:

Accepts a request to attach a VPC to a transit gateway.

The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use RejectTransitGatewayVpcAttachment to reject a VPC attachment request.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptTransitGatewayVpcAttachmentResult' - parameters: - - name: TransitGatewayAttachmentId - in: query - required: true - description: The ID of the attachment. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AcceptTransitGatewayVpcAttachment - operationId: POST_AcceptTransitGatewayVpcAttachment - description:

Accepts a request to attach a VPC to a transit gateway.

The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use RejectTransitGatewayVpcAttachment to reject a VPC attachment request.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptTransitGatewayVpcAttachmentResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptTransitGatewayVpcAttachmentRequest' - parameters: [] - /?Action=AcceptVpcEndpointConnections&Version=2016-11-15: - get: - x-aws-operation-name: AcceptVpcEndpointConnections - operationId: GET_AcceptVpcEndpointConnections - description: Accepts one or more interface VPC endpoint connection requests to your VPC endpoint service. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptVpcEndpointConnectionsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ServiceId - in: query - required: true - description: The ID of the VPC endpoint service. - schema: - type: string - - name: VpcEndpointId - in: query - required: true - description: The IDs of one or more interface VPC endpoints. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcEndpointId' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AcceptVpcEndpointConnections - operationId: POST_AcceptVpcEndpointConnections - description: Accepts one or more interface VPC endpoint connection requests to your VPC endpoint service. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptVpcEndpointConnectionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptVpcEndpointConnectionsRequest' - parameters: [] - /?Action=AcceptVpcPeeringConnection&Version=2016-11-15: - get: - x-aws-operation-name: AcceptVpcPeeringConnection - operationId: GET_AcceptVpcPeeringConnection - description: '

Accept a VPC peering connection request. To accept a request, the VPC peering connection must be in the pending-acceptance state, and you must be the owner of the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding VPC peering connection requests.

For an inter-Region VPC peering connection request, you must accept the VPC peering connection in the Region of the accepter VPC.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptVpcPeeringConnectionResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcPeeringConnectionId - in: query - required: false - description: The ID of the VPC peering connection. You must specify this parameter in the request. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AcceptVpcPeeringConnection - operationId: POST_AcceptVpcPeeringConnection - description: '

Accept a VPC peering connection request. To accept a request, the VPC peering connection must be in the pending-acceptance state, and you must be the owner of the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding VPC peering connection requests.

For an inter-Region VPC peering connection request, you must accept the VPC peering connection in the Region of the accepter VPC.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptVpcPeeringConnectionResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AcceptVpcPeeringConnectionRequest' - parameters: [] - /?Action=AdvertiseByoipCidr&Version=2016-11-15: - get: - x-aws-operation-name: AdvertiseByoipCidr - operationId: GET_AdvertiseByoipCidr - description: '

Advertises an IPv4 or IPv6 address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).

You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.

We recommend that you stop advertising the BYOIP CIDR from other locations when you advertise it from Amazon Web Services. To minimize down time, you can configure your Amazon Web Services resources to use an address from a BYOIP CIDR before it is advertised, and then simultaneously stop advertising it from the current location and start advertising it through Amazon Web Services.

It can take a few minutes before traffic to the specified addresses starts routing to Amazon Web Services because of BGP propagation delays.

To stop advertising the BYOIP CIDR, use WithdrawByoipCidr.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AdvertiseByoipCidrResult' - parameters: - - name: Cidr - in: query - required: true - description: 'The address range, in CIDR notation. This must be the exact range that you provisioned. You can''t advertise only a portion of the provisioned range.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AdvertiseByoipCidr - operationId: POST_AdvertiseByoipCidr - description: '

Advertises an IPv4 or IPv6 address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).

You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.

We recommend that you stop advertising the BYOIP CIDR from other locations when you advertise it from Amazon Web Services. To minimize down time, you can configure your Amazon Web Services resources to use an address from a BYOIP CIDR before it is advertised, and then simultaneously stop advertising it from the current location and start advertising it through Amazon Web Services.

It can take a few minutes before traffic to the specified addresses starts routing to Amazon Web Services because of BGP propagation delays.

To stop advertising the BYOIP CIDR, use WithdrawByoipCidr.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AdvertiseByoipCidrResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AdvertiseByoipCidrRequest' - parameters: [] - /?Action=AllocateAddress&Version=2016-11-15: - get: - x-aws-operation-name: AllocateAddress - operationId: GET_AllocateAddress - description: '

Allocates an Elastic IP address to your Amazon Web Services account. After you allocate the Elastic IP address you can associate it with an instance or network interface. After you release an Elastic IP address, it is released to the IP address pool and can be allocated to a different Amazon Web Services account.

You can allocate an Elastic IP address from an address pool owned by Amazon Web Services or from an address pool created from a public IPv4 address range that you have brought to Amazon Web Services for use with your Amazon Web Services resources using bring your own IP addresses (BYOIP). For more information, see Bring Your Own IP Addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide.

[EC2-VPC] If you release an Elastic IP address, you might be able to recover it. You cannot recover an Elastic IP address that you released after it is allocated to another Amazon Web Services account. You cannot recover an Elastic IP address for EC2-Classic. To attempt to recover an Elastic IP address that you released, specify it in this operation.

An Elastic IP address is for use either in the EC2-Classic platform or in a VPC. By default, you can allocate 5 Elastic IP addresses for EC2-Classic per Region and 5 Elastic IP addresses for EC2-VPC per Region.

For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

You can allocate a carrier IP address which is a public IP address from a telecommunication carrier, to a network interface which resides in a subnet in a Wavelength Zone (for example an EC2 instance).

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AllocateAddressResult' - parameters: - - name: Domain - in: query - required: false - description: '

Indicates whether the Elastic IP address is for use with instances in a VPC or instances in EC2-Classic.

Default: If the Region supports EC2-Classic, the default is standard. Otherwise, the default is vpc.

' - schema: + title: EC2 + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + Value: + type: string + required: + - Value + - Key + TagSpecification: + description: |- + Specifies the tags to apply to a resource when the resource is created for the launch template. + ``TagSpecification`` is a property type of [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications). [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications) is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + additionalProperties: false + type: object + properties: + ResourceType: + description: |- + The type of resource to tag. + Valid Values lists all resource types for Amazon EC2 that can be tagged. When you create a launch template, you can specify tags for the following resource types only: ``instance`` | ``volume`` | ``network-interface`` | ``spot-instances-request``. If the instance does not include the resource type that you specify, the instance launch fails. For example, not all instance types include a volume. + To tag a resource after it has been created, see [CreateTags](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html). + type: string + Tags: + uniqueItems: false + description: The tags to apply to the resource. + type: array + items: + $ref: '#/components/schemas/Tag' + CapacityReservation: + type: object + properties: + Tenancy: + type: string + EndDateType: + type: string + TagSpecifications: + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/TagSpecification' + AvailabilityZone: + type: string + TotalInstanceCount: + type: integer + EndDate: + type: string + EbsOptimized: + type: boolean + OutPostArn: + type: string + InstanceCount: + type: integer + PlacementGroupArn: + type: string + AvailableInstanceCount: + type: integer + InstancePlatform: + type: string + Id: + type: string + InstanceType: + type: string + EphemeralStorage: + type: boolean + InstanceMatchCriteria: + type: string + required: + - InstanceCount + - AvailabilityZone + - InstancePlatform + - InstanceType + x-stackql-resource-name: capacity_reservation + description: Resource Type definition for AWS::EC2::CapacityReservation + x-type-name: AWS::EC2::CapacityReservation + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Tenancy + - InstanceMatchCriteria + - InstancePlatform + - InstanceType + - AvailabilityZone + - TagSpecifications + - OutPostArn + - EphemeralStorage + - EbsOptimized + - PlacementGroupArn + x-read-only-properties: + - Id + - AvailableInstanceCount + - TotalInstanceCount + x-required-properties: + - InstanceCount + - AvailabilityZone + - InstancePlatform + - InstanceType + x-required-permissions: + create: + - ec2:CreateCapacityReservation + - ec2:DescribeCapacityReservations + - ec2:CancelCapacityReservation + - ec2:CreateTags + delete: + - ec2:CreateCapacityReservation + - ec2:DescribeCapacityReservations + - ec2:CancelCapacityReservation + - ec2:DeleteTags + list: + - ec2:DescribeCapacityReservations + read: + - ec2:DescribeCapacityReservations + update: + - ec2:ModifyCapacityReservation + - ec2:CreateCapacityReservation + - ec2:DescribeCapacityReservations + - ec2:CancelCapacityReservation + - ec2:CreateTags + - ec2:DeleteTags + InstanceTypeSpecification: + type: object + additionalProperties: false + properties: + InstanceType: + type: string + InstancePlatform: + type: string + Weight: + type: number + AvailabilityZone: + type: string + AvailabilityZoneId: + type: string + EbsOptimized: + type: boolean + Priority: + type: integer + minimum: 0 + maximum: 999 + CapacityReservationFleet: + type: object + properties: + AllocationStrategy: + type: string + TagSpecifications: + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/TagSpecification' + InstanceTypeSpecifications: + type: array + x-insertionOrder: false + uniqueItems: true + maxItems: 50 + items: + $ref: '#/components/schemas/InstanceTypeSpecification' + TotalTargetCapacity: + type: integer + minimum: 1 + maximum: 25000 + EndDate: + type: string + InstanceMatchCriteria: + type: string + enum: + - open + CapacityReservationFleetId: + type: string + Tenancy: + type: string + enum: + - default + RemoveEndDate: + type: boolean + NoRemoveEndDate: + type: boolean + x-stackql-resource-name: capacity_reservation_fleet + description: Resource Type definition for AWS::EC2::CapacityReservationFleet + x-type-name: AWS::EC2::CapacityReservationFleet + x-stackql-primary-identifier: + - CapacityReservationFleetId + x-create-only-properties: + - InstanceTypeSpecifications + - AllocationStrategy + - TagSpecifications + - EndDate + - Tenancy + - InstanceMatchCriteria + x-read-only-properties: + - CapacityReservationFleetId + x-taggable: true + x-required-permissions: + create: + - ec2:CreateCapacityReservationFleet + - ec2:ModifyCapacityReservationFleet + - ec2:DescribeCapacityReservationFleets + - ec2:CancelCapacityReservationFleets + - ec2:CreateCapacityReservation + - ec2:DescribeCapacityReservations + - ec2:CancelCapacityReservation + - ec2:DescribeInstances + - ec2:CreateTags + - iam:CreateServiceLinkedRole + delete: + - ec2:CreateCapacityReservationFleet + - ec2:ModifyCapacityReservationFleet + - ec2:DescribeCapacityReservationFleets + - ec2:CancelCapacityReservationFleets + - ec2:CreateCapacityReservation + - ec2:DescribeCapacityReservations + - ec2:CancelCapacityReservation + - ec2:DeleteTags + list: + - ec2:DescribeCapacityReservationFleets + - ec2:DescribeCapacityReservations + - ec2:DescribeInstances + read: + - ec2:DescribeCapacityReservationFleets + - ec2:DescribeInstances + - ec2:DescribeCapacityReservations + update: + - ec2:CreateCapacityReservationFleet + - ec2:ModifyCapacityReservationFleet + - ec2:DescribeCapacityReservationFleets + - ec2:CancelCapacityReservationFleets + - ec2:CreateCapacityReservation + - ec2:ModifyCapacityReservation + - ec2:DescribeCapacityReservations + - ec2:CancelCapacityReservation + - ec2:DescribeInstances + - ec2:DeleteTags + Tags: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + CarrierGateway: + type: object + properties: + CarrierGatewayId: + description: The ID of the carrier gateway. + type: string + State: + description: The state of the carrier gateway. + type: string + VpcId: + description: The ID of the VPC. + type: string + OwnerId: + description: The ID of the owner. + type: string + Tags: + description: The tags for the carrier gateway. + $ref: '#/components/schemas/Tags' + required: + - VpcId + x-stackql-resource-name: carrier_gateway + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::EC2::CarrierGateway + x-stackql-primary-identifier: + - CarrierGatewayId + x-create-only-properties: + - VpcId + x-read-only-properties: + - CarrierGatewayId + - OwnerId + - State + x-required-properties: + - VpcId + x-required-permissions: + create: + - ec2:CreateCarrierGateway + - ec2:DescribeCarrierGateways + - ec2:CreateTags + read: + - ec2:DescribeCarrierGateways + update: + - ec2:DescribeCarrierGateways + - ec2:CreateTags + - ec2:DeleteTags + delete: + - ec2:DeleteCarrierGateway + - ec2:DescribeCarrierGateways + list: + - ec2:DescribeCarrierGateways + CustomerGateway: + type: object + properties: + CertificateArn: + type: string + description: '' + pattern: ^arn:(aws[a-zA-Z-]*)?:acm:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:\d{12}:certificate\/[a-zA-Z0-9-_]+$ + CustomerGatewayId: + type: string + description: '' + BgpAsn: + type: integer + default: 65000 + description: |- + For devices that support BGP, the customer gateway's BGP ASN. + Default: 65000 + IpAddress: + type: string + description: IPv4 address for the customer gateway device's outside interface. The address must be static. + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + description: One or more tags for the customer gateway. + Type: + type: string + description: The type of VPN connection that this customer gateway supports (``ipsec.1``). + DeviceName: + type: string + description: The name of customer gateway device. + required: + - BgpAsn + - IpAddress + - Type + x-stackql-resource-name: customer_gateway + description: Specifies a customer gateway. + x-type-name: AWS::EC2::CustomerGateway + x-stackql-primary-identifier: + - CustomerGatewayId + x-create-only-properties: + - CertificateArn + - BgpAsn + - Type + - IpAddress + - DeviceName + x-read-only-properties: + - CustomerGatewayId + x-required-properties: + - BgpAsn + - IpAddress + - Type + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateCustomerGateway + - ec2:DescribeCustomerGateways + - ec2:CreateTags + read: + - ec2:DescribeCustomerGateways + update: + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeCustomerGateways + delete: + - ec2:DeleteCustomerGateway + - ec2:DescribeCustomerGateways + - ec2:DeleteTags + list: + - ec2:DescribeCustomerGateways + DHCPOptions: + type: object + properties: + DhcpOptionsId: + type: string + DomainName: + type: string + description: This value is used to complete unqualified DNS hostnames. + DomainNameServers: + type: array + description: The IPv4 addresses of up to four domain name servers, or AmazonProvidedDNS. + uniqueItems: true + items: + type: string + NetbiosNameServers: + type: array + description: The IPv4 addresses of up to four NetBIOS name servers. + uniqueItems: true + items: + type: string + NetbiosNodeType: + type: integer + description: The NetBIOS node type (1, 2, 4, or 8). + NtpServers: + type: array + description: The IPv4 addresses of up to four Network Time Protocol (NTP) servers. + uniqueItems: false + items: + type: string + Ipv6AddressPreferredLeaseTime: + type: integer + description: The preferred Lease Time for ipV6 address in seconds. + Tags: + type: array + description: Any tags assigned to the DHCP options set. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: dhcp_options + description: Resource Type definition for AWS::EC2::DHCPOptions + x-type-name: AWS::EC2::DHCPOptions + x-stackql-primary-identifier: + - DhcpOptionsId + x-create-only-properties: + - NetbiosNameServers + - NetbiosNodeType + - NtpServers + - DomainName + - DomainNameServers + - Ipv6AddressPreferredLeaseTime + x-read-only-properties: + - DhcpOptionsId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateDhcpOptions + - ec2:DescribeDhcpOptions + - ec2:CreateTags + read: + - ec2:DescribeDhcpOptions + - ec2:DescribeTags + update: + - ec2:CreateTags + - ec2:DescribeDhcpOptions + - ec2:DeleteTags + delete: + - ec2:DeleteDhcpOptions + - ec2:DeleteTags + - ec2:DescribeDhcpOptions + list: + - ec2:DescribeDhcpOptions + OnDemandOptionsRequest: + type: object + additionalProperties: false + properties: + SingleAvailabilityZone: + type: boolean + AllocationStrategy: + type: string + SingleInstanceType: + type: boolean + MinTargetCapacity: + type: integer + MaxTotalPrice: + type: string + CapacityReservationOptions: + $ref: '#/components/schemas/CapacityReservationOptionsRequest' + SpotOptionsRequest: + type: object + additionalProperties: false + properties: + MaintenanceStrategies: + $ref: '#/components/schemas/MaintenanceStrategies' + SingleAvailabilityZone: + type: boolean + AllocationStrategy: + type: string + enum: + - lowest-price + - lowestPrice + - diversified + - capacityOptimized + - capacity-optimized + - capacityOptimizedPrioritized + - capacity-optimized-prioritized + - priceCapacityOptimized + - price-capacity-optimized + SingleInstanceType: + type: boolean + MinTargetCapacity: + type: integer + MaxTotalPrice: + type: string + InstanceInterruptionBehavior: + type: string + enum: + - hibernate + - stop + - terminate + InstancePoolsToUseCount: + type: integer + TargetCapacitySpecificationRequest: + type: object + additionalProperties: false + properties: + DefaultTargetCapacityType: + type: string + enum: + - on-demand + - spot + TargetCapacityUnitType: + type: string + enum: + - vcpu + - memory-mib + - units + TotalTargetCapacity: + type: integer + OnDemandTargetCapacity: + type: integer + SpotTargetCapacity: + type: integer + required: + - TotalTargetCapacity + FleetLaunchTemplateSpecificationRequest: + type: object + additionalProperties: false + properties: + LaunchTemplateName: + type: string + minLength: 3 + maxLength: 128 + pattern: '[a-zA-Z0-9\(\)\.\-/_]+' + LaunchTemplateId: + type: string + Version: + type: string + required: + - Version + Placement: + description: |- + Specifies the placement of an instance. + ``Placement`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + additionalProperties: false + type: object + properties: + GroupName: + description: The name of the placement group for the instance. + type: string + Tenancy: + description: The tenancy of the instance. An instance with a tenancy of dedicated runs on single-tenant hardware. + type: string + SpreadDomain: + description: Reserved for future use. + type: string + PartitionNumber: + description: The number of the partition the instance should launch in. Valid only if the placement group strategy is set to ``partition``. + type: integer + AvailabilityZone: + description: The Availability Zone for the instance. + type: string + Affinity: + description: The affinity setting for an instance on a Dedicated Host. + type: string + HostId: + description: The ID of the Dedicated Host for the instance. + type: string + HostResourceGroupArn: + description: The ARN of the host resource group in which to launch the instances. If you specify a host resource group ARN, omit the *Tenancy* parameter or set it to ``host``. + type: string + GroupId: + description: The Group Id of a placement group. You must specify the Placement Group *Group Id* to launch an instance in a shared placement group. + type: string + FleetLaunchTemplateConfigRequest: + type: object + additionalProperties: false + properties: + LaunchTemplateSpecification: + $ref: '#/components/schemas/FleetLaunchTemplateSpecificationRequest' + Overrides: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/FleetLaunchTemplateOverridesRequest' + CapacityReservationOptionsRequest: + type: object + additionalProperties: false + properties: + UsageStrategy: + type: string + enum: + - use-capacity-reservations-first + FleetLaunchTemplateOverridesRequest: + type: object + additionalProperties: false + properties: + WeightedCapacity: + type: number + Placement: + $ref: '#/components/schemas/Placement' + Priority: + type: number + AvailabilityZone: + type: string + SubnetId: + type: string + InstanceType: + type: string + InstanceRequirements: + $ref: '#/components/schemas/InstanceRequirementsRequest' + MaxPrice: + type: string + InstanceRequirementsRequest: + type: object + additionalProperties: false + properties: + VCpuCount: + $ref: '#/components/schemas/VCpuCountRangeRequest' + MemoryMiB: + $ref: '#/components/schemas/MemoryMiBRequest' + CpuManufacturers: + type: array + uniqueItems: false + items: type: string enum: - - vpc - - standard - - name: Address - in: query - required: false - description: '[EC2-VPC] The Elastic IP address to recover or an IPv4 address from an address pool.' - schema: - type: string - - name: PublicIpv4Pool - in: query - required: false - description: 'The ID of an address pool that you own. Use this parameter to let Amazon EC2 select an address from the address pool. To specify a specific address from the address pool, use the Address parameter instead.' - schema: + - intel + - amd + - amazon-web-services + MemoryGiBPerVCpu: + $ref: '#/components/schemas/MemoryGiBPerVCpuRequest' + AllowedInstanceTypes: + type: array + uniqueItems: false + items: type: string - - name: NetworkBorderGroup - in: query - required: false - description: '

A unique set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses. Use this parameter to limit the IP address to this location. IP addresses cannot move between network border groups.

Use DescribeAvailabilityZones to view the network border groups.

You cannot use a network border group with EC2 Classic. If you attempt this operation on EC2 Classic, you receive an InvalidParameterCombination error.

' - schema: - type: string - - name: CustomerOwnedIpv4Pool - in: query - required: false - description: 'The ID of a customer-owned address pool. Use this parameter to let Amazon EC2 select an address from the address pool. Alternatively, specify a specific address from the address pool.' - schema: + minLength: 1 + maxLength: 30 + pattern: '[a-zA-Z0-9\.\*]+' + ExcludedInstanceTypes: + type: array + uniqueItems: false + items: type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: TagSpecification - in: query - required: false - description: The tags to assign to the Elastic IP address. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AllocateAddress - operationId: POST_AllocateAddress - description: '

Allocates an Elastic IP address to your Amazon Web Services account. After you allocate the Elastic IP address you can associate it with an instance or network interface. After you release an Elastic IP address, it is released to the IP address pool and can be allocated to a different Amazon Web Services account.

You can allocate an Elastic IP address from an address pool owned by Amazon Web Services or from an address pool created from a public IPv4 address range that you have brought to Amazon Web Services for use with your Amazon Web Services resources using bring your own IP addresses (BYOIP). For more information, see Bring Your Own IP Addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide.

[EC2-VPC] If you release an Elastic IP address, you might be able to recover it. You cannot recover an Elastic IP address that you released after it is allocated to another Amazon Web Services account. You cannot recover an Elastic IP address for EC2-Classic. To attempt to recover an Elastic IP address that you released, specify it in this operation.

An Elastic IP address is for use either in the EC2-Classic platform or in a VPC. By default, you can allocate 5 Elastic IP addresses for EC2-Classic per Region and 5 Elastic IP addresses for EC2-VPC per Region.

For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

You can allocate a carrier IP address which is a public IP address from a telecommunication carrier, to a network interface which resides in a subnet in a Wavelength Zone (for example an EC2 instance).

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AllocateAddressResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AllocateAddressRequest' - parameters: [] - /?Action=AllocateHosts&Version=2016-11-15: - get: - x-aws-operation-name: AllocateHosts - operationId: GET_AllocateHosts - description: 'Allocates a Dedicated Host to your account. At a minimum, specify the supported instance type or instance family, the Availability Zone in which to allocate the host, and the number of hosts to allocate.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AllocateHostsResult' - parameters: - - name: AutoPlacement - in: query - required: false - description: '

Indicates whether the host accepts any untargeted instance launches that match its instance type configuration, or if it only accepts Host tenancy instance launches that specify its unique host ID. For more information, see Understanding auto-placement and affinity in the Amazon EC2 User Guide.

Default: on

' - schema: + minLength: 1 + maxLength: 30 + pattern: '[a-zA-Z0-9\.\*]+' + InstanceGenerations: + type: array + uniqueItems: false + items: type: string enum: - - 'on' - - 'off' - - name: AvailabilityZone - in: query - required: true - description: The Availability Zone in which to allocate the Dedicated Host. - schema: - type: string - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' - schema: - type: string - - name: InstanceType - in: query - required: false - description: '

Specifies the instance type to be supported by the Dedicated Hosts. If you specify an instance type, the Dedicated Hosts support instances of the specified instance type only.

If you want the Dedicated Hosts to support multiple instance types in a specific instance family, omit this parameter and specify InstanceFamily instead. You cannot specify InstanceType and InstanceFamily in the same request.

' - schema: - type: string - - name: InstanceFamily - in: query - required: false - description: '

Specifies the instance family to be supported by the Dedicated Hosts. If you specify an instance family, the Dedicated Hosts support multiple instance types within that instance family.

If you want the Dedicated Hosts to support a specific instance type only, omit this parameter and specify InstanceType instead. You cannot specify InstanceFamily and InstanceType in the same request.

' - schema: - type: string - - name: Quantity - in: query - required: true - description: The number of Dedicated Hosts to allocate to your account with these parameters. - schema: - type: integer - - name: TagSpecification - in: query - required: false - description: The tags to apply to the Dedicated Host during creation. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: HostRecovery - in: query - required: false - description: '

Indicates whether to enable or disable host recovery for the Dedicated Host. Host recovery is disabled by default. For more information, see Host recovery in the Amazon EC2 User Guide.

Default: off

' - schema: + - current + - previous + SpotMaxPricePercentageOverLowestPrice: + type: integer + OnDemandMaxPricePercentageOverLowestPrice: + type: integer + MaxSpotPriceAsPercentageOfOptimalOnDemandPrice: + type: integer + BareMetal: + type: string + enum: + - included + - required + - excluded + BurstablePerformance: + type: string + enum: + - included + - required + - excluded + RequireHibernateSupport: + type: boolean + NetworkBandwidthGbps: + $ref: '#/components/schemas/NetworkBandwidthGbpsRequest' + NetworkInterfaceCount: + $ref: '#/components/schemas/NetworkInterfaceCountRequest' + LocalStorage: + type: string + enum: + - included + - required + - excluded + LocalStorageTypes: + type: array + uniqueItems: false + items: type: string enum: - - 'on' - - 'off' - - name: OutpostArn - in: query - required: false - description: The Amazon Resource Name (ARN) of the Amazon Web Services Outpost on which to allocate the Dedicated Host. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AllocateHosts - operationId: POST_AllocateHosts - description: 'Allocates a Dedicated Host to your account. At a minimum, specify the supported instance type or instance family, the Availability Zone in which to allocate the host, and the number of hosts to allocate.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AllocateHostsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AllocateHostsRequest' - parameters: [] - /?Action=AllocateIpamPoolCidr&Version=2016-11-15: - get: - x-aws-operation-name: AllocateIpamPoolCidr - operationId: GET_AllocateIpamPoolCidr - description: 'Allocate a CIDR from an IPAM pool. In IPAM, an allocation is a CIDR assignment from an IPAM pool to another resource or IPAM pool. For more information, see Allocate CIDRs in the Amazon VPC IPAM User Guide. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AllocateIpamPoolCidrResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IpamPoolId - in: query - required: true - description: The ID of the IPAM pool from which you would like to allocate a CIDR. - schema: - type: string - - name: Cidr - in: query - required: false - description: '

The CIDR you would like to allocate from the IPAM pool. Note the following:

Possible values: Any available IPv4 or IPv6 CIDR.

' - schema: - type: string - - name: NetmaskLength - in: query - required: false - description: '

The netmask length of the CIDR you would like to allocate from the IPAM pool. Note the following:

Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.

' - schema: - type: integer - - name: ClientToken - in: query - required: false - description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' - schema: - type: string - - name: Description - in: query - required: false - description: A description for the allocation. - schema: + - hdd + - ssd + TotalLocalStorageGB: + $ref: '#/components/schemas/TotalLocalStorageGBRequest' + BaselineEbsBandwidthMbps: + $ref: '#/components/schemas/BaselineEbsBandwidthMbpsRequest' + AcceleratorTypes: + type: array + uniqueItems: false + items: type: string - - name: PreviewNextCidr - in: query - required: false - description: A preview of the next available CIDR in a pool. - schema: - type: boolean - - name: DisallowedCidr - in: query - required: false - description: Exclude a particular CIDR range from being returned by the pool. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AllocateIpamPoolCidr - operationId: POST_AllocateIpamPoolCidr - description: 'Allocate a CIDR from an IPAM pool. In IPAM, an allocation is a CIDR assignment from an IPAM pool to another resource or IPAM pool. For more information, see Allocate CIDRs in the Amazon VPC IPAM User Guide. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AllocateIpamPoolCidrResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AllocateIpamPoolCidrRequest' - parameters: [] - /?Action=ApplySecurityGroupsToClientVpnTargetNetwork&Version=2016-11-15: - get: - x-aws-operation-name: ApplySecurityGroupsToClientVpnTargetNetwork - operationId: GET_ApplySecurityGroupsToClientVpnTargetNetwork - description: Applies a security group to the association between the target network and the Client VPN endpoint. This action replaces the existing security groups with the specified security groups. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ApplySecurityGroupsToClientVpnTargetNetworkResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint. - schema: - type: string - - name: VpcId - in: query - required: true - description: The ID of the VPC in which the associated target network is located. - schema: + enum: + - gpu + - fpga + - inference + AcceleratorCount: + $ref: '#/components/schemas/AcceleratorCountRequest' + AcceleratorManufacturers: + type: array + uniqueItems: false + items: type: string - - name: SecurityGroupId - in: query - required: true - description: The IDs of the security groups to apply to the associated target network. Up to 5 security groups can be applied to an associated target network. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ApplySecurityGroupsToClientVpnTargetNetwork - operationId: POST_ApplySecurityGroupsToClientVpnTargetNetwork - description: Applies a security group to the association between the target network and the Client VPN endpoint. This action replaces the existing security groups with the specified security groups. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ApplySecurityGroupsToClientVpnTargetNetworkResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ApplySecurityGroupsToClientVpnTargetNetworkRequest' - parameters: [] - /?Action=AssignIpv6Addresses&Version=2016-11-15: - get: - x-aws-operation-name: AssignIpv6Addresses - operationId: GET_AssignIpv6Addresses - description: '

Assigns one or more IPv6 addresses to the specified network interface. You can specify one or more specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from within the subnet''s IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies per instance type. For information, see IP Addresses Per Network Interface Per Instance Type in the Amazon Elastic Compute Cloud User Guide.

You must specify either the IPv6 addresses or the IPv6 address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPV6 Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssignIpv6AddressesResult' - parameters: - - name: Ipv6AddressCount - in: query - required: false - description: The number of additional IPv6 addresses to assign to the network interface. The specified number of IPv6 addresses are assigned in addition to the existing IPv6 addresses that are already assigned to the network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. You can't use this option if specifying specific IPv6 addresses. - schema: - type: integer - - name: Ipv6Addresses - in: query - required: false - description: One or more specific IPv6 addresses to be assigned to the network interface. You can't use this option if you're specifying a number of IPv6 addresses. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: Ipv6PrefixCount - in: query - required: false - description: The number of IPv6 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv6Prefixes option. - schema: - type: integer - - name: Ipv6Prefix - in: query - required: false - description: One or more IPv6 prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: NetworkInterfaceId - in: query - required: true - description: The ID of the network interface. - schema: + enum: + - amazon-web-services + - amd + - habana + - nvidia + - xilinx + AcceleratorNames: + type: array + uniqueItems: false + items: type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AssignIpv6Addresses - operationId: POST_AssignIpv6Addresses - description: '

Assigns one or more IPv6 addresses to the specified network interface. You can specify one or more specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from within the subnet''s IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies per instance type. For information, see IP Addresses Per Network Interface Per Instance Type in the Amazon Elastic Compute Cloud User Guide.

You must specify either the IPv6 addresses or the IPv6 address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPV6 Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssignIpv6AddressesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AssignIpv6AddressesRequest' - parameters: [] - /?Action=AssignPrivateIpAddresses&Version=2016-11-15: - get: - x-aws-operation-name: AssignPrivateIpAddresses - operationId: GET_AssignPrivateIpAddresses - description: '

Assigns one or more secondary private IP addresses to the specified network interface.

You can specify one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses to be automatically assigned within the subnet''s CIDR block range. The number of secondary IP addresses that you can assign to an instance varies by instance type. For information about instance types, see Instance Types in the Amazon Elastic Compute Cloud User Guide. For more information about Elastic IP addresses, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

When you move a secondary private IP address to another network interface, any Elastic IP address that is associated with the IP address is also moved.

Remapping an IP address is an asynchronous operation. When you move an IP address from one network interface to another, check network/interfaces/macs/mac/local-ipv4s in the instance metadata to confirm that the remapping is complete.

You must specify either the IP addresses or the IP address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPv4 Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssignPrivateIpAddressesResult' - parameters: - - name: AllowReassignment - in: query - required: false - description: Indicates whether to allow an IP address that is already assigned to another network interface or instance to be reassigned to the specified network interface. - schema: - type: boolean - - name: NetworkInterfaceId - in: query - required: true + enum: + - a10g + - a100 + - h100 + - inferentia + - k520 + - k80 + - m60 + - radeon-pro-v520 + - t4 + - t4g + - vu9p + - v100 + AcceleratorTotalMemoryMiB: + $ref: '#/components/schemas/AcceleratorTotalMemoryMiBRequest' + VCpuCountRangeRequest: + type: object + additionalProperties: false + properties: + Min: + type: integer + Max: + type: integer + MemoryMiBRequest: + type: object + additionalProperties: false + properties: + Min: + type: integer + Max: + type: integer + MemoryGiBPerVCpuRequest: + type: object + additionalProperties: false + properties: + Min: + type: number + Max: + type: number + NetworkBandwidthGbpsRequest: + type: object + additionalProperties: false + properties: + Min: + type: number + Max: + type: number + NetworkInterfaceCountRequest: + type: object + additionalProperties: false + properties: + Min: + type: integer + Max: + type: integer + TotalLocalStorageGBRequest: + type: object + additionalProperties: false + properties: + Min: + type: number + Max: + type: number + BaselineEbsBandwidthMbpsRequest: + type: object + additionalProperties: false + properties: + Min: + type: integer + Max: + type: integer + AcceleratorCountRequest: + type: object + additionalProperties: false + properties: + Min: + type: integer + Max: + type: integer + AcceleratorTotalMemoryMiBRequest: + type: object + additionalProperties: false + properties: + Min: + type: integer + Max: + type: integer + MaintenanceStrategies: + type: object + additionalProperties: false + properties: + CapacityRebalance: + $ref: '#/components/schemas/CapacityRebalance' + CapacityRebalance: + type: object + additionalProperties: false + properties: + ReplacementStrategy: + type: string + enum: + - launch + - launch-before-terminate + TerminationDelay: + type: integer + EC2Fleet: + type: object + properties: + TargetCapacitySpecification: + $ref: '#/components/schemas/TargetCapacitySpecificationRequest' + OnDemandOptions: + $ref: '#/components/schemas/OnDemandOptionsRequest' + Type: + type: string + enum: + - maintain + - request + - instant + ExcessCapacityTerminationPolicy: + type: string + enum: + - termination + - no-termination + TagSpecifications: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/TagSpecification' + SpotOptions: + $ref: '#/components/schemas/SpotOptionsRequest' + ValidFrom: + type: string + ReplaceUnhealthyInstances: + type: boolean + LaunchTemplateConfigs: + type: array + uniqueItems: false + maxItems: 50 + items: + $ref: '#/components/schemas/FleetLaunchTemplateConfigRequest' + FleetId: + type: string + TerminateInstancesWithExpiration: + type: boolean + ValidUntil: + type: string + Context: + type: string + required: + - TargetCapacitySpecification + - LaunchTemplateConfigs + x-stackql-resource-name: ec2fleet + description: Resource Type definition for AWS::EC2::EC2Fleet + x-type-name: AWS::EC2::EC2Fleet + x-stackql-primary-identifier: + - FleetId + x-create-only-properties: + - LaunchTemplateConfigs + - OnDemandOptions + - ReplaceUnhealthyInstances + - SpotOptions + - TagSpecifications + - TerminateInstancesWithExpiration + - Type + - ValidFrom + - ValidUntil + x-read-only-properties: + - FleetId + x-required-properties: + - TargetCapacitySpecification + - LaunchTemplateConfigs + x-required-permissions: + create: + - ec2:CreateFleet + - ec2:DescribeFleets + delete: + - ec2:DescribeFleets + - ec2:DeleteFleets + list: + - ec2:DescribeFleets + read: + - ec2:DescribeFleets + update: + - ec2:ModifyFleet + - ec2:DescribeFleets + EgressOnlyInternetGateway: + type: object + properties: + Id: + description: Service Generated ID of the EgressOnlyInternetGateway + type: string + VpcId: + description: The ID of the VPC for which to create the egress-only internet gateway. + type: string + required: + - VpcId + x-stackql-resource-name: egress_only_internet_gateway + description: Resource Type definition for AWS::EC2::EgressOnlyInternetGateway + x-type-name: AWS::EC2::EgressOnlyInternetGateway + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - VpcId + x-read-only-properties: + - Id + x-required-properties: + - VpcId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:CreateEgressOnlyInternetGateway + - ec2:DescribeEgressOnlyInternetGateways + read: + - ec2:DescribeEgressOnlyInternetGateways + delete: + - ec2:DeleteEgressOnlyInternetGateway + - ec2:DescribeEgressOnlyInternetGateways + - ec2:DescribeVpcs + list: + - ec2:DescribeEgressOnlyInternetGateways + EIP: + type: object + properties: + PublicIp: + description: '' + type: string + AllocationId: + description: '' + type: string + Domain: + description: |- + The network (``vpc``). + If you define an Elastic IP address and associate it with a VPC that is defined in the same template, you must declare a dependency on the VPC-gateway attachment by using the [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) on this resource. + type: string + NetworkBorderGroup: + description: |- + A unique set of Availability Zones, Local Zones, or Wavelength Zones from which AWS advertises IP addresses. Use this parameter to limit the IP address to this location. IP addresses cannot move between network border groups. + Use [DescribeAvailabilityZones](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html) to view the network border groups. + type: string + TransferAddress: + description: The Elastic IP address you are accepting for transfer. You can only accept one transferred address. For more information on Elastic IP address transfers, see [Transfer Elastic IP addresses](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#transfer-EIPs-intro) in the *Amazon Virtual Private Cloud User Guide*. + type: string + InstanceId: + description: |- + The ID of the instance. + Updates to the ``InstanceId`` property may require *some interruptions*. Updates on an EIP reassociates the address on its associated resource. + type: string + PublicIpv4Pool: + description: |- + The ID of an address pool that you own. Use this parameter to let Amazon EC2 select an address from the address pool. + Updates to the ``PublicIpv4Pool`` property may require *some interruptions*. Updates on an EIP reassociates the address on its associated resource. + type: string + Tags: + description: |- + Any tags assigned to the Elastic IP address. + Updates to the ``Tags`` property may require *some interruptions*. Updates on an EIP reassociates the address on its associated resource. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: eip + description: |- + Specifies an Elastic IP (EIP) address and can, optionally, associate it with an Amazon EC2 instance. + You can allocate an Elastic IP address from an address pool owned by AWS or from an address pool created from a public IPv4 address range that you have brought to AWS for use with your AWS resources using bring your own IP addresses (BYOIP). For more information, see [Bring Your Own IP Addresses (BYOIP)](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) in the *Amazon EC2 User Guide*. + For more information, see [Elastic IP Addresses](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) in the *Amazon EC2 User Guide*. + x-type-name: AWS::EC2::EIP + x-stackql-primary-identifier: + - PublicIp + - AllocationId + x-create-only-properties: + - Domain + - NetworkBorderGroup + - TransferAddress + x-write-only-properties: + - TransferAddress + x-read-only-properties: + - PublicIp + - AllocationId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:AllocateAddress + - ec2:AcceptAddressTransfer + - ec2:DescribeAddresses + - ec2:AssociateAddress + - ec2:CreateTags + read: + - ec2:DescribeAddresses + delete: + - ec2:ReleaseAddress + - ec2:DescribeAddresses + - ec2:DisassociateAddress + update: + - ec2:DescribeAddresses + - ec2:DisassociateAddress + - ec2:DeleteTags + - ec2:CreateTags + - ec2:AssociateAddress + list: + - ec2:DescribeAddresses + EIPAssociation: + type: object + properties: + Id: + description: Composite ID of non-empty properties, to determine the identification. + type: string + AllocationId: + description: The allocation ID. This is required for EC2-VPC. + type: string + NetworkInterfaceId: description: The ID of the network interface. - schema: - type: string - - name: PrivateIpAddress - in: query - required: false - description: '

One or more IP addresses to be assigned as a secondary private IP address to the network interface. You can''t specify this parameter when also specifying a number of secondary IP addresses.

If you don''t specify an IP address, Amazon EC2 automatically selects an IP address within the subnet range.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: PrivateIpAddress - - name: SecondaryPrivateIpAddressCount - in: query - required: false - description: The number of secondary IP addresses to assign to the network interface. You can't specify this parameter when also specifying private IP addresses. - schema: - type: integer - - name: Ipv4Prefix - in: query - required: false - description: One or more IPv4 prefixes assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: Ipv4PrefixCount - in: query - required: false - description: The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option. - schema: - type: integer - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AssignPrivateIpAddresses - operationId: POST_AssignPrivateIpAddresses - description: '

Assigns one or more secondary private IP addresses to the specified network interface.

You can specify one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses to be automatically assigned within the subnet''s CIDR block range. The number of secondary IP addresses that you can assign to an instance varies by instance type. For information about instance types, see Instance Types in the Amazon Elastic Compute Cloud User Guide. For more information about Elastic IP addresses, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

When you move a secondary private IP address to another network interface, any Elastic IP address that is associated with the IP address is also moved.

Remapping an IP address is an asynchronous operation. When you move an IP address from one network interface to another, check network/interfaces/macs/mac/local-ipv4s in the instance metadata to confirm that the remapping is complete.

You must specify either the IP addresses or the IP address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPv4 Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssignPrivateIpAddressesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AssignPrivateIpAddressesRequest' - parameters: [] - /?Action=AssociateAddress&Version=2016-11-15: - get: - x-aws-operation-name: AssociateAddress - operationId: GET_AssociateAddress - description: '

Associates an Elastic IP address, or carrier IP address (for instances that are in subnets in Wavelength Zones) with an instance or a network interface. Before you can use an Elastic IP address, you must allocate it to your account.

An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

[EC2-Classic, VPC in an EC2-VPC-only account] If the Elastic IP address is already associated with a different instance, it is disassociated from that instance and associated with the specified instance. If you associate an Elastic IP address with an instance that has an existing Elastic IP address, the existing address is disassociated from the instance, but remains allocated to your account.

[VPC in an EC2-Classic account] If you don''t specify a private IP address, the Elastic IP address is associated with the primary IP address. If the Elastic IP address is already associated with a different instance or a network interface, you get an error unless you allow reassociation. You cannot associate an Elastic IP address with an instance or network interface that has an existing Elastic IP address.

[Subnets in Wavelength Zones] You can associate an IP address from the telecommunication carrier to the instance or network interface.

You cannot associate an Elastic IP address with an interface in a different network border group.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn''t return an error, and you may be charged for each time the Elastic IP address is remapped to the same instance. For more information, see the Elastic IP Addresses section of Amazon EC2 Pricing.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateAddressResult' - parameters: - - name: AllocationId - in: query - required: false - description: '[EC2-VPC] The allocation ID. This is required for EC2-VPC.' - schema: - type: string - - name: InstanceId - in: query - required: false - description: 'The ID of the instance. The instance must have exactly one attached network interface. For EC2-VPC, you can specify either the instance ID or the network interface ID, but not both. For EC2-Classic, you must specify an instance ID and the instance must be in the running state.' - schema: - type: string - - name: PublicIp - in: query - required: false - description: '[EC2-Classic] The Elastic IP address to associate with the instance. This is required for EC2-Classic.' - schema: - type: string - - name: AllowReassociation - in: query - required: false - description: '[EC2-VPC] For a VPC in an EC2-Classic account, specify true to allow an Elastic IP address that is already associated with an instance or network interface to be reassociated with the specified instance or network interface. Otherwise, the operation fails. In a VPC in an EC2-VPC-only account, reassociation is automatic, therefore you can specify false to ensure the operation fails if the Elastic IP address is already associated with another resource.' - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NetworkInterfaceId - in: query - required: false - description: '

[EC2-VPC] The ID of the network interface. If the instance has more than one network interface, you must specify a network interface ID.

For EC2-VPC, you can specify either the instance ID or the network interface ID, but not both.

' - schema: - type: string - - name: PrivateIpAddress - in: query - required: false - description: '[EC2-VPC] The primary or secondary private IP address to associate with the Elastic IP address. If no private IP address is specified, the Elastic IP address is associated with the primary private IP address.' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AssociateAddress - operationId: POST_AssociateAddress - description: '

Associates an Elastic IP address, or carrier IP address (for instances that are in subnets in Wavelength Zones) with an instance or a network interface. Before you can use an Elastic IP address, you must allocate it to your account.

An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

[EC2-Classic, VPC in an EC2-VPC-only account] If the Elastic IP address is already associated with a different instance, it is disassociated from that instance and associated with the specified instance. If you associate an Elastic IP address with an instance that has an existing Elastic IP address, the existing address is disassociated from the instance, but remains allocated to your account.

[VPC in an EC2-Classic account] If you don''t specify a private IP address, the Elastic IP address is associated with the primary IP address. If the Elastic IP address is already associated with a different instance or a network interface, you get an error unless you allow reassociation. You cannot associate an Elastic IP address with an instance or network interface that has an existing Elastic IP address.

[Subnets in Wavelength Zones] You can associate an IP address from the telecommunication carrier to the instance or network interface.

You cannot associate an Elastic IP address with an interface in a different network border group.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn''t return an error, and you may be charged for each time the Elastic IP address is remapped to the same instance. For more information, see the Elastic IP Addresses section of Amazon EC2 Pricing.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateAddressResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateAddressRequest' - parameters: [] - /?Action=AssociateClientVpnTargetNetwork&Version=2016-11-15: - get: - x-aws-operation-name: AssociateClientVpnTargetNetwork - operationId: GET_AssociateClientVpnTargetNetwork - description: '

Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.

If you specified a VPC when you created the Client VPN endpoint or if you have previous subnet associations, the specified subnet must be in the same VPC. To specify a subnet that''s in a different VPC, you must first modify the Client VPN endpoint (ModifyClientVpnEndpoint) and change the VPC that''s associated with it.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateClientVpnTargetNetworkResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint. - schema: - type: string - - name: SubnetId - in: query - required: true - description: The ID of the subnet to associate with the Client VPN endpoint. - schema: - type: string - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AssociateClientVpnTargetNetwork - operationId: POST_AssociateClientVpnTargetNetwork - description: '

Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.

If you specified a VPC when you created the Client VPN endpoint or if you have previous subnet associations, the specified subnet must be in the same VPC. To specify a subnet that''s in a different VPC, you must first modify the Client VPN endpoint (ModifyClientVpnEndpoint) and change the VPC that''s associated with it.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateClientVpnTargetNetworkResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateClientVpnTargetNetworkRequest' - parameters: [] - /?Action=AssociateDhcpOptions&Version=2016-11-15: - get: - x-aws-operation-name: AssociateDhcpOptions - operationId: GET_AssociateDhcpOptions - description: '

Associates a set of DHCP options (that you''ve previously created) with the specified VPC, or associates no DHCP options with the VPC.

After you associate the options with the VPC, any existing instances and all new instances that you launch in that VPC use the options. You don''t need to restart or relaunch the instances. They automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease using the operating system on the instance.

For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - parameters: - - name: DhcpOptionsId - in: query - required: true - description: 'The ID of the DHCP options set, or default to associate no DHCP options with the VPC.' - schema: - type: string - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AssociateDhcpOptions - operationId: POST_AssociateDhcpOptions - description: '

Associates a set of DHCP options (that you''ve previously created) with the specified VPC, or associates no DHCP options with the VPC.

After you associate the options with the VPC, any existing instances and all new instances that you launch in that VPC use the options. You don''t need to restart or relaunch the instances. They automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease using the operating system on the instance.

For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateDhcpOptionsRequest' - parameters: [] - /?Action=AssociateEnclaveCertificateIamRole&Version=2016-11-15: - get: - x-aws-operation-name: AssociateEnclaveCertificateIamRole - operationId: GET_AssociateEnclaveCertificateIamRole - description: '

Associates an Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the Amazon Web Services Nitro Enclaves User Guide.

When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 bucket that only the associated IAM role can access. The private key of the certificate is encrypted with an Amazon Web Services managed key that has an attached attestation-based key policy.

To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the Amazon Web Services Nitro Enclaves User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateEnclaveCertificateIamRoleResult' - parameters: - - name: CertificateArn - in: query - required: false - description: The ARN of the ACM certificate with which to associate the IAM role. - schema: - type: string - minLength: 1 - maxLength: 1283 - - name: RoleArn - in: query - required: false - description: The ARN of the IAM role to associate with the ACM certificate. You can associate up to 16 IAM roles with an ACM certificate. - schema: - type: string - minLength: 1 - maxLength: 1283 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AssociateEnclaveCertificateIamRole - operationId: POST_AssociateEnclaveCertificateIamRole - description: '

Associates an Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the Amazon Web Services Nitro Enclaves User Guide.

When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 bucket that only the associated IAM role can access. The private key of the certificate is encrypted with an Amazon Web Services managed key that has an attached attestation-based key policy.

To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the Amazon Web Services Nitro Enclaves User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateEnclaveCertificateIamRoleResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateEnclaveCertificateIamRoleRequest' - parameters: [] - /?Action=AssociateIamInstanceProfile&Version=2016-11-15: - get: - x-aws-operation-name: AssociateIamInstanceProfile - operationId: GET_AssociateIamInstanceProfile - description: Associates an IAM instance profile with a running or stopped instance. You cannot associate more than one IAM instance profile with an instance. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateIamInstanceProfileResult' - parameters: - - name: IamInstanceProfile - in: query - required: true - description: The IAM instance profile. - schema: - type: object - properties: - arn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the instance profile. - name: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the instance profile. - description: Describes an IAM instance profile. - - name: InstanceId - in: query - required: true - description: The ID of the instance. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AssociateIamInstanceProfile - operationId: POST_AssociateIamInstanceProfile - description: Associates an IAM instance profile with a running or stopped instance. You cannot associate more than one IAM instance profile with an instance. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateIamInstanceProfileResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateIamInstanceProfileRequest' - parameters: [] - /?Action=AssociateInstanceEventWindow&Version=2016-11-15: - get: - x-aws-operation-name: AssociateInstanceEventWindow - operationId: GET_AssociateInstanceEventWindow - description: '

Associates one or more targets with an event window. Only one type of target (instance IDs, Dedicated Host IDs, or tags) can be specified with an event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateInstanceEventWindowResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceEventWindowId - in: query - required: true - description: The ID of the event window. - schema: - type: string - - name: AssociationTarget - in: query - required: true - description: One or more targets associated with the specified event window. - schema: - type: object - properties: - InstanceId: - allOf: - - $ref: '#/components/schemas/InstanceIdList' - - description: 'The IDs of the instances to associate with the event window. If the instance is on a Dedicated Host, you can''t specify the Instance ID parameter; you must use the Dedicated Host ID parameter.' - InstanceTag: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The instance tags to associate with the event window. Any instances associated with the tags will be associated with the event window. - DedicatedHostId: - allOf: - - $ref: '#/components/schemas/DedicatedHostIdList' - - description: The IDs of the Dedicated Hosts to associate with the event window. - description: 'One or more targets associated with the specified event window. Only one type of target (instance ID, instance tag, or Dedicated Host ID) can be associated with an event window.' - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AssociateInstanceEventWindow - operationId: POST_AssociateInstanceEventWindow - description: '

Associates one or more targets with an event window. Only one type of target (instance IDs, Dedicated Host IDs, or tags) can be specified with an event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateInstanceEventWindowResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateInstanceEventWindowRequest' - parameters: [] - /?Action=AssociateRouteTable&Version=2016-11-15: - get: - x-aws-operation-name: AssociateRouteTable - operationId: GET_AssociateRouteTable - description: '

Associates a subnet in your VPC or an internet gateway or virtual private gateway attached to your VPC with a route table in your VPC. This association causes traffic from the subnet or gateway to be routed according to the routes in the route table. The action returns an association ID, which you need in order to disassociate the route table later. A route table can be associated with multiple subnets.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateRouteTableResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: RouteTableId - in: query - required: true - description: The ID of the route table. - schema: - type: string - - name: SubnetId - in: query - required: false - description: The ID of the subnet. - schema: - type: string - - name: GatewayId - in: query - required: false - description: The ID of the internet gateway or virtual private gateway. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AssociateRouteTable - operationId: POST_AssociateRouteTable - description: '

Associates a subnet in your VPC or an internet gateway or virtual private gateway attached to your VPC with a route table in your VPC. This association causes traffic from the subnet or gateway to be routed according to the routes in the route table. The action returns an association ID, which you need in order to disassociate the route table later. A route table can be associated with multiple subnets.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateRouteTableResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateRouteTableRequest' - parameters: [] - /?Action=AssociateSubnetCidrBlock&Version=2016-11-15: - get: - x-aws-operation-name: AssociateSubnetCidrBlock - operationId: GET_AssociateSubnetCidrBlock - description: Associates a CIDR block with your subnet. You can only associate a single IPv6 CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of /64. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateSubnetCidrBlockResult' - parameters: - - name: Ipv6CidrBlock - in: query - required: true - description: The IPv6 CIDR block for your subnet. The subnet must have a /64 prefix length. - schema: - type: string - - name: SubnetId - in: query - required: true - description: The ID of your subnet. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AssociateSubnetCidrBlock - operationId: POST_AssociateSubnetCidrBlock - description: Associates a CIDR block with your subnet. You can only associate a single IPv6 CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of /64. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateSubnetCidrBlockResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateSubnetCidrBlockRequest' - parameters: [] - /?Action=AssociateTransitGatewayMulticastDomain&Version=2016-11-15: - get: - x-aws-operation-name: AssociateTransitGatewayMulticastDomain - operationId: GET_AssociateTransitGatewayMulticastDomain - description: '

Associates the specified subnets and transit gateway attachments with the specified transit gateway multicast domain.

The transit gateway attachment must be in the available state before you can add a resource. Use DescribeTransitGatewayAttachments to see the state of the attachment.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateTransitGatewayMulticastDomainResult' - parameters: - - name: TransitGatewayMulticastDomainId - in: query - required: false - description: The ID of the transit gateway multicast domain. - schema: - type: string - - name: TransitGatewayAttachmentId - in: query - required: false - description: The ID of the transit gateway attachment to associate with the transit gateway multicast domain. - schema: - type: string - - name: SubnetIds - in: query - required: false - description: The IDs of the subnets to associate with the transit gateway multicast domain. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SubnetId' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AssociateTransitGatewayMulticastDomain - operationId: POST_AssociateTransitGatewayMulticastDomain - description: '

Associates the specified subnets and transit gateway attachments with the specified transit gateway multicast domain.

The transit gateway attachment must be in the available state before you can add a resource. Use DescribeTransitGatewayAttachments to see the state of the attachment.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateTransitGatewayMulticastDomainResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateTransitGatewayMulticastDomainRequest' - parameters: [] - /?Action=AssociateTransitGatewayRouteTable&Version=2016-11-15: - get: - x-aws-operation-name: AssociateTransitGatewayRouteTable - operationId: GET_AssociateTransitGatewayRouteTable - description: Associates the specified attachment with the specified transit gateway route table. You can associate only one route table with an attachment. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateTransitGatewayRouteTableResult' - parameters: - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the transit gateway route table. - schema: - type: string - - name: TransitGatewayAttachmentId - in: query - required: true - description: The ID of the attachment. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AssociateTransitGatewayRouteTable - operationId: POST_AssociateTransitGatewayRouteTable - description: Associates the specified attachment with the specified transit gateway route table. You can associate only one route table with an attachment. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateTransitGatewayRouteTableResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateTransitGatewayRouteTableRequest' - parameters: [] - /?Action=AssociateTrunkInterface&Version=2016-11-15: - get: - x-aws-operation-name: AssociateTrunkInterface - operationId: GET_AssociateTrunkInterface - description: '

This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.

Associates a branch network interface with a trunk network interface.

Before you create the association, run the create-network-interface command and set --interface-type to trunk. You must also create a network interface for each branch network interface that you want to associate with the trunk network interface.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateTrunkInterfaceResult' - parameters: - - name: BranchInterfaceId - in: query - required: true - description: The ID of the branch network interface. - schema: - type: string - - name: TrunkInterfaceId - in: query - required: true - description: The ID of the trunk network interface. - schema: - type: string - - name: VlanId - in: query - required: false - description: The ID of the VLAN. This applies to the VLAN protocol. - schema: - type: integer - - name: GreKey - in: query - required: false - description: The application key. This applies to the GRE protocol. - schema: - type: integer - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AssociateTrunkInterface - operationId: POST_AssociateTrunkInterface - description: '

This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.

Associates a branch network interface with a trunk network interface.

Before you create the association, run the create-network-interface command and set --interface-type to trunk. You must also create a network interface for each branch network interface that you want to associate with the trunk network interface.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateTrunkInterfaceResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateTrunkInterfaceRequest' - parameters: [] - /?Action=AssociateVpcCidrBlock&Version=2016-11-15: - get: - x-aws-operation-name: AssociateVpcCidrBlock - operationId: GET_AssociateVpcCidrBlock - description: '

Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP). The IPv6 CIDR block size is fixed at /56.

You must specify one of the following in the request: an IPv4 CIDR block, an IPv6 pool, or an Amazon-provided IPv6 CIDR block.

For more information about associating CIDR blocks with your VPC and applicable restrictions, see VPC and subnet sizing in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateVpcCidrBlockResult' - parameters: - - name: AmazonProvidedIpv6CidrBlock - in: query - required: false - description: 'Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses, or the size of the CIDR block.' - schema: - type: boolean - - name: CidrBlock - in: query - required: false - description: An IPv4 CIDR block to associate with the VPC. - schema: - type: string - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - - name: Ipv6CidrBlockNetworkBorderGroup - in: query - required: false - description:

The name of the location from which we advertise the IPV6 CIDR block. Use this parameter to limit the CIDR block to this location.

You must set AmazonProvidedIpv6CidrBlock to true to use this parameter.

You can have one IPv6 CIDR block association per network border group.

- schema: - type: string - - name: Ipv6Pool - in: query - required: false - description: The ID of an IPv6 address pool from which to allocate the IPv6 CIDR block. - schema: - type: string - - name: Ipv6CidrBlock - in: query - required: false - description: '

An IPv6 CIDR block from the IPv6 address pool. You must also specify Ipv6Pool in the request.

To let Amazon choose the IPv6 CIDR block for you, omit this parameter.

' - schema: - type: string - - name: Ipv4IpamPoolId - in: query - required: false - description: 'Associate a CIDR allocated from an IPv4 IPAM pool to a VPC. For more information about Amazon VPC IP Address Manager (IPAM), see What is IPAM? in the Amazon VPC IPAM User Guide.' - schema: - type: string - - name: Ipv4NetmaskLength - in: query - required: false - description: 'The netmask length of the IPv4 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide. ' - schema: - type: integer - - name: Ipv6IpamPoolId - in: query - required: false - description: 'Associates a CIDR allocated from an IPv6 IPAM pool to a VPC. For more information about Amazon VPC IP Address Manager (IPAM), see What is IPAM? in the Amazon VPC IPAM User Guide.' - schema: - type: string - - name: Ipv6NetmaskLength - in: query - required: false - description: 'The netmask length of the IPv6 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide. ' - schema: - type: integer - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AssociateVpcCidrBlock - operationId: POST_AssociateVpcCidrBlock - description: '

Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP). The IPv6 CIDR block size is fixed at /56.

You must specify one of the following in the request: an IPv4 CIDR block, an IPv6 pool, or an Amazon-provided IPv6 CIDR block.

For more information about associating CIDR blocks with your VPC and applicable restrictions, see VPC and subnet sizing in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateVpcCidrBlockResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AssociateVpcCidrBlockRequest' - parameters: [] - /?Action=AttachClassicLinkVpc&Version=2016-11-15: - get: - x-aws-operation-name: AttachClassicLinkVpc - operationId: GET_AttachClassicLinkVpc - description: '

Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC''s security groups. You cannot link an EC2-Classic instance to more than one VPC at a time. You can only link an instance that''s in the running state. An instance is automatically unlinked from a VPC when it''s stopped - you can link it to the VPC again when you restart it.

After you''ve linked an instance, you cannot change the VPC security groups that are associated with it. To change the security groups, you must first unlink the instance, and then link it again.

Linking your instance to a VPC is sometimes referred to as attaching your instance.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AttachClassicLinkVpcResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: SecurityGroupId - in: query - required: true - description: The ID of one or more of the VPC's security groups. You cannot specify security groups from a different VPC. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: groupId - - name: InstanceId - in: query - required: true - description: The ID of an EC2-Classic instance to link to the ClassicLink-enabled VPC. - schema: - type: string - - name: VpcId - in: query - required: true - description: The ID of a ClassicLink-enabled VPC. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AttachClassicLinkVpc - operationId: POST_AttachClassicLinkVpc - description: '

Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC''s security groups. You cannot link an EC2-Classic instance to more than one VPC at a time. You can only link an instance that''s in the running state. An instance is automatically unlinked from a VPC when it''s stopped - you can link it to the VPC again when you restart it.

After you''ve linked an instance, you cannot change the VPC security groups that are associated with it. To change the security groups, you must first unlink the instance, and then link it again.

Linking your instance to a VPC is sometimes referred to as attaching your instance.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AttachClassicLinkVpcResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AttachClassicLinkVpcRequest' - parameters: [] - /?Action=AttachInternetGateway&Version=2016-11-15: - get: - x-aws-operation-name: AttachInternetGateway - operationId: GET_AttachInternetGateway - description: 'Attaches an internet gateway or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC. For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide.' - responses: - '200': - description: Success - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InternetGatewayId - in: query - required: true - description: The ID of the internet gateway. - schema: - type: string - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AttachInternetGateway - operationId: POST_AttachInternetGateway - description: 'Attaches an internet gateway or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC. For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide.' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AttachInternetGatewayRequest' - parameters: [] - /?Action=AttachNetworkInterface&Version=2016-11-15: - get: - x-aws-operation-name: AttachNetworkInterface - operationId: GET_AttachNetworkInterface - description: Attaches a network interface to an instance. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AttachNetworkInterfaceResult' - parameters: - - name: DeviceIndex - in: query - required: true - description: The index of the device for the network interface attachment. - schema: - type: integer - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceId - in: query - required: true - description: The ID of the instance. - schema: - type: string - - name: NetworkInterfaceId - in: query - required: true - description: The ID of the network interface. - schema: - type: string - - name: NetworkCardIndex - in: query - required: false - description: The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0. - schema: - type: integer - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AttachNetworkInterface - operationId: POST_AttachNetworkInterface - description: Attaches a network interface to an instance. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AttachNetworkInterfaceResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AttachNetworkInterfaceRequest' - parameters: [] - /?Action=AttachVolume&Version=2016-11-15: - get: - x-aws-operation-name: AttachVolume - operationId: GET_AttachVolume - description: '

Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.

Encrypted EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

After you attach an EBS volume, you must make it available. For more information, see Make an EBS volume available for use.

If a volume has an Amazon Web Services Marketplace product code:

For more information, see Attach an Amazon EBS volume to an instance in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/VolumeAttachment' - parameters: - - name: Device - in: query - required: true - description: 'The device name (for example, /dev/sdh or xvdh).' - schema: - type: string - - name: InstanceId - in: query - required: true - description: The ID of the instance. - schema: - type: string - - name: VolumeId - in: query - required: true - description: The ID of the EBS volume. The volume and instance must be within the same Availability Zone. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AttachVolume - operationId: POST_AttachVolume - description: '

Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.

Encrypted EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

After you attach an EBS volume, you must make it available. For more information, see Make an EBS volume available for use.

If a volume has an Amazon Web Services Marketplace product code:

For more information, see Attach an Amazon EBS volume to an instance in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/VolumeAttachment' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AttachVolumeRequest' - parameters: [] - /?Action=AttachVpnGateway&Version=2016-11-15: - get: - x-aws-operation-name: AttachVpnGateway - operationId: GET_AttachVpnGateway - description: '

Attaches a virtual private gateway to a VPC. You can attach one virtual private gateway to one VPC at a time.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AttachVpnGatewayResult' - parameters: - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - - name: VpnGatewayId - in: query - required: true - description: The ID of the virtual private gateway. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AttachVpnGateway - operationId: POST_AttachVpnGateway - description: '

Attaches a virtual private gateway to a VPC. You can attach one virtual private gateway to one VPC at a time.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AttachVpnGatewayResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AttachVpnGatewayRequest' - parameters: [] - /?Action=AuthorizeClientVpnIngress&Version=2016-11-15: - get: - x-aws-operation-name: AuthorizeClientVpnIngress - operationId: GET_AuthorizeClientVpnIngress - description: Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in Amazon Web Services or on-premises networks. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AuthorizeClientVpnIngressResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint. - schema: - type: string - - name: TargetNetworkCidr - in: query - required: true - description: 'The IPv4 address range, in CIDR notation, of the network for which access is being authorized.' - schema: - type: string - - name: AccessGroupId - in: query - required: false - description: 'The ID of the group to grant access to, for example, the Active Directory group or identity provider (IdP) group. Required if AuthorizeAllGroups is false or not specified.' - schema: - type: string - - name: AuthorizeAllGroups - in: query - required: false - description: Indicates whether to grant access to all clients. Specify true to grant all clients who successfully establish a VPN connection access to the network. Must be set to true if AccessGroupId is not specified. - schema: - type: boolean - - name: Description - in: query - required: false - description: A brief description of the authorization rule. - schema: - type: string - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AuthorizeClientVpnIngress - operationId: POST_AuthorizeClientVpnIngress - description: Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in Amazon Web Services or on-premises networks. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AuthorizeClientVpnIngressResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AuthorizeClientVpnIngressRequest' - parameters: [] - /?Action=AuthorizeSecurityGroupEgress&Version=2016-11-15: - get: - x-aws-operation-name: AuthorizeSecurityGroupEgress - operationId: GET_AuthorizeSecurityGroupEgress - description: '

[VPC only] Adds the specified outbound (egress) rules to a security group for use with a VPC.

An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances that are associated with the specified source security groups.

You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.

Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

For information about VPC security group quotas, see Amazon VPC quotas.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AuthorizeSecurityGroupEgressResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: GroupId - in: query - required: true - description: The ID of the security group. - schema: - type: string - - name: IpPermissions - in: query - required: false - description: The sets of IP permissions. You can't specify a destination security group and a CIDR IP address range in the same set of permissions. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpPermission' - - xml: - name: item - - name: TagSpecification - in: query - required: false - description: The tags applied to the security group rule. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: CidrIp - in: query - required: false - description: Not supported. Use a set of IP permissions to specify the CIDR. - schema: - type: string - - name: FromPort - in: query - required: false - description: Not supported. Use a set of IP permissions to specify the port. - schema: - type: integer - - name: IpProtocol - in: query - required: false - description: Not supported. Use a set of IP permissions to specify the protocol name or number. - schema: - type: string - - name: ToPort - in: query - required: false - description: Not supported. Use a set of IP permissions to specify the port. - schema: - type: integer - - name: SourceSecurityGroupName - in: query - required: false - description: Not supported. Use a set of IP permissions to specify a destination security group. - schema: - type: string - - name: SourceSecurityGroupOwnerId - in: query - required: false - description: Not supported. Use a set of IP permissions to specify a destination security group. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AuthorizeSecurityGroupEgress - operationId: POST_AuthorizeSecurityGroupEgress - description: '

[VPC only] Adds the specified outbound (egress) rules to a security group for use with a VPC.

An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances that are associated with the specified source security groups.

You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.

Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

For information about VPC security group quotas, see Amazon VPC quotas.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AuthorizeSecurityGroupEgressResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AuthorizeSecurityGroupEgressRequest' - parameters: [] - /?Action=AuthorizeSecurityGroupIngress&Version=2016-11-15: - get: - x-aws-operation-name: AuthorizeSecurityGroupIngress - operationId: GET_AuthorizeSecurityGroupIngress - description: '

Adds the specified inbound (ingress) rules to a security group.

An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances that are associated with the specified destination security groups.

You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

For more information about VPC security group quotas, see Amazon VPC quotas.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AuthorizeSecurityGroupIngressResult' - parameters: - - name: CidrIp - in: query - required: false - description: '

The IPv4 address range, in CIDR format. You can''t specify this parameter when specifying a source security group. To specify an IPv6 address range, use a set of IP permissions.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

' - schema: - type: string - - name: FromPort - in: query - required: false - description: '

The start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, use -1 to specify all types. If you specify all ICMP types, you must specify all codes.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

' - schema: - type: integer - - name: GroupId - in: query - required: false - description: 'The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.' - schema: - type: string - - name: GroupName - in: query - required: false - description: '[EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request.' - schema: - type: string - - name: IpPermissions - in: query - required: false - description: The sets of IP permissions. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpPermission' - - xml: - name: item - - name: IpProtocol - in: query - required: false - description: '

The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). To specify icmpv6, use a set of IP permissions.

[VPC only] Use -1 to specify all protocols. If you specify -1 or a protocol other than tcp, udp, or icmp, traffic on all ports is allowed, regardless of any ports you specify.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

' - schema: - type: string - - name: SourceSecurityGroupName - in: query - required: false - description: '[EC2-Classic, default VPC] The name of the source security group. You can''t specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. For EC2-VPC, the source security group must be in the same VPC.' - schema: - type: string - - name: SourceSecurityGroupOwnerId - in: query - required: false - description: '[nondefault VPC] The Amazon Web Services account ID for the source security group, if the source security group is in a different account. You can''t specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.' - schema: - type: string - - name: ToPort - in: query - required: false - description: '

The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all codes. If you specify all ICMP types, you must specify all codes.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

' - schema: - type: integer - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: TagSpecification - in: query - required: false - description: '[VPC Only] The tags applied to the security group rule.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: AuthorizeSecurityGroupIngress - operationId: POST_AuthorizeSecurityGroupIngress - description: '

Adds the specified inbound (ingress) rules to a security group.

An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances that are associated with the specified destination security groups.

You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

For more information about VPC security group quotas, see Amazon VPC quotas.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/AuthorizeSecurityGroupIngressResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AuthorizeSecurityGroupIngressRequest' - parameters: [] - /?Action=BundleInstance&Version=2016-11-15: - get: - x-aws-operation-name: BundleInstance - operationId: GET_BundleInstance - description: '

Bundles an Amazon instance store-backed Windows instance.

During bundling, only the root device volume (C:\) is bundled. Data on other instance store volumes is not preserved.

This action is not applicable for Linux/Unix instances or Windows instances that are backed by Amazon EBS.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/BundleInstanceResult' - parameters: - - name: InstanceId - in: query - required: true - description: '

The ID of the instance to bundle.

Type: String

Default: None

Required: Yes

' - schema: - type: string - - name: Storage - in: query - required: true - description: 'The bucket in which to store the AMI. You can specify a bucket that you already own or a new bucket that Amazon EC2 creates on your behalf. If you specify a bucket that belongs to someone else, Amazon EC2 returns an error.' - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/S3Storage' - - description: An Amazon S3 storage location. - description: Describes the storage location for an instance store-backed AMI. - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: BundleInstance - operationId: POST_BundleInstance - description: '

Bundles an Amazon instance store-backed Windows instance.

During bundling, only the root device volume (C:\) is bundled. Data on other instance store volumes is not preserved.

This action is not applicable for Linux/Unix instances or Windows instances that are backed by Amazon EBS.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/BundleInstanceResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/BundleInstanceRequest' - parameters: [] - /?Action=CancelBundleTask&Version=2016-11-15: - get: - x-aws-operation-name: CancelBundleTask - operationId: GET_CancelBundleTask - description: Cancels a bundling operation for an instance store-backed Windows instance. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelBundleTaskResult' - parameters: - - name: BundleId - in: query - required: true - description: The ID of the bundle task. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CancelBundleTask - operationId: POST_CancelBundleTask - description: Cancels a bundling operation for an instance store-backed Windows instance. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelBundleTaskResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelBundleTaskRequest' - parameters: [] - /?Action=CancelCapacityReservation&Version=2016-11-15: - get: - x-aws-operation-name: CancelCapacityReservation - operationId: GET_CancelCapacityReservation - description: '

Cancels the specified Capacity Reservation, releases the reserved capacity, and changes the Capacity Reservation''s state to cancelled.

Instances running in the reserved capacity continue running until you stop them. Stopped instances that target the Capacity Reservation can no longer launch. Modify these instances to either target a different Capacity Reservation, launch On-Demand Instance capacity, or run in any open Capacity Reservation that has matching attributes and sufficient capacity.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelCapacityReservationResult' - parameters: - - name: CapacityReservationId - in: query - required: true - description: The ID of the Capacity Reservation to be cancelled. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CancelCapacityReservation - operationId: POST_CancelCapacityReservation - description: '

Cancels the specified Capacity Reservation, releases the reserved capacity, and changes the Capacity Reservation''s state to cancelled.

Instances running in the reserved capacity continue running until you stop them. Stopped instances that target the Capacity Reservation can no longer launch. Modify these instances to either target a different Capacity Reservation, launch On-Demand Instance capacity, or run in any open Capacity Reservation that has matching attributes and sufficient capacity.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelCapacityReservationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelCapacityReservationRequest' - parameters: [] - /?Action=CancelCapacityReservationFleets&Version=2016-11-15: - get: - x-aws-operation-name: CancelCapacityReservationFleets - operationId: GET_CancelCapacityReservationFleets - description: '

Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity Reservation Fleet, the following happens:

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelCapacityReservationFleetsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: CapacityReservationFleetId - in: query - required: true - description: The IDs of the Capacity Reservation Fleets to cancel. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleetId' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CancelCapacityReservationFleets - operationId: POST_CancelCapacityReservationFleets - description: '

Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity Reservation Fleet, the following happens:

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelCapacityReservationFleetsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelCapacityReservationFleetsRequest' - parameters: [] - /?Action=CancelConversionTask&Version=2016-11-15: - get: - x-aws-operation-name: CancelConversionTask - operationId: GET_CancelConversionTask - description: '

Cancels an active conversion task. The task can be the import of an instance or volume. The action removes all artifacts of the conversion, including a partially uploaded volume or instance. If the conversion is complete or is in the process of transferring the final disk image, the command fails and returns an exception.

For more information, see Importing a Virtual Machine Using the Amazon EC2 CLI.

' - responses: - '200': - description: Success - parameters: - - name: ConversionTaskId - in: query - required: true - description: The ID of the conversion task. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ReasonMessage - in: query - required: false - description: The reason for canceling the conversion task. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CancelConversionTask - operationId: POST_CancelConversionTask - description: '

Cancels an active conversion task. The task can be the import of an instance or volume. The action removes all artifacts of the conversion, including a partially uploaded volume or instance. If the conversion is complete or is in the process of transferring the final disk image, the command fails and returns an exception.

For more information, see Importing a Virtual Machine Using the Amazon EC2 CLI.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelConversionRequest' - parameters: [] - /?Action=CancelExportTask&Version=2016-11-15: - get: - x-aws-operation-name: CancelExportTask - operationId: GET_CancelExportTask - description: 'Cancels an active export task. The request removes all artifacts of the export, including any partially-created Amazon S3 objects. If the export task is complete or is in the process of transferring the final disk image, the command fails and returns an error.' - responses: - '200': - description: Success - parameters: - - name: ExportTaskId - in: query - required: true - description: The ID of the export task. This is the ID returned by CreateInstanceExportTask. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CancelExportTask - operationId: POST_CancelExportTask - description: 'Cancels an active export task. The request removes all artifacts of the export, including any partially-created Amazon S3 objects. If the export task is complete or is in the process of transferring the final disk image, the command fails and returns an error.' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelExportTaskRequest' - parameters: [] - /?Action=CancelImportTask&Version=2016-11-15: - get: - x-aws-operation-name: CancelImportTask - operationId: GET_CancelImportTask - description: Cancels an in-process import virtual machine or import snapshot task. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelImportTaskResult' - parameters: - - name: CancelReason - in: query - required: false - description: The reason for canceling the task. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ImportTaskId - in: query - required: false - description: The ID of the import image or import snapshot task to be canceled. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CancelImportTask - operationId: POST_CancelImportTask - description: Cancels an in-process import virtual machine or import snapshot task. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelImportTaskResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelImportTaskRequest' - parameters: [] - /?Action=CancelReservedInstancesListing&Version=2016-11-15: - get: - x-aws-operation-name: CancelReservedInstancesListing - operationId: GET_CancelReservedInstancesListing - description: '

Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelReservedInstancesListingResult' - parameters: - - name: ReservedInstancesListingId - in: query - required: true - description: The ID of the Reserved Instance listing. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CancelReservedInstancesListing - operationId: POST_CancelReservedInstancesListing - description: '

Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelReservedInstancesListingResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelReservedInstancesListingRequest' - parameters: [] - /?Action=CancelSpotFleetRequests&Version=2016-11-15: - get: - x-aws-operation-name: CancelSpotFleetRequests - operationId: GET_CancelSpotFleetRequests - description: '

Cancels the specified Spot Fleet requests.

After you cancel a Spot Fleet request, the Spot Fleet launches no new Spot Instances. You must specify whether the Spot Fleet should also terminate its Spot Instances. If you terminate the instances, the Spot Fleet request enters the cancelled_terminating state. Otherwise, the Spot Fleet request enters the cancelled_running state and the instances continue to run until they are interrupted or you terminate them manually.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelSpotFleetRequestsResponse' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: SpotFleetRequestId - in: query - required: true - description: The IDs of the Spot Fleet requests. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SpotFleetRequestId' - - xml: - name: item - - name: TerminateInstances - in: query - required: true - description: Indicates whether to terminate instances for a Spot Fleet request if it is canceled successfully. - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CancelSpotFleetRequests - operationId: POST_CancelSpotFleetRequests - description: '

Cancels the specified Spot Fleet requests.

After you cancel a Spot Fleet request, the Spot Fleet launches no new Spot Instances. You must specify whether the Spot Fleet should also terminate its Spot Instances. If you terminate the instances, the Spot Fleet request enters the cancelled_terminating state. Otherwise, the Spot Fleet request enters the cancelled_running state and the instances continue to run until they are interrupted or you terminate them manually.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelSpotFleetRequestsResponse' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelSpotFleetRequestsRequest' - parameters: [] - /?Action=CancelSpotInstanceRequests&Version=2016-11-15: - get: - x-aws-operation-name: CancelSpotInstanceRequests - operationId: GET_CancelSpotInstanceRequests - description:

Cancels one or more Spot Instance requests.

Canceling a Spot Instance request does not terminate running Spot Instances associated with the request.

 - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelSpotInstanceRequestsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: SpotInstanceRequestId - in: query - required: true - description: One or more Spot Instance request IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SpotInstanceRequestId' - - xml: - name: SpotInstanceRequestId - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CancelSpotInstanceRequests - operationId: POST_CancelSpotInstanceRequests - description:

Cancels one or more Spot Instance requests.

Canceling a Spot Instance request does not terminate running Spot Instances associated with the request.

 - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelSpotInstanceRequestsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CancelSpotInstanceRequestsRequest' - parameters: [] - /?Action=ConfirmProductInstance&Version=2016-11-15: - get: - x-aws-operation-name: ConfirmProductInstance - operationId: GET_ConfirmProductInstance - description: Determines whether a product code is associated with an instance. This action can only be used by the owner of the product code. It is useful when a product code owner must verify whether another user's instance is eligible for support. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ConfirmProductInstanceResult' - parameters: - - name: InstanceId - in: query - required: true - description: The ID of the instance. - schema: - type: string - - name: ProductCode - in: query - required: true - description: The product code. This must be a product code that you own. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ConfirmProductInstance - operationId: POST_ConfirmProductInstance - description: Determines whether a product code is associated with an instance. This action can only be used by the owner of the product code. It is useful when a product code owner must verify whether another user's instance is eligible for support. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ConfirmProductInstanceResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ConfirmProductInstanceRequest' - parameters: [] - /?Action=CopyFpgaImage&Version=2016-11-15: - get: - x-aws-operation-name: CopyFpgaImage - operationId: GET_CopyFpgaImage - description: Copies the specified Amazon FPGA Image (AFI) to the current Region. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CopyFpgaImageResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: SourceFpgaImageId - in: query - required: true - description: The ID of the source AFI. - schema: - type: string - - name: Description - in: query - required: false - description: The description for the new AFI. - schema: - type: string - - name: Name - in: query - required: false - description: The name for the new AFI. The default is the name of the source AFI. - schema: - type: string - - name: SourceRegion - in: query - required: true - description: The Region that contains the source AFI. - schema: - type: string - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CopyFpgaImage - operationId: POST_CopyFpgaImage - description: Copies the specified Amazon FPGA Image (AFI) to the current Region. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CopyFpgaImageResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CopyFpgaImageRequest' - parameters: [] - /?Action=CopyImage&Version=2016-11-15: - get: - x-aws-operation-name: CopyImage - operationId: GET_CopyImage - description: '

Initiates the copy of an AMI. You can copy an AMI from one Region to another, or from a Region to an Outpost. You can''t copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.

To copy an AMI from one Region to another, specify the source Region using the SourceRegion parameter, and specify the destination Region using its endpoint. Copies of encrypted backing snapshots for the AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, unless you set Encrypted during the copy operation. You cannot create an unencrypted copy of an encrypted backing snapshot.

To copy an AMI from a Region to an Outpost, specify the source Region using the SourceRegion parameter, and specify the ARN of the destination Outpost using DestinationOutpostArn. Backing snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId. Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.

For more information about the prerequisites and limits when copying an AMI, see Copying an AMI in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CopyImageResult' - parameters: - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see Ensuring idempotency in the Amazon EC2 API Reference.' - schema: - type: string - - name: Description - in: query - required: false - description: A description for the new AMI in the destination Region. - schema: - type: string - - name: Encrypted - in: query - required: false - description: 'Specifies whether the destination snapshots of the copied image should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default Key Management Service (KMS) KMS key using KmsKeyId. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.' - schema: - type: boolean - - name: KmsKeyId - in: query - required: false - description: '

The identifier of the symmetric Key Management Service (KMS) KMS key to use when creating encrypted volumes. If this parameter is not specified, your Amazon Web Services managed KMS key for Amazon EBS is used. If you specify a KMS key, you must also set the encrypted state to true.

You can specify a KMS key using any of the following:

Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an identifier that is not valid, the action can appear to complete, but eventually fails.

The specified KMS key must exist in the destination Region.

Amazon EBS does not support asymmetric KMS keys.

' - schema: - type: string - - name: Name - in: query - required: true - description: The name of the new AMI in the destination Region. - schema: - type: string - - name: SourceImageId - in: query - required: true - description: The ID of the AMI to copy. - schema: - type: string - - name: SourceRegion - in: query - required: true - description: The name of the Region that contains the AMI to copy. - schema: - type: string - - name: DestinationOutpostArn - in: query - required: false - description: '

The Amazon Resource Name (ARN) of the Outpost to which to copy the AMI. Only specify this parameter when copying an AMI from an Amazon Web Services Region to an Outpost. The AMI must be in the Region of the destination Outpost. You cannot copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

For more information, see Copying AMIs from an Amazon Web Services Region to an Outpost in the Amazon Elastic Compute Cloud User Guide.

' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CopyImage - operationId: POST_CopyImage - description: '

Initiates the copy of an AMI. You can copy an AMI from one Region to another, or from a Region to an Outpost. You can''t copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.

To copy an AMI from one Region to another, specify the source Region using the SourceRegion parameter, and specify the destination Region using its endpoint. Copies of encrypted backing snapshots for the AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, unless you set Encrypted during the copy operation. You cannot create an unencrypted copy of an encrypted backing snapshot.

To copy an AMI from a Region to an Outpost, specify the source Region using the SourceRegion parameter, and specify the ARN of the destination Outpost using DestinationOutpostArn. Backing snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId. Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.

For more information about the prerequisites and limits when copying an AMI, see Copying an AMI in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CopyImageResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CopyImageRequest' - parameters: [] - /?Action=CopySnapshot&Version=2016-11-15: - get: - x-aws-operation-name: CopySnapshot - operationId: GET_CopySnapshot - description: '

Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy a snapshot within the same Region, from one Region to another, or from a Region to an Outpost. You can''t copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

You can use the snapshot to create EBS volumes or Amazon Machine Images (AMIs).

When copying snapshots to a Region, copies of encrypted EBS snapshots remain encrypted. Copies of unencrypted snapshots remain unencrypted, unless you enable encryption for the snapshot copy operation. By default, encrypted snapshot copies use the default Key Management Service (KMS) KMS key; however, you can specify a different KMS key. To copy an encrypted snapshot that has been shared from another account, you must have permissions for the KMS key used to encrypt the snapshot.

Snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId. Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.

Snapshots created by copying another snapshot have an arbitrary volume ID that should not be used for any purpose.

For more information, see Copy an Amazon EBS snapshot in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CopySnapshotResult' - parameters: - - name: Description - in: query - required: false - description: A description for the EBS snapshot. - schema: - type: string - - name: DestinationOutpostArn - in: query - required: false - description: '

The Amazon Resource Name (ARN) of the Outpost to which to copy the snapshot. Only specify this parameter when copying a snapshot from an Amazon Web Services Region to an Outpost. The snapshot must be in the Region for the destination Outpost. You cannot copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

For more information, see Copy snapshots from an Amazon Web Services Region to an Outpost in the Amazon Elastic Compute Cloud User Guide.

' - schema: - type: string - - name: DestinationRegion - in: query - required: false - description: '

The destination Region to use in the PresignedUrl parameter of a snapshot copy operation. This parameter is only valid for specifying the destination Region in a PresignedUrl parameter, where it is required.

The snapshot copy is sent to the regional endpoint that you sent the HTTP request to (for example, ec2.us-east-1.amazonaws.com). With the CLI, this is specified using the --region parameter or the default Region in your Amazon Web Services configuration file.

' - schema: - type: string - - name: Encrypted - in: query - required: false - description: 'To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, enable encryption using this parameter. Otherwise, omit this parameter. Encrypted snapshots are encrypted, even if you omit this parameter and encryption by default is not enabled. You cannot set this parameter to false. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.' - schema: - type: boolean - - name: KmsKeyId - in: query - required: false - description: '

The identifier of the Key Management Service (KMS) KMS key to use for Amazon EBS encryption. If this parameter is not specified, your KMS key for Amazon EBS is used. If KmsKeyId is specified, the encrypted state must be true.

You can specify the KMS key using any of the following:

Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails.

' - schema: - type: string - - name: PresignedUrl - in: query - required: false - description: '

When you copy an encrypted source snapshot using the Amazon EC2 Query API, you must supply a pre-signed URL. This parameter is optional for unencrypted snapshots. For more information, see Query requests.

The PresignedUrl should use the snapshot source endpoint, the CopySnapshot action, and include the SourceRegion, SourceSnapshotId, and DestinationRegion parameters. The PresignedUrl must be signed using Amazon Web Services Signature Version 4. Because EBS snapshots are stored in Amazon S3, the signing algorithm for this parameter uses the same logic that is described in Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) in the Amazon Simple Storage Service API Reference. An invalid or improperly signed PresignedUrl will cause the copy operation to fail asynchronously, and the snapshot will move to an error state.

' - schema: - type: string - - name: SourceRegion - in: query - required: true - description: The ID of the Region that contains the snapshot to be copied. - schema: - type: string - - name: SourceSnapshotId - in: query - required: true - description: The ID of the EBS snapshot to copy. - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to apply to the new snapshot. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CopySnapshot - operationId: POST_CopySnapshot - description: '

Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy a snapshot within the same Region, from one Region to another, or from a Region to an Outpost. You can''t copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

You can use the snapshot to create EBS volumes or Amazon Machine Images (AMIs).

When copying snapshots to a Region, copies of encrypted EBS snapshots remain encrypted. Copies of unencrypted snapshots remain unencrypted, unless you enable encryption for the snapshot copy operation. By default, encrypted snapshot copies use the default Key Management Service (KMS) KMS key; however, you can specify a different KMS key. To copy an encrypted snapshot that has been shared from another account, you must have permissions for the KMS key used to encrypt the snapshot.

Snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId. Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.

Snapshots created by copying another snapshot have an arbitrary volume ID that should not be used for any purpose.

For more information, see Copy an Amazon EBS snapshot in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CopySnapshotResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CopySnapshotRequest' - parameters: [] - /?Action=CreateCapacityReservation&Version=2016-11-15: - get: - x-aws-operation-name: CreateCapacityReservation - operationId: GET_CreateCapacityReservation - description: '

Creates a new Capacity Reservation with the specified attributes.

Capacity Reservations enable you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration. This gives you the flexibility to selectively add capacity reservations and still get the Regional RI discounts for that usage. By creating Capacity Reservations, you ensure that you always have access to Amazon EC2 capacity when you need it, for as long as you need it. For more information, see Capacity Reservations in the Amazon EC2 User Guide.

Your request to create a Capacity Reservation could fail if Amazon EC2 does not have sufficient capacity to fulfill the request. If your request fails due to Amazon EC2 capacity constraints, either try again at a later time, try in a different Availability Zone, or request a smaller capacity reservation. If your application is flexible across instance types and sizes, try to create a Capacity Reservation with different instance attributes.

Your request could also fail if the requested quantity exceeds your On-Demand Instance limit for the selected instance type. If your request fails due to limit constraints, increase your On-Demand Instance limit for the required instance type and try again. For more information about increasing your instance limits, see Amazon EC2 Service Quotas in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateCapacityReservationResult' - parameters: - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency.' - schema: - type: string - - name: InstanceType - in: query - required: true - description: 'The instance type for which to reserve capacity. For more information, see Instance types in the Amazon EC2 User Guide.' - schema: - type: string - - name: InstancePlatform - in: query - required: true - description: The type of operating system for which to reserve capacity. - schema: - type: string - enum: - - Linux/UNIX - - Red Hat Enterprise Linux - - SUSE Linux - - Windows - - Windows with SQL Server - - Windows with SQL Server Enterprise - - Windows with SQL Server Standard - - Windows with SQL Server Web - - Linux with SQL Server Standard - - Linux with SQL Server Web - - Linux with SQL Server Enterprise - - RHEL with SQL Server Standard - - RHEL with SQL Server Enterprise - - RHEL with SQL Server Web - - RHEL with HA - - RHEL with HA and SQL Server Standard - - RHEL with HA and SQL Server Enterprise - - name: AvailabilityZone - in: query - required: false - description: The Availability Zone in which to create the Capacity Reservation. - schema: - type: string - - name: AvailabilityZoneId - in: query - required: false - description: The ID of the Availability Zone in which to create the Capacity Reservation. - schema: - type: string - - name: Tenancy - in: query - required: false - description: '

Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:

' - schema: - type: string - enum: - - default - - dedicated - - name: InstanceCount - in: query - required: true - description: '

The number of instances for which to reserve capacity.

Valid range: 1 - 1000

' - schema: - type: integer - - name: EbsOptimized - in: query - required: false - description: Indicates whether the Capacity Reservation supports EBS-optimized instances. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS- optimized instance. - schema: - type: boolean - - name: EphemeralStorage - in: query - required: false - description: 'Indicates whether the Capacity Reservation supports instances with temporary, block-level storage.' - schema: - type: boolean - - name: EndDate - in: query - required: false - description: '

The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation''s state changes to expired when it reaches its end date and time.

You must provide an EndDate value if EndDateType is limited. Omit EndDate if EndDateType is unlimited.

If the EndDateType is limited, the Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.

' - schema: - type: string - format: date-time - - name: EndDateType - in: query - required: false - description: '

Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:

' - schema: - type: string - enum: - - unlimited - - limited - - name: InstanceMatchCriteria - in: query - required: false - description: '

Indicates the type of instance launches that the Capacity Reservation accepts. The options include:

Default: open

' - schema: - type: string - enum: - - open - - targeted - - name: TagSpecifications - in: query - required: false - description: The tags to apply to the Capacity Reservation during launch. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: OutpostArn - in: query - required: false - description: The Amazon Resource Name (ARN) of the Outpost on which to create the Capacity Reservation. - schema: - type: string - pattern: '^arn:aws([a-z-]+)?:outposts:[a-z\d-]+:\d{12}:outpost/op-[a-f0-9]{17}$' - - name: PlacementGroupArn - in: query - required: false - description: 'The Amazon Resource Name (ARN) of the cluster placement group in which to create the Capacity Reservation. For more information, see Capacity Reservations for cluster placement groups in the Amazon EC2 User Guide.' - schema: - type: string - pattern: '^arn:aws([a-z-]+)?:ec2:[a-z\d-]+:\d{12}:placement-group/([^\s].+[^\s]){1,255}$' - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateCapacityReservation - operationId: POST_CreateCapacityReservation - description: '

Creates a new Capacity Reservation with the specified attributes.

Capacity Reservations enable you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration. This gives you the flexibility to selectively add capacity reservations and still get the Regional RI discounts for that usage. By creating Capacity Reservations, you ensure that you always have access to Amazon EC2 capacity when you need it, for as long as you need it. For more information, see Capacity Reservations in the Amazon EC2 User Guide.

Your request to create a Capacity Reservation could fail if Amazon EC2 does not have sufficient capacity to fulfill the request. If your request fails due to Amazon EC2 capacity constraints, either try again at a later time, try in a different Availability Zone, or request a smaller capacity reservation. If your application is flexible across instance types and sizes, try to create a Capacity Reservation with different instance attributes.

Your request could also fail if the requested quantity exceeds your On-Demand Instance limit for the selected instance type. If your request fails due to limit constraints, increase your On-Demand Instance limit for the required instance type and try again. For more information about increasing your instance limits, see Amazon EC2 Service Quotas in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateCapacityReservationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateCapacityReservationRequest' - parameters: [] - /?Action=CreateCapacityReservationFleet&Version=2016-11-15: - get: - x-aws-operation-name: CreateCapacityReservationFleet - operationId: GET_CreateCapacityReservationFleet - description: 'Creates a Capacity Reservation Fleet. For more information, see Create a Capacity Reservation Fleet in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateCapacityReservationFleetResult' - parameters: - - name: AllocationStrategy - in: query - required: false - description: '

The strategy used by the Capacity Reservation Fleet to determine which of the specified instance types to use. Currently, only the prioritized allocation strategy is supported. For more information, see Allocation strategy in the Amazon EC2 User Guide.

Valid values: prioritized

' - schema: - type: string - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency.' - schema: - type: string - - name: InstanceTypeSpecification - in: query - required: true - description: Information about the instance types for which to reserve the capacity. - schema: - type: array - items: - $ref: '#/components/schemas/ReservationFleetInstanceSpecification' - - name: Tenancy - in: query - required: false - description: '

Indicates the tenancy of the Capacity Reservation Fleet. All Capacity Reservations in the Fleet inherit this tenancy. The Capacity Reservation Fleet can have one of the following tenancy settings:

' - schema: - type: string - enum: - - default - - name: TotalTargetCapacity - in: query - required: true - description: 'The total number of capacity units to be reserved by the Capacity Reservation Fleet. This value, together with the instance type weights that you assign to each instance type used by the Fleet determine the number of instances for which the Fleet reserves capacity. Both values are based on units that make sense for your workload. For more information, see Total target capacity in the Amazon EC2 User Guide.' - schema: - type: integer - - name: EndDate - in: query - required: false - description: '

The date and time at which the Capacity Reservation Fleet expires. When the Capacity Reservation Fleet expires, its state changes to expired and all of the Capacity Reservations in the Fleet expire.

The Capacity Reservation Fleet expires within an hour after the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation Fleet is guaranteed to expire between 13:30:55 and 14:30:55 on 5/31/2019.

' - schema: - type: string - format: date-time - - name: InstanceMatchCriteria - in: query - required: false - description: '

Indicates the type of instance launches that the Capacity Reservation Fleet accepts. All Capacity Reservations in the Fleet inherit this instance matching criteria.

Currently, Capacity Reservation Fleets support open instance matching criteria only. This means that instances that have matching attributes (instance type, platform, and Availability Zone) run in the Capacity Reservations automatically. Instances do not need to explicitly target a Capacity Reservation Fleet to use its reserved capacity.

' - schema: - type: string - enum: - - open - - name: TagSpecification - in: query - required: false - description: The tags to assign to the Capacity Reservation Fleet. The tags are automatically assigned to the Capacity Reservations in the Fleet. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateCapacityReservationFleet - operationId: POST_CreateCapacityReservationFleet - description: 'Creates a Capacity Reservation Fleet. For more information, see Create a Capacity Reservation Fleet in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateCapacityReservationFleetResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateCapacityReservationFleetRequest' - parameters: [] - /?Action=CreateCarrierGateway&Version=2016-11-15: - get: - x-aws-operation-name: CreateCarrierGateway - operationId: GET_CreateCarrierGateway - description: 'Creates a carrier gateway. For more information about carrier gateways, see Carrier gateways in the Amazon Web Services Wavelength Developer Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateCarrierGatewayResult' - parameters: - - name: VpcId - in: query - required: true - description: The ID of the VPC to associate with the carrier gateway. - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to associate with the carrier gateway. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateCarrierGateway - operationId: POST_CreateCarrierGateway - description: 'Creates a carrier gateway. For more information about carrier gateways, see Carrier gateways in the Amazon Web Services Wavelength Developer Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateCarrierGatewayResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateCarrierGatewayRequest' - parameters: [] - /?Action=CreateClientVpnEndpoint&Version=2016-11-15: - get: - x-aws-operation-name: CreateClientVpnEndpoint - operationId: GET_CreateClientVpnEndpoint - description: Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateClientVpnEndpointResult' - parameters: - - name: ClientCidrBlock - in: query - required: true - description: 'The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.' - schema: - type: string - - name: ServerCertificateArn - in: query - required: true - description: 'The ARN of the server certificate. For more information, see the Certificate Manager User Guide.' - schema: - type: string - - name: Authentication - in: query - required: true - description: Information about the authentication method to be used to authenticate clients. - schema: - type: array - items: - $ref: '#/components/schemas/ClientVpnAuthenticationRequest' - - name: ConnectionLogOptions - in: query - required: true - description: '

Information about the client connection logging options.

If you enable client connection logging, data about client connections is sent to a Cloudwatch Logs log stream. The following information is logged:

' - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the CloudWatch Logs log stream to which the connection data is published. - description: Describes the client connection logging options for the Client VPN endpoint. - - name: DnsServers - in: query - required: false - description: 'Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address configured on the device is used for the DNS server.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: TransportProtocol - in: query - required: false - description: '

The transport protocol to be used by the VPN session.

Default value: udp

' - schema: - type: string - enum: - - tcp - - udp - - name: VpnPort - in: query - required: false - description: '

The port number to assign to the Client VPN endpoint for TCP and UDP traffic.

Valid Values: 443 | 1194

Default Value: 443

' - schema: - type: integer - - name: Description - in: query - required: false - description: A brief description of the Client VPN endpoint. - schema: - type: string - - name: SplitTunnel - in: query - required: false - description: '

Indicates whether split-tunnel is enabled on the Client VPN endpoint.

By default, split-tunnel on a VPN endpoint is disabled.

For information about split-tunnel VPN endpoints, see Split-tunnel Client VPN endpoint in the Client VPN Administrator Guide.

' - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to apply to the Client VPN endpoint during creation. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: SecurityGroupId - in: query - required: false - description: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: item - - name: VpcId - in: query - required: false - description: 'The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.' - schema: - type: string - - name: SelfServicePortal - in: query - required: false - description: '

Specify whether to enable the self-service portal for the Client VPN endpoint.

Default Value: enabled

' - schema: - type: string - enum: - - enabled - - disabled - - name: ClientConnectOptions - in: query - required: false - description: The options for managing connection authorization for new client connections. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization. - description: The options for managing connection authorization for new client connections. - - name: SessionTimeoutHours - in: query - required: false - description: '

The maximum VPN session duration time in hours.

Valid values: 8 | 10 | 12 | 24

Default value: 24

' - schema: - type: integer - - name: ClientLoginBannerOptions - in: query - required: false - description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: Customizable text that will be displayed in a banner on Amazon Web Services provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. - description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateClientVpnEndpoint - operationId: POST_CreateClientVpnEndpoint - description: Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateClientVpnEndpointResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateClientVpnEndpointRequest' - parameters: [] - /?Action=CreateClientVpnRoute&Version=2016-11-15: - get: - x-aws-operation-name: CreateClientVpnRoute - operationId: GET_CreateClientVpnRoute - description: Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateClientVpnRouteResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint to which to add the route. - schema: - type: string - - name: DestinationCidrBlock - in: query - required: true - description: '

The IPv4 address range, in CIDR notation, of the route destination. For example:

' - schema: - type: string - - name: TargetVpcSubnetId - in: query - required: true - description: '

The ID of the subnet through which you want to route traffic. The specified subnet must be an existing target network of the Client VPN endpoint.

Alternatively, if you''re adding a route for the local network, specify local.

' - schema: - type: string - - name: Description - in: query - required: false - description: A brief description of the route. - schema: - type: string - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateClientVpnRoute - operationId: POST_CreateClientVpnRoute - description: Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateClientVpnRouteResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateClientVpnRouteRequest' - parameters: [] - /?Action=CreateCustomerGateway&Version=2016-11-15: - get: - x-aws-operation-name: CreateCustomerGateway - operationId: GET_CreateCustomerGateway - description: '

Provides information to Amazon Web Services about your VPN customer gateway device. The customer gateway is the appliance at your end of the VPN connection. (The device on the Amazon Web Services side of the VPN connection is the virtual private gateway.) You must provide the internet-routable IP address of the customer gateway''s external interface. The IP address must be static and can be behind a device performing network address translation (NAT).

For devices that use Border Gateway Protocol (BGP), you can also provide the device''s BGP Autonomous System Number (ASN). You can use an existing ASN assigned to your network. If you don''t have an ASN already, you can use a private ASN. For more information, see Customer gateway options for your Site-to-Site VPN connection in the Amazon Web Services Site-to-Site VPN User Guide.

To create more than one customer gateway with the same VPN type, IP address, and BGP ASN, specify a unique device name for each customer gateway. An identical request returns information about the existing customer gateway; it doesn''t create a new customer gateway.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateCustomerGatewayResult' - parameters: - - name: BgpAsn - in: query - required: true - description: '

For devices that support BGP, the customer gateway''s BGP ASN.

Default: 65000

' - schema: - type: integer - - name: IpAddress - in: query - required: false - description: The Internet-routable IP address for the customer gateway's outside interface. The address must be static. - schema: - type: string - - name: CertificateArn - in: query - required: false - description: The Amazon Resource Name (ARN) for the customer gateway certificate. - schema: - type: string - - name: Type - in: query - required: true - description: The type of VPN connection that this customer gateway supports (ipsec.1). - schema: - type: string - enum: - - ipsec.1 - - name: TagSpecification - in: query - required: false - description: The tags to apply to the customer gateway. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DeviceName - in: query - required: false - description: '

A name for the customer gateway device.

Length Constraints: Up to 255 characters.

' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateCustomerGateway - operationId: POST_CreateCustomerGateway - description: '

Provides information to Amazon Web Services about your VPN customer gateway device. The customer gateway is the appliance at your end of the VPN connection. (The device on the Amazon Web Services side of the VPN connection is the virtual private gateway.) You must provide the internet-routable IP address of the customer gateway''s external interface. The IP address must be static and can be behind a device performing network address translation (NAT).

For devices that use Border Gateway Protocol (BGP), you can also provide the device''s BGP Autonomous System Number (ASN). You can use an existing ASN assigned to your network. If you don''t have an ASN already, you can use a private ASN. For more information, see Customer gateway options for your Site-to-Site VPN connection in the Amazon Web Services Site-to-Site VPN User Guide.

To create more than one customer gateway with the same VPN type, IP address, and BGP ASN, specify a unique device name for each customer gateway. An identical request returns information about the existing customer gateway; it doesn''t create a new customer gateway.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateCustomerGatewayResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateCustomerGatewayRequest' - parameters: [] - /?Action=CreateDefaultSubnet&Version=2016-11-15: - get: - x-aws-operation-name: CreateDefaultSubnet - operationId: GET_CreateDefaultSubnet - description: 'Creates a default subnet with a size /20 IPv4 CIDR block in the specified Availability Zone in your default VPC. You can have only one default subnet per Availability Zone. For more information, see Creating a default subnet in the Amazon Virtual Private Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateDefaultSubnetResult' - parameters: - - name: AvailabilityZone - in: query - required: true - description: The Availability Zone in which to create the default subnet. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Ipv6Native - in: query - required: false - description: 'Indicates whether to create an IPv6 only subnet. If you already have a default subnet for this Availability Zone, you must delete it before you can create an IPv6 only subnet.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateDefaultSubnet - operationId: POST_CreateDefaultSubnet - description: 'Creates a default subnet with a size /20 IPv4 CIDR block in the specified Availability Zone in your default VPC. You can have only one default subnet per Availability Zone. For more information, see Creating a default subnet in the Amazon Virtual Private Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateDefaultSubnetResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateDefaultSubnetRequest' - parameters: [] - /?Action=CreateDefaultVpc&Version=2016-11-15: - get: - x-aws-operation-name: CreateDefaultVpc - operationId: GET_CreateDefaultVpc - description: '

Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in each Availability Zone. For more information about the components of a default VPC, see Default VPC and default subnets in the Amazon Virtual Private Cloud User Guide. You cannot specify the components of the default VPC yourself.

If you deleted your previous default VPC, you can create a default VPC. You cannot have more than one default VPC per Region.

If your account supports EC2-Classic, you cannot use this action to create a default VPC in a Region that supports EC2-Classic. If you want a default VPC in a Region that supports EC2-Classic, see "I really want a default VPC for my existing EC2 account. Is that possible?" in the Default VPCs FAQ.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateDefaultVpcResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateDefaultVpc - operationId: POST_CreateDefaultVpc - description: '

Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in each Availability Zone. For more information about the components of a default VPC, see Default VPC and default subnets in the Amazon Virtual Private Cloud User Guide. You cannot specify the components of the default VPC yourself.

If you deleted your previous default VPC, you can create a default VPC. You cannot have more than one default VPC per Region.

If your account supports EC2-Classic, you cannot use this action to create a default VPC in a Region that supports EC2-Classic. If you want a default VPC in a Region that supports EC2-Classic, see "I really want a default VPC for my existing EC2 account. Is that possible?" in the Default VPCs FAQ.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateDefaultVpcResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateDefaultVpcRequest' - parameters: [] - /?Action=CreateDhcpOptions&Version=2016-11-15: - get: - x-aws-operation-name: CreateDhcpOptions - operationId: GET_CreateDhcpOptions - description: '

Creates a set of DHCP options for your VPC. After creating the set, you must associate it with the VPC, causing all existing and new instances that you launch in the VPC to use this set of DHCP options. The following are the individual DHCP options you can specify. For more information about the options, see RFC 2132.

Your VPC automatically starts out with a set of DHCP options that includes only a DNS server that we provide (AmazonProvidedDNS). If you create a set of options, and if your VPC has an internet gateway, make sure to set the domain-name-servers option either to AmazonProvidedDNS or to a domain name server of your choice. For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateDhcpOptionsResult' - parameters: - - name: DhcpConfiguration - in: query - required: true - description: A DHCP configuration option. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/NewDhcpConfiguration' - - xml: - name: item - - name: TagSpecification - in: query - required: false - description: The tags to assign to the DHCP option. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateDhcpOptions - operationId: POST_CreateDhcpOptions - description: '

Creates a set of DHCP options for your VPC. After creating the set, you must associate it with the VPC, causing all existing and new instances that you launch in the VPC to use this set of DHCP options. The following are the individual DHCP options you can specify. For more information about the options, see RFC 2132.

Your VPC automatically starts out with a set of DHCP options that includes only a DNS server that we provide (AmazonProvidedDNS). If you create a set of options, and if your VPC has an internet gateway, make sure to set the domain-name-servers option either to AmazonProvidedDNS or to a domain name server of your choice. For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateDhcpOptionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateDhcpOptionsRequest' - parameters: [] - /?Action=CreateEgressOnlyInternetGateway&Version=2016-11-15: - get: - x-aws-operation-name: CreateEgressOnlyInternetGateway - operationId: GET_CreateEgressOnlyInternetGateway - description: '[IPv6 only] Creates an egress-only internet gateway for your VPC. An egress-only internet gateway is used to enable outbound communication over IPv6 from instances in your VPC to the internet, and prevents hosts outside of your VPC from initiating an IPv6 connection with your instance.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateEgressOnlyInternetGatewayResult' - parameters: - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcId - in: query - required: true - description: The ID of the VPC for which to create the egress-only internet gateway. - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to assign to the egress-only internet gateway. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateEgressOnlyInternetGateway - operationId: POST_CreateEgressOnlyInternetGateway - description: '[IPv6 only] Creates an egress-only internet gateway for your VPC. An egress-only internet gateway is used to enable outbound communication over IPv6 from instances in your VPC to the internet, and prevents hosts outside of your VPC from initiating an IPv6 connection with your instance.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateEgressOnlyInternetGatewayResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateEgressOnlyInternetGatewayRequest' - parameters: [] - /?Action=CreateFleet&Version=2016-11-15: - get: - x-aws-operation-name: CreateFleet - operationId: GET_CreateFleet - description: '

Launches an EC2 Fleet.

You can create a single EC2 Fleet that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet.

For more information, see EC2 Fleet in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateFleetResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.' - schema: - type: string - - name: SpotOptions - in: query - required: false - description: Describes the configuration of Spot Instances in an EC2 Fleet. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The maximum amount per hour for Spot Instances that you're willing to pay. - description: Describes the configuration of Spot Instances in an EC2 Fleet request. - - name: OnDemandOptions - in: query - required: false - description: Describes the configuration of On-Demand Instances in an EC2 Fleet. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The maximum amount per hour for On-Demand Instances that you're willing to pay. - description: Describes the configuration of On-Demand Instances in an EC2 Fleet. - - name: ExcessCapacityTerminationPolicy - in: query - required: false - description: Indicates whether running instances should be terminated if the total target capacity of the EC2 Fleet is decreased below the current size of the EC2 Fleet. - schema: - type: string - enum: - - no-termination - - termination - - name: LaunchTemplateConfigs - in: query - required: true - description: The configuration for the EC2 Fleet. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/FleetLaunchTemplateConfigRequest' - - xml: - name: item - minItems: 0 - maxItems: 50 - - name: TargetCapacitySpecification - in: query - required: true - description: The number of units to request. - schema: - type: object - required: - - TotalTargetCapacity - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TargetCapacityUnitType' - - description: '

The unit for the target capacity.

Default: units (translates to number of instances)

' - description: '

The number of units to request. You can choose to set the target capacity as the number of instances. Or you can set the target capacity to a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.

You can use the On-Demand Instance MaxTotalPrice parameter, the Spot Instance MaxTotalPrice parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, EC2 Fleet will launch instances until it reaches the maximum amount that you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity. The MaxTotalPrice parameters are located in OnDemandOptionsRequest and SpotOptionsRequest.

' - - name: TerminateInstancesWithExpiration - in: query - required: false - description: Indicates whether running instances should be terminated when the EC2 Fleet expires. - schema: - type: boolean - - name: Type - in: query - required: false - description: '

The fleet type. The default value is maintain.

For more information, see EC2 Fleet request types in the Amazon EC2 User Guide.

' - schema: - type: string - enum: - - request - - maintain - - instant - - name: ValidFrom - in: query - required: false - description: 'The start date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately.' - schema: - type: string - format: date-time - - name: ValidUntil - in: query - required: false - description: 'The end date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new EC2 Fleet requests are placed or able to fulfill the request. If no value is specified, the request remains until you cancel it.' - schema: - type: string - format: date-time - - name: ReplaceUnhealthyInstances - in: query - required: false - description: 'Indicates whether EC2 Fleet should replace unhealthy Spot Instances. Supported only for fleets of type maintain. For more information, see EC2 Fleet health checks in the Amazon EC2 User Guide.' - schema: - type: boolean - - name: TagSpecification - in: query - required: false - description: '

The key-value pair for tagging the EC2 Fleet request on creation. For more information, see Tagging your resources.

If the fleet type is instant, specify a resource type of fleet to tag the fleet or instance to tag the instances at launch.

If the fleet type is maintain or request, specify a resource type of fleet to tag the fleet. You cannot specify a resource type of instance. To tag instances at launch, specify the tags in a launch template.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: Context - in: query - required: false - description: Reserved. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateFleet - operationId: POST_CreateFleet - description: '

Launches an EC2 Fleet.

You can create a single EC2 Fleet that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet.

For more information, see EC2 Fleet in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateFleetResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateFleetRequest' - parameters: [] - /?Action=CreateFlowLogs&Version=2016-11-15: - get: - x-aws-operation-name: CreateFlowLogs - operationId: GET_CreateFlowLogs - description: '

Creates one or more flow logs to capture information about IP traffic for a specific network interface, subnet, or VPC.

Flow log data for a monitored network interface is recorded as flow log records, which are log events consisting of fields that describe the traffic flow. For more information, see Flow log records in the Amazon Virtual Private Cloud User Guide.

When publishing to CloudWatch Logs, flow log records are published to a log group, and each network interface has a unique log stream in the log group. When publishing to Amazon S3, flow log records for all of the monitored network interfaces are published to a single log file object that is stored in the specified bucket.

For more information, see VPC Flow Logs in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateFlowLogsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - - name: DeliverLogsPermissionArn - in: query - required: false - description: '

The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.

If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn or LogGroupName.

' - schema: - type: string - - name: LogGroupName - in: query - required: false - description: '

The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.

If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn or LogGroupName.

' - schema: - type: string - - name: ResourceId - in: query - required: true - description: '

The ID of the subnet, network interface, or VPC for which you want to create a flow log.

Constraints: Maximum of 1000 resources

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/FlowLogResourceId' - - xml: - name: item - - name: ResourceType - in: query - required: true - description: 'The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.' - schema: - type: string - enum: - - VPC - - Subnet - - NetworkInterface - - name: TrafficType - in: query - required: true - description: 'The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.' - schema: - type: string - enum: - - ACCEPT - - REJECT - - ALL - - name: LogDestinationType - in: query - required: false - description: '

The type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3. To publish flow log data to CloudWatch Logs, specify cloud-watch-logs. To publish flow log data to Amazon S3, specify s3.

If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn or LogGroupName.

Default: cloud-watch-logs

' - schema: - type: string - enum: - - cloud-watch-logs - - s3 - - name: LogDestination - in: query - required: false - description: '

The destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group or an Amazon S3 bucket. The value specified for this parameter depends on the value specified for LogDestinationType.

If LogDestinationType is not specified or cloud-watch-logs, specify the Amazon Resource Name (ARN) of the CloudWatch Logs log group. For example, to publish to a log group called my-logs, specify arn:aws:logs:us-east-1:123456789012:log-group:my-logs. Alternatively, use LogGroupName instead.

If LogDestinationType is s3, specify the ARN of the Amazon S3 bucket. You can also specify a subfolder in the bucket. To specify a subfolder in the bucket, use the following ARN format: bucket_ARN/subfolder_name/. For example, to specify a subfolder named my-logs in a bucket named my-bucket, use the following ARN: arn:aws:s3:::my-bucket/my-logs/. You cannot use AWSLogs as a subfolder name. This is a reserved term.

' - schema: - type: string - - name: LogFormat - in: query - required: false - description: '

The fields to include in the flow log record, in the order in which they should appear. For a list of available fields, see Flow log records. If you omit this parameter, the flow log is created using the default format. If you specify this parameter, you must specify at least one field.

Specify the fields using the ${field-id} format, separated by spaces. For the CLI, surround this parameter value with single quotes on Linux or double quotes on Windows.

' - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to apply to the flow logs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: MaxAggregationInterval - in: query - required: false - description: '

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).

When a network interface is attached to a Nitro-based instance, the aggregation interval is always 60 seconds or less, regardless of the value that you specify.

Default: 600

' - schema: - type: integer - - name: DestinationOptions - in: query - required: false - description: The destination options. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. The default is false. - description: Describes the destination options for a flow log. - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateFlowLogs - operationId: POST_CreateFlowLogs - description: '

Creates one or more flow logs to capture information about IP traffic for a specific network interface, subnet, or VPC.

Flow log data for a monitored network interface is recorded as flow log records, which are log events consisting of fields that describe the traffic flow. For more information, see Flow log records in the Amazon Virtual Private Cloud User Guide.

When publishing to CloudWatch Logs, flow log records are published to a log group, and each network interface has a unique log stream in the log group. When publishing to Amazon S3, flow log records for all of the monitored network interfaces are published to a single log file object that is stored in the specified bucket.

For more information, see VPC Flow Logs in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateFlowLogsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateFlowLogsRequest' - parameters: [] - /?Action=CreateFpgaImage&Version=2016-11-15: - get: - x-aws-operation-name: CreateFpgaImage - operationId: GET_CreateFpgaImage - description: '

Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).

The create operation is asynchronous. To verify that the AFI is ready for use, check the output logs.

An AFI contains the FPGA bitstream that is ready to download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated instances. For more information, see the Amazon Web Services FPGA Hardware Development Kit.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateFpgaImageResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InputStorageLocation - in: query - required: true - description: The location of the encrypted design checkpoint in Amazon S3. The input must be a tarball. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The key. - description: Describes a storage location in Amazon S3. - - name: LogsStorageLocation - in: query - required: false - description: The location in Amazon S3 for the output logs. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The key. - description: Describes a storage location in Amazon S3. - - name: Description - in: query - required: false - description: A description for the AFI. - schema: - type: string - - name: Name - in: query - required: false - description: A name for the AFI. - schema: - type: string - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to apply to the FPGA image during creation. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateFpgaImage - operationId: POST_CreateFpgaImage - description: '

Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).

The create operation is asynchronous. To verify that the AFI is ready for use, check the output logs.

An AFI contains the FPGA bitstream that is ready to download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated instances. For more information, see the Amazon Web Services FPGA Hardware Development Kit.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateFpgaImageResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateFpgaImageRequest' - parameters: [] - /?Action=CreateImage&Version=2016-11-15: - get: - x-aws-operation-name: CreateImage - operationId: GET_CreateImage - description: '

Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.

By default, when Amazon EC2 creates the new AMI, it reboots the instance so that it can take snapshots of the attached volumes while data is at rest, in order to ensure a consistent state. You can set the NoReboot parameter to true in the API request, or use the --no-reboot option in the CLI to prevent Amazon EC2 from shutting down and rebooting the instance.

If you choose to bypass the shutdown and reboot process by setting the NoReboot parameter to true in the API request, or by using the --no-reboot option in the CLI, we can''t guarantee the file system integrity of the created image.

If you customized your instance with instance store volumes or Amazon EBS volumes in addition to the root device volume, the new AMI contains block device mapping information for those volumes. When you launch an instance from this new AMI, the instance automatically launches with those additional volumes.

For more information, see Creating Amazon EBS-Backed Linux AMIs in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateImageResult' - parameters: - - name: BlockDeviceMapping - in: query - required: false - description: 'The block device mappings. This parameter cannot be used to modify the encryption status of existing volumes or snapshots. To create an AMI with encrypted snapshots, use the CopyImage action.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/BlockDeviceMapping' - - xml: - name: BlockDeviceMapping - - name: Description - in: query - required: false - description: A description for the new image. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceId - in: query - required: true - description: The ID of the instance. - schema: - type: string - - name: Name - in: query - required: true - description: '

A name for the new image.

Constraints: 3-128 alphanumeric characters, parentheses (()), square brackets ([]), spaces ( ), periods (.), slashes (/), dashes (-), single quotes (''), at-signs (@), or underscores(_)

' - schema: - type: string - - name: NoReboot - in: query - required: false - description: '

By default, when Amazon EC2 creates the new AMI, it reboots the instance so that it can take snapshots of the attached volumes while data is at rest, in order to ensure a consistent state. You can set the NoReboot parameter to true in the API request, or use the --no-reboot option in the CLI to prevent Amazon EC2 from shutting down and rebooting the instance.

If you choose to bypass the shutdown and reboot process by setting the NoReboot parameter to true in the API request, or by using the --no-reboot option in the CLI, we can''t guarantee the file system integrity of the created image.

Default: false (follow standard reboot process)

' - schema: - type: boolean - - name: TagSpecification - in: query - required: false - description: '

The tags to apply to the AMI and snapshots on creation. You can tag the AMI, the snapshots, or both.

If you specify other values for ResourceType, the request fails.

To tag an AMI or snapshot after it has been created, see CreateTags.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateImage - operationId: POST_CreateImage - description: '

Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.

By default, when Amazon EC2 creates the new AMI, it reboots the instance so that it can take snapshots of the attached volumes while data is at rest, in order to ensure a consistent state. You can set the NoReboot parameter to true in the API request, or use the --no-reboot option in the CLI to prevent Amazon EC2 from shutting down and rebooting the instance.

If you choose to bypass the shutdown and reboot process by setting the NoReboot parameter to true in the API request, or by using the --no-reboot option in the CLI, we can''t guarantee the file system integrity of the created image.

If you customized your instance with instance store volumes or Amazon EBS volumes in addition to the root device volume, the new AMI contains block device mapping information for those volumes. When you launch an instance from this new AMI, the instance automatically launches with those additional volumes.

For more information, see Creating Amazon EBS-Backed Linux AMIs in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateImageResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateImageRequest' - parameters: [] - /?Action=CreateInstanceEventWindow&Version=2016-11-15: - get: - x-aws-operation-name: CreateInstanceEventWindow - operationId: GET_CreateInstanceEventWindow - description: '

Creates an event window in which scheduled events for the associated Amazon EC2 instances can run.

You can define either a set of time ranges or a cron expression when creating the event window, but not both. All event window times are in UTC.

You can create up to 200 event windows per Amazon Web Services Region.

When you create the event window, targets (instance IDs, Dedicated Host IDs, or tags) are not yet associated with it. To ensure that the event window can be used, you must associate one or more targets with it by using the AssociateInstanceEventWindow API.

Event windows are applicable only for scheduled events that stop, reboot, or terminate instances.

Event windows are not applicable for:

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateInstanceEventWindowResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Name - in: query - required: false - description: The name of the event window. - schema: - type: string - - name: TimeRange - in: query - required: false - description: 'The time range for the event window. If you specify a time range, you can''t specify a cron expression.' - schema: - type: array - items: - $ref: '#/components/schemas/InstanceEventWindowTimeRangeRequest' - - name: CronExpression - in: query - required: false - description: '

The cron expression for the event window, for example, * 0-4,20-23 * * 1,5. If you specify a cron expression, you can''t specify a time range.

Constraints:

For more information about cron expressions, see cron on the Wikipedia website.

' - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to apply to the event window. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateInstanceEventWindow - operationId: POST_CreateInstanceEventWindow - description: '

Creates an event window in which scheduled events for the associated Amazon EC2 instances can run.

You can define either a set of time ranges or a cron expression when creating the event window, but not both. All event window times are in UTC.

You can create up to 200 event windows per Amazon Web Services Region.

When you create the event window, targets (instance IDs, Dedicated Host IDs, or tags) are not yet associated with it. To ensure that the event window can be used, you must associate one or more targets with it by using the AssociateInstanceEventWindow API.

Event windows are applicable only for scheduled events that stop, reboot, or terminate instances.

Event windows are not applicable for:

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateInstanceEventWindowResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateInstanceEventWindowRequest' - parameters: [] - /?Action=CreateInstanceExportTask&Version=2016-11-15: - get: - x-aws-operation-name: CreateInstanceExportTask - operationId: GET_CreateInstanceExportTask - description: '

Exports a running or stopped instance to an Amazon S3 bucket.

For information about the supported operating systems, image formats, and known limitations for the types of instances you can export, see Exporting an instance as a VM Using VM Import/Export in the VM Import/Export User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateInstanceExportTaskResult' - parameters: - - name: Description - in: query - required: false - description: A description for the conversion task or the resource being exported. The maximum length is 255 characters. - schema: - type: string - - name: ExportToS3 - in: query - required: true - description: The format and location for an export instance task. - schema: - type: object - properties: - containerFormat: - allOf: - - $ref: '#/components/schemas/ContainerFormat' - - description: 'The container format used to combine disk images with metadata (such as OVF). If absent, only the disk image is exported.' - diskImageFormat: - allOf: - - $ref: '#/components/schemas/DiskImageFormat' - - description: The format for the exported image. - s3Bucket: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon S3 bucket for the destination image. The destination bucket must exist and grant WRITE and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com. - s3Prefix: - allOf: - - $ref: '#/components/schemas/String' - - description: The image is written to a single object in the Amazon S3 bucket at the S3 key s3prefix + exportTaskId + '.' + diskImageFormat. - description: Describes an export instance task. - - name: InstanceId - in: query - required: true - description: The ID of the instance. - schema: - type: string - - name: TargetEnvironment - in: query - required: true - description: The target virtualization environment. - schema: - type: string - enum: - - citrix - - vmware - - microsoft - - name: TagSpecification - in: query - required: false - description: The tags to apply to the export instance task during creation. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateInstanceExportTask - operationId: POST_CreateInstanceExportTask - description: '

Exports a running or stopped instance to an Amazon S3 bucket.

For information about the supported operating systems, image formats, and known limitations for the types of instances you can export, see Exporting an instance as a VM Using VM Import/Export in the VM Import/Export User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateInstanceExportTaskResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateInstanceExportTaskRequest' - parameters: [] - /?Action=CreateInternetGateway&Version=2016-11-15: - get: - x-aws-operation-name: CreateInternetGateway - operationId: GET_CreateInternetGateway - description: '

Creates an internet gateway for use with a VPC. After creating the internet gateway, you attach it to a VPC using AttachInternetGateway.

For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateInternetGatewayResult' - parameters: - - name: TagSpecification - in: query - required: false - description: The tags to assign to the internet gateway. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateInternetGateway - operationId: POST_CreateInternetGateway - description: '

Creates an internet gateway for use with a VPC. After creating the internet gateway, you attach it to a VPC using AttachInternetGateway.

For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateInternetGatewayResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateInternetGatewayRequest' - parameters: [] - /?Action=CreateIpam&Version=2016-11-15: - get: - x-aws-operation-name: CreateIpam - operationId: GET_CreateIpam - description: '

Create an IPAM. Amazon VPC IP Address Manager (IPAM) is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization.

For more information, see Create an IPAM in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateIpamResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Description - in: query - required: false - description: A description for the IPAM. - schema: - type: string - - name: OperatingRegion - in: query - required: false - description: '

The operating Regions for the IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

' - schema: - type: array - items: - $ref: '#/components/schemas/AddIpamOperatingRegion' - minItems: 0 - maxItems: 50 - - name: TagSpecification - in: query - required: false - description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: ClientToken - in: query - required: false - description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateIpam - operationId: POST_CreateIpam - description: '

Create an IPAM. Amazon VPC IP Address Manager (IPAM) is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization.

For more information, see Create an IPAM in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateIpamResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateIpamRequest' - parameters: [] - /?Action=CreateIpamPool&Version=2016-11-15: - get: - x-aws-operation-name: CreateIpamPool - operationId: GET_CreateIpamPool - description: '

Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.

For more information, see Create a top-level pool in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateIpamPoolResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IpamScopeId - in: query - required: true - description: The ID of the scope in which you would like to create the IPAM pool. - schema: - type: string - - name: Locale - in: query - required: false - description: '

In IPAM, the locale is the Amazon Web Services Region where you want to make an IPAM pool available for allocations. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you do not choose a locale, resources in Regions others than the IPAM''s home region cannot use CIDRs from this pool.

Possible values: Any Amazon Web Services Region, such as us-east-1.

' - schema: - type: string - - name: SourceIpamPoolId - in: query - required: false - description: The ID of the source IPAM pool. Use this option to create a pool within an existing pool. Note that the CIDR you provision for the pool within the source pool must be available in the source pool's CIDR range. - schema: - type: string - - name: Description - in: query - required: false - description: A description for the IPAM pool. - schema: - type: string - - name: AddressFamily - in: query - required: true - description: The IP protocol assigned to this IPAM pool. You must choose either IPv4 or IPv6 protocol for a pool. - schema: - type: string - enum: - - ipv4 - - ipv6 - - name: AutoImport - in: query - required: false - description: '

If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool''s allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.

A locale must be set on the pool for this feature to work.

' - schema: - type: boolean - - name: PubliclyAdvertisable - in: query - required: false - description: Determines if the pool is publicly advertisable. This option is not available for pools with AddressFamily set to ipv4. - schema: - type: boolean - - name: AllocationMinNetmaskLength - in: query - required: false - description: The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. The minimum netmask length must be less than the maximum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128. - schema: - type: integer - minimum: 0 - maximum: 128 - - name: AllocationMaxNetmaskLength - in: query - required: false - description: The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. The maximum netmask length must be greater than the minimum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128. - schema: - type: integer - minimum: 0 - maximum: 128 - - name: AllocationDefaultNetmaskLength - in: query - required: false - description: 'The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.' - schema: - type: integer - minimum: 0 - maximum: 128 - - name: AllocationResourceTag - in: query - required: false - description: 'Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/RequestIpamResourceTag' - - xml: - name: item - - name: TagSpecification - in: query - required: false - description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: ClientToken - in: query - required: false - description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' - schema: - type: string - - name: AwsService - in: query - required: false - description: 'Limits which service in Amazon Web Services that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs.' - schema: - type: string - enum: - - ec2 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateIpamPool - operationId: POST_CreateIpamPool - description: '

Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.

For more information, see Create a top-level pool in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateIpamPoolResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateIpamPoolRequest' - parameters: [] - /?Action=CreateIpamScope&Version=2016-11-15: - get: - x-aws-operation-name: CreateIpamScope - operationId: GET_CreateIpamScope - description: '

Create an IPAM scope. In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.

For more information, see Add a scope in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateIpamScopeResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IpamId - in: query - required: true - description: The ID of the IPAM for which you're creating this scope. - schema: - type: string - - name: Description - in: query - required: false - description: A description for the scope you're creating. - schema: - type: string - - name: TagSpecification - in: query - required: false - description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: ClientToken - in: query - required: false - description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateIpamScope - operationId: POST_CreateIpamScope - description: '

Create an IPAM scope. In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.

For more information, see Add a scope in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateIpamScopeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateIpamScopeRequest' - parameters: [] - /?Action=CreateKeyPair&Version=2016-11-15: - get: - x-aws-operation-name: CreateKeyPair - operationId: GET_CreateKeyPair - description: '

Creates an ED25519 or 2048-bit RSA key pair with the specified name and in the specified PEM or PPK format. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key or an unencrypted PPK formatted private key for use with PuTTY. If a key with the specified name already exists, Amazon EC2 returns an error.

The key pair returned to you is available only in the Amazon Web Services Region in which you create it. If you prefer, you can create your own key pair using a third-party tool and upload it to any Region using ImportKeyPair.

You can have up to 5,000 key pairs per Amazon Web Services Region.

For more information, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/KeyPair' - parameters: - - name: KeyName - in: query - required: true - description: '

A unique name for the key pair.

Constraints: Up to 255 ASCII characters

' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: KeyType - in: query - required: false - description: '

The type of key pair. Note that ED25519 keys are not supported for Windows instances.

Default: rsa

' - schema: - type: string - enum: - - rsa - - ed25519 - - name: TagSpecification - in: query - required: false - description: The tags to apply to the new key pair. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: KeyFormat - in: query - required: false - description: '

The format of the key pair.

Default: pem

' - schema: - type: string - enum: - - pem - - ppk - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateKeyPair - operationId: POST_CreateKeyPair - description: '

Creates an ED25519 or 2048-bit RSA key pair with the specified name and in the specified PEM or PPK format. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key or an unencrypted PPK formatted private key for use with PuTTY. If a key with the specified name already exists, Amazon EC2 returns an error.

The key pair returned to you is available only in the Amazon Web Services Region in which you create it. If you prefer, you can create your own key pair using a third-party tool and upload it to any Region using ImportKeyPair.

You can have up to 5,000 key pairs per Amazon Web Services Region.

For more information, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/KeyPair' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateKeyPairRequest' - parameters: [] - /?Action=CreateLaunchTemplate&Version=2016-11-15: - get: - x-aws-operation-name: CreateLaunchTemplate - operationId: GET_CreateLaunchTemplate - description: '

Creates a launch template.

A launch template contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify a launch template instead of providing the launch parameters in the request. For more information, see Launching an instance from a launch template in the Amazon Elastic Compute Cloud User Guide.

If you want to clone an existing launch template as the basis for creating a new launch template, you can use the Amazon EC2 console. The API, SDKs, and CLI do not support cloning a template. For more information, see Create a launch template from an existing launch template in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateLaunchTemplateResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ClientToken - in: query - required: false - description: '

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

Constraint: Maximum 128 ASCII characters.

' - schema: - type: string - - name: LaunchTemplateName - in: query - required: true - description: A name for the launch template. - schema: - type: string - pattern: '[a-zA-Z0-9\(\)\.\-/_]+' - minLength: 3 - maxLength: 128 - - name: VersionDescription - in: query - required: false - description: A description for the first version of the launch template. - schema: - type: string - minLength: 0 - maxLength: 255 - - name: LaunchTemplateData - in: query - required: true - description: The information for the launch template. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LaunchTemplateIamInstanceProfileSpecificationRequest' - - description: The name or Amazon Resource Name (ARN) of an IAM instance profile. - BlockDeviceMapping: - allOf: - - $ref: '#/components/schemas/LaunchTemplateBlockDeviceMappingRequestList' - - description: The block device mapping. - NetworkInterface: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see Running Commands on Your Linux Instance at Launch (Linux) or Adding User Data (Windows).

If you are creating the launch template for use with Batch, the user data must be provided in the MIME multi-part archive format. For more information, see Amazon EC2 user data in launch templates in the Batch User Guide.

' - TagSpecification: - allOf: - - $ref: '#/components/schemas/LaunchTemplateTagSpecificationRequestList' - - description: 'The tags to apply to the resources during launch. You can only tag instances and volumes on launch. The specified tags are applied to all instances or volumes that are created during launch. To tag a resource after it has been created, see CreateTags.' - ElasticGpuSpecification: - allOf: - - $ref: '#/components/schemas/ElasticGpuSpecificationList' - - description: An elastic GPU to associate with the instance. - ElasticInferenceAccelerator: - allOf: - - $ref: '#/components/schemas/LaunchTemplateElasticInferenceAcceleratorList' - - description: ' The elastic inference accelerator for the instance. ' - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/SecurityGroupIdStringList' - - description: 'One or more security group IDs. You can create a security group using CreateSecurityGroup. You cannot specify both a security group ID and security name in the same request.' - SecurityGroup: - allOf: - - $ref: '#/components/schemas/LaunchTemplateCapacityReservationSpecificationRequest' - - description: 'The Capacity Reservation targeting option. If you do not specify this parameter, the instance''s Capacity Reservation preference defaults to open, which enables it to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).' - LicenseSpecification: - allOf: - - $ref: '#/components/schemas/LaunchTemplateInstanceMaintenanceOptionsRequest' - - description: The maintenance options for the instance. - description:

The information to include in the launch template.

You must specify at least one parameter for the launch template data.

 - - name: TagSpecification - in: query - required: false - description: The tags to apply to the launch template during creation. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateLaunchTemplate - operationId: POST_CreateLaunchTemplate - description: '

Creates a launch template.

A launch template contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify a launch template instead of providing the launch parameters in the request. For more information, see Launching an instance from a launch template in the Amazon Elastic Compute Cloud User Guide.

If you want to clone an existing launch template as the basis for creating a new launch template, you can use the Amazon EC2 console. The API, SDKs, and CLI do not support cloning a template. For more information, see Create a launch template from an existing launch template in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateLaunchTemplateResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateLaunchTemplateRequest' - parameters: [] - /?Action=CreateLaunchTemplateVersion&Version=2016-11-15: - get: - x-aws-operation-name: CreateLaunchTemplateVersion - operationId: GET_CreateLaunchTemplateVersion - description: '

Creates a new version for a launch template. You can specify an existing version of launch template from which to base the new version.

Launch template versions are numbered in the order in which they are created. You cannot specify, change, or replace the numbering of launch template versions.

For more information, see Managing launch template versionsin the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateLaunchTemplateVersionResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ClientToken - in: query - required: false - description: '

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

Constraint: Maximum 128 ASCII characters.

' - schema: - type: string - - name: LaunchTemplateId - in: query - required: false - description: The ID of the launch template. You must specify either the launch template ID or launch template name in the request. - schema: - type: string - - name: LaunchTemplateName - in: query - required: false - description: The name of the launch template. You must specify either the launch template ID or launch template name in the request. - schema: - type: string - pattern: '[a-zA-Z0-9\(\)\.\-/_]+' - minLength: 3 - maxLength: 128 - - name: SourceVersion - in: query - required: false - description: 'The version number of the launch template version on which to base the new version. The new version inherits the same launch parameters as the source version, except for parameters that you specify in LaunchTemplateData. Snapshots applied to the block device mapping are ignored when creating a new version unless they are explicitly included.' - schema: - type: string - - name: VersionDescription - in: query - required: false - description: A description for the version of the launch template. - schema: - type: string - minLength: 0 - maxLength: 255 - - name: LaunchTemplateData - in: query - required: true - description: The information for the launch template. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LaunchTemplateIamInstanceProfileSpecificationRequest' - - description: The name or Amazon Resource Name (ARN) of an IAM instance profile. - BlockDeviceMapping: - allOf: - - $ref: '#/components/schemas/LaunchTemplateBlockDeviceMappingRequestList' - - description: The block device mapping. - NetworkInterface: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see Running Commands on Your Linux Instance at Launch (Linux) or Adding User Data (Windows).

If you are creating the launch template for use with Batch, the user data must be provided in the MIME multi-part archive format. For more information, see Amazon EC2 user data in launch templates in the Batch User Guide.

' - TagSpecification: - allOf: - - $ref: '#/components/schemas/LaunchTemplateTagSpecificationRequestList' - - description: 'The tags to apply to the resources during launch. You can only tag instances and volumes on launch. The specified tags are applied to all instances or volumes that are created during launch. To tag a resource after it has been created, see CreateTags.' - ElasticGpuSpecification: - allOf: - - $ref: '#/components/schemas/ElasticGpuSpecificationList' - - description: An elastic GPU to associate with the instance. - ElasticInferenceAccelerator: - allOf: - - $ref: '#/components/schemas/LaunchTemplateElasticInferenceAcceleratorList' - - description: ' The elastic inference accelerator for the instance. ' - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/SecurityGroupIdStringList' - - description: 'One or more security group IDs. You can create a security group using CreateSecurityGroup. You cannot specify both a security group ID and security name in the same request.' - SecurityGroup: - allOf: - - $ref: '#/components/schemas/LaunchTemplateCapacityReservationSpecificationRequest' - - description: 'The Capacity Reservation targeting option. If you do not specify this parameter, the instance''s Capacity Reservation preference defaults to open, which enables it to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).' - LicenseSpecification: - allOf: - - $ref: '#/components/schemas/LaunchTemplateInstanceMaintenanceOptionsRequest' - - description: The maintenance options for the instance. - description:

The information to include in the launch template.

You must specify at least one parameter for the launch template data.

 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateLaunchTemplateVersion - operationId: POST_CreateLaunchTemplateVersion - description: '

Creates a new version for a launch template. You can specify an existing version of launch template from which to base the new version.

Launch template versions are numbered in the order in which they are created. You cannot specify, change, or replace the numbering of launch template versions.

For more information, see Managing launch template versionsin the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateLaunchTemplateVersionResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateLaunchTemplateVersionRequest' - parameters: [] - /?Action=CreateLocalGatewayRoute&Version=2016-11-15: - get: - x-aws-operation-name: CreateLocalGatewayRoute - operationId: GET_CreateLocalGatewayRoute - description: Creates a static route for the specified local gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateLocalGatewayRouteResult' - parameters: - - name: DestinationCidrBlock - in: query - required: true - description: The CIDR range used for destination matches. Routing decisions are based on the most specific match. - schema: - type: string - - name: LocalGatewayRouteTableId - in: query - required: true - description: The ID of the local gateway route table. - schema: - type: string - - name: LocalGatewayVirtualInterfaceGroupId - in: query - required: true - description: The ID of the virtual interface group. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateLocalGatewayRoute - operationId: POST_CreateLocalGatewayRoute - description: Creates a static route for the specified local gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateLocalGatewayRouteResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateLocalGatewayRouteRequest' - parameters: [] - /?Action=CreateLocalGatewayRouteTableVpcAssociation&Version=2016-11-15: - get: - x-aws-operation-name: CreateLocalGatewayRouteTableVpcAssociation - operationId: GET_CreateLocalGatewayRouteTableVpcAssociation - description: Associates the specified VPC with the specified local gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateLocalGatewayRouteTableVpcAssociationResult' - parameters: - - name: LocalGatewayRouteTableId - in: query - required: true - description: The ID of the local gateway route table. - schema: - type: string - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to assign to the local gateway route table VPC association. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateLocalGatewayRouteTableVpcAssociation - operationId: POST_CreateLocalGatewayRouteTableVpcAssociation - description: Associates the specified VPC with the specified local gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateLocalGatewayRouteTableVpcAssociationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateLocalGatewayRouteTableVpcAssociationRequest' - parameters: [] - /?Action=CreateManagedPrefixList&Version=2016-11-15: - get: - x-aws-operation-name: CreateManagedPrefixList - operationId: GET_CreateManagedPrefixList - description: Creates a managed prefix list. You can specify one or more entries for the prefix list. Each entry consists of a CIDR block and an optional description. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateManagedPrefixListResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: PrefixListName - in: query - required: true - description: '

A name for the prefix list.

Constraints: Up to 255 characters in length. The name cannot start with com.amazonaws.

' - schema: - type: string - - name: Entry - in: query - required: false - description: One or more entries for the prefix list. - schema: - type: array - items: - $ref: '#/components/schemas/AddPrefixListEntry' - minItems: 0 - maxItems: 100 - - name: MaxEntries - in: query - required: true - description: The maximum number of entries for the prefix list. - schema: - type: integer - - name: TagSpecification - in: query - required: false - description: The tags to apply to the prefix list during creation. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: AddressFamily - in: query - required: true - description: '

The IP address type.

Valid Values: IPv4 | IPv6

' - schema: - type: string - - name: ClientToken - in: query - required: false - description: '

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

Constraints: Up to 255 UTF-8 characters in length.

' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateManagedPrefixList - operationId: POST_CreateManagedPrefixList - description: Creates a managed prefix list. You can specify one or more entries for the prefix list. Each entry consists of a CIDR block and an optional description. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateManagedPrefixListResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateManagedPrefixListRequest' - parameters: [] - /?Action=CreateNatGateway&Version=2016-11-15: - get: - x-aws-operation-name: CreateNatGateway - operationId: GET_CreateNatGateway - description: '

Creates a NAT gateway in the specified subnet. This action creates a network interface in the specified subnet with a private IP address from the IP address range of the subnet. You can create either a public NAT gateway or a private NAT gateway.

With a public NAT gateway, internet-bound traffic from a private subnet can be routed to the NAT gateway, so that instances in a private subnet can connect to the internet.

With a private NAT gateway, private communication is routed across VPCs and on-premises networks through a transit gateway or virtual private gateway. Common use cases include running large workloads behind a small pool of allowlisted IPv4 addresses, preserving private IPv4 addresses, and communicating between overlapping networks.

For more information, see NAT gateways in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNatGatewayResult' - parameters: - - name: AllocationId - in: query - required: false - description: '[Public NAT gateways only] The allocation ID of an Elastic IP address to associate with the NAT gateway. You cannot specify an Elastic IP address with a private NAT gateway. If the Elastic IP address is associated with another resource, you must first disassociate it.' - schema: - type: string - - name: ClientToken - in: query - required: false - description: '

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.

Constraint: Maximum 64 ASCII characters.

' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: SubnetId - in: query - required: true - description: The subnet in which to create the NAT gateway. - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to assign to the NAT gateway. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: ConnectivityType - in: query - required: false - description: Indicates whether the NAT gateway supports public or private connectivity. The default is public connectivity. - schema: - type: string - enum: - - private - - public - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateNatGateway - operationId: POST_CreateNatGateway - description: '

Creates a NAT gateway in the specified subnet. This action creates a network interface in the specified subnet with a private IP address from the IP address range of the subnet. You can create either a public NAT gateway or a private NAT gateway.

With a public NAT gateway, internet-bound traffic from a private subnet can be routed to the NAT gateway, so that instances in a private subnet can connect to the internet.

With a private NAT gateway, private communication is routed across VPCs and on-premises networks through a transit gateway or virtual private gateway. Common use cases include running large workloads behind a small pool of allowlisted IPv4 addresses, preserving private IPv4 addresses, and communicating between overlapping networks.

For more information, see NAT gateways in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNatGatewayResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNatGatewayRequest' - parameters: [] - /?Action=CreateNetworkAcl&Version=2016-11-15: - get: - x-aws-operation-name: CreateNetworkAcl - operationId: GET_CreateNetworkAcl - description: '

Creates a network ACL in a VPC. Network ACLs provide an optional layer of security (in addition to security groups) for the instances in your VPC.

For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkAclResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to assign to the network ACL. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateNetworkAcl - operationId: POST_CreateNetworkAcl - description: '

Creates a network ACL in a VPC. Network ACLs provide an optional layer of security (in addition to security groups) for the instances in your VPC.

For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkAclResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkAclRequest' - parameters: [] - /?Action=CreateNetworkAclEntry&Version=2016-11-15: - get: - x-aws-operation-name: CreateNetworkAclEntry - operationId: GET_CreateNetworkAclEntry - description: '

Creates an entry (a rule) in a network ACL with the specified rule number. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the ACL, we process the entries in the ACL according to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and a separate set of egress rules.

We recommend that you leave room between the rule numbers (for example, 100, 110, 120, ...), and not number them one right after the other (for example, 101, 102, 103, ...). This makes it easier to add a rule between existing ones without having to renumber the rules.

After you add an entry, you can''t modify it; you must either replace it, or create an entry and delete the old one.

For more information about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - parameters: - - name: CidrBlock - in: query - required: false - description: 'The IPv4 network range to allow or deny, in CIDR notation (for example 172.16.0.0/24). We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Egress - in: query - required: true - description: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). - schema: - type: boolean - - name: Icmp - in: query - required: false - description: 'ICMP protocol: The ICMP or ICMPv6 type and code. Required if specifying protocol 1 (ICMP) or protocol 58 (ICMPv6) with an IPv6 CIDR block.' - schema: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The ICMP code. A value of -1 means all codes for the specified ICMP type. - type: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The ICMP type. A value of -1 means all types. - description: Describes the ICMP type and code. - - name: Ipv6CidrBlock - in: query - required: false - description: 'The IPv6 network range to allow or deny, in CIDR notation (for example 2001:db8:1234:1a00::/64).' - schema: - type: string - - name: NetworkAclId - in: query - required: true - description: The ID of the network ACL. - schema: - type: string - - name: PortRange - in: query - required: false - description: 'TCP or UDP protocols: The range of ports the rule applies to. Required if specifying protocol 6 (TCP) or 17 (UDP).' - schema: - type: object - properties: - from: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The first port in the range. - to: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The last port in the range. - description: Describes a range of ports. - - name: Protocol - in: query - required: true - description: 'The protocol number. A value of "-1" means all protocols. If you specify "-1" or a protocol number other than "6" (TCP), "17" (UDP), or "1" (ICMP), traffic on all ports is allowed, regardless of any ports or ICMP types or codes that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv4 CIDR block, traffic for all ICMP types and codes allowed, regardless of any that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv6 CIDR block, you must specify an ICMP type and code.' - schema: - type: string - - name: RuleAction - in: query - required: true - description: Indicates whether to allow or deny the traffic that matches the rule. - schema: - type: string - enum: - - allow - - deny - - name: RuleNumber - in: query - required: true - description: '

The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.

Constraints: Positive integer from 1 to 32766. The range 32767 to 65535 is reserved for internal use.

' - schema: - type: integer - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateNetworkAclEntry - operationId: POST_CreateNetworkAclEntry - description: '

Creates an entry (a rule) in a network ACL with the specified rule number. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the ACL, we process the entries in the ACL according to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and a separate set of egress rules.

We recommend that you leave room between the rule numbers (for example, 100, 110, 120, ...), and not number them one right after the other (for example, 101, 102, 103, ...). This makes it easier to add a rule between existing ones without having to renumber the rules.

After you add an entry, you can''t modify it; you must either replace it, or create an entry and delete the old one.

For more information about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkAclEntryRequest' - parameters: [] - /?Action=CreateNetworkInsightsAccessScope&Version=2016-11-15: - get: - x-aws-operation-name: CreateNetworkInsightsAccessScope - operationId: GET_CreateNetworkInsightsAccessScope - description: '

Creates a Network Access Scope.

Amazon Web Services Network Access Analyzer enables cloud networking and cloud operations teams to verify that their networks on Amazon Web Services conform to their network security and governance objectives. For more information, see the Amazon Web Services Network Access Analyzer Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkInsightsAccessScopeResult' - parameters: - - name: MatchPath - in: query - required: false - description: The paths to match. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/AccessScopePathRequest' - - xml: - name: item - - name: ExcludePath - in: query - required: false - description: The paths to exclude. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/AccessScopePathRequest' - - xml: - name: item - - name: ClientToken - in: query - required: true - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to apply. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateNetworkInsightsAccessScope - operationId: POST_CreateNetworkInsightsAccessScope - description: '

Creates a Network Access Scope.

Amazon Web Services Network Access Analyzer enables cloud networking and cloud operations teams to verify that their networks on Amazon Web Services conform to their network security and governance objectives. For more information, see the Amazon Web Services Network Access Analyzer Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkInsightsAccessScopeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkInsightsAccessScopeRequest' - parameters: [] - /?Action=CreateNetworkInsightsPath&Version=2016-11-15: - get: - x-aws-operation-name: CreateNetworkInsightsPath - operationId: GET_CreateNetworkInsightsPath - description: '

Creates a path to analyze for reachability.

Reachability Analyzer enables you to analyze and debug network reachability between two resources in your virtual private cloud (VPC). For more information, see What is Reachability Analyzer.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkInsightsPathResult' - parameters: - - name: SourceIp - in: query - required: false - description: The IP address of the Amazon Web Services resource that is the source of the path. - schema: - type: string - pattern: '^([0-9]{1,3}.){3}[0-9]{1,3}$' - minLength: 0 - maxLength: 15 - - name: DestinationIp - in: query - required: false - description: The IP address of the Amazon Web Services resource that is the destination of the path. - schema: - type: string - pattern: '^([0-9]{1,3}.){3}[0-9]{1,3}$' - minLength: 0 - maxLength: 15 - - name: Source - in: query - required: true - description: The Amazon Web Services resource that is the source of the path. - schema: - type: string - - name: Destination - in: query - required: true - description: The Amazon Web Services resource that is the destination of the path. - schema: - type: string - - name: Protocol - in: query - required: true - description: The protocol. - schema: - type: string - enum: - - tcp - - udp - - name: DestinationPort - in: query - required: false - description: The destination port. - schema: - type: integer - minimum: 1 - maximum: 65535 - - name: TagSpecification - in: query - required: false - description: The tags to add to the path. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ClientToken - in: query - required: true - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateNetworkInsightsPath - operationId: POST_CreateNetworkInsightsPath - description: '

Creates a path to analyze for reachability.

Reachability Analyzer enables you to analyze and debug network reachability between two resources in your virtual private cloud (VPC). For more information, see What is Reachability Analyzer.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkInsightsPathResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkInsightsPathRequest' - parameters: [] - /?Action=CreateNetworkInterface&Version=2016-11-15: - get: - x-aws-operation-name: CreateNetworkInterface - operationId: GET_CreateNetworkInterface - description: '

Creates a network interface in the specified subnet.

For more information about network interfaces, see Elastic Network Interfaces in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkInterfaceResult' - parameters: - - name: Description - in: query - required: false - description: A description for the network interface. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: SecurityGroupId - in: query - required: false - description: The IDs of one or more security groups. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: SecurityGroupId - - name: Ipv6AddressCount - in: query - required: false - description: 'The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. You can''t use this option if specifying specific IPv6 addresses. If your subnet has the AssignIpv6AddressOnCreation attribute set to true, you can specify 0 to override this setting.' - schema: - type: integer - - name: Ipv6Addresses - in: query - required: false - description: One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. You can't use this option if you're specifying a number of IPv6 addresses. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceIpv6Address' - - xml: - name: item - - name: PrivateIpAddress - in: query - required: false - description: 'The primary private IPv4 address of the network interface. If you don''t specify an IPv4 address, Amazon EC2 selects one for you from the subnet''s IPv4 CIDR range. If you specify an IP address, you cannot indicate any IP addresses specified in privateIpAddresses as primary (only one IP address can be designated as primary).' - schema: - type: string - - name: PrivateIpAddresses - in: query - required: false - description: One or more private IPv4 addresses. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/PrivateIpAddressSpecification' - - xml: - name: item - - name: SecondaryPrivateIpAddressCount - in: query - required: false - description: '

The number of secondary private IPv4 addresses to assign to a network interface. When you specify a number of secondary IPv4 addresses, Amazon EC2 selects these IP addresses within the subnet''s IPv4 CIDR range. You can''t specify this option and specify more than one private IP address using privateIpAddresses.

The number of IP addresses you can assign to a network interface varies by instance type. For more information, see IP Addresses Per ENI Per Instance Type in the Amazon Virtual Private Cloud User Guide.

' - schema: - type: integer - - name: Ipv4Prefix - in: query - required: false - description: One or more IPv4 prefixes assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv4PrefixSpecificationRequest' - - xml: - name: item - - name: Ipv4PrefixCount - in: query - required: false - description: The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option. - schema: - type: integer - - name: Ipv6Prefix - in: query - required: false - description: One or more IPv6 prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv6PrefixSpecificationRequest' - - xml: - name: item - - name: Ipv6PrefixCount - in: query - required: false - description: The number of IPv6 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv6Prefixes option. - schema: - type: integer - - name: InterfaceType - in: query - required: false - description:

The type of network interface. The default is interface.

The only supported values are efa and trunk.

- schema: - type: string - enum: - - efa - - branch - - trunk - - name: SubnetId - in: query - required: true - description: The ID of the subnet to associate with the network interface. - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to apply to the new network interface. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateNetworkInterface - operationId: POST_CreateNetworkInterface - description: '

Creates a network interface in the specified subnet.

For more information about network interfaces, see Elastic Network Interfaces in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkInterfaceResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkInterfaceRequest' - parameters: [] - /?Action=CreateNetworkInterfacePermission&Version=2016-11-15: - get: - x-aws-operation-name: CreateNetworkInterfacePermission - operationId: GET_CreateNetworkInterfacePermission - description: '

Grants an Amazon Web Services-authorized account permission to attach the specified network interface to an instance in their account.

You can grant permission to a single Amazon Web Services account only, and only one account at a time.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkInterfacePermissionResult' - parameters: - - name: NetworkInterfaceId - in: query - required: true - description: The ID of the network interface. - schema: - type: string - - name: AwsAccountId - in: query - required: false - description: The Amazon Web Services account ID. - schema: - type: string - - name: AwsService - in: query - required: false - description: The Amazon Web Service. Currently not supported. - schema: - type: string - - name: Permission - in: query - required: true - description: The type of permission to grant. - schema: - type: string - enum: - - INSTANCE-ATTACH - - EIP-ASSOCIATE - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateNetworkInterfacePermission - operationId: POST_CreateNetworkInterfacePermission - description: '

Grants an Amazon Web Services-authorized account permission to attach the specified network interface to an instance in their account.

You can grant permission to a single Amazon Web Services account only, and only one account at a time.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkInterfacePermissionResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateNetworkInterfacePermissionRequest' - parameters: [] - /?Action=CreatePlacementGroup&Version=2016-11-15: - get: - x-aws-operation-name: CreatePlacementGroup - operationId: GET_CreatePlacementGroup - description: '

Creates a placement group in which to launch instances. The strategy of the placement group determines how the instances are organized within the group.

A cluster placement group is a logical grouping of instances within a single Availability Zone that benefit from low network latency, high network throughput. A spread placement group places instances on distinct hardware. A partition placement group places groups of instances in different partitions, where instances in one partition do not share the same hardware with instances in another partition.

For more information, see Placement groups in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreatePlacementGroupResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: GroupName - in: query - required: false - description: '

A name for the placement group. Must be unique within the scope of your account for the Region.

Constraints: Up to 255 ASCII characters

' - schema: - type: string - - name: Strategy - in: query - required: false - description: The placement strategy. - schema: - type: string - enum: - - cluster - - spread - - partition - - name: PartitionCount - in: query - required: false - description: The number of partitions. Valid only when Strategy is set to partition. - schema: - type: integer - - name: TagSpecification - in: query - required: false - description: The tags to apply to the new placement group. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreatePlacementGroup - operationId: POST_CreatePlacementGroup - description: '

Creates a placement group in which to launch instances. The strategy of the placement group determines how the instances are organized within the group.

A cluster placement group is a logical grouping of instances within a single Availability Zone that benefit from low network latency, high network throughput. A spread placement group places instances on distinct hardware. A partition placement group places groups of instances in different partitions, where instances in one partition do not share the same hardware with instances in another partition.

For more information, see Placement groups in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreatePlacementGroupResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreatePlacementGroupRequest' - parameters: [] - /?Action=CreatePublicIpv4Pool&Version=2016-11-15: - get: - x-aws-operation-name: CreatePublicIpv4Pool - operationId: GET_CreatePublicIpv4Pool - description: 'Creates a public IPv4 address pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only. To monitor the status of pool creation, use DescribePublicIpv4Pools.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreatePublicIpv4PoolResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: TagSpecification - in: query - required: false - description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreatePublicIpv4Pool - operationId: POST_CreatePublicIpv4Pool - description: 'Creates a public IPv4 address pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only. To monitor the status of pool creation, use DescribePublicIpv4Pools.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreatePublicIpv4PoolResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreatePublicIpv4PoolRequest' - parameters: [] - /?Action=CreateReplaceRootVolumeTask&Version=2016-11-15: - get: - x-aws-operation-name: CreateReplaceRootVolumeTask - operationId: GET_CreateReplaceRootVolumeTask - description: '

Creates a root volume replacement task for an Amazon EC2 instance. The root volume can either be restored to its initial launch state, or it can be restored using a specific snapshot.

For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateReplaceRootVolumeTaskResult' - parameters: - - name: InstanceId - in: query - required: true - description: The ID of the instance for which to replace the root volume. - schema: - type: string - - name: SnapshotId - in: query - required: false - description: 'The ID of the snapshot from which to restore the replacement root volume. If you want to restore the volume to the initial launch state, omit this parameter.' - schema: - type: string - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier you provide to ensure the idempotency of the request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency. For more information, see Ensuring idempotency.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: TagSpecification - in: query - required: false - description: The tags to apply to the root volume replacement task. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateReplaceRootVolumeTask - operationId: POST_CreateReplaceRootVolumeTask - description: '

Creates a root volume replacement task for an Amazon EC2 instance. The root volume can either be restored to its initial launch state, or it can be restored using a specific snapshot.

For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateReplaceRootVolumeTaskResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateReplaceRootVolumeTaskRequest' - parameters: [] - /?Action=CreateReservedInstancesListing&Version=2016-11-15: - get: - x-aws-operation-name: CreateReservedInstancesListing - operationId: GET_CreateReservedInstancesListing - description: '

Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the Reserved Instance Marketplace. You can submit one Standard Reserved Instance listing at a time. To get a list of your Standard Reserved Instances, you can use the DescribeReservedInstances operation.

Only Standard Reserved Instances can be sold in the Reserved Instance Marketplace. Convertible Reserved Instances cannot be sold.

The Reserved Instance Marketplace matches sellers who want to resell Standard Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.

To sell your Standard Reserved Instances, you must first register as a seller in the Reserved Instance Marketplace. After completing the registration process, you can create a Reserved Instance Marketplace listing of some or all of your Standard Reserved Instances, and specify the upfront price to receive for them. Your Standard Reserved Instance listings then become available for purchase. To view the details of your Standard Reserved Instance listing, you can use the DescribeReservedInstancesListings operation.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateReservedInstancesListingResult' - parameters: - - name: ClientToken - in: query - required: true - description: 'Unique, case-sensitive identifier you provide to ensure idempotency of your listings. This helps avoid duplicate listings. For more information, see Ensuring Idempotency.' - schema: - type: string - - name: InstanceCount - in: query - required: true - description: The number of instances that are a part of a Reserved Instance account to be listed in the Reserved Instance Marketplace. This number should be less than or equal to the instance count associated with the Reserved Instance ID specified in this call. - schema: - type: integer - - name: PriceSchedules - in: query - required: true - description: A list specifying the price of the Standard Reserved Instance for each month remaining in the Reserved Instance term. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/PriceScheduleSpecification' - - xml: - name: item - - name: ReservedInstancesId - in: query - required: true - description: The ID of the active Standard Reserved Instance. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateReservedInstancesListing - operationId: POST_CreateReservedInstancesListing - description: '

Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the Reserved Instance Marketplace. You can submit one Standard Reserved Instance listing at a time. To get a list of your Standard Reserved Instances, you can use the DescribeReservedInstances operation.

Only Standard Reserved Instances can be sold in the Reserved Instance Marketplace. Convertible Reserved Instances cannot be sold.

The Reserved Instance Marketplace matches sellers who want to resell Standard Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.

To sell your Standard Reserved Instances, you must first register as a seller in the Reserved Instance Marketplace. After completing the registration process, you can create a Reserved Instance Marketplace listing of some or all of your Standard Reserved Instances, and specify the upfront price to receive for them. Your Standard Reserved Instance listings then become available for purchase. To view the details of your Standard Reserved Instance listing, you can use the DescribeReservedInstancesListings operation.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateReservedInstancesListingResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateReservedInstancesListingRequest' - parameters: [] - /?Action=CreateRestoreImageTask&Version=2016-11-15: - get: - x-aws-operation-name: CreateRestoreImageTask - operationId: GET_CreateRestoreImageTask - description: '

Starts a task that restores an AMI from an Amazon S3 object that was previously created by using CreateStoreImageTask.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateRestoreImageTaskResult' - parameters: - - name: Bucket - in: query - required: true - description: The name of the Amazon S3 bucket that contains the stored AMI object. - schema: - type: string - - name: ObjectKey - in: query - required: true - description: The name of the stored AMI object in the bucket. - schema: - type: string - - name: Name - in: query - required: false - description: 'The name for the restored AMI. The name must be unique for AMIs in the Region for this account. If you do not provide a name, the new AMI gets the same name as the original AMI.' - schema: - type: string - - name: TagSpecification - in: query - required: false - description: '

The tags to apply to the AMI and snapshots on restoration. You can tag the AMI, the snapshots, or both.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateRestoreImageTask - operationId: POST_CreateRestoreImageTask - description: '

Starts a task that restores an AMI from an Amazon S3 object that was previously created by using CreateStoreImageTask.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateRestoreImageTaskResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateRestoreImageTaskRequest' - parameters: [] - /?Action=CreateRoute&Version=2016-11-15: - get: - x-aws-operation-name: CreateRoute - operationId: GET_CreateRoute - description: '

Creates a route in a route table within a VPC.

You must specify one of the following targets: internet gateway or virtual private gateway, NAT instance, NAT gateway, VPC peering connection, network interface, egress-only internet gateway, or transit gateway.

When determining how to route traffic, we use the route with the most specific match. For example, traffic is destined for the IPv4 address 192.0.2.3, and the route table includes the following two IPv4 routes:

Both routes apply to the traffic destined for 192.0.2.3. However, the second route in the list covers a smaller number of IP addresses and is therefore more specific, so we use that route to determine where to target the traffic.

For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateRouteResult' - parameters: - - name: DestinationCidrBlock - in: query - required: false - description: 'The IPv4 CIDR address block used for the destination match. Routing decisions are based on the most specific match. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.' - schema: - type: string - - name: DestinationIpv6CidrBlock - in: query - required: false - description: The IPv6 CIDR block used for the destination match. Routing decisions are based on the most specific match. - schema: - type: string - - name: DestinationPrefixListId - in: query - required: false - description: The ID of a prefix list used for the destination match. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcEndpointId - in: query - required: false - description: The ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only. - schema: - type: string - - name: EgressOnlyInternetGatewayId - in: query - required: false - description: '[IPv6 traffic only] The ID of an egress-only internet gateway.' - schema: - type: string - - name: GatewayId - in: query - required: false - description: The ID of an internet gateway or virtual private gateway attached to your VPC. - schema: - type: string - - name: InstanceId - in: query - required: false - description: The ID of a NAT instance in your VPC. The operation fails if you specify an instance ID unless exactly one network interface is attached. - schema: - type: string - - name: NatGatewayId - in: query - required: false - description: '[IPv4 traffic only] The ID of a NAT gateway.' - schema: - type: string - - name: TransitGatewayId - in: query - required: false - description: The ID of a transit gateway. - schema: - type: string - - name: LocalGatewayId - in: query - required: false - description: The ID of the local gateway. - schema: - type: string - - name: CarrierGatewayId - in: query - required: false - description:

The ID of the carrier gateway.

You can only use this option when the VPC contains a subnet which is associated with a Wavelength Zone.

- schema: - type: string - - name: NetworkInterfaceId - in: query - required: false - description: The ID of a network interface. - schema: - type: string - - name: RouteTableId - in: query - required: true - description: The ID of the route table for the route. - schema: - type: string - - name: VpcPeeringConnectionId - in: query - required: false - description: The ID of a VPC peering connection. - schema: - type: string - - name: CoreNetworkArn - in: query - required: false - description: The Amazon Resource Name (ARN) of the core network. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateRoute - operationId: POST_CreateRoute - description: '

Creates a route in a route table within a VPC.

You must specify one of the following targets: internet gateway or virtual private gateway, NAT instance, NAT gateway, VPC peering connection, network interface, egress-only internet gateway, or transit gateway.

When determining how to route traffic, we use the route with the most specific match. For example, traffic is destined for the IPv4 address 192.0.2.3, and the route table includes the following two IPv4 routes:

Both routes apply to the traffic destined for 192.0.2.3. However, the second route in the list covers a smaller number of IP addresses and is therefore more specific, so we use that route to determine where to target the traffic.

For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateRouteResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateRouteRequest' - parameters: [] - /?Action=CreateRouteTable&Version=2016-11-15: - get: - x-aws-operation-name: CreateRouteTable - operationId: GET_CreateRouteTable - description: '

Creates a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateRouteTableResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to assign to the route table. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateRouteTable - operationId: POST_CreateRouteTable - description: '

Creates a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateRouteTableResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateRouteTableRequest' - parameters: [] - /?Action=CreateSecurityGroup&Version=2016-11-15: - get: - x-aws-operation-name: CreateSecurityGroup - operationId: GET_CreateSecurityGroup - description: '

Creates a security group.

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For more information, see Amazon EC2 security groups in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC in the Amazon Virtual Private Cloud User Guide.

When you create a security group, you specify a friendly name of your choice. You can have a security group for use in EC2-Classic with the same name as a security group for use in a VPC. However, you can''t have two security groups for use in EC2-Classic with the same name or two security groups for use in a VPC with the same name.

You have a default security group for use in EC2-Classic and a default security group for use in your VPC. If you don''t specify a security group when you launch an instance, the instance is launched into the appropriate default security group. A default security group includes a default rule that grants instances unrestricted network access to each other.

You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress, AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and RevokeSecurityGroupEgress.

For more information about VPC security group limits, see Amazon VPC Limits.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSecurityGroupResult' - parameters: - - name: GroupDescription - in: query - required: true - description: '

A description for the security group. This is informational only.

Constraints: Up to 255 characters in length

Constraints for EC2-Classic: ASCII characters

Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

' - schema: - type: string - - name: GroupName - in: query - required: true - description: '

The name of the security group.

Constraints: Up to 255 characters in length. Cannot start with sg-.

Constraints for EC2-Classic: ASCII characters

Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

' - schema: - type: string - - name: VpcId - in: query - required: false - description: '[EC2-VPC] The ID of the VPC. Required for EC2-VPC.' - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to assign to the security group. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateSecurityGroup - operationId: POST_CreateSecurityGroup - description: '

Creates a security group.

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For more information, see Amazon EC2 security groups in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC in the Amazon Virtual Private Cloud User Guide.

When you create a security group, you specify a friendly name of your choice. You can have a security group for use in EC2-Classic with the same name as a security group for use in a VPC. However, you can''t have two security groups for use in EC2-Classic with the same name or two security groups for use in a VPC with the same name.

You have a default security group for use in EC2-Classic and a default security group for use in your VPC. If you don''t specify a security group when you launch an instance, the instance is launched into the appropriate default security group. A default security group includes a default rule that grants instances unrestricted network access to each other.

You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress, AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and RevokeSecurityGroupEgress.

For more information about VPC security group limits, see Amazon VPC Limits.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSecurityGroupResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSecurityGroupRequest' - parameters: [] - /?Action=CreateSnapshot&Version=2016-11-15: - get: - x-aws-operation-name: CreateSnapshot - operationId: GET_CreateSnapshot - description: '

Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for backups, to make copies of EBS volumes, and to save data before shutting down an instance.

You can create snapshots of volumes in a Region and volumes on an Outpost. If you create a snapshot of a volume in a Region, the snapshot must be stored in the same Region as the volume. If you create a snapshot of a volume on an Outpost, the snapshot can be stored on the same Outpost as the volume, or in the Region for that Outpost.

When a snapshot is created, any Amazon Web Services Marketplace product codes that are associated with the source volume are propagated to the snapshot.

You can take a snapshot of an attached volume that is in use. However, snapshots only capture data that has been written to your Amazon EBS volume at the time the snapshot command is issued; this might exclude any data that has been cached by any applications or the operating system. If you can pause any file systems on the volume long enough to take a snapshot, your snapshot should be complete. However, if you cannot pause all file writes to the volume, you should unmount the volume from within the instance, issue the snapshot command, and then remount the volume to ensure a consistent and complete snapshot. You may remount and use your volume while the snapshot status is pending.

To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot.

Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically encrypted. Your encrypted volumes and any associated snapshots always remain protected.

You can tag your snapshots during creation. For more information, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.

For more information, see Amazon Elastic Block Store and Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/Snapshot' - parameters: - - name: Description - in: query - required: false - description: A description for the snapshot. - schema: - type: string - - name: OutpostArn - in: query - required: false - description: '

The Amazon Resource Name (ARN) of the Outpost on which to create a local snapshot.

For more information, see Create local snapshots from volumes on an Outpost in the Amazon Elastic Compute Cloud User Guide.

' - schema: - type: string - - name: VolumeId - in: query - required: true - description: The ID of the Amazon EBS volume. - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to apply to the snapshot during creation. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateSnapshot - operationId: POST_CreateSnapshot - description: '

Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for backups, to make copies of EBS volumes, and to save data before shutting down an instance.

You can create snapshots of volumes in a Region and volumes on an Outpost. If you create a snapshot of a volume in a Region, the snapshot must be stored in the same Region as the volume. If you create a snapshot of a volume on an Outpost, the snapshot can be stored on the same Outpost as the volume, or in the Region for that Outpost.

When a snapshot is created, any Amazon Web Services Marketplace product codes that are associated with the source volume are propagated to the snapshot.

You can take a snapshot of an attached volume that is in use. However, snapshots only capture data that has been written to your Amazon EBS volume at the time the snapshot command is issued; this might exclude any data that has been cached by any applications or the operating system. If you can pause any file systems on the volume long enough to take a snapshot, your snapshot should be complete. However, if you cannot pause all file writes to the volume, you should unmount the volume from within the instance, issue the snapshot command, and then remount the volume to ensure a consistent and complete snapshot. You may remount and use your volume while the snapshot status is pending.

To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot.

Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically encrypted. Your encrypted volumes and any associated snapshots always remain protected.

You can tag your snapshots during creation. For more information, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.

For more information, see Amazon Elastic Block Store and Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/Snapshot' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSnapshotRequest' - parameters: [] - /?Action=CreateSnapshots&Version=2016-11-15: - get: - x-aws-operation-name: CreateSnapshots - operationId: GET_CreateSnapshots - description: '

Creates crash-consistent snapshots of multiple EBS volumes and stores the data in S3. Volumes are chosen by specifying an instance. Any attached volumes will produce one snapshot each that is crash-consistent across the instance. Boot volumes can be excluded by changing the parameters.

You can create multi-volume snapshots of instances in a Region and instances on an Outpost. If you create snapshots from an instance in a Region, the snapshots must be stored in the same Region as the instance. If you create snapshots from an instance on an Outpost, the snapshots can be stored on the same Outpost as the instance, or in the Region for that Outpost.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSnapshotsResult' - parameters: - - name: Description - in: query - required: false - description: ' A description propagated to every snapshot specified by the instance.' - schema: - type: string - - name: InstanceSpecification - in: query - required: true - description: The instance to specify which volumes should be included in the snapshots. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Excludes the root volume from being snapshotted. - description: The instance details to specify which volumes should be snapshotted. - - name: OutpostArn - in: query - required: false - description: '

The Amazon Resource Name (ARN) of the Outpost on which to create the local snapshots.

For more information, see Create multi-volume local snapshots from instances on an Outpost in the Amazon Elastic Compute Cloud User Guide.

' - schema: - type: string - - name: TagSpecification - in: query - required: false - description: Tags to apply to every snapshot specified by the instance. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: CopyTagsFromSource - in: query - required: false - description: Copies the tags from the specified volume to corresponding snapshot. - schema: - type: string - enum: - - volume - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateSnapshots - operationId: POST_CreateSnapshots - description: '

Creates crash-consistent snapshots of multiple EBS volumes and stores the data in S3. Volumes are chosen by specifying an instance. Any attached volumes will produce one snapshot each that is crash-consistent across the instance. Boot volumes can be excluded by changing the parameters.

You can create multi-volume snapshots of instances in a Region and instances on an Outpost. If you create snapshots from an instance in a Region, the snapshots must be stored in the same Region as the instance. If you create snapshots from an instance on an Outpost, the snapshots can be stored on the same Outpost as the instance, or in the Region for that Outpost.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSnapshotsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSnapshotsRequest' - parameters: [] - /?Action=CreateSpotDatafeedSubscription&Version=2016-11-15: - get: - x-aws-operation-name: CreateSpotDatafeedSubscription - operationId: GET_CreateSpotDatafeedSubscription - description: 'Creates a data feed for Spot Instances, enabling you to view Spot Instance usage logs. You can create one data feed per Amazon Web Services account. For more information, see Spot Instance data feed in the Amazon EC2 User Guide for Linux Instances.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSpotDatafeedSubscriptionResult' - parameters: - - name: Bucket - in: query - required: true - description: 'The name of the Amazon S3 bucket in which to store the Spot Instance data feed. For more information about bucket names, see Rules for bucket naming in the Amazon S3 Developer Guide.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Prefix - in: query - required: false - description: The prefix for the data feed file names. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateSpotDatafeedSubscription - operationId: POST_CreateSpotDatafeedSubscription - description: 'Creates a data feed for Spot Instances, enabling you to view Spot Instance usage logs. You can create one data feed per Amazon Web Services account. For more information, see Spot Instance data feed in the Amazon EC2 User Guide for Linux Instances.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSpotDatafeedSubscriptionResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSpotDatafeedSubscriptionRequest' - parameters: [] - /?Action=CreateStoreImageTask&Version=2016-11-15: - get: - x-aws-operation-name: CreateStoreImageTask - operationId: GET_CreateStoreImageTask - description: '

Stores an AMI as a single object in an Amazon S3 bucket.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateStoreImageTaskResult' - parameters: - - name: ImageId - in: query - required: true - description: The ID of the AMI. - schema: - type: string - - name: Bucket - in: query - required: true - description: 'The name of the Amazon S3 bucket in which the AMI object will be stored. The bucket must be in the Region in which the request is being made. The AMI object appears in the bucket only after the upload task has completed. ' - schema: - type: string - - name: S3ObjectTag - in: query - required: false - description: 'The tags to apply to the AMI object that will be stored in the Amazon S3 bucket. ' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/S3ObjectTag' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateStoreImageTask - operationId: POST_CreateStoreImageTask - description: '

Stores an AMI as a single object in an Amazon S3 bucket.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateStoreImageTaskResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateStoreImageTaskRequest' - parameters: [] - /?Action=CreateSubnet&Version=2016-11-15: - get: - x-aws-operation-name: CreateSubnet - operationId: GET_CreateSubnet - description: '

Creates a subnet in a specified VPC.

You must specify an IPv4 CIDR block for the subnet. After you create a subnet, you can''t change its CIDR block. The allowed block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP addresses). The CIDR block must not overlap with the CIDR block of an existing subnet in the VPC.

If you''ve associated an IPv6 CIDR block with your VPC, you can create a subnet with an IPv6 CIDR block that uses a /64 prefix length.

Amazon Web Services reserves both the first four and the last IPv4 address in each subnet''s CIDR block. They''re not available for use.

If you add more than one subnet to a VPC, they''re set up in a star topology with a logical router in the middle.

When you stop an instance in a subnet, it retains its private IPv4 address. It''s therefore possible to have a subnet with no running instances (they''re all stopped), but no remaining IP addresses available.

For more information about subnets, see Your VPC and subnets in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSubnetResult' - parameters: - - name: TagSpecification - in: query - required: false - description: The tags to assign to the subnet. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: AvailabilityZone - in: query - required: false - description: '

The Availability Zone or Local Zone for the subnet.

Default: Amazon Web Services selects one for you. If you create more than one subnet in your VPC, we do not necessarily select a different zone for each subnet.

To create a subnet in a Local Zone, set this value to the Local Zone ID, for example us-west-2-lax-1a. For information about the Regions that support Local Zones, see Available Regions in the Amazon Elastic Compute Cloud User Guide.

To create a subnet in an Outpost, set this value to the Availability Zone for the Outpost and specify the Outpost ARN.

' - schema: - type: string - - name: AvailabilityZoneId - in: query - required: false - description: The AZ ID or the Local Zone ID of the subnet. - schema: - type: string - - name: CidrBlock - in: query - required: false - description: '

The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.

This parameter is not supported for an IPv6 only subnet.

' - schema: - type: string - - name: Ipv6CidrBlock - in: query - required: false - description: '

The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.

This parameter is required for an IPv6 only subnet.

' - schema: - type: string - - name: OutpostArn - in: query - required: false - description: 'The Amazon Resource Name (ARN) of the Outpost. If you specify an Outpost ARN, you must also specify the Availability Zone of the Outpost subnet.' - schema: - type: string - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Ipv6Native - in: query - required: false - description: Indicates whether to create an IPv6 only subnet. - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateSubnet - operationId: POST_CreateSubnet - description: '

Creates a subnet in a specified VPC.

You must specify an IPv4 CIDR block for the subnet. After you create a subnet, you can''t change its CIDR block. The allowed block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP addresses). The CIDR block must not overlap with the CIDR block of an existing subnet in the VPC.

If you''ve associated an IPv6 CIDR block with your VPC, you can create a subnet with an IPv6 CIDR block that uses a /64 prefix length.

Amazon Web Services reserves both the first four and the last IPv4 address in each subnet''s CIDR block. They''re not available for use.

If you add more than one subnet to a VPC, they''re set up in a star topology with a logical router in the middle.

When you stop an instance in a subnet, it retains its private IPv4 address. It''s therefore possible to have a subnet with no running instances (they''re all stopped), but no remaining IP addresses available.

For more information about subnets, see Your VPC and subnets in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSubnetResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSubnetRequest' - parameters: [] - /?Action=CreateSubnetCidrReservation&Version=2016-11-15: - get: - x-aws-operation-name: CreateSubnetCidrReservation - operationId: GET_CreateSubnetCidrReservation - description: 'Creates a subnet CIDR reservation. For information about subnet CIDR reservations, see Subnet CIDR reservations in the Amazon Virtual Private Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSubnetCidrReservationResult' - parameters: - - name: SubnetId - in: query - required: true - description: The ID of the subnet. - schema: - type: string - - name: Cidr - in: query - required: true - description: The IPv4 or IPV6 CIDR range to reserve. - schema: - type: string - - name: ReservationType - in: query - required: true - description: '

The type of reservation.

The following are valid values:

' - schema: - type: string - enum: - - prefix - - explicit - - name: Description - in: query - required: false - description: The description to assign to the subnet CIDR reservation. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: TagSpecification - in: query - required: false - description: The tags to assign to the subnet CIDR reservation. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateSubnetCidrReservation - operationId: POST_CreateSubnetCidrReservation - description: 'Creates a subnet CIDR reservation. For information about subnet CIDR reservations, see Subnet CIDR reservations in the Amazon Virtual Private Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSubnetCidrReservationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSubnetCidrReservationRequest' - parameters: [] - /?Action=CreateTags&Version=2016-11-15: - get: - x-aws-operation-name: CreateTags - operationId: GET_CreateTags - description: '

Adds or overwrites only the specified tags for the specified Amazon EC2 resource or resources. When you specify an existing tag key, the value is overwritten with the new value. Each resource can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique per resource.

For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide. For more information about creating IAM policies that control users'' access to resources based on tags, see Supported Resource-Level Permissions for Amazon EC2 API Actions in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ResourceId - in: query - required: true - description: '

The IDs of the resources, separated by spaces.

Constraints: Up to 1000 resource IDs. We recommend breaking up this request into smaller batches.

' - schema: - type: array - items: - $ref: '#/components/schemas/TaggableResourceId' - - name: Tag - in: query - required: true - description: 'The tags. The value parameter is required, but if you don''t want the tag to have a value, specify the parameter with no value, and we set the value to an empty string.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateTags - operationId: POST_CreateTags - description: '

Adds or overwrites only the specified tags for the specified Amazon EC2 resource or resources. When you specify an existing tag key, the value is overwritten with the new value. Each resource can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique per resource.

For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide. For more information about creating IAM policies that control users'' access to resources based on tags, see Supported Resource-Level Permissions for Amazon EC2 API Actions in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTagsRequest' - parameters: [] - /?Action=CreateTrafficMirrorFilter&Version=2016-11-15: - get: - x-aws-operation-name: CreateTrafficMirrorFilter - operationId: GET_CreateTrafficMirrorFilter - description: '

Creates a Traffic Mirror filter.

A Traffic Mirror filter is a set of rules that defines the traffic to mirror.

By default, no traffic is mirrored. To mirror traffic, use CreateTrafficMirrorFilterRule to add Traffic Mirror rules to the filter. The rules you add define what traffic gets mirrored. You can also use ModifyTrafficMirrorFilterNetworkServices to mirror supported network services.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTrafficMirrorFilterResult' - parameters: - - name: Description - in: query - required: false - description: The description of the Traffic Mirror filter. - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to assign to a Traffic Mirror filter. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateTrafficMirrorFilter - operationId: POST_CreateTrafficMirrorFilter - description: '

Creates a Traffic Mirror filter.

A Traffic Mirror filter is a set of rules that defines the traffic to mirror.

By default, no traffic is mirrored. To mirror traffic, use CreateTrafficMirrorFilterRule to add Traffic Mirror rules to the filter. The rules you add define what traffic gets mirrored. You can also use ModifyTrafficMirrorFilterNetworkServices to mirror supported network services.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTrafficMirrorFilterResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTrafficMirrorFilterRequest' - parameters: [] - /?Action=CreateTrafficMirrorFilterRule&Version=2016-11-15: - get: - x-aws-operation-name: CreateTrafficMirrorFilterRule - operationId: GET_CreateTrafficMirrorFilterRule - description:

Creates a Traffic Mirror filter rule.

A Traffic Mirror rule defines the Traffic Mirror source traffic to mirror.

You need the Traffic Mirror filter ID when you create the rule.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTrafficMirrorFilterRuleResult' - parameters: - - name: TrafficMirrorFilterId - in: query - required: true - description: The ID of the filter that this rule is associated with. - schema: - type: string - - name: TrafficDirection - in: query - required: true - description: The type of traffic. - schema: - type: string - enum: - - ingress - - egress - - name: RuleNumber - in: query - required: true - description: The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number. - schema: - type: integer - - name: RuleAction - in: query - required: true - description: The action to take on the filtered traffic. - schema: - type: string - enum: - - accept - - reject - - name: DestinationPortRange - in: query - required: false - description: The destination port range. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The last port in the Traffic Mirror port range. This applies to the TCP and UDP protocols. - description: Information about the Traffic Mirror filter rule port range. - - name: SourcePortRange - in: query - required: false - description: The source port range. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The last port in the Traffic Mirror port range. This applies to the TCP and UDP protocols. - description: Information about the Traffic Mirror filter rule port range. - - name: Protocol - in: query - required: false - description: '

The protocol, for example UDP, to assign to the Traffic Mirror rule.

For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.

' - schema: - type: integer - - name: DestinationCidrBlock - in: query - required: true - description: The destination CIDR block to assign to the Traffic Mirror rule. - schema: - type: string - - name: SourceCidrBlock - in: query - required: true - description: The source CIDR block to assign to the Traffic Mirror rule. - schema: - type: string - - name: Description - in: query - required: false - description: The description of the Traffic Mirror rule. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateTrafficMirrorFilterRule - operationId: POST_CreateTrafficMirrorFilterRule - description:

Creates a Traffic Mirror filter rule.

A Traffic Mirror rule defines the Traffic Mirror source traffic to mirror.

You need the Traffic Mirror filter ID when you create the rule.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTrafficMirrorFilterRuleResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTrafficMirrorFilterRuleRequest' - parameters: [] - /?Action=CreateTrafficMirrorSession&Version=2016-11-15: - get: - x-aws-operation-name: CreateTrafficMirrorSession - operationId: GET_CreateTrafficMirrorSession - description: '

Creates a Traffic Mirror session.

A Traffic Mirror session actively copies packets from a Traffic Mirror source to a Traffic Mirror target. Create a filter, and then assign it to the session to define a subset of the traffic to mirror, for example all TCP traffic.

The Traffic Mirror source and the Traffic Mirror target (monitoring appliances) can be in the same VPC, or in a different VPC connected via VPC peering or a transit gateway.

By default, no traffic is mirrored. Use CreateTrafficMirrorFilter to create filter rules that specify the traffic to mirror.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTrafficMirrorSessionResult' - parameters: - - name: NetworkInterfaceId - in: query - required: true - description: The ID of the source network interface. - schema: - type: string - - name: TrafficMirrorTargetId - in: query - required: true - description: The ID of the Traffic Mirror target. - schema: - type: string - - name: TrafficMirrorFilterId - in: query - required: true - description: The ID of the Traffic Mirror filter. - schema: - type: string - - name: PacketLength - in: query - required: false - description: '

The number of bytes in each packet to mirror. These are bytes after the VXLAN header. Do not specify this parameter when you want to mirror the entire packet. To mirror a subset of the packet, set this to the length (in bytes) that you want to mirror. For example, if you set this value to 100, then the first 100 bytes that meet the filter criteria are copied to the target.

If you do not want to mirror the entire packet, use the PacketLength parameter to specify the number of bytes in each packet to mirror.

' - schema: - type: integer - - name: SessionNumber - in: query - required: true - description:

The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.

Valid values are 1-32766.

- schema: - type: integer - - name: VirtualNetworkId - in: query - required: false - description: 'The VXLAN ID for the Traffic Mirror session. For more information about the VXLAN protocol, see RFC 7348. If you do not specify a VirtualNetworkId, an account-wide unique id is chosen at random.' - schema: - type: integer - - name: Description - in: query - required: false - description: The description of the Traffic Mirror session. - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to assign to a Traffic Mirror session. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateTrafficMirrorSession - operationId: POST_CreateTrafficMirrorSession - description: '

Creates a Traffic Mirror session.

A Traffic Mirror session actively copies packets from a Traffic Mirror source to a Traffic Mirror target. Create a filter, and then assign it to the session to define a subset of the traffic to mirror, for example all TCP traffic.

The Traffic Mirror source and the Traffic Mirror target (monitoring appliances) can be in the same VPC, or in a different VPC connected via VPC peering or a transit gateway.

By default, no traffic is mirrored. Use CreateTrafficMirrorFilter to create filter rules that specify the traffic to mirror.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTrafficMirrorSessionResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTrafficMirrorSessionRequest' - parameters: [] - /?Action=CreateTrafficMirrorTarget&Version=2016-11-15: - get: - x-aws-operation-name: CreateTrafficMirrorTarget - operationId: GET_CreateTrafficMirrorTarget - description: '

Creates a target for your Traffic Mirror session.

A Traffic Mirror target is the destination for mirrored traffic. The Traffic Mirror source and the Traffic Mirror target (monitoring appliances) can be in the same VPC, or in different VPCs connected via VPC peering or a transit gateway.

A Traffic Mirror target can be a network interface, a Network Load Balancer, or a Gateway Load Balancer endpoint.

To use the target in a Traffic Mirror session, use CreateTrafficMirrorSession.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTrafficMirrorTargetResult' - parameters: - - name: NetworkInterfaceId - in: query - required: false - description: The network interface ID that is associated with the target. - schema: - type: string - - name: NetworkLoadBalancerArn - in: query - required: false - description: The Amazon Resource Name (ARN) of the Network Load Balancer that is associated with the target. - schema: - type: string - - name: Description - in: query - required: false - description: The description of the Traffic Mirror target. - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to assign to the Traffic Mirror target. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - - name: GatewayLoadBalancerEndpointId - in: query - required: false - description: The ID of the Gateway Load Balancer endpoint. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateTrafficMirrorTarget - operationId: POST_CreateTrafficMirrorTarget - description: '

Creates a target for your Traffic Mirror session.

A Traffic Mirror target is the destination for mirrored traffic. The Traffic Mirror source and the Traffic Mirror target (monitoring appliances) can be in the same VPC, or in different VPCs connected via VPC peering or a transit gateway.

A Traffic Mirror target can be a network interface, a Network Load Balancer, or a Gateway Load Balancer endpoint.

To use the target in a Traffic Mirror session, use CreateTrafficMirrorSession.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTrafficMirrorTargetResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTrafficMirrorTargetRequest' - parameters: [] - /?Action=CreateTransitGateway&Version=2016-11-15: - get: - x-aws-operation-name: CreateTransitGateway - operationId: GET_CreateTransitGateway - description: '

Creates a transit gateway.

You can use a transit gateway to interconnect your virtual private clouds (VPC) and on-premises networks. After the transit gateway enters the available state, you can attach your VPCs and VPN connections to the transit gateway.

To attach your VPCs, use CreateTransitGatewayVpcAttachment.

To attach a VPN connection, use CreateCustomerGateway to create a customer gateway and specify the ID of the customer gateway and the ID of the transit gateway in a call to CreateVpnConnection.

When you create a transit gateway, we create a default transit gateway route table and use it as the default association route table and the default propagation route table. You can use CreateTransitGatewayRouteTable to create additional transit gateway route tables. If you disable automatic route propagation, we do not create a default transit gateway route table. You can use EnableTransitGatewayRouteTablePropagation to propagate routes from a resource attachment to a transit gateway route table. If you disable automatic associations, you can use AssociateTransitGatewayRouteTable to associate a resource attachment with a transit gateway route table.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayResult' - parameters: - - name: Description - in: query - required: false - description: A description of the transit gateway. - schema: - type: string - - name: Options - in: query - required: false - description: The transit gateway options. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayCidrBlockStringList' - - description: 'One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6.' - description: Describes the options for a transit gateway. - - name: TagSpecification - in: query - required: false - description: The tags to apply to the transit gateway. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateTransitGateway - operationId: POST_CreateTransitGateway - description: '

Creates a transit gateway.

You can use a transit gateway to interconnect your virtual private clouds (VPC) and on-premises networks. After the transit gateway enters the available state, you can attach your VPCs and VPN connections to the transit gateway.

To attach your VPCs, use CreateTransitGatewayVpcAttachment.

To attach a VPN connection, use CreateCustomerGateway to create a customer gateway and specify the ID of the customer gateway and the ID of the transit gateway in a call to CreateVpnConnection.

When you create a transit gateway, we create a default transit gateway route table and use it as the default association route table and the default propagation route table. You can use CreateTransitGatewayRouteTable to create additional transit gateway route tables. If you disable automatic route propagation, we do not create a default transit gateway route table. You can use EnableTransitGatewayRouteTablePropagation to propagate routes from a resource attachment to a transit gateway route table. If you disable automatic associations, you can use AssociateTransitGatewayRouteTable to associate a resource attachment with a transit gateway route table.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayRequest' - parameters: [] - /?Action=CreateTransitGatewayConnect&Version=2016-11-15: - get: - x-aws-operation-name: CreateTransitGatewayConnect - operationId: GET_CreateTransitGatewayConnect - description:

Creates a Connect attachment from a specified transit gateway attachment. A Connect attachment is a GRE-based tunnel attachment that you can use to establish a connection between a transit gateway and an appliance.

A Connect attachment uses an existing VPC or Amazon Web Services Direct Connect attachment as the underlying transport mechanism.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayConnectResult' - parameters: - - name: TransportTransitGatewayAttachmentId - in: query - required: true - description: The ID of the transit gateway attachment. You can specify a VPC attachment or Amazon Web Services Direct Connect attachment. - schema: - type: string - - name: Options - in: query - required: true - description: The Connect attachment options. - schema: - type: object - required: - - Protocol - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ProtocolValue' - - description: The tunnel protocol. - description: The options for a Connect attachment. - - name: TagSpecification - in: query - required: false - description: The tags to apply to the Connect attachment. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateTransitGatewayConnect - operationId: POST_CreateTransitGatewayConnect - description:

Creates a Connect attachment from a specified transit gateway attachment. A Connect attachment is a GRE-based tunnel attachment that you can use to establish a connection between a transit gateway and an appliance.

A Connect attachment uses an existing VPC or Amazon Web Services Direct Connect attachment as the underlying transport mechanism.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayConnectResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayConnectRequest' - parameters: [] - /?Action=CreateTransitGatewayConnectPeer&Version=2016-11-15: - get: - x-aws-operation-name: CreateTransitGatewayConnectPeer - operationId: GET_CreateTransitGatewayConnectPeer - description: '

Creates a Connect peer for a specified transit gateway Connect attachment between a transit gateway and an appliance.

The peer address and transit gateway address must be the same IP address family (IPv4 or IPv6).

For more information, see Connect peers in the Transit Gateways Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayConnectPeerResult' - parameters: - - name: TransitGatewayAttachmentId - in: query - required: true - description: The ID of the Connect attachment. - schema: - type: string - - name: TransitGatewayAddress - in: query - required: false - description: 'The peer IP address (GRE outer IP address) on the transit gateway side of the Connect peer, which must be specified from a transit gateway CIDR block. If not specified, Amazon automatically assigns the first available IP address from the transit gateway CIDR block.' - schema: - type: string - - name: PeerAddress - in: query - required: true - description: The peer IP address (GRE outer IP address) on the appliance side of the Connect peer. - schema: - type: string - - name: BgpOptions - in: query - required: false - description: The BGP options for the Connect peer. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Long' - - description: The peer Autonomous System Number (ASN). - description: The BGP options for the Connect attachment. - - name: InsideCidrBlocks - in: query - required: true - description: 'The range of inside IP addresses that are used for BGP peering. You must specify a size /29 IPv4 CIDR block from the 169.254.0.0/16 range. The first address from the range must be configured on the appliance as the BGP IP address. You can also optionally specify a size /125 IPv6 CIDR block from the fd00::/8 range.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: TagSpecification - in: query - required: false - description: The tags to apply to the Connect peer. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateTransitGatewayConnectPeer - operationId: POST_CreateTransitGatewayConnectPeer - description: '

Creates a Connect peer for a specified transit gateway Connect attachment between a transit gateway and an appliance.

The peer address and transit gateway address must be the same IP address family (IPv4 or IPv6).

For more information, see Connect peers in the Transit Gateways Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayConnectPeerResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayConnectPeerRequest' - parameters: [] - /?Action=CreateTransitGatewayMulticastDomain&Version=2016-11-15: - get: - x-aws-operation-name: CreateTransitGatewayMulticastDomain - operationId: GET_CreateTransitGatewayMulticastDomain - description: '

Creates a multicast domain using the specified transit gateway.

The transit gateway must be in the available state before you create a domain. Use DescribeTransitGateways to see the state of transit gateway.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayMulticastDomainResult' - parameters: - - name: TransitGatewayId - in: query - required: true - description: The ID of the transit gateway. - schema: - type: string - - name: Options - in: query - required: false - description: The options for the transit gateway multicast domain. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/AutoAcceptSharedAssociationsValue' - - description: Indicates whether to automatically accept cross-account subnet associations that are associated with the transit gateway multicast domain. - description: The options for the transit gateway multicast domain. - - name: TagSpecification - in: query - required: false - description: The tags for the transit gateway multicast domain. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateTransitGatewayMulticastDomain - operationId: POST_CreateTransitGatewayMulticastDomain - description: '

Creates a multicast domain using the specified transit gateway.

The transit gateway must be in the available state before you create a domain. Use DescribeTransitGateways to see the state of transit gateway.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayMulticastDomainResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayMulticastDomainRequest' - parameters: [] - /?Action=CreateTransitGatewayPeeringAttachment&Version=2016-11-15: - get: - x-aws-operation-name: CreateTransitGatewayPeeringAttachment - operationId: GET_CreateTransitGatewayPeeringAttachment - description: '

Requests a transit gateway peering attachment between the specified transit gateway (requester) and a peer transit gateway (accepter). The transit gateways must be in different Regions. The peer transit gateway can be in your account or a different Amazon Web Services account.

After you create the peering attachment, the owner of the accepter transit gateway must accept the attachment request.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayPeeringAttachmentResult' - parameters: - - name: TransitGatewayId - in: query - required: true - description: The ID of the transit gateway. - schema: - type: string - - name: PeerTransitGatewayId - in: query - required: true - description: The ID of the peer transit gateway with which to create the peering attachment. - schema: - type: string - - name: PeerAccountId - in: query - required: true - description: The ID of the Amazon Web Services account that owns the peer transit gateway. - schema: - type: string - - name: PeerRegion - in: query - required: true - description: The Region where the peer transit gateway is located. - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to apply to the transit gateway peering attachment. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateTransitGatewayPeeringAttachment - operationId: POST_CreateTransitGatewayPeeringAttachment - description: '

Requests a transit gateway peering attachment between the specified transit gateway (requester) and a peer transit gateway (accepter). The transit gateways must be in different Regions. The peer transit gateway can be in your account or a different Amazon Web Services account.

After you create the peering attachment, the owner of the accepter transit gateway must accept the attachment request.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayPeeringAttachmentResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayPeeringAttachmentRequest' - parameters: [] - /?Action=CreateTransitGatewayPrefixListReference&Version=2016-11-15: - get: - x-aws-operation-name: CreateTransitGatewayPrefixListReference - operationId: GET_CreateTransitGatewayPrefixListReference - description: Creates a reference (route) to a prefix list in a specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayPrefixListReferenceResult' - parameters: - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the transit gateway route table. - schema: - type: string - - name: PrefixListId - in: query - required: true - description: The ID of the prefix list that is used for destination matches. - schema: - type: string - - name: TransitGatewayAttachmentId - in: query - required: false - description: The ID of the attachment to which traffic is routed. - schema: - type: string - - name: Blackhole - in: query - required: false - description: Indicates whether to drop traffic that matches this route. - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateTransitGatewayPrefixListReference - operationId: POST_CreateTransitGatewayPrefixListReference - description: Creates a reference (route) to a prefix list in a specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayPrefixListReferenceResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayPrefixListReferenceRequest' - parameters: [] - /?Action=CreateTransitGatewayRoute&Version=2016-11-15: - get: - x-aws-operation-name: CreateTransitGatewayRoute - operationId: GET_CreateTransitGatewayRoute - description: Creates a static route for the specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayRouteResult' - parameters: - - name: DestinationCidrBlock - in: query - required: true - description: The CIDR range used for destination matches. Routing decisions are based on the most specific match. - schema: - type: string - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the transit gateway route table. - schema: - type: string - - name: TransitGatewayAttachmentId - in: query - required: false - description: The ID of the attachment. - schema: - type: string - - name: Blackhole - in: query - required: false - description: Indicates whether to drop traffic that matches this route. - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateTransitGatewayRoute - operationId: POST_CreateTransitGatewayRoute - description: Creates a static route for the specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayRouteResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayRouteRequest' - parameters: [] - /?Action=CreateTransitGatewayRouteTable&Version=2016-11-15: - get: - x-aws-operation-name: CreateTransitGatewayRouteTable - operationId: GET_CreateTransitGatewayRouteTable - description: Creates a route table for the specified transit gateway. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayRouteTableResult' - parameters: - - name: TransitGatewayId - in: query - required: true - description: The ID of the transit gateway. - schema: - type: string - - name: TagSpecifications - in: query - required: false - description: The tags to apply to the transit gateway route table. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateTransitGatewayRouteTable - operationId: POST_CreateTransitGatewayRouteTable - description: Creates a route table for the specified transit gateway. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayRouteTableResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayRouteTableRequest' - parameters: [] - /?Action=CreateTransitGatewayVpcAttachment&Version=2016-11-15: - get: - x-aws-operation-name: CreateTransitGatewayVpcAttachment - operationId: GET_CreateTransitGatewayVpcAttachment - description: '

Attaches the specified VPC to the specified transit gateway.

If you attach a VPC with a CIDR range that overlaps the CIDR range of a VPC that is already attached, the new VPC CIDR range is not propagated to the default propagation route table.

To send VPC traffic to an attached transit gateway, add a route to the VPC route table using CreateRoute.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayVpcAttachmentResult' - parameters: - - name: TransitGatewayId - in: query - required: true - description: The ID of the transit gateway. - schema: - type: string - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - - name: SubnetIds - in: query - required: true - description: 'The IDs of one or more subnets. You can specify only one subnet per Availability Zone. You must specify at least one subnet, but we recommend that you specify two subnets for better availability. The transit gateway uses one IP address from each specified subnet.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SubnetId' - - xml: - name: item - - name: Options - in: query - required: false - description: The VPC attachment options. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ApplianceModeSupportValue' - - description: 'Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable.' - description: Describes the options for a VPC attachment. - - name: TagSpecifications - in: query - required: false - description: The tags to apply to the VPC attachment. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateTransitGatewayVpcAttachment - operationId: POST_CreateTransitGatewayVpcAttachment - description: '

Attaches the specified VPC to the specified transit gateway.

If you attach a VPC with a CIDR range that overlaps the CIDR range of a VPC that is already attached, the new VPC CIDR range is not propagated to the default propagation route table.

To send VPC traffic to an attached transit gateway, add a route to the VPC route table using CreateRoute.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayVpcAttachmentResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateTransitGatewayVpcAttachmentRequest' - parameters: [] - /?Action=CreateVolume&Version=2016-11-15: - get: - x-aws-operation-name: CreateVolume - operationId: GET_CreateVolume - description: '

Creates an EBS volume that can be attached to an instance in the same Availability Zone.

You can create a new empty volume or restore a volume from an EBS snapshot. Any Amazon Web Services Marketplace product codes from the snapshot are propagated to the volume.

You can create encrypted volumes. Encrypted volumes must be attached to instances that support Amazon EBS encryption. Volumes that are created from encrypted snapshots are also automatically encrypted. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

You can tag your volumes during creation. For more information, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.

For more information, see Create an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/Volume' - parameters: - - name: AvailabilityZone - in: query - required: true - description: The Availability Zone in which to create the volume. - schema: - type: string - - name: Encrypted - in: query - required: false - description: '

Indicates whether the volume should be encrypted. The effect of setting the encryption state to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see Encryption by default in the Amazon Elastic Compute Cloud User Guide.

Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Supported instance types.

' - schema: - type: boolean - - name: Iops - in: query - required: false - description: '

The number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.

The following are the supported values for each volume type:

io1 and io2 volumes support up to 64,000 IOPS only on Instances built on the Nitro System. Other instance families support performance up to 32,000 IOPS.

This parameter is required for io1 and io2 volumes. The default for gp3 volumes is 3,000 IOPS. This parameter is not supported for gp2, st1, sc1, or standard volumes.

' - schema: - type: integer - - name: KmsKeyId - in: query - required: false - description: '

The identifier of the Key Management Service (KMS) KMS key to use for Amazon EBS encryption. If this parameter is not specified, your KMS key for Amazon EBS is used. If KmsKeyId is specified, the encrypted state must be true.

You can specify the KMS key using any of the following:

Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails.

' - schema: - type: string - - name: OutpostArn - in: query - required: false - description: The Amazon Resource Name (ARN) of the Outpost. - schema: - type: string - - name: Size - in: query - required: false - description: '

The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.

The following are the supported volumes sizes for each volume type:

' - schema: - type: integer - - name: SnapshotId - in: query - required: false - description: The snapshot from which to create the volume. You must specify either a snapshot ID or a volume size. - schema: - type: string - - name: VolumeType - in: query - required: false - description: '

The volume type. This parameter can be one of the following values:

For more information, see Amazon EBS volume types in the Amazon Elastic Compute Cloud User Guide.

Default: gp2

' - schema: - type: string - enum: - - standard - - io1 - - io2 - - gp2 - - sc1 - - st1 - - gp3 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: TagSpecification - in: query - required: false - description: The tags to apply to the volume during creation. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: MultiAttachEnabled - in: query - required: false - description: 'Indicates whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the volume to up to 16 Instances built on the Nitro System in the same Availability Zone. This parameter is supported with io1 and io2 volumes only. For more information, see Amazon EBS Multi-Attach in the Amazon Elastic Compute Cloud User Guide.' - schema: - type: boolean - - name: Throughput - in: query - required: false - description: '

The throughput to provision for a volume, with a maximum of 1,000 MiB/s.

This parameter is valid only for gp3 volumes.

Valid Range: Minimum value of 125. Maximum value of 1000.

' - schema: - type: integer - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency.' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateVolume - operationId: POST_CreateVolume - description: '

Creates an EBS volume that can be attached to an instance in the same Availability Zone.

You can create a new empty volume or restore a volume from an EBS snapshot. Any Amazon Web Services Marketplace product codes from the snapshot are propagated to the volume.

You can create encrypted volumes. Encrypted volumes must be attached to instances that support Amazon EBS encryption. Volumes that are created from encrypted snapshots are also automatically encrypted. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

You can tag your volumes during creation. For more information, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.

For more information, see Create an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/Volume' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVolumeRequest' - parameters: [] - /?Action=CreateVpc&Version=2016-11-15: - get: - x-aws-operation-name: CreateVpc - operationId: GET_CreateVpc - description: '

Creates a VPC with the specified IPv4 CIDR block. The smallest VPC you can create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16 netmask (65,536 IPv4 addresses). For more information about how large to make your VPC, see Your VPC and subnets in the Amazon Virtual Private Cloud User Guide.

You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon''s pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).

By default, each instance you launch in the VPC has the default DHCP options, which include only a default DNS server that we provide (AmazonProvidedDNS). For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

You can specify the instance tenancy value for the VPC when you create it. You can''t change this value for the VPC after you create it. For more information, see Dedicated Instances in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpcResult' - parameters: - - name: CidrBlock - in: query - required: false - description: 'The IPv4 network range for the VPC, in CIDR notation. For example, 10.0.0.0/16. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.' - schema: - type: string - - name: AmazonProvidedIpv6CidrBlock - in: query - required: false - description: 'Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block.' - schema: - type: boolean - - name: Ipv6Pool - in: query - required: false - description: The ID of an IPv6 address pool from which to allocate the IPv6 CIDR block. - schema: - type: string - - name: Ipv6CidrBlock - in: query - required: false - description: '

The IPv6 CIDR block from the IPv6 address pool. You must also specify Ipv6Pool in the request.

To let Amazon choose the IPv6 CIDR block for you, omit this parameter.

' - schema: - type: string - - name: Ipv4IpamPoolId - in: query - required: false - description: 'The ID of an IPv4 IPAM pool you want to use for allocating this VPC''s CIDR. For more information, see What is IPAM? in the Amazon VPC IPAM User Guide. ' - schema: - type: string - - name: Ipv4NetmaskLength - in: query - required: false - description: 'The netmask length of the IPv4 CIDR you want to allocate to this VPC from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide.' - schema: - type: integer - - name: Ipv6IpamPoolId - in: query - required: false - description: 'The ID of an IPv6 IPAM pool which will be used to allocate this VPC an IPv6 CIDR. IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization. For more information, see What is IPAM? in the Amazon VPC IPAM User Guide.' - schema: - type: string - - name: Ipv6NetmaskLength - in: query - required: false - description: 'The netmask length of the IPv6 CIDR you want to allocate to this VPC from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide.' - schema: - type: integer - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceTenancy - in: query - required: false - description: '

The tenancy options for instances launched into the VPC. For default, instances are launched with shared tenancy by default. You can launch instances with any tenancy into a shared tenancy VPC. For dedicated, instances are launched as dedicated tenancy instances by default. You can only launch instances with a tenancy of dedicated or host into a dedicated tenancy VPC.

Important: The host value cannot be used with this parameter. Use the default or dedicated values only.

Default: default

' - schema: - type: string - enum: - - default - - dedicated - - host - - name: Ipv6CidrBlockNetworkBorderGroup - in: query - required: false - description:

The name of the location from which we advertise the IPV6 CIDR block. Use this parameter to limit the address to this location.

You must set AmazonProvidedIpv6CidrBlock to true to use this parameter.

- schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to assign to the VPC. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateVpc - operationId: POST_CreateVpc - description: '

Creates a VPC with the specified IPv4 CIDR block. The smallest VPC you can create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16 netmask (65,536 IPv4 addresses). For more information about how large to make your VPC, see Your VPC and subnets in the Amazon Virtual Private Cloud User Guide.

You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon''s pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).

By default, each instance you launch in the VPC has the default DHCP options, which include only a default DNS server that we provide (AmazonProvidedDNS). For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

You can specify the instance tenancy value for the VPC when you create it. You can''t change this value for the VPC after you create it. For more information, see Dedicated Instances in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpcResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpcRequest' - parameters: [] - /?Action=CreateVpcEndpoint&Version=2016-11-15: - get: - x-aws-operation-name: CreateVpcEndpoint - operationId: GET_CreateVpcEndpoint - description: 'Creates a VPC endpoint for a specified service. An endpoint enables you to create a private connection between your VPC and the service. The service may be provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or another Amazon Web Services account. For more information, see the Amazon Web Services PrivateLink Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpcEndpointResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcEndpointType - in: query - required: false - description: '

The type of endpoint.

Default: Gateway

' - schema: - type: string - enum: - - Interface - - Gateway - - GatewayLoadBalancer - - name: VpcId - in: query - required: true - description: The ID of the VPC in which the endpoint will be used. - schema: - type: string - - name: ServiceName - in: query - required: true - description: 'The service name. To get a list of available services, use the DescribeVpcEndpointServices request, or get the name from the service provider.' - schema: - type: string - - name: PolicyDocument - in: query - required: false - description: '(Interface and gateway endpoints) A policy to attach to the endpoint that controls access to the service. The policy must be in valid JSON format. If this parameter is not specified, we attach a default policy that allows full access to the service.' - schema: - type: string - - name: RouteTableId - in: query - required: false - description: (Gateway endpoint) One or more route table IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/RouteTableId' - - xml: - name: item - - name: SubnetId - in: query - required: false - description: '(Interface and Gateway Load Balancer endpoints) The ID of one or more subnets in which to create an endpoint network interface. For a Gateway Load Balancer endpoint, you can specify one subnet only.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SubnetId' - - xml: - name: item - - name: SecurityGroupId - in: query - required: false - description: (Interface endpoint) The ID of one or more security groups to associate with the endpoint network interface. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: item - - name: IpAddressType - in: query - required: false - description: The IP address type for the endpoint. - schema: - type: string - enum: - - ipv4 - - dualstack - - ipv6 - - name: DnsOptions - in: query - required: false - description: The DNS options for the endpoint. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/DnsRecordIpType' - - description: The DNS records created for the endpoint. - description: Describes the DNS options for an endpoint. - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - - name: PrivateDnsEnabled - in: query - required: false - description: '

(Interface endpoint) Indicates whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service.

To use a private hosted zone, you must set the following VPC attributes to true: enableDnsHostnames and enableDnsSupport. Use ModifyVpcAttribute to set the VPC attributes.

Default: true

' - schema: - type: boolean - - name: TagSpecification - in: query - required: false - description: The tags to associate with the endpoint. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateVpcEndpoint - operationId: POST_CreateVpcEndpoint - description: 'Creates a VPC endpoint for a specified service. An endpoint enables you to create a private connection between your VPC and the service. The service may be provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or another Amazon Web Services account. For more information, see the Amazon Web Services PrivateLink Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpcEndpointResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpcEndpointRequest' - parameters: [] - /?Action=CreateVpcEndpointConnectionNotification&Version=2016-11-15: - get: - x-aws-operation-name: CreateVpcEndpointConnectionNotification - operationId: GET_CreateVpcEndpointConnectionNotification - description: '

Creates a connection notification for a specified VPC endpoint or VPC endpoint service. A connection notification notifies you of specific endpoint events. You must create an SNS topic to receive notifications. For more information, see Create a Topic in the Amazon Simple Notification Service Developer Guide.

You can create a connection notification for interface endpoints only.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpcEndpointConnectionNotificationResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ServiceId - in: query - required: false - description: The ID of the endpoint service. - schema: - type: string - - name: VpcEndpointId - in: query - required: false - description: The ID of the endpoint. - schema: - type: string - - name: ConnectionNotificationArn - in: query - required: true - description: The ARN of the SNS topic for the notifications. - schema: - type: string - - name: ConnectionEvents - in: query - required: true - description: 'One or more endpoint events for which to receive notifications. Valid values are Accept, Connect, Delete, and Reject.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateVpcEndpointConnectionNotification - operationId: POST_CreateVpcEndpointConnectionNotification - description: '

Creates a connection notification for a specified VPC endpoint or VPC endpoint service. A connection notification notifies you of specific endpoint events. You must create an SNS topic to receive notifications. For more information, see Create a Topic in the Amazon Simple Notification Service Developer Guide.

You can create a connection notification for interface endpoints only.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpcEndpointConnectionNotificationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpcEndpointConnectionNotificationRequest' - parameters: [] - /?Action=CreateVpcEndpointServiceConfiguration&Version=2016-11-15: - get: - x-aws-operation-name: CreateVpcEndpointServiceConfiguration - operationId: GET_CreateVpcEndpointServiceConfiguration - description: '

Creates a VPC endpoint service to which service consumers (Amazon Web Services accounts, IAM users, and IAM roles) can connect.

Before you create an endpoint service, you must create one of the following for your service:

If you set the private DNS name, you must prove that you own the private DNS domain name.

For more information, see the Amazon Web Services PrivateLink Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpcEndpointServiceConfigurationResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: AcceptanceRequired - in: query - required: false - description: Indicates whether requests from service consumers to create an endpoint to your service must be accepted manually. - schema: - type: boolean - - name: PrivateDnsName - in: query - required: false - description: (Interface endpoint configuration) The private DNS name to assign to the VPC endpoint service. - schema: - type: string - - name: NetworkLoadBalancerArn - in: query - required: false - description: The Amazon Resource Names (ARNs) of one or more Network Load Balancers for your service. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: GatewayLoadBalancerArn - in: query - required: false - description: The Amazon Resource Names (ARNs) of one or more Gateway Load Balancers. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: SupportedIpAddressType - in: query - required: false - description: The supported IP address types. The possible values are ipv4 and ipv6. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to associate with the service. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateVpcEndpointServiceConfiguration - operationId: POST_CreateVpcEndpointServiceConfiguration - description: '

Creates a VPC endpoint service to which service consumers (Amazon Web Services accounts, IAM users, and IAM roles) can connect.

Before you create an endpoint service, you must create one of the following for your service:

If you set the private DNS name, you must prove that you own the private DNS domain name.

For more information, see the Amazon Web Services PrivateLink Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpcEndpointServiceConfigurationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpcEndpointServiceConfigurationRequest' - parameters: [] - /?Action=CreateVpcPeeringConnection&Version=2016-11-15: - get: - x-aws-operation-name: CreateVpcPeeringConnection - operationId: GET_CreateVpcPeeringConnection - description: '

Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to another Amazon Web Services account and can be in a different Region to the requester VPC. The requester VPC and accepter VPC cannot have overlapping CIDR blocks.

Limitations and rules apply to a VPC peering connection. For more information, see the limitations section in the VPC Peering Guide.

The owner of the accepter VPC must accept the peering request to activate the peering connection. The VPC peering connection request expires after 7 days, after which it cannot be accepted or rejected.

If you create a VPC peering connection request between VPCs with overlapping CIDR blocks, the VPC peering connection has a status of failed.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpcPeeringConnectionResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: PeerOwnerId - in: query - required: false - description: '

The Amazon Web Services account ID of the owner of the accepter VPC.

Default: Your Amazon Web Services account ID

' - schema: - type: string - - name: PeerVpcId - in: query - required: false - description: The ID of the VPC with which you are creating the VPC peering connection. You must specify this parameter in the request. - schema: - type: string - - name: VpcId - in: query - required: false - description: The ID of the requester VPC. You must specify this parameter in the request. - schema: - type: string - - name: PeerRegion - in: query - required: false - description: '

The Region code for the accepter VPC, if the accepter VPC is located in a Region other than the Region in which you make the request.

Default: The Region in which you make the request.

' - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to assign to the peering connection. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateVpcPeeringConnection - operationId: POST_CreateVpcPeeringConnection - description: '

Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to another Amazon Web Services account and can be in a different Region to the requester VPC. The requester VPC and accepter VPC cannot have overlapping CIDR blocks.

Limitations and rules apply to a VPC peering connection. For more information, see the limitations section in the VPC Peering Guide.

The owner of the accepter VPC must accept the peering request to activate the peering connection. The VPC peering connection request expires after 7 days, after which it cannot be accepted or rejected.

If you create a VPC peering connection request between VPCs with overlapping CIDR blocks, the VPC peering connection has a status of failed.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpcPeeringConnectionResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpcPeeringConnectionRequest' - parameters: [] - /?Action=CreateVpnConnection&Version=2016-11-15: - get: - x-aws-operation-name: CreateVpnConnection - operationId: GET_CreateVpnConnection - description: '

Creates a VPN connection between an existing virtual private gateway or transit gateway and a customer gateway. The supported connection type is ipsec.1.

The response includes information that you need to give to your network administrator to configure your customer gateway.

We strongly recommend that you use HTTPS when calling this operation because the response contains sensitive cryptographic information for configuring your customer gateway device.

If you decide to shut down your VPN connection for any reason and later create a new VPN connection, you must reconfigure your customer gateway with the new information returned from this call.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn''t return an error.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpnConnectionResult' - parameters: - - name: CustomerGatewayId - in: query - required: true - description: The ID of the customer gateway. - schema: - type: string - - name: Type - in: query - required: true - description: The type of VPN connection (ipsec.1). - schema: - type: string - - name: VpnGatewayId - in: query - required: false - description: 'The ID of the virtual private gateway. If you specify a virtual private gateway, you cannot specify a transit gateway.' - schema: - type: string - - name: TransitGatewayId - in: query - required: false - description: 'The ID of the transit gateway. If you specify a transit gateway, you cannot specify a virtual private gateway.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Options - in: query - required: false - description: The options for the VPN connection. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Indicate whether to enable acceleration for the VPN connection.

Default: false

' - staticRoutesOnly: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The IPv6 CIDR on the Amazon Web Services side of the VPN connection.

Default: ::/0

' - description: Describes VPN connection options. - - name: TagSpecification - in: query - required: false - description: The tags to apply to the VPN connection. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateVpnConnection - operationId: POST_CreateVpnConnection - description: '

Creates a VPN connection between an existing virtual private gateway or transit gateway and a customer gateway. The supported connection type is ipsec.1.

The response includes information that you need to give to your network administrator to configure your customer gateway.

We strongly recommend that you use HTTPS when calling this operation because the response contains sensitive cryptographic information for configuring your customer gateway device.

If you decide to shut down your VPN connection for any reason and later create a new VPN connection, you must reconfigure your customer gateway with the new information returned from this call.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn''t return an error.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpnConnectionResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpnConnectionRequest' - parameters: [] - /?Action=CreateVpnConnectionRoute&Version=2016-11-15: - get: - x-aws-operation-name: CreateVpnConnectionRoute - operationId: GET_CreateVpnConnectionRoute - description: '

Creates a static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' - responses: - '200': - description: Success - parameters: - - name: DestinationCidrBlock - in: query - required: true - description: The CIDR block associated with the local subnet of the customer network. - schema: - type: string - - name: VpnConnectionId - in: query - required: true - description: The ID of the VPN connection. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateVpnConnectionRoute - operationId: POST_CreateVpnConnectionRoute - description: '

Creates a static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpnConnectionRouteRequest' - parameters: [] - /?Action=CreateVpnGateway&Version=2016-11-15: - get: - x-aws-operation-name: CreateVpnGateway - operationId: GET_CreateVpnGateway - description: '

Creates a virtual private gateway. A virtual private gateway is the endpoint on the VPC side of your VPN connection. You can create a virtual private gateway before creating the VPC itself.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpnGatewayResult' - parameters: - - name: AvailabilityZone - in: query - required: false - description: The Availability Zone for the virtual private gateway. - schema: - type: string - - name: Type - in: query - required: true - description: The type of VPN connection this virtual private gateway supports. - schema: - type: string - enum: - - ipsec.1 - - name: TagSpecification - in: query - required: false - description: The tags to apply to the virtual private gateway. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: AmazonSideAsn - in: query - required: false - description: '

A private Autonomous System Number (ASN) for the Amazon side of a BGP session. If you''re using a 16-bit ASN, it must be in the 64512 to 65534 range. If you''re using a 32-bit ASN, it must be in the 4200000000 to 4294967294 range.

Default: 64512

' - schema: - type: integer - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: CreateVpnGateway - operationId: POST_CreateVpnGateway - description: '

Creates a virtual private gateway. A virtual private gateway is the endpoint on the VPC side of your VPN connection. You can create a virtual private gateway before creating the VPC itself.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpnGatewayResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVpnGatewayRequest' - parameters: [] - /?Action=DeleteCarrierGateway&Version=2016-11-15: - get: - x-aws-operation-name: DeleteCarrierGateway - operationId: GET_DeleteCarrierGateway - description: '

Deletes a carrier gateway.

If you do not delete the route that contains the carrier gateway as the Target, the route is a blackhole route. For information about how to delete a route, see DeleteRoute.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteCarrierGatewayResult' - parameters: - - name: CarrierGatewayId - in: query - required: true - description: The ID of the carrier gateway. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteCarrierGateway - operationId: POST_DeleteCarrierGateway - description: '

Deletes a carrier gateway.

If you do not delete the route that contains the carrier gateway as the Target, the route is a blackhole route. For information about how to delete a route, see DeleteRoute.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteCarrierGatewayResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteCarrierGatewayRequest' - parameters: [] - /?Action=DeleteClientVpnEndpoint&Version=2016-11-15: - get: - x-aws-operation-name: DeleteClientVpnEndpoint - operationId: GET_DeleteClientVpnEndpoint - description: Deletes the specified Client VPN endpoint. You must disassociate all target networks before you can delete a Client VPN endpoint. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteClientVpnEndpointResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN to be deleted. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteClientVpnEndpoint - operationId: POST_DeleteClientVpnEndpoint - description: Deletes the specified Client VPN endpoint. You must disassociate all target networks before you can delete a Client VPN endpoint. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteClientVpnEndpointResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteClientVpnEndpointRequest' - parameters: [] - /?Action=DeleteClientVpnRoute&Version=2016-11-15: - get: - x-aws-operation-name: DeleteClientVpnRoute - operationId: GET_DeleteClientVpnRoute - description: 'Deletes a route from a Client VPN endpoint. You can only delete routes that you manually added using the CreateClientVpnRoute action. You cannot delete routes that were automatically added when associating a subnet. To remove routes that have been automatically added, disassociate the target subnet from the Client VPN endpoint.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteClientVpnRouteResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint from which the route is to be deleted. - schema: - type: string - - name: TargetVpcSubnetId - in: query - required: false - description: The ID of the target subnet used by the route. - schema: - type: string - - name: DestinationCidrBlock - in: query - required: true - description: 'The IPv4 address range, in CIDR notation, of the route to be deleted.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteClientVpnRoute - operationId: POST_DeleteClientVpnRoute - description: 'Deletes a route from a Client VPN endpoint. You can only delete routes that you manually added using the CreateClientVpnRoute action. You cannot delete routes that were automatically added when associating a subnet. To remove routes that have been automatically added, disassociate the target subnet from the Client VPN endpoint.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteClientVpnRouteResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteClientVpnRouteRequest' - parameters: [] - /?Action=DeleteCustomerGateway&Version=2016-11-15: - get: - x-aws-operation-name: DeleteCustomerGateway - operationId: GET_DeleteCustomerGateway - description: Deletes the specified customer gateway. You must delete the VPN connection before you can delete the customer gateway. - responses: - '200': - description: Success - parameters: - - name: CustomerGatewayId - in: query - required: true - description: The ID of the customer gateway. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteCustomerGateway - operationId: POST_DeleteCustomerGateway - description: Deletes the specified customer gateway. You must delete the VPN connection before you can delete the customer gateway. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteCustomerGatewayRequest' - parameters: [] - /?Action=DeleteDhcpOptions&Version=2016-11-15: - get: - x-aws-operation-name: DeleteDhcpOptions - operationId: GET_DeleteDhcpOptions - description: Deletes the specified set of DHCP options. You must disassociate the set of DHCP options before you can delete it. You can disassociate the set of DHCP options by associating either a new set of options or the default set of options with the VPC. - responses: - '200': - description: Success - parameters: - - name: DhcpOptionsId - in: query - required: true - description: The ID of the DHCP options set. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteDhcpOptions - operationId: POST_DeleteDhcpOptions - description: Deletes the specified set of DHCP options. You must disassociate the set of DHCP options before you can delete it. You can disassociate the set of DHCP options by associating either a new set of options or the default set of options with the VPC. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteDhcpOptionsRequest' - parameters: [] - /?Action=DeleteEgressOnlyInternetGateway&Version=2016-11-15: - get: - x-aws-operation-name: DeleteEgressOnlyInternetGateway - operationId: GET_DeleteEgressOnlyInternetGateway - description: Deletes an egress-only internet gateway. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteEgressOnlyInternetGatewayResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: EgressOnlyInternetGatewayId - in: query - required: true - description: The ID of the egress-only internet gateway. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteEgressOnlyInternetGateway - operationId: POST_DeleteEgressOnlyInternetGateway - description: Deletes an egress-only internet gateway. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteEgressOnlyInternetGatewayResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteEgressOnlyInternetGatewayRequest' - parameters: [] - /?Action=DeleteFleets&Version=2016-11-15: - get: - x-aws-operation-name: DeleteFleets - operationId: GET_DeleteFleets - description: '

Deletes the specified EC2 Fleet.

After you delete an EC2 Fleet, it launches no new instances.

You must specify whether a deleted EC2 Fleet should also terminate its instances. If you choose to terminate the instances, the EC2 Fleet enters the deleted_terminating state. Otherwise, the EC2 Fleet enters the deleted_running state, and the instances continue to run until they are interrupted or you terminate them manually.

For instant fleets, EC2 Fleet must terminate the instances when the fleet is deleted. A deleted instant fleet with running instances is not supported.

Restrictions

For more information, see Delete an EC2 Fleet in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteFleetsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: FleetId - in: query - required: true - description: The IDs of the EC2 Fleets. - schema: - type: array - items: - $ref: '#/components/schemas/FleetId' - - name: TerminateInstances - in: query - required: true - description: '

Indicates whether to terminate the instances when the EC2 Fleet is deleted. The default is to terminate the instances.

To let the instances continue to run after the EC2 Fleet is deleted, specify NoTerminateInstances. Supported only for fleets of type maintain and request.

For instant fleets, you cannot specify NoTerminateInstances. A deleted instant fleet with running instances is not supported.

' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteFleets - operationId: POST_DeleteFleets - description: '

Deletes the specified EC2 Fleet.

After you delete an EC2 Fleet, it launches no new instances.

You must specify whether a deleted EC2 Fleet should also terminate its instances. If you choose to terminate the instances, the EC2 Fleet enters the deleted_terminating state. Otherwise, the EC2 Fleet enters the deleted_running state, and the instances continue to run until they are interrupted or you terminate them manually.

For instant fleets, EC2 Fleet must terminate the instances when the fleet is deleted. A deleted instant fleet with running instances is not supported.

Restrictions

For more information, see Delete an EC2 Fleet in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteFleetsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteFleetsRequest' - parameters: [] - /?Action=DeleteFlowLogs&Version=2016-11-15: - get: - x-aws-operation-name: DeleteFlowLogs - operationId: GET_DeleteFlowLogs - description: Deletes one or more flow logs. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteFlowLogsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: FlowLogId - in: query - required: true - description: '

One or more flow log IDs.

Constraint: Maximum of 1000 flow log IDs.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcFlowLogId' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteFlowLogs - operationId: POST_DeleteFlowLogs - description: Deletes one or more flow logs. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteFlowLogsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteFlowLogsRequest' - parameters: [] - /?Action=DeleteFpgaImage&Version=2016-11-15: - get: - x-aws-operation-name: DeleteFpgaImage - operationId: GET_DeleteFpgaImage - description: Deletes the specified Amazon FPGA Image (AFI). - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteFpgaImageResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: FpgaImageId - in: query - required: true - description: The ID of the AFI. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteFpgaImage - operationId: POST_DeleteFpgaImage - description: Deletes the specified Amazon FPGA Image (AFI). - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteFpgaImageResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteFpgaImageRequest' - parameters: [] - /?Action=DeleteInstanceEventWindow&Version=2016-11-15: - get: - x-aws-operation-name: DeleteInstanceEventWindow - operationId: GET_DeleteInstanceEventWindow - description: '

Deletes the specified event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteInstanceEventWindowResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ForceDelete - in: query - required: false - description: Specify true to force delete the event window. Use the force delete parameter if the event window is currently associated with targets. - schema: - type: boolean - - name: InstanceEventWindowId - in: query - required: true - description: The ID of the event window. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteInstanceEventWindow - operationId: POST_DeleteInstanceEventWindow - description: '

Deletes the specified event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteInstanceEventWindowResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteInstanceEventWindowRequest' - parameters: [] - /?Action=DeleteInternetGateway&Version=2016-11-15: - get: - x-aws-operation-name: DeleteInternetGateway - operationId: GET_DeleteInternetGateway - description: Deletes the specified internet gateway. You must detach the internet gateway from the VPC before you can delete it. - responses: - '200': - description: Success - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InternetGatewayId - in: query - required: true - description: The ID of the internet gateway. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteInternetGateway - operationId: POST_DeleteInternetGateway - description: Deletes the specified internet gateway. You must detach the internet gateway from the VPC before you can delete it. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteInternetGatewayRequest' - parameters: [] - /?Action=DeleteIpam&Version=2016-11-15: - get: - x-aws-operation-name: DeleteIpam - operationId: GET_DeleteIpam - description: '

Delete an IPAM. Deleting an IPAM removes all monitored data associated with the IPAM including the historical data for CIDRs.

For more information, see Delete an IPAM in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteIpamResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IpamId - in: query - required: true - description: The ID of the IPAM to delete. - schema: - type: string - - name: Cascade - in: query - required: false - description: '

Enables you to quickly delete an IPAM, private scopes, pools in private scopes, and any allocations in the pools in private scopes. You cannot delete the IPAM with this option if there is a pool in your public scope. If you use this option, IPAM does the following:

' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteIpam - operationId: POST_DeleteIpam - description: '

Delete an IPAM. Deleting an IPAM removes all monitored data associated with the IPAM including the historical data for CIDRs.

For more information, see Delete an IPAM in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteIpamResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteIpamRequest' - parameters: [] - /?Action=DeleteIpamPool&Version=2016-11-15: - get: - x-aws-operation-name: DeleteIpamPool - operationId: GET_DeleteIpamPool - description: '

Delete an IPAM pool.

You cannot delete an IPAM pool if there are allocations in it or CIDRs provisioned to it. To release allocations, see ReleaseIpamPoolAllocation. To deprovision pool CIDRs, see DeprovisionIpamPoolCidr.

For more information, see Delete a pool in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteIpamPoolResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IpamPoolId - in: query - required: true - description: The ID of the pool to delete. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteIpamPool - operationId: POST_DeleteIpamPool - description: '

Delete an IPAM pool.

You cannot delete an IPAM pool if there are allocations in it or CIDRs provisioned to it. To release allocations, see ReleaseIpamPoolAllocation. To deprovision pool CIDRs, see DeprovisionIpamPoolCidr.

For more information, see Delete a pool in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteIpamPoolResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteIpamPoolRequest' - parameters: [] - /?Action=DeleteIpamScope&Version=2016-11-15: - get: - x-aws-operation-name: DeleteIpamScope - operationId: GET_DeleteIpamScope - description: '

Delete the scope for an IPAM. You cannot delete the default scopes.

For more information, see Delete a scope in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteIpamScopeResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IpamScopeId - in: query - required: true - description: The ID of the scope to delete. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteIpamScope - operationId: POST_DeleteIpamScope - description: '

Delete the scope for an IPAM. You cannot delete the default scopes.

For more information, see Delete a scope in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteIpamScopeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteIpamScopeRequest' - parameters: [] - /?Action=DeleteKeyPair&Version=2016-11-15: - get: - x-aws-operation-name: DeleteKeyPair - operationId: GET_DeleteKeyPair - description: 'Deletes the specified key pair, by removing the public key from Amazon EC2.' - responses: - '200': - description: Success - parameters: - - name: KeyName - in: query - required: false - description: The name of the key pair. - schema: - type: string - - name: KeyPairId - in: query - required: false - description: The ID of the key pair. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteKeyPair - operationId: POST_DeleteKeyPair - description: 'Deletes the specified key pair, by removing the public key from Amazon EC2.' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteKeyPairRequest' - parameters: [] - /?Action=DeleteLaunchTemplate&Version=2016-11-15: - get: - x-aws-operation-name: DeleteLaunchTemplate - operationId: GET_DeleteLaunchTemplate - description: Deletes a launch template. Deleting a launch template deletes all of its versions. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteLaunchTemplateResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: LaunchTemplateId - in: query - required: false - description: The ID of the launch template. You must specify either the launch template ID or launch template name in the request. - schema: - type: string - - name: LaunchTemplateName - in: query - required: false - description: The name of the launch template. You must specify either the launch template ID or launch template name in the request. - schema: - type: string - pattern: '[a-zA-Z0-9\(\)\.\-/_]+' - minLength: 3 - maxLength: 128 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteLaunchTemplate - operationId: POST_DeleteLaunchTemplate - description: Deletes a launch template. Deleting a launch template deletes all of its versions. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteLaunchTemplateResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteLaunchTemplateRequest' - parameters: [] - /?Action=DeleteLaunchTemplateVersions&Version=2016-11-15: - get: - x-aws-operation-name: DeleteLaunchTemplateVersions - operationId: GET_DeleteLaunchTemplateVersions - description: 'Deletes one or more versions of a launch template. You cannot delete the default version of a launch template; you must first assign a different version as the default. If the default version is the only version for the launch template, you must delete the entire launch template using DeleteLaunchTemplate.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteLaunchTemplateVersionsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: LaunchTemplateId - in: query - required: false - description: The ID of the launch template. You must specify either the launch template ID or launch template name in the request. - schema: - type: string - - name: LaunchTemplateName - in: query - required: false - description: The name of the launch template. You must specify either the launch template ID or launch template name in the request. - schema: - type: string - pattern: '[a-zA-Z0-9\(\)\.\-/_]+' - minLength: 3 - maxLength: 128 - - name: LaunchTemplateVersion - in: query - required: true - description: The version numbers of one or more launch template versions to delete. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteLaunchTemplateVersions - operationId: POST_DeleteLaunchTemplateVersions - description: 'Deletes one or more versions of a launch template. You cannot delete the default version of a launch template; you must first assign a different version as the default. If the default version is the only version for the launch template, you must delete the entire launch template using DeleteLaunchTemplate.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteLaunchTemplateVersionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteLaunchTemplateVersionsRequest' - parameters: [] - /?Action=DeleteLocalGatewayRoute&Version=2016-11-15: - get: - x-aws-operation-name: DeleteLocalGatewayRoute - operationId: GET_DeleteLocalGatewayRoute - description: Deletes the specified route from the specified local gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteLocalGatewayRouteResult' - parameters: - - name: DestinationCidrBlock - in: query - required: true - description: The CIDR range for the route. This must match the CIDR for the route exactly. - schema: - type: string - - name: LocalGatewayRouteTableId - in: query - required: true - description: The ID of the local gateway route table. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteLocalGatewayRoute - operationId: POST_DeleteLocalGatewayRoute - description: Deletes the specified route from the specified local gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteLocalGatewayRouteResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteLocalGatewayRouteRequest' - parameters: [] - /?Action=DeleteLocalGatewayRouteTableVpcAssociation&Version=2016-11-15: - get: - x-aws-operation-name: DeleteLocalGatewayRouteTableVpcAssociation - operationId: GET_DeleteLocalGatewayRouteTableVpcAssociation - description: Deletes the specified association between a VPC and local gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteLocalGatewayRouteTableVpcAssociationResult' - parameters: - - name: LocalGatewayRouteTableVpcAssociationId - in: query - required: true - description: The ID of the association. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteLocalGatewayRouteTableVpcAssociation - operationId: POST_DeleteLocalGatewayRouteTableVpcAssociation - description: Deletes the specified association between a VPC and local gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteLocalGatewayRouteTableVpcAssociationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteLocalGatewayRouteTableVpcAssociationRequest' - parameters: [] - /?Action=DeleteManagedPrefixList&Version=2016-11-15: - get: - x-aws-operation-name: DeleteManagedPrefixList - operationId: GET_DeleteManagedPrefixList - description: Deletes the specified managed prefix list. You must first remove all references to the prefix list in your resources. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteManagedPrefixListResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: PrefixListId - in: query - required: true - description: The ID of the prefix list. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteManagedPrefixList - operationId: POST_DeleteManagedPrefixList - description: Deletes the specified managed prefix list. You must first remove all references to the prefix list in your resources. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteManagedPrefixListResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteManagedPrefixListRequest' - parameters: [] - /?Action=DeleteNatGateway&Version=2016-11-15: - get: - x-aws-operation-name: DeleteNatGateway - operationId: GET_DeleteNatGateway - description: 'Deletes the specified NAT gateway. Deleting a public NAT gateway disassociates its Elastic IP address, but does not release the address from your account. Deleting a NAT gateway does not delete any NAT gateway routes in your route tables.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNatGatewayResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NatGatewayId - in: query - required: true - description: The ID of the NAT gateway. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteNatGateway - operationId: POST_DeleteNatGateway - description: 'Deletes the specified NAT gateway. Deleting a public NAT gateway disassociates its Elastic IP address, but does not release the address from your account. Deleting a NAT gateway does not delete any NAT gateway routes in your route tables.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNatGatewayResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNatGatewayRequest' - parameters: [] - /?Action=DeleteNetworkAcl&Version=2016-11-15: - get: - x-aws-operation-name: DeleteNetworkAcl - operationId: GET_DeleteNetworkAcl - description: Deletes the specified network ACL. You can't delete the ACL if it's associated with any subnets. You can't delete the default network ACL. - responses: - '200': - description: Success - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NetworkAclId - in: query - required: true - description: The ID of the network ACL. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteNetworkAcl - operationId: POST_DeleteNetworkAcl - description: Deletes the specified network ACL. You can't delete the ACL if it's associated with any subnets. You can't delete the default network ACL. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkAclRequest' - parameters: [] - /?Action=DeleteNetworkAclEntry&Version=2016-11-15: - get: - x-aws-operation-name: DeleteNetworkAclEntry - operationId: GET_DeleteNetworkAclEntry - description: Deletes the specified ingress or egress entry (rule) from the specified network ACL. - responses: - '200': - description: Success - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Egress - in: query - required: true - description: Indicates whether the rule is an egress rule. - schema: - type: boolean - - name: NetworkAclId - in: query - required: true - description: The ID of the network ACL. - schema: - type: string - - name: RuleNumber - in: query - required: true - description: The rule number of the entry to delete. - schema: - type: integer - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteNetworkAclEntry - operationId: POST_DeleteNetworkAclEntry - description: Deletes the specified ingress or egress entry (rule) from the specified network ACL. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkAclEntryRequest' - parameters: [] - /?Action=DeleteNetworkInsightsAccessScope&Version=2016-11-15: - get: - x-aws-operation-name: DeleteNetworkInsightsAccessScope - operationId: GET_DeleteNetworkInsightsAccessScope - description: Deletes the specified Network Access Scope. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInsightsAccessScopeResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NetworkInsightsAccessScopeId - in: query - required: true - description: The ID of the Network Access Scope. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteNetworkInsightsAccessScope - operationId: POST_DeleteNetworkInsightsAccessScope - description: Deletes the specified Network Access Scope. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInsightsAccessScopeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInsightsAccessScopeRequest' - parameters: [] - /?Action=DeleteNetworkInsightsAccessScopeAnalysis&Version=2016-11-15: - get: - x-aws-operation-name: DeleteNetworkInsightsAccessScopeAnalysis - operationId: GET_DeleteNetworkInsightsAccessScopeAnalysis - description: Deletes the specified Network Access Scope analysis. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInsightsAccessScopeAnalysisResult' - parameters: - - name: NetworkInsightsAccessScopeAnalysisId - in: query - required: true - description: The ID of the Network Access Scope analysis. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteNetworkInsightsAccessScopeAnalysis - operationId: POST_DeleteNetworkInsightsAccessScopeAnalysis - description: Deletes the specified Network Access Scope analysis. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInsightsAccessScopeAnalysisResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInsightsAccessScopeAnalysisRequest' - parameters: [] - /?Action=DeleteNetworkInsightsAnalysis&Version=2016-11-15: - get: - x-aws-operation-name: DeleteNetworkInsightsAnalysis - operationId: GET_DeleteNetworkInsightsAnalysis - description: Deletes the specified network insights analysis. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInsightsAnalysisResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NetworkInsightsAnalysisId - in: query - required: true - description: The ID of the network insights analysis. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteNetworkInsightsAnalysis - operationId: POST_DeleteNetworkInsightsAnalysis - description: Deletes the specified network insights analysis. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInsightsAnalysisResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInsightsAnalysisRequest' - parameters: [] - /?Action=DeleteNetworkInsightsPath&Version=2016-11-15: - get: - x-aws-operation-name: DeleteNetworkInsightsPath - operationId: GET_DeleteNetworkInsightsPath - description: Deletes the specified path. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInsightsPathResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NetworkInsightsPathId - in: query - required: true - description: The ID of the path. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteNetworkInsightsPath - operationId: POST_DeleteNetworkInsightsPath - description: Deletes the specified path. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInsightsPathResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInsightsPathRequest' - parameters: [] - /?Action=DeleteNetworkInterface&Version=2016-11-15: - get: - x-aws-operation-name: DeleteNetworkInterface - operationId: GET_DeleteNetworkInterface - description: Deletes the specified network interface. You must detach the network interface before you can delete it. - responses: - '200': - description: Success - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NetworkInterfaceId - in: query - required: true - description: The ID of the network interface. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteNetworkInterface - operationId: POST_DeleteNetworkInterface - description: Deletes the specified network interface. You must detach the network interface before you can delete it. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInterfaceRequest' - parameters: [] - /?Action=DeleteNetworkInterfacePermission&Version=2016-11-15: - get: - x-aws-operation-name: DeleteNetworkInterfacePermission - operationId: GET_DeleteNetworkInterfacePermission - description: 'Deletes a permission for a network interface. By default, you cannot delete the permission if the account for which you''re removing the permission has attached the network interface to an instance. However, you can force delete the permission, regardless of any attachment.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInterfacePermissionResult' - parameters: - - name: NetworkInterfacePermissionId - in: query - required: true - description: The ID of the network interface permission. - schema: - type: string - - name: Force - in: query - required: false - description: Specify true to remove the permission even if the network interface is attached to an instance. - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteNetworkInterfacePermission - operationId: POST_DeleteNetworkInterfacePermission - description: 'Deletes a permission for a network interface. By default, you cannot delete the permission if the account for which you''re removing the permission has attached the network interface to an instance. However, you can force delete the permission, regardless of any attachment.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInterfacePermissionResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteNetworkInterfacePermissionRequest' - parameters: [] - /?Action=DeletePlacementGroup&Version=2016-11-15: - get: - x-aws-operation-name: DeletePlacementGroup - operationId: GET_DeletePlacementGroup - description: 'Deletes the specified placement group. You must terminate all instances in the placement group before you can delete the placement group. For more information, see Placement groups in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: GroupName - in: query - required: true - description: The name of the placement group. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeletePlacementGroup - operationId: POST_DeletePlacementGroup - description: 'Deletes the specified placement group. You must terminate all instances in the placement group before you can delete the placement group. For more information, see Placement groups in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeletePlacementGroupRequest' - parameters: [] - /?Action=DeletePublicIpv4Pool&Version=2016-11-15: - get: - x-aws-operation-name: DeletePublicIpv4Pool - operationId: GET_DeletePublicIpv4Pool - description: 'Delete a public IPv4 pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeletePublicIpv4PoolResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: PoolId - in: query - required: true - description: The ID of the public IPv4 pool you want to delete. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeletePublicIpv4Pool - operationId: POST_DeletePublicIpv4Pool - description: 'Delete a public IPv4 pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeletePublicIpv4PoolResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeletePublicIpv4PoolRequest' - parameters: [] - /?Action=DeleteQueuedReservedInstances&Version=2016-11-15: - get: - x-aws-operation-name: DeleteQueuedReservedInstances - operationId: GET_DeleteQueuedReservedInstances - description: Deletes the queued purchases for the specified Reserved Instances. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteQueuedReservedInstancesResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ReservedInstancesId - in: query - required: true - description: The IDs of the Reserved Instances. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservationId' - - xml: - name: item - minItems: 1 - maxItems: 100 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteQueuedReservedInstances - operationId: POST_DeleteQueuedReservedInstances - description: Deletes the queued purchases for the specified Reserved Instances. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteQueuedReservedInstancesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteQueuedReservedInstancesRequest' - parameters: [] - /?Action=DeleteRoute&Version=2016-11-15: - get: - x-aws-operation-name: DeleteRoute - operationId: GET_DeleteRoute - description: Deletes the specified route from the specified route table. - responses: - '200': - description: Success - parameters: - - name: DestinationCidrBlock - in: query - required: false - description: The IPv4 CIDR range for the route. The value you specify must match the CIDR for the route exactly. - schema: - type: string - - name: DestinationIpv6CidrBlock - in: query - required: false - description: The IPv6 CIDR range for the route. The value you specify must match the CIDR for the route exactly. - schema: - type: string - - name: DestinationPrefixListId - in: query - required: false - description: The ID of the prefix list for the route. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: RouteTableId - in: query - required: true - description: The ID of the route table. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteRoute - operationId: POST_DeleteRoute - description: Deletes the specified route from the specified route table. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteRouteRequest' - parameters: [] - /?Action=DeleteRouteTable&Version=2016-11-15: - get: - x-aws-operation-name: DeleteRouteTable - operationId: GET_DeleteRouteTable - description: Deletes the specified route table. You must disassociate the route table from any subnets before you can delete it. You can't delete the main route table. - responses: - '200': - description: Success - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: RouteTableId - in: query - required: true - description: The ID of the route table. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteRouteTable - operationId: POST_DeleteRouteTable - description: Deletes the specified route table. You must disassociate the route table from any subnets before you can delete it. You can't delete the main route table. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteRouteTableRequest' - parameters: [] - /?Action=DeleteSecurityGroup&Version=2016-11-15: - get: - x-aws-operation-name: DeleteSecurityGroup - operationId: GET_DeleteSecurityGroup - description: '

Deletes a security group.

If you attempt to delete a security group that is associated with an instance, or is referenced by another security group, the operation fails with InvalidGroup.InUse in EC2-Classic or DependencyViolation in EC2-VPC.

' - responses: - '200': - description: Success - parameters: - - name: GroupId - in: query - required: false - description: The ID of the security group. Required for a nondefault VPC. - schema: - type: string - - name: GroupName - in: query - required: false - description: '[EC2-Classic, default VPC] The name of the security group. You can specify either the security group name or the security group ID.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteSecurityGroup - operationId: POST_DeleteSecurityGroup - description: '

Deletes a security group.

If you attempt to delete a security group that is associated with an instance, or is referenced by another security group, the operation fails with InvalidGroup.InUse in EC2-Classic or DependencyViolation in EC2-VPC.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteSecurityGroupRequest' - parameters: [] - /?Action=DeleteSnapshot&Version=2016-11-15: - get: - x-aws-operation-name: DeleteSnapshot - operationId: GET_DeleteSnapshot - description: '

Deletes the specified snapshot.

When you make periodic snapshots of a volume, the snapshots are incremental, and only the blocks on the device that have changed since your last snapshot are saved in the new snapshot. When you delete a snapshot, only the data not needed for any other snapshot is removed. So regardless of which prior snapshots have been deleted, all active snapshots will have access to all the information needed to restore the volume.

You cannot delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first de-register the AMI before you can delete the snapshot.

For more information, see Delete an Amazon EBS snapshot in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - parameters: - - name: SnapshotId - in: query - required: true - description: The ID of the EBS snapshot. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteSnapshot - operationId: POST_DeleteSnapshot - description: '

Deletes the specified snapshot.

When you make periodic snapshots of a volume, the snapshots are incremental, and only the blocks on the device that have changed since your last snapshot are saved in the new snapshot. When you delete a snapshot, only the data not needed for any other snapshot is removed. So regardless of which prior snapshots have been deleted, all active snapshots will have access to all the information needed to restore the volume.

You cannot delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first de-register the AMI before you can delete the snapshot.

For more information, see Delete an Amazon EBS snapshot in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteSnapshotRequest' - parameters: [] - /?Action=DeleteSpotDatafeedSubscription&Version=2016-11-15: - get: - x-aws-operation-name: DeleteSpotDatafeedSubscription - operationId: GET_DeleteSpotDatafeedSubscription - description: Deletes the data feed for Spot Instances. - responses: - '200': - description: Success - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteSpotDatafeedSubscription - operationId: POST_DeleteSpotDatafeedSubscription - description: Deletes the data feed for Spot Instances. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteSpotDatafeedSubscriptionRequest' - parameters: [] - /?Action=DeleteSubnet&Version=2016-11-15: - get: - x-aws-operation-name: DeleteSubnet - operationId: GET_DeleteSubnet - description: Deletes the specified subnet. You must terminate all running instances in the subnet before you can delete the subnet. - responses: - '200': - description: Success - parameters: - - name: SubnetId - in: query - required: true - description: The ID of the subnet. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteSubnet - operationId: POST_DeleteSubnet - description: Deletes the specified subnet. You must terminate all running instances in the subnet before you can delete the subnet. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteSubnetRequest' - parameters: [] - /?Action=DeleteSubnetCidrReservation&Version=2016-11-15: - get: - x-aws-operation-name: DeleteSubnetCidrReservation - operationId: GET_DeleteSubnetCidrReservation - description: Deletes a subnet CIDR reservation. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteSubnetCidrReservationResult' - parameters: - - name: SubnetCidrReservationId - in: query - required: true - description: The ID of the subnet CIDR reservation. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteSubnetCidrReservation - operationId: POST_DeleteSubnetCidrReservation - description: Deletes a subnet CIDR reservation. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteSubnetCidrReservationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteSubnetCidrReservationRequest' - parameters: [] - /?Action=DeleteTags&Version=2016-11-15: - get: - x-aws-operation-name: DeleteTags - operationId: GET_DeleteTags - description: '

Deletes the specified set of tags from the specified set of resources.

To list the current tags, use DescribeTags. For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ResourceId - in: query - required: true - description: '

The IDs of the resources, separated by spaces.

Constraints: Up to 1000 resource IDs. We recommend breaking up this request into smaller batches.

' - schema: - type: array - items: - $ref: '#/components/schemas/TaggableResourceId' - - name: Tag - in: query - required: false - description: '

The tags to delete. Specify a tag key and an optional tag value to delete specific tags. If you specify a tag key without a tag value, we delete any tag with this key regardless of its value. If you specify a tag key with an empty string as the tag value, we delete the tag only if its value is an empty string.

If you omit this parameter, we delete all user-defined tags for the specified resources. We do not delete Amazon Web Services-generated tags (tags that have the aws: prefix).

Constraints: Up to 1000 tags.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteTags - operationId: POST_DeleteTags - description: '

Deletes the specified set of tags from the specified set of resources.

To list the current tags, use DescribeTags. For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTagsRequest' - parameters: [] - /?Action=DeleteTrafficMirrorFilter&Version=2016-11-15: - get: - x-aws-operation-name: DeleteTrafficMirrorFilter - operationId: GET_DeleteTrafficMirrorFilter - description:

Deletes the specified Traffic Mirror filter.

You cannot delete a Traffic Mirror filter that is in use by a Traffic Mirror session.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTrafficMirrorFilterResult' - parameters: - - name: TrafficMirrorFilterId - in: query - required: true - description: The ID of the Traffic Mirror filter. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteTrafficMirrorFilter - operationId: POST_DeleteTrafficMirrorFilter - description:

Deletes the specified Traffic Mirror filter.

You cannot delete a Traffic Mirror filter that is in use by a Traffic Mirror session.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTrafficMirrorFilterResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTrafficMirrorFilterRequest' - parameters: [] - /?Action=DeleteTrafficMirrorFilterRule&Version=2016-11-15: - get: - x-aws-operation-name: DeleteTrafficMirrorFilterRule - operationId: GET_DeleteTrafficMirrorFilterRule - description: Deletes the specified Traffic Mirror rule. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTrafficMirrorFilterRuleResult' - parameters: - - name: TrafficMirrorFilterRuleId - in: query - required: true - description: The ID of the Traffic Mirror rule. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteTrafficMirrorFilterRule - operationId: POST_DeleteTrafficMirrorFilterRule - description: Deletes the specified Traffic Mirror rule. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTrafficMirrorFilterRuleResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTrafficMirrorFilterRuleRequest' - parameters: [] - /?Action=DeleteTrafficMirrorSession&Version=2016-11-15: - get: - x-aws-operation-name: DeleteTrafficMirrorSession - operationId: GET_DeleteTrafficMirrorSession - description: Deletes the specified Traffic Mirror session. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTrafficMirrorSessionResult' - parameters: - - name: TrafficMirrorSessionId - in: query - required: true - description: The ID of the Traffic Mirror session. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteTrafficMirrorSession - operationId: POST_DeleteTrafficMirrorSession - description: Deletes the specified Traffic Mirror session. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTrafficMirrorSessionResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTrafficMirrorSessionRequest' - parameters: [] - /?Action=DeleteTrafficMirrorTarget&Version=2016-11-15: - get: - x-aws-operation-name: DeleteTrafficMirrorTarget - operationId: GET_DeleteTrafficMirrorTarget - description:

Deletes the specified Traffic Mirror target.

You cannot delete a Traffic Mirror target that is in use by a Traffic Mirror session.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTrafficMirrorTargetResult' - parameters: - - name: TrafficMirrorTargetId - in: query - required: true - description: The ID of the Traffic Mirror target. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteTrafficMirrorTarget - operationId: POST_DeleteTrafficMirrorTarget - description:

Deletes the specified Traffic Mirror target.

You cannot delete a Traffic Mirror target that is in use by a Traffic Mirror session.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTrafficMirrorTargetResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTrafficMirrorTargetRequest' - parameters: [] - /?Action=DeleteTransitGateway&Version=2016-11-15: - get: - x-aws-operation-name: DeleteTransitGateway - operationId: GET_DeleteTransitGateway - description: Deletes the specified transit gateway. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayResult' - parameters: - - name: TransitGatewayId - in: query - required: true - description: The ID of the transit gateway. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteTransitGateway - operationId: POST_DeleteTransitGateway - description: Deletes the specified transit gateway. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayRequest' - parameters: [] - /?Action=DeleteTransitGatewayConnect&Version=2016-11-15: - get: - x-aws-operation-name: DeleteTransitGatewayConnect - operationId: GET_DeleteTransitGatewayConnect - description: Deletes the specified Connect attachment. You must first delete any Connect peers for the attachment. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayConnectResult' - parameters: - - name: TransitGatewayAttachmentId - in: query - required: true - description: The ID of the Connect attachment. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteTransitGatewayConnect - operationId: POST_DeleteTransitGatewayConnect - description: Deletes the specified Connect attachment. You must first delete any Connect peers for the attachment. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayConnectResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayConnectRequest' - parameters: [] - /?Action=DeleteTransitGatewayConnectPeer&Version=2016-11-15: - get: - x-aws-operation-name: DeleteTransitGatewayConnectPeer - operationId: GET_DeleteTransitGatewayConnectPeer - description: Deletes the specified Connect peer. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayConnectPeerResult' - parameters: - - name: TransitGatewayConnectPeerId - in: query - required: true - description: The ID of the Connect peer. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteTransitGatewayConnectPeer - operationId: POST_DeleteTransitGatewayConnectPeer - description: Deletes the specified Connect peer. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayConnectPeerResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayConnectPeerRequest' - parameters: [] - /?Action=DeleteTransitGatewayMulticastDomain&Version=2016-11-15: - get: - x-aws-operation-name: DeleteTransitGatewayMulticastDomain - operationId: GET_DeleteTransitGatewayMulticastDomain - description: Deletes the specified transit gateway multicast domain. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayMulticastDomainResult' - parameters: - - name: TransitGatewayMulticastDomainId - in: query - required: true - description: The ID of the transit gateway multicast domain. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteTransitGatewayMulticastDomain - operationId: POST_DeleteTransitGatewayMulticastDomain - description: Deletes the specified transit gateway multicast domain. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayMulticastDomainResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayMulticastDomainRequest' - parameters: [] - /?Action=DeleteTransitGatewayPeeringAttachment&Version=2016-11-15: - get: - x-aws-operation-name: DeleteTransitGatewayPeeringAttachment - operationId: GET_DeleteTransitGatewayPeeringAttachment - description: Deletes a transit gateway peering attachment. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayPeeringAttachmentResult' - parameters: - - name: TransitGatewayAttachmentId - in: query - required: true - description: The ID of the transit gateway peering attachment. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteTransitGatewayPeeringAttachment - operationId: POST_DeleteTransitGatewayPeeringAttachment - description: Deletes a transit gateway peering attachment. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayPeeringAttachmentResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayPeeringAttachmentRequest' - parameters: [] - /?Action=DeleteTransitGatewayPrefixListReference&Version=2016-11-15: - get: - x-aws-operation-name: DeleteTransitGatewayPrefixListReference - operationId: GET_DeleteTransitGatewayPrefixListReference - description: Deletes a reference (route) to a prefix list in a specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayPrefixListReferenceResult' - parameters: - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the route table. - schema: - type: string - - name: PrefixListId - in: query - required: true - description: The ID of the prefix list. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteTransitGatewayPrefixListReference - operationId: POST_DeleteTransitGatewayPrefixListReference - description: Deletes a reference (route) to a prefix list in a specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayPrefixListReferenceResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayPrefixListReferenceRequest' - parameters: [] - /?Action=DeleteTransitGatewayRoute&Version=2016-11-15: - get: - x-aws-operation-name: DeleteTransitGatewayRoute - operationId: GET_DeleteTransitGatewayRoute - description: Deletes the specified route from the specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayRouteResult' - parameters: - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the transit gateway route table. - schema: - type: string - - name: DestinationCidrBlock - in: query - required: true - description: The CIDR range for the route. This must match the CIDR for the route exactly. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteTransitGatewayRoute - operationId: POST_DeleteTransitGatewayRoute - description: Deletes the specified route from the specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayRouteResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayRouteRequest' - parameters: [] - /?Action=DeleteTransitGatewayRouteTable&Version=2016-11-15: - get: - x-aws-operation-name: DeleteTransitGatewayRouteTable - operationId: GET_DeleteTransitGatewayRouteTable - description: Deletes the specified transit gateway route table. You must disassociate the route table from any transit gateway route tables before you can delete it. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayRouteTableResult' - parameters: - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the transit gateway route table. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteTransitGatewayRouteTable - operationId: POST_DeleteTransitGatewayRouteTable - description: Deletes the specified transit gateway route table. You must disassociate the route table from any transit gateway route tables before you can delete it. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayRouteTableResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayRouteTableRequest' - parameters: [] - /?Action=DeleteTransitGatewayVpcAttachment&Version=2016-11-15: - get: - x-aws-operation-name: DeleteTransitGatewayVpcAttachment - operationId: GET_DeleteTransitGatewayVpcAttachment - description: Deletes the specified VPC attachment. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayVpcAttachmentResult' - parameters: - - name: TransitGatewayAttachmentId - in: query - required: true - description: The ID of the attachment. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteTransitGatewayVpcAttachment - operationId: POST_DeleteTransitGatewayVpcAttachment - description: Deletes the specified VPC attachment. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayVpcAttachmentResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteTransitGatewayVpcAttachmentRequest' - parameters: [] - /?Action=DeleteVolume&Version=2016-11-15: - get: - x-aws-operation-name: DeleteVolume - operationId: GET_DeleteVolume - description: '

Deletes the specified EBS volume. The volume must be in the available state (not attached to an instance).

The volume can remain in the deleting state for several minutes.

For more information, see Delete an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - parameters: - - name: VolumeId - in: query - required: true - description: The ID of the volume. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteVolume - operationId: POST_DeleteVolume - description: '

Deletes the specified EBS volume. The volume must be in the available state (not attached to an instance).

The volume can remain in the deleting state for several minutes.

For more information, see Delete an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVolumeRequest' - parameters: [] - /?Action=DeleteVpc&Version=2016-11-15: - get: - x-aws-operation-name: DeleteVpc - operationId: GET_DeleteVpc - description: 'Deletes the specified VPC. You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. For example, you must terminate all instances running in the VPC, delete all security groups associated with the VPC (except the default one), delete all route tables associated with the VPC (except the default one), and so on.' - responses: - '200': - description: Success - parameters: - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteVpc - operationId: POST_DeleteVpc - description: 'Deletes the specified VPC. You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. For example, you must terminate all instances running in the VPC, delete all security groups associated with the VPC (except the default one), delete all route tables associated with the VPC (except the default one), and so on.' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpcRequest' - parameters: [] - /?Action=DeleteVpcEndpointConnectionNotifications&Version=2016-11-15: - get: - x-aws-operation-name: DeleteVpcEndpointConnectionNotifications - operationId: GET_DeleteVpcEndpointConnectionNotifications - description: Deletes one or more VPC endpoint connection notifications. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpcEndpointConnectionNotificationsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ConnectionNotificationId - in: query - required: true - description: One or more notification IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ConnectionNotificationId' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteVpcEndpointConnectionNotifications - operationId: POST_DeleteVpcEndpointConnectionNotifications - description: Deletes one or more VPC endpoint connection notifications. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpcEndpointConnectionNotificationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpcEndpointConnectionNotificationsRequest' - parameters: [] - /?Action=DeleteVpcEndpointServiceConfigurations&Version=2016-11-15: - get: - x-aws-operation-name: DeleteVpcEndpointServiceConfigurations - operationId: GET_DeleteVpcEndpointServiceConfigurations - description: 'Deletes one or more VPC endpoint service configurations in your account. Before you delete the endpoint service configuration, you must reject any Available or PendingAcceptance interface endpoint connections that are attached to the service.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpcEndpointServiceConfigurationsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ServiceId - in: query - required: true - description: The IDs of one or more services. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcEndpointServiceId' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteVpcEndpointServiceConfigurations - operationId: POST_DeleteVpcEndpointServiceConfigurations - description: 'Deletes one or more VPC endpoint service configurations in your account. Before you delete the endpoint service configuration, you must reject any Available or PendingAcceptance interface endpoint connections that are attached to the service.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpcEndpointServiceConfigurationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpcEndpointServiceConfigurationsRequest' - parameters: [] - /?Action=DeleteVpcEndpoints&Version=2016-11-15: - get: - x-aws-operation-name: DeleteVpcEndpoints - operationId: GET_DeleteVpcEndpoints - description: '

Deletes one or more specified VPC endpoints. You can delete any of the following types of VPC endpoints.

The following rules apply when you delete a VPC endpoint:

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpcEndpointsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcEndpointId - in: query - required: true - description: One or more VPC endpoint IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcEndpointId' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteVpcEndpoints - operationId: POST_DeleteVpcEndpoints - description: '

Deletes one or more specified VPC endpoints. You can delete any of the following types of VPC endpoints.

The following rules apply when you delete a VPC endpoint:

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpcEndpointsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpcEndpointsRequest' - parameters: [] - /?Action=DeleteVpcPeeringConnection&Version=2016-11-15: - get: - x-aws-operation-name: DeleteVpcPeeringConnection - operationId: GET_DeleteVpcPeeringConnection - description: Deletes a VPC peering connection. Either the owner of the requester VPC or the owner of the accepter VPC can delete the VPC peering connection if it's in the active state. The owner of the requester VPC can delete a VPC peering connection in the pending-acceptance state. You cannot delete a VPC peering connection that's in the failed state. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpcPeeringConnectionResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcPeeringConnectionId - in: query - required: true - description: The ID of the VPC peering connection. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteVpcPeeringConnection - operationId: POST_DeleteVpcPeeringConnection - description: Deletes a VPC peering connection. Either the owner of the requester VPC or the owner of the accepter VPC can delete the VPC peering connection if it's in the active state. The owner of the requester VPC can delete a VPC peering connection in the pending-acceptance state. You cannot delete a VPC peering connection that's in the failed state. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpcPeeringConnectionResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpcPeeringConnectionRequest' - parameters: [] - /?Action=DeleteVpnConnection&Version=2016-11-15: - get: - x-aws-operation-name: DeleteVpnConnection - operationId: GET_DeleteVpnConnection - description: '

Deletes the specified VPN connection.

If you''re deleting the VPC and its associated components, we recommend that you detach the virtual private gateway from the VPC and delete the VPC before deleting the VPN connection. If you believe that the tunnel credentials for your VPN connection have been compromised, you can delete the VPN connection and create a new one that has new keys, without needing to delete the VPC or virtual private gateway. If you create a new VPN connection, you must reconfigure the customer gateway device using the new configuration information returned with the new VPN connection ID.

For certificate-based authentication, delete all Certificate Manager (ACM) private certificates used for the Amazon Web Services-side tunnel endpoints for the VPN connection before deleting the VPN connection.

' - responses: - '200': - description: Success - parameters: - - name: VpnConnectionId - in: query - required: true - description: The ID of the VPN connection. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteVpnConnection - operationId: POST_DeleteVpnConnection - description: '

Deletes the specified VPN connection.

If you''re deleting the VPC and its associated components, we recommend that you detach the virtual private gateway from the VPC and delete the VPC before deleting the VPN connection. If you believe that the tunnel credentials for your VPN connection have been compromised, you can delete the VPN connection and create a new one that has new keys, without needing to delete the VPC or virtual private gateway. If you create a new VPN connection, you must reconfigure the customer gateway device using the new configuration information returned with the new VPN connection ID.

For certificate-based authentication, delete all Certificate Manager (ACM) private certificates used for the Amazon Web Services-side tunnel endpoints for the VPN connection before deleting the VPN connection.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpnConnectionRequest' - parameters: [] - /?Action=DeleteVpnConnectionRoute&Version=2016-11-15: - get: - x-aws-operation-name: DeleteVpnConnectionRoute - operationId: GET_DeleteVpnConnectionRoute - description: Deletes the specified static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway. - responses: - '200': - description: Success - parameters: - - name: DestinationCidrBlock - in: query - required: true - description: The CIDR block associated with the local subnet of the customer network. - schema: - type: string - - name: VpnConnectionId - in: query - required: true - description: The ID of the VPN connection. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteVpnConnectionRoute - operationId: POST_DeleteVpnConnectionRoute - description: Deletes the specified static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpnConnectionRouteRequest' - parameters: [] - /?Action=DeleteVpnGateway&Version=2016-11-15: - get: - x-aws-operation-name: DeleteVpnGateway - operationId: GET_DeleteVpnGateway - description: Deletes the specified virtual private gateway. You must first detach the virtual private gateway from the VPC. Note that you don't need to delete the virtual private gateway if you plan to delete and recreate the VPN connection between your VPC and your network. - responses: - '200': - description: Success - parameters: - - name: VpnGatewayId - in: query - required: true - description: The ID of the virtual private gateway. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeleteVpnGateway - operationId: POST_DeleteVpnGateway - description: Deletes the specified virtual private gateway. You must first detach the virtual private gateway from the VPC. Note that you don't need to delete the virtual private gateway if you plan to delete and recreate the VPN connection between your VPC and your network. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVpnGatewayRequest' - parameters: [] - /?Action=DeprovisionByoipCidr&Version=2016-11-15: - get: - x-aws-operation-name: DeprovisionByoipCidr - operationId: GET_DeprovisionByoipCidr - description: '

Releases the specified address range that you provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and deletes the corresponding address pool.

Before you can release an address range, you must stop advertising it using WithdrawByoipCidr and you must not have any IP addresses allocated from its address range.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeprovisionByoipCidrResult' - parameters: - - name: Cidr - in: query - required: true - description: 'The address range, in CIDR notation. The prefix must be the same prefix that you specified when you provisioned the address range.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeprovisionByoipCidr - operationId: POST_DeprovisionByoipCidr - description: '

Releases the specified address range that you provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and deletes the corresponding address pool.

Before you can release an address range, you must stop advertising it using WithdrawByoipCidr and you must not have any IP addresses allocated from its address range.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeprovisionByoipCidrResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeprovisionByoipCidrRequest' - parameters: [] - /?Action=DeprovisionIpamPoolCidr&Version=2016-11-15: - get: - x-aws-operation-name: DeprovisionIpamPoolCidr - operationId: GET_DeprovisionIpamPoolCidr - description: 'Deprovision a CIDR provisioned from an IPAM pool. If you deprovision a CIDR from a pool that has a source pool, the CIDR is recycled back into the source pool. For more information, see Deprovision pool CIDRs in the Amazon VPC IPAM User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeprovisionIpamPoolCidrResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IpamPoolId - in: query - required: true - description: The ID of the pool that has the CIDR you want to deprovision. - schema: - type: string - - name: Cidr - in: query - required: false - description: The CIDR which you want to deprovision from the pool. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeprovisionIpamPoolCidr - operationId: POST_DeprovisionIpamPoolCidr - description: 'Deprovision a CIDR provisioned from an IPAM pool. If you deprovision a CIDR from a pool that has a source pool, the CIDR is recycled back into the source pool. For more information, see Deprovision pool CIDRs in the Amazon VPC IPAM User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeprovisionIpamPoolCidrResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeprovisionIpamPoolCidrRequest' - parameters: [] - /?Action=DeprovisionPublicIpv4PoolCidr&Version=2016-11-15: - get: - x-aws-operation-name: DeprovisionPublicIpv4PoolCidr - operationId: GET_DeprovisionPublicIpv4PoolCidr - description: Deprovision a CIDR from a public IPv4 pool. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeprovisionPublicIpv4PoolCidrResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: PoolId - in: query - required: true - description: The ID of the pool that you want to deprovision the CIDR from. - schema: - type: string - - name: Cidr - in: query - required: true - description: The CIDR you want to deprovision from the pool. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeprovisionPublicIpv4PoolCidr - operationId: POST_DeprovisionPublicIpv4PoolCidr - description: Deprovision a CIDR from a public IPv4 pool. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeprovisionPublicIpv4PoolCidrResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeprovisionPublicIpv4PoolCidrRequest' - parameters: [] - /?Action=DeregisterImage&Version=2016-11-15: - get: - x-aws-operation-name: DeregisterImage - operationId: GET_DeregisterImage - description: '

Deregisters the specified AMI. After you deregister an AMI, it can''t be used to launch new instances.

If you deregister an AMI that matches a Recycle Bin retention rule, the AMI is retained in the Recycle Bin for the specified retention period. For more information, see Recycle Bin in the Amazon Elastic Compute Cloud User Guide.

When you deregister an AMI, it doesn''t affect any instances that you''ve already launched from the AMI. You''ll continue to incur usage costs for those instances until you terminate them.

When you deregister an Amazon EBS-backed AMI, it doesn''t affect the snapshot that was created for the root volume of the instance during the AMI creation process. When you deregister an instance store-backed AMI, it doesn''t affect the files that you uploaded to Amazon S3 when you created the AMI.

' - responses: - '200': - description: Success - parameters: - - name: ImageId - in: query - required: true - description: The ID of the AMI. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeregisterImage - operationId: POST_DeregisterImage - description: '

Deregisters the specified AMI. After you deregister an AMI, it can''t be used to launch new instances.

If you deregister an AMI that matches a Recycle Bin retention rule, the AMI is retained in the Recycle Bin for the specified retention period. For more information, see Recycle Bin in the Amazon Elastic Compute Cloud User Guide.

When you deregister an AMI, it doesn''t affect any instances that you''ve already launched from the AMI. You''ll continue to incur usage costs for those instances until you terminate them.

When you deregister an Amazon EBS-backed AMI, it doesn''t affect the snapshot that was created for the root volume of the instance during the AMI creation process. When you deregister an instance store-backed AMI, it doesn''t affect the files that you uploaded to Amazon S3 when you created the AMI.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeregisterImageRequest' - parameters: [] - /?Action=DeregisterInstanceEventNotificationAttributes&Version=2016-11-15: - get: - x-aws-operation-name: DeregisterInstanceEventNotificationAttributes - operationId: GET_DeregisterInstanceEventNotificationAttributes - description: Deregisters tag keys to prevent tags that have the specified tag keys from being included in scheduled event notifications for resources in the Region. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeregisterInstanceEventNotificationAttributesResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceTagAttribute - in: query - required: false - description: Information about the tag keys to deregister. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to deregister all tag keys in the current Region. Specify false to deregister all tag keys. - InstanceTagKey: - allOf: - - $ref: '#/components/schemas/InstanceTagKeySet' - - description: Information about the tag keys to deregister. - description: Information about the tag keys to deregister for the current Region. You can either specify individual tag keys or deregister all tag keys in the current Region. You must specify either IncludeAllTagsOfInstance or InstanceTagKeys in the request - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeregisterInstanceEventNotificationAttributes - operationId: POST_DeregisterInstanceEventNotificationAttributes - description: Deregisters tag keys to prevent tags that have the specified tag keys from being included in scheduled event notifications for resources in the Region. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeregisterInstanceEventNotificationAttributesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeregisterInstanceEventNotificationAttributesRequest' - parameters: [] - /?Action=DeregisterTransitGatewayMulticastGroupMembers&Version=2016-11-15: - get: - x-aws-operation-name: DeregisterTransitGatewayMulticastGroupMembers - operationId: GET_DeregisterTransitGatewayMulticastGroupMembers - description: Deregisters the specified members (network interfaces) from the transit gateway multicast group. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeregisterTransitGatewayMulticastGroupMembersResult' - parameters: - - name: TransitGatewayMulticastDomainId - in: query - required: false - description: The ID of the transit gateway multicast domain. - schema: - type: string - - name: GroupIpAddress - in: query - required: false - description: The IP address assigned to the transit gateway multicast group. - schema: - type: string - - name: NetworkInterfaceIds - in: query - required: false - description: The IDs of the group members' network interfaces. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeregisterTransitGatewayMulticastGroupMembers - operationId: POST_DeregisterTransitGatewayMulticastGroupMembers - description: Deregisters the specified members (network interfaces) from the transit gateway multicast group. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeregisterTransitGatewayMulticastGroupMembersResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeregisterTransitGatewayMulticastGroupMembersRequest' - parameters: [] - /?Action=DeregisterTransitGatewayMulticastGroupSources&Version=2016-11-15: - get: - x-aws-operation-name: DeregisterTransitGatewayMulticastGroupSources - operationId: GET_DeregisterTransitGatewayMulticastGroupSources - description: Deregisters the specified sources (network interfaces) from the transit gateway multicast group. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeregisterTransitGatewayMulticastGroupSourcesResult' - parameters: - - name: TransitGatewayMulticastDomainId - in: query - required: false - description: The ID of the transit gateway multicast domain. - schema: - type: string - - name: GroupIpAddress - in: query - required: false - description: The IP address assigned to the transit gateway multicast group. - schema: - type: string - - name: NetworkInterfaceIds - in: query - required: false - description: The IDs of the group sources' network interfaces. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DeregisterTransitGatewayMulticastGroupSources - operationId: POST_DeregisterTransitGatewayMulticastGroupSources - description: Deregisters the specified sources (network interfaces) from the transit gateway multicast group. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DeregisterTransitGatewayMulticastGroupSourcesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeregisterTransitGatewayMulticastGroupSourcesRequest' - parameters: [] - /?Action=DescribeAccountAttributes&Version=2016-11-15: - get: - x-aws-operation-name: DescribeAccountAttributes - operationId: GET_DescribeAccountAttributes - description: '

Describes attributes of your Amazon Web Services account. The following are the supported account attributes:

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeAccountAttributesResult' - parameters: - - name: AttributeName - in: query - required: false - description: The account attribute names. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/AccountAttributeName' - - xml: - name: attributeName - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeAccountAttributes - operationId: POST_DescribeAccountAttributes - description: '

Describes attributes of your Amazon Web Services account. The following are the supported account attributes:

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeAccountAttributesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeAccountAttributesRequest' - parameters: [] - /?Action=DescribeAddresses&Version=2016-11-15: - get: - x-aws-operation-name: DescribeAddresses - operationId: GET_DescribeAddresses - description: '

Describes the specified Elastic IP addresses or all of your Elastic IP addresses.

An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeAddressesResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters. Filter names and values are case-sensitive.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: PublicIp - in: query - required: false - description: '

One or more Elastic IP addresses.

Default: Describes all your Elastic IP addresses.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: PublicIp - - name: AllocationId - in: query - required: false - description: '[EC2-VPC] Information about the allocation IDs.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/AllocationId' - - xml: - name: AllocationId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeAddresses - operationId: POST_DescribeAddresses - description: '

Describes the specified Elastic IP addresses or all of your Elastic IP addresses.

An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeAddressesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeAddressesRequest' - parameters: [] - /?Action=DescribeAddressesAttribute&Version=2016-11-15: - get: - x-aws-operation-name: DescribeAddressesAttribute - operationId: GET_DescribeAddressesAttribute - description: 'Describes the attributes of the specified Elastic IP addresses. For requirements, see Using reverse DNS for email applications.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeAddressesAttributeResult' - parameters: - - name: AllocationId - in: query - required: false - description: '[EC2-VPC] The allocation IDs.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/AllocationId' - - xml: - name: item - - name: Attribute - in: query - required: false - description: The attribute of the IP address. - schema: - type: string - enum: - - domain-name - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 1 - maximum: 1000 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeAddressesAttribute - operationId: POST_DescribeAddressesAttribute - description: 'Describes the attributes of the specified Elastic IP addresses. For requirements, see Using reverse DNS for email applications.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeAddressesAttributeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeAddressesAttributeRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeAggregateIdFormat&Version=2016-11-15: - get: - x-aws-operation-name: DescribeAggregateIdFormat - operationId: GET_DescribeAggregateIdFormat - description: '

Describes the longer ID format settings for all resource types in a specific Region. This request is useful for performing a quick audit to determine whether a specific Region is fully opted in for longer IDs (17-character IDs).

This request only returns information about resource types that support longer IDs.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeAggregateIdFormatResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeAggregateIdFormat - operationId: POST_DescribeAggregateIdFormat - description: '

Describes the longer ID format settings for all resource types in a specific Region. This request is useful for performing a quick audit to determine whether a specific Region is fully opted in for longer IDs (17-character IDs).

This request only returns information about resource types that support longer IDs.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeAggregateIdFormatResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeAggregateIdFormatRequest' - parameters: [] - /?Action=DescribeAvailabilityZones&Version=2016-11-15: - get: - x-aws-operation-name: DescribeAvailabilityZones - operationId: GET_DescribeAvailabilityZones - description: '

Describes the Availability Zones, Local Zones, and Wavelength Zones that are available to you. If there is an event impacting a zone, you can use this request to view the state and any provided messages for that zone.

For more information about Availability Zones, Local Zones, and Wavelength Zones, see Regions and zones in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeAvailabilityZonesResult' - parameters: - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: ZoneName - in: query - required: false - description: 'The names of the Availability Zones, Local Zones, and Wavelength Zones.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: ZoneName - - name: ZoneId - in: query - required: false - description: 'The IDs of the Availability Zones, Local Zones, and Wavelength Zones.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: ZoneId - - name: AllAvailabilityZones - in: query - required: false - description: '

Include all Availability Zones, Local Zones, and Wavelength Zones regardless of your opt-in status.

If you do not use this parameter, the results include only the zones for the Regions where you have chosen the option to opt in.

' - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeAvailabilityZones - operationId: POST_DescribeAvailabilityZones - description: '

Describes the Availability Zones, Local Zones, and Wavelength Zones that are available to you. If there is an event impacting a zone, you can use this request to view the state and any provided messages for that zone.

For more information about Availability Zones, Local Zones, and Wavelength Zones, see Regions and zones in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeAvailabilityZonesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeAvailabilityZonesRequest' - parameters: [] - /?Action=DescribeBundleTasks&Version=2016-11-15: - get: - x-aws-operation-name: DescribeBundleTasks - operationId: GET_DescribeBundleTasks - description: '

Describes the specified bundle tasks or all of your bundle tasks.

Completed bundle tasks are listed for only a limited time. If your bundle task is no longer in the list, you can still register an AMI from it. Just use RegisterImage with the Amazon S3 bucket name and image manifest name you provided to the bundle task.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeBundleTasksResult' - parameters: - - name: BundleId - in: query - required: false - description: '

The bundle task IDs.

Default: Describes all your bundle tasks.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/BundleId' - - xml: - name: BundleId - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeBundleTasks - operationId: POST_DescribeBundleTasks - description: '

Describes the specified bundle tasks or all of your bundle tasks.

Completed bundle tasks are listed for only a limited time. If your bundle task is no longer in the list, you can still register an AMI from it. Just use RegisterImage with the Amazon S3 bucket name and image manifest name you provided to the bundle task.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeBundleTasksResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeBundleTasksRequest' - parameters: [] - /?Action=DescribeByoipCidrs&Version=2016-11-15: - get: - x-aws-operation-name: DescribeByoipCidrs - operationId: GET_DescribeByoipCidrs - description: '

Describes the IP address ranges that were specified in calls to ProvisionByoipCidr.

To describe the address pools that were created when you provisioned the address ranges, use DescribePublicIpv4Pools or DescribeIpv6Pools.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeByoipCidrsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: MaxResults - in: query - required: true - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 1 - maximum: 100 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeByoipCidrs - operationId: POST_DescribeByoipCidrs - description: '

Describes the IP address ranges that were specified in calls to ProvisionByoipCidr.

To describe the address pools that were created when you provisioned the address ranges, use DescribePublicIpv4Pools or DescribeIpv6Pools.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeByoipCidrsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeByoipCidrsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeCapacityReservationFleets&Version=2016-11-15: - get: - x-aws-operation-name: DescribeCapacityReservationFleets - operationId: GET_DescribeCapacityReservationFleets - description: Describes one or more Capacity Reservation Fleets. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeCapacityReservationFleetsResult' - parameters: - - name: CapacityReservationFleetId - in: query - required: false - description: The IDs of the Capacity Reservation Fleets to describe. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleetId' - - xml: - name: item - - name: NextToken - in: query - required: false - description: The token to use to retrieve the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.' - schema: - type: integer - minimum: 1 - maximum: 100 - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeCapacityReservationFleets - operationId: POST_DescribeCapacityReservationFleets - description: Describes one or more Capacity Reservation Fleets. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeCapacityReservationFleetsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeCapacityReservationFleetsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeCapacityReservations&Version=2016-11-15: - get: - x-aws-operation-name: DescribeCapacityReservations - operationId: GET_DescribeCapacityReservations - description: Describes one or more of your Capacity Reservations. The results describe only the Capacity Reservations in the Amazon Web Services Region that you're currently using. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeCapacityReservationsResult' - parameters: - - name: CapacityReservationId - in: query - required: false - description: The ID of the Capacity Reservation. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/CapacityReservationId' - - xml: - name: item - - name: NextToken - in: query - required: false - description: The token to use to retrieve the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.' - schema: - type: integer - minimum: 1 - maximum: 1000 - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeCapacityReservations - operationId: POST_DescribeCapacityReservations - description: Describes one or more of your Capacity Reservations. The results describe only the Capacity Reservations in the Amazon Web Services Region that you're currently using. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeCapacityReservationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeCapacityReservationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeCarrierGateways&Version=2016-11-15: - get: - x-aws-operation-name: DescribeCarrierGateways - operationId: GET_DescribeCarrierGateways - description: Describes one or more of your carrier gateways. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeCarrierGatewaysResult' - parameters: - - name: CarrierGatewayId - in: query - required: false - description: One or more carrier gateway IDs. - schema: - type: array - items: - $ref: '#/components/schemas/CarrierGatewayId' - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeCarrierGateways - operationId: POST_DescribeCarrierGateways - description: Describes one or more of your carrier gateways. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeCarrierGatewaysResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeCarrierGatewaysRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeClassicLinkInstances&Version=2016-11-15: - get: - x-aws-operation-name: DescribeClassicLinkInstances - operationId: GET_DescribeClassicLinkInstances - description: Describes one or more of your linked EC2-Classic instances. This request only returns information about EC2-Classic instances linked to a VPC through ClassicLink. You cannot use this request to return information about other instances. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClassicLinkInstancesResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceId - in: query - required: false - description: One or more instance IDs. Must be instances linked to a VPC through ClassicLink. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceId' - - xml: - name: InstanceId - - name: MaxResults - in: query - required: false - description: '

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

Constraint: If the value is greater than 1000, we return only 1000 items.

' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeClassicLinkInstances - operationId: POST_DescribeClassicLinkInstances - description: Describes one or more of your linked EC2-Classic instances. This request only returns information about EC2-Classic instances linked to a VPC through ClassicLink. You cannot use this request to return information about other instances. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClassicLinkInstancesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClassicLinkInstancesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeClientVpnAuthorizationRules&Version=2016-11-15: - get: - x-aws-operation-name: DescribeClientVpnAuthorizationRules - operationId: GET_DescribeClientVpnAuthorizationRules - description: Describes the authorization rules for a specified Client VPN endpoint. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClientVpnAuthorizationRulesResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - - name: Filter - in: query - required: false - description:

One or more filters. Filter names and values are case-sensitive.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value. - schema: - type: integer - minimum: 5 - maximum: 1000 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeClientVpnAuthorizationRules - operationId: POST_DescribeClientVpnAuthorizationRules - description: Describes the authorization rules for a specified Client VPN endpoint. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClientVpnAuthorizationRulesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClientVpnAuthorizationRulesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeClientVpnConnections&Version=2016-11-15: - get: - x-aws-operation-name: DescribeClientVpnConnections - operationId: GET_DescribeClientVpnConnections - description: Describes active client connections and connections that have been terminated within the last 60 minutes for the specified Client VPN endpoint. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClientVpnConnectionsResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint. - schema: - type: string - - name: Filter - in: query - required: false - description: '

One or more filters. Filter names and values are case-sensitive.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value. - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeClientVpnConnections - operationId: POST_DescribeClientVpnConnections - description: Describes active client connections and connections that have been terminated within the last 60 minutes for the specified Client VPN endpoint. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClientVpnConnectionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClientVpnConnectionsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeClientVpnEndpoints&Version=2016-11-15: - get: - x-aws-operation-name: DescribeClientVpnEndpoints - operationId: GET_DescribeClientVpnEndpoints - description: Describes one or more Client VPN endpoints in the account. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClientVpnEndpointsResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: false - description: The ID of the Client VPN endpoint. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ClientVpnEndpointId' - - xml: - name: item - - name: MaxResults - in: query - required: false - description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value. - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - - name: Filter - in: query - required: false - description:

One or more filters. Filter names and values are case-sensitive.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeClientVpnEndpoints - operationId: POST_DescribeClientVpnEndpoints - description: Describes one or more Client VPN endpoints in the account. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClientVpnEndpointsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClientVpnEndpointsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeClientVpnRoutes&Version=2016-11-15: - get: - x-aws-operation-name: DescribeClientVpnRoutes - operationId: GET_DescribeClientVpnRoutes - description: Describes the routes for the specified Client VPN endpoint. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClientVpnRoutesResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint. - schema: - type: string - - name: Filter - in: query - required: false - description:

One or more filters. Filter names and values are case-sensitive.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value. - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeClientVpnRoutes - operationId: POST_DescribeClientVpnRoutes - description: Describes the routes for the specified Client VPN endpoint. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClientVpnRoutesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClientVpnRoutesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeClientVpnTargetNetworks&Version=2016-11-15: - get: - x-aws-operation-name: DescribeClientVpnTargetNetworks - operationId: GET_DescribeClientVpnTargetNetworks - description: Describes the target networks associated with the specified Client VPN endpoint. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClientVpnTargetNetworksResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint. - schema: - type: string - - name: AssociationIds - in: query - required: false - description: The IDs of the target network associations. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: MaxResults - in: query - required: false - description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value. - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - - name: Filter - in: query - required: false - description:

One or more filters. Filter names and values are case-sensitive.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeClientVpnTargetNetworks - operationId: POST_DescribeClientVpnTargetNetworks - description: Describes the target networks associated with the specified Client VPN endpoint. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClientVpnTargetNetworksResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeClientVpnTargetNetworksRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeCoipPools&Version=2016-11-15: - get: - x-aws-operation-name: DescribeCoipPools - operationId: GET_DescribeCoipPools - description: Describes the specified customer-owned address pools or all of your customer-owned address pools. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeCoipPoolsResult' - parameters: - - name: PoolId - in: query - required: false - description: The IDs of the address pools. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv4PoolCoipId' - - xml: - name: item - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeCoipPools - operationId: POST_DescribeCoipPools - description: Describes the specified customer-owned address pools or all of your customer-owned address pools. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeCoipPoolsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeCoipPoolsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeConversionTasks&Version=2016-11-15: - get: - x-aws-operation-name: DescribeConversionTasks - operationId: GET_DescribeConversionTasks - description: '

Describes the specified conversion tasks or all your conversion tasks. For more information, see the VM Import/Export User Guide.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeConversionTasksResult' - parameters: - - name: ConversionTaskId - in: query - required: false - description: The conversion task IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ConversionTaskId' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeConversionTasks - operationId: POST_DescribeConversionTasks - description: '

Describes the specified conversion tasks or all your conversion tasks. For more information, see the VM Import/Export User Guide.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeConversionTasksResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeConversionTasksRequest' - parameters: [] - /?Action=DescribeCustomerGateways&Version=2016-11-15: - get: - x-aws-operation-name: DescribeCustomerGateways - operationId: GET_DescribeCustomerGateways - description: '

Describes one or more of your VPN customer gateways.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeCustomerGatewaysResult' - parameters: - - name: CustomerGatewayId - in: query - required: false - description: '

One or more customer gateway IDs.

Default: Describes all your customer gateways.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/CustomerGatewayId' - - xml: - name: CustomerGatewayId - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeCustomerGateways - operationId: POST_DescribeCustomerGateways - description: '

Describes one or more of your VPN customer gateways.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeCustomerGatewaysResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeCustomerGatewaysRequest' - parameters: [] - /?Action=DescribeDhcpOptions&Version=2016-11-15: - get: - x-aws-operation-name: DescribeDhcpOptions - operationId: GET_DescribeDhcpOptions - description: '

Describes one or more of your DHCP options sets.

For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeDhcpOptionsResult' - parameters: - - name: DhcpOptionsId - in: query - required: false - description: '

The IDs of one or more DHCP options sets.

Default: Describes all your DHCP options sets.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/DhcpOptionsId' - - xml: - name: DhcpOptionsId - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeDhcpOptions - operationId: POST_DescribeDhcpOptions - description: '

Describes one or more of your DHCP options sets.

For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeDhcpOptionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeDhcpOptionsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeEgressOnlyInternetGateways&Version=2016-11-15: - get: - x-aws-operation-name: DescribeEgressOnlyInternetGateways - operationId: GET_DescribeEgressOnlyInternetGateways - description: Describes one or more of your egress-only internet gateways. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeEgressOnlyInternetGatewaysResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: EgressOnlyInternetGatewayId - in: query - required: false - description: One or more egress-only internet gateway IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/EgressOnlyInternetGatewayId' - - xml: - name: item - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 255 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeEgressOnlyInternetGateways - operationId: POST_DescribeEgressOnlyInternetGateways - description: Describes one or more of your egress-only internet gateways. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeEgressOnlyInternetGatewaysResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeEgressOnlyInternetGatewaysRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeElasticGpus&Version=2016-11-15: - get: - x-aws-operation-name: DescribeElasticGpus - operationId: GET_DescribeElasticGpus - description: 'Describes the Elastic Graphics accelerator associated with your instances. For more information about Elastic Graphics, see Amazon Elastic Graphics.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeElasticGpusResult' - parameters: - - name: ElasticGpuId - in: query - required: false - description: The Elastic Graphics accelerator IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ElasticGpuId' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 5 and 1000.' - schema: - type: integer - minimum: 10 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token to request the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeElasticGpus - operationId: POST_DescribeElasticGpus - description: 'Describes the Elastic Graphics accelerator associated with your instances. For more information about Elastic Graphics, see Amazon Elastic Graphics.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeElasticGpusResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeElasticGpusRequest' - parameters: [] - /?Action=DescribeExportImageTasks&Version=2016-11-15: - get: - x-aws-operation-name: DescribeExportImageTasks - operationId: GET_DescribeExportImageTasks - description: Describes the specified export image tasks or all of your export image tasks. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeExportImageTasksResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: 'Filter tasks using the task-state filter and one of the following values: active, completed, deleting, or deleted.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: ExportImageTaskId - in: query - required: false - description: The IDs of the export image tasks. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ExportImageTaskId' - - xml: - name: ExportImageTaskId - - name: MaxResults - in: query - required: false - description: The maximum number of results to return in a single call. - schema: - type: integer - minimum: 1 - maximum: 500 - - name: NextToken - in: query - required: false - description: A token that indicates the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeExportImageTasks - operationId: POST_DescribeExportImageTasks - description: Describes the specified export image tasks or all of your export image tasks. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeExportImageTasksResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeExportImageTasksRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeExportTasks&Version=2016-11-15: - get: - x-aws-operation-name: DescribeExportTasks - operationId: GET_DescribeExportTasks - description: Describes the specified export instance tasks or all of your export instance tasks. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeExportTasksResult' - parameters: - - name: ExportTaskId - in: query - required: false - description: The export task IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ExportTaskId' - - xml: - name: ExportTaskId - - name: Filter - in: query - required: false - description: the filters for the export tasks. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeExportTasks - operationId: POST_DescribeExportTasks - description: Describes the specified export instance tasks or all of your export instance tasks. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeExportTasksResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeExportTasksRequest' - parameters: [] - /?Action=DescribeFastLaunchImages&Version=2016-11-15: - get: - x-aws-operation-name: DescribeFastLaunchImages - operationId: GET_DescribeFastLaunchImages - description: Describe details for Windows AMIs that are configured for faster launching. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFastLaunchImagesResult' - parameters: - - name: ImageId - in: query - required: false - description: Details for one or more Windows AMI image IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImageId' - - xml: - name: ImageId - - name: Filter - in: query - required: false - description:

Use the following filters to streamline results.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another request with the returned NextToken value. If this parameter is not specified, then all results are returned.' - schema: - type: integer - minimum: 0 - maximum: 200 - - name: NextToken - in: query - required: false - description: The token for the next set of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeFastLaunchImages - operationId: POST_DescribeFastLaunchImages - description: Describe details for Windows AMIs that are configured for faster launching. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFastLaunchImagesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFastLaunchImagesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeFastSnapshotRestores&Version=2016-11-15: - get: - x-aws-operation-name: DescribeFastSnapshotRestores - operationId: GET_DescribeFastSnapshotRestores - description: Describes the state of fast snapshot restores for your snapshots. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFastSnapshotRestoresResult' - parameters: - - name: Filter - in: query - required: false - description: '

The filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 0 - maximum: 200 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeFastSnapshotRestores - operationId: POST_DescribeFastSnapshotRestores - description: Describes the state of fast snapshot restores for your snapshots. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFastSnapshotRestoresResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFastSnapshotRestoresRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeFleetHistory&Version=2016-11-15: - get: - x-aws-operation-name: DescribeFleetHistory - operationId: GET_DescribeFleetHistory - description: '

Describes the events for the specified EC2 Fleet during the specified time.

EC2 Fleet events are delayed by up to 30 seconds before they can be described. This ensures that you can query by the last evaluated time and not miss a recorded event. EC2 Fleet events are available for 48 hours.

For more information, see Monitor fleet events using Amazon EventBridge in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFleetHistoryResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: EventType - in: query - required: false - description: 'The type of events to describe. By default, all events are described.' - schema: - type: string - enum: - - instance-change - - fleet-change - - service-error - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token for the next set of results. - schema: - type: string - - name: FleetId - in: query - required: true - description: The ID of the EC2 Fleet. - schema: - type: string - - name: StartTime - in: query - required: true - description: 'The start date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - schema: - type: string - format: date-time - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeFleetHistory - operationId: POST_DescribeFleetHistory - description: '

Describes the events for the specified EC2 Fleet during the specified time.

EC2 Fleet events are delayed by up to 30 seconds before they can be described. This ensures that you can query by the last evaluated time and not miss a recorded event. EC2 Fleet events are available for 48 hours.

For more information, see Monitor fleet events using Amazon EventBridge in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFleetHistoryResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFleetHistoryRequest' - parameters: [] - /?Action=DescribeFleetInstances&Version=2016-11-15: - get: - x-aws-operation-name: DescribeFleetInstances - operationId: GET_DescribeFleetInstances - description: '

Describes the running instances for the specified EC2 Fleet.

For more information, see Monitor your EC2 Fleet in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFleetInstancesResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token for the next set of results. - schema: - type: string - - name: FleetId - in: query - required: true - description: The ID of the EC2 Fleet. - schema: - type: string - - name: Filter - in: query - required: false - description:

The filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeFleetInstances - operationId: POST_DescribeFleetInstances - description: '

Describes the running instances for the specified EC2 Fleet.

For more information, see Monitor your EC2 Fleet in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFleetInstancesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFleetInstancesRequest' - parameters: [] - /?Action=DescribeFleets&Version=2016-11-15: - get: - x-aws-operation-name: DescribeFleets - operationId: GET_DescribeFleets - description: '

Describes the specified EC2 Fleets or all of your EC2 Fleets.

For more information, see Monitor your EC2 Fleet in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFleetsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token for the next set of results. - schema: - type: string - - name: FleetId - in: query - required: false - description: '

The IDs of the EC2 Fleets.

If a fleet is of type instant, you must specify the fleet ID, otherwise it does not appear in the response.

' - schema: - type: array - items: - $ref: '#/components/schemas/FleetId' - - name: Filter - in: query - required: false - description:

The filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeFleets - operationId: POST_DescribeFleets - description: '

Describes the specified EC2 Fleets or all of your EC2 Fleets.

For more information, see Monitor your EC2 Fleet in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFleetsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFleetsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeFlowLogs&Version=2016-11-15: - get: - x-aws-operation-name: DescribeFlowLogs - operationId: GET_DescribeFlowLogs - description: 'Describes one or more flow logs. To view the information in your flow logs (the log streams for the network interfaces), you must use the CloudWatch Logs console or the CloudWatch Logs API.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFlowLogsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: FlowLogId - in: query - required: false - description: '

One or more flow log IDs.

Constraint: Maximum of 1000 flow log IDs.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcFlowLogId' - - xml: - name: item - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeFlowLogs - operationId: POST_DescribeFlowLogs - description: 'Describes one or more flow logs. To view the information in your flow logs (the log streams for the network interfaces), you must use the CloudWatch Logs console or the CloudWatch Logs API.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFlowLogsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFlowLogsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeFpgaImageAttribute&Version=2016-11-15: - get: - x-aws-operation-name: DescribeFpgaImageAttribute - operationId: GET_DescribeFpgaImageAttribute - description: Describes the specified attribute of the specified Amazon FPGA Image (AFI). - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFpgaImageAttributeResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: FpgaImageId - in: query - required: true - description: The ID of the AFI. - schema: - type: string - - name: Attribute - in: query - required: true - description: The AFI attribute. - schema: - type: string - enum: - - description - - name - - loadPermission - - productCodes - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeFpgaImageAttribute - operationId: POST_DescribeFpgaImageAttribute - description: Describes the specified attribute of the specified Amazon FPGA Image (AFI). - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFpgaImageAttributeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFpgaImageAttributeRequest' - parameters: [] - /?Action=DescribeFpgaImages&Version=2016-11-15: - get: - x-aws-operation-name: DescribeFpgaImages - operationId: GET_DescribeFpgaImages - description: 'Describes the Amazon FPGA Images (AFIs) available to you. These include public AFIs, private AFIs that you own, and AFIs owned by other Amazon Web Services accounts for which you have load permissions.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFpgaImagesResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: FpgaImageId - in: query - required: false - description: The AFI IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/FpgaImageId' - - xml: - name: item - - name: Owner - in: query - required: false - description: 'Filters the AFI by owner. Specify an Amazon Web Services account ID, self (owner is the sender of the request), or an Amazon Web Services owner alias (valid values are amazon | aws-marketplace).' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: Owner - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: The maximum number of results to return in a single call. - schema: - type: integer - minimum: 5 - maximum: 1000 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeFpgaImages - operationId: POST_DescribeFpgaImages - description: 'Describes the Amazon FPGA Images (AFIs) available to you. These include public AFIs, private AFIs that you own, and AFIs owned by other Amazon Web Services accounts for which you have load permissions.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFpgaImagesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeFpgaImagesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeHostReservationOfferings&Version=2016-11-15: - get: - x-aws-operation-name: DescribeHostReservationOfferings - operationId: GET_DescribeHostReservationOfferings - description: '

Describes the Dedicated Host reservations that are available to purchase.

The results describe all of the Dedicated Host reservation offerings, including offerings that might not match the instance family and Region of your Dedicated Hosts. When purchasing an offering, ensure that the instance family and Region of the offering matches that of the Dedicated Hosts with which it is to be associated. For more information about supported instance types, see Dedicated Hosts in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeHostReservationOfferingsResult' - parameters: - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxDuration - in: query - required: false - description: 'This is the maximum duration of the reservation to purchase, specified in seconds. Reservations are available in one-year and three-year terms. The number of seconds specified must be the number of seconds in a year (365x24x60x60) times one of the supported durations (1 or 3). For example, specify 94608000 for three years.' - schema: - type: integer - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.' - schema: - type: integer - minimum: 5 - maximum: 500 - - name: MinDuration - in: query - required: false - description: 'This is the minimum duration of the reservation you''d like to purchase, specified in seconds. Reservations are available in one-year and three-year terms. The number of seconds specified must be the number of seconds in a year (365x24x60x60) times one of the supported durations (1 or 3). For example, specify 31536000 for one year.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token to use to retrieve the next page of results. - schema: - type: string - - name: OfferingId - in: query - required: false - description: The ID of the reservation offering. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeHostReservationOfferings - operationId: POST_DescribeHostReservationOfferings - description: '

Describes the Dedicated Host reservations that are available to purchase.

The results describe all of the Dedicated Host reservation offerings, including offerings that might not match the instance family and Region of your Dedicated Hosts. When purchasing an offering, ensure that the instance family and Region of the offering matches that of the Dedicated Hosts with which it is to be associated. For more information about supported instance types, see Dedicated Hosts in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeHostReservationOfferingsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeHostReservationOfferingsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeHostReservations&Version=2016-11-15: - get: - x-aws-operation-name: DescribeHostReservations - operationId: GET_DescribeHostReservations - description: Describes reservations that are associated with Dedicated Hosts in your account. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeHostReservationsResult' - parameters: - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: HostReservationIdSet - in: query - required: false - description: The host reservation IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/HostReservationId' - - xml: - name: item - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token to use to retrieve the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeHostReservations - operationId: POST_DescribeHostReservations - description: Describes reservations that are associated with Dedicated Hosts in your account. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeHostReservationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeHostReservationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeHosts&Version=2016-11-15: - get: - x-aws-operation-name: DescribeHosts - operationId: GET_DescribeHosts - description:

Describes the specified Dedicated Hosts or all your Dedicated Hosts.

The results describe only the Dedicated Hosts in the Region you're currently using. All listed instances consume capacity on your Dedicated Host. Dedicated Hosts that have recently been released are listed with the state released.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeHostsResult' - parameters: - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: HostId - in: query - required: false - description: The IDs of the Dedicated Hosts. The IDs are used for targeted instance launches. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/DedicatedHostId' - - xml: - name: item - - name: MaxResults - in: query - required: false - description: '

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.

You cannot specify this parameter and the host IDs parameter in the same request.

' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token to use to retrieve the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeHosts - operationId: POST_DescribeHosts - description:

Describes the specified Dedicated Hosts or all your Dedicated Hosts.

The results describe only the Dedicated Hosts in the Region you're currently using. All listed instances consume capacity on your Dedicated Host. Dedicated Hosts that have recently been released are listed with the state released.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeHostsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeHostsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeIamInstanceProfileAssociations&Version=2016-11-15: - get: - x-aws-operation-name: DescribeIamInstanceProfileAssociations - operationId: GET_DescribeIamInstanceProfileAssociations - description: Describes your IAM instance profile associations. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIamInstanceProfileAssociationsResult' - parameters: - - name: AssociationId - in: query - required: false - description: The IAM instance profile associations. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/IamInstanceProfileAssociationId' - - xml: - name: AssociationId - - name: Filter - in: query - required: false - description:

The filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token to request the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeIamInstanceProfileAssociations - operationId: POST_DescribeIamInstanceProfileAssociations - description: Describes your IAM instance profile associations. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIamInstanceProfileAssociationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIamInstanceProfileAssociationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeIdFormat&Version=2016-11-15: - get: - x-aws-operation-name: DescribeIdFormat - operationId: GET_DescribeIdFormat - description: '

Describes the ID format settings for your resources on a per-Region basis, for example, to view which resource types are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

These settings apply to the IAM user who makes the request; they do not apply to the entire Amazon Web Services account. By default, an IAM user defaults to the same settings as the root user, unless they explicitly override the settings by running the ModifyIdFormat command. Resources created with longer IDs are visible to all IAM users, regardless of these settings and provided that they have permission to use the relevant Describe command for the resource type.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIdFormatResult' - parameters: - - name: Resource - in: query - required: false - description: 'The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway ' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeIdFormat - operationId: POST_DescribeIdFormat - description: '

Describes the ID format settings for your resources on a per-Region basis, for example, to view which resource types are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

These settings apply to the IAM user who makes the request; they do not apply to the entire Amazon Web Services account. By default, an IAM user defaults to the same settings as the root user, unless they explicitly override the settings by running the ModifyIdFormat command. Resources created with longer IDs are visible to all IAM users, regardless of these settings and provided that they have permission to use the relevant Describe command for the resource type.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIdFormatResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIdFormatRequest' - parameters: [] - /?Action=DescribeIdentityIdFormat&Version=2016-11-15: - get: - x-aws-operation-name: DescribeIdentityIdFormat - operationId: GET_DescribeIdentityIdFormat - description: '

Describes the ID format settings for resources for the specified IAM user, IAM role, or root user. For example, you can view the resource types that are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

These settings apply to the principal specified in the request. They do not apply to the principal that makes the request.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIdentityIdFormatResult' - parameters: - - name: PrincipalArn - in: query - required: true - description: 'The ARN of the principal, which can be an IAM role, IAM user, or the root user.' - schema: - type: string - - name: Resource - in: query - required: false - description: 'The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway ' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeIdentityIdFormat - operationId: POST_DescribeIdentityIdFormat - description: '

Describes the ID format settings for resources for the specified IAM user, IAM role, or root user. For example, you can view the resource types that are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

These settings apply to the principal specified in the request. They do not apply to the principal that makes the request.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIdentityIdFormatResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIdentityIdFormatRequest' - parameters: [] - /?Action=DescribeImageAttribute&Version=2016-11-15: - get: - x-aws-operation-name: DescribeImageAttribute - operationId: GET_DescribeImageAttribute - description: Describes the specified attribute of the specified AMI. You can specify only one attribute at a time. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ImageAttribute' - parameters: - - name: Attribute - in: query - required: true - description: '

The AMI attribute.

Note: The blockDeviceMapping attribute is deprecated. Using this attribute returns the Client.AuthFailure error. To get information about the block device mappings for an AMI, use the DescribeImages action.

' - schema: - type: string - enum: - - description - - kernel - - ramdisk - - launchPermission - - productCodes - - blockDeviceMapping - - sriovNetSupport - - bootMode - - tpmSupport - - uefiData - - lastLaunchedTime - - name: ImageId - in: query - required: true - description: The ID of the AMI. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeImageAttribute - operationId: POST_DescribeImageAttribute - description: Describes the specified attribute of the specified AMI. You can specify only one attribute at a time. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ImageAttribute' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeImageAttributeRequest' - parameters: [] - /?Action=DescribeImages&Version=2016-11-15: - get: - x-aws-operation-name: DescribeImages - operationId: GET_DescribeImages - description: '

Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.

The images available to you include public images, private images that you own, and private images owned by other Amazon Web Services accounts for which you have explicit launch permissions.

Recently deregistered images appear in the returned results for a short interval and then return empty results. After all instances that reference a deregistered AMI are terminated, specifying the ID of the image will eventually return an error indicating that the AMI ID cannot be found.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeImagesResult' - parameters: - - name: ExecutableBy - in: query - required: false - description: '

Scopes the images by users with explicit launch permissions. Specify an Amazon Web Services account ID, self (the sender of the request), or all (public AMIs).

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: ExecutableBy - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: ImageId - in: query - required: false - description: '

The image IDs.

Default: Describes all images available to you.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImageId' - - xml: - name: ImageId - - name: Owner - in: query - required: false - description: 'Scopes the results to images with the specified owners. You can specify a combination of Amazon Web Services account IDs, self, amazon, and aws-marketplace. If you omit this parameter, the results include all images for which you have launch permissions, regardless of ownership.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: Owner - - name: IncludeDeprecated - in: query - required: false - description: '

If true, all deprecated AMIs are included in the response. If false, no deprecated AMIs are included in the response. If no value is specified, the default value is false.

If you are the AMI owner, all deprecated AMIs appear in the response regardless of the value (true or false) that you set for this parameter.

' - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeImages - operationId: POST_DescribeImages - description: '

Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.

The images available to you include public images, private images that you own, and private images owned by other Amazon Web Services accounts for which you have explicit launch permissions.

Recently deregistered images appear in the returned results for a short interval and then return empty results. After all instances that reference a deregistered AMI are terminated, specifying the ID of the image will eventually return an error indicating that the AMI ID cannot be found.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeImagesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeImagesRequest' - parameters: [] - /?Action=DescribeImportImageTasks&Version=2016-11-15: - get: - x-aws-operation-name: DescribeImportImageTasks - operationId: GET_DescribeImportImageTasks - description: Displays details about an import virtual machine or import snapshot tasks that are already created. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeImportImageTasksResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filters - in: query - required: false - description: 'Filter tasks using the task-state filter and one of the following values: active, completed, deleting, or deleted.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: ImportTaskId - in: query - required: false - description: The IDs of the import image tasks. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImportImageTaskId' - - xml: - name: ImportTaskId - - name: MaxResults - in: query - required: false - description: The maximum number of results to return in a single call. - schema: - type: integer - - name: NextToken - in: query - required: false - description: A token that indicates the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeImportImageTasks - operationId: POST_DescribeImportImageTasks - description: Displays details about an import virtual machine or import snapshot tasks that are already created. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeImportImageTasksResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeImportImageTasksRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeImportSnapshotTasks&Version=2016-11-15: - get: - x-aws-operation-name: DescribeImportSnapshotTasks - operationId: GET_DescribeImportSnapshotTasks - description: Describes your import snapshot tasks. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeImportSnapshotTasksResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filters - in: query - required: false - description: The filters. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: ImportTaskId - in: query - required: false - description: A list of import snapshot task IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImportSnapshotTaskId' - - xml: - name: ImportTaskId - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: A token that indicates the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeImportSnapshotTasks - operationId: POST_DescribeImportSnapshotTasks - description: Describes your import snapshot tasks. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeImportSnapshotTasksResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeImportSnapshotTasksRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeInstanceAttribute&Version=2016-11-15: - get: - x-aws-operation-name: DescribeInstanceAttribute - operationId: GET_DescribeInstanceAttribute - description: 'Describes the specified attribute of the specified instance. You can specify only one attribute at a time. Valid attribute values are: instanceType | kernel | ramdisk | userData | disableApiTermination | instanceInitiatedShutdownBehavior | rootDeviceName | blockDeviceMapping | productCodes | sourceDestCheck | groupSet | ebsOptimized | sriovNetSupport ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/InstanceAttribute' - parameters: - - name: Attribute - in: query - required: true - description: '

The instance attribute.

Note: The enaSupport attribute is not supported at this time.

' - schema: - type: string - enum: - - instanceType - - kernel - - ramdisk - - userData - - disableApiTermination - - instanceInitiatedShutdownBehavior - - rootDeviceName - - blockDeviceMapping - - productCodes - - sourceDestCheck - - groupSet - - ebsOptimized - - sriovNetSupport - - enaSupport - - enclaveOptions - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceId - in: query - required: true - description: The ID of the instance. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeInstanceAttribute - operationId: POST_DescribeInstanceAttribute - description: 'Describes the specified attribute of the specified instance. You can specify only one attribute at a time. Valid attribute values are: instanceType | kernel | ramdisk | userData | disableApiTermination | instanceInitiatedShutdownBehavior | rootDeviceName | blockDeviceMapping | productCodes | sourceDestCheck | groupSet | ebsOptimized | sriovNetSupport ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/InstanceAttribute' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceAttributeRequest' - parameters: [] - /?Action=DescribeInstanceCreditSpecifications&Version=2016-11-15: - get: - x-aws-operation-name: DescribeInstanceCreditSpecifications - operationId: GET_DescribeInstanceCreditSpecifications - description: '

Describes the credit option for CPU usage of the specified burstable performance instances. The credit options are standard and unlimited.

If you do not specify an instance ID, Amazon EC2 returns burstable performance instances with the unlimited credit option, as well as instances that were previously configured as T2, T3, and T3a with the unlimited credit option. For example, if you resize a T2 instance, while it is configured as unlimited, to an M4 instance, Amazon EC2 returns the M4 instance.

If you specify one or more instance IDs, Amazon EC2 returns the credit option (standard or unlimited) of those instances. If you specify an instance ID that is not valid, such as an instance that is not a burstable performance instance, an error is returned.

Recently terminated instances might appear in the returned results. This interval is usually less than one hour.

If an Availability Zone is experiencing a service disruption and you specify instance IDs in the affected zone, or do not specify any instance IDs at all, the call fails. If you specify only instance IDs in an unaffected zone, the call works normally.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceCreditSpecificationsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description:

The filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: InstanceId - in: query - required: false - description: '

The instance IDs.

Default: Describes all your instances.

Constraints: Maximum 1000 explicitly specified instance IDs.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceId' - - xml: - name: InstanceId - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 5 and 1000. You cannot specify this parameter and the instance IDs parameter in the same call.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeInstanceCreditSpecifications - operationId: POST_DescribeInstanceCreditSpecifications - description: '

Describes the credit option for CPU usage of the specified burstable performance instances. The credit options are standard and unlimited.

If you do not specify an instance ID, Amazon EC2 returns burstable performance instances with the unlimited credit option, as well as instances that were previously configured as T2, T3, and T3a with the unlimited credit option. For example, if you resize a T2 instance, while it is configured as unlimited, to an M4 instance, Amazon EC2 returns the M4 instance.

If you specify one or more instance IDs, Amazon EC2 returns the credit option (standard or unlimited) of those instances. If you specify an instance ID that is not valid, such as an instance that is not a burstable performance instance, an error is returned.

Recently terminated instances might appear in the returned results. This interval is usually less than one hour.

If an Availability Zone is experiencing a service disruption and you specify instance IDs in the affected zone, or do not specify any instance IDs at all, the call fails. If you specify only instance IDs in an unaffected zone, the call works normally.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceCreditSpecificationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceCreditSpecificationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeInstanceEventNotificationAttributes&Version=2016-11-15: - get: - x-aws-operation-name: DescribeInstanceEventNotificationAttributes - operationId: GET_DescribeInstanceEventNotificationAttributes - description: Describes the tag keys that are registered to appear in scheduled event notifications for resources in the current Region. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceEventNotificationAttributesResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeInstanceEventNotificationAttributes - operationId: POST_DescribeInstanceEventNotificationAttributes - description: Describes the tag keys that are registered to appear in scheduled event notifications for resources in the current Region. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceEventNotificationAttributesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceEventNotificationAttributesRequest' - parameters: [] - /?Action=DescribeInstanceEventWindows&Version=2016-11-15: - get: - x-aws-operation-name: DescribeInstanceEventWindows - operationId: GET_DescribeInstanceEventWindows - description: '

Describes the specified event windows or all event windows.

If you specify event window IDs, the output includes information for only the specified event windows. If you specify filters, the output includes information for only those event windows that meet the filter criteria. If you do not specify event windows IDs or filters, the output includes information for all event windows, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceEventWindowsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceEventWindowId - in: query - required: false - description: The IDs of the event windows. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowId' - - xml: - name: InstanceEventWindowId - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 20 and 500. You cannot specify this parameter and the event window IDs parameter in the same call.' - schema: - type: integer - minimum: 20 - maximum: 500 - - name: NextToken - in: query - required: false - description: The token to request the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeInstanceEventWindows - operationId: POST_DescribeInstanceEventWindows - description: '

Describes the specified event windows or all event windows.

If you specify event window IDs, the output includes information for only the specified event windows. If you specify filters, the output includes information for only those event windows that meet the filter criteria. If you do not specify event windows IDs or filters, the output includes information for all event windows, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceEventWindowsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceEventWindowsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeInstanceStatus&Version=2016-11-15: - get: - x-aws-operation-name: DescribeInstanceStatus - operationId: GET_DescribeInstanceStatus - description: '

Describes the status of the specified instances or all of your instances. By default, only running instances are described, unless you specifically indicate to return the status of all instances.

Instance status includes the following components:

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceStatusResult' - parameters: - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: InstanceId - in: query - required: false - description: '

The instance IDs.

Default: Describes all your instances.

Constraints: Maximum 100 explicitly specified instance IDs.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceId' - - xml: - name: InstanceId - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 5 and 1000. You cannot specify this parameter and the instance IDs parameter in the same call.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IncludeAllInstances - in: query - required: false - description: '

When true, includes the health status for all instances. When false, includes the health status for running instances only.

Default: false

' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeInstanceStatus - operationId: POST_DescribeInstanceStatus - description: '

Describes the status of the specified instances or all of your instances. By default, only running instances are described, unless you specifically indicate to return the status of all instances.

Instance status includes the following components:

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceStatusResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceStatusRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeInstanceTypeOfferings&Version=2016-11-15: - get: - x-aws-operation-name: DescribeInstanceTypeOfferings - operationId: GET_DescribeInstanceTypeOfferings - description: 'Returns a list of all instance types offered. The results can be filtered by location (Region or Availability Zone). If no location is specified, the instance types offered in the current Region are returned.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceTypeOfferingsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: LocationType - in: query - required: false - description: The location type. - schema: - type: string - enum: - - region - - availability-zone - - availability-zone-id - - name: Filter - in: query - required: false - description: '

One or more filters. Filter names and values are case-sensitive.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the next token value. - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeInstanceTypeOfferings - operationId: POST_DescribeInstanceTypeOfferings - description: 'Returns a list of all instance types offered. The results can be filtered by location (Region or Availability Zone). If no location is specified, the instance types offered in the current Region are returned.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceTypeOfferingsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceTypeOfferingsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeInstanceTypes&Version=2016-11-15: - get: - x-aws-operation-name: DescribeInstanceTypes - operationId: GET_DescribeInstanceTypes - description: Describes the details of the instance types that are offered in a location. The results can be filtered by the attributes of the instance types. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceTypesResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceType - in: query - required: false - description: 'The instance types. For more information, see Instance types in the Amazon EC2 User Guide.' - schema: - type: array - items: - $ref: '#/components/schemas/InstanceType' - minItems: 0 - maxItems: 100 - - name: Filter - in: query - required: false - description: '

One or more filters. Filter names and values are case-sensitive.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the next token value. - schema: - type: integer - minimum: 5 - maximum: 100 - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeInstanceTypes - operationId: POST_DescribeInstanceTypes - description: Describes the details of the instance types that are offered in a location. The results can be filtered by the attributes of the instance types. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceTypesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstanceTypesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeInstances&Version=2016-11-15: - get: - x-aws-operation-name: DescribeInstances - operationId: GET_DescribeInstances - description: '

Describes the specified instances or all instances.

If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.

If you specify an instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not included in the output.

Recently terminated instances might appear in the returned results. This interval is usually less than one hour.

If you describe instances in the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected zone, or do not specify any instance IDs at all, the call fails. If you describe instances and specify only instance IDs that are in an unaffected zone, the call works normally.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstancesResult' - parameters: - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: InstanceId - in: query - required: false - description: '

The instance IDs.

Default: Describes all your instances.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceId' - - xml: - name: InstanceId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 5 and 1000. You cannot specify this parameter and the instance IDs parameter in the same call.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token to request the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeInstances - operationId: POST_DescribeInstances - description: '

Describes the specified instances or all instances.

If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.

If you specify an instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not included in the output.

Recently terminated instances might appear in the returned results. This interval is usually less than one hour.

If you describe instances in the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected zone, or do not specify any instance IDs at all, the call fails. If you describe instances and specify only instance IDs that are in an unaffected zone, the call works normally.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstancesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInstancesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeInternetGateways&Version=2016-11-15: - get: - x-aws-operation-name: DescribeInternetGateways - operationId: GET_DescribeInternetGateways - description: Describes one or more of your internet gateways. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInternetGatewaysResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InternetGatewayId - in: query - required: false - description: '

One or more internet gateway IDs.

Default: Describes all your internet gateways.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InternetGatewayId' - - xml: - name: item - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeInternetGateways - operationId: POST_DescribeInternetGateways - description: Describes one or more of your internet gateways. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInternetGatewaysResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeInternetGatewaysRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeIpamPools&Version=2016-11-15: - get: - x-aws-operation-name: DescribeIpamPools - operationId: GET_DescribeIpamPools - description: Get information about your IPAM pools. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIpamPoolsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: 'One or more filters for the request. For more information about filtering, see Filtering CLI output.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: The maximum number of results to return in the request. - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: IpamPoolId - in: query - required: false - description: The IDs of the IPAM pools you would like information on. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeIpamPools - operationId: POST_DescribeIpamPools - description: Get information about your IPAM pools. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIpamPoolsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIpamPoolsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeIpamScopes&Version=2016-11-15: - get: - x-aws-operation-name: DescribeIpamScopes - operationId: GET_DescribeIpamScopes - description: Get information about your IPAM scopes. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIpamScopesResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: 'One or more filters for the request. For more information about filtering, see Filtering CLI output.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: The maximum number of results to return in the request. - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: IpamScopeId - in: query - required: false - description: The IDs of the scopes you want information on. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeIpamScopes - operationId: POST_DescribeIpamScopes - description: Get information about your IPAM scopes. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIpamScopesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIpamScopesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeIpams&Version=2016-11-15: - get: - x-aws-operation-name: DescribeIpams - operationId: GET_DescribeIpams - description: '

Get information about your IPAM pools.

For more information, see What is IPAM? in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIpamsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: 'One or more filters for the request. For more information about filtering, see Filtering CLI output.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: The maximum number of results to return in the request. - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: IpamId - in: query - required: false - description: The IDs of the IPAMs you want information on. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeIpams - operationId: POST_DescribeIpams - description: '

Get information about your IPAM pools.

For more information, see What is IPAM? in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIpamsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIpamsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeIpv6Pools&Version=2016-11-15: - get: - x-aws-operation-name: DescribeIpv6Pools - operationId: GET_DescribeIpv6Pools - description: Describes your IPv6 address pools. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIpv6PoolsResult' - parameters: - - name: PoolId - in: query - required: false - description: The IDs of the IPv6 address pools. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv6PoolEc2Id' - - xml: - name: item - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 1 - maximum: 1000 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeIpv6Pools - operationId: POST_DescribeIpv6Pools - description: Describes your IPv6 address pools. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIpv6PoolsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeIpv6PoolsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeKeyPairs&Version=2016-11-15: - get: - x-aws-operation-name: DescribeKeyPairs - operationId: GET_DescribeKeyPairs - description: '

Describes the specified key pairs or all of your key pairs.

For more information about key pairs, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeKeyPairsResult' - parameters: - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: KeyName - in: query - required: false - description: '

The key pair names.

Default: Describes all of your key pairs.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/KeyPairName' - - xml: - name: KeyName - - name: KeyPairId - in: query - required: false - description: The IDs of the key pairs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/KeyPairId' - - xml: - name: KeyPairId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IncludePublicKey - in: query - required: false - description: '

If true, the public key material is included in the response.

Default: false

' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeKeyPairs - operationId: POST_DescribeKeyPairs - description: '

Describes the specified key pairs or all of your key pairs.

For more information about key pairs, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeKeyPairsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeKeyPairsRequest' - parameters: [] - /?Action=DescribeLaunchTemplateVersions&Version=2016-11-15: - get: - x-aws-operation-name: DescribeLaunchTemplateVersions - operationId: GET_DescribeLaunchTemplateVersions - description: 'Describes one or more versions of a specified launch template. You can describe all versions, individual versions, or a range of versions. You can also describe all the latest versions or all the default versions of all the launch templates in your account.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLaunchTemplateVersionsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: LaunchTemplateId - in: query - required: false - description: 'The ID of the launch template. To describe one or more versions of a specified launch template, you must specify either the launch template ID or the launch template name in the request. To describe all the latest or default launch template versions in your account, you must omit this parameter.' - schema: - type: string - - name: LaunchTemplateName - in: query - required: false - description: 'The name of the launch template. To describe one or more versions of a specified launch template, you must specify either the launch template ID or the launch template name in the request. To describe all the latest or default launch template versions in your account, you must omit this parameter.' - schema: - type: string - pattern: '[a-zA-Z0-9\(\)\.\-/_]+' - minLength: 3 - maxLength: 128 - - name: LaunchTemplateVersion - in: query - required: false - description: '

One or more versions of the launch template. Valid values depend on whether you are describing a specified launch template (by ID or name) or all launch templates in your account.

To describe one or more versions of a specified launch template, valid values are $Latest, $Default, and numbers.

To describe all launch templates in your account that are defined as the latest version, the valid value is $Latest. To describe all launch templates in your account that are defined as the default version, the valid value is $Default. You can specify $Latest and $Default in the same call. You cannot specify numbers.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: MinVersion - in: query - required: false - description: The version number after which to describe launch template versions. - schema: - type: string - - name: MaxVersion - in: query - required: false - description: The version number up to which to describe launch template versions. - schema: - type: string - - name: NextToken - in: query - required: false - description: The token to request the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 1 and 200.' - schema: - type: integer - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeLaunchTemplateVersions - operationId: POST_DescribeLaunchTemplateVersions - description: 'Describes one or more versions of a specified launch template. You can describe all versions, individual versions, or a range of versions. You can also describe all the latest versions or all the default versions of all the launch templates in your account.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLaunchTemplateVersionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLaunchTemplateVersionsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeLaunchTemplates&Version=2016-11-15: - get: - x-aws-operation-name: DescribeLaunchTemplates - operationId: GET_DescribeLaunchTemplates - description: Describes one or more launch templates. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLaunchTemplatesResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: LaunchTemplateId - in: query - required: false - description: One or more launch template IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateId' - - xml: - name: item - - name: LaunchTemplateName - in: query - required: false - description: One or more launch template names. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateName' - - xml: - name: item - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: NextToken - in: query - required: false - description: The token to request the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 1 and 200.' - schema: - type: integer - minimum: 1 - maximum: 200 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeLaunchTemplates - operationId: POST_DescribeLaunchTemplates - description: Describes one or more launch templates. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLaunchTemplatesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLaunchTemplatesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations&Version=2016-11-15: - get: - x-aws-operation-name: DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations - operationId: GET_DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations - description: Describes the associations between virtual interface groups and local gateway route tables. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsResult' - parameters: - - name: LocalGatewayRouteTableVirtualInterfaceGroupAssociationId - in: query - required: false - description: The IDs of the associations. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableVirtualInterfaceGroupAssociationId' - - xml: - name: item - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations - operationId: POST_DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations - description: Describes the associations between virtual interface groups and local gateway route tables. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeLocalGatewayRouteTableVpcAssociations&Version=2016-11-15: - get: - x-aws-operation-name: DescribeLocalGatewayRouteTableVpcAssociations - operationId: GET_DescribeLocalGatewayRouteTableVpcAssociations - description: Describes the specified associations between VPCs and local gateway route tables. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewayRouteTableVpcAssociationsResult' - parameters: - - name: LocalGatewayRouteTableVpcAssociationId - in: query - required: false - description: The IDs of the associations. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociationId' - - xml: - name: item - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeLocalGatewayRouteTableVpcAssociations - operationId: POST_DescribeLocalGatewayRouteTableVpcAssociations - description: Describes the specified associations between VPCs and local gateway route tables. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewayRouteTableVpcAssociationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewayRouteTableVpcAssociationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeLocalGatewayRouteTables&Version=2016-11-15: - get: - x-aws-operation-name: DescribeLocalGatewayRouteTables - operationId: GET_DescribeLocalGatewayRouteTables - description: 'Describes one or more local gateway route tables. By default, all local gateway route tables are described. Alternatively, you can filter the results.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewayRouteTablesResult' - parameters: - - name: LocalGatewayRouteTableId - in: query - required: false - description: The IDs of the local gateway route tables. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayRoutetableId' - - xml: - name: item - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeLocalGatewayRouteTables - operationId: POST_DescribeLocalGatewayRouteTables - description: 'Describes one or more local gateway route tables. By default, all local gateway route tables are described. Alternatively, you can filter the results.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewayRouteTablesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewayRouteTablesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeLocalGatewayVirtualInterfaceGroups&Version=2016-11-15: - get: - x-aws-operation-name: DescribeLocalGatewayVirtualInterfaceGroups - operationId: GET_DescribeLocalGatewayVirtualInterfaceGroups - description: Describes the specified local gateway virtual interface groups. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewayVirtualInterfaceGroupsResult' - parameters: - - name: LocalGatewayVirtualInterfaceGroupId - in: query - required: false - description: The IDs of the virtual interface groups. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroupId' - - xml: - name: item - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeLocalGatewayVirtualInterfaceGroups - operationId: POST_DescribeLocalGatewayVirtualInterfaceGroups - description: Describes the specified local gateway virtual interface groups. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewayVirtualInterfaceGroupsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewayVirtualInterfaceGroupsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeLocalGatewayVirtualInterfaces&Version=2016-11-15: - get: - x-aws-operation-name: DescribeLocalGatewayVirtualInterfaces - operationId: GET_DescribeLocalGatewayVirtualInterfaces - description: Describes the specified local gateway virtual interfaces. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewayVirtualInterfacesResult' - parameters: - - name: LocalGatewayVirtualInterfaceId - in: query - required: false - description: The IDs of the virtual interfaces. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceId' - - xml: - name: item - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeLocalGatewayVirtualInterfaces - operationId: POST_DescribeLocalGatewayVirtualInterfaces - description: Describes the specified local gateway virtual interfaces. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewayVirtualInterfacesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewayVirtualInterfacesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeLocalGateways&Version=2016-11-15: - get: - x-aws-operation-name: DescribeLocalGateways - operationId: GET_DescribeLocalGateways - description: 'Describes one or more local gateways. By default, all local gateways are described. Alternatively, you can filter the results.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewaysResult' - parameters: - - name: LocalGatewayId - in: query - required: false - description: The IDs of the local gateways. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayId' - - xml: - name: item - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeLocalGateways - operationId: POST_DescribeLocalGateways - description: 'Describes one or more local gateways. By default, all local gateways are described. Alternatively, you can filter the results.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewaysResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeLocalGatewaysRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeManagedPrefixLists&Version=2016-11-15: - get: - x-aws-operation-name: DescribeManagedPrefixLists - operationId: GET_DescribeManagedPrefixLists - description: '

Describes your managed prefix lists and any Amazon Web Services-managed prefix lists.

To view the entries for your prefix list, use GetManagedPrefixListEntries.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeManagedPrefixListsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 1 - maximum: 100 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: PrefixListId - in: query - required: false - description: One or more prefix list IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeManagedPrefixLists - operationId: POST_DescribeManagedPrefixLists - description: '

Describes your managed prefix lists and any Amazon Web Services-managed prefix lists.

To view the entries for your prefix list, use GetManagedPrefixListEntries.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeManagedPrefixListsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeManagedPrefixListsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeMovingAddresses&Version=2016-11-15: - get: - x-aws-operation-name: DescribeMovingAddresses - operationId: GET_DescribeMovingAddresses - description: 'Describes your Elastic IP addresses that are being moved to the EC2-VPC platform, or that are being restored to the EC2-Classic platform. This request does not return information about any other Elastic IP addresses in your account.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeMovingAddressesResult' - parameters: - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: MaxResults - in: query - required: false - description: '

The maximum number of results to return for the request in a single page. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. This value can be between 5 and 1000; if MaxResults is given a value outside of this range, an error is returned.

Default: If no value is provided, the default is 1000.

' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: PublicIp - in: query - required: false - description: One or more Elastic IP addresses. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeMovingAddresses - operationId: POST_DescribeMovingAddresses - description: 'Describes your Elastic IP addresses that are being moved to the EC2-VPC platform, or that are being restored to the EC2-Classic platform. This request does not return information about any other Elastic IP addresses in your account.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeMovingAddressesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeMovingAddressesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeNatGateways&Version=2016-11-15: - get: - x-aws-operation-name: DescribeNatGateways - operationId: GET_DescribeNatGateways - description: Describes one or more of your NAT gateways. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNatGatewaysResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NatGatewayId - in: query - required: false - description: One or more NAT gateway IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/NatGatewayId' - - xml: - name: item - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeNatGateways - operationId: POST_DescribeNatGateways - description: Describes one or more of your NAT gateways. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNatGatewaysResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNatGatewaysRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeNetworkAcls&Version=2016-11-15: - get: - x-aws-operation-name: DescribeNetworkAcls - operationId: GET_DescribeNetworkAcls - description: '

Describes one or more of your network ACLs.

For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkAclsResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NetworkAclId - in: query - required: false - description: '

One or more network ACL IDs.

Default: Describes all your network ACLs.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkAclId' - - xml: - name: item - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeNetworkAcls - operationId: POST_DescribeNetworkAcls - description: '

Describes one or more of your network ACLs.

For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkAclsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkAclsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeNetworkInsightsAccessScopeAnalyses&Version=2016-11-15: - get: - x-aws-operation-name: DescribeNetworkInsightsAccessScopeAnalyses - operationId: GET_DescribeNetworkInsightsAccessScopeAnalyses - description: Describes the specified Network Access Scope analyses. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInsightsAccessScopeAnalysesResult' - parameters: - - name: NetworkInsightsAccessScopeAnalysisId - in: query - required: false - description: The IDs of the Network Access Scope analyses. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysisId' - - xml: - name: item - - name: NetworkInsightsAccessScopeId - in: query - required: false - description: The ID of the Network Access Scope. - schema: - type: string - - name: AnalysisStartTimeBegin - in: query - required: false - description: Filters the results based on the start time. The analysis must have started on or after this time. - schema: - type: string - format: date-time - - name: AnalysisStartTimeEnd - in: query - required: false - description: Filters the results based on the start time. The analysis must have started on or before this time. - schema: - type: string - format: date-time - - name: Filter - in: query - required: false - description: There are no supported filters. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 1 - maximum: 100 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeNetworkInsightsAccessScopeAnalyses - operationId: POST_DescribeNetworkInsightsAccessScopeAnalyses - description: Describes the specified Network Access Scope analyses. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInsightsAccessScopeAnalysesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInsightsAccessScopeAnalysesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeNetworkInsightsAccessScopes&Version=2016-11-15: - get: - x-aws-operation-name: DescribeNetworkInsightsAccessScopes - operationId: GET_DescribeNetworkInsightsAccessScopes - description: Describes the specified Network Access Scopes. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInsightsAccessScopesResult' - parameters: - - name: NetworkInsightsAccessScopeId - in: query - required: false - description: The IDs of the Network Access Scopes. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' - - xml: - name: item - - name: Filter - in: query - required: false - description: There are no supported filters. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 1 - maximum: 100 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeNetworkInsightsAccessScopes - operationId: POST_DescribeNetworkInsightsAccessScopes - description: Describes the specified Network Access Scopes. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInsightsAccessScopesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInsightsAccessScopesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeNetworkInsightsAnalyses&Version=2016-11-15: - get: - x-aws-operation-name: DescribeNetworkInsightsAnalyses - operationId: GET_DescribeNetworkInsightsAnalyses - description: Describes one or more of your network insights analyses. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInsightsAnalysesResult' - parameters: - - name: NetworkInsightsAnalysisId - in: query - required: false - description: The ID of the network insights analyses. You must specify either analysis IDs or a path ID. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAnalysisId' - - xml: - name: item - - name: NetworkInsightsPathId - in: query - required: false - description: The ID of the path. You must specify either a path ID or analysis IDs. - schema: - type: string - - name: AnalysisStartTime - in: query - required: false - description: The time when the network insights analyses started. - schema: - type: string - format: date-time - - name: AnalysisEndTime - in: query - required: false - description: The time when the network insights analyses ended. - schema: - type: string - format: date-time - - name: Filter - in: query - required: false - description: '

The filters. The following are the possible values:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 1 - maximum: 100 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeNetworkInsightsAnalyses - operationId: POST_DescribeNetworkInsightsAnalyses - description: Describes one or more of your network insights analyses. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInsightsAnalysesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInsightsAnalysesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeNetworkInsightsPaths&Version=2016-11-15: - get: - x-aws-operation-name: DescribeNetworkInsightsPaths - operationId: GET_DescribeNetworkInsightsPaths - description: Describes one or more of your paths. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInsightsPathsResult' - parameters: - - name: NetworkInsightsPathId - in: query - required: false - description: The IDs of the paths. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInsightsPathId' - - xml: - name: item - - name: Filter - in: query - required: false - description: '

The filters. The following are the possible values:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 1 - maximum: 100 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeNetworkInsightsPaths - operationId: POST_DescribeNetworkInsightsPaths - description: Describes one or more of your paths. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInsightsPathsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInsightsPathsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeNetworkInterfaceAttribute&Version=2016-11-15: - get: - x-aws-operation-name: DescribeNetworkInterfaceAttribute - operationId: GET_DescribeNetworkInterfaceAttribute - description: Describes a network interface attribute. You can specify only one attribute at a time. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInterfaceAttributeResult' - parameters: - - name: Attribute - in: query - required: false - description: The attribute of the network interface. This parameter is required. - schema: - type: string - enum: - - description - - groupSet - - sourceDestCheck - - attachment - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NetworkInterfaceId - in: query - required: true - description: The ID of the network interface. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeNetworkInterfaceAttribute - operationId: POST_DescribeNetworkInterfaceAttribute - description: Describes a network interface attribute. You can specify only one attribute at a time. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInterfaceAttributeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInterfaceAttributeRequest' - parameters: [] - /?Action=DescribeNetworkInterfacePermissions&Version=2016-11-15: - get: - x-aws-operation-name: DescribeNetworkInterfacePermissions - operationId: GET_DescribeNetworkInterfacePermissions - description: 'Describes the permissions for your network interfaces. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInterfacePermissionsResult' - parameters: - - name: NetworkInterfacePermissionId - in: query - required: false - description: One or more network interface permission IDs. - schema: - type: array - items: - $ref: '#/components/schemas/NetworkInterfacePermissionId' - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: NextToken - in: query - required: false - description: The token to request the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. If this parameter is not specified, up to 50 results are returned by default.' - schema: - type: integer - minimum: 5 - maximum: 255 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeNetworkInterfacePermissions - operationId: POST_DescribeNetworkInterfacePermissions - description: 'Describes the permissions for your network interfaces. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInterfacePermissionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInterfacePermissionsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeNetworkInterfaces&Version=2016-11-15: - get: - x-aws-operation-name: DescribeNetworkInterfaces - operationId: GET_DescribeNetworkInterfaces - description: Describes one or more of your network interfaces. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInterfacesResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NetworkInterfaceId - in: query - required: false - description: '

One or more network interface IDs.

Default: Describes all your network interfaces.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - xml: - name: item - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results. You cannot specify this parameter and the network interface IDs parameter in the same request. - schema: - type: integer - minimum: 5 - maximum: 1000 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeNetworkInterfaces - operationId: POST_DescribeNetworkInterfaces - description: Describes one or more of your network interfaces. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInterfacesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeNetworkInterfacesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribePlacementGroups&Version=2016-11-15: - get: - x-aws-operation-name: DescribePlacementGroups - operationId: GET_DescribePlacementGroups - description: 'Describes the specified placement groups or all of your placement groups. For more information, see Placement groups in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribePlacementGroupsResult' - parameters: - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: GroupName - in: query - required: false - description: '

The names of the placement groups.

Default: Describes all your placement groups, or only those otherwise specified.

' - schema: - type: array - items: - $ref: '#/components/schemas/PlacementGroupName' - - name: GroupId - in: query - required: false - description: The IDs of the placement groups. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/PlacementGroupId' - - xml: - name: GroupId - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribePlacementGroups - operationId: POST_DescribePlacementGroups - description: 'Describes the specified placement groups or all of your placement groups. For more information, see Placement groups in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribePlacementGroupsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribePlacementGroupsRequest' - parameters: [] - /?Action=DescribePrefixLists&Version=2016-11-15: - get: - x-aws-operation-name: DescribePrefixLists - operationId: GET_DescribePrefixLists - description: '

Describes available Amazon Web Services services in a prefix list format, which includes the prefix list name and prefix list ID of the service and the IP address range for the service.

We recommend that you use DescribeManagedPrefixLists instead.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribePrefixListsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: PrefixListId - in: query - required: false - description: One or more prefix list IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/PrefixListResourceId' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribePrefixLists - operationId: POST_DescribePrefixLists - description: '

Describes available Amazon Web Services services in a prefix list format, which includes the prefix list name and prefix list ID of the service and the IP address range for the service.

We recommend that you use DescribeManagedPrefixLists instead.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribePrefixListsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribePrefixListsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribePrincipalIdFormat&Version=2016-11-15: - get: - x-aws-operation-name: DescribePrincipalIdFormat - operationId: GET_DescribePrincipalIdFormat - description: '

Describes the ID format settings for the root user and all IAM roles and IAM users that have explicitly specified a longer ID (17-character ID) preference.

By default, all IAM roles and IAM users default to the same ID settings as the root user, unless they explicitly override the settings. This request is useful for identifying those IAM users and IAM roles that have overridden the default ID settings.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribePrincipalIdFormatResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Resource - in: query - required: false - description: 'The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway ' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. ' - schema: - type: integer - minimum: 1 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token to request the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribePrincipalIdFormat - operationId: POST_DescribePrincipalIdFormat - description: '

Describes the ID format settings for the root user and all IAM roles and IAM users that have explicitly specified a longer ID (17-character ID) preference.

By default, all IAM roles and IAM users default to the same ID settings as the root user, unless they explicitly override the settings. This request is useful for identifying those IAM users and IAM roles that have overridden the default ID settings.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribePrincipalIdFormatResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribePrincipalIdFormatRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribePublicIpv4Pools&Version=2016-11-15: - get: - x-aws-operation-name: DescribePublicIpv4Pools - operationId: GET_DescribePublicIpv4Pools - description: Describes the specified IPv4 address pools. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribePublicIpv4PoolsResult' - parameters: - - name: PoolId - in: query - required: false - description: The IDs of the address pools. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv4PoolEc2Id' - - xml: - name: item - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 1 - maximum: 10 - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribePublicIpv4Pools - operationId: POST_DescribePublicIpv4Pools - description: Describes the specified IPv4 address pools. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribePublicIpv4PoolsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribePublicIpv4PoolsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeRegions&Version=2016-11-15: - get: - x-aws-operation-name: DescribeRegions - operationId: GET_DescribeRegions - description: '

Describes the Regions that are enabled for your account, or all Regions.

For a list of the Regions supported by Amazon EC2, see Amazon Elastic Compute Cloud endpoints and quotas.

For information about enabling and disabling Regions for your account, see Managing Amazon Web Services Regions in the Amazon Web Services General Reference.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeRegionsResult' - parameters: - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: RegionName - in: query - required: false - description: 'The names of the Regions. You can specify any Regions, whether they are enabled and disabled for your account.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: RegionName - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: AllRegions - in: query - required: false - description: 'Indicates whether to display all Regions, including Regions that are disabled for your account.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeRegions - operationId: POST_DescribeRegions - description: '

Describes the Regions that are enabled for your account, or all Regions.

For a list of the Regions supported by Amazon EC2, see Amazon Elastic Compute Cloud endpoints and quotas.

For information about enabling and disabling Regions for your account, see Managing Amazon Web Services Regions in the Amazon Web Services General Reference.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeRegionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeRegionsRequest' - parameters: [] - /?Action=DescribeReplaceRootVolumeTasks&Version=2016-11-15: - get: - x-aws-operation-name: DescribeReplaceRootVolumeTasks - operationId: GET_DescribeReplaceRootVolumeTasks - description: 'Describes a root volume replacement task. For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeReplaceRootVolumeTasksResult' - parameters: - - name: ReplaceRootVolumeTaskId - in: query - required: false - description: The ID of the root volume replacement task to view. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReplaceRootVolumeTaskId' - - xml: - name: ReplaceRootVolumeTaskId - - name: Filter - in: query - required: false - description: '

Filter to use:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 1 - maximum: 50 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeReplaceRootVolumeTasks - operationId: POST_DescribeReplaceRootVolumeTasks - description: 'Describes a root volume replacement task. For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeReplaceRootVolumeTasksResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeReplaceRootVolumeTasksRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeReservedInstances&Version=2016-11-15: - get: - x-aws-operation-name: DescribeReservedInstances - operationId: GET_DescribeReservedInstances - description: '

Describes one or more of the Reserved Instances that you purchased.

For more information about Reserved Instances, see Reserved Instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeReservedInstancesResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: OfferingClass - in: query - required: false - description: Describes whether the Reserved Instance is Standard or Convertible. - schema: - type: string - enum: - - standard - - convertible - - name: ReservedInstancesId - in: query - required: false - description: '

One or more Reserved Instance IDs.

Default: Describes all your Reserved Instances, or only those otherwise specified.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservationId' - - xml: - name: ReservedInstancesId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: OfferingType - in: query - required: false - description: 'The Reserved Instance offering type. If you are using tools that predate the 2011-11-01 API version, you only have access to the Medium Utilization Reserved Instance offering type.' - schema: - type: string - enum: - - Heavy Utilization - - Medium Utilization - - Light Utilization - - No Upfront - - Partial Upfront - - All Upfront - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeReservedInstances - operationId: POST_DescribeReservedInstances - description: '

Describes one or more of the Reserved Instances that you purchased.

For more information about Reserved Instances, see Reserved Instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeReservedInstancesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeReservedInstancesRequest' - parameters: [] - /?Action=DescribeReservedInstancesListings&Version=2016-11-15: - get: - x-aws-operation-name: DescribeReservedInstancesListings - operationId: GET_DescribeReservedInstancesListings - description: '

Describes your account''s Reserved Instance listings in the Reserved Instance Marketplace.

The Reserved Instance Marketplace matches sellers who want to resell Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.

As a seller, you choose to list some or all of your Reserved Instances, and you specify the upfront price to receive for them. Your Reserved Instances are then listed in the Reserved Instance Marketplace and are available for purchase.

As a buyer, you specify the configuration of the Reserved Instance to purchase, and the Marketplace matches what you''re searching for with what''s available. The Marketplace first sells the lowest priced Reserved Instances to you, and continues to sell available Reserved Instance listings to you until your demand is met. You are charged based on the total price of all of the listings that you purchase.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeReservedInstancesListingsResult' - parameters: - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: ReservedInstancesId - in: query - required: false - description: One or more Reserved Instance IDs. - schema: - type: string - - name: ReservedInstancesListingId - in: query - required: false - description: One or more Reserved Instance listing IDs. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeReservedInstancesListings - operationId: POST_DescribeReservedInstancesListings - description: '

Describes your account''s Reserved Instance listings in the Reserved Instance Marketplace.

The Reserved Instance Marketplace matches sellers who want to resell Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.

As a seller, you choose to list some or all of your Reserved Instances, and you specify the upfront price to receive for them. Your Reserved Instances are then listed in the Reserved Instance Marketplace and are available for purchase.

As a buyer, you specify the configuration of the Reserved Instance to purchase, and the Marketplace matches what you''re searching for with what''s available. The Marketplace first sells the lowest priced Reserved Instances to you, and continues to sell available Reserved Instance listings to you until your demand is met. You are charged based on the total price of all of the listings that you purchase.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeReservedInstancesListingsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeReservedInstancesListingsRequest' - parameters: [] - /?Action=DescribeReservedInstancesModifications&Version=2016-11-15: - get: - x-aws-operation-name: DescribeReservedInstancesModifications - operationId: GET_DescribeReservedInstancesModifications - description: '

Describes the modifications made to your Reserved Instances. If no parameter is specified, information about all your Reserved Instances modification requests is returned. If a modification ID is specified, only information about the specific modification is returned.

For more information, see Modifying Reserved Instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeReservedInstancesModificationsResult' - parameters: - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: ReservedInstancesModificationId - in: query - required: false - description: IDs for the submitted modification request. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservedInstancesModificationId' - - xml: - name: ReservedInstancesModificationId - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeReservedInstancesModifications - operationId: POST_DescribeReservedInstancesModifications - description: '

Describes the modifications made to your Reserved Instances. If no parameter is specified, information about all your Reserved Instances modification requests is returned. If a modification ID is specified, only information about the specific modification is returned.

For more information, see Modifying Reserved Instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeReservedInstancesModificationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeReservedInstancesModificationsRequest' - parameters: - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeReservedInstancesOfferings&Version=2016-11-15: - get: - x-aws-operation-name: DescribeReservedInstancesOfferings - operationId: GET_DescribeReservedInstancesOfferings - description: '

Describes Reserved Instance offerings that are available for purchase. With Reserved Instances, you purchase the right to launch instances for a period of time. During that time period, you do not receive insufficient capacity errors, and you pay a lower usage rate than the rate charged for On-Demand instances for the actual time used.

If you have listed your own Reserved Instances for sale in the Reserved Instance Marketplace, they will be excluded from these results. This is to ensure that you do not purchase your own Reserved Instances.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeReservedInstancesOfferingsResult' - parameters: - - name: AvailabilityZone - in: query - required: false - description: The Availability Zone in which the Reserved Instance can be used. - schema: - type: string - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: IncludeMarketplace - in: query - required: false - description: Include Reserved Instance Marketplace offerings in the response. - schema: - type: boolean - - name: InstanceType - in: query - required: false - description: 'The instance type that the reservation will cover (for example, m1.small). For more information, see Instance types in the Amazon EC2 User Guide.' - schema: - type: string - enum: - - a1.medium - - a1.large - - a1.xlarge - - a1.2xlarge - - a1.4xlarge - - a1.metal - - c1.medium - - c1.xlarge - - c3.large - - c3.xlarge - - c3.2xlarge - - c3.4xlarge - - c3.8xlarge - - c4.large - - c4.xlarge - - c4.2xlarge - - c4.4xlarge - - c4.8xlarge - - c5.large - - c5.xlarge - - c5.2xlarge - - c5.4xlarge - - c5.9xlarge - - c5.12xlarge - - c5.18xlarge - - c5.24xlarge - - c5.metal - - c5a.large - - c5a.xlarge - - c5a.2xlarge - - c5a.4xlarge - - c5a.8xlarge - - c5a.12xlarge - - c5a.16xlarge - - c5a.24xlarge - - c5ad.large - - c5ad.xlarge - - c5ad.2xlarge - - c5ad.4xlarge - - c5ad.8xlarge - - c5ad.12xlarge - - c5ad.16xlarge - - c5ad.24xlarge - - c5d.large - - c5d.xlarge - - c5d.2xlarge - - c5d.4xlarge - - c5d.9xlarge - - c5d.12xlarge - - c5d.18xlarge - - c5d.24xlarge - - c5d.metal - - c5n.large - - c5n.xlarge - - c5n.2xlarge - - c5n.4xlarge - - c5n.9xlarge - - c5n.18xlarge - - c5n.metal - - c6g.medium - - c6g.large - - c6g.xlarge - - c6g.2xlarge - - c6g.4xlarge - - c6g.8xlarge - - c6g.12xlarge - - c6g.16xlarge - - c6g.metal - - c6gd.medium - - c6gd.large - - c6gd.xlarge - - c6gd.2xlarge - - c6gd.4xlarge - - c6gd.8xlarge - - c6gd.12xlarge - - c6gd.16xlarge - - c6gd.metal - - c6gn.medium - - c6gn.large - - c6gn.xlarge - - c6gn.2xlarge - - c6gn.4xlarge - - c6gn.8xlarge - - c6gn.12xlarge - - c6gn.16xlarge - - c6i.large - - c6i.xlarge - - c6i.2xlarge - - c6i.4xlarge - - c6i.8xlarge - - c6i.12xlarge - - c6i.16xlarge - - c6i.24xlarge - - c6i.32xlarge - - c6i.metal - - cc1.4xlarge - - cc2.8xlarge - - cg1.4xlarge - - cr1.8xlarge - - d2.xlarge - - d2.2xlarge - - d2.4xlarge - - d2.8xlarge - - d3.xlarge - - d3.2xlarge - - d3.4xlarge - - d3.8xlarge - - d3en.xlarge - - d3en.2xlarge - - d3en.4xlarge - - d3en.6xlarge - - d3en.8xlarge - - d3en.12xlarge - - dl1.24xlarge - - f1.2xlarge - - f1.4xlarge - - f1.16xlarge - - g2.2xlarge - - g2.8xlarge - - g3.4xlarge - - g3.8xlarge - - g3.16xlarge - - g3s.xlarge - - g4ad.xlarge - - g4ad.2xlarge - - g4ad.4xlarge - - g4ad.8xlarge - - g4ad.16xlarge - - g4dn.xlarge - - g4dn.2xlarge - - g4dn.4xlarge - - g4dn.8xlarge - - g4dn.12xlarge - - g4dn.16xlarge - - g4dn.metal - - g5.xlarge - - g5.2xlarge - - g5.4xlarge - - g5.8xlarge - - g5.12xlarge - - g5.16xlarge - - g5.24xlarge - - g5.48xlarge - - g5g.xlarge - - g5g.2xlarge - - g5g.4xlarge - - g5g.8xlarge - - g5g.16xlarge - - g5g.metal - - hi1.4xlarge - - hpc6a.48xlarge - - hs1.8xlarge - - h1.2xlarge - - h1.4xlarge - - h1.8xlarge - - h1.16xlarge - - i2.xlarge - - i2.2xlarge - - i2.4xlarge - - i2.8xlarge - - i3.large - - i3.xlarge - - i3.2xlarge - - i3.4xlarge - - i3.8xlarge - - i3.16xlarge - - i3.metal - - i3en.large - - i3en.xlarge - - i3en.2xlarge - - i3en.3xlarge - - i3en.6xlarge - - i3en.12xlarge - - i3en.24xlarge - - i3en.metal - - im4gn.large - - im4gn.xlarge - - im4gn.2xlarge - - im4gn.4xlarge - - im4gn.8xlarge - - im4gn.16xlarge - - inf1.xlarge - - inf1.2xlarge - - inf1.6xlarge - - inf1.24xlarge - - is4gen.medium - - is4gen.large - - is4gen.xlarge - - is4gen.2xlarge - - is4gen.4xlarge - - is4gen.8xlarge - - m1.small - - m1.medium - - m1.large - - m1.xlarge - - m2.xlarge - - m2.2xlarge - - m2.4xlarge - - m3.medium - - m3.large - - m3.xlarge - - m3.2xlarge - - m4.large - - m4.xlarge - - m4.2xlarge - - m4.4xlarge - - m4.10xlarge - - m4.16xlarge - - m5.large - - m5.xlarge - - m5.2xlarge - - m5.4xlarge - - m5.8xlarge - - m5.12xlarge - - m5.16xlarge - - m5.24xlarge - - m5.metal - - m5a.large - - m5a.xlarge - - m5a.2xlarge - - m5a.4xlarge - - m5a.8xlarge - - m5a.12xlarge - - m5a.16xlarge - - m5a.24xlarge - - m5ad.large - - m5ad.xlarge - - m5ad.2xlarge - - m5ad.4xlarge - - m5ad.8xlarge - - m5ad.12xlarge - - m5ad.16xlarge - - m5ad.24xlarge - - m5d.large - - m5d.xlarge - - m5d.2xlarge - - m5d.4xlarge - - m5d.8xlarge - - m5d.12xlarge - - m5d.16xlarge - - m5d.24xlarge - - m5d.metal - - m5dn.large - - m5dn.xlarge - - m5dn.2xlarge - - m5dn.4xlarge - - m5dn.8xlarge - - m5dn.12xlarge - - m5dn.16xlarge - - m5dn.24xlarge - - m5dn.metal - - m5n.large - - m5n.xlarge - - m5n.2xlarge - - m5n.4xlarge - - m5n.8xlarge - - m5n.12xlarge - - m5n.16xlarge - - m5n.24xlarge - - m5n.metal - - m5zn.large - - m5zn.xlarge - - m5zn.2xlarge - - m5zn.3xlarge - - m5zn.6xlarge - - m5zn.12xlarge - - m5zn.metal - - m6a.large - - m6a.xlarge - - m6a.2xlarge - - m6a.4xlarge - - m6a.8xlarge - - m6a.12xlarge - - m6a.16xlarge - - m6a.24xlarge - - m6a.32xlarge - - m6a.48xlarge - - m6g.metal - - m6g.medium - - m6g.large - - m6g.xlarge - - m6g.2xlarge - - m6g.4xlarge - - m6g.8xlarge - - m6g.12xlarge - - m6g.16xlarge - - m6gd.metal - - m6gd.medium - - m6gd.large - - m6gd.xlarge - - m6gd.2xlarge - - m6gd.4xlarge - - m6gd.8xlarge - - m6gd.12xlarge - - m6gd.16xlarge - - m6i.large - - m6i.xlarge - - m6i.2xlarge - - m6i.4xlarge - - m6i.8xlarge - - m6i.12xlarge - - m6i.16xlarge - - m6i.24xlarge - - m6i.32xlarge - - m6i.metal - - mac1.metal - - p2.xlarge - - p2.8xlarge - - p2.16xlarge - - p3.2xlarge - - p3.8xlarge - - p3.16xlarge - - p3dn.24xlarge - - p4d.24xlarge - - r3.large - - r3.xlarge - - r3.2xlarge - - r3.4xlarge - - r3.8xlarge - - r4.large - - r4.xlarge - - r4.2xlarge - - r4.4xlarge - - r4.8xlarge - - r4.16xlarge - - r5.large - - r5.xlarge - - r5.2xlarge - - r5.4xlarge - - r5.8xlarge - - r5.12xlarge - - r5.16xlarge - - r5.24xlarge - - r5.metal - - r5a.large - - r5a.xlarge - - r5a.2xlarge - - r5a.4xlarge - - r5a.8xlarge - - r5a.12xlarge - - r5a.16xlarge - - r5a.24xlarge - - r5ad.large - - r5ad.xlarge - - r5ad.2xlarge - - r5ad.4xlarge - - r5ad.8xlarge - - r5ad.12xlarge - - r5ad.16xlarge - - r5ad.24xlarge - - r5b.large - - r5b.xlarge - - r5b.2xlarge - - r5b.4xlarge - - r5b.8xlarge - - r5b.12xlarge - - r5b.16xlarge - - r5b.24xlarge - - r5b.metal - - r5d.large - - r5d.xlarge - - r5d.2xlarge - - r5d.4xlarge - - r5d.8xlarge - - r5d.12xlarge - - r5d.16xlarge - - r5d.24xlarge - - r5d.metal - - r5dn.large - - r5dn.xlarge - - r5dn.2xlarge - - r5dn.4xlarge - - r5dn.8xlarge - - r5dn.12xlarge - - r5dn.16xlarge - - r5dn.24xlarge - - r5dn.metal - - r5n.large - - r5n.xlarge - - r5n.2xlarge - - r5n.4xlarge - - r5n.8xlarge - - r5n.12xlarge - - r5n.16xlarge - - r5n.24xlarge - - r5n.metal - - r6g.medium - - r6g.large - - r6g.xlarge - - r6g.2xlarge - - r6g.4xlarge - - r6g.8xlarge - - r6g.12xlarge - - r6g.16xlarge - - r6g.metal - - r6gd.medium - - r6gd.large - - r6gd.xlarge - - r6gd.2xlarge - - r6gd.4xlarge - - r6gd.8xlarge - - r6gd.12xlarge - - r6gd.16xlarge - - r6gd.metal - - r6i.large - - r6i.xlarge - - r6i.2xlarge - - r6i.4xlarge - - r6i.8xlarge - - r6i.12xlarge - - r6i.16xlarge - - r6i.24xlarge - - r6i.32xlarge - - r6i.metal - - t1.micro - - t2.nano - - t2.micro - - t2.small - - t2.medium - - t2.large - - t2.xlarge - - t2.2xlarge - - t3.nano - - t3.micro - - t3.small - - t3.medium - - t3.large - - t3.xlarge - - t3.2xlarge - - t3a.nano - - t3a.micro - - t3a.small - - t3a.medium - - t3a.large - - t3a.xlarge - - t3a.2xlarge - - t4g.nano - - t4g.micro - - t4g.small - - t4g.medium - - t4g.large - - t4g.xlarge - - t4g.2xlarge - - u-6tb1.56xlarge - - u-6tb1.112xlarge - - u-9tb1.112xlarge - - u-12tb1.112xlarge - - u-6tb1.metal - - u-9tb1.metal - - u-12tb1.metal - - u-18tb1.metal - - u-24tb1.metal - - vt1.3xlarge - - vt1.6xlarge - - vt1.24xlarge - - x1.16xlarge - - x1.32xlarge - - x1e.xlarge - - x1e.2xlarge - - x1e.4xlarge - - x1e.8xlarge - - x1e.16xlarge - - x1e.32xlarge - - x2iezn.2xlarge - - x2iezn.4xlarge - - x2iezn.6xlarge - - x2iezn.8xlarge - - x2iezn.12xlarge - - x2iezn.metal - - x2gd.medium - - x2gd.large - - x2gd.xlarge - - x2gd.2xlarge - - x2gd.4xlarge - - x2gd.8xlarge - - x2gd.12xlarge - - x2gd.16xlarge - - x2gd.metal - - z1d.large - - z1d.xlarge - - z1d.2xlarge - - z1d.3xlarge - - z1d.6xlarge - - z1d.12xlarge - - z1d.metal - - x2idn.16xlarge - - x2idn.24xlarge - - x2idn.32xlarge - - x2iedn.xlarge - - x2iedn.2xlarge - - x2iedn.4xlarge - - x2iedn.8xlarge - - x2iedn.16xlarge - - x2iedn.24xlarge - - x2iedn.32xlarge - - c6a.large - - c6a.xlarge - - c6a.2xlarge - - c6a.4xlarge - - c6a.8xlarge - - c6a.12xlarge - - c6a.16xlarge - - c6a.24xlarge - - c6a.32xlarge - - c6a.48xlarge - - c6a.metal - - m6a.metal - - i4i.large - - i4i.xlarge - - i4i.2xlarge - - i4i.4xlarge - - i4i.8xlarge - - i4i.16xlarge - - i4i.32xlarge - - name: MaxDuration - in: query - required: false - description: '

The maximum duration (in seconds) to filter when searching for offerings.

Default: 94608000 (3 years)

' - schema: - type: integer - - name: MaxInstanceCount - in: query - required: false - description: '

The maximum number of instances to filter when searching for offerings.

Default: 20

' - schema: - type: integer - - name: MinDuration - in: query - required: false - description: '

The minimum duration (in seconds) to filter when searching for offerings.

Default: 2592000 (1 month)

' - schema: - type: integer - - name: OfferingClass - in: query - required: false - description: The offering class of the Reserved Instance. Can be standard or convertible. - schema: - type: string - enum: - - standard - - convertible - - name: ProductDescription - in: query - required: false - description: The Reserved Instance product platform description. Instances that include (Amazon VPC) in the description are for use with Amazon VPC. - schema: - type: string - enum: - - Linux/UNIX - - Linux/UNIX (Amazon VPC) - - Windows - - Windows (Amazon VPC) - - name: ReservedInstancesOfferingId - in: query - required: false - description: One or more Reserved Instances offering IDs. - schema: - type: array - items: - $ref: '#/components/schemas/ReservedInstancesOfferingId' - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceTenancy - in: query - required: false - description: '

The tenancy of the instances covered by the reservation. A Reserved Instance with a tenancy of dedicated is applied to instances that run in a VPC on single-tenant hardware (i.e., Dedicated Instances).

Important: The host value cannot be used with this parameter. Use the default or dedicated values only.

Default: default

' - schema: - type: string - enum: - - default - - dedicated - - host - - name: MaxResults - in: query - required: false - description: '

The maximum number of results to return for the request in a single page. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. The maximum is 100.

Default: 100

' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - - name: OfferingType - in: query - required: false - description: 'The Reserved Instance offering type. If you are using tools that predate the 2011-11-01 API version, you only have access to the Medium Utilization Reserved Instance offering type. ' - schema: - type: string - enum: - - Heavy Utilization - - Medium Utilization - - Light Utilization - - No Upfront - - Partial Upfront - - All Upfront - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeReservedInstancesOfferings - operationId: POST_DescribeReservedInstancesOfferings - description: '

Describes Reserved Instance offerings that are available for purchase. With Reserved Instances, you purchase the right to launch instances for a period of time. During that time period, you do not receive insufficient capacity errors, and you pay a lower usage rate than the rate charged for On-Demand instances for the actual time used.

If you have listed your own Reserved Instances for sale in the Reserved Instance Marketplace, they will be excluded from these results. This is to ensure that you do not purchase your own Reserved Instances.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeReservedInstancesOfferingsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeReservedInstancesOfferingsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeRouteTables&Version=2016-11-15: - get: - x-aws-operation-name: DescribeRouteTables - operationId: GET_DescribeRouteTables - description: '

Describes one or more of your route tables.

Each subnet in your VPC must be associated with a route table. If a subnet is not explicitly associated with any route table, it is implicitly associated with the main route table. This command does not return the subnet ID for implicit associations.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeRouteTablesResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: RouteTableId - in: query - required: false - description: '

One or more route table IDs.

Default: Describes all your route tables.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/RouteTableId' - - xml: - name: item - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 100 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeRouteTables - operationId: POST_DescribeRouteTables - description: '

Describes one or more of your route tables.

Each subnet in your VPC must be associated with a route table. If a subnet is not explicitly associated with any route table, it is implicitly associated with the main route table. This command does not return the subnet ID for implicit associations.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeRouteTablesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeRouteTablesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeScheduledInstanceAvailability&Version=2016-11-15: - get: - x-aws-operation-name: DescribeScheduledInstanceAvailability - operationId: GET_DescribeScheduledInstanceAvailability - description: '

Finds available schedules that meet the specified criteria.

You can search for an available schedule no more than 3 months in advance. You must meet the minimum required duration of 1,200 hours per year. For example, the minimum daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the minimum monthly schedule is 100 hours.

After you find a schedule that meets your needs, call PurchaseScheduledInstances to purchase Scheduled Instances with that schedule.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeScheduledInstanceAvailabilityResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: FirstSlotStartTimeRange - in: query - required: true - description: The time period for the first schedule to start. - schema: - type: object - required: - - EarliestTime - - LatestTime - properties: - undefined: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The latest date and time, in UTC, for the Scheduled Instance to start. This value must be later than or equal to the earliest date and at most three months in the future.' - description: Describes the time period for a Scheduled Instance to start its first schedule. The time period must span less than one day. - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. This value can be between 5 and 300. The default value is 300. To retrieve the remaining results, make another call with the returned NextToken value.' - schema: - type: integer - minimum: 5 - maximum: 300 - - name: MaxSlotDurationInHours - in: query - required: false - description: 'The maximum available duration, in hours. This value must be greater than MinSlotDurationInHours and less than 1,720.' - schema: - type: integer - - name: MinSlotDurationInHours - in: query - required: false - description: 'The minimum available duration, in hours. The minimum required duration is 1,200 hours per year. For example, the minimum daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the minimum monthly schedule is 100 hours.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token for the next set of results. - schema: - type: string - - name: Recurrence - in: query - required: true - description: The schedule recurrence. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The interval quantity. The interval unit depends on the value of Frequency. For example, every 2 weeks or every 2 months.' - OccurrenceDay: - allOf: - - $ref: '#/components/schemas/String' - - description: The unit for OccurrenceDays (DayOfWeek or DayOfMonth). This value is required for a monthly schedule. You can't specify DayOfWeek with a weekly schedule. You can't specify this value with a daily schedule. - description: Describes the recurring schedule for a Scheduled Instance. - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeScheduledInstanceAvailability - operationId: POST_DescribeScheduledInstanceAvailability - description: '

Finds available schedules that meet the specified criteria.

You can search for an available schedule no more than 3 months in advance. You must meet the minimum required duration of 1,200 hours per year. For example, the minimum daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the minimum monthly schedule is 100 hours.

After you find a schedule that meets your needs, call PurchaseScheduledInstances to purchase Scheduled Instances with that schedule.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeScheduledInstanceAvailabilityResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeScheduledInstanceAvailabilityRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeScheduledInstances&Version=2016-11-15: - get: - x-aws-operation-name: DescribeScheduledInstances - operationId: GET_DescribeScheduledInstances - description: Describes the specified Scheduled Instances or all your Scheduled Instances. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeScheduledInstancesResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. This value can be between 5 and 300. The default value is 100. To retrieve the remaining results, make another call with the returned NextToken value.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token for the next set of results. - schema: - type: string - - name: ScheduledInstanceId - in: query - required: false - description: The Scheduled Instance IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ScheduledInstanceId' - - xml: - name: ScheduledInstanceId - - name: SlotStartTimeRange - in: query - required: false - description: The time period for the first schedule to start. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The latest date and time, in UTC, for the Scheduled Instance to start.' - description: Describes the time period for a Scheduled Instance to start its first schedule. - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeScheduledInstances - operationId: POST_DescribeScheduledInstances - description: Describes the specified Scheduled Instances or all your Scheduled Instances. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeScheduledInstancesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeScheduledInstancesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeSecurityGroupReferences&Version=2016-11-15: - get: - x-aws-operation-name: DescribeSecurityGroupReferences - operationId: GET_DescribeSecurityGroupReferences - description: '[VPC only] Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you''ve specified in this request.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSecurityGroupReferencesResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: GroupId - in: query - required: true - description: The IDs of the security groups in your account. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeSecurityGroupReferences - operationId: POST_DescribeSecurityGroupReferences - description: '[VPC only] Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you''ve specified in this request.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSecurityGroupReferencesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSecurityGroupReferencesRequest' - parameters: [] - /?Action=DescribeSecurityGroupRules&Version=2016-11-15: - get: - x-aws-operation-name: DescribeSecurityGroupRules - operationId: GET_DescribeSecurityGroupRules - description: Describes one or more of your security group rules. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSecurityGroupRulesResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: SecurityGroupRuleId - in: query - required: false - description: The IDs of the security group rules. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another request with the returned NextToken value. This value can be between 5 and 1000. If this parameter is not specified, then all results are returned.' - schema: - type: integer - minimum: 5 - maximum: 1000 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeSecurityGroupRules - operationId: POST_DescribeSecurityGroupRules - description: Describes one or more of your security group rules. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSecurityGroupRulesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSecurityGroupRulesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeSecurityGroups&Version=2016-11-15: - get: - x-aws-operation-name: DescribeSecurityGroups - operationId: GET_DescribeSecurityGroups - description: '

Describes the specified security groups or all of your security groups.

A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For more information, see Amazon EC2 security groups in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSecurityGroupsResult' - parameters: - - name: Filter - in: query - required: false - description: '

The filters. If using multiple filters for rules, the results include security groups for which any combination of rules - not necessarily a single rule - match all filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: GroupId - in: query - required: false - description: '

The IDs of the security groups. Required for security groups in a nondefault VPC.

Default: Describes all of your security groups.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: groupId - - name: GroupName - in: query - required: false - description: '

[EC2-Classic and default VPC only] The names of the security groups. You can specify either the security group name or the security group ID. For security groups in a nondefault VPC, use the group-name filter to describe security groups by name.

Default: Describes all of your security groups.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupName' - - xml: - name: GroupName - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NextToken - in: query - required: false - description: The token to request the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another request with the returned NextToken value. This value can be between 5 and 1000. If this parameter is not specified, then all results are returned.' - schema: - type: integer - minimum: 5 - maximum: 1000 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeSecurityGroups - operationId: POST_DescribeSecurityGroups - description: '

Describes the specified security groups or all of your security groups.

A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For more information, see Amazon EC2 security groups in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSecurityGroupsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSecurityGroupsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeSnapshotAttribute&Version=2016-11-15: - get: - x-aws-operation-name: DescribeSnapshotAttribute - operationId: GET_DescribeSnapshotAttribute - description: '

Describes the specified attribute of the specified snapshot. You can specify only one attribute at a time.

For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSnapshotAttributeResult' - parameters: - - name: Attribute - in: query - required: true - description: The snapshot attribute you would like to view. - schema: - type: string - enum: - - productCodes - - createVolumePermission - - name: SnapshotId - in: query - required: true - description: The ID of the EBS snapshot. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeSnapshotAttribute - operationId: POST_DescribeSnapshotAttribute - description: '

Describes the specified attribute of the specified snapshot. You can specify only one attribute at a time.

For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSnapshotAttributeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSnapshotAttributeRequest' - parameters: [] - /?Action=DescribeSnapshotTierStatus&Version=2016-11-15: - get: - x-aws-operation-name: DescribeSnapshotTierStatus - operationId: GET_DescribeSnapshotTierStatus - description: Describes the storage tier status of one or more Amazon EBS snapshots. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSnapshotTierStatusResult' - parameters: - - name: Filter - in: query - required: false - description:

The filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeSnapshotTierStatus - operationId: POST_DescribeSnapshotTierStatus - description: Describes the storage tier status of one or more Amazon EBS snapshots. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSnapshotTierStatusResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSnapshotTierStatusRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeSnapshots&Version=2016-11-15: - get: - x-aws-operation-name: DescribeSnapshots - operationId: GET_DescribeSnapshots - description: '

Describes the specified EBS snapshots available to you or all of the EBS snapshots available to you.

The snapshots available to you include public snapshots, private snapshots that you own, and private snapshots owned by other Amazon Web Services accounts for which you have explicit create volume permissions.

The create volume permissions fall into the following categories:

The list of snapshots returned can be filtered by specifying snapshot IDs, snapshot owners, or Amazon Web Services accounts with create volume permissions. If no options are specified, Amazon EC2 returns all snapshots for which you have create volume permissions.

If you specify one or more snapshot IDs, only snapshots that have the specified IDs are returned. If you specify an invalid snapshot ID, an error is returned. If you specify a snapshot ID for which you do not have access, it is not included in the returned results.

If you specify one or more snapshot owners using the OwnerIds option, only snapshots from the specified owners and for which you have access are returned. The results can include the Amazon Web Services account IDs of the specified owners, amazon for snapshots owned by Amazon, or self for snapshots that you own.

If you specify a list of restorable users, only snapshots with create snapshot permissions for those users are returned. You can specify Amazon Web Services account IDs (if you own the snapshots), self for snapshots for which you own or have explicit permissions, or all for public snapshots.

If you are describing a long list of snapshots, we recommend that you paginate the output to make the list more manageable. The MaxResults parameter sets the maximum number of results returned in a single page. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeSnapshots request to retrieve the remaining results.

To get the state of fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores.

For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSnapshotsResult' - parameters: - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of snapshot results returned by DescribeSnapshots in paginated output. When this parameter is used, DescribeSnapshots only returns MaxResults results in a single page along with a NextToken response element. The remaining results of the initial request can be seen by sending another DescribeSnapshots request with the returned NextToken value. This value can be between 5 and 1,000; if MaxResults is given a value larger than 1,000, only 1,000 results are returned. If this parameter is not used, then DescribeSnapshots returns all results. You cannot specify this parameter and the snapshot IDs parameter in the same request.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The NextToken value returned from a previous paginated DescribeSnapshots request where MaxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the NextToken value. This value is null when there are no more results to return. - schema: - type: string - - name: Owner - in: query - required: false - description: 'Scopes the results to snapshots with the specified owners. You can specify a combination of Amazon Web Services account IDs, self, and amazon.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: Owner - - name: RestorableBy - in: query - required: false - description: The IDs of the Amazon Web Services accounts that can create volumes from the snapshot. - schema: - type: array - items: - $ref: '#/components/schemas/String' - - name: SnapshotId - in: query - required: false - description: '

The snapshot IDs.

Default: Describes the snapshots for which you have create volume permissions.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SnapshotId' - - xml: - name: SnapshotId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeSnapshots - operationId: POST_DescribeSnapshots - description: '

Describes the specified EBS snapshots available to you or all of the EBS snapshots available to you.

The snapshots available to you include public snapshots, private snapshots that you own, and private snapshots owned by other Amazon Web Services accounts for which you have explicit create volume permissions.

The create volume permissions fall into the following categories:

The list of snapshots returned can be filtered by specifying snapshot IDs, snapshot owners, or Amazon Web Services accounts with create volume permissions. If no options are specified, Amazon EC2 returns all snapshots for which you have create volume permissions.

If you specify one or more snapshot IDs, only snapshots that have the specified IDs are returned. If you specify an invalid snapshot ID, an error is returned. If you specify a snapshot ID for which you do not have access, it is not included in the returned results.

If you specify one or more snapshot owners using the OwnerIds option, only snapshots from the specified owners and for which you have access are returned. The results can include the Amazon Web Services account IDs of the specified owners, amazon for snapshots owned by Amazon, or self for snapshots that you own.

If you specify a list of restorable users, only snapshots with create snapshot permissions for those users are returned. You can specify Amazon Web Services account IDs (if you own the snapshots), self for snapshots for which you own or have explicit permissions, or all for public snapshots.

If you are describing a long list of snapshots, we recommend that you paginate the output to make the list more manageable. The MaxResults parameter sets the maximum number of results returned in a single page. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeSnapshots request to retrieve the remaining results.

To get the state of fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores.

For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSnapshotsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSnapshotsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeSpotDatafeedSubscription&Version=2016-11-15: - get: - x-aws-operation-name: DescribeSpotDatafeedSubscription - operationId: GET_DescribeSpotDatafeedSubscription - description: 'Describes the data feed for Spot Instances. For more information, see Spot Instance data feed in the Amazon EC2 User Guide for Linux Instances.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotDatafeedSubscriptionResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeSpotDatafeedSubscription - operationId: POST_DescribeSpotDatafeedSubscription - description: 'Describes the data feed for Spot Instances. For more information, see Spot Instance data feed in the Amazon EC2 User Guide for Linux Instances.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotDatafeedSubscriptionResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotDatafeedSubscriptionRequest' - parameters: [] - /?Action=DescribeSpotFleetInstances&Version=2016-11-15: - get: - x-aws-operation-name: DescribeSpotFleetInstances - operationId: GET_DescribeSpotFleetInstances - description: Describes the running instances for the specified Spot Fleet. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotFleetInstancesResponse' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' - schema: - type: integer - minimum: 1 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next set of results. - schema: - type: string - - name: SpotFleetRequestId - in: query - required: true - description: The ID of the Spot Fleet request. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeSpotFleetInstances - operationId: POST_DescribeSpotFleetInstances - description: Describes the running instances for the specified Spot Fleet. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotFleetInstancesResponse' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotFleetInstancesRequest' - parameters: [] - /?Action=DescribeSpotFleetRequestHistory&Version=2016-11-15: - get: - x-aws-operation-name: DescribeSpotFleetRequestHistory - operationId: GET_DescribeSpotFleetRequestHistory - description: '

Describes the events for the specified Spot Fleet request during the specified time.

Spot Fleet events are delayed by up to 30 seconds before they can be described. This ensures that you can query by the last evaluated time and not miss a recorded event. Spot Fleet events are available for 48 hours.

For more information, see Monitor fleet events using Amazon EventBridge in the Amazon EC2 User Guide for Linux Instances.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotFleetRequestHistoryResponse' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: EventType - in: query - required: false - description: 'The type of events to describe. By default, all events are described.' - schema: - type: string - enum: - - instanceChange - - fleetRequestChange - - error - - information - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' - schema: - type: integer - minimum: 1 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next set of results. - schema: - type: string - - name: SpotFleetRequestId - in: query - required: true - description: The ID of the Spot Fleet request. - schema: - type: string - - name: StartTime - in: query - required: true - description: 'The starting date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - schema: - type: string - format: date-time - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeSpotFleetRequestHistory - operationId: POST_DescribeSpotFleetRequestHistory - description: '

Describes the events for the specified Spot Fleet request during the specified time.

Spot Fleet events are delayed by up to 30 seconds before they can be described. This ensures that you can query by the last evaluated time and not miss a recorded event. Spot Fleet events are available for 48 hours.

For more information, see Monitor fleet events using Amazon EventBridge in the Amazon EC2 User Guide for Linux Instances.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotFleetRequestHistoryResponse' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotFleetRequestHistoryRequest' - parameters: [] - /?Action=DescribeSpotFleetRequests&Version=2016-11-15: - get: - x-aws-operation-name: DescribeSpotFleetRequests - operationId: GET_DescribeSpotFleetRequests - description:

Describes your Spot Fleet requests.

Spot Fleet requests are deleted 48 hours after they are canceled and their instances are terminated.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotFleetRequestsResponse' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token for the next set of results. - schema: - type: string - - name: SpotFleetRequestId - in: query - required: false - description: The IDs of the Spot Fleet requests. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SpotFleetRequestId' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeSpotFleetRequests - operationId: POST_DescribeSpotFleetRequests - description:

Describes your Spot Fleet requests.

Spot Fleet requests are deleted 48 hours after they are canceled and their instances are terminated.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotFleetRequestsResponse' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotFleetRequestsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeSpotInstanceRequests&Version=2016-11-15: - get: - x-aws-operation-name: DescribeSpotInstanceRequests - operationId: GET_DescribeSpotInstanceRequests - description: '

Describes the specified Spot Instance requests.

You can use DescribeSpotInstanceRequests to find a running Spot Instance by examining the response. If the status of the Spot Instance is fulfilled, the instance ID appears in the response and contains the identifier of the instance. Alternatively, you can use DescribeInstances with a filter to look for instances where the instance lifecycle is spot.

We recommend that you set MaxResults to a value between 5 and 1000 to limit the number of results returned. This paginates the output, which makes the list more manageable and returns the results faster. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeSpotInstanceRequests request to retrieve the remaining results.

Spot Instance requests are deleted four hours after they are canceled and their instances are terminated.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotInstanceRequestsResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: SpotInstanceRequestId - in: query - required: false - description: One or more Spot Instance request IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SpotInstanceRequestId' - - xml: - name: SpotInstanceRequestId - - name: NextToken - in: query - required: false - description: The token to request the next set of results. This value is null when there are no more results to return. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. Specify a value between 5 and 1000. To retrieve the remaining results, make another call with the returned NextToken value.' - schema: - type: integer - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeSpotInstanceRequests - operationId: POST_DescribeSpotInstanceRequests - description: '

Describes the specified Spot Instance requests.

You can use DescribeSpotInstanceRequests to find a running Spot Instance by examining the response. If the status of the Spot Instance is fulfilled, the instance ID appears in the response and contains the identifier of the instance. Alternatively, you can use DescribeInstances with a filter to look for instances where the instance lifecycle is spot.

We recommend that you set MaxResults to a value between 5 and 1000 to limit the number of results returned. This paginates the output, which makes the list more manageable and returns the results faster. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeSpotInstanceRequests request to retrieve the remaining results.

Spot Instance requests are deleted four hours after they are canceled and their instances are terminated.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotInstanceRequestsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotInstanceRequestsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeSpotPriceHistory&Version=2016-11-15: - get: - x-aws-operation-name: DescribeSpotPriceHistory - operationId: GET_DescribeSpotPriceHistory - description: '

Describes the Spot price history. For more information, see Spot Instance pricing history in the Amazon EC2 User Guide for Linux Instances.

When you specify a start and end time, the operation returns the prices of the instance types within that time range. It also returns the last price change before the start time, which is the effective price as of the start time.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotPriceHistoryResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: AvailabilityZone - in: query - required: false - description: Filters the results by the specified Availability Zone. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: EndTime - in: query - required: false - description: 'The date and time, up to the current date, from which to stop retrieving the price history data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - schema: - type: string - format: date-time - - name: InstanceType - in: query - required: false - description: Filters the results by the specified instance types. - schema: - type: array - items: - $ref: '#/components/schemas/InstanceType' - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token for the next set of results. - schema: - type: string - - name: ProductDescription - in: query - required: false - description: Filters the results by the specified basic product descriptions. - schema: - type: array - items: - $ref: '#/components/schemas/String' - - name: StartTime - in: query - required: false - description: 'The date and time, up to the past 90 days, from which to start retrieving the price history data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - schema: - type: string - format: date-time - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeSpotPriceHistory - operationId: POST_DescribeSpotPriceHistory - description: '

Describes the Spot price history. For more information, see Spot Instance pricing history in the Amazon EC2 User Guide for Linux Instances.

When you specify a start and end time, the operation returns the prices of the instance types within that time range. It also returns the last price change before the start time, which is the effective price as of the start time.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotPriceHistoryResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSpotPriceHistoryRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeStaleSecurityGroups&Version=2016-11-15: - get: - x-aws-operation-name: DescribeStaleSecurityGroups - operationId: GET_DescribeStaleSecurityGroups - description: '[VPC only] Describes the stale security group rules for security groups in a specified VPC. Rules are stale when they reference a deleted security group in the same VPC or in a peer VPC, or if they reference a security group in a peer VPC for which the VPC peering connection has been deleted.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeStaleSecurityGroupsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: MaxResults - in: query - required: false - description: The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results. - schema: - type: integer - minimum: 5 - maximum: 255 - - name: NextToken - in: query - required: false - description: The token for the next set of items to return. (You received this token from a prior call.) - schema: - type: string - minLength: 1 - maxLength: 1024 - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeStaleSecurityGroups - operationId: POST_DescribeStaleSecurityGroups - description: '[VPC only] Describes the stale security group rules for security groups in a specified VPC. Rules are stale when they reference a deleted security group in the same VPC or in a peer VPC, or if they reference a security group in a peer VPC for which the VPC peering connection has been deleted.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeStaleSecurityGroupsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeStaleSecurityGroupsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeStoreImageTasks&Version=2016-11-15: - get: - x-aws-operation-name: DescribeStoreImageTasks - operationId: GET_DescribeStoreImageTasks - description: '

Describes the progress of the AMI store tasks. You can describe the store tasks for specified AMIs. If you don''t specify the AMIs, you get a paginated list of store tasks from the last 31 days.

For each AMI task, the response indicates if the task is InProgress, Completed, or Failed. For tasks InProgress, the response shows the estimated progress as a percentage.

Tasks are listed in reverse chronological order. Currently, only tasks from the past 31 days can be viewed.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeStoreImageTasksResult' - parameters: - - name: ImageId - in: query - required: false - description: The AMI IDs for which to show progress. Up to 20 AMI IDs can be included in a request. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImageId' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 1 and 200. You cannot specify this parameter and the ImageIDs parameter in the same call.' - schema: - type: integer - minimum: 1 - maximum: 200 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeStoreImageTasks - operationId: POST_DescribeStoreImageTasks - description: '

Describes the progress of the AMI store tasks. You can describe the store tasks for specified AMIs. If you don''t specify the AMIs, you get a paginated list of store tasks from the last 31 days.

For each AMI task, the response indicates if the task is InProgress, Completed, or Failed. For tasks InProgress, the response shows the estimated progress as a percentage.

Tasks are listed in reverse chronological order. Currently, only tasks from the past 31 days can be viewed.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeStoreImageTasksResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeStoreImageTasksRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeSubnets&Version=2016-11-15: - get: - x-aws-operation-name: DescribeSubnets - operationId: GET_DescribeSubnets - description: '

Describes one or more of your subnets.

For more information, see Your VPC and subnets in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSubnetsResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: SubnetId - in: query - required: false - description: '

One or more subnet IDs.

Default: Describes all your subnets.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SubnetId' - - xml: - name: SubnetId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeSubnets - operationId: POST_DescribeSubnets - description: '

Describes one or more of your subnets.

For more information, see Your VPC and subnets in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSubnetsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeSubnetsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeTags&Version=2016-11-15: - get: - x-aws-operation-name: DescribeTags - operationId: GET_DescribeTags - description: '

Describes the specified tags for your EC2 resources.

For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTagsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. This value can be between 5 and 1000. To retrieve the remaining results, make another call with the returned NextToken value.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeTags - operationId: POST_DescribeTags - description: '

Describes the specified tags for your EC2 resources.

For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTagsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTagsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeTrafficMirrorFilters&Version=2016-11-15: - get: - x-aws-operation-name: DescribeTrafficMirrorFilters - operationId: GET_DescribeTrafficMirrorFilters - description: Describes one or more Traffic Mirror filters. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTrafficMirrorFiltersResult' - parameters: - - name: TrafficMirrorFilterId - in: query - required: false - description: The ID of the Traffic Mirror filter. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrafficMirrorFilterId' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeTrafficMirrorFilters - operationId: POST_DescribeTrafficMirrorFilters - description: Describes one or more Traffic Mirror filters. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTrafficMirrorFiltersResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTrafficMirrorFiltersRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeTrafficMirrorSessions&Version=2016-11-15: - get: - x-aws-operation-name: DescribeTrafficMirrorSessions - operationId: GET_DescribeTrafficMirrorSessions - description: 'Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror sessions are described. Alternatively, you can filter the results.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTrafficMirrorSessionsResult' - parameters: - - name: TrafficMirrorSessionId - in: query - required: false - description: The ID of the Traffic Mirror session. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrafficMirrorSessionId' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeTrafficMirrorSessions - operationId: POST_DescribeTrafficMirrorSessions - description: 'Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror sessions are described. Alternatively, you can filter the results.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTrafficMirrorSessionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTrafficMirrorSessionsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeTrafficMirrorTargets&Version=2016-11-15: - get: - x-aws-operation-name: DescribeTrafficMirrorTargets - operationId: GET_DescribeTrafficMirrorTargets - description: Information about one or more Traffic Mirror targets. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTrafficMirrorTargetsResult' - parameters: - - name: TrafficMirrorTargetId - in: query - required: false - description: The ID of the Traffic Mirror targets. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrafficMirrorTargetId' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeTrafficMirrorTargets - operationId: POST_DescribeTrafficMirrorTargets - description: Information about one or more Traffic Mirror targets. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTrafficMirrorTargetsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTrafficMirrorTargetsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeTransitGatewayAttachments&Version=2016-11-15: - get: - x-aws-operation-name: DescribeTransitGatewayAttachments - operationId: GET_DescribeTransitGatewayAttachments - description: 'Describes one or more attachments between resources and transit gateways. By default, all attachments are described. Alternatively, you can filter the results by attachment ID, attachment state, resource ID, or resource owner.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayAttachmentsResult' - parameters: - - name: TransitGatewayAttachmentIds - in: query - required: false - description: The IDs of the attachments. - schema: - type: array - items: - $ref: '#/components/schemas/TransitGatewayAttachmentId' - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeTransitGatewayAttachments - operationId: POST_DescribeTransitGatewayAttachments - description: 'Describes one or more attachments between resources and transit gateways. By default, all attachments are described. Alternatively, you can filter the results by attachment ID, attachment state, resource ID, or resource owner.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayAttachmentsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayAttachmentsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeTransitGatewayConnectPeers&Version=2016-11-15: - get: - x-aws-operation-name: DescribeTransitGatewayConnectPeers - operationId: GET_DescribeTransitGatewayConnectPeers - description: Describes one or more Connect peers. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayConnectPeersResult' - parameters: - - name: TransitGatewayConnectPeerIds - in: query - required: false - description: The IDs of the Connect peers. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayConnectPeerId' - - xml: - name: item - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeTransitGatewayConnectPeers - operationId: POST_DescribeTransitGatewayConnectPeers - description: Describes one or more Connect peers. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayConnectPeersResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayConnectPeersRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeTransitGatewayConnects&Version=2016-11-15: - get: - x-aws-operation-name: DescribeTransitGatewayConnects - operationId: GET_DescribeTransitGatewayConnects - description: Describes one or more Connect attachments. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayConnectsResult' - parameters: - - name: TransitGatewayAttachmentIds - in: query - required: false - description: The IDs of the attachments. - schema: - type: array - items: - $ref: '#/components/schemas/TransitGatewayAttachmentId' - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeTransitGatewayConnects - operationId: POST_DescribeTransitGatewayConnects - description: Describes one or more Connect attachments. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayConnectsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayConnectsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeTransitGatewayMulticastDomains&Version=2016-11-15: - get: - x-aws-operation-name: DescribeTransitGatewayMulticastDomains - operationId: GET_DescribeTransitGatewayMulticastDomains - description: Describes one or more transit gateway multicast domains. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayMulticastDomainsResult' - parameters: - - name: TransitGatewayMulticastDomainIds - in: query - required: false - description: The ID of the transit gateway multicast domain. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDomainId' - - xml: - name: item - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeTransitGatewayMulticastDomains - operationId: POST_DescribeTransitGatewayMulticastDomains - description: Describes one or more transit gateway multicast domains. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayMulticastDomainsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayMulticastDomainsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeTransitGatewayPeeringAttachments&Version=2016-11-15: - get: - x-aws-operation-name: DescribeTransitGatewayPeeringAttachments - operationId: GET_DescribeTransitGatewayPeeringAttachments - description: Describes your transit gateway peering attachments. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayPeeringAttachmentsResult' - parameters: - - name: TransitGatewayAttachmentIds - in: query - required: false - description: One or more IDs of the transit gateway peering attachments. - schema: - type: array - items: - $ref: '#/components/schemas/TransitGatewayAttachmentId' - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeTransitGatewayPeeringAttachments - operationId: POST_DescribeTransitGatewayPeeringAttachments - description: Describes your transit gateway peering attachments. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayPeeringAttachmentsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayPeeringAttachmentsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeTransitGatewayRouteTables&Version=2016-11-15: - get: - x-aws-operation-name: DescribeTransitGatewayRouteTables - operationId: GET_DescribeTransitGatewayRouteTables - description: 'Describes one or more transit gateway route tables. By default, all transit gateway route tables are described. Alternatively, you can filter the results.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayRouteTablesResult' - parameters: - - name: TransitGatewayRouteTableIds - in: query - required: false - description: The IDs of the transit gateway route tables. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableId' - - xml: - name: item - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeTransitGatewayRouteTables - operationId: POST_DescribeTransitGatewayRouteTables - description: 'Describes one or more transit gateway route tables. By default, all transit gateway route tables are described. Alternatively, you can filter the results.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayRouteTablesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayRouteTablesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeTransitGatewayVpcAttachments&Version=2016-11-15: - get: - x-aws-operation-name: DescribeTransitGatewayVpcAttachments - operationId: GET_DescribeTransitGatewayVpcAttachments - description: 'Describes one or more VPC attachments. By default, all VPC attachments are described. Alternatively, you can filter the results.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayVpcAttachmentsResult' - parameters: - - name: TransitGatewayAttachmentIds - in: query - required: false - description: The IDs of the attachments. - schema: - type: array - items: - $ref: '#/components/schemas/TransitGatewayAttachmentId' - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeTransitGatewayVpcAttachments - operationId: POST_DescribeTransitGatewayVpcAttachments - description: 'Describes one or more VPC attachments. By default, all VPC attachments are described. Alternatively, you can filter the results.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayVpcAttachmentsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewayVpcAttachmentsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeTransitGateways&Version=2016-11-15: - get: - x-aws-operation-name: DescribeTransitGateways - operationId: GET_DescribeTransitGateways - description: 'Describes one or more transit gateways. By default, all transit gateways are described. Alternatively, you can filter the results.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewaysResult' - parameters: - - name: TransitGatewayIds - in: query - required: false - description: The IDs of the transit gateways. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayId' - - xml: - name: item - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeTransitGateways - operationId: POST_DescribeTransitGateways - description: 'Describes one or more transit gateways. By default, all transit gateways are described. Alternatively, you can filter the results.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewaysResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTransitGatewaysRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeTrunkInterfaceAssociations&Version=2016-11-15: - get: - x-aws-operation-name: DescribeTrunkInterfaceAssociations - operationId: GET_DescribeTrunkInterfaceAssociations - description: '

This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.

Describes one or more network interface trunk associations.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTrunkInterfaceAssociationsResult' - parameters: - - name: AssociationId - in: query - required: false - description: The IDs of the associations. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrunkInterfaceAssociationId' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 255 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeTrunkInterfaceAssociations - operationId: POST_DescribeTrunkInterfaceAssociations - description: '

This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.

Describes one or more network interface trunk associations.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTrunkInterfaceAssociationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeTrunkInterfaceAssociationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeVolumeAttribute&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVolumeAttribute - operationId: GET_DescribeVolumeAttribute - description: '

Describes the specified attribute of the specified volume. You can specify only one attribute at a time.

For more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVolumeAttributeResult' - parameters: - - name: Attribute - in: query - required: true - description: The attribute of the volume. This parameter is required. - schema: - type: string - enum: - - autoEnableIO - - productCodes - - name: VolumeId - in: query - required: true - description: The ID of the volume. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVolumeAttribute - operationId: POST_DescribeVolumeAttribute - description: '

Describes the specified attribute of the specified volume. You can specify only one attribute at a time.

For more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVolumeAttributeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVolumeAttributeRequest' - parameters: [] - /?Action=DescribeVolumeStatus&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVolumeStatus - operationId: GET_DescribeVolumeStatus - description: '

Describes the status of the specified volumes. Volume status provides the result of the checks performed on your volumes to determine events that can impair the performance of your volumes. The performance of a volume can be affected if an issue occurs on the volume''s underlying host. If the volume''s underlying host experiences a power outage or system issue, after the system is restored, there could be data inconsistencies on the volume. Volume events notify you if this occurs. Volume actions notify you if any action needs to be taken in response to the event.

The DescribeVolumeStatus operation provides the following information about the specified volumes:

Status: Reflects the current status of the volume. The possible values are ok, impaired , warning, or insufficient-data. If all checks pass, the overall status of the volume is ok. If the check fails, the overall status is impaired. If the status is insufficient-data, then the checks might still be taking place on your volume at the time. We recommend that you retry the request. For more information about volume status, see Monitor the status of your volumes in the Amazon Elastic Compute Cloud User Guide.

Events: Reflect the cause of a volume status and might require you to take action. For example, if your volume returns an impaired status, then the volume event might be potential-data-inconsistency. This means that your volume has been affected by an issue with the underlying host, has all I/O operations disabled, and might have inconsistent data.

Actions: Reflect the actions you might have to take in response to an event. For example, if the status of the volume is impaired and the volume event shows potential-data-inconsistency, then the action shows enable-volume-io. This means that you may want to enable the I/O operations for the volume by calling the EnableVolumeIO action and then check the volume for data consistency.

Volume status is based on the volume status checks, and does not reflect the volume state. Therefore, volume status does not indicate volumes in the error state (for example, when a volume is incapable of accepting I/O.)

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVolumeStatusResult' - parameters: - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of volume results returned by DescribeVolumeStatus in paginated output. When this parameter is used, the request only returns MaxResults results in a single page along with a NextToken response element. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. This value can be between 5 and 1,000; if MaxResults is given a value larger than 1,000, only 1,000 results are returned. If this parameter is not used, then DescribeVolumeStatus returns all results. You cannot specify this parameter and the volume IDs parameter in the same request.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: 'The NextToken value to include in a future DescribeVolumeStatus request. When the results of the request exceed MaxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.' - schema: - type: string - - name: VolumeId - in: query - required: false - description: '

The IDs of the volumes.

Default: Describes all your volumes.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VolumeId' - - xml: - name: VolumeId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVolumeStatus - operationId: POST_DescribeVolumeStatus - description: '

Describes the status of the specified volumes. Volume status provides the result of the checks performed on your volumes to determine events that can impair the performance of your volumes. The performance of a volume can be affected if an issue occurs on the volume''s underlying host. If the volume''s underlying host experiences a power outage or system issue, after the system is restored, there could be data inconsistencies on the volume. Volume events notify you if this occurs. Volume actions notify you if any action needs to be taken in response to the event.

The DescribeVolumeStatus operation provides the following information about the specified volumes:

Status: Reflects the current status of the volume. The possible values are ok, impaired , warning, or insufficient-data. If all checks pass, the overall status of the volume is ok. If the check fails, the overall status is impaired. If the status is insufficient-data, then the checks might still be taking place on your volume at the time. We recommend that you retry the request. For more information about volume status, see Monitor the status of your volumes in the Amazon Elastic Compute Cloud User Guide.

Events: Reflect the cause of a volume status and might require you to take action. For example, if your volume returns an impaired status, then the volume event might be potential-data-inconsistency. This means that your volume has been affected by an issue with the underlying host, has all I/O operations disabled, and might have inconsistent data.

Actions: Reflect the actions you might have to take in response to an event. For example, if the status of the volume is impaired and the volume event shows potential-data-inconsistency, then the action shows enable-volume-io. This means that you may want to enable the I/O operations for the volume by calling the EnableVolumeIO action and then check the volume for data consistency.

Volume status is based on the volume status checks, and does not reflect the volume state. Therefore, volume status does not indicate volumes in the error state (for example, when a volume is incapable of accepting I/O.)

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVolumeStatusResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVolumeStatusRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - '/?Action=DescribeVolumes&Version=2016-11-15': - get: - x-aws-operation-name: DescribeVolumes - operationId: GET_DescribeVolumes - description: '

Describes the specified EBS volumes or all of your EBS volumes.

If you are describing a long list of volumes, we recommend that you paginate the output to make the list more manageable. The MaxResults parameter sets the maximum number of results returned in a single page. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeVolumes request to retrieve the remaining results.

For more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVolumesResult' - parameters: - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: VolumeId - in: query - required: false - description: The volume IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VolumeId' - - xml: - name: VolumeId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: MaxResults - in: query - required: false - description: 'The maximum number of volume results returned by DescribeVolumes in paginated output. When this parameter is used, DescribeVolumes only returns MaxResults results in a single page along with a NextToken response element. The remaining results of the initial request can be seen by sending another DescribeVolumes request with the returned NextToken value. This value can be between 5 and 500; if MaxResults is given a value larger than 500, only 500 results are returned. If this parameter is not used, then DescribeVolumes returns all results. You cannot specify this parameter and the volume IDs parameter in the same request.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The NextToken value returned from a previous paginated DescribeVolumes request where MaxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the NextToken value. This value is null when there are no more results to return. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVolumes - operationId: POST_DescribeVolumes - description: '

Describes the specified EBS volumes or all of your EBS volumes.

If you are describing a long list of volumes, we recommend that you paginate the output to make the list more manageable. The MaxResults parameter sets the maximum number of results returned in a single page. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeVolumes request to retrieve the remaining results.

For more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVolumesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVolumesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeVolumesModifications&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVolumesModifications - operationId: GET_DescribeVolumesModifications - description: '

Describes the most recent volume modification request for the specified EBS volumes.

If a volume has never been modified, some information in the output will be null. If a volume has been modified more than once, the output includes only the most recent modification request.

You can also use CloudWatch Events to check the status of a modification to an EBS volume. For information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. For more information, see Monitor the progress of volume modifications in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVolumesModificationsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VolumeId - in: query - required: false - description: The IDs of the volumes. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VolumeId' - - xml: - name: VolumeId - - name: Filter - in: query - required: false - description: '

The filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: NextToken - in: query - required: false - description: The nextToken value returned by a previous paginated request. - schema: - type: string - - name: MaxResults - in: query - required: false - description: The maximum number of results (up to a limit of 500) to be returned in a paginated request. - schema: - type: integer - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVolumesModifications - operationId: POST_DescribeVolumesModifications - description: '

Describes the most recent volume modification request for the specified EBS volumes.

If a volume has never been modified, some information in the output will be null. If a volume has been modified more than once, the output includes only the most recent modification request.

You can also use CloudWatch Events to check the status of a modification to an EBS volume. For information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. For more information, see Monitor the progress of volume modifications in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVolumesModificationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVolumesModificationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeVpcAttribute&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVpcAttribute - operationId: GET_DescribeVpcAttribute - description: Describes the specified attribute of the specified VPC. You can specify only one attribute at a time. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcAttributeResult' - parameters: - - name: Attribute - in: query - required: true - description: The VPC attribute. - schema: - type: string - enum: - - enableDnsSupport - - enableDnsHostnames - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVpcAttribute - operationId: POST_DescribeVpcAttribute - description: Describes the specified attribute of the specified VPC. You can specify only one attribute at a time. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcAttributeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcAttributeRequest' - parameters: [] - /?Action=DescribeVpcClassicLink&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVpcClassicLink - operationId: GET_DescribeVpcClassicLink - description: Describes the ClassicLink status of one or more VPCs. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcClassicLinkResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcId - in: query - required: false - description: One or more VPCs for which you want to describe the ClassicLink status. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcId' - - xml: - name: VpcId - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVpcClassicLink - operationId: POST_DescribeVpcClassicLink - description: Describes the ClassicLink status of one or more VPCs. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcClassicLinkResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcClassicLinkRequest' - parameters: [] - /?Action=DescribeVpcClassicLinkDnsSupport&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVpcClassicLinkDnsSupport - operationId: GET_DescribeVpcClassicLinkDnsSupport - description: 'Describes the ClassicLink DNS support status of one or more VPCs. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it''s linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcClassicLinkDnsSupportResult' - parameters: - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 255 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - minLength: 1 - maxLength: 1024 - - name: VpcIds - in: query - required: false - description: One or more VPC IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcId' - - xml: - name: VpcId - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVpcClassicLinkDnsSupport - operationId: POST_DescribeVpcClassicLinkDnsSupport - description: 'Describes the ClassicLink DNS support status of one or more VPCs. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it''s linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcClassicLinkDnsSupportResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcClassicLinkDnsSupportRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeVpcEndpointConnectionNotifications&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVpcEndpointConnectionNotifications - operationId: GET_DescribeVpcEndpointConnectionNotifications - description: Describes the connection notifications for VPC endpoints and VPC endpoint services. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointConnectionNotificationsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ConnectionNotificationId - in: query - required: false - description: The ID of the notification. - schema: - type: string - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another request with the returned NextToken value.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token to request the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVpcEndpointConnectionNotifications - operationId: POST_DescribeVpcEndpointConnectionNotifications - description: Describes the connection notifications for VPC endpoints and VPC endpoint services. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointConnectionNotificationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointConnectionNotificationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeVpcEndpointConnections&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVpcEndpointConnections - operationId: GET_DescribeVpcEndpointConnections - description: 'Describes the VPC endpoint connections to your VPC endpoint services, including any endpoints that are pending your acceptance.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointConnectionsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return for the request in a single page. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. This value can be between 5 and 1,000; if MaxResults is given a value larger than 1,000, only 1,000 results are returned.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVpcEndpointConnections - operationId: POST_DescribeVpcEndpointConnections - description: 'Describes the VPC endpoint connections to your VPC endpoint services, including any endpoints that are pending your acceptance.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointConnectionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointConnectionsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeVpcEndpointServiceConfigurations&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVpcEndpointServiceConfigurations - operationId: GET_DescribeVpcEndpointServiceConfigurations - description: Describes the VPC endpoint service configurations in your account (your services). - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointServiceConfigurationsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ServiceId - in: query - required: false - description: The IDs of one or more services. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcEndpointServiceId' - - xml: - name: item - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return for the request in a single page. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. This value can be between 5 and 1,000; if MaxResults is given a value larger than 1,000, only 1,000 results are returned.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVpcEndpointServiceConfigurations - operationId: POST_DescribeVpcEndpointServiceConfigurations - description: Describes the VPC endpoint service configurations in your account (your services). - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointServiceConfigurationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointServiceConfigurationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeVpcEndpointServicePermissions&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVpcEndpointServicePermissions - operationId: GET_DescribeVpcEndpointServicePermissions - description: Describes the principals (service consumers) that are permitted to discover your VPC endpoint service. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointServicePermissionsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ServiceId - in: query - required: true - description: The ID of the service. - schema: - type: string - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return for the request in a single page. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. This value can be between 5 and 1,000; if MaxResults is given a value larger than 1,000, only 1,000 results are returned.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token to retrieve the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVpcEndpointServicePermissions - operationId: POST_DescribeVpcEndpointServicePermissions - description: Describes the principals (service consumers) that are permitted to discover your VPC endpoint service. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointServicePermissionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointServicePermissionsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeVpcEndpointServices&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVpcEndpointServices - operationId: GET_DescribeVpcEndpointServices - description: '

Describes available services to which you can create a VPC endpoint.

When the service provider and the consumer have different accounts in multiple Availability Zones, and the consumer views the VPC endpoint service information, the response only includes the common Availability Zones. For example, when the service provider account uses us-east-1a and us-east-1c and the consumer uses us-east-1a and us-east-1b, the response includes the VPC endpoint services in the common Availability Zone, us-east-1a.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointServicesResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ServiceName - in: query - required: false - description: One or more service names. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: '

The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results.

Constraint: If the value is greater than 1,000, we return only 1,000 items.

' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token for the next set of items to return. (You received this token from a prior call.) - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVpcEndpointServices - operationId: POST_DescribeVpcEndpointServices - description: '

Describes available services to which you can create a VPC endpoint.

When the service provider and the consumer have different accounts in multiple Availability Zones, and the consumer views the VPC endpoint service information, the response only includes the common Availability Zones. For example, when the service provider account uses us-east-1a and us-east-1c and the consumer uses us-east-1a and us-east-1b, the response includes the VPC endpoint services in the common Availability Zone, us-east-1a.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointServicesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointServicesRequest' - parameters: [] - /?Action=DescribeVpcEndpoints&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVpcEndpoints - operationId: GET_DescribeVpcEndpoints - description: Describes one or more of your VPC endpoints. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcEndpointId - in: query - required: false - description: One or more endpoint IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcEndpointId' - - xml: - name: item - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: '

The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results.

Constraint: If the value is greater than 1,000, we return only 1,000 items.

' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token for the next set of items to return. (You received this token from a prior call.) - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVpcEndpoints - operationId: POST_DescribeVpcEndpoints - description: Describes one or more of your VPC endpoints. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcEndpointsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeVpcPeeringConnections&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVpcPeeringConnections - operationId: GET_DescribeVpcPeeringConnections - description: Describes one or more of your VPC peering connections. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcPeeringConnectionsResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcPeeringConnectionId - in: query - required: false - description: '

One or more VPC peering connection IDs.

Default: Describes all your VPC peering connections.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcPeeringConnectionId' - - xml: - name: item - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVpcPeeringConnections - operationId: POST_DescribeVpcPeeringConnections - description: Describes one or more of your VPC peering connections. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcPeeringConnectionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcPeeringConnectionsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeVpcs&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVpcs - operationId: GET_DescribeVpcs - description: Describes one or more of your VPCs. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcsResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: VpcId - in: query - required: false - description: '

One or more VPC IDs.

Default: Describes all your VPCs.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcId' - - xml: - name: VpcId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVpcs - operationId: POST_DescribeVpcs - description: Describes one or more of your VPCs. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpcsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=DescribeVpnConnections&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVpnConnections - operationId: GET_DescribeVpnConnections - description: '

Describes one or more of your VPN connections.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpnConnectionsResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: VpnConnectionId - in: query - required: false - description: '

One or more VPN connection IDs.

Default: Describes your VPN connections.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpnConnectionId' - - xml: - name: VpnConnectionId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVpnConnections - operationId: POST_DescribeVpnConnections - description: '

Describes one or more of your VPN connections.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpnConnectionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpnConnectionsRequest' - parameters: [] - /?Action=DescribeVpnGateways&Version=2016-11-15: - get: - x-aws-operation-name: DescribeVpnGateways - operationId: GET_DescribeVpnGateways - description: '

Describes one or more of your virtual private gateways.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpnGatewaysResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: VpnGatewayId - in: query - required: false - description: '

One or more virtual private gateway IDs.

Default: Describes all your virtual private gateways.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpnGatewayId' - - xml: - name: VpnGatewayId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DescribeVpnGateways - operationId: POST_DescribeVpnGateways - description: '

Describes one or more of your virtual private gateways.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpnGatewaysResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DescribeVpnGatewaysRequest' - parameters: [] - /?Action=DetachClassicLinkVpc&Version=2016-11-15: - get: - x-aws-operation-name: DetachClassicLinkVpc - operationId: GET_DetachClassicLinkVpc - description: 'Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance has been unlinked, the VPC security groups are no longer associated with it. An instance is automatically unlinked from a VPC when it''s stopped.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DetachClassicLinkVpcResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceId - in: query - required: true - description: The ID of the instance to unlink from the VPC. - schema: - type: string - - name: VpcId - in: query - required: true - description: The ID of the VPC to which the instance is linked. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DetachClassicLinkVpc - operationId: POST_DetachClassicLinkVpc - description: 'Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance has been unlinked, the VPC security groups are no longer associated with it. An instance is automatically unlinked from a VPC when it''s stopped.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DetachClassicLinkVpcResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DetachClassicLinkVpcRequest' - parameters: [] - /?Action=DetachInternetGateway&Version=2016-11-15: - get: - x-aws-operation-name: DetachInternetGateway - operationId: GET_DetachInternetGateway - description: 'Detaches an internet gateway from a VPC, disabling connectivity between the internet and the VPC. The VPC must not contain any running instances with Elastic IP addresses or public IPv4 addresses.' - responses: - '200': - description: Success - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InternetGatewayId - in: query - required: true - description: The ID of the internet gateway. - schema: - type: string - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DetachInternetGateway - operationId: POST_DetachInternetGateway - description: 'Detaches an internet gateway from a VPC, disabling connectivity between the internet and the VPC. The VPC must not contain any running instances with Elastic IP addresses or public IPv4 addresses.' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DetachInternetGatewayRequest' - parameters: [] - /?Action=DetachNetworkInterface&Version=2016-11-15: - get: - x-aws-operation-name: DetachNetworkInterface - operationId: GET_DetachNetworkInterface - description: Detaches a network interface from an instance. - responses: - '200': - description: Success - parameters: - - name: AttachmentId - in: query - required: true - description: The ID of the attachment. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Force - in: query - required: false - description: '

Specifies whether to force a detachment.

' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DetachNetworkInterface - operationId: POST_DetachNetworkInterface - description: Detaches a network interface from an instance. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DetachNetworkInterfaceRequest' - parameters: [] - /?Action=DetachVolume&Version=2016-11-15: - get: - x-aws-operation-name: DetachVolume - operationId: GET_DetachVolume - description: '

Detaches an EBS volume from an instance. Make sure to unmount any file systems on the device within your operating system before detaching the volume. Failure to do so can result in the volume becoming stuck in the busy state while detaching. If this happens, detachment can be delayed indefinitely until you unmount the volume, force detachment, reboot the instance, or all three. If an EBS volume is the root device of an instance, it can''t be detached while the instance is running. To detach the root volume, stop the instance first.

When a volume with an Amazon Web Services Marketplace product code is detached from an instance, the product code is no longer associated with the instance.

For more information, see Detach an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/VolumeAttachment' - parameters: - - name: Device - in: query - required: false - description: The device name. - schema: - type: string - - name: Force - in: query - required: false - description: 'Forces detachment if the previous detachment attempt did not occur cleanly (for example, logging into an instance, unmounting the volume, and detaching normally). This option can lead to data loss or a corrupted file system. Use this option only as a last resort to detach a volume from a failed instance. The instance won''t have an opportunity to flush file system caches or file system metadata. If you use this option, you must perform file system check and repair procedures.' - schema: - type: boolean - - name: InstanceId - in: query - required: false - description: 'The ID of the instance. If you are detaching a Multi-Attach enabled volume, you must specify an instance ID.' - schema: - type: string - - name: VolumeId - in: query - required: true - description: The ID of the volume. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DetachVolume - operationId: POST_DetachVolume - description: '

Detaches an EBS volume from an instance. Make sure to unmount any file systems on the device within your operating system before detaching the volume. Failure to do so can result in the volume becoming stuck in the busy state while detaching. If this happens, detachment can be delayed indefinitely until you unmount the volume, force detachment, reboot the instance, or all three. If an EBS volume is the root device of an instance, it can''t be detached while the instance is running. To detach the root volume, stop the instance first.

When a volume with an Amazon Web Services Marketplace product code is detached from an instance, the product code is no longer associated with the instance.

For more information, see Detach an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/VolumeAttachment' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DetachVolumeRequest' - parameters: [] - /?Action=DetachVpnGateway&Version=2016-11-15: - get: - x-aws-operation-name: DetachVpnGateway - operationId: GET_DetachVpnGateway - description:

Detaches a virtual private gateway from a VPC. You do this if you're planning to turn off the VPC and not use it anymore. You can confirm a virtual private gateway has been completely detached from a VPC by describing the virtual private gateway (any attachments to the virtual private gateway are also described).

You must wait for the attachment's state to switch to detached before you can delete the VPC or attach a different VPC to the virtual private gateway.

- responses: - '200': - description: Success - parameters: - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - - name: VpnGatewayId - in: query - required: true - description: The ID of the virtual private gateway. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DetachVpnGateway - operationId: POST_DetachVpnGateway - description:

Detaches a virtual private gateway from a VPC. You do this if you're planning to turn off the VPC and not use it anymore. You can confirm a virtual private gateway has been completely detached from a VPC by describing the virtual private gateway (any attachments to the virtual private gateway are also described).

You must wait for the attachment's state to switch to detached before you can delete the VPC or attach a different VPC to the virtual private gateway.

- responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DetachVpnGatewayRequest' - parameters: [] - /?Action=DisableEbsEncryptionByDefault&Version=2016-11-15: - get: - x-aws-operation-name: DisableEbsEncryptionByDefault - operationId: GET_DisableEbsEncryptionByDefault - description: '

Disables EBS encryption by default for your account in the current Region.

After you disable encryption by default, you can still create encrypted volumes by enabling encryption when you create each volume.

Disabling encryption by default does not change the encryption status of your existing volumes.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableEbsEncryptionByDefaultResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisableEbsEncryptionByDefault - operationId: POST_DisableEbsEncryptionByDefault - description: '

Disables EBS encryption by default for your account in the current Region.

After you disable encryption by default, you can still create encrypted volumes by enabling encryption when you create each volume.

Disabling encryption by default does not change the encryption status of your existing volumes.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableEbsEncryptionByDefaultResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableEbsEncryptionByDefaultRequest' - parameters: [] - /?Action=DisableFastLaunch&Version=2016-11-15: - get: - x-aws-operation-name: DisableFastLaunch - operationId: GET_DisableFastLaunch - description: '

Discontinue faster launching for a Windows AMI, and clean up existing pre-provisioned snapshots. When you disable faster launching, the AMI uses the standard launch process for each instance. All pre-provisioned snapshots must be removed before you can enable faster launching again.

To change these settings, you must own the AMI.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableFastLaunchResult' - parameters: - - name: ImageId - in: query - required: true - description: 'The ID of the image for which you’re turning off faster launching, and removing pre-provisioned snapshots.' - schema: - type: string - - name: Force - in: query - required: false - description: Forces the image settings to turn off faster launching for your Windows AMI. This parameter overrides any errors that are encountered while cleaning up resources in your account. - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisableFastLaunch - operationId: POST_DisableFastLaunch - description: '

Discontinue faster launching for a Windows AMI, and clean up existing pre-provisioned snapshots. When you disable faster launching, the AMI uses the standard launch process for each instance. All pre-provisioned snapshots must be removed before you can enable faster launching again.

To change these settings, you must own the AMI.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableFastLaunchResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableFastLaunchRequest' - parameters: [] - /?Action=DisableFastSnapshotRestores&Version=2016-11-15: - get: - x-aws-operation-name: DisableFastSnapshotRestores - operationId: GET_DisableFastSnapshotRestores - description: Disables fast snapshot restores for the specified snapshots in the specified Availability Zones. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableFastSnapshotRestoresResult' - parameters: - - name: AvailabilityZone - in: query - required: true - description: 'One or more Availability Zones. For example, us-east-2a.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: AvailabilityZone - - name: SourceSnapshotId - in: query - required: true - description: 'The IDs of one or more snapshots. For example, snap-1234567890abcdef0.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SnapshotId' - - xml: - name: SnapshotId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisableFastSnapshotRestores - operationId: POST_DisableFastSnapshotRestores - description: Disables fast snapshot restores for the specified snapshots in the specified Availability Zones. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableFastSnapshotRestoresResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableFastSnapshotRestoresRequest' - parameters: [] - /?Action=DisableImageDeprecation&Version=2016-11-15: - get: - x-aws-operation-name: DisableImageDeprecation - operationId: GET_DisableImageDeprecation - description: '

Cancels the deprecation of the specified AMI.

For more information, see Deprecate an AMI in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableImageDeprecationResult' - parameters: - - name: ImageId - in: query - required: true - description: The ID of the AMI. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisableImageDeprecation - operationId: POST_DisableImageDeprecation - description: '

Cancels the deprecation of the specified AMI.

For more information, see Deprecate an AMI in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableImageDeprecationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableImageDeprecationRequest' - parameters: [] - /?Action=DisableIpamOrganizationAdminAccount&Version=2016-11-15: - get: - x-aws-operation-name: DisableIpamOrganizationAdminAccount - operationId: GET_DisableIpamOrganizationAdminAccount - description: 'Disable the IPAM account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableIpamOrganizationAdminAccountResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: DelegatedAdminAccountId - in: query - required: true - description: The Organizations member account ID that you want to disable as IPAM account. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisableIpamOrganizationAdminAccount - operationId: POST_DisableIpamOrganizationAdminAccount - description: 'Disable the IPAM account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableIpamOrganizationAdminAccountResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableIpamOrganizationAdminAccountRequest' - parameters: [] - /?Action=DisableSerialConsoleAccess&Version=2016-11-15: - get: - x-aws-operation-name: DisableSerialConsoleAccess - operationId: GET_DisableSerialConsoleAccess - description: 'Disables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableSerialConsoleAccessResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisableSerialConsoleAccess - operationId: POST_DisableSerialConsoleAccess - description: 'Disables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableSerialConsoleAccessResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableSerialConsoleAccessRequest' - parameters: [] - /?Action=DisableTransitGatewayRouteTablePropagation&Version=2016-11-15: - get: - x-aws-operation-name: DisableTransitGatewayRouteTablePropagation - operationId: GET_DisableTransitGatewayRouteTablePropagation - description: Disables the specified resource attachment from propagating routes to the specified propagation route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableTransitGatewayRouteTablePropagationResult' - parameters: - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the propagation route table. - schema: - type: string - - name: TransitGatewayAttachmentId - in: query - required: true - description: The ID of the attachment. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisableTransitGatewayRouteTablePropagation - operationId: POST_DisableTransitGatewayRouteTablePropagation - description: Disables the specified resource attachment from propagating routes to the specified propagation route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableTransitGatewayRouteTablePropagationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableTransitGatewayRouteTablePropagationRequest' - parameters: [] - /?Action=DisableVgwRoutePropagation&Version=2016-11-15: - get: - x-aws-operation-name: DisableVgwRoutePropagation - operationId: GET_DisableVgwRoutePropagation - description: Disables a virtual private gateway (VGW) from propagating routes to a specified route table of a VPC. - responses: - '200': - description: Success - parameters: - - name: GatewayId - in: query - required: true - description: The ID of the virtual private gateway. - schema: - type: string - - name: RouteTableId - in: query - required: true - description: The ID of the route table. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisableVgwRoutePropagation - operationId: POST_DisableVgwRoutePropagation - description: Disables a virtual private gateway (VGW) from propagating routes to a specified route table of a VPC. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableVgwRoutePropagationRequest' - parameters: [] - /?Action=DisableVpcClassicLink&Version=2016-11-15: - get: - x-aws-operation-name: DisableVpcClassicLink - operationId: GET_DisableVpcClassicLink - description: Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that has EC2-Classic instances linked to it. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableVpcClassicLinkResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisableVpcClassicLink - operationId: POST_DisableVpcClassicLink - description: Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that has EC2-Classic instances linked to it. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableVpcClassicLinkResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableVpcClassicLinkRequest' - parameters: [] - /?Action=DisableVpcClassicLinkDnsSupport&Version=2016-11-15: - get: - x-aws-operation-name: DisableVpcClassicLinkDnsSupport - operationId: GET_DisableVpcClassicLinkDnsSupport - description: '

Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve to public IP addresses when addressed between a linked EC2-Classic instance and instances in the VPC to which it''s linked. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.

You must specify a VPC ID in the request.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableVpcClassicLinkDnsSupportResult' - parameters: - - name: VpcId - in: query - required: false - description: The ID of the VPC. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisableVpcClassicLinkDnsSupport - operationId: POST_DisableVpcClassicLinkDnsSupport - description: '

Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve to public IP addresses when addressed between a linked EC2-Classic instance and instances in the VPC to which it''s linked. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.

You must specify a VPC ID in the request.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableVpcClassicLinkDnsSupportResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisableVpcClassicLinkDnsSupportRequest' - parameters: [] - /?Action=DisassociateAddress&Version=2016-11-15: - get: - x-aws-operation-name: DisassociateAddress - operationId: GET_DisassociateAddress - description: '

Disassociates an Elastic IP address from the instance or network interface it''s associated with.

An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn''t return an error.

' - responses: - '200': - description: Success - parameters: - - name: AssociationId - in: query - required: false - description: '[EC2-VPC] The association ID. Required for EC2-VPC.' - schema: - type: string - - name: PublicIp - in: query - required: false - description: '[EC2-Classic] The Elastic IP address. Required for EC2-Classic.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisassociateAddress - operationId: POST_DisassociateAddress - description: '

Disassociates an Elastic IP address from the instance or network interface it''s associated with.

An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn''t return an error.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateAddressRequest' - parameters: [] - /?Action=DisassociateClientVpnTargetNetwork&Version=2016-11-15: - get: - x-aws-operation-name: DisassociateClientVpnTargetNetwork - operationId: GET_DisassociateClientVpnTargetNetwork - description: '

Disassociates a target network from the specified Client VPN endpoint. When you disassociate the last target network from a Client VPN, the following happens:

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateClientVpnTargetNetworkResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint from which to disassociate the target network. - schema: - type: string - - name: AssociationId - in: query - required: true - description: The ID of the target network association. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisassociateClientVpnTargetNetwork - operationId: POST_DisassociateClientVpnTargetNetwork - description: '

Disassociates a target network from the specified Client VPN endpoint. When you disassociate the last target network from a Client VPN, the following happens:

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateClientVpnTargetNetworkResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateClientVpnTargetNetworkRequest' - parameters: [] - /?Action=DisassociateEnclaveCertificateIamRole&Version=2016-11-15: - get: - x-aws-operation-name: DisassociateEnclaveCertificateIamRole - operationId: GET_DisassociateEnclaveCertificateIamRole - description: 'Disassociates an IAM role from an Certificate Manager (ACM) certificate. Disassociating an IAM role from an ACM certificate removes the Amazon S3 object that contains the certificate, certificate chain, and encrypted private key from the Amazon S3 bucket. It also revokes the IAM role''s permission to use the KMS key used to encrypt the private key. This effectively revokes the role''s permission to use the certificate.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateEnclaveCertificateIamRoleResult' - parameters: - - name: CertificateArn - in: query - required: false - description: The ARN of the ACM certificate from which to disassociate the IAM role. - schema: - type: string - minLength: 1 - maxLength: 1283 - - name: RoleArn - in: query - required: false - description: The ARN of the IAM role to disassociate. - schema: - type: string - minLength: 1 - maxLength: 1283 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisassociateEnclaveCertificateIamRole - operationId: POST_DisassociateEnclaveCertificateIamRole - description: 'Disassociates an IAM role from an Certificate Manager (ACM) certificate. Disassociating an IAM role from an ACM certificate removes the Amazon S3 object that contains the certificate, certificate chain, and encrypted private key from the Amazon S3 bucket. It also revokes the IAM role''s permission to use the KMS key used to encrypt the private key. This effectively revokes the role''s permission to use the certificate.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateEnclaveCertificateIamRoleResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateEnclaveCertificateIamRoleRequest' - parameters: [] - /?Action=DisassociateIamInstanceProfile&Version=2016-11-15: - get: - x-aws-operation-name: DisassociateIamInstanceProfile - operationId: GET_DisassociateIamInstanceProfile - description:

Disassociates an IAM instance profile from a running or stopped instance.

Use DescribeIamInstanceProfileAssociations to get the association ID.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateIamInstanceProfileResult' - parameters: - - name: AssociationId - in: query - required: true - description: The ID of the IAM instance profile association. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisassociateIamInstanceProfile - operationId: POST_DisassociateIamInstanceProfile - description:

Disassociates an IAM instance profile from a running or stopped instance.

Use DescribeIamInstanceProfileAssociations to get the association ID.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateIamInstanceProfileResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateIamInstanceProfileRequest' - parameters: [] - /?Action=DisassociateInstanceEventWindow&Version=2016-11-15: - get: - x-aws-operation-name: DisassociateInstanceEventWindow - operationId: GET_DisassociateInstanceEventWindow - description: '

Disassociates one or more targets from an event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateInstanceEventWindowResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceEventWindowId - in: query - required: true - description: The ID of the event window. - schema: - type: string - - name: AssociationTarget - in: query - required: true - description: One or more targets to disassociate from the specified event window. - schema: - type: object - properties: - InstanceId: - allOf: - - $ref: '#/components/schemas/InstanceIdList' - - description: The IDs of the instances to disassociate from the event window. - InstanceTag: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The instance tags to disassociate from the event window. Any instances associated with the tags will be disassociated from the event window. - DedicatedHostId: - allOf: - - $ref: '#/components/schemas/DedicatedHostIdList' - - description: The IDs of the Dedicated Hosts to disassociate from the event window. - description: The targets to disassociate from the specified event window. - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisassociateInstanceEventWindow - operationId: POST_DisassociateInstanceEventWindow - description: '

Disassociates one or more targets from an event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateInstanceEventWindowResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateInstanceEventWindowRequest' - parameters: [] - /?Action=DisassociateRouteTable&Version=2016-11-15: - get: - x-aws-operation-name: DisassociateRouteTable - operationId: GET_DisassociateRouteTable - description: '

Disassociates a subnet or gateway from a route table.

After you perform this action, the subnet no longer uses the routes in the route table. Instead, it uses the routes in the VPC''s main route table. For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - parameters: - - name: AssociationId - in: query - required: true - description: The association ID representing the current association between the route table and subnet or gateway. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisassociateRouteTable - operationId: POST_DisassociateRouteTable - description: '

Disassociates a subnet or gateway from a route table.

After you perform this action, the subnet no longer uses the routes in the route table. Instead, it uses the routes in the VPC''s main route table. For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateRouteTableRequest' - parameters: [] - /?Action=DisassociateSubnetCidrBlock&Version=2016-11-15: - get: - x-aws-operation-name: DisassociateSubnetCidrBlock - operationId: GET_DisassociateSubnetCidrBlock - description: 'Disassociates a CIDR block from a subnet. Currently, you can disassociate an IPv6 CIDR block only. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateSubnetCidrBlockResult' - parameters: - - name: AssociationId - in: query - required: true - description: The association ID for the CIDR block. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisassociateSubnetCidrBlock - operationId: POST_DisassociateSubnetCidrBlock - description: 'Disassociates a CIDR block from a subnet. Currently, you can disassociate an IPv6 CIDR block only. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateSubnetCidrBlockResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateSubnetCidrBlockRequest' - parameters: [] - /?Action=DisassociateTransitGatewayMulticastDomain&Version=2016-11-15: - get: - x-aws-operation-name: DisassociateTransitGatewayMulticastDomain - operationId: GET_DisassociateTransitGatewayMulticastDomain - description: 'Disassociates the specified subnets from the transit gateway multicast domain. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateTransitGatewayMulticastDomainResult' - parameters: - - name: TransitGatewayMulticastDomainId - in: query - required: false - description: The ID of the transit gateway multicast domain. - schema: - type: string - - name: TransitGatewayAttachmentId - in: query - required: false - description: The ID of the attachment. - schema: - type: string - - name: SubnetIds - in: query - required: false - description: The IDs of the subnets; - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SubnetId' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisassociateTransitGatewayMulticastDomain - operationId: POST_DisassociateTransitGatewayMulticastDomain - description: 'Disassociates the specified subnets from the transit gateway multicast domain. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateTransitGatewayMulticastDomainResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateTransitGatewayMulticastDomainRequest' - parameters: [] - /?Action=DisassociateTransitGatewayRouteTable&Version=2016-11-15: - get: - x-aws-operation-name: DisassociateTransitGatewayRouteTable - operationId: GET_DisassociateTransitGatewayRouteTable - description: Disassociates a resource attachment from a transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateTransitGatewayRouteTableResult' - parameters: - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the transit gateway route table. - schema: - type: string - - name: TransitGatewayAttachmentId - in: query - required: true - description: The ID of the attachment. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisassociateTransitGatewayRouteTable - operationId: POST_DisassociateTransitGatewayRouteTable - description: Disassociates a resource attachment from a transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateTransitGatewayRouteTableResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateTransitGatewayRouteTableRequest' - parameters: [] - /?Action=DisassociateTrunkInterface&Version=2016-11-15: - get: - x-aws-operation-name: DisassociateTrunkInterface - operationId: GET_DisassociateTrunkInterface - description: '

This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.

Removes an association between a branch network interface with a trunk network interface.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateTrunkInterfaceResult' - parameters: - - name: AssociationId - in: query - required: true - description: The ID of the association - schema: - type: string - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisassociateTrunkInterface - operationId: POST_DisassociateTrunkInterface - description: '

This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.

Removes an association between a branch network interface with a trunk network interface.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateTrunkInterfaceResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateTrunkInterfaceRequest' - parameters: [] - /?Action=DisassociateVpcCidrBlock&Version=2016-11-15: - get: - x-aws-operation-name: DisassociateVpcCidrBlock - operationId: GET_DisassociateVpcCidrBlock - description: '

Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must specify its association ID. You can get the association ID by using DescribeVpcs. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.

You cannot disassociate the CIDR block with which you originally created the VPC (the primary CIDR block).

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateVpcCidrBlockResult' - parameters: - - name: AssociationId - in: query - required: true - description: The association ID for the CIDR block. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: DisassociateVpcCidrBlock - operationId: POST_DisassociateVpcCidrBlock - description: '

Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must specify its association ID. You can get the association ID by using DescribeVpcs. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.

You cannot disassociate the CIDR block with which you originally created the VPC (the primary CIDR block).

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateVpcCidrBlockResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DisassociateVpcCidrBlockRequest' - parameters: [] - /?Action=EnableEbsEncryptionByDefault&Version=2016-11-15: - get: - x-aws-operation-name: EnableEbsEncryptionByDefault - operationId: GET_EnableEbsEncryptionByDefault - description: '

Enables EBS encryption by default for your account in the current Region.

After you enable encryption by default, the EBS volumes that you create are always encrypted, either using the default KMS key or the KMS key that you specified when you created each volume. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

You can specify the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.

Enabling encryption by default has no effect on the encryption status of your existing volumes.

After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see Supported instance types.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableEbsEncryptionByDefaultResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: EnableEbsEncryptionByDefault - operationId: POST_EnableEbsEncryptionByDefault - description: '

Enables EBS encryption by default for your account in the current Region.

After you enable encryption by default, the EBS volumes that you create are always encrypted, either using the default KMS key or the KMS key that you specified when you created each volume. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

You can specify the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.

Enabling encryption by default has no effect on the encryption status of your existing volumes.

After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see Supported instance types.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableEbsEncryptionByDefaultResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableEbsEncryptionByDefaultRequest' - parameters: [] - /?Action=EnableFastLaunch&Version=2016-11-15: - get: - x-aws-operation-name: EnableFastLaunch - operationId: GET_EnableFastLaunch - description: '

When you enable faster launching for a Windows AMI, images are pre-provisioned, using snapshots to launch instances up to 65% faster. To create the optimized Windows image, Amazon EC2 launches an instance and runs through Sysprep steps, rebooting as required. Then it creates a set of reserved snapshots that are used for subsequent launches. The reserved snapshots are automatically replenished as they are used, depending on your settings for launch frequency.

To change these settings, you must own the AMI.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableFastLaunchResult' - parameters: - - name: ImageId - in: query - required: true - description: The ID of the image for which you’re enabling faster launching. - schema: - type: string - - name: ResourceType - in: query - required: false - description: 'The type of resource to use for pre-provisioning the Windows AMI for faster launching. Supported values include: snapshot, which is the default value.' - schema: - type: string - - name: SnapshotConfiguration - in: query - required: false - description: Configuration settings for creating and managing the snapshots that are used for pre-provisioning the Windows AMI for faster launching. The associated ResourceType must be snapshot. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of pre-provisioned snapshots to keep on hand for a fast-launch enabled Windows AMI. - description: Configuration settings for creating and managing pre-provisioned snapshots for a fast-launch enabled Windows AMI. - - name: LaunchTemplate - in: query - required: false - description: 'The launch template to use when launching Windows instances from pre-provisioned snapshots. Launch template parameters can include either the name or ID of the launch template, but not both.' - schema: - type: object - required: - - Version - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The version of the launch template to use for faster launching for a Windows AMI. - description: '

Request to create a launch template for a fast-launch enabled Windows AMI.

Note - You can specify either the LaunchTemplateName or the LaunchTemplateId, but not both.

' - - name: MaxParallelLaunches - in: query - required: false - description: 'The maximum number of parallel instances to launch for creating resources. Value must be 6 or greater. ' - schema: - type: integer - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: EnableFastLaunch - operationId: POST_EnableFastLaunch - description: '

When you enable faster launching for a Windows AMI, images are pre-provisioned, using snapshots to launch instances up to 65% faster. To create the optimized Windows image, Amazon EC2 launches an instance and runs through Sysprep steps, rebooting as required. Then it creates a set of reserved snapshots that are used for subsequent launches. The reserved snapshots are automatically replenished as they are used, depending on your settings for launch frequency.

To change these settings, you must own the AMI.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableFastLaunchResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableFastLaunchRequest' - parameters: [] - /?Action=EnableFastSnapshotRestores&Version=2016-11-15: - get: - x-aws-operation-name: EnableFastSnapshotRestores - operationId: GET_EnableFastSnapshotRestores - description: '

Enables fast snapshot restores for the specified snapshots in the specified Availability Zones.

You get the full benefit of fast snapshot restores after they enter the enabled state. To get the current state of fast snapshot restores, use DescribeFastSnapshotRestores. To disable fast snapshot restores, use DisableFastSnapshotRestores.

For more information, see Amazon EBS fast snapshot restore in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableFastSnapshotRestoresResult' - parameters: - - name: AvailabilityZone - in: query - required: true - description: 'One or more Availability Zones. For example, us-east-2a.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: AvailabilityZone - - name: SourceSnapshotId - in: query - required: true - description: 'The IDs of one or more snapshots. For example, snap-1234567890abcdef0. You can specify a snapshot that was shared with you from another Amazon Web Services account.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SnapshotId' - - xml: - name: SnapshotId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: EnableFastSnapshotRestores - operationId: POST_EnableFastSnapshotRestores - description: '

Enables fast snapshot restores for the specified snapshots in the specified Availability Zones.

You get the full benefit of fast snapshot restores after they enter the enabled state. To get the current state of fast snapshot restores, use DescribeFastSnapshotRestores. To disable fast snapshot restores, use DisableFastSnapshotRestores.

For more information, see Amazon EBS fast snapshot restore in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableFastSnapshotRestoresResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableFastSnapshotRestoresRequest' - parameters: [] - /?Action=EnableImageDeprecation&Version=2016-11-15: - get: - x-aws-operation-name: EnableImageDeprecation - operationId: GET_EnableImageDeprecation - description: '

Enables deprecation of the specified AMI at the specified date and time.

For more information, see Deprecate an AMI in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableImageDeprecationResult' - parameters: - - name: ImageId - in: query - required: true - description: The ID of the AMI. - schema: - type: string - - name: DeprecateAt - in: query - required: true - description: '

The date and time to deprecate the AMI, in UTC, in the following format: YYYY-MM-DDTHH:MM:SSZ. If you specify a value for seconds, Amazon EC2 rounds the seconds to the nearest minute.

You can’t specify a date in the past. The upper limit for DeprecateAt is 10 years from now.

' - schema: - type: string - format: date-time - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: EnableImageDeprecation - operationId: POST_EnableImageDeprecation - description: '

Enables deprecation of the specified AMI at the specified date and time.

For more information, see Deprecate an AMI in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableImageDeprecationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableImageDeprecationRequest' - parameters: [] - /?Action=EnableIpamOrganizationAdminAccount&Version=2016-11-15: - get: - x-aws-operation-name: EnableIpamOrganizationAdminAccount - operationId: GET_EnableIpamOrganizationAdminAccount - description: 'Enable an Organizations member account as the IPAM admin account. You cannot select the Organizations management account as the IPAM admin account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableIpamOrganizationAdminAccountResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: DelegatedAdminAccountId - in: query - required: true - description: The Organizations member account ID that you want to enable as the IPAM account. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: EnableIpamOrganizationAdminAccount - operationId: POST_EnableIpamOrganizationAdminAccount - description: 'Enable an Organizations member account as the IPAM admin account. You cannot select the Organizations management account as the IPAM admin account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableIpamOrganizationAdminAccountResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableIpamOrganizationAdminAccountRequest' - parameters: [] - /?Action=EnableSerialConsoleAccess&Version=2016-11-15: - get: - x-aws-operation-name: EnableSerialConsoleAccess - operationId: GET_EnableSerialConsoleAccess - description: 'Enables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableSerialConsoleAccessResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: EnableSerialConsoleAccess - operationId: POST_EnableSerialConsoleAccess - description: 'Enables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableSerialConsoleAccessResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableSerialConsoleAccessRequest' - parameters: [] - /?Action=EnableTransitGatewayRouteTablePropagation&Version=2016-11-15: - get: - x-aws-operation-name: EnableTransitGatewayRouteTablePropagation - operationId: GET_EnableTransitGatewayRouteTablePropagation - description: Enables the specified attachment to propagate routes to the specified propagation route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableTransitGatewayRouteTablePropagationResult' - parameters: - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the propagation route table. - schema: - type: string - - name: TransitGatewayAttachmentId - in: query - required: true - description: The ID of the attachment. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: EnableTransitGatewayRouteTablePropagation - operationId: POST_EnableTransitGatewayRouteTablePropagation - description: Enables the specified attachment to propagate routes to the specified propagation route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableTransitGatewayRouteTablePropagationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableTransitGatewayRouteTablePropagationRequest' - parameters: [] - /?Action=EnableVgwRoutePropagation&Version=2016-11-15: - get: - x-aws-operation-name: EnableVgwRoutePropagation - operationId: GET_EnableVgwRoutePropagation - description: Enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC. - responses: - '200': - description: Success - parameters: - - name: GatewayId - in: query - required: true - description: 'The ID of the virtual private gateway that is attached to a VPC. The virtual private gateway must be attached to the same VPC that the routing tables are associated with. ' - schema: - type: string - - name: RouteTableId - in: query - required: true - description: 'The ID of the route table. The routing table must be associated with the same VPC that the virtual private gateway is attached to. ' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: EnableVgwRoutePropagation - operationId: POST_EnableVgwRoutePropagation - description: Enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableVgwRoutePropagationRequest' - parameters: [] - /?Action=EnableVolumeIO&Version=2016-11-15: - get: - x-aws-operation-name: EnableVolumeIO - operationId: GET_EnableVolumeIO - description: Enables I/O operations for a volume that had I/O operations disabled because the data on the volume was potentially inconsistent. - responses: - '200': - description: Success - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VolumeId - in: query - required: true - description: The ID of the volume. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: EnableVolumeIO - operationId: POST_EnableVolumeIO - description: Enables I/O operations for a volume that had I/O operations disabled because the data on the volume was potentially inconsistent. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableVolumeIORequest' - parameters: [] - /?Action=EnableVpcClassicLink&Version=2016-11-15: - get: - x-aws-operation-name: EnableVpcClassicLink - operationId: GET_EnableVpcClassicLink - description: 'Enables a VPC for ClassicLink. You can then link EC2-Classic instances to your ClassicLink-enabled VPC to allow communication over private IP addresses. You cannot enable your VPC for ClassicLink if any of your VPC route tables have existing routes for address ranges within the 10.0.0.0/8 IP address range, excluding local routes for VPCs in the 10.0.0.0/16 and 10.1.0.0/16 IP address ranges. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableVpcClassicLinkResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: EnableVpcClassicLink - operationId: POST_EnableVpcClassicLink - description: 'Enables a VPC for ClassicLink. You can then link EC2-Classic instances to your ClassicLink-enabled VPC to allow communication over private IP addresses. You cannot enable your VPC for ClassicLink if any of your VPC route tables have existing routes for address ranges within the 10.0.0.0/8 IP address range, excluding local routes for VPCs in the 10.0.0.0/16 and 10.1.0.0/16 IP address ranges. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableVpcClassicLinkResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableVpcClassicLinkRequest' - parameters: [] - /?Action=EnableVpcClassicLinkDnsSupport&Version=2016-11-15: - get: - x-aws-operation-name: EnableVpcClassicLinkDnsSupport - operationId: GET_EnableVpcClassicLinkDnsSupport - description: '

Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it''s linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.

You must specify a VPC ID in the request.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableVpcClassicLinkDnsSupportResult' - parameters: - - name: VpcId - in: query - required: false - description: The ID of the VPC. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: EnableVpcClassicLinkDnsSupport - operationId: POST_EnableVpcClassicLinkDnsSupport - description: '

Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it''s linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.

You must specify a VPC ID in the request.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableVpcClassicLinkDnsSupportResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableVpcClassicLinkDnsSupportRequest' - parameters: [] - /?Action=ExportClientVpnClientCertificateRevocationList&Version=2016-11-15: - get: - x-aws-operation-name: ExportClientVpnClientCertificateRevocationList - operationId: GET_ExportClientVpnClientCertificateRevocationList - description: Downloads the client certificate revocation list for the specified Client VPN endpoint. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ExportClientVpnClientCertificateRevocationListResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ExportClientVpnClientCertificateRevocationList - operationId: POST_ExportClientVpnClientCertificateRevocationList - description: Downloads the client certificate revocation list for the specified Client VPN endpoint. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ExportClientVpnClientCertificateRevocationListResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ExportClientVpnClientCertificateRevocationListRequest' - parameters: [] - /?Action=ExportClientVpnClientConfiguration&Version=2016-11-15: - get: - x-aws-operation-name: ExportClientVpnClientConfiguration - operationId: GET_ExportClientVpnClientConfiguration - description: Downloads the contents of the Client VPN endpoint configuration file for the specified Client VPN endpoint. The Client VPN endpoint configuration file includes the Client VPN endpoint and certificate information clients need to establish a connection with the Client VPN endpoint. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ExportClientVpnClientConfigurationResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ExportClientVpnClientConfiguration - operationId: POST_ExportClientVpnClientConfiguration - description: Downloads the contents of the Client VPN endpoint configuration file for the specified Client VPN endpoint. The Client VPN endpoint configuration file includes the Client VPN endpoint and certificate information clients need to establish a connection with the Client VPN endpoint. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ExportClientVpnClientConfigurationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ExportClientVpnClientConfigurationRequest' - parameters: [] - /?Action=ExportImage&Version=2016-11-15: - get: - x-aws-operation-name: ExportImage - operationId: GET_ExportImage - description: 'Exports an Amazon Machine Image (AMI) to a VM file. For more information, see Exporting a VM directly from an Amazon Machine Image (AMI) in the VM Import/Export User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ExportImageResult' - parameters: - - name: ClientToken - in: query - required: false - description: Token to enable idempotency for export image requests. - schema: - type: string - - name: Description - in: query - required: false - description: A description of the image being exported. The maximum length is 255 characters. - schema: - type: string - - name: DiskImageFormat - in: query - required: true - description: The disk image format. - schema: - type: string - enum: - - VMDK - - RAW - - VHD - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ImageId - in: query - required: true - description: The ID of the image. - schema: - type: string - - name: S3ExportLocation - in: query - required: true - description: Information about the destination Amazon S3 bucket. The bucket must exist and grant WRITE and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com. - schema: - type: object - required: - - S3Bucket - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The prefix (logical hierarchy) in the bucket. - description: Describes the destination for an export image task. - - name: RoleName - in: query - required: false - description: 'The name of the role that grants VM Import/Export permission to export images to your Amazon S3 bucket. If this parameter is not specified, the default role is named ''vmimport''.' - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to apply to the export image task during creation. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ExportImage - operationId: POST_ExportImage - description: 'Exports an Amazon Machine Image (AMI) to a VM file. For more information, see Exporting a VM directly from an Amazon Machine Image (AMI) in the VM Import/Export User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ExportImageResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ExportImageRequest' - parameters: [] - /?Action=ExportTransitGatewayRoutes&Version=2016-11-15: - get: - x-aws-operation-name: ExportTransitGatewayRoutes - operationId: GET_ExportTransitGatewayRoutes - description: '

Exports routes from the specified transit gateway route table to the specified S3 bucket. By default, all routes are exported. Alternatively, you can filter by CIDR range.

The routes are saved to the specified bucket in a JSON file. For more information, see Export Route Tables to Amazon S3 in Transit Gateways.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ExportTransitGatewayRoutesResult' - parameters: - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the route table. - schema: - type: string - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: S3Bucket - in: query - required: true - description: The name of the S3 bucket. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ExportTransitGatewayRoutes - operationId: POST_ExportTransitGatewayRoutes - description: '

Exports routes from the specified transit gateway route table to the specified S3 bucket. By default, all routes are exported. Alternatively, you can filter by CIDR range.

The routes are saved to the specified bucket in a JSON file. For more information, see Export Route Tables to Amazon S3 in Transit Gateways.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ExportTransitGatewayRoutesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ExportTransitGatewayRoutesRequest' - parameters: [] - /?Action=GetAssociatedEnclaveCertificateIamRoles&Version=2016-11-15: - get: - x-aws-operation-name: GetAssociatedEnclaveCertificateIamRoles - operationId: GET_GetAssociatedEnclaveCertificateIamRoles - description: 'Returns the IAM roles that are associated with the specified ACM (ACM) certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored, and the ARN of the KMS key that''s used to encrypt the private key.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetAssociatedEnclaveCertificateIamRolesResult' - parameters: - - name: CertificateArn - in: query - required: false - description: 'The ARN of the ACM certificate for which to view the associated IAM roles, encryption keys, and Amazon S3 object information.' - schema: - type: string - minLength: 1 - maxLength: 1283 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetAssociatedEnclaveCertificateIamRoles - operationId: POST_GetAssociatedEnclaveCertificateIamRoles - description: 'Returns the IAM roles that are associated with the specified ACM (ACM) certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored, and the ARN of the KMS key that''s used to encrypt the private key.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetAssociatedEnclaveCertificateIamRolesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetAssociatedEnclaveCertificateIamRolesRequest' - parameters: [] - /?Action=GetAssociatedIpv6PoolCidrs&Version=2016-11-15: - get: - x-aws-operation-name: GetAssociatedIpv6PoolCidrs - operationId: GET_GetAssociatedIpv6PoolCidrs - description: Gets information about the IPv6 CIDR block associations for a specified IPv6 address pool. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetAssociatedIpv6PoolCidrsResult' - parameters: - - name: PoolId - in: query - required: true - description: The ID of the IPv6 address pool. - schema: - type: string - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 1 - maximum: 1000 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetAssociatedIpv6PoolCidrs - operationId: POST_GetAssociatedIpv6PoolCidrs - description: Gets information about the IPv6 CIDR block associations for a specified IPv6 address pool. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetAssociatedIpv6PoolCidrsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetAssociatedIpv6PoolCidrsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=GetCapacityReservationUsage&Version=2016-11-15: - get: - x-aws-operation-name: GetCapacityReservationUsage - operationId: GET_GetCapacityReservationUsage - description: 'Gets usage information about a Capacity Reservation. If the Capacity Reservation is shared, it shows usage information for the Capacity Reservation owner and each Amazon Web Services account that is currently using the shared capacity. If the Capacity Reservation is not shared, it shows only the Capacity Reservation owner''s usage.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetCapacityReservationUsageResult' - parameters: - - name: CapacityReservationId - in: query - required: true - description: The ID of the Capacity Reservation. - schema: - type: string - - name: NextToken - in: query - required: false - description: The token to use to retrieve the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: '

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.

Valid range: Minimum value of 1. Maximum value of 1000.

' - schema: - type: integer - minimum: 1 - maximum: 1000 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetCapacityReservationUsage - operationId: POST_GetCapacityReservationUsage - description: 'Gets usage information about a Capacity Reservation. If the Capacity Reservation is shared, it shows usage information for the Capacity Reservation owner and each Amazon Web Services account that is currently using the shared capacity. If the Capacity Reservation is not shared, it shows only the Capacity Reservation owner''s usage.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetCapacityReservationUsageResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetCapacityReservationUsageRequest' - parameters: [] - /?Action=GetCoipPoolUsage&Version=2016-11-15: - get: - x-aws-operation-name: GetCoipPoolUsage - operationId: GET_GetCoipPoolUsage - description: Describes the allocations from the specified customer-owned address pool. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetCoipPoolUsageResult' - parameters: - - name: PoolId - in: query - required: true - description: The ID of the address pool. - schema: - type: string - - name: Filter - in: query - required: false - description:

One or more filters.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetCoipPoolUsage - operationId: POST_GetCoipPoolUsage - description: Describes the allocations from the specified customer-owned address pool. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetCoipPoolUsageResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetCoipPoolUsageRequest' - parameters: [] - /?Action=GetConsoleOutput&Version=2016-11-15: - get: - x-aws-operation-name: GetConsoleOutput - operationId: GET_GetConsoleOutput - description: '

Gets the console output for the specified instance. For Linux instances, the instance console output displays the exact console output that would normally be displayed on a physical monitor attached to a computer. For Windows instances, the instance console output includes the last three system event log errors.

By default, the console output returns buffered information that was posted shortly after an instance transition state (start, stop, reboot, or terminate). This information is available for at least one hour after the most recent post. Only the most recent 64 KB of console output is available.

You can optionally retrieve the latest serial console output at any time during the instance lifecycle. This option is supported on instance types that use the Nitro hypervisor.

For more information, see Instance console output in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetConsoleOutputResult' - parameters: - - name: InstanceId - in: query - required: true - description: The ID of the instance. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Latest - in: query - required: false - description: '

When enabled, retrieves the latest console output for the instance.

Default: disabled (false)

' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetConsoleOutput - operationId: POST_GetConsoleOutput - description: '

Gets the console output for the specified instance. For Linux instances, the instance console output displays the exact console output that would normally be displayed on a physical monitor attached to a computer. For Windows instances, the instance console output includes the last three system event log errors.

By default, the console output returns buffered information that was posted shortly after an instance transition state (start, stop, reboot, or terminate). This information is available for at least one hour after the most recent post. Only the most recent 64 KB of console output is available.

You can optionally retrieve the latest serial console output at any time during the instance lifecycle. This option is supported on instance types that use the Nitro hypervisor.

For more information, see Instance console output in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetConsoleOutputResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetConsoleOutputRequest' - parameters: [] - /?Action=GetConsoleScreenshot&Version=2016-11-15: - get: - x-aws-operation-name: GetConsoleScreenshot - operationId: GET_GetConsoleScreenshot - description:

Retrieve a JPG-format screenshot of a running instance to help with troubleshooting.

The returned content is Base64-encoded.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetConsoleScreenshotResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceId - in: query - required: true - description: The ID of the instance. - schema: - type: string - - name: WakeUp - in: query - required: false - description: 'When set to true, acts as keystroke input and wakes up an instance that''s in standby or "sleep" mode.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetConsoleScreenshot - operationId: POST_GetConsoleScreenshot - description:

Retrieve a JPG-format screenshot of a running instance to help with troubleshooting.

The returned content is Base64-encoded.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetConsoleScreenshotResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetConsoleScreenshotRequest' - parameters: [] - /?Action=GetDefaultCreditSpecification&Version=2016-11-15: - get: - x-aws-operation-name: GetDefaultCreditSpecification - operationId: GET_GetDefaultCreditSpecification - description: '

Describes the default credit option for CPU usage of a burstable performance instance family.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetDefaultCreditSpecificationResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceFamily - in: query - required: true - description: The instance family. - schema: - type: string - enum: - - t2 - - t3 - - t3a - - t4g - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetDefaultCreditSpecification - operationId: POST_GetDefaultCreditSpecification - description: '

Describes the default credit option for CPU usage of a burstable performance instance family.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetDefaultCreditSpecificationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetDefaultCreditSpecificationRequest' - parameters: [] - /?Action=GetEbsDefaultKmsKeyId&Version=2016-11-15: - get: - x-aws-operation-name: GetEbsDefaultKmsKeyId - operationId: GET_GetEbsDefaultKmsKeyId - description: '

Describes the default KMS key for EBS encryption by default for your account in this Region. You can change the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetEbsDefaultKmsKeyIdResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetEbsDefaultKmsKeyId - operationId: POST_GetEbsDefaultKmsKeyId - description: '

Describes the default KMS key for EBS encryption by default for your account in this Region. You can change the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetEbsDefaultKmsKeyIdResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetEbsDefaultKmsKeyIdRequest' - parameters: [] - /?Action=GetEbsEncryptionByDefault&Version=2016-11-15: - get: - x-aws-operation-name: GetEbsEncryptionByDefault - operationId: GET_GetEbsEncryptionByDefault - description: '

Describes whether EBS encryption by default is enabled for your account in the current Region.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetEbsEncryptionByDefaultResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetEbsEncryptionByDefault - operationId: POST_GetEbsEncryptionByDefault - description: '

Describes whether EBS encryption by default is enabled for your account in the current Region.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetEbsEncryptionByDefaultResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetEbsEncryptionByDefaultRequest' - parameters: [] - /?Action=GetFlowLogsIntegrationTemplate&Version=2016-11-15: - get: - x-aws-operation-name: GetFlowLogsIntegrationTemplate - operationId: GET_GetFlowLogsIntegrationTemplate - description: '

Generates a CloudFormation template that streamlines and automates the integration of VPC flow logs with Amazon Athena. This make it easier for you to query and gain insights from VPC flow logs data. Based on the information that you provide, we configure resources in the template to do the following:

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetFlowLogsIntegrationTemplateResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: FlowLogId - in: query - required: true - description: The ID of the flow log. - schema: - type: string - - name: ConfigDeliveryS3DestinationArn - in: query - required: true - description: 'To store the CloudFormation template in Amazon S3, specify the location in Amazon S3.' - schema: - type: string - - name: IntegrateService - in: query - required: true - description: Information about the service integration. - schema: - type: object - properties: - AthenaIntegration: - allOf: - - $ref: '#/components/schemas/AthenaIntegrationsSet' - - description: Information about the integration with Amazon Athena. - description: Describes service integrations with VPC Flow logs. - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetFlowLogsIntegrationTemplate - operationId: POST_GetFlowLogsIntegrationTemplate - description: '

Generates a CloudFormation template that streamlines and automates the integration of VPC flow logs with Amazon Athena. This make it easier for you to query and gain insights from VPC flow logs data. Based on the information that you provide, we configure resources in the template to do the following:

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetFlowLogsIntegrationTemplateResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetFlowLogsIntegrationTemplateRequest' - parameters: [] - /?Action=GetGroupsForCapacityReservation&Version=2016-11-15: - get: - x-aws-operation-name: GetGroupsForCapacityReservation - operationId: GET_GetGroupsForCapacityReservation - description: Lists the resource groups to which a Capacity Reservation has been added. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetGroupsForCapacityReservationResult' - parameters: - - name: CapacityReservationId - in: query - required: true - description: The ID of the Capacity Reservation. - schema: - type: string - - name: NextToken - in: query - required: false - description: The token to use to retrieve the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.' - schema: - type: integer - minimum: 1 - maximum: 1000 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetGroupsForCapacityReservation - operationId: POST_GetGroupsForCapacityReservation - description: Lists the resource groups to which a Capacity Reservation has been added. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetGroupsForCapacityReservationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetGroupsForCapacityReservationRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=GetHostReservationPurchasePreview&Version=2016-11-15: - get: - x-aws-operation-name: GetHostReservationPurchasePreview - operationId: GET_GetHostReservationPurchasePreview - description:

Preview a reservation purchase with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation.

This is a preview of the PurchaseHostReservation action and does not result in the offering being purchased.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetHostReservationPurchasePreviewResult' - parameters: - - name: HostIdSet - in: query - required: true - description: The IDs of the Dedicated Hosts with which the reservation is associated. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/DedicatedHostId' - - xml: - name: item - - name: OfferingId - in: query - required: true - description: The offering ID of the reservation. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetHostReservationPurchasePreview - operationId: POST_GetHostReservationPurchasePreview - description:

Preview a reservation purchase with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation.

This is a preview of the PurchaseHostReservation action and does not result in the offering being purchased.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetHostReservationPurchasePreviewResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetHostReservationPurchasePreviewRequest' - parameters: [] - /?Action=GetInstanceTypesFromInstanceRequirements&Version=2016-11-15: - get: - x-aws-operation-name: GetInstanceTypesFromInstanceRequirements - operationId: GET_GetInstanceTypesFromInstanceRequirements - description: '

Returns a list of instance types with the specified instance attributes. You can use the response to preview the instance types without launching instances. Note that the response does not consider capacity.

When you specify multiple parameters, you get instance types that satisfy all of the specified parameters. If you specify multiple values for a parameter, you get instance types that satisfy any of the specified values.

For more information, see Preview instance types with specified attributes, Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide, and Creating an Auto Scaling group using attribute-based instance type selection in the Amazon EC2 Auto Scaling User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetInstanceTypesFromInstanceRequirementsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ArchitectureType - in: query - required: true - description: The processor architecture type. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ArchitectureType' - - xml: - name: item - minItems: 0 - maxItems: 3 - - name: VirtualizationType - in: query - required: true - description: The virtualization type. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VirtualizationType' - - xml: - name: item - minItems: 0 - maxItems: 2 - - name: InstanceRequirements - in: query - required: true - description: The attributes required for the instance types. - schema: - type: object - required: - - VCpuCount - - MemoryMiB - properties: - undefined: - allOf: - - $ref: '#/components/schemas/MemoryMiBRequest' - - description: 'The minimum and maximum amount of memory, in MiB.' - CpuManufacturer: - allOf: - - $ref: '#/components/schemas/MemoryGiBPerVCpuRequest' - - description: '

The minimum and maximum amount of memory per vCPU, in GiB.

Default: No minimum or maximum limits

' - ExcludedInstanceType: - allOf: - - $ref: '#/components/schemas/ExcludedInstanceTypeSet' - - description: '

The instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (*), to exclude an instance family, type, size, or generation. The following are examples: m5.8xlarge, c5*.*, m5a.*, r*, *3*.

For example, if you specify c5*,Amazon EC2 will exclude the entire C5 instance family, which includes all C5a and C5n instance types. If you specify m5a.*, Amazon EC2 will exclude all the M5a instance types, but not the M5n instance types.

Default: No excluded instance types

' - InstanceGeneration: - allOf: - - $ref: '#/components/schemas/LocalStorage' - - description: '

Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, Amazon EC2 instance store in the Amazon EC2 User Guide.

Default: included

' - LocalStorageType: - allOf: - - $ref: '#/components/schemas/BaselineEbsBandwidthMbpsRequest' - - description: '

The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.

Default: No minimum or maximum limits

' - AcceleratorType: - allOf: - - $ref: '#/components/schemas/AcceleratorCountRequest' - - description: '

The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an instance.

To exclude accelerator-enabled instance types, set Max to 0.

Default: No minimum or maximum limits

' - AcceleratorManufacturer: - allOf: - - $ref: '#/components/schemas/AcceleratorManufacturerSet' - - description: '

Indicates whether instance types must have accelerators by specific manufacturers.

Default: Any manufacturer

' - AcceleratorName: - allOf: - - $ref: '#/components/schemas/AcceleratorTotalMemoryMiBRequest' - - description: '

The minimum and maximum amount of total accelerator memory, in MiB.

Default: No minimum or maximum limits

' - description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.

When you specify multiple parameters, you get instance types that satisfy all of the specified parameters. If you specify multiple values for a parameter, you get instance types that satisfy any of the specified values.

You must specify VCpuCount and MemoryMiB. All other parameters are optional. Any unspecified optional parameter is set to its default.

For more information, see Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide.

' - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. Specify a value between 1 and
 1000. The default value is 1000. To retrieve the remaining results, make another call with
 the returned NextToken value.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token for the next set of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetInstanceTypesFromInstanceRequirements - operationId: POST_GetInstanceTypesFromInstanceRequirements - description: '

Returns a list of instance types with the specified instance attributes. You can use the response to preview the instance types without launching instances. Note that the response does not consider capacity.

When you specify multiple parameters, you get instance types that satisfy all of the specified parameters. If you specify multiple values for a parameter, you get instance types that satisfy any of the specified values.

For more information, see Preview instance types with specified attributes, Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide, and Creating an Auto Scaling group using attribute-based instance type selection in the Amazon EC2 Auto Scaling User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetInstanceTypesFromInstanceRequirementsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetInstanceTypesFromInstanceRequirementsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=GetInstanceUefiData&Version=2016-11-15: - get: - x-aws-operation-name: GetInstanceUefiData - operationId: GET_GetInstanceUefiData - description: '

A binary representation of the UEFI variable store. Only non-volatile variables are stored. This is a base64 encoded and zlib compressed binary value that must be properly encoded.

When you use register-image to create an AMI, you can create an exact copy of your variable store by passing the UEFI data in the UefiData parameter. You can modify the UEFI data by using the python-uefivars tool on GitHub. You can use the tool to convert the UEFI data into a human-readable format (JSON), which you can inspect and modify, and then convert back into the binary format to use with register-image.

For more information, see UEFI Secure Boot in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetInstanceUefiDataResult' - parameters: - - name: InstanceId - in: query - required: true - description: The ID of the instance from which to retrieve the UEFI data. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetInstanceUefiData - operationId: POST_GetInstanceUefiData - description: '

A binary representation of the UEFI variable store. Only non-volatile variables are stored. This is a base64 encoded and zlib compressed binary value that must be properly encoded.

When you use register-image to create an AMI, you can create an exact copy of your variable store by passing the UEFI data in the UefiData parameter. You can modify the UEFI data by using the python-uefivars tool on GitHub. You can use the tool to convert the UEFI data into a human-readable format (JSON), which you can inspect and modify, and then convert back into the binary format to use with register-image.

For more information, see UEFI Secure Boot in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetInstanceUefiDataResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetInstanceUefiDataRequest' - parameters: [] - /?Action=GetIpamAddressHistory&Version=2016-11-15: - get: - x-aws-operation-name: GetIpamAddressHistory - operationId: GET_GetIpamAddressHistory - description: 'Retrieve historical information about a CIDR within an IPAM scope. For more information, see View the history of IP addresses in the Amazon VPC IPAM User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetIpamAddressHistoryResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Cidr - in: query - required: true - description: 'The CIDR you want the history of. The CIDR can be an IPv4 or IPv6 IP address range. If you enter a /16 IPv4 CIDR, you will get records that match it exactly. You will not get records for any subnets within the /16 CIDR.' - schema: - type: string - - name: IpamScopeId - in: query - required: true - description: The ID of the IPAM scope that the CIDR is in. - schema: - type: string - - name: VpcId - in: query - required: false - description: The ID of the VPC you want your history records filtered by. - schema: - type: string - - name: StartTime - in: query - required: false - description: 'The start of the time period for which you are looking for history. If you omit this option, it will default to the value of EndTime.' - schema: - type: string - format: date-time - - name: EndTime - in: query - required: false - description: 'The end of the time period for which you are looking for history. If you omit this option, it will default to the current time.' - schema: - type: string - format: date-time - - name: MaxResults - in: query - required: false - description: The maximum number of historical results you would like returned per page. Defaults to 100. - schema: - type: integer - minimum: 1 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetIpamAddressHistory - operationId: POST_GetIpamAddressHistory - description: 'Retrieve historical information about a CIDR within an IPAM scope. For more information, see View the history of IP addresses in the Amazon VPC IPAM User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetIpamAddressHistoryResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetIpamAddressHistoryRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=GetIpamPoolAllocations&Version=2016-11-15: - get: - x-aws-operation-name: GetIpamPoolAllocations - operationId: GET_GetIpamPoolAllocations - description: Get a list of all the CIDR allocations in an IPAM pool. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetIpamPoolAllocationsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IpamPoolId - in: query - required: true - description: The ID of the IPAM pool you want to see the allocations for. - schema: - type: string - - name: IpamPoolAllocationId - in: query - required: false - description: The ID of the allocation. - schema: - type: string - - name: Filter - in: query - required: false - description: 'One or more filters for the request. For more information about filtering, see Filtering CLI output.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: The maximum number of results you would like returned per page. - schema: - type: integer - minimum: 1000 - maximum: 100000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetIpamPoolAllocations - operationId: POST_GetIpamPoolAllocations - description: Get a list of all the CIDR allocations in an IPAM pool. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetIpamPoolAllocationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetIpamPoolAllocationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=GetIpamPoolCidrs&Version=2016-11-15: - get: - x-aws-operation-name: GetIpamPoolCidrs - operationId: GET_GetIpamPoolCidrs - description: Get the CIDRs provisioned to an IPAM pool. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetIpamPoolCidrsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IpamPoolId - in: query - required: true - description: The ID of the IPAM pool you want the CIDR for. - schema: - type: string - - name: Filter - in: query - required: false - description: 'One or more filters for the request. For more information about filtering, see Filtering CLI output.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: The maximum number of results to return in the request. - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetIpamPoolCidrs - operationId: POST_GetIpamPoolCidrs - description: Get the CIDRs provisioned to an IPAM pool. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetIpamPoolCidrsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetIpamPoolCidrsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=GetIpamResourceCidrs&Version=2016-11-15: - get: - x-aws-operation-name: GetIpamResourceCidrs - operationId: GET_GetIpamResourceCidrs - description: Get information about the resources in a scope. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetIpamResourceCidrsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Filter - in: query - required: false - description: 'One or more filters for the request. For more information about filtering, see Filtering CLI output.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: The maximum number of results to return in the request. - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: IpamScopeId - in: query - required: true - description: The ID of the scope that the resource is in. - schema: - type: string - - name: IpamPoolId - in: query - required: false - description: The ID of the IPAM pool that the resource is in. - schema: - type: string - - name: ResourceId - in: query - required: false - description: The ID of the resource. - schema: - type: string - - name: ResourceType - in: query - required: false - description: The resource type. - schema: - type: string - enum: - - vpc - - subnet - - eip - - public-ipv4-pool - - ipv6-pool - - name: ResourceTag - in: query - required: false - description: '' - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The value for the tag. - description: A tag on an IPAM resource. - - name: ResourceOwner - in: query - required: false - description: The ID of the Amazon Web Services account that owns the resource. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetIpamResourceCidrs - operationId: POST_GetIpamResourceCidrs - description: Get information about the resources in a scope. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetIpamResourceCidrsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetIpamResourceCidrsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=GetLaunchTemplateData&Version=2016-11-15: - get: - x-aws-operation-name: GetLaunchTemplateData - operationId: GET_GetLaunchTemplateData - description: '

Retrieves the configuration data of the specified instance. You can use this data to create a launch template.

This action calls on other describe actions to get instance information. Depending on your instance configuration, you may need to allow the following actions in your IAM policy: DescribeSpotInstanceRequests, DescribeInstanceCreditSpecifications, DescribeVolumes, DescribeInstanceAttribute, and DescribeElasticGpus. Or, you can allow describe* depending on your instance requirements.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetLaunchTemplateDataResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceId - in: query - required: true - description: The ID of the instance. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetLaunchTemplateData - operationId: POST_GetLaunchTemplateData - description: '

Retrieves the configuration data of the specified instance. You can use this data to create a launch template.

This action calls on other describe actions to get instance information. Depending on your instance configuration, you may need to allow the following actions in your IAM policy: DescribeSpotInstanceRequests, DescribeInstanceCreditSpecifications, DescribeVolumes, DescribeInstanceAttribute, and DescribeElasticGpus. Or, you can allow describe* depending on your instance requirements.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetLaunchTemplateDataResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetLaunchTemplateDataRequest' - parameters: [] - /?Action=GetManagedPrefixListAssociations&Version=2016-11-15: - get: - x-aws-operation-name: GetManagedPrefixListAssociations - operationId: GET_GetManagedPrefixListAssociations - description: Gets information about the resources that are associated with the specified managed prefix list. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetManagedPrefixListAssociationsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: PrefixListId - in: query - required: true - description: The ID of the prefix list. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 255 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetManagedPrefixListAssociations - operationId: POST_GetManagedPrefixListAssociations - description: Gets information about the resources that are associated with the specified managed prefix list. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetManagedPrefixListAssociationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetManagedPrefixListAssociationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=GetManagedPrefixListEntries&Version=2016-11-15: - get: - x-aws-operation-name: GetManagedPrefixListEntries - operationId: GET_GetManagedPrefixListEntries - description: Gets information about the entries for a specified managed prefix list. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetManagedPrefixListEntriesResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: PrefixListId - in: query - required: true - description: The ID of the prefix list. - schema: - type: string - - name: TargetVersion - in: query - required: false - description: The version of the prefix list for which to return the entries. The default is the current version. - schema: - type: integer - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 1 - maximum: 100 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetManagedPrefixListEntries - operationId: POST_GetManagedPrefixListEntries - description: Gets information about the entries for a specified managed prefix list. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetManagedPrefixListEntriesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetManagedPrefixListEntriesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=GetNetworkInsightsAccessScopeAnalysisFindings&Version=2016-11-15: - get: - x-aws-operation-name: GetNetworkInsightsAccessScopeAnalysisFindings - operationId: GET_GetNetworkInsightsAccessScopeAnalysisFindings - description: Gets the findings for the specified Network Access Scope analysis. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetNetworkInsightsAccessScopeAnalysisFindingsResult' - parameters: - - name: NetworkInsightsAccessScopeAnalysisId - in: query - required: true - description: The ID of the Network Access Scope analysis. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 1 - maximum: 100 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetNetworkInsightsAccessScopeAnalysisFindings - operationId: POST_GetNetworkInsightsAccessScopeAnalysisFindings - description: Gets the findings for the specified Network Access Scope analysis. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetNetworkInsightsAccessScopeAnalysisFindingsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetNetworkInsightsAccessScopeAnalysisFindingsRequest' - parameters: [] - /?Action=GetNetworkInsightsAccessScopeContent&Version=2016-11-15: - get: - x-aws-operation-name: GetNetworkInsightsAccessScopeContent - operationId: GET_GetNetworkInsightsAccessScopeContent - description: Gets the content for the specified Network Access Scope. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetNetworkInsightsAccessScopeContentResult' - parameters: - - name: NetworkInsightsAccessScopeId - in: query - required: true - description: The ID of the Network Access Scope. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetNetworkInsightsAccessScopeContent - operationId: POST_GetNetworkInsightsAccessScopeContent - description: Gets the content for the specified Network Access Scope. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetNetworkInsightsAccessScopeContentResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetNetworkInsightsAccessScopeContentRequest' - parameters: [] - /?Action=GetPasswordData&Version=2016-11-15: - get: - x-aws-operation-name: GetPasswordData - operationId: GET_GetPasswordData - description: '

Retrieves the encrypted administrator password for a running Windows instance.

The Windows password is generated at boot by the EC2Config service or EC2Launch scripts (Windows Server 2016 and later). This usually only happens the first time an instance is launched. For more information, see EC2Config and EC2Launch in the Amazon EC2 User Guide.

For the EC2Config service, the password is not generated for rebundled AMIs unless Ec2SetPassword is enabled before bundling.

The password is encrypted using the key pair that you specified when you launched the instance. You must provide the corresponding key pair file.

When you launch an instance, password generation and encryption may take a few minutes. If you try to retrieve the password before it''s available, the output returns an empty string. We recommend that you wait up to 15 minutes after launching an instance before trying to retrieve the generated password.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetPasswordDataResult' - parameters: - - name: InstanceId - in: query - required: true - description: The ID of the Windows instance. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetPasswordData - operationId: POST_GetPasswordData - description: '

Retrieves the encrypted administrator password for a running Windows instance.

The Windows password is generated at boot by the EC2Config service or EC2Launch scripts (Windows Server 2016 and later). This usually only happens the first time an instance is launched. For more information, see EC2Config and EC2Launch in the Amazon EC2 User Guide.

For the EC2Config service, the password is not generated for rebundled AMIs unless Ec2SetPassword is enabled before bundling.

The password is encrypted using the key pair that you specified when you launched the instance. You must provide the corresponding key pair file.

When you launch an instance, password generation and encryption may take a few minutes. If you try to retrieve the password before it''s available, the output returns an empty string. We recommend that you wait up to 15 minutes after launching an instance before trying to retrieve the generated password.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetPasswordDataResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetPasswordDataRequest' - parameters: [] - /?Action=GetReservedInstancesExchangeQuote&Version=2016-11-15: - get: - x-aws-operation-name: GetReservedInstancesExchangeQuote - operationId: GET_GetReservedInstancesExchangeQuote - description: 'Returns a quote and exchange information for exchanging one or more specified Convertible Reserved Instances for a new Convertible Reserved Instance. If the exchange cannot be performed, the reason is returned in the response. Use AcceptReservedInstancesExchangeQuote to perform the exchange.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetReservedInstancesExchangeQuoteResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ReservedInstanceId - in: query - required: true - description: The IDs of the Convertible Reserved Instances to exchange. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservationId' - - xml: - name: ReservedInstanceId - - name: TargetConfiguration - in: query - required: false - description: The configuration of the target Convertible Reserved Instance to exchange for your current Convertible Reserved Instances. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TargetConfigurationRequest' - - xml: - name: TargetConfigurationRequest - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetReservedInstancesExchangeQuote - operationId: POST_GetReservedInstancesExchangeQuote - description: 'Returns a quote and exchange information for exchanging one or more specified Convertible Reserved Instances for a new Convertible Reserved Instance. If the exchange cannot be performed, the reason is returned in the response. Use AcceptReservedInstancesExchangeQuote to perform the exchange.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetReservedInstancesExchangeQuoteResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetReservedInstancesExchangeQuoteRequest' - parameters: [] - /?Action=GetSerialConsoleAccessStatus&Version=2016-11-15: - get: - x-aws-operation-name: GetSerialConsoleAccessStatus - operationId: GET_GetSerialConsoleAccessStatus - description: 'Retrieves the access status of your account to the EC2 serial console of all instances. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetSerialConsoleAccessStatusResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetSerialConsoleAccessStatus - operationId: POST_GetSerialConsoleAccessStatus - description: 'Retrieves the access status of your account to the EC2 serial console of all instances. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetSerialConsoleAccessStatusResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetSerialConsoleAccessStatusRequest' - parameters: [] - /?Action=GetSpotPlacementScores&Version=2016-11-15: - get: - x-aws-operation-name: GetSpotPlacementScores - operationId: GET_GetSpotPlacementScores - description: '

Calculates the Spot placement score for a Region or Availability Zone based on the specified target capacity and compute requirements.

You can specify your compute requirements either by using InstanceRequirementsWithMetadata and letting Amazon EC2 choose the optimal instance types to fulfill your Spot request, or you can specify the instance types by using InstanceTypes.

For more information, see Spot placement score in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetSpotPlacementScoresResult' - parameters: - - name: InstanceType - in: query - required: false - description: '

The instance types. We recommend that you specify at least three instance types. If you specify one or two instance types, or specify variations of a single instance type (for example, an m3.xlarge with and without instance storage), the returned placement score will always be low.

If you specify InstanceTypes, you can''t specify InstanceRequirementsWithMetadata.

' - schema: - type: array - items: - $ref: '#/components/schemas/String' - minItems: 0 - maxItems: 1000 - - name: TargetCapacity - in: query - required: true - description: The target capacity. - schema: - type: integer - minimum: 1 - maximum: 2000000000 - - name: TargetCapacityUnitType - in: query - required: false - description: '

The unit for the target capacity.

Default: units (translates to number of instances)

' - schema: - type: string - enum: - - vcpu - - memory-mib - - units - - name: SingleAvailabilityZone - in: query - required: false - description: '

Specify true so that the response returns a list of scored Availability Zones. Otherwise, the response returns a list of scored Regions.

A list of scored Availability Zones is useful if you want to launch all of your Spot capacity into a single Availability Zone.

' - schema: - type: boolean - - name: RegionName - in: query - required: false - description: 'The Regions used to narrow down the list of Regions to be scored. Enter the Region code, for example, us-east-1.' - schema: - type: array - items: - $ref: '#/components/schemas/String' - minItems: 0 - maxItems: 10 - - name: InstanceRequirementsWithMetadata - in: query - required: false - description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.

If you specify InstanceRequirementsWithMetadata, you can''t specify InstanceTypes.

' - schema: - type: object - properties: - ArchitectureType: - allOf: - - $ref: '#/components/schemas/ArchitectureTypeSet' - - description: The architecture type. - VirtualizationType: - allOf: - - $ref: '#/components/schemas/InstanceRequirementsRequest' - - description: 'The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.' - description: '

The architecture type, virtualization type, and other attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.

If you specify InstanceRequirementsWithMetadataRequest, you can''t specify InstanceTypes.

' - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return in a single call. Specify a value between 1 and
 1000. The default value is 1000. To retrieve the remaining results, make another call with
 the returned NextToken value.' - schema: - type: integer - minimum: 10 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next set of results. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetSpotPlacementScores - operationId: POST_GetSpotPlacementScores - description: '

Calculates the Spot placement score for a Region or Availability Zone based on the specified target capacity and compute requirements.

You can specify your compute requirements either by using InstanceRequirementsWithMetadata and letting Amazon EC2 choose the optimal instance types to fulfill your Spot request, or you can specify the instance types by using InstanceTypes.

For more information, see Spot placement score in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetSpotPlacementScoresResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetSpotPlacementScoresRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=GetSubnetCidrReservations&Version=2016-11-15: - get: - x-aws-operation-name: GetSubnetCidrReservations - operationId: GET_GetSubnetCidrReservations - description: Gets information about the subnet CIDR reservations. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetSubnetCidrReservationsResult' - parameters: - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: SubnetId - in: query - required: true - description: The ID of the subnet. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetSubnetCidrReservations - operationId: POST_GetSubnetCidrReservations - description: Gets information about the subnet CIDR reservations. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetSubnetCidrReservationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetSubnetCidrReservationsRequest' - parameters: [] - /?Action=GetTransitGatewayAttachmentPropagations&Version=2016-11-15: - get: - x-aws-operation-name: GetTransitGatewayAttachmentPropagations - operationId: GET_GetTransitGatewayAttachmentPropagations - description: Lists the route tables to which the specified resource attachment propagates routes. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetTransitGatewayAttachmentPropagationsResult' - parameters: - - name: TransitGatewayAttachmentId - in: query - required: true - description: The ID of the attachment. - schema: - type: string - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetTransitGatewayAttachmentPropagations - operationId: POST_GetTransitGatewayAttachmentPropagations - description: Lists the route tables to which the specified resource attachment propagates routes. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetTransitGatewayAttachmentPropagationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetTransitGatewayAttachmentPropagationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=GetTransitGatewayMulticastDomainAssociations&Version=2016-11-15: - get: - x-aws-operation-name: GetTransitGatewayMulticastDomainAssociations - operationId: GET_GetTransitGatewayMulticastDomainAssociations - description: Gets information about the associations for the transit gateway multicast domain. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetTransitGatewayMulticastDomainAssociationsResult' - parameters: - - name: TransitGatewayMulticastDomainId - in: query - required: false - description: The ID of the transit gateway multicast domain. - schema: - type: string - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetTransitGatewayMulticastDomainAssociations - operationId: POST_GetTransitGatewayMulticastDomainAssociations - description: Gets information about the associations for the transit gateway multicast domain. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetTransitGatewayMulticastDomainAssociationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetTransitGatewayMulticastDomainAssociationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=GetTransitGatewayPrefixListReferences&Version=2016-11-15: - get: - x-aws-operation-name: GetTransitGatewayPrefixListReferences - operationId: GET_GetTransitGatewayPrefixListReferences - description: Gets information about the prefix list references in a specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetTransitGatewayPrefixListReferencesResult' - parameters: - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the transit gateway route table. - schema: - type: string - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetTransitGatewayPrefixListReferences - operationId: POST_GetTransitGatewayPrefixListReferences - description: Gets information about the prefix list references in a specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetTransitGatewayPrefixListReferencesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetTransitGatewayPrefixListReferencesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=GetTransitGatewayRouteTableAssociations&Version=2016-11-15: - get: - x-aws-operation-name: GetTransitGatewayRouteTableAssociations - operationId: GET_GetTransitGatewayRouteTableAssociations - description: Gets information about the associations for the specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetTransitGatewayRouteTableAssociationsResult' - parameters: - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the transit gateway route table. - schema: - type: string - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetTransitGatewayRouteTableAssociations - operationId: POST_GetTransitGatewayRouteTableAssociations - description: Gets information about the associations for the specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetTransitGatewayRouteTableAssociationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetTransitGatewayRouteTableAssociationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=GetTransitGatewayRouteTablePropagations&Version=2016-11-15: - get: - x-aws-operation-name: GetTransitGatewayRouteTablePropagations - operationId: GET_GetTransitGatewayRouteTablePropagations - description: Gets information about the route table propagations for the specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetTransitGatewayRouteTablePropagationsResult' - parameters: - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the transit gateway route table. - schema: - type: string - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetTransitGatewayRouteTablePropagations - operationId: POST_GetTransitGatewayRouteTablePropagations - description: Gets information about the route table propagations for the specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetTransitGatewayRouteTablePropagationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetTransitGatewayRouteTablePropagationsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=GetVpnConnectionDeviceSampleConfiguration&Version=2016-11-15: - get: - x-aws-operation-name: GetVpnConnectionDeviceSampleConfiguration - operationId: GET_GetVpnConnectionDeviceSampleConfiguration - description: Download an Amazon Web Services-provided sample configuration file to be used with the customer gateway device specified for your Site-to-Site VPN connection. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetVpnConnectionDeviceSampleConfigurationResult' - parameters: - - name: VpnConnectionId - in: query - required: true - description: The VpnConnectionId specifies the Site-to-Site VPN connection used for the sample configuration. - schema: - type: string - - name: VpnConnectionDeviceTypeId - in: query - required: true - description: Device identifier provided by the GetVpnConnectionDeviceTypes API. - schema: - type: string - - name: InternetKeyExchangeVersion - in: query - required: false - description: 'The IKE version to be used in the sample configuration file for your customer gateway device. You can specify one of the following versions: ikev1 or ikev2.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetVpnConnectionDeviceSampleConfiguration - operationId: POST_GetVpnConnectionDeviceSampleConfiguration - description: Download an Amazon Web Services-provided sample configuration file to be used with the customer gateway device specified for your Site-to-Site VPN connection. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetVpnConnectionDeviceSampleConfigurationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetVpnConnectionDeviceSampleConfigurationRequest' - parameters: [] - /?Action=GetVpnConnectionDeviceTypes&Version=2016-11-15: - get: - x-aws-operation-name: GetVpnConnectionDeviceTypes - operationId: GET_GetVpnConnectionDeviceTypes - description: 'Obtain a list of customer gateway devices for which sample configuration files can be provided. The request has no additional parameters. You can also see the list of device types with sample configuration files available under Your customer gateway device in the Amazon Web Services Site-to-Site VPN User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetVpnConnectionDeviceTypesResult' - parameters: - - name: MaxResults - in: query - required: false - description: 'The maximum number of results returned by GetVpnConnectionDeviceTypes in paginated output. When this parameter is used, GetVpnConnectionDeviceTypes only returns MaxResults results in a single page along with a NextToken response element. The remaining results of the initial request can be seen by sending another GetVpnConnectionDeviceTypes request with the returned NextToken value. This value can be between 200 and 1000. If this parameter is not used, then GetVpnConnectionDeviceTypes returns all results.' - schema: - type: integer - minimum: 200 - maximum: 1000 - - name: NextToken - in: query - required: false - description: 'The NextToken value returned from a previous paginated GetVpnConnectionDeviceTypes request where MaxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the NextToken value. This value is null when there are no more results to return. ' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: GetVpnConnectionDeviceTypes - operationId: POST_GetVpnConnectionDeviceTypes - description: 'Obtain a list of customer gateway devices for which sample configuration files can be provided. The request has no additional parameters. You can also see the list of device types with sample configuration files available under Your customer gateway device in the Amazon Web Services Site-to-Site VPN User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/GetVpnConnectionDeviceTypesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetVpnConnectionDeviceTypesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=ImportClientVpnClientCertificateRevocationList&Version=2016-11-15: - get: - x-aws-operation-name: ImportClientVpnClientCertificateRevocationList - operationId: GET_ImportClientVpnClientCertificateRevocationList - description:

Uploads a client certificate revocation list to the specified Client VPN endpoint. Uploading a client certificate revocation list overwrites the existing client certificate revocation list.

Uploading a client certificate revocation list resets existing client connections.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportClientVpnClientCertificateRevocationListResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint to which the client certificate revocation list applies. - schema: - type: string - - name: CertificateRevocationList - in: query - required: true - description: 'The client certificate revocation list file. For more information, see Generate a Client Certificate Revocation List in the Client VPN Administrator Guide.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ImportClientVpnClientCertificateRevocationList - operationId: POST_ImportClientVpnClientCertificateRevocationList - description:

Uploads a client certificate revocation list to the specified Client VPN endpoint. Uploading a client certificate revocation list overwrites the existing client certificate revocation list.

Uploading a client certificate revocation list resets existing client connections.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportClientVpnClientCertificateRevocationListResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportClientVpnClientCertificateRevocationListRequest' - parameters: [] - /?Action=ImportImage&Version=2016-11-15: - get: - x-aws-operation-name: ImportImage - operationId: GET_ImportImage - description: '

Import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI).

For more information, see Importing a VM as an image using VM Import/Export in the VM Import/Export User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportImageResult' - parameters: - - name: Architecture - in: query - required: false - description: '

The architecture of the virtual machine.

Valid values: i386 | x86_64

' - schema: - type: string - - name: ClientData - in: query - required: false - description: The client-specific data. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time that the disk upload starts. - description: Describes the client-specific data. - - name: ClientToken - in: query - required: false - description: The token to enable idempotency for VM import requests. - schema: - type: string - - name: Description - in: query - required: false - description: A description string for the import image task. - schema: - type: string - - name: DiskContainer - in: query - required: false - description: Information about the disk containers. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImageDiskContainer' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Encrypted - in: query - required: false - description: 'Specifies whether the destination AMI of the imported image should be encrypted. The default KMS key for EBS is used unless you specify a non-default KMS key using KmsKeyId. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.' - schema: - type: boolean - - name: Hypervisor - in: query - required: false - description: '

The target hypervisor platform.

Valid values: xen

' - schema: - type: string - - name: KmsKeyId - in: query - required: false - description: '

An identifier for the symmetric KMS key to use when creating the encrypted AMI. This parameter is only required if you want to use a non-default KMS key; if this parameter is not specified, the default KMS key for EBS is used. If a KmsKeyId is specified, the Encrypted flag must also be set.

The KMS key identifier may be provided in any of the following formats:

Amazon Web Services parses KmsKeyId asynchronously, meaning that the action you call may appear to complete even though you provided an invalid identifier. This action will eventually report failure.

The specified KMS key must exist in the Region that the AMI is being copied to.

Amazon EBS does not support asymmetric KMS keys.

' - schema: - type: string - - name: LicenseType - in: query - required: false - description: '

The license type to be used for the Amazon Machine Image (AMI) after importing.

By default, we detect the source-system operating system (OS) and apply the appropriate license. Specify AWS to replace the source-system license with an Amazon Web Services license, if appropriate. Specify BYOL to retain the source-system license, if appropriate.

To use BYOL, you must have existing licenses with rights to use these licenses in a third party cloud, such as Amazon Web Services. For more information, see Prerequisites in the VM Import/Export User Guide.

' - schema: - type: string - - name: Platform - in: query - required: false - description: '

The operating system of the virtual machine.

Valid values: Windows | Linux

' - schema: - type: string - - name: RoleName - in: query - required: false - description: 'The name of the role to use when not using the default role, ''vmimport''.' - schema: - type: string - - name: LicenseSpecifications - in: query - required: false - description: The ARNs of the license configurations. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImportImageLicenseConfigurationRequest' - - xml: - name: item - - name: TagSpecification - in: query - required: false - description: The tags to apply to the import image task during creation. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: UsageOperation - in: query - required: false - description: 'The usage operation value. For more information, see Licensing options in the VM Import/Export User Guide.' - schema: - type: string - - name: BootMode - in: query - required: false - description: The boot mode of the virtual machine. - schema: - type: string - enum: - - legacy-bios - - uefi - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ImportImage - operationId: POST_ImportImage - description: '

Import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI).

For more information, see Importing a VM as an image using VM Import/Export in the VM Import/Export User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportImageResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportImageRequest' - parameters: [] - /?Action=ImportInstance&Version=2016-11-15: - get: - x-aws-operation-name: ImportInstance - operationId: GET_ImportInstance - description: '

Creates an import instance task using metadata from the specified disk image.

This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead.

This API action is not supported by the Command Line Interface (CLI). For information about using the Amazon EC2 CLI, which is deprecated, see Importing a VM to Amazon EC2 in the Amazon EC2 CLI Reference PDF file.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportInstanceResult' - parameters: - - name: Description - in: query - required: false - description: A description for the instance being imported. - schema: - type: string - - name: DiskImage - in: query - required: false - description: The disk image. - schema: - type: array - items: - $ref: '#/components/schemas/DiskImage' - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: LaunchSpecification - in: query - required: false - description: The launch specification. - schema: - type: object - properties: - additionalInfo: - allOf: - - $ref: '#/components/schemas/String' - - description: Reserved. - architecture: - allOf: - - $ref: '#/components/schemas/ArchitectureValues' - - description: The architecture of the instance. - GroupId: - allOf: - - $ref: '#/components/schemas/SecurityGroupIdStringList' - - description: The security group IDs. - GroupName: - allOf: - - $ref: '#/components/schemas/SecurityGroupStringList' - - description: The security group names. - instanceInitiatedShutdownBehavior: - allOf: - - $ref: '#/components/schemas/ShutdownBehavior' - - description: Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: 'The instance type. For more information about the instance types that you can import, see Instance Types in the VM Import/Export User Guide.' - monitoring: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether monitoring is enabled. - placement: - allOf: - - $ref: '#/components/schemas/Placement' - - description: The placement information for the instance. - privateIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: '[EC2-VPC] An available IP address from the IP address range of the subnet.' - subnetId: - allOf: - - $ref: '#/components/schemas/SubnetId' - - description: '[EC2-VPC] The ID of the subnet in which to launch the instance.' - userData: - allOf: - - $ref: '#/components/schemas/UserData' - - description: The Base64-encoded user data to make available to the instance. - description: Describes the launch specification for VM import. - - name: Platform - in: query - required: true - description: The instance operating system. - schema: - type: string - enum: - - Windows - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ImportInstance - operationId: POST_ImportInstance - description: '

Creates an import instance task using metadata from the specified disk image.

This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead.

This API action is not supported by the Command Line Interface (CLI). For information about using the Amazon EC2 CLI, which is deprecated, see Importing a VM to Amazon EC2 in the Amazon EC2 CLI Reference PDF file.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportInstanceResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportInstanceRequest' - parameters: [] - /?Action=ImportKeyPair&Version=2016-11-15: - get: - x-aws-operation-name: ImportKeyPair - operationId: GET_ImportKeyPair - description: '

Imports the public key from an RSA or ED25519 key pair that you created with a third-party tool. Compare this with CreateKeyPair, in which Amazon Web Services creates the key pair and gives the keys to you (Amazon Web Services keeps a copy of the public key). With ImportKeyPair, you create the key pair and give Amazon Web Services just the public key. The private key is never transferred between you and Amazon Web Services.

For more information about key pairs, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportKeyPairResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: KeyName - in: query - required: true - description: A unique name for the key pair. - schema: - type: string - - name: PublicKeyMaterial - in: query - required: true - description: 'The public key. For API calls, the text must be base64-encoded. For command line tools, base64 encoding is performed for you.' - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to apply to the imported key pair. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ImportKeyPair - operationId: POST_ImportKeyPair - description: '

Imports the public key from an RSA or ED25519 key pair that you created with a third-party tool. Compare this with CreateKeyPair, in which Amazon Web Services creates the key pair and gives the keys to you (Amazon Web Services keeps a copy of the public key). With ImportKeyPair, you create the key pair and give Amazon Web Services just the public key. The private key is never transferred between you and Amazon Web Services.

For more information about key pairs, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportKeyPairResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportKeyPairRequest' - parameters: [] - /?Action=ImportSnapshot&Version=2016-11-15: - get: - x-aws-operation-name: ImportSnapshot - operationId: GET_ImportSnapshot - description: '

Imports a disk into an EBS snapshot.

For more information, see Importing a disk as a snapshot using VM Import/Export in the VM Import/Export User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportSnapshotResult' - parameters: - - name: ClientData - in: query - required: false - description: The client-specific data. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time that the disk upload starts. - description: Describes the client-specific data. - - name: ClientToken - in: query - required: false - description: Token to enable idempotency for VM import requests. - schema: - type: string - - name: Description - in: query - required: false - description: The description string for the import snapshot task. - schema: - type: string - - name: DiskContainer - in: query - required: false - description: Information about the disk container. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/UserBucket' - - description: The Amazon S3 bucket for the disk image. - description: The disk container object for the import snapshot request. - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Encrypted - in: query - required: false - description: 'Specifies whether the destination snapshot of the imported image should be encrypted. The default KMS key for EBS is used unless you specify a non-default KMS key using KmsKeyId. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.' - schema: - type: boolean - - name: KmsKeyId - in: query - required: false - description: '

An identifier for the symmetric KMS key to use when creating the encrypted snapshot. This parameter is only required if you want to use a non-default KMS key; if this parameter is not specified, the default KMS key for EBS is used. If a KmsKeyId is specified, the Encrypted flag must also be set.

The KMS key identifier may be provided in any of the following formats:

Amazon Web Services parses KmsKeyId asynchronously, meaning that the action you call may appear to complete even though you provided an invalid identifier. This action will eventually report failure.

The specified KMS key must exist in the Region that the snapshot is being copied to.

Amazon EBS does not support asymmetric KMS keys.

' - schema: - type: string - - name: RoleName - in: query - required: false - description: 'The name of the role to use when not using the default role, ''vmimport''.' - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to apply to the import snapshot task during creation. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ImportSnapshot - operationId: POST_ImportSnapshot - description: '

Imports a disk into an EBS snapshot.

For more information, see Importing a disk as a snapshot using VM Import/Export in the VM Import/Export User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportSnapshotResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportSnapshotRequest' - parameters: [] - /?Action=ImportVolume&Version=2016-11-15: - get: - x-aws-operation-name: ImportVolume - operationId: GET_ImportVolume - description: '

Creates an import volume task using metadata from the specified disk image.

This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead. To import a disk to a snapshot, use ImportSnapshot instead.

This API action is not supported by the Command Line Interface (CLI). For information about using the Amazon EC2 CLI, which is deprecated, see Importing Disks to Amazon EBS in the Amazon EC2 CLI Reference PDF file.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportVolumeResult' - parameters: - - name: AvailabilityZone - in: query - required: true - description: The Availability Zone for the resulting EBS volume. - schema: - type: string - - name: Description - in: query - required: false - description: A description of the volume. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Image - in: query - required: true - description: The disk image. - schema: - type: object - required: - - Bytes - - Format - - ImportManifestUrl - properties: - bytes: - allOf: - - $ref: '#/components/schemas/Long' - - description: 'The size of the disk image, in GiB.' - format: - allOf: - - $ref: '#/components/schemas/DiskImageFormat' - - description: The disk image format. - importManifestUrl: - allOf: - - $ref: '#/components/schemas/String' - - description: '

A presigned URL for the import manifest stored in Amazon S3 and presented here as an Amazon S3 presigned URL. For information about creating a presigned URL for an Amazon S3 object, read the "Query String Request Authentication Alternative" section of the Authenticating REST Requests topic in the Amazon Simple Storage Service Developer Guide.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' - description: Describes a disk image. - - name: Volume - in: query - required: true - description: The volume size. - schema: - type: object - required: - - Size - properties: - size: - allOf: - - $ref: '#/components/schemas/Long' - - description: 'The size of the volume, in GiB.' - description: Describes an EBS volume. - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ImportVolume - operationId: POST_ImportVolume - description: '

Creates an import volume task using metadata from the specified disk image.

This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead. To import a disk to a snapshot, use ImportSnapshot instead.

This API action is not supported by the Command Line Interface (CLI). For information about using the Amazon EC2 CLI, which is deprecated, see Importing Disks to Amazon EBS in the Amazon EC2 CLI Reference PDF file.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportVolumeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ImportVolumeRequest' - parameters: [] - /?Action=ListImagesInRecycleBin&Version=2016-11-15: - get: - x-aws-operation-name: ListImagesInRecycleBin - operationId: GET_ListImagesInRecycleBin - description: 'Lists one or more AMIs that are currently in the Recycle Bin. For more information, see Recycle Bin in the Amazon Elastic Compute Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ListImagesInRecycleBinResult' - parameters: - - name: ImageId - in: query - required: false - description: The IDs of the AMIs to list. Omit this parameter to list all of the AMIs that are in the Recycle Bin. You can specify up to 20 IDs in a single request. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImageId' - - xml: - name: ImageId - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: MaxResults - in: query - required: false - description: '

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

If you do not specify a value for MaxResults, the request returns 1,000 items per page by default. For more information, see Pagination.

' - schema: - type: integer - minimum: 1 - maximum: 1000 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ListImagesInRecycleBin - operationId: POST_ListImagesInRecycleBin - description: 'Lists one or more AMIs that are currently in the Recycle Bin. For more information, see Recycle Bin in the Amazon Elastic Compute Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ListImagesInRecycleBinResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListImagesInRecycleBinRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=ListSnapshotsInRecycleBin&Version=2016-11-15: - get: - x-aws-operation-name: ListSnapshotsInRecycleBin - operationId: GET_ListSnapshotsInRecycleBin - description: Lists one or more snapshots that are currently in the Recycle Bin. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ListSnapshotsInRecycleBinResult' - parameters: - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: SnapshotId - in: query - required: false - description: The IDs of the snapshots to list. Omit this parameter to list all of the snapshots that are in the Recycle Bin. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SnapshotId' - - xml: - name: SnapshotId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ListSnapshotsInRecycleBin - operationId: POST_ListSnapshotsInRecycleBin - description: Lists one or more snapshots that are currently in the Recycle Bin. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ListSnapshotsInRecycleBinResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListSnapshotsInRecycleBinRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=ModifyAddressAttribute&Version=2016-11-15: - get: - x-aws-operation-name: ModifyAddressAttribute - operationId: GET_ModifyAddressAttribute - description: 'Modifies an attribute of the specified Elastic IP address. For requirements, see Using reverse DNS for email applications.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyAddressAttributeResult' - parameters: - - name: AllocationId - in: query - required: true - description: '[EC2-VPC] The allocation ID.' - schema: - type: string - - name: DomainName - in: query - required: false - description: The domain name to modify for the IP address. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyAddressAttribute - operationId: POST_ModifyAddressAttribute - description: 'Modifies an attribute of the specified Elastic IP address. For requirements, see Using reverse DNS for email applications.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyAddressAttributeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyAddressAttributeRequest' - parameters: [] - /?Action=ModifyAvailabilityZoneGroup&Version=2016-11-15: - get: - x-aws-operation-name: ModifyAvailabilityZoneGroup - operationId: GET_ModifyAvailabilityZoneGroup - description: '

Changes the opt-in status of the Local Zone and Wavelength Zone group for your account.

Use DescribeAvailabilityZones to view the value for GroupName.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyAvailabilityZoneGroupResult' - parameters: - - name: GroupName - in: query - required: true - description: 'The name of the Availability Zone group, Local Zone group, or Wavelength Zone group.' - schema: - type: string - - name: OptInStatus - in: query - required: true - description: 'Indicates whether you are opted in to the Local Zone group or Wavelength Zone group. The only valid value is opted-in. You must contact Amazon Web Services Support to opt out of a Local Zone or Wavelength Zone group.' - schema: - type: string - enum: - - opted-in - - not-opted-in - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyAvailabilityZoneGroup - operationId: POST_ModifyAvailabilityZoneGroup - description: '

Changes the opt-in status of the Local Zone and Wavelength Zone group for your account.

Use DescribeAvailabilityZones to view the value for GroupName.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyAvailabilityZoneGroupResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyAvailabilityZoneGroupRequest' - parameters: [] - /?Action=ModifyCapacityReservation&Version=2016-11-15: - get: - x-aws-operation-name: ModifyCapacityReservation - operationId: GET_ModifyCapacityReservation - description: 'Modifies a Capacity Reservation''s capacity and the conditions under which it is to be released. You cannot change a Capacity Reservation''s instance type, EBS optimization, instance store settings, platform, Availability Zone, or instance eligibility. If you need to modify any of these attributes, we recommend that you cancel the Capacity Reservation, and then create a new one with the required attributes.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyCapacityReservationResult' - parameters: - - name: CapacityReservationId - in: query - required: true - description: The ID of the Capacity Reservation. - schema: - type: string - - name: InstanceCount - in: query - required: false - description: The number of instances for which to reserve capacity. The number of instances can't be increased or decreased by more than 1000 in a single request. - schema: - type: integer - - name: EndDate - in: query - required: false - description: '

The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation''s state changes to expired when it reaches its end date and time.

The Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.

You must provide an EndDate value if EndDateType is limited. Omit EndDate if EndDateType is unlimited.

' - schema: - type: string - format: date-time - - name: EndDateType - in: query - required: false - description: '

Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:

' - schema: - type: string - enum: - - unlimited - - limited - - name: Accept - in: query - required: false - description: Reserved. Capacity Reservations you have created are accepted by default. - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: AdditionalInfo - in: query - required: false - description: Reserved for future use. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyCapacityReservation - operationId: POST_ModifyCapacityReservation - description: 'Modifies a Capacity Reservation''s capacity and the conditions under which it is to be released. You cannot change a Capacity Reservation''s instance type, EBS optimization, instance store settings, platform, Availability Zone, or instance eligibility. If you need to modify any of these attributes, we recommend that you cancel the Capacity Reservation, and then create a new one with the required attributes.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyCapacityReservationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyCapacityReservationRequest' - parameters: [] - /?Action=ModifyCapacityReservationFleet&Version=2016-11-15: - get: - x-aws-operation-name: ModifyCapacityReservationFleet - operationId: GET_ModifyCapacityReservationFleet - description: '

Modifies a Capacity Reservation Fleet.

When you modify the total target capacity of a Capacity Reservation Fleet, the Fleet automatically creates new Capacity Reservations, or modifies or cancels existing Capacity Reservations in the Fleet to meet the new total target capacity. When you modify the end date for the Fleet, the end dates for all of the individual Capacity Reservations in the Fleet are updated accordingly.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyCapacityReservationFleetResult' - parameters: - - name: CapacityReservationFleetId - in: query - required: true - description: The ID of the Capacity Reservation Fleet to modify. - schema: - type: string - - name: TotalTargetCapacity - in: query - required: false - description: 'The total number of capacity units to be reserved by the Capacity Reservation Fleet. This value, together with the instance type weights that you assign to each instance type used by the Fleet determine the number of instances for which the Fleet reserves capacity. Both values are based on units that make sense for your workload. For more information, see Total target capacity in the Amazon EC2 User Guide.' - schema: - type: integer - - name: EndDate - in: query - required: false - description: '

The date and time at which the Capacity Reservation Fleet expires. When the Capacity Reservation Fleet expires, its state changes to expired and all of the Capacity Reservations in the Fleet expire.

The Capacity Reservation Fleet expires within an hour after the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation Fleet is guaranteed to expire between 13:30:55 and 14:30:55 on 5/31/2019.

You can''t specify EndDate and RemoveEndDate in the same request.

' - schema: - type: string - format: date-time - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: RemoveEndDate - in: query - required: false - description: '

Indicates whether to remove the end date from the Capacity Reservation Fleet. If you remove the end date, the Capacity Reservation Fleet does not expire and it remains active until you explicitly cancel it using the CancelCapacityReservationFleet action.

You can''t specify RemoveEndDate and EndDate in the same request.

' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyCapacityReservationFleet - operationId: POST_ModifyCapacityReservationFleet - description: '

Modifies a Capacity Reservation Fleet.

When you modify the total target capacity of a Capacity Reservation Fleet, the Fleet automatically creates new Capacity Reservations, or modifies or cancels existing Capacity Reservations in the Fleet to meet the new total target capacity. When you modify the end date for the Fleet, the end dates for all of the individual Capacity Reservations in the Fleet are updated accordingly.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyCapacityReservationFleetResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyCapacityReservationFleetRequest' - parameters: [] - /?Action=ModifyClientVpnEndpoint&Version=2016-11-15: - get: - x-aws-operation-name: ModifyClientVpnEndpoint - operationId: GET_ModifyClientVpnEndpoint - description: Modifies the specified Client VPN endpoint. Modifying the DNS server resets existing client connections. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyClientVpnEndpointResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint to modify. - schema: - type: string - - name: ServerCertificateArn - in: query - required: false - description: The ARN of the server certificate to be used. The server certificate must be provisioned in Certificate Manager (ACM). - schema: - type: string - - name: ConnectionLogOptions - in: query - required: false - description: '

Information about the client connection logging options.

If you enable client connection logging, data about client connections is sent to a Cloudwatch Logs log stream. The following information is logged:

' - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the CloudWatch Logs log stream to which the connection data is published. - description: Describes the client connection logging options for the Client VPN endpoint. - - name: DnsServers - in: query - required: false - description: Information about the DNS servers to be used by Client VPN connections. A Client VPN endpoint can have up to two DNS servers. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether DNS servers should be used. Specify False to delete the existing DNS servers. - description: Information about the DNS server to be used. - - name: VpnPort - in: query - required: false - description: '

The port number to assign to the Client VPN endpoint for TCP and UDP traffic.

Valid Values: 443 | 1194

Default Value: 443

' - schema: - type: integer - - name: Description - in: query - required: false - description: A brief description of the Client VPN endpoint. - schema: - type: string - - name: SplitTunnel - in: query - required: false - description: '

Indicates whether the VPN is split-tunnel.

For information about split-tunnel VPN endpoints, see Split-tunnel Client VPN endpoint in the Client VPN Administrator Guide.

' - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: SecurityGroupId - in: query - required: false - description: The IDs of one or more security groups to apply to the target network. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: item - - name: VpcId - in: query - required: false - description: The ID of the VPC to associate with the Client VPN endpoint. - schema: - type: string - - name: SelfServicePortal - in: query - required: false - description: Specify whether to enable the self-service portal for the Client VPN endpoint. - schema: - type: string - enum: - - enabled - - disabled - - name: ClientConnectOptions - in: query - required: false - description: The options for managing connection authorization for new client connections. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization. - description: The options for managing connection authorization for new client connections. - - name: SessionTimeoutHours - in: query - required: false - description: '

The maximum VPN session duration time in hours.

Valid values: 8 | 10 | 12 | 24

Default value: 24

' - schema: - type: integer - - name: ClientLoginBannerOptions - in: query - required: false - description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: Customizable text that will be displayed in a banner on Amazon Web Services provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. - description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyClientVpnEndpoint - operationId: POST_ModifyClientVpnEndpoint - description: Modifies the specified Client VPN endpoint. Modifying the DNS server resets existing client connections. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyClientVpnEndpointResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyClientVpnEndpointRequest' - parameters: [] - /?Action=ModifyDefaultCreditSpecification&Version=2016-11-15: - get: - x-aws-operation-name: ModifyDefaultCreditSpecification - operationId: GET_ModifyDefaultCreditSpecification - description: '

Modifies the default credit option for CPU usage of burstable performance instances. The default credit option is set at the account level per Amazon Web Services Region, and is specified per instance family. All new burstable performance instances in the account launch using the default credit option.

ModifyDefaultCreditSpecification is an asynchronous operation, which works at an Amazon Web Services Region level and modifies the credit option for each Availability Zone. All zones in a Region are updated within five minutes. But if instances are launched during this operation, they might not get the new credit option until the zone is updated. To verify whether the update has occurred, you can call GetDefaultCreditSpecification and check DefaultCreditSpecification for updates.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyDefaultCreditSpecificationResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceFamily - in: query - required: true - description: The instance family. - schema: - type: string - enum: - - t2 - - t3 - - t3a - - t4g - - name: CpuCredits - in: query - required: true - description: '

The credit option for CPU usage of the instance family.

Valid Values: standard | unlimited

' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyDefaultCreditSpecification - operationId: POST_ModifyDefaultCreditSpecification - description: '

Modifies the default credit option for CPU usage of burstable performance instances. The default credit option is set at the account level per Amazon Web Services Region, and is specified per instance family. All new burstable performance instances in the account launch using the default credit option.

ModifyDefaultCreditSpecification is an asynchronous operation, which works at an Amazon Web Services Region level and modifies the credit option for each Availability Zone. All zones in a Region are updated within five minutes. But if instances are launched during this operation, they might not get the new credit option until the zone is updated. To verify whether the update has occurred, you can call GetDefaultCreditSpecification and check DefaultCreditSpecification for updates.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyDefaultCreditSpecificationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyDefaultCreditSpecificationRequest' - parameters: [] - /?Action=ModifyEbsDefaultKmsKeyId&Version=2016-11-15: - get: - x-aws-operation-name: ModifyEbsDefaultKmsKeyId - operationId: GET_ModifyEbsDefaultKmsKeyId - description: '

Changes the default KMS key for EBS encryption by default for your account in this Region.

Amazon Web Services creates a unique Amazon Web Services managed KMS key in each Region for use with encryption by default. If you change the default KMS key to a symmetric customer managed KMS key, it is used instead of the Amazon Web Services managed KMS key. To reset the default KMS key to the Amazon Web Services managed KMS key for EBS, use ResetEbsDefaultKmsKeyId. Amazon EBS does not support asymmetric KMS keys.

If you delete or disable the customer managed KMS key that you specified for use with encryption by default, your instances will fail to launch.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyEbsDefaultKmsKeyIdResult' - parameters: - - name: KmsKeyId - in: query - required: true - description: '

The identifier of the Key Management Service (KMS) KMS key to use for Amazon EBS encryption. If this parameter is not specified, your KMS key for Amazon EBS is used. If KmsKeyId is specified, the encrypted state must be true.

You can specify the KMS key using any of the following:

Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails.

Amazon EBS does not support asymmetric KMS keys.

' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyEbsDefaultKmsKeyId - operationId: POST_ModifyEbsDefaultKmsKeyId - description: '

Changes the default KMS key for EBS encryption by default for your account in this Region.

Amazon Web Services creates a unique Amazon Web Services managed KMS key in each Region for use with encryption by default. If you change the default KMS key to a symmetric customer managed KMS key, it is used instead of the Amazon Web Services managed KMS key. To reset the default KMS key to the Amazon Web Services managed KMS key for EBS, use ResetEbsDefaultKmsKeyId. Amazon EBS does not support asymmetric KMS keys.

If you delete or disable the customer managed KMS key that you specified for use with encryption by default, your instances will fail to launch.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyEbsDefaultKmsKeyIdResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyEbsDefaultKmsKeyIdRequest' - parameters: [] - /?Action=ModifyFleet&Version=2016-11-15: - get: - x-aws-operation-name: ModifyFleet - operationId: GET_ModifyFleet - description: '

Modifies the specified EC2 Fleet.

You can only modify an EC2 Fleet request of type maintain.

While the EC2 Fleet is being modified, it is in the modifying state.

To scale up your EC2 Fleet, increase its target capacity. The EC2 Fleet launches the additional Spot Instances according to the allocation strategy for the EC2 Fleet request. If the allocation strategy is lowest-price, the EC2 Fleet launches instances using the Spot Instance pool with the lowest price. If the allocation strategy is diversified, the EC2 Fleet distributes the instances across the Spot Instance pools. If the allocation strategy is capacity-optimized, EC2 Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching.

To scale down your EC2 Fleet, decrease its target capacity. First, the EC2 Fleet cancels any open requests that exceed the new target capacity. You can request that the EC2 Fleet terminate Spot Instances until the size of the fleet no longer exceeds the new target capacity. If the allocation strategy is lowest-price, the EC2 Fleet terminates the instances with the highest price per unit. If the allocation strategy is capacity-optimized, the EC2 Fleet terminates the instances in the Spot Instance pools that have the least available Spot Instance capacity. If the allocation strategy is diversified, the EC2 Fleet terminates instances across the Spot Instance pools. Alternatively, you can request that the EC2 Fleet keep the fleet at its current size, but not replace any Spot Instances that are interrupted or that you terminate manually.

If you are finished with your EC2 Fleet for now, but will use it again later, you can set the target capacity to 0.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyFleetResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ExcessCapacityTerminationPolicy - in: query - required: false - description: Indicates whether running instances should be terminated if the total target capacity of the EC2 Fleet is decreased below the current size of the EC2 Fleet. - schema: - type: string - enum: - - no-termination - - termination - - name: LaunchTemplateConfig - in: query - required: false - description: The launch template and overrides. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/FleetLaunchTemplateConfigRequest' - - xml: - name: item - minItems: 0 - maxItems: 50 - - name: FleetId - in: query - required: true - description: The ID of the EC2 Fleet. - schema: - type: string - - name: TargetCapacitySpecification - in: query - required: false - description: The size of the EC2 Fleet. - schema: - type: object - required: - - TotalTargetCapacity - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TargetCapacityUnitType' - - description: '

The unit for the target capacity.

Default: units (translates to number of instances)

' - description: '

The number of units to request. You can choose to set the target capacity as the number of instances. Or you can set the target capacity to a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.

You can use the On-Demand Instance MaxTotalPrice parameter, the Spot Instance MaxTotalPrice parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, EC2 Fleet will launch instances until it reaches the maximum amount that you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity. The MaxTotalPrice parameters are located in OnDemandOptionsRequest and SpotOptionsRequest.

' - - name: Context - in: query - required: false - description: Reserved. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyFleet - operationId: POST_ModifyFleet - description: '

Modifies the specified EC2 Fleet.

You can only modify an EC2 Fleet request of type maintain.

While the EC2 Fleet is being modified, it is in the modifying state.

To scale up your EC2 Fleet, increase its target capacity. The EC2 Fleet launches the additional Spot Instances according to the allocation strategy for the EC2 Fleet request. If the allocation strategy is lowest-price, the EC2 Fleet launches instances using the Spot Instance pool with the lowest price. If the allocation strategy is diversified, the EC2 Fleet distributes the instances across the Spot Instance pools. If the allocation strategy is capacity-optimized, EC2 Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching.

To scale down your EC2 Fleet, decrease its target capacity. First, the EC2 Fleet cancels any open requests that exceed the new target capacity. You can request that the EC2 Fleet terminate Spot Instances until the size of the fleet no longer exceeds the new target capacity. If the allocation strategy is lowest-price, the EC2 Fleet terminates the instances with the highest price per unit. If the allocation strategy is capacity-optimized, the EC2 Fleet terminates the instances in the Spot Instance pools that have the least available Spot Instance capacity. If the allocation strategy is diversified, the EC2 Fleet terminates instances across the Spot Instance pools. Alternatively, you can request that the EC2 Fleet keep the fleet at its current size, but not replace any Spot Instances that are interrupted or that you terminate manually.

If you are finished with your EC2 Fleet for now, but will use it again later, you can set the target capacity to 0.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyFleetResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyFleetRequest' - parameters: [] - /?Action=ModifyFpgaImageAttribute&Version=2016-11-15: - get: - x-aws-operation-name: ModifyFpgaImageAttribute - operationId: GET_ModifyFpgaImageAttribute - description: Modifies the specified attribute of the specified Amazon FPGA Image (AFI). - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyFpgaImageAttributeResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: FpgaImageId - in: query - required: true - description: The ID of the AFI. - schema: - type: string - - name: Attribute - in: query - required: false - description: The name of the attribute. - schema: - type: string - enum: - - description - - name - - loadPermission - - productCodes - - name: OperationType - in: query - required: false - description: The operation type. - schema: - type: string - enum: - - add - - remove - - name: UserId - in: query - required: false - description: The Amazon Web Services account IDs. This parameter is valid only when modifying the loadPermission attribute. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: UserId - - name: UserGroup - in: query - required: false - description: The user groups. This parameter is valid only when modifying the loadPermission attribute. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: UserGroup - - name: ProductCode - in: query - required: false - description: 'The product codes. After you add a product code to an AFI, it can''t be removed. This parameter is valid only when modifying the productCodes attribute.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: ProductCode - - name: LoadPermission - in: query - required: false - description: The load permission for the AFI. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LoadPermissionListRequest' - - description: The load permissions to remove. - description: Describes modifications to the load permissions of an Amazon FPGA image (AFI). - - name: Description - in: query - required: false - description: A description for the AFI. - schema: - type: string - - name: Name - in: query - required: false - description: A name for the AFI. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyFpgaImageAttribute - operationId: POST_ModifyFpgaImageAttribute - description: Modifies the specified attribute of the specified Amazon FPGA Image (AFI). - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyFpgaImageAttributeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyFpgaImageAttributeRequest' - parameters: [] - /?Action=ModifyHosts&Version=2016-11-15: - get: - x-aws-operation-name: ModifyHosts - operationId: GET_ModifyHosts - description: '

Modify the auto-placement setting of a Dedicated Host. When auto-placement is enabled, any instances that you launch with a tenancy of host but without a specific host ID are placed onto any available Dedicated Host in your account that has auto-placement enabled. When auto-placement is disabled, you need to provide a host ID to have the instance launch onto a specific host. If no host ID is provided, the instance is launched onto a suitable host with auto-placement enabled.

You can also use this API action to modify a Dedicated Host to support either multiple instance types in an instance family, or to support a specific instance type only.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyHostsResult' - parameters: - - name: AutoPlacement - in: query - required: false - description: Specify whether to enable or disable auto-placement. - schema: - type: string - enum: - - 'on' - - 'off' - - name: HostId - in: query - required: true - description: The IDs of the Dedicated Hosts to modify. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/DedicatedHostId' - - xml: - name: item - - name: HostRecovery - in: query - required: false - description: 'Indicates whether to enable or disable host recovery for the Dedicated Host. For more information, see Host recovery in the Amazon EC2 User Guide.' - schema: - type: string - enum: - - 'on' - - 'off' - - name: InstanceType - in: query - required: false - description: '

Specifies the instance type to be supported by the Dedicated Host. Specify this parameter to modify a Dedicated Host to support only a specific instance type.

If you want to modify a Dedicated Host to support multiple instance types in its current instance family, omit this parameter and specify InstanceFamily instead. You cannot specify InstanceType and InstanceFamily in the same request.

' - schema: - type: string - - name: InstanceFamily - in: query - required: false - description: '

Specifies the instance family to be supported by the Dedicated Host. Specify this parameter to modify a Dedicated Host to support multiple instance types within its current instance family.

If you want to modify a Dedicated Host to support a specific instance type only, omit this parameter and specify InstanceType instead. You cannot specify InstanceFamily and InstanceType in the same request.

' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyHosts - operationId: POST_ModifyHosts - description: '

Modify the auto-placement setting of a Dedicated Host. When auto-placement is enabled, any instances that you launch with a tenancy of host but without a specific host ID are placed onto any available Dedicated Host in your account that has auto-placement enabled. When auto-placement is disabled, you need to provide a host ID to have the instance launch onto a specific host. If no host ID is provided, the instance is launched onto a suitable host with auto-placement enabled.

You can also use this API action to modify a Dedicated Host to support either multiple instance types in an instance family, or to support a specific instance type only.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyHostsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyHostsRequest' - parameters: [] - /?Action=ModifyIdFormat&Version=2016-11-15: - get: - x-aws-operation-name: ModifyIdFormat - operationId: GET_ModifyIdFormat - description: '

Modifies the ID format for the specified resource on a per-Region basis. You can specify that resources should receive longer IDs (17-character IDs) when they are created.

This request can only be used to modify longer ID settings for resource types that are within the opt-in period. Resources currently in their opt-in period include: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

This setting applies to the IAM user who makes the request; it does not apply to the entire Amazon Web Services account. By default, an IAM user defaults to the same settings as the root user. If you''re using this action as the root user, then these settings apply to the entire account, unless an IAM user explicitly overrides these settings for themselves. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.

Resources created with longer IDs are visible to all IAM roles and users, regardless of these settings and provided that they have permission to use the relevant Describe command for the resource type.

' - responses: - '200': - description: Success - parameters: - - name: Resource - in: query - required: true - description: '

The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

Alternatively, use the all-current option to include all resource types that are currently within their opt-in period for longer IDs.

' - schema: - type: string - - name: UseLongIds - in: query - required: true - description: Indicate whether the resource should use longer IDs (17-character IDs). - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyIdFormat - operationId: POST_ModifyIdFormat - description: '

Modifies the ID format for the specified resource on a per-Region basis. You can specify that resources should receive longer IDs (17-character IDs) when they are created.

This request can only be used to modify longer ID settings for resource types that are within the opt-in period. Resources currently in their opt-in period include: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

This setting applies to the IAM user who makes the request; it does not apply to the entire Amazon Web Services account. By default, an IAM user defaults to the same settings as the root user. If you''re using this action as the root user, then these settings apply to the entire account, unless an IAM user explicitly overrides these settings for themselves. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.

Resources created with longer IDs are visible to all IAM roles and users, regardless of these settings and provided that they have permission to use the relevant Describe command for the resource type.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyIdFormatRequest' - parameters: [] - /?Action=ModifyIdentityIdFormat&Version=2016-11-15: - get: - x-aws-operation-name: ModifyIdentityIdFormat - operationId: GET_ModifyIdentityIdFormat - description: '

Modifies the ID format of a resource for a specified IAM user, IAM role, or the root user for an account; or all IAM users, IAM roles, and the root user for an account. You can specify that resources should receive longer IDs (17-character IDs) when they are created.

This request can only be used to modify longer ID settings for resource types that are within the opt-in period. Resources currently in their opt-in period include: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.

This setting applies to the principal specified in the request; it does not apply to the principal that makes the request.

Resources created with longer IDs are visible to all IAM roles and users, regardless of these settings and provided that they have permission to use the relevant Describe command for the resource type.

' - responses: - '200': - description: Success - parameters: - - name: PrincipalArn - in: query - required: true - description: 'The ARN of the principal, which can be an IAM user, IAM role, or the root user. Specify all to modify the ID format for all IAM users, IAM roles, and the root user of the account.' - schema: - type: string - - name: Resource - in: query - required: true - description: '

The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

Alternatively, use the all-current option to include all resource types that are currently within their opt-in period for longer IDs.

' - schema: - type: string - - name: UseLongIds - in: query - required: true - description: Indicates whether the resource should use longer IDs (17-character IDs) - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyIdentityIdFormat - operationId: POST_ModifyIdentityIdFormat - description: '

Modifies the ID format of a resource for a specified IAM user, IAM role, or the root user for an account; or all IAM users, IAM roles, and the root user for an account. You can specify that resources should receive longer IDs (17-character IDs) when they are created.

This request can only be used to modify longer ID settings for resource types that are within the opt-in period. Resources currently in their opt-in period include: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.

This setting applies to the principal specified in the request; it does not apply to the principal that makes the request.

Resources created with longer IDs are visible to all IAM roles and users, regardless of these settings and provided that they have permission to use the relevant Describe command for the resource type.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyIdentityIdFormatRequest' - parameters: [] - /?Action=ModifyImageAttribute&Version=2016-11-15: - get: - x-aws-operation-name: ModifyImageAttribute - operationId: GET_ModifyImageAttribute - description: '

Modifies the specified attribute of the specified AMI. You can specify only one attribute at a time. You can use the Attribute parameter to specify the attribute or one of the following parameters: Description or LaunchPermission.

Images with an Amazon Web Services Marketplace product code cannot be made public.

To enable the SriovNetSupport enhanced networking attribute of an image, enable SriovNetSupport on an instance and create an AMI from the instance.

' - responses: - '200': - description: Success - parameters: - - name: Attribute - in: query - required: false - description: '

The name of the attribute to modify.

Valid values: description | launchPermission

' - schema: - type: string - - name: Description - in: query - required: false - description: A new description for the AMI. - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The attribute value. The value is case-sensitive. - description: Describes a value for a resource attribute that is a String. - - name: ImageId - in: query - required: true - description: The ID of the AMI. - schema: - type: string - - name: LaunchPermission - in: query - required: false - description: A new launch permission for the AMI. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LaunchPermissionList' - - description: 'The Amazon Web Services account ID, organization ARN, or OU ARN to remove from the list of launch permissions for the AMI.' - description: Describes a launch permission modification. - - name: OperationType - in: query - required: false - description: The operation type. This parameter can be used only when the Attribute parameter is launchPermission. - schema: - type: string - enum: - - add - - remove - - name: ProductCode - in: query - required: false - description: Not supported. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: ProductCode - - name: UserGroup - in: query - required: false - description: The user groups. This parameter can be used only when the Attribute parameter is launchPermission. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: UserGroup - - name: UserId - in: query - required: false - description: The Amazon Web Services account IDs. This parameter can be used only when the Attribute parameter is launchPermission. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: UserId - - name: Value - in: query - required: false - description: The value of the attribute being modified. This parameter can be used only when the Attribute parameter is description. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: OrganizationArn - in: query - required: false - description: The Amazon Resource Name (ARN) of an organization. This parameter can be used only when the Attribute parameter is launchPermission. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: OrganizationArn - - name: OrganizationalUnitArn - in: query - required: false - description: The Amazon Resource Name (ARN) of an organizational unit (OU). This parameter can be used only when the Attribute parameter is launchPermission. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: OrganizationalUnitArn - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyImageAttribute - operationId: POST_ModifyImageAttribute - description: '

Modifies the specified attribute of the specified AMI. You can specify only one attribute at a time. You can use the Attribute parameter to specify the attribute or one of the following parameters: Description or LaunchPermission.

Images with an Amazon Web Services Marketplace product code cannot be made public.

To enable the SriovNetSupport enhanced networking attribute of an image, enable SriovNetSupport on an instance and create an AMI from the instance.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyImageAttributeRequest' - parameters: [] - /?Action=ModifyInstanceAttribute&Version=2016-11-15: - get: - x-aws-operation-name: ModifyInstanceAttribute - operationId: GET_ModifyInstanceAttribute - description: '

Modifies the specified attribute of the specified instance. You can specify only one attribute at a time.

Note: Using this action to change the security groups associated with an elastic network interface (ENI) attached to an instance in a VPC can result in an error if the instance has more than one ENI. To change the security groups associated with an ENI attached to an instance that has multiple ENIs, we recommend that you use the ModifyNetworkInterfaceAttribute action.

To modify some attributes, the instance must be stopped. For more information, see Modify a stopped instance in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - parameters: - - name: SourceDestCheck - in: query - required: false - description: 'Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.' - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - - name: Attribute - in: query - required: false - description: The name of the attribute. - schema: - type: string - enum: - - instanceType - - kernel - - ramdisk - - userData - - disableApiTermination - - instanceInitiatedShutdownBehavior - - rootDeviceName - - blockDeviceMapping - - productCodes - - sourceDestCheck - - groupSet - - ebsOptimized - - sriovNetSupport - - enaSupport - - enclaveOptions - - name: BlockDeviceMapping - in: query - required: false - description: '

Modifies the DeleteOnTermination attribute for volumes that are currently attached. The volume must be owned by the caller. If no value is specified for DeleteOnTermination, the default is true and the volume is deleted when the instance is terminated.

To add instance store volumes to an Amazon EBS-backed instance, you must add them when you launch the instance. For more information, see Update the block device mapping when launching an instance in the Amazon EC2 User Guide.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceBlockDeviceMappingSpecification' - - xml: - name: item - - name: DisableApiTermination - in: query - required: false - description: 'If the value is true, you can''t terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. You cannot use this parameter for Spot Instances.' - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: EbsOptimized - in: query - required: false - description: Specifies whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance. - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - - name: EnaSupport - in: query - required: false - description:

Set to true to enable enhanced networking with ENA for the instance.

This option is supported only for HVM instances. Specifying this option with a PV instance can make it unreachable.

- schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - - name: GroupId - in: query - required: false - description: '[EC2-VPC] Replaces the security groups of the instance with the specified security groups. You must specify at least one security group, even if it''s just the default security group for the VPC. You must specify the security group ID, not the security group name.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: groupId - - name: InstanceId - in: query - required: true - description: The ID of the instance. - schema: - type: string - - name: InstanceInitiatedShutdownBehavior - in: query - required: false - description: Specifies whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The attribute value. The value is case-sensitive. - description: Describes a value for a resource attribute that is a String. - - name: InstanceType - in: query - required: false - description: 'Changes the instance type to the specified value. For more information, see Instance types in the Amazon EC2 User Guide. If the instance type is not valid, the error returned is InvalidInstanceAttributeValue.' - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The attribute value. The value is case-sensitive. - description: Describes a value for a resource attribute that is a String. - - name: Kernel - in: query - required: false - description: 'Changes the instance''s kernel to the specified value. We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB.' - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The attribute value. The value is case-sensitive. - description: Describes a value for a resource attribute that is a String. - - name: Ramdisk - in: query - required: false - description: 'Changes the instance''s RAM disk to the specified value. We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB.' - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The attribute value. The value is case-sensitive. - description: Describes a value for a resource attribute that is a String. - - name: SriovNetSupport - in: query - required: false - description:

Set to simple to enable enhanced networking with the Intel 82599 Virtual Function interface for the instance.

There is no way to disable enhanced networking with the Intel 82599 Virtual Function interface at this time.

This option is supported only for HVM instances. Specifying this option with a PV instance can make it unreachable.

- schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The attribute value. The value is case-sensitive. - description: Describes a value for a resource attribute that is a String. - - name: UserData - in: query - required: false - description: 'Changes the instance''s user data to the specified value. If you are using an Amazon Web Services SDK or command line tool, base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide base64-encoded text.' - schema: - type: object - properties: - value: - $ref: '#/components/schemas/Blob' - - name: Value - in: query - required: false - description: 'A new value for the attribute. Use only with the kernel, ramdisk, userData, disableApiTermination, or instanceInitiatedShutdownBehavior attribute.' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyInstanceAttribute - operationId: POST_ModifyInstanceAttribute - description: '

Modifies the specified attribute of the specified instance. You can specify only one attribute at a time.

Note: Using this action to change the security groups associated with an elastic network interface (ENI) attached to an instance in a VPC can result in an error if the instance has more than one ENI. To change the security groups associated with an ENI attached to an instance that has multiple ENIs, we recommend that you use the ModifyNetworkInterfaceAttribute action.

To modify some attributes, the instance must be stopped. For more information, see Modify a stopped instance in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceAttributeRequest' - parameters: [] - /?Action=ModifyInstanceCapacityReservationAttributes&Version=2016-11-15: - get: - x-aws-operation-name: ModifyInstanceCapacityReservationAttributes - operationId: GET_ModifyInstanceCapacityReservationAttributes - description: 'Modifies the Capacity Reservation settings for a stopped instance. Use this action to configure an instance to target a specific Capacity Reservation, run in any open Capacity Reservation with matching attributes, or run On-Demand Instance capacity.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceCapacityReservationAttributesResult' - parameters: - - name: InstanceId - in: query - required: true - description: The ID of the instance to be modified. - schema: - type: string - - name: CapacityReservationSpecification - in: query - required: true - description: Information about the Capacity Reservation targeting option. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/CapacityReservationTarget' - - description: Information about the target Capacity Reservation or Capacity Reservation group. - description: '

Describes an instance''s Capacity Reservation targeting option. You can specify only one parameter at a time. If you specify CapacityReservationPreference and CapacityReservationTarget, the request fails.

Use the CapacityReservationPreference parameter to configure the instance to run as an On-Demand Instance or to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). Use the CapacityReservationTarget parameter to explicitly target a specific Capacity Reservation or a Capacity Reservation group.

' - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyInstanceCapacityReservationAttributes - operationId: POST_ModifyInstanceCapacityReservationAttributes - description: 'Modifies the Capacity Reservation settings for a stopped instance. Use this action to configure an instance to target a specific Capacity Reservation, run in any open Capacity Reservation with matching attributes, or run On-Demand Instance capacity.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceCapacityReservationAttributesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceCapacityReservationAttributesRequest' - parameters: [] - /?Action=ModifyInstanceCreditSpecification&Version=2016-11-15: - get: - x-aws-operation-name: ModifyInstanceCreditSpecification - operationId: GET_ModifyInstanceCreditSpecification - description: '

Modifies the credit option for CPU usage on a running or stopped burstable performance instance. The credit options are standard and unlimited.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceCreditSpecificationResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ClientToken - in: query - required: false - description: 'A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.' - schema: - type: string - - name: InstanceCreditSpecification - in: query - required: true - description: Information about the credit option for CPU usage. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceCreditSpecificationRequest' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyInstanceCreditSpecification - operationId: POST_ModifyInstanceCreditSpecification - description: '

Modifies the credit option for CPU usage on a running or stopped burstable performance instance. The credit options are standard and unlimited.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceCreditSpecificationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceCreditSpecificationRequest' - parameters: [] - /?Action=ModifyInstanceEventStartTime&Version=2016-11-15: - get: - x-aws-operation-name: ModifyInstanceEventStartTime - operationId: GET_ModifyInstanceEventStartTime - description: Modifies the start time for a scheduled Amazon EC2 instance event. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceEventStartTimeResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceId - in: query - required: true - description: The ID of the instance with the scheduled event. - schema: - type: string - - name: InstanceEventId - in: query - required: true - description: The ID of the event whose date and time you are modifying. - schema: - type: string - - name: NotBefore - in: query - required: true - description: The new date and time when the event will take place. - schema: - type: string - format: date-time - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyInstanceEventStartTime - operationId: POST_ModifyInstanceEventStartTime - description: Modifies the start time for a scheduled Amazon EC2 instance event. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceEventStartTimeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceEventStartTimeRequest' - parameters: [] - /?Action=ModifyInstanceEventWindow&Version=2016-11-15: - get: - x-aws-operation-name: ModifyInstanceEventWindow - operationId: GET_ModifyInstanceEventWindow - description: '

Modifies the specified event window.

You can define either a set of time ranges or a cron expression when modifying the event window, but not both.

To modify the targets associated with the event window, use the AssociateInstanceEventWindow and DisassociateInstanceEventWindow API.

If Amazon Web Services has already scheduled an event, modifying an event window won''t change the time of the scheduled event.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceEventWindowResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Name - in: query - required: false - description: The name of the event window. - schema: - type: string - - name: InstanceEventWindowId - in: query - required: true - description: The ID of the event window. - schema: - type: string - - name: TimeRange - in: query - required: false - description: The time ranges of the event window. - schema: - type: array - items: - $ref: '#/components/schemas/InstanceEventWindowTimeRangeRequest' - - name: CronExpression - in: query - required: false - description: '

The cron expression of the event window, for example, * 0-4,20-23 * * 1,5.

Constraints:

For more information about cron expressions, see cron on the Wikipedia website.

' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyInstanceEventWindow - operationId: POST_ModifyInstanceEventWindow - description: '

Modifies the specified event window.

You can define either a set of time ranges or a cron expression when modifying the event window, but not both.

To modify the targets associated with the event window, use the AssociateInstanceEventWindow and DisassociateInstanceEventWindow API.

If Amazon Web Services has already scheduled an event, modifying an event window won''t change the time of the scheduled event.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceEventWindowResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceEventWindowRequest' - parameters: [] - /?Action=ModifyInstanceMaintenanceOptions&Version=2016-11-15: - get: - x-aws-operation-name: ModifyInstanceMaintenanceOptions - operationId: GET_ModifyInstanceMaintenanceOptions - description: 'Modifies the recovery behavior of your instance to disable simplified automatic recovery or set the recovery behavior to default. The default configuration will not enable simplified automatic recovery for an unsupported instance type. For more information, see Simplified automatic recovery.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceMaintenanceOptionsResult' - parameters: - - name: InstanceId - in: query - required: true - description: The ID of the instance. - schema: - type: string - - name: AutoRecovery - in: query - required: false - description: Disables the automatic recovery behavior of your instance or sets it to default. - schema: - type: string - enum: - - disabled - - default - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyInstanceMaintenanceOptions - operationId: POST_ModifyInstanceMaintenanceOptions - description: 'Modifies the recovery behavior of your instance to disable simplified automatic recovery or set the recovery behavior to default. The default configuration will not enable simplified automatic recovery for an unsupported instance type. For more information, see Simplified automatic recovery.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceMaintenanceOptionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceMaintenanceOptionsRequest' - parameters: [] - /?Action=ModifyInstanceMetadataOptions&Version=2016-11-15: - get: - x-aws-operation-name: ModifyInstanceMetadataOptions - operationId: GET_ModifyInstanceMetadataOptions - description: 'Modify the instance metadata parameters on a running or stopped instance. When you modify the parameters on a stopped instance, they are applied when the instance is started. When you modify the parameters on a running instance, the API responds with a state of “pending”. After the parameter modifications are successfully applied to the instance, the state of the modifications changes from “pending” to “applied” in subsequent describe-instances API calls. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceMetadataOptionsResult' - parameters: - - name: InstanceId - in: query - required: true - description: The ID of the instance. - schema: - type: string - - name: HttpTokens - in: query - required: false - description: '

The state of token usage for your instance metadata requests. If the parameter is not specified in the request, the default state is optional.

If the state is optional, you can choose to retrieve instance metadata with or without a signed token header on your request. If you retrieve the IAM role credentials without a token, the version 1.0 role credentials are returned. If you retrieve the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned.

If the state is required, you must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credential always returns the version 2.0 credentials; the version 1.0 credentials are not available.

' - schema: - type: string - enum: - - optional - - required - - name: HttpPutResponseHopLimit - in: query - required: false - description: '

The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. If no parameter is specified, the existing state is maintained.

Possible values: Integers from 1 to 64

' - schema: - type: integer - - name: HttpEndpoint - in: query - required: false - description: '

Enables or disables the HTTP metadata endpoint on your instances. If this parameter is not specified, the existing state is maintained.

If you specify a value of disabled, you cannot access your instance metadata.

' - schema: - type: string - enum: - - disabled - - enabled - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: HttpProtocolIpv6 - in: query - required: false - description: Enables or disables the IPv6 endpoint for the instance metadata service. This setting applies only if you have enabled the HTTP metadata endpoint. - schema: - type: string - enum: - - disabled - - enabled - - name: InstanceMetadataTags - in: query - required: false - description: '

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.

Default: disabled

' - schema: - type: string - enum: - - disabled - - enabled - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyInstanceMetadataOptions - operationId: POST_ModifyInstanceMetadataOptions - description: 'Modify the instance metadata parameters on a running or stopped instance. When you modify the parameters on a stopped instance, they are applied when the instance is started. When you modify the parameters on a running instance, the API responds with a state of “pending”. After the parameter modifications are successfully applied to the instance, the state of the modifications changes from “pending” to “applied” in subsequent describe-instances API calls. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceMetadataOptionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstanceMetadataOptionsRequest' - parameters: [] - /?Action=ModifyInstancePlacement&Version=2016-11-15: - get: - x-aws-operation-name: ModifyInstancePlacement - operationId: GET_ModifyInstancePlacement - description: '

Modifies the placement attributes for a specified instance. You can do the following:

At least one attribute for affinity, host ID, tenancy, or placement group name must be specified in the request. Affinity and tenancy can be modified in the same request.

To modify the host ID, tenancy, placement group, or partition for an instance, the instance must be in the stopped state.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstancePlacementResult' - parameters: - - name: Affinity - in: query - required: false - description: The affinity setting for the instance. - schema: - type: string - enum: - - default - - host - - name: GroupName - in: query - required: false - description: '

The name of the placement group in which to place the instance. For spread placement groups, the instance must have a tenancy of default. For cluster and partition placement groups, the instance must have a tenancy of default or dedicated.

To remove an instance from a placement group, specify an empty string ("").

' - schema: - type: string - - name: HostId - in: query - required: false - description: The ID of the Dedicated Host with which to associate the instance. - schema: - type: string - - name: InstanceId - in: query - required: true - description: The ID of the instance that you are modifying. - schema: - type: string - - name: Tenancy - in: query - required: false - description: '

The tenancy for the instance.

For T3 instances, you can''t change the tenancy from dedicated to host, or from host to dedicated. Attempting to make one of these unsupported tenancy changes results in the InvalidTenancy error code.

' - schema: - type: string - enum: - - dedicated - - host - - name: PartitionNumber - in: query - required: false - description: The number of the partition in which to place the instance. Valid only if the placement group strategy is set to partition. - schema: - type: integer - - name: HostResourceGroupArn - in: query - required: false - description: The ARN of the host resource group in which to place the instance. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyInstancePlacement - operationId: POST_ModifyInstancePlacement - description: '

Modifies the placement attributes for a specified instance. You can do the following:

At least one attribute for affinity, host ID, tenancy, or placement group name must be specified in the request. Affinity and tenancy can be modified in the same request.

To modify the host ID, tenancy, placement group, or partition for an instance, the instance must be in the stopped state.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstancePlacementResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyInstancePlacementRequest' - parameters: [] - /?Action=ModifyIpam&Version=2016-11-15: - get: - x-aws-operation-name: ModifyIpam - operationId: GET_ModifyIpam - description: 'Modify the configurations of an IPAM. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyIpamResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IpamId - in: query - required: true - description: The ID of the IPAM you want to modify. - schema: - type: string - - name: Description - in: query - required: false - description: The description of the IPAM you want to modify. - schema: - type: string - - name: AddOperatingRegion - in: query - required: false - description: '

Choose the operating Regions for the IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

' - schema: - type: array - items: - $ref: '#/components/schemas/AddIpamOperatingRegion' - minItems: 0 - maxItems: 50 - - name: RemoveOperatingRegion - in: query - required: false - description: The operating Regions to remove. - schema: - type: array - items: - $ref: '#/components/schemas/RemoveIpamOperatingRegion' - minItems: 0 - maxItems: 50 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyIpam - operationId: POST_ModifyIpam - description: 'Modify the configurations of an IPAM. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyIpamResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyIpamRequest' - parameters: [] - /?Action=ModifyIpamPool&Version=2016-11-15: - get: - x-aws-operation-name: ModifyIpamPool - operationId: GET_ModifyIpamPool - description: '

Modify the configurations of an IPAM pool.

For more information, see Modify a pool in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyIpamPoolResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IpamPoolId - in: query - required: true - description: The ID of the IPAM pool you want to modify. - schema: - type: string - - name: Description - in: query - required: false - description: The description of the IPAM pool you want to modify. - schema: - type: string - - name: AutoImport - in: query - required: false - description: '

If true, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool''s allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.

A locale must be set on the pool for this feature to work.

' - schema: - type: boolean - - name: AllocationMinNetmaskLength - in: query - required: false - description: The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128. The minimum netmask length must be less than the maximum netmask length. - schema: - type: integer - minimum: 0 - maximum: 128 - - name: AllocationMaxNetmaskLength - in: query - required: false - description: The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.The maximum netmask length must be greater than the minimum netmask length. - schema: - type: integer - minimum: 0 - maximum: 128 - - name: AllocationDefaultNetmaskLength - in: query - required: false - description: 'The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.' - schema: - type: integer - minimum: 0 - maximum: 128 - - name: ClearAllocationDefaultNetmaskLength - in: query - required: false - description: Clear the default netmask length allocation rule for this pool. - schema: - type: boolean - - name: AddAllocationResourceTag - in: query - required: false - description: 'Add tag allocation rules to a pool. For more information about allocation rules, see Create a top-level pool in the Amazon VPC IPAM User Guide.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/RequestIpamResourceTag' - - xml: - name: item - - name: RemoveAllocationResourceTag - in: query - required: false - description: Remove tag allocation rules from a pool. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/RequestIpamResourceTag' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyIpamPool - operationId: POST_ModifyIpamPool - description: '

Modify the configurations of an IPAM pool.

For more information, see Modify a pool in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyIpamPoolResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyIpamPoolRequest' - parameters: [] - /?Action=ModifyIpamResourceCidr&Version=2016-11-15: - get: - x-aws-operation-name: ModifyIpamResourceCidr - operationId: GET_ModifyIpamResourceCidr - description: '

Modify a resource CIDR. You can use this action to transfer resource CIDRs between scopes and ignore resource CIDRs that you do not want to manage. If set to false, the resource will not be tracked for overlap, it cannot be auto-imported into a pool, and it will be removed from any pool it has an allocation in.

For more information, see Move resource CIDRs between scopes and Change the monitoring state of resource CIDRs in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyIpamResourceCidrResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ResourceId - in: query - required: true - description: The ID of the resource you want to modify. - schema: - type: string - - name: ResourceCidr - in: query - required: true - description: The CIDR of the resource you want to modify. - schema: - type: string - - name: ResourceRegion - in: query - required: true - description: The Amazon Web Services Region of the resource you want to modify. - schema: - type: string - - name: CurrentIpamScopeId - in: query - required: true - description: The ID of the current scope that the resource CIDR is in. - schema: - type: string - - name: DestinationIpamScopeId - in: query - required: false - description: The ID of the scope you want to transfer the resource CIDR to. - schema: - type: string - - name: Monitored - in: query - required: true - description: 'Determines if the resource is monitored by IPAM. If a resource is monitored, the resource is discovered by IPAM and you can view details about the resource’s CIDR.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyIpamResourceCidr - operationId: POST_ModifyIpamResourceCidr - description: '

Modify a resource CIDR. You can use this action to transfer resource CIDRs between scopes and ignore resource CIDRs that you do not want to manage. If set to false, the resource will not be tracked for overlap, it cannot be auto-imported into a pool, and it will be removed from any pool it has an allocation in.

For more information, see Move resource CIDRs between scopes and Change the monitoring state of resource CIDRs in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyIpamResourceCidrResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyIpamResourceCidrRequest' - parameters: [] - /?Action=ModifyIpamScope&Version=2016-11-15: - get: - x-aws-operation-name: ModifyIpamScope - operationId: GET_ModifyIpamScope - description: Modify an IPAM scope. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyIpamScopeResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IpamScopeId - in: query - required: true - description: The ID of the scope you want to modify. - schema: - type: string - - name: Description - in: query - required: false - description: The description of the scope you want to modify. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyIpamScope - operationId: POST_ModifyIpamScope - description: Modify an IPAM scope. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyIpamScopeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyIpamScopeRequest' - parameters: [] - /?Action=ModifyLaunchTemplate&Version=2016-11-15: - get: - x-aws-operation-name: ModifyLaunchTemplate - operationId: GET_ModifyLaunchTemplate - description: 'Modifies a launch template. You can specify which version of the launch template to set as the default version. When launching an instance, the default version applies when a launch template version is not specified.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyLaunchTemplateResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ClientToken - in: query - required: false - description: '

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

Constraint: Maximum 128 ASCII characters.

' - schema: - type: string - - name: LaunchTemplateId - in: query - required: false - description: The ID of the launch template. You must specify either the launch template ID or launch template name in the request. - schema: - type: string - - name: LaunchTemplateName - in: query - required: false - description: The name of the launch template. You must specify either the launch template ID or launch template name in the request. - schema: - type: string - pattern: '[a-zA-Z0-9\(\)\.\-/_]+' - minLength: 3 - maxLength: 128 - - name: SetDefaultVersion - in: query - required: false - description: The version number of the launch template to set as the default version. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyLaunchTemplate - operationId: POST_ModifyLaunchTemplate - description: 'Modifies a launch template. You can specify which version of the launch template to set as the default version. When launching an instance, the default version applies when a launch template version is not specified.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyLaunchTemplateResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyLaunchTemplateRequest' - parameters: [] - /?Action=ModifyManagedPrefixList&Version=2016-11-15: - get: - x-aws-operation-name: ModifyManagedPrefixList - operationId: GET_ModifyManagedPrefixList - description: '

Modifies the specified managed prefix list.

Adding or removing entries in a prefix list creates a new version of the prefix list. Changing the name of the prefix list does not affect the version.

If you specify a current version number that does not match the true current version number, the request fails.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyManagedPrefixListResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: PrefixListId - in: query - required: true - description: The ID of the prefix list. - schema: - type: string - - name: CurrentVersion - in: query - required: false - description: The current version of the prefix list. - schema: - type: integer - - name: PrefixListName - in: query - required: false - description: A name for the prefix list. - schema: - type: string - - name: AddEntry - in: query - required: false - description: One or more entries to add to the prefix list. - schema: - type: array - items: - $ref: '#/components/schemas/AddPrefixListEntry' - minItems: 0 - maxItems: 100 - - name: RemoveEntry - in: query - required: false - description: One or more entries to remove from the prefix list. - schema: - type: array - items: - $ref: '#/components/schemas/RemovePrefixListEntry' - minItems: 0 - maxItems: 100 - - name: MaxEntries - in: query - required: false - description: '

The maximum number of entries for the prefix list. You cannot modify the entries of a prefix list and modify the size of a prefix list at the same time.

If any of the resources that reference the prefix list cannot support the new maximum size, the modify operation fails. Check the state message for the IDs of the first ten resources that do not support the new maximum size.

' - schema: - type: integer - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyManagedPrefixList - operationId: POST_ModifyManagedPrefixList - description: '

Modifies the specified managed prefix list.

Adding or removing entries in a prefix list creates a new version of the prefix list. Changing the name of the prefix list does not affect the version.

If you specify a current version number that does not match the true current version number, the request fails.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyManagedPrefixListResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyManagedPrefixListRequest' - parameters: [] - /?Action=ModifyNetworkInterfaceAttribute&Version=2016-11-15: - get: - x-aws-operation-name: ModifyNetworkInterfaceAttribute - operationId: GET_ModifyNetworkInterfaceAttribute - description: Modifies the specified network interface attribute. You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance. - responses: - '200': - description: Success - parameters: - - name: Attachment - in: query - required: false - description: 'Information about the interface attachment. If modifying the ''delete on termination'' attribute, you must specify the ID of the interface attachment.' - schema: - type: object - properties: - attachmentId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceAttachmentId' - - description: The ID of the network interface attachment. - deleteOnTermination: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the network interface is deleted when the instance is terminated. - description: Describes an attachment change. - - name: Description - in: query - required: false - description: A description for the network interface. - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The attribute value. The value is case-sensitive. - description: Describes a value for a resource attribute that is a String. - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: SecurityGroupId - in: query - required: false - description: 'Changes the security groups for the network interface. The new set of groups you specify replaces the current set. You must specify at least one group, even if it''s just the default security group in the VPC. You must specify the ID of the security group, not the name.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: SecurityGroupId - - name: NetworkInterfaceId - in: query - required: true - description: The ID of the network interface. - schema: - type: string - - name: SourceDestCheck - in: query - required: false - description: 'Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.' - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyNetworkInterfaceAttribute - operationId: POST_ModifyNetworkInterfaceAttribute - description: Modifies the specified network interface attribute. You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyNetworkInterfaceAttributeRequest' - parameters: [] - /?Action=ModifyPrivateDnsNameOptions&Version=2016-11-15: - get: - x-aws-operation-name: ModifyPrivateDnsNameOptions - operationId: GET_ModifyPrivateDnsNameOptions - description: Modifies the options for instance hostnames for the specified instance. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyPrivateDnsNameOptionsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceId - in: query - required: false - description: The ID of the instance. - schema: - type: string - - name: PrivateDnsHostnameType - in: query - required: false - description: 'The type of hostname for EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 only subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID.' - schema: - type: string - enum: - - ip-name - - resource-name - - name: EnableResourceNameDnsARecord - in: query - required: false - description: Indicates whether to respond to DNS queries for instance hostnames with DNS A records. - schema: - type: boolean - - name: EnableResourceNameDnsAAAARecord - in: query - required: false - description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyPrivateDnsNameOptions - operationId: POST_ModifyPrivateDnsNameOptions - description: Modifies the options for instance hostnames for the specified instance. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyPrivateDnsNameOptionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyPrivateDnsNameOptionsRequest' - parameters: [] - /?Action=ModifyReservedInstances&Version=2016-11-15: - get: - x-aws-operation-name: ModifyReservedInstances - operationId: GET_ModifyReservedInstances - description: '

Modifies the Availability Zone, instance count, instance type, or network platform (EC2-Classic or EC2-VPC) of your Reserved Instances. The Reserved Instances to be modified must be identical, except for Availability Zone, network platform, and instance type.

For more information, see Modifying Reserved Instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyReservedInstancesResult' - parameters: - - name: ReservedInstancesId - in: query - required: true - description: The IDs of the Reserved Instances to modify. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservationId' - - xml: - name: ReservedInstancesId - - name: ClientToken - in: query - required: false - description: 'A unique, case-sensitive token you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.' - schema: - type: string - - name: ReservedInstancesConfigurationSetItemType - in: query - required: true - description: The configuration settings for the Reserved Instances to modify. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservedInstancesConfiguration' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyReservedInstances - operationId: POST_ModifyReservedInstances - description: '

Modifies the Availability Zone, instance count, instance type, or network platform (EC2-Classic or EC2-VPC) of your Reserved Instances. The Reserved Instances to be modified must be identical, except for Availability Zone, network platform, and instance type.

For more information, see Modifying Reserved Instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyReservedInstancesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyReservedInstancesRequest' - parameters: [] - /?Action=ModifySecurityGroupRules&Version=2016-11-15: - get: - x-aws-operation-name: ModifySecurityGroupRules - operationId: GET_ModifySecurityGroupRules - description: Modifies the rules of a security group. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifySecurityGroupRulesResult' - parameters: - - name: GroupId - in: query - required: true - description: The ID of the security group. - schema: - type: string - - name: SecurityGroupRule - in: query - required: true - description: Information about the security group properties to update. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupRuleUpdate' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifySecurityGroupRules - operationId: POST_ModifySecurityGroupRules - description: Modifies the rules of a security group. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifySecurityGroupRulesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifySecurityGroupRulesRequest' - parameters: [] - /?Action=ModifySnapshotAttribute&Version=2016-11-15: - get: - x-aws-operation-name: ModifySnapshotAttribute - operationId: GET_ModifySnapshotAttribute - description: '

Adds or removes permission settings for the specified snapshot. You may add or remove specified Amazon Web Services account IDs from a snapshot''s list of create volume permissions, but you cannot do both in a single operation. If you need to both add and remove account IDs for a snapshot, you must use multiple operations. You can make up to 500 modifications to a snapshot in a single operation.

Encrypted snapshots and snapshots with Amazon Web Services Marketplace product codes cannot be made public. Snapshots encrypted with your default KMS key cannot be shared with other accounts.

For more information about modifying snapshot permissions, see Share a snapshot in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - parameters: - - name: Attribute - in: query - required: false - description: The snapshot attribute to modify. Only volume creation permissions can be modified. - schema: - type: string - enum: - - productCodes - - createVolumePermission - - name: CreateVolumePermission - in: query - required: false - description: A JSON representation of the snapshot attribute modification. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/CreateVolumePermissionList' - - description: Removes the specified Amazon Web Services account ID or group from the list. - description: Describes modifications to the list of create volume permissions for a volume. - - name: UserGroup - in: query - required: false - description: The group to modify for the snapshot. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupName' - - xml: - name: GroupName - - name: OperationType - in: query - required: false - description: The type of operation to perform to the attribute. - schema: - type: string - enum: - - add - - remove - - name: SnapshotId - in: query - required: true - description: The ID of the snapshot. - schema: - type: string - - name: UserId - in: query - required: false - description: The account ID to modify for the snapshot. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: UserId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifySnapshotAttribute - operationId: POST_ModifySnapshotAttribute - description: '

Adds or removes permission settings for the specified snapshot. You may add or remove specified Amazon Web Services account IDs from a snapshot''s list of create volume permissions, but you cannot do both in a single operation. If you need to both add and remove account IDs for a snapshot, you must use multiple operations. You can make up to 500 modifications to a snapshot in a single operation.

Encrypted snapshots and snapshots with Amazon Web Services Marketplace product codes cannot be made public. Snapshots encrypted with your default KMS key cannot be shared with other accounts.

For more information about modifying snapshot permissions, see Share a snapshot in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifySnapshotAttributeRequest' - parameters: [] - /?Action=ModifySnapshotTier&Version=2016-11-15: - get: - x-aws-operation-name: ModifySnapshotTier - operationId: GET_ModifySnapshotTier - description: 'Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted to a full snapshot that includes all of the blocks of data that were written to the volume at the time the snapshot was created, and moved from the standard tier to the archive tier. For more information, see Archive Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifySnapshotTierResult' - parameters: - - name: SnapshotId - in: query - required: true - description: The ID of the snapshot. - schema: - type: string - - name: StorageTier - in: query - required: false - description: The name of the storage tier. You must specify archive. - schema: - type: string - enum: - - archive - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifySnapshotTier - operationId: POST_ModifySnapshotTier - description: 'Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted to a full snapshot that includes all of the blocks of data that were written to the volume at the time the snapshot was created, and moved from the standard tier to the archive tier. For more information, see Archive Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifySnapshotTierResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifySnapshotTierRequest' - parameters: [] - /?Action=ModifySpotFleetRequest&Version=2016-11-15: - get: - x-aws-operation-name: ModifySpotFleetRequest - operationId: GET_ModifySpotFleetRequest - description: '

Modifies the specified Spot Fleet request.

You can only modify a Spot Fleet request of type maintain.

While the Spot Fleet request is being modified, it is in the modifying state.

To scale up your Spot Fleet, increase its target capacity. The Spot Fleet launches the additional Spot Instances according to the allocation strategy for the Spot Fleet request. If the allocation strategy is lowestPrice, the Spot Fleet launches instances using the Spot Instance pool with the lowest price. If the allocation strategy is diversified, the Spot Fleet distributes the instances across the Spot Instance pools. If the allocation strategy is capacityOptimized, Spot Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching.

To scale down your Spot Fleet, decrease its target capacity. First, the Spot Fleet cancels any open requests that exceed the new target capacity. You can request that the Spot Fleet terminate Spot Instances until the size of the fleet no longer exceeds the new target capacity. If the allocation strategy is lowestPrice, the Spot Fleet terminates the instances with the highest price per unit. If the allocation strategy is capacityOptimized, the Spot Fleet terminates the instances in the Spot Instance pools that have the least available Spot Instance capacity. If the allocation strategy is diversified, the Spot Fleet terminates instances across the Spot Instance pools. Alternatively, you can request that the Spot Fleet keep the fleet at its current size, but not replace any Spot Instances that are interrupted or that you terminate manually.

If you are finished with your Spot Fleet for now, but will use it again later, you can set the target capacity to 0.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifySpotFleetRequestResponse' - parameters: - - name: ExcessCapacityTerminationPolicy - in: query - required: false - description: Indicates whether running Spot Instances should be terminated if the target capacity of the Spot Fleet request is decreased below the current size of the Spot Fleet. - schema: - type: string - enum: - - noTermination - - default - - name: LaunchTemplateConfig - in: query - required: false - description: 'The launch template and overrides. You can only use this parameter if you specified a launch template (LaunchTemplateConfigs) in your Spot Fleet request. If you specified LaunchSpecifications in your Spot Fleet request, then omit this parameter.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateConfig' - - xml: - name: item - - name: SpotFleetRequestId - in: query - required: true - description: The ID of the Spot Fleet request. - schema: - type: string - - name: TargetCapacity - in: query - required: false - description: The size of the fleet. - schema: - type: integer - - name: OnDemandTargetCapacity - in: query - required: false - description: The number of On-Demand Instances in the fleet. - schema: - type: integer - - name: Context - in: query - required: false - description: Reserved. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifySpotFleetRequest - operationId: POST_ModifySpotFleetRequest - description: '

Modifies the specified Spot Fleet request.

You can only modify a Spot Fleet request of type maintain.

While the Spot Fleet request is being modified, it is in the modifying state.

To scale up your Spot Fleet, increase its target capacity. The Spot Fleet launches the additional Spot Instances according to the allocation strategy for the Spot Fleet request. If the allocation strategy is lowestPrice, the Spot Fleet launches instances using the Spot Instance pool with the lowest price. If the allocation strategy is diversified, the Spot Fleet distributes the instances across the Spot Instance pools. If the allocation strategy is capacityOptimized, Spot Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching.

To scale down your Spot Fleet, decrease its target capacity. First, the Spot Fleet cancels any open requests that exceed the new target capacity. You can request that the Spot Fleet terminate Spot Instances until the size of the fleet no longer exceeds the new target capacity. If the allocation strategy is lowestPrice, the Spot Fleet terminates the instances with the highest price per unit. If the allocation strategy is capacityOptimized, the Spot Fleet terminates the instances in the Spot Instance pools that have the least available Spot Instance capacity. If the allocation strategy is diversified, the Spot Fleet terminates instances across the Spot Instance pools. Alternatively, you can request that the Spot Fleet keep the fleet at its current size, but not replace any Spot Instances that are interrupted or that you terminate manually.

If you are finished with your Spot Fleet for now, but will use it again later, you can set the target capacity to 0.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifySpotFleetRequestResponse' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifySpotFleetRequestRequest' - parameters: [] - /?Action=ModifySubnetAttribute&Version=2016-11-15: - get: - x-aws-operation-name: ModifySubnetAttribute - operationId: GET_ModifySubnetAttribute - description: '

Modifies a subnet attribute. You can only modify one attribute at a time.

Use this action to modify subnets on Amazon Web Services Outposts.

For more information about Amazon Web Services Outposts, see the following:

' - responses: - '200': - description: Success - parameters: - - name: AssignIpv6AddressOnCreation - in: query - required: false - description: '

Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. This includes a network interface that''s created when launching an instance into the subnet (the instance therefore receives an IPv6 address).

If you enable the IPv6 addressing feature for your subnet, your network interface or instance only receives an IPv6 address if it''s created using version 2016-11-15 or later of the Amazon EC2 API.

' - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - - name: MapPublicIpOnLaunch - in: query - required: false - description: Specify true to indicate that network interfaces attached to instances created in the specified subnet should be assigned a public IPv4 address. - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - - name: SubnetId - in: query - required: true - description: The ID of the subnet. - schema: - type: string - - name: MapCustomerOwnedIpOnLaunch - in: query - required: false - description: '

Specify true to indicate that network interfaces attached to instances created in the specified subnet should be assigned a customer-owned IPv4 address.

When this value is true, you must specify the customer-owned IP pool using CustomerOwnedIpv4Pool.

' - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - - name: CustomerOwnedIpv4Pool - in: query - required: false - description:

The customer-owned IPv4 address pool associated with the subnet.

You must set this value when you specify true for MapCustomerOwnedIpOnLaunch.

- schema: - type: string - - name: EnableDns64 - in: query - required: false - description: Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - - name: PrivateDnsHostnameTypeOnLaunch - in: query - required: false - description: 'The type of hostname to assign to instances in the subnet at launch. For IPv4-only and dual-stack (IPv4 and IPv6) subnets, an instance DNS name can be based on the instance IPv4 address (ip-name) or the instance ID (resource-name). For IPv6 only subnets, an instance DNS name must be based on the instance ID (resource-name).' - schema: - type: string - enum: - - ip-name - - resource-name - - name: EnableResourceNameDnsARecordOnLaunch - in: query - required: false - description: Indicates whether to respond to DNS queries for instance hostnames with DNS A records. - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - - name: EnableResourceNameDnsAAAARecordOnLaunch - in: query - required: false - description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - - name: EnableLniAtDeviceIndex - in: query - required: false - description: ' Indicates the device position for local network interfaces in this subnet. For example, 1 indicates local network interfaces in this subnet are the secondary network interface (eth1). A local network interface cannot be the primary network interface (eth0). ' - schema: - type: integer - - name: DisableLniAtDeviceIndex - in: query - required: false - description: ' Specify true to indicate that local network interfaces at the current position should be disabled. ' - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifySubnetAttribute - operationId: POST_ModifySubnetAttribute - description: '

Modifies a subnet attribute. You can only modify one attribute at a time.

Use this action to modify subnets on Amazon Web Services Outposts.

For more information about Amazon Web Services Outposts, see the following:

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifySubnetAttributeRequest' - parameters: [] - /?Action=ModifyTrafficMirrorFilterNetworkServices&Version=2016-11-15: - get: - x-aws-operation-name: ModifyTrafficMirrorFilterNetworkServices - operationId: GET_ModifyTrafficMirrorFilterNetworkServices - description: '

Allows or restricts mirroring network services.

By default, Amazon DNS network services are not eligible for Traffic Mirror. Use AddNetworkServices to add network services to a Traffic Mirror filter. When a network service is added to the Traffic Mirror filter, all traffic related to that network service will be mirrored. When you no longer want to mirror network services, use RemoveNetworkServices to remove the network services from the Traffic Mirror filter.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTrafficMirrorFilterNetworkServicesResult' - parameters: - - name: TrafficMirrorFilterId - in: query - required: true - description: The ID of the Traffic Mirror filter. - schema: - type: string - - name: AddNetworkService - in: query - required: false - description: 'The network service, for example Amazon DNS, that you want to mirror.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrafficMirrorNetworkService' - - xml: - name: item - - name: RemoveNetworkService - in: query - required: false - description: 'The network service, for example Amazon DNS, that you no longer want to mirror.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrafficMirrorNetworkService' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyTrafficMirrorFilterNetworkServices - operationId: POST_ModifyTrafficMirrorFilterNetworkServices - description: '

Allows or restricts mirroring network services.

By default, Amazon DNS network services are not eligible for Traffic Mirror. Use AddNetworkServices to add network services to a Traffic Mirror filter. When a network service is added to the Traffic Mirror filter, all traffic related to that network service will be mirrored. When you no longer want to mirror network services, use RemoveNetworkServices to remove the network services from the Traffic Mirror filter.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTrafficMirrorFilterNetworkServicesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTrafficMirrorFilterNetworkServicesRequest' - parameters: [] - /?Action=ModifyTrafficMirrorFilterRule&Version=2016-11-15: - get: - x-aws-operation-name: ModifyTrafficMirrorFilterRule - operationId: GET_ModifyTrafficMirrorFilterRule - description:

Modifies the specified Traffic Mirror rule.

DestinationCidrBlock and SourceCidrBlock must both be an IPv4 range or an IPv6 range.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTrafficMirrorFilterRuleResult' - parameters: - - name: TrafficMirrorFilterRuleId - in: query - required: true - description: The ID of the Traffic Mirror rule. - schema: - type: string - - name: TrafficDirection - in: query - required: false - description: The type of traffic to assign to the rule. - schema: - type: string - enum: - - ingress - - egress - - name: RuleNumber - in: query - required: false - description: The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number. - schema: - type: integer - - name: RuleAction - in: query - required: false - description: The action to assign to the rule. - schema: - type: string - enum: - - accept - - reject - - name: DestinationPortRange - in: query - required: false - description: The destination ports that are associated with the Traffic Mirror rule. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The last port in the Traffic Mirror port range. This applies to the TCP and UDP protocols. - description: Information about the Traffic Mirror filter rule port range. - - name: SourcePortRange - in: query - required: false - description: The port range to assign to the Traffic Mirror rule. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The last port in the Traffic Mirror port range. This applies to the TCP and UDP protocols. - description: Information about the Traffic Mirror filter rule port range. - - name: Protocol - in: query - required: false - description: 'The protocol, for example TCP, to assign to the Traffic Mirror rule.' - schema: - type: integer - - name: DestinationCidrBlock - in: query - required: false - description: The destination CIDR block to assign to the Traffic Mirror rule. - schema: - type: string - - name: SourceCidrBlock - in: query - required: false - description: The source CIDR block to assign to the Traffic Mirror rule. - schema: - type: string - - name: Description - in: query - required: false - description: The description to assign to the Traffic Mirror rule. - schema: - type: string - - name: RemoveField - in: query - required: false - description: '

The properties that you want to remove from the Traffic Mirror filter rule.

When you remove a property from a Traffic Mirror filter rule, the property is set to the default.

' - schema: - type: array - items: - $ref: '#/components/schemas/TrafficMirrorFilterRuleField' - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyTrafficMirrorFilterRule - operationId: POST_ModifyTrafficMirrorFilterRule - description:

Modifies the specified Traffic Mirror rule.

DestinationCidrBlock and SourceCidrBlock must both be an IPv4 range or an IPv6 range.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTrafficMirrorFilterRuleResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTrafficMirrorFilterRuleRequest' - parameters: [] - /?Action=ModifyTrafficMirrorSession&Version=2016-11-15: - get: - x-aws-operation-name: ModifyTrafficMirrorSession - operationId: GET_ModifyTrafficMirrorSession - description: Modifies a Traffic Mirror session. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTrafficMirrorSessionResult' - parameters: - - name: TrafficMirrorSessionId - in: query - required: true - description: The ID of the Traffic Mirror session. - schema: - type: string - - name: TrafficMirrorTargetId - in: query - required: false - description: 'The Traffic Mirror target. The target must be in the same VPC as the source, or have a VPC peering connection with the source.' - schema: - type: string - - name: TrafficMirrorFilterId - in: query - required: false - description: The ID of the Traffic Mirror filter. - schema: - type: string - - name: PacketLength - in: query - required: false - description: 'The number of bytes in each packet to mirror. These are bytes after the VXLAN header. To mirror a subset, set this to the length (in bytes) to mirror. For example, if you set this value to 100, then the first 100 bytes that meet the filter criteria are copied to the target. Do not specify this parameter when you want to mirror the entire packet.' - schema: - type: integer - - name: SessionNumber - in: query - required: false - description:

The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.

Valid values are 1-32766.

- schema: - type: integer - - name: VirtualNetworkId - in: query - required: false - description: The virtual network ID of the Traffic Mirror session. - schema: - type: integer - - name: Description - in: query - required: false - description: The description to assign to the Traffic Mirror session. - schema: - type: string - - name: RemoveField - in: query - required: false - description: '

The properties that you want to remove from the Traffic Mirror session.

When you remove a property from a Traffic Mirror session, the property is set to the default.

' - schema: - type: array - items: - $ref: '#/components/schemas/TrafficMirrorSessionField' - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyTrafficMirrorSession - operationId: POST_ModifyTrafficMirrorSession - description: Modifies a Traffic Mirror session. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTrafficMirrorSessionResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTrafficMirrorSessionRequest' - parameters: [] - /?Action=ModifyTransitGateway&Version=2016-11-15: - get: - x-aws-operation-name: ModifyTransitGateway - operationId: GET_ModifyTransitGateway - description: 'Modifies the specified transit gateway. When you modify a transit gateway, the modified options are applied to new transit gateway attachments only. Your existing transit gateway attachments are not modified.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTransitGatewayResult' - parameters: - - name: TransitGatewayId - in: query - required: true - description: The ID of the transit gateway. - schema: - type: string - - name: Description - in: query - required: false - description: The description for the transit gateway. - schema: - type: string - - name: Options - in: query - required: false - description: The options to modify. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableId' - - description: The ID of the default propagation route table. - description: The transit gateway options. - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyTransitGateway - operationId: POST_ModifyTransitGateway - description: 'Modifies the specified transit gateway. When you modify a transit gateway, the modified options are applied to new transit gateway attachments only. Your existing transit gateway attachments are not modified.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTransitGatewayResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTransitGatewayRequest' - parameters: [] - /?Action=ModifyTransitGatewayPrefixListReference&Version=2016-11-15: - get: - x-aws-operation-name: ModifyTransitGatewayPrefixListReference - operationId: GET_ModifyTransitGatewayPrefixListReference - description: Modifies a reference (route) to a prefix list in a specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTransitGatewayPrefixListReferenceResult' - parameters: - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the transit gateway route table. - schema: - type: string - - name: PrefixListId - in: query - required: true - description: The ID of the prefix list. - schema: - type: string - - name: TransitGatewayAttachmentId - in: query - required: false - description: The ID of the attachment to which traffic is routed. - schema: - type: string - - name: Blackhole - in: query - required: false - description: Indicates whether to drop traffic that matches this route. - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyTransitGatewayPrefixListReference - operationId: POST_ModifyTransitGatewayPrefixListReference - description: Modifies a reference (route) to a prefix list in a specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTransitGatewayPrefixListReferenceResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTransitGatewayPrefixListReferenceRequest' - parameters: [] - /?Action=ModifyTransitGatewayVpcAttachment&Version=2016-11-15: - get: - x-aws-operation-name: ModifyTransitGatewayVpcAttachment - operationId: GET_ModifyTransitGatewayVpcAttachment - description: Modifies the specified VPC attachment. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTransitGatewayVpcAttachmentResult' - parameters: - - name: TransitGatewayAttachmentId - in: query - required: true - description: The ID of the attachment. - schema: - type: string - - name: AddSubnetIds - in: query - required: false - description: The IDs of one or more subnets to add. You can specify at most one subnet per Availability Zone. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SubnetId' - - xml: - name: item - - name: RemoveSubnetIds - in: query - required: false - description: The IDs of one or more subnets to remove. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SubnetId' - - xml: - name: item - - name: Options - in: query - required: false - description: The new VPC attachment options. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ApplianceModeSupportValue' - - description: 'Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable.' - description: Describes the options for a VPC attachment. - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyTransitGatewayVpcAttachment - operationId: POST_ModifyTransitGatewayVpcAttachment - description: Modifies the specified VPC attachment. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTransitGatewayVpcAttachmentResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyTransitGatewayVpcAttachmentRequest' - parameters: [] - /?Action=ModifyVolume&Version=2016-11-15: - get: - x-aws-operation-name: ModifyVolume - operationId: GET_ModifyVolume - description: '

You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity. If your EBS volume is attached to a current-generation EC2 instance type, you might be able to apply these changes without stopping the instance or detaching the volume from it. For more information about modifying EBS volumes, see Amazon EBS Elastic Volumes (Linux instances) or Amazon EBS Elastic Volumes (Windows instances).

When you complete a resize operation on your volume, you need to extend the volume''s file-system size to take advantage of the new storage capacity. For more information, see Extend a Linux file system or Extend a Windows file system.

You can use CloudWatch Events to check the status of a modification to an EBS volume. For information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. You can also track the status of a modification using DescribeVolumesModifications. For information about tracking status changes using either method, see Monitor the progress of volume modifications.

With previous-generation instance types, resizing an EBS volume might require detaching and reattaching the volume or stopping and restarting the instance.

After modifying a volume, you must wait at least six hours and ensure that the volume is in the in-use or available state before you can modify the same volume. This is sometimes referred to as a cooldown period.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVolumeResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VolumeId - in: query - required: true - description: The ID of the volume. - schema: - type: string - - name: Size - in: query - required: false - description: '

The target size of the volume, in GiB. The target volume size must be greater than or equal to the existing size of the volume.

The following are the supported volumes sizes for each volume type:

Default: The existing size is retained.

' - schema: - type: integer - - name: VolumeType - in: query - required: false - description: '

The target EBS volume type of the volume. For more information, see Amazon EBS volume types in the Amazon Elastic Compute Cloud User Guide.

Default: The existing type is retained.

' - schema: - type: string - enum: - - standard - - io1 - - io2 - - gp2 - - sc1 - - st1 - - gp3 - - name: Iops - in: query - required: false - description: '

The target IOPS rate of the volume. This parameter is valid only for gp3, io1, and io2 volumes.

The following are the supported values for each volume type:

Default: The existing value is retained if you keep the same volume type. If you change the volume type to io1, io2, or gp3, the default is 3,000.

' - schema: - type: integer - - name: Throughput - in: query - required: false - description: '

The target throughput of the volume, in MiB/s. This parameter is valid only for gp3 volumes. The maximum value is 1,000.

Default: The existing value is retained if the source and target volume type is gp3. Otherwise, the default value is 125.

Valid Range: Minimum value of 125. Maximum value of 1000.

' - schema: - type: integer - - name: MultiAttachEnabled - in: query - required: false - description: 'Specifies whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the volume to up to 16 Nitro-based instances in the same Availability Zone. This parameter is supported with io1 and io2 volumes only. For more information, see Amazon EBS Multi-Attach in the Amazon Elastic Compute Cloud User Guide.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyVolume - operationId: POST_ModifyVolume - description: '

You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity. If your EBS volume is attached to a current-generation EC2 instance type, you might be able to apply these changes without stopping the instance or detaching the volume from it. For more information about modifying EBS volumes, see Amazon EBS Elastic Volumes (Linux instances) or Amazon EBS Elastic Volumes (Windows instances).

When you complete a resize operation on your volume, you need to extend the volume''s file-system size to take advantage of the new storage capacity. For more information, see Extend a Linux file system or Extend a Windows file system.

You can use CloudWatch Events to check the status of a modification to an EBS volume. For information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. You can also track the status of a modification using DescribeVolumesModifications. For information about tracking status changes using either method, see Monitor the progress of volume modifications.

With previous-generation instance types, resizing an EBS volume might require detaching and reattaching the volume or stopping and restarting the instance.

After modifying a volume, you must wait at least six hours and ensure that the volume is in the in-use or available state before you can modify the same volume. This is sometimes referred to as a cooldown period.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVolumeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVolumeRequest' - parameters: [] - /?Action=ModifyVolumeAttribute&Version=2016-11-15: - get: - x-aws-operation-name: ModifyVolumeAttribute - operationId: GET_ModifyVolumeAttribute - description: '

Modifies a volume attribute.

By default, all I/O operations for the volume are suspended when the data on the volume is determined to be potentially inconsistent, to prevent undetectable, latent data corruption. The I/O access to the volume can be resumed by first enabling I/O access and then checking the data consistency on your volume.

You can change the default behavior to resume I/O operations. We recommend that you change this only for boot volumes or for volumes that are stateless or disposable.

' - responses: - '200': - description: Success - parameters: - - name: AutoEnableIO - in: query - required: false - description: Indicates whether the volume should be auto-enabled for I/O operations. - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - - name: VolumeId - in: query - required: true - description: The ID of the volume. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyVolumeAttribute - operationId: POST_ModifyVolumeAttribute - description: '

Modifies a volume attribute.

By default, all I/O operations for the volume are suspended when the data on the volume is determined to be potentially inconsistent, to prevent undetectable, latent data corruption. The I/O access to the volume can be resumed by first enabling I/O access and then checking the data consistency on your volume.

You can change the default behavior to resume I/O operations. We recommend that you change this only for boot volumes or for volumes that are stateless or disposable.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVolumeAttributeRequest' - parameters: [] - /?Action=ModifyVpcAttribute&Version=2016-11-15: - get: - x-aws-operation-name: ModifyVpcAttribute - operationId: GET_ModifyVpcAttribute - description: Modifies the specified attribute of the specified VPC. - responses: - '200': - description: Success - parameters: - - name: EnableDnsHostnames - in: query - required: false - description: '

Indicates whether the instances launched in the VPC get DNS hostnames. If enabled, instances in the VPC get DNS hostnames; otherwise, they do not.

You cannot modify the DNS resolution and DNS hostnames attributes in the same request. Use separate requests for each attribute. You can only enable DNS hostnames if you''ve enabled DNS support.

' - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - - name: EnableDnsSupport - in: query - required: false - description: '

Indicates whether the DNS resolution is supported for the VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC network range "plus two" succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is not enabled.

You cannot modify the DNS resolution and DNS hostnames attributes in the same request. Use separate requests for each attribute.

' - schema: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyVpcAttribute - operationId: POST_ModifyVpcAttribute - description: Modifies the specified attribute of the specified VPC. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcAttributeRequest' - parameters: [] - /?Action=ModifyVpcEndpoint&Version=2016-11-15: - get: - x-aws-operation-name: ModifyVpcEndpoint - operationId: GET_ModifyVpcEndpoint - description: 'Modifies attributes of a specified VPC endpoint. The attributes that you can modify depend on the type of VPC endpoint (interface, gateway, or Gateway Load Balancer). For more information, see the Amazon Web Services PrivateLink Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcEndpointResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcEndpointId - in: query - required: true - description: The ID of the endpoint. - schema: - type: string - - name: ResetPolicy - in: query - required: false - description: (Gateway endpoint) Specify true to reset the policy document to the default policy. The default policy allows full access to the service. - schema: - type: boolean - - name: PolicyDocument - in: query - required: false - description: (Interface and gateway endpoints) A policy to attach to the endpoint that controls access to the service. The policy must be in valid JSON format. - schema: - type: string - - name: AddRouteTableId - in: query - required: false - description: (Gateway endpoint) One or more route tables IDs to associate with the endpoint. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/RouteTableId' - - xml: - name: item - - name: RemoveRouteTableId - in: query - required: false - description: (Gateway endpoint) One or more route table IDs to disassociate from the endpoint. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/RouteTableId' - - xml: - name: item - - name: AddSubnetId - in: query - required: false - description: '(Interface and Gateway Load Balancer endpoints) One or more subnet IDs in which to serve the endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SubnetId' - - xml: - name: item - - name: RemoveSubnetId - in: query - required: false - description: (Interface endpoint) One or more subnets IDs in which to remove the endpoint. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SubnetId' - - xml: - name: item - - name: AddSecurityGroupId - in: query - required: false - description: (Interface endpoint) One or more security group IDs to associate with the network interface. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: item - - name: RemoveSecurityGroupId - in: query - required: false - description: (Interface endpoint) One or more security group IDs to disassociate from the network interface. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: item - - name: IpAddressType - in: query - required: false - description: The IP address type for the endpoint. - schema: - type: string - enum: - - ipv4 - - dualstack - - ipv6 - - name: DnsOptions - in: query - required: false - description: The DNS options for the endpoint. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/DnsRecordIpType' - - description: The DNS records created for the endpoint. - description: Describes the DNS options for an endpoint. - - name: PrivateDnsEnabled - in: query - required: false - description: (Interface endpoint) Indicates whether a private hosted zone is associated with the VPC. - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyVpcEndpoint - operationId: POST_ModifyVpcEndpoint - description: 'Modifies attributes of a specified VPC endpoint. The attributes that you can modify depend on the type of VPC endpoint (interface, gateway, or Gateway Load Balancer). For more information, see the Amazon Web Services PrivateLink Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcEndpointResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcEndpointRequest' - parameters: [] - /?Action=ModifyVpcEndpointConnectionNotification&Version=2016-11-15: - get: - x-aws-operation-name: ModifyVpcEndpointConnectionNotification - operationId: GET_ModifyVpcEndpointConnectionNotification - description: 'Modifies a connection notification for VPC endpoint or VPC endpoint service. You can change the SNS topic for the notification, or the events for which to be notified. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcEndpointConnectionNotificationResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ConnectionNotificationId - in: query - required: true - description: The ID of the notification. - schema: - type: string - - name: ConnectionNotificationArn - in: query - required: false - description: The ARN for the SNS topic for the notification. - schema: - type: string - - name: ConnectionEvents - in: query - required: false - description: 'One or more events for the endpoint. Valid values are Accept, Connect, Delete, and Reject.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyVpcEndpointConnectionNotification - operationId: POST_ModifyVpcEndpointConnectionNotification - description: 'Modifies a connection notification for VPC endpoint or VPC endpoint service. You can change the SNS topic for the notification, or the events for which to be notified. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcEndpointConnectionNotificationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcEndpointConnectionNotificationRequest' - parameters: [] - /?Action=ModifyVpcEndpointServiceConfiguration&Version=2016-11-15: - get: - x-aws-operation-name: ModifyVpcEndpointServiceConfiguration - operationId: GET_ModifyVpcEndpointServiceConfiguration - description: '

Modifies the attributes of your VPC endpoint service configuration. You can change the Network Load Balancers or Gateway Load Balancers for your service, and you can specify whether acceptance is required for requests to connect to your endpoint service through an interface VPC endpoint.

If you set or modify the private DNS name, you must prove that you own the private DNS domain name.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcEndpointServiceConfigurationResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ServiceId - in: query - required: true - description: The ID of the service. - schema: - type: string - - name: PrivateDnsName - in: query - required: false - description: (Interface endpoint configuration) The private DNS name to assign to the endpoint service. - schema: - type: string - - name: RemovePrivateDnsName - in: query - required: false - description: (Interface endpoint configuration) Removes the private DNS name of the endpoint service. - schema: - type: boolean - - name: AcceptanceRequired - in: query - required: false - description: Indicates whether requests to create an endpoint to your service must be accepted. - schema: - type: boolean - - name: AddNetworkLoadBalancerArn - in: query - required: false - description: The Amazon Resource Names (ARNs) of Network Load Balancers to add to your service configuration. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: RemoveNetworkLoadBalancerArn - in: query - required: false - description: The Amazon Resource Names (ARNs) of Network Load Balancers to remove from your service configuration. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: AddGatewayLoadBalancerArn - in: query - required: false - description: The Amazon Resource Names (ARNs) of Gateway Load Balancers to add to your service configuration. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: RemoveGatewayLoadBalancerArn - in: query - required: false - description: The Amazon Resource Names (ARNs) of Gateway Load Balancers to remove from your service configuration. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: AddSupportedIpAddressType - in: query - required: false - description: The IP address types to add to your service configuration. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: RemoveSupportedIpAddressType - in: query - required: false - description: The IP address types to remove from your service configuration. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyVpcEndpointServiceConfiguration - operationId: POST_ModifyVpcEndpointServiceConfiguration - description: '

Modifies the attributes of your VPC endpoint service configuration. You can change the Network Load Balancers or Gateway Load Balancers for your service, and you can specify whether acceptance is required for requests to connect to your endpoint service through an interface VPC endpoint.

If you set or modify the private DNS name, you must prove that you own the private DNS domain name.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcEndpointServiceConfigurationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcEndpointServiceConfigurationRequest' - parameters: [] - /?Action=ModifyVpcEndpointServicePayerResponsibility&Version=2016-11-15: - get: - x-aws-operation-name: ModifyVpcEndpointServicePayerResponsibility - operationId: GET_ModifyVpcEndpointServicePayerResponsibility - description: Modifies the payer responsibility for your VPC endpoint service. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcEndpointServicePayerResponsibilityResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ServiceId - in: query - required: true - description: The ID of the service. - schema: - type: string - - name: PayerResponsibility - in: query - required: true - description: 'The entity that is responsible for the endpoint costs. The default is the endpoint owner. If you set the payer responsibility to the service owner, you cannot set it back to the endpoint owner.' - schema: - type: string - enum: - - ServiceOwner - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyVpcEndpointServicePayerResponsibility - operationId: POST_ModifyVpcEndpointServicePayerResponsibility - description: Modifies the payer responsibility for your VPC endpoint service. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcEndpointServicePayerResponsibilityResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcEndpointServicePayerResponsibilityRequest' - parameters: [] - /?Action=ModifyVpcEndpointServicePermissions&Version=2016-11-15: - get: - x-aws-operation-name: ModifyVpcEndpointServicePermissions - operationId: GET_ModifyVpcEndpointServicePermissions - description: '

Modifies the permissions for your VPC endpoint service. You can add or remove permissions for service consumers (IAM users, IAM roles, and Amazon Web Services accounts) to connect to your endpoint service.

If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcEndpointServicePermissionsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ServiceId - in: query - required: true - description: The ID of the service. - schema: - type: string - - name: AddAllowedPrincipals - in: query - required: false - description: 'The Amazon Resource Names (ARN) of one or more principals. Permissions are granted to the principals in this list. To grant permissions to all principals, specify an asterisk (*).' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: RemoveAllowedPrincipals - in: query - required: false - description: The Amazon Resource Names (ARN) of one or more principals. Permissions are revoked for principals in this list. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyVpcEndpointServicePermissions - operationId: POST_ModifyVpcEndpointServicePermissions - description: '

Modifies the permissions for your VPC endpoint service. You can add or remove permissions for service consumers (IAM users, IAM roles, and Amazon Web Services accounts) to connect to your endpoint service.

If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcEndpointServicePermissionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcEndpointServicePermissionsRequest' - parameters: [] - /?Action=ModifyVpcPeeringConnectionOptions&Version=2016-11-15: - get: - x-aws-operation-name: ModifyVpcPeeringConnectionOptions - operationId: GET_ModifyVpcPeeringConnectionOptions - description: '

Modifies the VPC peering connection options on one side of a VPC peering connection. You can do the following:

If the peered VPCs are in the same Amazon Web Services account, you can enable DNS resolution for queries from the local VPC. This ensures that queries from the local VPC resolve to private IP addresses in the peer VPC. This option is not available if the peered VPCs are in different different Amazon Web Services accounts or different Regions. For peered VPCs in different Amazon Web Services accounts, each Amazon Web Services account owner must initiate a separate request to modify the peering connection options. For inter-region peering connections, you must use the Region for the requester VPC to modify the requester VPC peering options and the Region for the accepter VPC to modify the accepter VPC peering options. To verify which VPCs are the accepter and the requester for a VPC peering connection, use the DescribeVpcPeeringConnections command.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcPeeringConnectionOptionsResult' - parameters: - - name: AccepterPeeringConnectionOptions - in: query - required: false - description: The VPC peering connection options for the accepter VPC. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If true, enables outbound communication from instances in a local VPC to an EC2-Classic instance that''s linked to a peer VPC using ClassicLink.' - description: The VPC peering connection options. - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: RequesterPeeringConnectionOptions - in: query - required: false - description: The VPC peering connection options for the requester VPC. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If true, enables outbound communication from instances in a local VPC to an EC2-Classic instance that''s linked to a peer VPC using ClassicLink.' - description: The VPC peering connection options. - - name: VpcPeeringConnectionId - in: query - required: true - description: The ID of the VPC peering connection. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyVpcPeeringConnectionOptions - operationId: POST_ModifyVpcPeeringConnectionOptions - description: '

Modifies the VPC peering connection options on one side of a VPC peering connection. You can do the following:

If the peered VPCs are in the same Amazon Web Services account, you can enable DNS resolution for queries from the local VPC. This ensures that queries from the local VPC resolve to private IP addresses in the peer VPC. This option is not available if the peered VPCs are in different different Amazon Web Services accounts or different Regions. For peered VPCs in different Amazon Web Services accounts, each Amazon Web Services account owner must initiate a separate request to modify the peering connection options. For inter-region peering connections, you must use the Region for the requester VPC to modify the requester VPC peering options and the Region for the accepter VPC to modify the accepter VPC peering options. To verify which VPCs are the accepter and the requester for a VPC peering connection, use the DescribeVpcPeeringConnections command.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcPeeringConnectionOptionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcPeeringConnectionOptionsRequest' - parameters: [] - /?Action=ModifyVpcTenancy&Version=2016-11-15: - get: - x-aws-operation-name: ModifyVpcTenancy - operationId: GET_ModifyVpcTenancy - description: '

Modifies the instance tenancy attribute of the specified VPC. You can change the instance tenancy attribute of a VPC to default only. You cannot change the instance tenancy attribute to dedicated.

After you modify the tenancy of the VPC, any new instances that you launch into the VPC have a tenancy of default, unless you specify otherwise during launch. The tenancy of any existing instances in the VPC is not affected.

For more information, see Dedicated Instances in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcTenancyResult' - parameters: - - name: VpcId - in: query - required: true - description: The ID of the VPC. - schema: - type: string - - name: InstanceTenancy - in: query - required: true - description: 'The instance tenancy attribute for the VPC. ' - schema: - type: string - enum: - - default - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyVpcTenancy - operationId: POST_ModifyVpcTenancy - description: '

Modifies the instance tenancy attribute of the specified VPC. You can change the instance tenancy attribute of a VPC to default only. You cannot change the instance tenancy attribute to dedicated.

After you modify the tenancy of the VPC, any new instances that you launch into the VPC have a tenancy of default, unless you specify otherwise during launch. The tenancy of any existing instances in the VPC is not affected.

For more information, see Dedicated Instances in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcTenancyResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpcTenancyRequest' - parameters: [] - /?Action=ModifyVpnConnection&Version=2016-11-15: - get: - x-aws-operation-name: ModifyVpnConnection - operationId: GET_ModifyVpnConnection - description: '

Modifies the customer gateway or the target gateway of an Amazon Web Services Site-to-Site VPN connection. To modify the target gateway, the following migration options are available:

Before you perform the migration to the new gateway, you must configure the new gateway. Use CreateVpnGateway to create a virtual private gateway, or CreateTransitGateway to create a transit gateway.

This step is required when you migrate from a virtual private gateway with static routes to a transit gateway.

You must delete the static routes before you migrate to the new gateway.

Keep a copy of the static route before you delete it. You will need to add back these routes to the transit gateway after the VPN connection migration is complete.

After you migrate to the new gateway, you might need to modify your VPC route table. Use CreateRoute and DeleteRoute to make the changes described in Update VPC route tables in the Amazon Web Services Site-to-Site VPN User Guide.

When the new gateway is a transit gateway, modify the transit gateway route table to allow traffic between the VPC and the Amazon Web Services Site-to-Site VPN connection. Use CreateTransitGatewayRoute to add the routes.

If you deleted VPN static routes, you must add the static routes to the transit gateway route table.

After you perform this operation, the VPN endpoint''s IP addresses on the Amazon Web Services side and the tunnel options remain intact. Your Amazon Web Services Site-to-Site VPN connection will be temporarily unavailable for a brief period while we provision the new endpoints.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpnConnectionResult' - parameters: - - name: VpnConnectionId - in: query - required: true - description: The ID of the VPN connection. - schema: - type: string - - name: TransitGatewayId - in: query - required: false - description: The ID of the transit gateway. - schema: - type: string - - name: CustomerGatewayId - in: query - required: false - description: The ID of the customer gateway at your end of the VPN connection. - schema: - type: string - - name: VpnGatewayId - in: query - required: false - description: The ID of the virtual private gateway at the Amazon Web Services side of the VPN connection. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyVpnConnection - operationId: POST_ModifyVpnConnection - description: '

Modifies the customer gateway or the target gateway of an Amazon Web Services Site-to-Site VPN connection. To modify the target gateway, the following migration options are available:

Before you perform the migration to the new gateway, you must configure the new gateway. Use CreateVpnGateway to create a virtual private gateway, or CreateTransitGateway to create a transit gateway.

This step is required when you migrate from a virtual private gateway with static routes to a transit gateway.

You must delete the static routes before you migrate to the new gateway.

Keep a copy of the static route before you delete it. You will need to add back these routes to the transit gateway after the VPN connection migration is complete.

After you migrate to the new gateway, you might need to modify your VPC route table. Use CreateRoute and DeleteRoute to make the changes described in Update VPC route tables in the Amazon Web Services Site-to-Site VPN User Guide.

When the new gateway is a transit gateway, modify the transit gateway route table to allow traffic between the VPC and the Amazon Web Services Site-to-Site VPN connection. Use CreateTransitGatewayRoute to add the routes.

If you deleted VPN static routes, you must add the static routes to the transit gateway route table.

After you perform this operation, the VPN endpoint''s IP addresses on the Amazon Web Services side and the tunnel options remain intact. Your Amazon Web Services Site-to-Site VPN connection will be temporarily unavailable for a brief period while we provision the new endpoints.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpnConnectionResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpnConnectionRequest' - parameters: [] - /?Action=ModifyVpnConnectionOptions&Version=2016-11-15: - get: - x-aws-operation-name: ModifyVpnConnectionOptions - operationId: GET_ModifyVpnConnectionOptions - description: '

Modifies the connection options for your Site-to-Site VPN connection.

When you modify the VPN connection options, the VPN endpoint IP addresses on the Amazon Web Services side do not change, and the tunnel options do not change. Your VPN connection will be temporarily unavailable for a brief period while the VPN connection is updated.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpnConnectionOptionsResult' - parameters: - - name: VpnConnectionId - in: query - required: true - description: 'The ID of the Site-to-Site VPN connection. ' - schema: - type: string - - name: LocalIpv4NetworkCidr - in: query - required: false - description: '

The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.

Default: 0.0.0.0/0

' - schema: - type: string - - name: RemoteIpv4NetworkCidr - in: query - required: false - description: '

The IPv4 CIDR on the Amazon Web Services side of the VPN connection.

Default: 0.0.0.0/0

' - schema: - type: string - - name: LocalIpv6NetworkCidr - in: query - required: false - description: '

The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.

Default: ::/0

' - schema: - type: string - - name: RemoteIpv6NetworkCidr - in: query - required: false - description: '

The IPv6 CIDR on the Amazon Web Services side of the VPN connection.

Default: ::/0

' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyVpnConnectionOptions - operationId: POST_ModifyVpnConnectionOptions - description: '

Modifies the connection options for your Site-to-Site VPN connection.

When you modify the VPN connection options, the VPN endpoint IP addresses on the Amazon Web Services side do not change, and the tunnel options do not change. Your VPN connection will be temporarily unavailable for a brief period while the VPN connection is updated.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpnConnectionOptionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpnConnectionOptionsRequest' - parameters: [] - /?Action=ModifyVpnTunnelCertificate&Version=2016-11-15: - get: - x-aws-operation-name: ModifyVpnTunnelCertificate - operationId: GET_ModifyVpnTunnelCertificate - description: Modifies the VPN tunnel endpoint certificate. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpnTunnelCertificateResult' - parameters: - - name: VpnConnectionId - in: query - required: true - description: The ID of the Amazon Web Services Site-to-Site VPN connection. - schema: - type: string - - name: VpnTunnelOutsideIpAddress - in: query - required: true - description: The external IP address of the VPN tunnel. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyVpnTunnelCertificate - operationId: POST_ModifyVpnTunnelCertificate - description: Modifies the VPN tunnel endpoint certificate. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpnTunnelCertificateResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpnTunnelCertificateRequest' - parameters: [] - /?Action=ModifyVpnTunnelOptions&Version=2016-11-15: - get: - x-aws-operation-name: ModifyVpnTunnelOptions - operationId: GET_ModifyVpnTunnelOptions - description: 'Modifies the options for a VPN tunnel in an Amazon Web Services Site-to-Site VPN connection. You can modify multiple options for a tunnel in a single request, but you can only modify one tunnel at a time. For more information, see Site-to-Site VPN tunnel options for your Site-to-Site VPN connection in the Amazon Web Services Site-to-Site VPN User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpnTunnelOptionsResult' - parameters: - - name: VpnConnectionId - in: query - required: true - description: The ID of the Amazon Web Services Site-to-Site VPN connection. - schema: - type: string - - name: VpnTunnelOutsideIpAddress - in: query - required: true - description: The external IP address of the VPN tunnel. - schema: - type: string - - name: TunnelOptions - in: query - required: true - description: The tunnel options to modify. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session.

Valid Values: clear | none | restart

Default: clear

' - Phase1EncryptionAlgorithm: - allOf: - - $ref: '#/components/schemas/Phase1EncryptionAlgorithmsRequestList' - - description: '

One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

' - Phase2EncryptionAlgorithm: - allOf: - - $ref: '#/components/schemas/Phase2EncryptionAlgorithmsRequestList' - - description: '

One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

' - Phase1IntegrityAlgorithm: - allOf: - - $ref: '#/components/schemas/Phase1IntegrityAlgorithmsRequestList' - - description: '

One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

' - Phase2IntegrityAlgorithm: - allOf: - - $ref: '#/components/schemas/Phase2IntegrityAlgorithmsRequestList' - - description: '

One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

' - Phase1DHGroupNumber: - allOf: - - $ref: '#/components/schemas/Phase1DHGroupNumbersRequestList' - - description: '

One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

' - Phase2DHGroupNumber: - allOf: - - $ref: '#/components/schemas/Phase2DHGroupNumbersRequestList' - - description: '

One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

' - IKEVersion: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for Amazon Web Services to initiate the IKE negotiation.

Valid Values: add | start

Default: add

' - description: The Amazon Web Services Site-to-Site VPN tunnel options to modify. - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ModifyVpnTunnelOptions - operationId: POST_ModifyVpnTunnelOptions - description: 'Modifies the options for a VPN tunnel in an Amazon Web Services Site-to-Site VPN connection. You can modify multiple options for a tunnel in a single request, but you can only modify one tunnel at a time. For more information, see Site-to-Site VPN tunnel options for your Site-to-Site VPN connection in the Amazon Web Services Site-to-Site VPN User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpnTunnelOptionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ModifyVpnTunnelOptionsRequest' - parameters: [] - /?Action=MonitorInstances&Version=2016-11-15: - get: - x-aws-operation-name: MonitorInstances - operationId: GET_MonitorInstances - description: '

Enables detailed monitoring for a running instance. Otherwise, basic monitoring is enabled. For more information, see Monitor your instances using CloudWatch in the Amazon EC2 User Guide.

To disable detailed monitoring, see UnmonitorInstances.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/MonitorInstancesResult' - parameters: - - name: InstanceId - in: query - required: true - description: The IDs of the instances. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceId' - - xml: - name: InstanceId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: MonitorInstances - operationId: POST_MonitorInstances - description: '

Enables detailed monitoring for a running instance. Otherwise, basic monitoring is enabled. For more information, see Monitor your instances using CloudWatch in the Amazon EC2 User Guide.

To disable detailed monitoring, see UnmonitorInstances.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/MonitorInstancesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/MonitorInstancesRequest' - parameters: [] - /?Action=MoveAddressToVpc&Version=2016-11-15: - get: - x-aws-operation-name: MoveAddressToVpc - operationId: GET_MoveAddressToVpc - description: 'Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC platform. The Elastic IP address must be allocated to your account for more than 24 hours, and it must not be associated with an instance. After the Elastic IP address is moved, it is no longer available for use in the EC2-Classic platform, unless you move it back using the RestoreAddressToClassic request. You cannot move an Elastic IP address that was originally allocated for use in the EC2-VPC platform to the EC2-Classic platform. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/MoveAddressToVpcResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: PublicIp - in: query - required: true - description: The Elastic IP address. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: MoveAddressToVpc - operationId: POST_MoveAddressToVpc - description: 'Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC platform. The Elastic IP address must be allocated to your account for more than 24 hours, and it must not be associated with an instance. After the Elastic IP address is moved, it is no longer available for use in the EC2-Classic platform, unless you move it back using the RestoreAddressToClassic request. You cannot move an Elastic IP address that was originally allocated for use in the EC2-VPC platform to the EC2-Classic platform. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/MoveAddressToVpcResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/MoveAddressToVpcRequest' - parameters: [] - /?Action=MoveByoipCidrToIpam&Version=2016-11-15: - get: - x-aws-operation-name: MoveByoipCidrToIpam - operationId: GET_MoveByoipCidrToIpam - description: '

Move an BYOIP IPv4 CIDR to IPAM from a public IPv4 pool.

If you already have an IPv4 BYOIP CIDR with Amazon Web Services, you can move the CIDR to IPAM from a public IPv4 pool. You cannot move an IPv6 CIDR to IPAM. If you are bringing a new IP address to Amazon Web Services for the first time, complete the steps in Tutorial: BYOIP address CIDRs to IPAM.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/MoveByoipCidrToIpamResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Cidr - in: query - required: true - description: The BYOIP CIDR. - schema: - type: string - - name: IpamPoolId - in: query - required: true - description: The IPAM pool ID. - schema: - type: string - - name: IpamPoolOwner - in: query - required: true - description: The Amazon Web Services account ID of the owner of the IPAM pool. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: MoveByoipCidrToIpam - operationId: POST_MoveByoipCidrToIpam - description: '

Move an BYOIP IPv4 CIDR to IPAM from a public IPv4 pool.

If you already have an IPv4 BYOIP CIDR with Amazon Web Services, you can move the CIDR to IPAM from a public IPv4 pool. You cannot move an IPv6 CIDR to IPAM. If you are bringing a new IP address to Amazon Web Services for the first time, complete the steps in Tutorial: BYOIP address CIDRs to IPAM.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/MoveByoipCidrToIpamResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/MoveByoipCidrToIpamRequest' - parameters: [] - /?Action=ProvisionByoipCidr&Version=2016-11-15: - get: - x-aws-operation-name: ProvisionByoipCidr - operationId: GET_ProvisionByoipCidr - description: '

Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised using AdvertiseByoipCidr.

Amazon Web Services verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see Bring your own IP addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide.

Provisioning an address range is an asynchronous operation, so the call returns immediately, but the address range is not ready to use until its status changes from pending-provision to provisioned. To monitor the status of an address range, use DescribeByoipCidrs. To allocate an Elastic IP address from your IPv4 address pool, use AllocateAddress with either the specific address from the address pool or the ID of the address pool.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ProvisionByoipCidrResult' - parameters: - - name: Cidr - in: query - required: true - description: 'The public IPv4 or IPv6 address range, in CIDR notation. The most specific IPv4 prefix that you can specify is /24. The most specific IPv6 prefix you can specify is /56. The address range cannot overlap with another address range that you''ve brought to this or another Region.' - schema: - type: string - - name: CidrAuthorizationContext - in: query - required: false - description: A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP. - schema: - type: object - required: - - Message - - Signature - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The signed authorization message for the prefix and account. - description: 'Provides authorization for Amazon to bring a specific IP address range to a specific Amazon Web Services account using bring your own IP addresses (BYOIP). For more information, see Configuring your BYOIP address range in the Amazon Elastic Compute Cloud User Guide.' - - name: PubliclyAdvertisable - in: query - required: false - description: '

(IPv6 only) Indicate whether the address range will be publicly advertised to the internet.

Default: true

' - schema: - type: boolean - - name: Description - in: query - required: false - description: A description for the address range and the address pool. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: PoolTagSpecification - in: query - required: false - description: The tags to apply to the address pool. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: MultiRegion - in: query - required: false - description: Reserved. - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ProvisionByoipCidr - operationId: POST_ProvisionByoipCidr - description: '

Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised using AdvertiseByoipCidr.

Amazon Web Services verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see Bring your own IP addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide.

Provisioning an address range is an asynchronous operation, so the call returns immediately, but the address range is not ready to use until its status changes from pending-provision to provisioned. To monitor the status of an address range, use DescribeByoipCidrs. To allocate an Elastic IP address from your IPv4 address pool, use AllocateAddress with either the specific address from the address pool or the ID of the address pool.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ProvisionByoipCidrResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ProvisionByoipCidrRequest' - parameters: [] - /?Action=ProvisionIpamPoolCidr&Version=2016-11-15: - get: - x-aws-operation-name: ProvisionIpamPoolCidr - operationId: GET_ProvisionIpamPoolCidr - description: '

Provision a CIDR to an IPAM pool. You can use this action to provision new CIDRs to a top-level pool or to transfer a CIDR from a top-level pool to a pool within it.

For more information, see Provision CIDRs to pools in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ProvisionIpamPoolCidrResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IpamPoolId - in: query - required: true - description: The ID of the IPAM pool to which you want to assign a CIDR. - schema: - type: string - - name: Cidr - in: query - required: false - description: The CIDR you want to assign to the IPAM pool. - schema: - type: string - - name: CidrAuthorizationContext - in: query - required: false - description: A signed document that proves that you are authorized to bring a specified IP address range to Amazon using BYOIP. This option applies to public pools only. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The signed authorization message for the prefix and account. - description: A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP. - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ProvisionIpamPoolCidr - operationId: POST_ProvisionIpamPoolCidr - description: '

Provision a CIDR to an IPAM pool. You can use this action to provision new CIDRs to a top-level pool or to transfer a CIDR from a top-level pool to a pool within it.

For more information, see Provision CIDRs to pools in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ProvisionIpamPoolCidrResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ProvisionIpamPoolCidrRequest' - parameters: [] - /?Action=ProvisionPublicIpv4PoolCidr&Version=2016-11-15: - get: - x-aws-operation-name: ProvisionPublicIpv4PoolCidr - operationId: GET_ProvisionPublicIpv4PoolCidr - description: '

Provision a CIDR to a public IPv4 pool.

For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ProvisionPublicIpv4PoolCidrResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IpamPoolId - in: query - required: true - description: The ID of the IPAM pool you would like to use to allocate this CIDR. - schema: - type: string - - name: PoolId - in: query - required: true - description: The ID of the public IPv4 pool you would like to use for this CIDR. - schema: - type: string - - name: NetmaskLength - in: query - required: true - description: The netmask length of the CIDR you would like to allocate to the public IPv4 pool. - schema: - type: integer - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ProvisionPublicIpv4PoolCidr - operationId: POST_ProvisionPublicIpv4PoolCidr - description: '

Provision a CIDR to a public IPv4 pool.

For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ProvisionPublicIpv4PoolCidrResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ProvisionPublicIpv4PoolCidrRequest' - parameters: [] - /?Action=PurchaseHostReservation&Version=2016-11-15: - get: - x-aws-operation-name: PurchaseHostReservation - operationId: GET_PurchaseHostReservation - description: Purchase a reservation with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation. This action results in the specified reservation being purchased and charged to your account. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/PurchaseHostReservationResult' - parameters: - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' - schema: - type: string - - name: CurrencyCode - in: query - required: false - description: 'The currency in which the totalUpfrontPrice, LimitPrice, and totalHourlyPrice amounts are specified. At this time, the only supported currency is USD.' - schema: - type: string - enum: - - USD - - name: HostIdSet - in: query - required: true - description: The IDs of the Dedicated Hosts with which the reservation will be associated. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/DedicatedHostId' - - xml: - name: item - - name: LimitPrice - in: query - required: false - description: 'The specified limit is checked against the total upfront cost of the reservation (calculated as the offering''s upfront cost multiplied by the host count). If the total upfront cost is greater than the specified price limit, the request fails. This is used to ensure that the purchase does not exceed the expected upfront cost of the purchase. At this time, the only supported currency is USD. For example, to indicate a limit price of USD 100, specify 100.00.' - schema: - type: string - - name: OfferingId - in: query - required: true - description: The ID of the offering. - schema: - type: string - - name: TagSpecification - in: query - required: false - description: The tags to apply to the Dedicated Host Reservation during purchase. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: PurchaseHostReservation - operationId: POST_PurchaseHostReservation - description: Purchase a reservation with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation. This action results in the specified reservation being purchased and charged to your account. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/PurchaseHostReservationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/PurchaseHostReservationRequest' - parameters: [] - /?Action=PurchaseReservedInstancesOffering&Version=2016-11-15: - get: - x-aws-operation-name: PurchaseReservedInstancesOffering - operationId: GET_PurchaseReservedInstancesOffering - description: '

Purchases a Reserved Instance for use with your account. With Reserved Instances, you pay a lower hourly rate compared to On-Demand instance pricing.

Use DescribeReservedInstancesOfferings to get a list of Reserved Instance offerings that match your specifications. After you''ve purchased a Reserved Instance, you can check for your new Reserved Instance with DescribeReservedInstances.

To queue a purchase for a future date and time, specify a purchase time. If you do not specify a purchase time, the default is the current time.

For more information, see Reserved Instances and Reserved Instance Marketplace in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/PurchaseReservedInstancesOfferingResult' - parameters: - - name: InstanceCount - in: query - required: true - description: The number of Reserved Instances to purchase. - schema: - type: integer - - name: ReservedInstancesOfferingId - in: query - required: true - description: The ID of the Reserved Instance offering to purchase. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: LimitPrice - in: query - required: false - description: Specified for Reserved Instance Marketplace offerings to limit the total order and ensure that the Reserved Instances are not purchased at unexpected prices. - schema: - type: object - properties: - amount: - allOf: - - $ref: '#/components/schemas/Double' - - description: Used for Reserved Instance Marketplace offerings. Specifies the limit price on the total order (instanceCount * price). - currencyCode: - allOf: - - $ref: '#/components/schemas/CurrencyCodeValues' - - description: 'The currency in which the limitPrice amount is specified. At this time, the only supported currency is USD.' - description: Describes the limit price of a Reserved Instance offering. - - name: PurchaseTime - in: query - required: false - description: 'The time at which to purchase the Reserved Instance, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - schema: - type: string - format: date-time - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: PurchaseReservedInstancesOffering - operationId: POST_PurchaseReservedInstancesOffering - description: '

Purchases a Reserved Instance for use with your account. With Reserved Instances, you pay a lower hourly rate compared to On-Demand instance pricing.

Use DescribeReservedInstancesOfferings to get a list of Reserved Instance offerings that match your specifications. After you''ve purchased a Reserved Instance, you can check for your new Reserved Instance with DescribeReservedInstances.

To queue a purchase for a future date and time, specify a purchase time. If you do not specify a purchase time, the default is the current time.

For more information, see Reserved Instances and Reserved Instance Marketplace in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/PurchaseReservedInstancesOfferingResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/PurchaseReservedInstancesOfferingRequest' - parameters: [] - /?Action=PurchaseScheduledInstances&Version=2016-11-15: - get: - x-aws-operation-name: PurchaseScheduledInstances - operationId: GET_PurchaseScheduledInstances - description: '

Purchases the Scheduled Instances with the specified schedule.

Scheduled Instances enable you to purchase Amazon EC2 compute capacity by the hour for a one-year term. Before you can purchase a Scheduled Instance, you must call DescribeScheduledInstanceAvailability to check for available schedules and obtain a purchase token. After you purchase a Scheduled Instance, you must call RunScheduledInstances during each scheduled time period.

After you purchase a Scheduled Instance, you can''t cancel, modify, or resell your purchase.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/PurchaseScheduledInstancesResult' - parameters: - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that ensures the idempotency of the request. For more information, see Ensuring Idempotency.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: PurchaseRequest - in: query - required: true - description: The purchase requests. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/PurchaseRequest' - - xml: - name: PurchaseRequest - minItems: 1 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: PurchaseScheduledInstances - operationId: POST_PurchaseScheduledInstances - description: '

Purchases the Scheduled Instances with the specified schedule.

Scheduled Instances enable you to purchase Amazon EC2 compute capacity by the hour for a one-year term. Before you can purchase a Scheduled Instance, you must call DescribeScheduledInstanceAvailability to check for available schedules and obtain a purchase token. After you purchase a Scheduled Instance, you must call RunScheduledInstances during each scheduled time period.

After you purchase a Scheduled Instance, you can''t cancel, modify, or resell your purchase.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/PurchaseScheduledInstancesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/PurchaseScheduledInstancesRequest' - parameters: [] - /?Action=RebootInstances&Version=2016-11-15: - get: - x-aws-operation-name: RebootInstances - operationId: GET_RebootInstances - description: '

Requests a reboot of the specified instances. This operation is asynchronous; it only queues a request to reboot the specified instances. The operation succeeds if the instances are valid and belong to you. Requests to reboot terminated instances are ignored.

If an instance does not cleanly shut down within a few minutes, Amazon EC2 performs a hard reboot.

For more information about troubleshooting, see Troubleshoot an unreachable instance in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - parameters: - - name: InstanceId - in: query - required: true - description: The instance IDs. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceId' - - xml: - name: InstanceId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RebootInstances - operationId: POST_RebootInstances - description: '

Requests a reboot of the specified instances. This operation is asynchronous; it only queues a request to reboot the specified instances. The operation succeeds if the instances are valid and belong to you. Requests to reboot terminated instances are ignored.

If an instance does not cleanly shut down within a few minutes, Amazon EC2 performs a hard reboot.

For more information about troubleshooting, see Troubleshoot an unreachable instance in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RebootInstancesRequest' - parameters: [] - /?Action=RegisterImage&Version=2016-11-15: - get: - x-aws-operation-name: RegisterImage - operationId: GET_RegisterImage - description: '

Registers an AMI. When you''re creating an AMI, this is the final step you must complete before you can launch an instance from the AMI. For more information about creating AMIs, see Creating your own AMIs in the Amazon Elastic Compute Cloud User Guide.

For Amazon EBS-backed instances, CreateImage creates and registers the AMI in a single request, so you don''t have to register the AMI yourself.

If needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by an instance store volume invalidates its registration. If you make changes to an image, deregister the previous image and register the new image.

Register a snapshot of a root device volume

You can use RegisterImage to create an Amazon EBS-backed Linux AMI from a snapshot of a root device volume. You specify the snapshot using a block device mapping. You can''t set the encryption state of the volume using the block device mapping. If the snapshot is encrypted, or encryption by default is enabled, the root volume of an instance launched from the AMI is encrypted.

For more information, see Create a Linux AMI from a snapshot and Use encryption with Amazon EBS-backed AMIs in the Amazon Elastic Compute Cloud User Guide.

Amazon Web Services Marketplace product codes

If any snapshots have Amazon Web Services Marketplace product codes, they are copied to the new AMI.

Windows and some Linux distributions, such as Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES), use the Amazon EC2 billing product code associated with an AMI to verify the subscription status for package updates. To create a new AMI for operating systems that require a billing product code, instead of registering the AMI, do the following to preserve the billing product code association:

  1. Launch an instance from an existing AMI with that billing product code.

  2. Customize the instance.

  3. Create an AMI from the instance using CreateImage.

If you purchase a Reserved Instance to apply to an On-Demand Instance that was launched from an AMI with a billing product code, make sure that the Reserved Instance has the matching billing product code. If you purchase a Reserved Instance without the matching billing product code, the Reserved Instance will not be applied to the On-Demand Instance. For information about how to obtain the platform details and billing information of an AMI, see Understanding AMI billing in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RegisterImageResult' - parameters: - - name: ImageLocation - in: query - required: false - description: 'The full path to your AMI manifest in Amazon S3 storage. The specified bucket must have the aws-exec-read canned access control list (ACL) to ensure that it can be accessed by Amazon EC2. For more information, see Canned ACLs in the Amazon S3 Service Developer Guide.' - schema: - type: string - - name: Architecture - in: query - required: false - description: '

The architecture of the AMI.

Default: For Amazon EBS-backed AMIs, i386. For instance store-backed AMIs, the architecture specified in the manifest file.

' - schema: - type: string - enum: - - i386 - - x86_64 - - arm64 - - x86_64_mac - - name: BlockDeviceMapping - in: query - required: false - description: '

The block device mapping entries.

If you specify an Amazon EBS volume using the ID of an Amazon EBS snapshot, you can''t specify the encryption state of the volume.

If you create an AMI on an Outpost, then all backing snapshots must be on the same Outpost or in the Region of that Outpost. AMIs on an Outpost that include local snapshots can be used to launch instances on the same Outpost only. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/BlockDeviceMapping' - - xml: - name: BlockDeviceMapping - - name: Description - in: query - required: false - description: A description for your AMI. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: EnaSupport - in: query - required: false - description:

Set to true to enable enhanced networking with ENA for the AMI and any instances that you launch from the AMI.

This option is supported only for HVM AMIs. Specifying this option with a PV AMI can make instances launched from the AMI unreachable.

- schema: - type: boolean - - name: KernelId - in: query - required: false - description: The ID of the kernel. - schema: - type: string - - name: Name - in: query - required: true - description: '

A name for your AMI.

Constraints: 3-128 alphanumeric characters, parentheses (()), square brackets ([]), spaces ( ), periods (.), slashes (/), dashes (-), single quotes (''), at-signs (@), or underscores(_)

' - schema: - type: string - - name: BillingProduct - in: query - required: false - description: 'The billing product codes. Your account must be authorized to specify billing product codes. Otherwise, you can use the Amazon Web Services Marketplace to bill for the use of an AMI.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: RamdiskId - in: query - required: false - description: The ID of the RAM disk. - schema: - type: string - - name: RootDeviceName - in: query - required: false - description: 'The device name of the root device volume (for example, /dev/sda1).' - schema: - type: string - - name: SriovNetSupport - in: query - required: false - description:

Set to simple to enable enhanced networking with the Intel 82599 Virtual Function interface for the AMI and any instances that you launch from the AMI.

There is no way to disable sriovNetSupport at this time.

This option is supported only for HVM AMIs. Specifying this option with a PV AMI can make instances launched from the AMI unreachable.

- schema: - type: string - - name: VirtualizationType - in: query - required: false - description: '

The type of virtualization (hvm | paravirtual).

Default: paravirtual

' - schema: - type: string - - name: BootMode - in: query - required: false - description: 'The boot mode of the AMI. For more information, see Boot modes in the Amazon Elastic Compute Cloud User Guide.' - schema: - type: string - enum: - - legacy-bios - - uefi - - name: TpmSupport - in: query - required: false - description: 'Set to v2.0 to enable Trusted Platform Module (TPM) support. For more information, see NitroTPM in the Amazon Elastic Compute Cloud User Guide.' - schema: - type: string - enum: - - v2.0 - - name: UefiData - in: query - required: false - description: 'Base64 representation of the non-volatile UEFI variable store. To retrieve the UEFI data, use the GetInstanceUefiData command. You can inspect and modify the UEFI data by using the python-uefivars tool on GitHub. For more information, see UEFI Secure Boot in the Amazon Elastic Compute Cloud User Guide.' - schema: - type: string - minLength: 0 - maxLength: 64000 - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RegisterImage - operationId: POST_RegisterImage - description: '

Registers an AMI. When you''re creating an AMI, this is the final step you must complete before you can launch an instance from the AMI. For more information about creating AMIs, see Creating your own AMIs in the Amazon Elastic Compute Cloud User Guide.

For Amazon EBS-backed instances, CreateImage creates and registers the AMI in a single request, so you don''t have to register the AMI yourself.

If needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by an instance store volume invalidates its registration. If you make changes to an image, deregister the previous image and register the new image.

Register a snapshot of a root device volume

You can use RegisterImage to create an Amazon EBS-backed Linux AMI from a snapshot of a root device volume. You specify the snapshot using a block device mapping. You can''t set the encryption state of the volume using the block device mapping. If the snapshot is encrypted, or encryption by default is enabled, the root volume of an instance launched from the AMI is encrypted.

For more information, see Create a Linux AMI from a snapshot and Use encryption with Amazon EBS-backed AMIs in the Amazon Elastic Compute Cloud User Guide.

Amazon Web Services Marketplace product codes

If any snapshots have Amazon Web Services Marketplace product codes, they are copied to the new AMI.

Windows and some Linux distributions, such as Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES), use the Amazon EC2 billing product code associated with an AMI to verify the subscription status for package updates. To create a new AMI for operating systems that require a billing product code, instead of registering the AMI, do the following to preserve the billing product code association:

  1. Launch an instance from an existing AMI with that billing product code.

  2. Customize the instance.

  3. Create an AMI from the instance using CreateImage.

If you purchase a Reserved Instance to apply to an On-Demand Instance that was launched from an AMI with a billing product code, make sure that the Reserved Instance has the matching billing product code. If you purchase a Reserved Instance without the matching billing product code, the Reserved Instance will not be applied to the On-Demand Instance. For information about how to obtain the platform details and billing information of an AMI, see Understanding AMI billing in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RegisterImageResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RegisterImageRequest' - parameters: [] - /?Action=RegisterInstanceEventNotificationAttributes&Version=2016-11-15: - get: - x-aws-operation-name: RegisterInstanceEventNotificationAttributes - operationId: GET_RegisterInstanceEventNotificationAttributes - description: '

Registers a set of tag keys to include in scheduled event notifications for your resources.

To remove tags, use DeregisterInstanceEventNotificationAttributes.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RegisterInstanceEventNotificationAttributesResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceTagAttribute - in: query - required: false - description: Information about the tag keys to register. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to register all tag keys in the current Region. Specify true to register all tag keys. - InstanceTagKey: - allOf: - - $ref: '#/components/schemas/InstanceTagKeySet' - - description: The tag keys to register. - description: Information about the tag keys to register for the current Region. You can either specify individual tag keys or register all tag keys in the current Region. You must specify either IncludeAllTagsOfInstance or InstanceTagKeys in the request - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RegisterInstanceEventNotificationAttributes - operationId: POST_RegisterInstanceEventNotificationAttributes - description: '

Registers a set of tag keys to include in scheduled event notifications for your resources.

To remove tags, use DeregisterInstanceEventNotificationAttributes.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RegisterInstanceEventNotificationAttributesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RegisterInstanceEventNotificationAttributesRequest' - parameters: [] - /?Action=RegisterTransitGatewayMulticastGroupMembers&Version=2016-11-15: - get: - x-aws-operation-name: RegisterTransitGatewayMulticastGroupMembers - operationId: GET_RegisterTransitGatewayMulticastGroupMembers - description: '

Registers members (network interfaces) with the transit gateway multicast group. A member is a network interface associated with a supported EC2 instance that receives multicast traffic. For information about supported instances, see Multicast Consideration in Amazon VPC Transit Gateways.

After you add the members, use SearchTransitGatewayMulticastGroups to verify that the members were added to the transit gateway multicast group.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RegisterTransitGatewayMulticastGroupMembersResult' - parameters: - - name: TransitGatewayMulticastDomainId - in: query - required: false - description: The ID of the transit gateway multicast domain. - schema: - type: string - - name: GroupIpAddress - in: query - required: false - description: The IP address assigned to the transit gateway multicast group. - schema: - type: string - - name: NetworkInterfaceIds - in: query - required: false - description: The group members' network interface IDs to register with the transit gateway multicast group. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RegisterTransitGatewayMulticastGroupMembers - operationId: POST_RegisterTransitGatewayMulticastGroupMembers - description: '

Registers members (network interfaces) with the transit gateway multicast group. A member is a network interface associated with a supported EC2 instance that receives multicast traffic. For information about supported instances, see Multicast Consideration in Amazon VPC Transit Gateways.

After you add the members, use SearchTransitGatewayMulticastGroups to verify that the members were added to the transit gateway multicast group.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RegisterTransitGatewayMulticastGroupMembersResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RegisterTransitGatewayMulticastGroupMembersRequest' - parameters: [] - /?Action=RegisterTransitGatewayMulticastGroupSources&Version=2016-11-15: - get: - x-aws-operation-name: RegisterTransitGatewayMulticastGroupSources - operationId: GET_RegisterTransitGatewayMulticastGroupSources - description: '

Registers sources (network interfaces) with the specified transit gateway multicast group.

A multicast source is a network interface attached to a supported instance that sends multicast traffic. For information about supported instances, see Multicast Considerations in Amazon VPC Transit Gateways.

After you add the source, use SearchTransitGatewayMulticastGroups to verify that the source was added to the multicast group.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RegisterTransitGatewayMulticastGroupSourcesResult' - parameters: - - name: TransitGatewayMulticastDomainId - in: query - required: false - description: The ID of the transit gateway multicast domain. - schema: - type: string - - name: GroupIpAddress - in: query - required: false - description: The IP address assigned to the transit gateway multicast group. - schema: - type: string - - name: NetworkInterfaceIds - in: query - required: false - description: The group sources' network interface IDs to register with the transit gateway multicast group. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RegisterTransitGatewayMulticastGroupSources - operationId: POST_RegisterTransitGatewayMulticastGroupSources - description: '

Registers sources (network interfaces) with the specified transit gateway multicast group.

A multicast source is a network interface attached to a supported instance that sends multicast traffic. For information about supported instances, see Multicast Considerations in Amazon VPC Transit Gateways.

After you add the source, use SearchTransitGatewayMulticastGroups to verify that the source was added to the multicast group.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RegisterTransitGatewayMulticastGroupSourcesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RegisterTransitGatewayMulticastGroupSourcesRequest' - parameters: [] - /?Action=RejectTransitGatewayMulticastDomainAssociations&Version=2016-11-15: - get: - x-aws-operation-name: RejectTransitGatewayMulticastDomainAssociations - operationId: GET_RejectTransitGatewayMulticastDomainAssociations - description: Rejects a request to associate cross-account subnets with a transit gateway multicast domain. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RejectTransitGatewayMulticastDomainAssociationsResult' - parameters: - - name: TransitGatewayMulticastDomainId - in: query - required: false - description: The ID of the transit gateway multicast domain. - schema: - type: string - - name: TransitGatewayAttachmentId - in: query - required: false - description: The ID of the transit gateway attachment. - schema: - type: string - - name: SubnetIds - in: query - required: false - description: The IDs of the subnets to associate with the transit gateway multicast domain. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RejectTransitGatewayMulticastDomainAssociations - operationId: POST_RejectTransitGatewayMulticastDomainAssociations - description: Rejects a request to associate cross-account subnets with a transit gateway multicast domain. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RejectTransitGatewayMulticastDomainAssociationsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RejectTransitGatewayMulticastDomainAssociationsRequest' - parameters: [] - /?Action=RejectTransitGatewayPeeringAttachment&Version=2016-11-15: - get: - x-aws-operation-name: RejectTransitGatewayPeeringAttachment - operationId: GET_RejectTransitGatewayPeeringAttachment - description: Rejects a transit gateway peering attachment request. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RejectTransitGatewayPeeringAttachmentResult' - parameters: - - name: TransitGatewayAttachmentId - in: query - required: true - description: The ID of the transit gateway peering attachment. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RejectTransitGatewayPeeringAttachment - operationId: POST_RejectTransitGatewayPeeringAttachment - description: Rejects a transit gateway peering attachment request. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RejectTransitGatewayPeeringAttachmentResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RejectTransitGatewayPeeringAttachmentRequest' - parameters: [] - /?Action=RejectTransitGatewayVpcAttachment&Version=2016-11-15: - get: - x-aws-operation-name: RejectTransitGatewayVpcAttachment - operationId: GET_RejectTransitGatewayVpcAttachment - description:

Rejects a request to attach a VPC to a transit gateway.

The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use AcceptTransitGatewayVpcAttachment to accept a VPC attachment request.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RejectTransitGatewayVpcAttachmentResult' - parameters: - - name: TransitGatewayAttachmentId - in: query - required: true - description: The ID of the attachment. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RejectTransitGatewayVpcAttachment - operationId: POST_RejectTransitGatewayVpcAttachment - description:

Rejects a request to attach a VPC to a transit gateway.

The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use AcceptTransitGatewayVpcAttachment to accept a VPC attachment request.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RejectTransitGatewayVpcAttachmentResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RejectTransitGatewayVpcAttachmentRequest' - parameters: [] - /?Action=RejectVpcEndpointConnections&Version=2016-11-15: - get: - x-aws-operation-name: RejectVpcEndpointConnections - operationId: GET_RejectVpcEndpointConnections - description: Rejects one or more VPC endpoint connection requests to your VPC endpoint service. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RejectVpcEndpointConnectionsResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ServiceId - in: query - required: true - description: The ID of the service. - schema: - type: string - - name: VpcEndpointId - in: query - required: true - description: The IDs of one or more VPC endpoints. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcEndpointId' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RejectVpcEndpointConnections - operationId: POST_RejectVpcEndpointConnections - description: Rejects one or more VPC endpoint connection requests to your VPC endpoint service. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RejectVpcEndpointConnectionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RejectVpcEndpointConnectionsRequest' - parameters: [] - /?Action=RejectVpcPeeringConnection&Version=2016-11-15: - get: - x-aws-operation-name: RejectVpcPeeringConnection - operationId: GET_RejectVpcPeeringConnection - description: 'Rejects a VPC peering connection request. The VPC peering connection must be in the pending-acceptance state. Use the DescribeVpcPeeringConnections request to view your outstanding VPC peering connection requests. To delete an active VPC peering connection, or to delete a VPC peering connection request that you initiated, use DeleteVpcPeeringConnection.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RejectVpcPeeringConnectionResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcPeeringConnectionId - in: query - required: true - description: The ID of the VPC peering connection. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RejectVpcPeeringConnection - operationId: POST_RejectVpcPeeringConnection - description: 'Rejects a VPC peering connection request. The VPC peering connection must be in the pending-acceptance state. Use the DescribeVpcPeeringConnections request to view your outstanding VPC peering connection requests. To delete an active VPC peering connection, or to delete a VPC peering connection request that you initiated, use DeleteVpcPeeringConnection.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RejectVpcPeeringConnectionResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RejectVpcPeeringConnectionRequest' - parameters: [] - /?Action=ReleaseAddress&Version=2016-11-15: - get: - x-aws-operation-name: ReleaseAddress - operationId: GET_ReleaseAddress - description: '

Releases the specified Elastic IP address.

[EC2-Classic, default VPC] Releasing an Elastic IP address automatically disassociates it from any instance that it''s associated with. To disassociate an Elastic IP address without releasing it, use DisassociateAddress.

[Nondefault VPC] You must use DisassociateAddress to disassociate the Elastic IP address before you can release it. Otherwise, Amazon EC2 returns an error (InvalidIPAddress.InUse).

After releasing an Elastic IP address, it is released to the IP address pool. Be sure to update your DNS records and any servers or devices that communicate with the address. If you attempt to release an Elastic IP address that you already released, you''ll get an AuthFailure error if the address is already allocated to another Amazon Web Services account.

[EC2-VPC] After you release an Elastic IP address for use in a VPC, you might be able to recover it. For more information, see AllocateAddress.

' - responses: - '200': - description: Success - parameters: - - name: AllocationId - in: query - required: false - description: '[EC2-VPC] The allocation ID. Required for EC2-VPC.' - schema: - type: string - - name: PublicIp - in: query - required: false - description: '[EC2-Classic] The Elastic IP address. Required for EC2-Classic.' - schema: - type: string - - name: NetworkBorderGroup - in: query - required: false - description: '

The set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses.

If you provide an incorrect network border group, you receive an InvalidAddress.NotFound error.

You cannot use a network border group with EC2 Classic. If you attempt this operation on EC2 classic, you receive an InvalidParameterCombination error.

' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ReleaseAddress - operationId: POST_ReleaseAddress - description: '

Releases the specified Elastic IP address.

[EC2-Classic, default VPC] Releasing an Elastic IP address automatically disassociates it from any instance that it''s associated with. To disassociate an Elastic IP address without releasing it, use DisassociateAddress.

[Nondefault VPC] You must use DisassociateAddress to disassociate the Elastic IP address before you can release it. Otherwise, Amazon EC2 returns an error (InvalidIPAddress.InUse).

After releasing an Elastic IP address, it is released to the IP address pool. Be sure to update your DNS records and any servers or devices that communicate with the address. If you attempt to release an Elastic IP address that you already released, you''ll get an AuthFailure error if the address is already allocated to another Amazon Web Services account.

[EC2-VPC] After you release an Elastic IP address for use in a VPC, you might be able to recover it. For more information, see AllocateAddress.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ReleaseAddressRequest' - parameters: [] - /?Action=ReleaseHosts&Version=2016-11-15: - get: - x-aws-operation-name: ReleaseHosts - operationId: GET_ReleaseHosts - description: '

When you no longer want to use an On-Demand Dedicated Host it can be released. On-Demand billing is stopped and the host goes into released state. The host ID of Dedicated Hosts that have been released can no longer be specified in another request, for example, to modify the host. You must stop or terminate all instances on a host before it can be released.

When Dedicated Hosts are released, it may take some time for them to stop counting toward your limit and you may receive capacity errors when trying to allocate new Dedicated Hosts. Wait a few minutes and then try again.

Released hosts still appear in a DescribeHosts response.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ReleaseHostsResult' - parameters: - - name: HostId - in: query - required: true - description: The IDs of the Dedicated Hosts to release. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/DedicatedHostId' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ReleaseHosts - operationId: POST_ReleaseHosts - description: '

When you no longer want to use an On-Demand Dedicated Host it can be released. On-Demand billing is stopped and the host goes into released state. The host ID of Dedicated Hosts that have been released can no longer be specified in another request, for example, to modify the host. You must stop or terminate all instances on a host before it can be released.

When Dedicated Hosts are released, it may take some time for them to stop counting toward your limit and you may receive capacity errors when trying to allocate new Dedicated Hosts. Wait a few minutes and then try again.

Released hosts still appear in a DescribeHosts response.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ReleaseHostsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ReleaseHostsRequest' - parameters: [] - /?Action=ReleaseIpamPoolAllocation&Version=2016-11-15: - get: - x-aws-operation-name: ReleaseIpamPoolAllocation - operationId: GET_ReleaseIpamPoolAllocation - description: 'Release an allocation within an IPAM pool. You can only use this action to release manual allocations. To remove an allocation for a resource without deleting the resource, set its monitored state to false using ModifyIpamResourceCidr. For more information, see Release an allocation in the Amazon VPC IPAM User Guide. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ReleaseIpamPoolAllocationResult' - parameters: - - name: DryRun - in: query - required: false - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: IpamPoolId - in: query - required: true - description: The ID of the IPAM pool which contains the allocation you want to release. - schema: - type: string - - name: Cidr - in: query - required: true - description: The CIDR of the allocation you want to release. - schema: - type: string - - name: IpamPoolAllocationId - in: query - required: true - description: The ID of the allocation. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ReleaseIpamPoolAllocation - operationId: POST_ReleaseIpamPoolAllocation - description: 'Release an allocation within an IPAM pool. You can only use this action to release manual allocations. To remove an allocation for a resource without deleting the resource, set its monitored state to false using ModifyIpamResourceCidr. For more information, see Release an allocation in the Amazon VPC IPAM User Guide. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ReleaseIpamPoolAllocationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ReleaseIpamPoolAllocationRequest' - parameters: [] - /?Action=ReplaceIamInstanceProfileAssociation&Version=2016-11-15: - get: - x-aws-operation-name: ReplaceIamInstanceProfileAssociation - operationId: GET_ReplaceIamInstanceProfileAssociation - description:

Replaces an IAM instance profile for the specified running instance. You can use this action to change the IAM instance profile that's associated with an instance without having to disassociate the existing IAM instance profile first.

Use DescribeIamInstanceProfileAssociations to get the association ID.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ReplaceIamInstanceProfileAssociationResult' - parameters: - - name: IamInstanceProfile - in: query - required: true - description: The IAM instance profile. - schema: - type: object - properties: - arn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the instance profile. - name: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the instance profile. - description: Describes an IAM instance profile. - - name: AssociationId - in: query - required: true - description: The ID of the existing IAM instance profile association. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ReplaceIamInstanceProfileAssociation - operationId: POST_ReplaceIamInstanceProfileAssociation - description:

Replaces an IAM instance profile for the specified running instance. You can use this action to change the IAM instance profile that's associated with an instance without having to disassociate the existing IAM instance profile first.

Use DescribeIamInstanceProfileAssociations to get the association ID.

- responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ReplaceIamInstanceProfileAssociationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ReplaceIamInstanceProfileAssociationRequest' - parameters: [] - /?Action=ReplaceNetworkAclAssociation&Version=2016-11-15: - get: - x-aws-operation-name: ReplaceNetworkAclAssociation - operationId: GET_ReplaceNetworkAclAssociation - description: '

Changes which network ACL a subnet is associated with. By default when you create a subnet, it''s automatically associated with the default network ACL. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

This is an idempotent operation.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ReplaceNetworkAclAssociationResult' - parameters: - - name: AssociationId - in: query - required: true - description: The ID of the current association between the original network ACL and the subnet. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NetworkAclId - in: query - required: true - description: The ID of the new network ACL to associate with the subnet. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ReplaceNetworkAclAssociation - operationId: POST_ReplaceNetworkAclAssociation - description: '

Changes which network ACL a subnet is associated with. By default when you create a subnet, it''s automatically associated with the default network ACL. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

This is an idempotent operation.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ReplaceNetworkAclAssociationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ReplaceNetworkAclAssociationRequest' - parameters: [] - /?Action=ReplaceNetworkAclEntry&Version=2016-11-15: - get: - x-aws-operation-name: ReplaceNetworkAclEntry - operationId: GET_ReplaceNetworkAclEntry - description: 'Replaces an entry (rule) in a network ACL. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.' - responses: - '200': - description: Success - parameters: - - name: CidrBlock - in: query - required: false - description: 'The IPv4 network range to allow or deny, in CIDR notation (for example 172.16.0.0/24).' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Egress - in: query - required: true - description: '

Indicates whether to replace the egress rule.

Default: If no value is specified, we replace the ingress rule.

' - schema: - type: boolean - - name: Icmp - in: query - required: false - description: 'ICMP protocol: The ICMP or ICMPv6 type and code. Required if specifying protocol 1 (ICMP) or protocol 58 (ICMPv6) with an IPv6 CIDR block.' - schema: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The ICMP code. A value of -1 means all codes for the specified ICMP type. - type: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The ICMP type. A value of -1 means all types. - description: Describes the ICMP type and code. - - name: Ipv6CidrBlock - in: query - required: false - description: 'The IPv6 network range to allow or deny, in CIDR notation (for example 2001:bd8:1234:1a00::/64).' - schema: - type: string - - name: NetworkAclId - in: query - required: true - description: The ID of the ACL. - schema: - type: string - - name: PortRange - in: query - required: false - description: 'TCP or UDP protocols: The range of ports the rule applies to. Required if specifying protocol 6 (TCP) or 17 (UDP).' - schema: - type: object - properties: - from: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The first port in the range. - to: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The last port in the range. - description: Describes a range of ports. - - name: Protocol - in: query - required: true - description: 'The protocol number. A value of "-1" means all protocols. If you specify "-1" or a protocol number other than "6" (TCP), "17" (UDP), or "1" (ICMP), traffic on all ports is allowed, regardless of any ports or ICMP types or codes that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv4 CIDR block, traffic for all ICMP types and codes allowed, regardless of any that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv6 CIDR block, you must specify an ICMP type and code.' - schema: - type: string - - name: RuleAction - in: query - required: true - description: Indicates whether to allow or deny the traffic that matches the rule. - schema: - type: string - enum: - - allow - - deny - - name: RuleNumber - in: query - required: true - description: The rule number of the entry to replace. - schema: - type: integer - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ReplaceNetworkAclEntry - operationId: POST_ReplaceNetworkAclEntry - description: 'Replaces an entry (rule) in a network ACL. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ReplaceNetworkAclEntryRequest' - parameters: [] - /?Action=ReplaceRoute&Version=2016-11-15: - get: - x-aws-operation-name: ReplaceRoute - operationId: GET_ReplaceRoute - description: '

Replaces an existing route within a route table in a VPC. You must provide only one of the following: internet gateway, virtual private gateway, NAT instance, NAT gateway, VPC peering connection, network interface, egress-only internet gateway, or transit gateway.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - parameters: - - name: DestinationCidrBlock - in: query - required: false - description: The IPv4 CIDR address block used for the destination match. The value that you provide must match the CIDR of an existing route in the table. - schema: - type: string - - name: DestinationIpv6CidrBlock - in: query - required: false - description: The IPv6 CIDR address block used for the destination match. The value that you provide must match the CIDR of an existing route in the table. - schema: - type: string - - name: DestinationPrefixListId - in: query - required: false - description: The ID of the prefix list for the route. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: VpcEndpointId - in: query - required: false - description: The ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only. - schema: - type: string - - name: EgressOnlyInternetGatewayId - in: query - required: false - description: '[IPv6 traffic only] The ID of an egress-only internet gateway.' - schema: - type: string - - name: GatewayId - in: query - required: false - description: The ID of an internet gateway or virtual private gateway. - schema: - type: string - - name: InstanceId - in: query - required: false - description: The ID of a NAT instance in your VPC. - schema: - type: string - - name: LocalTarget - in: query - required: false - description: Specifies whether to reset the local route to its default target (local). - schema: - type: boolean - - name: NatGatewayId - in: query - required: false - description: '[IPv4 traffic only] The ID of a NAT gateway.' - schema: - type: string - - name: TransitGatewayId - in: query - required: false - description: The ID of a transit gateway. - schema: - type: string - - name: LocalGatewayId - in: query - required: false - description: The ID of the local gateway. - schema: - type: string - - name: CarrierGatewayId - in: query - required: false - description: '[IPv4 traffic only] The ID of a carrier gateway.' - schema: - type: string - - name: NetworkInterfaceId - in: query - required: false - description: The ID of a network interface. - schema: - type: string - - name: RouteTableId - in: query - required: true - description: The ID of the route table. - schema: - type: string - - name: VpcPeeringConnectionId - in: query - required: false - description: The ID of a VPC peering connection. - schema: - type: string - - name: CoreNetworkArn - in: query - required: false - description: The Amazon Resource Name (ARN) of the core network. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ReplaceRoute - operationId: POST_ReplaceRoute - description: '

Replaces an existing route within a route table in a VPC. You must provide only one of the following: internet gateway, virtual private gateway, NAT instance, NAT gateway, VPC peering connection, network interface, egress-only internet gateway, or transit gateway.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ReplaceRouteRequest' - parameters: [] - /?Action=ReplaceRouteTableAssociation&Version=2016-11-15: - get: - x-aws-operation-name: ReplaceRouteTableAssociation - operationId: GET_ReplaceRouteTableAssociation - description: '

Changes the route table associated with a given subnet, internet gateway, or virtual private gateway in a VPC. After the operation completes, the subnet or gateway uses the routes in the new route table. For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide.

You can also use this operation to change which table is the main route table in the VPC. Specify the main route table''s association ID and the route table ID of the new main route table.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ReplaceRouteTableAssociationResult' - parameters: - - name: AssociationId - in: query - required: true - description: The association ID. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: RouteTableId - in: query - required: true - description: The ID of the new route table to associate with the subnet. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ReplaceRouteTableAssociation - operationId: POST_ReplaceRouteTableAssociation - description: '

Changes the route table associated with a given subnet, internet gateway, or virtual private gateway in a VPC. After the operation completes, the subnet or gateway uses the routes in the new route table. For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide.

You can also use this operation to change which table is the main route table in the VPC. Specify the main route table''s association ID and the route table ID of the new main route table.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ReplaceRouteTableAssociationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ReplaceRouteTableAssociationRequest' - parameters: [] - /?Action=ReplaceTransitGatewayRoute&Version=2016-11-15: - get: - x-aws-operation-name: ReplaceTransitGatewayRoute - operationId: GET_ReplaceTransitGatewayRoute - description: Replaces the specified route in the specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ReplaceTransitGatewayRouteResult' - parameters: - - name: DestinationCidrBlock - in: query - required: true - description: The CIDR range used for the destination match. Routing decisions are based on the most specific match. - schema: - type: string - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the route table. - schema: - type: string - - name: TransitGatewayAttachmentId - in: query - required: false - description: The ID of the attachment. - schema: - type: string - - name: Blackhole - in: query - required: false - description: Indicates whether traffic matching this route is to be dropped. - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ReplaceTransitGatewayRoute - operationId: POST_ReplaceTransitGatewayRoute - description: Replaces the specified route in the specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ReplaceTransitGatewayRouteResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ReplaceTransitGatewayRouteRequest' - parameters: [] - /?Action=ReportInstanceStatus&Version=2016-11-15: - get: - x-aws-operation-name: ReportInstanceStatus - operationId: GET_ReportInstanceStatus - description: '

Submits feedback about the status of an instance. The instance must be in the running state. If your experience with the instance differs from the instance status returned by DescribeInstanceStatus, use ReportInstanceStatus to report your experience with the instance. Amazon EC2 collects this information to improve the accuracy of status checks.

Use of this action does not change the value returned by DescribeInstanceStatus.

' - responses: - '200': - description: Success - parameters: - - name: Description - in: query - required: false - description: Descriptive text about the health state of your instance. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: EndTime - in: query - required: false - description: The time at which the reported instance health state ended. - schema: - type: string - format: date-time - - name: InstanceId - in: query - required: true - description: The instances. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceId' - - xml: - name: InstanceId - - name: ReasonCode - in: query - required: true - description: '

The reason codes that describe the health state of your instance.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReportInstanceReasonCodes' - - xml: - name: item - - name: StartTime - in: query - required: false - description: The time at which the reported instance health state began. - schema: - type: string - format: date-time - - name: Status - in: query - required: true - description: The status of all instances listed. - schema: - type: string - enum: - - ok - - impaired - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ReportInstanceStatus - operationId: POST_ReportInstanceStatus - description: '

Submits feedback about the status of an instance. The instance must be in the running state. If your experience with the instance differs from the instance status returned by DescribeInstanceStatus, use ReportInstanceStatus to report your experience with the instance. Amazon EC2 collects this information to improve the accuracy of status checks.

Use of this action does not change the value returned by DescribeInstanceStatus.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ReportInstanceStatusRequest' - parameters: [] - /?Action=RequestSpotFleet&Version=2016-11-15: - get: - x-aws-operation-name: RequestSpotFleet - operationId: GET_RequestSpotFleet - description: '

Creates a Spot Fleet request.

The Spot Fleet request specifies the total target capacity and the On-Demand target capacity. Amazon EC2 calculates the difference between the total capacity and On-Demand capacity, and launches the difference as Spot capacity.

You can submit a single request that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet.

By default, the Spot Fleet requests Spot Instances in the Spot Instance pool where the price per unit is the lowest. Each launch specification can include its own instance weighting that reflects the value of the instance type to your application workload.

Alternatively, you can specify that the Spot Fleet distribute the target capacity across the Spot pools included in its launch specifications. By ensuring that the Spot Instances in your Spot Fleet are in different Spot pools, you can improve the availability of your fleet.

You can specify tags for the Spot Fleet request and instances launched by the fleet. You cannot tag other resource types in a Spot Fleet request because only the spot-fleet-request and instance resource types are supported.

For more information, see Spot Fleet requests in the Amazon EC2 User Guide for Linux Instances.

We strongly discourage using the RequestSpotFleet API because it is a legacy API with no planned investment. For options for requesting Spot Instances, see Which is the best Spot request method to use? in the Amazon EC2 User Guide for Linux Instances.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RequestSpotFleetResponse' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: SpotFleetRequestConfig - in: query - required: true - description: The configuration for the Spot Fleet request. - schema: - type: object - required: - - IamFleetRole - - TargetCapacity - properties: - allocationStrategy: - allOf: - - $ref: '#/components/schemas/AllocationStrategy' - - description: '

Indicates how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the Spot Fleet request.

If the allocation strategy is lowestPrice, Spot Fleet launches instances from the Spot Instance pools with the lowest price. This is the default allocation strategy.

If the allocation strategy is diversified, Spot Fleet launches instances from all the Spot Instance pools that you specify.

If the allocation strategy is capacityOptimized (recommended), Spot Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching. To give certain instance types a higher chance of launching first, use capacityOptimizedPrioritized. Set a priority for each instance type by using the Priority parameter for LaunchTemplateOverrides. You can assign the same priority to different LaunchTemplateOverrides. EC2 implements the priorities on a best-effort basis, but optimizes for capacity first. capacityOptimizedPrioritized is supported only if your Spot Fleet uses a launch template. Note that if the OnDemandAllocationStrategy is set to prioritized, the same priority is applied when fulfilling On-Demand capacity.

' - onDemandAllocationStrategy: - allOf: - - $ref: '#/components/schemas/OnDemandAllocationStrategy' - - description: 'The order of the launch template overrides to use in fulfilling On-Demand capacity. If you specify lowestPrice, Spot Fleet uses price to determine the order, launching the lowest price first. If you specify prioritized, Spot Fleet uses the priority that you assign to each Spot Fleet launch template override, launching the highest priority first. If you do not specify a value, Spot Fleet defaults to lowestPrice.' - spotMaintenanceStrategies: - allOf: - - $ref: '#/components/schemas/SpotMaintenanceStrategies' - - description: The strategies for managing your Spot Instances that are at an elevated risk of being interrupted. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of your listings. This helps to avoid duplicate listings. For more information, see Ensuring Idempotency.' - excessCapacityTerminationPolicy: - allOf: - - $ref: '#/components/schemas/ExcessCapacityTerminationPolicy' - - description: Indicates whether running Spot Instances should be terminated if you decrease the target capacity of the Spot Fleet request below the current size of the Spot Fleet. - fulfilledCapacity: - allOf: - - $ref: '#/components/schemas/Double' - - description: The number of units fulfilled by this request compared to the set target capacity. You cannot set this value. - onDemandFulfilledCapacity: - allOf: - - $ref: '#/components/schemas/Double' - - description: The number of On-Demand units fulfilled by this request compared to the set target On-Demand capacity. - iamFleetRole: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that grants the Spot Fleet the permission to request, launch, terminate, and tag instances on your behalf. For more information, see Spot Fleet prerequisites in the Amazon EC2 User Guide for Linux Instances. Spot Fleet can terminate Spot Instances on your behalf when you cancel its Spot Fleet request using CancelSpotFleetRequests or when the Spot Fleet request expires, if you set TerminateInstancesWithExpiration.' - launchSpecifications: - allOf: - - $ref: '#/components/schemas/LaunchSpecsList' - - description: 'The launch specifications for the Spot Fleet request. If you specify LaunchSpecifications, you can''t specify LaunchTemplateConfigs. If you include On-Demand capacity in your request, you must use LaunchTemplateConfigs.' - launchTemplateConfigs: - allOf: - - $ref: '#/components/schemas/LaunchTemplateConfigList' - - description: 'The launch template and overrides. If you specify LaunchTemplateConfigs, you can''t specify LaunchSpecifications. If you include On-Demand capacity in your request, you must use LaunchTemplateConfigs.' - spotPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The maximum price per unit hour that you are willing to pay for a Spot Instance. The default is the On-Demand price. - targetCapacity: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The number of units to request for the Spot Fleet. You can choose to set the target capacity in terms of instances or a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.' - onDemandTargetCapacity: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The number of On-Demand units to request. You can choose to set the target capacity in terms of instances or a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.' - onDemandMaxTotalPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The maximum amount per hour for On-Demand Instances that you''re willing to pay. You can use the onDemandMaxTotalPrice parameter, the spotMaxTotalPrice parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, Spot Fleet will launch instances until it reaches the maximum amount you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity.' - spotMaxTotalPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The maximum amount per hour for Spot Instances that you''re willing to pay. You can use the spotdMaxTotalPrice parameter, the onDemandMaxTotalPrice parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, Spot Fleet will launch instances until it reaches the maximum amount you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity.' - terminateInstancesWithExpiration: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether running Spot Instances are terminated when the Spot Fleet request expires. - type: - allOf: - - $ref: '#/components/schemas/FleetType' - - description: 'The type of request. Indicates whether the Spot Fleet only requests the target capacity or also attempts to maintain it. When this value is request, the Spot Fleet only places the required requests. It does not attempt to replenish Spot Instances if capacity is diminished, nor does it submit requests in alternative Spot pools if capacity is not available. When this value is maintain, the Spot Fleet maintains the target capacity. The Spot Fleet places the required requests to meet capacity and automatically replenishes any interrupted instances. Default: maintain. instant is listed but is not used by Spot Fleet.' - validFrom: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The start date and time of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). By default, Amazon EC2 starts fulfilling the request immediately.' - validUntil: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The end date and time of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). After the end date and time, no new Spot Instance requests are placed or able to fulfill the request. If no value is specified, the Spot Fleet request remains until you cancel it.' - replaceUnhealthyInstances: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether Spot Fleet should replace unhealthy instances. - instanceInterruptionBehavior: - allOf: - - $ref: '#/components/schemas/InstanceInterruptionBehavior' - - description: The behavior when a Spot Instance is interrupted. The default is terminate. - loadBalancersConfig: - allOf: - - $ref: '#/components/schemas/LoadBalancersConfig' - - description: '

One or more Classic Load Balancers and target groups to attach to the Spot Fleet request. Spot Fleet registers the running Spot Instances with the specified Classic Load Balancers and target groups.

With Network Load Balancers, Spot Fleet cannot register instances that have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1, G2, HI1, HS1, M1, M2, M3, and T1.

' - instancePoolsToUseCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The number of Spot pools across which to allocate your target Spot capacity. Valid only when Spot AllocationStrategy is set to lowest-price. Spot Fleet selects the cheapest Spot pools and evenly allocates your target Spot capacity across the number of Spot pools that you specify.

Note that Spot Fleet attempts to draw Spot Instances from the number of pools that you specify on a best effort basis. If a pool runs out of Spot capacity before fulfilling your target capacity, Spot Fleet will continue to fulfill your request by drawing from the next cheapest pool. To ensure that your target capacity is met, you might receive Spot Instances from more than the number of pools that you specified. Similarly, if most of the pools have no Spot capacity, you might receive your full target capacity from fewer than the number of pools that you specified.

' - context: - allOf: - - $ref: '#/components/schemas/String' - - description: Reserved. - targetCapacityUnitType: - allOf: - - $ref: '#/components/schemas/TargetCapacityUnitType' - - description: '

The unit for the target capacity.

Default: units (translates to number of instances)

' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: 'The key-value pair for tagging the Spot Fleet request on creation. The value for ResourceType must be spot-fleet-request, otherwise the Spot Fleet request fails. To tag instances at launch, specify the tags in the launch template (valid only if you use LaunchTemplateConfigs) or in the SpotFleetTagSpecification (valid only if you use LaunchSpecifications). For information about tagging after launch, see Tagging Your Resources.' - description: Describes the configuration of a Spot Fleet request. - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RequestSpotFleet - operationId: POST_RequestSpotFleet - description: '

Creates a Spot Fleet request.

The Spot Fleet request specifies the total target capacity and the On-Demand target capacity. Amazon EC2 calculates the difference between the total capacity and On-Demand capacity, and launches the difference as Spot capacity.

You can submit a single request that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet.

By default, the Spot Fleet requests Spot Instances in the Spot Instance pool where the price per unit is the lowest. Each launch specification can include its own instance weighting that reflects the value of the instance type to your application workload.

Alternatively, you can specify that the Spot Fleet distribute the target capacity across the Spot pools included in its launch specifications. By ensuring that the Spot Instances in your Spot Fleet are in different Spot pools, you can improve the availability of your fleet.

You can specify tags for the Spot Fleet request and instances launched by the fleet. You cannot tag other resource types in a Spot Fleet request because only the spot-fleet-request and instance resource types are supported.

For more information, see Spot Fleet requests in the Amazon EC2 User Guide for Linux Instances.

We strongly discourage using the RequestSpotFleet API because it is a legacy API with no planned investment. For options for requesting Spot Instances, see Which is the best Spot request method to use? in the Amazon EC2 User Guide for Linux Instances.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RequestSpotFleetResponse' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RequestSpotFleetRequest' - parameters: [] - /?Action=RequestSpotInstances&Version=2016-11-15: - get: - x-aws-operation-name: RequestSpotInstances - operationId: GET_RequestSpotInstances - description: '

Creates a Spot Instance request.

For more information, see Spot Instance requests in the Amazon EC2 User Guide for Linux Instances.

We strongly discourage using the RequestSpotInstances API because it is a legacy API with no planned investment. For options for requesting Spot Instances, see Which is the best Spot request method to use? in the Amazon EC2 User Guide for Linux Instances.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RequestSpotInstancesResult' - parameters: - - name: AvailabilityZoneGroup - in: query - required: false - description: '

The user-specified name for a logical grouping of requests.

When you specify an Availability Zone group in a Spot Instance request, all Spot Instances in the request are launched in the same Availability Zone. Instance proximity is maintained with this parameter, but the choice of Availability Zone is not. The group applies only to requests for Spot Instances of the same instance type. Any additional Spot Instance requests that are specified with the same Availability Zone group name are launched in that same Availability Zone, as long as at least one instance from the group is still active.

If there is no active instance running in the Availability Zone group that you specify for a new Spot Instance request (all instances are terminated, the request is expired, or the maximum price you specified falls below current Spot price), then Amazon EC2 launches the instance in any Availability Zone where the constraint can be met. Consequently, the subsequent set of Spot Instances could be placed in a different zone from the original request, even if you specified the same Availability Zone group.

Default: Instances are launched in any available Availability Zone.

' - schema: - type: string - - name: BlockDurationMinutes - in: query - required: false - description: Deprecated. - schema: - type: integer - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency in the Amazon EC2 User Guide for Linux Instances.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceCount - in: query - required: false - description: '

The maximum number of Spot Instances to launch.

Default: 1

' - schema: - type: integer - - name: LaunchGroup - in: query - required: false - description: '

The instance launch group. Launch groups are Spot Instances that launch together and terminate together.

Default: Instances are launched and terminated individually

' - schema: - type: string - - name: LaunchSpecification - in: query - required: false - description: The launch specification. - schema: - type: object - properties: - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/RequestSpotLaunchSpecificationSecurityGroupIdList' - - description: One or more security group IDs. - SecurityGroup: - allOf: - - $ref: '#/components/schemas/RequestSpotLaunchSpecificationSecurityGroupList' - - description: 'One or more security groups. When requesting instances in a VPC, you must specify the IDs of the security groups. When requesting instances in EC2-Classic, you can specify the names or the IDs of the security groups.' - addressingType: - allOf: - - $ref: '#/components/schemas/String' - - description: Deprecated. - blockDeviceMapping: - allOf: - - $ref: '#/components/schemas/BlockDeviceMappingList' - - description: 'One or more block device mapping entries. You can''t specify both a snapshot ID and an encryption value. This is because only blank volumes can be encrypted on creation. If a snapshot is the basis for a volume, it is not blank and its encryption status is used for the volume encryption status.' - ebsOptimized: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Indicates whether the instance is optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn''t available with all instance types. Additional usage charges apply when using an EBS Optimized instance.

Default: false

' - iamInstanceProfile: - allOf: - - $ref: '#/components/schemas/IamInstanceProfileSpecification' - - description: The IAM instance profile. - imageId: - allOf: - - $ref: '#/components/schemas/ImageId' - - description: The ID of the AMI. - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: The instance type. Only one instance type can be specified. - kernelId: - allOf: - - $ref: '#/components/schemas/KernelId' - - description: The ID of the kernel. - keyName: - allOf: - - $ref: '#/components/schemas/KeyPairName' - - description: The name of the key pair. - monitoring: - allOf: - - $ref: '#/components/schemas/RunInstancesMonitoringEnabled' - - description: '

Indicates whether basic or detailed monitoring is enabled for the instance.

Default: Disabled

' - NetworkInterface: - allOf: - - $ref: '#/components/schemas/InstanceNetworkInterfaceSpecificationList' - - description: 'One or more network interfaces. If you specify a network interface, you must specify subnet IDs and security group IDs using the network interface.' - placement: - allOf: - - $ref: '#/components/schemas/SpotPlacement' - - description: The placement information for the instance. - ramdiskId: - allOf: - - $ref: '#/components/schemas/RamdiskId' - - description: The ID of the RAM disk. - subnetId: - allOf: - - $ref: '#/components/schemas/SubnetId' - - description: The ID of the subnet in which to launch the instance. - userData: - allOf: - - $ref: '#/components/schemas/String' - - description: The Base64-encoded user data for the instance. User data is limited to 16 KB. - description: Describes the launch specification for an instance. - - name: SpotPrice - in: query - required: false - description: The maximum price per hour that you are willing to pay for a Spot Instance. The default is the On-Demand price. - schema: - type: string - - name: Type - in: query - required: false - description: '

The Spot Instance request type.

Default: one-time

' - schema: - type: string - enum: - - one-time - - persistent - - name: ValidFrom - in: query - required: false - description: '

The start date of the request. If this is a one-time request, the request becomes active at this date and time and remains active until all instances launch, the request expires, or the request is canceled. If the request is persistent, the request becomes active at this date and time and remains active until it expires or is canceled.

The specified start date and time cannot be equal to the current date and time. You must specify a start date and time that occurs after the current date and time.

' - schema: - type: string - format: date-time - - name: ValidUntil - in: query - required: false - description: '

The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ).

' - schema: - type: string - format: date-time - - name: TagSpecification - in: query - required: false - description: 'The key-value pair for tagging the Spot Instance request on creation. The value for ResourceType must be spot-instances-request, otherwise the Spot Instance request fails. To tag the Spot Instance request after it has been created, see CreateTags. ' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: InstanceInterruptionBehavior - in: query - required: false - description: The behavior when a Spot Instance is interrupted. The default is terminate. - schema: - type: string - enum: - - hibernate - - stop - - terminate - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RequestSpotInstances - operationId: POST_RequestSpotInstances - description: '

Creates a Spot Instance request.

For more information, see Spot Instance requests in the Amazon EC2 User Guide for Linux Instances.

We strongly discourage using the RequestSpotInstances API because it is a legacy API with no planned investment. For options for requesting Spot Instances, see Which is the best Spot request method to use? in the Amazon EC2 User Guide for Linux Instances.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RequestSpotInstancesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RequestSpotInstancesRequest' - parameters: [] - /?Action=ResetAddressAttribute&Version=2016-11-15: - get: - x-aws-operation-name: ResetAddressAttribute - operationId: GET_ResetAddressAttribute - description: 'Resets the attribute of the specified IP address. For requirements, see Using reverse DNS for email applications.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ResetAddressAttributeResult' - parameters: - - name: AllocationId - in: query - required: true - description: '[EC2-VPC] The allocation ID.' - schema: - type: string - - name: Attribute - in: query - required: true - description: The attribute of the IP address. - schema: - type: string - enum: - - domain-name - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ResetAddressAttribute - operationId: POST_ResetAddressAttribute - description: 'Resets the attribute of the specified IP address. For requirements, see Using reverse DNS for email applications.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ResetAddressAttributeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ResetAddressAttributeRequest' - parameters: [] - /?Action=ResetEbsDefaultKmsKeyId&Version=2016-11-15: - get: - x-aws-operation-name: ResetEbsDefaultKmsKeyId - operationId: GET_ResetEbsDefaultKmsKeyId - description: '

Resets the default KMS key for EBS encryption for your account in this Region to the Amazon Web Services managed KMS key for EBS.

After resetting the default KMS key to the Amazon Web Services managed KMS key, you can continue to encrypt by a customer managed KMS key by specifying it when you create the volume. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ResetEbsDefaultKmsKeyIdResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ResetEbsDefaultKmsKeyId - operationId: POST_ResetEbsDefaultKmsKeyId - description: '

Resets the default KMS key for EBS encryption for your account in this Region to the Amazon Web Services managed KMS key for EBS.

After resetting the default KMS key to the Amazon Web Services managed KMS key, you can continue to encrypt by a customer managed KMS key by specifying it when you create the volume. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ResetEbsDefaultKmsKeyIdResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ResetEbsDefaultKmsKeyIdRequest' - parameters: [] - /?Action=ResetFpgaImageAttribute&Version=2016-11-15: - get: - x-aws-operation-name: ResetFpgaImageAttribute - operationId: GET_ResetFpgaImageAttribute - description: Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its default value. You can only reset the load permission attribute. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ResetFpgaImageAttributeResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: FpgaImageId - in: query - required: true - description: The ID of the AFI. - schema: - type: string - - name: Attribute - in: query - required: false - description: The attribute. - schema: - type: string - enum: - - loadPermission - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ResetFpgaImageAttribute - operationId: POST_ResetFpgaImageAttribute - description: Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its default value. You can only reset the load permission attribute. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/ResetFpgaImageAttributeResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ResetFpgaImageAttributeRequest' - parameters: [] - /?Action=ResetImageAttribute&Version=2016-11-15: - get: - x-aws-operation-name: ResetImageAttribute - operationId: GET_ResetImageAttribute - description: Resets an attribute of an AMI to its default value. - responses: - '200': - description: Success - parameters: - - name: Attribute - in: query - required: true - description: The attribute to reset (currently you can only reset the launch permission attribute). - schema: - type: string - enum: - - launchPermission - - name: ImageId - in: query - required: true - description: The ID of the AMI. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ResetImageAttribute - operationId: POST_ResetImageAttribute - description: Resets an attribute of an AMI to its default value. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ResetImageAttributeRequest' - parameters: [] - /?Action=ResetInstanceAttribute&Version=2016-11-15: - get: - x-aws-operation-name: ResetInstanceAttribute - operationId: GET_ResetInstanceAttribute - description: '

Resets an attribute of an instance to its default value. To reset the kernel or ramdisk, the instance must be in a stopped state. To reset the sourceDestCheck, the instance can be either running or stopped.

The sourceDestCheck attribute controls whether source/destination checking is enabled. The default value is true, which means checking is enabled. This value must be false for a NAT instance to perform NAT. For more information, see NAT Instances in the Amazon VPC User Guide.

' - responses: - '200': - description: Success - parameters: - - name: Attribute - in: query - required: true - description: '

The attribute to reset.

You can only reset the following attributes: kernel | ramdisk | sourceDestCheck.

' - schema: - type: string - enum: - - instanceType - - kernel - - ramdisk - - userData - - disableApiTermination - - instanceInitiatedShutdownBehavior - - rootDeviceName - - blockDeviceMapping - - productCodes - - sourceDestCheck - - groupSet - - ebsOptimized - - sriovNetSupport - - enaSupport - - enclaveOptions - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceId - in: query - required: true - description: The ID of the instance. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ResetInstanceAttribute - operationId: POST_ResetInstanceAttribute - description: '

Resets an attribute of an instance to its default value. To reset the kernel or ramdisk, the instance must be in a stopped state. To reset the sourceDestCheck, the instance can be either running or stopped.

The sourceDestCheck attribute controls whether source/destination checking is enabled. The default value is true, which means checking is enabled. This value must be false for a NAT instance to perform NAT. For more information, see NAT Instances in the Amazon VPC User Guide.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ResetInstanceAttributeRequest' - parameters: [] - /?Action=ResetNetworkInterfaceAttribute&Version=2016-11-15: - get: - x-aws-operation-name: ResetNetworkInterfaceAttribute - operationId: GET_ResetNetworkInterfaceAttribute - description: Resets a network interface attribute. You can specify only one attribute at a time. - responses: - '200': - description: Success - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: NetworkInterfaceId - in: query - required: true - description: The ID of the network interface. - schema: - type: string - - name: SourceDestCheck - in: query - required: false - description: The source/destination checking attribute. Resets the value to true. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ResetNetworkInterfaceAttribute - operationId: POST_ResetNetworkInterfaceAttribute - description: Resets a network interface attribute. You can specify only one attribute at a time. - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ResetNetworkInterfaceAttributeRequest' - parameters: [] - /?Action=ResetSnapshotAttribute&Version=2016-11-15: - get: - x-aws-operation-name: ResetSnapshotAttribute - operationId: GET_ResetSnapshotAttribute - description: '

Resets permission settings for the specified snapshot.

For more information about modifying snapshot permissions, see Share a snapshot in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - parameters: - - name: Attribute - in: query - required: true - description: 'The attribute to reset. Currently, only the attribute for permission to create volumes can be reset.' - schema: - type: string - enum: - - productCodes - - createVolumePermission - - name: SnapshotId - in: query - required: true - description: The ID of the snapshot. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: ResetSnapshotAttribute - operationId: POST_ResetSnapshotAttribute - description: '

Resets permission settings for the specified snapshot.

For more information about modifying snapshot permissions, see Share a snapshot in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ResetSnapshotAttributeRequest' - parameters: [] - /?Action=RestoreAddressToClassic&Version=2016-11-15: - get: - x-aws-operation-name: RestoreAddressToClassic - operationId: GET_RestoreAddressToClassic - description: Restores an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform. You cannot move an Elastic IP address that was originally allocated for use in EC2-VPC. The Elastic IP address must not be associated with an instance or network interface. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreAddressToClassicResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: PublicIp - in: query - required: true - description: The Elastic IP address. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RestoreAddressToClassic - operationId: POST_RestoreAddressToClassic - description: Restores an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform. You cannot move an Elastic IP address that was originally allocated for use in EC2-VPC. The Elastic IP address must not be associated with an instance or network interface. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreAddressToClassicResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreAddressToClassicRequest' - parameters: [] - /?Action=RestoreImageFromRecycleBin&Version=2016-11-15: - get: - x-aws-operation-name: RestoreImageFromRecycleBin - operationId: GET_RestoreImageFromRecycleBin - description: 'Restores an AMI from the Recycle Bin. For more information, see Recycle Bin in the Amazon Elastic Compute Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreImageFromRecycleBinResult' - parameters: - - name: ImageId - in: query - required: true - description: The ID of the AMI to restore. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RestoreImageFromRecycleBin - operationId: POST_RestoreImageFromRecycleBin - description: 'Restores an AMI from the Recycle Bin. For more information, see Recycle Bin in the Amazon Elastic Compute Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreImageFromRecycleBinResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreImageFromRecycleBinRequest' - parameters: [] - /?Action=RestoreManagedPrefixListVersion&Version=2016-11-15: - get: - x-aws-operation-name: RestoreManagedPrefixListVersion - operationId: GET_RestoreManagedPrefixListVersion - description: Restores the entries from a previous version of a managed prefix list to a new version of the prefix list. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreManagedPrefixListVersionResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: PrefixListId - in: query - required: true - description: The ID of the prefix list. - schema: - type: string - - name: PreviousVersion - in: query - required: true - description: The version to restore. - schema: - type: integer - - name: CurrentVersion - in: query - required: true - description: The current version number for the prefix list. - schema: - type: integer - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RestoreManagedPrefixListVersion - operationId: POST_RestoreManagedPrefixListVersion - description: Restores the entries from a previous version of a managed prefix list to a new version of the prefix list. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreManagedPrefixListVersionResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreManagedPrefixListVersionRequest' - parameters: [] - /?Action=RestoreSnapshotFromRecycleBin&Version=2016-11-15: - get: - x-aws-operation-name: RestoreSnapshotFromRecycleBin - operationId: GET_RestoreSnapshotFromRecycleBin - description: 'Restores a snapshot from the Recycle Bin. For more information, see Restore snapshots from the Recycle Bin in the Amazon Elastic Compute Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreSnapshotFromRecycleBinResult' - parameters: - - name: SnapshotId - in: query - required: true - description: The ID of the snapshot to restore. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RestoreSnapshotFromRecycleBin - operationId: POST_RestoreSnapshotFromRecycleBin - description: 'Restores a snapshot from the Recycle Bin. For more information, see Restore snapshots from the Recycle Bin in the Amazon Elastic Compute Cloud User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreSnapshotFromRecycleBinResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreSnapshotFromRecycleBinRequest' - parameters: [] - /?Action=RestoreSnapshotTier&Version=2016-11-15: - get: - x-aws-operation-name: RestoreSnapshotTier - operationId: GET_RestoreSnapshotTier - description: '

Restores an archived Amazon EBS snapshot for use temporarily or permanently, or modifies the restore period or restore type for a snapshot that was previously temporarily restored.

For more information see Restore an archived snapshot and modify the restore period or restore type for a temporarily restored snapshot in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreSnapshotTierResult' - parameters: - - name: SnapshotId - in: query - required: true - description: The ID of the snapshot to restore. - schema: - type: string - - name: TemporaryRestoreDays - in: query - required: false - description: '

Specifies the number of days for which to temporarily restore an archived snapshot. Required for temporary restores only. The snapshot will be automatically re-archived after this period.

To temporarily restore an archived snapshot, specify the number of days and omit the PermanentRestore parameter or set it to false.

' - schema: - type: integer - - name: PermanentRestore - in: query - required: false - description: 'Indicates whether to permanently restore an archived snapshot. To permanently restore an archived snapshot, specify true and omit the RestoreSnapshotTierRequest$TemporaryRestoreDays parameter.' - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RestoreSnapshotTier - operationId: POST_RestoreSnapshotTier - description: '

Restores an archived Amazon EBS snapshot for use temporarily or permanently, or modifies the restore period or restore type for a snapshot that was previously temporarily restored.

For more information see Restore an archived snapshot and modify the restore period or restore type for a temporarily restored snapshot in the Amazon Elastic Compute Cloud User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreSnapshotTierResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreSnapshotTierRequest' - parameters: [] - /?Action=RevokeClientVpnIngress&Version=2016-11-15: - get: - x-aws-operation-name: RevokeClientVpnIngress - operationId: GET_RevokeClientVpnIngress - description: 'Removes an ingress authorization rule from a Client VPN endpoint. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RevokeClientVpnIngressResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint with which the authorization rule is associated. - schema: - type: string - - name: TargetNetworkCidr - in: query - required: true - description: 'The IPv4 address range, in CIDR notation, of the network for which access is being removed.' - schema: - type: string - - name: AccessGroupId - in: query - required: false - description: 'The ID of the Active Directory group for which to revoke access. ' - schema: - type: string - - name: RevokeAllGroups - in: query - required: false - description: Indicates whether access should be revoked for all clients. - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RevokeClientVpnIngress - operationId: POST_RevokeClientVpnIngress - description: 'Removes an ingress authorization rule from a Client VPN endpoint. ' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RevokeClientVpnIngressResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RevokeClientVpnIngressRequest' - parameters: [] - /?Action=RevokeSecurityGroupEgress&Version=2016-11-15: - get: - x-aws-operation-name: RevokeSecurityGroupEgress - operationId: GET_RevokeSecurityGroupEgress - description: '

[VPC only] Removes the specified outbound (egress) rules from a security group for EC2-VPC. This action does not apply to security groups for use in EC2-Classic.

You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule''s values exactly. Each rule has a protocol, from and to ports, and destination (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.

[Default VPC] If the values you specify do not match the existing rule''s values, no error is returned, and the output describes the security group rules that were not revoked.

Amazon Web Services recommends that you describe the security group to verify that the rules were removed.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RevokeSecurityGroupEgressResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: GroupId - in: query - required: true - description: The ID of the security group. - schema: - type: string - - name: IpPermissions - in: query - required: false - description: The sets of IP permissions. You can't specify a destination security group and a CIDR IP address range in the same set of permissions. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpPermission' - - xml: - name: item - - name: SecurityGroupRuleId - in: query - required: false - description: The IDs of the security group rules. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: CidrIp - in: query - required: false - description: Not supported. Use a set of IP permissions to specify the CIDR. - schema: - type: string - - name: FromPort - in: query - required: false - description: Not supported. Use a set of IP permissions to specify the port. - schema: - type: integer - - name: IpProtocol - in: query - required: false - description: Not supported. Use a set of IP permissions to specify the protocol name or number. - schema: - type: string - - name: ToPort - in: query - required: false - description: Not supported. Use a set of IP permissions to specify the port. - schema: - type: integer - - name: SourceSecurityGroupName - in: query - required: false - description: Not supported. Use a set of IP permissions to specify a destination security group. - schema: - type: string - - name: SourceSecurityGroupOwnerId - in: query - required: false - description: Not supported. Use a set of IP permissions to specify a destination security group. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RevokeSecurityGroupEgress - operationId: POST_RevokeSecurityGroupEgress - description: '

[VPC only] Removes the specified outbound (egress) rules from a security group for EC2-VPC. This action does not apply to security groups for use in EC2-Classic.

You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule''s values exactly. Each rule has a protocol, from and to ports, and destination (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.

[Default VPC] If the values you specify do not match the existing rule''s values, no error is returned, and the output describes the security group rules that were not revoked.

Amazon Web Services recommends that you describe the security group to verify that the rules were removed.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RevokeSecurityGroupEgressResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RevokeSecurityGroupEgressRequest' - parameters: [] - /?Action=RevokeSecurityGroupIngress&Version=2016-11-15: - get: - x-aws-operation-name: RevokeSecurityGroupIngress - operationId: GET_RevokeSecurityGroupIngress - description: '

Removes the specified inbound (ingress) rules from a security group.

You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule''s values exactly. Each rule has a protocol, from and to ports, and source (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.

[EC2-Classic, default VPC] If the values you specify do not match the existing rule''s values, no error is returned, and the output describes the security group rules that were not revoked.

Amazon Web Services recommends that you describe the security group to verify that the rules were removed.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RevokeSecurityGroupIngressResult' - parameters: - - name: CidrIp - in: query - required: false - description: The CIDR IP address range. You can't specify this parameter when specifying a source security group. - schema: - type: string - - name: FromPort - in: query - required: false - description: 'The start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, use -1 to specify all ICMP types.' - schema: - type: integer - - name: GroupId - in: query - required: false - description: 'The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.' - schema: - type: string - - name: GroupName - in: query - required: false - description: '[EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request.' - schema: - type: string - - name: IpPermissions - in: query - required: false - description: The sets of IP permissions. You can't specify a source security group and a CIDR IP address range in the same set of permissions. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpPermission' - - xml: - name: item - - name: IpProtocol - in: query - required: false - description: 'The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). Use -1 to specify all.' - schema: - type: string - - name: SourceSecurityGroupName - in: query - required: false - description: '[EC2-Classic, default VPC] The name of the source security group. You can''t specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. For EC2-VPC, the source security group must be in the same VPC. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.' - schema: - type: string - - name: SourceSecurityGroupOwnerId - in: query - required: false - description: '[EC2-Classic] The Amazon Web Services account ID of the source security group, if the source security group is in a different account. You can''t specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.' - schema: - type: string - - name: ToPort - in: query - required: false - description: 'The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all ICMP codes for the ICMP type.' - schema: - type: integer - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: SecurityGroupRuleId - in: query - required: false - description: The IDs of the security group rules. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RevokeSecurityGroupIngress - operationId: POST_RevokeSecurityGroupIngress - description: '

Removes the specified inbound (ingress) rules from a security group.

You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule''s values exactly. Each rule has a protocol, from and to ports, and source (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.

[EC2-Classic, default VPC] If the values you specify do not match the existing rule''s values, no error is returned, and the output describes the security group rules that were not revoked.

Amazon Web Services recommends that you describe the security group to verify that the rules were removed.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RevokeSecurityGroupIngressResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RevokeSecurityGroupIngressRequest' - parameters: [] - /?Action=RunInstances&Version=2016-11-15: - get: - x-aws-operation-name: RunInstances - operationId: GET_RunInstances - description: '

Launches the specified number of instances using an AMI for which you have permissions.

You can specify a number of options, or leave the default options. The following rules apply:

You can create a launch template, which is a resource that contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify the launch template instead of specifying the launch parameters.

To ensure faster instance launches, break up large requests into smaller batches. For example, create five separate launch requests for 100 instances each instead of one launch request for 500 instances.

An instance is ready for you to use when it''s in the running state. You can check the state of your instance using DescribeInstances. You can tag instances and EBS volumes during launch, after launch, or both. For more information, see CreateTags and Tagging your Amazon EC2 resources.

Linux instances have access to the public key of the key pair at boot. You can use this key to provide secure access to the instance. Amazon EC2 public images use this feature to provide secure access without passwords. For more information, see Key pairs.

For troubleshooting, see What to do if an instance immediately terminates, and Troubleshooting connecting to your instance.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/Reservation' - parameters: - - name: BlockDeviceMapping - in: query - required: false - description: 'The block device mapping, which defines the EBS volumes and instance store volumes to attach to the instance at launch. For more information, see Block device mappings in the Amazon EC2 User Guide.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/BlockDeviceMapping' - - xml: - name: BlockDeviceMapping - - name: ImageId - in: query - required: false - description: The ID of the AMI. An AMI ID is required to launch an instance and must be specified here or in a launch template. - schema: - type: string - - name: InstanceType - in: query - required: false - description: '

The instance type. For more information, see Instance types in the Amazon EC2 User Guide.

Default: m1.small

' - schema: - type: string - enum: - - a1.medium - - a1.large - - a1.xlarge - - a1.2xlarge - - a1.4xlarge - - a1.metal - - c1.medium - - c1.xlarge - - c3.large - - c3.xlarge - - c3.2xlarge - - c3.4xlarge - - c3.8xlarge - - c4.large - - c4.xlarge - - c4.2xlarge - - c4.4xlarge - - c4.8xlarge - - c5.large - - c5.xlarge - - c5.2xlarge - - c5.4xlarge - - c5.9xlarge - - c5.12xlarge - - c5.18xlarge - - c5.24xlarge - - c5.metal - - c5a.large - - c5a.xlarge - - c5a.2xlarge - - c5a.4xlarge - - c5a.8xlarge - - c5a.12xlarge - - c5a.16xlarge - - c5a.24xlarge - - c5ad.large - - c5ad.xlarge - - c5ad.2xlarge - - c5ad.4xlarge - - c5ad.8xlarge - - c5ad.12xlarge - - c5ad.16xlarge - - c5ad.24xlarge - - c5d.large - - c5d.xlarge - - c5d.2xlarge - - c5d.4xlarge - - c5d.9xlarge - - c5d.12xlarge - - c5d.18xlarge - - c5d.24xlarge - - c5d.metal - - c5n.large - - c5n.xlarge - - c5n.2xlarge - - c5n.4xlarge - - c5n.9xlarge - - c5n.18xlarge - - c5n.metal - - c6g.medium - - c6g.large - - c6g.xlarge - - c6g.2xlarge - - c6g.4xlarge - - c6g.8xlarge - - c6g.12xlarge - - c6g.16xlarge - - c6g.metal - - c6gd.medium - - c6gd.large - - c6gd.xlarge - - c6gd.2xlarge - - c6gd.4xlarge - - c6gd.8xlarge - - c6gd.12xlarge - - c6gd.16xlarge - - c6gd.metal - - c6gn.medium - - c6gn.large - - c6gn.xlarge - - c6gn.2xlarge - - c6gn.4xlarge - - c6gn.8xlarge - - c6gn.12xlarge - - c6gn.16xlarge - - c6i.large - - c6i.xlarge - - c6i.2xlarge - - c6i.4xlarge - - c6i.8xlarge - - c6i.12xlarge - - c6i.16xlarge - - c6i.24xlarge - - c6i.32xlarge - - c6i.metal - - cc1.4xlarge - - cc2.8xlarge - - cg1.4xlarge - - cr1.8xlarge - - d2.xlarge - - d2.2xlarge - - d2.4xlarge - - d2.8xlarge - - d3.xlarge - - d3.2xlarge - - d3.4xlarge - - d3.8xlarge - - d3en.xlarge - - d3en.2xlarge - - d3en.4xlarge - - d3en.6xlarge - - d3en.8xlarge - - d3en.12xlarge - - dl1.24xlarge - - f1.2xlarge - - f1.4xlarge - - f1.16xlarge - - g2.2xlarge - - g2.8xlarge - - g3.4xlarge - - g3.8xlarge - - g3.16xlarge - - g3s.xlarge - - g4ad.xlarge - - g4ad.2xlarge - - g4ad.4xlarge - - g4ad.8xlarge - - g4ad.16xlarge - - g4dn.xlarge - - g4dn.2xlarge - - g4dn.4xlarge - - g4dn.8xlarge - - g4dn.12xlarge - - g4dn.16xlarge - - g4dn.metal - - g5.xlarge - - g5.2xlarge - - g5.4xlarge - - g5.8xlarge - - g5.12xlarge - - g5.16xlarge - - g5.24xlarge - - g5.48xlarge - - g5g.xlarge - - g5g.2xlarge - - g5g.4xlarge - - g5g.8xlarge - - g5g.16xlarge - - g5g.metal - - hi1.4xlarge - - hpc6a.48xlarge - - hs1.8xlarge - - h1.2xlarge - - h1.4xlarge - - h1.8xlarge - - h1.16xlarge - - i2.xlarge - - i2.2xlarge - - i2.4xlarge - - i2.8xlarge - - i3.large - - i3.xlarge - - i3.2xlarge - - i3.4xlarge - - i3.8xlarge - - i3.16xlarge - - i3.metal - - i3en.large - - i3en.xlarge - - i3en.2xlarge - - i3en.3xlarge - - i3en.6xlarge - - i3en.12xlarge - - i3en.24xlarge - - i3en.metal - - im4gn.large - - im4gn.xlarge - - im4gn.2xlarge - - im4gn.4xlarge - - im4gn.8xlarge - - im4gn.16xlarge - - inf1.xlarge - - inf1.2xlarge - - inf1.6xlarge - - inf1.24xlarge - - is4gen.medium - - is4gen.large - - is4gen.xlarge - - is4gen.2xlarge - - is4gen.4xlarge - - is4gen.8xlarge - - m1.small - - m1.medium - - m1.large - - m1.xlarge - - m2.xlarge - - m2.2xlarge - - m2.4xlarge - - m3.medium - - m3.large - - m3.xlarge - - m3.2xlarge - - m4.large - - m4.xlarge - - m4.2xlarge - - m4.4xlarge - - m4.10xlarge - - m4.16xlarge - - m5.large - - m5.xlarge - - m5.2xlarge - - m5.4xlarge - - m5.8xlarge - - m5.12xlarge - - m5.16xlarge - - m5.24xlarge - - m5.metal - - m5a.large - - m5a.xlarge - - m5a.2xlarge - - m5a.4xlarge - - m5a.8xlarge - - m5a.12xlarge - - m5a.16xlarge - - m5a.24xlarge - - m5ad.large - - m5ad.xlarge - - m5ad.2xlarge - - m5ad.4xlarge - - m5ad.8xlarge - - m5ad.12xlarge - - m5ad.16xlarge - - m5ad.24xlarge - - m5d.large - - m5d.xlarge - - m5d.2xlarge - - m5d.4xlarge - - m5d.8xlarge - - m5d.12xlarge - - m5d.16xlarge - - m5d.24xlarge - - m5d.metal - - m5dn.large - - m5dn.xlarge - - m5dn.2xlarge - - m5dn.4xlarge - - m5dn.8xlarge - - m5dn.12xlarge - - m5dn.16xlarge - - m5dn.24xlarge - - m5dn.metal - - m5n.large - - m5n.xlarge - - m5n.2xlarge - - m5n.4xlarge - - m5n.8xlarge - - m5n.12xlarge - - m5n.16xlarge - - m5n.24xlarge - - m5n.metal - - m5zn.large - - m5zn.xlarge - - m5zn.2xlarge - - m5zn.3xlarge - - m5zn.6xlarge - - m5zn.12xlarge - - m5zn.metal - - m6a.large - - m6a.xlarge - - m6a.2xlarge - - m6a.4xlarge - - m6a.8xlarge - - m6a.12xlarge - - m6a.16xlarge - - m6a.24xlarge - - m6a.32xlarge - - m6a.48xlarge - - m6g.metal - - m6g.medium - - m6g.large - - m6g.xlarge - - m6g.2xlarge - - m6g.4xlarge - - m6g.8xlarge - - m6g.12xlarge - - m6g.16xlarge - - m6gd.metal - - m6gd.medium - - m6gd.large - - m6gd.xlarge - - m6gd.2xlarge - - m6gd.4xlarge - - m6gd.8xlarge - - m6gd.12xlarge - - m6gd.16xlarge - - m6i.large - - m6i.xlarge - - m6i.2xlarge - - m6i.4xlarge - - m6i.8xlarge - - m6i.12xlarge - - m6i.16xlarge - - m6i.24xlarge - - m6i.32xlarge - - m6i.metal - - mac1.metal - - p2.xlarge - - p2.8xlarge - - p2.16xlarge - - p3.2xlarge - - p3.8xlarge - - p3.16xlarge - - p3dn.24xlarge - - p4d.24xlarge - - r3.large - - r3.xlarge - - r3.2xlarge - - r3.4xlarge - - r3.8xlarge - - r4.large - - r4.xlarge - - r4.2xlarge - - r4.4xlarge - - r4.8xlarge - - r4.16xlarge - - r5.large - - r5.xlarge - - r5.2xlarge - - r5.4xlarge - - r5.8xlarge - - r5.12xlarge - - r5.16xlarge - - r5.24xlarge - - r5.metal - - r5a.large - - r5a.xlarge - - r5a.2xlarge - - r5a.4xlarge - - r5a.8xlarge - - r5a.12xlarge - - r5a.16xlarge - - r5a.24xlarge - - r5ad.large - - r5ad.xlarge - - r5ad.2xlarge - - r5ad.4xlarge - - r5ad.8xlarge - - r5ad.12xlarge - - r5ad.16xlarge - - r5ad.24xlarge - - r5b.large - - r5b.xlarge - - r5b.2xlarge - - r5b.4xlarge - - r5b.8xlarge - - r5b.12xlarge - - r5b.16xlarge - - r5b.24xlarge - - r5b.metal - - r5d.large - - r5d.xlarge - - r5d.2xlarge - - r5d.4xlarge - - r5d.8xlarge - - r5d.12xlarge - - r5d.16xlarge - - r5d.24xlarge - - r5d.metal - - r5dn.large - - r5dn.xlarge - - r5dn.2xlarge - - r5dn.4xlarge - - r5dn.8xlarge - - r5dn.12xlarge - - r5dn.16xlarge - - r5dn.24xlarge - - r5dn.metal - - r5n.large - - r5n.xlarge - - r5n.2xlarge - - r5n.4xlarge - - r5n.8xlarge - - r5n.12xlarge - - r5n.16xlarge - - r5n.24xlarge - - r5n.metal - - r6g.medium - - r6g.large - - r6g.xlarge - - r6g.2xlarge - - r6g.4xlarge - - r6g.8xlarge - - r6g.12xlarge - - r6g.16xlarge - - r6g.metal - - r6gd.medium - - r6gd.large - - r6gd.xlarge - - r6gd.2xlarge - - r6gd.4xlarge - - r6gd.8xlarge - - r6gd.12xlarge - - r6gd.16xlarge - - r6gd.metal - - r6i.large - - r6i.xlarge - - r6i.2xlarge - - r6i.4xlarge - - r6i.8xlarge - - r6i.12xlarge - - r6i.16xlarge - - r6i.24xlarge - - r6i.32xlarge - - r6i.metal - - t1.micro - - t2.nano - - t2.micro - - t2.small - - t2.medium - - t2.large - - t2.xlarge - - t2.2xlarge - - t3.nano - - t3.micro - - t3.small - - t3.medium - - t3.large - - t3.xlarge - - t3.2xlarge - - t3a.nano - - t3a.micro - - t3a.small - - t3a.medium - - t3a.large - - t3a.xlarge - - t3a.2xlarge - - t4g.nano - - t4g.micro - - t4g.small - - t4g.medium - - t4g.large - - t4g.xlarge - - t4g.2xlarge - - u-6tb1.56xlarge - - u-6tb1.112xlarge - - u-9tb1.112xlarge - - u-12tb1.112xlarge - - u-6tb1.metal - - u-9tb1.metal - - u-12tb1.metal - - u-18tb1.metal - - u-24tb1.metal - - vt1.3xlarge - - vt1.6xlarge - - vt1.24xlarge - - x1.16xlarge - - x1.32xlarge - - x1e.xlarge - - x1e.2xlarge - - x1e.4xlarge - - x1e.8xlarge - - x1e.16xlarge - - x1e.32xlarge - - x2iezn.2xlarge - - x2iezn.4xlarge - - x2iezn.6xlarge - - x2iezn.8xlarge - - x2iezn.12xlarge - - x2iezn.metal - - x2gd.medium - - x2gd.large - - x2gd.xlarge - - x2gd.2xlarge - - x2gd.4xlarge - - x2gd.8xlarge - - x2gd.12xlarge - - x2gd.16xlarge - - x2gd.metal - - z1d.large - - z1d.xlarge - - z1d.2xlarge - - z1d.3xlarge - - z1d.6xlarge - - z1d.12xlarge - - z1d.metal - - x2idn.16xlarge - - x2idn.24xlarge - - x2idn.32xlarge - - x2iedn.xlarge - - x2iedn.2xlarge - - x2iedn.4xlarge - - x2iedn.8xlarge - - x2iedn.16xlarge - - x2iedn.24xlarge - - x2iedn.32xlarge - - c6a.large - - c6a.xlarge - - c6a.2xlarge - - c6a.4xlarge - - c6a.8xlarge - - c6a.12xlarge - - c6a.16xlarge - - c6a.24xlarge - - c6a.32xlarge - - c6a.48xlarge - - c6a.metal - - m6a.metal - - i4i.large - - i4i.xlarge - - i4i.2xlarge - - i4i.4xlarge - - i4i.8xlarge - - i4i.16xlarge - - i4i.32xlarge - - name: Ipv6AddressCount - in: query - required: false - description: '

[EC2-VPC] The number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. You cannot specify this option and the option to assign specific IPv6 addresses in the same request. You can specify this option if you''ve specified a minimum number of instances to launch.

You cannot specify this option and the network interfaces option in the same request.

' - schema: - type: integer - - name: Ipv6Address - in: query - required: false - description: '

[EC2-VPC] The IPv6 addresses from the range of the subnet to associate with the primary network interface. You cannot specify this option and the option to assign a number of IPv6 addresses in the same request. You cannot specify this option if you''ve specified a minimum number of instances to launch.

You cannot specify this option and the network interfaces option in the same request.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceIpv6Address' - - xml: - name: item - - name: KernelId - in: query - required: false - description: '

The ID of the kernel.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB in the Amazon EC2 User Guide.

' - schema: - type: string - - name: KeyName - in: query - required: false - description: '

The name of the key pair. You can create a key pair using CreateKeyPair or ImportKeyPair.

If you do not specify a key pair, you can''t connect to the instance unless you choose an AMI that is configured to allow users another way to log in.

' - schema: - type: string - - name: MaxCount - in: query - required: true - description: '

The maximum number of instances to launch. If you specify more instances than Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches the largest possible number of instances above MinCount.

Constraints: Between 1 and the maximum number you''re allowed for the specified instance type. For more information about the default limits, and how to request an increase, see How many instances can I run in Amazon EC2 in the Amazon EC2 FAQ.

' - schema: - type: integer - - name: MinCount - in: query - required: true - description: '

The minimum number of instances to launch. If you specify a minimum that is more instances than Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches no instances.

Constraints: Between 1 and the maximum number you''re allowed for the specified instance type. For more information about the default limits, and how to request an increase, see How many instances can I run in Amazon EC2 in the Amazon EC2 General FAQ.

' - schema: - type: integer - - name: Monitoring - in: query - required: false - description: Specifies whether detailed monitoring is enabled for the instance. - schema: - type: object - required: - - Enabled - properties: - enabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Indicates whether detailed monitoring is enabled. Otherwise, basic monitoring is enabled.' - description: Describes the monitoring of an instance. - - name: Placement - in: query - required: false - description: The placement for the instance. - schema: - type: object - properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The Availability Zone of the instance.

If not specified, an Availability Zone will be automatically chosen for you based on the load balancing criteria for the Region.

This parameter is not supported by CreateFleet.

' - affinity: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The affinity setting for the instance on the Dedicated Host. This parameter is not supported for the ImportInstance command.

This parameter is not supported by CreateFleet.

' - groupName: - allOf: - - $ref: '#/components/schemas/PlacementGroupName' - - description: The name of the placement group the instance is in. - partitionNumber: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The number of the partition that the instance is in. Valid only if the placement group strategy is set to partition.

This parameter is not supported by CreateFleet.

' - hostId: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The ID of the Dedicated Host on which the instance resides. This parameter is not supported for the ImportInstance command.

This parameter is not supported by CreateFleet.

' - tenancy: - allOf: - - $ref: '#/components/schemas/Tenancy' - - description: '

The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the ImportInstance command.

This parameter is not supported by CreateFleet.

T3 instances that use the unlimited CPU credit option do not support host tenancy.

' - spreadDomain: - allOf: - - $ref: '#/components/schemas/String' - - description: '

Reserved for future use.

This parameter is not supported by CreateFleet.

' - hostResourceGroupArn: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The ARN of the host resource group in which to launch the instances. If you specify a host resource group ARN, omit the Tenancy parameter or set it to host.

This parameter is not supported by CreateFleet.

' - description: Describes the placement of an instance. - - name: RamdiskId - in: query - required: false - description: '

The ID of the RAM disk to select. Some kernels require additional drivers at launch. Check the kernel requirements for information about whether you need to specify a RAM disk. To find kernel requirements, go to the Amazon Web Services Resource Center and search for the kernel ID.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB in the Amazon EC2 User Guide.

' - schema: - type: string - - name: SecurityGroupId - in: query - required: false - description: '

The IDs of the security groups. You can create a security group using CreateSecurityGroup.

If you specify a network interface, you must specify any security groups as part of the network interface.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: SecurityGroupId - - name: SecurityGroup - in: query - required: false - description: '

[EC2-Classic, default VPC] The names of the security groups. For a nondefault VPC, you must use security group IDs instead.

If you specify a network interface, you must specify any security groups as part of the network interface.

Default: Amazon EC2 uses the default security group.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupName' - - xml: - name: SecurityGroup - - name: SubnetId - in: query - required: false - description: '

[EC2-VPC] The ID of the subnet to launch the instance into.

If you specify a network interface, you must specify any subnets as part of the network interface.

' - schema: - type: string - - name: UserData - in: query - required: false - description: 'The user data script to make available to the instance. For more information, see Run commands on your Linux instance at launch and Run commands on your Windows instance at launch. If you are using a command line tool, base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide base64-encoded text. User data is limited to 16 KB.' - schema: - type: string - format: password - - name: AdditionalInfo - in: query - required: false - description: Reserved. - schema: - type: string - - name: ClientToken - in: query - required: false - description: '

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.

For more information, see Ensuring Idempotency.

Constraints: Maximum 64 ASCII characters

' - schema: - type: string - - name: DisableApiTermination - in: query - required: false - description: '

If you set this parameter to true, you can''t terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use ModifyInstanceAttribute. Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, you can terminate the instance by running the shutdown command from the instance.

Default: false

' - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: EbsOptimized - in: query - required: false - description: '

Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn''t available with all instance types. Additional usage charges apply when using an EBS-optimized instance.

Default: false

' - schema: - type: boolean - - name: IamInstanceProfile - in: query - required: false - description: The name or Amazon Resource Name (ARN) of an IAM instance profile. - schema: - type: object - properties: - arn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the instance profile. - name: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the instance profile. - description: Describes an IAM instance profile. - - name: InstanceInitiatedShutdownBehavior - in: query - required: false - description: '

Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown).

Default: stop

' - schema: - type: string - enum: - - stop - - terminate - - name: NetworkInterface - in: query - required: false - description: 'The network interfaces to associate with the instance. If you specify a network interface, you must specify any security groups and subnets as part of the network interface.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceNetworkInterfaceSpecification' - - xml: - name: item - - name: PrivateIpAddress - in: query - required: false - description: '

[EC2-VPC] The primary IPv4 address. You must specify a value from the IPv4 address range of the subnet.

Only one private IP address can be designated as primary. You can''t specify this option if you''ve specified the option to designate a private IP address as the primary IP address in a network interface specification. You cannot specify this option if you''re launching more than one instance in the request.

You cannot specify this option and the network interfaces option in the same request.

' - schema: - type: string - - name: ElasticGpuSpecification - in: query - required: false - description: 'An elastic GPU to associate with the instance. An Elastic GPU is a GPU resource that you can attach to your Windows instance to accelerate the graphics performance of your applications. For more information, see Amazon EC2 Elastic GPUs in the Amazon EC2 User Guide.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ElasticGpuSpecification' - - xml: - name: item - - name: ElasticInferenceAccelerator - in: query - required: false - description:

An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads.

You cannot specify accelerators from different generations in the same request.

- schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ElasticInferenceAccelerator' - - xml: - name: item - - name: TagSpecification - in: query - required: false - description: 'The tags to apply to the resources during launch. You can only tag instances and volumes on launch. The specified tags are applied to all instances or volumes that are created during launch. To tag a resource after it has been created, see CreateTags.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: LaunchTemplate - in: query - required: false - description: 'The launch template to use to launch the instances. Any parameters that you specify in RunInstances override the same parameters in the launch template. You can specify either the name or ID of a launch template, but not both.' - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The version number of the launch template.

Default: The default version for the launch template.

' - description: 'The launch template to use. You must specify either the launch template ID or launch template name in the request, but not both.' - - name: InstanceMarketOptions - in: query - required: false - description: '

The market (purchasing) option for the instances.

For RunInstances, persistent Spot Instance requests are only supported when InstanceInterruptionBehavior is set to either hibernate or stop.

' - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/SpotMarketOptions' - - description: The options for Spot Instances. - description: Describes the market (purchasing) option for the instances. - - name: CreditSpecification - in: query - required: false - description: '

The credit option for CPU usage of the burstable performance instance. Valid values are standard and unlimited. To change this attribute after launch, use ModifyInstanceCreditSpecification. For more information, see Burstable performance instances in the Amazon EC2 User Guide.

Default: standard (T2 instances) or unlimited (T3/T3a instances)

For T3 instances with host tenancy, only standard is supported.

' - schema: - type: object - required: - - CpuCredits - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The credit option for CPU usage of a T2, T3, or T3a instance. Valid values are standard and unlimited.' - description: 'The credit option for CPU usage of a T2, T3, or T3a instance.' - - name: CpuOptions - in: query - required: false - description: 'The CPU options for the instance. For more information, see Optimize CPU options in the Amazon EC2 User Guide.' - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The number of threads per CPU core. To disable multithreading for the instance, specify a value of 1. Otherwise, specify the default value of 2.' - description: The CPU options for the instance. Both the core count and threads per core must be specified in the request. - - name: CapacityReservationSpecification - in: query - required: false - description: 'Information about the Capacity Reservation targeting option. If you do not specify this parameter, the instance''s Capacity Reservation preference defaults to open, which enables it to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).' - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/CapacityReservationTarget' - - description: Information about the target Capacity Reservation or Capacity Reservation group. - description: '

Describes an instance''s Capacity Reservation targeting option. You can specify only one parameter at a time. If you specify CapacityReservationPreference and CapacityReservationTarget, the request fails.

Use the CapacityReservationPreference parameter to configure the instance to run as an On-Demand Instance or to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). Use the CapacityReservationTarget parameter to explicitly target a specific Capacity Reservation or a Capacity Reservation group.

' - - name: HibernationOptions - in: query - required: false - description: '

Indicates whether an instance is enabled for hibernation. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

You can''t enable hibernation and Amazon Web Services Nitro Enclaves on the same instance.

' - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

If you set this parameter to true, your instance is enabled for hibernation.

Default: false

' - description: 'Indicates whether your instance is configured for hibernation. This parameter is valid only if the instance meets the hibernation prerequisites. For more information, see Hibernate your instance in the Amazon EC2 User Guide.' - - name: LicenseSpecification - in: query - required: false - description: The license configurations. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/LicenseConfigurationRequest' - - xml: - name: item - - name: MetadataOptions - in: query - required: false - description: 'The metadata options for the instance. For more information, see Instance metadata and user data.' - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceMetadataTagsState' - - description: '

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.

Default: disabled

' - description: The metadata options for the instance. - - name: EnclaveOptions - in: query - required: false - description: '

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.

You can''t enable Amazon Web Services Nitro Enclaves and hibernation on the same instance.

' - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to true.' - description: 'Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.' - - name: PrivateDnsNameOptions - in: query - required: false - description: The options for the instance hostname. The default values are inherited from the subnet. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. - description: Describes the options for instance hostnames. - - name: MaintenanceOptions - in: query - required: false - description: The maintenance and recovery options for the instance. - schema: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceAutoRecoveryState' - - description: 'Disables the automatic recovery behavior of your instance or sets it to default. For more information, see Simplified automatic recovery.' - description: The maintenance options for the instance. - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RunInstances - operationId: POST_RunInstances - description: '

Launches the specified number of instances using an AMI for which you have permissions.

You can specify a number of options, or leave the default options. The following rules apply:

You can create a launch template, which is a resource that contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify the launch template instead of specifying the launch parameters.

To ensure faster instance launches, break up large requests into smaller batches. For example, create five separate launch requests for 100 instances each instead of one launch request for 500 instances.

An instance is ready for you to use when it''s in the running state. You can check the state of your instance using DescribeInstances. You can tag instances and EBS volumes during launch, after launch, or both. For more information, see CreateTags and Tagging your Amazon EC2 resources.

Linux instances have access to the public key of the key pair at boot. You can use this key to provide secure access to the instance. Amazon EC2 public images use this feature to provide secure access without passwords. For more information, see Key pairs.

For troubleshooting, see What to do if an instance immediately terminates, and Troubleshooting connecting to your instance.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/Reservation' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RunInstancesRequest' - parameters: [] - /?Action=RunScheduledInstances&Version=2016-11-15: - get: - x-aws-operation-name: RunScheduledInstances - operationId: GET_RunScheduledInstances - description: '

Launches the specified Scheduled Instances.

Before you can launch a Scheduled Instance, you must purchase it and obtain an identifier using PurchaseScheduledInstances.

You must launch a Scheduled Instance during its scheduled time period. You can''t stop or reboot a Scheduled Instance, but you can terminate it as needed. If you terminate a Scheduled Instance before the current scheduled time period ends, you can launch it again after a few minutes. For more information, see Scheduled Instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RunScheduledInstancesResult' - parameters: - - name: ClientToken - in: query - required: false - description: 'Unique, case-sensitive identifier that ensures the idempotency of the request. For more information, see Ensuring Idempotency.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: InstanceCount - in: query - required: false - description: '

The number of instances.

Default: 1

' - schema: - type: integer - - name: LaunchSpecification - in: query - required: true - description: 'The launch specification. You must match the instance type, Availability Zone, network, and platform of the schedule that you purchased.' - schema: - type: object - required: - - ImageId - properties: - BlockDeviceMapping: - allOf: - - $ref: '#/components/schemas/ScheduledInstancesMonitoring' - - description: Enable or disable monitoring for the instances. - NetworkInterface: - allOf: - - $ref: '#/components/schemas/RamdiskId' - - description: The ID of the RAM disk. - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/String' - - description: The base64-encoded MIME user data. - description: '

Describes the launch specification for a Scheduled Instance.

If you are launching the Scheduled Instance in EC2-VPC, you must specify the ID of the subnet. You can specify the subnet using either SubnetId or NetworkInterface.

' - - name: ScheduledInstanceId - in: query - required: true - description: The Scheduled Instance ID. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: RunScheduledInstances - operationId: POST_RunScheduledInstances - description: '

Launches the specified Scheduled Instances.

Before you can launch a Scheduled Instance, you must purchase it and obtain an identifier using PurchaseScheduledInstances.

You must launch a Scheduled Instance during its scheduled time period. You can''t stop or reboot a Scheduled Instance, but you can terminate it as needed. If you terminate a Scheduled Instance before the current scheduled time period ends, you can launch it again after a few minutes. For more information, see Scheduled Instances in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/RunScheduledInstancesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RunScheduledInstancesRequest' - parameters: [] - /?Action=SearchLocalGatewayRoutes&Version=2016-11-15: - get: - x-aws-operation-name: SearchLocalGatewayRoutes - operationId: GET_SearchLocalGatewayRoutes - description: Searches for routes in the specified local gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/SearchLocalGatewayRoutesResult' - parameters: - - name: LocalGatewayRouteTableId - in: query - required: true - description: The ID of the local gateway route table. - schema: - type: string - - name: Filter - in: query - required: false - description: '

One or more filters.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: SearchLocalGatewayRoutes - operationId: POST_SearchLocalGatewayRoutes - description: Searches for routes in the specified local gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/SearchLocalGatewayRoutesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/SearchLocalGatewayRoutesRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=SearchTransitGatewayMulticastGroups&Version=2016-11-15: - get: - x-aws-operation-name: SearchTransitGatewayMulticastGroups - operationId: GET_SearchTransitGatewayMulticastGroups - description: Searches one or more transit gateway multicast groups and returns the group membership information. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/SearchTransitGatewayMulticastGroupsResult' - parameters: - - name: TransitGatewayMulticastDomainId - in: query - required: false - description: The ID of the transit gateway multicast domain. - schema: - type: string - - name: Filter - in: query - required: false - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: NextToken - in: query - required: false - description: The token for the next page of results. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: SearchTransitGatewayMulticastGroups - operationId: POST_SearchTransitGatewayMulticastGroups - description: Searches one or more transit gateway multicast groups and returns the group membership information. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/SearchTransitGatewayMulticastGroupsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/SearchTransitGatewayMulticastGroupsRequest' - parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit - required: false - - name: NextToken - in: query - schema: - type: string - description: Pagination token - required: false - /?Action=SearchTransitGatewayRoutes&Version=2016-11-15: - get: - x-aws-operation-name: SearchTransitGatewayRoutes - operationId: GET_SearchTransitGatewayRoutes - description: Searches for routes in the specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/SearchTransitGatewayRoutesResult' - parameters: - - name: TransitGatewayRouteTableId - in: query - required: true - description: The ID of the transit gateway route table. - schema: - type: string - - name: Filter - in: query - required: true - description: '

One or more filters. The possible values are:

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - - name: MaxResults - in: query - required: false - description: The maximum number of routes to return. - schema: - type: integer - minimum: 5 - maximum: 1000 - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: SearchTransitGatewayRoutes - operationId: POST_SearchTransitGatewayRoutes - description: Searches for routes in the specified transit gateway route table. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/SearchTransitGatewayRoutesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/SearchTransitGatewayRoutesRequest' - parameters: [] - /?Action=SendDiagnosticInterrupt&Version=2016-11-15: - get: - x-aws-operation-name: SendDiagnosticInterrupt - operationId: GET_SendDiagnosticInterrupt - description: '

Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a kernel panic (on Linux instances), or a blue screen/stop error (on Windows instances). For instances based on Intel and AMD processors, the interrupt is received as a non-maskable interrupt (NMI).

In general, the operating system crashes and reboots when a kernel panic or stop error is triggered. The operating system can also be configured to perform diagnostic tasks, such as generating a memory dump file, loading a secondary kernel, or obtaining a call trace.

Before sending a diagnostic interrupt to your instance, ensure that its operating system is configured to perform the required diagnostic tasks.

For more information about configuring your operating system to generate a crash dump when a kernel panic or stop error occurs, see Send a diagnostic interrupt (for advanced users) (Linux instances) or Send a diagnostic interrupt (for advanced users) (Windows instances).

' - responses: - '200': - description: Success - parameters: - - name: InstanceId - in: query - required: true - description: The ID of the instance. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: SendDiagnosticInterrupt - operationId: POST_SendDiagnosticInterrupt - description: '

Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a kernel panic (on Linux instances), or a blue screen/stop error (on Windows instances). For instances based on Intel and AMD processors, the interrupt is received as a non-maskable interrupt (NMI).

In general, the operating system crashes and reboots when a kernel panic or stop error is triggered. The operating system can also be configured to perform diagnostic tasks, such as generating a memory dump file, loading a secondary kernel, or obtaining a call trace.

Before sending a diagnostic interrupt to your instance, ensure that its operating system is configured to perform the required diagnostic tasks.

For more information about configuring your operating system to generate a crash dump when a kernel panic or stop error occurs, see Send a diagnostic interrupt (for advanced users) (Linux instances) or Send a diagnostic interrupt (for advanced users) (Windows instances).

' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/SendDiagnosticInterruptRequest' - parameters: [] - /?Action=StartInstances&Version=2016-11-15: - get: - x-aws-operation-name: StartInstances - operationId: GET_StartInstances - description: '

Starts an Amazon EBS-backed instance that you''ve previously stopped.

Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When an instance is stopped, the compute resources are released and you are not billed for instance usage. However, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. You can restart your instance at any time. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.

Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM.

Performing this operation on an instance that uses an instance store as its root device returns an error.

If you attempt to start a T3 instance with host tenancy and the unlimted CPU credit option, the request fails. The unlimited CPU credit option is not supported on Dedicated Hosts. Before you start the instance, either change its CPU credit option to standard, or change its tenancy to default or dedicated.

For more information, see Stop and start your instance in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/StartInstancesResult' - parameters: - - name: InstanceId - in: query - required: true - description: The IDs of the instances. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceId' - - xml: - name: InstanceId - - name: AdditionalInfo - in: query - required: false - description: Reserved. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: StartInstances - operationId: POST_StartInstances - description: '

Starts an Amazon EBS-backed instance that you''ve previously stopped.

Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When an instance is stopped, the compute resources are released and you are not billed for instance usage. However, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. You can restart your instance at any time. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.

Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM.

Performing this operation on an instance that uses an instance store as its root device returns an error.

If you attempt to start a T3 instance with host tenancy and the unlimted CPU credit option, the request fails. The unlimited CPU credit option is not supported on Dedicated Hosts. Before you start the instance, either change its CPU credit option to standard, or change its tenancy to default or dedicated.

For more information, see Stop and start your instance in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/StartInstancesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/StartInstancesRequest' - parameters: [] - /?Action=StartNetworkInsightsAccessScopeAnalysis&Version=2016-11-15: - get: - x-aws-operation-name: StartNetworkInsightsAccessScopeAnalysis - operationId: GET_StartNetworkInsightsAccessScopeAnalysis - description: Starts analyzing the specified Network Access Scope. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/StartNetworkInsightsAccessScopeAnalysisResult' - parameters: - - name: NetworkInsightsAccessScopeId - in: query - required: true - description: The ID of the Network Access Scope. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: TagSpecification - in: query - required: false - description: The tags to apply. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: ClientToken - in: query - required: true - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: StartNetworkInsightsAccessScopeAnalysis - operationId: POST_StartNetworkInsightsAccessScopeAnalysis - description: Starts analyzing the specified Network Access Scope. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/StartNetworkInsightsAccessScopeAnalysisResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/StartNetworkInsightsAccessScopeAnalysisRequest' - parameters: [] - /?Action=StartNetworkInsightsAnalysis&Version=2016-11-15: - get: - x-aws-operation-name: StartNetworkInsightsAnalysis - operationId: GET_StartNetworkInsightsAnalysis - description: 'Starts analyzing the specified path. If the path is reachable, the operation returns the shortest feasible path.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/StartNetworkInsightsAnalysisResult' - parameters: - - name: NetworkInsightsPathId - in: query - required: true - description: The ID of the path. - schema: - type: string - - name: FilterInArn - in: query - required: false - description: The Amazon Resource Names (ARN) of the resources that the path must traverse. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - xml: - name: item - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: TagSpecification - in: query - required: false - description: The tags to apply. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - - name: ClientToken - in: query - required: true - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: StartNetworkInsightsAnalysis - operationId: POST_StartNetworkInsightsAnalysis - description: 'Starts analyzing the specified path. If the path is reachable, the operation returns the shortest feasible path.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/StartNetworkInsightsAnalysisResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/StartNetworkInsightsAnalysisRequest' - parameters: [] - /?Action=StartVpcEndpointServicePrivateDnsVerification&Version=2016-11-15: - get: - x-aws-operation-name: StartVpcEndpointServicePrivateDnsVerification - operationId: GET_StartVpcEndpointServicePrivateDnsVerification - description: '

Initiates the verification process to prove that the service provider owns the private DNS name domain for the endpoint service.

The service provider must successfully perform the verification before the consumer can use the name to access the service.

Before the service provider runs this command, they must add a record to the DNS server.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/StartVpcEndpointServicePrivateDnsVerificationResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: ServiceId - in: query - required: true - description: The ID of the endpoint service. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: StartVpcEndpointServicePrivateDnsVerification - operationId: POST_StartVpcEndpointServicePrivateDnsVerification - description: '

Initiates the verification process to prove that the service provider owns the private DNS name domain for the endpoint service.

The service provider must successfully perform the verification before the consumer can use the name to access the service.

Before the service provider runs this command, they must add a record to the DNS server.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/StartVpcEndpointServicePrivateDnsVerificationResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/StartVpcEndpointServicePrivateDnsVerificationRequest' - parameters: [] - /?Action=StopInstances&Version=2016-11-15: - get: - x-aws-operation-name: StopInstances - operationId: GET_StopInstances - description: '

Stops an Amazon EBS-backed instance. For more information, see Stop and start your instance in the Amazon EC2 User Guide.

You can use the Stop action to hibernate an instance if the instance is enabled for hibernation and it meets the hibernation prerequisites. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

We don''t charge usage for a stopped instance, or data transfer fees; however, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.

You can''t stop or hibernate instance store-backed instances. You can''t use the Stop action to hibernate Spot Instances, but you can specify that Amazon EC2 should hibernate Spot Instances when they are interrupted. For more information, see Hibernating interrupted Spot Instances in the Amazon EC2 User Guide.

When you stop or hibernate an instance, we shut it down. You can restart your instance at any time. Before stopping or hibernating an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM, but hibernating an instance does preserve data stored in RAM. If an instance cannot hibernate successfully, a normal shutdown occurs.

Stopping and hibernating an instance is different to rebooting or terminating it. For example, when you stop or hibernate an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, the root device and any other devices attached during the instance launch are automatically deleted. For more information about the differences between rebooting, stopping, hibernating, and terminating instances, see Instance lifecycle in the Amazon EC2 User Guide.

When you stop an instance, we attempt to shut it down forcibly after a short while. If your instance appears stuck in the stopping state after a period of time, there may be an issue with the underlying host computer. For more information, see Troubleshoot stopping your instance in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/StopInstancesResult' - parameters: - - name: InstanceId - in: query - required: true - description: The IDs of the instances. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceId' - - xml: - name: InstanceId - - name: Hibernate - in: query - required: false - description: '

Hibernates the instance if the instance was enabled for hibernation at launch. If the instance cannot hibernate successfully, a normal shutdown occurs. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

Default: false

' - schema: - type: boolean - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: Force - in: query - required: false - description: '

Forces the instances to stop. The instances do not have an opportunity to flush file system caches or file system metadata. If you use this option, you must perform file system check and repair procedures. This option is not recommended for Windows instances.

Default: false

' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: StopInstances - operationId: POST_StopInstances - description: '

Stops an Amazon EBS-backed instance. For more information, see Stop and start your instance in the Amazon EC2 User Guide.

You can use the Stop action to hibernate an instance if the instance is enabled for hibernation and it meets the hibernation prerequisites. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

We don''t charge usage for a stopped instance, or data transfer fees; however, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.

You can''t stop or hibernate instance store-backed instances. You can''t use the Stop action to hibernate Spot Instances, but you can specify that Amazon EC2 should hibernate Spot Instances when they are interrupted. For more information, see Hibernating interrupted Spot Instances in the Amazon EC2 User Guide.

When you stop or hibernate an instance, we shut it down. You can restart your instance at any time. Before stopping or hibernating an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM, but hibernating an instance does preserve data stored in RAM. If an instance cannot hibernate successfully, a normal shutdown occurs.

Stopping and hibernating an instance is different to rebooting or terminating it. For example, when you stop or hibernate an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, the root device and any other devices attached during the instance launch are automatically deleted. For more information about the differences between rebooting, stopping, hibernating, and terminating instances, see Instance lifecycle in the Amazon EC2 User Guide.

When you stop an instance, we attempt to shut it down forcibly after a short while. If your instance appears stuck in the stopping state after a period of time, there may be an issue with the underlying host computer. For more information, see Troubleshoot stopping your instance in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/StopInstancesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/StopInstancesRequest' - parameters: [] - /?Action=TerminateClientVpnConnections&Version=2016-11-15: - get: - x-aws-operation-name: TerminateClientVpnConnections - operationId: GET_TerminateClientVpnConnections - description: 'Terminates active Client VPN endpoint connections. This action can be used to terminate a specific client connection, or up to five connections established by a specific user.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/TerminateClientVpnConnectionsResult' - parameters: - - name: ClientVpnEndpointId - in: query - required: true - description: The ID of the Client VPN endpoint to which the client is connected. - schema: - type: string - - name: ConnectionId - in: query - required: false - description: The ID of the client connection to be terminated. - schema: - type: string - - name: Username - in: query - required: false - description: The name of the user who initiated the connection. Use this option to terminate all active connections for the specified user. This option can only be used if the user has established up to five connections. - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: TerminateClientVpnConnections - operationId: POST_TerminateClientVpnConnections - description: 'Terminates active Client VPN endpoint connections. This action can be used to terminate a specific client connection, or up to five connections established by a specific user.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/TerminateClientVpnConnectionsResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/TerminateClientVpnConnectionsRequest' - parameters: [] - /?Action=TerminateInstances&Version=2016-11-15: - get: - x-aws-operation-name: TerminateInstances - operationId: GET_TerminateInstances - description: '

Shuts down the specified instances. This operation is idempotent; if you terminate an instance more than once, each call succeeds.

If you specify multiple instances and the request fails (for example, because of a single incorrect instance ID), none of the instances are terminated.

If you terminate multiple instances across multiple Availability Zones, and one or more of the specified instances are enabled for termination protection, the request fails with the following results:

For example, say you have the following instances:

If you attempt to terminate all of these instances in the same request, the request reports failure with the following results:

Terminated instances remain visible after termination (for approximately one hour).

By default, Amazon EC2 deletes all EBS volumes that were attached when the instance launched. Volumes attached after instance launch continue running.

You can stop, start, and terminate EBS-backed instances. You can only terminate instance store-backed instances. What happens to an instance differs if you stop it or terminate it. For example, when you stop an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, any attached EBS volumes with the DeleteOnTermination block device mapping parameter set to true are automatically deleted. For more information about the differences between stopping and terminating instances, see Instance lifecycle in the Amazon EC2 User Guide.

For more information about troubleshooting, see Troubleshooting terminating your instance in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/TerminateInstancesResult' - parameters: - - name: InstanceId - in: query - required: true - description: '

The IDs of the instances.

Constraints: Up to 1000 instance IDs. We recommend breaking up this request into smaller batches.

' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceId' - - xml: - name: InstanceId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: TerminateInstances - operationId: POST_TerminateInstances - description: '

Shuts down the specified instances. This operation is idempotent; if you terminate an instance more than once, each call succeeds.

If you specify multiple instances and the request fails (for example, because of a single incorrect instance ID), none of the instances are terminated.

If you terminate multiple instances across multiple Availability Zones, and one or more of the specified instances are enabled for termination protection, the request fails with the following results:

For example, say you have the following instances:

If you attempt to terminate all of these instances in the same request, the request reports failure with the following results:

Terminated instances remain visible after termination (for approximately one hour).

By default, Amazon EC2 deletes all EBS volumes that were attached when the instance launched. Volumes attached after instance launch continue running.

You can stop, start, and terminate EBS-backed instances. You can only terminate instance store-backed instances. What happens to an instance differs if you stop it or terminate it. For example, when you stop an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, any attached EBS volumes with the DeleteOnTermination block device mapping parameter set to true are automatically deleted. For more information about the differences between stopping and terminating instances, see Instance lifecycle in the Amazon EC2 User Guide.

For more information about troubleshooting, see Troubleshooting terminating your instance in the Amazon EC2 User Guide.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/TerminateInstancesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/TerminateInstancesRequest' - parameters: [] - /?Action=UnassignIpv6Addresses&Version=2016-11-15: - get: - x-aws-operation-name: UnassignIpv6Addresses - operationId: GET_UnassignIpv6Addresses - description: Unassigns one or more IPv6 addresses IPv4 Prefix Delegation prefixes from a network interface. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/UnassignIpv6AddressesResult' - parameters: - - name: Ipv6Addresses - in: query - required: false - description: The IPv6 addresses to unassign from the network interface. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: Ipv6Prefix - in: query - required: false - description: One or more IPv6 prefixes to unassign from the network interface. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - - name: NetworkInterfaceId - in: query - required: true - description: The ID of the network interface. - schema: - type: string - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: UnassignIpv6Addresses - operationId: POST_UnassignIpv6Addresses - description: Unassigns one or more IPv6 addresses IPv4 Prefix Delegation prefixes from a network interface. - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/UnassignIpv6AddressesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UnassignIpv6AddressesRequest' - parameters: [] - /?Action=UnassignPrivateIpAddresses&Version=2016-11-15: - get: - x-aws-operation-name: UnassignPrivateIpAddresses - operationId: GET_UnassignPrivateIpAddresses - description: 'Unassigns one or more secondary private IP addresses, or IPv4 Prefix Delegation prefixes from a network interface.' - responses: - '200': - description: Success - parameters: - - name: NetworkInterfaceId - in: query - required: true - description: The ID of the network interface. - schema: - type: string - - name: PrivateIpAddress - in: query - required: false - description: The secondary private IP addresses to unassign from the network interface. You can specify this option multiple times to unassign more than one IP address. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: PrivateIpAddress - - name: Ipv4Prefix - in: query - required: false - description: The IPv4 prefixes to unassign from the network interface. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: UnassignPrivateIpAddresses - operationId: POST_UnassignPrivateIpAddresses - description: 'Unassigns one or more secondary private IP addresses, or IPv4 Prefix Delegation prefixes from a network interface.' - responses: - '200': - description: Success - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UnassignPrivateIpAddressesRequest' - parameters: [] - /?Action=UnmonitorInstances&Version=2016-11-15: - get: - x-aws-operation-name: UnmonitorInstances - operationId: GET_UnmonitorInstances - description: 'Disables detailed monitoring for a running instance. For more information, see Monitoring your instances and volumes in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmonitorInstancesResult' - parameters: - - name: InstanceId - in: query - required: true - description: The IDs of the instances. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceId' - - xml: - name: InstanceId - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: UnmonitorInstances - operationId: POST_UnmonitorInstances - description: 'Disables detailed monitoring for a running instance. For more information, see Monitoring your instances and volumes in the Amazon EC2 User Guide.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmonitorInstancesResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmonitorInstancesRequest' - parameters: [] - /?Action=UpdateSecurityGroupRuleDescriptionsEgress&Version=2016-11-15: - get: - x-aws-operation-name: UpdateSecurityGroupRuleDescriptionsEgress - operationId: GET_UpdateSecurityGroupRuleDescriptionsEgress - description: '[VPC only] Updates the description of an egress (outbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateSecurityGroupRuleDescriptionsEgressResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: GroupId - in: query - required: false - description: 'The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.' - schema: - type: string - - name: GroupName - in: query - required: false - description: '[Default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request.' - schema: - type: string - - name: IpPermissions - in: query - required: false - description: The IP permissions for the security group rule. You must specify either the IP permissions or the description. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpPermission' - - xml: - name: item - - name: SecurityGroupRuleDescription - in: query - required: false - description: The description for the egress security group rules. You must specify either the description or the IP permissions. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupRuleDescription' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: UpdateSecurityGroupRuleDescriptionsEgress - operationId: POST_UpdateSecurityGroupRuleDescriptionsEgress - description: '[VPC only] Updates the description of an egress (outbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateSecurityGroupRuleDescriptionsEgressResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateSecurityGroupRuleDescriptionsEgressRequest' - parameters: [] - /?Action=UpdateSecurityGroupRuleDescriptionsIngress&Version=2016-11-15: - get: - x-aws-operation-name: UpdateSecurityGroupRuleDescriptionsIngress - operationId: GET_UpdateSecurityGroupRuleDescriptionsIngress - description: 'Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateSecurityGroupRuleDescriptionsIngressResult' - parameters: - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - - name: GroupId - in: query - required: false - description: 'The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.' - schema: - type: string - - name: GroupName - in: query - required: false - description: '[EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request.' - schema: - type: string - - name: IpPermissions - in: query - required: false - description: The IP permissions for the security group rule. You must specify either IP permissions or a description. - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpPermission' - - xml: - name: item - - name: SecurityGroupRuleDescription - in: query - required: false - description: '[VPC only] The description for the ingress security group rules. You must specify either a description or IP permissions.' - schema: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupRuleDescription' - - xml: - name: item - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: UpdateSecurityGroupRuleDescriptionsIngress - operationId: POST_UpdateSecurityGroupRuleDescriptionsIngress - description: 'Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateSecurityGroupRuleDescriptionsIngressResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateSecurityGroupRuleDescriptionsIngressRequest' - parameters: [] - /?Action=WithdrawByoipCidr&Version=2016-11-15: - get: - x-aws-operation-name: WithdrawByoipCidr - operationId: GET_WithdrawByoipCidr - description: '

Stops advertising an address range that is provisioned as an address pool.

You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.

It can take a few minutes before traffic to the specified addresses stops routing to Amazon Web Services because of BGP propagation delays.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/WithdrawByoipCidrResult' - parameters: - - name: Cidr - in: query - required: true - description: 'The address range, in CIDR notation.' - schema: - type: string - - name: DryRun - in: query - required: false - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - schema: - type: boolean - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - x-aws-operation-name: WithdrawByoipCidr - operationId: POST_WithdrawByoipCidr - description: '

Stops advertising an address range that is provisioned as an address pool.

You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.

It can take a few minutes before traffic to the specified addresses stops routing to Amazon Web Services because of BGP propagation delays.

' - responses: - '200': - description: Success - content: - text/xml: - schema: - $ref: '#/components/schemas/WithdrawByoipCidrResult' - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/WithdrawByoipCidrRequest' - parameters: [] -components: - x-stackQL-resources: - account_attributes: - name: account_attributes - methods: - account_attributes_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeAccountAttributes&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/accountAttributeSet/item - openAPIDocKey: '200' - id: aws.ec2.account_attributes - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/account_attributes/methods/account_attributes_Describe' - update: [] - title: account_attributes - address: - name: address - methods: - address_Allocate: - operation: - $ref: '#/paths/~1?Action=AllocateAddress&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - address_Associate: - operation: - $ref: '#/paths/~1?Action=AssociateAddress&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - address_Disassociate: - operation: - $ref: '#/paths/~1?Action=DisassociateAddress&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - address_Release: - operation: - $ref: '#/paths/~1?Action=ReleaseAddress&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.address - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: address - address_attribute: - name: address_attribute - methods: - address_attribute_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyAddressAttribute&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - address_attribute_Reset: - operation: - $ref: '#/paths/~1?Action=ResetAddressAttribute&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.address_attribute - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: address_attribute - address_to_classic: - name: address_to_classic - methods: - address_to_classic_Restore: - operation: - $ref: '#/paths/~1?Action=RestoreAddressToClassic&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.address_to_classic - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: address_to_classic - address_to_vpc: - name: address_to_vpc - methods: - address_to_vpc_Move: - operation: - $ref: '#/paths/~1?Action=MoveAddressToVpc&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.address_to_vpc - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: address_to_vpc - addresses: - name: addresses - methods: - addresses_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeAddresses&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/addressesSet/item - openAPIDocKey: '200' - id: aws.ec2.addresses - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/addresses/methods/addresses_Describe' - update: [] - title: addresses - addresses_attribute: - name: addresses_attribute - methods: - addresses_attribute_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeAddressesAttribute&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/addressSet/item - openAPIDocKey: '200' - id: aws.ec2.addresses_attribute - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/addresses_attribute/methods/addresses_attribute_Describe' - update: [] - title: addresses_attribute - aggregate_id_format: - name: aggregate_id_format - methods: - aggregate_id_format_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeAggregateIdFormat&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/statusSet/item - openAPIDocKey: '200' - id: aws.ec2.aggregate_id_format - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/aggregate_id_format/methods/aggregate_id_format_Describe' - update: [] - title: aggregate_id_format - associated_enclave_certificate_iam_roles: - name: associated_enclave_certificate_iam_roles - methods: - associated_enclave_certificate_iam_roles_Get: - operation: - $ref: '#/paths/~1?Action=GetAssociatedEnclaveCertificateIamRoles&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/associatedRoleSet/item - openAPIDocKey: '200' - id: aws.ec2.associated_enclave_certificate_iam_roles - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/associated_enclave_certificate_iam_roles/methods/associated_enclave_certificate_iam_roles_Get' - update: [] - title: associated_enclave_certificate_iam_roles - associated_ipv6_pool_cidrs: - name: associated_ipv6_pool_cidrs - methods: - associated_ipv6_pool_cidrs_Get: - operation: - $ref: '#/paths/~1?Action=GetAssociatedIpv6PoolCidrs&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/ipv6CidrAssociationSet/item - openAPIDocKey: '200' - id: aws.ec2.associated_ipv6_pool_cidrs - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/associated_ipv6_pool_cidrs/methods/associated_ipv6_pool_cidrs_Get' - update: [] - title: associated_ipv6_pool_cidrs - availability_zone_group: - name: availability_zone_group - methods: - availability_zone_group_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyAvailabilityZoneGroup&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.availability_zone_group - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: availability_zone_group - availability_zones: - name: availability_zones - methods: - availability_zones_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeAvailabilityZones&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/availabilityZoneInfo/item - openAPIDocKey: '200' - id: aws.ec2.availability_zones - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/availability_zones/methods/availability_zones_Describe' - update: [] - title: availability_zones - bundle_tasks: - name: bundle_tasks - methods: - bundle_task_Cancel: - operation: - $ref: '#/paths/~1?Action=CancelBundleTask&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - bundle_tasks_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeBundleTasks&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/bundleInstanceTasksSet/item - openAPIDocKey: '200' - id: aws.ec2.bundle_tasks - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bundle_tasks/methods/bundle_tasks_Describe' - update: [] - title: bundle_tasks - byoip_cidr_to_ipam: - name: byoip_cidr_to_ipam - methods: - byoip_cidr_to_ipam_Move: - operation: - $ref: '#/paths/~1?Action=MoveByoipCidrToIpam&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.byoip_cidr_to_ipam - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: byoip_cidr_to_ipam - byoip_cidrs: - name: byoip_cidrs - methods: - byoip_cidr_Advertise: - operation: - $ref: '#/paths/~1?Action=AdvertiseByoipCidr&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - byoip_cidr_Deprovision: - operation: - $ref: '#/paths/~1?Action=DeprovisionByoipCidr&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - byoip_cidr_Provision: - operation: - $ref: '#/paths/~1?Action=ProvisionByoipCidr&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - byoip_cidr_Withdraw: - operation: - $ref: '#/paths/~1?Action=WithdrawByoipCidr&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - byoip_cidrs_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeByoipCidrs&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/byoipCidrSet/item - openAPIDocKey: '200' - id: aws.ec2.byoip_cidrs - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/byoip_cidrs/methods/byoip_cidrs_Describe' - update: [] - title: byoip_cidrs - capacity_reservation_fleets: - name: capacity_reservation_fleets - methods: - capacity_reservation_fleet_Create: - operation: - $ref: '#/paths/~1?Action=CreateCapacityReservationFleet&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - capacity_reservation_fleet_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyCapacityReservationFleet&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - capacity_reservation_fleets_Cancel: - operation: - $ref: '#/paths/~1?Action=CancelCapacityReservationFleets&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - capacity_reservation_fleets_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeCapacityReservationFleets&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/capacityReservationFleetSet/item - openAPIDocKey: '200' - id: aws.ec2.capacity_reservation_fleets - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/capacity_reservation_fleets/methods/capacity_reservation_fleets_Describe' - update: [] - title: capacity_reservation_fleets - capacity_reservation_usage: - name: capacity_reservation_usage - methods: - capacity_reservation_usage_Get: - operation: - $ref: '#/paths/~1?Action=GetCapacityReservationUsage&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.capacity_reservation_usage - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/capacity_reservation_usage/methods/capacity_reservation_usage_Get' - update: [] - title: capacity_reservation_usage - capacity_reservations: - name: capacity_reservations - methods: - capacity_reservation_Cancel: - operation: - $ref: '#/paths/~1?Action=CancelCapacityReservation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - capacity_reservation_Create: - operation: - $ref: '#/paths/~1?Action=CreateCapacityReservation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - capacity_reservation_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyCapacityReservation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - capacity_reservations_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeCapacityReservations&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/capacityReservationSet/item - openAPIDocKey: '200' - id: aws.ec2.capacity_reservations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/capacity_reservations/methods/capacity_reservations_Describe' - update: [] - title: capacity_reservations - carrier_gateways: - name: carrier_gateways - methods: - carrier_gateway_Create: - operation: - $ref: '#/paths/~1?Action=CreateCarrierGateway&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - carrier_gateway_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteCarrierGateway&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - carrier_gateways_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeCarrierGateways&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/carrierGatewaySet/item - openAPIDocKey: '200' - id: aws.ec2.carrier_gateways - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/carrier_gateways/methods/carrier_gateway_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/carrier_gateways/methods/carrier_gateways_Describe' - update: [] - title: carrier_gateways - classic_link_instances: - name: classic_link_instances - methods: - classic_link_instances_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeClassicLinkInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/instancesSet/item - openAPIDocKey: '200' - id: aws.ec2.classic_link_instances - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/classic_link_instances/methods/classic_link_instances_Describe' - update: [] - title: classic_link_instances - classic_link_vpc: - name: classic_link_vpc - methods: - classic_link_vpc_Attach: - operation: - $ref: '#/paths/~1?Action=AttachClassicLinkVpc&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - classic_link_vpc_Detach: - operation: - $ref: '#/paths/~1?Action=DetachClassicLinkVpc&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.classic_link_vpc - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: classic_link_vpc - client_vpn_authorization_rules: - name: client_vpn_authorization_rules - methods: - client_vpn_authorization_rules_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeClientVpnAuthorizationRules&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/authorizationRule/item - openAPIDocKey: '200' - id: aws.ec2.client_vpn_authorization_rules - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/client_vpn_authorization_rules/methods/client_vpn_authorization_rules_Describe' - update: [] - title: client_vpn_authorization_rules - client_vpn_client_certificate_revocation_list: - name: client_vpn_client_certificate_revocation_list - methods: - client_vpn_client_certificate_revocation_list_Export: - operation: - $ref: '#/paths/~1?Action=ExportClientVpnClientCertificateRevocationList&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - client_vpn_client_certificate_revocation_list_Import: - operation: - $ref: '#/paths/~1?Action=ImportClientVpnClientCertificateRevocationList&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.client_vpn_client_certificate_revocation_list - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: client_vpn_client_certificate_revocation_list - client_vpn_client_configuration: - name: client_vpn_client_configuration - methods: - client_vpn_client_configuration_Export: - operation: - $ref: '#/paths/~1?Action=ExportClientVpnClientConfiguration&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.client_vpn_client_configuration - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: client_vpn_client_configuration - client_vpn_connections: - name: client_vpn_connections - methods: - client_vpn_connections_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeClientVpnConnections&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/connections/item - openAPIDocKey: '200' - client_vpn_connections_Terminate: - operation: - $ref: '#/paths/~1?Action=TerminateClientVpnConnections&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.client_vpn_connections - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/client_vpn_connections/methods/client_vpn_connections_Describe' - update: [] - title: client_vpn_connections - client_vpn_endpoints: - name: client_vpn_endpoints - methods: - client_vpn_endpoint_Create: - operation: - $ref: '#/paths/~1?Action=CreateClientVpnEndpoint&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - client_vpn_endpoint_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteClientVpnEndpoint&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - client_vpn_endpoint_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyClientVpnEndpoint&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - client_vpn_endpoints_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeClientVpnEndpoints&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/clientVpnEndpoint/item - openAPIDocKey: '200' - id: aws.ec2.client_vpn_endpoints - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/client_vpn_endpoints/methods/client_vpn_endpoint_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/client_vpn_endpoints/methods/client_vpn_endpoint_Create' - select: - - $ref: '#/components/x-stackQL-resources/client_vpn_endpoints/methods/client_vpn_endpoints_Describe' - update: [] - title: client_vpn_endpoints - client_vpn_ingress: - name: client_vpn_ingress - methods: - client_vpn_ingress_Authorize: - operation: - $ref: '#/paths/~1?Action=AuthorizeClientVpnIngress&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - client_vpn_ingress_Revoke: - operation: - $ref: '#/paths/~1?Action=RevokeClientVpnIngress&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.client_vpn_ingress - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: client_vpn_ingress - client_vpn_routes: - name: client_vpn_routes - methods: - client_vpn_route_Create: - operation: - $ref: '#/paths/~1?Action=CreateClientVpnRoute&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - client_vpn_route_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteClientVpnRoute&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - client_vpn_routes_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeClientVpnRoutes&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/routes/item - openAPIDocKey: '200' - id: aws.ec2.client_vpn_routes - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/client_vpn_routes/methods/client_vpn_route_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/client_vpn_routes/methods/client_vpn_route_Create' - select: - - $ref: '#/components/x-stackQL-resources/client_vpn_routes/methods/client_vpn_routes_Describe' - update: [] - title: client_vpn_routes - client_vpn_target_networks: - name: client_vpn_target_networks - methods: - client_vpn_target_network_Associate: - operation: - $ref: '#/paths/~1?Action=AssociateClientVpnTargetNetwork&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - client_vpn_target_network_Disassociate: - operation: - $ref: '#/paths/~1?Action=DisassociateClientVpnTargetNetwork&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - client_vpn_target_networks_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeClientVpnTargetNetworks&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/clientVpnTargetNetworks/item - openAPIDocKey: '200' - id: aws.ec2.client_vpn_target_networks - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/client_vpn_target_networks/methods/client_vpn_target_networks_Describe' - update: [] - title: client_vpn_target_networks - coip_pool_usage: - name: coip_pool_usage - methods: - coip_pool_usage_Get: - operation: - $ref: '#/paths/~1?Action=GetCoipPoolUsage&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/coipAddressUsageSet/item - openAPIDocKey: '200' - id: aws.ec2.coip_pool_usage - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/coip_pool_usage/methods/coip_pool_usage_Get' - update: [] - title: coip_pool_usage - coip_pools: - name: coip_pools - methods: - coip_pools_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeCoipPools&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/coipPoolSet/item - openAPIDocKey: '200' - id: aws.ec2.coip_pools - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/coip_pools/methods/coip_pools_Describe' - update: [] - title: coip_pools - console_output: - name: console_output - methods: - console_output_Get: - operation: - $ref: '#/paths/~1?Action=GetConsoleOutput&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.console_output - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/console_output/methods/console_output_Get' - update: [] - title: console_output - console_screenshot: - name: console_screenshot - methods: - console_screenshot_Get: - operation: - $ref: '#/paths/~1?Action=GetConsoleScreenshot&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.console_screenshot - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/console_screenshot/methods/console_screenshot_Get' - update: [] - title: console_screenshot - conversion_tasks: - name: conversion_tasks - methods: - conversion_task_Cancel: - operation: - $ref: '#/paths/~1?Action=CancelConversionTask&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - conversion_tasks_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeConversionTasks&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/conversionTasks/item - openAPIDocKey: '200' - id: aws.ec2.conversion_tasks - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/conversion_tasks/methods/conversion_tasks_Describe' - update: [] - title: conversion_tasks - customer_gateways: - name: customer_gateways - methods: - customer_gateway_Create: - operation: - $ref: '#/paths/~1?Action=CreateCustomerGateway&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - customer_gateway_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteCustomerGateway&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - customer_gateways_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeCustomerGateways&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/customerGatewaySet/item - openAPIDocKey: '200' - id: aws.ec2.customer_gateways - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/customer_gateways/methods/customer_gateway_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/customer_gateways/methods/customer_gateway_Create' - select: - - $ref: '#/components/x-stackQL-resources/customer_gateways/methods/customer_gateways_Describe' - update: [] - title: customer_gateways - default_credit_specification: - name: default_credit_specification - methods: - default_credit_specification_Get: - operation: - $ref: '#/paths/~1?Action=GetDefaultCreditSpecification&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/instanceFamilyCreditSpecification - openAPIDocKey: '200' - default_credit_specification_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyDefaultCreditSpecification&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.default_credit_specification - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/default_credit_specification/methods/default_credit_specification_Get' - update: [] - title: default_credit_specification - default_subnet: - name: default_subnet - methods: - default_subnet_Create: - operation: - $ref: '#/paths/~1?Action=CreateDefaultSubnet&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.default_subnet - sqlVerbs: - delete: [] - insert: - - $ref: '#/components/x-stackQL-resources/default_subnet/methods/default_subnet_Create' - select: [] - update: [] - title: default_subnet - default_vpc: - name: default_vpc - methods: - default_vpc_Create: - operation: - $ref: '#/paths/~1?Action=CreateDefaultVpc&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.default_vpc - sqlVerbs: - delete: [] - insert: - - $ref: '#/components/x-stackQL-resources/default_vpc/methods/default_vpc_Create' - select: [] - update: [] - title: default_vpc - dhcp_options: - name: dhcp_options - methods: - dhcp_options_Associate: - operation: - $ref: '#/paths/~1?Action=AssociateDhcpOptions&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - dhcp_options_Create: - operation: - $ref: '#/paths/~1?Action=CreateDhcpOptions&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - dhcp_options_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteDhcpOptions&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - dhcp_options_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeDhcpOptions&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/dhcpOptionsSet/item - openAPIDocKey: '200' - id: aws.ec2.dhcp_options - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/dhcp_options/methods/dhcp_options_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/dhcp_options/methods/dhcp_options_Create' - select: - - $ref: '#/components/x-stackQL-resources/dhcp_options/methods/dhcp_options_Describe' - update: [] - title: dhcp_options - diagnostic_interrupt: - name: diagnostic_interrupt - methods: - diagnostic_interrupt_Send: - operation: - $ref: '#/paths/~1?Action=SendDiagnosticInterrupt&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.diagnostic_interrupt - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: diagnostic_interrupt - ebs_default_kms_key_id: - name: ebs_default_kms_key_id - methods: - ebs_default_kms_key_id_Get: - operation: - $ref: '#/paths/~1?Action=GetEbsDefaultKmsKeyId&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - ebs_default_kms_key_id_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyEbsDefaultKmsKeyId&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ebs_default_kms_key_id_Reset: - operation: - $ref: '#/paths/~1?Action=ResetEbsDefaultKmsKeyId&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.ebs_default_kms_key_id - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/ebs_default_kms_key_id/methods/ebs_default_kms_key_id_Get' - update: [] - title: ebs_default_kms_key_id - ebs_encryption_by_default: - name: ebs_encryption_by_default - methods: - ebs_encryption_by_default_Disable: - operation: - $ref: '#/paths/~1?Action=DisableEbsEncryptionByDefault&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ebs_encryption_by_default_Enable: - operation: - $ref: '#/paths/~1?Action=EnableEbsEncryptionByDefault&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ebs_encryption_by_default_Get: - operation: - $ref: '#/paths/~1?Action=GetEbsEncryptionByDefault&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.ebs_encryption_by_default - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/ebs_encryption_by_default/methods/ebs_encryption_by_default_Get' - update: [] - title: ebs_encryption_by_default - egress_only_internet_gateways: - name: egress_only_internet_gateways - methods: - egress_only_internet_gateway_Create: - operation: - $ref: '#/paths/~1?Action=CreateEgressOnlyInternetGateway&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - egress_only_internet_gateway_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteEgressOnlyInternetGateway&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - egress_only_internet_gateways_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeEgressOnlyInternetGateways&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/egressOnlyInternetGatewaySet/item - openAPIDocKey: '200' - id: aws.ec2.egress_only_internet_gateways - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/egress_only_internet_gateways/methods/egress_only_internet_gateway_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/egress_only_internet_gateways/methods/egress_only_internet_gateway_Create' - select: - - $ref: '#/components/x-stackQL-resources/egress_only_internet_gateways/methods/egress_only_internet_gateways_Describe' - update: [] - title: egress_only_internet_gateways - elastic_gpus: - name: elastic_gpus - methods: - elastic_gpus_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeElasticGpus&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/elasticGpuSet/item - openAPIDocKey: '200' - id: aws.ec2.elastic_gpus - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/elastic_gpus/methods/elastic_gpus_Describe' - update: [] - title: elastic_gpus - enclave_certificate_iam_role: - name: enclave_certificate_iam_role - methods: - enclave_certificate_iam_role_Associate: - operation: - $ref: '#/paths/~1?Action=AssociateEnclaveCertificateIamRole&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - enclave_certificate_iam_role_Disassociate: - operation: - $ref: '#/paths/~1?Action=DisassociateEnclaveCertificateIamRole&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.enclave_certificate_iam_role - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: enclave_certificate_iam_role - export_image_tasks: - name: export_image_tasks - methods: - export_image_tasks_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeExportImageTasks&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/exportImageTaskSet/item - openAPIDocKey: '200' - id: aws.ec2.export_image_tasks - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/export_image_tasks/methods/export_image_tasks_Describe' - update: [] - title: export_image_tasks - export_tasks: - name: export_tasks - methods: - export_task_Cancel: - operation: - $ref: '#/paths/~1?Action=CancelExportTask&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - export_tasks_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeExportTasks&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/exportTaskSet/item - openAPIDocKey: '200' - id: aws.ec2.export_tasks - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/export_tasks/methods/export_tasks_Describe' - update: [] - title: export_tasks - fast_launch: - name: fast_launch - methods: - fast_launch_Disable: - operation: - $ref: '#/paths/~1?Action=DisableFastLaunch&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - fast_launch_Enable: - operation: - $ref: '#/paths/~1?Action=EnableFastLaunch&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.fast_launch - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: fast_launch - fast_launch_images: - name: fast_launch_images - methods: - fast_launch_images_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeFastLaunchImages&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/fastLaunchImageSet/item - openAPIDocKey: '200' - id: aws.ec2.fast_launch_images - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/fast_launch_images/methods/fast_launch_images_Describe' - update: [] - title: fast_launch_images - fast_snapshot_restores: - name: fast_snapshot_restores - methods: - fast_snapshot_restores_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeFastSnapshotRestores&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/fastSnapshotRestoreSet/item - openAPIDocKey: '200' - fast_snapshot_restores_Disable: - operation: - $ref: '#/paths/~1?Action=DisableFastSnapshotRestores&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - fast_snapshot_restores_Enable: - operation: - $ref: '#/paths/~1?Action=EnableFastSnapshotRestores&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.fast_snapshot_restores - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/fast_snapshot_restores/methods/fast_snapshot_restores_Describe' - update: [] - title: fast_snapshot_restores - fleet_history: - name: fleet_history - methods: - fleet_history_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeFleetHistory&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.fleet_history - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/fleet_history/methods/fleet_history_Describe' - update: [] - title: fleet_history - fleet_instances: - name: fleet_instances - methods: - fleet_instances_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeFleetInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/activeInstanceSet/item - openAPIDocKey: '200' - id: aws.ec2.fleet_instances - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/fleet_instances/methods/fleet_instances_Describe' - update: [] - title: fleet_instances - fleets: - name: fleets - methods: - fleet_Create: - operation: - $ref: '#/paths/~1?Action=CreateFleet&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - fleet_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyFleet&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - fleets_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteFleets&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - fleets_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeFleets&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/fleetSet/item - openAPIDocKey: '200' - id: aws.ec2.fleets - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/fleets/methods/fleets_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/fleets/methods/fleet_Create' - select: - - $ref: '#/components/x-stackQL-resources/fleets/methods/fleets_Describe' - update: [] - title: fleets - flow_logs: - name: flow_logs - methods: - flow_logs_Create: - operation: - $ref: '#/paths/~1?Action=CreateFlowLogs&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - flow_logs_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteFlowLogs&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - flow_logs_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeFlowLogs&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/flowLogSet/item - openAPIDocKey: '200' - id: aws.ec2.flow_logs - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/flow_logs/methods/flow_logs_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/flow_logs/methods/flow_logs_Create' - select: - - $ref: '#/components/x-stackQL-resources/flow_logs/methods/flow_logs_Describe' - update: [] - title: flow_logs - flow_logs_integration_template: - name: flow_logs_integration_template - methods: - flow_logs_integration_template_Get: - operation: - $ref: '#/paths/~1?Action=GetFlowLogsIntegrationTemplate&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.flow_logs_integration_template - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/flow_logs_integration_template/methods/flow_logs_integration_template_Get' - update: [] - title: flow_logs_integration_template - fpga_image_attribute: - name: fpga_image_attribute - methods: - fpga_image_attribute_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeFpgaImageAttribute&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - fpga_image_attribute_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyFpgaImageAttribute&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - fpga_image_attribute_Reset: - operation: - $ref: '#/paths/~1?Action=ResetFpgaImageAttribute&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.fpga_image_attribute - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/fpga_image_attribute/methods/fpga_image_attribute_Describe' - update: [] - title: fpga_image_attribute - fpga_images: - name: fpga_images - methods: - fpga_image_Copy: - operation: - $ref: '#/paths/~1?Action=CopyFpgaImage&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - fpga_image_Create: - operation: - $ref: '#/paths/~1?Action=CreateFpgaImage&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - fpga_image_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteFpgaImage&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - fpga_images_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeFpgaImages&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/fpgaImageSet/item - openAPIDocKey: '200' - id: aws.ec2.fpga_images - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/fpga_images/methods/fpga_image_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/fpga_images/methods/fpga_image_Create' - select: - - $ref: '#/components/x-stackQL-resources/fpga_images/methods/fpga_images_Describe' - update: [] - title: fpga_images - groups_for_capacity_reservation: - name: groups_for_capacity_reservation - methods: - groups_for_capacity_reservation_Get: - operation: - $ref: '#/paths/~1?Action=GetGroupsForCapacityReservation&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/capacityReservationGroupSet/item - openAPIDocKey: '200' - id: aws.ec2.groups_for_capacity_reservation - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/groups_for_capacity_reservation/methods/groups_for_capacity_reservation_Get' - update: [] - title: groups_for_capacity_reservation - host_reservation_offerings: - name: host_reservation_offerings - methods: - host_reservation_offerings_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeHostReservationOfferings&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/offeringSet/item - openAPIDocKey: '200' - id: aws.ec2.host_reservation_offerings - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/host_reservation_offerings/methods/host_reservation_offerings_Describe' - update: [] - title: host_reservation_offerings - host_reservation_purchase_preview: - name: host_reservation_purchase_preview - methods: - host_reservation_purchase_preview_Get: - operation: - $ref: '#/paths/~1?Action=GetHostReservationPurchasePreview&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.host_reservation_purchase_preview - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/host_reservation_purchase_preview/methods/host_reservation_purchase_preview_Get' - update: [] - title: host_reservation_purchase_preview - host_reservations: - name: host_reservations - methods: - host_reservation_Purchase: - operation: - $ref: '#/paths/~1?Action=PurchaseHostReservation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - host_reservations_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeHostReservations&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/hostReservationSet/item - openAPIDocKey: '200' - id: aws.ec2.host_reservations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/host_reservations/methods/host_reservations_Describe' - update: [] - title: host_reservations - hosts: - name: hosts - methods: - hosts_Allocate: - operation: - $ref: '#/paths/~1?Action=AllocateHosts&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - hosts_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeHosts&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/hostSet/item - openAPIDocKey: '200' - hosts_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyHosts&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - hosts_Release: - operation: - $ref: '#/paths/~1?Action=ReleaseHosts&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.hosts - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/hosts/methods/hosts_Describe' - update: [] - title: hosts - iam_instance_profile: - name: iam_instance_profile - methods: - iam_instance_profile_Associate: - operation: - $ref: '#/paths/~1?Action=AssociateIamInstanceProfile&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - iam_instance_profile_Disassociate: - operation: - $ref: '#/paths/~1?Action=DisassociateIamInstanceProfile&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.iam_instance_profile - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: iam_instance_profile - iam_instance_profile_associations: - name: iam_instance_profile_associations - methods: - iam_instance_profile_association_Replace: - operation: - $ref: '#/paths/~1?Action=ReplaceIamInstanceProfileAssociation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - iam_instance_profile_associations_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeIamInstanceProfileAssociations&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/iamInstanceProfileAssociationSet/item - openAPIDocKey: '200' - id: aws.ec2.iam_instance_profile_associations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/iam_instance_profile_associations/methods/iam_instance_profile_associations_Describe' - update: [] - title: iam_instance_profile_associations - id_format: - name: id_format - methods: - id_format_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeIdFormat&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/statusSet/item - openAPIDocKey: '200' - id_format_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyIdFormat&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.id_format - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/id_format/methods/id_format_Describe' - update: [] - title: id_format - identity_id_format: - name: identity_id_format - methods: - identity_id_format_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeIdentityIdFormat&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/statusSet/item - openAPIDocKey: '200' - identity_id_format_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyIdentityIdFormat&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.identity_id_format - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/identity_id_format/methods/identity_id_format_Describe' - update: [] - title: identity_id_format - image_attribute: - name: image_attribute - methods: - image_attribute_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeImageAttribute&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - image_attribute_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyImageAttribute&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - image_attribute_Reset: - operation: - $ref: '#/paths/~1?Action=ResetImageAttribute&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.image_attribute - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/image_attribute/methods/image_attribute_Describe' - update: [] - title: image_attribute - image_deprecation: - name: image_deprecation - methods: - image_deprecation_Disable: - operation: - $ref: '#/paths/~1?Action=DisableImageDeprecation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - image_deprecation_Enable: - operation: - $ref: '#/paths/~1?Action=EnableImageDeprecation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.image_deprecation - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: image_deprecation - image_from_recycle_bin: - name: image_from_recycle_bin - methods: - image_from_recycle_bin_Restore: - operation: - $ref: '#/paths/~1?Action=RestoreImageFromRecycleBin&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.image_from_recycle_bin - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: image_from_recycle_bin - images: - name: images - methods: - image_Copy: - operation: - $ref: '#/paths/~1?Action=CopyImage&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - image_Create: - operation: - $ref: '#/paths/~1?Action=CreateImage&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - image_Deregister: - operation: - $ref: '#/paths/~1?Action=DeregisterImage&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - image_Export: - operation: - $ref: '#/paths/~1?Action=ExportImage&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - image_Import: - operation: - $ref: '#/paths/~1?Action=ImportImage&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - image_Register: - operation: - $ref: '#/paths/~1?Action=RegisterImage&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - images_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeImages&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.images - sqlVerbs: - delete: [] - insert: - - $ref: '#/components/x-stackQL-resources/images/methods/image_Create' - select: - - $ref: '#/components/x-stackQL-resources/images/methods/images_Describe' - update: [] - title: images - images_in_recycle_bin: - name: images_in_recycle_bin - methods: - images_in_recycle_bin_List: - operation: - $ref: '#/paths/~1?Action=ListImagesInRecycleBin&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/imageSet/item - openAPIDocKey: '200' - id: aws.ec2.images_in_recycle_bin - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/images_in_recycle_bin/methods/images_in_recycle_bin_List' - update: [] - title: images_in_recycle_bin - import_image_tasks: - name: import_image_tasks - methods: - import_image_tasks_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeImportImageTasks&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/importImageTaskSet/item - openAPIDocKey: '200' - id: aws.ec2.import_image_tasks - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/import_image_tasks/methods/import_image_tasks_Describe' - update: [] - title: import_image_tasks - import_snapshot_tasks: - name: import_snapshot_tasks - methods: - import_snapshot_tasks_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeImportSnapshotTasks&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/importSnapshotTaskSet/item - openAPIDocKey: '200' - id: aws.ec2.import_snapshot_tasks - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/import_snapshot_tasks/methods/import_snapshot_tasks_Describe' - update: [] - title: import_snapshot_tasks - import_task: - name: import_task - methods: - import_task_Cancel: - operation: - $ref: '#/paths/~1?Action=CancelImportTask&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.import_task - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: import_task - instance_attribute: - name: instance_attribute - methods: - instance_attribute_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeInstanceAttribute&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - instance_attribute_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyInstanceAttribute&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - instance_attribute_Reset: - operation: - $ref: '#/paths/~1?Action=ResetInstanceAttribute&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.instance_attribute - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/instance_attribute/methods/instance_attribute_Describe' - update: [] - title: instance_attribute - instance_capacity_reservation_attributes: - name: instance_capacity_reservation_attributes - methods: - instance_capacity_reservation_attributes_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyInstanceCapacityReservationAttributes&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.instance_capacity_reservation_attributes - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: instance_capacity_reservation_attributes - instance_credit_specifications: - name: instance_credit_specifications - methods: - instance_credit_specification_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyInstanceCreditSpecification&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - instance_credit_specifications_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeInstanceCreditSpecifications&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/instanceCreditSpecificationSet/item - openAPIDocKey: '200' - id: aws.ec2.instance_credit_specifications - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/instance_credit_specifications/methods/instance_credit_specifications_Describe' - update: [] - title: instance_credit_specifications - instance_event_notification_attributes: - name: instance_event_notification_attributes - methods: - instance_event_notification_attributes_Deregister: - operation: - $ref: '#/paths/~1?Action=DeregisterInstanceEventNotificationAttributes&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - instance_event_notification_attributes_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeInstanceEventNotificationAttributes&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - instance_event_notification_attributes_Register: - operation: - $ref: '#/paths/~1?Action=RegisterInstanceEventNotificationAttributes&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.instance_event_notification_attributes - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/instance_event_notification_attributes/methods/instance_event_notification_attributes_Describe' - update: [] - title: instance_event_notification_attributes - instance_event_start_time: - name: instance_event_start_time - methods: - instance_event_start_time_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyInstanceEventStartTime&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.instance_event_start_time - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: instance_event_start_time - instance_event_windows: - name: instance_event_windows - methods: - instance_event_window_Associate: - operation: - $ref: '#/paths/~1?Action=AssociateInstanceEventWindow&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - instance_event_window_Create: - operation: - $ref: '#/paths/~1?Action=CreateInstanceEventWindow&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - instance_event_window_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteInstanceEventWindow&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - instance_event_window_Disassociate: - operation: - $ref: '#/paths/~1?Action=DisassociateInstanceEventWindow&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - instance_event_window_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyInstanceEventWindow&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - instance_event_windows_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeInstanceEventWindows&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/instanceEventWindowSet/item - openAPIDocKey: '200' - id: aws.ec2.instance_event_windows - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/instance_event_windows/methods/instance_event_window_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/instance_event_windows/methods/instance_event_window_Create' - select: - - $ref: '#/components/x-stackQL-resources/instance_event_windows/methods/instance_event_windows_Describe' - update: [] - title: instance_event_windows - instance_export_task: - name: instance_export_task - methods: - instance_export_task_Create: - operation: - $ref: '#/paths/~1?Action=CreateInstanceExportTask&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.instance_export_task - sqlVerbs: - delete: [] - insert: - - $ref: '#/components/x-stackQL-resources/instance_export_task/methods/instance_export_task_Create' - select: [] - update: [] - title: instance_export_task - instance_maintenance_options: - name: instance_maintenance_options - methods: - instance_maintenance_options_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyInstanceMaintenanceOptions&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.instance_maintenance_options - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: instance_maintenance_options - instance_metadata_options: - name: instance_metadata_options - methods: - instance_metadata_options_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyInstanceMetadataOptions&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.instance_metadata_options - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: instance_metadata_options - instance_placement: - name: instance_placement - methods: - instance_placement_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyInstancePlacement&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.instance_placement - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: instance_placement - instance_status: - name: instance_status - methods: - instance_status_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeInstanceStatus&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/instanceStatusSet/item - openAPIDocKey: '200' - instance_status_Report: - operation: - $ref: '#/paths/~1?Action=ReportInstanceStatus&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.instance_status - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/instance_status/methods/instance_status_Describe' - update: [] - title: instance_status - instance_type_offerings: - name: instance_type_offerings - methods: - instance_type_offerings_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeInstanceTypeOfferings&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/instanceTypeOfferingSet/item - openAPIDocKey: '200' - id: aws.ec2.instance_type_offerings - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/instance_type_offerings/methods/instance_type_offerings_Describe' - update: [] - title: instance_type_offerings - instance_types: - name: instance_types - methods: - instance_types_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeInstanceTypes&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/instanceTypeSet/item - openAPIDocKey: '200' - id: aws.ec2.instance_types - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/instance_types/methods/instance_types_Describe' - update: [] - title: instance_types - instance_types_from_instance_requirements: - name: instance_types_from_instance_requirements - methods: - instance_types_from_instance_requirements_Get: - operation: - $ref: '#/paths/~1?Action=GetInstanceTypesFromInstanceRequirements&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/instanceTypeSet/item - openAPIDocKey: '200' - id: aws.ec2.instance_types_from_instance_requirements - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/instance_types_from_instance_requirements/methods/instance_types_from_instance_requirements_Get' - update: [] - title: instance_types_from_instance_requirements - instance_uefi_data: - name: instance_uefi_data - methods: - instance_uefi_data_Get: - operation: - $ref: '#/paths/~1?Action=GetInstanceUefiData&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.instance_uefi_data - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/instance_uefi_data/methods/instance_uefi_data_Get' - update: [] - title: instance_uefi_data - instances: - name: instances - methods: - instance_Bundle: - operation: - $ref: '#/paths/~1?Action=BundleInstance&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - instance_Import: - operation: - $ref: '#/paths/~1?Action=ImportInstance&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - instances_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/reservationSet/item/instancesSet/item - openAPIDocKey: '200' - instances_Monitor: - operation: - $ref: '#/paths/~1?Action=MonitorInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - instances_Reboot: - operation: - $ref: '#/paths/~1?Action=RebootInstances&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - instances_Run: - operation: - $ref: '#/paths/~1?Action=RunInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - instances_Start: - operation: - $ref: '#/paths/~1?Action=StartInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - instances_Stop: - operation: - $ref: '#/paths/~1?Action=StopInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - instances_Terminate: - operation: - $ref: '#/paths/~1?Action=TerminateInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - instances_Unmonitor: - operation: - $ref: '#/paths/~1?Action=UnmonitorInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.instances - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/instances/methods/instances_Describe' - update: [] - title: instances - internet_gateways: - name: internet_gateways - methods: - internet_gateway_Attach: - operation: - $ref: '#/paths/~1?Action=AttachInternetGateway&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - internet_gateway_Create: - operation: - $ref: '#/paths/~1?Action=CreateInternetGateway&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - internet_gateway_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteInternetGateway&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - internet_gateway_Detach: - operation: - $ref: '#/paths/~1?Action=DetachInternetGateway&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - internet_gateways_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeInternetGateways&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/internetGatewaySet/item - openAPIDocKey: '200' - id: aws.ec2.internet_gateways - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/internet_gateways/methods/internet_gateway_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/internet_gateways/methods/internet_gateway_Create' - select: - - $ref: '#/components/x-stackQL-resources/internet_gateways/methods/internet_gateways_Describe' - update: [] - title: internet_gateways - ipam_address_history: - name: ipam_address_history - methods: - ipam_address_history_Get: - operation: - $ref: '#/paths/~1?Action=GetIpamAddressHistory&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/historyRecordSet/item - openAPIDocKey: '200' - id: aws.ec2.ipam_address_history - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/ipam_address_history/methods/ipam_address_history_Get' - update: [] - title: ipam_address_history - ipam_organization_admin_account: - name: ipam_organization_admin_account - methods: - ipam_organization_admin_account_Disable: - operation: - $ref: '#/paths/~1?Action=DisableIpamOrganizationAdminAccount&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipam_organization_admin_account_Enable: - operation: - $ref: '#/paths/~1?Action=EnableIpamOrganizationAdminAccount&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.ipam_organization_admin_account - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: ipam_organization_admin_account - ipam_pool_allocations: - name: ipam_pool_allocations - methods: - ipam_pool_allocation_Release: - operation: - $ref: '#/paths/~1?Action=ReleaseIpamPoolAllocation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipam_pool_allocations_Get: - operation: - $ref: '#/paths/~1?Action=GetIpamPoolAllocations&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/ipamPoolAllocationSet/item - openAPIDocKey: '200' - id: aws.ec2.ipam_pool_allocations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/ipam_pool_allocations/methods/ipam_pool_allocations_Get' - update: [] - title: ipam_pool_allocations - ipam_pool_cidrs: - name: ipam_pool_cidrs - methods: - ipam_pool_cidr_Allocate: - operation: - $ref: '#/paths/~1?Action=AllocateIpamPoolCidr&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipam_pool_cidr_Deprovision: - operation: - $ref: '#/paths/~1?Action=DeprovisionIpamPoolCidr&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipam_pool_cidr_Provision: - operation: - $ref: '#/paths/~1?Action=ProvisionIpamPoolCidr&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipam_pool_cidrs_Get: - operation: - $ref: '#/paths/~1?Action=GetIpamPoolCidrs&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/ipamPoolCidrSet/item - openAPIDocKey: '200' - id: aws.ec2.ipam_pool_cidrs - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/ipam_pool_cidrs/methods/ipam_pool_cidrs_Get' - update: [] - title: ipam_pool_cidrs - ipam_pools: - name: ipam_pools - methods: - ipam_pool_Create: - operation: - $ref: '#/paths/~1?Action=CreateIpamPool&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipam_pool_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteIpamPool&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipam_pool_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyIpamPool&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipam_pools_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeIpamPools&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/ipamPoolSet/item - openAPIDocKey: '200' - id: aws.ec2.ipam_pools - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/ipam_pools/methods/ipam_pool_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/ipam_pools/methods/ipam_pool_Create' - select: - - $ref: '#/components/x-stackQL-resources/ipam_pools/methods/ipam_pools_Describe' - update: [] - title: ipam_pools - ipam_resource_cidrs: - name: ipam_resource_cidrs - methods: - ipam_resource_cidr_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyIpamResourceCidr&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipam_resource_cidrs_Get: - operation: - $ref: '#/paths/~1?Action=GetIpamResourceCidrs&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/ipamResourceCidrSet/item - openAPIDocKey: '200' - id: aws.ec2.ipam_resource_cidrs - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/ipam_resource_cidrs/methods/ipam_resource_cidrs_Get' - update: [] - title: ipam_resource_cidrs - ipam_scopes: - name: ipam_scopes - methods: - ipam_scope_Create: - operation: - $ref: '#/paths/~1?Action=CreateIpamScope&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipam_scope_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteIpamScope&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipam_scope_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyIpamScope&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipam_scopes_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeIpamScopes&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/ipamScopeSet/item - openAPIDocKey: '200' - id: aws.ec2.ipam_scopes - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/ipam_scopes/methods/ipam_scope_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/ipam_scopes/methods/ipam_scope_Create' - select: - - $ref: '#/components/x-stackQL-resources/ipam_scopes/methods/ipam_scopes_Describe' - update: [] - title: ipam_scopes - ipams: - name: ipams - methods: - ipam_Create: - operation: - $ref: '#/paths/~1?Action=CreateIpam&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipam_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteIpam&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipam_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyIpam&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipams_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeIpams&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/ipamSet/item - openAPIDocKey: '200' - id: aws.ec2.ipams - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/ipams/methods/ipam_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/ipams/methods/ipam_Create' - select: - - $ref: '#/components/x-stackQL-resources/ipams/methods/ipams_Describe' - update: [] - title: ipams - ipv6_addresses: - name: ipv6_addresses - methods: - ipv6_addresses_Assign: - operation: - $ref: '#/paths/~1?Action=AssignIpv6Addresses&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - ipv6_addresses_Unassign: - operation: - $ref: '#/paths/~1?Action=UnassignIpv6Addresses&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.ipv6_addresses - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: ipv6_addresses - ipv6_pools: - name: ipv6_pools - methods: - ipv6_pools_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeIpv6Pools&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/ipv6PoolSet/item - openAPIDocKey: '200' - id: aws.ec2.ipv6_pools - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/ipv6_pools/methods/ipv6_pools_Describe' - update: [] - title: ipv6_pools - key_pairs: - name: key_pairs - methods: - key_pair_Create: - operation: - $ref: '#/paths/~1?Action=CreateKeyPair&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - key_pair_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteKeyPair&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - key_pair_Import: - operation: - $ref: '#/paths/~1?Action=ImportKeyPair&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - key_pairs_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeKeyPairs&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.key_pairs - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/key_pairs/methods/key_pair_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/key_pairs/methods/key_pair_Create' - select: - - $ref: '#/components/x-stackQL-resources/key_pairs/methods/key_pairs_Describe' - update: [] - title: key_pairs - launch_template_data: - name: launch_template_data - methods: - launch_template_data_Get: - operation: - $ref: '#/paths/~1?Action=GetLaunchTemplateData&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.launch_template_data - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/launch_template_data/methods/launch_template_data_Get' - update: [] - title: launch_template_data - launch_template_versions: - name: launch_template_versions - methods: - launch_template_version_Create: - operation: - $ref: '#/paths/~1?Action=CreateLaunchTemplateVersion&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - launch_template_versions_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteLaunchTemplateVersions&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - launch_template_versions_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeLaunchTemplateVersions&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/launchTemplateVersionSet/item - openAPIDocKey: '200' - id: aws.ec2.launch_template_versions - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/launch_template_versions/methods/launch_template_versions_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/launch_template_versions/methods/launch_template_version_Create' - select: - - $ref: '#/components/x-stackQL-resources/launch_template_versions/methods/launch_template_versions_Describe' - update: [] - title: launch_template_versions - launch_templates: - name: launch_templates - methods: - launch_template_Create: - operation: - $ref: '#/paths/~1?Action=CreateLaunchTemplate&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - launch_template_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteLaunchTemplate&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - launch_template_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyLaunchTemplate&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - launch_templates_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeLaunchTemplates&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/launchTemplates/item - openAPIDocKey: '200' - id: aws.ec2.launch_templates - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/launch_templates/methods/launch_template_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/launch_templates/methods/launch_template_Create' - select: - - $ref: '#/components/x-stackQL-resources/launch_templates/methods/launch_templates_Describe' - update: [] - title: launch_templates - local_gateway_route_table_virtual_interface_group_associations: - name: local_gateway_route_table_virtual_interface_group_associations - methods: - local_gateway_route_table_virtual_interface_group_associations_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/localGatewayRouteTableVirtualInterfaceGroupAssociationSet/item - openAPIDocKey: '200' - id: aws.ec2.local_gateway_route_table_virtual_interface_group_associations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/local_gateway_route_table_virtual_interface_group_associations/methods/local_gateway_route_table_virtual_interface_group_associations_Describe' - update: [] - title: local_gateway_route_table_virtual_interface_group_associations - local_gateway_route_table_vpc_associations: - name: local_gateway_route_table_vpc_associations - methods: - local_gateway_route_table_vpc_association_Create: - operation: - $ref: '#/paths/~1?Action=CreateLocalGatewayRouteTableVpcAssociation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - local_gateway_route_table_vpc_association_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteLocalGatewayRouteTableVpcAssociation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - local_gateway_route_table_vpc_associations_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeLocalGatewayRouteTableVpcAssociations&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/localGatewayRouteTableVpcAssociationSet/item - openAPIDocKey: '200' - id: aws.ec2.local_gateway_route_table_vpc_associations - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/local_gateway_route_table_vpc_associations/methods/local_gateway_route_table_vpc_association_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/local_gateway_route_table_vpc_associations/methods/local_gateway_route_table_vpc_association_Create' - select: - - $ref: '#/components/x-stackQL-resources/local_gateway_route_table_vpc_associations/methods/local_gateway_route_table_vpc_associations_Describe' - update: [] - title: local_gateway_route_table_vpc_associations - local_gateway_route_tables: - name: local_gateway_route_tables - methods: - local_gateway_route_tables_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeLocalGatewayRouteTables&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/localGatewayRouteTableSet/item - openAPIDocKey: '200' - id: aws.ec2.local_gateway_route_tables - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/local_gateway_route_tables/methods/local_gateway_route_tables_Describe' - update: [] - title: local_gateway_route_tables - local_gateway_routes: - name: local_gateway_routes - methods: - local_gateway_route_Create: - operation: - $ref: '#/paths/~1?Action=CreateLocalGatewayRoute&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - local_gateway_route_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteLocalGatewayRoute&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - local_gateway_routes_Search: - operation: - $ref: '#/paths/~1?Action=SearchLocalGatewayRoutes&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.local_gateway_routes - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/local_gateway_routes/methods/local_gateway_route_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/local_gateway_routes/methods/local_gateway_route_Create' - select: [] - update: [] - title: local_gateway_routes - local_gateway_virtual_interface_groups: - name: local_gateway_virtual_interface_groups - methods: - local_gateway_virtual_interface_groups_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeLocalGatewayVirtualInterfaceGroups&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/localGatewayVirtualInterfaceGroupSet/item - openAPIDocKey: '200' - id: aws.ec2.local_gateway_virtual_interface_groups - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/local_gateway_virtual_interface_groups/methods/local_gateway_virtual_interface_groups_Describe' - update: [] - title: local_gateway_virtual_interface_groups - local_gateway_virtual_interfaces: - name: local_gateway_virtual_interfaces - methods: - local_gateway_virtual_interfaces_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeLocalGatewayVirtualInterfaces&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/localGatewayVirtualInterfaceSet/item - openAPIDocKey: '200' - id: aws.ec2.local_gateway_virtual_interfaces - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/local_gateway_virtual_interfaces/methods/local_gateway_virtual_interfaces_Describe' - update: [] - title: local_gateway_virtual_interfaces - local_gateways: - name: local_gateways - methods: - local_gateways_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeLocalGateways&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/localGatewaySet/item - openAPIDocKey: '200' - id: aws.ec2.local_gateways - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/local_gateways/methods/local_gateways_Describe' - update: [] - title: local_gateways - managed_prefix_list_associations: - name: managed_prefix_list_associations - methods: - managed_prefix_list_associations_Get: - operation: - $ref: '#/paths/~1?Action=GetManagedPrefixListAssociations&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/prefixListAssociationSet/item - openAPIDocKey: '200' - id: aws.ec2.managed_prefix_list_associations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/managed_prefix_list_associations/methods/managed_prefix_list_associations_Get' - update: [] - title: managed_prefix_list_associations - managed_prefix_list_entries: - name: managed_prefix_list_entries - methods: - managed_prefix_list_entries_Get: - operation: - $ref: '#/paths/~1?Action=GetManagedPrefixListEntries&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/entrySet/item - openAPIDocKey: '200' - id: aws.ec2.managed_prefix_list_entries - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/managed_prefix_list_entries/methods/managed_prefix_list_entries_Get' - update: [] - title: managed_prefix_list_entries - managed_prefix_list_version: - name: managed_prefix_list_version - methods: - managed_prefix_list_version_Restore: - operation: - $ref: '#/paths/~1?Action=RestoreManagedPrefixListVersion&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.managed_prefix_list_version - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: managed_prefix_list_version - managed_prefix_lists: - name: managed_prefix_lists - methods: - managed_prefix_list_Create: - operation: - $ref: '#/paths/~1?Action=CreateManagedPrefixList&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - managed_prefix_list_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteManagedPrefixList&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - managed_prefix_list_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyManagedPrefixList&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - managed_prefix_lists_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeManagedPrefixLists&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/prefixListSet/item - openAPIDocKey: '200' - id: aws.ec2.managed_prefix_lists - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/managed_prefix_lists/methods/managed_prefix_list_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/managed_prefix_lists/methods/managed_prefix_list_Create' - select: - - $ref: '#/components/x-stackQL-resources/managed_prefix_lists/methods/managed_prefix_lists_Describe' - update: [] - title: managed_prefix_lists - moving_addresses: - name: moving_addresses - methods: - moving_addresses_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeMovingAddresses&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/movingAddressStatusSet/item - openAPIDocKey: '200' - id: aws.ec2.moving_addresses - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/moving_addresses/methods/moving_addresses_Describe' - update: [] - title: moving_addresses - nat_gateways: - name: nat_gateways - methods: - nat_gateway_Create: - operation: - $ref: '#/paths/~1?Action=CreateNatGateway&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - nat_gateway_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteNatGateway&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - nat_gateways_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeNatGateways&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/natGatewaySet/item - openAPIDocKey: '200' - id: aws.ec2.nat_gateways - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/nat_gateways/methods/nat_gateway_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/nat_gateways/methods/nat_gateway_Create' - select: - - $ref: '#/components/x-stackQL-resources/nat_gateways/methods/nat_gateways_Describe' - update: [] - title: nat_gateways - network_acl_association: - name: network_acl_association - methods: - network_acl_association_Replace: - operation: - $ref: '#/paths/~1?Action=ReplaceNetworkAclAssociation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.network_acl_association - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: network_acl_association - network_acl_entry: - name: network_acl_entry - methods: - network_acl_entry_Create: - operation: - $ref: '#/paths/~1?Action=CreateNetworkAclEntry&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - network_acl_entry_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteNetworkAclEntry&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - network_acl_entry_Replace: - operation: - $ref: '#/paths/~1?Action=ReplaceNetworkAclEntry&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.network_acl_entry - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/network_acl_entry/methods/network_acl_entry_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/network_acl_entry/methods/network_acl_entry_Create' - select: [] - update: [] - title: network_acl_entry - network_acls: - name: network_acls - methods: - network_acl_Create: - operation: - $ref: '#/paths/~1?Action=CreateNetworkAcl&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - network_acl_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteNetworkAcl&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - network_acls_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeNetworkAcls&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/networkAclSet/item - openAPIDocKey: '200' - id: aws.ec2.network_acls - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/network_acls/methods/network_acl_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/network_acls/methods/network_acl_Create' - select: - - $ref: '#/components/x-stackQL-resources/network_acls/methods/network_acls_Describe' - update: [] - title: network_acls - network_insights_access_scope_analyses: - name: network_insights_access_scope_analyses - methods: - network_insights_access_scope_analyses_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeNetworkInsightsAccessScopeAnalyses&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/networkInsightsAccessScopeAnalysisSet/item - openAPIDocKey: '200' - id: aws.ec2.network_insights_access_scope_analyses - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/network_insights_access_scope_analyses/methods/network_insights_access_scope_analyses_Describe' - update: [] - title: network_insights_access_scope_analyses - network_insights_access_scope_analysis: - name: network_insights_access_scope_analysis - methods: - network_insights_access_scope_analysis_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteNetworkInsightsAccessScopeAnalysis&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - network_insights_access_scope_analysis_Start: - operation: - $ref: '#/paths/~1?Action=StartNetworkInsightsAccessScopeAnalysis&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.network_insights_access_scope_analysis - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/network_insights_access_scope_analysis/methods/network_insights_access_scope_analysis_Delete' - insert: [] - select: [] - update: [] - title: network_insights_access_scope_analysis - network_insights_access_scope_analysis_findings: - name: network_insights_access_scope_analysis_findings - methods: - network_insights_access_scope_analysis_findings_Get: - operation: - $ref: '#/paths/~1?Action=GetNetworkInsightsAccessScopeAnalysisFindings&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/analysisFindingSet/item - openAPIDocKey: '200' - id: aws.ec2.network_insights_access_scope_analysis_findings - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/network_insights_access_scope_analysis_findings/methods/network_insights_access_scope_analysis_findings_Get' - update: [] - title: network_insights_access_scope_analysis_findings - network_insights_access_scope_content: - name: network_insights_access_scope_content - methods: - network_insights_access_scope_content_Get: - operation: - $ref: '#/paths/~1?Action=GetNetworkInsightsAccessScopeContent&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.network_insights_access_scope_content - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/network_insights_access_scope_content/methods/network_insights_access_scope_content_Get' - update: [] - title: network_insights_access_scope_content - network_insights_access_scopes: - name: network_insights_access_scopes - methods: - network_insights_access_scope_Create: - operation: - $ref: '#/paths/~1?Action=CreateNetworkInsightsAccessScope&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - network_insights_access_scope_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteNetworkInsightsAccessScope&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - network_insights_access_scopes_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeNetworkInsightsAccessScopes&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/networkInsightsAccessScopeSet/item - openAPIDocKey: '200' - id: aws.ec2.network_insights_access_scopes - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/network_insights_access_scopes/methods/network_insights_access_scope_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/network_insights_access_scopes/methods/network_insights_access_scope_Create' - select: - - $ref: '#/components/x-stackQL-resources/network_insights_access_scopes/methods/network_insights_access_scopes_Describe' - update: [] - title: network_insights_access_scopes - network_insights_analyses: - name: network_insights_analyses - methods: - network_insights_analyses_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeNetworkInsightsAnalyses&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/networkInsightsAnalysisSet/item - openAPIDocKey: '200' - id: aws.ec2.network_insights_analyses - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/network_insights_analyses/methods/network_insights_analyses_Describe' - update: [] - title: network_insights_analyses - network_insights_analysis: - name: network_insights_analysis - methods: - network_insights_analysis_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteNetworkInsightsAnalysis&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - network_insights_analysis_Start: - operation: - $ref: '#/paths/~1?Action=StartNetworkInsightsAnalysis&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.network_insights_analysis - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/network_insights_analysis/methods/network_insights_analysis_Delete' - insert: [] - select: [] - update: [] - title: network_insights_analysis - network_insights_paths: - name: network_insights_paths - methods: - network_insights_path_Create: - operation: - $ref: '#/paths/~1?Action=CreateNetworkInsightsPath&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - network_insights_path_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteNetworkInsightsPath&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - network_insights_paths_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeNetworkInsightsPaths&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/networkInsightsPathSet/item - openAPIDocKey: '200' - id: aws.ec2.network_insights_paths - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/network_insights_paths/methods/network_insights_path_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/network_insights_paths/methods/network_insights_path_Create' - select: - - $ref: '#/components/x-stackQL-resources/network_insights_paths/methods/network_insights_paths_Describe' - update: [] - title: network_insights_paths - network_interface_attribute: - name: network_interface_attribute - methods: - network_interface_attribute_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeNetworkInterfaceAttribute&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - network_interface_attribute_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyNetworkInterfaceAttribute&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - network_interface_attribute_Reset: - operation: - $ref: '#/paths/~1?Action=ResetNetworkInterfaceAttribute&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.network_interface_attribute - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/network_interface_attribute/methods/network_interface_attribute_Describe' - update: [] - title: network_interface_attribute - network_interface_permissions: - name: network_interface_permissions - methods: - network_interface_permission_Create: - operation: - $ref: '#/paths/~1?Action=CreateNetworkInterfacePermission&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - network_interface_permission_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteNetworkInterfacePermission&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - network_interface_permissions_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeNetworkInterfacePermissions&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/networkInterfacePermissions/item - openAPIDocKey: '200' - id: aws.ec2.network_interface_permissions - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/network_interface_permissions/methods/network_interface_permission_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/network_interface_permissions/methods/network_interface_permission_Create' - select: - - $ref: '#/components/x-stackQL-resources/network_interface_permissions/methods/network_interface_permissions_Describe' - update: [] - title: network_interface_permissions - network_interfaces: - name: network_interfaces - methods: - network_interface_Attach: - operation: - $ref: '#/paths/~1?Action=AttachNetworkInterface&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - network_interface_Create: - operation: - $ref: '#/paths/~1?Action=CreateNetworkInterface&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - network_interface_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteNetworkInterface&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - network_interface_Detach: - operation: - $ref: '#/paths/~1?Action=DetachNetworkInterface&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - network_interfaces_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeNetworkInterfaces&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/networkInterfaceSet/item - openAPIDocKey: '200' - id: aws.ec2.network_interfaces - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/network_interfaces/methods/network_interface_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/network_interfaces/methods/network_interface_Create' - select: - - $ref: '#/components/x-stackQL-resources/network_interfaces/methods/network_interfaces_Describe' - update: [] - title: network_interfaces - password_data: - name: password_data - methods: - password_data_Get: - operation: - $ref: '#/paths/~1?Action=GetPasswordData&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.password_data - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/password_data/methods/password_data_Get' - update: [] - title: password_data - placement_groups: - name: placement_groups - methods: - placement_group_Create: - operation: - $ref: '#/paths/~1?Action=CreatePlacementGroup&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - placement_group_Delete: - operation: - $ref: '#/paths/~1?Action=DeletePlacementGroup&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - placement_groups_Describe: - operation: - $ref: '#/paths/~1?Action=DescribePlacementGroups&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/placementGroupSet/item - openAPIDocKey: '200' - id: aws.ec2.placement_groups - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/placement_groups/methods/placement_group_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/placement_groups/methods/placement_group_Create' - select: - - $ref: '#/components/x-stackQL-resources/placement_groups/methods/placement_groups_Describe' - update: [] - title: placement_groups - prefix_lists: - name: prefix_lists - methods: - prefix_lists_Describe: - operation: - $ref: '#/paths/~1?Action=DescribePrefixLists&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/prefixListSet/item - openAPIDocKey: '200' - id: aws.ec2.prefix_lists - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/prefix_lists/methods/prefix_lists_Describe' - update: [] - title: prefix_lists - principal_id_format: - name: principal_id_format - methods: - principal_id_format_Describe: - operation: - $ref: '#/paths/~1?Action=DescribePrincipalIdFormat&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/principalSet/item - openAPIDocKey: '200' - id: aws.ec2.principal_id_format - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/principal_id_format/methods/principal_id_format_Describe' - update: [] - title: principal_id_format - private_dns_name_options: - name: private_dns_name_options - methods: - private_dns_name_options_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyPrivateDnsNameOptions&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.private_dns_name_options - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: private_dns_name_options - private_ip_addresses: - name: private_ip_addresses - methods: - private_ip_addresses_Assign: - operation: - $ref: '#/paths/~1?Action=AssignPrivateIpAddresses&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - private_ip_addresses_Unassign: - operation: - $ref: '#/paths/~1?Action=UnassignPrivateIpAddresses&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.private_ip_addresses - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: private_ip_addresses - product_instance: - name: product_instance - methods: - product_instance_Confirm: - operation: - $ref: '#/paths/~1?Action=ConfirmProductInstance&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.product_instance - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: product_instance - public_ipv4_pool_cidr: - name: public_ipv4_pool_cidr - methods: - public_ipv4_pool_cidr_Deprovision: - operation: - $ref: '#/paths/~1?Action=DeprovisionPublicIpv4PoolCidr&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - public_ipv4_pool_cidr_Provision: - operation: - $ref: '#/paths/~1?Action=ProvisionPublicIpv4PoolCidr&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.public_ipv4_pool_cidr - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: public_ipv4_pool_cidr - public_ipv4_pools: - name: public_ipv4_pools - methods: - public_ipv4_pool_Create: - operation: - $ref: '#/paths/~1?Action=CreatePublicIpv4Pool&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - public_ipv4_pool_Delete: - operation: - $ref: '#/paths/~1?Action=DeletePublicIpv4Pool&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - public_ipv4_pools_Describe: - operation: - $ref: '#/paths/~1?Action=DescribePublicIpv4Pools&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/publicIpv4PoolSet/item - openAPIDocKey: '200' - id: aws.ec2.public_ipv4_pools - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/public_ipv4_pools/methods/public_ipv4_pool_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/public_ipv4_pools/methods/public_ipv4_pool_Create' - select: - - $ref: '#/components/x-stackQL-resources/public_ipv4_pools/methods/public_ipv4_pools_Describe' - update: [] - title: public_ipv4_pools - queued_reserved_instances: - name: queued_reserved_instances - methods: - queued_reserved_instances_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteQueuedReservedInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.queued_reserved_instances - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/queued_reserved_instances/methods/queued_reserved_instances_Delete' - insert: [] - select: [] - update: [] - title: queued_reserved_instances - regions: - name: regions - methods: - regions_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeRegions&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/regionInfo/item - openAPIDocKey: '200' - id: aws.ec2.regions - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/regions/methods/regions_Describe' - update: [] - title: regions - replace_root_volume_tasks: - name: replace_root_volume_tasks - methods: - replace_root_volume_task_Create: - operation: - $ref: '#/paths/~1?Action=CreateReplaceRootVolumeTask&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - replace_root_volume_tasks_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeReplaceRootVolumeTasks&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/replaceRootVolumeTaskSet/item - openAPIDocKey: '200' - id: aws.ec2.replace_root_volume_tasks - sqlVerbs: - delete: [] - insert: - - $ref: '#/components/x-stackQL-resources/replace_root_volume_tasks/methods/replace_root_volume_task_Create' - select: - - $ref: '#/components/x-stackQL-resources/replace_root_volume_tasks/methods/replace_root_volume_tasks_Describe' - update: [] - title: replace_root_volume_tasks - reserved_instances: - name: reserved_instances - methods: - reserved_instances_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeReservedInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/reservedInstancesSet/item - openAPIDocKey: '200' - reserved_instances_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyReservedInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.reserved_instances - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/reserved_instances/methods/reserved_instances_Describe' - update: [] - title: reserved_instances - reserved_instances_exchange_quote: - name: reserved_instances_exchange_quote - methods: - reserved_instances_exchange_quote_Accept: - operation: - $ref: '#/paths/~1?Action=AcceptReservedInstancesExchangeQuote&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - reserved_instances_exchange_quote_Get: - operation: - $ref: '#/paths/~1?Action=GetReservedInstancesExchangeQuote&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.reserved_instances_exchange_quote - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/reserved_instances_exchange_quote/methods/reserved_instances_exchange_quote_Get' - update: [] - title: reserved_instances_exchange_quote - reserved_instances_listings: - name: reserved_instances_listings - methods: - reserved_instances_listing_Cancel: - operation: - $ref: '#/paths/~1?Action=CancelReservedInstancesListing&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - reserved_instances_listing_Create: - operation: - $ref: '#/paths/~1?Action=CreateReservedInstancesListing&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - reserved_instances_listings_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeReservedInstancesListings&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/reservedInstancesListingsSet/item - openAPIDocKey: '200' - id: aws.ec2.reserved_instances_listings - sqlVerbs: - delete: [] - insert: - - $ref: '#/components/x-stackQL-resources/reserved_instances_listings/methods/reserved_instances_listing_Create' - select: - - $ref: '#/components/x-stackQL-resources/reserved_instances_listings/methods/reserved_instances_listings_Describe' - update: [] - title: reserved_instances_listings - reserved_instances_modifications: - name: reserved_instances_modifications - methods: - reserved_instances_modifications_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeReservedInstancesModifications&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/reservedInstancesModificationsSet/item - openAPIDocKey: '200' - id: aws.ec2.reserved_instances_modifications - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/reserved_instances_modifications/methods/reserved_instances_modifications_Describe' - update: [] - title: reserved_instances_modifications - reserved_instances_offerings: - name: reserved_instances_offerings - methods: - reserved_instances_offering_Purchase: - operation: - $ref: '#/paths/~1?Action=PurchaseReservedInstancesOffering&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - reserved_instances_offerings_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeReservedInstancesOfferings&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/reservedInstancesOfferingsSet/item - openAPIDocKey: '200' - id: aws.ec2.reserved_instances_offerings - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/reserved_instances_offerings/methods/reserved_instances_offerings_Describe' - update: [] - title: reserved_instances_offerings - restore_image_task: - name: restore_image_task - methods: - restore_image_task_Create: - operation: - $ref: '#/paths/~1?Action=CreateRestoreImageTask&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.restore_image_task - sqlVerbs: - delete: [] - insert: - - $ref: '#/components/x-stackQL-resources/restore_image_task/methods/restore_image_task_Create' - select: [] - update: [] - title: restore_image_task - route: - name: route - methods: - route_Create: - operation: - $ref: '#/paths/~1?Action=CreateRoute&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - route_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteRoute&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - route_Replace: - operation: - $ref: '#/paths/~1?Action=ReplaceRoute&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.route - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/route/methods/route_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/route/methods/route_Create' - select: [] - update: [] - title: route - route_table_association: - name: route_table_association - methods: - route_table_association_Replace: - operation: - $ref: '#/paths/~1?Action=ReplaceRouteTableAssociation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.route_table_association - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: route_table_association - route_tables: - name: route_tables - methods: - route_table_Associate: - operation: - $ref: '#/paths/~1?Action=AssociateRouteTable&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - route_table_Create: - operation: - $ref: '#/paths/~1?Action=CreateRouteTable&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - route_table_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteRouteTable&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - route_table_Disassociate: - operation: - $ref: '#/paths/~1?Action=DisassociateRouteTable&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - route_tables_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeRouteTables&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/routeTableSet/item - openAPIDocKey: '200' - id: aws.ec2.route_tables - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/route_tables/methods/route_table_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/route_tables/methods/route_table_Create' - select: - - $ref: '#/components/x-stackQL-resources/route_tables/methods/route_tables_Describe' - update: [] - title: route_tables - scheduled_instance_availability: - name: scheduled_instance_availability - methods: - scheduled_instance_availability_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeScheduledInstanceAvailability&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/scheduledInstanceAvailabilitySet/item - openAPIDocKey: '200' - id: aws.ec2.scheduled_instance_availability - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/scheduled_instance_availability/methods/scheduled_instance_availability_Describe' - update: [] - title: scheduled_instance_availability - scheduled_instances: - name: scheduled_instances - methods: - scheduled_instances_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeScheduledInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/scheduledInstanceSet/item - openAPIDocKey: '200' - scheduled_instances_Purchase: - operation: - $ref: '#/paths/~1?Action=PurchaseScheduledInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - scheduled_instances_Run: - operation: - $ref: '#/paths/~1?Action=RunScheduledInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.scheduled_instances - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/scheduled_instances/methods/scheduled_instances_Describe' - update: [] - title: scheduled_instances - security_group_egress: - name: security_group_egress - methods: - security_group_egress_Authorize: - operation: - $ref: '#/paths/~1?Action=AuthorizeSecurityGroupEgress&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - security_group_egress_Revoke: - operation: - $ref: '#/paths/~1?Action=RevokeSecurityGroupEgress&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.security_group_egress - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: security_group_egress - security_group_ingress: - name: security_group_ingress - methods: - security_group_ingress_Authorize: - operation: - $ref: '#/paths/~1?Action=AuthorizeSecurityGroupIngress&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - security_group_ingress_Revoke: - operation: - $ref: '#/paths/~1?Action=RevokeSecurityGroupIngress&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.security_group_ingress - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: security_group_ingress - security_group_references: - name: security_group_references - methods: - security_group_references_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeSecurityGroupReferences&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/securityGroupReferenceSet/item - openAPIDocKey: '200' - id: aws.ec2.security_group_references - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/security_group_references/methods/security_group_references_Describe' - update: [] - title: security_group_references - security_group_rule_descriptions_egress: - name: security_group_rule_descriptions_egress - methods: - security_group_rule_descriptions_egress_Update: - operation: - $ref: '#/paths/~1?Action=UpdateSecurityGroupRuleDescriptionsEgress&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.security_group_rule_descriptions_egress - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: security_group_rule_descriptions_egress - security_group_rule_descriptions_ingress: - name: security_group_rule_descriptions_ingress - methods: - security_group_rule_descriptions_ingress_Update: - operation: - $ref: '#/paths/~1?Action=UpdateSecurityGroupRuleDescriptionsIngress&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.security_group_rule_descriptions_ingress - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: security_group_rule_descriptions_ingress - security_group_rules: - name: security_group_rules - methods: - security_group_rules_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeSecurityGroupRules&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/securityGroupRuleSet/item - openAPIDocKey: '200' - security_group_rules_Modify: - operation: - $ref: '#/paths/~1?Action=ModifySecurityGroupRules&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.security_group_rules - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/security_group_rules/methods/security_group_rules_Describe' - update: [] - title: security_group_rules - security_groups: - name: security_groups - methods: - security_group_Create: - operation: - $ref: '#/paths/~1?Action=CreateSecurityGroup&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - security_group_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteSecurityGroup&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - security_groups_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeSecurityGroups&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/securityGroupInfo/item - openAPIDocKey: '200' - id: aws.ec2.security_groups - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/security_groups/methods/security_group_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/security_groups/methods/security_group_Create' - select: - - $ref: '#/components/x-stackQL-resources/security_groups/methods/security_groups_Describe' - update: [] - title: security_groups - security_groups_to_client_vpn_target_network: - name: security_groups_to_client_vpn_target_network - methods: - security_groups_to_client_vpn_target_network_Apply: - operation: - $ref: '#/paths/~1?Action=ApplySecurityGroupsToClientVpnTargetNetwork&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.security_groups_to_client_vpn_target_network - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: security_groups_to_client_vpn_target_network - serial_console_access: - name: serial_console_access - methods: - serial_console_access_Disable: - operation: - $ref: '#/paths/~1?Action=DisableSerialConsoleAccess&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - serial_console_access_Enable: - operation: - $ref: '#/paths/~1?Action=EnableSerialConsoleAccess&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.serial_console_access - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: serial_console_access - serial_console_access_status: - name: serial_console_access_status - methods: - serial_console_access_status_Get: - operation: - $ref: '#/paths/~1?Action=GetSerialConsoleAccessStatus&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.serial_console_access_status - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/serial_console_access_status/methods/serial_console_access_status_Get' - update: [] - title: serial_console_access_status - snapshot_attribute: - name: snapshot_attribute - methods: - snapshot_attribute_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeSnapshotAttribute&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - snapshot_attribute_Modify: - operation: - $ref: '#/paths/~1?Action=ModifySnapshotAttribute&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - snapshot_attribute_Reset: - operation: - $ref: '#/paths/~1?Action=ResetSnapshotAttribute&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.snapshot_attribute - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/snapshot_attribute/methods/snapshot_attribute_Describe' - update: [] - title: snapshot_attribute - snapshot_from_recycle_bin: - name: snapshot_from_recycle_bin - methods: - snapshot_from_recycle_bin_Restore: - operation: - $ref: '#/paths/~1?Action=RestoreSnapshotFromRecycleBin&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.snapshot_from_recycle_bin - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: snapshot_from_recycle_bin - snapshot_tier: - name: snapshot_tier - methods: - snapshot_tier_Modify: - operation: - $ref: '#/paths/~1?Action=ModifySnapshotTier&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - snapshot_tier_Restore: - operation: - $ref: '#/paths/~1?Action=RestoreSnapshotTier&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.snapshot_tier - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: snapshot_tier - snapshot_tier_status: - name: snapshot_tier_status - methods: - snapshot_tier_status_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeSnapshotTierStatus&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/snapshotTierStatusSet/item - openAPIDocKey: '200' - id: aws.ec2.snapshot_tier_status - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/snapshot_tier_status/methods/snapshot_tier_status_Describe' - update: [] - title: snapshot_tier_status - snapshots: - name: snapshots - methods: - snapshot_Copy: - operation: - $ref: '#/paths/~1?Action=CopySnapshot&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - snapshot_Create: - operation: - $ref: '#/paths/~1?Action=CreateSnapshot&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - snapshot_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteSnapshot&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - snapshot_Import: - operation: - $ref: '#/paths/~1?Action=ImportSnapshot&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - snapshots_Create: - operation: - $ref: '#/paths/~1?Action=CreateSnapshots&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - snapshots_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeSnapshots&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/snapshotSet/item - openAPIDocKey: '200' - id: aws.ec2.snapshots - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/snapshots/methods/snapshot_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/snapshots/methods/snapshot_Create' - - $ref: '#/components/x-stackQL-resources/snapshots/methods/snapshots_Create' - select: - - $ref: '#/components/x-stackQL-resources/snapshots/methods/snapshots_Describe' - update: [] - title: snapshots - snapshots_in_recycle_bin: - name: snapshots_in_recycle_bin - methods: - snapshots_in_recycle_bin_List: - operation: - $ref: '#/paths/~1?Action=ListSnapshotsInRecycleBin&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/snapshotSet/item - openAPIDocKey: '200' - id: aws.ec2.snapshots_in_recycle_bin - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/snapshots_in_recycle_bin/methods/snapshots_in_recycle_bin_List' - update: [] - title: snapshots_in_recycle_bin - spot_datafeed_subscription: - name: spot_datafeed_subscription - methods: - spot_datafeed_subscription_Create: - operation: - $ref: '#/paths/~1?Action=CreateSpotDatafeedSubscription&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - spot_datafeed_subscription_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteSpotDatafeedSubscription&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - spot_datafeed_subscription_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeSpotDatafeedSubscription&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/spotDatafeedSubscription/* - openAPIDocKey: '200' - id: aws.ec2.spot_datafeed_subscription - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/spot_datafeed_subscription/methods/spot_datafeed_subscription_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/spot_datafeed_subscription/methods/spot_datafeed_subscription_Create' - select: - - $ref: '#/components/x-stackQL-resources/spot_datafeed_subscription/methods/spot_datafeed_subscription_Describe' - update: [] - title: spot_datafeed_subscription - spot_fleet: - name: spot_fleet - methods: - spot_fleet_Request: - operation: - $ref: '#/paths/~1?Action=RequestSpotFleet&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.spot_fleet - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: spot_fleet - spot_fleet_instances: - name: spot_fleet_instances - methods: - spot_fleet_instances_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeSpotFleetInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/activeInstanceSet/item - openAPIDocKey: '200' - id: aws.ec2.spot_fleet_instances - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/spot_fleet_instances/methods/spot_fleet_instances_Describe' - update: [] - title: spot_fleet_instances - spot_fleet_request_history: - name: spot_fleet_request_history - methods: - spot_fleet_request_history_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeSpotFleetRequestHistory&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/historyRecordSet/item - openAPIDocKey: '200' - id: aws.ec2.spot_fleet_request_history - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/spot_fleet_request_history/methods/spot_fleet_request_history_Describe' - update: [] - title: spot_fleet_request_history - spot_fleet_requests: - name: spot_fleet_requests - methods: - spot_fleet_request_Modify: - operation: - $ref: '#/paths/~1?Action=ModifySpotFleetRequest&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - spot_fleet_requests_Cancel: - operation: - $ref: '#/paths/~1?Action=CancelSpotFleetRequests&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - spot_fleet_requests_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeSpotFleetRequests&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/spotFleetRequestConfigSet/item - openAPIDocKey: '200' - id: aws.ec2.spot_fleet_requests - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/spot_fleet_requests/methods/spot_fleet_requests_Describe' - update: [] - title: spot_fleet_requests - spot_instance_requests: - name: spot_instance_requests - methods: - spot_instance_requests_Cancel: - operation: - $ref: '#/paths/~1?Action=CancelSpotInstanceRequests&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - spot_instance_requests_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeSpotInstanceRequests&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/spotInstanceRequestSet/item - openAPIDocKey: '200' - id: aws.ec2.spot_instance_requests - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/spot_instance_requests/methods/spot_instance_requests_Describe' - update: [] - title: spot_instance_requests - spot_instances: - name: spot_instances - methods: - spot_instances_Request: - operation: - $ref: '#/paths/~1?Action=RequestSpotInstances&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.spot_instances - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: spot_instances - spot_placement_scores: - name: spot_placement_scores - methods: - spot_placement_scores_Get: - operation: - $ref: '#/paths/~1?Action=GetSpotPlacementScores&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/spotPlacementScoreSet/item - openAPIDocKey: '200' - id: aws.ec2.spot_placement_scores - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/spot_placement_scores/methods/spot_placement_scores_Get' - update: [] - title: spot_placement_scores - spot_price_history: - name: spot_price_history - methods: - spot_price_history_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeSpotPriceHistory&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/spotPriceHistorySet/item - openAPIDocKey: '200' - id: aws.ec2.spot_price_history - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/spot_price_history/methods/spot_price_history_Describe' - update: [] - title: spot_price_history - stale_security_groups: - name: stale_security_groups - methods: - stale_security_groups_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeStaleSecurityGroups&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/staleSecurityGroupSet/item - openAPIDocKey: '200' - id: aws.ec2.stale_security_groups - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/stale_security_groups/methods/stale_security_groups_Describe' - update: [] - title: stale_security_groups - store_image_tasks: - name: store_image_tasks - methods: - store_image_task_Create: - operation: - $ref: '#/paths/~1?Action=CreateStoreImageTask&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - store_image_tasks_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeStoreImageTasks&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/storeImageTaskResultSet/item - openAPIDocKey: '200' - id: aws.ec2.store_image_tasks - sqlVerbs: - delete: [] - insert: - - $ref: '#/components/x-stackQL-resources/store_image_tasks/methods/store_image_task_Create' - select: - - $ref: '#/components/x-stackQL-resources/store_image_tasks/methods/store_image_tasks_Describe' - update: [] - title: store_image_tasks - subnet_attribute: - name: subnet_attribute - methods: - subnet_attribute_Modify: - operation: - $ref: '#/paths/~1?Action=ModifySubnetAttribute&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.subnet_attribute - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: subnet_attribute - subnet_cidr_block: - name: subnet_cidr_block - methods: - subnet_cidr_block_Associate: - operation: - $ref: '#/paths/~1?Action=AssociateSubnetCidrBlock&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - subnet_cidr_block_Disassociate: - operation: - $ref: '#/paths/~1?Action=DisassociateSubnetCidrBlock&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.subnet_cidr_block - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: subnet_cidr_block - subnet_cidr_reservations: - name: subnet_cidr_reservations - methods: - subnet_cidr_reservation_Create: - operation: - $ref: '#/paths/~1?Action=CreateSubnetCidrReservation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - subnet_cidr_reservation_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteSubnetCidrReservation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - subnet_cidr_reservations_Get: - operation: - $ref: '#/paths/~1?Action=GetSubnetCidrReservations&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.subnet_cidr_reservations - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/subnet_cidr_reservations/methods/subnet_cidr_reservation_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/subnet_cidr_reservations/methods/subnet_cidr_reservation_Create' - select: - - $ref: '#/components/x-stackQL-resources/subnet_cidr_reservations/methods/subnet_cidr_reservations_Get' - update: [] - title: subnet_cidr_reservations - subnets: - name: subnets - methods: - subnet_Create: - operation: - $ref: '#/paths/~1?Action=CreateSubnet&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - subnet_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteSubnet&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - subnets_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeSubnets&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/subnetSet/item - openAPIDocKey: '200' - id: aws.ec2.subnets - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/subnets/methods/subnet_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/subnets/methods/subnet_Create' - select: - - $ref: '#/components/x-stackQL-resources/subnets/methods/subnets_Describe' - update: [] - title: subnets - tags: - name: tags - methods: - tags_Create: - operation: - $ref: '#/paths/~1?Action=CreateTags&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - tags_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteTags&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - tags_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeTags&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/tagSet/item - openAPIDocKey: '200' - id: aws.ec2.tags - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/tags/methods/tags_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/tags/methods/tags_Create' - select: - - $ref: '#/components/x-stackQL-resources/tags/methods/tags_Describe' - update: [] - title: tags - traffic_mirror_filter_network_services: - name: traffic_mirror_filter_network_services - methods: - traffic_mirror_filter_network_services_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyTrafficMirrorFilterNetworkServices&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.traffic_mirror_filter_network_services - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: traffic_mirror_filter_network_services - traffic_mirror_filter_rule: - name: traffic_mirror_filter_rule - methods: - traffic_mirror_filter_rule_Create: - operation: - $ref: '#/paths/~1?Action=CreateTrafficMirrorFilterRule&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - traffic_mirror_filter_rule_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteTrafficMirrorFilterRule&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - traffic_mirror_filter_rule_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyTrafficMirrorFilterRule&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.traffic_mirror_filter_rule - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/traffic_mirror_filter_rule/methods/traffic_mirror_filter_rule_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/traffic_mirror_filter_rule/methods/traffic_mirror_filter_rule_Create' - select: [] - update: [] - title: traffic_mirror_filter_rule - traffic_mirror_filters: - name: traffic_mirror_filters - methods: - traffic_mirror_filter_Create: - operation: - $ref: '#/paths/~1?Action=CreateTrafficMirrorFilter&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - traffic_mirror_filter_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteTrafficMirrorFilter&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - traffic_mirror_filters_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeTrafficMirrorFilters&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/trafficMirrorFilterSet/item - openAPIDocKey: '200' - id: aws.ec2.traffic_mirror_filters - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/traffic_mirror_filters/methods/traffic_mirror_filter_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/traffic_mirror_filters/methods/traffic_mirror_filter_Create' - select: - - $ref: '#/components/x-stackQL-resources/traffic_mirror_filters/methods/traffic_mirror_filters_Describe' - update: [] - title: traffic_mirror_filters - traffic_mirror_sessions: - name: traffic_mirror_sessions - methods: - traffic_mirror_session_Create: - operation: - $ref: '#/paths/~1?Action=CreateTrafficMirrorSession&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - traffic_mirror_session_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteTrafficMirrorSession&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - traffic_mirror_session_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyTrafficMirrorSession&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - traffic_mirror_sessions_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeTrafficMirrorSessions&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/trafficMirrorSessionSet/item - openAPIDocKey: '200' - id: aws.ec2.traffic_mirror_sessions - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/traffic_mirror_sessions/methods/traffic_mirror_session_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/traffic_mirror_sessions/methods/traffic_mirror_session_Create' - select: - - $ref: '#/components/x-stackQL-resources/traffic_mirror_sessions/methods/traffic_mirror_sessions_Describe' - update: [] - title: traffic_mirror_sessions - traffic_mirror_targets: - name: traffic_mirror_targets - methods: - traffic_mirror_target_Create: - operation: - $ref: '#/paths/~1?Action=CreateTrafficMirrorTarget&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - traffic_mirror_target_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteTrafficMirrorTarget&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - traffic_mirror_targets_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeTrafficMirrorTargets&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/trafficMirrorTargetSet/item - openAPIDocKey: '200' - id: aws.ec2.traffic_mirror_targets - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/traffic_mirror_targets/methods/traffic_mirror_target_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/traffic_mirror_targets/methods/traffic_mirror_target_Create' - select: - - $ref: '#/components/x-stackQL-resources/traffic_mirror_targets/methods/traffic_mirror_targets_Describe' - update: [] - title: traffic_mirror_targets - transit_gateway_attachment_propagations: - name: transit_gateway_attachment_propagations - methods: - transit_gateway_attachment_propagations_Get: - operation: - $ref: '#/paths/~1?Action=GetTransitGatewayAttachmentPropagations&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/transitGatewayAttachmentPropagations/item - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_attachment_propagations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/transit_gateway_attachment_propagations/methods/transit_gateway_attachment_propagations_Get' - update: [] - title: transit_gateway_attachment_propagations - transit_gateway_attachments: - name: transit_gateway_attachments - methods: - transit_gateway_attachments_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeTransitGatewayAttachments&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/transitGatewayAttachments/item - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_attachments - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/transit_gateway_attachments/methods/transit_gateway_attachments_Describe' - update: [] - title: transit_gateway_attachments - transit_gateway_connect_peers: - name: transit_gateway_connect_peers - methods: - transit_gateway_connect_peer_Create: - operation: - $ref: '#/paths/~1?Action=CreateTransitGatewayConnectPeer&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_connect_peer_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteTransitGatewayConnectPeer&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_connect_peers_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeTransitGatewayConnectPeers&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/transitGatewayConnectPeerSet/item - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_connect_peers - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/transit_gateway_connect_peers/methods/transit_gateway_connect_peer_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/transit_gateway_connect_peers/methods/transit_gateway_connect_peer_Create' - select: - - $ref: '#/components/x-stackQL-resources/transit_gateway_connect_peers/methods/transit_gateway_connect_peers_Describe' - update: [] - title: transit_gateway_connect_peers - transit_gateway_connects: - name: transit_gateway_connects - methods: - transit_gateway_connect_Create: - operation: - $ref: '#/paths/~1?Action=CreateTransitGatewayConnect&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_connect_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteTransitGatewayConnect&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_connects_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeTransitGatewayConnects&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/transitGatewayConnectSet/item - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_connects - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/transit_gateway_connects/methods/transit_gateway_connect_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/transit_gateway_connects/methods/transit_gateway_connect_Create' - select: - - $ref: '#/components/x-stackQL-resources/transit_gateway_connects/methods/transit_gateway_connects_Describe' - update: [] - title: transit_gateway_connects - transit_gateway_multicast_domain_associations: - name: transit_gateway_multicast_domain_associations - methods: - transit_gateway_multicast_domain_associations_Accept: - operation: - $ref: '#/paths/~1?Action=AcceptTransitGatewayMulticastDomainAssociations&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_multicast_domain_associations_Get: - operation: - $ref: '#/paths/~1?Action=GetTransitGatewayMulticastDomainAssociations&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/multicastDomainAssociations/item - openAPIDocKey: '200' - transit_gateway_multicast_domain_associations_Reject: - operation: - $ref: '#/paths/~1?Action=RejectTransitGatewayMulticastDomainAssociations&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_multicast_domain_associations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/transit_gateway_multicast_domain_associations/methods/transit_gateway_multicast_domain_associations_Get' - update: [] - title: transit_gateway_multicast_domain_associations - transit_gateway_multicast_domains: - name: transit_gateway_multicast_domains - methods: - transit_gateway_multicast_domain_Associate: - operation: - $ref: '#/paths/~1?Action=AssociateTransitGatewayMulticastDomain&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_multicast_domain_Create: - operation: - $ref: '#/paths/~1?Action=CreateTransitGatewayMulticastDomain&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_multicast_domain_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteTransitGatewayMulticastDomain&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_multicast_domain_Disassociate: - operation: - $ref: '#/paths/~1?Action=DisassociateTransitGatewayMulticastDomain&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_multicast_domains_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeTransitGatewayMulticastDomains&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/transitGatewayMulticastDomains/item - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_multicast_domains - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/transit_gateway_multicast_domains/methods/transit_gateway_multicast_domain_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/transit_gateway_multicast_domains/methods/transit_gateway_multicast_domain_Create' - select: - - $ref: '#/components/x-stackQL-resources/transit_gateway_multicast_domains/methods/transit_gateway_multicast_domains_Describe' - update: [] - title: transit_gateway_multicast_domains - transit_gateway_multicast_group_members: - name: transit_gateway_multicast_group_members - methods: - transit_gateway_multicast_group_members_Deregister: - operation: - $ref: '#/paths/~1?Action=DeregisterTransitGatewayMulticastGroupMembers&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_multicast_group_members_Register: - operation: - $ref: '#/paths/~1?Action=RegisterTransitGatewayMulticastGroupMembers&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_multicast_group_members - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: transit_gateway_multicast_group_members - transit_gateway_multicast_group_sources: - name: transit_gateway_multicast_group_sources - methods: - transit_gateway_multicast_group_sources_Deregister: - operation: - $ref: '#/paths/~1?Action=DeregisterTransitGatewayMulticastGroupSources&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_multicast_group_sources_Register: - operation: - $ref: '#/paths/~1?Action=RegisterTransitGatewayMulticastGroupSources&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_multicast_group_sources - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: transit_gateway_multicast_group_sources - transit_gateway_multicast_groups: - name: transit_gateway_multicast_groups - methods: - transit_gateway_multicast_groups_Search: - operation: - $ref: '#/paths/~1?Action=SearchTransitGatewayMulticastGroups&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_multicast_groups - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: transit_gateway_multicast_groups - transit_gateway_peering_attachments: - name: transit_gateway_peering_attachments - methods: - transit_gateway_peering_attachment_Accept: - operation: - $ref: '#/paths/~1?Action=AcceptTransitGatewayPeeringAttachment&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_peering_attachment_Create: - operation: - $ref: '#/paths/~1?Action=CreateTransitGatewayPeeringAttachment&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_peering_attachment_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteTransitGatewayPeeringAttachment&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_peering_attachment_Reject: - operation: - $ref: '#/paths/~1?Action=RejectTransitGatewayPeeringAttachment&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_peering_attachments_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeTransitGatewayPeeringAttachments&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/transitGatewayPeeringAttachments/item - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_peering_attachments - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/transit_gateway_peering_attachments/methods/transit_gateway_peering_attachment_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/transit_gateway_peering_attachments/methods/transit_gateway_peering_attachment_Create' - select: - - $ref: '#/components/x-stackQL-resources/transit_gateway_peering_attachments/methods/transit_gateway_peering_attachments_Describe' - update: [] - title: transit_gateway_peering_attachments - transit_gateway_prefix_list_references: - name: transit_gateway_prefix_list_references - methods: - transit_gateway_prefix_list_reference_Create: - operation: - $ref: '#/paths/~1?Action=CreateTransitGatewayPrefixListReference&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_prefix_list_reference_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteTransitGatewayPrefixListReference&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_prefix_list_reference_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyTransitGatewayPrefixListReference&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_prefix_list_references_Get: - operation: - $ref: '#/paths/~1?Action=GetTransitGatewayPrefixListReferences&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/transitGatewayPrefixListReferenceSet/item - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_prefix_list_references - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/transit_gateway_prefix_list_references/methods/transit_gateway_prefix_list_reference_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/transit_gateway_prefix_list_references/methods/transit_gateway_prefix_list_reference_Create' - select: - - $ref: '#/components/x-stackQL-resources/transit_gateway_prefix_list_references/methods/transit_gateway_prefix_list_references_Get' - update: [] - title: transit_gateway_prefix_list_references - transit_gateway_route_table_associations: - name: transit_gateway_route_table_associations - methods: - transit_gateway_route_table_associations_Get: - operation: - $ref: '#/paths/~1?Action=GetTransitGatewayRouteTableAssociations&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/associations/item - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_route_table_associations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/transit_gateway_route_table_associations/methods/transit_gateway_route_table_associations_Get' - update: [] - title: transit_gateway_route_table_associations - transit_gateway_route_table_propagations: - name: transit_gateway_route_table_propagations - methods: - transit_gateway_route_table_propagation_Disable: - operation: - $ref: '#/paths/~1?Action=DisableTransitGatewayRouteTablePropagation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_route_table_propagation_Enable: - operation: - $ref: '#/paths/~1?Action=EnableTransitGatewayRouteTablePropagation&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_route_table_propagations_Get: - operation: - $ref: '#/paths/~1?Action=GetTransitGatewayRouteTablePropagations&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/transitGatewayRouteTablePropagations/item - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_route_table_propagations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/transit_gateway_route_table_propagations/methods/transit_gateway_route_table_propagations_Get' - update: [] - title: transit_gateway_route_table_propagations - transit_gateway_route_tables: - name: transit_gateway_route_tables - methods: - transit_gateway_route_table_Associate: - operation: - $ref: '#/paths/~1?Action=AssociateTransitGatewayRouteTable&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_route_table_Create: - operation: - $ref: '#/paths/~1?Action=CreateTransitGatewayRouteTable&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_route_table_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteTransitGatewayRouteTable&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_route_table_Disassociate: - operation: - $ref: '#/paths/~1?Action=DisassociateTransitGatewayRouteTable&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_route_tables_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeTransitGatewayRouteTables&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/transitGatewayRouteTables/item - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_route_tables - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/transit_gateway_route_tables/methods/transit_gateway_route_table_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/transit_gateway_route_tables/methods/transit_gateway_route_table_Create' - select: - - $ref: '#/components/x-stackQL-resources/transit_gateway_route_tables/methods/transit_gateway_route_tables_Describe' - update: [] - title: transit_gateway_route_tables - transit_gateway_routes: - name: transit_gateway_routes - methods: - transit_gateway_route_Create: - operation: - $ref: '#/paths/~1?Action=CreateTransitGatewayRoute&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_route_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteTransitGatewayRoute&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_route_Replace: - operation: - $ref: '#/paths/~1?Action=ReplaceTransitGatewayRoute&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_routes_Export: - operation: - $ref: '#/paths/~1?Action=ExportTransitGatewayRoutes&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_routes_Search: - operation: - $ref: '#/paths/~1?Action=SearchTransitGatewayRoutes&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_routes - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/transit_gateway_routes/methods/transit_gateway_route_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/transit_gateway_routes/methods/transit_gateway_route_Create' - select: [] - update: [] - title: transit_gateway_routes - transit_gateway_vpc_attachments: - name: transit_gateway_vpc_attachments - methods: - transit_gateway_vpc_attachment_Accept: - operation: - $ref: '#/paths/~1?Action=AcceptTransitGatewayVpcAttachment&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_vpc_attachment_Create: - operation: - $ref: '#/paths/~1?Action=CreateTransitGatewayVpcAttachment&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_vpc_attachment_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteTransitGatewayVpcAttachment&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_vpc_attachment_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyTransitGatewayVpcAttachment&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_vpc_attachment_Reject: - operation: - $ref: '#/paths/~1?Action=RejectTransitGatewayVpcAttachment&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_vpc_attachments_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeTransitGatewayVpcAttachments&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/transitGatewayVpcAttachments/item - openAPIDocKey: '200' - id: aws.ec2.transit_gateway_vpc_attachments - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/transit_gateway_vpc_attachments/methods/transit_gateway_vpc_attachment_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/transit_gateway_vpc_attachments/methods/transit_gateway_vpc_attachment_Create' - select: - - $ref: '#/components/x-stackQL-resources/transit_gateway_vpc_attachments/methods/transit_gateway_vpc_attachments_Describe' - update: [] - title: transit_gateway_vpc_attachments - transit_gateways: - name: transit_gateways - methods: - transit_gateway_Create: - operation: - $ref: '#/paths/~1?Action=CreateTransitGateway&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteTransitGateway&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateway_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyTransitGateway&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - transit_gateways_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeTransitGateways&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/transitGatewaySet/item - openAPIDocKey: '200' - id: aws.ec2.transit_gateways - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/transit_gateways/methods/transit_gateway_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/transit_gateways/methods/transit_gateway_Create' - select: - - $ref: '#/components/x-stackQL-resources/transit_gateways/methods/transit_gateways_Describe' - update: [] - title: transit_gateways - trunk_interface: - name: trunk_interface - methods: - trunk_interface_Associate: - operation: - $ref: '#/paths/~1?Action=AssociateTrunkInterface&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - trunk_interface_Disassociate: - operation: - $ref: '#/paths/~1?Action=DisassociateTrunkInterface&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.trunk_interface - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: trunk_interface - trunk_interface_associations: - name: trunk_interface_associations - methods: - trunk_interface_associations_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeTrunkInterfaceAssociations&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/interfaceAssociationSet/item - openAPIDocKey: '200' - id: aws.ec2.trunk_interface_associations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/trunk_interface_associations/methods/trunk_interface_associations_Describe' - update: [] - title: trunk_interface_associations - vgw_route_propagation: - name: vgw_route_propagation - methods: - vgw_route_propagation_Disable: - operation: - $ref: '#/paths/~1?Action=DisableVgwRoutePropagation&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - vgw_route_propagation_Enable: - operation: - $ref: '#/paths/~1?Action=EnableVgwRoutePropagation&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.vgw_route_propagation - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: vgw_route_propagation - volume_attribute: - name: volume_attribute - methods: - volume_attribute_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVolumeAttribute&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - volume_attribute_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyVolumeAttribute&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.volume_attribute - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/volume_attribute/methods/volume_attribute_Describe' - update: [] - title: volume_attribute - volume_i_o: - name: volume_i_o - methods: - volume_i_o_Enable: - operation: - $ref: '#/paths/~1?Action=EnableVolumeIO&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.volume_i_o - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: volume_i_o - volume_status: - name: volume_status - methods: - volume_status_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVolumeStatus&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/volumeStatusSet/item - openAPIDocKey: '200' - id: aws.ec2.volume_status - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/volume_status/methods/volume_status_Describe' - update: [] - title: volume_status - volumes: - name: volumes - methods: - volume_Attach: - operation: - $ref: '#/paths/~1?Action=AttachVolume&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - volume_Create: - operation: - $ref: '#/paths/~1?Action=CreateVolume&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - volume_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteVolume&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - volume_Detach: - operation: - $ref: '#/paths/~1?Action=DetachVolume&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - volume_Import: - operation: - $ref: '#/paths/~1?Action=ImportVolume&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - volume_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyVolume&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - volumes_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVolumes&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/volumeSet/item - openAPIDocKey: '200' - id: aws.ec2.volumes - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/volumes/methods/volume_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/volumes/methods/volume_Create' - select: - - $ref: '#/components/x-stackQL-resources/volumes/methods/volumes_Describe' - update: - - $ref: '#/components/x-stackQL-resources/volumes/methods/volume_Modify' - title: volumes - volumes_modifications: - name: volumes_modifications - methods: - volumes_modifications_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVolumesModifications&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/volumeModificationSet/item - openAPIDocKey: '200' - id: aws.ec2.volumes_modifications - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/volumes_modifications/methods/volumes_modifications_Describe' - update: [] - title: volumes_modifications - vpc_attribute: - name: vpc_attribute - methods: - vpc_attribute_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVpcAttribute&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - vpc_attribute_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyVpcAttribute&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.vpc_attribute - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/vpc_attribute/methods/vpc_attribute_Describe' - update: [] - title: vpc_attribute - vpc_cidr_block: - name: vpc_cidr_block - methods: - vpc_cidr_block_Associate: - operation: - $ref: '#/paths/~1?Action=AssociateVpcCidrBlock&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_cidr_block_Disassociate: - operation: - $ref: '#/paths/~1?Action=DisassociateVpcCidrBlock&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.vpc_cidr_block - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: vpc_cidr_block - vpc_classic_link: - name: vpc_classic_link - methods: - vpc_classic_link_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVpcClassicLink&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/vpcSet/item - openAPIDocKey: '200' - vpc_classic_link_Disable: - operation: - $ref: '#/paths/~1?Action=DisableVpcClassicLink&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_classic_link_Enable: - operation: - $ref: '#/paths/~1?Action=EnableVpcClassicLink&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.vpc_classic_link - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/vpc_classic_link/methods/vpc_classic_link_Describe' - update: [] - title: vpc_classic_link - vpc_classic_link_dns_support: - name: vpc_classic_link_dns_support - methods: - vpc_classic_link_dns_support_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVpcClassicLinkDnsSupport&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/vpcs/item - openAPIDocKey: '200' - vpc_classic_link_dns_support_Disable: - operation: - $ref: '#/paths/~1?Action=DisableVpcClassicLinkDnsSupport&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_classic_link_dns_support_Enable: - operation: - $ref: '#/paths/~1?Action=EnableVpcClassicLinkDnsSupport&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.vpc_classic_link_dns_support - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/vpc_classic_link_dns_support/methods/vpc_classic_link_dns_support_Describe' - update: [] - title: vpc_classic_link_dns_support - vpc_endpoint_connection_notifications: - name: vpc_endpoint_connection_notifications - methods: - vpc_endpoint_connection_notification_Create: - operation: - $ref: '#/paths/~1?Action=CreateVpcEndpointConnectionNotification&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_endpoint_connection_notification_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyVpcEndpointConnectionNotification&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_endpoint_connection_notifications_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteVpcEndpointConnectionNotifications&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_endpoint_connection_notifications_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVpcEndpointConnectionNotifications&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/connectionNotificationSet/item - openAPIDocKey: '200' - id: aws.ec2.vpc_endpoint_connection_notifications - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/vpc_endpoint_connection_notifications/methods/vpc_endpoint_connection_notifications_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/vpc_endpoint_connection_notifications/methods/vpc_endpoint_connection_notification_Create' - select: - - $ref: '#/components/x-stackQL-resources/vpc_endpoint_connection_notifications/methods/vpc_endpoint_connection_notifications_Describe' - update: [] - title: vpc_endpoint_connection_notifications - vpc_endpoint_connections: - name: vpc_endpoint_connections - methods: - vpc_endpoint_connections_Accept: - operation: - $ref: '#/paths/~1?Action=AcceptVpcEndpointConnections&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_endpoint_connections_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVpcEndpointConnections&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/vpcEndpointConnectionSet/item - openAPIDocKey: '200' - vpc_endpoint_connections_Reject: - operation: - $ref: '#/paths/~1?Action=RejectVpcEndpointConnections&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.vpc_endpoint_connections - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/vpc_endpoint_connections/methods/vpc_endpoint_connections_Describe' - update: [] - title: vpc_endpoint_connections - vpc_endpoint_service_configurations: - name: vpc_endpoint_service_configurations - methods: - vpc_endpoint_service_configuration_Create: - operation: - $ref: '#/paths/~1?Action=CreateVpcEndpointServiceConfiguration&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_endpoint_service_configuration_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyVpcEndpointServiceConfiguration&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_endpoint_service_configurations_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteVpcEndpointServiceConfigurations&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_endpoint_service_configurations_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVpcEndpointServiceConfigurations&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/serviceConfigurationSet/item - openAPIDocKey: '200' - id: aws.ec2.vpc_endpoint_service_configurations - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/vpc_endpoint_service_configurations/methods/vpc_endpoint_service_configurations_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/vpc_endpoint_service_configurations/methods/vpc_endpoint_service_configuration_Create' - select: - - $ref: '#/components/x-stackQL-resources/vpc_endpoint_service_configurations/methods/vpc_endpoint_service_configurations_Describe' - update: [] - title: vpc_endpoint_service_configurations - vpc_endpoint_service_payer_responsibility: - name: vpc_endpoint_service_payer_responsibility - methods: - vpc_endpoint_service_payer_responsibility_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyVpcEndpointServicePayerResponsibility&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.vpc_endpoint_service_payer_responsibility - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: vpc_endpoint_service_payer_responsibility - vpc_endpoint_service_permissions: - name: vpc_endpoint_service_permissions - methods: - vpc_endpoint_service_permissions_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVpcEndpointServicePermissions&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/allowedPrincipals/item - openAPIDocKey: '200' - vpc_endpoint_service_permissions_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyVpcEndpointServicePermissions&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.vpc_endpoint_service_permissions - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/vpc_endpoint_service_permissions/methods/vpc_endpoint_service_permissions_Describe' - update: [] - title: vpc_endpoint_service_permissions - vpc_endpoint_service_private_dns_verification: - name: vpc_endpoint_service_private_dns_verification - methods: - vpc_endpoint_service_private_dns_verification_Start: - operation: - $ref: '#/paths/~1?Action=StartVpcEndpointServicePrivateDnsVerification&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.vpc_endpoint_service_private_dns_verification - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: vpc_endpoint_service_private_dns_verification - vpc_endpoint_services: - name: vpc_endpoint_services - methods: - vpc_endpoint_services_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVpcEndpointServices&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/serviceDetailSet/item - openAPIDocKey: '200' - id: aws.ec2.vpc_endpoint_services - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/vpc_endpoint_services/methods/vpc_endpoint_services_Describe' - update: [] - title: vpc_endpoint_services - vpc_endpoints: - name: vpc_endpoints - methods: - vpc_endpoint_Create: - operation: - $ref: '#/paths/~1?Action=CreateVpcEndpoint&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_endpoint_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyVpcEndpoint&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_endpoints_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteVpcEndpoints&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_endpoints_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVpcEndpoints&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/vpcEndpointSet/item - openAPIDocKey: '200' - id: aws.ec2.vpc_endpoints - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/vpc_endpoints/methods/vpc_endpoints_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/vpc_endpoints/methods/vpc_endpoint_Create' - select: - - $ref: '#/components/x-stackQL-resources/vpc_endpoints/methods/vpc_endpoints_Describe' - update: [] - title: vpc_endpoints - vpc_peering_connection_options: - name: vpc_peering_connection_options - methods: - vpc_peering_connection_options_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyVpcPeeringConnectionOptions&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.vpc_peering_connection_options - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: vpc_peering_connection_options - vpc_peering_connections: - name: vpc_peering_connections - methods: - vpc_peering_connection_Accept: - operation: - $ref: '#/paths/~1?Action=AcceptVpcPeeringConnection&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_peering_connection_Create: - operation: - $ref: '#/paths/~1?Action=CreateVpcPeeringConnection&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_peering_connection_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteVpcPeeringConnection&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_peering_connection_Reject: - operation: - $ref: '#/paths/~1?Action=RejectVpcPeeringConnection&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_peering_connections_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVpcPeeringConnections&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/vpcPeeringConnectionSet/item - openAPIDocKey: '200' - id: aws.ec2.vpc_peering_connections - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/vpc_peering_connections/methods/vpc_peering_connection_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/vpc_peering_connections/methods/vpc_peering_connection_Create' - select: - - $ref: '#/components/x-stackQL-resources/vpc_peering_connections/methods/vpc_peering_connections_Describe' - update: [] - title: vpc_peering_connections - vpc_tenancy: - name: vpc_tenancy - methods: - vpc_tenancy_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyVpcTenancy&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.vpc_tenancy - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: vpc_tenancy - vpcs: - name: vpcs - methods: - vpc_Create: - operation: - $ref: '#/paths/~1?Action=CreateVpc&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpc_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteVpc&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - vpcs_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVpcs&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/vpcSet/item - openAPIDocKey: '200' - id: aws.ec2.vpcs - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/vpcs/methods/vpc_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/vpcs/methods/vpc_Create' - select: - - $ref: '#/components/x-stackQL-resources/vpcs/methods/vpcs_Describe' - update: [] - title: vpcs - vpn_connection_device_sample_configuration: - name: vpn_connection_device_sample_configuration - methods: - vpn_connection_device_sample_configuration_Get: - operation: - $ref: '#/paths/~1?Action=GetVpnConnectionDeviceSampleConfiguration&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - id: aws.ec2.vpn_connection_device_sample_configuration - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/vpn_connection_device_sample_configuration/methods/vpn_connection_device_sample_configuration_Get' - update: [] - title: vpn_connection_device_sample_configuration - vpn_connection_device_types: - name: vpn_connection_device_types - methods: - vpn_connection_device_types_Get: - operation: - $ref: '#/paths/~1?Action=GetVpnConnectionDeviceTypes&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/vpnConnectionDeviceTypeSet/item - openAPIDocKey: '200' - id: aws.ec2.vpn_connection_device_types - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/vpn_connection_device_types/methods/vpn_connection_device_types_Get' - update: [] - title: vpn_connection_device_types - vpn_connection_options: - name: vpn_connection_options - methods: - vpn_connection_options_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyVpnConnectionOptions&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.vpn_connection_options - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: vpn_connection_options - vpn_connection_route: - name: vpn_connection_route - methods: - vpn_connection_route_Create: - operation: - $ref: '#/paths/~1?Action=CreateVpnConnectionRoute&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - vpn_connection_route_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteVpnConnectionRoute&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - id: aws.ec2.vpn_connection_route - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/vpn_connection_route/methods/vpn_connection_route_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/vpn_connection_route/methods/vpn_connection_route_Create' - select: [] - update: [] - title: vpn_connection_route - vpn_connections: - name: vpn_connections - methods: - vpn_connection_Create: - operation: - $ref: '#/paths/~1?Action=CreateVpnConnection&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpn_connection_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteVpnConnection&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - vpn_connection_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyVpnConnection&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpn_connections_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVpnConnections&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/vpnConnectionSet/item - openAPIDocKey: '200' - id: aws.ec2.vpn_connections - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/vpn_connections/methods/vpn_connection_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/vpn_connections/methods/vpn_connection_Create' - select: - - $ref: '#/components/x-stackQL-resources/vpn_connections/methods/vpn_connections_Describe' - update: [] - title: vpn_connections - vpn_gateways: - name: vpn_gateways - methods: - vpn_gateway_Attach: - operation: - $ref: '#/paths/~1?Action=AttachVpnGateway&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpn_gateway_Create: - operation: - $ref: '#/paths/~1?Action=CreateVpnGateway&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - vpn_gateway_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteVpnGateway&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - vpn_gateway_Detach: - operation: - $ref: '#/paths/~1?Action=DetachVpnGateway&Version=2016-11-15/get' - response: - openAPIDocKey: '200' - vpn_gateways_Describe: - operation: - $ref: '#/paths/~1?Action=DescribeVpnGateways&Version=2016-11-15/get' - response: - mediaType: text/xml - objectKey: /*/vpnGatewaySet/item - openAPIDocKey: '200' - id: aws.ec2.vpn_gateways - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/vpn_gateways/methods/vpn_gateway_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/vpn_gateways/methods/vpn_gateway_Create' - select: - - $ref: '#/components/x-stackQL-resources/vpn_gateways/methods/vpn_gateways_Describe' - update: [] - title: vpn_gateways - vpn_tunnel_certificate: - name: vpn_tunnel_certificate - methods: - vpn_tunnel_certificate_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyVpnTunnelCertificate&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.vpn_tunnel_certificate - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: vpn_tunnel_certificate - vpn_tunnel_options: - name: vpn_tunnel_options - methods: - vpn_tunnel_options_Modify: - operation: - $ref: '#/paths/~1?Action=ModifyVpnTunnelOptions&Version=2016-11-15/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - id: aws.ec2.vpn_tunnel_options - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: vpn_tunnel_options - parameters: - X-Amz-Content-Sha256: - name: X-Amz-Content-Sha256 - in: header - schema: - type: string - required: false - X-Amz-Date: - name: X-Amz-Date - in: header - schema: - type: string - required: false - X-Amz-Algorithm: - name: X-Amz-Algorithm - in: header - schema: - type: string - required: false - X-Amz-Credential: - name: X-Amz-Credential - in: header - schema: - type: string - required: false - X-Amz-Security-Token: - name: X-Amz-Security-Token - in: header - schema: - type: string - required: false - X-Amz-Signature: - name: X-Amz-Signature - in: header - schema: - type: string - required: false - X-Amz-SignedHeaders: - name: X-Amz-SignedHeaders - in: header - schema: - type: string - required: false - securitySchemes: - hmac: - type: apiKey - name: Authorization - in: header - description: Amazon Signature authorization v4 - x-amazon-apigateway-authtype: awsSigv4 - schemas: - AcceptReservedInstancesExchangeQuoteResult: - type: object - properties: - exchangeId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the successful exchange. - description: The result of the exchange and whether it was successful. - ReservationId: - type: string - TargetConfigurationRequest: - type: object - required: - - OfferingId - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ReservedInstancesOfferingId' - - description: The Convertible Reserved Instance offering ID. - description: Details about the target configuration. - AcceptTransitGatewayMulticastDomainAssociationsResult: - type: object - properties: - associations: - $ref: '#/components/schemas/TransitGatewayMulticastDomainAssociations' - String: - type: string - AcceptTransitGatewayPeeringAttachmentResult: - type: object - properties: - transitGatewayPeeringAttachment: - allOf: - - $ref: '#/components/schemas/TransitGatewayPeeringAttachment' - - description: The transit gateway peering attachment. - AcceptTransitGatewayVpcAttachmentResult: - type: object - properties: - transitGatewayVpcAttachment: - allOf: - - $ref: '#/components/schemas/TransitGatewayVpcAttachment' - - description: The VPC attachment. - AcceptVpcEndpointConnectionsResult: - type: object - properties: - unsuccessful: - allOf: - - $ref: '#/components/schemas/UnsuccessfulItemSet' - - description: 'Information about the interface endpoints that were not accepted, if applicable.' - VpcEndpointId: - type: string - AcceptVpcPeeringConnectionResult: - type: object - properties: - vpcPeeringConnection: - allOf: - - $ref: '#/components/schemas/VpcPeeringConnection' - - description: Information about the VPC peering connection. - AdvertiseByoipCidrResult: - type: object - properties: - byoipCidr: - allOf: - - $ref: '#/components/schemas/ByoipCidr' - - description: Information about the address range. - AllocateAddressResult: - type: object - example: - Domain: standard - PublicIp: 198.51.100.0 - properties: - publicIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The Elastic IP address. - allocationId: - allOf: - - $ref: '#/components/schemas/String' - - description: '[EC2-VPC] The ID that Amazon Web Services assigns to represent the allocation of the Elastic IP address for use with instances in a VPC.' - publicIpv4Pool: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of an address pool. - networkBorderGroup: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses.' - domain: - allOf: - - $ref: '#/components/schemas/DomainType' - - description: Indicates whether the Elastic IP address is for use with instances in a VPC (vpc) or instances in EC2-Classic (standard). - customerOwnedIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The customer-owned IP address. - customerOwnedIpv4Pool: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the customer-owned address pool. - carrierIp: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The carrier IP address. This option is only available for network interfaces which reside in a subnet in a Wavelength Zone (for example an EC2 instance). ' - TagSpecification: - type: object - properties: - resourceType: - allOf: - - $ref: '#/components/schemas/ResourceType' - - description: The type of resource to tag on creation. - Tag: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags to apply to the resource. - description: The tags to apply to a resource when the resource is being created. - AllocateHostsResult: - type: object - properties: - hostIdSet: - allOf: - - $ref: '#/components/schemas/ResponseHostIdList' - - description: The ID of the allocated Dedicated Host. This is used to launch an instance onto a specific host. - description: Contains the output of AllocateHosts. - AllocateIpamPoolCidrResult: - type: object - properties: - ipamPoolAllocation: - allOf: - - $ref: '#/components/schemas/IpamPoolAllocation' - - description: Information about the allocation created. - ApplySecurityGroupsToClientVpnTargetNetworkResult: - type: object - properties: - securityGroupIds: - allOf: - - $ref: '#/components/schemas/ClientVpnSecurityGroupIdSet' - - description: The IDs of the applied security groups. - SecurityGroupId: - type: string - AssignIpv6AddressesResult: - type: object - properties: - assignedIpv6Addresses: - allOf: - - $ref: '#/components/schemas/Ipv6AddressList' - - description: The new IPv6 addresses assigned to the network interface. Existing IPv6 addresses that were assigned to the network interface before the request are not included. - assignedIpv6PrefixSet: - allOf: - - $ref: '#/components/schemas/IpPrefixList' - - description: The IPv6 prefixes that are assigned to the network interface. - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network interface. - AssignPrivateIpAddressesResult: - type: object - properties: - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network interface. - assignedPrivateIpAddressesSet: - allOf: - - $ref: '#/components/schemas/AssignedPrivateIpAddressList' - - description: The private IP addresses assigned to the network interface. - assignedIpv4PrefixSet: - allOf: - - $ref: '#/components/schemas/Ipv4PrefixesList' - - description: The IPv4 prefixes that are assigned to the network interface. - AssociateAddressResult: - type: object - example: - AssociationId: eipassoc-2bebb745 - properties: - associationId: - allOf: - - $ref: '#/components/schemas/String' - - description: '[EC2-VPC] The ID that represents the association of the Elastic IP address with an instance.' - AssociateClientVpnTargetNetworkResult: - type: object - properties: - associationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The unique ID of the target network association. - status: - allOf: - - $ref: '#/components/schemas/AssociationStatus' - - description: The current state of the target network association. - AssociateEnclaveCertificateIamRoleResult: - type: object - properties: - certificateS3BucketName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the Amazon S3 bucket to which the certificate was uploaded. - certificateS3ObjectKey: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored. The object key is formatted as follows: role_arn/certificate_arn.' - encryptionKmsKeyId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the KMS key used to encrypt the private key of the certificate. - AssociateIamInstanceProfileResult: - type: object - example: - IamInstanceProfileAssociation: - AssociationId: iip-assoc-0e7736511a163c209 - IamInstanceProfile: - Arn: 'arn:aws:iam::123456789012:instance-profile/admin-role' - Id: AIPAJBLK7RKJKWDXVHIEC - InstanceId: i-123456789abcde123 - State: associating - properties: - iamInstanceProfileAssociation: - allOf: - - $ref: '#/components/schemas/IamInstanceProfileAssociation' - - description: Information about the IAM instance profile association. - AssociateInstanceEventWindowResult: - type: object - properties: - instanceEventWindow: - allOf: - - $ref: '#/components/schemas/InstanceEventWindow' - - description: Information about the event window. - InstanceIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceId' - - xml: - name: item - TagList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: item - DedicatedHostIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/DedicatedHostId' - - xml: - name: item - AssociateRouteTableResult: - type: object - example: - AssociationId: rtbassoc-781d0d1a - properties: - associationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The route table association ID. This ID is required for disassociating the route table. - associationState: - allOf: - - $ref: '#/components/schemas/RouteTableAssociationState' - - description: The state of the association. - AssociateSubnetCidrBlockResult: - type: object - properties: - ipv6CidrBlockAssociation: - allOf: - - $ref: '#/components/schemas/SubnetIpv6CidrBlockAssociation' - - description: Information about the IPv6 association. - subnetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the subnet. - AssociateTransitGatewayMulticastDomainResult: - type: object - properties: - associations: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDomainAssociations' - - description: Information about the transit gateway multicast domain associations. - SubnetId: - type: string - AssociateTransitGatewayRouteTableResult: - type: object - properties: - association: - allOf: - - $ref: '#/components/schemas/TransitGatewayAssociation' - - description: The ID of the association. - AssociateTrunkInterfaceResult: - type: object - properties: - interfaceAssociation: - allOf: - - $ref: '#/components/schemas/TrunkInterfaceAssociation' - - description: Information about the association between the trunk network interface and branch network interface. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency.' - AssociateVpcCidrBlockResult: - type: object - properties: - ipv6CidrBlockAssociation: - allOf: - - $ref: '#/components/schemas/VpcIpv6CidrBlockAssociation' - - description: Information about the IPv6 CIDR block association. - cidrBlockAssociation: - allOf: - - $ref: '#/components/schemas/VpcCidrBlockAssociation' - - description: Information about the IPv4 CIDR block association. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - AttachClassicLinkVpcResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - AttachNetworkInterfaceResult: - type: object - example: - AttachmentId: eni-attach-66c4350a - properties: - attachmentId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network interface attachment. - networkCardIndex: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The index of the network card. - description: Contains the output of AttachNetworkInterface. - VolumeAttachment: - type: object - example: - AttachTime: '2014-02-27T19:23:06.000Z' - Device: /dev/sdb - InstanceId: i-1234567890abcdef0 - State: detaching - VolumeId: vol-049df61146c4d7901 - properties: - attachTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time stamp when the attachment initiated. - device: - allOf: - - $ref: '#/components/schemas/String' - - description: The device name. - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - status: - allOf: - - $ref: '#/components/schemas/VolumeAttachmentState' - - description: The attachment state of the volume. - volumeId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the volume. - deleteOnTermination: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the EBS volume is deleted on instance termination. - description: Describes volume attachment details. - AttachVpnGatewayResult: - type: object - properties: - attachment: - allOf: - - $ref: '#/components/schemas/VpcAttachment' - - description: Information about the attachment. - description: Contains the output of AttachVpnGateway. - AuthorizeClientVpnIngressResult: - type: object - properties: - status: - allOf: - - $ref: '#/components/schemas/ClientVpnAuthorizationRuleStatus' - - description: The current state of the authorization rule. - AuthorizeSecurityGroupEgressResult: - type: object - example: {} - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, returns an error.' - securityGroupRuleSet: - allOf: - - $ref: '#/components/schemas/SecurityGroupRuleList' - - description: Information about the outbound (egress) security group rules that were added. - IpPermission: - type: object - properties: - fromPort: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.' - ipProtocol: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers).

[VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

' - ipRanges: - allOf: - - $ref: '#/components/schemas/IpRangeList' - - description: The IPv4 ranges. - ipv6Ranges: - allOf: - - $ref: '#/components/schemas/Ipv6RangeList' - - description: '[VPC only] The IPv6 ranges.' - prefixListIds: - allOf: - - $ref: '#/components/schemas/PrefixListIdList' - - description: '[VPC only] The prefix list IDs.' - toPort: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.' - groups: - allOf: - - $ref: '#/components/schemas/UserIdGroupPairList' - - description: The security group and Amazon Web Services account ID pairs. - description: Describes a set of permissions for a security group rule. - AuthorizeSecurityGroupIngressResult: - type: object - example: {} - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, returns an error.' - securityGroupRuleSet: - allOf: - - $ref: '#/components/schemas/SecurityGroupRuleList' - - description: Information about the inbound (ingress) security group rules that were added. - BundleInstanceResult: - type: object - properties: - bundleInstanceTask: - allOf: - - $ref: '#/components/schemas/BundleTask' - - description: Information about the bundle task. - description: Contains the output of BundleInstance. - S3Storage: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The access key ID of the owner of the bucket. Before you specify a value for your access key ID, review and follow the guidance in Best Practices for Managing Amazon Web Services Access Keys.' - bucket: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The bucket in which to store the AMI. You can specify a bucket that you already own or a new bucket that Amazon EC2 creates on your behalf. If you specify a bucket that belongs to someone else, Amazon EC2 returns an error.' - prefix: - allOf: - - $ref: '#/components/schemas/String' - - description: The beginning of the file name of the AMI. - uploadPolicy: - allOf: - - $ref: '#/components/schemas/Blob' - - description: An Amazon S3 upload policy that gives Amazon EC2 permission to upload items into Amazon S3 on your behalf. - uploadPolicySignature: - allOf: - - $ref: '#/components/schemas/String' - - description: The signature of the JSON document. - description: Describes the storage parameters for Amazon S3 and Amazon S3 buckets for an instance store-backed AMI. - CancelBundleTaskResult: - type: object - properties: - bundleInstanceTask: - allOf: - - $ref: '#/components/schemas/BundleTask' - - description: Information about the bundle task. - description: Contains the output of CancelBundleTask. - CancelCapacityReservationResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - CancelCapacityReservationFleetsResult: - type: object - properties: - successfulFleetCancellationSet: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleetCancellationStateSet' - - description: Information about the Capacity Reservation Fleets that were successfully cancelled. - failedFleetCancellationSet: - allOf: - - $ref: '#/components/schemas/FailedCapacityReservationFleetCancellationResultSet' - - description: Information about the Capacity Reservation Fleets that could not be cancelled. - CapacityReservationFleetId: - type: string - CancelImportTaskResult: - type: object - properties: - importTaskId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the task being canceled. - previousState: - allOf: - - $ref: '#/components/schemas/String' - - description: The current state of the task being canceled. - state: - allOf: - - $ref: '#/components/schemas/String' - - description: The current state of the task being canceled. - CancelReservedInstancesListingResult: - type: object - properties: - reservedInstancesListingsSet: - allOf: - - $ref: '#/components/schemas/ReservedInstancesListingList' - - description: The Reserved Instance listing. - description: Contains the output of CancelReservedInstancesListing. - CancelSpotFleetRequestsResponse: - type: object - example: - SuccessfulFleetRequests: - - CurrentSpotFleetRequestState: cancelled_terminating - PreviousSpotFleetRequestState: active - SpotFleetRequestId: sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE - properties: - successfulFleetRequestSet: - allOf: - - $ref: '#/components/schemas/CancelSpotFleetRequestsSuccessSet' - - description: Information about the Spot Fleet requests that are successfully canceled. - unsuccessfulFleetRequestSet: - allOf: - - $ref: '#/components/schemas/CancelSpotFleetRequestsErrorSet' - - description: Information about the Spot Fleet requests that are not successfully canceled. - description: Contains the output of CancelSpotFleetRequests. - SpotFleetRequestId: - type: string - CancelSpotInstanceRequestsResult: - type: object - example: - CancelledSpotInstanceRequests: - - SpotInstanceRequestId: sir-08b93456 - State: cancelled - properties: - spotInstanceRequestSet: - allOf: - - $ref: '#/components/schemas/CancelledSpotInstanceRequestList' - - description: One or more Spot Instance requests. - description: Contains the output of CancelSpotInstanceRequests. - SpotInstanceRequestId: - type: string - ConfirmProductInstanceResult: - type: object - example: - OwnerId: '123456789012' - properties: - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID of the instance owner. This is only present if the product code is attached to the instance. - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The return value of the request. Returns true if the specified product code is owned by the requester and associated with the specified instance. - CopyFpgaImageResult: - type: object - properties: - fpgaImageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the new AFI. - CopyImageResult: - type: object - example: - ImageId: ami-438bea42 - properties: - imageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the new AMI. - description: Contains the output of CopyImage. - CopySnapshotResult: - type: object - example: - SnapshotId: snap-066877671789bd71b - properties: - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the new snapshot. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags applied to the new snapshot. - CreateCapacityReservationResult: - type: object - properties: - capacityReservation: - allOf: - - $ref: '#/components/schemas/CapacityReservation' - - description: Information about the Capacity Reservation. - CreateCapacityReservationFleetResult: - type: object - properties: - capacityReservationFleetId: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleetId' - - description: The ID of the Capacity Reservation Fleet. - state: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleetState' - - description: The status of the Capacity Reservation Fleet. - totalTargetCapacity: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The total number of capacity units for which the Capacity Reservation Fleet reserves capacity. - totalFulfilledCapacity: - allOf: - - $ref: '#/components/schemas/Double' - - description: The requested capacity units that have been successfully reserved. - instanceMatchCriteria: - allOf: - - $ref: '#/components/schemas/FleetInstanceMatchCriteria' - - description: The instance matching criteria for the Capacity Reservation Fleet. - allocationStrategy: - allOf: - - $ref: '#/components/schemas/String' - - description: The allocation strategy used by the Capacity Reservation Fleet. - createTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time at which the Capacity Reservation Fleet was created. - endDate: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time at which the Capacity Reservation Fleet expires. - tenancy: - allOf: - - $ref: '#/components/schemas/FleetCapacityReservationTenancy' - - description: Indicates the tenancy of Capacity Reservation Fleet. - fleetCapacityReservationSet: - allOf: - - $ref: '#/components/schemas/FleetCapacityReservationSet' - - description: Information about the individual Capacity Reservations in the Capacity Reservation Fleet. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the Capacity Reservation Fleet. - ReservationFleetInstanceSpecification: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/IntegerWithConstraints' - - description: 'The priority to assign to the instance type. This value is used to determine which of the instance types specified for the Fleet should be prioritized for use. A lower value indicates a high priority. For more information, see Instance type priority in the Amazon EC2 User Guide.' - description: Information about an instance type to use in a Capacity Reservation Fleet. - CreateCarrierGatewayResult: - type: object - properties: - carrierGateway: - allOf: - - $ref: '#/components/schemas/CarrierGateway' - - description: Information about the carrier gateway. - CreateClientVpnEndpointResult: - type: object - properties: - clientVpnEndpointId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Client VPN endpoint. - status: - allOf: - - $ref: '#/components/schemas/ClientVpnEndpointStatus' - - description: The current state of the Client VPN endpoint. - dnsName: - allOf: - - $ref: '#/components/schemas/String' - - description: The DNS name to be used by clients when establishing their VPN session. - ClientVpnAuthenticationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/FederatedAuthenticationRequest' - - description: 'Information about the IAM SAML identity provider to be used, if applicable. You must provide this information if Type is federated-authentication.' - description: 'Describes the authentication method to be used by a Client VPN endpoint. For more information, see Authentication in the Client VPN Administrator Guide.' - CreateClientVpnRouteResult: - type: object - properties: - status: - allOf: - - $ref: '#/components/schemas/ClientVpnRouteStatus' - - description: The current state of the route. - CreateCustomerGatewayResult: - type: object - example: - CustomerGateway: - BgpAsn: '65534' - CustomerGatewayId: cgw-0e11f167 - IpAddress: 12.1.2.3 - State: available - Type: ipsec.1 - properties: - customerGateway: - allOf: - - $ref: '#/components/schemas/CustomerGateway' - - description: Information about the customer gateway. - description: Contains the output of CreateCustomerGateway. - CreateDefaultSubnetResult: - type: object - properties: - subnet: - allOf: - - $ref: '#/components/schemas/Subnet' - - description: Information about the subnet. - CreateDefaultVpcResult: - type: object - properties: - vpc: - allOf: - - $ref: '#/components/schemas/Vpc' - - description: Information about the VPC. - CreateDhcpOptionsResult: - type: object - example: - DhcpOptions: - DhcpConfigurations: - - Key: domain-name-servers - Values: - - Value: 10.2.5.2 - - Value: 10.2.5.1 - DhcpOptionsId: dopt-d9070ebb - properties: - dhcpOptions: - allOf: - - $ref: '#/components/schemas/DhcpOptions' - - description: A set of DHCP options. - NewDhcpConfiguration: - type: object - properties: - key: - $ref: '#/components/schemas/String' - Value: - $ref: '#/components/schemas/ValueStringList' - CreateEgressOnlyInternetGatewayResult: - type: object - properties: - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.' - egressOnlyInternetGateway: - allOf: - - $ref: '#/components/schemas/EgressOnlyInternetGateway' - - description: Information about the egress-only internet gateway. - CreateFleetResult: - type: object - properties: - fleetId: - allOf: - - $ref: '#/components/schemas/FleetId' - - description: The ID of the EC2 Fleet. - errorSet: - allOf: - - $ref: '#/components/schemas/CreateFleetErrorsSet' - - description: Information about the instances that could not be launched by the fleet. Supported only for fleets of type instant. - fleetInstanceSet: - allOf: - - $ref: '#/components/schemas/CreateFleetInstancesSet' - - description: Information about the instances that were launched by the fleet. Supported only for fleets of type instant. - FleetLaunchTemplateConfigRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/FleetLaunchTemplateOverridesListRequest' - - description: '

Any parameters that you specify override the same parameters in the launch template.

For fleets of type request and maintain, a maximum of 300 items is allowed across all launch templates.

' - description: Describes a launch template and overrides. - TargetCapacityUnitType: - type: string - enum: - - vcpu - - memory-mib - - units - CreateFlowLogsResult: - type: object - properties: - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.' - flowLogIdSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The IDs of the flow logs. - unsuccessful: - allOf: - - $ref: '#/components/schemas/UnsuccessfulItemSet' - - description: Information about the flow logs that could not be created successfully. - FlowLogResourceId: - type: string - Boolean: - type: boolean - CreateFpgaImageResult: - type: object - properties: - fpgaImageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The FPGA image identifier (AFI ID). - fpgaImageGlobalId: - allOf: - - $ref: '#/components/schemas/String' - - description: The global FPGA image identifier (AGFI ID). - CreateImageResult: - type: object - example: - ImageId: ami-1a2b3c4d - properties: - imageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the new AMI. - BlockDeviceMapping: - type: object - properties: - deviceName: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The device name (for example, /dev/sdh or xvdh).' - virtualName: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The virtual device name (ephemeralN). Instance store volumes are numbered starting from 0. An instance type with 2 available instance store volumes can specify mappings for ephemeral0 and ephemeral1. The number of available instance store volumes depends on the instance type. After you connect to the instance, you must mount the volume.

NVMe instance store volumes are automatically enumerated and assigned a device name. Including them in your block device mapping has no effect.

Constraints: For M3 instances, you must specify instance store volumes in the block device mapping for the instance. When you launch an M3 instance, we ignore any instance store volumes specified in the block device mapping for the AMI.

' - ebs: - allOf: - - $ref: '#/components/schemas/EbsBlockDevice' - - description: Parameters used to automatically set up EBS volumes when the instance is launched. - noDevice: - allOf: - - $ref: '#/components/schemas/String' - - description: 'To omit the device from the block device mapping, specify an empty string. When this property is specified, the device is removed from the block device mapping regardless of the assigned value.' - description: 'Describes a block device mapping, which defines the EBS volumes and instance store volumes to attach to an instance at launch.' - CreateInstanceEventWindowResult: - type: object - properties: - instanceEventWindow: - allOf: - - $ref: '#/components/schemas/InstanceEventWindow' - - description: Information about the event window. - InstanceEventWindowTimeRangeRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Hour' - - description: The hour when the time range ends. - description: 'The start day and time and the end day and time of the time range, in UTC.' - CreateInstanceExportTaskResult: - type: object - properties: - exportTask: - allOf: - - $ref: '#/components/schemas/ExportTask' - - description: Information about the export instance task. - ContainerFormat: - type: string - enum: - - ova - DiskImageFormat: - type: string - enum: - - VMDK - - RAW - - VHD - CreateInternetGatewayResult: - type: object - example: - InternetGateway: - Attachments: [] - InternetGatewayId: igw-c0a643a9 - Tags: [] - properties: - internetGateway: - allOf: - - $ref: '#/components/schemas/InternetGateway' - - description: Information about the internet gateway. - CreateIpamResult: - type: object - properties: - ipam: - allOf: - - $ref: '#/components/schemas/Ipam' - - description: Information about the IPAM created. - AddIpamOperatingRegion: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the operating Region. - description: '

Add an operating Region to an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

' - CreateIpamPoolResult: - type: object - properties: - ipamPool: - allOf: - - $ref: '#/components/schemas/IpamPool' - - description: Information about the IPAM pool created. - RequestIpamResourceTag: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The value for the tag. - description: A tag on an IPAM resource. - CreateIpamScopeResult: - type: object - properties: - ipamScope: - allOf: - - $ref: '#/components/schemas/IpamScope' - - description: Information about the created scope. - KeyPair: - type: object - properties: - keyFingerprint: - allOf: - - $ref: '#/components/schemas/String' - - description: '' - keyMaterial: - allOf: - - $ref: '#/components/schemas/SensitiveUserData' - - description: An unencrypted PEM encoded RSA or ED25519 private key. - keyName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the key pair. - keyPairId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the key pair. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags applied to the key pair. - description: Describes a key pair. - CreateLaunchTemplateResult: - type: object - example: - LaunchTemplate: - CreateTime: '2017-11-27T09:13:24.000Z' - CreatedBy: 'arn:aws:iam::123456789012:root' - DefaultVersionNumber: 1 - LatestVersionNumber: 1 - LaunchTemplateId: lt-01238c059e3466abc - LaunchTemplateName: my-template - properties: - launchTemplate: - allOf: - - $ref: '#/components/schemas/LaunchTemplate' - - description: Information about the launch template. - warning: - allOf: - - $ref: '#/components/schemas/ValidationWarning' - - description: 'If the launch template contains parameters or parameter combinations that are not valid, an error code and an error message are returned for each issue that''s found.' - LaunchTemplateIamInstanceProfileSpecificationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the instance profile. - description: An IAM instance profile. - LaunchTemplateBlockDeviceMappingRequestList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateBlockDeviceMappingRequest' - - xml: - name: BlockDeviceMapping - LaunchTemplateTagSpecificationRequestList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateTagSpecificationRequest' - - xml: - name: LaunchTemplateTagSpecificationRequest - ElasticGpuSpecificationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ElasticGpuSpecification' - - xml: - name: ElasticGpuSpecification - LaunchTemplateElasticInferenceAcceleratorList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateElasticInferenceAccelerator' - - xml: - name: item - SecurityGroupIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: SecurityGroupId - LaunchTemplateCapacityReservationSpecificationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/CapacityReservationTarget' - - description: Information about the target Capacity Reservation or Capacity Reservation group. - description: 'Describes an instance''s Capacity Reservation targeting option. You can specify only one option at a time. Use the CapacityReservationPreference parameter to configure the instance to run in On-Demand capacity or to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). Use the CapacityReservationTarget parameter to explicitly target a specific Capacity Reservation or a Capacity Reservation group.' - LaunchTemplateInstanceMaintenanceOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LaunchTemplateAutoRecoveryState' - - description: 'Disables the automatic recovery behavior of your instance or sets it to default. For more information, see Simplified automatic recovery.' - description: The maintenance options of your instance. - CreateLaunchTemplateVersionResult: - type: object - example: - LaunchTemplateVersion: - CreateTime: '2017-12-01T13:35:46.000Z' - CreatedBy: 'arn:aws:iam::123456789012:root' - DefaultVersion: false - LaunchTemplateData: - ImageId: ami-c998b6b2 - InstanceType: t2.micro - NetworkInterfaces: - - AssociatePublicIpAddress: true - DeviceIndex: 0 - Ipv6Addresses: - - Ipv6Address: '2001:db8:1234:1a00::123' - SubnetId: subnet-7b16de0c - LaunchTemplateId: lt-0abcd290751193123 - LaunchTemplateName: my-template - VersionDescription: WebVersion2 - VersionNumber: 2 - properties: - launchTemplateVersion: - allOf: - - $ref: '#/components/schemas/LaunchTemplateVersion' - - description: Information about the launch template version. - warning: - allOf: - - $ref: '#/components/schemas/ValidationWarning' - - description: 'If the new version of the launch template contains parameters or parameter combinations that are not valid, an error code and an error message are returned for each issue that''s found.' - CreateLocalGatewayRouteResult: - type: object - properties: - route: - allOf: - - $ref: '#/components/schemas/LocalGatewayRoute' - - description: Information about the route. - CreateLocalGatewayRouteTableVpcAssociationResult: - type: object - properties: - localGatewayRouteTableVpcAssociation: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociation' - - description: Information about the association. - CreateManagedPrefixListResult: - type: object - properties: - prefixList: - allOf: - - $ref: '#/components/schemas/ManagedPrefixList' - - description: Information about the prefix list. - AddPrefixListEntry: - type: object - required: - - Cidr - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

A description for the entry.

Constraints: Up to 255 characters in length.

' - description: An entry for a prefix list. - CreateNatGatewayResult: - type: object - example: - NatGateway: - CreateTime: '2015-12-17T12:45:26.732Z' - NatGatewayAddresses: - - AllocationId: eipalloc-37fc1a52 - NatGatewayId: nat-08d48af2a8e83edfd - State: pending - SubnetId: subnet-1a2b3c4d - VpcId: vpc-1122aabb - properties: - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier to ensure the idempotency of the request. Only returned if a client token was provided in the request.' - natGateway: - allOf: - - $ref: '#/components/schemas/NatGateway' - - description: Information about the NAT gateway. - CreateNetworkAclResult: - type: object - example: - NetworkAcl: - Associations: [] - Entries: - - CidrBlock: 0.0.0.0/0 - Egress: true - Protocol: '-1' - RuleAction: deny - RuleNumber: 32767 - - CidrBlock: 0.0.0.0/0 - Egress: false - Protocol: '-1' - RuleAction: deny - RuleNumber: 32767 - IsDefault: false - NetworkAclId: acl-5fb85d36 - Tags: [] - VpcId: vpc-a01106c2 - properties: - networkAcl: - allOf: - - $ref: '#/components/schemas/NetworkAcl' - - description: Information about the network ACL. - Integer: - type: integer - CreateNetworkInsightsAccessScopeResult: - type: object - properties: - networkInsightsAccessScope: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScope' - - description: The Network Access Scope. - networkInsightsAccessScopeContent: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeContent' - - description: The Network Access Scope content. - AccessScopePathRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/PathStatementRequest' - - description: The destination. - ThroughResource: - allOf: - - $ref: '#/components/schemas/ThroughResourcesStatementRequestList' - - description: The through resources. - description: Describes a path. - CreateNetworkInsightsPathResult: - type: object - properties: - networkInsightsPath: - allOf: - - $ref: '#/components/schemas/NetworkInsightsPath' - - description: Information about the path. - CreateNetworkInterfaceResult: - type: object - example: - NetworkInterface: - AvailabilityZone: us-east-1d - Description: my network interface - Groups: - - GroupId: sg-903004f8 - GroupName: default - MacAddress: '02:1a:80:41:52:9c' - NetworkInterfaceId: eni-e5aa89a3 - OwnerId: '123456789012' - PrivateIpAddress: 10.0.2.17 - PrivateIpAddresses: - - Primary: true - PrivateIpAddress: 10.0.2.17 - RequesterManaged: false - SourceDestCheck: true - Status: pending - SubnetId: subnet-9d4a7b6c - TagSet: [] - VpcId: vpc-a01106c2 - properties: - networkInterface: - allOf: - - $ref: '#/components/schemas/NetworkInterface' - - description: Information about the network interface. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - description: Contains the output of CreateNetworkInterface. - InstanceIpv6Address: - type: object - properties: - ipv6Address: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 address. - description: Describes an IPv6 address. - PrivateIpAddressSpecification: - type: object - properties: - primary: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the private IPv4 address is the primary private IPv4 address. Only one IPv4 address can be designated as primary. - privateIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The private IPv4 addresses. - description: Describes a secondary private IPv4 address for a network interface. - Ipv4PrefixSpecificationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv4 prefix. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.' - description: Describes the IPv4 prefix option for a network interface. - Ipv6PrefixSpecificationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 prefix. - description: Describes the IPv4 prefix option for a network interface. - CreateNetworkInterfacePermissionResult: - type: object - properties: - interfacePermission: - allOf: - - $ref: '#/components/schemas/NetworkInterfacePermission' - - description: Information about the permission for the network interface. - description: Contains the output of CreateNetworkInterfacePermission. - CreatePlacementGroupResult: - type: object - example: {} - properties: - placementGroup: - $ref: '#/components/schemas/PlacementGroup' - CreatePublicIpv4PoolResult: - type: object - properties: - poolId: - allOf: - - $ref: '#/components/schemas/Ipv4PoolEc2Id' - - description: The ID of the public IPv4 pool. - CreateReplaceRootVolumeTaskResult: - type: object - properties: - replaceRootVolumeTask: - allOf: - - $ref: '#/components/schemas/ReplaceRootVolumeTask' - - description: Information about the root volume replacement task. - CreateReservedInstancesListingResult: - type: object - properties: - reservedInstancesListingsSet: - allOf: - - $ref: '#/components/schemas/ReservedInstancesListingList' - - description: Information about the Standard Reserved Instance listing. - description: Contains the output of CreateReservedInstancesListing. - PriceScheduleSpecification: - type: object - properties: - currencyCode: - allOf: - - $ref: '#/components/schemas/CurrencyCodeValues' - - description: 'The currency for transacting the Reserved Instance resale. At this time, the only supported currency is USD.' - price: - allOf: - - $ref: '#/components/schemas/Double' - - description: The fixed price for the term. - term: - allOf: - - $ref: '#/components/schemas/Long' - - description: 'The number of months remaining in the reservation. For example, 2 is the second to the last month before the capacity reservation expires.' - description: Describes the price for a Reserved Instance. - CreateRestoreImageTaskResult: - type: object - properties: - imageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The AMI ID. - CreateRouteResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - CreateRouteTableResult: - type: object - example: - RouteTable: - Associations: [] - PropagatingVgws: [] - RouteTableId: rtb-22574640 - Routes: - - DestinationCidrBlock: 10.0.0.0/16 - GatewayId: local - State: active - Tags: [] - VpcId: vpc-a01106c2 - properties: - routeTable: - allOf: - - $ref: '#/components/schemas/RouteTable' - - description: Information about the route table. - CreateSecurityGroupResult: - type: object - example: - GroupId: sg-903004f8 - properties: - groupId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the security group. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the security group. - Snapshot: - type: object - example: - Description: This is my root volume snapshot. - OwnerId: 012345678910 - SnapshotId: snap-066877671789bd71b - StartTime: '2014-02-28T21:06:01.000Z' - State: pending - Tags: [] - VolumeId: vol-1234567890abcdef0 - VolumeSize: 8 - properties: - dataEncryptionKeyId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The data encryption key identifier for the snapshot. This value is a unique identifier that corresponds to the data encryption key that was used to encrypt the original volume or snapshot copy. Because data encryption keys are inherited by volumes created from snapshots, and vice versa, if snapshots share the same data encryption key identifier, then they belong to the same volume/snapshot lineage. This parameter is only returned by DescribeSnapshots.' - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description for the snapshot. - encrypted: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the snapshot is encrypted. - kmsKeyId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Key Management Service (KMS) KMS key that was used to protect the volume encryption key for the parent volume. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the EBS snapshot. - progress: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The progress of the snapshot, as a percentage.' - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the snapshot. Each snapshot receives a unique identifier when it is created. - startTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time stamp when the snapshot was initiated. - status: - allOf: - - $ref: '#/components/schemas/SnapshotState' - - description: The snapshot state. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Encrypted Amazon EBS snapshots are copied asynchronously. If a snapshot copy operation fails (for example, if the proper Key Management Service (KMS) permissions are not obtained) this field displays error state details to help you diagnose why the error occurred. This parameter is only returned by DescribeSnapshots.' - volumeId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the volume that was used to create the snapshot. Snapshots created by the CopySnapshot action have an arbitrary volume ID that should not be used for any purpose. - volumeSize: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The size of the volume, in GiB.' - ownerAlias: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The Amazon Web Services owner alias, from an Amazon-maintained list (amazon). This is not the user-configured Amazon Web Services account alias set using the IAM console.' - outpostArn: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ARN of the Outpost on which the snapshot is stored. For more information, see Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.' - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the snapshot. - storageTier: - allOf: - - $ref: '#/components/schemas/StorageTier' - - description: The storage tier in which the snapshot is stored. standard indicates that the snapshot is stored in the standard snapshot storage tier and that it is ready for use. archive indicates that the snapshot is currently archived and that it must be restored before it can be used. - restoreExpiryTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: Only for archived snapshots that are temporarily restored. Indicates the date and time when a temporarily restored snapshot will be automatically re-archived. - description: Describes a snapshot. - CreateSnapshotsResult: - type: object - properties: - snapshotSet: - allOf: - - $ref: '#/components/schemas/SnapshotSet' - - description: List of snapshots. - CreateSpotDatafeedSubscriptionResult: - type: object - example: - SpotDatafeedSubscription: - Bucket: my-s3-bucket - OwnerId: '123456789012' - Prefix: spotdata - State: Active - properties: - spotDatafeedSubscription: - allOf: - - $ref: '#/components/schemas/SpotDatafeedSubscription' - - description: The Spot Instance data feed subscription. - description: Contains the output of CreateSpotDatafeedSubscription. - CreateStoreImageTaskResult: - type: object - properties: - objectKey: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the stored AMI object in the S3 bucket. - S3ObjectTag: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The value of the tag.

Constraints: Tag values are case-sensitive and can be up to 256 Unicode characters in length.

' - description: 'The tags to apply to the AMI object that will be stored in the Amazon S3 bucket. For more information, see Categorizing your storage using tags in the Amazon Simple Storage Service User Guide.' - CreateSubnetResult: - type: object - example: - Subnet: - AvailabilityZone: us-west-2c - AvailableIpAddressCount: 251 - CidrBlock: 10.0.1.0/24 - State: pending - SubnetId: subnet-9d4a7b6c - VpcId: vpc-a01106c2 - properties: - subnet: - allOf: - - $ref: '#/components/schemas/Subnet' - - description: Information about the subnet. - CreateSubnetCidrReservationResult: - type: object - properties: - subnetCidrReservation: - allOf: - - $ref: '#/components/schemas/SubnetCidrReservation' - - description: Information about the created subnet CIDR reservation. - TaggableResourceId: - type: string - Tag: - type: object - properties: - key: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The key of the tag.

Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

' - value: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The value of the tag.

Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

' - description: Describes a tag. - CreateTrafficMirrorFilterResult: - type: object - properties: - trafficMirrorFilter: - allOf: - - $ref: '#/components/schemas/TrafficMirrorFilter' - - description: Information about the Traffic Mirror filter. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - CreateTrafficMirrorFilterRuleResult: - type: object - properties: - trafficMirrorFilterRule: - allOf: - - $ref: '#/components/schemas/TrafficMirrorFilterRule' - - description: The Traffic Mirror rule. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - CreateTrafficMirrorSessionResult: - type: object - properties: - trafficMirrorSession: - allOf: - - $ref: '#/components/schemas/TrafficMirrorSession' - - description: Information about the Traffic Mirror session. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - CreateTrafficMirrorTargetResult: - type: object - properties: - trafficMirrorTarget: - allOf: - - $ref: '#/components/schemas/TrafficMirrorTarget' - - description: Information about the Traffic Mirror target. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - CreateTransitGatewayResult: - type: object - properties: - transitGateway: - allOf: - - $ref: '#/components/schemas/TransitGateway' - - description: Information about the transit gateway. - TransitGatewayCidrBlockStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - CreateTransitGatewayConnectResult: - type: object - properties: - transitGatewayConnect: - allOf: - - $ref: '#/components/schemas/TransitGatewayConnect' - - description: Information about the Connect attachment. - ProtocolValue: - type: string - enum: - - gre - CreateTransitGatewayConnectPeerResult: - type: object - properties: - transitGatewayConnectPeer: - allOf: - - $ref: '#/components/schemas/TransitGatewayConnectPeer' - - description: Information about the Connect peer. - Long: - type: integer - CreateTransitGatewayMulticastDomainResult: - type: object - properties: - transitGatewayMulticastDomain: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDomain' - - description: Information about the transit gateway multicast domain. - AutoAcceptSharedAssociationsValue: - type: string - enum: - - enable - - disable - CreateTransitGatewayPeeringAttachmentResult: - type: object - properties: - transitGatewayPeeringAttachment: - allOf: - - $ref: '#/components/schemas/TransitGatewayPeeringAttachment' - - description: The transit gateway peering attachment. - CreateTransitGatewayPrefixListReferenceResult: - type: object - properties: - transitGatewayPrefixListReference: - allOf: - - $ref: '#/components/schemas/TransitGatewayPrefixListReference' - - description: Information about the prefix list reference. - CreateTransitGatewayRouteResult: - type: object - properties: - route: - allOf: - - $ref: '#/components/schemas/TransitGatewayRoute' - - description: Information about the route. - CreateTransitGatewayRouteTableResult: - type: object - properties: - transitGatewayRouteTable: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTable' - - description: Information about the transit gateway route table. - CreateTransitGatewayVpcAttachmentResult: - type: object - properties: - transitGatewayVpcAttachment: - allOf: - - $ref: '#/components/schemas/TransitGatewayVpcAttachment' - - description: Information about the VPC attachment. - ApplianceModeSupportValue: - type: string - enum: - - enable - - disable - Volume: - type: object - example: - Attachments: [] - AvailabilityZone: us-east-1a - CreateTime: '2016-08-29T18:52:32.724Z' - Iops: 1000 - Size: 500 - SnapshotId: snap-066877671789bd71b - State: creating - Tags: [] - VolumeId: vol-1234567890abcdef0 - VolumeType: io1 - properties: - attachmentSet: - allOf: - - $ref: '#/components/schemas/VolumeAttachmentList' - - description: Information about the volume attachments. - AvailabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone for the volume. - - xml: - name: 'availabilityZone' - createTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time stamp when volume creation was initiated. - encrypted: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the volume is encrypted. - kmsKeyId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Key Management Service (KMS) KMS key that was used to protect the volume encryption key for the volume. - outpostArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Outpost. - size: - # allOf: - # - $ref: '#/components/schemas/Integer' - # - description: 'The size of the volume, in GiBs.' - type: integer - description: 'The size of the volume, in GiBs.' - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The snapshot from which the volume was created, if applicable.' - status: - allOf: - - $ref: '#/components/schemas/VolumeState' - - description: The volume state. - volumeId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the volume. - iops: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.' - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the volume. - volumeType: - allOf: - - $ref: '#/components/schemas/VolumeType' - - description: The volume type. - fastRestored: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the volume was created using fast snapshot restore. - multiAttachEnabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether Amazon EBS Multi-Attach is enabled. - throughput: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The throughput that the volume supports, in MiB/s.' - description: Describes a volume. - CreateVpcResult: - type: object - example: - Vpc: - CidrBlock: 10.0.0.0/16 - DhcpOptionsId: dopt-7a8b9c2d - InstanceTenancy: default - State: pending - VpcId: vpc-a01106c2 - properties: - vpc: - allOf: - - $ref: '#/components/schemas/Vpc' - - description: Information about the VPC. - CreateVpcEndpointResult: - type: object - properties: - vpcEndpoint: - allOf: - - $ref: '#/components/schemas/VpcEndpoint' - - description: Information about the endpoint. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.' - description: Contains the output of CreateVpcEndpoint. - RouteTableId: - type: string - DnsRecordIpType: - type: string - enum: - - ipv4 - - dualstack - - ipv6 - - service-defined - CreateVpcEndpointConnectionNotificationResult: - type: object - properties: - connectionNotification: - allOf: - - $ref: '#/components/schemas/ConnectionNotification' - - description: Information about the notification. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.' - CreateVpcEndpointServiceConfigurationResult: - type: object - properties: - serviceConfiguration: - allOf: - - $ref: '#/components/schemas/ServiceConfiguration' - - description: Information about the service configuration. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.' - CreateVpcPeeringConnectionResult: - type: object - properties: - vpcPeeringConnection: - allOf: - - $ref: '#/components/schemas/VpcPeeringConnection' - - description: Information about the VPC peering connection. - CreateVpnConnectionResult: - type: object - properties: - vpnConnection: - allOf: - - $ref: '#/components/schemas/VpnConnection' - - description: Information about the VPN connection. - description: Contains the output of CreateVpnConnection. - CreateVpnGatewayResult: - type: object - properties: - vpnGateway: - allOf: - - $ref: '#/components/schemas/VpnGateway' - - description: Information about the virtual private gateway. - description: Contains the output of CreateVpnGateway. - DeleteCarrierGatewayResult: - type: object - properties: - carrierGateway: - allOf: - - $ref: '#/components/schemas/CarrierGateway' - - description: Information about the carrier gateway. - DeleteClientVpnEndpointResult: - type: object - properties: - status: - allOf: - - $ref: '#/components/schemas/ClientVpnEndpointStatus' - - description: The current state of the Client VPN endpoint. - DeleteClientVpnRouteResult: - type: object - properties: - status: - allOf: - - $ref: '#/components/schemas/ClientVpnRouteStatus' - - description: The current state of the route. - DeleteEgressOnlyInternetGatewayResult: - type: object - properties: - returnCode: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - DeleteFleetsResult: - type: object - properties: - successfulFleetDeletionSet: - allOf: - - $ref: '#/components/schemas/DeleteFleetSuccessSet' - - description: Information about the EC2 Fleets that are successfully deleted. - unsuccessfulFleetDeletionSet: - allOf: - - $ref: '#/components/schemas/DeleteFleetErrorSet' - - description: Information about the EC2 Fleets that are not successfully deleted. - FleetId: - type: string - DeleteFlowLogsResult: - type: object - properties: - unsuccessful: - allOf: - - $ref: '#/components/schemas/UnsuccessfulItemSet' - - description: Information about the flow logs that could not be deleted successfully. - VpcFlowLogId: - type: string - DeleteFpgaImageResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Is true if the request succeeds, and an error otherwise.' - DeleteInstanceEventWindowResult: - type: object - properties: - instanceEventWindowState: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowStateChange' - - description: The state of the event window. - DeleteIpamResult: - type: object - properties: - ipam: - allOf: - - $ref: '#/components/schemas/Ipam' - - description: Information about the results of the deletion. - DeleteIpamPoolResult: - type: object - properties: - ipamPool: - allOf: - - $ref: '#/components/schemas/IpamPool' - - description: Information about the results of the deletion. - DeleteIpamScopeResult: - type: object - properties: - ipamScope: - allOf: - - $ref: '#/components/schemas/IpamScope' - - description: Information about the results of the deletion. - DeleteLaunchTemplateResult: - type: object - example: - LaunchTemplate: - CreateTime: '2017-11-23T16:46:25.000Z' - CreatedBy: 'arn:aws:iam::123456789012:root' - DefaultVersionNumber: 2 - LatestVersionNumber: 2 - LaunchTemplateId: lt-0abcd290751193123 - LaunchTemplateName: my-template - properties: - launchTemplate: - allOf: - - $ref: '#/components/schemas/LaunchTemplate' - - description: Information about the launch template. - DeleteLaunchTemplateVersionsResult: - type: object - example: - SuccessfullyDeletedLaunchTemplateVersions: - - LaunchTemplateId: lt-0abcd290751193123 - LaunchTemplateName: my-template - VersionNumber: 1 - UnsuccessfullyDeletedLaunchTemplateVersions: [] - properties: - successfullyDeletedLaunchTemplateVersionSet: - allOf: - - $ref: '#/components/schemas/DeleteLaunchTemplateVersionsResponseSuccessSet' - - description: Information about the launch template versions that were successfully deleted. - unsuccessfullyDeletedLaunchTemplateVersionSet: - allOf: - - $ref: '#/components/schemas/DeleteLaunchTemplateVersionsResponseErrorSet' - - description: Information about the launch template versions that could not be deleted. - DeleteLocalGatewayRouteResult: - type: object - properties: - route: - allOf: - - $ref: '#/components/schemas/LocalGatewayRoute' - - description: Information about the route. - DeleteLocalGatewayRouteTableVpcAssociationResult: - type: object - properties: - localGatewayRouteTableVpcAssociation: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociation' - - description: Information about the association. - DeleteManagedPrefixListResult: - type: object - properties: - prefixList: - allOf: - - $ref: '#/components/schemas/ManagedPrefixList' - - description: Information about the prefix list. - DeleteNatGatewayResult: - type: object - example: - NatGatewayId: nat-04ae55e711cec5680 - properties: - natGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the NAT gateway. - DeleteNetworkInsightsAccessScopeResult: - type: object - properties: - networkInsightsAccessScopeId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' - - description: The ID of the Network Access Scope. - DeleteNetworkInsightsAccessScopeAnalysisResult: - type: object - properties: - networkInsightsAccessScopeAnalysisId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysisId' - - description: The ID of the Network Access Scope analysis. - DeleteNetworkInsightsAnalysisResult: - type: object - properties: - networkInsightsAnalysisId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAnalysisId' - - description: The ID of the network insights analysis. - DeleteNetworkInsightsPathResult: - type: object - properties: - networkInsightsPathId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsPathId' - - description: The ID of the path. - DeleteNetworkInterfacePermissionResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds, otherwise returns an error.' - description: Contains the output for DeleteNetworkInterfacePermission. - DeletePublicIpv4PoolResult: - type: object - properties: - returnValue: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Information about the result of deleting the public IPv4 pool. - DeleteQueuedReservedInstancesResult: - type: object - properties: - successfulQueuedPurchaseDeletionSet: - allOf: - - $ref: '#/components/schemas/SuccessfulQueuedPurchaseDeletionSet' - - description: Information about the queued purchases that were successfully deleted. - failedQueuedPurchaseDeletionSet: - allOf: - - $ref: '#/components/schemas/FailedQueuedPurchaseDeletionSet' - - description: Information about the queued purchases that could not be deleted. - DeleteSubnetCidrReservationResult: - type: object - properties: - deletedSubnetCidrReservation: - allOf: - - $ref: '#/components/schemas/SubnetCidrReservation' - - description: Information about the deleted subnet CIDR reservation. - DeleteTrafficMirrorFilterResult: - type: object - properties: - trafficMirrorFilterId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Traffic Mirror filter. - DeleteTrafficMirrorFilterRuleResult: - type: object - properties: - trafficMirrorFilterRuleId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the deleted Traffic Mirror rule. - DeleteTrafficMirrorSessionResult: - type: object - properties: - trafficMirrorSessionId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the deleted Traffic Mirror session. - DeleteTrafficMirrorTargetResult: - type: object - properties: - trafficMirrorTargetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the deleted Traffic Mirror target. - DeleteTransitGatewayResult: - type: object - properties: - transitGateway: - allOf: - - $ref: '#/components/schemas/TransitGateway' - - description: Information about the deleted transit gateway. - DeleteTransitGatewayConnectResult: - type: object - properties: - transitGatewayConnect: - allOf: - - $ref: '#/components/schemas/TransitGatewayConnect' - - description: Information about the deleted Connect attachment. - DeleteTransitGatewayConnectPeerResult: - type: object - properties: - transitGatewayConnectPeer: - allOf: - - $ref: '#/components/schemas/TransitGatewayConnectPeer' - - description: Information about the deleted Connect peer. - DeleteTransitGatewayMulticastDomainResult: - type: object - properties: - transitGatewayMulticastDomain: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDomain' - - description: Information about the deleted transit gateway multicast domain. - DeleteTransitGatewayPeeringAttachmentResult: - type: object - properties: - transitGatewayPeeringAttachment: - allOf: - - $ref: '#/components/schemas/TransitGatewayPeeringAttachment' - - description: The transit gateway peering attachment. - DeleteTransitGatewayPrefixListReferenceResult: - type: object - properties: - transitGatewayPrefixListReference: - allOf: - - $ref: '#/components/schemas/TransitGatewayPrefixListReference' - - description: Information about the deleted prefix list reference. - DeleteTransitGatewayRouteResult: - type: object - properties: - route: - allOf: - - $ref: '#/components/schemas/TransitGatewayRoute' - - description: Information about the route. - DeleteTransitGatewayRouteTableResult: - type: object - properties: - transitGatewayRouteTable: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTable' - - description: Information about the deleted transit gateway route table. - DeleteTransitGatewayVpcAttachmentResult: - type: object - properties: - transitGatewayVpcAttachment: - allOf: - - $ref: '#/components/schemas/TransitGatewayVpcAttachment' - - description: Information about the deleted VPC attachment. - DeleteVpcEndpointConnectionNotificationsResult: - type: object - properties: - unsuccessful: - allOf: - - $ref: '#/components/schemas/UnsuccessfulItemSet' - - description: Information about the notifications that could not be deleted successfully. - ConnectionNotificationId: - type: string - DeleteVpcEndpointServiceConfigurationsResult: - type: object - properties: - unsuccessful: - allOf: - - $ref: '#/components/schemas/UnsuccessfulItemSet' - - description: 'Information about the service configurations that were not deleted, if applicable.' - VpcEndpointServiceId: - type: string - DeleteVpcEndpointsResult: - type: object - properties: - unsuccessful: - allOf: - - $ref: '#/components/schemas/UnsuccessfulItemSet' - - description: Information about the VPC endpoints that were not successfully deleted. - description: Contains the output of DeleteVpcEndpoints. - DeleteVpcPeeringConnectionResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - DeprovisionByoipCidrResult: - type: object - properties: - byoipCidr: - allOf: - - $ref: '#/components/schemas/ByoipCidr' - - description: Information about the address range. - DeprovisionIpamPoolCidrResult: - type: object - properties: - ipamPoolCidr: - allOf: - - $ref: '#/components/schemas/IpamPoolCidr' - - description: The deprovisioned pool CIDR. - DeprovisionPublicIpv4PoolCidrResult: - type: object - properties: - poolId: - allOf: - - $ref: '#/components/schemas/Ipv4PoolEc2Id' - - description: The ID of the pool that you deprovisioned the CIDR from. - deprovisionedAddressSet: - allOf: - - $ref: '#/components/schemas/DeprovisionedAddressSet' - - description: The deprovisioned CIDRs. - DeregisterInstanceEventNotificationAttributesResult: - type: object - properties: - instanceTagAttribute: - allOf: - - $ref: '#/components/schemas/InstanceTagNotificationAttribute' - - description: The resulting set of tag keys. - InstanceTagKeySet: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - DeregisterTransitGatewayMulticastGroupMembersResult: - type: object - properties: - deregisteredMulticastGroupMembers: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDeregisteredGroupMembers' - - description: Information about the deregistered members. - NetworkInterfaceId: - type: string - DeregisterTransitGatewayMulticastGroupSourcesResult: - type: object - properties: - deregisteredMulticastGroupSources: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDeregisteredGroupSources' - - description: Information about the deregistered group sources. - DescribeAccountAttributesResult: - type: object - example: - AccountAttributes: - - AttributeName: supported-platforms - AttributeValues: - - AttributeValue: EC2 - - AttributeValue: VPC - - AttributeName: vpc-max-security-groups-per-interface - AttributeValues: - - AttributeValue: '5' - - AttributeName: max-elastic-ips - AttributeValues: - - AttributeValue: '5' - - AttributeName: max-instances - AttributeValues: - - AttributeValue: '20' - - AttributeName: vpc-max-elastic-ips - AttributeValues: - - AttributeValue: '5' - - AttributeName: default-vpc - AttributeValues: - - AttributeValue: none - properties: - accountAttributeSet: - allOf: - - $ref: '#/components/schemas/AccountAttributeList' - - description: Information about the account attributes. - AccountAttributeName: - type: string - enum: - - supported-platforms - - default-vpc - DescribeAddressesResult: - type: object - example: - Addresses: - - Domain: standard - InstanceId: i-1234567890abcdef0 - PublicIp: 198.51.100.0 - properties: - addressesSet: - allOf: - - $ref: '#/components/schemas/AddressList' - - description: Information about the Elastic IP addresses. - Filter: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the filter. Filter names are case-sensitive. - Value: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: 'The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.' - description: '

A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.

' - AllocationId: - type: string - DescribeAddressesAttributeResult: - type: object - properties: - addressSet: - allOf: - - $ref: '#/components/schemas/AddressSet' - - description: Information about the IP addresses. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeAggregateIdFormatResult: - type: object - properties: - useLongIdsAggregated: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether all resource types in the Region are configured to use longer IDs. This value is only true if all users are configured to use longer IDs for all resources types in the Region. - statusSet: - allOf: - - $ref: '#/components/schemas/IdFormatList' - - description: Information about each resource's ID format. - DescribeAvailabilityZonesResult: - type: object - example: - AvailabilityZones: - - Messages: [] - RegionName: us-east-1 - State: available - ZoneName: us-east-1b - - Messages: [] - RegionName: us-east-1 - State: available - ZoneName: us-east-1c - - Messages: [] - RegionName: us-east-1 - State: available - ZoneName: us-east-1d - - Messages: [] - RegionName: us-east-1 - State: available - ZoneName: us-east-1e - properties: - availabilityZoneInfo: - allOf: - - $ref: '#/components/schemas/AvailabilityZoneList' - - description: 'Information about the Availability Zones, Local Zones, and Wavelength Zones.' - DescribeBundleTasksResult: - type: object - properties: - bundleInstanceTasksSet: - allOf: - - $ref: '#/components/schemas/BundleTaskList' - - description: Information about the bundle tasks. - BundleId: - type: string - DescribeByoipCidrsResult: - type: object - properties: - byoipCidrSet: - allOf: - - $ref: '#/components/schemas/ByoipCidrSet' - - description: Information about your address ranges. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeCapacityReservationFleetsResult: - type: object - properties: - capacityReservationFleetSet: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleetSet' - - description: Information about the Capacity Reservation Fleets. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeCapacityReservationsResult: - type: object - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - capacityReservationSet: - allOf: - - $ref: '#/components/schemas/CapacityReservationSet' - - description: Information about the Capacity Reservations. - CapacityReservationId: - type: string - DescribeCarrierGatewaysResult: - type: object - properties: - carrierGatewaySet: - allOf: - - $ref: '#/components/schemas/CarrierGatewaySet' - - description: Information about the carrier gateway. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - CarrierGatewayId: - type: string - DescribeClassicLinkInstancesResult: - type: object - properties: - instancesSet: - allOf: - - $ref: '#/components/schemas/ClassicLinkInstanceList' - - description: Information about one or more linked EC2-Classic instances. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - InstanceId: - type: string - DescribeClientVpnAuthorizationRulesResult: - type: object - properties: - authorizationRule: - allOf: - - $ref: '#/components/schemas/AuthorizationRuleSet' - - description: Information about the authorization rules. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeClientVpnConnectionsResult: - type: object - properties: - connections: - allOf: - - $ref: '#/components/schemas/ClientVpnConnectionSet' - - description: Information about the active and terminated client connections. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeClientVpnEndpointsResult: - type: object - properties: - clientVpnEndpoint: - allOf: - - $ref: '#/components/schemas/EndpointSet' - - description: Information about the Client VPN endpoints. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - ClientVpnEndpointId: - type: string - DescribeClientVpnRoutesResult: - type: object - properties: - routes: - allOf: - - $ref: '#/components/schemas/ClientVpnRouteSet' - - description: Information about the Client VPN endpoint routes. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeClientVpnTargetNetworksResult: - type: object - properties: - clientVpnTargetNetworks: - allOf: - - $ref: '#/components/schemas/TargetNetworkSet' - - description: Information about the associated target networks. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeCoipPoolsResult: - type: object - properties: - coipPoolSet: - allOf: - - $ref: '#/components/schemas/CoipPoolSet' - - description: Information about the address pools. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - Ipv4PoolCoipId: - type: string - DescribeConversionTasksResult: - type: object - properties: - conversionTasks: - allOf: - - $ref: '#/components/schemas/DescribeConversionTaskList' - - description: Information about the conversion tasks. - ConversionTaskId: - type: string - DescribeCustomerGatewaysResult: - type: object - example: - CustomerGateways: - - BgpAsn: '65534' - CustomerGatewayId: cgw-0e11f167 - IpAddress: 12.1.2.3 - State: available - Type: ipsec.1 - properties: - customerGatewaySet: - allOf: - - $ref: '#/components/schemas/CustomerGatewayList' - - description: Information about one or more customer gateways. - description: Contains the output of DescribeCustomerGateways. - CustomerGatewayId: - type: string - DescribeDhcpOptionsResult: - type: object - example: - DhcpOptions: - - DhcpConfigurations: - - Key: domain-name-servers - Values: - - Value: 10.2.5.2 - - Value: 10.2.5.1 - DhcpOptionsId: dopt-d9070ebb - properties: - dhcpOptionsSet: - allOf: - - $ref: '#/components/schemas/DhcpOptionsList' - - description: Information about one or more DHCP options sets. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DhcpOptionsId: - type: string - DescribeEgressOnlyInternetGatewaysResult: - type: object - properties: - egressOnlyInternetGatewaySet: - allOf: - - $ref: '#/components/schemas/EgressOnlyInternetGatewayList' - - description: Information about the egress-only internet gateways. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - EgressOnlyInternetGatewayId: - type: string - DescribeElasticGpusResult: - type: object - properties: - elasticGpuSet: - allOf: - - $ref: '#/components/schemas/ElasticGpuSet' - - description: Information about the Elastic Graphics accelerators. - maxResults: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The total number of items to return. If the total number of items available is more than the value specified in max-items then a Next-Token will be provided in the output that you can use to resume pagination. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - ElasticGpuId: - type: string - DescribeExportImageTasksResult: - type: object - properties: - exportImageTaskSet: - allOf: - - $ref: '#/components/schemas/ExportImageTaskList' - - description: Information about the export image tasks. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to get the next page of results. This value is null when there are no more results to return. - ExportImageTaskId: - type: string - DescribeExportTasksResult: - type: object - properties: - exportTaskSet: - allOf: - - $ref: '#/components/schemas/ExportTaskList' - - description: Information about the export tasks. - ExportTaskId: - type: string - DescribeFastLaunchImagesResult: - type: object - properties: - fastLaunchImageSet: - allOf: - - $ref: '#/components/schemas/DescribeFastLaunchImagesSuccessSet' - - description: A collection of details about the fast-launch enabled Windows images that meet the requested criteria. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use for the next set of results. This value is null when there are no more results to return. - ImageId: - type: string - DescribeFastSnapshotRestoresResult: - type: object - properties: - fastSnapshotRestoreSet: - allOf: - - $ref: '#/components/schemas/DescribeFastSnapshotRestoreSuccessSet' - - description: Information about the state of fast snapshot restores. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeFleetHistoryResult: - type: object - properties: - historyRecordSet: - allOf: - - $ref: '#/components/schemas/HistoryRecordSet' - - description: Information about the events in the history of the EC2 Fleet. - lastEvaluatedTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: '

The last date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). All records up to this time were retrieved.

If nextToken indicates that there are more results, this value is not present.

' - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next set of results. - fleetId: - allOf: - - $ref: '#/components/schemas/FleetId' - - description: The ID of the EC Fleet. - startTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The start date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - DescribeFleetInstancesResult: - type: object - properties: - activeInstanceSet: - allOf: - - $ref: '#/components/schemas/ActiveInstanceSet' - - description: The running instances. This list is refreshed periodically and might be out of date. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next set of results. - fleetId: - allOf: - - $ref: '#/components/schemas/FleetId' - - description: The ID of the EC2 Fleet. - DescribeFleetsResult: - type: object - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next set of results. - fleetSet: - allOf: - - $ref: '#/components/schemas/FleetSet' - - description: Information about the EC2 Fleets. - DescribeFlowLogsResult: - type: object - properties: - flowLogSet: - allOf: - - $ref: '#/components/schemas/FlowLogSet' - - description: Information about the flow logs. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeFpgaImageAttributeResult: - type: object - properties: - fpgaImageAttribute: - allOf: - - $ref: '#/components/schemas/FpgaImageAttribute' - - description: Information about the attribute. - DescribeFpgaImagesResult: - type: object - properties: - fpgaImageSet: - allOf: - - $ref: '#/components/schemas/FpgaImageList' - - description: Information about the FPGA images. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - FpgaImageId: - type: string - DescribeHostReservationOfferingsResult: - type: object - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - offeringSet: - allOf: - - $ref: '#/components/schemas/HostOfferingSet' - - description: Information about the offerings. - DescribeHostReservationsResult: - type: object - properties: - hostReservationSet: - allOf: - - $ref: '#/components/schemas/HostReservationSet' - - description: Details about the reservation's configuration. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - HostReservationId: - type: string - DescribeHostsResult: - type: object - properties: - hostSet: - allOf: - - $ref: '#/components/schemas/HostList' - - description: Information about the Dedicated Hosts. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DedicatedHostId: - type: string - DescribeIamInstanceProfileAssociationsResult: - type: object - example: - IamInstanceProfileAssociations: - - AssociationId: iip-assoc-0db249b1f25fa24b8 - IamInstanceProfile: - Arn: 'arn:aws:iam::123456789012:instance-profile/admin-role' - Id: AIPAJVQN4F5WVLGCJDRGM - InstanceId: i-09eb09efa73ec1dee - State: associated - properties: - iamInstanceProfileAssociationSet: - allOf: - - $ref: '#/components/schemas/IamInstanceProfileAssociationSet' - - description: Information about the IAM instance profile associations. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - IamInstanceProfileAssociationId: - type: string - DescribeIdFormatResult: - type: object - properties: - statusSet: - allOf: - - $ref: '#/components/schemas/IdFormatList' - - description: Information about the ID format for the resource. - DescribeIdentityIdFormatResult: - type: object - properties: - statusSet: - allOf: - - $ref: '#/components/schemas/IdFormatList' - - description: Information about the ID format for the resources. - ImageAttribute: - type: object - example: - ImageId: ami-5731123e - LaunchPermissions: - - UserId: '123456789012' - properties: - blockDeviceMapping: - allOf: - - $ref: '#/components/schemas/BlockDeviceMappingList' - - description: The block device mapping entries. - imageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the AMI. - launchPermission: - allOf: - - $ref: '#/components/schemas/LaunchPermissionList' - - description: The launch permissions. - productCodes: - allOf: - - $ref: '#/components/schemas/ProductCodeList' - - description: The product codes. - description: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: A description for the AMI. - kernel: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: The kernel ID. - ramdisk: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: The RAM disk ID. - sriovNetSupport: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: Indicates whether enhanced networking with the Intel 82599 Virtual Function interface is enabled. - bootMode: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: The boot mode. - tpmSupport: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: 'If the image is configured for NitroTPM support, the value is v2.0.' - uefiData: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: 'Base64 representation of the non-volatile UEFI variable store. To retrieve the UEFI data, use the GetInstanceUefiData command. You can inspect and modify the UEFI data by using the python-uefivars tool on GitHub. For more information, see UEFI Secure Boot in the Amazon Elastic Compute Cloud User Guide.' - lastLaunchedTime: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: '

The date and time, in ISO 8601 date-time format, when the AMI was last used to launch an EC2 instance. When the AMI is used, there is a 24-hour delay before that usage is reported.

lastLaunchedTime data is available starting April 2017.

' - description: Describes an image attribute. - DescribeImagesResult: - type: object - example: - Images: - - Architecture: x86_64 - BlockDeviceMappings: - - DeviceName: /dev/sda1 - Ebs: - DeleteOnTermination: true - SnapshotId: snap-1234567890abcdef0 - VolumeSize: 8 - VolumeType: standard - Description: An AMI for my server - Hypervisor: xen - ImageId: ami-5731123e - ImageLocation: 123456789012/My server - ImageType: machine - KernelId: aki-88aa75e1 - Name: My server - OwnerId: '123456789012' - Public: false - RootDeviceName: /dev/sda1 - RootDeviceType: ebs - State: available - VirtualizationType: paravirtual - properties: - imagesSet: - allOf: - - $ref: '#/components/schemas/ImageList' - - description: Information about the images. - DescribeImportImageTasksResult: - type: object - properties: - importImageTaskSet: - allOf: - - $ref: '#/components/schemas/ImportImageTaskList' - - description: A list of zero or more import image tasks that are currently active or were completed or canceled in the previous 7 days. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to get the next page of results. This value is null when there are no more results to return. - ImportImageTaskId: - type: string - DescribeImportSnapshotTasksResult: - type: object - properties: - importSnapshotTaskSet: - allOf: - - $ref: '#/components/schemas/ImportSnapshotTaskList' - - description: A list of zero or more import snapshot tasks that are currently active or were completed or canceled in the previous 7 days. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to get the next page of results. This value is null when there are no more results to return. - ImportSnapshotTaskId: - type: string - InstanceAttribute: - type: object - example: - BlockDeviceMappings: - - DeviceName: /dev/sda1 - Ebs: - AttachTime: '2013-05-17T22:42:34.000Z' - DeleteOnTermination: true - Status: attached - VolumeId: vol-049df61146c4d7901 - - DeviceName: /dev/sdf - Ebs: - AttachTime: '2013-09-10T23:07:00.000Z' - DeleteOnTermination: false - Status: attached - VolumeId: vol-049df61146c4d7901 - InstanceId: i-1234567890abcdef0 - properties: - groupSet: - allOf: - - $ref: '#/components/schemas/GroupIdentifierList' - - description: The security groups associated with the instance. - blockDeviceMapping: - allOf: - - $ref: '#/components/schemas/InstanceBlockDeviceMappingList' - - description: The block device mapping of the instance. - disableApiTermination: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description: 'If the value is true, you can''t terminate the instance through the Amazon EC2 console, CLI, or API; otherwise, you can.' - enaSupport: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description: Indicates whether enhanced networking with ENA is enabled. - enclaveOptions: - allOf: - - $ref: '#/components/schemas/EnclaveOptions' - - description: 'To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to true; otherwise, set it to false.' - ebsOptimized: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description: Indicates whether the instance is optimized for Amazon EBS I/O. - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - instanceInitiatedShutdownBehavior: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). - instanceType: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: The instance type. - kernel: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: The kernel ID. - productCodes: - allOf: - - $ref: '#/components/schemas/ProductCodeList' - - description: A list of product codes. - ramdisk: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: The RAM disk ID. - rootDeviceName: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: 'The device name of the root device volume (for example, /dev/sda1).' - sourceDestCheck: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description: 'Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.' - sriovNetSupport: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: Indicates whether enhanced networking with the Intel 82599 Virtual Function interface is enabled. - userData: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: The user data. - description: Describes an instance attribute. - DescribeInstanceCreditSpecificationsResult: - type: object - properties: - instanceCreditSpecificationSet: - allOf: - - $ref: '#/components/schemas/InstanceCreditSpecificationList' - - description: Information about the credit option for CPU usage of an instance. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeInstanceEventNotificationAttributesResult: - type: object - properties: - instanceTagAttribute: - allOf: - - $ref: '#/components/schemas/InstanceTagNotificationAttribute' - - description: Information about the registered tag keys. - DescribeInstanceEventWindowsResult: - type: object - properties: - instanceEventWindowSet: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowSet' - - description: Information about the event windows. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The token to use to retrieve the next page of results. This value is null when there are no more results to return. ' - InstanceEventWindowId: - type: string - DescribeInstanceStatusResult: - type: object - example: - InstanceStatuses: - - AvailabilityZone: us-east-1d - InstanceId: i-1234567890abcdef0 - InstanceState: - Code: 16 - Name: running - InstanceStatus: - Details: - - Name: reachability - Status: passed - Status: ok - SystemStatus: - Details: - - Name: reachability - Status: passed - Status: ok - properties: - instanceStatusSet: - allOf: - - $ref: '#/components/schemas/InstanceStatusList' - - description: Information about the status of the instances. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeInstanceTypeOfferingsResult: - type: object - properties: - instanceTypeOfferingSet: - allOf: - - $ref: '#/components/schemas/InstanceTypeOfferingsList' - - description: The instance types offered. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeInstanceTypesResult: - type: object - properties: - instanceTypeSet: - allOf: - - $ref: '#/components/schemas/InstanceTypeInfoList' - - description: 'The instance type. For more information, see Instance types in the Amazon EC2 User Guide.' - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - InstanceType: - type: string - enum: - - a1.medium - - a1.large - - a1.xlarge - - a1.2xlarge - - a1.4xlarge - - a1.metal - - c1.medium - - c1.xlarge - - c3.large - - c3.xlarge - - c3.2xlarge - - c3.4xlarge - - c3.8xlarge - - c4.large - - c4.xlarge - - c4.2xlarge - - c4.4xlarge - - c4.8xlarge - - c5.large - - c5.xlarge - - c5.2xlarge - - c5.4xlarge - - c5.9xlarge - - c5.12xlarge - - c5.18xlarge - - c5.24xlarge - - c5.metal - - c5a.large - - c5a.xlarge - - c5a.2xlarge - - c5a.4xlarge - - c5a.8xlarge - - c5a.12xlarge - - c5a.16xlarge - - c5a.24xlarge - - c5ad.large - - c5ad.xlarge - - c5ad.2xlarge - - c5ad.4xlarge - - c5ad.8xlarge - - c5ad.12xlarge - - c5ad.16xlarge - - c5ad.24xlarge - - c5d.large - - c5d.xlarge - - c5d.2xlarge - - c5d.4xlarge - - c5d.9xlarge - - c5d.12xlarge - - c5d.18xlarge - - c5d.24xlarge - - c5d.metal - - c5n.large - - c5n.xlarge - - c5n.2xlarge - - c5n.4xlarge - - c5n.9xlarge - - c5n.18xlarge - - c5n.metal - - c6g.medium - - c6g.large - - c6g.xlarge - - c6g.2xlarge - - c6g.4xlarge - - c6g.8xlarge - - c6g.12xlarge - - c6g.16xlarge - - c6g.metal - - c6gd.medium - - c6gd.large - - c6gd.xlarge - - c6gd.2xlarge - - c6gd.4xlarge - - c6gd.8xlarge - - c6gd.12xlarge - - c6gd.16xlarge - - c6gd.metal - - c6gn.medium - - c6gn.large - - c6gn.xlarge - - c6gn.2xlarge - - c6gn.4xlarge - - c6gn.8xlarge - - c6gn.12xlarge - - c6gn.16xlarge - - c6i.large - - c6i.xlarge - - c6i.2xlarge - - c6i.4xlarge - - c6i.8xlarge - - c6i.12xlarge - - c6i.16xlarge - - c6i.24xlarge - - c6i.32xlarge - - c6i.metal - - cc1.4xlarge - - cc2.8xlarge - - cg1.4xlarge - - cr1.8xlarge - - d2.xlarge - - d2.2xlarge - - d2.4xlarge - - d2.8xlarge - - d3.xlarge - - d3.2xlarge - - d3.4xlarge - - d3.8xlarge - - d3en.xlarge - - d3en.2xlarge - - d3en.4xlarge - - d3en.6xlarge - - d3en.8xlarge - - d3en.12xlarge - - dl1.24xlarge - - f1.2xlarge - - f1.4xlarge - - f1.16xlarge - - g2.2xlarge - - g2.8xlarge - - g3.4xlarge - - g3.8xlarge - - g3.16xlarge - - g3s.xlarge - - g4ad.xlarge - - g4ad.2xlarge - - g4ad.4xlarge - - g4ad.8xlarge - - g4ad.16xlarge - - g4dn.xlarge - - g4dn.2xlarge - - g4dn.4xlarge - - g4dn.8xlarge - - g4dn.12xlarge - - g4dn.16xlarge - - g4dn.metal - - g5.xlarge - - g5.2xlarge - - g5.4xlarge - - g5.8xlarge - - g5.12xlarge - - g5.16xlarge - - g5.24xlarge - - g5.48xlarge - - g5g.xlarge - - g5g.2xlarge - - g5g.4xlarge - - g5g.8xlarge - - g5g.16xlarge - - g5g.metal - - hi1.4xlarge - - hpc6a.48xlarge - - hs1.8xlarge - - h1.2xlarge - - h1.4xlarge - - h1.8xlarge - - h1.16xlarge - - i2.xlarge - - i2.2xlarge - - i2.4xlarge - - i2.8xlarge - - i3.large - - i3.xlarge - - i3.2xlarge - - i3.4xlarge - - i3.8xlarge - - i3.16xlarge - - i3.metal - - i3en.large - - i3en.xlarge - - i3en.2xlarge - - i3en.3xlarge - - i3en.6xlarge - - i3en.12xlarge - - i3en.24xlarge - - i3en.metal - - im4gn.large - - im4gn.xlarge - - im4gn.2xlarge - - im4gn.4xlarge - - im4gn.8xlarge - - im4gn.16xlarge - - inf1.xlarge - - inf1.2xlarge - - inf1.6xlarge - - inf1.24xlarge - - is4gen.medium - - is4gen.large - - is4gen.xlarge - - is4gen.2xlarge - - is4gen.4xlarge - - is4gen.8xlarge - - m1.small - - m1.medium - - m1.large - - m1.xlarge - - m2.xlarge - - m2.2xlarge - - m2.4xlarge - - m3.medium - - m3.large - - m3.xlarge - - m3.2xlarge - - m4.large - - m4.xlarge - - m4.2xlarge - - m4.4xlarge - - m4.10xlarge - - m4.16xlarge - - m5.large - - m5.xlarge - - m5.2xlarge - - m5.4xlarge - - m5.8xlarge - - m5.12xlarge - - m5.16xlarge - - m5.24xlarge - - m5.metal - - m5a.large - - m5a.xlarge - - m5a.2xlarge - - m5a.4xlarge - - m5a.8xlarge - - m5a.12xlarge - - m5a.16xlarge - - m5a.24xlarge - - m5ad.large - - m5ad.xlarge - - m5ad.2xlarge - - m5ad.4xlarge - - m5ad.8xlarge - - m5ad.12xlarge - - m5ad.16xlarge - - m5ad.24xlarge - - m5d.large - - m5d.xlarge - - m5d.2xlarge - - m5d.4xlarge - - m5d.8xlarge - - m5d.12xlarge - - m5d.16xlarge - - m5d.24xlarge - - m5d.metal - - m5dn.large - - m5dn.xlarge - - m5dn.2xlarge - - m5dn.4xlarge - - m5dn.8xlarge - - m5dn.12xlarge - - m5dn.16xlarge - - m5dn.24xlarge - - m5dn.metal - - m5n.large - - m5n.xlarge - - m5n.2xlarge - - m5n.4xlarge - - m5n.8xlarge - - m5n.12xlarge - - m5n.16xlarge - - m5n.24xlarge - - m5n.metal - - m5zn.large - - m5zn.xlarge - - m5zn.2xlarge - - m5zn.3xlarge - - m5zn.6xlarge - - m5zn.12xlarge - - m5zn.metal - - m6a.large - - m6a.xlarge - - m6a.2xlarge - - m6a.4xlarge - - m6a.8xlarge - - m6a.12xlarge - - m6a.16xlarge - - m6a.24xlarge - - m6a.32xlarge - - m6a.48xlarge - - m6g.metal - - m6g.medium - - m6g.large - - m6g.xlarge - - m6g.2xlarge - - m6g.4xlarge - - m6g.8xlarge - - m6g.12xlarge - - m6g.16xlarge - - m6gd.metal - - m6gd.medium - - m6gd.large - - m6gd.xlarge - - m6gd.2xlarge - - m6gd.4xlarge - - m6gd.8xlarge - - m6gd.12xlarge - - m6gd.16xlarge - - m6i.large - - m6i.xlarge - - m6i.2xlarge - - m6i.4xlarge - - m6i.8xlarge - - m6i.12xlarge - - m6i.16xlarge - - m6i.24xlarge - - m6i.32xlarge - - m6i.metal - - mac1.metal - - p2.xlarge - - p2.8xlarge - - p2.16xlarge - - p3.2xlarge - - p3.8xlarge - - p3.16xlarge - - p3dn.24xlarge - - p4d.24xlarge - - r3.large - - r3.xlarge - - r3.2xlarge - - r3.4xlarge - - r3.8xlarge - - r4.large - - r4.xlarge - - r4.2xlarge - - r4.4xlarge - - r4.8xlarge - - r4.16xlarge - - r5.large - - r5.xlarge - - r5.2xlarge - - r5.4xlarge - - r5.8xlarge - - r5.12xlarge - - r5.16xlarge - - r5.24xlarge - - r5.metal - - r5a.large - - r5a.xlarge - - r5a.2xlarge - - r5a.4xlarge - - r5a.8xlarge - - r5a.12xlarge - - r5a.16xlarge - - r5a.24xlarge - - r5ad.large - - r5ad.xlarge - - r5ad.2xlarge - - r5ad.4xlarge - - r5ad.8xlarge - - r5ad.12xlarge - - r5ad.16xlarge - - r5ad.24xlarge - - r5b.large - - r5b.xlarge - - r5b.2xlarge - - r5b.4xlarge - - r5b.8xlarge - - r5b.12xlarge - - r5b.16xlarge - - r5b.24xlarge - - r5b.metal - - r5d.large - - r5d.xlarge - - r5d.2xlarge - - r5d.4xlarge - - r5d.8xlarge - - r5d.12xlarge - - r5d.16xlarge - - r5d.24xlarge - - r5d.metal - - r5dn.large - - r5dn.xlarge - - r5dn.2xlarge - - r5dn.4xlarge - - r5dn.8xlarge - - r5dn.12xlarge - - r5dn.16xlarge - - r5dn.24xlarge - - r5dn.metal - - r5n.large - - r5n.xlarge - - r5n.2xlarge - - r5n.4xlarge - - r5n.8xlarge - - r5n.12xlarge - - r5n.16xlarge - - r5n.24xlarge - - r5n.metal - - r6g.medium - - r6g.large - - r6g.xlarge - - r6g.2xlarge - - r6g.4xlarge - - r6g.8xlarge - - r6g.12xlarge - - r6g.16xlarge - - r6g.metal - - r6gd.medium - - r6gd.large - - r6gd.xlarge - - r6gd.2xlarge - - r6gd.4xlarge - - r6gd.8xlarge - - r6gd.12xlarge - - r6gd.16xlarge - - r6gd.metal - - r6i.large - - r6i.xlarge - - r6i.2xlarge - - r6i.4xlarge - - r6i.8xlarge - - r6i.12xlarge - - r6i.16xlarge - - r6i.24xlarge - - r6i.32xlarge - - r6i.metal - - t1.micro - - t2.nano - - t2.micro - - t2.small - - t2.medium - - t2.large - - t2.xlarge - - t2.2xlarge - - t3.nano - - t3.micro - - t3.small - - t3.medium - - t3.large - - t3.xlarge - - t3.2xlarge - - t3a.nano - - t3a.micro - - t3a.small - - t3a.medium - - t3a.large - - t3a.xlarge - - t3a.2xlarge - - t4g.nano - - t4g.micro - - t4g.small - - t4g.medium - - t4g.large - - t4g.xlarge - - t4g.2xlarge - - u-6tb1.56xlarge - - u-6tb1.112xlarge - - u-9tb1.112xlarge - - u-12tb1.112xlarge - - u-6tb1.metal - - u-9tb1.metal - - u-12tb1.metal - - u-18tb1.metal - - u-24tb1.metal - - vt1.3xlarge - - vt1.6xlarge - - vt1.24xlarge - - x1.16xlarge - - x1.32xlarge - - x1e.xlarge - - x1e.2xlarge - - x1e.4xlarge - - x1e.8xlarge - - x1e.16xlarge - - x1e.32xlarge - - x2iezn.2xlarge - - x2iezn.4xlarge - - x2iezn.6xlarge - - x2iezn.8xlarge - - x2iezn.12xlarge - - x2iezn.metal - - x2gd.medium - - x2gd.large - - x2gd.xlarge - - x2gd.2xlarge - - x2gd.4xlarge - - x2gd.8xlarge - - x2gd.12xlarge - - x2gd.16xlarge - - x2gd.metal - - z1d.large - - z1d.xlarge - - z1d.2xlarge - - z1d.3xlarge - - z1d.6xlarge - - z1d.12xlarge - - z1d.metal - - x2idn.16xlarge - - x2idn.24xlarge - - x2idn.32xlarge - - x2iedn.xlarge - - x2iedn.2xlarge - - x2iedn.4xlarge - - x2iedn.8xlarge - - x2iedn.16xlarge - - x2iedn.24xlarge - - x2iedn.32xlarge - - c6a.large - - c6a.xlarge - - c6a.2xlarge - - c6a.4xlarge - - c6a.8xlarge - - c6a.12xlarge - - c6a.16xlarge - - c6a.24xlarge - - c6a.32xlarge - - c6a.48xlarge - - c6a.metal - - m6a.metal - - i4i.large - - i4i.xlarge - - i4i.2xlarge - - i4i.4xlarge - - i4i.8xlarge - - i4i.16xlarge - - i4i.32xlarge - DescribeInstancesResult: - type: object - example: {} - properties: - reservationSet: - allOf: - - $ref: '#/components/schemas/ReservationList' - - description: Information about the reservations. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeInternetGatewaysResult: - type: object - example: - InternetGateways: - - Attachments: - - State: available - VpcId: vpc-a01106c2 - InternetGatewayId: igw-c0a643a9 - Tags: [] - properties: - internetGatewaySet: - allOf: - - $ref: '#/components/schemas/InternetGatewayList' - - description: Information about one or more internet gateways. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - InternetGatewayId: - type: string - DescribeIpamPoolsResult: - type: object - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - ipamPoolSet: - allOf: - - $ref: '#/components/schemas/IpamPoolSet' - - description: Information about the IPAM pools. - DescribeIpamScopesResult: - type: object - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - ipamScopeSet: - allOf: - - $ref: '#/components/schemas/IpamScopeSet' - - description: The scopes you want information on. - DescribeIpamsResult: - type: object - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - ipamSet: - allOf: - - $ref: '#/components/schemas/IpamSet' - - description: Information about the IPAMs. - DescribeIpv6PoolsResult: - type: object - properties: - ipv6PoolSet: - allOf: - - $ref: '#/components/schemas/Ipv6PoolSet' - - description: Information about the IPv6 address pools. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - Ipv6PoolEc2Id: - type: string - DescribeKeyPairsResult: - type: object - example: - KeyPairs: - - KeyFingerprint: '1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f' - KeyName: my-key-pair - properties: - keySet: - allOf: - - $ref: '#/components/schemas/KeyPairList' - - description: Information about the key pairs. - KeyPairName: - type: string - KeyPairId: - type: string - DescribeLaunchTemplateVersionsResult: - type: object - example: - LaunchTemplateVersions: - - CreateTime: '2017-11-20T13:12:32.000Z' - CreatedBy: 'arn:aws:iam::123456789102:root' - DefaultVersion: false - LaunchTemplateData: - ImageId: ami-6057e21a - InstanceType: t2.medium - KeyName: kp-us-east - NetworkInterfaces: - - DeviceIndex: 0 - Groups: - - sg-7c227019 - SubnetId: subnet-1a2b3c4d - LaunchTemplateId: lt-068f72b72934aff71 - LaunchTemplateName: Webservers - VersionNumber: 2 - - CreateTime: '2017-11-20T12:52:33.000Z' - CreatedBy: 'arn:aws:iam::123456789102:root' - DefaultVersion: true - LaunchTemplateData: - ImageId: ami-aabbcc11 - InstanceType: t2.medium - KeyName: kp-us-east - NetworkInterfaces: - - AssociatePublicIpAddress: true - DeleteOnTermination: false - DeviceIndex: 0 - Groups: - - sg-7c227019 - SubnetId: subnet-7b16de0c - UserData: '' - LaunchTemplateId: lt-068f72b72934aff71 - LaunchTemplateName: Webservers - VersionNumber: 1 - properties: - launchTemplateVersionSet: - allOf: - - $ref: '#/components/schemas/LaunchTemplateVersionSet' - - description: Information about the launch template versions. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeLaunchTemplatesResult: - type: object - example: - LaunchTemplates: - - CreateTime: '2018-01-16T04:32:57.000Z' - CreatedBy: 'arn:aws:iam::123456789012:root' - DefaultVersionNumber: 1 - LatestVersionNumber: 1 - LaunchTemplateId: lt-01238c059e3466abc - LaunchTemplateName: my-template - properties: - launchTemplates: - allOf: - - $ref: '#/components/schemas/LaunchTemplateSet' - - description: Information about the launch templates. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - LaunchTemplateId: - type: string - LaunchTemplateName: - type: string - pattern: '[a-zA-Z0-9\(\)\.\-/_]+' - minLength: 3 - maxLength: 128 - DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsResult: - type: object - properties: - localGatewayRouteTableVirtualInterfaceGroupAssociationSet: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableVirtualInterfaceGroupAssociationSet' - - description: Information about the associations. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - LocalGatewayRouteTableVirtualInterfaceGroupAssociationId: - type: string - DescribeLocalGatewayRouteTableVpcAssociationsResult: - type: object - properties: - localGatewayRouteTableVpcAssociationSet: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociationSet' - - description: Information about the associations. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - LocalGatewayRouteTableVpcAssociationId: - type: string - DescribeLocalGatewayRouteTablesResult: - type: object - properties: - localGatewayRouteTableSet: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableSet' - - description: Information about the local gateway route tables. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - LocalGatewayRoutetableId: - type: string - DescribeLocalGatewayVirtualInterfaceGroupsResult: - type: object - properties: - localGatewayVirtualInterfaceGroupSet: - allOf: - - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroupSet' - - description: The virtual interface groups. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - LocalGatewayVirtualInterfaceGroupId: - type: string - DescribeLocalGatewayVirtualInterfacesResult: - type: object - properties: - localGatewayVirtualInterfaceSet: - allOf: - - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceSet' - - description: Information about the virtual interfaces. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - LocalGatewayVirtualInterfaceId: - type: string - DescribeLocalGatewaysResult: - type: object - properties: - localGatewaySet: - allOf: - - $ref: '#/components/schemas/LocalGatewaySet' - - description: Information about the local gateways. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - LocalGatewayId: - type: string - DescribeManagedPrefixListsResult: - type: object - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - prefixListSet: - allOf: - - $ref: '#/components/schemas/ManagedPrefixListSet' - - description: Information about the prefix lists. - DescribeMovingAddressesResult: - type: object - example: - MovingAddressStatuses: - - MoveStatus: MovingToVpc - PublicIp: 198.51.100.0 - properties: - movingAddressStatusSet: - allOf: - - $ref: '#/components/schemas/MovingAddressStatusSet' - - description: The status for each Elastic IP address. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeNatGatewaysResult: - type: object - example: - NatGateways: - - CreateTime: '2015-12-01T12:26:55.983Z' - NatGatewayAddresses: - - AllocationId: eipalloc-89c620ec - NetworkInterfaceId: eni-9dec76cd - PrivateIp: 10.0.0.149 - PublicIp: 198.11.222.333 - NatGatewayId: nat-05dba92075d71c408 - State: available - SubnetId: subnet-847e4dc2 - VpcId: vpc-1a2b3c4d - properties: - natGatewaySet: - allOf: - - $ref: '#/components/schemas/NatGatewayList' - - description: Information about the NAT gateways. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - NatGatewayId: - type: string - DescribeNetworkAclsResult: - type: object - example: - NetworkAcls: - - Associations: - - NetworkAclAssociationId: aclassoc-66ea5f0b - NetworkAclId: acl-9aeb5ef7 - SubnetId: subnet-65ea5f08 - Entries: - - CidrBlock: 0.0.0.0/0 - Egress: true - Protocol: '-1' - RuleAction: deny - RuleNumber: 32767 - - CidrBlock: 0.0.0.0/0 - Egress: false - Protocol: '-1' - RuleAction: deny - RuleNumber: 32767 - IsDefault: false - NetworkAclId: acl-5fb85d36 - Tags: [] - VpcId: vpc-a01106c2 - properties: - networkAclSet: - allOf: - - $ref: '#/components/schemas/NetworkAclList' - - description: Information about one or more network ACLs. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - NetworkAclId: - type: string - DescribeNetworkInsightsAccessScopeAnalysesResult: - type: object - properties: - networkInsightsAccessScopeAnalysisSet: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysisList' - - description: The Network Access Scope analyses. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - NetworkInsightsAccessScopeAnalysisId: - type: string - DescribeNetworkInsightsAccessScopesResult: - type: object - properties: - networkInsightsAccessScopeSet: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeList' - - description: The Network Access Scopes. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - NetworkInsightsAccessScopeId: - type: string - DescribeNetworkInsightsAnalysesResult: - type: object - properties: - networkInsightsAnalysisSet: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAnalysisList' - - description: Information about the network insights analyses. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - NetworkInsightsAnalysisId: - type: string - DescribeNetworkInsightsPathsResult: - type: object - properties: - networkInsightsPathSet: - allOf: - - $ref: '#/components/schemas/NetworkInsightsPathList' - - description: Information about the paths. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - NetworkInsightsPathId: - type: string - DescribeNetworkInterfaceAttributeResult: - type: object - example: - NetworkInterfaceId: eni-686ea200 - SourceDestCheck: - Value: true - properties: - attachment: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceAttachment' - - description: The attachment (if any) of the network interface. - description: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: The description of the network interface. - groupSet: - allOf: - - $ref: '#/components/schemas/GroupIdentifierList' - - description: The security groups associated with the network interface. - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network interface. - sourceDestCheck: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description: Indicates whether source/destination checking is enabled. - description: Contains the output of DescribeNetworkInterfaceAttribute. - DescribeNetworkInterfacePermissionsResult: - type: object - properties: - networkInterfacePermissions: - allOf: - - $ref: '#/components/schemas/NetworkInterfacePermissionList' - - description: The network interface permissions. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. - description: Contains the output for DescribeNetworkInterfacePermissions. - NetworkInterfacePermissionId: - type: string - DescribeNetworkInterfacesResult: - type: object - example: - NetworkInterfaces: - - Association: - AssociationId: eipassoc-0fbb766a - IpOwnerId: '123456789012' - PublicDnsName: ec2-203-0-113-12.compute-1.amazonaws.com - PublicIp: 203.0.113.12 - Attachment: - AttachTime: '2013-11-30T23:36:42.000Z' - AttachmentId: eni-attach-66c4350a - DeleteOnTermination: false - DeviceIndex: 1 - InstanceId: i-1234567890abcdef0 - InstanceOwnerId: '123456789012' - Status: attached - AvailabilityZone: us-east-1d - Description: my network interface - Groups: - - GroupId: sg-8637d3e3 - GroupName: default - MacAddress: '02:2f:8f:b0:cf:75' - NetworkInterfaceId: eni-e5aa89a3 - OwnerId: '123456789012' - PrivateDnsName: ip-10-0-1-17.ec2.internal - PrivateIpAddress: 10.0.1.17 - PrivateIpAddresses: - - Association: - AssociationId: eipassoc-0fbb766a - IpOwnerId: '123456789012' - PublicDnsName: ec2-203-0-113-12.compute-1.amazonaws.com - PublicIp: 203.0.113.12 - Primary: true - PrivateDnsName: ip-10-0-1-17.ec2.internal - PrivateIpAddress: 10.0.1.17 - RequesterManaged: false - SourceDestCheck: true - Status: in-use - SubnetId: subnet-b61f49f0 - TagSet: [] - VpcId: vpc-a01106c2 - properties: - networkInterfaceSet: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceList' - - description: Information about one or more network interfaces. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - description: Contains the output of DescribeNetworkInterfaces. - DescribePlacementGroupsResult: - type: object - properties: - placementGroupSet: - allOf: - - $ref: '#/components/schemas/PlacementGroupList' - - description: Information about the placement groups. - PlacementGroupName: - type: string - PlacementGroupId: - type: string - DescribePrefixListsResult: - type: object - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - prefixListSet: - allOf: - - $ref: '#/components/schemas/PrefixListSet' - - description: All available prefix lists. - PrefixListResourceId: - type: string - DescribePrincipalIdFormatResult: - type: object - properties: - principalSet: - allOf: - - $ref: '#/components/schemas/PrincipalIdFormatList' - - description: Information about the ID format settings for the ARN. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribePublicIpv4PoolsResult: - type: object - properties: - publicIpv4PoolSet: - allOf: - - $ref: '#/components/schemas/PublicIpv4PoolSet' - - description: Information about the address pools. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - Ipv4PoolEc2Id: - type: string - DescribeRegionsResult: - type: object - example: - Regions: - - Endpoint: ec2.ap-south-1.amazonaws.com - RegionName: ap-south-1 - - Endpoint: ec2.eu-west-1.amazonaws.com - RegionName: eu-west-1 - - Endpoint: ec2.ap-southeast-1.amazonaws.com - RegionName: ap-southeast-1 - - Endpoint: ec2.ap-southeast-2.amazonaws.com - RegionName: ap-southeast-2 - - Endpoint: ec2.eu-central-1.amazonaws.com - RegionName: eu-central-1 - - Endpoint: ec2.ap-northeast-2.amazonaws.com - RegionName: ap-northeast-2 - - Endpoint: ec2.ap-northeast-1.amazonaws.com - RegionName: ap-northeast-1 - - Endpoint: ec2.us-east-1.amazonaws.com - RegionName: us-east-1 - - Endpoint: ec2.sa-east-1.amazonaws.com - RegionName: sa-east-1 - - Endpoint: ec2.us-west-1.amazonaws.com - RegionName: us-west-1 - - Endpoint: ec2.us-west-2.amazonaws.com - RegionName: us-west-2 - properties: - regionInfo: - allOf: - - $ref: '#/components/schemas/RegionList' - - description: Information about the Regions. - DescribeReplaceRootVolumeTasksResult: - type: object - properties: - replaceRootVolumeTaskSet: - allOf: - - $ref: '#/components/schemas/ReplaceRootVolumeTasks' - - description: Information about the root volume replacement task. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - ReplaceRootVolumeTaskId: - type: string - DescribeReservedInstancesResult: - type: object - properties: - reservedInstancesSet: - allOf: - - $ref: '#/components/schemas/ReservedInstancesList' - - description: A list of Reserved Instances. - description: Contains the output for DescribeReservedInstances. - DescribeReservedInstancesListingsResult: - type: object - properties: - reservedInstancesListingsSet: - allOf: - - $ref: '#/components/schemas/ReservedInstancesListingList' - - description: Information about the Reserved Instance listing. - description: Contains the output of DescribeReservedInstancesListings. - DescribeReservedInstancesModificationsResult: - type: object - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - reservedInstancesModificationsSet: - allOf: - - $ref: '#/components/schemas/ReservedInstancesModificationList' - - description: The Reserved Instance modification information. - description: Contains the output of DescribeReservedInstancesModifications. - ReservedInstancesModificationId: - type: string - DescribeReservedInstancesOfferingsResult: - type: object - properties: - reservedInstancesOfferingsSet: - allOf: - - $ref: '#/components/schemas/ReservedInstancesOfferingList' - - description: A list of Reserved Instances offerings. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - description: Contains the output of DescribeReservedInstancesOfferings. - ReservedInstancesOfferingId: - type: string - DescribeRouteTablesResult: - type: object - example: - RouteTables: - - Associations: - - Main: true - RouteTableAssociationId: rtbassoc-d8ccddba - RouteTableId: rtb-1f382e7d - PropagatingVgws: [] - RouteTableId: rtb-1f382e7d - Routes: - - DestinationCidrBlock: 10.0.0.0/16 - GatewayId: local - State: active - Tags: [] - VpcId: vpc-a01106c2 - properties: - routeTableSet: - allOf: - - $ref: '#/components/schemas/RouteTableList' - - description: Information about one or more route tables. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - description: Contains the output of DescribeRouteTables. - DescribeScheduledInstanceAvailabilityResult: - type: object - example: - ScheduledInstanceAvailabilitySet: - - AvailabilityZone: us-west-2b - AvailableInstanceCount: 20 - FirstSlotStartTime: '2016-01-31T00:00:00Z' - HourlyPrice: '0.095' - InstanceType: c4.large - MaxTermDurationInDays: 366 - MinTermDurationInDays: 366 - NetworkPlatform: EC2-VPC - Platform: Linux/UNIX - PurchaseToken: eyJ2IjoiMSIsInMiOjEsImMiOi... - Recurrence: - Frequency: Weekly - Interval: 1 - OccurrenceDaySet: - - 1 - OccurrenceRelativeToEnd: false - SlotDurationInHours: 23 - TotalScheduledInstanceHours: 1219 - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token required to retrieve the next set of results. This value is null when there are no more results to return. - scheduledInstanceAvailabilitySet: - allOf: - - $ref: '#/components/schemas/ScheduledInstanceAvailabilitySet' - - description: Information about the available Scheduled Instances. - description: Contains the output of DescribeScheduledInstanceAvailability. - DateTime: - type: string - format: date-time - DescribeScheduledInstancesResult: - type: object - example: - ScheduledInstanceSet: - - AvailabilityZone: us-west-2b - CreateDate: '2016-01-25T21:43:38.612Z' - HourlyPrice: '0.095' - InstanceCount: 1 - InstanceType: c4.large - NetworkPlatform: EC2-VPC - NextSlotStartTime: '2016-01-31T09:00:00Z' - Platform: Linux/UNIX - Recurrence: - Frequency: Weekly - Interval: 1 - OccurrenceDaySet: - - 1 - OccurrenceRelativeToEnd: false - OccurrenceUnit: '' - ScheduledInstanceId: sci-1234-1234-1234-1234-123456789012 - SlotDurationInHours: 32 - TermEndDate: '2017-01-31T09:00:00Z' - TermStartDate: '2016-01-31T09:00:00Z' - TotalScheduledInstanceHours: 1696 - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token required to retrieve the next set of results. This value is null when there are no more results to return. - scheduledInstanceSet: - allOf: - - $ref: '#/components/schemas/ScheduledInstanceSet' - - description: Information about the Scheduled Instances. - description: Contains the output of DescribeScheduledInstances. - ScheduledInstanceId: - type: string - DescribeSecurityGroupReferencesResult: - type: object - example: - SecurityGroupReferenceSet: - - GroupId: sg-903004f8 - ReferencingVpcId: vpc-1a2b3c4d - VpcPeeringConnectionId: pcx-b04deed9 - properties: - securityGroupReferenceSet: - allOf: - - $ref: '#/components/schemas/SecurityGroupReferences' - - description: Information about the VPCs with the referencing security groups. - DescribeSecurityGroupRulesResult: - type: object - properties: - securityGroupRuleSet: - allOf: - - $ref: '#/components/schemas/SecurityGroupRuleList' - - description: Information about security group rules. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The token to use to retrieve the next page of results. This value is null when there are no more results to return. ' - DescribeSecurityGroupsResult: - type: object - example: {} - properties: - securityGroupInfo: - allOf: - - $ref: '#/components/schemas/SecurityGroupList' - - description: Information about the security groups. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - SecurityGroupName: - type: string - DescribeSnapshotAttributeResult: - type: object - example: - CreateVolumePermissions: [] - SnapshotId: snap-066877671789bd71b - properties: - createVolumePermission: - allOf: - - $ref: '#/components/schemas/CreateVolumePermissionList' - - description: The users and groups that have the permissions for creating volumes from the snapshot. - productCodes: - allOf: - - $ref: '#/components/schemas/ProductCodeList' - - description: The product codes. - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the EBS snapshot. - DescribeSnapshotTierStatusResult: - type: object - properties: - snapshotTierStatusSet: - allOf: - - $ref: '#/components/schemas/snapshotTierStatusSet' - - description: Information about the snapshot's storage tier. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeSnapshotsResult: - type: object - example: - NextToken: '' - Snapshots: - - Description: This is my copied snapshot. - OwnerId: 012345678910 - Progress: 87% - SnapshotId: snap-066877671789bd71b - StartTime: '2014-02-28T21:37:27.000Z' - State: pending - VolumeId: vol-1234567890abcdef0 - VolumeSize: 8 - properties: - snapshotSet: - allOf: - - $ref: '#/components/schemas/SnapshotList' - - description: Information about the snapshots. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The NextToken value to include in a future DescribeSnapshots request. When the results of a DescribeSnapshots request exceed MaxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.' - SnapshotId: - type: string - DescribeSpotDatafeedSubscriptionResult: - type: object - example: - SpotDatafeedSubscription: - Bucket: my-s3-bucket - OwnerId: '123456789012' - Prefix: spotdata - State: Active - properties: - spotDatafeedSubscription: - allOf: - - $ref: '#/components/schemas/SpotDatafeedSubscription' - - description: The Spot Instance data feed subscription. - description: Contains the output of DescribeSpotDatafeedSubscription. - DescribeSpotFleetInstancesResponse: - type: object - example: - ActiveInstances: - - InstanceId: i-1234567890abcdef0 - InstanceType: m3.medium - SpotInstanceRequestId: sir-08b93456 - SpotFleetRequestId: sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE - properties: - activeInstanceSet: - allOf: - - $ref: '#/components/schemas/ActiveInstanceSet' - - description: The running instances. This list is refreshed periodically and might be out of date. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token required to retrieve the next set of results. This value is null when there are no more results to return. - spotFleetRequestId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Spot Fleet request. - description: Contains the output of DescribeSpotFleetInstances. - DescribeSpotFleetRequestHistoryResponse: - type: object - example: - HistoryRecords: - - EventInformation: - EventSubType: submitted - EventType: fleetRequestChange - Timestamp: '2015-05-26T23:17:20.697Z' - - EventInformation: - EventSubType: active - EventType: fleetRequestChange - Timestamp: '2015-05-26T23:17:20.873Z' - - EventInformation: - EventSubType: launched - InstanceId: i-1234567890abcdef0 - EventType: instanceChange - Timestamp: '2015-05-26T23:21:21.712Z' - - EventInformation: - EventSubType: launched - InstanceId: i-1234567890abcdef1 - EventType: instanceChange - Timestamp: '2015-05-26T23:21:21.816Z' - NextToken: CpHNsscimcV5oH7bSbub03CI2Qms5+ypNpNm+53MNlR0YcXAkp0xFlfKf91yVxSExmbtma3awYxMFzNA663ZskT0AHtJ6TCb2Z8bQC2EnZgyELbymtWPfpZ1ZbauVg+P+TfGlWxWWB/Vr5dk5d4LfdgA/DRAHUrYgxzrEXAMPLE= - SpotFleetRequestId: sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE - StartTime: '2015-05-26T00:00:00Z' - properties: - historyRecordSet: - allOf: - - $ref: '#/components/schemas/HistoryRecords' - - description: Information about the events in the history of the Spot Fleet request. - lastEvaluatedTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: '

The last date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). All records up to this time were retrieved.

If nextToken indicates that there are more results, this value is not present.

' - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token required to retrieve the next set of results. This value is null when there are no more results to return. - spotFleetRequestId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Spot Fleet request. - startTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The starting date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - description: Contains the output of DescribeSpotFleetRequestHistory. - DescribeSpotFleetRequestsResponse: - type: object - example: - SpotFleetRequestConfigs: - - SpotFleetRequestConfig: - IamFleetRole: 'arn:aws:iam::123456789012:role/my-spot-fleet-role' - LaunchSpecifications: - - EbsOptimized: false - ImageId: ami-1a2b3c4d - InstanceType: cc2.8xlarge - NetworkInterfaces: - - AssociatePublicIpAddress: true - DeleteOnTermination: false - DeviceIndex: 0 - SecondaryPrivateIpAddressCount: 0 - SubnetId: subnet-a61dafcf - - EbsOptimized: false - ImageId: ami-1a2b3c4d - InstanceType: r3.8xlarge - NetworkInterfaces: - - AssociatePublicIpAddress: true - DeleteOnTermination: false - DeviceIndex: 0 - SecondaryPrivateIpAddressCount: 0 - SubnetId: subnet-a61dafcf - SpotPrice: '0.05' - TargetCapacity: 20 - SpotFleetRequestId: sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE - SpotFleetRequestState: active - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token required to retrieve the next set of results. This value is null when there are no more results to return. - spotFleetRequestConfigSet: - allOf: - - $ref: '#/components/schemas/SpotFleetRequestConfigSet' - - description: Information about the configuration of your Spot Fleet. - description: Contains the output of DescribeSpotFleetRequests. - DescribeSpotInstanceRequestsResult: - type: object - example: - SpotInstanceRequests: - - CreateTime: '2014-04-30T18:14:55.000Z' - InstanceId: i-1234567890abcdef0 - LaunchSpecification: - BlockDeviceMappings: - - DeviceName: /dev/sda1 - Ebs: - DeleteOnTermination: true - VolumeSize: 8 - VolumeType: standard - EbsOptimized: false - ImageId: ami-7aba833f - InstanceType: m1.small - KeyName: my-key-pair - SecurityGroups: - - GroupId: sg-e38f24a7 - GroupName: my-security-group - LaunchedAvailabilityZone: us-west-1b - ProductDescription: Linux/UNIX - SpotInstanceRequestId: sir-08b93456 - SpotPrice: '0.010000' - State: active - Status: - Code: fulfilled - Message: Your Spot request is fulfilled. - UpdateTime: '2014-04-30T18:16:21.000Z' - Type: one-time - properties: - spotInstanceRequestSet: - allOf: - - $ref: '#/components/schemas/SpotInstanceRequestList' - - description: One or more Spot Instance requests. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next set of results. This value is null when there are no more results to return. - description: Contains the output of DescribeSpotInstanceRequests. - DescribeSpotPriceHistoryResult: - type: object - example: - SpotPriceHistory: - - AvailabilityZone: us-west-1a - InstanceType: m1.xlarge - ProductDescription: Linux/UNIX (Amazon VPC) - SpotPrice: '0.080000' - Timestamp: '2014-01-06T04:32:53.000Z' - - AvailabilityZone: us-west-1c - InstanceType: m1.xlarge - ProductDescription: Linux/UNIX (Amazon VPC) - SpotPrice: '0.080000' - Timestamp: '2014-01-05T11:28:26.000Z' - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token required to retrieve the next set of results. This value is null or an empty string when there are no more results to return. - spotPriceHistorySet: - allOf: - - $ref: '#/components/schemas/SpotPriceHistoryList' - - description: The historical Spot prices. - description: Contains the output of DescribeSpotPriceHistory. - DescribeStaleSecurityGroupsResult: - type: object - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.' - staleSecurityGroupSet: - allOf: - - $ref: '#/components/schemas/StaleSecurityGroupSet' - - description: Information about the stale security groups. - DescribeStoreImageTasksResult: - type: object - properties: - storeImageTaskResultSet: - allOf: - - $ref: '#/components/schemas/StoreImageTaskResultSet' - - description: The information about the AMI store tasks. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeSubnetsResult: - type: object - example: - Subnets: - - AvailabilityZone: us-east-1c - AvailableIpAddressCount: 251 - CidrBlock: 10.0.1.0/24 - DefaultForAz: false - MapPublicIpOnLaunch: false - State: available - SubnetId: subnet-9d4a7b6c - VpcId: vpc-a01106c2 - properties: - subnetSet: - allOf: - - $ref: '#/components/schemas/SubnetList' - - description: Information about one or more subnets. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeTagsResult: - type: object - example: - Tags: - - Key: Stack - ResourceId: i-1234567890abcdef8 - ResourceType: instance - Value: test - - Key: Name - ResourceId: i-1234567890abcdef8 - ResourceType: instance - Value: Beta Server - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - tagSet: - allOf: - - $ref: '#/components/schemas/TagDescriptionList' - - description: The tags. - DescribeTrafficMirrorFiltersResult: - type: object - properties: - trafficMirrorFilterSet: - allOf: - - $ref: '#/components/schemas/TrafficMirrorFilterSet' - - description: Information about one or more Traffic Mirror filters. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. The value is null when there are no more results to return. - TrafficMirrorFilterId: - type: string - DescribeTrafficMirrorSessionsResult: - type: object - properties: - trafficMirrorSessionSet: - allOf: - - $ref: '#/components/schemas/TrafficMirrorSessionSet' - - description: 'Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror sessions are described. Alternatively, you can filter the results.' - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. The value is null when there are no more results to return. - TrafficMirrorSessionId: - type: string - DescribeTrafficMirrorTargetsResult: - type: object - properties: - trafficMirrorTargetSet: - allOf: - - $ref: '#/components/schemas/TrafficMirrorTargetSet' - - description: Information about one or more Traffic Mirror targets. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. The value is null when there are no more results to return. - TrafficMirrorTargetId: - type: string - DescribeTransitGatewayAttachmentsResult: - type: object - properties: - transitGatewayAttachments: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentList' - - description: Information about the attachments. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - TransitGatewayAttachmentId: - type: string - DescribeTransitGatewayConnectPeersResult: - type: object - properties: - transitGatewayConnectPeerSet: - allOf: - - $ref: '#/components/schemas/TransitGatewayConnectPeerList' - - description: Information about the Connect peers. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - TransitGatewayConnectPeerId: - type: string - DescribeTransitGatewayConnectsResult: - type: object - properties: - transitGatewayConnectSet: - allOf: - - $ref: '#/components/schemas/TransitGatewayConnectList' - - description: Information about the Connect attachments. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeTransitGatewayMulticastDomainsResult: - type: object - properties: - transitGatewayMulticastDomains: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDomainList' - - description: Information about the transit gateway multicast domains. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - TransitGatewayMulticastDomainId: - type: string - DescribeTransitGatewayPeeringAttachmentsResult: - type: object - properties: - transitGatewayPeeringAttachments: - allOf: - - $ref: '#/components/schemas/TransitGatewayPeeringAttachmentList' - - description: The transit gateway peering attachments. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeTransitGatewayRouteTablesResult: - type: object - properties: - transitGatewayRouteTables: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableList' - - description: Information about the transit gateway route tables. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - TransitGatewayRouteTableId: - type: string - DescribeTransitGatewayVpcAttachmentsResult: - type: object - properties: - transitGatewayVpcAttachments: - allOf: - - $ref: '#/components/schemas/TransitGatewayVpcAttachmentList' - - description: Information about the VPC attachments. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeTransitGatewaysResult: - type: object - properties: - transitGatewaySet: - allOf: - - $ref: '#/components/schemas/TransitGatewayList' - - description: Information about the transit gateways. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - TransitGatewayId: - type: string - DescribeTrunkInterfaceAssociationsResult: - type: object - properties: - interfaceAssociationSet: - allOf: - - $ref: '#/components/schemas/TrunkInterfaceAssociationList' - - description: Information about the trunk associations. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - TrunkInterfaceAssociationId: - type: string - DescribeVolumeAttributeResult: - type: object - example: - AutoEnableIO: - Value: false - VolumeId: vol-049df61146c4d7901 - properties: - autoEnableIO: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description: The state of autoEnableIO attribute. - productCodes: - allOf: - - $ref: '#/components/schemas/ProductCodeList' - - description: A list of product codes. - volumeId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the volume. - DescribeVolumeStatusResult: - type: object - example: - VolumeStatuses: [] - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - volumeStatusSet: - allOf: - - $ref: '#/components/schemas/VolumeStatusList' - - description: Information about the status of the volumes. - VolumeId: - type: string - DescribeVolumesResult: - type: object - example: - Volumes: - - Attachments: - - AttachTime: '2013-12-18T22:35:00.000Z' - DeleteOnTermination: true - Device: /dev/sda1 - InstanceId: i-1234567890abcdef0 - State: attached - VolumeId: vol-049df61146c4d7901 - AvailabilityZone: us-east-1a - CreateTime: '2013-12-18T22:35:00.084Z' - Size: 8 - SnapshotId: snap-1234567890abcdef0 - State: in-use - VolumeId: vol-049df61146c4d7901 - VolumeType: standard - properties: - volumeSet: - allOf: - - $ref: '#/components/schemas/VolumeList' - - description: Information about the volumes. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The NextToken value to include in a future DescribeVolumes request. When the results of a DescribeVolumes request exceed MaxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.' - DescribeVolumesModificationsResult: - type: object - properties: - volumeModificationSet: - allOf: - - $ref: '#/components/schemas/VolumeModificationList' - - description: Information about the volume modifications. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Token for pagination, null if there are no more results ' - DescribeVpcAttributeResult: - type: object - example: - EnableDnsHostnames: - Value: true - VpcId: vpc-a01106c2 - properties: - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - enableDnsHostnames: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description: 'Indicates whether the instances launched in the VPC get DNS hostnames. If this attribute is true, instances in the VPC get DNS hostnames; otherwise, they do not.' - enableDnsSupport: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description: 'Indicates whether DNS resolution is enabled for the VPC. If this attribute is true, the Amazon DNS server resolves DNS hostnames for your instances to their corresponding IP addresses; otherwise, it does not.' - DescribeVpcClassicLinkResult: - type: object - properties: - vpcSet: - allOf: - - $ref: '#/components/schemas/VpcClassicLinkList' - - description: The ClassicLink status of one or more VPCs. - VpcId: - type: string - DescribeVpcClassicLinkDnsSupportResult: - type: object - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/DescribeVpcClassicLinkDnsSupportNextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - vpcs: - allOf: - - $ref: '#/components/schemas/ClassicLinkDnsSupportList' - - description: Information about the ClassicLink DNS support status of the VPCs. - DescribeVpcEndpointConnectionNotificationsResult: - type: object - properties: - connectionNotificationSet: - allOf: - - $ref: '#/components/schemas/ConnectionNotificationSet' - - description: One or more notifications. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeVpcEndpointConnectionsResult: - type: object - properties: - vpcEndpointConnectionSet: - allOf: - - $ref: '#/components/schemas/VpcEndpointConnectionSet' - - description: Information about one or more VPC endpoint connections. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeVpcEndpointServiceConfigurationsResult: - type: object - properties: - serviceConfigurationSet: - allOf: - - $ref: '#/components/schemas/ServiceConfigurationSet' - - description: Information about one or more services. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeVpcEndpointServicePermissionsResult: - type: object - properties: - allowedPrincipals: - allOf: - - $ref: '#/components/schemas/AllowedPrincipalSet' - - description: Information about one or more allowed principals. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeVpcEndpointServicesResult: - type: object - properties: - serviceNameSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: A list of supported services. - serviceDetailSet: - allOf: - - $ref: '#/components/schemas/ServiceDetailSet' - - description: Information about the service. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.' - description: Contains the output of DescribeVpcEndpointServices. - DescribeVpcEndpointsResult: - type: object - properties: - vpcEndpointSet: - allOf: - - $ref: '#/components/schemas/VpcEndpointSet' - - description: Information about the endpoints. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.' - description: Contains the output of DescribeVpcEndpoints. - DescribeVpcPeeringConnectionsResult: - type: object - properties: - vpcPeeringConnectionSet: - allOf: - - $ref: '#/components/schemas/VpcPeeringConnectionList' - - description: Information about the VPC peering connections. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - VpcPeeringConnectionId: - type: string - DescribeVpcsResult: - type: object - example: - Vpcs: - - CidrBlock: 10.0.0.0/16 - DhcpOptionsId: dopt-7a8b9c2d - InstanceTenancy: default - IsDefault: false - State: available - Tags: - - Key: Name - Value: MyVPC - VpcId: vpc-a01106c2 - properties: - vpcSet: - allOf: - - $ref: '#/components/schemas/VpcList' - - description: Information about one or more VPCs. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - DescribeVpnConnectionsResult: - type: object - properties: - vpnConnectionSet: - allOf: - - $ref: '#/components/schemas/VpnConnectionList' - - description: Information about one or more VPN connections. - description: Contains the output of DescribeVpnConnections. - VpnConnectionId: - type: string - DescribeVpnGatewaysResult: - type: object - properties: - vpnGatewaySet: - allOf: - - $ref: '#/components/schemas/VpnGatewayList' - - description: Information about one or more virtual private gateways. - description: Contains the output of DescribeVpnGateways. - VpnGatewayId: - type: string - DetachClassicLinkVpcResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - DisableEbsEncryptionByDefaultResult: - type: object - properties: - ebsEncryptionByDefault: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The updated status of encryption by default. - DisableFastLaunchResult: - type: object - properties: - imageId: - allOf: - - $ref: '#/components/schemas/ImageId' - - description: The ID of the image for which faster-launching has been turned off. - resourceType: - allOf: - - $ref: '#/components/schemas/FastLaunchResourceType' - - description: 'The pre-provisioning resource type that must be cleaned after turning off faster launching for the Windows AMI. Supported values include: snapshot.' - snapshotConfiguration: - allOf: - - $ref: '#/components/schemas/FastLaunchSnapshotConfigurationResponse' - - description: Parameters that were used for faster launching for the Windows AMI before faster launching was turned off. This informs the clean-up process. - launchTemplate: - allOf: - - $ref: '#/components/schemas/FastLaunchLaunchTemplateSpecificationResponse' - - description: The launch template that was used to launch Windows instances from pre-provisioned snapshots. - maxParallelLaunches: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The maximum number of parallel instances to launch for creating resources. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The owner of the Windows AMI for which faster launching was turned off. - state: - allOf: - - $ref: '#/components/schemas/FastLaunchStateCode' - - description: The current state of faster launching for the specified Windows AMI. - stateTransitionReason: - allOf: - - $ref: '#/components/schemas/String' - - description: The reason that the state changed for faster launching for the Windows AMI. - stateTransitionTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time that the state changed for faster launching for the Windows AMI. - DisableFastSnapshotRestoresResult: - type: object - properties: - successful: - allOf: - - $ref: '#/components/schemas/DisableFastSnapshotRestoreSuccessSet' - - description: Information about the snapshots for which fast snapshot restores were successfully disabled. - unsuccessful: - allOf: - - $ref: '#/components/schemas/DisableFastSnapshotRestoreErrorSet' - - description: Information about the snapshots for which fast snapshot restores could not be disabled. - DisableImageDeprecationResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - DisableIpamOrganizationAdminAccountResult: - type: object - properties: - success: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The result of disabling the IPAM account. - DisableSerialConsoleAccessResult: - type: object - properties: - serialConsoleAccessEnabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If true, access to the EC2 serial console of all instances is enabled for your account. If false, access to the EC2 serial console of all instances is disabled for your account.' - DisableTransitGatewayRouteTablePropagationResult: - type: object - properties: - propagation: - allOf: - - $ref: '#/components/schemas/TransitGatewayPropagation' - - description: Information about route propagation. - DisableVpcClassicLinkResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - DisableVpcClassicLinkDnsSupportResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - DisassociateClientVpnTargetNetworkResult: - type: object - properties: - associationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the target network association. - status: - allOf: - - $ref: '#/components/schemas/AssociationStatus' - - description: The current state of the target network association. - DisassociateEnclaveCertificateIamRoleResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - DisassociateIamInstanceProfileResult: - type: object - example: - IamInstanceProfileAssociation: - AssociationId: iip-assoc-05020b59952902f5f - IamInstanceProfile: - Arn: 'arn:aws:iam::123456789012:instance-profile/admin-role' - Id: AIPAI5IVIHMFFYY2DKV5Y - InstanceId: i-123456789abcde123 - State: disassociating - properties: - iamInstanceProfileAssociation: - allOf: - - $ref: '#/components/schemas/IamInstanceProfileAssociation' - - description: Information about the IAM instance profile association. - DisassociateInstanceEventWindowResult: - type: object - properties: - instanceEventWindow: - allOf: - - $ref: '#/components/schemas/InstanceEventWindow' - - description: Information about the event window. - DisassociateSubnetCidrBlockResult: - type: object - properties: - ipv6CidrBlockAssociation: - allOf: - - $ref: '#/components/schemas/SubnetIpv6CidrBlockAssociation' - - description: Information about the IPv6 CIDR block association. - subnetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the subnet. - DisassociateTransitGatewayMulticastDomainResult: - type: object - properties: - associations: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDomainAssociations' - - description: Information about the association. - DisassociateTransitGatewayRouteTableResult: - type: object - properties: - association: - allOf: - - $ref: '#/components/schemas/TransitGatewayAssociation' - - description: Information about the association. - DisassociateTrunkInterfaceResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency.' - DisassociateVpcCidrBlockResult: - type: object - properties: - ipv6CidrBlockAssociation: - allOf: - - $ref: '#/components/schemas/VpcIpv6CidrBlockAssociation' - - description: Information about the IPv6 CIDR block association. - cidrBlockAssociation: - allOf: - - $ref: '#/components/schemas/VpcCidrBlockAssociation' - - description: Information about the IPv4 CIDR block association. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - EnableEbsEncryptionByDefaultResult: - type: object - properties: - ebsEncryptionByDefault: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The updated status of encryption by default. - EnableFastLaunchResult: - type: object - properties: - imageId: - allOf: - - $ref: '#/components/schemas/ImageId' - - description: The image ID that identifies the Windows AMI for which faster launching was enabled. - resourceType: - allOf: - - $ref: '#/components/schemas/FastLaunchResourceType' - - description: The type of resource that was defined for pre-provisioning the Windows AMI for faster launching. - snapshotConfiguration: - allOf: - - $ref: '#/components/schemas/FastLaunchSnapshotConfigurationResponse' - - description: The configuration settings that were defined for creating and managing the pre-provisioned snapshots for faster launching of the Windows AMI. This property is returned when the associated resourceType is snapshot. - launchTemplate: - allOf: - - $ref: '#/components/schemas/FastLaunchLaunchTemplateSpecificationResponse' - - description: The launch template that is used when launching Windows instances from pre-provisioned snapshots. - maxParallelLaunches: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The maximum number of parallel instances to launch for creating resources. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The owner ID for the Windows AMI for which faster launching was enabled. - state: - allOf: - - $ref: '#/components/schemas/FastLaunchStateCode' - - description: The current state of faster launching for the specified Windows AMI. - stateTransitionReason: - allOf: - - $ref: '#/components/schemas/String' - - description: The reason that the state changed for faster launching for the Windows AMI. - stateTransitionTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time that the state changed for faster launching for the Windows AMI. - EnableFastSnapshotRestoresResult: - type: object - properties: - successful: - allOf: - - $ref: '#/components/schemas/EnableFastSnapshotRestoreSuccessSet' - - description: Information about the snapshots for which fast snapshot restores were successfully enabled. - unsuccessful: - allOf: - - $ref: '#/components/schemas/EnableFastSnapshotRestoreErrorSet' - - description: Information about the snapshots for which fast snapshot restores could not be enabled. - EnableImageDeprecationResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - EnableIpamOrganizationAdminAccountResult: - type: object - properties: - success: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The result of enabling the IPAM account. - EnableSerialConsoleAccessResult: - type: object - properties: - serialConsoleAccessEnabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If true, access to the EC2 serial console of all instances is enabled for your account. If false, access to the EC2 serial console of all instances is disabled for your account.' - EnableTransitGatewayRouteTablePropagationResult: - type: object - properties: - propagation: - allOf: - - $ref: '#/components/schemas/TransitGatewayPropagation' - - description: Information about route propagation. - EnableVpcClassicLinkResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - EnableVpcClassicLinkDnsSupportResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - ExportClientVpnClientCertificateRevocationListResult: - type: object - properties: - certificateRevocationList: - allOf: - - $ref: '#/components/schemas/String' - - description: Information about the client certificate revocation list. - status: - allOf: - - $ref: '#/components/schemas/ClientCertificateRevocationListStatus' - - description: The current state of the client certificate revocation list. - ExportClientVpnClientConfigurationResult: - type: object - properties: - clientConfiguration: - allOf: - - $ref: '#/components/schemas/String' - - description: The contents of the Client VPN endpoint configuration file. - ExportImageResult: - type: object - properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description of the image being exported. - diskImageFormat: - allOf: - - $ref: '#/components/schemas/DiskImageFormat' - - description: The disk image format for the exported image. - exportImageTaskId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the export image task. - imageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the image. - roleName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the role that grants VM Import/Export permission to export images to your Amazon S3 bucket. - progress: - allOf: - - $ref: '#/components/schemas/String' - - description: The percent complete of the export image task. - s3ExportLocation: - allOf: - - $ref: '#/components/schemas/ExportTaskS3Location' - - description: Information about the destination Amazon S3 bucket. - status: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The status of the export image task. The possible values are active, completed, deleting, and deleted.' - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: The status message for the export image task. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the export image task. - ExportTransitGatewayRoutesResult: - type: object - properties: - s3Location: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The URL of the exported file in Amazon S3. For example, s3://bucket_name/VPCTransitGateway/TransitGatewayRouteTables/file_name.' - GetAssociatedEnclaveCertificateIamRolesResult: - type: object - properties: - associatedRoleSet: - allOf: - - $ref: '#/components/schemas/AssociatedRolesList' - - description: Information about the associated IAM roles. - GetAssociatedIpv6PoolCidrsResult: - type: object - properties: - ipv6CidrAssociationSet: - allOf: - - $ref: '#/components/schemas/Ipv6CidrAssociationSet' - - description: Information about the IPv6 CIDR block associations. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - GetCapacityReservationUsageResult: - type: object - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - capacityReservationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Capacity Reservation. - instanceType: - allOf: - - $ref: '#/components/schemas/String' - - description: The type of instance for which the Capacity Reservation reserves capacity. - totalInstanceCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of instances for which the Capacity Reservation reserves capacity. - availableInstanceCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The remaining capacity. Indicates the number of instances that can be launched in the Capacity Reservation. - state: - allOf: - - $ref: '#/components/schemas/CapacityReservationState' - - description: '

The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:

' - instanceUsageSet: - allOf: - - $ref: '#/components/schemas/InstanceUsageSet' - - description: Information about the Capacity Reservation usage. - GetCoipPoolUsageResult: - type: object - properties: - coipPoolId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the customer-owned address pool. - coipAddressUsageSet: - allOf: - - $ref: '#/components/schemas/CoipAddressUsageSet' - - description: Information about the address usage. - localGatewayRouteTableId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the local gateway route table. - GetConsoleOutputResult: - type: object - example: - InstanceId: i-1234567890abcdef0 - Output: ... - Timestamp: '2018-05-25T21:23:53.000Z' - properties: - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - output: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The console output, base64-encoded. If you are using a command line tool, the tool decodes the output for you.' - timestamp: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time at which the output was last updated. - GetConsoleScreenshotResult: - type: object - properties: - imageData: - allOf: - - $ref: '#/components/schemas/String' - - description: The data that comprises the image. - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - GetDefaultCreditSpecificationResult: - type: object - properties: - instanceFamilyCreditSpecification: - allOf: - - $ref: '#/components/schemas/InstanceFamilyCreditSpecification' - - description: The default credit option for CPU usage of the instance family. - GetEbsDefaultKmsKeyIdResult: - type: object - properties: - kmsKeyId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the default KMS key for encryption by default. - GetEbsEncryptionByDefaultResult: - type: object - properties: - ebsEncryptionByDefault: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether encryption by default is enabled. - GetFlowLogsIntegrationTemplateResult: - type: object - properties: - result: - allOf: - - $ref: '#/components/schemas/String' - - description: The generated CloudFormation template. - AthenaIntegrationsSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/AthenaIntegration' - - xml: - name: item - minItems: 1 - maxItems: 10 - GetGroupsForCapacityReservationResult: - type: object - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - capacityReservationGroupSet: - allOf: - - $ref: '#/components/schemas/CapacityReservationGroupSet' - - description: Information about the resource groups to which the Capacity Reservation has been added. - GetHostReservationPurchasePreviewResult: - type: object - properties: - currencyCode: - allOf: - - $ref: '#/components/schemas/CurrencyCodeValues' - - description: 'The currency in which the totalUpfrontPrice and totalHourlyPrice amounts are specified. At this time, the only supported currency is USD.' - purchase: - allOf: - - $ref: '#/components/schemas/PurchaseSet' - - description: The purchase information of the Dedicated Host reservation and the Dedicated Hosts associated with it. - totalHourlyPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The potential total hourly price of the reservation per hour. - totalUpfrontPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The potential total upfront price. This is billed immediately. - GetInstanceTypesFromInstanceRequirementsResult: - type: object - properties: - instanceTypeSet: - allOf: - - $ref: '#/components/schemas/InstanceTypeInfoFromInstanceRequirementsSet' - - description: The instance types with the specified instance attributes. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next set of results. - ArchitectureType: - type: string - enum: - - i386 - - x86_64 - - arm64 - - x86_64_mac - VirtualizationType: - type: string - enum: - - hvm - - paravirtual - MemoryMiBRequest: - type: object - required: - - Min - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum amount of memory, in MiB. To specify no maximum limit, omit this parameter.' - description: 'The minimum and maximum amount of memory, in MiB.' - MemoryGiBPerVCpuRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Double' - - description: 'The maximum amount of memory per vCPU, in GiB. To specify no maximum limit, omit this parameter.' - description: 'The minimum and maximum amount of memory per vCPU, in GiB.' - ExcludedInstanceTypeSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ExcludedInstanceType' - - xml: - name: item - minItems: 0 - maxItems: 400 - LocalStorage: - type: string - enum: - - included - - required - - excluded - BaselineEbsBandwidthMbpsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum baseline bandwidth, in Mbps. To specify no maximum limit, omit this parameter.' - description: 'The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.' - AcceleratorCountRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum number of accelerators. To specify no maximum limit, omit this parameter. To exclude accelerator-enabled instance types, set Max to 0.' - description: 'The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an instance. To exclude accelerator-enabled instance types, set Max to 0.' - AcceleratorManufacturerSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/AcceleratorManufacturer' - - xml: - name: item - AcceleratorTotalMemoryMiBRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum amount of accelerator memory, in MiB. To specify no maximum limit, omit this parameter.' - description: 'The minimum and maximum amount of total accelerator memory, in MiB.' - GetInstanceUefiDataResult: - type: object - properties: - instanceId: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: The ID of the instance from which to retrieve the UEFI data. - uefiData: - allOf: - - $ref: '#/components/schemas/String' - - description: Base64 representation of the non-volatile UEFI variable store. - GetIpamAddressHistoryResult: - type: object - properties: - historyRecordSet: - allOf: - - $ref: '#/components/schemas/IpamAddressHistoryRecordSet' - - description: 'A historical record for a CIDR within an IPAM scope. If the CIDR is associated with an EC2 instance, you will see an object in the response for the instance and one for the network interface.' - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - GetIpamPoolAllocationsResult: - type: object - properties: - ipamPoolAllocationSet: - allOf: - - $ref: '#/components/schemas/IpamPoolAllocationSet' - - description: The IPAM pool allocations you want information on. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - GetIpamPoolCidrsResult: - type: object - properties: - ipamPoolCidrSet: - allOf: - - $ref: '#/components/schemas/IpamPoolCidrSet' - - description: Information about the CIDRs provisioned to an IPAM pool. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - GetIpamResourceCidrsResult: - type: object - properties: - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - ipamResourceCidrSet: - allOf: - - $ref: '#/components/schemas/IpamResourceCidrSet' - - description: The resource CIDRs. - GetLaunchTemplateDataResult: - type: object - example: - LaunchTemplateData: - BlockDeviceMappings: - - DeviceName: /dev/xvda - Ebs: - DeleteOnTermination: true - Encrypted: false - Iops: 100 - SnapshotId: snap-02594938353ef77d3 - VolumeSize: 8 - VolumeType: gp2 - EbsOptimized: false - ImageId: ami-32cf7b4a - InstanceType: t2.medium - KeyName: my-key-pair - Monitoring: - Enabled: false - NetworkInterfaces: - - AssociatePublicIpAddress: false - DeleteOnTermination: true - Description: '' - DeviceIndex: 0 - Groups: - - sg-d14e1bb4 - Ipv6Addresses: [] - NetworkInterfaceId: eni-4338b5a9 - PrivateIpAddress: 10.0.3.233 - PrivateIpAddresses: - - Primary: true - PrivateIpAddress: 10.0.3.233 - SubnetId: subnet-5264e837 - Placement: - AvailabilityZone: us-east-2b - GroupName: '' - Tenancy: default - properties: - launchTemplateData: - allOf: - - $ref: '#/components/schemas/ResponseLaunchTemplateData' - - description: The instance data. - GetManagedPrefixListAssociationsResult: - type: object - properties: - prefixListAssociationSet: - allOf: - - $ref: '#/components/schemas/PrefixListAssociationSet' - - description: Information about the associations. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - GetManagedPrefixListEntriesResult: - type: object - properties: - entrySet: - allOf: - - $ref: '#/components/schemas/PrefixListEntrySet' - - description: Information about the prefix list entries. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - GetNetworkInsightsAccessScopeAnalysisFindingsResult: - type: object - properties: - networkInsightsAccessScopeAnalysisId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysisId' - - description: The ID of the Network Access Scope analysis. - analysisStatus: - allOf: - - $ref: '#/components/schemas/AnalysisStatus' - - description: The status of Network Access Scope Analysis. - analysisFindingSet: - allOf: - - $ref: '#/components/schemas/AccessScopeAnalysisFindingList' - - description: The findings associated with Network Access Scope Analysis. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - GetNetworkInsightsAccessScopeContentResult: - type: object - properties: - networkInsightsAccessScopeContent: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeContent' - - description: The Network Access Scope content. - GetPasswordDataResult: - type: object - properties: - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Windows instance. - passwordData: - allOf: - - $ref: '#/components/schemas/String' - - description: The password of the instance. Returns an empty string if the password is not available. - timestamp: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time the data was last updated. - GetReservedInstancesExchangeQuoteResult: - type: object - properties: - currencyCode: - allOf: - - $ref: '#/components/schemas/String' - - description: The currency of the transaction. - isValidExchange: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If true, the exchange is valid. If false, the exchange cannot be completed.' - outputReservedInstancesWillExpireAt: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The new end date of the reservation term. - paymentDue: - allOf: - - $ref: '#/components/schemas/String' - - description: The total true upfront charge for the exchange. - reservedInstanceValueRollup: - allOf: - - $ref: '#/components/schemas/ReservationValue' - - description: The cost associated with the Reserved Instance. - reservedInstanceValueSet: - allOf: - - $ref: '#/components/schemas/ReservedInstanceReservationValueSet' - - description: The configuration of your Convertible Reserved Instances. - targetConfigurationValueRollup: - allOf: - - $ref: '#/components/schemas/ReservationValue' - - description: The cost associated with the Reserved Instance. - targetConfigurationValueSet: - allOf: - - $ref: '#/components/schemas/TargetReservationValueSet' - - description: The values of the target Convertible Reserved Instances. - validationFailureReason: - allOf: - - $ref: '#/components/schemas/String' - - description: Describes the reason why the exchange cannot be completed. - description: Contains the output of GetReservedInstancesExchangeQuote. - GetSerialConsoleAccessStatusResult: - type: object - properties: - serialConsoleAccessEnabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If true, access to the EC2 serial console of all instances is enabled for your account. If false, access to the EC2 serial console of all instances is disabled for your account.' - GetSpotPlacementScoresResult: - type: object - properties: - spotPlacementScoreSet: - allOf: - - $ref: '#/components/schemas/SpotPlacementScores' - - description: '

The Spot placement score for the top 10 Regions or Availability Zones, scored on a scale from 1 to 10. Each score
 reflects how likely it is that each Region or Availability Zone will succeed at fulfilling the specified target capacity
 at the time of the Spot placement score request. A score of 10 means that your Spot capacity request is highly likely to succeed in that Region or Availability Zone.

If you request a Spot placement score for Regions, a high score assumes that your fleet request will be configured to use all Availability Zones and the capacity-optimized allocation strategy. If you request a Spot placement score for Availability Zones, a high score assumes that your fleet request will be configured to use a single Availability Zone and the capacity-optimized allocation strategy.

Different
 Regions or Availability Zones might return the same score.

The Spot placement score serves as a recommendation only. No score guarantees that your Spot request will be fully or partially fulfilled.

' - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next set of results. - ArchitectureTypeSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ArchitectureType' - - xml: - name: item - minItems: 0 - maxItems: 3 - InstanceRequirementsRequest: - type: object - required: - - VCpuCount - - MemoryMiB - properties: - undefined: - allOf: - - $ref: '#/components/schemas/MemoryMiBRequest' - - description: 'The minimum and maximum amount of memory, in MiB.' - CpuManufacturer: - allOf: - - $ref: '#/components/schemas/MemoryGiBPerVCpuRequest' - - description: '

The minimum and maximum amount of memory per vCPU, in GiB.

Default: No minimum or maximum limits

' - ExcludedInstanceType: - allOf: - - $ref: '#/components/schemas/ExcludedInstanceTypeSet' - - description: '

The instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (*), to exclude an instance family, type, size, or generation. The following are examples: m5.8xlarge, c5*.*, m5a.*, r*, *3*.

For example, if you specify c5*,Amazon EC2 will exclude the entire C5 instance family, which includes all C5a and C5n instance types. If you specify m5a.*, Amazon EC2 will exclude all the M5a instance types, but not the M5n instance types.

Default: No excluded instance types

' - InstanceGeneration: - allOf: - - $ref: '#/components/schemas/LocalStorage' - - description: '

Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, Amazon EC2 instance store in the Amazon EC2 User Guide.

Default: included

' - LocalStorageType: - allOf: - - $ref: '#/components/schemas/BaselineEbsBandwidthMbpsRequest' - - description: '

The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.

Default: No minimum or maximum limits

' - AcceleratorType: - allOf: - - $ref: '#/components/schemas/AcceleratorCountRequest' - - description: '

The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an instance.

To exclude accelerator-enabled instance types, set Max to 0.

Default: No minimum or maximum limits

' - AcceleratorManufacturer: - allOf: - - $ref: '#/components/schemas/AcceleratorManufacturerSet' - - description: '

Indicates whether instance types must have accelerators by specific manufacturers.

Default: Any manufacturer

' - AcceleratorName: - allOf: - - $ref: '#/components/schemas/AcceleratorTotalMemoryMiBRequest' - - description: '

The minimum and maximum amount of total accelerator memory, in MiB.

Default: No minimum or maximum limits

' - description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.

When you specify multiple parameters, you get instance types that satisfy all of the specified parameters. If you specify multiple values for a parameter, you get instance types that satisfy any of the specified values.

You must specify VCpuCount and MemoryMiB. All other parameters are optional. Any unspecified optional parameter is set to its default.

For more information, see Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide.

' - GetSubnetCidrReservationsResult: - type: object - properties: - subnetIpv4CidrReservationSet: - allOf: - - $ref: '#/components/schemas/SubnetCidrReservationList' - - description: Information about the IPv4 subnet CIDR reservations. - subnetIpv6CidrReservationSet: - allOf: - - $ref: '#/components/schemas/SubnetCidrReservationList' - - description: Information about the IPv6 subnet CIDR reservations. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - GetTransitGatewayAttachmentPropagationsResult: - type: object - properties: - transitGatewayAttachmentPropagations: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentPropagationList' - - description: Information about the propagation route tables. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - GetTransitGatewayMulticastDomainAssociationsResult: - type: object - properties: - multicastDomainAssociations: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDomainAssociationList' - - description: Information about the multicast domain associations. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - GetTransitGatewayPrefixListReferencesResult: - type: object - properties: - transitGatewayPrefixListReferenceSet: - allOf: - - $ref: '#/components/schemas/TransitGatewayPrefixListReferenceSet' - - description: Information about the prefix list references. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - GetTransitGatewayRouteTableAssociationsResult: - type: object - properties: - associations: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableAssociationList' - - description: Information about the associations. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - GetTransitGatewayRouteTablePropagationsResult: - type: object - properties: - transitGatewayRouteTablePropagations: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTablePropagationList' - - description: Information about the route table propagations. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - GetVpnConnectionDeviceSampleConfigurationResult: - type: object - properties: - vpnConnectionDeviceSampleConfiguration: - allOf: - - $ref: '#/components/schemas/VpnConnectionDeviceSampleConfiguration' - - description: Sample configuration file for the specified customer gateway device. - GetVpnConnectionDeviceTypesResult: - type: object - properties: - vpnConnectionDeviceTypeSet: - allOf: - - $ref: '#/components/schemas/VpnConnectionDeviceTypeList' - - description: List of customer gateway devices that have a sample configuration file available for use. - nextToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: 'The NextToken value to include in a future GetVpnConnectionDeviceTypes request. When the results of a GetVpnConnectionDeviceTypes request exceed MaxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.' - ImportClientVpnClientCertificateRevocationListResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - ImportImageResult: - type: object - properties: - architecture: - allOf: - - $ref: '#/components/schemas/String' - - description: The architecture of the virtual machine. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description of the import task. - encrypted: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the AMI is encrypted. - hypervisor: - allOf: - - $ref: '#/components/schemas/String' - - description: The target hypervisor of the import task. - imageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Machine Image (AMI) created by the import task. - importTaskId: - allOf: - - $ref: '#/components/schemas/ImportImageTaskId' - - description: The task ID of the import image task. - kmsKeyId: - allOf: - - $ref: '#/components/schemas/KmsKeyId' - - description: The identifier for the symmetric KMS key that was used to create the encrypted AMI. - licenseType: - allOf: - - $ref: '#/components/schemas/String' - - description: The license type of the virtual machine. - platform: - allOf: - - $ref: '#/components/schemas/String' - - description: The operating system of the virtual machine. - progress: - allOf: - - $ref: '#/components/schemas/String' - - description: The progress of the task. - snapshotDetailSet: - allOf: - - $ref: '#/components/schemas/SnapshotDetailList' - - description: Information about the snapshots. - status: - allOf: - - $ref: '#/components/schemas/String' - - description: A brief status of the task. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: A detailed status message of the import task. - licenseSpecifications: - allOf: - - $ref: '#/components/schemas/ImportImageLicenseSpecificationListResponse' - - description: The ARNs of the license configurations. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the import image task. - usageOperation: - allOf: - - $ref: '#/components/schemas/String' - - description: The usage operation value. - ImageDiskContainer: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/UserBucket' - - description: The S3 bucket for the disk image. - description: Describes the disk container object for an import image task. - ImportImageLicenseConfigurationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The ARN of a license configuration. - description: The request information of license configurations. - ImportInstanceResult: - type: object - properties: - conversionTask: - allOf: - - $ref: '#/components/schemas/ConversionTask' - - description: Information about the conversion task. - DiskImage: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VolumeDetail' - - description: Information about the volume. - description: Describes a disk image. - ArchitectureValues: - type: string - enum: - - i386 - - x86_64 - - arm64 - - x86_64_mac - SecurityGroupStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupName' - - xml: - name: SecurityGroup - ShutdownBehavior: - type: string - enum: - - stop - - terminate - Placement: - type: object - properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The Availability Zone of the instance.

If not specified, an Availability Zone will be automatically chosen for you based on the load balancing criteria for the Region.

This parameter is not supported by CreateFleet.

' - affinity: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The affinity setting for the instance on the Dedicated Host. This parameter is not supported for the ImportInstance command.

This parameter is not supported by CreateFleet.

' - groupName: - allOf: - - $ref: '#/components/schemas/PlacementGroupName' - - description: The name of the placement group the instance is in. - partitionNumber: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The number of the partition that the instance is in. Valid only if the placement group strategy is set to partition.

This parameter is not supported by CreateFleet.

' - hostId: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The ID of the Dedicated Host on which the instance resides. This parameter is not supported for the ImportInstance command.

This parameter is not supported by CreateFleet.

' - tenancy: - allOf: - - $ref: '#/components/schemas/Tenancy' - - description: '

The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the ImportInstance command.

This parameter is not supported by CreateFleet.

T3 instances that use the unlimited CPU credit option do not support host tenancy.

' - spreadDomain: - allOf: - - $ref: '#/components/schemas/String' - - description: '

Reserved for future use.

This parameter is not supported by CreateFleet.

' - hostResourceGroupArn: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The ARN of the host resource group in which to launch the instances. If you specify a host resource group ARN, omit the Tenancy parameter or set it to host.

This parameter is not supported by CreateFleet.

' - description: Describes the placement of an instance. - UserData: - type: object - properties: - data: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The user data. If you are using an Amazon Web Services SDK or command line tool, Base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide Base64-encoded text.' - description: Describes the user data for an instance. - ImportKeyPairResult: - type: object - properties: - keyFingerprint: - allOf: - - $ref: '#/components/schemas/String' - - description: '' - keyName: - allOf: - - $ref: '#/components/schemas/String' - - description: The key pair name that you provided. - keyPairId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resulting key pair. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags applied to the imported key pair. - ImportSnapshotResult: - type: object - properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description of the import snapshot task. - importTaskId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the import snapshot task. - snapshotTaskDetail: - allOf: - - $ref: '#/components/schemas/SnapshotTaskDetail' - - description: Information about the import snapshot task. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the import snapshot task. - UserBucket: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The file name of the disk image. - description: Describes the Amazon S3 bucket for the disk image. - ImportVolumeResult: - type: object - properties: - conversionTask: - allOf: - - $ref: '#/components/schemas/ConversionTask' - - description: Information about the conversion task. - ListImagesInRecycleBinResult: - type: object - properties: - imageSet: - allOf: - - $ref: '#/components/schemas/ImageRecycleBinInfoList' - - description: Information about the AMIs. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - ListSnapshotsInRecycleBinResult: - type: object - properties: - snapshotSet: - allOf: - - $ref: '#/components/schemas/SnapshotRecycleBinInfoList' - - description: Information about the snapshots. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - ModifyAddressAttributeResult: - type: object - properties: - address: - allOf: - - $ref: '#/components/schemas/AddressAttribute' - - description: Information about the Elastic IP address. - ModifyAvailabilityZoneGroupResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Is true if the request succeeds, and an error otherwise.' - ModifyCapacityReservationResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - ModifyCapacityReservationFleetResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - ModifyClientVpnEndpointResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - ModifyDefaultCreditSpecificationResult: - type: object - properties: - instanceFamilyCreditSpecification: - allOf: - - $ref: '#/components/schemas/InstanceFamilyCreditSpecification' - - description: The default credit option for CPU usage of the instance family. - ModifyEbsDefaultKmsKeyIdResult: - type: object - properties: - kmsKeyId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the default KMS key for encryption by default. - ModifyFleetResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If the request succeeds, the response returns true. If the request fails, no response is returned, and instead an error message is returned.' - ModifyFpgaImageAttributeResult: - type: object - properties: - fpgaImageAttribute: - allOf: - - $ref: '#/components/schemas/FpgaImageAttribute' - - description: Information about the attribute. - LoadPermissionListRequest: - type: array - items: - allOf: - - $ref: '#/components/schemas/LoadPermissionRequest' - - xml: - name: item - ModifyHostsResult: - type: object - properties: - successful: - allOf: - - $ref: '#/components/schemas/ResponseHostIdList' - - description: The IDs of the Dedicated Hosts that were successfully modified. - unsuccessful: - allOf: - - $ref: '#/components/schemas/UnsuccessfulItemList' - - description: The IDs of the Dedicated Hosts that could not be modified. Check whether the setting you requested can be used. - LaunchPermissionList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchPermission' - - xml: - name: item - InstanceBlockDeviceMappingSpecification: - type: object - properties: - deviceName: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The device name (for example, /dev/sdh or xvdh).' - ebs: - allOf: - - $ref: '#/components/schemas/EbsInstanceBlockDeviceSpecification' - - description: Parameters used to automatically set up EBS volumes when the instance is launched. - noDevice: - allOf: - - $ref: '#/components/schemas/String' - - description: suppress the specified device included in the block device mapping. - virtualName: - allOf: - - $ref: '#/components/schemas/String' - - description: The virtual device name. - description: Describes a block device mapping entry. - Blob: - type: string - ModifyInstanceCapacityReservationAttributesResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - CapacityReservationTarget: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The ARN of the Capacity Reservation resource group in which to run the instance. - description: Describes a target Capacity Reservation or Capacity Reservation group. - ModifyInstanceCreditSpecificationResult: - type: object - properties: - successfulInstanceCreditSpecificationSet: - allOf: - - $ref: '#/components/schemas/SuccessfulInstanceCreditSpecificationSet' - - description: Information about the instances whose credit option for CPU usage was successfully modified. - unsuccessfulInstanceCreditSpecificationSet: - allOf: - - $ref: '#/components/schemas/UnsuccessfulInstanceCreditSpecificationSet' - - description: Information about the instances whose credit option for CPU usage was not modified. - InstanceCreditSpecificationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description:

The credit option for CPU usage of the instance. Valid values are standard and unlimited.

T3 instances with host tenancy do not support the unlimited CPU credit option.

- description: Describes the credit option for CPU usage of a burstable performance instance. - ModifyInstanceEventStartTimeResult: - type: object - properties: - event: - $ref: '#/components/schemas/InstanceStatusEvent' - ModifyInstanceEventWindowResult: - type: object - properties: - instanceEventWindow: - allOf: - - $ref: '#/components/schemas/InstanceEventWindow' - - description: Information about the event window. - ModifyInstanceMaintenanceOptionsResult: - type: object - properties: - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - autoRecovery: - allOf: - - $ref: '#/components/schemas/InstanceAutoRecoveryState' - - description: Provides information on the current automatic recovery behavior of your instance. - ModifyInstanceMetadataOptionsResult: - type: object - properties: - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - instanceMetadataOptions: - allOf: - - $ref: '#/components/schemas/InstanceMetadataOptionsResponse' - - description: The metadata options for the instance. - ModifyInstancePlacementResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Is true if the request succeeds, and an error otherwise.' - ModifyIpamResult: - type: object - properties: - ipam: - allOf: - - $ref: '#/components/schemas/Ipam' - - description: The results of the modification. - RemoveIpamOperatingRegion: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the operating Region you want to remove. - description: '

Remove an operating Region from an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide

' - ModifyIpamPoolResult: - type: object - properties: - ipamPool: - allOf: - - $ref: '#/components/schemas/IpamPool' - - description: The results of the modification. - ModifyIpamResourceCidrResult: - type: object - properties: - ipamResourceCidr: - $ref: '#/components/schemas/IpamResourceCidr' - ModifyIpamScopeResult: - type: object - properties: - ipamScope: - allOf: - - $ref: '#/components/schemas/IpamScope' - - description: The results of the modification. - ModifyLaunchTemplateResult: - type: object - example: - LaunchTemplate: - CreateTime: '2017-12-01T13:35:46.000Z' - CreatedBy: 'arn:aws:iam::123456789012:root' - DefaultVersionNumber: 2 - LatestVersionNumber: 2 - LaunchTemplateId: lt-0abcd290751193123 - LaunchTemplateName: WebServers - properties: - launchTemplate: - allOf: - - $ref: '#/components/schemas/LaunchTemplate' - - description: Information about the launch template. - ModifyManagedPrefixListResult: - type: object - properties: - prefixList: - allOf: - - $ref: '#/components/schemas/ManagedPrefixList' - - description: Information about the prefix list. - RemovePrefixListEntry: - type: object - required: - - Cidr - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The CIDR block. - description: An entry for a prefix list. - NetworkInterfaceAttachmentId: - type: string - ModifyPrivateDnsNameOptionsResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - ModifyReservedInstancesResult: - type: object - properties: - reservedInstancesModificationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID for the modification. - description: Contains the output of ModifyReservedInstances. - ReservedInstancesConfiguration: - type: object - properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone for the modified Reserved Instances. - instanceCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description:

The number of modified Reserved Instances.

This is a required field for a request.

 - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: The instance type for the modified Reserved Instances. - platform: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The network platform of the modified Reserved Instances, which is either EC2-Classic or EC2-VPC.' - scope: - allOf: - - $ref: '#/components/schemas/scope' - - description: Whether the Reserved Instance is applied to instances in a Region or instances in a specific Availability Zone. - description: Describes the configuration settings for the modified Reserved Instances. - ModifySecurityGroupRulesResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, returns an error.' - SecurityGroupRuleUpdate: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/SecurityGroupRuleRequest' - - description: Information about the security group rule. - description: Describes an update to a security group rule. - CreateVolumePermissionList: - type: array - items: - allOf: - - $ref: '#/components/schemas/CreateVolumePermission' - - xml: - name: item - ModifySnapshotTierResult: - type: object - properties: - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the snapshot. - tieringStartTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time when the archive process was started. - ModifySpotFleetRequestResponse: - type: object - example: - Return: true - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If the request succeeds, the response returns true. If the request fails, no response is returned, and instead an error message is returned.' - description: Contains the output of ModifySpotFleetRequest. - LaunchTemplateConfig: - type: object - properties: - launchTemplateSpecification: - allOf: - - $ref: '#/components/schemas/FleetLaunchTemplateSpecification' - - description: The launch template. - overrides: - allOf: - - $ref: '#/components/schemas/LaunchTemplateOverridesList' - - description: Any parameters that you specify override the same parameters in the launch template. - description: Describes a launch template and overrides. - ModifyTrafficMirrorFilterNetworkServicesResult: - type: object - properties: - trafficMirrorFilter: - allOf: - - $ref: '#/components/schemas/TrafficMirrorFilter' - - description: The Traffic Mirror filter that the network service is associated with. - TrafficMirrorNetworkService: - type: string - enum: - - amazon-dns - ModifyTrafficMirrorFilterRuleResult: - type: object - properties: - trafficMirrorFilterRule: - allOf: - - $ref: '#/components/schemas/TrafficMirrorFilterRule' - - description: Modifies a Traffic Mirror rule. - TrafficMirrorFilterRuleField: - type: string - enum: - - destination-port-range - - source-port-range - - protocol - - description - ModifyTrafficMirrorSessionResult: - type: object - properties: - trafficMirrorSession: - allOf: - - $ref: '#/components/schemas/TrafficMirrorSession' - - description: Information about the Traffic Mirror session. - TrafficMirrorSessionField: - type: string - enum: - - packet-length - - description - - virtual-network-id - ModifyTransitGatewayResult: - type: object - properties: - transitGateway: - $ref: '#/components/schemas/TransitGateway' - ModifyTransitGatewayPrefixListReferenceResult: - type: object - properties: - transitGatewayPrefixListReference: - allOf: - - $ref: '#/components/schemas/TransitGatewayPrefixListReference' - - description: Information about the prefix list reference. - ModifyTransitGatewayVpcAttachmentResult: - type: object - properties: - transitGatewayVpcAttachment: - allOf: - - $ref: '#/components/schemas/TransitGatewayVpcAttachment' - - description: Information about the modified attachment. - ModifyVolumeResult: - type: object - properties: - volumeModification: - allOf: - - $ref: '#/components/schemas/VolumeModification' - - description: Information about the volume modification. - ModifyVpcEndpointResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - ModifyVpcEndpointConnectionNotificationResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - ModifyVpcEndpointServiceConfigurationResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - ModifyVpcEndpointServicePayerResponsibilityResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - ModifyVpcEndpointServicePermissionsResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - ModifyVpcPeeringConnectionOptionsResult: - type: object - properties: - accepterPeeringConnectionOptions: - allOf: - - $ref: '#/components/schemas/PeeringConnectionOptions' - - description: Information about the VPC peering connection options for the accepter VPC. - requesterPeeringConnectionOptions: - allOf: - - $ref: '#/components/schemas/PeeringConnectionOptions' - - description: Information about the VPC peering connection options for the requester VPC. - ModifyVpcTenancyResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, returns an error.' - ModifyVpnConnectionResult: - type: object - properties: - vpnConnection: - $ref: '#/components/schemas/VpnConnection' - ModifyVpnConnectionOptionsResult: - type: object - properties: - vpnConnection: - $ref: '#/components/schemas/VpnConnection' - ModifyVpnTunnelCertificateResult: - type: object - properties: - vpnConnection: - $ref: '#/components/schemas/VpnConnection' - ModifyVpnTunnelOptionsResult: - type: object - properties: - vpnConnection: - $ref: '#/components/schemas/VpnConnection' - Phase1EncryptionAlgorithmsRequestList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Phase1EncryptionAlgorithmsRequestListValue' - - xml: - name: item - Phase2EncryptionAlgorithmsRequestList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Phase2EncryptionAlgorithmsRequestListValue' - - xml: - name: item - Phase1IntegrityAlgorithmsRequestList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Phase1IntegrityAlgorithmsRequestListValue' - - xml: - name: item - Phase2IntegrityAlgorithmsRequestList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Phase2IntegrityAlgorithmsRequestListValue' - - xml: - name: item - Phase1DHGroupNumbersRequestList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Phase1DHGroupNumbersRequestListValue' - - xml: - name: item - Phase2DHGroupNumbersRequestList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Phase2DHGroupNumbersRequestListValue' - - xml: - name: item - MonitorInstancesResult: - type: object - properties: - instancesSet: - allOf: - - $ref: '#/components/schemas/InstanceMonitoringList' - - description: The monitoring information. - MoveAddressToVpcResult: - type: object - example: - Status: MoveInProgress - properties: - allocationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The allocation ID for the Elastic IP address. - status: - allOf: - - $ref: '#/components/schemas/Status' - - description: The status of the move of the IP address. - MoveByoipCidrToIpamResult: - type: object - properties: - byoipCidr: - $ref: '#/components/schemas/ByoipCidr' - ProvisionByoipCidrResult: - type: object - properties: - byoipCidr: - allOf: - - $ref: '#/components/schemas/ByoipCidr' - - description: Information about the address range. - ProvisionIpamPoolCidrResult: - type: object - properties: - ipamPoolCidr: - allOf: - - $ref: '#/components/schemas/IpamPoolCidr' - - description: Information about the provisioned CIDR. - ProvisionPublicIpv4PoolCidrResult: - type: object - properties: - poolId: - allOf: - - $ref: '#/components/schemas/Ipv4PoolEc2Id' - - description: The ID of the pool that you want to provision the CIDR to. - poolAddressRange: - $ref: '#/components/schemas/PublicIpv4PoolRange' - PurchaseHostReservationResult: - type: object - properties: - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' - currencyCode: - allOf: - - $ref: '#/components/schemas/CurrencyCodeValues' - - description: 'The currency in which the totalUpfrontPrice and totalHourlyPrice amounts are specified. At this time, the only supported currency is USD.' - purchase: - allOf: - - $ref: '#/components/schemas/PurchaseSet' - - description: Describes the details of the purchase. - totalHourlyPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The total hourly price of the reservation calculated per hour. - totalUpfrontPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The total amount charged to your account when you purchase the reservation. - PurchaseReservedInstancesOfferingResult: - type: object - properties: - reservedInstancesId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IDs of the purchased Reserved Instances. If your purchase crosses into a discounted pricing tier, the final Reserved Instances IDs might change. For more information, see Crossing pricing tiers in the Amazon Elastic Compute Cloud User Guide.' - description: Contains the output of PurchaseReservedInstancesOffering. - Double: - type: number - format: double - CurrencyCodeValues: - type: string - enum: - - USD - PurchaseScheduledInstancesResult: - type: object - example: - ScheduledInstanceSet: - - AvailabilityZone: us-west-2b - CreateDate: '2016-01-25T21:43:38.612Z' - HourlyPrice: '0.095' - InstanceCount: 1 - InstanceType: c4.large - NetworkPlatform: EC2-VPC - NextSlotStartTime: '2016-01-31T09:00:00Z' - Platform: Linux/UNIX - Recurrence: - Frequency: Weekly - Interval: 1 - OccurrenceDaySet: - - 1 - OccurrenceRelativeToEnd: false - OccurrenceUnit: '' - ScheduledInstanceId: sci-1234-1234-1234-1234-123456789012 - SlotDurationInHours: 32 - TermEndDate: '2017-01-31T09:00:00Z' - TermStartDate: '2016-01-31T09:00:00Z' - TotalScheduledInstanceHours: 1696 - properties: - scheduledInstanceSet: - allOf: - - $ref: '#/components/schemas/PurchasedScheduledInstanceSet' - - description: Information about the Scheduled Instances. - description: Contains the output of PurchaseScheduledInstances. - PurchaseRequest: - type: object - required: - - InstanceCount - - PurchaseToken - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The purchase token. - description: Describes a request to purchase Scheduled Instances. - RegisterImageResult: - type: object - properties: - imageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the newly registered AMI. - description: Contains the output of RegisterImage. - RegisterInstanceEventNotificationAttributesResult: - type: object - properties: - instanceTagAttribute: - allOf: - - $ref: '#/components/schemas/InstanceTagNotificationAttribute' - - description: The resulting set of tag keys. - RegisterTransitGatewayMulticastGroupMembersResult: - type: object - properties: - registeredMulticastGroupMembers: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastRegisteredGroupMembers' - - description: Information about the registered transit gateway multicast group members. - RegisterTransitGatewayMulticastGroupSourcesResult: - type: object - properties: - registeredMulticastGroupSources: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastRegisteredGroupSources' - - description: Information about the transit gateway multicast group sources. - RejectTransitGatewayMulticastDomainAssociationsResult: - type: object - properties: - associations: - $ref: '#/components/schemas/TransitGatewayMulticastDomainAssociations' - RejectTransitGatewayPeeringAttachmentResult: - type: object - properties: - transitGatewayPeeringAttachment: - allOf: - - $ref: '#/components/schemas/TransitGatewayPeeringAttachment' - - description: The transit gateway peering attachment. - RejectTransitGatewayVpcAttachmentResult: - type: object - properties: - transitGatewayVpcAttachment: - allOf: - - $ref: '#/components/schemas/TransitGatewayVpcAttachment' - - description: Information about the attachment. - RejectVpcEndpointConnectionsResult: - type: object - properties: - unsuccessful: - allOf: - - $ref: '#/components/schemas/UnsuccessfulItemSet' - - description: 'Information about the endpoints that were not rejected, if applicable.' - RejectVpcPeeringConnectionResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - ReleaseHostsResult: - type: object - properties: - successful: - allOf: - - $ref: '#/components/schemas/ResponseHostIdList' - - description: The IDs of the Dedicated Hosts that were successfully released. - unsuccessful: - allOf: - - $ref: '#/components/schemas/UnsuccessfulItemList' - - description: 'The IDs of the Dedicated Hosts that could not be released, including an error message.' - ReleaseIpamPoolAllocationResult: - type: object - properties: - success: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates if the release was successful. - ReplaceIamInstanceProfileAssociationResult: - type: object - properties: - iamInstanceProfileAssociation: - allOf: - - $ref: '#/components/schemas/IamInstanceProfileAssociation' - - description: Information about the IAM instance profile association. - ReplaceNetworkAclAssociationResult: - type: object - example: - NewAssociationId: aclassoc-3999875b - properties: - newAssociationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the new association. - ReplaceRouteTableAssociationResult: - type: object - example: - NewAssociationId: rtbassoc-3a1f0f58 - properties: - newAssociationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the new association. - associationState: - allOf: - - $ref: '#/components/schemas/RouteTableAssociationState' - - description: The state of the association. - ReplaceTransitGatewayRouteResult: - type: object - properties: - route: - allOf: - - $ref: '#/components/schemas/TransitGatewayRoute' - - description: Information about the modified route. - ReportInstanceReasonCodes: - type: string - enum: - - instance-stuck-in-state - - unresponsive - - not-accepting-credentials - - password-not-available - - performance-network - - performance-instance-store - - performance-ebs-volume - - performance-other - - other - RequestSpotFleetResponse: - type: object - example: - SpotFleetRequestId: sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE - properties: - spotFleetRequestId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Spot Fleet request. - description: Contains the output of RequestSpotFleet. - AllocationStrategy: - type: string - enum: - - lowestPrice - - diversified - - capacityOptimized - - capacityOptimizedPrioritized - OnDemandAllocationStrategy: - type: string - enum: - - lowestPrice - - prioritized - SpotMaintenanceStrategies: - type: object - properties: - capacityRebalance: - allOf: - - $ref: '#/components/schemas/SpotCapacityRebalance' - - description: 'The Spot Instance replacement strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. For more information, see Capacity rebalancing in the Amazon EC2 User Guide for Linux Instances.' - description: The strategies for managing your Spot Instances that are at an elevated risk of being interrupted. - ExcessCapacityTerminationPolicy: - type: string - enum: - - noTermination - - default - LaunchSpecsList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SpotFleetLaunchSpecification' - - xml: - name: item - LaunchTemplateConfigList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateConfig' - - xml: - name: item - FleetType: - type: string - enum: - - request - - maintain - - instant - InstanceInterruptionBehavior: - type: string - enum: - - hibernate - - stop - - terminate - LoadBalancersConfig: - type: object - properties: - classicLoadBalancersConfig: - allOf: - - $ref: '#/components/schemas/ClassicLoadBalancersConfig' - - description: The Classic Load Balancers. - targetGroupsConfig: - allOf: - - $ref: '#/components/schemas/TargetGroupsConfig' - - description: The target groups. - description: Describes the Classic Load Balancers and target groups to attach to a Spot Fleet request. - TagSpecificationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagSpecification' - - xml: - name: item - RequestSpotInstancesResult: - type: object - properties: - spotInstanceRequestSet: - allOf: - - $ref: '#/components/schemas/SpotInstanceRequestList' - - description: One or more Spot Instance requests. - description: Contains the output of RequestSpotInstances. - RequestSpotLaunchSpecificationSecurityGroupIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: item - RequestSpotLaunchSpecificationSecurityGroupList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - BlockDeviceMappingList: - type: array - items: - allOf: - - $ref: '#/components/schemas/BlockDeviceMapping' - - xml: - name: item - IamInstanceProfileSpecification: - type: object - properties: - arn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the instance profile. - name: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the instance profile. - description: Describes an IAM instance profile. - KernelId: - type: string - RunInstancesMonitoringEnabled: - type: object - required: - - Enabled - properties: - enabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Indicates whether detailed monitoring is enabled. Otherwise, basic monitoring is enabled.' - description: Describes the monitoring of an instance. - InstanceNetworkInterfaceSpecificationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceNetworkInterfaceSpecification' - - xml: - name: item - SpotPlacement: - type: object - properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The Availability Zone.

[Spot Fleet only] To specify multiple Availability Zones, separate them using commas; for example, "us-west-2a, us-west-2b".

' - groupName: - allOf: - - $ref: '#/components/schemas/PlacementGroupName' - - description: The name of the placement group. - tenancy: - allOf: - - $ref: '#/components/schemas/Tenancy' - - description: The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for Spot Instances. - description: Describes Spot Instance placement. - RamdiskId: - type: string - ResetAddressAttributeResult: - type: object - properties: - address: - allOf: - - $ref: '#/components/schemas/AddressAttribute' - - description: Information about the IP address. - ResetEbsDefaultKmsKeyIdResult: - type: object - properties: - kmsKeyId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the default KMS key for EBS encryption by default. - ResetFpgaImageAttributeResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Is true if the request succeeds, and an error otherwise.' - RestoreAddressToClassicResult: - type: object - example: - PublicIp: 198.51.100.0 - Status: MoveInProgress - properties: - publicIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The Elastic IP address. - status: - allOf: - - $ref: '#/components/schemas/Status' - - description: The move status for the IP address. - RestoreImageFromRecycleBinResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - RestoreManagedPrefixListVersionResult: - type: object - properties: - prefixList: - allOf: - - $ref: '#/components/schemas/ManagedPrefixList' - - description: Information about the prefix list. - RestoreSnapshotFromRecycleBinResult: - type: object - properties: - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the snapshot. - outpostArn: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ARN of the Outpost on which the snapshot is stored. For more information, see Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.' - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description for the snapshot. - encrypted: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the snapshot is encrypted. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the EBS snapshot. - progress: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The progress of the snapshot, as a percentage.' - startTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time stamp when the snapshot was initiated. - status: - allOf: - - $ref: '#/components/schemas/SnapshotState' - - description: The state of the snapshot. - volumeId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the volume that was used to create the snapshot. - volumeSize: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The size of the volume, in GiB.' - RestoreSnapshotTierResult: - type: object - properties: - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the snapshot. - restoreStartTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time when the snapshot restore process started. - restoreDuration: - allOf: - - $ref: '#/components/schemas/Integer' - - description: For temporary restores only. The number of days for which the archived snapshot is temporarily restored. - isPermanentRestore: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the snapshot is permanently restored. true indicates a permanent restore. false indicates a temporary restore. - RevokeClientVpnIngressResult: - type: object - properties: - status: - allOf: - - $ref: '#/components/schemas/ClientVpnAuthorizationRuleStatus' - - description: The current state of the authorization rule. - RevokeSecurityGroupEgressResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, returns an error.' - unknownIpPermissionSet: - allOf: - - $ref: '#/components/schemas/IpPermissionList' - - description: 'The outbound rules that were unknown to the service. In some cases, unknownIpPermissionSet might be in a different format from the request parameter. ' - RevokeSecurityGroupIngressResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, returns an error.' - unknownIpPermissionSet: - allOf: - - $ref: '#/components/schemas/IpPermissionList' - - description: 'The inbound rules that were unknown to the service. In some cases, unknownIpPermissionSet might be in a different format from the request parameter. ' - Reservation: - type: object - example: {} - properties: - groupSet: - allOf: - - $ref: '#/components/schemas/GroupIdentifierList' - - description: '[EC2-Classic only] The security groups.' - instancesSet: - allOf: - - $ref: '#/components/schemas/InstanceList' - - description: The instances. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the reservation. - requesterId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ID of the requester that launched the instances on your behalf (for example, Amazon Web Services Management Console or Auto Scaling).' - reservationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the reservation. - description: 'Describes a launch request for one or more instances, and includes owner, requester, and security group information that applies to all instances in the launch request.' - Tenancy: - type: string - enum: - - default - - dedicated - - host - InstanceNetworkInterfaceSpecification: - type: object - properties: - associatePublicIpAddress: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Indicates whether to assign a public IPv4 address to an instance you launch in a VPC. The public IP address can only be assigned to a network interface for eth0, and can only be assigned to a new network interface, not an existing one. You cannot specify more than one network interface in the request. If launching into a default subnet, the default value is true.' - deleteOnTermination: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If set to true, the interface is deleted when the instance is terminated. You can specify true only if creating a new network interface when launching an instance.' - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the network interface. Applies only if creating a network interface when launching an instance. - deviceIndex: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The position of the network interface in the attachment order. A primary network interface has a device index of 0.

If you specify a network interface when launching an instance, you must specify the device index.

' - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/SecurityGroupIdStringList' - - description: The IDs of the security groups for the network interface. Applies only if creating a network interface when launching an instance. - ipv6AddressCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: A number of IPv6 addresses to assign to the network interface. Amazon EC2 chooses the IPv6 addresses from the range of the subnet. You cannot specify this option and the option to assign specific IPv6 addresses in the same request. You can specify this option if you've specified a minimum number of instances to launch. - ipv6AddressesSet: - allOf: - - $ref: '#/components/schemas/InstanceIpv6AddressList' - - description: One or more IPv6 addresses to assign to the network interface. You cannot specify this option and the option to assign a number of IPv6 addresses in the same request. You cannot specify this option if you've specified a minimum number of instances to launch. - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - description: '

The ID of the network interface.

If you are creating a Spot Fleet, omit this parameter because you can’t specify a network interface ID in a launch specification.

' - privateIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The private IPv4 address of the network interface. Applies only if creating a network interface when launching an instance. You cannot specify this option if you''re launching more than one instance in a RunInstances request.' - privateIpAddressesSet: - allOf: - - $ref: '#/components/schemas/PrivateIpAddressSpecificationList' - - description: 'One or more private IPv4 addresses to assign to the network interface. Only one private IPv4 address can be designated as primary. You cannot specify this option if you''re launching more than one instance in a RunInstances request.' - secondaryPrivateIpAddressCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The number of secondary private IPv4 addresses. You can''t specify this option and specify more than one private IP address using the private IP addresses option. You cannot specify this option if you''re launching more than one instance in a RunInstances request.' - subnetId: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0.

If you are using RequestSpotInstances to create Spot Instances, omit this parameter because you can’t specify the network card index when using this API. To specify the network card index, use RunInstances.

' - Ipv4Prefix: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of IPv4 delegated prefixes to be automatically assigned to the network interface. You cannot use this option if you use the Ipv4Prefix option. - Ipv6Prefix: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of IPv6 delegated prefixes to be automatically assigned to the network interface. You cannot use this option if you use the Ipv6Prefix option. - description: Describes a network interface. - ElasticGpuSpecification: - type: object - required: - - Type - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The type of Elastic Graphics accelerator. For more information about the values to specify for Type, see Elastic Graphics Basics, specifically the Elastic Graphics accelerator column, in the Amazon Elastic Compute Cloud User Guide for Windows Instances.' - description: A specification for an Elastic Graphics accelerator. - ElasticInferenceAccelerator: - type: object - required: - - Type - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ElasticInferenceAcceleratorCount' - - description: '

The number of elastic inference accelerators to attach to the instance.

Default: 1

' - description: ' Describes an elastic inference accelerator. ' - SpotMarketOptions: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceInterruptionBehavior' - - description: The behavior when a Spot Instance is interrupted. The default is terminate. - description: The options for Spot Instances. - LicenseConfigurationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the license configuration. - description: Describes a license configuration. - InstanceMetadataTagsState: - type: string - enum: - - disabled - - enabled - InstanceAutoRecoveryState: - type: string - enum: - - disabled - - default - RunScheduledInstancesResult: - type: object - example: - InstanceIdSet: - - i-1234567890abcdef0 - properties: - instanceIdSet: - allOf: - - $ref: '#/components/schemas/InstanceIdSet' - - description: The IDs of the newly launched instances. - description: Contains the output of RunScheduledInstances. - ScheduledInstancesMonitoring: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether monitoring is enabled. - description: Describes whether monitoring is enabled for a Scheduled Instance. - SearchLocalGatewayRoutesResult: - type: object - properties: - routeSet: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteList' - - description: Information about the routes. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - SearchTransitGatewayMulticastGroupsResult: - type: object - properties: - multicastGroups: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastGroupList' - - description: Information about the transit gateway multicast group. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. - SearchTransitGatewayRoutesResult: - type: object - properties: - routeSet: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteList' - - description: Information about the routes. - additionalRoutesAvailable: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether there are additional routes available. - StartInstancesResult: - type: object - example: - StartingInstances: - - CurrentState: - Code: 0 - Name: pending - InstanceId: i-1234567890abcdef0 - PreviousState: - Code: 80 - Name: stopped - properties: - instancesSet: - allOf: - - $ref: '#/components/schemas/InstanceStateChangeList' - - description: Information about the started instances. - StartNetworkInsightsAccessScopeAnalysisResult: - type: object - properties: - networkInsightsAccessScopeAnalysis: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysis' - - description: The Network Access Scope analysis. - StartNetworkInsightsAnalysisResult: - type: object - properties: - networkInsightsAnalysis: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAnalysis' - - description: Information about the network insights analysis. - ResourceArn: - type: string - minLength: 1 - maxLength: 1283 - StartVpcEndpointServicePrivateDnsVerificationResult: - type: object - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, it returns an error.' - StopInstancesResult: - type: object - example: - StoppingInstances: - - CurrentState: - Code: 64 - Name: stopping - InstanceId: i-1234567890abcdef0 - PreviousState: - Code: 16 - Name: running - properties: - instancesSet: - allOf: - - $ref: '#/components/schemas/InstanceStateChangeList' - - description: Information about the stopped instances. - TerminateClientVpnConnectionsResult: - type: object - properties: - clientVpnEndpointId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Client VPN endpoint. - username: - allOf: - - $ref: '#/components/schemas/String' - - description: The user who established the terminated client connections. - connectionStatuses: - allOf: - - $ref: '#/components/schemas/TerminateConnectionStatusSet' - - description: The current state of the client connections. - TerminateInstancesResult: - type: object - example: - TerminatingInstances: - - CurrentState: - Code: 32 - Name: shutting-down - InstanceId: i-1234567890abcdef0 - PreviousState: - Code: 16 - Name: running - properties: - instancesSet: - allOf: - - $ref: '#/components/schemas/InstanceStateChangeList' - - description: Information about the terminated instances. - UnassignIpv6AddressesResult: - type: object - properties: - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network interface. - unassignedIpv6Addresses: - allOf: - - $ref: '#/components/schemas/Ipv6AddressList' - - description: The IPv6 addresses that have been unassigned from the network interface. - unassignedIpv6PrefixSet: - allOf: - - $ref: '#/components/schemas/IpPrefixList' - - description: The IPv4 prefixes that have been unassigned from the network interface. - UnmonitorInstancesResult: - type: object - properties: - instancesSet: - allOf: - - $ref: '#/components/schemas/InstanceMonitoringList' - - description: The monitoring information. - UpdateSecurityGroupRuleDescriptionsEgressResult: - type: object - example: {} - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, returns an error.' - SecurityGroupRuleDescription: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the security group rule. - description:

Describes the description of a security group rule.

You can use this when you want to update the security group rule description for either an inbound or outbound rule.

- UpdateSecurityGroupRuleDescriptionsIngressResult: - type: object - example: {} - properties: - return: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Returns true if the request succeeds; otherwise, returns an error.' - WithdrawByoipCidrResult: - type: object - properties: - byoipCidr: - allOf: - - $ref: '#/components/schemas/ByoipCidr' - - description: Information about the address pool. - AcceleratorCount: - type: object - properties: - min: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The minimum number of accelerators. If this parameter is not specified, there is no minimum limit.' - max: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum number of accelerators. If this parameter is not specified, there is no maximum limit.' - description: 'The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an instance.' - AcceleratorManufacturer: - type: string - enum: - - nvidia - - amd - - amazon-web-services - - xilinx - AcceleratorName: - type: string - enum: - - a100 - - v100 - - k80 - - t4 - - m60 - - radeon-pro-v520 - - vu9p - AcceleratorNameSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/AcceleratorName' - - xml: - name: item - AcceleratorTotalMemoryMiB: - type: object - properties: - min: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The minimum amount of accelerator memory, in MiB. If this parameter is not specified, there is no minimum limit.' - max: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum amount of accelerator memory, in MiB. If this parameter is not specified, there is no maximum limit.' - description: 'The minimum and maximum amount of total accelerator memory, in MiB.' - AcceleratorType: - type: string - enum: - - gpu - - fpga - - inference - AcceleratorTypeSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/AcceleratorType' - - xml: - name: item - ReservedInstanceIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservationId' - - xml: - name: ReservedInstanceId - TargetConfigurationRequestSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/TargetConfigurationRequest' - - xml: - name: TargetConfigurationRequest - AcceptReservedInstancesExchangeQuoteRequest: - type: object - required: - - ReservedInstanceIds - title: AcceptReservedInstancesExchangeQuoteRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ReservedInstanceId: - allOf: - - $ref: '#/components/schemas/ReservedInstanceIdSet' - - description: The IDs of the Convertible Reserved Instances to exchange for another Convertible Reserved Instance of the same or higher value. - TargetConfiguration: - allOf: - - $ref: '#/components/schemas/TargetConfigurationRequestSet' - - description: The configuration of the target Convertible Reserved Instance to exchange for your current Convertible Reserved Instances. - description: Contains the parameters for accepting the quote. - AcceptTransitGatewayMulticastDomainAssociationsRequest: - type: object - title: AcceptTransitGatewayMulticastDomainAssociationsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayMulticastDomainAssociations: - type: object - properties: - transitGatewayMulticastDomainId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway multicast domain. - transitGatewayAttachmentId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway attachment. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource. - resourceType: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' - - description: 'The type of resource, for example a VPC attachment.' - resourceOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: ' The ID of the Amazon Web Services account that owns the resource.' - subnets: - allOf: - - $ref: '#/components/schemas/SubnetAssociationList' - - description: The subnets associated with the multicast domain. - description: Describes the multicast domain associations. - AcceptTransitGatewayPeeringAttachmentRequest: - type: object - required: - - TransitGatewayAttachmentId - title: AcceptTransitGatewayPeeringAttachmentRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayPeeringAttachment: - type: object - properties: - transitGatewayAttachmentId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway peering attachment. - requesterTgwInfo: - allOf: - - $ref: '#/components/schemas/PeeringTgwInfo' - - description: Information about the requester transit gateway. - accepterTgwInfo: - allOf: - - $ref: '#/components/schemas/PeeringTgwInfo' - - description: Information about the accepter transit gateway. - status: - allOf: - - $ref: '#/components/schemas/PeeringAttachmentStatus' - - description: The status of the transit gateway peering attachment. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentState' - - description: The state of the transit gateway peering attachment. Note that the initiating state has been deprecated. - creationTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time the transit gateway peering attachment was created. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the transit gateway peering attachment. - description: Describes the transit gateway peering attachment. - AcceptTransitGatewayVpcAttachmentRequest: - type: object - required: - - TransitGatewayAttachmentId - title: AcceptTransitGatewayVpcAttachmentRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayVpcAttachment: - type: object - properties: - transitGatewayAttachmentId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the attachment. - transitGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - vpcOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the VPC. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentState' - - description: The state of the VPC attachment. Note that the initiating state has been deprecated. - subnetIds: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The IDs of the subnets. - creationTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The creation time. - options: - allOf: - - $ref: '#/components/schemas/TransitGatewayVpcAttachmentOptions' - - description: The VPC attachment options. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the VPC attachment. - description: Describes a VPC attachment. - VpcEndpointIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcEndpointId' - - xml: - name: item - AcceptVpcEndpointConnectionsRequest: - type: object - required: - - ServiceId - - VpcEndpointIds - title: AcceptVpcEndpointConnectionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpcEndpointServiceId' - - description: The ID of the VPC endpoint service. - VpcEndpointId: - allOf: - - $ref: '#/components/schemas/VpcEndpointIdList' - - description: The IDs of one or more interface VPC endpoints. - UnsuccessfulItemSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/UnsuccessfulItem' - - xml: - name: item - AcceptVpcPeeringConnectionRequest: - type: object - title: AcceptVpcPeeringConnectionRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - vpcPeeringConnectionId: - allOf: - - $ref: '#/components/schemas/VpcPeeringConnectionId' - - description: The ID of the VPC peering connection. You must specify this parameter in the request. - VpcPeeringConnection: - type: object - properties: - accepterVpcInfo: - allOf: - - $ref: '#/components/schemas/VpcPeeringConnectionVpcInfo' - - description: Information about the accepter VPC. CIDR block information is only returned when describing an active VPC peering connection. - expirationTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time that an unaccepted VPC peering connection will expire. - requesterVpcInfo: - allOf: - - $ref: '#/components/schemas/VpcPeeringConnectionVpcInfo' - - description: Information about the requester VPC. CIDR block information is only returned when describing an active VPC peering connection. - status: - allOf: - - $ref: '#/components/schemas/VpcPeeringConnectionStateReason' - - description: The status of the VPC peering connection. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the resource. - vpcPeeringConnectionId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC peering connection. - description: Describes a VPC peering connection. - PathComponentList: - type: array - items: - allOf: - - $ref: '#/components/schemas/PathComponent' - - xml: - name: item - AccessScopeAnalysisFinding: - type: object - properties: - networkInsightsAccessScopeAnalysisId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysisId' - - description: The ID of the Network Access Scope analysis. - networkInsightsAccessScopeId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' - - description: The ID of the Network Access Scope. - findingId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the finding. - findingComponentSet: - allOf: - - $ref: '#/components/schemas/PathComponentList' - - description: The finding components. - description: Describes a finding for a Network Access Scope. - AccessScopeAnalysisFindingList: - type: array - items: - allOf: - - $ref: '#/components/schemas/AccessScopeAnalysisFinding' - - xml: - name: item - PathStatement: - type: object - properties: - packetHeaderStatement: - allOf: - - $ref: '#/components/schemas/PacketHeaderStatement' - - description: The packet header statement. - resourceStatement: - allOf: - - $ref: '#/components/schemas/ResourceStatement' - - description: The resource statement. - description: Describes a path statement. - ThroughResourcesStatementList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ThroughResourcesStatement' - - xml: - name: item - AccessScopePath: - type: object - properties: - source: - allOf: - - $ref: '#/components/schemas/PathStatement' - - description: The source. - destination: - allOf: - - $ref: '#/components/schemas/PathStatement' - - description: The destination. - throughResourceSet: - allOf: - - $ref: '#/components/schemas/ThroughResourcesStatementList' - - description: The through resources. - description: Describes a path. - AccessScopePathList: - type: array - items: - allOf: - - $ref: '#/components/schemas/AccessScopePath' - - xml: - name: item - AccessScopePathListRequest: - type: array - items: - allOf: - - $ref: '#/components/schemas/AccessScopePathRequest' - - xml: - name: item - PathStatementRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ResourceStatementRequest' - - description: The resource statement. - description: Describes a path statement. - ThroughResourcesStatementRequestList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ThroughResourcesStatementRequest' - - xml: - name: item - AccountAttributeValueList: - type: array - items: - allOf: - - $ref: '#/components/schemas/AccountAttributeValue' - - xml: - name: item - AccountAttribute: - type: object - properties: - attributeName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the account attribute. - attributeValueSet: - allOf: - - $ref: '#/components/schemas/AccountAttributeValueList' - - description: The values for the account attribute. - description: Describes an account attribute. - AccountAttributeList: - type: array - items: - allOf: - - $ref: '#/components/schemas/AccountAttribute' - - xml: - name: item - AccountAttributeNameStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/AccountAttributeName' - - xml: - name: attributeName - AccountAttributeValue: - type: object - properties: - attributeValue: - allOf: - - $ref: '#/components/schemas/String' - - description: The value of the attribute. - description: Describes a value of an account attribute. - InstanceHealthStatus: - type: string - enum: - - healthy - - unhealthy - ActiveInstance: - type: object - properties: - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - instanceType: - allOf: - - $ref: '#/components/schemas/String' - - description: The instance type. - spotInstanceRequestId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Spot Instance request. - instanceHealth: - allOf: - - $ref: '#/components/schemas/InstanceHealthStatus' - - description: 'The health status of the instance. If the status of either the instance status check or the system status check is impaired, the health status of the instance is unhealthy. Otherwise, the health status is healthy.' - description: Describes a running instance in a Spot Fleet. - ActiveInstanceSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ActiveInstance' - - xml: - name: item - ActivityStatus: - type: string - enum: - - error - - pending_fulfillment - - pending_termination - - fulfilled - AddIpamOperatingRegionSet: - type: array - items: - $ref: '#/components/schemas/AddIpamOperatingRegion' - minItems: 0 - maxItems: 50 - AddPrefixListEntries: - type: array - items: - $ref: '#/components/schemas/AddPrefixListEntry' - minItems: 0 - maxItems: 100 - AnalysisComponent: - type: object - properties: - id: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the component. - arn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the component. - name: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the analysis component. - description: Describes a path component. - AdditionalDetail: - type: object - properties: - additionalDetailType: - allOf: - - $ref: '#/components/schemas/String' - - description: The information type. - component: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The path component. - description: Describes an additional detail for a path analysis. - AdditionalDetailList: - type: array - items: - allOf: - - $ref: '#/components/schemas/AdditionalDetail' - - xml: - name: item - DomainType: - type: string - enum: - - vpc - - standard - Address: - type: object - properties: - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance that the address is associated with (if any). - publicIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The Elastic IP address. - allocationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID representing the allocation of the address for use with EC2-VPC. - associationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID representing the association of the address with an instance in a VPC. - domain: - allOf: - - $ref: '#/components/schemas/DomainType' - - description: Indicates whether this Elastic IP address is for use with instances in EC2-Classic (standard) or instances in a VPC (vpc). - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network interface. - networkInterfaceOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the network interface. - privateIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The private IP address associated with the Elastic IP address. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the Elastic IP address. - publicIpv4Pool: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of an address pool. - networkBorderGroup: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The name of the unique set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses.' - customerOwnedIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The customer-owned IP address. - customerOwnedIpv4Pool: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the customer-owned address pool. - carrierIp: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The carrier IP address associated. This option is only available for network interfaces which reside in a subnet in a Wavelength Zone (for example an EC2 instance). ' - description: 'Describes an Elastic IP address, or a carrier IP address.' - PublicIpAddress: - type: string - PtrUpdateStatus: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The value for the PTR record update. - status: - allOf: - - $ref: '#/components/schemas/String' - - description: The status of the PTR record update. - reason: - allOf: - - $ref: '#/components/schemas/String' - - description: The reason for the PTR record update. - description: The status of an updated pointer (PTR) record for an Elastic IP address. - AddressAttribute: - type: object - properties: - publicIp: - allOf: - - $ref: '#/components/schemas/PublicIpAddress' - - description: The public IP address. - allocationId: - allOf: - - $ref: '#/components/schemas/AllocationId' - - description: '[EC2-VPC] The allocation ID.' - ptrRecord: - allOf: - - $ref: '#/components/schemas/String' - - description: The pointer (PTR) record for the IP address. - ptrRecordUpdate: - allOf: - - $ref: '#/components/schemas/PtrUpdateStatus' - - description: The updated PTR record for the IP address. - description: The attributes associated with an Elastic IP address. - AddressAttributeName: - type: string - enum: - - domain-name - AddressFamily: - type: string - enum: - - ipv4 - - ipv6 - AddressList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Address' - - xml: - name: item - AddressMaxResults: - type: integer - minimum: 1 - maximum: 1000 - AddressSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/AddressAttribute' - - xml: - name: item - AdvertiseByoipCidrRequest: - type: object - required: - - Cidr - title: AdvertiseByoipCidrRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ByoipCidr: - type: object - properties: - cidr: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The address range, in CIDR notation.' - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the address range. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Upon success, contains the ID of the address pool. Otherwise, contains an error message.' - state: - allOf: - - $ref: '#/components/schemas/ByoipCidrState' - - description: The state of the address pool. - description: Information about an address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP). - Affinity: - type: string - enum: - - default - - host - AllocateAddressRequest: - type: object - title: AllocateAddressRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ID of a customer-owned address pool. Use this parameter to let Amazon EC2 select an address from the address pool. Alternatively, specify a specific address from the address pool.' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to assign to the Elastic IP address. - AutoPlacement: - type: string - enum: - - 'on' - - 'off' - AllocateHostsRequest: - type: object - required: - - AvailabilityZone - - Quantity - title: AllocateHostsRequest - properties: - autoPlacement: - allOf: - - $ref: '#/components/schemas/AutoPlacement' - - description: '

Indicates whether the host accepts any untargeted instance launches that match its instance type configuration, or if it only accepts Host tenancy instance launches that specify its unique host ID. For more information, see Understanding auto-placement and affinity in the Amazon EC2 User Guide.

Default: on

' - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone in which to allocate the Dedicated Host. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' - instanceType: - allOf: - - $ref: '#/components/schemas/String' - - description: '

Specifies the instance family to be supported by the Dedicated Hosts. If you specify an instance family, the Dedicated Hosts support multiple instance types within that instance family.

If you want the Dedicated Hosts to support a specific instance type only, omit this parameter and specify InstanceType instead. You cannot specify InstanceFamily and InstanceType in the same request.

' - quantity: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of Dedicated Hosts to allocate to your account with these parameters. - TagSpecification: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Amazon Web Services Outpost on which to allocate the Dedicated Host. - ResponseHostIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - IpamPoolAllocationDisallowedCidrs: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - AllocateIpamPoolCidrRequest: - type: object - required: - - IpamPoolId - title: AllocateIpamPoolCidrRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: A preview of the next available CIDR in a pool. - DisallowedCidr: - allOf: - - $ref: '#/components/schemas/IpamPoolAllocationDisallowedCidrs' - - description: Exclude a particular CIDR range from being returned by the pool. - IpamPoolAllocation: - type: object - properties: - cidr: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The CIDR for the allocation. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is 10.24.34.0/23. An IPv6 CIDR example is 2001:DB8::/32.' - ipamPoolAllocationId: - allOf: - - $ref: '#/components/schemas/IpamPoolAllocationId' - - description: The ID of an allocation. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description of the pool allocation. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource. - resourceType: - allOf: - - $ref: '#/components/schemas/IpamPoolAllocationResourceType' - - description: The type of the resource. - resourceRegion: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services Region of the resource. - resourceOwner: - allOf: - - $ref: '#/components/schemas/String' - - description: The owner of the resource. - description: 'In IPAM, an allocation is a CIDR assignment from an IPAM pool to another resource or IPAM pool.' - AllocationIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/AllocationId' - - xml: - name: AllocationId - AllocationIds: - type: array - items: - allOf: - - $ref: '#/components/schemas/AllocationId' - - xml: - name: item - AllocationState: - type: string - enum: - - available - - under-assessment - - permanent-failure - - released - - released-permanent-failure - - pending - PrincipalType: - type: string - enum: - - All - - Service - - OrganizationUnit - - Account - - User - - Role - AllowedPrincipal: - type: object - properties: - principalType: - allOf: - - $ref: '#/components/schemas/PrincipalType' - - description: The type of principal. - principal: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the principal. - description: Describes a principal. - AllowedPrincipalSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/AllowedPrincipal' - - xml: - name: item - AllowsMultipleInstanceTypes: - type: string - enum: - - 'on' - - 'off' - AlternatePathHint: - type: object - properties: - componentId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the component. - componentArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the component. - description: Describes an potential intermediate component of a feasible path. - AlternatePathHintList: - type: array - items: - allOf: - - $ref: '#/components/schemas/AlternatePathHint' - - xml: - name: item - PortRange: - type: object - properties: - from: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The first port in the range. - to: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The last port in the range. - description: Describes a range of ports. - AnalysisAclRule: - type: object - properties: - cidr: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv4 address range, in CIDR notation.' - egress: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the rule is an outbound rule. - portRange: - allOf: - - $ref: '#/components/schemas/PortRange' - - description: The range of ports. - protocol: - allOf: - - $ref: '#/components/schemas/String' - - description: The protocol. - ruleAction: - allOf: - - $ref: '#/components/schemas/String' - - description: Indicates whether to allow or deny traffic that matches the rule. - ruleNumber: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The rule number. - description: Describes a network access control (ACL) rule. - AnalysisComponentList: - type: array - items: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - xml: - name: item - Port: - type: integer - minimum: 1 - maximum: 65535 - AnalysisLoadBalancerListener: - type: object - properties: - loadBalancerPort: - allOf: - - $ref: '#/components/schemas/Port' - - description: The port on which the load balancer is listening. - instancePort: - allOf: - - $ref: '#/components/schemas/Port' - - description: '[Classic Load Balancers] The back-end port for the listener.' - description: Describes a load balancer listener. - IpAddress: - type: string - pattern: '^([0-9]{1,3}.){3}[0-9]{1,3}$' - minLength: 0 - maxLength: 15 - AnalysisLoadBalancerTarget: - type: object - properties: - address: - allOf: - - $ref: '#/components/schemas/IpAddress' - - description: The IP address. - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone. - instance: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: Information about the instance. - port: - allOf: - - $ref: '#/components/schemas/Port' - - description: The port on which the target is listening. - description: Describes a load balancer target. - IpAddressList: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpAddress' - - xml: - name: item - PortRangeList: - type: array - items: - allOf: - - $ref: '#/components/schemas/PortRange' - - xml: - name: item - AnalysisPacketHeader: - type: object - properties: - destinationAddressSet: - allOf: - - $ref: '#/components/schemas/IpAddressList' - - description: The destination addresses. - destinationPortRangeSet: - allOf: - - $ref: '#/components/schemas/PortRangeList' - - description: The destination port ranges. - protocol: - allOf: - - $ref: '#/components/schemas/String' - - description: The protocol. - sourceAddressSet: - allOf: - - $ref: '#/components/schemas/IpAddressList' - - description: The source addresses. - sourcePortRangeSet: - allOf: - - $ref: '#/components/schemas/PortRangeList' - - description: The source port ranges. - description: Describes a header. Reflects any changes made by a component as traffic passes through. The fields of an inbound header are null except for the first component of a path. - AnalysisRouteTableRoute: - type: object - properties: - destinationCidr: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The destination IPv4 address, in CIDR notation.' - destinationPrefixListId: - allOf: - - $ref: '#/components/schemas/String' - - description: The prefix of the Amazon Web Service. - egressOnlyInternetGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of an egress-only internet gateway. - gatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ID of the gateway, such as an internet gateway or virtual private gateway.' - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ID of the instance, such as a NAT instance.' - natGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of a NAT gateway. - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of a network interface. - origin: - allOf: - - $ref: '#/components/schemas/String' - - description: '

Describes how the route was created. The following are the possible values:

' - transitGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of a transit gateway. - vpcPeeringConnectionId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of a VPC peering connection. - description: Describes a route table route. - AnalysisSecurityGroupRule: - type: object - properties: - cidr: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv4 address range, in CIDR notation.' - direction: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The direction. The following are the possible values:

' - securityGroupId: - allOf: - - $ref: '#/components/schemas/String' - - description: The security group ID. - portRange: - allOf: - - $ref: '#/components/schemas/PortRange' - - description: The port range. - prefixListId: - allOf: - - $ref: '#/components/schemas/String' - - description: The prefix list ID. - protocol: - allOf: - - $ref: '#/components/schemas/String' - - description: The protocol name. - description: Describes a security group rule. - AnalysisStatus: - type: string - enum: - - running - - succeeded - - failed - ApplySecurityGroupsToClientVpnTargetNetworkRequest: - type: object - required: - - ClientVpnEndpointId - - VpcId - - SecurityGroupIds - title: ApplySecurityGroupsToClientVpnTargetNetworkRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC in which the associated target network is located. - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ClientVpnSecurityGroupIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: item - ArchitectureTypeList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ArchitectureType' - - xml: - name: item - ArnList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - xml: - name: item - IpPrefixList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - AssignIpv6AddressesRequest: - type: object - required: - - NetworkInterfaceId - title: AssignIpv6AddressesRequest - properties: - ipv6AddressCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of additional IPv6 addresses to assign to the network interface. The specified number of IPv6 addresses are assigned in addition to the existing IPv6 addresses that are already assigned to the network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. You can't use this option if specifying specific IPv6 addresses. - ipv6Addresses: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of IPv6 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv6Prefixes option. - Ipv6Prefix: - allOf: - - $ref: '#/components/schemas/IpPrefixList' - - description: One or more IPv6 prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option. - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - description: The ID of the network interface. - Ipv6AddressList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - PrivateIpAddressStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: PrivateIpAddress - AssignPrivateIpAddressesRequest: - type: object - required: - - NetworkInterfaceId - title: AssignPrivateIpAddressesRequest - properties: - allowReassignment: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to allow an IP address that is already assigned to another network interface or instance to be reassigned to the specified network interface. - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - description: The ID of the network interface. - privateIpAddress: - allOf: - - $ref: '#/components/schemas/PrivateIpAddressStringList' - - description: '

One or more IP addresses to be assigned as a secondary private IP address to the network interface. You can''t specify this parameter when also specifying a number of secondary IP addresses.

If you don''t specify an IP address, Amazon EC2 automatically selects an IP address within the subnet range.

' - secondaryPrivateIpAddressCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of secondary IP addresses to assign to the network interface. You can't specify this parameter when also specifying private IP addresses. - Ipv4Prefix: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option. - description: Contains the parameters for AssignPrivateIpAddresses. - AssignedPrivateIpAddressList: - type: array - items: - allOf: - - $ref: '#/components/schemas/AssignedPrivateIpAddress' - - xml: - name: item - Ipv4PrefixesList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv4PrefixSpecification' - - xml: - name: item - AssignedPrivateIpAddress: - type: object - properties: - privateIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The private IP address assigned to the network interface. - description: Describes the private IP addresses assigned to a network interface. - AssociateAddressRequest: - type: object - title: AssociateAddressRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '[EC2-Classic] The Elastic IP address to associate with the instance. This is required for EC2-Classic.' - allowReassociation: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '[EC2-VPC] For a VPC in an EC2-Classic account, specify true to allow an Elastic IP address that is already associated with an instance or network interface to be reassociated with the specified instance or network interface. Otherwise, the operation fails. In a VPC in an EC2-VPC-only account, reassociation is automatic, therefore you can specify false to ensure the operation fails if the Elastic IP address is already associated with another resource.' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - description: '

[EC2-VPC] The ID of the network interface. If the instance has more than one network interface, you must specify a network interface ID.

For EC2-VPC, you can specify either the instance ID or the network interface ID, but not both.

' - privateIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: '[EC2-VPC] The primary or secondary private IP address to associate with the Elastic IP address. If no private IP address is specified, the Elastic IP address is associated with the primary private IP address.' - AssociateClientVpnTargetNetworkRequest: - type: object - required: - - ClientVpnEndpointId - - SubnetId - title: AssociateClientVpnTargetNetworkRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - AssociationStatus: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/AssociationStatusCode' - - description: The state of the target network association. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A message about the status of the target network association, if applicable.' - description: Describes the state of a target network association. - AssociateDhcpOptionsRequest: - type: object - required: - - DhcpOptionsId - - VpcId - title: AssociateDhcpOptionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - AssociateEnclaveCertificateIamRoleRequest: - type: object - title: AssociateEnclaveCertificateIamRoleRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - AssociateIamInstanceProfileRequest: - type: object - required: - - IamInstanceProfile - - InstanceId - title: AssociateIamInstanceProfileRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: The ID of the instance. - IamInstanceProfileAssociation: - type: object - properties: - associationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the association. - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - iamInstanceProfile: - allOf: - - $ref: '#/components/schemas/IamInstanceProfile' - - description: The IAM instance profile. - state: - allOf: - - $ref: '#/components/schemas/IamInstanceProfileAssociationState' - - description: The state of the association. - timestamp: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time the IAM instance profile was associated with the instance. - description: Describes an association between an IAM instance profile and an instance. - InstanceEventWindowAssociationRequest: - type: object - properties: - InstanceId: - allOf: - - $ref: '#/components/schemas/InstanceIdList' - - description: 'The IDs of the instances to associate with the event window. If the instance is on a Dedicated Host, you can''t specify the Instance ID parameter; you must use the Dedicated Host ID parameter.' - InstanceTag: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The instance tags to associate with the event window. Any instances associated with the tags will be associated with the event window. - DedicatedHostId: - allOf: - - $ref: '#/components/schemas/DedicatedHostIdList' - - description: The IDs of the Dedicated Hosts to associate with the event window. - description: 'One or more targets associated with the specified event window. Only one type of target (instance ID, instance tag, or Dedicated Host ID) can be associated with an event window.' - AssociateInstanceEventWindowRequest: - type: object - required: - - InstanceEventWindowId - - AssociationTarget - title: AssociateInstanceEventWindowRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowAssociationRequest' - - description: One or more targets associated with the specified event window. - InstanceEventWindow: - type: object - properties: - instanceEventWindowId: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowId' - - description: The ID of the event window. - timeRangeSet: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowTimeRangeList' - - description: One or more time ranges defined for the event window. - name: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the event window. - cronExpression: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowCronExpression' - - description: The cron expression defined for the event window. - associationTarget: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowAssociationTarget' - - description: One or more targets associated with the event window. - state: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowState' - - description: The current state of the event window. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The instance tags associated with the event window. - description: The event window. - RouteGatewayId: - type: string - AssociateRouteTableRequest: - type: object - required: - - RouteTableId - title: AssociateRouteTableRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - routeTableId: - allOf: - - $ref: '#/components/schemas/RouteTableId' - - description: The ID of the route table. - subnetId: - allOf: - - $ref: '#/components/schemas/RouteGatewayId' - - description: The ID of the internet gateway or virtual private gateway. - RouteTableAssociationState: - type: object - properties: - state: - allOf: - - $ref: '#/components/schemas/RouteTableAssociationStateCode' - - description: The state of the association. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The status message, if applicable.' - description: Describes the state of an association between a route table and a subnet or gateway. - AssociateSubnetCidrBlockRequest: - type: object - required: - - Ipv6CidrBlock - - SubnetId - title: AssociateSubnetCidrBlockRequest - properties: - ipv6CidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 CIDR block for your subnet. The subnet must have a /64 prefix length. - subnetId: - allOf: - - $ref: '#/components/schemas/SubnetId' - - description: The ID of your subnet. - SubnetIpv6CidrBlockAssociation: - type: object - properties: - associationId: - allOf: - - $ref: '#/components/schemas/SubnetCidrAssociationId' - - description: The ID of the association. - ipv6CidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 CIDR block. - ipv6CidrBlockState: - allOf: - - $ref: '#/components/schemas/SubnetCidrBlockState' - - description: The state of the CIDR block. - description: Describes an association between a subnet and an IPv6 CIDR block. - AssociateTransitGatewayMulticastDomainRequest: - type: object - title: AssociateTransitGatewayMulticastDomainRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - AssociateTransitGatewayRouteTableRequest: - type: object - required: - - TransitGatewayRouteTableId - - TransitGatewayAttachmentId - title: AssociateTransitGatewayRouteTableRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayAssociation: - type: object - properties: - transitGatewayRouteTableId: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableId' - - description: The ID of the transit gateway route table. - transitGatewayAttachmentId: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentId' - - description: The ID of the attachment. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource. - resourceType: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' - - description: The resource type. Note that the tgw-peering resource type has been deprecated. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayAssociationState' - - description: The state of the association. - description: Describes an association between a resource attachment and a transit gateway route table. - AssociateTrunkInterfaceRequest: - type: object - required: - - BranchInterfaceId - - TrunkInterfaceId - title: AssociateTrunkInterfaceRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TrunkInterfaceAssociation: - type: object - properties: - associationId: - allOf: - - $ref: '#/components/schemas/TrunkInterfaceAssociationId' - - description: The ID of the association. - branchInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the branch network interface. - trunkInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the trunk network interface. - interfaceProtocol: - allOf: - - $ref: '#/components/schemas/InterfaceProtocolType' - - description: The interface protocol. Valid values are VLAN and GRE. - vlanId: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The ID of the VLAN when you use the VLAN protocol. - greKey: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The application key when you use the GRE protocol. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the trunk interface association. - description: '

Currently available in limited preview only. If you are interested in using this feature, contact your account manager.

Information about an association between a branch network interface with a trunk network interface.

' - NetmaskLength: - type: integer - AssociateVpcCidrBlockRequest: - type: object - required: - - VpcId - title: AssociateVpcCidrBlockRequest - properties: - amazonProvidedIpv6CidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: An IPv4 CIDR block to associate with the VPC. - vpcId: - allOf: - - $ref: '#/components/schemas/NetmaskLength' - - description: 'The netmask length of the IPv6 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide. ' - VpcIpv6CidrBlockAssociation: - type: object - properties: - associationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The association ID for the IPv6 CIDR block. - ipv6CidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 CIDR block. - ipv6CidrBlockState: - allOf: - - $ref: '#/components/schemas/VpcCidrBlockState' - - description: Information about the state of the CIDR block. - networkBorderGroup: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The name of the unique set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses, for example, us-east-1-wl1-bos-wlz-1.' - ipv6Pool: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated. - description: Describes an IPv6 CIDR block associated with a VPC. - VpcCidrBlockAssociation: - type: object - properties: - associationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The association ID for the IPv4 CIDR block. - cidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv4 CIDR block. - cidrBlockState: - allOf: - - $ref: '#/components/schemas/VpcCidrBlockState' - - description: Information about the state of the CIDR block. - description: Describes an IPv4 CIDR block associated with a VPC. - AssociatedNetworkType: - type: string - enum: - - vpc - AssociatedRole: - type: object - properties: - associatedRoleArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The ARN of the associated IAM role. - certificateS3BucketName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the Amazon S3 bucket in which the Amazon S3 object is stored. - certificateS3ObjectKey: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The key of the Amazon S3 object ey where the certificate, certificate chain, and encrypted private key bundle is stored. The object key is formated as follows: role_arn/certificate_arn. ' - encryptionKmsKeyId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the KMS customer master key (CMK) used to encrypt the private key. - description: Information about the associated IAM roles. - AssociatedRolesList: - type: array - items: - allOf: - - $ref: '#/components/schemas/AssociatedRole' - - xml: - name: item - AssociatedTargetNetwork: - type: object - properties: - networkId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the subnet. - networkType: - allOf: - - $ref: '#/components/schemas/AssociatedNetworkType' - - description: The target network type. - description: Describes a target network that is associated with a Client VPN endpoint. A target network is a subnet in a VPC. - AssociatedTargetNetworkSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/AssociatedTargetNetwork' - - xml: - name: item - AssociationIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/IamInstanceProfileAssociationId' - - xml: - name: AssociationId - AssociationStatusCode: - type: string - enum: - - associating - - associated - - association-failed - - disassociating - - disassociated - MillisecondDateTime: - type: string - format: date-time - AthenaIntegration: - type: object - required: - - IntegrationResultS3DestinationArn - - PartitionLoadFrequency - properties: - undefined: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The end date for the partition. - description: Describes integration options for Amazon Athena. - GroupIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: groupId - AttachClassicLinkVpcRequest: - type: object - required: - - Groups - - InstanceId - - VpcId - title: AttachClassicLinkVpcRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/GroupIdStringList' - - description: The ID of one or more of the VPC's security groups. You cannot specify security groups from a different VPC. - instanceId: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: The ID of an EC2-Classic instance to link to the ClassicLink-enabled VPC. - vpcId: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of a ClassicLink-enabled VPC. - AttachInternetGatewayRequest: - type: object - required: - - InternetGatewayId - - VpcId - title: AttachInternetGatewayRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - internetGatewayId: - allOf: - - $ref: '#/components/schemas/InternetGatewayId' - - description: The ID of the internet gateway. - vpcId: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - AttachNetworkInterfaceRequest: - type: object - required: - - DeviceIndex - - InstanceId - - NetworkInterfaceId - title: AttachNetworkInterfaceRequest - properties: - deviceIndex: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The index of the device for the network interface attachment. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - instanceId: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: The ID of the instance. - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0. - description: Contains the parameters for AttachNetworkInterface. - AttachVolumeRequest: - type: object - required: - - Device - - InstanceId - - VolumeId - title: AttachVolumeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VolumeId' - - description: The ID of the EBS volume. The volume and instance must be within the same Availability Zone. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - AttachVpnGatewayRequest: - type: object - required: - - VpcId - - VpnGatewayId - title: AttachVpnGatewayRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpnGatewayId' - - description: The ID of the virtual private gateway. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for AttachVpnGateway. - VpcAttachment: - type: object - properties: - state: - allOf: - - $ref: '#/components/schemas/AttachmentStatus' - - description: The current state of the attachment. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - description: Describes an attachment between a virtual private gateway and a VPC. - AttachmentStatus: - type: string - enum: - - attaching - - attached - - detaching - - detached - AttributeBooleanValue: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The attribute value. The valid values are true or false. - description: Describes a value for a resource attribute that is a Boolean value. - AttributeValue: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The attribute value. The value is case-sensitive. - description: Describes a value for a resource attribute that is a String. - ClientVpnAuthorizationRuleStatus: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/ClientVpnAuthorizationRuleStatusCode' - - description: The state of the authorization rule. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A message about the status of the authorization rule, if applicable.' - description: Describes the state of an authorization rule. - AuthorizationRule: - type: object - properties: - clientVpnEndpointId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Client VPN endpoint with which the authorization rule is associated. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A brief description of the authorization rule. - groupId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Active Directory group to which the authorization rule grants access. - accessAll: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the authorization rule grants access to all clients. - destinationCidr: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv4 address range, in CIDR notation, of the network to which the authorization rule applies.' - status: - allOf: - - $ref: '#/components/schemas/ClientVpnAuthorizationRuleStatus' - - description: The current state of the authorization rule. - description: Information about an authorization rule. - AuthorizationRuleSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/AuthorizationRule' - - xml: - name: item - AuthorizeClientVpnIngressRequest: - type: object - required: - - ClientVpnEndpointId - - TargetNetworkCidr - title: AuthorizeClientVpnIngressRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - IpPermissionList: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpPermission' - - xml: - name: item - AuthorizeSecurityGroupEgressRequest: - type: object - required: - - GroupId - title: AuthorizeSecurityGroupEgressRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - groupId: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - description: The ID of the security group. - ipPermissions: - allOf: - - $ref: '#/components/schemas/IpPermissionList' - - description: The sets of IP permissions. You can't specify a destination security group and a CIDR IP address range in the same set of permissions. - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags applied to the security group rule. - cidrIp: - allOf: - - $ref: '#/components/schemas/String' - - description: Not supported. Use a set of IP permissions to specify the CIDR. - fromPort: - allOf: - - $ref: '#/components/schemas/Integer' - - description: Not supported. Use a set of IP permissions to specify the port. - ipProtocol: - allOf: - - $ref: '#/components/schemas/String' - - description: Not supported. Use a set of IP permissions to specify the protocol name or number. - toPort: - allOf: - - $ref: '#/components/schemas/Integer' - - description: Not supported. Use a set of IP permissions to specify the port. - sourceSecurityGroupName: - allOf: - - $ref: '#/components/schemas/String' - - description: Not supported. Use a set of IP permissions to specify a destination security group. - sourceSecurityGroupOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: Not supported. Use a set of IP permissions to specify a destination security group. - SecurityGroupRuleList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupRule' - - xml: - name: item - AuthorizeSecurityGroupIngressRequest: - type: object - title: AuthorizeSecurityGroupIngressRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all codes. If you specify all ICMP types, you must specify all codes.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: '[VPC Only] The tags applied to the security group rule.' - AutoAcceptSharedAttachmentsValue: - type: string - enum: - - enable - - disable - AutoRecoveryFlag: - type: boolean - AvailabilityZoneState: - type: string - enum: - - available - - information - - impaired - - unavailable - AvailabilityZoneOptInStatus: - type: string - enum: - - opt-in-not-required - - opted-in - - not-opted-in - AvailabilityZoneMessageList: - type: array - items: - allOf: - - $ref: '#/components/schemas/AvailabilityZoneMessage' - - xml: - name: item - AvailabilityZone: - type: object - properties: - zoneState: - allOf: - - $ref: '#/components/schemas/AvailabilityZoneState' - - description: 'The state of the Availability Zone, Local Zone, or Wavelength Zone. This value is always available.' - optInStatus: - allOf: - - $ref: '#/components/schemas/AvailabilityZoneOptInStatus' - - description: '

For Availability Zones, this parameter always has the value of opt-in-not-required.

For Local Zones and Wavelength Zones, this parameter is the opt-in status. The possible values are opted-in, and not-opted-in.

' - messageSet: - allOf: - - $ref: '#/components/schemas/AvailabilityZoneMessageList' - - description: 'Any messages about the Availability Zone, Local Zone, or Wavelength Zone.' - regionName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the Region. - zoneName: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The name of the Availability Zone, Local Zone, or Wavelength Zone.' - zoneId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ID of the Availability Zone, Local Zone, or Wavelength Zone.' - groupName: - allOf: - - $ref: '#/components/schemas/String' - - description: '

For Availability Zones, this parameter has the same value as the Region name.

For Local Zones, the name of the associated group, for example us-west-2-lax-1.

For Wavelength Zones, the name of the associated group, for example us-east-1-wl1-bos-wlz-1.

' - networkBorderGroup: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the network border group. - zoneType: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The type of zone. The valid values are availability-zone, local-zone, and wavelength-zone.' - parentZoneName: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The name of the zone that handles some of the Local Zone or Wavelength Zone control plane operations, such as API calls.' - parentZoneId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ID of the zone that handles some of the Local Zone or Wavelength Zone control plane operations, such as API calls.' - description: 'Describes Availability Zones, Local Zones, and Wavelength Zones.' - AvailabilityZoneList: - type: array - items: - allOf: - - $ref: '#/components/schemas/AvailabilityZone' - - xml: - name: item - AvailabilityZoneMessage: - type: object - properties: - message: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The message about the Availability Zone, Local Zone, or Wavelength Zone.' - description: 'Describes a message about an Availability Zone, Local Zone, or Wavelength Zone.' - AvailabilityZoneStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: AvailabilityZone - AvailableInstanceCapacityList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceCapacity' - - xml: - name: item - AvailableCapacity: - type: object - properties: - availableInstanceCapacity: - allOf: - - $ref: '#/components/schemas/AvailableInstanceCapacityList' - - description: 'The number of instances that can be launched onto the Dedicated Host depending on the host''s available capacity. For Dedicated Hosts that support multiple instance types, this parameter represents the number of instances for each instance size that is supported on the host.' - availableVCpus: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of vCPUs available for launching instances onto the Dedicated Host. - description: 'The capacity information for instances that can be launched onto the Dedicated Host. ' - InstanceCapacity: - type: object - properties: - availableCapacity: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of instances that can be launched onto the Dedicated Host based on the host's available capacity. - instanceType: - allOf: - - $ref: '#/components/schemas/String' - - description: The instance type supported by the Dedicated Host. - totalCapacity: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The total number of instances that can be launched onto the Dedicated Host if there are no instances running on it. - description: Information about the number of instances that can be launched onto the Dedicated Host. - BareMetal: - type: string - enum: - - included - - required - - excluded - BareMetalFlag: - type: boolean - BaselineBandwidthInMbps: - type: integer - BaselineEbsBandwidthMbps: - type: object - properties: - min: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The minimum baseline bandwidth, in Mbps. If this parameter is not specified, there is no minimum limit.' - max: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum baseline bandwidth, in Mbps. If this parameter is not specified, there is no maximum limit.' - description: 'The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.' - BaselineIops: - type: integer - BaselineThroughputInMBps: - type: number - format: double - BatchState: - type: string - enum: - - submitted - - active - - cancelled - - failed - - cancelled_running - - cancelled_terminating - - modifying - BgpStatus: - type: string - enum: - - up - - down - BillingProductList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - BlobAttributeValue: - type: object - properties: - value: - $ref: '#/components/schemas/Blob' - EbsBlockDevice: - type: object - properties: - deleteOnTermination: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Indicates whether the EBS volume is deleted on instance termination. For more information, see Preserving Amazon EBS volumes on instance termination in the Amazon EC2 User Guide.' - iops: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.

The following are the supported values for each volume type:

For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built on the Nitro System. Other instance families guarantee performance up to 32,000 IOPS.

This parameter is required for io1 and io2 volumes. The default for gp3 volumes is 3,000 IOPS. This parameter is not supported for gp2, st1, sc1, or standard volumes.

' - snapshotId: - allOf: - - $ref: '#/components/schemas/SnapshotId' - - description: The ID of the snapshot. - volumeSize: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.

The following are the supported volumes sizes for each volume type:

' - volumeType: - allOf: - - $ref: '#/components/schemas/String' - - description: '

Identifier (key ID, key alias, ID ARN, or alias ARN) for a customer managed CMK under which the EBS volume is encrypted.

This parameter is only supported on BlockDeviceMapping objects called by RunInstances, RequestSpotFleet, and RequestSpotInstances.

' - throughput: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The throughput that the volume supports, in MiB/s.

This parameter is valid only for gp3 volumes.

Valid Range: Minimum value of 125. Maximum value of 1000.

' - outpostArn: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The ARN of the Outpost on which the snapshot is stored.

This parameter is only supported on BlockDeviceMapping objects called by CreateImage.

' - encrypted: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Indicates whether the encryption state of an EBS volume is changed while being restored from a backing snapshot. The effect of setting the encryption state to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see Amazon EBS encryption in the Amazon EC2 User Guide.

In no case can you remove encryption from an encrypted volume.

Encrypted volumes can only be attached to instances that support Amazon EBS encryption. For more information, see Supported instance types.

This parameter is not returned by DescribeImageAttribute.

' - description: Describes a block device for an EBS volume. - BlockDeviceMappingRequestList: - type: array - items: - allOf: - - $ref: '#/components/schemas/BlockDeviceMapping' - - xml: - name: BlockDeviceMapping - BootModeType: - type: string - enum: - - legacy-bios - - uefi - BootModeTypeList: - type: array - items: - allOf: - - $ref: '#/components/schemas/BootModeType' - - xml: - name: item - BootModeValues: - type: string - enum: - - legacy-bios - - uefi - BoxedDouble: - type: number - format: double - BundleIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/BundleId' - - xml: - name: BundleId - Storage: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/S3Storage' - - description: An Amazon S3 storage location. - description: Describes the storage location for an instance store-backed AMI. - BundleInstanceRequest: - type: object - required: - - InstanceId - - Storage - title: BundleInstanceRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Storage' - - description: 'The bucket in which to store the AMI. You can specify a bucket that you already own or a new bucket that Amazon EC2 creates on your behalf. If you specify a bucket that belongs to someone else, Amazon EC2 returns an error.' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for BundleInstance. - BundleTask: - type: object - properties: - bundleId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the bundle task. - error: - allOf: - - $ref: '#/components/schemas/BundleTaskError' - - description: 'If the task fails, a description of the error.' - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance associated with this bundle task. - progress: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The level of task completion, as a percent (for example, 20%).' - startTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time this task started. - state: - allOf: - - $ref: '#/components/schemas/BundleTaskState' - - description: The state of the task. - storage: - allOf: - - $ref: '#/components/schemas/Storage' - - description: The Amazon S3 storage locations. - updateTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time of the most recent update for the task. - description: Describes a bundle task. - BundleTaskError: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/String' - - description: The error code. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: The error message. - description: Describes an error for BundleInstance. - BundleTaskState: - type: string - enum: - - pending - - waiting-for-shutdown - - bundling - - storing - - cancelling - - complete - - failed - BundleTaskList: - type: array - items: - allOf: - - $ref: '#/components/schemas/BundleTask' - - xml: - name: item - BurstablePerformance: - type: string - enum: - - included - - required - - excluded - BurstablePerformanceFlag: - type: boolean - ByoipCidrState: - type: string - enum: - - advertised - - deprovisioned - - failed-deprovision - - failed-provision - - pending-deprovision - - pending-provision - - provisioned - - provisioned-not-publicly-advertisable - ByoipCidrSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ByoipCidr' - - xml: - name: item - CancelBatchErrorCode: - type: string - enum: - - fleetRequestIdDoesNotExist - - fleetRequestIdMalformed - - fleetRequestNotInCancellableState - - unexpectedError - CancelBundleTaskRequest: - type: object - required: - - BundleId - title: CancelBundleTaskRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/BundleId' - - description: The ID of the bundle task. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for CancelBundleTask. - CancelCapacityReservationFleetErrorCode: - type: string - CancelCapacityReservationFleetErrorMessage: - type: string - CancelCapacityReservationFleetError: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/CancelCapacityReservationFleetErrorCode' - - description: The error code. - message: - allOf: - - $ref: '#/components/schemas/CancelCapacityReservationFleetErrorMessage' - - description: The error message. - description: Describes a Capacity Reservation Fleet cancellation error. - CapacityReservationFleetIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleetId' - - xml: - name: item - CancelCapacityReservationFleetsRequest: - type: object - required: - - CapacityReservationFleetIds - title: CancelCapacityReservationFleetsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - CapacityReservationFleetId: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleetIdSet' - - description: The IDs of the Capacity Reservation Fleets to cancel. - CapacityReservationFleetCancellationStateSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleetCancellationState' - - xml: - name: item - FailedCapacityReservationFleetCancellationResultSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/FailedCapacityReservationFleetCancellationResult' - - xml: - name: item - CancelCapacityReservationRequest: - type: object - required: - - CapacityReservationId - title: CancelCapacityReservationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - CancelConversionRequest: - type: object - required: - - ConversionTaskId - title: CancelConversionRequest - properties: - conversionTaskId: - allOf: - - $ref: '#/components/schemas/ConversionTaskId' - - description: The ID of the conversion task. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - reasonMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: The reason for canceling the conversion task. - ExportVmTaskId: - type: string - CancelExportTaskRequest: - type: object - required: - - ExportTaskId - title: CancelExportTaskRequest - properties: - exportTaskId: - allOf: - - $ref: '#/components/schemas/ExportVmTaskId' - - description: The ID of the export task. This is the ID returned by CreateInstanceExportTask. - ImportTaskId: - type: string - CancelImportTaskRequest: - type: object - title: CancelImportTaskRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ImportTaskId' - - description: The ID of the import image or import snapshot task to be canceled. - ReservedInstancesListingId: - type: string - CancelReservedInstancesListingRequest: - type: object - required: - - ReservedInstancesListingId - title: CancelReservedInstancesListingRequest - properties: - reservedInstancesListingId: - allOf: - - $ref: '#/components/schemas/ReservedInstancesListingId' - - description: The ID of the Reserved Instance listing. - description: Contains the parameters for CancelReservedInstancesListing. - ReservedInstancesListingList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservedInstancesListing' - - xml: - name: item - CancelSpotFleetRequestsError: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/CancelBatchErrorCode' - - description: The error code. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: The description for the error code. - description: Describes a Spot Fleet error. - CancelSpotFleetRequestsErrorItem: - type: object - properties: - error: - allOf: - - $ref: '#/components/schemas/CancelSpotFleetRequestsError' - - description: The error. - spotFleetRequestId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Spot Fleet request. - description: Describes a Spot Fleet request that was not successfully canceled. - CancelSpotFleetRequestsErrorSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/CancelSpotFleetRequestsErrorItem' - - xml: - name: item - SpotFleetRequestIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SpotFleetRequestId' - - xml: - name: item - CancelSpotFleetRequestsRequest: - type: object - required: - - SpotFleetRequestIds - - TerminateInstances - title: CancelSpotFleetRequestsRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - spotFleetRequestId: - allOf: - - $ref: '#/components/schemas/SpotFleetRequestIdList' - - description: The IDs of the Spot Fleet requests. - terminateInstances: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to terminate instances for a Spot Fleet request if it is canceled successfully. - description: Contains the parameters for CancelSpotFleetRequests. - CancelSpotFleetRequestsSuccessSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/CancelSpotFleetRequestsSuccessItem' - - xml: - name: item - CancelSpotFleetRequestsSuccessItem: - type: object - properties: - currentSpotFleetRequestState: - allOf: - - $ref: '#/components/schemas/BatchState' - - description: The current state of the Spot Fleet request. - previousSpotFleetRequestState: - allOf: - - $ref: '#/components/schemas/BatchState' - - description: The previous state of the Spot Fleet request. - spotFleetRequestId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Spot Fleet request. - description: Describes a Spot Fleet request that was successfully canceled. - CancelSpotInstanceRequestState: - type: string - enum: - - active - - open - - closed - - cancelled - - completed - SpotInstanceRequestIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SpotInstanceRequestId' - - xml: - name: SpotInstanceRequestId - CancelSpotInstanceRequestsRequest: - type: object - required: - - SpotInstanceRequestIds - title: CancelSpotInstanceRequestsRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - SpotInstanceRequestId: - allOf: - - $ref: '#/components/schemas/SpotInstanceRequestIdList' - - description: One or more Spot Instance request IDs. - description: Contains the parameters for CancelSpotInstanceRequests. - CancelledSpotInstanceRequestList: - type: array - items: - allOf: - - $ref: '#/components/schemas/CancelledSpotInstanceRequest' - - xml: - name: item - CancelledSpotInstanceRequest: - type: object - properties: - spotInstanceRequestId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Spot Instance request. - state: - allOf: - - $ref: '#/components/schemas/CancelSpotInstanceRequestState' - - description: The state of the Spot Instance request. - description: Describes a request to cancel a Spot Instance. - CapacityReservationInstancePlatform: - type: string - enum: - - Linux/UNIX - - Red Hat Enterprise Linux - - SUSE Linux - - Windows - - Windows with SQL Server - - Windows with SQL Server Enterprise - - Windows with SQL Server Standard - - Windows with SQL Server Web - - Linux with SQL Server Standard - - Linux with SQL Server Web - - Linux with SQL Server Enterprise - - RHEL with SQL Server Standard - - RHEL with SQL Server Enterprise - - RHEL with SQL Server Web - - RHEL with HA - - RHEL with HA and SQL Server Standard - - RHEL with HA and SQL Server Enterprise - CapacityReservationTenancy: - type: string - enum: - - default - - dedicated - CapacityReservationState: - type: string - enum: - - active - - expired - - cancelled - - pending - - failed - EndDateType: - type: string - enum: - - unlimited - - limited - InstanceMatchCriteria: - type: string - enum: - - open - - targeted - OutpostArn: - type: string - pattern: '^arn:aws([a-z-]+)?:outposts:[a-z\d-]+:\d{12}:outpost/op-[a-f0-9]{17}$' - PlacementGroupArn: - type: string - pattern: '^arn:aws([a-z-]+)?:ec2:[a-z\d-]+:\d{12}:placement-group/([^\s].+[^\s]){1,255}$' - CapacityReservation: - type: object - properties: - capacityReservationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Capacity Reservation. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the Capacity Reservation. - capacityReservationArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Capacity Reservation. - availabilityZoneId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone ID of the Capacity Reservation. - instanceType: - allOf: - - $ref: '#/components/schemas/String' - - description: The type of instance for which the Capacity Reservation reserves capacity. - instancePlatform: - allOf: - - $ref: '#/components/schemas/CapacityReservationInstancePlatform' - - description: The type of operating system for which the Capacity Reservation reserves capacity. - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone in which the capacity is reserved. - tenancy: - allOf: - - $ref: '#/components/schemas/CapacityReservationTenancy' - - description: '

Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:

' - totalInstanceCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The total number of instances for which the Capacity Reservation reserves capacity. - availableInstanceCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The remaining capacity. Indicates the number of instances that can be launched in the Capacity Reservation. - ebsOptimized: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the Capacity Reservation supports EBS-optimized instances. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS- optimized instance. - ephemeralStorage: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Indicates whether the Capacity Reservation supports instances with temporary, block-level storage.' - state: - allOf: - - $ref: '#/components/schemas/CapacityReservationState' - - description: '

The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:

' - startDate: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time at which the Capacity Reservation was started. - endDate: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation''s state changes to expired when it reaches its end date and time.' - endDateType: - allOf: - - $ref: '#/components/schemas/EndDateType' - - description: '

Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:

' - instanceMatchCriteria: - allOf: - - $ref: '#/components/schemas/InstanceMatchCriteria' - - description: '

Indicates the type of instance launches that the Capacity Reservation accepts. The options include:

' - createDate: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The date and time at which the Capacity Reservation was created. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the Capacity Reservation. - outpostArn: - allOf: - - $ref: '#/components/schemas/OutpostArn' - - description: The Amazon Resource Name (ARN) of the Outpost on which the Capacity Reservation was created. - capacityReservationFleetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Capacity Reservation Fleet to which the Capacity Reservation belongs. Only valid for Capacity Reservations that were created by a Capacity Reservation Fleet. - placementGroupArn: - allOf: - - $ref: '#/components/schemas/PlacementGroupArn' - - description: 'The Amazon Resource Name (ARN) of the cluster placement group in which the Capacity Reservation was created. For more information, see Capacity Reservations for cluster placement groups in the Amazon EC2 User Guide.' - description: Describes a Capacity Reservation. - CapacityReservationFleetState: - type: string - enum: - - submitted - - modifying - - active - - partially_fulfilled - - expiring - - expired - - cancelling - - cancelled - - failed - FleetCapacityReservationTenancy: - type: string - enum: - - default - FleetInstanceMatchCriteria: - type: string - enum: - - open - FleetCapacityReservationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/FleetCapacityReservation' - - xml: - name: item - CapacityReservationFleet: - type: object - properties: - capacityReservationFleetId: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleetId' - - description: The ID of the Capacity Reservation Fleet. - capacityReservationFleetArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The ARN of the Capacity Reservation Fleet. - state: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleetState' - - description: '

The state of the Capacity Reservation Fleet. Possible states include:

' - totalTargetCapacity: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The total number of capacity units for which the Capacity Reservation Fleet reserves capacity. For more information, see Total target capacity in the Amazon EC2 User Guide.' - totalFulfilledCapacity: - allOf: - - $ref: '#/components/schemas/Double' - - description: The capacity units that have been fulfilled. - tenancy: - allOf: - - $ref: '#/components/schemas/FleetCapacityReservationTenancy' - - description: '

The tenancy of the Capacity Reservation Fleet. Tenancies include:

' - endDate: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time at which the Capacity Reservation Fleet expires. - createTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time at which the Capacity Reservation Fleet was created. - instanceMatchCriteria: - allOf: - - $ref: '#/components/schemas/FleetInstanceMatchCriteria' - - description: '

Indicates the type of instance launches that the Capacity Reservation Fleet accepts. All Capacity Reservations in the Fleet inherit this instance matching criteria.

Currently, Capacity Reservation Fleets support open instance matching criteria only. This means that instances that have matching attributes (instance type, platform, and Availability Zone) run in the Capacity Reservations automatically. Instances do not need to explicitly target a Capacity Reservation Fleet to use its reserved capacity.

' - allocationStrategy: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The strategy used by the Capacity Reservation Fleet to determine which of the specified instance types to use. For more information, see For more information, see Allocation strategy in the Amazon EC2 User Guide.' - instanceTypeSpecificationSet: - allOf: - - $ref: '#/components/schemas/FleetCapacityReservationSet' - - description: Information about the instance types for which to reserve the capacity. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the Capacity Reservation Fleet. - description: Information about a Capacity Reservation Fleet. - CapacityReservationFleetCancellationState: - type: object - properties: - currentFleetState: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleetState' - - description: The current state of the Capacity Reservation Fleet. - previousFleetState: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleetState' - - description: The previous state of the Capacity Reservation Fleet. - capacityReservationFleetId: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleetId' - - description: The ID of the Capacity Reservation Fleet that was successfully cancelled. - description: Describes a Capacity Reservation Fleet that was successfully cancelled. - CapacityReservationFleetSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleet' - - xml: - name: item - CapacityReservationGroup: - type: object - properties: - groupArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The ARN of the resource group. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the resource group. - description: Describes a resource group to which a Capacity Reservation has been added. - CapacityReservationGroupSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/CapacityReservationGroup' - - xml: - name: item - CapacityReservationIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/CapacityReservationId' - - xml: - name: item - FleetCapacityReservationUsageStrategy: - type: string - enum: - - use-capacity-reservations-first - CapacityReservationOptions: - type: object - properties: - usageStrategy: - allOf: - - $ref: '#/components/schemas/FleetCapacityReservationUsageStrategy' - - description: '

Indicates whether to use unused Capacity Reservations for fulfilling On-Demand capacity.

If you specify use-capacity-reservations-first, the fleet uses unused Capacity Reservations to fulfill On-Demand capacity up to the target On-Demand capacity. If multiple instance pools have unused Capacity Reservations, the On-Demand allocation strategy (lowest-price or prioritized) is applied. If the number of unused Capacity Reservations is less than the On-Demand target capacity, the remaining On-Demand target capacity is launched according to the On-Demand allocation strategy (lowest-price or prioritized).

If you do not specify a value, the fleet fulfils the On-Demand capacity according to the chosen On-Demand allocation strategy.

' - description: '

Describes the strategy for using unused Capacity Reservations for fulfilling On-Demand capacity.

This strategy can only be used if the EC2 Fleet is of type instant.

For more information about Capacity Reservations, see On-Demand Capacity Reservations in the Amazon EC2 User Guide. For examples of using Capacity Reservations in an EC2 Fleet, see EC2 Fleet example configurations in the Amazon EC2 User Guide.

' - CapacityReservationOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/FleetCapacityReservationUsageStrategy' - - description: '

Indicates whether to use unused Capacity Reservations for fulfilling On-Demand capacity.

If you specify use-capacity-reservations-first, the fleet uses unused Capacity Reservations to fulfill On-Demand capacity up to the target On-Demand capacity. If multiple instance pools have unused Capacity Reservations, the On-Demand allocation strategy (lowest-price or prioritized) is applied. If the number of unused Capacity Reservations is less than the On-Demand target capacity, the remaining On-Demand target capacity is launched according to the On-Demand allocation strategy (lowest-price or prioritized).

If you do not specify a value, the fleet fulfils the On-Demand capacity according to the chosen On-Demand allocation strategy.

' - description: '

Describes the strategy for using unused Capacity Reservations for fulfilling On-Demand capacity.

This strategy can only be used if the EC2 Fleet is of type instant.

For more information about Capacity Reservations, see On-Demand Capacity Reservations in the Amazon EC2 User Guide. For examples of using Capacity Reservations in an EC2 Fleet, see EC2 Fleet example configurations in the Amazon EC2 User Guide.

' - CapacityReservationPreference: - type: string - enum: - - open - - none - CapacityReservationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/CapacityReservation' - - xml: - name: item - CapacityReservationSpecification: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/CapacityReservationTarget' - - description: Information about the target Capacity Reservation or Capacity Reservation group. - description: '

Describes an instance''s Capacity Reservation targeting option. You can specify only one parameter at a time. If you specify CapacityReservationPreference and CapacityReservationTarget, the request fails.

Use the CapacityReservationPreference parameter to configure the instance to run as an On-Demand Instance or to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). Use the CapacityReservationTarget parameter to explicitly target a specific Capacity Reservation or a Capacity Reservation group.

' - CapacityReservationTargetResponse: - type: object - properties: - capacityReservationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the targeted Capacity Reservation. - capacityReservationResourceGroupArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The ARN of the targeted Capacity Reservation group. - description: Describes a target Capacity Reservation or Capacity Reservation group. - CapacityReservationSpecificationResponse: - type: object - properties: - capacityReservationPreference: - allOf: - - $ref: '#/components/schemas/CapacityReservationPreference' - - description: '

Describes the instance''s Capacity Reservation preferences. Possible preferences include:

' - capacityReservationTarget: - allOf: - - $ref: '#/components/schemas/CapacityReservationTargetResponse' - - description: Information about the targeted Capacity Reservation or Capacity Reservation group. - description: 'Describes the instance''s Capacity Reservation targeting preferences. The action returns the capacityReservationPreference response element if the instance is configured to run in On-Demand capacity, or if it is configured in run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). The action returns the capacityReservationTarget response element if the instance explicily targets a specific Capacity Reservation or Capacity Reservation group.' - CarrierGatewayState: - type: string - enum: - - pending - - available - - deleting - - deleted - CarrierGateway: - type: object - properties: - carrierGatewayId: - allOf: - - $ref: '#/components/schemas/CarrierGatewayId' - - description: The ID of the carrier gateway. - vpcId: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC associated with the carrier gateway. - state: - allOf: - - $ref: '#/components/schemas/CarrierGatewayState' - - description: The state of the carrier gateway. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID of the owner of the carrier gateway. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the carrier gateway. - description: Describes a carrier gateway. - CarrierGatewayIdSet: - type: array - items: - $ref: '#/components/schemas/CarrierGatewayId' - CarrierGatewayMaxResults: - type: integer - minimum: 5 - maximum: 1000 - CarrierGatewaySet: - type: array - items: - allOf: - - $ref: '#/components/schemas/CarrierGateway' - - xml: - name: item - CertificateAuthentication: - type: object - properties: - clientRootCertificateChain: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ARN of the client certificate. ' - description: Information about the client certificate used for authentication. - CertificateAuthenticationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in Certificate Manager (ACM). - description: Information about the client certificate to be used for authentication. - CidrAuthorizationContext: - type: object - required: - - Message - - Signature - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The signed authorization message for the prefix and account. - description: 'Provides authorization for Amazon to bring a specific IP address range to a specific Amazon Web Services account using bring your own IP addresses (BYOIP). For more information, see Configuring your BYOIP address range in the Amazon Elastic Compute Cloud User Guide.' - CidrBlock: - type: object - properties: - cidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv4 CIDR block. - description: Describes an IPv4 CIDR block. - CidrBlockSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/CidrBlock' - - xml: - name: item - ClassicLinkDnsSupport: - type: object - properties: - classicLinkDnsSupported: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether ClassicLink DNS support is enabled for the VPC. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - description: Describes the ClassicLink DNS support status of a VPC. - ClassicLinkDnsSupportList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ClassicLinkDnsSupport' - - xml: - name: item - GroupIdentifierList: - type: array - items: - allOf: - - $ref: '#/components/schemas/GroupIdentifier' - - xml: - name: item - ClassicLinkInstance: - type: object - properties: - groupSet: - allOf: - - $ref: '#/components/schemas/GroupIdentifierList' - - description: A list of security groups. - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the instance. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - description: Describes a linked EC2-Classic instance. - ClassicLinkInstanceList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ClassicLinkInstance' - - xml: - name: item - ClassicLoadBalancer: - type: object - properties: - name: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the load balancer. - description: Describes a Classic Load Balancer. - ClassicLoadBalancers: - type: array - items: - allOf: - - $ref: '#/components/schemas/ClassicLoadBalancer' - - xml: - name: item - minItems: 1 - maxItems: 5 - ClassicLoadBalancersConfig: - type: object - properties: - classicLoadBalancers: - allOf: - - $ref: '#/components/schemas/ClassicLoadBalancers' - - description: One or more Classic Load Balancers. - description: Describes the Classic Load Balancers to attach to a Spot Fleet. Spot Fleet registers the running Spot Instances with these Classic Load Balancers. - ClientCertificateRevocationListStatusCode: - type: string - enum: - - pending - - active - ClientCertificateRevocationListStatus: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/ClientCertificateRevocationListStatusCode' - - description: The state of the client certificate revocation list. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A message about the status of the client certificate revocation list, if applicable.' - description: Describes the state of a client certificate revocation list. - ClientConnectOptions: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization. - description: The options for managing connection authorization for new client connections. - ClientVpnEndpointAttributeStatus: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/ClientVpnEndpointAttributeStatusCode' - - description: The status code. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: The status message. - description: Describes the status of the Client VPN endpoint attribute. - ClientConnectResponseOptions: - type: object - properties: - enabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether client connect options are enabled. - lambdaFunctionArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization. - status: - allOf: - - $ref: '#/components/schemas/ClientVpnEndpointAttributeStatus' - - description: The status of any updates to the client connect options. - description: The options for managing connection authorization for new client connections. - ClientData: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time that the disk upload starts. - description: Describes the client-specific data. - ClientLoginBannerOptions: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: Customizable text that will be displayed in a banner on Amazon Web Services provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. - description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. - ClientLoginBannerResponseOptions: - type: object - properties: - enabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Current state of text banner feature.

Valid values: true | false

' - bannerText: - allOf: - - $ref: '#/components/schemas/String' - - description: Customizable text that will be displayed in a banner on Amazon Web Services provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. - description: Current state of options for customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. - ClientVpnAssociationId: - type: string - ClientVpnAuthenticationType: - type: string - enum: - - certificate-authentication - - directory-service-authentication - - federated-authentication - DirectoryServiceAuthentication: - type: object - properties: - directoryId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Active Directory used for authentication. - description: Describes an Active Directory. - FederatedAuthentication: - type: object - properties: - samlProviderArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the IAM SAML identity provider. - selfServiceSamlProviderArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal. - description: Describes the IAM SAML identity providers used for federated authentication. - ClientVpnAuthentication: - type: object - properties: - type: - allOf: - - $ref: '#/components/schemas/ClientVpnAuthenticationType' - - description: The authentication type used. - activeDirectory: - allOf: - - $ref: '#/components/schemas/DirectoryServiceAuthentication' - - description: 'Information about the Active Directory, if applicable.' - mutualAuthentication: - allOf: - - $ref: '#/components/schemas/CertificateAuthentication' - - description: 'Information about the authentication certificates, if applicable.' - federatedAuthentication: - allOf: - - $ref: '#/components/schemas/FederatedAuthentication' - - description: 'Information about the IAM SAML identity provider, if applicable.' - description: 'Describes the authentication methods used by a Client VPN endpoint. For more information, see Authentication in the Client VPN Administrator Guide.' - ClientVpnAuthenticationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ClientVpnAuthentication' - - xml: - name: item - FederatedAuthenticationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal. - description: The IAM SAML identity provider used for federated authentication. - ClientVpnAuthenticationRequestList: - type: array - items: - $ref: '#/components/schemas/ClientVpnAuthenticationRequest' - ClientVpnAuthorizationRuleStatusCode: - type: string - enum: - - authorizing - - active - - failed - - revoking - ClientVpnConnectionStatus: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/ClientVpnConnectionStatusCode' - - description: The state of the client connection. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A message about the status of the client connection, if applicable.' - description: Describes the status of a client connection. - ValueStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - ClientVpnConnection: - type: object - properties: - clientVpnEndpointId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Client VPN endpoint to which the client is connected. - timestamp: - allOf: - - $ref: '#/components/schemas/String' - - description: The current date and time. - connectionId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the client connection. - username: - allOf: - - $ref: '#/components/schemas/String' - - description: The username of the client who established the client connection. This information is only provided if Active Directory client authentication is used. - connectionEstablishedTime: - allOf: - - $ref: '#/components/schemas/String' - - description: The date and time the client connection was established. - ingressBytes: - allOf: - - $ref: '#/components/schemas/String' - - description: The number of bytes sent by the client. - egressBytes: - allOf: - - $ref: '#/components/schemas/String' - - description: The number of bytes received by the client. - ingressPackets: - allOf: - - $ref: '#/components/schemas/String' - - description: The number of packets sent by the client. - egressPackets: - allOf: - - $ref: '#/components/schemas/String' - - description: The number of packets received by the client. - clientIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The IP address of the client. - commonName: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The common name associated with the client. This is either the name of the client certificate, or the Active Directory user name.' - status: - allOf: - - $ref: '#/components/schemas/ClientVpnConnectionStatus' - - description: The current state of the client connection. - connectionEndTime: - allOf: - - $ref: '#/components/schemas/String' - - description: The date and time the client connection was terminated. - postureComplianceStatusSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: 'The statuses returned by the client connect handler for posture compliance, if applicable.' - description: Describes a client connection. - ClientVpnConnectionSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ClientVpnConnection' - - xml: - name: item - ClientVpnConnectionStatusCode: - type: string - enum: - - active - - failed-to-terminate - - terminating - - terminated - ClientVpnEndpointStatus: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/ClientVpnEndpointStatusCode' - - description: '

The state of the Client VPN endpoint. Possible states include:

' - message: - allOf: - - $ref: '#/components/schemas/String' - - description: A message about the status of the Client VPN endpoint. - description: Describes the state of a Client VPN endpoint. - VpnProtocol: - type: string - enum: - - openvpn - TransportProtocol: - type: string - enum: - - tcp - - udp - ConnectionLogResponseOptions: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the Amazon CloudWatch Logs log stream to which connection logging data is published. - description: Information about the client connection logging options for a Client VPN endpoint. - ClientVpnEndpoint: - type: object - properties: - clientVpnEndpointId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Client VPN endpoint. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A brief description of the endpoint. - status: - allOf: - - $ref: '#/components/schemas/ClientVpnEndpointStatus' - - description: The current state of the Client VPN endpoint. - creationTime: - allOf: - - $ref: '#/components/schemas/String' - - description: The date and time the Client VPN endpoint was created. - deletionTime: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The date and time the Client VPN endpoint was deleted, if applicable.' - dnsName: - allOf: - - $ref: '#/components/schemas/String' - - description: The DNS name to be used by clients when connecting to the Client VPN endpoint. - clientCidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv4 address range, in CIDR notation, from which client IP addresses are assigned.' - dnsServer: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: 'Information about the DNS servers to be used for DNS resolution. ' - splitTunnel: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Indicates whether split-tunnel is enabled in the Client VPN endpoint.

For information about split-tunnel VPN endpoints, see Split-Tunnel Client VPN endpoint in the Client VPN Administrator Guide.

' - vpnProtocol: - allOf: - - $ref: '#/components/schemas/VpnProtocol' - - description: The protocol used by the VPN session. - transportProtocol: - allOf: - - $ref: '#/components/schemas/TransportProtocol' - - description: The transport protocol used by the Client VPN endpoint. - vpnPort: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The port number for the Client VPN endpoint. - associatedTargetNetwork: - allOf: - - $ref: '#/components/schemas/AssociatedTargetNetworkSet' - - deprecated: true - description: 'Information about the associated target networks. A target network is a subnet in a VPC.This property is deprecated. To view the target networks associated with a Client VPN endpoint, call DescribeClientVpnTargetNetworks and inspect the clientVpnTargetNetworks response element.' - serverCertificateArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The ARN of the server certificate. - authenticationOptions: - allOf: - - $ref: '#/components/schemas/ClientVpnAuthenticationList' - - description: Information about the authentication method used by the Client VPN endpoint. - connectionLogOptions: - allOf: - - $ref: '#/components/schemas/ConnectionLogResponseOptions' - - description: Information about the client connection logging options for the Client VPN endpoint. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the Client VPN endpoint. - securityGroupIdSet: - allOf: - - $ref: '#/components/schemas/ClientVpnSecurityGroupIdSet' - - description: The IDs of the security groups for the target network. - vpcId: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - selfServicePortalUrl: - allOf: - - $ref: '#/components/schemas/String' - - description: The URL of the self-service portal. - clientConnectOptions: - allOf: - - $ref: '#/components/schemas/ClientConnectResponseOptions' - - description: The options for managing connection authorization for new client connections. - sessionTimeoutHours: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The maximum VPN session duration time in hours.

Valid values: 8 | 10 | 12 | 24

Default value: 24

' - clientLoginBannerOptions: - allOf: - - $ref: '#/components/schemas/ClientLoginBannerResponseOptions' - - description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. - description: Describes a Client VPN endpoint. - ClientVpnEndpointAttributeStatusCode: - type: string - enum: - - applying - - applied - ClientVpnEndpointIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ClientVpnEndpointId' - - xml: - name: item - ClientVpnEndpointStatusCode: - type: string - enum: - - pending-associate - - available - - deleting - - deleted - ClientVpnRouteStatus: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/ClientVpnRouteStatusCode' - - description: The state of the Client VPN endpoint route. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A message about the status of the Client VPN endpoint route, if applicable.' - description: Describes the state of a Client VPN endpoint route. - ClientVpnRoute: - type: object - properties: - clientVpnEndpointId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Client VPN endpoint with which the route is associated. - destinationCidr: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv4 address range, in CIDR notation, of the route destination.' - targetSubnet: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the subnet through which traffic is routed. - type: - allOf: - - $ref: '#/components/schemas/String' - - description: The route type. - origin: - allOf: - - $ref: '#/components/schemas/String' - - description: Indicates how the route was associated with the Client VPN endpoint. associate indicates that the route was automatically added when the target network was associated with the Client VPN endpoint. add-route indicates that the route was manually added using the CreateClientVpnRoute action. - status: - allOf: - - $ref: '#/components/schemas/ClientVpnRouteStatus' - - description: The current state of the route. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A brief description of the route. - description: Information about a Client VPN endpoint route. - ClientVpnRouteSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ClientVpnRoute' - - xml: - name: item - ClientVpnRouteStatusCode: - type: string - enum: - - creating - - active - - failed - - deleting - CoipAddressUsage: - type: object - properties: - allocationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The allocation ID of the address. - awsAccountId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID. - awsService: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services service. - coIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The customer-owned IP address. - description: Describes address usage for a customer-owned address pool. - CoipAddressUsageSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/CoipAddressUsage' - - xml: - name: item - CoipPool: - type: object - properties: - poolId: - allOf: - - $ref: '#/components/schemas/Ipv4PoolCoipId' - - description: The ID of the address pool. - poolCidrSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The address ranges of the address pool. - localGatewayRouteTableId: - allOf: - - $ref: '#/components/schemas/LocalGatewayRoutetableId' - - description: The ID of the local gateway route table. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags. - poolArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The ARN of the address pool. - description: Describes a customer-owned address pool. - CoipPoolId: - type: string - CoipPoolIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv4PoolCoipId' - - xml: - name: item - CoipPoolMaxResults: - type: integer - minimum: 5 - maximum: 1000 - CoipPoolSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/CoipPool' - - xml: - name: item - ConfirmProductInstanceRequest: - type: object - required: - - InstanceId - - ProductCode - title: ConfirmProductInstanceRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The product code. This must be a product code that you own. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ConnectionLogOptions: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the CloudWatch Logs log stream to which the connection data is published. - description: Describes the client connection logging options for the Client VPN endpoint. - ConnectionNotificationType: - type: string - enum: - - Topic - ConnectionNotificationState: - type: string - enum: - - Enabled - - Disabled - ConnectionNotification: - type: object - properties: - connectionNotificationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the notification. - serviceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the endpoint service. - vpcEndpointId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC endpoint. - connectionNotificationType: - allOf: - - $ref: '#/components/schemas/ConnectionNotificationType' - - description: The type of notification. - connectionNotificationArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The ARN of the SNS topic for the notification. - connectionEvents: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: 'The events for the notification. Valid values are Accept, Connect, Delete, and Reject.' - connectionNotificationState: - allOf: - - $ref: '#/components/schemas/ConnectionNotificationState' - - description: The state of the notification. - description: Describes a connection notification for a VPC endpoint or VPC endpoint service. - ConnectionNotificationIdsList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ConnectionNotificationId' - - xml: - name: item - ConnectionNotificationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ConnectionNotification' - - xml: - name: item - ConnectivityType: - type: string - enum: - - private - - public - ConversionIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ConversionTaskId' - - xml: - name: item - ImportInstanceTaskDetails: - type: object - properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description of the task. - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - platform: - allOf: - - $ref: '#/components/schemas/PlatformValues' - - description: The instance operating system. - volumes: - allOf: - - $ref: '#/components/schemas/ImportInstanceVolumeDetailSet' - - description: The volumes. - description: Describes an import instance task. - ImportVolumeTaskDetails: - type: object - properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone where the resulting volume will reside. - bytesConverted: - allOf: - - $ref: '#/components/schemas/Long' - - description: The number of bytes converted so far. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description you provided when starting the import volume task. - image: - allOf: - - $ref: '#/components/schemas/DiskImageDescription' - - description: The image. - volume: - allOf: - - $ref: '#/components/schemas/DiskImageVolumeDescription' - - description: The volume. - description: Describes an import volume task. - ConversionTaskState: - type: string - enum: - - active - - cancelling - - cancelled - - completed - ConversionTask: - type: object - properties: - conversionTaskId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the conversion task. - expirationTime: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The time when the task expires. If the upload isn''t complete before the expiration time, we automatically cancel the task.' - importInstance: - allOf: - - $ref: '#/components/schemas/ImportInstanceTaskDetails' - - description: 'If the task is for importing an instance, this contains information about the import instance task.' - importVolume: - allOf: - - $ref: '#/components/schemas/ImportVolumeTaskDetails' - - description: 'If the task is for importing a volume, this contains information about the import volume task.' - state: - allOf: - - $ref: '#/components/schemas/ConversionTaskState' - - description: The state of the conversion task. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: The status message related to the conversion task. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the task. - description: Describes a conversion task. - CopyFpgaImageRequest: - type: object - required: - - SourceFpgaImageId - - SourceRegion - title: CopyFpgaImageRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.' - CopyImageRequest: - type: object - required: - - Name - - SourceImageId - - SourceRegion - title: CopyImageRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: A description for the new AMI in the destination Region. - encrypted: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Specifies whether the destination snapshots of the copied image should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default Key Management Service (KMS) KMS key using KmsKeyId. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.' - kmsKeyId: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The Amazon Resource Name (ARN) of the Outpost to which to copy the AMI. Only specify this parameter when copying an AMI from an Amazon Web Services Region to an Outpost. The AMI must be in the Region of the destination Outpost. You cannot copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

For more information, see Copying AMIs from an Amazon Web Services Region to an Outpost in the Amazon Elastic Compute Cloud User Guide.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for CopyImage. - KmsKeyId: - type: string - CopySnapshotRequest: - type: object - required: - - SourceRegion - - SourceSnapshotId - title: CopySnapshotRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The Amazon Resource Name (ARN) of the Outpost to which to copy the snapshot. Only specify this parameter when copying a snapshot from an Amazon Web Services Region to an Outpost. The snapshot must be in the Region for the destination Outpost. You cannot copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

For more information, see Copy snapshots from an Amazon Web Services Region to an Outpost in the Amazon Elastic Compute Cloud User Guide.

' - destinationRegion: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The destination Region to use in the PresignedUrl parameter of a snapshot copy operation. This parameter is only valid for specifying the destination Region in a PresignedUrl parameter, where it is required.

The snapshot copy is sent to the regional endpoint that you sent the HTTP request to (for example, ec2.us-east-1.amazonaws.com). With the CLI, this is specified using the --region parameter or the default Region in your Amazon Web Services configuration file.

' - encrypted: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, enable encryption using this parameter. Otherwise, omit this parameter. Encrypted snapshots are encrypted, even if you omit this parameter and encryption by default is not enabled. You cannot set this parameter to false. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.' - kmsKeyId: - allOf: - - $ref: '#/components/schemas/KmsKeyId' - - description: '

The identifier of the Key Management Service (KMS) KMS key to use for Amazon EBS encryption. If this parameter is not specified, your KMS key for Amazon EBS is used. If KmsKeyId is specified, the encrypted state must be true.

You can specify the KMS key using any of the following:

Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails.

' - presignedUrl: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the EBS snapshot to copy. - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to apply to the new snapshot. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - CopyTagsFromSource: - type: string - enum: - - volume - CoreCount: - type: integer - CoreCountList: - type: array - items: - allOf: - - $ref: '#/components/schemas/CoreCount' - - xml: - name: item - CoreNetworkArn: - type: string - CpuManufacturer: - type: string - enum: - - intel - - amd - - amazon-web-services - CpuManufacturerSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/CpuManufacturer' - - xml: - name: item - CpuOptions: - type: object - properties: - coreCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of CPU cores for the instance. - threadsPerCore: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of threads per CPU core. - description: The CPU options for the instance. - CpuOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The number of threads per CPU core. To disable multithreading for the instance, specify a value of 1. Otherwise, specify the default value of 2.' - description: The CPU options for the instance. Both the core count and threads per core must be specified in the request. - CreateCapacityReservationFleetRequest: - type: object - required: - - InstanceTypeSpecifications - - TotalTargetCapacity - title: CreateCapacityReservationFleetRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency.' - InstanceTypeSpecification: - allOf: - - $ref: '#/components/schemas/FleetInstanceMatchCriteria' - - description: '

Indicates the type of instance launches that the Capacity Reservation Fleet accepts. All Capacity Reservations in the Fleet inherit this instance matching criteria.

Currently, Capacity Reservation Fleets support open instance matching criteria only. This means that instances that have matching attributes (instance type, platform, and Availability Zone) run in the Capacity Reservations automatically. Instances do not need to explicitly target a Capacity Reservation Fleet to use its reserved capacity.

' - TagSpecification: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - CreateCapacityReservationRequest: - type: object - required: - - InstanceType - - InstancePlatform - - InstanceCount - title: CreateCapacityReservationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/PlacementGroupArn' - - description: 'The Amazon Resource Name (ARN) of the cluster placement group in which to create the Capacity Reservation. For more information, see Capacity Reservations for cluster placement groups in the Amazon EC2 User Guide.' - CreateCarrierGatewayRequest: - type: object - required: - - VpcId - title: CreateCarrierGatewayRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC to associate with the carrier gateway. - TagSpecification: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - CreateClientVpnEndpointRequest: - type: object - required: - - ClientCidrBlock - - ServerCertificateArn - - AuthenticationOptions - - ConnectionLogOptions - title: CreateClientVpnEndpointRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ARN of the server certificate. For more information, see the Certificate Manager User Guide.' - Authentication: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to apply to the Client VPN endpoint during creation. - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/ClientLoginBannerOptions' - - description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. - CreateClientVpnRouteRequest: - type: object - required: - - ClientVpnEndpointId - - DestinationCidrBlock - - TargetVpcSubnetId - title: CreateClientVpnRouteRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - GatewayType: - type: string - enum: - - ipsec.1 - CreateCustomerGatewayRequest: - type: object - required: - - BgpAsn - - Type - title: CreateCustomerGatewayRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

For devices that support BGP, the customer gateway''s BGP ASN.

Default: 65000

' - IpAddress: - allOf: - - $ref: '#/components/schemas/GatewayType' - - description: The type of VPN connection that this customer gateway supports (ipsec.1). - TagSpecification: - allOf: - - $ref: '#/components/schemas/String' - - description: '

A name for the customer gateway device.

Length Constraints: Up to 255 characters.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for CreateCustomerGateway. - CustomerGateway: - type: object - properties: - bgpAsn: - allOf: - - $ref: '#/components/schemas/String' - - description: The customer gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN). - customerGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the customer gateway. - ipAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The Internet-routable IP address of the customer gateway's outside interface. - certificateArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) for the customer gateway certificate. - state: - allOf: - - $ref: '#/components/schemas/String' - - description: The current state of the customer gateway (pending | available | deleting | deleted). - type: - allOf: - - $ref: '#/components/schemas/String' - - description: The type of VPN connection the customer gateway supports (ipsec.1). - deviceName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of customer gateway device. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the customer gateway. - description: Describes a customer gateway. - CreateDefaultSubnetRequest: - type: object - required: - - AvailabilityZone - title: CreateDefaultSubnetRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Indicates whether to create an IPv6 only subnet. If you already have a default subnet for this Availability Zone, you must delete it before you can create an IPv6 only subnet.' - Subnet: - type: object - properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone of the subnet. - availabilityZoneId: - allOf: - - $ref: '#/components/schemas/String' - - description: The AZ ID of the subnet. - availableIpAddressCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of unused private IPv4 addresses in the subnet. The IPv4 addresses for any stopped instances are considered unavailable. - cidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv4 CIDR block assigned to the subnet. - defaultForAz: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether this is the default subnet for the Availability Zone. - enableLniAtDeviceIndex: - allOf: - - $ref: '#/components/schemas/Integer' - - description: ' Indicates the device position for local network interfaces in this subnet. For example, 1 indicates local network interfaces in this subnet are the secondary network interface (eth1). ' - mapPublicIpOnLaunch: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether instances launched in this subnet receive a public IPv4 address. - mapCustomerOwnedIpOnLaunch: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether a network interface created in this subnet (including a network interface created by RunInstances) receives a customer-owned IPv4 address. - customerOwnedIpv4Pool: - allOf: - - $ref: '#/components/schemas/CoipPoolId' - - description: The customer-owned IPv4 address pool associated with the subnet. - state: - allOf: - - $ref: '#/components/schemas/SubnetState' - - description: The current state of the subnet. - subnetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the subnet. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC the subnet is in. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the subnet. - assignIpv6AddressOnCreation: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether a network interface created in this subnet (including a network interface created by RunInstances) receives an IPv6 address. - ipv6CidrBlockAssociationSet: - allOf: - - $ref: '#/components/schemas/SubnetIpv6CidrBlockAssociationSet' - - description: Information about the IPv6 CIDR blocks associated with the subnet. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the subnet. - subnetArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the subnet. - outpostArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Outpost. - enableDns64: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. - ipv6Native: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether this is an IPv6 only subnet. - privateDnsNameOptionsOnLaunch: - allOf: - - $ref: '#/components/schemas/PrivateDnsNameOptionsOnLaunch' - - description: The type of hostnames to assign to instances in the subnet at launch. An instance hostname is based on the IPv4 address or ID of the instance. - description: Describes a subnet. - CreateDefaultVpcRequest: - type: object - title: CreateDefaultVpcRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Vpc: - type: object - properties: - cidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The primary IPv4 CIDR block for the VPC. - dhcpOptionsId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the set of DHCP options you've associated with the VPC. - state: - allOf: - - $ref: '#/components/schemas/VpcState' - - description: The current state of the VPC. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the VPC. - instanceTenancy: - allOf: - - $ref: '#/components/schemas/Tenancy' - - description: The allowed tenancy of instances launched into the VPC. - ipv6CidrBlockAssociationSet: - allOf: - - $ref: '#/components/schemas/VpcIpv6CidrBlockAssociationSet' - - description: Information about the IPv6 CIDR blocks associated with the VPC. - cidrBlockAssociationSet: - allOf: - - $ref: '#/components/schemas/VpcCidrBlockAssociationSet' - - description: Information about the IPv4 CIDR blocks associated with the VPC. - isDefault: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the VPC is the default VPC. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the VPC. - description: Describes a VPC. - NewDhcpConfigurationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NewDhcpConfiguration' - - xml: - name: item - CreateDhcpOptionsRequest: - type: object - required: - - DhcpConfigurations - title: CreateDhcpOptionsRequest - properties: - dhcpConfiguration: - allOf: - - $ref: '#/components/schemas/NewDhcpConfigurationList' - - description: A DHCP configuration option. - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to assign to the DHCP option. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DhcpOptions: - type: object - properties: - dhcpConfigurationSet: - allOf: - - $ref: '#/components/schemas/DhcpConfigurationList' - - description: One or more DHCP options in the set. - dhcpOptionsId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the set of DHCP options. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the DHCP options set. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the DHCP options set. - description: Describes a set of DHCP options. - CreateEgressOnlyInternetGatewayRequest: - type: object - required: - - VpcId - title: CreateEgressOnlyInternetGatewayRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC for which to create the egress-only internet gateway. - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to assign to the egress-only internet gateway. - EgressOnlyInternetGateway: - type: object - properties: - attachmentSet: - allOf: - - $ref: '#/components/schemas/InternetGatewayAttachmentList' - - description: Information about the attachment of the egress-only internet gateway. - egressOnlyInternetGatewayId: - allOf: - - $ref: '#/components/schemas/EgressOnlyInternetGatewayId' - - description: The ID of the egress-only internet gateway. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the egress-only internet gateway. - description: Describes an egress-only internet gateway. - LaunchTemplateAndOverridesResponse: - type: object - properties: - launchTemplateSpecification: - allOf: - - $ref: '#/components/schemas/FleetLaunchTemplateSpecification' - - description: The launch template. - overrides: - allOf: - - $ref: '#/components/schemas/FleetLaunchTemplateOverrides' - - description: Any parameters that you specify override the same parameters in the launch template. - description: Describes a launch template and overrides. - InstanceLifecycle: - type: string - enum: - - spot - - on-demand - CreateFleetError: - type: object - properties: - launchTemplateAndOverrides: - allOf: - - $ref: '#/components/schemas/LaunchTemplateAndOverridesResponse' - - description: The launch templates and overrides that were used for launching the instances. The values that you specify in the Overrides replace the values in the launch template. - lifecycle: - allOf: - - $ref: '#/components/schemas/InstanceLifecycle' - - description: Indicates if the instance that could not be launched was a Spot Instance or On-Demand Instance. - errorCode: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The error code that indicates why the instance could not be launched. For more information about error codes, see Error codes.' - errorMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The error message that describes why the instance could not be launched. For more information about error messages, see Error codes.' - description: Describes the instances that could not be launched by the fleet. - CreateFleetErrorsSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/CreateFleetError' - - xml: - name: item - InstanceIdsSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceId' - - xml: - name: item - PlatformValues: - type: string - enum: - - Windows - CreateFleetInstance: - type: object - properties: - launchTemplateAndOverrides: - allOf: - - $ref: '#/components/schemas/LaunchTemplateAndOverridesResponse' - - description: The launch templates and overrides that were used for launching the instances. The values that you specify in the Overrides replace the values in the launch template. - lifecycle: - allOf: - - $ref: '#/components/schemas/InstanceLifecycle' - - description: Indicates if the instance that was launched is a Spot Instance or On-Demand Instance. - instanceIds: - allOf: - - $ref: '#/components/schemas/InstanceIdsSet' - - description: The IDs of the instances. - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: The instance type. - platform: - allOf: - - $ref: '#/components/schemas/PlatformValues' - - description: 'The value is Windows for Windows instances. Otherwise, the value is blank.' - description: Describes the instances that were launched by the fleet. - CreateFleetInstancesSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/CreateFleetInstance' - - xml: - name: item - CreateFleetRequest: - type: object - required: - - LaunchTemplateConfigs - - TargetCapacitySpecification - title: CreateFleetRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Indicates whether EC2 Fleet should replace unhealthy Spot Instances. Supported only for fleets of type maintain. For more information, see EC2 Fleet health checks in the Amazon EC2 User Guide.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/String' - - description: Reserved. - DestinationOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. The default is false. - description: Describes the destination options for a flow log. - CreateFlowLogsRequest: - type: object - required: - - ResourceIds - - ResourceType - - TrafficType - title: CreateFlowLogsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.

If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn or LogGroupName.

' - ResourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The fields to include in the flow log record, in the order in which they should appear. For a list of available fields, see Flow log records. If you omit this parameter, the flow log is created using the default format. If you specify this parameter, you must specify at least one field.

Specify the fields using the ${field-id} format, separated by spaces. For the CLI, surround this parameter value with single quotes on Linux or double quotes on Windows.

' - TagSpecification: - allOf: - - $ref: '#/components/schemas/DestinationOptionsRequest' - - description: The destination options. - CreateFpgaImageRequest: - type: object - required: - - InputStorageLocation - title: CreateFpgaImageRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to apply to the FPGA image during creation. - CreateImageRequest: - type: object - required: - - InstanceId - - Name - title: CreateImageRequest - properties: - blockDeviceMapping: - allOf: - - $ref: '#/components/schemas/BlockDeviceMappingRequestList' - - description: 'The block device mappings. This parameter cannot be used to modify the encryption status of existing volumes or snapshots. To create an AMI with encrypted snapshots, use the CopyImage action.' - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description for the new image. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - instanceId: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: The ID of the instance. - name: - allOf: - - $ref: '#/components/schemas/String' - - description: '

A name for the new image.

Constraints: 3-128 alphanumeric characters, parentheses (()), square brackets ([]), spaces ( ), periods (.), slashes (/), dashes (-), single quotes (''), at-signs (@), or underscores(_)

' - noReboot: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

By default, when Amazon EC2 creates the new AMI, it reboots the instance so that it can take snapshots of the attached volumes while data is at rest, in order to ensure a consistent state. You can set the NoReboot parameter to true in the API request, or use the --no-reboot option in the CLI to prevent Amazon EC2 from shutting down and rebooting the instance.

If you choose to bypass the shutdown and reboot process by setting the NoReboot parameter to true in the API request, or by using the --no-reboot option in the CLI, we can''t guarantee the file system integrity of the created image.

Default: false (follow standard reboot process)

' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: '

The tags to apply to the AMI and snapshots on creation. You can tag the AMI, the snapshots, or both.

If you specify other values for ResourceType, the request fails.

To tag an AMI or snapshot after it has been created, see CreateTags.

' - InstanceEventWindowCronExpression: - type: string - CreateInstanceEventWindowRequest: - type: object - title: CreateInstanceEventWindowRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the event window. - TimeRange: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowCronExpression' - - description: '

The cron expression for the event window, for example, * 0-4,20-23 * * 1,5. If you specify a cron expression, you can''t specify a time range.

Constraints:

For more information about cron expressions, see cron on the Wikipedia website.

' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to apply to the event window. - ExportToS3TaskSpecification: - type: object - properties: - containerFormat: - allOf: - - $ref: '#/components/schemas/ContainerFormat' - - description: 'The container format used to combine disk images with metadata (such as OVF). If absent, only the disk image is exported.' - diskImageFormat: - allOf: - - $ref: '#/components/schemas/DiskImageFormat' - - description: The format for the exported image. - s3Bucket: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon S3 bucket for the destination image. The destination bucket must exist and grant WRITE and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com. - s3Prefix: - allOf: - - $ref: '#/components/schemas/String' - - description: The image is written to a single object in the Amazon S3 bucket at the S3 key s3prefix + exportTaskId + '.' + diskImageFormat. - description: Describes an export instance task. - ExportEnvironment: - type: string - enum: - - citrix - - vmware - - microsoft - CreateInstanceExportTaskRequest: - type: object - required: - - ExportToS3Task - - InstanceId - - TargetEnvironment - title: CreateInstanceExportTaskRequest - properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description for the conversion task or the resource being exported. The maximum length is 255 characters. - exportToS3: - allOf: - - $ref: '#/components/schemas/ExportToS3TaskSpecification' - - description: The format and location for an export instance task. - instanceId: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: The ID of the instance. - targetEnvironment: - allOf: - - $ref: '#/components/schemas/ExportEnvironment' - - description: The target virtualization environment. - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to apply to the export instance task during creation. - ExportTask: - type: object - properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description of the resource being exported. - exportTaskId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the export task. - exportToS3: - allOf: - - $ref: '#/components/schemas/ExportToS3Task' - - description: Information about the export task. - instanceExport: - allOf: - - $ref: '#/components/schemas/InstanceExportDetails' - - description: Information about the instance to export. - state: - allOf: - - $ref: '#/components/schemas/ExportTaskState' - - description: The state of the export task. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: The status message related to the export task. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the export task. - description: Describes an export instance task. - CreateInternetGatewayRequest: - type: object - title: CreateInternetGatewayRequest - properties: - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to assign to the internet gateway. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - InternetGateway: - type: object - properties: - attachmentSet: - allOf: - - $ref: '#/components/schemas/InternetGatewayAttachmentList' - - description: Any VPCs attached to the internet gateway. - internetGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the internet gateway. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the internet gateway. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the internet gateway. - description: Describes an internet gateway. - IpamNetmaskLength: - type: integer - minimum: 0 - maximum: 128 - RequestIpamResourceTagList: - type: array - items: - allOf: - - $ref: '#/components/schemas/RequestIpamResourceTag' - - xml: - name: item - IpamPoolAwsService: - type: string - enum: - - ec2 - CreateIpamPoolRequest: - type: object - required: - - IpamScopeId - - AddressFamily - title: CreateIpamPoolRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/IpamNetmaskLength' - - description: 'The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.' - AllocationResourceTag: - allOf: - - $ref: '#/components/schemas/RequestIpamResourceTagList' - - description: 'Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/IpamPoolAwsService' - - description: 'Limits which service in Amazon Web Services that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs.' - IpamPool: - type: object - properties: - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID of the owner of the IPAM pool. - ipamPoolId: - allOf: - - $ref: '#/components/schemas/IpamPoolId' - - description: The ID of the IPAM pool. - sourceIpamPoolId: - allOf: - - $ref: '#/components/schemas/IpamPoolId' - - description: The ID of the source IPAM pool. You can use this option to create an IPAM pool within an existing source pool. - ipamPoolArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The ARN of the IPAM pool. - ipamScopeArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The ARN of the scope of the IPAM pool. - ipamScopeType: - allOf: - - $ref: '#/components/schemas/IpamScopeType' - - description: 'In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.' - ipamArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The ARN of the IPAM. - ipamRegion: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services Region of the IPAM pool. - locale: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The locale of the IPAM pool. In IPAM, the locale is the Amazon Web Services Region where you want to make an IPAM pool available for allocations. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you choose an Amazon Web Services Region for locale that has not been configured as an operating Region for the IPAM, you''ll get an error.' - poolDepth: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The depth of pools in your IPAM pool. The pool depth quota is 10. For more information, see Quotas in IPAM in the Amazon VPC IPAM User Guide. ' - state: - allOf: - - $ref: '#/components/schemas/IpamPoolState' - - description: The state of the IPAM pool. - stateMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: A message related to the failed creation of an IPAM pool. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the IPAM pool. - autoImport: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool''s allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.

A locale must be set on the pool for this feature to work.

' - publiclyAdvertisable: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Determines if a pool is publicly advertisable. This option is not available for pools with AddressFamily set to ipv4. - addressFamily: - allOf: - - $ref: '#/components/schemas/AddressFamily' - - description: The address family of the pool. - allocationMinNetmaskLength: - allOf: - - $ref: '#/components/schemas/IpamNetmaskLength' - - description: The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. The minimum netmask length must be less than the maximum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128. - allocationMaxNetmaskLength: - allOf: - - $ref: '#/components/schemas/IpamNetmaskLength' - - description: The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. The maximum netmask length must be greater than the minimum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128. - allocationDefaultNetmaskLength: - allOf: - - $ref: '#/components/schemas/IpamNetmaskLength' - - description: 'The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.' - allocationResourceTagSet: - allOf: - - $ref: '#/components/schemas/IpamResourceTagList' - - description: 'Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.' - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' - awsService: - allOf: - - $ref: '#/components/schemas/IpamPoolAwsService' - - description: 'Limits which service in Amazon Web Services that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs.' - description: 'In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.' - CreateIpamRequest: - type: object - title: CreateIpamRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: A description for the IPAM. - OperatingRegion: - allOf: - - $ref: '#/components/schemas/AddIpamOperatingRegionSet' - - description: '

The operating Regions for the IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

' - TagSpecification: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' - Ipam: - type: object - properties: - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID of the owner of the IPAM. - ipamId: - allOf: - - $ref: '#/components/schemas/IpamId' - - description: The ID of the IPAM. - ipamArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The ARN of the IPAM. - ipamRegion: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services Region of the IPAM. - publicDefaultScopeId: - allOf: - - $ref: '#/components/schemas/IpamScopeId' - - description: The ID of the IPAM's default public scope. - privateDefaultScopeId: - allOf: - - $ref: '#/components/schemas/IpamScopeId' - - description: The ID of the IPAM's default private scope. - scopeCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The number of scopes in the IPAM. The scope quota is 5. For more information on quotas, see Quotas in IPAM in the Amazon VPC IPAM User Guide. ' - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description for the IPAM. - operatingRegionSet: - allOf: - - $ref: '#/components/schemas/IpamOperatingRegionSet' - - description: '

The operating Regions for an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

' - state: - allOf: - - $ref: '#/components/schemas/IpamState' - - description: The state of the IPAM. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' - description: 'IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization. For more information, see What is IPAM? in the Amazon VPC IPAM User Guide.' - CreateIpamScopeRequest: - type: object - required: - - IpamId - title: CreateIpamScopeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: A description for the scope you're creating. - TagSpecification: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' - IpamScope: - type: object - properties: - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID of the owner of the scope. - ipamScopeId: - allOf: - - $ref: '#/components/schemas/IpamScopeId' - - description: The ID of the scope. - ipamScopeArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The ARN of the scope. - ipamArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The ARN of the IPAM. - ipamRegion: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services Region of the IPAM scope. - ipamScopeType: - allOf: - - $ref: '#/components/schemas/IpamScopeType' - - description: The type of the scope. - isDefault: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Defines if the scope is the default scope or not. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the scope. - poolCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of pools in the scope. - state: - allOf: - - $ref: '#/components/schemas/IpamScopeState' - - description: The state of the IPAM scope. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' - description: '

In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.

For more information, see How IPAM works in the Amazon VPC IPAM User Guide.

' - KeyType: - type: string - enum: - - rsa - - ed25519 - KeyFormat: - type: string - enum: - - pem - - ppk - CreateKeyPairRequest: - type: object - required: - - KeyName - title: CreateKeyPairRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

A unique name for the key pair.

Constraints: Up to 255 ASCII characters

' - dryRun: - allOf: - - $ref: '#/components/schemas/KeyType' - - description: '

The type of key pair. Note that ED25519 keys are not supported for Windows instances.

Default: rsa

' - TagSpecification: - allOf: - - $ref: '#/components/schemas/KeyFormat' - - description: '

The format of the key pair.

Default: pem

' - RequestLaunchTemplateData: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LaunchTemplateIamInstanceProfileSpecificationRequest' - - description: The name or Amazon Resource Name (ARN) of an IAM instance profile. - BlockDeviceMapping: - allOf: - - $ref: '#/components/schemas/LaunchTemplateBlockDeviceMappingRequestList' - - description: The block device mapping. - NetworkInterface: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see Running Commands on Your Linux Instance at Launch (Linux) or Adding User Data (Windows).

If you are creating the launch template for use with Batch, the user data must be provided in the MIME multi-part archive format. For more information, see Amazon EC2 user data in launch templates in the Batch User Guide.

' - TagSpecification: - allOf: - - $ref: '#/components/schemas/LaunchTemplateTagSpecificationRequestList' - - description: 'The tags to apply to the resources during launch. You can only tag instances and volumes on launch. The specified tags are applied to all instances or volumes that are created during launch. To tag a resource after it has been created, see CreateTags.' - ElasticGpuSpecification: - allOf: - - $ref: '#/components/schemas/ElasticGpuSpecificationList' - - description: An elastic GPU to associate with the instance. - ElasticInferenceAccelerator: - allOf: - - $ref: '#/components/schemas/LaunchTemplateElasticInferenceAcceleratorList' - - description: ' The elastic inference accelerator for the instance. ' - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/SecurityGroupIdStringList' - - description: 'One or more security group IDs. You can create a security group using CreateSecurityGroup. You cannot specify both a security group ID and security name in the same request.' - SecurityGroup: - allOf: - - $ref: '#/components/schemas/LaunchTemplateCapacityReservationSpecificationRequest' - - description: 'The Capacity Reservation targeting option. If you do not specify this parameter, the instance''s Capacity Reservation preference defaults to open, which enables it to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).' - LicenseSpecification: - allOf: - - $ref: '#/components/schemas/LaunchTemplateInstanceMaintenanceOptionsRequest' - - description: The maintenance options for the instance. - description:

The information to include in the launch template.

You must specify at least one parameter for the launch template data.

 - CreateLaunchTemplateRequest: - type: object - required: - - LaunchTemplateName - - LaunchTemplateData - title: CreateLaunchTemplateRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/RequestLaunchTemplateData' - - description: The information for the launch template. - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to apply to the launch template during creation. - LaunchTemplate: - type: object - properties: - launchTemplateId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the launch template. - launchTemplateName: - allOf: - - $ref: '#/components/schemas/LaunchTemplateName' - - description: The name of the launch template. - createTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time launch template was created. - createdBy: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The principal that created the launch template. ' - defaultVersionNumber: - allOf: - - $ref: '#/components/schemas/Long' - - description: The version number of the default version of the launch template. - latestVersionNumber: - allOf: - - $ref: '#/components/schemas/Long' - - description: The version number of the latest version of the launch template. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the launch template. - description: Describes a launch template. - ValidationWarning: - type: object - properties: - errorSet: - allOf: - - $ref: '#/components/schemas/ErrorSet' - - description: The error codes and error messages. - description: The error codes and error messages that are returned for the parameters or parameter combinations that are not valid when a new launch template or new version of a launch template is created. - CreateLaunchTemplateVersionRequest: - type: object - required: - - LaunchTemplateData - title: CreateLaunchTemplateVersionRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/RequestLaunchTemplateData' - - description: The information for the launch template. - LaunchTemplateVersion: - type: object - properties: - launchTemplateId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the launch template. - launchTemplateName: - allOf: - - $ref: '#/components/schemas/LaunchTemplateName' - - description: The name of the launch template. - versionNumber: - allOf: - - $ref: '#/components/schemas/Long' - - description: The version number. - versionDescription: - allOf: - - $ref: '#/components/schemas/VersionDescription' - - description: The description for the version. - createTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time the version was created. - createdBy: - allOf: - - $ref: '#/components/schemas/String' - - description: The principal that created the version. - defaultVersion: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the version is the default version. - launchTemplateData: - allOf: - - $ref: '#/components/schemas/ResponseLaunchTemplateData' - - description: Information about the launch template. - description: Describes a launch template version. - CreateLocalGatewayRouteRequest: - type: object - required: - - DestinationCidrBlock - - LocalGatewayRouteTableId - - LocalGatewayVirtualInterfaceGroupId - title: CreateLocalGatewayRouteRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - LocalGatewayRoute: - type: object - properties: - destinationCidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The CIDR block used for destination matches. - localGatewayVirtualInterfaceGroupId: - allOf: - - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroupId' - - description: The ID of the virtual interface group. - type: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteType' - - description: The route type. - state: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteState' - - description: The state of the route. - localGatewayRouteTableId: - allOf: - - $ref: '#/components/schemas/LocalGatewayRoutetableId' - - description: The ID of the local gateway route table. - localGatewayRouteTableArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The Amazon Resource Name (ARN) of the local gateway route table. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the local gateway route. - description: Describes a route for a local gateway route table. - CreateLocalGatewayRouteTableVpcAssociationRequest: - type: object - required: - - LocalGatewayRouteTableId - - VpcId - title: CreateLocalGatewayRouteTableVpcAssociationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - TagSpecification: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - LocalGatewayRouteTableVpcAssociation: - type: object - properties: - localGatewayRouteTableVpcAssociationId: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociationId' - - description: The ID of the association. - localGatewayRouteTableId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the local gateway route table. - localGatewayRouteTableArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The Amazon Resource Name (ARN) of the local gateway route table for the association. - localGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the local gateway. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the local gateway route table for the association. - state: - allOf: - - $ref: '#/components/schemas/String' - - description: The state of the association. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the association. - description: Describes an association between a local gateway route table and a VPC. - CreateManagedPrefixListRequest: - type: object - required: - - PrefixListName - - MaxEntries - - AddressFamily - title: CreateManagedPrefixListRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

A name for the prefix list.

Constraints: Up to 255 characters in length. The name cannot start with com.amazonaws.

' - Entry: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The maximum number of entries for the prefix list. - TagSpecification: - allOf: - - $ref: '#/components/schemas/String' - - description: '

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

Constraints: Up to 255 UTF-8 characters in length.

' - ManagedPrefixList: - type: object - properties: - prefixListId: - allOf: - - $ref: '#/components/schemas/PrefixListResourceId' - - description: The ID of the prefix list. - addressFamily: - allOf: - - $ref: '#/components/schemas/String' - - description: The IP address version. - state: - allOf: - - $ref: '#/components/schemas/PrefixListState' - - description: The current state of the prefix list. - stateMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: The state message. - prefixListArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The Amazon Resource Name (ARN) for the prefix list. - prefixListName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the prefix list. - maxEntries: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The maximum number of entries for the prefix list. - version: - allOf: - - $ref: '#/components/schemas/Long' - - description: The version of the prefix list. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the prefix list. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the owner of the prefix list. - description: Describes a managed prefix list. - CreateNatGatewayRequest: - type: object - required: - - SubnetId - title: CreateNatGatewayRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/SubnetId' - - description: The subnet in which to create the NAT gateway. - TagSpecification: - allOf: - - $ref: '#/components/schemas/ConnectivityType' - - description: Indicates whether the NAT gateway supports public or private connectivity. The default is public connectivity. - NatGateway: - type: object - properties: - createTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The date and time the NAT gateway was created. - deleteTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The date and time the NAT gateway was deleted, if applicable.' - failureCode: - allOf: - - $ref: '#/components/schemas/String' - - description: 'If the NAT gateway could not be created, specifies the error code for the failure. (InsufficientFreeAddressesInSubnet | Gateway.NotAttached | InvalidAllocationID.NotFound | Resource.AlreadyAssociated | InternalError | InvalidSubnetID.NotFound)' - failureMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: '

If the NAT gateway could not be created, specifies the error message for the failure, that corresponds to the error code.

' - natGatewayAddressSet: - allOf: - - $ref: '#/components/schemas/NatGatewayAddressList' - - description: Information about the IP addresses and network interface associated with the NAT gateway. - natGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the NAT gateway. - provisionedBandwidth: - allOf: - - $ref: '#/components/schemas/ProvisionedBandwidth' - - description: 'Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.' - state: - allOf: - - $ref: '#/components/schemas/NatGatewayState' - - description: '

The state of the NAT gateway.

' - subnetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the subnet in which the NAT gateway is located. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC in which the NAT gateway is located. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the NAT gateway. - connectivityType: - allOf: - - $ref: '#/components/schemas/ConnectivityType' - - description: Indicates whether the NAT gateway supports public or private connectivity. - description: Describes a NAT gateway. - IcmpTypeCode: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The ICMP code. A value of -1 means all codes for the specified ICMP type. - type: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The ICMP type. A value of -1 means all types. - description: Describes the ICMP type and code. - RuleAction: - type: string - enum: - - allow - - deny - CreateNetworkAclEntryRequest: - type: object - required: - - Egress - - NetworkAclId - - Protocol - - RuleAction - - RuleNumber - title: CreateNetworkAclEntryRequest - properties: - cidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv4 network range to allow or deny, in CIDR notation (for example 172.16.0.0/24). We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - egress: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). - Icmp: - allOf: - - $ref: '#/components/schemas/IcmpTypeCode' - - description: 'ICMP protocol: The ICMP or ICMPv6 type and code. Required if specifying protocol 1 (ICMP) or protocol 58 (ICMPv6) with an IPv6 CIDR block.' - ipv6CidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv6 network range to allow or deny, in CIDR notation (for example 2001:db8:1234:1a00::/64).' - networkAclId: - allOf: - - $ref: '#/components/schemas/NetworkAclId' - - description: The ID of the network ACL. - portRange: - allOf: - - $ref: '#/components/schemas/PortRange' - - description: 'TCP or UDP protocols: The range of ports the rule applies to. Required if specifying protocol 6 (TCP) or 17 (UDP).' - protocol: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The protocol number. A value of "-1" means all protocols. If you specify "-1" or a protocol number other than "6" (TCP), "17" (UDP), or "1" (ICMP), traffic on all ports is allowed, regardless of any ports or ICMP types or codes that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv4 CIDR block, traffic for all ICMP types and codes allowed, regardless of any that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv6 CIDR block, you must specify an ICMP type and code.' - ruleAction: - allOf: - - $ref: '#/components/schemas/RuleAction' - - description: Indicates whether to allow or deny the traffic that matches the rule. - ruleNumber: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.

Constraints: Positive integer from 1 to 32766. The range 32767 to 65535 is reserved for internal use.

' - CreateNetworkAclRequest: - type: object - required: - - VpcId - title: CreateNetworkAclRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - vpcId: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to assign to the network ACL. - NetworkAcl: - type: object - properties: - associationSet: - allOf: - - $ref: '#/components/schemas/NetworkAclAssociationList' - - description: Any associations between the network ACL and one or more subnets - entrySet: - allOf: - - $ref: '#/components/schemas/NetworkAclEntryList' - - description: One or more entries (rules) in the network ACL. - default: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether this is the default network ACL for the VPC. - networkAclId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network ACL. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the network ACL. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC for the network ACL. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the network ACL. - description: Describes a network ACL. - CreateNetworkInsightsAccessScopeRequest: - type: object - required: - - ClientToken - title: CreateNetworkInsightsAccessScopeRequest - properties: - MatchPath: - allOf: - - $ref: '#/components/schemas/AccessScopePathListRequest' - - description: The paths to match. - ExcludePath: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - NetworkInsightsAccessScope: - type: object - properties: - networkInsightsAccessScopeId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' - - description: The ID of the Network Access Scope. - networkInsightsAccessScopeArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The Amazon Resource Name (ARN) of the Network Access Scope. - createdDate: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The creation date. - updatedDate: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The last updated date. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags. - description: Describes a Network Access Scope. - NetworkInsightsAccessScopeContent: - type: object - properties: - networkInsightsAccessScopeId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' - - description: The ID of the Network Access Scope. - matchPathSet: - allOf: - - $ref: '#/components/schemas/AccessScopePathList' - - description: The paths to match. - excludePathSet: - allOf: - - $ref: '#/components/schemas/AccessScopePathList' - - description: The paths to exclude. - description: Describes the Network Access Scope content. - CreateNetworkInsightsPathRequest: - type: object - required: - - Source - - Destination - - Protocol - - ClientToken - title: CreateNetworkInsightsPathRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Port' - - description: The destination port. - TagSpecification: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - NetworkInsightsPath: - type: object - properties: - networkInsightsPathId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsPathId' - - description: The ID of the path. - networkInsightsPathArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The Amazon Resource Name (ARN) of the path. - createdDate: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time stamp when the path was created. - source: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services resource that is the source of the path. - destination: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services resource that is the destination of the path. - sourceIp: - allOf: - - $ref: '#/components/schemas/IpAddress' - - description: The IP address of the Amazon Web Services resource that is the source of the path. - destinationIp: - allOf: - - $ref: '#/components/schemas/IpAddress' - - description: The IP address of the Amazon Web Services resource that is the destination of the path. - protocol: - allOf: - - $ref: '#/components/schemas/Protocol' - - description: The protocol. - destinationPort: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The destination port. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags associated with the path. - description: Describes a path. - CreateNetworkInterfacePermissionRequest: - type: object - required: - - NetworkInterfaceId - - Permission - title: CreateNetworkInterfacePermissionRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for CreateNetworkInterfacePermission. - NetworkInterfacePermission: - type: object - properties: - networkInterfacePermissionId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network interface permission. - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network interface. - awsAccountId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID. - awsService: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Service. - permission: - allOf: - - $ref: '#/components/schemas/InterfacePermissionType' - - description: The type of permission. - permissionState: - allOf: - - $ref: '#/components/schemas/NetworkInterfacePermissionState' - - description: Information about the state of the permission. - description: Describes a permission for a network interface. - InstanceIpv6AddressList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceIpv6Address' - - xml: - name: item - PrivateIpAddressSpecificationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/PrivateIpAddressSpecification' - - xml: - name: item - NetworkInterfaceCreationType: - type: string - enum: - - efa - - branch - - trunk - CreateNetworkInterfaceRequest: - type: object - required: - - SubnetId - title: CreateNetworkInterfaceRequest - properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description for the network interface. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/SecurityGroupIdStringList' - - description: The IDs of one or more security groups. - ipv6AddressCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. You can''t use this option if specifying specific IPv6 addresses. If your subnet has the AssignIpv6AddressOnCreation attribute set to true, you can specify 0 to override this setting.' - ipv6Addresses: - allOf: - - $ref: '#/components/schemas/InstanceIpv6AddressList' - - description: One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. You can't use this option if you're specifying a number of IPv6 addresses. - privateIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The primary private IPv4 address of the network interface. If you don''t specify an IPv4 address, Amazon EC2 selects one for you from the subnet''s IPv4 CIDR range. If you specify an IP address, you cannot indicate any IP addresses specified in privateIpAddresses as primary (only one IP address can be designated as primary).' - privateIpAddresses: - allOf: - - $ref: '#/components/schemas/PrivateIpAddressSpecificationList' - - description: One or more private IPv4 addresses. - secondaryPrivateIpAddressCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The number of secondary private IPv4 addresses to assign to a network interface. When you specify a number of secondary IPv4 addresses, Amazon EC2 selects these IP addresses within the subnet''s IPv4 CIDR range. You can''t specify this option and specify more than one private IP address using privateIpAddresses.

The number of IP addresses you can assign to a network interface varies by instance type. For more information, see IP Addresses Per ENI Per Instance Type in the Amazon Virtual Private Cloud User Guide.

' - Ipv4Prefix: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option. - Ipv6Prefix: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceCreationType' - - description:

The type of network interface. The default is interface.

The only supported values are efa and trunk.

- subnetId: - allOf: - - $ref: '#/components/schemas/SubnetId' - - description: The ID of the subnet to associate with the network interface. - TagSpecification: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' - description: Contains the parameters for CreateNetworkInterface. - NetworkInterface: - type: object - properties: - association: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceAssociation' - - description: The association information for an Elastic IP address (IPv4) associated with the network interface. - attachment: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceAttachment' - - description: The network interface attachment. - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description. - groupSet: - allOf: - - $ref: '#/components/schemas/GroupIdentifierList' - - description: Any security groups for the network interface. - interfaceType: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceType' - - description: The type of network interface. - ipv6AddressesSet: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceIpv6AddressesList' - - description: The IPv6 addresses associated with the network interface. - macAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The MAC address. - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network interface. - outpostArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Outpost. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID of the owner of the network interface. - privateDnsName: - allOf: - - $ref: '#/components/schemas/String' - - description: The private DNS name. - privateIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv4 address of the network interface within the subnet. - privateIpAddressesSet: - allOf: - - $ref: '#/components/schemas/NetworkInterfacePrivateIpAddressList' - - description: The private IPv4 addresses associated with the network interface. - ipv4PrefixSet: - allOf: - - $ref: '#/components/schemas/Ipv4PrefixesList' - - description: The IPv4 prefixes that are assigned to the network interface. - ipv6PrefixSet: - allOf: - - $ref: '#/components/schemas/Ipv6PrefixesList' - - description: The IPv6 prefixes that are assigned to the network interface. - requesterId: - allOf: - - $ref: '#/components/schemas/String' - - description: The alias or Amazon Web Services account ID of the principal or service that created the network interface. - requesterManaged: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the network interface is being managed by Amazon Web Services. - sourceDestCheck: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether source/destination checking is enabled. - status: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceStatus' - - description: The status of the network interface. - subnetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the subnet. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the network interface. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - denyAllIgwTraffic: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Indicates whether a network interface with an IPv6 address is unreachable from the public internet. If the value is true, inbound traffic from the internet is dropped and you cannot assign an elastic IP address to the network interface. The network interface is reachable from peered VPCs and resources connected through a transit gateway, including on-premises networks.' - ipv6Native: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether this is an IPv6 only network interface. - ipv6Address: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 globally unique address associated with the network interface. - description: Describes a network interface. - CreatePlacementGroupRequest: - type: object - title: CreatePlacementGroupRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - groupName: - allOf: - - $ref: '#/components/schemas/String' - - description: '

A name for the placement group. Must be unique within the scope of your account for the Region.

Constraints: Up to 255 ASCII characters

' - strategy: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of partitions. Valid only when Strategy is set to partition. - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to apply to the new placement group. - PlacementGroup: - type: object - properties: - groupName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the placement group. - state: - allOf: - - $ref: '#/components/schemas/PlacementGroupState' - - description: The state of the placement group. - strategy: - allOf: - - $ref: '#/components/schemas/PlacementStrategy' - - description: The placement strategy. - partitionCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of partitions. Valid only if strategy is set to partition. - groupId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the placement group. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags applied to the placement group. - groupArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the placement group. - description: Describes a placement group. - CreatePublicIpv4PoolRequest: - type: object - title: CreatePublicIpv4PoolRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' - CreateReplaceRootVolumeTaskRequest: - type: object - required: - - InstanceId - title: CreateReplaceRootVolumeTaskRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to apply to the root volume replacement task. - ReplaceRootVolumeTask: - type: object - properties: - replaceRootVolumeTaskId: - allOf: - - $ref: '#/components/schemas/ReplaceRootVolumeTaskId' - - description: The ID of the root volume replacement task. - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance for which the root volume replacement task was created. - taskState: - allOf: - - $ref: '#/components/schemas/ReplaceRootVolumeTaskState' - - description: '

The state of the task. The task can be in one of the following states:

' - startTime: - allOf: - - $ref: '#/components/schemas/String' - - description: The time the task was started. - completeTime: - allOf: - - $ref: '#/components/schemas/String' - - description: The time the task completed. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the task. - description: Information about a root volume replacement task. - PriceScheduleSpecificationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/PriceScheduleSpecification' - - xml: - name: item - CreateReservedInstancesListingRequest: - type: object - required: - - ClientToken - - InstanceCount - - PriceSchedules - - ReservedInstancesId - title: CreateReservedInstancesListingRequest - properties: - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier you provide to ensure idempotency of your listings. This helps avoid duplicate listings. For more information, see Ensuring Idempotency.' - instanceCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of instances that are a part of a Reserved Instance account to be listed in the Reserved Instance Marketplace. This number should be less than or equal to the instance count associated with the Reserved Instance ID specified in this call. - priceSchedules: - allOf: - - $ref: '#/components/schemas/PriceScheduleSpecificationList' - - description: A list specifying the price of the Standard Reserved Instance for each month remaining in the Reserved Instance term. - reservedInstancesId: - allOf: - - $ref: '#/components/schemas/ReservationId' - - description: The ID of the active Standard Reserved Instance. - description: Contains the parameters for CreateReservedInstancesListing. - CreateRestoreImageTaskRequest: - type: object - required: - - Bucket - - ObjectKey - title: CreateRestoreImageTaskRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The name for the restored AMI. The name must be unique for AMIs in the Region for this account. If you do not provide a name, the new AMI gets the same name as the original AMI.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - CreateRouteRequest: - type: object - required: - - RouteTableId - title: CreateRouteRequest - properties: - destinationCidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv4 CIDR address block used for the destination match. Routing decisions are based on the most specific match. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.' - destinationIpv6CidrBlock: - allOf: - - $ref: '#/components/schemas/PrefixListResourceId' - - description: The ID of a prefix list used for the destination match. - dryRun: - allOf: - - $ref: '#/components/schemas/VpcEndpointId' - - description: The ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only. - egressOnlyInternetGatewayId: - allOf: - - $ref: '#/components/schemas/EgressOnlyInternetGatewayId' - - description: '[IPv6 traffic only] The ID of an egress-only internet gateway.' - gatewayId: - allOf: - - $ref: '#/components/schemas/RouteGatewayId' - - description: The ID of an internet gateway or virtual private gateway attached to your VPC. - instanceId: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: The ID of a NAT instance in your VPC. The operation fails if you specify an instance ID unless exactly one network interface is attached. - natGatewayId: - allOf: - - $ref: '#/components/schemas/CarrierGatewayId' - - description:

The ID of the carrier gateway.

You can only use this option when the VPC contains a subnet which is associated with a Wavelength Zone.

- networkInterfaceId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - description: The ID of a network interface. - routeTableId: - allOf: - - $ref: '#/components/schemas/RouteTableId' - - description: The ID of the route table for the route. - vpcPeeringConnectionId: - allOf: - - $ref: '#/components/schemas/CoreNetworkArn' - - description: The Amazon Resource Name (ARN) of the core network. - CreateRouteTableRequest: - type: object - required: - - VpcId - title: CreateRouteTableRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - vpcId: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to assign to the route table. - RouteTable: - type: object - properties: - associationSet: - allOf: - - $ref: '#/components/schemas/RouteTableAssociationList' - - description: The associations between the route table and one or more subnets or a gateway. - propagatingVgwSet: - allOf: - - $ref: '#/components/schemas/PropagatingVgwList' - - description: Any virtual private gateway (VGW) propagating routes. - routeTableId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the route table. - routeSet: - allOf: - - $ref: '#/components/schemas/RouteList' - - description: The routes in the route table. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the route table. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the route table. - description: Describes a route table. - CreateSecurityGroupRequest: - type: object - required: - - Description - - GroupName - title: CreateSecurityGroupRequest - properties: - GroupDescription: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: '[EC2-VPC] The ID of the VPC. Required for EC2-VPC.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to assign to the security group. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - CreateSnapshotRequest: - type: object - required: - - VolumeId - title: CreateSnapshotRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VolumeId' - - description: The ID of the Amazon EBS volume. - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to apply to the snapshot during creation. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - CreateSnapshotsRequest: - type: object - required: - - InstanceSpecification - title: CreateSnapshotsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The Amazon Resource Name (ARN) of the Outpost on which to create the local snapshots.

For more information, see Create multi-volume local snapshots from instances on an Outpost in the Amazon Elastic Compute Cloud User Guide.

' - TagSpecification: - allOf: - - $ref: '#/components/schemas/CopyTagsFromSource' - - description: Copies the tags from the specified volume to corresponding snapshot. - SnapshotSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/SnapshotInfo' - - xml: - name: item - CreateSpotDatafeedSubscriptionRequest: - type: object - required: - - Bucket - title: CreateSpotDatafeedSubscriptionRequest - properties: - bucket: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The name of the Amazon S3 bucket in which to store the Spot Instance data feed. For more information about bucket names, see Rules for bucket naming in the Amazon S3 Developer Guide.' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - prefix: - allOf: - - $ref: '#/components/schemas/String' - - description: The prefix for the data feed file names. - description: Contains the parameters for CreateSpotDatafeedSubscription. - SpotDatafeedSubscription: - type: object - properties: - bucket: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the Amazon S3 bucket where the Spot Instance data feed is located. - fault: - allOf: - - $ref: '#/components/schemas/SpotInstanceStateFault' - - description: 'The fault codes for the Spot Instance request, if any.' - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID of the account. - prefix: - allOf: - - $ref: '#/components/schemas/String' - - description: The prefix for the data feed files. - state: - allOf: - - $ref: '#/components/schemas/DatafeedSubscriptionState' - - description: The state of the Spot Instance data feed subscription. - description: Describes the data feed for a Spot Instance. - CreateStoreImageTaskRequest: - type: object - required: - - ImageId - - Bucket - title: CreateStoreImageTaskRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The name of the Amazon S3 bucket in which the AMI object will be stored. The bucket must be in the Region in which the request is being made. The AMI object appears in the bucket only after the upload task has completed. ' - S3ObjectTag: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - CreateSubnetCidrReservationRequest: - type: object - required: - - SubnetId - - Cidr - - ReservationType - title: CreateSubnetCidrReservationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to assign to the subnet CIDR reservation. - SubnetCidrReservation: - type: object - properties: - subnetCidrReservationId: - allOf: - - $ref: '#/components/schemas/SubnetCidrReservationId' - - description: The ID of the subnet CIDR reservation. - subnetId: - allOf: - - $ref: '#/components/schemas/SubnetId' - - description: The ID of the subnet. - cidr: - allOf: - - $ref: '#/components/schemas/String' - - description: The CIDR that has been reserved. - reservationType: - allOf: - - $ref: '#/components/schemas/SubnetCidrReservationType' - - description: 'The type of reservation. ' - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ID of the account that owns the subnet CIDR reservation. ' - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description assigned to the subnet CIDR reservation. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the subnet CIDR reservation. - description: Describes a subnet CIDR reservation. - CreateSubnetRequest: - type: object - required: - - VpcId - title: CreateSubnetRequest - properties: - TagSpecification: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to create an IPv6 only subnet. - ResourceIdList: - type: array - items: - $ref: '#/components/schemas/TaggableResourceId' - CreateTagsRequest: - type: object - required: - - Resources - - Tags - title: CreateTagsRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ResourceId: - allOf: - - $ref: '#/components/schemas/ResourceIdList' - - description: '

The IDs of the resources, separated by spaces.

Constraints: Up to 1000 resource IDs. We recommend breaking up this request into smaller batches.

' - Tag: - allOf: - - $ref: '#/components/schemas/TagList' - - description: 'The tags. The value parameter is required, but if you don''t want the tag to have a value, specify the parameter with no value, and we set the value to an empty string.' - CreateTrafficMirrorFilterRequest: - type: object - title: CreateTrafficMirrorFilterRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the Traffic Mirror filter. - TagSpecification: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - TrafficMirrorFilter: - type: object - properties: - trafficMirrorFilterId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Traffic Mirror filter. - ingressFilterRuleSet: - allOf: - - $ref: '#/components/schemas/TrafficMirrorFilterRuleList' - - description: Information about the ingress rules that are associated with the Traffic Mirror filter. - egressFilterRuleSet: - allOf: - - $ref: '#/components/schemas/TrafficMirrorFilterRuleList' - - description: Information about the egress rules that are associated with the Traffic Mirror filter. - networkServiceSet: - allOf: - - $ref: '#/components/schemas/TrafficMirrorNetworkServiceList' - - description: The network service traffic that is associated with the Traffic Mirror filter. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the Traffic Mirror filter. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the Traffic Mirror filter. - description: Describes the Traffic Mirror filter. - CreateTrafficMirrorFilterRuleRequest: - type: object - required: - - TrafficMirrorFilterId - - TrafficDirection - - RuleNumber - - RuleAction - - DestinationCidrBlock - - SourceCidrBlock - title: CreateTrafficMirrorFilterRuleRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - TrafficMirrorFilterRule: - type: object - properties: - trafficMirrorFilterRuleId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Traffic Mirror rule. - trafficMirrorFilterId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Traffic Mirror filter that the rule is associated with. - trafficDirection: - allOf: - - $ref: '#/components/schemas/TrafficDirection' - - description: The traffic direction assigned to the Traffic Mirror rule. - ruleNumber: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The rule number of the Traffic Mirror rule. - ruleAction: - allOf: - - $ref: '#/components/schemas/TrafficMirrorRuleAction' - - description: The action assigned to the Traffic Mirror rule. - protocol: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The protocol assigned to the Traffic Mirror rule. - destinationPortRange: - allOf: - - $ref: '#/components/schemas/TrafficMirrorPortRange' - - description: The destination port range assigned to the Traffic Mirror rule. - sourcePortRange: - allOf: - - $ref: '#/components/schemas/TrafficMirrorPortRange' - - description: The source port range assigned to the Traffic Mirror rule. - destinationCidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The destination CIDR block assigned to the Traffic Mirror rule. - sourceCidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The source CIDR block assigned to the Traffic Mirror rule. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the Traffic Mirror rule. - description: Describes the Traffic Mirror rule. - CreateTrafficMirrorSessionRequest: - type: object - required: - - NetworkInterfaceId - - TrafficMirrorTargetId - - TrafficMirrorFilterId - - SessionNumber - title: CreateTrafficMirrorSessionRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the Traffic Mirror session. - TagSpecification: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - TrafficMirrorSession: - type: object - properties: - trafficMirrorSessionId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID for the Traffic Mirror session. - trafficMirrorTargetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Traffic Mirror target. - trafficMirrorFilterId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Traffic Mirror filter. - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Traffic Mirror session's network interface. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the account that owns the Traffic Mirror session. - packetLength: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The number of bytes in each packet to mirror. These are the bytes after the VXLAN header. To mirror a subset, set this to the length (in bytes) to mirror. For example, if you set this value to 100, then the first 100 bytes that meet the filter criteria are copied to the target. Do not specify this parameter when you want to mirror the entire packet' - sessionNumber: - allOf: - - $ref: '#/components/schemas/Integer' - - description:

The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.

Valid values are 1-32766.

- virtualNetworkId: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The virtual network ID associated with the Traffic Mirror session. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the Traffic Mirror session. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the Traffic Mirror session. - description: Describes a Traffic Mirror session. - CreateTrafficMirrorTargetRequest: - type: object - title: CreateTrafficMirrorTargetRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the Traffic Mirror target. - TagSpecification: - allOf: - - $ref: '#/components/schemas/VpcEndpointId' - - description: The ID of the Gateway Load Balancer endpoint. - TrafficMirrorTarget: - type: object - properties: - trafficMirrorTargetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Traffic Mirror target. - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The network interface ID that is attached to the target. - networkLoadBalancerArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Network Load Balancer. - type: - allOf: - - $ref: '#/components/schemas/TrafficMirrorTargetType' - - description: The type of Traffic Mirror target. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: Information about the Traffic Mirror target. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the account that owns the Traffic Mirror target. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the Traffic Mirror target. - gatewayLoadBalancerEndpointId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Gateway Load Balancer endpoint. - description: Describes a Traffic Mirror target. - InsideCidrBlocksStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - CreateTransitGatewayConnectPeerRequest: - type: object - required: - - TransitGatewayAttachmentId - - PeerAddress - - InsideCidrBlocks - title: CreateTransitGatewayConnectPeerRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InsideCidrBlocksStringList' - - description: 'The range of inside IP addresses that are used for BGP peering. You must specify a size /29 IPv4 CIDR block from the 169.254.0.0/16 range. The first address from the range must be configured on the appliance as the BGP IP address. You can also optionally specify a size /125 IPv6 CIDR block from the fd00::/8 range.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayConnectPeer: - type: object - properties: - transitGatewayAttachmentId: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentId' - - description: The ID of the Connect attachment. - transitGatewayConnectPeerId: - allOf: - - $ref: '#/components/schemas/TransitGatewayConnectPeerId' - - description: The ID of the Connect peer. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayConnectPeerState' - - description: The state of the Connect peer. - creationTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The creation time. - connectPeerConfiguration: - allOf: - - $ref: '#/components/schemas/TransitGatewayConnectPeerConfiguration' - - description: The Connect peer details. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the Connect peer. - description: Describes a transit gateway Connect peer. - CreateTransitGatewayConnectRequestOptions: - type: object - required: - - Protocol - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ProtocolValue' - - description: The tunnel protocol. - description: The options for a Connect attachment. - CreateTransitGatewayConnectRequest: - type: object - required: - - TransportTransitGatewayAttachmentId - - Options - title: CreateTransitGatewayConnectRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/CreateTransitGatewayConnectRequestOptions' - - description: The Connect attachment options. - TagSpecification: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayConnect: - type: object - properties: - transitGatewayAttachmentId: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentId' - - description: The ID of the Connect attachment. - transportTransitGatewayAttachmentId: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentId' - - description: The ID of the attachment from which the Connect attachment was created. - transitGatewayId: - allOf: - - $ref: '#/components/schemas/TransitGatewayId' - - description: The ID of the transit gateway. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentState' - - description: The state of the attachment. - creationTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The creation time. - options: - allOf: - - $ref: '#/components/schemas/TransitGatewayConnectOptions' - - description: The Connect attachment options. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the attachment. - description: Describes a transit gateway Connect attachment. - CreateTransitGatewayMulticastDomainRequestOptions: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/AutoAcceptSharedAssociationsValue' - - description: Indicates whether to automatically accept cross-account subnet associations that are associated with the transit gateway multicast domain. - description: The options for the transit gateway multicast domain. - CreateTransitGatewayMulticastDomainRequest: - type: object - required: - - TransitGatewayId - title: CreateTransitGatewayMulticastDomainRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/CreateTransitGatewayMulticastDomainRequestOptions' - - description: The options for the transit gateway multicast domain. - TagSpecification: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayMulticastDomain: - type: object - properties: - transitGatewayMulticastDomainId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway multicast domain. - transitGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway. - transitGatewayMulticastDomainArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the transit gateway multicast domain. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: ' The ID of the Amazon Web Services account that owns the transit gateway multicast domain.' - options: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDomainOptions' - - description: The options for the transit gateway multicast domain. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDomainState' - - description: The state of the transit gateway multicast domain. - creationTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time the transit gateway multicast domain was created. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the transit gateway multicast domain. - description: Describes the transit gateway multicast domain. - CreateTransitGatewayPeeringAttachmentRequest: - type: object - required: - - TransitGatewayId - - PeerTransitGatewayId - - PeerAccountId - - PeerRegion - title: CreateTransitGatewayPeeringAttachmentRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The Region where the peer transit gateway is located. - TagSpecification: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - CreateTransitGatewayPrefixListReferenceRequest: - type: object - required: - - TransitGatewayRouteTableId - - PrefixListId - title: CreateTransitGatewayPrefixListReferenceRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayPrefixListReference: - type: object - properties: - transitGatewayRouteTableId: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableId' - - description: The ID of the transit gateway route table. - prefixListId: - allOf: - - $ref: '#/components/schemas/PrefixListResourceId' - - description: The ID of the prefix list. - prefixListOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the prefix list owner. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayPrefixListReferenceState' - - description: The state of the prefix list reference. - blackhole: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether traffic that matches this route is dropped. - transitGatewayAttachment: - allOf: - - $ref: '#/components/schemas/TransitGatewayPrefixListAttachment' - - description: Information about the transit gateway attachment. - description: Describes a prefix list reference. - TransitGatewayRequestOptions: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayCidrBlockStringList' - - description: 'One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6.' - description: Describes the options for a transit gateway. - CreateTransitGatewayRequest: - type: object - title: CreateTransitGatewayRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayRequestOptions' - - description: The transit gateway options. - TagSpecification: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGateway: - type: object - properties: - transitGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway. - transitGatewayArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the transit gateway. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayState' - - description: The state of the transit gateway. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the transit gateway. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the transit gateway. - creationTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The creation time. - options: - allOf: - - $ref: '#/components/schemas/TransitGatewayOptions' - - description: The transit gateway options. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the transit gateway. - description: Describes a transit gateway. - CreateTransitGatewayRouteRequest: - type: object - required: - - DestinationCidrBlock - - TransitGatewayRouteTableId - title: CreateTransitGatewayRouteRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayRoute: - type: object - properties: - destinationCidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The CIDR block used for destination matches. - prefixListId: - allOf: - - $ref: '#/components/schemas/PrefixListResourceId' - - description: The ID of the prefix list used for destination matches. - transitGatewayAttachments: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteAttachmentList' - - description: The attachments. - type: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteType' - - description: The route type. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteState' - - description: The state of the route. - description: Describes a route for a transit gateway route table. - CreateTransitGatewayRouteTableRequest: - type: object - required: - - TransitGatewayId - title: CreateTransitGatewayRouteTableRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayRouteTable: - type: object - properties: - transitGatewayRouteTableId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway route table. - transitGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableState' - - description: The state of the transit gateway route table. - defaultAssociationRouteTable: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether this is the default association route table for the transit gateway. - defaultPropagationRouteTable: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether this is the default propagation route table for the transit gateway. - creationTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The creation time. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the route table. - description: Describes a transit gateway route table. - CreateTransitGatewayVpcAttachmentRequest: - type: object - required: - - TransitGatewayId - - VpcId - - SubnetIds - title: CreateTransitGatewayVpcAttachmentRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - CreateTransitGatewayVpcAttachmentRequestOptions: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ApplianceModeSupportValue' - - description: 'Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable.' - description: Describes the options for a VPC attachment. - PermissionGroup: - type: string - enum: - - all - CreateVolumePermission: - type: object - properties: - group: - allOf: - - $ref: '#/components/schemas/PermissionGroup' - - description: The group to be added or removed. The possible value is all. - userId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account to be added or removed. - description: Describes the user or group to be added or removed from the list of create volume permissions for a volume. - CreateVolumePermissionModifications: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/CreateVolumePermissionList' - - description: Removes the specified Amazon Web Services account ID or group from the list. - description: Describes modifications to the list of create volume permissions for a volume. - VolumeType: - type: string - enum: - - standard - - io1 - - io2 - - gp2 - - sc1 - - st1 - - gp3 - CreateVolumeRequest: - type: object - required: - - AvailabilityZone - title: CreateVolumeRequest - properties: - AvailabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone in which to create the volume. - encrypted: - allOf: - - $ref: '#/components/schemas/VolumeType' - - description: '

The volume type. This parameter can be one of the following values:

For more information, see Amazon EBS volume types in the Amazon Elastic Compute Cloud User Guide.

Default: gp2

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency.' - CreateVpcEndpointConnectionNotificationRequest: - type: object - required: - - ConnectionNotificationArn - - ConnectionEvents - title: CreateVpcEndpointConnectionNotificationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - VpcEndpointRouteTableIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/RouteTableId' - - xml: - name: item - VpcEndpointSubnetIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SubnetId' - - xml: - name: item - CreateVpcEndpointRequest: - type: object - required: - - VpcId - - ServiceName - title: CreateVpcEndpointRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '(Interface and gateway endpoints) A policy to attach to the endpoint that controls access to the service. The policy must be in valid JSON format. If this parameter is not specified, we attach a default policy that allows full access to the service.' - RouteTableId: - allOf: - - $ref: '#/components/schemas/VpcEndpointRouteTableIdList' - - description: (Gateway endpoint) One or more route table IDs. - SubnetId: - allOf: - - $ref: '#/components/schemas/VpcEndpointSubnetIdList' - - description: '(Interface and Gateway Load Balancer endpoints) The ID of one or more subnets in which to create an endpoint network interface. For a Gateway Load Balancer endpoint, you can specify one subnet only.' - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

(Interface endpoint) Indicates whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service.

To use a private hosted zone, you must set the following VPC attributes to true: enableDnsHostnames and enableDnsSupport. Use ModifyVpcAttribute to set the VPC attributes.

Default: true

' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to associate with the endpoint. - description: Contains the parameters for CreateVpcEndpoint. - VpcEndpoint: - type: object - properties: - vpcEndpointId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the endpoint. - vpcEndpointType: - allOf: - - $ref: '#/components/schemas/VpcEndpointType' - - description: The type of endpoint. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC to which the endpoint is associated. - serviceName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the service to which the endpoint is associated. - state: - allOf: - - $ref: '#/components/schemas/State' - - description: The state of the endpoint. - policyDocument: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The policy document associated with the endpoint, if applicable.' - routeTableIdSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: (Gateway endpoint) One or more route tables associated with the endpoint. - subnetIdSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: (Interface endpoint) The subnets for the endpoint. - groupSet: - allOf: - - $ref: '#/components/schemas/GroupIdentifierSet' - - description: (Interface endpoint) Information about the security groups that are associated with the network interface. - ipAddressType: - allOf: - - $ref: '#/components/schemas/IpAddressType' - - description: The IP address type for the endpoint. - dnsOptions: - allOf: - - $ref: '#/components/schemas/DnsOptions' - - description: The DNS options for the endpoint. - privateDnsEnabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: (Interface endpoint) Indicates whether the VPC is associated with a private hosted zone. - requesterManaged: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the endpoint is being managed by its service. - networkInterfaceIdSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: (Interface endpoint) One or more network interfaces for the endpoint. - dnsEntrySet: - allOf: - - $ref: '#/components/schemas/DnsEntrySet' - - description: (Interface endpoint) The DNS entries for the endpoint. - creationTimestamp: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time that the endpoint was created. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the endpoint. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the endpoint. - lastError: - allOf: - - $ref: '#/components/schemas/LastError' - - description: The last error that occurred for endpoint. - description: Describes a VPC endpoint. - CreateVpcEndpointServiceConfigurationRequest: - type: object - title: CreateVpcEndpointServiceConfigurationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: (Interface endpoint configuration) The private DNS name to assign to the VPC endpoint service. - NetworkLoadBalancerArn: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The Amazon Resource Names (ARNs) of one or more Network Load Balancers for your service. - GatewayLoadBalancerArn: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The Amazon Resource Names (ARNs) of one or more Gateway Load Balancers. - SupportedIpAddressType: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to associate with the service. - ServiceConfiguration: - type: object - properties: - serviceType: - allOf: - - $ref: '#/components/schemas/ServiceTypeDetailSet' - - description: The type of service. - serviceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the service. - serviceName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the service. - serviceState: - allOf: - - $ref: '#/components/schemas/ServiceState' - - description: The service state. - availabilityZoneSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The Availability Zones in which the service is available. - acceptanceRequired: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether requests from other Amazon Web Services accounts to create an endpoint to the service must first be accepted. - managesVpcEndpoints: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the service manages its VPC endpoints. Management of the service VPC endpoints using the VPC endpoint API is restricted. - networkLoadBalancerArnSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The Amazon Resource Names (ARNs) of the Network Load Balancers for the service. - gatewayLoadBalancerArnSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The Amazon Resource Names (ARNs) of the Gateway Load Balancers for the service. - supportedIpAddressTypeSet: - allOf: - - $ref: '#/components/schemas/SupportedIpAddressTypes' - - description: The supported IP address types. - baseEndpointDnsNameSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The DNS names for the service. - privateDnsName: - allOf: - - $ref: '#/components/schemas/String' - - description: The private DNS name for the service. - privateDnsNameConfiguration: - allOf: - - $ref: '#/components/schemas/PrivateDnsNameConfiguration' - - description: Information about the endpoint service private DNS name configuration. - payerResponsibility: - allOf: - - $ref: '#/components/schemas/PayerResponsibility' - - description: The payer responsibility. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the service. - description: Describes a service configuration for a VPC endpoint service. - CreateVpcPeeringConnectionRequest: - type: object - title: CreateVpcPeeringConnectionRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - peerOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The Amazon Web Services account ID of the owner of the accepter VPC.

Default: Your Amazon Web Services account ID

' - peerVpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC with which you are creating the VPC peering connection. You must specify this parameter in the request. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The Region code for the accepter VPC, if the accepter VPC is located in a Region other than the Region in which you make the request.

Default: The Region in which you make the request.

' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to assign to the peering connection. - CreateVpcRequest: - type: object - title: CreateVpcRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv4 network range for the VPC, in CIDR notation. For example, 10.0.0.0/16. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.' - amazonProvidedIpv6CidrBlock: - allOf: - - $ref: '#/components/schemas/NetmaskLength' - - description: 'The netmask length of the IPv6 CIDR you want to allocate to this VPC from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide.' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - instanceTenancy: - allOf: - - $ref: '#/components/schemas/String' - - description:

The name of the location from which we advertise the IPV6 CIDR block. Use this parameter to limit the address to this location.

You must set AmazonProvidedIpv6CidrBlock to true to use this parameter.

- TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to assign to the VPC. - VpnConnectionOptionsSpecification: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Indicate whether to enable acceleration for the VPN connection.

Default: false

' - staticRoutesOnly: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The IPv6 CIDR on the Amazon Web Services side of the VPN connection.

Default: ::/0

' - description: Describes VPN connection options. - CreateVpnConnectionRequest: - type: object - required: - - CustomerGatewayId - - Type - title: CreateVpnConnectionRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayId' - - description: 'The ID of the transit gateway. If you specify a transit gateway, you cannot specify a virtual private gateway.' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - options: - allOf: - - $ref: '#/components/schemas/VpnConnectionOptionsSpecification' - - description: The options for the VPN connection. - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to apply to the VPN connection. - description: Contains the parameters for CreateVpnConnection. - VpnConnection: - type: object - properties: - customerGatewayConfiguration: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The configuration information for the VPN connection''s customer gateway (in the native XML format). This element is always present in the CreateVpnConnection response; however, it''s present in the DescribeVpnConnections response only if the VPN connection is in the pending or available state.' - customerGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the customer gateway at your end of the VPN connection. - category: - allOf: - - $ref: '#/components/schemas/String' - - description: The category of the VPN connection. A value of VPN indicates an Amazon Web Services VPN connection. A value of VPN-Classic indicates an Amazon Web Services Classic VPN connection. - state: - allOf: - - $ref: '#/components/schemas/VpnState' - - description: The current state of the VPN connection. - type: - allOf: - - $ref: '#/components/schemas/GatewayType' - - description: The type of VPN connection. - vpnConnectionId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPN connection. - vpnGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the virtual private gateway at the Amazon Web Services side of the VPN connection. - transitGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway associated with the VPN connection. - coreNetworkArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The ARN of the core network. - coreNetworkAttachmentArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The ARN of the core network attachment. - gatewayAssociationState: - allOf: - - $ref: '#/components/schemas/GatewayAssociationState' - - description: The current state of the gateway association. - options: - allOf: - - $ref: '#/components/schemas/VpnConnectionOptions' - - description: The VPN connection options. - routes: - allOf: - - $ref: '#/components/schemas/VpnStaticRouteList' - - description: The static routes associated with the VPN connection. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the VPN connection. - vgwTelemetry: - allOf: - - $ref: '#/components/schemas/VgwTelemetryList' - - description: Information about the VPN tunnel. - description: Describes a VPN connection. - CreateVpnConnectionRouteRequest: - type: object - required: - - DestinationCidrBlock - - VpnConnectionId - title: CreateVpnConnectionRouteRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpnConnectionId' - - description: The ID of the VPN connection. - description: Contains the parameters for CreateVpnConnectionRoute. - CreateVpnGatewayRequest: - type: object - required: - - Type - title: CreateVpnGatewayRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/GatewayType' - - description: The type of VPN connection this virtual private gateway supports. - TagSpecification: - allOf: - - $ref: '#/components/schemas/Long' - - description: '

A private Autonomous System Number (ASN) for the Amazon side of a BGP session. If you''re using a 16-bit ASN, it must be in the 64512 to 65534 range. If you''re using a 32-bit ASN, it must be in the 4200000000 to 4294967294 range.

Default: 64512

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for CreateVpnGateway. - VpnGateway: - type: object - properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The Availability Zone where the virtual private gateway was created, if applicable. This field may be empty or not returned.' - state: - allOf: - - $ref: '#/components/schemas/VpnState' - - description: The current state of the virtual private gateway. - type: - allOf: - - $ref: '#/components/schemas/GatewayType' - - description: The type of VPN connection the virtual private gateway supports. - attachments: - allOf: - - $ref: '#/components/schemas/VpcAttachmentList' - - description: Any VPCs attached to the virtual private gateway. - vpnGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the virtual private gateway. - amazonSideAsn: - allOf: - - $ref: '#/components/schemas/Long' - - description: The private Autonomous System Number (ASN) for the Amazon side of a BGP session. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the virtual private gateway. - description: Describes a virtual private gateway. - CreditSpecification: - type: object - properties: - cpuCredits: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The credit option for CPU usage of a T2, T3, or T3a instance. Valid values are standard and unlimited.' - description: 'Describes the credit option for CPU usage of a T2, T3, or T3a instance.' - CreditSpecificationRequest: - type: object - required: - - CpuCredits - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The credit option for CPU usage of a T2, T3, or T3a instance. Valid values are standard and unlimited.' - description: 'The credit option for CPU usage of a T2, T3, or T3a instance.' - CurrentGenerationFlag: - type: boolean - CustomerGatewayIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/CustomerGatewayId' - - xml: - name: CustomerGatewayId - CustomerGatewayList: - type: array - items: - allOf: - - $ref: '#/components/schemas/CustomerGateway' - - xml: - name: item - DITMaxResults: - type: integer - minimum: 5 - maximum: 100 - DITOMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DatafeedSubscriptionState: - type: string - enum: - - Active - - Inactive - DedicatedHostFlag: - type: boolean - DefaultNetworkCardIndex: - type: integer - DefaultRouteTableAssociationValue: - type: string - enum: - - enable - - disable - DefaultRouteTablePropagationValue: - type: string - enum: - - enable - - disable - DefaultTargetCapacityType: - type: string - enum: - - spot - - on-demand - DefaultingDhcpOptionsId: - type: string - DeleteCarrierGatewayRequest: - type: object - required: - - CarrierGatewayId - title: DeleteCarrierGatewayRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteClientVpnEndpointRequest: - type: object - required: - - ClientVpnEndpointId - title: DeleteClientVpnEndpointRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteClientVpnRouteRequest: - type: object - required: - - ClientVpnEndpointId - - DestinationCidrBlock - title: DeleteClientVpnRouteRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteCustomerGatewayRequest: - type: object - required: - - CustomerGatewayId - title: DeleteCustomerGatewayRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/CustomerGatewayId' - - description: The ID of the customer gateway. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for DeleteCustomerGateway. - DeleteDhcpOptionsRequest: - type: object - required: - - DhcpOptionsId - title: DeleteDhcpOptionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/DhcpOptionsId' - - description: The ID of the DHCP options set. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteEgressOnlyInternetGatewayRequest: - type: object - required: - - EgressOnlyInternetGatewayId - title: DeleteEgressOnlyInternetGatewayRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/EgressOnlyInternetGatewayId' - - description: The ID of the egress-only internet gateway. - DeleteFleetErrorCode: - type: string - enum: - - fleetIdDoesNotExist - - fleetIdMalformed - - fleetNotInDeletableState - - unexpectedError - DeleteFleetError: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/DeleteFleetErrorCode' - - description: The error code. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: The description for the error code. - description: Describes an EC2 Fleet error. - DeleteFleetErrorItem: - type: object - properties: - error: - allOf: - - $ref: '#/components/schemas/DeleteFleetError' - - description: The error. - fleetId: - allOf: - - $ref: '#/components/schemas/FleetId' - - description: The ID of the EC2 Fleet. - description: Describes an EC2 Fleet that was not successfully deleted. - DeleteFleetErrorSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/DeleteFleetErrorItem' - - xml: - name: item - FleetStateCode: - type: string - enum: - - submitted - - active - - deleted - - failed - - deleted_running - - deleted_terminating - - modifying - DeleteFleetSuccessItem: - type: object - properties: - currentFleetState: - allOf: - - $ref: '#/components/schemas/FleetStateCode' - - description: The current state of the EC2 Fleet. - previousFleetState: - allOf: - - $ref: '#/components/schemas/FleetStateCode' - - description: The previous state of the EC2 Fleet. - fleetId: - allOf: - - $ref: '#/components/schemas/FleetId' - - description: The ID of the EC2 Fleet. - description: Describes an EC2 Fleet that was successfully deleted. - DeleteFleetSuccessSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/DeleteFleetSuccessItem' - - xml: - name: item - DeleteFleetsRequest: - type: object - required: - - FleetIds - - TerminateInstances - title: DeleteFleetsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - FleetId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Indicates whether to terminate the instances when the EC2 Fleet is deleted. The default is to terminate the instances.

To let the instances continue to run after the EC2 Fleet is deleted, specify NoTerminateInstances. Supported only for fleets of type maintain and request.

For instant fleets, you cannot specify NoTerminateInstances. A deleted instant fleet with running instances is not supported.

' - FlowLogIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcFlowLogId' - - xml: - name: item - DeleteFlowLogsRequest: - type: object - required: - - FlowLogIds - title: DeleteFlowLogsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - FlowLogId: - allOf: - - $ref: '#/components/schemas/FlowLogIdList' - - description: '

One or more flow log IDs.

Constraint: Maximum of 1000 flow log IDs.

' - DeleteFpgaImageRequest: - type: object - required: - - FpgaImageId - title: DeleteFpgaImageRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/FpgaImageId' - - description: The ID of the AFI. - DeleteInstanceEventWindowRequest: - type: object - required: - - InstanceEventWindowId - title: DeleteInstanceEventWindowRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowId' - - description: The ID of the event window. - InstanceEventWindowStateChange: - type: object - properties: - instanceEventWindowId: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowId' - - description: The ID of the event window. - state: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowState' - - description: The current state of the event window. - description: The state of the event window. - DeleteInternetGatewayRequest: - type: object - required: - - InternetGatewayId - title: DeleteInternetGatewayRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - internetGatewayId: - allOf: - - $ref: '#/components/schemas/InternetGatewayId' - - description: The ID of the internet gateway. - IpamPoolId: - type: string - DeleteIpamPoolRequest: - type: object - required: - - IpamPoolId - title: DeleteIpamPoolRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/IpamPoolId' - - description: The ID of the pool to delete. - DeleteIpamRequest: - type: object - required: - - IpamId - title: DeleteIpamRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Enables you to quickly delete an IPAM, private scopes, pools in private scopes, and any allocations in the pools in private scopes. You cannot delete the IPAM with this option if there is a pool in your public scope. If you use this option, IPAM does the following:

' - IpamScopeId: - type: string - DeleteIpamScopeRequest: - type: object - required: - - IpamScopeId - title: DeleteIpamScopeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/IpamScopeId' - - description: The ID of the scope to delete. - DeleteKeyPairRequest: - type: object - title: DeleteKeyPairRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/KeyPairId' - - description: The ID of the key pair. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteLaunchTemplateRequest: - type: object - title: DeleteLaunchTemplateRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LaunchTemplateName' - - description: The name of the launch template. You must specify either the launch template ID or launch template name in the request. - VersionStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - DeleteLaunchTemplateVersionsRequest: - type: object - required: - - Versions - title: DeleteLaunchTemplateVersionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LaunchTemplateName' - - description: The name of the launch template. You must specify either the launch template ID or launch template name in the request. - LaunchTemplateVersion: - allOf: - - $ref: '#/components/schemas/VersionStringList' - - description: The version numbers of one or more launch template versions to delete. - ResponseError: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/LaunchTemplateErrorCode' - - description: The error code. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The error message, if applicable.' - description: Describes the error that's returned when you cannot delete a launch template version. - DeleteLaunchTemplateVersionsResponseErrorItem: - type: object - properties: - launchTemplateId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the launch template. - launchTemplateName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the launch template. - versionNumber: - allOf: - - $ref: '#/components/schemas/Long' - - description: The version number of the launch template. - responseError: - allOf: - - $ref: '#/components/schemas/ResponseError' - - description: Information about the error. - description: Describes a launch template version that could not be deleted. - DeleteLaunchTemplateVersionsResponseErrorSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/DeleteLaunchTemplateVersionsResponseErrorItem' - - xml: - name: item - DeleteLaunchTemplateVersionsResponseSuccessItem: - type: object - properties: - launchTemplateId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the launch template. - launchTemplateName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the launch template. - versionNumber: - allOf: - - $ref: '#/components/schemas/Long' - - description: The version number of the launch template. - description: Describes a launch template version that was successfully deleted. - DeleteLaunchTemplateVersionsResponseSuccessSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/DeleteLaunchTemplateVersionsResponseSuccessItem' - - xml: - name: item - DeleteLocalGatewayRouteRequest: - type: object - required: - - DestinationCidrBlock - - LocalGatewayRouteTableId - title: DeleteLocalGatewayRouteRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteLocalGatewayRouteTableVpcAssociationRequest: - type: object - required: - - LocalGatewayRouteTableVpcAssociationId - title: DeleteLocalGatewayRouteTableVpcAssociationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteManagedPrefixListRequest: - type: object - required: - - PrefixListId - title: DeleteManagedPrefixListRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/PrefixListResourceId' - - description: The ID of the prefix list. - DeleteNatGatewayRequest: - type: object - required: - - NatGatewayId - title: DeleteNatGatewayRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/NatGatewayId' - - description: The ID of the NAT gateway. - DeleteNetworkAclEntryRequest: - type: object - required: - - Egress - - NetworkAclId - - RuleNumber - title: DeleteNetworkAclEntryRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - egress: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the rule is an egress rule. - networkAclId: - allOf: - - $ref: '#/components/schemas/NetworkAclId' - - description: The ID of the network ACL. - ruleNumber: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The rule number of the entry to delete. - DeleteNetworkAclRequest: - type: object - required: - - NetworkAclId - title: DeleteNetworkAclRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - networkAclId: - allOf: - - $ref: '#/components/schemas/NetworkAclId' - - description: The ID of the network ACL. - DeleteNetworkInsightsAccessScopeAnalysisRequest: - type: object - required: - - NetworkInsightsAccessScopeAnalysisId - title: DeleteNetworkInsightsAccessScopeAnalysisRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteNetworkInsightsAccessScopeRequest: - type: object - required: - - NetworkInsightsAccessScopeId - title: DeleteNetworkInsightsAccessScopeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' - - description: The ID of the Network Access Scope. - DeleteNetworkInsightsAnalysisRequest: - type: object - required: - - NetworkInsightsAnalysisId - title: DeleteNetworkInsightsAnalysisRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAnalysisId' - - description: The ID of the network insights analysis. - DeleteNetworkInsightsPathRequest: - type: object - required: - - NetworkInsightsPathId - title: DeleteNetworkInsightsPathRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/NetworkInsightsPathId' - - description: The ID of the path. - DeleteNetworkInterfacePermissionRequest: - type: object - required: - - NetworkInterfacePermissionId - title: DeleteNetworkInterfacePermissionRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for DeleteNetworkInterfacePermission. - DeleteNetworkInterfaceRequest: - type: object - required: - - NetworkInterfaceId - title: DeleteNetworkInterfaceRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - description: The ID of the network interface. - description: Contains the parameters for DeleteNetworkInterface. - DeletePlacementGroupRequest: - type: object - required: - - GroupName - title: DeletePlacementGroupRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - groupName: - allOf: - - $ref: '#/components/schemas/PlacementGroupName' - - description: The name of the placement group. - DeletePublicIpv4PoolRequest: - type: object - required: - - PoolId - title: DeletePublicIpv4PoolRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Ipv4PoolEc2Id' - - description: The ID of the public IPv4 pool you want to delete. - DeleteQueuedReservedInstancesErrorCode: - type: string - enum: - - reserved-instances-id-invalid - - reserved-instances-not-in-queued-state - - unexpected-error - DeleteQueuedReservedInstancesError: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/DeleteQueuedReservedInstancesErrorCode' - - description: The error code. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: The error message. - description: Describes the error for a Reserved Instance whose queued purchase could not be deleted. - DeleteQueuedReservedInstancesIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservationId' - - xml: - name: item - minItems: 1 - maxItems: 100 - DeleteQueuedReservedInstancesRequest: - type: object - required: - - ReservedInstancesIds - title: DeleteQueuedReservedInstancesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ReservedInstancesId: - allOf: - - $ref: '#/components/schemas/DeleteQueuedReservedInstancesIdList' - - description: The IDs of the Reserved Instances. - SuccessfulQueuedPurchaseDeletionSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/SuccessfulQueuedPurchaseDeletion' - - xml: - name: item - FailedQueuedPurchaseDeletionSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/FailedQueuedPurchaseDeletion' - - xml: - name: item - DeleteRouteRequest: - type: object - required: - - RouteTableId - title: DeleteRouteRequest - properties: - destinationCidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv4 CIDR range for the route. The value you specify must match the CIDR for the route exactly. - destinationIpv6CidrBlock: - allOf: - - $ref: '#/components/schemas/PrefixListResourceId' - - description: The ID of the prefix list for the route. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - routeTableId: - allOf: - - $ref: '#/components/schemas/RouteTableId' - - description: The ID of the route table. - DeleteRouteTableRequest: - type: object - required: - - RouteTableId - title: DeleteRouteTableRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - routeTableId: - allOf: - - $ref: '#/components/schemas/RouteTableId' - - description: The ID of the route table. - DeleteSecurityGroupRequest: - type: object - title: DeleteSecurityGroupRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/SecurityGroupName' - - description: '[EC2-Classic, default VPC] The name of the security group. You can specify either the security group name or the security group ID.' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteSnapshotRequest: - type: object - required: - - SnapshotId - title: DeleteSnapshotRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/SnapshotId' - - description: The ID of the EBS snapshot. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteSpotDatafeedSubscriptionRequest: - type: object - title: DeleteSpotDatafeedSubscriptionRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for DeleteSpotDatafeedSubscription. - DeleteSubnetCidrReservationRequest: - type: object - required: - - SubnetCidrReservationId - title: DeleteSubnetCidrReservationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteSubnetRequest: - type: object - required: - - SubnetId - title: DeleteSubnetRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/SubnetId' - - description: The ID of the subnet. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteTagsRequest: - type: object - required: - - Resources - title: DeleteTagsRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - resourceId: - allOf: - - $ref: '#/components/schemas/ResourceIdList' - - description: '

The IDs of the resources, separated by spaces.

Constraints: Up to 1000 resource IDs. We recommend breaking up this request into smaller batches.

' - tag: - allOf: - - $ref: '#/components/schemas/TagList' - - description: '

The tags to delete. Specify a tag key and an optional tag value to delete specific tags. If you specify a tag key without a tag value, we delete any tag with this key regardless of its value. If you specify a tag key with an empty string as the tag value, we delete the tag only if its value is an empty string.

If you omit this parameter, we delete all user-defined tags for the specified resources. We do not delete Amazon Web Services-generated tags (tags that have the aws: prefix).

Constraints: Up to 1000 tags.

' - DeleteTrafficMirrorFilterRequest: - type: object - required: - - TrafficMirrorFilterId - title: DeleteTrafficMirrorFilterRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteTrafficMirrorFilterRuleRequest: - type: object - required: - - TrafficMirrorFilterRuleId - title: DeleteTrafficMirrorFilterRuleRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteTrafficMirrorSessionRequest: - type: object - required: - - TrafficMirrorSessionId - title: DeleteTrafficMirrorSessionRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteTrafficMirrorTargetRequest: - type: object - required: - - TrafficMirrorTargetId - title: DeleteTrafficMirrorTargetRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteTransitGatewayConnectPeerRequest: - type: object - required: - - TransitGatewayConnectPeerId - title: DeleteTransitGatewayConnectPeerRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteTransitGatewayConnectRequest: - type: object - required: - - TransitGatewayAttachmentId - title: DeleteTransitGatewayConnectRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteTransitGatewayMulticastDomainRequest: - type: object - required: - - TransitGatewayMulticastDomainId - title: DeleteTransitGatewayMulticastDomainRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteTransitGatewayPeeringAttachmentRequest: - type: object - required: - - TransitGatewayAttachmentId - title: DeleteTransitGatewayPeeringAttachmentRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteTransitGatewayPrefixListReferenceRequest: - type: object - required: - - TransitGatewayRouteTableId - - PrefixListId - title: DeleteTransitGatewayPrefixListReferenceRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteTransitGatewayRequest: - type: object - required: - - TransitGatewayId - title: DeleteTransitGatewayRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteTransitGatewayRouteRequest: - type: object - required: - - TransitGatewayRouteTableId - - DestinationCidrBlock - title: DeleteTransitGatewayRouteRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteTransitGatewayRouteTableRequest: - type: object - required: - - TransitGatewayRouteTableId - title: DeleteTransitGatewayRouteTableRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteTransitGatewayVpcAttachmentRequest: - type: object - required: - - TransitGatewayAttachmentId - title: DeleteTransitGatewayVpcAttachmentRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteVolumeRequest: - type: object - required: - - VolumeId - title: DeleteVolumeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VolumeId' - - description: The ID of the volume. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteVpcEndpointConnectionNotificationsRequest: - type: object - required: - - ConnectionNotificationIds - title: DeleteVpcEndpointConnectionNotificationsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ConnectionNotificationId: - allOf: - - $ref: '#/components/schemas/ConnectionNotificationIdsList' - - description: One or more notification IDs. - VpcEndpointServiceIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcEndpointServiceId' - - xml: - name: item - DeleteVpcEndpointServiceConfigurationsRequest: - type: object - required: - - ServiceIds - title: DeleteVpcEndpointServiceConfigurationsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ServiceId: - allOf: - - $ref: '#/components/schemas/VpcEndpointServiceIdList' - - description: The IDs of one or more services. - DeleteVpcEndpointsRequest: - type: object - required: - - VpcEndpointIds - title: DeleteVpcEndpointsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - VpcEndpointId: - allOf: - - $ref: '#/components/schemas/VpcEndpointIdList' - - description: One or more VPC endpoint IDs. - description: Contains the parameters for DeleteVpcEndpoints. - DeleteVpcPeeringConnectionRequest: - type: object - required: - - VpcPeeringConnectionId - title: DeleteVpcPeeringConnectionRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - vpcPeeringConnectionId: - allOf: - - $ref: '#/components/schemas/VpcPeeringConnectionId' - - description: The ID of the VPC peering connection. - DeleteVpcRequest: - type: object - required: - - VpcId - title: DeleteVpcRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeleteVpnConnectionRequest: - type: object - required: - - VpnConnectionId - title: DeleteVpnConnectionRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpnConnectionId' - - description: The ID of the VPN connection. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for DeleteVpnConnection. - DeleteVpnConnectionRouteRequest: - type: object - required: - - DestinationCidrBlock - - VpnConnectionId - title: DeleteVpnConnectionRouteRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpnConnectionId' - - description: The ID of the VPN connection. - description: Contains the parameters for DeleteVpnConnectionRoute. - DeleteVpnGatewayRequest: - type: object - required: - - VpnGatewayId - title: DeleteVpnGatewayRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpnGatewayId' - - description: The ID of the virtual private gateway. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for DeleteVpnGateway. - DeprovisionByoipCidrRequest: - type: object - required: - - Cidr - title: DeprovisionByoipCidrRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DeprovisionIpamPoolCidrRequest: - type: object - required: - - IpamPoolId - title: DeprovisionIpamPoolCidrRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The CIDR which you want to deprovision from the pool. - IpamPoolCidr: - type: object - properties: - cidr: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The CIDR provisioned to the IPAM pool. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is 10.24.34.0/23. An IPv6 CIDR example is 2001:DB8::/32.' - state: - allOf: - - $ref: '#/components/schemas/IpamPoolCidrState' - - description: The state of the CIDR. - failureReason: - allOf: - - $ref: '#/components/schemas/IpamPoolCidrFailureReason' - - description: Details related to why an IPAM pool CIDR failed to be provisioned. - description: A CIDR provisioned to an IPAM pool. - DeprovisionPublicIpv4PoolCidrRequest: - type: object - required: - - PoolId - - Cidr - title: DeprovisionPublicIpv4PoolCidrRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The CIDR you want to deprovision from the pool. - DeprovisionedAddressSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - DeregisterImageRequest: - type: object - required: - - ImageId - title: DeregisterImageRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ImageId' - - description: The ID of the AMI. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for DeregisterImage. - DeregisterInstanceTagAttributeRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to deregister all tag keys in the current Region. Specify false to deregister all tag keys. - InstanceTagKey: - allOf: - - $ref: '#/components/schemas/InstanceTagKeySet' - - description: Information about the tag keys to deregister. - description: Information about the tag keys to deregister for the current Region. You can either specify individual tag keys or deregister all tag keys in the current Region. You must specify either IncludeAllTagsOfInstance or InstanceTagKeys in the request - DeregisterInstanceEventNotificationAttributesRequest: - type: object - title: DeregisterInstanceEventNotificationAttributesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/DeregisterInstanceTagAttributeRequest' - - description: Information about the tag keys to deregister. - InstanceTagNotificationAttribute: - type: object - properties: - instanceTagKeySet: - allOf: - - $ref: '#/components/schemas/InstanceTagKeySet' - - description: The registered tag keys. - includeAllTagsOfInstance: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates wheter all tag keys in the current Region are registered to appear in scheduled event notifications. true indicates that all tag keys in the current Region are registered. - description: Describes the registered tag keys for the current Region. - DeregisterTransitGatewayMulticastGroupMembersRequest: - type: object - title: DeregisterTransitGatewayMulticastGroupMembersRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayMulticastDeregisteredGroupMembers: - type: object - properties: - transitGatewayMulticastDomainId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway multicast domain. - deregisteredNetworkInterfaceIds: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The network interface IDs of the deregistered members. - groupIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The IP address assigned to the transit gateway multicast group. - description: Describes the deregistered transit gateway multicast group members. - DeregisterTransitGatewayMulticastGroupSourcesRequest: - type: object - title: DeregisterTransitGatewayMulticastGroupSourcesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayMulticastDeregisteredGroupSources: - type: object - properties: - transitGatewayMulticastDomainId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway multicast domain. - deregisteredNetworkInterfaceIds: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The network interface IDs of the non-registered members. - groupIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The IP address assigned to the transit gateway multicast group. - description: Describes the deregistered transit gateway multicast group sources. - DescribeAccountAttributesRequest: - type: object - title: DescribeAccountAttributesRequest - properties: - attributeName: - allOf: - - $ref: '#/components/schemas/AccountAttributeNameStringList' - - description: The account attribute names. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DescribeAddressesAttributeRequest: - type: object - title: DescribeAddressesAttributeRequest - properties: - AllocationId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - NextToken: - type: string - FilterList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Filter' - - xml: - name: Filter - PublicIpStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: PublicIp - DescribeAddressesRequest: - type: object - title: DescribeAddressesRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters. Filter names and values are case-sensitive.

' - PublicIp: - allOf: - - $ref: '#/components/schemas/PublicIpStringList' - - description: '

One or more Elastic IP addresses.

Default: Describes all your Elastic IP addresses.

' - AllocationId: - allOf: - - $ref: '#/components/schemas/AllocationIdList' - - description: '[EC2-VPC] Information about the allocation IDs.' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DescribeAggregateIdFormatRequest: - type: object - title: DescribeAggregateIdFormatRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - IdFormatList: - type: array - items: - allOf: - - $ref: '#/components/schemas/IdFormat' - - xml: - name: item - ZoneNameStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: ZoneName - DescribeAvailabilityZonesRequest: - type: object - title: DescribeAvailabilityZonesRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

The filters.

' - ZoneName: - allOf: - - $ref: '#/components/schemas/ZoneNameStringList' - - description: 'The names of the Availability Zones, Local Zones, and Wavelength Zones.' - ZoneId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Include all Availability Zones, Local Zones, and Wavelength Zones regardless of your opt-in status.

If you do not use this parameter, the results include only the zones for the Regions where you have chosen the option to opt in.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DescribeBundleTasksRequest: - type: object - title: DescribeBundleTasksRequest - properties: - BundleId: - allOf: - - $ref: '#/components/schemas/BundleIdStringList' - - description: '

The bundle task IDs.

Default: Describes all your bundle tasks.

' - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

The filters.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DescribeByoipCidrsMaxResults: - type: integer - minimum: 1 - maximum: 100 - DescribeByoipCidrsRequest: - type: object - required: - - MaxResults - title: DescribeByoipCidrsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - DescribeCapacityReservationFleetsMaxResults: - type: integer - minimum: 1 - maximum: 100 - DescribeCapacityReservationFleetsRequest: - type: object - title: DescribeCapacityReservationFleetsRequest - properties: - CapacityReservationFleetId: - allOf: - - $ref: '#/components/schemas/DescribeCapacityReservationFleetsMaxResults' - - description: 'The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.' - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DescribeCapacityReservationsMaxResults: - type: integer - minimum: 1 - maximum: 1000 - DescribeCapacityReservationsRequest: - type: object - title: DescribeCapacityReservationsRequest - properties: - CapacityReservationId: - allOf: - - $ref: '#/components/schemas/DescribeCapacityReservationsMaxResults' - - description: 'The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.' - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DescribeCarrierGatewaysRequest: - type: object - title: DescribeCarrierGatewaysRequest - properties: - CarrierGatewayId: - allOf: - - $ref: '#/components/schemas/CarrierGatewayIdSet' - - description: One or more carrier gateway IDs. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DescribeClassicLinkInstancesMaxResults: - type: integer - minimum: 5 - maximum: 1000 - InstanceIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceId' - - xml: - name: InstanceId - DescribeClassicLinkInstancesRequest: - type: object - title: DescribeClassicLinkInstancesRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - InstanceId: - allOf: - - $ref: '#/components/schemas/InstanceIdStringList' - - description: One or more instance IDs. Must be instances linked to a VPC through ClassicLink. - maxResults: - allOf: - - $ref: '#/components/schemas/DescribeClassicLinkInstancesMaxResults' - - description: '

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

Constraint: If the value is greater than 1000, we return only 1000 items.

' - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next page of results. - DescribeClientVpnAuthorizationRulesMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DescribeClientVpnAuthorizationRulesRequest: - type: object - required: - - ClientVpnEndpointId - title: DescribeClientVpnAuthorizationRulesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to retrieve the next page of results. - Filter: - allOf: - - $ref: '#/components/schemas/DescribeClientVpnAuthorizationRulesMaxResults' - - description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value. - DescribeClientVpnConnectionsMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DescribeClientVpnConnectionsRequest: - type: object - required: - - ClientVpnEndpointId - title: DescribeClientVpnConnectionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ClientVpnEndpointId' - - description: The ID of the Client VPN endpoint. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DescribeClientVpnEndpointMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DescribeClientVpnEndpointsRequest: - type: object - title: DescribeClientVpnEndpointsRequest - properties: - ClientVpnEndpointId: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to retrieve the next page of results. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - EndpointSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ClientVpnEndpoint' - - xml: - name: item - DescribeClientVpnRoutesMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DescribeClientVpnRoutesRequest: - type: object - required: - - ClientVpnEndpointId - title: DescribeClientVpnRoutesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ClientVpnEndpointId' - - description: The ID of the Client VPN endpoint. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DescribeClientVpnTargetNetworksMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DescribeClientVpnTargetNetworksRequest: - type: object - required: - - ClientVpnEndpointId - title: DescribeClientVpnTargetNetworksRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to retrieve the next page of results. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TargetNetworkSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/TargetNetwork' - - xml: - name: item - DescribeCoipPoolsRequest: - type: object - title: DescribeCoipPoolsRequest - properties: - PoolId: - allOf: - - $ref: '#/components/schemas/CoipPoolIdSet' - - description: The IDs of the address pools. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DescribeConversionTaskList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ConversionTask' - - xml: - name: item - DescribeConversionTasksRequest: - type: object - title: DescribeConversionTasksRequest - properties: - conversionTaskId: - allOf: - - $ref: '#/components/schemas/ConversionIdStringList' - - description: The conversion task IDs. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DescribeCustomerGatewaysRequest: - type: object - title: DescribeCustomerGatewaysRequest - properties: - CustomerGatewayId: - allOf: - - $ref: '#/components/schemas/CustomerGatewayIdStringList' - - description: '

One or more customer gateway IDs.

Default: Describes all your customer gateways.

' - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for DescribeCustomerGateways. - DescribeDhcpOptionsMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DhcpOptionsIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/DhcpOptionsId' - - xml: - name: DhcpOptionsId - DescribeDhcpOptionsRequest: - type: object - title: DescribeDhcpOptionsRequest - properties: - DhcpOptionsId: - allOf: - - $ref: '#/components/schemas/DhcpOptionsIdStringList' - - description: '

The IDs of one or more DHCP options sets.

Default: Describes all your DHCP options sets.

' - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - dryRun: - allOf: - - $ref: '#/components/schemas/DescribeDhcpOptionsMaxResults' - - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - DhcpOptionsList: - type: array - items: - allOf: - - $ref: '#/components/schemas/DhcpOptions' - - xml: - name: item - DescribeEgressOnlyInternetGatewaysMaxResults: - type: integer - minimum: 5 - maximum: 255 - DescribeEgressOnlyInternetGatewaysRequest: - type: object - title: DescribeEgressOnlyInternetGatewaysRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - EgressOnlyInternetGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next page of results. - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - EgressOnlyInternetGatewayList: - type: array - items: - allOf: - - $ref: '#/components/schemas/EgressOnlyInternetGateway' - - xml: - name: item - DescribeElasticGpusMaxResults: - type: integer - minimum: 10 - maximum: 1000 - DescribeElasticGpusRequest: - type: object - title: DescribeElasticGpusRequest - properties: - ElasticGpuId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to request the next page of results. - ElasticGpuSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ElasticGpus' - - xml: - name: item - DescribeExportImageTasksMaxResults: - type: integer - minimum: 1 - maximum: 500 - DescribeExportImageTasksRequest: - type: object - title: DescribeExportImageTasksRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: 'Filter tasks using the task-state filter and one of the following values: active, completed, deleting, or deleted.' - ExportImageTaskId: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: A token that indicates the next page of results. - ExportImageTaskList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ExportImageTask' - - xml: - name: item - ExportTaskIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ExportTaskId' - - xml: - name: ExportTaskId - DescribeExportTasksRequest: - type: object - title: DescribeExportTasksRequest - properties: - exportTaskId: - allOf: - - $ref: '#/components/schemas/ExportTaskIdStringList' - - description: The export task IDs. - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: the filters for the export tasks. - ExportTaskList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ExportTask' - - xml: - name: item - FastLaunchImageIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImageId' - - xml: - name: ImageId - DescribeFastLaunchImagesRequest: - type: object - title: DescribeFastLaunchImagesRequest - properties: - ImageId: - allOf: - - $ref: '#/components/schemas/FastLaunchImageIdList' - - description: Details for one or more Windows AMI image IDs. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DescribeFastLaunchImagesRequestMaxResults: - type: integer - minimum: 0 - maximum: 200 - DescribeFastLaunchImagesSuccessSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/DescribeFastLaunchImagesSuccessItem' - - xml: - name: item - FastLaunchResourceType: - type: string - enum: - - snapshot - FastLaunchSnapshotConfigurationResponse: - type: object - properties: - targetResourceCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of pre-provisioned snapshots requested to keep on hand for a fast-launch enabled Windows AMI. - description: Configuration settings for creating and managing pre-provisioned snapshots for a fast-launch enabled Windows AMI. - FastLaunchLaunchTemplateSpecificationResponse: - type: object - properties: - launchTemplateId: - allOf: - - $ref: '#/components/schemas/LaunchTemplateId' - - description: The ID of the launch template for faster launching of the associated Windows AMI. - launchTemplateName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the launch template for faster launching of the associated Windows AMI. - version: - allOf: - - $ref: '#/components/schemas/String' - - description: The version of the launch template for faster launching of the associated Windows AMI. - description: Identifies the launch template to use for faster launching of the Windows AMI. - FastLaunchStateCode: - type: string - enum: - - enabling - - enabling-failed - - enabled - - enabled-failed - - disabling - - disabling-failed - DescribeFastLaunchImagesSuccessItem: - type: object - properties: - imageId: - allOf: - - $ref: '#/components/schemas/ImageId' - - description: The image ID that identifies the fast-launch enabled Windows image. - resourceType: - allOf: - - $ref: '#/components/schemas/FastLaunchResourceType' - - description: 'The resource type that is used for pre-provisioning the Windows AMI. Supported values include: snapshot.' - snapshotConfiguration: - allOf: - - $ref: '#/components/schemas/FastLaunchSnapshotConfigurationResponse' - - description: A group of parameters that are used for pre-provisioning the associated Windows AMI using snapshots. - launchTemplate: - allOf: - - $ref: '#/components/schemas/FastLaunchLaunchTemplateSpecificationResponse' - - description: The launch template that the fast-launch enabled Windows AMI uses when it launches Windows instances from pre-provisioned snapshots. - maxParallelLaunches: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The maximum number of parallel instances that are launched for creating resources. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The owner ID for the fast-launch enabled Windows AMI. - state: - allOf: - - $ref: '#/components/schemas/FastLaunchStateCode' - - description: The current state of faster launching for the specified Windows AMI. - stateTransitionReason: - allOf: - - $ref: '#/components/schemas/String' - - description: The reason that faster launching for the Windows AMI changed to the current state. - stateTransitionTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time that faster launching for the Windows AMI changed to the current state. - description: Describe details about a fast-launch enabled Windows image that meets the requested criteria. Criteria are defined by the DescribeFastLaunchImages action filters. - FastSnapshotRestoreStateCode: - type: string - enum: - - enabling - - optimizing - - enabled - - disabling - - disabled - DescribeFastSnapshotRestoreSuccessItem: - type: object - properties: - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the snapshot. - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone. - state: - allOf: - - $ref: '#/components/schemas/FastSnapshotRestoreStateCode' - - description: The state of fast snapshot restores. - stateTransitionReason: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The reason for the state transition. The possible values are as follows:

' - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that enabled fast snapshot restores on the snapshot. - ownerAlias: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services owner alias that enabled fast snapshot restores on the snapshot. This is intended for future use. - enablingTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time at which fast snapshot restores entered the enabling state. - optimizingTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time at which fast snapshot restores entered the optimizing state. - enabledTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time at which fast snapshot restores entered the enabled state. - disablingTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time at which fast snapshot restores entered the disabling state. - disabledTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time at which fast snapshot restores entered the disabled state. - description: Describes fast snapshot restores for a snapshot. - DescribeFastSnapshotRestoreSuccessSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/DescribeFastSnapshotRestoreSuccessItem' - - xml: - name: item - DescribeFastSnapshotRestoresMaxResults: - type: integer - minimum: 0 - maximum: 200 - DescribeFastSnapshotRestoresRequest: - type: object - title: DescribeFastSnapshotRestoresRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DescribeFleetError: - type: object - properties: - launchTemplateAndOverrides: - allOf: - - $ref: '#/components/schemas/LaunchTemplateAndOverridesResponse' - - description: The launch templates and overrides that were used for launching the instances. The values that you specify in the Overrides replace the values in the launch template. - lifecycle: - allOf: - - $ref: '#/components/schemas/InstanceLifecycle' - - description: Indicates if the instance that could not be launched was a Spot Instance or On-Demand Instance. - errorCode: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The error code that indicates why the instance could not be launched. For more information about error codes, see Error codes.' - errorMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The error message that describes why the instance could not be launched. For more information about error messages, see Error codes.' - description: Describes the instances that could not be launched by the fleet. - DescribeFleetHistoryRequest: - type: object - required: - - FleetId - - StartTime - title: DescribeFleetHistoryRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The start date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - HistoryRecordSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/HistoryRecordEntry' - - xml: - name: item - DescribeFleetInstancesRequest: - type: object - required: - - FleetId - title: DescribeFleetInstancesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/FleetId' - - description: The ID of the EC2 Fleet. - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description:

The filters.

- DescribeFleetsErrorSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/DescribeFleetError' - - xml: - name: item - DescribeFleetsInstances: - type: object - properties: - launchTemplateAndOverrides: - allOf: - - $ref: '#/components/schemas/LaunchTemplateAndOverridesResponse' - - description: The launch templates and overrides that were used for launching the instances. The values that you specify in the Overrides replace the values in the launch template. - lifecycle: - allOf: - - $ref: '#/components/schemas/InstanceLifecycle' - - description: Indicates if the instance that was launched is a Spot Instance or On-Demand Instance. - instanceIds: - allOf: - - $ref: '#/components/schemas/InstanceIdsSet' - - description: The IDs of the instances. - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: The instance type. - platform: - allOf: - - $ref: '#/components/schemas/PlatformValues' - - description: 'The value is Windows for Windows instances. Otherwise, the value is blank.' - description: Describes the instances that were launched by the fleet. - DescribeFleetsInstancesSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/DescribeFleetsInstances' - - xml: - name: item - FleetIdSet: - type: array - items: - $ref: '#/components/schemas/FleetId' - DescribeFleetsRequest: - type: object - title: DescribeFleetsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next set of results. - FleetId: - allOf: - - $ref: '#/components/schemas/FleetIdSet' - - description: '

The IDs of the EC2 Fleets.

If a fleet is of type instant, you must specify the fleet ID, otherwise it does not appear in the response.

' - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description:

The filters.

- FleetSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/FleetData' - - xml: - name: item - DescribeFlowLogsRequest: - type: object - title: DescribeFlowLogsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - FlowLogId: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next page of results. - FlowLogSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/FlowLog' - - xml: - name: item - FpgaImageAttributeName: - type: string - enum: - - description - - name - - loadPermission - - productCodes - DescribeFpgaImageAttributeRequest: - type: object - required: - - FpgaImageId - - Attribute - title: DescribeFpgaImageAttributeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/FpgaImageAttributeName' - - description: The AFI attribute. - FpgaImageAttribute: - type: object - properties: - fpgaImageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the AFI. - name: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the AFI. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the AFI. - loadPermissions: - allOf: - - $ref: '#/components/schemas/LoadPermissionList' - - description: The load permissions. - productCodes: - allOf: - - $ref: '#/components/schemas/ProductCodeList' - - description: The product codes. - description: Describes an Amazon FPGA image (AFI) attribute. - DescribeFpgaImagesMaxResults: - type: integer - minimum: 5 - maximum: 1000 - FpgaImageIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/FpgaImageId' - - xml: - name: item - OwnerStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: Owner - DescribeFpgaImagesRequest: - type: object - title: DescribeFpgaImagesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - FpgaImageId: - allOf: - - $ref: '#/components/schemas/FpgaImageIdList' - - description: The AFI IDs. - Owner: - allOf: - - $ref: '#/components/schemas/OwnerStringList' - - description: 'Filters the AFI by owner. Specify an Amazon Web Services account ID, self (owner is the sender of the request), or an Amazon Web Services owner alias (valid values are amazon | aws-marketplace).' - Filter: - allOf: - - $ref: '#/components/schemas/DescribeFpgaImagesMaxResults' - - description: The maximum number of results to return in a single call. - FpgaImageList: - type: array - items: - allOf: - - $ref: '#/components/schemas/FpgaImage' - - xml: - name: item - OfferingId: - type: string - DescribeHostReservationOfferingsRequest: - type: object - title: DescribeHostReservationOfferingsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/OfferingId' - - description: The ID of the reservation offering. - HostOfferingSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/HostOffering' - - xml: - name: item - DescribeHostReservationsMaxResults: - type: integer - minimum: 5 - maximum: 500 - DescribeHostReservationsRequest: - type: object - title: DescribeHostReservationsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. - HostReservationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/HostReservation' - - xml: - name: item - RequestHostIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/DedicatedHostId' - - xml: - name: item - DescribeHostsRequest: - type: object - title: DescribeHostsRequest - properties: - filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

The filters.

' - hostId: - allOf: - - $ref: '#/components/schemas/RequestHostIdList' - - description: The IDs of the Dedicated Hosts. The IDs are used for targeted instance launches. - maxResults: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.

You cannot specify this parameter and the host IDs parameter in the same request.

' - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to use to retrieve the next page of results. - HostList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Host' - - xml: - name: item - DescribeIamInstanceProfileAssociationsMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DescribeIamInstanceProfileAssociationsRequest: - type: object - title: DescribeIamInstanceProfileAssociationsRequest - properties: - AssociationId: - allOf: - - $ref: '#/components/schemas/AssociationIdList' - - description: The IAM instance profile associations. - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to request the next page of results. - IamInstanceProfileAssociationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/IamInstanceProfileAssociation' - - xml: - name: item - DescribeIdFormatRequest: - type: object - title: DescribeIdFormatRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway ' - DescribeIdentityIdFormatRequest: - type: object - required: - - PrincipalArn - title: DescribeIdentityIdFormatRequest - properties: - principalArn: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ARN of the principal, which can be an IAM role, IAM user, or the root user.' - resource: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway ' - DescribeImageAttributeRequest: - type: object - required: - - Attribute - - ImageId - title: DescribeImageAttributeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ImageId' - - description: The ID of the AMI. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for DescribeImageAttribute. - ExecutableByStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: ExecutableBy - ImageIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImageId' - - xml: - name: ImageId - DescribeImagesRequest: - type: object - title: DescribeImagesRequest - properties: - ExecutableBy: - allOf: - - $ref: '#/components/schemas/ExecutableByStringList' - - description: '

Scopes the images by users with explicit launch permissions. Specify an Amazon Web Services account ID, self (the sender of the request), or all (public AMIs).

' - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

The filters.

' - ImageId: - allOf: - - $ref: '#/components/schemas/ImageIdStringList' - - description: '

The image IDs.

Default: Describes all images available to you.

' - Owner: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

If true, all deprecated AMIs are included in the response. If false, no deprecated AMIs are included in the response. If no value is specified, the default value is false.

If you are the AMI owner, all deprecated AMIs appear in the response regardless of the value (true or false) that you set for this parameter.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ImageList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Image' - - xml: - name: item - DescribeImportImageTasksRequest: - type: object - title: DescribeImportImageTasksRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: 'Filter tasks using the task-state filter and one of the following values: active, completed, deleting, or deleted.' - ImportTaskId: - allOf: - - $ref: '#/components/schemas/String' - - description: A token that indicates the next page of results. - ImportImageTaskList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImportImageTask' - - xml: - name: item - DescribeImportSnapshotTasksRequest: - type: object - title: DescribeImportSnapshotTasksRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: The filters. - ImportTaskId: - allOf: - - $ref: '#/components/schemas/String' - - description: A token that indicates the next page of results. - ImportSnapshotTaskList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImportSnapshotTask' - - xml: - name: item - InstanceAttributeName: - type: string - enum: - - instanceType - - kernel - - ramdisk - - userData - - disableApiTermination - - instanceInitiatedShutdownBehavior - - rootDeviceName - - blockDeviceMapping - - productCodes - - sourceDestCheck - - groupSet - - ebsOptimized - - sriovNetSupport - - enaSupport - - enclaveOptions - DescribeInstanceAttributeRequest: - type: object - required: - - Attribute - - InstanceId - title: DescribeInstanceAttributeRequest - properties: - attribute: - allOf: - - $ref: '#/components/schemas/InstanceAttributeName' - - description: '

The instance attribute.

Note: The enaSupport attribute is not supported at this time.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - instanceId: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: The ID of the instance. - DescribeInstanceCreditSpecificationsMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DescribeInstanceCreditSpecificationsRequest: - type: object - title: DescribeInstanceCreditSpecificationsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description:

The filters.

- InstanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to retrieve the next page of results. - InstanceCreditSpecificationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceCreditSpecification' - - xml: - name: item - DescribeInstanceEventNotificationAttributesRequest: - type: object - title: DescribeInstanceEventNotificationAttributesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - InstanceEventWindowIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowId' - - xml: - name: InstanceEventWindowId - DescribeInstanceEventWindowsRequest: - type: object - title: DescribeInstanceEventWindowsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - InstanceEventWindowId: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowIdSet' - - description: The IDs of the event windows. - Filter: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to request the next page of results. - description: Describe instance event windows by InstanceEventWindow. - InstanceEventWindowSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceEventWindow' - - xml: - name: item - DescribeInstanceStatusRequest: - type: object - title: DescribeInstanceStatusRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

The filters.

' - InstanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to retrieve the next page of results. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - includeAllInstances: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

When true, includes the health status for all instances. When false, includes the health status for running instances only.

Default: false

' - InstanceStatusList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceStatus' - - xml: - name: item - LocationType: - type: string - enum: - - region - - availability-zone - - availability-zone-id - DescribeInstanceTypeOfferingsRequest: - type: object - title: DescribeInstanceTypeOfferingsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LocationType' - - description: The location type. - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to retrieve the next page of results. - InstanceTypeOfferingsList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceTypeOffering' - - xml: - name: item - RequestInstanceTypeList: - type: array - items: - $ref: '#/components/schemas/InstanceType' - minItems: 0 - maxItems: 100 - DescribeInstanceTypesRequest: - type: object - title: DescribeInstanceTypesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - InstanceType: - allOf: - - $ref: '#/components/schemas/RequestInstanceTypeList' - - description: 'The instance types. For more information, see Instance types in the Amazon EC2 User Guide.' - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token to retrieve the next page of results. - InstanceTypeInfoList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceTypeInfo' - - xml: - name: item - DescribeInstancesRequest: - type: object - title: DescribeInstancesRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

The filters.

' - InstanceId: - allOf: - - $ref: '#/components/schemas/InstanceIdStringList' - - description: '

The instance IDs.

Default: Describes all your instances.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - maxResults: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 5 and 1000. You cannot specify this parameter and the instance IDs parameter in the same call.' - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to request the next page of results. - ReservationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Reservation' - - xml: - name: item - DescribeInternetGatewaysMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DescribeInternetGatewaysRequest: - type: object - title: DescribeInternetGatewaysRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - internetGatewayId: - allOf: - - $ref: '#/components/schemas/DescribeInternetGatewaysMaxResults' - - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - InternetGatewayList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InternetGateway' - - xml: - name: item - DescribeIpamPoolsRequest: - type: object - title: DescribeIpamPoolsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - IpamPoolId: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The IDs of the IPAM pools you would like information on. - IpamPoolSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpamPool' - - xml: - name: item - DescribeIpamScopesRequest: - type: object - title: DescribeIpamScopesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - IpamScopeId: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The IDs of the scopes you want information on. - IpamScopeSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpamScope' - - xml: - name: item - DescribeIpamsRequest: - type: object - title: DescribeIpamsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - IpamId: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The IDs of the IPAMs you want information on. - IpamSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipam' - - xml: - name: item - DescribeIpv6PoolsRequest: - type: object - title: DescribeIpv6PoolsRequest - properties: - PoolId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - Ipv6PoolSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv6Pool' - - xml: - name: item - KeyNameStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/KeyPairName' - - xml: - name: KeyName - KeyPairIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/KeyPairId' - - xml: - name: KeyPairId - DescribeKeyPairsRequest: - type: object - title: DescribeKeyPairsRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

The filters.

' - KeyName: - allOf: - - $ref: '#/components/schemas/KeyNameStringList' - - description: '

The key pair names.

Default: Describes all of your key pairs.

' - KeyPairId: - allOf: - - $ref: '#/components/schemas/KeyPairIdStringList' - - description: The IDs of the key pairs. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

If true, the public key material is included in the response.

Default: false

' - KeyPairList: - type: array - items: - allOf: - - $ref: '#/components/schemas/KeyPairInfo' - - xml: - name: item - DescribeLaunchTemplateVersionsRequest: - type: object - title: DescribeLaunchTemplateVersionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LaunchTemplateName' - - description: 'The name of the launch template. To describe one or more versions of a specified launch template, you must specify either the launch template ID or the launch template name in the request. To describe all the latest or default launch template versions in your account, you must omit this parameter.' - LaunchTemplateVersion: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 1 and 200.' - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description:

One or more filters.

- LaunchTemplateVersionSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateVersion' - - xml: - name: item - DescribeLaunchTemplatesMaxResults: - type: integer - minimum: 1 - maximum: 200 - LaunchTemplateIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateId' - - xml: - name: item - LaunchTemplateNameStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateName' - - xml: - name: item - DescribeLaunchTemplatesRequest: - type: object - title: DescribeLaunchTemplatesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - LaunchTemplateId: - allOf: - - $ref: '#/components/schemas/LaunchTemplateIdStringList' - - description: One or more launch template IDs. - LaunchTemplateName: - allOf: - - $ref: '#/components/schemas/LaunchTemplateNameStringList' - - description: One or more launch template names. - Filter: - allOf: - - $ref: '#/components/schemas/DescribeLaunchTemplatesMaxResults' - - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 1 and 200.' - LaunchTemplateSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplate' - - xml: - name: item - LocalGatewayRouteTableVirtualInterfaceGroupAssociationIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableVirtualInterfaceGroupAssociationId' - - xml: - name: item - DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest: - type: object - title: DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest - properties: - LocalGatewayRouteTableVirtualInterfaceGroupAssociationId: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableVirtualInterfaceGroupAssociationIdSet' - - description: The IDs of the associations. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - LocalGatewayRouteTableVirtualInterfaceGroupAssociationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableVirtualInterfaceGroupAssociation' - - xml: - name: item - LocalGatewayRouteTableVpcAssociationIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociationId' - - xml: - name: item - DescribeLocalGatewayRouteTableVpcAssociationsRequest: - type: object - title: DescribeLocalGatewayRouteTableVpcAssociationsRequest - properties: - LocalGatewayRouteTableVpcAssociationId: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociationIdSet' - - description: The IDs of the associations. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - LocalGatewayRouteTableVpcAssociationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociation' - - xml: - name: item - LocalGatewayRouteTableIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayRoutetableId' - - xml: - name: item - DescribeLocalGatewayRouteTablesRequest: - type: object - title: DescribeLocalGatewayRouteTablesRequest - properties: - LocalGatewayRouteTableId: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableIdSet' - - description: The IDs of the local gateway route tables. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - LocalGatewayRouteTableSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTable' - - xml: - name: item - LocalGatewayVirtualInterfaceGroupIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroupId' - - xml: - name: item - DescribeLocalGatewayVirtualInterfaceGroupsRequest: - type: object - title: DescribeLocalGatewayVirtualInterfaceGroupsRequest - properties: - LocalGatewayVirtualInterfaceGroupId: - allOf: - - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroupIdSet' - - description: The IDs of the virtual interface groups. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - LocalGatewayVirtualInterfaceGroupSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroup' - - xml: - name: item - LocalGatewayVirtualInterfaceIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceId' - - xml: - name: item - DescribeLocalGatewayVirtualInterfacesRequest: - type: object - title: DescribeLocalGatewayVirtualInterfacesRequest - properties: - LocalGatewayVirtualInterfaceId: - allOf: - - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceIdSet' - - description: The IDs of the virtual interfaces. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - LocalGatewayVirtualInterfaceSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayVirtualInterface' - - xml: - name: item - LocalGatewayIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayId' - - xml: - name: item - DescribeLocalGatewaysRequest: - type: object - title: DescribeLocalGatewaysRequest - properties: - LocalGatewayId: - allOf: - - $ref: '#/components/schemas/LocalGatewayIdSet' - - description: The IDs of the local gateways. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - LocalGatewaySet: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGateway' - - xml: - name: item - DescribeManagedPrefixListsRequest: - type: object - title: DescribeManagedPrefixListsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - PrefixListId: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: One or more prefix list IDs. - ManagedPrefixListSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ManagedPrefixList' - - xml: - name: item - DescribeMovingAddressesMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DescribeMovingAddressesRequest: - type: object - title: DescribeMovingAddressesRequest - properties: - filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description:

One or more filters.

- dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - maxResults: - allOf: - - $ref: '#/components/schemas/DescribeMovingAddressesMaxResults' - - description: '

The maximum number of results to return for the request in a single page. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. This value can be between 5 and 1000; if MaxResults is given a value outside of this range, an error is returned.

Default: If no value is provided, the default is 1000.

' - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next page of results. - publicIp: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: One or more Elastic IP addresses. - MovingAddressStatusSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/MovingAddressStatus' - - xml: - name: item - DescribeNatGatewaysMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DescribeNatGatewaysRequest: - type: object - title: DescribeNatGatewaysRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/DescribeNatGatewaysMaxResults' - - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - NatGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next page of results. - NatGatewayList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NatGateway' - - xml: - name: item - DescribeNetworkAclsMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DescribeNetworkAclsRequest: - type: object - title: DescribeNetworkAclsRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - NetworkAclId: - allOf: - - $ref: '#/components/schemas/DescribeNetworkAclsMaxResults' - - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - NetworkAclList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkAcl' - - xml: - name: item - DescribeNetworkInsightsAccessScopeAnalysesRequest: - type: object - title: DescribeNetworkInsightsAccessScopeAnalysesRequest - properties: - NetworkInsightsAccessScopeAnalysisId: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: Filters the results based on the start time. The analysis must have started on or before this time. - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - NetworkInsightsAccessScopeAnalysisList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysis' - - xml: - name: item - NetworkInsightsAccessScopeIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' - - xml: - name: item - DescribeNetworkInsightsAccessScopesRequest: - type: object - title: DescribeNetworkInsightsAccessScopesRequest - properties: - NetworkInsightsAccessScopeId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeIdList' - - description: The IDs of the Network Access Scopes. - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - NetworkInsightsAccessScopeList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScope' - - xml: - name: item - DescribeNetworkInsightsAnalysesRequest: - type: object - title: DescribeNetworkInsightsAnalysesRequest - properties: - NetworkInsightsAnalysisId: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time when the network insights analyses ended. - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - NetworkInsightsAnalysisList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAnalysis' - - xml: - name: item - NetworkInsightsPathIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInsightsPathId' - - xml: - name: item - DescribeNetworkInsightsPathsRequest: - type: object - title: DescribeNetworkInsightsPathsRequest - properties: - NetworkInsightsPathId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsPathIdList' - - description: The IDs of the paths. - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - NetworkInsightsPathList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInsightsPath' - - xml: - name: item - NetworkInterfaceAttribute: - type: string - enum: - - description - - groupSet - - sourceDestCheck - - attachment - DescribeNetworkInterfaceAttributeRequest: - type: object - required: - - NetworkInterfaceId - title: DescribeNetworkInterfaceAttributeRequest - properties: - attribute: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceAttribute' - - description: The attribute of the network interface. This parameter is required. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - description: The ID of the network interface. - description: Contains the parameters for DescribeNetworkInterfaceAttribute. - NetworkInterfaceAttachment: - type: object - properties: - attachTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The timestamp indicating when the attachment initiated. - attachmentId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network interface attachment. - deleteOnTermination: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the network interface is deleted when the instance is terminated. - deviceIndex: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The device index of the network interface attachment on the instance. - networkCardIndex: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The index of the network card. - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - instanceOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID of the owner of the instance. - status: - allOf: - - $ref: '#/components/schemas/AttachmentStatus' - - description: The attachment state. - description: Describes a network interface attachment. - DescribeNetworkInterfacePermissionsMaxResults: - type: integer - minimum: 5 - maximum: 255 - NetworkInterfacePermissionIdList: - type: array - items: - $ref: '#/components/schemas/NetworkInterfacePermissionId' - DescribeNetworkInterfacePermissionsRequest: - type: object - title: DescribeNetworkInterfacePermissionsRequest - properties: - NetworkInterfacePermissionId: - allOf: - - $ref: '#/components/schemas/NetworkInterfacePermissionIdList' - - description: One or more network interface permission IDs. - Filter: - allOf: - - $ref: '#/components/schemas/DescribeNetworkInterfacePermissionsMaxResults' - - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. If this parameter is not specified, up to 50 results are returned by default.' - description: Contains the parameters for DescribeNetworkInterfacePermissions. - NetworkInterfacePermissionList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInterfacePermission' - - xml: - name: item - DescribeNetworkInterfacesMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DescribeNetworkInterfacesRequest: - type: object - title: DescribeNetworkInterfacesRequest - properties: - filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - NetworkInterfaceId: - allOf: - - $ref: '#/components/schemas/DescribeNetworkInterfacesMaxResults' - - description: The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results. You cannot specify this parameter and the network interface IDs parameter in the same request. - description: Contains the parameters for DescribeNetworkInterfaces. - NetworkInterfaceList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInterface' - - xml: - name: item - PlacementGroupStringList: - type: array - items: - $ref: '#/components/schemas/PlacementGroupName' - PlacementGroupIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/PlacementGroupId' - - xml: - name: GroupId - DescribePlacementGroupsRequest: - type: object - title: DescribePlacementGroupsRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

The filters.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - groupName: - allOf: - - $ref: '#/components/schemas/PlacementGroupStringList' - - description: '

The names of the placement groups.

Default: Describes all your placement groups, or only those otherwise specified.

' - GroupId: - allOf: - - $ref: '#/components/schemas/PlacementGroupIdStringList' - - description: The IDs of the placement groups. - PlacementGroupList: - type: array - items: - allOf: - - $ref: '#/components/schemas/PlacementGroup' - - xml: - name: item - PrefixListResourceIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/PrefixListResourceId' - - xml: - name: item - DescribePrefixListsRequest: - type: object - title: DescribePrefixListsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next page of results. - PrefixListId: - allOf: - - $ref: '#/components/schemas/PrefixListResourceIdStringList' - - description: One or more prefix list IDs. - PrefixListSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/PrefixList' - - xml: - name: item - DescribePrincipalIdFormatMaxResults: - type: integer - minimum: 1 - maximum: 1000 - DescribePrincipalIdFormatRequest: - type: object - title: DescribePrincipalIdFormatRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Resource: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to request the next page of results. - PrincipalIdFormatList: - type: array - items: - allOf: - - $ref: '#/components/schemas/PrincipalIdFormat' - - xml: - name: item - PoolMaxResults: - type: integer - minimum: 1 - maximum: 10 - DescribePublicIpv4PoolsRequest: - type: object - title: DescribePublicIpv4PoolsRequest - properties: - PoolId: - allOf: - - $ref: '#/components/schemas/PoolMaxResults' - - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - PublicIpv4PoolSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/PublicIpv4Pool' - - xml: - name: item - RegionNameStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: RegionName - DescribeRegionsRequest: - type: object - title: DescribeRegionsRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

The filters.

' - RegionName: - allOf: - - $ref: '#/components/schemas/RegionNameStringList' - - description: 'The names of the Regions. You can specify any Regions, whether they are enabled and disabled for your account.' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Indicates whether to display all Regions, including Regions that are disabled for your account.' - RegionList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Region' - - xml: - name: item - DescribeReplaceRootVolumeTasksMaxResults: - type: integer - minimum: 1 - maximum: 50 - ReplaceRootVolumeTaskIds: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReplaceRootVolumeTaskId' - - xml: - name: ReplaceRootVolumeTaskId - DescribeReplaceRootVolumeTasksRequest: - type: object - title: DescribeReplaceRootVolumeTasksRequest - properties: - ReplaceRootVolumeTaskId: - allOf: - - $ref: '#/components/schemas/ReplaceRootVolumeTaskIds' - - description: The ID of the root volume replacement task to view. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ReplaceRootVolumeTasks: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReplaceRootVolumeTask' - - xml: - name: item - DescribeReservedInstancesListingsRequest: - type: object - title: DescribeReservedInstancesListingsRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description:

One or more filters.

- reservedInstancesId: - allOf: - - $ref: '#/components/schemas/ReservationId' - - description: One or more Reserved Instance IDs. - reservedInstancesListingId: - allOf: - - $ref: '#/components/schemas/ReservedInstancesListingId' - - description: One or more Reserved Instance listing IDs. - description: Contains the parameters for DescribeReservedInstancesListings. - ReservedInstancesModificationIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservedInstancesModificationId' - - xml: - name: ReservedInstancesModificationId - DescribeReservedInstancesModificationsRequest: - type: object - title: DescribeReservedInstancesModificationsRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description:

One or more filters.

- ReservedInstancesModificationId: - allOf: - - $ref: '#/components/schemas/ReservedInstancesModificationIdStringList' - - description: IDs for the submitted modification request. - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to retrieve the next page of results. - description: Contains the parameters for DescribeReservedInstancesModifications. - ReservedInstancesModificationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservedInstancesModification' - - xml: - name: item - RIProductDescription: - type: string - enum: - - Linux/UNIX - - Linux/UNIX (Amazon VPC) - - Windows - - Windows (Amazon VPC) - ReservedInstancesOfferingIdStringList: - type: array - items: - $ref: '#/components/schemas/ReservedInstancesOfferingId' - OfferingTypeValues: - type: string - enum: - - Heavy Utilization - - Medium Utilization - - Light Utilization - - No Upfront - - Partial Upfront - - All Upfront - DescribeReservedInstancesOfferingsRequest: - type: object - title: DescribeReservedInstancesOfferingsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone in which the Reserved Instance can be used. - Filter: - allOf: - - $ref: '#/components/schemas/RIProductDescription' - - description: The Reserved Instance product platform description. Instances that include (Amazon VPC) in the description are for use with Amazon VPC. - ReservedInstancesOfferingId: - allOf: - - $ref: '#/components/schemas/ReservedInstancesOfferingIdStringList' - - description: One or more Reserved Instances offering IDs. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - instanceTenancy: - allOf: - - $ref: '#/components/schemas/Tenancy' - - description: '

The tenancy of the instances covered by the reservation. A Reserved Instance with a tenancy of dedicated is applied to instances that run in a VPC on single-tenant hardware (i.e., Dedicated Instances).

Important: The host value cannot be used with this parameter. Use the default or dedicated values only.

Default: default

' - maxResults: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The maximum number of results to return for the request in a single page. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. The maximum is 100.

Default: 100

' - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to retrieve the next page of results. - offeringType: - allOf: - - $ref: '#/components/schemas/OfferingTypeValues' - - description: 'The Reserved Instance offering type. If you are using tools that predate the 2011-11-01 API version, you only have access to the Medium Utilization Reserved Instance offering type. ' - description: Contains the parameters for DescribeReservedInstancesOfferings. - ReservedInstancesOfferingList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservedInstancesOffering' - - xml: - name: item - OfferingClassType: - type: string - enum: - - standard - - convertible - ReservedInstancesIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservationId' - - xml: - name: ReservedInstancesId - DescribeReservedInstancesRequest: - type: object - title: DescribeReservedInstancesRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/OfferingClassType' - - description: Describes whether the Reserved Instance is Standard or Convertible. - ReservedInstancesId: - allOf: - - $ref: '#/components/schemas/ReservedInstancesIdStringList' - - description: '

One or more Reserved Instance IDs.

Default: Describes all your Reserved Instances, or only those otherwise specified.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - offeringType: - allOf: - - $ref: '#/components/schemas/OfferingTypeValues' - - description: 'The Reserved Instance offering type. If you are using tools that predate the 2011-11-01 API version, you only have access to the Medium Utilization Reserved Instance offering type.' - description: Contains the parameters for DescribeReservedInstances. - ReservedInstancesList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservedInstances' - - xml: - name: item - DescribeRouteTablesMaxResults: - type: integer - minimum: 5 - maximum: 100 - DescribeRouteTablesRequest: - type: object - title: DescribeRouteTablesRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - RouteTableId: - allOf: - - $ref: '#/components/schemas/DescribeRouteTablesMaxResults' - - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - RouteTableList: - type: array - items: - allOf: - - $ref: '#/components/schemas/RouteTable' - - xml: - name: item - DescribeScheduledInstanceAvailabilityMaxResults: - type: integer - minimum: 5 - maximum: 300 - ScheduledInstanceRecurrenceRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The interval quantity. The interval unit depends on the value of Frequency. For example, every 2 weeks or every 2 months.' - OccurrenceDay: - allOf: - - $ref: '#/components/schemas/String' - - description: The unit for OccurrenceDays (DayOfWeek or DayOfMonth). This value is required for a monthly schedule. You can't specify DayOfWeek with a weekly schedule. You can't specify this value with a daily schedule. - description: Describes the recurring schedule for a Scheduled Instance. - DescribeScheduledInstanceAvailabilityRequest: - type: object - required: - - FirstSlotStartTimeRange - - Recurrence - title: DescribeScheduledInstanceAvailabilityRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/ScheduledInstanceRecurrenceRequest' - - description: The schedule recurrence. - description: Contains the parameters for DescribeScheduledInstanceAvailability. - ScheduledInstanceAvailabilitySet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ScheduledInstanceAvailability' - - xml: - name: item - SlotStartTimeRangeRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The latest date and time, in UTC, for the Scheduled Instance to start.' - description: Describes the time period for a Scheduled Instance to start its first schedule. - DescribeScheduledInstancesRequest: - type: object - title: DescribeScheduledInstancesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next set of results. - ScheduledInstanceId: - allOf: - - $ref: '#/components/schemas/SlotStartTimeRangeRequest' - - description: The time period for the first schedule to start. - description: Contains the parameters for DescribeScheduledInstances. - ScheduledInstanceSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ScheduledInstance' - - xml: - name: item - GroupIds: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: item - DescribeSecurityGroupReferencesRequest: - type: object - required: - - GroupId - title: DescribeSecurityGroupReferencesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/GroupIds' - - description: The IDs of the security groups in your account. - SecurityGroupReferences: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupReference' - - xml: - name: item - DescribeSecurityGroupRulesMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DescribeSecurityGroupRulesRequest: - type: object - title: DescribeSecurityGroupRulesRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - SecurityGroupRuleId: - allOf: - - $ref: '#/components/schemas/DescribeSecurityGroupRulesMaxResults' - - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another request with the returned NextToken value. This value can be between 5 and 1000. If this parameter is not specified, then all results are returned.' - DescribeSecurityGroupsMaxResults: - type: integer - minimum: 5 - maximum: 1000 - GroupNameStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupName' - - xml: - name: GroupName - DescribeSecurityGroupsRequest: - type: object - title: DescribeSecurityGroupsRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

The filters. If using multiple filters for rules, the results include security groups for which any combination of rules - not necessarily a single rule - match all filters.

' - GroupId: - allOf: - - $ref: '#/components/schemas/GroupIdStringList' - - description: '

The IDs of the security groups. Required for security groups in a nondefault VPC.

Default: Describes all of your security groups.

' - GroupName: - allOf: - - $ref: '#/components/schemas/GroupNameStringList' - - description: '

[EC2-Classic and default VPC only] The names of the security groups. You can specify either the security group name or the security group ID. For security groups in a nondefault VPC, use the group-name filter to describe security groups by name.

Default: Describes all of your security groups.

' - dryRun: - allOf: - - $ref: '#/components/schemas/DescribeSecurityGroupsMaxResults' - - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another request with the returned NextToken value. This value can be between 5 and 1000. If this parameter is not specified, then all results are returned.' - SecurityGroupList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroup' - - xml: - name: item - DescribeSnapshotAttributeRequest: - type: object - required: - - Attribute - - SnapshotId - title: DescribeSnapshotAttributeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/SnapshotId' - - description: The ID of the EBS snapshot. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ProductCodeList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ProductCode' - - xml: - name: item - DescribeSnapshotTierStatusMaxResults: - type: integer - DescribeSnapshotTierStatusRequest: - type: object - title: DescribeSnapshotTierStatusRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/DescribeSnapshotTierStatusMaxResults' - - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - snapshotTierStatusSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/SnapshotTierStatus' - - xml: - name: item - RestorableByStringList: - type: array - items: - $ref: '#/components/schemas/String' - SnapshotIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SnapshotId' - - xml: - name: SnapshotId - DescribeSnapshotsRequest: - type: object - title: DescribeSnapshotsRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/String' - - description: The NextToken value returned from a previous paginated DescribeSnapshots request where MaxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the NextToken value. This value is null when there are no more results to return. - Owner: - allOf: - - $ref: '#/components/schemas/OwnerStringList' - - description: 'Scopes the results to snapshots with the specified owners. You can specify a combination of Amazon Web Services account IDs, self, and amazon.' - RestorableBy: - allOf: - - $ref: '#/components/schemas/RestorableByStringList' - - description: The IDs of the Amazon Web Services accounts that can create volumes from the snapshot. - SnapshotId: - allOf: - - $ref: '#/components/schemas/SnapshotIdStringList' - - description: '

The snapshot IDs.

Default: Describes the snapshots for which you have create volume permissions.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - SnapshotList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Snapshot' - - xml: - name: item - DescribeSpotDatafeedSubscriptionRequest: - type: object - title: DescribeSpotDatafeedSubscriptionRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for DescribeSpotDatafeedSubscription. - DescribeSpotFleetInstancesMaxResults: - type: integer - minimum: 1 - maximum: 1000 - DescribeSpotFleetInstancesRequest: - type: object - required: - - SpotFleetRequestId - title: DescribeSpotFleetInstancesRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - maxResults: - allOf: - - $ref: '#/components/schemas/DescribeSpotFleetInstancesMaxResults' - - description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next set of results. - spotFleetRequestId: - allOf: - - $ref: '#/components/schemas/SpotFleetRequestId' - - description: The ID of the Spot Fleet request. - description: Contains the parameters for DescribeSpotFleetInstances. - DescribeSpotFleetRequestHistoryMaxResults: - type: integer - minimum: 1 - maximum: 1000 - EventType: - type: string - enum: - - instanceChange - - fleetRequestChange - - error - - information - DescribeSpotFleetRequestHistoryRequest: - type: object - required: - - SpotFleetRequestId - - StartTime - title: DescribeSpotFleetRequestHistoryRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - eventType: - allOf: - - $ref: '#/components/schemas/EventType' - - description: 'The type of events to describe. By default, all events are described.' - maxResults: - allOf: - - $ref: '#/components/schemas/DescribeSpotFleetRequestHistoryMaxResults' - - description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next set of results. - spotFleetRequestId: - allOf: - - $ref: '#/components/schemas/SpotFleetRequestId' - - description: The ID of the Spot Fleet request. - startTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The starting date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - description: Contains the parameters for DescribeSpotFleetRequestHistory. - HistoryRecords: - type: array - items: - allOf: - - $ref: '#/components/schemas/HistoryRecord' - - xml: - name: item - DescribeSpotFleetRequestsRequest: - type: object - title: DescribeSpotFleetRequestsRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - maxResults: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next set of results. - spotFleetRequestId: - allOf: - - $ref: '#/components/schemas/SpotFleetRequestIdList' - - description: The IDs of the Spot Fleet requests. - description: Contains the parameters for DescribeSpotFleetRequests. - SpotFleetRequestConfigSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/SpotFleetRequestConfig' - - xml: - name: item - DescribeSpotInstanceRequestsRequest: - type: object - title: DescribeSpotInstanceRequestsRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - SpotInstanceRequestId: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum number of results to return in a single call. Specify a value between 5 and 1000. To retrieve the remaining results, make another call with the returned NextToken value.' - description: Contains the parameters for DescribeSpotInstanceRequests. - SpotInstanceRequestList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SpotInstanceRequest' - - xml: - name: item - InstanceTypeList: - type: array - items: - $ref: '#/components/schemas/InstanceType' - ProductDescriptionList: - type: array - items: - $ref: '#/components/schemas/String' - DescribeSpotPriceHistoryRequest: - type: object - title: DescribeSpotPriceHistoryRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: Filters the results by the specified Availability Zone. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - endTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The date and time, up to the current date, from which to stop retrieving the price history data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - InstanceType: - allOf: - - $ref: '#/components/schemas/InstanceTypeList' - - description: Filters the results by the specified instance types. - maxResults: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next set of results. - ProductDescription: - allOf: - - $ref: '#/components/schemas/ProductDescriptionList' - - description: Filters the results by the specified basic product descriptions. - startTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The date and time, up to the past 90 days, from which to start retrieving the price history data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - description: Contains the parameters for DescribeSpotPriceHistory. - SpotPriceHistoryList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SpotPrice' - - xml: - name: item - DescribeStaleSecurityGroupsMaxResults: - type: integer - minimum: 5 - maximum: 255 - DescribeStaleSecurityGroupsNextToken: - type: string - minLength: 1 - maxLength: 1024 - DescribeStaleSecurityGroupsRequest: - type: object - required: - - VpcId - title: DescribeStaleSecurityGroupsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - StaleSecurityGroupSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/StaleSecurityGroup' - - xml: - name: item - DescribeStoreImageTasksRequestMaxResults: - type: integer - minimum: 1 - maximum: 200 - DescribeStoreImageTasksRequest: - type: object - title: DescribeStoreImageTasksRequest - properties: - ImageId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/DescribeStoreImageTasksRequestMaxResults' - - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 1 and 200. You cannot specify this parameter and the ImageIDs parameter in the same call.' - StoreImageTaskResultSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/StoreImageTaskResult' - - xml: - name: item - DescribeSubnetsMaxResults: - type: integer - minimum: 5 - maximum: 1000 - SubnetIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SubnetId' - - xml: - name: SubnetId - DescribeSubnetsRequest: - type: object - title: DescribeSubnetsRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - SubnetId: - allOf: - - $ref: '#/components/schemas/SubnetIdStringList' - - description: '

One or more subnet IDs.

Default: Describes all your subnets.

' - dryRun: - allOf: - - $ref: '#/components/schemas/DescribeSubnetsMaxResults' - - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - SubnetList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Subnet' - - xml: - name: item - DescribeTagsRequest: - type: object - title: DescribeTagsRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

The filters.

' - maxResults: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum number of results to return in a single call. This value can be between 5 and 1000. To retrieve the remaining results, make another call with the returned NextToken value.' - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to retrieve the next page of results. - TagDescriptionList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TagDescription' - - xml: - name: item - DescribeTrafficMirrorFiltersRequest: - type: object - title: DescribeTrafficMirrorFiltersRequest - properties: - TrafficMirrorFilterId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - TrafficMirrorFilterSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrafficMirrorFilter' - - xml: - name: item - DescribeTrafficMirrorSessionsRequest: - type: object - title: DescribeTrafficMirrorSessionsRequest - properties: - TrafficMirrorSessionId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - TrafficMirrorSessionSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrafficMirrorSession' - - xml: - name: item - DescribeTrafficMirrorTargetsRequest: - type: object - title: DescribeTrafficMirrorTargetsRequest - properties: - TrafficMirrorTargetId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - TrafficMirrorTargetSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrafficMirrorTarget' - - xml: - name: item - TransitGatewayAttachmentIdStringList: - type: array - items: - $ref: '#/components/schemas/TransitGatewayAttachmentId' - DescribeTransitGatewayAttachmentsRequest: - type: object - title: DescribeTransitGatewayAttachmentsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentIdStringList' - - description: The IDs of the attachments. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayAttachmentList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachment' - - xml: - name: item - TransitGatewayConnectPeerIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayConnectPeerId' - - xml: - name: item - DescribeTransitGatewayConnectPeersRequest: - type: object - title: DescribeTransitGatewayConnectPeersRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayConnectPeerIdStringList' - - description: The IDs of the Connect peers. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayConnectPeerList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayConnectPeer' - - xml: - name: item - DescribeTransitGatewayConnectsRequest: - type: object - title: DescribeTransitGatewayConnectsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentIdStringList' - - description: The IDs of the attachments. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayConnectList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayConnect' - - xml: - name: item - TransitGatewayMulticastDomainIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDomainId' - - xml: - name: item - DescribeTransitGatewayMulticastDomainsRequest: - type: object - title: DescribeTransitGatewayMulticastDomainsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDomainIdStringList' - - description: The ID of the transit gateway multicast domain. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayMulticastDomainList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDomain' - - xml: - name: item - DescribeTransitGatewayPeeringAttachmentsRequest: - type: object - title: DescribeTransitGatewayPeeringAttachmentsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentIdStringList' - - description: One or more IDs of the transit gateway peering attachments. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayPeeringAttachmentList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayPeeringAttachment' - - xml: - name: item - TransitGatewayRouteTableIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableId' - - xml: - name: item - DescribeTransitGatewayRouteTablesRequest: - type: object - title: DescribeTransitGatewayRouteTablesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableIdStringList' - - description: The IDs of the transit gateway route tables. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayRouteTableList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTable' - - xml: - name: item - DescribeTransitGatewayVpcAttachmentsRequest: - type: object - title: DescribeTransitGatewayVpcAttachmentsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentIdStringList' - - description: The IDs of the attachments. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayVpcAttachmentList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayVpcAttachment' - - xml: - name: item - TransitGatewayIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayId' - - xml: - name: item - DescribeTransitGatewaysRequest: - type: object - title: DescribeTransitGatewaysRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayIdStringList' - - description: The IDs of the transit gateways. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGateway' - - xml: - name: item - DescribeTrunkInterfaceAssociationsMaxResults: - type: integer - minimum: 5 - maximum: 255 - DescribeTrunkInterfaceAssociationsRequest: - type: object - title: DescribeTrunkInterfaceAssociationsRequest - properties: - AssociationId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/DescribeTrunkInterfaceAssociationsMaxResults' - - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - TrunkInterfaceAssociationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrunkInterfaceAssociation' - - xml: - name: item - DescribeVolumeAttributeRequest: - type: object - required: - - Attribute - - VolumeId - title: DescribeVolumeAttributeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VolumeId' - - description: The ID of the volume. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - VolumeIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VolumeId' - - xml: - name: VolumeId - DescribeVolumeStatusRequest: - type: object - title: DescribeVolumeStatusRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The NextToken value to include in a future DescribeVolumeStatus request. When the results of the request exceed MaxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.' - VolumeId: - allOf: - - $ref: '#/components/schemas/VolumeIdStringList' - - description: '

The IDs of the volumes.

Default: Describes all your volumes.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - VolumeStatusList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VolumeStatusItem' - - xml: - name: item - DescribeVolumesModificationsRequest: - type: object - title: DescribeVolumesModificationsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - VolumeId: - allOf: - - $ref: '#/components/schemas/VolumeIdStringList' - - description: The IDs of the volumes. - Filter: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The maximum number of results (up to a limit of 500) to be returned in a paginated request. - VolumeModificationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VolumeModification' - - xml: - name: item - DescribeVolumesRequest: - type: object - title: DescribeVolumesRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

The filters.

' - VolumeId: - allOf: - - $ref: '#/components/schemas/VolumeIdStringList' - - description: The volume IDs. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - maxResults: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum number of volume results returned by DescribeVolumes in paginated output. When this parameter is used, DescribeVolumes only returns MaxResults results in a single page along with a NextToken response element. The remaining results of the initial request can be seen by sending another DescribeVolumes request with the returned NextToken value. This value can be between 5 and 500; if MaxResults is given a value larger than 500, only 500 results are returned. If this parameter is not used, then DescribeVolumes returns all results. You cannot specify this parameter and the volume IDs parameter in the same request.' - nextToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The NextToken value returned from a previous paginated DescribeVolumes request where MaxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the NextToken value. This value is null when there are no more results to return. - VolumeList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Volume' - - xml: - name: item - DescribeVpcAttributeRequest: - type: object - required: - - Attribute - - VpcId - title: DescribeVpcAttributeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DescribeVpcClassicLinkDnsSupportMaxResults: - type: integer - minimum: 5 - maximum: 255 - DescribeVpcClassicLinkDnsSupportNextToken: - type: string - minLength: 1 - maxLength: 1024 - VpcClassicLinkIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcId' - - xml: - name: VpcId - DescribeVpcClassicLinkDnsSupportRequest: - type: object - title: DescribeVpcClassicLinkDnsSupportRequest - properties: - maxResults: - allOf: - - $ref: '#/components/schemas/DescribeVpcClassicLinkDnsSupportMaxResults' - - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - nextToken: - allOf: - - $ref: '#/components/schemas/VpcClassicLinkIdList' - - description: One or more VPC IDs. - DescribeVpcClassicLinkRequest: - type: object - title: DescribeVpcClassicLinkRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - VpcId: - allOf: - - $ref: '#/components/schemas/VpcClassicLinkIdList' - - description: One or more VPCs for which you want to describe the ClassicLink status. - VpcClassicLinkList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcClassicLink' - - xml: - name: item - DescribeVpcEndpointConnectionNotificationsRequest: - type: object - title: DescribeVpcEndpointConnectionNotificationsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ConnectionNotificationId' - - description: The ID of the notification. - Filter: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to request the next page of results. - DescribeVpcEndpointConnectionsRequest: - type: object - title: DescribeVpcEndpointConnectionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to retrieve the next page of results. - VpcEndpointConnectionSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcEndpointConnection' - - xml: - name: item - DescribeVpcEndpointServiceConfigurationsRequest: - type: object - title: DescribeVpcEndpointServiceConfigurationsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ServiceId: - allOf: - - $ref: '#/components/schemas/VpcEndpointServiceIdList' - - description: The IDs of one or more services. - Filter: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to retrieve the next page of results. - ServiceConfigurationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ServiceConfiguration' - - xml: - name: item - DescribeVpcEndpointServicePermissionsRequest: - type: object - required: - - ServiceId - title: DescribeVpcEndpointServicePermissionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpcEndpointServiceId' - - description: The ID of the service. - Filter: - allOf: - - $ref: '#/components/schemas/String' - - description: The token to retrieve the next page of results. - DescribeVpcEndpointServicesRequest: - type: object - title: DescribeVpcEndpointServicesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ServiceName: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: One or more service names. - Filter: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next set of items to return. (You received this token from a prior call.) - description: Contains the parameters for DescribeVpcEndpointServices. - ServiceDetailSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ServiceDetail' - - xml: - name: item - DescribeVpcEndpointsRequest: - type: object - title: DescribeVpcEndpointsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - VpcEndpointId: - allOf: - - $ref: '#/components/schemas/VpcEndpointIdList' - - description: One or more endpoint IDs. - Filter: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next set of items to return. (You received this token from a prior call.) - description: Contains the parameters for DescribeVpcEndpoints. - VpcEndpointSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcEndpoint' - - xml: - name: item - DescribeVpcPeeringConnectionsMaxResults: - type: integer - minimum: 5 - maximum: 1000 - DescribeVpcPeeringConnectionsRequest: - type: object - title: DescribeVpcPeeringConnectionsRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - VpcPeeringConnectionId: - allOf: - - $ref: '#/components/schemas/DescribeVpcPeeringConnectionsMaxResults' - - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - VpcPeeringConnectionList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcPeeringConnection' - - xml: - name: item - DescribeVpcsMaxResults: - type: integer - minimum: 5 - maximum: 1000 - VpcIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcId' - - xml: - name: VpcId - DescribeVpcsRequest: - type: object - title: DescribeVpcsRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - VpcId: - allOf: - - $ref: '#/components/schemas/VpcIdStringList' - - description: '

One or more VPC IDs.

Default: Describes all your VPCs.

' - dryRun: - allOf: - - $ref: '#/components/schemas/DescribeVpcsMaxResults' - - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - VpcList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Vpc' - - xml: - name: item - VpnConnectionIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpnConnectionId' - - xml: - name: VpnConnectionId - DescribeVpnConnectionsRequest: - type: object - title: DescribeVpnConnectionsRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - VpnConnectionId: - allOf: - - $ref: '#/components/schemas/VpnConnectionIdStringList' - - description: '

One or more VPN connection IDs.

Default: Describes your VPN connections.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for DescribeVpnConnections. - VpnConnectionList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpnConnection' - - xml: - name: item - VpnGatewayIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpnGatewayId' - - xml: - name: VpnGatewayId - DescribeVpnGatewaysRequest: - type: object - title: DescribeVpnGatewaysRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/FilterList' - - description: '

One or more filters.

' - VpnGatewayId: - allOf: - - $ref: '#/components/schemas/VpnGatewayIdStringList' - - description: '

One or more virtual private gateway IDs.

Default: Describes all your virtual private gateways.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for DescribeVpnGateways. - VpnGatewayList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpnGateway' - - xml: - name: item - DestinationFileFormat: - type: string - enum: - - plain-text - - parquet - DestinationOptionsResponse: - type: object - properties: - fileFormat: - allOf: - - $ref: '#/components/schemas/DestinationFileFormat' - - description: The format for the flow log. - hiveCompatiblePartitions: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. - perHourPartition: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to partition the flow log per hour. - description: Describes the destination options for a flow log. - DetachClassicLinkVpcRequest: - type: object - required: - - InstanceId - - VpcId - title: DetachClassicLinkVpcRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - instanceId: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: The ID of the instance to unlink from the VPC. - vpcId: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC to which the instance is linked. - DetachInternetGatewayRequest: - type: object - required: - - InternetGatewayId - - VpcId - title: DetachInternetGatewayRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - internetGatewayId: - allOf: - - $ref: '#/components/schemas/InternetGatewayId' - - description: The ID of the internet gateway. - vpcId: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - DetachNetworkInterfaceRequest: - type: object - required: - - AttachmentId - title: DetachNetworkInterfaceRequest - properties: - attachmentId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceAttachmentId' - - description: The ID of the attachment. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - force: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Specifies whether to force a detachment.

' - description: Contains the parameters for DetachNetworkInterface. - DetachVolumeRequest: - type: object - required: - - VolumeId - title: DetachVolumeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VolumeId' - - description: The ID of the volume. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DetachVpnGatewayRequest: - type: object - required: - - VpcId - - VpnGatewayId - title: DetachVpnGatewayRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpnGatewayId' - - description: The ID of the virtual private gateway. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for DetachVpnGateway. - DeviceType: - type: string - enum: - - ebs - - instance-store - DhcpConfigurationValueList: - type: array - items: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - xml: - name: item - DhcpConfiguration: - type: object - properties: - key: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of a DHCP option. - valueSet: - allOf: - - $ref: '#/components/schemas/DhcpConfigurationValueList' - - description: One or more values for the DHCP option. - description: Describes a DHCP configuration option. - DhcpConfigurationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/DhcpConfiguration' - - xml: - name: item - DirectoryServiceAuthenticationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Active Directory to be used for authentication. - description: Describes the Active Directory to be used for client authentication. - DisableEbsEncryptionByDefaultRequest: - type: object - title: DisableEbsEncryptionByDefaultRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DisableFastLaunchRequest: - type: object - required: - - ImageId - title: DisableFastLaunchRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DisableFastSnapshotRestoreStateErrorSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/DisableFastSnapshotRestoreStateErrorItem' - - xml: - name: item - DisableFastSnapshotRestoreErrorItem: - type: object - properties: - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the snapshot. - fastSnapshotRestoreStateErrorSet: - allOf: - - $ref: '#/components/schemas/DisableFastSnapshotRestoreStateErrorSet' - - description: The errors. - description: Contains information about the errors that occurred when disabling fast snapshot restores. - DisableFastSnapshotRestoreErrorSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/DisableFastSnapshotRestoreErrorItem' - - xml: - name: item - DisableFastSnapshotRestoreStateError: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/String' - - description: The error code. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: The error message. - description: Describes an error that occurred when disabling fast snapshot restores. - DisableFastSnapshotRestoreStateErrorItem: - type: object - properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone. - error: - allOf: - - $ref: '#/components/schemas/DisableFastSnapshotRestoreStateError' - - description: The error. - description: Contains information about an error that occurred when disabling fast snapshot restores. - DisableFastSnapshotRestoreSuccessItem: - type: object - properties: - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the snapshot. - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone. - state: - allOf: - - $ref: '#/components/schemas/FastSnapshotRestoreStateCode' - - description: The state of fast snapshot restores for the snapshot. - stateTransitionReason: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The reason for the state transition. The possible values are as follows:

' - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that enabled fast snapshot restores on the snapshot. - ownerAlias: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services owner alias that enabled fast snapshot restores on the snapshot. This is intended for future use. - enablingTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time at which fast snapshot restores entered the enabling state. - optimizingTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time at which fast snapshot restores entered the optimizing state. - enabledTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time at which fast snapshot restores entered the enabled state. - disablingTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time at which fast snapshot restores entered the disabling state. - disabledTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time at which fast snapshot restores entered the disabled state. - description: Describes fast snapshot restores that were successfully disabled. - DisableFastSnapshotRestoreSuccessSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/DisableFastSnapshotRestoreSuccessItem' - - xml: - name: item - DisableFastSnapshotRestoresRequest: - type: object - required: - - AvailabilityZones - - SourceSnapshotIds - title: DisableFastSnapshotRestoresRequest - properties: - AvailabilityZone: - allOf: - - $ref: '#/components/schemas/AvailabilityZoneStringList' - - description: 'One or more Availability Zones. For example, us-east-2a.' - SourceSnapshotId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DisableImageDeprecationRequest: - type: object - required: - - ImageId - title: DisableImageDeprecationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DisableIpamOrganizationAdminAccountRequest: - type: object - required: - - DelegatedAdminAccountId - title: DisableIpamOrganizationAdminAccountRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The Organizations member account ID that you want to disable as IPAM account. - DisableSerialConsoleAccessRequest: - type: object - title: DisableSerialConsoleAccessRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DisableTransitGatewayRouteTablePropagationRequest: - type: object - required: - - TransitGatewayRouteTableId - - TransitGatewayAttachmentId - title: DisableTransitGatewayRouteTablePropagationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayPropagation: - type: object - properties: - transitGatewayAttachmentId: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentId' - - description: The ID of the attachment. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource. - resourceType: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' - - description: The resource type. Note that the tgw-peering resource type has been deprecated. - transitGatewayRouteTableId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway route table. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayPropagationState' - - description: The state. - description: Describes route propagation. - DisableVgwRoutePropagationRequest: - type: object - required: - - GatewayId - - RouteTableId - title: DisableVgwRoutePropagationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for DisableVgwRoutePropagation. - DisableVpcClassicLinkDnsSupportRequest: - type: object - title: DisableVpcClassicLinkDnsSupportRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - DisableVpcClassicLinkRequest: - type: object - required: - - VpcId - title: DisableVpcClassicLinkRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - vpcId: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - DisassociateAddressRequest: - type: object - title: DisassociateAddressRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '[EC2-Classic] The Elastic IP address. Required for EC2-Classic.' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DisassociateClientVpnTargetNetworkRequest: - type: object - required: - - ClientVpnEndpointId - - AssociationId - title: DisassociateClientVpnTargetNetworkRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DisassociateEnclaveCertificateIamRoleRequest: - type: object - title: DisassociateEnclaveCertificateIamRoleRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DisassociateIamInstanceProfileRequest: - type: object - required: - - AssociationId - title: DisassociateIamInstanceProfileRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/IamInstanceProfileAssociationId' - - description: The ID of the IAM instance profile association. - InstanceEventWindowDisassociationRequest: - type: object - properties: - InstanceId: - allOf: - - $ref: '#/components/schemas/InstanceIdList' - - description: The IDs of the instances to disassociate from the event window. - InstanceTag: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The instance tags to disassociate from the event window. Any instances associated with the tags will be disassociated from the event window. - DedicatedHostId: - allOf: - - $ref: '#/components/schemas/DedicatedHostIdList' - - description: The IDs of the Dedicated Hosts to disassociate from the event window. - description: The targets to disassociate from the specified event window. - DisassociateInstanceEventWindowRequest: - type: object - required: - - InstanceEventWindowId - - AssociationTarget - title: DisassociateInstanceEventWindowRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowDisassociationRequest' - - description: One or more targets to disassociate from the specified event window. - RouteTableAssociationId: - type: string - DisassociateRouteTableRequest: - type: object - required: - - AssociationId - title: DisassociateRouteTableRequest - properties: - associationId: - allOf: - - $ref: '#/components/schemas/RouteTableAssociationId' - - description: The association ID representing the current association between the route table and subnet or gateway. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - SubnetCidrAssociationId: - type: string - DisassociateSubnetCidrBlockRequest: - type: object - required: - - AssociationId - title: DisassociateSubnetCidrBlockRequest - properties: - associationId: - allOf: - - $ref: '#/components/schemas/SubnetCidrAssociationId' - - description: The association ID for the CIDR block. - DisassociateTransitGatewayMulticastDomainRequest: - type: object - title: DisassociateTransitGatewayMulticastDomainRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DisassociateTransitGatewayRouteTableRequest: - type: object - required: - - TransitGatewayRouteTableId - - TransitGatewayAttachmentId - title: DisassociateTransitGatewayRouteTableRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - DisassociateTrunkInterfaceRequest: - type: object - required: - - AssociationId - title: DisassociateTrunkInterfaceRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - VpcCidrAssociationId: - type: string - DisassociateVpcCidrBlockRequest: - type: object - required: - - AssociationId - title: DisassociateVpcCidrBlockRequest - properties: - associationId: - allOf: - - $ref: '#/components/schemas/VpcCidrAssociationId' - - description: The association ID for the CIDR block. - DiskCount: - type: integer - VolumeDetail: - type: object - required: - - Size - properties: - size: - # allOf: - # - $ref: '#/components/schemas/Long' - # - description: 'The size of the volume, in GiB.' - type: integer - description: 'The size of the volume, in GiB.' - description: Describes an EBS volume. - DiskImageDescription: - type: object - properties: - checksum: - allOf: - - $ref: '#/components/schemas/String' - - description: The checksum computed for the disk image. - format: - allOf: - - $ref: '#/components/schemas/DiskImageFormat' - - description: The disk image format. - importManifestUrl: - allOf: - - $ref: '#/components/schemas/String' - - description: '

A presigned URL for the import manifest stored in Amazon S3. For information about creating a presigned URL for an Amazon S3 object, read the "Query String Request Authentication Alternative" section of the Authenticating REST Requests topic in the Amazon Simple Storage Service Developer Guide.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' - size: - allOf: - - $ref: '#/components/schemas/Long' - - description: 'The size of the disk image, in GiB.' - description: Describes a disk image. - DiskImageDetail: - type: object - required: - - Bytes - - Format - - ImportManifestUrl - properties: - bytes: - allOf: - - $ref: '#/components/schemas/Long' - - description: 'The size of the disk image, in GiB.' - format: - allOf: - - $ref: '#/components/schemas/DiskImageFormat' - - description: The disk image format. - importManifestUrl: - allOf: - - $ref: '#/components/schemas/String' - - description: '

A presigned URL for the import manifest stored in Amazon S3 and presented here as an Amazon S3 presigned URL. For information about creating a presigned URL for an Amazon S3 object, read the "Query String Request Authentication Alternative" section of the Authenticating REST Requests topic in the Amazon Simple Storage Service Developer Guide.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' - description: Describes a disk image. - DiskImageList: - type: array - items: - $ref: '#/components/schemas/DiskImage' - DiskImageVolumeDescription: - type: object - properties: - id: - allOf: - - $ref: '#/components/schemas/String' - - description: The volume identifier. - size: - allOf: - - $ref: '#/components/schemas/Long' - - description: 'The size of the volume, in GiB.' - description: Describes a disk image volume. - DiskSize: - type: integer - DiskType: - type: string - enum: - - hdd - - ssd - DiskInfo: - type: object - properties: - sizeInGB: - allOf: - - $ref: '#/components/schemas/DiskSize' - - description: The size of the disk in GB. - count: - allOf: - - $ref: '#/components/schemas/DiskCount' - - description: The number of disks with this configuration. - type: - allOf: - - $ref: '#/components/schemas/DiskType' - - description: The type of disk. - description: Describes a disk. - DiskInfoList: - type: array - items: - allOf: - - $ref: '#/components/schemas/DiskInfo' - - xml: - name: item - DnsEntry: - type: object - properties: - dnsName: - allOf: - - $ref: '#/components/schemas/String' - - description: The DNS name. - hostedZoneId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the private hosted zone. - description: Describes a DNS entry. - DnsEntrySet: - type: array - items: - allOf: - - $ref: '#/components/schemas/DnsEntry' - - xml: - name: item - DnsNameState: - type: string - enum: - - pendingVerification - - verified - - failed - DnsOptions: - type: object - properties: - dnsRecordIpType: - allOf: - - $ref: '#/components/schemas/DnsRecordIpType' - - description: The DNS records created for the endpoint. - description: Describes the DNS options for an endpoint. - DnsOptionsSpecification: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/DnsRecordIpType' - - description: The DNS records created for the endpoint. - description: Describes the DNS options for an endpoint. - DnsServersOptionsModifyStructure: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether DNS servers should be used. Specify False to delete the existing DNS servers. - description: Information about the DNS server to be used. - DnsSupportValue: - type: string - enum: - - enable - - disable - DoubleWithConstraints: - type: number - format: double - minimum: 0.001 - maximum: 99.999 - EbsEncryptionSupport: - type: string - enum: - - unsupported - - supported - EbsOptimizedSupport: - type: string - enum: - - unsupported - - supported - - default - EbsOptimizedInfo: - type: object - properties: - baselineBandwidthInMbps: - allOf: - - $ref: '#/components/schemas/BaselineBandwidthInMbps' - - description: 'The baseline bandwidth performance for an EBS-optimized instance type, in Mbps.' - baselineThroughputInMBps: - allOf: - - $ref: '#/components/schemas/BaselineThroughputInMBps' - - description: 'The baseline throughput performance for an EBS-optimized instance type, in MB/s.' - baselineIops: - allOf: - - $ref: '#/components/schemas/BaselineIops' - - description: The baseline input/output storage operations per seconds for an EBS-optimized instance type. - maximumBandwidthInMbps: - allOf: - - $ref: '#/components/schemas/MaximumBandwidthInMbps' - - description: 'The maximum bandwidth performance for an EBS-optimized instance type, in Mbps.' - maximumThroughputInMBps: - allOf: - - $ref: '#/components/schemas/MaximumThroughputInMBps' - - description: 'The maximum throughput performance for an EBS-optimized instance type, in MB/s.' - maximumIops: - allOf: - - $ref: '#/components/schemas/MaximumIops' - - description: The maximum input/output storage operations per second for an EBS-optimized instance type. - description: Describes the optimized EBS performance for supported instance types. - EbsNvmeSupport: - type: string - enum: - - unsupported - - supported - - required - EbsInfo: - type: object - properties: - ebsOptimizedSupport: - allOf: - - $ref: '#/components/schemas/EbsOptimizedSupport' - - description: 'Indicates whether the instance type is Amazon EBS-optimized. For more information, see Amazon EBS-optimized instances in Amazon EC2 User Guide.' - encryptionSupport: - allOf: - - $ref: '#/components/schemas/EbsEncryptionSupport' - - description: Indicates whether Amazon EBS encryption is supported. - ebsOptimizedInfo: - allOf: - - $ref: '#/components/schemas/EbsOptimizedInfo' - - description: Describes the optimized EBS performance for the instance type. - nvmeSupport: - allOf: - - $ref: '#/components/schemas/EbsNvmeSupport' - - description: Indicates whether non-volatile memory express (NVMe) is supported. - description: Describes the Amazon EBS features supported by the instance type. - EbsInstanceBlockDevice: - type: object - properties: - attachTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time stamp when the attachment initiated. - deleteOnTermination: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the volume is deleted on instance termination. - status: - allOf: - - $ref: '#/components/schemas/AttachmentStatus' - - description: The attachment state. - volumeId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the EBS volume. - description: Describes a parameter used to set up an EBS volume in a block device mapping. - EbsInstanceBlockDeviceSpecification: - type: object - properties: - deleteOnTermination: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the volume is deleted on instance termination. - volumeId: - allOf: - - $ref: '#/components/schemas/VolumeId' - - description: The ID of the EBS volume. - description: Describes information used to set up an EBS volume specified in a block device mapping. - MaximumBandwidthInMbps: - type: integer - MaximumThroughputInMBps: - type: number - format: double - MaximumIops: - type: integer - MaximumEfaInterfaces: - type: integer - EfaInfo: - type: object - properties: - maximumEfaInterfaces: - allOf: - - $ref: '#/components/schemas/MaximumEfaInterfaces' - - description: The maximum number of Elastic Fabric Adapters for the instance type. - description: Describes the Elastic Fabric Adapters for the instance type. - EfaSupportedFlag: - type: boolean - InternetGatewayAttachmentList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InternetGatewayAttachment' - - xml: - name: item - EgressOnlyInternetGatewayIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/EgressOnlyInternetGatewayId' - - xml: - name: item - ElasticGpuAssociation: - type: object - properties: - elasticGpuId: - allOf: - - $ref: '#/components/schemas/ElasticGpuId' - - description: The ID of the Elastic Graphics accelerator. - elasticGpuAssociationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the association. - elasticGpuAssociationState: - allOf: - - $ref: '#/components/schemas/String' - - description: The state of the association between the instance and the Elastic Graphics accelerator. - elasticGpuAssociationTime: - allOf: - - $ref: '#/components/schemas/String' - - description: The time the Elastic Graphics accelerator was associated with the instance. - description: Describes the association between an instance and an Elastic Graphics accelerator. - ElasticGpuAssociationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ElasticGpuAssociation' - - xml: - name: item - ElasticGpuStatus: - type: string - enum: - - OK - - IMPAIRED - ElasticGpuHealth: - type: object - properties: - status: - allOf: - - $ref: '#/components/schemas/ElasticGpuStatus' - - description: The health status. - description: Describes the status of an Elastic Graphics accelerator. - ElasticGpuIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ElasticGpuId' - - xml: - name: item - ElasticGpus: - type: object - properties: - elasticGpuId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Elastic Graphics accelerator. - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone in the which the Elastic Graphics accelerator resides. - elasticGpuType: - allOf: - - $ref: '#/components/schemas/String' - - description: The type of Elastic Graphics accelerator. - elasticGpuHealth: - allOf: - - $ref: '#/components/schemas/ElasticGpuHealth' - - description: The status of the Elastic Graphics accelerator. - elasticGpuState: - allOf: - - $ref: '#/components/schemas/ElasticGpuState' - - description: The state of the Elastic Graphics accelerator. - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance to which the Elastic Graphics accelerator is attached. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the Elastic Graphics accelerator. - description: Describes an Elastic Graphics accelerator. - ElasticGpuSpecificationResponse: - type: object - properties: - type: - allOf: - - $ref: '#/components/schemas/String' - - description: The elastic GPU type. - description: Describes an elastic GPU. - ElasticGpuSpecificationResponseList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ElasticGpuSpecificationResponse' - - xml: - name: item - ElasticGpuSpecifications: - type: array - items: - allOf: - - $ref: '#/components/schemas/ElasticGpuSpecification' - - xml: - name: item - ElasticGpuState: - type: string - enum: - - ATTACHED - ElasticInferenceAcceleratorCount: - type: integer - minimum: 1 - ElasticInferenceAcceleratorAssociation: - type: object - properties: - elasticInferenceAcceleratorArn: - allOf: - - $ref: '#/components/schemas/String' - - description: ' The Amazon Resource Name (ARN) of the elastic inference accelerator. ' - elasticInferenceAcceleratorAssociationId: - allOf: - - $ref: '#/components/schemas/String' - - description: ' The ID of the association. ' - elasticInferenceAcceleratorAssociationState: - allOf: - - $ref: '#/components/schemas/String' - - description: ' The state of the elastic inference accelerator. ' - elasticInferenceAcceleratorAssociationTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: ' The time at which the elastic inference accelerator is associated with an instance. ' - description: ' Describes the association between an instance and an elastic inference accelerator. ' - ElasticInferenceAcceleratorAssociationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ElasticInferenceAcceleratorAssociation' - - xml: - name: item - ElasticInferenceAccelerators: - type: array - items: - allOf: - - $ref: '#/components/schemas/ElasticInferenceAccelerator' - - xml: - name: item - ElasticIpAssociationId: - type: string - EnaSupport: - type: string - enum: - - unsupported - - supported - - required - EnableEbsEncryptionByDefaultRequest: - type: object - title: EnableEbsEncryptionByDefaultRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - EnableFastLaunchRequest: - type: object - required: - - ImageId - title: EnableFastLaunchRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - EnableFastSnapshotRestoreStateErrorSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/EnableFastSnapshotRestoreStateErrorItem' - - xml: - name: item - EnableFastSnapshotRestoreErrorItem: - type: object - properties: - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the snapshot. - fastSnapshotRestoreStateErrorSet: - allOf: - - $ref: '#/components/schemas/EnableFastSnapshotRestoreStateErrorSet' - - description: The errors. - description: Contains information about the errors that occurred when enabling fast snapshot restores. - EnableFastSnapshotRestoreErrorSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/EnableFastSnapshotRestoreErrorItem' - - xml: - name: item - EnableFastSnapshotRestoreStateError: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/String' - - description: The error code. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: The error message. - description: Describes an error that occurred when enabling fast snapshot restores. - EnableFastSnapshotRestoreStateErrorItem: - type: object - properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone. - error: - allOf: - - $ref: '#/components/schemas/EnableFastSnapshotRestoreStateError' - - description: The error. - description: Contains information about an error that occurred when enabling fast snapshot restores. - EnableFastSnapshotRestoreSuccessItem: - type: object - properties: - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the snapshot. - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone. - state: - allOf: - - $ref: '#/components/schemas/FastSnapshotRestoreStateCode' - - description: The state of fast snapshot restores. - stateTransitionReason: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The reason for the state transition. The possible values are as follows:

' - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that enabled fast snapshot restores on the snapshot. - ownerAlias: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services owner alias that enabled fast snapshot restores on the snapshot. This is intended for future use. - enablingTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time at which fast snapshot restores entered the enabling state. - optimizingTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time at which fast snapshot restores entered the optimizing state. - enabledTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time at which fast snapshot restores entered the enabled state. - disablingTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time at which fast snapshot restores entered the disabling state. - disabledTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time at which fast snapshot restores entered the disabled state. - description: Describes fast snapshot restores that were successfully enabled. - EnableFastSnapshotRestoreSuccessSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/EnableFastSnapshotRestoreSuccessItem' - - xml: - name: item - EnableFastSnapshotRestoresRequest: - type: object - required: - - AvailabilityZones - - SourceSnapshotIds - title: EnableFastSnapshotRestoresRequest - properties: - AvailabilityZone: - allOf: - - $ref: '#/components/schemas/AvailabilityZoneStringList' - - description: 'One or more Availability Zones. For example, us-east-2a.' - SourceSnapshotId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - EnableImageDeprecationRequest: - type: object - required: - - ImageId - - DeprecateAt - title: EnableImageDeprecationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - EnableIpamOrganizationAdminAccountRequest: - type: object - required: - - DelegatedAdminAccountId - title: EnableIpamOrganizationAdminAccountRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The Organizations member account ID that you want to enable as the IPAM account. - EnableSerialConsoleAccessRequest: - type: object - title: EnableSerialConsoleAccessRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - EnableTransitGatewayRouteTablePropagationRequest: - type: object - required: - - TransitGatewayRouteTableId - - TransitGatewayAttachmentId - title: EnableTransitGatewayRouteTablePropagationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - EnableVgwRoutePropagationRequest: - type: object - required: - - GatewayId - - RouteTableId - title: EnableVgwRoutePropagationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for EnableVgwRoutePropagation. - EnableVolumeIORequest: - type: object - required: - - VolumeId - title: EnableVolumeIORequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - volumeId: - allOf: - - $ref: '#/components/schemas/VolumeId' - - description: The ID of the volume. - EnableVpcClassicLinkDnsSupportRequest: - type: object - title: EnableVpcClassicLinkDnsSupportRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - EnableVpcClassicLinkRequest: - type: object - required: - - VpcId - title: EnableVpcClassicLinkRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - vpcId: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - EnclaveOptions: - type: object - properties: - enabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If this parameter is set to true, the instance is enabled for Amazon Web Services Nitro Enclaves; otherwise, it is not enabled for Amazon Web Services Nitro Enclaves.' - description: Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. - EnclaveOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to true.' - description: 'Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.' - EncryptionInTransitSupported: - type: boolean - EphemeralNvmeSupport: - type: string - enum: - - unsupported - - supported - - required - ValidationError: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The error code that indicates why the parameter or parameter combination is not valid. For more information about error codes, see Error Codes.' - message: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The error message that describes why the parameter or parameter combination is not valid. For more information about error messages, see Error Codes.' - description: The error code and error message that is returned for a parameter or parameter combination that is not valid when a new launch template or new version of a launch template is created. - ErrorSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ValidationError' - - xml: - name: item - EventCode: - type: string - enum: - - instance-reboot - - system-reboot - - system-maintenance - - instance-retirement - - instance-stop - EventInformation: - type: object - properties: - eventDescription: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the event. - eventSubType: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The event.

error events:

fleetRequestChange events:

instanceChange events:

Information events:

' - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. This information is available only for instanceChange events. - description: Describes an EC2 Fleet or Spot Fleet event. - ExcludedInstanceType: - type: string - pattern: '[a-zA-Z0-9\.\*]+' - minLength: 1 - maxLength: 30 - StringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - TransitGatewayRouteTableRoute: - type: object - properties: - destinationCidr: - allOf: - - $ref: '#/components/schemas/String' - - description: The CIDR block used for destination matches. - state: - allOf: - - $ref: '#/components/schemas/String' - - description: The state of the route. - routeOrigin: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The route origin. The following are the possible values:

' - prefixListId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the prefix list. - attachmentId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the route attachment. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource for the route attachment. - resourceType: - allOf: - - $ref: '#/components/schemas/String' - - description: The resource type for the route attachment. - description: Describes a route in a transit gateway route table. - Explanation: - type: object - properties: - acl: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The network ACL. - aclRule: - allOf: - - $ref: '#/components/schemas/AnalysisAclRule' - - description: The network ACL rule. - address: - allOf: - - $ref: '#/components/schemas/IpAddress' - - description: 'The IPv4 address, in CIDR notation.' - addressSet: - allOf: - - $ref: '#/components/schemas/IpAddressList' - - description: 'The IPv4 addresses, in CIDR notation.' - attachedTo: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The resource to which the component is attached. - availabilityZoneSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The Availability Zones. - cidrSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The CIDR ranges. - component: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The component. - customerGateway: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The customer gateway. - destination: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The destination. - destinationVpc: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The destination VPC. - direction: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The direction. The following are the possible values:

' - explanationCode: - allOf: - - $ref: '#/components/schemas/String' - - description: The explanation code. - ingressRouteTable: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The route table. - internetGateway: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The internet gateway. - loadBalancerArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The Amazon Resource Name (ARN) of the load balancer. - classicLoadBalancerListener: - allOf: - - $ref: '#/components/schemas/AnalysisLoadBalancerListener' - - description: The listener for a Classic Load Balancer. - loadBalancerListenerPort: - allOf: - - $ref: '#/components/schemas/Port' - - description: The listener port of the load balancer. - loadBalancerTarget: - allOf: - - $ref: '#/components/schemas/AnalysisLoadBalancerTarget' - - description: The target. - loadBalancerTargetGroup: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The target group. - loadBalancerTargetGroupSet: - allOf: - - $ref: '#/components/schemas/AnalysisComponentList' - - description: The target groups. - loadBalancerTargetPort: - allOf: - - $ref: '#/components/schemas/Port' - - description: The target port. - elasticLoadBalancerListener: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The load balancer listener. - missingComponent: - allOf: - - $ref: '#/components/schemas/String' - - description: The missing component. - natGateway: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The NAT gateway. - networkInterface: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The network interface. - packetField: - allOf: - - $ref: '#/components/schemas/String' - - description: The packet field. - vpcPeeringConnection: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The VPC peering connection. - port: - allOf: - - $ref: '#/components/schemas/Port' - - description: The port. - portRangeSet: - allOf: - - $ref: '#/components/schemas/PortRangeList' - - description: The port ranges. - prefixList: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The prefix list. - protocolSet: - allOf: - - $ref: '#/components/schemas/StringList' - - description: The protocols. - routeTableRoute: - allOf: - - $ref: '#/components/schemas/AnalysisRouteTableRoute' - - description: The route table route. - routeTable: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The route table. - securityGroup: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The security group. - securityGroupRule: - allOf: - - $ref: '#/components/schemas/AnalysisSecurityGroupRule' - - description: The security group rule. - securityGroupSet: - allOf: - - $ref: '#/components/schemas/AnalysisComponentList' - - description: The security groups. - sourceVpc: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The source VPC. - state: - allOf: - - $ref: '#/components/schemas/String' - - description: The state. - subnet: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The subnet. - subnetRouteTable: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The route table for the subnet. - vpc: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The component VPC. - vpcEndpoint: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The VPC endpoint. - vpnConnection: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The VPN connection. - vpnGateway: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The VPN gateway. - transitGateway: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The transit gateway. - transitGatewayRouteTable: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The transit gateway route table. - transitGatewayRouteTableRoute: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableRoute' - - description: The transit gateway route table route. - transitGatewayAttachment: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The transit gateway attachment. - description: 'Describes an explanation code for an unreachable path. For more information, see Reachability Analyzer explanation codes.' - ExplanationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Explanation' - - xml: - name: item - ExportClientVpnClientCertificateRevocationListRequest: - type: object - required: - - ClientVpnEndpointId - title: ExportClientVpnClientCertificateRevocationListRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ExportClientVpnClientConfigurationRequest: - type: object - required: - - ClientVpnEndpointId - title: ExportClientVpnClientConfigurationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ExportImageRequest: - type: object - required: - - DiskImageFormat - - ImageId - - S3ExportLocation - title: ExportImageRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The name of the role that grants VM Import/Export permission to export images to your Amazon S3 bucket. If this parameter is not specified, the default role is named ''vmimport''.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to apply to the export image task during creation. - ExportTaskS3Location: - type: object - properties: - s3Bucket: - allOf: - - $ref: '#/components/schemas/String' - - description: The destination Amazon S3 bucket. - s3Prefix: - allOf: - - $ref: '#/components/schemas/String' - - description: The prefix (logical hierarchy) in the bucket. - description: Describes the destination for an export image task. - ExportImageTask: - type: object - properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description of the image being exported. - exportImageTaskId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the export image task. - imageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the image. - progress: - allOf: - - $ref: '#/components/schemas/String' - - description: The percent complete of the export image task. - s3ExportLocation: - allOf: - - $ref: '#/components/schemas/ExportTaskS3Location' - - description: Information about the destination Amazon S3 bucket. - status: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The status of the export image task. The possible values are active, completed, deleting, and deleted.' - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: The status message for the export image task. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the export image task. - description: Describes an export image task. - ExportImageTaskIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ExportImageTaskId' - - xml: - name: ExportImageTaskId - ExportToS3Task: - type: object - properties: - containerFormat: - allOf: - - $ref: '#/components/schemas/ContainerFormat' - - description: 'The container format used to combine disk images with metadata (such as OVF). If absent, only the disk image is exported.' - diskImageFormat: - allOf: - - $ref: '#/components/schemas/DiskImageFormat' - - description: The format for the exported image. - s3Bucket: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon S3 bucket for the destination image. The destination bucket must exist and grant WRITE and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com. - s3Key: - allOf: - - $ref: '#/components/schemas/String' - - description: The encryption key for your S3 bucket. - description: Describes the format and location for the export task. - InstanceExportDetails: - type: object - properties: - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource being exported. - targetEnvironment: - allOf: - - $ref: '#/components/schemas/ExportEnvironment' - - description: The target virtualization environment. - description: Describes an instance to export. - ExportTaskState: - type: string - enum: - - active - - cancelling - - cancelled - - completed - ExportTaskS3LocationRequest: - type: object - required: - - S3Bucket - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The prefix (logical hierarchy) in the bucket. - description: Describes the destination for an export image task. - ExportTransitGatewayRoutesRequest: - type: object - required: - - TransitGatewayRouteTableId - - S3Bucket - title: ExportTransitGatewayRoutesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableId' - - description: The ID of the route table. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - FailedCapacityReservationFleetCancellationResult: - type: object - properties: - capacityReservationFleetId: - allOf: - - $ref: '#/components/schemas/CapacityReservationFleetId' - - description: The ID of the Capacity Reservation Fleet that could not be cancelled. - cancelCapacityReservationFleetError: - allOf: - - $ref: '#/components/schemas/CancelCapacityReservationFleetError' - - description: Information about the Capacity Reservation Fleet cancellation error. - description: Describes a Capacity Reservation Fleet that could not be cancelled. - FailedQueuedPurchaseDeletion: - type: object - properties: - error: - allOf: - - $ref: '#/components/schemas/DeleteQueuedReservedInstancesError' - - description: The error. - reservedInstancesId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Reserved Instance. - description: Describes a Reserved Instance whose queued purchase was not deleted. - FastLaunchLaunchTemplateSpecificationRequest: - type: object - required: - - Version - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The version of the launch template to use for faster launching for a Windows AMI. - description: '

Request to create a launch template for a fast-launch enabled Windows AMI.

Note - You can specify either the LaunchTemplateName or the LaunchTemplateId, but not both.

' - FastLaunchSnapshotConfigurationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of pre-provisioned snapshots to keep on hand for a fast-launch enabled Windows AMI. - description: Configuration settings for creating and managing pre-provisioned snapshots for a fast-launch enabled Windows AMI. - FindingsFound: - type: string - enum: - - 'true' - - 'false' - - unknown - FleetActivityStatus: - type: string - enum: - - error - - pending_fulfillment - - pending_termination - - fulfilled - IntegerWithConstraints: - type: integer - minimum: 0 - FleetCapacityReservation: - type: object - properties: - capacityReservationId: - allOf: - - $ref: '#/components/schemas/CapacityReservationId' - - description: The ID of the Capacity Reservation. - availabilityZoneId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Availability Zone in which the Capacity Reservation reserves capacity. - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: The instance type for which the Capacity Reservation reserves capacity. - instancePlatform: - allOf: - - $ref: '#/components/schemas/CapacityReservationInstancePlatform' - - description: The type of operating system for which the Capacity Reservation reserves capacity. - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone in which the Capacity Reservation reserves capacity. - totalInstanceCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The total number of instances for which the Capacity Reservation reserves capacity. - fulfilledCapacity: - allOf: - - $ref: '#/components/schemas/Double' - - description: 'The number of capacity units fulfilled by the Capacity Reservation. For more information, see Total target capacity in the Amazon EC2 User Guide.' - ebsOptimized: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the Capacity Reservation reserves capacity for EBS-optimized instance types. - createDate: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time at which the Capacity Reservation was created. - weight: - allOf: - - $ref: '#/components/schemas/DoubleWithConstraints' - - description: 'The weight of the instance type in the Capacity Reservation Fleet. For more information, see Instance type weight in the Amazon EC2 User Guide.' - priority: - allOf: - - $ref: '#/components/schemas/IntegerWithConstraints' - - description: 'The priority of the instance type in the Capacity Reservation Fleet. For more information, see Instance type priority in the Amazon EC2 User Guide.' - description: Information about a Capacity Reservation in a Capacity Reservation Fleet. - FleetExcessCapacityTerminationPolicy: - type: string - enum: - - no-termination - - termination - FleetLaunchTemplateConfigList: - type: array - items: - allOf: - - $ref: '#/components/schemas/FleetLaunchTemplateConfig' - - xml: - name: item - TargetCapacitySpecification: - type: object - properties: - totalTargetCapacity: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The number of units to request, filled using DefaultTargetCapacityType.' - onDemandTargetCapacity: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The number of On-Demand units to request. If you specify a target capacity for Spot units, you cannot specify a target capacity for On-Demand units.' - spotTargetCapacity: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum number of Spot units to launch. If you specify a target capacity for On-Demand units, you cannot specify a target capacity for Spot units.' - defaultTargetCapacityType: - allOf: - - $ref: '#/components/schemas/DefaultTargetCapacityType' - - description: 'The default TotalTargetCapacity, which is either Spot or On-Demand.' - targetCapacityUnitType: - allOf: - - $ref: '#/components/schemas/TargetCapacityUnitType' - - description: '

The unit for the target capacity.

Default: units (translates to number of instances)

' - description: '

The number of units to request. You can choose to set the target capacity in terms of instances or a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.

You can use the On-Demand Instance MaxTotalPrice parameter, the Spot Instance MaxTotalPrice, or both to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, EC2 Fleet will launch instances until it reaches the maximum amount that you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity. The MaxTotalPrice parameters are located in OnDemandOptions and SpotOptions.

' - SpotOptions: - type: object - properties: - allocationStrategy: - allOf: - - $ref: '#/components/schemas/SpotAllocationStrategy' - - description: '

The strategy that determines how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the EC2 Fleet.

lowest-price - EC2 Fleet launches instances from the Spot Instance pools with the lowest price.

diversified - EC2 Fleet launches instances from all of the Spot Instance pools that you specify.

capacity-optimized (recommended) - EC2 Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching. To give certain instance types a higher chance of launching first, use capacity-optimized-prioritized. Set a priority for each instance type by using the Priority parameter for LaunchTemplateOverrides. You can assign the same priority to different LaunchTemplateOverrides. EC2 implements the priorities on a best-effort basis, but optimizes for capacity first. capacity-optimized-prioritized is supported only if your fleet uses a launch template. Note that if the On-Demand AllocationStrategy is set to prioritized, the same priority is applied when fulfilling On-Demand capacity.

Default: lowest-price

' - maintenanceStrategies: - allOf: - - $ref: '#/components/schemas/FleetSpotMaintenanceStrategies' - - description: The strategies for managing your workloads on your Spot Instances that will be interrupted. Currently only the capacity rebalance strategy is available. - instanceInterruptionBehavior: - allOf: - - $ref: '#/components/schemas/SpotInstanceInterruptionBehavior' - - description: '

The behavior when a Spot Instance is interrupted.

Default: terminate

' - instancePoolsToUseCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The number of Spot pools across which to allocate your target Spot capacity. Supported only when AllocationStrategy is set to lowest-price. EC2 Fleet selects the cheapest Spot pools and evenly allocates your target Spot capacity across the number of Spot pools that you specify.

Note that EC2 Fleet attempts to draw Spot Instances from the number of pools that you specify on a best effort basis. If a pool runs out of Spot capacity before fulfilling your target capacity, EC2 Fleet will continue to fulfill your request by drawing from the next cheapest pool. To ensure that your target capacity is met, you might receive Spot Instances from more than the number of pools that you specified. Similarly, if most of the pools have no Spot capacity, you might receive your full target capacity from fewer than the number of pools that you specified.

' - singleInstanceType: - allOf: - - $ref: '#/components/schemas/Boolean' - - description:

Indicates that the fleet uses a single instance type to launch all Spot Instances in the fleet.

Supported only for fleets of type instant.

- singleAvailabilityZone: - allOf: - - $ref: '#/components/schemas/Boolean' - - description:

Indicates that the fleet launches all Spot Instances into a single Availability Zone.

Supported only for fleets of type instant.

- minTargetCapacity: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The minimum target capacity for Spot Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.

Supported only for fleets of type instant.

At least one of the following must be specified: SingleAvailabilityZone | SingleInstanceType

' - maxTotalPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The maximum amount per hour for Spot Instances that you're willing to pay. - description: Describes the configuration of Spot Instances in an EC2 Fleet. - OnDemandOptions: - type: object - properties: - allocationStrategy: - allOf: - - $ref: '#/components/schemas/FleetOnDemandAllocationStrategy' - - description: '

The strategy that determines the order of the launch template overrides to use in fulfilling On-Demand capacity.

lowest-price - EC2 Fleet uses price to determine the order, launching the lowest price first.

prioritized - EC2 Fleet uses the priority that you assigned to each launch template override, launching the highest priority first.

Default: lowest-price

' - capacityReservationOptions: - allOf: - - $ref: '#/components/schemas/CapacityReservationOptions' - - description:

The strategy for using unused Capacity Reservations for fulfilling On-Demand capacity.

Supported only for fleets of type instant.

- singleInstanceType: - allOf: - - $ref: '#/components/schemas/Boolean' - - description:

Indicates that the fleet uses a single instance type to launch all On-Demand Instances in the fleet.

Supported only for fleets of type instant.

- singleAvailabilityZone: - allOf: - - $ref: '#/components/schemas/Boolean' - - description:

Indicates that the fleet launches all On-Demand Instances into a single Availability Zone.

Supported only for fleets of type instant.

- minTargetCapacity: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The minimum target capacity for On-Demand Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.

Supported only for fleets of type instant.

At least one of the following must be specified: SingleAvailabilityZone | SingleInstanceType

' - maxTotalPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The maximum amount per hour for On-Demand Instances that you're willing to pay. - description: Describes the configuration of On-Demand Instances in an EC2 Fleet. - FleetData: - type: object - properties: - activityStatus: - allOf: - - $ref: '#/components/schemas/FleetActivityStatus' - - description: 'The progress of the EC2 Fleet. If there is an error, the status is error. After all requests are placed, the status is pending_fulfillment. If the size of the EC2 Fleet is equal to or greater than its target capacity, the status is fulfilled. If the size of the EC2 Fleet is decreased, the status is pending_termination while instances are terminating.' - createTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The creation date and time of the EC2 Fleet. - fleetId: - allOf: - - $ref: '#/components/schemas/FleetId' - - description: The ID of the EC2 Fleet. - fleetState: - allOf: - - $ref: '#/components/schemas/FleetStateCode' - - description: The state of the EC2 Fleet. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: '

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.

Constraints: Maximum 64 ASCII characters

' - excessCapacityTerminationPolicy: - allOf: - - $ref: '#/components/schemas/FleetExcessCapacityTerminationPolicy' - - description: Indicates whether running instances should be terminated if the target capacity of the EC2 Fleet is decreased below the current size of the EC2 Fleet. - fulfilledCapacity: - allOf: - - $ref: '#/components/schemas/Double' - - description: The number of units fulfilled by this request compared to the set target capacity. - fulfilledOnDemandCapacity: - allOf: - - $ref: '#/components/schemas/Double' - - description: The number of units fulfilled by this request compared to the set target On-Demand capacity. - launchTemplateConfigs: - allOf: - - $ref: '#/components/schemas/FleetLaunchTemplateConfigList' - - description: The launch template and overrides. - targetCapacitySpecification: - allOf: - - $ref: '#/components/schemas/TargetCapacitySpecification' - - description: 'The number of units to request. You can choose to set the target capacity in terms of instances or a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.' - terminateInstancesWithExpiration: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Indicates whether running instances should be terminated when the EC2 Fleet expires. ' - type: - allOf: - - $ref: '#/components/schemas/FleetType' - - description: 'The type of request. Indicates whether the EC2 Fleet only requests the target capacity, or also attempts to maintain it. If you request a certain target capacity, EC2 Fleet only places the required requests; it does not attempt to replenish instances if capacity is diminished, and it does not submit requests in alternative capacity pools if capacity is unavailable. To maintain a certain target capacity, EC2 Fleet places the required requests to meet this target capacity. It also automatically replenishes any interrupted Spot Instances. Default: maintain.' - validFrom: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The start date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately. ' - validUntil: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The end date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new instance requests are placed or able to fulfill the request. The default end date is 7 days from the current date. ' - replaceUnhealthyInstances: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Indicates whether EC2 Fleet should replace unhealthy Spot Instances. Supported only for fleets of type maintain. For more information, see EC2 Fleet health checks in the Amazon EC2 User Guide.' - spotOptions: - allOf: - - $ref: '#/components/schemas/SpotOptions' - - description: The configuration of Spot Instances in an EC2 Fleet. - onDemandOptions: - allOf: - - $ref: '#/components/schemas/OnDemandOptions' - - description: The allocation strategy of On-Demand Instances in an EC2 Fleet. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for an EC2 Fleet resource. - errorSet: - allOf: - - $ref: '#/components/schemas/DescribeFleetsErrorSet' - - description: Information about the instances that could not be launched by the fleet. Valid only when Type is set to instant. - fleetInstanceSet: - allOf: - - $ref: '#/components/schemas/DescribeFleetsInstancesSet' - - description: Information about the instances that were launched by the fleet. Valid only when Type is set to instant. - context: - allOf: - - $ref: '#/components/schemas/String' - - description: Reserved. - description: Describes an EC2 Fleet. - FleetEventType: - type: string - enum: - - instance-change - - fleet-change - - service-error - FleetLaunchTemplateSpecification: - type: object - properties: - launchTemplateId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ID of the launch template. If you specify the template ID, you can''t specify the template name.' - launchTemplateName: - allOf: - - $ref: '#/components/schemas/LaunchTemplateName' - - description: 'The name of the launch template. If you specify the template name, you can''t specify the template ID.' - version: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The launch template version number, $Latest, or $Default. You must specify a value, otherwise the request fails.

If the value is $Latest, Amazon EC2 uses the latest version of the launch template.

If the value is $Default, Amazon EC2 uses the default version of the launch template.

' - description: 'Describes the Amazon EC2 launch template and the launch template version that can be used by a Spot Fleet request to configure Amazon EC2 instances. For information about launch templates, see Launching an instance from a launch template in the Amazon EC2 User Guide for Linux Instances.' - FleetLaunchTemplateOverridesList: - type: array - items: - allOf: - - $ref: '#/components/schemas/FleetLaunchTemplateOverrides' - - xml: - name: item - FleetLaunchTemplateConfig: - type: object - properties: - launchTemplateSpecification: - allOf: - - $ref: '#/components/schemas/FleetLaunchTemplateSpecification' - - description: The launch template. - overrides: - allOf: - - $ref: '#/components/schemas/FleetLaunchTemplateOverridesList' - - description: Any parameters that you specify override the same parameters in the launch template. - description: Describes a launch template and overrides. - FleetLaunchTemplateConfigListRequest: - type: array - items: - allOf: - - $ref: '#/components/schemas/FleetLaunchTemplateConfigRequest' - - xml: - name: item - minItems: 0 - maxItems: 50 - FleetLaunchTemplateOverridesListRequest: - type: array - items: - allOf: - - $ref: '#/components/schemas/FleetLaunchTemplateOverridesRequest' - - xml: - name: item - PlacementResponse: - type: object - properties: - groupName: - allOf: - - $ref: '#/components/schemas/PlacementGroupName' - - description: The name of the placement group that the instance is in. - description: Describes the placement of an instance. - InstanceRequirements: - type: object - properties: - vCpuCount: - allOf: - - $ref: '#/components/schemas/VCpuCountRange' - - description: The minimum and maximum number of vCPUs. - memoryMiB: - allOf: - - $ref: '#/components/schemas/MemoryMiB' - - description: 'The minimum and maximum amount of memory, in MiB.' - cpuManufacturerSet: - allOf: - - $ref: '#/components/schemas/CpuManufacturerSet' - - description: '

The CPU manufacturers to include.

Don''t confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template.

Default: Any manufacturer

' - memoryGiBPerVCpu: - allOf: - - $ref: '#/components/schemas/MemoryGiBPerVCpu' - - description: '

The minimum and maximum amount of memory per vCPU, in GiB.

Default: No minimum or maximum limits

' - excludedInstanceTypeSet: - allOf: - - $ref: '#/components/schemas/ExcludedInstanceTypeSet' - - description: '

The instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (*), to exclude an instance type, size, or generation. The following are examples: m5.8xlarge, c5*.*, m5a.*, r*, *3*.

For example, if you specify c5*,Amazon EC2 will exclude the entire C5 instance family, which includes all C5a and C5n instance types. If you specify m5a.*, Amazon EC2 will exclude all the M5a instance types, but not the M5n instance types.

Default: No excluded instance types

' - instanceGenerationSet: - allOf: - - $ref: '#/components/schemas/InstanceGenerationSet' - - description: '

Indicates whether current or previous generation instance types are included. The current generation instance types are recommended for use. Current generation instance types are typically the latest two to three generations in each instance family. For more information, see Instance types in the Amazon EC2 User Guide.

For current generation instance types, specify current.

For previous generation instance types, specify previous.

Default: Current and previous generation instance types

' - spotMaxPricePercentageOverLowestPrice: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The price protection threshold for Spot Instances. This is the maximum you’ll pay for a Spot Instance, expressed as a percentage above the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance types priced above your threshold.

The parameter accepts an integer, which Amazon EC2 interprets as a percentage.

To turn off price protection, specify a high value, such as 999999.

This parameter is not supported for GetSpotPlacementScores and GetInstanceTypesFromInstanceRequirements.

If you set TargetCapacityUnitType to vcpu or memory-mib, the price protection threshold is applied based on the per-vCPU or per-memory price instead of the per-instance price.

Default: 100

' - onDemandMaxPricePercentageOverLowestPrice: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The price protection threshold for On-Demand Instances. This is the maximum you’ll pay for an On-Demand Instance, expressed as a percentage above the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance types priced above your threshold.

The parameter accepts an integer, which Amazon EC2 interprets as a percentage.

To turn off price protection, specify a high value, such as 999999.

This parameter is not supported for GetSpotPlacementScores and GetInstanceTypesFromInstanceRequirements.

If you set TargetCapacityUnitType to vcpu or memory-mib, the price protection threshold is applied based on the per-vCPU or per-memory price instead of the per-instance price.

Default: 20

' - bareMetal: - allOf: - - $ref: '#/components/schemas/BareMetal' - - description: '

Indicates whether bare metal instance types must be included, excluded, or required.

Default: excluded

' - burstablePerformance: - allOf: - - $ref: '#/components/schemas/BurstablePerformance' - - description: '

Indicates whether burstable performance T instance types are included, excluded, or required. For more information, see Burstable performance instances.

Default: excluded

' - requireHibernateSupport: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Indicates whether instance types must support hibernation for On-Demand Instances.

This parameter is not supported for GetSpotPlacementScores.

Default: false

' - networkInterfaceCount: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceCount' - - description: '

The minimum and maximum number of network interfaces.

Default: No minimum or maximum limits

' - localStorage: - allOf: - - $ref: '#/components/schemas/LocalStorage' - - description: '

Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, Amazon EC2 instance store in the Amazon EC2 User Guide.

Default: included

' - localStorageTypeSet: - allOf: - - $ref: '#/components/schemas/LocalStorageTypeSet' - - description: '

The type of local storage that is required.

Default: hdd and sdd

' - totalLocalStorageGB: - allOf: - - $ref: '#/components/schemas/TotalLocalStorageGB' - - description: '

The minimum and maximum amount of total local storage, in GB.

Default: No minimum or maximum limits

' - baselineEbsBandwidthMbps: - allOf: - - $ref: '#/components/schemas/BaselineEbsBandwidthMbps' - - description: '

The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.

Default: No minimum or maximum limits

' - acceleratorTypeSet: - allOf: - - $ref: '#/components/schemas/AcceleratorTypeSet' - - description: '

The accelerator types that must be on the instance type.

Default: Any accelerator type

' - acceleratorCount: - allOf: - - $ref: '#/components/schemas/AcceleratorCount' - - description: '

The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an instance.

To exclude accelerator-enabled instance types, set Max to 0.

Default: No minimum or maximum limits

' - acceleratorManufacturerSet: - allOf: - - $ref: '#/components/schemas/AcceleratorManufacturerSet' - - description: '

Indicates whether instance types must have accelerators by specific manufacturers.

Default: Any manufacturer

' - acceleratorNameSet: - allOf: - - $ref: '#/components/schemas/AcceleratorNameSet' - - description: '

The accelerators that must be on the instance type.

Default: Any accelerator

' - acceleratorTotalMemoryMiB: - allOf: - - $ref: '#/components/schemas/AcceleratorTotalMemoryMiB' - - description: '

The minimum and maximum amount of total accelerator memory, in MiB.

Default: No minimum or maximum limits

' - description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.

When you specify multiple parameters, you get instance types that satisfy all of the specified parameters. If you specify multiple values for a parameter, you get instance types that satisfy any of the specified values.

You must specify VCpuCount and MemoryMiB. All other parameters are optional. Any unspecified optional parameter is set to its default.

For more information, see Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide.

' - FleetLaunchTemplateOverrides: - type: object - properties: - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: '

The instance type.

If you specify InstanceTypes, you can''t specify InstanceRequirements.

' - maxPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The maximum price per unit hour that you are willing to pay for a Spot Instance. - subnetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the subnet in which to launch the instances. - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone in which to launch the instances. - weightedCapacity: - allOf: - - $ref: '#/components/schemas/Double' - - description: The number of units provided by the specified instance type. - priority: - allOf: - - $ref: '#/components/schemas/Double' - - description: '

The priority for the launch template override. The highest priority is launched first.

If the On-Demand AllocationStrategy is set to prioritized, EC2 Fleet uses priority to determine which launch template override to use first in fulfilling On-Demand capacity.

If the Spot AllocationStrategy is set to capacity-optimized-prioritized, EC2 Fleet uses priority on a best-effort basis to determine which launch template override to use in fulfilling Spot capacity, but optimizes for capacity first.

Valid values are whole numbers starting at 0. The lower the number, the higher the priority. If no number is set, the override has the lowest priority. You can set the same priority for different launch template overrides.

' - placement: - allOf: - - $ref: '#/components/schemas/PlacementResponse' - - description: 'The location where the instance launched, if applicable.' - instanceRequirements: - allOf: - - $ref: '#/components/schemas/InstanceRequirements' - - description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.

If you specify InstanceRequirements, you can''t specify InstanceTypes.

' - description: Describes overrides for a launch template. - FleetLaunchTemplateOverridesRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceRequirementsRequest' - - description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.

If you specify InstanceRequirements, you can''t specify InstanceTypes.

' - description: Describes overrides for a launch template. - FleetLaunchTemplateSpecificationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The launch template version number, $Latest, or $Default. You must specify a value, otherwise the request fails.

If the value is $Latest, Amazon EC2 uses the latest version of the launch template.

If the value is $Default, Amazon EC2 uses the default version of the launch template.

' - description: 'Describes the Amazon EC2 launch template and the launch template version that can be used by an EC2 Fleet to configure Amazon EC2 instances. For information about launch templates, see Launching an instance from a launch template in the Amazon EC2 User Guide.' - FleetOnDemandAllocationStrategy: - type: string - enum: - - lowest-price - - prioritized - FleetReplacementStrategy: - type: string - enum: - - launch - - launch-before-terminate - FleetSpotCapacityRebalance: - type: object - properties: - replacementStrategy: - allOf: - - $ref: '#/components/schemas/FleetReplacementStrategy' - - description: '

The replacement strategy to use. Only available for fleets of type maintain.

launch - EC2 Fleet launches a new replacement Spot Instance when a rebalance notification is emitted for an existing Spot Instance in the fleet. EC2 Fleet does not terminate the instances that receive a rebalance notification. You can terminate the old instances, or you can leave them running. You are charged for all instances while they are running.

launch-before-terminate - EC2 Fleet launches a new replacement Spot Instance when a rebalance notification is emitted for an existing Spot Instance in the fleet, and then, after a delay that you specify (in TerminationDelay), terminates the instances that received a rebalance notification.

' - terminationDelay: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The amount of time (in seconds) that Amazon EC2 waits before terminating the old Spot Instance after launching a new replacement Spot Instance.

Required when ReplacementStrategy is set to launch-before-terminate.

Not valid when ReplacementStrategy is set to launch.

Valid values: Minimum value of 120 seconds. Maximum value of 7200 seconds.

' - description: The strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. - FleetSpotCapacityRebalanceRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The amount of time (in seconds) that Amazon EC2 waits before terminating the old Spot Instance after launching a new replacement Spot Instance.

Required when ReplacementStrategy is set to launch-before-terminate.

Not valid when ReplacementStrategy is set to launch.

Valid values: Minimum value of 120 seconds. Maximum value of 7200 seconds.

' - description: 'The Spot Instance replacement strategy to use when Amazon EC2 emits a rebalance notification signal that your Spot Instance is at an elevated risk of being interrupted. For more information, see Capacity rebalancing in the Amazon EC2 User Guide.' - FleetSpotMaintenanceStrategies: - type: object - properties: - capacityRebalance: - allOf: - - $ref: '#/components/schemas/FleetSpotCapacityRebalance' - - description: The strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. - description: The strategies for managing your Spot Instances that are at an elevated risk of being interrupted. - FleetSpotMaintenanceStrategiesRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/FleetSpotCapacityRebalanceRequest' - - description: The strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. - description: The strategies for managing your Spot Instances that are at an elevated risk of being interrupted. - Float: - type: number - format: float - TrafficType: - type: string - enum: - - ACCEPT - - REJECT - - ALL - LogDestinationType: - type: string - enum: - - cloud-watch-logs - - s3 - FlowLog: - type: object - properties: - creationTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time the flow log was created. - deliverLogsErrorMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Information about the error that occurred. Rate limited indicates that CloudWatch Logs throttling has been applied for one or more network interfaces, or that you''ve reached the limit on the number of log groups that you can create. Access error indicates that the IAM role associated with the flow log does not have sufficient permissions to publish to CloudWatch Logs. Unknown error indicates an internal error.' - deliverLogsPermissionArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The ARN of the IAM role that posts logs to CloudWatch Logs. - deliverLogsStatus: - allOf: - - $ref: '#/components/schemas/String' - - description: The status of the logs delivery (SUCCESS | FAILED). - flowLogId: - allOf: - - $ref: '#/components/schemas/String' - - description: The flow log ID. - flowLogStatus: - allOf: - - $ref: '#/components/schemas/String' - - description: The status of the flow log (ACTIVE). - logGroupName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the flow log group. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource on which the flow log was created. - trafficType: - allOf: - - $ref: '#/components/schemas/TrafficType' - - description: The type of traffic captured for the flow log. - logDestinationType: - allOf: - - $ref: '#/components/schemas/LogDestinationType' - - description: The type of destination to which the flow log data is published. Flow log data can be published to CloudWatch Logs or Amazon S3. - logDestination: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The destination to which the flow log data is published. Flow log data can be published to an CloudWatch Logs log group or an Amazon S3 bucket. If the flow log publishes to CloudWatch Logs, this element indicates the Amazon Resource Name (ARN) of the CloudWatch Logs log group to which the data is published. If the flow log publishes to Amazon S3, this element indicates the ARN of the Amazon S3 bucket to which the data is published.' - logFormat: - allOf: - - $ref: '#/components/schemas/String' - - description: The format of the flow log record. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the flow log. - maxAggregationInterval: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The maximum interval of time, in seconds, during which a flow of packets is captured and aggregated into a flow log record.

When a network interface is attached to a Nitro-based instance, the aggregation interval is always 60 seconds (1 minute) or less, regardless of the specified value.

Valid Values: 60 | 600

' - destinationOptions: - allOf: - - $ref: '#/components/schemas/DestinationOptionsResponse' - - description: The destination options. - description: Describes a flow log. - FlowLogResourceIds: - type: array - items: - allOf: - - $ref: '#/components/schemas/FlowLogResourceId' - - xml: - name: item - FlowLogsResourceType: - type: string - enum: - - VPC - - Subnet - - NetworkInterface - FpgaDeviceCount: - type: integer - FpgaDeviceName: - type: string - FpgaDeviceManufacturerName: - type: string - FpgaDeviceMemoryInfo: - type: object - properties: - sizeInMiB: - allOf: - - $ref: '#/components/schemas/FpgaDeviceMemorySize' - - description: 'The size of the memory available to the FPGA accelerator, in MiB.' - description: Describes the memory for the FPGA accelerator for the instance type. - FpgaDeviceInfo: - type: object - properties: - name: - allOf: - - $ref: '#/components/schemas/FpgaDeviceName' - - description: The name of the FPGA accelerator. - manufacturer: - allOf: - - $ref: '#/components/schemas/FpgaDeviceManufacturerName' - - description: The manufacturer of the FPGA accelerator. - count: - allOf: - - $ref: '#/components/schemas/FpgaDeviceCount' - - description: The count of FPGA accelerators for the instance type. - memoryInfo: - allOf: - - $ref: '#/components/schemas/FpgaDeviceMemoryInfo' - - description: Describes the memory for the FPGA accelerator for the instance type. - description: Describes the FPGA accelerator for the instance type. - FpgaDeviceInfoList: - type: array - items: - allOf: - - $ref: '#/components/schemas/FpgaDeviceInfo' - - xml: - name: item - FpgaDeviceMemorySize: - type: integer - PciId: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the vendor for the subsystem. - description: Describes the data that identifies an Amazon FPGA image (AFI) on the PCI bus. - FpgaImageState: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/FpgaImageStateCode' - - description: '

The state. The following are the possible values:

' - message: - allOf: - - $ref: '#/components/schemas/String' - - description: 'If the state is failed, this is the error message.' - description: Describes the state of the bitstream generation process for an Amazon FPGA image (AFI). - FpgaImage: - type: object - properties: - fpgaImageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The FPGA image identifier (AFI ID). - fpgaImageGlobalId: - allOf: - - $ref: '#/components/schemas/String' - - description: The global FPGA image identifier (AGFI ID). - name: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the AFI. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the AFI. - shellVersion: - allOf: - - $ref: '#/components/schemas/String' - - description: The version of the Amazon Web Services Shell that was used to create the bitstream. - pciId: - allOf: - - $ref: '#/components/schemas/PciId' - - description: Information about the PCI bus. - state: - allOf: - - $ref: '#/components/schemas/FpgaImageState' - - description: Information about the state of the AFI. - createTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The date and time the AFI was created. - updateTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time of the most recent update to the AFI. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the AFI. - ownerAlias: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The alias of the AFI owner. Possible values include self, amazon, and aws-marketplace.' - productCodes: - allOf: - - $ref: '#/components/schemas/ProductCodeList' - - description: The product codes for the AFI. - tags: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the AFI. - public: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the AFI is public. - dataRetentionSupport: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether data retention support is enabled for the AFI. - description: Describes an Amazon FPGA image (AFI). - LoadPermissionList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LoadPermission' - - xml: - name: item - FpgaImageStateCode: - type: string - enum: - - pending - - failed - - available - - unavailable - totalFpgaMemory: - type: integer - FpgaInfo: - type: object - properties: - fpgas: - allOf: - - $ref: '#/components/schemas/FpgaDeviceInfoList' - - description: Describes the FPGAs for the instance type. - totalFpgaMemoryInMiB: - allOf: - - $ref: '#/components/schemas/totalFpgaMemory' - - description: The total memory of all FPGA accelerators for the instance type. - description: Describes the FPGAs for the instance type. - FreeTierEligibleFlag: - type: boolean - GVCDMaxResults: - type: integer - minimum: 200 - maximum: 1000 - GatewayAssociationState: - type: string - enum: - - associated - - not-associated - - associating - - disassociating - GetAssociatedEnclaveCertificateIamRolesRequest: - type: object - title: GetAssociatedEnclaveCertificateIamRolesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - GetAssociatedIpv6PoolCidrsRequest: - type: object - required: - - PoolId - title: GetAssociatedIpv6PoolCidrsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Ipv6CidrAssociationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv6CidrAssociation' - - xml: - name: item - GetCapacityReservationUsageRequest: - type: object - required: - - CapacityReservationId - title: GetCapacityReservationUsageRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - GetCapacityReservationUsageRequestMaxResults: - type: integer - minimum: 1 - maximum: 1000 - InstanceUsageSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceUsage' - - xml: - name: item - GetCoipPoolUsageRequest: - type: object - required: - - PoolId - title: GetCoipPoolUsageRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Ipv4PoolCoipId' - - description: The ID of the address pool. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - GetConsoleOutputRequest: - type: object - required: - - InstanceId - title: GetConsoleOutputRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: The ID of the instance. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

When enabled, retrieves the latest console output for the instance.

Default: disabled (false)

' - GetConsoleScreenshotRequest: - type: object - required: - - InstanceId - title: GetConsoleScreenshotRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'When set to true, acts as keystroke input and wakes up an instance that''s in standby or "sleep" mode.' - UnlimitedSupportedInstanceFamily: - type: string - enum: - - t2 - - t3 - - t3a - - t4g - GetDefaultCreditSpecificationRequest: - type: object - required: - - InstanceFamily - title: GetDefaultCreditSpecificationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/UnlimitedSupportedInstanceFamily' - - description: The instance family. - InstanceFamilyCreditSpecification: - type: object - properties: - instanceFamily: - allOf: - - $ref: '#/components/schemas/UnlimitedSupportedInstanceFamily' - - description: The instance family. - cpuCredits: - allOf: - - $ref: '#/components/schemas/String' - - description: The default credit option for CPU usage of the instance family. Valid values are standard and unlimited. - description: Describes the default credit option for CPU usage of a burstable performance instance family. - GetEbsDefaultKmsKeyIdRequest: - type: object - title: GetEbsDefaultKmsKeyIdRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - GetEbsEncryptionByDefaultRequest: - type: object - title: GetEbsEncryptionByDefaultRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - IntegrateServices: - type: object - properties: - AthenaIntegration: - allOf: - - $ref: '#/components/schemas/AthenaIntegrationsSet' - - description: Information about the integration with Amazon Athena. - description: Describes service integrations with VPC Flow logs. - GetFlowLogsIntegrationTemplateRequest: - type: object - required: - - FlowLogId - - ConfigDeliveryS3DestinationArn - - IntegrateServices - title: GetFlowLogsIntegrationTemplateRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'To store the CloudFormation template in Amazon S3, specify the location in Amazon S3.' - IntegrateService: - allOf: - - $ref: '#/components/schemas/IntegrateServices' - - description: Information about the service integration. - GetGroupsForCapacityReservationRequest: - type: object - required: - - CapacityReservationId - title: GetGroupsForCapacityReservationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - GetGroupsForCapacityReservationRequestMaxResults: - type: integer - minimum: 1 - maximum: 1000 - GetHostReservationPurchasePreviewRequest: - type: object - required: - - HostIdSet - - OfferingId - title: GetHostReservationPurchasePreviewRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/OfferingId' - - description: The offering ID of the reservation. - PurchaseSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/Purchase' - - xml: - name: item - GetInstanceTypesFromInstanceRequirementsRequest: - type: object - required: - - ArchitectureTypes - - VirtualizationTypes - - InstanceRequirements - title: GetInstanceTypesFromInstanceRequirementsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ArchitectureType: - allOf: - - $ref: '#/components/schemas/ArchitectureTypeSet' - - description: The processor architecture type. - VirtualizationType: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next set of results. - InstanceTypeInfoFromInstanceRequirementsSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceTypeInfoFromInstanceRequirements' - - xml: - name: item - GetInstanceUefiDataRequest: - type: object - required: - - InstanceId - title: GetInstanceUefiDataRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - GetIpamAddressHistoryRequest: - type: object - required: - - Cidr - - IpamScopeId - title: GetIpamAddressHistoryRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - IpamAddressHistoryRecordSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpamAddressHistoryRecord' - - xml: - name: item - GetIpamPoolAllocationsMaxResults: - type: integer - minimum: 1000 - maximum: 100000 - IpamPoolAllocationId: - type: string - GetIpamPoolAllocationsRequest: - type: object - required: - - IpamPoolId - title: GetIpamPoolAllocationsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/IpamPoolAllocationId' - - description: The ID of the allocation. - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - IpamPoolAllocationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpamPoolAllocation' - - xml: - name: item - GetIpamPoolCidrsRequest: - type: object - required: - - IpamPoolId - title: GetIpamPoolCidrsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/IpamPoolId' - - description: The ID of the IPAM pool you want the CIDR for. - Filter: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - IpamPoolCidrSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpamPoolCidr' - - xml: - name: item - GetIpamResourceCidrsRequest: - type: object - required: - - IpamScopeId - title: GetIpamResourceCidrsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - Filter: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the resource. - IpamResourceCidrSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpamResourceCidr' - - xml: - name: item - GetLaunchTemplateDataRequest: - type: object - required: - - InstanceId - title: GetLaunchTemplateDataRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: The ID of the instance. - ResponseLaunchTemplateData: - type: object - properties: - kernelId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ID of the kernel, if applicable.' - ebsOptimized: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Indicates whether the instance is optimized for Amazon EBS I/O. ' - iamInstanceProfile: - allOf: - - $ref: '#/components/schemas/LaunchTemplateIamInstanceProfileSpecification' - - description: The IAM instance profile. - blockDeviceMappingSet: - allOf: - - $ref: '#/components/schemas/LaunchTemplateBlockDeviceMappingList' - - description: The block device mappings. - networkInterfaceSet: - allOf: - - $ref: '#/components/schemas/LaunchTemplateInstanceNetworkInterfaceSpecificationList' - - description: The network interfaces. - imageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the AMI that was used to launch the instance. - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: The instance type. - keyName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the key pair. - monitoring: - allOf: - - $ref: '#/components/schemas/LaunchTemplatesMonitoring' - - description: The monitoring for the instance. - placement: - allOf: - - $ref: '#/components/schemas/LaunchTemplatePlacement' - - description: The placement of the instance. - ramDiskId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ID of the RAM disk, if applicable.' - disableApiTermination: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If set to true, indicates that the instance cannot be terminated using the Amazon EC2 console, command line tool, or API.' - instanceInitiatedShutdownBehavior: - allOf: - - $ref: '#/components/schemas/ShutdownBehavior' - - description: Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). - userData: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The user data for the instance. ' - tagSpecificationSet: - allOf: - - $ref: '#/components/schemas/LaunchTemplateTagSpecificationList' - - description: The tags. - elasticGpuSpecificationSet: - allOf: - - $ref: '#/components/schemas/ElasticGpuSpecificationResponseList' - - description: The elastic GPU specification. - elasticInferenceAcceleratorSet: - allOf: - - $ref: '#/components/schemas/LaunchTemplateElasticInferenceAcceleratorResponseList' - - description: ' The elastic inference accelerator for the instance. ' - securityGroupIdSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The security group IDs. - securityGroupSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The security group names. - instanceMarketOptions: - allOf: - - $ref: '#/components/schemas/LaunchTemplateInstanceMarketOptions' - - description: The market (purchasing) option for the instances. - creditSpecification: - allOf: - - $ref: '#/components/schemas/CreditSpecification' - - description: The credit option for CPU usage of the instance. - cpuOptions: - allOf: - - $ref: '#/components/schemas/LaunchTemplateCpuOptions' - - description: 'The CPU options for the instance. For more information, see Optimizing CPU options in the Amazon Elastic Compute Cloud User Guide.' - capacityReservationSpecification: - allOf: - - $ref: '#/components/schemas/LaunchTemplateCapacityReservationSpecificationResponse' - - description: Information about the Capacity Reservation targeting option. - licenseSet: - allOf: - - $ref: '#/components/schemas/LaunchTemplateLicenseList' - - description: The license configurations. - hibernationOptions: - allOf: - - $ref: '#/components/schemas/LaunchTemplateHibernationOptions' - - description: 'Indicates whether an instance is configured for hibernation. For more information, see Hibernate your instance in the Amazon Elastic Compute Cloud User Guide.' - metadataOptions: - allOf: - - $ref: '#/components/schemas/LaunchTemplateInstanceMetadataOptions' - - description: 'The metadata options for the instance. For more information, see Instance metadata and user data in the Amazon Elastic Compute Cloud User Guide.' - enclaveOptions: - allOf: - - $ref: '#/components/schemas/LaunchTemplateEnclaveOptions' - - description: Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. - instanceRequirements: - allOf: - - $ref: '#/components/schemas/InstanceRequirements' - - description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.

If you specify InstanceRequirements, you can''t specify InstanceTypes.

' - privateDnsNameOptions: - allOf: - - $ref: '#/components/schemas/LaunchTemplatePrivateDnsNameOptions' - - description: The options for the instance hostname. - maintenanceOptions: - allOf: - - $ref: '#/components/schemas/LaunchTemplateInstanceMaintenanceOptions' - - description: The maintenance options for your instance. - description: 'The information for a launch template. ' - GetManagedPrefixListAssociationsMaxResults: - type: integer - minimum: 5 - maximum: 255 - GetManagedPrefixListAssociationsRequest: - type: object - required: - - PrefixListId - title: GetManagedPrefixListAssociationsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - PrefixListAssociationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/PrefixListAssociation' - - xml: - name: item - GetManagedPrefixListEntriesRequest: - type: object - required: - - PrefixListId - title: GetManagedPrefixListEntriesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The token for the next page of results. - PrefixListEntrySet: - type: array - items: - allOf: - - $ref: '#/components/schemas/PrefixListEntry' - - xml: - name: item - GetNetworkInsightsAccessScopeAnalysisFindingsRequest: - type: object - required: - - NetworkInsightsAccessScopeAnalysisId - title: GetNetworkInsightsAccessScopeAnalysisFindingsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - GetNetworkInsightsAccessScopeContentRequest: - type: object - required: - - NetworkInsightsAccessScopeId - title: GetNetworkInsightsAccessScopeContentRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - GetPasswordDataRequest: - type: object - required: - - InstanceId - title: GetPasswordDataRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: The ID of the Windows instance. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - GetReservedInstancesExchangeQuoteRequest: - type: object - required: - - ReservedInstanceIds - title: GetReservedInstancesExchangeQuoteRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ReservedInstanceId: - allOf: - - $ref: '#/components/schemas/ReservedInstanceIdSet' - - description: The IDs of the Convertible Reserved Instances to exchange. - TargetConfiguration: - allOf: - - $ref: '#/components/schemas/TargetConfigurationRequestSet' - - description: The configuration of the target Convertible Reserved Instance to exchange for your current Convertible Reserved Instances. - description: Contains the parameters for GetReservedInstanceExchangeQuote. - ReservationValue: - type: object - properties: - hourlyPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The hourly rate of the reservation. - remainingTotalValue: - allOf: - - $ref: '#/components/schemas/String' - - description: The balance of the total value (the sum of remainingUpfrontValue + hourlyPrice * number of hours remaining). - remainingUpfrontValue: - allOf: - - $ref: '#/components/schemas/String' - - description: The remaining upfront cost of the reservation. - description: The cost associated with the Reserved Instance. - ReservedInstanceReservationValueSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservedInstanceReservationValue' - - xml: - name: item - TargetReservationValueSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/TargetReservationValue' - - xml: - name: item - GetSerialConsoleAccessStatusRequest: - type: object - title: GetSerialConsoleAccessStatusRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - GetSpotPlacementScoresRequest: - type: object - required: - - TargetCapacity - title: GetSpotPlacementScoresRequest - properties: - InstanceType: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Specify true so that the response returns a list of scored Availability Zones. Otherwise, the response returns a list of scored Regions.

A list of scored Availability Zones is useful if you want to launch all of your Spot capacity into a single Availability Zone.

' - RegionName: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next set of results. - SpotPlacementScores: - type: array - items: - allOf: - - $ref: '#/components/schemas/SpotPlacementScore' - - xml: - name: item - GetSubnetCidrReservationsMaxResults: - type: integer - minimum: 5 - maximum: 1000 - GetSubnetCidrReservationsRequest: - type: object - required: - - SubnetId - title: GetSubnetCidrReservationsRequest - properties: - Filter: - allOf: - - $ref: '#/components/schemas/GetSubnetCidrReservationsMaxResults' - - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' - SubnetCidrReservationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SubnetCidrReservation' - - xml: - name: item - GetTransitGatewayAttachmentPropagationsRequest: - type: object - required: - - TransitGatewayAttachmentId - title: GetTransitGatewayAttachmentPropagationsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentId' - - description: The ID of the attachment. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayAttachmentPropagationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentPropagation' - - xml: - name: item - GetTransitGatewayMulticastDomainAssociationsRequest: - type: object - title: GetTransitGatewayMulticastDomainAssociationsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDomainId' - - description: The ID of the transit gateway multicast domain. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayMulticastDomainAssociationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDomainAssociation' - - xml: - name: item - GetTransitGatewayPrefixListReferencesRequest: - type: object - required: - - TransitGatewayRouteTableId - title: GetTransitGatewayPrefixListReferencesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableId' - - description: The ID of the transit gateway route table. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayPrefixListReferenceSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayPrefixListReference' - - xml: - name: item - GetTransitGatewayRouteTableAssociationsRequest: - type: object - required: - - TransitGatewayRouteTableId - title: GetTransitGatewayRouteTableAssociationsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableId' - - description: The ID of the transit gateway route table. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayRouteTableAssociationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableAssociation' - - xml: - name: item - GetTransitGatewayRouteTablePropagationsRequest: - type: object - required: - - TransitGatewayRouteTableId - title: GetTransitGatewayRouteTablePropagationsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableId' - - description: The ID of the transit gateway route table. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayRouteTablePropagationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTablePropagation' - - xml: - name: item - GetVpnConnectionDeviceSampleConfigurationRequest: - type: object - required: - - VpnConnectionId - - VpnConnectionDeviceTypeId - title: GetVpnConnectionDeviceSampleConfigurationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - VpnConnectionDeviceSampleConfiguration: - type: string - format: password - GetVpnConnectionDeviceTypesRequest: - type: object - title: GetVpnConnectionDeviceTypesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - VpnConnectionDeviceTypeList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpnConnectionDeviceType' - - xml: - name: item - GpuDeviceCount: - type: integer - GpuDeviceName: - type: string - GpuDeviceManufacturerName: - type: string - GpuDeviceMemoryInfo: - type: object - properties: - sizeInMiB: - allOf: - - $ref: '#/components/schemas/GpuDeviceMemorySize' - - description: 'The size of the memory available to the GPU accelerator, in MiB.' - description: Describes the memory available to the GPU accelerator. - GpuDeviceInfo: - type: object - properties: - name: - allOf: - - $ref: '#/components/schemas/GpuDeviceName' - - description: The name of the GPU accelerator. - manufacturer: - allOf: - - $ref: '#/components/schemas/GpuDeviceManufacturerName' - - description: The manufacturer of the GPU accelerator. - count: - allOf: - - $ref: '#/components/schemas/GpuDeviceCount' - - description: The number of GPUs for the instance type. - memoryInfo: - allOf: - - $ref: '#/components/schemas/GpuDeviceMemoryInfo' - - description: Describes the memory available to the GPU accelerator. - description: Describes the GPU accelerators for the instance type. - GpuDeviceInfoList: - type: array - items: - allOf: - - $ref: '#/components/schemas/GpuDeviceInfo' - - xml: - name: item - GpuDeviceMemorySize: - type: integer - totalGpuMemory: - type: integer - GpuInfo: - type: object - properties: - gpus: - allOf: - - $ref: '#/components/schemas/GpuDeviceInfoList' - - description: Describes the GPU accelerators for the instance type. - totalGpuMemoryInMiB: - allOf: - - $ref: '#/components/schemas/totalGpuMemory' - - description: 'The total size of the memory for the GPU accelerators for the instance type, in MiB.' - description: Describes the GPU accelerators for the instance type. - GroupIdentifier: - type: object - properties: - groupName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the security group. - groupId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the security group. - description: Describes a security group. - SecurityGroupIdentifier: - type: object - properties: - groupId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the security group. - groupName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the security group. - description: Describes a security group. - GroupIdentifierSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupIdentifier' - - xml: - name: item - HibernationFlag: - type: boolean - HibernationOptions: - type: object - properties: - configured: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If this parameter is set to true, your instance is enabled for hibernation; otherwise, it is not enabled for hibernation.' - description: 'Indicates whether your instance is configured for hibernation. This parameter is valid only if the instance meets the hibernation prerequisites. For more information, see Hibernate your instance in the Amazon EC2 User Guide.' - HibernationOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

If you set this parameter to true, your instance is enabled for hibernation.

Default: false

' - description: 'Indicates whether your instance is configured for hibernation. This parameter is valid only if the instance meets the hibernation prerequisites. For more information, see Hibernate your instance in the Amazon EC2 User Guide.' - HistoryRecord: - type: object - properties: - eventInformation: - allOf: - - $ref: '#/components/schemas/EventInformation' - - description: Information about the event. - eventType: - allOf: - - $ref: '#/components/schemas/EventType' - - description:

The event type.

- timestamp: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The date and time of the event, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - description: Describes an event in the history of the Spot Fleet request. - HistoryRecordEntry: - type: object - properties: - eventInformation: - allOf: - - $ref: '#/components/schemas/EventInformation' - - description: Information about the event. - eventType: - allOf: - - $ref: '#/components/schemas/FleetEventType' - - description: The event type. - timestamp: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The date and time of the event, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - description: Describes an event in the history of an EC2 Fleet. - HostProperties: - type: object - properties: - cores: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of cores on the Dedicated Host. - instanceType: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The instance type supported by the Dedicated Host. For example, m5.large. If the host supports multiple instance types, no instanceType is returned.' - instanceFamily: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The instance family supported by the Dedicated Host. For example, m5.' - sockets: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of sockets on the Dedicated Host. - totalVCpus: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The total number of vCPUs on the Dedicated Host. - description: Describes the properties of a Dedicated Host. - HostInstanceList: - type: array - items: - allOf: - - $ref: '#/components/schemas/HostInstance' - - xml: - name: item - HostRecovery: - type: string - enum: - - 'on' - - 'off' - Host: - type: object - properties: - autoPlacement: - allOf: - - $ref: '#/components/schemas/AutoPlacement' - - description: Whether auto-placement is on or off. - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone of the Dedicated Host. - availableCapacity: - allOf: - - $ref: '#/components/schemas/AvailableCapacity' - - description: Information about the instances running on the Dedicated Host. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' - hostId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Dedicated Host. - hostProperties: - allOf: - - $ref: '#/components/schemas/HostProperties' - - description: The hardware specifications of the Dedicated Host. - hostReservationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The reservation ID of the Dedicated Host. This returns a null response if the Dedicated Host doesn't have an associated reservation. - instances: - allOf: - - $ref: '#/components/schemas/HostInstanceList' - - description: The IDs and instance type that are currently running on the Dedicated Host. - state: - allOf: - - $ref: '#/components/schemas/AllocationState' - - description: The Dedicated Host's state. - allocationTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time that the Dedicated Host was allocated. - releaseTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time that the Dedicated Host was released. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the Dedicated Host. - hostRecovery: - allOf: - - $ref: '#/components/schemas/HostRecovery' - - description: Indicates whether host recovery is enabled or disabled for the Dedicated Host. - allowsMultipleInstanceTypes: - allOf: - - $ref: '#/components/schemas/AllowsMultipleInstanceTypes' - - description: 'Indicates whether the Dedicated Host supports multiple instance types of the same instance family. If the value is on, the Dedicated Host supports multiple instance types in the instance family. If the value is off, the Dedicated Host supports a single instance type only.' - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the Dedicated Host. - availabilityZoneId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Availability Zone in which the Dedicated Host is allocated. - memberOfServiceLinkedResourceGroup: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Indicates whether the Dedicated Host is in a host resource group. If memberOfServiceLinkedResourceGroup is true, the host is in a host resource group; otherwise, it is not.' - outpostArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Amazon Web Services Outpost on which the Dedicated Host is allocated. - description: Describes the properties of the Dedicated Host. - HostInstance: - type: object - properties: - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of instance that is running on the Dedicated Host. - instanceType: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The instance type (for example, m3.medium) of the running instance.' - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the instance. - description: Describes an instance running on a Dedicated Host. - PaymentOption: - type: string - enum: - - AllUpfront - - PartialUpfront - - NoUpfront - HostOffering: - type: object - properties: - currencyCode: - allOf: - - $ref: '#/components/schemas/CurrencyCodeValues' - - description: The currency of the offering. - duration: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The duration of the offering (in seconds). - hourlyPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The hourly price of the offering. - instanceFamily: - allOf: - - $ref: '#/components/schemas/String' - - description: The instance family of the offering. - offeringId: - allOf: - - $ref: '#/components/schemas/OfferingId' - - description: The ID of the offering. - paymentOption: - allOf: - - $ref: '#/components/schemas/PaymentOption' - - description: The available payment option. - upfrontPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The upfront price of the offering. Does not apply to No Upfront offerings. - description: Details about the Dedicated Host Reservation offering. - ResponseHostIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - ReservationState: - type: string - enum: - - payment-pending - - payment-failed - - active - - retired - HostReservation: - type: object - properties: - count: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of Dedicated Hosts the reservation is associated with. - currencyCode: - allOf: - - $ref: '#/components/schemas/CurrencyCodeValues' - - description: 'The currency in which the upfrontPrice and hourlyPrice amounts are specified. At this time, the only supported currency is USD.' - duration: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The length of the reservation''s term, specified in seconds. Can be 31536000 (1 year) | 94608000 (3 years).' - end: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The date and time that the reservation ends. - hostIdSet: - allOf: - - $ref: '#/components/schemas/ResponseHostIdSet' - - description: The IDs of the Dedicated Hosts associated with the reservation. - hostReservationId: - allOf: - - $ref: '#/components/schemas/HostReservationId' - - description: The ID of the reservation that specifies the associated Dedicated Hosts. - hourlyPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The hourly price of the reservation. - instanceFamily: - allOf: - - $ref: '#/components/schemas/String' - - description: The instance family of the Dedicated Host Reservation. The instance family on the Dedicated Host must be the same in order for it to benefit from the reservation. - offeringId: - allOf: - - $ref: '#/components/schemas/OfferingId' - - description: The ID of the reservation. This remains the same regardless of which Dedicated Hosts are associated with it. - paymentOption: - allOf: - - $ref: '#/components/schemas/PaymentOption' - - description: The payment option selected for this reservation. - start: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The date and time that the reservation started. - state: - allOf: - - $ref: '#/components/schemas/ReservationState' - - description: The state of the reservation. - upfrontPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The upfront price of the reservation. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the Dedicated Host Reservation. - description: Details about the Dedicated Host Reservation and associated Dedicated Hosts. - HostReservationIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/HostReservationId' - - xml: - name: item - HostTenancy: - type: string - enum: - - dedicated - - host - HostnameType: - type: string - enum: - - ip-name - - resource-name - Hour: - type: integer - minimum: 0 - maximum: 23 - HttpTokensState: - type: string - enum: - - optional - - required - HypervisorType: - type: string - enum: - - ovm - - xen - IKEVersionsListValue: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The IKE version. - description: The internet key exchange (IKE) version permitted for the VPN tunnel. - IKEVersionsList: - type: array - items: - allOf: - - $ref: '#/components/schemas/IKEVersionsListValue' - - xml: - name: item - IKEVersionsRequestListValue: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The IKE version. - description: The IKE version that is permitted for the VPN tunnel. - IKEVersionsRequestList: - type: array - items: - allOf: - - $ref: '#/components/schemas/IKEVersionsRequestListValue' - - xml: - name: item - IamInstanceProfile: - type: object - properties: - arn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the instance profile. - id: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance profile. - description: Describes an IAM instance profile. - IamInstanceProfileAssociationState: - type: string - enum: - - associating - - associated - - disassociating - - disassociated - IdFormat: - type: object - properties: - deadline: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The date in UTC at which you are permanently switched over to using longer IDs. If a deadline is not yet available for this resource type, this field is not returned.' - resource: - allOf: - - $ref: '#/components/schemas/String' - - description: The type of resource. - useLongIds: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether longer IDs (17-character IDs) are enabled for the resource. - description: Describes the ID format for a resource. - Igmpv2SupportValue: - type: string - enum: - - enable - - disable - ImageTypeValues: - type: string - enum: - - machine - - kernel - - ramdisk - ImageState: - type: string - enum: - - pending - - available - - invalid - - deregistered - - transient - - failed - - error - StateReason: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/String' - - description: The reason code for the state change. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The message for the state change.

' - description: Describes a state change. - TpmSupportValues: - type: string - enum: - - v2.0 - Image: - type: object - properties: - architecture: - allOf: - - $ref: '#/components/schemas/ArchitectureValues' - - description: The architecture of the image. - creationDate: - allOf: - - $ref: '#/components/schemas/String' - - description: The date and time the image was created. - imageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the AMI. - imageLocation: - allOf: - - $ref: '#/components/schemas/String' - - description: The location of the AMI. - imageType: - allOf: - - $ref: '#/components/schemas/ImageTypeValues' - - description: The type of image. - isPublic: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the image has public launch permissions. The value is true if this image has public launch permissions or false if it has only implicit and explicit launch permissions. - kernelId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The kernel associated with the image, if any. Only applicable for machine images.' - imageOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the image. - platform: - allOf: - - $ref: '#/components/schemas/PlatformValues' - - description: 'This value is set to windows for Windows AMIs; otherwise, it is blank.' - platformDetails: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The platform details associated with the billing code of the AMI. For more information, see Understanding AMI billing in the Amazon Elastic Compute Cloud User Guide.' - usageOperation: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The operation of the Amazon EC2 instance and the billing code that is associated with the AMI. usageOperation corresponds to the lineitem/Operation column on your Amazon Web Services Cost and Usage Report and in the Amazon Web Services Price List API. You can view these fields on the Instances or AMIs pages in the Amazon EC2 console, or in the responses that are returned by the DescribeImages command in the Amazon EC2 API, or the describe-images command in the CLI.' - productCodes: - allOf: - - $ref: '#/components/schemas/ProductCodeList' - - description: Any product codes associated with the AMI. - ramdiskId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The RAM disk associated with the image, if any. Only applicable for machine images.' - imageState: - allOf: - - $ref: '#/components/schemas/ImageState' - - description: 'The current state of the AMI. If the state is available, the image is successfully registered and can be used to launch an instance.' - blockDeviceMapping: - allOf: - - $ref: '#/components/schemas/BlockDeviceMappingList' - - description: Any block device mapping entries. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the AMI that was provided during image creation. - enaSupport: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Specifies whether enhanced networking with ENA is enabled. - hypervisor: - allOf: - - $ref: '#/components/schemas/HypervisorType' - - description: The hypervisor type of the image. - imageOwnerAlias: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The Amazon Web Services account alias (for example, amazon, self) or the Amazon Web Services account ID of the AMI owner.' - name: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the AMI that was provided during image creation. - rootDeviceName: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The device name of the root device volume (for example, /dev/sda1).' - rootDeviceType: - allOf: - - $ref: '#/components/schemas/DeviceType' - - description: The type of root device used by the AMI. The AMI can use an Amazon EBS volume or an instance store volume. - sriovNetSupport: - allOf: - - $ref: '#/components/schemas/String' - - description: Specifies whether enhanced networking with the Intel 82599 Virtual Function interface is enabled. - stateReason: - allOf: - - $ref: '#/components/schemas/StateReason' - - description: The reason for the state change. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the image. - virtualizationType: - allOf: - - $ref: '#/components/schemas/VirtualizationType' - - description: The type of virtualization of the AMI. - bootMode: - allOf: - - $ref: '#/components/schemas/BootModeValues' - - description: 'The boot mode of the image. For more information, see Boot modes in the Amazon Elastic Compute Cloud User Guide.' - tpmSupport: - allOf: - - $ref: '#/components/schemas/TpmSupportValues' - - description: 'If the image is configured for NitroTPM support, the value is v2.0. For more information, see NitroTPM in the Amazon Elastic Compute Cloud User Guide.' - deprecationTime: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The date and time to deprecate the AMI, in UTC, in the following format: YYYY-MM-DDTHH:MM:SSZ. If you specified a value for seconds, Amazon EC2 rounds the seconds to the nearest minute.' - description: Describes an image. - ImageAttributeName: - type: string - enum: - - description - - kernel - - ramdisk - - launchPermission - - productCodes - - blockDeviceMapping - - sriovNetSupport - - bootMode - - tpmSupport - - uefiData - - lastLaunchedTime - ImageDiskContainerList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImageDiskContainer' - - xml: - name: item - ImageIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImageId' - - xml: - name: item - ImageRecycleBinInfo: - type: object - properties: - imageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the AMI. - name: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the AMI. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the AMI. - recycleBinEnterTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time when the AMI entered the Recycle Bin. - recycleBinExitTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time when the AMI is to be permanently deleted from the Recycle Bin. - description: Information about an AMI that is currently in the Recycle Bin. - ImageRecycleBinInfoList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImageRecycleBinInfo' - - xml: - name: item - ImportClientVpnClientCertificateRevocationListRequest: - type: object - required: - - ClientVpnEndpointId - - CertificateRevocationList - title: ImportClientVpnClientCertificateRevocationListRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ImportImageLicenseConfigurationResponse: - type: object - properties: - licenseConfigurationArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The ARN of a license configuration. - description: ' The response information for license configurations.' - ImportImageLicenseSpecificationListRequest: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImportImageLicenseConfigurationRequest' - - xml: - name: item - ImportImageLicenseSpecificationListResponse: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImportImageLicenseConfigurationResponse' - - xml: - name: item - ImportImageRequest: - type: object - title: ImportImageRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: A description string for the import image task. - DiskContainer: - allOf: - - $ref: '#/components/schemas/ImportImageLicenseSpecificationListRequest' - - description: The ARNs of the license configurations. - TagSpecification: - allOf: - - $ref: '#/components/schemas/BootModeValues' - - description: The boot mode of the virtual machine. - SnapshotDetailList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SnapshotDetail' - - xml: - name: item - ImportImageTask: - type: object - properties: - architecture: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The architecture of the virtual machine.

Valid values: i386 | x86_64 | arm64

' - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description of the import task. - encrypted: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the image is encrypted. - hypervisor: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The target hypervisor for the import task.

Valid values: xen

' - imageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Machine Image (AMI) of the imported virtual machine. - importTaskId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the import image task. - kmsKeyId: - allOf: - - $ref: '#/components/schemas/String' - - description: The identifier for the KMS key that was used to create the encrypted image. - licenseType: - allOf: - - $ref: '#/components/schemas/String' - - description: The license type of the virtual machine. - platform: - allOf: - - $ref: '#/components/schemas/String' - - description: The description string for the import image task. - progress: - allOf: - - $ref: '#/components/schemas/String' - - description: The percentage of progress of the import image task. - snapshotDetailSet: - allOf: - - $ref: '#/components/schemas/SnapshotDetailList' - - description: Information about the snapshots. - status: - allOf: - - $ref: '#/components/schemas/String' - - description: A brief status for the import image task. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: A descriptive status message for the import image task. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the import image task. - licenseSpecifications: - allOf: - - $ref: '#/components/schemas/ImportImageLicenseSpecificationListResponse' - - description: The ARNs of the license configurations that are associated with the import image task. - usageOperation: - allOf: - - $ref: '#/components/schemas/String' - - description: The usage operation value. - bootMode: - allOf: - - $ref: '#/components/schemas/BootModeValues' - - description: The boot mode of the virtual machine. - description: Describes an import image task. - ImportInstanceLaunchSpecification: - type: object - properties: - additionalInfo: - allOf: - - $ref: '#/components/schemas/String' - - description: Reserved. - architecture: - allOf: - - $ref: '#/components/schemas/ArchitectureValues' - - description: The architecture of the instance. - GroupId: - allOf: - - $ref: '#/components/schemas/SecurityGroupIdStringList' - - description: The security group IDs. - GroupName: - allOf: - - $ref: '#/components/schemas/SecurityGroupStringList' - - description: The security group names. - instanceInitiatedShutdownBehavior: - allOf: - - $ref: '#/components/schemas/ShutdownBehavior' - - description: Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: 'The instance type. For more information about the instance types that you can import, see Instance Types in the VM Import/Export User Guide.' - monitoring: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether monitoring is enabled. - placement: - allOf: - - $ref: '#/components/schemas/Placement' - - description: The placement information for the instance. - privateIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: '[EC2-VPC] An available IP address from the IP address range of the subnet.' - subnetId: - allOf: - - $ref: '#/components/schemas/SubnetId' - - description: '[EC2-VPC] The ID of the subnet in which to launch the instance.' - userData: - allOf: - - $ref: '#/components/schemas/UserData' - - description: The Base64-encoded user data to make available to the instance. - description: Describes the launch specification for VM import. - ImportInstanceRequest: - type: object - required: - - Platform - title: ImportInstanceRequest - properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description for the instance being imported. - diskImage: - allOf: - - $ref: '#/components/schemas/DiskImageList' - - description: The disk image. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - launchSpecification: - allOf: - - $ref: '#/components/schemas/ImportInstanceLaunchSpecification' - - description: The launch specification. - platform: - allOf: - - $ref: '#/components/schemas/PlatformValues' - - description: The instance operating system. - ImportInstanceVolumeDetailSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImportInstanceVolumeDetailItem' - - xml: - name: item - ImportInstanceVolumeDetailItem: - type: object - properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone where the resulting instance will reside. - bytesConverted: - allOf: - - $ref: '#/components/schemas/Long' - - description: The number of bytes converted so far. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description of the task. - image: - allOf: - - $ref: '#/components/schemas/DiskImageDescription' - - description: The image. - status: - allOf: - - $ref: '#/components/schemas/String' - - description: The status of the import of this particular disk image. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: The status information or errors related to the disk image. - volume: - allOf: - - $ref: '#/components/schemas/DiskImageVolumeDescription' - - description: The volume. - description: Describes an import volume task. - ImportKeyPairRequest: - type: object - required: - - KeyName - - PublicKeyMaterial - title: ImportKeyPairRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - keyName: - allOf: - - $ref: '#/components/schemas/String' - - description: A unique name for the key pair. - publicKeyMaterial: - allOf: - - $ref: '#/components/schemas/Blob' - - description: 'The public key. For API calls, the text must be base64-encoded. For command line tools, base64 encoding is performed for you.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to apply to the imported key pair. - ImportSnapshotRequest: - type: object - title: ImportSnapshotRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The name of the role to use when not using the default role, ''vmimport''.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to apply to the import snapshot task during creation. - SnapshotTaskDetail: - type: object - properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the snapshot. - diskImageSize: - allOf: - - $ref: '#/components/schemas/Double' - - description: 'The size of the disk in the snapshot, in GiB.' - encrypted: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the snapshot is encrypted. - format: - allOf: - - $ref: '#/components/schemas/String' - - description: The format of the disk image from which the snapshot is created. - kmsKeyId: - allOf: - - $ref: '#/components/schemas/String' - - description: The identifier for the KMS key that was used to create the encrypted snapshot. - progress: - allOf: - - $ref: '#/components/schemas/String' - - description: The percentage of completion for the import snapshot task. - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: The snapshot ID of the disk being imported. - status: - allOf: - - $ref: '#/components/schemas/String' - - description: A brief status for the import snapshot task. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: A detailed status message for the import snapshot task. - url: - allOf: - - $ref: '#/components/schemas/String' - - description: The URL of the disk image from which the snapshot is created. - userBucket: - allOf: - - $ref: '#/components/schemas/UserBucketDetails' - - description: The Amazon S3 bucket for the disk image. - description: Details about the import snapshot task. - ImportSnapshotTask: - type: object - properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description of the import snapshot task. - importTaskId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the import snapshot task. - snapshotTaskDetail: - allOf: - - $ref: '#/components/schemas/SnapshotTaskDetail' - - description: Describes an import snapshot task. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the import snapshot task. - description: Describes an import snapshot task. - ImportSnapshotTaskIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImportSnapshotTaskId' - - xml: - name: ImportTaskId - ImportTaskIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ImportImageTaskId' - - xml: - name: ImportTaskId - ImportVolumeRequest: - type: object - required: - - AvailabilityZone - - Image - - Volume - title: ImportVolumeRequest - properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone for the resulting EBS volume. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description of the volume. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - image: - allOf: - - $ref: '#/components/schemas/DiskImageDetail' - - description: The disk image. - volume: - allOf: - - $ref: '#/components/schemas/VolumeDetail' - - description: The volume size. - InferenceDeviceInfoList: - type: array - items: - $ref: '#/components/schemas/InferenceDeviceInfo' - InferenceAcceleratorInfo: - type: object - properties: - accelerators: - allOf: - - $ref: '#/components/schemas/InferenceDeviceInfoList' - - description: Describes the Inference accelerators for the instance type. - description: Describes the Inference accelerators for the instance type. - InferenceDeviceCount: - type: integer - InferenceDeviceName: - type: string - InferenceDeviceManufacturerName: - type: string - InferenceDeviceInfo: - type: object - properties: - count: - allOf: - - $ref: '#/components/schemas/InferenceDeviceCount' - - description: The number of Inference accelerators for the instance type. - name: - allOf: - - $ref: '#/components/schemas/InferenceDeviceName' - - description: The name of the Inference accelerator. - manufacturer: - allOf: - - $ref: '#/components/schemas/InferenceDeviceManufacturerName' - - description: The manufacturer of the Inference accelerator. - description: Describes the Inference accelerators for the instance type. - Monitoring: - type: object - properties: - state: - allOf: - - $ref: '#/components/schemas/MonitoringState' - - description: 'Indicates whether detailed monitoring is enabled. Otherwise, basic monitoring is enabled.' - description: Describes the monitoring of an instance. - InstanceState: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The state of the instance as a 16-bit unsigned integer.

The high byte is all of the bits between 2^8 and (2^16)-1, which equals decimal values between 256 and 65,535. These numerical values are used for internal purposes and should be ignored.

The low byte is all of the bits between 2^0 and (2^8)-1, which equals decimal values between 0 and 255.

The valid values for instance-state-code will all be in the range of the low byte and they are:

You can ignore the high byte value by zeroing out all of the bits above 2^8 or 256 in decimal.

' - name: - allOf: - - $ref: '#/components/schemas/InstanceStateName' - - description: The current state of the instance. - description: Describes the current state of an instance. - InstanceBlockDeviceMappingList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceBlockDeviceMapping' - - xml: - name: item - InstanceLifecycleType: - type: string - enum: - - spot - - scheduled - InstanceNetworkInterfaceList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceNetworkInterface' - - xml: - name: item - LicenseList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LicenseConfiguration' - - xml: - name: item - InstanceMetadataOptionsResponse: - type: object - properties: - state: - allOf: - - $ref: '#/components/schemas/InstanceMetadataOptionsState' - - description:

The state of the metadata option changes.

pending - The metadata options are being updated and the instance is not ready to process metadata traffic with the new selection.

applied - The metadata options have been successfully applied on the instance.

- httpTokens: - allOf: - - $ref: '#/components/schemas/HttpTokensState' - - description: '

The state of token usage for your instance metadata requests.

If the state is optional, you can choose to retrieve instance metadata with or without a signed token header on your request. If you retrieve the IAM role credentials without a token, the version 1.0 role credentials are returned. If you retrieve the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned.

If the state is required, you must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credential always returns the version 2.0 credentials; the version 1.0 credentials are not available.

Default: optional

' - httpPutResponseHopLimit: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.

Default: 1

Possible values: Integers from 1 to 64

' - httpEndpoint: - allOf: - - $ref: '#/components/schemas/InstanceMetadataEndpointState' - - description: '

Indicates whether the HTTP metadata endpoint on your instances is enabled or disabled.

If the value is disabled, you cannot access your instance metadata.

' - httpProtocolIpv6: - allOf: - - $ref: '#/components/schemas/InstanceMetadataProtocolState' - - description: Indicates whether the IPv6 endpoint for the instance metadata service is enabled or disabled. - instanceMetadataTags: - allOf: - - $ref: '#/components/schemas/InstanceMetadataTagsState' - - description: 'Indicates whether access to instance tags from the instance metadata is enabled or disabled. For more information, see Work with instance tags using the instance metadata.' - description: The metadata options for the instance. - PrivateDnsNameOptionsResponse: - type: object - properties: - hostnameType: - allOf: - - $ref: '#/components/schemas/HostnameType' - - description: The type of hostname to assign to an instance. - enableResourceNameDnsARecord: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to respond to DNS queries for instance hostnames with DNS A records. - enableResourceNameDnsAAAARecord: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. - description: Describes the options for instance hostnames. - InstanceMaintenanceOptions: - type: object - properties: - autoRecovery: - allOf: - - $ref: '#/components/schemas/InstanceAutoRecoveryState' - - description: Provides information on the current automatic recovery behavior of your instance. - description: The maintenance options for the instance. - Instance: - type: object - properties: - amiLaunchIndex: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The AMI launch index, which can be used to find this instance in the launch group.' - imageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the AMI used to launch the instance. - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: The instance type. - kernelId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The kernel associated with this instance, if applicable.' - keyName: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The name of the key pair, if this instance was launched with an associated key pair.' - launchTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time the instance was launched. - monitoring: - allOf: - - $ref: '#/components/schemas/Monitoring' - - description: The monitoring for the instance. - placement: - allOf: - - $ref: '#/components/schemas/Placement' - - description: 'The location where the instance launched, if applicable.' - platform: - allOf: - - $ref: '#/components/schemas/PlatformValues' - - description: The value is Windows for Windows instances; otherwise blank. - privateDnsName: - allOf: - - $ref: '#/components/schemas/String' - - description: '

(IPv4 only) The private DNS hostname name assigned to the instance. This DNS hostname can only be used inside the Amazon EC2 network. This name is not available until the instance enters the running state.

[EC2-VPC] The Amazon-provided DNS server resolves Amazon-provided private DNS hostnames if you''ve enabled DNS resolution and DNS hostnames in your VPC. If you are not using the Amazon-provided DNS server in your VPC, your custom domain name servers must resolve the hostname as appropriate.

' - privateIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The private IPv4 address assigned to the instance. - productCodes: - allOf: - - $ref: '#/components/schemas/ProductCodeList' - - description: 'The product codes attached to this instance, if applicable.' - dnsName: - allOf: - - $ref: '#/components/schemas/String' - - description: '(IPv4 only) The public DNS name assigned to the instance. This name is not available until the instance enters the running state. For EC2-VPC, this name is only available if you''ve enabled DNS hostnames for your VPC.' - ipAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The public IPv4 address, or the Carrier IP address assigned to the instance, if applicable.

A Carrier IP address only applies to an instance launched in a subnet associated with a Wavelength Zone.

' - ramdiskId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The RAM disk associated with this instance, if applicable.' - instanceState: - allOf: - - $ref: '#/components/schemas/InstanceState' - - description: The current state of the instance. - reason: - allOf: - - $ref: '#/components/schemas/String' - - description: The reason for the most recent state transition. This might be an empty string. - subnetId: - allOf: - - $ref: '#/components/schemas/String' - - description: '[EC2-VPC] The ID of the subnet in which the instance is running.' - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: '[EC2-VPC] The ID of the VPC in which the instance is running.' - architecture: - allOf: - - $ref: '#/components/schemas/ArchitectureValues' - - description: The architecture of the image. - blockDeviceMapping: - allOf: - - $ref: '#/components/schemas/InstanceBlockDeviceMappingList' - - description: Any block device mapping entries for the instance. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The idempotency token you provided when you launched the instance, if applicable.' - ebsOptimized: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance. - enaSupport: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Specifies whether enhanced networking with ENA is enabled. - hypervisor: - allOf: - - $ref: '#/components/schemas/HypervisorType' - - description: The hypervisor type of the instance. The value xen is used for both Xen and Nitro hypervisors. - iamInstanceProfile: - allOf: - - $ref: '#/components/schemas/IamInstanceProfile' - - description: 'The IAM instance profile associated with the instance, if applicable.' - instanceLifecycle: - allOf: - - $ref: '#/components/schemas/InstanceLifecycleType' - - description: Indicates whether this is a Spot Instance or a Scheduled Instance. - elasticGpuAssociationSet: - allOf: - - $ref: '#/components/schemas/ElasticGpuAssociationList' - - description: The Elastic GPU associated with the instance. - elasticInferenceAcceleratorAssociationSet: - allOf: - - $ref: '#/components/schemas/ElasticInferenceAcceleratorAssociationList' - - description: ' The elastic inference accelerator associated with the instance.' - networkInterfaceSet: - allOf: - - $ref: '#/components/schemas/InstanceNetworkInterfaceList' - - description: '[EC2-VPC] The network interfaces for the instance.' - outpostArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Outpost. - rootDeviceName: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The device name of the root device volume (for example, /dev/sda1).' - rootDeviceType: - allOf: - - $ref: '#/components/schemas/DeviceType' - - description: The root device type used by the AMI. The AMI can use an EBS volume or an instance store volume. - groupSet: - allOf: - - $ref: '#/components/schemas/GroupIdentifierList' - - description: The security groups for the instance. - sourceDestCheck: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether source/destination checking is enabled. - spotInstanceRequestId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'If the request is a Spot Instance request, the ID of the request.' - sriovNetSupport: - allOf: - - $ref: '#/components/schemas/String' - - description: Specifies whether enhanced networking with the Intel 82599 Virtual Function interface is enabled. - stateReason: - allOf: - - $ref: '#/components/schemas/StateReason' - - description: The reason for the most recent state transition. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the instance. - virtualizationType: - allOf: - - $ref: '#/components/schemas/VirtualizationType' - - description: The virtualization type of the instance. - cpuOptions: - allOf: - - $ref: '#/components/schemas/CpuOptions' - - description: The CPU options for the instance. - capacityReservationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Capacity Reservation. - capacityReservationSpecification: - allOf: - - $ref: '#/components/schemas/CapacityReservationSpecificationResponse' - - description: Information about the Capacity Reservation targeting option. - hibernationOptions: - allOf: - - $ref: '#/components/schemas/HibernationOptions' - - description: Indicates whether the instance is enabled for hibernation. - licenseSet: - allOf: - - $ref: '#/components/schemas/LicenseList' - - description: The license configurations for the instance. - metadataOptions: - allOf: - - $ref: '#/components/schemas/InstanceMetadataOptionsResponse' - - description: The metadata options for the instance. - enclaveOptions: - allOf: - - $ref: '#/components/schemas/EnclaveOptions' - - description: Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. - bootMode: - allOf: - - $ref: '#/components/schemas/BootModeValues' - - description: 'The boot mode of the instance. For more information, see Boot modes in the Amazon EC2 User Guide.' - platformDetails: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The platform details value for the instance. For more information, see AMI billing information fields in the Amazon EC2 User Guide.' - usageOperation: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The usage operation value for the instance. For more information, see AMI billing information fields in the Amazon EC2 User Guide.' - usageOperationUpdateTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time that the usage operation was last updated. - privateDnsNameOptions: - allOf: - - $ref: '#/components/schemas/PrivateDnsNameOptionsResponse' - - description: The options for the instance hostname. - ipv6Address: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 address assigned to the instance. - tpmSupport: - allOf: - - $ref: '#/components/schemas/String' - - description: 'If the instance is configured for NitroTPM support, the value is v2.0. For more information, see NitroTPM in the Amazon EC2 User Guide.' - maintenanceOptions: - allOf: - - $ref: '#/components/schemas/InstanceMaintenanceOptions' - - description: Provides information on the recovery and maintenance options of your instance. - description: Describes an instance. - InstanceBlockDeviceMapping: - type: object - properties: - deviceName: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The device name (for example, /dev/sdh or xvdh).' - ebs: - allOf: - - $ref: '#/components/schemas/EbsInstanceBlockDevice' - - description: Parameters used to automatically set up EBS volumes when the instance is launched. - description: Describes a block device mapping. - InstanceBlockDeviceMappingSpecificationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceBlockDeviceMappingSpecification' - - xml: - name: item - ListingState: - type: string - enum: - - available - - sold - - cancelled - - pending - InstanceCount: - type: object - properties: - instanceCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of listed Reserved Instances in the state specified by the state. - state: - allOf: - - $ref: '#/components/schemas/ListingState' - - description: The states of the listed Reserved Instances. - description: Describes a Reserved Instance listing state. - InstanceCountList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceCount' - - xml: - name: item - InstanceCreditSpecification: - type: object - properties: - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - cpuCredits: - allOf: - - $ref: '#/components/schemas/String' - - description: The credit option for CPU usage of the instance. Valid values are standard and unlimited. - description: 'Describes the credit option for CPU usage of a burstable performance instance. ' - InstanceCreditSpecificationListRequest: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceCreditSpecificationRequest' - - xml: - name: item - InstanceEventId: - type: string - InstanceEventWindowTimeRangeList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowTimeRange' - - xml: - name: item - InstanceEventWindowAssociationTarget: - type: object - properties: - instanceIdSet: - allOf: - - $ref: '#/components/schemas/InstanceIdList' - - description: The IDs of the instances associated with the event window. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The instance tags associated with the event window. Any instances associated with the tags will be associated with the event window. - dedicatedHostIdSet: - allOf: - - $ref: '#/components/schemas/DedicatedHostIdList' - - description: The IDs of the Dedicated Hosts associated with the event window. - description: One or more targets associated with the event window. - InstanceEventWindowState: - type: string - enum: - - creating - - deleting - - active - - deleted - WeekDay: - type: string - enum: - - sunday - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - InstanceEventWindowTimeRange: - type: object - properties: - startWeekDay: - allOf: - - $ref: '#/components/schemas/WeekDay' - - description: The day on which the time range begins. - startHour: - allOf: - - $ref: '#/components/schemas/Hour' - - description: The hour when the time range begins. - endWeekDay: - allOf: - - $ref: '#/components/schemas/WeekDay' - - description: The day on which the time range ends. - endHour: - allOf: - - $ref: '#/components/schemas/Hour' - - description: The hour when the time range ends. - description: 'The start day and time and the end day and time of the time range, in UTC.' - InstanceEventWindowTimeRangeRequestSet: - type: array - items: - $ref: '#/components/schemas/InstanceEventWindowTimeRangeRequest' - InstanceGeneration: - type: string - enum: - - current - - previous - InstanceGenerationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceGeneration' - - xml: - name: item - InstanceIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceId' - - xml: - name: item - InstanceIpv4Prefix: - type: object - properties: - ipv4Prefix: - allOf: - - $ref: '#/components/schemas/String' - - description: One or more IPv4 prefixes assigned to the network interface. - description: Information about an IPv4 prefix. - InstanceIpv4PrefixList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceIpv4Prefix' - - xml: - name: item - InstanceIpv6AddressRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 address. - description: Describes an IPv6 address. - InstanceIpv6AddressListRequest: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceIpv6AddressRequest' - - xml: - name: InstanceIpv6Address - InstanceIpv6Prefix: - type: object - properties: - ipv6Prefix: - allOf: - - $ref: '#/components/schemas/String' - - description: One or more IPv6 prefixes assigned to the network interface. - description: Information about an IPv6 prefix. - InstanceIpv6PrefixList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceIpv6Prefix' - - xml: - name: item - InstanceList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Instance' - - xml: - name: item - InstanceMaintenanceOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceAutoRecoveryState' - - description: 'Disables the automatic recovery behavior of your instance or sets it to default. For more information, see Simplified automatic recovery.' - description: The maintenance options for the instance. - InstanceMarketOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/SpotMarketOptions' - - description: The options for Spot Instances. - description: Describes the market (purchasing) option for the instances. - InstanceMetadataEndpointState: - type: string - enum: - - disabled - - enabled - InstanceMetadataOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceMetadataTagsState' - - description: '

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.

Default: disabled

' - description: The metadata options for the instance. - InstanceMetadataOptionsState: - type: string - enum: - - pending - - applied - InstanceMetadataProtocolState: - type: string - enum: - - disabled - - enabled - InstanceMonitoring: - type: object - properties: - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - monitoring: - allOf: - - $ref: '#/components/schemas/Monitoring' - - description: The monitoring for the instance. - description: Describes the monitoring of an instance. - InstanceMonitoringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceMonitoring' - - xml: - name: item - InstanceNetworkInterfaceAssociation: - type: object - properties: - carrierIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The carrier IP address associated with the network interface. - customerOwnedIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The customer-owned IP address associated with the network interface. - ipOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the owner of the Elastic IP address. - publicDnsName: - allOf: - - $ref: '#/components/schemas/String' - - description: The public DNS name. - publicIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The public IP address or Elastic IP address bound to the network interface. - description: Describes association information for an Elastic IP address (IPv4). - InstanceNetworkInterfaceAttachment: - type: object - properties: - attachTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time stamp when the attachment initiated. - attachmentId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network interface attachment. - deleteOnTermination: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the network interface is deleted when the instance is terminated. - deviceIndex: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The index of the device on the instance for the network interface attachment. - status: - allOf: - - $ref: '#/components/schemas/AttachmentStatus' - - description: The attachment state. - networkCardIndex: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The index of the network card. - description: Describes a network interface attachment. - InstancePrivateIpAddressList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstancePrivateIpAddress' - - xml: - name: item - NetworkInterfaceStatus: - type: string - enum: - - available - - associated - - attaching - - in-use - - detaching - InstanceNetworkInterface: - type: object - properties: - association: - allOf: - - $ref: '#/components/schemas/InstanceNetworkInterfaceAssociation' - - description: The association information for an Elastic IPv4 associated with the network interface. - attachment: - allOf: - - $ref: '#/components/schemas/InstanceNetworkInterfaceAttachment' - - description: The network interface attachment. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description. - groupSet: - allOf: - - $ref: '#/components/schemas/GroupIdentifierList' - - description: One or more security groups. - ipv6AddressesSet: - allOf: - - $ref: '#/components/schemas/InstanceIpv6AddressList' - - description: One or more IPv6 addresses associated with the network interface. - macAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The MAC address. - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network interface. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that created the network interface. - privateDnsName: - allOf: - - $ref: '#/components/schemas/String' - - description: The private DNS name. - privateIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv4 address of the network interface within the subnet. - privateIpAddressesSet: - allOf: - - $ref: '#/components/schemas/InstancePrivateIpAddressList' - - description: One or more private IPv4 addresses associated with the network interface. - sourceDestCheck: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether source/destination checking is enabled. - status: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceStatus' - - description: The status of the network interface. - subnetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the subnet. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - interfaceType: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The type of network interface.

Valid values: interface | efa | trunk

' - ipv4PrefixSet: - allOf: - - $ref: '#/components/schemas/InstanceIpv4PrefixList' - - description: The IPv4 delegated prefixes that are assigned to the network interface. - ipv6PrefixSet: - allOf: - - $ref: '#/components/schemas/InstanceIpv6PrefixList' - - description: The IPv6 delegated prefixes that are assigned to the network interface. - description: Describes a network interface. - InstancePrivateIpAddress: - type: object - properties: - association: - allOf: - - $ref: '#/components/schemas/InstanceNetworkInterfaceAssociation' - - description: The association information for an Elastic IP address for the network interface. - primary: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether this IPv4 address is the primary private IP address of the network interface. - privateDnsName: - allOf: - - $ref: '#/components/schemas/String' - - description: The private IPv4 DNS name. - privateIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The private IPv4 address of the network interface. - description: Describes a private IPv4 address. - VCpuCountRange: - type: object - properties: - min: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The minimum number of vCPUs. If the value is 0, there is no minimum limit.' - max: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum number of vCPUs. If this parameter is not specified, there is no maximum limit.' - description: The minimum and maximum number of vCPUs. - MemoryMiB: - type: object - properties: - min: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The minimum amount of memory, in MiB. If this parameter is not specified, there is no minimum limit.' - max: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum amount of memory, in MiB. If this parameter is not specified, there is no maximum limit.' - description: 'The minimum and maximum amount of memory, in MiB.' - MemoryGiBPerVCpu: - type: object - properties: - min: - allOf: - - $ref: '#/components/schemas/Double' - - description: 'The minimum amount of memory per vCPU, in GiB. If this parameter is not specified, there is no minimum limit.' - max: - allOf: - - $ref: '#/components/schemas/Double' - - description: 'The maximum amount of memory per vCPU, in GiB. If this parameter is not specified, there is no maximum limit.' - description: '

The minimum and maximum amount of memory per vCPU, in GiB.

' - NetworkInterfaceCount: - type: object - properties: - min: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The minimum number of network interfaces. If this parameter is not specified, there is no minimum limit.' - max: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum number of network interfaces. If this parameter is not specified, there is no maximum limit.' - description: The minimum and maximum number of network interfaces. - LocalStorageTypeSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalStorageType' - - xml: - name: item - TotalLocalStorageGB: - type: object - properties: - min: - allOf: - - $ref: '#/components/schemas/Double' - - description: 'The minimum amount of total local storage, in GB. If this parameter is not specified, there is no minimum limit.' - max: - allOf: - - $ref: '#/components/schemas/Double' - - description: 'The maximum amount of total local storage, in GB. If this parameter is not specified, there is no maximum limit.' - description: 'The minimum and maximum amount of total local storage, in GB.' - InstanceRequirementsWithMetadataRequest: - type: object - properties: - ArchitectureType: - allOf: - - $ref: '#/components/schemas/ArchitectureTypeSet' - - description: The architecture type. - VirtualizationType: - allOf: - - $ref: '#/components/schemas/InstanceRequirementsRequest' - - description: 'The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.' - description: '

The architecture type, virtualization type, and other attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.

If you specify InstanceRequirementsWithMetadataRequest, you can''t specify InstanceTypes.

' - InstanceSpecification: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Excludes the root volume from being snapshotted. - description: The instance details to specify which volumes should be snapshotted. - InstanceStateName: - type: string - enum: - - pending - - running - - shutting-down - - terminated - - stopping - - stopped - InstanceStateChange: - type: object - properties: - currentState: - allOf: - - $ref: '#/components/schemas/InstanceState' - - description: The current state of the instance. - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - previousState: - allOf: - - $ref: '#/components/schemas/InstanceState' - - description: The previous state of the instance. - description: Describes an instance state change. - InstanceStateChangeList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceStateChange' - - xml: - name: item - InstanceStatusEventList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceStatusEvent' - - xml: - name: item - InstanceStatusSummary: - type: object - properties: - details: - allOf: - - $ref: '#/components/schemas/InstanceStatusDetailsList' - - description: The system instance health or application instance health. - status: - allOf: - - $ref: '#/components/schemas/SummaryStatus' - - description: The status. - description: Describes the status of an instance. - InstanceStatus: - type: object - properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone of the instance. - outpostArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Outpost. - eventsSet: - allOf: - - $ref: '#/components/schemas/InstanceStatusEventList' - - description: Any scheduled events associated with the instance. - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - instanceState: - allOf: - - $ref: '#/components/schemas/InstanceState' - - description: The intended state of the instance. DescribeInstanceStatus requires that an instance be in the running state. - instanceStatus: - allOf: - - $ref: '#/components/schemas/InstanceStatusSummary' - - description: 'Reports impaired functionality that stems from issues internal to the instance, such as impaired reachability.' - systemStatus: - allOf: - - $ref: '#/components/schemas/InstanceStatusSummary' - - description: 'Reports impaired functionality that stems from issues related to the systems that support an instance, such as hardware failures and network connectivity problems.' - description: Describes the status of an instance. - StatusName: - type: string - enum: - - reachability - StatusType: - type: string - enum: - - passed - - failed - - insufficient-data - - initializing - InstanceStatusDetails: - type: object - properties: - impairedSince: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The time when a status check failed. For an instance that was launched and impaired, this is the time when the instance was launched.' - name: - allOf: - - $ref: '#/components/schemas/StatusName' - - description: The type of instance status. - status: - allOf: - - $ref: '#/components/schemas/StatusType' - - description: The status. - description: Describes the instance status. - InstanceStatusDetailsList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InstanceStatusDetails' - - xml: - name: item - InstanceStatusEvent: - type: object - properties: - instanceEventId: - allOf: - - $ref: '#/components/schemas/InstanceEventId' - - description: The ID of the event. - code: - allOf: - - $ref: '#/components/schemas/EventCode' - - description: The event code. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: '

A description of the event.

After a scheduled event is completed, it can still be described for up to a week. If the event has been completed, this description starts with the following text: [Completed].

' - notAfter: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The latest scheduled end time for the event. - notBefore: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The earliest scheduled start time for the event. - notBeforeDeadline: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The deadline for starting the event. - description: Describes a scheduled event for an instance. - SummaryStatus: - type: string - enum: - - ok - - impaired - - insufficient-data - - not-applicable - - initializing - InstanceStorageEncryptionSupport: - type: string - enum: - - unsupported - - required - InstanceStorageFlag: - type: boolean - InstanceStorageInfo: - type: object - properties: - totalSizeInGB: - allOf: - - $ref: '#/components/schemas/DiskSize' - - description: 'The total size of the disks, in GB.' - disks: - allOf: - - $ref: '#/components/schemas/DiskInfoList' - - description: Describes the disks that are available for the instance type. - nvmeSupport: - allOf: - - $ref: '#/components/schemas/EphemeralNvmeSupport' - - description: Indicates whether non-volatile memory express (NVMe) is supported. - encryptionSupport: - allOf: - - $ref: '#/components/schemas/InstanceStorageEncryptionSupport' - - description: Indicates whether data is encrypted at rest. - description: Describes the instance store features that are supported by the instance type. - InstanceTypeHypervisor: - type: string - enum: - - nitro - - xen - UsageClassTypeList: - type: array - items: - allOf: - - $ref: '#/components/schemas/UsageClassType' - - xml: - name: item - RootDeviceTypeList: - type: array - items: - allOf: - - $ref: '#/components/schemas/RootDeviceType' - - xml: - name: item - VirtualizationTypeList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VirtualizationType' - - xml: - name: item - ProcessorInfo: - type: object - properties: - supportedArchitectures: - allOf: - - $ref: '#/components/schemas/ArchitectureTypeList' - - description: The architectures supported by the instance type. - sustainedClockSpeedInGhz: - allOf: - - $ref: '#/components/schemas/ProcessorSustainedClockSpeed' - - description: 'The speed of the processor, in GHz.' - description: Describes the processor used by the instance type. - VCpuInfo: - type: object - properties: - defaultVCpus: - allOf: - - $ref: '#/components/schemas/VCpuCount' - - description: The default number of vCPUs for the instance type. - defaultCores: - allOf: - - $ref: '#/components/schemas/CoreCount' - - description: The default number of cores for the instance type. - defaultThreadsPerCore: - allOf: - - $ref: '#/components/schemas/ThreadsPerCore' - - description: The default number of threads per core for the instance type. - validCores: - allOf: - - $ref: '#/components/schemas/CoreCountList' - - description: The valid number of cores that can be configured for the instance type. - validThreadsPerCore: - allOf: - - $ref: '#/components/schemas/ThreadsPerCoreList' - - description: 'The valid number of threads per core that can be configured for the instance type. ' - description: Describes the vCPU configurations for the instance type. - MemoryInfo: - type: object - properties: - sizeInMiB: - allOf: - - $ref: '#/components/schemas/MemorySize' - - description: 'The size of the memory, in MiB.' - description: Describes the memory for the instance type. - NetworkInfo: - type: object - properties: - networkPerformance: - allOf: - - $ref: '#/components/schemas/NetworkPerformance' - - description: The network performance. - maximumNetworkInterfaces: - allOf: - - $ref: '#/components/schemas/MaxNetworkInterfaces' - - description: The maximum number of network interfaces for the instance type. - maximumNetworkCards: - allOf: - - $ref: '#/components/schemas/MaximumNetworkCards' - - description: The maximum number of physical network cards that can be allocated to the instance. - defaultNetworkCardIndex: - allOf: - - $ref: '#/components/schemas/DefaultNetworkCardIndex' - - description: 'The index of the default network card, starting at 0.' - networkCards: - allOf: - - $ref: '#/components/schemas/NetworkCardInfoList' - - description: Describes the network cards for the instance type. - ipv4AddressesPerInterface: - allOf: - - $ref: '#/components/schemas/MaxIpv4AddrPerInterface' - - description: The maximum number of IPv4 addresses per network interface. - ipv6AddressesPerInterface: - allOf: - - $ref: '#/components/schemas/MaxIpv6AddrPerInterface' - - description: The maximum number of IPv6 addresses per network interface. - ipv6Supported: - allOf: - - $ref: '#/components/schemas/Ipv6Flag' - - description: Indicates whether IPv6 is supported. - enaSupport: - allOf: - - $ref: '#/components/schemas/EnaSupport' - - description: Indicates whether Elastic Network Adapter (ENA) is supported. - efaSupported: - allOf: - - $ref: '#/components/schemas/EfaSupportedFlag' - - description: Indicates whether Elastic Fabric Adapter (EFA) is supported. - efaInfo: - allOf: - - $ref: '#/components/schemas/EfaInfo' - - description: Describes the Elastic Fabric Adapters for the instance type. - encryptionInTransitSupported: - allOf: - - $ref: '#/components/schemas/EncryptionInTransitSupported' - - description: Indicates whether the instance type automatically encrypts in-transit traffic between instances. - description: Describes the networking features of the instance type. - PlacementGroupInfo: - type: object - properties: - supportedStrategies: - allOf: - - $ref: '#/components/schemas/PlacementGroupStrategyList' - - description: The supported placement group types. - description: Describes the placement group support of the instance type. - InstanceTypeInfo: - type: object - properties: - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: 'The instance type. For more information, see Instance types in the Amazon EC2 User Guide.' - currentGeneration: - allOf: - - $ref: '#/components/schemas/CurrentGenerationFlag' - - description: Indicates whether the instance type is current generation. - freeTierEligible: - allOf: - - $ref: '#/components/schemas/FreeTierEligibleFlag' - - description: Indicates whether the instance type is eligible for the free tier. - supportedUsageClasses: - allOf: - - $ref: '#/components/schemas/UsageClassTypeList' - - description: Indicates whether the instance type is offered for spot or On-Demand. - supportedRootDeviceTypes: - allOf: - - $ref: '#/components/schemas/RootDeviceTypeList' - - description: The supported root device types. - supportedVirtualizationTypes: - allOf: - - $ref: '#/components/schemas/VirtualizationTypeList' - - description: The supported virtualization types. - bareMetal: - allOf: - - $ref: '#/components/schemas/BareMetalFlag' - - description: Indicates whether the instance is a bare metal instance type. - hypervisor: - allOf: - - $ref: '#/components/schemas/InstanceTypeHypervisor' - - description: The hypervisor for the instance type. - processorInfo: - allOf: - - $ref: '#/components/schemas/ProcessorInfo' - - description: Describes the processor. - vCpuInfo: - allOf: - - $ref: '#/components/schemas/VCpuInfo' - - description: Describes the vCPU configurations for the instance type. - memoryInfo: - allOf: - - $ref: '#/components/schemas/MemoryInfo' - - description: Describes the memory for the instance type. - instanceStorageSupported: - allOf: - - $ref: '#/components/schemas/InstanceStorageFlag' - - description: Indicates whether instance storage is supported. - instanceStorageInfo: - allOf: - - $ref: '#/components/schemas/InstanceStorageInfo' - - description: Describes the instance storage for the instance type. - ebsInfo: - allOf: - - $ref: '#/components/schemas/EbsInfo' - - description: Describes the Amazon EBS settings for the instance type. - networkInfo: - allOf: - - $ref: '#/components/schemas/NetworkInfo' - - description: Describes the network settings for the instance type. - gpuInfo: - allOf: - - $ref: '#/components/schemas/GpuInfo' - - description: Describes the GPU accelerator settings for the instance type. - fpgaInfo: - allOf: - - $ref: '#/components/schemas/FpgaInfo' - - description: Describes the FPGA accelerator settings for the instance type. - placementGroupInfo: - allOf: - - $ref: '#/components/schemas/PlacementGroupInfo' - - description: Describes the placement group settings for the instance type. - inferenceAcceleratorInfo: - allOf: - - $ref: '#/components/schemas/InferenceAcceleratorInfo' - - description: Describes the Inference accelerator settings for the instance type. - hibernationSupported: - allOf: - - $ref: '#/components/schemas/HibernationFlag' - - description: Indicates whether On-Demand hibernation is supported. - burstablePerformanceSupported: - allOf: - - $ref: '#/components/schemas/BurstablePerformanceFlag' - - description: Indicates whether the instance type is a burstable performance instance type. - dedicatedHostsSupported: - allOf: - - $ref: '#/components/schemas/DedicatedHostFlag' - - description: Indicates whether Dedicated Hosts are supported on the instance type. - autoRecoverySupported: - allOf: - - $ref: '#/components/schemas/AutoRecoveryFlag' - - description: Indicates whether auto recovery is supported. - supportedBootModes: - allOf: - - $ref: '#/components/schemas/BootModeTypeList' - - description: 'The supported boot modes. For more information, see Boot modes in the Amazon EC2 User Guide.' - description: Describes the instance type. - InstanceTypeInfoFromInstanceRequirements: - type: object - properties: - instanceType: - allOf: - - $ref: '#/components/schemas/String' - - description: The matching instance type. - description: The list of instance types with the specified instance attributes. - Location: - type: string - InstanceTypeOffering: - type: object - properties: - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: 'The instance type. For more information, see Instance types in the Amazon EC2 User Guide.' - locationType: - allOf: - - $ref: '#/components/schemas/LocationType' - - description: The location type. - location: - allOf: - - $ref: '#/components/schemas/Location' - - description: 'The identifier for the location. This depends on the location type. For example, if the location type is region, the location is the Region code (for example, us-east-2.)' - description: The instance types offered. - InstanceTypes: - type: array - items: - $ref: '#/components/schemas/String' - minItems: 0 - maxItems: 1000 - InstanceUsage: - type: object - properties: - accountId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that is making use of the Capacity Reservation. - usedInstanceCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of instances the Amazon Web Services account currently has in the Capacity Reservation. - description: Information about the Capacity Reservation usage. - InterfacePermissionType: - type: string - enum: - - INSTANCE-ATTACH - - EIP-ASSOCIATE - InterfaceProtocolType: - type: string - enum: - - VLAN - - GRE - InternetGatewayAttachment: - type: object - properties: - state: - allOf: - - $ref: '#/components/schemas/AttachmentStatus' - - description: 'The current state of the attachment. For an internet gateway, the state is available when attached to a VPC; otherwise, this value is not returned.' - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - description: Describes the attachment of a VPC to an internet gateway or an egress-only internet gateway. - InternetGatewayIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/InternetGatewayId' - - xml: - name: item - IpAddressType: - type: string - enum: - - ipv4 - - dualstack - - ipv6 - IpRangeList: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpRange' - - xml: - name: item - Ipv6RangeList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv6Range' - - xml: - name: item - PrefixListIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/PrefixListId' - - xml: - name: item - UserIdGroupPairList: - type: array - items: - allOf: - - $ref: '#/components/schemas/UserIdGroupPair' - - xml: - name: item - IpRange: - type: object - properties: - cidrIp: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv4 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv4 address, use the /32 prefix length.' - description: - allOf: - - $ref: '#/components/schemas/String' - - description: '

A description for the security group rule that references this IPv4 address range.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

' - description: Describes an IPv4 range. - IpRanges: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - IpamId: - type: string - IpamOperatingRegionSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpamOperatingRegion' - - xml: - name: item - IpamState: - type: string - enum: - - create-in-progress - - create-complete - - create-failed - - modify-in-progress - - modify-complete - - modify-failed - - delete-in-progress - - delete-complete - - delete-failed - - isolate-in-progress - - isolate-complete - - restore-in-progress - IpamAddressHistoryMaxResults: - type: integer - minimum: 1 - maximum: 1000 - IpamAddressHistoryResourceType: - type: string - enum: - - eip - - vpc - - subnet - - network-interface - - instance - IpamComplianceStatus: - type: string - enum: - - compliant - - noncompliant - - unmanaged - - ignored - IpamOverlapStatus: - type: string - enum: - - overlapping - - nonoverlapping - - ignored - IpamAddressHistoryRecord: - type: object - properties: - resourceOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource owner. - resourceRegion: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services Region of the resource. - resourceType: - allOf: - - $ref: '#/components/schemas/IpamAddressHistoryResourceType' - - description: The type of the resource. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource. - resourceCidr: - allOf: - - $ref: '#/components/schemas/String' - - description: The CIDR of the resource. - resourceName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the resource. - resourceComplianceStatus: - allOf: - - $ref: '#/components/schemas/IpamComplianceStatus' - - description: 'The compliance status of a resource. For more information on compliance statuses, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.' - resourceOverlapStatus: - allOf: - - $ref: '#/components/schemas/IpamOverlapStatus' - - description: 'The overlap status of an IPAM resource. The overlap status tells you if the CIDR for a resource overlaps with another CIDR in the scope. For more information on overlap statuses, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.' - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The VPC ID of the resource. - sampledStartTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: 'Sampled start time of the resource-to-CIDR association within the IPAM scope. Changes are picked up in periodic snapshots, so the start time may have occurred before this specific time.' - sampledEndTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: 'Sampled end time of the resource-to-CIDR association within the IPAM scope. Changes are picked up in periodic snapshots, so the end time may have occurred before this specific time.' - description: 'The historical record of a CIDR within an IPAM scope. For more information, see View the history of IP addresses in the Amazon VPC IPAM User Guide. ' - IpamCidrAuthorizationContext: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The signed authorization message for the prefix and account. - description: A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP. - IpamManagementState: - type: string - enum: - - managed - - unmanaged - - ignored - IpamMaxResults: - type: integer - minimum: 5 - maximum: 1000 - IpamOperatingRegion: - type: object - properties: - regionName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the operating Region. - description: '

The operating Regions for an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

' - IpamScopeType: - type: string - enum: - - public - - private - IpamPoolState: - type: string - enum: - - create-in-progress - - create-complete - - create-failed - - modify-in-progress - - modify-complete - - modify-failed - - delete-in-progress - - delete-complete - - delete-failed - - isolate-in-progress - - isolate-complete - - restore-in-progress - IpamResourceTagList: - type: array - items: - allOf: - - $ref: '#/components/schemas/IpamResourceTag' - - xml: - name: item - IpamPoolAllocationResourceType: - type: string - enum: - - ipam-pool - - vpc - - ec2-public-ipv4-pool - - custom - IpamPoolCidrState: - type: string - enum: - - pending-provision - - provisioned - - failed-provision - - pending-deprovision - - deprovisioned - - failed-deprovision - - pending-import - - failed-import - IpamPoolCidrFailureReason: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/IpamPoolCidrFailureCode' - - description: An error code related to why an IPAM pool CIDR failed to be provisioned. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: A message related to why an IPAM pool CIDR failed to be provisioned. - description: Details related to why an IPAM pool CIDR failed to be provisioned. - IpamPoolCidrFailureCode: - type: string - enum: - - cidr-not-available - IpamResourceType: - type: string - enum: - - vpc - - subnet - - eip - - public-ipv4-pool - - ipv6-pool - IpamResourceCidr: - type: object - properties: - ipamId: - allOf: - - $ref: '#/components/schemas/IpamId' - - description: The IPAM ID for an IPAM resource. - ipamScopeId: - allOf: - - $ref: '#/components/schemas/IpamScopeId' - - description: The scope ID for an IPAM resource. - ipamPoolId: - allOf: - - $ref: '#/components/schemas/IpamPoolId' - - description: The pool ID for an IPAM resource. - resourceRegion: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services Region for an IPAM resource. - resourceOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account number of the owner of an IPAM resource. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of an IPAM resource. - resourceName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of an IPAM resource. - resourceCidr: - allOf: - - $ref: '#/components/schemas/String' - - description: The CIDR for an IPAM resource. - resourceType: - allOf: - - $ref: '#/components/schemas/IpamResourceType' - - description: The type of IPAM resource. - resourceTagSet: - allOf: - - $ref: '#/components/schemas/IpamResourceTagList' - - description: The tags for an IPAM resource. - ipUsage: - allOf: - - $ref: '#/components/schemas/BoxedDouble' - - description: 'The IP address space in the IPAM pool that is allocated to this resource. To convert the decimal to a percentage, multiply the decimal by 100.' - complianceStatus: - allOf: - - $ref: '#/components/schemas/IpamComplianceStatus' - - description: 'The compliance status of the IPAM resource. For more information on compliance statuses, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.' - managementState: - allOf: - - $ref: '#/components/schemas/IpamManagementState' - - description: 'The management state of the resource. For more information about management states, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.' - overlapStatus: - allOf: - - $ref: '#/components/schemas/IpamOverlapStatus' - - description: 'The overlap status of an IPAM resource. The overlap status tells you if the CIDR for a resource overlaps with another CIDR in the scope. For more information on overlap statuses, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.' - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of a VPC. - description: The CIDR for an IPAM resource. - IpamResourceTag: - type: object - properties: - key: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.' - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The value of the tag. - description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' - IpamScopeState: - type: string - enum: - - create-in-progress - - create-complete - - create-failed - - modify-in-progress - - modify-complete - - modify-failed - - delete-in-progress - - delete-complete - - delete-failed - - isolate-in-progress - - isolate-complete - - restore-in-progress - Ipv4PrefixList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv4PrefixSpecificationRequest' - - xml: - name: item - Ipv4PrefixSpecificationResponse: - type: object - properties: - ipv4Prefix: - allOf: - - $ref: '#/components/schemas/String' - - description: One or more IPv4 delegated prefixes assigned to the network interface. - description: Information about the IPv4 delegated prefixes assigned to a network interface. - Ipv4PrefixListResponse: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv4PrefixSpecificationResponse' - - xml: - name: item - Ipv4PrefixSpecification: - type: object - properties: - ipv4Prefix: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv4 prefix. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.' - description: Describes an IPv4 prefix. - Ipv6Address: - type: string - Ipv6CidrAssociation: - type: object - properties: - ipv6Cidr: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 CIDR block. - associatedResource: - allOf: - - $ref: '#/components/schemas/String' - - description: The resource that's associated with the IPv6 CIDR block. - description: Describes an IPv6 CIDR block association. - Ipv6CidrBlock: - type: object - properties: - ipv6CidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 CIDR block. - description: Describes an IPv6 CIDR block. - Ipv6CidrBlockSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv6CidrBlock' - - xml: - name: item - Ipv6Flag: - type: boolean - PoolCidrBlocksSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/PoolCidrBlock' - - xml: - name: item - Ipv6Pool: - type: object - properties: - poolId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the address pool. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description for the address pool. - poolCidrBlockSet: - allOf: - - $ref: '#/components/schemas/PoolCidrBlocksSet' - - description: The CIDR blocks for the address pool. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags for the address pool. - description: Describes an IPv6 address pool. - Ipv6PoolIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv6PoolEc2Id' - - xml: - name: item - Ipv6PoolMaxResults: - type: integer - minimum: 1 - maximum: 1000 - Ipv6PrefixList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv6PrefixSpecificationRequest' - - xml: - name: item - Ipv6PrefixSpecificationResponse: - type: object - properties: - ipv6Prefix: - allOf: - - $ref: '#/components/schemas/String' - - description: One or more IPv6 delegated prefixes assigned to the network interface. - description: Information about the IPv6 delegated prefixes assigned to a network interface. - Ipv6PrefixListResponse: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv6PrefixSpecificationResponse' - - xml: - name: item - Ipv6PrefixSpecification: - type: object - properties: - ipv6Prefix: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 prefix. - description: Describes the IPv6 prefix. - Ipv6PrefixesList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv6PrefixSpecification' - - xml: - name: item - Ipv6Range: - type: object - properties: - cidrIpv6: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv6 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv6 address, use the /128 prefix length.' - description: - allOf: - - $ref: '#/components/schemas/String' - - description: '

A description for the security group rule that references this IPv6 address range.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

' - description: '[EC2-VPC only] Describes an IPv6 range.' - Ipv6SupportValue: - type: string - enum: - - enable - - disable - SensitiveUserData: - type: string - format: password - KeyPairInfo: - type: object - properties: - keyPairId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the key pair. - keyFingerprint: - allOf: - - $ref: '#/components/schemas/String' - - description: '

If you used CreateKeyPair to create the key pair:

If you used ImportKeyPair to provide Amazon Web Services the public key:

' - keyName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the key pair. - keyType: - allOf: - - $ref: '#/components/schemas/KeyType' - - description: The type of key pair. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags applied to the key pair. - publicKey: - allOf: - - $ref: '#/components/schemas/String' - - description: The public key material. - createTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: '

If you used Amazon EC2 to create the key pair, this is the date and time when the key was created, in ISO 8601 date-time format, in the UTC time zone.

If you imported an existing key pair to Amazon EC2, this is the date and time the key was imported, in ISO 8601 date-time format, in the UTC time zone.

' - description: Describes a key pair. - LastError: - type: object - properties: - message: - allOf: - - $ref: '#/components/schemas/String' - - description: The error message for the VPC endpoint error. - code: - allOf: - - $ref: '#/components/schemas/String' - - description: The error code for the VPC endpoint error. - description: The last error that occurred for a VPC endpoint. - LaunchPermission: - type: object - properties: - group: - allOf: - - $ref: '#/components/schemas/PermissionGroup' - - description: The name of the group. - userId: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The Amazon Web Services account ID.

Constraints: Up to 10 000 account IDs can be specified in a single request.

' - organizationArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of an organization. - organizationalUnitArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of an organizational unit (OU). - description: Describes a launch permission. - LaunchPermissionModifications: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LaunchPermissionList' - - description: 'The Amazon Web Services account ID, organization ARN, or OU ARN to remove from the list of launch permissions for the AMI.' - description: Describes a launch permission modification. - LaunchSpecification: - type: object - properties: - userData: - allOf: - - $ref: '#/components/schemas/String' - - description: The Base64-encoded user data for the instance. - groupSet: - allOf: - - $ref: '#/components/schemas/GroupIdentifierList' - - description: 'One or more security groups. When requesting instances in a VPC, you must specify the IDs of the security groups. When requesting instances in EC2-Classic, you can specify the names or the IDs of the security groups.' - addressingType: - allOf: - - $ref: '#/components/schemas/String' - - description: Deprecated. - blockDeviceMapping: - allOf: - - $ref: '#/components/schemas/BlockDeviceMappingList' - - description: One or more block device mapping entries. - ebsOptimized: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Indicates whether the instance is optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn''t available with all instance types. Additional usage charges apply when using an EBS Optimized instance.

Default: false

' - iamInstanceProfile: - allOf: - - $ref: '#/components/schemas/IamInstanceProfileSpecification' - - description: The IAM instance profile. - imageId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the AMI. - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: The instance type. Only one instance type can be specified. - kernelId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the kernel. - keyName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the key pair. - networkInterfaceSet: - allOf: - - $ref: '#/components/schemas/InstanceNetworkInterfaceSpecificationList' - - description: 'One or more network interfaces. If you specify a network interface, you must specify subnet IDs and security group IDs using the network interface.' - placement: - allOf: - - $ref: '#/components/schemas/SpotPlacement' - - description: The placement information for the instance. - ramdiskId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the RAM disk. - subnetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the subnet in which to launch the instance. - monitoring: - $ref: '#/components/schemas/RunInstancesMonitoringEnabled' - description: Describes the launch specification for an instance. - SpotFleetLaunchSpecification: - type: object - properties: - groupSet: - allOf: - - $ref: '#/components/schemas/GroupIdentifierList' - - description: 'One or more security groups. When requesting instances in a VPC, you must specify the IDs of the security groups. When requesting instances in EC2-Classic, you can specify the names or the IDs of the security groups.' - addressingType: - allOf: - - $ref: '#/components/schemas/String' - - description: Deprecated. - blockDeviceMapping: - allOf: - - $ref: '#/components/schemas/BlockDeviceMappingList' - - description: 'One or more block devices that are mapped to the Spot Instances. You can''t specify both a snapshot ID and an encryption value. This is because only blank volumes can be encrypted on creation. If a snapshot is the basis for a volume, it is not blank and its encryption status is used for the volume encryption status.' - ebsOptimized: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Indicates whether the instances are optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn''t available with all instance types. Additional usage charges apply when using an EBS Optimized instance.

Default: false

' - iamInstanceProfile: - allOf: - - $ref: '#/components/schemas/IamInstanceProfileSpecification' - - description: The IAM instance profile. - imageId: - allOf: - - $ref: '#/components/schemas/ImageId' - - description: The ID of the AMI. - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: The instance type. - kernelId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the kernel. - keyName: - allOf: - - $ref: '#/components/schemas/KeyPairName' - - description: The name of the key pair. - monitoring: - allOf: - - $ref: '#/components/schemas/SpotFleetMonitoring' - - description: Enable or disable monitoring for the instances. - networkInterfaceSet: - allOf: - - $ref: '#/components/schemas/InstanceNetworkInterfaceSpecificationList' - - description: '

One or more network interfaces. If you specify a network interface, you must specify subnet IDs and security group IDs using the network interface.

SpotFleetLaunchSpecification currently does not support Elastic Fabric Adapter (EFA). To specify an EFA, you must use LaunchTemplateConfig.

' - placement: - allOf: - - $ref: '#/components/schemas/SpotPlacement' - - description: The placement information. - ramdiskId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ID of the RAM disk. Some kernels require additional drivers at launch. Check the kernel requirements for information about whether you need to specify a RAM disk. To find kernel requirements, refer to the Amazon Web Services Resource Center and search for the kernel ID.' - spotPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The maximum price per unit hour that you are willing to pay for a Spot Instance. If this value is not specified, the default is the Spot price specified for the fleet. To determine the Spot price per unit hour, divide the Spot price by the value of WeightedCapacity.' - subnetId: - allOf: - - $ref: '#/components/schemas/SubnetId' - - description: 'The IDs of the subnets in which to launch the instances. To specify multiple subnets, separate them using commas; for example, "subnet-1234abcdeexample1, subnet-0987cdef6example2".' - userData: - allOf: - - $ref: '#/components/schemas/String' - - description: The Base64-encoded user data that instances use when starting up. - weightedCapacity: - allOf: - - $ref: '#/components/schemas/Double' - - description: '

The number of units provided by the specified instance type. These are the same units that you chose to set the target capacity in terms of instances, or a performance characteristic such as vCPUs, memory, or I/O.

If the target capacity divided by this value is not a whole number, Amazon EC2 rounds the number of instances to the next whole number. If this value is not specified, the default is 1.

' - tagSpecificationSet: - allOf: - - $ref: '#/components/schemas/SpotFleetTagSpecificationList' - - description: The tags to apply during creation. - instanceRequirements: - allOf: - - $ref: '#/components/schemas/InstanceRequirements' - - description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.

If you specify InstanceRequirements, you can''t specify InstanceTypes.

' - description: 'Describes the launch specification for one or more Spot Instances. If you include On-Demand capacity in your fleet request or want to specify an EFA network device, you can''t use SpotFleetLaunchSpecification; you must use LaunchTemplateConfig.' - LaunchTemplateAutoRecoveryState: - type: string - enum: - - default - - disabled - LaunchTemplateEbsBlockDevice: - type: object - properties: - encrypted: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the EBS volume is encrypted. - deleteOnTermination: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the EBS volume is deleted on instance termination. - iops: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The number of I/O operations per second (IOPS) that the volume supports. ' - kmsKeyId: - allOf: - - $ref: '#/components/schemas/KmsKeyId' - - description: The ARN of the Key Management Service (KMS) CMK used for encryption. - snapshotId: - allOf: - - $ref: '#/components/schemas/SnapshotId' - - description: The ID of the snapshot. - volumeSize: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The size of the volume, in GiB.' - volumeType: - allOf: - - $ref: '#/components/schemas/VolumeType' - - description: The volume type. - throughput: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The throughput that the volume supports, in MiB/s.' - description: Describes a block device for an EBS volume. - LaunchTemplateBlockDeviceMapping: - type: object - properties: - deviceName: - allOf: - - $ref: '#/components/schemas/String' - - description: The device name. - virtualName: - allOf: - - $ref: '#/components/schemas/String' - - description: The virtual device name (ephemeralN). - ebs: - allOf: - - $ref: '#/components/schemas/LaunchTemplateEbsBlockDevice' - - description: Information about the block device for an EBS volume. - noDevice: - allOf: - - $ref: '#/components/schemas/String' - - description: 'To omit the device from the block device mapping, specify an empty string.' - description: Describes a block device mapping. - LaunchTemplateBlockDeviceMappingList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateBlockDeviceMapping' - - xml: - name: item - LaunchTemplateBlockDeviceMappingRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'To omit the device from the block device mapping, specify an empty string.' - description: Describes a block device mapping. - LaunchTemplateCapacityReservationSpecificationResponse: - type: object - properties: - capacityReservationPreference: - allOf: - - $ref: '#/components/schemas/CapacityReservationPreference' - - description: '

Indicates the instance''s Capacity Reservation preferences. Possible preferences include:

' - capacityReservationTarget: - allOf: - - $ref: '#/components/schemas/CapacityReservationTargetResponse' - - description: Information about the target Capacity Reservation or Capacity Reservation group. - description: Information about the Capacity Reservation targeting option. - LaunchTemplateOverridesList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateOverrides' - - xml: - name: item - LaunchTemplateCpuOptions: - type: object - properties: - coreCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of CPU cores for the instance. - threadsPerCore: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of threads per CPU core. - description: The CPU options for the instance. - LaunchTemplateCpuOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The number of threads per CPU core. To disable multithreading for the instance, specify a value of 1. Otherwise, specify the default value of 2.' - description: The CPU options for the instance. Both the core count and threads per core must be specified in the request. - LaunchTemplateEbsBlockDeviceRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The throughput to provision for a gp3 volume, with a maximum of 1,000 MiB/s.

Valid Range: Minimum value of 125. Maximum value of 1000.

' - description: The parameters for a block device for an EBS volume. - LaunchTemplateElasticInferenceAcceleratorCount: - type: integer - minimum: 1 - LaunchTemplateElasticInferenceAccelerator: - type: object - required: - - Type - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LaunchTemplateElasticInferenceAcceleratorCount' - - description: '

The number of elastic inference accelerators to attach to the instance.

Default: 1

' - description: ' Describes an elastic inference accelerator. ' - LaunchTemplateElasticInferenceAcceleratorResponse: - type: object - properties: - type: - allOf: - - $ref: '#/components/schemas/String' - - description: ' The type of elastic inference accelerator. The possible values are eia1.medium, eia1.large, and eia1.xlarge. ' - count: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The number of elastic inference accelerators to attach to the instance.

Default: 1

' - description: ' Describes an elastic inference accelerator. ' - LaunchTemplateElasticInferenceAcceleratorResponseList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateElasticInferenceAcceleratorResponse' - - xml: - name: item - LaunchTemplateEnclaveOptions: - type: object - properties: - enabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If this parameter is set to true, the instance is enabled for Amazon Web Services Nitro Enclaves; otherwise, it is not enabled for Amazon Web Services Nitro Enclaves.' - description: Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. - LaunchTemplateEnclaveOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to true.' - description: 'Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.' - LaunchTemplateErrorCode: - type: string - enum: - - launchTemplateIdDoesNotExist - - launchTemplateIdMalformed - - launchTemplateNameDoesNotExist - - launchTemplateNameMalformed - - launchTemplateVersionDoesNotExist - - unexpectedError - LaunchTemplateHibernationOptions: - type: object - properties: - configured: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If this parameter is set to true, the instance is enabled for hibernation; otherwise, it is not enabled for hibernation.' - description: Indicates whether an instance is configured for hibernation. - LaunchTemplateHibernationOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

If you set this parameter to true, the instance is enabled for hibernation.

Default: false

' - description: 'Indicates whether the instance is configured for hibernation. This parameter is valid only if the instance meets the hibernation prerequisites.' - LaunchTemplateHttpTokensState: - type: string - enum: - - optional - - required - LaunchTemplateIamInstanceProfileSpecification: - type: object - properties: - arn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the instance profile. - name: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the instance profile. - description: Describes an IAM instance profile. - LaunchTemplateInstanceMaintenanceOptions: - type: object - properties: - autoRecovery: - allOf: - - $ref: '#/components/schemas/LaunchTemplateAutoRecoveryState' - - description: Disables the automatic recovery behavior of your instance or sets it to default. - description: The maintenance options of your instance. - MarketType: - type: string - enum: - - spot - LaunchTemplateSpotMarketOptions: - type: object - properties: - maxPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The maximum hourly price you're willing to pay for the Spot Instances. - spotInstanceType: - allOf: - - $ref: '#/components/schemas/SpotInstanceType' - - description: The Spot Instance request type. - blockDurationMinutes: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The required duration for the Spot Instances (also known as Spot blocks), in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360).' - validUntil: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The end date of the request. For a one-time request, the request remains active until all instances launch, the request is canceled, or this date is reached. If the request is persistent, it remains active until it is canceled or this date and time is reached.' - instanceInterruptionBehavior: - allOf: - - $ref: '#/components/schemas/InstanceInterruptionBehavior' - - description: The behavior when a Spot Instance is interrupted. - description: The options for Spot Instances. - LaunchTemplateInstanceMarketOptions: - type: object - properties: - marketType: - allOf: - - $ref: '#/components/schemas/MarketType' - - description: The market type. - spotOptions: - allOf: - - $ref: '#/components/schemas/LaunchTemplateSpotMarketOptions' - - description: The options for Spot Instances. - description: The market (purchasing) option for the instances. - LaunchTemplateSpotMarketOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceInterruptionBehavior' - - description: The behavior when a Spot Instance is interrupted. The default is terminate. - description: The options for Spot Instances. - LaunchTemplateInstanceMarketOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LaunchTemplateSpotMarketOptionsRequest' - - description: The options for Spot Instances. - description: The market (purchasing) option for the instances. - LaunchTemplateInstanceMetadataEndpointState: - type: string - enum: - - disabled - - enabled - LaunchTemplateInstanceMetadataOptionsState: - type: string - enum: - - pending - - applied - LaunchTemplateInstanceMetadataProtocolIpv6: - type: string - enum: - - disabled - - enabled - LaunchTemplateInstanceMetadataTagsState: - type: string - enum: - - disabled - - enabled - LaunchTemplateInstanceMetadataOptions: - type: object - properties: - state: - allOf: - - $ref: '#/components/schemas/LaunchTemplateInstanceMetadataOptionsState' - - description:

The state of the metadata option changes.

pending - The metadata options are being updated and the instance is not ready to process metadata traffic with the new selection.

applied - The metadata options have been successfully applied on the instance.

- httpTokens: - allOf: - - $ref: '#/components/schemas/LaunchTemplateHttpTokensState' - - description: '

The state of token usage for your instance metadata requests. If the parameter is not specified in the request, the default state is optional.

If the state is optional, you can choose to retrieve instance metadata with or without a signed token header on your request. If you retrieve the IAM role credentials without a token, the version 1.0 role credentials are returned. If you retrieve the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned.

If the state is required, you must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns the version 2.0 credentials; the version 1.0 credentials are not available.

' - httpPutResponseHopLimit: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.

Default: 1

Possible values: Integers from 1 to 64

' - httpEndpoint: - allOf: - - $ref: '#/components/schemas/LaunchTemplateInstanceMetadataEndpointState' - - description: '

Enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is enabled.

If you specify a value of disabled, you will not be able to access your instance metadata.

' - httpProtocolIpv6: - allOf: - - $ref: '#/components/schemas/LaunchTemplateInstanceMetadataProtocolIpv6' - - description: '

Enables or disables the IPv6 endpoint for the instance metadata service.

Default: disabled

' - instanceMetadataTags: - allOf: - - $ref: '#/components/schemas/LaunchTemplateInstanceMetadataTagsState' - - description: '

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.

Default: disabled

' - description: 'The metadata options for the instance. For more information, see Instance Metadata and User Data in the Amazon Elastic Compute Cloud User Guide.' - LaunchTemplateInstanceMetadataOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LaunchTemplateInstanceMetadataTagsState' - - description: '

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.

Default: disabled

' - description: 'The metadata options for the instance. For more information, see Instance Metadata and User Data in the Amazon Elastic Compute Cloud User Guide.' - LaunchTemplateInstanceNetworkInterfaceSpecification: - type: object - properties: - associateCarrierIpAddress: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Indicates whether to associate a Carrier IP address with eth0 for a new network interface.

Use this option when you launch an instance in a Wavelength Zone and want to associate a Carrier IP address with the network interface. For more information about Carrier IP addresses, see Carrier IP addresses in the Wavelength Developer Guide.

' - associatePublicIpAddress: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to associate a public IPv4 address with eth0 for a new network interface. - deleteOnTermination: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the network interface is deleted when the instance is terminated. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description for the network interface. - deviceIndex: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The device index for the network interface attachment. - groupSet: - allOf: - - $ref: '#/components/schemas/GroupIdStringList' - - description: The IDs of one or more security groups. - interfaceType: - allOf: - - $ref: '#/components/schemas/String' - - description: The type of network interface. - ipv6AddressCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of IPv6 addresses for the network interface. - ipv6AddressesSet: - allOf: - - $ref: '#/components/schemas/InstanceIpv6AddressList' - - description: The IPv6 addresses for the network interface. - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - description: The ID of the network interface. - privateIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The primary private IPv4 address of the network interface. - privateIpAddressesSet: - allOf: - - $ref: '#/components/schemas/PrivateIpAddressSpecificationList' - - description: One or more private IPv4 addresses. - secondaryPrivateIpAddressCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of secondary private IPv4 addresses for the network interface. - subnetId: - allOf: - - $ref: '#/components/schemas/SubnetId' - - description: The ID of the subnet for the network interface. - networkCardIndex: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The index of the network card. - ipv4PrefixSet: - allOf: - - $ref: '#/components/schemas/Ipv4PrefixListResponse' - - description: One or more IPv4 prefixes assigned to the network interface. - ipv4PrefixCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of IPv4 prefixes that Amazon Web Services automatically assigned to the network interface. - ipv6PrefixSet: - allOf: - - $ref: '#/components/schemas/Ipv6PrefixListResponse' - - description: One or more IPv6 prefixes assigned to the network interface. - ipv6PrefixCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of IPv6 prefixes that Amazon Web Services automatically assigned to the network interface. - description: Describes a network interface. - LaunchTemplateInstanceNetworkInterfaceSpecificationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateInstanceNetworkInterfaceSpecification' - - xml: - name: item - LaunchTemplateInstanceNetworkInterfaceSpecificationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The device index for the network interface attachment. - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0. - Ipv4Prefix: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of IPv4 prefixes to be automatically assigned to the network interface. You cannot use this option if you use the Ipv4Prefix option. - Ipv6Prefix: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of IPv6 prefixes to be automatically assigned to the network interface. You cannot use this option if you use the Ipv6Prefix option. - description: The parameters for a network interface. - LaunchTemplateInstanceNetworkInterfaceSpecificationRequestList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateInstanceNetworkInterfaceSpecificationRequest' - - xml: - name: InstanceNetworkInterfaceSpecification - LaunchTemplateLicenseConfiguration: - type: object - properties: - licenseConfigurationArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the license configuration. - description: Describes a license configuration. - LaunchTemplateLicenseConfigurationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the license configuration. - description: Describes a license configuration. - LaunchTemplateLicenseList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateLicenseConfiguration' - - xml: - name: item - LaunchTemplateLicenseSpecificationListRequest: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateLicenseConfigurationRequest' - - xml: - name: item - LaunchTemplateOverrides: - type: object - properties: - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: The instance type. - spotPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The maximum price per unit hour that you are willing to pay for a Spot Instance. - subnetId: - allOf: - - $ref: '#/components/schemas/SubnetId' - - description: The ID of the subnet in which to launch the instances. - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone in which to launch the instances. - weightedCapacity: - allOf: - - $ref: '#/components/schemas/Double' - - description: The number of units provided by the specified instance type. - priority: - allOf: - - $ref: '#/components/schemas/Double' - - description: '

The priority for the launch template override. The highest priority is launched first.

If OnDemandAllocationStrategy is set to prioritized, Spot Fleet uses priority to determine which launch template override to use first in fulfilling On-Demand capacity.

If the Spot AllocationStrategy is set to capacityOptimizedPrioritized, Spot Fleet uses priority on a best-effort basis to determine which launch template override to use in fulfilling Spot capacity, but optimizes for capacity first.

Valid values are whole numbers starting at 0. The lower the number, the higher the priority. If no number is set, the launch template override has the lowest priority. You can set the same priority for different launch template overrides.

' - instanceRequirements: - allOf: - - $ref: '#/components/schemas/InstanceRequirements' - - description: '

The instance requirements. When you specify instance requirements, Amazon EC2 will identify instance types with the provided requirements, and then use your On-Demand and Spot allocation strategies to launch instances from these instance types, in the same way as when you specify a list of instance types.

If you specify InstanceRequirements, you can''t specify InstanceTypes.

' - description: Describes overrides for a launch template. - LaunchTemplatePlacement: - type: object - properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone of the instance. - affinity: - allOf: - - $ref: '#/components/schemas/String' - - description: The affinity setting for the instance on the Dedicated Host. - groupName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the placement group for the instance. - hostId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Dedicated Host for the instance. - tenancy: - allOf: - - $ref: '#/components/schemas/Tenancy' - - description: 'The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. ' - spreadDomain: - allOf: - - $ref: '#/components/schemas/String' - - description: Reserved for future use. - hostResourceGroupArn: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ARN of the host resource group in which to launch the instances. ' - partitionNumber: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of the partition the instance should launch in. Valid only if the placement group strategy is set to partition. - description: Describes the placement of an instance. - LaunchTemplatePlacementRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of the partition the instance should launch in. Valid only if the placement group strategy is set to partition. - description: Describes the placement of an instance. - LaunchTemplatePrivateDnsNameOptions: - type: object - properties: - hostnameType: - allOf: - - $ref: '#/components/schemas/HostnameType' - - description: The type of hostname to assign to an instance. - enableResourceNameDnsARecord: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to respond to DNS queries for instance hostnames with DNS A records. - enableResourceNameDnsAAAARecord: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. - description: Describes the options for instance hostnames. - LaunchTemplatePrivateDnsNameOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. - description: Describes the options for instance hostnames. - LaunchTemplateSpecification: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The version number of the launch template.

Default: The default version for the launch template.

' - description: 'The launch template to use. You must specify either the launch template ID or launch template name in the request, but not both.' - SpotInstanceType: - type: string - enum: - - one-time - - persistent - ResourceType: - type: string - enum: - - capacity-reservation - - client-vpn-endpoint - - customer-gateway - - carrier-gateway - - dedicated-host - - dhcp-options - - egress-only-internet-gateway - - elastic-ip - - elastic-gpu - - export-image-task - - export-instance-task - - fleet - - fpga-image - - host-reservation - - image - - import-image-task - - import-snapshot-task - - instance - - instance-event-window - - internet-gateway - - ipam - - ipam-pool - - ipam-scope - - ipv4pool-ec2 - - ipv6pool-ec2 - - key-pair - - launch-template - - local-gateway - - local-gateway-route-table - - local-gateway-virtual-interface - - local-gateway-virtual-interface-group - - local-gateway-route-table-vpc-association - - local-gateway-route-table-virtual-interface-group-association - - natgateway - - network-acl - - network-interface - - network-insights-analysis - - network-insights-path - - network-insights-access-scope - - network-insights-access-scope-analysis - - placement-group - - prefix-list - - replace-root-volume-task - - reserved-instances - - route-table - - security-group - - security-group-rule - - snapshot - - spot-fleet-request - - spot-instances-request - - subnet - - subnet-cidr-reservation - - traffic-mirror-filter - - traffic-mirror-session - - traffic-mirror-target - - transit-gateway - - transit-gateway-attachment - - transit-gateway-connect-peer - - transit-gateway-multicast-domain - - transit-gateway-route-table - - volume - - vpc - - vpc-endpoint - - vpc-endpoint-service - - vpc-peering-connection - - vpn-connection - - vpn-gateway - - vpc-flow-log - LaunchTemplateTagSpecification: - type: object - properties: - resourceType: - allOf: - - $ref: '#/components/schemas/ResourceType' - - description: The type of resource. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the resource. - description: The tag specification for the launch template. - LaunchTemplateTagSpecificationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LaunchTemplateTagSpecification' - - xml: - name: item - LaunchTemplateTagSpecificationRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ResourceType' - - description: 'The type of resource to tag. Currently, the resource types that support tagging on creation are instance, volume, elastic-gpu, network-interface, and spot-instances-request. To tag a resource after it has been created, see CreateTags.' - Tag: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags to apply to the resource. - description: The tags specification for the launch template. - VersionDescription: - type: string - minLength: 0 - maxLength: 255 - LaunchTemplatesMonitoring: - type: object - properties: - enabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Indicates whether detailed monitoring is enabled. Otherwise, basic monitoring is enabled.' - description: Describes the monitoring for the instance. - LaunchTemplatesMonitoringRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Specify true to enable detailed monitoring. Otherwise, basic monitoring is enabled.' - description: Describes the monitoring for the instance. - LicenseConfiguration: - type: object - properties: - licenseConfigurationArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the license configuration. - description: Describes a license configuration. - LicenseSpecificationListRequest: - type: array - items: - allOf: - - $ref: '#/components/schemas/LicenseConfigurationRequest' - - xml: - name: item - ListImagesInRecycleBinMaxResults: - type: integer - minimum: 1 - maximum: 1000 - ListImagesInRecycleBinRequest: - type: object - title: ListImagesInRecycleBinRequest - properties: - ImageId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ListSnapshotsInRecycleBinMaxResults: - type: integer - minimum: 5 - maximum: 1000 - ListSnapshotsInRecycleBinRequest: - type: object - title: ListSnapshotsInRecycleBinRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The token for the next page of results. - SnapshotId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - SnapshotRecycleBinInfoList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SnapshotRecycleBinInfo' - - xml: - name: item - ListingStatus: - type: string - enum: - - active - - pending - - cancelled - - closed - TargetGroupsConfig: - type: object - properties: - targetGroups: - allOf: - - $ref: '#/components/schemas/TargetGroups' - - description: One or more target groups. - description: Describes the target groups to attach to a Spot Fleet. Spot Fleet registers the running Spot Instances with these target groups. - LoadPermission: - type: object - properties: - userId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID. - group: - allOf: - - $ref: '#/components/schemas/PermissionGroup' - - description: The name of the group. - description: Describes a load permission. - LoadPermissionRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID. - description: Describes a load permission. - LoadPermissionModifications: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LoadPermissionListRequest' - - description: The load permissions to remove. - description: Describes modifications to the load permissions of an Amazon FPGA image (AFI). - LocalGateway: - type: object - properties: - localGatewayId: - allOf: - - $ref: '#/components/schemas/LocalGatewayId' - - description: The ID of the local gateway. - outpostArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Outpost. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the local gateway. - state: - allOf: - - $ref: '#/components/schemas/String' - - description: The state of the local gateway. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the local gateway. - description: Describes a local gateway. - LocalGatewayMaxResults: - type: integer - minimum: 5 - maximum: 1000 - LocalGatewayRouteType: - type: string - enum: - - static - - propagated - LocalGatewayRouteState: - type: string - enum: - - pending - - active - - blackhole - - deleting - - deleted - LocalGatewayRouteList: - type: array - items: - allOf: - - $ref: '#/components/schemas/LocalGatewayRoute' - - xml: - name: item - LocalGatewayRouteTable: - type: object - properties: - localGatewayRouteTableId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the local gateway route table. - localGatewayRouteTableArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The Amazon Resource Name (ARN) of the local gateway route table. - localGatewayId: - allOf: - - $ref: '#/components/schemas/LocalGatewayId' - - description: The ID of the local gateway. - outpostArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Outpost. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the local gateway route table. - state: - allOf: - - $ref: '#/components/schemas/String' - - description: The state of the local gateway route table. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the local gateway route table. - description: Describes a local gateway route table. - LocalGatewayRouteTableVirtualInterfaceGroupAssociation: - type: object - properties: - localGatewayRouteTableVirtualInterfaceGroupAssociationId: - allOf: - - $ref: '#/components/schemas/LocalGatewayRouteTableVirtualInterfaceGroupAssociationId' - - description: The ID of the association. - localGatewayVirtualInterfaceGroupId: - allOf: - - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroupId' - - description: The ID of the virtual interface group. - localGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the local gateway. - localGatewayRouteTableId: - allOf: - - $ref: '#/components/schemas/LocalGatewayId' - - description: The ID of the local gateway route table. - localGatewayRouteTableArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The Amazon Resource Name (ARN) of the local gateway route table for the virtual interface group. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the local gateway virtual interface group association. - state: - allOf: - - $ref: '#/components/schemas/String' - - description: The state of the association. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the association. - description: Describes an association between a local gateway route table and a virtual interface group. - LocalGatewayVirtualInterface: - type: object - properties: - localGatewayVirtualInterfaceId: - allOf: - - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceId' - - description: The ID of the virtual interface. - localGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the local gateway. - vlan: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The ID of the VLAN. - localAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The local address. - peerAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The peer address. - localBgpAsn: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the local gateway. - peerBgpAsn: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The peer BGP ASN. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the local gateway virtual interface. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the virtual interface. - description: Describes a local gateway virtual interface. - LocalGatewayVirtualInterfaceGroup: - type: object - properties: - localGatewayVirtualInterfaceGroupId: - allOf: - - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroupId' - - description: The ID of the virtual interface group. - localGatewayVirtualInterfaceIdSet: - allOf: - - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceIdSet' - - description: The IDs of the virtual interfaces. - localGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the local gateway. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the local gateway virtual interface group. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags assigned to the virtual interface group. - description: Describes a local gateway virtual interface group. - LocalStorageType: - type: string - enum: - - hdd - - ssd - PrefixListState: - type: string - enum: - - create-in-progress - - create-complete - - create-failed - - modify-in-progress - - modify-complete - - modify-failed - - restore-in-progress - - restore-complete - - restore-failed - - delete-in-progress - - delete-complete - - delete-failed - MaxIpv4AddrPerInterface: - type: integer - MaxIpv6AddrPerInterface: - type: integer - MaxNetworkInterfaces: - type: integer - MaxResults: - type: integer - MaximumNetworkCards: - type: integer - MembershipType: - type: string - enum: - - static - - igmp - MemorySize: - type: integer - ModifyAddressAttributeRequest: - type: object - required: - - AllocationId - title: ModifyAddressAttributeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyAvailabilityZoneGroupRequest: - type: object - required: - - GroupName - - OptInStatus - title: ModifyAvailabilityZoneGroupRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyAvailabilityZoneOptInStatus: - type: string - enum: - - opted-in - - not-opted-in - ModifyCapacityReservationFleetRequest: - type: object - required: - - CapacityReservationFleetId - title: ModifyCapacityReservationFleetRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Indicates whether to remove the end date from the Capacity Reservation Fleet. If you remove the end date, the Capacity Reservation Fleet does not expire and it remains active until you explicitly cancel it using the CancelCapacityReservationFleet action.

You can''t specify RemoveEndDate and EndDate in the same request.

' - ModifyCapacityReservationRequest: - type: object - required: - - CapacityReservationId - title: ModifyCapacityReservationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: Reserved for future use. - ModifyClientVpnEndpointRequest: - type: object - required: - - ClientVpnEndpointId - title: ModifyClientVpnEndpointRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/ClientLoginBannerOptions' - - description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. - ModifyDefaultCreditSpecificationRequest: - type: object - required: - - InstanceFamily - - CpuCredits - title: ModifyDefaultCreditSpecificationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The credit option for CPU usage of the instance family.

Valid Values: standard | unlimited

' - ModifyEbsDefaultKmsKeyIdRequest: - type: object - required: - - KmsKeyId - title: ModifyEbsDefaultKmsKeyIdRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyFleetRequest: - type: object - required: - - FleetId - title: ModifyFleetRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/FleetExcessCapacityTerminationPolicy' - - description: Indicates whether running instances should be terminated if the total target capacity of the EC2 Fleet is decreased below the current size of the EC2 Fleet. - LaunchTemplateConfig: - allOf: - - $ref: '#/components/schemas/String' - - description: Reserved. - OperationType: - type: string - enum: - - add - - remove - UserIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: UserId - UserGroupStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: UserGroup - ModifyFpgaImageAttributeRequest: - type: object - required: - - FpgaImageId - title: ModifyFpgaImageAttributeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/OperationType' - - description: The operation type. - UserId: - allOf: - - $ref: '#/components/schemas/UserIdStringList' - - description: The Amazon Web Services account IDs. This parameter is valid only when modifying the loadPermission attribute. - UserGroup: - allOf: - - $ref: '#/components/schemas/UserGroupStringList' - - description: The user groups. This parameter is valid only when modifying the loadPermission attribute. - ProductCode: - allOf: - - $ref: '#/components/schemas/String' - - description: A name for the AFI. - ModifyHostsRequest: - type: object - required: - - HostIds - title: ModifyHostsRequest - properties: - autoPlacement: - allOf: - - $ref: '#/components/schemas/AutoPlacement' - - description: Specify whether to enable or disable auto-placement. - hostId: - allOf: - - $ref: '#/components/schemas/String' - - description: '

Specifies the instance family to be supported by the Dedicated Host. Specify this parameter to modify a Dedicated Host to support multiple instance types within its current instance family.

If you want to modify a Dedicated Host to support a specific instance type only, omit this parameter and specify InstanceType instead. You cannot specify InstanceFamily and InstanceType in the same request.

' - UnsuccessfulItemList: - type: array - items: - allOf: - - $ref: '#/components/schemas/UnsuccessfulItem' - - xml: - name: item - ModifyIdFormatRequest: - type: object - required: - - Resource - - UseLongIds - title: ModifyIdFormatRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicate whether the resource should use longer IDs (17-character IDs). - ModifyIdentityIdFormatRequest: - type: object - required: - - PrincipalArn - - Resource - - UseLongIds - title: ModifyIdentityIdFormatRequest - properties: - principalArn: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ARN of the principal, which can be an IAM user, IAM role, or the root user. Specify all to modify the ID format for all IAM users, IAM roles, and the root user of the account.' - resource: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

Alternatively, use the all-current option to include all resource types that are currently within their opt-in period for longer IDs.

' - useLongIds: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the resource should use longer IDs (17-character IDs) - ProductCodeStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: ProductCode - OrganizationArnStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: OrganizationArn - OrganizationalUnitArnStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: OrganizationalUnitArn - ModifyImageAttributeRequest: - type: object - required: - - ImageId - title: ModifyImageAttributeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/OperationType' - - description: The operation type. This parameter can be used only when the Attribute parameter is launchPermission. - ProductCode: - allOf: - - $ref: '#/components/schemas/ProductCodeStringList' - - description: Not supported. - UserGroup: - allOf: - - $ref: '#/components/schemas/UserGroupStringList' - - description: The user groups. This parameter can be used only when the Attribute parameter is launchPermission. - UserId: - allOf: - - $ref: '#/components/schemas/String' - - description: The value of the attribute being modified. This parameter can be used only when the Attribute parameter is description. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - OrganizationArn: - allOf: - - $ref: '#/components/schemas/OrganizationArnStringList' - - description: The Amazon Resource Name (ARN) of an organization. This parameter can be used only when the Attribute parameter is launchPermission. - OrganizationalUnitArn: - allOf: - - $ref: '#/components/schemas/OrganizationalUnitArnStringList' - - description: The Amazon Resource Name (ARN) of an organizational unit (OU). This parameter can be used only when the Attribute parameter is launchPermission. - description: Contains the parameters for ModifyImageAttribute. - ModifyInstanceAttributeRequest: - type: object - required: - - InstanceId - title: ModifyInstanceAttributeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description: 'Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.' - attribute: - allOf: - - $ref: '#/components/schemas/InstanceAttributeName' - - description: The name of the attribute. - blockDeviceMapping: - allOf: - - $ref: '#/components/schemas/InstanceBlockDeviceMappingSpecificationList' - - description: '

Modifies the DeleteOnTermination attribute for volumes that are currently attached. The volume must be owned by the caller. If no value is specified for DeleteOnTermination, the default is true and the volume is deleted when the instance is terminated.

To add instance store volumes to an Amazon EBS-backed instance, you must add them when you launch the instance. For more information, see Update the block device mapping when launching an instance in the Amazon EC2 User Guide.

' - disableApiTermination: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description: 'If the value is true, you can''t terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. You cannot use this parameter for Spot Instances.' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ebsOptimized: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description: Specifies whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance. - enaSupport: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description:

Set to true to enable enhanced networking with ENA for the instance.

This option is supported only for HVM instances. Specifying this option with a PV instance can make it unreachable.

- GroupId: - allOf: - - $ref: '#/components/schemas/GroupIdStringList' - - description: '[EC2-VPC] Replaces the security groups of the instance with the specified security groups. You must specify at least one security group, even if it''s just the default security group for the VPC. You must specify the security group ID, not the security group name.' - instanceId: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: The ID of the instance. - instanceInitiatedShutdownBehavior: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: Specifies whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). - instanceType: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: 'Changes the instance type to the specified value. For more information, see Instance types in the Amazon EC2 User Guide. If the instance type is not valid, the error returned is InvalidInstanceAttributeValue.' - kernel: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: 'Changes the instance''s kernel to the specified value. We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB.' - ramdisk: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: 'Changes the instance''s RAM disk to the specified value. We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB.' - sriovNetSupport: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description:

Set to simple to enable enhanced networking with the Intel 82599 Virtual Function interface for the instance.

There is no way to disable enhanced networking with the Intel 82599 Virtual Function interface at this time.

This option is supported only for HVM instances. Specifying this option with a PV instance can make it unreachable.

- userData: - allOf: - - $ref: '#/components/schemas/BlobAttributeValue' - - description: 'Changes the instance''s user data to the specified value. If you are using an Amazon Web Services SDK or command line tool, base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide base64-encoded text.' - value: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A new value for the attribute. Use only with the kernel, ramdisk, userData, disableApiTermination, or instanceInitiatedShutdownBehavior attribute.' - ModifyInstanceCapacityReservationAttributesRequest: - type: object - required: - - InstanceId - - CapacityReservationSpecification - title: ModifyInstanceCapacityReservationAttributesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyInstanceCreditSpecificationRequest: - type: object - required: - - InstanceCreditSpecifications - title: ModifyInstanceCreditSpecificationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.' - InstanceCreditSpecification: - allOf: - - $ref: '#/components/schemas/InstanceCreditSpecificationListRequest' - - description: Information about the credit option for CPU usage. - SuccessfulInstanceCreditSpecificationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/SuccessfulInstanceCreditSpecificationItem' - - xml: - name: item - UnsuccessfulInstanceCreditSpecificationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/UnsuccessfulInstanceCreditSpecificationItem' - - xml: - name: item - ModifyInstanceEventStartTimeRequest: - type: object - required: - - InstanceId - - InstanceEventId - - NotBefore - title: ModifyInstanceEventStartTimeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The new date and time when the event will take place. - ModifyInstanceEventWindowRequest: - type: object - required: - - InstanceEventWindowId - title: ModifyInstanceEventWindowRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowId' - - description: The ID of the event window. - TimeRange: - allOf: - - $ref: '#/components/schemas/InstanceEventWindowCronExpression' - - description: '

The cron expression of the event window, for example, * 0-4,20-23 * * 1,5.

Constraints:

For more information about cron expressions, see cron on the Wikipedia website.

' - ModifyInstanceMaintenanceOptionsRequest: - type: object - required: - - InstanceId - title: ModifyInstanceMaintenanceOptionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyInstanceMetadataOptionsRequest: - type: object - required: - - InstanceId - title: ModifyInstanceMetadataOptionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/InstanceMetadataTagsState' - - description: '

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.

Default: disabled

' - ModifyInstancePlacementRequest: - type: object - required: - - InstanceId - title: ModifyInstancePlacementRequest - properties: - affinity: - allOf: - - $ref: '#/components/schemas/PlacementGroupName' - - description: '

The name of the placement group in which to place the instance. For spread placement groups, the instance must have a tenancy of default. For cluster and partition placement groups, the instance must have a tenancy of default or dedicated.

To remove an instance from a placement group, specify an empty string ("").

' - hostId: - allOf: - - $ref: '#/components/schemas/DedicatedHostId' - - description: The ID of the Dedicated Host with which to associate the instance. - instanceId: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: The ID of the instance that you are modifying. - tenancy: - allOf: - - $ref: '#/components/schemas/String' - - description: The ARN of the host resource group in which to place the instance. - ModifyIpamPoolRequest: - type: object - required: - - IpamPoolId - title: ModifyIpamPoolRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Clear the default netmask length allocation rule for this pool. - AddAllocationResourceTag: - allOf: - - $ref: '#/components/schemas/RequestIpamResourceTagList' - - description: 'Add tag allocation rules to a pool. For more information about allocation rules, see Create a top-level pool in the Amazon VPC IPAM User Guide.' - RemoveAllocationResourceTag: - allOf: - - $ref: '#/components/schemas/RequestIpamResourceTagList' - - description: Remove tag allocation rules from a pool. - RemoveIpamOperatingRegionSet: - type: array - items: - $ref: '#/components/schemas/RemoveIpamOperatingRegion' - minItems: 0 - maxItems: 50 - ModifyIpamRequest: - type: object - required: - - IpamId - title: ModifyIpamRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the IPAM you want to modify. - AddOperatingRegion: - allOf: - - $ref: '#/components/schemas/AddIpamOperatingRegionSet' - - description: '

Choose the operating Regions for the IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

' - RemoveOperatingRegion: - allOf: - - $ref: '#/components/schemas/RemoveIpamOperatingRegionSet' - - description: The operating Regions to remove. - ModifyIpamResourceCidrRequest: - type: object - required: - - ResourceId - - ResourceCidr - - ResourceRegion - - CurrentIpamScopeId - - Monitored - title: ModifyIpamResourceCidrRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Determines if the resource is monitored by IPAM. If a resource is monitored, the resource is discovered by IPAM and you can view details about the resource’s CIDR.' - ModifyIpamScopeRequest: - type: object - required: - - IpamScopeId - title: ModifyIpamScopeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the scope you want to modify. - ModifyLaunchTemplateRequest: - type: object - title: ModifyLaunchTemplateRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/LaunchTemplateName' - - description: The name of the launch template. You must specify either the launch template ID or launch template name in the request. - SetDefaultVersion: - allOf: - - $ref: '#/components/schemas/String' - - description: The version number of the launch template to set as the default version. - ModifyManagedPrefixListRequest: - type: object - required: - - PrefixListId - title: ModifyManagedPrefixListRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: A name for the prefix list. - AddEntry: - allOf: - - $ref: '#/components/schemas/AddPrefixListEntries' - - description: One or more entries to add to the prefix list. - RemoveEntry: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The maximum number of entries for the prefix list. You cannot modify the entries of a prefix list and modify the size of a prefix list at the same time.

If any of the resources that reference the prefix list cannot support the new maximum size, the modify operation fails. Check the state message for the IDs of the first ten resources that do not support the new maximum size.

' - NetworkInterfaceAttachmentChanges: - type: object - properties: - attachmentId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceAttachmentId' - - description: The ID of the network interface attachment. - deleteOnTermination: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the network interface is deleted when the instance is terminated. - description: Describes an attachment change. - ModifyNetworkInterfaceAttributeRequest: - type: object - required: - - NetworkInterfaceId - title: ModifyNetworkInterfaceAttributeRequest - properties: - attachment: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceAttachmentChanges' - - description: 'Information about the interface attachment. If modifying the ''delete on termination'' attribute, you must specify the ID of the interface attachment.' - description: - allOf: - - $ref: '#/components/schemas/AttributeValue' - - description: A description for the network interface. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/SecurityGroupIdStringList' - - description: 'Changes the security groups for the network interface. The new set of groups you specify replaces the current set. You must specify at least one group, even if it''s just the default security group in the VPC. You must specify the ID of the security group, not the name.' - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - description: The ID of the network interface. - sourceDestCheck: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description: 'Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.' - description: Contains the parameters for ModifyNetworkInterfaceAttribute. - ModifyPrivateDnsNameOptionsRequest: - type: object - title: ModifyPrivateDnsNameOptionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. - ReservedInstancesConfigurationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservedInstancesConfiguration' - - xml: - name: item - ModifyReservedInstancesRequest: - type: object - required: - - ReservedInstancesIds - - TargetConfigurations - title: ModifyReservedInstancesRequest - properties: - ReservedInstancesId: - allOf: - - $ref: '#/components/schemas/ReservedInstancesIdStringList' - - description: The IDs of the Reserved Instances to modify. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A unique, case-sensitive token you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.' - ReservedInstancesConfigurationSetItemType: - allOf: - - $ref: '#/components/schemas/ReservedInstancesConfigurationList' - - description: The configuration settings for the Reserved Instances to modify. - description: Contains the parameters for ModifyReservedInstances. - ModifySecurityGroupRulesRequest: - type: object - required: - - GroupId - - SecurityGroupRules - title: ModifySecurityGroupRulesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - description: The ID of the security group. - SecurityGroupRule: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifySnapshotAttributeRequest: - type: object - required: - - SnapshotId - title: ModifySnapshotAttributeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/CreateVolumePermissionModifications' - - description: A JSON representation of the snapshot attribute modification. - UserGroup: - allOf: - - $ref: '#/components/schemas/SnapshotId' - - description: The ID of the snapshot. - UserId: - allOf: - - $ref: '#/components/schemas/UserIdStringList' - - description: The account ID to modify for the snapshot. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifySnapshotTierRequest: - type: object - required: - - SnapshotId - title: ModifySnapshotTierRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifySpotFleetRequestRequest: - type: object - required: - - SpotFleetRequestId - title: ModifySpotFleetRequestRequest - properties: - excessCapacityTerminationPolicy: - allOf: - - $ref: '#/components/schemas/ExcessCapacityTerminationPolicy' - - description: Indicates whether running Spot Instances should be terminated if the target capacity of the Spot Fleet request is decreased below the current size of the Spot Fleet. - LaunchTemplateConfig: - allOf: - - $ref: '#/components/schemas/LaunchTemplateConfigList' - - description: 'The launch template and overrides. You can only use this parameter if you specified a launch template (LaunchTemplateConfigs) in your Spot Fleet request. If you specified LaunchSpecifications in your Spot Fleet request, then omit this parameter.' - spotFleetRequestId: - allOf: - - $ref: '#/components/schemas/SpotFleetRequestId' - - description: The ID of the Spot Fleet request. - targetCapacity: - allOf: - - $ref: '#/components/schemas/String' - - description: Reserved. - description: Contains the parameters for ModifySpotFleetRequest. - ModifySubnetAttributeRequest: - type: object - required: - - SubnetId - title: ModifySubnetAttributeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description: Specify true to indicate that network interfaces attached to instances created in the specified subnet should be assigned a public IPv4 address. - subnetId: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description: ' Specify true to indicate that local network interfaces at the current position should be disabled. ' - TrafficMirrorNetworkServiceList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrafficMirrorNetworkService' - - xml: - name: item - ModifyTrafficMirrorFilterNetworkServicesRequest: - type: object - required: - - TrafficMirrorFilterId - title: ModifyTrafficMirrorFilterNetworkServicesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TrafficMirrorFilterId' - - description: The ID of the Traffic Mirror filter. - AddNetworkService: - allOf: - - $ref: '#/components/schemas/TrafficMirrorNetworkServiceList' - - description: 'The network service, for example Amazon DNS, that you want to mirror.' - RemoveNetworkService: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyTrafficMirrorFilterRuleRequest: - type: object - required: - - TrafficMirrorFilterRuleId - title: ModifyTrafficMirrorFilterRuleRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The description to assign to the Traffic Mirror rule. - RemoveField: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyTrafficMirrorSessionRequest: - type: object - required: - - TrafficMirrorSessionId - title: ModifyTrafficMirrorSessionRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The description to assign to the Traffic Mirror session. - RemoveField: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyTransitGatewayOptions: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableId' - - description: The ID of the default propagation route table. - description: The transit gateway options. - ModifyTransitGatewayPrefixListReferenceRequest: - type: object - required: - - TransitGatewayRouteTableId - - PrefixListId - title: ModifyTransitGatewayPrefixListReferenceRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyTransitGatewayRequest: - type: object - required: - - TransitGatewayId - title: ModifyTransitGatewayRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyTransitGatewayVpcAttachmentRequest: - type: object - required: - - TransitGatewayAttachmentId - title: ModifyTransitGatewayVpcAttachmentRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyTransitGatewayVpcAttachmentRequestOptions: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ApplianceModeSupportValue' - - description: 'Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable.' - description: Describes the options for a VPC attachment. - ModifyVolumeAttributeRequest: - type: object - required: - - VolumeId - title: ModifyVolumeAttributeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VolumeId' - - description: The ID of the volume. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyVolumeRequest: - type: object - required: - - VolumeId - title: ModifyVolumeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Specifies whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the volume to up to 16 Nitro-based instances in the same Availability Zone. This parameter is supported with io1 and io2 volumes only. For more information, see Amazon EBS Multi-Attach in the Amazon Elastic Compute Cloud User Guide.' - VolumeModification: - type: object - properties: - volumeId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the volume. - modificationState: - allOf: - - $ref: '#/components/schemas/VolumeModificationState' - - description: The current modification state. The modification state is null for unmodified volumes. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: A status message about the modification progress or failure. - targetSize: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The target size of the volume, in GiB.' - targetIops: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The target IOPS rate of the volume. - targetVolumeType: - allOf: - - $ref: '#/components/schemas/VolumeType' - - description: The target EBS volume type of the volume. - targetThroughput: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The target throughput of the volume, in MiB/s.' - targetMultiAttachEnabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The target setting for Amazon EBS Multi-Attach. - originalSize: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The original size of the volume, in GiB.' - originalIops: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The original IOPS rate of the volume. - originalVolumeType: - allOf: - - $ref: '#/components/schemas/VolumeType' - - description: The original EBS volume type of the volume. - originalThroughput: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The original throughput of the volume, in MiB/s.' - originalMultiAttachEnabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: The original setting for Amazon EBS Multi-Attach. - progress: - allOf: - - $ref: '#/components/schemas/Long' - - description: 'The modification progress, from 0 to 100 percent complete.' - startTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The modification start time. - endTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The modification completion or failure time. - description: '

Describes the modification status of an EBS volume.

If the volume has never been modified, some element values will be null.

' - ModifyVpcAttributeRequest: - type: object - required: - - VpcId - title: ModifyVpcAttributeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/AttributeBooleanValue' - - description: '

Indicates whether the DNS resolution is supported for the VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC network range "plus two" succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is not enabled.

You cannot modify the DNS resolution and DNS hostnames attributes in the same request. Use separate requests for each attribute.

' - vpcId: - allOf: - - $ref: '#/components/schemas/VpcId' - - description: The ID of the VPC. - ModifyVpcEndpointConnectionNotificationRequest: - type: object - required: - - ConnectionNotificationId - title: ModifyVpcEndpointConnectionNotificationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: 'One or more events for the endpoint. Valid values are Accept, Connect, Delete, and Reject.' - VpcEndpointSecurityGroupIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: item - ModifyVpcEndpointRequest: - type: object - required: - - VpcEndpointId - title: ModifyVpcEndpointRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: (Interface and gateway endpoints) A policy to attach to the endpoint that controls access to the service. The policy must be in valid JSON format. - AddRouteTableId: - allOf: - - $ref: '#/components/schemas/VpcEndpointRouteTableIdList' - - description: (Gateway endpoint) One or more route tables IDs to associate with the endpoint. - RemoveRouteTableId: - allOf: - - $ref: '#/components/schemas/VpcEndpointRouteTableIdList' - - description: (Gateway endpoint) One or more route table IDs to disassociate from the endpoint. - AddSubnetId: - allOf: - - $ref: '#/components/schemas/VpcEndpointSubnetIdList' - - description: '(Interface and Gateway Load Balancer endpoints) One or more subnet IDs in which to serve the endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet.' - RemoveSubnetId: - allOf: - - $ref: '#/components/schemas/VpcEndpointSubnetIdList' - - description: (Interface endpoint) One or more subnets IDs in which to remove the endpoint. - AddSecurityGroupId: - allOf: - - $ref: '#/components/schemas/VpcEndpointSecurityGroupIdList' - - description: (Interface endpoint) One or more security group IDs to associate with the network interface. - RemoveSecurityGroupId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: (Interface endpoint) Indicates whether a private hosted zone is associated with the VPC. - description: Contains the parameters for ModifyVpcEndpoint. - ModifyVpcEndpointServiceConfigurationRequest: - type: object - required: - - ServiceId - title: ModifyVpcEndpointServiceConfigurationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether requests to create an endpoint to your service must be accepted. - AddNetworkLoadBalancerArn: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The Amazon Resource Names (ARNs) of Network Load Balancers to add to your service configuration. - RemoveNetworkLoadBalancerArn: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The Amazon Resource Names (ARNs) of Network Load Balancers to remove from your service configuration. - AddGatewayLoadBalancerArn: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The Amazon Resource Names (ARNs) of Gateway Load Balancers to add to your service configuration. - RemoveGatewayLoadBalancerArn: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The Amazon Resource Names (ARNs) of Gateway Load Balancers to remove from your service configuration. - AddSupportedIpAddressType: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The IP address types to add to your service configuration. - RemoveSupportedIpAddressType: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The IP address types to remove from your service configuration. - PayerResponsibility: - type: string - enum: - - ServiceOwner - ModifyVpcEndpointServicePayerResponsibilityRequest: - type: object - required: - - ServiceId - - PayerResponsibility - title: ModifyVpcEndpointServicePayerResponsibilityRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/PayerResponsibility' - - description: 'The entity that is responsible for the endpoint costs. The default is the endpoint owner. If you set the payer responsibility to the service owner, you cannot set it back to the endpoint owner.' - ModifyVpcEndpointServicePermissionsRequest: - type: object - required: - - ServiceId - title: ModifyVpcEndpointServicePermissionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The Amazon Resource Names (ARN) of one or more principals. Permissions are revoked for principals in this list. - ModifyVpcPeeringConnectionOptionsRequest: - type: object - required: - - VpcPeeringConnectionId - title: ModifyVpcPeeringConnectionOptionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpcPeeringConnectionId' - - description: The ID of the VPC peering connection. - PeeringConnectionOptions: - type: object - properties: - allowDnsResolutionFromRemoteVpc: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If true, the public DNS hostnames of instances in the specified VPC resolve to private IP addresses when queried from instances in the peer VPC.' - allowEgressFromLocalClassicLinkToRemoteVpc: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If true, enables outbound communication from an EC2-Classic instance that''s linked to a local VPC using ClassicLink to instances in a peer VPC.' - allowEgressFromLocalVpcToRemoteClassicLink: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If true, enables outbound communication from instances in a local VPC to an EC2-Classic instance that''s linked to a peer VPC using ClassicLink.' - description: Describes the VPC peering connection options. - ModifyVpcTenancyRequest: - type: object - required: - - VpcId - - InstanceTenancy - title: ModifyVpcTenancyRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyVpnConnectionOptionsRequest: - type: object - required: - - VpnConnectionId - title: ModifyVpnConnectionOptionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyVpnConnectionRequest: - type: object - required: - - VpnConnectionId - title: ModifyVpnConnectionRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyVpnTunnelCertificateRequest: - type: object - required: - - VpnConnectionId - - VpnTunnelOutsideIpAddress - title: ModifyVpnTunnelCertificateRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyVpnTunnelOptionsRequest: - type: object - required: - - VpnConnectionId - - VpnTunnelOutsideIpAddress - - TunnelOptions - title: ModifyVpnTunnelOptionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ModifyVpnTunnelOptionsSpecification: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session.

Valid Values: clear | none | restart

Default: clear

' - Phase1EncryptionAlgorithm: - allOf: - - $ref: '#/components/schemas/Phase1EncryptionAlgorithmsRequestList' - - description: '

One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

' - Phase2EncryptionAlgorithm: - allOf: - - $ref: '#/components/schemas/Phase2EncryptionAlgorithmsRequestList' - - description: '

One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

' - Phase1IntegrityAlgorithm: - allOf: - - $ref: '#/components/schemas/Phase1IntegrityAlgorithmsRequestList' - - description: '

One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

' - Phase2IntegrityAlgorithm: - allOf: - - $ref: '#/components/schemas/Phase2IntegrityAlgorithmsRequestList' - - description: '

One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

' - Phase1DHGroupNumber: - allOf: - - $ref: '#/components/schemas/Phase1DHGroupNumbersRequestList' - - description: '

One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

' - Phase2DHGroupNumber: - allOf: - - $ref: '#/components/schemas/Phase2DHGroupNumbersRequestList' - - description: '

One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

' - IKEVersion: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for Amazon Web Services to initiate the IKE negotiation.

Valid Values: add | start

Default: add

' - description: The Amazon Web Services Site-to-Site VPN tunnel options to modify. - MonitorInstancesRequest: - type: object - required: - - InstanceIds - title: MonitorInstancesRequest - properties: - InstanceId: - allOf: - - $ref: '#/components/schemas/InstanceIdStringList' - - description: The IDs of the instances. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - MonitoringState: - type: string - enum: - - disabled - - disabling - - enabled - - pending - MoveAddressToVpcRequest: - type: object - required: - - PublicIp - title: MoveAddressToVpcRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - publicIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The Elastic IP address. - Status: - type: string - enum: - - MoveInProgress - - InVpc - - InClassic - MoveByoipCidrToIpamRequest: - type: object - required: - - Cidr - - IpamPoolId - - IpamPoolOwner - title: MoveByoipCidrToIpamRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID of the owner of the IPAM pool. - MoveStatus: - type: string - enum: - - movingToVpc - - restoringToClassic - MovingAddressStatus: - type: object - properties: - moveStatus: - allOf: - - $ref: '#/components/schemas/MoveStatus' - - description: 'The status of the Elastic IP address that''s being moved to the EC2-VPC platform, or restored to the EC2-Classic platform.' - publicIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The Elastic IP address. - description: Describes the status of a moving Elastic IP address. - MulticastSupportValue: - type: string - enum: - - enable - - disable - NatGatewayAddressList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NatGatewayAddress' - - xml: - name: item - ProvisionedBandwidth: - type: object - properties: - provisionTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.' - provisioned: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.' - requestTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.' - requested: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.' - status: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.' - description: 'Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.' - NatGatewayState: - type: string - enum: - - pending - - failed - - available - - deleting - - deleted - NatGatewayAddress: - type: object - properties: - allocationId: - allOf: - - $ref: '#/components/schemas/String' - - description: '[Public NAT gateway only] The allocation ID of the Elastic IP address that''s associated with the NAT gateway.' - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network interface associated with the NAT gateway. - privateIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The private IP address associated with the NAT gateway. - publicIp: - allOf: - - $ref: '#/components/schemas/String' - - description: '[Public NAT gateway only] The Elastic IP address associated with the NAT gateway.' - description: Describes the IP addresses and network interface associated with a NAT gateway. - NatGatewayIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NatGatewayId' - - xml: - name: item - NetworkAclAssociationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkAclAssociation' - - xml: - name: item - NetworkAclEntryList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkAclEntry' - - xml: - name: item - NetworkAclAssociation: - type: object - properties: - networkAclAssociationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the association between a network ACL and a subnet. - networkAclId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network ACL. - subnetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the subnet. - description: Describes an association between a network ACL and a subnet. - NetworkAclAssociationId: - type: string - NetworkAclEntry: - type: object - properties: - cidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv4 network range to allow or deny, in CIDR notation.' - egress: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the rule is an egress rule (applied to traffic leaving the subnet). - icmpTypeCode: - allOf: - - $ref: '#/components/schemas/IcmpTypeCode' - - description: 'ICMP protocol: The ICMP type and code.' - ipv6CidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv6 network range to allow or deny, in CIDR notation.' - portRange: - allOf: - - $ref: '#/components/schemas/PortRange' - - description: 'TCP or UDP protocols: The range of ports the rule applies to.' - protocol: - allOf: - - $ref: '#/components/schemas/String' - - description: The protocol number. A value of "-1" means all protocols. - ruleAction: - allOf: - - $ref: '#/components/schemas/RuleAction' - - description: Indicates whether to allow or deny the traffic that matches the rule. - ruleNumber: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The rule number for the entry. ACL entries are processed in ascending order by rule number. - description: Describes an entry in a network ACL. - NetworkAclIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkAclId' - - xml: - name: item - NetworkCardIndex: - type: integer - NetworkPerformance: - type: string - NetworkCardInfo: - type: object - properties: - networkCardIndex: - allOf: - - $ref: '#/components/schemas/NetworkCardIndex' - - description: The index of the network card. - networkPerformance: - allOf: - - $ref: '#/components/schemas/NetworkPerformance' - - description: The network performance of the network card. - maximumNetworkInterfaces: - allOf: - - $ref: '#/components/schemas/MaxNetworkInterfaces' - - description: The maximum number of network interfaces for the network card. - description: Describes the network card support of the instance type. - NetworkCardInfoList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkCardInfo' - - xml: - name: item - NetworkInsightsAccessScopeAnalysis: - type: object - properties: - networkInsightsAccessScopeAnalysisId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysisId' - - description: The ID of the Network Access Scope analysis. - networkInsightsAccessScopeAnalysisArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The Amazon Resource Name (ARN) of the Network Access Scope analysis. - networkInsightsAccessScopeId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' - - description: The ID of the Network Access Scope. - status: - allOf: - - $ref: '#/components/schemas/AnalysisStatus' - - description: The status. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: The status message. - warningMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: The warning message. - startDate: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The analysis start date. - endDate: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The analysis end date. - findingsFound: - allOf: - - $ref: '#/components/schemas/FindingsFound' - - description: Indicates whether there are findings. - analyzedEniCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of network interfaces analyzed. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags. - description: Describes a Network Access Scope analysis. - NetworkInsightsAccessScopeAnalysisIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysisId' - - xml: - name: item - NetworkInsightsAnalysis: - type: object - properties: - networkInsightsAnalysisId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAnalysisId' - - description: The ID of the network insights analysis. - networkInsightsAnalysisArn: - allOf: - - $ref: '#/components/schemas/ResourceArn' - - description: The Amazon Resource Name (ARN) of the network insights analysis. - networkInsightsPathId: - allOf: - - $ref: '#/components/schemas/NetworkInsightsPathId' - - description: The ID of the path. - filterInArnSet: - allOf: - - $ref: '#/components/schemas/ArnList' - - description: The Amazon Resource Names (ARN) of the Amazon Web Services resources that the path must traverse. - startDate: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time the analysis started. - status: - allOf: - - $ref: '#/components/schemas/AnalysisStatus' - - description: The status of the network insights analysis. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The status message, if the status is failed.' - warningMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: The warning message. - networkPathFound: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the destination is reachable from the source. - forwardPathComponentSet: - allOf: - - $ref: '#/components/schemas/PathComponentList' - - description: The components in the path from source to destination. - returnPathComponentSet: - allOf: - - $ref: '#/components/schemas/PathComponentList' - - description: The components in the path from destination to source. - explanationSet: - allOf: - - $ref: '#/components/schemas/ExplanationList' - - description: 'The explanations. For more information, see Reachability Analyzer explanation codes.' - alternatePathHintSet: - allOf: - - $ref: '#/components/schemas/AlternatePathHintList' - - description: Potential intermediate components. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags. - description: Describes a network insights analysis. - NetworkInsightsAnalysisIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInsightsAnalysisId' - - xml: - name: item - NetworkInsightsMaxResults: - type: integer - minimum: 1 - maximum: 100 - Protocol: - type: string - enum: - - tcp - - udp - NetworkInsightsResourceId: - type: string - NetworkInterfaceAssociation: - type: object - properties: - allocationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The allocation ID. - associationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The association ID. - ipOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Elastic IP address owner. - publicDnsName: - allOf: - - $ref: '#/components/schemas/String' - - description: The public DNS name. - publicIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The address of the Elastic IP address bound to the network interface. - customerOwnedIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The customer-owned IP address associated with the network interface. - carrierIp: - allOf: - - $ref: '#/components/schemas/String' - - description:

The carrier IP address associated with the network interface.

This option is only available when the network interface is in a subnet which is associated with a Wavelength Zone.

- description: 'Describes association information for an Elastic IP address (IPv4 only), or a Carrier IP address (for a network interface which resides in a subnet in a Wavelength Zone).' - NetworkInterfaceType: - type: string - enum: - - interface - - natGateway - - efa - - trunk - - load_balancer - - network_load_balancer - - vpc_endpoint - - branch - - transit_gateway - - lambda - - quicksight - - global_accelerator_managed - - api_gateway_managed - - gateway_load_balancer - - gateway_load_balancer_endpoint - - iot_rules_managed - - aws_codestar_connections_managed - NetworkInterfaceIpv6AddressesList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceIpv6Address' - - xml: - name: item - NetworkInterfacePrivateIpAddressList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInterfacePrivateIpAddress' - - xml: - name: item - NetworkInterfaceCountRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum number of network interfaces. To specify no maximum limit, omit this parameter.' - description: The minimum and maximum number of network interfaces. - NetworkInterfaceIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - xml: - name: item - NetworkInterfaceIpv6Address: - type: object - properties: - ipv6Address: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 address. - description: Describes an IPv6 address associated with a network interface. - NetworkInterfacePermissionState: - type: object - properties: - state: - allOf: - - $ref: '#/components/schemas/NetworkInterfacePermissionStateCode' - - description: The state of the permission. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A status message, if applicable.' - description: Describes the state of a network interface permission. - NetworkInterfacePermissionStateCode: - type: string - enum: - - pending - - granted - - revoking - - revoked - NetworkInterfacePrivateIpAddress: - type: object - properties: - association: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceAssociation' - - description: The association information for an Elastic IP address (IPv4) associated with the network interface. - primary: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether this IPv4 address is the primary private IPv4 address of the network interface. - privateDnsName: - allOf: - - $ref: '#/components/schemas/String' - - description: The private DNS name. - privateIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The private IPv4 address. - description: Describes the private IPv4 address of a network interface. - OccurrenceDayRequestSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/Integer' - - xml: - name: OccurenceDay - OccurrenceDaySet: - type: array - items: - allOf: - - $ref: '#/components/schemas/Integer' - - xml: - name: item - OnDemandOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The maximum amount per hour for On-Demand Instances that you're willing to pay. - description: Describes the configuration of On-Demand Instances in an EC2 Fleet. - ProtocolList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Protocol' - - xml: - name: item - PacketHeaderStatement: - type: object - properties: - sourceAddressSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The source addresses. - destinationAddressSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The destination addresses. - sourcePortSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The source ports. - destinationPortSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The destination ports. - sourcePrefixListSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The source prefix lists. - destinationPrefixListSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The destination prefix lists. - protocolSet: - allOf: - - $ref: '#/components/schemas/ProtocolList' - - description: The protocols. - description: Describes a packet header statement. - PacketHeaderStatementRequest: - type: object - properties: - SourceAddress: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The source addresses. - DestinationAddress: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The destination addresses. - SourcePort: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The source ports. - DestinationPort: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The destination ports. - SourcePrefixList: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The source prefix lists. - DestinationPrefixList: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The destination prefix lists. - Protocol: - allOf: - - $ref: '#/components/schemas/ProtocolList' - - description: The protocols. - description: Describes a packet header statement. - PartitionLoadFrequency: - type: string - enum: - - none - - daily - - weekly - - monthly - PathComponent: - type: object - properties: - sequenceNumber: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The sequence number. - aclRule: - allOf: - - $ref: '#/components/schemas/AnalysisAclRule' - - description: The network ACL rule. - attachedTo: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The resource to which the path component is attached. - component: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The component. - destinationVpc: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The destination VPC. - outboundHeader: - allOf: - - $ref: '#/components/schemas/AnalysisPacketHeader' - - description: The outbound header. - inboundHeader: - allOf: - - $ref: '#/components/schemas/AnalysisPacketHeader' - - description: The inbound header. - routeTableRoute: - allOf: - - $ref: '#/components/schemas/AnalysisRouteTableRoute' - - description: The route table route. - securityGroupRule: - allOf: - - $ref: '#/components/schemas/AnalysisSecurityGroupRule' - - description: The security group rule. - sourceVpc: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The source VPC. - subnet: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The subnet. - vpc: - allOf: - - $ref: '#/components/schemas/AnalysisComponent' - - description: The component VPC. - additionalDetailSet: - allOf: - - $ref: '#/components/schemas/AdditionalDetailList' - - description: The additional details. - transitGateway: - $ref: '#/components/schemas/AnalysisComponent' - transitGatewayRouteTableRoute: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableRoute' - - description: The route in a transit gateway route table. - description: Describes a path component. - ResourceStatement: - type: object - properties: - resourceSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The resources. - resourceTypeSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The resource types. - description: Describes a resource statement. - ResourceStatementRequest: + type: string + InstanceId: + description: The ID of the instance. + type: string + PrivateIpAddress: + description: The primary or secondary private IP address to associate with the Elastic IP address. + type: string + EIP: + description: The Elastic IP address to associate with the instance. + type: string + x-stackql-resource-name: eip_association + description: Resource schema for EC2 EIP association. + x-type-name: AWS::EC2::EIPAssociation + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - AllocationId + - NetworkInterfaceId + - InstanceId + - PrivateIpAddress + - EIP + x-read-only-properties: + - Id + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + x-required-permissions: + create: + - ec2:DescribeAddresses + - ec2:AssociateAddress + read: + - ec2:DescribeAddresses + delete: + - ec2:DisassociateAddress + - ec2:DescribeAddresses + list: + - ec2:DescribeAddresses + EnclaveCertificateIamRoleAssociation: + type: object + properties: + CertificateArn: + description: The Amazon Resource Name (ARN) of the ACM certificate with which to associate the IAM role. + type: string + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:acm:[A-Za-z0-9-]{1,64}:([0-9]{12})?:certificate/.+$ + minLength: 1 + maxLength: 1283 + RoleArn: + description: The Amazon Resource Name (ARN) of the IAM role to associate with the ACM certificate. You can associate up to 16 IAM roles with an ACM certificate. + type: string + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:iam:.*:([0-9]{12})?:role/.+$ + minLength: 1 + maxLength: 1283 + CertificateS3BucketName: + description: The name of the Amazon S3 bucket to which the certificate was uploaded. + type: string + CertificateS3ObjectKey: + description: The Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored. + type: string + EncryptionKmsKeyId: + description: The ID of the AWS KMS CMK used to encrypt the private key of the certificate. + type: string + required: + - CertificateArn + - RoleArn + x-stackql-resource-name: enclave_certificate_iam_role_association + description: Associates an AWS Identity and Access Management (IAM) role with an AWS Certificate Manager (ACM) certificate. This association is based on Amazon Resource Names and it enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. + x-type-name: AWS::EC2::EnclaveCertificateIamRoleAssociation + x-stackql-primary-identifier: + - CertificateArn + - RoleArn + x-create-only-properties: + - CertificateArn + - RoleArn + x-read-only-properties: + - CertificateS3BucketName + - CertificateS3ObjectKey + - EncryptionKmsKeyId + x-required-properties: + - CertificateArn + - RoleArn + x-required-permissions: + create: + - ec2:AssociateEnclaveCertificateIamRole + read: + - ec2:GetAssociatedEnclaveCertificateIamRoles + delete: + - ec2:DisassociateEnclaveCertificateIamRole + list: + - ec2:GetAssociatedEnclaveCertificateIamRoles + FlowLog: type: object properties: - Resource: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The resources. + Id: + description: The Flow Log ID + type: string + DeliverCrossAccountRole: + description: The ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts. + type: string + DeliverLogsPermissionArn: + description: The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName. + type: string + LogDestination: + description: Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType. + type: string + LogDestinationType: + description: Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3. + type: string + enum: + - cloud-watch-logs + - s3 + - kinesis-data-firehose + LogFormat: + description: The fields to include in the flow log record, in the order in which they should appear. + type: string + LogGroupName: + description: The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName. + type: string + MaxAggregationInterval: + description: The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes). + type: integer + ResourceId: + description: The ID of the subnet, network interface, or VPC for which you want to create a flow log. + type: string ResourceType: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The resource types. - description: Describes a resource statement. - PeeringAttachmentStatus: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/String' - - description: The status code. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The status message, if applicable.' - description: The status of the transit gateway peering attachment. - PeeringConnectionOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'If true, enables outbound communication from instances in a local VPC to an EC2-Classic instance that''s linked to a peer VPC using ClassicLink.' - description: The VPC peering connection options. - PeeringTgwInfo: - type: object - properties: - transitGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the transit gateway. - region: - allOf: - - $ref: '#/components/schemas/String' - - description: The Region of the transit gateway. - description: Information about the transit gateway in the peering attachment. - Phase1DHGroupNumbersListValue: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The Diffie-Hellmann group number. - description: The Diffie-Hellmann group number for phase 1 IKE negotiations. - Phase1DHGroupNumbersList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Phase1DHGroupNumbersListValue' - - xml: - name: item - Phase1DHGroupNumbersRequestListValue: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The Diffie-Hellmann group number. - description: Specifies a Diffie-Hellman group number for the VPN tunnel for phase 1 IKE negotiations. - Phase1EncryptionAlgorithmsListValue: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The value for the encryption algorithm. - description: The encryption algorithm for phase 1 IKE negotiations. - Phase1EncryptionAlgorithmsList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Phase1EncryptionAlgorithmsListValue' - - xml: - name: item - Phase1EncryptionAlgorithmsRequestListValue: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The value for the encryption algorithm. - description: Specifies the encryption algorithm for the VPN tunnel for phase 1 IKE negotiations. - Phase1IntegrityAlgorithmsListValue: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The value for the integrity algorithm. - description: The integrity algorithm for phase 1 IKE negotiations. - Phase1IntegrityAlgorithmsList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Phase1IntegrityAlgorithmsListValue' - - xml: - name: item - Phase1IntegrityAlgorithmsRequestListValue: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The value for the integrity algorithm. - description: Specifies the integrity algorithm for the VPN tunnel for phase 1 IKE negotiations. - Phase2DHGroupNumbersListValue: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The Diffie-Hellmann group number. - description: The Diffie-Hellmann group number for phase 2 IKE negotiations. - Phase2DHGroupNumbersList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Phase2DHGroupNumbersListValue' - - xml: - name: item - Phase2DHGroupNumbersRequestListValue: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The Diffie-Hellmann group number. - description: Specifies a Diffie-Hellman group number for the VPN tunnel for phase 2 IKE negotiations. - Phase2EncryptionAlgorithmsListValue: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The encryption algorithm. - description: The encryption algorithm for phase 2 IKE negotiations. - Phase2EncryptionAlgorithmsList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Phase2EncryptionAlgorithmsListValue' - - xml: - name: item - Phase2EncryptionAlgorithmsRequestListValue: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The encryption algorithm. - description: Specifies the encryption algorithm for the VPN tunnel for phase 2 IKE negotiations. - Phase2IntegrityAlgorithmsListValue: - type: object - properties: - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The integrity algorithm. - description: The integrity algorithm for phase 2 IKE negotiations. - Phase2IntegrityAlgorithmsList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Phase2IntegrityAlgorithmsListValue' - - xml: - name: item - Phase2IntegrityAlgorithmsRequestListValue: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The integrity algorithm. - description: Specifies the integrity algorithm for the VPN tunnel for phase 2 IKE negotiations. - PlacementGroupState: - type: string - enum: - - pending - - available - - deleting - - deleted - PlacementStrategy: - type: string - enum: - - cluster - - spread - - partition - PlacementGroupStrategyList: - type: array - items: - allOf: - - $ref: '#/components/schemas/PlacementGroupStrategy' - - xml: - name: item - PlacementGroupStrategy: - type: string - enum: - - cluster - - partition - - spread - PoolCidrBlock: - type: object - properties: - poolCidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The CIDR block. - description: Describes a CIDR block for an address pool. - PrefixList: - type: object - properties: - cidrSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The IP address range of the Amazon Web Service. - prefixListId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the prefix. - prefixListName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the prefix. - description: Describes prefixes for Amazon Web Services services. - PrefixListAssociation: - type: object - properties: - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource. - resourceOwner: - allOf: - - $ref: '#/components/schemas/String' - - description: The owner of the resource. - description: Describes the resource with which a prefix list is associated. - PrefixListEntry: - type: object - properties: - cidr: - allOf: - - $ref: '#/components/schemas/String' - - description: The CIDR block. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description. - description: Describes a prefix list entry. - PrefixListId: - type: object - properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: '

A description for the security group rule that references this prefix list ID.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

' - prefixListId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the prefix. - description: Describes a prefix list ID. - PrefixListIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - PrefixListMaxResults: - type: integer - minimum: 1 - maximum: 100 - PriceSchedule: - type: object - properties: - active: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

The current price schedule, as determined by the term remaining for the Reserved Instance in the listing.

A specific price schedule is always in effect, but only one price schedule can be active at any time. Take, for example, a Reserved Instance listing that has five months remaining in its term. When you specify price schedules for five months and two months, this means that schedule 1, covering the first three months of the remaining term, will be active during months 5, 4, and 3. Then schedule 2, covering the last two months of the term, will be active for months 2 and 1.

' - currencyCode: - allOf: - - $ref: '#/components/schemas/CurrencyCodeValues' - - description: 'The currency for transacting the Reserved Instance resale. At this time, the only supported currency is USD.' - price: - allOf: - - $ref: '#/components/schemas/Double' - - description: The fixed price for the term. - term: - allOf: - - $ref: '#/components/schemas/Long' - - description: 'The number of months remaining in the reservation. For example, 2 is the second to the last month before the capacity reservation expires.' - description: Describes the price for a Reserved Instance. - PriceScheduleList: - type: array - items: - allOf: - - $ref: '#/components/schemas/PriceSchedule' - - xml: - name: item - PricingDetail: - type: object - properties: - count: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of reservations available for the price. - price: - allOf: - - $ref: '#/components/schemas/Double' - - description: The price per instance. - description: Describes a Reserved Instance offering. - PricingDetailsList: - type: array - items: - allOf: - - $ref: '#/components/schemas/PricingDetail' - - xml: - name: item - PrincipalIdFormat: - type: object - properties: - arn: - allOf: - - $ref: '#/components/schemas/String' - - description: PrincipalIdFormatARN description - statusSet: - allOf: - - $ref: '#/components/schemas/IdFormatList' - - description: PrincipalIdFormatStatuses description - description: PrincipalIdFormat description - PrivateDnsDetails: - type: object - properties: - privateDnsName: - allOf: - - $ref: '#/components/schemas/String' - - description: The private DNS name assigned to the VPC endpoint service. - description: Information about the Private DNS name for interface endpoints. - PrivateDnsDetailsSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/PrivateDnsDetails' - - xml: - name: item - PrivateDnsNameConfiguration: - type: object - properties: - state: - allOf: - - $ref: '#/components/schemas/DnsNameState' - - description:

The verification state of the VPC endpoint service.

>Consumers of the endpoint service can use the private name only when the state is verified.

- type: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The endpoint service verification type, for example TXT.' - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The value the service provider adds to the private DNS name domain record before verification. - name: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the record subdomain the service provider needs to create. The service provider adds the value text to the name. - description: Information about the private DNS name for the service endpoint. - PrivateDnsNameOptionsOnLaunch: + description: The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property. + type: string + enum: + - NetworkInterface + - Subnet + - VPC + - TransitGateway + - TransitGatewayAttachment + Tags: + description: The tags to apply to the flow logs. + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + TrafficType: + description: The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic. + type: string + enum: + - ACCEPT + - ALL + - REJECT + DestinationOptions: + type: object + additionalProperties: false + properties: + FileFormat: + type: string + enum: + - plain-text + - parquet + HiveCompatiblePartitions: + type: boolean + PerHourPartition: + type: boolean + required: + - FileFormat + - HiveCompatiblePartitions + - PerHourPartition + required: + - ResourceType + - ResourceId + x-stackql-resource-name: flow_log + description: Specifies a VPC flow log, which enables you to capture IP traffic for a specific network interface, subnet, or VPC. + x-type-name: AWS::EC2::FlowLog + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - DeliverCrossAccountRole + - DeliverLogsPermissionArn + - LogGroupName + - LogDestination + - ResourceId + - TrafficType + - LogDestinationType + - ResourceType + - LogFormat + - MaxAggregationInterval + - DestinationOptions + x-read-only-properties: + - Id + x-required-properties: + - ResourceType + - ResourceId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateFlowLogs + - ec2:DescribeFlowLogs + - ec2:CreateTags + - iam:PassRole + - logs:CreateLogDelivery + - s3:GetBucketPolicy + - s3:PutBucketPolicy + read: + - ec2:DescribeFlowLogs + update: + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeFlowLogs + delete: + - ec2:DeleteFlowLogs + - ec2:DescribeFlowLogs + - logs:DeleteLogDelivery + list: + - ec2:DescribeFlowLogs + GatewayRouteTableAssociation: type: object properties: - hostnameType: - allOf: - - $ref: '#/components/schemas/HostnameType' - - description: 'The type of hostname for EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 only subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID.' - enableResourceNameDnsARecord: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to respond to DNS queries for instance hostnames with DNS A records. - enableResourceNameDnsAAAARecord: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to respond to DNS queries for instance hostname with DNS AAAA records. - description: Describes the options for instance hostnames. - PrivateDnsNameOptionsRequest: + RouteTableId: + description: The ID of the route table. + type: string + GatewayId: + description: The ID of the gateway. + type: string + AssociationId: + description: The route table association ID. + type: string + required: + - RouteTableId + - GatewayId + x-stackql-resource-name: gateway_route_table_association + description: Associates a gateway with a route table. The gateway and route table must be in the same VPC. This association causes the incoming traffic to the gateway to be routed according to the routes in the route table. + x-type-name: AWS::EC2::GatewayRouteTableAssociation + x-stackql-primary-identifier: + - GatewayId + x-create-only-properties: + - GatewayId + x-read-only-properties: + - AssociationId + x-required-properties: + - RouteTableId + - GatewayId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:DescribeRouteTables + - ec2:AssociateRouteTable + read: + - ec2:DescribeRouteTables + update: + - ec2:DescribeRouteTables + - ec2:ReplaceRouteTableAssociation + delete: + - ec2:DescribeRouteTables + - ec2:DisassociateRouteTable + Host: type: object properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. - description: Describes the options for instance hostnames. - ScheduledInstancesPrivateIpAddressConfig: + HostId: + description: ID of the host created. + type: string + AutoPlacement: + description: Indicates whether the host accepts any untargeted instance launches that match its instance type configuration, or if it only accepts Host tenancy instance launches that specify its unique host ID. + type: string + AvailabilityZone: + description: The Availability Zone in which to allocate the Dedicated Host. + type: string + HostRecovery: + description: Indicates whether to enable or disable host recovery for the Dedicated Host. Host recovery is disabled by default. + type: string + InstanceType: + description: Specifies the instance type to be supported by the Dedicated Hosts. If you specify an instance type, the Dedicated Hosts support instances of the specified instance type only. + type: string + InstanceFamily: + description: Specifies the instance family to be supported by the Dedicated Hosts. If you specify an instance family, the Dedicated Hosts support multiple instance types within that instance family. + type: string + OutpostArn: + description: The Amazon Resource Name (ARN) of the Amazon Web Services Outpost on which to allocate the Dedicated Host. + type: string + HostMaintenance: + description: Automatically allocates a new dedicated host and moves your instances on to it if a degradation is detected on your current host. + type: string + AssetId: + description: The ID of the Outpost hardware asset. + type: string + required: + - AvailabilityZone + x-stackql-resource-name: host + description: Resource Type definition for AWS::EC2::Host + x-type-name: AWS::EC2::Host + x-stackql-primary-identifier: + - HostId + x-create-only-properties: + - AvailabilityZone + - InstanceType + - InstanceFamily + - OutpostArn + - AssetId + x-read-only-properties: + - HostId + x-required-properties: + - AvailabilityZone + x-required-permissions: + create: + - ec2:AllocateHosts + - ec2:DescribeHosts + read: + - ec2:DescribeHosts + update: + - ec2:ModifyHosts + - ec2:DescribeHosts + delete: + - ec2:ReleaseHosts + - ec2:DescribeHosts + list: + - ec2:DescribeHosts + LaunchTemplateSpecification: + oneOf: + - required: + - LaunchTemplateName + - Version + - required: + - LaunchTemplateId + - Version + additionalProperties: false type: object properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv4 address. - description: Describes a private IPv4 address for a Scheduled Instance. - PrivateIpAddressConfigSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ScheduledInstancesPrivateIpAddressConfig' - - xml: - name: PrivateIpAddressConfigSet - ProcessorSustainedClockSpeed: - type: number - format: double - ProductCodeValues: - type: string - enum: - - devpay - - marketplace - ProductCode: + LaunchTemplateName: + description: The name of the launch template. You must specify the LaunchTemplateName or the LaunchTemplateId, but not both. + type: string + Version: + description: The version number of the launch template. + type: string + LaunchTemplateId: + description: The ID of the launch template. You must specify the LaunchTemplateName or the LaunchTemplateId, but not both. + type: string + LicenseSpecification: + description: |- + Specifies a license configuration for an instance. + ``LicenseSpecification`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + additionalProperties: false + type: object + properties: + LicenseConfigurationArn: + description: The Amazon Resource Name (ARN) of the license configuration. + type: string + ElasticGpuSpecification: + description: |- + Amazon Elastic Graphics reached end of life on January 8, 2024. For workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, G4dn, or G5 instances. + Specifies a specification for an Elastic GPU for an Amazon EC2 launch template. + ``ElasticGpuSpecification`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + additionalProperties: false type: object properties: - productCode: - allOf: - - $ref: '#/components/schemas/String' - - description: The product code. - type: - allOf: - - $ref: '#/components/schemas/ProductCodeValues' - - description: The type of product code. - description: Describes a product code. - PropagatingVgw: + Type: + description: The type of Elastic Graphics accelerator. For more information about the values to specify for ``Type``, see [Elastic Graphics Basics](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html#elastic-graphics-basics), specifically the Elastic Graphics accelerator column, in the *Amazon Elastic Compute Cloud User Guide for Windows Instances*. + type: string + InstanceIpv6Address: type: object + additionalProperties: false properties: - gatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the virtual private gateway. - description: Describes a virtual private gateway propagating route. - PropagatingVgwList: - type: array - items: - allOf: - - $ref: '#/components/schemas/PropagatingVgw' - - xml: - name: item - ProvisionByoipCidrRequest: - type: object + Ipv6Address: + type: string required: - - Cidr - title: ProvisionByoipCidrRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - PoolTagSpecification: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Reserved. - ProvisionIpamPoolCidrRequest: + - Ipv6Address + NetworkInterface: type: object - required: - - IpamPoolId - title: ProvisionIpamPoolCidrRequest properties: - undefined: - allOf: - - $ref: '#/components/schemas/IpamCidrAuthorizationContext' - - description: A signed document that proves that you are authorized to bring a specified IP address range to Amazon using BYOIP. This option applies to public pools only. - ProvisionPublicIpv4PoolCidrRequest: - type: object + Description: + description: A description for the network interface. + type: string + PrivateIpAddress: + description: 'Assigns a single private IP address to the network interface, which is used as the primary private IP address. If you want to specify multiple private IP address, use the PrivateIpAddresses property. ' + type: string + PrivateIpAddresses: + description: Assigns a list of private IP addresses to the network interface. You can specify a primary private IP address by setting the value of the Primary property to true in the PrivateIpAddressSpecification property. If you want EC2 to automatically assign private IP addresses, use the SecondaryPrivateIpAddressCount property and do not specify this property. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/PrivateIpAddressSpecification' + SecondaryPrivateIpAddressCount: + description: The number of secondary private IPv4 addresses to assign to a network interface. When you specify a number of secondary IPv4 addresses, Amazon EC2 selects these IP addresses within the subnet's IPv4 CIDR range. You can't specify this option and specify more than one private IP address using privateIpAddresses + type: integer + PrimaryPrivateIpAddress: + description: Returns the primary private IP address of the network interface. + type: string + Ipv4Prefixes: + description: 'Assigns a list of IPv4 prefixes to the network interface. If you want EC2 to automatically assign IPv4 prefixes, use the Ipv4PrefixCount property and do not specify this property. Presently, only /28 prefixes are supported. You can''t specify IPv4 prefixes if you''ve specified one of the following: a count of IPv4 prefixes, specific private IPv4 addresses, or a count of private IPv4 addresses.' + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Ipv4PrefixSpecification' + Ipv4PrefixCount: + description: 'The number of IPv4 prefixes to assign to a network interface. When you specify a number of IPv4 prefixes, Amazon EC2 selects these prefixes from your existing subnet CIDR reservations, if available, or from free spaces in the subnet. By default, these will be /28 prefixes. You can''t specify a count of IPv4 prefixes if you''ve specified one of the following: specific IPv4 prefixes, specific private IPv4 addresses, or a count of private IPv4 addresses.' + type: integer + GroupSet: + description: A list of security group IDs associated with this network interface. + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + Ipv6Addresses: + description: One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet to associate with the network interface. If you're specifying a number of IPv6 addresses, use the Ipv6AddressCount property and don't specify this property. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/InstanceIpv6Address' + Ipv6Prefixes: + description: 'Assigns a list of IPv6 prefixes to the network interface. If you want EC2 to automatically assign IPv6 prefixes, use the Ipv6PrefixCount property and do not specify this property. Presently, only /80 prefixes are supported. You can''t specify IPv6 prefixes if you''ve specified one of the following: a count of IPv6 prefixes, specific IPv6 addresses, or a count of IPv6 addresses.' + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Ipv6PrefixSpecification' + Ipv6PrefixCount: + description: 'The number of IPv6 prefixes to assign to a network interface. When you specify a number of IPv6 prefixes, Amazon EC2 selects these prefixes from your existing subnet CIDR reservations, if available, or from free spaces in the subnet. By default, these will be /80 prefixes. You can''t specify a count of IPv6 prefixes if you''ve specified one of the following: specific IPv6 prefixes, specific IPv6 addresses, or a count of IPv6 addresses.' + type: integer + SubnetId: + description: The ID of the subnet to associate with the network interface. + type: string + SourceDestCheck: + description: Indicates whether traffic to or from the instance is validated. + type: boolean + InterfaceType: + description: Indicates the type of network interface. + type: string + SecondaryPrivateIpAddresses: + description: Returns the secondary private IP addresses of the network interface. + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + Ipv6AddressCount: + description: The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. To specify specific IPv6 addresses, use the Ipv6Addresses property and don't specify this property. + type: integer + EnablePrimaryIpv6: + description: >- + If you have instances or ENIs that rely on the IPv6 address not changing, to avoid disrupting traffic to instances or ENIs, you can enable a primary IPv6 address. Enable this option to automatically assign an IPv6 associated with the ENI attached to your instance to be the primary IPv6 address. When you enable an IPv6 address to be a primary IPv6, you cannot disable it. Traffic will be routed to the primary IPv6 address until the instance is terminated or the ENI is detached. If you + have multiple IPv6 addresses associated with an ENI and you enable a primary IPv6 address, the first IPv6 address associated with the ENI becomes the primary IPv6 address. + type: boolean + PrimaryIpv6Address: + description: The primary IPv6 address + type: string + ConnectionTrackingSpecification: + $ref: '#/components/schemas/ConnectionTrackingSpecification' + Id: + description: Network interface id. + type: string + Tags: + description: An arbitrary set of tags (key-value pairs) for this network interface. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + VpcId: + description: The ID of the VPC + type: string required: - - IpamPoolId - - PoolId - - NetmaskLength - title: ProvisionPublicIpv4PoolCidrRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The netmask length of the CIDR you would like to allocate to the public IPv4 pool. - PublicIpv4PoolRange: + - SubnetId + x-stackql-resource-name: network_interface + description: The AWS::EC2::NetworkInterface resource creates network interface + x-type-name: AWS::EC2::NetworkInterface + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - PrivateIpAddress + - InterfaceType + - SubnetId + x-conditional-create-only-properties: + - PrivateIpAddresses + - EnablePrimaryIpv6 + - ConnectionTrackingSpecification + x-read-only-properties: + - Id + - SecondaryPrivateIpAddresses + - PrimaryPrivateIpAddress + - PrimaryIpv6Address + - VpcId + x-required-properties: + - SubnetId + x-taggable: true + x-required-permissions: + create: + - ec2:CreateNetworkInterface + - ec2:DescribeNetworkInterfaces + - ec2:CreateTags + - ec2:ModifyNetworkInterfaceAttribute + delete: + - ec2:DescribeNetworkInterfaces + - ec2:DeleteNetworkInterface + list: + - ec2:DescribeNetworkInterfaces + read: + - ec2:DescribeNetworkInterfaces + update: + - ec2:DescribeNetworkInterfaces + - ec2:ModifyNetworkInterfaceAttribute + - ec2:UnassignIpv6Addresses + - ec2:AssignIpv6Addresses + - ec2:DeleteTags + - ec2:CreateTags + - ec2:UnassignPrivateIpAddresses + - ec2:AssignPrivateIpAddresses + PrivateDnsNameOptions: + description: The hostname type for EC2 instances launched into this subnet and how DNS A and AAAA record queries should be handled. For more information, see [Amazon EC2 instance hostname types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-naming.html) in the *User Guide*. + additionalProperties: false + type: object + properties: + EnableResourceNameDnsARecord: + description: Indicates whether to respond to DNS queries for instance hostnames with DNS A records. + type: boolean + HostnameType: + description: The type of hostname for EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 only subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. For more information, see [Amazon EC2 instance hostname types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-naming.html) in the *User Guide*. + type: string + EnableResourceNameDnsAAAARecord: + description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. + type: boolean + ElasticInferenceAccelerator: + additionalProperties: false type: object properties: - firstAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The first IP address in the range. - lastAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The last IP address in the range. - addressCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of addresses in the range. - availableAddressCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of available addresses in the range. - description: Describes an address range of an IPv4 address pool. - PublicIpv4PoolRangeSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/PublicIpv4PoolRange' - - xml: - name: item - PublicIpv4Pool: + Type: + description: The type of elastic inference accelerator. + type: string + Count: + description: The number of elastic inference accelerators to attach to the instance. + type: integer + minimum: 0 + required: + - Type + AssociationParameter: + additionalProperties: false type: object properties: - poolId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the address pool. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description of the address pool. - poolAddressRangeSet: - allOf: - - $ref: '#/components/schemas/PublicIpv4PoolRangeSet' - - description: The address ranges. - totalAddressCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The total number of addresses. - totalAvailableAddressCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The total number of available addresses. - networkBorderGroup: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the location from which the address pool is advertised. A network border group is a unique set of Availability Zones or Local Zones from where Amazon Web Services advertises public IP addresses. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags for the address pool. - description: Describes an IPv4 address pool. - PublicIpv4PoolIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Ipv4PoolEc2Id' - - xml: - name: item - Purchase: + Value: + uniqueItems: false + description: The value of an input parameter. + x-insertionOrder: false + type: array + items: + type: string + Key: + description: The name of an input parameter that is in the associated SSM document. + type: string + required: + - Value + - Key + SsmAssociation: + additionalProperties: false + type: object + properties: + AssociationParameters: + uniqueItems: false + description: The input parameter values to use with the associated SSM document. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/AssociationParameter' + DocumentName: + description: The name of an SSM document to associate with the instance. + type: string + required: + - DocumentName + PrivateIpAddressSpecification: type: object + additionalProperties: false properties: - currencyCode: - allOf: - - $ref: '#/components/schemas/CurrencyCodeValues' - - description: 'The currency in which the UpfrontPrice and HourlyPrice amounts are specified. At this time, the only supported currency is USD.' - duration: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The duration of the reservation's term in seconds. - hostIdSet: - allOf: - - $ref: '#/components/schemas/ResponseHostIdSet' - - description: The IDs of the Dedicated Hosts associated with the reservation. - hostReservationId: - allOf: - - $ref: '#/components/schemas/HostReservationId' - - description: The ID of the reservation. - hourlyPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The hourly price of the reservation per hour. - instanceFamily: - allOf: - - $ref: '#/components/schemas/String' - - description: The instance family on the Dedicated Host that the reservation can be associated with. - paymentOption: - allOf: - - $ref: '#/components/schemas/PaymentOption' - - description: The payment option for the reservation. - upfrontPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The upfront price of the reservation. - description: Describes the result of the purchase. - PurchaseHostReservationRequest: - type: object + Primary: + type: boolean + PrivateIpAddress: + type: string required: - - HostIdSet - - OfferingId - title: PurchaseHostReservationRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/OfferingId' - - description: The ID of the offering. - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: The tags to apply to the Dedicated Host Reservation during purchase. - PurchaseRequestSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/PurchaseRequest' - - xml: - name: PurchaseRequest - minItems: 1 - PurchaseReservedInstancesOfferingRequest: + - PrivateIpAddress + Volume: type: object - required: - - InstanceCount - - ReservedInstancesOfferingId - title: PurchaseReservedInstancesOfferingRequest properties: - undefined: - allOf: - - $ref: '#/components/schemas/ReservedInstancesOfferingId' - - description: The ID of the Reserved Instance offering to purchase. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - limitPrice: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The time at which to purchase the Reserved Instance, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - description: Contains the parameters for PurchaseReservedInstancesOffering. - PurchaseScheduledInstancesRequest: - type: object + MultiAttachEnabled: + type: boolean + description: |- + Indicates whether Amazon EBS Multi-Attach is enabled. + CFNlong does not currently support updating a single-attach volume to be multi-attach enabled, updating a multi-attach enabled volume to be single-attach, or updating the size or number of I/O operations per second (IOPS) of a multi-attach enabled volume. + KmsKeyId: + type: string + description: |- + The identifier of the kms-key-long to use for Amazon EBS encryption. If ``KmsKeyId`` is specified, the encrypted state must be ``true``. + If you omit this property and your account is enabled for encryption by default, or *Encrypted* is set to ``true``, then the volume is encrypted using the default key specified for your account. If your account does not have a default key, then the volume is encrypted using the aws-managed-key. + Alternatively, if you want to specify a different key, you can specify one of the following: + + Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab. + + Key alias. Specify the alias for the key, prefixed with ``alias/``. For example, for a key with the alias ``my_cmk``, use ``alias/my_cmk``. Or to specify the aws-managed-key, use ``alias/aws/ebs``. + + Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab. + + Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + Encrypted: + type: boolean + description: |- + Indicates whether the volume should be encrypted. The effect of setting the encryption state to ``true`` depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Encryption by default](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default) in the *Amazon Elastic Compute Cloud User Guide*. + Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see [Supported instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances). + Size: + type: integer + description: |- + The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size. + The following are the supported volumes sizes for each volume type: + + ``gp2`` and ``gp3``: 1 - 16,384 GiB + + ``io1``: 4 - 16,384 GiB + + ``io2``: 4 - 65,536 GiB + + ``st1`` and ``sc1``: 125 - 16,384 GiB + + ``standard``: 1 - 1024 GiB + AutoEnableIO: + type: boolean + description: Indicates whether the volume is auto-enabled for I/O operations. By default, Amazon EBS disables I/O to the volume from attached EC2 instances when it determines that a volume's data is potentially inconsistent. If the consistency of the volume is not a concern, and you prefer that the volume be made available immediately if it's impaired, you can configure the volume to automatically enable I/O. + OutpostArn: + type: string + description: The Amazon Resource Name (ARN) of the Outpost. + AvailabilityZone: + type: string + description: The ID of the Availability Zone in which to create the volume. For example, ``us-east-1a``. + Throughput: + type: integer + description: |- + The throughput to provision for a volume, with a maximum of 1,000 MiB/s. + This parameter is valid only for ``gp3`` volumes. The default value is 125. + Valid Range: Minimum value of 125. Maximum value of 1000. + Iops: + type: integer + description: |- + The number of I/O operations per second (IOPS). For ``gp3``, ``io1``, and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. + The following are the supported values for each volume type: + + ``gp3``: 3,000 - 16,000 IOPS + + ``io1``: 100 - 64,000 IOPS + + ``io2``: 100 - 256,000 IOPS + + For ``io2`` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). On other instances, you can achieve performance up to 32,000 IOPS. + This parameter is required for ``io1`` and ``io2`` volumes. The default for ``gp3`` volumes is 3,000 IOPS. This parameter is not supported for ``gp2``, ``st1``, ``sc1``, or ``standard`` volumes. + SnapshotId: + type: string + description: The snapshot from which to create the volume. You must specify either a snapshot ID or a volume size. + VolumeType: + type: string + description: |- + The volume type. This parameter can be one of the following values: + + General Purpose SSD: ``gp2`` | ``gp3`` + + Provisioned IOPS SSD: ``io1`` | ``io2`` + + Throughput Optimized HDD: ``st1`` + + Cold HDD: ``sc1`` + + Magnetic: ``standard`` + + For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the *Amazon Elastic Compute Cloud User Guide*. + Default: ``gp2`` + VolumeId: + type: string + description: '' + Tags: + type: array + uniqueItems: false + description: The tags to apply to the volume during creation. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' required: - - PurchaseRequests - title: PurchaseScheduledInstancesRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - PurchaseRequest: - allOf: - - $ref: '#/components/schemas/PurchaseRequestSet' - - description: The purchase requests. - description: Contains the parameters for PurchaseScheduledInstances. - PurchasedScheduledInstanceSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ScheduledInstance' - - xml: - name: item - ScheduledInstance: + - AvailabilityZone + x-stackql-resource-name: volume + description: |- + Specifies an Amazon Elastic Block Store (Amazon EBS) volume. + When you use CFNlong to update an Amazon EBS volume that modifies ``Iops``, ``Size``, or ``VolumeType``, there is a cooldown period before another operation can occur. This can cause your stack to report being in ``UPDATE_IN_PROGRESS`` or ``UPDATE_ROLLBACK_IN_PROGRESS`` for long periods of time. + Amazon EBS does not support sizing down an Amazon EBS volume. CFNlong does not attempt to modify an Amazon EBS volume to a smaller size on rollback. + Some common scenarios when you might encounter a cooldown period for Amazon EBS include: + + You successfully update an Amazon EBS volume and the update succeeds. When you attempt another update within the cooldown window, that update will be subject to a cooldown period. + + You successfully update an Amazon EBS volume and the update succeeds but another change in your ``update-stack`` call fails. The rollback will be subject to a cooldown period. + + For more information on the coo + x-type-name: AWS::EC2::Volume + x-stackql-primary-identifier: + - VolumeId + x-read-only-properties: + - VolumeId + x-required-properties: + - AvailabilityZone + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateVolume + - ec2:DescribeVolumes + - ec2:DescribeVolumeAttribute + - ec2:ModifyVolumeAttribute + - ec2:CreateTags + - kms:GenerateDataKeyWithoutPlaintext + - kms:CreateGrant + read: + - ec2:DescribeVolumes + - ec2:DescribeVolumeAttribute + - ec2:DescribeTags + update: + - ec2:ModifyVolume + - ec2:ModifyVolumeAttribute + - ec2:DescribeVolumeAttribute + - ec2:DescribeVolumesModifications + - ec2:DescribeVolumes + - ec2:CreateTags + - ec2:DeleteTags + delete: + - ec2:DeleteVolume + - ec2:CreateSnapshot + - ec2:DescribeSnapshots + - ec2:DeleteTags + - ec2:DescribeVolumes + list: + - ec2:DescribeVolumes + - ec2:DescribeTags + - ec2:DescribeVolumeAttribute + Ebs: + description: |- + Parameters for a block device for an EBS volume in an Amazon EC2 launch template. + ``Ebs`` is a property of [AWS::EC2::LaunchTemplate BlockDeviceMapping](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-blockdevicemapping.html). + additionalProperties: false type: object properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone. - createDate: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The date when the Scheduled Instance was purchased. - hourlyPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The hourly price for a single instance. - instanceCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of instances. - instanceType: - allOf: - - $ref: '#/components/schemas/String' - - description: The instance type. - networkPlatform: - allOf: - - $ref: '#/components/schemas/String' - - description: The network platform (EC2-Classic or EC2-VPC). - nextSlotStartTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time for the next schedule to start. - platform: - allOf: - - $ref: '#/components/schemas/String' - - description: The platform (Linux/UNIX or Windows). - previousSlotEndTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time that the previous schedule ended or will end. - recurrence: - allOf: - - $ref: '#/components/schemas/ScheduledInstanceRecurrence' - - description: The schedule recurrence. - scheduledInstanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Scheduled Instance ID. - slotDurationInHours: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of hours in the schedule. - termEndDate: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The end date for the Scheduled Instance. - termStartDate: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The start date for the Scheduled Instance. - totalScheduledInstanceHours: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The total number of hours for a single instance for the entire term. - description: Describes a Scheduled Instance. - ReasonCodesList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReportInstanceReasonCodes' - - xml: - name: item - RebootInstancesRequest: + SnapshotId: + description: The ID of the snapshot. + type: string + VolumeType: + description: The volume type. For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html) in the *Amazon EBS User Guide*. + type: string + KmsKeyId: + description: The ARN of the symmetric KMSlong (KMS) CMK used for encryption. + type: string + Encrypted: + description: Indicates whether the EBS volume is encrypted. Encrypted volumes can only be attached to instances that support Amazon EBS encryption. If you are creating a volume from a snapshot, you can't specify an encryption value. + type: boolean + Throughput: + description: |- + The throughput to provision for a ``gp3`` volume, with a maximum of 1,000 MiB/s. + Valid Range: Minimum value of 125. Maximum value of 1000. + type: integer + Iops: + description: |- + The number of I/O operations per second (IOPS). For ``gp3``, ``io1``, and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. + The following are the supported values for each volume type: + + ``gp3``: 3,000 - 16,000 IOPS + + ``io1``: 100 - 64,000 IOPS + + ``io2``: 100 - 256,000 IOPS + + For ``io2`` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). On other instances, you can achieve performance up to 32,000 IOPS. + This parameter is supported for ``io1``, ``io2``, and ``gp3`` volumes only. + type: integer + VolumeSize: + description: |- + The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. The following are the supported volumes sizes for each volume type: + + ``gp2`` and ``gp3``: 1 - 16,384 GiB + + ``io1``: 4 - 16,384 GiB + + ``io2``: 4 - 65,536 GiB + + ``st1`` and ``sc1``: 125 - 16,384 GiB + + ``standard``: 1 - 1024 GiB + type: integer + DeleteOnTermination: + description: Indicates whether the EBS volume is deleted on instance termination. + type: boolean + BlockDeviceMapping: type: object + additionalProperties: false + properties: + DeviceName: + type: string + Ebs: + $ref: '#/components/schemas/EbsBlockDevice' + NoDevice: + type: string + VirtualName: + type: string required: - - InstanceIds - title: RebootInstancesRequest + - DeviceName + Instance: + type: object properties: + Tenancy: + description: The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. + type: string + SecurityGroups: + uniqueItems: false + description: the names of the security groups. For a nondefault VPC, you must use security group IDs instead. + x-insertionOrder: false + type: array + items: + type: string + PrivateDnsName: + description: 'The private DNS name of the specified instance. For example: ip-10-24-34-0.ec2.internal.' + type: string + PrivateIpAddress: + description: '[EC2-VPC] The primary IPv4 address. You must specify a value from the IPv4 address range of the subnet.' + type: string + UserData: + description: The user data to make available to the instance. + type: string + BlockDeviceMappings: + uniqueItems: false + description: The block device mapping entries that defines the block devices to attach to the instance at launch. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/BlockDeviceMapping' + IamInstanceProfile: + description: The IAM instance profile. + type: string + Ipv6Addresses: + uniqueItems: false + description: '[EC2-VPC] The IPv6 addresses from the range of the subnet to associate with the primary network interface.' + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/InstanceIpv6Address' + KernelId: + description: The ID of the kernel. + type: string + SubnetId: + description: |+ + [EC2-VPC] The ID of the subnet to launch the instance into. + + type: string + EbsOptimized: + description: Indicates whether the instance is optimized for Amazon EBS I/O. + type: boolean + PropagateTagsToVolumeOnCreation: + description: Indicates whether to assign the tags from the instance to all of the volumes attached to the instance at launch. If you specify true and you assign tags to the instance, those tags are automatically assigned to all of the volumes that you attach to the instance at launch. If you specify false, those tags are not assigned to the attached volumes. + type: boolean + ElasticGpuSpecifications: + uniqueItems: false + description: An elastic GPU to associate with the instance. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ElasticGpuSpecification' + ElasticInferenceAccelerators: + uniqueItems: false + description: An elastic inference accelerator to associate with the instance. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ElasticInferenceAccelerator' + Volumes: + uniqueItems: false + description: The volumes to attach to the instance. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Volume' + PrivateIp: + description: 'The private IP address of the specified instance. For example: 10.24.34.0.' + type: string + Ipv6AddressCount: + description: '[EC2-VPC] The number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet.' + type: integer + LaunchTemplate: + description: The launch template to use to launch the instances. + type: object + $ref: '#/components/schemas/LaunchTemplateSpecification' + EnclaveOptions: + description: Indicates whether the instance is enabled for AWS Nitro Enclaves. + additionalProperties: false + type: object + properties: + Enabled: + description: If this parameter is set to true, the instance is enabled for AWS Nitro Enclaves; otherwise, it is not enabled for AWS Nitro Enclaves. + type: boolean + NetworkInterfaces: + uniqueItems: false + description: The network interfaces to associate with the instance. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/NetworkInterface' + ImageId: + description: The ID of the AMI. An AMI ID is required to launch an instance and must be specified here or in a launch template. + type: string + InstanceType: + description: The instance type. + type: string + Monitoring: + description: Specifies whether detailed monitoring is enabled for the instance. + type: boolean + Tags: + uniqueItems: false + description: The tags to add to the instance. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + AdditionalInfo: + description: 'This property is reserved for internal use. If you use it, the stack fails with this error: Bad property set: [Testing this property] (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 0XXXXXX-49c7-4b40-8bcc-76885dcXXXXX).' + type: string + HibernationOptions: + description: Indicates whether an instance is enabled for hibernation. + additionalProperties: false + type: object + properties: + Configured: + default: false + description: If you set this parameter to true, your instance is enabled for hibernation. + type: boolean + LicenseSpecifications: + uniqueItems: false + description: The license configurations. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/LicenseSpecification' InstanceId: - allOf: - - $ref: '#/components/schemas/InstanceIdStringList' - - description: The instance IDs. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - RecurringChargeFrequency: + description: The EC2 Instance ID. + type: string + PublicIp: + description: 'The public IP address of the specified instance. For example: 192.0.2.0.' + type: string + InstanceInitiatedShutdownBehavior: + description: Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). + type: string + CpuOptions: + description: The CPU options for the instance. + additionalProperties: false + type: object + properties: + ThreadsPerCore: + type: integer + CoreCount: + type: integer + AvailabilityZone: + description: The Availability Zone of the instance. + type: string + PrivateDnsNameOptions: + description: The options for the instance hostname. + type: object + $ref: '#/components/schemas/PrivateDnsNameOptions' + HostId: + description: If you specify host for the Affinity property, the ID of a dedicated host that the instance is associated with. If you don't specify an ID, Amazon EC2 launches the instance onto any available, compatible dedicated host in your account. + type: string + HostResourceGroupArn: + description: The ARN of the host resource group in which to launch the instances. If you specify a host resource group ARN, omit the Tenancy parameter or set it to host. + type: string + PublicDnsName: + description: 'The public DNS name of the specified instance. For example: ec2-107-20-50-45.compute-1.amazonaws.com.' + type: string + SecurityGroupIds: + uniqueItems: false + description: The IDs of the security groups. + x-insertionOrder: false + type: array + items: + type: string + DisableApiTermination: + description: If you set this parameter to true, you can't terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. + type: boolean + KeyName: + description: The name of the key pair. + type: string + RamdiskId: + description: The ID of the RAM disk to select. + type: string + SourceDestCheck: + description: Specifies whether to enable an instance launched in a VPC to perform NAT. + type: boolean + PlacementGroupName: + description: The name of an existing placement group that you want to launch the instance into (cluster | partition | spread). + type: string + SsmAssociations: + uniqueItems: false + description: The SSM document and parameter values in AWS Systems Manager to associate with this instance. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/SsmAssociation' + VpcId: + description: The ID of the VPC that the instance is running in. + type: string + Affinity: + description: Indicates whether the instance is associated with a dedicated host. If you want the instance to always restart on the same host on which it was launched, specify host. If you want the instance to restart on any available host, but try to launch onto the last host it ran on (on a best-effort basis), specify default. + type: string + enum: + - default + - host + CreditSpecification: + description: The credit option for CPU usage of the burstable performance instance. Valid values are standard and unlimited. + additionalProperties: false + type: object + properties: + CPUCredits: + type: string + x-stackql-resource-name: instance + description: Resource Type definition for AWS::EC2::Instance + x-type-name: AWS::EC2::Instance + x-stackql-primary-identifier: + - InstanceId + x-create-only-properties: + - AvailabilityZone + - CpuOptions + - ElasticGpuSpecifications + - ElasticInferenceAccelerators + - EnclaveOptions + - HibernationOptions + - HostResourceGroupArn + - ImageId + - Ipv6AddressCount + - Ipv6Addresses + - KeyName + - LaunchTemplate + - LicenseSpecifications + - NetworkInterfaces + - PlacementGroupName + - PrivateIpAddress + - SecurityGroups + - SubnetId + x-conditional-create-only-properties: + - AdditionalInfo + - Affinity + - EbsOptimized + - HostId + - InstanceType + - KernelId + - PrivateDnsNameOptions + - RamdiskId + - SecurityGroupIds + - Tenancy + - UserData + - BlockDeviceMappings + x-write-only-properties: + - BlockDeviceMappings/*/BlockDeviceMapping/NoDevice + - BlockDeviceMappings/*/BlockDeviceMapping/VirtualName + - LicenseSpecification + - AdditionalInfo + - Ipv6AddressCount + - Ipv6Addresses + - PropagateTagsToVolumeOnCreation + x-read-only-properties: + - InstanceId + - PrivateIp + - PublicDnsName + - PublicIp + - PrivateDnsName + - VpcId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: true + x-required-permissions: + read: + - ec2:DescribeElasticGpus + - ec2:DescribeNetworkInterfaces + - ec2:DescribeVolumes + - ec2:DescribeInstances + - ec2:DescribeInstanceAttribute + - ec2:DescribeInstanceCreditSpecifications + - ec2:DescribeLaunchTemplates + - elastic-inference:DescribeAccelerators + - ssm:DescribeAssociation + - ssm:ListAssociations + create: + - iam:PassRole + - ec2:ModifyPrivateDnsNameOptions + - ec2:DescribeElasticGpus + - ec2:DescribeNetworkInterfaces + - ec2:DescribeVolumes + - ec2:RunInstances + - ec2:AssociateIamInstanceProfile + - ec2:DescribeIamInstanceProfileAssociations + - ec2:DescribeInstances + - ec2:DescribeSubnets + - ec2:DescribeKeyPairs + - ec2:DescribeSecurityGroups + - ec2:DescribeVpcs + - ec2:DescribeInstanceAttribute + - ec2:DescribeInstanceCreditSpecifications + - ec2:DescribeLaunchTemplates + - ec2:DescribeLaunchTemplateVersions + - ec2:DetachVolume + - ec2:DisassociateIamInstanceProfile + - ec2:ModifyInstanceAttribute + - ec2:ModifyInstanceCreditSpecification + - ec2:ModifyInstancePlacement + - ec2:MonitorInstances + - ec2:AttachVolume + - ec2:CreateTags + - ec2:ReplaceIamInstanceProfileAssociation + - ec2:StartInstances + - elastic-inference:DescribeAccelerators + - ssm:CreateAssociation + - ssm:DescribeAssociation + - ssm:ListAssociations + update: + - ec2:DescribeElasticGpus + - ec2:ModifyPrivateDnsNameOptions + - ec2:DescribeNetworkInterfaces + - ec2:AssociateIamInstanceProfile + - ec2:DescribeIamInstanceProfileAssociations + - ec2:DescribeInstances + - ec2:DescribeSubnets + - ec2:DescribeKeyPairs + - ec2:DescribeSecurityGroups + - ec2:DescribeVpcs + - ec2:DescribeInstanceAttribute + - ec2:DescribeInstanceCreditSpecifications + - ec2:DescribeLaunchTemplates + - ec2:DetachVolume + - ec2:DisassociateIamInstanceProfile + - ec2:ModifyInstanceAttribute + - ec2:ModifyInstanceCreditSpecification + - ec2:ModifyInstanceMaintenanceOptions + - ec2:ModifyInstancePlacement + - ec2:MonitorInstances + - ec2:AttachVolume + - ec2:CreateTags + - ec2:DeleteTags + - ec2:ReplaceIamInstanceProfileAssociation + - ec2:StartInstances + - ec2:StopInstances + - ec2:UnmonitorInstances + - elastic-inference:DescribeAccelerators + - ssm:CreateAssociation + - ssm:DeleteAssociation + - ssm:DescribeAssociation + - ssm:ListAssociations + list: + - ec2:DescribeInstances + delete: + - ec2:DescribeInstances + - ec2:TerminateInstances + - ec2:DescribeElasticGpus + - ec2:DescribeNetworkInterfaces + - ec2:DescribeVolumes + - ec2:DescribeInstances + - ec2:DescribeInstanceAttribute + - ec2:DescribeInstanceCreditSpecifications + - ec2:DescribeLaunchTemplates + - elastic-inference:DescribeAccelerators + - ssm:DescribeAssociation + - ssm:ListAssociations + SecurityGroupId: + description: The ID of a security group for the endpoint. type: string - enum: - - Hourly - RecurringCharge: - type: object - properties: - amount: - allOf: - - $ref: '#/components/schemas/Double' - - description: The amount of the recurring charge. - frequency: - allOf: - - $ref: '#/components/schemas/RecurringChargeFrequency' - - description: The frequency of the recurring charge. - description: Describes a recurring charge. - RecurringChargesList: - type: array - items: - allOf: - - $ref: '#/components/schemas/RecurringCharge' - - xml: - name: item - ReferencedSecurityGroup: - type: object - properties: - groupId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the security group. - peeringStatus: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The status of a VPC peering connection, if applicable.' - userId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - vpcPeeringConnectionId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC peering connection. - description: ' Describes the security group that is referenced in the security group rule.' - Region: + InstanceConnectEndpoint: type: object properties: - regionEndpoint: - allOf: - - $ref: '#/components/schemas/String' - - description: The Region service endpoint. - regionName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the Region. - optInStatus: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The Region opt-in status. The possible values are opt-in-not-required, opted-in, and not-opted-in.' - description: Describes a Region. - RegionNames: - type: array - items: - $ref: '#/components/schemas/String' - minItems: 0 - maxItems: 10 - StringType: - type: string - minLength: 0 - maxLength: 64000 - RegisterImageRequest: - type: object + Id: + description: The id of the instance connect endpoint + type: string + SubnetId: + description: The subnet id of the instance connect endpoint + type: string + ClientToken: + description: The client token of the instance connect endpoint. + type: string + PreserveClientIp: + description: If true, the address of the instance connect endpoint client is preserved when connecting to the end resource + type: boolean + Tags: + description: The tags of the instance connect endpoint. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + SecurityGroupIds: + description: The security group IDs of the instance connect endpoint. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/SecurityGroupId' required: - - Name - title: RegisterImageRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The full path to your AMI manifest in Amazon S3 storage. The specified bucket must have the aws-exec-read canned access control list (ACL) to ensure that it can be accessed by Amazon EC2. For more information, see Canned ACLs in the Amazon S3 Service Developer Guide.' - architecture: - allOf: - - $ref: '#/components/schemas/ArchitectureValues' - - description: '

The architecture of the AMI.

Default: For Amazon EBS-backed AMIs, i386. For instance store-backed AMIs, the architecture specified in the manifest file.

' - BlockDeviceMapping: - allOf: - - $ref: '#/components/schemas/BlockDeviceMappingRequestList' - - description: '

The block device mapping entries.

If you specify an Amazon EBS volume using the ID of an Amazon EBS snapshot, you can''t specify the encryption state of the volume.

If you create an AMI on an Outpost, then all backing snapshots must be on the same Outpost or in the Region of that Outpost. AMIs on an Outpost that include local snapshots can be used to launch instances on the same Outpost only. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.

' - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description for your AMI. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - enaSupport: - allOf: - - $ref: '#/components/schemas/Boolean' - - description:

Set to true to enable enhanced networking with ENA for the AMI and any instances that you launch from the AMI.

This option is supported only for HVM AMIs. Specifying this option with a PV AMI can make instances launched from the AMI unreachable.

- kernelId: - allOf: - - $ref: '#/components/schemas/KernelId' - - description: The ID of the kernel. - name: - allOf: - - $ref: '#/components/schemas/String' - - description: '

A name for your AMI.

Constraints: 3-128 alphanumeric characters, parentheses (()), square brackets ([]), spaces ( ), periods (.), slashes (/), dashes (-), single quotes (''), at-signs (@), or underscores(_)

' - BillingProduct: - allOf: - - $ref: '#/components/schemas/BillingProductList' - - description: 'The billing product codes. Your account must be authorized to specify billing product codes. Otherwise, you can use the Amazon Web Services Marketplace to bill for the use of an AMI.' - ramdiskId: - allOf: - - $ref: '#/components/schemas/RamdiskId' - - description: The ID of the RAM disk. - rootDeviceName: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The device name of the root device volume (for example, /dev/sda1).' - sriovNetSupport: - allOf: - - $ref: '#/components/schemas/String' - - description:

Set to simple to enable enhanced networking with the Intel 82599 Virtual Function interface for the AMI and any instances that you launch from the AMI.

There is no way to disable sriovNetSupport at this time.

This option is supported only for HVM AMIs. Specifying this option with a PV AMI can make instances launched from the AMI unreachable.

- virtualizationType: - allOf: - - $ref: '#/components/schemas/StringType' - - description: 'Base64 representation of the non-volatile UEFI variable store. To retrieve the UEFI data, use the GetInstanceUefiData command. You can inspect and modify the UEFI data by using the python-uefivars tool on GitHub. For more information, see UEFI Secure Boot in the Amazon Elastic Compute Cloud User Guide.' - description: Contains the parameters for RegisterImage. - RegisterInstanceTagAttributeRequest: + - SubnetId + x-stackql-resource-name: instance_connect_endpoint + description: Resource Type definition for AWS::EC2::InstanceConnectEndpoint + x-type-name: AWS::EC2::InstanceConnectEndpoint + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - SubnetId + - ClientToken + - PreserveClientIp + - SecurityGroupIds + x-write-only-properties: + - ClientToken + x-read-only-properties: + - Id + x-required-properties: + - SubnetId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateInstanceConnectEndpoint + - ec2:DescribeInstanceConnectEndpoints + - ec2:CreateTags + - ec2:CreateNetworkInterface + - iam:CreateServiceLinkedRole + read: + - ec2:DescribeInstanceConnectEndpoints + update: + - ec2:DescribeInstanceConnectEndpoints + - ec2:CreateTags + - ec2:DeleteTags + delete: + - ec2:DeleteInstanceConnectEndpoint + - ec2:DescribeInstanceConnectEndpoints + list: + - ec2:DescribeInstanceConnectEndpoints + InternetGateway: type: object properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether to register all tag keys in the current Region. Specify true to register all tag keys. - InstanceTagKey: - allOf: - - $ref: '#/components/schemas/InstanceTagKeySet' - - description: The tag keys to register. - description: Information about the tag keys to register for the current Region. You can either specify individual tag keys or register all tag keys in the current Region. You must specify either IncludeAllTagsOfInstance or InstanceTagKeys in the request - RegisterInstanceEventNotificationAttributesRequest: + InternetGatewayId: + description: '' + type: string + Tags: + description: Any tags to assign to the internet gateway. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: internet_gateway + description: Allocates an internet gateway for use with a VPC. After creating the Internet gateway, you then attach it to a VPC. + x-type-name: AWS::EC2::InternetGateway + x-stackql-primary-identifier: + - InternetGatewayId + x-read-only-properties: + - InternetGatewayId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateInternetGateway + - ec2:CreateTags + - ec2:DescribeInternetGateways + read: + - ec2:DescribeInternetGateways + delete: + - ec2:DeleteInternetGateway + - ec2:DescribeInternetGateways + update: + - ec2:DeleteTags + - ec2:CreateTags + - ec2:DescribeInternetGateways + list: + - ec2:DescribeInternetGateways + IpamOperatingRegion: + description: The regions IPAM Resource Discovery is enabled for. Allows for monitoring. type: object - title: RegisterInstanceEventNotificationAttributesRequest properties: - undefined: - allOf: - - $ref: '#/components/schemas/RegisterInstanceTagAttributeRequest' - - description: Information about the tag keys to register. - RegisterTransitGatewayMulticastGroupMembersRequest: + RegionName: + type: string + description: The name of the region. + required: + - RegionName + additionalProperties: false + IPAM: type: object - title: RegisterTransitGatewayMulticastGroupMembersRequest properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayMulticastRegisteredGroupMembers: + IpamId: + description: Id of the IPAM. + type: string + Arn: + description: The Amazon Resource Name (ARN) of the IPAM. + type: string + DefaultResourceDiscoveryId: + description: The Id of the default resource discovery, created with this IPAM. + type: string + DefaultResourceDiscoveryAssociationId: + description: The Id of the default association to the default resource discovery, created with this IPAM. + type: string + ResourceDiscoveryAssociationCount: + description: The count of resource discoveries associated with this IPAM. + type: integer + Description: + type: string + PublicDefaultScopeId: + description: The Id of the default scope for publicly routable IP space, created with this IPAM. + type: string + maxLength: 255 + PrivateDefaultScopeId: + description: The Id of the default scope for publicly routable IP space, created with this IPAM. + type: string + ScopeCount: + description: The number of scopes that currently exist in this IPAM. + type: integer + OperatingRegions: + description: The regions IPAM is enabled for. Allows pools to be created in these regions, as well as enabling monitoring + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/IpamOperatingRegion' + Tier: + description: The tier of the IPAM. + type: string + enum: + - free + - advanced + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: [] + x-stackql-resource-name: ipam + description: Resource Schema of AWS::EC2::IPAM Type + x-type-name: AWS::EC2::IPAM + x-stackql-primary-identifier: + - IpamId + x-read-only-properties: + - IpamId + - Arn + - PublicDefaultScopeId + - PrivateDefaultScopeId + - ScopeCount + - ResourceDiscoveryAssociationCount + - DefaultResourceDiscoveryId + - DefaultResourceDiscoveryAssociationId + x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateIpam + - iam:CreateServiceLinkedRole + - ec2:CreateTags + - ec2:DescribeIpams + read: + - ec2:DescribeIpams + update: + - ec2:ModifyIpam + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeIpams + delete: + - ec2:DeleteIpam + - ec2:DeleteTags + - ec2:DescribeIpams + list: + - ec2:DescribeIpams + Cidr: + description: Represents a single IPv4 or IPv6 CIDR + type: string + IPAMAllocation: type: object properties: - transitGatewayMulticastDomainId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway multicast domain. - registeredNetworkInterfaceIds: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The ID of the registered network interfaces. - groupIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The IP address assigned to the transit gateway multicast group. - description: Describes the registered transit gateway multicast group members. - RegisterTransitGatewayMulticastGroupSourcesRequest: + IpamPoolAllocationId: + description: Id of the allocation. + type: string + IpamPoolId: + description: Id of the IPAM Pool. + type: string + Cidr: + $ref: '#/components/schemas/Cidr' + NetmaskLength: + description: The desired netmask length of the allocation. If set, IPAM will choose a block of free space with this size and return the CIDR representing it. + type: integer + Description: + type: string + required: + - IpamPoolId + x-stackql-resource-name: ipam_allocation + description: Resource Schema of AWS::EC2::IPAMAllocation Type + x-type-name: AWS::EC2::IPAMAllocation + x-stackql-primary-identifier: + - IpamPoolId + - IpamPoolAllocationId + - Cidr + x-create-only-properties: + - IpamPoolId + - Cidr + - Description + - NetmaskLength + x-write-only-properties: + - NetmaskLength + x-read-only-properties: + - IpamPoolAllocationId + x-required-properties: + - IpamPoolId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:AllocateIpamPoolCidr + - ec2:GetIpamPoolAllocations + read: + - ec2:GetIpamPoolAllocations + delete: + - ec2:ReleaseIpamPoolAllocation + list: + - ec2:GetIpamPoolAllocations + ProvisionedCidr: + description: An address space to be inserted into this pool. All allocations must be made from this address space. type: object - title: RegisterTransitGatewayMulticastGroupSourcesRequest properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayMulticastRegisteredGroupSources: + Cidr: + $ref: '#/components/schemas/Cidr' + required: + - Cidr + additionalProperties: false + SourceResource: + description: The resource associated with this pool's space. Depending on the ResourceType, setting a SourceResource changes which space can be provisioned in this pool and which types of resources can receive allocations type: object properties: - transitGatewayMulticastDomainId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway multicast domain. - registeredNetworkInterfaceIds: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The IDs of the network interfaces members registered with the transit gateway multicast group. - groupIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The IP address assigned to the transit gateway multicast group. - description: Describes the members registered with the transit gateway multicast group. - RejectTransitGatewayMulticastDomainAssociationsRequest: + ResourceId: + type: string + ResourceType: + type: string + ResourceRegion: + type: string + ResourceOwner: + type: string + required: + - ResourceId + - ResourceType + - ResourceRegion + - ResourceOwner + additionalProperties: false + IPAMPool: type: object - title: RejectTransitGatewayMulticastDomainAssociationsRequest properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - RejectTransitGatewayPeeringAttachmentRequest: - type: object + IpamPoolId: + description: Id of the IPAM Pool. + type: string + AddressFamily: + description: The address family of the address space in this pool. Either IPv4 or IPv6. + type: string + AllocationMinNetmaskLength: + description: The minimum allowed netmask length for allocations made from this pool. + type: integer + AllocationDefaultNetmaskLength: + description: The default netmask length for allocations made from this pool. This value is used when the netmask length of an allocation isn't specified. + type: integer + AllocationMaxNetmaskLength: + description: The maximum allowed netmask length for allocations made from this pool. + type: integer + AllocationResourceTags: + description: When specified, an allocation will not be allowed unless a resource has a matching set of tags. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Arn: + description: The Amazon Resource Name (ARN) of the IPAM Pool. + type: string + AutoImport: + description: Determines what to do if IPAM discovers resources that haven't been assigned an allocation. If set to true, an allocation will be made automatically. + type: boolean + AwsService: + description: Limits which service in Amazon Web Services that the pool can be used in. + type: string + enum: + - ec2 + Description: + type: string + IpamScopeId: + description: The Id of the scope this pool is a part of. + type: string + IpamScopeArn: + description: The Amazon Resource Name (ARN) of the scope this pool is a part of. + type: string + IpamScopeType: + description: Determines whether this scope contains publicly routable space or space for a private network + type: string + enum: + - public + - private + IpamArn: + description: The Amazon Resource Name (ARN) of the IPAM this pool is a part of. + type: string + Locale: + description: The region of this pool. If not set, this will default to "None" which will disable non-custom allocations. If the locale has been specified for the source pool, this value must match. + type: string + PoolDepth: + description: The depth of this pool in the source pool hierarchy. + type: integer + ProvisionedCidrs: + description: A list of cidrs representing the address space available for allocation in this pool. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/ProvisionedCidr' + PublicIpSource: + description: The IP address source for pools in the public scope. Only used for provisioning IP address CIDRs to pools in the public scope. Default is `byoip`. + type: string + enum: + - byoip + - amazon + PubliclyAdvertisable: + description: Determines whether or not address space from this pool is publicly advertised. Must be set if and only if the pool is IPv6. + type: boolean + SourceIpamPoolId: + description: The Id of this pool's source. If set, all space provisioned in this pool must be free space provisioned in the parent pool. + type: string + SourceResource: + $ref: '#/components/schemas/SourceResource' + State: + description: 'The state of this pool. This can be one of the following values: "create-in-progress", "create-complete", "modify-in-progress", "modify-complete", "delete-in-progress", or "delete-complete"' + type: string + enum: + - create-in-progress + - create-complete + - modify-in-progress + - modify-complete + - delete-in-progress + - delete-complete + StateMessage: + description: An explanation of how the pool arrived at it current state. + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' required: - - TransitGatewayAttachmentId - title: RejectTransitGatewayPeeringAttachmentRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - RejectTransitGatewayVpcAttachmentRequest: - type: object + - IpamScopeId + - AddressFamily + x-stackql-resource-name: ipam_pool + description: Resource Schema of AWS::EC2::IPAMPool Type + x-type-name: AWS::EC2::IPAMPool + x-stackql-primary-identifier: + - IpamPoolId + x-create-only-properties: + - IpamScopeId + - SourceIpamPoolId + - Locale + - AddressFamily + - PubliclyAdvertisable + - PublicIpSource + - AwsService + - SourceResource + x-read-only-properties: + - IpamPoolId + - Arn + - IpamScopeArn + - IpamScopeType + - IpamArn + - PoolDepth + - State + - StateMessage + x-required-properties: + - IpamScopeId + - AddressFamily + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateIpamPool + - ec2:DescribeIpamPools + - ec2:ProvisionIpamPoolCidr + - ec2:GetIpamPoolCidrs + - ec2:CreateTags + read: + - ec2:DescribeIpamPools + - ec2:GetIpamPoolCidrs + update: + - ec2:ModifyIpamPool + - ec2:DescribeIpamPools + - ec2:GetIpamPoolCidrs + - ec2:ProvisionIpamPoolCidr + - ec2:DeprovisionIpamPoolCidr + - ec2:CreateTags + - ec2:DeleteTags + delete: + - ec2:DeleteIpamPool + - ec2:DescribeIpamPools + - ec2:GetIpamPoolCidrs + - ec2:DeprovisionIpamPoolCidr + - ec2:DeleteTags + list: + - ec2:DescribeIpamPools + IPAMPoolCidr: + type: object + properties: + IpamPoolCidrId: + description: Id of the IPAM Pool Cidr. + type: string + IpamPoolId: + description: Id of the IPAM Pool. + type: string + Cidr: + description: Represents a single IPv4 or IPv6 CIDR + type: string + NetmaskLength: + description: The desired netmask length of the provision. If set, IPAM will choose a block of free space with this size and return the CIDR representing it. + type: integer + State: + description: Provisioned state of the cidr. + type: string required: - - TransitGatewayAttachmentId - title: RejectTransitGatewayVpcAttachmentRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - RejectVpcEndpointConnectionsRequest: - type: object + - IpamPoolId + x-stackql-resource-name: ipam_pool_cidr + description: Resource Schema of AWS::EC2::IPAMPoolCidr Type + x-type-name: AWS::EC2::IPAMPoolCidr + x-stackql-primary-identifier: + - IpamPoolId + - IpamPoolCidrId + x-create-only-properties: + - IpamPoolId + - Cidr + - NetmaskLength + x-read-only-properties: + - IpamPoolCidrId + - State + x-required-properties: + - IpamPoolId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:ProvisionIpamPoolCidr + - ec2:GetIpamPoolCidrs + read: + - ec2:GetIpamPoolCidrs + delete: + - ec2:DeprovisionIpamPoolCidr + - ec2:GetIpamPoolCidrs + list: + - ec2:GetIpamPoolCidrs + IPAMResourceDiscovery: + type: object + properties: + IpamResourceDiscoveryId: + description: Id of the IPAM Pool. + type: string + OwnerId: + description: Owner Account ID of the Resource Discovery + type: string + OperatingRegions: + description: The regions Resource Discovery is enabled for. Allows resource discoveries to be created in these regions, as well as enabling monitoring + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/IpamOperatingRegion' + IpamResourceDiscoveryRegion: + description: 'The region the resource discovery is setup in. ' + type: string + Description: + type: string + IsDefault: + description: Determines whether or not address space from this pool is publicly advertised. Must be set if and only if the pool is IPv6. + type: boolean + IpamResourceDiscoveryArn: + description: Amazon Resource Name (Arn) for the Resource Discovery. + type: string + State: + description: The state of this Resource Discovery. + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: [] + x-stackql-resource-name: ipam_resource_discovery + description: Resource Schema of AWS::EC2::IPAMResourceDiscovery Type + x-type-name: AWS::EC2::IPAMResourceDiscovery + x-stackql-primary-identifier: + - IpamResourceDiscoveryId + x-read-only-properties: + - IpamResourceDiscoveryId + - IpamResourceDiscoveryArn + - OwnerId + - IpamResourceDiscoveryRegion + - IsDefault + - State + x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateIpamResourceDiscovery + - ec2:DescribeIpamResourceDiscoveries + - ec2:CreateTags + read: + - ec2:DescribeIpamResourceDiscoveries + update: + - ec2:ModifyIpamResourceDiscovery + - ec2:DescribeIpamResourceDiscoveries + - ec2:CreateTags + - ec2:DeleteTags + delete: + - ec2:DeleteIpamResourceDiscovery + - ec2:DescribeIpamResourceDiscoveries + - ec2:DeleteTags + list: + - ec2:DescribeIpamResourceDiscoveries + IPAMResourceDiscoveryAssociation: + type: object + properties: + IpamArn: + description: Arn of the IPAM. + type: string + IpamRegion: + description: The home region of the IPAM. + type: string + IpamResourceDiscoveryAssociationId: + description: Id of the IPAM Resource Discovery Association. + type: string + IpamResourceDiscoveryId: + description: The Amazon Resource Name (ARN) of the IPAM Resource Discovery Association. + type: string + IpamId: + description: The Id of the IPAM this Resource Discovery is associated to. + type: string + IpamResourceDiscoveryAssociationArn: + description: The Amazon Resource Name (ARN) of the resource discovery association is a part of. + type: string + IsDefault: + description: If the Resource Discovery Association exists due as part of CreateIpam. + type: boolean + OwnerId: + description: The AWS Account ID for the account where the shared IPAM exists. + type: string + State: + description: The operational state of the Resource Discovery Association. Related to Create/Delete activities. + type: string + ResourceDiscoveryStatus: + description: The status of the resource discovery. + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' required: - - ServiceId - - VpcEndpointIds - title: RejectVpcEndpointConnectionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpcEndpointServiceId' - - description: The ID of the service. - VpcEndpointId: - allOf: - - $ref: '#/components/schemas/VpcEndpointIdList' - - description: The IDs of one or more VPC endpoints. - RejectVpcPeeringConnectionRequest: + - IpamId + - IpamResourceDiscoveryId + x-stackql-resource-name: ipam_resource_discovery_association + description: Resource Schema of AWS::EC2::IPAMResourceDiscoveryAssociation Type + x-type-name: AWS::EC2::IPAMResourceDiscoveryAssociation + x-stackql-primary-identifier: + - IpamResourceDiscoveryAssociationId + x-create-only-properties: + - IpamId + - IpamResourceDiscoveryId + x-read-only-properties: + - IpamArn + - IpamRegion + - IpamResourceDiscoveryAssociationId + - IpamResourceDiscoveryAssociationArn + - IsDefault + - ResourceDiscoveryStatus + - State + - OwnerId + x-required-properties: + - IpamId + - IpamResourceDiscoveryId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:AssociateIpamResourceDiscovery + - ec2:DescribeIpamResourceDiscoveryAssociations + - ec2:CreateTags + read: + - ec2:DescribeIpamResourceDiscoveryAssociations + update: + - ec2:DescribeIpamResourceDiscoveryAssociations + - ec2:CreateTags + - ec2:DeleteTags + delete: + - ec2:DisassociateIpamResourceDiscovery + - ec2:DescribeIpamResourceDiscoveryAssociations + - ec2:DeleteTags + list: + - ec2:DescribeIpamResourceDiscoveryAssociations + IPAMScope: type: object - required: - - VpcPeeringConnectionId - title: RejectVpcPeeringConnectionRequest properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - vpcPeeringConnectionId: - allOf: - - $ref: '#/components/schemas/VpcPeeringConnectionId' - - description: The ID of the VPC peering connection. - ReleaseAddressRequest: + IpamScopeId: + description: Id of the IPAM scope. + type: string + Arn: + description: The Amazon Resource Name (ARN) of the IPAM scope. + type: string + IpamId: + description: The Id of the IPAM this scope is a part of. + type: string + IpamArn: + description: The Amazon Resource Name (ARN) of the IPAM this scope is a part of. + type: string + IpamScopeType: + description: Determines whether this scope contains publicly routable space or space for a private network + type: string + enum: + - public + - private + IsDefault: + description: Is this one of the default scopes created with the IPAM. + type: boolean + Description: + type: string + PoolCount: + description: The number of pools that currently exist in this scope. + type: integer + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - IpamId + x-stackql-resource-name: ipam_scope + description: Resource Schema of AWS::EC2::IPAMScope Type + x-type-name: AWS::EC2::IPAMScope + x-stackql-primary-identifier: + - IpamScopeId + x-create-only-properties: + - IpamId + x-read-only-properties: + - IpamScopeId + - Arn + - IpamArn + - IsDefault + - PoolCount + - IpamScopeType + x-required-properties: + - IpamId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateIpamScope + - ec2:DescribeIpamScopes + - ec2:CreateTags + read: + - ec2:DescribeIpamScopes + update: + - ec2:ModifyIpamScope + - ec2:DescribeIpamScopes + - ec2:CreateTags + - ec2:DeleteTags + delete: + - ec2:DeleteIpamScope + - ec2:DescribeIpamScopes + - ec2:DeleteTags + list: + - ec2:DescribeIpamScopes + KeyPair: type: object - title: ReleaseAddressRequest properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses.

If you provide an incorrect network border group, you receive an InvalidAddress.NotFound error.

You cannot use a network border group with EC2 Classic. If you attempt this operation on EC2 classic, you receive an InvalidParameterCombination error.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ReleaseHostsRequest: - type: object + KeyName: + description: The name of the SSH key pair + type: string + KeyType: + description: The crypto-system used to generate a key pair. + type: string + default: rsa + enum: + - rsa + - ed25519 + KeyFormat: + description: The format of the private key + type: string + default: pem + enum: + - pem + - ppk + PublicKeyMaterial: + description: Plain text public key to import + type: string + KeyFingerprint: + description: A short sequence of bytes used for public key verification + type: string + KeyPairId: + description: An AWS generated ID for the key pair + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' required: - - HostIds - title: ReleaseHostsRequest - properties: - hostId: - allOf: - - $ref: '#/components/schemas/RequestHostIdList' - - description: The IDs of the Dedicated Hosts to release. - ReleaseIpamPoolAllocationRequest: + - KeyName + x-stackql-resource-name: key_pair + description: The AWS::EC2::KeyPair creates an SSH key pair + x-type-name: AWS::EC2::KeyPair + x-stackql-primary-identifier: + - KeyName + x-stackql-additional-identifiers: + - - KeyPairId + x-create-only-properties: + - KeyName + - KeyType + - KeyFormat + - PublicKeyMaterial + - Tags + x-write-only-properties: + - KeyFormat + x-read-only-properties: + - KeyPairId + - KeyFingerprint + x-required-properties: + - KeyName + x-tagging: + taggable: true + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:CreateKeyPair + - ec2:ImportKeyPair + - ec2:CreateTags + - ssm:PutParameter + read: + - ec2:DescribeKeyPairs + list: + - ec2:DescribeKeyPairs + delete: + - ec2:DeleteKeyPair + - ssm:DeleteParameter + - ec2:DescribeKeyPairs + LaunchTemplateData: + description: |- + The information to include in the launch template. + You must specify at least one parameter for the launch template data. + additionalProperties: false + type: object + properties: + SecurityGroups: + uniqueItems: false + description: |- + The names of the security groups. For a nondefault VPC, you must use security group IDs instead. + If you specify a network interface, you must specify any security groups as part of the network interface instead of using this parameter. + type: array + items: + type: string + TagSpecifications: + uniqueItems: false + description: |- + The tags to apply to the resources that are created during instance launch. + To tag a resource after it has been created, see [CreateTags](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html). + To tag the launch template itself, use [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications). + type: array + items: + $ref: '#/components/schemas/TagSpecification' + UserData: + description: |- + The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see [Run commands on your Linux instance at launch](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) (Linux) or [Work with instance user data](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/instancedata-add-user-data.html) (Windows) in the *Amazon Elastic Compute Cloud User Guide*. + If you are creating the launch template for use with BATCH, the user data must be provided in the [MIME multi-part archive format](https://docs.aws.amazon.com/https://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive). For more information, see [Amazon EC2 user data in launch templates](https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html) in the *User Guide*. + type: string + BlockDeviceMappings: + uniqueItems: false + description: The block device mapping. + type: array + items: + $ref: '#/components/schemas/BlockDeviceMapping' + MaintenanceOptions: + description: The maintenance options of your instance. + $ref: '#/components/schemas/MaintenanceOptions' + IamInstanceProfile: + description: The name or Amazon Resource Name (ARN) of an IAM instance profile. + $ref: '#/components/schemas/IamInstanceProfile' + KernelId: + description: |- + The ID of the kernel. + We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see [User Provided Kernels](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) in the *Amazon EC2 User Guide*. + type: string + EbsOptimized: + description: Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS-optimized instance. + type: boolean + ElasticGpuSpecifications: + uniqueItems: false + description: |- + Deprecated. + Amazon Elastic Graphics reached end of life on January 8, 2024. For workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, G4dn, or G5 instances. + type: array + items: + $ref: '#/components/schemas/ElasticGpuSpecification' + ElasticInferenceAccelerators: + uniqueItems: false + description: |- + An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads. + You cannot specify accelerators from different generations in the same request. + Starting April 15, 2023, AWS will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service. + type: array + items: + $ref: '#/components/schemas/LaunchTemplateElasticInferenceAccelerator' + Placement: + description: The placement for the instance. + $ref: '#/components/schemas/Placement' + NetworkInterfaces: + uniqueItems: false + description: The network interfaces for the instance. + type: array + items: + $ref: '#/components/schemas/NetworkInterface' + EnclaveOptions: + description: |- + Indicates whether the instance is enabled for AWS Nitro Enclaves. For more information, see [What is Nitro Enclaves?](https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) in the *Nitro Enclaves User Guide*. + You can't enable AWS Nitro Enclaves and hibernation on the same instance. + $ref: '#/components/schemas/EnclaveOptions' + ImageId: + description: |- + The ID of the AMI. Alternatively, you can specify a Systems Manager parameter, which will resolve to an AMI ID on launch. + Valid formats: + + ``ami-17characters00000`` + + ``resolve:ssm:parameter-name`` + + ``resolve:ssm:parameter-name:version-number`` + + ``resolve:ssm:parameter-name:label`` + + For more information, see [Use a Systems Manager parameter to find an AMI](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html#using-systems-manager-parameter-to-find-AMI) in the *Amazon Elastic Compute Cloud User Guide*. + type: string + InstanceType: + description: |- + The instance type. For more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon Elastic Compute Cloud User Guide*. + If you specify ``InstanceType``, you can't specify ``InstanceRequirements``. + type: string + Monitoring: + description: The monitoring for the instance. + $ref: '#/components/schemas/Monitoring' + HibernationOptions: + description: Indicates whether an instance is enabled for hibernation. This parameter is valid only if the instance meets the [hibernation prerequisites](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hibernating-prerequisites.html). For more information, see [Hibernate your instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) in the *Amazon Elastic Compute Cloud User Guide*. + $ref: '#/components/schemas/HibernationOptions' + MetadataOptions: + description: The metadata options for the instance. For more information, see [Instance metadata and user data](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) in the *Amazon Elastic Compute Cloud User Guide*. + $ref: '#/components/schemas/MetadataOptions' + LicenseSpecifications: + uniqueItems: false + description: The license configurations. + type: array + items: + $ref: '#/components/schemas/LicenseSpecification' + InstanceInitiatedShutdownBehavior: + description: |- + Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). + Default: ``stop`` + type: string + DisableApiStop: + description: Indicates whether to enable the instance for stop protection. For more information, see [Stop protection](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#Using_StopProtection) in the *Amazon Elastic Compute Cloud User Guide*. + type: boolean + CpuOptions: + description: The CPU options for the instance. For more information, see [Optimizing CPU Options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) in the *Amazon Elastic Compute Cloud User Guide*. + $ref: '#/components/schemas/CpuOptions' + PrivateDnsNameOptions: + description: The hostname type for EC2 instances launched into this subnet and how DNS A and AAAA record queries should be handled. For more information, see [Amazon EC2 instance hostname types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-naming.html) in the *User Guide*. + $ref: '#/components/schemas/PrivateDnsNameOptions' + SecurityGroupIds: + uniqueItems: false + description: |- + The IDs of the security groups. You can specify the IDs of existing security groups and references to resources created by the stack template. + If you specify a network interface, you must specify any security groups as part of the network interface instead. + type: array + items: + type: string + KeyName: + description: |- + The name of the key pair. You can create a key pair using [CreateKeyPair](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateKeyPair.html) or [ImportKeyPair](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportKeyPair.html). + If you do not specify a key pair, you can't connect to the instance unless you choose an AMI that is configured to allow users another way to log in. + type: string + DisableApiTermination: + description: If you set this parameter to ``true``, you can't terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use [ModifyInstanceAttribute](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html). Alternatively, if you set ``InstanceInitiatedShutdownBehavior`` to ``terminate``, you can terminate the instance by running the shutdown command from the instance. + type: boolean + InstanceMarketOptions: + description: The market (purchasing) option for the instances. + $ref: '#/components/schemas/InstanceMarketOptions' + InstanceRequirements: + description: |- + The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes. + You must specify ``VCpuCount`` and ``MemoryMiB``. All other attributes are optional. Any unspecified optional attribute is set to its default. + When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values. + To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request: + + ``AllowedInstanceTypes`` - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes. + + ``ExcludedInstanceTypes`` - The instance types to exclude from the list, even if they match your specified attributes. + + If you specify ``InstanceRequirements``, you can't specify ``InstanceType``. + Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the [launch instance wizard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html), or with the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API or [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) AWS CloudFormation resource, you can't specify ``InstanceRequirements``. + For more information, see [Attribute-based instance type selection for EC2 Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html), [Attribute-based instance type selection for Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html), and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide*. + $ref: '#/components/schemas/InstanceRequirements' + RamDiskId: + description: |- + The ID of the RAM disk. + We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see [User provided kernels](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) in the *Amazon Elastic Compute Cloud User Guide*. + type: string + CapacityReservationSpecification: + description: The Capacity Reservation targeting option. If you do not specify this parameter, the instance's Capacity Reservation preference defaults to ``open``, which enables it to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). + $ref: '#/components/schemas/CapacityReservationSpecification' + CreditSpecification: + description: The credit option for CPU usage of the instance. Valid only for T instances. + $ref: '#/components/schemas/CreditSpecification' + Ipv6Add: + description: |- + Specifies an IPv6 address in an Amazon EC2 launch template. + ``Ipv6Add`` is a property of [AWS::EC2::LaunchTemplate NetworkInterface](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-networkinterface.html). + additionalProperties: false type: object - required: - - IpamPoolId - - Cidr - - IpamPoolAllocationId - title: ReleaseIpamPoolAllocationRequest properties: - undefined: - allOf: - - $ref: '#/components/schemas/IpamPoolAllocationId' - - description: The ID of the allocation. - RemovePrefixListEntries: - type: array - items: - $ref: '#/components/schemas/RemovePrefixListEntry' - minItems: 0 - maxItems: 100 - ReplaceIamInstanceProfileAssociationRequest: + Ipv6Address: + description: One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. You can't use this option if you're specifying a number of IPv6 addresses. + type: string + MaintenanceOptions: + description: The maintenance options of your instance. + additionalProperties: false type: object - required: - - IamInstanceProfile - - AssociationId - title: ReplaceIamInstanceProfileAssociationRequest properties: - undefined: - allOf: - - $ref: '#/components/schemas/IamInstanceProfileAssociationId' - - description: The ID of the existing IAM instance profile association. - ReplaceNetworkAclAssociationRequest: + AutoRecovery: + description: Disables the automatic recovery behavior of your instance or sets it to default. + type: string + IamInstanceProfile: + description: |- + Specifies an IAM instance profile, which is a container for an IAM role for your instance. You can use an IAM role to distribute your AWS credentials to your instances. + If you are creating the launch template for use with an ASlong group, you can specify either the name or the ARN of the instance profile, but not both. + ``IamInstanceProfile`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + additionalProperties: false + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the instance profile. + type: string + Name: + description: The name of the instance profile. + type: string + MemoryGiBPerVCpu: + description: The minimum and maximum amount of memory per vCPU, in GiB. + additionalProperties: false type: object - required: - - AssociationId - - NetworkAclId - title: ReplaceNetworkAclAssociationRequest properties: - associationId: - allOf: - - $ref: '#/components/schemas/NetworkAclAssociationId' - - description: The ID of the current association between the original network ACL and the subnet. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - networkAclId: - allOf: - - $ref: '#/components/schemas/NetworkAclId' - - description: The ID of the new network ACL to associate with the subnet. - ReplaceNetworkAclEntryRequest: + Min: + description: The minimum amount of memory per vCPU, in GiB. To specify no minimum limit, omit this parameter. + type: number + Max: + description: The maximum amount of memory per vCPU, in GiB. To specify no maximum limit, omit this parameter. + type: number + VCpuCount: + description: The minimum and maximum number of vCPUs. + additionalProperties: false type: object - required: - - Egress - - NetworkAclId - - Protocol - - RuleAction - - RuleNumber - title: ReplaceNetworkAclEntryRequest properties: - cidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv4 network range to allow or deny, in CIDR notation (for example 172.16.0.0/24).' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - egress: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Indicates whether to replace the egress rule.

Default: If no value is specified, we replace the ingress rule.

' - Icmp: - allOf: - - $ref: '#/components/schemas/IcmpTypeCode' - - description: 'ICMP protocol: The ICMP or ICMPv6 type and code. Required if specifying protocol 1 (ICMP) or protocol 58 (ICMPv6) with an IPv6 CIDR block.' - ipv6CidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IPv6 network range to allow or deny, in CIDR notation (for example 2001:bd8:1234:1a00::/64).' - networkAclId: - allOf: - - $ref: '#/components/schemas/NetworkAclId' - - description: The ID of the ACL. - portRange: - allOf: - - $ref: '#/components/schemas/PortRange' - - description: 'TCP or UDP protocols: The range of ports the rule applies to. Required if specifying protocol 6 (TCP) or 17 (UDP).' - protocol: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The protocol number. A value of "-1" means all protocols. If you specify "-1" or a protocol number other than "6" (TCP), "17" (UDP), or "1" (ICMP), traffic on all ports is allowed, regardless of any ports or ICMP types or codes that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv4 CIDR block, traffic for all ICMP types and codes allowed, regardless of any that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv6 CIDR block, you must specify an ICMP type and code.' - ruleAction: - allOf: - - $ref: '#/components/schemas/RuleAction' - - description: Indicates whether to allow or deny the traffic that matches the rule. - ruleNumber: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The rule number of the entry to replace. - ReplaceRootVolumeTaskState: - type: string - enum: - - pending - - in-progress - - failing - - succeeded - - failed - - failed-detached - ReplaceRouteRequest: + Min: + description: The minimum number of vCPUs. To specify no minimum limit, specify ``0``. + type: integer + Max: + description: The maximum number of vCPUs. To specify no maximum limit, omit this parameter. + type: integer + Ipv4PrefixSpecification: type: object - required: - - RouteTableId - title: ReplaceRouteRequest + additionalProperties: false properties: - destinationCidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv4 CIDR address block used for the destination match. The value that you provide must match the CIDR of an existing route in the table. - destinationIpv6CidrBlock: - allOf: - - $ref: '#/components/schemas/PrefixListResourceId' - - description: The ID of the prefix list for the route. - dryRun: - allOf: - - $ref: '#/components/schemas/VpcEndpointId' - - description: The ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only. - egressOnlyInternetGatewayId: - allOf: - - $ref: '#/components/schemas/EgressOnlyInternetGatewayId' - - description: '[IPv6 traffic only] The ID of an egress-only internet gateway.' - gatewayId: - allOf: - - $ref: '#/components/schemas/RouteGatewayId' - - description: The ID of an internet gateway or virtual private gateway. - instanceId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Specifies whether to reset the local route to its default target (local). - natGatewayId: - allOf: - - $ref: '#/components/schemas/CarrierGatewayId' - - description: '[IPv4 traffic only] The ID of a carrier gateway.' - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - description: The ID of a network interface. - routeTableId: - allOf: - - $ref: '#/components/schemas/RouteTableId' - - description: The ID of the route table. - vpcPeeringConnectionId: - allOf: - - $ref: '#/components/schemas/CoreNetworkArn' - - description: The Amazon Resource Name (ARN) of the core network. - ReplaceRouteTableAssociationRequest: - type: object + Ipv4Prefix: + type: string required: - - AssociationId - - RouteTableId - title: ReplaceRouteTableAssociationRequest - properties: - associationId: - allOf: - - $ref: '#/components/schemas/RouteTableAssociationId' - - description: The association ID. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - routeTableId: - allOf: - - $ref: '#/components/schemas/RouteTableId' - - description: The ID of the new route table to associate with the subnet. - ReplaceTransitGatewayRouteRequest: + - Ipv4Prefix + EnaSrdSpecification: type: object - required: - - DestinationCidrBlock - - TransitGatewayRouteTableId - title: ReplaceTransitGatewayRouteRequest + additionalProperties: false properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ReplacementStrategy: - type: string - enum: - - launch - - launch-before-terminate - ReportStatusType: - type: string - enum: - - ok - - impaired - ReportInstanceStatusRequest: + EnaSrdEnabled: + type: boolean + EnaSrdUdpSpecification: + type: object + additionalProperties: false + properties: + EnaSrdUdpEnabled: + type: boolean + EnclaveOptions: + description: Indicates whether the instance is enabled for AWS Nitro Enclaves. + additionalProperties: false type: object - required: - - Instances - - ReasonCodes - - Status - title: ReportInstanceStatusRequest properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: Descriptive text about the health state of your instance. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - endTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time at which the reported instance health state ended. - instanceId: - allOf: - - $ref: '#/components/schemas/InstanceIdStringList' - - description: The instances. - reasonCode: - allOf: - - $ref: '#/components/schemas/ReasonCodesList' - - description: '

The reason codes that describe the health state of your instance.

' - startTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time at which the reported instance health state began. - status: - allOf: - - $ref: '#/components/schemas/ReportStatusType' - - description: The status of all instances listed. - RequestHostIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/DedicatedHostId' - - xml: - name: item - SpotFleetRequestConfigData: + Enabled: + description: If this parameter is set to ``true``, the instance is enabled for AWS Nitro Enclaves; otherwise, it is not enabled for AWS Nitro Enclaves. + type: boolean + Monitoring: + description: |- + Specifies whether detailed monitoring is enabled for an instance. For more information about detailed monitoring, see [Enable or turn off detailed monitoring for your instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html) in the *User Guide*. + ``Monitoring`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + additionalProperties: false type: object - required: - - IamFleetRole - - TargetCapacity properties: - allocationStrategy: - allOf: - - $ref: '#/components/schemas/AllocationStrategy' - - description: '

Indicates how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the Spot Fleet request.

If the allocation strategy is lowestPrice, Spot Fleet launches instances from the Spot Instance pools with the lowest price. This is the default allocation strategy.

If the allocation strategy is diversified, Spot Fleet launches instances from all the Spot Instance pools that you specify.

If the allocation strategy is capacityOptimized (recommended), Spot Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching. To give certain instance types a higher chance of launching first, use capacityOptimizedPrioritized. Set a priority for each instance type by using the Priority parameter for LaunchTemplateOverrides. You can assign the same priority to different LaunchTemplateOverrides. EC2 implements the priorities on a best-effort basis, but optimizes for capacity first. capacityOptimizedPrioritized is supported only if your Spot Fleet uses a launch template. Note that if the OnDemandAllocationStrategy is set to prioritized, the same priority is applied when fulfilling On-Demand capacity.

' - onDemandAllocationStrategy: - allOf: - - $ref: '#/components/schemas/OnDemandAllocationStrategy' - - description: 'The order of the launch template overrides to use in fulfilling On-Demand capacity. If you specify lowestPrice, Spot Fleet uses price to determine the order, launching the lowest price first. If you specify prioritized, Spot Fleet uses the priority that you assign to each Spot Fleet launch template override, launching the highest priority first. If you do not specify a value, Spot Fleet defaults to lowestPrice.' - spotMaintenanceStrategies: - allOf: - - $ref: '#/components/schemas/SpotMaintenanceStrategies' - - description: The strategies for managing your Spot Instances that are at an elevated risk of being interrupted. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of your listings. This helps to avoid duplicate listings. For more information, see Ensuring Idempotency.' - excessCapacityTerminationPolicy: - allOf: - - $ref: '#/components/schemas/ExcessCapacityTerminationPolicy' - - description: Indicates whether running Spot Instances should be terminated if you decrease the target capacity of the Spot Fleet request below the current size of the Spot Fleet. - fulfilledCapacity: - allOf: - - $ref: '#/components/schemas/Double' - - description: The number of units fulfilled by this request compared to the set target capacity. You cannot set this value. - onDemandFulfilledCapacity: - allOf: - - $ref: '#/components/schemas/Double' - - description: The number of On-Demand units fulfilled by this request compared to the set target On-Demand capacity. - iamFleetRole: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that grants the Spot Fleet the permission to request, launch, terminate, and tag instances on your behalf. For more information, see Spot Fleet prerequisites in the Amazon EC2 User Guide for Linux Instances. Spot Fleet can terminate Spot Instances on your behalf when you cancel its Spot Fleet request using CancelSpotFleetRequests or when the Spot Fleet request expires, if you set TerminateInstancesWithExpiration.' - launchSpecifications: - allOf: - - $ref: '#/components/schemas/LaunchSpecsList' - - description: 'The launch specifications for the Spot Fleet request. If you specify LaunchSpecifications, you can''t specify LaunchTemplateConfigs. If you include On-Demand capacity in your request, you must use LaunchTemplateConfigs.' - launchTemplateConfigs: - allOf: - - $ref: '#/components/schemas/LaunchTemplateConfigList' - - description: 'The launch template and overrides. If you specify LaunchTemplateConfigs, you can''t specify LaunchSpecifications. If you include On-Demand capacity in your request, you must use LaunchTemplateConfigs.' - spotPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The maximum price per unit hour that you are willing to pay for a Spot Instance. The default is the On-Demand price. - targetCapacity: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The number of units to request for the Spot Fleet. You can choose to set the target capacity in terms of instances or a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.' - onDemandTargetCapacity: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The number of On-Demand units to request. You can choose to set the target capacity in terms of instances or a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.' - onDemandMaxTotalPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The maximum amount per hour for On-Demand Instances that you''re willing to pay. You can use the onDemandMaxTotalPrice parameter, the spotMaxTotalPrice parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, Spot Fleet will launch instances until it reaches the maximum amount you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity.' - spotMaxTotalPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The maximum amount per hour for Spot Instances that you''re willing to pay. You can use the spotdMaxTotalPrice parameter, the onDemandMaxTotalPrice parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, Spot Fleet will launch instances until it reaches the maximum amount you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity.' - terminateInstancesWithExpiration: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether running Spot Instances are terminated when the Spot Fleet request expires. - type: - allOf: - - $ref: '#/components/schemas/FleetType' - - description: 'The type of request. Indicates whether the Spot Fleet only requests the target capacity or also attempts to maintain it. When this value is request, the Spot Fleet only places the required requests. It does not attempt to replenish Spot Instances if capacity is diminished, nor does it submit requests in alternative Spot pools if capacity is not available. When this value is maintain, the Spot Fleet maintains the target capacity. The Spot Fleet places the required requests to meet capacity and automatically replenishes any interrupted instances. Default: maintain. instant is listed but is not used by Spot Fleet.' - validFrom: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The start date and time of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). By default, Amazon EC2 starts fulfilling the request immediately.' - validUntil: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The end date and time of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). After the end date and time, no new Spot Instance requests are placed or able to fulfill the request. If no value is specified, the Spot Fleet request remains until you cancel it.' - replaceUnhealthyInstances: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether Spot Fleet should replace unhealthy instances. - instanceInterruptionBehavior: - allOf: - - $ref: '#/components/schemas/InstanceInterruptionBehavior' - - description: The behavior when a Spot Instance is interrupted. The default is terminate. - loadBalancersConfig: - allOf: - - $ref: '#/components/schemas/LoadBalancersConfig' - - description: '

One or more Classic Load Balancers and target groups to attach to the Spot Fleet request. Spot Fleet registers the running Spot Instances with the specified Classic Load Balancers and target groups.

With Network Load Balancers, Spot Fleet cannot register instances that have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1, G2, HI1, HS1, M1, M2, M3, and T1.

' - instancePoolsToUseCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The number of Spot pools across which to allocate your target Spot capacity. Valid only when Spot AllocationStrategy is set to lowest-price. Spot Fleet selects the cheapest Spot pools and evenly allocates your target Spot capacity across the number of Spot pools that you specify.

Note that Spot Fleet attempts to draw Spot Instances from the number of pools that you specify on a best effort basis. If a pool runs out of Spot capacity before fulfilling your target capacity, Spot Fleet will continue to fulfill your request by drawing from the next cheapest pool. To ensure that your target capacity is met, you might receive Spot Instances from more than the number of pools that you specified. Similarly, if most of the pools have no Spot capacity, you might receive your full target capacity from fewer than the number of pools that you specified.

' - context: - allOf: - - $ref: '#/components/schemas/String' - - description: Reserved. - targetCapacityUnitType: - allOf: - - $ref: '#/components/schemas/TargetCapacityUnitType' - - description: '

The unit for the target capacity.

Default: units (translates to number of instances)

' - TagSpecification: - allOf: - - $ref: '#/components/schemas/TagSpecificationList' - - description: 'The key-value pair for tagging the Spot Fleet request on creation. The value for ResourceType must be spot-fleet-request, otherwise the Spot Fleet request fails. To tag instances at launch, specify the tags in the launch template (valid only if you use LaunchTemplateConfigs) or in the SpotFleetTagSpecification (valid only if you use LaunchSpecifications). For information about tagging after launch, see Tagging Your Resources.' - description: Describes the configuration of a Spot Fleet request. - RequestSpotFleetRequest: + Enabled: + description: Specify ``true`` to enable detailed monitoring. Otherwise, basic monitoring is enabled. + type: boolean + MemoryMiB: + description: The minimum and maximum amount of memory, in MiB. + additionalProperties: false type: object - required: - - SpotFleetRequestConfig - title: RequestSpotFleetRequest properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - spotFleetRequestConfig: - allOf: - - $ref: '#/components/schemas/SpotFleetRequestConfigData' - - description: The configuration for the Spot Fleet request. - description: Contains the parameters for RequestSpotFleet. - RequestSpotLaunchSpecification: + Min: + description: The minimum amount of memory, in MiB. To specify no minimum limit, specify ``0``. + type: integer + Max: + description: The maximum amount of memory, in MiB. To specify no maximum limit, omit this parameter. + type: integer + HibernationOptions: + description: |- + Specifies whether your instance is configured for hibernation. This parameter is valid only if the instance meets the [hibernation prerequisites](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites). For more information, see [Hibernate Your Instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) in the *Amazon EC2 User Guide*. + ``HibernationOptions`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + additionalProperties: false + type: object + properties: + Configured: + description: |- + If you set this parameter to ``true``, the instance is enabled for hibernation. + Default: ``false`` + type: boolean + MetadataOptions: + description: |- + The metadata options for the instance. For more information, see [Instance metadata and user data](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) in the *Amazon EC2 User Guide*. + ``MetadataOptions`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + additionalProperties: false + type: object + properties: + HttpPutResponseHopLimit: + description: |- + The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. + Default: ``1`` + Possible values: Integers from 1 to 64 + type: integer + HttpTokens: + description: |- + Indicates whether IMDSv2 is required. + + ``optional`` - IMDSv2 is optional. You can choose whether to send a session token in your instance metadata retrieval requests. If you retrieve IAM role credentials without a session token, you receive the IMDSv1 role credentials. If you retrieve IAM role credentials using a valid session token, you receive the IMDSv2 role credentials. + + ``required`` - IMDSv2 is required. You must send a session token in your instance metadata retrieval requests. With this option, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available. + + Default: If the value of ``ImdsSupport`` for the Amazon Machine Image (AMI) for your instance is ``v2.0``, the default is ``required``. + type: string + HttpProtocolIpv6: + description: |- + Enables or disables the IPv6 endpoint for the instance metadata service. + Default: ``disabled`` + type: string + InstanceMetadataTags: + description: |- + Set to ``enabled`` to allow access to instance tags from the instance metadata. Set to ``disabled`` to turn off access to instance tags from the instance metadata. For more information, see [Work with instance tags using the instance metadata](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + Default: ``disabled`` + type: string + HttpEndpoint: + description: |- + Enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is ``enabled``. + If you specify a value of ``disabled``, you will not be able to access your instance metadata. + type: string + NetworkInterfaceCount: + description: The minimum and maximum number of network interfaces. + additionalProperties: false type: object properties: - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/RequestSpotLaunchSpecificationSecurityGroupIdList' - - description: One or more security group IDs. - SecurityGroup: - allOf: - - $ref: '#/components/schemas/RequestSpotLaunchSpecificationSecurityGroupList' - - description: 'One or more security groups. When requesting instances in a VPC, you must specify the IDs of the security groups. When requesting instances in EC2-Classic, you can specify the names or the IDs of the security groups.' - addressingType: - allOf: - - $ref: '#/components/schemas/String' - - description: Deprecated. - blockDeviceMapping: - allOf: - - $ref: '#/components/schemas/BlockDeviceMappingList' - - description: 'One or more block device mapping entries. You can''t specify both a snapshot ID and an encryption value. This is because only blank volumes can be encrypted on creation. If a snapshot is the basis for a volume, it is not blank and its encryption status is used for the volume encryption status.' - ebsOptimized: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Indicates whether the instance is optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn''t available with all instance types. Additional usage charges apply when using an EBS Optimized instance.

Default: false

' - iamInstanceProfile: - allOf: - - $ref: '#/components/schemas/IamInstanceProfileSpecification' - - description: The IAM instance profile. - imageId: - allOf: - - $ref: '#/components/schemas/ImageId' - - description: The ID of the AMI. - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: The instance type. Only one instance type can be specified. - kernelId: - allOf: - - $ref: '#/components/schemas/KernelId' - - description: The ID of the kernel. - keyName: - allOf: - - $ref: '#/components/schemas/KeyPairName' - - description: The name of the key pair. - monitoring: - allOf: - - $ref: '#/components/schemas/RunInstancesMonitoringEnabled' - - description: '

Indicates whether basic or detailed monitoring is enabled for the instance.

Default: Disabled

' - NetworkInterface: - allOf: - - $ref: '#/components/schemas/InstanceNetworkInterfaceSpecificationList' - - description: 'One or more network interfaces. If you specify a network interface, you must specify subnet IDs and security group IDs using the network interface.' - placement: - allOf: - - $ref: '#/components/schemas/SpotPlacement' - - description: The placement information for the instance. - ramdiskId: - allOf: - - $ref: '#/components/schemas/RamdiskId' - - description: The ID of the RAM disk. - subnetId: - allOf: - - $ref: '#/components/schemas/SubnetId' - - description: The ID of the subnet in which to launch the instance. - userData: - allOf: - - $ref: '#/components/schemas/String' - - description: The Base64-encoded user data for the instance. User data is limited to 16 KB. - description: Describes the launch specification for an instance. - RequestSpotInstancesRequest: + Min: + description: The minimum number of network interfaces. To specify no minimum limit, omit this parameter. + type: integer + Max: + description: The maximum number of network interfaces. To specify no maximum limit, omit this parameter. + type: integer + CpuOptions: + description: |- + Specifies the CPU options for an instance. For more information, see [Optimize CPU options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) in the *User Guide*. + ``CpuOptions`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + additionalProperties: false type: object - title: RequestSpotInstancesRequest properties: - availabilityZoneGroup: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The user-specified name for a logical grouping of requests.

When you specify an Availability Zone group in a Spot Instance request, all Spot Instances in the request are launched in the same Availability Zone. Instance proximity is maintained with this parameter, but the choice of Availability Zone is not. The group applies only to requests for Spot Instances of the same instance type. Any additional Spot Instance requests that are specified with the same Availability Zone group name are launched in that same Availability Zone, as long as at least one instance from the group is still active.

If there is no active instance running in the Availability Zone group that you specify for a new Spot Instance request (all instances are terminated, the request is expired, or the maximum price you specified falls below current Spot price), then Amazon EC2 launches the instance in any Availability Zone where the constraint can be met. Consequently, the subsequent set of Spot Instances could be placed in a different zone from the original request, even if you specified the same Availability Zone group.

Default: Instances are launched in any available Availability Zone.

' - blockDurationMinutes: - allOf: - - $ref: '#/components/schemas/Integer' - - description: Deprecated. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency in the Amazon EC2 User Guide for Linux Instances.' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - instanceCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The maximum number of Spot Instances to launch.

Default: 1

' - launchGroup: - allOf: - - $ref: '#/components/schemas/RequestSpotLaunchSpecification' - - description: The launch specification. - spotPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The maximum price per hour that you are willing to pay for a Spot Instance. The default is the On-Demand price. - type: - allOf: - - $ref: '#/components/schemas/SpotInstanceType' - - description: '

The Spot Instance request type.

Default: one-time

' - validFrom: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: '

The start date of the request. If this is a one-time request, the request becomes active at this date and time and remains active until all instances launch, the request expires, or the request is canceled. If the request is persistent, the request becomes active at this date and time and remains active until it expires or is canceled.

The specified start date and time cannot be equal to the current date and time. You must specify a start date and time that occurs after the current date and time.

' - validUntil: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: '

The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ).

' - TagSpecification: - allOf: - - $ref: '#/components/schemas/InstanceInterruptionBehavior' - - description: The behavior when a Spot Instance is interrupted. The default is terminate. - description: Contains the parameters for RequestSpotInstances. - ReservationFleetInstanceSpecificationList: - type: array - items: - $ref: '#/components/schemas/ReservationFleetInstanceSpecification' - ReservedInstanceLimitPrice: + ThreadsPerCore: + description: The number of threads per CPU core. To disable multithreading for the instance, specify a value of ``1``. Otherwise, specify the default value of ``2``. + type: integer + AmdSevSnp: + description: Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. For more information, see [AMD SEV-SNP](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html). + type: string + enum: + - enabled + - disabled + CoreCount: + description: The number of CPU cores for the instance. + type: integer + SpotOptions: + description: |- + Specifies options for Spot Instances. + ``SpotOptions`` is a property of [AWS::EC2::LaunchTemplate InstanceMarketOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-instancemarketoptions.html). + additionalProperties: false + type: object + properties: + SpotInstanceType: + description: |- + The Spot Instance request type. + If you are using Spot Instances with an Auto Scaling group, use ``one-time`` requests, as the ASlong service handles requesting new Spot Instances whenever the group is below its desired capacity. + type: string + InstanceInterruptionBehavior: + description: The behavior when a Spot Instance is interrupted. The default is ``terminate``. + type: string + MaxPrice: + description: |- + The maximum hourly price you're willing to pay for the Spot Instances. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price. + If you specify a maximum price, your Spot Instances will be interrupted more frequently than if you do not specify this parameter. + type: string + BlockDurationMinutes: + description: Deprecated. + type: integer + ValidUntil: + description: |- + The end date of the request, in UTC format (*YYYY-MM-DD*T*HH:MM:SS*Z). Supported only for persistent requests. + + For a persistent request, the request remains active until the ``ValidUntil`` date and time is reached. Otherwise, the request remains active until you cancel it. + + For a one-time request, ``ValidUntil`` is not supported. The request remains active until all instances launch or you cancel the request. + + Default: 7 days from the current date + type: string + PrivateIpAdd: + description: |- + Specifies a secondary private IPv4 address for a network interface. + ``PrivateIpAdd`` is a property of [AWS::EC2::LaunchTemplate NetworkInterface](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-networkinterface.html). + additionalProperties: false + type: object + properties: + PrivateIpAddress: + description: The private IPv4 address. + type: string + Primary: + description: Indicates whether the private IPv4 address is the primary private IPv4 address. Only one IPv4 address can be designated as primary. + type: boolean + Ipv6PrefixSpecification: type: object + additionalProperties: false properties: - amount: - allOf: - - $ref: '#/components/schemas/Double' - - description: Used for Reserved Instance Marketplace offerings. Specifies the limit price on the total order (instanceCount * price). - currencyCode: - allOf: - - $ref: '#/components/schemas/CurrencyCodeValues' - - description: 'The currency in which the limitPrice amount is specified. At this time, the only supported currency is USD.' - description: Describes the limit price of a Reserved Instance offering. - ReservedInstanceReservationValue: + Ipv6Prefix: + type: string + required: + - Ipv6Prefix + LaunchTemplateTagSpecification: + description: |- + Specifies the tags to apply to the launch template during creation. + ``LaunchTemplateTagSpecification`` is a property of [AWS::EC2::LaunchTemplate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html). + additionalProperties: false type: object properties: - reservationValue: - allOf: - - $ref: '#/components/schemas/ReservationValue' - - description: The total value of the Convertible Reserved Instance that you are exchanging. - reservedInstanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Convertible Reserved Instance that you are exchanging. - description: The total value of the Convertible Reserved Instance. - ReservedInstanceState: - type: string - enum: - - payment-pending - - active - - payment-failed - - retired - - queued - - queued-deleted - scope: - type: string - enum: - - Availability Zone - - Region - ReservedInstances: + ResourceType: + description: The type of resource. To tag the launch template, ``ResourceType`` must be ``launch-template``. + type: string + Tags: + uniqueItems: false + description: The tags for the resource. + type: array + items: + $ref: '#/components/schemas/Tag' + EnaSrdUdpSpecification: + description: ENA Express is compatible with both TCP and UDP transport protocols. When it's enabled, TCP traffic automatically uses it. However, some UDP-based applications are designed to handle network packets that are out of order, without a need for retransmission, such as live video broadcasting or other near-real-time applications. For UDP traffic, you can specify whether to use ENA Express, based on your application environment needs. + additionalProperties: false + type: object + properties: + EnaSrdUdpEnabled: + description: Indicates whether UDP traffic to and from the instance uses ENA Express. To specify this setting, you must first enable ENA Express. + type: boolean + NetworkBandwidthGbps: + description: |- + The minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). + Setting the minimum bandwidth does not guarantee that your instance will achieve the minimum bandwidth. Amazon EC2 will identify instance types that support the specified minimum bandwidth, but the actual bandwidth of your instance might go below the specified minimum at times. For more information, see [Available instance bandwidth](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-network-bandwidth.html#available-instance-bandwidth) in the *Amazon EC2 User Guide*. + additionalProperties: false + type: object + properties: + Min: + description: The minimum amount of network bandwidth, in Gbps. If this parameter is not specified, there is no minimum limit. + type: number + Max: + description: The maximum amount of network bandwidth, in Gbps. To specify no maximum limit, omit this parameter. + type: number + AcceleratorCount: + description: The minimum and maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips) on an instance. + additionalProperties: false type: object properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone in which the Reserved Instance can be used. - duration: - allOf: - - $ref: '#/components/schemas/Long' - - description: 'The duration of the Reserved Instance, in seconds.' - end: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time when the Reserved Instance expires. - fixedPrice: - allOf: - - $ref: '#/components/schemas/Float' - - description: The purchase price of the Reserved Instance. - instanceCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of reservations purchased. - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: The instance type on which the Reserved Instance can be used. - productDescription: - allOf: - - $ref: '#/components/schemas/RIProductDescription' - - description: The Reserved Instance product platform description. - reservedInstancesId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Reserved Instance. - start: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The date and time the Reserved Instance started. - state: - allOf: - - $ref: '#/components/schemas/ReservedInstanceState' - - description: The state of the Reserved Instance purchase. - usagePrice: - allOf: - - $ref: '#/components/schemas/Float' - - description: 'The usage price of the Reserved Instance, per hour.' - currencyCode: - allOf: - - $ref: '#/components/schemas/CurrencyCodeValues' - - description: 'The currency of the Reserved Instance. It''s specified using ISO 4217 standard currency codes. At this time, the only supported currency is USD.' - instanceTenancy: - allOf: - - $ref: '#/components/schemas/Tenancy' - - description: The tenancy of the instance. - offeringClass: - allOf: - - $ref: '#/components/schemas/OfferingClassType' - - description: The offering class of the Reserved Instance. - offeringType: - allOf: - - $ref: '#/components/schemas/OfferingTypeValues' - - description: The Reserved Instance offering type. - recurringCharges: - allOf: - - $ref: '#/components/schemas/RecurringChargesList' - - description: The recurring charge tag assigned to the resource. - scope: - allOf: - - $ref: '#/components/schemas/scope' - - description: The scope of the Reserved Instance. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the resource. - description: Describes a Reserved Instance. - ReservedInstancesId: + Min: + description: The minimum number of accelerators. To specify no minimum limit, omit this parameter. + type: integer + Max: + description: The maximum number of accelerators. To specify no maximum limit, omit this parameter. To exclude accelerator-enabled instance types, set ``Max`` to ``0``. + type: integer + InstanceMarketOptions: + description: |- + Specifies the market (purchasing) option for an instance. + ``InstanceMarketOptions`` is a property of the [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + additionalProperties: false + type: object + properties: + SpotOptions: + description: The options for Spot Instances. + $ref: '#/components/schemas/SpotOptions' + MarketType: + description: The market type. + type: string + LaunchTemplateElasticInferenceAccelerator: + description: |- + Specifies an elastic inference accelerator. + ``LaunchTemplateElasticInferenceAccelerator`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + additionalProperties: false + type: object + properties: + Type: + description: The type of elastic inference accelerator. The possible values are eia1.medium, eia1.large, and eia1.xlarge. + type: string + Count: + description: |- + The number of elastic inference accelerators to attach to the instance. + Default: 1 + type: integer + BaselineEbsBandwidthMbps: + description: The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see [Amazon EBS–optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide*. + additionalProperties: false type: object properties: - reservedInstancesId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Reserved Instance. - description: Describes the ID of a Reserved Instance. - ReservedInstancesListing: + Min: + description: The minimum baseline bandwidth, in Mbps. To specify no minimum limit, omit this parameter. + type: integer + Max: + description: The maximum baseline bandwidth, in Mbps. To specify no maximum limit, omit this parameter. + type: integer + InstanceRequirements: + description: |- + The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes. + You must specify ``VCpuCount`` and ``MemoryMiB``. All other attributes are optional. Any unspecified optional attribute is set to its default. + When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values. + To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request: + + ``AllowedInstanceTypes`` - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes. + + ``ExcludedInstanceTypes`` - The instance types to exclude from the list, even if they match your specified attributes. + + If you specify ``InstanceRequirements``, you can't specify ``InstanceType``. + Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the [launch instance wizard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html), or with the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API or [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) AWS CloudFormation resource, you can't specify ``InstanceRequirements``. + For more information, see [Attribute-based instance type selection for EC2 Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html), [Attribute-based instance type selection for Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html), and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide*. + additionalProperties: false + type: object + properties: + LocalStorageTypes: + uniqueItems: false + description: |- + The type of local storage that is required. + + For instance types with hard disk drive (HDD) storage, specify ``hdd``. + + For instance types with solid state drive (SSD) storage, specify ``ssd``. + + Default: ``hdd`` and ``ssd`` + type: array + items: + type: string + InstanceGenerations: + uniqueItems: false + description: |- + Indicates whether current or previous generation instance types are included. The current generation instance types are recommended for use. Current generation instance types are typically the latest two to three generations in each instance family. For more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon EC2 User Guide*. + For current generation instance types, specify ``current``. + For previous generation instance types, specify ``previous``. + Default: Current and previous generation instance types + type: array + items: + type: string + NetworkInterfaceCount: + description: |- + The minimum and maximum number of network interfaces. + Default: No minimum or maximum limits + $ref: '#/components/schemas/NetworkInterfaceCount' + MemoryGiBPerVCpu: + description: |- + The minimum and maximum amount of memory per vCPU, in GiB. + Default: No minimum or maximum limits + $ref: '#/components/schemas/MemoryGiBPerVCpu' + AcceleratorTypes: + uniqueItems: false + description: |- + The accelerator types that must be on the instance type. + + For instance types with GPU accelerators, specify ``gpu``. + + For instance types with FPGA accelerators, specify ``fpga``. + + For instance types with inference accelerators, specify ``inference``. + + Default: Any accelerator type + type: array + items: + type: string + VCpuCount: + description: The minimum and maximum number of vCPUs. + $ref: '#/components/schemas/VCpuCount' + ExcludedInstanceTypes: + uniqueItems: false + description: |- + The instance types to exclude. + You can use strings with one or more wild cards, represented by an asterisk (``*``), to exclude an instance type, size, or generation. The following are examples: ``m5.8xlarge``, ``c5*.*``, ``m5a.*``, ``r*``, ``*3*``. + For example, if you specify ``c5*``,Amazon EC2 will exclude the entire C5 instance family, which includes all C5a and C5n instance types. If you specify ``m5a.*``, Amazon EC2 will exclude all the M5a instance types, but not the M5n instance types. + If you specify ``ExcludedInstanceTypes``, you can't specify ``AllowedInstanceTypes``. + Default: No excluded instance types + type: array + items: + description: The user data to make available to the instance. + type: string + AcceleratorManufacturers: + uniqueItems: false + description: |- + Indicates whether instance types must have accelerators by specific manufacturers. + + For instance types with AWS devices, specify ``amazon-web-services``. + + For instance types with AMD devices, specify ``amd``. + + For instance types with Habana devices, specify ``habana``. + + For instance types with NVIDIA devices, specify ``nvidia``. + + For instance types with Xilinx devices, specify ``xilinx``. + + Default: Any manufacturer + type: array + items: + type: string + AllowedInstanceTypes: + uniqueItems: false + description: |- + The instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes. + You can use strings with one or more wild cards, represented by an asterisk (``*``), to allow an instance type, size, or generation. The following are examples: ``m5.8xlarge``, ``c5*.*``, ``m5a.*``, ``r*``, ``*3*``. + For example, if you specify ``c5*``,Amazon EC2 will allow the entire C5 instance family, which includes all C5a and C5n instance types. If you specify ``m5a.*``, Amazon EC2 will allow all the M5a instance types, but not the M5n instance types. + If you specify ``AllowedInstanceTypes``, you can't specify ``ExcludedInstanceTypes``. + Default: All instance types + type: array + items: + type: string + LocalStorage: + description: |- + Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, [Amazon EC2 instance store](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html) in the *Amazon EC2 User Guide*. + + To include instance types with instance store volumes, specify ``included``. + + To require only instance types with instance store volumes, specify ``required``. + + To exclude instance types with instance store volumes, specify ``excluded``. + + Default: ``included`` + type: string + CpuManufacturers: + uniqueItems: false + description: |- + The CPU manufacturers to include. + + For instance types with Intel CPUs, specify ``intel``. + + For instance types with AMD CPUs, specify ``amd``. + + For instance types with AWS CPUs, specify ``amazon-web-services``. + + Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. + Default: Any manufacturer + type: array + items: + type: string + AcceleratorCount: + description: |- + The minimum and maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips) on an instance. + To exclude accelerator-enabled instance types, set ``Max`` to ``0``. + Default: No minimum or maximum limits + $ref: '#/components/schemas/AcceleratorCount' + NetworkBandwidthGbps: + description: |- + The minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). + Default: No minimum or maximum limits + $ref: '#/components/schemas/NetworkBandwidthGbps' + BareMetal: + description: |- + Indicates whether bare metal instance types must be included, excluded, or required. + + To include bare metal instance types, specify ``included``. + + To require only bare metal instance types, specify ``required``. + + To exclude bare metal instance types, specify ``excluded``. + + Default: ``excluded`` + type: string + RequireHibernateSupport: + description: |- + Indicates whether instance types must support hibernation for On-Demand Instances. + This parameter is not supported for [GetSpotPlacementScores](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetSpotPlacementScores.html). + Default: ``false`` + type: boolean + MaxSpotPriceAsPercentageOfOptimalOnDemandPrice: + description: >- + [Price protection] The price protection threshold for Spot Instances, as a percentage of an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from the lowest priced current generation instance types, and failing that, from the lowest priced previous generation + instance types that match your attributes. When Amazon EC2 selects instance types with your attributes, it will exclude instance types whose price exceeds your specified threshold. + The parameter accepts an integer, which Amazon EC2 interprets as a percentage. + If you set ``DesiredCapacityType`` to ``vcpu`` or ``memory-mib``, the price protection threshold is based on the per vCPU or per memory price instead of the per instance price. + Only one of ``SpotMaxPricePercentageOverLowestPrice`` or ``MaxSpotPriceAsPercentageOfOptimalOnDemandPrice`` can be specified. If you don't specify either, Amazon EC2 will automatically apply optimal price protection to consistently select from a wide range of instance types. To indicate no price protection threshold for Spot Instances, meaning you want to consider all instance types that match your attributes, include one of these parameters and specify a high value, such as ``999999``. + type: integer + SpotMaxPricePercentageOverLowestPrice: + description: >- + [Price protection] The price protection threshold for Spot Instances, as a percentage higher than an identified Spot price. The identified Spot price is the Spot price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified Spot price is from the lowest priced current generation instance types, and failing that, from the lowest priced previous + generation instance types that match your attributes. When Amazon EC2 selects instance types with your attributes, it will exclude instance types whose Spot price exceeds your specified threshold. + The parameter accepts an integer, which Amazon EC2 interprets as a percentage. + If you set ``TargetCapacityUnitType`` to ``vcpu`` or ``memory-mib``, the price protection threshold is applied based on the per-vCPU or per-memory price instead of the per-instance price. + This parameter is not supported for [GetSpotPlacementScores](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetSpotPlacementScores.html) and [GetInstanceTypesFromInstanceRequirements](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetInstanceTypesFromInstanceRequirements.html). + Only one of ``SpotMaxPricePercentageOverLowestPrice`` or ``MaxSpotPriceAsPercentageOfOptimalOnDemandPrice`` can be specified. If you don't specify either, Amazon EC2 will automatically apply optimal price protection to consistently select from a wide range of instance types. To indicate no price protection threshold for Spot Instances, meaning you want to consider all instance types that match your attributes, include one of these parameters and specify a high value, such as ``999999``. + Default: ``100`` + type: integer + BaselineEbsBandwidthMbps: + description: |- + The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see [Amazon EBS–optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide*. + Default: No minimum or maximum limits + $ref: '#/components/schemas/BaselineEbsBandwidthMbps' + OnDemandMaxPricePercentageOverLowestPrice: + description: |- + [Price protection] The price protection threshold for On-Demand Instances, as a percentage higher than an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it will exclude instance types whose price exceeds your specified threshold. + The parameter accepts an integer, which Amazon EC2 interprets as a percentage. + To turn off price protection, specify a high value, such as ``999999``. + This parameter is not supported for [GetSpotPlacementScores](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetSpotPlacementScores.html) and [GetInstanceTypesFromInstanceRequirements](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetInstanceTypesFromInstanceRequirements.html). + If you set ``TargetCapacityUnitType`` to ``vcpu`` or ``memory-mib``, the price protection threshold is applied based on the per-vCPU or per-memory price instead of the per-instance price. + Default: ``20`` + type: integer + AcceleratorNames: + uniqueItems: false + description: |- + The accelerators that must be on the instance type. + + For instance types with NVIDIA A10G GPUs, specify ``a10g``. + + For instance types with NVIDIA A100 GPUs, specify ``a100``. + + For instance types with NVIDIA H100 GPUs, specify ``h100``. + + For instance types with AWS Inferentia chips, specify ``inferentia``. + + For instance types with NVIDIA GRID K520 GPUs, specify ``k520``. + + For instance types with NVIDIA K80 GPUs, specify ``k80``. + + For instance types with NVIDIA M60 GPUs, specify ``m60``. + + For instance types with AMD Radeon Pro V520 GPUs, specify ``radeon-pro-v520``. + + For instance types with NVIDIA T4 GPUs, specify ``t4``. + + For instance types with NVIDIA T4G GPUs, specify ``t4g``. + + For instance types with Xilinx VU9P FPGAs, specify ``vu9p``. + + For instance types with NVIDIA V100 GPUs, specify ``v100``. + + Default: Any accelerator + type: array + items: + type: string + AcceleratorTotalMemoryMiB: + description: |- + The minimum and maximum amount of total accelerator memory, in MiB. + Default: No minimum or maximum limits + $ref: '#/components/schemas/AcceleratorTotalMemoryMiB' + BurstablePerformance: + description: |- + Indicates whether burstable performance T instance types are included, excluded, or required. For more information, see [Burstable performance instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html). + + To include burstable performance instance types, specify ``included``. + + To require only burstable performance instance types, specify ``required``. + + To exclude burstable performance instance types, specify ``excluded``. + + Default: ``excluded`` + type: string + MemoryMiB: + description: The minimum and maximum amount of memory, in MiB. + $ref: '#/components/schemas/MemoryMiB' + TotalLocalStorageGB: + description: |- + The minimum and maximum amount of total local storage, in GB. + Default: No minimum or maximum limits + $ref: '#/components/schemas/TotalLocalStorageGB' + AcceleratorTotalMemoryMiB: + description: The minimum and maximum amount of total accelerator memory, in MiB. + additionalProperties: false type: object properties: - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A unique, case-sensitive key supplied by the client to ensure that the request is idempotent. For more information, see Ensuring Idempotency.' - createDate: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time the listing was created. - instanceCounts: - allOf: - - $ref: '#/components/schemas/InstanceCountList' - - description: The number of instances in this state. - priceSchedules: - allOf: - - $ref: '#/components/schemas/PriceScheduleList' - - description: The price of the Reserved Instance listing. - reservedInstancesId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Reserved Instance. - reservedInstancesListingId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Reserved Instance listing. - status: - allOf: - - $ref: '#/components/schemas/ListingStatus' - - description: The status of the Reserved Instance listing. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: The reason for the current status of the Reserved Instance listing. The response can be blank. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the resource. - updateDate: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The last modified timestamp of the listing. - description: Describes a Reserved Instance listing. - ReservedInstancesModificationResultList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservedInstancesModificationResult' - - xml: - name: item - ReservedIntancesIds: - type: array - items: - allOf: - - $ref: '#/components/schemas/ReservedInstancesId' - - xml: - name: item - ReservedInstancesModification: + Min: + description: The minimum amount of accelerator memory, in MiB. To specify no minimum limit, omit this parameter. + type: integer + Max: + description: The maximum amount of accelerator memory, in MiB. To specify no maximum limit, omit this parameter. + type: integer + CapacityReservationTarget: + description: |- + Specifies a target Capacity Reservation. + ``CapacityReservationTarget`` is a property of the [Amazon EC2 LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html) property type. + additionalProperties: false type: object properties: - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A unique, case-sensitive key supplied by the client to ensure that the request is idempotent. For more information, see Ensuring Idempotency.' - createDate: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time when the modification request was created. - effectiveDate: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time for the modification to become effective. - modificationResultSet: - allOf: - - $ref: '#/components/schemas/ReservedInstancesModificationResultList' - - description: Contains target configurations along with their corresponding new Reserved Instance IDs. - reservedInstancesSet: - allOf: - - $ref: '#/components/schemas/ReservedIntancesIds' - - description: The IDs of one or more Reserved Instances. - reservedInstancesModificationId: - allOf: - - $ref: '#/components/schemas/String' - - description: A unique ID for the Reserved Instance modification. - status: - allOf: - - $ref: '#/components/schemas/String' - - description: The status of the Reserved Instances modification request. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: The reason for the status. - updateDate: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time when the modification request was last updated. - description: Describes a Reserved Instance modification. - ReservedInstancesModificationResult: + CapacityReservationResourceGroupArn: + description: The ARN of the Capacity Reservation resource group in which to run the instance. + type: string + CapacityReservationId: + description: The ID of the Capacity Reservation in which to run the instance. + type: string + CapacityReservationSpecification: + description: |- + Specifies an instance's Capacity Reservation targeting option. You can specify only one option at a time. + ``CapacityReservationSpecification`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + additionalProperties: false + type: object + properties: + CapacityReservationPreference: + description: |- + Indicates the instance's Capacity Reservation preferences. Possible preferences include: + + ``open`` - The instance can run in any ``open`` Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). + + ``none`` - The instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity. + type: string + CapacityReservationTarget: + description: Information about the target Capacity Reservation or Capacity Reservation group. + $ref: '#/components/schemas/CapacityReservationTarget' + CreditSpecification: + description: |- + Specifies the credit option for CPU usage of a T2, T3, or T3a instance. + ``CreditSpecification`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + additionalProperties: false type: object properties: - reservedInstancesId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID for the Reserved Instances that were created as part of the modification request. This field is only available when the modification is fulfilled. - targetConfiguration: - allOf: - - $ref: '#/components/schemas/ReservedInstancesConfiguration' - - description: The target Reserved Instances configurations supplied as part of the modification request. - description: Describes the modification request/s. - ReservedInstancesOffering: + CpuCredits: + description: |- + The credit option for CPU usage of a T instance. + Valid values: ``standard`` | ``unlimited`` + type: string + TotalLocalStorageGB: + description: The minimum and maximum amount of total local storage, in GB. + additionalProperties: false type: object properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone in which the Reserved Instance can be used. - duration: - allOf: - - $ref: '#/components/schemas/Long' - - description: 'The duration of the Reserved Instance, in seconds.' - fixedPrice: - allOf: - - $ref: '#/components/schemas/Float' - - description: The purchase price of the Reserved Instance. - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: The instance type on which the Reserved Instance can be used. - productDescription: - allOf: - - $ref: '#/components/schemas/RIProductDescription' - - description: The Reserved Instance product platform description. - reservedInstancesOfferingId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Reserved Instance offering. This is the offering ID used in GetReservedInstancesExchangeQuote to confirm that an exchange can be made. - usagePrice: - allOf: - - $ref: '#/components/schemas/Float' - - description: 'The usage price of the Reserved Instance, per hour.' - currencyCode: - allOf: - - $ref: '#/components/schemas/CurrencyCodeValues' - - description: 'The currency of the Reserved Instance offering you are purchasing. It''s specified using ISO 4217 standard currency codes. At this time, the only supported currency is USD.' - instanceTenancy: - allOf: - - $ref: '#/components/schemas/Tenancy' - - description: The tenancy of the instance. - marketplace: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Indicates whether the offering is available through the Reserved Instance Marketplace (resale) or Amazon Web Services. If it''s a Reserved Instance Marketplace offering, this is true.' - offeringClass: - allOf: - - $ref: '#/components/schemas/OfferingClassType' - - description: 'If convertible it can be exchanged for Reserved Instances of the same or higher monetary value, with different configurations. If standard, it is not possible to perform an exchange.' - offeringType: - allOf: - - $ref: '#/components/schemas/OfferingTypeValues' - - description: The Reserved Instance offering type. - pricingDetailsSet: - allOf: - - $ref: '#/components/schemas/PricingDetailsList' - - description: The pricing details of the Reserved Instance offering. - recurringCharges: - allOf: - - $ref: '#/components/schemas/RecurringChargesList' - - description: The recurring charge tag assigned to the resource. - scope: - allOf: - - $ref: '#/components/schemas/scope' - - description: Whether the Reserved Instance is applied to instances in a Region or an Availability Zone. - description: Describes a Reserved Instance offering. - ResetAddressAttributeRequest: + Min: + description: The minimum amount of total local storage, in GB. To specify no minimum limit, omit this parameter. + type: number + Max: + description: The maximum amount of total local storage, in GB. To specify no maximum limit, omit this parameter. + type: number + ConnectionTrackingSpecification: type: object - required: - - AllocationId - - Attribute - title: ResetAddressAttributeRequest + additionalProperties: false properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ResetEbsDefaultKmsKeyIdRequest: + TcpEstablishedTimeout: + type: integer + UdpStreamTimeout: + type: integer + UdpTimeout: + type: integer + LaunchTemplate: type: object - title: ResetEbsDefaultKmsKeyIdRequest properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ResetFpgaImageAttributeName: - type: string - enum: - - loadPermission - ResetFpgaImageAttributeRequest: - type: object + LaunchTemplateName: + description: A name for the launch template. + type: string + LaunchTemplateData: + description: The information for the launch template. + $ref: '#/components/schemas/LaunchTemplateData' + VersionDescription: + description: A description for the first version of the launch template. + type: string + TagSpecifications: + uniqueItems: false + description: |- + The tags to apply to the launch template on creation. To tag the launch template, the resource type must be ``launch-template``. + To specify the tags for the resources that are created when an instance is launched, you must use [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications). + type: array + items: + $ref: '#/components/schemas/LaunchTemplateTagSpecification' + LatestVersionNumber: + description: '' + type: string + LaunchTemplateId: + description: '' + type: string + DefaultVersionNumber: + description: '' + type: string required: - - FpgaImageId - title: ResetFpgaImageAttributeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/ResetFpgaImageAttributeName' - - description: The attribute. - ResetImageAttributeName: - type: string - enum: - - launchPermission - ResetImageAttributeRequest: + - LaunchTemplateData + x-stackql-resource-name: launch_template + description: |- + Specifies the properties for creating a launch template. + The minimum required properties for specifying a launch template are as follows: + + You must specify at least one property for the launch template data. + + You do not need to specify a name for the launch template. If you do not specify a name, CFN creates the name for you. + + A launch template can contain some or all of the configuration information to launch an instance. When you launch an instance using a launch template, instance properties that are not specified in the launch template use default values, except the ``ImageId`` property, which has no default value. If you do not specify an AMI ID for the launch template ``ImageId`` property, you must specify an AMI ID for the instance ``ImageId`` property. + For more information, see [Launch an instance from a launch template](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html) in the *Amazon EC2 User Guide*. + x-type-name: AWS::EC2::LaunchTemplate + x-stackql-primary-identifier: + - LaunchTemplateId + x-create-only-properties: + - LaunchTemplateName + x-write-only-properties: + - LaunchTemplateData + - VersionDescription + - TagSpecifications + x-read-only-properties: + - DefaultVersionNumber + - LaunchTemplateId + - LatestVersionNumber + x-required-properties: + - LaunchTemplateData + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + read: + - ec2:DescribeLaunchTemplates + create: + - ec2:CreateLaunchTemplate + - ec2:CreateTags + update: + - ec2:CreateLaunchTemplateVersion + list: + - ec2:DescribeLaunchTemplates + delete: + - ec2:DeleteLaunchTemplate + - ec2:DeleteTags + - ec2:DescribeLaunchTemplates + LocalGatewayRoute: type: object - required: - - Attribute - - ImageId - title: ResetImageAttributeRequest properties: - undefined: - allOf: - - $ref: '#/components/schemas/ImageId' - - description: The ID of the AMI. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - description: Contains the parameters for ResetImageAttribute. - ResetInstanceAttributeRequest: + DestinationCidrBlock: + description: The CIDR block used for destination matches. + type: string + LocalGatewayRouteTableId: + description: The ID of the local gateway route table. + type: string + LocalGatewayVirtualInterfaceGroupId: + description: The ID of the virtual interface group. + type: string + NetworkInterfaceId: + description: The ID of the network interface. + type: string + State: + description: The state of the route. + type: string + Type: + description: The route type. + type: string + x-stackql-resource-name: local_gateway_route + description: Describes a route for a local gateway route table. + x-type-name: AWS::EC2::LocalGatewayRoute + x-stackql-primary-identifier: + - DestinationCidrBlock + - LocalGatewayRouteTableId + x-create-only-properties: + - DestinationCidrBlock + - LocalGatewayRouteTableId + x-read-only-properties: + - State + - Type + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:CreateLocalGatewayRoute + - ec2:SearchLocalGatewayRoutes + read: + - ec2:SearchLocalGatewayRoutes + delete: + - ec2:DeleteLocalGatewayRoute + - ec2:SearchLocalGatewayRoutes + list: + - ec2:DescribeLocalGatewayRouteTables + - ec2:SearchLocalGatewayRoutes + update: + - ec2:ModifyLocalGatewayRoute + - ec2:SearchLocalGatewayRoutes + LocalGatewayRouteTable: type: object - required: - - Attribute - - InstanceId - title: ResetInstanceAttributeRequest properties: - attribute: - allOf: - - $ref: '#/components/schemas/InstanceAttributeName' - - description: '

The attribute to reset.

You can only reset the following attributes: kernel | ramdisk | sourceDestCheck.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - instanceId: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: The ID of the instance. - ResetNetworkInterfaceAttributeRequest: + LocalGatewayRouteTableId: + description: The ID of the local gateway route table. + type: string + LocalGatewayRouteTableArn: + description: The ARN of the local gateway route table. + type: string + LocalGatewayId: + description: The ID of the local gateway. + type: string + OutpostArn: + description: The ARN of the outpost. + type: string + OwnerId: + description: The owner of the local gateway route table. + type: string + State: + description: The state of the local gateway route table. + type: string + Mode: + description: The mode of the local gateway route table. + type: string + Tags: + description: The tags for the local gateway route table. + $ref: '#/components/schemas/Tags' + required: + - LocalGatewayId + x-stackql-resource-name: local_gateway_route_table + description: Describes a route table for a local gateway. + x-type-name: AWS::EC2::LocalGatewayRouteTable + x-stackql-primary-identifier: + - LocalGatewayRouteTableId + x-create-only-properties: + - LocalGatewayId + - Mode + x-read-only-properties: + - LocalGatewayRouteTableId + - LocalGatewayRouteTableArn + - OutpostArn + - OwnerId + - State + x-required-properties: + - LocalGatewayId + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:CreateLocalGatewayRouteTable + - ec2:DescribeLocalGatewayRouteTables + - ec2:CreateTags + read: + - ec2:DescribeLocalGatewayRouteTables + update: + - ec2:DescribeLocalGatewayRouteTables + - ec2:CreateTags + - ec2:DeleteTags + delete: + - ec2:DeleteLocalGatewayRouteTable + - ec2:DescribeLocalGatewayRouteTables + - ec2:DeleteTags + list: + - ec2:DescribeLocalGatewayRouteTables + LocalGatewayRouteTableVirtualInterfaceGroupAssociation: type: object - required: - - NetworkInterfaceId - title: ResetNetworkInterfaceAttributeRequest properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - description: The ID of the network interface. - sourceDestCheck: - allOf: - - $ref: '#/components/schemas/String' - - description: The source/destination checking attribute. Resets the value to true. - description: Contains the parameters for ResetNetworkInterfaceAttribute. - ResetSnapshotAttributeRequest: - type: object + LocalGatewayRouteTableVirtualInterfaceGroupAssociationId: + description: The ID of the local gateway route table virtual interface group association. + type: string + LocalGatewayId: + description: The ID of the local gateway. + type: string + LocalGatewayRouteTableId: + description: The ID of the local gateway route table. + type: string + LocalGatewayRouteTableArn: + description: The ARN of the local gateway route table. + type: string + LocalGatewayVirtualInterfaceGroupId: + description: The ID of the local gateway route table virtual interface group. + type: string + OwnerId: + description: The owner of the local gateway route table virtual interface group association. + type: string + State: + description: The state of the local gateway route table virtual interface group association. + type: string + Tags: + description: The tags for the local gateway route table virtual interface group association. + $ref: '#/components/schemas/Tags' required: - - Attribute - - SnapshotId - title: ResetSnapshotAttributeRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/SnapshotId' - - description: The ID of the snapshot. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ResourceList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - RestoreAddressToClassicRequest: + - LocalGatewayRouteTableId + - LocalGatewayVirtualInterfaceGroupId + x-stackql-resource-name: local_gateway_route_table_virtual_interface_group_association + description: Describes a local gateway route table virtual interface group association for a local gateway. + x-type-name: AWS::EC2::LocalGatewayRouteTableVirtualInterfaceGroupAssociation + x-stackql-primary-identifier: + - LocalGatewayRouteTableVirtualInterfaceGroupAssociationId + x-create-only-properties: + - LocalGatewayRouteTableId + - LocalGatewayVirtualInterfaceGroupId + x-read-only-properties: + - LocalGatewayRouteTableVirtualInterfaceGroupAssociationId + - LocalGatewayId + - LocalGatewayRouteTableArn + - OwnerId + - State + x-required-properties: + - LocalGatewayRouteTableId + - LocalGatewayVirtualInterfaceGroupId + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation + - ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations + - ec2:CreateTags + read: + - ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations + update: + - ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations + - ec2:CreateTags + - ec2:DeleteTags + delete: + - ec2:DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociation + - ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations + - ec2:DeleteTags + list: + - ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations + LocalGatewayRouteTableVPCAssociation: type: object - required: - - PublicIp - title: RestoreAddressToClassicRequest properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - publicIp: - allOf: - - $ref: '#/components/schemas/String' - - description: The Elastic IP address. - RestoreImageFromRecycleBinRequest: - type: object + LocalGatewayId: + description: The ID of the local gateway. + type: string + LocalGatewayRouteTableId: + description: The ID of the local gateway route table. + type: string + LocalGatewayRouteTableVpcAssociationId: + description: The ID of the association. + type: string + State: + description: The state of the association. + type: string + VpcId: + description: The ID of the VPC. + type: string + Tags: + description: The tags for the association. + $ref: '#/components/schemas/Tags' required: - - ImageId - title: RestoreImageFromRecycleBinRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - RestoreManagedPrefixListVersionRequest: + - LocalGatewayRouteTableId + - VpcId + x-stackql-resource-name: local_gateway_route_tablevpc_association + description: Describes an association between a local gateway route table and a VPC. + x-type-name: AWS::EC2::LocalGatewayRouteTableVPCAssociation + x-stackql-primary-identifier: + - LocalGatewayRouteTableVpcAssociationId + x-create-only-properties: + - LocalGatewayRouteTableId + - VpcId + x-read-only-properties: + - LocalGatewayId + - LocalGatewayRouteTableVpcAssociationId + - State + x-required-properties: + - LocalGatewayRouteTableId + - VpcId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:CreateLocalGatewayRouteTableVpcAssociation + - ec2:DescribeLocalGatewayRouteTableVpcAssociations + - ec2:CreateTags + read: + - ec2:DescribeLocalGatewayRouteTableVpcAssociations + update: + - ec2:DescribeLocalGatewayRouteTableVpcAssociations + - ec2:CreateTags + - ec2:DeleteTags + delete: + - ec2:DeleteLocalGatewayRouteTableVpcAssociation + - ec2:DescribeLocalGatewayRouteTableVpcAssociations + - ec2:DeleteTags + list: + - ec2:DescribeLocalGatewayRouteTableVpcAssociations + NatGateway: type: object - required: - - PrefixListId - - PreviousVersion - - CurrentVersion - title: RestoreManagedPrefixListVersionRequest properties: - undefined: - allOf: - - $ref: '#/components/schemas/Long' - - description: The current version number for the prefix list. - RestoreSnapshotFromRecycleBinRequest: - type: object + SecondaryAllocationIds: + uniqueItems: true + description: Secondary EIP allocation IDs. For more information, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon VPC User Guide*. + x-insertionOrder: true + type: array + items: + type: string + PrivateIpAddress: + description: The private IPv4 address to assign to the NAT gateway. If you don't provide an address, a private IPv4 address will be automatically assigned. + type: string + ConnectivityType: + description: Indicates whether the NAT gateway supports public or private connectivity. The default is public connectivity. + type: string + SecondaryPrivateIpAddresses: + uniqueItems: true + description: |- + Secondary private IPv4 addresses. For more information about secondary addresses, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon Virtual Private Cloud User Guide*. + ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. + x-insertionOrder: true + type: array + items: + type: string + SecondaryPrivateIpAddressCount: + description: |- + [Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway. For more information about secondary addresses, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon Virtual Private Cloud User Guide*. + ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. + type: integer + minimum: 1 + AllocationId: + description: '[Public NAT gateway only] The allocation ID of the Elastic IP address that''s associated with the NAT gateway. This property is required for a public NAT gateway and cannot be specified with a private NAT gateway.' + type: string + SubnetId: + description: The ID of the subnet in which the NAT gateway is located. + type: string + NatGatewayId: + description: '' + type: string + Tags: + uniqueItems: false + description: The tags for the NAT gateway. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + MaxDrainDurationSeconds: + description: The maximum amount of time to wait (in seconds) before forcibly releasing the IP addresses if connections are still in progress. Default value is 350 seconds. + type: integer required: - - SnapshotId - title: RestoreSnapshotFromRecycleBinRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - SnapshotState: - type: string - enum: - - pending - - completed - - error - - recoverable - - recovering - RestoreSnapshotTierRequest: + - SubnetId + x-stackql-resource-name: nat_gateway + description: |- + Specifies a network address translation (NAT) gateway in the specified subnet. You can create either a public NAT gateway or a private NAT gateway. The default is a public NAT gateway. If you create a public NAT gateway, you must specify an elastic IP address. + With a NAT gateway, instances in a private subnet can connect to the internet, other AWS services, or an on-premises network using the IP address of the NAT gateway. For more information, see [NAT gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) in the *Amazon VPC User Guide*. + If you add a default route (``AWS::EC2::Route`` resource) that points to a NAT gateway, specify the NAT gateway ID for the route's ``NatGatewayId`` property. + When you associate an Elastic IP address or secondary Elastic IP address with a public NAT gateway, the network border group of the Elastic IP address must match the network border group of the Availability Zone (AZ) that the public NAT gateway is in. Otherwise, the NAT gateway fails to launch. You can see the network border group for the AZ by viewing the details of the subnet. Similarly, you can view the network border group for the Elastic IP address by viewing its details. For more information, see [Allocate an Elastic IP address](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#allocate-eip) in the *Amazon VPC User Guide*. + x-type-name: AWS::EC2::NatGateway + x-stackql-primary-identifier: + - NatGatewayId + x-create-only-properties: + - SubnetId + - ConnectivityType + - AllocationId + - PrivateIpAddress + x-write-only-properties: + - MaxDrainDurationSeconds + x-read-only-properties: + - NatGatewayId + x-required-properties: + - SubnetId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + x-required-permissions: + read: + - ec2:DescribeNatGateways + create: + - ec2:CreateNatGateway + - ec2:DescribeNatGateways + - ec2:CreateTags + update: + - ec2:DescribeNatGateways + - ec2:CreateTags + - ec2:DeleteTags + - ec2:AssociateNatGatewayAddress + - ec2:DisassociateNatGatewayAddress + - ec2:AssignPrivateNatGatewayAddress + - ec2:UnassignPrivateNatGatewayAddress + list: + - ec2:DescribeNatGateways + delete: + - ec2:DeleteNatGateway + - ec2:DescribeNatGateways + NetworkAcl: type: object - required: - - SnapshotId - title: RestoreSnapshotTierRequest properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - RestoreSnapshotTierRequestTemporaryRestoreDays: - type: integer - ResultRange: - type: integer - minimum: 20 - maximum: 500 - RevokeClientVpnIngressRequest: - type: object + Id: + type: string + description: '' + Tags: + description: The tags for the network ACL. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + VpcId: + description: The ID of the VPC for the network ACL. + type: string required: - - ClientVpnEndpointId - - TargetNetworkCidr - title: RevokeClientVpnIngressRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - SecurityGroupRuleIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: item - RevokeSecurityGroupEgressRequest: + - VpcId + x-stackql-resource-name: network_acl + description: Specifies a network ACL for your VPC. + x-type-name: AWS::EC2::NetworkAcl + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - VpcId + x-read-only-properties: + - Id + x-required-properties: + - VpcId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateNetworkAcl + - ec2:DescribeNetworkAcls + - ec2:CreateTags + read: + - ec2:DescribeNetworkAcls + - ec2:DescribeTags + update: + - ec2:DescribeNetworkAcls + - ec2:DeleteTags + - ec2:CreateTags + delete: + - ec2:DeleteTags + - ec2:DeleteNetworkAcl + - ec2:DescribeNetworkAcls + list: + - ec2:DescribeNetworkAcls + AccessScopePathRequest: type: object - required: - - GroupId - title: RevokeSecurityGroupEgressRequest - properties: - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - groupId: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - description: The ID of the security group. - ipPermissions: - allOf: - - $ref: '#/components/schemas/IpPermissionList' - - description: The sets of IP permissions. You can't specify a destination security group and a CIDR IP address range in the same set of permissions. - SecurityGroupRuleId: - allOf: - - $ref: '#/components/schemas/SecurityGroupRuleIdList' - - description: The IDs of the security group rules. - cidrIp: - allOf: - - $ref: '#/components/schemas/String' - - description: Not supported. Use a set of IP permissions to specify the CIDR. - fromPort: - allOf: - - $ref: '#/components/schemas/Integer' - - description: Not supported. Use a set of IP permissions to specify the port. - ipProtocol: - allOf: - - $ref: '#/components/schemas/String' - - description: Not supported. Use a set of IP permissions to specify the protocol name or number. - toPort: - allOf: - - $ref: '#/components/schemas/Integer' - - description: Not supported. Use a set of IP permissions to specify the port. - sourceSecurityGroupName: - allOf: - - $ref: '#/components/schemas/String' - - description: Not supported. Use a set of IP permissions to specify a destination security group. - sourceSecurityGroupOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: Not supported. Use a set of IP permissions to specify a destination security group. - RevokeSecurityGroupIngressRequest: + additionalProperties: false + properties: + Source: + $ref: '#/components/schemas/PathStatementRequest' + Destination: + $ref: '#/components/schemas/PathStatementRequest' + ThroughResources: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/ThroughResourcesStatementRequest' + PathStatementRequest: type: object - title: RevokeSecurityGroupIngressRequest + additionalProperties: false properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all ICMP codes for the ICMP type.' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - SecurityGroupRuleId: - allOf: - - $ref: '#/components/schemas/SecurityGroupRuleIdList' - - description: The IDs of the security group rules. - RootDeviceType: - type: string - enum: - - ebs - - instance-store - RouteOrigin: - type: string - enum: - - CreateRouteTable - - CreateRoute - - EnableVgwRoutePropagation - RouteState: + PacketHeaderStatement: + $ref: '#/components/schemas/PacketHeaderStatementRequest' + ResourceStatement: + $ref: '#/components/schemas/ResourceStatementRequest' + PacketHeaderStatementRequest: + type: object + additionalProperties: false + properties: + SourceAddresses: + type: array + x-insertionOrder: true + items: + type: string + DestinationAddresses: + type: array + x-insertionOrder: true + items: + type: string + SourcePorts: + type: array + x-insertionOrder: true + items: + type: string + DestinationPorts: + type: array + x-insertionOrder: true + items: + type: string + SourcePrefixLists: + type: array + x-insertionOrder: true + items: + type: string + DestinationPrefixLists: + type: array + x-insertionOrder: true + items: + type: string + Protocols: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/Protocol' + Protocol: type: string enum: - - active - - blackhole - Route: + - tcp + - udp + ResourceStatementRequest: type: object + additionalProperties: false properties: - destinationCidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv4 CIDR block used for the destination match. - destinationIpv6CidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 CIDR block used for the destination match. - destinationPrefixListId: - allOf: - - $ref: '#/components/schemas/String' - - description: The prefix of the Amazon Web Service. - egressOnlyInternetGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the egress-only internet gateway. - gatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of a gateway attached to your VPC. - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of a NAT instance in your VPC. - instanceOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of Amazon Web Services account that owns the instance. - natGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of a NAT gateway. - transitGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of a transit gateway. - localGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the local gateway. - carrierGatewayId: - allOf: - - $ref: '#/components/schemas/CarrierGatewayId' - - description: The ID of the carrier gateway. - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the network interface. - origin: - allOf: - - $ref: '#/components/schemas/RouteOrigin' - - description:

Describes how the route was created.

- state: - allOf: - - $ref: '#/components/schemas/RouteState' - - description: 'The state of the route. The blackhole state indicates that the route''s target isn''t available (for example, the specified gateway isn''t attached to the VPC, or the specified NAT instance has been terminated).' - vpcPeeringConnectionId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of a VPC peering connection. - coreNetworkArn: - allOf: - - $ref: '#/components/schemas/CoreNetworkArn' - - description: The Amazon Resource Name (ARN) of the core network. - description: Describes a route in a route table. - RouteList: - type: array - items: - allOf: - - $ref: '#/components/schemas/Route' - - xml: - name: item - RouteTableAssociationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/RouteTableAssociation' - - xml: - name: item - RouteTableAssociation: + Resources: + type: array + x-insertionOrder: true + items: + type: string + ResourceTypes: + type: array + x-insertionOrder: true + items: + type: string + ThroughResourcesStatementRequest: type: object + additionalProperties: false properties: - main: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether this is the main route table. - routeTableAssociationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the association. - routeTableId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the route table. - subnetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the subnet. A subnet ID is not returned for an implicit association. - gatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the internet gateway or virtual private gateway. - associationState: - allOf: - - $ref: '#/components/schemas/RouteTableAssociationState' - - description: The state of the association. - description: Describes an association between a route table and a subnet or gateway. - RouteTableAssociationStateCode: - type: string - enum: - - associating - - associated - - disassociating - - disassociated - - failed - RouteTableIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/RouteTableId' - - xml: - name: item - RunInstancesUserData: - type: string - format: password - RunInstancesRequest: + ResourceStatement: + $ref: '#/components/schemas/ResourceStatementRequest' + NetworkInsightsAccessScope: type: object - required: - - MaxCount - - MinCount - title: RunInstancesRequest properties: - BlockDeviceMapping: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

[EC2-VPC] The number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. You cannot specify this option and the option to assign specific IPv6 addresses in the same request. You can specify this option if you''ve specified a minimum number of instances to launch.

You cannot specify this option and the network interfaces option in the same request.

' - Ipv6Address: - allOf: - - $ref: '#/components/schemas/RamdiskId' - - description: '

The ID of the RAM disk to select. Some kernels require additional drivers at launch. Check the kernel requirements for information about whether you need to specify a RAM disk. To find kernel requirements, go to the Amazon Web Services Resource Center and search for the kernel ID.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB in the Amazon EC2 User Guide.

' - SecurityGroupId: - allOf: - - $ref: '#/components/schemas/SecurityGroupIdStringList' - - description: '

The IDs of the security groups. You can create a security group using CreateSecurityGroup.

If you specify a network interface, you must specify any security groups as part of the network interface.

' - SecurityGroup: - allOf: - - $ref: '#/components/schemas/RunInstancesUserData' - - description: 'The user data script to make available to the instance. For more information, see Run commands on your Linux instance at launch and Run commands on your Windows instance at launch. If you are using a command line tool, base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide base64-encoded text. User data is limited to 16 KB.' - additionalInfo: - allOf: - - $ref: '#/components/schemas/String' - - description: Reserved. - clientToken: - allOf: - - $ref: '#/components/schemas/String' - - description: '

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.

For more information, see Ensuring Idempotency.

Constraints: Maximum 64 ASCII characters

' - disableApiTermination: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

If you set this parameter to true, you can''t terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use ModifyInstanceAttribute. Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, you can terminate the instance by running the shutdown command from the instance.

Default: false

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ebsOptimized: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn''t available with all instance types. Additional usage charges apply when using an EBS-optimized instance.

Default: false

' - iamInstanceProfile: - allOf: - - $ref: '#/components/schemas/IamInstanceProfileSpecification' - - description: The name or Amazon Resource Name (ARN) of an IAM instance profile. - instanceInitiatedShutdownBehavior: - allOf: - - $ref: '#/components/schemas/ShutdownBehavior' - - description: '

Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown).

Default: stop

' - networkInterface: - allOf: - - $ref: '#/components/schemas/InstanceNetworkInterfaceSpecificationList' - - description: 'The network interfaces to associate with the instance. If you specify a network interface, you must specify any security groups and subnets as part of the network interface.' - privateIpAddress: - allOf: - - $ref: '#/components/schemas/ElasticGpuSpecifications' - - description: 'An elastic GPU to associate with the instance. An Elastic GPU is a GPU resource that you can attach to your Windows instance to accelerate the graphics performance of your applications. For more information, see Amazon EC2 Elastic GPUs in the Amazon EC2 User Guide.' - ElasticInferenceAccelerator: - allOf: - - $ref: '#/components/schemas/ElasticInferenceAccelerators' - - description:

An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads.

You cannot specify accelerators from different generations in the same request.

- TagSpecification: - allOf: - - $ref: '#/components/schemas/HibernationOptionsRequest' - - description: '

Indicates whether an instance is enabled for hibernation. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

You can''t enable hibernation and Amazon Web Services Nitro Enclaves on the same instance.

' - LicenseSpecification: - allOf: - - $ref: '#/components/schemas/InstanceMaintenanceOptionsRequest' - - description: The maintenance and recovery options for the instance. - RunScheduledInstancesRequest: + NetworkInsightsAccessScopeId: + type: string + NetworkInsightsAccessScopeArn: + type: string + CreatedDate: + type: string + UpdatedDate: + type: string + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + MatchPaths: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/AccessScopePathRequest' + ExcludePaths: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/AccessScopePathRequest' + x-stackql-resource-name: network_insights_access_scope + description: Resource schema for AWS::EC2::NetworkInsightsAccessScope + x-type-name: AWS::EC2::NetworkInsightsAccessScope + x-stackql-primary-identifier: + - NetworkInsightsAccessScopeId + x-stackql-additional-identifiers: + - - NetworkInsightsAccessScopeArn + x-create-only-properties: + - MatchPaths + - ExcludePaths + x-write-only-properties: + - MatchPaths + - ExcludePaths + x-read-only-properties: + - NetworkInsightsAccessScopeId + - NetworkInsightsAccessScopeArn + - CreatedDate + - UpdatedDate + x-required-permissions: + create: + - ec2:CreateNetworkInsightsAccessScope + - ec2:CreateTags + - tiros:CreateQuery + read: + - ec2:DescribeNetworkInsightsAccessScopes + - ec2:GetNetworkInsightsAccessScopeContent + update: + - ec2:DescribeNetworkInsightsAccessScopes + - ec2:GetNetworkInsightsAccessScopeContent + - ec2:CreateTags + - ec2:DeleteTags + delete: + - ec2:DeleteNetworkInsightsAccessScope + - ec2:DeleteTags + list: + - ec2:DescribeNetworkInsightsAccessScopes + NetworkInsightsAccessScopeAnalysis: type: object + properties: + NetworkInsightsAccessScopeAnalysisId: + type: string + NetworkInsightsAccessScopeAnalysisArn: + type: string + NetworkInsightsAccessScopeId: + type: string + Status: + type: string + enum: + - running + - failed + - succeeded + StatusMessage: + type: string + StartDate: + type: string + EndDate: + type: string + FindingsFound: + type: string + enum: + - 'true' + - 'false' + - unknown + AnalyzedEniCount: + type: integer + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' required: - - LaunchSpecification - - ScheduledInstanceId - title: RunScheduledInstancesRequest + - NetworkInsightsAccessScopeId + x-stackql-resource-name: network_insights_access_scope_analysis + description: Resource schema for AWS::EC2::NetworkInsightsAccessScopeAnalysis + x-type-name: AWS::EC2::NetworkInsightsAccessScopeAnalysis + x-stackql-primary-identifier: + - NetworkInsightsAccessScopeAnalysisId + x-stackql-additional-identifiers: + - - NetworkInsightsAccessScopeAnalysisArn + x-create-only-properties: + - NetworkInsightsAccessScopeId + x-read-only-properties: + - NetworkInsightsAccessScopeAnalysisId + - NetworkInsightsAccessScopeAnalysisArn + - Status + - StatusMessage + - StartDate + - EndDate + - FindingsFound + - AnalyzedEniCount + x-required-properties: + - NetworkInsightsAccessScopeId + x-required-permissions: + create: + - ec2:CreateTags + - ec2:StartNetworkInsightsAccessScopeAnalysis + - ec2:GetTransitGatewayRouteTablePropagations + - ec2:Describe* + - elasticloadbalancing:Describe* + - directconnect:Describe* + - tiros:CreateQuery + - tiros:GetQueryAnswer + - tiros:GetQueryExplanation + read: + - ec2:DescribeNetworkInsightsAccessScopeAnalyses + update: + - ec2:DescribeNetworkInsightsAccessScopeAnalyses + - ec2:CreateTags + - ec2:DeleteTags + delete: + - ec2:DeleteNetworkInsightsAccessScopeAnalysis + - ec2:DeleteTags + list: + - ec2:DescribeNetworkInsightsAccessScopeAnalyses + PathComponent: + additionalProperties: false + type: object properties: - undefined: - allOf: - - $ref: '#/components/schemas/ScheduledInstanceId' - - description: The Scheduled Instance ID. - description: Contains the parameters for RunScheduledInstances. - S3ObjectTagList: - type: array - items: - allOf: - - $ref: '#/components/schemas/S3ObjectTag' - - xml: - name: item - ScheduledInstanceRecurrence: + AdditionalDetails: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/AdditionalDetail' + InboundHeader: + $ref: '#/components/schemas/AnalysisPacketHeader' + Vpc: + $ref: '#/components/schemas/AnalysisComponent' + DestinationVpc: + $ref: '#/components/schemas/AnalysisComponent' + SecurityGroupRule: + $ref: '#/components/schemas/AnalysisSecurityGroupRule' + TransitGateway: + $ref: '#/components/schemas/AnalysisComponent' + ElasticLoadBalancerListener: + $ref: '#/components/schemas/AnalysisComponent' + Explanations: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/Explanation' + ServiceName: + type: string + SequenceNumber: + type: integer + SourceVpc: + $ref: '#/components/schemas/AnalysisComponent' + OutboundHeader: + $ref: '#/components/schemas/AnalysisPacketHeader' + AclRule: + $ref: '#/components/schemas/AnalysisAclRule' + TransitGatewayRouteTableRoute: + $ref: '#/components/schemas/TransitGatewayRouteTableRoute' + Component: + $ref: '#/components/schemas/AnalysisComponent' + Subnet: + $ref: '#/components/schemas/AnalysisComponent' + RouteTableRoute: + $ref: '#/components/schemas/AnalysisRouteTableRoute' + AnalysisLoadBalancerListener: + additionalProperties: false type: object properties: - frequency: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The frequency (Daily, Weekly, or Monthly).' - interval: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The interval quantity. The interval unit depends on the value of frequency. For example, every 2 weeks or every 2 months.' - occurrenceDaySet: - allOf: - - $ref: '#/components/schemas/OccurrenceDaySet' - - description: 'The days. For a monthly schedule, this is one or more days of the month (1-31). For a weekly schedule, this is one or more days of the week (1-7, where 1 is Sunday).' - occurrenceRelativeToEnd: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the occurrence is relative to the end of the specified week or month. - occurrenceUnit: - allOf: - - $ref: '#/components/schemas/String' - - description: The unit for occurrenceDaySet (DayOfWeek or DayOfMonth). - description: Describes the recurring schedule for a Scheduled Instance. - ScheduledInstanceAvailability: + InstancePort: + $ref: '#/components/schemas/Port' + LoadBalancerPort: + $ref: '#/components/schemas/Port' + AnalysisLoadBalancerTarget: + additionalProperties: false type: object properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone. - availableInstanceCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of available instances. - firstSlotStartTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The time period for the first schedule to start. - hourlyPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The hourly price for a single instance. - instanceType: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The instance type. You can specify one of the C3, C4, M4, or R3 instance types.' - maxTermDurationInDays: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The maximum term. The only possible value is 365 days. - minTermDurationInDays: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The minimum term. The only possible value is 365 days. - networkPlatform: - allOf: - - $ref: '#/components/schemas/String' - - description: The network platform (EC2-Classic or EC2-VPC). - platform: - allOf: - - $ref: '#/components/schemas/String' - - description: The platform (Linux/UNIX or Windows). - purchaseToken: - allOf: - - $ref: '#/components/schemas/String' - - description: The purchase token. This token expires in two hours. - recurrence: - allOf: - - $ref: '#/components/schemas/ScheduledInstanceRecurrence' - - description: The schedule recurrence. - slotDurationInHours: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of hours in the schedule. - totalScheduledInstanceHours: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The total number of hours for a single instance for the entire term. - description: Describes a schedule that is available for your Scheduled Instances. - ScheduledInstanceIdRequestSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ScheduledInstanceId' - - xml: - name: ScheduledInstanceId - ScheduledInstancesBlockDeviceMapping: + Address: + $ref: '#/components/schemas/IpAddress' + Instance: + $ref: '#/components/schemas/AnalysisComponent' + Port: + $ref: '#/components/schemas/Port' + AvailabilityZone: + type: string + Explanation: + additionalProperties: false type: object properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The virtual device name (ephemeralN). Instance store volumes are numbered starting from 0. An instance type with two available instance store volumes can specify mappings for ephemeral0 and ephemeral1. The number of available instance store volumes depends on the instance type. After you connect to the instance, you must mount the volume.

Constraints: For M3 instances, you must specify instance store volumes in the block device mapping for the instance. When you launch an M3 instance, we ignore any instance store volumes specified in the block device mapping for the AMI.

' - description: Describes a block device mapping for a Scheduled Instance. - ScheduledInstancesBlockDeviceMappingSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ScheduledInstancesBlockDeviceMapping' - - xml: - name: BlockDeviceMapping - ScheduledInstancesEbs: + VpnGateway: + $ref: '#/components/schemas/AnalysisComponent' + PacketField: + type: string + TransitGatewayAttachment: + $ref: '#/components/schemas/AnalysisComponent' + Protocols: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/Protocol' + IngressRouteTable: + $ref: '#/components/schemas/AnalysisComponent' + ClassicLoadBalancerListener: + $ref: '#/components/schemas/AnalysisLoadBalancerListener' + VpcPeeringConnection: + $ref: '#/components/schemas/AnalysisComponent' + Address: + $ref: '#/components/schemas/IpAddress' + Port: + $ref: '#/components/schemas/Port' + Addresses: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/IpAddress' + ElasticLoadBalancerListener: + $ref: '#/components/schemas/AnalysisComponent' + TransitGatewayRouteTable: + $ref: '#/components/schemas/AnalysisComponent' + ExplanationCode: + type: string + InternetGateway: + $ref: '#/components/schemas/AnalysisComponent' + SourceVpc: + $ref: '#/components/schemas/AnalysisComponent' + AttachedTo: + $ref: '#/components/schemas/AnalysisComponent' + PrefixList: + $ref: '#/components/schemas/AnalysisComponent' + TransitGatewayRouteTableRoute: + $ref: '#/components/schemas/TransitGatewayRouteTableRoute' + ComponentRegion: + type: string + LoadBalancerTargetGroup: + $ref: '#/components/schemas/AnalysisComponent' + NetworkInterface: + $ref: '#/components/schemas/AnalysisComponent' + CustomerGateway: + $ref: '#/components/schemas/AnalysisComponent' + DestinationVpc: + $ref: '#/components/schemas/AnalysisComponent' + SecurityGroup: + $ref: '#/components/schemas/AnalysisComponent' + TransitGateway: + $ref: '#/components/schemas/AnalysisComponent' + RouteTable: + $ref: '#/components/schemas/AnalysisComponent' + State: + type: string + LoadBalancerListenerPort: + $ref: '#/components/schemas/Port' + vpcEndpoint: + $ref: '#/components/schemas/AnalysisComponent' + Subnet: + $ref: '#/components/schemas/AnalysisComponent' + Cidrs: + uniqueItems: false + x-insertionOrder: true + type: array + items: + type: string + Destination: + $ref: '#/components/schemas/AnalysisComponent' + SecurityGroups: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/AnalysisComponent' + ComponentAccount: + type: string + VpnConnection: + $ref: '#/components/schemas/AnalysisComponent' + Vpc: + $ref: '#/components/schemas/AnalysisComponent' + NatGateway: + $ref: '#/components/schemas/AnalysisComponent' + Direction: + type: string + LoadBalancerTargetPort: + $ref: '#/components/schemas/Port' + LoadBalancerTarget: + $ref: '#/components/schemas/AnalysisLoadBalancerTarget' + LoadBalancerTargetGroups: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/AnalysisComponent' + Component: + $ref: '#/components/schemas/AnalysisComponent' + MissingComponent: + type: string + RouteTableRoute: + $ref: '#/components/schemas/AnalysisRouteTableRoute' + AvailabilityZones: + uniqueItems: false + x-insertionOrder: true + type: array + items: + type: string + PortRanges: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/PortRange' + Acl: + $ref: '#/components/schemas/AnalysisComponent' + SecurityGroupRule: + $ref: '#/components/schemas/AnalysisSecurityGroupRule' + SubnetRouteTable: + $ref: '#/components/schemas/AnalysisComponent' + LoadBalancerArn: + $ref: '#/components/schemas/ResourceArn' + AclRule: + $ref: '#/components/schemas/AnalysisAclRule' + Port: + type: integer + AnalysisPacketHeader: + additionalProperties: false + type: object + properties: + DestinationPortRanges: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/PortRange' + SourcePortRanges: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/PortRange' + DestinationAddresses: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/IpAddress' + Protocol: + $ref: '#/components/schemas/Protocol' + SourceAddresses: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/IpAddress' + AdditionalDetail: + additionalProperties: false type: object properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The volume type. gp2 for General Purpose SSD, io1 or io2 for Provisioned IOPS SSD, Throughput Optimized HDD for st1, Cold HDD for sc1, or standard for Magnetic.

Default: gp2

' - description: Describes an EBS volume for a Scheduled Instance. - ScheduledInstancesIamInstanceProfile: + ServiceName: + type: string + AdditionalDetailType: + type: string + LoadBalancers: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/AnalysisComponent' + Component: + $ref: '#/components/schemas/AnalysisComponent' + AlternatePathHint: + additionalProperties: false type: object properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The name. - description: Describes an IAM instance profile for a Scheduled Instance. - ScheduledInstancesIpv6Address: + ComponentArn: + type: string + ComponentId: + type: string + TransitGatewayRouteTableRoute: + additionalProperties: false type: object properties: - undefined: - allOf: - - $ref: '#/components/schemas/Ipv6Address' - - description: The IPv6 address. - description: Describes an IPv6 address. - ScheduledInstancesIpv6AddressList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ScheduledInstancesIpv6Address' - - xml: - name: Ipv6Address - ScheduledInstancesLaunchSpecification: + PrefixListId: + type: string + ResourceId: + type: string + State: + type: string + ResourceType: + type: string + RouteOrigin: + type: string + DestinationCidr: + type: string + AttachmentId: + type: string + AnalysisSecurityGroupRule: + additionalProperties: false type: object - required: - - ImageId properties: - BlockDeviceMapping: - allOf: - - $ref: '#/components/schemas/ScheduledInstancesMonitoring' - - description: Enable or disable monitoring for the instances. - NetworkInterface: - allOf: - - $ref: '#/components/schemas/RamdiskId' - - description: The ID of the RAM disk. + PortRange: + $ref: '#/components/schemas/PortRange' + Cidr: + type: string + PrefixListId: + type: string SecurityGroupId: - allOf: - - $ref: '#/components/schemas/String' - - description: The base64-encoded MIME user data. - description: '

Describes the launch specification for a Scheduled Instance.

If you are launching the Scheduled Instance in EC2-VPC, you must specify the ID of the subnet. You can specify the subnet using either SubnetId or NetworkInterface.

' - ScheduledInstancesNetworkInterface: + type: string + Protocol: + $ref: '#/components/schemas/Protocol' + Direction: + type: string + AnalysisComponent: + additionalProperties: false type: object properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The index of the device for the network interface attachment. - Group: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of IPv6 addresses to assign to the network interface. The IPv6 addresses are automatically selected from the subnet range. - Ipv6Address: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv4 address of the network interface within the subnet. - PrivateIpAddressConfig: - allOf: - - $ref: '#/components/schemas/SubnetId' - - description: The ID of the subnet. - description: Describes a network interface for a Scheduled Instance. - ScheduledInstancesNetworkInterfaceSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ScheduledInstancesNetworkInterface' - - xml: - name: NetworkInterface - ScheduledInstancesPlacement: + Id: + type: string + Arn: + type: string + AnalysisAclRule: + additionalProperties: false + type: object + properties: + PortRange: + $ref: '#/components/schemas/PortRange' + Cidr: + type: string + RuleAction: + type: string + Egress: + type: boolean + RuleNumber: + type: integer + Protocol: + $ref: '#/components/schemas/Protocol' + AnalysisRouteTableRoute: + additionalProperties: false type: object properties: - undefined: - allOf: - - $ref: '#/components/schemas/PlacementGroupName' - - description: The name of the placement group. - description: Describes the placement for a Scheduled Instance. - ScheduledInstancesSecurityGroupIdSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - xml: - name: SecurityGroupId - SearchLocalGatewayRoutesRequest: + Origin: + type: string + destinationPrefixListId: + type: string + destinationCidr: + type: string + NetworkInterfaceId: + type: string + TransitGatewayId: + type: string + VpcPeeringConnectionId: + type: string + instanceId: + type: string + State: + type: string + egressOnlyInternetGatewayId: + type: string + NatGatewayId: + type: string + gatewayId: + type: string + ResourceArn: + type: string + PortRange: + additionalProperties: false type: object - required: - - LocalGatewayRouteTableId - title: SearchLocalGatewayRoutesRequest properties: - undefined: - allOf: - - $ref: '#/components/schemas/LocalGatewayRoutetableId' - - description: The ID of the local gateway route table. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - SearchTransitGatewayMulticastGroupsRequest: + From: + type: integer + To: + type: integer + IpAddress: + type: string + NetworkInsightsAnalysis: type: object - title: SearchTransitGatewayMulticastGroupsRequest properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastDomainId' - - description: The ID of the transit gateway multicast domain. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayMulticastGroupList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulticastGroup' - - xml: - name: item - SearchTransitGatewayRoutesRequest: - type: object + Status: + type: string + enum: + - running + - failed + - succeeded + ReturnPathComponents: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/PathComponent' + NetworkInsightsAnalysisId: + type: string + NetworkInsightsPathId: + type: string + NetworkPathFound: + type: boolean + SuggestedAccounts: + uniqueItems: true + x-insertionOrder: true + type: array + items: + type: string + FilterInArns: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/ResourceArn' + NetworkInsightsAnalysisArn: + type: string + StatusMessage: + type: string + StartDate: + type: string + AlternatePathHints: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/AlternatePathHint' + Explanations: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/Explanation' + ForwardPathComponents: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/PathComponent' + AdditionalAccounts: + uniqueItems: true + x-insertionOrder: true + type: array + items: + type: string + Tags: + uniqueItems: true + type: array + items: + $ref: '#/components/schemas/Tag' required: - - TransitGatewayRouteTableId - - Filters - title: SearchTransitGatewayRoutesRequest + - NetworkInsightsPathId + x-stackql-resource-name: network_insights_analysis + description: Resource schema for AWS::EC2::NetworkInsightsAnalysis + x-type-name: AWS::EC2::NetworkInsightsAnalysis + x-stackql-primary-identifier: + - NetworkInsightsAnalysisId + x-stackql-additional-identifiers: + - - NetworkInsightsAnalysisArn + x-create-only-properties: + - NetworkInsightsPathId + - FilterInArns + x-read-only-properties: + - NetworkInsightsAnalysisId + - NetworkInsightsAnalysisArn + - StartDate + - Status + - StatusMessage + - NetworkPathFound + - ForwardPathComponents + - ReturnPathComponents + - Explanations + - AlternatePathHints + - SuggestedAccounts + x-required-properties: + - NetworkInsightsPathId + x-required-permissions: + read: + - ec2:Describe* + create: + - ec2:CreateTags + - ec2:StartNetworkInsightsAnalysis + - ec2:GetTransitGatewayRouteTablePropagations + - ec2:SearchTransitGatewayRoutes + - ec2:Describe* + - ec2:GetManagedPrefixListEntries + - elasticloadbalancing:Describe* + - directconnect:Describe* + - tiros:CreateQuery + - tiros:GetQueryAnswer + - tiros:GetQueryExplanation + update: + - ec2:CreateTags + - ec2:Describe* + - ec2:DeleteTags + list: + - ec2:Describe* + delete: + - ec2:DeleteNetworkInsightsAnalysis + - ec2:DeleteTags + FilterPortRange: + type: object + additionalProperties: false properties: - undefined: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteTableId' - - description: The ID of the transit gateway route table. - Filter: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TransitGatewayRouteList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayRoute' - - xml: - name: item - SecurityGroup: + FromPort: + type: integer + ToPort: + type: integer + PathFilter: type: object + additionalProperties: false properties: - groupDescription: - allOf: - - $ref: '#/components/schemas/String' - - description: A description of the security group. - groupName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the security group. - ipPermissions: - allOf: - - $ref: '#/components/schemas/IpPermissionList' - - description: The inbound rules associated with the security group. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID of the owner of the security group. - groupId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the security group. - ipPermissionsEgress: - allOf: - - $ref: '#/components/schemas/IpPermissionList' - - description: '[VPC only] The outbound rules associated with the security group.' - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the security group. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: '[VPC only] The ID of the VPC for the security group.' - description: Describes a security group. - SecurityGroupReference: + SourceAddress: + $ref: '#/components/schemas/IpAddress' + SourcePortRange: + $ref: '#/components/schemas/FilterPortRange' + DestinationAddress: + $ref: '#/components/schemas/IpAddress' + DestinationPortRange: + $ref: '#/components/schemas/FilterPortRange' + NetworkInsightsPath: type: object properties: - groupId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of your security group. - referencingVpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC with the referencing security group. - vpcPeeringConnectionId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC peering connection. - description: Describes a VPC with a security group that references your security group. - SecurityGroupRuleId: - type: string - SecurityGroupRule: + NetworkInsightsPathId: + type: string + NetworkInsightsPathArn: + type: string + CreatedDate: + type: string + SourceIp: + $ref: '#/components/schemas/IpAddress' + FilterAtSource: + $ref: '#/components/schemas/PathFilter' + FilterAtDestination: + $ref: '#/components/schemas/PathFilter' + DestinationIp: + $ref: '#/components/schemas/IpAddress' + Source: + type: string + Destination: + type: string + SourceArn: + type: string + DestinationArn: + type: string + Protocol: + $ref: '#/components/schemas/Protocol' + DestinationPort: + $ref: '#/components/schemas/Port' + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Protocol + - Source + x-stackql-resource-name: network_insights_path + description: Resource schema for AWS::EC2::NetworkInsightsPath + x-type-name: AWS::EC2::NetworkInsightsPath + x-stackql-primary-identifier: + - NetworkInsightsPathId + x-stackql-additional-identifiers: + - - NetworkInsightsPathArn + x-create-only-properties: + - SourceIp + - DestinationIp + - Source + - Destination + - Protocol + - DestinationPort + - FilterAtSource + - FilterAtDestination + x-read-only-properties: + - NetworkInsightsPathId + - NetworkInsightsPathArn + - CreatedDate + - SourceArn + - DestinationArn + x-required-properties: + - Protocol + - Source + x-required-permissions: + create: + - ec2:CreateNetworkInsightsPath + - ec2:CreateTags + delete: + - ec2:DeleteNetworkInsightsPath + - ec2:DeleteTags + read: + - ec2:DescribeNetworkInsightsPaths + list: + - ec2:DescribeNetworkInsightsPaths + update: + - ec2:DescribeNetworkInsightsPaths + - ec2:CreateTags + - ec2:DeleteTags + NetworkInterfaceAttachment: type: object properties: - securityGroupRuleId: - allOf: - - $ref: '#/components/schemas/SecurityGroupRuleId' - - description: The ID of the security group rule. - groupId: - allOf: - - $ref: '#/components/schemas/SecurityGroupId' - - description: The ID of the security group. - groupOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ID of the Amazon Web Services account that owns the security group. ' - isEgress: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the security group rule is an outbound rule. - ipProtocol: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers).

Use -1 to specify all protocols.

' - fromPort: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.' - toPort: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes. ' - cidrIpv4: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv4 CIDR range. - cidrIpv6: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 CIDR range. - prefixListId: - allOf: - - $ref: '#/components/schemas/PrefixListResourceId' - - description: The ID of the prefix list. - referencedGroupInfo: - allOf: - - $ref: '#/components/schemas/ReferencedSecurityGroup' - - description: Describes the security group that is referenced in the rule. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The security group rule description. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags applied to the security group rule. - description: Describes a security group rule. - SecurityGroupRuleDescriptionList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupRuleDescription' - - xml: - name: item - SecurityGroupRuleRequest: + AttachmentId: + description: The ID of the network interface attachment. + type: string + DeleteOnTermination: + description: Whether to delete the network interface when the instance terminates. By default, this value is set to true. + type: boolean + default: true + DeviceIndex: + description: The network interface's position in the attachment order. For example, the first attached network interface has a DeviceIndex of 0. + type: string + InstanceId: + description: The ID of the instance to which you will attach the ENI. + type: string + NetworkInterfaceId: + description: The ID of the ENI that you want to attach. + type: string + EnaSrdSpecification: + $ref: '#/components/schemas/EnaSrdSpecification' + required: + - DeviceIndex + - InstanceId + - NetworkInterfaceId + x-stackql-resource-name: network_interface_attachment + description: Resource Type definition for AWS::EC2::NetworkInterfaceAttachment + x-type-name: AWS::EC2::NetworkInterfaceAttachment + x-stackql-primary-identifier: + - AttachmentId + x-stackql-additional-identifiers: + - - NetworkInterfaceId + x-create-only-properties: + - DeviceIndex + - InstanceId + - NetworkInterfaceId + x-read-only-properties: + - AttachmentId + x-required-properties: + - DeviceIndex + - InstanceId + - NetworkInterfaceId + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:AttachNetworkInterface + - ec2:DescribeNetworkInterfaces + - ec2:ModifyNetworkInterfaceAttribute + read: + - ec2:DescribeNetworkInterfaces + list: + - ec2:DescribeNetworkInterfaces + update: + - ec2:ModifyNetworkInterfaceAttribute + - ec2:DescribeNetworkInterfaces + - ec2:AttachNetworkInterface + - ec2:DetachNetworkInterface + delete: + - ec2:DetachNetworkInterface + - ec2:DescribeNetworkInterfaces + NetworkPerformanceMetricSubscription: + type: object + properties: + Source: + description: The starting Region or Availability Zone for metric to subscribe to. + type: string + Destination: + description: The target Region or Availability Zone for the metric to subscribe to. + type: string + Metric: + description: The metric type to subscribe to. + type: string + Statistic: + description: The statistic to subscribe to. + type: string + required: + - Source + - Destination + - Metric + - Statistic + x-stackql-resource-name: network_performance_metric_subscription + description: Resource Type definition for AWS::EC2::NetworkPerformanceMetricSubscription + x-type-name: AWS::EC2::NetworkPerformanceMetricSubscription + x-stackql-primary-identifier: + - Source + - Destination + - Metric + - Statistic + x-create-only-properties: + - Source + - Destination + - Metric + - Statistic + x-required-properties: + - Source + - Destination + - Metric + - Statistic + x-tagging: + taggable: false + x-required-permissions: + create: + - ec2:DescribeAwsNetworkPerformanceMetricSubscriptions + - ec2:EnableAwsNetworkPerformanceMetricSubscription + read: + - ec2:DescribeAwsNetworkPerformanceMetricSubscriptions + delete: + - ec2:DescribeAwsNetworkPerformanceMetricSubscriptions + - ec2:DisableAwsNetworkPerformanceMetricSubscription + list: + - ec2:DescribeAwsNetworkPerformanceMetricSubscriptions + PlacementGroup: type: object properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the security group rule. - description: '

Describes a security group rule.

You must specify exactly one of the following parameters, based on the rule type:

When you modify a rule, you cannot change the rule type. For example, if the rule uses an IPv4 address range, you must use CidrIpv4 to specify a new IPv4 address range.

' - SecurityGroupRuleUpdateList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SecurityGroupRuleUpdate' - - xml: - name: item - SelfServicePortal: - type: string - enum: - - enabled - - disabled - SendDiagnosticInterruptRequest: - type: object + Strategy: + description: The placement strategy. + type: string + GroupName: + description: The Group Name of Placement Group. + type: string + SpreadLevel: + description: The Spread Level of Placement Group is an enum where it accepts either host or rack when strategy is spread + type: string + PartitionCount: + description: The number of partitions. Valid only when **Strategy** is set to `partition` + type: integer + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: placement_group + description: Resource Type definition for AWS::EC2::PlacementGroup + x-type-name: AWS::EC2::PlacementGroup + x-stackql-primary-identifier: + - GroupName + x-create-only-properties: + - Tags + - Strategy + - SpreadLevel + - PartitionCount + x-read-only-properties: + - GroupName + x-tagging: + taggable: true + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:CreatePlacementGroup + - ec2:DescribePlacementGroups + - ec2:CreateTags + read: + - ec2:DescribePlacementGroups + delete: + - ec2:DeletePlacementGroup + - ec2:DescribePlacementGroups + list: + - ec2:DescribePlacementGroups + Entry: + type: object + properties: + Cidr: + type: string + minLength: 1 + maxLength: 46 + Description: + type: string + minLength: 0 + maxLength: 255 required: - - InstanceId - title: SendDiagnosticInterruptRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ServiceTypeDetailSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/ServiceTypeDetail' - - xml: - name: item - ServiceState: - type: string - enum: - - Pending - - Available - - Deleting - - Deleted - - Failed - SupportedIpAddressTypes: - type: array - items: - allOf: - - $ref: '#/components/schemas/ServiceConnectivityType' - - xml: - name: item - minItems: 0 - maxItems: 2 - ServiceConnectivityType: - type: string - enum: - - ipv4 - - ipv6 - ServiceDetail: + - Cidr + additionalProperties: false + PrefixList: type: object properties: - serviceName: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the service. - serviceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the endpoint service. - serviceType: - allOf: - - $ref: '#/components/schemas/ServiceTypeDetailSet' - - description: The type of service. - availabilityZoneSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The Availability Zones in which the service is available. - owner: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Web Services account ID of the service owner. - baseEndpointDnsNameSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The DNS names for the service. - privateDnsName: - allOf: - - $ref: '#/components/schemas/String' - - description: The private DNS name for the service. - privateDnsNameSet: - allOf: - - $ref: '#/components/schemas/PrivateDnsDetailsSet' - - description: 'The private DNS names assigned to the VPC endpoint service. ' - vpcEndpointPolicySupported: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the service supports endpoint policies. - acceptanceRequired: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether VPC endpoint connection requests to the service must be accepted by the service owner. - managesVpcEndpoints: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the service manages its VPC endpoints. Management of the service VPC endpoints using the VPC endpoint API is restricted. - payerResponsibility: - allOf: - - $ref: '#/components/schemas/PayerResponsibility' - - description: The payer responsibility. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the service. - privateDnsNameVerificationState: - allOf: - - $ref: '#/components/schemas/DnsNameState' - - description:

The verification state of the VPC endpoint service.

Consumers of the endpoint service cannot use the private name when the state is not verified.

- supportedIpAddressTypeSet: - allOf: - - $ref: '#/components/schemas/SupportedIpAddressTypes' - - description: The supported IP address types. - description: Describes a VPC endpoint service. - ServiceType: - type: string - enum: - - Interface - - Gateway - - GatewayLoadBalancer - ServiceTypeDetail: + PrefixListName: + description: Name of Prefix List. + type: string + minLength: 1 + maxLength: 255 + PrefixListId: + description: Id of Prefix List. + type: string + OwnerId: + description: Owner Id of Prefix List. + type: string + AddressFamily: + description: Ip Version of Prefix List. + type: string + enum: + - IPv4 + - IPv6 + MaxEntries: + description: Max Entries of Prefix List. + type: integer + minimum: 1 + Version: + description: Version of Prefix List. + type: integer + Tags: + description: Tags for Prefix List + type: array + items: + $ref: '#/components/schemas/Tag' + Entries: + description: Entries of Prefix List. + type: array + items: + $ref: '#/components/schemas/Entry' + Arn: + description: The Amazon Resource Name (ARN) of the Prefix List. + type: string + required: + - PrefixListName + - AddressFamily + x-stackql-resource-name: prefix_list + description: Resource schema of AWS::EC2::PrefixList Type + x-type-name: AWS::EC2::PrefixList + x-stackql-primary-identifier: + - PrefixListId + x-read-only-properties: + - PrefixListId + - OwnerId + - Version + - Arn + x-required-properties: + - PrefixListName + - AddressFamily + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + x-required-permissions: + create: + - EC2:CreateManagedPrefixList + - EC2:DescribeManagedPrefixLists + - EC2:CreateTags + read: + - EC2:GetManagedPrefixListEntries + - EC2:DescribeManagedPrefixLists + update: + - EC2:DescribeManagedPrefixLists + - EC2:GetManagedPrefixListEntries + - EC2:ModifyManagedPrefixList + - EC2:CreateTags + - EC2:DeleteTags + delete: + - EC2:DeleteManagedPrefixList + - EC2:DescribeManagedPrefixLists + list: + - EC2:DescribeManagedPrefixLists + - EC2:GetManagedPrefixListEntries + Route: type: object properties: - serviceType: - allOf: - - $ref: '#/components/schemas/ServiceType' - - description: The type of service. - description: Describes the type of service for a VPC endpoint. - SlotDateTimeRangeRequest: - type: object + CarrierGatewayId: + type: string + description: |- + The ID of the carrier gateway. + You can only use this option when the VPC contains a subnet which is associated with a Wavelength Zone. + CidrBlock: + type: string + description: '' + CoreNetworkArn: + type: string + description: The Amazon Resource Name (ARN) of the core network. + DestinationCidrBlock: + type: string + description: The IPv4 CIDR address block used for the destination match. Routing decisions are based on the most specific match. We modify the specified CIDR block to its canonical form; for example, if you specify ``100.68.0.18/18``, we modify it to ``100.68.0.0/18``. + DestinationIpv6CidrBlock: + type: string + description: The IPv6 CIDR block used for the destination match. Routing decisions are based on the most specific match. + DestinationPrefixListId: + type: string + description: The ID of a prefix list used for the destination match. + EgressOnlyInternetGatewayId: + type: string + description: '[IPv6 traffic only] The ID of an egress-only internet gateway.' + GatewayId: + type: string + description: The ID of an internet gateway or virtual private gateway attached to your VPC. + InstanceId: + type: string + description: The ID of a NAT instance in your VPC. The operation fails if you specify an instance ID unless exactly one network interface is attached. + LocalGatewayId: + type: string + description: The ID of the local gateway. + NatGatewayId: + type: string + description: '[IPv4 traffic only] The ID of a NAT gateway.' + NetworkInterfaceId: + type: string + description: The ID of a network interface. + RouteTableId: + type: string + description: The ID of the route table for the route. + TransitGatewayId: + type: string + description: The ID of a transit gateway. + VpcEndpointId: + type: string + description: The ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only. + VpcPeeringConnectionId: + type: string + description: The ID of a VPC peering connection. required: - - EarliestTime - - LatestTime - properties: - undefined: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The latest date and time, in UTC, for the Scheduled Instance to start. This value must be later than or equal to the earliest date and at most three months in the future.' - description: Describes the time period for a Scheduled Instance to start its first schedule. The time period must span less than one day. - StorageTier: - type: string - enum: - - archive - - standard - SnapshotAttributeName: - type: string - enum: - - productCodes - - createVolumePermission - UserBucketDetails: + - RouteTableId + x-stackql-resource-name: route + description: |- + Specifies a route in a route table. For more information, see [Routes](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html#route-table-routes) in the *Amazon VPC User Guide*. + You must specify either a destination CIDR block or prefix list ID. You must also specify exactly one of the resources as the target. + If you create a route that references a transit gateway in the same template where you create the transit gateway, you must declare a dependency on the transit gateway attachment. The route table cannot use the transit gateway until it has successfully attached to the VPC. Add a [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) in the ``AWS::EC2::Route`` resource to explicitly declare a dependency on the ``AWS::EC2::TransitGatewayAttachment`` resource. + x-type-name: AWS::EC2::Route + x-stackql-primary-identifier: + - RouteTableId + - CidrBlock + x-create-only-properties: + - RouteTableId + - DestinationCidrBlock + - DestinationIpv6CidrBlock + - DestinationPrefixListId + x-read-only-properties: + - CidrBlock + x-required-properties: + - RouteTableId + x-tagging: + taggable: false + x-required-permissions: + create: + - ec2:CreateRoute + - ec2:DescribeRouteTables + - ec2:DescribeNetworkInterfaces + read: + - ec2:DescribeRouteTables + update: + - ec2:ReplaceRoute + - ec2:DescribeRouteTables + - ec2:DescribeNetworkInterfaces + delete: + - ec2:DeleteRoute + - ec2:DescribeRouteTables + list: + - ec2:DescribeRouteTables + RouteTable: type: object properties: - s3Bucket: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon S3 bucket from which the disk image was created. - s3Key: - allOf: - - $ref: '#/components/schemas/String' - - description: The file name of the disk image. - description: Describes the Amazon S3 bucket for the disk image. - SnapshotDetail: + RouteTableId: + description: '' + type: string + Tags: + description: Any tags assigned to the route table. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + VpcId: + description: The ID of the VPC. + type: string + required: + - VpcId + x-stackql-resource-name: route_table + description: |- + Specifies a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet. + For more information, see [Route tables](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the *Amazon VPC User Guide*. + x-type-name: AWS::EC2::RouteTable + x-stackql-primary-identifier: + - RouteTableId + x-create-only-properties: + - VpcId + x-read-only-properties: + - RouteTableId + x-required-properties: + - VpcId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateRouteTable + - ec2:CreateTags + - ec2:DescribeRouteTables + read: + - ec2:DescribeRouteTables + update: + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeRouteTables + delete: + - ec2:DescribeRouteTables + - ec2:DeleteRouteTable + list: + - ec2:DescribeRouteTables + Ingress: + additionalProperties: false + type: object + properties: + CidrIp: + type: string + CidrIpv6: + type: string + Description: + type: string + FromPort: + type: integer + SourceSecurityGroupName: + type: string + ToPort: + type: integer + SourceSecurityGroupOwnerId: + type: string + IpProtocol: + type: string + SourceSecurityGroupId: + type: string + SourcePrefixListId: + type: string + required: + - IpProtocol + Egress: + additionalProperties: false + type: object + properties: + CidrIp: + type: string + CidrIpv6: + type: string + Description: + type: string + FromPort: + type: integer + ToPort: + type: integer + IpProtocol: + type: string + DestinationSecurityGroupId: + type: string + DestinationPrefixListId: + type: string + required: + - IpProtocol + SecurityGroup: type: object properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description for the snapshot. - deviceName: - allOf: - - $ref: '#/components/schemas/String' - - description: The block device mapping for the snapshot. - diskImageSize: - allOf: - - $ref: '#/components/schemas/Double' - - description: 'The size of the disk in the snapshot, in GiB.' - format: - allOf: - - $ref: '#/components/schemas/String' - - description: The format of the disk image from which the snapshot is created. - progress: - allOf: - - $ref: '#/components/schemas/String' - - description: The percentage of progress for the task. - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: The snapshot ID of the disk being imported. - status: - allOf: - - $ref: '#/components/schemas/String' - - description: A brief status of the snapshot creation. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: A detailed status message for the snapshot creation. - url: - allOf: - - $ref: '#/components/schemas/String' - - description: The URL used to access the disk image. - userBucket: - allOf: - - $ref: '#/components/schemas/UserBucketDetails' - - description: The Amazon S3 bucket for the disk image. - description: Describes the snapshot created from the imported disk. - SnapshotDiskContainer: + GroupDescription: + description: A description for the security group. + type: string + GroupName: + description: The name of the security group. + type: string + VpcId: + description: The ID of the VPC for the security group. + type: string + Id: + description: The group name or group ID depending on whether the SG is created in default or specific VPC + type: string + SecurityGroupIngress: + uniqueItems: false + description: The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Ingress' + SecurityGroupEgress: + uniqueItems: false + description: '[VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.' + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Egress' + Tags: + uniqueItems: false + description: Any tags assigned to the security group. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + GroupId: + description: The group ID of the specified security group. + type: string + required: + - GroupDescription + x-stackql-resource-name: security_group + description: Resource Type definition for AWS::EC2::SecurityGroup + x-type-name: AWS::EC2::SecurityGroup + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - GroupDescription + - GroupName + - VpcId + x-write-only-properties: + - SecurityGroupIngress/*/SourceSecurityGroupName + x-read-only-properties: + - Id + - GroupId + x-required-properties: + - GroupDescription + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: true + x-required-permissions: + read: + - ec2:DescribeSecurityGroups + create: + - ec2:CreateSecurityGroup + - ec2:DescribeSecurityGroups + - ec2:RevokeSecurityGroupEgress + - ec2:AuthorizeSecurityGroupEgress + - ec2:AuthorizeSecurityGroupIngress + - ec2:CreateTags + update: + - ec2:RevokeSecurityGroupEgress + - ec2:RevokeSecurityGroupIngress + - ec2:DescribeSecurityGroups + - ec2:AuthorizeSecurityGroupEgress + - ec2:AuthorizeSecurityGroupIngress + - ec2:CreateTags + - ec2:DeleteTags + list: + - ec2:DescribeSecurityGroups + delete: + - ec2:DeleteSecurityGroup + - ec2:DescribeInstances + SecurityGroupEgress: + type: object + properties: + CidrIp: + description: |- + The IPv4 address range, in CIDR format. + You must specify exactly one of the following: ``CidrIp``, ``CidrIpv6``, ``DestinationPrefixListId``, or ``DestinationSecurityGroupId``. + For examples of rules that you can add to security groups for specific access scenarios, see [Security group rules for different use cases](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html) in the *User Guide*. + type: string + CidrIpv6: + description: |- + The IPv6 address range, in CIDR format. + You must specify exactly one of the following: ``CidrIp``, ``CidrIpv6``, ``DestinationPrefixListId``, or ``DestinationSecurityGroupId``. + For examples of rules that you can add to security groups for specific access scenarios, see [Security group rules for different use cases](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html) in the *User Guide*. + type: string + Description: + description: |- + The description of an egress (outbound) security group rule. + Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$* + type: string + FromPort: + description: If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types). + type: integer + ToPort: + description: If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes). + type: integer + IpProtocol: + description: |- + The IP protocol name (``tcp``, ``udp``, ``icmp``, ``icmpv6``) or number (see [Protocol Numbers](https://docs.aws.amazon.com/http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). + Use ``-1`` to specify all protocols. When authorizing security group rules, specifying ``-1`` or a protocol number other than ``tcp``, ``udp``, ``icmp``, or ``icmpv6`` allows traffic on all ports, regardless of any port range you specify. For ``tcp``, ``udp``, and ``icmp``, you must specify a port range. For ``icmpv6``, the port range is optional; if you omit the port range, traffic for all types and codes is allowed. + type: string + DestinationSecurityGroupId: + description: |- + The ID of the security group. + You must specify exactly one of the following: ``CidrIp``, ``CidrIpv6``, ``DestinationPrefixListId``, or ``DestinationSecurityGroupId``. + type: string + Id: + description: '' + type: string + DestinationPrefixListId: + description: |- + The prefix list IDs for an AWS service. This is the AWS service to access through a VPC endpoint from instances associated with the security group. + You must specify exactly one of the following: ``CidrIp``, ``CidrIpv6``, ``DestinationPrefixListId``, or ``DestinationSecurityGroupId``. + type: string + GroupId: + description: The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID. + type: string + required: + - IpProtocol + - GroupId + x-stackql-resource-name: security_group_egress + description: |- + Adds the specified outbound (egress) rule to a security group. + An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html). + You must specify exactly one of the following destinations: an IPv4 address range, an IPv6 address range, a prefix list, or a security group. + You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. To specify all types or all codes, use -1. + Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. + x-type-name: AWS::EC2::SecurityGroupEgress + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - IpProtocol + - DestinationSecurityGroupId + - ToPort + - CidrIp + - FromPort + - GroupId + - CidrIpv6 + - DestinationPrefixListId + x-read-only-properties: + - Id + x-required-properties: + - IpProtocol + - GroupId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + read: + - ec2:DescribeSecurityGroupRules + create: + - ec2:AuthorizeSecurityGroupEgress + - ec2:RevokeSecurityGroupEgress + - ec2:DescribeSecurityGroupRules + update: + - ec2:UpdateSecurityGroupRuleDescriptionsEgress + list: + - ec2:DescribeSecurityGroupRules + delete: + - ec2:RevokeSecurityGroupEgress + - ec2:DescribeSecurityGroupRules + SecurityGroupIngress: + type: object + properties: + Id: + description: The Security Group Rule Id + type: string + CidrIp: + description: The IPv4 ranges + type: string + CidrIpv6: + description: '[VPC only] The IPv6 ranges' + type: string + Description: + description: Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously + type: string + FromPort: + description: |- + The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes. + + Use this for ICMP and any protocol that uses ports. + type: integer + GroupId: + description: |- + The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID. + + You must specify the GroupName property or the GroupId property. For security groups that are in a VPC, you must use the GroupId property. + type: string + GroupName: + description: The name of the security group. + type: string + IpProtocol: + description: |- + The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers). + + [VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed. + type: string + SourcePrefixListId: + description: |+ + [EC2-VPC only] The ID of a prefix list. + + type: string + SourceSecurityGroupId: + description: The ID of the security group. You must specify either the security group ID or the security group name. For security groups in a nondefault VPC, you must specify the security group ID. + type: string + SourceSecurityGroupName: + description: |- + [EC2-Classic, default VPC] The name of the source security group. + + You must specify the GroupName property or the GroupId property. For security groups that are in a VPC, you must use the GroupId property. + type: string + SourceSecurityGroupOwnerId: + description: |- + [nondefault VPC] The AWS account ID that owns the source security group. You can't specify this property with an IP address range. + + If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId; otherwise, this property is optional. + type: string + ToPort: + description: |- + The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes for the specified ICMP type. If you specify all ICMP/ICMPv6 types, you must specify all codes. + + Use this for ICMP and any protocol that uses ports. + type: integer + required: + - IpProtocol + x-stackql-resource-name: security_group_ingress + description: Resource Type definition for AWS::EC2::SecurityGroupIngress + x-type-name: AWS::EC2::SecurityGroupIngress + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - GroupName + - IpProtocol + - SourceSecurityGroupId + - SourcePrefixListId + - ToPort + - CidrIp + - SourceSecurityGroupName + - SourceSecurityGroupOwnerId + - FromPort + - GroupId + - CidrIpv6 + x-read-only-properties: + - Id + x-required-properties: + - IpProtocol + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:DescribeSecurityGroupRules + - ec2:AuthorizeSecurityGroupIngress + update: + - ec2:UpdateSecurityGroupRuleDescriptionsIngress + delete: + - ec2:DescribeSecurityGroupRules + - ec2:RevokeSecurityGroupIngress + read: + - ec2:DescribeSecurityGroups + - ec2:DescribeSecurityGroupRules + list: + - ec2:DescribeSecurityGroupRules + SnapshotBlockPublicAccess: + type: object + properties: + State: + type: string + description: The state of EBS Snapshot Block Public Access. + enum: + - block-all-sharing + - block-new-sharing + AccountId: + type: string + description: The identifier for the specified AWS account. + required: + - State + x-stackql-resource-name: snapshot_block_public_access + description: Resource Type definition for AWS::EC2::SnapshotBlockPublicAccess + x-type-name: AWS::EC2::SnapshotBlockPublicAccess + x-stackql-primary-identifier: + - AccountId + x-read-only-properties: + - AccountId + x-required-properties: + - State + x-tagging: + taggable: false + x-required-permissions: + create: + - ec2:EnableSnapshotBlockPublicAccess + - ec2:GetSnapshotBlockPublicAccessState + read: + - ec2:GetSnapshotBlockPublicAccessState + update: + - ec2:EnableSnapshotBlockPublicAccess + - ec2:GetSnapshotBlockPublicAccessState + delete: + - ec2:DisableSnapshotBlockPublicAccess + - ec2:GetSnapshotBlockPublicAccessState + list: + - ec2:GetSnapshotBlockPublicAccessState + SpotFleetRequestConfigData: type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/UserBucket' - - description: The Amazon S3 bucket for the disk image. - description: The disk container object for the import snapshot request. - SnapshotInfo: + additionalProperties: false + properties: + AllocationStrategy: + type: string + enum: + - capacityOptimized + - capacityOptimizedPrioritized + - diversified + - lowestPrice + - priceCapacityOptimized + Context: + type: string + ExcessCapacityTerminationPolicy: + type: string + enum: + - Default + - NoTermination + - default + - noTermination + IamFleetRole: + type: string + InstanceInterruptionBehavior: + type: string + enum: + - hibernate + - stop + - terminate + InstancePoolsToUseCount: + type: integer + LaunchSpecifications: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/SpotFleetLaunchSpecification' + LaunchTemplateConfigs: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/LaunchTemplateConfig' + LoadBalancersConfig: + $ref: '#/components/schemas/LoadBalancersConfig' + OnDemandAllocationStrategy: + type: string + OnDemandMaxTotalPrice: + type: string + OnDemandTargetCapacity: + type: integer + ReplaceUnhealthyInstances: + type: boolean + SpotMaintenanceStrategies: + $ref: '#/components/schemas/SpotMaintenanceStrategies' + SpotMaxTotalPrice: + type: string + SpotPrice: + type: string + TargetCapacity: + type: integer + TerminateInstancesWithExpiration: + type: boolean + Type: + type: string + enum: + - maintain + - request + ValidFrom: + type: string + ValidUntil: + type: string + TagSpecifications: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/SpotFleetTagSpecification' + TargetCapacityUnitType: + type: string + enum: + - vcpu + - memory-mib + - units + required: + - IamFleetRole + - TargetCapacity + SpotFleetLaunchSpecification: type: object + additionalProperties: false properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: Description specified by the CreateSnapshotRequest that has been applied to all snapshots. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Tags associated with this snapshot. - encrypted: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the snapshot is encrypted. - volumeId: - allOf: - - $ref: '#/components/schemas/String' - - description: Source volume from which this snapshot was created. - state: - allOf: - - $ref: '#/components/schemas/SnapshotState' - - description: Current state of the snapshot. - volumeSize: - allOf: - - $ref: '#/components/schemas/Integer' - - description: Size of the volume from which this snapshot was created. - startTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: Time this snapshot was started. This is the same for all snapshots initiated by the same request. - progress: - allOf: - - $ref: '#/components/schemas/String' - - description: Progress this snapshot has made towards completing. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: Account id used when creating this snapshot. - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: Snapshot id that can be used to describe this snapshot. - outpostArn: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ARN of the Outpost on which the snapshot is stored. For more information, see Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.' - description: Information about a snapshot. - SnapshotRecycleBinInfo: + BlockDeviceMappings: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/BlockDeviceMapping' + EbsOptimized: + type: boolean + default: false + IamInstanceProfile: + $ref: '#/components/schemas/IamInstanceProfileSpecification' + ImageId: + type: string + InstanceType: + type: string + KernelId: + type: string + KeyName: + type: string + Monitoring: + $ref: '#/components/schemas/SpotFleetMonitoring' + NetworkInterfaces: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/InstanceNetworkInterfaceSpecification' + Placement: + $ref: '#/components/schemas/SpotPlacement' + RamdiskId: + type: string + SecurityGroups: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/GroupIdentifier' + SpotPrice: + type: string + SubnetId: + type: string + TagSpecifications: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/SpotFleetTagSpecification' + UserData: + type: string + WeightedCapacity: + type: number + InstanceRequirements: + $ref: '#/components/schemas/InstanceRequirementsRequest' + required: + - ImageId + LoadBalancersConfig: type: object + additionalProperties: false properties: - snapshotId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the snapshot. - recycleBinEnterTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time when the snaphsot entered the Recycle Bin. - recycleBinExitTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time when the snapshot is to be permanently deleted from the Recycle Bin. - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description for the snapshot. - volumeId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the volume from which the snapshot was created. - description: Information about a snapshot that is currently in the Recycle Bin. - TieringOperationStatus: - type: string - enum: - - archival-in-progress - - archival-completed - - archival-failed - - temporary-restore-in-progress - - temporary-restore-completed - - temporary-restore-failed - - permanent-restore-in-progress - - permanent-restore-completed - - permanent-restore-failed - SnapshotTierStatus: + ClassicLoadBalancersConfig: + $ref: '#/components/schemas/ClassicLoadBalancersConfig' + TargetGroupsConfig: + $ref: '#/components/schemas/TargetGroupsConfig' + SpotMaintenanceStrategies: type: object + additionalProperties: false properties: - snapshotId: - allOf: - - $ref: '#/components/schemas/SnapshotId' - - description: The ID of the snapshot. - volumeId: - allOf: - - $ref: '#/components/schemas/VolumeId' - - description: The ID of the volume from which the snapshot was created. - status: - allOf: - - $ref: '#/components/schemas/SnapshotState' - - description: The state of the snapshot. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the snapshot. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags that are assigned to the snapshot. - storageTier: - allOf: - - $ref: '#/components/schemas/StorageTier' - - description: The storage tier in which the snapshot is stored. standard indicates that the snapshot is stored in the standard snapshot storage tier and that it is ready for use. archive indicates that the snapshot is currently archived and that it must be restored before it can be used. - lastTieringStartTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time when the last archive or restore process was started. - lastTieringProgress: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The progress of the last archive or restore process, as a percentage.' - lastTieringOperationStatus: - allOf: - - $ref: '#/components/schemas/TieringOperationStatus' - - description: The status of the last archive or restore process. - lastTieringOperationStatusDetail: - allOf: - - $ref: '#/components/schemas/String' - - description: A message describing the status of the last archive or restore process. - archivalCompleteTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time when the last archive process was completed. - restoreExpiryTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: Only for archived snapshots that are temporarily restored. Indicates the date and time when a temporarily restored snapshot will be automatically re-archived. - description: Provides information about a snapshot's storage tier. - SpotAllocationStrategy: - type: string - enum: - - lowest-price - - diversified - - capacity-optimized - - capacity-optimized-prioritized + CapacityRebalance: + $ref: '#/components/schemas/SpotCapacityRebalance' SpotCapacityRebalance: type: object + additionalProperties: false properties: - replacementStrategy: - allOf: - - $ref: '#/components/schemas/ReplacementStrategy' - - description: '

The replacement strategy to use. Only available for fleets of type maintain.

launch - Spot Fleet launches a new replacement Spot Instance when a rebalance notification is emitted for an existing Spot Instance in the fleet. Spot Fleet does not terminate the instances that receive a rebalance notification. You can terminate the old instances, or you can leave them running. You are charged for all instances while they are running.

launch-before-terminate - Spot Fleet launches a new replacement Spot Instance when a rebalance notification is emitted for an existing Spot Instance in the fleet, and then, after a delay that you specify (in TerminationDelay), terminates the instances that received a rebalance notification.

' - terminationDelay: - allOf: - - $ref: '#/components/schemas/Integer' - - description: '

The amount of time (in seconds) that Amazon EC2 waits before terminating the old Spot Instance after launching a new replacement Spot Instance.

Required when ReplacementStrategy is set to launch-before-terminate.

Not valid when ReplacementStrategy is set to launch.

Valid values: Minimum value of 120 seconds. Maximum value of 7200 seconds.

' - description: 'The Spot Instance replacement strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. For more information, see Capacity rebalancing in the Amazon EC2 User Guide for Linux Instances.' - SpotInstanceStateFault: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/String' - - description: The reason code for the Spot Instance state change. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: The message for the Spot Instance state change. - description: Describes a Spot Instance state change. - SpotFleetMonitoring: - type: object - properties: - enabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Enables monitoring for the instance.

Default: false

' - description: Describes whether monitoring is enabled. - SpotFleetTagSpecificationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SpotFleetTagSpecification' - - xml: - name: item - SpotFleetRequestConfig: + ReplacementStrategy: + type: string + enum: + - launch + - launch-before-terminate + TerminationDelay: + type: integer + LaunchTemplateConfig: type: object + additionalProperties: false properties: - activityStatus: - allOf: - - $ref: '#/components/schemas/ActivityStatus' - - description: 'The progress of the Spot Fleet request. If there is an error, the status is error. After all requests are placed, the status is pending_fulfillment. If the size of the fleet is equal to or greater than its target capacity, the status is fulfilled. If the size of the fleet is decreased, the status is pending_termination while Spot Instances are terminating.' - createTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The creation date and time of the request. - spotFleetRequestConfig: - allOf: - - $ref: '#/components/schemas/SpotFleetRequestConfigData' - - description: The configuration of the Spot Fleet request. - spotFleetRequestId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Spot Fleet request. - spotFleetRequestState: - allOf: - - $ref: '#/components/schemas/BatchState' - - description: The state of the Spot Fleet request. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for a Spot Fleet resource. - description: Describes a Spot Fleet request. + LaunchTemplateSpecification: + $ref: '#/components/schemas/FleetLaunchTemplateSpecification' + Overrides: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/LaunchTemplateOverrides' SpotFleetTagSpecification: type: object + additionalProperties: false properties: - resourceType: - allOf: - - $ref: '#/components/schemas/ResourceType' - - description: 'The type of resource. Currently, the only resource type that is supported is instance. To tag the Spot Fleet request on creation, use the TagSpecifications parameter in SpotFleetRequestConfigData .' - tag: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags. - description: The tags for a Spot Fleet resource. - SpotInstanceInterruptionBehavior: - type: string - enum: - - hibernate - - stop - - terminate - SpotInstanceState: - type: string - enum: - - open - - active - - closed - - cancelled - - failed - SpotInstanceStatus: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The status code. For a list of status codes, see Spot request status codes in the Amazon EC2 User Guide for Linux Instances.' - message: - allOf: - - $ref: '#/components/schemas/String' - - description: The description for the status code. - updateTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The date and time of the most recent status update, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - description: Describes the status of a Spot Instance request. - SpotInstanceRequest: - type: object - properties: - actualBlockHourlyPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: Deprecated. - availabilityZoneGroup: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The Availability Zone group. If you specify the same Availability Zone group for all Spot Instance requests, all Spot Instances are launched in the same Availability Zone.' - blockDurationMinutes: - allOf: - - $ref: '#/components/schemas/Integer' - - description: Deprecated. - createTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The date and time when the Spot Instance request was created, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - fault: - allOf: - - $ref: '#/components/schemas/SpotInstanceStateFault' - - description: 'The fault codes for the Spot Instance request, if any.' - instanceId: - allOf: - - $ref: '#/components/schemas/InstanceId' - - description: 'The instance ID, if an instance has been launched to fulfill the Spot Instance request.' - launchGroup: - allOf: - - $ref: '#/components/schemas/String' - - description: The instance launch group. Launch groups are Spot Instances that launch together and terminate together. - launchSpecification: - allOf: - - $ref: '#/components/schemas/LaunchSpecification' - - description: Additional information for launching instances. - launchedAvailabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone in which the request is launched. - productDescription: - allOf: - - $ref: '#/components/schemas/RIProductDescription' - - description: The product description associated with the Spot Instance. - spotInstanceRequestId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Spot Instance request. - spotPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The maximum price per hour that you are willing to pay for a Spot Instance. - state: - allOf: - - $ref: '#/components/schemas/SpotInstanceState' - - description: 'The state of the Spot Instance request. Spot request status information helps track your Spot Instance requests. For more information, see Spot request status in the Amazon EC2 User Guide for Linux Instances.' - status: - allOf: - - $ref: '#/components/schemas/SpotInstanceStatus' - - description: The status code and status message describing the Spot Instance request. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the resource. - type: - allOf: - - $ref: '#/components/schemas/SpotInstanceType' - - description: The Spot Instance request type. - validFrom: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The start date of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). The request becomes active at this date and time.' - validUntil: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: '

The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ).

' - instanceInterruptionBehavior: - allOf: - - $ref: '#/components/schemas/InstanceInterruptionBehavior' - - description: The behavior when a Spot Instance is interrupted. - description: Describes a Spot Instance request. - SpotOptionsRequest: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The maximum amount per hour for Spot Instances that you're willing to pay. - description: Describes the configuration of Spot Instances in an EC2 Fleet request. - SpotPlacementScore: + ResourceType: + type: string + enum: + - client-vpn-endpoint + - customer-gateway + - dedicated-host + - dhcp-options + - egress-only-internet-gateway + - elastic-gpu + - elastic-ip + - export-image-task + - export-instance-task + - fleet + - fpga-image + - host-reservation + - image + - import-image-task + - import-snapshot-task + - instance + - internet-gateway + - key-pair + - launch-template + - local-gateway-route-table-vpc-association + - natgateway + - network-acl + - network-insights-analysis + - network-insights-path + - network-interface + - placement-group + - reserved-instances + - route-table + - security-group + - snapshot + - spot-fleet-request + - spot-instances-request + - subnet + - traffic-mirror-filter + - traffic-mirror-session + - traffic-mirror-target + - transit-gateway + - transit-gateway-attachment + - transit-gateway-connect-peer + - transit-gateway-multicast-domain + - transit-gateway-route-table + - volume + - vpc + - vpc-flow-log + - vpc-peering-connection + - vpn-connection + - vpn-gateway + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + FleetLaunchTemplateSpecification: type: object + additionalProperties: false properties: - region: - allOf: - - $ref: '#/components/schemas/String' - - description: The Region. - availabilityZoneId: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone. - score: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The placement score, on a scale from 1 to 10. A score of 10 indicates that your Spot request is highly likely to succeed in this Region or Availability Zone. A score of 1 indicates that your Spot request is not likely to succeed. ' - description: The Spot placement score for this Region or Availability Zone. The score is calculated based on the assumption that the capacity-optimized allocation strategy is used and that all of the Availability Zones in the Region can be used. - SpotPlacementScoresMaxResults: - type: integer - minimum: 10 - maximum: 1000 - SpotPlacementScoresTargetCapacity: - type: integer - minimum: 1 - maximum: 2000000000 - SpotPrice: + LaunchTemplateId: + type: string + LaunchTemplateName: + type: string + minLength: 3 + maxLength: 128 + pattern: '[a-zA-Z0-9\(\)\.\-/_]+' + Version: + type: string + required: + - Version + GroupIdentifier: type: object + additionalProperties: false properties: - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone. - instanceType: - allOf: - - $ref: '#/components/schemas/InstanceType' - - description: The instance type. - productDescription: - allOf: - - $ref: '#/components/schemas/RIProductDescription' - - description: A general description of the AMI. - spotPrice: - allOf: - - $ref: '#/components/schemas/String' - - description: The maximum price per hour that you are willing to pay for a Spot Instance. - timestamp: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: 'The date and time the request was created, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' - description: Describes the maximum price per hour that you are willing to pay for a Spot Instance. - UserIdGroupPairSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/UserIdGroupPair' - - xml: - name: item - StaleIpPermission: + GroupId: + type: string + required: + - GroupId + IamInstanceProfileSpecification: type: object + additionalProperties: false properties: - fromPort: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The start of the port range for the TCP and UDP protocols, or an ICMP type number. A value of -1 indicates all ICMP types. ' - ipProtocol: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The IP protocol name (for tcp, udp, and icmp) or number (see Protocol Numbers).' - ipRanges: - allOf: - - $ref: '#/components/schemas/IpRanges' - - description: The IP ranges. Not applicable for stale security group rules. - prefixListIds: - allOf: - - $ref: '#/components/schemas/PrefixListIdSet' - - description: The prefix list IDs. Not applicable for stale security group rules. - toPort: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The end of the port range for the TCP and UDP protocols, or an ICMP type number. A value of -1 indicates all ICMP types. ' - groups: - allOf: - - $ref: '#/components/schemas/UserIdGroupPairSet' - - description: 'The security group pairs. Returns the ID of the referenced security group and VPC, and the ID and status of the VPC peering connection.' - description: Describes a stale rule in a security group. - StaleIpPermissionSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/StaleIpPermission' - - xml: - name: item - StaleSecurityGroup: + Arn: + type: string + ClassicLoadBalancersConfig: type: object + additionalProperties: false properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: The description of the security group. - groupId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the security group. - groupName: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the security group. - staleIpPermissions: - allOf: - - $ref: '#/components/schemas/StaleIpPermissionSet' - - description: Information about the stale inbound rules in the security group. - staleIpPermissionsEgress: - allOf: - - $ref: '#/components/schemas/StaleIpPermissionSet' - - description: Information about the stale outbound rules in the security group. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC for the security group. - description: Describes a stale security group (a security group that contains stale rules). - StartInstancesRequest: - type: object + ClassicLoadBalancers: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/ClassicLoadBalancer' required: - - InstanceIds - title: StartInstancesRequest + - ClassicLoadBalancers + LaunchTemplateOverrides: + type: object + additionalProperties: false properties: - InstanceId: - allOf: - - $ref: '#/components/schemas/InstanceIdStringList' - - description: The IDs of the instances. - additionalInfo: - allOf: - - $ref: '#/components/schemas/String' - - description: Reserved. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - StartNetworkInsightsAccessScopeAnalysisRequest: + AvailabilityZone: + type: string + InstanceType: + type: string + SpotPrice: + type: string + SubnetId: + type: string + WeightedCapacity: + type: number + InstanceRequirements: + $ref: '#/components/schemas/InstanceRequirementsRequest' + Priority: + type: number + SpotFleetMonitoring: type: object - required: - - NetworkInsightsAccessScopeId - - ClientToken - title: StartNetworkInsightsAccessScopeAnalysisRequest + additionalProperties: false properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - StartNetworkInsightsAnalysisRequest: + Enabled: + type: boolean + default: false + SpotPlacement: type: object - required: - - NetworkInsightsPathId - - ClientToken - title: StartNetworkInsightsAnalysisRequest + additionalProperties: false properties: - undefined: - allOf: - - $ref: '#/components/schemas/NetworkInsightsPathId' - - description: The ID of the path. - FilterInArn: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TagSpecification: - allOf: - - $ref: '#/components/schemas/String' - - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' - StartVpcEndpointServicePrivateDnsVerificationRequest: + AvailabilityZone: + type: string + GroupName: + type: string + Tenancy: + type: string + enum: + - dedicated + - default + - host + InstanceNetworkInterfaceSpecification: type: object - required: - - ServiceId - title: StartVpcEndpointServicePrivateDnsVerificationRequest + additionalProperties: false properties: - undefined: - allOf: - - $ref: '#/components/schemas/VpcEndpointServiceId' - - description: The ID of the endpoint service. - State: - type: string - enum: - - PendingAcceptance - - Pending - - Available - - Deleting - - Deleted - - Rejected - - Failed - - Expired - StaticSourcesSupportValue: - type: string - enum: - - enable - - disable - StopInstancesRequest: + AssociatePublicIpAddress: + type: boolean + DeleteOnTermination: + type: boolean + Description: + type: string + DeviceIndex: + type: integer + Groups: + type: array + uniqueItems: true + items: + type: string + Ipv6AddressCount: + type: integer + Ipv6Addresses: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/InstanceIpv6Address' + NetworkInterfaceId: + type: string + PrivateIpAddresses: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/PrivateIpAddressSpecification' + SecondaryPrivateIpAddressCount: + type: integer + SubnetId: + type: string + TargetGroupsConfig: type: object - required: - - InstanceIds - title: StopInstancesRequest + additionalProperties: false properties: - InstanceId: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Hibernates the instance if the instance was enabled for hibernation at launch. If the instance cannot hibernate successfully, a normal shutdown occurs. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

Default: false

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - force: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: '

Forces the instances to stop. The instances do not have an opportunity to flush file system caches or file system metadata. If you use this option, you must perform file system check and repair procedures. This option is not recommended for Windows instances.

Default: false

' - StorageLocation: + TargetGroups: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/TargetGroup' + required: + - TargetGroups + EbsBlockDevice: type: object + additionalProperties: false properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: The key. - description: Describes a storage location in Amazon S3. - StoreImageTaskResult: + DeleteOnTermination: + type: boolean + Encrypted: + type: boolean + Iops: + type: integer + SnapshotId: + type: string + VolumeSize: + type: integer + VolumeType: + type: string + enum: + - gp2 + - gp3 + - io1 + - io2 + - sc1 + - st1 + - standard + TargetGroup: type: object + additionalProperties: false properties: - amiId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the AMI that is being stored. - taskStartTime: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The time the task started. - bucket: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the Amazon S3 bucket that contains the stored AMI object. - s3objectKey: - allOf: - - $ref: '#/components/schemas/String' - - description: The name of the stored AMI object in the bucket. - progressPercentage: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The progress of the task as a percentage. - storeTaskState: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The state of the store task (InProgress, Completed, or Failed).' - storeTaskFailureReason: - allOf: - - $ref: '#/components/schemas/String' - - description: 'If the tasks fails, the reason for the failure is returned. If the task succeeds, null is returned.' - description: 'The information about the AMI store task, including the progress of the task.' - SubnetState: - type: string - enum: - - pending - - available - SubnetIpv6CidrBlockAssociationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/SubnetIpv6CidrBlockAssociation' - - xml: - name: item - TransitGatewayMulitcastDomainAssociationState: - type: string - enum: - - pendingAcceptance - - associating - - associated - - disassociating - - disassociated - - rejected - - failed - SubnetAssociation: + Arn: + type: string + required: + - Arn + ClassicLoadBalancer: type: object + additionalProperties: false properties: - subnetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the subnet. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayMulitcastDomainAssociationState' - - description: The state of the subnet association. - description: Describes the subnet association with the transit gateway multicast domain. - SubnetAssociationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SubnetAssociation' - - xml: - name: item - SubnetCidrBlockStateCode: - type: string - enum: - - associating - - associated - - disassociating - - disassociated - - failing - - failed - SubnetCidrBlockState: + Name: + type: string + required: + - Name + SpotFleet: + type: object + properties: + Id: + type: string + SpotFleetRequestConfigData: + $ref: '#/components/schemas/SpotFleetRequestConfigData' + required: + - SpotFleetRequestConfigData + x-stackql-resource-name: spot_fleet + description: Resource Type definition for AWS::EC2::SpotFleet + x-type-name: AWS::EC2::SpotFleet + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - SpotFleetRequestConfigData/AllocationStrategy + - SpotFleetRequestConfigData/IamFleetRole + - SpotFleetRequestConfigData/InstanceInterruptionBehavior + - SpotFleetRequestConfigData/InstancePoolsToUseCount + - SpotFleetRequestConfigData/LaunchSpecifications + - SpotFleetRequestConfigData/LaunchTemplateConfigs + - SpotFleetRequestConfigData/LoadBalancersConfig + - SpotFleetRequestConfigData/OnDemandAllocationStrategy + - SpotFleetRequestConfigData/OnDemandMaxTotalPrice + - SpotFleetRequestConfigData/OnDemandTargetCapacity + - SpotFleetRequestConfigData/ReplaceUnhealthyInstances + - SpotFleetRequestConfigData/SpotMaintenanceStrategies + - SpotFleetRequestConfigData/SpotMaxTotalPrice + - SpotFleetRequestConfigData/SpotPrice + - SpotFleetRequestConfigData/TagSpecifications + - SpotFleetRequestConfigData/TerminateInstancesWithExpiration + - SpotFleetRequestConfigData/Type + - SpotFleetRequestConfigData/ValidFrom + - SpotFleetRequestConfigData/ValidUntil + x-write-only-properties: + - SpotFleetRequestConfigData/TagSpecifications + - SpotFleetRequestConfigData/LaunchSpecifications/*/NetworkInterfaces/*/Groups + x-read-only-properties: + - Id + x-required-properties: + - SpotFleetRequestConfigData + x-required-permissions: + create: + - iam:PassRole + - ec2:CreateTags + - ec2:RequestSpotFleet + - ec2:DescribeSpotFleetRequests + - ec2:RunInstances + delete: + - ec2:DescribeSpotFleetRequests + - ec2:CancelSpotFleetRequests + list: + - ec2:DescribeSpotFleetRequests + read: + - ec2:DescribeSpotFleetRequests + update: + - ec2:ModifySpotFleetRequest + - ec2:DescribeSpotFleetRequests + Subnet: type: object properties: - state: - allOf: - - $ref: '#/components/schemas/SubnetCidrBlockStateCode' - - description: The state of a CIDR block. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A message about the status of the CIDR block, if applicable.' - description: Describes the state of a CIDR block. - SubnetCidrReservationId: - type: string - SubnetCidrReservationType: - type: string - enum: - - prefix - - explicit - SuccessfulInstanceCreditSpecificationItem: + AssignIpv6AddressOnCreation: + type: boolean + description: |- + Indicates whether a network interface created in this subnet receives an IPv6 address. The default value is ``false``. + If you specify ``AssignIpv6AddressOnCreation``, you must also specify an IPv6 CIDR block. + VpcId: + type: string + description: |- + The ID of the VPC the subnet is in. + If you update this property, you must also update the ``CidrBlock`` property. + MapPublicIpOnLaunch: + type: boolean + description: |- + Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is ``false``. + AWS charges for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/). + EnableLniAtDeviceIndex: + type: integer + description: Indicates the device position for local network interfaces in this subnet. For example, ``1`` indicates local network interfaces in this subnet are the secondary network interface (eth1). + NetworkAclAssociationId: + type: string + description: '' + AvailabilityZone: + type: string + description: |- + The Availability Zone of the subnet. + If you update this property, you must also update the ``CidrBlock`` property. + AvailabilityZoneId: + type: string + description: The AZ ID of the subnet. + CidrBlock: + type: string + description: |- + The IPv4 CIDR block assigned to the subnet. + If you update this property, we create a new subnet, and then delete the existing one. + SubnetId: + type: string + description: '' + Ipv6CidrBlocks: + type: array + uniqueItems: false + items: + type: string + description: The IPv6 network ranges for the subnet, in CIDR notation. + Ipv6CidrBlock: + type: string + description: |- + The IPv6 CIDR block. + If you specify ``AssignIpv6AddressOnCreation``, you must also specify an IPv6 CIDR block. + OutpostArn: + type: string + description: The Amazon Resource Name (ARN) of the Outpost. + Ipv6Native: + type: boolean + description: Indicates whether this is an IPv6 only subnet. For more information, see [Subnet basics](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#subnet-basics) in the *User Guide*. + EnableDns64: + type: boolean + description: Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. For more information, see [DNS64 and NAT64](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-nat64-dns64) in the *User Guide*. + PrivateDnsNameOptionsOnLaunch: + type: object + additionalProperties: false + properties: + HostnameType: + type: string + EnableResourceNameDnsARecord: + type: boolean + EnableResourceNameDnsAAAARecord: + type: boolean + description: |- + The hostname type for EC2 instances launched into this subnet and how DNS A and AAAA record queries to the instances should be handled. For more information, see [Amazon EC2 instance hostname types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-naming.html) in the *User Guide*. + Available options: + + EnableResourceNameDnsAAAARecord (true | false) + + EnableResourceNameDnsARecord (true | false) + + HostnameType (ip-name | resource-name) + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + description: Any tags assigned to the subnet. + Ipv4IpamPoolId: + type: string + description: An IPv4 IPAM pool ID for the subnet. + Ipv4NetmaskLength: + type: integer + description: An IPv4 netmask length for the subnet. + Ipv6IpamPoolId: + type: string + description: An IPv6 IPAM pool ID for the subnet. + Ipv6NetmaskLength: + type: integer + description: An IPv6 netmask length for the subnet. + required: + - VpcId + x-stackql-resource-name: subnet + description: |- + Specifies a subnet for the specified VPC. + For an IPv4 only subnet, specify an IPv4 CIDR block. If the VPC has an IPv6 CIDR block, you can create an IPv6 only subnet or a dual stack subnet instead. For an IPv6 only subnet, specify an IPv6 CIDR block. For a dual stack subnet, specify both an IPv4 CIDR block and an IPv6 CIDR block. + For more information, see [Subnets for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html) in the *Amazon VPC User Guide*. + x-type-name: AWS::EC2::Subnet + x-stackql-primary-identifier: + - SubnetId + x-create-only-properties: + - VpcId + - AvailabilityZone + - AvailabilityZoneId + - CidrBlock + - OutpostArn + - Ipv6Native + - Ipv4IpamPoolId + - Ipv4NetmaskLength + - Ipv6IpamPoolId + - Ipv6NetmaskLength + x-conditional-create-only-properties: + - Ipv6CidrBlock + x-write-only-properties: + - EnableLniAtDeviceIndex + - Ipv4IpamPoolId + - Ipv4NetmaskLength + - Ipv6IpamPoolId + - Ipv6NetmaskLength + x-read-only-properties: + - NetworkAclAssociationId + - SubnetId + x-required-properties: + - VpcId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:DescribeSubnets + - ec2:CreateSubnet + - ec2:CreateTags + - ec2:ModifySubnetAttribute + read: + - ec2:DescribeSubnets + - ec2:DescribeNetworkAcls + update: + - ec2:DescribeSubnets + - ec2:ModifySubnetAttribute + - ec2:CreateTags + - ec2:DeleteTags + - ec2:AssociateSubnetCidrBlock + - ec2:DisassociateSubnetCidrBlock + delete: + - ec2:DescribeSubnets + - ec2:DeleteSubnet + list: + - ec2:DescribeSubnets + - ec2:DescribeNetworkAcls + SubnetCidrBlock: + type: object + properties: + Id: + description: Information about the IPv6 association. + type: string + Ipv6CidrBlock: + description: The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length + type: string + maxLength: 42 + Ipv6IpamPoolId: + description: The ID of an IPv6 Amazon VPC IP Address Manager (IPAM) pool from which to allocate, to get the subnet's CIDR + type: string + Ipv6NetmaskLength: + description: The netmask length of the IPv6 CIDR to allocate to the subnet from an IPAM pool + type: integer + minimum: 0 + maximum: 128 + SubnetId: + description: The ID of the subnet + type: string + required: + - SubnetId + x-stackql-resource-name: subnet_cidr_block + description: The AWS::EC2::SubnetCidrBlock resource creates association between subnet and IPv6 CIDR + x-type-name: AWS::EC2::SubnetCidrBlock + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Ipv6CidrBlock + - SubnetId + - Ipv6IpamPoolId + - Ipv6NetmaskLength + x-write-only-properties: + - Ipv6IpamPoolId + - Ipv6NetmaskLength + x-read-only-properties: + - Id + x-required-properties: + - SubnetId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:AssociateSubnetCidrBlock + - ec2:DescribeSubnets + delete: + - ec2:DisassociateSubnetCidrBlock + - ec2:DescribeSubnets + list: + - ec2:DescribeSubnets + read: + - ec2:DescribeSubnets + SubnetNetworkAclAssociation: type: object properties: - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - description: Describes the burstable performance instance whose credit option for CPU usage was successfully modified. - SuccessfulQueuedPurchaseDeletion: + SubnetId: + type: string + description: The ID of the subnet + NetworkAclId: + type: string + description: The ID of the network ACL + AssociationId: + type: string + required: + - NetworkAclId + - SubnetId + x-stackql-resource-name: subnet_network_acl_association + description: Resource Type definition for AWS::EC2::SubnetNetworkAclAssociation + x-type-name: AWS::EC2::SubnetNetworkAclAssociation + x-stackql-primary-identifier: + - AssociationId + x-create-only-properties: + - SubnetId + - NetworkAclId + x-read-only-properties: + - AssociationId + x-required-properties: + - NetworkAclId + - SubnetId + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:DescribeNetworkAcls + - ec2:ReplaceNetworkAclAssociation + read: + - ec2:DescribeNetworkAcls + delete: + - ec2:DescribeNetworkAcls + - ec2:ReplaceNetworkAclAssociation + list: + - ec2:DescribeNetworkAcls + SubnetRouteTableAssociation: type: object properties: - reservedInstancesId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Reserved Instance. - description: Describes a Reserved Instance whose queued purchase was successfully deleted. - TagDescription: + Id: + type: string + description: '' + RouteTableId: + type: string + description: |- + The ID of the route table. + The physical ID changes when the route table ID is changed. + SubnetId: + type: string + description: The ID of the subnet. + required: + - RouteTableId + - SubnetId + x-stackql-resource-name: subnet_route_table_association + description: Associates a subnet with a route table. The subnet and route table must be in the same VPC. This association causes traffic originating from the subnet to be routed according to the routes in the route table. A route table can be associated with multiple subnets. To create a route table, see [AWS::EC2::RouteTable](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-routetable.html). + x-type-name: AWS::EC2::SubnetRouteTableAssociation + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - SubnetId + - RouteTableId + x-read-only-properties: + - Id + x-required-properties: + - RouteTableId + - SubnetId + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:AssociateRouteTable + - ec2:ReplaceRouteTableAssociation + - ec2:DescribeSubnets + - ec2:DescribeRouteTables + read: + - ec2:DescribeRouteTables + delete: + - ec2:DisassociateRouteTable + - ec2:DescribeSubnets + - ec2:DescribeRouteTables + list: + - ec2:DescribeRouteTables + TransitGateway: type: object properties: - key: - allOf: - - $ref: '#/components/schemas/String' - - description: The tag key. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource. - resourceType: - allOf: - - $ref: '#/components/schemas/ResourceType' - - description: The resource type. - value: - allOf: - - $ref: '#/components/schemas/String' - - description: The tag value. - description: Describes a tag. - TargetCapacitySpecificationRequest: + Description: + type: string + AssociationDefaultRouteTableId: + type: string + AutoAcceptSharedAttachments: + type: string + TransitGatewayArn: + type: string + DefaultRouteTablePropagation: + type: string + TransitGatewayCidrBlocks: + type: array + items: + type: string + PropagationDefaultRouteTableId: + type: string + DefaultRouteTableAssociation: + type: string + Id: + type: string + VpnEcmpSupport: + type: string + DnsSupport: + type: string + MulticastSupport: + type: string + AmazonSideAsn: + format: int64 + type: integer + Tags: + uniqueItems: false + type: array + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: transit_gateway + description: Resource Type definition for AWS::EC2::TransitGateway + x-type-name: AWS::EC2::TransitGateway + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - AmazonSideAsn + - MulticastSupport + x-read-only-properties: + - Id + - TransitGatewayArn + x-tagging: + taggable: true + x-required-permissions: + read: + - ec2:CreateTransitGateway + - ec2:CreateTags + - ec2:DescribeTransitGateways + - ec2:DescribeTags + - ec2:DeleteTransitGateway + - ec2:DeleteTags + - ec2:ModifyTransitGateway + - ec2:ModifyTransitGatewayOptions + create: + - ec2:CreateTransitGateway + - ec2:CreateTags + - ec2:DescribeTransitGateways + - ec2:DescribeTags + - ec2:DeleteTransitGateway + - ec2:DeleteTags + - ec2:ModifyTransitGateway + - ec2:ModifyTransitGatewayOptions + update: + - ec2:CreateTransitGateway + - ec2:CreateTags + - ec2:DescribeTransitGateways + - ec2:DescribeTags + - ec2:DeleteTransitGateway + - ec2:DeleteTags + - ec2:ModifyTransitGateway + - ec2:ModifyTransitGatewayOptions + list: + - ec2:CreateTransitGateway + - ec2:CreateTags + - ec2:DescribeTransitGateways + - ec2:DescribeTags + - ec2:DeleteTransitGateway + - ec2:DeleteTags + - ec2:ModifyTransitGateway + - ec2:ModifyTransitGatewayOptions + delete: + - ec2:CreateTransitGateway + - ec2:CreateTags + - ec2:DescribeTransitGateways + - ec2:DescribeTags + - ec2:DeleteTransitGateway + - ec2:DeleteTags + - ec2:ModifyTransitGateway + - ec2:ModifyTransitGatewayOptions + TransitGatewayAttachment: type: object - required: - - TotalTargetCapacity properties: - undefined: - allOf: - - $ref: '#/components/schemas/TargetCapacityUnitType' - - description: '

The unit for the target capacity.

Default: units (translates to number of instances)

' - description: '

The number of units to request. You can choose to set the target capacity as the number of instances. Or you can set the target capacity to a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.

You can use the On-Demand Instance MaxTotalPrice parameter, the Spot Instance MaxTotalPrice parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, EC2 Fleet will launch instances until it reaches the maximum amount that you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity. The MaxTotalPrice parameters are located in OnDemandOptionsRequest and SpotOptionsRequest.

' - TargetConfiguration: + Id: + type: string + TransitGatewayId: + type: string + VpcId: + type: string + SubnetIds: + type: array + x-insertionOrder: false + uniqueItems: false + items: + type: string + Tags: + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + Options: + description: The options for the transit gateway vpc attachment. + type: object + properties: + DnsSupport: + description: 'Indicates whether to enable DNS Support for Vpc Attachment. Valid Values: enable | disable' + type: string + Ipv6Support: + description: 'Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable' + type: string + ApplianceModeSupport: + description: 'Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable' + type: string + SecurityGroupReferencingSupport: + description: 'Indicates whether to enable Security Group referencing support for Vpc Attachment. Valid Values: enable | disable' + type: string + additionalProperties: false + required: + - VpcId + - SubnetIds + - TransitGatewayId + x-stackql-resource-name: transit_gateway_attachment + description: Resource Type definition for AWS::EC2::TransitGatewayAttachment + x-type-name: AWS::EC2::TransitGatewayAttachment + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - TransitGatewayId + - VpcId + x-read-only-properties: + - Id + x-required-properties: + - VpcId + - SubnetIds + - TransitGatewayId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:DescribeTransitGatewayAttachments + - ec2:DescribeTransitGatewayVpcAttachments + - ec2:CreateTransitGatewayVpcAttachment + - ec2:DeleteTransitGatewayVpcAttachment + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeTags + - ec2:DescribeTransitGatewayAttachments + - ec2:ModifyTransitGatewayVpcAttachment + read: + - ec2:DescribeTransitGatewayAttachments + - ec2:DescribeTransitGatewayVpcAttachments + - ec2:CreateTransitGatewayVpcAttachment + - ec2:DeleteTransitGatewayVpcAttachment + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeTags + - ec2:DescribeTransitGatewayAttachments + - ec2:ModifyTransitGatewayVpcAttachment + delete: + - ec2:DescribeTransitGatewayAttachments + - ec2:DescribeTransitGatewayVpcAttachments + - ec2:CreateTransitGatewayVpcAttachment + - ec2:DeleteTransitGatewayVpcAttachment + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeTags + - ec2:DescribeTransitGatewayAttachments + - ec2:ModifyTransitGatewayVpcAttachment + list: + - ec2:DescribeTransitGatewayAttachments + - ec2:DescribeTransitGatewayVpcAttachments + - ec2:DescribeTags + - ec2:CreateTransitGatewayVpcAttachment + - ec2:CreateTags + - ec2:DeleteTransitGatewayVpcAttachment + - ec2:DeleteTags + - ec2:ModifyTransitGatewayVpcAttachment + update: + - ec2:DescribeTransitGatewayAttachments + - ec2:DescribeTransitGatewayVpcAttachments + - ec2:DescribeTags + - ec2:CreateTransitGatewayVpcAttachment + - ec2:CreateTags + - ec2:DeleteTransitGatewayVpcAttachment + - ec2:DeleteTags + - ec2:ModifyTransitGatewayVpcAttachment + TransitGatewayConnectOptions: type: object properties: - instanceCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of instances the Convertible Reserved Instance offering can be applied to. This parameter is reserved and cannot be specified in a request - offeringId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Convertible Reserved Instance offering. - description: Information about the Convertible Reserved Instance offering. - TargetGroup: + Protocol: + description: The tunnel protocol. + type: string + additionalProperties: false + TransitGatewayConnect: type: object properties: - arn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the target group. - description: Describes a load balancer target group. - TargetGroups: - type: array - items: - allOf: - - $ref: '#/components/schemas/TargetGroup' - - xml: - name: item - minItems: 1 - maxItems: 5 - TargetNetwork: + TransitGatewayAttachmentId: + description: The ID of the Connect attachment. + type: string + TransportTransitGatewayAttachmentId: + description: The ID of the attachment from which the Connect attachment was created. + type: string + TransitGatewayId: + description: The ID of the transit gateway. + type: string + State: + description: The state of the attachment. + type: string + CreationTime: + description: The creation time. + type: string + Tags: + description: The tags for the attachment. + type: array + items: + $ref: '#/components/schemas/Tag' + Options: + $ref: '#/components/schemas/TransitGatewayConnectOptions' + description: The Connect attachment options. + required: + - TransportTransitGatewayAttachmentId + - Options + x-stackql-resource-name: transit_gateway_connect + description: The AWS::EC2::TransitGatewayConnect type + x-type-name: AWS::EC2::TransitGatewayConnect + x-stackql-primary-identifier: + - TransitGatewayAttachmentId + x-create-only-properties: + - TransportTransitGatewayAttachmentId + - Options + x-read-only-properties: + - TransitGatewayAttachmentId + - State + - CreationTime + - TransitGatewayId + x-required-properties: + - TransportTransitGatewayAttachmentId + - Options + x-required-permissions: + create: + - ec2:CreateTransitGatewayConnect + - ec2:DescribeTransitGatewayConnects + - ec2:CreateTags + read: + - ec2:DescribeTransitGatewayConnects + update: + - ec2:DescribeTransitGatewayConnects + - ec2:DeleteTags + - ec2:CreateTags + delete: + - ec2:DeleteTransitGatewayConnect + - ec2:DescribeTransitGatewayConnects + - ec2:DeleteTags + list: + - ec2:DescribeTransitGatewayConnects + TransitGatewayMulticastDomain: type: object properties: - associationId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the association. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC in which the target network (subnet) is located. - targetNetworkId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the subnet specified as the target network. - clientVpnEndpointId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Client VPN endpoint with which the target network is associated. - status: - allOf: - - $ref: '#/components/schemas/AssociationStatus' - - description: The current state of the target network association. - securityGroups: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The IDs of the security groups applied to the target network association. - description: Describes a target network associated with a Client VPN endpoint. - TargetReservationValue: + TransitGatewayMulticastDomainId: + description: The ID of the transit gateway multicast domain. + type: string + TransitGatewayMulticastDomainArn: + description: The Amazon Resource Name (ARN) of the transit gateway multicast domain. + type: string + TransitGatewayId: + description: The ID of the transit gateway. + type: string + State: + description: The state of the transit gateway multicast domain. + type: string + CreationTime: + description: The time the transit gateway multicast domain was created. + type: string + format: date-time + Tags: + description: The tags for the transit gateway multicast domain. + type: array + items: + $ref: '#/components/schemas/Tag' + Options: + description: The options for the transit gateway multicast domain. + type: object + properties: + AutoAcceptSharedAssociations: + description: 'Indicates whether to automatically cross-account subnet associations that are associated with the transit gateway multicast domain. Valid Values: enable | disable' + type: string + Igmpv2Support: + description: 'Indicates whether Internet Group Management Protocol (IGMP) version 2 is turned on for the transit gateway multicast domain. Valid Values: enable | disable' + type: string + StaticSourcesSupport: + description: 'Indicates whether support for statically configuring transit gateway multicast group sources is turned on. Valid Values: enable | disable' + type: string + additionalProperties: false + required: + - TransitGatewayId + x-stackql-resource-name: transit_gateway_multicast_domain + description: The AWS::EC2::TransitGatewayMulticastDomain type + x-type-name: AWS::EC2::TransitGatewayMulticastDomain + x-stackql-primary-identifier: + - TransitGatewayMulticastDomainId + x-create-only-properties: + - TransitGatewayId + x-read-only-properties: + - TransitGatewayMulticastDomainId + - State + - CreationTime + - TransitGatewayMulticastDomainArn + x-required-properties: + - TransitGatewayId + x-required-permissions: + create: + - ec2:DescribeTransitGatewayMulticastDomains + - ec2:CreateTransitGatewayMulticastDomain + - ec2:CreateTags + read: + - ec2:DescribeTransitGatewayMulticastDomains + update: + - ec2:DescribeTransitGatewayMulticastDomains + - ec2:DeleteTags + - ec2:CreateTags + delete: + - ec2:DescribeTransitGatewayMulticastDomains + - ec2:DeleteTransitGatewayMulticastDomain + - ec2:DeleteTags + list: + - ec2:DescribeTransitGatewayMulticastDomains + TransitGatewayMulticastDomainAssociation: type: object properties: - reservationValue: - allOf: - - $ref: '#/components/schemas/ReservationValue' - - description: 'The total value of the Convertible Reserved Instances that make up the exchange. This is the sum of the list value, remaining upfront price, and additional upfront cost of the exchange.' - targetConfiguration: - allOf: - - $ref: '#/components/schemas/TargetConfiguration' - - description: The configuration of the Convertible Reserved Instances that make up the exchange. - description: The total value of the new Convertible Reserved Instances. - TargetStorageTier: - type: string - enum: - - archive - TelemetryStatus: - type: string - enum: - - UP - - DOWN - TerminateClientVpnConnectionsRequest: - type: object + TransitGatewayMulticastDomainId: + description: The ID of the transit gateway multicast domain. + type: string + TransitGatewayAttachmentId: + description: The ID of the transit gateway attachment. + type: string + ResourceId: + description: The ID of the resource. + type: string + ResourceType: + description: The type of resource, for example a VPC attachment. + type: string + State: + description: The state of the subnet association. + type: string + SubnetId: + description: The IDs of the subnets to associate with the transit gateway multicast domain. + type: string required: - - ClientVpnEndpointId - title: TerminateClientVpnConnectionsRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - TerminateConnectionStatusSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/TerminateConnectionStatus' - - xml: - name: item - TerminateConnectionStatus: + - TransitGatewayMulticastDomainId + - TransitGatewayAttachmentId + - SubnetId + x-stackql-resource-name: transit_gateway_multicast_domain_association + description: The AWS::EC2::TransitGatewayMulticastDomainAssociation type + x-type-name: AWS::EC2::TransitGatewayMulticastDomainAssociation + x-stackql-primary-identifier: + - TransitGatewayMulticastDomainId + - TransitGatewayAttachmentId + - SubnetId + x-create-only-properties: + - TransitGatewayMulticastDomainId + - TransitGatewayAttachmentId + - SubnetId + x-read-only-properties: + - ResourceId + - ResourceType + - State + x-required-properties: + - TransitGatewayMulticastDomainId + - TransitGatewayAttachmentId + - SubnetId + x-required-permissions: + create: + - ec2:AssociateTransitGatewayMulticastDomain + - ec2:GetTransitGatewayMulticastDomainAssociations + read: + - ec2:GetTransitGatewayMulticastDomainAssociations + delete: + - ec2:DisassociateTransitGatewayMulticastDomain + - ec2:GetTransitGatewayMulticastDomainAssociations + list: + - ec2:GetTransitGatewayMulticastDomainAssociations + TransitGatewayMulticastGroupMember: type: object properties: - connectionId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the client connection. - previousStatus: - allOf: - - $ref: '#/components/schemas/ClientVpnConnectionStatus' - - description: The state of the client connection. - currentStatus: - allOf: - - $ref: '#/components/schemas/ClientVpnConnectionStatus' - - description: 'A message about the status of the client connection, if applicable.' - description: Information about a terminated Client VPN endpoint client connection. - TerminateInstancesRequest: + GroupIpAddress: + description: The IP address assigned to the transit gateway multicast group. + type: string + TransitGatewayAttachmentId: + description: The ID of the transit gateway attachment. + type: string + TransitGatewayMulticastDomainId: + description: The ID of the transit gateway multicast domain. + type: string + SubnetId: + description: The ID of the subnet. + type: string + ResourceId: + description: The ID of the resource. + type: string + ResourceType: + description: The type of resource, for example a VPC attachment. + type: string + NetworkInterfaceId: + description: The ID of the transit gateway attachment. + type: string + GroupMember: + description: Indicates that the resource is a transit gateway multicast group member. + type: boolean + GroupSource: + description: Indicates that the resource is a transit gateway multicast group member. + type: boolean + MemberType: + description: The member type (for example, static). + type: string + SourceType: + description: The source type. + type: string + required: + - GroupIpAddress + - NetworkInterfaceId + - TransitGatewayMulticastDomainId + x-stackql-resource-name: transit_gateway_multicast_group_member + description: The AWS::EC2::TransitGatewayMulticastGroupMember registers and deregisters members and sources (network interfaces) with the transit gateway multicast group + x-type-name: AWS::EC2::TransitGatewayMulticastGroupMember + x-stackql-primary-identifier: + - TransitGatewayMulticastDomainId + - GroupIpAddress + - NetworkInterfaceId + x-create-only-properties: + - TransitGatewayMulticastDomainId + - GroupIpAddress + - NetworkInterfaceId + x-read-only-properties: + - SubnetId + - ResourceId + - ResourceType + - GroupSource + - GroupMember + - MemberType + - SourceType + - TransitGatewayAttachmentId + x-required-properties: + - GroupIpAddress + - NetworkInterfaceId + - TransitGatewayMulticastDomainId + x-required-permissions: + create: + - ec2:RegisterTransitGatewayMulticastGroupMembers + - ec2:SearchTransitGatewayMulticastGroups + read: + - ec2:SearchTransitGatewayMulticastGroups + delete: + - ec2:DeregisterTransitGatewayMulticastGroupMembers + - ec2:SearchTransitGatewayMulticastGroups + list: + - ec2:SearchTransitGatewayMulticastGroups + TransitGatewayMulticastGroupSource: type: object + properties: + GroupIpAddress: + description: The IP address assigned to the transit gateway multicast group. + type: string + TransitGatewayAttachmentId: + description: The ID of the transit gateway attachment. + type: string + TransitGatewayMulticastDomainId: + description: The ID of the transit gateway multicast domain. + type: string + SubnetId: + description: The ID of the subnet. + type: string + ResourceId: + description: The ID of the resource. + type: string + ResourceType: + description: The type of resource, for example a VPC attachment. + type: string + NetworkInterfaceId: + description: The ID of the transit gateway attachment. + type: string + GroupMember: + description: Indicates that the resource is a transit gateway multicast group member. + type: boolean + GroupSource: + description: Indicates that the resource is a transit gateway multicast group member. + type: boolean + MemberType: + description: The member type (for example, static). + type: string + SourceType: + description: The source type. + type: string required: - - InstanceIds - title: TerminateInstancesRequest + - TransitGatewayMulticastDomainId + - NetworkInterfaceId + - GroupIpAddress + x-stackql-resource-name: transit_gateway_multicast_group_source + description: The AWS::EC2::TransitGatewayMulticastGroupSource registers and deregisters members and sources (network interfaces) with the transit gateway multicast group + x-type-name: AWS::EC2::TransitGatewayMulticastGroupSource + x-stackql-primary-identifier: + - TransitGatewayMulticastDomainId + - GroupIpAddress + - NetworkInterfaceId + x-create-only-properties: + - TransitGatewayMulticastDomainId + - GroupIpAddress + - NetworkInterfaceId + x-read-only-properties: + - SubnetId + - ResourceId + - ResourceType + - GroupSource + - GroupMember + - MemberType + - SourceType + - TransitGatewayAttachmentId + x-required-properties: + - TransitGatewayMulticastDomainId + - NetworkInterfaceId + - GroupIpAddress + x-required-permissions: + create: + - ec2:RegisterTransitGatewayMulticastGroupSources + - ec2:SearchTransitGatewayMulticastGroups + read: + - ec2:SearchTransitGatewayMulticastGroups + delete: + - ec2:DeregisterTransitGatewayMulticastGroupSources + - ec2:SearchTransitGatewayMulticastGroups + list: + - ec2:SearchTransitGatewayMulticastGroups + PeeringAttachmentStatus: + additionalProperties: false + type: object properties: - InstanceId: - allOf: - - $ref: '#/components/schemas/InstanceIdStringList' - - description: '

The IDs of the instances.

Constraints: Up to 1000 instance IDs. We recommend breaking up this request into smaller batches.

' - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ThreadsPerCore: - type: integer - ThreadsPerCoreList: - type: array - items: - allOf: - - $ref: '#/components/schemas/ThreadsPerCore' - - xml: - name: item - ThroughResourcesStatement: + Message: + description: The status message, if applicable. + type: string + Code: + description: The status code. + type: string + TransitGatewayPeeringAttachment: type: object properties: - resourceStatement: - allOf: - - $ref: '#/components/schemas/ResourceStatement' - - description: The resource statement. - description: Describes a through resource statement. - ThroughResourcesStatementRequest: + Status: + description: The status of the transit gateway peering attachment. + $ref: '#/components/schemas/PeeringAttachmentStatus' + TransitGatewayId: + description: The ID of the transit gateway. + type: string + PeerTransitGatewayId: + description: The ID of the peer transit gateway. + type: string + PeerAccountId: + description: The ID of the peer account + type: string + State: + description: The state of the transit gateway peering attachment. Note that the initiating state has been deprecated. + type: string + CreationTime: + format: date-time + description: The time the transit gateway peering attachment was created. + type: string + PeerRegion: + description: Peer Region + type: string + Tags: + description: The tags for the transit gateway peering attachment. + type: array + items: + $ref: '#/components/schemas/Tag' + TransitGatewayAttachmentId: + description: The ID of the transit gateway peering attachment. + type: string + required: + - TransitGatewayId + - PeerTransitGatewayId + - PeerAccountId + - PeerRegion + x-stackql-resource-name: transit_gateway_peering_attachment + description: The AWS::EC2::TransitGatewayPeeringAttachment type + x-type-name: AWS::EC2::TransitGatewayPeeringAttachment + x-stackql-primary-identifier: + - TransitGatewayAttachmentId + x-create-only-properties: + - TransitGatewayId + - PeerTransitGatewayId + - PeerRegion + - PeerAccountId + x-read-only-properties: + - TransitGatewayAttachmentId + - Status + - State + - CreationTime + x-required-properties: + - TransitGatewayId + - PeerTransitGatewayId + - PeerAccountId + - PeerRegion + x-required-permissions: + read: + - ec2:DescribeTransitGatewayPeeringAttachments + create: + - ec2:CreateTransitGatewayPeeringAttachment + - ec2:DescribeTransitGatewayPeeringAttachments + update: + - ec2:DescribeTransitGatewayPeeringAttachments + list: + - ec2:DescribeTransitGatewayPeeringAttachments + delete: + - ec2:DeleteTransitGatewayPeeringAttachment + - ec2:DescribeTransitGatewayPeeringAttachments + TransitGatewayRouteTable: type: object properties: - undefined: - allOf: - - $ref: '#/components/schemas/ResourceStatementRequest' - - description: The resource statement. - description: Describes a through resource statement. - TotalLocalStorageGBRequest: + TransitGatewayRouteTableId: + description: Transit Gateway Route Table primary identifier + type: string + TransitGatewayId: + description: The ID of the transit gateway. + type: string + Tags: + type: array + description: Tags are composed of a Key/Value pair. You can use tags to categorize and track each parameter group. The tag value null is permitted. + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: false + required: + - TransitGatewayId + x-stackql-resource-name: transit_gateway_route_table + description: Resource Type definition for AWS::EC2::TransitGatewayRouteTable + x-type-name: AWS::EC2::TransitGatewayRouteTable + x-stackql-primary-identifier: + - TransitGatewayRouteTableId + x-create-only-properties: + - TransitGatewayId + - Tags + x-read-only-properties: + - TransitGatewayRouteTableId + x-required-properties: + - TransitGatewayId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:CreateTransitGatewayRouteTable + - ec2:CreateTags + - ec2:DescribeTransitGatewayRouteTables + read: + - ec2:DescribeTransitGatewayRouteTables + delete: + - ec2:DeleteTransitGatewayRouteTable + - ec2:DescribeTransitGatewayRouteTables + - ec2:GetTransitGatewayRouteTableAssociations + - ec2:DisassociateTransitGatewayRouteTable + list: + - ec2:DescribeTransitGatewayRouteTables + TransitGatewayRouteTableAssociation: type: object properties: - undefined: - allOf: - - $ref: '#/components/schemas/Double' - - description: 'The maximum amount of total local storage, in GB. To specify no maximum limit, omit this parameter.' - description: 'The minimum and maximum amount of total local storage, in GB.' - TrafficDirection: - type: string - enum: - - ingress - - egress - TrafficMirrorFilterRuleList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrafficMirrorFilterRule' - - xml: - name: item - TrafficMirrorFilterIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrafficMirrorFilterId' - - xml: - name: item - TrafficMirrorRuleAction: - type: string - enum: - - accept - - reject - TrafficMirrorPortRange: + TransitGatewayRouteTableId: + description: The ID of transit gateway route table. + type: string + TransitGatewayAttachmentId: + description: The ID of transit gateway attachment. + type: string + required: + - TransitGatewayRouteTableId + - TransitGatewayAttachmentId + x-stackql-resource-name: transit_gateway_route_table_association + description: Resource Type definition for AWS::EC2::TransitGatewayRouteTableAssociation + x-type-name: AWS::EC2::TransitGatewayRouteTableAssociation + x-stackql-primary-identifier: + - TransitGatewayRouteTableId + - TransitGatewayAttachmentId + x-create-only-properties: + - TransitGatewayRouteTableId + - TransitGatewayAttachmentId + x-required-properties: + - TransitGatewayRouteTableId + - TransitGatewayAttachmentId + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:AssociateTransitGatewayRouteTable + - ec2:GetTransitGatewayRouteTableAssociations + read: + - ec2:GetTransitGatewayRouteTableAssociations + delete: + - ec2:GetTransitGatewayRouteTableAssociations + - ec2:DisassociateTransitGatewayRouteTable + list: + - ec2:GetTransitGatewayRouteTableAssociations + TransitGatewayVpcAttachment: type: object properties: - fromPort: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The start of the Traffic Mirror port range. This applies to the TCP and UDP protocols. - toPort: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The end of the Traffic Mirror port range. This applies to the TCP and UDP protocols. - description: Describes the Traffic Mirror port range. - TrafficMirrorFilterRuleFieldList: - type: array - items: - $ref: '#/components/schemas/TrafficMirrorFilterRuleField' - TrafficMirrorFilterRuleId: - type: string - TrafficMirrorPortRangeRequest: + Options: + description: The options for the transit gateway vpc attachment. + additionalProperties: false + type: object + properties: + Ipv6Support: + description: 'Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable' + type: string + ApplianceModeSupport: + description: 'Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable' + type: string + DnsSupport: + description: 'Indicates whether to enable DNS Support for Vpc Attachment. Valid Values: enable | disable' + type: string + TransitGatewayId: + type: string + VpcId: + type: string + RemoveSubnetIds: + uniqueItems: false + x-insertionOrder: false + type: array + items: + type: string + Id: + type: string + SubnetIds: + uniqueItems: false + x-insertionOrder: false + type: array + items: + type: string + AddSubnetIds: + uniqueItems: false + x-insertionOrder: false + type: array + items: + type: string + Tags: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - SubnetIds + - VpcId + - TransitGatewayId + x-stackql-resource-name: transit_gateway_vpc_attachment + description: Resource Type definition for AWS::EC2::TransitGatewayVpcAttachment + x-type-name: AWS::EC2::TransitGatewayVpcAttachment + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - TransitGatewayId + - SubnetIds + - VpcId + x-write-only-properties: + - AddSubnetIds + - RemoveSubnetIds + x-read-only-properties: + - Id + x-required-properties: + - SubnetIds + - VpcId + - TransitGatewayId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + x-required-permissions: + read: + - ec2:DescribeTransitGatewayAttachments + - ec2:DescribeTransitGatewayVpcAttachments + - ec2:CreateTransitGatewayVpcAttachment + - ec2:DeleteTransitGatewayVpcAttachment + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeTags + - ec2:DescribeTransitGatewayAttachments + - ec2:ModifyTransitGatewayVpcAttachment + create: + - ec2:DescribeTransitGatewayAttachments + - ec2:DescribeTransitGatewayVpcAttachments + - ec2:CreateTransitGatewayVpcAttachment + - ec2:DeleteTransitGatewayVpcAttachment + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeTags + - ec2:DescribeTransitGatewayAttachments + - ec2:ModifyTransitGatewayVpcAttachment + update: + - ec2:DescribeTransitGatewayAttachments + - ec2:DescribeTransitGatewayVpcAttachments + - ec2:DescribeTags + - ec2:CreateTransitGatewayVpcAttachment + - ec2:CreateTags + - ec2:DeleteTransitGatewayVpcAttachment + - ec2:DeleteTags + - ec2:ModifyTransitGatewayVpcAttachment + list: + - ec2:DescribeTransitGatewayAttachments + - ec2:DescribeTransitGatewayVpcAttachments + - ec2:DescribeTags + - ec2:CreateTransitGatewayVpcAttachment + - ec2:CreateTags + - ec2:DeleteTransitGatewayVpcAttachment + - ec2:DeleteTags + - ec2:ModifyTransitGatewayVpcAttachment + delete: + - ec2:DescribeTransitGatewayAttachments + - ec2:DescribeTransitGatewayVpcAttachments + - ec2:CreateTransitGatewayVpcAttachment + - ec2:DeleteTransitGatewayVpcAttachment + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeTags + - ec2:DescribeTransitGatewayAttachments + - ec2:ModifyTransitGatewayVpcAttachment + NetworkInterfaceOptions: + description: The options for network-interface type endpoint. type: object properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The last port in the Traffic Mirror port range. This applies to the TCP and UDP protocols. - description: Information about the Traffic Mirror filter rule port range. - TrafficMirrorSessionFieldList: - type: array - items: - $ref: '#/components/schemas/TrafficMirrorSessionField' - TrafficMirrorSessionIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrafficMirrorSessionId' - - xml: - name: item - TrafficMirrorTargetType: - type: string - enum: - - network-interface - - network-load-balancer - - gateway-load-balancer-endpoint - TrafficMirrorTargetIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrafficMirrorTargetId' - - xml: - name: item - TrafficMirroringMaxResults: - type: integer - minimum: 5 - maximum: 1000 - TransitAssociationGatewayId: - type: string - TransitGatewayState: + NetworkInterfaceId: + description: The ID of the network interface. + type: string + Port: + description: The IP port number. + type: integer + minimum: 1 + maximum: 65535 + Protocol: + description: The IP protocol. + type: string + additionalProperties: false + LoadBalancerOptions: + description: The load balancer details if creating the AWS Verified Access endpoint as load-balancertype. + type: object + properties: + LoadBalancerArn: + description: The ARN of the load balancer. + type: string + Port: + description: The IP port number. + type: integer + minimum: 1 + maximum: 65535 + Protocol: + description: The IP protocol. + type: string + SubnetIds: + description: The IDs of the subnets. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/SubnetId' + additionalProperties: false + SubnetId: + description: The IDs of the subnet. + type: string + SseSpecification: + description: The configuration options for customer provided KMS encryption. + type: object + properties: + KmsKeyArn: + description: KMS Key Arn used to encrypt the group policy + type: string + CustomerManagedKeyEnabled: + description: Whether to encrypt the policy with the provided key or disable encryption + type: boolean + additionalProperties: false + VerifiedAccessEndpoint: + type: object + properties: + VerifiedAccessEndpointId: + description: The ID of the AWS Verified Access endpoint. + type: string + VerifiedAccessGroupId: + description: The ID of the AWS Verified Access group. + type: string + VerifiedAccessInstanceId: + description: The ID of the AWS Verified Access instance. + type: string + Status: + description: The endpoint status. + type: string + SecurityGroupIds: + description: The IDs of the security groups for the endpoint. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/SecurityGroupId' + NetworkInterfaceOptions: + description: The options for network-interface type endpoint. + $ref: '#/components/schemas/NetworkInterfaceOptions' + LoadBalancerOptions: + description: The load balancer details if creating the AWS Verified Access endpoint as load-balancer type. + $ref: '#/components/schemas/LoadBalancerOptions' + EndpointType: + description: The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified.The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified. + type: string + EndpointDomain: + description: A DNS name that is generated for the endpoint. + type: string + EndpointDomainPrefix: + description: A custom identifier that gets prepended to a DNS name that is generated for the endpoint. + type: string + DeviceValidationDomain: + description: Returned if endpoint has a device trust provider attached. + type: string + DomainCertificateArn: + description: The ARN of a public TLS/SSL certificate imported into or created with ACM. + type: string + AttachmentType: + description: The type of attachment used to provide connectivity between the AWS Verified Access endpoint and the application. + type: string + ApplicationDomain: + description: The DNS name for users to reach your application. + type: string + CreationTime: + description: The creation time. + type: string + LastUpdatedTime: + description: The last updated time. + type: string + Description: + description: A description for the AWS Verified Access endpoint. + type: string + PolicyDocument: + description: The AWS Verified Access policy document. + type: string + PolicyEnabled: + description: The status of the Verified Access policy. + type: boolean + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + SseSpecification: + description: The configuration options for customer provided KMS encryption. + $ref: '#/components/schemas/SseSpecification' + required: + - ApplicationDomain + - AttachmentType + - DomainCertificateArn + - EndpointType + - VerifiedAccessGroupId + - EndpointDomainPrefix + x-stackql-resource-name: verified_access_endpoint + description: The AWS::EC2::VerifiedAccessEndpoint resource creates an AWS EC2 Verified Access Endpoint. + x-type-name: AWS::EC2::VerifiedAccessEndpoint + x-stackql-primary-identifier: + - VerifiedAccessEndpointId + x-create-only-properties: + - ApplicationDomain + - AttachmentType + - DomainCertificateArn + - EndpointDomainPrefix + - EndpointType + - SecurityGroupIds + - NetworkInterfaceOptions/NetworkInterfaceId + - LoadBalancerOptions/LoadBalancerArn + x-read-only-properties: + - VerifiedAccessEndpointId + - EndpointDomain + - CreationTime + - LastUpdatedTime + - Status + - DeviceValidationDomain + - VerifiedAccessInstanceId + x-required-properties: + - ApplicationDomain + - AttachmentType + - DomainCertificateArn + - EndpointType + - VerifiedAccessGroupId + - EndpointDomainPrefix + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateVerifiedAccessEndpoint + - ec2:DescribeVerifiedAccessEndpoints + - ec2:CreateTags + - ec2:DescribeTags + - iam:CreateServiceLinkedRole + - iam:ListRoles + - acm:GetCertificateWithPK + - acm:DescribeCertificate + - acm:CreateCertificateRelation + - sso:GetManagedApplicationInstance + - sso:GetPeregrineStatus + - sso:GetSharedSsoConfiguration + - sso:CreateManagedApplicationInstance + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - ec2:DescribeNetworkInterfaces + - ec2:DescribeAccountAttributes + - elasticloadbalancing:DescribeLoadBalancers + - elasticloadbalancing:DescribeListeners + - elasticloadbalancing:DescribeListenerCertificates + - acm:DeleteCertificateRelation + - ec2:DeleteTags + - ec2:DeleteVerifiedAccessEndpoint + - ec2:GetVerifiedAccessEndpointPolicy + - ec2:ModifyVerifiedAccessEndpoint + - ec2:ModifyVerifiedAccessEndpointPolicy + - sso:DeleteManagedApplicationInstance + - kms:DescribeKey + - kms:RetireGrant + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + read: + - ec2:DescribeVerifiedAccessEndpoints + - ec2:GetVerifiedAccessEndpointPolicy + - ec2:DescribeTags + - acm:CreateCertificateRelation + - acm:DeleteCertificateRelation + - acm:DescribeCertificate + - acm:GetCertificateWithPK + - ec2:CreateTags + - ec2:CreateVerifiedAccessEndpoint + - ec2:DeleteTags + - ec2:DeleteVerifiedAccessEndpoint + - ec2:DescribeAccountAttributes + - ec2:DescribeNetworkInterfaces + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:ModifyVerifiedAccessEndpoint + - ec2:ModifyVerifiedAccessEndpointPolicy + - elasticloadbalancing:DescribeListenerCertificates + - elasticloadbalancing:DescribeListeners + - elasticloadbalancing:DescribeLoadBalancers + - iam:CreateServiceLinkedRole + - iam:ListRoles + - sso:CreateManagedApplicationInstance + - sso:DeleteManagedApplicationInstance + - sso:GetManagedApplicationInstance + - sso:GetPeregrineStatus + - sso:GetSharedSsoConfiguration + - kms:DescribeKey + - kms:RetireGrant + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + update: + - ec2:ModifyVerifiedAccessEndpoint + - ec2:ModifyVerifiedAccessEndpointPolicy + - ec2:DescribeVerifiedAccessEndpoints + - ec2:GetVerifiedAccessEndpointPolicy + - ec2:DescribeTags + - ec2:DeleteTags + - ec2:CreateTags + - acm:GetCertificateWithPK + - acm:DescribeCertificate + - acm:CreateCertificateRelation + - acm:DeleteCertificateRelation + - sso:GetManagedApplicationInstance + - sso:GetPeregrineStatus + - sso:GetSharedSsoConfiguration + - sso:CreateManagedApplicationInstance + - sso:DeleteManagedApplicationInstance + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - ec2:DescribeNetworkInterfaces + - ec2:DescribeAccountAttributes + - elasticloadbalancing:DescribeLoadBalancers + - elasticloadbalancing:DescribeListeners + - elasticloadbalancing:DescribeListenerCertificates + - ec2:CreateVerifiedAccessEndpoint + - ec2:DeleteVerifiedAccessEndpoint + - iam:CreateServiceLinkedRole + - iam:ListRoles + - kms:DescribeKey + - kms:RetireGrant + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + delete: + - ec2:DescribeVerifiedAccessEndpoints + - ec2:DescribeTags + - ec2:DeleteVerifiedAccessEndpoint + - ec2:DeleteTags + - sso:DeleteManagedApplicationInstance + - acm:DeleteCertificateRelation + - acm:DescribeCertificate + - acm:CreateCertificateRelation + - acm:GetCertificateWithPK + - ec2:CreateTags + - ec2:CreateVerifiedAccessEndpoint + - ec2:DescribeAccountAttributes + - ec2:DescribeNetworkInterfaces + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:GetVerifiedAccessEndpointPolicy + - ec2:ModifyVerifiedAccessEndpoint + - ec2:ModifyVerifiedAccessEndpointPolicy + - elasticloadbalancing:DescribeListenerCertificates + - elasticloadbalancing:DescribeListeners + - elasticloadbalancing:DescribeLoadBalancers + - iam:CreateServiceLinkedRole + - iam:ListRoles + - sso:CreateManagedApplicationInstance + - sso:GetManagedApplicationInstance + - sso:GetPeregrineStatus + - sso:GetSharedSsoConfiguration + - kms:DescribeKey + - kms:RetireGrant + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + list: + - ec2:DescribeVerifiedAccessEndpoints + - ec2:DescribeTags + - acm:CreateCertificateRelation + - acm:DeleteCertificateRelation + - acm:DescribeCertificate + - acm:GetCertificateWithPK + - ec2:CreateTags + - ec2:CreateVerifiedAccessEndpoint + - ec2:DeleteTags + - ec2:DeleteVerifiedAccessEndpoint + - ec2:DescribeAccountAttributes + - ec2:DescribeNetworkInterfaces + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:GetVerifiedAccessEndpointPolicy + - ec2:ModifyVerifiedAccessEndpoint + - ec2:ModifyVerifiedAccessEndpointPolicy + - elasticloadbalancing:DescribeListenerCertificates + - elasticloadbalancing:DescribeListeners + - elasticloadbalancing:DescribeLoadBalancers + - iam:CreateServiceLinkedRole + - iam:ListRoles + - sso:CreateManagedApplicationInstance + - sso:DeleteManagedApplicationInstance + - sso:GetManagedApplicationInstance + - sso:GetPeregrineStatus + - sso:GetSharedSsoConfiguration + - kms:DescribeKey + - kms:RetireGrant + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + VerifiedAccessGroup: + type: object + properties: + VerifiedAccessGroupId: + description: The ID of the AWS Verified Access group. + type: string + VerifiedAccessInstanceId: + description: The ID of the AWS Verified Access instance. + type: string + VerifiedAccessGroupArn: + description: The ARN of the Verified Access group. + type: string + Owner: + description: The AWS account number that owns the group. + type: string + CreationTime: + description: Time this Verified Access Group was created. + type: string + LastUpdatedTime: + description: Time this Verified Access Group was last updated. + type: string + Description: + description: A description for the AWS Verified Access group. + type: string + PolicyDocument: + description: The AWS Verified Access policy document. + type: string + PolicyEnabled: + description: The status of the Verified Access policy. + type: boolean + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + SseSpecification: + description: The configuration options for customer provided KMS encryption. + $ref: '#/components/schemas/SseSpecification' + required: + - VerifiedAccessInstanceId + x-stackql-resource-name: verified_access_group + description: The AWS::EC2::VerifiedAccessGroup resource creates an AWS EC2 Verified Access Group. + x-type-name: AWS::EC2::VerifiedAccessGroup + x-stackql-primary-identifier: + - VerifiedAccessGroupId + x-read-only-properties: + - VerifiedAccessGroupId + - CreationTime + - LastUpdatedTime + - Owner + - VerifiedAccessGroupArn + x-required-properties: + - VerifiedAccessInstanceId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateVerifiedAccessGroup + - ec2:DescribeVerifiedAccessGroups + - ec2:GetVerifiedAccessGroupPolicy + - ec2:CreateTags + - ec2:DescribeTags + - kms:DescribeKey + - kms:RetireGrant + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + read: + - ec2:DescribeVerifiedAccessGroups + - ec2:GetVerifiedAccessGroupPolicy + - ec2:DescribeTags + - kms:DescribeKey + - kms:RetireGrant + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + update: + - ec2:ModifyVerifiedAccessGroup + - ec2:ModifyVerifiedAccessGroupPolicy + - ec2:DescribeVerifiedAccessGroups + - ec2:GetVerifiedAccessGroupPolicy + - ec2:DescribeTags + - ec2:DeleteTags + - ec2:CreateTags + - kms:DescribeKey + - kms:RetireGrant + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + delete: + - ec2:DeleteVerifiedAccessGroup + - ec2:DeleteTags + - ec2:DescribeVerifiedAccessGroups + - ec2:DescribeTags + - kms:DescribeKey + - kms:RetireGrant + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + list: + - ec2:DescribeVerifiedAccessGroups + - ec2:DescribeTags + - kms:DescribeKey + - kms:RetireGrant + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + VerifiedAccessTrustProvider: + type: object + properties: + TrustProviderType: + description: 'Type of trust provider. Possible values: user|device' + type: string + DeviceTrustProviderType: + description: 'The type of device-based trust provider. Possible values: jamf|crowdstrike' + type: string + UserTrustProviderType: + description: 'The type of device-based trust provider. Possible values: oidc|iam-identity-center' + type: string + OidcOptions: + $ref: '#/components/schemas/OidcOptions' + DeviceOptions: + $ref: '#/components/schemas/DeviceOptions' + PolicyReferenceName: + description: The identifier to be used when working with policy rules. + type: string + CreationTime: + description: The creation time. + type: string + LastUpdatedTime: + description: The last updated time. + type: string + VerifiedAccessTrustProviderId: + description: The ID of the Amazon Web Services Verified Access trust provider. + type: string + Description: + description: A description for the Amazon Web Services Verified Access trust provider. + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + SseSpecification: + description: The configuration options for customer provided KMS encryption. + type: object + properties: + KmsKeyArn: + description: KMS Key Arn used to encrypt the group policy + type: string + CustomerManagedKeyEnabled: + description: Whether to encrypt the policy with the provided key or disable encryption + type: boolean + additionalProperties: false + required: + - TrustProviderType + - PolicyReferenceName + x-stackql-resource-name: verified_access_trust_provider + description: The AWS::EC2::VerifiedAccessTrustProvider type describes a verified access trust provider + x-type-name: AWS::EC2::VerifiedAccessTrustProvider + x-stackql-primary-identifier: + - VerifiedAccessTrustProviderId + x-create-only-properties: + - PolicyReferenceName + - DeviceOptions + - DeviceTrustProviderType + - TrustProviderType + - UserTrustProviderType + x-read-only-properties: + - VerifiedAccessTrustProviderId + - CreationTime + - LastUpdatedTime + x-required-properties: + - TrustProviderType + - PolicyReferenceName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateVerifiedAccessTrustProvider + - ec2:DescribeVerifiedAccessTrustProviders + - ec2:CreateTags + - ec2:DescribeTags + - sso:GetSharedSsoConfiguration + - kms:DescribeKey + - kms:RetireGrant + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + read: + - ec2:DescribeVerifiedAccessTrustProviders + - ec2:DescribeTags + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + update: + - ec2:ModifyVerifiedAccessTrustProvider + - ec2:DescribeVerifiedAccessTrustProviders + - ec2:DescribeTags + - ec2:DeleteTags + - ec2:CreateTags + - kms:DescribeKey + - kms:RetireGrant + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + delete: + - ec2:DeleteVerifiedAccessTrustProvider + - ec2:DeleteTags + - ec2:DescribeVerifiedAccessTrustProviders + - ec2:DescribeTags + - kms:DescribeKey + - kms:RetireGrant + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + list: + - ec2:DescribeVerifiedAccessTrustProviders + - ec2:DescribeTags + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + VerifiedAccessTrustProviderId: + description: The ID of the AWS Verified Access trust provider. + type: string + VerifiedAccessLogs: + description: The configuration options for AWS Verified Access instances. + type: object + properties: + LogVersion: + description: Select log version for Verified Access logs. + type: string + IncludeTrustContext: + description: Include claims from trust providers in Verified Access logs. + type: boolean + CloudWatchLogs: + description: Sends Verified Access logs to CloudWatch Logs. + type: object + properties: + Enabled: + description: Indicates whether logging is enabled. + type: boolean + LogGroup: + description: The ID of the CloudWatch Logs log group. + type: string + additionalProperties: false + KinesisDataFirehose: + description: Sends Verified Access logs to Kinesis. + type: object + properties: + Enabled: + description: Indicates whether logging is enabled. + type: boolean + DeliveryStream: + description: The ID of the delivery stream. + type: string + additionalProperties: false + S3: + description: Sends Verified Access logs to Amazon S3. + type: object + properties: + Enabled: + description: Indicates whether logging is enabled. + type: boolean + BucketName: + description: The bucket name. + type: string + BucketOwner: + description: The ID of the AWS account that owns the Amazon S3 bucket. + type: string + Prefix: + description: The bucket prefix. + type: string + additionalProperties: false + additionalProperties: false + VerifiedAccessInstance: + type: object + properties: + VerifiedAccessInstanceId: + description: The ID of the AWS Verified Access instance. + type: string + VerifiedAccessTrustProviders: + description: AWS Verified Access trust providers. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/VerifiedAccessTrustProvider' + VerifiedAccessTrustProviderIds: + description: The IDs of the AWS Verified Access trust providers. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/VerifiedAccessTrustProviderId' + CreationTime: + description: Time this Verified Access Instance was created. + type: string + LastUpdatedTime: + description: Time this Verified Access Instance was last updated. + type: string + Description: + description: A description for the AWS Verified Access instance. + type: string + LoggingConfigurations: + description: The configuration options for AWS Verified Access instances. + $ref: '#/components/schemas/VerifiedAccessLogs' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + FipsEnabled: + description: Indicates whether FIPS is enabled + type: boolean + x-stackql-resource-name: verified_access_instance + description: The AWS::EC2::VerifiedAccessInstance resource creates an AWS EC2 Verified Access Instance. + x-type-name: AWS::EC2::VerifiedAccessInstance + x-stackql-primary-identifier: + - VerifiedAccessInstanceId + x-read-only-properties: + - VerifiedAccessInstanceId + - CreationTime + - LastUpdatedTime + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateVerifiedAccessInstance + - ec2:AttachVerifiedAccessTrustProvider + - ec2:ModifyVerifiedAccessInstanceLoggingConfiguration + - ec2:DescribeVerifiedAccessInstances + - ec2:DescribeVerifiedAccessInstanceLoggingConfigurations + - ec2:CreateTags + - ec2:DescribeTags + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:PutDestination + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - logs:PutLogEvents + - logs:DescribeLogStreams + - s3:listBuckets + - s3:PutObject + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - logs:DescribeLogGroups + - logs:PutResourcePolicy + - firehose:TagDeliveryStream + - logs:DescribeResourcePolicies + - iam:CreateServiceLinkedRole + - verified-access:AllowVerifiedAccess + read: + - ec2:DescribeVerifiedAccessInstances + - ec2:DescribeVerifiedAccessInstanceLoggingConfigurations + - ec2:DescribeTags + - logs:GetLogDelivery + - logs:ListLogDeliveries + update: + - ec2:ModifyVerifiedAccessInstance + - ec2:ModifyVerifiedAccessInstanceLoggingConfiguration + - ec2:DescribeVerifiedAccessInstances + - ec2:DescribeVerifiedAccessInstanceLoggingConfigurations + - ec2:DescribeTags + - ec2:AttachVerifiedAccessTrustProvider + - ec2:DetachVerifiedAccessTrustProvider + - ec2:DeleteTags + - ec2:CreateTags + - ec2:DescribeTags + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:ListLogDeliveries + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:PutDestination + - logs:PutLogEvents + - logs:DescribeLogStreams + - s3:listBuckets + - s3:PutObject + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - logs:DescribeLogGroups + - logs:PutResourcePolicy + - firehose:TagDeliveryStream + - iam:CreateServiceLinkedRole + - logs:DescribeResourcePolicies + delete: + - ec2:DeleteVerifiedAccessInstance + - ec2:DeleteTags + - ec2:DescribeVerifiedAccessInstances + - ec2:DescribeVerifiedAccessInstanceLoggingConfigurations + - ec2:DetachVerifiedAccessTrustProvider + - ec2:GetVerifiedAccessGroupPolicy + - ec2:DescribeTags + - logs:ListLogDeliveries + - logs:GetLogDelivery + - logs:DeleteLogDelivery + list: + - ec2:DescribeVerifiedAccessInstances + - ec2:DescribeTags + - logs:ListLogDeliveries + - logs:GetLogDelivery + OidcOptions: + description: The OpenID Connect details for an oidc -type, user-identity based trust provider. + type: object + properties: + Issuer: + type: string + description: The OIDC issuer. + AuthorizationEndpoint: + type: string + description: The OIDC authorization endpoint. + TokenEndpoint: + type: string + description: The OIDC token endpoint. + UserInfoEndpoint: + type: string + description: The OIDC user info endpoint. + ClientId: + type: string + description: The client identifier. + ClientSecret: + type: string + description: The client secret. + Scope: + type: string + description: OpenID Connect (OIDC) scopes are used by an application during authentication to authorize access to details of a user. Each scope returns a specific set of user attributes. + additionalProperties: false + DeviceOptions: + description: The options for device identity based trust providers. + type: object + properties: + TenantId: + type: string + description: The ID of the tenant application with the device-identity provider. + PublicSigningKeyUrl: + type: string + description: URL Verified Access will use to verify authenticity of the device tokens. + additionalProperties: false + VolumeId: + description: The ID of the Amazon EBS volume type: string - enum: - - pending - - available - - modifying - - deleting - - deleted - TransitGatewayOptions: - type: object - properties: - amazonSideAsn: - allOf: - - $ref: '#/components/schemas/Long' - - description: A private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs. - transitGatewayCidrBlocks: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The transit gateway CIDR blocks. - autoAcceptSharedAttachments: - allOf: - - $ref: '#/components/schemas/AutoAcceptSharedAttachmentsValue' - - description: Indicates whether attachment requests are automatically accepted. - defaultRouteTableAssociation: - allOf: - - $ref: '#/components/schemas/DefaultRouteTableAssociationValue' - - description: Indicates whether resource attachments are automatically associated with the default association route table. - associationDefaultRouteTableId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the default association route table. - defaultRouteTablePropagation: - allOf: - - $ref: '#/components/schemas/DefaultRouteTablePropagationValue' - - description: Indicates whether resource attachments automatically propagate routes to the default propagation route table. - propagationDefaultRouteTableId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the default propagation route table. - vpnEcmpSupport: - allOf: - - $ref: '#/components/schemas/VpnEcmpSupportValue' - - description: Indicates whether Equal Cost Multipath Protocol support is enabled. - dnsSupport: - allOf: - - $ref: '#/components/schemas/DnsSupportValue' - - description: Indicates whether DNS support is enabled. - multicastSupport: - allOf: - - $ref: '#/components/schemas/MulticastSupportValue' - - description: Indicates whether multicast is enabled on the transit gateway - description: Describes the options for a transit gateway. - TransitGatewayAttachmentResourceType: + Id: + description: '' type: string - enum: - - vpc - - vpn - - direct-connect-gateway - - connect - - peering - - tgw-peering - TransitGatewayAssociationState: + InstanceId: + description: The ID of the instance to which the volume attaches type: string - enum: - - associating - - associated - - disassociating - - disassociated - TransitGatewayAttachmentState: + Device: + description: The device name type: string - enum: - - initiating - - initiatingRequest - - pendingAcceptance - - rollingBack - - pending - - available - - modifying - - deleting - - deleted - - failed - - rejected - - rejecting - - failing - TransitGatewayAttachmentAssociation: - type: object - properties: - transitGatewayRouteTableId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the route table for the transit gateway. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayAssociationState' - - description: The state of the association. - description: Describes an association. - TransitGatewayAttachment: - type: object - properties: - transitGatewayAttachmentId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the attachment. - transitGatewayId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway. - transitGatewayOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the transit gateway. - resourceOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the resource. - resourceType: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' - - description: The resource type. Note that the tgw-peering resource type has been deprecated. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentState' - - description: The attachment state. Note that the initiating state has been deprecated. - association: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentAssociation' - - description: The association. - creationTime: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The creation time. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: The tags for the attachment. - description: Describes an attachment between a resource and a transit gateway. - TransitGatewayAttachmentBgpConfiguration: + VolumeAttachment: type: object properties: - transitGatewayAsn: - allOf: - - $ref: '#/components/schemas/Long' - - description: The transit gateway Autonomous System Number (ASN). - peerAsn: - allOf: - - $ref: '#/components/schemas/Long' - - description: The peer Autonomous System Number (ASN). - transitGatewayAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The interior BGP peer IP address for the transit gateway. - peerAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The interior BGP peer IP address for the appliance. - bgpStatus: - allOf: - - $ref: '#/components/schemas/BgpStatus' - - description: The BGP status. - description: The BGP configuration information. - TransitGatewayAttachmentBgpConfigurationList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentBgpConfiguration' - - xml: - name: item - TransitGatewayPropagationState: - type: string - enum: - - enabling - - enabled - - disabling - - disabled - TransitGatewayAttachmentPropagation: + VolumeId: + $ref: '#/components/schemas/VolumeId' + description: The ID of the Amazon EBS volume. The volume and instance must be within the same Availability Zone. This value can be a reference to an [AWS::EC2::Volume](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ebs-volume.html) resource, or it can be the volume ID of an existing Amazon EBS volume. + InstanceId: + $ref: '#/components/schemas/InstanceId' + description: The ID of the instance to which the volume attaches. This value can be a reference to an [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) resource, or it can be the physical ID of an existing EC2 instance. + Device: + $ref: '#/components/schemas/Device' + description: The device name (for example, ``/dev/sdh`` or ``xvdh``). + required: + - VolumeId + - InstanceId + x-stackql-resource-name: volume_attachment + description: |- + Attaches an Amazon EBS volume to a running instance and exposes it to the instance with the specified device name. + Before this resource can be deleted (and therefore the volume detached), you must first unmount the volume in the instance. Failure to do so results in the volume being stuck in the busy state while it is trying to detach, which could possibly damage the file system or the data it contains. + If an Amazon EBS volume is the root device of an instance, it cannot be detached while the instance is in the "running" state. To detach the root volume, stop the instance first. + If the root volume is detached from an instance with an MKT product code, then the product codes from that volume are no longer associated with the instance. + x-type-name: AWS::EC2::VolumeAttachment + x-stackql-primary-identifier: + - VolumeId + - InstanceId + x-create-only-properties: + - Device + - InstanceId + - VolumeId + x-required-properties: + - VolumeId + - InstanceId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:AttachVolume + - ec2:DescribeVolumes + read: + - ec2:DescribeVolumes + delete: + - ec2:DetachVolume + - ec2:DescribeVolumes + list: + - ec2:DescribeVolumes + VPC: type: object properties: - transitGatewayRouteTableId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the propagation route table. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayPropagationState' - - description: The state of the propagation route table. - description: Describes a propagation route table. - TransitGatewayConnectOptions: + VpcId: + description: '' + type: string + InstanceTenancy: + description: |- + The allowed tenancy of instances launched into the VPC. + + ``default``: An instance launched into the VPC runs on shared hardware by default, unless you explicitly specify a different tenancy during instance launch. + + ``dedicated``: An instance launched into the VPC runs on dedicated hardware by default, unless you explicitly specify a tenancy of ``host`` during instance launch. You cannot specify a tenancy of ``default`` during instance launch. + + Updating ``InstanceTenancy`` requires no replacement only if you are updating its value from ``dedicated`` to ``default``. Updating ``InstanceTenancy`` from ``default`` to ``dedicated`` requires replacement. + type: string + Ipv4NetmaskLength: + description: The netmask length of the IPv4 CIDR you want to allocate to this VPC from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide*. + type: integer + CidrBlockAssociations: + uniqueItems: false + description: '' + x-insertionOrder: false + type: array + items: + type: string + CidrBlock: + description: |- + The IPv4 network range for the VPC, in CIDR notation. For example, ``10.0.0.0/16``. We modify the specified CIDR block to its canonical form; for example, if you specify ``100.68.0.18/18``, we modify it to ``100.68.0.0/18``. + You must specify either``CidrBlock`` or ``Ipv4IpamPoolId``. + type: string + Ipv4IpamPoolId: + description: |- + The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. For more information, see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide*. + You must specify either``CidrBlock`` or ``Ipv4IpamPoolId``. + type: string + DefaultNetworkAcl: + description: '' + x-insertionOrder: false + type: string + EnableDnsSupport: + description: >- + Indicates whether the DNS resolution is supported for the VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC network range "plus two" succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is not enabled. Enabled by default. For more information, see [DNS attributes in your + VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-support). + type: boolean + Ipv6CidrBlocks: + uniqueItems: false + description: '' + x-insertionOrder: false + type: array + items: + type: string + DefaultSecurityGroup: + description: '' + x-insertionOrder: false + type: string + EnableDnsHostnames: + description: |- + Indicates whether the instances launched in the VPC get DNS hostnames. If enabled, instances in the VPC get DNS hostnames; otherwise, they do not. Disabled by default for nondefault VPCs. For more information, see [DNS attributes in your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-support). + You can only enable DNS hostnames if you've enabled DNS support. + type: boolean + Tags: + uniqueItems: false + description: The tags for the VPC. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: vpc + description: |- + Specifies a virtual private cloud (VPC). + You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP). + For more information, see [Virtual private clouds (VPC)](https://docs.aws.amazon.com/vpc/latest/userguide/configure-your-vpc.html) in the *Amazon VPC User Guide*. + x-type-name: AWS::EC2::VPC + x-stackql-primary-identifier: + - VpcId + x-create-only-properties: + - CidrBlock + - Ipv4IpamPoolId + - Ipv4NetmaskLength + x-conditional-create-only-properties: + - InstanceTenancy + x-write-only-properties: + - Ipv4IpamPoolId + - Ipv4NetmaskLength + x-read-only-properties: + - CidrBlockAssociations + - DefaultNetworkAcl + - DefaultSecurityGroup + - Ipv6CidrBlocks + - VpcId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: true + x-required-permissions: + read: + - ec2:DescribeVpcs + - ec2:DescribeSecurityGroups + - ec2:DescribeNetworkAcls + - ec2:DescribeVpcAttribute + create: + - ec2:CreateVpc + - ec2:DescribeVpcs + - ec2:ModifyVpcAttribute + - ec2:CreateTags + update: + - ec2:CreateTags + - ec2:ModifyVpcAttribute + - ec2:DeleteTags + - ec2:ModifyVpcTenancy + list: + - ec2:DescribeVpcs + delete: + - ec2:DeleteVpc + - ec2:DescribeVpcs + VPCCidrBlock: type: object properties: - protocol: - allOf: - - $ref: '#/components/schemas/ProtocolValue' - - description: The tunnel protocol. - description: Describes the Connect attachment options. - TransitGatewayConnectPeerState: - type: string - enum: - - pending - - available - - deleting - - deleted - TransitGatewayConnectPeerConfiguration: + CidrBlock: + type: string + description: An IPv4 CIDR block to associate with the VPC. + Ipv6Pool: + type: string + description: The ID of an IPv6 address pool from which to allocate the IPv6 CIDR block. + Id: + type: string + description: The Id of the VPC associated CIDR Block. + VpcId: + type: string + description: The ID of the VPC. + Ipv6CidrBlock: + type: string + description: An IPv6 CIDR block from the IPv6 address pool. + Ipv4IpamPoolId: + type: string + description: The ID of the IPv4 IPAM pool to Associate a CIDR from to a VPC. + Ipv4NetmaskLength: + type: integer + description: The netmask length of the IPv4 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. + Ipv6IpamPoolId: + type: string + description: The ID of the IPv6 IPAM pool to Associate a CIDR from to a VPC. + Ipv6NetmaskLength: + type: integer + description: The netmask length of the IPv6 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. + AmazonProvidedIpv6CidrBlock: + type: boolean + description: Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses, or the size of the CIDR block. + required: + - VpcId + x-stackql-resource-name: vpc_cidr_block + description: Resource Type definition for AWS::EC2::VPCCidrBlock + x-type-name: AWS::EC2::VPCCidrBlock + x-stackql-primary-identifier: + - Id + - VpcId + x-create-only-properties: + - Ipv6Pool + - VpcId + - AmazonProvidedIpv6CidrBlock + - Ipv6CidrBlock + - CidrBlock + - Ipv4IpamPoolId + - Ipv4NetmaskLength + - Ipv6IpamPoolId + - Ipv6NetmaskLength + x-write-only-properties: + - Ipv4IpamPoolId + - Ipv4NetmaskLength + - Ipv6IpamPoolId + - Ipv6NetmaskLength + x-read-only-properties: + - Id + x-required-properties: + - VpcId + x-tagging: + taggable: false + x-required-permissions: + create: + - ec2:AssociateVpcCidrBlock + - ec2:DescribeVpcs + - ec2:AllocateIpamPoolCidr + read: + - ec2:DescribeVpcs + delete: + - ec2:DescribeVpcs + - ec2:DisassociateVpcCidrBlock + list: + - ec2:DescribeVpcs + VPCDHCPOptionsAssociation: type: object properties: - transitGatewayAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The Connect peer IP address on the transit gateway side of the tunnel. - peerAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The Connect peer IP address on the appliance side of the tunnel. - insideCidrBlocks: - allOf: - - $ref: '#/components/schemas/InsideCidrBlocksStringList' - - description: The range of interior BGP peer IP addresses. - protocol: - allOf: - - $ref: '#/components/schemas/ProtocolValue' - - description: The tunnel protocol. - bgpConfigurations: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentBgpConfigurationList' - - description: The BGP configuration details. - description: Describes the Connect peer details. - TransitGatewayConnectRequestBgpOptions: + DhcpOptionsId: + type: string + description: The ID of the DHCP options set, or default to associate no DHCP options with the VPC. + VpcId: + type: string + description: The ID of the VPC. + required: + - VpcId + - DhcpOptionsId + x-stackql-resource-name: vpcdhcp_options_association + description: Associates a set of DHCP options with a VPC, or associates no DHCP options with the VPC. + x-type-name: AWS::EC2::VPCDHCPOptionsAssociation + x-stackql-primary-identifier: + - DhcpOptionsId + - VpcId + x-create-only-properties: + - DhcpOptionsId + - VpcId + x-required-properties: + - VpcId + - DhcpOptionsId + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:AssociateDhcpOptions + update: + - ec2:AssociateDhcpOptions + delete: + - ec2:AssociateDhcpOptions + read: + - ec2:DescribeVpcs + list: + - ec2:DescribeVpcs + VPCEndpoint: type: object properties: - undefined: - allOf: - - $ref: '#/components/schemas/Long' - - description: The peer Autonomous System Number (ASN). - description: The BGP options for the Connect attachment. - TransitGatewayMaxResults: - type: integer - minimum: 5 - maximum: 1000 - TransitGatewayMulticastDomainOptions: + Id: + type: string + description: '' + CreationTimestamp: + type: string + description: '' + DnsEntries: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + description: '' + NetworkInterfaceIds: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + description: '' + PolicyDocument: + type: object + description: |- + An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. + For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + PrivateDnsEnabled: + type: boolean + description: >- + Indicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, ``kinesis.us-east-1.amazonaws.com``), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC + endpoint service. + To use a private hosted zone, you must set the following VPC attributes to ``true``: ``enableDnsHostnames`` and ``enableDnsSupport``. + This property is supported only for interface endpoints. + Default: ``false`` + RouteTableIds: + type: array + description: The IDs of the route tables. Routing is supported only for gateway endpoints. + uniqueItems: true + x-insertionOrder: false + items: + type: string + SecurityGroupIds: + type: array + description: The IDs of the security groups to associate with the endpoint network interfaces. If this parameter is not specified, we use the default security group for the VPC. Security groups are supported only for interface endpoints. + uniqueItems: true + x-insertionOrder: false + items: + type: string + ServiceName: + type: string + description: The name of the endpoint service. + SubnetIds: + type: array + description: The IDs of the subnets in which to create endpoint network interfaces. You must specify this property for an interface endpoint or a Gateway Load Balancer endpoint. You can't specify this property for a gateway endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet. + uniqueItems: true + x-insertionOrder: false + items: + type: string + VpcEndpointType: + type: string + enum: + - Interface + - Gateway + - GatewayLoadBalancer + description: |- + The type of endpoint. + Default: Gateway + VpcId: + type: string + description: The ID of the VPC. + required: + - VpcId + - ServiceName + x-stackql-resource-name: vpc_endpoint + description: |- + Specifies a VPC endpoint. A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS, an MKT Partner, or another AWS accounts in your organization. For more information, see the [User Guide](https://docs.aws.amazon.com/vpc/latest/privatelink/). + An endpoint of type ``Interface`` establishes connections between the subnets in your VPC and an AWS-service, your own service, or a service hosted by another AWS-account. With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces. + An endpoint of type ``gateway`` serves as a target for a route in your route table for traffic destined for S3 or DDB. You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to S3, see [W + x-type-name: AWS::EC2::VPCEndpoint + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - ServiceName + - VpcEndpointType + - VpcId + x-read-only-properties: + - NetworkInterfaceIds + - CreationTimestamp + - DnsEntries + - Id + x-required-properties: + - VpcId + - ServiceName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:CreateVpcEndpoint + - ec2:DescribeVpcEndpoints + read: + - ec2:DescribeVpcEndpoints + update: + - ec2:ModifyVpcEndpoint + - ec2:DescribeVpcEndpoints + delete: + - ec2:DeleteVpcEndpoints + - ec2:DescribeVpcEndpoints + list: + - ec2:DescribeVpcEndpoints + VPCEndpointConnectionNotification: + type: object + properties: + VPCEndpointConnectionNotificationId: + description: VPC Endpoint Connection ID generated by service + type: string + ConnectionEvents: + description: The endpoint events for which to receive notifications. + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + ConnectionNotificationArn: + description: The ARN of the SNS topic for the notifications. + type: string + ServiceId: + description: The ID of the endpoint service. + type: string + VPCEndpointId: + description: The ID of the endpoint. + type: string + required: + - ConnectionEvents + - ConnectionNotificationArn + x-stackql-resource-name: vpc_endpoint_connection_notification + description: Resource Type definition for AWS::EC2::VPCEndpointConnectionNotification + x-type-name: AWS::EC2::VPCEndpointConnectionNotification + x-stackql-primary-identifier: + - VPCEndpointConnectionNotificationId + x-create-only-properties: + - ServiceId + - VPCEndpointId + x-read-only-properties: + - VPCEndpointConnectionNotificationId + x-required-properties: + - ConnectionEvents + - ConnectionNotificationArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:CreateVpcEndpointConnectionNotification + read: + - ec2:DescribeVpcEndpointConnectionNotifications + update: + - ec2:ModifyVpcEndpointConnectionNotification + - ec2:DescribeVpcEndpointConnectionNotifications + delete: + - ec2:DeleteVpcEndpointConnectionNotifications + list: + - ec2:DescribeVpcEndpointConnectionNotifications + VPCEndpointService: type: object properties: - igmpv2Support: - allOf: - - $ref: '#/components/schemas/Igmpv2SupportValue' - - description: Indicates whether Internet Group Management Protocol (IGMP) version 2 is turned on for the transit gateway multicast domain. - staticSourcesSupport: - allOf: - - $ref: '#/components/schemas/StaticSourcesSupportValue' - - description: Indicates whether support for statically configuring transit gateway multicast group sources is turned on. - autoAcceptSharedAssociations: - allOf: - - $ref: '#/components/schemas/AutoAcceptSharedAssociationsValue' - - description: Indicates whether to automatically cross-account subnet associations that are associated with the transit gateway multicast domain. - description: Describes the options for a transit gateway multicast domain. - TransitGatewayMulticastDomainState: - type: string - enum: - - pending - - available - - deleting - - deleted - TransitGatewayMulticastDomainAssociation: + NetworkLoadBalancerArns: + type: array + uniqueItems: false + items: + type: string + ContributorInsightsEnabled: + type: boolean + PayerResponsibility: + type: string + ServiceId: + type: string + AcceptanceRequired: + type: boolean + GatewayLoadBalancerArns: + type: array + uniqueItems: false + items: + type: string + x-stackql-resource-name: vpc_endpoint_service + description: Resource Type definition for AWS::EC2::VPCEndpointService + x-type-name: AWS::EC2::VPCEndpointService + x-stackql-primary-identifier: + - ServiceId + x-write-only-properties: + - ContributorInsightsEnabled + x-read-only-properties: + - ServiceId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:CreateVpcEndpointServiceConfiguration + - ec2:ModifyVpcEndpointServiceConfiguration + - ec2:ModifyVpcEndpointServicePayerResponsibility + - cloudwatch:ListManagedInsightRules + - cloudwatch:DeleteInsightRules + - cloudwatch:PutManagedInsightRules + - ec2:DescribeVpcEndpointServiceConfigurations + update: + - ec2:ModifyVpcEndpointServiceConfiguration + - ec2:DeleteVpcEndpointServiceConfigurations + - ec2:DescribeVpcEndpointServiceConfigurations + - ec2:ModifyVpcEndpointServicePayerResponsibility + - cloudwatch:ListManagedInsightRules + - cloudwatch:DeleteInsightRules + - cloudwatch:PutManagedInsightRules + read: + - ec2:DescribeVpcEndpointServiceConfigurations + - cloudwatch:ListManagedInsightRules + delete: + - ec2:DeleteVpcEndpointServiceConfigurations + - ec2:DescribeVpcEndpointServiceConfigurations + - cloudwatch:ListManagedInsightRules + - cloudwatch:DeleteInsightRules + list: + - ec2:DescribeVpcEndpointServiceConfigurations + - cloudwatch:ListManagedInsightRules + VPCEndpointServicePermissions: type: object properties: - transitGatewayAttachmentId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway attachment. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource. - resourceType: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' - - description: 'The type of resource, for example a VPC attachment.' - resourceOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: ' The ID of the Amazon Web Services account that owns the transit gateway multicast domain association resource.' - subnet: - allOf: - - $ref: '#/components/schemas/SubnetAssociation' - - description: The subnet associated with the transit gateway multicast domain. - description: Describes the resources associated with the transit gateway multicast domain. - TransitGatewayMulticastGroup: + AllowedPrincipals: + type: array + uniqueItems: false + items: + type: string + ServiceId: + type: string + required: + - ServiceId + x-stackql-resource-name: vpc_endpoint_service_permissions + description: Resource Type definition for AWS::EC2::VPCEndpointServicePermissions + x-type-name: AWS::EC2::VPCEndpointServicePermissions + x-stackql-primary-identifier: + - ServiceId + x-create-only-properties: + - ServiceId + x-required-properties: + - ServiceId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:CreateVpcEndpointServicePermissions + - ec2:ModifyVpcEndpointServicePermissions + - ec2:DeleteVpcEndpointServicePermissions + - ec2:DescribeVpcEndpointServicePermissions + update: + - ec2:CreateVpcEndpointServicePermissions + - ec2:ModifyVpcEndpointServicePermissions + - ec2:DeleteVpcEndpointServicePermissions + - ec2:DescribeVpcEndpointServicePermissions + read: + - ec2:CreateVpcEndpointServicePermissions + - ec2:ModifyVpcEndpointServicePermissions + - ec2:DeleteVpcEndpointServicePermissions + - ec2:DescribeVpcEndpointServicePermissions + delete: + - ec2:CreateVpcEndpointServicePermissions + - ec2:ModifyVpcEndpointServicePermissions + - ec2:DeleteVpcEndpointServicePermissions + - ec2:DescribeVpcEndpointServicePermissions + list: + - ec2:CreateVpcEndpointServicePermissions + - ec2:ModifyVpcEndpointServicePermissions + - ec2:DeleteVpcEndpointServicePermissions + - ec2:DescribeVpcEndpointServicePermissions + VPCGatewayAttachment: + type: object + properties: + AttachmentType: + type: string + description: 'Used to identify if this resource is an Internet Gateway or Vpn Gateway Attachment ' + InternetGatewayId: + type: string + description: The ID of the internet gateway. You must specify either InternetGatewayId or VpnGatewayId, but not both. + VpcId: + type: string + description: The ID of the VPC. + VpnGatewayId: + type: string + description: The ID of the virtual private gateway. You must specify either InternetGatewayId or VpnGatewayId, but not both. + required: + - VpcId + x-stackql-resource-name: vpc_gateway_attachment + description: Resource Type definition for AWS::EC2::VPCGatewayAttachment + x-type-name: AWS::EC2::VPCGatewayAttachment + x-stackql-primary-identifier: + - AttachmentType + - VpcId + x-create-only-properties: + - VpcId + x-read-only-properties: + - AttachmentType + x-required-properties: + - VpcId + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:AttachInternetGateway + - ec2:AttachVpnGateway + - ec2:DescribeInternetGateways + - ec2:DescribeVpnGateways + read: + - ec2:DescribeInternetGateways + - ec2:DescribeVpnGateways + update: + - ec2:AttachInternetGateway + - ec2:AttachVpnGateway + - ec2:DetachInternetGateway + - ec2:DetachVpnGateway + - ec2:DescribeInternetGateways + - ec2:DescribeVpnGateways + delete: + - ec2:DetachInternetGateway + - ec2:DetachVpnGateway + - ec2:DescribeInternetGateways + - ec2:DescribeVpnGateways + list: + - ec2:DescribeInternetGateways + - ec2:DescribeVpnGateways + VPCPeeringConnection: + type: object + properties: + Id: + type: string + PeerOwnerId: + description: The AWS account ID of the owner of the accepter VPC. + type: string + PeerRegion: + description: The Region code for the accepter VPC, if the accepter VPC is located in a Region other than the Region in which you make the request. + type: string + PeerRoleArn: + description: The Amazon Resource Name (ARN) of the VPC peer role for the peering connection in another AWS account. + type: string + PeerVpcId: + description: The ID of the VPC with which you are creating the VPC peering connection. You must specify this parameter in the request. + type: string + VpcId: + description: The ID of the VPC. + type: string + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - VpcId + - PeerVpcId + x-stackql-resource-name: vpc_peering_connection + description: Resource Type definition for AWS::EC2::VPCPeeringConnection + x-type-name: AWS::EC2::VPCPeeringConnection + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - PeerRegion + - PeerOwnerId + - PeerVpcId + - PeerRoleArn + - VpcId + x-write-only-properties: + - PeerRoleArn + x-read-only-properties: + - Id + x-required-properties: + - VpcId + - PeerVpcId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateVpcPeeringConnection + - ec2:DescribeVpcPeeringConnections + - ec2:AcceptVpcPeeringConnection + - ec2:CreateTags + - sts:AssumeRole + read: + - ec2:DescribeVpcPeeringConnections + update: + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeVpcPeeringConnections + delete: + - ec2:DeleteVpcPeeringConnection + - ec2:DescribeVpcPeeringConnections + list: + - ec2:DescribeVpcPeeringConnections + VpnTunnelOptionsSpecification: type: object + additionalProperties: false properties: - groupIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The IP address assigned to the transit gateway multicast group. - transitGatewayAttachmentId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway attachment. - subnetId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the subnet. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource. - resourceType: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' - - description: 'The type of resource, for example a VPC attachment.' - resourceOwnerId: - allOf: - - $ref: '#/components/schemas/String' - - description: ' The ID of the Amazon Web Services account that owns the transit gateway multicast domain group resource.' - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the transit gateway attachment. - groupMember: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates that the resource is a transit gateway multicast group member. - groupSource: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates that the resource is a transit gateway multicast group member. - memberType: - allOf: - - $ref: '#/components/schemas/MembershipType' - - description: 'The member type (for example, static).' - sourceType: - allOf: - - $ref: '#/components/schemas/MembershipType' - - description: The source type. - description: Describes the transit gateway multicast group resources. - TransitGatewayNetworkInterfaceIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - xml: - name: item - VpnEcmpSupportValue: - type: string - enum: - - enable - - disable - TransitGatewayPrefixListAttachment: + PreSharedKey: + type: string + TunnelInsideCidr: + type: string + VPNConnection: type: object properties: - transitGatewayAttachmentId: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentId' - - description: The ID of the attachment. - resourceType: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' - - description: The resource type. Note that the tgw-peering resource type has been deprecated. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource. - description: Describes a transit gateway prefix list attachment. - TransitGatewayPrefixListReferenceState: - type: string - enum: - - pending - - available - - modifying - - deleting - TransitGatewayRouteAttachmentList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TransitGatewayRouteAttachment' - - xml: - name: item - TransitGatewayRouteType: - type: string - enum: - - static - - propagated - TransitGatewayRouteState: - type: string - enum: - - pending - - active - - blackhole - - deleting - - deleted - TransitGatewayRouteAttachment: + VpnConnectionId: + description: The provider-assigned unique ID for this managed resource + type: string + CustomerGatewayId: + description: The ID of the customer gateway at your end of the VPN connection. + type: string + StaticRoutesOnly: + description: Indicates whether the VPN connection uses static routes only. + type: boolean + Tags: + description: Any tags assigned to the VPN connection. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + TransitGatewayId: + description: The ID of the transit gateway associated with the VPN connection. + type: string + Type: + description: The type of VPN connection. + type: string + VpnGatewayId: + description: The ID of the virtual private gateway at the AWS side of the VPN connection. + type: string + VpnTunnelOptionsSpecifications: + description: The tunnel options for the VPN connection. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/VpnTunnelOptionsSpecification' + required: + - Type + - CustomerGatewayId + x-stackql-resource-name: vpn_connection + description: Resource Type definition for AWS::EC2::VPNConnection + x-type-name: AWS::EC2::VPNConnection + x-stackql-primary-identifier: + - VpnConnectionId + x-create-only-properties: + - Type + - CustomerGatewayId + - VpnGatewayId + - TransitGatewayId + - VpnTunnelOptionsSpecifications + - StaticRoutesOnly + x-read-only-properties: + - VpnConnectionId + x-required-properties: + - Type + - CustomerGatewayId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:DescribeVpnConnections + - ec2:CreateVpnConnection + - ec2:CreateTags + delete: + - ec2:DescribeVpnConnections + - ec2:DeleteVpnConnection + - ec2:DeleteTags + update: + - ec2:DescribeVpnConnections + - ec2:CreateTags + - ec2:DeleteTags + read: + - ec2:DescribeVpnConnections + list: + - ec2:DescribeVpnConnections + VPNConnectionRoute: type: object properties: - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource. - transitGatewayAttachmentId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the attachment. - resourceType: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' - - description: 'The resource type. Note that the tgw-peering resource type has been deprecated. ' - description: Describes a route attachment. - TransitGatewayRouteTableState: + DestinationCidrBlock: + description: The CIDR block associated with the local subnet of the customer network. + type: string + VpnConnectionId: + description: The ID of the VPN connection. + type: string + required: + - DestinationCidrBlock + - VpnConnectionId + x-stackql-resource-name: vpn_connection_route + description: Resource Type definition for AWS::EC2::VPNConnectionRoute + x-type-name: AWS::EC2::VPNConnectionRoute + x-stackql-primary-identifier: + - DestinationCidrBlock + - VpnConnectionId + x-create-only-properties: + - DestinationCidrBlock + - VpnConnectionId + x-required-properties: + - DestinationCidrBlock + - VpnConnectionId + x-tagging: + taggable: false + x-required-permissions: + create: + - ec2:CreateVpnConnectionRoute + - ec2:DescribeVpnConnections + read: + - ec2:DescribeVpnConnections + delete: + - ec2:DeleteVpnConnectionRoute + - ec2:DescribeVpnConnections + list: + - ec2:DescribeVpnConnections + VPNGateway: + type: object + properties: + VPNGatewayId: + description: VPN Gateway ID generated by service + type: string + AmazonSideAsn: + description: The private Autonomous System Number (ASN) for the Amazon side of a BGP session. + type: integer + format: int64 + Tags: + description: Any tags assigned to the virtual private gateway. + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + Type: + description: The type of VPN connection the virtual private gateway supports. + type: string + required: + - Type + x-stackql-resource-name: vpn_gateway + description: Schema for EC2 VPN Gateway + x-type-name: AWS::EC2::VPNGateway + x-stackql-primary-identifier: + - VPNGatewayId + x-create-only-properties: + - AmazonSideAsn + - Type + x-read-only-properties: + - VPNGatewayId + x-required-properties: + - Type + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateVpnGateway + - ec2:DescribeVpnGateways + read: + - ec2:DescribeVpnGateways + update: + - ec2:CreateTags + - ec2:DeleteTags + delete: + - ec2:DeleteVpnGateway + list: + - ec2:DescribeVpnGateways + region: type: string - enum: - - pending - - available - - deleting - - deleted - TransitGatewayRouteTableAssociation: - type: object - properties: - transitGatewayAttachmentId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the attachment. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource. - resourceType: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' - - description: The resource type. Note that the tgw-peering resource type has been deprecated. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayAssociationState' - - description: The state of the association. - description: Describes an association between a route table and a resource attachment. - TransitGatewayRouteTablePropagation: - type: object - properties: - transitGatewayAttachmentId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the attachment. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource. - resourceType: - allOf: - - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' - - description: The type of resource. Note that the tgw-peering resource type has been deprecated. - state: - allOf: - - $ref: '#/components/schemas/TransitGatewayPropagationState' - - description: The state of the resource. - description: Describes a route table propagation. - TransitGatewaySubnetIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/SubnetId' - - xml: - name: item - TransitGatewayVpcAttachmentOptions: - type: object - properties: - dnsSupport: - allOf: - - $ref: '#/components/schemas/DnsSupportValue' - - description: Indicates whether DNS support is enabled. - ipv6Support: - allOf: - - $ref: '#/components/schemas/Ipv6SupportValue' - - description: Indicates whether IPv6 support is disabled. - applianceModeSupport: - allOf: - - $ref: '#/components/schemas/ApplianceModeSupportValue' - - description: Indicates whether appliance mode support is enabled. - description: Describes the VPC attachment options. - TrunkInterfaceAssociationIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/TrunkInterfaceAssociationId' - - xml: - name: item - TunnelInsideIpVersion: + description: The AWS region + outpostArn: type: string - enum: - - ipv4 - - ipv6 - TunnelOption: - type: object - properties: - outsideIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The external IP address of the VPN tunnel. - tunnelInsideCidr: - allOf: - - $ref: '#/components/schemas/String' - - description: The range of inside IPv4 addresses for the tunnel. - tunnelInsideIpv6Cidr: - allOf: - - $ref: '#/components/schemas/String' - - description: The range of inside IPv6 addresses for the tunnel. - preSharedKey: - allOf: - - $ref: '#/components/schemas/String' - - description: The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and the customer gateway. - phase1LifetimeSeconds: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The lifetime for phase 1 of the IKE negotiation, in seconds.' - phase2LifetimeSeconds: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The lifetime for phase 2 of the IKE negotiation, in seconds.' - rekeyMarginTimeSeconds: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The margin time, in seconds, before the phase 2 lifetime expires, during which the Amazon Web Services side of the VPN connection performs an IKE rekey.' - rekeyFuzzPercentage: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The percentage of the rekey window determined by RekeyMarginTimeSeconds during which the rekey time is randomly selected. - replayWindowSize: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of packets in an IKE replay window. - dpdTimeoutSeconds: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of seconds after which a DPD timeout occurs. - dpdTimeoutAction: - allOf: - - $ref: '#/components/schemas/String' - - description: The action to take after a DPD timeout occurs. - phase1EncryptionAlgorithmSet: - allOf: - - $ref: '#/components/schemas/Phase1EncryptionAlgorithmsList' - - description: The permitted encryption algorithms for the VPN tunnel for phase 1 IKE negotiations. - phase2EncryptionAlgorithmSet: - allOf: - - $ref: '#/components/schemas/Phase2EncryptionAlgorithmsList' - - description: The permitted encryption algorithms for the VPN tunnel for phase 2 IKE negotiations. - phase1IntegrityAlgorithmSet: - allOf: - - $ref: '#/components/schemas/Phase1IntegrityAlgorithmsList' - - description: The permitted integrity algorithms for the VPN tunnel for phase 1 IKE negotiations. - phase2IntegrityAlgorithmSet: - allOf: - - $ref: '#/components/schemas/Phase2IntegrityAlgorithmsList' - - description: The permitted integrity algorithms for the VPN tunnel for phase 2 IKE negotiations. - phase1DHGroupNumberSet: - allOf: - - $ref: '#/components/schemas/Phase1DHGroupNumbersList' - - description: The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 1 IKE negotiations. - phase2DHGroupNumberSet: - allOf: - - $ref: '#/components/schemas/Phase2DHGroupNumbersList' - - description: The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 2 IKE negotiations. - ikeVersionSet: - allOf: - - $ref: '#/components/schemas/IKEVersionsList' - - description: The IKE versions that are permitted for the VPN tunnel. - startupAction: - allOf: - - $ref: '#/components/schemas/String' - - description: The action to take when the establishing the VPN tunnels for a VPN connection. - description: The VPN tunnel options. - TunnelOptionsList: + description: The Amazon Resource Name (ARN) of the Outpost. + ownerId: + type: string + description: The ID of the Amazon Web Services account that owns the resource. + tagSet: type: array - items: - allOf: - - $ref: '#/components/schemas/TunnelOption' - - xml: - name: item - UnassignIpv6AddressesRequest: + description: Any tags assigned to the resource. + snapshots: + description: List of snapshots by region (requires `aws` provider to be installed) type: object - required: + additionalProperties: false + properties: + description: + type: string + description: The description for the snapshot. + dataEncryptionKeyId: + type: string + description: The data encryption key identifier for the snapshot. + encrypted: + type: boolean + description: Indicates whether the snapshot is encrypted. + kmsKeyId: + type: string + description: The Amazon Resource Name (ARN) of the Key Management Service (KMS) KMS key that was used to protect the volume encryption key for the parent volume. + outpostArn: + $ref: '#/components/schemas/outpostArn' + ownerAlias: + type: string + description: The Amazon Web Services owner alias. + ownerId: + $ref: '#/components/schemas/ownerId' + progress: + type: string + description: The progress of the snapshot, as a percentage. + restoreExpiryTime: + type: string + description: Only for archived snapshots that are temporarily restored. Indicates the date and time when a temporarily restored snapshot will be automatically re-archived. + snapshotId: + type: string + description: The ID of the snapshot. Each snapshot receives a unique identifier when it is created. + startTime: + type: string + description: The time stamp when the snapshot was initiated. + status: + type: string + description: The snapshot state. + statusMessage: + type: string + description: Encrypted Amazon EBS snapshots are copied asynchronously. If a snapshot copy operation fails (for example, if the proper Key Management Service (KMS) permissions are not obtained) this field displays error state details. + storageTier: + type: string + description: The storage tier in which the snapshot is stored. + tagSet: + $ref: '#/components/schemas/tagSet' + volumeId: + type: string + description: The ID of the volume that was used to create the snapshot. + volumeSize: + type: integer + description: The size of the volume, in GiB. + region: + $ref: '#/components/schemas/region' + x-example-where-clause: WHERE region = '' + x-stackQL-resources: + capacity_reservations: + name: capacity_reservations + id: aws.ec2.capacity_reservations + x-cfn-schema-name: CapacityReservation + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::CapacityReservation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::CapacityReservation' + AND region = 'us-east-1' + capacity_reservation: + name: capacity_reservation + id: aws.ec2.capacity_reservation + x-cfn-schema-name: CapacityReservation + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Tenancy') as tenancy, + JSON_EXTRACT(Properties, '$.EndDateType') as end_date_type, + JSON_EXTRACT(Properties, '$.TagSpecifications') as tag_specifications, + JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(Properties, '$.TotalInstanceCount') as total_instance_count, + JSON_EXTRACT(Properties, '$.EndDate') as end_date, + JSON_EXTRACT(Properties, '$.EbsOptimized') as ebs_optimized, + JSON_EXTRACT(Properties, '$.OutPostArn') as out_post_arn, + JSON_EXTRACT(Properties, '$.InstanceCount') as instance_count, + JSON_EXTRACT(Properties, '$.PlacementGroupArn') as placement_group_arn, + JSON_EXTRACT(Properties, '$.AvailableInstanceCount') as available_instance_count, + JSON_EXTRACT(Properties, '$.InstancePlatform') as instance_platform, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.InstanceType') as instance_type, + JSON_EXTRACT(Properties, '$.EphemeralStorage') as ephemeral_storage, + JSON_EXTRACT(Properties, '$.InstanceMatchCriteria') as instance_match_criteria + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::CapacityReservation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Tenancy') as tenancy, + json_extract_path_text(Properties, 'EndDateType') as end_date_type, + json_extract_path_text(Properties, 'TagSpecifications') as tag_specifications, + json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(Properties, 'TotalInstanceCount') as total_instance_count, + json_extract_path_text(Properties, 'EndDate') as end_date, + json_extract_path_text(Properties, 'EbsOptimized') as ebs_optimized, + json_extract_path_text(Properties, 'OutPostArn') as out_post_arn, + json_extract_path_text(Properties, 'InstanceCount') as instance_count, + json_extract_path_text(Properties, 'PlacementGroupArn') as placement_group_arn, + json_extract_path_text(Properties, 'AvailableInstanceCount') as available_instance_count, + json_extract_path_text(Properties, 'InstancePlatform') as instance_platform, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'InstanceType') as instance_type, + json_extract_path_text(Properties, 'EphemeralStorage') as ephemeral_storage, + json_extract_path_text(Properties, 'InstanceMatchCriteria') as instance_match_criteria + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::CapacityReservation' + AND data__Identifier = '' + AND region = 'us-east-1' + capacity_reservation_fleets: + name: capacity_reservation_fleets + id: aws.ec2.capacity_reservation_fleets + x-cfn-schema-name: CapacityReservationFleet + x-type: list + x-identifiers: + - CapacityReservationFleetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CapacityReservationFleetId') as capacity_reservation_fleet_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::CapacityReservationFleet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CapacityReservationFleetId') as capacity_reservation_fleet_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::CapacityReservationFleet' + AND region = 'us-east-1' + capacity_reservation_fleet: + name: capacity_reservation_fleet + id: aws.ec2.capacity_reservation_fleet + x-cfn-schema-name: CapacityReservationFleet + x-type: get + x-identifiers: + - CapacityReservationFleetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AllocationStrategy') as allocation_strategy, + JSON_EXTRACT(Properties, '$.TagSpecifications') as tag_specifications, + JSON_EXTRACT(Properties, '$.InstanceTypeSpecifications') as instance_type_specifications, + JSON_EXTRACT(Properties, '$.TotalTargetCapacity') as total_target_capacity, + JSON_EXTRACT(Properties, '$.EndDate') as end_date, + JSON_EXTRACT(Properties, '$.InstanceMatchCriteria') as instance_match_criteria, + JSON_EXTRACT(Properties, '$.CapacityReservationFleetId') as capacity_reservation_fleet_id, + JSON_EXTRACT(Properties, '$.Tenancy') as tenancy, + JSON_EXTRACT(Properties, '$.RemoveEndDate') as remove_end_date, + JSON_EXTRACT(Properties, '$.NoRemoveEndDate') as no_remove_end_date + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::CapacityReservationFleet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AllocationStrategy') as allocation_strategy, + json_extract_path_text(Properties, 'TagSpecifications') as tag_specifications, + json_extract_path_text(Properties, 'InstanceTypeSpecifications') as instance_type_specifications, + json_extract_path_text(Properties, 'TotalTargetCapacity') as total_target_capacity, + json_extract_path_text(Properties, 'EndDate') as end_date, + json_extract_path_text(Properties, 'InstanceMatchCriteria') as instance_match_criteria, + json_extract_path_text(Properties, 'CapacityReservationFleetId') as capacity_reservation_fleet_id, + json_extract_path_text(Properties, 'Tenancy') as tenancy, + json_extract_path_text(Properties, 'RemoveEndDate') as remove_end_date, + json_extract_path_text(Properties, 'NoRemoveEndDate') as no_remove_end_date + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::CapacityReservationFleet' + AND data__Identifier = '' + AND region = 'us-east-1' + carrier_gateways: + name: carrier_gateways + id: aws.ec2.carrier_gateways + x-cfn-schema-name: CarrierGateway + x-type: list + x-identifiers: + - CarrierGatewayId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CarrierGatewayId') as carrier_gateway_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::CarrierGateway' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CarrierGatewayId') as carrier_gateway_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::CarrierGateway' + AND region = 'us-east-1' + carrier_gateway: + name: carrier_gateway + id: aws.ec2.carrier_gateway + x-cfn-schema-name: CarrierGateway + x-type: get + x-identifiers: + - CarrierGatewayId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CarrierGatewayId') as carrier_gateway_id, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.OwnerId') as owner_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::CarrierGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CarrierGatewayId') as carrier_gateway_id, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'OwnerId') as owner_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::CarrierGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + customer_gateways: + name: customer_gateways + id: aws.ec2.customer_gateways + x-cfn-schema-name: CustomerGateway + x-type: list + x-identifiers: + - CustomerGatewayId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CustomerGatewayId') as customer_gateway_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::CustomerGateway' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CustomerGatewayId') as customer_gateway_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::CustomerGateway' + AND region = 'us-east-1' + customer_gateway: + name: customer_gateway + id: aws.ec2.customer_gateway + x-cfn-schema-name: CustomerGateway + x-type: get + x-identifiers: + - CustomerGatewayId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CertificateArn') as certificate_arn, + JSON_EXTRACT(Properties, '$.CustomerGatewayId') as customer_gateway_id, + JSON_EXTRACT(Properties, '$.BgpAsn') as bgp_asn, + JSON_EXTRACT(Properties, '$.IpAddress') as ip_address, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.DeviceName') as device_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::CustomerGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CertificateArn') as certificate_arn, + json_extract_path_text(Properties, 'CustomerGatewayId') as customer_gateway_id, + json_extract_path_text(Properties, 'BgpAsn') as bgp_asn, + json_extract_path_text(Properties, 'IpAddress') as ip_address, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'DeviceName') as device_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::CustomerGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + dhcp_options: + name: dhcp_options + id: aws.ec2.dhcp_options + x-cfn-schema-name: DHCPOptions + x-type: get + x-identifiers: + - DhcpOptionsId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DhcpOptionsId') as dhcp_options_id, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.DomainNameServers') as domain_name_servers, + JSON_EXTRACT(Properties, '$.NetbiosNameServers') as netbios_name_servers, + JSON_EXTRACT(Properties, '$.NetbiosNodeType') as netbios_node_type, + JSON_EXTRACT(Properties, '$.NtpServers') as ntp_servers, + JSON_EXTRACT(Properties, '$.Ipv6AddressPreferredLeaseTime') as ipv6_address_preferred_lease_time, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::DHCPOptions' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DhcpOptionsId') as dhcp_options_id, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'DomainNameServers') as domain_name_servers, + json_extract_path_text(Properties, 'NetbiosNameServers') as netbios_name_servers, + json_extract_path_text(Properties, 'NetbiosNodeType') as netbios_node_type, + json_extract_path_text(Properties, 'NtpServers') as ntp_servers, + json_extract_path_text(Properties, 'Ipv6AddressPreferredLeaseTime') as ipv6_address_preferred_lease_time, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::DHCPOptions' + AND data__Identifier = '' + AND region = 'us-east-1' + ec2fleets: + name: ec2fleets + id: aws.ec2.ec2fleets + x-cfn-schema-name: EC2Fleet + x-type: list + x-identifiers: + - FleetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FleetId') as fleet_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::EC2Fleet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FleetId') as fleet_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::EC2Fleet' + AND region = 'us-east-1' + ec2fleet: + name: ec2fleet + id: aws.ec2.ec2fleet + x-cfn-schema-name: EC2Fleet + x-type: get + x-identifiers: + - FleetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TargetCapacitySpecification') as target_capacity_specification, + JSON_EXTRACT(Properties, '$.OnDemandOptions') as on_demand_options, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.ExcessCapacityTerminationPolicy') as excess_capacity_termination_policy, + JSON_EXTRACT(Properties, '$.TagSpecifications') as tag_specifications, + JSON_EXTRACT(Properties, '$.SpotOptions') as spot_options, + JSON_EXTRACT(Properties, '$.ValidFrom') as valid_from, + JSON_EXTRACT(Properties, '$.ReplaceUnhealthyInstances') as replace_unhealthy_instances, + JSON_EXTRACT(Properties, '$.LaunchTemplateConfigs') as launch_template_configs, + JSON_EXTRACT(Properties, '$.FleetId') as fleet_id, + JSON_EXTRACT(Properties, '$.TerminateInstancesWithExpiration') as terminate_instances_with_expiration, + JSON_EXTRACT(Properties, '$.ValidUntil') as valid_until, + JSON_EXTRACT(Properties, '$.Context') as context + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::EC2Fleet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TargetCapacitySpecification') as target_capacity_specification, + json_extract_path_text(Properties, 'OnDemandOptions') as on_demand_options, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'ExcessCapacityTerminationPolicy') as excess_capacity_termination_policy, + json_extract_path_text(Properties, 'TagSpecifications') as tag_specifications, + json_extract_path_text(Properties, 'SpotOptions') as spot_options, + json_extract_path_text(Properties, 'ValidFrom') as valid_from, + json_extract_path_text(Properties, 'ReplaceUnhealthyInstances') as replace_unhealthy_instances, + json_extract_path_text(Properties, 'LaunchTemplateConfigs') as launch_template_configs, + json_extract_path_text(Properties, 'FleetId') as fleet_id, + json_extract_path_text(Properties, 'TerminateInstancesWithExpiration') as terminate_instances_with_expiration, + json_extract_path_text(Properties, 'ValidUntil') as valid_until, + json_extract_path_text(Properties, 'Context') as context + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::EC2Fleet' + AND data__Identifier = '' + AND region = 'us-east-1' + egress_only_internet_gateways: + name: egress_only_internet_gateways + id: aws.ec2.egress_only_internet_gateways + x-cfn-schema-name: EgressOnlyInternetGateway + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::EgressOnlyInternetGateway' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::EgressOnlyInternetGateway' + AND region = 'us-east-1' + egress_only_internet_gateway: + name: egress_only_internet_gateway + id: aws.ec2.egress_only_internet_gateway + x-cfn-schema-name: EgressOnlyInternetGateway + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::EgressOnlyInternetGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::EgressOnlyInternetGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + eips: + name: eips + id: aws.ec2.eips + x-cfn-schema-name: EIP + x-type: list + x-identifiers: + - PublicIp + - AllocationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PublicIp') as public_ip, + JSON_EXTRACT(Properties, '$.AllocationId') as allocation_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::EIP' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PublicIp') as public_ip, + json_extract_path_text(Properties, 'AllocationId') as allocation_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::EIP' + AND region = 'us-east-1' + eip: + name: eip + id: aws.ec2.eip + x-cfn-schema-name: EIP + x-type: get + x-identifiers: + - PublicIp + - AllocationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PublicIp') as public_ip, + JSON_EXTRACT(Properties, '$.AllocationId') as allocation_id, + JSON_EXTRACT(Properties, '$.Domain') as domain, + JSON_EXTRACT(Properties, '$.NetworkBorderGroup') as network_border_group, + JSON_EXTRACT(Properties, '$.TransferAddress') as transfer_address, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(Properties, '$.PublicIpv4Pool') as public_ipv4_pool, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::EIP' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PublicIp') as public_ip, + json_extract_path_text(Properties, 'AllocationId') as allocation_id, + json_extract_path_text(Properties, 'Domain') as domain, + json_extract_path_text(Properties, 'NetworkBorderGroup') as network_border_group, + json_extract_path_text(Properties, 'TransferAddress') as transfer_address, + json_extract_path_text(Properties, 'InstanceId') as instance_id, + json_extract_path_text(Properties, 'PublicIpv4Pool') as public_ipv4_pool, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::EIP' + AND data__Identifier = '|' + AND region = 'us-east-1' + eip_associations: + name: eip_associations + id: aws.ec2.eip_associations + x-cfn-schema-name: EIPAssociation + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::EIPAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::EIPAssociation' + AND region = 'us-east-1' + eip_association: + name: eip_association + id: aws.ec2.eip_association + x-cfn-schema-name: EIPAssociation + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.AllocationId') as allocation_id, + JSON_EXTRACT(Properties, '$.NetworkInterfaceId') as network_interface_id, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(Properties, '$.PrivateIpAddress') as private_ip_address, + JSON_EXTRACT(Properties, '$.EIP') as e_ip + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::EIPAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'AllocationId') as allocation_id, + json_extract_path_text(Properties, 'NetworkInterfaceId') as network_interface_id, + json_extract_path_text(Properties, 'InstanceId') as instance_id, + json_extract_path_text(Properties, 'PrivateIpAddress') as private_ip_address, + json_extract_path_text(Properties, 'EIP') as e_ip + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::EIPAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + enclave_certificate_iam_role_associations: + name: enclave_certificate_iam_role_associations + id: aws.ec2.enclave_certificate_iam_role_associations + x-cfn-schema-name: EnclaveCertificateIamRoleAssociation + x-type: list + x-identifiers: + - CertificateArn + - RoleArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CertificateArn') as certificate_arn, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::EnclaveCertificateIamRoleAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CertificateArn') as certificate_arn, + json_extract_path_text(Properties, 'RoleArn') as role_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::EnclaveCertificateIamRoleAssociation' + AND region = 'us-east-1' + enclave_certificate_iam_role_association: + name: enclave_certificate_iam_role_association + id: aws.ec2.enclave_certificate_iam_role_association + x-cfn-schema-name: EnclaveCertificateIamRoleAssociation + x-type: get + x-identifiers: + - CertificateArn + - RoleArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CertificateArn') as certificate_arn, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.CertificateS3BucketName') as certificate_s3_bucket_name, + JSON_EXTRACT(Properties, '$.CertificateS3ObjectKey') as certificate_s3_object_key, + JSON_EXTRACT(Properties, '$.EncryptionKmsKeyId') as encryption_kms_key_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::EnclaveCertificateIamRoleAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CertificateArn') as certificate_arn, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'CertificateS3BucketName') as certificate_s3_bucket_name, + json_extract_path_text(Properties, 'CertificateS3ObjectKey') as certificate_s3_object_key, + json_extract_path_text(Properties, 'EncryptionKmsKeyId') as encryption_kms_key_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::EnclaveCertificateIamRoleAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + flow_logs: + name: flow_logs + id: aws.ec2.flow_logs + x-cfn-schema-name: FlowLog + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::FlowLog' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::FlowLog' + AND region = 'us-east-1' + flow_log: + name: flow_log + id: aws.ec2.flow_log + x-cfn-schema-name: FlowLog + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.DeliverCrossAccountRole') as deliver_cross_account_role, + JSON_EXTRACT(Properties, '$.DeliverLogsPermissionArn') as deliver_logs_permission_arn, + JSON_EXTRACT(Properties, '$.LogDestination') as log_destination, + JSON_EXTRACT(Properties, '$.LogDestinationType') as log_destination_type, + JSON_EXTRACT(Properties, '$.LogFormat') as log_format, + JSON_EXTRACT(Properties, '$.LogGroupName') as log_group_name, + JSON_EXTRACT(Properties, '$.MaxAggregationInterval') as max_aggregation_interval, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, + JSON_EXTRACT(Properties, '$.ResourceType') as resource_type, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TrafficType') as traffic_type, + JSON_EXTRACT(Properties, '$.DestinationOptions') as destination_options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::FlowLog' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'DeliverCrossAccountRole') as deliver_cross_account_role, + json_extract_path_text(Properties, 'DeliverLogsPermissionArn') as deliver_logs_permission_arn, + json_extract_path_text(Properties, 'LogDestination') as log_destination, + json_extract_path_text(Properties, 'LogDestinationType') as log_destination_type, + json_extract_path_text(Properties, 'LogFormat') as log_format, + json_extract_path_text(Properties, 'LogGroupName') as log_group_name, + json_extract_path_text(Properties, 'MaxAggregationInterval') as max_aggregation_interval, + json_extract_path_text(Properties, 'ResourceId') as resource_id, + json_extract_path_text(Properties, 'ResourceType') as resource_type, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TrafficType') as traffic_type, + json_extract_path_text(Properties, 'DestinationOptions') as destination_options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::FlowLog' + AND data__Identifier = '' + AND region = 'us-east-1' + gateway_route_table_association: + name: gateway_route_table_association + id: aws.ec2.gateway_route_table_association + x-cfn-schema-name: GatewayRouteTableAssociation + x-type: get + x-identifiers: + - GatewayId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RouteTableId') as route_table_id, + JSON_EXTRACT(Properties, '$.GatewayId') as gateway_id, + JSON_EXTRACT(Properties, '$.AssociationId') as association_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::GatewayRouteTableAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RouteTableId') as route_table_id, + json_extract_path_text(Properties, 'GatewayId') as gateway_id, + json_extract_path_text(Properties, 'AssociationId') as association_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::GatewayRouteTableAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + hosts: + name: hosts + id: aws.ec2.hosts + x-cfn-schema-name: Host + x-type: list + x-identifiers: + - HostId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.HostId') as host_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::Host' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'HostId') as host_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::Host' + AND region = 'us-east-1' + host: + name: host + id: aws.ec2.host + x-cfn-schema-name: Host + x-type: get + x-identifiers: + - HostId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.HostId') as host_id, + JSON_EXTRACT(Properties, '$.AutoPlacement') as auto_placement, + JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(Properties, '$.HostRecovery') as host_recovery, + JSON_EXTRACT(Properties, '$.InstanceType') as instance_type, + JSON_EXTRACT(Properties, '$.InstanceFamily') as instance_family, + JSON_EXTRACT(Properties, '$.OutpostArn') as outpost_arn, + JSON_EXTRACT(Properties, '$.HostMaintenance') as host_maintenance, + JSON_EXTRACT(Properties, '$.AssetId') as asset_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Host' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'HostId') as host_id, + json_extract_path_text(Properties, 'AutoPlacement') as auto_placement, + json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(Properties, 'HostRecovery') as host_recovery, + json_extract_path_text(Properties, 'InstanceType') as instance_type, + json_extract_path_text(Properties, 'InstanceFamily') as instance_family, + json_extract_path_text(Properties, 'OutpostArn') as outpost_arn, + json_extract_path_text(Properties, 'HostMaintenance') as host_maintenance, + json_extract_path_text(Properties, 'AssetId') as asset_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Host' + AND data__Identifier = '' + AND region = 'us-east-1' + network_interfaces: + name: network_interfaces + id: aws.ec2.network_interfaces + x-cfn-schema-name: NetworkInterface + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkInterface' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkInterface' + AND region = 'us-east-1' + network_interface: + name: network_interface + id: aws.ec2.network_interface + x-cfn-schema-name: NetworkInterface + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.PrivateIpAddress') as private_ip_address, + JSON_EXTRACT(Properties, '$.PrivateIpAddresses') as private_ip_addresses, + JSON_EXTRACT(Properties, '$.SecondaryPrivateIpAddressCount') as secondary_private_ip_address_count, + JSON_EXTRACT(Properties, '$.PrimaryPrivateIpAddress') as primary_private_ip_address, + JSON_EXTRACT(Properties, '$.Ipv4Prefixes') as ipv4_prefixes, + JSON_EXTRACT(Properties, '$.Ipv4PrefixCount') as ipv4_prefix_count, + JSON_EXTRACT(Properties, '$.GroupSet') as group_set, + JSON_EXTRACT(Properties, '$.Ipv6Addresses') as ipv6_addresses, + JSON_EXTRACT(Properties, '$.Ipv6Prefixes') as ipv6_prefixes, + JSON_EXTRACT(Properties, '$.Ipv6PrefixCount') as ipv6_prefix_count, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(Properties, '$.SourceDestCheck') as source_dest_check, + JSON_EXTRACT(Properties, '$.InterfaceType') as interface_type, + JSON_EXTRACT(Properties, '$.SecondaryPrivateIpAddresses') as secondary_private_ip_addresses, + JSON_EXTRACT(Properties, '$.Ipv6AddressCount') as ipv6_address_count, + JSON_EXTRACT(Properties, '$.EnablePrimaryIpv6') as enable_primary_ipv6, + JSON_EXTRACT(Properties, '$.PrimaryIpv6Address') as primary_ipv6_address, + JSON_EXTRACT(Properties, '$.ConnectionTrackingSpecification') as connection_tracking_specification, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkInterface' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'PrivateIpAddress') as private_ip_address, + json_extract_path_text(Properties, 'PrivateIpAddresses') as private_ip_addresses, + json_extract_path_text(Properties, 'SecondaryPrivateIpAddressCount') as secondary_private_ip_address_count, + json_extract_path_text(Properties, 'PrimaryPrivateIpAddress') as primary_private_ip_address, + json_extract_path_text(Properties, 'Ipv4Prefixes') as ipv4_prefixes, + json_extract_path_text(Properties, 'Ipv4PrefixCount') as ipv4_prefix_count, + json_extract_path_text(Properties, 'GroupSet') as group_set, + json_extract_path_text(Properties, 'Ipv6Addresses') as ipv6_addresses, + json_extract_path_text(Properties, 'Ipv6Prefixes') as ipv6_prefixes, + json_extract_path_text(Properties, 'Ipv6PrefixCount') as ipv6_prefix_count, + json_extract_path_text(Properties, 'SubnetId') as subnet_id, + json_extract_path_text(Properties, 'SourceDestCheck') as source_dest_check, + json_extract_path_text(Properties, 'InterfaceType') as interface_type, + json_extract_path_text(Properties, 'SecondaryPrivateIpAddresses') as secondary_private_ip_addresses, + json_extract_path_text(Properties, 'Ipv6AddressCount') as ipv6_address_count, + json_extract_path_text(Properties, 'EnablePrimaryIpv6') as enable_primary_ipv6, + json_extract_path_text(Properties, 'PrimaryIpv6Address') as primary_ipv6_address, + json_extract_path_text(Properties, 'ConnectionTrackingSpecification') as connection_tracking_specification, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkInterface' + AND data__Identifier = '' + AND region = 'us-east-1' + volumes: + name: volumes + id: aws.ec2.volumes + x-cfn-schema-name: Volume + x-type: list + x-identifiers: + - VolumeId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.VolumeId') as volume_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::Volume' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'VolumeId') as volume_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::Volume' + AND region = 'us-east-1' + volume: + name: volume + id: aws.ec2.volume + x-cfn-schema-name: Volume + x-type: get + x-identifiers: + - VolumeId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.MultiAttachEnabled') as multi_attach_enabled, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.Encrypted') as encrypted, + JSON_EXTRACT(Properties, '$.Size') as size, + JSON_EXTRACT(Properties, '$.AutoEnableIO') as auto_enable_io, + JSON_EXTRACT(Properties, '$.OutpostArn') as outpost_arn, + JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(Properties, '$.Throughput') as throughput, + JSON_EXTRACT(Properties, '$.Iops') as iops, + JSON_EXTRACT(Properties, '$.SnapshotId') as snapshot_id, + JSON_EXTRACT(Properties, '$.VolumeType') as volume_type, + JSON_EXTRACT(Properties, '$.VolumeId') as volume_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Volume' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'MultiAttachEnabled') as multi_attach_enabled, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'Encrypted') as encrypted, + json_extract_path_text(Properties, 'Size') as size, + json_extract_path_text(Properties, 'AutoEnableIO') as auto_enable_io, + json_extract_path_text(Properties, 'OutpostArn') as outpost_arn, + json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(Properties, 'Throughput') as throughput, + json_extract_path_text(Properties, 'Iops') as iops, + json_extract_path_text(Properties, 'SnapshotId') as snapshot_id, + json_extract_path_text(Properties, 'VolumeType') as volume_type, + json_extract_path_text(Properties, 'VolumeId') as volume_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Volume' + AND data__Identifier = '' + AND region = 'us-east-1' + instances: + name: instances + id: aws.ec2.instances + x-cfn-schema-name: Instance + x-type: list + x-identifiers: + - InstanceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::Instance' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InstanceId') as instance_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::Instance' + AND region = 'us-east-1' + instance: + name: instance + id: aws.ec2.instance + x-cfn-schema-name: Instance + x-type: get + x-identifiers: + - InstanceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Tenancy') as tenancy, + JSON_EXTRACT(Properties, '$.SecurityGroups') as security_groups, + JSON_EXTRACT(Properties, '$.PrivateDnsName') as private_dns_name, + JSON_EXTRACT(Properties, '$.PrivateIpAddress') as private_ip_address, + JSON_EXTRACT(Properties, '$.UserData') as user_data, + JSON_EXTRACT(Properties, '$.BlockDeviceMappings') as block_device_mappings, + JSON_EXTRACT(Properties, '$.IamInstanceProfile') as iam_instance_profile, + JSON_EXTRACT(Properties, '$.Ipv6Addresses') as ipv6_addresses, + JSON_EXTRACT(Properties, '$.KernelId') as kernel_id, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(Properties, '$.EbsOptimized') as ebs_optimized, + JSON_EXTRACT(Properties, '$.PropagateTagsToVolumeOnCreation') as propagate_tags_to_volume_on_creation, + JSON_EXTRACT(Properties, '$.ElasticGpuSpecifications') as elastic_gpu_specifications, + JSON_EXTRACT(Properties, '$.ElasticInferenceAccelerators') as elastic_inference_accelerators, + JSON_EXTRACT(Properties, '$.Volumes') as volumes, + JSON_EXTRACT(Properties, '$.PrivateIp') as private_ip, + JSON_EXTRACT(Properties, '$.Ipv6AddressCount') as ipv6_address_count, + JSON_EXTRACT(Properties, '$.LaunchTemplate') as launch_template, + JSON_EXTRACT(Properties, '$.EnclaveOptions') as enclave_options, + JSON_EXTRACT(Properties, '$.NetworkInterfaces') as network_interfaces, + JSON_EXTRACT(Properties, '$.ImageId') as image_id, + JSON_EXTRACT(Properties, '$.InstanceType') as instance_type, + JSON_EXTRACT(Properties, '$.Monitoring') as monitoring, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AdditionalInfo') as additional_info, + JSON_EXTRACT(Properties, '$.HibernationOptions') as hibernation_options, + JSON_EXTRACT(Properties, '$.LicenseSpecifications') as license_specifications, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(Properties, '$.PublicIp') as public_ip, + JSON_EXTRACT(Properties, '$.InstanceInitiatedShutdownBehavior') as instance_initiated_shutdown_behavior, + JSON_EXTRACT(Properties, '$.CpuOptions') as cpu_options, + JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(Properties, '$.PrivateDnsNameOptions') as private_dns_name_options, + JSON_EXTRACT(Properties, '$.HostId') as host_id, + JSON_EXTRACT(Properties, '$.HostResourceGroupArn') as host_resource_group_arn, + JSON_EXTRACT(Properties, '$.PublicDnsName') as public_dns_name, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.DisableApiTermination') as disable_api_termination, + JSON_EXTRACT(Properties, '$.KeyName') as key_name, + JSON_EXTRACT(Properties, '$.RamdiskId') as ramdisk_id, + JSON_EXTRACT(Properties, '$.SourceDestCheck') as source_dest_check, + JSON_EXTRACT(Properties, '$.PlacementGroupName') as placement_group_name, + JSON_EXTRACT(Properties, '$.SsmAssociations') as ssm_associations, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.Affinity') as affinity, + JSON_EXTRACT(Properties, '$.CreditSpecification') as credit_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Instance' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Tenancy') as tenancy, + json_extract_path_text(Properties, 'SecurityGroups') as security_groups, + json_extract_path_text(Properties, 'PrivateDnsName') as private_dns_name, + json_extract_path_text(Properties, 'PrivateIpAddress') as private_ip_address, + json_extract_path_text(Properties, 'UserData') as user_data, + json_extract_path_text(Properties, 'BlockDeviceMappings') as block_device_mappings, + json_extract_path_text(Properties, 'IamInstanceProfile') as iam_instance_profile, + json_extract_path_text(Properties, 'Ipv6Addresses') as ipv6_addresses, + json_extract_path_text(Properties, 'KernelId') as kernel_id, + json_extract_path_text(Properties, 'SubnetId') as subnet_id, + json_extract_path_text(Properties, 'EbsOptimized') as ebs_optimized, + json_extract_path_text(Properties, 'PropagateTagsToVolumeOnCreation') as propagate_tags_to_volume_on_creation, + json_extract_path_text(Properties, 'ElasticGpuSpecifications') as elastic_gpu_specifications, + json_extract_path_text(Properties, 'ElasticInferenceAccelerators') as elastic_inference_accelerators, + json_extract_path_text(Properties, 'Volumes') as volumes, + json_extract_path_text(Properties, 'PrivateIp') as private_ip, + json_extract_path_text(Properties, 'Ipv6AddressCount') as ipv6_address_count, + json_extract_path_text(Properties, 'LaunchTemplate') as launch_template, + json_extract_path_text(Properties, 'EnclaveOptions') as enclave_options, + json_extract_path_text(Properties, 'NetworkInterfaces') as network_interfaces, + json_extract_path_text(Properties, 'ImageId') as image_id, + json_extract_path_text(Properties, 'InstanceType') as instance_type, + json_extract_path_text(Properties, 'Monitoring') as monitoring, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AdditionalInfo') as additional_info, + json_extract_path_text(Properties, 'HibernationOptions') as hibernation_options, + json_extract_path_text(Properties, 'LicenseSpecifications') as license_specifications, + json_extract_path_text(Properties, 'InstanceId') as instance_id, + json_extract_path_text(Properties, 'PublicIp') as public_ip, + json_extract_path_text(Properties, 'InstanceInitiatedShutdownBehavior') as instance_initiated_shutdown_behavior, + json_extract_path_text(Properties, 'CpuOptions') as cpu_options, + json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(Properties, 'PrivateDnsNameOptions') as private_dns_name_options, + json_extract_path_text(Properties, 'HostId') as host_id, + json_extract_path_text(Properties, 'HostResourceGroupArn') as host_resource_group_arn, + json_extract_path_text(Properties, 'PublicDnsName') as public_dns_name, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'DisableApiTermination') as disable_api_termination, + json_extract_path_text(Properties, 'KeyName') as key_name, + json_extract_path_text(Properties, 'RamdiskId') as ramdisk_id, + json_extract_path_text(Properties, 'SourceDestCheck') as source_dest_check, + json_extract_path_text(Properties, 'PlacementGroupName') as placement_group_name, + json_extract_path_text(Properties, 'SsmAssociations') as ssm_associations, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'Affinity') as affinity, + json_extract_path_text(Properties, 'CreditSpecification') as credit_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Instance' + AND data__Identifier = '' + AND region = 'us-east-1' + instance_connect_endpoints: + name: instance_connect_endpoints + id: aws.ec2.instance_connect_endpoints + x-cfn-schema-name: InstanceConnectEndpoint + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::InstanceConnectEndpoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::InstanceConnectEndpoint' + AND region = 'us-east-1' + instance_connect_endpoint: + name: instance_connect_endpoint + id: aws.ec2.instance_connect_endpoint + x-cfn-schema-name: InstanceConnectEndpoint + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(Properties, '$.ClientToken') as client_token, + JSON_EXTRACT(Properties, '$.PreserveClientIp') as preserve_client_ip, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::InstanceConnectEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'SubnetId') as subnet_id, + json_extract_path_text(Properties, 'ClientToken') as client_token, + json_extract_path_text(Properties, 'PreserveClientIp') as preserve_client_ip, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::InstanceConnectEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + internet_gateways: + name: internet_gateways + id: aws.ec2.internet_gateways + x-cfn-schema-name: InternetGateway + x-type: list + x-identifiers: + - InternetGatewayId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InternetGatewayId') as internet_gateway_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::InternetGateway' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InternetGatewayId') as internet_gateway_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::InternetGateway' + AND region = 'us-east-1' + internet_gateway: + name: internet_gateway + id: aws.ec2.internet_gateway + x-cfn-schema-name: InternetGateway + x-type: get + x-identifiers: + - InternetGatewayId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InternetGatewayId') as internet_gateway_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::InternetGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InternetGatewayId') as internet_gateway_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::InternetGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + ipams: + name: ipams + id: aws.ec2.ipams + x-cfn-schema-name: IPAM + x-type: list + x-identifiers: + - IpamId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.IpamId') as ipam_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::IPAM' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'IpamId') as ipam_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::IPAM' + AND region = 'us-east-1' + ipam: + name: ipam + id: aws.ec2.ipam + x-cfn-schema-name: IPAM + x-type: get + x-identifiers: + - IpamId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IpamId') as ipam_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DefaultResourceDiscoveryId') as default_resource_discovery_id, + JSON_EXTRACT(Properties, '$.DefaultResourceDiscoveryAssociationId') as default_resource_discovery_association_id, + JSON_EXTRACT(Properties, '$.ResourceDiscoveryAssociationCount') as resource_discovery_association_count, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.PublicDefaultScopeId') as public_default_scope_id, + JSON_EXTRACT(Properties, '$.PrivateDefaultScopeId') as private_default_scope_id, + JSON_EXTRACT(Properties, '$.ScopeCount') as scope_count, + JSON_EXTRACT(Properties, '$.OperatingRegions') as operating_regions, + JSON_EXTRACT(Properties, '$.Tier') as tier, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAM' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IpamId') as ipam_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DefaultResourceDiscoveryId') as default_resource_discovery_id, + json_extract_path_text(Properties, 'DefaultResourceDiscoveryAssociationId') as default_resource_discovery_association_id, + json_extract_path_text(Properties, 'ResourceDiscoveryAssociationCount') as resource_discovery_association_count, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'PublicDefaultScopeId') as public_default_scope_id, + json_extract_path_text(Properties, 'PrivateDefaultScopeId') as private_default_scope_id, + json_extract_path_text(Properties, 'ScopeCount') as scope_count, + json_extract_path_text(Properties, 'OperatingRegions') as operating_regions, + json_extract_path_text(Properties, 'Tier') as tier, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAM' + AND data__Identifier = '' + AND region = 'us-east-1' + ipam_allocations: + name: ipam_allocations + id: aws.ec2.ipam_allocations + x-cfn-schema-name: IPAMAllocation + x-type: list + x-identifiers: + - IpamPoolId + - IpamPoolAllocationId + - Cidr + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.IpamPoolId') as ipam_pool_id, + JSON_EXTRACT(Properties, '$.IpamPoolAllocationId') as ipam_pool_allocation_id, + JSON_EXTRACT(Properties, '$.Cidr') as cidr + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::IPAMAllocation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'IpamPoolId') as ipam_pool_id, + json_extract_path_text(Properties, 'IpamPoolAllocationId') as ipam_pool_allocation_id, + json_extract_path_text(Properties, 'Cidr') as cidr + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::IPAMAllocation' + AND region = 'us-east-1' + ipam_allocation: + name: ipam_allocation + id: aws.ec2.ipam_allocation + x-cfn-schema-name: IPAMAllocation + x-type: get + x-identifiers: + - IpamPoolId + - IpamPoolAllocationId + - Cidr + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IpamPoolAllocationId') as ipam_pool_allocation_id, + JSON_EXTRACT(Properties, '$.IpamPoolId') as ipam_pool_id, + JSON_EXTRACT(Properties, '$.Cidr') as cidr, + JSON_EXTRACT(Properties, '$.NetmaskLength') as netmask_length, + JSON_EXTRACT(Properties, '$.Description') as description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAMAllocation' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IpamPoolAllocationId') as ipam_pool_allocation_id, + json_extract_path_text(Properties, 'IpamPoolId') as ipam_pool_id, + json_extract_path_text(Properties, 'Cidr') as cidr, + json_extract_path_text(Properties, 'NetmaskLength') as netmask_length, + json_extract_path_text(Properties, 'Description') as description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAMAllocation' + AND data__Identifier = '||' + AND region = 'us-east-1' + ipam_pools: + name: ipam_pools + id: aws.ec2.ipam_pools + x-cfn-schema-name: IPAMPool + x-type: list + x-identifiers: + - IpamPoolId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.IpamPoolId') as ipam_pool_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::IPAMPool' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'IpamPoolId') as ipam_pool_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::IPAMPool' + AND region = 'us-east-1' + ipam_pool: + name: ipam_pool + id: aws.ec2.ipam_pool + x-cfn-schema-name: IPAMPool + x-type: get + x-identifiers: + - IpamPoolId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IpamPoolId') as ipam_pool_id, + JSON_EXTRACT(Properties, '$.AddressFamily') as address_family, + JSON_EXTRACT(Properties, '$.AllocationMinNetmaskLength') as allocation_min_netmask_length, + JSON_EXTRACT(Properties, '$.AllocationDefaultNetmaskLength') as allocation_default_netmask_length, + JSON_EXTRACT(Properties, '$.AllocationMaxNetmaskLength') as allocation_max_netmask_length, + JSON_EXTRACT(Properties, '$.AllocationResourceTags') as allocation_resource_tags, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AutoImport') as auto_import, + JSON_EXTRACT(Properties, '$.AwsService') as aws_service, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.IpamScopeId') as ipam_scope_id, + JSON_EXTRACT(Properties, '$.IpamScopeArn') as ipam_scope_arn, + JSON_EXTRACT(Properties, '$.IpamScopeType') as ipam_scope_type, + JSON_EXTRACT(Properties, '$.IpamArn') as ipam_arn, + JSON_EXTRACT(Properties, '$.Locale') as locale, + JSON_EXTRACT(Properties, '$.PoolDepth') as pool_depth, + JSON_EXTRACT(Properties, '$.ProvisionedCidrs') as provisioned_cidrs, + JSON_EXTRACT(Properties, '$.PublicIpSource') as public_ip_source, + JSON_EXTRACT(Properties, '$.PubliclyAdvertisable') as publicly_advertisable, + JSON_EXTRACT(Properties, '$.SourceIpamPoolId') as source_ipam_pool_id, + JSON_EXTRACT(Properties, '$.SourceResource') as source_resource, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.StateMessage') as state_message, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAMPool' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IpamPoolId') as ipam_pool_id, + json_extract_path_text(Properties, 'AddressFamily') as address_family, + json_extract_path_text(Properties, 'AllocationMinNetmaskLength') as allocation_min_netmask_length, + json_extract_path_text(Properties, 'AllocationDefaultNetmaskLength') as allocation_default_netmask_length, + json_extract_path_text(Properties, 'AllocationMaxNetmaskLength') as allocation_max_netmask_length, + json_extract_path_text(Properties, 'AllocationResourceTags') as allocation_resource_tags, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AutoImport') as auto_import, + json_extract_path_text(Properties, 'AwsService') as aws_service, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'IpamScopeId') as ipam_scope_id, + json_extract_path_text(Properties, 'IpamScopeArn') as ipam_scope_arn, + json_extract_path_text(Properties, 'IpamScopeType') as ipam_scope_type, + json_extract_path_text(Properties, 'IpamArn') as ipam_arn, + json_extract_path_text(Properties, 'Locale') as locale, + json_extract_path_text(Properties, 'PoolDepth') as pool_depth, + json_extract_path_text(Properties, 'ProvisionedCidrs') as provisioned_cidrs, + json_extract_path_text(Properties, 'PublicIpSource') as public_ip_source, + json_extract_path_text(Properties, 'PubliclyAdvertisable') as publicly_advertisable, + json_extract_path_text(Properties, 'SourceIpamPoolId') as source_ipam_pool_id, + json_extract_path_text(Properties, 'SourceResource') as source_resource, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'StateMessage') as state_message, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAMPool' + AND data__Identifier = '' + AND region = 'us-east-1' + ipam_pool_cidrs: + name: ipam_pool_cidrs + id: aws.ec2.ipam_pool_cidrs + x-cfn-schema-name: IPAMPoolCidr + x-type: list + x-identifiers: + - IpamPoolId + - IpamPoolCidrId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.IpamPoolId') as ipam_pool_id, + JSON_EXTRACT(Properties, '$.IpamPoolCidrId') as ipam_pool_cidr_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::IPAMPoolCidr' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'IpamPoolId') as ipam_pool_id, + json_extract_path_text(Properties, 'IpamPoolCidrId') as ipam_pool_cidr_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::IPAMPoolCidr' + AND region = 'us-east-1' + ipam_pool_cidr: + name: ipam_pool_cidr + id: aws.ec2.ipam_pool_cidr + x-cfn-schema-name: IPAMPoolCidr + x-type: get + x-identifiers: + - IpamPoolId + - IpamPoolCidrId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IpamPoolCidrId') as ipam_pool_cidr_id, + JSON_EXTRACT(Properties, '$.IpamPoolId') as ipam_pool_id, + JSON_EXTRACT(Properties, '$.Cidr') as cidr, + JSON_EXTRACT(Properties, '$.NetmaskLength') as netmask_length, + JSON_EXTRACT(Properties, '$.State') as state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAMPoolCidr' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IpamPoolCidrId') as ipam_pool_cidr_id, + json_extract_path_text(Properties, 'IpamPoolId') as ipam_pool_id, + json_extract_path_text(Properties, 'Cidr') as cidr, + json_extract_path_text(Properties, 'NetmaskLength') as netmask_length, + json_extract_path_text(Properties, 'State') as state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAMPoolCidr' + AND data__Identifier = '|' + AND region = 'us-east-1' + ipam_resource_discoveries: + name: ipam_resource_discoveries + id: aws.ec2.ipam_resource_discoveries + x-cfn-schema-name: IPAMResourceDiscovery + x-type: list + x-identifiers: + - IpamResourceDiscoveryId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.IpamResourceDiscoveryId') as ipam_resource_discovery_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::IPAMResourceDiscovery' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'IpamResourceDiscoveryId') as ipam_resource_discovery_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::IPAMResourceDiscovery' + AND region = 'us-east-1' + ipam_resource_discovery: + name: ipam_resource_discovery + id: aws.ec2.ipam_resource_discovery + x-cfn-schema-name: IPAMResourceDiscovery + x-type: get + x-identifiers: + - IpamResourceDiscoveryId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IpamResourceDiscoveryId') as ipam_resource_discovery_id, + JSON_EXTRACT(Properties, '$.OwnerId') as owner_id, + JSON_EXTRACT(Properties, '$.OperatingRegions') as operating_regions, + JSON_EXTRACT(Properties, '$.IpamResourceDiscoveryRegion') as ipam_resource_discovery_region, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.IsDefault') as is_default, + JSON_EXTRACT(Properties, '$.IpamResourceDiscoveryArn') as ipam_resource_discovery_arn, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAMResourceDiscovery' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IpamResourceDiscoveryId') as ipam_resource_discovery_id, + json_extract_path_text(Properties, 'OwnerId') as owner_id, + json_extract_path_text(Properties, 'OperatingRegions') as operating_regions, + json_extract_path_text(Properties, 'IpamResourceDiscoveryRegion') as ipam_resource_discovery_region, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'IsDefault') as is_default, + json_extract_path_text(Properties, 'IpamResourceDiscoveryArn') as ipam_resource_discovery_arn, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAMResourceDiscovery' + AND data__Identifier = '' + AND region = 'us-east-1' + ipam_resource_discovery_associations: + name: ipam_resource_discovery_associations + id: aws.ec2.ipam_resource_discovery_associations + x-cfn-schema-name: IPAMResourceDiscoveryAssociation + x-type: list + x-identifiers: + - IpamResourceDiscoveryAssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.IpamResourceDiscoveryAssociationId') as ipam_resource_discovery_association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::IPAMResourceDiscoveryAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'IpamResourceDiscoveryAssociationId') as ipam_resource_discovery_association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::IPAMResourceDiscoveryAssociation' + AND region = 'us-east-1' + ipam_resource_discovery_association: + name: ipam_resource_discovery_association + id: aws.ec2.ipam_resource_discovery_association + x-cfn-schema-name: IPAMResourceDiscoveryAssociation + x-type: get + x-identifiers: + - IpamResourceDiscoveryAssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IpamArn') as ipam_arn, + JSON_EXTRACT(Properties, '$.IpamRegion') as ipam_region, + JSON_EXTRACT(Properties, '$.IpamResourceDiscoveryAssociationId') as ipam_resource_discovery_association_id, + JSON_EXTRACT(Properties, '$.IpamResourceDiscoveryId') as ipam_resource_discovery_id, + JSON_EXTRACT(Properties, '$.IpamId') as ipam_id, + JSON_EXTRACT(Properties, '$.IpamResourceDiscoveryAssociationArn') as ipam_resource_discovery_association_arn, + JSON_EXTRACT(Properties, '$.IsDefault') as is_default, + JSON_EXTRACT(Properties, '$.OwnerId') as owner_id, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.ResourceDiscoveryStatus') as resource_discovery_status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAMResourceDiscoveryAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IpamArn') as ipam_arn, + json_extract_path_text(Properties, 'IpamRegion') as ipam_region, + json_extract_path_text(Properties, 'IpamResourceDiscoveryAssociationId') as ipam_resource_discovery_association_id, + json_extract_path_text(Properties, 'IpamResourceDiscoveryId') as ipam_resource_discovery_id, + json_extract_path_text(Properties, 'IpamId') as ipam_id, + json_extract_path_text(Properties, 'IpamResourceDiscoveryAssociationArn') as ipam_resource_discovery_association_arn, + json_extract_path_text(Properties, 'IsDefault') as is_default, + json_extract_path_text(Properties, 'OwnerId') as owner_id, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'ResourceDiscoveryStatus') as resource_discovery_status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAMResourceDiscoveryAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + ipam_scopes: + name: ipam_scopes + id: aws.ec2.ipam_scopes + x-cfn-schema-name: IPAMScope + x-type: list + x-identifiers: + - IpamScopeId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.IpamScopeId') as ipam_scope_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::IPAMScope' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'IpamScopeId') as ipam_scope_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::IPAMScope' + AND region = 'us-east-1' + ipam_scope: + name: ipam_scope + id: aws.ec2.ipam_scope + x-cfn-schema-name: IPAMScope + x-type: get + x-identifiers: + - IpamScopeId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IpamScopeId') as ipam_scope_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.IpamId') as ipam_id, + JSON_EXTRACT(Properties, '$.IpamArn') as ipam_arn, + JSON_EXTRACT(Properties, '$.IpamScopeType') as ipam_scope_type, + JSON_EXTRACT(Properties, '$.IsDefault') as is_default, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.PoolCount') as pool_count, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAMScope' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IpamScopeId') as ipam_scope_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'IpamId') as ipam_id, + json_extract_path_text(Properties, 'IpamArn') as ipam_arn, + json_extract_path_text(Properties, 'IpamScopeType') as ipam_scope_type, + json_extract_path_text(Properties, 'IsDefault') as is_default, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'PoolCount') as pool_count, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAMScope' + AND data__Identifier = '' + AND region = 'us-east-1' + key_pairs: + name: key_pairs + id: aws.ec2.key_pairs + x-cfn-schema-name: KeyPair + x-type: list + x-identifiers: + - KeyName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.KeyName') as key_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::KeyPair' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'KeyName') as key_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::KeyPair' + AND region = 'us-east-1' + key_pair: + name: key_pair + id: aws.ec2.key_pair + x-cfn-schema-name: KeyPair + x-type: get + x-identifiers: + - KeyName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.KeyName') as key_name, + JSON_EXTRACT(Properties, '$.KeyType') as key_type, + JSON_EXTRACT(Properties, '$.KeyFormat') as key_format, + JSON_EXTRACT(Properties, '$.PublicKeyMaterial') as public_key_material, + JSON_EXTRACT(Properties, '$.KeyFingerprint') as key_fingerprint, + JSON_EXTRACT(Properties, '$.KeyPairId') as key_pair_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::KeyPair' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'KeyName') as key_name, + json_extract_path_text(Properties, 'KeyType') as key_type, + json_extract_path_text(Properties, 'KeyFormat') as key_format, + json_extract_path_text(Properties, 'PublicKeyMaterial') as public_key_material, + json_extract_path_text(Properties, 'KeyFingerprint') as key_fingerprint, + json_extract_path_text(Properties, 'KeyPairId') as key_pair_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::KeyPair' + AND data__Identifier = '' + AND region = 'us-east-1' + launch_templates: + name: launch_templates + id: aws.ec2.launch_templates + x-cfn-schema-name: LaunchTemplate + x-type: list + x-identifiers: + - LaunchTemplateId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LaunchTemplateId') as launch_template_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::LaunchTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LaunchTemplateId') as launch_template_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::LaunchTemplate' + AND region = 'us-east-1' + launch_template: + name: launch_template + id: aws.ec2.launch_template + x-cfn-schema-name: LaunchTemplate + x-type: get + x-identifiers: + - LaunchTemplateId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LaunchTemplateName') as launch_template_name, + JSON_EXTRACT(Properties, '$.LaunchTemplateData') as launch_template_data, + JSON_EXTRACT(Properties, '$.VersionDescription') as version_description, + JSON_EXTRACT(Properties, '$.TagSpecifications') as tag_specifications, + JSON_EXTRACT(Properties, '$.LatestVersionNumber') as latest_version_number, + JSON_EXTRACT(Properties, '$.LaunchTemplateId') as launch_template_id, + JSON_EXTRACT(Properties, '$.DefaultVersionNumber') as default_version_number + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::LaunchTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LaunchTemplateName') as launch_template_name, + json_extract_path_text(Properties, 'LaunchTemplateData') as launch_template_data, + json_extract_path_text(Properties, 'VersionDescription') as version_description, + json_extract_path_text(Properties, 'TagSpecifications') as tag_specifications, + json_extract_path_text(Properties, 'LatestVersionNumber') as latest_version_number, + json_extract_path_text(Properties, 'LaunchTemplateId') as launch_template_id, + json_extract_path_text(Properties, 'DefaultVersionNumber') as default_version_number + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::LaunchTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + local_gateway_routes: + name: local_gateway_routes + id: aws.ec2.local_gateway_routes + x-cfn-schema-name: LocalGatewayRoute + x-type: list + x-identifiers: + - DestinationCidrBlock + - LocalGatewayRouteTableId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DestinationCidrBlock') as destination_cidr_block, + JSON_EXTRACT(Properties, '$.LocalGatewayRouteTableId') as local_gateway_route_table_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::LocalGatewayRoute' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DestinationCidrBlock') as destination_cidr_block, + json_extract_path_text(Properties, 'LocalGatewayRouteTableId') as local_gateway_route_table_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::LocalGatewayRoute' + AND region = 'us-east-1' + local_gateway_route: + name: local_gateway_route + id: aws.ec2.local_gateway_route + x-cfn-schema-name: LocalGatewayRoute + x-type: get + x-identifiers: + - DestinationCidrBlock + - LocalGatewayRouteTableId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DestinationCidrBlock') as destination_cidr_block, + JSON_EXTRACT(Properties, '$.LocalGatewayRouteTableId') as local_gateway_route_table_id, + JSON_EXTRACT(Properties, '$.LocalGatewayVirtualInterfaceGroupId') as local_gateway_virtual_interface_group_id, + JSON_EXTRACT(Properties, '$.NetworkInterfaceId') as network_interface_id, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::LocalGatewayRoute' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DestinationCidrBlock') as destination_cidr_block, + json_extract_path_text(Properties, 'LocalGatewayRouteTableId') as local_gateway_route_table_id, + json_extract_path_text(Properties, 'LocalGatewayVirtualInterfaceGroupId') as local_gateway_virtual_interface_group_id, + json_extract_path_text(Properties, 'NetworkInterfaceId') as network_interface_id, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::LocalGatewayRoute' + AND data__Identifier = '|' + AND region = 'us-east-1' + local_gateway_route_tables: + name: local_gateway_route_tables + id: aws.ec2.local_gateway_route_tables + x-cfn-schema-name: LocalGatewayRouteTable + x-type: list + x-identifiers: + - LocalGatewayRouteTableId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LocalGatewayRouteTableId') as local_gateway_route_table_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::LocalGatewayRouteTable' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LocalGatewayRouteTableId') as local_gateway_route_table_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::LocalGatewayRouteTable' + AND region = 'us-east-1' + local_gateway_route_table: + name: local_gateway_route_table + id: aws.ec2.local_gateway_route_table + x-cfn-schema-name: LocalGatewayRouteTable + x-type: get + x-identifiers: + - LocalGatewayRouteTableId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LocalGatewayRouteTableId') as local_gateway_route_table_id, + JSON_EXTRACT(Properties, '$.LocalGatewayRouteTableArn') as local_gateway_route_table_arn, + JSON_EXTRACT(Properties, '$.LocalGatewayId') as local_gateway_id, + JSON_EXTRACT(Properties, '$.OutpostArn') as outpost_arn, + JSON_EXTRACT(Properties, '$.OwnerId') as owner_id, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Mode') as mode, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::LocalGatewayRouteTable' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LocalGatewayRouteTableId') as local_gateway_route_table_id, + json_extract_path_text(Properties, 'LocalGatewayRouteTableArn') as local_gateway_route_table_arn, + json_extract_path_text(Properties, 'LocalGatewayId') as local_gateway_id, + json_extract_path_text(Properties, 'OutpostArn') as outpost_arn, + json_extract_path_text(Properties, 'OwnerId') as owner_id, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Mode') as mode, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::LocalGatewayRouteTable' + AND data__Identifier = '' + AND region = 'us-east-1' + local_gateway_route_table_virtual_interface_group_associations: + name: local_gateway_route_table_virtual_interface_group_associations + id: aws.ec2.local_gateway_route_table_virtual_interface_group_associations + x-cfn-schema-name: LocalGatewayRouteTableVirtualInterfaceGroupAssociation + x-type: list + x-identifiers: + - LocalGatewayRouteTableVirtualInterfaceGroupAssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LocalGatewayRouteTableVirtualInterfaceGroupAssociationId') as local_gateway_route_table_virtual_interface_group_association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::LocalGatewayRouteTableVirtualInterfaceGroupAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LocalGatewayRouteTableVirtualInterfaceGroupAssociationId') as local_gateway_route_table_virtual_interface_group_association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::LocalGatewayRouteTableVirtualInterfaceGroupAssociation' + AND region = 'us-east-1' + local_gateway_route_table_virtual_interface_group_association: + name: local_gateway_route_table_virtual_interface_group_association + id: aws.ec2.local_gateway_route_table_virtual_interface_group_association + x-cfn-schema-name: LocalGatewayRouteTableVirtualInterfaceGroupAssociation + x-type: get + x-identifiers: + - LocalGatewayRouteTableVirtualInterfaceGroupAssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LocalGatewayRouteTableVirtualInterfaceGroupAssociationId') as local_gateway_route_table_virtual_interface_group_association_id, + JSON_EXTRACT(Properties, '$.LocalGatewayId') as local_gateway_id, + JSON_EXTRACT(Properties, '$.LocalGatewayRouteTableId') as local_gateway_route_table_id, + JSON_EXTRACT(Properties, '$.LocalGatewayRouteTableArn') as local_gateway_route_table_arn, + JSON_EXTRACT(Properties, '$.LocalGatewayVirtualInterfaceGroupId') as local_gateway_virtual_interface_group_id, + JSON_EXTRACT(Properties, '$.OwnerId') as owner_id, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::LocalGatewayRouteTableVirtualInterfaceGroupAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LocalGatewayRouteTableVirtualInterfaceGroupAssociationId') as local_gateway_route_table_virtual_interface_group_association_id, + json_extract_path_text(Properties, 'LocalGatewayId') as local_gateway_id, + json_extract_path_text(Properties, 'LocalGatewayRouteTableId') as local_gateway_route_table_id, + json_extract_path_text(Properties, 'LocalGatewayRouteTableArn') as local_gateway_route_table_arn, + json_extract_path_text(Properties, 'LocalGatewayVirtualInterfaceGroupId') as local_gateway_virtual_interface_group_id, + json_extract_path_text(Properties, 'OwnerId') as owner_id, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::LocalGatewayRouteTableVirtualInterfaceGroupAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + local_gateway_route_tablevpc_associations: + name: local_gateway_route_tablevpc_associations + id: aws.ec2.local_gateway_route_tablevpc_associations + x-cfn-schema-name: LocalGatewayRouteTableVPCAssociation + x-type: list + x-identifiers: + - LocalGatewayRouteTableVpcAssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LocalGatewayRouteTableVpcAssociationId') as local_gateway_route_table_vpc_association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::LocalGatewayRouteTableVPCAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LocalGatewayRouteTableVpcAssociationId') as local_gateway_route_table_vpc_association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::LocalGatewayRouteTableVPCAssociation' + AND region = 'us-east-1' + local_gateway_route_tablevpc_association: + name: local_gateway_route_tablevpc_association + id: aws.ec2.local_gateway_route_tablevpc_association + x-cfn-schema-name: LocalGatewayRouteTableVPCAssociation + x-type: get + x-identifiers: + - LocalGatewayRouteTableVpcAssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LocalGatewayId') as local_gateway_id, + JSON_EXTRACT(Properties, '$.LocalGatewayRouteTableId') as local_gateway_route_table_id, + JSON_EXTRACT(Properties, '$.LocalGatewayRouteTableVpcAssociationId') as local_gateway_route_table_vpc_association_id, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::LocalGatewayRouteTableVPCAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LocalGatewayId') as local_gateway_id, + json_extract_path_text(Properties, 'LocalGatewayRouteTableId') as local_gateway_route_table_id, + json_extract_path_text(Properties, 'LocalGatewayRouteTableVpcAssociationId') as local_gateway_route_table_vpc_association_id, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::LocalGatewayRouteTableVPCAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + nat_gateways: + name: nat_gateways + id: aws.ec2.nat_gateways + x-cfn-schema-name: NatGateway + x-type: list + x-identifiers: + - NatGatewayId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.NatGatewayId') as nat_gateway_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NatGateway' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'NatGatewayId') as nat_gateway_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NatGateway' + AND region = 'us-east-1' + nat_gateway: + name: nat_gateway + id: aws.ec2.nat_gateway + x-cfn-schema-name: NatGateway + x-type: get + x-identifiers: + - NatGatewayId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SecondaryAllocationIds') as secondary_allocation_ids, + JSON_EXTRACT(Properties, '$.PrivateIpAddress') as private_ip_address, + JSON_EXTRACT(Properties, '$.ConnectivityType') as connectivity_type, + JSON_EXTRACT(Properties, '$.SecondaryPrivateIpAddresses') as secondary_private_ip_addresses, + JSON_EXTRACT(Properties, '$.SecondaryPrivateIpAddressCount') as secondary_private_ip_address_count, + JSON_EXTRACT(Properties, '$.AllocationId') as allocation_id, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(Properties, '$.NatGatewayId') as nat_gateway_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.MaxDrainDurationSeconds') as max_drain_duration_seconds + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NatGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SecondaryAllocationIds') as secondary_allocation_ids, + json_extract_path_text(Properties, 'PrivateIpAddress') as private_ip_address, + json_extract_path_text(Properties, 'ConnectivityType') as connectivity_type, + json_extract_path_text(Properties, 'SecondaryPrivateIpAddresses') as secondary_private_ip_addresses, + json_extract_path_text(Properties, 'SecondaryPrivateIpAddressCount') as secondary_private_ip_address_count, + json_extract_path_text(Properties, 'AllocationId') as allocation_id, + json_extract_path_text(Properties, 'SubnetId') as subnet_id, + json_extract_path_text(Properties, 'NatGatewayId') as nat_gateway_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'MaxDrainDurationSeconds') as max_drain_duration_seconds + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NatGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + network_acls: + name: network_acls + id: aws.ec2.network_acls + x-cfn-schema-name: NetworkAcl + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkAcl' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkAcl' + AND region = 'us-east-1' + network_acl: + name: network_acl + id: aws.ec2.network_acl + x-cfn-schema-name: NetworkAcl + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkAcl' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkAcl' + AND data__Identifier = '' + AND region = 'us-east-1' + network_insights_access_scopes: + name: network_insights_access_scopes + id: aws.ec2.network_insights_access_scopes + x-cfn-schema-name: NetworkInsightsAccessScope + x-type: list + x-identifiers: + - NetworkInsightsAccessScopeId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.NetworkInsightsAccessScopeId') as network_insights_access_scope_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkInsightsAccessScope' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'NetworkInsightsAccessScopeId') as network_insights_access_scope_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkInsightsAccessScope' + AND region = 'us-east-1' + network_insights_access_scope: + name: network_insights_access_scope + id: aws.ec2.network_insights_access_scope + x-cfn-schema-name: NetworkInsightsAccessScope + x-type: get + x-identifiers: + - NetworkInsightsAccessScopeId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.NetworkInsightsAccessScopeId') as network_insights_access_scope_id, + JSON_EXTRACT(Properties, '$.NetworkInsightsAccessScopeArn') as network_insights_access_scope_arn, + JSON_EXTRACT(Properties, '$.CreatedDate') as created_date, + JSON_EXTRACT(Properties, '$.UpdatedDate') as updated_date, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.MatchPaths') as match_paths, + JSON_EXTRACT(Properties, '$.ExcludePaths') as exclude_paths + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkInsightsAccessScope' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'NetworkInsightsAccessScopeId') as network_insights_access_scope_id, + json_extract_path_text(Properties, 'NetworkInsightsAccessScopeArn') as network_insights_access_scope_arn, + json_extract_path_text(Properties, 'CreatedDate') as created_date, + json_extract_path_text(Properties, 'UpdatedDate') as updated_date, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'MatchPaths') as match_paths, + json_extract_path_text(Properties, 'ExcludePaths') as exclude_paths + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkInsightsAccessScope' + AND data__Identifier = '' + AND region = 'us-east-1' + network_insights_access_scope_analyses: + name: network_insights_access_scope_analyses + id: aws.ec2.network_insights_access_scope_analyses + x-cfn-schema-name: NetworkInsightsAccessScopeAnalysis + x-type: list + x-identifiers: + - NetworkInsightsAccessScopeAnalysisId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.NetworkInsightsAccessScopeAnalysisId') as network_insights_access_scope_analysis_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkInsightsAccessScopeAnalysis' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'NetworkInsightsAccessScopeAnalysisId') as network_insights_access_scope_analysis_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkInsightsAccessScopeAnalysis' + AND region = 'us-east-1' + network_insights_access_scope_analysis: + name: network_insights_access_scope_analysis + id: aws.ec2.network_insights_access_scope_analysis + x-cfn-schema-name: NetworkInsightsAccessScopeAnalysis + x-type: get + x-identifiers: + - NetworkInsightsAccessScopeAnalysisId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.NetworkInsightsAccessScopeAnalysisId') as network_insights_access_scope_analysis_id, + JSON_EXTRACT(Properties, '$.NetworkInsightsAccessScopeAnalysisArn') as network_insights_access_scope_analysis_arn, + JSON_EXTRACT(Properties, '$.NetworkInsightsAccessScopeId') as network_insights_access_scope_id, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusMessage') as status_message, + JSON_EXTRACT(Properties, '$.StartDate') as start_date, + JSON_EXTRACT(Properties, '$.EndDate') as end_date, + JSON_EXTRACT(Properties, '$.FindingsFound') as findings_found, + JSON_EXTRACT(Properties, '$.AnalyzedEniCount') as analyzed_eni_count, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkInsightsAccessScopeAnalysis' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'NetworkInsightsAccessScopeAnalysisId') as network_insights_access_scope_analysis_id, + json_extract_path_text(Properties, 'NetworkInsightsAccessScopeAnalysisArn') as network_insights_access_scope_analysis_arn, + json_extract_path_text(Properties, 'NetworkInsightsAccessScopeId') as network_insights_access_scope_id, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusMessage') as status_message, + json_extract_path_text(Properties, 'StartDate') as start_date, + json_extract_path_text(Properties, 'EndDate') as end_date, + json_extract_path_text(Properties, 'FindingsFound') as findings_found, + json_extract_path_text(Properties, 'AnalyzedEniCount') as analyzed_eni_count, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkInsightsAccessScopeAnalysis' + AND data__Identifier = '' + AND region = 'us-east-1' + network_insights_analyses: + name: network_insights_analyses + id: aws.ec2.network_insights_analyses + x-cfn-schema-name: NetworkInsightsAnalysis + x-type: list + x-identifiers: + - NetworkInsightsAnalysisId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.NetworkInsightsAnalysisId') as network_insights_analysis_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkInsightsAnalysis' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'NetworkInsightsAnalysisId') as network_insights_analysis_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkInsightsAnalysis' + AND region = 'us-east-1' + network_insights_analysis: + name: network_insights_analysis + id: aws.ec2.network_insights_analysis + x-cfn-schema-name: NetworkInsightsAnalysis + x-type: get + x-identifiers: + - NetworkInsightsAnalysisId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.ReturnPathComponents') as return_path_components, + JSON_EXTRACT(Properties, '$.NetworkInsightsAnalysisId') as network_insights_analysis_id, + JSON_EXTRACT(Properties, '$.NetworkInsightsPathId') as network_insights_path_id, + JSON_EXTRACT(Properties, '$.NetworkPathFound') as network_path_found, + JSON_EXTRACT(Properties, '$.SuggestedAccounts') as suggested_accounts, + JSON_EXTRACT(Properties, '$.FilterInArns') as filter_in_arns, + JSON_EXTRACT(Properties, '$.NetworkInsightsAnalysisArn') as network_insights_analysis_arn, + JSON_EXTRACT(Properties, '$.StatusMessage') as status_message, + JSON_EXTRACT(Properties, '$.StartDate') as start_date, + JSON_EXTRACT(Properties, '$.AlternatePathHints') as alternate_path_hints, + JSON_EXTRACT(Properties, '$.Explanations') as explanations, + JSON_EXTRACT(Properties, '$.ForwardPathComponents') as forward_path_components, + JSON_EXTRACT(Properties, '$.AdditionalAccounts') as additional_accounts, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkInsightsAnalysis' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'ReturnPathComponents') as return_path_components, + json_extract_path_text(Properties, 'NetworkInsightsAnalysisId') as network_insights_analysis_id, + json_extract_path_text(Properties, 'NetworkInsightsPathId') as network_insights_path_id, + json_extract_path_text(Properties, 'NetworkPathFound') as network_path_found, + json_extract_path_text(Properties, 'SuggestedAccounts') as suggested_accounts, + json_extract_path_text(Properties, 'FilterInArns') as filter_in_arns, + json_extract_path_text(Properties, 'NetworkInsightsAnalysisArn') as network_insights_analysis_arn, + json_extract_path_text(Properties, 'StatusMessage') as status_message, + json_extract_path_text(Properties, 'StartDate') as start_date, + json_extract_path_text(Properties, 'AlternatePathHints') as alternate_path_hints, + json_extract_path_text(Properties, 'Explanations') as explanations, + json_extract_path_text(Properties, 'ForwardPathComponents') as forward_path_components, + json_extract_path_text(Properties, 'AdditionalAccounts') as additional_accounts, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkInsightsAnalysis' + AND data__Identifier = '' + AND region = 'us-east-1' + network_insights_paths: + name: network_insights_paths + id: aws.ec2.network_insights_paths + x-cfn-schema-name: NetworkInsightsPath + x-type: list + x-identifiers: + - NetworkInsightsPathId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.NetworkInsightsPathId') as network_insights_path_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkInsightsPath' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'NetworkInsightsPathId') as network_insights_path_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkInsightsPath' + AND region = 'us-east-1' + network_insights_path: + name: network_insights_path + id: aws.ec2.network_insights_path + x-cfn-schema-name: NetworkInsightsPath + x-type: get + x-identifiers: + - NetworkInsightsPathId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.NetworkInsightsPathId') as network_insights_path_id, + JSON_EXTRACT(Properties, '$.NetworkInsightsPathArn') as network_insights_path_arn, + JSON_EXTRACT(Properties, '$.CreatedDate') as created_date, + JSON_EXTRACT(Properties, '$.SourceIp') as source_ip, + JSON_EXTRACT(Properties, '$.FilterAtSource') as filter_at_source, + JSON_EXTRACT(Properties, '$.FilterAtDestination') as filter_at_destination, + JSON_EXTRACT(Properties, '$.DestinationIp') as destination_ip, + JSON_EXTRACT(Properties, '$.Source') as source, + JSON_EXTRACT(Properties, '$.Destination') as destination, + JSON_EXTRACT(Properties, '$.SourceArn') as source_arn, + JSON_EXTRACT(Properties, '$.DestinationArn') as destination_arn, + JSON_EXTRACT(Properties, '$.Protocol') as protocol, + JSON_EXTRACT(Properties, '$.DestinationPort') as destination_port, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkInsightsPath' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'NetworkInsightsPathId') as network_insights_path_id, + json_extract_path_text(Properties, 'NetworkInsightsPathArn') as network_insights_path_arn, + json_extract_path_text(Properties, 'CreatedDate') as created_date, + json_extract_path_text(Properties, 'SourceIp') as source_ip, + json_extract_path_text(Properties, 'FilterAtSource') as filter_at_source, + json_extract_path_text(Properties, 'FilterAtDestination') as filter_at_destination, + json_extract_path_text(Properties, 'DestinationIp') as destination_ip, + json_extract_path_text(Properties, 'Source') as source, + json_extract_path_text(Properties, 'Destination') as destination, + json_extract_path_text(Properties, 'SourceArn') as source_arn, + json_extract_path_text(Properties, 'DestinationArn') as destination_arn, + json_extract_path_text(Properties, 'Protocol') as protocol, + json_extract_path_text(Properties, 'DestinationPort') as destination_port, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkInsightsPath' + AND data__Identifier = '' + AND region = 'us-east-1' + network_interface_attachments: + name: network_interface_attachments + id: aws.ec2.network_interface_attachments + x-cfn-schema-name: NetworkInterfaceAttachment + x-type: list + x-identifiers: + - AttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AttachmentId') as attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkInterfaceAttachment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AttachmentId') as attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkInterfaceAttachment' + AND region = 'us-east-1' + network_interface_attachment: + name: network_interface_attachment + id: aws.ec2.network_interface_attachment + x-cfn-schema-name: NetworkInterfaceAttachment + x-type: get + x-identifiers: + - AttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AttachmentId') as attachment_id, + JSON_EXTRACT(Properties, '$.DeleteOnTermination') as delete_on_termination, + JSON_EXTRACT(Properties, '$.DeviceIndex') as device_index, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(Properties, '$.NetworkInterfaceId') as network_interface_id, + JSON_EXTRACT(Properties, '$.EnaSrdSpecification') as ena_srd_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkInterfaceAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AttachmentId') as attachment_id, + json_extract_path_text(Properties, 'DeleteOnTermination') as delete_on_termination, + json_extract_path_text(Properties, 'DeviceIndex') as device_index, + json_extract_path_text(Properties, 'InstanceId') as instance_id, + json_extract_path_text(Properties, 'NetworkInterfaceId') as network_interface_id, + json_extract_path_text(Properties, 'EnaSrdSpecification') as ena_srd_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkInterfaceAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + network_performance_metric_subscriptions: + name: network_performance_metric_subscriptions + id: aws.ec2.network_performance_metric_subscriptions + x-cfn-schema-name: NetworkPerformanceMetricSubscription + x-type: list + x-identifiers: + - Source + - Destination + - Metric + - Statistic + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Source') as source, + JSON_EXTRACT(Properties, '$.Destination') as destination, + JSON_EXTRACT(Properties, '$.Metric') as metric, + JSON_EXTRACT(Properties, '$.Statistic') as statistic + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkPerformanceMetricSubscription' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Source') as source, + json_extract_path_text(Properties, 'Destination') as destination, + json_extract_path_text(Properties, 'Metric') as metric, + json_extract_path_text(Properties, 'Statistic') as statistic + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::NetworkPerformanceMetricSubscription' + AND region = 'us-east-1' + network_performance_metric_subscription: + name: network_performance_metric_subscription + id: aws.ec2.network_performance_metric_subscription + x-cfn-schema-name: NetworkPerformanceMetricSubscription + x-type: get + x-identifiers: + - Source + - Destination + - Metric + - Statistic + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Source') as source, + JSON_EXTRACT(Properties, '$.Destination') as destination, + JSON_EXTRACT(Properties, '$.Metric') as metric, + JSON_EXTRACT(Properties, '$.Statistic') as statistic + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkPerformanceMetricSubscription' + AND data__Identifier = '|||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Source') as source, + json_extract_path_text(Properties, 'Destination') as destination, + json_extract_path_text(Properties, 'Metric') as metric, + json_extract_path_text(Properties, 'Statistic') as statistic + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkPerformanceMetricSubscription' + AND data__Identifier = '|||' + AND region = 'us-east-1' + placement_groups: + name: placement_groups + id: aws.ec2.placement_groups + x-cfn-schema-name: PlacementGroup + x-type: list + x-identifiers: + - GroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GroupName') as group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::PlacementGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GroupName') as group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::PlacementGroup' + AND region = 'us-east-1' + placement_group: + name: placement_group + id: aws.ec2.placement_group + x-cfn-schema-name: PlacementGroup + x-type: get + x-identifiers: + - GroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Strategy') as strategy, + JSON_EXTRACT(Properties, '$.GroupName') as group_name, + JSON_EXTRACT(Properties, '$.SpreadLevel') as spread_level, + JSON_EXTRACT(Properties, '$.PartitionCount') as partition_count, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::PlacementGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Strategy') as strategy, + json_extract_path_text(Properties, 'GroupName') as group_name, + json_extract_path_text(Properties, 'SpreadLevel') as spread_level, + json_extract_path_text(Properties, 'PartitionCount') as partition_count, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::PlacementGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + prefix_lists: + name: prefix_lists + id: aws.ec2.prefix_lists + x-cfn-schema-name: PrefixList + x-type: list + x-identifiers: + - PrefixListId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PrefixListId') as prefix_list_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::PrefixList' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PrefixListId') as prefix_list_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::PrefixList' + AND region = 'us-east-1' + prefix_list: + name: prefix_list + id: aws.ec2.prefix_list + x-cfn-schema-name: PrefixList + x-type: get + x-identifiers: + - PrefixListId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PrefixListName') as prefix_list_name, + JSON_EXTRACT(Properties, '$.PrefixListId') as prefix_list_id, + JSON_EXTRACT(Properties, '$.OwnerId') as owner_id, + JSON_EXTRACT(Properties, '$.AddressFamily') as address_family, + JSON_EXTRACT(Properties, '$.MaxEntries') as max_entries, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Entries') as entries, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::PrefixList' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PrefixListName') as prefix_list_name, + json_extract_path_text(Properties, 'PrefixListId') as prefix_list_id, + json_extract_path_text(Properties, 'OwnerId') as owner_id, + json_extract_path_text(Properties, 'AddressFamily') as address_family, + json_extract_path_text(Properties, 'MaxEntries') as max_entries, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Entries') as entries, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::PrefixList' + AND data__Identifier = '' + AND region = 'us-east-1' + routes: + name: routes + id: aws.ec2.routes + x-cfn-schema-name: Route + x-type: list + x-identifiers: + - RouteTableId + - CidrBlock + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RouteTableId') as route_table_id, + JSON_EXTRACT(Properties, '$.CidrBlock') as cidr_block + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::Route' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RouteTableId') as route_table_id, + json_extract_path_text(Properties, 'CidrBlock') as cidr_block + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::Route' + AND region = 'us-east-1' + route: + name: route + id: aws.ec2.route + x-cfn-schema-name: Route + x-type: get + x-identifiers: + - RouteTableId + - CidrBlock + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CarrierGatewayId') as carrier_gateway_id, + JSON_EXTRACT(Properties, '$.CidrBlock') as cidr_block, + JSON_EXTRACT(Properties, '$.CoreNetworkArn') as core_network_arn, + JSON_EXTRACT(Properties, '$.DestinationCidrBlock') as destination_cidr_block, + JSON_EXTRACT(Properties, '$.DestinationIpv6CidrBlock') as destination_ipv6_cidr_block, + JSON_EXTRACT(Properties, '$.DestinationPrefixListId') as destination_prefix_list_id, + JSON_EXTRACT(Properties, '$.EgressOnlyInternetGatewayId') as egress_only_internet_gateway_id, + JSON_EXTRACT(Properties, '$.GatewayId') as gateway_id, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(Properties, '$.LocalGatewayId') as local_gateway_id, + JSON_EXTRACT(Properties, '$.NatGatewayId') as nat_gateway_id, + JSON_EXTRACT(Properties, '$.NetworkInterfaceId') as network_interface_id, + JSON_EXTRACT(Properties, '$.RouteTableId') as route_table_id, + JSON_EXTRACT(Properties, '$.TransitGatewayId') as transit_gateway_id, + JSON_EXTRACT(Properties, '$.VpcEndpointId') as vpc_endpoint_id, + JSON_EXTRACT(Properties, '$.VpcPeeringConnectionId') as vpc_peering_connection_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Route' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CarrierGatewayId') as carrier_gateway_id, + json_extract_path_text(Properties, 'CidrBlock') as cidr_block, + json_extract_path_text(Properties, 'CoreNetworkArn') as core_network_arn, + json_extract_path_text(Properties, 'DestinationCidrBlock') as destination_cidr_block, + json_extract_path_text(Properties, 'DestinationIpv6CidrBlock') as destination_ipv6_cidr_block, + json_extract_path_text(Properties, 'DestinationPrefixListId') as destination_prefix_list_id, + json_extract_path_text(Properties, 'EgressOnlyInternetGatewayId') as egress_only_internet_gateway_id, + json_extract_path_text(Properties, 'GatewayId') as gateway_id, + json_extract_path_text(Properties, 'InstanceId') as instance_id, + json_extract_path_text(Properties, 'LocalGatewayId') as local_gateway_id, + json_extract_path_text(Properties, 'NatGatewayId') as nat_gateway_id, + json_extract_path_text(Properties, 'NetworkInterfaceId') as network_interface_id, + json_extract_path_text(Properties, 'RouteTableId') as route_table_id, + json_extract_path_text(Properties, 'TransitGatewayId') as transit_gateway_id, + json_extract_path_text(Properties, 'VpcEndpointId') as vpc_endpoint_id, + json_extract_path_text(Properties, 'VpcPeeringConnectionId') as vpc_peering_connection_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Route' + AND data__Identifier = '|' + AND region = 'us-east-1' + route_tables: + name: route_tables + id: aws.ec2.route_tables + x-cfn-schema-name: RouteTable + x-type: list + x-identifiers: + - RouteTableId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RouteTableId') as route_table_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::RouteTable' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RouteTableId') as route_table_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::RouteTable' + AND region = 'us-east-1' + route_table: + name: route_table + id: aws.ec2.route_table + x-cfn-schema-name: RouteTable + x-type: get + x-identifiers: + - RouteTableId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RouteTableId') as route_table_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::RouteTable' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RouteTableId') as route_table_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::RouteTable' + AND data__Identifier = '' + AND region = 'us-east-1' + security_groups: + name: security_groups + id: aws.ec2.security_groups + x-cfn-schema-name: SecurityGroup + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SecurityGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SecurityGroup' + AND region = 'us-east-1' + security_group: + name: security_group + id: aws.ec2.security_group + x-cfn-schema-name: SecurityGroup + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.GroupDescription') as group_description, + JSON_EXTRACT(Properties, '$.GroupName') as group_name, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.SecurityGroupIngress') as security_group_ingress, + JSON_EXTRACT(Properties, '$.SecurityGroupEgress') as security_group_egress, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.GroupId') as group_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SecurityGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'GroupDescription') as group_description, + json_extract_path_text(Properties, 'GroupName') as group_name, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'SecurityGroupIngress') as security_group_ingress, + json_extract_path_text(Properties, 'SecurityGroupEgress') as security_group_egress, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'GroupId') as group_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SecurityGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + security_group_egresses: + name: security_group_egresses + id: aws.ec2.security_group_egresses + x-cfn-schema-name: SecurityGroupEgress + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SecurityGroupEgress' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SecurityGroupEgress' + AND region = 'us-east-1' + security_group_egress: + name: security_group_egress + id: aws.ec2.security_group_egress + x-cfn-schema-name: SecurityGroupEgress + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CidrIp') as cidr_ip, + JSON_EXTRACT(Properties, '$.CidrIpv6') as cidr_ipv6, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.FromPort') as from_port, + JSON_EXTRACT(Properties, '$.ToPort') as to_port, + JSON_EXTRACT(Properties, '$.IpProtocol') as ip_protocol, + JSON_EXTRACT(Properties, '$.DestinationSecurityGroupId') as destination_security_group_id, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.DestinationPrefixListId') as destination_prefix_list_id, + JSON_EXTRACT(Properties, '$.GroupId') as group_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SecurityGroupEgress' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CidrIp') as cidr_ip, + json_extract_path_text(Properties, 'CidrIpv6') as cidr_ipv6, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'FromPort') as from_port, + json_extract_path_text(Properties, 'ToPort') as to_port, + json_extract_path_text(Properties, 'IpProtocol') as ip_protocol, + json_extract_path_text(Properties, 'DestinationSecurityGroupId') as destination_security_group_id, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'DestinationPrefixListId') as destination_prefix_list_id, + json_extract_path_text(Properties, 'GroupId') as group_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SecurityGroupEgress' + AND data__Identifier = '' + AND region = 'us-east-1' + security_group_ingresses: + name: security_group_ingresses + id: aws.ec2.security_group_ingresses + x-cfn-schema-name: SecurityGroupIngress + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SecurityGroupIngress' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SecurityGroupIngress' + AND region = 'us-east-1' + security_group_ingress: + name: security_group_ingress + id: aws.ec2.security_group_ingress + x-cfn-schema-name: SecurityGroupIngress + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.CidrIp') as cidr_ip, + JSON_EXTRACT(Properties, '$.CidrIpv6') as cidr_ipv6, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.FromPort') as from_port, + JSON_EXTRACT(Properties, '$.GroupId') as group_id, + JSON_EXTRACT(Properties, '$.GroupName') as group_name, + JSON_EXTRACT(Properties, '$.IpProtocol') as ip_protocol, + JSON_EXTRACT(Properties, '$.SourcePrefixListId') as source_prefix_list_id, + JSON_EXTRACT(Properties, '$.SourceSecurityGroupId') as source_security_group_id, + JSON_EXTRACT(Properties, '$.SourceSecurityGroupName') as source_security_group_name, + JSON_EXTRACT(Properties, '$.SourceSecurityGroupOwnerId') as source_security_group_owner_id, + JSON_EXTRACT(Properties, '$.ToPort') as to_port + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SecurityGroupIngress' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'CidrIp') as cidr_ip, + json_extract_path_text(Properties, 'CidrIpv6') as cidr_ipv6, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'FromPort') as from_port, + json_extract_path_text(Properties, 'GroupId') as group_id, + json_extract_path_text(Properties, 'GroupName') as group_name, + json_extract_path_text(Properties, 'IpProtocol') as ip_protocol, + json_extract_path_text(Properties, 'SourcePrefixListId') as source_prefix_list_id, + json_extract_path_text(Properties, 'SourceSecurityGroupId') as source_security_group_id, + json_extract_path_text(Properties, 'SourceSecurityGroupName') as source_security_group_name, + json_extract_path_text(Properties, 'SourceSecurityGroupOwnerId') as source_security_group_owner_id, + json_extract_path_text(Properties, 'ToPort') as to_port + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SecurityGroupIngress' + AND data__Identifier = '' + AND region = 'us-east-1' + snapshot_block_public_accesses: + name: snapshot_block_public_accesses + id: aws.ec2.snapshot_block_public_accesses + x-cfn-schema-name: SnapshotBlockPublicAccess + x-type: list + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SnapshotBlockPublicAccess' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SnapshotBlockPublicAccess' + AND region = 'us-east-1' + snapshot_block_public_access: + name: snapshot_block_public_access + id: aws.ec2.snapshot_block_public_access + x-cfn-schema-name: SnapshotBlockPublicAccess + x-type: get + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.AccountId') as account_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SnapshotBlockPublicAccess' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'AccountId') as account_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SnapshotBlockPublicAccess' + AND data__Identifier = '' + AND region = 'us-east-1' + spot_fleets: + name: spot_fleets + id: aws.ec2.spot_fleets + x-cfn-schema-name: SpotFleet + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SpotFleet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SpotFleet' + AND region = 'us-east-1' + spot_fleet: + name: spot_fleet + id: aws.ec2.spot_fleet + x-cfn-schema-name: SpotFleet + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.SpotFleetRequestConfigData') as spot_fleet_request_config_data + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SpotFleet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'SpotFleetRequestConfigData') as spot_fleet_request_config_data + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SpotFleet' + AND data__Identifier = '' + AND region = 'us-east-1' + subnets: + name: subnets + id: aws.ec2.subnets + x-cfn-schema-name: Subnet + x-type: list + x-identifiers: + - SubnetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::Subnet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SubnetId') as subnet_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::Subnet' + AND region = 'us-east-1' + subnet: + name: subnet + id: aws.ec2.subnet + x-cfn-schema-name: Subnet + x-type: get + x-identifiers: + - SubnetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AssignIpv6AddressOnCreation') as assign_ipv6_address_on_creation, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.MapPublicIpOnLaunch') as map_public_ip_on_launch, + JSON_EXTRACT(Properties, '$.EnableLniAtDeviceIndex') as enable_lni_at_device_index, + JSON_EXTRACT(Properties, '$.NetworkAclAssociationId') as network_acl_association_id, + JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(Properties, '$.AvailabilityZoneId') as availability_zone_id, + JSON_EXTRACT(Properties, '$.CidrBlock') as cidr_block, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(Properties, '$.Ipv6CidrBlocks') as ipv6_cidr_blocks, + JSON_EXTRACT(Properties, '$.Ipv6CidrBlock') as ipv6_cidr_block, + JSON_EXTRACT(Properties, '$.OutpostArn') as outpost_arn, + JSON_EXTRACT(Properties, '$.Ipv6Native') as ipv6_native, + JSON_EXTRACT(Properties, '$.EnableDns64') as enable_dns64, + JSON_EXTRACT(Properties, '$.PrivateDnsNameOptionsOnLaunch') as private_dns_name_options_on_launch, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Ipv4IpamPoolId') as ipv4_ipam_pool_id, + JSON_EXTRACT(Properties, '$.Ipv4NetmaskLength') as ipv4_netmask_length, + JSON_EXTRACT(Properties, '$.Ipv6IpamPoolId') as ipv6_ipam_pool_id, + JSON_EXTRACT(Properties, '$.Ipv6NetmaskLength') as ipv6_netmask_length + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Subnet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AssignIpv6AddressOnCreation') as assign_ipv6_address_on_creation, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'MapPublicIpOnLaunch') as map_public_ip_on_launch, + json_extract_path_text(Properties, 'EnableLniAtDeviceIndex') as enable_lni_at_device_index, + json_extract_path_text(Properties, 'NetworkAclAssociationId') as network_acl_association_id, + json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(Properties, 'AvailabilityZoneId') as availability_zone_id, + json_extract_path_text(Properties, 'CidrBlock') as cidr_block, + json_extract_path_text(Properties, 'SubnetId') as subnet_id, + json_extract_path_text(Properties, 'Ipv6CidrBlocks') as ipv6_cidr_blocks, + json_extract_path_text(Properties, 'Ipv6CidrBlock') as ipv6_cidr_block, + json_extract_path_text(Properties, 'OutpostArn') as outpost_arn, + json_extract_path_text(Properties, 'Ipv6Native') as ipv6_native, + json_extract_path_text(Properties, 'EnableDns64') as enable_dns64, + json_extract_path_text(Properties, 'PrivateDnsNameOptionsOnLaunch') as private_dns_name_options_on_launch, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Ipv4IpamPoolId') as ipv4_ipam_pool_id, + json_extract_path_text(Properties, 'Ipv4NetmaskLength') as ipv4_netmask_length, + json_extract_path_text(Properties, 'Ipv6IpamPoolId') as ipv6_ipam_pool_id, + json_extract_path_text(Properties, 'Ipv6NetmaskLength') as ipv6_netmask_length + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Subnet' + AND data__Identifier = '' + AND region = 'us-east-1' + subnet_cidr_blocks: + name: subnet_cidr_blocks + id: aws.ec2.subnet_cidr_blocks + x-cfn-schema-name: SubnetCidrBlock + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SubnetCidrBlock' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SubnetCidrBlock' + AND region = 'us-east-1' + subnet_cidr_block: + name: subnet_cidr_block + id: aws.ec2.subnet_cidr_block + x-cfn-schema-name: SubnetCidrBlock + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Ipv6CidrBlock') as ipv6_cidr_block, + JSON_EXTRACT(Properties, '$.Ipv6IpamPoolId') as ipv6_ipam_pool_id, + JSON_EXTRACT(Properties, '$.Ipv6NetmaskLength') as ipv6_netmask_length, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SubnetCidrBlock' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Ipv6CidrBlock') as ipv6_cidr_block, + json_extract_path_text(Properties, 'Ipv6IpamPoolId') as ipv6_ipam_pool_id, + json_extract_path_text(Properties, 'Ipv6NetmaskLength') as ipv6_netmask_length, + json_extract_path_text(Properties, 'SubnetId') as subnet_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SubnetCidrBlock' + AND data__Identifier = '' + AND region = 'us-east-1' + subnet_network_acl_associations: + name: subnet_network_acl_associations + id: aws.ec2.subnet_network_acl_associations + x-cfn-schema-name: SubnetNetworkAclAssociation + x-type: list + x-identifiers: + - AssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssociationId') as association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SubnetNetworkAclAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssociationId') as association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SubnetNetworkAclAssociation' + AND region = 'us-east-1' + subnet_network_acl_association: + name: subnet_network_acl_association + id: aws.ec2.subnet_network_acl_association + x-cfn-schema-name: SubnetNetworkAclAssociation + x-type: get + x-identifiers: + - AssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(Properties, '$.NetworkAclId') as network_acl_id, + JSON_EXTRACT(Properties, '$.AssociationId') as association_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SubnetNetworkAclAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SubnetId') as subnet_id, + json_extract_path_text(Properties, 'NetworkAclId') as network_acl_id, + json_extract_path_text(Properties, 'AssociationId') as association_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SubnetNetworkAclAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + subnet_route_table_associations: + name: subnet_route_table_associations + id: aws.ec2.subnet_route_table_associations + x-cfn-schema-name: SubnetRouteTableAssociation + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SubnetRouteTableAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SubnetRouteTableAssociation' + AND region = 'us-east-1' + subnet_route_table_association: + name: subnet_route_table_association + id: aws.ec2.subnet_route_table_association + x-cfn-schema-name: SubnetRouteTableAssociation + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.RouteTableId') as route_table_id, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SubnetRouteTableAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'RouteTableId') as route_table_id, + json_extract_path_text(Properties, 'SubnetId') as subnet_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SubnetRouteTableAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + transit_gateways: + name: transit_gateways + id: aws.ec2.transit_gateways + x-cfn-schema-name: TransitGateway + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGateway' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGateway' + AND region = 'us-east-1' + transit_gateway: + name: transit_gateway + id: aws.ec2.transit_gateway + x-cfn-schema-name: TransitGateway + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.AssociationDefaultRouteTableId') as association_default_route_table_id, + JSON_EXTRACT(Properties, '$.AutoAcceptSharedAttachments') as auto_accept_shared_attachments, + JSON_EXTRACT(Properties, '$.TransitGatewayArn') as transit_gateway_arn, + JSON_EXTRACT(Properties, '$.DefaultRouteTablePropagation') as default_route_table_propagation, + JSON_EXTRACT(Properties, '$.TransitGatewayCidrBlocks') as transit_gateway_cidr_blocks, + JSON_EXTRACT(Properties, '$.PropagationDefaultRouteTableId') as propagation_default_route_table_id, + JSON_EXTRACT(Properties, '$.DefaultRouteTableAssociation') as default_route_table_association, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.VpnEcmpSupport') as vpn_ecmp_support, + JSON_EXTRACT(Properties, '$.DnsSupport') as dns_support, + JSON_EXTRACT(Properties, '$.MulticastSupport') as multicast_support, + JSON_EXTRACT(Properties, '$.AmazonSideAsn') as amazon_side_asn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'AssociationDefaultRouteTableId') as association_default_route_table_id, + json_extract_path_text(Properties, 'AutoAcceptSharedAttachments') as auto_accept_shared_attachments, + json_extract_path_text(Properties, 'TransitGatewayArn') as transit_gateway_arn, + json_extract_path_text(Properties, 'DefaultRouteTablePropagation') as default_route_table_propagation, + json_extract_path_text(Properties, 'TransitGatewayCidrBlocks') as transit_gateway_cidr_blocks, + json_extract_path_text(Properties, 'PropagationDefaultRouteTableId') as propagation_default_route_table_id, + json_extract_path_text(Properties, 'DefaultRouteTableAssociation') as default_route_table_association, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'VpnEcmpSupport') as vpn_ecmp_support, + json_extract_path_text(Properties, 'DnsSupport') as dns_support, + json_extract_path_text(Properties, 'MulticastSupport') as multicast_support, + json_extract_path_text(Properties, 'AmazonSideAsn') as amazon_side_asn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + transit_gateway_attachments: + name: transit_gateway_attachments + id: aws.ec2.transit_gateway_attachments + x-cfn-schema-name: TransitGatewayAttachment + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayAttachment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayAttachment' + AND region = 'us-east-1' + transit_gateway_attachment: + name: transit_gateway_attachment + id: aws.ec2.transit_gateway_attachment + x-cfn-schema-name: TransitGatewayAttachment + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.TransitGatewayId') as transit_gateway_id, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Options') as options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'TransitGatewayId') as transit_gateway_id, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Options') as options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + transit_gateway_connects: + name: transit_gateway_connects + id: aws.ec2.transit_gateway_connects + x-cfn-schema-name: TransitGatewayConnect + x-type: list + x-identifiers: + - TransitGatewayAttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TransitGatewayAttachmentId') as transit_gateway_attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayConnect' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TransitGatewayAttachmentId') as transit_gateway_attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayConnect' + AND region = 'us-east-1' + transit_gateway_connect: + name: transit_gateway_connect + id: aws.ec2.transit_gateway_connect + x-cfn-schema-name: TransitGatewayConnect + x-type: get + x-identifiers: + - TransitGatewayAttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TransitGatewayAttachmentId') as transit_gateway_attachment_id, + JSON_EXTRACT(Properties, '$.TransportTransitGatewayAttachmentId') as transport_transit_gateway_attachment_id, + JSON_EXTRACT(Properties, '$.TransitGatewayId') as transit_gateway_id, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Options') as options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayConnect' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TransitGatewayAttachmentId') as transit_gateway_attachment_id, + json_extract_path_text(Properties, 'TransportTransitGatewayAttachmentId') as transport_transit_gateway_attachment_id, + json_extract_path_text(Properties, 'TransitGatewayId') as transit_gateway_id, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Options') as options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayConnect' + AND data__Identifier = '' + AND region = 'us-east-1' + transit_gateway_multicast_domains: + name: transit_gateway_multicast_domains + id: aws.ec2.transit_gateway_multicast_domains + x-cfn-schema-name: TransitGatewayMulticastDomain + x-type: list + x-identifiers: + - TransitGatewayMulticastDomainId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastDomain' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastDomain' + AND region = 'us-east-1' + transit_gateway_multicast_domain: + name: transit_gateway_multicast_domain + id: aws.ec2.transit_gateway_multicast_domain + x-cfn-schema-name: TransitGatewayMulticastDomain + x-type: get + x-identifiers: + - TransitGatewayMulticastDomainId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id, + JSON_EXTRACT(Properties, '$.TransitGatewayMulticastDomainArn') as transit_gateway_multicast_domain_arn, + JSON_EXTRACT(Properties, '$.TransitGatewayId') as transit_gateway_id, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Options') as options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastDomain' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id, + json_extract_path_text(Properties, 'TransitGatewayMulticastDomainArn') as transit_gateway_multicast_domain_arn, + json_extract_path_text(Properties, 'TransitGatewayId') as transit_gateway_id, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Options') as options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastDomain' + AND data__Identifier = '' + AND region = 'us-east-1' + transit_gateway_multicast_domain_associations: + name: transit_gateway_multicast_domain_associations + id: aws.ec2.transit_gateway_multicast_domain_associations + x-cfn-schema-name: TransitGatewayMulticastDomainAssociation + x-type: list + x-identifiers: + - TransitGatewayMulticastDomainId + - TransitGatewayAttachmentId + - SubnetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id, + JSON_EXTRACT(Properties, '$.TransitGatewayAttachmentId') as transit_gateway_attachment_id, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastDomainAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id, + json_extract_path_text(Properties, 'TransitGatewayAttachmentId') as transit_gateway_attachment_id, + json_extract_path_text(Properties, 'SubnetId') as subnet_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastDomainAssociation' + AND region = 'us-east-1' + transit_gateway_multicast_domain_association: + name: transit_gateway_multicast_domain_association + id: aws.ec2.transit_gateway_multicast_domain_association + x-cfn-schema-name: TransitGatewayMulticastDomainAssociation + x-type: get + x-identifiers: + - TransitGatewayMulticastDomainId + - TransitGatewayAttachmentId + - SubnetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id, + JSON_EXTRACT(Properties, '$.TransitGatewayAttachmentId') as transit_gateway_attachment_id, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, + JSON_EXTRACT(Properties, '$.ResourceType') as resource_type, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastDomainAssociation' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id, + json_extract_path_text(Properties, 'TransitGatewayAttachmentId') as transit_gateway_attachment_id, + json_extract_path_text(Properties, 'ResourceId') as resource_id, + json_extract_path_text(Properties, 'ResourceType') as resource_type, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'SubnetId') as subnet_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastDomainAssociation' + AND data__Identifier = '||' + AND region = 'us-east-1' + transit_gateway_multicast_group_members: + name: transit_gateway_multicast_group_members + id: aws.ec2.transit_gateway_multicast_group_members + x-cfn-schema-name: TransitGatewayMulticastGroupMember + x-type: list + x-identifiers: + - TransitGatewayMulticastDomainId + - GroupIpAddress - NetworkInterfaceId - title: UnassignIpv6AddressesRequest - properties: - ipv6Addresses: - allOf: - - $ref: '#/components/schemas/Ipv6AddressList' - - description: The IPv6 addresses to unassign from the network interface. - Ipv6Prefix: - allOf: - - $ref: '#/components/schemas/IpPrefixList' - - description: One or more IPv6 prefixes to unassign from the network interface. - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - description: The ID of the network interface. - UnassignPrivateIpAddressesRequest: - type: object - required: + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id, + JSON_EXTRACT(Properties, '$.GroupIpAddress') as group_ip_address, + JSON_EXTRACT(Properties, '$.NetworkInterfaceId') as network_interface_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastGroupMember' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id, + json_extract_path_text(Properties, 'GroupIpAddress') as group_ip_address, + json_extract_path_text(Properties, 'NetworkInterfaceId') as network_interface_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastGroupMember' + AND region = 'us-east-1' + transit_gateway_multicast_group_member: + name: transit_gateway_multicast_group_member + id: aws.ec2.transit_gateway_multicast_group_member + x-cfn-schema-name: TransitGatewayMulticastGroupMember + x-type: get + x-identifiers: + - TransitGatewayMulticastDomainId + - GroupIpAddress - NetworkInterfaceId - title: UnassignPrivateIpAddressesRequest - properties: - networkInterfaceId: - allOf: - - $ref: '#/components/schemas/NetworkInterfaceId' - - description: The ID of the network interface. - privateIpAddress: - allOf: - - $ref: '#/components/schemas/PrivateIpAddressStringList' - - description: The secondary private IP addresses to unassign from the network interface. You can specify this option multiple times to unassign more than one IP address. - Ipv4Prefix: - allOf: - - $ref: '#/components/schemas/IpPrefixList' - - description: The IPv4 prefixes to unassign from the network interface. - description: Contains the parameters for UnassignPrivateIpAddresses. - UnmonitorInstancesRequest: - type: object - required: - - InstanceIds - title: UnmonitorInstancesRequest - properties: - InstanceId: - allOf: - - $ref: '#/components/schemas/InstanceIdStringList' - - description: The IDs of the instances. - dryRun: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - UnsuccessfulInstanceCreditSpecificationErrorCode: - type: string - enum: - - InvalidInstanceID.Malformed - - InvalidInstanceID.NotFound - - IncorrectInstanceState - - InstanceCreditSpecification.NotSupported - UnsuccessfulInstanceCreditSpecificationItemError: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/UnsuccessfulInstanceCreditSpecificationErrorCode' - - description: The error code. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: The applicable error message. - description: Information about the error for the burstable performance instance whose credit option for CPU usage was not modified. - UnsuccessfulInstanceCreditSpecificationItem: - type: object - properties: - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance. - error: - allOf: - - $ref: '#/components/schemas/UnsuccessfulInstanceCreditSpecificationItemError' - - description: The applicable error for the burstable performance instance whose credit option for CPU usage was not modified. - description: Describes the burstable performance instance whose credit option for CPU usage was not modified. - UnsuccessfulItemError: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/String' - - description: The error code. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: The error message accompanying the error code. - description: 'Information about the error that occurred. For more information about errors, see Error codes.' - UnsuccessfulItem: - type: object - properties: - error: - allOf: - - $ref: '#/components/schemas/UnsuccessfulItemError' - - description: Information about the error. - resourceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the resource. - description: Information about items that were not successfully processed in a batch call. - UpdateSecurityGroupRuleDescriptionsEgressRequest: - type: object - title: UpdateSecurityGroupRuleDescriptionsEgressRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/IpPermissionList' - - description: The IP permissions for the security group rule. You must specify either the IP permissions or the description. - SecurityGroupRuleDescription: - allOf: - - $ref: '#/components/schemas/SecurityGroupRuleDescriptionList' - - description: The description for the egress security group rules. You must specify either the description or the IP permissions. - UpdateSecurityGroupRuleDescriptionsIngressRequest: - type: object - title: UpdateSecurityGroupRuleDescriptionsIngressRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/IpPermissionList' - - description: The IP permissions for the security group rule. You must specify either IP permissions or a description. - SecurityGroupRuleDescription: - allOf: - - $ref: '#/components/schemas/SecurityGroupRuleDescriptionList' - - description: '[VPC only] The description for the ingress security group rules. You must specify either a description or IP permissions.' - UsageClassType: - type: string - enum: - - spot - - on-demand - UserIdGroupPair: - type: object - properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: '

A description for the security group rule that references this user ID group pair.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

' - groupId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the security group. - groupName: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The name of the security group. In a request, use this parameter for a security group in EC2-Classic or a default VPC only. For a security group in a nondefault VPC, use the security group ID.

For a referenced security group in another VPC, this value is not returned if the referenced security group is deleted.

' - peeringStatus: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The status of a VPC peering connection, if applicable.' - userId: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The ID of an Amazon Web Services account.

For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned.

[EC2-Classic] Required when adding or removing rules that reference a security group in another Amazon Web Services account.

' - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ID of the VPC for the referenced security group, if applicable.' - vpcPeeringConnectionId: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The ID of the VPC peering connection, if applicable.' - description: Describes a security group and Amazon Web Services account ID pair. - VCpuCount: - type: integer - VCpuCountRangeRequest: - type: object - required: - - Min - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Integer' - - description: 'The maximum number of vCPUs. To specify no maximum limit, omit this parameter.' - description: The minimum and maximum number of vCPUs. - VgwTelemetry: - type: object - properties: - acceptedRouteCount: - allOf: - - $ref: '#/components/schemas/Integer' - - description: The number of accepted routes. - lastStatusChange: - allOf: - - $ref: '#/components/schemas/DateTime' - - description: The date and time of the last change in status. - outsideIpAddress: - allOf: - - $ref: '#/components/schemas/String' - - description: The Internet-routable IP address of the virtual private gateway's outside interface. - status: - allOf: - - $ref: '#/components/schemas/TelemetryStatus' - - description: The status of the VPN tunnel. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: 'If an error occurs, a description of the error.' - certificateArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate. - description: Describes telemetry for a VPN tunnel. - VgwTelemetryList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VgwTelemetry' - - xml: - name: item - VirtualizationTypeSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/VirtualizationType' - - xml: - name: item - minItems: 0 - maxItems: 2 - VolumeAttachmentList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VolumeAttachment' - - xml: - name: item - VolumeState: - type: string - enum: - - creating - - available - - in-use - - deleting - - deleted - - error - VolumeAttachmentState: - type: string - enum: - - attaching - - attached - - detaching - - detached - - busy - VolumeAttributeName: - type: string - enum: - - autoEnableIO - - productCodes - VolumeModificationState: - type: string - enum: - - modifying - - optimizing - - completed - - failed - VolumeStatusAction: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/String' - - description: 'The code identifying the operation, for example, enable-volume-io.' - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description of the operation. - eventId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the event associated with this operation. - eventType: - allOf: - - $ref: '#/components/schemas/String' - - description: The event type associated with this operation. - description: Describes a volume status operation code. - VolumeStatusActionsList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VolumeStatusAction' - - xml: - name: item - VolumeStatusAttachmentStatus: - type: object - properties: - ioPerformance: - allOf: - - $ref: '#/components/schemas/String' - - description: The maximum IOPS supported by the attached instance. - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the attached instance. - description: Information about the instances to which the volume is attached. - VolumeStatusAttachmentStatusList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VolumeStatusAttachmentStatus' - - xml: - name: item - VolumeStatusName: - type: string - enum: - - io-enabled - - io-performance - VolumeStatusDetails: - type: object - properties: - name: - allOf: - - $ref: '#/components/schemas/VolumeStatusName' - - description: The name of the volume status. - status: - allOf: - - $ref: '#/components/schemas/String' - - description: The intended status of the volume status. - description: Describes a volume status. - VolumeStatusDetailsList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VolumeStatusDetails' - - xml: - name: item - VolumeStatusEvent: - type: object - properties: - description: - allOf: - - $ref: '#/components/schemas/String' - - description: A description of the event. - eventId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of this event. - eventType: - allOf: - - $ref: '#/components/schemas/String' - - description: The type of this event. - notAfter: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The latest end time of the event. - notBefore: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The earliest start time of the event. - instanceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the instance associated with the event. - description: Describes a volume status event. - VolumeStatusEventsList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VolumeStatusEvent' - - xml: - name: item - VolumeStatusInfoStatus: - type: string - enum: - - ok - - impaired - - insufficient-data - VolumeStatusInfo: - type: object - properties: - details: - allOf: - - $ref: '#/components/schemas/VolumeStatusDetailsList' - - description: The details of the volume status. - status: - allOf: - - $ref: '#/components/schemas/VolumeStatusInfoStatus' - - description: The status of the volume. - description: Describes the status of a volume. - VolumeStatusItem: - type: object - properties: - actionsSet: - allOf: - - $ref: '#/components/schemas/VolumeStatusActionsList' - - description: The details of the operation. - availabilityZone: - allOf: - - $ref: '#/components/schemas/String' - - description: The Availability Zone of the volume. - outpostArn: - allOf: - - $ref: '#/components/schemas/String' - - description: The Amazon Resource Name (ARN) of the Outpost. - eventsSet: - allOf: - - $ref: '#/components/schemas/VolumeStatusEventsList' - - description: A list of events associated with the volume. - volumeId: - allOf: - - $ref: '#/components/schemas/String' - - description: The volume ID. - volumeStatus: - allOf: - - $ref: '#/components/schemas/VolumeStatusInfo' - - description: The volume status. - attachmentStatuses: - allOf: - - $ref: '#/components/schemas/VolumeStatusAttachmentStatusList' - - description: Information about the instances to which the volume is attached. - description: Describes the volume status. - VpcState: - type: string - enum: - - pending - - available - VpcIpv6CidrBlockAssociationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcIpv6CidrBlockAssociation' - - xml: - name: item - VpcCidrBlockAssociationSet: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcCidrBlockAssociation' - - xml: - name: item - VpcAttachmentList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcAttachment' - - xml: - name: item - VpcAttributeName: - type: string - enum: - - enableDnsSupport - - enableDnsHostnames - VpcCidrBlockState: - type: object - properties: - state: - allOf: - - $ref: '#/components/schemas/VpcCidrBlockStateCode' - - description: The state of the CIDR block. - statusMessage: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A message about the status of the CIDR block, if applicable.' - description: Describes the state of a CIDR block. - VpcCidrBlockStateCode: - type: string - enum: - - associating - - associated - - disassociating - - disassociated - - failing - - failed - VpcClassicLink: - type: object - properties: - classicLinkEnabled: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the VPC is enabled for ClassicLink. - tagSet: - allOf: - - $ref: '#/components/schemas/TagList' - - description: Any tags assigned to the VPC. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - description: Describes whether a VPC is enabled for ClassicLink. - VpcEndpointType: - type: string - enum: - - Interface - - Gateway - - GatewayLoadBalancer - VpcEndpointConnection: - type: object - properties: - serviceId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the service to which the endpoint is connected. - vpcEndpointId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC endpoint. - vpcEndpointOwner: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the VPC endpoint. - vpcEndpointState: - allOf: - - $ref: '#/components/schemas/State' - - description: The state of the VPC endpoint. - creationTimestamp: - allOf: - - $ref: '#/components/schemas/MillisecondDateTime' - - description: The date and time that the VPC endpoint was created. - dnsEntrySet: - allOf: - - $ref: '#/components/schemas/DnsEntrySet' - - description: The DNS entries for the VPC endpoint. - networkLoadBalancerArnSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The Amazon Resource Names (ARNs) of the network load balancers for the service. - gatewayLoadBalancerArnSet: - allOf: - - $ref: '#/components/schemas/ValueStringList' - - description: The Amazon Resource Names (ARNs) of the Gateway Load Balancers for the service. - ipAddressType: - allOf: - - $ref: '#/components/schemas/IpAddressType' - - description: The IP address type for the endpoint. - description: Describes a VPC endpoint connection to a service. - VpcPeeringConnectionVpcInfo: - type: object - properties: - cidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv4 CIDR block for the VPC. - ipv6CidrBlockSet: - allOf: - - $ref: '#/components/schemas/Ipv6CidrBlockSet' - - description: The IPv6 CIDR block for the VPC. - cidrBlockSet: - allOf: - - $ref: '#/components/schemas/CidrBlockSet' - - description: Information about the IPv4 CIDR blocks for the VPC. - ownerId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the Amazon Web Services account that owns the VPC. - peeringOptions: - allOf: - - $ref: '#/components/schemas/VpcPeeringConnectionOptionsDescription' - - description: Information about the VPC peering connection options for the accepter or requester VPC. - vpcId: - allOf: - - $ref: '#/components/schemas/String' - - description: The ID of the VPC. - region: - allOf: - - $ref: '#/components/schemas/String' - - description: The Region in which the VPC is located. - description: Describes a VPC in a VPC peering connection. - VpcPeeringConnectionStateReason: - type: object - properties: - code: - allOf: - - $ref: '#/components/schemas/VpcPeeringConnectionStateReasonCode' - - description: The status of the VPC peering connection. - message: - allOf: - - $ref: '#/components/schemas/String' - - description: 'A message that provides more information about the status, if applicable.' - description: Describes the status of a VPC peering connection. - VpcPeeringConnectionIdList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpcPeeringConnectionId' - - xml: - name: item - VpcPeeringConnectionOptionsDescription: - type: object - properties: - allowDnsResolutionFromRemoteVpc: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether a local VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC. - allowEgressFromLocalClassicLinkToRemoteVpc: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection. - allowEgressFromLocalVpcToRemoteClassicLink: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection. - description: Describes the VPC peering connection options. - VpcPeeringConnectionStateReasonCode: - type: string - enum: - - initiating-request - - pending-acceptance - - active - - deleted - - rejected - - failed - - expired - - provisioning - - deleting - VpcTenancy: - type: string - enum: - - default - VpnState: - type: string - enum: - - pending - - available - - deleting - - deleted - VpnConnectionOptions: - type: object - properties: - enableAcceleration: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether acceleration is enabled for the VPN connection. - staticRoutesOnly: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP. - localIpv4NetworkCidr: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection. - remoteIpv4NetworkCidr: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv4 CIDR on the Amazon Web Services side of the VPN connection. - localIpv6NetworkCidr: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection. - remoteIpv6NetworkCidr: - allOf: - - $ref: '#/components/schemas/String' - - description: The IPv6 CIDR on the Amazon Web Services side of the VPN connection. - tunnelInsideIpVersion: - allOf: - - $ref: '#/components/schemas/TunnelInsideIpVersion' - - description: Indicates whether the VPN tunnels process IPv4 or IPv6 traffic. - tunnelOptionSet: - allOf: - - $ref: '#/components/schemas/TunnelOptionsList' - - description: Indicates the VPN tunnel options. - description: Describes VPN connection options. - VpnStaticRouteList: - type: array - items: - allOf: - - $ref: '#/components/schemas/VpnStaticRoute' - - xml: - name: item - VpnConnectionDeviceType: - type: object - properties: - vpnConnectionDeviceTypeId: - allOf: - - $ref: '#/components/schemas/String' - - description: Customer gateway device identifier. - vendor: - allOf: - - $ref: '#/components/schemas/String' - - description: Customer gateway device vendor. - platform: - allOf: - - $ref: '#/components/schemas/String' - - description: Customer gateway device platform. - software: - allOf: - - $ref: '#/components/schemas/String' - - description: Customer gateway device software version. - description: 'List of customer gateway devices that have a sample configuration file available for use. You can also see the list of device types with sample configuration files available under Your customer gateway device in the Amazon Web Services Site-to-Site VPN User Guide.' - VpnConnectionDeviceTypeId: - type: string - VpnStaticRouteSource: - type: string - enum: - - Static - VpnStaticRoute: - type: object - properties: - destinationCidrBlock: - allOf: - - $ref: '#/components/schemas/String' - - description: The CIDR block associated with the local subnet of the customer data center. - source: - allOf: - - $ref: '#/components/schemas/VpnStaticRouteSource' - - description: Indicates how the routes were provided. - state: - allOf: - - $ref: '#/components/schemas/VpnState' - - description: The current state of the static route. - description: Describes a static route for a VPN connection. - VpnTunnelOptionsSpecification: - type: object - properties: - undefined: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session.

Valid Values: clear | none | restart

Default: clear

' - Phase1EncryptionAlgorithm: - allOf: - - $ref: '#/components/schemas/Phase1EncryptionAlgorithmsRequestList' - - description: '

One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

' - Phase2EncryptionAlgorithm: - allOf: - - $ref: '#/components/schemas/Phase2EncryptionAlgorithmsRequestList' - - description: '

One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

' - Phase1IntegrityAlgorithm: - allOf: - - $ref: '#/components/schemas/Phase1IntegrityAlgorithmsRequestList' - - description: '

One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

' - Phase2IntegrityAlgorithm: - allOf: - - $ref: '#/components/schemas/Phase2IntegrityAlgorithmsRequestList' - - description: '

One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

' - Phase1DHGroupNumber: - allOf: - - $ref: '#/components/schemas/Phase1DHGroupNumbersRequestList' - - description: '

One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

' - Phase2DHGroupNumber: - allOf: - - $ref: '#/components/schemas/Phase2DHGroupNumbersRequestList' - - description: '

One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

' - IKEVersion: - allOf: - - $ref: '#/components/schemas/String' - - description: '

The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for Amazon Web Services to initiate the IKE negotiation.

Valid Values: add | start

Default: add

' - description: The tunnel options for a single VPN tunnel. - VpnTunnelOptionsSpecificationsList: - type: array - items: - $ref: '#/components/schemas/VpnTunnelOptionsSpecification' - WithdrawByoipCidrRequest: - type: object - required: - - Cidr - title: WithdrawByoipCidrRequest - properties: - undefined: - allOf: - - $ref: '#/components/schemas/Boolean' - - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' - ZoneIdStringList: - type: array - items: - allOf: - - $ref: '#/components/schemas/String' - - xml: - name: ZoneId -security: - - hmac: [] -x-stackQL-config: - queryParamTranspose: - algorithm: AWSCanonical - requestTranslate: - algorithm: get_query_to_post_form_utf_8 + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.GroupIpAddress') as group_ip_address, + JSON_EXTRACT(Properties, '$.TransitGatewayAttachmentId') as transit_gateway_attachment_id, + JSON_EXTRACT(Properties, '$.TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, + JSON_EXTRACT(Properties, '$.ResourceType') as resource_type, + JSON_EXTRACT(Properties, '$.NetworkInterfaceId') as network_interface_id, + JSON_EXTRACT(Properties, '$.GroupMember') as group_member, + JSON_EXTRACT(Properties, '$.GroupSource') as group_source, + JSON_EXTRACT(Properties, '$.MemberType') as member_type, + JSON_EXTRACT(Properties, '$.SourceType') as source_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastGroupMember' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'GroupIpAddress') as group_ip_address, + json_extract_path_text(Properties, 'TransitGatewayAttachmentId') as transit_gateway_attachment_id, + json_extract_path_text(Properties, 'TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id, + json_extract_path_text(Properties, 'SubnetId') as subnet_id, + json_extract_path_text(Properties, 'ResourceId') as resource_id, + json_extract_path_text(Properties, 'ResourceType') as resource_type, + json_extract_path_text(Properties, 'NetworkInterfaceId') as network_interface_id, + json_extract_path_text(Properties, 'GroupMember') as group_member, + json_extract_path_text(Properties, 'GroupSource') as group_source, + json_extract_path_text(Properties, 'MemberType') as member_type, + json_extract_path_text(Properties, 'SourceType') as source_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastGroupMember' + AND data__Identifier = '||' + AND region = 'us-east-1' + transit_gateway_multicast_group_sources: + name: transit_gateway_multicast_group_sources + id: aws.ec2.transit_gateway_multicast_group_sources + x-cfn-schema-name: TransitGatewayMulticastGroupSource + x-type: list + x-identifiers: + - TransitGatewayMulticastDomainId + - GroupIpAddress + - NetworkInterfaceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id, + JSON_EXTRACT(Properties, '$.GroupIpAddress') as group_ip_address, + JSON_EXTRACT(Properties, '$.NetworkInterfaceId') as network_interface_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastGroupSource' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id, + json_extract_path_text(Properties, 'GroupIpAddress') as group_ip_address, + json_extract_path_text(Properties, 'NetworkInterfaceId') as network_interface_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastGroupSource' + AND region = 'us-east-1' + transit_gateway_multicast_group_source: + name: transit_gateway_multicast_group_source + id: aws.ec2.transit_gateway_multicast_group_source + x-cfn-schema-name: TransitGatewayMulticastGroupSource + x-type: get + x-identifiers: + - TransitGatewayMulticastDomainId + - GroupIpAddress + - NetworkInterfaceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.GroupIpAddress') as group_ip_address, + JSON_EXTRACT(Properties, '$.TransitGatewayAttachmentId') as transit_gateway_attachment_id, + JSON_EXTRACT(Properties, '$.TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, + JSON_EXTRACT(Properties, '$.ResourceType') as resource_type, + JSON_EXTRACT(Properties, '$.NetworkInterfaceId') as network_interface_id, + JSON_EXTRACT(Properties, '$.GroupMember') as group_member, + JSON_EXTRACT(Properties, '$.GroupSource') as group_source, + JSON_EXTRACT(Properties, '$.MemberType') as member_type, + JSON_EXTRACT(Properties, '$.SourceType') as source_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastGroupSource' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'GroupIpAddress') as group_ip_address, + json_extract_path_text(Properties, 'TransitGatewayAttachmentId') as transit_gateway_attachment_id, + json_extract_path_text(Properties, 'TransitGatewayMulticastDomainId') as transit_gateway_multicast_domain_id, + json_extract_path_text(Properties, 'SubnetId') as subnet_id, + json_extract_path_text(Properties, 'ResourceId') as resource_id, + json_extract_path_text(Properties, 'ResourceType') as resource_type, + json_extract_path_text(Properties, 'NetworkInterfaceId') as network_interface_id, + json_extract_path_text(Properties, 'GroupMember') as group_member, + json_extract_path_text(Properties, 'GroupSource') as group_source, + json_extract_path_text(Properties, 'MemberType') as member_type, + json_extract_path_text(Properties, 'SourceType') as source_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastGroupSource' + AND data__Identifier = '||' + AND region = 'us-east-1' + transit_gateway_peering_attachments: + name: transit_gateway_peering_attachments + id: aws.ec2.transit_gateway_peering_attachments + x-cfn-schema-name: TransitGatewayPeeringAttachment + x-type: list + x-identifiers: + - TransitGatewayAttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TransitGatewayAttachmentId') as transit_gateway_attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayPeeringAttachment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TransitGatewayAttachmentId') as transit_gateway_attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayPeeringAttachment' + AND region = 'us-east-1' + transit_gateway_peering_attachment: + name: transit_gateway_peering_attachment + id: aws.ec2.transit_gateway_peering_attachment + x-cfn-schema-name: TransitGatewayPeeringAttachment + x-type: get + x-identifiers: + - TransitGatewayAttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.TransitGatewayId') as transit_gateway_id, + JSON_EXTRACT(Properties, '$.PeerTransitGatewayId') as peer_transit_gateway_id, + JSON_EXTRACT(Properties, '$.PeerAccountId') as peer_account_id, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.PeerRegion') as peer_region, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TransitGatewayAttachmentId') as transit_gateway_attachment_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayPeeringAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'TransitGatewayId') as transit_gateway_id, + json_extract_path_text(Properties, 'PeerTransitGatewayId') as peer_transit_gateway_id, + json_extract_path_text(Properties, 'PeerAccountId') as peer_account_id, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'PeerRegion') as peer_region, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TransitGatewayAttachmentId') as transit_gateway_attachment_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayPeeringAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + transit_gateway_route_tables: + name: transit_gateway_route_tables + id: aws.ec2.transit_gateway_route_tables + x-cfn-schema-name: TransitGatewayRouteTable + x-type: list + x-identifiers: + - TransitGatewayRouteTableId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TransitGatewayRouteTableId') as transit_gateway_route_table_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayRouteTable' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TransitGatewayRouteTableId') as transit_gateway_route_table_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayRouteTable' + AND region = 'us-east-1' + transit_gateway_route_table: + name: transit_gateway_route_table + id: aws.ec2.transit_gateway_route_table + x-cfn-schema-name: TransitGatewayRouteTable + x-type: get + x-identifiers: + - TransitGatewayRouteTableId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TransitGatewayRouteTableId') as transit_gateway_route_table_id, + JSON_EXTRACT(Properties, '$.TransitGatewayId') as transit_gateway_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayRouteTable' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TransitGatewayRouteTableId') as transit_gateway_route_table_id, + json_extract_path_text(Properties, 'TransitGatewayId') as transit_gateway_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayRouteTable' + AND data__Identifier = '' + AND region = 'us-east-1' + transit_gateway_route_table_associations: + name: transit_gateway_route_table_associations + id: aws.ec2.transit_gateway_route_table_associations + x-cfn-schema-name: TransitGatewayRouteTableAssociation + x-type: list + x-identifiers: + - TransitGatewayRouteTableId + - TransitGatewayAttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TransitGatewayRouteTableId') as transit_gateway_route_table_id, + JSON_EXTRACT(Properties, '$.TransitGatewayAttachmentId') as transit_gateway_attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayRouteTableAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TransitGatewayRouteTableId') as transit_gateway_route_table_id, + json_extract_path_text(Properties, 'TransitGatewayAttachmentId') as transit_gateway_attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayRouteTableAssociation' + AND region = 'us-east-1' + transit_gateway_route_table_association: + name: transit_gateway_route_table_association + id: aws.ec2.transit_gateway_route_table_association + x-cfn-schema-name: TransitGatewayRouteTableAssociation + x-type: get + x-identifiers: + - TransitGatewayRouteTableId + - TransitGatewayAttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TransitGatewayRouteTableId') as transit_gateway_route_table_id, + JSON_EXTRACT(Properties, '$.TransitGatewayAttachmentId') as transit_gateway_attachment_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayRouteTableAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TransitGatewayRouteTableId') as transit_gateway_route_table_id, + json_extract_path_text(Properties, 'TransitGatewayAttachmentId') as transit_gateway_attachment_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayRouteTableAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + transit_gateway_vpc_attachments: + name: transit_gateway_vpc_attachments + id: aws.ec2.transit_gateway_vpc_attachments + x-cfn-schema-name: TransitGatewayVpcAttachment + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayVpcAttachment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::TransitGatewayVpcAttachment' + AND region = 'us-east-1' + transit_gateway_vpc_attachment: + name: transit_gateway_vpc_attachment + id: aws.ec2.transit_gateway_vpc_attachment + x-cfn-schema-name: TransitGatewayVpcAttachment + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Options') as options, + JSON_EXTRACT(Properties, '$.TransitGatewayId') as transit_gateway_id, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.RemoveSubnetIds') as remove_subnet_ids, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.AddSubnetIds') as add_subnet_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayVpcAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Options') as options, + json_extract_path_text(Properties, 'TransitGatewayId') as transit_gateway_id, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'RemoveSubnetIds') as remove_subnet_ids, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'AddSubnetIds') as add_subnet_ids, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayVpcAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + verified_access_endpoints: + name: verified_access_endpoints + id: aws.ec2.verified_access_endpoints + x-cfn-schema-name: VerifiedAccessEndpoint + x-type: list + x-identifiers: + - VerifiedAccessEndpointId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.VerifiedAccessEndpointId') as verified_access_endpoint_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VerifiedAccessEndpoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'VerifiedAccessEndpointId') as verified_access_endpoint_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VerifiedAccessEndpoint' + AND region = 'us-east-1' + verified_access_endpoint: + name: verified_access_endpoint + id: aws.ec2.verified_access_endpoint + x-cfn-schema-name: VerifiedAccessEndpoint + x-type: get + x-identifiers: + - VerifiedAccessEndpointId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.VerifiedAccessEndpointId') as verified_access_endpoint_id, + JSON_EXTRACT(Properties, '$.VerifiedAccessGroupId') as verified_access_group_id, + JSON_EXTRACT(Properties, '$.VerifiedAccessInstanceId') as verified_access_instance_id, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.NetworkInterfaceOptions') as network_interface_options, + JSON_EXTRACT(Properties, '$.LoadBalancerOptions') as load_balancer_options, + JSON_EXTRACT(Properties, '$.EndpointType') as endpoint_type, + JSON_EXTRACT(Properties, '$.EndpointDomain') as endpoint_domain, + JSON_EXTRACT(Properties, '$.EndpointDomainPrefix') as endpoint_domain_prefix, + JSON_EXTRACT(Properties, '$.DeviceValidationDomain') as device_validation_domain, + JSON_EXTRACT(Properties, '$.DomainCertificateArn') as domain_certificate_arn, + JSON_EXTRACT(Properties, '$.AttachmentType') as attachment_type, + JSON_EXTRACT(Properties, '$.ApplicationDomain') as application_domain, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.PolicyEnabled') as policy_enabled, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.SseSpecification') as sse_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VerifiedAccessEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'VerifiedAccessEndpointId') as verified_access_endpoint_id, + json_extract_path_text(Properties, 'VerifiedAccessGroupId') as verified_access_group_id, + json_extract_path_text(Properties, 'VerifiedAccessInstanceId') as verified_access_instance_id, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'NetworkInterfaceOptions') as network_interface_options, + json_extract_path_text(Properties, 'LoadBalancerOptions') as load_balancer_options, + json_extract_path_text(Properties, 'EndpointType') as endpoint_type, + json_extract_path_text(Properties, 'EndpointDomain') as endpoint_domain, + json_extract_path_text(Properties, 'EndpointDomainPrefix') as endpoint_domain_prefix, + json_extract_path_text(Properties, 'DeviceValidationDomain') as device_validation_domain, + json_extract_path_text(Properties, 'DomainCertificateArn') as domain_certificate_arn, + json_extract_path_text(Properties, 'AttachmentType') as attachment_type, + json_extract_path_text(Properties, 'ApplicationDomain') as application_domain, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'PolicyEnabled') as policy_enabled, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'SseSpecification') as sse_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VerifiedAccessEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + verified_access_groups: + name: verified_access_groups + id: aws.ec2.verified_access_groups + x-cfn-schema-name: VerifiedAccessGroup + x-type: list + x-identifiers: + - VerifiedAccessGroupId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.VerifiedAccessGroupId') as verified_access_group_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VerifiedAccessGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'VerifiedAccessGroupId') as verified_access_group_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VerifiedAccessGroup' + AND region = 'us-east-1' + verified_access_group: + name: verified_access_group + id: aws.ec2.verified_access_group + x-cfn-schema-name: VerifiedAccessGroup + x-type: get + x-identifiers: + - VerifiedAccessGroupId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.VerifiedAccessGroupId') as verified_access_group_id, + JSON_EXTRACT(Properties, '$.VerifiedAccessInstanceId') as verified_access_instance_id, + JSON_EXTRACT(Properties, '$.VerifiedAccessGroupArn') as verified_access_group_arn, + JSON_EXTRACT(Properties, '$.Owner') as owner, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.PolicyEnabled') as policy_enabled, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.SseSpecification') as sse_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VerifiedAccessGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'VerifiedAccessGroupId') as verified_access_group_id, + json_extract_path_text(Properties, 'VerifiedAccessInstanceId') as verified_access_instance_id, + json_extract_path_text(Properties, 'VerifiedAccessGroupArn') as verified_access_group_arn, + json_extract_path_text(Properties, 'Owner') as owner, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'PolicyEnabled') as policy_enabled, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'SseSpecification') as sse_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VerifiedAccessGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + verified_access_trust_providers: + name: verified_access_trust_providers + id: aws.ec2.verified_access_trust_providers + x-cfn-schema-name: VerifiedAccessTrustProvider + x-type: list + x-identifiers: + - VerifiedAccessTrustProviderId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.VerifiedAccessTrustProviderId') as verified_access_trust_provider_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VerifiedAccessTrustProvider' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'VerifiedAccessTrustProviderId') as verified_access_trust_provider_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VerifiedAccessTrustProvider' + AND region = 'us-east-1' + verified_access_trust_provider: + name: verified_access_trust_provider + id: aws.ec2.verified_access_trust_provider + x-cfn-schema-name: VerifiedAccessTrustProvider + x-type: get + x-identifiers: + - VerifiedAccessTrustProviderId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TrustProviderType') as trust_provider_type, + JSON_EXTRACT(Properties, '$.DeviceTrustProviderType') as device_trust_provider_type, + JSON_EXTRACT(Properties, '$.UserTrustProviderType') as user_trust_provider_type, + JSON_EXTRACT(Properties, '$.OidcOptions') as oidc_options, + JSON_EXTRACT(Properties, '$.DeviceOptions') as device_options, + JSON_EXTRACT(Properties, '$.PolicyReferenceName') as policy_reference_name, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.VerifiedAccessTrustProviderId') as verified_access_trust_provider_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.SseSpecification') as sse_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VerifiedAccessTrustProvider' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TrustProviderType') as trust_provider_type, + json_extract_path_text(Properties, 'DeviceTrustProviderType') as device_trust_provider_type, + json_extract_path_text(Properties, 'UserTrustProviderType') as user_trust_provider_type, + json_extract_path_text(Properties, 'OidcOptions') as oidc_options, + json_extract_path_text(Properties, 'DeviceOptions') as device_options, + json_extract_path_text(Properties, 'PolicyReferenceName') as policy_reference_name, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'VerifiedAccessTrustProviderId') as verified_access_trust_provider_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'SseSpecification') as sse_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VerifiedAccessTrustProvider' + AND data__Identifier = '' + AND region = 'us-east-1' + verified_access_instances: + name: verified_access_instances + id: aws.ec2.verified_access_instances + x-cfn-schema-name: VerifiedAccessInstance + x-type: list + x-identifiers: + - VerifiedAccessInstanceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.VerifiedAccessInstanceId') as verified_access_instance_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VerifiedAccessInstance' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'VerifiedAccessInstanceId') as verified_access_instance_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VerifiedAccessInstance' + AND region = 'us-east-1' + verified_access_instance: + name: verified_access_instance + id: aws.ec2.verified_access_instance + x-cfn-schema-name: VerifiedAccessInstance + x-type: get + x-identifiers: + - VerifiedAccessInstanceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.VerifiedAccessInstanceId') as verified_access_instance_id, + JSON_EXTRACT(Properties, '$.VerifiedAccessTrustProviders') as verified_access_trust_providers, + JSON_EXTRACT(Properties, '$.VerifiedAccessTrustProviderIds') as verified_access_trust_provider_ids, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.LoggingConfigurations') as logging_configurations, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.FipsEnabled') as fips_enabled + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VerifiedAccessInstance' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'VerifiedAccessInstanceId') as verified_access_instance_id, + json_extract_path_text(Properties, 'VerifiedAccessTrustProviders') as verified_access_trust_providers, + json_extract_path_text(Properties, 'VerifiedAccessTrustProviderIds') as verified_access_trust_provider_ids, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'LoggingConfigurations') as logging_configurations, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'FipsEnabled') as fips_enabled + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VerifiedAccessInstance' + AND data__Identifier = '' + AND region = 'us-east-1' + volume_attachments: + name: volume_attachments + id: aws.ec2.volume_attachments + x-cfn-schema-name: VolumeAttachment + x-type: list + x-identifiers: + - VolumeId + - InstanceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.VolumeId') as volume_id, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VolumeAttachment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'VolumeId') as volume_id, + json_extract_path_text(Properties, 'InstanceId') as instance_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VolumeAttachment' + AND region = 'us-east-1' + volume_attachment: + name: volume_attachment + id: aws.ec2.volume_attachment + x-cfn-schema-name: VolumeAttachment + x-type: get + x-identifiers: + - VolumeId + - InstanceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.VolumeId') as volume_id, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(Properties, '$.Device') as device + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VolumeAttachment' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'VolumeId') as volume_id, + json_extract_path_text(Properties, 'InstanceId') as instance_id, + json_extract_path_text(Properties, 'Device') as device + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VolumeAttachment' + AND data__Identifier = '|' + AND region = 'us-east-1' + vpcs: + name: vpcs + id: aws.ec2.vpcs + x-cfn-schema-name: VPC + x-type: list + x-identifiers: + - VpcId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPC' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'VpcId') as vpc_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPC' + AND region = 'us-east-1' + vpc: + name: vpc + id: aws.ec2.vpc + x-cfn-schema-name: VPC + x-type: get + x-identifiers: + - VpcId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.InstanceTenancy') as instance_tenancy, + JSON_EXTRACT(Properties, '$.Ipv4NetmaskLength') as ipv4_netmask_length, + JSON_EXTRACT(Properties, '$.CidrBlockAssociations') as cidr_block_associations, + JSON_EXTRACT(Properties, '$.CidrBlock') as cidr_block, + JSON_EXTRACT(Properties, '$.Ipv4IpamPoolId') as ipv4_ipam_pool_id, + JSON_EXTRACT(Properties, '$.DefaultNetworkAcl') as default_network_acl, + JSON_EXTRACT(Properties, '$.EnableDnsSupport') as enable_dns_support, + JSON_EXTRACT(Properties, '$.Ipv6CidrBlocks') as ipv6_cidr_blocks, + JSON_EXTRACT(Properties, '$.DefaultSecurityGroup') as default_security_group, + JSON_EXTRACT(Properties, '$.EnableDnsHostnames') as enable_dns_hostnames, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPC' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'InstanceTenancy') as instance_tenancy, + json_extract_path_text(Properties, 'Ipv4NetmaskLength') as ipv4_netmask_length, + json_extract_path_text(Properties, 'CidrBlockAssociations') as cidr_block_associations, + json_extract_path_text(Properties, 'CidrBlock') as cidr_block, + json_extract_path_text(Properties, 'Ipv4IpamPoolId') as ipv4_ipam_pool_id, + json_extract_path_text(Properties, 'DefaultNetworkAcl') as default_network_acl, + json_extract_path_text(Properties, 'EnableDnsSupport') as enable_dns_support, + json_extract_path_text(Properties, 'Ipv6CidrBlocks') as ipv6_cidr_blocks, + json_extract_path_text(Properties, 'DefaultSecurityGroup') as default_security_group, + json_extract_path_text(Properties, 'EnableDnsHostnames') as enable_dns_hostnames, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPC' + AND data__Identifier = '' + AND region = 'us-east-1' + vpc_cidr_blocks: + name: vpc_cidr_blocks + id: aws.ec2.vpc_cidr_blocks + x-cfn-schema-name: VPCCidrBlock + x-type: list + x-identifiers: + - Id + - VpcId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCCidrBlock' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'VpcId') as vpc_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCCidrBlock' + AND region = 'us-east-1' + vpc_cidr_block: + name: vpc_cidr_block + id: aws.ec2.vpc_cidr_block + x-cfn-schema-name: VPCCidrBlock + x-type: get + x-identifiers: + - Id + - VpcId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CidrBlock') as cidr_block, + JSON_EXTRACT(Properties, '$.Ipv6Pool') as ipv6_pool, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.Ipv6CidrBlock') as ipv6_cidr_block, + JSON_EXTRACT(Properties, '$.Ipv4IpamPoolId') as ipv4_ipam_pool_id, + JSON_EXTRACT(Properties, '$.Ipv4NetmaskLength') as ipv4_netmask_length, + JSON_EXTRACT(Properties, '$.Ipv6IpamPoolId') as ipv6_ipam_pool_id, + JSON_EXTRACT(Properties, '$.Ipv6NetmaskLength') as ipv6_netmask_length, + JSON_EXTRACT(Properties, '$.AmazonProvidedIpv6CidrBlock') as amazon_provided_ipv6_cidr_block + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCCidrBlock' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CidrBlock') as cidr_block, + json_extract_path_text(Properties, 'Ipv6Pool') as ipv6_pool, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'Ipv6CidrBlock') as ipv6_cidr_block, + json_extract_path_text(Properties, 'Ipv4IpamPoolId') as ipv4_ipam_pool_id, + json_extract_path_text(Properties, 'Ipv4NetmaskLength') as ipv4_netmask_length, + json_extract_path_text(Properties, 'Ipv6IpamPoolId') as ipv6_ipam_pool_id, + json_extract_path_text(Properties, 'Ipv6NetmaskLength') as ipv6_netmask_length, + json_extract_path_text(Properties, 'AmazonProvidedIpv6CidrBlock') as amazon_provided_ipv6_cidr_block + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCCidrBlock' + AND data__Identifier = '|' + AND region = 'us-east-1' + vpcdhcp_options_associations: + name: vpcdhcp_options_associations + id: aws.ec2.vpcdhcp_options_associations + x-cfn-schema-name: VPCDHCPOptionsAssociation + x-type: list + x-identifiers: + - DhcpOptionsId + - VpcId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DhcpOptionsId') as dhcp_options_id, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCDHCPOptionsAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DhcpOptionsId') as dhcp_options_id, + json_extract_path_text(Properties, 'VpcId') as vpc_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCDHCPOptionsAssociation' + AND region = 'us-east-1' + vpcdhcp_options_association: + name: vpcdhcp_options_association + id: aws.ec2.vpcdhcp_options_association + x-cfn-schema-name: VPCDHCPOptionsAssociation + x-type: get + x-identifiers: + - DhcpOptionsId + - VpcId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DhcpOptionsId') as dhcp_options_id, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCDHCPOptionsAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DhcpOptionsId') as dhcp_options_id, + json_extract_path_text(Properties, 'VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCDHCPOptionsAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + vpc_endpoints: + name: vpc_endpoints + id: aws.ec2.vpc_endpoints + x-cfn-schema-name: VPCEndpoint + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCEndpoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCEndpoint' + AND region = 'us-east-1' + vpc_endpoint: + name: vpc_endpoint + id: aws.ec2.vpc_endpoint + x-cfn-schema-name: VPCEndpoint + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.CreationTimestamp') as creation_timestamp, + JSON_EXTRACT(Properties, '$.DnsEntries') as dns_entries, + JSON_EXTRACT(Properties, '$.NetworkInterfaceIds') as network_interface_ids, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.PrivateDnsEnabled') as private_dns_enabled, + JSON_EXTRACT(Properties, '$.RouteTableIds') as route_table_ids, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.ServiceName') as service_name, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.VpcEndpointType') as vpc_endpoint_type, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'CreationTimestamp') as creation_timestamp, + json_extract_path_text(Properties, 'DnsEntries') as dns_entries, + json_extract_path_text(Properties, 'NetworkInterfaceIds') as network_interface_ids, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'PrivateDnsEnabled') as private_dns_enabled, + json_extract_path_text(Properties, 'RouteTableIds') as route_table_ids, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'ServiceName') as service_name, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'VpcEndpointType') as vpc_endpoint_type, + json_extract_path_text(Properties, 'VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + vpc_endpoint_connection_notifications: + name: vpc_endpoint_connection_notifications + id: aws.ec2.vpc_endpoint_connection_notifications + x-cfn-schema-name: VPCEndpointConnectionNotification + x-type: list + x-identifiers: + - VPCEndpointConnectionNotificationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.VPCEndpointConnectionNotificationId') as vpc_endpoint_connection_notification_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCEndpointConnectionNotification' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'VPCEndpointConnectionNotificationId') as vpc_endpoint_connection_notification_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCEndpointConnectionNotification' + AND region = 'us-east-1' + vpc_endpoint_connection_notification: + name: vpc_endpoint_connection_notification + id: aws.ec2.vpc_endpoint_connection_notification + x-cfn-schema-name: VPCEndpointConnectionNotification + x-type: get + x-identifiers: + - VPCEndpointConnectionNotificationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.VPCEndpointConnectionNotificationId') as vpc_endpoint_connection_notification_id, + JSON_EXTRACT(Properties, '$.ConnectionEvents') as connection_events, + JSON_EXTRACT(Properties, '$.ConnectionNotificationArn') as connection_notification_arn, + JSON_EXTRACT(Properties, '$.ServiceId') as service_id, + JSON_EXTRACT(Properties, '$.VPCEndpointId') as vpc_endpoint_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCEndpointConnectionNotification' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'VPCEndpointConnectionNotificationId') as vpc_endpoint_connection_notification_id, + json_extract_path_text(Properties, 'ConnectionEvents') as connection_events, + json_extract_path_text(Properties, 'ConnectionNotificationArn') as connection_notification_arn, + json_extract_path_text(Properties, 'ServiceId') as service_id, + json_extract_path_text(Properties, 'VPCEndpointId') as vpc_endpoint_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCEndpointConnectionNotification' + AND data__Identifier = '' + AND region = 'us-east-1' + vpc_endpoint_services: + name: vpc_endpoint_services + id: aws.ec2.vpc_endpoint_services + x-cfn-schema-name: VPCEndpointService + x-type: list + x-identifiers: + - ServiceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ServiceId') as service_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCEndpointService' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ServiceId') as service_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCEndpointService' + AND region = 'us-east-1' + vpc_endpoint_service: + name: vpc_endpoint_service + id: aws.ec2.vpc_endpoint_service + x-cfn-schema-name: VPCEndpointService + x-type: get + x-identifiers: + - ServiceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.NetworkLoadBalancerArns') as network_load_balancer_arns, + JSON_EXTRACT(Properties, '$.ContributorInsightsEnabled') as contributor_insights_enabled, + JSON_EXTRACT(Properties, '$.PayerResponsibility') as payer_responsibility, + JSON_EXTRACT(Properties, '$.ServiceId') as service_id, + JSON_EXTRACT(Properties, '$.AcceptanceRequired') as acceptance_required, + JSON_EXTRACT(Properties, '$.GatewayLoadBalancerArns') as gateway_load_balancer_arns + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCEndpointService' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'NetworkLoadBalancerArns') as network_load_balancer_arns, + json_extract_path_text(Properties, 'ContributorInsightsEnabled') as contributor_insights_enabled, + json_extract_path_text(Properties, 'PayerResponsibility') as payer_responsibility, + json_extract_path_text(Properties, 'ServiceId') as service_id, + json_extract_path_text(Properties, 'AcceptanceRequired') as acceptance_required, + json_extract_path_text(Properties, 'GatewayLoadBalancerArns') as gateway_load_balancer_arns + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCEndpointService' + AND data__Identifier = '' + AND region = 'us-east-1' + vpc_endpoint_service_permissions: + name: vpc_endpoint_service_permissions + id: aws.ec2.vpc_endpoint_service_permissions + x-cfn-schema-name: VPCEndpointServicePermissions + x-type: get + x-identifiers: + - ServiceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AllowedPrincipals') as allowed_principals, + JSON_EXTRACT(Properties, '$.ServiceId') as service_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCEndpointServicePermissions' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AllowedPrincipals') as allowed_principals, + json_extract_path_text(Properties, 'ServiceId') as service_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCEndpointServicePermissions' + AND data__Identifier = '' + AND region = 'us-east-1' + vpc_gateway_attachments: + name: vpc_gateway_attachments + id: aws.ec2.vpc_gateway_attachments + x-cfn-schema-name: VPCGatewayAttachment + x-type: list + x-identifiers: + - AttachmentType + - VpcId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AttachmentType') as attachment_type, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCGatewayAttachment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AttachmentType') as attachment_type, + json_extract_path_text(Properties, 'VpcId') as vpc_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCGatewayAttachment' + AND region = 'us-east-1' + vpc_gateway_attachment: + name: vpc_gateway_attachment + id: aws.ec2.vpc_gateway_attachment + x-cfn-schema-name: VPCGatewayAttachment + x-type: get + x-identifiers: + - AttachmentType + - VpcId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AttachmentType') as attachment_type, + JSON_EXTRACT(Properties, '$.InternetGatewayId') as internet_gateway_id, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.VpnGatewayId') as vpn_gateway_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCGatewayAttachment' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AttachmentType') as attachment_type, + json_extract_path_text(Properties, 'InternetGatewayId') as internet_gateway_id, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'VpnGatewayId') as vpn_gateway_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCGatewayAttachment' + AND data__Identifier = '|' + AND region = 'us-east-1' + vpc_peering_connections: + name: vpc_peering_connections + id: aws.ec2.vpc_peering_connections + x-cfn-schema-name: VPCPeeringConnection + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCPeeringConnection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCPeeringConnection' + AND region = 'us-east-1' + vpc_peering_connection: + name: vpc_peering_connection + id: aws.ec2.vpc_peering_connection + x-cfn-schema-name: VPCPeeringConnection + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.PeerOwnerId') as peer_owner_id, + JSON_EXTRACT(Properties, '$.PeerRegion') as peer_region, + JSON_EXTRACT(Properties, '$.PeerRoleArn') as peer_role_arn, + JSON_EXTRACT(Properties, '$.PeerVpcId') as peer_vpc_id, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCPeeringConnection' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'PeerOwnerId') as peer_owner_id, + json_extract_path_text(Properties, 'PeerRegion') as peer_region, + json_extract_path_text(Properties, 'PeerRoleArn') as peer_role_arn, + json_extract_path_text(Properties, 'PeerVpcId') as peer_vpc_id, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCPeeringConnection' + AND data__Identifier = '' + AND region = 'us-east-1' + vpn_connections: + name: vpn_connections + id: aws.ec2.vpn_connections + x-cfn-schema-name: VPNConnection + x-type: list + x-identifiers: + - VpnConnectionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.VpnConnectionId') as vpn_connection_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPNConnection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'VpnConnectionId') as vpn_connection_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPNConnection' + AND region = 'us-east-1' + vpn_connection: + name: vpn_connection + id: aws.ec2.vpn_connection + x-cfn-schema-name: VPNConnection + x-type: get + x-identifiers: + - VpnConnectionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.VpnConnectionId') as vpn_connection_id, + JSON_EXTRACT(Properties, '$.CustomerGatewayId') as customer_gateway_id, + JSON_EXTRACT(Properties, '$.StaticRoutesOnly') as static_routes_only, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TransitGatewayId') as transit_gateway_id, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.VpnGatewayId') as vpn_gateway_id, + JSON_EXTRACT(Properties, '$.VpnTunnelOptionsSpecifications') as vpn_tunnel_options_specifications + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPNConnection' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'VpnConnectionId') as vpn_connection_id, + json_extract_path_text(Properties, 'CustomerGatewayId') as customer_gateway_id, + json_extract_path_text(Properties, 'StaticRoutesOnly') as static_routes_only, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TransitGatewayId') as transit_gateway_id, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'VpnGatewayId') as vpn_gateway_id, + json_extract_path_text(Properties, 'VpnTunnelOptionsSpecifications') as vpn_tunnel_options_specifications + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPNConnection' + AND data__Identifier = '' + AND region = 'us-east-1' + vpn_connection_routes: + name: vpn_connection_routes + id: aws.ec2.vpn_connection_routes + x-cfn-schema-name: VPNConnectionRoute + x-type: list + x-identifiers: + - DestinationCidrBlock + - VpnConnectionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DestinationCidrBlock') as destination_cidr_block, + JSON_EXTRACT(Properties, '$.VpnConnectionId') as vpn_connection_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPNConnectionRoute' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DestinationCidrBlock') as destination_cidr_block, + json_extract_path_text(Properties, 'VpnConnectionId') as vpn_connection_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPNConnectionRoute' + AND region = 'us-east-1' + vpn_connection_route: + name: vpn_connection_route + id: aws.ec2.vpn_connection_route + x-cfn-schema-name: VPNConnectionRoute + x-type: get + x-identifiers: + - DestinationCidrBlock + - VpnConnectionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DestinationCidrBlock') as destination_cidr_block, + JSON_EXTRACT(Properties, '$.VpnConnectionId') as vpn_connection_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPNConnectionRoute' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DestinationCidrBlock') as destination_cidr_block, + json_extract_path_text(Properties, 'VpnConnectionId') as vpn_connection_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPNConnectionRoute' + AND data__Identifier = '|' + AND region = 'us-east-1' + vpn_gateways: + name: vpn_gateways + id: aws.ec2.vpn_gateways + x-cfn-schema-name: VPNGateway + x-type: list + x-identifiers: + - VPNGatewayId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.VPNGatewayId') as v_pn_gateway_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPNGateway' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'VPNGatewayId') as v_pn_gateway_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPNGateway' + AND region = 'us-east-1' + vpn_gateway: + name: vpn_gateway + id: aws.ec2.vpn_gateway + x-cfn-schema-name: VPNGateway + x-type: get + x-identifiers: + - VPNGatewayId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.VPNGatewayId') as v_pn_gateway_id, + JSON_EXTRACT(Properties, '$.AmazonSideAsn') as amazon_side_asn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPNGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'VPNGatewayId') as v_pn_gateway_id, + json_extract_path_text(Properties, 'AmazonSideAsn') as amazon_side_asn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPNGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + snapshots: + name: snapshots + id: aws.ec2.snapshots + x-cfn-schema-name: snapshots + x-type: custom_list + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + description, + dataEncryptionKeyId, + encrypted, + kmsKeyId, + outpostArn, + ownerAlias, + ownerId, + progress, + restoreExpiryTime, + snapshotId, + startTime, + status, + statusMessage, + storageTier, + tagSet, + volumeId, + volumeSize, + region + FROM aws.ec2_api.snapshots + WHERE region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/ec2_api.yaml b/providers/src/aws/v00.00.00000/services/ec2_api.yaml new file mode 100644 index 00000000..188c7f01 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/ec2_api.yaml @@ -0,0 +1,80190 @@ +openapi: 3.0.0 +info: + version: '2016-11-15' + x-release: v4 + title: Amazon Elastic Compute Cloud + description: 'Amazon Elastic Compute Cloud

Amazon Elastic Compute Cloud (Amazon EC2) provides secure and resizable computing capacity in the Amazon Web Services Cloud. Using Amazon EC2 eliminates the need to invest in hardware up front, so you can develop and deploy applications faster. Amazon Virtual Private Cloud (Amazon VPC) enables you to provision a logically isolated section of the Amazon Web Services Cloud where you can launch Amazon Web Services resources in a virtual network that you''ve defined. Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for use with EC2 instances. EBS volumes are highly available and reliable storage volumes that can be attached to any running instance and used like a hard drive.

To learn more, see the following resources:

' + x-logo: + url: 'https://twitter.com/awscloud/profile_image?size=original' + backgroundColor: '#FFFFFF' + termsOfService: 'https://aws.amazon.com/service-terms/' + contact: + name: Mike Ralphson + email: mike.ralphson@gmail.com + url: 'https://github.com/mermade/aws2openapi' + x-twitter: PermittedSoc + license: + name: Apache 2.0 License + url: 'http://www.apache.org/licenses/' + x-providerName: amazonaws.com + x-serviceName: ec2 + x-origin: + - contentType: application/json + url: 'https://raw.githubusercontent.com/aws/aws-sdk-js/master/apis/ec2-2016-11-15.normal.json' + converter: + url: 'https://github.com/mermade/aws2openapi' + version: 1.0.0 + x-apisguru-driver: external + x-apiClientRegistration: + url: 'https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct' + x-apisguru-categories: + - cloud + x-preferred: true +externalDocs: + description: Amazon Web Services documentation + url: 'https://docs.aws.amazon.com/ec2/' +servers: + - url: 'https://ec2.{region}.amazonaws.com' + variables: + region: + description: The AWS region + enum: + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - us-gov-west-1 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-southeast-1 + - ap-southeast-2 + - ap-east-1 + - ap-south-1 + - sa-east-1 + - me-south-1 + default: us-east-1 + description: The Amazon EC2 multi-region endpoint + - url: 'https://ec2.amazonaws.com' + variables: {} + description: The general Amazon EC2 endpoint for US East (N. Virginia) + - url: 'https://ec2.{region}.amazonaws.com.cn' + variables: + region: + description: The AWS region + enum: + - cn-north-1 + - cn-northwest-1 + default: cn-north-1 + description: The Amazon EC2 endpoint for China (Beijing) and China (Ningxia) +paths: + /?Action=AcceptReservedInstancesExchangeQuote&Version=2016-11-15: + get: + x-aws-operation-name: AcceptReservedInstancesExchangeQuote + operationId: GET_AcceptReservedInstancesExchangeQuote + description: Accepts the Convertible Reserved Instance exchange quote described in the GetReservedInstancesExchangeQuote call. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptReservedInstancesExchangeQuoteResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ReservedInstanceId + in: query + required: true + description: The IDs of the Convertible Reserved Instances to exchange for another Convertible Reserved Instance of the same or higher value. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservationId' + - xml: + name: ReservedInstanceId + - name: TargetConfiguration + in: query + required: false + description: The configuration of the target Convertible Reserved Instance to exchange for your current Convertible Reserved Instances. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TargetConfigurationRequest' + - xml: + name: TargetConfigurationRequest + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AcceptReservedInstancesExchangeQuote + operationId: POST_AcceptReservedInstancesExchangeQuote + description: Accepts the Convertible Reserved Instance exchange quote described in the GetReservedInstancesExchangeQuote call. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptReservedInstancesExchangeQuoteResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptReservedInstancesExchangeQuoteRequest' + parameters: [] + /?Action=AcceptTransitGatewayMulticastDomainAssociations&Version=2016-11-15: + get: + x-aws-operation-name: AcceptTransitGatewayMulticastDomainAssociations + operationId: GET_AcceptTransitGatewayMulticastDomainAssociations + description: Accepts a request to associate subnets with a transit gateway multicast domain. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptTransitGatewayMulticastDomainAssociationsResult' + parameters: + - name: TransitGatewayMulticastDomainId + in: query + required: false + description: The ID of the transit gateway multicast domain. + schema: + type: string + - name: TransitGatewayAttachmentId + in: query + required: false + description: The ID of the transit gateway attachment. + schema: + type: string + - name: SubnetIds + in: query + required: false + description: The IDs of the subnets to associate with the transit gateway multicast domain. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AcceptTransitGatewayMulticastDomainAssociations + operationId: POST_AcceptTransitGatewayMulticastDomainAssociations + description: Accepts a request to associate subnets with a transit gateway multicast domain. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptTransitGatewayMulticastDomainAssociationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptTransitGatewayMulticastDomainAssociationsRequest' + parameters: [] + /?Action=AcceptTransitGatewayPeeringAttachment&Version=2016-11-15: + get: + x-aws-operation-name: AcceptTransitGatewayPeeringAttachment + operationId: GET_AcceptTransitGatewayPeeringAttachment + description: Accepts a transit gateway peering attachment request. The peering attachment must be in the pendingAcceptance state. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptTransitGatewayPeeringAttachmentResult' + parameters: + - name: TransitGatewayAttachmentId + in: query + required: true + description: The ID of the transit gateway attachment. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AcceptTransitGatewayPeeringAttachment + operationId: POST_AcceptTransitGatewayPeeringAttachment + description: Accepts a transit gateway peering attachment request. The peering attachment must be in the pendingAcceptance state. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptTransitGatewayPeeringAttachmentResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptTransitGatewayPeeringAttachmentRequest' + parameters: [] + /?Action=AcceptTransitGatewayVpcAttachment&Version=2016-11-15: + get: + x-aws-operation-name: AcceptTransitGatewayVpcAttachment + operationId: GET_AcceptTransitGatewayVpcAttachment + description:

Accepts a request to attach a VPC to a transit gateway.

The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use RejectTransitGatewayVpcAttachment to reject a VPC attachment request.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptTransitGatewayVpcAttachmentResult' + parameters: + - name: TransitGatewayAttachmentId + in: query + required: true + description: The ID of the attachment. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AcceptTransitGatewayVpcAttachment + operationId: POST_AcceptTransitGatewayVpcAttachment + description:

Accepts a request to attach a VPC to a transit gateway.

The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use RejectTransitGatewayVpcAttachment to reject a VPC attachment request.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptTransitGatewayVpcAttachmentResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptTransitGatewayVpcAttachmentRequest' + parameters: [] + /?Action=AcceptVpcEndpointConnections&Version=2016-11-15: + get: + x-aws-operation-name: AcceptVpcEndpointConnections + operationId: GET_AcceptVpcEndpointConnections + description: Accepts one or more interface VPC endpoint connection requests to your VPC endpoint service. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptVpcEndpointConnectionsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ServiceId + in: query + required: true + description: The ID of the VPC endpoint service. + schema: + type: string + - name: VpcEndpointId + in: query + required: true + description: The IDs of one or more interface VPC endpoints. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcEndpointId' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AcceptVpcEndpointConnections + operationId: POST_AcceptVpcEndpointConnections + description: Accepts one or more interface VPC endpoint connection requests to your VPC endpoint service. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptVpcEndpointConnectionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptVpcEndpointConnectionsRequest' + parameters: [] + /?Action=AcceptVpcPeeringConnection&Version=2016-11-15: + get: + x-aws-operation-name: AcceptVpcPeeringConnection + operationId: GET_AcceptVpcPeeringConnection + description: '

Accept a VPC peering connection request. To accept a request, the VPC peering connection must be in the pending-acceptance state, and you must be the owner of the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding VPC peering connection requests.

For an inter-Region VPC peering connection request, you must accept the VPC peering connection in the Region of the accepter VPC.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptVpcPeeringConnectionResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcPeeringConnectionId + in: query + required: false + description: The ID of the VPC peering connection. You must specify this parameter in the request. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AcceptVpcPeeringConnection + operationId: POST_AcceptVpcPeeringConnection + description: '

Accept a VPC peering connection request. To accept a request, the VPC peering connection must be in the pending-acceptance state, and you must be the owner of the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding VPC peering connection requests.

For an inter-Region VPC peering connection request, you must accept the VPC peering connection in the Region of the accepter VPC.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptVpcPeeringConnectionResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AcceptVpcPeeringConnectionRequest' + parameters: [] + /?Action=AdvertiseByoipCidr&Version=2016-11-15: + get: + x-aws-operation-name: AdvertiseByoipCidr + operationId: GET_AdvertiseByoipCidr + description: '

Advertises an IPv4 or IPv6 address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).

You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.

We recommend that you stop advertising the BYOIP CIDR from other locations when you advertise it from Amazon Web Services. To minimize down time, you can configure your Amazon Web Services resources to use an address from a BYOIP CIDR before it is advertised, and then simultaneously stop advertising it from the current location and start advertising it through Amazon Web Services.

It can take a few minutes before traffic to the specified addresses starts routing to Amazon Web Services because of BGP propagation delays.

To stop advertising the BYOIP CIDR, use WithdrawByoipCidr.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AdvertiseByoipCidrResult' + parameters: + - name: Cidr + in: query + required: true + description: 'The address range, in CIDR notation. This must be the exact range that you provisioned. You can''t advertise only a portion of the provisioned range.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AdvertiseByoipCidr + operationId: POST_AdvertiseByoipCidr + description: '

Advertises an IPv4 or IPv6 address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).

You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.

We recommend that you stop advertising the BYOIP CIDR from other locations when you advertise it from Amazon Web Services. To minimize down time, you can configure your Amazon Web Services resources to use an address from a BYOIP CIDR before it is advertised, and then simultaneously stop advertising it from the current location and start advertising it through Amazon Web Services.

It can take a few minutes before traffic to the specified addresses starts routing to Amazon Web Services because of BGP propagation delays.

To stop advertising the BYOIP CIDR, use WithdrawByoipCidr.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AdvertiseByoipCidrResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AdvertiseByoipCidrRequest' + parameters: [] + /?Action=AllocateAddress&Version=2016-11-15: + get: + x-aws-operation-name: AllocateAddress + operationId: GET_AllocateAddress + description: '

Allocates an Elastic IP address to your Amazon Web Services account. After you allocate the Elastic IP address you can associate it with an instance or network interface. After you release an Elastic IP address, it is released to the IP address pool and can be allocated to a different Amazon Web Services account.

You can allocate an Elastic IP address from an address pool owned by Amazon Web Services or from an address pool created from a public IPv4 address range that you have brought to Amazon Web Services for use with your Amazon Web Services resources using bring your own IP addresses (BYOIP). For more information, see Bring Your Own IP Addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide.

[EC2-VPC] If you release an Elastic IP address, you might be able to recover it. You cannot recover an Elastic IP address that you released after it is allocated to another Amazon Web Services account. You cannot recover an Elastic IP address for EC2-Classic. To attempt to recover an Elastic IP address that you released, specify it in this operation.

An Elastic IP address is for use either in the EC2-Classic platform or in a VPC. By default, you can allocate 5 Elastic IP addresses for EC2-Classic per Region and 5 Elastic IP addresses for EC2-VPC per Region.

For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

You can allocate a carrier IP address which is a public IP address from a telecommunication carrier, to a network interface which resides in a subnet in a Wavelength Zone (for example an EC2 instance).

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AllocateAddressResult' + parameters: + - name: Domain + in: query + required: false + description: '

Indicates whether the Elastic IP address is for use with instances in a VPC or instances in EC2-Classic.

Default: If the Region supports EC2-Classic, the default is standard. Otherwise, the default is vpc.

' + schema: + type: string + enum: + - vpc + - standard + - name: Address + in: query + required: false + description: '[EC2-VPC] The Elastic IP address to recover or an IPv4 address from an address pool.' + schema: + type: string + - name: PublicIpv4Pool + in: query + required: false + description: 'The ID of an address pool that you own. Use this parameter to let Amazon EC2 select an address from the address pool. To specify a specific address from the address pool, use the Address parameter instead.' + schema: + type: string + - name: NetworkBorderGroup + in: query + required: false + description: '

A unique set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses. Use this parameter to limit the IP address to this location. IP addresses cannot move between network border groups.

Use DescribeAvailabilityZones to view the network border groups.

You cannot use a network border group with EC2 Classic. If you attempt this operation on EC2 Classic, you receive an InvalidParameterCombination error.

' + schema: + type: string + - name: CustomerOwnedIpv4Pool + in: query + required: false + description: 'The ID of a customer-owned address pool. Use this parameter to let Amazon EC2 select an address from the address pool. Alternatively, specify a specific address from the address pool.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: TagSpecification + in: query + required: false + description: The tags to assign to the Elastic IP address. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AllocateAddress + operationId: POST_AllocateAddress + description: '

Allocates an Elastic IP address to your Amazon Web Services account. After you allocate the Elastic IP address you can associate it with an instance or network interface. After you release an Elastic IP address, it is released to the IP address pool and can be allocated to a different Amazon Web Services account.

You can allocate an Elastic IP address from an address pool owned by Amazon Web Services or from an address pool created from a public IPv4 address range that you have brought to Amazon Web Services for use with your Amazon Web Services resources using bring your own IP addresses (BYOIP). For more information, see Bring Your Own IP Addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide.

[EC2-VPC] If you release an Elastic IP address, you might be able to recover it. You cannot recover an Elastic IP address that you released after it is allocated to another Amazon Web Services account. You cannot recover an Elastic IP address for EC2-Classic. To attempt to recover an Elastic IP address that you released, specify it in this operation.

An Elastic IP address is for use either in the EC2-Classic platform or in a VPC. By default, you can allocate 5 Elastic IP addresses for EC2-Classic per Region and 5 Elastic IP addresses for EC2-VPC per Region.

For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

You can allocate a carrier IP address which is a public IP address from a telecommunication carrier, to a network interface which resides in a subnet in a Wavelength Zone (for example an EC2 instance).

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AllocateAddressResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AllocateAddressRequest' + parameters: [] + /?Action=AllocateHosts&Version=2016-11-15: + get: + x-aws-operation-name: AllocateHosts + operationId: GET_AllocateHosts + description: 'Allocates a Dedicated Host to your account. At a minimum, specify the supported instance type or instance family, the Availability Zone in which to allocate the host, and the number of hosts to allocate.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AllocateHostsResult' + parameters: + - name: AutoPlacement + in: query + required: false + description: '

Indicates whether the host accepts any untargeted instance launches that match its instance type configuration, or if it only accepts Host tenancy instance launches that specify its unique host ID. For more information, see Understanding auto-placement and affinity in the Amazon EC2 User Guide.

Default: on

' + schema: + type: string + enum: + - 'on' + - 'off' + - name: AvailabilityZone + in: query + required: true + description: The Availability Zone in which to allocate the Dedicated Host. + schema: + type: string + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' + schema: + type: string + - name: InstanceType + in: query + required: false + description: '

Specifies the instance type to be supported by the Dedicated Hosts. If you specify an instance type, the Dedicated Hosts support instances of the specified instance type only.

If you want the Dedicated Hosts to support multiple instance types in a specific instance family, omit this parameter and specify InstanceFamily instead. You cannot specify InstanceType and InstanceFamily in the same request.

' + schema: + type: string + - name: InstanceFamily + in: query + required: false + description: '

Specifies the instance family to be supported by the Dedicated Hosts. If you specify an instance family, the Dedicated Hosts support multiple instance types within that instance family.

If you want the Dedicated Hosts to support a specific instance type only, omit this parameter and specify InstanceType instead. You cannot specify InstanceFamily and InstanceType in the same request.

' + schema: + type: string + - name: Quantity + in: query + required: true + description: The number of Dedicated Hosts to allocate to your account with these parameters. + schema: + type: integer + - name: TagSpecification + in: query + required: false + description: The tags to apply to the Dedicated Host during creation. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: HostRecovery + in: query + required: false + description: '

Indicates whether to enable or disable host recovery for the Dedicated Host. Host recovery is disabled by default. For more information, see Host recovery in the Amazon EC2 User Guide.

Default: off

' + schema: + type: string + enum: + - 'on' + - 'off' + - name: OutpostArn + in: query + required: false + description: The Amazon Resource Name (ARN) of the Amazon Web Services Outpost on which to allocate the Dedicated Host. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AllocateHosts + operationId: POST_AllocateHosts + description: 'Allocates a Dedicated Host to your account. At a minimum, specify the supported instance type or instance family, the Availability Zone in which to allocate the host, and the number of hosts to allocate.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AllocateHostsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AllocateHostsRequest' + parameters: [] + /?Action=AllocateIpamPoolCidr&Version=2016-11-15: + get: + x-aws-operation-name: AllocateIpamPoolCidr + operationId: GET_AllocateIpamPoolCidr + description: 'Allocate a CIDR from an IPAM pool. In IPAM, an allocation is a CIDR assignment from an IPAM pool to another resource or IPAM pool. For more information, see Allocate CIDRs in the Amazon VPC IPAM User Guide. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AllocateIpamPoolCidrResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IpamPoolId + in: query + required: true + description: The ID of the IPAM pool from which you would like to allocate a CIDR. + schema: + type: string + - name: Cidr + in: query + required: false + description: '

The CIDR you would like to allocate from the IPAM pool. Note the following:

  • If there is no DefaultNetmaskLength allocation rule set on the pool, you must specify either the NetmaskLength or the CIDR.

  • If the DefaultNetmaskLength allocation rule is set on the pool, you can specify either the NetmaskLength or the CIDR and the DefaultNetmaskLength allocation rule will be ignored.

Possible values: Any available IPv4 or IPv6 CIDR.

' + schema: + type: string + - name: NetmaskLength + in: query + required: false + description: '

The netmask length of the CIDR you would like to allocate from the IPAM pool. Note the following:

  • If there is no DefaultNetmaskLength allocation rule set on the pool, you must specify either the NetmaskLength or the CIDR.

  • If the DefaultNetmaskLength allocation rule is set on the pool, you can specify either the NetmaskLength or the CIDR and the DefaultNetmaskLength allocation rule will be ignored.

Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.

' + schema: + type: integer + - name: ClientToken + in: query + required: false + description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' + schema: + type: string + - name: Description + in: query + required: false + description: A description for the allocation. + schema: + type: string + - name: PreviewNextCidr + in: query + required: false + description: A preview of the next available CIDR in a pool. + schema: + type: boolean + - name: DisallowedCidr + in: query + required: false + description: Exclude a particular CIDR range from being returned by the pool. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AllocateIpamPoolCidr + operationId: POST_AllocateIpamPoolCidr + description: 'Allocate a CIDR from an IPAM pool. In IPAM, an allocation is a CIDR assignment from an IPAM pool to another resource or IPAM pool. For more information, see Allocate CIDRs in the Amazon VPC IPAM User Guide. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AllocateIpamPoolCidrResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AllocateIpamPoolCidrRequest' + parameters: [] + /?Action=ApplySecurityGroupsToClientVpnTargetNetwork&Version=2016-11-15: + get: + x-aws-operation-name: ApplySecurityGroupsToClientVpnTargetNetwork + operationId: GET_ApplySecurityGroupsToClientVpnTargetNetwork + description: Applies a security group to the association between the target network and the Client VPN endpoint. This action replaces the existing security groups with the specified security groups. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ApplySecurityGroupsToClientVpnTargetNetworkResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint. + schema: + type: string + - name: VpcId + in: query + required: true + description: The ID of the VPC in which the associated target network is located. + schema: + type: string + - name: SecurityGroupId + in: query + required: true + description: The IDs of the security groups to apply to the associated target network. Up to 5 security groups can be applied to an associated target network. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ApplySecurityGroupsToClientVpnTargetNetwork + operationId: POST_ApplySecurityGroupsToClientVpnTargetNetwork + description: Applies a security group to the association between the target network and the Client VPN endpoint. This action replaces the existing security groups with the specified security groups. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ApplySecurityGroupsToClientVpnTargetNetworkResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ApplySecurityGroupsToClientVpnTargetNetworkRequest' + parameters: [] + /?Action=AssignIpv6Addresses&Version=2016-11-15: + get: + x-aws-operation-name: AssignIpv6Addresses + operationId: GET_AssignIpv6Addresses + description: '

Assigns one or more IPv6 addresses to the specified network interface. You can specify one or more specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from within the subnet''s IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies per instance type. For information, see IP Addresses Per Network Interface Per Instance Type in the Amazon Elastic Compute Cloud User Guide.

You must specify either the IPv6 addresses or the IPv6 address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPV6 Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssignIpv6AddressesResult' + parameters: + - name: Ipv6AddressCount + in: query + required: false + description: The number of additional IPv6 addresses to assign to the network interface. The specified number of IPv6 addresses are assigned in addition to the existing IPv6 addresses that are already assigned to the network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. You can't use this option if specifying specific IPv6 addresses. + schema: + type: integer + - name: Ipv6Addresses + in: query + required: false + description: One or more specific IPv6 addresses to be assigned to the network interface. You can't use this option if you're specifying a number of IPv6 addresses. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: Ipv6PrefixCount + in: query + required: false + description: The number of IPv6 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv6Prefixes option. + schema: + type: integer + - name: Ipv6Prefix + in: query + required: false + description: One or more IPv6 prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: NetworkInterfaceId + in: query + required: true + description: The ID of the network interface. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AssignIpv6Addresses + operationId: POST_AssignIpv6Addresses + description: '

Assigns one or more IPv6 addresses to the specified network interface. You can specify one or more specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from within the subnet''s IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies per instance type. For information, see IP Addresses Per Network Interface Per Instance Type in the Amazon Elastic Compute Cloud User Guide.

You must specify either the IPv6 addresses or the IPv6 address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPV6 Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssignIpv6AddressesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AssignIpv6AddressesRequest' + parameters: [] + /?Action=AssignPrivateIpAddresses&Version=2016-11-15: + get: + x-aws-operation-name: AssignPrivateIpAddresses + operationId: GET_AssignPrivateIpAddresses + description: '

Assigns one or more secondary private IP addresses to the specified network interface.

You can specify one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses to be automatically assigned within the subnet''s CIDR block range. The number of secondary IP addresses that you can assign to an instance varies by instance type. For information about instance types, see Instance Types in the Amazon Elastic Compute Cloud User Guide. For more information about Elastic IP addresses, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

When you move a secondary private IP address to another network interface, any Elastic IP address that is associated with the IP address is also moved.

Remapping an IP address is an asynchronous operation. When you move an IP address from one network interface to another, check network/interfaces/macs/mac/local-ipv4s in the instance metadata to confirm that the remapping is complete.

You must specify either the IP addresses or the IP address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPv4 Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssignPrivateIpAddressesResult' + parameters: + - name: AllowReassignment + in: query + required: false + description: Indicates whether to allow an IP address that is already assigned to another network interface or instance to be reassigned to the specified network interface. + schema: + type: boolean + - name: NetworkInterfaceId + in: query + required: true + description: The ID of the network interface. + schema: + type: string + - name: PrivateIpAddress + in: query + required: false + description: '

One or more IP addresses to be assigned as a secondary private IP address to the network interface. You can''t specify this parameter when also specifying a number of secondary IP addresses.

If you don''t specify an IP address, Amazon EC2 automatically selects an IP address within the subnet range.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: PrivateIpAddress + - name: SecondaryPrivateIpAddressCount + in: query + required: false + description: The number of secondary IP addresses to assign to the network interface. You can't specify this parameter when also specifying private IP addresses. + schema: + type: integer + - name: Ipv4Prefix + in: query + required: false + description: One or more IPv4 prefixes assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: Ipv4PrefixCount + in: query + required: false + description: The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option. + schema: + type: integer + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AssignPrivateIpAddresses + operationId: POST_AssignPrivateIpAddresses + description: '

Assigns one or more secondary private IP addresses to the specified network interface.

You can specify one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses to be automatically assigned within the subnet''s CIDR block range. The number of secondary IP addresses that you can assign to an instance varies by instance type. For information about instance types, see Instance Types in the Amazon Elastic Compute Cloud User Guide. For more information about Elastic IP addresses, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

When you move a secondary private IP address to another network interface, any Elastic IP address that is associated with the IP address is also moved.

Remapping an IP address is an asynchronous operation. When you move an IP address from one network interface to another, check network/interfaces/macs/mac/local-ipv4s in the instance metadata to confirm that the remapping is complete.

You must specify either the IP addresses or the IP address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPv4 Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssignPrivateIpAddressesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AssignPrivateIpAddressesRequest' + parameters: [] + /?Action=AssociateAddress&Version=2016-11-15: + get: + x-aws-operation-name: AssociateAddress + operationId: GET_AssociateAddress + description: '

Associates an Elastic IP address, or carrier IP address (for instances that are in subnets in Wavelength Zones) with an instance or a network interface. Before you can use an Elastic IP address, you must allocate it to your account.

An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

[EC2-Classic, VPC in an EC2-VPC-only account] If the Elastic IP address is already associated with a different instance, it is disassociated from that instance and associated with the specified instance. If you associate an Elastic IP address with an instance that has an existing Elastic IP address, the existing address is disassociated from the instance, but remains allocated to your account.

[VPC in an EC2-Classic account] If you don''t specify a private IP address, the Elastic IP address is associated with the primary IP address. If the Elastic IP address is already associated with a different instance or a network interface, you get an error unless you allow reassociation. You cannot associate an Elastic IP address with an instance or network interface that has an existing Elastic IP address.

[Subnets in Wavelength Zones] You can associate an IP address from the telecommunication carrier to the instance or network interface.

You cannot associate an Elastic IP address with an interface in a different network border group.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn''t return an error, and you may be charged for each time the Elastic IP address is remapped to the same instance. For more information, see the Elastic IP Addresses section of Amazon EC2 Pricing.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateAddressResult' + parameters: + - name: AllocationId + in: query + required: false + description: '[EC2-VPC] The allocation ID. This is required for EC2-VPC.' + schema: + type: string + - name: InstanceId + in: query + required: false + description: 'The ID of the instance. The instance must have exactly one attached network interface. For EC2-VPC, you can specify either the instance ID or the network interface ID, but not both. For EC2-Classic, you must specify an instance ID and the instance must be in the running state.' + schema: + type: string + - name: PublicIp + in: query + required: false + description: '[EC2-Classic] The Elastic IP address to associate with the instance. This is required for EC2-Classic.' + schema: + type: string + - name: AllowReassociation + in: query + required: false + description: '[EC2-VPC] For a VPC in an EC2-Classic account, specify true to allow an Elastic IP address that is already associated with an instance or network interface to be reassociated with the specified instance or network interface. Otherwise, the operation fails. In a VPC in an EC2-VPC-only account, reassociation is automatic, therefore you can specify false to ensure the operation fails if the Elastic IP address is already associated with another resource.' + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NetworkInterfaceId + in: query + required: false + description: '

[EC2-VPC] The ID of the network interface. If the instance has more than one network interface, you must specify a network interface ID.

For EC2-VPC, you can specify either the instance ID or the network interface ID, but not both.

' + schema: + type: string + - name: PrivateIpAddress + in: query + required: false + description: '[EC2-VPC] The primary or secondary private IP address to associate with the Elastic IP address. If no private IP address is specified, the Elastic IP address is associated with the primary private IP address.' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AssociateAddress + operationId: POST_AssociateAddress + description: '

Associates an Elastic IP address, or carrier IP address (for instances that are in subnets in Wavelength Zones) with an instance or a network interface. Before you can use an Elastic IP address, you must allocate it to your account.

An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

[EC2-Classic, VPC in an EC2-VPC-only account] If the Elastic IP address is already associated with a different instance, it is disassociated from that instance and associated with the specified instance. If you associate an Elastic IP address with an instance that has an existing Elastic IP address, the existing address is disassociated from the instance, but remains allocated to your account.

[VPC in an EC2-Classic account] If you don''t specify a private IP address, the Elastic IP address is associated with the primary IP address. If the Elastic IP address is already associated with a different instance or a network interface, you get an error unless you allow reassociation. You cannot associate an Elastic IP address with an instance or network interface that has an existing Elastic IP address.

[Subnets in Wavelength Zones] You can associate an IP address from the telecommunication carrier to the instance or network interface.

You cannot associate an Elastic IP address with an interface in a different network border group.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn''t return an error, and you may be charged for each time the Elastic IP address is remapped to the same instance. For more information, see the Elastic IP Addresses section of Amazon EC2 Pricing.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateAddressResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateAddressRequest' + parameters: [] + /?Action=AssociateClientVpnTargetNetwork&Version=2016-11-15: + get: + x-aws-operation-name: AssociateClientVpnTargetNetwork + operationId: GET_AssociateClientVpnTargetNetwork + description: '

Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.

If you specified a VPC when you created the Client VPN endpoint or if you have previous subnet associations, the specified subnet must be in the same VPC. To specify a subnet that''s in a different VPC, you must first modify the Client VPN endpoint (ModifyClientVpnEndpoint) and change the VPC that''s associated with it.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateClientVpnTargetNetworkResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint. + schema: + type: string + - name: SubnetId + in: query + required: true + description: The ID of the subnet to associate with the Client VPN endpoint. + schema: + type: string + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AssociateClientVpnTargetNetwork + operationId: POST_AssociateClientVpnTargetNetwork + description: '

Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.

If you specified a VPC when you created the Client VPN endpoint or if you have previous subnet associations, the specified subnet must be in the same VPC. To specify a subnet that''s in a different VPC, you must first modify the Client VPN endpoint (ModifyClientVpnEndpoint) and change the VPC that''s associated with it.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateClientVpnTargetNetworkResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateClientVpnTargetNetworkRequest' + parameters: [] + /?Action=AssociateDhcpOptions&Version=2016-11-15: + get: + x-aws-operation-name: AssociateDhcpOptions + operationId: GET_AssociateDhcpOptions + description: '

Associates a set of DHCP options (that you''ve previously created) with the specified VPC, or associates no DHCP options with the VPC.

After you associate the options with the VPC, any existing instances and all new instances that you launch in that VPC use the options. You don''t need to restart or relaunch the instances. They automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease using the operating system on the instance.

For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + parameters: + - name: DhcpOptionsId + in: query + required: true + description: 'The ID of the DHCP options set, or default to associate no DHCP options with the VPC.' + schema: + type: string + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AssociateDhcpOptions + operationId: POST_AssociateDhcpOptions + description: '

Associates a set of DHCP options (that you''ve previously created) with the specified VPC, or associates no DHCP options with the VPC.

After you associate the options with the VPC, any existing instances and all new instances that you launch in that VPC use the options. You don''t need to restart or relaunch the instances. They automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease using the operating system on the instance.

For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateDhcpOptionsRequest' + parameters: [] + /?Action=AssociateEnclaveCertificateIamRole&Version=2016-11-15: + get: + x-aws-operation-name: AssociateEnclaveCertificateIamRole + operationId: GET_AssociateEnclaveCertificateIamRole + description: '

Associates an Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the Amazon Web Services Nitro Enclaves User Guide.

When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 bucket that only the associated IAM role can access. The private key of the certificate is encrypted with an Amazon Web Services managed key that has an attached attestation-based key policy.

To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the Amazon Web Services Nitro Enclaves User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateEnclaveCertificateIamRoleResult' + parameters: + - name: CertificateArn + in: query + required: false + description: The ARN of the ACM certificate with which to associate the IAM role. + schema: + type: string + minLength: 1 + maxLength: 1283 + - name: RoleArn + in: query + required: false + description: The ARN of the IAM role to associate with the ACM certificate. You can associate up to 16 IAM roles with an ACM certificate. + schema: + type: string + minLength: 1 + maxLength: 1283 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AssociateEnclaveCertificateIamRole + operationId: POST_AssociateEnclaveCertificateIamRole + description: '

Associates an Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the Amazon Web Services Nitro Enclaves User Guide.

When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 bucket that only the associated IAM role can access. The private key of the certificate is encrypted with an Amazon Web Services managed key that has an attached attestation-based key policy.

To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the Amazon Web Services Nitro Enclaves User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateEnclaveCertificateIamRoleResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateEnclaveCertificateIamRoleRequest' + parameters: [] + /?Action=AssociateIamInstanceProfile&Version=2016-11-15: + get: + x-aws-operation-name: AssociateIamInstanceProfile + operationId: GET_AssociateIamInstanceProfile + description: Associates an IAM instance profile with a running or stopped instance. You cannot associate more than one IAM instance profile with an instance. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateIamInstanceProfileResult' + parameters: + - name: IamInstanceProfile + in: query + required: true + description: The IAM instance profile. + schema: + type: object + properties: + arn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the instance profile. + name: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the instance profile. + description: Describes an IAM instance profile. + - name: InstanceId + in: query + required: true + description: The ID of the instance. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AssociateIamInstanceProfile + operationId: POST_AssociateIamInstanceProfile + description: Associates an IAM instance profile with a running or stopped instance. You cannot associate more than one IAM instance profile with an instance. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateIamInstanceProfileResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateIamInstanceProfileRequest' + parameters: [] + /?Action=AssociateInstanceEventWindow&Version=2016-11-15: + get: + x-aws-operation-name: AssociateInstanceEventWindow + operationId: GET_AssociateInstanceEventWindow + description: '

Associates one or more targets with an event window. Only one type of target (instance IDs, Dedicated Host IDs, or tags) can be specified with an event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateInstanceEventWindowResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceEventWindowId + in: query + required: true + description: The ID of the event window. + schema: + type: string + - name: AssociationTarget + in: query + required: true + description: One or more targets associated with the specified event window. + schema: + type: object + properties: + InstanceId: + allOf: + - $ref: '#/components/schemas/InstanceIdList' + - description: 'The IDs of the instances to associate with the event window. If the instance is on a Dedicated Host, you can''t specify the Instance ID parameter; you must use the Dedicated Host ID parameter.' + InstanceTag: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The instance tags to associate with the event window. Any instances associated with the tags will be associated with the event window. + DedicatedHostId: + allOf: + - $ref: '#/components/schemas/DedicatedHostIdList' + - description: The IDs of the Dedicated Hosts to associate with the event window. + description: 'One or more targets associated with the specified event window. Only one type of target (instance ID, instance tag, or Dedicated Host ID) can be associated with an event window.' + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AssociateInstanceEventWindow + operationId: POST_AssociateInstanceEventWindow + description: '

Associates one or more targets with an event window. Only one type of target (instance IDs, Dedicated Host IDs, or tags) can be specified with an event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateInstanceEventWindowResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateInstanceEventWindowRequest' + parameters: [] + /?Action=AssociateRouteTable&Version=2016-11-15: + get: + x-aws-operation-name: AssociateRouteTable + operationId: GET_AssociateRouteTable + description: '

Associates a subnet in your VPC or an internet gateway or virtual private gateway attached to your VPC with a route table in your VPC. This association causes traffic from the subnet or gateway to be routed according to the routes in the route table. The action returns an association ID, which you need in order to disassociate the route table later. A route table can be associated with multiple subnets.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateRouteTableResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: RouteTableId + in: query + required: true + description: The ID of the route table. + schema: + type: string + - name: SubnetId + in: query + required: false + description: The ID of the subnet. + schema: + type: string + - name: GatewayId + in: query + required: false + description: The ID of the internet gateway or virtual private gateway. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AssociateRouteTable + operationId: POST_AssociateRouteTable + description: '

Associates a subnet in your VPC or an internet gateway or virtual private gateway attached to your VPC with a route table in your VPC. This association causes traffic from the subnet or gateway to be routed according to the routes in the route table. The action returns an association ID, which you need in order to disassociate the route table later. A route table can be associated with multiple subnets.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateRouteTableResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateRouteTableRequest' + parameters: [] + /?Action=AssociateSubnetCidrBlock&Version=2016-11-15: + get: + x-aws-operation-name: AssociateSubnetCidrBlock + operationId: GET_AssociateSubnetCidrBlock + description: Associates a CIDR block with your subnet. You can only associate a single IPv6 CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of /64. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateSubnetCidrBlockResult' + parameters: + - name: Ipv6CidrBlock + in: query + required: true + description: The IPv6 CIDR block for your subnet. The subnet must have a /64 prefix length. + schema: + type: string + - name: SubnetId + in: query + required: true + description: The ID of your subnet. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AssociateSubnetCidrBlock + operationId: POST_AssociateSubnetCidrBlock + description: Associates a CIDR block with your subnet. You can only associate a single IPv6 CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of /64. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateSubnetCidrBlockResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateSubnetCidrBlockRequest' + parameters: [] + /?Action=AssociateTransitGatewayMulticastDomain&Version=2016-11-15: + get: + x-aws-operation-name: AssociateTransitGatewayMulticastDomain + operationId: GET_AssociateTransitGatewayMulticastDomain + description: '

Associates the specified subnets and transit gateway attachments with the specified transit gateway multicast domain.

The transit gateway attachment must be in the available state before you can add a resource. Use DescribeTransitGatewayAttachments to see the state of the attachment.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateTransitGatewayMulticastDomainResult' + parameters: + - name: TransitGatewayMulticastDomainId + in: query + required: false + description: The ID of the transit gateway multicast domain. + schema: + type: string + - name: TransitGatewayAttachmentId + in: query + required: false + description: The ID of the transit gateway attachment to associate with the transit gateway multicast domain. + schema: + type: string + - name: SubnetIds + in: query + required: false + description: The IDs of the subnets to associate with the transit gateway multicast domain. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SubnetId' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AssociateTransitGatewayMulticastDomain + operationId: POST_AssociateTransitGatewayMulticastDomain + description: '

Associates the specified subnets and transit gateway attachments with the specified transit gateway multicast domain.

The transit gateway attachment must be in the available state before you can add a resource. Use DescribeTransitGatewayAttachments to see the state of the attachment.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateTransitGatewayMulticastDomainResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateTransitGatewayMulticastDomainRequest' + parameters: [] + /?Action=AssociateTransitGatewayRouteTable&Version=2016-11-15: + get: + x-aws-operation-name: AssociateTransitGatewayRouteTable + operationId: GET_AssociateTransitGatewayRouteTable + description: Associates the specified attachment with the specified transit gateway route table. You can associate only one route table with an attachment. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateTransitGatewayRouteTableResult' + parameters: + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the transit gateway route table. + schema: + type: string + - name: TransitGatewayAttachmentId + in: query + required: true + description: The ID of the attachment. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AssociateTransitGatewayRouteTable + operationId: POST_AssociateTransitGatewayRouteTable + description: Associates the specified attachment with the specified transit gateway route table. You can associate only one route table with an attachment. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateTransitGatewayRouteTableResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateTransitGatewayRouteTableRequest' + parameters: [] + /?Action=AssociateTrunkInterface&Version=2016-11-15: + get: + x-aws-operation-name: AssociateTrunkInterface + operationId: GET_AssociateTrunkInterface + description: '

This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.

Associates a branch network interface with a trunk network interface.

Before you create the association, run the create-network-interface command and set --interface-type to trunk. You must also create a network interface for each branch network interface that you want to associate with the trunk network interface.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateTrunkInterfaceResult' + parameters: + - name: BranchInterfaceId + in: query + required: true + description: The ID of the branch network interface. + schema: + type: string + - name: TrunkInterfaceId + in: query + required: true + description: The ID of the trunk network interface. + schema: + type: string + - name: VlanId + in: query + required: false + description: The ID of the VLAN. This applies to the VLAN protocol. + schema: + type: integer + - name: GreKey + in: query + required: false + description: The application key. This applies to the GRE protocol. + schema: + type: integer + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AssociateTrunkInterface + operationId: POST_AssociateTrunkInterface + description: '

This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.

Associates a branch network interface with a trunk network interface.

Before you create the association, run the create-network-interface command and set --interface-type to trunk. You must also create a network interface for each branch network interface that you want to associate with the trunk network interface.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateTrunkInterfaceResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateTrunkInterfaceRequest' + parameters: [] + /?Action=AssociateVpcCidrBlock&Version=2016-11-15: + get: + x-aws-operation-name: AssociateVpcCidrBlock + operationId: GET_AssociateVpcCidrBlock + description: '

Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP). The IPv6 CIDR block size is fixed at /56.

You must specify one of the following in the request: an IPv4 CIDR block, an IPv6 pool, or an Amazon-provided IPv6 CIDR block.

For more information about associating CIDR blocks with your VPC and applicable restrictions, see VPC and subnet sizing in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateVpcCidrBlockResult' + parameters: + - name: AmazonProvidedIpv6CidrBlock + in: query + required: false + description: 'Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses, or the size of the CIDR block.' + schema: + type: boolean + - name: CidrBlock + in: query + required: false + description: An IPv4 CIDR block to associate with the VPC. + schema: + type: string + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + - name: Ipv6CidrBlockNetworkBorderGroup + in: query + required: false + description:

The name of the location from which we advertise the IPV6 CIDR block. Use this parameter to limit the CIDR block to this location.

You must set AmazonProvidedIpv6CidrBlock to true to use this parameter.

You can have one IPv6 CIDR block association per network border group.

+ schema: + type: string + - name: Ipv6Pool + in: query + required: false + description: The ID of an IPv6 address pool from which to allocate the IPv6 CIDR block. + schema: + type: string + - name: Ipv6CidrBlock + in: query + required: false + description: '

An IPv6 CIDR block from the IPv6 address pool. You must also specify Ipv6Pool in the request.

To let Amazon choose the IPv6 CIDR block for you, omit this parameter.

' + schema: + type: string + - name: Ipv4IpamPoolId + in: query + required: false + description: 'Associate a CIDR allocated from an IPv4 IPAM pool to a VPC. For more information about Amazon VPC IP Address Manager (IPAM), see What is IPAM? in the Amazon VPC IPAM User Guide.' + schema: + type: string + - name: Ipv4NetmaskLength + in: query + required: false + description: 'The netmask length of the IPv4 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide. ' + schema: + type: integer + - name: Ipv6IpamPoolId + in: query + required: false + description: 'Associates a CIDR allocated from an IPv6 IPAM pool to a VPC. For more information about Amazon VPC IP Address Manager (IPAM), see What is IPAM? in the Amazon VPC IPAM User Guide.' + schema: + type: string + - name: Ipv6NetmaskLength + in: query + required: false + description: 'The netmask length of the IPv6 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide. ' + schema: + type: integer + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AssociateVpcCidrBlock + operationId: POST_AssociateVpcCidrBlock + description: '

Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP). The IPv6 CIDR block size is fixed at /56.

You must specify one of the following in the request: an IPv4 CIDR block, an IPv6 pool, or an Amazon-provided IPv6 CIDR block.

For more information about associating CIDR blocks with your VPC and applicable restrictions, see VPC and subnet sizing in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateVpcCidrBlockResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AssociateVpcCidrBlockRequest' + parameters: [] + /?Action=AttachClassicLinkVpc&Version=2016-11-15: + get: + x-aws-operation-name: AttachClassicLinkVpc + operationId: GET_AttachClassicLinkVpc + description: '

Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC''s security groups. You cannot link an EC2-Classic instance to more than one VPC at a time. You can only link an instance that''s in the running state. An instance is automatically unlinked from a VPC when it''s stopped - you can link it to the VPC again when you restart it.

After you''ve linked an instance, you cannot change the VPC security groups that are associated with it. To change the security groups, you must first unlink the instance, and then link it again.

Linking your instance to a VPC is sometimes referred to as attaching your instance.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AttachClassicLinkVpcResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: SecurityGroupId + in: query + required: true + description: The ID of one or more of the VPC's security groups. You cannot specify security groups from a different VPC. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: groupId + - name: InstanceId + in: query + required: true + description: The ID of an EC2-Classic instance to link to the ClassicLink-enabled VPC. + schema: + type: string + - name: VpcId + in: query + required: true + description: The ID of a ClassicLink-enabled VPC. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AttachClassicLinkVpc + operationId: POST_AttachClassicLinkVpc + description: '

Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC''s security groups. You cannot link an EC2-Classic instance to more than one VPC at a time. You can only link an instance that''s in the running state. An instance is automatically unlinked from a VPC when it''s stopped - you can link it to the VPC again when you restart it.

After you''ve linked an instance, you cannot change the VPC security groups that are associated with it. To change the security groups, you must first unlink the instance, and then link it again.

Linking your instance to a VPC is sometimes referred to as attaching your instance.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AttachClassicLinkVpcResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AttachClassicLinkVpcRequest' + parameters: [] + /?Action=AttachInternetGateway&Version=2016-11-15: + get: + x-aws-operation-name: AttachInternetGateway + operationId: GET_AttachInternetGateway + description: 'Attaches an internet gateway or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC. For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide.' + responses: + '200': + description: Success + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InternetGatewayId + in: query + required: true + description: The ID of the internet gateway. + schema: + type: string + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AttachInternetGateway + operationId: POST_AttachInternetGateway + description: 'Attaches an internet gateway or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC. For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide.' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AttachInternetGatewayRequest' + parameters: [] + /?Action=AttachNetworkInterface&Version=2016-11-15: + get: + x-aws-operation-name: AttachNetworkInterface + operationId: GET_AttachNetworkInterface + description: Attaches a network interface to an instance. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AttachNetworkInterfaceResult' + parameters: + - name: DeviceIndex + in: query + required: true + description: The index of the device for the network interface attachment. + schema: + type: integer + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceId + in: query + required: true + description: The ID of the instance. + schema: + type: string + - name: NetworkInterfaceId + in: query + required: true + description: The ID of the network interface. + schema: + type: string + - name: NetworkCardIndex + in: query + required: false + description: The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0. + schema: + type: integer + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AttachNetworkInterface + operationId: POST_AttachNetworkInterface + description: Attaches a network interface to an instance. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AttachNetworkInterfaceResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AttachNetworkInterfaceRequest' + parameters: [] + /?Action=AttachVolume&Version=2016-11-15: + get: + x-aws-operation-name: AttachVolume + operationId: GET_AttachVolume + description: '

Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.

Encrypted EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

After you attach an EBS volume, you must make it available. For more information, see Make an EBS volume available for use.

If a volume has an Amazon Web Services Marketplace product code:

  • The volume can be attached only to a stopped instance.

  • Amazon Web Services Marketplace product codes are copied from the volume to the instance.

  • You must be subscribed to the product.

  • The instance type and operating system of the instance must support the product. For example, you can''t detach a volume from a Windows instance and attach it to a Linux instance.

For more information, see Attach an Amazon EBS volume to an instance in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/VolumeAttachment' + parameters: + - name: Device + in: query + required: true + description: 'The device name (for example, /dev/sdh or xvdh).' + schema: + type: string + - name: InstanceId + in: query + required: true + description: The ID of the instance. + schema: + type: string + - name: VolumeId + in: query + required: true + description: The ID of the EBS volume. The volume and instance must be within the same Availability Zone. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AttachVolume + operationId: POST_AttachVolume + description: '

Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.

Encrypted EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

After you attach an EBS volume, you must make it available. For more information, see Make an EBS volume available for use.

If a volume has an Amazon Web Services Marketplace product code:

  • The volume can be attached only to a stopped instance.

  • Amazon Web Services Marketplace product codes are copied from the volume to the instance.

  • You must be subscribed to the product.

  • The instance type and operating system of the instance must support the product. For example, you can''t detach a volume from a Windows instance and attach it to a Linux instance.

For more information, see Attach an Amazon EBS volume to an instance in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/VolumeAttachment' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AttachVolumeRequest' + parameters: [] + /?Action=AttachVpnGateway&Version=2016-11-15: + get: + x-aws-operation-name: AttachVpnGateway + operationId: GET_AttachVpnGateway + description: '

Attaches a virtual private gateway to a VPC. You can attach one virtual private gateway to one VPC at a time.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AttachVpnGatewayResult' + parameters: + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + - name: VpnGatewayId + in: query + required: true + description: The ID of the virtual private gateway. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AttachVpnGateway + operationId: POST_AttachVpnGateway + description: '

Attaches a virtual private gateway to a VPC. You can attach one virtual private gateway to one VPC at a time.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AttachVpnGatewayResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AttachVpnGatewayRequest' + parameters: [] + /?Action=AuthorizeClientVpnIngress&Version=2016-11-15: + get: + x-aws-operation-name: AuthorizeClientVpnIngress + operationId: GET_AuthorizeClientVpnIngress + description: Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in Amazon Web Services or on-premises networks. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AuthorizeClientVpnIngressResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint. + schema: + type: string + - name: TargetNetworkCidr + in: query + required: true + description: 'The IPv4 address range, in CIDR notation, of the network for which access is being authorized.' + schema: + type: string + - name: AccessGroupId + in: query + required: false + description: 'The ID of the group to grant access to, for example, the Active Directory group or identity provider (IdP) group. Required if AuthorizeAllGroups is false or not specified.' + schema: + type: string + - name: AuthorizeAllGroups + in: query + required: false + description: Indicates whether to grant access to all clients. Specify true to grant all clients who successfully establish a VPN connection access to the network. Must be set to true if AccessGroupId is not specified. + schema: + type: boolean + - name: Description + in: query + required: false + description: A brief description of the authorization rule. + schema: + type: string + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AuthorizeClientVpnIngress + operationId: POST_AuthorizeClientVpnIngress + description: Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in Amazon Web Services or on-premises networks. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AuthorizeClientVpnIngressResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AuthorizeClientVpnIngressRequest' + parameters: [] + /?Action=AuthorizeSecurityGroupEgress&Version=2016-11-15: + get: + x-aws-operation-name: AuthorizeSecurityGroupEgress + operationId: GET_AuthorizeSecurityGroupEgress + description: '

[VPC only] Adds the specified outbound (egress) rules to a security group for use with a VPC.

An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances that are associated with the specified source security groups.

You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.

Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

For information about VPC security group quotas, see Amazon VPC quotas.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AuthorizeSecurityGroupEgressResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: GroupId + in: query + required: true + description: The ID of the security group. + schema: + type: string + - name: IpPermissions + in: query + required: false + description: The sets of IP permissions. You can't specify a destination security group and a CIDR IP address range in the same set of permissions. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpPermission' + - xml: + name: item + - name: TagSpecification + in: query + required: false + description: The tags applied to the security group rule. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: CidrIp + in: query + required: false + description: Not supported. Use a set of IP permissions to specify the CIDR. + schema: + type: string + - name: FromPort + in: query + required: false + description: Not supported. Use a set of IP permissions to specify the port. + schema: + type: integer + - name: IpProtocol + in: query + required: false + description: Not supported. Use a set of IP permissions to specify the protocol name or number. + schema: + type: string + - name: ToPort + in: query + required: false + description: Not supported. Use a set of IP permissions to specify the port. + schema: + type: integer + - name: SourceSecurityGroupName + in: query + required: false + description: Not supported. Use a set of IP permissions to specify a destination security group. + schema: + type: string + - name: SourceSecurityGroupOwnerId + in: query + required: false + description: Not supported. Use a set of IP permissions to specify a destination security group. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AuthorizeSecurityGroupEgress + operationId: POST_AuthorizeSecurityGroupEgress + description: '

[VPC only] Adds the specified outbound (egress) rules to a security group for use with a VPC.

An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances that are associated with the specified source security groups.

You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.

Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

For information about VPC security group quotas, see Amazon VPC quotas.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AuthorizeSecurityGroupEgressResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AuthorizeSecurityGroupEgressRequest' + parameters: [] + /?Action=AuthorizeSecurityGroupIngress&Version=2016-11-15: + get: + x-aws-operation-name: AuthorizeSecurityGroupIngress + operationId: GET_AuthorizeSecurityGroupIngress + description: '

Adds the specified inbound (ingress) rules to a security group.

An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances that are associated with the specified destination security groups.

You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

For more information about VPC security group quotas, see Amazon VPC quotas.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AuthorizeSecurityGroupIngressResult' + parameters: + - name: CidrIp + in: query + required: false + description: '

The IPv4 address range, in CIDR format. You can''t specify this parameter when specifying a source security group. To specify an IPv6 address range, use a set of IP permissions.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

' + schema: + type: string + - name: FromPort + in: query + required: false + description: '

The start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, use -1 to specify all types. If you specify all ICMP types, you must specify all codes.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

' + schema: + type: integer + - name: GroupId + in: query + required: false + description: 'The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.' + schema: + type: string + - name: GroupName + in: query + required: false + description: '[EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request.' + schema: + type: string + - name: IpPermissions + in: query + required: false + description: The sets of IP permissions. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpPermission' + - xml: + name: item + - name: IpProtocol + in: query + required: false + description: '

The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). To specify icmpv6, use a set of IP permissions.

[VPC only] Use -1 to specify all protocols. If you specify -1 or a protocol other than tcp, udp, or icmp, traffic on all ports is allowed, regardless of any ports you specify.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

' + schema: + type: string + - name: SourceSecurityGroupName + in: query + required: false + description: '[EC2-Classic, default VPC] The name of the source security group. You can''t specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. For EC2-VPC, the source security group must be in the same VPC.' + schema: + type: string + - name: SourceSecurityGroupOwnerId + in: query + required: false + description: '[nondefault VPC] The Amazon Web Services account ID for the source security group, if the source security group is in a different account. You can''t specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.' + schema: + type: string + - name: ToPort + in: query + required: false + description: '

The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all codes. If you specify all ICMP types, you must specify all codes.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

' + schema: + type: integer + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: TagSpecification + in: query + required: false + description: '[VPC Only] The tags applied to the security group rule.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: AuthorizeSecurityGroupIngress + operationId: POST_AuthorizeSecurityGroupIngress + description: '

Adds the specified inbound (ingress) rules to a security group.

An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances that are associated with the specified destination security groups.

You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

For more information about VPC security group quotas, see Amazon VPC quotas.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/AuthorizeSecurityGroupIngressResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AuthorizeSecurityGroupIngressRequest' + parameters: [] + /?Action=BundleInstance&Version=2016-11-15: + get: + x-aws-operation-name: BundleInstance + operationId: GET_BundleInstance + description: '

Bundles an Amazon instance store-backed Windows instance.

During bundling, only the root device volume (C:\) is bundled. Data on other instance store volumes is not preserved.

This action is not applicable for Linux/Unix instances or Windows instances that are backed by Amazon EBS.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/BundleInstanceResult' + parameters: + - name: InstanceId + in: query + required: true + description: '

The ID of the instance to bundle.

Type: String

Default: None

Required: Yes

' + schema: + type: string + - name: Storage + in: query + required: true + description: 'The bucket in which to store the AMI. You can specify a bucket that you already own or a new bucket that Amazon EC2 creates on your behalf. If you specify a bucket that belongs to someone else, Amazon EC2 returns an error.' + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/S3Storage' + - description: An Amazon S3 storage location. + description: Describes the storage location for an instance store-backed AMI. + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: BundleInstance + operationId: POST_BundleInstance + description: '

Bundles an Amazon instance store-backed Windows instance.

During bundling, only the root device volume (C:\) is bundled. Data on other instance store volumes is not preserved.

This action is not applicable for Linux/Unix instances or Windows instances that are backed by Amazon EBS.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/BundleInstanceResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/BundleInstanceRequest' + parameters: [] + /?Action=CancelBundleTask&Version=2016-11-15: + get: + x-aws-operation-name: CancelBundleTask + operationId: GET_CancelBundleTask + description: Cancels a bundling operation for an instance store-backed Windows instance. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelBundleTaskResult' + parameters: + - name: BundleId + in: query + required: true + description: The ID of the bundle task. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CancelBundleTask + operationId: POST_CancelBundleTask + description: Cancels a bundling operation for an instance store-backed Windows instance. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelBundleTaskResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelBundleTaskRequest' + parameters: [] + /?Action=CancelCapacityReservation&Version=2016-11-15: + get: + x-aws-operation-name: CancelCapacityReservation + operationId: GET_CancelCapacityReservation + description: '

Cancels the specified Capacity Reservation, releases the reserved capacity, and changes the Capacity Reservation''s state to cancelled.

Instances running in the reserved capacity continue running until you stop them. Stopped instances that target the Capacity Reservation can no longer launch. Modify these instances to either target a different Capacity Reservation, launch On-Demand Instance capacity, or run in any open Capacity Reservation that has matching attributes and sufficient capacity.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelCapacityReservationResult' + parameters: + - name: CapacityReservationId + in: query + required: true + description: The ID of the Capacity Reservation to be cancelled. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CancelCapacityReservation + operationId: POST_CancelCapacityReservation + description: '

Cancels the specified Capacity Reservation, releases the reserved capacity, and changes the Capacity Reservation''s state to cancelled.

Instances running in the reserved capacity continue running until you stop them. Stopped instances that target the Capacity Reservation can no longer launch. Modify these instances to either target a different Capacity Reservation, launch On-Demand Instance capacity, or run in any open Capacity Reservation that has matching attributes and sufficient capacity.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelCapacityReservationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelCapacityReservationRequest' + parameters: [] + /?Action=CancelCapacityReservationFleets&Version=2016-11-15: + get: + x-aws-operation-name: CancelCapacityReservationFleets + operationId: GET_CancelCapacityReservationFleets + description: '

Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity Reservation Fleet, the following happens:

  • The Capacity Reservation Fleet''s status changes to cancelled.

  • The individual Capacity Reservations in the Fleet are cancelled. Instances running in the Capacity Reservations at the time of cancelling the Fleet continue to run in shared capacity.

  • The Fleet stops creating new Capacity Reservations.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelCapacityReservationFleetsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: CapacityReservationFleetId + in: query + required: true + description: The IDs of the Capacity Reservation Fleets to cancel. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleetId' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CancelCapacityReservationFleets + operationId: POST_CancelCapacityReservationFleets + description: '

Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity Reservation Fleet, the following happens:

  • The Capacity Reservation Fleet''s status changes to cancelled.

  • The individual Capacity Reservations in the Fleet are cancelled. Instances running in the Capacity Reservations at the time of cancelling the Fleet continue to run in shared capacity.

  • The Fleet stops creating new Capacity Reservations.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelCapacityReservationFleetsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelCapacityReservationFleetsRequest' + parameters: [] + /?Action=CancelConversionTask&Version=2016-11-15: + get: + x-aws-operation-name: CancelConversionTask + operationId: GET_CancelConversionTask + description: '

Cancels an active conversion task. The task can be the import of an instance or volume. The action removes all artifacts of the conversion, including a partially uploaded volume or instance. If the conversion is complete or is in the process of transferring the final disk image, the command fails and returns an exception.

For more information, see Importing a Virtual Machine Using the Amazon EC2 CLI.

' + responses: + '200': + description: Success + parameters: + - name: ConversionTaskId + in: query + required: true + description: The ID of the conversion task. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ReasonMessage + in: query + required: false + description: The reason for canceling the conversion task. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CancelConversionTask + operationId: POST_CancelConversionTask + description: '

Cancels an active conversion task. The task can be the import of an instance or volume. The action removes all artifacts of the conversion, including a partially uploaded volume or instance. If the conversion is complete or is in the process of transferring the final disk image, the command fails and returns an exception.

For more information, see Importing a Virtual Machine Using the Amazon EC2 CLI.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelConversionRequest' + parameters: [] + /?Action=CancelExportTask&Version=2016-11-15: + get: + x-aws-operation-name: CancelExportTask + operationId: GET_CancelExportTask + description: 'Cancels an active export task. The request removes all artifacts of the export, including any partially-created Amazon S3 objects. If the export task is complete or is in the process of transferring the final disk image, the command fails and returns an error.' + responses: + '200': + description: Success + parameters: + - name: ExportTaskId + in: query + required: true + description: The ID of the export task. This is the ID returned by CreateInstanceExportTask. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CancelExportTask + operationId: POST_CancelExportTask + description: 'Cancels an active export task. The request removes all artifacts of the export, including any partially-created Amazon S3 objects. If the export task is complete or is in the process of transferring the final disk image, the command fails and returns an error.' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelExportTaskRequest' + parameters: [] + /?Action=CancelImportTask&Version=2016-11-15: + get: + x-aws-operation-name: CancelImportTask + operationId: GET_CancelImportTask + description: Cancels an in-process import virtual machine or import snapshot task. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelImportTaskResult' + parameters: + - name: CancelReason + in: query + required: false + description: The reason for canceling the task. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ImportTaskId + in: query + required: false + description: The ID of the import image or import snapshot task to be canceled. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CancelImportTask + operationId: POST_CancelImportTask + description: Cancels an in-process import virtual machine or import snapshot task. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelImportTaskResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelImportTaskRequest' + parameters: [] + /?Action=CancelReservedInstancesListing&Version=2016-11-15: + get: + x-aws-operation-name: CancelReservedInstancesListing + operationId: GET_CancelReservedInstancesListing + description: '

Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelReservedInstancesListingResult' + parameters: + - name: ReservedInstancesListingId + in: query + required: true + description: The ID of the Reserved Instance listing. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CancelReservedInstancesListing + operationId: POST_CancelReservedInstancesListing + description: '

Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelReservedInstancesListingResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelReservedInstancesListingRequest' + parameters: [] + /?Action=CancelSpotFleetRequests&Version=2016-11-15: + get: + x-aws-operation-name: CancelSpotFleetRequests + operationId: GET_CancelSpotFleetRequests + description: '

Cancels the specified Spot Fleet requests.

After you cancel a Spot Fleet request, the Spot Fleet launches no new Spot Instances. You must specify whether the Spot Fleet should also terminate its Spot Instances. If you terminate the instances, the Spot Fleet request enters the cancelled_terminating state. Otherwise, the Spot Fleet request enters the cancelled_running state and the instances continue to run until they are interrupted or you terminate them manually.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelSpotFleetRequestsResponse' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: SpotFleetRequestId + in: query + required: true + description: The IDs of the Spot Fleet requests. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SpotFleetRequestId' + - xml: + name: item + - name: TerminateInstances + in: query + required: true + description: Indicates whether to terminate instances for a Spot Fleet request if it is canceled successfully. + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CancelSpotFleetRequests + operationId: POST_CancelSpotFleetRequests + description: '

Cancels the specified Spot Fleet requests.

After you cancel a Spot Fleet request, the Spot Fleet launches no new Spot Instances. You must specify whether the Spot Fleet should also terminate its Spot Instances. If you terminate the instances, the Spot Fleet request enters the cancelled_terminating state. Otherwise, the Spot Fleet request enters the cancelled_running state and the instances continue to run until they are interrupted or you terminate them manually.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelSpotFleetRequestsResponse' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelSpotFleetRequestsRequest' + parameters: [] + /?Action=CancelSpotInstanceRequests&Version=2016-11-15: + get: + x-aws-operation-name: CancelSpotInstanceRequests + operationId: GET_CancelSpotInstanceRequests + description:

Cancels one or more Spot Instance requests.

Canceling a Spot Instance request does not terminate running Spot Instances associated with the request.

 + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelSpotInstanceRequestsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: SpotInstanceRequestId + in: query + required: true + description: One or more Spot Instance request IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SpotInstanceRequestId' + - xml: + name: SpotInstanceRequestId + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CancelSpotInstanceRequests + operationId: POST_CancelSpotInstanceRequests + description:

Cancels one or more Spot Instance requests.

Canceling a Spot Instance request does not terminate running Spot Instances associated with the request.

 + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelSpotInstanceRequestsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CancelSpotInstanceRequestsRequest' + parameters: [] + /?Action=ConfirmProductInstance&Version=2016-11-15: + get: + x-aws-operation-name: ConfirmProductInstance + operationId: GET_ConfirmProductInstance + description: Determines whether a product code is associated with an instance. This action can only be used by the owner of the product code. It is useful when a product code owner must verify whether another user's instance is eligible for support. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ConfirmProductInstanceResult' + parameters: + - name: InstanceId + in: query + required: true + description: The ID of the instance. + schema: + type: string + - name: ProductCode + in: query + required: true + description: The product code. This must be a product code that you own. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ConfirmProductInstance + operationId: POST_ConfirmProductInstance + description: Determines whether a product code is associated with an instance. This action can only be used by the owner of the product code. It is useful when a product code owner must verify whether another user's instance is eligible for support. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ConfirmProductInstanceResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ConfirmProductInstanceRequest' + parameters: [] + /?Action=CopyFpgaImage&Version=2016-11-15: + get: + x-aws-operation-name: CopyFpgaImage + operationId: GET_CopyFpgaImage + description: Copies the specified Amazon FPGA Image (AFI) to the current Region. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CopyFpgaImageResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: SourceFpgaImageId + in: query + required: true + description: The ID of the source AFI. + schema: + type: string + - name: Description + in: query + required: false + description: The description for the new AFI. + schema: + type: string + - name: Name + in: query + required: false + description: The name for the new AFI. The default is the name of the source AFI. + schema: + type: string + - name: SourceRegion + in: query + required: true + description: The Region that contains the source AFI. + schema: + type: string + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CopyFpgaImage + operationId: POST_CopyFpgaImage + description: Copies the specified Amazon FPGA Image (AFI) to the current Region. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CopyFpgaImageResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CopyFpgaImageRequest' + parameters: [] + /?Action=CopyImage&Version=2016-11-15: + get: + x-aws-operation-name: CopyImage + operationId: GET_CopyImage + description: '

Initiates the copy of an AMI. You can copy an AMI from one Region to another, or from a Region to an Outpost. You can''t copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.

To copy an AMI from one Region to another, specify the source Region using the SourceRegion parameter, and specify the destination Region using its endpoint. Copies of encrypted backing snapshots for the AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, unless you set Encrypted during the copy operation. You cannot create an unencrypted copy of an encrypted backing snapshot.

To copy an AMI from a Region to an Outpost, specify the source Region using the SourceRegion parameter, and specify the ARN of the destination Outpost using DestinationOutpostArn. Backing snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId. Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.

For more information about the prerequisites and limits when copying an AMI, see Copying an AMI in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CopyImageResult' + parameters: + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see Ensuring idempotency in the Amazon EC2 API Reference.' + schema: + type: string + - name: Description + in: query + required: false + description: A description for the new AMI in the destination Region. + schema: + type: string + - name: Encrypted + in: query + required: false + description: 'Specifies whether the destination snapshots of the copied image should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default Key Management Service (KMS) KMS key using KmsKeyId. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.' + schema: + type: boolean + - name: KmsKeyId + in: query + required: false + description: '

The identifier of the symmetric Key Management Service (KMS) KMS key to use when creating encrypted volumes. If this parameter is not specified, your Amazon Web Services managed KMS key for Amazon EBS is used. If you specify a KMS key, you must also set the encrypted state to true.

You can specify a KMS key using any of the following:

  • Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.

  • Key alias. For example, alias/ExampleAlias.

  • Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.

  • Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.

Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an identifier that is not valid, the action can appear to complete, but eventually fails.

The specified KMS key must exist in the destination Region.

Amazon EBS does not support asymmetric KMS keys.

' + schema: + type: string + - name: Name + in: query + required: true + description: The name of the new AMI in the destination Region. + schema: + type: string + - name: SourceImageId + in: query + required: true + description: The ID of the AMI to copy. + schema: + type: string + - name: SourceRegion + in: query + required: true + description: The name of the Region that contains the AMI to copy. + schema: + type: string + - name: DestinationOutpostArn + in: query + required: false + description: '

The Amazon Resource Name (ARN) of the Outpost to which to copy the AMI. Only specify this parameter when copying an AMI from an Amazon Web Services Region to an Outpost. The AMI must be in the Region of the destination Outpost. You cannot copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

For more information, see Copying AMIs from an Amazon Web Services Region to an Outpost in the Amazon Elastic Compute Cloud User Guide.

' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CopyImage + operationId: POST_CopyImage + description: '

Initiates the copy of an AMI. You can copy an AMI from one Region to another, or from a Region to an Outpost. You can''t copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.

To copy an AMI from one Region to another, specify the source Region using the SourceRegion parameter, and specify the destination Region using its endpoint. Copies of encrypted backing snapshots for the AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, unless you set Encrypted during the copy operation. You cannot create an unencrypted copy of an encrypted backing snapshot.

To copy an AMI from a Region to an Outpost, specify the source Region using the SourceRegion parameter, and specify the ARN of the destination Outpost using DestinationOutpostArn. Backing snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId. Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.

For more information about the prerequisites and limits when copying an AMI, see Copying an AMI in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CopyImageResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CopyImageRequest' + parameters: [] + /?Action=CopySnapshot&Version=2016-11-15: + get: + x-aws-operation-name: CopySnapshot + operationId: GET_CopySnapshot + description: '

Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy a snapshot within the same Region, from one Region to another, or from a Region to an Outpost. You can''t copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

You can use the snapshot to create EBS volumes or Amazon Machine Images (AMIs).

When copying snapshots to a Region, copies of encrypted EBS snapshots remain encrypted. Copies of unencrypted snapshots remain unencrypted, unless you enable encryption for the snapshot copy operation. By default, encrypted snapshot copies use the default Key Management Service (KMS) KMS key; however, you can specify a different KMS key. To copy an encrypted snapshot that has been shared from another account, you must have permissions for the KMS key used to encrypt the snapshot.

Snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId. Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.

Snapshots created by copying another snapshot have an arbitrary volume ID that should not be used for any purpose.

For more information, see Copy an Amazon EBS snapshot in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CopySnapshotResult' + parameters: + - name: Description + in: query + required: false + description: A description for the EBS snapshot. + schema: + type: string + - name: DestinationOutpostArn + in: query + required: false + description: '

The Amazon Resource Name (ARN) of the Outpost to which to copy the snapshot. Only specify this parameter when copying a snapshot from an Amazon Web Services Region to an Outpost. The snapshot must be in the Region for the destination Outpost. You cannot copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

For more information, see Copy snapshots from an Amazon Web Services Region to an Outpost in the Amazon Elastic Compute Cloud User Guide.

' + schema: + type: string + - name: DestinationRegion + in: query + required: false + description: '

The destination Region to use in the PresignedUrl parameter of a snapshot copy operation. This parameter is only valid for specifying the destination Region in a PresignedUrl parameter, where it is required.

The snapshot copy is sent to the regional endpoint that you sent the HTTP request to (for example, ec2.us-east-1.amazonaws.com). With the CLI, this is specified using the --region parameter or the default Region in your Amazon Web Services configuration file.

' + schema: + type: string + - name: Encrypted + in: query + required: false + description: 'To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, enable encryption using this parameter. Otherwise, omit this parameter. Encrypted snapshots are encrypted, even if you omit this parameter and encryption by default is not enabled. You cannot set this parameter to false. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.' + schema: + type: boolean + - name: KmsKeyId + in: query + required: false + description: '

The identifier of the Key Management Service (KMS) KMS key to use for Amazon EBS encryption. If this parameter is not specified, your KMS key for Amazon EBS is used. If KmsKeyId is specified, the encrypted state must be true.

You can specify the KMS key using any of the following:

  • Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.

  • Key alias. For example, alias/ExampleAlias.

  • Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.

  • Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.

Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails.

' + schema: + type: string + - name: PresignedUrl + in: query + required: false + description: '

When you copy an encrypted source snapshot using the Amazon EC2 Query API, you must supply a pre-signed URL. This parameter is optional for unencrypted snapshots. For more information, see Query requests.

The PresignedUrl should use the snapshot source endpoint, the CopySnapshot action, and include the SourceRegion, SourceSnapshotId, and DestinationRegion parameters. The PresignedUrl must be signed using Amazon Web Services Signature Version 4. Because EBS snapshots are stored in Amazon S3, the signing algorithm for this parameter uses the same logic that is described in Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) in the Amazon Simple Storage Service API Reference. An invalid or improperly signed PresignedUrl will cause the copy operation to fail asynchronously, and the snapshot will move to an error state.

' + schema: + type: string + - name: SourceRegion + in: query + required: true + description: The ID of the Region that contains the snapshot to be copied. + schema: + type: string + - name: SourceSnapshotId + in: query + required: true + description: The ID of the EBS snapshot to copy. + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to apply to the new snapshot. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CopySnapshot + operationId: POST_CopySnapshot + description: '

Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy a snapshot within the same Region, from one Region to another, or from a Region to an Outpost. You can''t copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

You can use the snapshot to create EBS volumes or Amazon Machine Images (AMIs).

When copying snapshots to a Region, copies of encrypted EBS snapshots remain encrypted. Copies of unencrypted snapshots remain unencrypted, unless you enable encryption for the snapshot copy operation. By default, encrypted snapshot copies use the default Key Management Service (KMS) KMS key; however, you can specify a different KMS key. To copy an encrypted snapshot that has been shared from another account, you must have permissions for the KMS key used to encrypt the snapshot.

Snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId. Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.

Snapshots created by copying another snapshot have an arbitrary volume ID that should not be used for any purpose.

For more information, see Copy an Amazon EBS snapshot in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CopySnapshotResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CopySnapshotRequest' + parameters: [] + /?Action=CreateCapacityReservation&Version=2016-11-15: + get: + x-aws-operation-name: CreateCapacityReservation + operationId: GET_CreateCapacityReservation + description: '

Creates a new Capacity Reservation with the specified attributes.

Capacity Reservations enable you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration. This gives you the flexibility to selectively add capacity reservations and still get the Regional RI discounts for that usage. By creating Capacity Reservations, you ensure that you always have access to Amazon EC2 capacity when you need it, for as long as you need it. For more information, see Capacity Reservations in the Amazon EC2 User Guide.

Your request to create a Capacity Reservation could fail if Amazon EC2 does not have sufficient capacity to fulfill the request. If your request fails due to Amazon EC2 capacity constraints, either try again at a later time, try in a different Availability Zone, or request a smaller capacity reservation. If your application is flexible across instance types and sizes, try to create a Capacity Reservation with different instance attributes.

Your request could also fail if the requested quantity exceeds your On-Demand Instance limit for the selected instance type. If your request fails due to limit constraints, increase your On-Demand Instance limit for the required instance type and try again. For more information about increasing your instance limits, see Amazon EC2 Service Quotas in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateCapacityReservationResult' + parameters: + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency.' + schema: + type: string + - name: InstanceType + in: query + required: true + description: 'The instance type for which to reserve capacity. For more information, see Instance types in the Amazon EC2 User Guide.' + schema: + type: string + - name: InstancePlatform + in: query + required: true + description: The type of operating system for which to reserve capacity. + schema: + type: string + enum: + - Linux/UNIX + - Red Hat Enterprise Linux + - SUSE Linux + - Windows + - Windows with SQL Server + - Windows with SQL Server Enterprise + - Windows with SQL Server Standard + - Windows with SQL Server Web + - Linux with SQL Server Standard + - Linux with SQL Server Web + - Linux with SQL Server Enterprise + - RHEL with SQL Server Standard + - RHEL with SQL Server Enterprise + - RHEL with SQL Server Web + - RHEL with HA + - RHEL with HA and SQL Server Standard + - RHEL with HA and SQL Server Enterprise + - name: AvailabilityZone + in: query + required: false + description: The Availability Zone in which to create the Capacity Reservation. + schema: + type: string + - name: AvailabilityZoneId + in: query + required: false + description: The ID of the Availability Zone in which to create the Capacity Reservation. + schema: + type: string + - name: Tenancy + in: query + required: false + description: '

Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:

  • default - The Capacity Reservation is created on hardware that is shared with other Amazon Web Services accounts.

  • dedicated - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single Amazon Web Services account.

' + schema: + type: string + enum: + - default + - dedicated + - name: InstanceCount + in: query + required: true + description: '

The number of instances for which to reserve capacity.

Valid range: 1 - 1000

' + schema: + type: integer + - name: EbsOptimized + in: query + required: false + description: Indicates whether the Capacity Reservation supports EBS-optimized instances. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS- optimized instance. + schema: + type: boolean + - name: EphemeralStorage + in: query + required: false + description: 'Indicates whether the Capacity Reservation supports instances with temporary, block-level storage.' + schema: + type: boolean + - name: EndDate + in: query + required: false + description: '

The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation''s state changes to expired when it reaches its end date and time.

You must provide an EndDate value if EndDateType is limited. Omit EndDate if EndDateType is unlimited.

If the EndDateType is limited, the Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.

' + schema: + type: string + format: date-time + - name: EndDateType + in: query + required: false + description: '

Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:

  • unlimited - The Capacity Reservation remains active until you explicitly cancel it. Do not provide an EndDate if the EndDateType is unlimited.

  • limited - The Capacity Reservation expires automatically at a specified date and time. You must provide an EndDate value if the EndDateType value is limited.

' + schema: + type: string + enum: + - unlimited + - limited + - name: InstanceMatchCriteria + in: query + required: false + description: '

Indicates the type of instance launches that the Capacity Reservation accepts. The options include:

  • open - The Capacity Reservation automatically matches all instances that have matching attributes (instance type, platform, and Availability Zone). Instances that have matching attributes run in the Capacity Reservation automatically without specifying any additional parameters.

  • targeted - The Capacity Reservation only accepts instances that have matching attributes (instance type, platform, and Availability Zone), and explicitly target the Capacity Reservation. This ensures that only permitted instances can use the reserved capacity.

Default: open

' + schema: + type: string + enum: + - open + - targeted + - name: TagSpecifications + in: query + required: false + description: The tags to apply to the Capacity Reservation during launch. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: OutpostArn + in: query + required: false + description: The Amazon Resource Name (ARN) of the Outpost on which to create the Capacity Reservation. + schema: + type: string + pattern: '^arn:aws([a-z-]+)?:outposts:[a-z\d-]+:\d{12}:outpost/op-[a-f0-9]{17}$' + - name: PlacementGroupArn + in: query + required: false + description: 'The Amazon Resource Name (ARN) of the cluster placement group in which to create the Capacity Reservation. For more information, see Capacity Reservations for cluster placement groups in the Amazon EC2 User Guide.' + schema: + type: string + pattern: '^arn:aws([a-z-]+)?:ec2:[a-z\d-]+:\d{12}:placement-group/([^\s].+[^\s]){1,255}$' + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateCapacityReservation + operationId: POST_CreateCapacityReservation + description: '

Creates a new Capacity Reservation with the specified attributes.

Capacity Reservations enable you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration. This gives you the flexibility to selectively add capacity reservations and still get the Regional RI discounts for that usage. By creating Capacity Reservations, you ensure that you always have access to Amazon EC2 capacity when you need it, for as long as you need it. For more information, see Capacity Reservations in the Amazon EC2 User Guide.

Your request to create a Capacity Reservation could fail if Amazon EC2 does not have sufficient capacity to fulfill the request. If your request fails due to Amazon EC2 capacity constraints, either try again at a later time, try in a different Availability Zone, or request a smaller capacity reservation. If your application is flexible across instance types and sizes, try to create a Capacity Reservation with different instance attributes.

Your request could also fail if the requested quantity exceeds your On-Demand Instance limit for the selected instance type. If your request fails due to limit constraints, increase your On-Demand Instance limit for the required instance type and try again. For more information about increasing your instance limits, see Amazon EC2 Service Quotas in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateCapacityReservationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateCapacityReservationRequest' + parameters: [] + /?Action=CreateCapacityReservationFleet&Version=2016-11-15: + get: + x-aws-operation-name: CreateCapacityReservationFleet + operationId: GET_CreateCapacityReservationFleet + description: 'Creates a Capacity Reservation Fleet. For more information, see Create a Capacity Reservation Fleet in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateCapacityReservationFleetResult' + parameters: + - name: AllocationStrategy + in: query + required: false + description: '

The strategy used by the Capacity Reservation Fleet to determine which of the specified instance types to use. Currently, only the prioritized allocation strategy is supported. For more information, see Allocation strategy in the Amazon EC2 User Guide.

Valid values: prioritized

' + schema: + type: string + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency.' + schema: + type: string + - name: InstanceTypeSpecification + in: query + required: true + description: Information about the instance types for which to reserve the capacity. + schema: + type: array + items: + $ref: '#/components/schemas/ReservationFleetInstanceSpecification' + - name: Tenancy + in: query + required: false + description: '

Indicates the tenancy of the Capacity Reservation Fleet. All Capacity Reservations in the Fleet inherit this tenancy. The Capacity Reservation Fleet can have one of the following tenancy settings:

  • default - The Capacity Reservation Fleet is created on hardware that is shared with other Amazon Web Services accounts.

  • dedicated - The Capacity Reservations are created on single-tenant hardware that is dedicated to a single Amazon Web Services account.

' + schema: + type: string + enum: + - default + - name: TotalTargetCapacity + in: query + required: true + description: 'The total number of capacity units to be reserved by the Capacity Reservation Fleet. This value, together with the instance type weights that you assign to each instance type used by the Fleet determine the number of instances for which the Fleet reserves capacity. Both values are based on units that make sense for your workload. For more information, see Total target capacity in the Amazon EC2 User Guide.' + schema: + type: integer + - name: EndDate + in: query + required: false + description: '

The date and time at which the Capacity Reservation Fleet expires. When the Capacity Reservation Fleet expires, its state changes to expired and all of the Capacity Reservations in the Fleet expire.

The Capacity Reservation Fleet expires within an hour after the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation Fleet is guaranteed to expire between 13:30:55 and 14:30:55 on 5/31/2019.

' + schema: + type: string + format: date-time + - name: InstanceMatchCriteria + in: query + required: false + description: '

Indicates the type of instance launches that the Capacity Reservation Fleet accepts. All Capacity Reservations in the Fleet inherit this instance matching criteria.

Currently, Capacity Reservation Fleets support open instance matching criteria only. This means that instances that have matching attributes (instance type, platform, and Availability Zone) run in the Capacity Reservations automatically. Instances do not need to explicitly target a Capacity Reservation Fleet to use its reserved capacity.

' + schema: + type: string + enum: + - open + - name: TagSpecification + in: query + required: false + description: The tags to assign to the Capacity Reservation Fleet. The tags are automatically assigned to the Capacity Reservations in the Fleet. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateCapacityReservationFleet + operationId: POST_CreateCapacityReservationFleet + description: 'Creates a Capacity Reservation Fleet. For more information, see Create a Capacity Reservation Fleet in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateCapacityReservationFleetResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateCapacityReservationFleetRequest' + parameters: [] + /?Action=CreateCarrierGateway&Version=2016-11-15: + get: + x-aws-operation-name: CreateCarrierGateway + operationId: GET_CreateCarrierGateway + description: 'Creates a carrier gateway. For more information about carrier gateways, see Carrier gateways in the Amazon Web Services Wavelength Developer Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateCarrierGatewayResult' + parameters: + - name: VpcId + in: query + required: true + description: The ID of the VPC to associate with the carrier gateway. + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to associate with the carrier gateway. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateCarrierGateway + operationId: POST_CreateCarrierGateway + description: 'Creates a carrier gateway. For more information about carrier gateways, see Carrier gateways in the Amazon Web Services Wavelength Developer Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateCarrierGatewayResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateCarrierGatewayRequest' + parameters: [] + /?Action=CreateClientVpnEndpoint&Version=2016-11-15: + get: + x-aws-operation-name: CreateClientVpnEndpoint + operationId: GET_CreateClientVpnEndpoint + description: Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateClientVpnEndpointResult' + parameters: + - name: ClientCidrBlock + in: query + required: true + description: 'The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.' + schema: + type: string + - name: ServerCertificateArn + in: query + required: true + description: 'The ARN of the server certificate. For more information, see the Certificate Manager User Guide.' + schema: + type: string + - name: Authentication + in: query + required: true + description: Information about the authentication method to be used to authenticate clients. + schema: + type: array + items: + $ref: '#/components/schemas/ClientVpnAuthenticationRequest' + - name: ConnectionLogOptions + in: query + required: true + description: '

Information about the client connection logging options.

If you enable client connection logging, data about client connections is sent to a Cloudwatch Logs log stream. The following information is logged:

  • Client connection requests

  • Client connection results (successful and unsuccessful)

  • Reasons for unsuccessful client connection requests

  • Client connection termination time

' + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the CloudWatch Logs log stream to which the connection data is published. + description: Describes the client connection logging options for the Client VPN endpoint. + - name: DnsServers + in: query + required: false + description: 'Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address configured on the device is used for the DNS server.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: TransportProtocol + in: query + required: false + description: '

The transport protocol to be used by the VPN session.

Default value: udp

' + schema: + type: string + enum: + - tcp + - udp + - name: VpnPort + in: query + required: false + description: '

The port number to assign to the Client VPN endpoint for TCP and UDP traffic.

Valid Values: 443 | 1194

Default Value: 443

' + schema: + type: integer + - name: Description + in: query + required: false + description: A brief description of the Client VPN endpoint. + schema: + type: string + - name: SplitTunnel + in: query + required: false + description: '

Indicates whether split-tunnel is enabled on the Client VPN endpoint.

By default, split-tunnel on a VPN endpoint is disabled.

For information about split-tunnel VPN endpoints, see Split-tunnel Client VPN endpoint in the Client VPN Administrator Guide.

' + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to apply to the Client VPN endpoint during creation. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: SecurityGroupId + in: query + required: false + description: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: item + - name: VpcId + in: query + required: false + description: 'The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.' + schema: + type: string + - name: SelfServicePortal + in: query + required: false + description: '

Specify whether to enable the self-service portal for the Client VPN endpoint.

Default Value: enabled

' + schema: + type: string + enum: + - enabled + - disabled + - name: ClientConnectOptions + in: query + required: false + description: The options for managing connection authorization for new client connections. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization. + description: The options for managing connection authorization for new client connections. + - name: SessionTimeoutHours + in: query + required: false + description: '

The maximum VPN session duration time in hours.

Valid values: 8 | 10 | 12 | 24

Default value: 24

' + schema: + type: integer + - name: ClientLoginBannerOptions + in: query + required: false + description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: Customizable text that will be displayed in a banner on Amazon Web Services provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. + description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateClientVpnEndpoint + operationId: POST_CreateClientVpnEndpoint + description: Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateClientVpnEndpointResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateClientVpnEndpointRequest' + parameters: [] + /?Action=CreateClientVpnRoute&Version=2016-11-15: + get: + x-aws-operation-name: CreateClientVpnRoute + operationId: GET_CreateClientVpnRoute + description: Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateClientVpnRouteResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint to which to add the route. + schema: + type: string + - name: DestinationCidrBlock + in: query + required: true + description: '

The IPv4 address range, in CIDR notation, of the route destination. For example:

  • To add a route for Internet access, enter 0.0.0.0/0

  • To add a route for a peered VPC, enter the peered VPC''s IPv4 CIDR range

  • To add a route for an on-premises network, enter the Amazon Web Services Site-to-Site VPN connection''s IPv4 CIDR range

  • To add a route for the local network, enter the client CIDR range

' + schema: + type: string + - name: TargetVpcSubnetId + in: query + required: true + description: '

The ID of the subnet through which you want to route traffic. The specified subnet must be an existing target network of the Client VPN endpoint.

Alternatively, if you''re adding a route for the local network, specify local.

' + schema: + type: string + - name: Description + in: query + required: false + description: A brief description of the route. + schema: + type: string + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateClientVpnRoute + operationId: POST_CreateClientVpnRoute + description: Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateClientVpnRouteResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateClientVpnRouteRequest' + parameters: [] + /?Action=CreateCustomerGateway&Version=2016-11-15: + get: + x-aws-operation-name: CreateCustomerGateway + operationId: GET_CreateCustomerGateway + description: '

Provides information to Amazon Web Services about your VPN customer gateway device. The customer gateway is the appliance at your end of the VPN connection. (The device on the Amazon Web Services side of the VPN connection is the virtual private gateway.) You must provide the internet-routable IP address of the customer gateway''s external interface. The IP address must be static and can be behind a device performing network address translation (NAT).

For devices that use Border Gateway Protocol (BGP), you can also provide the device''s BGP Autonomous System Number (ASN). You can use an existing ASN assigned to your network. If you don''t have an ASN already, you can use a private ASN. For more information, see Customer gateway options for your Site-to-Site VPN connection in the Amazon Web Services Site-to-Site VPN User Guide.

To create more than one customer gateway with the same VPN type, IP address, and BGP ASN, specify a unique device name for each customer gateway. An identical request returns information about the existing customer gateway; it doesn''t create a new customer gateway.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateCustomerGatewayResult' + parameters: + - name: BgpAsn + in: query + required: true + description: '

For devices that support BGP, the customer gateway''s BGP ASN.

Default: 65000

' + schema: + type: integer + - name: IpAddress + in: query + required: false + description: The Internet-routable IP address for the customer gateway's outside interface. The address must be static. + schema: + type: string + - name: CertificateArn + in: query + required: false + description: The Amazon Resource Name (ARN) for the customer gateway certificate. + schema: + type: string + - name: Type + in: query + required: true + description: The type of VPN connection that this customer gateway supports (ipsec.1). + schema: + type: string + enum: + - ipsec.1 + - name: TagSpecification + in: query + required: false + description: The tags to apply to the customer gateway. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DeviceName + in: query + required: false + description: '

A name for the customer gateway device.

Length Constraints: Up to 255 characters.

' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateCustomerGateway + operationId: POST_CreateCustomerGateway + description: '

Provides information to Amazon Web Services about your VPN customer gateway device. The customer gateway is the appliance at your end of the VPN connection. (The device on the Amazon Web Services side of the VPN connection is the virtual private gateway.) You must provide the internet-routable IP address of the customer gateway''s external interface. The IP address must be static and can be behind a device performing network address translation (NAT).

For devices that use Border Gateway Protocol (BGP), you can also provide the device''s BGP Autonomous System Number (ASN). You can use an existing ASN assigned to your network. If you don''t have an ASN already, you can use a private ASN. For more information, see Customer gateway options for your Site-to-Site VPN connection in the Amazon Web Services Site-to-Site VPN User Guide.

To create more than one customer gateway with the same VPN type, IP address, and BGP ASN, specify a unique device name for each customer gateway. An identical request returns information about the existing customer gateway; it doesn''t create a new customer gateway.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateCustomerGatewayResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateCustomerGatewayRequest' + parameters: [] + /?Action=CreateDefaultSubnet&Version=2016-11-15: + get: + x-aws-operation-name: CreateDefaultSubnet + operationId: GET_CreateDefaultSubnet + description: 'Creates a default subnet with a size /20 IPv4 CIDR block in the specified Availability Zone in your default VPC. You can have only one default subnet per Availability Zone. For more information, see Creating a default subnet in the Amazon Virtual Private Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateDefaultSubnetResult' + parameters: + - name: AvailabilityZone + in: query + required: true + description: The Availability Zone in which to create the default subnet. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Ipv6Native + in: query + required: false + description: 'Indicates whether to create an IPv6 only subnet. If you already have a default subnet for this Availability Zone, you must delete it before you can create an IPv6 only subnet.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateDefaultSubnet + operationId: POST_CreateDefaultSubnet + description: 'Creates a default subnet with a size /20 IPv4 CIDR block in the specified Availability Zone in your default VPC. You can have only one default subnet per Availability Zone. For more information, see Creating a default subnet in the Amazon Virtual Private Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateDefaultSubnetResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateDefaultSubnetRequest' + parameters: [] + /?Action=CreateDefaultVpc&Version=2016-11-15: + get: + x-aws-operation-name: CreateDefaultVpc + operationId: GET_CreateDefaultVpc + description: '

Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in each Availability Zone. For more information about the components of a default VPC, see Default VPC and default subnets in the Amazon Virtual Private Cloud User Guide. You cannot specify the components of the default VPC yourself.

If you deleted your previous default VPC, you can create a default VPC. You cannot have more than one default VPC per Region.

If your account supports EC2-Classic, you cannot use this action to create a default VPC in a Region that supports EC2-Classic. If you want a default VPC in a Region that supports EC2-Classic, see "I really want a default VPC for my existing EC2 account. Is that possible?" in the Default VPCs FAQ.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateDefaultVpcResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateDefaultVpc + operationId: POST_CreateDefaultVpc + description: '

Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in each Availability Zone. For more information about the components of a default VPC, see Default VPC and default subnets in the Amazon Virtual Private Cloud User Guide. You cannot specify the components of the default VPC yourself.

If you deleted your previous default VPC, you can create a default VPC. You cannot have more than one default VPC per Region.

If your account supports EC2-Classic, you cannot use this action to create a default VPC in a Region that supports EC2-Classic. If you want a default VPC in a Region that supports EC2-Classic, see "I really want a default VPC for my existing EC2 account. Is that possible?" in the Default VPCs FAQ.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateDefaultVpcResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateDefaultVpcRequest' + parameters: [] + /?Action=CreateDhcpOptions&Version=2016-11-15: + get: + x-aws-operation-name: CreateDhcpOptions + operationId: GET_CreateDhcpOptions + description: '

Creates a set of DHCP options for your VPC. After creating the set, you must associate it with the VPC, causing all existing and new instances that you launch in the VPC to use this set of DHCP options. The following are the individual DHCP options you can specify. For more information about the options, see RFC 2132.

  • domain-name-servers - The IP addresses of up to four domain name servers, or AmazonProvidedDNS. The default DHCP option set specifies AmazonProvidedDNS. If specifying more than one domain name server, specify the IP addresses in a single parameter, separated by commas. To have your instance receive a custom DNS hostname as specified in domain-name, you must set domain-name-servers to a custom DNS server.

  • domain-name - If you''re using AmazonProvidedDNS in us-east-1, specify ec2.internal. If you''re using AmazonProvidedDNS in another Region, specify region.compute.internal (for example, ap-northeast-1.compute.internal). Otherwise, specify a domain name (for example, ExampleCompany.com). This value is used to complete unqualified DNS hostnames. Important: Some Linux operating systems accept multiple domain names separated by spaces. However, Windows and other Linux operating systems treat the value as a single domain, which results in unexpected behavior. If your DHCP options set is associated with a VPC that has instances with multiple operating systems, specify only one domain name.

  • ntp-servers - The IP addresses of up to four Network Time Protocol (NTP) servers.

  • netbios-name-servers - The IP addresses of up to four NetBIOS name servers.

  • netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We recommend that you specify 2 (broadcast and multicast are not currently supported). For more information about these node types, see RFC 2132.

Your VPC automatically starts out with a set of DHCP options that includes only a DNS server that we provide (AmazonProvidedDNS). If you create a set of options, and if your VPC has an internet gateway, make sure to set the domain-name-servers option either to AmazonProvidedDNS or to a domain name server of your choice. For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateDhcpOptionsResult' + parameters: + - name: DhcpConfiguration + in: query + required: true + description: A DHCP configuration option. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/NewDhcpConfiguration' + - xml: + name: item + - name: TagSpecification + in: query + required: false + description: The tags to assign to the DHCP option. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateDhcpOptions + operationId: POST_CreateDhcpOptions + description: '

Creates a set of DHCP options for your VPC. After creating the set, you must associate it with the VPC, causing all existing and new instances that you launch in the VPC to use this set of DHCP options. The following are the individual DHCP options you can specify. For more information about the options, see RFC 2132.

  • domain-name-servers - The IP addresses of up to four domain name servers, or AmazonProvidedDNS. The default DHCP option set specifies AmazonProvidedDNS. If specifying more than one domain name server, specify the IP addresses in a single parameter, separated by commas. To have your instance receive a custom DNS hostname as specified in domain-name, you must set domain-name-servers to a custom DNS server.

  • domain-name - If you''re using AmazonProvidedDNS in us-east-1, specify ec2.internal. If you''re using AmazonProvidedDNS in another Region, specify region.compute.internal (for example, ap-northeast-1.compute.internal). Otherwise, specify a domain name (for example, ExampleCompany.com). This value is used to complete unqualified DNS hostnames. Important: Some Linux operating systems accept multiple domain names separated by spaces. However, Windows and other Linux operating systems treat the value as a single domain, which results in unexpected behavior. If your DHCP options set is associated with a VPC that has instances with multiple operating systems, specify only one domain name.

  • ntp-servers - The IP addresses of up to four Network Time Protocol (NTP) servers.

  • netbios-name-servers - The IP addresses of up to four NetBIOS name servers.

  • netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We recommend that you specify 2 (broadcast and multicast are not currently supported). For more information about these node types, see RFC 2132.

Your VPC automatically starts out with a set of DHCP options that includes only a DNS server that we provide (AmazonProvidedDNS). If you create a set of options, and if your VPC has an internet gateway, make sure to set the domain-name-servers option either to AmazonProvidedDNS or to a domain name server of your choice. For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateDhcpOptionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateDhcpOptionsRequest' + parameters: [] + /?Action=CreateEgressOnlyInternetGateway&Version=2016-11-15: + get: + x-aws-operation-name: CreateEgressOnlyInternetGateway + operationId: GET_CreateEgressOnlyInternetGateway + description: '[IPv6 only] Creates an egress-only internet gateway for your VPC. An egress-only internet gateway is used to enable outbound communication over IPv6 from instances in your VPC to the internet, and prevents hosts outside of your VPC from initiating an IPv6 connection with your instance.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateEgressOnlyInternetGatewayResult' + parameters: + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcId + in: query + required: true + description: The ID of the VPC for which to create the egress-only internet gateway. + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to assign to the egress-only internet gateway. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateEgressOnlyInternetGateway + operationId: POST_CreateEgressOnlyInternetGateway + description: '[IPv6 only] Creates an egress-only internet gateway for your VPC. An egress-only internet gateway is used to enable outbound communication over IPv6 from instances in your VPC to the internet, and prevents hosts outside of your VPC from initiating an IPv6 connection with your instance.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateEgressOnlyInternetGatewayResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateEgressOnlyInternetGatewayRequest' + parameters: [] + /?Action=CreateFleet&Version=2016-11-15: + get: + x-aws-operation-name: CreateFleet + operationId: GET_CreateFleet + description: '

Launches an EC2 Fleet.

You can create a single EC2 Fleet that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet.

For more information, see EC2 Fleet in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateFleetResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.' + schema: + type: string + - name: SpotOptions + in: query + required: false + description: Describes the configuration of Spot Instances in an EC2 Fleet. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The maximum amount per hour for Spot Instances that you're willing to pay. + description: Describes the configuration of Spot Instances in an EC2 Fleet request. + - name: OnDemandOptions + in: query + required: false + description: Describes the configuration of On-Demand Instances in an EC2 Fleet. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The maximum amount per hour for On-Demand Instances that you're willing to pay. + description: Describes the configuration of On-Demand Instances in an EC2 Fleet. + - name: ExcessCapacityTerminationPolicy + in: query + required: false + description: Indicates whether running instances should be terminated if the total target capacity of the EC2 Fleet is decreased below the current size of the EC2 Fleet. + schema: + type: string + enum: + - no-termination + - termination + - name: LaunchTemplateConfigs + in: query + required: true + description: The configuration for the EC2 Fleet. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/FleetLaunchTemplateConfigRequest' + - xml: + name: item + minItems: 0 + maxItems: 50 + - name: TargetCapacitySpecification + in: query + required: true + description: The number of units to request. + schema: + type: object + required: + - TotalTargetCapacity + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TargetCapacityUnitType' + - description: '

The unit for the target capacity.

Default: units (translates to number of instances)

' + description: '

The number of units to request. You can choose to set the target capacity as the number of instances. Or you can set the target capacity to a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.

You can use the On-Demand Instance MaxTotalPrice parameter, the Spot Instance MaxTotalPrice parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, EC2 Fleet will launch instances until it reaches the maximum amount that you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity. The MaxTotalPrice parameters are located in OnDemandOptionsRequest and SpotOptionsRequest.

' + - name: TerminateInstancesWithExpiration + in: query + required: false + description: Indicates whether running instances should be terminated when the EC2 Fleet expires. + schema: + type: boolean + - name: Type + in: query + required: false + description: '

The fleet type. The default value is maintain.

  • maintain - The EC2 Fleet places an asynchronous request for your desired capacity, and continues to maintain your desired Spot capacity by replenishing interrupted Spot Instances.

  • request - The EC2 Fleet places an asynchronous one-time request for your desired capacity, but does submit Spot requests in alternative capacity pools if Spot capacity is unavailable, and does not maintain Spot capacity if Spot Instances are interrupted.

  • instant - The EC2 Fleet places a synchronous one-time request for your desired capacity, and returns errors for any instances that could not be launched.

For more information, see EC2 Fleet request types in the Amazon EC2 User Guide.

' + schema: + type: string + enum: + - request + - maintain + - instant + - name: ValidFrom + in: query + required: false + description: 'The start date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately.' + schema: + type: string + format: date-time + - name: ValidUntil + in: query + required: false + description: 'The end date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new EC2 Fleet requests are placed or able to fulfill the request. If no value is specified, the request remains until you cancel it.' + schema: + type: string + format: date-time + - name: ReplaceUnhealthyInstances + in: query + required: false + description: 'Indicates whether EC2 Fleet should replace unhealthy Spot Instances. Supported only for fleets of type maintain. For more information, see EC2 Fleet health checks in the Amazon EC2 User Guide.' + schema: + type: boolean + - name: TagSpecification + in: query + required: false + description: '

The key-value pair for tagging the EC2 Fleet request on creation. For more information, see Tagging your resources.

If the fleet type is instant, specify a resource type of fleet to tag the fleet or instance to tag the instances at launch.

If the fleet type is maintain or request, specify a resource type of fleet to tag the fleet. You cannot specify a resource type of instance. To tag instances at launch, specify the tags in a launch template.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: Context + in: query + required: false + description: Reserved. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateFleet + operationId: POST_CreateFleet + description: '

Launches an EC2 Fleet.

You can create a single EC2 Fleet that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet.

For more information, see EC2 Fleet in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateFleetResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateFleetRequest' + parameters: [] + /?Action=CreateFlowLogs&Version=2016-11-15: + get: + x-aws-operation-name: CreateFlowLogs + operationId: GET_CreateFlowLogs + description: '

Creates one or more flow logs to capture information about IP traffic for a specific network interface, subnet, or VPC.

Flow log data for a monitored network interface is recorded as flow log records, which are log events consisting of fields that describe the traffic flow. For more information, see Flow log records in the Amazon Virtual Private Cloud User Guide.

When publishing to CloudWatch Logs, flow log records are published to a log group, and each network interface has a unique log stream in the log group. When publishing to Amazon S3, flow log records for all of the monitored network interfaces are published to a single log file object that is stored in the specified bucket.

For more information, see VPC Flow Logs in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateFlowLogsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + - name: DeliverLogsPermissionArn + in: query + required: false + description: '

The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.

If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn or LogGroupName.

' + schema: + type: string + - name: LogGroupName + in: query + required: false + description: '

The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.

If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn or LogGroupName.

' + schema: + type: string + - name: ResourceId + in: query + required: true + description: '

The ID of the subnet, network interface, or VPC for which you want to create a flow log.

Constraints: Maximum of 1000 resources

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/FlowLogResourceId' + - xml: + name: item + - name: ResourceType + in: query + required: true + description: 'The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.' + schema: + type: string + enum: + - VPC + - Subnet + - NetworkInterface + - name: TrafficType + in: query + required: true + description: 'The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.' + schema: + type: string + enum: + - ACCEPT + - REJECT + - ALL + - name: LogDestinationType + in: query + required: false + description: '

The type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3. To publish flow log data to CloudWatch Logs, specify cloud-watch-logs. To publish flow log data to Amazon S3, specify s3.

If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn or LogGroupName.

Default: cloud-watch-logs

' + schema: + type: string + enum: + - cloud-watch-logs + - s3 + - name: LogDestination + in: query + required: false + description: '

The destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group or an Amazon S3 bucket. The value specified for this parameter depends on the value specified for LogDestinationType.

If LogDestinationType is not specified or cloud-watch-logs, specify the Amazon Resource Name (ARN) of the CloudWatch Logs log group. For example, to publish to a log group called my-logs, specify arn:aws:logs:us-east-1:123456789012:log-group:my-logs. Alternatively, use LogGroupName instead.

If LogDestinationType is s3, specify the ARN of the Amazon S3 bucket. You can also specify a subfolder in the bucket. To specify a subfolder in the bucket, use the following ARN format: bucket_ARN/subfolder_name/. For example, to specify a subfolder named my-logs in a bucket named my-bucket, use the following ARN: arn:aws:s3:::my-bucket/my-logs/. You cannot use AWSLogs as a subfolder name. This is a reserved term.

' + schema: + type: string + - name: LogFormat + in: query + required: false + description: '

The fields to include in the flow log record, in the order in which they should appear. For a list of available fields, see Flow log records. If you omit this parameter, the flow log is created using the default format. If you specify this parameter, you must specify at least one field.

Specify the fields using the ${field-id} format, separated by spaces. For the CLI, surround this parameter value with single quotes on Linux or double quotes on Windows.

' + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to apply to the flow logs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: MaxAggregationInterval + in: query + required: false + description: '

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).

When a network interface is attached to a Nitro-based instance, the aggregation interval is always 60 seconds or less, regardless of the value that you specify.

Default: 600

' + schema: + type: integer + - name: DestinationOptions + in: query + required: false + description: The destination options. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. The default is false. + description: Describes the destination options for a flow log. + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateFlowLogs + operationId: POST_CreateFlowLogs + description: '

Creates one or more flow logs to capture information about IP traffic for a specific network interface, subnet, or VPC.

Flow log data for a monitored network interface is recorded as flow log records, which are log events consisting of fields that describe the traffic flow. For more information, see Flow log records in the Amazon Virtual Private Cloud User Guide.

When publishing to CloudWatch Logs, flow log records are published to a log group, and each network interface has a unique log stream in the log group. When publishing to Amazon S3, flow log records for all of the monitored network interfaces are published to a single log file object that is stored in the specified bucket.

For more information, see VPC Flow Logs in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateFlowLogsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateFlowLogsRequest' + parameters: [] + /?Action=CreateFpgaImage&Version=2016-11-15: + get: + x-aws-operation-name: CreateFpgaImage + operationId: GET_CreateFpgaImage + description: '

Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).

The create operation is asynchronous. To verify that the AFI is ready for use, check the output logs.

An AFI contains the FPGA bitstream that is ready to download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated instances. For more information, see the Amazon Web Services FPGA Hardware Development Kit.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateFpgaImageResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InputStorageLocation + in: query + required: true + description: The location of the encrypted design checkpoint in Amazon S3. The input must be a tarball. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The key. + description: Describes a storage location in Amazon S3. + - name: LogsStorageLocation + in: query + required: false + description: The location in Amazon S3 for the output logs. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The key. + description: Describes a storage location in Amazon S3. + - name: Description + in: query + required: false + description: A description for the AFI. + schema: + type: string + - name: Name + in: query + required: false + description: A name for the AFI. + schema: + type: string + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to apply to the FPGA image during creation. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateFpgaImage + operationId: POST_CreateFpgaImage + description: '

Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).

The create operation is asynchronous. To verify that the AFI is ready for use, check the output logs.

An AFI contains the FPGA bitstream that is ready to download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated instances. For more information, see the Amazon Web Services FPGA Hardware Development Kit.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateFpgaImageResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateFpgaImageRequest' + parameters: [] + /?Action=CreateImage&Version=2016-11-15: + get: + x-aws-operation-name: CreateImage + operationId: GET_CreateImage + description: '

Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.

By default, when Amazon EC2 creates the new AMI, it reboots the instance so that it can take snapshots of the attached volumes while data is at rest, in order to ensure a consistent state. You can set the NoReboot parameter to true in the API request, or use the --no-reboot option in the CLI to prevent Amazon EC2 from shutting down and rebooting the instance.

If you choose to bypass the shutdown and reboot process by setting the NoReboot parameter to true in the API request, or by using the --no-reboot option in the CLI, we can''t guarantee the file system integrity of the created image.

If you customized your instance with instance store volumes or Amazon EBS volumes in addition to the root device volume, the new AMI contains block device mapping information for those volumes. When you launch an instance from this new AMI, the instance automatically launches with those additional volumes.

For more information, see Creating Amazon EBS-Backed Linux AMIs in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateImageResult' + parameters: + - name: BlockDeviceMapping + in: query + required: false + description: 'The block device mappings. This parameter cannot be used to modify the encryption status of existing volumes or snapshots. To create an AMI with encrypted snapshots, use the CopyImage action.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/BlockDeviceMapping' + - xml: + name: BlockDeviceMapping + - name: Description + in: query + required: false + description: A description for the new image. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceId + in: query + required: true + description: The ID of the instance. + schema: + type: string + - name: Name + in: query + required: true + description: '

A name for the new image.

Constraints: 3-128 alphanumeric characters, parentheses (()), square brackets ([]), spaces ( ), periods (.), slashes (/), dashes (-), single quotes (''), at-signs (@), or underscores(_)

' + schema: + type: string + - name: NoReboot + in: query + required: false + description: '

By default, when Amazon EC2 creates the new AMI, it reboots the instance so that it can take snapshots of the attached volumes while data is at rest, in order to ensure a consistent state. You can set the NoReboot parameter to true in the API request, or use the --no-reboot option in the CLI to prevent Amazon EC2 from shutting down and rebooting the instance.

If you choose to bypass the shutdown and reboot process by setting the NoReboot parameter to true in the API request, or by using the --no-reboot option in the CLI, we can''t guarantee the file system integrity of the created image.

Default: false (follow standard reboot process)

' + schema: + type: boolean + - name: TagSpecification + in: query + required: false + description: '

The tags to apply to the AMI and snapshots on creation. You can tag the AMI, the snapshots, or both.

  • To tag the AMI, the value for ResourceType must be image.

  • To tag the snapshots that are created of the root volume and of other Amazon EBS volumes that are attached to the instance, the value for ResourceType must be snapshot. The same tag is applied to all of the snapshots that are created.

If you specify other values for ResourceType, the request fails.

To tag an AMI or snapshot after it has been created, see CreateTags.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateImage + operationId: POST_CreateImage + description: '

Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.

By default, when Amazon EC2 creates the new AMI, it reboots the instance so that it can take snapshots of the attached volumes while data is at rest, in order to ensure a consistent state. You can set the NoReboot parameter to true in the API request, or use the --no-reboot option in the CLI to prevent Amazon EC2 from shutting down and rebooting the instance.

If you choose to bypass the shutdown and reboot process by setting the NoReboot parameter to true in the API request, or by using the --no-reboot option in the CLI, we can''t guarantee the file system integrity of the created image.

If you customized your instance with instance store volumes or Amazon EBS volumes in addition to the root device volume, the new AMI contains block device mapping information for those volumes. When you launch an instance from this new AMI, the instance automatically launches with those additional volumes.

For more information, see Creating Amazon EBS-Backed Linux AMIs in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateImageResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateImageRequest' + parameters: [] + /?Action=CreateInstanceEventWindow&Version=2016-11-15: + get: + x-aws-operation-name: CreateInstanceEventWindow + operationId: GET_CreateInstanceEventWindow + description: '

Creates an event window in which scheduled events for the associated Amazon EC2 instances can run.

You can define either a set of time ranges or a cron expression when creating the event window, but not both. All event window times are in UTC.

You can create up to 200 event windows per Amazon Web Services Region.

When you create the event window, targets (instance IDs, Dedicated Host IDs, or tags) are not yet associated with it. To ensure that the event window can be used, you must associate one or more targets with it by using the AssociateInstanceEventWindow API.

Event windows are applicable only for scheduled events that stop, reboot, or terminate instances.

Event windows are not applicable for:

  • Expedited scheduled events and network maintenance events.

  • Unscheduled maintenance such as AutoRecovery and unplanned reboots.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateInstanceEventWindowResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Name + in: query + required: false + description: The name of the event window. + schema: + type: string + - name: TimeRange + in: query + required: false + description: 'The time range for the event window. If you specify a time range, you can''t specify a cron expression.' + schema: + type: array + items: + $ref: '#/components/schemas/InstanceEventWindowTimeRangeRequest' + - name: CronExpression + in: query + required: false + description: '

The cron expression for the event window, for example, * 0-4,20-23 * * 1,5. If you specify a cron expression, you can''t specify a time range.

Constraints:

  • Only hour and day of the week values are supported.

  • For day of the week values, you can specify either integers 0 through 6, or alternative single values SUN through SAT.

  • The minute, month, and year must be specified by *.

  • The hour value must be one or a multiple range, for example, 0-4 or 0-4,20-23.

  • Each hour range must be >= 2 hours, for example, 0-2 or 20-23.

  • The event window must be >= 4 hours. The combined total time ranges in the event window must be >= 4 hours.

For more information about cron expressions, see cron on the Wikipedia website.

' + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to apply to the event window. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateInstanceEventWindow + operationId: POST_CreateInstanceEventWindow + description: '

Creates an event window in which scheduled events for the associated Amazon EC2 instances can run.

You can define either a set of time ranges or a cron expression when creating the event window, but not both. All event window times are in UTC.

You can create up to 200 event windows per Amazon Web Services Region.

When you create the event window, targets (instance IDs, Dedicated Host IDs, or tags) are not yet associated with it. To ensure that the event window can be used, you must associate one or more targets with it by using the AssociateInstanceEventWindow API.

Event windows are applicable only for scheduled events that stop, reboot, or terminate instances.

Event windows are not applicable for:

  • Expedited scheduled events and network maintenance events.

  • Unscheduled maintenance such as AutoRecovery and unplanned reboots.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateInstanceEventWindowResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateInstanceEventWindowRequest' + parameters: [] + /?Action=CreateInstanceExportTask&Version=2016-11-15: + get: + x-aws-operation-name: CreateInstanceExportTask + operationId: GET_CreateInstanceExportTask + description: '

Exports a running or stopped instance to an Amazon S3 bucket.

For information about the supported operating systems, image formats, and known limitations for the types of instances you can export, see Exporting an instance as a VM Using VM Import/Export in the VM Import/Export User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateInstanceExportTaskResult' + parameters: + - name: Description + in: query + required: false + description: A description for the conversion task or the resource being exported. The maximum length is 255 characters. + schema: + type: string + - name: ExportToS3 + in: query + required: true + description: The format and location for an export instance task. + schema: + type: object + properties: + containerFormat: + allOf: + - $ref: '#/components/schemas/ContainerFormat' + - description: 'The container format used to combine disk images with metadata (such as OVF). If absent, only the disk image is exported.' + diskImageFormat: + allOf: + - $ref: '#/components/schemas/DiskImageFormat' + - description: The format for the exported image. + s3Bucket: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon S3 bucket for the destination image. The destination bucket must exist and grant WRITE and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com. + s3Prefix: + allOf: + - $ref: '#/components/schemas/String' + - description: The image is written to a single object in the Amazon S3 bucket at the S3 key s3prefix + exportTaskId + '.' + diskImageFormat. + description: Describes an export instance task. + - name: InstanceId + in: query + required: true + description: The ID of the instance. + schema: + type: string + - name: TargetEnvironment + in: query + required: true + description: The target virtualization environment. + schema: + type: string + enum: + - citrix + - vmware + - microsoft + - name: TagSpecification + in: query + required: false + description: The tags to apply to the export instance task during creation. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateInstanceExportTask + operationId: POST_CreateInstanceExportTask + description: '

Exports a running or stopped instance to an Amazon S3 bucket.

For information about the supported operating systems, image formats, and known limitations for the types of instances you can export, see Exporting an instance as a VM Using VM Import/Export in the VM Import/Export User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateInstanceExportTaskResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateInstanceExportTaskRequest' + parameters: [] + /?Action=CreateInternetGateway&Version=2016-11-15: + get: + x-aws-operation-name: CreateInternetGateway + operationId: GET_CreateInternetGateway + description: '

Creates an internet gateway for use with a VPC. After creating the internet gateway, you attach it to a VPC using AttachInternetGateway.

For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateInternetGatewayResult' + parameters: + - name: TagSpecification + in: query + required: false + description: The tags to assign to the internet gateway. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateInternetGateway + operationId: POST_CreateInternetGateway + description: '

Creates an internet gateway for use with a VPC. After creating the internet gateway, you attach it to a VPC using AttachInternetGateway.

For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateInternetGatewayResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateInternetGatewayRequest' + parameters: [] + /?Action=CreateIpam&Version=2016-11-15: + get: + x-aws-operation-name: CreateIpam + operationId: GET_CreateIpam + description: '

Create an IPAM. Amazon VPC IP Address Manager (IPAM) is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization.

For more information, see Create an IPAM in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateIpamResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Description + in: query + required: false + description: A description for the IPAM. + schema: + type: string + - name: OperatingRegion + in: query + required: false + description: '

The operating Regions for the IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

' + schema: + type: array + items: + $ref: '#/components/schemas/AddIpamOperatingRegion' + minItems: 0 + maxItems: 50 + - name: TagSpecification + in: query + required: false + description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: ClientToken + in: query + required: false + description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateIpam + operationId: POST_CreateIpam + description: '

Create an IPAM. Amazon VPC IP Address Manager (IPAM) is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization.

For more information, see Create an IPAM in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateIpamResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateIpamRequest' + parameters: [] + /?Action=CreateIpamPool&Version=2016-11-15: + get: + x-aws-operation-name: CreateIpamPool + operationId: GET_CreateIpamPool + description: '

Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.

For more information, see Create a top-level pool in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateIpamPoolResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IpamScopeId + in: query + required: true + description: The ID of the scope in which you would like to create the IPAM pool. + schema: + type: string + - name: Locale + in: query + required: false + description: '

In IPAM, the locale is the Amazon Web Services Region where you want to make an IPAM pool available for allocations. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you do not choose a locale, resources in Regions others than the IPAM''s home region cannot use CIDRs from this pool.

Possible values: Any Amazon Web Services Region, such as us-east-1.

' + schema: + type: string + - name: SourceIpamPoolId + in: query + required: false + description: The ID of the source IPAM pool. Use this option to create a pool within an existing pool. Note that the CIDR you provision for the pool within the source pool must be available in the source pool's CIDR range. + schema: + type: string + - name: Description + in: query + required: false + description: A description for the IPAM pool. + schema: + type: string + - name: AddressFamily + in: query + required: true + description: The IP protocol assigned to this IPAM pool. You must choose either IPv4 or IPv6 protocol for a pool. + schema: + type: string + enum: + - ipv4 + - ipv6 + - name: AutoImport + in: query + required: false + description: '

If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool''s allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.

A locale must be set on the pool for this feature to work.

' + schema: + type: boolean + - name: PubliclyAdvertisable + in: query + required: false + description: Determines if the pool is publicly advertisable. This option is not available for pools with AddressFamily set to ipv4. + schema: + type: boolean + - name: AllocationMinNetmaskLength + in: query + required: false + description: The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. The minimum netmask length must be less than the maximum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128. + schema: + type: integer + minimum: 0 + maximum: 128 + - name: AllocationMaxNetmaskLength + in: query + required: false + description: The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. The maximum netmask length must be greater than the minimum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128. + schema: + type: integer + minimum: 0 + maximum: 128 + - name: AllocationDefaultNetmaskLength + in: query + required: false + description: 'The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.' + schema: + type: integer + minimum: 0 + maximum: 128 + - name: AllocationResourceTag + in: query + required: false + description: 'Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/RequestIpamResourceTag' + - xml: + name: item + - name: TagSpecification + in: query + required: false + description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: ClientToken + in: query + required: false + description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' + schema: + type: string + - name: AwsService + in: query + required: false + description: 'Limits which service in Amazon Web Services that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs.' + schema: + type: string + enum: + - ec2 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateIpamPool + operationId: POST_CreateIpamPool + description: '

Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.

For more information, see Create a top-level pool in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateIpamPoolResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateIpamPoolRequest' + parameters: [] + /?Action=CreateIpamScope&Version=2016-11-15: + get: + x-aws-operation-name: CreateIpamScope + operationId: GET_CreateIpamScope + description: '

Create an IPAM scope. In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.

For more information, see Add a scope in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateIpamScopeResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IpamId + in: query + required: true + description: The ID of the IPAM for which you're creating this scope. + schema: + type: string + - name: Description + in: query + required: false + description: A description for the scope you're creating. + schema: + type: string + - name: TagSpecification + in: query + required: false + description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: ClientToken + in: query + required: false + description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateIpamScope + operationId: POST_CreateIpamScope + description: '

Create an IPAM scope. In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.

For more information, see Add a scope in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateIpamScopeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateIpamScopeRequest' + parameters: [] + /?Action=CreateKeyPair&Version=2016-11-15: + get: + x-aws-operation-name: CreateKeyPair + operationId: GET_CreateKeyPair + description: '

Creates an ED25519 or 2048-bit RSA key pair with the specified name and in the specified PEM or PPK format. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key or an unencrypted PPK formatted private key for use with PuTTY. If a key with the specified name already exists, Amazon EC2 returns an error.

The key pair returned to you is available only in the Amazon Web Services Region in which you create it. If you prefer, you can create your own key pair using a third-party tool and upload it to any Region using ImportKeyPair.

You can have up to 5,000 key pairs per Amazon Web Services Region.

For more information, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/KeyPair' + parameters: + - name: KeyName + in: query + required: true + description: '

A unique name for the key pair.

Constraints: Up to 255 ASCII characters

' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: KeyType + in: query + required: false + description: '

The type of key pair. Note that ED25519 keys are not supported for Windows instances.

Default: rsa

' + schema: + type: string + enum: + - rsa + - ed25519 + - name: TagSpecification + in: query + required: false + description: The tags to apply to the new key pair. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: KeyFormat + in: query + required: false + description: '

The format of the key pair.

Default: pem

' + schema: + type: string + enum: + - pem + - ppk + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateKeyPair + operationId: POST_CreateKeyPair + description: '

Creates an ED25519 or 2048-bit RSA key pair with the specified name and in the specified PEM or PPK format. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key or an unencrypted PPK formatted private key for use with PuTTY. If a key with the specified name already exists, Amazon EC2 returns an error.

The key pair returned to you is available only in the Amazon Web Services Region in which you create it. If you prefer, you can create your own key pair using a third-party tool and upload it to any Region using ImportKeyPair.

You can have up to 5,000 key pairs per Amazon Web Services Region.

For more information, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/KeyPair' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateKeyPairRequest' + parameters: [] + /?Action=CreateLaunchTemplate&Version=2016-11-15: + get: + x-aws-operation-name: CreateLaunchTemplate + operationId: GET_CreateLaunchTemplate + description: '

Creates a launch template.

A launch template contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify a launch template instead of providing the launch parameters in the request. For more information, see Launching an instance from a launch template in the Amazon Elastic Compute Cloud User Guide.

If you want to clone an existing launch template as the basis for creating a new launch template, you can use the Amazon EC2 console. The API, SDKs, and CLI do not support cloning a template. For more information, see Create a launch template from an existing launch template in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateLaunchTemplateResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ClientToken + in: query + required: false + description: '

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

Constraint: Maximum 128 ASCII characters.

' + schema: + type: string + - name: LaunchTemplateName + in: query + required: true + description: A name for the launch template. + schema: + type: string + pattern: '[a-zA-Z0-9\(\)\.\-/_]+' + minLength: 3 + maxLength: 128 + - name: VersionDescription + in: query + required: false + description: A description for the first version of the launch template. + schema: + type: string + minLength: 0 + maxLength: 255 + - name: LaunchTemplateData + in: query + required: true + description: The information for the launch template. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LaunchTemplateIamInstanceProfileSpecificationRequest' + - description: The name or Amazon Resource Name (ARN) of an IAM instance profile. + BlockDeviceMapping: + allOf: + - $ref: '#/components/schemas/LaunchTemplateBlockDeviceMappingRequestList' + - description: The block device mapping. + NetworkInterface: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see Running Commands on Your Linux Instance at Launch (Linux) or Adding User Data (Windows).

If you are creating the launch template for use with Batch, the user data must be provided in the MIME multi-part archive format. For more information, see Amazon EC2 user data in launch templates in the Batch User Guide.

' + TagSpecification: + allOf: + - $ref: '#/components/schemas/LaunchTemplateTagSpecificationRequestList' + - description: 'The tags to apply to the resources during launch. You can only tag instances and volumes on launch. The specified tags are applied to all instances or volumes that are created during launch. To tag a resource after it has been created, see CreateTags.' + ElasticGpuSpecification: + allOf: + - $ref: '#/components/schemas/ElasticGpuSpecificationList' + - description: An elastic GPU to associate with the instance. + ElasticInferenceAccelerator: + allOf: + - $ref: '#/components/schemas/LaunchTemplateElasticInferenceAcceleratorList' + - description: ' The elastic inference accelerator for the instance. ' + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/SecurityGroupIdStringList' + - description: 'One or more security group IDs. You can create a security group using CreateSecurityGroup. You cannot specify both a security group ID and security name in the same request.' + SecurityGroup: + allOf: + - $ref: '#/components/schemas/LaunchTemplateCapacityReservationSpecificationRequest' + - description: 'The Capacity Reservation targeting option. If you do not specify this parameter, the instance''s Capacity Reservation preference defaults to open, which enables it to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).' + LicenseSpecification: + allOf: + - $ref: '#/components/schemas/LaunchTemplateInstanceMaintenanceOptionsRequest' + - description: The maintenance options for the instance. + description:

The information to include in the launch template.

You must specify at least one parameter for the launch template data.

 + - name: TagSpecification + in: query + required: false + description: The tags to apply to the launch template during creation. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateLaunchTemplate + operationId: POST_CreateLaunchTemplate + description: '

Creates a launch template.

A launch template contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify a launch template instead of providing the launch parameters in the request. For more information, see Launching an instance from a launch template in the Amazon Elastic Compute Cloud User Guide.

If you want to clone an existing launch template as the basis for creating a new launch template, you can use the Amazon EC2 console. The API, SDKs, and CLI do not support cloning a template. For more information, see Create a launch template from an existing launch template in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateLaunchTemplateResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateLaunchTemplateRequest' + parameters: [] + /?Action=CreateLaunchTemplateVersion&Version=2016-11-15: + get: + x-aws-operation-name: CreateLaunchTemplateVersion + operationId: GET_CreateLaunchTemplateVersion + description: '

Creates a new version for a launch template. You can specify an existing version of launch template from which to base the new version.

Launch template versions are numbered in the order in which they are created. You cannot specify, change, or replace the numbering of launch template versions.

For more information, see Managing launch template versionsin the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateLaunchTemplateVersionResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ClientToken + in: query + required: false + description: '

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

Constraint: Maximum 128 ASCII characters.

' + schema: + type: string + - name: LaunchTemplateId + in: query + required: false + description: The ID of the launch template. You must specify either the launch template ID or launch template name in the request. + schema: + type: string + - name: LaunchTemplateName + in: query + required: false + description: The name of the launch template. You must specify either the launch template ID or launch template name in the request. + schema: + type: string + pattern: '[a-zA-Z0-9\(\)\.\-/_]+' + minLength: 3 + maxLength: 128 + - name: SourceVersion + in: query + required: false + description: 'The version number of the launch template version on which to base the new version. The new version inherits the same launch parameters as the source version, except for parameters that you specify in LaunchTemplateData. Snapshots applied to the block device mapping are ignored when creating a new version unless they are explicitly included.' + schema: + type: string + - name: VersionDescription + in: query + required: false + description: A description for the version of the launch template. + schema: + type: string + minLength: 0 + maxLength: 255 + - name: LaunchTemplateData + in: query + required: true + description: The information for the launch template. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LaunchTemplateIamInstanceProfileSpecificationRequest' + - description: The name or Amazon Resource Name (ARN) of an IAM instance profile. + BlockDeviceMapping: + allOf: + - $ref: '#/components/schemas/LaunchTemplateBlockDeviceMappingRequestList' + - description: The block device mapping. + NetworkInterface: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see Running Commands on Your Linux Instance at Launch (Linux) or Adding User Data (Windows).

If you are creating the launch template for use with Batch, the user data must be provided in the MIME multi-part archive format. For more information, see Amazon EC2 user data in launch templates in the Batch User Guide.

' + TagSpecification: + allOf: + - $ref: '#/components/schemas/LaunchTemplateTagSpecificationRequestList' + - description: 'The tags to apply to the resources during launch. You can only tag instances and volumes on launch. The specified tags are applied to all instances or volumes that are created during launch. To tag a resource after it has been created, see CreateTags.' + ElasticGpuSpecification: + allOf: + - $ref: '#/components/schemas/ElasticGpuSpecificationList' + - description: An elastic GPU to associate with the instance. + ElasticInferenceAccelerator: + allOf: + - $ref: '#/components/schemas/LaunchTemplateElasticInferenceAcceleratorList' + - description: ' The elastic inference accelerator for the instance. ' + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/SecurityGroupIdStringList' + - description: 'One or more security group IDs. You can create a security group using CreateSecurityGroup. You cannot specify both a security group ID and security name in the same request.' + SecurityGroup: + allOf: + - $ref: '#/components/schemas/LaunchTemplateCapacityReservationSpecificationRequest' + - description: 'The Capacity Reservation targeting option. If you do not specify this parameter, the instance''s Capacity Reservation preference defaults to open, which enables it to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).' + LicenseSpecification: + allOf: + - $ref: '#/components/schemas/LaunchTemplateInstanceMaintenanceOptionsRequest' + - description: The maintenance options for the instance. + description:

The information to include in the launch template.

You must specify at least one parameter for the launch template data.

 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateLaunchTemplateVersion + operationId: POST_CreateLaunchTemplateVersion + description: '

Creates a new version for a launch template. You can specify an existing version of launch template from which to base the new version.

Launch template versions are numbered in the order in which they are created. You cannot specify, change, or replace the numbering of launch template versions.

For more information, see Managing launch template versionsin the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateLaunchTemplateVersionResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateLaunchTemplateVersionRequest' + parameters: [] + /?Action=CreateLocalGatewayRoute&Version=2016-11-15: + get: + x-aws-operation-name: CreateLocalGatewayRoute + operationId: GET_CreateLocalGatewayRoute + description: Creates a static route for the specified local gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateLocalGatewayRouteResult' + parameters: + - name: DestinationCidrBlock + in: query + required: true + description: The CIDR range used for destination matches. Routing decisions are based on the most specific match. + schema: + type: string + - name: LocalGatewayRouteTableId + in: query + required: true + description: The ID of the local gateway route table. + schema: + type: string + - name: LocalGatewayVirtualInterfaceGroupId + in: query + required: true + description: The ID of the virtual interface group. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateLocalGatewayRoute + operationId: POST_CreateLocalGatewayRoute + description: Creates a static route for the specified local gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateLocalGatewayRouteResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateLocalGatewayRouteRequest' + parameters: [] + /?Action=CreateLocalGatewayRouteTableVpcAssociation&Version=2016-11-15: + get: + x-aws-operation-name: CreateLocalGatewayRouteTableVpcAssociation + operationId: GET_CreateLocalGatewayRouteTableVpcAssociation + description: Associates the specified VPC with the specified local gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateLocalGatewayRouteTableVpcAssociationResult' + parameters: + - name: LocalGatewayRouteTableId + in: query + required: true + description: The ID of the local gateway route table. + schema: + type: string + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to assign to the local gateway route table VPC association. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateLocalGatewayRouteTableVpcAssociation + operationId: POST_CreateLocalGatewayRouteTableVpcAssociation + description: Associates the specified VPC with the specified local gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateLocalGatewayRouteTableVpcAssociationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateLocalGatewayRouteTableVpcAssociationRequest' + parameters: [] + /?Action=CreateManagedPrefixList&Version=2016-11-15: + get: + x-aws-operation-name: CreateManagedPrefixList + operationId: GET_CreateManagedPrefixList + description: Creates a managed prefix list. You can specify one or more entries for the prefix list. Each entry consists of a CIDR block and an optional description. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateManagedPrefixListResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: PrefixListName + in: query + required: true + description: '

A name for the prefix list.

Constraints: Up to 255 characters in length. The name cannot start with com.amazonaws.

' + schema: + type: string + - name: Entry + in: query + required: false + description: One or more entries for the prefix list. + schema: + type: array + items: + $ref: '#/components/schemas/AddPrefixListEntry' + minItems: 0 + maxItems: 100 + - name: MaxEntries + in: query + required: true + description: The maximum number of entries for the prefix list. + schema: + type: integer + - name: TagSpecification + in: query + required: false + description: The tags to apply to the prefix list during creation. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: AddressFamily + in: query + required: true + description: '

The IP address type.

Valid Values: IPv4 | IPv6

' + schema: + type: string + - name: ClientToken + in: query + required: false + description: '

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

Constraints: Up to 255 UTF-8 characters in length.

' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateManagedPrefixList + operationId: POST_CreateManagedPrefixList + description: Creates a managed prefix list. You can specify one or more entries for the prefix list. Each entry consists of a CIDR block and an optional description. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateManagedPrefixListResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateManagedPrefixListRequest' + parameters: [] + /?Action=CreateNatGateway&Version=2016-11-15: + get: + x-aws-operation-name: CreateNatGateway + operationId: GET_CreateNatGateway + description: '

Creates a NAT gateway in the specified subnet. This action creates a network interface in the specified subnet with a private IP address from the IP address range of the subnet. You can create either a public NAT gateway or a private NAT gateway.

With a public NAT gateway, internet-bound traffic from a private subnet can be routed to the NAT gateway, so that instances in a private subnet can connect to the internet.

With a private NAT gateway, private communication is routed across VPCs and on-premises networks through a transit gateway or virtual private gateway. Common use cases include running large workloads behind a small pool of allowlisted IPv4 addresses, preserving private IPv4 addresses, and communicating between overlapping networks.

For more information, see NAT gateways in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNatGatewayResult' + parameters: + - name: AllocationId + in: query + required: false + description: '[Public NAT gateways only] The allocation ID of an Elastic IP address to associate with the NAT gateway. You cannot specify an Elastic IP address with a private NAT gateway. If the Elastic IP address is associated with another resource, you must first disassociate it.' + schema: + type: string + - name: ClientToken + in: query + required: false + description: '

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.

Constraint: Maximum 64 ASCII characters.

' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: SubnetId + in: query + required: true + description: The subnet in which to create the NAT gateway. + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to assign to the NAT gateway. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: ConnectivityType + in: query + required: false + description: Indicates whether the NAT gateway supports public or private connectivity. The default is public connectivity. + schema: + type: string + enum: + - private + - public + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateNatGateway + operationId: POST_CreateNatGateway + description: '

Creates a NAT gateway in the specified subnet. This action creates a network interface in the specified subnet with a private IP address from the IP address range of the subnet. You can create either a public NAT gateway or a private NAT gateway.

With a public NAT gateway, internet-bound traffic from a private subnet can be routed to the NAT gateway, so that instances in a private subnet can connect to the internet.

With a private NAT gateway, private communication is routed across VPCs and on-premises networks through a transit gateway or virtual private gateway. Common use cases include running large workloads behind a small pool of allowlisted IPv4 addresses, preserving private IPv4 addresses, and communicating between overlapping networks.

For more information, see NAT gateways in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNatGatewayResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNatGatewayRequest' + parameters: [] + /?Action=CreateNetworkAcl&Version=2016-11-15: + get: + x-aws-operation-name: CreateNetworkAcl + operationId: GET_CreateNetworkAcl + description: '

Creates a network ACL in a VPC. Network ACLs provide an optional layer of security (in addition to security groups) for the instances in your VPC.

For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkAclResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to assign to the network ACL. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateNetworkAcl + operationId: POST_CreateNetworkAcl + description: '

Creates a network ACL in a VPC. Network ACLs provide an optional layer of security (in addition to security groups) for the instances in your VPC.

For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkAclResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkAclRequest' + parameters: [] + /?Action=CreateNetworkAclEntry&Version=2016-11-15: + get: + x-aws-operation-name: CreateNetworkAclEntry + operationId: GET_CreateNetworkAclEntry + description: '

Creates an entry (a rule) in a network ACL with the specified rule number. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the ACL, we process the entries in the ACL according to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and a separate set of egress rules.

We recommend that you leave room between the rule numbers (for example, 100, 110, 120, ...), and not number them one right after the other (for example, 101, 102, 103, ...). This makes it easier to add a rule between existing ones without having to renumber the rules.

After you add an entry, you can''t modify it; you must either replace it, or create an entry and delete the old one.

For more information about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + parameters: + - name: CidrBlock + in: query + required: false + description: 'The IPv4 network range to allow or deny, in CIDR notation (for example 172.16.0.0/24). We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Egress + in: query + required: true + description: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). + schema: + type: boolean + - name: Icmp + in: query + required: false + description: 'ICMP protocol: The ICMP or ICMPv6 type and code. Required if specifying protocol 1 (ICMP) or protocol 58 (ICMPv6) with an IPv6 CIDR block.' + schema: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The ICMP code. A value of -1 means all codes for the specified ICMP type. + type: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The ICMP type. A value of -1 means all types. + description: Describes the ICMP type and code. + - name: Ipv6CidrBlock + in: query + required: false + description: 'The IPv6 network range to allow or deny, in CIDR notation (for example 2001:db8:1234:1a00::/64).' + schema: + type: string + - name: NetworkAclId + in: query + required: true + description: The ID of the network ACL. + schema: + type: string + - name: PortRange + in: query + required: false + description: 'TCP or UDP protocols: The range of ports the rule applies to. Required if specifying protocol 6 (TCP) or 17 (UDP).' + schema: + type: object + properties: + from: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The first port in the range. + to: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The last port in the range. + description: Describes a range of ports. + - name: Protocol + in: query + required: true + description: 'The protocol number. A value of "-1" means all protocols. If you specify "-1" or a protocol number other than "6" (TCP), "17" (UDP), or "1" (ICMP), traffic on all ports is allowed, regardless of any ports or ICMP types or codes that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv4 CIDR block, traffic for all ICMP types and codes allowed, regardless of any that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv6 CIDR block, you must specify an ICMP type and code.' + schema: + type: string + - name: RuleAction + in: query + required: true + description: Indicates whether to allow or deny the traffic that matches the rule. + schema: + type: string + enum: + - allow + - deny + - name: RuleNumber + in: query + required: true + description: '

The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.

Constraints: Positive integer from 1 to 32766. The range 32767 to 65535 is reserved for internal use.

' + schema: + type: integer + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateNetworkAclEntry + operationId: POST_CreateNetworkAclEntry + description: '

Creates an entry (a rule) in a network ACL with the specified rule number. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the ACL, we process the entries in the ACL according to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and a separate set of egress rules.

We recommend that you leave room between the rule numbers (for example, 100, 110, 120, ...), and not number them one right after the other (for example, 101, 102, 103, ...). This makes it easier to add a rule between existing ones without having to renumber the rules.

After you add an entry, you can''t modify it; you must either replace it, or create an entry and delete the old one.

For more information about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkAclEntryRequest' + parameters: [] + /?Action=CreateNetworkInsightsAccessScope&Version=2016-11-15: + get: + x-aws-operation-name: CreateNetworkInsightsAccessScope + operationId: GET_CreateNetworkInsightsAccessScope + description: '

Creates a Network Access Scope.

Amazon Web Services Network Access Analyzer enables cloud networking and cloud operations teams to verify that their networks on Amazon Web Services conform to their network security and governance objectives. For more information, see the Amazon Web Services Network Access Analyzer Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkInsightsAccessScopeResult' + parameters: + - name: MatchPath + in: query + required: false + description: The paths to match. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/AccessScopePathRequest' + - xml: + name: item + - name: ExcludePath + in: query + required: false + description: The paths to exclude. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/AccessScopePathRequest' + - xml: + name: item + - name: ClientToken + in: query + required: true + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to apply. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateNetworkInsightsAccessScope + operationId: POST_CreateNetworkInsightsAccessScope + description: '

Creates a Network Access Scope.

Amazon Web Services Network Access Analyzer enables cloud networking and cloud operations teams to verify that their networks on Amazon Web Services conform to their network security and governance objectives. For more information, see the Amazon Web Services Network Access Analyzer Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkInsightsAccessScopeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkInsightsAccessScopeRequest' + parameters: [] + /?Action=CreateNetworkInsightsPath&Version=2016-11-15: + get: + x-aws-operation-name: CreateNetworkInsightsPath + operationId: GET_CreateNetworkInsightsPath + description: '

Creates a path to analyze for reachability.

Reachability Analyzer enables you to analyze and debug network reachability between two resources in your virtual private cloud (VPC). For more information, see What is Reachability Analyzer.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkInsightsPathResult' + parameters: + - name: SourceIp + in: query + required: false + description: The IP address of the Amazon Web Services resource that is the source of the path. + schema: + type: string + pattern: '^([0-9]{1,3}.){3}[0-9]{1,3}$' + minLength: 0 + maxLength: 15 + - name: DestinationIp + in: query + required: false + description: The IP address of the Amazon Web Services resource that is the destination of the path. + schema: + type: string + pattern: '^([0-9]{1,3}.){3}[0-9]{1,3}$' + minLength: 0 + maxLength: 15 + - name: Source + in: query + required: true + description: The Amazon Web Services resource that is the source of the path. + schema: + type: string + - name: Destination + in: query + required: true + description: The Amazon Web Services resource that is the destination of the path. + schema: + type: string + - name: Protocol + in: query + required: true + description: The protocol. + schema: + type: string + enum: + - tcp + - udp + - name: DestinationPort + in: query + required: false + description: The destination port. + schema: + type: integer + minimum: 1 + maximum: 65535 + - name: TagSpecification + in: query + required: false + description: The tags to add to the path. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ClientToken + in: query + required: true + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateNetworkInsightsPath + operationId: POST_CreateNetworkInsightsPath + description: '

Creates a path to analyze for reachability.

Reachability Analyzer enables you to analyze and debug network reachability between two resources in your virtual private cloud (VPC). For more information, see What is Reachability Analyzer.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkInsightsPathResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkInsightsPathRequest' + parameters: [] + /?Action=CreateNetworkInterface&Version=2016-11-15: + get: + x-aws-operation-name: CreateNetworkInterface + operationId: GET_CreateNetworkInterface + description: '

Creates a network interface in the specified subnet.

For more information about network interfaces, see Elastic Network Interfaces in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkInterfaceResult' + parameters: + - name: Description + in: query + required: false + description: A description for the network interface. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: SecurityGroupId + in: query + required: false + description: The IDs of one or more security groups. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: SecurityGroupId + - name: Ipv6AddressCount + in: query + required: false + description: 'The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. You can''t use this option if specifying specific IPv6 addresses. If your subnet has the AssignIpv6AddressOnCreation attribute set to true, you can specify 0 to override this setting.' + schema: + type: integer + - name: Ipv6Addresses + in: query + required: false + description: One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. You can't use this option if you're specifying a number of IPv6 addresses. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceIpv6Address' + - xml: + name: item + - name: PrivateIpAddress + in: query + required: false + description: 'The primary private IPv4 address of the network interface. If you don''t specify an IPv4 address, Amazon EC2 selects one for you from the subnet''s IPv4 CIDR range. If you specify an IP address, you cannot indicate any IP addresses specified in privateIpAddresses as primary (only one IP address can be designated as primary).' + schema: + type: string + - name: PrivateIpAddresses + in: query + required: false + description: One or more private IPv4 addresses. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/PrivateIpAddressSpecification' + - xml: + name: item + - name: SecondaryPrivateIpAddressCount + in: query + required: false + description: '

The number of secondary private IPv4 addresses to assign to a network interface. When you specify a number of secondary IPv4 addresses, Amazon EC2 selects these IP addresses within the subnet''s IPv4 CIDR range. You can''t specify this option and specify more than one private IP address using privateIpAddresses.

The number of IP addresses you can assign to a network interface varies by instance type. For more information, see IP Addresses Per ENI Per Instance Type in the Amazon Virtual Private Cloud User Guide.

' + schema: + type: integer + - name: Ipv4Prefix + in: query + required: false + description: One or more IPv4 prefixes assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv4PrefixSpecificationRequest' + - xml: + name: item + - name: Ipv4PrefixCount + in: query + required: false + description: The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option. + schema: + type: integer + - name: Ipv6Prefix + in: query + required: false + description: One or more IPv6 prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv6PrefixSpecificationRequest' + - xml: + name: item + - name: Ipv6PrefixCount + in: query + required: false + description: The number of IPv6 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv6Prefixes option. + schema: + type: integer + - name: InterfaceType + in: query + required: false + description:

The type of network interface. The default is interface.

The only supported values are efa and trunk.

+ schema: + type: string + enum: + - efa + - branch + - trunk + - name: SubnetId + in: query + required: true + description: The ID of the subnet to associate with the network interface. + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to apply to the new network interface. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateNetworkInterface + operationId: POST_CreateNetworkInterface + description: '

Creates a network interface in the specified subnet.

For more information about network interfaces, see Elastic Network Interfaces in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkInterfaceResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkInterfaceRequest' + parameters: [] + /?Action=CreateNetworkInterfacePermission&Version=2016-11-15: + get: + x-aws-operation-name: CreateNetworkInterfacePermission + operationId: GET_CreateNetworkInterfacePermission + description: '

Grants an Amazon Web Services-authorized account permission to attach the specified network interface to an instance in their account.

You can grant permission to a single Amazon Web Services account only, and only one account at a time.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkInterfacePermissionResult' + parameters: + - name: NetworkInterfaceId + in: query + required: true + description: The ID of the network interface. + schema: + type: string + - name: AwsAccountId + in: query + required: false + description: The Amazon Web Services account ID. + schema: + type: string + - name: AwsService + in: query + required: false + description: The Amazon Web Service. Currently not supported. + schema: + type: string + - name: Permission + in: query + required: true + description: The type of permission to grant. + schema: + type: string + enum: + - INSTANCE-ATTACH + - EIP-ASSOCIATE + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateNetworkInterfacePermission + operationId: POST_CreateNetworkInterfacePermission + description: '

Grants an Amazon Web Services-authorized account permission to attach the specified network interface to an instance in their account.

You can grant permission to a single Amazon Web Services account only, and only one account at a time.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkInterfacePermissionResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateNetworkInterfacePermissionRequest' + parameters: [] + /?Action=CreatePlacementGroup&Version=2016-11-15: + get: + x-aws-operation-name: CreatePlacementGroup + operationId: GET_CreatePlacementGroup + description: '

Creates a placement group in which to launch instances. The strategy of the placement group determines how the instances are organized within the group.

A cluster placement group is a logical grouping of instances within a single Availability Zone that benefit from low network latency, high network throughput. A spread placement group places instances on distinct hardware. A partition placement group places groups of instances in different partitions, where instances in one partition do not share the same hardware with instances in another partition.

For more information, see Placement groups in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreatePlacementGroupResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: GroupName + in: query + required: false + description: '

A name for the placement group. Must be unique within the scope of your account for the Region.

Constraints: Up to 255 ASCII characters

' + schema: + type: string + - name: Strategy + in: query + required: false + description: The placement strategy. + schema: + type: string + enum: + - cluster + - spread + - partition + - name: PartitionCount + in: query + required: false + description: The number of partitions. Valid only when Strategy is set to partition. + schema: + type: integer + - name: TagSpecification + in: query + required: false + description: The tags to apply to the new placement group. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreatePlacementGroup + operationId: POST_CreatePlacementGroup + description: '

Creates a placement group in which to launch instances. The strategy of the placement group determines how the instances are organized within the group.

A cluster placement group is a logical grouping of instances within a single Availability Zone that benefit from low network latency, high network throughput. A spread placement group places instances on distinct hardware. A partition placement group places groups of instances in different partitions, where instances in one partition do not share the same hardware with instances in another partition.

For more information, see Placement groups in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreatePlacementGroupResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreatePlacementGroupRequest' + parameters: [] + /?Action=CreatePublicIpv4Pool&Version=2016-11-15: + get: + x-aws-operation-name: CreatePublicIpv4Pool + operationId: GET_CreatePublicIpv4Pool + description: 'Creates a public IPv4 address pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only. To monitor the status of pool creation, use DescribePublicIpv4Pools.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreatePublicIpv4PoolResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: TagSpecification + in: query + required: false + description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreatePublicIpv4Pool + operationId: POST_CreatePublicIpv4Pool + description: 'Creates a public IPv4 address pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only. To monitor the status of pool creation, use DescribePublicIpv4Pools.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreatePublicIpv4PoolResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreatePublicIpv4PoolRequest' + parameters: [] + /?Action=CreateReplaceRootVolumeTask&Version=2016-11-15: + get: + x-aws-operation-name: CreateReplaceRootVolumeTask + operationId: GET_CreateReplaceRootVolumeTask + description: '

Creates a root volume replacement task for an Amazon EC2 instance. The root volume can either be restored to its initial launch state, or it can be restored using a specific snapshot.

For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateReplaceRootVolumeTaskResult' + parameters: + - name: InstanceId + in: query + required: true + description: The ID of the instance for which to replace the root volume. + schema: + type: string + - name: SnapshotId + in: query + required: false + description: 'The ID of the snapshot from which to restore the replacement root volume. If you want to restore the volume to the initial launch state, omit this parameter.' + schema: + type: string + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier you provide to ensure the idempotency of the request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency. For more information, see Ensuring idempotency.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: TagSpecification + in: query + required: false + description: The tags to apply to the root volume replacement task. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateReplaceRootVolumeTask + operationId: POST_CreateReplaceRootVolumeTask + description: '

Creates a root volume replacement task for an Amazon EC2 instance. The root volume can either be restored to its initial launch state, or it can be restored using a specific snapshot.

For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateReplaceRootVolumeTaskResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateReplaceRootVolumeTaskRequest' + parameters: [] + /?Action=CreateReservedInstancesListing&Version=2016-11-15: + get: + x-aws-operation-name: CreateReservedInstancesListing + operationId: GET_CreateReservedInstancesListing + description: '

Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the Reserved Instance Marketplace. You can submit one Standard Reserved Instance listing at a time. To get a list of your Standard Reserved Instances, you can use the DescribeReservedInstances operation.

Only Standard Reserved Instances can be sold in the Reserved Instance Marketplace. Convertible Reserved Instances cannot be sold.

The Reserved Instance Marketplace matches sellers who want to resell Standard Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.

To sell your Standard Reserved Instances, you must first register as a seller in the Reserved Instance Marketplace. After completing the registration process, you can create a Reserved Instance Marketplace listing of some or all of your Standard Reserved Instances, and specify the upfront price to receive for them. Your Standard Reserved Instance listings then become available for purchase. To view the details of your Standard Reserved Instance listing, you can use the DescribeReservedInstancesListings operation.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateReservedInstancesListingResult' + parameters: + - name: ClientToken + in: query + required: true + description: 'Unique, case-sensitive identifier you provide to ensure idempotency of your listings. This helps avoid duplicate listings. For more information, see Ensuring Idempotency.' + schema: + type: string + - name: InstanceCount + in: query + required: true + description: The number of instances that are a part of a Reserved Instance account to be listed in the Reserved Instance Marketplace. This number should be less than or equal to the instance count associated with the Reserved Instance ID specified in this call. + schema: + type: integer + - name: PriceSchedules + in: query + required: true + description: A list specifying the price of the Standard Reserved Instance for each month remaining in the Reserved Instance term. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/PriceScheduleSpecification' + - xml: + name: item + - name: ReservedInstancesId + in: query + required: true + description: The ID of the active Standard Reserved Instance. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateReservedInstancesListing + operationId: POST_CreateReservedInstancesListing + description: '

Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the Reserved Instance Marketplace. You can submit one Standard Reserved Instance listing at a time. To get a list of your Standard Reserved Instances, you can use the DescribeReservedInstances operation.

Only Standard Reserved Instances can be sold in the Reserved Instance Marketplace. Convertible Reserved Instances cannot be sold.

The Reserved Instance Marketplace matches sellers who want to resell Standard Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.

To sell your Standard Reserved Instances, you must first register as a seller in the Reserved Instance Marketplace. After completing the registration process, you can create a Reserved Instance Marketplace listing of some or all of your Standard Reserved Instances, and specify the upfront price to receive for them. Your Standard Reserved Instance listings then become available for purchase. To view the details of your Standard Reserved Instance listing, you can use the DescribeReservedInstancesListings operation.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateReservedInstancesListingResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateReservedInstancesListingRequest' + parameters: [] + /?Action=CreateRestoreImageTask&Version=2016-11-15: + get: + x-aws-operation-name: CreateRestoreImageTask + operationId: GET_CreateRestoreImageTask + description: '

Starts a task that restores an AMI from an Amazon S3 object that was previously created by using CreateStoreImageTask.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateRestoreImageTaskResult' + parameters: + - name: Bucket + in: query + required: true + description: The name of the Amazon S3 bucket that contains the stored AMI object. + schema: + type: string + - name: ObjectKey + in: query + required: true + description: The name of the stored AMI object in the bucket. + schema: + type: string + - name: Name + in: query + required: false + description: 'The name for the restored AMI. The name must be unique for AMIs in the Region for this account. If you do not provide a name, the new AMI gets the same name as the original AMI.' + schema: + type: string + - name: TagSpecification + in: query + required: false + description: '

The tags to apply to the AMI and snapshots on restoration. You can tag the AMI, the snapshots, or both.

  • To tag the AMI, the value for ResourceType must be image.

  • To tag the snapshots, the value for ResourceType must be snapshot. The same tag is applied to all of the snapshots that are created.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateRestoreImageTask + operationId: POST_CreateRestoreImageTask + description: '

Starts a task that restores an AMI from an Amazon S3 object that was previously created by using CreateStoreImageTask.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateRestoreImageTaskResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateRestoreImageTaskRequest' + parameters: [] + /?Action=CreateRoute&Version=2016-11-15: + get: + x-aws-operation-name: CreateRoute + operationId: GET_CreateRoute + description: '

Creates a route in a route table within a VPC.

You must specify one of the following targets: internet gateway or virtual private gateway, NAT instance, NAT gateway, VPC peering connection, network interface, egress-only internet gateway, or transit gateway.

When determining how to route traffic, we use the route with the most specific match. For example, traffic is destined for the IPv4 address 192.0.2.3, and the route table includes the following two IPv4 routes:

  • 192.0.2.0/24 (goes to some target A)

  • 192.0.2.0/28 (goes to some target B)

Both routes apply to the traffic destined for 192.0.2.3. However, the second route in the list covers a smaller number of IP addresses and is therefore more specific, so we use that route to determine where to target the traffic.

For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateRouteResult' + parameters: + - name: DestinationCidrBlock + in: query + required: false + description: 'The IPv4 CIDR address block used for the destination match. Routing decisions are based on the most specific match. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.' + schema: + type: string + - name: DestinationIpv6CidrBlock + in: query + required: false + description: The IPv6 CIDR block used for the destination match. Routing decisions are based on the most specific match. + schema: + type: string + - name: DestinationPrefixListId + in: query + required: false + description: The ID of a prefix list used for the destination match. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcEndpointId + in: query + required: false + description: The ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only. + schema: + type: string + - name: EgressOnlyInternetGatewayId + in: query + required: false + description: '[IPv6 traffic only] The ID of an egress-only internet gateway.' + schema: + type: string + - name: GatewayId + in: query + required: false + description: The ID of an internet gateway or virtual private gateway attached to your VPC. + schema: + type: string + - name: InstanceId + in: query + required: false + description: The ID of a NAT instance in your VPC. The operation fails if you specify an instance ID unless exactly one network interface is attached. + schema: + type: string + - name: NatGatewayId + in: query + required: false + description: '[IPv4 traffic only] The ID of a NAT gateway.' + schema: + type: string + - name: TransitGatewayId + in: query + required: false + description: The ID of a transit gateway. + schema: + type: string + - name: LocalGatewayId + in: query + required: false + description: The ID of the local gateway. + schema: + type: string + - name: CarrierGatewayId + in: query + required: false + description:

The ID of the carrier gateway.

You can only use this option when the VPC contains a subnet which is associated with a Wavelength Zone.

+ schema: + type: string + - name: NetworkInterfaceId + in: query + required: false + description: The ID of a network interface. + schema: + type: string + - name: RouteTableId + in: query + required: true + description: The ID of the route table for the route. + schema: + type: string + - name: VpcPeeringConnectionId + in: query + required: false + description: The ID of a VPC peering connection. + schema: + type: string + - name: CoreNetworkArn + in: query + required: false + description: The Amazon Resource Name (ARN) of the core network. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateRoute + operationId: POST_CreateRoute + description: '

Creates a route in a route table within a VPC.

You must specify one of the following targets: internet gateway or virtual private gateway, NAT instance, NAT gateway, VPC peering connection, network interface, egress-only internet gateway, or transit gateway.

When determining how to route traffic, we use the route with the most specific match. For example, traffic is destined for the IPv4 address 192.0.2.3, and the route table includes the following two IPv4 routes:

  • 192.0.2.0/24 (goes to some target A)

  • 192.0.2.0/28 (goes to some target B)

Both routes apply to the traffic destined for 192.0.2.3. However, the second route in the list covers a smaller number of IP addresses and is therefore more specific, so we use that route to determine where to target the traffic.

For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateRouteResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateRouteRequest' + parameters: [] + /?Action=CreateRouteTable&Version=2016-11-15: + get: + x-aws-operation-name: CreateRouteTable + operationId: GET_CreateRouteTable + description: '

Creates a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateRouteTableResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to assign to the route table. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateRouteTable + operationId: POST_CreateRouteTable + description: '

Creates a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateRouteTableResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateRouteTableRequest' + parameters: [] + /?Action=CreateSecurityGroup&Version=2016-11-15: + get: + x-aws-operation-name: CreateSecurityGroup + operationId: GET_CreateSecurityGroup + description: '

Creates a security group.

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For more information, see Amazon EC2 security groups in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC in the Amazon Virtual Private Cloud User Guide.

When you create a security group, you specify a friendly name of your choice. You can have a security group for use in EC2-Classic with the same name as a security group for use in a VPC. However, you can''t have two security groups for use in EC2-Classic with the same name or two security groups for use in a VPC with the same name.

You have a default security group for use in EC2-Classic and a default security group for use in your VPC. If you don''t specify a security group when you launch an instance, the instance is launched into the appropriate default security group. A default security group includes a default rule that grants instances unrestricted network access to each other.

You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress, AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and RevokeSecurityGroupEgress.

For more information about VPC security group limits, see Amazon VPC Limits.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSecurityGroupResult' + parameters: + - name: GroupDescription + in: query + required: true + description: '

A description for the security group. This is informational only.

Constraints: Up to 255 characters in length

Constraints for EC2-Classic: ASCII characters

Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

' + schema: + type: string + - name: GroupName + in: query + required: true + description: '

The name of the security group.

Constraints: Up to 255 characters in length. Cannot start with sg-.

Constraints for EC2-Classic: ASCII characters

Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

' + schema: + type: string + - name: VpcId + in: query + required: false + description: '[EC2-VPC] The ID of the VPC. Required for EC2-VPC.' + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to assign to the security group. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateSecurityGroup + operationId: POST_CreateSecurityGroup + description: '

Creates a security group.

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For more information, see Amazon EC2 security groups in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC in the Amazon Virtual Private Cloud User Guide.

When you create a security group, you specify a friendly name of your choice. You can have a security group for use in EC2-Classic with the same name as a security group for use in a VPC. However, you can''t have two security groups for use in EC2-Classic with the same name or two security groups for use in a VPC with the same name.

You have a default security group for use in EC2-Classic and a default security group for use in your VPC. If you don''t specify a security group when you launch an instance, the instance is launched into the appropriate default security group. A default security group includes a default rule that grants instances unrestricted network access to each other.

You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress, AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and RevokeSecurityGroupEgress.

For more information about VPC security group limits, see Amazon VPC Limits.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSecurityGroupResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSecurityGroupRequest' + parameters: [] + /?Action=CreateSnapshot&Version=2016-11-15: + get: + x-aws-operation-name: CreateSnapshot + operationId: GET_CreateSnapshot + description: '

Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for backups, to make copies of EBS volumes, and to save data before shutting down an instance.

You can create snapshots of volumes in a Region and volumes on an Outpost. If you create a snapshot of a volume in a Region, the snapshot must be stored in the same Region as the volume. If you create a snapshot of a volume on an Outpost, the snapshot can be stored on the same Outpost as the volume, or in the Region for that Outpost.

When a snapshot is created, any Amazon Web Services Marketplace product codes that are associated with the source volume are propagated to the snapshot.

You can take a snapshot of an attached volume that is in use. However, snapshots only capture data that has been written to your Amazon EBS volume at the time the snapshot command is issued; this might exclude any data that has been cached by any applications or the operating system. If you can pause any file systems on the volume long enough to take a snapshot, your snapshot should be complete. However, if you cannot pause all file writes to the volume, you should unmount the volume from within the instance, issue the snapshot command, and then remount the volume to ensure a consistent and complete snapshot. You may remount and use your volume while the snapshot status is pending.

To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot.

Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically encrypted. Your encrypted volumes and any associated snapshots always remain protected.

You can tag your snapshots during creation. For more information, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.

For more information, see Amazon Elastic Block Store and Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/Snapshot' + parameters: + - name: Description + in: query + required: false + description: A description for the snapshot. + schema: + type: string + - name: OutpostArn + in: query + required: false + description: '

The Amazon Resource Name (ARN) of the Outpost on which to create a local snapshot.

  • To create a snapshot of a volume in a Region, omit this parameter. The snapshot is created in the same Region as the volume.

  • To create a snapshot of a volume on an Outpost and store the snapshot in the Region, omit this parameter. The snapshot is created in the Region for the Outpost.

  • To create a snapshot of a volume on an Outpost and store the snapshot on an Outpost, specify the ARN of the destination Outpost. The snapshot must be created on the same Outpost as the volume.

For more information, see Create local snapshots from volumes on an Outpost in the Amazon Elastic Compute Cloud User Guide.

' + schema: + type: string + - name: VolumeId + in: query + required: true + description: The ID of the Amazon EBS volume. + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to apply to the snapshot during creation. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateSnapshot + operationId: POST_CreateSnapshot + description: '

Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for backups, to make copies of EBS volumes, and to save data before shutting down an instance.

You can create snapshots of volumes in a Region and volumes on an Outpost. If you create a snapshot of a volume in a Region, the snapshot must be stored in the same Region as the volume. If you create a snapshot of a volume on an Outpost, the snapshot can be stored on the same Outpost as the volume, or in the Region for that Outpost.

When a snapshot is created, any Amazon Web Services Marketplace product codes that are associated with the source volume are propagated to the snapshot.

You can take a snapshot of an attached volume that is in use. However, snapshots only capture data that has been written to your Amazon EBS volume at the time the snapshot command is issued; this might exclude any data that has been cached by any applications or the operating system. If you can pause any file systems on the volume long enough to take a snapshot, your snapshot should be complete. However, if you cannot pause all file writes to the volume, you should unmount the volume from within the instance, issue the snapshot command, and then remount the volume to ensure a consistent and complete snapshot. You may remount and use your volume while the snapshot status is pending.

To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot.

Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically encrypted. Your encrypted volumes and any associated snapshots always remain protected.

You can tag your snapshots during creation. For more information, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.

For more information, see Amazon Elastic Block Store and Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/Snapshot' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSnapshotRequest' + parameters: [] + /?Action=CreateSnapshots&Version=2016-11-15: + get: + x-aws-operation-name: CreateSnapshots + operationId: GET_CreateSnapshots + description: '

Creates crash-consistent snapshots of multiple EBS volumes and stores the data in S3. Volumes are chosen by specifying an instance. Any attached volumes will produce one snapshot each that is crash-consistent across the instance. Boot volumes can be excluded by changing the parameters.

You can create multi-volume snapshots of instances in a Region and instances on an Outpost. If you create snapshots from an instance in a Region, the snapshots must be stored in the same Region as the instance. If you create snapshots from an instance on an Outpost, the snapshots can be stored on the same Outpost as the instance, or in the Region for that Outpost.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSnapshotsResult' + parameters: + - name: Description + in: query + required: false + description: ' A description propagated to every snapshot specified by the instance.' + schema: + type: string + - name: InstanceSpecification + in: query + required: true + description: The instance to specify which volumes should be included in the snapshots. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Excludes the root volume from being snapshotted. + description: The instance details to specify which volumes should be snapshotted. + - name: OutpostArn + in: query + required: false + description: '

The Amazon Resource Name (ARN) of the Outpost on which to create the local snapshots.

  • To create snapshots from an instance in a Region, omit this parameter. The snapshots are created in the same Region as the instance.

  • To create snapshots from an instance on an Outpost and store the snapshots in the Region, omit this parameter. The snapshots are created in the Region for the Outpost.

  • To create snapshots from an instance on an Outpost and store the snapshots on an Outpost, specify the ARN of the destination Outpost. The snapshots must be created on the same Outpost as the instance.

For more information, see Create multi-volume local snapshots from instances on an Outpost in the Amazon Elastic Compute Cloud User Guide.

' + schema: + type: string + - name: TagSpecification + in: query + required: false + description: Tags to apply to every snapshot specified by the instance. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: CopyTagsFromSource + in: query + required: false + description: Copies the tags from the specified volume to corresponding snapshot. + schema: + type: string + enum: + - volume + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateSnapshots + operationId: POST_CreateSnapshots + description: '

Creates crash-consistent snapshots of multiple EBS volumes and stores the data in S3. Volumes are chosen by specifying an instance. Any attached volumes will produce one snapshot each that is crash-consistent across the instance. Boot volumes can be excluded by changing the parameters.

You can create multi-volume snapshots of instances in a Region and instances on an Outpost. If you create snapshots from an instance in a Region, the snapshots must be stored in the same Region as the instance. If you create snapshots from an instance on an Outpost, the snapshots can be stored on the same Outpost as the instance, or in the Region for that Outpost.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSnapshotsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSnapshotsRequest' + parameters: [] + /?Action=CreateSpotDatafeedSubscription&Version=2016-11-15: + get: + x-aws-operation-name: CreateSpotDatafeedSubscription + operationId: GET_CreateSpotDatafeedSubscription + description: 'Creates a data feed for Spot Instances, enabling you to view Spot Instance usage logs. You can create one data feed per Amazon Web Services account. For more information, see Spot Instance data feed in the Amazon EC2 User Guide for Linux Instances.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSpotDatafeedSubscriptionResult' + parameters: + - name: Bucket + in: query + required: true + description: 'The name of the Amazon S3 bucket in which to store the Spot Instance data feed. For more information about bucket names, see Rules for bucket naming in the Amazon S3 Developer Guide.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Prefix + in: query + required: false + description: The prefix for the data feed file names. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateSpotDatafeedSubscription + operationId: POST_CreateSpotDatafeedSubscription + description: 'Creates a data feed for Spot Instances, enabling you to view Spot Instance usage logs. You can create one data feed per Amazon Web Services account. For more information, see Spot Instance data feed in the Amazon EC2 User Guide for Linux Instances.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSpotDatafeedSubscriptionResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSpotDatafeedSubscriptionRequest' + parameters: [] + /?Action=CreateStoreImageTask&Version=2016-11-15: + get: + x-aws-operation-name: CreateStoreImageTask + operationId: GET_CreateStoreImageTask + description: '

Stores an AMI as a single object in an Amazon S3 bucket.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateStoreImageTaskResult' + parameters: + - name: ImageId + in: query + required: true + description: The ID of the AMI. + schema: + type: string + - name: Bucket + in: query + required: true + description: 'The name of the Amazon S3 bucket in which the AMI object will be stored. The bucket must be in the Region in which the request is being made. The AMI object appears in the bucket only after the upload task has completed. ' + schema: + type: string + - name: S3ObjectTag + in: query + required: false + description: 'The tags to apply to the AMI object that will be stored in the Amazon S3 bucket. ' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/S3ObjectTag' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateStoreImageTask + operationId: POST_CreateStoreImageTask + description: '

Stores an AMI as a single object in an Amazon S3 bucket.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateStoreImageTaskResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateStoreImageTaskRequest' + parameters: [] + /?Action=CreateSubnet&Version=2016-11-15: + get: + x-aws-operation-name: CreateSubnet + operationId: GET_CreateSubnet + description: '

Creates a subnet in a specified VPC.

You must specify an IPv4 CIDR block for the subnet. After you create a subnet, you can''t change its CIDR block. The allowed block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP addresses). The CIDR block must not overlap with the CIDR block of an existing subnet in the VPC.

If you''ve associated an IPv6 CIDR block with your VPC, you can create a subnet with an IPv6 CIDR block that uses a /64 prefix length.

Amazon Web Services reserves both the first four and the last IPv4 address in each subnet''s CIDR block. They''re not available for use.

If you add more than one subnet to a VPC, they''re set up in a star topology with a logical router in the middle.

When you stop an instance in a subnet, it retains its private IPv4 address. It''s therefore possible to have a subnet with no running instances (they''re all stopped), but no remaining IP addresses available.

For more information about subnets, see Your VPC and subnets in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSubnetResult' + parameters: + - name: TagSpecification + in: query + required: false + description: The tags to assign to the subnet. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: AvailabilityZone + in: query + required: false + description: '

The Availability Zone or Local Zone for the subnet.

Default: Amazon Web Services selects one for you. If you create more than one subnet in your VPC, we do not necessarily select a different zone for each subnet.

To create a subnet in a Local Zone, set this value to the Local Zone ID, for example us-west-2-lax-1a. For information about the Regions that support Local Zones, see Available Regions in the Amazon Elastic Compute Cloud User Guide.

To create a subnet in an Outpost, set this value to the Availability Zone for the Outpost and specify the Outpost ARN.

' + schema: + type: string + - name: AvailabilityZoneId + in: query + required: false + description: The AZ ID or the Local Zone ID of the subnet. + schema: + type: string + - name: CidrBlock + in: query + required: false + description: '

The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.

This parameter is not supported for an IPv6 only subnet.

' + schema: + type: string + - name: Ipv6CidrBlock + in: query + required: false + description: '

The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.

This parameter is required for an IPv6 only subnet.

' + schema: + type: string + - name: OutpostArn + in: query + required: false + description: 'The Amazon Resource Name (ARN) of the Outpost. If you specify an Outpost ARN, you must also specify the Availability Zone of the Outpost subnet.' + schema: + type: string + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Ipv6Native + in: query + required: false + description: Indicates whether to create an IPv6 only subnet. + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateSubnet + operationId: POST_CreateSubnet + description: '

Creates a subnet in a specified VPC.

You must specify an IPv4 CIDR block for the subnet. After you create a subnet, you can''t change its CIDR block. The allowed block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP addresses). The CIDR block must not overlap with the CIDR block of an existing subnet in the VPC.

If you''ve associated an IPv6 CIDR block with your VPC, you can create a subnet with an IPv6 CIDR block that uses a /64 prefix length.

Amazon Web Services reserves both the first four and the last IPv4 address in each subnet''s CIDR block. They''re not available for use.

If you add more than one subnet to a VPC, they''re set up in a star topology with a logical router in the middle.

When you stop an instance in a subnet, it retains its private IPv4 address. It''s therefore possible to have a subnet with no running instances (they''re all stopped), but no remaining IP addresses available.

For more information about subnets, see Your VPC and subnets in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSubnetResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSubnetRequest' + parameters: [] + /?Action=CreateSubnetCidrReservation&Version=2016-11-15: + get: + x-aws-operation-name: CreateSubnetCidrReservation + operationId: GET_CreateSubnetCidrReservation + description: 'Creates a subnet CIDR reservation. For information about subnet CIDR reservations, see Subnet CIDR reservations in the Amazon Virtual Private Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSubnetCidrReservationResult' + parameters: + - name: SubnetId + in: query + required: true + description: The ID of the subnet. + schema: + type: string + - name: Cidr + in: query + required: true + description: The IPv4 or IPV6 CIDR range to reserve. + schema: + type: string + - name: ReservationType + in: query + required: true + description: '

The type of reservation.

The following are valid values:

  • prefix: The Amazon EC2 Prefix Delegation feature assigns the IP addresses to network interfaces that are associated with an instance. For information about Prefix Delegation, see Prefix Delegation for Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.

  • explicit: You manually assign the IP addresses to resources that reside in your subnet.

' + schema: + type: string + enum: + - prefix + - explicit + - name: Description + in: query + required: false + description: The description to assign to the subnet CIDR reservation. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: TagSpecification + in: query + required: false + description: The tags to assign to the subnet CIDR reservation. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateSubnetCidrReservation + operationId: POST_CreateSubnetCidrReservation + description: 'Creates a subnet CIDR reservation. For information about subnet CIDR reservations, see Subnet CIDR reservations in the Amazon Virtual Private Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSubnetCidrReservationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSubnetCidrReservationRequest' + parameters: [] + /?Action=CreateTags&Version=2016-11-15: + get: + x-aws-operation-name: CreateTags + operationId: GET_CreateTags + description: '

Adds or overwrites only the specified tags for the specified Amazon EC2 resource or resources. When you specify an existing tag key, the value is overwritten with the new value. Each resource can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique per resource.

For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide. For more information about creating IAM policies that control users'' access to resources based on tags, see Supported Resource-Level Permissions for Amazon EC2 API Actions in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ResourceId + in: query + required: true + description: '

The IDs of the resources, separated by spaces.

Constraints: Up to 1000 resource IDs. We recommend breaking up this request into smaller batches.

' + schema: + type: array + items: + $ref: '#/components/schemas/TaggableResourceId' + - name: Tag + in: query + required: true + description: 'The tags. The value parameter is required, but if you don''t want the tag to have a value, specify the parameter with no value, and we set the value to an empty string.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateTags + operationId: POST_CreateTags + description: '

Adds or overwrites only the specified tags for the specified Amazon EC2 resource or resources. When you specify an existing tag key, the value is overwritten with the new value. Each resource can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique per resource.

For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide. For more information about creating IAM policies that control users'' access to resources based on tags, see Supported Resource-Level Permissions for Amazon EC2 API Actions in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTagsRequest' + parameters: [] + /?Action=CreateTrafficMirrorFilter&Version=2016-11-15: + get: + x-aws-operation-name: CreateTrafficMirrorFilter + operationId: GET_CreateTrafficMirrorFilter + description: '

Creates a Traffic Mirror filter.

A Traffic Mirror filter is a set of rules that defines the traffic to mirror.

By default, no traffic is mirrored. To mirror traffic, use CreateTrafficMirrorFilterRule to add Traffic Mirror rules to the filter. The rules you add define what traffic gets mirrored. You can also use ModifyTrafficMirrorFilterNetworkServices to mirror supported network services.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTrafficMirrorFilterResult' + parameters: + - name: Description + in: query + required: false + description: The description of the Traffic Mirror filter. + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to assign to a Traffic Mirror filter. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateTrafficMirrorFilter + operationId: POST_CreateTrafficMirrorFilter + description: '

Creates a Traffic Mirror filter.

A Traffic Mirror filter is a set of rules that defines the traffic to mirror.

By default, no traffic is mirrored. To mirror traffic, use CreateTrafficMirrorFilterRule to add Traffic Mirror rules to the filter. The rules you add define what traffic gets mirrored. You can also use ModifyTrafficMirrorFilterNetworkServices to mirror supported network services.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTrafficMirrorFilterResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTrafficMirrorFilterRequest' + parameters: [] + /?Action=CreateTrafficMirrorFilterRule&Version=2016-11-15: + get: + x-aws-operation-name: CreateTrafficMirrorFilterRule + operationId: GET_CreateTrafficMirrorFilterRule + description:

Creates a Traffic Mirror filter rule.

A Traffic Mirror rule defines the Traffic Mirror source traffic to mirror.

You need the Traffic Mirror filter ID when you create the rule.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTrafficMirrorFilterRuleResult' + parameters: + - name: TrafficMirrorFilterId + in: query + required: true + description: The ID of the filter that this rule is associated with. + schema: + type: string + - name: TrafficDirection + in: query + required: true + description: The type of traffic. + schema: + type: string + enum: + - ingress + - egress + - name: RuleNumber + in: query + required: true + description: The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number. + schema: + type: integer + - name: RuleAction + in: query + required: true + description: The action to take on the filtered traffic. + schema: + type: string + enum: + - accept + - reject + - name: DestinationPortRange + in: query + required: false + description: The destination port range. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The last port in the Traffic Mirror port range. This applies to the TCP and UDP protocols. + description: Information about the Traffic Mirror filter rule port range. + - name: SourcePortRange + in: query + required: false + description: The source port range. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The last port in the Traffic Mirror port range. This applies to the TCP and UDP protocols. + description: Information about the Traffic Mirror filter rule port range. + - name: Protocol + in: query + required: false + description: '

The protocol, for example UDP, to assign to the Traffic Mirror rule.

For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.

' + schema: + type: integer + - name: DestinationCidrBlock + in: query + required: true + description: The destination CIDR block to assign to the Traffic Mirror rule. + schema: + type: string + - name: SourceCidrBlock + in: query + required: true + description: The source CIDR block to assign to the Traffic Mirror rule. + schema: + type: string + - name: Description + in: query + required: false + description: The description of the Traffic Mirror rule. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateTrafficMirrorFilterRule + operationId: POST_CreateTrafficMirrorFilterRule + description:

Creates a Traffic Mirror filter rule.

A Traffic Mirror rule defines the Traffic Mirror source traffic to mirror.

You need the Traffic Mirror filter ID when you create the rule.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTrafficMirrorFilterRuleResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTrafficMirrorFilterRuleRequest' + parameters: [] + /?Action=CreateTrafficMirrorSession&Version=2016-11-15: + get: + x-aws-operation-name: CreateTrafficMirrorSession + operationId: GET_CreateTrafficMirrorSession + description: '

Creates a Traffic Mirror session.

A Traffic Mirror session actively copies packets from a Traffic Mirror source to a Traffic Mirror target. Create a filter, and then assign it to the session to define a subset of the traffic to mirror, for example all TCP traffic.

The Traffic Mirror source and the Traffic Mirror target (monitoring appliances) can be in the same VPC, or in a different VPC connected via VPC peering or a transit gateway.

By default, no traffic is mirrored. Use CreateTrafficMirrorFilter to create filter rules that specify the traffic to mirror.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTrafficMirrorSessionResult' + parameters: + - name: NetworkInterfaceId + in: query + required: true + description: The ID of the source network interface. + schema: + type: string + - name: TrafficMirrorTargetId + in: query + required: true + description: The ID of the Traffic Mirror target. + schema: + type: string + - name: TrafficMirrorFilterId + in: query + required: true + description: The ID of the Traffic Mirror filter. + schema: + type: string + - name: PacketLength + in: query + required: false + description: '

The number of bytes in each packet to mirror. These are bytes after the VXLAN header. Do not specify this parameter when you want to mirror the entire packet. To mirror a subset of the packet, set this to the length (in bytes) that you want to mirror. For example, if you set this value to 100, then the first 100 bytes that meet the filter criteria are copied to the target.

If you do not want to mirror the entire packet, use the PacketLength parameter to specify the number of bytes in each packet to mirror.

' + schema: + type: integer + - name: SessionNumber + in: query + required: true + description:

The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.

Valid values are 1-32766.

+ schema: + type: integer + - name: VirtualNetworkId + in: query + required: false + description: 'The VXLAN ID for the Traffic Mirror session. For more information about the VXLAN protocol, see RFC 7348. If you do not specify a VirtualNetworkId, an account-wide unique id is chosen at random.' + schema: + type: integer + - name: Description + in: query + required: false + description: The description of the Traffic Mirror session. + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to assign to a Traffic Mirror session. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateTrafficMirrorSession + operationId: POST_CreateTrafficMirrorSession + description: '

Creates a Traffic Mirror session.

A Traffic Mirror session actively copies packets from a Traffic Mirror source to a Traffic Mirror target. Create a filter, and then assign it to the session to define a subset of the traffic to mirror, for example all TCP traffic.

The Traffic Mirror source and the Traffic Mirror target (monitoring appliances) can be in the same VPC, or in a different VPC connected via VPC peering or a transit gateway.

By default, no traffic is mirrored. Use CreateTrafficMirrorFilter to create filter rules that specify the traffic to mirror.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTrafficMirrorSessionResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTrafficMirrorSessionRequest' + parameters: [] + /?Action=CreateTrafficMirrorTarget&Version=2016-11-15: + get: + x-aws-operation-name: CreateTrafficMirrorTarget + operationId: GET_CreateTrafficMirrorTarget + description: '

Creates a target for your Traffic Mirror session.

A Traffic Mirror target is the destination for mirrored traffic. The Traffic Mirror source and the Traffic Mirror target (monitoring appliances) can be in the same VPC, or in different VPCs connected via VPC peering or a transit gateway.

A Traffic Mirror target can be a network interface, a Network Load Balancer, or a Gateway Load Balancer endpoint.

To use the target in a Traffic Mirror session, use CreateTrafficMirrorSession.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTrafficMirrorTargetResult' + parameters: + - name: NetworkInterfaceId + in: query + required: false + description: The network interface ID that is associated with the target. + schema: + type: string + - name: NetworkLoadBalancerArn + in: query + required: false + description: The Amazon Resource Name (ARN) of the Network Load Balancer that is associated with the target. + schema: + type: string + - name: Description + in: query + required: false + description: The description of the Traffic Mirror target. + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to assign to the Traffic Mirror target. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + - name: GatewayLoadBalancerEndpointId + in: query + required: false + description: The ID of the Gateway Load Balancer endpoint. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateTrafficMirrorTarget + operationId: POST_CreateTrafficMirrorTarget + description: '

Creates a target for your Traffic Mirror session.

A Traffic Mirror target is the destination for mirrored traffic. The Traffic Mirror source and the Traffic Mirror target (monitoring appliances) can be in the same VPC, or in different VPCs connected via VPC peering or a transit gateway.

A Traffic Mirror target can be a network interface, a Network Load Balancer, or a Gateway Load Balancer endpoint.

To use the target in a Traffic Mirror session, use CreateTrafficMirrorSession.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTrafficMirrorTargetResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTrafficMirrorTargetRequest' + parameters: [] + /?Action=CreateTransitGateway&Version=2016-11-15: + get: + x-aws-operation-name: CreateTransitGateway + operationId: GET_CreateTransitGateway + description: '

Creates a transit gateway.

You can use a transit gateway to interconnect your virtual private clouds (VPC) and on-premises networks. After the transit gateway enters the available state, you can attach your VPCs and VPN connections to the transit gateway.

To attach your VPCs, use CreateTransitGatewayVpcAttachment.

To attach a VPN connection, use CreateCustomerGateway to create a customer gateway and specify the ID of the customer gateway and the ID of the transit gateway in a call to CreateVpnConnection.

When you create a transit gateway, we create a default transit gateway route table and use it as the default association route table and the default propagation route table. You can use CreateTransitGatewayRouteTable to create additional transit gateway route tables. If you disable automatic route propagation, we do not create a default transit gateway route table. You can use EnableTransitGatewayRouteTablePropagation to propagate routes from a resource attachment to a transit gateway route table. If you disable automatic associations, you can use AssociateTransitGatewayRouteTable to associate a resource attachment with a transit gateway route table.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayResult' + parameters: + - name: Description + in: query + required: false + description: A description of the transit gateway. + schema: + type: string + - name: Options + in: query + required: false + description: The transit gateway options. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayCidrBlockStringList' + - description: 'One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6.' + description: Describes the options for a transit gateway. + - name: TagSpecification + in: query + required: false + description: The tags to apply to the transit gateway. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateTransitGateway + operationId: POST_CreateTransitGateway + description: '

Creates a transit gateway.

You can use a transit gateway to interconnect your virtual private clouds (VPC) and on-premises networks. After the transit gateway enters the available state, you can attach your VPCs and VPN connections to the transit gateway.

To attach your VPCs, use CreateTransitGatewayVpcAttachment.

To attach a VPN connection, use CreateCustomerGateway to create a customer gateway and specify the ID of the customer gateway and the ID of the transit gateway in a call to CreateVpnConnection.

When you create a transit gateway, we create a default transit gateway route table and use it as the default association route table and the default propagation route table. You can use CreateTransitGatewayRouteTable to create additional transit gateway route tables. If you disable automatic route propagation, we do not create a default transit gateway route table. You can use EnableTransitGatewayRouteTablePropagation to propagate routes from a resource attachment to a transit gateway route table. If you disable automatic associations, you can use AssociateTransitGatewayRouteTable to associate a resource attachment with a transit gateway route table.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayRequest' + parameters: [] + /?Action=CreateTransitGatewayConnect&Version=2016-11-15: + get: + x-aws-operation-name: CreateTransitGatewayConnect + operationId: GET_CreateTransitGatewayConnect + description:

Creates a Connect attachment from a specified transit gateway attachment. A Connect attachment is a GRE-based tunnel attachment that you can use to establish a connection between a transit gateway and an appliance.

A Connect attachment uses an existing VPC or Amazon Web Services Direct Connect attachment as the underlying transport mechanism.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayConnectResult' + parameters: + - name: TransportTransitGatewayAttachmentId + in: query + required: true + description: The ID of the transit gateway attachment. You can specify a VPC attachment or Amazon Web Services Direct Connect attachment. + schema: + type: string + - name: Options + in: query + required: true + description: The Connect attachment options. + schema: + type: object + required: + - Protocol + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ProtocolValue' + - description: The tunnel protocol. + description: The options for a Connect attachment. + - name: TagSpecification + in: query + required: false + description: The tags to apply to the Connect attachment. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateTransitGatewayConnect + operationId: POST_CreateTransitGatewayConnect + description:

Creates a Connect attachment from a specified transit gateway attachment. A Connect attachment is a GRE-based tunnel attachment that you can use to establish a connection between a transit gateway and an appliance.

A Connect attachment uses an existing VPC or Amazon Web Services Direct Connect attachment as the underlying transport mechanism.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayConnectResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayConnectRequest' + parameters: [] + /?Action=CreateTransitGatewayConnectPeer&Version=2016-11-15: + get: + x-aws-operation-name: CreateTransitGatewayConnectPeer + operationId: GET_CreateTransitGatewayConnectPeer + description: '

Creates a Connect peer for a specified transit gateway Connect attachment between a transit gateway and an appliance.

The peer address and transit gateway address must be the same IP address family (IPv4 or IPv6).

For more information, see Connect peers in the Transit Gateways Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayConnectPeerResult' + parameters: + - name: TransitGatewayAttachmentId + in: query + required: true + description: The ID of the Connect attachment. + schema: + type: string + - name: TransitGatewayAddress + in: query + required: false + description: 'The peer IP address (GRE outer IP address) on the transit gateway side of the Connect peer, which must be specified from a transit gateway CIDR block. If not specified, Amazon automatically assigns the first available IP address from the transit gateway CIDR block.' + schema: + type: string + - name: PeerAddress + in: query + required: true + description: The peer IP address (GRE outer IP address) on the appliance side of the Connect peer. + schema: + type: string + - name: BgpOptions + in: query + required: false + description: The BGP options for the Connect peer. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Long' + - description: The peer Autonomous System Number (ASN). + description: The BGP options for the Connect attachment. + - name: InsideCidrBlocks + in: query + required: true + description: 'The range of inside IP addresses that are used for BGP peering. You must specify a size /29 IPv4 CIDR block from the 169.254.0.0/16 range. The first address from the range must be configured on the appliance as the BGP IP address. You can also optionally specify a size /125 IPv6 CIDR block from the fd00::/8 range.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: TagSpecification + in: query + required: false + description: The tags to apply to the Connect peer. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateTransitGatewayConnectPeer + operationId: POST_CreateTransitGatewayConnectPeer + description: '

Creates a Connect peer for a specified transit gateway Connect attachment between a transit gateway and an appliance.

The peer address and transit gateway address must be the same IP address family (IPv4 or IPv6).

For more information, see Connect peers in the Transit Gateways Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayConnectPeerResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayConnectPeerRequest' + parameters: [] + /?Action=CreateTransitGatewayMulticastDomain&Version=2016-11-15: + get: + x-aws-operation-name: CreateTransitGatewayMulticastDomain + operationId: GET_CreateTransitGatewayMulticastDomain + description: '

Creates a multicast domain using the specified transit gateway.

The transit gateway must be in the available state before you create a domain. Use DescribeTransitGateways to see the state of transit gateway.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayMulticastDomainResult' + parameters: + - name: TransitGatewayId + in: query + required: true + description: The ID of the transit gateway. + schema: + type: string + - name: Options + in: query + required: false + description: The options for the transit gateway multicast domain. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/AutoAcceptSharedAssociationsValue' + - description: Indicates whether to automatically accept cross-account subnet associations that are associated with the transit gateway multicast domain. + description: The options for the transit gateway multicast domain. + - name: TagSpecification + in: query + required: false + description: The tags for the transit gateway multicast domain. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateTransitGatewayMulticastDomain + operationId: POST_CreateTransitGatewayMulticastDomain + description: '

Creates a multicast domain using the specified transit gateway.

The transit gateway must be in the available state before you create a domain. Use DescribeTransitGateways to see the state of transit gateway.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayMulticastDomainResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayMulticastDomainRequest' + parameters: [] + /?Action=CreateTransitGatewayPeeringAttachment&Version=2016-11-15: + get: + x-aws-operation-name: CreateTransitGatewayPeeringAttachment + operationId: GET_CreateTransitGatewayPeeringAttachment + description: '

Requests a transit gateway peering attachment between the specified transit gateway (requester) and a peer transit gateway (accepter). The transit gateways must be in different Regions. The peer transit gateway can be in your account or a different Amazon Web Services account.

After you create the peering attachment, the owner of the accepter transit gateway must accept the attachment request.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayPeeringAttachmentResult' + parameters: + - name: TransitGatewayId + in: query + required: true + description: The ID of the transit gateway. + schema: + type: string + - name: PeerTransitGatewayId + in: query + required: true + description: The ID of the peer transit gateway with which to create the peering attachment. + schema: + type: string + - name: PeerAccountId + in: query + required: true + description: The ID of the Amazon Web Services account that owns the peer transit gateway. + schema: + type: string + - name: PeerRegion + in: query + required: true + description: The Region where the peer transit gateway is located. + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to apply to the transit gateway peering attachment. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateTransitGatewayPeeringAttachment + operationId: POST_CreateTransitGatewayPeeringAttachment + description: '

Requests a transit gateway peering attachment between the specified transit gateway (requester) and a peer transit gateway (accepter). The transit gateways must be in different Regions. The peer transit gateway can be in your account or a different Amazon Web Services account.

After you create the peering attachment, the owner of the accepter transit gateway must accept the attachment request.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayPeeringAttachmentResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayPeeringAttachmentRequest' + parameters: [] + /?Action=CreateTransitGatewayPrefixListReference&Version=2016-11-15: + get: + x-aws-operation-name: CreateTransitGatewayPrefixListReference + operationId: GET_CreateTransitGatewayPrefixListReference + description: Creates a reference (route) to a prefix list in a specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayPrefixListReferenceResult' + parameters: + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the transit gateway route table. + schema: + type: string + - name: PrefixListId + in: query + required: true + description: The ID of the prefix list that is used for destination matches. + schema: + type: string + - name: TransitGatewayAttachmentId + in: query + required: false + description: The ID of the attachment to which traffic is routed. + schema: + type: string + - name: Blackhole + in: query + required: false + description: Indicates whether to drop traffic that matches this route. + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateTransitGatewayPrefixListReference + operationId: POST_CreateTransitGatewayPrefixListReference + description: Creates a reference (route) to a prefix list in a specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayPrefixListReferenceResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayPrefixListReferenceRequest' + parameters: [] + /?Action=CreateTransitGatewayRoute&Version=2016-11-15: + get: + x-aws-operation-name: CreateTransitGatewayRoute + operationId: GET_CreateTransitGatewayRoute + description: Creates a static route for the specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayRouteResult' + parameters: + - name: DestinationCidrBlock + in: query + required: true + description: The CIDR range used for destination matches. Routing decisions are based on the most specific match. + schema: + type: string + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the transit gateway route table. + schema: + type: string + - name: TransitGatewayAttachmentId + in: query + required: false + description: The ID of the attachment. + schema: + type: string + - name: Blackhole + in: query + required: false + description: Indicates whether to drop traffic that matches this route. + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateTransitGatewayRoute + operationId: POST_CreateTransitGatewayRoute + description: Creates a static route for the specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayRouteResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayRouteRequest' + parameters: [] + /?Action=CreateTransitGatewayRouteTable&Version=2016-11-15: + get: + x-aws-operation-name: CreateTransitGatewayRouteTable + operationId: GET_CreateTransitGatewayRouteTable + description: Creates a route table for the specified transit gateway. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayRouteTableResult' + parameters: + - name: TransitGatewayId + in: query + required: true + description: The ID of the transit gateway. + schema: + type: string + - name: TagSpecifications + in: query + required: false + description: The tags to apply to the transit gateway route table. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateTransitGatewayRouteTable + operationId: POST_CreateTransitGatewayRouteTable + description: Creates a route table for the specified transit gateway. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayRouteTableResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayRouteTableRequest' + parameters: [] + /?Action=CreateTransitGatewayVpcAttachment&Version=2016-11-15: + get: + x-aws-operation-name: CreateTransitGatewayVpcAttachment + operationId: GET_CreateTransitGatewayVpcAttachment + description: '

Attaches the specified VPC to the specified transit gateway.

If you attach a VPC with a CIDR range that overlaps the CIDR range of a VPC that is already attached, the new VPC CIDR range is not propagated to the default propagation route table.

To send VPC traffic to an attached transit gateway, add a route to the VPC route table using CreateRoute.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayVpcAttachmentResult' + parameters: + - name: TransitGatewayId + in: query + required: true + description: The ID of the transit gateway. + schema: + type: string + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + - name: SubnetIds + in: query + required: true + description: 'The IDs of one or more subnets. You can specify only one subnet per Availability Zone. You must specify at least one subnet, but we recommend that you specify two subnets for better availability. The transit gateway uses one IP address from each specified subnet.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SubnetId' + - xml: + name: item + - name: Options + in: query + required: false + description: The VPC attachment options. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ApplianceModeSupportValue' + - description: 'Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable.' + description: Describes the options for a VPC attachment. + - name: TagSpecifications + in: query + required: false + description: The tags to apply to the VPC attachment. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateTransitGatewayVpcAttachment + operationId: POST_CreateTransitGatewayVpcAttachment + description: '

Attaches the specified VPC to the specified transit gateway.

If you attach a VPC with a CIDR range that overlaps the CIDR range of a VPC that is already attached, the new VPC CIDR range is not propagated to the default propagation route table.

To send VPC traffic to an attached transit gateway, add a route to the VPC route table using CreateRoute.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayVpcAttachmentResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateTransitGatewayVpcAttachmentRequest' + parameters: [] + /?Action=CreateVolume&Version=2016-11-15: + get: + x-aws-operation-name: CreateVolume + operationId: GET_CreateVolume + description: '

Creates an EBS volume that can be attached to an instance in the same Availability Zone.

You can create a new empty volume or restore a volume from an EBS snapshot. Any Amazon Web Services Marketplace product codes from the snapshot are propagated to the volume.

You can create encrypted volumes. Encrypted volumes must be attached to instances that support Amazon EBS encryption. Volumes that are created from encrypted snapshots are also automatically encrypted. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

You can tag your volumes during creation. For more information, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.

For more information, see Create an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/Volume' + parameters: + - name: AvailabilityZone + in: query + required: true + description: The Availability Zone in which to create the volume. + schema: + type: string + - name: Encrypted + in: query + required: false + description: '

Indicates whether the volume should be encrypted. The effect of setting the encryption state to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see Encryption by default in the Amazon Elastic Compute Cloud User Guide.

Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Supported instance types.

' + schema: + type: boolean + - name: Iops + in: query + required: false + description: '

The number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.

The following are the supported values for each volume type:

  • gp3: 3,000-16,000 IOPS

  • io1: 100-64,000 IOPS

  • io2: 100-64,000 IOPS

io1 and io2 volumes support up to 64,000 IOPS only on Instances built on the Nitro System. Other instance families support performance up to 32,000 IOPS.

This parameter is required for io1 and io2 volumes. The default for gp3 volumes is 3,000 IOPS. This parameter is not supported for gp2, st1, sc1, or standard volumes.

' + schema: + type: integer + - name: KmsKeyId + in: query + required: false + description: '

The identifier of the Key Management Service (KMS) KMS key to use for Amazon EBS encryption. If this parameter is not specified, your KMS key for Amazon EBS is used. If KmsKeyId is specified, the encrypted state must be true.

You can specify the KMS key using any of the following:

  • Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.

  • Key alias. For example, alias/ExampleAlias.

  • Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.

  • Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.

Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails.

' + schema: + type: string + - name: OutpostArn + in: query + required: false + description: The Amazon Resource Name (ARN) of the Outpost. + schema: + type: string + - name: Size + in: query + required: false + description: '

The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.

The following are the supported volumes sizes for each volume type:

  • gp2 and gp3: 1-16,384

  • io1 and io2: 4-16,384

  • st1 and sc1: 125-16,384

  • standard: 1-1,024

' + schema: + type: integer + - name: SnapshotId + in: query + required: false + description: The snapshot from which to create the volume. You must specify either a snapshot ID or a volume size. + schema: + type: string + - name: VolumeType + in: query + required: false + description: '

The volume type. This parameter can be one of the following values:

  • General Purpose SSD: gp2 | gp3

  • Provisioned IOPS SSD: io1 | io2

  • Throughput Optimized HDD: st1

  • Cold HDD: sc1

  • Magnetic: standard

For more information, see Amazon EBS volume types in the Amazon Elastic Compute Cloud User Guide.

Default: gp2

' + schema: + type: string + enum: + - standard + - io1 + - io2 + - gp2 + - sc1 + - st1 + - gp3 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: TagSpecification + in: query + required: false + description: The tags to apply to the volume during creation. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: MultiAttachEnabled + in: query + required: false + description: 'Indicates whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the volume to up to 16 Instances built on the Nitro System in the same Availability Zone. This parameter is supported with io1 and io2 volumes only. For more information, see Amazon EBS Multi-Attach in the Amazon Elastic Compute Cloud User Guide.' + schema: + type: boolean + - name: Throughput + in: query + required: false + description: '

The throughput to provision for a volume, with a maximum of 1,000 MiB/s.

This parameter is valid only for gp3 volumes.

Valid Range: Minimum value of 125. Maximum value of 1000.

' + schema: + type: integer + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency.' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateVolume + operationId: POST_CreateVolume + description: '

Creates an EBS volume that can be attached to an instance in the same Availability Zone.

You can create a new empty volume or restore a volume from an EBS snapshot. Any Amazon Web Services Marketplace product codes from the snapshot are propagated to the volume.

You can create encrypted volumes. Encrypted volumes must be attached to instances that support Amazon EBS encryption. Volumes that are created from encrypted snapshots are also automatically encrypted. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

You can tag your volumes during creation. For more information, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.

For more information, see Create an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/Volume' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVolumeRequest' + parameters: [] + /?Action=CreateVpc&Version=2016-11-15: + get: + x-aws-operation-name: CreateVpc + operationId: GET_CreateVpc + description: '

Creates a VPC with the specified IPv4 CIDR block. The smallest VPC you can create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16 netmask (65,536 IPv4 addresses). For more information about how large to make your VPC, see Your VPC and subnets in the Amazon Virtual Private Cloud User Guide.

You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon''s pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).

By default, each instance you launch in the VPC has the default DHCP options, which include only a default DNS server that we provide (AmazonProvidedDNS). For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

You can specify the instance tenancy value for the VPC when you create it. You can''t change this value for the VPC after you create it. For more information, see Dedicated Instances in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpcResult' + parameters: + - name: CidrBlock + in: query + required: false + description: 'The IPv4 network range for the VPC, in CIDR notation. For example, 10.0.0.0/16. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.' + schema: + type: string + - name: AmazonProvidedIpv6CidrBlock + in: query + required: false + description: 'Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block.' + schema: + type: boolean + - name: Ipv6Pool + in: query + required: false + description: The ID of an IPv6 address pool from which to allocate the IPv6 CIDR block. + schema: + type: string + - name: Ipv6CidrBlock + in: query + required: false + description: '

The IPv6 CIDR block from the IPv6 address pool. You must also specify Ipv6Pool in the request.

To let Amazon choose the IPv6 CIDR block for you, omit this parameter.

' + schema: + type: string + - name: Ipv4IpamPoolId + in: query + required: false + description: 'The ID of an IPv4 IPAM pool you want to use for allocating this VPC''s CIDR. For more information, see What is IPAM? in the Amazon VPC IPAM User Guide. ' + schema: + type: string + - name: Ipv4NetmaskLength + in: query + required: false + description: 'The netmask length of the IPv4 CIDR you want to allocate to this VPC from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide.' + schema: + type: integer + - name: Ipv6IpamPoolId + in: query + required: false + description: 'The ID of an IPv6 IPAM pool which will be used to allocate this VPC an IPv6 CIDR. IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization. For more information, see What is IPAM? in the Amazon VPC IPAM User Guide.' + schema: + type: string + - name: Ipv6NetmaskLength + in: query + required: false + description: 'The netmask length of the IPv6 CIDR you want to allocate to this VPC from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide.' + schema: + type: integer + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceTenancy + in: query + required: false + description: '

The tenancy options for instances launched into the VPC. For default, instances are launched with shared tenancy by default. You can launch instances with any tenancy into a shared tenancy VPC. For dedicated, instances are launched as dedicated tenancy instances by default. You can only launch instances with a tenancy of dedicated or host into a dedicated tenancy VPC.

Important: The host value cannot be used with this parameter. Use the default or dedicated values only.

Default: default

' + schema: + type: string + enum: + - default + - dedicated + - host + - name: Ipv6CidrBlockNetworkBorderGroup + in: query + required: false + description:

The name of the location from which we advertise the IPV6 CIDR block. Use this parameter to limit the address to this location.

You must set AmazonProvidedIpv6CidrBlock to true to use this parameter.

+ schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to assign to the VPC. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateVpc + operationId: POST_CreateVpc + description: '

Creates a VPC with the specified IPv4 CIDR block. The smallest VPC you can create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16 netmask (65,536 IPv4 addresses). For more information about how large to make your VPC, see Your VPC and subnets in the Amazon Virtual Private Cloud User Guide.

You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon''s pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).

By default, each instance you launch in the VPC has the default DHCP options, which include only a default DNS server that we provide (AmazonProvidedDNS). For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

You can specify the instance tenancy value for the VPC when you create it. You can''t change this value for the VPC after you create it. For more information, see Dedicated Instances in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpcResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpcRequest' + parameters: [] + /?Action=CreateVpcEndpoint&Version=2016-11-15: + get: + x-aws-operation-name: CreateVpcEndpoint + operationId: GET_CreateVpcEndpoint + description: 'Creates a VPC endpoint for a specified service. An endpoint enables you to create a private connection between your VPC and the service. The service may be provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or another Amazon Web Services account. For more information, see the Amazon Web Services PrivateLink Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpcEndpointResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcEndpointType + in: query + required: false + description: '

The type of endpoint.

Default: Gateway

' + schema: + type: string + enum: + - Interface + - Gateway + - GatewayLoadBalancer + - name: VpcId + in: query + required: true + description: The ID of the VPC in which the endpoint will be used. + schema: + type: string + - name: ServiceName + in: query + required: true + description: 'The service name. To get a list of available services, use the DescribeVpcEndpointServices request, or get the name from the service provider.' + schema: + type: string + - name: PolicyDocument + in: query + required: false + description: '(Interface and gateway endpoints) A policy to attach to the endpoint that controls access to the service. The policy must be in valid JSON format. If this parameter is not specified, we attach a default policy that allows full access to the service.' + schema: + type: string + - name: RouteTableId + in: query + required: false + description: (Gateway endpoint) One or more route table IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/RouteTableId' + - xml: + name: item + - name: SubnetId + in: query + required: false + description: '(Interface and Gateway Load Balancer endpoints) The ID of one or more subnets in which to create an endpoint network interface. For a Gateway Load Balancer endpoint, you can specify one subnet only.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SubnetId' + - xml: + name: item + - name: SecurityGroupId + in: query + required: false + description: (Interface endpoint) The ID of one or more security groups to associate with the endpoint network interface. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: item + - name: IpAddressType + in: query + required: false + description: The IP address type for the endpoint. + schema: + type: string + enum: + - ipv4 + - dualstack + - ipv6 + - name: DnsOptions + in: query + required: false + description: The DNS options for the endpoint. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/DnsRecordIpType' + - description: The DNS records created for the endpoint. + description: Describes the DNS options for an endpoint. + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + - name: PrivateDnsEnabled + in: query + required: false + description: '

(Interface endpoint) Indicates whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service.

To use a private hosted zone, you must set the following VPC attributes to true: enableDnsHostnames and enableDnsSupport. Use ModifyVpcAttribute to set the VPC attributes.

Default: true

' + schema: + type: boolean + - name: TagSpecification + in: query + required: false + description: The tags to associate with the endpoint. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateVpcEndpoint + operationId: POST_CreateVpcEndpoint + description: 'Creates a VPC endpoint for a specified service. An endpoint enables you to create a private connection between your VPC and the service. The service may be provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or another Amazon Web Services account. For more information, see the Amazon Web Services PrivateLink Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpcEndpointResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpcEndpointRequest' + parameters: [] + /?Action=CreateVpcEndpointConnectionNotification&Version=2016-11-15: + get: + x-aws-operation-name: CreateVpcEndpointConnectionNotification + operationId: GET_CreateVpcEndpointConnectionNotification + description: '

Creates a connection notification for a specified VPC endpoint or VPC endpoint service. A connection notification notifies you of specific endpoint events. You must create an SNS topic to receive notifications. For more information, see Create a Topic in the Amazon Simple Notification Service Developer Guide.

You can create a connection notification for interface endpoints only.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpcEndpointConnectionNotificationResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ServiceId + in: query + required: false + description: The ID of the endpoint service. + schema: + type: string + - name: VpcEndpointId + in: query + required: false + description: The ID of the endpoint. + schema: + type: string + - name: ConnectionNotificationArn + in: query + required: true + description: The ARN of the SNS topic for the notifications. + schema: + type: string + - name: ConnectionEvents + in: query + required: true + description: 'One or more endpoint events for which to receive notifications. Valid values are Accept, Connect, Delete, and Reject.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateVpcEndpointConnectionNotification + operationId: POST_CreateVpcEndpointConnectionNotification + description: '

Creates a connection notification for a specified VPC endpoint or VPC endpoint service. A connection notification notifies you of specific endpoint events. You must create an SNS topic to receive notifications. For more information, see Create a Topic in the Amazon Simple Notification Service Developer Guide.

You can create a connection notification for interface endpoints only.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpcEndpointConnectionNotificationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpcEndpointConnectionNotificationRequest' + parameters: [] + /?Action=CreateVpcEndpointServiceConfiguration&Version=2016-11-15: + get: + x-aws-operation-name: CreateVpcEndpointServiceConfiguration + operationId: GET_CreateVpcEndpointServiceConfiguration + description: '

Creates a VPC endpoint service to which service consumers (Amazon Web Services accounts, IAM users, and IAM roles) can connect.

Before you create an endpoint service, you must create one of the following for your service:

If you set the private DNS name, you must prove that you own the private DNS domain name.

For more information, see the Amazon Web Services PrivateLink Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpcEndpointServiceConfigurationResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: AcceptanceRequired + in: query + required: false + description: Indicates whether requests from service consumers to create an endpoint to your service must be accepted manually. + schema: + type: boolean + - name: PrivateDnsName + in: query + required: false + description: (Interface endpoint configuration) The private DNS name to assign to the VPC endpoint service. + schema: + type: string + - name: NetworkLoadBalancerArn + in: query + required: false + description: The Amazon Resource Names (ARNs) of one or more Network Load Balancers for your service. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: GatewayLoadBalancerArn + in: query + required: false + description: The Amazon Resource Names (ARNs) of one or more Gateway Load Balancers. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: SupportedIpAddressType + in: query + required: false + description: The supported IP address types. The possible values are ipv4 and ipv6. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to associate with the service. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateVpcEndpointServiceConfiguration + operationId: POST_CreateVpcEndpointServiceConfiguration + description: '

Creates a VPC endpoint service to which service consumers (Amazon Web Services accounts, IAM users, and IAM roles) can connect.

Before you create an endpoint service, you must create one of the following for your service:

If you set the private DNS name, you must prove that you own the private DNS domain name.

For more information, see the Amazon Web Services PrivateLink Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpcEndpointServiceConfigurationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpcEndpointServiceConfigurationRequest' + parameters: [] + /?Action=CreateVpcPeeringConnection&Version=2016-11-15: + get: + x-aws-operation-name: CreateVpcPeeringConnection + operationId: GET_CreateVpcPeeringConnection + description: '

Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to another Amazon Web Services account and can be in a different Region to the requester VPC. The requester VPC and accepter VPC cannot have overlapping CIDR blocks.

Limitations and rules apply to a VPC peering connection. For more information, see the limitations section in the VPC Peering Guide.

The owner of the accepter VPC must accept the peering request to activate the peering connection. The VPC peering connection request expires after 7 days, after which it cannot be accepted or rejected.

If you create a VPC peering connection request between VPCs with overlapping CIDR blocks, the VPC peering connection has a status of failed.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpcPeeringConnectionResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: PeerOwnerId + in: query + required: false + description: '

The Amazon Web Services account ID of the owner of the accepter VPC.

Default: Your Amazon Web Services account ID

' + schema: + type: string + - name: PeerVpcId + in: query + required: false + description: The ID of the VPC with which you are creating the VPC peering connection. You must specify this parameter in the request. + schema: + type: string + - name: VpcId + in: query + required: false + description: The ID of the requester VPC. You must specify this parameter in the request. + schema: + type: string + - name: PeerRegion + in: query + required: false + description: '

The Region code for the accepter VPC, if the accepter VPC is located in a Region other than the Region in which you make the request.

Default: The Region in which you make the request.

' + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to assign to the peering connection. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateVpcPeeringConnection + operationId: POST_CreateVpcPeeringConnection + description: '

Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to another Amazon Web Services account and can be in a different Region to the requester VPC. The requester VPC and accepter VPC cannot have overlapping CIDR blocks.

Limitations and rules apply to a VPC peering connection. For more information, see the limitations section in the VPC Peering Guide.

The owner of the accepter VPC must accept the peering request to activate the peering connection. The VPC peering connection request expires after 7 days, after which it cannot be accepted or rejected.

If you create a VPC peering connection request between VPCs with overlapping CIDR blocks, the VPC peering connection has a status of failed.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpcPeeringConnectionResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpcPeeringConnectionRequest' + parameters: [] + /?Action=CreateVpnConnection&Version=2016-11-15: + get: + x-aws-operation-name: CreateVpnConnection + operationId: GET_CreateVpnConnection + description: '

Creates a VPN connection between an existing virtual private gateway or transit gateway and a customer gateway. The supported connection type is ipsec.1.

The response includes information that you need to give to your network administrator to configure your customer gateway.

We strongly recommend that you use HTTPS when calling this operation because the response contains sensitive cryptographic information for configuring your customer gateway device.

If you decide to shut down your VPN connection for any reason and later create a new VPN connection, you must reconfigure your customer gateway with the new information returned from this call.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn''t return an error.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpnConnectionResult' + parameters: + - name: CustomerGatewayId + in: query + required: true + description: The ID of the customer gateway. + schema: + type: string + - name: Type + in: query + required: true + description: The type of VPN connection (ipsec.1). + schema: + type: string + - name: VpnGatewayId + in: query + required: false + description: 'The ID of the virtual private gateway. If you specify a virtual private gateway, you cannot specify a transit gateway.' + schema: + type: string + - name: TransitGatewayId + in: query + required: false + description: 'The ID of the transit gateway. If you specify a transit gateway, you cannot specify a virtual private gateway.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Options + in: query + required: false + description: The options for the VPN connection. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Indicate whether to enable acceleration for the VPN connection.

Default: false

' + staticRoutesOnly: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The IPv6 CIDR on the Amazon Web Services side of the VPN connection.

Default: ::/0

' + description: Describes VPN connection options. + - name: TagSpecification + in: query + required: false + description: The tags to apply to the VPN connection. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateVpnConnection + operationId: POST_CreateVpnConnection + description: '

Creates a VPN connection between an existing virtual private gateway or transit gateway and a customer gateway. The supported connection type is ipsec.1.

The response includes information that you need to give to your network administrator to configure your customer gateway.

We strongly recommend that you use HTTPS when calling this operation because the response contains sensitive cryptographic information for configuring your customer gateway device.

If you decide to shut down your VPN connection for any reason and later create a new VPN connection, you must reconfigure your customer gateway with the new information returned from this call.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn''t return an error.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpnConnectionResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpnConnectionRequest' + parameters: [] + /?Action=CreateVpnConnectionRoute&Version=2016-11-15: + get: + x-aws-operation-name: CreateVpnConnectionRoute + operationId: GET_CreateVpnConnectionRoute + description: '

Creates a static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' + responses: + '200': + description: Success + parameters: + - name: DestinationCidrBlock + in: query + required: true + description: The CIDR block associated with the local subnet of the customer network. + schema: + type: string + - name: VpnConnectionId + in: query + required: true + description: The ID of the VPN connection. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateVpnConnectionRoute + operationId: POST_CreateVpnConnectionRoute + description: '

Creates a static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpnConnectionRouteRequest' + parameters: [] + /?Action=CreateVpnGateway&Version=2016-11-15: + get: + x-aws-operation-name: CreateVpnGateway + operationId: GET_CreateVpnGateway + description: '

Creates a virtual private gateway. A virtual private gateway is the endpoint on the VPC side of your VPN connection. You can create a virtual private gateway before creating the VPC itself.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpnGatewayResult' + parameters: + - name: AvailabilityZone + in: query + required: false + description: The Availability Zone for the virtual private gateway. + schema: + type: string + - name: Type + in: query + required: true + description: The type of VPN connection this virtual private gateway supports. + schema: + type: string + enum: + - ipsec.1 + - name: TagSpecification + in: query + required: false + description: The tags to apply to the virtual private gateway. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: AmazonSideAsn + in: query + required: false + description: '

A private Autonomous System Number (ASN) for the Amazon side of a BGP session. If you''re using a 16-bit ASN, it must be in the 64512 to 65534 range. If you''re using a 32-bit ASN, it must be in the 4200000000 to 4294967294 range.

Default: 64512

' + schema: + type: integer + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: CreateVpnGateway + operationId: POST_CreateVpnGateway + description: '

Creates a virtual private gateway. A virtual private gateway is the endpoint on the VPC side of your VPN connection. You can create a virtual private gateway before creating the VPC itself.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpnGatewayResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVpnGatewayRequest' + parameters: [] + /?Action=DeleteCarrierGateway&Version=2016-11-15: + get: + x-aws-operation-name: DeleteCarrierGateway + operationId: GET_DeleteCarrierGateway + description: '

Deletes a carrier gateway.

If you do not delete the route that contains the carrier gateway as the Target, the route is a blackhole route. For information about how to delete a route, see DeleteRoute.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteCarrierGatewayResult' + parameters: + - name: CarrierGatewayId + in: query + required: true + description: The ID of the carrier gateway. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteCarrierGateway + operationId: POST_DeleteCarrierGateway + description: '

Deletes a carrier gateway.

If you do not delete the route that contains the carrier gateway as the Target, the route is a blackhole route. For information about how to delete a route, see DeleteRoute.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteCarrierGatewayResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteCarrierGatewayRequest' + parameters: [] + /?Action=DeleteClientVpnEndpoint&Version=2016-11-15: + get: + x-aws-operation-name: DeleteClientVpnEndpoint + operationId: GET_DeleteClientVpnEndpoint + description: Deletes the specified Client VPN endpoint. You must disassociate all target networks before you can delete a Client VPN endpoint. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteClientVpnEndpointResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN to be deleted. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteClientVpnEndpoint + operationId: POST_DeleteClientVpnEndpoint + description: Deletes the specified Client VPN endpoint. You must disassociate all target networks before you can delete a Client VPN endpoint. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteClientVpnEndpointResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteClientVpnEndpointRequest' + parameters: [] + /?Action=DeleteClientVpnRoute&Version=2016-11-15: + get: + x-aws-operation-name: DeleteClientVpnRoute + operationId: GET_DeleteClientVpnRoute + description: 'Deletes a route from a Client VPN endpoint. You can only delete routes that you manually added using the CreateClientVpnRoute action. You cannot delete routes that were automatically added when associating a subnet. To remove routes that have been automatically added, disassociate the target subnet from the Client VPN endpoint.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteClientVpnRouteResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint from which the route is to be deleted. + schema: + type: string + - name: TargetVpcSubnetId + in: query + required: false + description: The ID of the target subnet used by the route. + schema: + type: string + - name: DestinationCidrBlock + in: query + required: true + description: 'The IPv4 address range, in CIDR notation, of the route to be deleted.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteClientVpnRoute + operationId: POST_DeleteClientVpnRoute + description: 'Deletes a route from a Client VPN endpoint. You can only delete routes that you manually added using the CreateClientVpnRoute action. You cannot delete routes that were automatically added when associating a subnet. To remove routes that have been automatically added, disassociate the target subnet from the Client VPN endpoint.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteClientVpnRouteResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteClientVpnRouteRequest' + parameters: [] + /?Action=DeleteCustomerGateway&Version=2016-11-15: + get: + x-aws-operation-name: DeleteCustomerGateway + operationId: GET_DeleteCustomerGateway + description: Deletes the specified customer gateway. You must delete the VPN connection before you can delete the customer gateway. + responses: + '200': + description: Success + parameters: + - name: CustomerGatewayId + in: query + required: true + description: The ID of the customer gateway. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteCustomerGateway + operationId: POST_DeleteCustomerGateway + description: Deletes the specified customer gateway. You must delete the VPN connection before you can delete the customer gateway. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteCustomerGatewayRequest' + parameters: [] + /?Action=DeleteDhcpOptions&Version=2016-11-15: + get: + x-aws-operation-name: DeleteDhcpOptions + operationId: GET_DeleteDhcpOptions + description: Deletes the specified set of DHCP options. You must disassociate the set of DHCP options before you can delete it. You can disassociate the set of DHCP options by associating either a new set of options or the default set of options with the VPC. + responses: + '200': + description: Success + parameters: + - name: DhcpOptionsId + in: query + required: true + description: The ID of the DHCP options set. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteDhcpOptions + operationId: POST_DeleteDhcpOptions + description: Deletes the specified set of DHCP options. You must disassociate the set of DHCP options before you can delete it. You can disassociate the set of DHCP options by associating either a new set of options or the default set of options with the VPC. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteDhcpOptionsRequest' + parameters: [] + /?Action=DeleteEgressOnlyInternetGateway&Version=2016-11-15: + get: + x-aws-operation-name: DeleteEgressOnlyInternetGateway + operationId: GET_DeleteEgressOnlyInternetGateway + description: Deletes an egress-only internet gateway. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteEgressOnlyInternetGatewayResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: EgressOnlyInternetGatewayId + in: query + required: true + description: The ID of the egress-only internet gateway. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteEgressOnlyInternetGateway + operationId: POST_DeleteEgressOnlyInternetGateway + description: Deletes an egress-only internet gateway. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteEgressOnlyInternetGatewayResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteEgressOnlyInternetGatewayRequest' + parameters: [] + /?Action=DeleteFleets&Version=2016-11-15: + get: + x-aws-operation-name: DeleteFleets + operationId: GET_DeleteFleets + description: '

Deletes the specified EC2 Fleet.

After you delete an EC2 Fleet, it launches no new instances.

You must specify whether a deleted EC2 Fleet should also terminate its instances. If you choose to terminate the instances, the EC2 Fleet enters the deleted_terminating state. Otherwise, the EC2 Fleet enters the deleted_running state, and the instances continue to run until they are interrupted or you terminate them manually.

For instant fleets, EC2 Fleet must terminate the instances when the fleet is deleted. A deleted instant fleet with running instances is not supported.

Restrictions

  • You can delete up to 25 instant fleets in a single request. If you exceed this number, no instant fleets are deleted and an error is returned. There is no restriction on the number of fleets of type maintain or request that can be deleted in a single request.

  • Up to 1000 instances can be terminated in a single request to delete instant fleets.

For more information, see Delete an EC2 Fleet in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteFleetsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: FleetId + in: query + required: true + description: The IDs of the EC2 Fleets. + schema: + type: array + items: + $ref: '#/components/schemas/FleetId' + - name: TerminateInstances + in: query + required: true + description: '

Indicates whether to terminate the instances when the EC2 Fleet is deleted. The default is to terminate the instances.

To let the instances continue to run after the EC2 Fleet is deleted, specify NoTerminateInstances. Supported only for fleets of type maintain and request.

For instant fleets, you cannot specify NoTerminateInstances. A deleted instant fleet with running instances is not supported.

' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteFleets + operationId: POST_DeleteFleets + description: '

Deletes the specified EC2 Fleet.

After you delete an EC2 Fleet, it launches no new instances.

You must specify whether a deleted EC2 Fleet should also terminate its instances. If you choose to terminate the instances, the EC2 Fleet enters the deleted_terminating state. Otherwise, the EC2 Fleet enters the deleted_running state, and the instances continue to run until they are interrupted or you terminate them manually.

For instant fleets, EC2 Fleet must terminate the instances when the fleet is deleted. A deleted instant fleet with running instances is not supported.

Restrictions

  • You can delete up to 25 instant fleets in a single request. If you exceed this number, no instant fleets are deleted and an error is returned. There is no restriction on the number of fleets of type maintain or request that can be deleted in a single request.

  • Up to 1000 instances can be terminated in a single request to delete instant fleets.

For more information, see Delete an EC2 Fleet in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteFleetsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteFleetsRequest' + parameters: [] + /?Action=DeleteFlowLogs&Version=2016-11-15: + get: + x-aws-operation-name: DeleteFlowLogs + operationId: GET_DeleteFlowLogs + description: Deletes one or more flow logs. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteFlowLogsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: FlowLogId + in: query + required: true + description: '

One or more flow log IDs.

Constraint: Maximum of 1000 flow log IDs.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcFlowLogId' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteFlowLogs + operationId: POST_DeleteFlowLogs + description: Deletes one or more flow logs. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteFlowLogsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteFlowLogsRequest' + parameters: [] + /?Action=DeleteFpgaImage&Version=2016-11-15: + get: + x-aws-operation-name: DeleteFpgaImage + operationId: GET_DeleteFpgaImage + description: Deletes the specified Amazon FPGA Image (AFI). + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteFpgaImageResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: FpgaImageId + in: query + required: true + description: The ID of the AFI. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteFpgaImage + operationId: POST_DeleteFpgaImage + description: Deletes the specified Amazon FPGA Image (AFI). + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteFpgaImageResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteFpgaImageRequest' + parameters: [] + /?Action=DeleteInstanceEventWindow&Version=2016-11-15: + get: + x-aws-operation-name: DeleteInstanceEventWindow + operationId: GET_DeleteInstanceEventWindow + description: '

Deletes the specified event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteInstanceEventWindowResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ForceDelete + in: query + required: false + description: Specify true to force delete the event window. Use the force delete parameter if the event window is currently associated with targets. + schema: + type: boolean + - name: InstanceEventWindowId + in: query + required: true + description: The ID of the event window. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteInstanceEventWindow + operationId: POST_DeleteInstanceEventWindow + description: '

Deletes the specified event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteInstanceEventWindowResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteInstanceEventWindowRequest' + parameters: [] + /?Action=DeleteInternetGateway&Version=2016-11-15: + get: + x-aws-operation-name: DeleteInternetGateway + operationId: GET_DeleteInternetGateway + description: Deletes the specified internet gateway. You must detach the internet gateway from the VPC before you can delete it. + responses: + '200': + description: Success + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InternetGatewayId + in: query + required: true + description: The ID of the internet gateway. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteInternetGateway + operationId: POST_DeleteInternetGateway + description: Deletes the specified internet gateway. You must detach the internet gateway from the VPC before you can delete it. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteInternetGatewayRequest' + parameters: [] + /?Action=DeleteIpam&Version=2016-11-15: + get: + x-aws-operation-name: DeleteIpam + operationId: GET_DeleteIpam + description: '

Delete an IPAM. Deleting an IPAM removes all monitored data associated with the IPAM including the historical data for CIDRs.

For more information, see Delete an IPAM in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteIpamResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IpamId + in: query + required: true + description: The ID of the IPAM to delete. + schema: + type: string + - name: Cascade + in: query + required: false + description: '

Enables you to quickly delete an IPAM, private scopes, pools in private scopes, and any allocations in the pools in private scopes. You cannot delete the IPAM with this option if there is a pool in your public scope. If you use this option, IPAM does the following:

  • Deallocates any CIDRs allocated to VPC resources (such as VPCs) in pools in private scopes.

    No VPC resources are deleted as a result of enabling this option. The CIDR associated with the resource will no longer be allocated from an IPAM pool, but the CIDR itself will remain unchanged.

  • Deprovisions all IPv4 CIDRs provisioned to IPAM pools in private scopes.

  • Deletes all IPAM pools in private scopes.

  • Deletes all non-default private scopes in the IPAM.

  • Deletes the default public and private scopes and the IPAM.

' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteIpam + operationId: POST_DeleteIpam + description: '

Delete an IPAM. Deleting an IPAM removes all monitored data associated with the IPAM including the historical data for CIDRs.

For more information, see Delete an IPAM in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteIpamResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteIpamRequest' + parameters: [] + /?Action=DeleteIpamPool&Version=2016-11-15: + get: + x-aws-operation-name: DeleteIpamPool + operationId: GET_DeleteIpamPool + description: '

Delete an IPAM pool.

You cannot delete an IPAM pool if there are allocations in it or CIDRs provisioned to it. To release allocations, see ReleaseIpamPoolAllocation. To deprovision pool CIDRs, see DeprovisionIpamPoolCidr.

For more information, see Delete a pool in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteIpamPoolResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IpamPoolId + in: query + required: true + description: The ID of the pool to delete. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteIpamPool + operationId: POST_DeleteIpamPool + description: '

Delete an IPAM pool.

You cannot delete an IPAM pool if there are allocations in it or CIDRs provisioned to it. To release allocations, see ReleaseIpamPoolAllocation. To deprovision pool CIDRs, see DeprovisionIpamPoolCidr.

For more information, see Delete a pool in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteIpamPoolResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteIpamPoolRequest' + parameters: [] + /?Action=DeleteIpamScope&Version=2016-11-15: + get: + x-aws-operation-name: DeleteIpamScope + operationId: GET_DeleteIpamScope + description: '

Delete the scope for an IPAM. You cannot delete the default scopes.

For more information, see Delete a scope in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteIpamScopeResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IpamScopeId + in: query + required: true + description: The ID of the scope to delete. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteIpamScope + operationId: POST_DeleteIpamScope + description: '

Delete the scope for an IPAM. You cannot delete the default scopes.

For more information, see Delete a scope in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteIpamScopeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteIpamScopeRequest' + parameters: [] + /?Action=DeleteKeyPair&Version=2016-11-15: + get: + x-aws-operation-name: DeleteKeyPair + operationId: GET_DeleteKeyPair + description: 'Deletes the specified key pair, by removing the public key from Amazon EC2.' + responses: + '200': + description: Success + parameters: + - name: KeyName + in: query + required: false + description: The name of the key pair. + schema: + type: string + - name: KeyPairId + in: query + required: false + description: The ID of the key pair. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteKeyPair + operationId: POST_DeleteKeyPair + description: 'Deletes the specified key pair, by removing the public key from Amazon EC2.' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteKeyPairRequest' + parameters: [] + /?Action=DeleteLaunchTemplate&Version=2016-11-15: + get: + x-aws-operation-name: DeleteLaunchTemplate + operationId: GET_DeleteLaunchTemplate + description: Deletes a launch template. Deleting a launch template deletes all of its versions. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteLaunchTemplateResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: LaunchTemplateId + in: query + required: false + description: The ID of the launch template. You must specify either the launch template ID or launch template name in the request. + schema: + type: string + - name: LaunchTemplateName + in: query + required: false + description: The name of the launch template. You must specify either the launch template ID or launch template name in the request. + schema: + type: string + pattern: '[a-zA-Z0-9\(\)\.\-/_]+' + minLength: 3 + maxLength: 128 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteLaunchTemplate + operationId: POST_DeleteLaunchTemplate + description: Deletes a launch template. Deleting a launch template deletes all of its versions. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteLaunchTemplateResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteLaunchTemplateRequest' + parameters: [] + /?Action=DeleteLaunchTemplateVersions&Version=2016-11-15: + get: + x-aws-operation-name: DeleteLaunchTemplateVersions + operationId: GET_DeleteLaunchTemplateVersions + description: 'Deletes one or more versions of a launch template. You cannot delete the default version of a launch template; you must first assign a different version as the default. If the default version is the only version for the launch template, you must delete the entire launch template using DeleteLaunchTemplate.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteLaunchTemplateVersionsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: LaunchTemplateId + in: query + required: false + description: The ID of the launch template. You must specify either the launch template ID or launch template name in the request. + schema: + type: string + - name: LaunchTemplateName + in: query + required: false + description: The name of the launch template. You must specify either the launch template ID or launch template name in the request. + schema: + type: string + pattern: '[a-zA-Z0-9\(\)\.\-/_]+' + minLength: 3 + maxLength: 128 + - name: LaunchTemplateVersion + in: query + required: true + description: The version numbers of one or more launch template versions to delete. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteLaunchTemplateVersions + operationId: POST_DeleteLaunchTemplateVersions + description: 'Deletes one or more versions of a launch template. You cannot delete the default version of a launch template; you must first assign a different version as the default. If the default version is the only version for the launch template, you must delete the entire launch template using DeleteLaunchTemplate.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteLaunchTemplateVersionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteLaunchTemplateVersionsRequest' + parameters: [] + /?Action=DeleteLocalGatewayRoute&Version=2016-11-15: + get: + x-aws-operation-name: DeleteLocalGatewayRoute + operationId: GET_DeleteLocalGatewayRoute + description: Deletes the specified route from the specified local gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteLocalGatewayRouteResult' + parameters: + - name: DestinationCidrBlock + in: query + required: true + description: The CIDR range for the route. This must match the CIDR for the route exactly. + schema: + type: string + - name: LocalGatewayRouteTableId + in: query + required: true + description: The ID of the local gateway route table. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteLocalGatewayRoute + operationId: POST_DeleteLocalGatewayRoute + description: Deletes the specified route from the specified local gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteLocalGatewayRouteResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteLocalGatewayRouteRequest' + parameters: [] + /?Action=DeleteLocalGatewayRouteTableVpcAssociation&Version=2016-11-15: + get: + x-aws-operation-name: DeleteLocalGatewayRouteTableVpcAssociation + operationId: GET_DeleteLocalGatewayRouteTableVpcAssociation + description: Deletes the specified association between a VPC and local gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteLocalGatewayRouteTableVpcAssociationResult' + parameters: + - name: LocalGatewayRouteTableVpcAssociationId + in: query + required: true + description: The ID of the association. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteLocalGatewayRouteTableVpcAssociation + operationId: POST_DeleteLocalGatewayRouteTableVpcAssociation + description: Deletes the specified association between a VPC and local gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteLocalGatewayRouteTableVpcAssociationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteLocalGatewayRouteTableVpcAssociationRequest' + parameters: [] + /?Action=DeleteManagedPrefixList&Version=2016-11-15: + get: + x-aws-operation-name: DeleteManagedPrefixList + operationId: GET_DeleteManagedPrefixList + description: Deletes the specified managed prefix list. You must first remove all references to the prefix list in your resources. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteManagedPrefixListResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: PrefixListId + in: query + required: true + description: The ID of the prefix list. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteManagedPrefixList + operationId: POST_DeleteManagedPrefixList + description: Deletes the specified managed prefix list. You must first remove all references to the prefix list in your resources. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteManagedPrefixListResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteManagedPrefixListRequest' + parameters: [] + /?Action=DeleteNatGateway&Version=2016-11-15: + get: + x-aws-operation-name: DeleteNatGateway + operationId: GET_DeleteNatGateway + description: 'Deletes the specified NAT gateway. Deleting a public NAT gateway disassociates its Elastic IP address, but does not release the address from your account. Deleting a NAT gateway does not delete any NAT gateway routes in your route tables.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNatGatewayResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NatGatewayId + in: query + required: true + description: The ID of the NAT gateway. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteNatGateway + operationId: POST_DeleteNatGateway + description: 'Deletes the specified NAT gateway. Deleting a public NAT gateway disassociates its Elastic IP address, but does not release the address from your account. Deleting a NAT gateway does not delete any NAT gateway routes in your route tables.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNatGatewayResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNatGatewayRequest' + parameters: [] + /?Action=DeleteNetworkAcl&Version=2016-11-15: + get: + x-aws-operation-name: DeleteNetworkAcl + operationId: GET_DeleteNetworkAcl + description: Deletes the specified network ACL. You can't delete the ACL if it's associated with any subnets. You can't delete the default network ACL. + responses: + '200': + description: Success + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NetworkAclId + in: query + required: true + description: The ID of the network ACL. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteNetworkAcl + operationId: POST_DeleteNetworkAcl + description: Deletes the specified network ACL. You can't delete the ACL if it's associated with any subnets. You can't delete the default network ACL. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkAclRequest' + parameters: [] + /?Action=DeleteNetworkAclEntry&Version=2016-11-15: + get: + x-aws-operation-name: DeleteNetworkAclEntry + operationId: GET_DeleteNetworkAclEntry + description: Deletes the specified ingress or egress entry (rule) from the specified network ACL. + responses: + '200': + description: Success + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Egress + in: query + required: true + description: Indicates whether the rule is an egress rule. + schema: + type: boolean + - name: NetworkAclId + in: query + required: true + description: The ID of the network ACL. + schema: + type: string + - name: RuleNumber + in: query + required: true + description: The rule number of the entry to delete. + schema: + type: integer + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteNetworkAclEntry + operationId: POST_DeleteNetworkAclEntry + description: Deletes the specified ingress or egress entry (rule) from the specified network ACL. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkAclEntryRequest' + parameters: [] + /?Action=DeleteNetworkInsightsAccessScope&Version=2016-11-15: + get: + x-aws-operation-name: DeleteNetworkInsightsAccessScope + operationId: GET_DeleteNetworkInsightsAccessScope + description: Deletes the specified Network Access Scope. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInsightsAccessScopeResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NetworkInsightsAccessScopeId + in: query + required: true + description: The ID of the Network Access Scope. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteNetworkInsightsAccessScope + operationId: POST_DeleteNetworkInsightsAccessScope + description: Deletes the specified Network Access Scope. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInsightsAccessScopeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInsightsAccessScopeRequest' + parameters: [] + /?Action=DeleteNetworkInsightsAccessScopeAnalysis&Version=2016-11-15: + get: + x-aws-operation-name: DeleteNetworkInsightsAccessScopeAnalysis + operationId: GET_DeleteNetworkInsightsAccessScopeAnalysis + description: Deletes the specified Network Access Scope analysis. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInsightsAccessScopeAnalysisResult' + parameters: + - name: NetworkInsightsAccessScopeAnalysisId + in: query + required: true + description: The ID of the Network Access Scope analysis. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteNetworkInsightsAccessScopeAnalysis + operationId: POST_DeleteNetworkInsightsAccessScopeAnalysis + description: Deletes the specified Network Access Scope analysis. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInsightsAccessScopeAnalysisResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInsightsAccessScopeAnalysisRequest' + parameters: [] + /?Action=DeleteNetworkInsightsAnalysis&Version=2016-11-15: + get: + x-aws-operation-name: DeleteNetworkInsightsAnalysis + operationId: GET_DeleteNetworkInsightsAnalysis + description: Deletes the specified network insights analysis. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInsightsAnalysisResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NetworkInsightsAnalysisId + in: query + required: true + description: The ID of the network insights analysis. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteNetworkInsightsAnalysis + operationId: POST_DeleteNetworkInsightsAnalysis + description: Deletes the specified network insights analysis. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInsightsAnalysisResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInsightsAnalysisRequest' + parameters: [] + /?Action=DeleteNetworkInsightsPath&Version=2016-11-15: + get: + x-aws-operation-name: DeleteNetworkInsightsPath + operationId: GET_DeleteNetworkInsightsPath + description: Deletes the specified path. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInsightsPathResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NetworkInsightsPathId + in: query + required: true + description: The ID of the path. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteNetworkInsightsPath + operationId: POST_DeleteNetworkInsightsPath + description: Deletes the specified path. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInsightsPathResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInsightsPathRequest' + parameters: [] + /?Action=DeleteNetworkInterface&Version=2016-11-15: + get: + x-aws-operation-name: DeleteNetworkInterface + operationId: GET_DeleteNetworkInterface + description: Deletes the specified network interface. You must detach the network interface before you can delete it. + responses: + '200': + description: Success + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NetworkInterfaceId + in: query + required: true + description: The ID of the network interface. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteNetworkInterface + operationId: POST_DeleteNetworkInterface + description: Deletes the specified network interface. You must detach the network interface before you can delete it. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInterfaceRequest' + parameters: [] + /?Action=DeleteNetworkInterfacePermission&Version=2016-11-15: + get: + x-aws-operation-name: DeleteNetworkInterfacePermission + operationId: GET_DeleteNetworkInterfacePermission + description: 'Deletes a permission for a network interface. By default, you cannot delete the permission if the account for which you''re removing the permission has attached the network interface to an instance. However, you can force delete the permission, regardless of any attachment.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInterfacePermissionResult' + parameters: + - name: NetworkInterfacePermissionId + in: query + required: true + description: The ID of the network interface permission. + schema: + type: string + - name: Force + in: query + required: false + description: Specify true to remove the permission even if the network interface is attached to an instance. + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteNetworkInterfacePermission + operationId: POST_DeleteNetworkInterfacePermission + description: 'Deletes a permission for a network interface. By default, you cannot delete the permission if the account for which you''re removing the permission has attached the network interface to an instance. However, you can force delete the permission, regardless of any attachment.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInterfacePermissionResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteNetworkInterfacePermissionRequest' + parameters: [] + /?Action=DeletePlacementGroup&Version=2016-11-15: + get: + x-aws-operation-name: DeletePlacementGroup + operationId: GET_DeletePlacementGroup + description: 'Deletes the specified placement group. You must terminate all instances in the placement group before you can delete the placement group. For more information, see Placement groups in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: GroupName + in: query + required: true + description: The name of the placement group. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeletePlacementGroup + operationId: POST_DeletePlacementGroup + description: 'Deletes the specified placement group. You must terminate all instances in the placement group before you can delete the placement group. For more information, see Placement groups in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeletePlacementGroupRequest' + parameters: [] + /?Action=DeletePublicIpv4Pool&Version=2016-11-15: + get: + x-aws-operation-name: DeletePublicIpv4Pool + operationId: GET_DeletePublicIpv4Pool + description: 'Delete a public IPv4 pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeletePublicIpv4PoolResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: PoolId + in: query + required: true + description: The ID of the public IPv4 pool you want to delete. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeletePublicIpv4Pool + operationId: POST_DeletePublicIpv4Pool + description: 'Delete a public IPv4 pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeletePublicIpv4PoolResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeletePublicIpv4PoolRequest' + parameters: [] + /?Action=DeleteQueuedReservedInstances&Version=2016-11-15: + get: + x-aws-operation-name: DeleteQueuedReservedInstances + operationId: GET_DeleteQueuedReservedInstances + description: Deletes the queued purchases for the specified Reserved Instances. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteQueuedReservedInstancesResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ReservedInstancesId + in: query + required: true + description: The IDs of the Reserved Instances. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservationId' + - xml: + name: item + minItems: 1 + maxItems: 100 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteQueuedReservedInstances + operationId: POST_DeleteQueuedReservedInstances + description: Deletes the queued purchases for the specified Reserved Instances. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteQueuedReservedInstancesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteQueuedReservedInstancesRequest' + parameters: [] + /?Action=DeleteRoute&Version=2016-11-15: + get: + x-aws-operation-name: DeleteRoute + operationId: GET_DeleteRoute + description: Deletes the specified route from the specified route table. + responses: + '200': + description: Success + parameters: + - name: DestinationCidrBlock + in: query + required: false + description: The IPv4 CIDR range for the route. The value you specify must match the CIDR for the route exactly. + schema: + type: string + - name: DestinationIpv6CidrBlock + in: query + required: false + description: The IPv6 CIDR range for the route. The value you specify must match the CIDR for the route exactly. + schema: + type: string + - name: DestinationPrefixListId + in: query + required: false + description: The ID of the prefix list for the route. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: RouteTableId + in: query + required: true + description: The ID of the route table. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteRoute + operationId: POST_DeleteRoute + description: Deletes the specified route from the specified route table. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteRouteRequest' + parameters: [] + /?Action=DeleteRouteTable&Version=2016-11-15: + get: + x-aws-operation-name: DeleteRouteTable + operationId: GET_DeleteRouteTable + description: Deletes the specified route table. You must disassociate the route table from any subnets before you can delete it. You can't delete the main route table. + responses: + '200': + description: Success + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: RouteTableId + in: query + required: true + description: The ID of the route table. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteRouteTable + operationId: POST_DeleteRouteTable + description: Deletes the specified route table. You must disassociate the route table from any subnets before you can delete it. You can't delete the main route table. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteRouteTableRequest' + parameters: [] + /?Action=DeleteSecurityGroup&Version=2016-11-15: + get: + x-aws-operation-name: DeleteSecurityGroup + operationId: GET_DeleteSecurityGroup + description: '

Deletes a security group.

If you attempt to delete a security group that is associated with an instance, or is referenced by another security group, the operation fails with InvalidGroup.InUse in EC2-Classic or DependencyViolation in EC2-VPC.

' + responses: + '200': + description: Success + parameters: + - name: GroupId + in: query + required: false + description: The ID of the security group. Required for a nondefault VPC. + schema: + type: string + - name: GroupName + in: query + required: false + description: '[EC2-Classic, default VPC] The name of the security group. You can specify either the security group name or the security group ID.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteSecurityGroup + operationId: POST_DeleteSecurityGroup + description: '

Deletes a security group.

If you attempt to delete a security group that is associated with an instance, or is referenced by another security group, the operation fails with InvalidGroup.InUse in EC2-Classic or DependencyViolation in EC2-VPC.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteSecurityGroupRequest' + parameters: [] + /?Action=DeleteSnapshot&Version=2016-11-15: + get: + x-aws-operation-name: DeleteSnapshot + operationId: GET_DeleteSnapshot + description: '

Deletes the specified snapshot.

When you make periodic snapshots of a volume, the snapshots are incremental, and only the blocks on the device that have changed since your last snapshot are saved in the new snapshot. When you delete a snapshot, only the data not needed for any other snapshot is removed. So regardless of which prior snapshots have been deleted, all active snapshots will have access to all the information needed to restore the volume.

You cannot delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first de-register the AMI before you can delete the snapshot.

For more information, see Delete an Amazon EBS snapshot in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + parameters: + - name: SnapshotId + in: query + required: true + description: The ID of the EBS snapshot. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteSnapshot + operationId: POST_DeleteSnapshot + description: '

Deletes the specified snapshot.

When you make periodic snapshots of a volume, the snapshots are incremental, and only the blocks on the device that have changed since your last snapshot are saved in the new snapshot. When you delete a snapshot, only the data not needed for any other snapshot is removed. So regardless of which prior snapshots have been deleted, all active snapshots will have access to all the information needed to restore the volume.

You cannot delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first de-register the AMI before you can delete the snapshot.

For more information, see Delete an Amazon EBS snapshot in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteSnapshotRequest' + parameters: [] + /?Action=DeleteSpotDatafeedSubscription&Version=2016-11-15: + get: + x-aws-operation-name: DeleteSpotDatafeedSubscription + operationId: GET_DeleteSpotDatafeedSubscription + description: Deletes the data feed for Spot Instances. + responses: + '200': + description: Success + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteSpotDatafeedSubscription + operationId: POST_DeleteSpotDatafeedSubscription + description: Deletes the data feed for Spot Instances. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteSpotDatafeedSubscriptionRequest' + parameters: [] + /?Action=DeleteSubnet&Version=2016-11-15: + get: + x-aws-operation-name: DeleteSubnet + operationId: GET_DeleteSubnet + description: Deletes the specified subnet. You must terminate all running instances in the subnet before you can delete the subnet. + responses: + '200': + description: Success + parameters: + - name: SubnetId + in: query + required: true + description: The ID of the subnet. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteSubnet + operationId: POST_DeleteSubnet + description: Deletes the specified subnet. You must terminate all running instances in the subnet before you can delete the subnet. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteSubnetRequest' + parameters: [] + /?Action=DeleteSubnetCidrReservation&Version=2016-11-15: + get: + x-aws-operation-name: DeleteSubnetCidrReservation + operationId: GET_DeleteSubnetCidrReservation + description: Deletes a subnet CIDR reservation. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteSubnetCidrReservationResult' + parameters: + - name: SubnetCidrReservationId + in: query + required: true + description: The ID of the subnet CIDR reservation. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteSubnetCidrReservation + operationId: POST_DeleteSubnetCidrReservation + description: Deletes a subnet CIDR reservation. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteSubnetCidrReservationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteSubnetCidrReservationRequest' + parameters: [] + /?Action=DeleteTags&Version=2016-11-15: + get: + x-aws-operation-name: DeleteTags + operationId: GET_DeleteTags + description: '

Deletes the specified set of tags from the specified set of resources.

To list the current tags, use DescribeTags. For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ResourceId + in: query + required: true + description: '

The IDs of the resources, separated by spaces.

Constraints: Up to 1000 resource IDs. We recommend breaking up this request into smaller batches.

' + schema: + type: array + items: + $ref: '#/components/schemas/TaggableResourceId' + - name: Tag + in: query + required: false + description: '

The tags to delete. Specify a tag key and an optional tag value to delete specific tags. If you specify a tag key without a tag value, we delete any tag with this key regardless of its value. If you specify a tag key with an empty string as the tag value, we delete the tag only if its value is an empty string.

If you omit this parameter, we delete all user-defined tags for the specified resources. We do not delete Amazon Web Services-generated tags (tags that have the aws: prefix).

Constraints: Up to 1000 tags.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteTags + operationId: POST_DeleteTags + description: '

Deletes the specified set of tags from the specified set of resources.

To list the current tags, use DescribeTags. For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTagsRequest' + parameters: [] + /?Action=DeleteTrafficMirrorFilter&Version=2016-11-15: + get: + x-aws-operation-name: DeleteTrafficMirrorFilter + operationId: GET_DeleteTrafficMirrorFilter + description:

Deletes the specified Traffic Mirror filter.

You cannot delete a Traffic Mirror filter that is in use by a Traffic Mirror session.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTrafficMirrorFilterResult' + parameters: + - name: TrafficMirrorFilterId + in: query + required: true + description: The ID of the Traffic Mirror filter. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteTrafficMirrorFilter + operationId: POST_DeleteTrafficMirrorFilter + description:

Deletes the specified Traffic Mirror filter.

You cannot delete a Traffic Mirror filter that is in use by a Traffic Mirror session.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTrafficMirrorFilterResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTrafficMirrorFilterRequest' + parameters: [] + /?Action=DeleteTrafficMirrorFilterRule&Version=2016-11-15: + get: + x-aws-operation-name: DeleteTrafficMirrorFilterRule + operationId: GET_DeleteTrafficMirrorFilterRule + description: Deletes the specified Traffic Mirror rule. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTrafficMirrorFilterRuleResult' + parameters: + - name: TrafficMirrorFilterRuleId + in: query + required: true + description: The ID of the Traffic Mirror rule. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteTrafficMirrorFilterRule + operationId: POST_DeleteTrafficMirrorFilterRule + description: Deletes the specified Traffic Mirror rule. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTrafficMirrorFilterRuleResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTrafficMirrorFilterRuleRequest' + parameters: [] + /?Action=DeleteTrafficMirrorSession&Version=2016-11-15: + get: + x-aws-operation-name: DeleteTrafficMirrorSession + operationId: GET_DeleteTrafficMirrorSession + description: Deletes the specified Traffic Mirror session. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTrafficMirrorSessionResult' + parameters: + - name: TrafficMirrorSessionId + in: query + required: true + description: The ID of the Traffic Mirror session. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteTrafficMirrorSession + operationId: POST_DeleteTrafficMirrorSession + description: Deletes the specified Traffic Mirror session. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTrafficMirrorSessionResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTrafficMirrorSessionRequest' + parameters: [] + /?Action=DeleteTrafficMirrorTarget&Version=2016-11-15: + get: + x-aws-operation-name: DeleteTrafficMirrorTarget + operationId: GET_DeleteTrafficMirrorTarget + description:

Deletes the specified Traffic Mirror target.

You cannot delete a Traffic Mirror target that is in use by a Traffic Mirror session.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTrafficMirrorTargetResult' + parameters: + - name: TrafficMirrorTargetId + in: query + required: true + description: The ID of the Traffic Mirror target. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteTrafficMirrorTarget + operationId: POST_DeleteTrafficMirrorTarget + description:

Deletes the specified Traffic Mirror target.

You cannot delete a Traffic Mirror target that is in use by a Traffic Mirror session.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTrafficMirrorTargetResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTrafficMirrorTargetRequest' + parameters: [] + /?Action=DeleteTransitGateway&Version=2016-11-15: + get: + x-aws-operation-name: DeleteTransitGateway + operationId: GET_DeleteTransitGateway + description: Deletes the specified transit gateway. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayResult' + parameters: + - name: TransitGatewayId + in: query + required: true + description: The ID of the transit gateway. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteTransitGateway + operationId: POST_DeleteTransitGateway + description: Deletes the specified transit gateway. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayRequest' + parameters: [] + /?Action=DeleteTransitGatewayConnect&Version=2016-11-15: + get: + x-aws-operation-name: DeleteTransitGatewayConnect + operationId: GET_DeleteTransitGatewayConnect + description: Deletes the specified Connect attachment. You must first delete any Connect peers for the attachment. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayConnectResult' + parameters: + - name: TransitGatewayAttachmentId + in: query + required: true + description: The ID of the Connect attachment. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteTransitGatewayConnect + operationId: POST_DeleteTransitGatewayConnect + description: Deletes the specified Connect attachment. You must first delete any Connect peers for the attachment. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayConnectResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayConnectRequest' + parameters: [] + /?Action=DeleteTransitGatewayConnectPeer&Version=2016-11-15: + get: + x-aws-operation-name: DeleteTransitGatewayConnectPeer + operationId: GET_DeleteTransitGatewayConnectPeer + description: Deletes the specified Connect peer. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayConnectPeerResult' + parameters: + - name: TransitGatewayConnectPeerId + in: query + required: true + description: The ID of the Connect peer. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteTransitGatewayConnectPeer + operationId: POST_DeleteTransitGatewayConnectPeer + description: Deletes the specified Connect peer. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayConnectPeerResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayConnectPeerRequest' + parameters: [] + /?Action=DeleteTransitGatewayMulticastDomain&Version=2016-11-15: + get: + x-aws-operation-name: DeleteTransitGatewayMulticastDomain + operationId: GET_DeleteTransitGatewayMulticastDomain + description: Deletes the specified transit gateway multicast domain. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayMulticastDomainResult' + parameters: + - name: TransitGatewayMulticastDomainId + in: query + required: true + description: The ID of the transit gateway multicast domain. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteTransitGatewayMulticastDomain + operationId: POST_DeleteTransitGatewayMulticastDomain + description: Deletes the specified transit gateway multicast domain. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayMulticastDomainResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayMulticastDomainRequest' + parameters: [] + /?Action=DeleteTransitGatewayPeeringAttachment&Version=2016-11-15: + get: + x-aws-operation-name: DeleteTransitGatewayPeeringAttachment + operationId: GET_DeleteTransitGatewayPeeringAttachment + description: Deletes a transit gateway peering attachment. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayPeeringAttachmentResult' + parameters: + - name: TransitGatewayAttachmentId + in: query + required: true + description: The ID of the transit gateway peering attachment. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteTransitGatewayPeeringAttachment + operationId: POST_DeleteTransitGatewayPeeringAttachment + description: Deletes a transit gateway peering attachment. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayPeeringAttachmentResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayPeeringAttachmentRequest' + parameters: [] + /?Action=DeleteTransitGatewayPrefixListReference&Version=2016-11-15: + get: + x-aws-operation-name: DeleteTransitGatewayPrefixListReference + operationId: GET_DeleteTransitGatewayPrefixListReference + description: Deletes a reference (route) to a prefix list in a specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayPrefixListReferenceResult' + parameters: + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the route table. + schema: + type: string + - name: PrefixListId + in: query + required: true + description: The ID of the prefix list. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteTransitGatewayPrefixListReference + operationId: POST_DeleteTransitGatewayPrefixListReference + description: Deletes a reference (route) to a prefix list in a specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayPrefixListReferenceResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayPrefixListReferenceRequest' + parameters: [] + /?Action=DeleteTransitGatewayRoute&Version=2016-11-15: + get: + x-aws-operation-name: DeleteTransitGatewayRoute + operationId: GET_DeleteTransitGatewayRoute + description: Deletes the specified route from the specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayRouteResult' + parameters: + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the transit gateway route table. + schema: + type: string + - name: DestinationCidrBlock + in: query + required: true + description: The CIDR range for the route. This must match the CIDR for the route exactly. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteTransitGatewayRoute + operationId: POST_DeleteTransitGatewayRoute + description: Deletes the specified route from the specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayRouteResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayRouteRequest' + parameters: [] + /?Action=DeleteTransitGatewayRouteTable&Version=2016-11-15: + get: + x-aws-operation-name: DeleteTransitGatewayRouteTable + operationId: GET_DeleteTransitGatewayRouteTable + description: Deletes the specified transit gateway route table. You must disassociate the route table from any transit gateway route tables before you can delete it. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayRouteTableResult' + parameters: + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the transit gateway route table. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteTransitGatewayRouteTable + operationId: POST_DeleteTransitGatewayRouteTable + description: Deletes the specified transit gateway route table. You must disassociate the route table from any transit gateway route tables before you can delete it. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayRouteTableResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayRouteTableRequest' + parameters: [] + /?Action=DeleteTransitGatewayVpcAttachment&Version=2016-11-15: + get: + x-aws-operation-name: DeleteTransitGatewayVpcAttachment + operationId: GET_DeleteTransitGatewayVpcAttachment + description: Deletes the specified VPC attachment. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayVpcAttachmentResult' + parameters: + - name: TransitGatewayAttachmentId + in: query + required: true + description: The ID of the attachment. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteTransitGatewayVpcAttachment + operationId: POST_DeleteTransitGatewayVpcAttachment + description: Deletes the specified VPC attachment. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayVpcAttachmentResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteTransitGatewayVpcAttachmentRequest' + parameters: [] + /?Action=DeleteVolume&Version=2016-11-15: + get: + x-aws-operation-name: DeleteVolume + operationId: GET_DeleteVolume + description: '

Deletes the specified EBS volume. The volume must be in the available state (not attached to an instance).

The volume can remain in the deleting state for several minutes.

For more information, see Delete an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + parameters: + - name: VolumeId + in: query + required: true + description: The ID of the volume. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteVolume + operationId: POST_DeleteVolume + description: '

Deletes the specified EBS volume. The volume must be in the available state (not attached to an instance).

The volume can remain in the deleting state for several minutes.

For more information, see Delete an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVolumeRequest' + parameters: [] + /?Action=DeleteVpc&Version=2016-11-15: + get: + x-aws-operation-name: DeleteVpc + operationId: GET_DeleteVpc + description: 'Deletes the specified VPC. You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. For example, you must terminate all instances running in the VPC, delete all security groups associated with the VPC (except the default one), delete all route tables associated with the VPC (except the default one), and so on.' + responses: + '200': + description: Success + parameters: + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteVpc + operationId: POST_DeleteVpc + description: 'Deletes the specified VPC. You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. For example, you must terminate all instances running in the VPC, delete all security groups associated with the VPC (except the default one), delete all route tables associated with the VPC (except the default one), and so on.' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpcRequest' + parameters: [] + /?Action=DeleteVpcEndpointConnectionNotifications&Version=2016-11-15: + get: + x-aws-operation-name: DeleteVpcEndpointConnectionNotifications + operationId: GET_DeleteVpcEndpointConnectionNotifications + description: Deletes one or more VPC endpoint connection notifications. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpcEndpointConnectionNotificationsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ConnectionNotificationId + in: query + required: true + description: One or more notification IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ConnectionNotificationId' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteVpcEndpointConnectionNotifications + operationId: POST_DeleteVpcEndpointConnectionNotifications + description: Deletes one or more VPC endpoint connection notifications. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpcEndpointConnectionNotificationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpcEndpointConnectionNotificationsRequest' + parameters: [] + /?Action=DeleteVpcEndpointServiceConfigurations&Version=2016-11-15: + get: + x-aws-operation-name: DeleteVpcEndpointServiceConfigurations + operationId: GET_DeleteVpcEndpointServiceConfigurations + description: 'Deletes one or more VPC endpoint service configurations in your account. Before you delete the endpoint service configuration, you must reject any Available or PendingAcceptance interface endpoint connections that are attached to the service.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpcEndpointServiceConfigurationsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ServiceId + in: query + required: true + description: The IDs of one or more services. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcEndpointServiceId' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteVpcEndpointServiceConfigurations + operationId: POST_DeleteVpcEndpointServiceConfigurations + description: 'Deletes one or more VPC endpoint service configurations in your account. Before you delete the endpoint service configuration, you must reject any Available or PendingAcceptance interface endpoint connections that are attached to the service.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpcEndpointServiceConfigurationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpcEndpointServiceConfigurationsRequest' + parameters: [] + /?Action=DeleteVpcEndpoints&Version=2016-11-15: + get: + x-aws-operation-name: DeleteVpcEndpoints + operationId: GET_DeleteVpcEndpoints + description: '

Deletes one or more specified VPC endpoints. You can delete any of the following types of VPC endpoints.

  • Gateway endpoint,

  • Gateway Load Balancer endpoint,

  • Interface endpoint

The following rules apply when you delete a VPC endpoint:

  • When you delete a gateway endpoint, we delete the endpoint routes in the route tables that are associated with the endpoint.

  • When you delete a Gateway Load Balancer endpoint, we delete the endpoint network interfaces.

    You can only delete Gateway Load Balancer endpoints when the routes that are associated with the endpoint are deleted.

  • When you delete an interface endpoint, we delete the endpoint network interfaces.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpcEndpointsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcEndpointId + in: query + required: true + description: One or more VPC endpoint IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcEndpointId' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteVpcEndpoints + operationId: POST_DeleteVpcEndpoints + description: '

Deletes one or more specified VPC endpoints. You can delete any of the following types of VPC endpoints.

  • Gateway endpoint,

  • Gateway Load Balancer endpoint,

  • Interface endpoint

The following rules apply when you delete a VPC endpoint:

  • When you delete a gateway endpoint, we delete the endpoint routes in the route tables that are associated with the endpoint.

  • When you delete a Gateway Load Balancer endpoint, we delete the endpoint network interfaces.

    You can only delete Gateway Load Balancer endpoints when the routes that are associated with the endpoint are deleted.

  • When you delete an interface endpoint, we delete the endpoint network interfaces.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpcEndpointsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpcEndpointsRequest' + parameters: [] + /?Action=DeleteVpcPeeringConnection&Version=2016-11-15: + get: + x-aws-operation-name: DeleteVpcPeeringConnection + operationId: GET_DeleteVpcPeeringConnection + description: Deletes a VPC peering connection. Either the owner of the requester VPC or the owner of the accepter VPC can delete the VPC peering connection if it's in the active state. The owner of the requester VPC can delete a VPC peering connection in the pending-acceptance state. You cannot delete a VPC peering connection that's in the failed state. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpcPeeringConnectionResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcPeeringConnectionId + in: query + required: true + description: The ID of the VPC peering connection. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteVpcPeeringConnection + operationId: POST_DeleteVpcPeeringConnection + description: Deletes a VPC peering connection. Either the owner of the requester VPC or the owner of the accepter VPC can delete the VPC peering connection if it's in the active state. The owner of the requester VPC can delete a VPC peering connection in the pending-acceptance state. You cannot delete a VPC peering connection that's in the failed state. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpcPeeringConnectionResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpcPeeringConnectionRequest' + parameters: [] + /?Action=DeleteVpnConnection&Version=2016-11-15: + get: + x-aws-operation-name: DeleteVpnConnection + operationId: GET_DeleteVpnConnection + description: '

Deletes the specified VPN connection.

If you''re deleting the VPC and its associated components, we recommend that you detach the virtual private gateway from the VPC and delete the VPC before deleting the VPN connection. If you believe that the tunnel credentials for your VPN connection have been compromised, you can delete the VPN connection and create a new one that has new keys, without needing to delete the VPC or virtual private gateway. If you create a new VPN connection, you must reconfigure the customer gateway device using the new configuration information returned with the new VPN connection ID.

For certificate-based authentication, delete all Certificate Manager (ACM) private certificates used for the Amazon Web Services-side tunnel endpoints for the VPN connection before deleting the VPN connection.

' + responses: + '200': + description: Success + parameters: + - name: VpnConnectionId + in: query + required: true + description: The ID of the VPN connection. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteVpnConnection + operationId: POST_DeleteVpnConnection + description: '

Deletes the specified VPN connection.

If you''re deleting the VPC and its associated components, we recommend that you detach the virtual private gateway from the VPC and delete the VPC before deleting the VPN connection. If you believe that the tunnel credentials for your VPN connection have been compromised, you can delete the VPN connection and create a new one that has new keys, without needing to delete the VPC or virtual private gateway. If you create a new VPN connection, you must reconfigure the customer gateway device using the new configuration information returned with the new VPN connection ID.

For certificate-based authentication, delete all Certificate Manager (ACM) private certificates used for the Amazon Web Services-side tunnel endpoints for the VPN connection before deleting the VPN connection.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpnConnectionRequest' + parameters: [] + /?Action=DeleteVpnConnectionRoute&Version=2016-11-15: + get: + x-aws-operation-name: DeleteVpnConnectionRoute + operationId: GET_DeleteVpnConnectionRoute + description: Deletes the specified static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway. + responses: + '200': + description: Success + parameters: + - name: DestinationCidrBlock + in: query + required: true + description: The CIDR block associated with the local subnet of the customer network. + schema: + type: string + - name: VpnConnectionId + in: query + required: true + description: The ID of the VPN connection. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteVpnConnectionRoute + operationId: POST_DeleteVpnConnectionRoute + description: Deletes the specified static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpnConnectionRouteRequest' + parameters: [] + /?Action=DeleteVpnGateway&Version=2016-11-15: + get: + x-aws-operation-name: DeleteVpnGateway + operationId: GET_DeleteVpnGateway + description: Deletes the specified virtual private gateway. You must first detach the virtual private gateway from the VPC. Note that you don't need to delete the virtual private gateway if you plan to delete and recreate the VPN connection between your VPC and your network. + responses: + '200': + description: Success + parameters: + - name: VpnGatewayId + in: query + required: true + description: The ID of the virtual private gateway. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeleteVpnGateway + operationId: POST_DeleteVpnGateway + description: Deletes the specified virtual private gateway. You must first detach the virtual private gateway from the VPC. Note that you don't need to delete the virtual private gateway if you plan to delete and recreate the VPN connection between your VPC and your network. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVpnGatewayRequest' + parameters: [] + /?Action=DeprovisionByoipCidr&Version=2016-11-15: + get: + x-aws-operation-name: DeprovisionByoipCidr + operationId: GET_DeprovisionByoipCidr + description: '

Releases the specified address range that you provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and deletes the corresponding address pool.

Before you can release an address range, you must stop advertising it using WithdrawByoipCidr and you must not have any IP addresses allocated from its address range.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeprovisionByoipCidrResult' + parameters: + - name: Cidr + in: query + required: true + description: 'The address range, in CIDR notation. The prefix must be the same prefix that you specified when you provisioned the address range.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeprovisionByoipCidr + operationId: POST_DeprovisionByoipCidr + description: '

Releases the specified address range that you provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and deletes the corresponding address pool.

Before you can release an address range, you must stop advertising it using WithdrawByoipCidr and you must not have any IP addresses allocated from its address range.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeprovisionByoipCidrResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeprovisionByoipCidrRequest' + parameters: [] + /?Action=DeprovisionIpamPoolCidr&Version=2016-11-15: + get: + x-aws-operation-name: DeprovisionIpamPoolCidr + operationId: GET_DeprovisionIpamPoolCidr + description: 'Deprovision a CIDR provisioned from an IPAM pool. If you deprovision a CIDR from a pool that has a source pool, the CIDR is recycled back into the source pool. For more information, see Deprovision pool CIDRs in the Amazon VPC IPAM User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeprovisionIpamPoolCidrResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IpamPoolId + in: query + required: true + description: The ID of the pool that has the CIDR you want to deprovision. + schema: + type: string + - name: Cidr + in: query + required: false + description: The CIDR which you want to deprovision from the pool. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeprovisionIpamPoolCidr + operationId: POST_DeprovisionIpamPoolCidr + description: 'Deprovision a CIDR provisioned from an IPAM pool. If you deprovision a CIDR from a pool that has a source pool, the CIDR is recycled back into the source pool. For more information, see Deprovision pool CIDRs in the Amazon VPC IPAM User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeprovisionIpamPoolCidrResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeprovisionIpamPoolCidrRequest' + parameters: [] + /?Action=DeprovisionPublicIpv4PoolCidr&Version=2016-11-15: + get: + x-aws-operation-name: DeprovisionPublicIpv4PoolCidr + operationId: GET_DeprovisionPublicIpv4PoolCidr + description: Deprovision a CIDR from a public IPv4 pool. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeprovisionPublicIpv4PoolCidrResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: PoolId + in: query + required: true + description: The ID of the pool that you want to deprovision the CIDR from. + schema: + type: string + - name: Cidr + in: query + required: true + description: The CIDR you want to deprovision from the pool. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeprovisionPublicIpv4PoolCidr + operationId: POST_DeprovisionPublicIpv4PoolCidr + description: Deprovision a CIDR from a public IPv4 pool. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeprovisionPublicIpv4PoolCidrResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeprovisionPublicIpv4PoolCidrRequest' + parameters: [] + /?Action=DeregisterImage&Version=2016-11-15: + get: + x-aws-operation-name: DeregisterImage + operationId: GET_DeregisterImage + description: '

Deregisters the specified AMI. After you deregister an AMI, it can''t be used to launch new instances.

If you deregister an AMI that matches a Recycle Bin retention rule, the AMI is retained in the Recycle Bin for the specified retention period. For more information, see Recycle Bin in the Amazon Elastic Compute Cloud User Guide.

When you deregister an AMI, it doesn''t affect any instances that you''ve already launched from the AMI. You''ll continue to incur usage costs for those instances until you terminate them.

When you deregister an Amazon EBS-backed AMI, it doesn''t affect the snapshot that was created for the root volume of the instance during the AMI creation process. When you deregister an instance store-backed AMI, it doesn''t affect the files that you uploaded to Amazon S3 when you created the AMI.

' + responses: + '200': + description: Success + parameters: + - name: ImageId + in: query + required: true + description: The ID of the AMI. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeregisterImage + operationId: POST_DeregisterImage + description: '

Deregisters the specified AMI. After you deregister an AMI, it can''t be used to launch new instances.

If you deregister an AMI that matches a Recycle Bin retention rule, the AMI is retained in the Recycle Bin for the specified retention period. For more information, see Recycle Bin in the Amazon Elastic Compute Cloud User Guide.

When you deregister an AMI, it doesn''t affect any instances that you''ve already launched from the AMI. You''ll continue to incur usage costs for those instances until you terminate them.

When you deregister an Amazon EBS-backed AMI, it doesn''t affect the snapshot that was created for the root volume of the instance during the AMI creation process. When you deregister an instance store-backed AMI, it doesn''t affect the files that you uploaded to Amazon S3 when you created the AMI.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeregisterImageRequest' + parameters: [] + /?Action=DeregisterInstanceEventNotificationAttributes&Version=2016-11-15: + get: + x-aws-operation-name: DeregisterInstanceEventNotificationAttributes + operationId: GET_DeregisterInstanceEventNotificationAttributes + description: Deregisters tag keys to prevent tags that have the specified tag keys from being included in scheduled event notifications for resources in the Region. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeregisterInstanceEventNotificationAttributesResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceTagAttribute + in: query + required: false + description: Information about the tag keys to deregister. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to deregister all tag keys in the current Region. Specify false to deregister all tag keys. + InstanceTagKey: + allOf: + - $ref: '#/components/schemas/InstanceTagKeySet' + - description: Information about the tag keys to deregister. + description: Information about the tag keys to deregister for the current Region. You can either specify individual tag keys or deregister all tag keys in the current Region. You must specify either IncludeAllTagsOfInstance or InstanceTagKeys in the request + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeregisterInstanceEventNotificationAttributes + operationId: POST_DeregisterInstanceEventNotificationAttributes + description: Deregisters tag keys to prevent tags that have the specified tag keys from being included in scheduled event notifications for resources in the Region. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeregisterInstanceEventNotificationAttributesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeregisterInstanceEventNotificationAttributesRequest' + parameters: [] + /?Action=DeregisterTransitGatewayMulticastGroupMembers&Version=2016-11-15: + get: + x-aws-operation-name: DeregisterTransitGatewayMulticastGroupMembers + operationId: GET_DeregisterTransitGatewayMulticastGroupMembers + description: Deregisters the specified members (network interfaces) from the transit gateway multicast group. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeregisterTransitGatewayMulticastGroupMembersResult' + parameters: + - name: TransitGatewayMulticastDomainId + in: query + required: false + description: The ID of the transit gateway multicast domain. + schema: + type: string + - name: GroupIpAddress + in: query + required: false + description: The IP address assigned to the transit gateway multicast group. + schema: + type: string + - name: NetworkInterfaceIds + in: query + required: false + description: The IDs of the group members' network interfaces. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeregisterTransitGatewayMulticastGroupMembers + operationId: POST_DeregisterTransitGatewayMulticastGroupMembers + description: Deregisters the specified members (network interfaces) from the transit gateway multicast group. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeregisterTransitGatewayMulticastGroupMembersResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeregisterTransitGatewayMulticastGroupMembersRequest' + parameters: [] + /?Action=DeregisterTransitGatewayMulticastGroupSources&Version=2016-11-15: + get: + x-aws-operation-name: DeregisterTransitGatewayMulticastGroupSources + operationId: GET_DeregisterTransitGatewayMulticastGroupSources + description: Deregisters the specified sources (network interfaces) from the transit gateway multicast group. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeregisterTransitGatewayMulticastGroupSourcesResult' + parameters: + - name: TransitGatewayMulticastDomainId + in: query + required: false + description: The ID of the transit gateway multicast domain. + schema: + type: string + - name: GroupIpAddress + in: query + required: false + description: The IP address assigned to the transit gateway multicast group. + schema: + type: string + - name: NetworkInterfaceIds + in: query + required: false + description: The IDs of the group sources' network interfaces. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DeregisterTransitGatewayMulticastGroupSources + operationId: POST_DeregisterTransitGatewayMulticastGroupSources + description: Deregisters the specified sources (network interfaces) from the transit gateway multicast group. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DeregisterTransitGatewayMulticastGroupSourcesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeregisterTransitGatewayMulticastGroupSourcesRequest' + parameters: [] + /?Action=DescribeAccountAttributes&Version=2016-11-15: + get: + x-aws-operation-name: DescribeAccountAttributes + operationId: GET_DescribeAccountAttributes + description: '

Describes attributes of your Amazon Web Services account. The following are the supported account attributes:

  • supported-platforms: Indicates whether your account can launch instances into EC2-Classic and EC2-VPC, or only into EC2-VPC.

  • default-vpc: The ID of the default VPC for your account, or none.

  • max-instances: This attribute is no longer supported. The returned value does not reflect your actual vCPU limit for running On-Demand Instances. For more information, see On-Demand Instance Limits in the Amazon Elastic Compute Cloud User Guide.

  • vpc-max-security-groups-per-interface: The maximum number of security groups that you can assign to a network interface.

  • max-elastic-ips: The maximum number of Elastic IP addresses that you can allocate for use with EC2-Classic.

  • vpc-max-elastic-ips: The maximum number of Elastic IP addresses that you can allocate for use with EC2-VPC.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeAccountAttributesResult' + parameters: + - name: AttributeName + in: query + required: false + description: The account attribute names. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/AccountAttributeName' + - xml: + name: attributeName + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeAccountAttributes + operationId: POST_DescribeAccountAttributes + description: '

Describes attributes of your Amazon Web Services account. The following are the supported account attributes:

  • supported-platforms: Indicates whether your account can launch instances into EC2-Classic and EC2-VPC, or only into EC2-VPC.

  • default-vpc: The ID of the default VPC for your account, or none.

  • max-instances: This attribute is no longer supported. The returned value does not reflect your actual vCPU limit for running On-Demand Instances. For more information, see On-Demand Instance Limits in the Amazon Elastic Compute Cloud User Guide.

  • vpc-max-security-groups-per-interface: The maximum number of security groups that you can assign to a network interface.

  • max-elastic-ips: The maximum number of Elastic IP addresses that you can allocate for use with EC2-Classic.

  • vpc-max-elastic-ips: The maximum number of Elastic IP addresses that you can allocate for use with EC2-VPC.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeAccountAttributesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeAccountAttributesRequest' + parameters: [] + /?Action=DescribeAddresses&Version=2016-11-15: + get: + x-aws-operation-name: DescribeAddresses + operationId: GET_DescribeAddresses + description: '

Describes the specified Elastic IP addresses or all of your Elastic IP addresses.

An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeAddressesResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters. Filter names and values are case-sensitive.

  • allocation-id - [EC2-VPC] The allocation ID for the address.

  • association-id - [EC2-VPC] The association ID for the address.

  • domain - Indicates whether the address is for use in EC2-Classic (standard) or in a VPC (vpc).

  • instance-id - The ID of the instance the address is associated with, if any.

  • network-border-group - A unique set of Availability Zones, Local Zones, or Wavelength Zones from where Amazon Web Services advertises IP addresses.

  • network-interface-id - [EC2-VPC] The ID of the network interface that the address is associated with, if any.

  • network-interface-owner-id - The Amazon Web Services account ID of the owner.

  • private-ip-address - [EC2-VPC] The private IP address associated with the Elastic IP address.

  • public-ip - The Elastic IP address, or the carrier IP address.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: PublicIp + in: query + required: false + description: '

One or more Elastic IP addresses.

Default: Describes all your Elastic IP addresses.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: PublicIp + - name: AllocationId + in: query + required: false + description: '[EC2-VPC] Information about the allocation IDs.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/AllocationId' + - xml: + name: AllocationId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeAddresses + operationId: POST_DescribeAddresses + description: '

Describes the specified Elastic IP addresses or all of your Elastic IP addresses.

An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeAddressesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeAddressesRequest' + parameters: [] + /?Action=DescribeAddressesAttribute&Version=2016-11-15: + get: + x-aws-operation-name: DescribeAddressesAttribute + operationId: GET_DescribeAddressesAttribute + description: 'Describes the attributes of the specified Elastic IP addresses. For requirements, see Using reverse DNS for email applications.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeAddressesAttributeResult' + parameters: + - name: AllocationId + in: query + required: false + description: '[EC2-VPC] The allocation IDs.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/AllocationId' + - xml: + name: item + - name: Attribute + in: query + required: false + description: The attribute of the IP address. + schema: + type: string + enum: + - domain-name + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 1 + maximum: 1000 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeAddressesAttribute + operationId: POST_DescribeAddressesAttribute + description: 'Describes the attributes of the specified Elastic IP addresses. For requirements, see Using reverse DNS for email applications.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeAddressesAttributeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeAddressesAttributeRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeAggregateIdFormat&Version=2016-11-15: + get: + x-aws-operation-name: DescribeAggregateIdFormat + operationId: GET_DescribeAggregateIdFormat + description: '

Describes the longer ID format settings for all resource types in a specific Region. This request is useful for performing a quick audit to determine whether a specific Region is fully opted in for longer IDs (17-character IDs).

This request only returns information about resource types that support longer IDs.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeAggregateIdFormatResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeAggregateIdFormat + operationId: POST_DescribeAggregateIdFormat + description: '

Describes the longer ID format settings for all resource types in a specific Region. This request is useful for performing a quick audit to determine whether a specific Region is fully opted in for longer IDs (17-character IDs).

This request only returns information about resource types that support longer IDs.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeAggregateIdFormatResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeAggregateIdFormatRequest' + parameters: [] + /?Action=DescribeAvailabilityZones&Version=2016-11-15: + get: + x-aws-operation-name: DescribeAvailabilityZones + operationId: GET_DescribeAvailabilityZones + description: '

Describes the Availability Zones, Local Zones, and Wavelength Zones that are available to you. If there is an event impacting a zone, you can use this request to view the state and any provided messages for that zone.

For more information about Availability Zones, Local Zones, and Wavelength Zones, see Regions and zones in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeAvailabilityZonesResult' + parameters: + - name: Filter + in: query + required: false + description: '

The filters.

  • group-name - For Availability Zones, use the Region name. For Local Zones, use the name of the group associated with the Local Zone (for example, us-west-2-lax-1) For Wavelength Zones, use the name of the group associated with the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).

  • message - The Zone message.

  • opt-in-status - The opt-in status (opted-in, and not-opted-in | opt-in-not-required).

  • parent-zoneID - The ID of the zone that handles some of the Local Zone and Wavelength Zone control plane operations, such as API calls.

  • parent-zoneName - The ID of the zone that handles some of the Local Zone and Wavelength Zone control plane operations, such as API calls.

  • region-name - The name of the Region for the Zone (for example, us-east-1).

  • state - The state of the Availability Zone, the Local Zone, or the Wavelength Zone (available).

  • zone-id - The ID of the Availability Zone (for example, use1-az1), the Local Zone (for example, usw2-lax1-az1), or the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).

  • zone-type - The type of zone, for example, local-zone.

  • zone-name - The name of the Availability Zone (for example, us-east-1a), the Local Zone (for example, us-west-2-lax-1a), or the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).

  • zone-type - The type of zone, for example, local-zone.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: ZoneName + in: query + required: false + description: 'The names of the Availability Zones, Local Zones, and Wavelength Zones.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: ZoneName + - name: ZoneId + in: query + required: false + description: 'The IDs of the Availability Zones, Local Zones, and Wavelength Zones.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: ZoneId + - name: AllAvailabilityZones + in: query + required: false + description: '

Include all Availability Zones, Local Zones, and Wavelength Zones regardless of your opt-in status.

If you do not use this parameter, the results include only the zones for the Regions where you have chosen the option to opt in.

' + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeAvailabilityZones + operationId: POST_DescribeAvailabilityZones + description: '

Describes the Availability Zones, Local Zones, and Wavelength Zones that are available to you. If there is an event impacting a zone, you can use this request to view the state and any provided messages for that zone.

For more information about Availability Zones, Local Zones, and Wavelength Zones, see Regions and zones in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeAvailabilityZonesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeAvailabilityZonesRequest' + parameters: [] + /?Action=DescribeBundleTasks&Version=2016-11-15: + get: + x-aws-operation-name: DescribeBundleTasks + operationId: GET_DescribeBundleTasks + description: '

Describes the specified bundle tasks or all of your bundle tasks.

Completed bundle tasks are listed for only a limited time. If your bundle task is no longer in the list, you can still register an AMI from it. Just use RegisterImage with the Amazon S3 bucket name and image manifest name you provided to the bundle task.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeBundleTasksResult' + parameters: + - name: BundleId + in: query + required: false + description: '

The bundle task IDs.

Default: Describes all your bundle tasks.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/BundleId' + - xml: + name: BundleId + - name: Filter + in: query + required: false + description: '

The filters.

  • bundle-id - The ID of the bundle task.

  • error-code - If the task failed, the error code returned.

  • error-message - If the task failed, the error message returned.

  • instance-id - The ID of the instance.

  • progress - The level of task completion, as a percentage (for example, 20%).

  • s3-bucket - The Amazon S3 bucket to store the AMI.

  • s3-prefix - The beginning of the AMI name.

  • start-time - The time the task started (for example, 2013-09-15T17:15:20.000Z).

  • state - The state of the task (pending | waiting-for-shutdown | bundling | storing | cancelling | complete | failed).

  • update-time - The time of the most recent update for the task.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeBundleTasks + operationId: POST_DescribeBundleTasks + description: '

Describes the specified bundle tasks or all of your bundle tasks.

Completed bundle tasks are listed for only a limited time. If your bundle task is no longer in the list, you can still register an AMI from it. Just use RegisterImage with the Amazon S3 bucket name and image manifest name you provided to the bundle task.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeBundleTasksResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeBundleTasksRequest' + parameters: [] + /?Action=DescribeByoipCidrs&Version=2016-11-15: + get: + x-aws-operation-name: DescribeByoipCidrs + operationId: GET_DescribeByoipCidrs + description: '

Describes the IP address ranges that were specified in calls to ProvisionByoipCidr.

To describe the address pools that were created when you provisioned the address ranges, use DescribePublicIpv4Pools or DescribeIpv6Pools.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeByoipCidrsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: MaxResults + in: query + required: true + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 1 + maximum: 100 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeByoipCidrs + operationId: POST_DescribeByoipCidrs + description: '

Describes the IP address ranges that were specified in calls to ProvisionByoipCidr.

To describe the address pools that were created when you provisioned the address ranges, use DescribePublicIpv4Pools or DescribeIpv6Pools.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeByoipCidrsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeByoipCidrsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeCapacityReservationFleets&Version=2016-11-15: + get: + x-aws-operation-name: DescribeCapacityReservationFleets + operationId: GET_DescribeCapacityReservationFleets + description: Describes one or more Capacity Reservation Fleets. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeCapacityReservationFleetsResult' + parameters: + - name: CapacityReservationFleetId + in: query + required: false + description: The IDs of the Capacity Reservation Fleets to describe. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleetId' + - xml: + name: item + - name: NextToken + in: query + required: false + description: The token to use to retrieve the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.' + schema: + type: integer + minimum: 1 + maximum: 100 + - name: Filter + in: query + required: false + description:

One or more filters.

  • state - The state of the Fleet (submitted | modifying | active | partially_fulfilled | expiring | expired | cancelling | cancelled | failed).

  • instance-match-criteria - The instance matching criteria for the Fleet. Only open is supported.

  • tenancy - The tenancy of the Fleet (default | dedicated).

  • allocation-strategy - The allocation strategy used by the Fleet. Only prioritized is supported.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeCapacityReservationFleets + operationId: POST_DescribeCapacityReservationFleets + description: Describes one or more Capacity Reservation Fleets. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeCapacityReservationFleetsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeCapacityReservationFleetsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeCapacityReservations&Version=2016-11-15: + get: + x-aws-operation-name: DescribeCapacityReservations + operationId: GET_DescribeCapacityReservations + description: Describes one or more of your Capacity Reservations. The results describe only the Capacity Reservations in the Amazon Web Services Region that you're currently using. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeCapacityReservationsResult' + parameters: + - name: CapacityReservationId + in: query + required: false + description: The ID of the Capacity Reservation. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/CapacityReservationId' + - xml: + name: item + - name: NextToken + in: query + required: false + description: The token to use to retrieve the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.' + schema: + type: integer + minimum: 1 + maximum: 1000 + - name: Filter + in: query + required: false + description: '

One or more filters.

  • instance-type - The type of instance for which the Capacity Reservation reserves capacity.

  • owner-id - The ID of the Amazon Web Services account that owns the Capacity Reservation.

  • instance-platform - The type of operating system for which the Capacity Reservation reserves capacity.

  • availability-zone - The Availability Zone of the Capacity Reservation.

  • tenancy - Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:

    • default - The Capacity Reservation is created on hardware that is shared with other Amazon Web Services accounts.

    • dedicated - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single Amazon Web Services account.

  • outpost-arn - The Amazon Resource Name (ARN) of the Outpost on which the Capacity Reservation was created.

  • state - The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:

    • active- The Capacity Reservation is active and the capacity is available for your use.

    • expired - The Capacity Reservation expired automatically at the date and time specified in your request. The reserved capacity is no longer available for your use.

    • cancelled - The Capacity Reservation was cancelled. The reserved capacity is no longer available for your use.

    • pending - The Capacity Reservation request was successful but the capacity provisioning is still pending.

    • failed - The Capacity Reservation request has failed. A request might fail due to invalid request parameters, capacity constraints, or instance limit constraints. Failed requests are retained for 60 minutes.

  • start-date - The date and time at which the Capacity Reservation was started.

  • end-date - The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation''s state changes to expired when it reaches its end date and time.

  • end-date-type - Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:

    • unlimited - The Capacity Reservation remains active until you explicitly cancel it.

    • limited - The Capacity Reservation expires automatically at a specified date and time.

  • instance-match-criteria - Indicates the type of instance launches that the Capacity Reservation accepts. The options include:

    • open - The Capacity Reservation accepts all instances that have matching attributes (instance type, platform, and Availability Zone). Instances that have matching attributes launch into the Capacity Reservation automatically without specifying any additional parameters.

    • targeted - The Capacity Reservation only accepts instances that have matching attributes (instance type, platform, and Availability Zone), and explicitly target the Capacity Reservation. This ensures that only permitted instances can use the reserved capacity.

  • placement-group-arn - The ARN of the cluster placement group in which the Capacity Reservation was created.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeCapacityReservations + operationId: POST_DescribeCapacityReservations + description: Describes one or more of your Capacity Reservations. The results describe only the Capacity Reservations in the Amazon Web Services Region that you're currently using. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeCapacityReservationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeCapacityReservationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeCarrierGateways&Version=2016-11-15: + get: + x-aws-operation-name: DescribeCarrierGateways + operationId: GET_DescribeCarrierGateways + description: Describes one or more of your carrier gateways. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeCarrierGatewaysResult' + parameters: + - name: CarrierGatewayId + in: query + required: false + description: One or more carrier gateway IDs. + schema: + type: array + items: + $ref: '#/components/schemas/CarrierGatewayId' + - name: Filter + in: query + required: false + description: '

One or more filters.

  • carrier-gateway-id - The ID of the carrier gateway.

  • state - The state of the carrier gateway (pending | failed | available | deleting | deleted).

  • owner-id - The Amazon Web Services account ID of the owner of the carrier gateway.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC associated with the carrier gateway.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeCarrierGateways + operationId: POST_DescribeCarrierGateways + description: Describes one or more of your carrier gateways. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeCarrierGatewaysResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeCarrierGatewaysRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeClassicLinkInstances&Version=2016-11-15: + get: + x-aws-operation-name: DescribeClassicLinkInstances + operationId: GET_DescribeClassicLinkInstances + description: Describes one or more of your linked EC2-Classic instances. This request only returns information about EC2-Classic instances linked to a VPC through ClassicLink. You cannot use this request to return information about other instances. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClassicLinkInstancesResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • group-id - The ID of a VPC security group that''s associated with the instance.

  • instance-id - The ID of the instance.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC to which the instance is linked.

    vpc-id - The ID of the VPC that the instance is linked to.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceId + in: query + required: false + description: One or more instance IDs. Must be instances linked to a VPC through ClassicLink. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + - name: MaxResults + in: query + required: false + description: '

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

Constraint: If the value is greater than 1000, we return only 1000 items.

' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeClassicLinkInstances + operationId: POST_DescribeClassicLinkInstances + description: Describes one or more of your linked EC2-Classic instances. This request only returns information about EC2-Classic instances linked to a VPC through ClassicLink. You cannot use this request to return information about other instances. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClassicLinkInstancesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClassicLinkInstancesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeClientVpnAuthorizationRules&Version=2016-11-15: + get: + x-aws-operation-name: DescribeClientVpnAuthorizationRules + operationId: GET_DescribeClientVpnAuthorizationRules + description: Describes the authorization rules for a specified Client VPN endpoint. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClientVpnAuthorizationRulesResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + - name: Filter + in: query + required: false + description:

One or more filters. Filter names and values are case-sensitive.

  • description - The description of the authorization rule.

  • destination-cidr - The CIDR of the network to which the authorization rule applies.

  • group-id - The ID of the Active Directory group to which the authorization rule grants access.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value. + schema: + type: integer + minimum: 5 + maximum: 1000 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeClientVpnAuthorizationRules + operationId: POST_DescribeClientVpnAuthorizationRules + description: Describes the authorization rules for a specified Client VPN endpoint. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClientVpnAuthorizationRulesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClientVpnAuthorizationRulesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeClientVpnConnections&Version=2016-11-15: + get: + x-aws-operation-name: DescribeClientVpnConnections + operationId: GET_DescribeClientVpnConnections + description: Describes active client connections and connections that have been terminated within the last 60 minutes for the specified Client VPN endpoint. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClientVpnConnectionsResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint. + schema: + type: string + - name: Filter + in: query + required: false + description: '

One or more filters. Filter names and values are case-sensitive.

  • connection-id - The ID of the connection.

  • username - For Active Directory client authentication, the user name of the client who established the client connection.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value. + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeClientVpnConnections + operationId: POST_DescribeClientVpnConnections + description: Describes active client connections and connections that have been terminated within the last 60 minutes for the specified Client VPN endpoint. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClientVpnConnectionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClientVpnConnectionsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeClientVpnEndpoints&Version=2016-11-15: + get: + x-aws-operation-name: DescribeClientVpnEndpoints + operationId: GET_DescribeClientVpnEndpoints + description: Describes one or more Client VPN endpoints in the account. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClientVpnEndpointsResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: false + description: The ID of the Client VPN endpoint. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ClientVpnEndpointId' + - xml: + name: item + - name: MaxResults + in: query + required: false + description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value. + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + - name: Filter + in: query + required: false + description:

One or more filters. Filter names and values are case-sensitive.

  • endpoint-id - The ID of the Client VPN endpoint.

  • transport-protocol - The transport protocol (tcp | udp).

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeClientVpnEndpoints + operationId: POST_DescribeClientVpnEndpoints + description: Describes one or more Client VPN endpoints in the account. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClientVpnEndpointsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClientVpnEndpointsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeClientVpnRoutes&Version=2016-11-15: + get: + x-aws-operation-name: DescribeClientVpnRoutes + operationId: GET_DescribeClientVpnRoutes + description: Describes the routes for the specified Client VPN endpoint. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClientVpnRoutesResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint. + schema: + type: string + - name: Filter + in: query + required: false + description:

One or more filters. Filter names and values are case-sensitive.

  • destination-cidr - The CIDR of the route destination.

  • origin - How the route was associated with the Client VPN endpoint (associate | add-route).

  • target-subnet - The ID of the subnet through which traffic is routed.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value. + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeClientVpnRoutes + operationId: POST_DescribeClientVpnRoutes + description: Describes the routes for the specified Client VPN endpoint. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClientVpnRoutesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClientVpnRoutesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeClientVpnTargetNetworks&Version=2016-11-15: + get: + x-aws-operation-name: DescribeClientVpnTargetNetworks + operationId: GET_DescribeClientVpnTargetNetworks + description: Describes the target networks associated with the specified Client VPN endpoint. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClientVpnTargetNetworksResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint. + schema: + type: string + - name: AssociationIds + in: query + required: false + description: The IDs of the target network associations. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: MaxResults + in: query + required: false + description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value. + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + - name: Filter + in: query + required: false + description:

One or more filters. Filter names and values are case-sensitive.

  • association-id - The ID of the association.

  • target-network-id - The ID of the subnet specified as the target network.

  • vpc-id - The ID of the VPC in which the target network is located.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeClientVpnTargetNetworks + operationId: POST_DescribeClientVpnTargetNetworks + description: Describes the target networks associated with the specified Client VPN endpoint. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClientVpnTargetNetworksResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeClientVpnTargetNetworksRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeCoipPools&Version=2016-11-15: + get: + x-aws-operation-name: DescribeCoipPools + operationId: GET_DescribeCoipPools + description: Describes the specified customer-owned address pools or all of your customer-owned address pools. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeCoipPoolsResult' + parameters: + - name: PoolId + in: query + required: false + description: The IDs of the address pools. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv4PoolCoipId' + - xml: + name: item + - name: Filter + in: query + required: false + description:

One or more filters.

  • coip-pool.local-gateway-route-table-id - The ID of the local gateway route table.

  • coip-pool.pool-id - The ID of the address pool.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeCoipPools + operationId: POST_DescribeCoipPools + description: Describes the specified customer-owned address pools or all of your customer-owned address pools. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeCoipPoolsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeCoipPoolsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeConversionTasks&Version=2016-11-15: + get: + x-aws-operation-name: DescribeConversionTasks + operationId: GET_DescribeConversionTasks + description: '

Describes the specified conversion tasks or all your conversion tasks. For more information, see the VM Import/Export User Guide.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeConversionTasksResult' + parameters: + - name: ConversionTaskId + in: query + required: false + description: The conversion task IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ConversionTaskId' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeConversionTasks + operationId: POST_DescribeConversionTasks + description: '

Describes the specified conversion tasks or all your conversion tasks. For more information, see the VM Import/Export User Guide.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeConversionTasksResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeConversionTasksRequest' + parameters: [] + /?Action=DescribeCustomerGateways&Version=2016-11-15: + get: + x-aws-operation-name: DescribeCustomerGateways + operationId: GET_DescribeCustomerGateways + description: '

Describes one or more of your VPN customer gateways.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeCustomerGatewaysResult' + parameters: + - name: CustomerGatewayId + in: query + required: false + description: '

One or more customer gateway IDs.

Default: Describes all your customer gateways.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/CustomerGatewayId' + - xml: + name: CustomerGatewayId + - name: Filter + in: query + required: false + description: '

One or more filters.

  • bgp-asn - The customer gateway''s Border Gateway Protocol (BGP) Autonomous System Number (ASN).

  • customer-gateway-id - The ID of the customer gateway.

  • ip-address - The IP address of the customer gateway''s Internet-routable external interface.

  • state - The state of the customer gateway (pending | available | deleting | deleted).

  • type - The type of customer gateway. Currently, the only supported type is ipsec.1.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeCustomerGateways + operationId: POST_DescribeCustomerGateways + description: '

Describes one or more of your VPN customer gateways.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeCustomerGatewaysResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeCustomerGatewaysRequest' + parameters: [] + /?Action=DescribeDhcpOptions&Version=2016-11-15: + get: + x-aws-operation-name: DescribeDhcpOptions + operationId: GET_DescribeDhcpOptions + description: '

Describes one or more of your DHCP options sets.

For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeDhcpOptionsResult' + parameters: + - name: DhcpOptionsId + in: query + required: false + description: '

The IDs of one or more DHCP options sets.

Default: Describes all your DHCP options sets.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/DhcpOptionsId' + - xml: + name: DhcpOptionsId + - name: Filter + in: query + required: false + description: '

One or more filters.

  • dhcp-options-id - The ID of a DHCP options set.

  • key - The key for one of the options (for example, domain-name).

  • value - The value for one of the options.

  • owner-id - The ID of the Amazon Web Services account that owns the DHCP options set.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeDhcpOptions + operationId: POST_DescribeDhcpOptions + description: '

Describes one or more of your DHCP options sets.

For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeDhcpOptionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeDhcpOptionsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeEgressOnlyInternetGateways&Version=2016-11-15: + get: + x-aws-operation-name: DescribeEgressOnlyInternetGateways + operationId: GET_DescribeEgressOnlyInternetGateways + description: Describes one or more of your egress-only internet gateways. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeEgressOnlyInternetGatewaysResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: EgressOnlyInternetGatewayId + in: query + required: false + description: One or more egress-only internet gateway IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/EgressOnlyInternetGatewayId' + - xml: + name: item + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 255 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: Filter + in: query + required: false + description: '

One or more filters.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeEgressOnlyInternetGateways + operationId: POST_DescribeEgressOnlyInternetGateways + description: Describes one or more of your egress-only internet gateways. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeEgressOnlyInternetGatewaysResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeEgressOnlyInternetGatewaysRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeElasticGpus&Version=2016-11-15: + get: + x-aws-operation-name: DescribeElasticGpus + operationId: GET_DescribeElasticGpus + description: 'Describes the Elastic Graphics accelerator associated with your instances. For more information about Elastic Graphics, see Amazon Elastic Graphics.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeElasticGpusResult' + parameters: + - name: ElasticGpuId + in: query + required: false + description: The Elastic Graphics accelerator IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ElasticGpuId' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: '

The filters.

  • availability-zone - The Availability Zone in which the Elastic Graphics accelerator resides.

  • elastic-gpu-health - The status of the Elastic Graphics accelerator (OK | IMPAIRED).

  • elastic-gpu-state - The state of the Elastic Graphics accelerator (ATTACHED).

  • elastic-gpu-type - The type of Elastic Graphics accelerator; for example, eg1.medium.

  • instance-id - The ID of the instance to which the Elastic Graphics accelerator is associated.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 5 and 1000.' + schema: + type: integer + minimum: 10 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token to request the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeElasticGpus + operationId: POST_DescribeElasticGpus + description: 'Describes the Elastic Graphics accelerator associated with your instances. For more information about Elastic Graphics, see Amazon Elastic Graphics.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeElasticGpusResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeElasticGpusRequest' + parameters: [] + /?Action=DescribeExportImageTasks&Version=2016-11-15: + get: + x-aws-operation-name: DescribeExportImageTasks + operationId: GET_DescribeExportImageTasks + description: Describes the specified export image tasks or all of your export image tasks. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeExportImageTasksResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: 'Filter tasks using the task-state filter and one of the following values: active, completed, deleting, or deleted.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: ExportImageTaskId + in: query + required: false + description: The IDs of the export image tasks. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ExportImageTaskId' + - xml: + name: ExportImageTaskId + - name: MaxResults + in: query + required: false + description: The maximum number of results to return in a single call. + schema: + type: integer + minimum: 1 + maximum: 500 + - name: NextToken + in: query + required: false + description: A token that indicates the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeExportImageTasks + operationId: POST_DescribeExportImageTasks + description: Describes the specified export image tasks or all of your export image tasks. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeExportImageTasksResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeExportImageTasksRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeExportTasks&Version=2016-11-15: + get: + x-aws-operation-name: DescribeExportTasks + operationId: GET_DescribeExportTasks + description: Describes the specified export instance tasks or all of your export instance tasks. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeExportTasksResult' + parameters: + - name: ExportTaskId + in: query + required: false + description: The export task IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ExportTaskId' + - xml: + name: ExportTaskId + - name: Filter + in: query + required: false + description: the filters for the export tasks. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeExportTasks + operationId: POST_DescribeExportTasks + description: Describes the specified export instance tasks or all of your export instance tasks. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeExportTasksResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeExportTasksRequest' + parameters: [] + /?Action=DescribeFastLaunchImages&Version=2016-11-15: + get: + x-aws-operation-name: DescribeFastLaunchImages + operationId: GET_DescribeFastLaunchImages + description: Describe details for Windows AMIs that are configured for faster launching. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFastLaunchImagesResult' + parameters: + - name: ImageId + in: query + required: false + description: Details for one or more Windows AMI image IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImageId' + - xml: + name: ImageId + - name: Filter + in: query + required: false + description:

Use the following filters to streamline results.

  • resource-type - The resource type for pre-provisioning.

  • launch-template - The launch template that is associated with the pre-provisioned Windows AMI.

  • owner-id - The owner ID for the pre-provisioning resource.

  • state - The current state of fast launching for the Windows AMI.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another request with the returned NextToken value. If this parameter is not specified, then all results are returned.' + schema: + type: integer + minimum: 0 + maximum: 200 + - name: NextToken + in: query + required: false + description: The token for the next set of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeFastLaunchImages + operationId: POST_DescribeFastLaunchImages + description: Describe details for Windows AMIs that are configured for faster launching. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFastLaunchImagesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFastLaunchImagesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeFastSnapshotRestores&Version=2016-11-15: + get: + x-aws-operation-name: DescribeFastSnapshotRestores + operationId: GET_DescribeFastSnapshotRestores + description: Describes the state of fast snapshot restores for your snapshots. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFastSnapshotRestoresResult' + parameters: + - name: Filter + in: query + required: false + description: '

The filters. The possible values are:

  • availability-zone: The Availability Zone of the snapshot.

  • owner-id: The ID of the Amazon Web Services account that enabled fast snapshot restore on the snapshot.

  • snapshot-id: The ID of the snapshot.

  • state: The state of fast snapshot restores for the snapshot (enabling | optimizing | enabled | disabling | disabled).

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 0 + maximum: 200 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeFastSnapshotRestores + operationId: POST_DescribeFastSnapshotRestores + description: Describes the state of fast snapshot restores for your snapshots. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFastSnapshotRestoresResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFastSnapshotRestoresRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeFleetHistory&Version=2016-11-15: + get: + x-aws-operation-name: DescribeFleetHistory + operationId: GET_DescribeFleetHistory + description: '

Describes the events for the specified EC2 Fleet during the specified time.

EC2 Fleet events are delayed by up to 30 seconds before they can be described. This ensures that you can query by the last evaluated time and not miss a recorded event. EC2 Fleet events are available for 48 hours.

For more information, see Monitor fleet events using Amazon EventBridge in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFleetHistoryResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: EventType + in: query + required: false + description: 'The type of events to describe. By default, all events are described.' + schema: + type: string + enum: + - instance-change + - fleet-change + - service-error + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token for the next set of results. + schema: + type: string + - name: FleetId + in: query + required: true + description: The ID of the EC2 Fleet. + schema: + type: string + - name: StartTime + in: query + required: true + description: 'The start date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + schema: + type: string + format: date-time + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeFleetHistory + operationId: POST_DescribeFleetHistory + description: '

Describes the events for the specified EC2 Fleet during the specified time.

EC2 Fleet events are delayed by up to 30 seconds before they can be described. This ensures that you can query by the last evaluated time and not miss a recorded event. EC2 Fleet events are available for 48 hours.

For more information, see Monitor fleet events using Amazon EventBridge in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFleetHistoryResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFleetHistoryRequest' + parameters: [] + /?Action=DescribeFleetInstances&Version=2016-11-15: + get: + x-aws-operation-name: DescribeFleetInstances + operationId: GET_DescribeFleetInstances + description: '

Describes the running instances for the specified EC2 Fleet.

For more information, see Monitor your EC2 Fleet in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFleetInstancesResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token for the next set of results. + schema: + type: string + - name: FleetId + in: query + required: true + description: The ID of the EC2 Fleet. + schema: + type: string + - name: Filter + in: query + required: false + description:

The filters.

  • instance-type - The instance type.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeFleetInstances + operationId: POST_DescribeFleetInstances + description: '

Describes the running instances for the specified EC2 Fleet.

For more information, see Monitor your EC2 Fleet in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFleetInstancesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFleetInstancesRequest' + parameters: [] + /?Action=DescribeFleets&Version=2016-11-15: + get: + x-aws-operation-name: DescribeFleets + operationId: GET_DescribeFleets + description: '

Describes the specified EC2 Fleets or all of your EC2 Fleets.

For more information, see Monitor your EC2 Fleet in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFleetsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token for the next set of results. + schema: + type: string + - name: FleetId + in: query + required: false + description: '

The IDs of the EC2 Fleets.

If a fleet is of type instant, you must specify the fleet ID, otherwise it does not appear in the response.

' + schema: + type: array + items: + $ref: '#/components/schemas/FleetId' + - name: Filter + in: query + required: false + description:

The filters.

  • activity-status - The progress of the EC2 Fleet ( error | pending-fulfillment | pending-termination | fulfilled).

  • excess-capacity-termination-policy - Indicates whether to terminate running instances if the target capacity is decreased below the current EC2 Fleet size (true | false).

  • fleet-state - The state of the EC2 Fleet (submitted | active | deleted | failed | deleted-running | deleted-terminating | modifying).

  • replace-unhealthy-instances - Indicates whether EC2 Fleet should replace unhealthy instances (true | false).

  • type - The type of request (instant | request | maintain).

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeFleets + operationId: POST_DescribeFleets + description: '

Describes the specified EC2 Fleets or all of your EC2 Fleets.

For more information, see Monitor your EC2 Fleet in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFleetsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFleetsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeFlowLogs&Version=2016-11-15: + get: + x-aws-operation-name: DescribeFlowLogs + operationId: GET_DescribeFlowLogs + description: 'Describes one or more flow logs. To view the information in your flow logs (the log streams for the network interfaces), you must use the CloudWatch Logs console or the CloudWatch Logs API.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFlowLogsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: '

One or more filters.

  • deliver-log-status - The status of the logs delivery (SUCCESS | FAILED).

  • log-destination-type - The type of destination to which the flow log publishes data. Possible destination types include cloud-watch-logs and s3.

  • flow-log-id - The ID of the flow log.

  • log-group-name - The name of the log group.

  • resource-id - The ID of the VPC, subnet, or network interface.

  • traffic-type - The type of traffic (ACCEPT | REJECT | ALL).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: FlowLogId + in: query + required: false + description: '

One or more flow log IDs.

Constraint: Maximum of 1000 flow log IDs.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcFlowLogId' + - xml: + name: item + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeFlowLogs + operationId: POST_DescribeFlowLogs + description: 'Describes one or more flow logs. To view the information in your flow logs (the log streams for the network interfaces), you must use the CloudWatch Logs console or the CloudWatch Logs API.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFlowLogsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFlowLogsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeFpgaImageAttribute&Version=2016-11-15: + get: + x-aws-operation-name: DescribeFpgaImageAttribute + operationId: GET_DescribeFpgaImageAttribute + description: Describes the specified attribute of the specified Amazon FPGA Image (AFI). + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFpgaImageAttributeResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: FpgaImageId + in: query + required: true + description: The ID of the AFI. + schema: + type: string + - name: Attribute + in: query + required: true + description: The AFI attribute. + schema: + type: string + enum: + - description + - name + - loadPermission + - productCodes + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeFpgaImageAttribute + operationId: POST_DescribeFpgaImageAttribute + description: Describes the specified attribute of the specified Amazon FPGA Image (AFI). + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFpgaImageAttributeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFpgaImageAttributeRequest' + parameters: [] + /?Action=DescribeFpgaImages&Version=2016-11-15: + get: + x-aws-operation-name: DescribeFpgaImages + operationId: GET_DescribeFpgaImages + description: 'Describes the Amazon FPGA Images (AFIs) available to you. These include public AFIs, private AFIs that you own, and AFIs owned by other Amazon Web Services accounts for which you have load permissions.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFpgaImagesResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: FpgaImageId + in: query + required: false + description: The AFI IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/FpgaImageId' + - xml: + name: item + - name: Owner + in: query + required: false + description: 'Filters the AFI by owner. Specify an Amazon Web Services account ID, self (owner is the sender of the request), or an Amazon Web Services owner alias (valid values are amazon | aws-marketplace).' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: Owner + - name: Filter + in: query + required: false + description: '

The filters.

  • create-time - The creation time of the AFI.

  • fpga-image-id - The FPGA image identifier (AFI ID).

  • fpga-image-global-id - The global FPGA image identifier (AGFI ID).

  • name - The name of the AFI.

  • owner-id - The Amazon Web Services account ID of the AFI owner.

  • product-code - The product code.

  • shell-version - The version of the Amazon Web Services Shell that was used to create the bitstream.

  • state - The state of the AFI (pending | failed | available | unavailable).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • update-time - The time of the most recent update.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: The maximum number of results to return in a single call. + schema: + type: integer + minimum: 5 + maximum: 1000 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeFpgaImages + operationId: POST_DescribeFpgaImages + description: 'Describes the Amazon FPGA Images (AFIs) available to you. These include public AFIs, private AFIs that you own, and AFIs owned by other Amazon Web Services accounts for which you have load permissions.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFpgaImagesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeFpgaImagesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeHostReservationOfferings&Version=2016-11-15: + get: + x-aws-operation-name: DescribeHostReservationOfferings + operationId: GET_DescribeHostReservationOfferings + description: '

Describes the Dedicated Host reservations that are available to purchase.

The results describe all of the Dedicated Host reservation offerings, including offerings that might not match the instance family and Region of your Dedicated Hosts. When purchasing an offering, ensure that the instance family and Region of the offering matches that of the Dedicated Hosts with which it is to be associated. For more information about supported instance types, see Dedicated Hosts in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeHostReservationOfferingsResult' + parameters: + - name: Filter + in: query + required: false + description: '

The filters.

  • instance-family - The instance family of the offering (for example, m4).

  • payment-option - The payment option (NoUpfront | PartialUpfront | AllUpfront).

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxDuration + in: query + required: false + description: 'This is the maximum duration of the reservation to purchase, specified in seconds. Reservations are available in one-year and three-year terms. The number of seconds specified must be the number of seconds in a year (365x24x60x60) times one of the supported durations (1 or 3). For example, specify 94608000 for three years.' + schema: + type: integer + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.' + schema: + type: integer + minimum: 5 + maximum: 500 + - name: MinDuration + in: query + required: false + description: 'This is the minimum duration of the reservation you''d like to purchase, specified in seconds. Reservations are available in one-year and three-year terms. The number of seconds specified must be the number of seconds in a year (365x24x60x60) times one of the supported durations (1 or 3). For example, specify 31536000 for one year.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token to use to retrieve the next page of results. + schema: + type: string + - name: OfferingId + in: query + required: false + description: The ID of the reservation offering. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeHostReservationOfferings + operationId: POST_DescribeHostReservationOfferings + description: '

Describes the Dedicated Host reservations that are available to purchase.

The results describe all of the Dedicated Host reservation offerings, including offerings that might not match the instance family and Region of your Dedicated Hosts. When purchasing an offering, ensure that the instance family and Region of the offering matches that of the Dedicated Hosts with which it is to be associated. For more information about supported instance types, see Dedicated Hosts in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeHostReservationOfferingsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeHostReservationOfferingsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeHostReservations&Version=2016-11-15: + get: + x-aws-operation-name: DescribeHostReservations + operationId: GET_DescribeHostReservations + description: Describes reservations that are associated with Dedicated Hosts in your account. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeHostReservationsResult' + parameters: + - name: Filter + in: query + required: false + description: '

The filters.

  • instance-family - The instance family (for example, m4).

  • payment-option - The payment option (NoUpfront | PartialUpfront | AllUpfront).

  • state - The state of the reservation (payment-pending | payment-failed | active | retired).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: HostReservationIdSet + in: query + required: false + description: The host reservation IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/HostReservationId' + - xml: + name: item + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token to use to retrieve the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeHostReservations + operationId: POST_DescribeHostReservations + description: Describes reservations that are associated with Dedicated Hosts in your account. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeHostReservationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeHostReservationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeHosts&Version=2016-11-15: + get: + x-aws-operation-name: DescribeHosts + operationId: GET_DescribeHosts + description:

Describes the specified Dedicated Hosts or all your Dedicated Hosts.

The results describe only the Dedicated Hosts in the Region you're currently using. All listed instances consume capacity on your Dedicated Host. Dedicated Hosts that have recently been released are listed with the state released.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeHostsResult' + parameters: + - name: Filter + in: query + required: false + description: '

The filters.

  • auto-placement - Whether auto-placement is enabled or disabled (on | off).

  • availability-zone - The Availability Zone of the host.

  • client-token - The idempotency token that you provided when you allocated the host.

  • host-reservation-id - The ID of the reservation assigned to this host.

  • instance-type - The instance type size that the Dedicated Host is configured to support.

  • state - The allocation state of the Dedicated Host (available | under-assessment | permanent-failure | released | released-permanent-failure).

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: HostId + in: query + required: false + description: The IDs of the Dedicated Hosts. The IDs are used for targeted instance launches. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/DedicatedHostId' + - xml: + name: item + - name: MaxResults + in: query + required: false + description: '

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.

You cannot specify this parameter and the host IDs parameter in the same request.

' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token to use to retrieve the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeHosts + operationId: POST_DescribeHosts + description:

Describes the specified Dedicated Hosts or all your Dedicated Hosts.

The results describe only the Dedicated Hosts in the Region you're currently using. All listed instances consume capacity on your Dedicated Host. Dedicated Hosts that have recently been released are listed with the state released.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeHostsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeHostsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeIamInstanceProfileAssociations&Version=2016-11-15: + get: + x-aws-operation-name: DescribeIamInstanceProfileAssociations + operationId: GET_DescribeIamInstanceProfileAssociations + description: Describes your IAM instance profile associations. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIamInstanceProfileAssociationsResult' + parameters: + - name: AssociationId + in: query + required: false + description: The IAM instance profile associations. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/IamInstanceProfileAssociationId' + - xml: + name: AssociationId + - name: Filter + in: query + required: false + description:

The filters.

  • instance-id - The ID of the instance.

  • state - The state of the association (associating | associated | disassociating).

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token to request the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeIamInstanceProfileAssociations + operationId: POST_DescribeIamInstanceProfileAssociations + description: Describes your IAM instance profile associations. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIamInstanceProfileAssociationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIamInstanceProfileAssociationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeIdFormat&Version=2016-11-15: + get: + x-aws-operation-name: DescribeIdFormat + operationId: GET_DescribeIdFormat + description: '

Describes the ID format settings for your resources on a per-Region basis, for example, to view which resource types are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

These settings apply to the IAM user who makes the request; they do not apply to the entire Amazon Web Services account. By default, an IAM user defaults to the same settings as the root user, unless they explicitly override the settings by running the ModifyIdFormat command. Resources created with longer IDs are visible to all IAM users, regardless of these settings and provided that they have permission to use the relevant Describe command for the resource type.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIdFormatResult' + parameters: + - name: Resource + in: query + required: false + description: 'The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway ' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeIdFormat + operationId: POST_DescribeIdFormat + description: '

Describes the ID format settings for your resources on a per-Region basis, for example, to view which resource types are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

These settings apply to the IAM user who makes the request; they do not apply to the entire Amazon Web Services account. By default, an IAM user defaults to the same settings as the root user, unless they explicitly override the settings by running the ModifyIdFormat command. Resources created with longer IDs are visible to all IAM users, regardless of these settings and provided that they have permission to use the relevant Describe command for the resource type.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIdFormatResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIdFormatRequest' + parameters: [] + /?Action=DescribeIdentityIdFormat&Version=2016-11-15: + get: + x-aws-operation-name: DescribeIdentityIdFormat + operationId: GET_DescribeIdentityIdFormat + description: '

Describes the ID format settings for resources for the specified IAM user, IAM role, or root user. For example, you can view the resource types that are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

These settings apply to the principal specified in the request. They do not apply to the principal that makes the request.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIdentityIdFormatResult' + parameters: + - name: PrincipalArn + in: query + required: true + description: 'The ARN of the principal, which can be an IAM role, IAM user, or the root user.' + schema: + type: string + - name: Resource + in: query + required: false + description: 'The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway ' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeIdentityIdFormat + operationId: POST_DescribeIdentityIdFormat + description: '

Describes the ID format settings for resources for the specified IAM user, IAM role, or root user. For example, you can view the resource types that are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

These settings apply to the principal specified in the request. They do not apply to the principal that makes the request.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIdentityIdFormatResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIdentityIdFormatRequest' + parameters: [] + /?Action=DescribeImageAttribute&Version=2016-11-15: + get: + x-aws-operation-name: DescribeImageAttribute + operationId: GET_DescribeImageAttribute + description: Describes the specified attribute of the specified AMI. You can specify only one attribute at a time. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ImageAttribute' + parameters: + - name: Attribute + in: query + required: true + description: '

The AMI attribute.

Note: The blockDeviceMapping attribute is deprecated. Using this attribute returns the Client.AuthFailure error. To get information about the block device mappings for an AMI, use the DescribeImages action.

' + schema: + type: string + enum: + - description + - kernel + - ramdisk + - launchPermission + - productCodes + - blockDeviceMapping + - sriovNetSupport + - bootMode + - tpmSupport + - uefiData + - lastLaunchedTime + - name: ImageId + in: query + required: true + description: The ID of the AMI. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeImageAttribute + operationId: POST_DescribeImageAttribute + description: Describes the specified attribute of the specified AMI. You can specify only one attribute at a time. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ImageAttribute' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeImageAttributeRequest' + parameters: [] + /?Action=DescribeImages&Version=2016-11-15: + get: + x-aws-operation-name: DescribeImages + operationId: GET_DescribeImages + description: '

Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.

The images available to you include public images, private images that you own, and private images owned by other Amazon Web Services accounts for which you have explicit launch permissions.

Recently deregistered images appear in the returned results for a short interval and then return empty results. After all instances that reference a deregistered AMI are terminated, specifying the ID of the image will eventually return an error indicating that the AMI ID cannot be found.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeImagesResult' + parameters: + - name: ExecutableBy + in: query + required: false + description: '

Scopes the images by users with explicit launch permissions. Specify an Amazon Web Services account ID, self (the sender of the request), or all (public AMIs).

  • If you specify an Amazon Web Services account ID that is not your own, only AMIs shared with that specific Amazon Web Services account ID are returned. However, AMIs that are shared with the account’s organization or organizational unit (OU) are not returned.

  • If you specify self or your own Amazon Web Services account ID, AMIs shared with your account are returned. In addition, AMIs that are shared with the organization or OU of which you are member are also returned.

  • If you specify all, all public AMIs are returned.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: ExecutableBy + - name: Filter + in: query + required: false + description: '

The filters.

  • architecture - The image architecture (i386 | x86_64 | arm64).

  • block-device-mapping.delete-on-termination - A Boolean value that indicates whether the Amazon EBS volume is deleted on instance termination.

  • block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).

  • block-device-mapping.snapshot-id - The ID of the snapshot used for the Amazon EBS volume.

  • block-device-mapping.volume-size - The volume size of the Amazon EBS volume, in GiB.

  • block-device-mapping.volume-type - The volume type of the Amazon EBS volume (io1 | io2 | gp2 | gp3 | sc1 | st1 | standard).

  • block-device-mapping.encrypted - A Boolean that indicates whether the Amazon EBS volume is encrypted.

  • creation-date - The time when the image was created, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.

  • description - The description of the image (provided during image creation).

  • ena-support - A Boolean that indicates whether enhanced networking with ENA is enabled.

  • hypervisor - The hypervisor type (ovm | xen).

  • image-id - The ID of the image.

  • image-type - The image type (machine | kernel | ramdisk).

  • is-public - A Boolean that indicates whether the image is public.

  • kernel-id - The kernel ID.

  • manifest-location - The location of the image manifest.

  • name - The name of the AMI (provided during image creation).

  • owner-alias - The owner alias (amazon | aws-marketplace). The valid aliases are defined in an Amazon-maintained list. This is not the Amazon Web Services account alias that can be set using the IAM console. We recommend that you use the Owner request parameter instead of this filter.

  • owner-id - The Amazon Web Services account ID of the owner. We recommend that you use the Owner request parameter instead of this filter.

  • platform - The platform. To only list Windows-based AMIs, use windows.

  • product-code - The product code.

  • product-code.type - The type of the product code (marketplace).

  • ramdisk-id - The RAM disk ID.

  • root-device-name - The device name of the root device volume (for example, /dev/sda1).

  • root-device-type - The type of the root device volume (ebs | instance-store).

  • state - The state of the image (available | pending | failed).

  • state-reason-code - The reason code for the state change.

  • state-reason-message - The message for the state change.

  • sriov-net-support - A value of simple indicates that enhanced networking with the Intel 82599 VF interface is enabled.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • virtualization-type - The virtualization type (paravirtual | hvm).

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: ImageId + in: query + required: false + description: '

The image IDs.

Default: Describes all images available to you.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImageId' + - xml: + name: ImageId + - name: Owner + in: query + required: false + description: 'Scopes the results to images with the specified owners. You can specify a combination of Amazon Web Services account IDs, self, amazon, and aws-marketplace. If you omit this parameter, the results include all images for which you have launch permissions, regardless of ownership.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: Owner + - name: IncludeDeprecated + in: query + required: false + description: '

If true, all deprecated AMIs are included in the response. If false, no deprecated AMIs are included in the response. If no value is specified, the default value is false.

If you are the AMI owner, all deprecated AMIs appear in the response regardless of the value (true or false) that you set for this parameter.

' + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeImages + operationId: POST_DescribeImages + description: '

Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.

The images available to you include public images, private images that you own, and private images owned by other Amazon Web Services accounts for which you have explicit launch permissions.

Recently deregistered images appear in the returned results for a short interval and then return empty results. After all instances that reference a deregistered AMI are terminated, specifying the ID of the image will eventually return an error indicating that the AMI ID cannot be found.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeImagesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeImagesRequest' + parameters: [] + /?Action=DescribeImportImageTasks&Version=2016-11-15: + get: + x-aws-operation-name: DescribeImportImageTasks + operationId: GET_DescribeImportImageTasks + description: Displays details about an import virtual machine or import snapshot tasks that are already created. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeImportImageTasksResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filters + in: query + required: false + description: 'Filter tasks using the task-state filter and one of the following values: active, completed, deleting, or deleted.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: ImportTaskId + in: query + required: false + description: The IDs of the import image tasks. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImportImageTaskId' + - xml: + name: ImportTaskId + - name: MaxResults + in: query + required: false + description: The maximum number of results to return in a single call. + schema: + type: integer + - name: NextToken + in: query + required: false + description: A token that indicates the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeImportImageTasks + operationId: POST_DescribeImportImageTasks + description: Displays details about an import virtual machine or import snapshot tasks that are already created. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeImportImageTasksResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeImportImageTasksRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeImportSnapshotTasks&Version=2016-11-15: + get: + x-aws-operation-name: DescribeImportSnapshotTasks + operationId: GET_DescribeImportSnapshotTasks + description: Describes your import snapshot tasks. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeImportSnapshotTasksResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filters + in: query + required: false + description: The filters. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: ImportTaskId + in: query + required: false + description: A list of import snapshot task IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImportSnapshotTaskId' + - xml: + name: ImportTaskId + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: A token that indicates the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeImportSnapshotTasks + operationId: POST_DescribeImportSnapshotTasks + description: Describes your import snapshot tasks. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeImportSnapshotTasksResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeImportSnapshotTasksRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeInstanceAttribute&Version=2016-11-15: + get: + x-aws-operation-name: DescribeInstanceAttribute + operationId: GET_DescribeInstanceAttribute + description: 'Describes the specified attribute of the specified instance. You can specify only one attribute at a time. Valid attribute values are: instanceType | kernel | ramdisk | userData | disableApiTermination | instanceInitiatedShutdownBehavior | rootDeviceName | blockDeviceMapping | productCodes | sourceDestCheck | groupSet | ebsOptimized | sriovNetSupport ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/InstanceAttribute' + parameters: + - name: Attribute + in: query + required: true + description: '

The instance attribute.

Note: The enaSupport attribute is not supported at this time.

' + schema: + type: string + enum: + - instanceType + - kernel + - ramdisk + - userData + - disableApiTermination + - instanceInitiatedShutdownBehavior + - rootDeviceName + - blockDeviceMapping + - productCodes + - sourceDestCheck + - groupSet + - ebsOptimized + - sriovNetSupport + - enaSupport + - enclaveOptions + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceId + in: query + required: true + description: The ID of the instance. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeInstanceAttribute + operationId: POST_DescribeInstanceAttribute + description: 'Describes the specified attribute of the specified instance. You can specify only one attribute at a time. Valid attribute values are: instanceType | kernel | ramdisk | userData | disableApiTermination | instanceInitiatedShutdownBehavior | rootDeviceName | blockDeviceMapping | productCodes | sourceDestCheck | groupSet | ebsOptimized | sriovNetSupport ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/InstanceAttribute' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceAttributeRequest' + parameters: [] + /?Action=DescribeInstanceCreditSpecifications&Version=2016-11-15: + get: + x-aws-operation-name: DescribeInstanceCreditSpecifications + operationId: GET_DescribeInstanceCreditSpecifications + description: '

Describes the credit option for CPU usage of the specified burstable performance instances. The credit options are standard and unlimited.

If you do not specify an instance ID, Amazon EC2 returns burstable performance instances with the unlimited credit option, as well as instances that were previously configured as T2, T3, and T3a with the unlimited credit option. For example, if you resize a T2 instance, while it is configured as unlimited, to an M4 instance, Amazon EC2 returns the M4 instance.

If you specify one or more instance IDs, Amazon EC2 returns the credit option (standard or unlimited) of those instances. If you specify an instance ID that is not valid, such as an instance that is not a burstable performance instance, an error is returned.

Recently terminated instances might appear in the returned results. This interval is usually less than one hour.

If an Availability Zone is experiencing a service disruption and you specify instance IDs in the affected zone, or do not specify any instance IDs at all, the call fails. If you specify only instance IDs in an unaffected zone, the call works normally.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceCreditSpecificationsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description:

The filters.

  • instance-id - The ID of the instance.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: InstanceId + in: query + required: false + description: '

The instance IDs.

Default: Describes all your instances.

Constraints: Maximum 1000 explicitly specified instance IDs.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 5 and 1000. You cannot specify this parameter and the instance IDs parameter in the same call.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeInstanceCreditSpecifications + operationId: POST_DescribeInstanceCreditSpecifications + description: '

Describes the credit option for CPU usage of the specified burstable performance instances. The credit options are standard and unlimited.

If you do not specify an instance ID, Amazon EC2 returns burstable performance instances with the unlimited credit option, as well as instances that were previously configured as T2, T3, and T3a with the unlimited credit option. For example, if you resize a T2 instance, while it is configured as unlimited, to an M4 instance, Amazon EC2 returns the M4 instance.

If you specify one or more instance IDs, Amazon EC2 returns the credit option (standard or unlimited) of those instances. If you specify an instance ID that is not valid, such as an instance that is not a burstable performance instance, an error is returned.

Recently terminated instances might appear in the returned results. This interval is usually less than one hour.

If an Availability Zone is experiencing a service disruption and you specify instance IDs in the affected zone, or do not specify any instance IDs at all, the call fails. If you specify only instance IDs in an unaffected zone, the call works normally.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceCreditSpecificationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceCreditSpecificationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeInstanceEventNotificationAttributes&Version=2016-11-15: + get: + x-aws-operation-name: DescribeInstanceEventNotificationAttributes + operationId: GET_DescribeInstanceEventNotificationAttributes + description: Describes the tag keys that are registered to appear in scheduled event notifications for resources in the current Region. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceEventNotificationAttributesResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeInstanceEventNotificationAttributes + operationId: POST_DescribeInstanceEventNotificationAttributes + description: Describes the tag keys that are registered to appear in scheduled event notifications for resources in the current Region. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceEventNotificationAttributesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceEventNotificationAttributesRequest' + parameters: [] + /?Action=DescribeInstanceEventWindows&Version=2016-11-15: + get: + x-aws-operation-name: DescribeInstanceEventWindows + operationId: GET_DescribeInstanceEventWindows + description: '

Describes the specified event windows or all event windows.

If you specify event window IDs, the output includes information for only the specified event windows. If you specify filters, the output includes information for only those event windows that meet the filter criteria. If you do not specify event windows IDs or filters, the output includes information for all event windows, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceEventWindowsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceEventWindowId + in: query + required: false + description: The IDs of the event windows. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowId' + - xml: + name: InstanceEventWindowId + - name: Filter + in: query + required: false + description: '

One or more filters.

  • dedicated-host-id - The event windows associated with the specified Dedicated Host ID.

  • event-window-name - The event windows associated with the specified names.

  • instance-id - The event windows associated with the specified instance ID.

  • instance-tag - The event windows associated with the specified tag and value.

  • instance-tag-key - The event windows associated with the specified tag key, regardless of the value.

  • instance-tag-value - The event windows associated with the specified tag value, regardless of the key.

  • tag:<key> - The key/value combination of a tag assigned to the event window. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value CMX, specify tag:Owner for the filter name and CMX for the filter value.

  • tag-key - The key of a tag assigned to the event window. Use this filter to find all event windows that have a tag with a specific key, regardless of the tag value.

  • tag-value - The value of a tag assigned to the event window. Use this filter to find all event windows that have a tag with a specific value, regardless of the tag key.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 20 and 500. You cannot specify this parameter and the event window IDs parameter in the same call.' + schema: + type: integer + minimum: 20 + maximum: 500 + - name: NextToken + in: query + required: false + description: The token to request the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeInstanceEventWindows + operationId: POST_DescribeInstanceEventWindows + description: '

Describes the specified event windows or all event windows.

If you specify event window IDs, the output includes information for only the specified event windows. If you specify filters, the output includes information for only those event windows that meet the filter criteria. If you do not specify event windows IDs or filters, the output includes information for all event windows, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceEventWindowsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceEventWindowsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeInstanceStatus&Version=2016-11-15: + get: + x-aws-operation-name: DescribeInstanceStatus + operationId: GET_DescribeInstanceStatus + description: '

Describes the status of the specified instances or all of your instances. By default, only running instances are described, unless you specifically indicate to return the status of all instances.

Instance status includes the following components:

  • Status checks - Amazon EC2 performs status checks on running EC2 instances to identify hardware and software issues. For more information, see Status checks for your instances and Troubleshoot instances with failed status checks in the Amazon EC2 User Guide.

  • Scheduled events - Amazon EC2 can schedule events (such as reboot, stop, or terminate) for your instances related to hardware issues, software updates, or system maintenance. For more information, see Scheduled events for your instances in the Amazon EC2 User Guide.

  • Instance state - You can manage your instances from the moment you launch them through their termination. For more information, see Instance lifecycle in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceStatusResult' + parameters: + - name: Filter + in: query + required: false + description: '

The filters.

  • availability-zone - The Availability Zone of the instance.

  • event.code - The code for the scheduled event (instance-reboot | system-reboot | system-maintenance | instance-retirement | instance-stop).

  • event.description - A description of the event.

  • event.instance-event-id - The ID of the event whose date and time you are modifying.

  • event.not-after - The latest end time for the scheduled event (for example, 2014-09-15T17:15:20.000Z).

  • event.not-before - The earliest start time for the scheduled event (for example, 2014-09-15T17:15:20.000Z).

  • event.not-before-deadline - The deadline for starting the event (for example, 2014-09-15T17:15:20.000Z).

  • instance-state-code - The code for the instance state, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).

  • instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).

  • instance-status.reachability - Filters on instance status where the name is reachability (passed | failed | initializing | insufficient-data).

  • instance-status.status - The status of the instance (ok | impaired | initializing | insufficient-data | not-applicable).

  • system-status.reachability - Filters on system status where the name is reachability (passed | failed | initializing | insufficient-data).

  • system-status.status - The system status of the instance (ok | impaired | initializing | insufficient-data | not-applicable).

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: InstanceId + in: query + required: false + description: '

The instance IDs.

Default: Describes all your instances.

Constraints: Maximum 100 explicitly specified instance IDs.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 5 and 1000. You cannot specify this parameter and the instance IDs parameter in the same call.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IncludeAllInstances + in: query + required: false + description: '

When true, includes the health status for all instances. When false, includes the health status for running instances only.

Default: false

' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeInstanceStatus + operationId: POST_DescribeInstanceStatus + description: '

Describes the status of the specified instances or all of your instances. By default, only running instances are described, unless you specifically indicate to return the status of all instances.

Instance status includes the following components:

  • Status checks - Amazon EC2 performs status checks on running EC2 instances to identify hardware and software issues. For more information, see Status checks for your instances and Troubleshoot instances with failed status checks in the Amazon EC2 User Guide.

  • Scheduled events - Amazon EC2 can schedule events (such as reboot, stop, or terminate) for your instances related to hardware issues, software updates, or system maintenance. For more information, see Scheduled events for your instances in the Amazon EC2 User Guide.

  • Instance state - You can manage your instances from the moment you launch them through their termination. For more information, see Instance lifecycle in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceStatusResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceStatusRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeInstanceTypeOfferings&Version=2016-11-15: + get: + x-aws-operation-name: DescribeInstanceTypeOfferings + operationId: GET_DescribeInstanceTypeOfferings + description: 'Returns a list of all instance types offered. The results can be filtered by location (Region or Availability Zone). If no location is specified, the instance types offered in the current Region are returned.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceTypeOfferingsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: LocationType + in: query + required: false + description: The location type. + schema: + type: string + enum: + - region + - availability-zone + - availability-zone-id + - name: Filter + in: query + required: false + description: '

One or more filters. Filter names and values are case-sensitive.

  • location - This depends on the location type. For example, if the location type is region (default), the location is the Region code (for example, us-east-2.)

  • instance-type - The instance type. For example, c5.2xlarge.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the next token value. + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeInstanceTypeOfferings + operationId: POST_DescribeInstanceTypeOfferings + description: 'Returns a list of all instance types offered. The results can be filtered by location (Region or Availability Zone). If no location is specified, the instance types offered in the current Region are returned.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceTypeOfferingsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceTypeOfferingsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeInstanceTypes&Version=2016-11-15: + get: + x-aws-operation-name: DescribeInstanceTypes + operationId: GET_DescribeInstanceTypes + description: Describes the details of the instance types that are offered in a location. The results can be filtered by the attributes of the instance types. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceTypesResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceType + in: query + required: false + description: 'The instance types. For more information, see Instance types in the Amazon EC2 User Guide.' + schema: + type: array + items: + $ref: '#/components/schemas/InstanceType' + minItems: 0 + maxItems: 100 + - name: Filter + in: query + required: false + description: '

One or more filters. Filter names and values are case-sensitive.

  • auto-recovery-supported - Indicates whether auto recovery is supported (true | false).

  • bare-metal - Indicates whether it is a bare metal instance type (true | false).

  • burstable-performance-supported - Indicates whether it is a burstable performance instance type (true | false).

  • current-generation - Indicates whether this instance type is the latest generation instance type of an instance family (true | false).

  • ebs-info.ebs-optimized-info.baseline-bandwidth-in-mbps - The baseline bandwidth performance for an EBS-optimized instance type, in Mbps.

  • ebs-info.ebs-optimized-info.baseline-iops - The baseline input/output storage operations per second for an EBS-optimized instance type.

  • ebs-info.ebs-optimized-info.baseline-throughput-in-mbps - The baseline throughput performance for an EBS-optimized instance type, in MB/s.

  • ebs-info.ebs-optimized-info.maximum-bandwidth-in-mbps - The maximum bandwidth performance for an EBS-optimized instance type, in Mbps.

  • ebs-info.ebs-optimized-info.maximum-iops - The maximum input/output storage operations per second for an EBS-optimized instance type.

  • ebs-info.ebs-optimized-info.maximum-throughput-in-mbps - The maximum throughput performance for an EBS-optimized instance type, in MB/s.

  • ebs-info.ebs-optimized-support - Indicates whether the instance type is EBS-optimized (supported | unsupported | default).

  • ebs-info.encryption-support - Indicates whether EBS encryption is supported (supported | unsupported).

  • ebs-info.nvme-support - Indicates whether non-volatile memory express (NVMe) is supported for EBS volumes (required | supported | unsupported).

  • free-tier-eligible - Indicates whether the instance type is eligible to use in the free tier (true | false).

  • hibernation-supported - Indicates whether On-Demand hibernation is supported (true | false).

  • hypervisor - The hypervisor (nitro | xen).

  • instance-storage-info.disk.count - The number of local disks.

  • instance-storage-info.disk.size-in-gb - The storage size of each instance storage disk, in GB.

  • instance-storage-info.disk.type - The storage technology for the local instance storage disks (hdd | ssd).

  • instance-storage-info.encryption-support - Indicates whether data is encrypted at rest (required | supported | unsupported).

  • instance-storage-info.nvme-support - Indicates whether non-volatile memory express (NVMe) is supported for instance store (required | supported | unsupported).

  • instance-storage-info.total-size-in-gb - The total amount of storage available from all local instance storage, in GB.

  • instance-storage-supported - Indicates whether the instance type has local instance storage (true | false).

  • instance-type - The instance type (for example c5.2xlarge or c5*).

  • memory-info.size-in-mib - The memory size.

  • network-info.efa-info.maximum-efa-interfaces - The maximum number of Elastic Fabric Adapters (EFAs) per instance.

  • network-info.efa-supported - Indicates whether the instance type supports Elastic Fabric Adapter (EFA) (true | false).

  • network-info.ena-support - Indicates whether Elastic Network Adapter (ENA) is supported or required (required | supported | unsupported).

  • network-info.encryption-in-transit-supported - Indicates whether the instance type automatically encrypts in-transit traffic between instances (true | false).

  • network-info.ipv4-addresses-per-interface - The maximum number of private IPv4 addresses per network interface.

  • network-info.ipv6-addresses-per-interface - The maximum number of private IPv6 addresses per network interface.

  • network-info.ipv6-supported - Indicates whether the instance type supports IPv6 (true | false).

  • network-info.maximum-network-cards - The maximum number of network cards per instance.

  • network-info.maximum-network-interfaces - The maximum number of network interfaces per instance.

  • network-info.network-performance - The network performance (for example, "25 Gigabit").

  • processor-info.supported-architecture - The CPU architecture (arm64 | i386 | x86_64).

  • processor-info.sustained-clock-speed-in-ghz - The CPU clock speed, in GHz.

  • supported-boot-mode - The boot mode (legacy-bios | uefi).

  • supported-root-device-type - The root device type (ebs | instance-store).

  • supported-usage-class - The usage class (on-demand | spot).

  • supported-virtualization-type - The virtualization type (hvm | paravirtual).

  • vcpu-info.default-cores - The default number of cores for the instance type.

  • vcpu-info.default-threads-per-core - The default number of threads per core for the instance type.

  • vcpu-info.default-vcpus - The default number of vCPUs for the instance type.

  • vcpu-info.valid-cores - The number of cores that can be configured for the instance type.

  • vcpu-info.valid-threads-per-core - The number of threads per core that can be configured for the instance type. For example, "1" or "1,2".

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the next token value. + schema: + type: integer + minimum: 5 + maximum: 100 + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeInstanceTypes + operationId: POST_DescribeInstanceTypes + description: Describes the details of the instance types that are offered in a location. The results can be filtered by the attributes of the instance types. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceTypesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstanceTypesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeInstances&Version=2016-11-15: + get: + x-aws-operation-name: DescribeInstances + operationId: GET_DescribeInstances + description: '

Describes the specified instances or all instances.

If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.

If you specify an instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not included in the output.

Recently terminated instances might appear in the returned results. This interval is usually less than one hour.

If you describe instances in the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected zone, or do not specify any instance IDs at all, the call fails. If you describe instances and specify only instance IDs that are in an unaffected zone, the call works normally.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstancesResult' + parameters: + - name: Filter + in: query + required: false + description: '

The filters.

  • affinity - The affinity setting for an instance running on a Dedicated Host (default | host).

  • architecture - The instance architecture (i386 | x86_64 | arm64).

  • availability-zone - The Availability Zone of the instance.

  • block-device-mapping.attach-time - The attach time for an EBS volume mapped to the instance, for example, 2010-09-15T17:15:20.000Z.

  • block-device-mapping.delete-on-termination - A Boolean that indicates whether the EBS volume is deleted on instance termination.

  • block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).

  • block-device-mapping.status - The status for the EBS volume (attaching | attached | detaching | detached).

  • block-device-mapping.volume-id - The volume ID of the EBS volume.

  • capacity-reservation-id - The ID of the Capacity Reservation into which the instance was launched.

  • client-token - The idempotency token you provided when you launched the instance.

  • dns-name - The public DNS name of the instance.

  • group-id - The ID of the security group for the instance. EC2-Classic only.

  • group-name - The name of the security group for the instance. EC2-Classic only.

  • hibernation-options.configured - A Boolean that indicates whether the instance is enabled for hibernation. A value of true means that the instance is enabled for hibernation.

  • host-id - The ID of the Dedicated Host on which the instance is running, if applicable.

  • hypervisor - The hypervisor type of the instance (ovm | xen). The value xen is used for both Xen and Nitro hypervisors.

  • iam-instance-profile.arn - The instance profile associated with the instance. Specified as an ARN.

  • image-id - The ID of the image used to launch the instance.

  • instance-id - The ID of the instance.

  • instance-lifecycle - Indicates whether this is a Spot Instance or a Scheduled Instance (spot | scheduled).

  • instance-state-code - The state of the instance, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are: 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).

  • instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).

  • instance-type - The type of instance (for example, t2.micro).

  • instance.group-id - The ID of the security group for the instance.

  • instance.group-name - The name of the security group for the instance.

  • ip-address - The public IPv4 address of the instance.

  • kernel-id - The kernel ID.

  • key-name - The name of the key pair used when the instance was launched.

  • launch-index - When launching multiple instances, this is the index for the instance in the launch group (for example, 0, 1, 2, and so on).

  • launch-time - The time when the instance was launched, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.

  • metadata-options.http-tokens - The metadata request authorization state (optional | required)

  • metadata-options.http-put-response-hop-limit - The http metadata request put response hop limit (integer, possible values 1 to 64)

  • metadata-options.http-endpoint - Enable or disable metadata access on http endpoint (enabled | disabled)

  • monitoring-state - Indicates whether detailed monitoring is enabled (disabled | enabled).

  • network-interface.addresses.private-ip-address - The private IPv4 address associated with the network interface.

  • network-interface.addresses.primary - Specifies whether the IPv4 address of the network interface is the primary private IPv4 address.

  • network-interface.addresses.association.public-ip - The ID of the association of an Elastic IP address (IPv4) with a network interface.

  • network-interface.addresses.association.ip-owner-id - The owner ID of the private IPv4 address associated with the network interface.

  • network-interface.association.public-ip - The address of the Elastic IP address (IPv4) bound to the network interface.

  • network-interface.association.ip-owner-id - The owner of the Elastic IP address (IPv4) associated with the network interface.

  • network-interface.association.allocation-id - The allocation ID returned when you allocated the Elastic IP address (IPv4) for your network interface.

  • network-interface.association.association-id - The association ID returned when the network interface was associated with an IPv4 address.

  • network-interface.attachment.attachment-id - The ID of the interface attachment.

  • network-interface.attachment.instance-id - The ID of the instance to which the network interface is attached.

  • network-interface.attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.

  • network-interface.attachment.device-index - The device index to which the network interface is attached.

  • network-interface.attachment.status - The status of the attachment (attaching | attached | detaching | detached).

  • network-interface.attachment.attach-time - The time that the network interface was attached to an instance.

  • network-interface.attachment.delete-on-termination - Specifies whether the attachment is deleted when an instance is terminated.

  • network-interface.availability-zone - The Availability Zone for the network interface.

  • network-interface.description - The description of the network interface.

  • network-interface.group-id - The ID of a security group associated with the network interface.

  • network-interface.group-name - The name of a security group associated with the network interface.

  • network-interface.ipv6-addresses.ipv6-address - The IPv6 address associated with the network interface.

  • network-interface.mac-address - The MAC address of the network interface.

  • network-interface.network-interface-id - The ID of the network interface.

  • network-interface.owner-id - The ID of the owner of the network interface.

  • network-interface.private-dns-name - The private DNS name of the network interface.

  • network-interface.requester-id - The requester ID for the network interface.

  • network-interface.requester-managed - Indicates whether the network interface is being managed by Amazon Web Services.

  • network-interface.status - The status of the network interface (available) | in-use).

  • network-interface.source-dest-check - Whether the network interface performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the network interface to perform network address translation (NAT) in your VPC.

  • network-interface.subnet-id - The ID of the subnet for the network interface.

  • network-interface.vpc-id - The ID of the VPC for the network interface.

  • outpost-arn - The Amazon Resource Name (ARN) of the Outpost.

  • owner-id - The Amazon Web Services account ID of the instance owner.

  • placement-group-name - The name of the placement group for the instance.

  • placement-partition-number - The partition in which the instance is located.

  • platform - The platform. To list only Windows instances, use windows.

  • private-dns-name - The private IPv4 DNS name of the instance.

  • private-ip-address - The private IPv4 address of the instance.

  • product-code - The product code associated with the AMI used to launch the instance.

  • product-code.type - The type of product code (devpay | marketplace).

  • ramdisk-id - The RAM disk ID.

  • reason - The reason for the current state of the instance (for example, shows "User Initiated [date]" when you stop or terminate the instance). Similar to the state-reason-code filter.

  • requester-id - The ID of the entity that launched the instance on your behalf (for example, Amazon Web Services Management Console, Auto Scaling, and so on).

  • reservation-id - The ID of the instance''s reservation. A reservation ID is created any time you launch an instance. A reservation ID has a one-to-one relationship with an instance launch request, but can be associated with more than one instance if you launch multiple instances using the same launch request. For example, if you launch one instance, you get one reservation ID. If you launch ten instances using the same launch request, you also get one reservation ID.

  • root-device-name - The device name of the root device volume (for example, /dev/sda1).

  • root-device-type - The type of the root device volume (ebs | instance-store).

  • source-dest-check - Indicates whether the instance performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the instance to perform network address translation (NAT) in your VPC.

  • spot-instance-request-id - The ID of the Spot Instance request.

  • state-reason-code - The reason code for the state change.

  • state-reason-message - A message that describes the state change.

  • subnet-id - The ID of the subnet for the instance.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.

  • tenancy - The tenancy of an instance (dedicated | default | host).

  • virtualization-type - The virtualization type of the instance (paravirtual | hvm).

  • vpc-id - The ID of the VPC that the instance is running in.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: InstanceId + in: query + required: false + description: '

The instance IDs.

Default: Describes all your instances.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 5 and 1000. You cannot specify this parameter and the instance IDs parameter in the same call.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token to request the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeInstances + operationId: POST_DescribeInstances + description: '

Describes the specified instances or all instances.

If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.

If you specify an instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not included in the output.

Recently terminated instances might appear in the returned results. This interval is usually less than one hour.

If you describe instances in the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected zone, or do not specify any instance IDs at all, the call fails. If you describe instances and specify only instance IDs that are in an unaffected zone, the call works normally.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstancesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInstancesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeInternetGateways&Version=2016-11-15: + get: + x-aws-operation-name: DescribeInternetGateways + operationId: GET_DescribeInternetGateways + description: Describes one or more of your internet gateways. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInternetGatewaysResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • attachment.state - The current state of the attachment between the gateway and the VPC (available). Present only if a VPC is attached.

  • attachment.vpc-id - The ID of an attached VPC.

  • internet-gateway-id - The ID of the Internet gateway.

  • owner-id - The ID of the Amazon Web Services account that owns the internet gateway.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InternetGatewayId + in: query + required: false + description: '

One or more internet gateway IDs.

Default: Describes all your internet gateways.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InternetGatewayId' + - xml: + name: item + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeInternetGateways + operationId: POST_DescribeInternetGateways + description: Describes one or more of your internet gateways. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInternetGatewaysResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeInternetGatewaysRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeIpamPools&Version=2016-11-15: + get: + x-aws-operation-name: DescribeIpamPools + operationId: GET_DescribeIpamPools + description: Get information about your IPAM pools. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIpamPoolsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: 'One or more filters for the request. For more information about filtering, see Filtering CLI output.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: The maximum number of results to return in the request. + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: IpamPoolId + in: query + required: false + description: The IDs of the IPAM pools you would like information on. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeIpamPools + operationId: POST_DescribeIpamPools + description: Get information about your IPAM pools. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIpamPoolsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIpamPoolsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeIpamScopes&Version=2016-11-15: + get: + x-aws-operation-name: DescribeIpamScopes + operationId: GET_DescribeIpamScopes + description: Get information about your IPAM scopes. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIpamScopesResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: 'One or more filters for the request. For more information about filtering, see Filtering CLI output.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: The maximum number of results to return in the request. + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: IpamScopeId + in: query + required: false + description: The IDs of the scopes you want information on. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeIpamScopes + operationId: POST_DescribeIpamScopes + description: Get information about your IPAM scopes. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIpamScopesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIpamScopesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeIpams&Version=2016-11-15: + get: + x-aws-operation-name: DescribeIpams + operationId: GET_DescribeIpams + description: '

Get information about your IPAM pools.

For more information, see What is IPAM? in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIpamsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: 'One or more filters for the request. For more information about filtering, see Filtering CLI output.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: The maximum number of results to return in the request. + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: IpamId + in: query + required: false + description: The IDs of the IPAMs you want information on. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeIpams + operationId: POST_DescribeIpams + description: '

Get information about your IPAM pools.

For more information, see What is IPAM? in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIpamsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIpamsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeIpv6Pools&Version=2016-11-15: + get: + x-aws-operation-name: DescribeIpv6Pools + operationId: GET_DescribeIpv6Pools + description: Describes your IPv6 address pools. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIpv6PoolsResult' + parameters: + - name: PoolId + in: query + required: false + description: The IDs of the IPv6 address pools. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv6PoolEc2Id' + - xml: + name: item + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 1 + maximum: 1000 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: '

One or more filters.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeIpv6Pools + operationId: POST_DescribeIpv6Pools + description: Describes your IPv6 address pools. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIpv6PoolsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeIpv6PoolsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeKeyPairs&Version=2016-11-15: + get: + x-aws-operation-name: DescribeKeyPairs + operationId: GET_DescribeKeyPairs + description: '

Describes the specified key pairs or all of your key pairs.

For more information about key pairs, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeKeyPairsResult' + parameters: + - name: Filter + in: query + required: false + description: '

The filters.

  • key-pair-id - The ID of the key pair.

  • fingerprint - The fingerprint of the key pair.

  • key-name - The name of the key pair.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: KeyName + in: query + required: false + description: '

The key pair names.

Default: Describes all of your key pairs.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/KeyPairName' + - xml: + name: KeyName + - name: KeyPairId + in: query + required: false + description: The IDs of the key pairs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/KeyPairId' + - xml: + name: KeyPairId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IncludePublicKey + in: query + required: false + description: '

If true, the public key material is included in the response.

Default: false

' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeKeyPairs + operationId: POST_DescribeKeyPairs + description: '

Describes the specified key pairs or all of your key pairs.

For more information about key pairs, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeKeyPairsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeKeyPairsRequest' + parameters: [] + /?Action=DescribeLaunchTemplateVersions&Version=2016-11-15: + get: + x-aws-operation-name: DescribeLaunchTemplateVersions + operationId: GET_DescribeLaunchTemplateVersions + description: 'Describes one or more versions of a specified launch template. You can describe all versions, individual versions, or a range of versions. You can also describe all the latest versions or all the default versions of all the launch templates in your account.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLaunchTemplateVersionsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: LaunchTemplateId + in: query + required: false + description: 'The ID of the launch template. To describe one or more versions of a specified launch template, you must specify either the launch template ID or the launch template name in the request. To describe all the latest or default launch template versions in your account, you must omit this parameter.' + schema: + type: string + - name: LaunchTemplateName + in: query + required: false + description: 'The name of the launch template. To describe one or more versions of a specified launch template, you must specify either the launch template ID or the launch template name in the request. To describe all the latest or default launch template versions in your account, you must omit this parameter.' + schema: + type: string + pattern: '[a-zA-Z0-9\(\)\.\-/_]+' + minLength: 3 + maxLength: 128 + - name: LaunchTemplateVersion + in: query + required: false + description: '

One or more versions of the launch template. Valid values depend on whether you are describing a specified launch template (by ID or name) or all launch templates in your account.

To describe one or more versions of a specified launch template, valid values are $Latest, $Default, and numbers.

To describe all launch templates in your account that are defined as the latest version, the valid value is $Latest. To describe all launch templates in your account that are defined as the default version, the valid value is $Default. You can specify $Latest and $Default in the same call. You cannot specify numbers.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: MinVersion + in: query + required: false + description: The version number after which to describe launch template versions. + schema: + type: string + - name: MaxVersion + in: query + required: false + description: The version number up to which to describe launch template versions. + schema: + type: string + - name: NextToken + in: query + required: false + description: The token to request the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 1 and 200.' + schema: + type: integer + - name: Filter + in: query + required: false + description:

One or more filters.

  • create-time - The time the launch template version was created.

  • ebs-optimized - A boolean that indicates whether the instance is optimized for Amazon EBS I/O.

  • http-endpoint - Indicates whether the HTTP metadata endpoint on your instances is enabled (enabled | disabled).

  • http-protocol-ipv4 - Indicates whether the IPv4 endpoint for the instance metadata service is enabled (enabled | disabled).

  • host-resource-group-arn - The ARN of the host resource group in which to launch the instances.

  • http-tokens - The state of token usage for your instance metadata requests (optional | required).

  • iam-instance-profile - The ARN of the IAM instance profile.

  • image-id - The ID of the AMI.

  • instance-type - The instance type.

  • is-default-version - A boolean that indicates whether the launch template version is the default version.

  • kernel-id - The kernel ID.

  • license-configuration-arn - The ARN of the license configuration.

  • network-card-index - The index of the network card.

  • ram-disk-id - The RAM disk ID.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeLaunchTemplateVersions + operationId: POST_DescribeLaunchTemplateVersions + description: 'Describes one or more versions of a specified launch template. You can describe all versions, individual versions, or a range of versions. You can also describe all the latest versions or all the default versions of all the launch templates in your account.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLaunchTemplateVersionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLaunchTemplateVersionsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeLaunchTemplates&Version=2016-11-15: + get: + x-aws-operation-name: DescribeLaunchTemplates + operationId: GET_DescribeLaunchTemplates + description: Describes one or more launch templates. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLaunchTemplatesResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: LaunchTemplateId + in: query + required: false + description: One or more launch template IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateId' + - xml: + name: item + - name: LaunchTemplateName + in: query + required: false + description: One or more launch template names. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateName' + - xml: + name: item + - name: Filter + in: query + required: false + description: '

One or more filters.

  • create-time - The time the launch template was created.

  • launch-template-name - The name of the launch template.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: NextToken + in: query + required: false + description: The token to request the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 1 and 200.' + schema: + type: integer + minimum: 1 + maximum: 200 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeLaunchTemplates + operationId: POST_DescribeLaunchTemplates + description: Describes one or more launch templates. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLaunchTemplatesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLaunchTemplatesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations&Version=2016-11-15: + get: + x-aws-operation-name: DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations + operationId: GET_DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations + description: Describes the associations between virtual interface groups and local gateway route tables. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsResult' + parameters: + - name: LocalGatewayRouteTableVirtualInterfaceGroupAssociationId + in: query + required: false + description: The IDs of the associations. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableVirtualInterfaceGroupAssociationId' + - xml: + name: item + - name: Filter + in: query + required: false + description:

One or more filters.

  • local-gateway-id - The ID of a local gateway.

  • local-gateway-route-table-arn - The Amazon Resource Name (ARN) of the local gateway route table for the virtual interface group.

  • local-gateway-route-table-id - The ID of the local gateway route table.

  • local-gateway-route-table-virtual-interface-group-association-id - The ID of the association.

  • local-gateway-route-table-virtual-interface-group-id - The ID of the virtual interface group.

  • owner-id - The ID of the Amazon Web Services account that owns the local gateway virtual interface group association.

  • state - The state of the association.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations + operationId: POST_DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations + description: Describes the associations between virtual interface groups and local gateway route tables. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeLocalGatewayRouteTableVpcAssociations&Version=2016-11-15: + get: + x-aws-operation-name: DescribeLocalGatewayRouteTableVpcAssociations + operationId: GET_DescribeLocalGatewayRouteTableVpcAssociations + description: Describes the specified associations between VPCs and local gateway route tables. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewayRouteTableVpcAssociationsResult' + parameters: + - name: LocalGatewayRouteTableVpcAssociationId + in: query + required: false + description: The IDs of the associations. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociationId' + - xml: + name: item + - name: Filter + in: query + required: false + description:

One or more filters.

  • local-gateway-id - The ID of a local gateway.

  • local-gateway-route-table-arn - The Amazon Resource Name (ARN) of the local gateway route table for the association.

  • local-gateway-route-table-id - The ID of the local gateway route table.

  • local-gateway-route-table-vpc-association-id - The ID of the association.

  • owner-id - The ID of the Amazon Web Services account that owns the local gateway route table for the association.

  • state - The state of the association.

  • vpc-id - The ID of the VPC.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeLocalGatewayRouteTableVpcAssociations + operationId: POST_DescribeLocalGatewayRouteTableVpcAssociations + description: Describes the specified associations between VPCs and local gateway route tables. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewayRouteTableVpcAssociationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewayRouteTableVpcAssociationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeLocalGatewayRouteTables&Version=2016-11-15: + get: + x-aws-operation-name: DescribeLocalGatewayRouteTables + operationId: GET_DescribeLocalGatewayRouteTables + description: 'Describes one or more local gateway route tables. By default, all local gateway route tables are described. Alternatively, you can filter the results.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewayRouteTablesResult' + parameters: + - name: LocalGatewayRouteTableId + in: query + required: false + description: The IDs of the local gateway route tables. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayRoutetableId' + - xml: + name: item + - name: Filter + in: query + required: false + description:

One or more filters.

  • local-gateway-id - The ID of a local gateway.

  • local-gateway-route-table-arn - The Amazon Resource Name (ARN) of the local gateway route table.

  • local-gateway-route-table-id - The ID of a local gateway route table.

  • outpost-arn - The Amazon Resource Name (ARN) of the Outpost.

  • owner-id - The ID of the Amazon Web Services account that owns the local gateway route table.

  • state - The state of the local gateway route table.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeLocalGatewayRouteTables + operationId: POST_DescribeLocalGatewayRouteTables + description: 'Describes one or more local gateway route tables. By default, all local gateway route tables are described. Alternatively, you can filter the results.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewayRouteTablesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewayRouteTablesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeLocalGatewayVirtualInterfaceGroups&Version=2016-11-15: + get: + x-aws-operation-name: DescribeLocalGatewayVirtualInterfaceGroups + operationId: GET_DescribeLocalGatewayVirtualInterfaceGroups + description: Describes the specified local gateway virtual interface groups. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewayVirtualInterfaceGroupsResult' + parameters: + - name: LocalGatewayVirtualInterfaceGroupId + in: query + required: false + description: The IDs of the virtual interface groups. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroupId' + - xml: + name: item + - name: Filter + in: query + required: false + description:

One or more filters.

  • local-gateway-id - The ID of a local gateway.

  • local-gateway-virtual-interface-group-id - The ID of the virtual interface group.

  • local-gateway-virtual-interface-id - The ID of the virtual interface.

  • owner-id - The ID of the Amazon Web Services account that owns the local gateway virtual interface group.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeLocalGatewayVirtualInterfaceGroups + operationId: POST_DescribeLocalGatewayVirtualInterfaceGroups + description: Describes the specified local gateway virtual interface groups. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewayVirtualInterfaceGroupsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewayVirtualInterfaceGroupsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeLocalGatewayVirtualInterfaces&Version=2016-11-15: + get: + x-aws-operation-name: DescribeLocalGatewayVirtualInterfaces + operationId: GET_DescribeLocalGatewayVirtualInterfaces + description: Describes the specified local gateway virtual interfaces. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewayVirtualInterfacesResult' + parameters: + - name: LocalGatewayVirtualInterfaceId + in: query + required: false + description: The IDs of the virtual interfaces. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceId' + - xml: + name: item + - name: Filter + in: query + required: false + description:

One or more filters.

  • local-address - The local address.

  • local-bgp-asn - The Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the local gateway.

  • local-gateway-id - The ID of the local gateway.

  • local-gateway-virtual-interface-id - The ID of the virtual interface.

  • owner-id - The ID of the Amazon Web Services account that owns the local gateway virtual interface.

  • peer-address - The peer address.

  • peer-bgp-asn - The peer BGP ASN.

  • vlan - The ID of the VLAN.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeLocalGatewayVirtualInterfaces + operationId: POST_DescribeLocalGatewayVirtualInterfaces + description: Describes the specified local gateway virtual interfaces. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewayVirtualInterfacesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewayVirtualInterfacesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeLocalGateways&Version=2016-11-15: + get: + x-aws-operation-name: DescribeLocalGateways + operationId: GET_DescribeLocalGateways + description: 'Describes one or more local gateways. By default, all local gateways are described. Alternatively, you can filter the results.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewaysResult' + parameters: + - name: LocalGatewayId + in: query + required: false + description: The IDs of the local gateways. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayId' + - xml: + name: item + - name: Filter + in: query + required: false + description:

One or more filters.

  • local-gateway-id - The ID of a local gateway.

  • outpost-arn - The Amazon Resource Name (ARN) of the Outpost.

  • owner-id - The ID of the Amazon Web Services account that owns the local gateway.

  • state - The state of the association.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeLocalGateways + operationId: POST_DescribeLocalGateways + description: 'Describes one or more local gateways. By default, all local gateways are described. Alternatively, you can filter the results.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewaysResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeLocalGatewaysRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeManagedPrefixLists&Version=2016-11-15: + get: + x-aws-operation-name: DescribeManagedPrefixLists + operationId: GET_DescribeManagedPrefixLists + description: '

Describes your managed prefix lists and any Amazon Web Services-managed prefix lists.

To view the entries for your prefix list, use GetManagedPrefixListEntries.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeManagedPrefixListsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description:

One or more filters.

  • owner-id - The ID of the prefix list owner.

  • prefix-list-id - The ID of the prefix list.

  • prefix-list-name - The name of the prefix list.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 1 + maximum: 100 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: PrefixListId + in: query + required: false + description: One or more prefix list IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeManagedPrefixLists + operationId: POST_DescribeManagedPrefixLists + description: '

Describes your managed prefix lists and any Amazon Web Services-managed prefix lists.

To view the entries for your prefix list, use GetManagedPrefixListEntries.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeManagedPrefixListsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeManagedPrefixListsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeMovingAddresses&Version=2016-11-15: + get: + x-aws-operation-name: DescribeMovingAddresses + operationId: GET_DescribeMovingAddresses + description: 'Describes your Elastic IP addresses that are being moved to the EC2-VPC platform, or that are being restored to the EC2-Classic platform. This request does not return information about any other Elastic IP addresses in your account.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeMovingAddressesResult' + parameters: + - name: Filter + in: query + required: false + description:

One or more filters.

  • moving-status - The status of the Elastic IP address (MovingToVpc | RestoringToClassic).

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: MaxResults + in: query + required: false + description: '

The maximum number of results to return for the request in a single page. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. This value can be between 5 and 1000; if MaxResults is given a value outside of this range, an error is returned.

Default: If no value is provided, the default is 1000.

' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: PublicIp + in: query + required: false + description: One or more Elastic IP addresses. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeMovingAddresses + operationId: POST_DescribeMovingAddresses + description: 'Describes your Elastic IP addresses that are being moved to the EC2-VPC platform, or that are being restored to the EC2-Classic platform. This request does not return information about any other Elastic IP addresses in your account.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeMovingAddressesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeMovingAddressesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeNatGateways&Version=2016-11-15: + get: + x-aws-operation-name: DescribeNatGateways + operationId: GET_DescribeNatGateways + description: Describes one or more of your NAT gateways. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNatGatewaysResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: '

One or more filters.

  • nat-gateway-id - The ID of the NAT gateway.

  • state - The state of the NAT gateway (pending | failed | available | deleting | deleted).

  • subnet-id - The ID of the subnet in which the NAT gateway resides.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC in which the NAT gateway resides.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NatGatewayId + in: query + required: false + description: One or more NAT gateway IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/NatGatewayId' + - xml: + name: item + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeNatGateways + operationId: POST_DescribeNatGateways + description: Describes one or more of your NAT gateways. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNatGatewaysResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNatGatewaysRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeNetworkAcls&Version=2016-11-15: + get: + x-aws-operation-name: DescribeNetworkAcls + operationId: GET_DescribeNetworkAcls + description: '

Describes one or more of your network ACLs.

For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkAclsResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • association.association-id - The ID of an association ID for the ACL.

  • association.network-acl-id - The ID of the network ACL involved in the association.

  • association.subnet-id - The ID of the subnet involved in the association.

  • default - Indicates whether the ACL is the default network ACL for the VPC.

  • entry.cidr - The IPv4 CIDR range specified in the entry.

  • entry.icmp.code - The ICMP code specified in the entry, if any.

  • entry.icmp.type - The ICMP type specified in the entry, if any.

  • entry.ipv6-cidr - The IPv6 CIDR range specified in the entry.

  • entry.port-range.from - The start of the port range specified in the entry.

  • entry.port-range.to - The end of the port range specified in the entry.

  • entry.protocol - The protocol specified in the entry (tcp | udp | icmp or a protocol number).

  • entry.rule-action - Allows or denies the matching traffic (allow | deny).

  • entry.rule-number - The number of an entry (in other words, rule) in the set of ACL entries.

  • network-acl-id - The ID of the network ACL.

  • owner-id - The ID of the Amazon Web Services account that owns the network ACL.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC for the network ACL.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NetworkAclId + in: query + required: false + description: '

One or more network ACL IDs.

Default: Describes all your network ACLs.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkAclId' + - xml: + name: item + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeNetworkAcls + operationId: POST_DescribeNetworkAcls + description: '

Describes one or more of your network ACLs.

For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkAclsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkAclsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeNetworkInsightsAccessScopeAnalyses&Version=2016-11-15: + get: + x-aws-operation-name: DescribeNetworkInsightsAccessScopeAnalyses + operationId: GET_DescribeNetworkInsightsAccessScopeAnalyses + description: Describes the specified Network Access Scope analyses. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInsightsAccessScopeAnalysesResult' + parameters: + - name: NetworkInsightsAccessScopeAnalysisId + in: query + required: false + description: The IDs of the Network Access Scope analyses. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysisId' + - xml: + name: item + - name: NetworkInsightsAccessScopeId + in: query + required: false + description: The ID of the Network Access Scope. + schema: + type: string + - name: AnalysisStartTimeBegin + in: query + required: false + description: Filters the results based on the start time. The analysis must have started on or after this time. + schema: + type: string + format: date-time + - name: AnalysisStartTimeEnd + in: query + required: false + description: Filters the results based on the start time. The analysis must have started on or before this time. + schema: + type: string + format: date-time + - name: Filter + in: query + required: false + description: There are no supported filters. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 1 + maximum: 100 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeNetworkInsightsAccessScopeAnalyses + operationId: POST_DescribeNetworkInsightsAccessScopeAnalyses + description: Describes the specified Network Access Scope analyses. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInsightsAccessScopeAnalysesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInsightsAccessScopeAnalysesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeNetworkInsightsAccessScopes&Version=2016-11-15: + get: + x-aws-operation-name: DescribeNetworkInsightsAccessScopes + operationId: GET_DescribeNetworkInsightsAccessScopes + description: Describes the specified Network Access Scopes. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInsightsAccessScopesResult' + parameters: + - name: NetworkInsightsAccessScopeId + in: query + required: false + description: The IDs of the Network Access Scopes. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' + - xml: + name: item + - name: Filter + in: query + required: false + description: There are no supported filters. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 1 + maximum: 100 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeNetworkInsightsAccessScopes + operationId: POST_DescribeNetworkInsightsAccessScopes + description: Describes the specified Network Access Scopes. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInsightsAccessScopesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInsightsAccessScopesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeNetworkInsightsAnalyses&Version=2016-11-15: + get: + x-aws-operation-name: DescribeNetworkInsightsAnalyses + operationId: GET_DescribeNetworkInsightsAnalyses + description: Describes one or more of your network insights analyses. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInsightsAnalysesResult' + parameters: + - name: NetworkInsightsAnalysisId + in: query + required: false + description: The ID of the network insights analyses. You must specify either analysis IDs or a path ID. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAnalysisId' + - xml: + name: item + - name: NetworkInsightsPathId + in: query + required: false + description: The ID of the path. You must specify either a path ID or analysis IDs. + schema: + type: string + - name: AnalysisStartTime + in: query + required: false + description: The time when the network insights analyses started. + schema: + type: string + format: date-time + - name: AnalysisEndTime + in: query + required: false + description: The time when the network insights analyses ended. + schema: + type: string + format: date-time + - name: Filter + in: query + required: false + description: '

The filters. The following are the possible values:

  • PathFound - A Boolean value that indicates whether a feasible path is found.

  • Status - The status of the analysis (running | succeeded | failed).

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 1 + maximum: 100 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeNetworkInsightsAnalyses + operationId: POST_DescribeNetworkInsightsAnalyses + description: Describes one or more of your network insights analyses. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInsightsAnalysesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInsightsAnalysesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeNetworkInsightsPaths&Version=2016-11-15: + get: + x-aws-operation-name: DescribeNetworkInsightsPaths + operationId: GET_DescribeNetworkInsightsPaths + description: Describes one or more of your paths. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInsightsPathsResult' + parameters: + - name: NetworkInsightsPathId + in: query + required: false + description: The IDs of the paths. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInsightsPathId' + - xml: + name: item + - name: Filter + in: query + required: false + description: '

The filters. The following are the possible values:

  • Destination - The ID of the resource.

  • DestinationPort - The destination port.

  • Name - The path name.

  • Protocol - The protocol.

  • Source - The ID of the resource.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 1 + maximum: 100 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeNetworkInsightsPaths + operationId: POST_DescribeNetworkInsightsPaths + description: Describes one or more of your paths. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInsightsPathsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInsightsPathsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeNetworkInterfaceAttribute&Version=2016-11-15: + get: + x-aws-operation-name: DescribeNetworkInterfaceAttribute + operationId: GET_DescribeNetworkInterfaceAttribute + description: Describes a network interface attribute. You can specify only one attribute at a time. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInterfaceAttributeResult' + parameters: + - name: Attribute + in: query + required: false + description: The attribute of the network interface. This parameter is required. + schema: + type: string + enum: + - description + - groupSet + - sourceDestCheck + - attachment + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NetworkInterfaceId + in: query + required: true + description: The ID of the network interface. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeNetworkInterfaceAttribute + operationId: POST_DescribeNetworkInterfaceAttribute + description: Describes a network interface attribute. You can specify only one attribute at a time. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInterfaceAttributeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInterfaceAttributeRequest' + parameters: [] + /?Action=DescribeNetworkInterfacePermissions&Version=2016-11-15: + get: + x-aws-operation-name: DescribeNetworkInterfacePermissions + operationId: GET_DescribeNetworkInterfacePermissions + description: 'Describes the permissions for your network interfaces. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInterfacePermissionsResult' + parameters: + - name: NetworkInterfacePermissionId + in: query + required: false + description: One or more network interface permission IDs. + schema: + type: array + items: + $ref: '#/components/schemas/NetworkInterfacePermissionId' + - name: Filter + in: query + required: false + description:

One or more filters.

  • network-interface-permission.network-interface-permission-id - The ID of the permission.

  • network-interface-permission.network-interface-id - The ID of the network interface.

  • network-interface-permission.aws-account-id - The Amazon Web Services account ID.

  • network-interface-permission.aws-service - The Amazon Web Service.

  • network-interface-permission.permission - The type of permission (INSTANCE-ATTACH | EIP-ASSOCIATE).

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: NextToken + in: query + required: false + description: The token to request the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. If this parameter is not specified, up to 50 results are returned by default.' + schema: + type: integer + minimum: 5 + maximum: 255 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeNetworkInterfacePermissions + operationId: POST_DescribeNetworkInterfacePermissions + description: 'Describes the permissions for your network interfaces. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInterfacePermissionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInterfacePermissionsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeNetworkInterfaces&Version=2016-11-15: + get: + x-aws-operation-name: DescribeNetworkInterfaces + operationId: GET_DescribeNetworkInterfaces + description: Describes one or more of your network interfaces. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInterfacesResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • addresses.private-ip-address - The private IPv4 addresses associated with the network interface.

  • addresses.primary - Whether the private IPv4 address is the primary IP address associated with the network interface.

  • addresses.association.public-ip - The association ID returned when the network interface was associated with the Elastic IP address (IPv4).

  • addresses.association.owner-id - The owner ID of the addresses associated with the network interface.

  • association.association-id - The association ID returned when the network interface was associated with an IPv4 address.

  • association.allocation-id - The allocation ID returned when you allocated the Elastic IP address (IPv4) for your network interface.

  • association.ip-owner-id - The owner of the Elastic IP address (IPv4) associated with the network interface.

  • association.public-ip - The address of the Elastic IP address (IPv4) bound to the network interface.

  • association.public-dns-name - The public DNS name for the network interface (IPv4).

  • attachment.attachment-id - The ID of the interface attachment.

  • attachment.attach-time - The time that the network interface was attached to an instance.

  • attachment.delete-on-termination - Indicates whether the attachment is deleted when an instance is terminated.

  • attachment.device-index - The device index to which the network interface is attached.

  • attachment.instance-id - The ID of the instance to which the network interface is attached.

  • attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.

  • attachment.status - The status of the attachment (attaching | attached | detaching | detached).

  • availability-zone - The Availability Zone of the network interface.

  • description - The description of the network interface.

  • group-id - The ID of a security group associated with the network interface.

  • group-name - The name of a security group associated with the network interface.

  • ipv6-addresses.ipv6-address - An IPv6 address associated with the network interface.

  • interface-type - The type of network interface (api_gateway_managed | aws_codestar_connections_managed | branch | efa | gateway_load_balancer | gateway_load_balancer_endpoint | global_accelerator_managed | interface | iot_rules_managed | lambda | load_balancer | nat_gateway | network_load_balancer | quicksight | transit_gateway | trunk | vpc_endpoint).

  • mac-address - The MAC address of the network interface.

  • network-interface-id - The ID of the network interface.

  • owner-id - The Amazon Web Services account ID of the network interface owner.

  • private-ip-address - The private IPv4 address or addresses of the network interface.

  • private-dns-name - The private DNS name of the network interface (IPv4).

  • requester-id - The alias or Amazon Web Services account ID of the principal or service that created the network interface.

  • requester-managed - Indicates whether the network interface is being managed by an Amazon Web Service (for example, Amazon Web Services Management Console, Auto Scaling, and so on).

  • source-dest-check - Indicates whether the network interface performs source/destination checking. A value of true means checking is enabled, and false means checking is disabled. The value must be false for the network interface to perform network address translation (NAT) in your VPC.

  • status - The status of the network interface. If the network interface is not attached to an instance, the status is available; if a network interface is attached to an instance the status is in-use.

  • subnet-id - The ID of the subnet for the network interface.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC for the network interface.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NetworkInterfaceId + in: query + required: false + description: '

One or more network interface IDs.

Default: Describes all your network interfaces.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - xml: + name: item + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results. You cannot specify this parameter and the network interface IDs parameter in the same request. + schema: + type: integer + minimum: 5 + maximum: 1000 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeNetworkInterfaces + operationId: POST_DescribeNetworkInterfaces + description: Describes one or more of your network interfaces. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInterfacesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeNetworkInterfacesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribePlacementGroups&Version=2016-11-15: + get: + x-aws-operation-name: DescribePlacementGroups + operationId: GET_DescribePlacementGroups + description: 'Describes the specified placement groups or all of your placement groups. For more information, see Placement groups in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribePlacementGroupsResult' + parameters: + - name: Filter + in: query + required: false + description: '

The filters.

  • group-name - The name of the placement group.

  • group-arn - The Amazon Resource Name (ARN) of the placement group.

  • state - The state of the placement group (pending | available | deleting | deleted).

  • strategy - The strategy of the placement group (cluster | spread | partition).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: GroupName + in: query + required: false + description: '

The names of the placement groups.

Default: Describes all your placement groups, or only those otherwise specified.

' + schema: + type: array + items: + $ref: '#/components/schemas/PlacementGroupName' + - name: GroupId + in: query + required: false + description: The IDs of the placement groups. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/PlacementGroupId' + - xml: + name: GroupId + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribePlacementGroups + operationId: POST_DescribePlacementGroups + description: 'Describes the specified placement groups or all of your placement groups. For more information, see Placement groups in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribePlacementGroupsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribePlacementGroupsRequest' + parameters: [] + /?Action=DescribePrefixLists&Version=2016-11-15: + get: + x-aws-operation-name: DescribePrefixLists + operationId: GET_DescribePrefixLists + description: '

Describes available Amazon Web Services services in a prefix list format, which includes the prefix list name and prefix list ID of the service and the IP address range for the service.

We recommend that you use DescribeManagedPrefixLists instead.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribePrefixListsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: '

One or more filters.

  • prefix-list-id: The ID of a prefix list.

  • prefix-list-name: The name of a prefix list.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: PrefixListId + in: query + required: false + description: One or more prefix list IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/PrefixListResourceId' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribePrefixLists + operationId: POST_DescribePrefixLists + description: '

Describes available Amazon Web Services services in a prefix list format, which includes the prefix list name and prefix list ID of the service and the IP address range for the service.

We recommend that you use DescribeManagedPrefixLists instead.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribePrefixListsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribePrefixListsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribePrincipalIdFormat&Version=2016-11-15: + get: + x-aws-operation-name: DescribePrincipalIdFormat + operationId: GET_DescribePrincipalIdFormat + description: '

Describes the ID format settings for the root user and all IAM roles and IAM users that have explicitly specified a longer ID (17-character ID) preference.

By default, all IAM roles and IAM users default to the same ID settings as the root user, unless they explicitly override the settings. This request is useful for identifying those IAM users and IAM roles that have overridden the default ID settings.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribePrincipalIdFormatResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Resource + in: query + required: false + description: 'The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway ' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. ' + schema: + type: integer + minimum: 1 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token to request the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribePrincipalIdFormat + operationId: POST_DescribePrincipalIdFormat + description: '

Describes the ID format settings for the root user and all IAM roles and IAM users that have explicitly specified a longer ID (17-character ID) preference.

By default, all IAM roles and IAM users default to the same ID settings as the root user, unless they explicitly override the settings. This request is useful for identifying those IAM users and IAM roles that have overridden the default ID settings.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribePrincipalIdFormatResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribePrincipalIdFormatRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribePublicIpv4Pools&Version=2016-11-15: + get: + x-aws-operation-name: DescribePublicIpv4Pools + operationId: GET_DescribePublicIpv4Pools + description: Describes the specified IPv4 address pools. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribePublicIpv4PoolsResult' + parameters: + - name: PoolId + in: query + required: false + description: The IDs of the address pools. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv4PoolEc2Id' + - xml: + name: item + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 1 + maximum: 10 + - name: Filter + in: query + required: false + description: '

One or more filters.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribePublicIpv4Pools + operationId: POST_DescribePublicIpv4Pools + description: Describes the specified IPv4 address pools. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribePublicIpv4PoolsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribePublicIpv4PoolsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeRegions&Version=2016-11-15: + get: + x-aws-operation-name: DescribeRegions + operationId: GET_DescribeRegions + description: '

Describes the Regions that are enabled for your account, or all Regions.

For a list of the Regions supported by Amazon EC2, see Amazon Elastic Compute Cloud endpoints and quotas.

For information about enabling and disabling Regions for your account, see Managing Amazon Web Services Regions in the Amazon Web Services General Reference.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeRegionsResult' + parameters: + - name: Filter + in: query + required: false + description: '

The filters.

  • endpoint - The endpoint of the Region (for example, ec2.us-east-1.amazonaws.com).

  • opt-in-status - The opt-in status of the Region (opt-in-not-required | opted-in | not-opted-in).

  • region-name - The name of the Region (for example, us-east-1).

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: RegionName + in: query + required: false + description: 'The names of the Regions. You can specify any Regions, whether they are enabled and disabled for your account.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: RegionName + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: AllRegions + in: query + required: false + description: 'Indicates whether to display all Regions, including Regions that are disabled for your account.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeRegions + operationId: POST_DescribeRegions + description: '

Describes the Regions that are enabled for your account, or all Regions.

For a list of the Regions supported by Amazon EC2, see Amazon Elastic Compute Cloud endpoints and quotas.

For information about enabling and disabling Regions for your account, see Managing Amazon Web Services Regions in the Amazon Web Services General Reference.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeRegionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeRegionsRequest' + parameters: [] + /?Action=DescribeReplaceRootVolumeTasks&Version=2016-11-15: + get: + x-aws-operation-name: DescribeReplaceRootVolumeTasks + operationId: GET_DescribeReplaceRootVolumeTasks + description: 'Describes a root volume replacement task. For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeReplaceRootVolumeTasksResult' + parameters: + - name: ReplaceRootVolumeTaskId + in: query + required: false + description: The ID of the root volume replacement task to view. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReplaceRootVolumeTaskId' + - xml: + name: ReplaceRootVolumeTaskId + - name: Filter + in: query + required: false + description: '

Filter to use:

  • instance-id - The ID of the instance for which the root volume replacement task was created.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 1 + maximum: 50 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeReplaceRootVolumeTasks + operationId: POST_DescribeReplaceRootVolumeTasks + description: 'Describes a root volume replacement task. For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeReplaceRootVolumeTasksResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeReplaceRootVolumeTasksRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeReservedInstances&Version=2016-11-15: + get: + x-aws-operation-name: DescribeReservedInstances + operationId: GET_DescribeReservedInstances + description: '

Describes one or more of the Reserved Instances that you purchased.

For more information about Reserved Instances, see Reserved Instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeReservedInstancesResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • availability-zone - The Availability Zone where the Reserved Instance can be used.

  • duration - The duration of the Reserved Instance (one year or three years), in seconds (31536000 | 94608000).

  • end - The time when the Reserved Instance expires (for example, 2015-08-07T11:54:42.000Z).

  • fixed-price - The purchase price of the Reserved Instance (for example, 9800.0).

  • instance-type - The instance type that is covered by the reservation.

  • scope - The scope of the Reserved Instance (Region or Availability Zone).

  • product-description - The Reserved Instance product platform description. Instances that include (Amazon VPC) in the product platform description will only be displayed to EC2-Classic account holders and are for use with Amazon VPC (Linux/UNIX | Linux/UNIX (Amazon VPC) | SUSE Linux | SUSE Linux (Amazon VPC) | Red Hat Enterprise Linux | Red Hat Enterprise Linux (Amazon VPC) | Red Hat Enterprise Linux with HA (Amazon VPC) | Windows | Windows (Amazon VPC) | Windows with SQL Server Standard | Windows with SQL Server Standard (Amazon VPC) | Windows with SQL Server Web | Windows with SQL Server Web (Amazon VPC) | Windows with SQL Server Enterprise | Windows with SQL Server Enterprise (Amazon VPC)).

  • reserved-instances-id - The ID of the Reserved Instance.

  • start - The time at which the Reserved Instance purchase request was placed (for example, 2014-08-07T11:54:42.000Z).

  • state - The state of the Reserved Instance (payment-pending | active | payment-failed | retired).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • usage-price - The usage price of the Reserved Instance, per hour (for example, 0.84).

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: OfferingClass + in: query + required: false + description: Describes whether the Reserved Instance is Standard or Convertible. + schema: + type: string + enum: + - standard + - convertible + - name: ReservedInstancesId + in: query + required: false + description: '

One or more Reserved Instance IDs.

Default: Describes all your Reserved Instances, or only those otherwise specified.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservationId' + - xml: + name: ReservedInstancesId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: OfferingType + in: query + required: false + description: 'The Reserved Instance offering type. If you are using tools that predate the 2011-11-01 API version, you only have access to the Medium Utilization Reserved Instance offering type.' + schema: + type: string + enum: + - Heavy Utilization + - Medium Utilization + - Light Utilization + - No Upfront + - Partial Upfront + - All Upfront + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeReservedInstances + operationId: POST_DescribeReservedInstances + description: '

Describes one or more of the Reserved Instances that you purchased.

For more information about Reserved Instances, see Reserved Instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeReservedInstancesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeReservedInstancesRequest' + parameters: [] + /?Action=DescribeReservedInstancesListings&Version=2016-11-15: + get: + x-aws-operation-name: DescribeReservedInstancesListings + operationId: GET_DescribeReservedInstancesListings + description: '

Describes your account''s Reserved Instance listings in the Reserved Instance Marketplace.

The Reserved Instance Marketplace matches sellers who want to resell Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.

As a seller, you choose to list some or all of your Reserved Instances, and you specify the upfront price to receive for them. Your Reserved Instances are then listed in the Reserved Instance Marketplace and are available for purchase.

As a buyer, you specify the configuration of the Reserved Instance to purchase, and the Marketplace matches what you''re searching for with what''s available. The Marketplace first sells the lowest priced Reserved Instances to you, and continues to sell available Reserved Instance listings to you until your demand is met. You are charged based on the total price of all of the listings that you purchase.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeReservedInstancesListingsResult' + parameters: + - name: Filter + in: query + required: false + description:

One or more filters.

  • reserved-instances-id - The ID of the Reserved Instances.

  • reserved-instances-listing-id - The ID of the Reserved Instances listing.

  • status - The status of the Reserved Instance listing (pending | active | cancelled | closed).

  • status-message - The reason for the status.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: ReservedInstancesId + in: query + required: false + description: One or more Reserved Instance IDs. + schema: + type: string + - name: ReservedInstancesListingId + in: query + required: false + description: One or more Reserved Instance listing IDs. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeReservedInstancesListings + operationId: POST_DescribeReservedInstancesListings + description: '

Describes your account''s Reserved Instance listings in the Reserved Instance Marketplace.

The Reserved Instance Marketplace matches sellers who want to resell Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.

As a seller, you choose to list some or all of your Reserved Instances, and you specify the upfront price to receive for them. Your Reserved Instances are then listed in the Reserved Instance Marketplace and are available for purchase.

As a buyer, you specify the configuration of the Reserved Instance to purchase, and the Marketplace matches what you''re searching for with what''s available. The Marketplace first sells the lowest priced Reserved Instances to you, and continues to sell available Reserved Instance listings to you until your demand is met. You are charged based on the total price of all of the listings that you purchase.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeReservedInstancesListingsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeReservedInstancesListingsRequest' + parameters: [] + /?Action=DescribeReservedInstancesModifications&Version=2016-11-15: + get: + x-aws-operation-name: DescribeReservedInstancesModifications + operationId: GET_DescribeReservedInstancesModifications + description: '

Describes the modifications made to your Reserved Instances. If no parameter is specified, information about all your Reserved Instances modification requests is returned. If a modification ID is specified, only information about the specific modification is returned.

For more information, see Modifying Reserved Instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeReservedInstancesModificationsResult' + parameters: + - name: Filter + in: query + required: false + description:

One or more filters.

  • client-token - The idempotency token for the modification request.

  • create-date - The time when the modification request was created.

  • effective-date - The time when the modification becomes effective.

  • modification-result.reserved-instances-id - The ID for the Reserved Instances created as part of the modification request. This ID is only available when the status of the modification is fulfilled.

  • modification-result.target-configuration.availability-zone - The Availability Zone for the new Reserved Instances.

  • modification-result.target-configuration.instance-count - The number of new Reserved Instances.

  • modification-result.target-configuration.instance-type - The instance type of the new Reserved Instances.

  • modification-result.target-configuration.platform - The network platform of the new Reserved Instances (EC2-Classic | EC2-VPC).

  • reserved-instances-id - The ID of the Reserved Instances modified.

  • reserved-instances-modification-id - The ID of the modification request.

  • status - The status of the Reserved Instances modification request (processing | fulfilled | failed).

  • status-message - The reason for the status.

  • update-date - The time when the modification request was last updated.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: ReservedInstancesModificationId + in: query + required: false + description: IDs for the submitted modification request. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservedInstancesModificationId' + - xml: + name: ReservedInstancesModificationId + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeReservedInstancesModifications + operationId: POST_DescribeReservedInstancesModifications + description: '

Describes the modifications made to your Reserved Instances. If no parameter is specified, information about all your Reserved Instances modification requests is returned. If a modification ID is specified, only information about the specific modification is returned.

For more information, see Modifying Reserved Instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeReservedInstancesModificationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeReservedInstancesModificationsRequest' + parameters: + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeReservedInstancesOfferings&Version=2016-11-15: + get: + x-aws-operation-name: DescribeReservedInstancesOfferings + operationId: GET_DescribeReservedInstancesOfferings + description: '

Describes Reserved Instance offerings that are available for purchase. With Reserved Instances, you purchase the right to launch instances for a period of time. During that time period, you do not receive insufficient capacity errors, and you pay a lower usage rate than the rate charged for On-Demand instances for the actual time used.

If you have listed your own Reserved Instances for sale in the Reserved Instance Marketplace, they will be excluded from these results. This is to ensure that you do not purchase your own Reserved Instances.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeReservedInstancesOfferingsResult' + parameters: + - name: AvailabilityZone + in: query + required: false + description: The Availability Zone in which the Reserved Instance can be used. + schema: + type: string + - name: Filter + in: query + required: false + description: '

One or more filters.

  • availability-zone - The Availability Zone where the Reserved Instance can be used.

  • duration - The duration of the Reserved Instance (for example, one year or three years), in seconds (31536000 | 94608000).

  • fixed-price - The purchase price of the Reserved Instance (for example, 9800.0).

  • instance-type - The instance type that is covered by the reservation.

  • marketplace - Set to true to show only Reserved Instance Marketplace offerings. When this filter is not used, which is the default behavior, all offerings from both Amazon Web Services and the Reserved Instance Marketplace are listed.

  • product-description - The Reserved Instance product platform description. Instances that include (Amazon VPC) in the product platform description will only be displayed to EC2-Classic account holders and are for use with Amazon VPC. (Linux/UNIX | Linux/UNIX (Amazon VPC) | SUSE Linux | SUSE Linux (Amazon VPC) | Red Hat Enterprise Linux | Red Hat Enterprise Linux (Amazon VPC) | Red Hat Enterprise Linux with HA (Amazon VPC) | Windows | Windows (Amazon VPC) | Windows with SQL Server Standard | Windows with SQL Server Standard (Amazon VPC) | Windows with SQL Server Web | Windows with SQL Server Web (Amazon VPC) | Windows with SQL Server Enterprise | Windows with SQL Server Enterprise (Amazon VPC))

  • reserved-instances-offering-id - The Reserved Instances offering ID.

  • scope - The scope of the Reserved Instance (Availability Zone or Region).

  • usage-price - The usage price of the Reserved Instance, per hour (for example, 0.84).

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: IncludeMarketplace + in: query + required: false + description: Include Reserved Instance Marketplace offerings in the response. + schema: + type: boolean + - name: InstanceType + in: query + required: false + description: 'The instance type that the reservation will cover (for example, m1.small). For more information, see Instance types in the Amazon EC2 User Guide.' + schema: + type: string + enum: + - a1.medium + - a1.large + - a1.xlarge + - a1.2xlarge + - a1.4xlarge + - a1.metal + - c1.medium + - c1.xlarge + - c3.large + - c3.xlarge + - c3.2xlarge + - c3.4xlarge + - c3.8xlarge + - c4.large + - c4.xlarge + - c4.2xlarge + - c4.4xlarge + - c4.8xlarge + - c5.large + - c5.xlarge + - c5.2xlarge + - c5.4xlarge + - c5.9xlarge + - c5.12xlarge + - c5.18xlarge + - c5.24xlarge + - c5.metal + - c5a.large + - c5a.xlarge + - c5a.2xlarge + - c5a.4xlarge + - c5a.8xlarge + - c5a.12xlarge + - c5a.16xlarge + - c5a.24xlarge + - c5ad.large + - c5ad.xlarge + - c5ad.2xlarge + - c5ad.4xlarge + - c5ad.8xlarge + - c5ad.12xlarge + - c5ad.16xlarge + - c5ad.24xlarge + - c5d.large + - c5d.xlarge + - c5d.2xlarge + - c5d.4xlarge + - c5d.9xlarge + - c5d.12xlarge + - c5d.18xlarge + - c5d.24xlarge + - c5d.metal + - c5n.large + - c5n.xlarge + - c5n.2xlarge + - c5n.4xlarge + - c5n.9xlarge + - c5n.18xlarge + - c5n.metal + - c6g.medium + - c6g.large + - c6g.xlarge + - c6g.2xlarge + - c6g.4xlarge + - c6g.8xlarge + - c6g.12xlarge + - c6g.16xlarge + - c6g.metal + - c6gd.medium + - c6gd.large + - c6gd.xlarge + - c6gd.2xlarge + - c6gd.4xlarge + - c6gd.8xlarge + - c6gd.12xlarge + - c6gd.16xlarge + - c6gd.metal + - c6gn.medium + - c6gn.large + - c6gn.xlarge + - c6gn.2xlarge + - c6gn.4xlarge + - c6gn.8xlarge + - c6gn.12xlarge + - c6gn.16xlarge + - c6i.large + - c6i.xlarge + - c6i.2xlarge + - c6i.4xlarge + - c6i.8xlarge + - c6i.12xlarge + - c6i.16xlarge + - c6i.24xlarge + - c6i.32xlarge + - c6i.metal + - cc1.4xlarge + - cc2.8xlarge + - cg1.4xlarge + - cr1.8xlarge + - d2.xlarge + - d2.2xlarge + - d2.4xlarge + - d2.8xlarge + - d3.xlarge + - d3.2xlarge + - d3.4xlarge + - d3.8xlarge + - d3en.xlarge + - d3en.2xlarge + - d3en.4xlarge + - d3en.6xlarge + - d3en.8xlarge + - d3en.12xlarge + - dl1.24xlarge + - f1.2xlarge + - f1.4xlarge + - f1.16xlarge + - g2.2xlarge + - g2.8xlarge + - g3.4xlarge + - g3.8xlarge + - g3.16xlarge + - g3s.xlarge + - g4ad.xlarge + - g4ad.2xlarge + - g4ad.4xlarge + - g4ad.8xlarge + - g4ad.16xlarge + - g4dn.xlarge + - g4dn.2xlarge + - g4dn.4xlarge + - g4dn.8xlarge + - g4dn.12xlarge + - g4dn.16xlarge + - g4dn.metal + - g5.xlarge + - g5.2xlarge + - g5.4xlarge + - g5.8xlarge + - g5.12xlarge + - g5.16xlarge + - g5.24xlarge + - g5.48xlarge + - g5g.xlarge + - g5g.2xlarge + - g5g.4xlarge + - g5g.8xlarge + - g5g.16xlarge + - g5g.metal + - hi1.4xlarge + - hpc6a.48xlarge + - hs1.8xlarge + - h1.2xlarge + - h1.4xlarge + - h1.8xlarge + - h1.16xlarge + - i2.xlarge + - i2.2xlarge + - i2.4xlarge + - i2.8xlarge + - i3.large + - i3.xlarge + - i3.2xlarge + - i3.4xlarge + - i3.8xlarge + - i3.16xlarge + - i3.metal + - i3en.large + - i3en.xlarge + - i3en.2xlarge + - i3en.3xlarge + - i3en.6xlarge + - i3en.12xlarge + - i3en.24xlarge + - i3en.metal + - im4gn.large + - im4gn.xlarge + - im4gn.2xlarge + - im4gn.4xlarge + - im4gn.8xlarge + - im4gn.16xlarge + - inf1.xlarge + - inf1.2xlarge + - inf1.6xlarge + - inf1.24xlarge + - is4gen.medium + - is4gen.large + - is4gen.xlarge + - is4gen.2xlarge + - is4gen.4xlarge + - is4gen.8xlarge + - m1.small + - m1.medium + - m1.large + - m1.xlarge + - m2.xlarge + - m2.2xlarge + - m2.4xlarge + - m3.medium + - m3.large + - m3.xlarge + - m3.2xlarge + - m4.large + - m4.xlarge + - m4.2xlarge + - m4.4xlarge + - m4.10xlarge + - m4.16xlarge + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + - m5ad.large + - m5ad.xlarge + - m5ad.2xlarge + - m5ad.4xlarge + - m5ad.8xlarge + - m5ad.12xlarge + - m5ad.16xlarge + - m5ad.24xlarge + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5dn.large + - m5dn.xlarge + - m5dn.2xlarge + - m5dn.4xlarge + - m5dn.8xlarge + - m5dn.12xlarge + - m5dn.16xlarge + - m5dn.24xlarge + - m5dn.metal + - m5n.large + - m5n.xlarge + - m5n.2xlarge + - m5n.4xlarge + - m5n.8xlarge + - m5n.12xlarge + - m5n.16xlarge + - m5n.24xlarge + - m5n.metal + - m5zn.large + - m5zn.xlarge + - m5zn.2xlarge + - m5zn.3xlarge + - m5zn.6xlarge + - m5zn.12xlarge + - m5zn.metal + - m6a.large + - m6a.xlarge + - m6a.2xlarge + - m6a.4xlarge + - m6a.8xlarge + - m6a.12xlarge + - m6a.16xlarge + - m6a.24xlarge + - m6a.32xlarge + - m6a.48xlarge + - m6g.metal + - m6g.medium + - m6g.large + - m6g.xlarge + - m6g.2xlarge + - m6g.4xlarge + - m6g.8xlarge + - m6g.12xlarge + - m6g.16xlarge + - m6gd.metal + - m6gd.medium + - m6gd.large + - m6gd.xlarge + - m6gd.2xlarge + - m6gd.4xlarge + - m6gd.8xlarge + - m6gd.12xlarge + - m6gd.16xlarge + - m6i.large + - m6i.xlarge + - m6i.2xlarge + - m6i.4xlarge + - m6i.8xlarge + - m6i.12xlarge + - m6i.16xlarge + - m6i.24xlarge + - m6i.32xlarge + - m6i.metal + - mac1.metal + - p2.xlarge + - p2.8xlarge + - p2.16xlarge + - p3.2xlarge + - p3.8xlarge + - p3.16xlarge + - p3dn.24xlarge + - p4d.24xlarge + - r3.large + - r3.xlarge + - r3.2xlarge + - r3.4xlarge + - r3.8xlarge + - r4.large + - r4.xlarge + - r4.2xlarge + - r4.4xlarge + - r4.8xlarge + - r4.16xlarge + - r5.large + - r5.xlarge + - r5.2xlarge + - r5.4xlarge + - r5.8xlarge + - r5.12xlarge + - r5.16xlarge + - r5.24xlarge + - r5.metal + - r5a.large + - r5a.xlarge + - r5a.2xlarge + - r5a.4xlarge + - r5a.8xlarge + - r5a.12xlarge + - r5a.16xlarge + - r5a.24xlarge + - r5ad.large + - r5ad.xlarge + - r5ad.2xlarge + - r5ad.4xlarge + - r5ad.8xlarge + - r5ad.12xlarge + - r5ad.16xlarge + - r5ad.24xlarge + - r5b.large + - r5b.xlarge + - r5b.2xlarge + - r5b.4xlarge + - r5b.8xlarge + - r5b.12xlarge + - r5b.16xlarge + - r5b.24xlarge + - r5b.metal + - r5d.large + - r5d.xlarge + - r5d.2xlarge + - r5d.4xlarge + - r5d.8xlarge + - r5d.12xlarge + - r5d.16xlarge + - r5d.24xlarge + - r5d.metal + - r5dn.large + - r5dn.xlarge + - r5dn.2xlarge + - r5dn.4xlarge + - r5dn.8xlarge + - r5dn.12xlarge + - r5dn.16xlarge + - r5dn.24xlarge + - r5dn.metal + - r5n.large + - r5n.xlarge + - r5n.2xlarge + - r5n.4xlarge + - r5n.8xlarge + - r5n.12xlarge + - r5n.16xlarge + - r5n.24xlarge + - r5n.metal + - r6g.medium + - r6g.large + - r6g.xlarge + - r6g.2xlarge + - r6g.4xlarge + - r6g.8xlarge + - r6g.12xlarge + - r6g.16xlarge + - r6g.metal + - r6gd.medium + - r6gd.large + - r6gd.xlarge + - r6gd.2xlarge + - r6gd.4xlarge + - r6gd.8xlarge + - r6gd.12xlarge + - r6gd.16xlarge + - r6gd.metal + - r6i.large + - r6i.xlarge + - r6i.2xlarge + - r6i.4xlarge + - r6i.8xlarge + - r6i.12xlarge + - r6i.16xlarge + - r6i.24xlarge + - r6i.32xlarge + - r6i.metal + - t1.micro + - t2.nano + - t2.micro + - t2.small + - t2.medium + - t2.large + - t2.xlarge + - t2.2xlarge + - t3.nano + - t3.micro + - t3.small + - t3.medium + - t3.large + - t3.xlarge + - t3.2xlarge + - t3a.nano + - t3a.micro + - t3a.small + - t3a.medium + - t3a.large + - t3a.xlarge + - t3a.2xlarge + - t4g.nano + - t4g.micro + - t4g.small + - t4g.medium + - t4g.large + - t4g.xlarge + - t4g.2xlarge + - u-6tb1.56xlarge + - u-6tb1.112xlarge + - u-9tb1.112xlarge + - u-12tb1.112xlarge + - u-6tb1.metal + - u-9tb1.metal + - u-12tb1.metal + - u-18tb1.metal + - u-24tb1.metal + - vt1.3xlarge + - vt1.6xlarge + - vt1.24xlarge + - x1.16xlarge + - x1.32xlarge + - x1e.xlarge + - x1e.2xlarge + - x1e.4xlarge + - x1e.8xlarge + - x1e.16xlarge + - x1e.32xlarge + - x2iezn.2xlarge + - x2iezn.4xlarge + - x2iezn.6xlarge + - x2iezn.8xlarge + - x2iezn.12xlarge + - x2iezn.metal + - x2gd.medium + - x2gd.large + - x2gd.xlarge + - x2gd.2xlarge + - x2gd.4xlarge + - x2gd.8xlarge + - x2gd.12xlarge + - x2gd.16xlarge + - x2gd.metal + - z1d.large + - z1d.xlarge + - z1d.2xlarge + - z1d.3xlarge + - z1d.6xlarge + - z1d.12xlarge + - z1d.metal + - x2idn.16xlarge + - x2idn.24xlarge + - x2idn.32xlarge + - x2iedn.xlarge + - x2iedn.2xlarge + - x2iedn.4xlarge + - x2iedn.8xlarge + - x2iedn.16xlarge + - x2iedn.24xlarge + - x2iedn.32xlarge + - c6a.large + - c6a.xlarge + - c6a.2xlarge + - c6a.4xlarge + - c6a.8xlarge + - c6a.12xlarge + - c6a.16xlarge + - c6a.24xlarge + - c6a.32xlarge + - c6a.48xlarge + - c6a.metal + - m6a.metal + - i4i.large + - i4i.xlarge + - i4i.2xlarge + - i4i.4xlarge + - i4i.8xlarge + - i4i.16xlarge + - i4i.32xlarge + - name: MaxDuration + in: query + required: false + description: '

The maximum duration (in seconds) to filter when searching for offerings.

Default: 94608000 (3 years)

' + schema: + type: integer + - name: MaxInstanceCount + in: query + required: false + description: '

The maximum number of instances to filter when searching for offerings.

Default: 20

' + schema: + type: integer + - name: MinDuration + in: query + required: false + description: '

The minimum duration (in seconds) to filter when searching for offerings.

Default: 2592000 (1 month)

' + schema: + type: integer + - name: OfferingClass + in: query + required: false + description: The offering class of the Reserved Instance. Can be standard or convertible. + schema: + type: string + enum: + - standard + - convertible + - name: ProductDescription + in: query + required: false + description: The Reserved Instance product platform description. Instances that include (Amazon VPC) in the description are for use with Amazon VPC. + schema: + type: string + enum: + - Linux/UNIX + - Linux/UNIX (Amazon VPC) + - Windows + - Windows (Amazon VPC) + - name: ReservedInstancesOfferingId + in: query + required: false + description: One or more Reserved Instances offering IDs. + schema: + type: array + items: + $ref: '#/components/schemas/ReservedInstancesOfferingId' + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceTenancy + in: query + required: false + description: '

The tenancy of the instances covered by the reservation. A Reserved Instance with a tenancy of dedicated is applied to instances that run in a VPC on single-tenant hardware (i.e., Dedicated Instances).

Important: The host value cannot be used with this parameter. Use the default or dedicated values only.

Default: default

' + schema: + type: string + enum: + - default + - dedicated + - host + - name: MaxResults + in: query + required: false + description: '

The maximum number of results to return for the request in a single page. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. The maximum is 100.

Default: 100

' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + - name: OfferingType + in: query + required: false + description: 'The Reserved Instance offering type. If you are using tools that predate the 2011-11-01 API version, you only have access to the Medium Utilization Reserved Instance offering type. ' + schema: + type: string + enum: + - Heavy Utilization + - Medium Utilization + - Light Utilization + - No Upfront + - Partial Upfront + - All Upfront + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeReservedInstancesOfferings + operationId: POST_DescribeReservedInstancesOfferings + description: '

Describes Reserved Instance offerings that are available for purchase. With Reserved Instances, you purchase the right to launch instances for a period of time. During that time period, you do not receive insufficient capacity errors, and you pay a lower usage rate than the rate charged for On-Demand instances for the actual time used.

If you have listed your own Reserved Instances for sale in the Reserved Instance Marketplace, they will be excluded from these results. This is to ensure that you do not purchase your own Reserved Instances.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeReservedInstancesOfferingsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeReservedInstancesOfferingsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeRouteTables&Version=2016-11-15: + get: + x-aws-operation-name: DescribeRouteTables + operationId: GET_DescribeRouteTables + description: '

Describes one or more of your route tables.

Each subnet in your VPC must be associated with a route table. If a subnet is not explicitly associated with any route table, it is implicitly associated with the main route table. This command does not return the subnet ID for implicit associations.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeRouteTablesResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • association.route-table-association-id - The ID of an association ID for the route table.

  • association.route-table-id - The ID of the route table involved in the association.

  • association.subnet-id - The ID of the subnet involved in the association.

  • association.main - Indicates whether the route table is the main route table for the VPC (true | false). Route tables that do not have an association ID are not returned in the response.

  • owner-id - The ID of the Amazon Web Services account that owns the route table.

  • route-table-id - The ID of the route table.

  • route.destination-cidr-block - The IPv4 CIDR range specified in a route in the table.

  • route.destination-ipv6-cidr-block - The IPv6 CIDR range specified in a route in the route table.

  • route.destination-prefix-list-id - The ID (prefix) of the Amazon Web Service specified in a route in the table.

  • route.egress-only-internet-gateway-id - The ID of an egress-only Internet gateway specified in a route in the route table.

  • route.gateway-id - The ID of a gateway specified in a route in the table.

  • route.instance-id - The ID of an instance specified in a route in the table.

  • route.nat-gateway-id - The ID of a NAT gateway.

  • route.transit-gateway-id - The ID of a transit gateway.

  • route.origin - Describes how the route was created. CreateRouteTable indicates that the route was automatically created when the route table was created; CreateRoute indicates that the route was manually added to the route table; EnableVgwRoutePropagation indicates that the route was propagated by route propagation.

  • route.state - The state of a route in the route table (active | blackhole). The blackhole state indicates that the route''s target isn''t available (for example, the specified gateway isn''t attached to the VPC, the specified NAT instance has been terminated, and so on).

  • route.vpc-peering-connection-id - The ID of a VPC peering connection specified in a route in the table.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC for the route table.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: RouteTableId + in: query + required: false + description: '

One or more route table IDs.

Default: Describes all your route tables.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/RouteTableId' + - xml: + name: item + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 100 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeRouteTables + operationId: POST_DescribeRouteTables + description: '

Describes one or more of your route tables.

Each subnet in your VPC must be associated with a route table. If a subnet is not explicitly associated with any route table, it is implicitly associated with the main route table. This command does not return the subnet ID for implicit associations.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeRouteTablesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeRouteTablesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeScheduledInstanceAvailability&Version=2016-11-15: + get: + x-aws-operation-name: DescribeScheduledInstanceAvailability + operationId: GET_DescribeScheduledInstanceAvailability + description: '

Finds available schedules that meet the specified criteria.

You can search for an available schedule no more than 3 months in advance. You must meet the minimum required duration of 1,200 hours per year. For example, the minimum daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the minimum monthly schedule is 100 hours.

After you find a schedule that meets your needs, call PurchaseScheduledInstances to purchase Scheduled Instances with that schedule.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeScheduledInstanceAvailabilityResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: '

The filters.

  • availability-zone - The Availability Zone (for example, us-west-2a).

  • instance-type - The instance type (for example, c4.large).

  • network-platform - The network platform (EC2-Classic or EC2-VPC).

  • platform - The platform (Linux/UNIX or Windows).

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: FirstSlotStartTimeRange + in: query + required: true + description: The time period for the first schedule to start. + schema: + type: object + required: + - EarliestTime + - LatestTime + properties: + undefined: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The latest date and time, in UTC, for the Scheduled Instance to start. This value must be later than or equal to the earliest date and at most three months in the future.' + description: Describes the time period for a Scheduled Instance to start its first schedule. The time period must span less than one day. + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. This value can be between 5 and 300. The default value is 300. To retrieve the remaining results, make another call with the returned NextToken value.' + schema: + type: integer + minimum: 5 + maximum: 300 + - name: MaxSlotDurationInHours + in: query + required: false + description: 'The maximum available duration, in hours. This value must be greater than MinSlotDurationInHours and less than 1,720.' + schema: + type: integer + - name: MinSlotDurationInHours + in: query + required: false + description: 'The minimum available duration, in hours. The minimum required duration is 1,200 hours per year. For example, the minimum daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the minimum monthly schedule is 100 hours.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token for the next set of results. + schema: + type: string + - name: Recurrence + in: query + required: true + description: The schedule recurrence. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The interval quantity. The interval unit depends on the value of Frequency. For example, every 2 weeks or every 2 months.' + OccurrenceDay: + allOf: + - $ref: '#/components/schemas/String' + - description: The unit for OccurrenceDays (DayOfWeek or DayOfMonth). This value is required for a monthly schedule. You can't specify DayOfWeek with a weekly schedule. You can't specify this value with a daily schedule. + description: Describes the recurring schedule for a Scheduled Instance. + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeScheduledInstanceAvailability + operationId: POST_DescribeScheduledInstanceAvailability + description: '

Finds available schedules that meet the specified criteria.

You can search for an available schedule no more than 3 months in advance. You must meet the minimum required duration of 1,200 hours per year. For example, the minimum daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the minimum monthly schedule is 100 hours.

After you find a schedule that meets your needs, call PurchaseScheduledInstances to purchase Scheduled Instances with that schedule.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeScheduledInstanceAvailabilityResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeScheduledInstanceAvailabilityRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeScheduledInstances&Version=2016-11-15: + get: + x-aws-operation-name: DescribeScheduledInstances + operationId: GET_DescribeScheduledInstances + description: Describes the specified Scheduled Instances or all your Scheduled Instances. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeScheduledInstancesResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: '

The filters.

  • availability-zone - The Availability Zone (for example, us-west-2a).

  • instance-type - The instance type (for example, c4.large).

  • network-platform - The network platform (EC2-Classic or EC2-VPC).

  • platform - The platform (Linux/UNIX or Windows).

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. This value can be between 5 and 300. The default value is 100. To retrieve the remaining results, make another call with the returned NextToken value.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token for the next set of results. + schema: + type: string + - name: ScheduledInstanceId + in: query + required: false + description: The Scheduled Instance IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ScheduledInstanceId' + - xml: + name: ScheduledInstanceId + - name: SlotStartTimeRange + in: query + required: false + description: The time period for the first schedule to start. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The latest date and time, in UTC, for the Scheduled Instance to start.' + description: Describes the time period for a Scheduled Instance to start its first schedule. + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeScheduledInstances + operationId: POST_DescribeScheduledInstances + description: Describes the specified Scheduled Instances or all your Scheduled Instances. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeScheduledInstancesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeScheduledInstancesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeSecurityGroupReferences&Version=2016-11-15: + get: + x-aws-operation-name: DescribeSecurityGroupReferences + operationId: GET_DescribeSecurityGroupReferences + description: '[VPC only] Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you''ve specified in this request.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSecurityGroupReferencesResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: GroupId + in: query + required: true + description: The IDs of the security groups in your account. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeSecurityGroupReferences + operationId: POST_DescribeSecurityGroupReferences + description: '[VPC only] Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you''ve specified in this request.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSecurityGroupReferencesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSecurityGroupReferencesRequest' + parameters: [] + /?Action=DescribeSecurityGroupRules&Version=2016-11-15: + get: + x-aws-operation-name: DescribeSecurityGroupRules + operationId: GET_DescribeSecurityGroupRules + description: Describes one or more of your security group rules. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSecurityGroupRulesResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • group-id - The ID of the security group.

  • security-group-rule-id - The ID of the security group rule.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: SecurityGroupRuleId + in: query + required: false + description: The IDs of the security group rules. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another request with the returned NextToken value. This value can be between 5 and 1000. If this parameter is not specified, then all results are returned.' + schema: + type: integer + minimum: 5 + maximum: 1000 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeSecurityGroupRules + operationId: POST_DescribeSecurityGroupRules + description: Describes one or more of your security group rules. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSecurityGroupRulesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSecurityGroupRulesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeSecurityGroups&Version=2016-11-15: + get: + x-aws-operation-name: DescribeSecurityGroups + operationId: GET_DescribeSecurityGroups + description: '

Describes the specified security groups or all of your security groups.

A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For more information, see Amazon EC2 security groups in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSecurityGroupsResult' + parameters: + - name: Filter + in: query + required: false + description: '

The filters. If using multiple filters for rules, the results include security groups for which any combination of rules - not necessarily a single rule - match all filters.

  • description - The description of the security group.

  • egress.ip-permission.cidr - An IPv4 CIDR block for an outbound security group rule.

  • egress.ip-permission.from-port - For an outbound rule, the start of port range for the TCP and UDP protocols, or an ICMP type number.

  • egress.ip-permission.group-id - The ID of a security group that has been referenced in an outbound security group rule.

  • egress.ip-permission.group-name - The name of a security group that is referenced in an outbound security group rule.

  • egress.ip-permission.ipv6-cidr - An IPv6 CIDR block for an outbound security group rule.

  • egress.ip-permission.prefix-list-id - The ID of a prefix list to which a security group rule allows outbound access.

  • egress.ip-permission.protocol - The IP protocol for an outbound security group rule (tcp | udp | icmp, a protocol number, or -1 for all protocols).

  • egress.ip-permission.to-port - For an outbound rule, the end of port range for the TCP and UDP protocols, or an ICMP code.

  • egress.ip-permission.user-id - The ID of an Amazon Web Services account that has been referenced in an outbound security group rule.

  • group-id - The ID of the security group.

  • group-name - The name of the security group.

  • ip-permission.cidr - An IPv4 CIDR block for an inbound security group rule.

  • ip-permission.from-port - For an inbound rule, the start of port range for the TCP and UDP protocols, or an ICMP type number.

  • ip-permission.group-id - The ID of a security group that has been referenced in an inbound security group rule.

  • ip-permission.group-name - The name of a security group that is referenced in an inbound security group rule.

  • ip-permission.ipv6-cidr - An IPv6 CIDR block for an inbound security group rule.

  • ip-permission.prefix-list-id - The ID of a prefix list from which a security group rule allows inbound access.

  • ip-permission.protocol - The IP protocol for an inbound security group rule (tcp | udp | icmp, a protocol number, or -1 for all protocols).

  • ip-permission.to-port - For an inbound rule, the end of port range for the TCP and UDP protocols, or an ICMP code.

  • ip-permission.user-id - The ID of an Amazon Web Services account that has been referenced in an inbound security group rule.

  • owner-id - The Amazon Web Services account ID of the owner of the security group.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC specified when the security group was created.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: GroupId + in: query + required: false + description: '

The IDs of the security groups. Required for security groups in a nondefault VPC.

Default: Describes all of your security groups.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: groupId + - name: GroupName + in: query + required: false + description: '

[EC2-Classic and default VPC only] The names of the security groups. You can specify either the security group name or the security group ID. For security groups in a nondefault VPC, use the group-name filter to describe security groups by name.

Default: Describes all of your security groups.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupName' + - xml: + name: GroupName + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NextToken + in: query + required: false + description: The token to request the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another request with the returned NextToken value. This value can be between 5 and 1000. If this parameter is not specified, then all results are returned.' + schema: + type: integer + minimum: 5 + maximum: 1000 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeSecurityGroups + operationId: POST_DescribeSecurityGroups + description: '

Describes the specified security groups or all of your security groups.

A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For more information, see Amazon EC2 security groups in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSecurityGroupsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSecurityGroupsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeSnapshotAttribute&Version=2016-11-15: + get: + x-aws-operation-name: DescribeSnapshotAttribute + operationId: GET_DescribeSnapshotAttribute + description: '

Describes the specified attribute of the specified snapshot. You can specify only one attribute at a time.

For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSnapshotAttributeResult' + parameters: + - name: Attribute + in: query + required: true + description: The snapshot attribute you would like to view. + schema: + type: string + enum: + - productCodes + - createVolumePermission + - name: SnapshotId + in: query + required: true + description: The ID of the EBS snapshot. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeSnapshotAttribute + operationId: POST_DescribeSnapshotAttribute + description: '

Describes the specified attribute of the specified snapshot. You can specify only one attribute at a time.

For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSnapshotAttributeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSnapshotAttributeRequest' + parameters: [] + /?Action=DescribeSnapshotTierStatus&Version=2016-11-15: + get: + x-aws-operation-name: DescribeSnapshotTierStatus + operationId: GET_DescribeSnapshotTierStatus + description: Describes the storage tier status of one or more Amazon EBS snapshots. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSnapshotTierStatusResult' + parameters: + - name: Filter + in: query + required: false + description:

The filters.

  • snapshot-id - The snapshot ID.

  • volume-id - The ID of the volume the snapshot is for.

  • last-tiering-operation - The state of the last archive or restore action. (archival-in-progress | archival-completed | archival-failed | permanent-restore-in-progress | permanent-restore-completed | permanent-restore-failed | temporary-restore-in-progress | temporary-restore-completed | temporary-restore-failed)

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeSnapshotTierStatus + operationId: POST_DescribeSnapshotTierStatus + description: Describes the storage tier status of one or more Amazon EBS snapshots. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSnapshotTierStatusResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSnapshotTierStatusRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeSnapshots&Version=2016-11-15: + get: + x-aws-operation-name: DescribeSnapshots + operationId: GET_DescribeSnapshots + description: '

Describes the specified EBS snapshots available to you or all of the EBS snapshots available to you.

The snapshots available to you include public snapshots, private snapshots that you own, and private snapshots owned by other Amazon Web Services accounts for which you have explicit create volume permissions.

The create volume permissions fall into the following categories:

  • public: The owner of the snapshot granted create volume permissions for the snapshot to the all group. All Amazon Web Services accounts have create volume permissions for these snapshots.

  • explicit: The owner of the snapshot granted create volume permissions to a specific Amazon Web Services account.

  • implicit: An Amazon Web Services account has implicit create volume permissions for all snapshots it owns.

The list of snapshots returned can be filtered by specifying snapshot IDs, snapshot owners, or Amazon Web Services accounts with create volume permissions. If no options are specified, Amazon EC2 returns all snapshots for which you have create volume permissions.

If you specify one or more snapshot IDs, only snapshots that have the specified IDs are returned. If you specify an invalid snapshot ID, an error is returned. If you specify a snapshot ID for which you do not have access, it is not included in the returned results.

If you specify one or more snapshot owners using the OwnerIds option, only snapshots from the specified owners and for which you have access are returned. The results can include the Amazon Web Services account IDs of the specified owners, amazon for snapshots owned by Amazon, or self for snapshots that you own.

If you specify a list of restorable users, only snapshots with create snapshot permissions for those users are returned. You can specify Amazon Web Services account IDs (if you own the snapshots), self for snapshots for which you own or have explicit permissions, or all for public snapshots.

If you are describing a long list of snapshots, we recommend that you paginate the output to make the list more manageable. The MaxResults parameter sets the maximum number of results returned in a single page. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeSnapshots request to retrieve the remaining results.

To get the state of fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores.

For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSnapshotsResult' + parameters: + - name: Filter + in: query + required: false + description: '

The filters.

  • description - A description of the snapshot.

  • encrypted - Indicates whether the snapshot is encrypted (true | false)

  • owner-alias - The owner alias, from an Amazon-maintained list (amazon). This is not the user-configured Amazon Web Services account alias set using the IAM console. We recommend that you use the related parameter instead of this filter.

  • owner-id - The Amazon Web Services account ID of the owner. We recommend that you use the related parameter instead of this filter.

  • progress - The progress of the snapshot, as a percentage (for example, 80%).

  • snapshot-id - The snapshot ID.

  • start-time - The time stamp when the snapshot was initiated.

  • status - The status of the snapshot (pending | completed | error).

  • storage-tier - The storage tier of the snapshot (archive | standard).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • volume-id - The ID of the volume the snapshot is for.

  • volume-size - The size of the volume, in GiB.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of snapshot results returned by DescribeSnapshots in paginated output. When this parameter is used, DescribeSnapshots only returns MaxResults results in a single page along with a NextToken response element. The remaining results of the initial request can be seen by sending another DescribeSnapshots request with the returned NextToken value. This value can be between 5 and 1,000; if MaxResults is given a value larger than 1,000, only 1,000 results are returned. If this parameter is not used, then DescribeSnapshots returns all results. You cannot specify this parameter and the snapshot IDs parameter in the same request.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The NextToken value returned from a previous paginated DescribeSnapshots request where MaxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the NextToken value. This value is null when there are no more results to return. + schema: + type: string + - name: Owner + in: query + required: false + description: 'Scopes the results to snapshots with the specified owners. You can specify a combination of Amazon Web Services account IDs, self, and amazon.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: Owner + - name: RestorableBy + in: query + required: false + description: The IDs of the Amazon Web Services accounts that can create volumes from the snapshot. + schema: + type: array + items: + $ref: '#/components/schemas/String' + - name: SnapshotId + in: query + required: false + description: '

The snapshot IDs.

Default: Describes the snapshots for which you have create volume permissions.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SnapshotId' + - xml: + name: SnapshotId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeSnapshots + operationId: POST_DescribeSnapshots + description: '

Describes the specified EBS snapshots available to you or all of the EBS snapshots available to you.

The snapshots available to you include public snapshots, private snapshots that you own, and private snapshots owned by other Amazon Web Services accounts for which you have explicit create volume permissions.

The create volume permissions fall into the following categories:

  • public: The owner of the snapshot granted create volume permissions for the snapshot to the all group. All Amazon Web Services accounts have create volume permissions for these snapshots.

  • explicit: The owner of the snapshot granted create volume permissions to a specific Amazon Web Services account.

  • implicit: An Amazon Web Services account has implicit create volume permissions for all snapshots it owns.

The list of snapshots returned can be filtered by specifying snapshot IDs, snapshot owners, or Amazon Web Services accounts with create volume permissions. If no options are specified, Amazon EC2 returns all snapshots for which you have create volume permissions.

If you specify one or more snapshot IDs, only snapshots that have the specified IDs are returned. If you specify an invalid snapshot ID, an error is returned. If you specify a snapshot ID for which you do not have access, it is not included in the returned results.

If you specify one or more snapshot owners using the OwnerIds option, only snapshots from the specified owners and for which you have access are returned. The results can include the Amazon Web Services account IDs of the specified owners, amazon for snapshots owned by Amazon, or self for snapshots that you own.

If you specify a list of restorable users, only snapshots with create snapshot permissions for those users are returned. You can specify Amazon Web Services account IDs (if you own the snapshots), self for snapshots for which you own or have explicit permissions, or all for public snapshots.

If you are describing a long list of snapshots, we recommend that you paginate the output to make the list more manageable. The MaxResults parameter sets the maximum number of results returned in a single page. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeSnapshots request to retrieve the remaining results.

To get the state of fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores.

For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSnapshotsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSnapshotsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeSpotDatafeedSubscription&Version=2016-11-15: + get: + x-aws-operation-name: DescribeSpotDatafeedSubscription + operationId: GET_DescribeSpotDatafeedSubscription + description: 'Describes the data feed for Spot Instances. For more information, see Spot Instance data feed in the Amazon EC2 User Guide for Linux Instances.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotDatafeedSubscriptionResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeSpotDatafeedSubscription + operationId: POST_DescribeSpotDatafeedSubscription + description: 'Describes the data feed for Spot Instances. For more information, see Spot Instance data feed in the Amazon EC2 User Guide for Linux Instances.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotDatafeedSubscriptionResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotDatafeedSubscriptionRequest' + parameters: [] + /?Action=DescribeSpotFleetInstances&Version=2016-11-15: + get: + x-aws-operation-name: DescribeSpotFleetInstances + operationId: GET_DescribeSpotFleetInstances + description: Describes the running instances for the specified Spot Fleet. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotFleetInstancesResponse' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' + schema: + type: integer + minimum: 1 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next set of results. + schema: + type: string + - name: SpotFleetRequestId + in: query + required: true + description: The ID of the Spot Fleet request. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeSpotFleetInstances + operationId: POST_DescribeSpotFleetInstances + description: Describes the running instances for the specified Spot Fleet. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotFleetInstancesResponse' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotFleetInstancesRequest' + parameters: [] + /?Action=DescribeSpotFleetRequestHistory&Version=2016-11-15: + get: + x-aws-operation-name: DescribeSpotFleetRequestHistory + operationId: GET_DescribeSpotFleetRequestHistory + description: '

Describes the events for the specified Spot Fleet request during the specified time.

Spot Fleet events are delayed by up to 30 seconds before they can be described. This ensures that you can query by the last evaluated time and not miss a recorded event. Spot Fleet events are available for 48 hours.

For more information, see Monitor fleet events using Amazon EventBridge in the Amazon EC2 User Guide for Linux Instances.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotFleetRequestHistoryResponse' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: EventType + in: query + required: false + description: 'The type of events to describe. By default, all events are described.' + schema: + type: string + enum: + - instanceChange + - fleetRequestChange + - error + - information + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' + schema: + type: integer + minimum: 1 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next set of results. + schema: + type: string + - name: SpotFleetRequestId + in: query + required: true + description: The ID of the Spot Fleet request. + schema: + type: string + - name: StartTime + in: query + required: true + description: 'The starting date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + schema: + type: string + format: date-time + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeSpotFleetRequestHistory + operationId: POST_DescribeSpotFleetRequestHistory + description: '

Describes the events for the specified Spot Fleet request during the specified time.

Spot Fleet events are delayed by up to 30 seconds before they can be described. This ensures that you can query by the last evaluated time and not miss a recorded event. Spot Fleet events are available for 48 hours.

For more information, see Monitor fleet events using Amazon EventBridge in the Amazon EC2 User Guide for Linux Instances.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotFleetRequestHistoryResponse' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotFleetRequestHistoryRequest' + parameters: [] + /?Action=DescribeSpotFleetRequests&Version=2016-11-15: + get: + x-aws-operation-name: DescribeSpotFleetRequests + operationId: GET_DescribeSpotFleetRequests + description:

Describes your Spot Fleet requests.

Spot Fleet requests are deleted 48 hours after they are canceled and their instances are terminated.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotFleetRequestsResponse' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token for the next set of results. + schema: + type: string + - name: SpotFleetRequestId + in: query + required: false + description: The IDs of the Spot Fleet requests. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SpotFleetRequestId' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeSpotFleetRequests + operationId: POST_DescribeSpotFleetRequests + description:

Describes your Spot Fleet requests.

Spot Fleet requests are deleted 48 hours after they are canceled and their instances are terminated.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotFleetRequestsResponse' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotFleetRequestsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeSpotInstanceRequests&Version=2016-11-15: + get: + x-aws-operation-name: DescribeSpotInstanceRequests + operationId: GET_DescribeSpotInstanceRequests + description: '

Describes the specified Spot Instance requests.

You can use DescribeSpotInstanceRequests to find a running Spot Instance by examining the response. If the status of the Spot Instance is fulfilled, the instance ID appears in the response and contains the identifier of the instance. Alternatively, you can use DescribeInstances with a filter to look for instances where the instance lifecycle is spot.

We recommend that you set MaxResults to a value between 5 and 1000 to limit the number of results returned. This paginates the output, which makes the list more manageable and returns the results faster. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeSpotInstanceRequests request to retrieve the remaining results.

Spot Instance requests are deleted four hours after they are canceled and their instances are terminated.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotInstanceRequestsResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • availability-zone-group - The Availability Zone group.

  • create-time - The time stamp when the Spot Instance request was created.

  • fault-code - The fault code related to the request.

  • fault-message - The fault message related to the request.

  • instance-id - The ID of the instance that fulfilled the request.

  • launch-group - The Spot Instance launch group.

  • launch.block-device-mapping.delete-on-termination - Indicates whether the EBS volume is deleted on instance termination.

  • launch.block-device-mapping.device-name - The device name for the volume in the block device mapping (for example, /dev/sdh or xvdh).

  • launch.block-device-mapping.snapshot-id - The ID of the snapshot for the EBS volume.

  • launch.block-device-mapping.volume-size - The size of the EBS volume, in GiB.

  • launch.block-device-mapping.volume-type - The type of EBS volume: gp2 for General Purpose SSD, io1 or io2 for Provisioned IOPS SSD, st1 for Throughput Optimized HDD, sc1for Cold HDD, or standard for Magnetic.

  • launch.group-id - The ID of the security group for the instance.

  • launch.group-name - The name of the security group for the instance.

  • launch.image-id - The ID of the AMI.

  • launch.instance-type - The type of instance (for example, m3.medium).

  • launch.kernel-id - The kernel ID.

  • launch.key-name - The name of the key pair the instance launched with.

  • launch.monitoring-enabled - Whether detailed monitoring is enabled for the Spot Instance.

  • launch.ramdisk-id - The RAM disk ID.

  • launched-availability-zone - The Availability Zone in which the request is launched.

  • network-interface.addresses.primary - Indicates whether the IP address is the primary private IP address.

  • network-interface.delete-on-termination - Indicates whether the network interface is deleted when the instance is terminated.

  • network-interface.description - A description of the network interface.

  • network-interface.device-index - The index of the device for the network interface attachment on the instance.

  • network-interface.group-id - The ID of the security group associated with the network interface.

  • network-interface.network-interface-id - The ID of the network interface.

  • network-interface.private-ip-address - The primary private IP address of the network interface.

  • network-interface.subnet-id - The ID of the subnet for the instance.

  • product-description - The product description associated with the instance (Linux/UNIX | Windows).

  • spot-instance-request-id - The Spot Instance request ID.

  • spot-price - The maximum hourly price for any Spot Instance launched to fulfill the request.

  • state - The state of the Spot Instance request (open | active | closed | cancelled | failed). Spot request status information can help you track your Amazon EC2 Spot Instance requests. For more information, see Spot request status in the Amazon EC2 User Guide for Linux Instances.

  • status-code - The short code describing the most recent evaluation of your Spot Instance request.

  • status-message - The message explaining the status of the Spot Instance request.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • type - The type of Spot Instance request (one-time | persistent).

  • valid-from - The start date of the request.

  • valid-until - The end date of the request.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: SpotInstanceRequestId + in: query + required: false + description: One or more Spot Instance request IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SpotInstanceRequestId' + - xml: + name: SpotInstanceRequestId + - name: NextToken + in: query + required: false + description: The token to request the next set of results. This value is null when there are no more results to return. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. Specify a value between 5 and 1000. To retrieve the remaining results, make another call with the returned NextToken value.' + schema: + type: integer + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeSpotInstanceRequests + operationId: POST_DescribeSpotInstanceRequests + description: '

Describes the specified Spot Instance requests.

You can use DescribeSpotInstanceRequests to find a running Spot Instance by examining the response. If the status of the Spot Instance is fulfilled, the instance ID appears in the response and contains the identifier of the instance. Alternatively, you can use DescribeInstances with a filter to look for instances where the instance lifecycle is spot.

We recommend that you set MaxResults to a value between 5 and 1000 to limit the number of results returned. This paginates the output, which makes the list more manageable and returns the results faster. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeSpotInstanceRequests request to retrieve the remaining results.

Spot Instance requests are deleted four hours after they are canceled and their instances are terminated.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotInstanceRequestsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotInstanceRequestsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeSpotPriceHistory&Version=2016-11-15: + get: + x-aws-operation-name: DescribeSpotPriceHistory + operationId: GET_DescribeSpotPriceHistory + description: '

Describes the Spot price history. For more information, see Spot Instance pricing history in the Amazon EC2 User Guide for Linux Instances.

When you specify a start and end time, the operation returns the prices of the instance types within that time range. It also returns the last price change before the start time, which is the effective price as of the start time.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotPriceHistoryResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • availability-zone - The Availability Zone for which prices should be returned.

  • instance-type - The type of instance (for example, m3.medium).

  • product-description - The product description for the Spot price (Linux/UNIX | Red Hat Enterprise Linux | SUSE Linux | Windows | Linux/UNIX (Amazon VPC) | Red Hat Enterprise Linux (Amazon VPC) | SUSE Linux (Amazon VPC) | Windows (Amazon VPC)).

  • spot-price - The Spot price. The value must match exactly (or use wildcards; greater than or less than comparison is not supported).

  • timestamp - The time stamp of the Spot price history, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). You can use wildcards (* and ?). Greater than or less than comparison is not supported.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: AvailabilityZone + in: query + required: false + description: Filters the results by the specified Availability Zone. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: EndTime + in: query + required: false + description: 'The date and time, up to the current date, from which to stop retrieving the price history data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + schema: + type: string + format: date-time + - name: InstanceType + in: query + required: false + description: Filters the results by the specified instance types. + schema: + type: array + items: + $ref: '#/components/schemas/InstanceType' + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token for the next set of results. + schema: + type: string + - name: ProductDescription + in: query + required: false + description: Filters the results by the specified basic product descriptions. + schema: + type: array + items: + $ref: '#/components/schemas/String' + - name: StartTime + in: query + required: false + description: 'The date and time, up to the past 90 days, from which to start retrieving the price history data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + schema: + type: string + format: date-time + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeSpotPriceHistory + operationId: POST_DescribeSpotPriceHistory + description: '

Describes the Spot price history. For more information, see Spot Instance pricing history in the Amazon EC2 User Guide for Linux Instances.

When you specify a start and end time, the operation returns the prices of the instance types within that time range. It also returns the last price change before the start time, which is the effective price as of the start time.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotPriceHistoryResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSpotPriceHistoryRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeStaleSecurityGroups&Version=2016-11-15: + get: + x-aws-operation-name: DescribeStaleSecurityGroups + operationId: GET_DescribeStaleSecurityGroups + description: '[VPC only] Describes the stale security group rules for security groups in a specified VPC. Rules are stale when they reference a deleted security group in the same VPC or in a peer VPC, or if they reference a security group in a peer VPC for which the VPC peering connection has been deleted.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeStaleSecurityGroupsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: MaxResults + in: query + required: false + description: The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results. + schema: + type: integer + minimum: 5 + maximum: 255 + - name: NextToken + in: query + required: false + description: The token for the next set of items to return. (You received this token from a prior call.) + schema: + type: string + minLength: 1 + maxLength: 1024 + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeStaleSecurityGroups + operationId: POST_DescribeStaleSecurityGroups + description: '[VPC only] Describes the stale security group rules for security groups in a specified VPC. Rules are stale when they reference a deleted security group in the same VPC or in a peer VPC, or if they reference a security group in a peer VPC for which the VPC peering connection has been deleted.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeStaleSecurityGroupsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeStaleSecurityGroupsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeStoreImageTasks&Version=2016-11-15: + get: + x-aws-operation-name: DescribeStoreImageTasks + operationId: GET_DescribeStoreImageTasks + description: '

Describes the progress of the AMI store tasks. You can describe the store tasks for specified AMIs. If you don''t specify the AMIs, you get a paginated list of store tasks from the last 31 days.

For each AMI task, the response indicates if the task is InProgress, Completed, or Failed. For tasks InProgress, the response shows the estimated progress as a percentage.

Tasks are listed in reverse chronological order. Currently, only tasks from the past 31 days can be viewed.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeStoreImageTasksResult' + parameters: + - name: ImageId + in: query + required: false + description: The AMI IDs for which to show progress. Up to 20 AMI IDs can be included in a request. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImageId' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: '

The filters.

  • task-state - Returns tasks in a certain state (InProgress | Completed | Failed)

  • bucket - Returns task information for tasks that targeted a specific bucket. For the filter value, specify the bucket name.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 1 and 200. You cannot specify this parameter and the ImageIDs parameter in the same call.' + schema: + type: integer + minimum: 1 + maximum: 200 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeStoreImageTasks + operationId: POST_DescribeStoreImageTasks + description: '

Describes the progress of the AMI store tasks. You can describe the store tasks for specified AMIs. If you don''t specify the AMIs, you get a paginated list of store tasks from the last 31 days.

For each AMI task, the response indicates if the task is InProgress, Completed, or Failed. For tasks InProgress, the response shows the estimated progress as a percentage.

Tasks are listed in reverse chronological order. Currently, only tasks from the past 31 days can be viewed.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeStoreImageTasksResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeStoreImageTasksRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeSubnets&Version=2016-11-15: + get: + x-aws-operation-name: DescribeSubnets + operationId: GET_DescribeSubnets + description: '

Describes one or more of your subnets.

For more information, see Your VPC and subnets in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSubnetsResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • availability-zone - The Availability Zone for the subnet. You can also use availabilityZone as the filter name.

  • availability-zone-id - The ID of the Availability Zone for the subnet. You can also use availabilityZoneId as the filter name.

  • available-ip-address-count - The number of IPv4 addresses in the subnet that are available.

  • cidr-block - The IPv4 CIDR block of the subnet. The CIDR block you specify must exactly match the subnet''s CIDR block for information to be returned for the subnet. You can also use cidr or cidrBlock as the filter names.

  • default-for-az - Indicates whether this is the default subnet for the Availability Zone (true | false). You can also use defaultForAz as the filter name.

  • ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated with the subnet.

  • ipv6-cidr-block-association.association-id - An association ID for an IPv6 CIDR block associated with the subnet.

  • ipv6-cidr-block-association.state - The state of an IPv6 CIDR block associated with the subnet.

  • ipv6-native - Indicates whether this is an IPv6 only subnet (true | false).

  • outpost-arn - The Amazon Resource Name (ARN) of the Outpost.

  • owner-id - The ID of the Amazon Web Services account that owns the subnet.

  • state - The state of the subnet (pending | available).

  • subnet-arn - The Amazon Resource Name (ARN) of the subnet.

  • subnet-id - The ID of the subnet.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC for the subnet.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: SubnetId + in: query + required: false + description: '

One or more subnet IDs.

Default: Describes all your subnets.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SubnetId' + - xml: + name: SubnetId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeSubnets + operationId: POST_DescribeSubnets + description: '

Describes one or more of your subnets.

For more information, see Your VPC and subnets in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSubnetsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeSubnetsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeTags&Version=2016-11-15: + get: + x-aws-operation-name: DescribeTags + operationId: GET_DescribeTags + description: '

Describes the specified tags for your EC2 resources.

For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTagsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: '

The filters.

  • key - The tag key.

  • resource-id - The ID of the resource.

  • resource-type - The resource type (customer-gateway | dedicated-host | dhcp-options | elastic-ip | fleet | fpga-image | host-reservation | image | instance | internet-gateway | key-pair | launch-template | natgateway | network-acl | network-interface | placement-group | reserved-instances | route-table | security-group | snapshot | spot-instances-request | subnet | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-peering-connection | vpn-connection | vpn-gateway).

  • tag:<key> - The key/value combination of the tag. For example, specify "tag:Owner" for the filter name and "TeamA" for the filter value to find resources with the tag "Owner=TeamA".

  • value - The tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. This value can be between 5 and 1000. To retrieve the remaining results, make another call with the returned NextToken value.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeTags + operationId: POST_DescribeTags + description: '

Describes the specified tags for your EC2 resources.

For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTagsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTagsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeTrafficMirrorFilters&Version=2016-11-15: + get: + x-aws-operation-name: DescribeTrafficMirrorFilters + operationId: GET_DescribeTrafficMirrorFilters + description: Describes one or more Traffic Mirror filters. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTrafficMirrorFiltersResult' + parameters: + - name: TrafficMirrorFilterId + in: query + required: false + description: The ID of the Traffic Mirror filter. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrafficMirrorFilterId' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • description: The Traffic Mirror filter description.

  • traffic-mirror-filter-id: The ID of the Traffic Mirror filter.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeTrafficMirrorFilters + operationId: POST_DescribeTrafficMirrorFilters + description: Describes one or more Traffic Mirror filters. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTrafficMirrorFiltersResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTrafficMirrorFiltersRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeTrafficMirrorSessions&Version=2016-11-15: + get: + x-aws-operation-name: DescribeTrafficMirrorSessions + operationId: GET_DescribeTrafficMirrorSessions + description: 'Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror sessions are described. Alternatively, you can filter the results.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTrafficMirrorSessionsResult' + parameters: + - name: TrafficMirrorSessionId + in: query + required: false + description: The ID of the Traffic Mirror session. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrafficMirrorSessionId' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • description: The Traffic Mirror session description.

  • network-interface-id: The ID of the Traffic Mirror session network interface.

  • owner-id: The ID of the account that owns the Traffic Mirror session.

  • packet-length: The assigned number of packets to mirror.

  • session-number: The assigned session number.

  • traffic-mirror-filter-id: The ID of the Traffic Mirror filter.

  • traffic-mirror-session-id: The ID of the Traffic Mirror session.

  • traffic-mirror-target-id: The ID of the Traffic Mirror target.

  • virtual-network-id: The virtual network ID of the Traffic Mirror session.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeTrafficMirrorSessions + operationId: POST_DescribeTrafficMirrorSessions + description: 'Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror sessions are described. Alternatively, you can filter the results.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTrafficMirrorSessionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTrafficMirrorSessionsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeTrafficMirrorTargets&Version=2016-11-15: + get: + x-aws-operation-name: DescribeTrafficMirrorTargets + operationId: GET_DescribeTrafficMirrorTargets + description: Information about one or more Traffic Mirror targets. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTrafficMirrorTargetsResult' + parameters: + - name: TrafficMirrorTargetId + in: query + required: false + description: The ID of the Traffic Mirror targets. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrafficMirrorTargetId' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • description: The Traffic Mirror target description.

  • network-interface-id: The ID of the Traffic Mirror session network interface.

  • network-load-balancer-arn: The Amazon Resource Name (ARN) of the Network Load Balancer that is associated with the session.

  • owner-id: The ID of the account that owns the Traffic Mirror session.

  • traffic-mirror-target-id: The ID of the Traffic Mirror target.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeTrafficMirrorTargets + operationId: POST_DescribeTrafficMirrorTargets + description: Information about one or more Traffic Mirror targets. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTrafficMirrorTargetsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTrafficMirrorTargetsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeTransitGatewayAttachments&Version=2016-11-15: + get: + x-aws-operation-name: DescribeTransitGatewayAttachments + operationId: GET_DescribeTransitGatewayAttachments + description: 'Describes one or more attachments between resources and transit gateways. By default, all attachments are described. Alternatively, you can filter the results by attachment ID, attachment state, resource ID, or resource owner.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayAttachmentsResult' + parameters: + - name: TransitGatewayAttachmentIds + in: query + required: false + description: The IDs of the attachments. + schema: + type: array + items: + $ref: '#/components/schemas/TransitGatewayAttachmentId' + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • association.state - The state of the association (associating | associated | disassociating).

  • association.transit-gateway-route-table-id - The ID of the route table for the transit gateway.

  • resource-id - The ID of the resource.

  • resource-owner-id - The ID of the Amazon Web Services account that owns the resource.

  • resource-type - The resource type. Valid values are vpc | vpn | direct-connect-gateway | peering | connect.

  • state - The state of the attachment. Valid values are available | deleted | deleting | failed | failing | initiatingRequest | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting.

  • transit-gateway-attachment-id - The ID of the attachment.

  • transit-gateway-id - The ID of the transit gateway.

  • transit-gateway-owner-id - The ID of the Amazon Web Services account that owns the transit gateway.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeTransitGatewayAttachments + operationId: POST_DescribeTransitGatewayAttachments + description: 'Describes one or more attachments between resources and transit gateways. By default, all attachments are described. Alternatively, you can filter the results by attachment ID, attachment state, resource ID, or resource owner.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayAttachmentsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayAttachmentsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeTransitGatewayConnectPeers&Version=2016-11-15: + get: + x-aws-operation-name: DescribeTransitGatewayConnectPeers + operationId: GET_DescribeTransitGatewayConnectPeers + description: Describes one or more Connect peers. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayConnectPeersResult' + parameters: + - name: TransitGatewayConnectPeerIds + in: query + required: false + description: The IDs of the Connect peers. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayConnectPeerId' + - xml: + name: item + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • state - The state of the Connect peer (pending | available | deleting | deleted).

  • transit-gateway-attachment-id - The ID of the attachment.

  • transit-gateway-connect-peer-id - The ID of the Connect peer.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeTransitGatewayConnectPeers + operationId: POST_DescribeTransitGatewayConnectPeers + description: Describes one or more Connect peers. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayConnectPeersResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayConnectPeersRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeTransitGatewayConnects&Version=2016-11-15: + get: + x-aws-operation-name: DescribeTransitGatewayConnects + operationId: GET_DescribeTransitGatewayConnects + description: Describes one or more Connect attachments. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayConnectsResult' + parameters: + - name: TransitGatewayAttachmentIds + in: query + required: false + description: The IDs of the attachments. + schema: + type: array + items: + $ref: '#/components/schemas/TransitGatewayAttachmentId' + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • options.protocol - The tunnel protocol (gre).

  • state - The state of the attachment (initiating | initiatingRequest | pendingAcceptance | rollingBack | pending | available | modifying | deleting | deleted | failed | rejected | rejecting | failing).

  • transit-gateway-attachment-id - The ID of the Connect attachment.

  • transit-gateway-id - The ID of the transit gateway.

  • transport-transit-gateway-attachment-id - The ID of the transit gateway attachment from which the Connect attachment was created.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeTransitGatewayConnects + operationId: POST_DescribeTransitGatewayConnects + description: Describes one or more Connect attachments. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayConnectsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayConnectsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeTransitGatewayMulticastDomains&Version=2016-11-15: + get: + x-aws-operation-name: DescribeTransitGatewayMulticastDomains + operationId: GET_DescribeTransitGatewayMulticastDomains + description: Describes one or more transit gateway multicast domains. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayMulticastDomainsResult' + parameters: + - name: TransitGatewayMulticastDomainIds + in: query + required: false + description: The ID of the transit gateway multicast domain. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDomainId' + - xml: + name: item + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • state - The state of the transit gateway multicast domain. Valid values are pending | available | deleting | deleted.

  • transit-gateway-id - The ID of the transit gateway.

  • transit-gateway-multicast-domain-id - The ID of the transit gateway multicast domain.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeTransitGatewayMulticastDomains + operationId: POST_DescribeTransitGatewayMulticastDomains + description: Describes one or more transit gateway multicast domains. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayMulticastDomainsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayMulticastDomainsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeTransitGatewayPeeringAttachments&Version=2016-11-15: + get: + x-aws-operation-name: DescribeTransitGatewayPeeringAttachments + operationId: GET_DescribeTransitGatewayPeeringAttachments + description: Describes your transit gateway peering attachments. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayPeeringAttachmentsResult' + parameters: + - name: TransitGatewayAttachmentIds + in: query + required: false + description: One or more IDs of the transit gateway peering attachments. + schema: + type: array + items: + $ref: '#/components/schemas/TransitGatewayAttachmentId' + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • transit-gateway-attachment-id - The ID of the transit gateway attachment.

  • local-owner-id - The ID of your Amazon Web Services account.

  • remote-owner-id - The ID of the Amazon Web Services account in the remote Region that owns the transit gateway.

  • state - The state of the peering attachment. Valid values are available | deleted | deleting | failed | failing | initiatingRequest | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.

  • transit-gateway-id - The ID of the transit gateway.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeTransitGatewayPeeringAttachments + operationId: POST_DescribeTransitGatewayPeeringAttachments + description: Describes your transit gateway peering attachments. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayPeeringAttachmentsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayPeeringAttachmentsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeTransitGatewayRouteTables&Version=2016-11-15: + get: + x-aws-operation-name: DescribeTransitGatewayRouteTables + operationId: GET_DescribeTransitGatewayRouteTables + description: 'Describes one or more transit gateway route tables. By default, all transit gateway route tables are described. Alternatively, you can filter the results.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayRouteTablesResult' + parameters: + - name: TransitGatewayRouteTableIds + in: query + required: false + description: The IDs of the transit gateway route tables. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableId' + - xml: + name: item + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • default-association-route-table - Indicates whether this is the default association route table for the transit gateway (true | false).

  • default-propagation-route-table - Indicates whether this is the default propagation route table for the transit gateway (true | false).

  • state - The state of the route table (available | deleting | deleted | pending).

  • transit-gateway-id - The ID of the transit gateway.

  • transit-gateway-route-table-id - The ID of the transit gateway route table.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeTransitGatewayRouteTables + operationId: POST_DescribeTransitGatewayRouteTables + description: 'Describes one or more transit gateway route tables. By default, all transit gateway route tables are described. Alternatively, you can filter the results.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayRouteTablesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayRouteTablesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeTransitGatewayVpcAttachments&Version=2016-11-15: + get: + x-aws-operation-name: DescribeTransitGatewayVpcAttachments + operationId: GET_DescribeTransitGatewayVpcAttachments + description: 'Describes one or more VPC attachments. By default, all VPC attachments are described. Alternatively, you can filter the results.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayVpcAttachmentsResult' + parameters: + - name: TransitGatewayAttachmentIds + in: query + required: false + description: The IDs of the attachments. + schema: + type: array + items: + $ref: '#/components/schemas/TransitGatewayAttachmentId' + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • state - The state of the attachment. Valid values are available | deleted | deleting | failed | failing | initiatingRequest | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting.

  • transit-gateway-attachment-id - The ID of the attachment.

  • transit-gateway-id - The ID of the transit gateway.

  • vpc-id - The ID of the VPC.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeTransitGatewayVpcAttachments + operationId: POST_DescribeTransitGatewayVpcAttachments + description: 'Describes one or more VPC attachments. By default, all VPC attachments are described. Alternatively, you can filter the results.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayVpcAttachmentsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewayVpcAttachmentsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeTransitGateways&Version=2016-11-15: + get: + x-aws-operation-name: DescribeTransitGateways + operationId: GET_DescribeTransitGateways + description: 'Describes one or more transit gateways. By default, all transit gateways are described. Alternatively, you can filter the results.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewaysResult' + parameters: + - name: TransitGatewayIds + in: query + required: false + description: The IDs of the transit gateways. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayId' + - xml: + name: item + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • options.propagation-default-route-table-id - The ID of the default propagation route table.

  • options.amazon-side-asn - The private ASN for the Amazon side of a BGP session.

  • options.association-default-route-table-id - The ID of the default association route table.

  • options.auto-accept-shared-attachments - Indicates whether there is automatic acceptance of attachment requests (enable | disable).

  • options.default-route-table-association - Indicates whether resource attachments are automatically associated with the default association route table (enable | disable).

  • options.default-route-table-propagation - Indicates whether resource attachments automatically propagate routes to the default propagation route table (enable | disable).

  • options.dns-support - Indicates whether DNS support is enabled (enable | disable).

  • options.vpn-ecmp-support - Indicates whether Equal Cost Multipath Protocol support is enabled (enable | disable).

  • owner-id - The ID of the Amazon Web Services account that owns the transit gateway.

  • state - The state of the transit gateway (available | deleted | deleting | modifying | pending).

  • transit-gateway-id - The ID of the transit gateway.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeTransitGateways + operationId: POST_DescribeTransitGateways + description: 'Describes one or more transit gateways. By default, all transit gateways are described. Alternatively, you can filter the results.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewaysResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTransitGatewaysRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeTrunkInterfaceAssociations&Version=2016-11-15: + get: + x-aws-operation-name: DescribeTrunkInterfaceAssociations + operationId: GET_DescribeTrunkInterfaceAssociations + description: '

This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.

Describes one or more network interface trunk associations.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTrunkInterfaceAssociationsResult' + parameters: + - name: AssociationId + in: query + required: false + description: The IDs of the associations. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrunkInterfaceAssociationId' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description:

One or more filters.

  • gre-key - The ID of a trunk interface association.

  • interface-protocol - The interface protocol. Valid values are VLAN and GRE.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 255 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeTrunkInterfaceAssociations + operationId: POST_DescribeTrunkInterfaceAssociations + description: '

This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.

Describes one or more network interface trunk associations.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTrunkInterfaceAssociationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeTrunkInterfaceAssociationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeVolumeAttribute&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVolumeAttribute + operationId: GET_DescribeVolumeAttribute + description: '

Describes the specified attribute of the specified volume. You can specify only one attribute at a time.

For more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVolumeAttributeResult' + parameters: + - name: Attribute + in: query + required: true + description: The attribute of the volume. This parameter is required. + schema: + type: string + enum: + - autoEnableIO + - productCodes + - name: VolumeId + in: query + required: true + description: The ID of the volume. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVolumeAttribute + operationId: POST_DescribeVolumeAttribute + description: '

Describes the specified attribute of the specified volume. You can specify only one attribute at a time.

For more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVolumeAttributeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVolumeAttributeRequest' + parameters: [] + /?Action=DescribeVolumeStatus&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVolumeStatus + operationId: GET_DescribeVolumeStatus + description: '

Describes the status of the specified volumes. Volume status provides the result of the checks performed on your volumes to determine events that can impair the performance of your volumes. The performance of a volume can be affected if an issue occurs on the volume''s underlying host. If the volume''s underlying host experiences a power outage or system issue, after the system is restored, there could be data inconsistencies on the volume. Volume events notify you if this occurs. Volume actions notify you if any action needs to be taken in response to the event.

The DescribeVolumeStatus operation provides the following information about the specified volumes:

Status: Reflects the current status of the volume. The possible values are ok, impaired , warning, or insufficient-data. If all checks pass, the overall status of the volume is ok. If the check fails, the overall status is impaired. If the status is insufficient-data, then the checks might still be taking place on your volume at the time. We recommend that you retry the request. For more information about volume status, see Monitor the status of your volumes in the Amazon Elastic Compute Cloud User Guide.

Events: Reflect the cause of a volume status and might require you to take action. For example, if your volume returns an impaired status, then the volume event might be potential-data-inconsistency. This means that your volume has been affected by an issue with the underlying host, has all I/O operations disabled, and might have inconsistent data.

Actions: Reflect the actions you might have to take in response to an event. For example, if the status of the volume is impaired and the volume event shows potential-data-inconsistency, then the action shows enable-volume-io. This means that you may want to enable the I/O operations for the volume by calling the EnableVolumeIO action and then check the volume for data consistency.

Volume status is based on the volume status checks, and does not reflect the volume state. Therefore, volume status does not indicate volumes in the error state (for example, when a volume is incapable of accepting I/O.)

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVolumeStatusResult' + parameters: + - name: Filter + in: query + required: false + description: '

The filters.

  • action.code - The action code for the event (for example, enable-volume-io).

  • action.description - A description of the action.

  • action.event-id - The event ID associated with the action.

  • availability-zone - The Availability Zone of the instance.

  • event.description - A description of the event.

  • event.event-id - The event ID.

  • event.event-type - The event type (for io-enabled: passed | failed; for io-performance: io-performance:degraded | io-performance:severely-degraded | io-performance:stalled).

  • event.not-after - The latest end time for the event.

  • event.not-before - The earliest start time for the event.

  • volume-status.details-name - The cause for volume-status.status (io-enabled | io-performance).

  • volume-status.details-status - The status of volume-status.details-name (for io-enabled: passed | failed; for io-performance: normal | degraded | severely-degraded | stalled).

  • volume-status.status - The status of the volume (ok | impaired | warning | insufficient-data).

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of volume results returned by DescribeVolumeStatus in paginated output. When this parameter is used, the request only returns MaxResults results in a single page along with a NextToken response element. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. This value can be between 5 and 1,000; if MaxResults is given a value larger than 1,000, only 1,000 results are returned. If this parameter is not used, then DescribeVolumeStatus returns all results. You cannot specify this parameter and the volume IDs parameter in the same request.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: 'The NextToken value to include in a future DescribeVolumeStatus request. When the results of the request exceed MaxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.' + schema: + type: string + - name: VolumeId + in: query + required: false + description: '

The IDs of the volumes.

Default: Describes all your volumes.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VolumeId' + - xml: + name: VolumeId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVolumeStatus + operationId: POST_DescribeVolumeStatus + description: '

Describes the status of the specified volumes. Volume status provides the result of the checks performed on your volumes to determine events that can impair the performance of your volumes. The performance of a volume can be affected if an issue occurs on the volume''s underlying host. If the volume''s underlying host experiences a power outage or system issue, after the system is restored, there could be data inconsistencies on the volume. Volume events notify you if this occurs. Volume actions notify you if any action needs to be taken in response to the event.

The DescribeVolumeStatus operation provides the following information about the specified volumes:

Status: Reflects the current status of the volume. The possible values are ok, impaired , warning, or insufficient-data. If all checks pass, the overall status of the volume is ok. If the check fails, the overall status is impaired. If the status is insufficient-data, then the checks might still be taking place on your volume at the time. We recommend that you retry the request. For more information about volume status, see Monitor the status of your volumes in the Amazon Elastic Compute Cloud User Guide.

Events: Reflect the cause of a volume status and might require you to take action. For example, if your volume returns an impaired status, then the volume event might be potential-data-inconsistency. This means that your volume has been affected by an issue with the underlying host, has all I/O operations disabled, and might have inconsistent data.

Actions: Reflect the actions you might have to take in response to an event. For example, if the status of the volume is impaired and the volume event shows potential-data-inconsistency, then the action shows enable-volume-io. This means that you may want to enable the I/O operations for the volume by calling the EnableVolumeIO action and then check the volume for data consistency.

Volume status is based on the volume status checks, and does not reflect the volume state. Therefore, volume status does not indicate volumes in the error state (for example, when a volume is incapable of accepting I/O.)

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVolumeStatusResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVolumeStatusRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + '/?Action=DescribeVolumes&Version=2016-11-15': + get: + x-aws-operation-name: DescribeVolumes + operationId: GET_DescribeVolumes + description: '

Describes the specified EBS volumes or all of your EBS volumes.

If you are describing a long list of volumes, we recommend that you paginate the output to make the list more manageable. The MaxResults parameter sets the maximum number of results returned in a single page. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeVolumes request to retrieve the remaining results.

For more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVolumesResult' + parameters: + - name: Filter + in: query + required: false + description: '

The filters.

  • attachment.attach-time - The time stamp when the attachment initiated.

  • attachment.delete-on-termination - Whether the volume is deleted on instance termination.

  • attachment.device - The device name specified in the block device mapping (for example, /dev/sda1).

  • attachment.instance-id - The ID of the instance the volume is attached to.

  • attachment.status - The attachment state (attaching | attached | detaching).

  • availability-zone - The Availability Zone in which the volume was created.

  • create-time - The time stamp when the volume was created.

  • encrypted - Indicates whether the volume is encrypted (true | false)

  • multi-attach-enabled - Indicates whether the volume is enabled for Multi-Attach (true | false)

  • fast-restored - Indicates whether the volume was created from a snapshot that is enabled for fast snapshot restore (true | false).

  • size - The size of the volume, in GiB.

  • snapshot-id - The snapshot from which the volume was created.

  • status - The state of the volume (creating | available | in-use | deleting | deleted | error).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • volume-id - The volume ID.

  • volume-type - The Amazon EBS volume type (gp2 | gp3 | io1 | io2 | st1 | sc1| standard)

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: VolumeId + in: query + required: false + description: The volume IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VolumeId' + - xml: + name: VolumeId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: MaxResults + in: query + required: false + description: 'The maximum number of volume results returned by DescribeVolumes in paginated output. When this parameter is used, DescribeVolumes only returns MaxResults results in a single page along with a NextToken response element. The remaining results of the initial request can be seen by sending another DescribeVolumes request with the returned NextToken value. This value can be between 5 and 500; if MaxResults is given a value larger than 500, only 500 results are returned. If this parameter is not used, then DescribeVolumes returns all results. You cannot specify this parameter and the volume IDs parameter in the same request.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The NextToken value returned from a previous paginated DescribeVolumes request where MaxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the NextToken value. This value is null when there are no more results to return. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVolumes + operationId: POST_DescribeVolumes + description: '

Describes the specified EBS volumes or all of your EBS volumes.

If you are describing a long list of volumes, we recommend that you paginate the output to make the list more manageable. The MaxResults parameter sets the maximum number of results returned in a single page. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeVolumes request to retrieve the remaining results.

For more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVolumesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVolumesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeVolumesModifications&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVolumesModifications + operationId: GET_DescribeVolumesModifications + description: '

Describes the most recent volume modification request for the specified EBS volumes.

If a volume has never been modified, some information in the output will be null. If a volume has been modified more than once, the output includes only the most recent modification request.

You can also use CloudWatch Events to check the status of a modification to an EBS volume. For information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. For more information, see Monitor the progress of volume modifications in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVolumesModificationsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VolumeId + in: query + required: false + description: The IDs of the volumes. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VolumeId' + - xml: + name: VolumeId + - name: Filter + in: query + required: false + description: '

The filters.

  • modification-state - The current modification state (modifying | optimizing | completed | failed).

  • original-iops - The original IOPS rate of the volume.

  • original-size - The original size of the volume, in GiB.

  • original-volume-type - The original volume type of the volume (standard | io1 | io2 | gp2 | sc1 | st1).

  • originalMultiAttachEnabled - Indicates whether Multi-Attach support was enabled (true | false).

  • start-time - The modification start time.

  • target-iops - The target IOPS rate of the volume.

  • target-size - The target size of the volume, in GiB.

  • target-volume-type - The target volume type of the volume (standard | io1 | io2 | gp2 | sc1 | st1).

  • targetMultiAttachEnabled - Indicates whether Multi-Attach support is to be enabled (true | false).

  • volume-id - The ID of the volume.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: NextToken + in: query + required: false + description: The nextToken value returned by a previous paginated request. + schema: + type: string + - name: MaxResults + in: query + required: false + description: The maximum number of results (up to a limit of 500) to be returned in a paginated request. + schema: + type: integer + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVolumesModifications + operationId: POST_DescribeVolumesModifications + description: '

Describes the most recent volume modification request for the specified EBS volumes.

If a volume has never been modified, some information in the output will be null. If a volume has been modified more than once, the output includes only the most recent modification request.

You can also use CloudWatch Events to check the status of a modification to an EBS volume. For information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. For more information, see Monitor the progress of volume modifications in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVolumesModificationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVolumesModificationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeVpcAttribute&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVpcAttribute + operationId: GET_DescribeVpcAttribute + description: Describes the specified attribute of the specified VPC. You can specify only one attribute at a time. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcAttributeResult' + parameters: + - name: Attribute + in: query + required: true + description: The VPC attribute. + schema: + type: string + enum: + - enableDnsSupport + - enableDnsHostnames + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVpcAttribute + operationId: POST_DescribeVpcAttribute + description: Describes the specified attribute of the specified VPC. You can specify only one attribute at a time. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcAttributeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcAttributeRequest' + parameters: [] + /?Action=DescribeVpcClassicLink&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVpcClassicLink + operationId: GET_DescribeVpcClassicLink + description: Describes the ClassicLink status of one or more VPCs. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcClassicLinkResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • is-classic-link-enabled - Whether the VPC is enabled for ClassicLink (true | false).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcId + in: query + required: false + description: One or more VPCs for which you want to describe the ClassicLink status. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcId' + - xml: + name: VpcId + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVpcClassicLink + operationId: POST_DescribeVpcClassicLink + description: Describes the ClassicLink status of one or more VPCs. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcClassicLinkResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcClassicLinkRequest' + parameters: [] + /?Action=DescribeVpcClassicLinkDnsSupport&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVpcClassicLinkDnsSupport + operationId: GET_DescribeVpcClassicLinkDnsSupport + description: 'Describes the ClassicLink DNS support status of one or more VPCs. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it''s linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcClassicLinkDnsSupportResult' + parameters: + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 255 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + minLength: 1 + maxLength: 1024 + - name: VpcIds + in: query + required: false + description: One or more VPC IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcId' + - xml: + name: VpcId + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVpcClassicLinkDnsSupport + operationId: POST_DescribeVpcClassicLinkDnsSupport + description: 'Describes the ClassicLink DNS support status of one or more VPCs. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it''s linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcClassicLinkDnsSupportResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcClassicLinkDnsSupportRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeVpcEndpointConnectionNotifications&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVpcEndpointConnectionNotifications + operationId: GET_DescribeVpcEndpointConnectionNotifications + description: Describes the connection notifications for VPC endpoints and VPC endpoint services. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointConnectionNotificationsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ConnectionNotificationId + in: query + required: false + description: The ID of the notification. + schema: + type: string + - name: Filter + in: query + required: false + description:

One or more filters.

  • connection-notification-arn - The ARN of the SNS topic for the notification.

  • connection-notification-id - The ID of the notification.

  • connection-notification-state - The state of the notification (Enabled | Disabled).

  • connection-notification-type - The type of notification (Topic).

  • service-id - The ID of the endpoint service.

  • vpc-endpoint-id - The ID of the VPC endpoint.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another request with the returned NextToken value.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token to request the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVpcEndpointConnectionNotifications + operationId: POST_DescribeVpcEndpointConnectionNotifications + description: Describes the connection notifications for VPC endpoints and VPC endpoint services. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointConnectionNotificationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointConnectionNotificationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeVpcEndpointConnections&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVpcEndpointConnections + operationId: GET_DescribeVpcEndpointConnections + description: 'Describes the VPC endpoint connections to your VPC endpoint services, including any endpoints that are pending your acceptance.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointConnectionsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description:

One or more filters.

  • ip-address-type - The IP address type (ipv4 | ipv6).

  • service-id - The ID of the service.

  • vpc-endpoint-owner - The ID of the Amazon Web Services account ID that owns the endpoint.

  • vpc-endpoint-state - The state of the endpoint (pendingAcceptance | pending | available | deleting | deleted | rejected | failed).

  • vpc-endpoint-id - The ID of the endpoint.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return for the request in a single page. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. This value can be between 5 and 1,000; if MaxResults is given a value larger than 1,000, only 1,000 results are returned.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVpcEndpointConnections + operationId: POST_DescribeVpcEndpointConnections + description: 'Describes the VPC endpoint connections to your VPC endpoint services, including any endpoints that are pending your acceptance.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointConnectionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointConnectionsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeVpcEndpointServiceConfigurations&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVpcEndpointServiceConfigurations + operationId: GET_DescribeVpcEndpointServiceConfigurations + description: Describes the VPC endpoint service configurations in your account (your services). + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointServiceConfigurationsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ServiceId + in: query + required: false + description: The IDs of one or more services. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcEndpointServiceId' + - xml: + name: item + - name: Filter + in: query + required: false + description: '

One or more filters.

  • service-name - The name of the service.

  • service-id - The ID of the service.

  • service-state - The state of the service (Pending | Available | Deleting | Deleted | Failed).

  • supported-ip-address-types - The IP address type (ipv4 | ipv6).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return for the request in a single page. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. This value can be between 5 and 1,000; if MaxResults is given a value larger than 1,000, only 1,000 results are returned.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVpcEndpointServiceConfigurations + operationId: POST_DescribeVpcEndpointServiceConfigurations + description: Describes the VPC endpoint service configurations in your account (your services). + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointServiceConfigurationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointServiceConfigurationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeVpcEndpointServicePermissions&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVpcEndpointServicePermissions + operationId: GET_DescribeVpcEndpointServicePermissions + description: Describes the principals (service consumers) that are permitted to discover your VPC endpoint service. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointServicePermissionsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ServiceId + in: query + required: true + description: The ID of the service. + schema: + type: string + - name: Filter + in: query + required: false + description:

One or more filters.

  • principal - The ARN of the principal.

  • principal-type - The principal type (All | Service | OrganizationUnit | Account | User | Role).

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return for the request in a single page. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. This value can be between 5 and 1,000; if MaxResults is given a value larger than 1,000, only 1,000 results are returned.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token to retrieve the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVpcEndpointServicePermissions + operationId: POST_DescribeVpcEndpointServicePermissions + description: Describes the principals (service consumers) that are permitted to discover your VPC endpoint service. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointServicePermissionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointServicePermissionsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeVpcEndpointServices&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVpcEndpointServices + operationId: GET_DescribeVpcEndpointServices + description: '

Describes available services to which you can create a VPC endpoint.

When the service provider and the consumer have different accounts in multiple Availability Zones, and the consumer views the VPC endpoint service information, the response only includes the common Availability Zones. For example, when the service provider account uses us-east-1a and us-east-1c and the consumer uses us-east-1a and us-east-1b, the response includes the VPC endpoint services in the common Availability Zone, us-east-1a.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointServicesResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ServiceName + in: query + required: false + description: One or more service names. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: Filter + in: query + required: false + description: '

One or more filters.

  • service-name - The name of the service.

  • service-type - The type of service (Interface | Gateway).

  • supported-ip-address-types - The IP address type (ipv4 | ipv6).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: '

The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results.

Constraint: If the value is greater than 1,000, we return only 1,000 items.

' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token for the next set of items to return. (You received this token from a prior call.) + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVpcEndpointServices + operationId: POST_DescribeVpcEndpointServices + description: '

Describes available services to which you can create a VPC endpoint.

When the service provider and the consumer have different accounts in multiple Availability Zones, and the consumer views the VPC endpoint service information, the response only includes the common Availability Zones. For example, when the service provider account uses us-east-1a and us-east-1c and the consumer uses us-east-1a and us-east-1b, the response includes the VPC endpoint services in the common Availability Zone, us-east-1a.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointServicesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointServicesRequest' + parameters: [] + /?Action=DescribeVpcEndpoints&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVpcEndpoints + operationId: GET_DescribeVpcEndpoints + description: Describes one or more of your VPC endpoints. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcEndpointId + in: query + required: false + description: One or more endpoint IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcEndpointId' + - xml: + name: item + - name: Filter + in: query + required: false + description: '

One or more filters.

  • ip-address-type - The IP address type (ipv4 | ipv6).

  • service-name - The name of the service.

  • vpc-id - The ID of the VPC in which the endpoint resides.

  • vpc-endpoint-id - The ID of the endpoint.

  • vpc-endpoint-state - The state of the endpoint (pendingAcceptance | pending | available | deleting | deleted | rejected | failed).

  • vpc-endpoint-type - The type of VPC endpoint (Interface | Gateway | GatewayLoadBalancer).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: '

The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results.

Constraint: If the value is greater than 1,000, we return only 1,000 items.

' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token for the next set of items to return. (You received this token from a prior call.) + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVpcEndpoints + operationId: POST_DescribeVpcEndpoints + description: Describes one or more of your VPC endpoints. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcEndpointsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeVpcPeeringConnections&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVpcPeeringConnections + operationId: GET_DescribeVpcPeeringConnections + description: Describes one or more of your VPC peering connections. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcPeeringConnectionsResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • accepter-vpc-info.cidr-block - The IPv4 CIDR block of the accepter VPC.

  • accepter-vpc-info.owner-id - The ID of the Amazon Web Services account that owns the accepter VPC.

  • accepter-vpc-info.vpc-id - The ID of the accepter VPC.

  • expiration-time - The expiration date and time for the VPC peering connection.

  • requester-vpc-info.cidr-block - The IPv4 CIDR block of the requester''s VPC.

  • requester-vpc-info.owner-id - The ID of the Amazon Web Services account that owns the requester VPC.

  • requester-vpc-info.vpc-id - The ID of the requester VPC.

  • status-code - The status of the VPC peering connection (pending-acceptance | failed | expired | provisioning | active | deleting | deleted | rejected).

  • status-message - A message that provides more information about the status of the VPC peering connection, if applicable.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-peering-connection-id - The ID of the VPC peering connection.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcPeeringConnectionId + in: query + required: false + description: '

One or more VPC peering connection IDs.

Default: Describes all your VPC peering connections.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcPeeringConnectionId' + - xml: + name: item + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVpcPeeringConnections + operationId: POST_DescribeVpcPeeringConnections + description: Describes one or more of your VPC peering connections. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcPeeringConnectionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcPeeringConnectionsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeVpcs&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVpcs + operationId: GET_DescribeVpcs + description: Describes one or more of your VPCs. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcsResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • cidr - The primary IPv4 CIDR block of the VPC. The CIDR block you specify must exactly match the VPC''s CIDR block for information to be returned for the VPC. Must contain the slash followed by one or two digits (for example, /28).

  • cidr-block-association.cidr-block - An IPv4 CIDR block associated with the VPC.

  • cidr-block-association.association-id - The association ID for an IPv4 CIDR block associated with the VPC.

  • cidr-block-association.state - The state of an IPv4 CIDR block associated with the VPC.

  • dhcp-options-id - The ID of a set of DHCP options.

  • ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated with the VPC.

  • ipv6-cidr-block-association.ipv6-pool - The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated.

  • ipv6-cidr-block-association.association-id - The association ID for an IPv6 CIDR block associated with the VPC.

  • ipv6-cidr-block-association.state - The state of an IPv6 CIDR block associated with the VPC.

  • is-default - Indicates whether the VPC is the default VPC.

  • owner-id - The ID of the Amazon Web Services account that owns the VPC.

  • state - The state of the VPC (pending | available).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: VpcId + in: query + required: false + description: '

One or more VPC IDs.

Default: Describes all your VPCs.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcId' + - xml: + name: VpcId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVpcs + operationId: POST_DescribeVpcs + description: Describes one or more of your VPCs. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpcsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=DescribeVpnConnections&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVpnConnections + operationId: GET_DescribeVpnConnections + description: '

Describes one or more of your VPN connections.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpnConnectionsResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • customer-gateway-configuration - The configuration information for the customer gateway.

  • customer-gateway-id - The ID of a customer gateway associated with the VPN connection.

  • state - The state of the VPN connection (pending | available | deleting | deleted).

  • option.static-routes-only - Indicates whether the connection has static routes only. Used for devices that do not support Border Gateway Protocol (BGP).

  • route.destination-cidr-block - The destination CIDR block. This corresponds to the subnet used in a customer data center.

  • bgp-asn - The BGP Autonomous System Number (ASN) associated with a BGP device.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • type - The type of VPN connection. Currently the only supported type is ipsec.1.

  • vpn-connection-id - The ID of the VPN connection.

  • vpn-gateway-id - The ID of a virtual private gateway associated with the VPN connection.

  • transit-gateway-id - The ID of a transit gateway associated with the VPN connection.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: VpnConnectionId + in: query + required: false + description: '

One or more VPN connection IDs.

Default: Describes your VPN connections.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpnConnectionId' + - xml: + name: VpnConnectionId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVpnConnections + operationId: POST_DescribeVpnConnections + description: '

Describes one or more of your VPN connections.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpnConnectionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpnConnectionsRequest' + parameters: [] + /?Action=DescribeVpnGateways&Version=2016-11-15: + get: + x-aws-operation-name: DescribeVpnGateways + operationId: GET_DescribeVpnGateways + description: '

Describes one or more of your virtual private gateways.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpnGatewaysResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • amazon-side-asn - The Autonomous System Number (ASN) for the Amazon side of the gateway.

  • attachment.state - The current state of the attachment between the gateway and the VPC (attaching | attached | detaching | detached).

  • attachment.vpc-id - The ID of an attached VPC.

  • availability-zone - The Availability Zone for the virtual private gateway (if applicable).

  • state - The state of the virtual private gateway (pending | available | deleting | deleted).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • type - The type of virtual private gateway. Currently the only supported type is ipsec.1.

  • vpn-gateway-id - The ID of the virtual private gateway.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: VpnGatewayId + in: query + required: false + description: '

One or more virtual private gateway IDs.

Default: Describes all your virtual private gateways.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpnGatewayId' + - xml: + name: VpnGatewayId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DescribeVpnGateways + operationId: POST_DescribeVpnGateways + description: '

Describes one or more of your virtual private gateways.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpnGatewaysResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeVpnGatewaysRequest' + parameters: [] + /?Action=DetachClassicLinkVpc&Version=2016-11-15: + get: + x-aws-operation-name: DetachClassicLinkVpc + operationId: GET_DetachClassicLinkVpc + description: 'Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance has been unlinked, the VPC security groups are no longer associated with it. An instance is automatically unlinked from a VPC when it''s stopped.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DetachClassicLinkVpcResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceId + in: query + required: true + description: The ID of the instance to unlink from the VPC. + schema: + type: string + - name: VpcId + in: query + required: true + description: The ID of the VPC to which the instance is linked. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DetachClassicLinkVpc + operationId: POST_DetachClassicLinkVpc + description: 'Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance has been unlinked, the VPC security groups are no longer associated with it. An instance is automatically unlinked from a VPC when it''s stopped.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DetachClassicLinkVpcResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DetachClassicLinkVpcRequest' + parameters: [] + /?Action=DetachInternetGateway&Version=2016-11-15: + get: + x-aws-operation-name: DetachInternetGateway + operationId: GET_DetachInternetGateway + description: 'Detaches an internet gateway from a VPC, disabling connectivity between the internet and the VPC. The VPC must not contain any running instances with Elastic IP addresses or public IPv4 addresses.' + responses: + '200': + description: Success + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InternetGatewayId + in: query + required: true + description: The ID of the internet gateway. + schema: + type: string + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DetachInternetGateway + operationId: POST_DetachInternetGateway + description: 'Detaches an internet gateway from a VPC, disabling connectivity between the internet and the VPC. The VPC must not contain any running instances with Elastic IP addresses or public IPv4 addresses.' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DetachInternetGatewayRequest' + parameters: [] + /?Action=DetachNetworkInterface&Version=2016-11-15: + get: + x-aws-operation-name: DetachNetworkInterface + operationId: GET_DetachNetworkInterface + description: Detaches a network interface from an instance. + responses: + '200': + description: Success + parameters: + - name: AttachmentId + in: query + required: true + description: The ID of the attachment. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Force + in: query + required: false + description: '

Specifies whether to force a detachment.

  • Use the Force parameter only as a last resort to detach a network interface from a failed instance.

  • If you use the Force parameter to detach a network interface, you might not be able to attach a different network interface to the same index on the instance without first stopping and starting the instance.

  • If you force the detachment of a network interface, the instance metadata might not get updated. This means that the attributes associated with the detached network interface might still be visible. The instance metadata will get updated when you stop and start the instance.

' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DetachNetworkInterface + operationId: POST_DetachNetworkInterface + description: Detaches a network interface from an instance. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DetachNetworkInterfaceRequest' + parameters: [] + /?Action=DetachVolume&Version=2016-11-15: + get: + x-aws-operation-name: DetachVolume + operationId: GET_DetachVolume + description: '

Detaches an EBS volume from an instance. Make sure to unmount any file systems on the device within your operating system before detaching the volume. Failure to do so can result in the volume becoming stuck in the busy state while detaching. If this happens, detachment can be delayed indefinitely until you unmount the volume, force detachment, reboot the instance, or all three. If an EBS volume is the root device of an instance, it can''t be detached while the instance is running. To detach the root volume, stop the instance first.

When a volume with an Amazon Web Services Marketplace product code is detached from an instance, the product code is no longer associated with the instance.

For more information, see Detach an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/VolumeAttachment' + parameters: + - name: Device + in: query + required: false + description: The device name. + schema: + type: string + - name: Force + in: query + required: false + description: 'Forces detachment if the previous detachment attempt did not occur cleanly (for example, logging into an instance, unmounting the volume, and detaching normally). This option can lead to data loss or a corrupted file system. Use this option only as a last resort to detach a volume from a failed instance. The instance won''t have an opportunity to flush file system caches or file system metadata. If you use this option, you must perform file system check and repair procedures.' + schema: + type: boolean + - name: InstanceId + in: query + required: false + description: 'The ID of the instance. If you are detaching a Multi-Attach enabled volume, you must specify an instance ID.' + schema: + type: string + - name: VolumeId + in: query + required: true + description: The ID of the volume. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DetachVolume + operationId: POST_DetachVolume + description: '

Detaches an EBS volume from an instance. Make sure to unmount any file systems on the device within your operating system before detaching the volume. Failure to do so can result in the volume becoming stuck in the busy state while detaching. If this happens, detachment can be delayed indefinitely until you unmount the volume, force detachment, reboot the instance, or all three. If an EBS volume is the root device of an instance, it can''t be detached while the instance is running. To detach the root volume, stop the instance first.

When a volume with an Amazon Web Services Marketplace product code is detached from an instance, the product code is no longer associated with the instance.

For more information, see Detach an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/VolumeAttachment' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DetachVolumeRequest' + parameters: [] + /?Action=DetachVpnGateway&Version=2016-11-15: + get: + x-aws-operation-name: DetachVpnGateway + operationId: GET_DetachVpnGateway + description:

Detaches a virtual private gateway from a VPC. You do this if you're planning to turn off the VPC and not use it anymore. You can confirm a virtual private gateway has been completely detached from a VPC by describing the virtual private gateway (any attachments to the virtual private gateway are also described).

You must wait for the attachment's state to switch to detached before you can delete the VPC or attach a different VPC to the virtual private gateway.

+ responses: + '200': + description: Success + parameters: + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + - name: VpnGatewayId + in: query + required: true + description: The ID of the virtual private gateway. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DetachVpnGateway + operationId: POST_DetachVpnGateway + description:

Detaches a virtual private gateway from a VPC. You do this if you're planning to turn off the VPC and not use it anymore. You can confirm a virtual private gateway has been completely detached from a VPC by describing the virtual private gateway (any attachments to the virtual private gateway are also described).

You must wait for the attachment's state to switch to detached before you can delete the VPC or attach a different VPC to the virtual private gateway.

+ responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DetachVpnGatewayRequest' + parameters: [] + /?Action=DisableEbsEncryptionByDefault&Version=2016-11-15: + get: + x-aws-operation-name: DisableEbsEncryptionByDefault + operationId: GET_DisableEbsEncryptionByDefault + description: '

Disables EBS encryption by default for your account in the current Region.

After you disable encryption by default, you can still create encrypted volumes by enabling encryption when you create each volume.

Disabling encryption by default does not change the encryption status of your existing volumes.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableEbsEncryptionByDefaultResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisableEbsEncryptionByDefault + operationId: POST_DisableEbsEncryptionByDefault + description: '

Disables EBS encryption by default for your account in the current Region.

After you disable encryption by default, you can still create encrypted volumes by enabling encryption when you create each volume.

Disabling encryption by default does not change the encryption status of your existing volumes.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableEbsEncryptionByDefaultResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableEbsEncryptionByDefaultRequest' + parameters: [] + /?Action=DisableFastLaunch&Version=2016-11-15: + get: + x-aws-operation-name: DisableFastLaunch + operationId: GET_DisableFastLaunch + description: '

Discontinue faster launching for a Windows AMI, and clean up existing pre-provisioned snapshots. When you disable faster launching, the AMI uses the standard launch process for each instance. All pre-provisioned snapshots must be removed before you can enable faster launching again.

To change these settings, you must own the AMI.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableFastLaunchResult' + parameters: + - name: ImageId + in: query + required: true + description: 'The ID of the image for which you’re turning off faster launching, and removing pre-provisioned snapshots.' + schema: + type: string + - name: Force + in: query + required: false + description: Forces the image settings to turn off faster launching for your Windows AMI. This parameter overrides any errors that are encountered while cleaning up resources in your account. + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisableFastLaunch + operationId: POST_DisableFastLaunch + description: '

Discontinue faster launching for a Windows AMI, and clean up existing pre-provisioned snapshots. When you disable faster launching, the AMI uses the standard launch process for each instance. All pre-provisioned snapshots must be removed before you can enable faster launching again.

To change these settings, you must own the AMI.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableFastLaunchResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableFastLaunchRequest' + parameters: [] + /?Action=DisableFastSnapshotRestores&Version=2016-11-15: + get: + x-aws-operation-name: DisableFastSnapshotRestores + operationId: GET_DisableFastSnapshotRestores + description: Disables fast snapshot restores for the specified snapshots in the specified Availability Zones. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableFastSnapshotRestoresResult' + parameters: + - name: AvailabilityZone + in: query + required: true + description: 'One or more Availability Zones. For example, us-east-2a.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: AvailabilityZone + - name: SourceSnapshotId + in: query + required: true + description: 'The IDs of one or more snapshots. For example, snap-1234567890abcdef0.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SnapshotId' + - xml: + name: SnapshotId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisableFastSnapshotRestores + operationId: POST_DisableFastSnapshotRestores + description: Disables fast snapshot restores for the specified snapshots in the specified Availability Zones. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableFastSnapshotRestoresResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableFastSnapshotRestoresRequest' + parameters: [] + /?Action=DisableImageDeprecation&Version=2016-11-15: + get: + x-aws-operation-name: DisableImageDeprecation + operationId: GET_DisableImageDeprecation + description: '

Cancels the deprecation of the specified AMI.

For more information, see Deprecate an AMI in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableImageDeprecationResult' + parameters: + - name: ImageId + in: query + required: true + description: The ID of the AMI. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisableImageDeprecation + operationId: POST_DisableImageDeprecation + description: '

Cancels the deprecation of the specified AMI.

For more information, see Deprecate an AMI in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableImageDeprecationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableImageDeprecationRequest' + parameters: [] + /?Action=DisableIpamOrganizationAdminAccount&Version=2016-11-15: + get: + x-aws-operation-name: DisableIpamOrganizationAdminAccount + operationId: GET_DisableIpamOrganizationAdminAccount + description: 'Disable the IPAM account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableIpamOrganizationAdminAccountResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: DelegatedAdminAccountId + in: query + required: true + description: The Organizations member account ID that you want to disable as IPAM account. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisableIpamOrganizationAdminAccount + operationId: POST_DisableIpamOrganizationAdminAccount + description: 'Disable the IPAM account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableIpamOrganizationAdminAccountResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableIpamOrganizationAdminAccountRequest' + parameters: [] + /?Action=DisableSerialConsoleAccess&Version=2016-11-15: + get: + x-aws-operation-name: DisableSerialConsoleAccess + operationId: GET_DisableSerialConsoleAccess + description: 'Disables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableSerialConsoleAccessResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisableSerialConsoleAccess + operationId: POST_DisableSerialConsoleAccess + description: 'Disables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableSerialConsoleAccessResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableSerialConsoleAccessRequest' + parameters: [] + /?Action=DisableTransitGatewayRouteTablePropagation&Version=2016-11-15: + get: + x-aws-operation-name: DisableTransitGatewayRouteTablePropagation + operationId: GET_DisableTransitGatewayRouteTablePropagation + description: Disables the specified resource attachment from propagating routes to the specified propagation route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableTransitGatewayRouteTablePropagationResult' + parameters: + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the propagation route table. + schema: + type: string + - name: TransitGatewayAttachmentId + in: query + required: true + description: The ID of the attachment. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisableTransitGatewayRouteTablePropagation + operationId: POST_DisableTransitGatewayRouteTablePropagation + description: Disables the specified resource attachment from propagating routes to the specified propagation route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableTransitGatewayRouteTablePropagationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableTransitGatewayRouteTablePropagationRequest' + parameters: [] + /?Action=DisableVgwRoutePropagation&Version=2016-11-15: + get: + x-aws-operation-name: DisableVgwRoutePropagation + operationId: GET_DisableVgwRoutePropagation + description: Disables a virtual private gateway (VGW) from propagating routes to a specified route table of a VPC. + responses: + '200': + description: Success + parameters: + - name: GatewayId + in: query + required: true + description: The ID of the virtual private gateway. + schema: + type: string + - name: RouteTableId + in: query + required: true + description: The ID of the route table. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisableVgwRoutePropagation + operationId: POST_DisableVgwRoutePropagation + description: Disables a virtual private gateway (VGW) from propagating routes to a specified route table of a VPC. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableVgwRoutePropagationRequest' + parameters: [] + /?Action=DisableVpcClassicLink&Version=2016-11-15: + get: + x-aws-operation-name: DisableVpcClassicLink + operationId: GET_DisableVpcClassicLink + description: Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that has EC2-Classic instances linked to it. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableVpcClassicLinkResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisableVpcClassicLink + operationId: POST_DisableVpcClassicLink + description: Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that has EC2-Classic instances linked to it. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableVpcClassicLinkResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableVpcClassicLinkRequest' + parameters: [] + /?Action=DisableVpcClassicLinkDnsSupport&Version=2016-11-15: + get: + x-aws-operation-name: DisableVpcClassicLinkDnsSupport + operationId: GET_DisableVpcClassicLinkDnsSupport + description: '

Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve to public IP addresses when addressed between a linked EC2-Classic instance and instances in the VPC to which it''s linked. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.

You must specify a VPC ID in the request.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableVpcClassicLinkDnsSupportResult' + parameters: + - name: VpcId + in: query + required: false + description: The ID of the VPC. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisableVpcClassicLinkDnsSupport + operationId: POST_DisableVpcClassicLinkDnsSupport + description: '

Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve to public IP addresses when addressed between a linked EC2-Classic instance and instances in the VPC to which it''s linked. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.

You must specify a VPC ID in the request.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableVpcClassicLinkDnsSupportResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisableVpcClassicLinkDnsSupportRequest' + parameters: [] + /?Action=DisassociateAddress&Version=2016-11-15: + get: + x-aws-operation-name: DisassociateAddress + operationId: GET_DisassociateAddress + description: '

Disassociates an Elastic IP address from the instance or network interface it''s associated with.

An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn''t return an error.

' + responses: + '200': + description: Success + parameters: + - name: AssociationId + in: query + required: false + description: '[EC2-VPC] The association ID. Required for EC2-VPC.' + schema: + type: string + - name: PublicIp + in: query + required: false + description: '[EC2-Classic] The Elastic IP address. Required for EC2-Classic.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisassociateAddress + operationId: POST_DisassociateAddress + description: '

Disassociates an Elastic IP address from the instance or network interface it''s associated with.

An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn''t return an error.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateAddressRequest' + parameters: [] + /?Action=DisassociateClientVpnTargetNetwork&Version=2016-11-15: + get: + x-aws-operation-name: DisassociateClientVpnTargetNetwork + operationId: GET_DisassociateClientVpnTargetNetwork + description: '

Disassociates a target network from the specified Client VPN endpoint. When you disassociate the last target network from a Client VPN, the following happens:

  • The route that was automatically added for the VPC is deleted

  • All active client connections are terminated

  • New client connections are disallowed

  • The Client VPN endpoint''s status changes to pending-associate

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateClientVpnTargetNetworkResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint from which to disassociate the target network. + schema: + type: string + - name: AssociationId + in: query + required: true + description: The ID of the target network association. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisassociateClientVpnTargetNetwork + operationId: POST_DisassociateClientVpnTargetNetwork + description: '

Disassociates a target network from the specified Client VPN endpoint. When you disassociate the last target network from a Client VPN, the following happens:

  • The route that was automatically added for the VPC is deleted

  • All active client connections are terminated

  • New client connections are disallowed

  • The Client VPN endpoint''s status changes to pending-associate

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateClientVpnTargetNetworkResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateClientVpnTargetNetworkRequest' + parameters: [] + /?Action=DisassociateEnclaveCertificateIamRole&Version=2016-11-15: + get: + x-aws-operation-name: DisassociateEnclaveCertificateIamRole + operationId: GET_DisassociateEnclaveCertificateIamRole + description: 'Disassociates an IAM role from an Certificate Manager (ACM) certificate. Disassociating an IAM role from an ACM certificate removes the Amazon S3 object that contains the certificate, certificate chain, and encrypted private key from the Amazon S3 bucket. It also revokes the IAM role''s permission to use the KMS key used to encrypt the private key. This effectively revokes the role''s permission to use the certificate.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateEnclaveCertificateIamRoleResult' + parameters: + - name: CertificateArn + in: query + required: false + description: The ARN of the ACM certificate from which to disassociate the IAM role. + schema: + type: string + minLength: 1 + maxLength: 1283 + - name: RoleArn + in: query + required: false + description: The ARN of the IAM role to disassociate. + schema: + type: string + minLength: 1 + maxLength: 1283 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisassociateEnclaveCertificateIamRole + operationId: POST_DisassociateEnclaveCertificateIamRole + description: 'Disassociates an IAM role from an Certificate Manager (ACM) certificate. Disassociating an IAM role from an ACM certificate removes the Amazon S3 object that contains the certificate, certificate chain, and encrypted private key from the Amazon S3 bucket. It also revokes the IAM role''s permission to use the KMS key used to encrypt the private key. This effectively revokes the role''s permission to use the certificate.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateEnclaveCertificateIamRoleResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateEnclaveCertificateIamRoleRequest' + parameters: [] + /?Action=DisassociateIamInstanceProfile&Version=2016-11-15: + get: + x-aws-operation-name: DisassociateIamInstanceProfile + operationId: GET_DisassociateIamInstanceProfile + description:

Disassociates an IAM instance profile from a running or stopped instance.

Use DescribeIamInstanceProfileAssociations to get the association ID.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateIamInstanceProfileResult' + parameters: + - name: AssociationId + in: query + required: true + description: The ID of the IAM instance profile association. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisassociateIamInstanceProfile + operationId: POST_DisassociateIamInstanceProfile + description:

Disassociates an IAM instance profile from a running or stopped instance.

Use DescribeIamInstanceProfileAssociations to get the association ID.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateIamInstanceProfileResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateIamInstanceProfileRequest' + parameters: [] + /?Action=DisassociateInstanceEventWindow&Version=2016-11-15: + get: + x-aws-operation-name: DisassociateInstanceEventWindow + operationId: GET_DisassociateInstanceEventWindow + description: '

Disassociates one or more targets from an event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateInstanceEventWindowResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceEventWindowId + in: query + required: true + description: The ID of the event window. + schema: + type: string + - name: AssociationTarget + in: query + required: true + description: One or more targets to disassociate from the specified event window. + schema: + type: object + properties: + InstanceId: + allOf: + - $ref: '#/components/schemas/InstanceIdList' + - description: The IDs of the instances to disassociate from the event window. + InstanceTag: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The instance tags to disassociate from the event window. Any instances associated with the tags will be disassociated from the event window. + DedicatedHostId: + allOf: + - $ref: '#/components/schemas/DedicatedHostIdList' + - description: The IDs of the Dedicated Hosts to disassociate from the event window. + description: The targets to disassociate from the specified event window. + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisassociateInstanceEventWindow + operationId: POST_DisassociateInstanceEventWindow + description: '

Disassociates one or more targets from an event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateInstanceEventWindowResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateInstanceEventWindowRequest' + parameters: [] + /?Action=DisassociateRouteTable&Version=2016-11-15: + get: + x-aws-operation-name: DisassociateRouteTable + operationId: GET_DisassociateRouteTable + description: '

Disassociates a subnet or gateway from a route table.

After you perform this action, the subnet no longer uses the routes in the route table. Instead, it uses the routes in the VPC''s main route table. For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + parameters: + - name: AssociationId + in: query + required: true + description: The association ID representing the current association between the route table and subnet or gateway. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisassociateRouteTable + operationId: POST_DisassociateRouteTable + description: '

Disassociates a subnet or gateway from a route table.

After you perform this action, the subnet no longer uses the routes in the route table. Instead, it uses the routes in the VPC''s main route table. For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateRouteTableRequest' + parameters: [] + /?Action=DisassociateSubnetCidrBlock&Version=2016-11-15: + get: + x-aws-operation-name: DisassociateSubnetCidrBlock + operationId: GET_DisassociateSubnetCidrBlock + description: 'Disassociates a CIDR block from a subnet. Currently, you can disassociate an IPv6 CIDR block only. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateSubnetCidrBlockResult' + parameters: + - name: AssociationId + in: query + required: true + description: The association ID for the CIDR block. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisassociateSubnetCidrBlock + operationId: POST_DisassociateSubnetCidrBlock + description: 'Disassociates a CIDR block from a subnet. Currently, you can disassociate an IPv6 CIDR block only. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateSubnetCidrBlockResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateSubnetCidrBlockRequest' + parameters: [] + /?Action=DisassociateTransitGatewayMulticastDomain&Version=2016-11-15: + get: + x-aws-operation-name: DisassociateTransitGatewayMulticastDomain + operationId: GET_DisassociateTransitGatewayMulticastDomain + description: 'Disassociates the specified subnets from the transit gateway multicast domain. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateTransitGatewayMulticastDomainResult' + parameters: + - name: TransitGatewayMulticastDomainId + in: query + required: false + description: The ID of the transit gateway multicast domain. + schema: + type: string + - name: TransitGatewayAttachmentId + in: query + required: false + description: The ID of the attachment. + schema: + type: string + - name: SubnetIds + in: query + required: false + description: The IDs of the subnets; + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SubnetId' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisassociateTransitGatewayMulticastDomain + operationId: POST_DisassociateTransitGatewayMulticastDomain + description: 'Disassociates the specified subnets from the transit gateway multicast domain. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateTransitGatewayMulticastDomainResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateTransitGatewayMulticastDomainRequest' + parameters: [] + /?Action=DisassociateTransitGatewayRouteTable&Version=2016-11-15: + get: + x-aws-operation-name: DisassociateTransitGatewayRouteTable + operationId: GET_DisassociateTransitGatewayRouteTable + description: Disassociates a resource attachment from a transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateTransitGatewayRouteTableResult' + parameters: + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the transit gateway route table. + schema: + type: string + - name: TransitGatewayAttachmentId + in: query + required: true + description: The ID of the attachment. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisassociateTransitGatewayRouteTable + operationId: POST_DisassociateTransitGatewayRouteTable + description: Disassociates a resource attachment from a transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateTransitGatewayRouteTableResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateTransitGatewayRouteTableRequest' + parameters: [] + /?Action=DisassociateTrunkInterface&Version=2016-11-15: + get: + x-aws-operation-name: DisassociateTrunkInterface + operationId: GET_DisassociateTrunkInterface + description: '

This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.

Removes an association between a branch network interface with a trunk network interface.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateTrunkInterfaceResult' + parameters: + - name: AssociationId + in: query + required: true + description: The ID of the association + schema: + type: string + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisassociateTrunkInterface + operationId: POST_DisassociateTrunkInterface + description: '

This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.

Removes an association between a branch network interface with a trunk network interface.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateTrunkInterfaceResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateTrunkInterfaceRequest' + parameters: [] + /?Action=DisassociateVpcCidrBlock&Version=2016-11-15: + get: + x-aws-operation-name: DisassociateVpcCidrBlock + operationId: GET_DisassociateVpcCidrBlock + description: '

Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must specify its association ID. You can get the association ID by using DescribeVpcs. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.

You cannot disassociate the CIDR block with which you originally created the VPC (the primary CIDR block).

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateVpcCidrBlockResult' + parameters: + - name: AssociationId + in: query + required: true + description: The association ID for the CIDR block. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: DisassociateVpcCidrBlock + operationId: POST_DisassociateVpcCidrBlock + description: '

Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must specify its association ID. You can get the association ID by using DescribeVpcs. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.

You cannot disassociate the CIDR block with which you originally created the VPC (the primary CIDR block).

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateVpcCidrBlockResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DisassociateVpcCidrBlockRequest' + parameters: [] + /?Action=EnableEbsEncryptionByDefault&Version=2016-11-15: + get: + x-aws-operation-name: EnableEbsEncryptionByDefault + operationId: GET_EnableEbsEncryptionByDefault + description: '

Enables EBS encryption by default for your account in the current Region.

After you enable encryption by default, the EBS volumes that you create are always encrypted, either using the default KMS key or the KMS key that you specified when you created each volume. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

You can specify the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.

Enabling encryption by default has no effect on the encryption status of your existing volumes.

After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see Supported instance types.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableEbsEncryptionByDefaultResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: EnableEbsEncryptionByDefault + operationId: POST_EnableEbsEncryptionByDefault + description: '

Enables EBS encryption by default for your account in the current Region.

After you enable encryption by default, the EBS volumes that you create are always encrypted, either using the default KMS key or the KMS key that you specified when you created each volume. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

You can specify the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.

Enabling encryption by default has no effect on the encryption status of your existing volumes.

After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see Supported instance types.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableEbsEncryptionByDefaultResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableEbsEncryptionByDefaultRequest' + parameters: [] + /?Action=EnableFastLaunch&Version=2016-11-15: + get: + x-aws-operation-name: EnableFastLaunch + operationId: GET_EnableFastLaunch + description: '

When you enable faster launching for a Windows AMI, images are pre-provisioned, using snapshots to launch instances up to 65% faster. To create the optimized Windows image, Amazon EC2 launches an instance and runs through Sysprep steps, rebooting as required. Then it creates a set of reserved snapshots that are used for subsequent launches. The reserved snapshots are automatically replenished as they are used, depending on your settings for launch frequency.

To change these settings, you must own the AMI.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableFastLaunchResult' + parameters: + - name: ImageId + in: query + required: true + description: The ID of the image for which you’re enabling faster launching. + schema: + type: string + - name: ResourceType + in: query + required: false + description: 'The type of resource to use for pre-provisioning the Windows AMI for faster launching. Supported values include: snapshot, which is the default value.' + schema: + type: string + - name: SnapshotConfiguration + in: query + required: false + description: Configuration settings for creating and managing the snapshots that are used for pre-provisioning the Windows AMI for faster launching. The associated ResourceType must be snapshot. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of pre-provisioned snapshots to keep on hand for a fast-launch enabled Windows AMI. + description: Configuration settings for creating and managing pre-provisioned snapshots for a fast-launch enabled Windows AMI. + - name: LaunchTemplate + in: query + required: false + description: 'The launch template to use when launching Windows instances from pre-provisioned snapshots. Launch template parameters can include either the name or ID of the launch template, but not both.' + schema: + type: object + required: + - Version + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The version of the launch template to use for faster launching for a Windows AMI. + description: '

Request to create a launch template for a fast-launch enabled Windows AMI.

Note - You can specify either the LaunchTemplateName or the LaunchTemplateId, but not both.

' + - name: MaxParallelLaunches + in: query + required: false + description: 'The maximum number of parallel instances to launch for creating resources. Value must be 6 or greater. ' + schema: + type: integer + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: EnableFastLaunch + operationId: POST_EnableFastLaunch + description: '

When you enable faster launching for a Windows AMI, images are pre-provisioned, using snapshots to launch instances up to 65% faster. To create the optimized Windows image, Amazon EC2 launches an instance and runs through Sysprep steps, rebooting as required. Then it creates a set of reserved snapshots that are used for subsequent launches. The reserved snapshots are automatically replenished as they are used, depending on your settings for launch frequency.

To change these settings, you must own the AMI.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableFastLaunchResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableFastLaunchRequest' + parameters: [] + /?Action=EnableFastSnapshotRestores&Version=2016-11-15: + get: + x-aws-operation-name: EnableFastSnapshotRestores + operationId: GET_EnableFastSnapshotRestores + description: '

Enables fast snapshot restores for the specified snapshots in the specified Availability Zones.

You get the full benefit of fast snapshot restores after they enter the enabled state. To get the current state of fast snapshot restores, use DescribeFastSnapshotRestores. To disable fast snapshot restores, use DisableFastSnapshotRestores.

For more information, see Amazon EBS fast snapshot restore in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableFastSnapshotRestoresResult' + parameters: + - name: AvailabilityZone + in: query + required: true + description: 'One or more Availability Zones. For example, us-east-2a.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: AvailabilityZone + - name: SourceSnapshotId + in: query + required: true + description: 'The IDs of one or more snapshots. For example, snap-1234567890abcdef0. You can specify a snapshot that was shared with you from another Amazon Web Services account.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SnapshotId' + - xml: + name: SnapshotId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: EnableFastSnapshotRestores + operationId: POST_EnableFastSnapshotRestores + description: '

Enables fast snapshot restores for the specified snapshots in the specified Availability Zones.

You get the full benefit of fast snapshot restores after they enter the enabled state. To get the current state of fast snapshot restores, use DescribeFastSnapshotRestores. To disable fast snapshot restores, use DisableFastSnapshotRestores.

For more information, see Amazon EBS fast snapshot restore in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableFastSnapshotRestoresResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableFastSnapshotRestoresRequest' + parameters: [] + /?Action=EnableImageDeprecation&Version=2016-11-15: + get: + x-aws-operation-name: EnableImageDeprecation + operationId: GET_EnableImageDeprecation + description: '

Enables deprecation of the specified AMI at the specified date and time.

For more information, see Deprecate an AMI in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableImageDeprecationResult' + parameters: + - name: ImageId + in: query + required: true + description: The ID of the AMI. + schema: + type: string + - name: DeprecateAt + in: query + required: true + description: '

The date and time to deprecate the AMI, in UTC, in the following format: YYYY-MM-DDTHH:MM:SSZ. If you specify a value for seconds, Amazon EC2 rounds the seconds to the nearest minute.

You can’t specify a date in the past. The upper limit for DeprecateAt is 10 years from now.

' + schema: + type: string + format: date-time + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: EnableImageDeprecation + operationId: POST_EnableImageDeprecation + description: '

Enables deprecation of the specified AMI at the specified date and time.

For more information, see Deprecate an AMI in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableImageDeprecationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableImageDeprecationRequest' + parameters: [] + /?Action=EnableIpamOrganizationAdminAccount&Version=2016-11-15: + get: + x-aws-operation-name: EnableIpamOrganizationAdminAccount + operationId: GET_EnableIpamOrganizationAdminAccount + description: 'Enable an Organizations member account as the IPAM admin account. You cannot select the Organizations management account as the IPAM admin account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableIpamOrganizationAdminAccountResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: DelegatedAdminAccountId + in: query + required: true + description: The Organizations member account ID that you want to enable as the IPAM account. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: EnableIpamOrganizationAdminAccount + operationId: POST_EnableIpamOrganizationAdminAccount + description: 'Enable an Organizations member account as the IPAM admin account. You cannot select the Organizations management account as the IPAM admin account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableIpamOrganizationAdminAccountResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableIpamOrganizationAdminAccountRequest' + parameters: [] + /?Action=EnableSerialConsoleAccess&Version=2016-11-15: + get: + x-aws-operation-name: EnableSerialConsoleAccess + operationId: GET_EnableSerialConsoleAccess + description: 'Enables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableSerialConsoleAccessResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: EnableSerialConsoleAccess + operationId: POST_EnableSerialConsoleAccess + description: 'Enables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableSerialConsoleAccessResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableSerialConsoleAccessRequest' + parameters: [] + /?Action=EnableTransitGatewayRouteTablePropagation&Version=2016-11-15: + get: + x-aws-operation-name: EnableTransitGatewayRouteTablePropagation + operationId: GET_EnableTransitGatewayRouteTablePropagation + description: Enables the specified attachment to propagate routes to the specified propagation route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableTransitGatewayRouteTablePropagationResult' + parameters: + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the propagation route table. + schema: + type: string + - name: TransitGatewayAttachmentId + in: query + required: true + description: The ID of the attachment. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: EnableTransitGatewayRouteTablePropagation + operationId: POST_EnableTransitGatewayRouteTablePropagation + description: Enables the specified attachment to propagate routes to the specified propagation route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableTransitGatewayRouteTablePropagationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableTransitGatewayRouteTablePropagationRequest' + parameters: [] + /?Action=EnableVgwRoutePropagation&Version=2016-11-15: + get: + x-aws-operation-name: EnableVgwRoutePropagation + operationId: GET_EnableVgwRoutePropagation + description: Enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC. + responses: + '200': + description: Success + parameters: + - name: GatewayId + in: query + required: true + description: 'The ID of the virtual private gateway that is attached to a VPC. The virtual private gateway must be attached to the same VPC that the routing tables are associated with. ' + schema: + type: string + - name: RouteTableId + in: query + required: true + description: 'The ID of the route table. The routing table must be associated with the same VPC that the virtual private gateway is attached to. ' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: EnableVgwRoutePropagation + operationId: POST_EnableVgwRoutePropagation + description: Enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableVgwRoutePropagationRequest' + parameters: [] + /?Action=EnableVolumeIO&Version=2016-11-15: + get: + x-aws-operation-name: EnableVolumeIO + operationId: GET_EnableVolumeIO + description: Enables I/O operations for a volume that had I/O operations disabled because the data on the volume was potentially inconsistent. + responses: + '200': + description: Success + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VolumeId + in: query + required: true + description: The ID of the volume. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: EnableVolumeIO + operationId: POST_EnableVolumeIO + description: Enables I/O operations for a volume that had I/O operations disabled because the data on the volume was potentially inconsistent. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableVolumeIORequest' + parameters: [] + /?Action=EnableVpcClassicLink&Version=2016-11-15: + get: + x-aws-operation-name: EnableVpcClassicLink + operationId: GET_EnableVpcClassicLink + description: 'Enables a VPC for ClassicLink. You can then link EC2-Classic instances to your ClassicLink-enabled VPC to allow communication over private IP addresses. You cannot enable your VPC for ClassicLink if any of your VPC route tables have existing routes for address ranges within the 10.0.0.0/8 IP address range, excluding local routes for VPCs in the 10.0.0.0/16 and 10.1.0.0/16 IP address ranges. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableVpcClassicLinkResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: EnableVpcClassicLink + operationId: POST_EnableVpcClassicLink + description: 'Enables a VPC for ClassicLink. You can then link EC2-Classic instances to your ClassicLink-enabled VPC to allow communication over private IP addresses. You cannot enable your VPC for ClassicLink if any of your VPC route tables have existing routes for address ranges within the 10.0.0.0/8 IP address range, excluding local routes for VPCs in the 10.0.0.0/16 and 10.1.0.0/16 IP address ranges. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableVpcClassicLinkResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableVpcClassicLinkRequest' + parameters: [] + /?Action=EnableVpcClassicLinkDnsSupport&Version=2016-11-15: + get: + x-aws-operation-name: EnableVpcClassicLinkDnsSupport + operationId: GET_EnableVpcClassicLinkDnsSupport + description: '

Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it''s linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.

You must specify a VPC ID in the request.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableVpcClassicLinkDnsSupportResult' + parameters: + - name: VpcId + in: query + required: false + description: The ID of the VPC. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: EnableVpcClassicLinkDnsSupport + operationId: POST_EnableVpcClassicLinkDnsSupport + description: '

Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it''s linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.

You must specify a VPC ID in the request.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableVpcClassicLinkDnsSupportResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableVpcClassicLinkDnsSupportRequest' + parameters: [] + /?Action=ExportClientVpnClientCertificateRevocationList&Version=2016-11-15: + get: + x-aws-operation-name: ExportClientVpnClientCertificateRevocationList + operationId: GET_ExportClientVpnClientCertificateRevocationList + description: Downloads the client certificate revocation list for the specified Client VPN endpoint. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ExportClientVpnClientCertificateRevocationListResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ExportClientVpnClientCertificateRevocationList + operationId: POST_ExportClientVpnClientCertificateRevocationList + description: Downloads the client certificate revocation list for the specified Client VPN endpoint. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ExportClientVpnClientCertificateRevocationListResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ExportClientVpnClientCertificateRevocationListRequest' + parameters: [] + /?Action=ExportClientVpnClientConfiguration&Version=2016-11-15: + get: + x-aws-operation-name: ExportClientVpnClientConfiguration + operationId: GET_ExportClientVpnClientConfiguration + description: Downloads the contents of the Client VPN endpoint configuration file for the specified Client VPN endpoint. The Client VPN endpoint configuration file includes the Client VPN endpoint and certificate information clients need to establish a connection with the Client VPN endpoint. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ExportClientVpnClientConfigurationResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ExportClientVpnClientConfiguration + operationId: POST_ExportClientVpnClientConfiguration + description: Downloads the contents of the Client VPN endpoint configuration file for the specified Client VPN endpoint. The Client VPN endpoint configuration file includes the Client VPN endpoint and certificate information clients need to establish a connection with the Client VPN endpoint. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ExportClientVpnClientConfigurationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ExportClientVpnClientConfigurationRequest' + parameters: [] + /?Action=ExportImage&Version=2016-11-15: + get: + x-aws-operation-name: ExportImage + operationId: GET_ExportImage + description: 'Exports an Amazon Machine Image (AMI) to a VM file. For more information, see Exporting a VM directly from an Amazon Machine Image (AMI) in the VM Import/Export User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ExportImageResult' + parameters: + - name: ClientToken + in: query + required: false + description: Token to enable idempotency for export image requests. + schema: + type: string + - name: Description + in: query + required: false + description: A description of the image being exported. The maximum length is 255 characters. + schema: + type: string + - name: DiskImageFormat + in: query + required: true + description: The disk image format. + schema: + type: string + enum: + - VMDK + - RAW + - VHD + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ImageId + in: query + required: true + description: The ID of the image. + schema: + type: string + - name: S3ExportLocation + in: query + required: true + description: Information about the destination Amazon S3 bucket. The bucket must exist and grant WRITE and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com. + schema: + type: object + required: + - S3Bucket + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The prefix (logical hierarchy) in the bucket. + description: Describes the destination for an export image task. + - name: RoleName + in: query + required: false + description: 'The name of the role that grants VM Import/Export permission to export images to your Amazon S3 bucket. If this parameter is not specified, the default role is named ''vmimport''.' + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to apply to the export image task during creation. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ExportImage + operationId: POST_ExportImage + description: 'Exports an Amazon Machine Image (AMI) to a VM file. For more information, see Exporting a VM directly from an Amazon Machine Image (AMI) in the VM Import/Export User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ExportImageResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ExportImageRequest' + parameters: [] + /?Action=ExportTransitGatewayRoutes&Version=2016-11-15: + get: + x-aws-operation-name: ExportTransitGatewayRoutes + operationId: GET_ExportTransitGatewayRoutes + description: '

Exports routes from the specified transit gateway route table to the specified S3 bucket. By default, all routes are exported. Alternatively, you can filter by CIDR range.

The routes are saved to the specified bucket in a JSON file. For more information, see Export Route Tables to Amazon S3 in Transit Gateways.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ExportTransitGatewayRoutesResult' + parameters: + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the route table. + schema: + type: string + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • attachment.transit-gateway-attachment-id - The id of the transit gateway attachment.

  • attachment.resource-id - The resource id of the transit gateway attachment.

  • route-search.exact-match - The exact match of the specified filter.

  • route-search.longest-prefix-match - The longest prefix that matches the route.

  • route-search.subnet-of-match - The routes with a subnet that match the specified CIDR filter.

  • route-search.supernet-of-match - The routes with a CIDR that encompass the CIDR filter. For example, if you have 10.0.1.0/29 and 10.0.1.0/31 routes in your route table and you specify supernet-of-match as 10.0.1.0/30, then the result returns 10.0.1.0/29.

  • state - The state of the route (active | blackhole).

  • transit-gateway-route-destination-cidr-block - The CIDR range.

  • type - The type of route (propagated | static).

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: S3Bucket + in: query + required: true + description: The name of the S3 bucket. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ExportTransitGatewayRoutes + operationId: POST_ExportTransitGatewayRoutes + description: '

Exports routes from the specified transit gateway route table to the specified S3 bucket. By default, all routes are exported. Alternatively, you can filter by CIDR range.

The routes are saved to the specified bucket in a JSON file. For more information, see Export Route Tables to Amazon S3 in Transit Gateways.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ExportTransitGatewayRoutesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ExportTransitGatewayRoutesRequest' + parameters: [] + /?Action=GetAssociatedEnclaveCertificateIamRoles&Version=2016-11-15: + get: + x-aws-operation-name: GetAssociatedEnclaveCertificateIamRoles + operationId: GET_GetAssociatedEnclaveCertificateIamRoles + description: 'Returns the IAM roles that are associated with the specified ACM (ACM) certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored, and the ARN of the KMS key that''s used to encrypt the private key.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetAssociatedEnclaveCertificateIamRolesResult' + parameters: + - name: CertificateArn + in: query + required: false + description: 'The ARN of the ACM certificate for which to view the associated IAM roles, encryption keys, and Amazon S3 object information.' + schema: + type: string + minLength: 1 + maxLength: 1283 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetAssociatedEnclaveCertificateIamRoles + operationId: POST_GetAssociatedEnclaveCertificateIamRoles + description: 'Returns the IAM roles that are associated with the specified ACM (ACM) certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored, and the ARN of the KMS key that''s used to encrypt the private key.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetAssociatedEnclaveCertificateIamRolesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetAssociatedEnclaveCertificateIamRolesRequest' + parameters: [] + /?Action=GetAssociatedIpv6PoolCidrs&Version=2016-11-15: + get: + x-aws-operation-name: GetAssociatedIpv6PoolCidrs + operationId: GET_GetAssociatedIpv6PoolCidrs + description: Gets information about the IPv6 CIDR block associations for a specified IPv6 address pool. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetAssociatedIpv6PoolCidrsResult' + parameters: + - name: PoolId + in: query + required: true + description: The ID of the IPv6 address pool. + schema: + type: string + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 1 + maximum: 1000 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetAssociatedIpv6PoolCidrs + operationId: POST_GetAssociatedIpv6PoolCidrs + description: Gets information about the IPv6 CIDR block associations for a specified IPv6 address pool. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetAssociatedIpv6PoolCidrsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetAssociatedIpv6PoolCidrsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=GetCapacityReservationUsage&Version=2016-11-15: + get: + x-aws-operation-name: GetCapacityReservationUsage + operationId: GET_GetCapacityReservationUsage + description: 'Gets usage information about a Capacity Reservation. If the Capacity Reservation is shared, it shows usage information for the Capacity Reservation owner and each Amazon Web Services account that is currently using the shared capacity. If the Capacity Reservation is not shared, it shows only the Capacity Reservation owner''s usage.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetCapacityReservationUsageResult' + parameters: + - name: CapacityReservationId + in: query + required: true + description: The ID of the Capacity Reservation. + schema: + type: string + - name: NextToken + in: query + required: false + description: The token to use to retrieve the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: '

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.

Valid range: Minimum value of 1. Maximum value of 1000.

' + schema: + type: integer + minimum: 1 + maximum: 1000 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetCapacityReservationUsage + operationId: POST_GetCapacityReservationUsage + description: 'Gets usage information about a Capacity Reservation. If the Capacity Reservation is shared, it shows usage information for the Capacity Reservation owner and each Amazon Web Services account that is currently using the shared capacity. If the Capacity Reservation is not shared, it shows only the Capacity Reservation owner''s usage.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetCapacityReservationUsageResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetCapacityReservationUsageRequest' + parameters: [] + /?Action=GetCoipPoolUsage&Version=2016-11-15: + get: + x-aws-operation-name: GetCoipPoolUsage + operationId: GET_GetCoipPoolUsage + description: Describes the allocations from the specified customer-owned address pool. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetCoipPoolUsageResult' + parameters: + - name: PoolId + in: query + required: true + description: The ID of the address pool. + schema: + type: string + - name: Filter + in: query + required: false + description:

One or more filters.

  • coip-address-usage.allocation-id - The allocation ID of the address.

  • coip-address-usage.aws-account-id - The ID of the Amazon Web Services account that is using the customer-owned IP address.

  • coip-address-usage.aws-service - The Amazon Web Services service that is using the customer-owned IP address.

  • coip-address-usage.co-ip - The customer-owned IP address.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetCoipPoolUsage + operationId: POST_GetCoipPoolUsage + description: Describes the allocations from the specified customer-owned address pool. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetCoipPoolUsageResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetCoipPoolUsageRequest' + parameters: [] + /?Action=GetConsoleOutput&Version=2016-11-15: + get: + x-aws-operation-name: GetConsoleOutput + operationId: GET_GetConsoleOutput + description: '

Gets the console output for the specified instance. For Linux instances, the instance console output displays the exact console output that would normally be displayed on a physical monitor attached to a computer. For Windows instances, the instance console output includes the last three system event log errors.

By default, the console output returns buffered information that was posted shortly after an instance transition state (start, stop, reboot, or terminate). This information is available for at least one hour after the most recent post. Only the most recent 64 KB of console output is available.

You can optionally retrieve the latest serial console output at any time during the instance lifecycle. This option is supported on instance types that use the Nitro hypervisor.

For more information, see Instance console output in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetConsoleOutputResult' + parameters: + - name: InstanceId + in: query + required: true + description: The ID of the instance. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Latest + in: query + required: false + description: '

When enabled, retrieves the latest console output for the instance.

Default: disabled (false)

' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetConsoleOutput + operationId: POST_GetConsoleOutput + description: '

Gets the console output for the specified instance. For Linux instances, the instance console output displays the exact console output that would normally be displayed on a physical monitor attached to a computer. For Windows instances, the instance console output includes the last three system event log errors.

By default, the console output returns buffered information that was posted shortly after an instance transition state (start, stop, reboot, or terminate). This information is available for at least one hour after the most recent post. Only the most recent 64 KB of console output is available.

You can optionally retrieve the latest serial console output at any time during the instance lifecycle. This option is supported on instance types that use the Nitro hypervisor.

For more information, see Instance console output in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetConsoleOutputResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetConsoleOutputRequest' + parameters: [] + /?Action=GetConsoleScreenshot&Version=2016-11-15: + get: + x-aws-operation-name: GetConsoleScreenshot + operationId: GET_GetConsoleScreenshot + description:

Retrieve a JPG-format screenshot of a running instance to help with troubleshooting.

The returned content is Base64-encoded.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetConsoleScreenshotResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceId + in: query + required: true + description: The ID of the instance. + schema: + type: string + - name: WakeUp + in: query + required: false + description: 'When set to true, acts as keystroke input and wakes up an instance that''s in standby or "sleep" mode.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetConsoleScreenshot + operationId: POST_GetConsoleScreenshot + description:

Retrieve a JPG-format screenshot of a running instance to help with troubleshooting.

The returned content is Base64-encoded.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetConsoleScreenshotResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetConsoleScreenshotRequest' + parameters: [] + /?Action=GetDefaultCreditSpecification&Version=2016-11-15: + get: + x-aws-operation-name: GetDefaultCreditSpecification + operationId: GET_GetDefaultCreditSpecification + description: '

Describes the default credit option for CPU usage of a burstable performance instance family.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetDefaultCreditSpecificationResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceFamily + in: query + required: true + description: The instance family. + schema: + type: string + enum: + - t2 + - t3 + - t3a + - t4g + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetDefaultCreditSpecification + operationId: POST_GetDefaultCreditSpecification + description: '

Describes the default credit option for CPU usage of a burstable performance instance family.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetDefaultCreditSpecificationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetDefaultCreditSpecificationRequest' + parameters: [] + /?Action=GetEbsDefaultKmsKeyId&Version=2016-11-15: + get: + x-aws-operation-name: GetEbsDefaultKmsKeyId + operationId: GET_GetEbsDefaultKmsKeyId + description: '

Describes the default KMS key for EBS encryption by default for your account in this Region. You can change the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetEbsDefaultKmsKeyIdResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetEbsDefaultKmsKeyId + operationId: POST_GetEbsDefaultKmsKeyId + description: '

Describes the default KMS key for EBS encryption by default for your account in this Region. You can change the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetEbsDefaultKmsKeyIdResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetEbsDefaultKmsKeyIdRequest' + parameters: [] + /?Action=GetEbsEncryptionByDefault&Version=2016-11-15: + get: + x-aws-operation-name: GetEbsEncryptionByDefault + operationId: GET_GetEbsEncryptionByDefault + description: '

Describes whether EBS encryption by default is enabled for your account in the current Region.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetEbsEncryptionByDefaultResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetEbsEncryptionByDefault + operationId: POST_GetEbsEncryptionByDefault + description: '

Describes whether EBS encryption by default is enabled for your account in the current Region.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetEbsEncryptionByDefaultResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetEbsEncryptionByDefaultRequest' + parameters: [] + /?Action=GetFlowLogsIntegrationTemplate&Version=2016-11-15: + get: + x-aws-operation-name: GetFlowLogsIntegrationTemplate + operationId: GET_GetFlowLogsIntegrationTemplate + description: '

Generates a CloudFormation template that streamlines and automates the integration of VPC flow logs with Amazon Athena. This make it easier for you to query and gain insights from VPC flow logs data. Based on the information that you provide, we configure resources in the template to do the following:

  • Create a table in Athena that maps fields to a custom log format

  • Create a Lambda function that updates the table with new partitions on a daily, weekly, or monthly basis

  • Create a table partitioned between two timestamps in the past

  • Create a set of named queries in Athena that you can use to get started quickly

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetFlowLogsIntegrationTemplateResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: FlowLogId + in: query + required: true + description: The ID of the flow log. + schema: + type: string + - name: ConfigDeliveryS3DestinationArn + in: query + required: true + description: 'To store the CloudFormation template in Amazon S3, specify the location in Amazon S3.' + schema: + type: string + - name: IntegrateService + in: query + required: true + description: Information about the service integration. + schema: + type: object + properties: + AthenaIntegration: + allOf: + - $ref: '#/components/schemas/AthenaIntegrationsSet' + - description: Information about the integration with Amazon Athena. + description: Describes service integrations with VPC Flow logs. + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetFlowLogsIntegrationTemplate + operationId: POST_GetFlowLogsIntegrationTemplate + description: '

Generates a CloudFormation template that streamlines and automates the integration of VPC flow logs with Amazon Athena. This make it easier for you to query and gain insights from VPC flow logs data. Based on the information that you provide, we configure resources in the template to do the following:

  • Create a table in Athena that maps fields to a custom log format

  • Create a Lambda function that updates the table with new partitions on a daily, weekly, or monthly basis

  • Create a table partitioned between two timestamps in the past

  • Create a set of named queries in Athena that you can use to get started quickly

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetFlowLogsIntegrationTemplateResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetFlowLogsIntegrationTemplateRequest' + parameters: [] + /?Action=GetGroupsForCapacityReservation&Version=2016-11-15: + get: + x-aws-operation-name: GetGroupsForCapacityReservation + operationId: GET_GetGroupsForCapacityReservation + description: Lists the resource groups to which a Capacity Reservation has been added. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetGroupsForCapacityReservationResult' + parameters: + - name: CapacityReservationId + in: query + required: true + description: The ID of the Capacity Reservation. + schema: + type: string + - name: NextToken + in: query + required: false + description: The token to use to retrieve the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.' + schema: + type: integer + minimum: 1 + maximum: 1000 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetGroupsForCapacityReservation + operationId: POST_GetGroupsForCapacityReservation + description: Lists the resource groups to which a Capacity Reservation has been added. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetGroupsForCapacityReservationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetGroupsForCapacityReservationRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=GetHostReservationPurchasePreview&Version=2016-11-15: + get: + x-aws-operation-name: GetHostReservationPurchasePreview + operationId: GET_GetHostReservationPurchasePreview + description:

Preview a reservation purchase with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation.

This is a preview of the PurchaseHostReservation action and does not result in the offering being purchased.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetHostReservationPurchasePreviewResult' + parameters: + - name: HostIdSet + in: query + required: true + description: The IDs of the Dedicated Hosts with which the reservation is associated. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/DedicatedHostId' + - xml: + name: item + - name: OfferingId + in: query + required: true + description: The offering ID of the reservation. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetHostReservationPurchasePreview + operationId: POST_GetHostReservationPurchasePreview + description:

Preview a reservation purchase with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation.

This is a preview of the PurchaseHostReservation action and does not result in the offering being purchased.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetHostReservationPurchasePreviewResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetHostReservationPurchasePreviewRequest' + parameters: [] + /?Action=GetInstanceTypesFromInstanceRequirements&Version=2016-11-15: + get: + x-aws-operation-name: GetInstanceTypesFromInstanceRequirements + operationId: GET_GetInstanceTypesFromInstanceRequirements + description: '

Returns a list of instance types with the specified instance attributes. You can use the response to preview the instance types without launching instances. Note that the response does not consider capacity.

When you specify multiple parameters, you get instance types that satisfy all of the specified parameters. If you specify multiple values for a parameter, you get instance types that satisfy any of the specified values.

For more information, see Preview instance types with specified attributes, Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide, and Creating an Auto Scaling group using attribute-based instance type selection in the Amazon EC2 Auto Scaling User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetInstanceTypesFromInstanceRequirementsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ArchitectureType + in: query + required: true + description: The processor architecture type. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ArchitectureType' + - xml: + name: item + minItems: 0 + maxItems: 3 + - name: VirtualizationType + in: query + required: true + description: The virtualization type. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VirtualizationType' + - xml: + name: item + minItems: 0 + maxItems: 2 + - name: InstanceRequirements + in: query + required: true + description: The attributes required for the instance types. + schema: + type: object + required: + - VCpuCount + - MemoryMiB + properties: + undefined: + allOf: + - $ref: '#/components/schemas/MemoryMiBRequest' + - description: 'The minimum and maximum amount of memory, in MiB.' + CpuManufacturer: + allOf: + - $ref: '#/components/schemas/MemoryGiBPerVCpuRequest' + - description: '

The minimum and maximum amount of memory per vCPU, in GiB.

Default: No minimum or maximum limits

' + ExcludedInstanceType: + allOf: + - $ref: '#/components/schemas/ExcludedInstanceTypeSet' + - description: '

The instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (*), to exclude an instance family, type, size, or generation. The following are examples: m5.8xlarge, c5*.*, m5a.*, r*, *3*.

For example, if you specify c5*,Amazon EC2 will exclude the entire C5 instance family, which includes all C5a and C5n instance types. If you specify m5a.*, Amazon EC2 will exclude all the M5a instance types, but not the M5n instance types.

Default: No excluded instance types

' + InstanceGeneration: + allOf: + - $ref: '#/components/schemas/LocalStorage' + - description: '

Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, Amazon EC2 instance store in the Amazon EC2 User Guide.

  • To include instance types with instance store volumes, specify included.

  • To require only instance types with instance store volumes, specify required.

  • To exclude instance types with instance store volumes, specify excluded.

Default: included

' + LocalStorageType: + allOf: + - $ref: '#/components/schemas/BaselineEbsBandwidthMbpsRequest' + - description: '

The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.

Default: No minimum or maximum limits

' + AcceleratorType: + allOf: + - $ref: '#/components/schemas/AcceleratorCountRequest' + - description: '

The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an instance.

To exclude accelerator-enabled instance types, set Max to 0.

Default: No minimum or maximum limits

' + AcceleratorManufacturer: + allOf: + - $ref: '#/components/schemas/AcceleratorManufacturerSet' + - description: '

Indicates whether instance types must have accelerators by specific manufacturers.

  • For instance types with NVIDIA devices, specify nvidia.

  • For instance types with AMD devices, specify amd.

  • For instance types with Amazon Web Services devices, specify amazon-web-services.

  • For instance types with Xilinx devices, specify xilinx.

Default: Any manufacturer

' + AcceleratorName: + allOf: + - $ref: '#/components/schemas/AcceleratorTotalMemoryMiBRequest' + - description: '

The minimum and maximum amount of total accelerator memory, in MiB.

Default: No minimum or maximum limits

' + description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.

When you specify multiple parameters, you get instance types that satisfy all of the specified parameters. If you specify multiple values for a parameter, you get instance types that satisfy any of the specified values.

You must specify VCpuCount and MemoryMiB. All other parameters are optional. Any unspecified optional parameter is set to its default.

For more information, see Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide.

' + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. Specify a value between 1 and
 1000. The default value is 1000. To retrieve the remaining results, make another call with
 the returned NextToken value.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token for the next set of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetInstanceTypesFromInstanceRequirements + operationId: POST_GetInstanceTypesFromInstanceRequirements + description: '

Returns a list of instance types with the specified instance attributes. You can use the response to preview the instance types without launching instances. Note that the response does not consider capacity.

When you specify multiple parameters, you get instance types that satisfy all of the specified parameters. If you specify multiple values for a parameter, you get instance types that satisfy any of the specified values.

For more information, see Preview instance types with specified attributes, Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide, and Creating an Auto Scaling group using attribute-based instance type selection in the Amazon EC2 Auto Scaling User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetInstanceTypesFromInstanceRequirementsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetInstanceTypesFromInstanceRequirementsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=GetInstanceUefiData&Version=2016-11-15: + get: + x-aws-operation-name: GetInstanceUefiData + operationId: GET_GetInstanceUefiData + description: '

A binary representation of the UEFI variable store. Only non-volatile variables are stored. This is a base64 encoded and zlib compressed binary value that must be properly encoded.

When you use register-image to create an AMI, you can create an exact copy of your variable store by passing the UEFI data in the UefiData parameter. You can modify the UEFI data by using the python-uefivars tool on GitHub. You can use the tool to convert the UEFI data into a human-readable format (JSON), which you can inspect and modify, and then convert back into the binary format to use with register-image.

For more information, see UEFI Secure Boot in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetInstanceUefiDataResult' + parameters: + - name: InstanceId + in: query + required: true + description: The ID of the instance from which to retrieve the UEFI data. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetInstanceUefiData + operationId: POST_GetInstanceUefiData + description: '

A binary representation of the UEFI variable store. Only non-volatile variables are stored. This is a base64 encoded and zlib compressed binary value that must be properly encoded.

When you use register-image to create an AMI, you can create an exact copy of your variable store by passing the UEFI data in the UefiData parameter. You can modify the UEFI data by using the python-uefivars tool on GitHub. You can use the tool to convert the UEFI data into a human-readable format (JSON), which you can inspect and modify, and then convert back into the binary format to use with register-image.

For more information, see UEFI Secure Boot in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetInstanceUefiDataResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetInstanceUefiDataRequest' + parameters: [] + /?Action=GetIpamAddressHistory&Version=2016-11-15: + get: + x-aws-operation-name: GetIpamAddressHistory + operationId: GET_GetIpamAddressHistory + description: 'Retrieve historical information about a CIDR within an IPAM scope. For more information, see View the history of IP addresses in the Amazon VPC IPAM User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetIpamAddressHistoryResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Cidr + in: query + required: true + description: 'The CIDR you want the history of. The CIDR can be an IPv4 or IPv6 IP address range. If you enter a /16 IPv4 CIDR, you will get records that match it exactly. You will not get records for any subnets within the /16 CIDR.' + schema: + type: string + - name: IpamScopeId + in: query + required: true + description: The ID of the IPAM scope that the CIDR is in. + schema: + type: string + - name: VpcId + in: query + required: false + description: The ID of the VPC you want your history records filtered by. + schema: + type: string + - name: StartTime + in: query + required: false + description: 'The start of the time period for which you are looking for history. If you omit this option, it will default to the value of EndTime.' + schema: + type: string + format: date-time + - name: EndTime + in: query + required: false + description: 'The end of the time period for which you are looking for history. If you omit this option, it will default to the current time.' + schema: + type: string + format: date-time + - name: MaxResults + in: query + required: false + description: The maximum number of historical results you would like returned per page. Defaults to 100. + schema: + type: integer + minimum: 1 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetIpamAddressHistory + operationId: POST_GetIpamAddressHistory + description: 'Retrieve historical information about a CIDR within an IPAM scope. For more information, see View the history of IP addresses in the Amazon VPC IPAM User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetIpamAddressHistoryResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetIpamAddressHistoryRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=GetIpamPoolAllocations&Version=2016-11-15: + get: + x-aws-operation-name: GetIpamPoolAllocations + operationId: GET_GetIpamPoolAllocations + description: Get a list of all the CIDR allocations in an IPAM pool. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetIpamPoolAllocationsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IpamPoolId + in: query + required: true + description: The ID of the IPAM pool you want to see the allocations for. + schema: + type: string + - name: IpamPoolAllocationId + in: query + required: false + description: The ID of the allocation. + schema: + type: string + - name: Filter + in: query + required: false + description: 'One or more filters for the request. For more information about filtering, see Filtering CLI output.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: The maximum number of results you would like returned per page. + schema: + type: integer + minimum: 1000 + maximum: 100000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetIpamPoolAllocations + operationId: POST_GetIpamPoolAllocations + description: Get a list of all the CIDR allocations in an IPAM pool. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetIpamPoolAllocationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetIpamPoolAllocationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=GetIpamPoolCidrs&Version=2016-11-15: + get: + x-aws-operation-name: GetIpamPoolCidrs + operationId: GET_GetIpamPoolCidrs + description: Get the CIDRs provisioned to an IPAM pool. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetIpamPoolCidrsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IpamPoolId + in: query + required: true + description: The ID of the IPAM pool you want the CIDR for. + schema: + type: string + - name: Filter + in: query + required: false + description: 'One or more filters for the request. For more information about filtering, see Filtering CLI output.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: The maximum number of results to return in the request. + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetIpamPoolCidrs + operationId: POST_GetIpamPoolCidrs + description: Get the CIDRs provisioned to an IPAM pool. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetIpamPoolCidrsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetIpamPoolCidrsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=GetIpamResourceCidrs&Version=2016-11-15: + get: + x-aws-operation-name: GetIpamResourceCidrs + operationId: GET_GetIpamResourceCidrs + description: Get information about the resources in a scope. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetIpamResourceCidrsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Filter + in: query + required: false + description: 'One or more filters for the request. For more information about filtering, see Filtering CLI output.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: The maximum number of results to return in the request. + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: IpamScopeId + in: query + required: true + description: The ID of the scope that the resource is in. + schema: + type: string + - name: IpamPoolId + in: query + required: false + description: The ID of the IPAM pool that the resource is in. + schema: + type: string + - name: ResourceId + in: query + required: false + description: The ID of the resource. + schema: + type: string + - name: ResourceType + in: query + required: false + description: The resource type. + schema: + type: string + enum: + - vpc + - subnet + - eip + - public-ipv4-pool + - ipv6-pool + - name: ResourceTag + in: query + required: false + description: '' + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The value for the tag. + description: A tag on an IPAM resource. + - name: ResourceOwner + in: query + required: false + description: The ID of the Amazon Web Services account that owns the resource. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetIpamResourceCidrs + operationId: POST_GetIpamResourceCidrs + description: Get information about the resources in a scope. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetIpamResourceCidrsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetIpamResourceCidrsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=GetLaunchTemplateData&Version=2016-11-15: + get: + x-aws-operation-name: GetLaunchTemplateData + operationId: GET_GetLaunchTemplateData + description: '

Retrieves the configuration data of the specified instance. You can use this data to create a launch template.

This action calls on other describe actions to get instance information. Depending on your instance configuration, you may need to allow the following actions in your IAM policy: DescribeSpotInstanceRequests, DescribeInstanceCreditSpecifications, DescribeVolumes, DescribeInstanceAttribute, and DescribeElasticGpus. Or, you can allow describe* depending on your instance requirements.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetLaunchTemplateDataResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceId + in: query + required: true + description: The ID of the instance. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetLaunchTemplateData + operationId: POST_GetLaunchTemplateData + description: '

Retrieves the configuration data of the specified instance. You can use this data to create a launch template.

This action calls on other describe actions to get instance information. Depending on your instance configuration, you may need to allow the following actions in your IAM policy: DescribeSpotInstanceRequests, DescribeInstanceCreditSpecifications, DescribeVolumes, DescribeInstanceAttribute, and DescribeElasticGpus. Or, you can allow describe* depending on your instance requirements.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetLaunchTemplateDataResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetLaunchTemplateDataRequest' + parameters: [] + /?Action=GetManagedPrefixListAssociations&Version=2016-11-15: + get: + x-aws-operation-name: GetManagedPrefixListAssociations + operationId: GET_GetManagedPrefixListAssociations + description: Gets information about the resources that are associated with the specified managed prefix list. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetManagedPrefixListAssociationsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: PrefixListId + in: query + required: true + description: The ID of the prefix list. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 255 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetManagedPrefixListAssociations + operationId: POST_GetManagedPrefixListAssociations + description: Gets information about the resources that are associated with the specified managed prefix list. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetManagedPrefixListAssociationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetManagedPrefixListAssociationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=GetManagedPrefixListEntries&Version=2016-11-15: + get: + x-aws-operation-name: GetManagedPrefixListEntries + operationId: GET_GetManagedPrefixListEntries + description: Gets information about the entries for a specified managed prefix list. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetManagedPrefixListEntriesResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: PrefixListId + in: query + required: true + description: The ID of the prefix list. + schema: + type: string + - name: TargetVersion + in: query + required: false + description: The version of the prefix list for which to return the entries. The default is the current version. + schema: + type: integer + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 1 + maximum: 100 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetManagedPrefixListEntries + operationId: POST_GetManagedPrefixListEntries + description: Gets information about the entries for a specified managed prefix list. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetManagedPrefixListEntriesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetManagedPrefixListEntriesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=GetNetworkInsightsAccessScopeAnalysisFindings&Version=2016-11-15: + get: + x-aws-operation-name: GetNetworkInsightsAccessScopeAnalysisFindings + operationId: GET_GetNetworkInsightsAccessScopeAnalysisFindings + description: Gets the findings for the specified Network Access Scope analysis. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetNetworkInsightsAccessScopeAnalysisFindingsResult' + parameters: + - name: NetworkInsightsAccessScopeAnalysisId + in: query + required: true + description: The ID of the Network Access Scope analysis. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 1 + maximum: 100 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetNetworkInsightsAccessScopeAnalysisFindings + operationId: POST_GetNetworkInsightsAccessScopeAnalysisFindings + description: Gets the findings for the specified Network Access Scope analysis. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetNetworkInsightsAccessScopeAnalysisFindingsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetNetworkInsightsAccessScopeAnalysisFindingsRequest' + parameters: [] + /?Action=GetNetworkInsightsAccessScopeContent&Version=2016-11-15: + get: + x-aws-operation-name: GetNetworkInsightsAccessScopeContent + operationId: GET_GetNetworkInsightsAccessScopeContent + description: Gets the content for the specified Network Access Scope. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetNetworkInsightsAccessScopeContentResult' + parameters: + - name: NetworkInsightsAccessScopeId + in: query + required: true + description: The ID of the Network Access Scope. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetNetworkInsightsAccessScopeContent + operationId: POST_GetNetworkInsightsAccessScopeContent + description: Gets the content for the specified Network Access Scope. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetNetworkInsightsAccessScopeContentResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetNetworkInsightsAccessScopeContentRequest' + parameters: [] + /?Action=GetPasswordData&Version=2016-11-15: + get: + x-aws-operation-name: GetPasswordData + operationId: GET_GetPasswordData + description: '

Retrieves the encrypted administrator password for a running Windows instance.

The Windows password is generated at boot by the EC2Config service or EC2Launch scripts (Windows Server 2016 and later). This usually only happens the first time an instance is launched. For more information, see EC2Config and EC2Launch in the Amazon EC2 User Guide.

For the EC2Config service, the password is not generated for rebundled AMIs unless Ec2SetPassword is enabled before bundling.

The password is encrypted using the key pair that you specified when you launched the instance. You must provide the corresponding key pair file.

When you launch an instance, password generation and encryption may take a few minutes. If you try to retrieve the password before it''s available, the output returns an empty string. We recommend that you wait up to 15 minutes after launching an instance before trying to retrieve the generated password.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetPasswordDataResult' + parameters: + - name: InstanceId + in: query + required: true + description: The ID of the Windows instance. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetPasswordData + operationId: POST_GetPasswordData + description: '

Retrieves the encrypted administrator password for a running Windows instance.

The Windows password is generated at boot by the EC2Config service or EC2Launch scripts (Windows Server 2016 and later). This usually only happens the first time an instance is launched. For more information, see EC2Config and EC2Launch in the Amazon EC2 User Guide.

For the EC2Config service, the password is not generated for rebundled AMIs unless Ec2SetPassword is enabled before bundling.

The password is encrypted using the key pair that you specified when you launched the instance. You must provide the corresponding key pair file.

When you launch an instance, password generation and encryption may take a few minutes. If you try to retrieve the password before it''s available, the output returns an empty string. We recommend that you wait up to 15 minutes after launching an instance before trying to retrieve the generated password.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetPasswordDataResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetPasswordDataRequest' + parameters: [] + /?Action=GetReservedInstancesExchangeQuote&Version=2016-11-15: + get: + x-aws-operation-name: GetReservedInstancesExchangeQuote + operationId: GET_GetReservedInstancesExchangeQuote + description: 'Returns a quote and exchange information for exchanging one or more specified Convertible Reserved Instances for a new Convertible Reserved Instance. If the exchange cannot be performed, the reason is returned in the response. Use AcceptReservedInstancesExchangeQuote to perform the exchange.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetReservedInstancesExchangeQuoteResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ReservedInstanceId + in: query + required: true + description: The IDs of the Convertible Reserved Instances to exchange. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservationId' + - xml: + name: ReservedInstanceId + - name: TargetConfiguration + in: query + required: false + description: The configuration of the target Convertible Reserved Instance to exchange for your current Convertible Reserved Instances. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TargetConfigurationRequest' + - xml: + name: TargetConfigurationRequest + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetReservedInstancesExchangeQuote + operationId: POST_GetReservedInstancesExchangeQuote + description: 'Returns a quote and exchange information for exchanging one or more specified Convertible Reserved Instances for a new Convertible Reserved Instance. If the exchange cannot be performed, the reason is returned in the response. Use AcceptReservedInstancesExchangeQuote to perform the exchange.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetReservedInstancesExchangeQuoteResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetReservedInstancesExchangeQuoteRequest' + parameters: [] + /?Action=GetSerialConsoleAccessStatus&Version=2016-11-15: + get: + x-aws-operation-name: GetSerialConsoleAccessStatus + operationId: GET_GetSerialConsoleAccessStatus + description: 'Retrieves the access status of your account to the EC2 serial console of all instances. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetSerialConsoleAccessStatusResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetSerialConsoleAccessStatus + operationId: POST_GetSerialConsoleAccessStatus + description: 'Retrieves the access status of your account to the EC2 serial console of all instances. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetSerialConsoleAccessStatusResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetSerialConsoleAccessStatusRequest' + parameters: [] + /?Action=GetSpotPlacementScores&Version=2016-11-15: + get: + x-aws-operation-name: GetSpotPlacementScores + operationId: GET_GetSpotPlacementScores + description: '

Calculates the Spot placement score for a Region or Availability Zone based on the specified target capacity and compute requirements.

You can specify your compute requirements either by using InstanceRequirementsWithMetadata and letting Amazon EC2 choose the optimal instance types to fulfill your Spot request, or you can specify the instance types by using InstanceTypes.

For more information, see Spot placement score in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetSpotPlacementScoresResult' + parameters: + - name: InstanceType + in: query + required: false + description: '

The instance types. We recommend that you specify at least three instance types. If you specify one or two instance types, or specify variations of a single instance type (for example, an m3.xlarge with and without instance storage), the returned placement score will always be low.

If you specify InstanceTypes, you can''t specify InstanceRequirementsWithMetadata.

' + schema: + type: array + items: + $ref: '#/components/schemas/String' + minItems: 0 + maxItems: 1000 + - name: TargetCapacity + in: query + required: true + description: The target capacity. + schema: + type: integer + minimum: 1 + maximum: 2000000000 + - name: TargetCapacityUnitType + in: query + required: false + description: '

The unit for the target capacity.

Default: units (translates to number of instances)

' + schema: + type: string + enum: + - vcpu + - memory-mib + - units + - name: SingleAvailabilityZone + in: query + required: false + description: '

Specify true so that the response returns a list of scored Availability Zones. Otherwise, the response returns a list of scored Regions.

A list of scored Availability Zones is useful if you want to launch all of your Spot capacity into a single Availability Zone.

' + schema: + type: boolean + - name: RegionName + in: query + required: false + description: 'The Regions used to narrow down the list of Regions to be scored. Enter the Region code, for example, us-east-1.' + schema: + type: array + items: + $ref: '#/components/schemas/String' + minItems: 0 + maxItems: 10 + - name: InstanceRequirementsWithMetadata + in: query + required: false + description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.

If you specify InstanceRequirementsWithMetadata, you can''t specify InstanceTypes.

' + schema: + type: object + properties: + ArchitectureType: + allOf: + - $ref: '#/components/schemas/ArchitectureTypeSet' + - description: The architecture type. + VirtualizationType: + allOf: + - $ref: '#/components/schemas/InstanceRequirementsRequest' + - description: 'The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.' + description: '

The architecture type, virtualization type, and other attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.

If you specify InstanceRequirementsWithMetadataRequest, you can''t specify InstanceTypes.

' + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return in a single call. Specify a value between 1 and
 1000. The default value is 1000. To retrieve the remaining results, make another call with
 the returned NextToken value.' + schema: + type: integer + minimum: 10 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next set of results. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetSpotPlacementScores + operationId: POST_GetSpotPlacementScores + description: '

Calculates the Spot placement score for a Region or Availability Zone based on the specified target capacity and compute requirements.

You can specify your compute requirements either by using InstanceRequirementsWithMetadata and letting Amazon EC2 choose the optimal instance types to fulfill your Spot request, or you can specify the instance types by using InstanceTypes.

For more information, see Spot placement score in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetSpotPlacementScoresResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetSpotPlacementScoresRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=GetSubnetCidrReservations&Version=2016-11-15: + get: + x-aws-operation-name: GetSubnetCidrReservations + operationId: GET_GetSubnetCidrReservations + description: Gets information about the subnet CIDR reservations. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetSubnetCidrReservationsResult' + parameters: + - name: Filter + in: query + required: false + description: '

One or more filters.

  • reservationType - The type of reservation (prefix | explicit).

  • subnet-id - The ID of the subnet.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: SubnetId + in: query + required: true + description: The ID of the subnet. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetSubnetCidrReservations + operationId: POST_GetSubnetCidrReservations + description: Gets information about the subnet CIDR reservations. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetSubnetCidrReservationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetSubnetCidrReservationsRequest' + parameters: [] + /?Action=GetTransitGatewayAttachmentPropagations&Version=2016-11-15: + get: + x-aws-operation-name: GetTransitGatewayAttachmentPropagations + operationId: GET_GetTransitGatewayAttachmentPropagations + description: Lists the route tables to which the specified resource attachment propagates routes. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetTransitGatewayAttachmentPropagationsResult' + parameters: + - name: TransitGatewayAttachmentId + in: query + required: true + description: The ID of the attachment. + schema: + type: string + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • transit-gateway-route-table-id - The ID of the transit gateway route table.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetTransitGatewayAttachmentPropagations + operationId: POST_GetTransitGatewayAttachmentPropagations + description: Lists the route tables to which the specified resource attachment propagates routes. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetTransitGatewayAttachmentPropagationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetTransitGatewayAttachmentPropagationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=GetTransitGatewayMulticastDomainAssociations&Version=2016-11-15: + get: + x-aws-operation-name: GetTransitGatewayMulticastDomainAssociations + operationId: GET_GetTransitGatewayMulticastDomainAssociations + description: Gets information about the associations for the transit gateway multicast domain. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetTransitGatewayMulticastDomainAssociationsResult' + parameters: + - name: TransitGatewayMulticastDomainId + in: query + required: false + description: The ID of the transit gateway multicast domain. + schema: + type: string + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • resource-id - The ID of the resource.

  • resource-type - The type of resource. The valid value is: vpc.

  • state - The state of the subnet association. Valid values are associated | associating | disassociated | disassociating.

  • subnet-id - The ID of the subnet.

  • transit-gateway-attachment-id - The id of the transit gateway attachment.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetTransitGatewayMulticastDomainAssociations + operationId: POST_GetTransitGatewayMulticastDomainAssociations + description: Gets information about the associations for the transit gateway multicast domain. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetTransitGatewayMulticastDomainAssociationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetTransitGatewayMulticastDomainAssociationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=GetTransitGatewayPrefixListReferences&Version=2016-11-15: + get: + x-aws-operation-name: GetTransitGatewayPrefixListReferences + operationId: GET_GetTransitGatewayPrefixListReferences + description: Gets information about the prefix list references in a specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetTransitGatewayPrefixListReferencesResult' + parameters: + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the transit gateway route table. + schema: + type: string + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • attachment.resource-id - The ID of the resource for the attachment.

  • attachment.resource-type - The type of resource for the attachment. Valid values are vpc | vpn | direct-connect-gateway | peering.

  • attachment.transit-gateway-attachment-id - The ID of the attachment.

  • is-blackhole - Whether traffic matching the route is blocked (true | false).

  • prefix-list-id - The ID of the prefix list.

  • prefix-list-owner-id - The ID of the owner of the prefix list.

  • state - The state of the prefix list reference (pending | available | modifying | deleting).

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetTransitGatewayPrefixListReferences + operationId: POST_GetTransitGatewayPrefixListReferences + description: Gets information about the prefix list references in a specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetTransitGatewayPrefixListReferencesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetTransitGatewayPrefixListReferencesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=GetTransitGatewayRouteTableAssociations&Version=2016-11-15: + get: + x-aws-operation-name: GetTransitGatewayRouteTableAssociations + operationId: GET_GetTransitGatewayRouteTableAssociations + description: Gets information about the associations for the specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetTransitGatewayRouteTableAssociationsResult' + parameters: + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the transit gateway route table. + schema: + type: string + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • resource-id - The ID of the resource.

  • resource-type - The resource type. Valid values are vpc | vpn | direct-connect-gateway | peering | connect.

  • transit-gateway-attachment-id - The ID of the attachment.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetTransitGatewayRouteTableAssociations + operationId: POST_GetTransitGatewayRouteTableAssociations + description: Gets information about the associations for the specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetTransitGatewayRouteTableAssociationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetTransitGatewayRouteTableAssociationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=GetTransitGatewayRouteTablePropagations&Version=2016-11-15: + get: + x-aws-operation-name: GetTransitGatewayRouteTablePropagations + operationId: GET_GetTransitGatewayRouteTablePropagations + description: Gets information about the route table propagations for the specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetTransitGatewayRouteTablePropagationsResult' + parameters: + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the transit gateway route table. + schema: + type: string + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • resource-id - The ID of the resource.

  • resource-type - The resource type. Valid values are vpc | vpn | direct-connect-gateway | peering | connect.

  • transit-gateway-attachment-id - The ID of the attachment.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetTransitGatewayRouteTablePropagations + operationId: POST_GetTransitGatewayRouteTablePropagations + description: Gets information about the route table propagations for the specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetTransitGatewayRouteTablePropagationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetTransitGatewayRouteTablePropagationsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=GetVpnConnectionDeviceSampleConfiguration&Version=2016-11-15: + get: + x-aws-operation-name: GetVpnConnectionDeviceSampleConfiguration + operationId: GET_GetVpnConnectionDeviceSampleConfiguration + description: Download an Amazon Web Services-provided sample configuration file to be used with the customer gateway device specified for your Site-to-Site VPN connection. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetVpnConnectionDeviceSampleConfigurationResult' + parameters: + - name: VpnConnectionId + in: query + required: true + description: The VpnConnectionId specifies the Site-to-Site VPN connection used for the sample configuration. + schema: + type: string + - name: VpnConnectionDeviceTypeId + in: query + required: true + description: Device identifier provided by the GetVpnConnectionDeviceTypes API. + schema: + type: string + - name: InternetKeyExchangeVersion + in: query + required: false + description: 'The IKE version to be used in the sample configuration file for your customer gateway device. You can specify one of the following versions: ikev1 or ikev2.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetVpnConnectionDeviceSampleConfiguration + operationId: POST_GetVpnConnectionDeviceSampleConfiguration + description: Download an Amazon Web Services-provided sample configuration file to be used with the customer gateway device specified for your Site-to-Site VPN connection. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetVpnConnectionDeviceSampleConfigurationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetVpnConnectionDeviceSampleConfigurationRequest' + parameters: [] + /?Action=GetVpnConnectionDeviceTypes&Version=2016-11-15: + get: + x-aws-operation-name: GetVpnConnectionDeviceTypes + operationId: GET_GetVpnConnectionDeviceTypes + description: 'Obtain a list of customer gateway devices for which sample configuration files can be provided. The request has no additional parameters. You can also see the list of device types with sample configuration files available under Your customer gateway device in the Amazon Web Services Site-to-Site VPN User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetVpnConnectionDeviceTypesResult' + parameters: + - name: MaxResults + in: query + required: false + description: 'The maximum number of results returned by GetVpnConnectionDeviceTypes in paginated output. When this parameter is used, GetVpnConnectionDeviceTypes only returns MaxResults results in a single page along with a NextToken response element. The remaining results of the initial request can be seen by sending another GetVpnConnectionDeviceTypes request with the returned NextToken value. This value can be between 200 and 1000. If this parameter is not used, then GetVpnConnectionDeviceTypes returns all results.' + schema: + type: integer + minimum: 200 + maximum: 1000 + - name: NextToken + in: query + required: false + description: 'The NextToken value returned from a previous paginated GetVpnConnectionDeviceTypes request where MaxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the NextToken value. This value is null when there are no more results to return. ' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: GetVpnConnectionDeviceTypes + operationId: POST_GetVpnConnectionDeviceTypes + description: 'Obtain a list of customer gateway devices for which sample configuration files can be provided. The request has no additional parameters. You can also see the list of device types with sample configuration files available under Your customer gateway device in the Amazon Web Services Site-to-Site VPN User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/GetVpnConnectionDeviceTypesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetVpnConnectionDeviceTypesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=ImportClientVpnClientCertificateRevocationList&Version=2016-11-15: + get: + x-aws-operation-name: ImportClientVpnClientCertificateRevocationList + operationId: GET_ImportClientVpnClientCertificateRevocationList + description:

Uploads a client certificate revocation list to the specified Client VPN endpoint. Uploading a client certificate revocation list overwrites the existing client certificate revocation list.

Uploading a client certificate revocation list resets existing client connections.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportClientVpnClientCertificateRevocationListResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint to which the client certificate revocation list applies. + schema: + type: string + - name: CertificateRevocationList + in: query + required: true + description: 'The client certificate revocation list file. For more information, see Generate a Client Certificate Revocation List in the Client VPN Administrator Guide.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ImportClientVpnClientCertificateRevocationList + operationId: POST_ImportClientVpnClientCertificateRevocationList + description:

Uploads a client certificate revocation list to the specified Client VPN endpoint. Uploading a client certificate revocation list overwrites the existing client certificate revocation list.

Uploading a client certificate revocation list resets existing client connections.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportClientVpnClientCertificateRevocationListResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportClientVpnClientCertificateRevocationListRequest' + parameters: [] + /?Action=ImportImage&Version=2016-11-15: + get: + x-aws-operation-name: ImportImage + operationId: GET_ImportImage + description: '

Import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI).

For more information, see Importing a VM as an image using VM Import/Export in the VM Import/Export User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportImageResult' + parameters: + - name: Architecture + in: query + required: false + description: '

The architecture of the virtual machine.

Valid values: i386 | x86_64

' + schema: + type: string + - name: ClientData + in: query + required: false + description: The client-specific data. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time that the disk upload starts. + description: Describes the client-specific data. + - name: ClientToken + in: query + required: false + description: The token to enable idempotency for VM import requests. + schema: + type: string + - name: Description + in: query + required: false + description: A description string for the import image task. + schema: + type: string + - name: DiskContainer + in: query + required: false + description: Information about the disk containers. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImageDiskContainer' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Encrypted + in: query + required: false + description: 'Specifies whether the destination AMI of the imported image should be encrypted. The default KMS key for EBS is used unless you specify a non-default KMS key using KmsKeyId. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.' + schema: + type: boolean + - name: Hypervisor + in: query + required: false + description: '

The target hypervisor platform.

Valid values: xen

' + schema: + type: string + - name: KmsKeyId + in: query + required: false + description: '

An identifier for the symmetric KMS key to use when creating the encrypted AMI. This parameter is only required if you want to use a non-default KMS key; if this parameter is not specified, the default KMS key for EBS is used. If a KmsKeyId is specified, the Encrypted flag must also be set.

The KMS key identifier may be provided in any of the following formats:

  • Key ID

  • Key alias. The alias ARN contains the arn:aws:kms namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the alias namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.

  • ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the key namespace, and then the key ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.

  • ARN using key alias. The alias ARN contains the arn:aws:kms namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the alias namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.

Amazon Web Services parses KmsKeyId asynchronously, meaning that the action you call may appear to complete even though you provided an invalid identifier. This action will eventually report failure.

The specified KMS key must exist in the Region that the AMI is being copied to.

Amazon EBS does not support asymmetric KMS keys.

' + schema: + type: string + - name: LicenseType + in: query + required: false + description: '

The license type to be used for the Amazon Machine Image (AMI) after importing.

By default, we detect the source-system operating system (OS) and apply the appropriate license. Specify AWS to replace the source-system license with an Amazon Web Services license, if appropriate. Specify BYOL to retain the source-system license, if appropriate.

To use BYOL, you must have existing licenses with rights to use these licenses in a third party cloud, such as Amazon Web Services. For more information, see Prerequisites in the VM Import/Export User Guide.

' + schema: + type: string + - name: Platform + in: query + required: false + description: '

The operating system of the virtual machine.

Valid values: Windows | Linux

' + schema: + type: string + - name: RoleName + in: query + required: false + description: 'The name of the role to use when not using the default role, ''vmimport''.' + schema: + type: string + - name: LicenseSpecifications + in: query + required: false + description: The ARNs of the license configurations. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImportImageLicenseConfigurationRequest' + - xml: + name: item + - name: TagSpecification + in: query + required: false + description: The tags to apply to the import image task during creation. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: UsageOperation + in: query + required: false + description: 'The usage operation value. For more information, see Licensing options in the VM Import/Export User Guide.' + schema: + type: string + - name: BootMode + in: query + required: false + description: The boot mode of the virtual machine. + schema: + type: string + enum: + - legacy-bios + - uefi + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ImportImage + operationId: POST_ImportImage + description: '

Import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI).

For more information, see Importing a VM as an image using VM Import/Export in the VM Import/Export User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportImageResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportImageRequest' + parameters: [] + /?Action=ImportInstance&Version=2016-11-15: + get: + x-aws-operation-name: ImportInstance + operationId: GET_ImportInstance + description: '

Creates an import instance task using metadata from the specified disk image.

This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead.

This API action is not supported by the Command Line Interface (CLI). For information about using the Amazon EC2 CLI, which is deprecated, see Importing a VM to Amazon EC2 in the Amazon EC2 CLI Reference PDF file.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportInstanceResult' + parameters: + - name: Description + in: query + required: false + description: A description for the instance being imported. + schema: + type: string + - name: DiskImage + in: query + required: false + description: The disk image. + schema: + type: array + items: + $ref: '#/components/schemas/DiskImage' + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: LaunchSpecification + in: query + required: false + description: The launch specification. + schema: + type: object + properties: + additionalInfo: + allOf: + - $ref: '#/components/schemas/String' + - description: Reserved. + architecture: + allOf: + - $ref: '#/components/schemas/ArchitectureValues' + - description: The architecture of the instance. + GroupId: + allOf: + - $ref: '#/components/schemas/SecurityGroupIdStringList' + - description: The security group IDs. + GroupName: + allOf: + - $ref: '#/components/schemas/SecurityGroupStringList' + - description: The security group names. + instanceInitiatedShutdownBehavior: + allOf: + - $ref: '#/components/schemas/ShutdownBehavior' + - description: Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: 'The instance type. For more information about the instance types that you can import, see Instance Types in the VM Import/Export User Guide.' + monitoring: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether monitoring is enabled. + placement: + allOf: + - $ref: '#/components/schemas/Placement' + - description: The placement information for the instance. + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: '[EC2-VPC] An available IP address from the IP address range of the subnet.' + subnetId: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: '[EC2-VPC] The ID of the subnet in which to launch the instance.' + userData: + allOf: + - $ref: '#/components/schemas/UserData' + - description: The Base64-encoded user data to make available to the instance. + description: Describes the launch specification for VM import. + - name: Platform + in: query + required: true + description: The instance operating system. + schema: + type: string + enum: + - Windows + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ImportInstance + operationId: POST_ImportInstance + description: '

Creates an import instance task using metadata from the specified disk image.

This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead.

This API action is not supported by the Command Line Interface (CLI). For information about using the Amazon EC2 CLI, which is deprecated, see Importing a VM to Amazon EC2 in the Amazon EC2 CLI Reference PDF file.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportInstanceResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportInstanceRequest' + parameters: [] + /?Action=ImportKeyPair&Version=2016-11-15: + get: + x-aws-operation-name: ImportKeyPair + operationId: GET_ImportKeyPair + description: '

Imports the public key from an RSA or ED25519 key pair that you created with a third-party tool. Compare this with CreateKeyPair, in which Amazon Web Services creates the key pair and gives the keys to you (Amazon Web Services keeps a copy of the public key). With ImportKeyPair, you create the key pair and give Amazon Web Services just the public key. The private key is never transferred between you and Amazon Web Services.

For more information about key pairs, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportKeyPairResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: KeyName + in: query + required: true + description: A unique name for the key pair. + schema: + type: string + - name: PublicKeyMaterial + in: query + required: true + description: 'The public key. For API calls, the text must be base64-encoded. For command line tools, base64 encoding is performed for you.' + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to apply to the imported key pair. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ImportKeyPair + operationId: POST_ImportKeyPair + description: '

Imports the public key from an RSA or ED25519 key pair that you created with a third-party tool. Compare this with CreateKeyPair, in which Amazon Web Services creates the key pair and gives the keys to you (Amazon Web Services keeps a copy of the public key). With ImportKeyPair, you create the key pair and give Amazon Web Services just the public key. The private key is never transferred between you and Amazon Web Services.

For more information about key pairs, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportKeyPairResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportKeyPairRequest' + parameters: [] + /?Action=ImportSnapshot&Version=2016-11-15: + get: + x-aws-operation-name: ImportSnapshot + operationId: GET_ImportSnapshot + description: '

Imports a disk into an EBS snapshot.

For more information, see Importing a disk as a snapshot using VM Import/Export in the VM Import/Export User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportSnapshotResult' + parameters: + - name: ClientData + in: query + required: false + description: The client-specific data. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time that the disk upload starts. + description: Describes the client-specific data. + - name: ClientToken + in: query + required: false + description: Token to enable idempotency for VM import requests. + schema: + type: string + - name: Description + in: query + required: false + description: The description string for the import snapshot task. + schema: + type: string + - name: DiskContainer + in: query + required: false + description: Information about the disk container. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/UserBucket' + - description: The Amazon S3 bucket for the disk image. + description: The disk container object for the import snapshot request. + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Encrypted + in: query + required: false + description: 'Specifies whether the destination snapshot of the imported image should be encrypted. The default KMS key for EBS is used unless you specify a non-default KMS key using KmsKeyId. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.' + schema: + type: boolean + - name: KmsKeyId + in: query + required: false + description: '

An identifier for the symmetric KMS key to use when creating the encrypted snapshot. This parameter is only required if you want to use a non-default KMS key; if this parameter is not specified, the default KMS key for EBS is used. If a KmsKeyId is specified, the Encrypted flag must also be set.

The KMS key identifier may be provided in any of the following formats:

  • Key ID

  • Key alias. The alias ARN contains the arn:aws:kms namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the alias namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.

  • ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the key namespace, and then the key ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.

  • ARN using key alias. The alias ARN contains the arn:aws:kms namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the alias namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.

Amazon Web Services parses KmsKeyId asynchronously, meaning that the action you call may appear to complete even though you provided an invalid identifier. This action will eventually report failure.

The specified KMS key must exist in the Region that the snapshot is being copied to.

Amazon EBS does not support asymmetric KMS keys.

' + schema: + type: string + - name: RoleName + in: query + required: false + description: 'The name of the role to use when not using the default role, ''vmimport''.' + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to apply to the import snapshot task during creation. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ImportSnapshot + operationId: POST_ImportSnapshot + description: '

Imports a disk into an EBS snapshot.

For more information, see Importing a disk as a snapshot using VM Import/Export in the VM Import/Export User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportSnapshotResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportSnapshotRequest' + parameters: [] + /?Action=ImportVolume&Version=2016-11-15: + get: + x-aws-operation-name: ImportVolume + operationId: GET_ImportVolume + description: '

Creates an import volume task using metadata from the specified disk image.

This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead. To import a disk to a snapshot, use ImportSnapshot instead.

This API action is not supported by the Command Line Interface (CLI). For information about using the Amazon EC2 CLI, which is deprecated, see Importing Disks to Amazon EBS in the Amazon EC2 CLI Reference PDF file.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportVolumeResult' + parameters: + - name: AvailabilityZone + in: query + required: true + description: The Availability Zone for the resulting EBS volume. + schema: + type: string + - name: Description + in: query + required: false + description: A description of the volume. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Image + in: query + required: true + description: The disk image. + schema: + type: object + required: + - Bytes + - Format + - ImportManifestUrl + properties: + bytes: + allOf: + - $ref: '#/components/schemas/Long' + - description: 'The size of the disk image, in GiB.' + format: + allOf: + - $ref: '#/components/schemas/DiskImageFormat' + - description: The disk image format. + importManifestUrl: + allOf: + - $ref: '#/components/schemas/String' + - description: '

A presigned URL for the import manifest stored in Amazon S3 and presented here as an Amazon S3 presigned URL. For information about creating a presigned URL for an Amazon S3 object, read the "Query String Request Authentication Alternative" section of the Authenticating REST Requests topic in the Amazon Simple Storage Service Developer Guide.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' + description: Describes a disk image. + - name: Volume + in: query + required: true + description: The volume size. + schema: + type: object + required: + - Size + properties: + size: + allOf: + - $ref: '#/components/schemas/Long' + - description: 'The size of the volume, in GiB.' + description: Describes an EBS volume. + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ImportVolume + operationId: POST_ImportVolume + description: '

Creates an import volume task using metadata from the specified disk image.

This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead. To import a disk to a snapshot, use ImportSnapshot instead.

This API action is not supported by the Command Line Interface (CLI). For information about using the Amazon EC2 CLI, which is deprecated, see Importing Disks to Amazon EBS in the Amazon EC2 CLI Reference PDF file.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportVolumeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportVolumeRequest' + parameters: [] + /?Action=ListImagesInRecycleBin&Version=2016-11-15: + get: + x-aws-operation-name: ListImagesInRecycleBin + operationId: GET_ListImagesInRecycleBin + description: 'Lists one or more AMIs that are currently in the Recycle Bin. For more information, see Recycle Bin in the Amazon Elastic Compute Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ListImagesInRecycleBinResult' + parameters: + - name: ImageId + in: query + required: false + description: The IDs of the AMIs to list. Omit this parameter to list all of the AMIs that are in the Recycle Bin. You can specify up to 20 IDs in a single request. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImageId' + - xml: + name: ImageId + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: '

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

If you do not specify a value for MaxResults, the request returns 1,000 items per page by default. For more information, see Pagination.

' + schema: + type: integer + minimum: 1 + maximum: 1000 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ListImagesInRecycleBin + operationId: POST_ListImagesInRecycleBin + description: 'Lists one or more AMIs that are currently in the Recycle Bin. For more information, see Recycle Bin in the Amazon Elastic Compute Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ListImagesInRecycleBinResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListImagesInRecycleBinRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=ListSnapshotsInRecycleBin&Version=2016-11-15: + get: + x-aws-operation-name: ListSnapshotsInRecycleBin + operationId: GET_ListSnapshotsInRecycleBin + description: Lists one or more snapshots that are currently in the Recycle Bin. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ListSnapshotsInRecycleBinResult' + parameters: + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: SnapshotId + in: query + required: false + description: The IDs of the snapshots to list. Omit this parameter to list all of the snapshots that are in the Recycle Bin. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SnapshotId' + - xml: + name: SnapshotId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ListSnapshotsInRecycleBin + operationId: POST_ListSnapshotsInRecycleBin + description: Lists one or more snapshots that are currently in the Recycle Bin. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ListSnapshotsInRecycleBinResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListSnapshotsInRecycleBinRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=ModifyAddressAttribute&Version=2016-11-15: + get: + x-aws-operation-name: ModifyAddressAttribute + operationId: GET_ModifyAddressAttribute + description: 'Modifies an attribute of the specified Elastic IP address. For requirements, see Using reverse DNS for email applications.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyAddressAttributeResult' + parameters: + - name: AllocationId + in: query + required: true + description: '[EC2-VPC] The allocation ID.' + schema: + type: string + - name: DomainName + in: query + required: false + description: The domain name to modify for the IP address. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyAddressAttribute + operationId: POST_ModifyAddressAttribute + description: 'Modifies an attribute of the specified Elastic IP address. For requirements, see Using reverse DNS for email applications.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyAddressAttributeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyAddressAttributeRequest' + parameters: [] + /?Action=ModifyAvailabilityZoneGroup&Version=2016-11-15: + get: + x-aws-operation-name: ModifyAvailabilityZoneGroup + operationId: GET_ModifyAvailabilityZoneGroup + description: '

Changes the opt-in status of the Local Zone and Wavelength Zone group for your account.

Use DescribeAvailabilityZones to view the value for GroupName.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyAvailabilityZoneGroupResult' + parameters: + - name: GroupName + in: query + required: true + description: 'The name of the Availability Zone group, Local Zone group, or Wavelength Zone group.' + schema: + type: string + - name: OptInStatus + in: query + required: true + description: 'Indicates whether you are opted in to the Local Zone group or Wavelength Zone group. The only valid value is opted-in. You must contact Amazon Web Services Support to opt out of a Local Zone or Wavelength Zone group.' + schema: + type: string + enum: + - opted-in + - not-opted-in + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyAvailabilityZoneGroup + operationId: POST_ModifyAvailabilityZoneGroup + description: '

Changes the opt-in status of the Local Zone and Wavelength Zone group for your account.

Use DescribeAvailabilityZones to view the value for GroupName.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyAvailabilityZoneGroupResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyAvailabilityZoneGroupRequest' + parameters: [] + /?Action=ModifyCapacityReservation&Version=2016-11-15: + get: + x-aws-operation-name: ModifyCapacityReservation + operationId: GET_ModifyCapacityReservation + description: 'Modifies a Capacity Reservation''s capacity and the conditions under which it is to be released. You cannot change a Capacity Reservation''s instance type, EBS optimization, instance store settings, platform, Availability Zone, or instance eligibility. If you need to modify any of these attributes, we recommend that you cancel the Capacity Reservation, and then create a new one with the required attributes.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyCapacityReservationResult' + parameters: + - name: CapacityReservationId + in: query + required: true + description: The ID of the Capacity Reservation. + schema: + type: string + - name: InstanceCount + in: query + required: false + description: The number of instances for which to reserve capacity. The number of instances can't be increased or decreased by more than 1000 in a single request. + schema: + type: integer + - name: EndDate + in: query + required: false + description: '

The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation''s state changes to expired when it reaches its end date and time.

The Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.

You must provide an EndDate value if EndDateType is limited. Omit EndDate if EndDateType is unlimited.

' + schema: + type: string + format: date-time + - name: EndDateType + in: query + required: false + description: '

Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:

  • unlimited - The Capacity Reservation remains active until you explicitly cancel it. Do not provide an EndDate value if EndDateType is unlimited.

  • limited - The Capacity Reservation expires automatically at a specified date and time. You must provide an EndDate value if EndDateType is limited.

' + schema: + type: string + enum: + - unlimited + - limited + - name: Accept + in: query + required: false + description: Reserved. Capacity Reservations you have created are accepted by default. + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: AdditionalInfo + in: query + required: false + description: Reserved for future use. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyCapacityReservation + operationId: POST_ModifyCapacityReservation + description: 'Modifies a Capacity Reservation''s capacity and the conditions under which it is to be released. You cannot change a Capacity Reservation''s instance type, EBS optimization, instance store settings, platform, Availability Zone, or instance eligibility. If you need to modify any of these attributes, we recommend that you cancel the Capacity Reservation, and then create a new one with the required attributes.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyCapacityReservationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyCapacityReservationRequest' + parameters: [] + /?Action=ModifyCapacityReservationFleet&Version=2016-11-15: + get: + x-aws-operation-name: ModifyCapacityReservationFleet + operationId: GET_ModifyCapacityReservationFleet + description: '

Modifies a Capacity Reservation Fleet.

When you modify the total target capacity of a Capacity Reservation Fleet, the Fleet automatically creates new Capacity Reservations, or modifies or cancels existing Capacity Reservations in the Fleet to meet the new total target capacity. When you modify the end date for the Fleet, the end dates for all of the individual Capacity Reservations in the Fleet are updated accordingly.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyCapacityReservationFleetResult' + parameters: + - name: CapacityReservationFleetId + in: query + required: true + description: The ID of the Capacity Reservation Fleet to modify. + schema: + type: string + - name: TotalTargetCapacity + in: query + required: false + description: 'The total number of capacity units to be reserved by the Capacity Reservation Fleet. This value, together with the instance type weights that you assign to each instance type used by the Fleet determine the number of instances for which the Fleet reserves capacity. Both values are based on units that make sense for your workload. For more information, see Total target capacity in the Amazon EC2 User Guide.' + schema: + type: integer + - name: EndDate + in: query + required: false + description: '

The date and time at which the Capacity Reservation Fleet expires. When the Capacity Reservation Fleet expires, its state changes to expired and all of the Capacity Reservations in the Fleet expire.

The Capacity Reservation Fleet expires within an hour after the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation Fleet is guaranteed to expire between 13:30:55 and 14:30:55 on 5/31/2019.

You can''t specify EndDate and RemoveEndDate in the same request.

' + schema: + type: string + format: date-time + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: RemoveEndDate + in: query + required: false + description: '

Indicates whether to remove the end date from the Capacity Reservation Fleet. If you remove the end date, the Capacity Reservation Fleet does not expire and it remains active until you explicitly cancel it using the CancelCapacityReservationFleet action.

You can''t specify RemoveEndDate and EndDate in the same request.

' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyCapacityReservationFleet + operationId: POST_ModifyCapacityReservationFleet + description: '

Modifies a Capacity Reservation Fleet.

When you modify the total target capacity of a Capacity Reservation Fleet, the Fleet automatically creates new Capacity Reservations, or modifies or cancels existing Capacity Reservations in the Fleet to meet the new total target capacity. When you modify the end date for the Fleet, the end dates for all of the individual Capacity Reservations in the Fleet are updated accordingly.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyCapacityReservationFleetResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyCapacityReservationFleetRequest' + parameters: [] + /?Action=ModifyClientVpnEndpoint&Version=2016-11-15: + get: + x-aws-operation-name: ModifyClientVpnEndpoint + operationId: GET_ModifyClientVpnEndpoint + description: Modifies the specified Client VPN endpoint. Modifying the DNS server resets existing client connections. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyClientVpnEndpointResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint to modify. + schema: + type: string + - name: ServerCertificateArn + in: query + required: false + description: The ARN of the server certificate to be used. The server certificate must be provisioned in Certificate Manager (ACM). + schema: + type: string + - name: ConnectionLogOptions + in: query + required: false + description: '

Information about the client connection logging options.

If you enable client connection logging, data about client connections is sent to a Cloudwatch Logs log stream. The following information is logged:

  • Client connection requests

  • Client connection results (successful and unsuccessful)

  • Reasons for unsuccessful client connection requests

  • Client connection termination time

' + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the CloudWatch Logs log stream to which the connection data is published. + description: Describes the client connection logging options for the Client VPN endpoint. + - name: DnsServers + in: query + required: false + description: Information about the DNS servers to be used by Client VPN connections. A Client VPN endpoint can have up to two DNS servers. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether DNS servers should be used. Specify False to delete the existing DNS servers. + description: Information about the DNS server to be used. + - name: VpnPort + in: query + required: false + description: '

The port number to assign to the Client VPN endpoint for TCP and UDP traffic.

Valid Values: 443 | 1194

Default Value: 443

' + schema: + type: integer + - name: Description + in: query + required: false + description: A brief description of the Client VPN endpoint. + schema: + type: string + - name: SplitTunnel + in: query + required: false + description: '

Indicates whether the VPN is split-tunnel.

For information about split-tunnel VPN endpoints, see Split-tunnel Client VPN endpoint in the Client VPN Administrator Guide.

' + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: SecurityGroupId + in: query + required: false + description: The IDs of one or more security groups to apply to the target network. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: item + - name: VpcId + in: query + required: false + description: The ID of the VPC to associate with the Client VPN endpoint. + schema: + type: string + - name: SelfServicePortal + in: query + required: false + description: Specify whether to enable the self-service portal for the Client VPN endpoint. + schema: + type: string + enum: + - enabled + - disabled + - name: ClientConnectOptions + in: query + required: false + description: The options for managing connection authorization for new client connections. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization. + description: The options for managing connection authorization for new client connections. + - name: SessionTimeoutHours + in: query + required: false + description: '

The maximum VPN session duration time in hours.

Valid values: 8 | 10 | 12 | 24

Default value: 24

' + schema: + type: integer + - name: ClientLoginBannerOptions + in: query + required: false + description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: Customizable text that will be displayed in a banner on Amazon Web Services provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. + description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyClientVpnEndpoint + operationId: POST_ModifyClientVpnEndpoint + description: Modifies the specified Client VPN endpoint. Modifying the DNS server resets existing client connections. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyClientVpnEndpointResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyClientVpnEndpointRequest' + parameters: [] + /?Action=ModifyDefaultCreditSpecification&Version=2016-11-15: + get: + x-aws-operation-name: ModifyDefaultCreditSpecification + operationId: GET_ModifyDefaultCreditSpecification + description: '

Modifies the default credit option for CPU usage of burstable performance instances. The default credit option is set at the account level per Amazon Web Services Region, and is specified per instance family. All new burstable performance instances in the account launch using the default credit option.

ModifyDefaultCreditSpecification is an asynchronous operation, which works at an Amazon Web Services Region level and modifies the credit option for each Availability Zone. All zones in a Region are updated within five minutes. But if instances are launched during this operation, they might not get the new credit option until the zone is updated. To verify whether the update has occurred, you can call GetDefaultCreditSpecification and check DefaultCreditSpecification for updates.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyDefaultCreditSpecificationResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceFamily + in: query + required: true + description: The instance family. + schema: + type: string + enum: + - t2 + - t3 + - t3a + - t4g + - name: CpuCredits + in: query + required: true + description: '

The credit option for CPU usage of the instance family.

Valid Values: standard | unlimited

' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyDefaultCreditSpecification + operationId: POST_ModifyDefaultCreditSpecification + description: '

Modifies the default credit option for CPU usage of burstable performance instances. The default credit option is set at the account level per Amazon Web Services Region, and is specified per instance family. All new burstable performance instances in the account launch using the default credit option.

ModifyDefaultCreditSpecification is an asynchronous operation, which works at an Amazon Web Services Region level and modifies the credit option for each Availability Zone. All zones in a Region are updated within five minutes. But if instances are launched during this operation, they might not get the new credit option until the zone is updated. To verify whether the update has occurred, you can call GetDefaultCreditSpecification and check DefaultCreditSpecification for updates.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyDefaultCreditSpecificationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyDefaultCreditSpecificationRequest' + parameters: [] + /?Action=ModifyEbsDefaultKmsKeyId&Version=2016-11-15: + get: + x-aws-operation-name: ModifyEbsDefaultKmsKeyId + operationId: GET_ModifyEbsDefaultKmsKeyId + description: '

Changes the default KMS key for EBS encryption by default for your account in this Region.

Amazon Web Services creates a unique Amazon Web Services managed KMS key in each Region for use with encryption by default. If you change the default KMS key to a symmetric customer managed KMS key, it is used instead of the Amazon Web Services managed KMS key. To reset the default KMS key to the Amazon Web Services managed KMS key for EBS, use ResetEbsDefaultKmsKeyId. Amazon EBS does not support asymmetric KMS keys.

If you delete or disable the customer managed KMS key that you specified for use with encryption by default, your instances will fail to launch.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyEbsDefaultKmsKeyIdResult' + parameters: + - name: KmsKeyId + in: query + required: true + description: '

The identifier of the Key Management Service (KMS) KMS key to use for Amazon EBS encryption. If this parameter is not specified, your KMS key for Amazon EBS is used. If KmsKeyId is specified, the encrypted state must be true.

You can specify the KMS key using any of the following:

  • Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.

  • Key alias. For example, alias/ExampleAlias.

  • Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.

  • Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.

Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails.

Amazon EBS does not support asymmetric KMS keys.

' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyEbsDefaultKmsKeyId + operationId: POST_ModifyEbsDefaultKmsKeyId + description: '

Changes the default KMS key for EBS encryption by default for your account in this Region.

Amazon Web Services creates a unique Amazon Web Services managed KMS key in each Region for use with encryption by default. If you change the default KMS key to a symmetric customer managed KMS key, it is used instead of the Amazon Web Services managed KMS key. To reset the default KMS key to the Amazon Web Services managed KMS key for EBS, use ResetEbsDefaultKmsKeyId. Amazon EBS does not support asymmetric KMS keys.

If you delete or disable the customer managed KMS key that you specified for use with encryption by default, your instances will fail to launch.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyEbsDefaultKmsKeyIdResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyEbsDefaultKmsKeyIdRequest' + parameters: [] + /?Action=ModifyFleet&Version=2016-11-15: + get: + x-aws-operation-name: ModifyFleet + operationId: GET_ModifyFleet + description: '

Modifies the specified EC2 Fleet.

You can only modify an EC2 Fleet request of type maintain.

While the EC2 Fleet is being modified, it is in the modifying state.

To scale up your EC2 Fleet, increase its target capacity. The EC2 Fleet launches the additional Spot Instances according to the allocation strategy for the EC2 Fleet request. If the allocation strategy is lowest-price, the EC2 Fleet launches instances using the Spot Instance pool with the lowest price. If the allocation strategy is diversified, the EC2 Fleet distributes the instances across the Spot Instance pools. If the allocation strategy is capacity-optimized, EC2 Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching.

To scale down your EC2 Fleet, decrease its target capacity. First, the EC2 Fleet cancels any open requests that exceed the new target capacity. You can request that the EC2 Fleet terminate Spot Instances until the size of the fleet no longer exceeds the new target capacity. If the allocation strategy is lowest-price, the EC2 Fleet terminates the instances with the highest price per unit. If the allocation strategy is capacity-optimized, the EC2 Fleet terminates the instances in the Spot Instance pools that have the least available Spot Instance capacity. If the allocation strategy is diversified, the EC2 Fleet terminates instances across the Spot Instance pools. Alternatively, you can request that the EC2 Fleet keep the fleet at its current size, but not replace any Spot Instances that are interrupted or that you terminate manually.

If you are finished with your EC2 Fleet for now, but will use it again later, you can set the target capacity to 0.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyFleetResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ExcessCapacityTerminationPolicy + in: query + required: false + description: Indicates whether running instances should be terminated if the total target capacity of the EC2 Fleet is decreased below the current size of the EC2 Fleet. + schema: + type: string + enum: + - no-termination + - termination + - name: LaunchTemplateConfig + in: query + required: false + description: The launch template and overrides. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/FleetLaunchTemplateConfigRequest' + - xml: + name: item + minItems: 0 + maxItems: 50 + - name: FleetId + in: query + required: true + description: The ID of the EC2 Fleet. + schema: + type: string + - name: TargetCapacitySpecification + in: query + required: false + description: The size of the EC2 Fleet. + schema: + type: object + required: + - TotalTargetCapacity + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TargetCapacityUnitType' + - description: '

The unit for the target capacity.

Default: units (translates to number of instances)

' + description: '

The number of units to request. You can choose to set the target capacity as the number of instances. Or you can set the target capacity to a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.

You can use the On-Demand Instance MaxTotalPrice parameter, the Spot Instance MaxTotalPrice parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, EC2 Fleet will launch instances until it reaches the maximum amount that you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity. The MaxTotalPrice parameters are located in OnDemandOptionsRequest and SpotOptionsRequest.

' + - name: Context + in: query + required: false + description: Reserved. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyFleet + operationId: POST_ModifyFleet + description: '

Modifies the specified EC2 Fleet.

You can only modify an EC2 Fleet request of type maintain.

While the EC2 Fleet is being modified, it is in the modifying state.

To scale up your EC2 Fleet, increase its target capacity. The EC2 Fleet launches the additional Spot Instances according to the allocation strategy for the EC2 Fleet request. If the allocation strategy is lowest-price, the EC2 Fleet launches instances using the Spot Instance pool with the lowest price. If the allocation strategy is diversified, the EC2 Fleet distributes the instances across the Spot Instance pools. If the allocation strategy is capacity-optimized, EC2 Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching.

To scale down your EC2 Fleet, decrease its target capacity. First, the EC2 Fleet cancels any open requests that exceed the new target capacity. You can request that the EC2 Fleet terminate Spot Instances until the size of the fleet no longer exceeds the new target capacity. If the allocation strategy is lowest-price, the EC2 Fleet terminates the instances with the highest price per unit. If the allocation strategy is capacity-optimized, the EC2 Fleet terminates the instances in the Spot Instance pools that have the least available Spot Instance capacity. If the allocation strategy is diversified, the EC2 Fleet terminates instances across the Spot Instance pools. Alternatively, you can request that the EC2 Fleet keep the fleet at its current size, but not replace any Spot Instances that are interrupted or that you terminate manually.

If you are finished with your EC2 Fleet for now, but will use it again later, you can set the target capacity to 0.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyFleetResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyFleetRequest' + parameters: [] + /?Action=ModifyFpgaImageAttribute&Version=2016-11-15: + get: + x-aws-operation-name: ModifyFpgaImageAttribute + operationId: GET_ModifyFpgaImageAttribute + description: Modifies the specified attribute of the specified Amazon FPGA Image (AFI). + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyFpgaImageAttributeResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: FpgaImageId + in: query + required: true + description: The ID of the AFI. + schema: + type: string + - name: Attribute + in: query + required: false + description: The name of the attribute. + schema: + type: string + enum: + - description + - name + - loadPermission + - productCodes + - name: OperationType + in: query + required: false + description: The operation type. + schema: + type: string + enum: + - add + - remove + - name: UserId + in: query + required: false + description: The Amazon Web Services account IDs. This parameter is valid only when modifying the loadPermission attribute. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: UserId + - name: UserGroup + in: query + required: false + description: The user groups. This parameter is valid only when modifying the loadPermission attribute. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: UserGroup + - name: ProductCode + in: query + required: false + description: 'The product codes. After you add a product code to an AFI, it can''t be removed. This parameter is valid only when modifying the productCodes attribute.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: ProductCode + - name: LoadPermission + in: query + required: false + description: The load permission for the AFI. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LoadPermissionListRequest' + - description: The load permissions to remove. + description: Describes modifications to the load permissions of an Amazon FPGA image (AFI). + - name: Description + in: query + required: false + description: A description for the AFI. + schema: + type: string + - name: Name + in: query + required: false + description: A name for the AFI. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyFpgaImageAttribute + operationId: POST_ModifyFpgaImageAttribute + description: Modifies the specified attribute of the specified Amazon FPGA Image (AFI). + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyFpgaImageAttributeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyFpgaImageAttributeRequest' + parameters: [] + /?Action=ModifyHosts&Version=2016-11-15: + get: + x-aws-operation-name: ModifyHosts + operationId: GET_ModifyHosts + description: '

Modify the auto-placement setting of a Dedicated Host. When auto-placement is enabled, any instances that you launch with a tenancy of host but without a specific host ID are placed onto any available Dedicated Host in your account that has auto-placement enabled. When auto-placement is disabled, you need to provide a host ID to have the instance launch onto a specific host. If no host ID is provided, the instance is launched onto a suitable host with auto-placement enabled.

You can also use this API action to modify a Dedicated Host to support either multiple instance types in an instance family, or to support a specific instance type only.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyHostsResult' + parameters: + - name: AutoPlacement + in: query + required: false + description: Specify whether to enable or disable auto-placement. + schema: + type: string + enum: + - 'on' + - 'off' + - name: HostId + in: query + required: true + description: The IDs of the Dedicated Hosts to modify. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/DedicatedHostId' + - xml: + name: item + - name: HostRecovery + in: query + required: false + description: 'Indicates whether to enable or disable host recovery for the Dedicated Host. For more information, see Host recovery in the Amazon EC2 User Guide.' + schema: + type: string + enum: + - 'on' + - 'off' + - name: InstanceType + in: query + required: false + description: '

Specifies the instance type to be supported by the Dedicated Host. Specify this parameter to modify a Dedicated Host to support only a specific instance type.

If you want to modify a Dedicated Host to support multiple instance types in its current instance family, omit this parameter and specify InstanceFamily instead. You cannot specify InstanceType and InstanceFamily in the same request.

' + schema: + type: string + - name: InstanceFamily + in: query + required: false + description: '

Specifies the instance family to be supported by the Dedicated Host. Specify this parameter to modify a Dedicated Host to support multiple instance types within its current instance family.

If you want to modify a Dedicated Host to support a specific instance type only, omit this parameter and specify InstanceType instead. You cannot specify InstanceFamily and InstanceType in the same request.

' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyHosts + operationId: POST_ModifyHosts + description: '

Modify the auto-placement setting of a Dedicated Host. When auto-placement is enabled, any instances that you launch with a tenancy of host but without a specific host ID are placed onto any available Dedicated Host in your account that has auto-placement enabled. When auto-placement is disabled, you need to provide a host ID to have the instance launch onto a specific host. If no host ID is provided, the instance is launched onto a suitable host with auto-placement enabled.

You can also use this API action to modify a Dedicated Host to support either multiple instance types in an instance family, or to support a specific instance type only.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyHostsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyHostsRequest' + parameters: [] + /?Action=ModifyIdFormat&Version=2016-11-15: + get: + x-aws-operation-name: ModifyIdFormat + operationId: GET_ModifyIdFormat + description: '

Modifies the ID format for the specified resource on a per-Region basis. You can specify that resources should receive longer IDs (17-character IDs) when they are created.

This request can only be used to modify longer ID settings for resource types that are within the opt-in period. Resources currently in their opt-in period include: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

This setting applies to the IAM user who makes the request; it does not apply to the entire Amazon Web Services account. By default, an IAM user defaults to the same settings as the root user. If you''re using this action as the root user, then these settings apply to the entire account, unless an IAM user explicitly overrides these settings for themselves. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.

Resources created with longer IDs are visible to all IAM roles and users, regardless of these settings and provided that they have permission to use the relevant Describe command for the resource type.

' + responses: + '200': + description: Success + parameters: + - name: Resource + in: query + required: true + description: '

The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

Alternatively, use the all-current option to include all resource types that are currently within their opt-in period for longer IDs.

' + schema: + type: string + - name: UseLongIds + in: query + required: true + description: Indicate whether the resource should use longer IDs (17-character IDs). + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyIdFormat + operationId: POST_ModifyIdFormat + description: '

Modifies the ID format for the specified resource on a per-Region basis. You can specify that resources should receive longer IDs (17-character IDs) when they are created.

This request can only be used to modify longer ID settings for resource types that are within the opt-in period. Resources currently in their opt-in period include: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

This setting applies to the IAM user who makes the request; it does not apply to the entire Amazon Web Services account. By default, an IAM user defaults to the same settings as the root user. If you''re using this action as the root user, then these settings apply to the entire account, unless an IAM user explicitly overrides these settings for themselves. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.

Resources created with longer IDs are visible to all IAM roles and users, regardless of these settings and provided that they have permission to use the relevant Describe command for the resource type.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyIdFormatRequest' + parameters: [] + /?Action=ModifyIdentityIdFormat&Version=2016-11-15: + get: + x-aws-operation-name: ModifyIdentityIdFormat + operationId: GET_ModifyIdentityIdFormat + description: '

Modifies the ID format of a resource for a specified IAM user, IAM role, or the root user for an account; or all IAM users, IAM roles, and the root user for an account. You can specify that resources should receive longer IDs (17-character IDs) when they are created.

This request can only be used to modify longer ID settings for resource types that are within the opt-in period. Resources currently in their opt-in period include: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.

This setting applies to the principal specified in the request; it does not apply to the principal that makes the request.

Resources created with longer IDs are visible to all IAM roles and users, regardless of these settings and provided that they have permission to use the relevant Describe command for the resource type.

' + responses: + '200': + description: Success + parameters: + - name: PrincipalArn + in: query + required: true + description: 'The ARN of the principal, which can be an IAM user, IAM role, or the root user. Specify all to modify the ID format for all IAM users, IAM roles, and the root user of the account.' + schema: + type: string + - name: Resource + in: query + required: true + description: '

The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

Alternatively, use the all-current option to include all resource types that are currently within their opt-in period for longer IDs.

' + schema: + type: string + - name: UseLongIds + in: query + required: true + description: Indicates whether the resource should use longer IDs (17-character IDs) + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyIdentityIdFormat + operationId: POST_ModifyIdentityIdFormat + description: '

Modifies the ID format of a resource for a specified IAM user, IAM role, or the root user for an account; or all IAM users, IAM roles, and the root user for an account. You can specify that resources should receive longer IDs (17-character IDs) when they are created.

This request can only be used to modify longer ID settings for resource types that are within the opt-in period. Resources currently in their opt-in period include: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.

This setting applies to the principal specified in the request; it does not apply to the principal that makes the request.

Resources created with longer IDs are visible to all IAM roles and users, regardless of these settings and provided that they have permission to use the relevant Describe command for the resource type.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyIdentityIdFormatRequest' + parameters: [] + /?Action=ModifyImageAttribute&Version=2016-11-15: + get: + x-aws-operation-name: ModifyImageAttribute + operationId: GET_ModifyImageAttribute + description: '

Modifies the specified attribute of the specified AMI. You can specify only one attribute at a time. You can use the Attribute parameter to specify the attribute or one of the following parameters: Description or LaunchPermission.

Images with an Amazon Web Services Marketplace product code cannot be made public.

To enable the SriovNetSupport enhanced networking attribute of an image, enable SriovNetSupport on an instance and create an AMI from the instance.

' + responses: + '200': + description: Success + parameters: + - name: Attribute + in: query + required: false + description: '

The name of the attribute to modify.

Valid values: description | launchPermission

' + schema: + type: string + - name: Description + in: query + required: false + description: A new description for the AMI. + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The attribute value. The value is case-sensitive. + description: Describes a value for a resource attribute that is a String. + - name: ImageId + in: query + required: true + description: The ID of the AMI. + schema: + type: string + - name: LaunchPermission + in: query + required: false + description: A new launch permission for the AMI. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LaunchPermissionList' + - description: 'The Amazon Web Services account ID, organization ARN, or OU ARN to remove from the list of launch permissions for the AMI.' + description: Describes a launch permission modification. + - name: OperationType + in: query + required: false + description: The operation type. This parameter can be used only when the Attribute parameter is launchPermission. + schema: + type: string + enum: + - add + - remove + - name: ProductCode + in: query + required: false + description: Not supported. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: ProductCode + - name: UserGroup + in: query + required: false + description: The user groups. This parameter can be used only when the Attribute parameter is launchPermission. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: UserGroup + - name: UserId + in: query + required: false + description: The Amazon Web Services account IDs. This parameter can be used only when the Attribute parameter is launchPermission. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: UserId + - name: Value + in: query + required: false + description: The value of the attribute being modified. This parameter can be used only when the Attribute parameter is description. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: OrganizationArn + in: query + required: false + description: The Amazon Resource Name (ARN) of an organization. This parameter can be used only when the Attribute parameter is launchPermission. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: OrganizationArn + - name: OrganizationalUnitArn + in: query + required: false + description: The Amazon Resource Name (ARN) of an organizational unit (OU). This parameter can be used only when the Attribute parameter is launchPermission. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: OrganizationalUnitArn + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyImageAttribute + operationId: POST_ModifyImageAttribute + description: '

Modifies the specified attribute of the specified AMI. You can specify only one attribute at a time. You can use the Attribute parameter to specify the attribute or one of the following parameters: Description or LaunchPermission.

Images with an Amazon Web Services Marketplace product code cannot be made public.

To enable the SriovNetSupport enhanced networking attribute of an image, enable SriovNetSupport on an instance and create an AMI from the instance.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyImageAttributeRequest' + parameters: [] + /?Action=ModifyInstanceAttribute&Version=2016-11-15: + get: + x-aws-operation-name: ModifyInstanceAttribute + operationId: GET_ModifyInstanceAttribute + description: '

Modifies the specified attribute of the specified instance. You can specify only one attribute at a time.

Note: Using this action to change the security groups associated with an elastic network interface (ENI) attached to an instance in a VPC can result in an error if the instance has more than one ENI. To change the security groups associated with an ENI attached to an instance that has multiple ENIs, we recommend that you use the ModifyNetworkInterfaceAttribute action.

To modify some attributes, the instance must be stopped. For more information, see Modify a stopped instance in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + parameters: + - name: SourceDestCheck + in: query + required: false + description: 'Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.' + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + - name: Attribute + in: query + required: false + description: The name of the attribute. + schema: + type: string + enum: + - instanceType + - kernel + - ramdisk + - userData + - disableApiTermination + - instanceInitiatedShutdownBehavior + - rootDeviceName + - blockDeviceMapping + - productCodes + - sourceDestCheck + - groupSet + - ebsOptimized + - sriovNetSupport + - enaSupport + - enclaveOptions + - name: BlockDeviceMapping + in: query + required: false + description: '

Modifies the DeleteOnTermination attribute for volumes that are currently attached. The volume must be owned by the caller. If no value is specified for DeleteOnTermination, the default is true and the volume is deleted when the instance is terminated.

To add instance store volumes to an Amazon EBS-backed instance, you must add them when you launch the instance. For more information, see Update the block device mapping when launching an instance in the Amazon EC2 User Guide.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceBlockDeviceMappingSpecification' + - xml: + name: item + - name: DisableApiTermination + in: query + required: false + description: 'If the value is true, you can''t terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. You cannot use this parameter for Spot Instances.' + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: EbsOptimized + in: query + required: false + description: Specifies whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance. + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + - name: EnaSupport + in: query + required: false + description:

Set to true to enable enhanced networking with ENA for the instance.

This option is supported only for HVM instances. Specifying this option with a PV instance can make it unreachable.

+ schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + - name: GroupId + in: query + required: false + description: '[EC2-VPC] Replaces the security groups of the instance with the specified security groups. You must specify at least one security group, even if it''s just the default security group for the VPC. You must specify the security group ID, not the security group name.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: groupId + - name: InstanceId + in: query + required: true + description: The ID of the instance. + schema: + type: string + - name: InstanceInitiatedShutdownBehavior + in: query + required: false + description: Specifies whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The attribute value. The value is case-sensitive. + description: Describes a value for a resource attribute that is a String. + - name: InstanceType + in: query + required: false + description: 'Changes the instance type to the specified value. For more information, see Instance types in the Amazon EC2 User Guide. If the instance type is not valid, the error returned is InvalidInstanceAttributeValue.' + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The attribute value. The value is case-sensitive. + description: Describes a value for a resource attribute that is a String. + - name: Kernel + in: query + required: false + description: 'Changes the instance''s kernel to the specified value. We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB.' + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The attribute value. The value is case-sensitive. + description: Describes a value for a resource attribute that is a String. + - name: Ramdisk + in: query + required: false + description: 'Changes the instance''s RAM disk to the specified value. We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB.' + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The attribute value. The value is case-sensitive. + description: Describes a value for a resource attribute that is a String. + - name: SriovNetSupport + in: query + required: false + description:

Set to simple to enable enhanced networking with the Intel 82599 Virtual Function interface for the instance.

There is no way to disable enhanced networking with the Intel 82599 Virtual Function interface at this time.

This option is supported only for HVM instances. Specifying this option with a PV instance can make it unreachable.

+ schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The attribute value. The value is case-sensitive. + description: Describes a value for a resource attribute that is a String. + - name: UserData + in: query + required: false + description: 'Changes the instance''s user data to the specified value. If you are using an Amazon Web Services SDK or command line tool, base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide base64-encoded text.' + schema: + type: object + properties: + value: + $ref: '#/components/schemas/Blob' + - name: Value + in: query + required: false + description: 'A new value for the attribute. Use only with the kernel, ramdisk, userData, disableApiTermination, or instanceInitiatedShutdownBehavior attribute.' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyInstanceAttribute + operationId: POST_ModifyInstanceAttribute + description: '

Modifies the specified attribute of the specified instance. You can specify only one attribute at a time.

Note: Using this action to change the security groups associated with an elastic network interface (ENI) attached to an instance in a VPC can result in an error if the instance has more than one ENI. To change the security groups associated with an ENI attached to an instance that has multiple ENIs, we recommend that you use the ModifyNetworkInterfaceAttribute action.

To modify some attributes, the instance must be stopped. For more information, see Modify a stopped instance in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceAttributeRequest' + parameters: [] + /?Action=ModifyInstanceCapacityReservationAttributes&Version=2016-11-15: + get: + x-aws-operation-name: ModifyInstanceCapacityReservationAttributes + operationId: GET_ModifyInstanceCapacityReservationAttributes + description: 'Modifies the Capacity Reservation settings for a stopped instance. Use this action to configure an instance to target a specific Capacity Reservation, run in any open Capacity Reservation with matching attributes, or run On-Demand Instance capacity.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceCapacityReservationAttributesResult' + parameters: + - name: InstanceId + in: query + required: true + description: The ID of the instance to be modified. + schema: + type: string + - name: CapacityReservationSpecification + in: query + required: true + description: Information about the Capacity Reservation targeting option. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/CapacityReservationTarget' + - description: Information about the target Capacity Reservation or Capacity Reservation group. + description: '

Describes an instance''s Capacity Reservation targeting option. You can specify only one parameter at a time. If you specify CapacityReservationPreference and CapacityReservationTarget, the request fails.

Use the CapacityReservationPreference parameter to configure the instance to run as an On-Demand Instance or to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). Use the CapacityReservationTarget parameter to explicitly target a specific Capacity Reservation or a Capacity Reservation group.

' + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyInstanceCapacityReservationAttributes + operationId: POST_ModifyInstanceCapacityReservationAttributes + description: 'Modifies the Capacity Reservation settings for a stopped instance. Use this action to configure an instance to target a specific Capacity Reservation, run in any open Capacity Reservation with matching attributes, or run On-Demand Instance capacity.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceCapacityReservationAttributesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceCapacityReservationAttributesRequest' + parameters: [] + /?Action=ModifyInstanceCreditSpecification&Version=2016-11-15: + get: + x-aws-operation-name: ModifyInstanceCreditSpecification + operationId: GET_ModifyInstanceCreditSpecification + description: '

Modifies the credit option for CPU usage on a running or stopped burstable performance instance. The credit options are standard and unlimited.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceCreditSpecificationResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ClientToken + in: query + required: false + description: 'A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.' + schema: + type: string + - name: InstanceCreditSpecification + in: query + required: true + description: Information about the credit option for CPU usage. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceCreditSpecificationRequest' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyInstanceCreditSpecification + operationId: POST_ModifyInstanceCreditSpecification + description: '

Modifies the credit option for CPU usage on a running or stopped burstable performance instance. The credit options are standard and unlimited.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceCreditSpecificationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceCreditSpecificationRequest' + parameters: [] + /?Action=ModifyInstanceEventStartTime&Version=2016-11-15: + get: + x-aws-operation-name: ModifyInstanceEventStartTime + operationId: GET_ModifyInstanceEventStartTime + description: Modifies the start time for a scheduled Amazon EC2 instance event. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceEventStartTimeResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceId + in: query + required: true + description: The ID of the instance with the scheduled event. + schema: + type: string + - name: InstanceEventId + in: query + required: true + description: The ID of the event whose date and time you are modifying. + schema: + type: string + - name: NotBefore + in: query + required: true + description: The new date and time when the event will take place. + schema: + type: string + format: date-time + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyInstanceEventStartTime + operationId: POST_ModifyInstanceEventStartTime + description: Modifies the start time for a scheduled Amazon EC2 instance event. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceEventStartTimeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceEventStartTimeRequest' + parameters: [] + /?Action=ModifyInstanceEventWindow&Version=2016-11-15: + get: + x-aws-operation-name: ModifyInstanceEventWindow + operationId: GET_ModifyInstanceEventWindow + description: '

Modifies the specified event window.

You can define either a set of time ranges or a cron expression when modifying the event window, but not both.

To modify the targets associated with the event window, use the AssociateInstanceEventWindow and DisassociateInstanceEventWindow API.

If Amazon Web Services has already scheduled an event, modifying an event window won''t change the time of the scheduled event.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceEventWindowResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Name + in: query + required: false + description: The name of the event window. + schema: + type: string + - name: InstanceEventWindowId + in: query + required: true + description: The ID of the event window. + schema: + type: string + - name: TimeRange + in: query + required: false + description: The time ranges of the event window. + schema: + type: array + items: + $ref: '#/components/schemas/InstanceEventWindowTimeRangeRequest' + - name: CronExpression + in: query + required: false + description: '

The cron expression of the event window, for example, * 0-4,20-23 * * 1,5.

Constraints:

  • Only hour and day of the week values are supported.

  • For day of the week values, you can specify either integers 0 through 6, or alternative single values SUN through SAT.

  • The minute, month, and year must be specified by *.

  • The hour value must be one or a multiple range, for example, 0-4 or 0-4,20-23.

  • Each hour range must be >= 2 hours, for example, 0-2 or 20-23.

  • The event window must be >= 4 hours. The combined total time ranges in the event window must be >= 4 hours.

For more information about cron expressions, see cron on the Wikipedia website.

' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyInstanceEventWindow + operationId: POST_ModifyInstanceEventWindow + description: '

Modifies the specified event window.

You can define either a set of time ranges or a cron expression when modifying the event window, but not both.

To modify the targets associated with the event window, use the AssociateInstanceEventWindow and DisassociateInstanceEventWindow API.

If Amazon Web Services has already scheduled an event, modifying an event window won''t change the time of the scheduled event.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceEventWindowResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceEventWindowRequest' + parameters: [] + /?Action=ModifyInstanceMaintenanceOptions&Version=2016-11-15: + get: + x-aws-operation-name: ModifyInstanceMaintenanceOptions + operationId: GET_ModifyInstanceMaintenanceOptions + description: 'Modifies the recovery behavior of your instance to disable simplified automatic recovery or set the recovery behavior to default. The default configuration will not enable simplified automatic recovery for an unsupported instance type. For more information, see Simplified automatic recovery.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceMaintenanceOptionsResult' + parameters: + - name: InstanceId + in: query + required: true + description: The ID of the instance. + schema: + type: string + - name: AutoRecovery + in: query + required: false + description: Disables the automatic recovery behavior of your instance or sets it to default. + schema: + type: string + enum: + - disabled + - default + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyInstanceMaintenanceOptions + operationId: POST_ModifyInstanceMaintenanceOptions + description: 'Modifies the recovery behavior of your instance to disable simplified automatic recovery or set the recovery behavior to default. The default configuration will not enable simplified automatic recovery for an unsupported instance type. For more information, see Simplified automatic recovery.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceMaintenanceOptionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceMaintenanceOptionsRequest' + parameters: [] + /?Action=ModifyInstanceMetadataOptions&Version=2016-11-15: + get: + x-aws-operation-name: ModifyInstanceMetadataOptions + operationId: GET_ModifyInstanceMetadataOptions + description: 'Modify the instance metadata parameters on a running or stopped instance. When you modify the parameters on a stopped instance, they are applied when the instance is started. When you modify the parameters on a running instance, the API responds with a state of “pending”. After the parameter modifications are successfully applied to the instance, the state of the modifications changes from “pending” to “applied” in subsequent describe-instances API calls. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceMetadataOptionsResult' + parameters: + - name: InstanceId + in: query + required: true + description: The ID of the instance. + schema: + type: string + - name: HttpTokens + in: query + required: false + description: '

The state of token usage for your instance metadata requests. If the parameter is not specified in the request, the default state is optional.

If the state is optional, you can choose to retrieve instance metadata with or without a signed token header on your request. If you retrieve the IAM role credentials without a token, the version 1.0 role credentials are returned. If you retrieve the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned.

If the state is required, you must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credential always returns the version 2.0 credentials; the version 1.0 credentials are not available.

' + schema: + type: string + enum: + - optional + - required + - name: HttpPutResponseHopLimit + in: query + required: false + description: '

The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. If no parameter is specified, the existing state is maintained.

Possible values: Integers from 1 to 64

' + schema: + type: integer + - name: HttpEndpoint + in: query + required: false + description: '

Enables or disables the HTTP metadata endpoint on your instances. If this parameter is not specified, the existing state is maintained.

If you specify a value of disabled, you cannot access your instance metadata.

' + schema: + type: string + enum: + - disabled + - enabled + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: HttpProtocolIpv6 + in: query + required: false + description: Enables or disables the IPv6 endpoint for the instance metadata service. This setting applies only if you have enabled the HTTP metadata endpoint. + schema: + type: string + enum: + - disabled + - enabled + - name: InstanceMetadataTags + in: query + required: false + description: '

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.

Default: disabled

' + schema: + type: string + enum: + - disabled + - enabled + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyInstanceMetadataOptions + operationId: POST_ModifyInstanceMetadataOptions + description: 'Modify the instance metadata parameters on a running or stopped instance. When you modify the parameters on a stopped instance, they are applied when the instance is started. When you modify the parameters on a running instance, the API responds with a state of “pending”. After the parameter modifications are successfully applied to the instance, the state of the modifications changes from “pending” to “applied” in subsequent describe-instances API calls. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceMetadataOptionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstanceMetadataOptionsRequest' + parameters: [] + /?Action=ModifyInstancePlacement&Version=2016-11-15: + get: + x-aws-operation-name: ModifyInstancePlacement + operationId: GET_ModifyInstancePlacement + description: '

Modifies the placement attributes for a specified instance. You can do the following:

  • Modify the affinity between an instance and a Dedicated Host. When affinity is set to host and the instance is not associated with a specific Dedicated Host, the next time the instance is launched, it is automatically associated with the host on which it lands. If the instance is restarted or rebooted, this relationship persists.

  • Change the Dedicated Host with which an instance is associated.

  • Change the instance tenancy of an instance.

  • Move an instance to or from a placement group.

At least one attribute for affinity, host ID, tenancy, or placement group name must be specified in the request. Affinity and tenancy can be modified in the same request.

To modify the host ID, tenancy, placement group, or partition for an instance, the instance must be in the stopped state.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstancePlacementResult' + parameters: + - name: Affinity + in: query + required: false + description: The affinity setting for the instance. + schema: + type: string + enum: + - default + - host + - name: GroupName + in: query + required: false + description: '

The name of the placement group in which to place the instance. For spread placement groups, the instance must have a tenancy of default. For cluster and partition placement groups, the instance must have a tenancy of default or dedicated.

To remove an instance from a placement group, specify an empty string ("").

' + schema: + type: string + - name: HostId + in: query + required: false + description: The ID of the Dedicated Host with which to associate the instance. + schema: + type: string + - name: InstanceId + in: query + required: true + description: The ID of the instance that you are modifying. + schema: + type: string + - name: Tenancy + in: query + required: false + description: '

The tenancy for the instance.

For T3 instances, you can''t change the tenancy from dedicated to host, or from host to dedicated. Attempting to make one of these unsupported tenancy changes results in the InvalidTenancy error code.

' + schema: + type: string + enum: + - dedicated + - host + - name: PartitionNumber + in: query + required: false + description: The number of the partition in which to place the instance. Valid only if the placement group strategy is set to partition. + schema: + type: integer + - name: HostResourceGroupArn + in: query + required: false + description: The ARN of the host resource group in which to place the instance. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyInstancePlacement + operationId: POST_ModifyInstancePlacement + description: '

Modifies the placement attributes for a specified instance. You can do the following:

  • Modify the affinity between an instance and a Dedicated Host. When affinity is set to host and the instance is not associated with a specific Dedicated Host, the next time the instance is launched, it is automatically associated with the host on which it lands. If the instance is restarted or rebooted, this relationship persists.

  • Change the Dedicated Host with which an instance is associated.

  • Change the instance tenancy of an instance.

  • Move an instance to or from a placement group.

At least one attribute for affinity, host ID, tenancy, or placement group name must be specified in the request. Affinity and tenancy can be modified in the same request.

To modify the host ID, tenancy, placement group, or partition for an instance, the instance must be in the stopped state.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstancePlacementResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyInstancePlacementRequest' + parameters: [] + /?Action=ModifyIpam&Version=2016-11-15: + get: + x-aws-operation-name: ModifyIpam + operationId: GET_ModifyIpam + description: 'Modify the configurations of an IPAM. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyIpamResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IpamId + in: query + required: true + description: The ID of the IPAM you want to modify. + schema: + type: string + - name: Description + in: query + required: false + description: The description of the IPAM you want to modify. + schema: + type: string + - name: AddOperatingRegion + in: query + required: false + description: '

Choose the operating Regions for the IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

' + schema: + type: array + items: + $ref: '#/components/schemas/AddIpamOperatingRegion' + minItems: 0 + maxItems: 50 + - name: RemoveOperatingRegion + in: query + required: false + description: The operating Regions to remove. + schema: + type: array + items: + $ref: '#/components/schemas/RemoveIpamOperatingRegion' + minItems: 0 + maxItems: 50 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyIpam + operationId: POST_ModifyIpam + description: 'Modify the configurations of an IPAM. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyIpamResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyIpamRequest' + parameters: [] + /?Action=ModifyIpamPool&Version=2016-11-15: + get: + x-aws-operation-name: ModifyIpamPool + operationId: GET_ModifyIpamPool + description: '

Modify the configurations of an IPAM pool.

For more information, see Modify a pool in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyIpamPoolResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IpamPoolId + in: query + required: true + description: The ID of the IPAM pool you want to modify. + schema: + type: string + - name: Description + in: query + required: false + description: The description of the IPAM pool you want to modify. + schema: + type: string + - name: AutoImport + in: query + required: false + description: '

If true, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool''s allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.

A locale must be set on the pool for this feature to work.

' + schema: + type: boolean + - name: AllocationMinNetmaskLength + in: query + required: false + description: The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128. The minimum netmask length must be less than the maximum netmask length. + schema: + type: integer + minimum: 0 + maximum: 128 + - name: AllocationMaxNetmaskLength + in: query + required: false + description: The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.The maximum netmask length must be greater than the minimum netmask length. + schema: + type: integer + minimum: 0 + maximum: 128 + - name: AllocationDefaultNetmaskLength + in: query + required: false + description: 'The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.' + schema: + type: integer + minimum: 0 + maximum: 128 + - name: ClearAllocationDefaultNetmaskLength + in: query + required: false + description: Clear the default netmask length allocation rule for this pool. + schema: + type: boolean + - name: AddAllocationResourceTag + in: query + required: false + description: 'Add tag allocation rules to a pool. For more information about allocation rules, see Create a top-level pool in the Amazon VPC IPAM User Guide.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/RequestIpamResourceTag' + - xml: + name: item + - name: RemoveAllocationResourceTag + in: query + required: false + description: Remove tag allocation rules from a pool. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/RequestIpamResourceTag' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyIpamPool + operationId: POST_ModifyIpamPool + description: '

Modify the configurations of an IPAM pool.

For more information, see Modify a pool in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyIpamPoolResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyIpamPoolRequest' + parameters: [] + /?Action=ModifyIpamResourceCidr&Version=2016-11-15: + get: + x-aws-operation-name: ModifyIpamResourceCidr + operationId: GET_ModifyIpamResourceCidr + description: '

Modify a resource CIDR. You can use this action to transfer resource CIDRs between scopes and ignore resource CIDRs that you do not want to manage. If set to false, the resource will not be tracked for overlap, it cannot be auto-imported into a pool, and it will be removed from any pool it has an allocation in.

For more information, see Move resource CIDRs between scopes and Change the monitoring state of resource CIDRs in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyIpamResourceCidrResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ResourceId + in: query + required: true + description: The ID of the resource you want to modify. + schema: + type: string + - name: ResourceCidr + in: query + required: true + description: The CIDR of the resource you want to modify. + schema: + type: string + - name: ResourceRegion + in: query + required: true + description: The Amazon Web Services Region of the resource you want to modify. + schema: + type: string + - name: CurrentIpamScopeId + in: query + required: true + description: The ID of the current scope that the resource CIDR is in. + schema: + type: string + - name: DestinationIpamScopeId + in: query + required: false + description: The ID of the scope you want to transfer the resource CIDR to. + schema: + type: string + - name: Monitored + in: query + required: true + description: 'Determines if the resource is monitored by IPAM. If a resource is monitored, the resource is discovered by IPAM and you can view details about the resource’s CIDR.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyIpamResourceCidr + operationId: POST_ModifyIpamResourceCidr + description: '

Modify a resource CIDR. You can use this action to transfer resource CIDRs between scopes and ignore resource CIDRs that you do not want to manage. If set to false, the resource will not be tracked for overlap, it cannot be auto-imported into a pool, and it will be removed from any pool it has an allocation in.

For more information, see Move resource CIDRs between scopes and Change the monitoring state of resource CIDRs in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyIpamResourceCidrResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyIpamResourceCidrRequest' + parameters: [] + /?Action=ModifyIpamScope&Version=2016-11-15: + get: + x-aws-operation-name: ModifyIpamScope + operationId: GET_ModifyIpamScope + description: Modify an IPAM scope. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyIpamScopeResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IpamScopeId + in: query + required: true + description: The ID of the scope you want to modify. + schema: + type: string + - name: Description + in: query + required: false + description: The description of the scope you want to modify. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyIpamScope + operationId: POST_ModifyIpamScope + description: Modify an IPAM scope. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyIpamScopeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyIpamScopeRequest' + parameters: [] + /?Action=ModifyLaunchTemplate&Version=2016-11-15: + get: + x-aws-operation-name: ModifyLaunchTemplate + operationId: GET_ModifyLaunchTemplate + description: 'Modifies a launch template. You can specify which version of the launch template to set as the default version. When launching an instance, the default version applies when a launch template version is not specified.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyLaunchTemplateResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ClientToken + in: query + required: false + description: '

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

Constraint: Maximum 128 ASCII characters.

' + schema: + type: string + - name: LaunchTemplateId + in: query + required: false + description: The ID of the launch template. You must specify either the launch template ID or launch template name in the request. + schema: + type: string + - name: LaunchTemplateName + in: query + required: false + description: The name of the launch template. You must specify either the launch template ID or launch template name in the request. + schema: + type: string + pattern: '[a-zA-Z0-9\(\)\.\-/_]+' + minLength: 3 + maxLength: 128 + - name: SetDefaultVersion + in: query + required: false + description: The version number of the launch template to set as the default version. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyLaunchTemplate + operationId: POST_ModifyLaunchTemplate + description: 'Modifies a launch template. You can specify which version of the launch template to set as the default version. When launching an instance, the default version applies when a launch template version is not specified.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyLaunchTemplateResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyLaunchTemplateRequest' + parameters: [] + /?Action=ModifyManagedPrefixList&Version=2016-11-15: + get: + x-aws-operation-name: ModifyManagedPrefixList + operationId: GET_ModifyManagedPrefixList + description: '

Modifies the specified managed prefix list.

Adding or removing entries in a prefix list creates a new version of the prefix list. Changing the name of the prefix list does not affect the version.

If you specify a current version number that does not match the true current version number, the request fails.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyManagedPrefixListResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: PrefixListId + in: query + required: true + description: The ID of the prefix list. + schema: + type: string + - name: CurrentVersion + in: query + required: false + description: The current version of the prefix list. + schema: + type: integer + - name: PrefixListName + in: query + required: false + description: A name for the prefix list. + schema: + type: string + - name: AddEntry + in: query + required: false + description: One or more entries to add to the prefix list. + schema: + type: array + items: + $ref: '#/components/schemas/AddPrefixListEntry' + minItems: 0 + maxItems: 100 + - name: RemoveEntry + in: query + required: false + description: One or more entries to remove from the prefix list. + schema: + type: array + items: + $ref: '#/components/schemas/RemovePrefixListEntry' + minItems: 0 + maxItems: 100 + - name: MaxEntries + in: query + required: false + description: '

The maximum number of entries for the prefix list. You cannot modify the entries of a prefix list and modify the size of a prefix list at the same time.

If any of the resources that reference the prefix list cannot support the new maximum size, the modify operation fails. Check the state message for the IDs of the first ten resources that do not support the new maximum size.

' + schema: + type: integer + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyManagedPrefixList + operationId: POST_ModifyManagedPrefixList + description: '

Modifies the specified managed prefix list.

Adding or removing entries in a prefix list creates a new version of the prefix list. Changing the name of the prefix list does not affect the version.

If you specify a current version number that does not match the true current version number, the request fails.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyManagedPrefixListResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyManagedPrefixListRequest' + parameters: [] + /?Action=ModifyNetworkInterfaceAttribute&Version=2016-11-15: + get: + x-aws-operation-name: ModifyNetworkInterfaceAttribute + operationId: GET_ModifyNetworkInterfaceAttribute + description: Modifies the specified network interface attribute. You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance. + responses: + '200': + description: Success + parameters: + - name: Attachment + in: query + required: false + description: 'Information about the interface attachment. If modifying the ''delete on termination'' attribute, you must specify the ID of the interface attachment.' + schema: + type: object + properties: + attachmentId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceAttachmentId' + - description: The ID of the network interface attachment. + deleteOnTermination: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the network interface is deleted when the instance is terminated. + description: Describes an attachment change. + - name: Description + in: query + required: false + description: A description for the network interface. + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The attribute value. The value is case-sensitive. + description: Describes a value for a resource attribute that is a String. + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: SecurityGroupId + in: query + required: false + description: 'Changes the security groups for the network interface. The new set of groups you specify replaces the current set. You must specify at least one group, even if it''s just the default security group in the VPC. You must specify the ID of the security group, not the name.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: SecurityGroupId + - name: NetworkInterfaceId + in: query + required: true + description: The ID of the network interface. + schema: + type: string + - name: SourceDestCheck + in: query + required: false + description: 'Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.' + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyNetworkInterfaceAttribute + operationId: POST_ModifyNetworkInterfaceAttribute + description: Modifies the specified network interface attribute. You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyNetworkInterfaceAttributeRequest' + parameters: [] + /?Action=ModifyPrivateDnsNameOptions&Version=2016-11-15: + get: + x-aws-operation-name: ModifyPrivateDnsNameOptions + operationId: GET_ModifyPrivateDnsNameOptions + description: Modifies the options for instance hostnames for the specified instance. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyPrivateDnsNameOptionsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceId + in: query + required: false + description: The ID of the instance. + schema: + type: string + - name: PrivateDnsHostnameType + in: query + required: false + description: 'The type of hostname for EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 only subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID.' + schema: + type: string + enum: + - ip-name + - resource-name + - name: EnableResourceNameDnsARecord + in: query + required: false + description: Indicates whether to respond to DNS queries for instance hostnames with DNS A records. + schema: + type: boolean + - name: EnableResourceNameDnsAAAARecord + in: query + required: false + description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyPrivateDnsNameOptions + operationId: POST_ModifyPrivateDnsNameOptions + description: Modifies the options for instance hostnames for the specified instance. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyPrivateDnsNameOptionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyPrivateDnsNameOptionsRequest' + parameters: [] + /?Action=ModifyReservedInstances&Version=2016-11-15: + get: + x-aws-operation-name: ModifyReservedInstances + operationId: GET_ModifyReservedInstances + description: '

Modifies the Availability Zone, instance count, instance type, or network platform (EC2-Classic or EC2-VPC) of your Reserved Instances. The Reserved Instances to be modified must be identical, except for Availability Zone, network platform, and instance type.

For more information, see Modifying Reserved Instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyReservedInstancesResult' + parameters: + - name: ReservedInstancesId + in: query + required: true + description: The IDs of the Reserved Instances to modify. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservationId' + - xml: + name: ReservedInstancesId + - name: ClientToken + in: query + required: false + description: 'A unique, case-sensitive token you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.' + schema: + type: string + - name: ReservedInstancesConfigurationSetItemType + in: query + required: true + description: The configuration settings for the Reserved Instances to modify. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservedInstancesConfiguration' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyReservedInstances + operationId: POST_ModifyReservedInstances + description: '

Modifies the Availability Zone, instance count, instance type, or network platform (EC2-Classic or EC2-VPC) of your Reserved Instances. The Reserved Instances to be modified must be identical, except for Availability Zone, network platform, and instance type.

For more information, see Modifying Reserved Instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyReservedInstancesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyReservedInstancesRequest' + parameters: [] + /?Action=ModifySecurityGroupRules&Version=2016-11-15: + get: + x-aws-operation-name: ModifySecurityGroupRules + operationId: GET_ModifySecurityGroupRules + description: Modifies the rules of a security group. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifySecurityGroupRulesResult' + parameters: + - name: GroupId + in: query + required: true + description: The ID of the security group. + schema: + type: string + - name: SecurityGroupRule + in: query + required: true + description: Information about the security group properties to update. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupRuleUpdate' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifySecurityGroupRules + operationId: POST_ModifySecurityGroupRules + description: Modifies the rules of a security group. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifySecurityGroupRulesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifySecurityGroupRulesRequest' + parameters: [] + /?Action=ModifySnapshotAttribute&Version=2016-11-15: + get: + x-aws-operation-name: ModifySnapshotAttribute + operationId: GET_ModifySnapshotAttribute + description: '

Adds or removes permission settings for the specified snapshot. You may add or remove specified Amazon Web Services account IDs from a snapshot''s list of create volume permissions, but you cannot do both in a single operation. If you need to both add and remove account IDs for a snapshot, you must use multiple operations. You can make up to 500 modifications to a snapshot in a single operation.

Encrypted snapshots and snapshots with Amazon Web Services Marketplace product codes cannot be made public. Snapshots encrypted with your default KMS key cannot be shared with other accounts.

For more information about modifying snapshot permissions, see Share a snapshot in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + parameters: + - name: Attribute + in: query + required: false + description: The snapshot attribute to modify. Only volume creation permissions can be modified. + schema: + type: string + enum: + - productCodes + - createVolumePermission + - name: CreateVolumePermission + in: query + required: false + description: A JSON representation of the snapshot attribute modification. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/CreateVolumePermissionList' + - description: Removes the specified Amazon Web Services account ID or group from the list. + description: Describes modifications to the list of create volume permissions for a volume. + - name: UserGroup + in: query + required: false + description: The group to modify for the snapshot. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupName' + - xml: + name: GroupName + - name: OperationType + in: query + required: false + description: The type of operation to perform to the attribute. + schema: + type: string + enum: + - add + - remove + - name: SnapshotId + in: query + required: true + description: The ID of the snapshot. + schema: + type: string + - name: UserId + in: query + required: false + description: The account ID to modify for the snapshot. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: UserId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifySnapshotAttribute + operationId: POST_ModifySnapshotAttribute + description: '

Adds or removes permission settings for the specified snapshot. You may add or remove specified Amazon Web Services account IDs from a snapshot''s list of create volume permissions, but you cannot do both in a single operation. If you need to both add and remove account IDs for a snapshot, you must use multiple operations. You can make up to 500 modifications to a snapshot in a single operation.

Encrypted snapshots and snapshots with Amazon Web Services Marketplace product codes cannot be made public. Snapshots encrypted with your default KMS key cannot be shared with other accounts.

For more information about modifying snapshot permissions, see Share a snapshot in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifySnapshotAttributeRequest' + parameters: [] + /?Action=ModifySnapshotTier&Version=2016-11-15: + get: + x-aws-operation-name: ModifySnapshotTier + operationId: GET_ModifySnapshotTier + description: 'Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted to a full snapshot that includes all of the blocks of data that were written to the volume at the time the snapshot was created, and moved from the standard tier to the archive tier. For more information, see Archive Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifySnapshotTierResult' + parameters: + - name: SnapshotId + in: query + required: true + description: The ID of the snapshot. + schema: + type: string + - name: StorageTier + in: query + required: false + description: The name of the storage tier. You must specify archive. + schema: + type: string + enum: + - archive + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifySnapshotTier + operationId: POST_ModifySnapshotTier + description: 'Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted to a full snapshot that includes all of the blocks of data that were written to the volume at the time the snapshot was created, and moved from the standard tier to the archive tier. For more information, see Archive Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifySnapshotTierResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifySnapshotTierRequest' + parameters: [] + /?Action=ModifySpotFleetRequest&Version=2016-11-15: + get: + x-aws-operation-name: ModifySpotFleetRequest + operationId: GET_ModifySpotFleetRequest + description: '

Modifies the specified Spot Fleet request.

You can only modify a Spot Fleet request of type maintain.

While the Spot Fleet request is being modified, it is in the modifying state.

To scale up your Spot Fleet, increase its target capacity. The Spot Fleet launches the additional Spot Instances according to the allocation strategy for the Spot Fleet request. If the allocation strategy is lowestPrice, the Spot Fleet launches instances using the Spot Instance pool with the lowest price. If the allocation strategy is diversified, the Spot Fleet distributes the instances across the Spot Instance pools. If the allocation strategy is capacityOptimized, Spot Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching.

To scale down your Spot Fleet, decrease its target capacity. First, the Spot Fleet cancels any open requests that exceed the new target capacity. You can request that the Spot Fleet terminate Spot Instances until the size of the fleet no longer exceeds the new target capacity. If the allocation strategy is lowestPrice, the Spot Fleet terminates the instances with the highest price per unit. If the allocation strategy is capacityOptimized, the Spot Fleet terminates the instances in the Spot Instance pools that have the least available Spot Instance capacity. If the allocation strategy is diversified, the Spot Fleet terminates instances across the Spot Instance pools. Alternatively, you can request that the Spot Fleet keep the fleet at its current size, but not replace any Spot Instances that are interrupted or that you terminate manually.

If you are finished with your Spot Fleet for now, but will use it again later, you can set the target capacity to 0.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifySpotFleetRequestResponse' + parameters: + - name: ExcessCapacityTerminationPolicy + in: query + required: false + description: Indicates whether running Spot Instances should be terminated if the target capacity of the Spot Fleet request is decreased below the current size of the Spot Fleet. + schema: + type: string + enum: + - noTermination + - default + - name: LaunchTemplateConfig + in: query + required: false + description: 'The launch template and overrides. You can only use this parameter if you specified a launch template (LaunchTemplateConfigs) in your Spot Fleet request. If you specified LaunchSpecifications in your Spot Fleet request, then omit this parameter.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateConfig' + - xml: + name: item + - name: SpotFleetRequestId + in: query + required: true + description: The ID of the Spot Fleet request. + schema: + type: string + - name: TargetCapacity + in: query + required: false + description: The size of the fleet. + schema: + type: integer + - name: OnDemandTargetCapacity + in: query + required: false + description: The number of On-Demand Instances in the fleet. + schema: + type: integer + - name: Context + in: query + required: false + description: Reserved. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifySpotFleetRequest + operationId: POST_ModifySpotFleetRequest + description: '

Modifies the specified Spot Fleet request.

You can only modify a Spot Fleet request of type maintain.

While the Spot Fleet request is being modified, it is in the modifying state.

To scale up your Spot Fleet, increase its target capacity. The Spot Fleet launches the additional Spot Instances according to the allocation strategy for the Spot Fleet request. If the allocation strategy is lowestPrice, the Spot Fleet launches instances using the Spot Instance pool with the lowest price. If the allocation strategy is diversified, the Spot Fleet distributes the instances across the Spot Instance pools. If the allocation strategy is capacityOptimized, Spot Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching.

To scale down your Spot Fleet, decrease its target capacity. First, the Spot Fleet cancels any open requests that exceed the new target capacity. You can request that the Spot Fleet terminate Spot Instances until the size of the fleet no longer exceeds the new target capacity. If the allocation strategy is lowestPrice, the Spot Fleet terminates the instances with the highest price per unit. If the allocation strategy is capacityOptimized, the Spot Fleet terminates the instances in the Spot Instance pools that have the least available Spot Instance capacity. If the allocation strategy is diversified, the Spot Fleet terminates instances across the Spot Instance pools. Alternatively, you can request that the Spot Fleet keep the fleet at its current size, but not replace any Spot Instances that are interrupted or that you terminate manually.

If you are finished with your Spot Fleet for now, but will use it again later, you can set the target capacity to 0.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifySpotFleetRequestResponse' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifySpotFleetRequestRequest' + parameters: [] + /?Action=ModifySubnetAttribute&Version=2016-11-15: + get: + x-aws-operation-name: ModifySubnetAttribute + operationId: GET_ModifySubnetAttribute + description: '

Modifies a subnet attribute. You can only modify one attribute at a time.

Use this action to modify subnets on Amazon Web Services Outposts.

  • To modify a subnet on an Outpost rack, set both MapCustomerOwnedIpOnLaunch and CustomerOwnedIpv4Pool. These two parameters act as a single attribute.

  • To modify a subnet on an Outpost server, set either EnableLniAtDeviceIndex or DisableLniAtDeviceIndex.

For more information about Amazon Web Services Outposts, see the following:

' + responses: + '200': + description: Success + parameters: + - name: AssignIpv6AddressOnCreation + in: query + required: false + description: '

Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. This includes a network interface that''s created when launching an instance into the subnet (the instance therefore receives an IPv6 address).

If you enable the IPv6 addressing feature for your subnet, your network interface or instance only receives an IPv6 address if it''s created using version 2016-11-15 or later of the Amazon EC2 API.

' + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + - name: MapPublicIpOnLaunch + in: query + required: false + description: Specify true to indicate that network interfaces attached to instances created in the specified subnet should be assigned a public IPv4 address. + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + - name: SubnetId + in: query + required: true + description: The ID of the subnet. + schema: + type: string + - name: MapCustomerOwnedIpOnLaunch + in: query + required: false + description: '

Specify true to indicate that network interfaces attached to instances created in the specified subnet should be assigned a customer-owned IPv4 address.

When this value is true, you must specify the customer-owned IP pool using CustomerOwnedIpv4Pool.

' + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + - name: CustomerOwnedIpv4Pool + in: query + required: false + description:

The customer-owned IPv4 address pool associated with the subnet.

You must set this value when you specify true for MapCustomerOwnedIpOnLaunch.

+ schema: + type: string + - name: EnableDns64 + in: query + required: false + description: Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + - name: PrivateDnsHostnameTypeOnLaunch + in: query + required: false + description: 'The type of hostname to assign to instances in the subnet at launch. For IPv4-only and dual-stack (IPv4 and IPv6) subnets, an instance DNS name can be based on the instance IPv4 address (ip-name) or the instance ID (resource-name). For IPv6 only subnets, an instance DNS name must be based on the instance ID (resource-name).' + schema: + type: string + enum: + - ip-name + - resource-name + - name: EnableResourceNameDnsARecordOnLaunch + in: query + required: false + description: Indicates whether to respond to DNS queries for instance hostnames with DNS A records. + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + - name: EnableResourceNameDnsAAAARecordOnLaunch + in: query + required: false + description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + - name: EnableLniAtDeviceIndex + in: query + required: false + description: ' Indicates the device position for local network interfaces in this subnet. For example, 1 indicates local network interfaces in this subnet are the secondary network interface (eth1). A local network interface cannot be the primary network interface (eth0). ' + schema: + type: integer + - name: DisableLniAtDeviceIndex + in: query + required: false + description: ' Specify true to indicate that local network interfaces at the current position should be disabled. ' + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifySubnetAttribute + operationId: POST_ModifySubnetAttribute + description: '

Modifies a subnet attribute. You can only modify one attribute at a time.

Use this action to modify subnets on Amazon Web Services Outposts.

  • To modify a subnet on an Outpost rack, set both MapCustomerOwnedIpOnLaunch and CustomerOwnedIpv4Pool. These two parameters act as a single attribute.

  • To modify a subnet on an Outpost server, set either EnableLniAtDeviceIndex or DisableLniAtDeviceIndex.

For more information about Amazon Web Services Outposts, see the following:

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifySubnetAttributeRequest' + parameters: [] + /?Action=ModifyTrafficMirrorFilterNetworkServices&Version=2016-11-15: + get: + x-aws-operation-name: ModifyTrafficMirrorFilterNetworkServices + operationId: GET_ModifyTrafficMirrorFilterNetworkServices + description: '

Allows or restricts mirroring network services.

By default, Amazon DNS network services are not eligible for Traffic Mirror. Use AddNetworkServices to add network services to a Traffic Mirror filter. When a network service is added to the Traffic Mirror filter, all traffic related to that network service will be mirrored. When you no longer want to mirror network services, use RemoveNetworkServices to remove the network services from the Traffic Mirror filter.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTrafficMirrorFilterNetworkServicesResult' + parameters: + - name: TrafficMirrorFilterId + in: query + required: true + description: The ID of the Traffic Mirror filter. + schema: + type: string + - name: AddNetworkService + in: query + required: false + description: 'The network service, for example Amazon DNS, that you want to mirror.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrafficMirrorNetworkService' + - xml: + name: item + - name: RemoveNetworkService + in: query + required: false + description: 'The network service, for example Amazon DNS, that you no longer want to mirror.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrafficMirrorNetworkService' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyTrafficMirrorFilterNetworkServices + operationId: POST_ModifyTrafficMirrorFilterNetworkServices + description: '

Allows or restricts mirroring network services.

By default, Amazon DNS network services are not eligible for Traffic Mirror. Use AddNetworkServices to add network services to a Traffic Mirror filter. When a network service is added to the Traffic Mirror filter, all traffic related to that network service will be mirrored. When you no longer want to mirror network services, use RemoveNetworkServices to remove the network services from the Traffic Mirror filter.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTrafficMirrorFilterNetworkServicesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTrafficMirrorFilterNetworkServicesRequest' + parameters: [] + /?Action=ModifyTrafficMirrorFilterRule&Version=2016-11-15: + get: + x-aws-operation-name: ModifyTrafficMirrorFilterRule + operationId: GET_ModifyTrafficMirrorFilterRule + description:

Modifies the specified Traffic Mirror rule.

DestinationCidrBlock and SourceCidrBlock must both be an IPv4 range or an IPv6 range.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTrafficMirrorFilterRuleResult' + parameters: + - name: TrafficMirrorFilterRuleId + in: query + required: true + description: The ID of the Traffic Mirror rule. + schema: + type: string + - name: TrafficDirection + in: query + required: false + description: The type of traffic to assign to the rule. + schema: + type: string + enum: + - ingress + - egress + - name: RuleNumber + in: query + required: false + description: The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number. + schema: + type: integer + - name: RuleAction + in: query + required: false + description: The action to assign to the rule. + schema: + type: string + enum: + - accept + - reject + - name: DestinationPortRange + in: query + required: false + description: The destination ports that are associated with the Traffic Mirror rule. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The last port in the Traffic Mirror port range. This applies to the TCP and UDP protocols. + description: Information about the Traffic Mirror filter rule port range. + - name: SourcePortRange + in: query + required: false + description: The port range to assign to the Traffic Mirror rule. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The last port in the Traffic Mirror port range. This applies to the TCP and UDP protocols. + description: Information about the Traffic Mirror filter rule port range. + - name: Protocol + in: query + required: false + description: 'The protocol, for example TCP, to assign to the Traffic Mirror rule.' + schema: + type: integer + - name: DestinationCidrBlock + in: query + required: false + description: The destination CIDR block to assign to the Traffic Mirror rule. + schema: + type: string + - name: SourceCidrBlock + in: query + required: false + description: The source CIDR block to assign to the Traffic Mirror rule. + schema: + type: string + - name: Description + in: query + required: false + description: The description to assign to the Traffic Mirror rule. + schema: + type: string + - name: RemoveField + in: query + required: false + description: '

The properties that you want to remove from the Traffic Mirror filter rule.

When you remove a property from a Traffic Mirror filter rule, the property is set to the default.

' + schema: + type: array + items: + $ref: '#/components/schemas/TrafficMirrorFilterRuleField' + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyTrafficMirrorFilterRule + operationId: POST_ModifyTrafficMirrorFilterRule + description:

Modifies the specified Traffic Mirror rule.

DestinationCidrBlock and SourceCidrBlock must both be an IPv4 range or an IPv6 range.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTrafficMirrorFilterRuleResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTrafficMirrorFilterRuleRequest' + parameters: [] + /?Action=ModifyTrafficMirrorSession&Version=2016-11-15: + get: + x-aws-operation-name: ModifyTrafficMirrorSession + operationId: GET_ModifyTrafficMirrorSession + description: Modifies a Traffic Mirror session. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTrafficMirrorSessionResult' + parameters: + - name: TrafficMirrorSessionId + in: query + required: true + description: The ID of the Traffic Mirror session. + schema: + type: string + - name: TrafficMirrorTargetId + in: query + required: false + description: 'The Traffic Mirror target. The target must be in the same VPC as the source, or have a VPC peering connection with the source.' + schema: + type: string + - name: TrafficMirrorFilterId + in: query + required: false + description: The ID of the Traffic Mirror filter. + schema: + type: string + - name: PacketLength + in: query + required: false + description: 'The number of bytes in each packet to mirror. These are bytes after the VXLAN header. To mirror a subset, set this to the length (in bytes) to mirror. For example, if you set this value to 100, then the first 100 bytes that meet the filter criteria are copied to the target. Do not specify this parameter when you want to mirror the entire packet.' + schema: + type: integer + - name: SessionNumber + in: query + required: false + description:

The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.

Valid values are 1-32766.

+ schema: + type: integer + - name: VirtualNetworkId + in: query + required: false + description: The virtual network ID of the Traffic Mirror session. + schema: + type: integer + - name: Description + in: query + required: false + description: The description to assign to the Traffic Mirror session. + schema: + type: string + - name: RemoveField + in: query + required: false + description: '

The properties that you want to remove from the Traffic Mirror session.

When you remove a property from a Traffic Mirror session, the property is set to the default.

' + schema: + type: array + items: + $ref: '#/components/schemas/TrafficMirrorSessionField' + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyTrafficMirrorSession + operationId: POST_ModifyTrafficMirrorSession + description: Modifies a Traffic Mirror session. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTrafficMirrorSessionResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTrafficMirrorSessionRequest' + parameters: [] + /?Action=ModifyTransitGateway&Version=2016-11-15: + get: + x-aws-operation-name: ModifyTransitGateway + operationId: GET_ModifyTransitGateway + description: 'Modifies the specified transit gateway. When you modify a transit gateway, the modified options are applied to new transit gateway attachments only. Your existing transit gateway attachments are not modified.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTransitGatewayResult' + parameters: + - name: TransitGatewayId + in: query + required: true + description: The ID of the transit gateway. + schema: + type: string + - name: Description + in: query + required: false + description: The description for the transit gateway. + schema: + type: string + - name: Options + in: query + required: false + description: The options to modify. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableId' + - description: The ID of the default propagation route table. + description: The transit gateway options. + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyTransitGateway + operationId: POST_ModifyTransitGateway + description: 'Modifies the specified transit gateway. When you modify a transit gateway, the modified options are applied to new transit gateway attachments only. Your existing transit gateway attachments are not modified.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTransitGatewayResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTransitGatewayRequest' + parameters: [] + /?Action=ModifyTransitGatewayPrefixListReference&Version=2016-11-15: + get: + x-aws-operation-name: ModifyTransitGatewayPrefixListReference + operationId: GET_ModifyTransitGatewayPrefixListReference + description: Modifies a reference (route) to a prefix list in a specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTransitGatewayPrefixListReferenceResult' + parameters: + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the transit gateway route table. + schema: + type: string + - name: PrefixListId + in: query + required: true + description: The ID of the prefix list. + schema: + type: string + - name: TransitGatewayAttachmentId + in: query + required: false + description: The ID of the attachment to which traffic is routed. + schema: + type: string + - name: Blackhole + in: query + required: false + description: Indicates whether to drop traffic that matches this route. + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyTransitGatewayPrefixListReference + operationId: POST_ModifyTransitGatewayPrefixListReference + description: Modifies a reference (route) to a prefix list in a specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTransitGatewayPrefixListReferenceResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTransitGatewayPrefixListReferenceRequest' + parameters: [] + /?Action=ModifyTransitGatewayVpcAttachment&Version=2016-11-15: + get: + x-aws-operation-name: ModifyTransitGatewayVpcAttachment + operationId: GET_ModifyTransitGatewayVpcAttachment + description: Modifies the specified VPC attachment. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTransitGatewayVpcAttachmentResult' + parameters: + - name: TransitGatewayAttachmentId + in: query + required: true + description: The ID of the attachment. + schema: + type: string + - name: AddSubnetIds + in: query + required: false + description: The IDs of one or more subnets to add. You can specify at most one subnet per Availability Zone. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SubnetId' + - xml: + name: item + - name: RemoveSubnetIds + in: query + required: false + description: The IDs of one or more subnets to remove. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SubnetId' + - xml: + name: item + - name: Options + in: query + required: false + description: The new VPC attachment options. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ApplianceModeSupportValue' + - description: 'Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable.' + description: Describes the options for a VPC attachment. + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyTransitGatewayVpcAttachment + operationId: POST_ModifyTransitGatewayVpcAttachment + description: Modifies the specified VPC attachment. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTransitGatewayVpcAttachmentResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyTransitGatewayVpcAttachmentRequest' + parameters: [] + /?Action=ModifyVolume&Version=2016-11-15: + get: + x-aws-operation-name: ModifyVolume + operationId: GET_ModifyVolume + description: '

You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity. If your EBS volume is attached to a current-generation EC2 instance type, you might be able to apply these changes without stopping the instance or detaching the volume from it. For more information about modifying EBS volumes, see Amazon EBS Elastic Volumes (Linux instances) or Amazon EBS Elastic Volumes (Windows instances).

When you complete a resize operation on your volume, you need to extend the volume''s file-system size to take advantage of the new storage capacity. For more information, see Extend a Linux file system or Extend a Windows file system.

You can use CloudWatch Events to check the status of a modification to an EBS volume. For information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. You can also track the status of a modification using DescribeVolumesModifications. For information about tracking status changes using either method, see Monitor the progress of volume modifications.

With previous-generation instance types, resizing an EBS volume might require detaching and reattaching the volume or stopping and restarting the instance.

After modifying a volume, you must wait at least six hours and ensure that the volume is in the in-use or available state before you can modify the same volume. This is sometimes referred to as a cooldown period.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVolumeResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VolumeId + in: query + required: true + description: The ID of the volume. + schema: + type: string + - name: Size + in: query + required: false + description: '

The target size of the volume, in GiB. The target volume size must be greater than or equal to the existing size of the volume.

The following are the supported volumes sizes for each volume type:

  • gp2 and gp3: 1-16,384

  • io1 and io2: 4-16,384

  • st1 and sc1: 125-16,384

  • standard: 1-1,024

Default: The existing size is retained.

' + schema: + type: integer + - name: VolumeType + in: query + required: false + description: '

The target EBS volume type of the volume. For more information, see Amazon EBS volume types in the Amazon Elastic Compute Cloud User Guide.

Default: The existing type is retained.

' + schema: + type: string + enum: + - standard + - io1 + - io2 + - gp2 + - sc1 + - st1 + - gp3 + - name: Iops + in: query + required: false + description: '

The target IOPS rate of the volume. This parameter is valid only for gp3, io1, and io2 volumes.

The following are the supported values for each volume type:

  • gp3: 3,000-16,000 IOPS

  • io1: 100-64,000 IOPS

  • io2: 100-64,000 IOPS

Default: The existing value is retained if you keep the same volume type. If you change the volume type to io1, io2, or gp3, the default is 3,000.

' + schema: + type: integer + - name: Throughput + in: query + required: false + description: '

The target throughput of the volume, in MiB/s. This parameter is valid only for gp3 volumes. The maximum value is 1,000.

Default: The existing value is retained if the source and target volume type is gp3. Otherwise, the default value is 125.

Valid Range: Minimum value of 125. Maximum value of 1000.

' + schema: + type: integer + - name: MultiAttachEnabled + in: query + required: false + description: 'Specifies whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the volume to up to 16 Nitro-based instances in the same Availability Zone. This parameter is supported with io1 and io2 volumes only. For more information, see Amazon EBS Multi-Attach in the Amazon Elastic Compute Cloud User Guide.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyVolume + operationId: POST_ModifyVolume + description: '

You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity. If your EBS volume is attached to a current-generation EC2 instance type, you might be able to apply these changes without stopping the instance or detaching the volume from it. For more information about modifying EBS volumes, see Amazon EBS Elastic Volumes (Linux instances) or Amazon EBS Elastic Volumes (Windows instances).

When you complete a resize operation on your volume, you need to extend the volume''s file-system size to take advantage of the new storage capacity. For more information, see Extend a Linux file system or Extend a Windows file system.

You can use CloudWatch Events to check the status of a modification to an EBS volume. For information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. You can also track the status of a modification using DescribeVolumesModifications. For information about tracking status changes using either method, see Monitor the progress of volume modifications.

With previous-generation instance types, resizing an EBS volume might require detaching and reattaching the volume or stopping and restarting the instance.

After modifying a volume, you must wait at least six hours and ensure that the volume is in the in-use or available state before you can modify the same volume. This is sometimes referred to as a cooldown period.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVolumeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVolumeRequest' + parameters: [] + /?Action=ModifyVolumeAttribute&Version=2016-11-15: + get: + x-aws-operation-name: ModifyVolumeAttribute + operationId: GET_ModifyVolumeAttribute + description: '

Modifies a volume attribute.

By default, all I/O operations for the volume are suspended when the data on the volume is determined to be potentially inconsistent, to prevent undetectable, latent data corruption. The I/O access to the volume can be resumed by first enabling I/O access and then checking the data consistency on your volume.

You can change the default behavior to resume I/O operations. We recommend that you change this only for boot volumes or for volumes that are stateless or disposable.

' + responses: + '200': + description: Success + parameters: + - name: AutoEnableIO + in: query + required: false + description: Indicates whether the volume should be auto-enabled for I/O operations. + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + - name: VolumeId + in: query + required: true + description: The ID of the volume. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyVolumeAttribute + operationId: POST_ModifyVolumeAttribute + description: '

Modifies a volume attribute.

By default, all I/O operations for the volume are suspended when the data on the volume is determined to be potentially inconsistent, to prevent undetectable, latent data corruption. The I/O access to the volume can be resumed by first enabling I/O access and then checking the data consistency on your volume.

You can change the default behavior to resume I/O operations. We recommend that you change this only for boot volumes or for volumes that are stateless or disposable.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVolumeAttributeRequest' + parameters: [] + /?Action=ModifyVpcAttribute&Version=2016-11-15: + get: + x-aws-operation-name: ModifyVpcAttribute + operationId: GET_ModifyVpcAttribute + description: Modifies the specified attribute of the specified VPC. + responses: + '200': + description: Success + parameters: + - name: EnableDnsHostnames + in: query + required: false + description: '

Indicates whether the instances launched in the VPC get DNS hostnames. If enabled, instances in the VPC get DNS hostnames; otherwise, they do not.

You cannot modify the DNS resolution and DNS hostnames attributes in the same request. Use separate requests for each attribute. You can only enable DNS hostnames if you''ve enabled DNS support.

' + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + - name: EnableDnsSupport + in: query + required: false + description: '

Indicates whether the DNS resolution is supported for the VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC network range "plus two" succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is not enabled.

You cannot modify the DNS resolution and DNS hostnames attributes in the same request. Use separate requests for each attribute.

' + schema: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyVpcAttribute + operationId: POST_ModifyVpcAttribute + description: Modifies the specified attribute of the specified VPC. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcAttributeRequest' + parameters: [] + /?Action=ModifyVpcEndpoint&Version=2016-11-15: + get: + x-aws-operation-name: ModifyVpcEndpoint + operationId: GET_ModifyVpcEndpoint + description: 'Modifies attributes of a specified VPC endpoint. The attributes that you can modify depend on the type of VPC endpoint (interface, gateway, or Gateway Load Balancer). For more information, see the Amazon Web Services PrivateLink Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcEndpointResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcEndpointId + in: query + required: true + description: The ID of the endpoint. + schema: + type: string + - name: ResetPolicy + in: query + required: false + description: (Gateway endpoint) Specify true to reset the policy document to the default policy. The default policy allows full access to the service. + schema: + type: boolean + - name: PolicyDocument + in: query + required: false + description: (Interface and gateway endpoints) A policy to attach to the endpoint that controls access to the service. The policy must be in valid JSON format. + schema: + type: string + - name: AddRouteTableId + in: query + required: false + description: (Gateway endpoint) One or more route tables IDs to associate with the endpoint. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/RouteTableId' + - xml: + name: item + - name: RemoveRouteTableId + in: query + required: false + description: (Gateway endpoint) One or more route table IDs to disassociate from the endpoint. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/RouteTableId' + - xml: + name: item + - name: AddSubnetId + in: query + required: false + description: '(Interface and Gateway Load Balancer endpoints) One or more subnet IDs in which to serve the endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SubnetId' + - xml: + name: item + - name: RemoveSubnetId + in: query + required: false + description: (Interface endpoint) One or more subnets IDs in which to remove the endpoint. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SubnetId' + - xml: + name: item + - name: AddSecurityGroupId + in: query + required: false + description: (Interface endpoint) One or more security group IDs to associate with the network interface. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: item + - name: RemoveSecurityGroupId + in: query + required: false + description: (Interface endpoint) One or more security group IDs to disassociate from the network interface. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: item + - name: IpAddressType + in: query + required: false + description: The IP address type for the endpoint. + schema: + type: string + enum: + - ipv4 + - dualstack + - ipv6 + - name: DnsOptions + in: query + required: false + description: The DNS options for the endpoint. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/DnsRecordIpType' + - description: The DNS records created for the endpoint. + description: Describes the DNS options for an endpoint. + - name: PrivateDnsEnabled + in: query + required: false + description: (Interface endpoint) Indicates whether a private hosted zone is associated with the VPC. + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyVpcEndpoint + operationId: POST_ModifyVpcEndpoint + description: 'Modifies attributes of a specified VPC endpoint. The attributes that you can modify depend on the type of VPC endpoint (interface, gateway, or Gateway Load Balancer). For more information, see the Amazon Web Services PrivateLink Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcEndpointResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcEndpointRequest' + parameters: [] + /?Action=ModifyVpcEndpointConnectionNotification&Version=2016-11-15: + get: + x-aws-operation-name: ModifyVpcEndpointConnectionNotification + operationId: GET_ModifyVpcEndpointConnectionNotification + description: 'Modifies a connection notification for VPC endpoint or VPC endpoint service. You can change the SNS topic for the notification, or the events for which to be notified. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcEndpointConnectionNotificationResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ConnectionNotificationId + in: query + required: true + description: The ID of the notification. + schema: + type: string + - name: ConnectionNotificationArn + in: query + required: false + description: The ARN for the SNS topic for the notification. + schema: + type: string + - name: ConnectionEvents + in: query + required: false + description: 'One or more events for the endpoint. Valid values are Accept, Connect, Delete, and Reject.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyVpcEndpointConnectionNotification + operationId: POST_ModifyVpcEndpointConnectionNotification + description: 'Modifies a connection notification for VPC endpoint or VPC endpoint service. You can change the SNS topic for the notification, or the events for which to be notified. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcEndpointConnectionNotificationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcEndpointConnectionNotificationRequest' + parameters: [] + /?Action=ModifyVpcEndpointServiceConfiguration&Version=2016-11-15: + get: + x-aws-operation-name: ModifyVpcEndpointServiceConfiguration + operationId: GET_ModifyVpcEndpointServiceConfiguration + description: '

Modifies the attributes of your VPC endpoint service configuration. You can change the Network Load Balancers or Gateway Load Balancers for your service, and you can specify whether acceptance is required for requests to connect to your endpoint service through an interface VPC endpoint.

If you set or modify the private DNS name, you must prove that you own the private DNS domain name.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcEndpointServiceConfigurationResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ServiceId + in: query + required: true + description: The ID of the service. + schema: + type: string + - name: PrivateDnsName + in: query + required: false + description: (Interface endpoint configuration) The private DNS name to assign to the endpoint service. + schema: + type: string + - name: RemovePrivateDnsName + in: query + required: false + description: (Interface endpoint configuration) Removes the private DNS name of the endpoint service. + schema: + type: boolean + - name: AcceptanceRequired + in: query + required: false + description: Indicates whether requests to create an endpoint to your service must be accepted. + schema: + type: boolean + - name: AddNetworkLoadBalancerArn + in: query + required: false + description: The Amazon Resource Names (ARNs) of Network Load Balancers to add to your service configuration. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: RemoveNetworkLoadBalancerArn + in: query + required: false + description: The Amazon Resource Names (ARNs) of Network Load Balancers to remove from your service configuration. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: AddGatewayLoadBalancerArn + in: query + required: false + description: The Amazon Resource Names (ARNs) of Gateway Load Balancers to add to your service configuration. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: RemoveGatewayLoadBalancerArn + in: query + required: false + description: The Amazon Resource Names (ARNs) of Gateway Load Balancers to remove from your service configuration. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: AddSupportedIpAddressType + in: query + required: false + description: The IP address types to add to your service configuration. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: RemoveSupportedIpAddressType + in: query + required: false + description: The IP address types to remove from your service configuration. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyVpcEndpointServiceConfiguration + operationId: POST_ModifyVpcEndpointServiceConfiguration + description: '

Modifies the attributes of your VPC endpoint service configuration. You can change the Network Load Balancers or Gateway Load Balancers for your service, and you can specify whether acceptance is required for requests to connect to your endpoint service through an interface VPC endpoint.

If you set or modify the private DNS name, you must prove that you own the private DNS domain name.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcEndpointServiceConfigurationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcEndpointServiceConfigurationRequest' + parameters: [] + /?Action=ModifyVpcEndpointServicePayerResponsibility&Version=2016-11-15: + get: + x-aws-operation-name: ModifyVpcEndpointServicePayerResponsibility + operationId: GET_ModifyVpcEndpointServicePayerResponsibility + description: Modifies the payer responsibility for your VPC endpoint service. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcEndpointServicePayerResponsibilityResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ServiceId + in: query + required: true + description: The ID of the service. + schema: + type: string + - name: PayerResponsibility + in: query + required: true + description: 'The entity that is responsible for the endpoint costs. The default is the endpoint owner. If you set the payer responsibility to the service owner, you cannot set it back to the endpoint owner.' + schema: + type: string + enum: + - ServiceOwner + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyVpcEndpointServicePayerResponsibility + operationId: POST_ModifyVpcEndpointServicePayerResponsibility + description: Modifies the payer responsibility for your VPC endpoint service. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcEndpointServicePayerResponsibilityResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcEndpointServicePayerResponsibilityRequest' + parameters: [] + /?Action=ModifyVpcEndpointServicePermissions&Version=2016-11-15: + get: + x-aws-operation-name: ModifyVpcEndpointServicePermissions + operationId: GET_ModifyVpcEndpointServicePermissions + description: '

Modifies the permissions for your VPC endpoint service. You can add or remove permissions for service consumers (IAM users, IAM roles, and Amazon Web Services accounts) to connect to your endpoint service.

If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcEndpointServicePermissionsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ServiceId + in: query + required: true + description: The ID of the service. + schema: + type: string + - name: AddAllowedPrincipals + in: query + required: false + description: 'The Amazon Resource Names (ARN) of one or more principals. Permissions are granted to the principals in this list. To grant permissions to all principals, specify an asterisk (*).' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: RemoveAllowedPrincipals + in: query + required: false + description: The Amazon Resource Names (ARN) of one or more principals. Permissions are revoked for principals in this list. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyVpcEndpointServicePermissions + operationId: POST_ModifyVpcEndpointServicePermissions + description: '

Modifies the permissions for your VPC endpoint service. You can add or remove permissions for service consumers (IAM users, IAM roles, and Amazon Web Services accounts) to connect to your endpoint service.

If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcEndpointServicePermissionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcEndpointServicePermissionsRequest' + parameters: [] + /?Action=ModifyVpcPeeringConnectionOptions&Version=2016-11-15: + get: + x-aws-operation-name: ModifyVpcPeeringConnectionOptions + operationId: GET_ModifyVpcPeeringConnectionOptions + description: '

Modifies the VPC peering connection options on one side of a VPC peering connection. You can do the following:

  • Enable/disable communication over the peering connection between an EC2-Classic instance that''s linked to your VPC (using ClassicLink) and instances in the peer VPC.

  • Enable/disable communication over the peering connection between instances in your VPC and an EC2-Classic instance that''s linked to the peer VPC.

  • Enable/disable the ability to resolve public DNS hostnames to private IP addresses when queried from instances in the peer VPC.

If the peered VPCs are in the same Amazon Web Services account, you can enable DNS resolution for queries from the local VPC. This ensures that queries from the local VPC resolve to private IP addresses in the peer VPC. This option is not available if the peered VPCs are in different different Amazon Web Services accounts or different Regions. For peered VPCs in different Amazon Web Services accounts, each Amazon Web Services account owner must initiate a separate request to modify the peering connection options. For inter-region peering connections, you must use the Region for the requester VPC to modify the requester VPC peering options and the Region for the accepter VPC to modify the accepter VPC peering options. To verify which VPCs are the accepter and the requester for a VPC peering connection, use the DescribeVpcPeeringConnections command.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcPeeringConnectionOptionsResult' + parameters: + - name: AccepterPeeringConnectionOptions + in: query + required: false + description: The VPC peering connection options for the accepter VPC. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If true, enables outbound communication from instances in a local VPC to an EC2-Classic instance that''s linked to a peer VPC using ClassicLink.' + description: The VPC peering connection options. + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: RequesterPeeringConnectionOptions + in: query + required: false + description: The VPC peering connection options for the requester VPC. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If true, enables outbound communication from instances in a local VPC to an EC2-Classic instance that''s linked to a peer VPC using ClassicLink.' + description: The VPC peering connection options. + - name: VpcPeeringConnectionId + in: query + required: true + description: The ID of the VPC peering connection. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyVpcPeeringConnectionOptions + operationId: POST_ModifyVpcPeeringConnectionOptions + description: '

Modifies the VPC peering connection options on one side of a VPC peering connection. You can do the following:

  • Enable/disable communication over the peering connection between an EC2-Classic instance that''s linked to your VPC (using ClassicLink) and instances in the peer VPC.

  • Enable/disable communication over the peering connection between instances in your VPC and an EC2-Classic instance that''s linked to the peer VPC.

  • Enable/disable the ability to resolve public DNS hostnames to private IP addresses when queried from instances in the peer VPC.

If the peered VPCs are in the same Amazon Web Services account, you can enable DNS resolution for queries from the local VPC. This ensures that queries from the local VPC resolve to private IP addresses in the peer VPC. This option is not available if the peered VPCs are in different different Amazon Web Services accounts or different Regions. For peered VPCs in different Amazon Web Services accounts, each Amazon Web Services account owner must initiate a separate request to modify the peering connection options. For inter-region peering connections, you must use the Region for the requester VPC to modify the requester VPC peering options and the Region for the accepter VPC to modify the accepter VPC peering options. To verify which VPCs are the accepter and the requester for a VPC peering connection, use the DescribeVpcPeeringConnections command.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcPeeringConnectionOptionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcPeeringConnectionOptionsRequest' + parameters: [] + /?Action=ModifyVpcTenancy&Version=2016-11-15: + get: + x-aws-operation-name: ModifyVpcTenancy + operationId: GET_ModifyVpcTenancy + description: '

Modifies the instance tenancy attribute of the specified VPC. You can change the instance tenancy attribute of a VPC to default only. You cannot change the instance tenancy attribute to dedicated.

After you modify the tenancy of the VPC, any new instances that you launch into the VPC have a tenancy of default, unless you specify otherwise during launch. The tenancy of any existing instances in the VPC is not affected.

For more information, see Dedicated Instances in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcTenancyResult' + parameters: + - name: VpcId + in: query + required: true + description: The ID of the VPC. + schema: + type: string + - name: InstanceTenancy + in: query + required: true + description: 'The instance tenancy attribute for the VPC. ' + schema: + type: string + enum: + - default + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyVpcTenancy + operationId: POST_ModifyVpcTenancy + description: '

Modifies the instance tenancy attribute of the specified VPC. You can change the instance tenancy attribute of a VPC to default only. You cannot change the instance tenancy attribute to dedicated.

After you modify the tenancy of the VPC, any new instances that you launch into the VPC have a tenancy of default, unless you specify otherwise during launch. The tenancy of any existing instances in the VPC is not affected.

For more information, see Dedicated Instances in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcTenancyResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpcTenancyRequest' + parameters: [] + /?Action=ModifyVpnConnection&Version=2016-11-15: + get: + x-aws-operation-name: ModifyVpnConnection + operationId: GET_ModifyVpnConnection + description: '

Modifies the customer gateway or the target gateway of an Amazon Web Services Site-to-Site VPN connection. To modify the target gateway, the following migration options are available:

  • An existing virtual private gateway to a new virtual private gateway

  • An existing virtual private gateway to a transit gateway

  • An existing transit gateway to a new transit gateway

  • An existing transit gateway to a virtual private gateway

Before you perform the migration to the new gateway, you must configure the new gateway. Use CreateVpnGateway to create a virtual private gateway, or CreateTransitGateway to create a transit gateway.

This step is required when you migrate from a virtual private gateway with static routes to a transit gateway.

You must delete the static routes before you migrate to the new gateway.

Keep a copy of the static route before you delete it. You will need to add back these routes to the transit gateway after the VPN connection migration is complete.

After you migrate to the new gateway, you might need to modify your VPC route table. Use CreateRoute and DeleteRoute to make the changes described in Update VPC route tables in the Amazon Web Services Site-to-Site VPN User Guide.

When the new gateway is a transit gateway, modify the transit gateway route table to allow traffic between the VPC and the Amazon Web Services Site-to-Site VPN connection. Use CreateTransitGatewayRoute to add the routes.

If you deleted VPN static routes, you must add the static routes to the transit gateway route table.

After you perform this operation, the VPN endpoint''s IP addresses on the Amazon Web Services side and the tunnel options remain intact. Your Amazon Web Services Site-to-Site VPN connection will be temporarily unavailable for a brief period while we provision the new endpoints.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpnConnectionResult' + parameters: + - name: VpnConnectionId + in: query + required: true + description: The ID of the VPN connection. + schema: + type: string + - name: TransitGatewayId + in: query + required: false + description: The ID of the transit gateway. + schema: + type: string + - name: CustomerGatewayId + in: query + required: false + description: The ID of the customer gateway at your end of the VPN connection. + schema: + type: string + - name: VpnGatewayId + in: query + required: false + description: The ID of the virtual private gateway at the Amazon Web Services side of the VPN connection. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyVpnConnection + operationId: POST_ModifyVpnConnection + description: '

Modifies the customer gateway or the target gateway of an Amazon Web Services Site-to-Site VPN connection. To modify the target gateway, the following migration options are available:

  • An existing virtual private gateway to a new virtual private gateway

  • An existing virtual private gateway to a transit gateway

  • An existing transit gateway to a new transit gateway

  • An existing transit gateway to a virtual private gateway

Before you perform the migration to the new gateway, you must configure the new gateway. Use CreateVpnGateway to create a virtual private gateway, or CreateTransitGateway to create a transit gateway.

This step is required when you migrate from a virtual private gateway with static routes to a transit gateway.

You must delete the static routes before you migrate to the new gateway.

Keep a copy of the static route before you delete it. You will need to add back these routes to the transit gateway after the VPN connection migration is complete.

After you migrate to the new gateway, you might need to modify your VPC route table. Use CreateRoute and DeleteRoute to make the changes described in Update VPC route tables in the Amazon Web Services Site-to-Site VPN User Guide.

When the new gateway is a transit gateway, modify the transit gateway route table to allow traffic between the VPC and the Amazon Web Services Site-to-Site VPN connection. Use CreateTransitGatewayRoute to add the routes.

If you deleted VPN static routes, you must add the static routes to the transit gateway route table.

After you perform this operation, the VPN endpoint''s IP addresses on the Amazon Web Services side and the tunnel options remain intact. Your Amazon Web Services Site-to-Site VPN connection will be temporarily unavailable for a brief period while we provision the new endpoints.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpnConnectionResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpnConnectionRequest' + parameters: [] + /?Action=ModifyVpnConnectionOptions&Version=2016-11-15: + get: + x-aws-operation-name: ModifyVpnConnectionOptions + operationId: GET_ModifyVpnConnectionOptions + description: '

Modifies the connection options for your Site-to-Site VPN connection.

When you modify the VPN connection options, the VPN endpoint IP addresses on the Amazon Web Services side do not change, and the tunnel options do not change. Your VPN connection will be temporarily unavailable for a brief period while the VPN connection is updated.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpnConnectionOptionsResult' + parameters: + - name: VpnConnectionId + in: query + required: true + description: 'The ID of the Site-to-Site VPN connection. ' + schema: + type: string + - name: LocalIpv4NetworkCidr + in: query + required: false + description: '

The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.

Default: 0.0.0.0/0

' + schema: + type: string + - name: RemoteIpv4NetworkCidr + in: query + required: false + description: '

The IPv4 CIDR on the Amazon Web Services side of the VPN connection.

Default: 0.0.0.0/0

' + schema: + type: string + - name: LocalIpv6NetworkCidr + in: query + required: false + description: '

The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.

Default: ::/0

' + schema: + type: string + - name: RemoteIpv6NetworkCidr + in: query + required: false + description: '

The IPv6 CIDR on the Amazon Web Services side of the VPN connection.

Default: ::/0

' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyVpnConnectionOptions + operationId: POST_ModifyVpnConnectionOptions + description: '

Modifies the connection options for your Site-to-Site VPN connection.

When you modify the VPN connection options, the VPN endpoint IP addresses on the Amazon Web Services side do not change, and the tunnel options do not change. Your VPN connection will be temporarily unavailable for a brief period while the VPN connection is updated.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpnConnectionOptionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpnConnectionOptionsRequest' + parameters: [] + /?Action=ModifyVpnTunnelCertificate&Version=2016-11-15: + get: + x-aws-operation-name: ModifyVpnTunnelCertificate + operationId: GET_ModifyVpnTunnelCertificate + description: Modifies the VPN tunnel endpoint certificate. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpnTunnelCertificateResult' + parameters: + - name: VpnConnectionId + in: query + required: true + description: The ID of the Amazon Web Services Site-to-Site VPN connection. + schema: + type: string + - name: VpnTunnelOutsideIpAddress + in: query + required: true + description: The external IP address of the VPN tunnel. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyVpnTunnelCertificate + operationId: POST_ModifyVpnTunnelCertificate + description: Modifies the VPN tunnel endpoint certificate. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpnTunnelCertificateResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpnTunnelCertificateRequest' + parameters: [] + /?Action=ModifyVpnTunnelOptions&Version=2016-11-15: + get: + x-aws-operation-name: ModifyVpnTunnelOptions + operationId: GET_ModifyVpnTunnelOptions + description: 'Modifies the options for a VPN tunnel in an Amazon Web Services Site-to-Site VPN connection. You can modify multiple options for a tunnel in a single request, but you can only modify one tunnel at a time. For more information, see Site-to-Site VPN tunnel options for your Site-to-Site VPN connection in the Amazon Web Services Site-to-Site VPN User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpnTunnelOptionsResult' + parameters: + - name: VpnConnectionId + in: query + required: true + description: The ID of the Amazon Web Services Site-to-Site VPN connection. + schema: + type: string + - name: VpnTunnelOutsideIpAddress + in: query + required: true + description: The external IP address of the VPN tunnel. + schema: + type: string + - name: TunnelOptions + in: query + required: true + description: The tunnel options to modify. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session.

Valid Values: clear | none | restart

Default: clear

' + Phase1EncryptionAlgorithm: + allOf: + - $ref: '#/components/schemas/Phase1EncryptionAlgorithmsRequestList' + - description: '

One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

' + Phase2EncryptionAlgorithm: + allOf: + - $ref: '#/components/schemas/Phase2EncryptionAlgorithmsRequestList' + - description: '

One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

' + Phase1IntegrityAlgorithm: + allOf: + - $ref: '#/components/schemas/Phase1IntegrityAlgorithmsRequestList' + - description: '

One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

' + Phase2IntegrityAlgorithm: + allOf: + - $ref: '#/components/schemas/Phase2IntegrityAlgorithmsRequestList' + - description: '

One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

' + Phase1DHGroupNumber: + allOf: + - $ref: '#/components/schemas/Phase1DHGroupNumbersRequestList' + - description: '

One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

' + Phase2DHGroupNumber: + allOf: + - $ref: '#/components/schemas/Phase2DHGroupNumbersRequestList' + - description: '

One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

' + IKEVersion: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for Amazon Web Services to initiate the IKE negotiation.

Valid Values: add | start

Default: add

' + description: The Amazon Web Services Site-to-Site VPN tunnel options to modify. + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ModifyVpnTunnelOptions + operationId: POST_ModifyVpnTunnelOptions + description: 'Modifies the options for a VPN tunnel in an Amazon Web Services Site-to-Site VPN connection. You can modify multiple options for a tunnel in a single request, but you can only modify one tunnel at a time. For more information, see Site-to-Site VPN tunnel options for your Site-to-Site VPN connection in the Amazon Web Services Site-to-Site VPN User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpnTunnelOptionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ModifyVpnTunnelOptionsRequest' + parameters: [] + /?Action=MonitorInstances&Version=2016-11-15: + get: + x-aws-operation-name: MonitorInstances + operationId: GET_MonitorInstances + description: '

Enables detailed monitoring for a running instance. Otherwise, basic monitoring is enabled. For more information, see Monitor your instances using CloudWatch in the Amazon EC2 User Guide.

To disable detailed monitoring, see UnmonitorInstances.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/MonitorInstancesResult' + parameters: + - name: InstanceId + in: query + required: true + description: The IDs of the instances. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: MonitorInstances + operationId: POST_MonitorInstances + description: '

Enables detailed monitoring for a running instance. Otherwise, basic monitoring is enabled. For more information, see Monitor your instances using CloudWatch in the Amazon EC2 User Guide.

To disable detailed monitoring, see UnmonitorInstances.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/MonitorInstancesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/MonitorInstancesRequest' + parameters: [] + /?Action=MoveAddressToVpc&Version=2016-11-15: + get: + x-aws-operation-name: MoveAddressToVpc + operationId: GET_MoveAddressToVpc + description: 'Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC platform. The Elastic IP address must be allocated to your account for more than 24 hours, and it must not be associated with an instance. After the Elastic IP address is moved, it is no longer available for use in the EC2-Classic platform, unless you move it back using the RestoreAddressToClassic request. You cannot move an Elastic IP address that was originally allocated for use in the EC2-VPC platform to the EC2-Classic platform. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/MoveAddressToVpcResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: PublicIp + in: query + required: true + description: The Elastic IP address. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: MoveAddressToVpc + operationId: POST_MoveAddressToVpc + description: 'Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC platform. The Elastic IP address must be allocated to your account for more than 24 hours, and it must not be associated with an instance. After the Elastic IP address is moved, it is no longer available for use in the EC2-Classic platform, unless you move it back using the RestoreAddressToClassic request. You cannot move an Elastic IP address that was originally allocated for use in the EC2-VPC platform to the EC2-Classic platform. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/MoveAddressToVpcResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/MoveAddressToVpcRequest' + parameters: [] + /?Action=MoveByoipCidrToIpam&Version=2016-11-15: + get: + x-aws-operation-name: MoveByoipCidrToIpam + operationId: GET_MoveByoipCidrToIpam + description: '

Move an BYOIP IPv4 CIDR to IPAM from a public IPv4 pool.

If you already have an IPv4 BYOIP CIDR with Amazon Web Services, you can move the CIDR to IPAM from a public IPv4 pool. You cannot move an IPv6 CIDR to IPAM. If you are bringing a new IP address to Amazon Web Services for the first time, complete the steps in Tutorial: BYOIP address CIDRs to IPAM.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/MoveByoipCidrToIpamResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Cidr + in: query + required: true + description: The BYOIP CIDR. + schema: + type: string + - name: IpamPoolId + in: query + required: true + description: The IPAM pool ID. + schema: + type: string + - name: IpamPoolOwner + in: query + required: true + description: The Amazon Web Services account ID of the owner of the IPAM pool. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: MoveByoipCidrToIpam + operationId: POST_MoveByoipCidrToIpam + description: '

Move an BYOIP IPv4 CIDR to IPAM from a public IPv4 pool.

If you already have an IPv4 BYOIP CIDR with Amazon Web Services, you can move the CIDR to IPAM from a public IPv4 pool. You cannot move an IPv6 CIDR to IPAM. If you are bringing a new IP address to Amazon Web Services for the first time, complete the steps in Tutorial: BYOIP address CIDRs to IPAM.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/MoveByoipCidrToIpamResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/MoveByoipCidrToIpamRequest' + parameters: [] + /?Action=ProvisionByoipCidr&Version=2016-11-15: + get: + x-aws-operation-name: ProvisionByoipCidr + operationId: GET_ProvisionByoipCidr + description: '

Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised using AdvertiseByoipCidr.

Amazon Web Services verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see Bring your own IP addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide.

Provisioning an address range is an asynchronous operation, so the call returns immediately, but the address range is not ready to use until its status changes from pending-provision to provisioned. To monitor the status of an address range, use DescribeByoipCidrs. To allocate an Elastic IP address from your IPv4 address pool, use AllocateAddress with either the specific address from the address pool or the ID of the address pool.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ProvisionByoipCidrResult' + parameters: + - name: Cidr + in: query + required: true + description: 'The public IPv4 or IPv6 address range, in CIDR notation. The most specific IPv4 prefix that you can specify is /24. The most specific IPv6 prefix you can specify is /56. The address range cannot overlap with another address range that you''ve brought to this or another Region.' + schema: + type: string + - name: CidrAuthorizationContext + in: query + required: false + description: A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP. + schema: + type: object + required: + - Message + - Signature + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The signed authorization message for the prefix and account. + description: 'Provides authorization for Amazon to bring a specific IP address range to a specific Amazon Web Services account using bring your own IP addresses (BYOIP). For more information, see Configuring your BYOIP address range in the Amazon Elastic Compute Cloud User Guide.' + - name: PubliclyAdvertisable + in: query + required: false + description: '

(IPv6 only) Indicate whether the address range will be publicly advertised to the internet.

Default: true

' + schema: + type: boolean + - name: Description + in: query + required: false + description: A description for the address range and the address pool. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: PoolTagSpecification + in: query + required: false + description: The tags to apply to the address pool. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: MultiRegion + in: query + required: false + description: Reserved. + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ProvisionByoipCidr + operationId: POST_ProvisionByoipCidr + description: '

Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised using AdvertiseByoipCidr.

Amazon Web Services verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see Bring your own IP addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide.

Provisioning an address range is an asynchronous operation, so the call returns immediately, but the address range is not ready to use until its status changes from pending-provision to provisioned. To monitor the status of an address range, use DescribeByoipCidrs. To allocate an Elastic IP address from your IPv4 address pool, use AllocateAddress with either the specific address from the address pool or the ID of the address pool.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ProvisionByoipCidrResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ProvisionByoipCidrRequest' + parameters: [] + /?Action=ProvisionIpamPoolCidr&Version=2016-11-15: + get: + x-aws-operation-name: ProvisionIpamPoolCidr + operationId: GET_ProvisionIpamPoolCidr + description: '

Provision a CIDR to an IPAM pool. You can use this action to provision new CIDRs to a top-level pool or to transfer a CIDR from a top-level pool to a pool within it.

For more information, see Provision CIDRs to pools in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ProvisionIpamPoolCidrResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IpamPoolId + in: query + required: true + description: The ID of the IPAM pool to which you want to assign a CIDR. + schema: + type: string + - name: Cidr + in: query + required: false + description: The CIDR you want to assign to the IPAM pool. + schema: + type: string + - name: CidrAuthorizationContext + in: query + required: false + description: A signed document that proves that you are authorized to bring a specified IP address range to Amazon using BYOIP. This option applies to public pools only. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The signed authorization message for the prefix and account. + description: A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP. + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ProvisionIpamPoolCidr + operationId: POST_ProvisionIpamPoolCidr + description: '

Provision a CIDR to an IPAM pool. You can use this action to provision new CIDRs to a top-level pool or to transfer a CIDR from a top-level pool to a pool within it.

For more information, see Provision CIDRs to pools in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ProvisionIpamPoolCidrResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ProvisionIpamPoolCidrRequest' + parameters: [] + /?Action=ProvisionPublicIpv4PoolCidr&Version=2016-11-15: + get: + x-aws-operation-name: ProvisionPublicIpv4PoolCidr + operationId: GET_ProvisionPublicIpv4PoolCidr + description: '

Provision a CIDR to a public IPv4 pool.

For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ProvisionPublicIpv4PoolCidrResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IpamPoolId + in: query + required: true + description: The ID of the IPAM pool you would like to use to allocate this CIDR. + schema: + type: string + - name: PoolId + in: query + required: true + description: The ID of the public IPv4 pool you would like to use for this CIDR. + schema: + type: string + - name: NetmaskLength + in: query + required: true + description: The netmask length of the CIDR you would like to allocate to the public IPv4 pool. + schema: + type: integer + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ProvisionPublicIpv4PoolCidr + operationId: POST_ProvisionPublicIpv4PoolCidr + description: '

Provision a CIDR to a public IPv4 pool.

For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ProvisionPublicIpv4PoolCidrResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ProvisionPublicIpv4PoolCidrRequest' + parameters: [] + /?Action=PurchaseHostReservation&Version=2016-11-15: + get: + x-aws-operation-name: PurchaseHostReservation + operationId: GET_PurchaseHostReservation + description: Purchase a reservation with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation. This action results in the specified reservation being purchased and charged to your account. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/PurchaseHostReservationResult' + parameters: + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' + schema: + type: string + - name: CurrencyCode + in: query + required: false + description: 'The currency in which the totalUpfrontPrice, LimitPrice, and totalHourlyPrice amounts are specified. At this time, the only supported currency is USD.' + schema: + type: string + enum: + - USD + - name: HostIdSet + in: query + required: true + description: The IDs of the Dedicated Hosts with which the reservation will be associated. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/DedicatedHostId' + - xml: + name: item + - name: LimitPrice + in: query + required: false + description: 'The specified limit is checked against the total upfront cost of the reservation (calculated as the offering''s upfront cost multiplied by the host count). If the total upfront cost is greater than the specified price limit, the request fails. This is used to ensure that the purchase does not exceed the expected upfront cost of the purchase. At this time, the only supported currency is USD. For example, to indicate a limit price of USD 100, specify 100.00.' + schema: + type: string + - name: OfferingId + in: query + required: true + description: The ID of the offering. + schema: + type: string + - name: TagSpecification + in: query + required: false + description: The tags to apply to the Dedicated Host Reservation during purchase. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: PurchaseHostReservation + operationId: POST_PurchaseHostReservation + description: Purchase a reservation with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation. This action results in the specified reservation being purchased and charged to your account. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/PurchaseHostReservationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/PurchaseHostReservationRequest' + parameters: [] + /?Action=PurchaseReservedInstancesOffering&Version=2016-11-15: + get: + x-aws-operation-name: PurchaseReservedInstancesOffering + operationId: GET_PurchaseReservedInstancesOffering + description: '

Purchases a Reserved Instance for use with your account. With Reserved Instances, you pay a lower hourly rate compared to On-Demand instance pricing.

Use DescribeReservedInstancesOfferings to get a list of Reserved Instance offerings that match your specifications. After you''ve purchased a Reserved Instance, you can check for your new Reserved Instance with DescribeReservedInstances.

To queue a purchase for a future date and time, specify a purchase time. If you do not specify a purchase time, the default is the current time.

For more information, see Reserved Instances and Reserved Instance Marketplace in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/PurchaseReservedInstancesOfferingResult' + parameters: + - name: InstanceCount + in: query + required: true + description: The number of Reserved Instances to purchase. + schema: + type: integer + - name: ReservedInstancesOfferingId + in: query + required: true + description: The ID of the Reserved Instance offering to purchase. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: LimitPrice + in: query + required: false + description: Specified for Reserved Instance Marketplace offerings to limit the total order and ensure that the Reserved Instances are not purchased at unexpected prices. + schema: + type: object + properties: + amount: + allOf: + - $ref: '#/components/schemas/Double' + - description: Used for Reserved Instance Marketplace offerings. Specifies the limit price on the total order (instanceCount * price). + currencyCode: + allOf: + - $ref: '#/components/schemas/CurrencyCodeValues' + - description: 'The currency in which the limitPrice amount is specified. At this time, the only supported currency is USD.' + description: Describes the limit price of a Reserved Instance offering. + - name: PurchaseTime + in: query + required: false + description: 'The time at which to purchase the Reserved Instance, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + schema: + type: string + format: date-time + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: PurchaseReservedInstancesOffering + operationId: POST_PurchaseReservedInstancesOffering + description: '

Purchases a Reserved Instance for use with your account. With Reserved Instances, you pay a lower hourly rate compared to On-Demand instance pricing.

Use DescribeReservedInstancesOfferings to get a list of Reserved Instance offerings that match your specifications. After you''ve purchased a Reserved Instance, you can check for your new Reserved Instance with DescribeReservedInstances.

To queue a purchase for a future date and time, specify a purchase time. If you do not specify a purchase time, the default is the current time.

For more information, see Reserved Instances and Reserved Instance Marketplace in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/PurchaseReservedInstancesOfferingResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/PurchaseReservedInstancesOfferingRequest' + parameters: [] + /?Action=PurchaseScheduledInstances&Version=2016-11-15: + get: + x-aws-operation-name: PurchaseScheduledInstances + operationId: GET_PurchaseScheduledInstances + description: '

Purchases the Scheduled Instances with the specified schedule.

Scheduled Instances enable you to purchase Amazon EC2 compute capacity by the hour for a one-year term. Before you can purchase a Scheduled Instance, you must call DescribeScheduledInstanceAvailability to check for available schedules and obtain a purchase token. After you purchase a Scheduled Instance, you must call RunScheduledInstances during each scheduled time period.

After you purchase a Scheduled Instance, you can''t cancel, modify, or resell your purchase.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/PurchaseScheduledInstancesResult' + parameters: + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that ensures the idempotency of the request. For more information, see Ensuring Idempotency.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: PurchaseRequest + in: query + required: true + description: The purchase requests. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/PurchaseRequest' + - xml: + name: PurchaseRequest + minItems: 1 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: PurchaseScheduledInstances + operationId: POST_PurchaseScheduledInstances + description: '

Purchases the Scheduled Instances with the specified schedule.

Scheduled Instances enable you to purchase Amazon EC2 compute capacity by the hour for a one-year term. Before you can purchase a Scheduled Instance, you must call DescribeScheduledInstanceAvailability to check for available schedules and obtain a purchase token. After you purchase a Scheduled Instance, you must call RunScheduledInstances during each scheduled time period.

After you purchase a Scheduled Instance, you can''t cancel, modify, or resell your purchase.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/PurchaseScheduledInstancesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/PurchaseScheduledInstancesRequest' + parameters: [] + /?Action=RebootInstances&Version=2016-11-15: + get: + x-aws-operation-name: RebootInstances + operationId: GET_RebootInstances + description: '

Requests a reboot of the specified instances. This operation is asynchronous; it only queues a request to reboot the specified instances. The operation succeeds if the instances are valid and belong to you. Requests to reboot terminated instances are ignored.

If an instance does not cleanly shut down within a few minutes, Amazon EC2 performs a hard reboot.

For more information about troubleshooting, see Troubleshoot an unreachable instance in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + parameters: + - name: InstanceId + in: query + required: true + description: The instance IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RebootInstances + operationId: POST_RebootInstances + description: '

Requests a reboot of the specified instances. This operation is asynchronous; it only queues a request to reboot the specified instances. The operation succeeds if the instances are valid and belong to you. Requests to reboot terminated instances are ignored.

If an instance does not cleanly shut down within a few minutes, Amazon EC2 performs a hard reboot.

For more information about troubleshooting, see Troubleshoot an unreachable instance in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RebootInstancesRequest' + parameters: [] + /?Action=RegisterImage&Version=2016-11-15: + get: + x-aws-operation-name: RegisterImage + operationId: GET_RegisterImage + description: '

Registers an AMI. When you''re creating an AMI, this is the final step you must complete before you can launch an instance from the AMI. For more information about creating AMIs, see Creating your own AMIs in the Amazon Elastic Compute Cloud User Guide.

For Amazon EBS-backed instances, CreateImage creates and registers the AMI in a single request, so you don''t have to register the AMI yourself.

If needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by an instance store volume invalidates its registration. If you make changes to an image, deregister the previous image and register the new image.

Register a snapshot of a root device volume

You can use RegisterImage to create an Amazon EBS-backed Linux AMI from a snapshot of a root device volume. You specify the snapshot using a block device mapping. You can''t set the encryption state of the volume using the block device mapping. If the snapshot is encrypted, or encryption by default is enabled, the root volume of an instance launched from the AMI is encrypted.

For more information, see Create a Linux AMI from a snapshot and Use encryption with Amazon EBS-backed AMIs in the Amazon Elastic Compute Cloud User Guide.

Amazon Web Services Marketplace product codes

If any snapshots have Amazon Web Services Marketplace product codes, they are copied to the new AMI.

Windows and some Linux distributions, such as Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES), use the Amazon EC2 billing product code associated with an AMI to verify the subscription status for package updates. To create a new AMI for operating systems that require a billing product code, instead of registering the AMI, do the following to preserve the billing product code association:

  1. Launch an instance from an existing AMI with that billing product code.

  2. Customize the instance.

  3. Create an AMI from the instance using CreateImage.

If you purchase a Reserved Instance to apply to an On-Demand Instance that was launched from an AMI with a billing product code, make sure that the Reserved Instance has the matching billing product code. If you purchase a Reserved Instance without the matching billing product code, the Reserved Instance will not be applied to the On-Demand Instance. For information about how to obtain the platform details and billing information of an AMI, see Understanding AMI billing in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RegisterImageResult' + parameters: + - name: ImageLocation + in: query + required: false + description: 'The full path to your AMI manifest in Amazon S3 storage. The specified bucket must have the aws-exec-read canned access control list (ACL) to ensure that it can be accessed by Amazon EC2. For more information, see Canned ACLs in the Amazon S3 Service Developer Guide.' + schema: + type: string + - name: Architecture + in: query + required: false + description: '

The architecture of the AMI.

Default: For Amazon EBS-backed AMIs, i386. For instance store-backed AMIs, the architecture specified in the manifest file.

' + schema: + type: string + enum: + - i386 + - x86_64 + - arm64 + - x86_64_mac + - name: BlockDeviceMapping + in: query + required: false + description: '

The block device mapping entries.

If you specify an Amazon EBS volume using the ID of an Amazon EBS snapshot, you can''t specify the encryption state of the volume.

If you create an AMI on an Outpost, then all backing snapshots must be on the same Outpost or in the Region of that Outpost. AMIs on an Outpost that include local snapshots can be used to launch instances on the same Outpost only. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/BlockDeviceMapping' + - xml: + name: BlockDeviceMapping + - name: Description + in: query + required: false + description: A description for your AMI. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: EnaSupport + in: query + required: false + description:

Set to true to enable enhanced networking with ENA for the AMI and any instances that you launch from the AMI.

This option is supported only for HVM AMIs. Specifying this option with a PV AMI can make instances launched from the AMI unreachable.

+ schema: + type: boolean + - name: KernelId + in: query + required: false + description: The ID of the kernel. + schema: + type: string + - name: Name + in: query + required: true + description: '

A name for your AMI.

Constraints: 3-128 alphanumeric characters, parentheses (()), square brackets ([]), spaces ( ), periods (.), slashes (/), dashes (-), single quotes (''), at-signs (@), or underscores(_)

' + schema: + type: string + - name: BillingProduct + in: query + required: false + description: 'The billing product codes. Your account must be authorized to specify billing product codes. Otherwise, you can use the Amazon Web Services Marketplace to bill for the use of an AMI.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: RamdiskId + in: query + required: false + description: The ID of the RAM disk. + schema: + type: string + - name: RootDeviceName + in: query + required: false + description: 'The device name of the root device volume (for example, /dev/sda1).' + schema: + type: string + - name: SriovNetSupport + in: query + required: false + description:

Set to simple to enable enhanced networking with the Intel 82599 Virtual Function interface for the AMI and any instances that you launch from the AMI.

There is no way to disable sriovNetSupport at this time.

This option is supported only for HVM AMIs. Specifying this option with a PV AMI can make instances launched from the AMI unreachable.

+ schema: + type: string + - name: VirtualizationType + in: query + required: false + description: '

The type of virtualization (hvm | paravirtual).

Default: paravirtual

' + schema: + type: string + - name: BootMode + in: query + required: false + description: 'The boot mode of the AMI. For more information, see Boot modes in the Amazon Elastic Compute Cloud User Guide.' + schema: + type: string + enum: + - legacy-bios + - uefi + - name: TpmSupport + in: query + required: false + description: 'Set to v2.0 to enable Trusted Platform Module (TPM) support. For more information, see NitroTPM in the Amazon Elastic Compute Cloud User Guide.' + schema: + type: string + enum: + - v2.0 + - name: UefiData + in: query + required: false + description: 'Base64 representation of the non-volatile UEFI variable store. To retrieve the UEFI data, use the GetInstanceUefiData command. You can inspect and modify the UEFI data by using the python-uefivars tool on GitHub. For more information, see UEFI Secure Boot in the Amazon Elastic Compute Cloud User Guide.' + schema: + type: string + minLength: 0 + maxLength: 64000 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RegisterImage + operationId: POST_RegisterImage + description: '

Registers an AMI. When you''re creating an AMI, this is the final step you must complete before you can launch an instance from the AMI. For more information about creating AMIs, see Creating your own AMIs in the Amazon Elastic Compute Cloud User Guide.

For Amazon EBS-backed instances, CreateImage creates and registers the AMI in a single request, so you don''t have to register the AMI yourself.

If needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by an instance store volume invalidates its registration. If you make changes to an image, deregister the previous image and register the new image.

Register a snapshot of a root device volume

You can use RegisterImage to create an Amazon EBS-backed Linux AMI from a snapshot of a root device volume. You specify the snapshot using a block device mapping. You can''t set the encryption state of the volume using the block device mapping. If the snapshot is encrypted, or encryption by default is enabled, the root volume of an instance launched from the AMI is encrypted.

For more information, see Create a Linux AMI from a snapshot and Use encryption with Amazon EBS-backed AMIs in the Amazon Elastic Compute Cloud User Guide.

Amazon Web Services Marketplace product codes

If any snapshots have Amazon Web Services Marketplace product codes, they are copied to the new AMI.

Windows and some Linux distributions, such as Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES), use the Amazon EC2 billing product code associated with an AMI to verify the subscription status for package updates. To create a new AMI for operating systems that require a billing product code, instead of registering the AMI, do the following to preserve the billing product code association:

  1. Launch an instance from an existing AMI with that billing product code.

  2. Customize the instance.

  3. Create an AMI from the instance using CreateImage.

If you purchase a Reserved Instance to apply to an On-Demand Instance that was launched from an AMI with a billing product code, make sure that the Reserved Instance has the matching billing product code. If you purchase a Reserved Instance without the matching billing product code, the Reserved Instance will not be applied to the On-Demand Instance. For information about how to obtain the platform details and billing information of an AMI, see Understanding AMI billing in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RegisterImageResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RegisterImageRequest' + parameters: [] + /?Action=RegisterInstanceEventNotificationAttributes&Version=2016-11-15: + get: + x-aws-operation-name: RegisterInstanceEventNotificationAttributes + operationId: GET_RegisterInstanceEventNotificationAttributes + description: '

Registers a set of tag keys to include in scheduled event notifications for your resources.

To remove tags, use DeregisterInstanceEventNotificationAttributes.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RegisterInstanceEventNotificationAttributesResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceTagAttribute + in: query + required: false + description: Information about the tag keys to register. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to register all tag keys in the current Region. Specify true to register all tag keys. + InstanceTagKey: + allOf: + - $ref: '#/components/schemas/InstanceTagKeySet' + - description: The tag keys to register. + description: Information about the tag keys to register for the current Region. You can either specify individual tag keys or register all tag keys in the current Region. You must specify either IncludeAllTagsOfInstance or InstanceTagKeys in the request + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RegisterInstanceEventNotificationAttributes + operationId: POST_RegisterInstanceEventNotificationAttributes + description: '

Registers a set of tag keys to include in scheduled event notifications for your resources.

To remove tags, use DeregisterInstanceEventNotificationAttributes.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RegisterInstanceEventNotificationAttributesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RegisterInstanceEventNotificationAttributesRequest' + parameters: [] + /?Action=RegisterTransitGatewayMulticastGroupMembers&Version=2016-11-15: + get: + x-aws-operation-name: RegisterTransitGatewayMulticastGroupMembers + operationId: GET_RegisterTransitGatewayMulticastGroupMembers + description: '

Registers members (network interfaces) with the transit gateway multicast group. A member is a network interface associated with a supported EC2 instance that receives multicast traffic. For information about supported instances, see Multicast Consideration in Amazon VPC Transit Gateways.

After you add the members, use SearchTransitGatewayMulticastGroups to verify that the members were added to the transit gateway multicast group.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RegisterTransitGatewayMulticastGroupMembersResult' + parameters: + - name: TransitGatewayMulticastDomainId + in: query + required: false + description: The ID of the transit gateway multicast domain. + schema: + type: string + - name: GroupIpAddress + in: query + required: false + description: The IP address assigned to the transit gateway multicast group. + schema: + type: string + - name: NetworkInterfaceIds + in: query + required: false + description: The group members' network interface IDs to register with the transit gateway multicast group. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RegisterTransitGatewayMulticastGroupMembers + operationId: POST_RegisterTransitGatewayMulticastGroupMembers + description: '

Registers members (network interfaces) with the transit gateway multicast group. A member is a network interface associated with a supported EC2 instance that receives multicast traffic. For information about supported instances, see Multicast Consideration in Amazon VPC Transit Gateways.

After you add the members, use SearchTransitGatewayMulticastGroups to verify that the members were added to the transit gateway multicast group.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RegisterTransitGatewayMulticastGroupMembersResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RegisterTransitGatewayMulticastGroupMembersRequest' + parameters: [] + /?Action=RegisterTransitGatewayMulticastGroupSources&Version=2016-11-15: + get: + x-aws-operation-name: RegisterTransitGatewayMulticastGroupSources + operationId: GET_RegisterTransitGatewayMulticastGroupSources + description: '

Registers sources (network interfaces) with the specified transit gateway multicast group.

A multicast source is a network interface attached to a supported instance that sends multicast traffic. For information about supported instances, see Multicast Considerations in Amazon VPC Transit Gateways.

After you add the source, use SearchTransitGatewayMulticastGroups to verify that the source was added to the multicast group.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RegisterTransitGatewayMulticastGroupSourcesResult' + parameters: + - name: TransitGatewayMulticastDomainId + in: query + required: false + description: The ID of the transit gateway multicast domain. + schema: + type: string + - name: GroupIpAddress + in: query + required: false + description: The IP address assigned to the transit gateway multicast group. + schema: + type: string + - name: NetworkInterfaceIds + in: query + required: false + description: The group sources' network interface IDs to register with the transit gateway multicast group. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RegisterTransitGatewayMulticastGroupSources + operationId: POST_RegisterTransitGatewayMulticastGroupSources + description: '

Registers sources (network interfaces) with the specified transit gateway multicast group.

A multicast source is a network interface attached to a supported instance that sends multicast traffic. For information about supported instances, see Multicast Considerations in Amazon VPC Transit Gateways.

After you add the source, use SearchTransitGatewayMulticastGroups to verify that the source was added to the multicast group.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RegisterTransitGatewayMulticastGroupSourcesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RegisterTransitGatewayMulticastGroupSourcesRequest' + parameters: [] + /?Action=RejectTransitGatewayMulticastDomainAssociations&Version=2016-11-15: + get: + x-aws-operation-name: RejectTransitGatewayMulticastDomainAssociations + operationId: GET_RejectTransitGatewayMulticastDomainAssociations + description: Rejects a request to associate cross-account subnets with a transit gateway multicast domain. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RejectTransitGatewayMulticastDomainAssociationsResult' + parameters: + - name: TransitGatewayMulticastDomainId + in: query + required: false + description: The ID of the transit gateway multicast domain. + schema: + type: string + - name: TransitGatewayAttachmentId + in: query + required: false + description: The ID of the transit gateway attachment. + schema: + type: string + - name: SubnetIds + in: query + required: false + description: The IDs of the subnets to associate with the transit gateway multicast domain. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RejectTransitGatewayMulticastDomainAssociations + operationId: POST_RejectTransitGatewayMulticastDomainAssociations + description: Rejects a request to associate cross-account subnets with a transit gateway multicast domain. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RejectTransitGatewayMulticastDomainAssociationsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RejectTransitGatewayMulticastDomainAssociationsRequest' + parameters: [] + /?Action=RejectTransitGatewayPeeringAttachment&Version=2016-11-15: + get: + x-aws-operation-name: RejectTransitGatewayPeeringAttachment + operationId: GET_RejectTransitGatewayPeeringAttachment + description: Rejects a transit gateway peering attachment request. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RejectTransitGatewayPeeringAttachmentResult' + parameters: + - name: TransitGatewayAttachmentId + in: query + required: true + description: The ID of the transit gateway peering attachment. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RejectTransitGatewayPeeringAttachment + operationId: POST_RejectTransitGatewayPeeringAttachment + description: Rejects a transit gateway peering attachment request. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RejectTransitGatewayPeeringAttachmentResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RejectTransitGatewayPeeringAttachmentRequest' + parameters: [] + /?Action=RejectTransitGatewayVpcAttachment&Version=2016-11-15: + get: + x-aws-operation-name: RejectTransitGatewayVpcAttachment + operationId: GET_RejectTransitGatewayVpcAttachment + description:

Rejects a request to attach a VPC to a transit gateway.

The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use AcceptTransitGatewayVpcAttachment to accept a VPC attachment request.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RejectTransitGatewayVpcAttachmentResult' + parameters: + - name: TransitGatewayAttachmentId + in: query + required: true + description: The ID of the attachment. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RejectTransitGatewayVpcAttachment + operationId: POST_RejectTransitGatewayVpcAttachment + description:

Rejects a request to attach a VPC to a transit gateway.

The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use AcceptTransitGatewayVpcAttachment to accept a VPC attachment request.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RejectTransitGatewayVpcAttachmentResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RejectTransitGatewayVpcAttachmentRequest' + parameters: [] + /?Action=RejectVpcEndpointConnections&Version=2016-11-15: + get: + x-aws-operation-name: RejectVpcEndpointConnections + operationId: GET_RejectVpcEndpointConnections + description: Rejects one or more VPC endpoint connection requests to your VPC endpoint service. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RejectVpcEndpointConnectionsResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ServiceId + in: query + required: true + description: The ID of the service. + schema: + type: string + - name: VpcEndpointId + in: query + required: true + description: The IDs of one or more VPC endpoints. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcEndpointId' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RejectVpcEndpointConnections + operationId: POST_RejectVpcEndpointConnections + description: Rejects one or more VPC endpoint connection requests to your VPC endpoint service. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RejectVpcEndpointConnectionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RejectVpcEndpointConnectionsRequest' + parameters: [] + /?Action=RejectVpcPeeringConnection&Version=2016-11-15: + get: + x-aws-operation-name: RejectVpcPeeringConnection + operationId: GET_RejectVpcPeeringConnection + description: 'Rejects a VPC peering connection request. The VPC peering connection must be in the pending-acceptance state. Use the DescribeVpcPeeringConnections request to view your outstanding VPC peering connection requests. To delete an active VPC peering connection, or to delete a VPC peering connection request that you initiated, use DeleteVpcPeeringConnection.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RejectVpcPeeringConnectionResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcPeeringConnectionId + in: query + required: true + description: The ID of the VPC peering connection. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RejectVpcPeeringConnection + operationId: POST_RejectVpcPeeringConnection + description: 'Rejects a VPC peering connection request. The VPC peering connection must be in the pending-acceptance state. Use the DescribeVpcPeeringConnections request to view your outstanding VPC peering connection requests. To delete an active VPC peering connection, or to delete a VPC peering connection request that you initiated, use DeleteVpcPeeringConnection.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RejectVpcPeeringConnectionResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RejectVpcPeeringConnectionRequest' + parameters: [] + /?Action=ReleaseAddress&Version=2016-11-15: + get: + x-aws-operation-name: ReleaseAddress + operationId: GET_ReleaseAddress + description: '

Releases the specified Elastic IP address.

[EC2-Classic, default VPC] Releasing an Elastic IP address automatically disassociates it from any instance that it''s associated with. To disassociate an Elastic IP address without releasing it, use DisassociateAddress.

[Nondefault VPC] You must use DisassociateAddress to disassociate the Elastic IP address before you can release it. Otherwise, Amazon EC2 returns an error (InvalidIPAddress.InUse).

After releasing an Elastic IP address, it is released to the IP address pool. Be sure to update your DNS records and any servers or devices that communicate with the address. If you attempt to release an Elastic IP address that you already released, you''ll get an AuthFailure error if the address is already allocated to another Amazon Web Services account.

[EC2-VPC] After you release an Elastic IP address for use in a VPC, you might be able to recover it. For more information, see AllocateAddress.

' + responses: + '200': + description: Success + parameters: + - name: AllocationId + in: query + required: false + description: '[EC2-VPC] The allocation ID. Required for EC2-VPC.' + schema: + type: string + - name: PublicIp + in: query + required: false + description: '[EC2-Classic] The Elastic IP address. Required for EC2-Classic.' + schema: + type: string + - name: NetworkBorderGroup + in: query + required: false + description: '

The set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses.

If you provide an incorrect network border group, you receive an InvalidAddress.NotFound error.

You cannot use a network border group with EC2 Classic. If you attempt this operation on EC2 classic, you receive an InvalidParameterCombination error.

' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ReleaseAddress + operationId: POST_ReleaseAddress + description: '

Releases the specified Elastic IP address.

[EC2-Classic, default VPC] Releasing an Elastic IP address automatically disassociates it from any instance that it''s associated with. To disassociate an Elastic IP address without releasing it, use DisassociateAddress.

[Nondefault VPC] You must use DisassociateAddress to disassociate the Elastic IP address before you can release it. Otherwise, Amazon EC2 returns an error (InvalidIPAddress.InUse).

After releasing an Elastic IP address, it is released to the IP address pool. Be sure to update your DNS records and any servers or devices that communicate with the address. If you attempt to release an Elastic IP address that you already released, you''ll get an AuthFailure error if the address is already allocated to another Amazon Web Services account.

[EC2-VPC] After you release an Elastic IP address for use in a VPC, you might be able to recover it. For more information, see AllocateAddress.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ReleaseAddressRequest' + parameters: [] + /?Action=ReleaseHosts&Version=2016-11-15: + get: + x-aws-operation-name: ReleaseHosts + operationId: GET_ReleaseHosts + description: '

When you no longer want to use an On-Demand Dedicated Host it can be released. On-Demand billing is stopped and the host goes into released state. The host ID of Dedicated Hosts that have been released can no longer be specified in another request, for example, to modify the host. You must stop or terminate all instances on a host before it can be released.

When Dedicated Hosts are released, it may take some time for them to stop counting toward your limit and you may receive capacity errors when trying to allocate new Dedicated Hosts. Wait a few minutes and then try again.

Released hosts still appear in a DescribeHosts response.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ReleaseHostsResult' + parameters: + - name: HostId + in: query + required: true + description: The IDs of the Dedicated Hosts to release. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/DedicatedHostId' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ReleaseHosts + operationId: POST_ReleaseHosts + description: '

When you no longer want to use an On-Demand Dedicated Host it can be released. On-Demand billing is stopped and the host goes into released state. The host ID of Dedicated Hosts that have been released can no longer be specified in another request, for example, to modify the host. You must stop or terminate all instances on a host before it can be released.

When Dedicated Hosts are released, it may take some time for them to stop counting toward your limit and you may receive capacity errors when trying to allocate new Dedicated Hosts. Wait a few minutes and then try again.

Released hosts still appear in a DescribeHosts response.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ReleaseHostsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ReleaseHostsRequest' + parameters: [] + /?Action=ReleaseIpamPoolAllocation&Version=2016-11-15: + get: + x-aws-operation-name: ReleaseIpamPoolAllocation + operationId: GET_ReleaseIpamPoolAllocation + description: 'Release an allocation within an IPAM pool. You can only use this action to release manual allocations. To remove an allocation for a resource without deleting the resource, set its monitored state to false using ModifyIpamResourceCidr. For more information, see Release an allocation in the Amazon VPC IPAM User Guide. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ReleaseIpamPoolAllocationResult' + parameters: + - name: DryRun + in: query + required: false + description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: IpamPoolId + in: query + required: true + description: The ID of the IPAM pool which contains the allocation you want to release. + schema: + type: string + - name: Cidr + in: query + required: true + description: The CIDR of the allocation you want to release. + schema: + type: string + - name: IpamPoolAllocationId + in: query + required: true + description: The ID of the allocation. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ReleaseIpamPoolAllocation + operationId: POST_ReleaseIpamPoolAllocation + description: 'Release an allocation within an IPAM pool. You can only use this action to release manual allocations. To remove an allocation for a resource without deleting the resource, set its monitored state to false using ModifyIpamResourceCidr. For more information, see Release an allocation in the Amazon VPC IPAM User Guide. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ReleaseIpamPoolAllocationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ReleaseIpamPoolAllocationRequest' + parameters: [] + /?Action=ReplaceIamInstanceProfileAssociation&Version=2016-11-15: + get: + x-aws-operation-name: ReplaceIamInstanceProfileAssociation + operationId: GET_ReplaceIamInstanceProfileAssociation + description:

Replaces an IAM instance profile for the specified running instance. You can use this action to change the IAM instance profile that's associated with an instance without having to disassociate the existing IAM instance profile first.

Use DescribeIamInstanceProfileAssociations to get the association ID.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ReplaceIamInstanceProfileAssociationResult' + parameters: + - name: IamInstanceProfile + in: query + required: true + description: The IAM instance profile. + schema: + type: object + properties: + arn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the instance profile. + name: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the instance profile. + description: Describes an IAM instance profile. + - name: AssociationId + in: query + required: true + description: The ID of the existing IAM instance profile association. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ReplaceIamInstanceProfileAssociation + operationId: POST_ReplaceIamInstanceProfileAssociation + description:

Replaces an IAM instance profile for the specified running instance. You can use this action to change the IAM instance profile that's associated with an instance without having to disassociate the existing IAM instance profile first.

Use DescribeIamInstanceProfileAssociations to get the association ID.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ReplaceIamInstanceProfileAssociationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ReplaceIamInstanceProfileAssociationRequest' + parameters: [] + /?Action=ReplaceNetworkAclAssociation&Version=2016-11-15: + get: + x-aws-operation-name: ReplaceNetworkAclAssociation + operationId: GET_ReplaceNetworkAclAssociation + description: '

Changes which network ACL a subnet is associated with. By default when you create a subnet, it''s automatically associated with the default network ACL. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

This is an idempotent operation.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ReplaceNetworkAclAssociationResult' + parameters: + - name: AssociationId + in: query + required: true + description: The ID of the current association between the original network ACL and the subnet. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NetworkAclId + in: query + required: true + description: The ID of the new network ACL to associate with the subnet. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ReplaceNetworkAclAssociation + operationId: POST_ReplaceNetworkAclAssociation + description: '

Changes which network ACL a subnet is associated with. By default when you create a subnet, it''s automatically associated with the default network ACL. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

This is an idempotent operation.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ReplaceNetworkAclAssociationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ReplaceNetworkAclAssociationRequest' + parameters: [] + /?Action=ReplaceNetworkAclEntry&Version=2016-11-15: + get: + x-aws-operation-name: ReplaceNetworkAclEntry + operationId: GET_ReplaceNetworkAclEntry + description: 'Replaces an entry (rule) in a network ACL. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.' + responses: + '200': + description: Success + parameters: + - name: CidrBlock + in: query + required: false + description: 'The IPv4 network range to allow or deny, in CIDR notation (for example 172.16.0.0/24).' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Egress + in: query + required: true + description: '

Indicates whether to replace the egress rule.

Default: If no value is specified, we replace the ingress rule.

' + schema: + type: boolean + - name: Icmp + in: query + required: false + description: 'ICMP protocol: The ICMP or ICMPv6 type and code. Required if specifying protocol 1 (ICMP) or protocol 58 (ICMPv6) with an IPv6 CIDR block.' + schema: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The ICMP code. A value of -1 means all codes for the specified ICMP type. + type: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The ICMP type. A value of -1 means all types. + description: Describes the ICMP type and code. + - name: Ipv6CidrBlock + in: query + required: false + description: 'The IPv6 network range to allow or deny, in CIDR notation (for example 2001:bd8:1234:1a00::/64).' + schema: + type: string + - name: NetworkAclId + in: query + required: true + description: The ID of the ACL. + schema: + type: string + - name: PortRange + in: query + required: false + description: 'TCP or UDP protocols: The range of ports the rule applies to. Required if specifying protocol 6 (TCP) or 17 (UDP).' + schema: + type: object + properties: + from: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The first port in the range. + to: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The last port in the range. + description: Describes a range of ports. + - name: Protocol + in: query + required: true + description: 'The protocol number. A value of "-1" means all protocols. If you specify "-1" or a protocol number other than "6" (TCP), "17" (UDP), or "1" (ICMP), traffic on all ports is allowed, regardless of any ports or ICMP types or codes that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv4 CIDR block, traffic for all ICMP types and codes allowed, regardless of any that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv6 CIDR block, you must specify an ICMP type and code.' + schema: + type: string + - name: RuleAction + in: query + required: true + description: Indicates whether to allow or deny the traffic that matches the rule. + schema: + type: string + enum: + - allow + - deny + - name: RuleNumber + in: query + required: true + description: The rule number of the entry to replace. + schema: + type: integer + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ReplaceNetworkAclEntry + operationId: POST_ReplaceNetworkAclEntry + description: 'Replaces an entry (rule) in a network ACL. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide.' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ReplaceNetworkAclEntryRequest' + parameters: [] + /?Action=ReplaceRoute&Version=2016-11-15: + get: + x-aws-operation-name: ReplaceRoute + operationId: GET_ReplaceRoute + description: '

Replaces an existing route within a route table in a VPC. You must provide only one of the following: internet gateway, virtual private gateway, NAT instance, NAT gateway, VPC peering connection, network interface, egress-only internet gateway, or transit gateway.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + parameters: + - name: DestinationCidrBlock + in: query + required: false + description: The IPv4 CIDR address block used for the destination match. The value that you provide must match the CIDR of an existing route in the table. + schema: + type: string + - name: DestinationIpv6CidrBlock + in: query + required: false + description: The IPv6 CIDR address block used for the destination match. The value that you provide must match the CIDR of an existing route in the table. + schema: + type: string + - name: DestinationPrefixListId + in: query + required: false + description: The ID of the prefix list for the route. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: VpcEndpointId + in: query + required: false + description: The ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only. + schema: + type: string + - name: EgressOnlyInternetGatewayId + in: query + required: false + description: '[IPv6 traffic only] The ID of an egress-only internet gateway.' + schema: + type: string + - name: GatewayId + in: query + required: false + description: The ID of an internet gateway or virtual private gateway. + schema: + type: string + - name: InstanceId + in: query + required: false + description: The ID of a NAT instance in your VPC. + schema: + type: string + - name: LocalTarget + in: query + required: false + description: Specifies whether to reset the local route to its default target (local). + schema: + type: boolean + - name: NatGatewayId + in: query + required: false + description: '[IPv4 traffic only] The ID of a NAT gateway.' + schema: + type: string + - name: TransitGatewayId + in: query + required: false + description: The ID of a transit gateway. + schema: + type: string + - name: LocalGatewayId + in: query + required: false + description: The ID of the local gateway. + schema: + type: string + - name: CarrierGatewayId + in: query + required: false + description: '[IPv4 traffic only] The ID of a carrier gateway.' + schema: + type: string + - name: NetworkInterfaceId + in: query + required: false + description: The ID of a network interface. + schema: + type: string + - name: RouteTableId + in: query + required: true + description: The ID of the route table. + schema: + type: string + - name: VpcPeeringConnectionId + in: query + required: false + description: The ID of a VPC peering connection. + schema: + type: string + - name: CoreNetworkArn + in: query + required: false + description: The Amazon Resource Name (ARN) of the core network. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ReplaceRoute + operationId: POST_ReplaceRoute + description: '

Replaces an existing route within a route table in a VPC. You must provide only one of the following: internet gateway, virtual private gateway, NAT instance, NAT gateway, VPC peering connection, network interface, egress-only internet gateway, or transit gateway.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ReplaceRouteRequest' + parameters: [] + /?Action=ReplaceRouteTableAssociation&Version=2016-11-15: + get: + x-aws-operation-name: ReplaceRouteTableAssociation + operationId: GET_ReplaceRouteTableAssociation + description: '

Changes the route table associated with a given subnet, internet gateway, or virtual private gateway in a VPC. After the operation completes, the subnet or gateway uses the routes in the new route table. For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide.

You can also use this operation to change which table is the main route table in the VPC. Specify the main route table''s association ID and the route table ID of the new main route table.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ReplaceRouteTableAssociationResult' + parameters: + - name: AssociationId + in: query + required: true + description: The association ID. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: RouteTableId + in: query + required: true + description: The ID of the new route table to associate with the subnet. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ReplaceRouteTableAssociation + operationId: POST_ReplaceRouteTableAssociation + description: '

Changes the route table associated with a given subnet, internet gateway, or virtual private gateway in a VPC. After the operation completes, the subnet or gateway uses the routes in the new route table. For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide.

You can also use this operation to change which table is the main route table in the VPC. Specify the main route table''s association ID and the route table ID of the new main route table.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ReplaceRouteTableAssociationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ReplaceRouteTableAssociationRequest' + parameters: [] + /?Action=ReplaceTransitGatewayRoute&Version=2016-11-15: + get: + x-aws-operation-name: ReplaceTransitGatewayRoute + operationId: GET_ReplaceTransitGatewayRoute + description: Replaces the specified route in the specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ReplaceTransitGatewayRouteResult' + parameters: + - name: DestinationCidrBlock + in: query + required: true + description: The CIDR range used for the destination match. Routing decisions are based on the most specific match. + schema: + type: string + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the route table. + schema: + type: string + - name: TransitGatewayAttachmentId + in: query + required: false + description: The ID of the attachment. + schema: + type: string + - name: Blackhole + in: query + required: false + description: Indicates whether traffic matching this route is to be dropped. + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ReplaceTransitGatewayRoute + operationId: POST_ReplaceTransitGatewayRoute + description: Replaces the specified route in the specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ReplaceTransitGatewayRouteResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ReplaceTransitGatewayRouteRequest' + parameters: [] + /?Action=ReportInstanceStatus&Version=2016-11-15: + get: + x-aws-operation-name: ReportInstanceStatus + operationId: GET_ReportInstanceStatus + description: '

Submits feedback about the status of an instance. The instance must be in the running state. If your experience with the instance differs from the instance status returned by DescribeInstanceStatus, use ReportInstanceStatus to report your experience with the instance. Amazon EC2 collects this information to improve the accuracy of status checks.

Use of this action does not change the value returned by DescribeInstanceStatus.

' + responses: + '200': + description: Success + parameters: + - name: Description + in: query + required: false + description: Descriptive text about the health state of your instance. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: EndTime + in: query + required: false + description: The time at which the reported instance health state ended. + schema: + type: string + format: date-time + - name: InstanceId + in: query + required: true + description: The instances. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + - name: ReasonCode + in: query + required: true + description: '

The reason codes that describe the health state of your instance.

  • instance-stuck-in-state: My instance is stuck in a state.

  • unresponsive: My instance is unresponsive.

  • not-accepting-credentials: My instance is not accepting my credentials.

  • password-not-available: A password is not available for my instance.

  • performance-network: My instance is experiencing performance problems that I believe are network related.

  • performance-instance-store: My instance is experiencing performance problems that I believe are related to the instance stores.

  • performance-ebs-volume: My instance is experiencing performance problems that I believe are related to an EBS volume.

  • performance-other: My instance is experiencing performance problems.

  • other: [explain using the description parameter]

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReportInstanceReasonCodes' + - xml: + name: item + - name: StartTime + in: query + required: false + description: The time at which the reported instance health state began. + schema: + type: string + format: date-time + - name: Status + in: query + required: true + description: The status of all instances listed. + schema: + type: string + enum: + - ok + - impaired + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ReportInstanceStatus + operationId: POST_ReportInstanceStatus + description: '

Submits feedback about the status of an instance. The instance must be in the running state. If your experience with the instance differs from the instance status returned by DescribeInstanceStatus, use ReportInstanceStatus to report your experience with the instance. Amazon EC2 collects this information to improve the accuracy of status checks.

Use of this action does not change the value returned by DescribeInstanceStatus.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ReportInstanceStatusRequest' + parameters: [] + /?Action=RequestSpotFleet&Version=2016-11-15: + get: + x-aws-operation-name: RequestSpotFleet + operationId: GET_RequestSpotFleet + description: '

Creates a Spot Fleet request.

The Spot Fleet request specifies the total target capacity and the On-Demand target capacity. Amazon EC2 calculates the difference between the total capacity and On-Demand capacity, and launches the difference as Spot capacity.

You can submit a single request that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet.

By default, the Spot Fleet requests Spot Instances in the Spot Instance pool where the price per unit is the lowest. Each launch specification can include its own instance weighting that reflects the value of the instance type to your application workload.

Alternatively, you can specify that the Spot Fleet distribute the target capacity across the Spot pools included in its launch specifications. By ensuring that the Spot Instances in your Spot Fleet are in different Spot pools, you can improve the availability of your fleet.

You can specify tags for the Spot Fleet request and instances launched by the fleet. You cannot tag other resource types in a Spot Fleet request because only the spot-fleet-request and instance resource types are supported.

For more information, see Spot Fleet requests in the Amazon EC2 User Guide for Linux Instances.

We strongly discourage using the RequestSpotFleet API because it is a legacy API with no planned investment. For options for requesting Spot Instances, see Which is the best Spot request method to use? in the Amazon EC2 User Guide for Linux Instances.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RequestSpotFleetResponse' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: SpotFleetRequestConfig + in: query + required: true + description: The configuration for the Spot Fleet request. + schema: + type: object + required: + - IamFleetRole + - TargetCapacity + properties: + allocationStrategy: + allOf: + - $ref: '#/components/schemas/AllocationStrategy' + - description: '

Indicates how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the Spot Fleet request.

If the allocation strategy is lowestPrice, Spot Fleet launches instances from the Spot Instance pools with the lowest price. This is the default allocation strategy.

If the allocation strategy is diversified, Spot Fleet launches instances from all the Spot Instance pools that you specify.

If the allocation strategy is capacityOptimized (recommended), Spot Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching. To give certain instance types a higher chance of launching first, use capacityOptimizedPrioritized. Set a priority for each instance type by using the Priority parameter for LaunchTemplateOverrides. You can assign the same priority to different LaunchTemplateOverrides. EC2 implements the priorities on a best-effort basis, but optimizes for capacity first. capacityOptimizedPrioritized is supported only if your Spot Fleet uses a launch template. Note that if the OnDemandAllocationStrategy is set to prioritized, the same priority is applied when fulfilling On-Demand capacity.

' + onDemandAllocationStrategy: + allOf: + - $ref: '#/components/schemas/OnDemandAllocationStrategy' + - description: 'The order of the launch template overrides to use in fulfilling On-Demand capacity. If you specify lowestPrice, Spot Fleet uses price to determine the order, launching the lowest price first. If you specify prioritized, Spot Fleet uses the priority that you assign to each Spot Fleet launch template override, launching the highest priority first. If you do not specify a value, Spot Fleet defaults to lowestPrice.' + spotMaintenanceStrategies: + allOf: + - $ref: '#/components/schemas/SpotMaintenanceStrategies' + - description: The strategies for managing your Spot Instances that are at an elevated risk of being interrupted. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of your listings. This helps to avoid duplicate listings. For more information, see Ensuring Idempotency.' + excessCapacityTerminationPolicy: + allOf: + - $ref: '#/components/schemas/ExcessCapacityTerminationPolicy' + - description: Indicates whether running Spot Instances should be terminated if you decrease the target capacity of the Spot Fleet request below the current size of the Spot Fleet. + fulfilledCapacity: + allOf: + - $ref: '#/components/schemas/Double' + - description: The number of units fulfilled by this request compared to the set target capacity. You cannot set this value. + onDemandFulfilledCapacity: + allOf: + - $ref: '#/components/schemas/Double' + - description: The number of On-Demand units fulfilled by this request compared to the set target On-Demand capacity. + iamFleetRole: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that grants the Spot Fleet the permission to request, launch, terminate, and tag instances on your behalf. For more information, see Spot Fleet prerequisites in the Amazon EC2 User Guide for Linux Instances. Spot Fleet can terminate Spot Instances on your behalf when you cancel its Spot Fleet request using CancelSpotFleetRequests or when the Spot Fleet request expires, if you set TerminateInstancesWithExpiration.' + launchSpecifications: + allOf: + - $ref: '#/components/schemas/LaunchSpecsList' + - description: 'The launch specifications for the Spot Fleet request. If you specify LaunchSpecifications, you can''t specify LaunchTemplateConfigs. If you include On-Demand capacity in your request, you must use LaunchTemplateConfigs.' + launchTemplateConfigs: + allOf: + - $ref: '#/components/schemas/LaunchTemplateConfigList' + - description: 'The launch template and overrides. If you specify LaunchTemplateConfigs, you can''t specify LaunchSpecifications. If you include On-Demand capacity in your request, you must use LaunchTemplateConfigs.' + spotPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The maximum price per unit hour that you are willing to pay for a Spot Instance. The default is the On-Demand price. + targetCapacity: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The number of units to request for the Spot Fleet. You can choose to set the target capacity in terms of instances or a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.' + onDemandTargetCapacity: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The number of On-Demand units to request. You can choose to set the target capacity in terms of instances or a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.' + onDemandMaxTotalPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The maximum amount per hour for On-Demand Instances that you''re willing to pay. You can use the onDemandMaxTotalPrice parameter, the spotMaxTotalPrice parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, Spot Fleet will launch instances until it reaches the maximum amount you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity.' + spotMaxTotalPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The maximum amount per hour for Spot Instances that you''re willing to pay. You can use the spotdMaxTotalPrice parameter, the onDemandMaxTotalPrice parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, Spot Fleet will launch instances until it reaches the maximum amount you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity.' + terminateInstancesWithExpiration: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether running Spot Instances are terminated when the Spot Fleet request expires. + type: + allOf: + - $ref: '#/components/schemas/FleetType' + - description: 'The type of request. Indicates whether the Spot Fleet only requests the target capacity or also attempts to maintain it. When this value is request, the Spot Fleet only places the required requests. It does not attempt to replenish Spot Instances if capacity is diminished, nor does it submit requests in alternative Spot pools if capacity is not available. When this value is maintain, the Spot Fleet maintains the target capacity. The Spot Fleet places the required requests to meet capacity and automatically replenishes any interrupted instances. Default: maintain. instant is listed but is not used by Spot Fleet.' + validFrom: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The start date and time of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). By default, Amazon EC2 starts fulfilling the request immediately.' + validUntil: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The end date and time of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). After the end date and time, no new Spot Instance requests are placed or able to fulfill the request. If no value is specified, the Spot Fleet request remains until you cancel it.' + replaceUnhealthyInstances: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether Spot Fleet should replace unhealthy instances. + instanceInterruptionBehavior: + allOf: + - $ref: '#/components/schemas/InstanceInterruptionBehavior' + - description: The behavior when a Spot Instance is interrupted. The default is terminate. + loadBalancersConfig: + allOf: + - $ref: '#/components/schemas/LoadBalancersConfig' + - description: '

One or more Classic Load Balancers and target groups to attach to the Spot Fleet request. Spot Fleet registers the running Spot Instances with the specified Classic Load Balancers and target groups.

With Network Load Balancers, Spot Fleet cannot register instances that have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1, G2, HI1, HS1, M1, M2, M3, and T1.

' + instancePoolsToUseCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The number of Spot pools across which to allocate your target Spot capacity. Valid only when Spot AllocationStrategy is set to lowest-price. Spot Fleet selects the cheapest Spot pools and evenly allocates your target Spot capacity across the number of Spot pools that you specify.

Note that Spot Fleet attempts to draw Spot Instances from the number of pools that you specify on a best effort basis. If a pool runs out of Spot capacity before fulfilling your target capacity, Spot Fleet will continue to fulfill your request by drawing from the next cheapest pool. To ensure that your target capacity is met, you might receive Spot Instances from more than the number of pools that you specified. Similarly, if most of the pools have no Spot capacity, you might receive your full target capacity from fewer than the number of pools that you specified.

' + context: + allOf: + - $ref: '#/components/schemas/String' + - description: Reserved. + targetCapacityUnitType: + allOf: + - $ref: '#/components/schemas/TargetCapacityUnitType' + - description: '

The unit for the target capacity.

Default: units (translates to number of instances)

' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: 'The key-value pair for tagging the Spot Fleet request on creation. The value for ResourceType must be spot-fleet-request, otherwise the Spot Fleet request fails. To tag instances at launch, specify the tags in the launch template (valid only if you use LaunchTemplateConfigs) or in the SpotFleetTagSpecification (valid only if you use LaunchSpecifications). For information about tagging after launch, see Tagging Your Resources.' + description: Describes the configuration of a Spot Fleet request. + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RequestSpotFleet + operationId: POST_RequestSpotFleet + description: '

Creates a Spot Fleet request.

The Spot Fleet request specifies the total target capacity and the On-Demand target capacity. Amazon EC2 calculates the difference between the total capacity and On-Demand capacity, and launches the difference as Spot capacity.

You can submit a single request that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet.

By default, the Spot Fleet requests Spot Instances in the Spot Instance pool where the price per unit is the lowest. Each launch specification can include its own instance weighting that reflects the value of the instance type to your application workload.

Alternatively, you can specify that the Spot Fleet distribute the target capacity across the Spot pools included in its launch specifications. By ensuring that the Spot Instances in your Spot Fleet are in different Spot pools, you can improve the availability of your fleet.

You can specify tags for the Spot Fleet request and instances launched by the fleet. You cannot tag other resource types in a Spot Fleet request because only the spot-fleet-request and instance resource types are supported.

For more information, see Spot Fleet requests in the Amazon EC2 User Guide for Linux Instances.

We strongly discourage using the RequestSpotFleet API because it is a legacy API with no planned investment. For options for requesting Spot Instances, see Which is the best Spot request method to use? in the Amazon EC2 User Guide for Linux Instances.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RequestSpotFleetResponse' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RequestSpotFleetRequest' + parameters: [] + /?Action=RequestSpotInstances&Version=2016-11-15: + get: + x-aws-operation-name: RequestSpotInstances + operationId: GET_RequestSpotInstances + description: '

Creates a Spot Instance request.

For more information, see Spot Instance requests in the Amazon EC2 User Guide for Linux Instances.

We strongly discourage using the RequestSpotInstances API because it is a legacy API with no planned investment. For options for requesting Spot Instances, see Which is the best Spot request method to use? in the Amazon EC2 User Guide for Linux Instances.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RequestSpotInstancesResult' + parameters: + - name: AvailabilityZoneGroup + in: query + required: false + description: '

The user-specified name for a logical grouping of requests.

When you specify an Availability Zone group in a Spot Instance request, all Spot Instances in the request are launched in the same Availability Zone. Instance proximity is maintained with this parameter, but the choice of Availability Zone is not. The group applies only to requests for Spot Instances of the same instance type. Any additional Spot Instance requests that are specified with the same Availability Zone group name are launched in that same Availability Zone, as long as at least one instance from the group is still active.

If there is no active instance running in the Availability Zone group that you specify for a new Spot Instance request (all instances are terminated, the request is expired, or the maximum price you specified falls below current Spot price), then Amazon EC2 launches the instance in any Availability Zone where the constraint can be met. Consequently, the subsequent set of Spot Instances could be placed in a different zone from the original request, even if you specified the same Availability Zone group.

Default: Instances are launched in any available Availability Zone.

' + schema: + type: string + - name: BlockDurationMinutes + in: query + required: false + description: Deprecated. + schema: + type: integer + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency in the Amazon EC2 User Guide for Linux Instances.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceCount + in: query + required: false + description: '

The maximum number of Spot Instances to launch.

Default: 1

' + schema: + type: integer + - name: LaunchGroup + in: query + required: false + description: '

The instance launch group. Launch groups are Spot Instances that launch together and terminate together.

Default: Instances are launched and terminated individually

' + schema: + type: string + - name: LaunchSpecification + in: query + required: false + description: The launch specification. + schema: + type: object + properties: + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/RequestSpotLaunchSpecificationSecurityGroupIdList' + - description: One or more security group IDs. + SecurityGroup: + allOf: + - $ref: '#/components/schemas/RequestSpotLaunchSpecificationSecurityGroupList' + - description: 'One or more security groups. When requesting instances in a VPC, you must specify the IDs of the security groups. When requesting instances in EC2-Classic, you can specify the names or the IDs of the security groups.' + addressingType: + allOf: + - $ref: '#/components/schemas/String' + - description: Deprecated. + blockDeviceMapping: + allOf: + - $ref: '#/components/schemas/BlockDeviceMappingList' + - description: 'One or more block device mapping entries. You can''t specify both a snapshot ID and an encryption value. This is because only blank volumes can be encrypted on creation. If a snapshot is the basis for a volume, it is not blank and its encryption status is used for the volume encryption status.' + ebsOptimized: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Indicates whether the instance is optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn''t available with all instance types. Additional usage charges apply when using an EBS Optimized instance.

Default: false

' + iamInstanceProfile: + allOf: + - $ref: '#/components/schemas/IamInstanceProfileSpecification' + - description: The IAM instance profile. + imageId: + allOf: + - $ref: '#/components/schemas/ImageId' + - description: The ID of the AMI. + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type. Only one instance type can be specified. + kernelId: + allOf: + - $ref: '#/components/schemas/KernelId' + - description: The ID of the kernel. + keyName: + allOf: + - $ref: '#/components/schemas/KeyPairName' + - description: The name of the key pair. + monitoring: + allOf: + - $ref: '#/components/schemas/RunInstancesMonitoringEnabled' + - description: '

Indicates whether basic or detailed monitoring is enabled for the instance.

Default: Disabled

' + NetworkInterface: + allOf: + - $ref: '#/components/schemas/InstanceNetworkInterfaceSpecificationList' + - description: 'One or more network interfaces. If you specify a network interface, you must specify subnet IDs and security group IDs using the network interface.' + placement: + allOf: + - $ref: '#/components/schemas/SpotPlacement' + - description: The placement information for the instance. + ramdiskId: + allOf: + - $ref: '#/components/schemas/RamdiskId' + - description: The ID of the RAM disk. + subnetId: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: The ID of the subnet in which to launch the instance. + userData: + allOf: + - $ref: '#/components/schemas/String' + - description: The Base64-encoded user data for the instance. User data is limited to 16 KB. + description: Describes the launch specification for an instance. + - name: SpotPrice + in: query + required: false + description: The maximum price per hour that you are willing to pay for a Spot Instance. The default is the On-Demand price. + schema: + type: string + - name: Type + in: query + required: false + description: '

The Spot Instance request type.

Default: one-time

' + schema: + type: string + enum: + - one-time + - persistent + - name: ValidFrom + in: query + required: false + description: '

The start date of the request. If this is a one-time request, the request becomes active at this date and time and remains active until all instances launch, the request expires, or the request is canceled. If the request is persistent, the request becomes active at this date and time and remains active until it expires or is canceled.

The specified start date and time cannot be equal to the current date and time. You must specify a start date and time that occurs after the current date and time.

' + schema: + type: string + format: date-time + - name: ValidUntil + in: query + required: false + description: '

The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ).

  • For a persistent request, the request remains active until the ValidUntil date and time is reached. Otherwise, the request remains active until you cancel it.

  • For a one-time request, the request remains active until all instances launch, the request is canceled, or the ValidUntil date and time is reached. By default, the request is valid for 7 days from the date the request was created.

' + schema: + type: string + format: date-time + - name: TagSpecification + in: query + required: false + description: 'The key-value pair for tagging the Spot Instance request on creation. The value for ResourceType must be spot-instances-request, otherwise the Spot Instance request fails. To tag the Spot Instance request after it has been created, see CreateTags. ' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: InstanceInterruptionBehavior + in: query + required: false + description: The behavior when a Spot Instance is interrupted. The default is terminate. + schema: + type: string + enum: + - hibernate + - stop + - terminate + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RequestSpotInstances + operationId: POST_RequestSpotInstances + description: '

Creates a Spot Instance request.

For more information, see Spot Instance requests in the Amazon EC2 User Guide for Linux Instances.

We strongly discourage using the RequestSpotInstances API because it is a legacy API with no planned investment. For options for requesting Spot Instances, see Which is the best Spot request method to use? in the Amazon EC2 User Guide for Linux Instances.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RequestSpotInstancesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RequestSpotInstancesRequest' + parameters: [] + /?Action=ResetAddressAttribute&Version=2016-11-15: + get: + x-aws-operation-name: ResetAddressAttribute + operationId: GET_ResetAddressAttribute + description: 'Resets the attribute of the specified IP address. For requirements, see Using reverse DNS for email applications.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ResetAddressAttributeResult' + parameters: + - name: AllocationId + in: query + required: true + description: '[EC2-VPC] The allocation ID.' + schema: + type: string + - name: Attribute + in: query + required: true + description: The attribute of the IP address. + schema: + type: string + enum: + - domain-name + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ResetAddressAttribute + operationId: POST_ResetAddressAttribute + description: 'Resets the attribute of the specified IP address. For requirements, see Using reverse DNS for email applications.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ResetAddressAttributeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ResetAddressAttributeRequest' + parameters: [] + /?Action=ResetEbsDefaultKmsKeyId&Version=2016-11-15: + get: + x-aws-operation-name: ResetEbsDefaultKmsKeyId + operationId: GET_ResetEbsDefaultKmsKeyId + description: '

Resets the default KMS key for EBS encryption for your account in this Region to the Amazon Web Services managed KMS key for EBS.

After resetting the default KMS key to the Amazon Web Services managed KMS key, you can continue to encrypt by a customer managed KMS key by specifying it when you create the volume. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ResetEbsDefaultKmsKeyIdResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ResetEbsDefaultKmsKeyId + operationId: POST_ResetEbsDefaultKmsKeyId + description: '

Resets the default KMS key for EBS encryption for your account in this Region to the Amazon Web Services managed KMS key for EBS.

After resetting the default KMS key to the Amazon Web Services managed KMS key, you can continue to encrypt by a customer managed KMS key by specifying it when you create the volume. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ResetEbsDefaultKmsKeyIdResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ResetEbsDefaultKmsKeyIdRequest' + parameters: [] + /?Action=ResetFpgaImageAttribute&Version=2016-11-15: + get: + x-aws-operation-name: ResetFpgaImageAttribute + operationId: GET_ResetFpgaImageAttribute + description: Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its default value. You can only reset the load permission attribute. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ResetFpgaImageAttributeResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: FpgaImageId + in: query + required: true + description: The ID of the AFI. + schema: + type: string + - name: Attribute + in: query + required: false + description: The attribute. + schema: + type: string + enum: + - loadPermission + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ResetFpgaImageAttribute + operationId: POST_ResetFpgaImageAttribute + description: Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its default value. You can only reset the load permission attribute. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ResetFpgaImageAttributeResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ResetFpgaImageAttributeRequest' + parameters: [] + /?Action=ResetImageAttribute&Version=2016-11-15: + get: + x-aws-operation-name: ResetImageAttribute + operationId: GET_ResetImageAttribute + description: Resets an attribute of an AMI to its default value. + responses: + '200': + description: Success + parameters: + - name: Attribute + in: query + required: true + description: The attribute to reset (currently you can only reset the launch permission attribute). + schema: + type: string + enum: + - launchPermission + - name: ImageId + in: query + required: true + description: The ID of the AMI. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ResetImageAttribute + operationId: POST_ResetImageAttribute + description: Resets an attribute of an AMI to its default value. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ResetImageAttributeRequest' + parameters: [] + /?Action=ResetInstanceAttribute&Version=2016-11-15: + get: + x-aws-operation-name: ResetInstanceAttribute + operationId: GET_ResetInstanceAttribute + description: '

Resets an attribute of an instance to its default value. To reset the kernel or ramdisk, the instance must be in a stopped state. To reset the sourceDestCheck, the instance can be either running or stopped.

The sourceDestCheck attribute controls whether source/destination checking is enabled. The default value is true, which means checking is enabled. This value must be false for a NAT instance to perform NAT. For more information, see NAT Instances in the Amazon VPC User Guide.

' + responses: + '200': + description: Success + parameters: + - name: Attribute + in: query + required: true + description: '

The attribute to reset.

You can only reset the following attributes: kernel | ramdisk | sourceDestCheck.

' + schema: + type: string + enum: + - instanceType + - kernel + - ramdisk + - userData + - disableApiTermination + - instanceInitiatedShutdownBehavior + - rootDeviceName + - blockDeviceMapping + - productCodes + - sourceDestCheck + - groupSet + - ebsOptimized + - sriovNetSupport + - enaSupport + - enclaveOptions + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceId + in: query + required: true + description: The ID of the instance. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ResetInstanceAttribute + operationId: POST_ResetInstanceAttribute + description: '

Resets an attribute of an instance to its default value. To reset the kernel or ramdisk, the instance must be in a stopped state. To reset the sourceDestCheck, the instance can be either running or stopped.

The sourceDestCheck attribute controls whether source/destination checking is enabled. The default value is true, which means checking is enabled. This value must be false for a NAT instance to perform NAT. For more information, see NAT Instances in the Amazon VPC User Guide.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ResetInstanceAttributeRequest' + parameters: [] + /?Action=ResetNetworkInterfaceAttribute&Version=2016-11-15: + get: + x-aws-operation-name: ResetNetworkInterfaceAttribute + operationId: GET_ResetNetworkInterfaceAttribute + description: Resets a network interface attribute. You can specify only one attribute at a time. + responses: + '200': + description: Success + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: NetworkInterfaceId + in: query + required: true + description: The ID of the network interface. + schema: + type: string + - name: SourceDestCheck + in: query + required: false + description: The source/destination checking attribute. Resets the value to true. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ResetNetworkInterfaceAttribute + operationId: POST_ResetNetworkInterfaceAttribute + description: Resets a network interface attribute. You can specify only one attribute at a time. + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ResetNetworkInterfaceAttributeRequest' + parameters: [] + /?Action=ResetSnapshotAttribute&Version=2016-11-15: + get: + x-aws-operation-name: ResetSnapshotAttribute + operationId: GET_ResetSnapshotAttribute + description: '

Resets permission settings for the specified snapshot.

For more information about modifying snapshot permissions, see Share a snapshot in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + parameters: + - name: Attribute + in: query + required: true + description: 'The attribute to reset. Currently, only the attribute for permission to create volumes can be reset.' + schema: + type: string + enum: + - productCodes + - createVolumePermission + - name: SnapshotId + in: query + required: true + description: The ID of the snapshot. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: ResetSnapshotAttribute + operationId: POST_ResetSnapshotAttribute + description: '

Resets permission settings for the specified snapshot.

For more information about modifying snapshot permissions, see Share a snapshot in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ResetSnapshotAttributeRequest' + parameters: [] + /?Action=RestoreAddressToClassic&Version=2016-11-15: + get: + x-aws-operation-name: RestoreAddressToClassic + operationId: GET_RestoreAddressToClassic + description: Restores an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform. You cannot move an Elastic IP address that was originally allocated for use in EC2-VPC. The Elastic IP address must not be associated with an instance or network interface. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreAddressToClassicResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: PublicIp + in: query + required: true + description: The Elastic IP address. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RestoreAddressToClassic + operationId: POST_RestoreAddressToClassic + description: Restores an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform. You cannot move an Elastic IP address that was originally allocated for use in EC2-VPC. The Elastic IP address must not be associated with an instance or network interface. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreAddressToClassicResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreAddressToClassicRequest' + parameters: [] + /?Action=RestoreImageFromRecycleBin&Version=2016-11-15: + get: + x-aws-operation-name: RestoreImageFromRecycleBin + operationId: GET_RestoreImageFromRecycleBin + description: 'Restores an AMI from the Recycle Bin. For more information, see Recycle Bin in the Amazon Elastic Compute Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreImageFromRecycleBinResult' + parameters: + - name: ImageId + in: query + required: true + description: The ID of the AMI to restore. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RestoreImageFromRecycleBin + operationId: POST_RestoreImageFromRecycleBin + description: 'Restores an AMI from the Recycle Bin. For more information, see Recycle Bin in the Amazon Elastic Compute Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreImageFromRecycleBinResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreImageFromRecycleBinRequest' + parameters: [] + /?Action=RestoreManagedPrefixListVersion&Version=2016-11-15: + get: + x-aws-operation-name: RestoreManagedPrefixListVersion + operationId: GET_RestoreManagedPrefixListVersion + description: Restores the entries from a previous version of a managed prefix list to a new version of the prefix list. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreManagedPrefixListVersionResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: PrefixListId + in: query + required: true + description: The ID of the prefix list. + schema: + type: string + - name: PreviousVersion + in: query + required: true + description: The version to restore. + schema: + type: integer + - name: CurrentVersion + in: query + required: true + description: The current version number for the prefix list. + schema: + type: integer + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RestoreManagedPrefixListVersion + operationId: POST_RestoreManagedPrefixListVersion + description: Restores the entries from a previous version of a managed prefix list to a new version of the prefix list. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreManagedPrefixListVersionResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreManagedPrefixListVersionRequest' + parameters: [] + /?Action=RestoreSnapshotFromRecycleBin&Version=2016-11-15: + get: + x-aws-operation-name: RestoreSnapshotFromRecycleBin + operationId: GET_RestoreSnapshotFromRecycleBin + description: 'Restores a snapshot from the Recycle Bin. For more information, see Restore snapshots from the Recycle Bin in the Amazon Elastic Compute Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreSnapshotFromRecycleBinResult' + parameters: + - name: SnapshotId + in: query + required: true + description: The ID of the snapshot to restore. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RestoreSnapshotFromRecycleBin + operationId: POST_RestoreSnapshotFromRecycleBin + description: 'Restores a snapshot from the Recycle Bin. For more information, see Restore snapshots from the Recycle Bin in the Amazon Elastic Compute Cloud User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreSnapshotFromRecycleBinResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreSnapshotFromRecycleBinRequest' + parameters: [] + /?Action=RestoreSnapshotTier&Version=2016-11-15: + get: + x-aws-operation-name: RestoreSnapshotTier + operationId: GET_RestoreSnapshotTier + description: '

Restores an archived Amazon EBS snapshot for use temporarily or permanently, or modifies the restore period or restore type for a snapshot that was previously temporarily restored.

For more information see Restore an archived snapshot and modify the restore period or restore type for a temporarily restored snapshot in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreSnapshotTierResult' + parameters: + - name: SnapshotId + in: query + required: true + description: The ID of the snapshot to restore. + schema: + type: string + - name: TemporaryRestoreDays + in: query + required: false + description: '

Specifies the number of days for which to temporarily restore an archived snapshot. Required for temporary restores only. The snapshot will be automatically re-archived after this period.

To temporarily restore an archived snapshot, specify the number of days and omit the PermanentRestore parameter or set it to false.

' + schema: + type: integer + - name: PermanentRestore + in: query + required: false + description: 'Indicates whether to permanently restore an archived snapshot. To permanently restore an archived snapshot, specify true and omit the RestoreSnapshotTierRequest$TemporaryRestoreDays parameter.' + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RestoreSnapshotTier + operationId: POST_RestoreSnapshotTier + description: '

Restores an archived Amazon EBS snapshot for use temporarily or permanently, or modifies the restore period or restore type for a snapshot that was previously temporarily restored.

For more information see Restore an archived snapshot and modify the restore period or restore type for a temporarily restored snapshot in the Amazon Elastic Compute Cloud User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreSnapshotTierResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreSnapshotTierRequest' + parameters: [] + /?Action=RevokeClientVpnIngress&Version=2016-11-15: + get: + x-aws-operation-name: RevokeClientVpnIngress + operationId: GET_RevokeClientVpnIngress + description: 'Removes an ingress authorization rule from a Client VPN endpoint. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RevokeClientVpnIngressResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint with which the authorization rule is associated. + schema: + type: string + - name: TargetNetworkCidr + in: query + required: true + description: 'The IPv4 address range, in CIDR notation, of the network for which access is being removed.' + schema: + type: string + - name: AccessGroupId + in: query + required: false + description: 'The ID of the Active Directory group for which to revoke access. ' + schema: + type: string + - name: RevokeAllGroups + in: query + required: false + description: Indicates whether access should be revoked for all clients. + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RevokeClientVpnIngress + operationId: POST_RevokeClientVpnIngress + description: 'Removes an ingress authorization rule from a Client VPN endpoint. ' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RevokeClientVpnIngressResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RevokeClientVpnIngressRequest' + parameters: [] + /?Action=RevokeSecurityGroupEgress&Version=2016-11-15: + get: + x-aws-operation-name: RevokeSecurityGroupEgress + operationId: GET_RevokeSecurityGroupEgress + description: '

[VPC only] Removes the specified outbound (egress) rules from a security group for EC2-VPC. This action does not apply to security groups for use in EC2-Classic.

You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule''s values exactly. Each rule has a protocol, from and to ports, and destination (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.

[Default VPC] If the values you specify do not match the existing rule''s values, no error is returned, and the output describes the security group rules that were not revoked.

Amazon Web Services recommends that you describe the security group to verify that the rules were removed.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RevokeSecurityGroupEgressResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: GroupId + in: query + required: true + description: The ID of the security group. + schema: + type: string + - name: IpPermissions + in: query + required: false + description: The sets of IP permissions. You can't specify a destination security group and a CIDR IP address range in the same set of permissions. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpPermission' + - xml: + name: item + - name: SecurityGroupRuleId + in: query + required: false + description: The IDs of the security group rules. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: CidrIp + in: query + required: false + description: Not supported. Use a set of IP permissions to specify the CIDR. + schema: + type: string + - name: FromPort + in: query + required: false + description: Not supported. Use a set of IP permissions to specify the port. + schema: + type: integer + - name: IpProtocol + in: query + required: false + description: Not supported. Use a set of IP permissions to specify the protocol name or number. + schema: + type: string + - name: ToPort + in: query + required: false + description: Not supported. Use a set of IP permissions to specify the port. + schema: + type: integer + - name: SourceSecurityGroupName + in: query + required: false + description: Not supported. Use a set of IP permissions to specify a destination security group. + schema: + type: string + - name: SourceSecurityGroupOwnerId + in: query + required: false + description: Not supported. Use a set of IP permissions to specify a destination security group. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RevokeSecurityGroupEgress + operationId: POST_RevokeSecurityGroupEgress + description: '

[VPC only] Removes the specified outbound (egress) rules from a security group for EC2-VPC. This action does not apply to security groups for use in EC2-Classic.

You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule''s values exactly. Each rule has a protocol, from and to ports, and destination (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.

[Default VPC] If the values you specify do not match the existing rule''s values, no error is returned, and the output describes the security group rules that were not revoked.

Amazon Web Services recommends that you describe the security group to verify that the rules were removed.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RevokeSecurityGroupEgressResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RevokeSecurityGroupEgressRequest' + parameters: [] + /?Action=RevokeSecurityGroupIngress&Version=2016-11-15: + get: + x-aws-operation-name: RevokeSecurityGroupIngress + operationId: GET_RevokeSecurityGroupIngress + description: '

Removes the specified inbound (ingress) rules from a security group.

You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule''s values exactly. Each rule has a protocol, from and to ports, and source (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.

[EC2-Classic, default VPC] If the values you specify do not match the existing rule''s values, no error is returned, and the output describes the security group rules that were not revoked.

Amazon Web Services recommends that you describe the security group to verify that the rules were removed.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RevokeSecurityGroupIngressResult' + parameters: + - name: CidrIp + in: query + required: false + description: The CIDR IP address range. You can't specify this parameter when specifying a source security group. + schema: + type: string + - name: FromPort + in: query + required: false + description: 'The start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, use -1 to specify all ICMP types.' + schema: + type: integer + - name: GroupId + in: query + required: false + description: 'The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.' + schema: + type: string + - name: GroupName + in: query + required: false + description: '[EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request.' + schema: + type: string + - name: IpPermissions + in: query + required: false + description: The sets of IP permissions. You can't specify a source security group and a CIDR IP address range in the same set of permissions. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpPermission' + - xml: + name: item + - name: IpProtocol + in: query + required: false + description: 'The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). Use -1 to specify all.' + schema: + type: string + - name: SourceSecurityGroupName + in: query + required: false + description: '[EC2-Classic, default VPC] The name of the source security group. You can''t specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. For EC2-VPC, the source security group must be in the same VPC. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.' + schema: + type: string + - name: SourceSecurityGroupOwnerId + in: query + required: false + description: '[EC2-Classic] The Amazon Web Services account ID of the source security group, if the source security group is in a different account. You can''t specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.' + schema: + type: string + - name: ToPort + in: query + required: false + description: 'The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all ICMP codes for the ICMP type.' + schema: + type: integer + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: SecurityGroupRuleId + in: query + required: false + description: The IDs of the security group rules. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RevokeSecurityGroupIngress + operationId: POST_RevokeSecurityGroupIngress + description: '

Removes the specified inbound (ingress) rules from a security group.

You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule''s values exactly. Each rule has a protocol, from and to ports, and source (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.

[EC2-Classic, default VPC] If the values you specify do not match the existing rule''s values, no error is returned, and the output describes the security group rules that were not revoked.

Amazon Web Services recommends that you describe the security group to verify that the rules were removed.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RevokeSecurityGroupIngressResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RevokeSecurityGroupIngressRequest' + parameters: [] + /?Action=RunInstances&Version=2016-11-15: + get: + x-aws-operation-name: RunInstances + operationId: GET_RunInstances + description: '

Launches the specified number of instances using an AMI for which you have permissions.

You can specify a number of options, or leave the default options. The following rules apply:

  • [EC2-VPC] If you don''t specify a subnet ID, we choose a default subnet from your default VPC for you. If you don''t have a default VPC, you must specify a subnet ID in the request.

  • [EC2-Classic] If don''t specify an Availability Zone, we choose one for you.

  • Some instance types must be launched into a VPC. If you do not have a default VPC, or if you do not specify a subnet ID, the request fails. For more information, see Instance types available only in a VPC.

  • [EC2-VPC] All instances have a network interface with a primary private IPv4 address. If you don''t specify this address, we choose one from the IPv4 range of your subnet.

  • Not all instance types support IPv6 addresses. For more information, see Instance types.

  • If you don''t specify a security group ID, we use the default security group. For more information, see Security groups.

  • If any of the AMIs have a product code attached for which the user has not subscribed, the request fails.

You can create a launch template, which is a resource that contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify the launch template instead of specifying the launch parameters.

To ensure faster instance launches, break up large requests into smaller batches. For example, create five separate launch requests for 100 instances each instead of one launch request for 500 instances.

An instance is ready for you to use when it''s in the running state. You can check the state of your instance using DescribeInstances. You can tag instances and EBS volumes during launch, after launch, or both. For more information, see CreateTags and Tagging your Amazon EC2 resources.

Linux instances have access to the public key of the key pair at boot. You can use this key to provide secure access to the instance. Amazon EC2 public images use this feature to provide secure access without passwords. For more information, see Key pairs.

For troubleshooting, see What to do if an instance immediately terminates, and Troubleshooting connecting to your instance.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/Reservation' + parameters: + - name: BlockDeviceMapping + in: query + required: false + description: 'The block device mapping, which defines the EBS volumes and instance store volumes to attach to the instance at launch. For more information, see Block device mappings in the Amazon EC2 User Guide.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/BlockDeviceMapping' + - xml: + name: BlockDeviceMapping + - name: ImageId + in: query + required: false + description: The ID of the AMI. An AMI ID is required to launch an instance and must be specified here or in a launch template. + schema: + type: string + - name: InstanceType + in: query + required: false + description: '

The instance type. For more information, see Instance types in the Amazon EC2 User Guide.

Default: m1.small

' + schema: + type: string + enum: + - a1.medium + - a1.large + - a1.xlarge + - a1.2xlarge + - a1.4xlarge + - a1.metal + - c1.medium + - c1.xlarge + - c3.large + - c3.xlarge + - c3.2xlarge + - c3.4xlarge + - c3.8xlarge + - c4.large + - c4.xlarge + - c4.2xlarge + - c4.4xlarge + - c4.8xlarge + - c5.large + - c5.xlarge + - c5.2xlarge + - c5.4xlarge + - c5.9xlarge + - c5.12xlarge + - c5.18xlarge + - c5.24xlarge + - c5.metal + - c5a.large + - c5a.xlarge + - c5a.2xlarge + - c5a.4xlarge + - c5a.8xlarge + - c5a.12xlarge + - c5a.16xlarge + - c5a.24xlarge + - c5ad.large + - c5ad.xlarge + - c5ad.2xlarge + - c5ad.4xlarge + - c5ad.8xlarge + - c5ad.12xlarge + - c5ad.16xlarge + - c5ad.24xlarge + - c5d.large + - c5d.xlarge + - c5d.2xlarge + - c5d.4xlarge + - c5d.9xlarge + - c5d.12xlarge + - c5d.18xlarge + - c5d.24xlarge + - c5d.metal + - c5n.large + - c5n.xlarge + - c5n.2xlarge + - c5n.4xlarge + - c5n.9xlarge + - c5n.18xlarge + - c5n.metal + - c6g.medium + - c6g.large + - c6g.xlarge + - c6g.2xlarge + - c6g.4xlarge + - c6g.8xlarge + - c6g.12xlarge + - c6g.16xlarge + - c6g.metal + - c6gd.medium + - c6gd.large + - c6gd.xlarge + - c6gd.2xlarge + - c6gd.4xlarge + - c6gd.8xlarge + - c6gd.12xlarge + - c6gd.16xlarge + - c6gd.metal + - c6gn.medium + - c6gn.large + - c6gn.xlarge + - c6gn.2xlarge + - c6gn.4xlarge + - c6gn.8xlarge + - c6gn.12xlarge + - c6gn.16xlarge + - c6i.large + - c6i.xlarge + - c6i.2xlarge + - c6i.4xlarge + - c6i.8xlarge + - c6i.12xlarge + - c6i.16xlarge + - c6i.24xlarge + - c6i.32xlarge + - c6i.metal + - cc1.4xlarge + - cc2.8xlarge + - cg1.4xlarge + - cr1.8xlarge + - d2.xlarge + - d2.2xlarge + - d2.4xlarge + - d2.8xlarge + - d3.xlarge + - d3.2xlarge + - d3.4xlarge + - d3.8xlarge + - d3en.xlarge + - d3en.2xlarge + - d3en.4xlarge + - d3en.6xlarge + - d3en.8xlarge + - d3en.12xlarge + - dl1.24xlarge + - f1.2xlarge + - f1.4xlarge + - f1.16xlarge + - g2.2xlarge + - g2.8xlarge + - g3.4xlarge + - g3.8xlarge + - g3.16xlarge + - g3s.xlarge + - g4ad.xlarge + - g4ad.2xlarge + - g4ad.4xlarge + - g4ad.8xlarge + - g4ad.16xlarge + - g4dn.xlarge + - g4dn.2xlarge + - g4dn.4xlarge + - g4dn.8xlarge + - g4dn.12xlarge + - g4dn.16xlarge + - g4dn.metal + - g5.xlarge + - g5.2xlarge + - g5.4xlarge + - g5.8xlarge + - g5.12xlarge + - g5.16xlarge + - g5.24xlarge + - g5.48xlarge + - g5g.xlarge + - g5g.2xlarge + - g5g.4xlarge + - g5g.8xlarge + - g5g.16xlarge + - g5g.metal + - hi1.4xlarge + - hpc6a.48xlarge + - hs1.8xlarge + - h1.2xlarge + - h1.4xlarge + - h1.8xlarge + - h1.16xlarge + - i2.xlarge + - i2.2xlarge + - i2.4xlarge + - i2.8xlarge + - i3.large + - i3.xlarge + - i3.2xlarge + - i3.4xlarge + - i3.8xlarge + - i3.16xlarge + - i3.metal + - i3en.large + - i3en.xlarge + - i3en.2xlarge + - i3en.3xlarge + - i3en.6xlarge + - i3en.12xlarge + - i3en.24xlarge + - i3en.metal + - im4gn.large + - im4gn.xlarge + - im4gn.2xlarge + - im4gn.4xlarge + - im4gn.8xlarge + - im4gn.16xlarge + - inf1.xlarge + - inf1.2xlarge + - inf1.6xlarge + - inf1.24xlarge + - is4gen.medium + - is4gen.large + - is4gen.xlarge + - is4gen.2xlarge + - is4gen.4xlarge + - is4gen.8xlarge + - m1.small + - m1.medium + - m1.large + - m1.xlarge + - m2.xlarge + - m2.2xlarge + - m2.4xlarge + - m3.medium + - m3.large + - m3.xlarge + - m3.2xlarge + - m4.large + - m4.xlarge + - m4.2xlarge + - m4.4xlarge + - m4.10xlarge + - m4.16xlarge + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + - m5ad.large + - m5ad.xlarge + - m5ad.2xlarge + - m5ad.4xlarge + - m5ad.8xlarge + - m5ad.12xlarge + - m5ad.16xlarge + - m5ad.24xlarge + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5dn.large + - m5dn.xlarge + - m5dn.2xlarge + - m5dn.4xlarge + - m5dn.8xlarge + - m5dn.12xlarge + - m5dn.16xlarge + - m5dn.24xlarge + - m5dn.metal + - m5n.large + - m5n.xlarge + - m5n.2xlarge + - m5n.4xlarge + - m5n.8xlarge + - m5n.12xlarge + - m5n.16xlarge + - m5n.24xlarge + - m5n.metal + - m5zn.large + - m5zn.xlarge + - m5zn.2xlarge + - m5zn.3xlarge + - m5zn.6xlarge + - m5zn.12xlarge + - m5zn.metal + - m6a.large + - m6a.xlarge + - m6a.2xlarge + - m6a.4xlarge + - m6a.8xlarge + - m6a.12xlarge + - m6a.16xlarge + - m6a.24xlarge + - m6a.32xlarge + - m6a.48xlarge + - m6g.metal + - m6g.medium + - m6g.large + - m6g.xlarge + - m6g.2xlarge + - m6g.4xlarge + - m6g.8xlarge + - m6g.12xlarge + - m6g.16xlarge + - m6gd.metal + - m6gd.medium + - m6gd.large + - m6gd.xlarge + - m6gd.2xlarge + - m6gd.4xlarge + - m6gd.8xlarge + - m6gd.12xlarge + - m6gd.16xlarge + - m6i.large + - m6i.xlarge + - m6i.2xlarge + - m6i.4xlarge + - m6i.8xlarge + - m6i.12xlarge + - m6i.16xlarge + - m6i.24xlarge + - m6i.32xlarge + - m6i.metal + - mac1.metal + - p2.xlarge + - p2.8xlarge + - p2.16xlarge + - p3.2xlarge + - p3.8xlarge + - p3.16xlarge + - p3dn.24xlarge + - p4d.24xlarge + - r3.large + - r3.xlarge + - r3.2xlarge + - r3.4xlarge + - r3.8xlarge + - r4.large + - r4.xlarge + - r4.2xlarge + - r4.4xlarge + - r4.8xlarge + - r4.16xlarge + - r5.large + - r5.xlarge + - r5.2xlarge + - r5.4xlarge + - r5.8xlarge + - r5.12xlarge + - r5.16xlarge + - r5.24xlarge + - r5.metal + - r5a.large + - r5a.xlarge + - r5a.2xlarge + - r5a.4xlarge + - r5a.8xlarge + - r5a.12xlarge + - r5a.16xlarge + - r5a.24xlarge + - r5ad.large + - r5ad.xlarge + - r5ad.2xlarge + - r5ad.4xlarge + - r5ad.8xlarge + - r5ad.12xlarge + - r5ad.16xlarge + - r5ad.24xlarge + - r5b.large + - r5b.xlarge + - r5b.2xlarge + - r5b.4xlarge + - r5b.8xlarge + - r5b.12xlarge + - r5b.16xlarge + - r5b.24xlarge + - r5b.metal + - r5d.large + - r5d.xlarge + - r5d.2xlarge + - r5d.4xlarge + - r5d.8xlarge + - r5d.12xlarge + - r5d.16xlarge + - r5d.24xlarge + - r5d.metal + - r5dn.large + - r5dn.xlarge + - r5dn.2xlarge + - r5dn.4xlarge + - r5dn.8xlarge + - r5dn.12xlarge + - r5dn.16xlarge + - r5dn.24xlarge + - r5dn.metal + - r5n.large + - r5n.xlarge + - r5n.2xlarge + - r5n.4xlarge + - r5n.8xlarge + - r5n.12xlarge + - r5n.16xlarge + - r5n.24xlarge + - r5n.metal + - r6g.medium + - r6g.large + - r6g.xlarge + - r6g.2xlarge + - r6g.4xlarge + - r6g.8xlarge + - r6g.12xlarge + - r6g.16xlarge + - r6g.metal + - r6gd.medium + - r6gd.large + - r6gd.xlarge + - r6gd.2xlarge + - r6gd.4xlarge + - r6gd.8xlarge + - r6gd.12xlarge + - r6gd.16xlarge + - r6gd.metal + - r6i.large + - r6i.xlarge + - r6i.2xlarge + - r6i.4xlarge + - r6i.8xlarge + - r6i.12xlarge + - r6i.16xlarge + - r6i.24xlarge + - r6i.32xlarge + - r6i.metal + - t1.micro + - t2.nano + - t2.micro + - t2.small + - t2.medium + - t2.large + - t2.xlarge + - t2.2xlarge + - t3.nano + - t3.micro + - t3.small + - t3.medium + - t3.large + - t3.xlarge + - t3.2xlarge + - t3a.nano + - t3a.micro + - t3a.small + - t3a.medium + - t3a.large + - t3a.xlarge + - t3a.2xlarge + - t4g.nano + - t4g.micro + - t4g.small + - t4g.medium + - t4g.large + - t4g.xlarge + - t4g.2xlarge + - u-6tb1.56xlarge + - u-6tb1.112xlarge + - u-9tb1.112xlarge + - u-12tb1.112xlarge + - u-6tb1.metal + - u-9tb1.metal + - u-12tb1.metal + - u-18tb1.metal + - u-24tb1.metal + - vt1.3xlarge + - vt1.6xlarge + - vt1.24xlarge + - x1.16xlarge + - x1.32xlarge + - x1e.xlarge + - x1e.2xlarge + - x1e.4xlarge + - x1e.8xlarge + - x1e.16xlarge + - x1e.32xlarge + - x2iezn.2xlarge + - x2iezn.4xlarge + - x2iezn.6xlarge + - x2iezn.8xlarge + - x2iezn.12xlarge + - x2iezn.metal + - x2gd.medium + - x2gd.large + - x2gd.xlarge + - x2gd.2xlarge + - x2gd.4xlarge + - x2gd.8xlarge + - x2gd.12xlarge + - x2gd.16xlarge + - x2gd.metal + - z1d.large + - z1d.xlarge + - z1d.2xlarge + - z1d.3xlarge + - z1d.6xlarge + - z1d.12xlarge + - z1d.metal + - x2idn.16xlarge + - x2idn.24xlarge + - x2idn.32xlarge + - x2iedn.xlarge + - x2iedn.2xlarge + - x2iedn.4xlarge + - x2iedn.8xlarge + - x2iedn.16xlarge + - x2iedn.24xlarge + - x2iedn.32xlarge + - c6a.large + - c6a.xlarge + - c6a.2xlarge + - c6a.4xlarge + - c6a.8xlarge + - c6a.12xlarge + - c6a.16xlarge + - c6a.24xlarge + - c6a.32xlarge + - c6a.48xlarge + - c6a.metal + - m6a.metal + - i4i.large + - i4i.xlarge + - i4i.2xlarge + - i4i.4xlarge + - i4i.8xlarge + - i4i.16xlarge + - i4i.32xlarge + - name: Ipv6AddressCount + in: query + required: false + description: '

[EC2-VPC] The number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. You cannot specify this option and the option to assign specific IPv6 addresses in the same request. You can specify this option if you''ve specified a minimum number of instances to launch.

You cannot specify this option and the network interfaces option in the same request.

' + schema: + type: integer + - name: Ipv6Address + in: query + required: false + description: '

[EC2-VPC] The IPv6 addresses from the range of the subnet to associate with the primary network interface. You cannot specify this option and the option to assign a number of IPv6 addresses in the same request. You cannot specify this option if you''ve specified a minimum number of instances to launch.

You cannot specify this option and the network interfaces option in the same request.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceIpv6Address' + - xml: + name: item + - name: KernelId + in: query + required: false + description: '

The ID of the kernel.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB in the Amazon EC2 User Guide.

' + schema: + type: string + - name: KeyName + in: query + required: false + description: '

The name of the key pair. You can create a key pair using CreateKeyPair or ImportKeyPair.

If you do not specify a key pair, you can''t connect to the instance unless you choose an AMI that is configured to allow users another way to log in.

' + schema: + type: string + - name: MaxCount + in: query + required: true + description: '

The maximum number of instances to launch. If you specify more instances than Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches the largest possible number of instances above MinCount.

Constraints: Between 1 and the maximum number you''re allowed for the specified instance type. For more information about the default limits, and how to request an increase, see How many instances can I run in Amazon EC2 in the Amazon EC2 FAQ.

' + schema: + type: integer + - name: MinCount + in: query + required: true + description: '

The minimum number of instances to launch. If you specify a minimum that is more instances than Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches no instances.

Constraints: Between 1 and the maximum number you''re allowed for the specified instance type. For more information about the default limits, and how to request an increase, see How many instances can I run in Amazon EC2 in the Amazon EC2 General FAQ.

' + schema: + type: integer + - name: Monitoring + in: query + required: false + description: Specifies whether detailed monitoring is enabled for the instance. + schema: + type: object + required: + - Enabled + properties: + enabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Indicates whether detailed monitoring is enabled. Otherwise, basic monitoring is enabled.' + description: Describes the monitoring of an instance. + - name: Placement + in: query + required: false + description: The placement for the instance. + schema: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The Availability Zone of the instance.

If not specified, an Availability Zone will be automatically chosen for you based on the load balancing criteria for the Region.

This parameter is not supported by CreateFleet.

' + affinity: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The affinity setting for the instance on the Dedicated Host. This parameter is not supported for the ImportInstance command.

This parameter is not supported by CreateFleet.

' + groupName: + allOf: + - $ref: '#/components/schemas/PlacementGroupName' + - description: The name of the placement group the instance is in. + partitionNumber: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The number of the partition that the instance is in. Valid only if the placement group strategy is set to partition.

This parameter is not supported by CreateFleet.

' + hostId: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The ID of the Dedicated Host on which the instance resides. This parameter is not supported for the ImportInstance command.

This parameter is not supported by CreateFleet.

' + tenancy: + allOf: + - $ref: '#/components/schemas/Tenancy' + - description: '

The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the ImportInstance command.

This parameter is not supported by CreateFleet.

T3 instances that use the unlimited CPU credit option do not support host tenancy.

' + spreadDomain: + allOf: + - $ref: '#/components/schemas/String' + - description: '

Reserved for future use.

This parameter is not supported by CreateFleet.

' + hostResourceGroupArn: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The ARN of the host resource group in which to launch the instances. If you specify a host resource group ARN, omit the Tenancy parameter or set it to host.

This parameter is not supported by CreateFleet.

' + description: Describes the placement of an instance. + - name: RamdiskId + in: query + required: false + description: '

The ID of the RAM disk to select. Some kernels require additional drivers at launch. Check the kernel requirements for information about whether you need to specify a RAM disk. To find kernel requirements, go to the Amazon Web Services Resource Center and search for the kernel ID.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB in the Amazon EC2 User Guide.

' + schema: + type: string + - name: SecurityGroupId + in: query + required: false + description: '

The IDs of the security groups. You can create a security group using CreateSecurityGroup.

If you specify a network interface, you must specify any security groups as part of the network interface.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: SecurityGroupId + - name: SecurityGroup + in: query + required: false + description: '

[EC2-Classic, default VPC] The names of the security groups. For a nondefault VPC, you must use security group IDs instead.

If you specify a network interface, you must specify any security groups as part of the network interface.

Default: Amazon EC2 uses the default security group.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupName' + - xml: + name: SecurityGroup + - name: SubnetId + in: query + required: false + description: '

[EC2-VPC] The ID of the subnet to launch the instance into.

If you specify a network interface, you must specify any subnets as part of the network interface.

' + schema: + type: string + - name: UserData + in: query + required: false + description: 'The user data script to make available to the instance. For more information, see Run commands on your Linux instance at launch and Run commands on your Windows instance at launch. If you are using a command line tool, base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide base64-encoded text. User data is limited to 16 KB.' + schema: + type: string + format: password + - name: AdditionalInfo + in: query + required: false + description: Reserved. + schema: + type: string + - name: ClientToken + in: query + required: false + description: '

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.

For more information, see Ensuring Idempotency.

Constraints: Maximum 64 ASCII characters

' + schema: + type: string + - name: DisableApiTermination + in: query + required: false + description: '

If you set this parameter to true, you can''t terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use ModifyInstanceAttribute. Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, you can terminate the instance by running the shutdown command from the instance.

Default: false

' + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: EbsOptimized + in: query + required: false + description: '

Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn''t available with all instance types. Additional usage charges apply when using an EBS-optimized instance.

Default: false

' + schema: + type: boolean + - name: IamInstanceProfile + in: query + required: false + description: The name or Amazon Resource Name (ARN) of an IAM instance profile. + schema: + type: object + properties: + arn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the instance profile. + name: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the instance profile. + description: Describes an IAM instance profile. + - name: InstanceInitiatedShutdownBehavior + in: query + required: false + description: '

Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown).

Default: stop

' + schema: + type: string + enum: + - stop + - terminate + - name: NetworkInterface + in: query + required: false + description: 'The network interfaces to associate with the instance. If you specify a network interface, you must specify any security groups and subnets as part of the network interface.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceNetworkInterfaceSpecification' + - xml: + name: item + - name: PrivateIpAddress + in: query + required: false + description: '

[EC2-VPC] The primary IPv4 address. You must specify a value from the IPv4 address range of the subnet.

Only one private IP address can be designated as primary. You can''t specify this option if you''ve specified the option to designate a private IP address as the primary IP address in a network interface specification. You cannot specify this option if you''re launching more than one instance in the request.

You cannot specify this option and the network interfaces option in the same request.

' + schema: + type: string + - name: ElasticGpuSpecification + in: query + required: false + description: 'An elastic GPU to associate with the instance. An Elastic GPU is a GPU resource that you can attach to your Windows instance to accelerate the graphics performance of your applications. For more information, see Amazon EC2 Elastic GPUs in the Amazon EC2 User Guide.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ElasticGpuSpecification' + - xml: + name: item + - name: ElasticInferenceAccelerator + in: query + required: false + description:

An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads.

You cannot specify accelerators from different generations in the same request.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ElasticInferenceAccelerator' + - xml: + name: item + - name: TagSpecification + in: query + required: false + description: 'The tags to apply to the resources during launch. You can only tag instances and volumes on launch. The specified tags are applied to all instances or volumes that are created during launch. To tag a resource after it has been created, see CreateTags.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: LaunchTemplate + in: query + required: false + description: 'The launch template to use to launch the instances. Any parameters that you specify in RunInstances override the same parameters in the launch template. You can specify either the name or ID of a launch template, but not both.' + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The version number of the launch template.

Default: The default version for the launch template.

' + description: 'The launch template to use. You must specify either the launch template ID or launch template name in the request, but not both.' + - name: InstanceMarketOptions + in: query + required: false + description: '

The market (purchasing) option for the instances.

For RunInstances, persistent Spot Instance requests are only supported when InstanceInterruptionBehavior is set to either hibernate or stop.

' + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/SpotMarketOptions' + - description: The options for Spot Instances. + description: Describes the market (purchasing) option for the instances. + - name: CreditSpecification + in: query + required: false + description: '

The credit option for CPU usage of the burstable performance instance. Valid values are standard and unlimited. To change this attribute after launch, use ModifyInstanceCreditSpecification. For more information, see Burstable performance instances in the Amazon EC2 User Guide.

Default: standard (T2 instances) or unlimited (T3/T3a instances)

For T3 instances with host tenancy, only standard is supported.

' + schema: + type: object + required: + - CpuCredits + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The credit option for CPU usage of a T2, T3, or T3a instance. Valid values are standard and unlimited.' + description: 'The credit option for CPU usage of a T2, T3, or T3a instance.' + - name: CpuOptions + in: query + required: false + description: 'The CPU options for the instance. For more information, see Optimize CPU options in the Amazon EC2 User Guide.' + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The number of threads per CPU core. To disable multithreading for the instance, specify a value of 1. Otherwise, specify the default value of 2.' + description: The CPU options for the instance. Both the core count and threads per core must be specified in the request. + - name: CapacityReservationSpecification + in: query + required: false + description: 'Information about the Capacity Reservation targeting option. If you do not specify this parameter, the instance''s Capacity Reservation preference defaults to open, which enables it to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).' + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/CapacityReservationTarget' + - description: Information about the target Capacity Reservation or Capacity Reservation group. + description: '

Describes an instance''s Capacity Reservation targeting option. You can specify only one parameter at a time. If you specify CapacityReservationPreference and CapacityReservationTarget, the request fails.

Use the CapacityReservationPreference parameter to configure the instance to run as an On-Demand Instance or to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). Use the CapacityReservationTarget parameter to explicitly target a specific Capacity Reservation or a Capacity Reservation group.

' + - name: HibernationOptions + in: query + required: false + description: '

Indicates whether an instance is enabled for hibernation. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

You can''t enable hibernation and Amazon Web Services Nitro Enclaves on the same instance.

' + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

If you set this parameter to true, your instance is enabled for hibernation.

Default: false

' + description: 'Indicates whether your instance is configured for hibernation. This parameter is valid only if the instance meets the hibernation prerequisites. For more information, see Hibernate your instance in the Amazon EC2 User Guide.' + - name: LicenseSpecification + in: query + required: false + description: The license configurations. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/LicenseConfigurationRequest' + - xml: + name: item + - name: MetadataOptions + in: query + required: false + description: 'The metadata options for the instance. For more information, see Instance metadata and user data.' + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceMetadataTagsState' + - description: '

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.

Default: disabled

' + description: The metadata options for the instance. + - name: EnclaveOptions + in: query + required: false + description: '

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.

You can''t enable Amazon Web Services Nitro Enclaves and hibernation on the same instance.

' + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to true.' + description: 'Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.' + - name: PrivateDnsNameOptions + in: query + required: false + description: The options for the instance hostname. The default values are inherited from the subnet. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. + description: Describes the options for instance hostnames. + - name: MaintenanceOptions + in: query + required: false + description: The maintenance and recovery options for the instance. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceAutoRecoveryState' + - description: 'Disables the automatic recovery behavior of your instance or sets it to default. For more information, see Simplified automatic recovery.' + description: The maintenance options for the instance. + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RunInstances + operationId: POST_RunInstances + description: '

Launches the specified number of instances using an AMI for which you have permissions.

You can specify a number of options, or leave the default options. The following rules apply:

  • [EC2-VPC] If you don''t specify a subnet ID, we choose a default subnet from your default VPC for you. If you don''t have a default VPC, you must specify a subnet ID in the request.

  • [EC2-Classic] If don''t specify an Availability Zone, we choose one for you.

  • Some instance types must be launched into a VPC. If you do not have a default VPC, or if you do not specify a subnet ID, the request fails. For more information, see Instance types available only in a VPC.

  • [EC2-VPC] All instances have a network interface with a primary private IPv4 address. If you don''t specify this address, we choose one from the IPv4 range of your subnet.

  • Not all instance types support IPv6 addresses. For more information, see Instance types.

  • If you don''t specify a security group ID, we use the default security group. For more information, see Security groups.

  • If any of the AMIs have a product code attached for which the user has not subscribed, the request fails.

You can create a launch template, which is a resource that contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify the launch template instead of specifying the launch parameters.

To ensure faster instance launches, break up large requests into smaller batches. For example, create five separate launch requests for 100 instances each instead of one launch request for 500 instances.

An instance is ready for you to use when it''s in the running state. You can check the state of your instance using DescribeInstances. You can tag instances and EBS volumes during launch, after launch, or both. For more information, see CreateTags and Tagging your Amazon EC2 resources.

Linux instances have access to the public key of the key pair at boot. You can use this key to provide secure access to the instance. Amazon EC2 public images use this feature to provide secure access without passwords. For more information, see Key pairs.

For troubleshooting, see What to do if an instance immediately terminates, and Troubleshooting connecting to your instance.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/Reservation' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RunInstancesRequest' + parameters: [] + /?Action=RunScheduledInstances&Version=2016-11-15: + get: + x-aws-operation-name: RunScheduledInstances + operationId: GET_RunScheduledInstances + description: '

Launches the specified Scheduled Instances.

Before you can launch a Scheduled Instance, you must purchase it and obtain an identifier using PurchaseScheduledInstances.

You must launch a Scheduled Instance during its scheduled time period. You can''t stop or reboot a Scheduled Instance, but you can terminate it as needed. If you terminate a Scheduled Instance before the current scheduled time period ends, you can launch it again after a few minutes. For more information, see Scheduled Instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RunScheduledInstancesResult' + parameters: + - name: ClientToken + in: query + required: false + description: 'Unique, case-sensitive identifier that ensures the idempotency of the request. For more information, see Ensuring Idempotency.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: InstanceCount + in: query + required: false + description: '

The number of instances.

Default: 1

' + schema: + type: integer + - name: LaunchSpecification + in: query + required: true + description: 'The launch specification. You must match the instance type, Availability Zone, network, and platform of the schedule that you purchased.' + schema: + type: object + required: + - ImageId + properties: + BlockDeviceMapping: + allOf: + - $ref: '#/components/schemas/ScheduledInstancesMonitoring' + - description: Enable or disable monitoring for the instances. + NetworkInterface: + allOf: + - $ref: '#/components/schemas/RamdiskId' + - description: The ID of the RAM disk. + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/String' + - description: The base64-encoded MIME user data. + description: '

Describes the launch specification for a Scheduled Instance.

If you are launching the Scheduled Instance in EC2-VPC, you must specify the ID of the subnet. You can specify the subnet using either SubnetId or NetworkInterface.

' + - name: ScheduledInstanceId + in: query + required: true + description: The Scheduled Instance ID. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: RunScheduledInstances + operationId: POST_RunScheduledInstances + description: '

Launches the specified Scheduled Instances.

Before you can launch a Scheduled Instance, you must purchase it and obtain an identifier using PurchaseScheduledInstances.

You must launch a Scheduled Instance during its scheduled time period. You can''t stop or reboot a Scheduled Instance, but you can terminate it as needed. If you terminate a Scheduled Instance before the current scheduled time period ends, you can launch it again after a few minutes. For more information, see Scheduled Instances in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/RunScheduledInstancesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RunScheduledInstancesRequest' + parameters: [] + /?Action=SearchLocalGatewayRoutes&Version=2016-11-15: + get: + x-aws-operation-name: SearchLocalGatewayRoutes + operationId: GET_SearchLocalGatewayRoutes + description: Searches for routes in the specified local gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/SearchLocalGatewayRoutesResult' + parameters: + - name: LocalGatewayRouteTableId + in: query + required: true + description: The ID of the local gateway route table. + schema: + type: string + - name: Filter + in: query + required: false + description: '

One or more filters.

  • route-search.exact-match - The exact match of the specified filter.

  • route-search.longest-prefix-match - The longest prefix that matches the route.

  • route-search.subnet-of-match - The routes with a subnet that match the specified CIDR filter.

  • route-search.supernet-of-match - The routes with a CIDR that encompass the CIDR filter. For example, if you have 10.0.1.0/29 and 10.0.1.0/31 routes in your route table and you specify supernet-of-match as 10.0.1.0/30, then the result returns 10.0.1.0/29.

  • state - The state of the route.

  • type - The route type.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: SearchLocalGatewayRoutes + operationId: POST_SearchLocalGatewayRoutes + description: Searches for routes in the specified local gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/SearchLocalGatewayRoutesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/SearchLocalGatewayRoutesRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=SearchTransitGatewayMulticastGroups&Version=2016-11-15: + get: + x-aws-operation-name: SearchTransitGatewayMulticastGroups + operationId: GET_SearchTransitGatewayMulticastGroups + description: Searches one or more transit gateway multicast groups and returns the group membership information. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/SearchTransitGatewayMulticastGroupsResult' + parameters: + - name: TransitGatewayMulticastDomainId + in: query + required: false + description: The ID of the transit gateway multicast domain. + schema: + type: string + - name: Filter + in: query + required: false + description: '

One or more filters. The possible values are:

  • group-ip-address - The IP address of the transit gateway multicast group.

  • is-group-member - The resource is a group member. Valid values are true | false.

  • is-group-source - The resource is a group source. Valid values are true | false.

  • member-type - The member type. Valid values are igmp | static.

  • resource-id - The ID of the resource.

  • resource-type - The type of resource. Valid values are vpc | vpn | direct-connect-gateway | tgw-peering.

  • source-type - The source type. Valid values are igmp | static.

  • subnet-id - The ID of the subnet.

  • transit-gateway-attachment-id - The id of the transit gateway attachment.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: SearchTransitGatewayMulticastGroups + operationId: POST_SearchTransitGatewayMulticastGroups + description: Searches one or more transit gateway multicast groups and returns the group membership information. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/SearchTransitGatewayMulticastGroupsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/SearchTransitGatewayMulticastGroupsRequest' + parameters: + - name: MaxResults + in: query + schema: + type: string + description: Pagination limit + required: false + - name: NextToken + in: query + schema: + type: string + description: Pagination token + required: false + /?Action=SearchTransitGatewayRoutes&Version=2016-11-15: + get: + x-aws-operation-name: SearchTransitGatewayRoutes + operationId: GET_SearchTransitGatewayRoutes + description: Searches for routes in the specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/SearchTransitGatewayRoutesResult' + parameters: + - name: TransitGatewayRouteTableId + in: query + required: true + description: The ID of the transit gateway route table. + schema: + type: string + - name: Filter + in: query + required: true + description: '

One or more filters. The possible values are:

  • attachment.transit-gateway-attachment-id- The id of the transit gateway attachment.

  • attachment.resource-id - The resource id of the transit gateway attachment.

  • attachment.resource-type - The attachment resource type. Valid values are vpc | vpn | direct-connect-gateway | peering | connect.

  • prefix-list-id - The ID of the prefix list.

  • route-search.exact-match - The exact match of the specified filter.

  • route-search.longest-prefix-match - The longest prefix that matches the route.

  • route-search.subnet-of-match - The routes with a subnet that match the specified CIDR filter.

  • route-search.supernet-of-match - The routes with a CIDR that encompass the CIDR filter. For example, if you have 10.0.1.0/29 and 10.0.1.0/31 routes in your route table and you specify supernet-of-match as 10.0.1.0/30, then the result returns 10.0.1.0/29.

  • state - The state of the route (active | blackhole).

  • type - The type of route (propagated | static).

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: MaxResults + in: query + required: false + description: The maximum number of routes to return. + schema: + type: integer + minimum: 5 + maximum: 1000 + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: SearchTransitGatewayRoutes + operationId: POST_SearchTransitGatewayRoutes + description: Searches for routes in the specified transit gateway route table. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/SearchTransitGatewayRoutesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/SearchTransitGatewayRoutesRequest' + parameters: [] + /?Action=SendDiagnosticInterrupt&Version=2016-11-15: + get: + x-aws-operation-name: SendDiagnosticInterrupt + operationId: GET_SendDiagnosticInterrupt + description: '

Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a kernel panic (on Linux instances), or a blue screen/stop error (on Windows instances). For instances based on Intel and AMD processors, the interrupt is received as a non-maskable interrupt (NMI).

In general, the operating system crashes and reboots when a kernel panic or stop error is triggered. The operating system can also be configured to perform diagnostic tasks, such as generating a memory dump file, loading a secondary kernel, or obtaining a call trace.

Before sending a diagnostic interrupt to your instance, ensure that its operating system is configured to perform the required diagnostic tasks.

For more information about configuring your operating system to generate a crash dump when a kernel panic or stop error occurs, see Send a diagnostic interrupt (for advanced users) (Linux instances) or Send a diagnostic interrupt (for advanced users) (Windows instances).

' + responses: + '200': + description: Success + parameters: + - name: InstanceId + in: query + required: true + description: The ID of the instance. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: SendDiagnosticInterrupt + operationId: POST_SendDiagnosticInterrupt + description: '

Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a kernel panic (on Linux instances), or a blue screen/stop error (on Windows instances). For instances based on Intel and AMD processors, the interrupt is received as a non-maskable interrupt (NMI).

In general, the operating system crashes and reboots when a kernel panic or stop error is triggered. The operating system can also be configured to perform diagnostic tasks, such as generating a memory dump file, loading a secondary kernel, or obtaining a call trace.

Before sending a diagnostic interrupt to your instance, ensure that its operating system is configured to perform the required diagnostic tasks.

For more information about configuring your operating system to generate a crash dump when a kernel panic or stop error occurs, see Send a diagnostic interrupt (for advanced users) (Linux instances) or Send a diagnostic interrupt (for advanced users) (Windows instances).

' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/SendDiagnosticInterruptRequest' + parameters: [] + /?Action=StartInstances&Version=2016-11-15: + get: + x-aws-operation-name: StartInstances + operationId: GET_StartInstances + description: '

Starts an Amazon EBS-backed instance that you''ve previously stopped.

Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When an instance is stopped, the compute resources are released and you are not billed for instance usage. However, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. You can restart your instance at any time. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.

Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM.

Performing this operation on an instance that uses an instance store as its root device returns an error.

If you attempt to start a T3 instance with host tenancy and the unlimted CPU credit option, the request fails. The unlimited CPU credit option is not supported on Dedicated Hosts. Before you start the instance, either change its CPU credit option to standard, or change its tenancy to default or dedicated.

For more information, see Stop and start your instance in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/StartInstancesResult' + parameters: + - name: InstanceId + in: query + required: true + description: The IDs of the instances. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + - name: AdditionalInfo + in: query + required: false + description: Reserved. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: StartInstances + operationId: POST_StartInstances + description: '

Starts an Amazon EBS-backed instance that you''ve previously stopped.

Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When an instance is stopped, the compute resources are released and you are not billed for instance usage. However, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. You can restart your instance at any time. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.

Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM.

Performing this operation on an instance that uses an instance store as its root device returns an error.

If you attempt to start a T3 instance with host tenancy and the unlimted CPU credit option, the request fails. The unlimited CPU credit option is not supported on Dedicated Hosts. Before you start the instance, either change its CPU credit option to standard, or change its tenancy to default or dedicated.

For more information, see Stop and start your instance in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/StartInstancesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/StartInstancesRequest' + parameters: [] + /?Action=StartNetworkInsightsAccessScopeAnalysis&Version=2016-11-15: + get: + x-aws-operation-name: StartNetworkInsightsAccessScopeAnalysis + operationId: GET_StartNetworkInsightsAccessScopeAnalysis + description: Starts analyzing the specified Network Access Scope. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/StartNetworkInsightsAccessScopeAnalysisResult' + parameters: + - name: NetworkInsightsAccessScopeId + in: query + required: true + description: The ID of the Network Access Scope. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: TagSpecification + in: query + required: false + description: The tags to apply. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: ClientToken + in: query + required: true + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: StartNetworkInsightsAccessScopeAnalysis + operationId: POST_StartNetworkInsightsAccessScopeAnalysis + description: Starts analyzing the specified Network Access Scope. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/StartNetworkInsightsAccessScopeAnalysisResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/StartNetworkInsightsAccessScopeAnalysisRequest' + parameters: [] + /?Action=StartNetworkInsightsAnalysis&Version=2016-11-15: + get: + x-aws-operation-name: StartNetworkInsightsAnalysis + operationId: GET_StartNetworkInsightsAnalysis + description: 'Starts analyzing the specified path. If the path is reachable, the operation returns the shortest feasible path.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/StartNetworkInsightsAnalysisResult' + parameters: + - name: NetworkInsightsPathId + in: query + required: true + description: The ID of the path. + schema: + type: string + - name: FilterInArn + in: query + required: false + description: The Amazon Resource Names (ARN) of the resources that the path must traverse. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - xml: + name: item + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: TagSpecification + in: query + required: false + description: The tags to apply. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + - name: ClientToken + in: query + required: true + description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: StartNetworkInsightsAnalysis + operationId: POST_StartNetworkInsightsAnalysis + description: 'Starts analyzing the specified path. If the path is reachable, the operation returns the shortest feasible path.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/StartNetworkInsightsAnalysisResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/StartNetworkInsightsAnalysisRequest' + parameters: [] + /?Action=StartVpcEndpointServicePrivateDnsVerification&Version=2016-11-15: + get: + x-aws-operation-name: StartVpcEndpointServicePrivateDnsVerification + operationId: GET_StartVpcEndpointServicePrivateDnsVerification + description: '

Initiates the verification process to prove that the service provider owns the private DNS name domain for the endpoint service.

The service provider must successfully perform the verification before the consumer can use the name to access the service.

Before the service provider runs this command, they must add a record to the DNS server.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/StartVpcEndpointServicePrivateDnsVerificationResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: ServiceId + in: query + required: true + description: The ID of the endpoint service. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: StartVpcEndpointServicePrivateDnsVerification + operationId: POST_StartVpcEndpointServicePrivateDnsVerification + description: '

Initiates the verification process to prove that the service provider owns the private DNS name domain for the endpoint service.

The service provider must successfully perform the verification before the consumer can use the name to access the service.

Before the service provider runs this command, they must add a record to the DNS server.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/StartVpcEndpointServicePrivateDnsVerificationResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/StartVpcEndpointServicePrivateDnsVerificationRequest' + parameters: [] + /?Action=StopInstances&Version=2016-11-15: + get: + x-aws-operation-name: StopInstances + operationId: GET_StopInstances + description: '

Stops an Amazon EBS-backed instance. For more information, see Stop and start your instance in the Amazon EC2 User Guide.

You can use the Stop action to hibernate an instance if the instance is enabled for hibernation and it meets the hibernation prerequisites. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

We don''t charge usage for a stopped instance, or data transfer fees; however, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.

You can''t stop or hibernate instance store-backed instances. You can''t use the Stop action to hibernate Spot Instances, but you can specify that Amazon EC2 should hibernate Spot Instances when they are interrupted. For more information, see Hibernating interrupted Spot Instances in the Amazon EC2 User Guide.

When you stop or hibernate an instance, we shut it down. You can restart your instance at any time. Before stopping or hibernating an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM, but hibernating an instance does preserve data stored in RAM. If an instance cannot hibernate successfully, a normal shutdown occurs.

Stopping and hibernating an instance is different to rebooting or terminating it. For example, when you stop or hibernate an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, the root device and any other devices attached during the instance launch are automatically deleted. For more information about the differences between rebooting, stopping, hibernating, and terminating instances, see Instance lifecycle in the Amazon EC2 User Guide.

When you stop an instance, we attempt to shut it down forcibly after a short while. If your instance appears stuck in the stopping state after a period of time, there may be an issue with the underlying host computer. For more information, see Troubleshoot stopping your instance in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/StopInstancesResult' + parameters: + - name: InstanceId + in: query + required: true + description: The IDs of the instances. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + - name: Hibernate + in: query + required: false + description: '

Hibernates the instance if the instance was enabled for hibernation at launch. If the instance cannot hibernate successfully, a normal shutdown occurs. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

Default: false

' + schema: + type: boolean + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: Force + in: query + required: false + description: '

Forces the instances to stop. The instances do not have an opportunity to flush file system caches or file system metadata. If you use this option, you must perform file system check and repair procedures. This option is not recommended for Windows instances.

Default: false

' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: StopInstances + operationId: POST_StopInstances + description: '

Stops an Amazon EBS-backed instance. For more information, see Stop and start your instance in the Amazon EC2 User Guide.

You can use the Stop action to hibernate an instance if the instance is enabled for hibernation and it meets the hibernation prerequisites. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

We don''t charge usage for a stopped instance, or data transfer fees; however, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.

You can''t stop or hibernate instance store-backed instances. You can''t use the Stop action to hibernate Spot Instances, but you can specify that Amazon EC2 should hibernate Spot Instances when they are interrupted. For more information, see Hibernating interrupted Spot Instances in the Amazon EC2 User Guide.

When you stop or hibernate an instance, we shut it down. You can restart your instance at any time. Before stopping or hibernating an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM, but hibernating an instance does preserve data stored in RAM. If an instance cannot hibernate successfully, a normal shutdown occurs.

Stopping and hibernating an instance is different to rebooting or terminating it. For example, when you stop or hibernate an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, the root device and any other devices attached during the instance launch are automatically deleted. For more information about the differences between rebooting, stopping, hibernating, and terminating instances, see Instance lifecycle in the Amazon EC2 User Guide.

When you stop an instance, we attempt to shut it down forcibly after a short while. If your instance appears stuck in the stopping state after a period of time, there may be an issue with the underlying host computer. For more information, see Troubleshoot stopping your instance in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/StopInstancesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/StopInstancesRequest' + parameters: [] + /?Action=TerminateClientVpnConnections&Version=2016-11-15: + get: + x-aws-operation-name: TerminateClientVpnConnections + operationId: GET_TerminateClientVpnConnections + description: 'Terminates active Client VPN endpoint connections. This action can be used to terminate a specific client connection, or up to five connections established by a specific user.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/TerminateClientVpnConnectionsResult' + parameters: + - name: ClientVpnEndpointId + in: query + required: true + description: The ID of the Client VPN endpoint to which the client is connected. + schema: + type: string + - name: ConnectionId + in: query + required: false + description: The ID of the client connection to be terminated. + schema: + type: string + - name: Username + in: query + required: false + description: The name of the user who initiated the connection. Use this option to terminate all active connections for the specified user. This option can only be used if the user has established up to five connections. + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: TerminateClientVpnConnections + operationId: POST_TerminateClientVpnConnections + description: 'Terminates active Client VPN endpoint connections. This action can be used to terminate a specific client connection, or up to five connections established by a specific user.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/TerminateClientVpnConnectionsResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/TerminateClientVpnConnectionsRequest' + parameters: [] + /?Action=TerminateInstances&Version=2016-11-15: + get: + x-aws-operation-name: TerminateInstances + operationId: GET_TerminateInstances + description: '

Shuts down the specified instances. This operation is idempotent; if you terminate an instance more than once, each call succeeds.

If you specify multiple instances and the request fails (for example, because of a single incorrect instance ID), none of the instances are terminated.

If you terminate multiple instances across multiple Availability Zones, and one or more of the specified instances are enabled for termination protection, the request fails with the following results:

  • The specified instances that are in the same Availability Zone as the protected instance are not terminated.

  • The specified instances that are in different Availability Zones, where no other specified instances are protected, are successfully terminated.

For example, say you have the following instances:

  • Instance A: us-east-1a; Not protected

  • Instance B: us-east-1a; Not protected

  • Instance C: us-east-1b; Protected

  • Instance D: us-east-1b; not protected

If you attempt to terminate all of these instances in the same request, the request reports failure with the following results:

  • Instance A and Instance B are successfully terminated because none of the specified instances in us-east-1a are enabled for termination protection.

  • Instance C and Instance D fail to terminate because at least one of the specified instances in us-east-1b (Instance C) is enabled for termination protection.

Terminated instances remain visible after termination (for approximately one hour).

By default, Amazon EC2 deletes all EBS volumes that were attached when the instance launched. Volumes attached after instance launch continue running.

You can stop, start, and terminate EBS-backed instances. You can only terminate instance store-backed instances. What happens to an instance differs if you stop it or terminate it. For example, when you stop an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, any attached EBS volumes with the DeleteOnTermination block device mapping parameter set to true are automatically deleted. For more information about the differences between stopping and terminating instances, see Instance lifecycle in the Amazon EC2 User Guide.

For more information about troubleshooting, see Troubleshooting terminating your instance in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/TerminateInstancesResult' + parameters: + - name: InstanceId + in: query + required: true + description: '

The IDs of the instances.

Constraints: Up to 1000 instance IDs. We recommend breaking up this request into smaller batches.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: TerminateInstances + operationId: POST_TerminateInstances + description: '

Shuts down the specified instances. This operation is idempotent; if you terminate an instance more than once, each call succeeds.

If you specify multiple instances and the request fails (for example, because of a single incorrect instance ID), none of the instances are terminated.

If you terminate multiple instances across multiple Availability Zones, and one or more of the specified instances are enabled for termination protection, the request fails with the following results:

  • The specified instances that are in the same Availability Zone as the protected instance are not terminated.

  • The specified instances that are in different Availability Zones, where no other specified instances are protected, are successfully terminated.

For example, say you have the following instances:

  • Instance A: us-east-1a; Not protected

  • Instance B: us-east-1a; Not protected

  • Instance C: us-east-1b; Protected

  • Instance D: us-east-1b; not protected

If you attempt to terminate all of these instances in the same request, the request reports failure with the following results:

  • Instance A and Instance B are successfully terminated because none of the specified instances in us-east-1a are enabled for termination protection.

  • Instance C and Instance D fail to terminate because at least one of the specified instances in us-east-1b (Instance C) is enabled for termination protection.

Terminated instances remain visible after termination (for approximately one hour).

By default, Amazon EC2 deletes all EBS volumes that were attached when the instance launched. Volumes attached after instance launch continue running.

You can stop, start, and terminate EBS-backed instances. You can only terminate instance store-backed instances. What happens to an instance differs if you stop it or terminate it. For example, when you stop an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, any attached EBS volumes with the DeleteOnTermination block device mapping parameter set to true are automatically deleted. For more information about the differences between stopping and terminating instances, see Instance lifecycle in the Amazon EC2 User Guide.

For more information about troubleshooting, see Troubleshooting terminating your instance in the Amazon EC2 User Guide.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/TerminateInstancesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/TerminateInstancesRequest' + parameters: [] + /?Action=UnassignIpv6Addresses&Version=2016-11-15: + get: + x-aws-operation-name: UnassignIpv6Addresses + operationId: GET_UnassignIpv6Addresses + description: Unassigns one or more IPv6 addresses IPv4 Prefix Delegation prefixes from a network interface. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/UnassignIpv6AddressesResult' + parameters: + - name: Ipv6Addresses + in: query + required: false + description: The IPv6 addresses to unassign from the network interface. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: Ipv6Prefix + in: query + required: false + description: One or more IPv6 prefixes to unassign from the network interface. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + - name: NetworkInterfaceId + in: query + required: true + description: The ID of the network interface. + schema: + type: string + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: UnassignIpv6Addresses + operationId: POST_UnassignIpv6Addresses + description: Unassigns one or more IPv6 addresses IPv4 Prefix Delegation prefixes from a network interface. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/UnassignIpv6AddressesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UnassignIpv6AddressesRequest' + parameters: [] + /?Action=UnassignPrivateIpAddresses&Version=2016-11-15: + get: + x-aws-operation-name: UnassignPrivateIpAddresses + operationId: GET_UnassignPrivateIpAddresses + description: 'Unassigns one or more secondary private IP addresses, or IPv4 Prefix Delegation prefixes from a network interface.' + responses: + '200': + description: Success + parameters: + - name: NetworkInterfaceId + in: query + required: true + description: The ID of the network interface. + schema: + type: string + - name: PrivateIpAddress + in: query + required: false + description: The secondary private IP addresses to unassign from the network interface. You can specify this option multiple times to unassign more than one IP address. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: PrivateIpAddress + - name: Ipv4Prefix + in: query + required: false + description: The IPv4 prefixes to unassign from the network interface. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: UnassignPrivateIpAddresses + operationId: POST_UnassignPrivateIpAddresses + description: 'Unassigns one or more secondary private IP addresses, or IPv4 Prefix Delegation prefixes from a network interface.' + responses: + '200': + description: Success + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UnassignPrivateIpAddressesRequest' + parameters: [] + /?Action=UnmonitorInstances&Version=2016-11-15: + get: + x-aws-operation-name: UnmonitorInstances + operationId: GET_UnmonitorInstances + description: 'Disables detailed monitoring for a running instance. For more information, see Monitoring your instances and volumes in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmonitorInstancesResult' + parameters: + - name: InstanceId + in: query + required: true + description: The IDs of the instances. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: UnmonitorInstances + operationId: POST_UnmonitorInstances + description: 'Disables detailed monitoring for a running instance. For more information, see Monitoring your instances and volumes in the Amazon EC2 User Guide.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmonitorInstancesResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmonitorInstancesRequest' + parameters: [] + /?Action=UpdateSecurityGroupRuleDescriptionsEgress&Version=2016-11-15: + get: + x-aws-operation-name: UpdateSecurityGroupRuleDescriptionsEgress + operationId: GET_UpdateSecurityGroupRuleDescriptionsEgress + description: '[VPC only] Updates the description of an egress (outbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateSecurityGroupRuleDescriptionsEgressResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: GroupId + in: query + required: false + description: 'The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.' + schema: + type: string + - name: GroupName + in: query + required: false + description: '[Default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request.' + schema: + type: string + - name: IpPermissions + in: query + required: false + description: The IP permissions for the security group rule. You must specify either the IP permissions or the description. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpPermission' + - xml: + name: item + - name: SecurityGroupRuleDescription + in: query + required: false + description: The description for the egress security group rules. You must specify either the description or the IP permissions. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupRuleDescription' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: UpdateSecurityGroupRuleDescriptionsEgress + operationId: POST_UpdateSecurityGroupRuleDescriptionsEgress + description: '[VPC only] Updates the description of an egress (outbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateSecurityGroupRuleDescriptionsEgressResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateSecurityGroupRuleDescriptionsEgressRequest' + parameters: [] + /?Action=UpdateSecurityGroupRuleDescriptionsIngress&Version=2016-11-15: + get: + x-aws-operation-name: UpdateSecurityGroupRuleDescriptionsIngress + operationId: GET_UpdateSecurityGroupRuleDescriptionsIngress + description: 'Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateSecurityGroupRuleDescriptionsIngressResult' + parameters: + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + - name: GroupId + in: query + required: false + description: 'The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.' + schema: + type: string + - name: GroupName + in: query + required: false + description: '[EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request.' + schema: + type: string + - name: IpPermissions + in: query + required: false + description: The IP permissions for the security group rule. You must specify either IP permissions or a description. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpPermission' + - xml: + name: item + - name: SecurityGroupRuleDescription + in: query + required: false + description: '[VPC only] The description for the ingress security group rules. You must specify either a description or IP permissions.' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupRuleDescription' + - xml: + name: item + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: UpdateSecurityGroupRuleDescriptionsIngress + operationId: POST_UpdateSecurityGroupRuleDescriptionsIngress + description: 'Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateSecurityGroupRuleDescriptionsIngressResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateSecurityGroupRuleDescriptionsIngressRequest' + parameters: [] + /?Action=WithdrawByoipCidr&Version=2016-11-15: + get: + x-aws-operation-name: WithdrawByoipCidr + operationId: GET_WithdrawByoipCidr + description: '

Stops advertising an address range that is provisioned as an address pool.

You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.

It can take a few minutes before traffic to the specified addresses stops routing to Amazon Web Services because of BGP propagation delays.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/WithdrawByoipCidrResult' + parameters: + - name: Cidr + in: query + required: true + description: 'The address range, in CIDR notation.' + schema: + type: string + - name: DryRun + in: query + required: false + description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + x-aws-operation-name: WithdrawByoipCidr + operationId: POST_WithdrawByoipCidr + description: '

Stops advertising an address range that is provisioned as an address pool.

You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.

It can take a few minutes before traffic to the specified addresses stops routing to Amazon Web Services because of BGP propagation delays.

' + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/WithdrawByoipCidrResult' + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/WithdrawByoipCidrRequest' + parameters: [] +components: + x-stackQL-resources: + account_attributes: + name: account_attributes + methods: + account_attributes_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeAccountAttributes&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/accountAttributeSet/item + openAPIDocKey: '200' + id: aws.ec2_api.account_attributes + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/account_attributes/methods/account_attributes_Describe' + update: [] + title: account_attributes + address: + name: address + methods: + address_Allocate: + operation: + $ref: '#/paths/~1?Action=AllocateAddress&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + address_Associate: + operation: + $ref: '#/paths/~1?Action=AssociateAddress&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + address_Disassociate: + operation: + $ref: '#/paths/~1?Action=DisassociateAddress&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + address_Release: + operation: + $ref: '#/paths/~1?Action=ReleaseAddress&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.address + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: address + address_attribute: + name: address_attribute + methods: + address_attribute_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyAddressAttribute&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + address_attribute_Reset: + operation: + $ref: '#/paths/~1?Action=ResetAddressAttribute&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.address_attribute + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: address_attribute + address_to_classic: + name: address_to_classic + methods: + address_to_classic_Restore: + operation: + $ref: '#/paths/~1?Action=RestoreAddressToClassic&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.address_to_classic + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: address_to_classic + address_to_vpc: + name: address_to_vpc + methods: + address_to_vpc_Move: + operation: + $ref: '#/paths/~1?Action=MoveAddressToVpc&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.address_to_vpc + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: address_to_vpc + addresses: + name: addresses + methods: + addresses_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeAddresses&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/addressesSet/item + openAPIDocKey: '200' + id: aws.ec2_api.addresses + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/addresses/methods/addresses_Describe' + update: [] + title: addresses + addresses_attribute: + name: addresses_attribute + methods: + addresses_attribute_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeAddressesAttribute&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/addressSet/item + openAPIDocKey: '200' + id: aws.ec2_api.addresses_attribute + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/addresses_attribute/methods/addresses_attribute_Describe' + update: [] + title: addresses_attribute + aggregate_id_format: + name: aggregate_id_format + methods: + aggregate_id_format_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeAggregateIdFormat&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/statusSet/item + openAPIDocKey: '200' + id: aws.ec2_api.aggregate_id_format + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/aggregate_id_format/methods/aggregate_id_format_Describe' + update: [] + title: aggregate_id_format + associated_enclave_certificate_iam_roles: + name: associated_enclave_certificate_iam_roles + methods: + associated_enclave_certificate_iam_roles_Get: + operation: + $ref: '#/paths/~1?Action=GetAssociatedEnclaveCertificateIamRoles&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/associatedRoleSet/item + openAPIDocKey: '200' + id: aws.ec2_api.associated_enclave_certificate_iam_roles + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/associated_enclave_certificate_iam_roles/methods/associated_enclave_certificate_iam_roles_Get' + update: [] + title: associated_enclave_certificate_iam_roles + associated_ipv6_pool_cidrs: + name: associated_ipv6_pool_cidrs + methods: + associated_ipv6_pool_cidrs_Get: + operation: + $ref: '#/paths/~1?Action=GetAssociatedIpv6PoolCidrs&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/ipv6CidrAssociationSet/item + openAPIDocKey: '200' + id: aws.ec2_api.associated_ipv6_pool_cidrs + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/associated_ipv6_pool_cidrs/methods/associated_ipv6_pool_cidrs_Get' + update: [] + title: associated_ipv6_pool_cidrs + availability_zone_group: + name: availability_zone_group + methods: + availability_zone_group_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyAvailabilityZoneGroup&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.availability_zone_group + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: availability_zone_group + availability_zones: + name: availability_zones + methods: + availability_zones_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeAvailabilityZones&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/availabilityZoneInfo/item + openAPIDocKey: '200' + id: aws.ec2_api.availability_zones + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/availability_zones/methods/availability_zones_Describe' + update: [] + title: availability_zones + bundle_tasks: + name: bundle_tasks + methods: + bundle_task_Cancel: + operation: + $ref: '#/paths/~1?Action=CancelBundleTask&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + bundle_tasks_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeBundleTasks&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/bundleInstanceTasksSet/item + openAPIDocKey: '200' + id: aws.ec2_api.bundle_tasks + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bundle_tasks/methods/bundle_tasks_Describe' + update: [] + title: bundle_tasks + byoip_cidr_to_ipam: + name: byoip_cidr_to_ipam + methods: + byoip_cidr_to_ipam_Move: + operation: + $ref: '#/paths/~1?Action=MoveByoipCidrToIpam&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.byoip_cidr_to_ipam + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: byoip_cidr_to_ipam + byoip_cidrs: + name: byoip_cidrs + methods: + byoip_cidr_Advertise: + operation: + $ref: '#/paths/~1?Action=AdvertiseByoipCidr&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + byoip_cidr_Deprovision: + operation: + $ref: '#/paths/~1?Action=DeprovisionByoipCidr&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + byoip_cidr_Provision: + operation: + $ref: '#/paths/~1?Action=ProvisionByoipCidr&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + byoip_cidr_Withdraw: + operation: + $ref: '#/paths/~1?Action=WithdrawByoipCidr&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + byoip_cidrs_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeByoipCidrs&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/byoipCidrSet/item + openAPIDocKey: '200' + id: aws.ec2_api.byoip_cidrs + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/byoip_cidrs/methods/byoip_cidrs_Describe' + update: [] + title: byoip_cidrs + capacity_reservation_fleets: + name: capacity_reservation_fleets + methods: + capacity_reservation_fleet_Create: + operation: + $ref: '#/paths/~1?Action=CreateCapacityReservationFleet&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + capacity_reservation_fleet_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyCapacityReservationFleet&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + capacity_reservation_fleets_Cancel: + operation: + $ref: '#/paths/~1?Action=CancelCapacityReservationFleets&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + capacity_reservation_fleets_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeCapacityReservationFleets&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/capacityReservationFleetSet/item + openAPIDocKey: '200' + id: aws.ec2_api.capacity_reservation_fleets + sqlVerbs: + delete: [] + insert: + - $ref: '#/components/x-stackQL-resources/capacity_reservation_fleets/methods/capacity_reservation_fleet_Create' + select: + - $ref: '#/components/x-stackQL-resources/capacity_reservation_fleets/methods/capacity_reservation_fleets_Describe' + update: [] + title: capacity_reservation_fleets + capacity_reservation_usage: + name: capacity_reservation_usage + methods: + capacity_reservation_usage_Get: + operation: + $ref: '#/paths/~1?Action=GetCapacityReservationUsage&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.capacity_reservation_usage + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/capacity_reservation_usage/methods/capacity_reservation_usage_Get' + update: [] + title: capacity_reservation_usage + capacity_reservations: + name: capacity_reservations + methods: + capacity_reservation_Cancel: + operation: + $ref: '#/paths/~1?Action=CancelCapacityReservation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + capacity_reservation_Create: + operation: + $ref: '#/paths/~1?Action=CreateCapacityReservation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + capacity_reservation_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyCapacityReservation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + capacity_reservations_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeCapacityReservations&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/capacityReservationSet/item + openAPIDocKey: '200' + id: aws.ec2_api.capacity_reservations + sqlVerbs: + delete: [] + insert: + - $ref: '#/components/x-stackQL-resources/capacity_reservations/methods/capacity_reservation_Create' + select: + - $ref: '#/components/x-stackQL-resources/capacity_reservations/methods/capacity_reservations_Describe' + update: [] + title: capacity_reservations + carrier_gateways: + name: carrier_gateways + methods: + carrier_gateway_Create: + operation: + $ref: '#/paths/~1?Action=CreateCarrierGateway&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + carrier_gateway_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteCarrierGateway&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + carrier_gateways_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeCarrierGateways&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/carrierGatewaySet/item + openAPIDocKey: '200' + id: aws.ec2_api.carrier_gateways + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/carrier_gateways/methods/carrier_gateway_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/carrier_gateways/methods/carrier_gateway_Create' + select: + - $ref: '#/components/x-stackQL-resources/carrier_gateways/methods/carrier_gateways_Describe' + update: [] + title: carrier_gateways + classic_link_instances: + name: classic_link_instances + methods: + classic_link_instances_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeClassicLinkInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/instancesSet/item + openAPIDocKey: '200' + id: aws.ec2_api.classic_link_instances + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/classic_link_instances/methods/classic_link_instances_Describe' + update: [] + title: classic_link_instances + classic_link_vpc: + name: classic_link_vpc + methods: + classic_link_vpc_Attach: + operation: + $ref: '#/paths/~1?Action=AttachClassicLinkVpc&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + classic_link_vpc_Detach: + operation: + $ref: '#/paths/~1?Action=DetachClassicLinkVpc&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.classic_link_vpc + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: classic_link_vpc + client_vpn_authorization_rules: + name: client_vpn_authorization_rules + methods: + client_vpn_authorization_rules_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeClientVpnAuthorizationRules&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/authorizationRule/item + openAPIDocKey: '200' + id: aws.ec2_api.client_vpn_authorization_rules + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/client_vpn_authorization_rules/methods/client_vpn_authorization_rules_Describe' + update: [] + title: client_vpn_authorization_rules + client_vpn_client_certificate_revocation_list: + name: client_vpn_client_certificate_revocation_list + methods: + client_vpn_client_certificate_revocation_list_Export: + operation: + $ref: '#/paths/~1?Action=ExportClientVpnClientCertificateRevocationList&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + client_vpn_client_certificate_revocation_list_Import: + operation: + $ref: '#/paths/~1?Action=ImportClientVpnClientCertificateRevocationList&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.client_vpn_client_certificate_revocation_list + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: client_vpn_client_certificate_revocation_list + client_vpn_client_configuration: + name: client_vpn_client_configuration + methods: + client_vpn_client_configuration_Export: + operation: + $ref: '#/paths/~1?Action=ExportClientVpnClientConfiguration&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.client_vpn_client_configuration + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: client_vpn_client_configuration + client_vpn_connections: + name: client_vpn_connections + methods: + client_vpn_connections_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeClientVpnConnections&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/connections/item + openAPIDocKey: '200' + client_vpn_connections_Terminate: + operation: + $ref: '#/paths/~1?Action=TerminateClientVpnConnections&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.client_vpn_connections + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/client_vpn_connections/methods/client_vpn_connections_Describe' + update: [] + title: client_vpn_connections + client_vpn_endpoints: + name: client_vpn_endpoints + methods: + client_vpn_endpoint_Create: + operation: + $ref: '#/paths/~1?Action=CreateClientVpnEndpoint&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + client_vpn_endpoint_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteClientVpnEndpoint&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + client_vpn_endpoint_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyClientVpnEndpoint&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + client_vpn_endpoints_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeClientVpnEndpoints&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/clientVpnEndpoint/item + openAPIDocKey: '200' + id: aws.ec2_api.client_vpn_endpoints + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/client_vpn_endpoints/methods/client_vpn_endpoint_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/client_vpn_endpoints/methods/client_vpn_endpoint_Create' + select: + - $ref: '#/components/x-stackQL-resources/client_vpn_endpoints/methods/client_vpn_endpoints_Describe' + update: [] + title: client_vpn_endpoints + client_vpn_ingress: + name: client_vpn_ingress + methods: + client_vpn_ingress_Authorize: + operation: + $ref: '#/paths/~1?Action=AuthorizeClientVpnIngress&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + client_vpn_ingress_Revoke: + operation: + $ref: '#/paths/~1?Action=RevokeClientVpnIngress&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.client_vpn_ingress + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: client_vpn_ingress + client_vpn_routes: + name: client_vpn_routes + methods: + client_vpn_route_Create: + operation: + $ref: '#/paths/~1?Action=CreateClientVpnRoute&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + client_vpn_route_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteClientVpnRoute&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + client_vpn_routes_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeClientVpnRoutes&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/routes/item + openAPIDocKey: '200' + id: aws.ec2_api.client_vpn_routes + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/client_vpn_routes/methods/client_vpn_route_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/client_vpn_routes/methods/client_vpn_route_Create' + select: + - $ref: '#/components/x-stackQL-resources/client_vpn_routes/methods/client_vpn_routes_Describe' + update: [] + title: client_vpn_routes + client_vpn_target_networks: + name: client_vpn_target_networks + methods: + client_vpn_target_network_Associate: + operation: + $ref: '#/paths/~1?Action=AssociateClientVpnTargetNetwork&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + client_vpn_target_network_Disassociate: + operation: + $ref: '#/paths/~1?Action=DisassociateClientVpnTargetNetwork&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + client_vpn_target_networks_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeClientVpnTargetNetworks&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/clientVpnTargetNetworks/item + openAPIDocKey: '200' + id: aws.ec2_api.client_vpn_target_networks + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/client_vpn_target_networks/methods/client_vpn_target_networks_Describe' + update: [] + title: client_vpn_target_networks + coip_pool_usage: + name: coip_pool_usage + methods: + coip_pool_usage_Get: + operation: + $ref: '#/paths/~1?Action=GetCoipPoolUsage&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/coipAddressUsageSet/item + openAPIDocKey: '200' + id: aws.ec2_api.coip_pool_usage + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/coip_pool_usage/methods/coip_pool_usage_Get' + update: [] + title: coip_pool_usage + coip_pools: + name: coip_pools + methods: + coip_pools_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeCoipPools&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/coipPoolSet/item + openAPIDocKey: '200' + id: aws.ec2_api.coip_pools + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/coip_pools/methods/coip_pools_Describe' + update: [] + title: coip_pools + console_output: + name: console_output + methods: + console_output_Get: + operation: + $ref: '#/paths/~1?Action=GetConsoleOutput&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.console_output + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/console_output/methods/console_output_Get' + update: [] + title: console_output + console_screenshot: + name: console_screenshot + methods: + console_screenshot_Get: + operation: + $ref: '#/paths/~1?Action=GetConsoleScreenshot&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.console_screenshot + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/console_screenshot/methods/console_screenshot_Get' + update: [] + title: console_screenshot + conversion_tasks: + name: conversion_tasks + methods: + conversion_task_Cancel: + operation: + $ref: '#/paths/~1?Action=CancelConversionTask&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + conversion_tasks_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeConversionTasks&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/conversionTasks/item + openAPIDocKey: '200' + id: aws.ec2_api.conversion_tasks + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/conversion_tasks/methods/conversion_tasks_Describe' + update: [] + title: conversion_tasks + customer_gateways: + name: customer_gateways + methods: + customer_gateway_Create: + operation: + $ref: '#/paths/~1?Action=CreateCustomerGateway&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + customer_gateway_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteCustomerGateway&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + customer_gateways_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeCustomerGateways&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/customerGatewaySet/item + openAPIDocKey: '200' + id: aws.ec2_api.customer_gateways + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/customer_gateways/methods/customer_gateway_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/customer_gateways/methods/customer_gateway_Create' + select: + - $ref: '#/components/x-stackQL-resources/customer_gateways/methods/customer_gateways_Describe' + update: [] + title: customer_gateways + default_credit_specification: + name: default_credit_specification + methods: + default_credit_specification_Get: + operation: + $ref: '#/paths/~1?Action=GetDefaultCreditSpecification&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/instanceFamilyCreditSpecification + openAPIDocKey: '200' + default_credit_specification_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyDefaultCreditSpecification&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.default_credit_specification + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/default_credit_specification/methods/default_credit_specification_Get' + update: [] + title: default_credit_specification + default_subnet: + name: default_subnet + methods: + default_subnet_Create: + operation: + $ref: '#/paths/~1?Action=CreateDefaultSubnet&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.default_subnet + sqlVerbs: + delete: [] + insert: + - $ref: '#/components/x-stackQL-resources/default_subnet/methods/default_subnet_Create' + select: [] + update: [] + title: default_subnet + default_vpc: + name: default_vpc + methods: + default_vpc_Create: + operation: + $ref: '#/paths/~1?Action=CreateDefaultVpc&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.default_vpc + sqlVerbs: + delete: [] + insert: + - $ref: '#/components/x-stackQL-resources/default_vpc/methods/default_vpc_Create' + select: [] + update: [] + title: default_vpc + dhcp_options: + name: dhcp_options + methods: + dhcp_options_Associate: + operation: + $ref: '#/paths/~1?Action=AssociateDhcpOptions&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + dhcp_options_Create: + operation: + $ref: '#/paths/~1?Action=CreateDhcpOptions&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + dhcp_options_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteDhcpOptions&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + dhcp_options_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeDhcpOptions&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/dhcpOptionsSet/item + openAPIDocKey: '200' + id: aws.ec2_api.dhcp_options + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/dhcp_options/methods/dhcp_options_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/dhcp_options/methods/dhcp_options_Create' + select: + - $ref: '#/components/x-stackQL-resources/dhcp_options/methods/dhcp_options_Describe' + update: [] + title: dhcp_options + diagnostic_interrupt: + name: diagnostic_interrupt + methods: + diagnostic_interrupt_Send: + operation: + $ref: '#/paths/~1?Action=SendDiagnosticInterrupt&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.diagnostic_interrupt + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: diagnostic_interrupt + ebs_default_kms_key_id: + name: ebs_default_kms_key_id + methods: + ebs_default_kms_key_id_Get: + operation: + $ref: '#/paths/~1?Action=GetEbsDefaultKmsKeyId&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + ebs_default_kms_key_id_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyEbsDefaultKmsKeyId&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ebs_default_kms_key_id_Reset: + operation: + $ref: '#/paths/~1?Action=ResetEbsDefaultKmsKeyId&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.ebs_default_kms_key_id + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/ebs_default_kms_key_id/methods/ebs_default_kms_key_id_Get' + update: [] + title: ebs_default_kms_key_id + ebs_encryption_by_default: + name: ebs_encryption_by_default + methods: + ebs_encryption_by_default_Disable: + operation: + $ref: '#/paths/~1?Action=DisableEbsEncryptionByDefault&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ebs_encryption_by_default_Enable: + operation: + $ref: '#/paths/~1?Action=EnableEbsEncryptionByDefault&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ebs_encryption_by_default_Get: + operation: + $ref: '#/paths/~1?Action=GetEbsEncryptionByDefault&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.ebs_encryption_by_default + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/ebs_encryption_by_default/methods/ebs_encryption_by_default_Get' + update: [] + title: ebs_encryption_by_default + egress_only_internet_gateways: + name: egress_only_internet_gateways + methods: + egress_only_internet_gateway_Create: + operation: + $ref: '#/paths/~1?Action=CreateEgressOnlyInternetGateway&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + egress_only_internet_gateway_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteEgressOnlyInternetGateway&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + egress_only_internet_gateways_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeEgressOnlyInternetGateways&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/egressOnlyInternetGatewaySet/item + openAPIDocKey: '200' + id: aws.ec2_api.egress_only_internet_gateways + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/egress_only_internet_gateways/methods/egress_only_internet_gateway_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/egress_only_internet_gateways/methods/egress_only_internet_gateway_Create' + select: + - $ref: '#/components/x-stackQL-resources/egress_only_internet_gateways/methods/egress_only_internet_gateways_Describe' + update: [] + title: egress_only_internet_gateways + elastic_gpus: + name: elastic_gpus + methods: + elastic_gpus_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeElasticGpus&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/elasticGpuSet/item + openAPIDocKey: '200' + id: aws.ec2_api.elastic_gpus + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/elastic_gpus/methods/elastic_gpus_Describe' + update: [] + title: elastic_gpus + enclave_certificate_iam_role: + name: enclave_certificate_iam_role + methods: + enclave_certificate_iam_role_Associate: + operation: + $ref: '#/paths/~1?Action=AssociateEnclaveCertificateIamRole&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + enclave_certificate_iam_role_Disassociate: + operation: + $ref: '#/paths/~1?Action=DisassociateEnclaveCertificateIamRole&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.enclave_certificate_iam_role + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: enclave_certificate_iam_role + export_image_tasks: + name: export_image_tasks + methods: + export_image_tasks_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeExportImageTasks&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/exportImageTaskSet/item + openAPIDocKey: '200' + id: aws.ec2_api.export_image_tasks + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/export_image_tasks/methods/export_image_tasks_Describe' + update: [] + title: export_image_tasks + export_tasks: + name: export_tasks + methods: + export_task_Cancel: + operation: + $ref: '#/paths/~1?Action=CancelExportTask&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + export_tasks_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeExportTasks&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/exportTaskSet/item + openAPIDocKey: '200' + id: aws.ec2_api.export_tasks + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/export_tasks/methods/export_tasks_Describe' + update: [] + title: export_tasks + fast_launch: + name: fast_launch + methods: + fast_launch_Disable: + operation: + $ref: '#/paths/~1?Action=DisableFastLaunch&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + fast_launch_Enable: + operation: + $ref: '#/paths/~1?Action=EnableFastLaunch&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.fast_launch + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: fast_launch + fast_launch_images: + name: fast_launch_images + methods: + fast_launch_images_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeFastLaunchImages&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/fastLaunchImageSet/item + openAPIDocKey: '200' + id: aws.ec2_api.fast_launch_images + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/fast_launch_images/methods/fast_launch_images_Describe' + update: [] + title: fast_launch_images + fast_snapshot_restores: + name: fast_snapshot_restores + methods: + fast_snapshot_restores_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeFastSnapshotRestores&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/fastSnapshotRestoreSet/item + openAPIDocKey: '200' + fast_snapshot_restores_Disable: + operation: + $ref: '#/paths/~1?Action=DisableFastSnapshotRestores&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + fast_snapshot_restores_Enable: + operation: + $ref: '#/paths/~1?Action=EnableFastSnapshotRestores&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.fast_snapshot_restores + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/fast_snapshot_restores/methods/fast_snapshot_restores_Describe' + update: [] + title: fast_snapshot_restores + fleet_history: + name: fleet_history + methods: + fleet_history_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeFleetHistory&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.fleet_history + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/fleet_history/methods/fleet_history_Describe' + update: [] + title: fleet_history + fleet_instances: + name: fleet_instances + methods: + fleet_instances_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeFleetInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/activeInstanceSet/item + openAPIDocKey: '200' + id: aws.ec2_api.fleet_instances + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/fleet_instances/methods/fleet_instances_Describe' + update: [] + title: fleet_instances + fleets: + name: fleets + methods: + fleet_Create: + operation: + $ref: '#/paths/~1?Action=CreateFleet&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + fleet_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyFleet&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + fleets_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteFleets&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + fleets_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeFleets&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/fleetSet/item + openAPIDocKey: '200' + id: aws.ec2_api.fleets + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/fleets/methods/fleets_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/fleets/methods/fleet_Create' + select: + - $ref: '#/components/x-stackQL-resources/fleets/methods/fleets_Describe' + update: [] + title: fleets + flow_logs: + name: flow_logs + methods: + flow_logs_Create: + operation: + $ref: '#/paths/~1?Action=CreateFlowLogs&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + flow_logs_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteFlowLogs&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + flow_logs_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeFlowLogs&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/flowLogSet/item + openAPIDocKey: '200' + id: aws.ec2_api.flow_logs + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/flow_logs/methods/flow_logs_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/flow_logs/methods/flow_logs_Create' + select: + - $ref: '#/components/x-stackQL-resources/flow_logs/methods/flow_logs_Describe' + update: [] + title: flow_logs + flow_logs_integration_template: + name: flow_logs_integration_template + methods: + flow_logs_integration_template_Get: + operation: + $ref: '#/paths/~1?Action=GetFlowLogsIntegrationTemplate&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.flow_logs_integration_template + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/flow_logs_integration_template/methods/flow_logs_integration_template_Get' + update: [] + title: flow_logs_integration_template + fpga_image_attribute: + name: fpga_image_attribute + methods: + fpga_image_attribute_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeFpgaImageAttribute&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + fpga_image_attribute_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyFpgaImageAttribute&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + fpga_image_attribute_Reset: + operation: + $ref: '#/paths/~1?Action=ResetFpgaImageAttribute&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.fpga_image_attribute + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/fpga_image_attribute/methods/fpga_image_attribute_Describe' + update: [] + title: fpga_image_attribute + fpga_images: + name: fpga_images + methods: + fpga_image_Copy: + operation: + $ref: '#/paths/~1?Action=CopyFpgaImage&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + fpga_image_Create: + operation: + $ref: '#/paths/~1?Action=CreateFpgaImage&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + fpga_image_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteFpgaImage&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + fpga_images_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeFpgaImages&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/fpgaImageSet/item + openAPIDocKey: '200' + id: aws.ec2_api.fpga_images + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/fpga_images/methods/fpga_image_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/fpga_images/methods/fpga_image_Create' + select: + - $ref: '#/components/x-stackQL-resources/fpga_images/methods/fpga_images_Describe' + update: [] + title: fpga_images + groups_for_capacity_reservation: + name: groups_for_capacity_reservation + methods: + groups_for_capacity_reservation_Get: + operation: + $ref: '#/paths/~1?Action=GetGroupsForCapacityReservation&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/capacityReservationGroupSet/item + openAPIDocKey: '200' + id: aws.ec2_api.groups_for_capacity_reservation + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/groups_for_capacity_reservation/methods/groups_for_capacity_reservation_Get' + update: [] + title: groups_for_capacity_reservation + host_reservation_offerings: + name: host_reservation_offerings + methods: + host_reservation_offerings_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeHostReservationOfferings&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/offeringSet/item + openAPIDocKey: '200' + id: aws.ec2_api.host_reservation_offerings + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/host_reservation_offerings/methods/host_reservation_offerings_Describe' + update: [] + title: host_reservation_offerings + host_reservation_purchase_preview: + name: host_reservation_purchase_preview + methods: + host_reservation_purchase_preview_Get: + operation: + $ref: '#/paths/~1?Action=GetHostReservationPurchasePreview&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.host_reservation_purchase_preview + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/host_reservation_purchase_preview/methods/host_reservation_purchase_preview_Get' + update: [] + title: host_reservation_purchase_preview + host_reservations: + name: host_reservations + methods: + host_reservation_Purchase: + operation: + $ref: '#/paths/~1?Action=PurchaseHostReservation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + host_reservations_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeHostReservations&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/hostReservationSet/item + openAPIDocKey: '200' + id: aws.ec2_api.host_reservations + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/host_reservations/methods/host_reservations_Describe' + update: [] + title: host_reservations + hosts: + name: hosts + methods: + hosts_Allocate: + operation: + $ref: '#/paths/~1?Action=AllocateHosts&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + hosts_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeHosts&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/hostSet/item + openAPIDocKey: '200' + hosts_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyHosts&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + hosts_Release: + operation: + $ref: '#/paths/~1?Action=ReleaseHosts&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.hosts + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/hosts/methods/hosts_Describe' + update: [] + title: hosts + iam_instance_profile: + name: iam_instance_profile + methods: + iam_instance_profile_Associate: + operation: + $ref: '#/paths/~1?Action=AssociateIamInstanceProfile&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + iam_instance_profile_Disassociate: + operation: + $ref: '#/paths/~1?Action=DisassociateIamInstanceProfile&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.iam_instance_profile + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: iam_instance_profile + iam_instance_profile_associations: + name: iam_instance_profile_associations + methods: + iam_instance_profile_association_Replace: + operation: + $ref: '#/paths/~1?Action=ReplaceIamInstanceProfileAssociation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + iam_instance_profile_associations_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeIamInstanceProfileAssociations&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/iamInstanceProfileAssociationSet/item + openAPIDocKey: '200' + id: aws.ec2_api.iam_instance_profile_associations + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/iam_instance_profile_associations/methods/iam_instance_profile_associations_Describe' + update: [] + title: iam_instance_profile_associations + id_format: + name: id_format + methods: + id_format_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeIdFormat&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/statusSet/item + openAPIDocKey: '200' + id_format_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyIdFormat&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.id_format + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/id_format/methods/id_format_Describe' + update: [] + title: id_format + identity_id_format: + name: identity_id_format + methods: + identity_id_format_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeIdentityIdFormat&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/statusSet/item + openAPIDocKey: '200' + identity_id_format_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyIdentityIdFormat&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.identity_id_format + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/identity_id_format/methods/identity_id_format_Describe' + update: [] + title: identity_id_format + image_attribute: + name: image_attribute + methods: + image_attribute_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeImageAttribute&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + image_attribute_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyImageAttribute&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + image_attribute_Reset: + operation: + $ref: '#/paths/~1?Action=ResetImageAttribute&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.image_attribute + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/image_attribute/methods/image_attribute_Describe' + update: [] + title: image_attribute + image_deprecation: + name: image_deprecation + methods: + image_deprecation_Disable: + operation: + $ref: '#/paths/~1?Action=DisableImageDeprecation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + image_deprecation_Enable: + operation: + $ref: '#/paths/~1?Action=EnableImageDeprecation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.image_deprecation + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: image_deprecation + image_from_recycle_bin: + name: image_from_recycle_bin + methods: + image_from_recycle_bin_Restore: + operation: + $ref: '#/paths/~1?Action=RestoreImageFromRecycleBin&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.image_from_recycle_bin + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: image_from_recycle_bin + images: + name: images + methods: + image_Copy: + operation: + $ref: '#/paths/~1?Action=CopyImage&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + image_Create: + operation: + $ref: '#/paths/~1?Action=CreateImage&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + image_Deregister: + operation: + $ref: '#/paths/~1?Action=DeregisterImage&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + image_Export: + operation: + $ref: '#/paths/~1?Action=ExportImage&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + image_Import: + operation: + $ref: '#/paths/~1?Action=ImportImage&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + image_Register: + operation: + $ref: '#/paths/~1?Action=RegisterImage&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + images_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeImages&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.images + sqlVerbs: + delete: [] + insert: + - $ref: '#/components/x-stackQL-resources/images/methods/image_Create' + select: + - $ref: '#/components/x-stackQL-resources/images/methods/images_Describe' + update: [] + title: images + images_in_recycle_bin: + name: images_in_recycle_bin + methods: + images_in_recycle_bin_List: + operation: + $ref: '#/paths/~1?Action=ListImagesInRecycleBin&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/imageSet/item + openAPIDocKey: '200' + id: aws.ec2_api.images_in_recycle_bin + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/images_in_recycle_bin/methods/images_in_recycle_bin_List' + update: [] + title: images_in_recycle_bin + import_image_tasks: + name: import_image_tasks + methods: + import_image_tasks_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeImportImageTasks&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/importImageTaskSet/item + openAPIDocKey: '200' + id: aws.ec2_api.import_image_tasks + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/import_image_tasks/methods/import_image_tasks_Describe' + update: [] + title: import_image_tasks + import_snapshot_tasks: + name: import_snapshot_tasks + methods: + import_snapshot_tasks_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeImportSnapshotTasks&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/importSnapshotTaskSet/item + openAPIDocKey: '200' + id: aws.ec2_api.import_snapshot_tasks + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/import_snapshot_tasks/methods/import_snapshot_tasks_Describe' + update: [] + title: import_snapshot_tasks + import_task: + name: import_task + methods: + import_task_Cancel: + operation: + $ref: '#/paths/~1?Action=CancelImportTask&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.import_task + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: import_task + instance_attribute: + name: instance_attribute + methods: + instance_attribute_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeInstanceAttribute&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + instance_attribute_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyInstanceAttribute&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + instance_attribute_Reset: + operation: + $ref: '#/paths/~1?Action=ResetInstanceAttribute&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.instance_attribute + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/instance_attribute/methods/instance_attribute_Describe' + update: [] + title: instance_attribute + instance_capacity_reservation_attributes: + name: instance_capacity_reservation_attributes + methods: + instance_capacity_reservation_attributes_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyInstanceCapacityReservationAttributes&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.instance_capacity_reservation_attributes + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: instance_capacity_reservation_attributes + instance_credit_specifications: + name: instance_credit_specifications + methods: + instance_credit_specification_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyInstanceCreditSpecification&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + instance_credit_specifications_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeInstanceCreditSpecifications&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/instanceCreditSpecificationSet/item + openAPIDocKey: '200' + id: aws.ec2_api.instance_credit_specifications + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/instance_credit_specifications/methods/instance_credit_specifications_Describe' + update: [] + title: instance_credit_specifications + instance_event_notification_attributes: + name: instance_event_notification_attributes + methods: + instance_event_notification_attributes_Deregister: + operation: + $ref: '#/paths/~1?Action=DeregisterInstanceEventNotificationAttributes&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + instance_event_notification_attributes_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeInstanceEventNotificationAttributes&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + instance_event_notification_attributes_Register: + operation: + $ref: '#/paths/~1?Action=RegisterInstanceEventNotificationAttributes&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.instance_event_notification_attributes + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/instance_event_notification_attributes/methods/instance_event_notification_attributes_Describe' + update: [] + title: instance_event_notification_attributes + instance_event_start_time: + name: instance_event_start_time + methods: + instance_event_start_time_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyInstanceEventStartTime&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.instance_event_start_time + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: instance_event_start_time + instance_event_windows: + name: instance_event_windows + methods: + instance_event_window_Associate: + operation: + $ref: '#/paths/~1?Action=AssociateInstanceEventWindow&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + instance_event_window_Create: + operation: + $ref: '#/paths/~1?Action=CreateInstanceEventWindow&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + instance_event_window_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteInstanceEventWindow&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + instance_event_window_Disassociate: + operation: + $ref: '#/paths/~1?Action=DisassociateInstanceEventWindow&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + instance_event_window_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyInstanceEventWindow&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + instance_event_windows_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeInstanceEventWindows&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/instanceEventWindowSet/item + openAPIDocKey: '200' + id: aws.ec2_api.instance_event_windows + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/instance_event_windows/methods/instance_event_window_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/instance_event_windows/methods/instance_event_window_Create' + select: + - $ref: '#/components/x-stackQL-resources/instance_event_windows/methods/instance_event_windows_Describe' + update: [] + title: instance_event_windows + instance_export_task: + name: instance_export_task + methods: + instance_export_task_Create: + operation: + $ref: '#/paths/~1?Action=CreateInstanceExportTask&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.instance_export_task + sqlVerbs: + delete: [] + insert: + - $ref: '#/components/x-stackQL-resources/instance_export_task/methods/instance_export_task_Create' + select: [] + update: [] + title: instance_export_task + instance_maintenance_options: + name: instance_maintenance_options + methods: + instance_maintenance_options_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyInstanceMaintenanceOptions&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.instance_maintenance_options + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: instance_maintenance_options + instance_metadata_options: + name: instance_metadata_options + methods: + instance_metadata_options_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyInstanceMetadataOptions&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.instance_metadata_options + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: instance_metadata_options + instance_placement: + name: instance_placement + methods: + instance_placement_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyInstancePlacement&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.instance_placement + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: instance_placement + instance_status: + name: instance_status + methods: + instance_status_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeInstanceStatus&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/instanceStatusSet/item + openAPIDocKey: '200' + instance_status_Report: + operation: + $ref: '#/paths/~1?Action=ReportInstanceStatus&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.instance_status + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/instance_status/methods/instance_status_Describe' + update: [] + title: instance_status + instance_type_offerings: + name: instance_type_offerings + methods: + instance_type_offerings_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeInstanceTypeOfferings&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/instanceTypeOfferingSet/item + openAPIDocKey: '200' + id: aws.ec2_api.instance_type_offerings + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/instance_type_offerings/methods/instance_type_offerings_Describe' + update: [] + title: instance_type_offerings + instance_types: + name: instance_types + methods: + instance_types_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeInstanceTypes&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/instanceTypeSet/item + openAPIDocKey: '200' + id: aws.ec2_api.instance_types + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/instance_types/methods/instance_types_Describe' + update: [] + title: instance_types + instance_types_from_instance_requirements: + name: instance_types_from_instance_requirements + methods: + instance_types_from_instance_requirements_Get: + operation: + $ref: '#/paths/~1?Action=GetInstanceTypesFromInstanceRequirements&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/instanceTypeSet/item + openAPIDocKey: '200' + id: aws.ec2_api.instance_types_from_instance_requirements + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/instance_types_from_instance_requirements/methods/instance_types_from_instance_requirements_Get' + update: [] + title: instance_types_from_instance_requirements + instance_uefi_data: + name: instance_uefi_data + methods: + instance_uefi_data_Get: + operation: + $ref: '#/paths/~1?Action=GetInstanceUefiData&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.instance_uefi_data + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/instance_uefi_data/methods/instance_uefi_data_Get' + update: [] + title: instance_uefi_data + instances: + name: instances + methods: + instance_Bundle: + operation: + $ref: '#/paths/~1?Action=BundleInstance&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + instance_Import: + operation: + $ref: '#/paths/~1?Action=ImportInstance&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + instances_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/reservationSet/item/instancesSet/item + openAPIDocKey: '200' + instances_Monitor: + operation: + $ref: '#/paths/~1?Action=MonitorInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + instances_Reboot: + operation: + $ref: '#/paths/~1?Action=RebootInstances&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + instances_Run: + operation: + $ref: '#/paths/~1?Action=RunInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + instances_Start: + operation: + $ref: '#/paths/~1?Action=StartInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + instances_Stop: + operation: + $ref: '#/paths/~1?Action=StopInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + instances_Terminate: + operation: + $ref: '#/paths/~1?Action=TerminateInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + instances_Unmonitor: + operation: + $ref: '#/paths/~1?Action=UnmonitorInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.instances + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/instances/methods/instances_Describe' + update: [] + title: instances + internet_gateways: + name: internet_gateways + methods: + internet_gateway_Attach: + operation: + $ref: '#/paths/~1?Action=AttachInternetGateway&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + internet_gateway_Create: + operation: + $ref: '#/paths/~1?Action=CreateInternetGateway&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + internet_gateway_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteInternetGateway&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + internet_gateway_Detach: + operation: + $ref: '#/paths/~1?Action=DetachInternetGateway&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + internet_gateways_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeInternetGateways&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/internetGatewaySet/item + openAPIDocKey: '200' + id: aws.ec2_api.internet_gateways + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/internet_gateways/methods/internet_gateway_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/internet_gateways/methods/internet_gateway_Create' + select: + - $ref: '#/components/x-stackQL-resources/internet_gateways/methods/internet_gateways_Describe' + update: [] + title: internet_gateways + ipam_address_history: + name: ipam_address_history + methods: + ipam_address_history_Get: + operation: + $ref: '#/paths/~1?Action=GetIpamAddressHistory&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/historyRecordSet/item + openAPIDocKey: '200' + id: aws.ec2_api.ipam_address_history + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/ipam_address_history/methods/ipam_address_history_Get' + update: [] + title: ipam_address_history + ipam_organization_admin_account: + name: ipam_organization_admin_account + methods: + ipam_organization_admin_account_Disable: + operation: + $ref: '#/paths/~1?Action=DisableIpamOrganizationAdminAccount&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipam_organization_admin_account_Enable: + operation: + $ref: '#/paths/~1?Action=EnableIpamOrganizationAdminAccount&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.ipam_organization_admin_account + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: ipam_organization_admin_account + ipam_pool_allocations: + name: ipam_pool_allocations + methods: + ipam_pool_allocation_Release: + operation: + $ref: '#/paths/~1?Action=ReleaseIpamPoolAllocation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipam_pool_allocations_Get: + operation: + $ref: '#/paths/~1?Action=GetIpamPoolAllocations&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/ipamPoolAllocationSet/item + openAPIDocKey: '200' + id: aws.ec2_api.ipam_pool_allocations + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/ipam_pool_allocations/methods/ipam_pool_allocations_Get' + update: [] + title: ipam_pool_allocations + ipam_pool_cidrs: + name: ipam_pool_cidrs + methods: + ipam_pool_cidr_Allocate: + operation: + $ref: '#/paths/~1?Action=AllocateIpamPoolCidr&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipam_pool_cidr_Deprovision: + operation: + $ref: '#/paths/~1?Action=DeprovisionIpamPoolCidr&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipam_pool_cidr_Provision: + operation: + $ref: '#/paths/~1?Action=ProvisionIpamPoolCidr&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipam_pool_cidrs_Get: + operation: + $ref: '#/paths/~1?Action=GetIpamPoolCidrs&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/ipamPoolCidrSet/item + openAPIDocKey: '200' + id: aws.ec2_api.ipam_pool_cidrs + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/ipam_pool_cidrs/methods/ipam_pool_cidrs_Get' + update: [] + title: ipam_pool_cidrs + ipam_pools: + name: ipam_pools + methods: + ipam_pool_Create: + operation: + $ref: '#/paths/~1?Action=CreateIpamPool&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipam_pool_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteIpamPool&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipam_pool_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyIpamPool&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipam_pools_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeIpamPools&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/ipamPoolSet/item + openAPIDocKey: '200' + id: aws.ec2_api.ipam_pools + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/ipam_pools/methods/ipam_pool_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/ipam_pools/methods/ipam_pool_Create' + select: + - $ref: '#/components/x-stackQL-resources/ipam_pools/methods/ipam_pools_Describe' + update: [] + title: ipam_pools + ipam_resource_cidrs: + name: ipam_resource_cidrs + methods: + ipam_resource_cidr_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyIpamResourceCidr&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipam_resource_cidrs_Get: + operation: + $ref: '#/paths/~1?Action=GetIpamResourceCidrs&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/ipamResourceCidrSet/item + openAPIDocKey: '200' + id: aws.ec2_api.ipam_resource_cidrs + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/ipam_resource_cidrs/methods/ipam_resource_cidrs_Get' + update: [] + title: ipam_resource_cidrs + ipam_scopes: + name: ipam_scopes + methods: + ipam_scope_Create: + operation: + $ref: '#/paths/~1?Action=CreateIpamScope&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipam_scope_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteIpamScope&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipam_scope_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyIpamScope&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipam_scopes_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeIpamScopes&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/ipamScopeSet/item + openAPIDocKey: '200' + id: aws.ec2_api.ipam_scopes + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/ipam_scopes/methods/ipam_scope_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/ipam_scopes/methods/ipam_scope_Create' + select: + - $ref: '#/components/x-stackQL-resources/ipam_scopes/methods/ipam_scopes_Describe' + update: [] + title: ipam_scopes + ipams: + name: ipams + methods: + ipam_Create: + operation: + $ref: '#/paths/~1?Action=CreateIpam&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipam_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteIpam&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipam_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyIpam&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipams_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeIpams&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/ipamSet/item + openAPIDocKey: '200' + id: aws.ec2_api.ipams + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/ipams/methods/ipam_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/ipams/methods/ipam_Create' + select: + - $ref: '#/components/x-stackQL-resources/ipams/methods/ipams_Describe' + update: [] + title: ipams + ipv6_addresses: + name: ipv6_addresses + methods: + ipv6_addresses_Assign: + operation: + $ref: '#/paths/~1?Action=AssignIpv6Addresses&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + ipv6_addresses_Unassign: + operation: + $ref: '#/paths/~1?Action=UnassignIpv6Addresses&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.ipv6_addresses + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: ipv6_addresses + ipv6_pools: + name: ipv6_pools + methods: + ipv6_pools_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeIpv6Pools&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/ipv6PoolSet/item + openAPIDocKey: '200' + id: aws.ec2_api.ipv6_pools + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/ipv6_pools/methods/ipv6_pools_Describe' + update: [] + title: ipv6_pools + key_pairs: + name: key_pairs + methods: + key_pair_Create: + operation: + $ref: '#/paths/~1?Action=CreateKeyPair&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + key_pair_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteKeyPair&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + key_pair_Import: + operation: + $ref: '#/paths/~1?Action=ImportKeyPair&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + key_pairs_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeKeyPairs&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.key_pairs + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/key_pairs/methods/key_pair_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/key_pairs/methods/key_pair_Create' + select: + - $ref: '#/components/x-stackQL-resources/key_pairs/methods/key_pairs_Describe' + update: [] + title: key_pairs + launch_template_data: + name: launch_template_data + methods: + launch_template_data_Get: + operation: + $ref: '#/paths/~1?Action=GetLaunchTemplateData&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.launch_template_data + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/launch_template_data/methods/launch_template_data_Get' + update: [] + title: launch_template_data + launch_template_versions: + name: launch_template_versions + methods: + launch_template_version_Create: + operation: + $ref: '#/paths/~1?Action=CreateLaunchTemplateVersion&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + launch_template_versions_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteLaunchTemplateVersions&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + launch_template_versions_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeLaunchTemplateVersions&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/launchTemplateVersionSet/item + openAPIDocKey: '200' + id: aws.ec2_api.launch_template_versions + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/launch_template_versions/methods/launch_template_versions_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/launch_template_versions/methods/launch_template_version_Create' + select: + - $ref: '#/components/x-stackQL-resources/launch_template_versions/methods/launch_template_versions_Describe' + update: [] + title: launch_template_versions + launch_templates: + name: launch_templates + methods: + launch_template_Create: + operation: + $ref: '#/paths/~1?Action=CreateLaunchTemplate&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + launch_template_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteLaunchTemplate&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + launch_template_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyLaunchTemplate&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + launch_templates_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeLaunchTemplates&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/launchTemplates/item + openAPIDocKey: '200' + id: aws.ec2_api.launch_templates + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/launch_templates/methods/launch_template_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/launch_templates/methods/launch_template_Create' + select: + - $ref: '#/components/x-stackQL-resources/launch_templates/methods/launch_templates_Describe' + update: [] + title: launch_templates + local_gateway_route_table_virtual_interface_group_associations: + name: local_gateway_route_table_virtual_interface_group_associations + methods: + local_gateway_route_table_virtual_interface_group_associations_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/localGatewayRouteTableVirtualInterfaceGroupAssociationSet/item + openAPIDocKey: '200' + id: aws.ec2_api.local_gateway_route_table_virtual_interface_group_associations + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/local_gateway_route_table_virtual_interface_group_associations/methods/local_gateway_route_table_virtual_interface_group_associations_Describe' + update: [] + title: local_gateway_route_table_virtual_interface_group_associations + local_gateway_route_table_vpc_associations: + name: local_gateway_route_table_vpc_associations + methods: + local_gateway_route_table_vpc_association_Create: + operation: + $ref: '#/paths/~1?Action=CreateLocalGatewayRouteTableVpcAssociation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + local_gateway_route_table_vpc_association_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteLocalGatewayRouteTableVpcAssociation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + local_gateway_route_table_vpc_associations_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeLocalGatewayRouteTableVpcAssociations&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/localGatewayRouteTableVpcAssociationSet/item + openAPIDocKey: '200' + id: aws.ec2_api.local_gateway_route_table_vpc_associations + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/local_gateway_route_table_vpc_associations/methods/local_gateway_route_table_vpc_association_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/local_gateway_route_table_vpc_associations/methods/local_gateway_route_table_vpc_association_Create' + select: + - $ref: '#/components/x-stackQL-resources/local_gateway_route_table_vpc_associations/methods/local_gateway_route_table_vpc_associations_Describe' + update: [] + title: local_gateway_route_table_vpc_associations + local_gateway_route_tables: + name: local_gateway_route_tables + methods: + local_gateway_route_tables_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeLocalGatewayRouteTables&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/localGatewayRouteTableSet/item + openAPIDocKey: '200' + id: aws.ec2_api.local_gateway_route_tables + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/local_gateway_route_tables/methods/local_gateway_route_tables_Describe' + update: [] + title: local_gateway_route_tables + local_gateway_routes: + name: local_gateway_routes + methods: + local_gateway_route_Create: + operation: + $ref: '#/paths/~1?Action=CreateLocalGatewayRoute&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + local_gateway_route_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteLocalGatewayRoute&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + local_gateway_routes_Search: + operation: + $ref: '#/paths/~1?Action=SearchLocalGatewayRoutes&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.local_gateway_routes + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/local_gateway_routes/methods/local_gateway_route_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/local_gateway_routes/methods/local_gateway_route_Create' + select: [] + update: [] + title: local_gateway_routes + local_gateway_virtual_interface_groups: + name: local_gateway_virtual_interface_groups + methods: + local_gateway_virtual_interface_groups_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeLocalGatewayVirtualInterfaceGroups&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/localGatewayVirtualInterfaceGroupSet/item + openAPIDocKey: '200' + id: aws.ec2_api.local_gateway_virtual_interface_groups + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/local_gateway_virtual_interface_groups/methods/local_gateway_virtual_interface_groups_Describe' + update: [] + title: local_gateway_virtual_interface_groups + local_gateway_virtual_interfaces: + name: local_gateway_virtual_interfaces + methods: + local_gateway_virtual_interfaces_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeLocalGatewayVirtualInterfaces&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/localGatewayVirtualInterfaceSet/item + openAPIDocKey: '200' + id: aws.ec2_api.local_gateway_virtual_interfaces + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/local_gateway_virtual_interfaces/methods/local_gateway_virtual_interfaces_Describe' + update: [] + title: local_gateway_virtual_interfaces + local_gateways: + name: local_gateways + methods: + local_gateways_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeLocalGateways&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/localGatewaySet/item + openAPIDocKey: '200' + id: aws.ec2_api.local_gateways + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/local_gateways/methods/local_gateways_Describe' + update: [] + title: local_gateways + managed_prefix_list_associations: + name: managed_prefix_list_associations + methods: + managed_prefix_list_associations_Get: + operation: + $ref: '#/paths/~1?Action=GetManagedPrefixListAssociations&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/prefixListAssociationSet/item + openAPIDocKey: '200' + id: aws.ec2_api.managed_prefix_list_associations + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/managed_prefix_list_associations/methods/managed_prefix_list_associations_Get' + update: [] + title: managed_prefix_list_associations + managed_prefix_list_entries: + name: managed_prefix_list_entries + methods: + managed_prefix_list_entries_Get: + operation: + $ref: '#/paths/~1?Action=GetManagedPrefixListEntries&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/entrySet/item + openAPIDocKey: '200' + id: aws.ec2_api.managed_prefix_list_entries + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/managed_prefix_list_entries/methods/managed_prefix_list_entries_Get' + update: [] + title: managed_prefix_list_entries + managed_prefix_list_version: + name: managed_prefix_list_version + methods: + managed_prefix_list_version_Restore: + operation: + $ref: '#/paths/~1?Action=RestoreManagedPrefixListVersion&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.managed_prefix_list_version + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: managed_prefix_list_version + managed_prefix_lists: + name: managed_prefix_lists + methods: + managed_prefix_list_Create: + operation: + $ref: '#/paths/~1?Action=CreateManagedPrefixList&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + managed_prefix_list_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteManagedPrefixList&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + managed_prefix_list_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyManagedPrefixList&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + managed_prefix_lists_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeManagedPrefixLists&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/prefixListSet/item + openAPIDocKey: '200' + id: aws.ec2_api.managed_prefix_lists + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/managed_prefix_lists/methods/managed_prefix_list_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/managed_prefix_lists/methods/managed_prefix_list_Create' + select: + - $ref: '#/components/x-stackQL-resources/managed_prefix_lists/methods/managed_prefix_lists_Describe' + update: [] + title: managed_prefix_lists + moving_addresses: + name: moving_addresses + methods: + moving_addresses_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeMovingAddresses&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/movingAddressStatusSet/item + openAPIDocKey: '200' + id: aws.ec2_api.moving_addresses + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/moving_addresses/methods/moving_addresses_Describe' + update: [] + title: moving_addresses + nat_gateways: + name: nat_gateways + methods: + nat_gateway_Create: + operation: + $ref: '#/paths/~1?Action=CreateNatGateway&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + nat_gateway_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteNatGateway&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + nat_gateways_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeNatGateways&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/natGatewaySet/item + openAPIDocKey: '200' + id: aws.ec2_api.nat_gateways + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/nat_gateways/methods/nat_gateway_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/nat_gateways/methods/nat_gateway_Create' + select: + - $ref: '#/components/x-stackQL-resources/nat_gateways/methods/nat_gateways_Describe' + update: [] + title: nat_gateways + network_acl_association: + name: network_acl_association + methods: + network_acl_association_Replace: + operation: + $ref: '#/paths/~1?Action=ReplaceNetworkAclAssociation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.network_acl_association + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: network_acl_association + network_acl_entry: + name: network_acl_entry + methods: + network_acl_entry_Create: + operation: + $ref: '#/paths/~1?Action=CreateNetworkAclEntry&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + network_acl_entry_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteNetworkAclEntry&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + network_acl_entry_Replace: + operation: + $ref: '#/paths/~1?Action=ReplaceNetworkAclEntry&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.network_acl_entry + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/network_acl_entry/methods/network_acl_entry_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/network_acl_entry/methods/network_acl_entry_Create' + select: [] + update: [] + title: network_acl_entry + network_acls: + name: network_acls + methods: + network_acl_Create: + operation: + $ref: '#/paths/~1?Action=CreateNetworkAcl&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + network_acl_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteNetworkAcl&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + network_acls_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeNetworkAcls&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/networkAclSet/item + openAPIDocKey: '200' + id: aws.ec2_api.network_acls + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/network_acls/methods/network_acl_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/network_acls/methods/network_acl_Create' + select: + - $ref: '#/components/x-stackQL-resources/network_acls/methods/network_acls_Describe' + update: [] + title: network_acls + network_insights_access_scope_analyses: + name: network_insights_access_scope_analyses + methods: + network_insights_access_scope_analyses_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeNetworkInsightsAccessScopeAnalyses&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/networkInsightsAccessScopeAnalysisSet/item + openAPIDocKey: '200' + id: aws.ec2_api.network_insights_access_scope_analyses + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/network_insights_access_scope_analyses/methods/network_insights_access_scope_analyses_Describe' + update: [] + title: network_insights_access_scope_analyses + network_insights_access_scope_analysis: + name: network_insights_access_scope_analysis + methods: + network_insights_access_scope_analysis_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteNetworkInsightsAccessScopeAnalysis&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + network_insights_access_scope_analysis_Start: + operation: + $ref: '#/paths/~1?Action=StartNetworkInsightsAccessScopeAnalysis&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.network_insights_access_scope_analysis + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/network_insights_access_scope_analysis/methods/network_insights_access_scope_analysis_Delete' + insert: [] + select: [] + update: [] + title: network_insights_access_scope_analysis + network_insights_access_scope_analysis_findings: + name: network_insights_access_scope_analysis_findings + methods: + network_insights_access_scope_analysis_findings_Get: + operation: + $ref: '#/paths/~1?Action=GetNetworkInsightsAccessScopeAnalysisFindings&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/analysisFindingSet/item + openAPIDocKey: '200' + id: aws.ec2_api.network_insights_access_scope_analysis_findings + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/network_insights_access_scope_analysis_findings/methods/network_insights_access_scope_analysis_findings_Get' + update: [] + title: network_insights_access_scope_analysis_findings + network_insights_access_scope_content: + name: network_insights_access_scope_content + methods: + network_insights_access_scope_content_Get: + operation: + $ref: '#/paths/~1?Action=GetNetworkInsightsAccessScopeContent&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.network_insights_access_scope_content + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/network_insights_access_scope_content/methods/network_insights_access_scope_content_Get' + update: [] + title: network_insights_access_scope_content + network_insights_access_scopes: + name: network_insights_access_scopes + methods: + network_insights_access_scope_Create: + operation: + $ref: '#/paths/~1?Action=CreateNetworkInsightsAccessScope&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + network_insights_access_scope_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteNetworkInsightsAccessScope&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + network_insights_access_scopes_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeNetworkInsightsAccessScopes&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/networkInsightsAccessScopeSet/item + openAPIDocKey: '200' + id: aws.ec2_api.network_insights_access_scopes + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/network_insights_access_scopes/methods/network_insights_access_scope_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/network_insights_access_scopes/methods/network_insights_access_scope_Create' + select: + - $ref: '#/components/x-stackQL-resources/network_insights_access_scopes/methods/network_insights_access_scopes_Describe' + update: [] + title: network_insights_access_scopes + network_insights_analyses: + name: network_insights_analyses + methods: + network_insights_analyses_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeNetworkInsightsAnalyses&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/networkInsightsAnalysisSet/item + openAPIDocKey: '200' + id: aws.ec2_api.network_insights_analyses + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/network_insights_analyses/methods/network_insights_analyses_Describe' + update: [] + title: network_insights_analyses + network_insights_analysis: + name: network_insights_analysis + methods: + network_insights_analysis_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteNetworkInsightsAnalysis&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + network_insights_analysis_Start: + operation: + $ref: '#/paths/~1?Action=StartNetworkInsightsAnalysis&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.network_insights_analysis + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/network_insights_analysis/methods/network_insights_analysis_Delete' + insert: [] + select: [] + update: [] + title: network_insights_analysis + network_insights_paths: + name: network_insights_paths + methods: + network_insights_path_Create: + operation: + $ref: '#/paths/~1?Action=CreateNetworkInsightsPath&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + network_insights_path_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteNetworkInsightsPath&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + network_insights_paths_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeNetworkInsightsPaths&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/networkInsightsPathSet/item + openAPIDocKey: '200' + id: aws.ec2_api.network_insights_paths + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/network_insights_paths/methods/network_insights_path_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/network_insights_paths/methods/network_insights_path_Create' + select: + - $ref: '#/components/x-stackQL-resources/network_insights_paths/methods/network_insights_paths_Describe' + update: [] + title: network_insights_paths + network_interface_attribute: + name: network_interface_attribute + methods: + network_interface_attribute_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeNetworkInterfaceAttribute&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + network_interface_attribute_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyNetworkInterfaceAttribute&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + network_interface_attribute_Reset: + operation: + $ref: '#/paths/~1?Action=ResetNetworkInterfaceAttribute&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.network_interface_attribute + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/network_interface_attribute/methods/network_interface_attribute_Describe' + update: [] + title: network_interface_attribute + network_interface_permissions: + name: network_interface_permissions + methods: + network_interface_permission_Create: + operation: + $ref: '#/paths/~1?Action=CreateNetworkInterfacePermission&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + network_interface_permission_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteNetworkInterfacePermission&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + network_interface_permissions_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeNetworkInterfacePermissions&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/networkInterfacePermissions/item + openAPIDocKey: '200' + id: aws.ec2_api.network_interface_permissions + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/network_interface_permissions/methods/network_interface_permission_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/network_interface_permissions/methods/network_interface_permission_Create' + select: + - $ref: '#/components/x-stackQL-resources/network_interface_permissions/methods/network_interface_permissions_Describe' + update: [] + title: network_interface_permissions + network_interfaces: + name: network_interfaces + methods: + network_interface_Attach: + operation: + $ref: '#/paths/~1?Action=AttachNetworkInterface&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + network_interface_Create: + operation: + $ref: '#/paths/~1?Action=CreateNetworkInterface&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + network_interface_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteNetworkInterface&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + network_interface_Detach: + operation: + $ref: '#/paths/~1?Action=DetachNetworkInterface&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + network_interfaces_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeNetworkInterfaces&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/networkInterfaceSet/item + openAPIDocKey: '200' + id: aws.ec2_api.network_interfaces + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/network_interfaces/methods/network_interface_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/network_interfaces/methods/network_interface_Create' + select: + - $ref: '#/components/x-stackQL-resources/network_interfaces/methods/network_interfaces_Describe' + update: [] + title: network_interfaces + password_data: + name: password_data + methods: + password_data_Get: + operation: + $ref: '#/paths/~1?Action=GetPasswordData&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.password_data + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/password_data/methods/password_data_Get' + update: [] + title: password_data + placement_groups: + name: placement_groups + methods: + placement_group_Create: + operation: + $ref: '#/paths/~1?Action=CreatePlacementGroup&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + placement_group_Delete: + operation: + $ref: '#/paths/~1?Action=DeletePlacementGroup&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + placement_groups_Describe: + operation: + $ref: '#/paths/~1?Action=DescribePlacementGroups&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/placementGroupSet/item + openAPIDocKey: '200' + id: aws.ec2_api.placement_groups + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/placement_groups/methods/placement_group_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/placement_groups/methods/placement_group_Create' + select: + - $ref: '#/components/x-stackQL-resources/placement_groups/methods/placement_groups_Describe' + update: [] + title: placement_groups + prefix_lists: + name: prefix_lists + methods: + prefix_lists_Describe: + operation: + $ref: '#/paths/~1?Action=DescribePrefixLists&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/prefixListSet/item + openAPIDocKey: '200' + id: aws.ec2_api.prefix_lists + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/prefix_lists/methods/prefix_lists_Describe' + update: [] + title: prefix_lists + principal_id_format: + name: principal_id_format + methods: + principal_id_format_Describe: + operation: + $ref: '#/paths/~1?Action=DescribePrincipalIdFormat&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/principalSet/item + openAPIDocKey: '200' + id: aws.ec2_api.principal_id_format + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/principal_id_format/methods/principal_id_format_Describe' + update: [] + title: principal_id_format + private_dns_name_options: + name: private_dns_name_options + methods: + private_dns_name_options_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyPrivateDnsNameOptions&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.private_dns_name_options + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: private_dns_name_options + private_ip_addresses: + name: private_ip_addresses + methods: + private_ip_addresses_Assign: + operation: + $ref: '#/paths/~1?Action=AssignPrivateIpAddresses&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + private_ip_addresses_Unassign: + operation: + $ref: '#/paths/~1?Action=UnassignPrivateIpAddresses&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.private_ip_addresses + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: private_ip_addresses + product_instance: + name: product_instance + methods: + product_instance_Confirm: + operation: + $ref: '#/paths/~1?Action=ConfirmProductInstance&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.product_instance + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: product_instance + public_ipv4_pool_cidr: + name: public_ipv4_pool_cidr + methods: + public_ipv4_pool_cidr_Deprovision: + operation: + $ref: '#/paths/~1?Action=DeprovisionPublicIpv4PoolCidr&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + public_ipv4_pool_cidr_Provision: + operation: + $ref: '#/paths/~1?Action=ProvisionPublicIpv4PoolCidr&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.public_ipv4_pool_cidr + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: public_ipv4_pool_cidr + public_ipv4_pools: + name: public_ipv4_pools + methods: + public_ipv4_pool_Create: + operation: + $ref: '#/paths/~1?Action=CreatePublicIpv4Pool&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + public_ipv4_pool_Delete: + operation: + $ref: '#/paths/~1?Action=DeletePublicIpv4Pool&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + public_ipv4_pools_Describe: + operation: + $ref: '#/paths/~1?Action=DescribePublicIpv4Pools&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/publicIpv4PoolSet/item + openAPIDocKey: '200' + id: aws.ec2_api.public_ipv4_pools + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/public_ipv4_pools/methods/public_ipv4_pool_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/public_ipv4_pools/methods/public_ipv4_pool_Create' + select: + - $ref: '#/components/x-stackQL-resources/public_ipv4_pools/methods/public_ipv4_pools_Describe' + update: [] + title: public_ipv4_pools + queued_reserved_instances: + name: queued_reserved_instances + methods: + queued_reserved_instances_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteQueuedReservedInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.queued_reserved_instances + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/queued_reserved_instances/methods/queued_reserved_instances_Delete' + insert: [] + select: [] + update: [] + title: queued_reserved_instances + regions: + name: regions + methods: + regions_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeRegions&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/regionInfo/item + openAPIDocKey: '200' + id: aws.ec2_api.regions + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/regions/methods/regions_Describe' + update: [] + title: regions + replace_root_volume_tasks: + name: replace_root_volume_tasks + methods: + replace_root_volume_task_Create: + operation: + $ref: '#/paths/~1?Action=CreateReplaceRootVolumeTask&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + replace_root_volume_tasks_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeReplaceRootVolumeTasks&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/replaceRootVolumeTaskSet/item + openAPIDocKey: '200' + id: aws.ec2_api.replace_root_volume_tasks + sqlVerbs: + delete: [] + insert: + - $ref: '#/components/x-stackQL-resources/replace_root_volume_tasks/methods/replace_root_volume_task_Create' + select: + - $ref: '#/components/x-stackQL-resources/replace_root_volume_tasks/methods/replace_root_volume_tasks_Describe' + update: [] + title: replace_root_volume_tasks + reserved_instances: + name: reserved_instances + methods: + reserved_instances_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeReservedInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/reservedInstancesSet/item + openAPIDocKey: '200' + reserved_instances_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyReservedInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.reserved_instances + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/reserved_instances/methods/reserved_instances_Describe' + update: [] + title: reserved_instances + reserved_instances_exchange_quote: + name: reserved_instances_exchange_quote + methods: + reserved_instances_exchange_quote_Accept: + operation: + $ref: '#/paths/~1?Action=AcceptReservedInstancesExchangeQuote&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + reserved_instances_exchange_quote_Get: + operation: + $ref: '#/paths/~1?Action=GetReservedInstancesExchangeQuote&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.reserved_instances_exchange_quote + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/reserved_instances_exchange_quote/methods/reserved_instances_exchange_quote_Get' + update: [] + title: reserved_instances_exchange_quote + reserved_instances_listings: + name: reserved_instances_listings + methods: + reserved_instances_listing_Cancel: + operation: + $ref: '#/paths/~1?Action=CancelReservedInstancesListing&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + reserved_instances_listing_Create: + operation: + $ref: '#/paths/~1?Action=CreateReservedInstancesListing&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + reserved_instances_listings_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeReservedInstancesListings&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/reservedInstancesListingsSet/item + openAPIDocKey: '200' + id: aws.ec2_api.reserved_instances_listings + sqlVerbs: + delete: [] + insert: + - $ref: '#/components/x-stackQL-resources/reserved_instances_listings/methods/reserved_instances_listing_Create' + select: + - $ref: '#/components/x-stackQL-resources/reserved_instances_listings/methods/reserved_instances_listings_Describe' + update: [] + title: reserved_instances_listings + reserved_instances_modifications: + name: reserved_instances_modifications + methods: + reserved_instances_modifications_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeReservedInstancesModifications&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/reservedInstancesModificationsSet/item + openAPIDocKey: '200' + id: aws.ec2_api.reserved_instances_modifications + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/reserved_instances_modifications/methods/reserved_instances_modifications_Describe' + update: [] + title: reserved_instances_modifications + reserved_instances_offerings: + name: reserved_instances_offerings + methods: + reserved_instances_offering_Purchase: + operation: + $ref: '#/paths/~1?Action=PurchaseReservedInstancesOffering&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + reserved_instances_offerings_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeReservedInstancesOfferings&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/reservedInstancesOfferingsSet/item + openAPIDocKey: '200' + id: aws.ec2_api.reserved_instances_offerings + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/reserved_instances_offerings/methods/reserved_instances_offerings_Describe' + update: [] + title: reserved_instances_offerings + restore_image_task: + name: restore_image_task + methods: + restore_image_task_Create: + operation: + $ref: '#/paths/~1?Action=CreateRestoreImageTask&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.restore_image_task + sqlVerbs: + delete: [] + insert: + - $ref: '#/components/x-stackQL-resources/restore_image_task/methods/restore_image_task_Create' + select: [] + update: [] + title: restore_image_task + route: + name: route + methods: + route_Create: + operation: + $ref: '#/paths/~1?Action=CreateRoute&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + route_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteRoute&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + route_Replace: + operation: + $ref: '#/paths/~1?Action=ReplaceRoute&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.route + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/route/methods/route_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/route/methods/route_Create' + select: [] + update: [] + title: route + route_table_association: + name: route_table_association + methods: + route_table_association_Replace: + operation: + $ref: '#/paths/~1?Action=ReplaceRouteTableAssociation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.route_table_association + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: route_table_association + route_tables: + name: route_tables + methods: + route_table_Associate: + operation: + $ref: '#/paths/~1?Action=AssociateRouteTable&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + route_table_Create: + operation: + $ref: '#/paths/~1?Action=CreateRouteTable&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + route_table_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteRouteTable&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + route_table_Disassociate: + operation: + $ref: '#/paths/~1?Action=DisassociateRouteTable&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + route_tables_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeRouteTables&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/routeTableSet/item + openAPIDocKey: '200' + id: aws.ec2_api.route_tables + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/route_tables/methods/route_table_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/route_tables/methods/route_table_Create' + select: + - $ref: '#/components/x-stackQL-resources/route_tables/methods/route_tables_Describe' + update: [] + title: route_tables + scheduled_instance_availability: + name: scheduled_instance_availability + methods: + scheduled_instance_availability_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeScheduledInstanceAvailability&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/scheduledInstanceAvailabilitySet/item + openAPIDocKey: '200' + id: aws.ec2_api.scheduled_instance_availability + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/scheduled_instance_availability/methods/scheduled_instance_availability_Describe' + update: [] + title: scheduled_instance_availability + scheduled_instances: + name: scheduled_instances + methods: + scheduled_instances_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeScheduledInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/scheduledInstanceSet/item + openAPIDocKey: '200' + scheduled_instances_Purchase: + operation: + $ref: '#/paths/~1?Action=PurchaseScheduledInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + scheduled_instances_Run: + operation: + $ref: '#/paths/~1?Action=RunScheduledInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.scheduled_instances + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/scheduled_instances/methods/scheduled_instances_Describe' + update: [] + title: scheduled_instances + security_group_egress: + name: security_group_egress + methods: + security_group_egress_Authorize: + operation: + $ref: '#/paths/~1?Action=AuthorizeSecurityGroupEgress&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + security_group_egress_Revoke: + operation: + $ref: '#/paths/~1?Action=RevokeSecurityGroupEgress&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.security_group_egress + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: security_group_egress + security_group_ingress: + name: security_group_ingress + methods: + security_group_ingress_Authorize: + operation: + $ref: '#/paths/~1?Action=AuthorizeSecurityGroupIngress&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + security_group_ingress_Revoke: + operation: + $ref: '#/paths/~1?Action=RevokeSecurityGroupIngress&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.security_group_ingress + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: security_group_ingress + security_group_references: + name: security_group_references + methods: + security_group_references_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeSecurityGroupReferences&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/securityGroupReferenceSet/item + openAPIDocKey: '200' + id: aws.ec2_api.security_group_references + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/security_group_references/methods/security_group_references_Describe' + update: [] + title: security_group_references + security_group_rule_descriptions_egress: + name: security_group_rule_descriptions_egress + methods: + security_group_rule_descriptions_egress_Update: + operation: + $ref: '#/paths/~1?Action=UpdateSecurityGroupRuleDescriptionsEgress&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.security_group_rule_descriptions_egress + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: security_group_rule_descriptions_egress + security_group_rule_descriptions_ingress: + name: security_group_rule_descriptions_ingress + methods: + security_group_rule_descriptions_ingress_Update: + operation: + $ref: '#/paths/~1?Action=UpdateSecurityGroupRuleDescriptionsIngress&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.security_group_rule_descriptions_ingress + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: security_group_rule_descriptions_ingress + security_group_rules: + name: security_group_rules + methods: + security_group_rules_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeSecurityGroupRules&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/securityGroupRuleSet/item + openAPIDocKey: '200' + security_group_rules_Modify: + operation: + $ref: '#/paths/~1?Action=ModifySecurityGroupRules&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.security_group_rules + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/security_group_rules/methods/security_group_rules_Describe' + update: [] + title: security_group_rules + security_groups: + name: security_groups + methods: + security_group_Create: + operation: + $ref: '#/paths/~1?Action=CreateSecurityGroup&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + security_group_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteSecurityGroup&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + security_groups_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeSecurityGroups&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/securityGroupInfo/item + openAPIDocKey: '200' + id: aws.ec2_api.security_groups + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/security_groups/methods/security_group_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/security_groups/methods/security_group_Create' + select: + - $ref: '#/components/x-stackQL-resources/security_groups/methods/security_groups_Describe' + update: [] + title: security_groups + security_groups_to_client_vpn_target_network: + name: security_groups_to_client_vpn_target_network + methods: + security_groups_to_client_vpn_target_network_Apply: + operation: + $ref: '#/paths/~1?Action=ApplySecurityGroupsToClientVpnTargetNetwork&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.security_groups_to_client_vpn_target_network + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: security_groups_to_client_vpn_target_network + serial_console_access: + name: serial_console_access + methods: + serial_console_access_Disable: + operation: + $ref: '#/paths/~1?Action=DisableSerialConsoleAccess&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + serial_console_access_Enable: + operation: + $ref: '#/paths/~1?Action=EnableSerialConsoleAccess&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.serial_console_access + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: serial_console_access + serial_console_access_status: + name: serial_console_access_status + methods: + serial_console_access_status_Get: + operation: + $ref: '#/paths/~1?Action=GetSerialConsoleAccessStatus&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.serial_console_access_status + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/serial_console_access_status/methods/serial_console_access_status_Get' + update: [] + title: serial_console_access_status + snapshot_attribute: + name: snapshot_attribute + methods: + snapshot_attribute_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeSnapshotAttribute&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + snapshot_attribute_Modify: + operation: + $ref: '#/paths/~1?Action=ModifySnapshotAttribute&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + snapshot_attribute_Reset: + operation: + $ref: '#/paths/~1?Action=ResetSnapshotAttribute&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.snapshot_attribute + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/snapshot_attribute/methods/snapshot_attribute_Describe' + update: [] + title: snapshot_attribute + snapshot_from_recycle_bin: + name: snapshot_from_recycle_bin + methods: + snapshot_from_recycle_bin_Restore: + operation: + $ref: '#/paths/~1?Action=RestoreSnapshotFromRecycleBin&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.snapshot_from_recycle_bin + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: snapshot_from_recycle_bin + snapshot_tier: + name: snapshot_tier + methods: + snapshot_tier_Modify: + operation: + $ref: '#/paths/~1?Action=ModifySnapshotTier&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + snapshot_tier_Restore: + operation: + $ref: '#/paths/~1?Action=RestoreSnapshotTier&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.snapshot_tier + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: snapshot_tier + snapshot_tier_status: + name: snapshot_tier_status + methods: + snapshot_tier_status_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeSnapshotTierStatus&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/snapshotTierStatusSet/item + openAPIDocKey: '200' + id: aws.ec2_api.snapshot_tier_status + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/snapshot_tier_status/methods/snapshot_tier_status_Describe' + update: [] + title: snapshot_tier_status + snapshots: + name: snapshots + methods: + snapshot_Copy: + operation: + $ref: '#/paths/~1?Action=CopySnapshot&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + snapshot_Create: + operation: + $ref: '#/paths/~1?Action=CreateSnapshot&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + snapshot_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteSnapshot&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + snapshot_Import: + operation: + $ref: '#/paths/~1?Action=ImportSnapshot&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + snapshots_Create: + operation: + $ref: '#/paths/~1?Action=CreateSnapshots&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + snapshots_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeSnapshots&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/snapshotSet/item + openAPIDocKey: '200' + id: aws.ec2_api.snapshots + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/snapshots/methods/snapshot_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/snapshots/methods/snapshot_Create' + - $ref: '#/components/x-stackQL-resources/snapshots/methods/snapshots_Create' + select: + - $ref: '#/components/x-stackQL-resources/snapshots/methods/snapshots_Describe' + update: [] + title: snapshots + snapshots_in_recycle_bin: + name: snapshots_in_recycle_bin + methods: + snapshots_in_recycle_bin_List: + operation: + $ref: '#/paths/~1?Action=ListSnapshotsInRecycleBin&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/snapshotSet/item + openAPIDocKey: '200' + id: aws.ec2_api.snapshots_in_recycle_bin + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/snapshots_in_recycle_bin/methods/snapshots_in_recycle_bin_List' + update: [] + title: snapshots_in_recycle_bin + spot_datafeed_subscription: + name: spot_datafeed_subscription + methods: + spot_datafeed_subscription_Create: + operation: + $ref: '#/paths/~1?Action=CreateSpotDatafeedSubscription&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + spot_datafeed_subscription_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteSpotDatafeedSubscription&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + spot_datafeed_subscription_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeSpotDatafeedSubscription&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/spotDatafeedSubscription/* + openAPIDocKey: '200' + id: aws.ec2_api.spot_datafeed_subscription + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/spot_datafeed_subscription/methods/spot_datafeed_subscription_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/spot_datafeed_subscription/methods/spot_datafeed_subscription_Create' + select: + - $ref: '#/components/x-stackQL-resources/spot_datafeed_subscription/methods/spot_datafeed_subscription_Describe' + update: [] + title: spot_datafeed_subscription + spot_fleet: + name: spot_fleet + methods: + spot_fleet_Request: + operation: + $ref: '#/paths/~1?Action=RequestSpotFleet&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.spot_fleet + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: spot_fleet + spot_fleet_instances: + name: spot_fleet_instances + methods: + spot_fleet_instances_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeSpotFleetInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/activeInstanceSet/item + openAPIDocKey: '200' + id: aws.ec2_api.spot_fleet_instances + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/spot_fleet_instances/methods/spot_fleet_instances_Describe' + update: [] + title: spot_fleet_instances + spot_fleet_request_history: + name: spot_fleet_request_history + methods: + spot_fleet_request_history_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeSpotFleetRequestHistory&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/historyRecordSet/item + openAPIDocKey: '200' + id: aws.ec2_api.spot_fleet_request_history + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/spot_fleet_request_history/methods/spot_fleet_request_history_Describe' + update: [] + title: spot_fleet_request_history + spot_fleet_requests: + name: spot_fleet_requests + methods: + spot_fleet_request_Modify: + operation: + $ref: '#/paths/~1?Action=ModifySpotFleetRequest&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + spot_fleet_requests_Cancel: + operation: + $ref: '#/paths/~1?Action=CancelSpotFleetRequests&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + spot_fleet_requests_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeSpotFleetRequests&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/spotFleetRequestConfigSet/item + openAPIDocKey: '200' + id: aws.ec2_api.spot_fleet_requests + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/spot_fleet_requests/methods/spot_fleet_requests_Describe' + update: [] + title: spot_fleet_requests + spot_instance_requests: + name: spot_instance_requests + methods: + spot_instance_requests_Cancel: + operation: + $ref: '#/paths/~1?Action=CancelSpotInstanceRequests&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + spot_instance_requests_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeSpotInstanceRequests&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/spotInstanceRequestSet/item + openAPIDocKey: '200' + id: aws.ec2_api.spot_instance_requests + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/spot_instance_requests/methods/spot_instance_requests_Describe' + update: [] + title: spot_instance_requests + spot_instances: + name: spot_instances + methods: + spot_instances_Request: + operation: + $ref: '#/paths/~1?Action=RequestSpotInstances&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.spot_instances + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: spot_instances + spot_placement_scores: + name: spot_placement_scores + methods: + spot_placement_scores_Get: + operation: + $ref: '#/paths/~1?Action=GetSpotPlacementScores&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/spotPlacementScoreSet/item + openAPIDocKey: '200' + id: aws.ec2_api.spot_placement_scores + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/spot_placement_scores/methods/spot_placement_scores_Get' + update: [] + title: spot_placement_scores + spot_price_history: + name: spot_price_history + methods: + spot_price_history_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeSpotPriceHistory&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/spotPriceHistorySet/item + openAPIDocKey: '200' + id: aws.ec2_api.spot_price_history + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/spot_price_history/methods/spot_price_history_Describe' + update: [] + title: spot_price_history + stale_security_groups: + name: stale_security_groups + methods: + stale_security_groups_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeStaleSecurityGroups&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/staleSecurityGroupSet/item + openAPIDocKey: '200' + id: aws.ec2_api.stale_security_groups + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/stale_security_groups/methods/stale_security_groups_Describe' + update: [] + title: stale_security_groups + store_image_tasks: + name: store_image_tasks + methods: + store_image_task_Create: + operation: + $ref: '#/paths/~1?Action=CreateStoreImageTask&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + store_image_tasks_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeStoreImageTasks&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/storeImageTaskResultSet/item + openAPIDocKey: '200' + id: aws.ec2_api.store_image_tasks + sqlVerbs: + delete: [] + insert: + - $ref: '#/components/x-stackQL-resources/store_image_tasks/methods/store_image_task_Create' + select: + - $ref: '#/components/x-stackQL-resources/store_image_tasks/methods/store_image_tasks_Describe' + update: [] + title: store_image_tasks + subnet_attribute: + name: subnet_attribute + methods: + subnet_attribute_Modify: + operation: + $ref: '#/paths/~1?Action=ModifySubnetAttribute&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.subnet_attribute + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: subnet_attribute + subnet_cidr_block: + name: subnet_cidr_block + methods: + subnet_cidr_block_Associate: + operation: + $ref: '#/paths/~1?Action=AssociateSubnetCidrBlock&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + subnet_cidr_block_Disassociate: + operation: + $ref: '#/paths/~1?Action=DisassociateSubnetCidrBlock&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.subnet_cidr_block + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: subnet_cidr_block + subnet_cidr_reservations: + name: subnet_cidr_reservations + methods: + subnet_cidr_reservation_Create: + operation: + $ref: '#/paths/~1?Action=CreateSubnetCidrReservation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + subnet_cidr_reservation_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteSubnetCidrReservation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + subnet_cidr_reservations_Get: + operation: + $ref: '#/paths/~1?Action=GetSubnetCidrReservations&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.subnet_cidr_reservations + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/subnet_cidr_reservations/methods/subnet_cidr_reservation_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/subnet_cidr_reservations/methods/subnet_cidr_reservation_Create' + select: + - $ref: '#/components/x-stackQL-resources/subnet_cidr_reservations/methods/subnet_cidr_reservations_Get' + update: [] + title: subnet_cidr_reservations + subnets: + name: subnets + methods: + subnet_Create: + operation: + $ref: '#/paths/~1?Action=CreateSubnet&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + subnet_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteSubnet&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + subnets_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeSubnets&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/subnetSet/item + openAPIDocKey: '200' + id: aws.ec2_api.subnets + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/subnets/methods/subnet_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/subnets/methods/subnet_Create' + select: + - $ref: '#/components/x-stackQL-resources/subnets/methods/subnets_Describe' + update: [] + title: subnets + tags: + name: tags + methods: + tags_Create: + operation: + $ref: '#/paths/~1?Action=CreateTags&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + tags_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteTags&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + tags_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeTags&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/tagSet/item + openAPIDocKey: '200' + id: aws.ec2_api.tags + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/tags/methods/tags_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/tags/methods/tags_Create' + select: + - $ref: '#/components/x-stackQL-resources/tags/methods/tags_Describe' + update: [] + title: tags + traffic_mirror_filter_network_services: + name: traffic_mirror_filter_network_services + methods: + traffic_mirror_filter_network_services_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyTrafficMirrorFilterNetworkServices&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.traffic_mirror_filter_network_services + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: traffic_mirror_filter_network_services + traffic_mirror_filter_rule: + name: traffic_mirror_filter_rule + methods: + traffic_mirror_filter_rule_Create: + operation: + $ref: '#/paths/~1?Action=CreateTrafficMirrorFilterRule&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + traffic_mirror_filter_rule_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteTrafficMirrorFilterRule&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + traffic_mirror_filter_rule_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyTrafficMirrorFilterRule&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.traffic_mirror_filter_rule + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/traffic_mirror_filter_rule/methods/traffic_mirror_filter_rule_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/traffic_mirror_filter_rule/methods/traffic_mirror_filter_rule_Create' + select: [] + update: [] + title: traffic_mirror_filter_rule + traffic_mirror_filters: + name: traffic_mirror_filters + methods: + traffic_mirror_filter_Create: + operation: + $ref: '#/paths/~1?Action=CreateTrafficMirrorFilter&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + traffic_mirror_filter_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteTrafficMirrorFilter&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + traffic_mirror_filters_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeTrafficMirrorFilters&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/trafficMirrorFilterSet/item + openAPIDocKey: '200' + id: aws.ec2_api.traffic_mirror_filters + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/traffic_mirror_filters/methods/traffic_mirror_filter_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/traffic_mirror_filters/methods/traffic_mirror_filter_Create' + select: + - $ref: '#/components/x-stackQL-resources/traffic_mirror_filters/methods/traffic_mirror_filters_Describe' + update: [] + title: traffic_mirror_filters + traffic_mirror_sessions: + name: traffic_mirror_sessions + methods: + traffic_mirror_session_Create: + operation: + $ref: '#/paths/~1?Action=CreateTrafficMirrorSession&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + traffic_mirror_session_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteTrafficMirrorSession&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + traffic_mirror_session_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyTrafficMirrorSession&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + traffic_mirror_sessions_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeTrafficMirrorSessions&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/trafficMirrorSessionSet/item + openAPIDocKey: '200' + id: aws.ec2_api.traffic_mirror_sessions + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/traffic_mirror_sessions/methods/traffic_mirror_session_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/traffic_mirror_sessions/methods/traffic_mirror_session_Create' + select: + - $ref: '#/components/x-stackQL-resources/traffic_mirror_sessions/methods/traffic_mirror_sessions_Describe' + update: [] + title: traffic_mirror_sessions + traffic_mirror_targets: + name: traffic_mirror_targets + methods: + traffic_mirror_target_Create: + operation: + $ref: '#/paths/~1?Action=CreateTrafficMirrorTarget&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + traffic_mirror_target_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteTrafficMirrorTarget&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + traffic_mirror_targets_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeTrafficMirrorTargets&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/trafficMirrorTargetSet/item + openAPIDocKey: '200' + id: aws.ec2_api.traffic_mirror_targets + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/traffic_mirror_targets/methods/traffic_mirror_target_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/traffic_mirror_targets/methods/traffic_mirror_target_Create' + select: + - $ref: '#/components/x-stackQL-resources/traffic_mirror_targets/methods/traffic_mirror_targets_Describe' + update: [] + title: traffic_mirror_targets + transit_gateway_attachment_propagations: + name: transit_gateway_attachment_propagations + methods: + transit_gateway_attachment_propagations_Get: + operation: + $ref: '#/paths/~1?Action=GetTransitGatewayAttachmentPropagations&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/transitGatewayAttachmentPropagations/item + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_attachment_propagations + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/transit_gateway_attachment_propagations/methods/transit_gateway_attachment_propagations_Get' + update: [] + title: transit_gateway_attachment_propagations + transit_gateway_attachments: + name: transit_gateway_attachments + methods: + transit_gateway_attachments_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeTransitGatewayAttachments&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/transitGatewayAttachments/item + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_attachments + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/transit_gateway_attachments/methods/transit_gateway_attachments_Describe' + update: [] + title: transit_gateway_attachments + transit_gateway_connect_peers: + name: transit_gateway_connect_peers + methods: + transit_gateway_connect_peer_Create: + operation: + $ref: '#/paths/~1?Action=CreateTransitGatewayConnectPeer&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_connect_peer_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteTransitGatewayConnectPeer&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_connect_peers_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeTransitGatewayConnectPeers&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/transitGatewayConnectPeerSet/item + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_connect_peers + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/transit_gateway_connect_peers/methods/transit_gateway_connect_peer_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/transit_gateway_connect_peers/methods/transit_gateway_connect_peer_Create' + select: + - $ref: '#/components/x-stackQL-resources/transit_gateway_connect_peers/methods/transit_gateway_connect_peers_Describe' + update: [] + title: transit_gateway_connect_peers + transit_gateway_connects: + name: transit_gateway_connects + methods: + transit_gateway_connect_Create: + operation: + $ref: '#/paths/~1?Action=CreateTransitGatewayConnect&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_connect_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteTransitGatewayConnect&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_connects_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeTransitGatewayConnects&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/transitGatewayConnectSet/item + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_connects + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/transit_gateway_connects/methods/transit_gateway_connect_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/transit_gateway_connects/methods/transit_gateway_connect_Create' + select: + - $ref: '#/components/x-stackQL-resources/transit_gateway_connects/methods/transit_gateway_connects_Describe' + update: [] + title: transit_gateway_connects + transit_gateway_multicast_domain_associations: + name: transit_gateway_multicast_domain_associations + methods: + transit_gateway_multicast_domain_associations_Accept: + operation: + $ref: '#/paths/~1?Action=AcceptTransitGatewayMulticastDomainAssociations&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_multicast_domain_associations_Get: + operation: + $ref: '#/paths/~1?Action=GetTransitGatewayMulticastDomainAssociations&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/multicastDomainAssociations/item + openAPIDocKey: '200' + transit_gateway_multicast_domain_associations_Reject: + operation: + $ref: '#/paths/~1?Action=RejectTransitGatewayMulticastDomainAssociations&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_multicast_domain_associations + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/transit_gateway_multicast_domain_associations/methods/transit_gateway_multicast_domain_associations_Get' + update: [] + title: transit_gateway_multicast_domain_associations + transit_gateway_multicast_domains: + name: transit_gateway_multicast_domains + methods: + transit_gateway_multicast_domain_Associate: + operation: + $ref: '#/paths/~1?Action=AssociateTransitGatewayMulticastDomain&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_multicast_domain_Create: + operation: + $ref: '#/paths/~1?Action=CreateTransitGatewayMulticastDomain&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_multicast_domain_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteTransitGatewayMulticastDomain&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_multicast_domain_Disassociate: + operation: + $ref: '#/paths/~1?Action=DisassociateTransitGatewayMulticastDomain&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_multicast_domains_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeTransitGatewayMulticastDomains&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/transitGatewayMulticastDomains/item + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_multicast_domains + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/transit_gateway_multicast_domains/methods/transit_gateway_multicast_domain_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/transit_gateway_multicast_domains/methods/transit_gateway_multicast_domain_Create' + select: + - $ref: '#/components/x-stackQL-resources/transit_gateway_multicast_domains/methods/transit_gateway_multicast_domains_Describe' + update: [] + title: transit_gateway_multicast_domains + transit_gateway_multicast_group_members: + name: transit_gateway_multicast_group_members + methods: + transit_gateway_multicast_group_members_Deregister: + operation: + $ref: '#/paths/~1?Action=DeregisterTransitGatewayMulticastGroupMembers&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_multicast_group_members_Register: + operation: + $ref: '#/paths/~1?Action=RegisterTransitGatewayMulticastGroupMembers&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_multicast_group_members + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: transit_gateway_multicast_group_members + transit_gateway_multicast_group_sources: + name: transit_gateway_multicast_group_sources + methods: + transit_gateway_multicast_group_sources_Deregister: + operation: + $ref: '#/paths/~1?Action=DeregisterTransitGatewayMulticastGroupSources&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_multicast_group_sources_Register: + operation: + $ref: '#/paths/~1?Action=RegisterTransitGatewayMulticastGroupSources&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_multicast_group_sources + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: transit_gateway_multicast_group_sources + transit_gateway_multicast_groups: + name: transit_gateway_multicast_groups + methods: + transit_gateway_multicast_groups_Search: + operation: + $ref: '#/paths/~1?Action=SearchTransitGatewayMulticastGroups&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_multicast_groups + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: transit_gateway_multicast_groups + transit_gateway_peering_attachments: + name: transit_gateway_peering_attachments + methods: + transit_gateway_peering_attachment_Accept: + operation: + $ref: '#/paths/~1?Action=AcceptTransitGatewayPeeringAttachment&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_peering_attachment_Create: + operation: + $ref: '#/paths/~1?Action=CreateTransitGatewayPeeringAttachment&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_peering_attachment_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteTransitGatewayPeeringAttachment&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_peering_attachment_Reject: + operation: + $ref: '#/paths/~1?Action=RejectTransitGatewayPeeringAttachment&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_peering_attachments_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeTransitGatewayPeeringAttachments&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/transitGatewayPeeringAttachments/item + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_peering_attachments + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/transit_gateway_peering_attachments/methods/transit_gateway_peering_attachment_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/transit_gateway_peering_attachments/methods/transit_gateway_peering_attachment_Create' + select: + - $ref: '#/components/x-stackQL-resources/transit_gateway_peering_attachments/methods/transit_gateway_peering_attachments_Describe' + update: [] + title: transit_gateway_peering_attachments + transit_gateway_prefix_list_references: + name: transit_gateway_prefix_list_references + methods: + transit_gateway_prefix_list_reference_Create: + operation: + $ref: '#/paths/~1?Action=CreateTransitGatewayPrefixListReference&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_prefix_list_reference_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteTransitGatewayPrefixListReference&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_prefix_list_reference_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyTransitGatewayPrefixListReference&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_prefix_list_references_Get: + operation: + $ref: '#/paths/~1?Action=GetTransitGatewayPrefixListReferences&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/transitGatewayPrefixListReferenceSet/item + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_prefix_list_references + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/transit_gateway_prefix_list_references/methods/transit_gateway_prefix_list_reference_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/transit_gateway_prefix_list_references/methods/transit_gateway_prefix_list_reference_Create' + select: + - $ref: '#/components/x-stackQL-resources/transit_gateway_prefix_list_references/methods/transit_gateway_prefix_list_references_Get' + update: [] + title: transit_gateway_prefix_list_references + transit_gateway_route_table_associations: + name: transit_gateway_route_table_associations + methods: + transit_gateway_route_table_associations_Get: + operation: + $ref: '#/paths/~1?Action=GetTransitGatewayRouteTableAssociations&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/associations/item + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_route_table_associations + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/transit_gateway_route_table_associations/methods/transit_gateway_route_table_associations_Get' + update: [] + title: transit_gateway_route_table_associations + transit_gateway_route_table_propagations: + name: transit_gateway_route_table_propagations + methods: + transit_gateway_route_table_propagation_Disable: + operation: + $ref: '#/paths/~1?Action=DisableTransitGatewayRouteTablePropagation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_route_table_propagation_Enable: + operation: + $ref: '#/paths/~1?Action=EnableTransitGatewayRouteTablePropagation&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_route_table_propagations_Get: + operation: + $ref: '#/paths/~1?Action=GetTransitGatewayRouteTablePropagations&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/transitGatewayRouteTablePropagations/item + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_route_table_propagations + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/transit_gateway_route_table_propagations/methods/transit_gateway_route_table_propagations_Get' + update: [] + title: transit_gateway_route_table_propagations + transit_gateway_route_tables: + name: transit_gateway_route_tables + methods: + transit_gateway_route_table_Associate: + operation: + $ref: '#/paths/~1?Action=AssociateTransitGatewayRouteTable&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_route_table_Create: + operation: + $ref: '#/paths/~1?Action=CreateTransitGatewayRouteTable&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_route_table_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteTransitGatewayRouteTable&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_route_table_Disassociate: + operation: + $ref: '#/paths/~1?Action=DisassociateTransitGatewayRouteTable&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_route_tables_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeTransitGatewayRouteTables&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/transitGatewayRouteTables/item + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_route_tables + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/transit_gateway_route_tables/methods/transit_gateway_route_table_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/transit_gateway_route_tables/methods/transit_gateway_route_table_Create' + select: + - $ref: '#/components/x-stackQL-resources/transit_gateway_route_tables/methods/transit_gateway_route_tables_Describe' + update: [] + title: transit_gateway_route_tables + transit_gateway_routes: + name: transit_gateway_routes + methods: + transit_gateway_route_Create: + operation: + $ref: '#/paths/~1?Action=CreateTransitGatewayRoute&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_route_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteTransitGatewayRoute&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_route_Replace: + operation: + $ref: '#/paths/~1?Action=ReplaceTransitGatewayRoute&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_routes_Export: + operation: + $ref: '#/paths/~1?Action=ExportTransitGatewayRoutes&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_routes_Search: + operation: + $ref: '#/paths/~1?Action=SearchTransitGatewayRoutes&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_routes + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/transit_gateway_routes/methods/transit_gateway_route_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/transit_gateway_routes/methods/transit_gateway_route_Create' + select: [] + update: [] + title: transit_gateway_routes + transit_gateway_vpc_attachments: + name: transit_gateway_vpc_attachments + methods: + transit_gateway_vpc_attachment_Accept: + operation: + $ref: '#/paths/~1?Action=AcceptTransitGatewayVpcAttachment&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_vpc_attachment_Create: + operation: + $ref: '#/paths/~1?Action=CreateTransitGatewayVpcAttachment&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_vpc_attachment_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteTransitGatewayVpcAttachment&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_vpc_attachment_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyTransitGatewayVpcAttachment&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_vpc_attachment_Reject: + operation: + $ref: '#/paths/~1?Action=RejectTransitGatewayVpcAttachment&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_vpc_attachments_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeTransitGatewayVpcAttachments&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/transitGatewayVpcAttachments/item + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateway_vpc_attachments + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/transit_gateway_vpc_attachments/methods/transit_gateway_vpc_attachment_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/transit_gateway_vpc_attachments/methods/transit_gateway_vpc_attachment_Create' + select: + - $ref: '#/components/x-stackQL-resources/transit_gateway_vpc_attachments/methods/transit_gateway_vpc_attachments_Describe' + update: [] + title: transit_gateway_vpc_attachments + transit_gateways: + name: transit_gateways + methods: + transit_gateway_Create: + operation: + $ref: '#/paths/~1?Action=CreateTransitGateway&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteTransitGateway&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateway_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyTransitGateway&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + transit_gateways_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeTransitGateways&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/transitGatewaySet/item + openAPIDocKey: '200' + id: aws.ec2_api.transit_gateways + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/transit_gateways/methods/transit_gateway_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/transit_gateways/methods/transit_gateway_Create' + select: + - $ref: '#/components/x-stackQL-resources/transit_gateways/methods/transit_gateways_Describe' + update: [] + title: transit_gateways + trunk_interface: + name: trunk_interface + methods: + trunk_interface_Associate: + operation: + $ref: '#/paths/~1?Action=AssociateTrunkInterface&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + trunk_interface_Disassociate: + operation: + $ref: '#/paths/~1?Action=DisassociateTrunkInterface&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.trunk_interface + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: trunk_interface + trunk_interface_associations: + name: trunk_interface_associations + methods: + trunk_interface_associations_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeTrunkInterfaceAssociations&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/interfaceAssociationSet/item + openAPIDocKey: '200' + id: aws.ec2_api.trunk_interface_associations + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/trunk_interface_associations/methods/trunk_interface_associations_Describe' + update: [] + title: trunk_interface_associations + vgw_route_propagation: + name: vgw_route_propagation + methods: + vgw_route_propagation_Disable: + operation: + $ref: '#/paths/~1?Action=DisableVgwRoutePropagation&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + vgw_route_propagation_Enable: + operation: + $ref: '#/paths/~1?Action=EnableVgwRoutePropagation&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.vgw_route_propagation + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: vgw_route_propagation + volume_attribute: + name: volume_attribute + methods: + volume_attribute_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVolumeAttribute&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + volume_attribute_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyVolumeAttribute&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.volume_attribute + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/volume_attribute/methods/volume_attribute_Describe' + update: [] + title: volume_attribute + volume_i_o: + name: volume_i_o + methods: + volume_i_o_Enable: + operation: + $ref: '#/paths/~1?Action=EnableVolumeIO&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.volume_i_o + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: volume_i_o + volume_status: + name: volume_status + methods: + volume_status_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVolumeStatus&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/volumeStatusSet/item + openAPIDocKey: '200' + id: aws.ec2_api.volume_status + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/volume_status/methods/volume_status_Describe' + update: [] + title: volume_status + volumes: + name: volumes + methods: + volume_Attach: + operation: + $ref: '#/paths/~1?Action=AttachVolume&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + volume_Create: + operation: + $ref: '#/paths/~1?Action=CreateVolume&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + volume_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteVolume&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + volume_Detach: + operation: + $ref: '#/paths/~1?Action=DetachVolume&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + volume_Import: + operation: + $ref: '#/paths/~1?Action=ImportVolume&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + volume_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyVolume&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + volumes_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVolumes&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/volumeSet/item + openAPIDocKey: '200' + id: aws.ec2_api.volumes + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/volumes/methods/volume_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/volumes/methods/volume_Create' + select: + - $ref: '#/components/x-stackQL-resources/volumes/methods/volumes_Describe' + update: + - $ref: '#/components/x-stackQL-resources/volumes/methods/volume_Modify' + title: volumes + volumes_modifications: + name: volumes_modifications + methods: + volumes_modifications_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVolumesModifications&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/volumeModificationSet/item + openAPIDocKey: '200' + id: aws.ec2_api.volumes_modifications + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/volumes_modifications/methods/volumes_modifications_Describe' + update: [] + title: volumes_modifications + vpc_attribute: + name: vpc_attribute + methods: + vpc_attribute_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVpcAttribute&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + vpc_attribute_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyVpcAttribute&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.vpc_attribute + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/vpc_attribute/methods/vpc_attribute_Describe' + update: [] + title: vpc_attribute + vpc_cidr_block: + name: vpc_cidr_block + methods: + vpc_cidr_block_Associate: + operation: + $ref: '#/paths/~1?Action=AssociateVpcCidrBlock&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_cidr_block_Disassociate: + operation: + $ref: '#/paths/~1?Action=DisassociateVpcCidrBlock&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.vpc_cidr_block + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: vpc_cidr_block + vpc_classic_link: + name: vpc_classic_link + methods: + vpc_classic_link_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVpcClassicLink&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/vpcSet/item + openAPIDocKey: '200' + vpc_classic_link_Disable: + operation: + $ref: '#/paths/~1?Action=DisableVpcClassicLink&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_classic_link_Enable: + operation: + $ref: '#/paths/~1?Action=EnableVpcClassicLink&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.vpc_classic_link + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/vpc_classic_link/methods/vpc_classic_link_Describe' + update: [] + title: vpc_classic_link + vpc_classic_link_dns_support: + name: vpc_classic_link_dns_support + methods: + vpc_classic_link_dns_support_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVpcClassicLinkDnsSupport&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/vpcs/item + openAPIDocKey: '200' + vpc_classic_link_dns_support_Disable: + operation: + $ref: '#/paths/~1?Action=DisableVpcClassicLinkDnsSupport&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_classic_link_dns_support_Enable: + operation: + $ref: '#/paths/~1?Action=EnableVpcClassicLinkDnsSupport&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.vpc_classic_link_dns_support + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/vpc_classic_link_dns_support/methods/vpc_classic_link_dns_support_Describe' + update: [] + title: vpc_classic_link_dns_support + vpc_endpoint_connection_notifications: + name: vpc_endpoint_connection_notifications + methods: + vpc_endpoint_connection_notification_Create: + operation: + $ref: '#/paths/~1?Action=CreateVpcEndpointConnectionNotification&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_endpoint_connection_notification_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyVpcEndpointConnectionNotification&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_endpoint_connection_notifications_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteVpcEndpointConnectionNotifications&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_endpoint_connection_notifications_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVpcEndpointConnectionNotifications&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/connectionNotificationSet/item + openAPIDocKey: '200' + id: aws.ec2_api.vpc_endpoint_connection_notifications + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/vpc_endpoint_connection_notifications/methods/vpc_endpoint_connection_notifications_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/vpc_endpoint_connection_notifications/methods/vpc_endpoint_connection_notification_Create' + select: + - $ref: '#/components/x-stackQL-resources/vpc_endpoint_connection_notifications/methods/vpc_endpoint_connection_notifications_Describe' + update: [] + title: vpc_endpoint_connection_notifications + vpc_endpoint_connections: + name: vpc_endpoint_connections + methods: + vpc_endpoint_connections_Accept: + operation: + $ref: '#/paths/~1?Action=AcceptVpcEndpointConnections&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_endpoint_connections_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVpcEndpointConnections&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/vpcEndpointConnectionSet/item + openAPIDocKey: '200' + vpc_endpoint_connections_Reject: + operation: + $ref: '#/paths/~1?Action=RejectVpcEndpointConnections&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.vpc_endpoint_connections + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/vpc_endpoint_connections/methods/vpc_endpoint_connections_Describe' + update: [] + title: vpc_endpoint_connections + vpc_endpoint_service_configurations: + name: vpc_endpoint_service_configurations + methods: + vpc_endpoint_service_configuration_Create: + operation: + $ref: '#/paths/~1?Action=CreateVpcEndpointServiceConfiguration&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_endpoint_service_configuration_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyVpcEndpointServiceConfiguration&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_endpoint_service_configurations_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteVpcEndpointServiceConfigurations&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_endpoint_service_configurations_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVpcEndpointServiceConfigurations&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/serviceConfigurationSet/item + openAPIDocKey: '200' + id: aws.ec2_api.vpc_endpoint_service_configurations + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/vpc_endpoint_service_configurations/methods/vpc_endpoint_service_configurations_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/vpc_endpoint_service_configurations/methods/vpc_endpoint_service_configuration_Create' + select: + - $ref: '#/components/x-stackQL-resources/vpc_endpoint_service_configurations/methods/vpc_endpoint_service_configurations_Describe' + update: [] + title: vpc_endpoint_service_configurations + vpc_endpoint_service_payer_responsibility: + name: vpc_endpoint_service_payer_responsibility + methods: + vpc_endpoint_service_payer_responsibility_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyVpcEndpointServicePayerResponsibility&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.vpc_endpoint_service_payer_responsibility + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: vpc_endpoint_service_payer_responsibility + vpc_endpoint_service_permissions: + name: vpc_endpoint_service_permissions + methods: + vpc_endpoint_service_permissions_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVpcEndpointServicePermissions&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/allowedPrincipals/item + openAPIDocKey: '200' + vpc_endpoint_service_permissions_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyVpcEndpointServicePermissions&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.vpc_endpoint_service_permissions + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/vpc_endpoint_service_permissions/methods/vpc_endpoint_service_permissions_Describe' + update: [] + title: vpc_endpoint_service_permissions + vpc_endpoint_service_private_dns_verification: + name: vpc_endpoint_service_private_dns_verification + methods: + vpc_endpoint_service_private_dns_verification_Start: + operation: + $ref: '#/paths/~1?Action=StartVpcEndpointServicePrivateDnsVerification&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.vpc_endpoint_service_private_dns_verification + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: vpc_endpoint_service_private_dns_verification + vpc_endpoint_services: + name: vpc_endpoint_services + methods: + vpc_endpoint_services_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVpcEndpointServices&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/serviceDetailSet/item + openAPIDocKey: '200' + id: aws.ec2_api.vpc_endpoint_services + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/vpc_endpoint_services/methods/vpc_endpoint_services_Describe' + update: [] + title: vpc_endpoint_services + vpc_endpoints: + name: vpc_endpoints + methods: + vpc_endpoint_Create: + operation: + $ref: '#/paths/~1?Action=CreateVpcEndpoint&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_endpoint_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyVpcEndpoint&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_endpoints_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteVpcEndpoints&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_endpoints_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVpcEndpoints&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/vpcEndpointSet/item + openAPIDocKey: '200' + id: aws.ec2_api.vpc_endpoints + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/vpc_endpoints/methods/vpc_endpoints_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/vpc_endpoints/methods/vpc_endpoint_Create' + select: + - $ref: '#/components/x-stackQL-resources/vpc_endpoints/methods/vpc_endpoints_Describe' + update: [] + title: vpc_endpoints + vpc_peering_connection_options: + name: vpc_peering_connection_options + methods: + vpc_peering_connection_options_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyVpcPeeringConnectionOptions&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.vpc_peering_connection_options + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: vpc_peering_connection_options + vpc_peering_connections: + name: vpc_peering_connections + methods: + vpc_peering_connection_Accept: + operation: + $ref: '#/paths/~1?Action=AcceptVpcPeeringConnection&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_peering_connection_Create: + operation: + $ref: '#/paths/~1?Action=CreateVpcPeeringConnection&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_peering_connection_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteVpcPeeringConnection&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_peering_connection_Reject: + operation: + $ref: '#/paths/~1?Action=RejectVpcPeeringConnection&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_peering_connections_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVpcPeeringConnections&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/vpcPeeringConnectionSet/item + openAPIDocKey: '200' + id: aws.ec2_api.vpc_peering_connections + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/vpc_peering_connections/methods/vpc_peering_connection_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/vpc_peering_connections/methods/vpc_peering_connection_Create' + select: + - $ref: '#/components/x-stackQL-resources/vpc_peering_connections/methods/vpc_peering_connections_Describe' + update: [] + title: vpc_peering_connections + vpc_tenancy: + name: vpc_tenancy + methods: + vpc_tenancy_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyVpcTenancy&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.vpc_tenancy + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: vpc_tenancy + vpcs: + name: vpcs + methods: + vpc_Create: + operation: + $ref: '#/paths/~1?Action=CreateVpc&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpc_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteVpc&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + vpcs_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVpcs&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/vpcSet/item + openAPIDocKey: '200' + id: aws.ec2_api.vpcs + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/vpcs/methods/vpc_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/vpcs/methods/vpc_Create' + select: + - $ref: '#/components/x-stackQL-resources/vpcs/methods/vpcs_Describe' + update: [] + title: vpcs + vpn_connection_device_sample_configuration: + name: vpn_connection_device_sample_configuration + methods: + vpn_connection_device_sample_configuration_Get: + operation: + $ref: '#/paths/~1?Action=GetVpnConnectionDeviceSampleConfiguration&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + id: aws.ec2_api.vpn_connection_device_sample_configuration + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/vpn_connection_device_sample_configuration/methods/vpn_connection_device_sample_configuration_Get' + update: [] + title: vpn_connection_device_sample_configuration + vpn_connection_device_types: + name: vpn_connection_device_types + methods: + vpn_connection_device_types_Get: + operation: + $ref: '#/paths/~1?Action=GetVpnConnectionDeviceTypes&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/vpnConnectionDeviceTypeSet/item + openAPIDocKey: '200' + id: aws.ec2_api.vpn_connection_device_types + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/vpn_connection_device_types/methods/vpn_connection_device_types_Get' + update: [] + title: vpn_connection_device_types + vpn_connection_options: + name: vpn_connection_options + methods: + vpn_connection_options_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyVpnConnectionOptions&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.vpn_connection_options + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: vpn_connection_options + vpn_connection_route: + name: vpn_connection_route + methods: + vpn_connection_route_Create: + operation: + $ref: '#/paths/~1?Action=CreateVpnConnectionRoute&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + vpn_connection_route_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteVpnConnectionRoute&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + id: aws.ec2_api.vpn_connection_route + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/vpn_connection_route/methods/vpn_connection_route_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/vpn_connection_route/methods/vpn_connection_route_Create' + select: [] + update: [] + title: vpn_connection_route + vpn_connections: + name: vpn_connections + methods: + vpn_connection_Create: + operation: + $ref: '#/paths/~1?Action=CreateVpnConnection&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpn_connection_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteVpnConnection&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + vpn_connection_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyVpnConnection&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpn_connections_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVpnConnections&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/vpnConnectionSet/item + openAPIDocKey: '200' + id: aws.ec2_api.vpn_connections + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/vpn_connections/methods/vpn_connection_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/vpn_connections/methods/vpn_connection_Create' + select: + - $ref: '#/components/x-stackQL-resources/vpn_connections/methods/vpn_connections_Describe' + update: [] + title: vpn_connections + vpn_gateways: + name: vpn_gateways + methods: + vpn_gateway_Attach: + operation: + $ref: '#/paths/~1?Action=AttachVpnGateway&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpn_gateway_Create: + operation: + $ref: '#/paths/~1?Action=CreateVpnGateway&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + vpn_gateway_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteVpnGateway&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + vpn_gateway_Detach: + operation: + $ref: '#/paths/~1?Action=DetachVpnGateway&Version=2016-11-15/get' + response: + openAPIDocKey: '200' + vpn_gateways_Describe: + operation: + $ref: '#/paths/~1?Action=DescribeVpnGateways&Version=2016-11-15/get' + response: + mediaType: text/xml + objectKey: /*/vpnGatewaySet/item + openAPIDocKey: '200' + id: aws.ec2_api.vpn_gateways + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/vpn_gateways/methods/vpn_gateway_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/vpn_gateways/methods/vpn_gateway_Create' + select: + - $ref: '#/components/x-stackQL-resources/vpn_gateways/methods/vpn_gateways_Describe' + update: [] + title: vpn_gateways + vpn_tunnel_certificate: + name: vpn_tunnel_certificate + methods: + vpn_tunnel_certificate_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyVpnTunnelCertificate&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.vpn_tunnel_certificate + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: vpn_tunnel_certificate + vpn_tunnel_options: + name: vpn_tunnel_options + methods: + vpn_tunnel_options_Modify: + operation: + $ref: '#/paths/~1?Action=ModifyVpnTunnelOptions&Version=2016-11-15/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + id: aws.ec2_api.vpn_tunnel_options + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: vpn_tunnel_options + parameters: + X-Amz-Content-Sha256: + name: X-Amz-Content-Sha256 + in: header + schema: + type: string + required: false + X-Amz-Date: + name: X-Amz-Date + in: header + schema: + type: string + required: false + X-Amz-Algorithm: + name: X-Amz-Algorithm + in: header + schema: + type: string + required: false + X-Amz-Credential: + name: X-Amz-Credential + in: header + schema: + type: string + required: false + X-Amz-Security-Token: + name: X-Amz-Security-Token + in: header + schema: + type: string + required: false + X-Amz-Signature: + name: X-Amz-Signature + in: header + schema: + type: string + required: false + X-Amz-SignedHeaders: + name: X-Amz-SignedHeaders + in: header + schema: + type: string + required: false + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + schemas: + AcceptReservedInstancesExchangeQuoteResult: + type: object + properties: + exchangeId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the successful exchange. + description: The result of the exchange and whether it was successful. + ReservationId: + type: string + TargetConfigurationRequest: + type: object + required: + - OfferingId + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ReservedInstancesOfferingId' + - description: The Convertible Reserved Instance offering ID. + description: Details about the target configuration. + AcceptTransitGatewayMulticastDomainAssociationsResult: + type: object + properties: + associations: + $ref: '#/components/schemas/TransitGatewayMulticastDomainAssociations' + String: + type: string + AcceptTransitGatewayPeeringAttachmentResult: + type: object + properties: + transitGatewayPeeringAttachment: + allOf: + - $ref: '#/components/schemas/TransitGatewayPeeringAttachment' + - description: The transit gateway peering attachment. + AcceptTransitGatewayVpcAttachmentResult: + type: object + properties: + transitGatewayVpcAttachment: + allOf: + - $ref: '#/components/schemas/TransitGatewayVpcAttachment' + - description: The VPC attachment. + AcceptVpcEndpointConnectionsResult: + type: object + properties: + unsuccessful: + allOf: + - $ref: '#/components/schemas/UnsuccessfulItemSet' + - description: 'Information about the interface endpoints that were not accepted, if applicable.' + VpcEndpointId: + type: string + AcceptVpcPeeringConnectionResult: + type: object + properties: + vpcPeeringConnection: + allOf: + - $ref: '#/components/schemas/VpcPeeringConnection' + - description: Information about the VPC peering connection. + AdvertiseByoipCidrResult: + type: object + properties: + byoipCidr: + allOf: + - $ref: '#/components/schemas/ByoipCidr' + - description: Information about the address range. + AllocateAddressResult: + type: object + example: + Domain: standard + PublicIp: 198.51.100.0 + properties: + publicIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The Elastic IP address. + allocationId: + allOf: + - $ref: '#/components/schemas/String' + - description: '[EC2-VPC] The ID that Amazon Web Services assigns to represent the allocation of the Elastic IP address for use with instances in a VPC.' + publicIpv4Pool: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of an address pool. + networkBorderGroup: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses.' + domain: + allOf: + - $ref: '#/components/schemas/DomainType' + - description: Indicates whether the Elastic IP address is for use with instances in a VPC (vpc) or instances in EC2-Classic (standard). + customerOwnedIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The customer-owned IP address. + customerOwnedIpv4Pool: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the customer-owned address pool. + carrierIp: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The carrier IP address. This option is only available for network interfaces which reside in a subnet in a Wavelength Zone (for example an EC2 instance). ' + TagSpecification: + type: object + properties: + resourceType: + allOf: + - $ref: '#/components/schemas/ResourceType' + - description: The type of resource to tag on creation. + Tag: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags to apply to the resource. + description: The tags to apply to a resource when the resource is being created. + AllocateHostsResult: + type: object + properties: + hostIdSet: + allOf: + - $ref: '#/components/schemas/ResponseHostIdList' + - description: The ID of the allocated Dedicated Host. This is used to launch an instance onto a specific host. + description: Contains the output of AllocateHosts. + AllocateIpamPoolCidrResult: + type: object + properties: + ipamPoolAllocation: + allOf: + - $ref: '#/components/schemas/IpamPoolAllocation' + - description: Information about the allocation created. + ApplySecurityGroupsToClientVpnTargetNetworkResult: + type: object + properties: + securityGroupIds: + allOf: + - $ref: '#/components/schemas/ClientVpnSecurityGroupIdSet' + - description: The IDs of the applied security groups. + SecurityGroupId: + type: string + AssignIpv6AddressesResult: + type: object + properties: + assignedIpv6Addresses: + allOf: + - $ref: '#/components/schemas/Ipv6AddressList' + - description: The new IPv6 addresses assigned to the network interface. Existing IPv6 addresses that were assigned to the network interface before the request are not included. + assignedIpv6PrefixSet: + allOf: + - $ref: '#/components/schemas/IpPrefixList' + - description: The IPv6 prefixes that are assigned to the network interface. + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network interface. + AssignPrivateIpAddressesResult: + type: object + properties: + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network interface. + assignedPrivateIpAddressesSet: + allOf: + - $ref: '#/components/schemas/AssignedPrivateIpAddressList' + - description: The private IP addresses assigned to the network interface. + assignedIpv4PrefixSet: + allOf: + - $ref: '#/components/schemas/Ipv4PrefixesList' + - description: The IPv4 prefixes that are assigned to the network interface. + AssociateAddressResult: + type: object + example: + AssociationId: eipassoc-2bebb745 + properties: + associationId: + allOf: + - $ref: '#/components/schemas/String' + - description: '[EC2-VPC] The ID that represents the association of the Elastic IP address with an instance.' + AssociateClientVpnTargetNetworkResult: + type: object + properties: + associationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The unique ID of the target network association. + status: + allOf: + - $ref: '#/components/schemas/AssociationStatus' + - description: The current state of the target network association. + AssociateEnclaveCertificateIamRoleResult: + type: object + properties: + certificateS3BucketName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the Amazon S3 bucket to which the certificate was uploaded. + certificateS3ObjectKey: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored. The object key is formatted as follows: role_arn/certificate_arn.' + encryptionKmsKeyId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the KMS key used to encrypt the private key of the certificate. + AssociateIamInstanceProfileResult: + type: object + example: + IamInstanceProfileAssociation: + AssociationId: iip-assoc-0e7736511a163c209 + IamInstanceProfile: + Arn: 'arn:aws:iam::123456789012:instance-profile/admin-role' + Id: AIPAJBLK7RKJKWDXVHIEC + InstanceId: i-123456789abcde123 + State: associating + properties: + iamInstanceProfileAssociation: + allOf: + - $ref: '#/components/schemas/IamInstanceProfileAssociation' + - description: Information about the IAM instance profile association. + AssociateInstanceEventWindowResult: + type: object + properties: + instanceEventWindow: + allOf: + - $ref: '#/components/schemas/InstanceEventWindow' + - description: Information about the event window. + InstanceIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: item + TagList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: item + DedicatedHostIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/DedicatedHostId' + - xml: + name: item + AssociateRouteTableResult: + type: object + example: + AssociationId: rtbassoc-781d0d1a + properties: + associationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The route table association ID. This ID is required for disassociating the route table. + associationState: + allOf: + - $ref: '#/components/schemas/RouteTableAssociationState' + - description: The state of the association. + AssociateSubnetCidrBlockResult: + type: object + properties: + ipv6CidrBlockAssociation: + allOf: + - $ref: '#/components/schemas/SubnetIpv6CidrBlockAssociation' + - description: Information about the IPv6 association. + subnetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet. + AssociateTransitGatewayMulticastDomainResult: + type: object + properties: + associations: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDomainAssociations' + - description: Information about the transit gateway multicast domain associations. + SubnetId: + type: string + AssociateTransitGatewayRouteTableResult: + type: object + properties: + association: + allOf: + - $ref: '#/components/schemas/TransitGatewayAssociation' + - description: The ID of the association. + AssociateTrunkInterfaceResult: + type: object + properties: + interfaceAssociation: + allOf: + - $ref: '#/components/schemas/TrunkInterfaceAssociation' + - description: Information about the association between the trunk network interface and branch network interface. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency.' + AssociateVpcCidrBlockResult: + type: object + properties: + ipv6CidrBlockAssociation: + allOf: + - $ref: '#/components/schemas/VpcIpv6CidrBlockAssociation' + - description: Information about the IPv6 CIDR block association. + cidrBlockAssociation: + allOf: + - $ref: '#/components/schemas/VpcCidrBlockAssociation' + - description: Information about the IPv4 CIDR block association. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + AttachClassicLinkVpcResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + AttachNetworkInterfaceResult: + type: object + example: + AttachmentId: eni-attach-66c4350a + properties: + attachmentId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network interface attachment. + networkCardIndex: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The index of the network card. + description: Contains the output of AttachNetworkInterface. + VolumeAttachment: + type: object + example: + AttachTime: '2014-02-27T19:23:06.000Z' + Device: /dev/sdb + InstanceId: i-1234567890abcdef0 + State: detaching + VolumeId: vol-049df61146c4d7901 + properties: + attachTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time stamp when the attachment initiated. + device: + allOf: + - $ref: '#/components/schemas/String' + - description: The device name. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + status: + allOf: + - $ref: '#/components/schemas/VolumeAttachmentState' + - description: The attachment state of the volume. + volumeId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the volume. + deleteOnTermination: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the EBS volume is deleted on instance termination. + description: Describes volume attachment details. + AttachVpnGatewayResult: + type: object + properties: + attachment: + allOf: + - $ref: '#/components/schemas/VpcAttachment' + - description: Information about the attachment. + description: Contains the output of AttachVpnGateway. + AuthorizeClientVpnIngressResult: + type: object + properties: + status: + allOf: + - $ref: '#/components/schemas/ClientVpnAuthorizationRuleStatus' + - description: The current state of the authorization rule. + AuthorizeSecurityGroupEgressResult: + type: object + example: {} + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, returns an error.' + securityGroupRuleSet: + allOf: + - $ref: '#/components/schemas/SecurityGroupRuleList' + - description: Information about the outbound (egress) security group rules that were added. + IpPermission: + type: object + properties: + fromPort: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.' + ipProtocol: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers).

[VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

' + ipRanges: + allOf: + - $ref: '#/components/schemas/IpRangeList' + - description: The IPv4 ranges. + ipv6Ranges: + allOf: + - $ref: '#/components/schemas/Ipv6RangeList' + - description: '[VPC only] The IPv6 ranges.' + prefixListIds: + allOf: + - $ref: '#/components/schemas/PrefixListIdList' + - description: '[VPC only] The prefix list IDs.' + toPort: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.' + groups: + allOf: + - $ref: '#/components/schemas/UserIdGroupPairList' + - description: The security group and Amazon Web Services account ID pairs. + description: Describes a set of permissions for a security group rule. + AuthorizeSecurityGroupIngressResult: + type: object + example: {} + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, returns an error.' + securityGroupRuleSet: + allOf: + - $ref: '#/components/schemas/SecurityGroupRuleList' + - description: Information about the inbound (ingress) security group rules that were added. + BundleInstanceResult: + type: object + properties: + bundleInstanceTask: + allOf: + - $ref: '#/components/schemas/BundleTask' + - description: Information about the bundle task. + description: Contains the output of BundleInstance. + S3Storage: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The access key ID of the owner of the bucket. Before you specify a value for your access key ID, review and follow the guidance in Best Practices for Managing Amazon Web Services Access Keys.' + bucket: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The bucket in which to store the AMI. You can specify a bucket that you already own or a new bucket that Amazon EC2 creates on your behalf. If you specify a bucket that belongs to someone else, Amazon EC2 returns an error.' + prefix: + allOf: + - $ref: '#/components/schemas/String' + - description: The beginning of the file name of the AMI. + uploadPolicy: + allOf: + - $ref: '#/components/schemas/Blob' + - description: An Amazon S3 upload policy that gives Amazon EC2 permission to upload items into Amazon S3 on your behalf. + uploadPolicySignature: + allOf: + - $ref: '#/components/schemas/String' + - description: The signature of the JSON document. + description: Describes the storage parameters for Amazon S3 and Amazon S3 buckets for an instance store-backed AMI. + CancelBundleTaskResult: + type: object + properties: + bundleInstanceTask: + allOf: + - $ref: '#/components/schemas/BundleTask' + - description: Information about the bundle task. + description: Contains the output of CancelBundleTask. + CancelCapacityReservationResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + CancelCapacityReservationFleetsResult: + type: object + properties: + successfulFleetCancellationSet: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleetCancellationStateSet' + - description: Information about the Capacity Reservation Fleets that were successfully cancelled. + failedFleetCancellationSet: + allOf: + - $ref: '#/components/schemas/FailedCapacityReservationFleetCancellationResultSet' + - description: Information about the Capacity Reservation Fleets that could not be cancelled. + CapacityReservationFleetId: + type: string + CancelImportTaskResult: + type: object + properties: + importTaskId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the task being canceled. + previousState: + allOf: + - $ref: '#/components/schemas/String' + - description: The current state of the task being canceled. + state: + allOf: + - $ref: '#/components/schemas/String' + - description: The current state of the task being canceled. + CancelReservedInstancesListingResult: + type: object + properties: + reservedInstancesListingsSet: + allOf: + - $ref: '#/components/schemas/ReservedInstancesListingList' + - description: The Reserved Instance listing. + description: Contains the output of CancelReservedInstancesListing. + CancelSpotFleetRequestsResponse: + type: object + example: + SuccessfulFleetRequests: + - CurrentSpotFleetRequestState: cancelled_terminating + PreviousSpotFleetRequestState: active + SpotFleetRequestId: sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE + properties: + successfulFleetRequestSet: + allOf: + - $ref: '#/components/schemas/CancelSpotFleetRequestsSuccessSet' + - description: Information about the Spot Fleet requests that are successfully canceled. + unsuccessfulFleetRequestSet: + allOf: + - $ref: '#/components/schemas/CancelSpotFleetRequestsErrorSet' + - description: Information about the Spot Fleet requests that are not successfully canceled. + description: Contains the output of CancelSpotFleetRequests. + SpotFleetRequestId: + type: string + CancelSpotInstanceRequestsResult: + type: object + example: + CancelledSpotInstanceRequests: + - SpotInstanceRequestId: sir-08b93456 + State: cancelled + properties: + spotInstanceRequestSet: + allOf: + - $ref: '#/components/schemas/CancelledSpotInstanceRequestList' + - description: One or more Spot Instance requests. + description: Contains the output of CancelSpotInstanceRequests. + SpotInstanceRequestId: + type: string + ConfirmProductInstanceResult: + type: object + example: + OwnerId: '123456789012' + properties: + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID of the instance owner. This is only present if the product code is attached to the instance. + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The return value of the request. Returns true if the specified product code is owned by the requester and associated with the specified instance. + CopyFpgaImageResult: + type: object + properties: + fpgaImageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the new AFI. + CopyImageResult: + type: object + example: + ImageId: ami-438bea42 + properties: + imageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the new AMI. + description: Contains the output of CopyImage. + CopySnapshotResult: + type: object + example: + SnapshotId: snap-066877671789bd71b + properties: + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the new snapshot. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags applied to the new snapshot. + CreateCapacityReservationResult: + type: object + properties: + capacityReservation: + allOf: + - $ref: '#/components/schemas/CapacityReservation' + - description: Information about the Capacity Reservation. + CreateCapacityReservationFleetResult: + type: object + properties: + capacityReservationFleetId: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleetId' + - description: The ID of the Capacity Reservation Fleet. + state: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleetState' + - description: The status of the Capacity Reservation Fleet. + totalTargetCapacity: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The total number of capacity units for which the Capacity Reservation Fleet reserves capacity. + totalFulfilledCapacity: + allOf: + - $ref: '#/components/schemas/Double' + - description: The requested capacity units that have been successfully reserved. + instanceMatchCriteria: + allOf: + - $ref: '#/components/schemas/FleetInstanceMatchCriteria' + - description: The instance matching criteria for the Capacity Reservation Fleet. + allocationStrategy: + allOf: + - $ref: '#/components/schemas/String' + - description: The allocation strategy used by the Capacity Reservation Fleet. + createTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time at which the Capacity Reservation Fleet was created. + endDate: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time at which the Capacity Reservation Fleet expires. + tenancy: + allOf: + - $ref: '#/components/schemas/FleetCapacityReservationTenancy' + - description: Indicates the tenancy of Capacity Reservation Fleet. + fleetCapacityReservationSet: + allOf: + - $ref: '#/components/schemas/FleetCapacityReservationSet' + - description: Information about the individual Capacity Reservations in the Capacity Reservation Fleet. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the Capacity Reservation Fleet. + ReservationFleetInstanceSpecification: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/IntegerWithConstraints' + - description: 'The priority to assign to the instance type. This value is used to determine which of the instance types specified for the Fleet should be prioritized for use. A lower value indicates a high priority. For more information, see Instance type priority in the Amazon EC2 User Guide.' + description: Information about an instance type to use in a Capacity Reservation Fleet. + CreateCarrierGatewayResult: + type: object + properties: + carrierGateway: + allOf: + - $ref: '#/components/schemas/CarrierGateway' + - description: Information about the carrier gateway. + CreateClientVpnEndpointResult: + type: object + properties: + clientVpnEndpointId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Client VPN endpoint. + status: + allOf: + - $ref: '#/components/schemas/ClientVpnEndpointStatus' + - description: The current state of the Client VPN endpoint. + dnsName: + allOf: + - $ref: '#/components/schemas/String' + - description: The DNS name to be used by clients when establishing their VPN session. + ClientVpnAuthenticationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/FederatedAuthenticationRequest' + - description: 'Information about the IAM SAML identity provider to be used, if applicable. You must provide this information if Type is federated-authentication.' + description: 'Describes the authentication method to be used by a Client VPN endpoint. For more information, see Authentication in the Client VPN Administrator Guide.' + CreateClientVpnRouteResult: + type: object + properties: + status: + allOf: + - $ref: '#/components/schemas/ClientVpnRouteStatus' + - description: The current state of the route. + CreateCustomerGatewayResult: + type: object + example: + CustomerGateway: + BgpAsn: '65534' + CustomerGatewayId: cgw-0e11f167 + IpAddress: 12.1.2.3 + State: available + Type: ipsec.1 + properties: + customerGateway: + allOf: + - $ref: '#/components/schemas/CustomerGateway' + - description: Information about the customer gateway. + description: Contains the output of CreateCustomerGateway. + CreateDefaultSubnetResult: + type: object + properties: + subnet: + allOf: + - $ref: '#/components/schemas/Subnet' + - description: Information about the subnet. + CreateDefaultVpcResult: + type: object + properties: + vpc: + allOf: + - $ref: '#/components/schemas/Vpc' + - description: Information about the VPC. + CreateDhcpOptionsResult: + type: object + example: + DhcpOptions: + DhcpConfigurations: + - Key: domain-name-servers + Values: + - Value: 10.2.5.2 + - Value: 10.2.5.1 + DhcpOptionsId: dopt-d9070ebb + properties: + dhcpOptions: + allOf: + - $ref: '#/components/schemas/DhcpOptions' + - description: A set of DHCP options. + NewDhcpConfiguration: + type: object + properties: + key: + $ref: '#/components/schemas/String' + Value: + $ref: '#/components/schemas/ValueStringList' + CreateEgressOnlyInternetGatewayResult: + type: object + properties: + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.' + egressOnlyInternetGateway: + allOf: + - $ref: '#/components/schemas/EgressOnlyInternetGateway' + - description: Information about the egress-only internet gateway. + CreateFleetResult: + type: object + properties: + fleetId: + allOf: + - $ref: '#/components/schemas/FleetId' + - description: The ID of the EC2 Fleet. + errorSet: + allOf: + - $ref: '#/components/schemas/CreateFleetErrorsSet' + - description: Information about the instances that could not be launched by the fleet. Supported only for fleets of type instant. + fleetInstanceSet: + allOf: + - $ref: '#/components/schemas/CreateFleetInstancesSet' + - description: Information about the instances that were launched by the fleet. Supported only for fleets of type instant. + FleetLaunchTemplateConfigRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/FleetLaunchTemplateOverridesListRequest' + - description: '

Any parameters that you specify override the same parameters in the launch template.

For fleets of type request and maintain, a maximum of 300 items is allowed across all launch templates.

' + description: Describes a launch template and overrides. + TargetCapacityUnitType: + type: string + enum: + - vcpu + - memory-mib + - units + CreateFlowLogsResult: + type: object + properties: + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.' + flowLogIdSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The IDs of the flow logs. + unsuccessful: + allOf: + - $ref: '#/components/schemas/UnsuccessfulItemSet' + - description: Information about the flow logs that could not be created successfully. + FlowLogResourceId: + type: string + Boolean: + type: boolean + CreateFpgaImageResult: + type: object + properties: + fpgaImageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The FPGA image identifier (AFI ID). + fpgaImageGlobalId: + allOf: + - $ref: '#/components/schemas/String' + - description: The global FPGA image identifier (AGFI ID). + CreateImageResult: + type: object + example: + ImageId: ami-1a2b3c4d + properties: + imageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the new AMI. + BlockDeviceMapping: + type: object + properties: + deviceName: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The device name (for example, /dev/sdh or xvdh).' + virtualName: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The virtual device name (ephemeralN). Instance store volumes are numbered starting from 0. An instance type with 2 available instance store volumes can specify mappings for ephemeral0 and ephemeral1. The number of available instance store volumes depends on the instance type. After you connect to the instance, you must mount the volume.

NVMe instance store volumes are automatically enumerated and assigned a device name. Including them in your block device mapping has no effect.

Constraints: For M3 instances, you must specify instance store volumes in the block device mapping for the instance. When you launch an M3 instance, we ignore any instance store volumes specified in the block device mapping for the AMI.

' + ebs: + allOf: + - $ref: '#/components/schemas/EbsBlockDevice' + - description: Parameters used to automatically set up EBS volumes when the instance is launched. + noDevice: + allOf: + - $ref: '#/components/schemas/String' + - description: 'To omit the device from the block device mapping, specify an empty string. When this property is specified, the device is removed from the block device mapping regardless of the assigned value.' + description: 'Describes a block device mapping, which defines the EBS volumes and instance store volumes to attach to an instance at launch.' + CreateInstanceEventWindowResult: + type: object + properties: + instanceEventWindow: + allOf: + - $ref: '#/components/schemas/InstanceEventWindow' + - description: Information about the event window. + InstanceEventWindowTimeRangeRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Hour' + - description: The hour when the time range ends. + description: 'The start day and time and the end day and time of the time range, in UTC.' + CreateInstanceExportTaskResult: + type: object + properties: + exportTask: + allOf: + - $ref: '#/components/schemas/ExportTask' + - description: Information about the export instance task. + ContainerFormat: + type: string + enum: + - ova + DiskImageFormat: + type: string + enum: + - VMDK + - RAW + - VHD + CreateInternetGatewayResult: + type: object + example: + InternetGateway: + Attachments: [] + InternetGatewayId: igw-c0a643a9 + Tags: [] + properties: + internetGateway: + allOf: + - $ref: '#/components/schemas/InternetGateway' + - description: Information about the internet gateway. + CreateIpamResult: + type: object + properties: + ipam: + allOf: + - $ref: '#/components/schemas/Ipam' + - description: Information about the IPAM created. + AddIpamOperatingRegion: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the operating Region. + description: '

Add an operating Region to an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

' + CreateIpamPoolResult: + type: object + properties: + ipamPool: + allOf: + - $ref: '#/components/schemas/IpamPool' + - description: Information about the IPAM pool created. + RequestIpamResourceTag: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The value for the tag. + description: A tag on an IPAM resource. + CreateIpamScopeResult: + type: object + properties: + ipamScope: + allOf: + - $ref: '#/components/schemas/IpamScope' + - description: Information about the created scope. + KeyPair: + type: object + properties: + keyFingerprint: + allOf: + - $ref: '#/components/schemas/String' + - description: '

  • For RSA key pairs, the key fingerprint is the SHA-1 digest of the DER encoded private key.

  • For ED25519 key pairs, the key fingerprint is the base64-encoded SHA-256 digest, which is the default for OpenSSH, starting with OpenSSH 6.8.

' + keyMaterial: + allOf: + - $ref: '#/components/schemas/SensitiveUserData' + - description: An unencrypted PEM encoded RSA or ED25519 private key. + keyName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the key pair. + keyPairId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the key pair. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags applied to the key pair. + description: Describes a key pair. + CreateLaunchTemplateResult: + type: object + example: + LaunchTemplate: + CreateTime: '2017-11-27T09:13:24.000Z' + CreatedBy: 'arn:aws:iam::123456789012:root' + DefaultVersionNumber: 1 + LatestVersionNumber: 1 + LaunchTemplateId: lt-01238c059e3466abc + LaunchTemplateName: my-template + properties: + launchTemplate: + allOf: + - $ref: '#/components/schemas/LaunchTemplate' + - description: Information about the launch template. + warning: + allOf: + - $ref: '#/components/schemas/ValidationWarning' + - description: 'If the launch template contains parameters or parameter combinations that are not valid, an error code and an error message are returned for each issue that''s found.' + LaunchTemplateIamInstanceProfileSpecificationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the instance profile. + description: An IAM instance profile. + LaunchTemplateBlockDeviceMappingRequestList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateBlockDeviceMappingRequest' + - xml: + name: BlockDeviceMapping + LaunchTemplateTagSpecificationRequestList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateTagSpecificationRequest' + - xml: + name: LaunchTemplateTagSpecificationRequest + ElasticGpuSpecificationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ElasticGpuSpecification' + - xml: + name: ElasticGpuSpecification + LaunchTemplateElasticInferenceAcceleratorList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateElasticInferenceAccelerator' + - xml: + name: item + SecurityGroupIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: SecurityGroupId + LaunchTemplateCapacityReservationSpecificationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/CapacityReservationTarget' + - description: Information about the target Capacity Reservation or Capacity Reservation group. + description: 'Describes an instance''s Capacity Reservation targeting option. You can specify only one option at a time. Use the CapacityReservationPreference parameter to configure the instance to run in On-Demand capacity or to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). Use the CapacityReservationTarget parameter to explicitly target a specific Capacity Reservation or a Capacity Reservation group.' + LaunchTemplateInstanceMaintenanceOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LaunchTemplateAutoRecoveryState' + - description: 'Disables the automatic recovery behavior of your instance or sets it to default. For more information, see Simplified automatic recovery.' + description: The maintenance options of your instance. + CreateLaunchTemplateVersionResult: + type: object + example: + LaunchTemplateVersion: + CreateTime: '2017-12-01T13:35:46.000Z' + CreatedBy: 'arn:aws:iam::123456789012:root' + DefaultVersion: false + LaunchTemplateData: + ImageId: ami-c998b6b2 + InstanceType: t2.micro + NetworkInterfaces: + - AssociatePublicIpAddress: true + DeviceIndex: 0 + Ipv6Addresses: + - Ipv6Address: '2001:db8:1234:1a00::123' + SubnetId: subnet-7b16de0c + LaunchTemplateId: lt-0abcd290751193123 + LaunchTemplateName: my-template + VersionDescription: WebVersion2 + VersionNumber: 2 + properties: + launchTemplateVersion: + allOf: + - $ref: '#/components/schemas/LaunchTemplateVersion' + - description: Information about the launch template version. + warning: + allOf: + - $ref: '#/components/schemas/ValidationWarning' + - description: 'If the new version of the launch template contains parameters or parameter combinations that are not valid, an error code and an error message are returned for each issue that''s found.' + CreateLocalGatewayRouteResult: + type: object + properties: + route: + allOf: + - $ref: '#/components/schemas/LocalGatewayRoute' + - description: Information about the route. + CreateLocalGatewayRouteTableVpcAssociationResult: + type: object + properties: + localGatewayRouteTableVpcAssociation: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociation' + - description: Information about the association. + CreateManagedPrefixListResult: + type: object + properties: + prefixList: + allOf: + - $ref: '#/components/schemas/ManagedPrefixList' + - description: Information about the prefix list. + AddPrefixListEntry: + type: object + required: + - Cidr + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

A description for the entry.

Constraints: Up to 255 characters in length.

' + description: An entry for a prefix list. + CreateNatGatewayResult: + type: object + example: + NatGateway: + CreateTime: '2015-12-17T12:45:26.732Z' + NatGatewayAddresses: + - AllocationId: eipalloc-37fc1a52 + NatGatewayId: nat-08d48af2a8e83edfd + State: pending + SubnetId: subnet-1a2b3c4d + VpcId: vpc-1122aabb + properties: + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier to ensure the idempotency of the request. Only returned if a client token was provided in the request.' + natGateway: + allOf: + - $ref: '#/components/schemas/NatGateway' + - description: Information about the NAT gateway. + CreateNetworkAclResult: + type: object + example: + NetworkAcl: + Associations: [] + Entries: + - CidrBlock: 0.0.0.0/0 + Egress: true + Protocol: '-1' + RuleAction: deny + RuleNumber: 32767 + - CidrBlock: 0.0.0.0/0 + Egress: false + Protocol: '-1' + RuleAction: deny + RuleNumber: 32767 + IsDefault: false + NetworkAclId: acl-5fb85d36 + Tags: [] + VpcId: vpc-a01106c2 + properties: + networkAcl: + allOf: + - $ref: '#/components/schemas/NetworkAcl' + - description: Information about the network ACL. + Integer: + type: integer + CreateNetworkInsightsAccessScopeResult: + type: object + properties: + networkInsightsAccessScope: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScope' + - description: The Network Access Scope. + networkInsightsAccessScopeContent: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeContent' + - description: The Network Access Scope content. + AccessScopePathRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/PathStatementRequest' + - description: The destination. + ThroughResource: + allOf: + - $ref: '#/components/schemas/ThroughResourcesStatementRequestList' + - description: The through resources. + description: Describes a path. + CreateNetworkInsightsPathResult: + type: object + properties: + networkInsightsPath: + allOf: + - $ref: '#/components/schemas/NetworkInsightsPath' + - description: Information about the path. + CreateNetworkInterfaceResult: + type: object + example: + NetworkInterface: + AvailabilityZone: us-east-1d + Description: my network interface + Groups: + - GroupId: sg-903004f8 + GroupName: default + MacAddress: '02:1a:80:41:52:9c' + NetworkInterfaceId: eni-e5aa89a3 + OwnerId: '123456789012' + PrivateIpAddress: 10.0.2.17 + PrivateIpAddresses: + - Primary: true + PrivateIpAddress: 10.0.2.17 + RequesterManaged: false + SourceDestCheck: true + Status: pending + SubnetId: subnet-9d4a7b6c + TagSet: [] + VpcId: vpc-a01106c2 + properties: + networkInterface: + allOf: + - $ref: '#/components/schemas/NetworkInterface' + - description: Information about the network interface. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + description: Contains the output of CreateNetworkInterface. + InstanceIpv6Address: + type: object + properties: + ipv6Address: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 address. + description: Describes an IPv6 address. + PrivateIpAddressSpecification: + type: object + properties: + primary: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the private IPv4 address is the primary private IPv4 address. Only one IPv4 address can be designated as primary. + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The private IPv4 addresses. + description: Describes a secondary private IPv4 address for a network interface. + Ipv4PrefixSpecificationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv4 prefix. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.' + description: Describes the IPv4 prefix option for a network interface. + Ipv6PrefixSpecificationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 prefix. + description: Describes the IPv4 prefix option for a network interface. + CreateNetworkInterfacePermissionResult: + type: object + properties: + interfacePermission: + allOf: + - $ref: '#/components/schemas/NetworkInterfacePermission' + - description: Information about the permission for the network interface. + description: Contains the output of CreateNetworkInterfacePermission. + CreatePlacementGroupResult: + type: object + example: {} + properties: + placementGroup: + $ref: '#/components/schemas/PlacementGroup' + CreatePublicIpv4PoolResult: + type: object + properties: + poolId: + allOf: + - $ref: '#/components/schemas/Ipv4PoolEc2Id' + - description: The ID of the public IPv4 pool. + CreateReplaceRootVolumeTaskResult: + type: object + properties: + replaceRootVolumeTask: + allOf: + - $ref: '#/components/schemas/ReplaceRootVolumeTask' + - description: Information about the root volume replacement task. + CreateReservedInstancesListingResult: + type: object + properties: + reservedInstancesListingsSet: + allOf: + - $ref: '#/components/schemas/ReservedInstancesListingList' + - description: Information about the Standard Reserved Instance listing. + description: Contains the output of CreateReservedInstancesListing. + PriceScheduleSpecification: + type: object + properties: + currencyCode: + allOf: + - $ref: '#/components/schemas/CurrencyCodeValues' + - description: 'The currency for transacting the Reserved Instance resale. At this time, the only supported currency is USD.' + price: + allOf: + - $ref: '#/components/schemas/Double' + - description: The fixed price for the term. + term: + allOf: + - $ref: '#/components/schemas/Long' + - description: 'The number of months remaining in the reservation. For example, 2 is the second to the last month before the capacity reservation expires.' + description: Describes the price for a Reserved Instance. + CreateRestoreImageTaskResult: + type: object + properties: + imageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The AMI ID. + CreateRouteResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + CreateRouteTableResult: + type: object + example: + RouteTable: + Associations: [] + PropagatingVgws: [] + RouteTableId: rtb-22574640 + Routes: + - DestinationCidrBlock: 10.0.0.0/16 + GatewayId: local + State: active + Tags: [] + VpcId: vpc-a01106c2 + properties: + routeTable: + allOf: + - $ref: '#/components/schemas/RouteTable' + - description: Information about the route table. + CreateSecurityGroupResult: + type: object + example: + GroupId: sg-903004f8 + properties: + groupId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the security group. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the security group. + Snapshot: + type: object + example: + Description: This is my root volume snapshot. + OwnerId: 012345678910 + SnapshotId: snap-066877671789bd71b + StartTime: '2014-02-28T21:06:01.000Z' + State: pending + Tags: [] + VolumeId: vol-1234567890abcdef0 + VolumeSize: 8 + properties: + dataEncryptionKeyId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The data encryption key identifier for the snapshot. This value is a unique identifier that corresponds to the data encryption key that was used to encrypt the original volume or snapshot copy. Because data encryption keys are inherited by volumes created from snapshots, and vice versa, if snapshots share the same data encryption key identifier, then they belong to the same volume/snapshot lineage. This parameter is only returned by DescribeSnapshots.' + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description for the snapshot. + encrypted: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the snapshot is encrypted. + kmsKeyId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Key Management Service (KMS) KMS key that was used to protect the volume encryption key for the parent volume. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the EBS snapshot. + progress: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The progress of the snapshot, as a percentage.' + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the snapshot. Each snapshot receives a unique identifier when it is created. + startTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time stamp when the snapshot was initiated. + status: + allOf: + - $ref: '#/components/schemas/SnapshotState' + - description: The snapshot state. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Encrypted Amazon EBS snapshots are copied asynchronously. If a snapshot copy operation fails (for example, if the proper Key Management Service (KMS) permissions are not obtained) this field displays error state details to help you diagnose why the error occurred. This parameter is only returned by DescribeSnapshots.' + volumeId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the volume that was used to create the snapshot. Snapshots created by the CopySnapshot action have an arbitrary volume ID that should not be used for any purpose. + volumeSize: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The size of the volume, in GiB.' + ownerAlias: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The Amazon Web Services owner alias, from an Amazon-maintained list (amazon). This is not the user-configured Amazon Web Services account alias set using the IAM console.' + outpostArn: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ARN of the Outpost on which the snapshot is stored. For more information, see Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.' + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the snapshot. + storageTier: + allOf: + - $ref: '#/components/schemas/StorageTier' + - description: The storage tier in which the snapshot is stored. standard indicates that the snapshot is stored in the standard snapshot storage tier and that it is ready for use. archive indicates that the snapshot is currently archived and that it must be restored before it can be used. + restoreExpiryTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: Only for archived snapshots that are temporarily restored. Indicates the date and time when a temporarily restored snapshot will be automatically re-archived. + description: Describes a snapshot. + CreateSnapshotsResult: + type: object + properties: + snapshotSet: + allOf: + - $ref: '#/components/schemas/SnapshotSet' + - description: List of snapshots. + CreateSpotDatafeedSubscriptionResult: + type: object + example: + SpotDatafeedSubscription: + Bucket: my-s3-bucket + OwnerId: '123456789012' + Prefix: spotdata + State: Active + properties: + spotDatafeedSubscription: + allOf: + - $ref: '#/components/schemas/SpotDatafeedSubscription' + - description: The Spot Instance data feed subscription. + description: Contains the output of CreateSpotDatafeedSubscription. + CreateStoreImageTaskResult: + type: object + properties: + objectKey: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the stored AMI object in the S3 bucket. + S3ObjectTag: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The value of the tag.

Constraints: Tag values are case-sensitive and can be up to 256 Unicode characters in length.

' + description: 'The tags to apply to the AMI object that will be stored in the Amazon S3 bucket. For more information, see Categorizing your storage using tags in the Amazon Simple Storage Service User Guide.' + CreateSubnetResult: + type: object + example: + Subnet: + AvailabilityZone: us-west-2c + AvailableIpAddressCount: 251 + CidrBlock: 10.0.1.0/24 + State: pending + SubnetId: subnet-9d4a7b6c + VpcId: vpc-a01106c2 + properties: + subnet: + allOf: + - $ref: '#/components/schemas/Subnet' + - description: Information about the subnet. + CreateSubnetCidrReservationResult: + type: object + properties: + subnetCidrReservation: + allOf: + - $ref: '#/components/schemas/SubnetCidrReservation' + - description: Information about the created subnet CIDR reservation. + TaggableResourceId: + type: string + Tag: + type: object + properties: + key: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The key of the tag.

Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

' + value: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The value of the tag.

Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

' + description: Describes a tag. + CreateTrafficMirrorFilterResult: + type: object + properties: + trafficMirrorFilter: + allOf: + - $ref: '#/components/schemas/TrafficMirrorFilter' + - description: Information about the Traffic Mirror filter. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + CreateTrafficMirrorFilterRuleResult: + type: object + properties: + trafficMirrorFilterRule: + allOf: + - $ref: '#/components/schemas/TrafficMirrorFilterRule' + - description: The Traffic Mirror rule. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + CreateTrafficMirrorSessionResult: + type: object + properties: + trafficMirrorSession: + allOf: + - $ref: '#/components/schemas/TrafficMirrorSession' + - description: Information about the Traffic Mirror session. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + CreateTrafficMirrorTargetResult: + type: object + properties: + trafficMirrorTarget: + allOf: + - $ref: '#/components/schemas/TrafficMirrorTarget' + - description: Information about the Traffic Mirror target. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + CreateTransitGatewayResult: + type: object + properties: + transitGateway: + allOf: + - $ref: '#/components/schemas/TransitGateway' + - description: Information about the transit gateway. + TransitGatewayCidrBlockStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + CreateTransitGatewayConnectResult: + type: object + properties: + transitGatewayConnect: + allOf: + - $ref: '#/components/schemas/TransitGatewayConnect' + - description: Information about the Connect attachment. + ProtocolValue: + type: string + enum: + - gre + CreateTransitGatewayConnectPeerResult: + type: object + properties: + transitGatewayConnectPeer: + allOf: + - $ref: '#/components/schemas/TransitGatewayConnectPeer' + - description: Information about the Connect peer. + Long: + type: integer + CreateTransitGatewayMulticastDomainResult: + type: object + properties: + transitGatewayMulticastDomain: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDomain' + - description: Information about the transit gateway multicast domain. + AutoAcceptSharedAssociationsValue: + type: string + enum: + - enable + - disable + CreateTransitGatewayPeeringAttachmentResult: + type: object + properties: + transitGatewayPeeringAttachment: + allOf: + - $ref: '#/components/schemas/TransitGatewayPeeringAttachment' + - description: The transit gateway peering attachment. + CreateTransitGatewayPrefixListReferenceResult: + type: object + properties: + transitGatewayPrefixListReference: + allOf: + - $ref: '#/components/schemas/TransitGatewayPrefixListReference' + - description: Information about the prefix list reference. + CreateTransitGatewayRouteResult: + type: object + properties: + route: + allOf: + - $ref: '#/components/schemas/TransitGatewayRoute' + - description: Information about the route. + CreateTransitGatewayRouteTableResult: + type: object + properties: + transitGatewayRouteTable: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTable' + - description: Information about the transit gateway route table. + CreateTransitGatewayVpcAttachmentResult: + type: object + properties: + transitGatewayVpcAttachment: + allOf: + - $ref: '#/components/schemas/TransitGatewayVpcAttachment' + - description: Information about the VPC attachment. + ApplianceModeSupportValue: + type: string + enum: + - enable + - disable + Volume: + type: object + example: + Attachments: [] + AvailabilityZone: us-east-1a + CreateTime: '2016-08-29T18:52:32.724Z' + Iops: 1000 + Size: 500 + SnapshotId: snap-066877671789bd71b + State: creating + Tags: [] + VolumeId: vol-1234567890abcdef0 + VolumeType: io1 + properties: + attachmentSet: + allOf: + - $ref: '#/components/schemas/VolumeAttachmentList' + - description: Information about the volume attachments. + AvailabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone for the volume. + - xml: + name: 'availabilityZone' + createTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time stamp when volume creation was initiated. + encrypted: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the volume is encrypted. + kmsKeyId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Key Management Service (KMS) KMS key that was used to protect the volume encryption key for the volume. + outpostArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Outpost. + size: + type: integer + description: 'The size of the volume, in GiBs.' + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The snapshot from which the volume was created, if applicable.' + status: + allOf: + - $ref: '#/components/schemas/VolumeState' + - description: The volume state. + volumeId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the volume. + iops: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.' + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the volume. + volumeType: + allOf: + - $ref: '#/components/schemas/VolumeType' + - description: The volume type. + fastRestored: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the volume was created using fast snapshot restore. + multiAttachEnabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether Amazon EBS Multi-Attach is enabled. + throughput: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The throughput that the volume supports, in MiB/s.' + description: Describes a volume. + CreateVpcResult: + type: object + example: + Vpc: + CidrBlock: 10.0.0.0/16 + DhcpOptionsId: dopt-7a8b9c2d + InstanceTenancy: default + State: pending + VpcId: vpc-a01106c2 + properties: + vpc: + allOf: + - $ref: '#/components/schemas/Vpc' + - description: Information about the VPC. + CreateVpcEndpointResult: + type: object + properties: + vpcEndpoint: + allOf: + - $ref: '#/components/schemas/VpcEndpoint' + - description: Information about the endpoint. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.' + description: Contains the output of CreateVpcEndpoint. + RouteTableId: + type: string + DnsRecordIpType: + type: string + enum: + - ipv4 + - dualstack + - ipv6 + - service-defined + CreateVpcEndpointConnectionNotificationResult: + type: object + properties: + connectionNotification: + allOf: + - $ref: '#/components/schemas/ConnectionNotification' + - description: Information about the notification. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.' + CreateVpcEndpointServiceConfigurationResult: + type: object + properties: + serviceConfiguration: + allOf: + - $ref: '#/components/schemas/ServiceConfiguration' + - description: Information about the service configuration. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.' + CreateVpcPeeringConnectionResult: + type: object + properties: + vpcPeeringConnection: + allOf: + - $ref: '#/components/schemas/VpcPeeringConnection' + - description: Information about the VPC peering connection. + CreateVpnConnectionResult: + type: object + properties: + vpnConnection: + allOf: + - $ref: '#/components/schemas/VpnConnection' + - description: Information about the VPN connection. + description: Contains the output of CreateVpnConnection. + CreateVpnGatewayResult: + type: object + properties: + vpnGateway: + allOf: + - $ref: '#/components/schemas/VpnGateway' + - description: Information about the virtual private gateway. + description: Contains the output of CreateVpnGateway. + DeleteCarrierGatewayResult: + type: object + properties: + carrierGateway: + allOf: + - $ref: '#/components/schemas/CarrierGateway' + - description: Information about the carrier gateway. + DeleteClientVpnEndpointResult: + type: object + properties: + status: + allOf: + - $ref: '#/components/schemas/ClientVpnEndpointStatus' + - description: The current state of the Client VPN endpoint. + DeleteClientVpnRouteResult: + type: object + properties: + status: + allOf: + - $ref: '#/components/schemas/ClientVpnRouteStatus' + - description: The current state of the route. + DeleteEgressOnlyInternetGatewayResult: + type: object + properties: + returnCode: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + DeleteFleetsResult: + type: object + properties: + successfulFleetDeletionSet: + allOf: + - $ref: '#/components/schemas/DeleteFleetSuccessSet' + - description: Information about the EC2 Fleets that are successfully deleted. + unsuccessfulFleetDeletionSet: + allOf: + - $ref: '#/components/schemas/DeleteFleetErrorSet' + - description: Information about the EC2 Fleets that are not successfully deleted. + FleetId: + type: string + DeleteFlowLogsResult: + type: object + properties: + unsuccessful: + allOf: + - $ref: '#/components/schemas/UnsuccessfulItemSet' + - description: Information about the flow logs that could not be deleted successfully. + VpcFlowLogId: + type: string + DeleteFpgaImageResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Is true if the request succeeds, and an error otherwise.' + DeleteInstanceEventWindowResult: + type: object + properties: + instanceEventWindowState: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowStateChange' + - description: The state of the event window. + DeleteIpamResult: + type: object + properties: + ipam: + allOf: + - $ref: '#/components/schemas/Ipam' + - description: Information about the results of the deletion. + DeleteIpamPoolResult: + type: object + properties: + ipamPool: + allOf: + - $ref: '#/components/schemas/IpamPool' + - description: Information about the results of the deletion. + DeleteIpamScopeResult: + type: object + properties: + ipamScope: + allOf: + - $ref: '#/components/schemas/IpamScope' + - description: Information about the results of the deletion. + DeleteLaunchTemplateResult: + type: object + example: + LaunchTemplate: + CreateTime: '2017-11-23T16:46:25.000Z' + CreatedBy: 'arn:aws:iam::123456789012:root' + DefaultVersionNumber: 2 + LatestVersionNumber: 2 + LaunchTemplateId: lt-0abcd290751193123 + LaunchTemplateName: my-template + properties: + launchTemplate: + allOf: + - $ref: '#/components/schemas/LaunchTemplate' + - description: Information about the launch template. + DeleteLaunchTemplateVersionsResult: + type: object + example: + SuccessfullyDeletedLaunchTemplateVersions: + - LaunchTemplateId: lt-0abcd290751193123 + LaunchTemplateName: my-template + VersionNumber: 1 + UnsuccessfullyDeletedLaunchTemplateVersions: [] + properties: + successfullyDeletedLaunchTemplateVersionSet: + allOf: + - $ref: '#/components/schemas/DeleteLaunchTemplateVersionsResponseSuccessSet' + - description: Information about the launch template versions that were successfully deleted. + unsuccessfullyDeletedLaunchTemplateVersionSet: + allOf: + - $ref: '#/components/schemas/DeleteLaunchTemplateVersionsResponseErrorSet' + - description: Information about the launch template versions that could not be deleted. + DeleteLocalGatewayRouteResult: + type: object + properties: + route: + allOf: + - $ref: '#/components/schemas/LocalGatewayRoute' + - description: Information about the route. + DeleteLocalGatewayRouteTableVpcAssociationResult: + type: object + properties: + localGatewayRouteTableVpcAssociation: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociation' + - description: Information about the association. + DeleteManagedPrefixListResult: + type: object + properties: + prefixList: + allOf: + - $ref: '#/components/schemas/ManagedPrefixList' + - description: Information about the prefix list. + DeleteNatGatewayResult: + type: object + example: + NatGatewayId: nat-04ae55e711cec5680 + properties: + natGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the NAT gateway. + DeleteNetworkInsightsAccessScopeResult: + type: object + properties: + networkInsightsAccessScopeId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' + - description: The ID of the Network Access Scope. + DeleteNetworkInsightsAccessScopeAnalysisResult: + type: object + properties: + networkInsightsAccessScopeAnalysisId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysisId' + - description: The ID of the Network Access Scope analysis. + DeleteNetworkInsightsAnalysisResult: + type: object + properties: + networkInsightsAnalysisId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAnalysisId' + - description: The ID of the network insights analysis. + DeleteNetworkInsightsPathResult: + type: object + properties: + networkInsightsPathId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsPathId' + - description: The ID of the path. + DeleteNetworkInterfacePermissionResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds, otherwise returns an error.' + description: Contains the output for DeleteNetworkInterfacePermission. + DeletePublicIpv4PoolResult: + type: object + properties: + returnValue: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Information about the result of deleting the public IPv4 pool. + DeleteQueuedReservedInstancesResult: + type: object + properties: + successfulQueuedPurchaseDeletionSet: + allOf: + - $ref: '#/components/schemas/SuccessfulQueuedPurchaseDeletionSet' + - description: Information about the queued purchases that were successfully deleted. + failedQueuedPurchaseDeletionSet: + allOf: + - $ref: '#/components/schemas/FailedQueuedPurchaseDeletionSet' + - description: Information about the queued purchases that could not be deleted. + DeleteSubnetCidrReservationResult: + type: object + properties: + deletedSubnetCidrReservation: + allOf: + - $ref: '#/components/schemas/SubnetCidrReservation' + - description: Information about the deleted subnet CIDR reservation. + DeleteTrafficMirrorFilterResult: + type: object + properties: + trafficMirrorFilterId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Traffic Mirror filter. + DeleteTrafficMirrorFilterRuleResult: + type: object + properties: + trafficMirrorFilterRuleId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the deleted Traffic Mirror rule. + DeleteTrafficMirrorSessionResult: + type: object + properties: + trafficMirrorSessionId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the deleted Traffic Mirror session. + DeleteTrafficMirrorTargetResult: + type: object + properties: + trafficMirrorTargetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the deleted Traffic Mirror target. + DeleteTransitGatewayResult: + type: object + properties: + transitGateway: + allOf: + - $ref: '#/components/schemas/TransitGateway' + - description: Information about the deleted transit gateway. + DeleteTransitGatewayConnectResult: + type: object + properties: + transitGatewayConnect: + allOf: + - $ref: '#/components/schemas/TransitGatewayConnect' + - description: Information about the deleted Connect attachment. + DeleteTransitGatewayConnectPeerResult: + type: object + properties: + transitGatewayConnectPeer: + allOf: + - $ref: '#/components/schemas/TransitGatewayConnectPeer' + - description: Information about the deleted Connect peer. + DeleteTransitGatewayMulticastDomainResult: + type: object + properties: + transitGatewayMulticastDomain: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDomain' + - description: Information about the deleted transit gateway multicast domain. + DeleteTransitGatewayPeeringAttachmentResult: + type: object + properties: + transitGatewayPeeringAttachment: + allOf: + - $ref: '#/components/schemas/TransitGatewayPeeringAttachment' + - description: The transit gateway peering attachment. + DeleteTransitGatewayPrefixListReferenceResult: + type: object + properties: + transitGatewayPrefixListReference: + allOf: + - $ref: '#/components/schemas/TransitGatewayPrefixListReference' + - description: Information about the deleted prefix list reference. + DeleteTransitGatewayRouteResult: + type: object + properties: + route: + allOf: + - $ref: '#/components/schemas/TransitGatewayRoute' + - description: Information about the route. + DeleteTransitGatewayRouteTableResult: + type: object + properties: + transitGatewayRouteTable: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTable' + - description: Information about the deleted transit gateway route table. + DeleteTransitGatewayVpcAttachmentResult: + type: object + properties: + transitGatewayVpcAttachment: + allOf: + - $ref: '#/components/schemas/TransitGatewayVpcAttachment' + - description: Information about the deleted VPC attachment. + DeleteVpcEndpointConnectionNotificationsResult: + type: object + properties: + unsuccessful: + allOf: + - $ref: '#/components/schemas/UnsuccessfulItemSet' + - description: Information about the notifications that could not be deleted successfully. + ConnectionNotificationId: + type: string + DeleteVpcEndpointServiceConfigurationsResult: + type: object + properties: + unsuccessful: + allOf: + - $ref: '#/components/schemas/UnsuccessfulItemSet' + - description: 'Information about the service configurations that were not deleted, if applicable.' + VpcEndpointServiceId: + type: string + DeleteVpcEndpointsResult: + type: object + properties: + unsuccessful: + allOf: + - $ref: '#/components/schemas/UnsuccessfulItemSet' + - description: Information about the VPC endpoints that were not successfully deleted. + description: Contains the output of DeleteVpcEndpoints. + DeleteVpcPeeringConnectionResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + DeprovisionByoipCidrResult: + type: object + properties: + byoipCidr: + allOf: + - $ref: '#/components/schemas/ByoipCidr' + - description: Information about the address range. + DeprovisionIpamPoolCidrResult: + type: object + properties: + ipamPoolCidr: + allOf: + - $ref: '#/components/schemas/IpamPoolCidr' + - description: The deprovisioned pool CIDR. + DeprovisionPublicIpv4PoolCidrResult: + type: object + properties: + poolId: + allOf: + - $ref: '#/components/schemas/Ipv4PoolEc2Id' + - description: The ID of the pool that you deprovisioned the CIDR from. + deprovisionedAddressSet: + allOf: + - $ref: '#/components/schemas/DeprovisionedAddressSet' + - description: The deprovisioned CIDRs. + DeregisterInstanceEventNotificationAttributesResult: + type: object + properties: + instanceTagAttribute: + allOf: + - $ref: '#/components/schemas/InstanceTagNotificationAttribute' + - description: The resulting set of tag keys. + InstanceTagKeySet: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + DeregisterTransitGatewayMulticastGroupMembersResult: + type: object + properties: + deregisteredMulticastGroupMembers: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDeregisteredGroupMembers' + - description: Information about the deregistered members. + NetworkInterfaceId: + type: string + DeregisterTransitGatewayMulticastGroupSourcesResult: + type: object + properties: + deregisteredMulticastGroupSources: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDeregisteredGroupSources' + - description: Information about the deregistered group sources. + DescribeAccountAttributesResult: + type: object + example: + AccountAttributes: + - AttributeName: supported-platforms + AttributeValues: + - AttributeValue: EC2 + - AttributeValue: VPC + - AttributeName: vpc-max-security-groups-per-interface + AttributeValues: + - AttributeValue: '5' + - AttributeName: max-elastic-ips + AttributeValues: + - AttributeValue: '5' + - AttributeName: max-instances + AttributeValues: + - AttributeValue: '20' + - AttributeName: vpc-max-elastic-ips + AttributeValues: + - AttributeValue: '5' + - AttributeName: default-vpc + AttributeValues: + - AttributeValue: none + properties: + accountAttributeSet: + allOf: + - $ref: '#/components/schemas/AccountAttributeList' + - description: Information about the account attributes. + AccountAttributeName: + type: string + enum: + - supported-platforms + - default-vpc + DescribeAddressesResult: + type: object + example: + Addresses: + - Domain: standard + InstanceId: i-1234567890abcdef0 + PublicIp: 198.51.100.0 + properties: + addressesSet: + allOf: + - $ref: '#/components/schemas/AddressList' + - description: Information about the Elastic IP addresses. + Filter: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the filter. Filter names are case-sensitive. + Value: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: 'The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.' + description: '

A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.

' + AllocationId: + type: string + DescribeAddressesAttributeResult: + type: object + properties: + addressSet: + allOf: + - $ref: '#/components/schemas/AddressSet' + - description: Information about the IP addresses. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeAggregateIdFormatResult: + type: object + properties: + useLongIdsAggregated: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether all resource types in the Region are configured to use longer IDs. This value is only true if all users are configured to use longer IDs for all resources types in the Region. + statusSet: + allOf: + - $ref: '#/components/schemas/IdFormatList' + - description: Information about each resource's ID format. + DescribeAvailabilityZonesResult: + type: object + example: + AvailabilityZones: + - Messages: [] + RegionName: us-east-1 + State: available + ZoneName: us-east-1b + - Messages: [] + RegionName: us-east-1 + State: available + ZoneName: us-east-1c + - Messages: [] + RegionName: us-east-1 + State: available + ZoneName: us-east-1d + - Messages: [] + RegionName: us-east-1 + State: available + ZoneName: us-east-1e + properties: + availabilityZoneInfo: + allOf: + - $ref: '#/components/schemas/AvailabilityZoneList' + - description: 'Information about the Availability Zones, Local Zones, and Wavelength Zones.' + DescribeBundleTasksResult: + type: object + properties: + bundleInstanceTasksSet: + allOf: + - $ref: '#/components/schemas/BundleTaskList' + - description: Information about the bundle tasks. + BundleId: + type: string + DescribeByoipCidrsResult: + type: object + properties: + byoipCidrSet: + allOf: + - $ref: '#/components/schemas/ByoipCidrSet' + - description: Information about your address ranges. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeCapacityReservationFleetsResult: + type: object + properties: + capacityReservationFleetSet: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleetSet' + - description: Information about the Capacity Reservation Fleets. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeCapacityReservationsResult: + type: object + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + capacityReservationSet: + allOf: + - $ref: '#/components/schemas/CapacityReservationSet' + - description: Information about the Capacity Reservations. + CapacityReservationId: + type: string + DescribeCarrierGatewaysResult: + type: object + properties: + carrierGatewaySet: + allOf: + - $ref: '#/components/schemas/CarrierGatewaySet' + - description: Information about the carrier gateway. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + CarrierGatewayId: + type: string + DescribeClassicLinkInstancesResult: + type: object + properties: + instancesSet: + allOf: + - $ref: '#/components/schemas/ClassicLinkInstanceList' + - description: Information about one or more linked EC2-Classic instances. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + InstanceId: + type: string + DescribeClientVpnAuthorizationRulesResult: + type: object + properties: + authorizationRule: + allOf: + - $ref: '#/components/schemas/AuthorizationRuleSet' + - description: Information about the authorization rules. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeClientVpnConnectionsResult: + type: object + properties: + connections: + allOf: + - $ref: '#/components/schemas/ClientVpnConnectionSet' + - description: Information about the active and terminated client connections. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeClientVpnEndpointsResult: + type: object + properties: + clientVpnEndpoint: + allOf: + - $ref: '#/components/schemas/EndpointSet' + - description: Information about the Client VPN endpoints. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + ClientVpnEndpointId: + type: string + DescribeClientVpnRoutesResult: + type: object + properties: + routes: + allOf: + - $ref: '#/components/schemas/ClientVpnRouteSet' + - description: Information about the Client VPN endpoint routes. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeClientVpnTargetNetworksResult: + type: object + properties: + clientVpnTargetNetworks: + allOf: + - $ref: '#/components/schemas/TargetNetworkSet' + - description: Information about the associated target networks. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeCoipPoolsResult: + type: object + properties: + coipPoolSet: + allOf: + - $ref: '#/components/schemas/CoipPoolSet' + - description: Information about the address pools. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + Ipv4PoolCoipId: + type: string + DescribeConversionTasksResult: + type: object + properties: + conversionTasks: + allOf: + - $ref: '#/components/schemas/DescribeConversionTaskList' + - description: Information about the conversion tasks. + ConversionTaskId: + type: string + DescribeCustomerGatewaysResult: + type: object + example: + CustomerGateways: + - BgpAsn: '65534' + CustomerGatewayId: cgw-0e11f167 + IpAddress: 12.1.2.3 + State: available + Type: ipsec.1 + properties: + customerGatewaySet: + allOf: + - $ref: '#/components/schemas/CustomerGatewayList' + - description: Information about one or more customer gateways. + description: Contains the output of DescribeCustomerGateways. + CustomerGatewayId: + type: string + DescribeDhcpOptionsResult: + type: object + example: + DhcpOptions: + - DhcpConfigurations: + - Key: domain-name-servers + Values: + - Value: 10.2.5.2 + - Value: 10.2.5.1 + DhcpOptionsId: dopt-d9070ebb + properties: + dhcpOptionsSet: + allOf: + - $ref: '#/components/schemas/DhcpOptionsList' + - description: Information about one or more DHCP options sets. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DhcpOptionsId: + type: string + DescribeEgressOnlyInternetGatewaysResult: + type: object + properties: + egressOnlyInternetGatewaySet: + allOf: + - $ref: '#/components/schemas/EgressOnlyInternetGatewayList' + - description: Information about the egress-only internet gateways. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + EgressOnlyInternetGatewayId: + type: string + DescribeElasticGpusResult: + type: object + properties: + elasticGpuSet: + allOf: + - $ref: '#/components/schemas/ElasticGpuSet' + - description: Information about the Elastic Graphics accelerators. + maxResults: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The total number of items to return. If the total number of items available is more than the value specified in max-items then a Next-Token will be provided in the output that you can use to resume pagination. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + ElasticGpuId: + type: string + DescribeExportImageTasksResult: + type: object + properties: + exportImageTaskSet: + allOf: + - $ref: '#/components/schemas/ExportImageTaskList' + - description: Information about the export image tasks. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to get the next page of results. This value is null when there are no more results to return. + ExportImageTaskId: + type: string + DescribeExportTasksResult: + type: object + properties: + exportTaskSet: + allOf: + - $ref: '#/components/schemas/ExportTaskList' + - description: Information about the export tasks. + ExportTaskId: + type: string + DescribeFastLaunchImagesResult: + type: object + properties: + fastLaunchImageSet: + allOf: + - $ref: '#/components/schemas/DescribeFastLaunchImagesSuccessSet' + - description: A collection of details about the fast-launch enabled Windows images that meet the requested criteria. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use for the next set of results. This value is null when there are no more results to return. + ImageId: + type: string + DescribeFastSnapshotRestoresResult: + type: object + properties: + fastSnapshotRestoreSet: + allOf: + - $ref: '#/components/schemas/DescribeFastSnapshotRestoreSuccessSet' + - description: Information about the state of fast snapshot restores. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeFleetHistoryResult: + type: object + properties: + historyRecordSet: + allOf: + - $ref: '#/components/schemas/HistoryRecordSet' + - description: Information about the events in the history of the EC2 Fleet. + lastEvaluatedTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: '

The last date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). All records up to this time were retrieved.

If nextToken indicates that there are more results, this value is not present.

' + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next set of results. + fleetId: + allOf: + - $ref: '#/components/schemas/FleetId' + - description: The ID of the EC Fleet. + startTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The start date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + DescribeFleetInstancesResult: + type: object + properties: + activeInstanceSet: + allOf: + - $ref: '#/components/schemas/ActiveInstanceSet' + - description: The running instances. This list is refreshed periodically and might be out of date. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next set of results. + fleetId: + allOf: + - $ref: '#/components/schemas/FleetId' + - description: The ID of the EC2 Fleet. + DescribeFleetsResult: + type: object + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next set of results. + fleetSet: + allOf: + - $ref: '#/components/schemas/FleetSet' + - description: Information about the EC2 Fleets. + DescribeFlowLogsResult: + type: object + properties: + flowLogSet: + allOf: + - $ref: '#/components/schemas/FlowLogSet' + - description: Information about the flow logs. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeFpgaImageAttributeResult: + type: object + properties: + fpgaImageAttribute: + allOf: + - $ref: '#/components/schemas/FpgaImageAttribute' + - description: Information about the attribute. + DescribeFpgaImagesResult: + type: object + properties: + fpgaImageSet: + allOf: + - $ref: '#/components/schemas/FpgaImageList' + - description: Information about the FPGA images. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + FpgaImageId: + type: string + DescribeHostReservationOfferingsResult: + type: object + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + offeringSet: + allOf: + - $ref: '#/components/schemas/HostOfferingSet' + - description: Information about the offerings. + DescribeHostReservationsResult: + type: object + properties: + hostReservationSet: + allOf: + - $ref: '#/components/schemas/HostReservationSet' + - description: Details about the reservation's configuration. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + HostReservationId: + type: string + DescribeHostsResult: + type: object + properties: + hostSet: + allOf: + - $ref: '#/components/schemas/HostList' + - description: Information about the Dedicated Hosts. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DedicatedHostId: + type: string + DescribeIamInstanceProfileAssociationsResult: + type: object + example: + IamInstanceProfileAssociations: + - AssociationId: iip-assoc-0db249b1f25fa24b8 + IamInstanceProfile: + Arn: 'arn:aws:iam::123456789012:instance-profile/admin-role' + Id: AIPAJVQN4F5WVLGCJDRGM + InstanceId: i-09eb09efa73ec1dee + State: associated + properties: + iamInstanceProfileAssociationSet: + allOf: + - $ref: '#/components/schemas/IamInstanceProfileAssociationSet' + - description: Information about the IAM instance profile associations. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + IamInstanceProfileAssociationId: + type: string + DescribeIdFormatResult: + type: object + properties: + statusSet: + allOf: + - $ref: '#/components/schemas/IdFormatList' + - description: Information about the ID format for the resource. + DescribeIdentityIdFormatResult: + type: object + properties: + statusSet: + allOf: + - $ref: '#/components/schemas/IdFormatList' + - description: Information about the ID format for the resources. + ImageAttribute: + type: object + example: + ImageId: ami-5731123e + LaunchPermissions: + - UserId: '123456789012' + properties: + blockDeviceMapping: + allOf: + - $ref: '#/components/schemas/BlockDeviceMappingList' + - description: The block device mapping entries. + imageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the AMI. + launchPermission: + allOf: + - $ref: '#/components/schemas/LaunchPermissionList' + - description: The launch permissions. + productCodes: + allOf: + - $ref: '#/components/schemas/ProductCodeList' + - description: The product codes. + description: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: A description for the AMI. + kernel: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: The kernel ID. + ramdisk: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: The RAM disk ID. + sriovNetSupport: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: Indicates whether enhanced networking with the Intel 82599 Virtual Function interface is enabled. + bootMode: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: The boot mode. + tpmSupport: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: 'If the image is configured for NitroTPM support, the value is v2.0.' + uefiData: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: 'Base64 representation of the non-volatile UEFI variable store. To retrieve the UEFI data, use the GetInstanceUefiData command. You can inspect and modify the UEFI data by using the python-uefivars tool on GitHub. For more information, see UEFI Secure Boot in the Amazon Elastic Compute Cloud User Guide.' + lastLaunchedTime: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: '

The date and time, in ISO 8601 date-time format, when the AMI was last used to launch an EC2 instance. When the AMI is used, there is a 24-hour delay before that usage is reported.

lastLaunchedTime data is available starting April 2017.

' + description: Describes an image attribute. + DescribeImagesResult: + type: object + example: + Images: + - Architecture: x86_64 + BlockDeviceMappings: + - DeviceName: /dev/sda1 + Ebs: + DeleteOnTermination: true + SnapshotId: snap-1234567890abcdef0 + VolumeSize: 8 + VolumeType: standard + Description: An AMI for my server + Hypervisor: xen + ImageId: ami-5731123e + ImageLocation: 123456789012/My server + ImageType: machine + KernelId: aki-88aa75e1 + Name: My server + OwnerId: '123456789012' + Public: false + RootDeviceName: /dev/sda1 + RootDeviceType: ebs + State: available + VirtualizationType: paravirtual + properties: + imagesSet: + allOf: + - $ref: '#/components/schemas/ImageList' + - description: Information about the images. + DescribeImportImageTasksResult: + type: object + properties: + importImageTaskSet: + allOf: + - $ref: '#/components/schemas/ImportImageTaskList' + - description: A list of zero or more import image tasks that are currently active or were completed or canceled in the previous 7 days. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to get the next page of results. This value is null when there are no more results to return. + ImportImageTaskId: + type: string + DescribeImportSnapshotTasksResult: + type: object + properties: + importSnapshotTaskSet: + allOf: + - $ref: '#/components/schemas/ImportSnapshotTaskList' + - description: A list of zero or more import snapshot tasks that are currently active or were completed or canceled in the previous 7 days. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to get the next page of results. This value is null when there are no more results to return. + ImportSnapshotTaskId: + type: string + InstanceAttribute: + type: object + example: + BlockDeviceMappings: + - DeviceName: /dev/sda1 + Ebs: + AttachTime: '2013-05-17T22:42:34.000Z' + DeleteOnTermination: true + Status: attached + VolumeId: vol-049df61146c4d7901 + - DeviceName: /dev/sdf + Ebs: + AttachTime: '2013-09-10T23:07:00.000Z' + DeleteOnTermination: false + Status: attached + VolumeId: vol-049df61146c4d7901 + InstanceId: i-1234567890abcdef0 + properties: + groupSet: + allOf: + - $ref: '#/components/schemas/GroupIdentifierList' + - description: The security groups associated with the instance. + blockDeviceMapping: + allOf: + - $ref: '#/components/schemas/InstanceBlockDeviceMappingList' + - description: The block device mapping of the instance. + disableApiTermination: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description: 'If the value is true, you can''t terminate the instance through the Amazon EC2 console, CLI, or API; otherwise, you can.' + enaSupport: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description: Indicates whether enhanced networking with ENA is enabled. + enclaveOptions: + allOf: + - $ref: '#/components/schemas/EnclaveOptions' + - description: 'To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to true; otherwise, set it to false.' + ebsOptimized: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description: Indicates whether the instance is optimized for Amazon EBS I/O. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + instanceInitiatedShutdownBehavior: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). + instanceType: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: The instance type. + kernel: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: The kernel ID. + productCodes: + allOf: + - $ref: '#/components/schemas/ProductCodeList' + - description: A list of product codes. + ramdisk: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: The RAM disk ID. + rootDeviceName: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: 'The device name of the root device volume (for example, /dev/sda1).' + sourceDestCheck: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description: 'Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.' + sriovNetSupport: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: Indicates whether enhanced networking with the Intel 82599 Virtual Function interface is enabled. + userData: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: The user data. + description: Describes an instance attribute. + DescribeInstanceCreditSpecificationsResult: + type: object + properties: + instanceCreditSpecificationSet: + allOf: + - $ref: '#/components/schemas/InstanceCreditSpecificationList' + - description: Information about the credit option for CPU usage of an instance. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeInstanceEventNotificationAttributesResult: + type: object + properties: + instanceTagAttribute: + allOf: + - $ref: '#/components/schemas/InstanceTagNotificationAttribute' + - description: Information about the registered tag keys. + DescribeInstanceEventWindowsResult: + type: object + properties: + instanceEventWindowSet: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowSet' + - description: Information about the event windows. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The token to use to retrieve the next page of results. This value is null when there are no more results to return. ' + InstanceEventWindowId: + type: string + DescribeInstanceStatusResult: + type: object + example: + InstanceStatuses: + - AvailabilityZone: us-east-1d + InstanceId: i-1234567890abcdef0 + InstanceState: + Code: 16 + Name: running + InstanceStatus: + Details: + - Name: reachability + Status: passed + Status: ok + SystemStatus: + Details: + - Name: reachability + Status: passed + Status: ok + properties: + instanceStatusSet: + allOf: + - $ref: '#/components/schemas/InstanceStatusList' + - description: Information about the status of the instances. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeInstanceTypeOfferingsResult: + type: object + properties: + instanceTypeOfferingSet: + allOf: + - $ref: '#/components/schemas/InstanceTypeOfferingsList' + - description: The instance types offered. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeInstanceTypesResult: + type: object + properties: + instanceTypeSet: + allOf: + - $ref: '#/components/schemas/InstanceTypeInfoList' + - description: 'The instance type. For more information, see Instance types in the Amazon EC2 User Guide.' + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + InstanceType: + type: string + enum: + - a1.medium + - a1.large + - a1.xlarge + - a1.2xlarge + - a1.4xlarge + - a1.metal + - c1.medium + - c1.xlarge + - c3.large + - c3.xlarge + - c3.2xlarge + - c3.4xlarge + - c3.8xlarge + - c4.large + - c4.xlarge + - c4.2xlarge + - c4.4xlarge + - c4.8xlarge + - c5.large + - c5.xlarge + - c5.2xlarge + - c5.4xlarge + - c5.9xlarge + - c5.12xlarge + - c5.18xlarge + - c5.24xlarge + - c5.metal + - c5a.large + - c5a.xlarge + - c5a.2xlarge + - c5a.4xlarge + - c5a.8xlarge + - c5a.12xlarge + - c5a.16xlarge + - c5a.24xlarge + - c5ad.large + - c5ad.xlarge + - c5ad.2xlarge + - c5ad.4xlarge + - c5ad.8xlarge + - c5ad.12xlarge + - c5ad.16xlarge + - c5ad.24xlarge + - c5d.large + - c5d.xlarge + - c5d.2xlarge + - c5d.4xlarge + - c5d.9xlarge + - c5d.12xlarge + - c5d.18xlarge + - c5d.24xlarge + - c5d.metal + - c5n.large + - c5n.xlarge + - c5n.2xlarge + - c5n.4xlarge + - c5n.9xlarge + - c5n.18xlarge + - c5n.metal + - c6g.medium + - c6g.large + - c6g.xlarge + - c6g.2xlarge + - c6g.4xlarge + - c6g.8xlarge + - c6g.12xlarge + - c6g.16xlarge + - c6g.metal + - c6gd.medium + - c6gd.large + - c6gd.xlarge + - c6gd.2xlarge + - c6gd.4xlarge + - c6gd.8xlarge + - c6gd.12xlarge + - c6gd.16xlarge + - c6gd.metal + - c6gn.medium + - c6gn.large + - c6gn.xlarge + - c6gn.2xlarge + - c6gn.4xlarge + - c6gn.8xlarge + - c6gn.12xlarge + - c6gn.16xlarge + - c6i.large + - c6i.xlarge + - c6i.2xlarge + - c6i.4xlarge + - c6i.8xlarge + - c6i.12xlarge + - c6i.16xlarge + - c6i.24xlarge + - c6i.32xlarge + - c6i.metal + - cc1.4xlarge + - cc2.8xlarge + - cg1.4xlarge + - cr1.8xlarge + - d2.xlarge + - d2.2xlarge + - d2.4xlarge + - d2.8xlarge + - d3.xlarge + - d3.2xlarge + - d3.4xlarge + - d3.8xlarge + - d3en.xlarge + - d3en.2xlarge + - d3en.4xlarge + - d3en.6xlarge + - d3en.8xlarge + - d3en.12xlarge + - dl1.24xlarge + - f1.2xlarge + - f1.4xlarge + - f1.16xlarge + - g2.2xlarge + - g2.8xlarge + - g3.4xlarge + - g3.8xlarge + - g3.16xlarge + - g3s.xlarge + - g4ad.xlarge + - g4ad.2xlarge + - g4ad.4xlarge + - g4ad.8xlarge + - g4ad.16xlarge + - g4dn.xlarge + - g4dn.2xlarge + - g4dn.4xlarge + - g4dn.8xlarge + - g4dn.12xlarge + - g4dn.16xlarge + - g4dn.metal + - g5.xlarge + - g5.2xlarge + - g5.4xlarge + - g5.8xlarge + - g5.12xlarge + - g5.16xlarge + - g5.24xlarge + - g5.48xlarge + - g5g.xlarge + - g5g.2xlarge + - g5g.4xlarge + - g5g.8xlarge + - g5g.16xlarge + - g5g.metal + - hi1.4xlarge + - hpc6a.48xlarge + - hs1.8xlarge + - h1.2xlarge + - h1.4xlarge + - h1.8xlarge + - h1.16xlarge + - i2.xlarge + - i2.2xlarge + - i2.4xlarge + - i2.8xlarge + - i3.large + - i3.xlarge + - i3.2xlarge + - i3.4xlarge + - i3.8xlarge + - i3.16xlarge + - i3.metal + - i3en.large + - i3en.xlarge + - i3en.2xlarge + - i3en.3xlarge + - i3en.6xlarge + - i3en.12xlarge + - i3en.24xlarge + - i3en.metal + - im4gn.large + - im4gn.xlarge + - im4gn.2xlarge + - im4gn.4xlarge + - im4gn.8xlarge + - im4gn.16xlarge + - inf1.xlarge + - inf1.2xlarge + - inf1.6xlarge + - inf1.24xlarge + - is4gen.medium + - is4gen.large + - is4gen.xlarge + - is4gen.2xlarge + - is4gen.4xlarge + - is4gen.8xlarge + - m1.small + - m1.medium + - m1.large + - m1.xlarge + - m2.xlarge + - m2.2xlarge + - m2.4xlarge + - m3.medium + - m3.large + - m3.xlarge + - m3.2xlarge + - m4.large + - m4.xlarge + - m4.2xlarge + - m4.4xlarge + - m4.10xlarge + - m4.16xlarge + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + - m5ad.large + - m5ad.xlarge + - m5ad.2xlarge + - m5ad.4xlarge + - m5ad.8xlarge + - m5ad.12xlarge + - m5ad.16xlarge + - m5ad.24xlarge + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5dn.large + - m5dn.xlarge + - m5dn.2xlarge + - m5dn.4xlarge + - m5dn.8xlarge + - m5dn.12xlarge + - m5dn.16xlarge + - m5dn.24xlarge + - m5dn.metal + - m5n.large + - m5n.xlarge + - m5n.2xlarge + - m5n.4xlarge + - m5n.8xlarge + - m5n.12xlarge + - m5n.16xlarge + - m5n.24xlarge + - m5n.metal + - m5zn.large + - m5zn.xlarge + - m5zn.2xlarge + - m5zn.3xlarge + - m5zn.6xlarge + - m5zn.12xlarge + - m5zn.metal + - m6a.large + - m6a.xlarge + - m6a.2xlarge + - m6a.4xlarge + - m6a.8xlarge + - m6a.12xlarge + - m6a.16xlarge + - m6a.24xlarge + - m6a.32xlarge + - m6a.48xlarge + - m6g.metal + - m6g.medium + - m6g.large + - m6g.xlarge + - m6g.2xlarge + - m6g.4xlarge + - m6g.8xlarge + - m6g.12xlarge + - m6g.16xlarge + - m6gd.metal + - m6gd.medium + - m6gd.large + - m6gd.xlarge + - m6gd.2xlarge + - m6gd.4xlarge + - m6gd.8xlarge + - m6gd.12xlarge + - m6gd.16xlarge + - m6i.large + - m6i.xlarge + - m6i.2xlarge + - m6i.4xlarge + - m6i.8xlarge + - m6i.12xlarge + - m6i.16xlarge + - m6i.24xlarge + - m6i.32xlarge + - m6i.metal + - mac1.metal + - p2.xlarge + - p2.8xlarge + - p2.16xlarge + - p3.2xlarge + - p3.8xlarge + - p3.16xlarge + - p3dn.24xlarge + - p4d.24xlarge + - r3.large + - r3.xlarge + - r3.2xlarge + - r3.4xlarge + - r3.8xlarge + - r4.large + - r4.xlarge + - r4.2xlarge + - r4.4xlarge + - r4.8xlarge + - r4.16xlarge + - r5.large + - r5.xlarge + - r5.2xlarge + - r5.4xlarge + - r5.8xlarge + - r5.12xlarge + - r5.16xlarge + - r5.24xlarge + - r5.metal + - r5a.large + - r5a.xlarge + - r5a.2xlarge + - r5a.4xlarge + - r5a.8xlarge + - r5a.12xlarge + - r5a.16xlarge + - r5a.24xlarge + - r5ad.large + - r5ad.xlarge + - r5ad.2xlarge + - r5ad.4xlarge + - r5ad.8xlarge + - r5ad.12xlarge + - r5ad.16xlarge + - r5ad.24xlarge + - r5b.large + - r5b.xlarge + - r5b.2xlarge + - r5b.4xlarge + - r5b.8xlarge + - r5b.12xlarge + - r5b.16xlarge + - r5b.24xlarge + - r5b.metal + - r5d.large + - r5d.xlarge + - r5d.2xlarge + - r5d.4xlarge + - r5d.8xlarge + - r5d.12xlarge + - r5d.16xlarge + - r5d.24xlarge + - r5d.metal + - r5dn.large + - r5dn.xlarge + - r5dn.2xlarge + - r5dn.4xlarge + - r5dn.8xlarge + - r5dn.12xlarge + - r5dn.16xlarge + - r5dn.24xlarge + - r5dn.metal + - r5n.large + - r5n.xlarge + - r5n.2xlarge + - r5n.4xlarge + - r5n.8xlarge + - r5n.12xlarge + - r5n.16xlarge + - r5n.24xlarge + - r5n.metal + - r6g.medium + - r6g.large + - r6g.xlarge + - r6g.2xlarge + - r6g.4xlarge + - r6g.8xlarge + - r6g.12xlarge + - r6g.16xlarge + - r6g.metal + - r6gd.medium + - r6gd.large + - r6gd.xlarge + - r6gd.2xlarge + - r6gd.4xlarge + - r6gd.8xlarge + - r6gd.12xlarge + - r6gd.16xlarge + - r6gd.metal + - r6i.large + - r6i.xlarge + - r6i.2xlarge + - r6i.4xlarge + - r6i.8xlarge + - r6i.12xlarge + - r6i.16xlarge + - r6i.24xlarge + - r6i.32xlarge + - r6i.metal + - t1.micro + - t2.nano + - t2.micro + - t2.small + - t2.medium + - t2.large + - t2.xlarge + - t2.2xlarge + - t3.nano + - t3.micro + - t3.small + - t3.medium + - t3.large + - t3.xlarge + - t3.2xlarge + - t3a.nano + - t3a.micro + - t3a.small + - t3a.medium + - t3a.large + - t3a.xlarge + - t3a.2xlarge + - t4g.nano + - t4g.micro + - t4g.small + - t4g.medium + - t4g.large + - t4g.xlarge + - t4g.2xlarge + - u-6tb1.56xlarge + - u-6tb1.112xlarge + - u-9tb1.112xlarge + - u-12tb1.112xlarge + - u-6tb1.metal + - u-9tb1.metal + - u-12tb1.metal + - u-18tb1.metal + - u-24tb1.metal + - vt1.3xlarge + - vt1.6xlarge + - vt1.24xlarge + - x1.16xlarge + - x1.32xlarge + - x1e.xlarge + - x1e.2xlarge + - x1e.4xlarge + - x1e.8xlarge + - x1e.16xlarge + - x1e.32xlarge + - x2iezn.2xlarge + - x2iezn.4xlarge + - x2iezn.6xlarge + - x2iezn.8xlarge + - x2iezn.12xlarge + - x2iezn.metal + - x2gd.medium + - x2gd.large + - x2gd.xlarge + - x2gd.2xlarge + - x2gd.4xlarge + - x2gd.8xlarge + - x2gd.12xlarge + - x2gd.16xlarge + - x2gd.metal + - z1d.large + - z1d.xlarge + - z1d.2xlarge + - z1d.3xlarge + - z1d.6xlarge + - z1d.12xlarge + - z1d.metal + - x2idn.16xlarge + - x2idn.24xlarge + - x2idn.32xlarge + - x2iedn.xlarge + - x2iedn.2xlarge + - x2iedn.4xlarge + - x2iedn.8xlarge + - x2iedn.16xlarge + - x2iedn.24xlarge + - x2iedn.32xlarge + - c6a.large + - c6a.xlarge + - c6a.2xlarge + - c6a.4xlarge + - c6a.8xlarge + - c6a.12xlarge + - c6a.16xlarge + - c6a.24xlarge + - c6a.32xlarge + - c6a.48xlarge + - c6a.metal + - m6a.metal + - i4i.large + - i4i.xlarge + - i4i.2xlarge + - i4i.4xlarge + - i4i.8xlarge + - i4i.16xlarge + - i4i.32xlarge + DescribeInstancesResult: + type: object + example: {} + properties: + reservationSet: + allOf: + - $ref: '#/components/schemas/ReservationList' + - description: Information about the reservations. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeInternetGatewaysResult: + type: object + example: + InternetGateways: + - Attachments: + - State: available + VpcId: vpc-a01106c2 + InternetGatewayId: igw-c0a643a9 + Tags: [] + properties: + internetGatewaySet: + allOf: + - $ref: '#/components/schemas/InternetGatewayList' + - description: Information about one or more internet gateways. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + InternetGatewayId: + type: string + DescribeIpamPoolsResult: + type: object + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + ipamPoolSet: + allOf: + - $ref: '#/components/schemas/IpamPoolSet' + - description: Information about the IPAM pools. + DescribeIpamScopesResult: + type: object + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + ipamScopeSet: + allOf: + - $ref: '#/components/schemas/IpamScopeSet' + - description: The scopes you want information on. + DescribeIpamsResult: + type: object + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + ipamSet: + allOf: + - $ref: '#/components/schemas/IpamSet' + - description: Information about the IPAMs. + DescribeIpv6PoolsResult: + type: object + properties: + ipv6PoolSet: + allOf: + - $ref: '#/components/schemas/Ipv6PoolSet' + - description: Information about the IPv6 address pools. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + Ipv6PoolEc2Id: + type: string + DescribeKeyPairsResult: + type: object + example: + KeyPairs: + - KeyFingerprint: '1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f' + KeyName: my-key-pair + properties: + keySet: + allOf: + - $ref: '#/components/schemas/KeyPairList' + - description: Information about the key pairs. + KeyPairName: + type: string + KeyPairId: + type: string + DescribeLaunchTemplateVersionsResult: + type: object + example: + LaunchTemplateVersions: + - CreateTime: '2017-11-20T13:12:32.000Z' + CreatedBy: 'arn:aws:iam::123456789102:root' + DefaultVersion: false + LaunchTemplateData: + ImageId: ami-6057e21a + InstanceType: t2.medium + KeyName: kp-us-east + NetworkInterfaces: + - DeviceIndex: 0 + Groups: + - sg-7c227019 + SubnetId: subnet-1a2b3c4d + LaunchTemplateId: lt-068f72b72934aff71 + LaunchTemplateName: Webservers + VersionNumber: 2 + - CreateTime: '2017-11-20T12:52:33.000Z' + CreatedBy: 'arn:aws:iam::123456789102:root' + DefaultVersion: true + LaunchTemplateData: + ImageId: ami-aabbcc11 + InstanceType: t2.medium + KeyName: kp-us-east + NetworkInterfaces: + - AssociatePublicIpAddress: true + DeleteOnTermination: false + DeviceIndex: 0 + Groups: + - sg-7c227019 + SubnetId: subnet-7b16de0c + UserData: '' + LaunchTemplateId: lt-068f72b72934aff71 + LaunchTemplateName: Webservers + VersionNumber: 1 + properties: + launchTemplateVersionSet: + allOf: + - $ref: '#/components/schemas/LaunchTemplateVersionSet' + - description: Information about the launch template versions. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeLaunchTemplatesResult: + type: object + example: + LaunchTemplates: + - CreateTime: '2018-01-16T04:32:57.000Z' + CreatedBy: 'arn:aws:iam::123456789012:root' + DefaultVersionNumber: 1 + LatestVersionNumber: 1 + LaunchTemplateId: lt-01238c059e3466abc + LaunchTemplateName: my-template + properties: + launchTemplates: + allOf: + - $ref: '#/components/schemas/LaunchTemplateSet' + - description: Information about the launch templates. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + LaunchTemplateId: + type: string + LaunchTemplateName: + type: string + pattern: '[a-zA-Z0-9\(\)\.\-/_]+' + minLength: 3 + maxLength: 128 + DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsResult: + type: object + properties: + localGatewayRouteTableVirtualInterfaceGroupAssociationSet: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableVirtualInterfaceGroupAssociationSet' + - description: Information about the associations. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + LocalGatewayRouteTableVirtualInterfaceGroupAssociationId: + type: string + DescribeLocalGatewayRouteTableVpcAssociationsResult: + type: object + properties: + localGatewayRouteTableVpcAssociationSet: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociationSet' + - description: Information about the associations. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + LocalGatewayRouteTableVpcAssociationId: + type: string + DescribeLocalGatewayRouteTablesResult: + type: object + properties: + localGatewayRouteTableSet: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableSet' + - description: Information about the local gateway route tables. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + LocalGatewayRoutetableId: + type: string + DescribeLocalGatewayVirtualInterfaceGroupsResult: + type: object + properties: + localGatewayVirtualInterfaceGroupSet: + allOf: + - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroupSet' + - description: The virtual interface groups. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + LocalGatewayVirtualInterfaceGroupId: + type: string + DescribeLocalGatewayVirtualInterfacesResult: + type: object + properties: + localGatewayVirtualInterfaceSet: + allOf: + - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceSet' + - description: Information about the virtual interfaces. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + LocalGatewayVirtualInterfaceId: + type: string + DescribeLocalGatewaysResult: + type: object + properties: + localGatewaySet: + allOf: + - $ref: '#/components/schemas/LocalGatewaySet' + - description: Information about the local gateways. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + LocalGatewayId: + type: string + DescribeManagedPrefixListsResult: + type: object + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + prefixListSet: + allOf: + - $ref: '#/components/schemas/ManagedPrefixListSet' + - description: Information about the prefix lists. + DescribeMovingAddressesResult: + type: object + example: + MovingAddressStatuses: + - MoveStatus: MovingToVpc + PublicIp: 198.51.100.0 + properties: + movingAddressStatusSet: + allOf: + - $ref: '#/components/schemas/MovingAddressStatusSet' + - description: The status for each Elastic IP address. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeNatGatewaysResult: + type: object + example: + NatGateways: + - CreateTime: '2015-12-01T12:26:55.983Z' + NatGatewayAddresses: + - AllocationId: eipalloc-89c620ec + NetworkInterfaceId: eni-9dec76cd + PrivateIp: 10.0.0.149 + PublicIp: 198.11.222.333 + NatGatewayId: nat-05dba92075d71c408 + State: available + SubnetId: subnet-847e4dc2 + VpcId: vpc-1a2b3c4d + properties: + natGatewaySet: + allOf: + - $ref: '#/components/schemas/NatGatewayList' + - description: Information about the NAT gateways. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + NatGatewayId: + type: string + DescribeNetworkAclsResult: + type: object + example: + NetworkAcls: + - Associations: + - NetworkAclAssociationId: aclassoc-66ea5f0b + NetworkAclId: acl-9aeb5ef7 + SubnetId: subnet-65ea5f08 + Entries: + - CidrBlock: 0.0.0.0/0 + Egress: true + Protocol: '-1' + RuleAction: deny + RuleNumber: 32767 + - CidrBlock: 0.0.0.0/0 + Egress: false + Protocol: '-1' + RuleAction: deny + RuleNumber: 32767 + IsDefault: false + NetworkAclId: acl-5fb85d36 + Tags: [] + VpcId: vpc-a01106c2 + properties: + networkAclSet: + allOf: + - $ref: '#/components/schemas/NetworkAclList' + - description: Information about one or more network ACLs. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + NetworkAclId: + type: string + DescribeNetworkInsightsAccessScopeAnalysesResult: + type: object + properties: + networkInsightsAccessScopeAnalysisSet: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysisList' + - description: The Network Access Scope analyses. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + NetworkInsightsAccessScopeAnalysisId: + type: string + DescribeNetworkInsightsAccessScopesResult: + type: object + properties: + networkInsightsAccessScopeSet: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeList' + - description: The Network Access Scopes. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + NetworkInsightsAccessScopeId: + type: string + DescribeNetworkInsightsAnalysesResult: + type: object + properties: + networkInsightsAnalysisSet: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAnalysisList' + - description: Information about the network insights analyses. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + NetworkInsightsAnalysisId: + type: string + DescribeNetworkInsightsPathsResult: + type: object + properties: + networkInsightsPathSet: + allOf: + - $ref: '#/components/schemas/NetworkInsightsPathList' + - description: Information about the paths. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + NetworkInsightsPathId: + type: string + DescribeNetworkInterfaceAttributeResult: + type: object + example: + NetworkInterfaceId: eni-686ea200 + SourceDestCheck: + Value: true + properties: + attachment: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceAttachment' + - description: The attachment (if any) of the network interface. + description: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: The description of the network interface. + groupSet: + allOf: + - $ref: '#/components/schemas/GroupIdentifierList' + - description: The security groups associated with the network interface. + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network interface. + sourceDestCheck: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description: Indicates whether source/destination checking is enabled. + description: Contains the output of DescribeNetworkInterfaceAttribute. + DescribeNetworkInterfacePermissionsResult: + type: object + properties: + networkInterfacePermissions: + allOf: + - $ref: '#/components/schemas/NetworkInterfacePermissionList' + - description: The network interface permissions. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. + description: Contains the output for DescribeNetworkInterfacePermissions. + NetworkInterfacePermissionId: + type: string + DescribeNetworkInterfacesResult: + type: object + example: + NetworkInterfaces: + - Association: + AssociationId: eipassoc-0fbb766a + IpOwnerId: '123456789012' + PublicDnsName: ec2-203-0-113-12.compute-1.amazonaws.com + PublicIp: 203.0.113.12 + Attachment: + AttachTime: '2013-11-30T23:36:42.000Z' + AttachmentId: eni-attach-66c4350a + DeleteOnTermination: false + DeviceIndex: 1 + InstanceId: i-1234567890abcdef0 + InstanceOwnerId: '123456789012' + Status: attached + AvailabilityZone: us-east-1d + Description: my network interface + Groups: + - GroupId: sg-8637d3e3 + GroupName: default + MacAddress: '02:2f:8f:b0:cf:75' + NetworkInterfaceId: eni-e5aa89a3 + OwnerId: '123456789012' + PrivateDnsName: ip-10-0-1-17.ec2.internal + PrivateIpAddress: 10.0.1.17 + PrivateIpAddresses: + - Association: + AssociationId: eipassoc-0fbb766a + IpOwnerId: '123456789012' + PublicDnsName: ec2-203-0-113-12.compute-1.amazonaws.com + PublicIp: 203.0.113.12 + Primary: true + PrivateDnsName: ip-10-0-1-17.ec2.internal + PrivateIpAddress: 10.0.1.17 + RequesterManaged: false + SourceDestCheck: true + Status: in-use + SubnetId: subnet-b61f49f0 + TagSet: [] + VpcId: vpc-a01106c2 + properties: + networkInterfaceSet: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceList' + - description: Information about one or more network interfaces. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + description: Contains the output of DescribeNetworkInterfaces. + DescribePlacementGroupsResult: + type: object + properties: + placementGroupSet: + allOf: + - $ref: '#/components/schemas/PlacementGroupList' + - description: Information about the placement groups. + PlacementGroupName: + type: string + PlacementGroupId: + type: string + DescribePrefixListsResult: + type: object + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + prefixListSet: + allOf: + - $ref: '#/components/schemas/PrefixListSet' + - description: All available prefix lists. + PrefixListResourceId: + type: string + DescribePrincipalIdFormatResult: + type: object + properties: + principalSet: + allOf: + - $ref: '#/components/schemas/PrincipalIdFormatList' + - description: Information about the ID format settings for the ARN. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribePublicIpv4PoolsResult: + type: object + properties: + publicIpv4PoolSet: + allOf: + - $ref: '#/components/schemas/PublicIpv4PoolSet' + - description: Information about the address pools. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + Ipv4PoolEc2Id: + type: string + DescribeRegionsResult: + type: object + example: + Regions: + - Endpoint: ec2.ap-south-1.amazonaws.com + RegionName: ap-south-1 + - Endpoint: ec2.eu-west-1.amazonaws.com + RegionName: eu-west-1 + - Endpoint: ec2.ap-southeast-1.amazonaws.com + RegionName: ap-southeast-1 + - Endpoint: ec2.ap-southeast-2.amazonaws.com + RegionName: ap-southeast-2 + - Endpoint: ec2.eu-central-1.amazonaws.com + RegionName: eu-central-1 + - Endpoint: ec2.ap-northeast-2.amazonaws.com + RegionName: ap-northeast-2 + - Endpoint: ec2.ap-northeast-1.amazonaws.com + RegionName: ap-northeast-1 + - Endpoint: ec2.us-east-1.amazonaws.com + RegionName: us-east-1 + - Endpoint: ec2.sa-east-1.amazonaws.com + RegionName: sa-east-1 + - Endpoint: ec2.us-west-1.amazonaws.com + RegionName: us-west-1 + - Endpoint: ec2.us-west-2.amazonaws.com + RegionName: us-west-2 + properties: + regionInfo: + allOf: + - $ref: '#/components/schemas/RegionList' + - description: Information about the Regions. + DescribeReplaceRootVolumeTasksResult: + type: object + properties: + replaceRootVolumeTaskSet: + allOf: + - $ref: '#/components/schemas/ReplaceRootVolumeTasks' + - description: Information about the root volume replacement task. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + ReplaceRootVolumeTaskId: + type: string + DescribeReservedInstancesResult: + type: object + properties: + reservedInstancesSet: + allOf: + - $ref: '#/components/schemas/ReservedInstancesList' + - description: A list of Reserved Instances. + description: Contains the output for DescribeReservedInstances. + DescribeReservedInstancesListingsResult: + type: object + properties: + reservedInstancesListingsSet: + allOf: + - $ref: '#/components/schemas/ReservedInstancesListingList' + - description: Information about the Reserved Instance listing. + description: Contains the output of DescribeReservedInstancesListings. + DescribeReservedInstancesModificationsResult: + type: object + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + reservedInstancesModificationsSet: + allOf: + - $ref: '#/components/schemas/ReservedInstancesModificationList' + - description: The Reserved Instance modification information. + description: Contains the output of DescribeReservedInstancesModifications. + ReservedInstancesModificationId: + type: string + DescribeReservedInstancesOfferingsResult: + type: object + properties: + reservedInstancesOfferingsSet: + allOf: + - $ref: '#/components/schemas/ReservedInstancesOfferingList' + - description: A list of Reserved Instances offerings. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + description: Contains the output of DescribeReservedInstancesOfferings. + ReservedInstancesOfferingId: + type: string + DescribeRouteTablesResult: + type: object + example: + RouteTables: + - Associations: + - Main: true + RouteTableAssociationId: rtbassoc-d8ccddba + RouteTableId: rtb-1f382e7d + PropagatingVgws: [] + RouteTableId: rtb-1f382e7d + Routes: + - DestinationCidrBlock: 10.0.0.0/16 + GatewayId: local + State: active + Tags: [] + VpcId: vpc-a01106c2 + properties: + routeTableSet: + allOf: + - $ref: '#/components/schemas/RouteTableList' + - description: Information about one or more route tables. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + description: Contains the output of DescribeRouteTables. + DescribeScheduledInstanceAvailabilityResult: + type: object + example: + ScheduledInstanceAvailabilitySet: + - AvailabilityZone: us-west-2b + AvailableInstanceCount: 20 + FirstSlotStartTime: '2016-01-31T00:00:00Z' + HourlyPrice: '0.095' + InstanceType: c4.large + MaxTermDurationInDays: 366 + MinTermDurationInDays: 366 + NetworkPlatform: EC2-VPC + Platform: Linux/UNIX + PurchaseToken: eyJ2IjoiMSIsInMiOjEsImMiOi... + Recurrence: + Frequency: Weekly + Interval: 1 + OccurrenceDaySet: + - 1 + OccurrenceRelativeToEnd: false + SlotDurationInHours: 23 + TotalScheduledInstanceHours: 1219 + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token required to retrieve the next set of results. This value is null when there are no more results to return. + scheduledInstanceAvailabilitySet: + allOf: + - $ref: '#/components/schemas/ScheduledInstanceAvailabilitySet' + - description: Information about the available Scheduled Instances. + description: Contains the output of DescribeScheduledInstanceAvailability. + DateTime: + type: string + format: date-time + DescribeScheduledInstancesResult: + type: object + example: + ScheduledInstanceSet: + - AvailabilityZone: us-west-2b + CreateDate: '2016-01-25T21:43:38.612Z' + HourlyPrice: '0.095' + InstanceCount: 1 + InstanceType: c4.large + NetworkPlatform: EC2-VPC + NextSlotStartTime: '2016-01-31T09:00:00Z' + Platform: Linux/UNIX + Recurrence: + Frequency: Weekly + Interval: 1 + OccurrenceDaySet: + - 1 + OccurrenceRelativeToEnd: false + OccurrenceUnit: '' + ScheduledInstanceId: sci-1234-1234-1234-1234-123456789012 + SlotDurationInHours: 32 + TermEndDate: '2017-01-31T09:00:00Z' + TermStartDate: '2016-01-31T09:00:00Z' + TotalScheduledInstanceHours: 1696 + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token required to retrieve the next set of results. This value is null when there are no more results to return. + scheduledInstanceSet: + allOf: + - $ref: '#/components/schemas/ScheduledInstanceSet' + - description: Information about the Scheduled Instances. + description: Contains the output of DescribeScheduledInstances. + ScheduledInstanceId: + type: string + DescribeSecurityGroupReferencesResult: + type: object + example: + SecurityGroupReferenceSet: + - GroupId: sg-903004f8 + ReferencingVpcId: vpc-1a2b3c4d + VpcPeeringConnectionId: pcx-b04deed9 + properties: + securityGroupReferenceSet: + allOf: + - $ref: '#/components/schemas/SecurityGroupReferences' + - description: Information about the VPCs with the referencing security groups. + DescribeSecurityGroupRulesResult: + type: object + properties: + securityGroupRuleSet: + allOf: + - $ref: '#/components/schemas/SecurityGroupRuleList' + - description: Information about security group rules. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The token to use to retrieve the next page of results. This value is null when there are no more results to return. ' + DescribeSecurityGroupsResult: + type: object + example: {} + properties: + securityGroupInfo: + allOf: + - $ref: '#/components/schemas/SecurityGroupList' + - description: Information about the security groups. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + SecurityGroupName: + type: string + DescribeSnapshotAttributeResult: + type: object + example: + CreateVolumePermissions: [] + SnapshotId: snap-066877671789bd71b + properties: + createVolumePermission: + allOf: + - $ref: '#/components/schemas/CreateVolumePermissionList' + - description: The users and groups that have the permissions for creating volumes from the snapshot. + productCodes: + allOf: + - $ref: '#/components/schemas/ProductCodeList' + - description: The product codes. + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the EBS snapshot. + DescribeSnapshotTierStatusResult: + type: object + properties: + snapshotTierStatusSet: + allOf: + - $ref: '#/components/schemas/snapshotTierStatusSet' + - description: Information about the snapshot's storage tier. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeSnapshotsResult: + type: object + example: + NextToken: '' + Snapshots: + - Description: This is my copied snapshot. + OwnerId: 012345678910 + Progress: 87% + SnapshotId: snap-066877671789bd71b + StartTime: '2014-02-28T21:37:27.000Z' + State: pending + VolumeId: vol-1234567890abcdef0 + VolumeSize: 8 + properties: + snapshotSet: + allOf: + - $ref: '#/components/schemas/SnapshotList' + - description: Information about the snapshots. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The NextToken value to include in a future DescribeSnapshots request. When the results of a DescribeSnapshots request exceed MaxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.' + SnapshotId: + type: string + DescribeSpotDatafeedSubscriptionResult: + type: object + example: + SpotDatafeedSubscription: + Bucket: my-s3-bucket + OwnerId: '123456789012' + Prefix: spotdata + State: Active + properties: + spotDatafeedSubscription: + allOf: + - $ref: '#/components/schemas/SpotDatafeedSubscription' + - description: The Spot Instance data feed subscription. + description: Contains the output of DescribeSpotDatafeedSubscription. + DescribeSpotFleetInstancesResponse: + type: object + example: + ActiveInstances: + - InstanceId: i-1234567890abcdef0 + InstanceType: m3.medium + SpotInstanceRequestId: sir-08b93456 + SpotFleetRequestId: sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE + properties: + activeInstanceSet: + allOf: + - $ref: '#/components/schemas/ActiveInstanceSet' + - description: The running instances. This list is refreshed periodically and might be out of date. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token required to retrieve the next set of results. This value is null when there are no more results to return. + spotFleetRequestId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Spot Fleet request. + description: Contains the output of DescribeSpotFleetInstances. + DescribeSpotFleetRequestHistoryResponse: + type: object + example: + HistoryRecords: + - EventInformation: + EventSubType: submitted + EventType: fleetRequestChange + Timestamp: '2015-05-26T23:17:20.697Z' + - EventInformation: + EventSubType: active + EventType: fleetRequestChange + Timestamp: '2015-05-26T23:17:20.873Z' + - EventInformation: + EventSubType: launched + InstanceId: i-1234567890abcdef0 + EventType: instanceChange + Timestamp: '2015-05-26T23:21:21.712Z' + - EventInformation: + EventSubType: launched + InstanceId: i-1234567890abcdef1 + EventType: instanceChange + Timestamp: '2015-05-26T23:21:21.816Z' + NextToken: CpHNsscimcV5oH7bSbub03CI2Qms5+ypNpNm+53MNlR0YcXAkp0xFlfKf91yVxSExmbtma3awYxMFzNA663ZskT0AHtJ6TCb2Z8bQC2EnZgyELbymtWPfpZ1ZbauVg+P+TfGlWxWWB/Vr5dk5d4LfdgA/DRAHUrYgxzrEXAMPLE= + SpotFleetRequestId: sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE + StartTime: '2015-05-26T00:00:00Z' + properties: + historyRecordSet: + allOf: + - $ref: '#/components/schemas/HistoryRecords' + - description: Information about the events in the history of the Spot Fleet request. + lastEvaluatedTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: '

The last date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). All records up to this time were retrieved.

If nextToken indicates that there are more results, this value is not present.

' + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token required to retrieve the next set of results. This value is null when there are no more results to return. + spotFleetRequestId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Spot Fleet request. + startTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The starting date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + description: Contains the output of DescribeSpotFleetRequestHistory. + DescribeSpotFleetRequestsResponse: + type: object + example: + SpotFleetRequestConfigs: + - SpotFleetRequestConfig: + IamFleetRole: 'arn:aws:iam::123456789012:role/my-spot-fleet-role' + LaunchSpecifications: + - EbsOptimized: false + ImageId: ami-1a2b3c4d + InstanceType: cc2.8xlarge + NetworkInterfaces: + - AssociatePublicIpAddress: true + DeleteOnTermination: false + DeviceIndex: 0 + SecondaryPrivateIpAddressCount: 0 + SubnetId: subnet-a61dafcf + - EbsOptimized: false + ImageId: ami-1a2b3c4d + InstanceType: r3.8xlarge + NetworkInterfaces: + - AssociatePublicIpAddress: true + DeleteOnTermination: false + DeviceIndex: 0 + SecondaryPrivateIpAddressCount: 0 + SubnetId: subnet-a61dafcf + SpotPrice: '0.05' + TargetCapacity: 20 + SpotFleetRequestId: sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE + SpotFleetRequestState: active + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token required to retrieve the next set of results. This value is null when there are no more results to return. + spotFleetRequestConfigSet: + allOf: + - $ref: '#/components/schemas/SpotFleetRequestConfigSet' + - description: Information about the configuration of your Spot Fleet. + description: Contains the output of DescribeSpotFleetRequests. + DescribeSpotInstanceRequestsResult: + type: object + example: + SpotInstanceRequests: + - CreateTime: '2014-04-30T18:14:55.000Z' + InstanceId: i-1234567890abcdef0 + LaunchSpecification: + BlockDeviceMappings: + - DeviceName: /dev/sda1 + Ebs: + DeleteOnTermination: true + VolumeSize: 8 + VolumeType: standard + EbsOptimized: false + ImageId: ami-7aba833f + InstanceType: m1.small + KeyName: my-key-pair + SecurityGroups: + - GroupId: sg-e38f24a7 + GroupName: my-security-group + LaunchedAvailabilityZone: us-west-1b + ProductDescription: Linux/UNIX + SpotInstanceRequestId: sir-08b93456 + SpotPrice: '0.010000' + State: active + Status: + Code: fulfilled + Message: Your Spot request is fulfilled. + UpdateTime: '2014-04-30T18:16:21.000Z' + Type: one-time + properties: + spotInstanceRequestSet: + allOf: + - $ref: '#/components/schemas/SpotInstanceRequestList' + - description: One or more Spot Instance requests. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next set of results. This value is null when there are no more results to return. + description: Contains the output of DescribeSpotInstanceRequests. + DescribeSpotPriceHistoryResult: + type: object + example: + SpotPriceHistory: + - AvailabilityZone: us-west-1a + InstanceType: m1.xlarge + ProductDescription: Linux/UNIX (Amazon VPC) + SpotPrice: '0.080000' + Timestamp: '2014-01-06T04:32:53.000Z' + - AvailabilityZone: us-west-1c + InstanceType: m1.xlarge + ProductDescription: Linux/UNIX (Amazon VPC) + SpotPrice: '0.080000' + Timestamp: '2014-01-05T11:28:26.000Z' + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token required to retrieve the next set of results. This value is null or an empty string when there are no more results to return. + spotPriceHistorySet: + allOf: + - $ref: '#/components/schemas/SpotPriceHistoryList' + - description: The historical Spot prices. + description: Contains the output of DescribeSpotPriceHistory. + DescribeStaleSecurityGroupsResult: + type: object + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.' + staleSecurityGroupSet: + allOf: + - $ref: '#/components/schemas/StaleSecurityGroupSet' + - description: Information about the stale security groups. + DescribeStoreImageTasksResult: + type: object + properties: + storeImageTaskResultSet: + allOf: + - $ref: '#/components/schemas/StoreImageTaskResultSet' + - description: The information about the AMI store tasks. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeSubnetsResult: + type: object + example: + Subnets: + - AvailabilityZone: us-east-1c + AvailableIpAddressCount: 251 + CidrBlock: 10.0.1.0/24 + DefaultForAz: false + MapPublicIpOnLaunch: false + State: available + SubnetId: subnet-9d4a7b6c + VpcId: vpc-a01106c2 + properties: + subnetSet: + allOf: + - $ref: '#/components/schemas/SubnetList' + - description: Information about one or more subnets. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeTagsResult: + type: object + example: + Tags: + - Key: Stack + ResourceId: i-1234567890abcdef8 + ResourceType: instance + Value: test + - Key: Name + ResourceId: i-1234567890abcdef8 + ResourceType: instance + Value: Beta Server + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + tagSet: + allOf: + - $ref: '#/components/schemas/TagDescriptionList' + - description: The tags. + DescribeTrafficMirrorFiltersResult: + type: object + properties: + trafficMirrorFilterSet: + allOf: + - $ref: '#/components/schemas/TrafficMirrorFilterSet' + - description: Information about one or more Traffic Mirror filters. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. The value is null when there are no more results to return. + TrafficMirrorFilterId: + type: string + DescribeTrafficMirrorSessionsResult: + type: object + properties: + trafficMirrorSessionSet: + allOf: + - $ref: '#/components/schemas/TrafficMirrorSessionSet' + - description: 'Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror sessions are described. Alternatively, you can filter the results.' + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. The value is null when there are no more results to return. + TrafficMirrorSessionId: + type: string + DescribeTrafficMirrorTargetsResult: + type: object + properties: + trafficMirrorTargetSet: + allOf: + - $ref: '#/components/schemas/TrafficMirrorTargetSet' + - description: Information about one or more Traffic Mirror targets. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. The value is null when there are no more results to return. + TrafficMirrorTargetId: + type: string + DescribeTransitGatewayAttachmentsResult: + type: object + properties: + transitGatewayAttachments: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentList' + - description: Information about the attachments. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + TransitGatewayAttachmentId: + type: string + DescribeTransitGatewayConnectPeersResult: + type: object + properties: + transitGatewayConnectPeerSet: + allOf: + - $ref: '#/components/schemas/TransitGatewayConnectPeerList' + - description: Information about the Connect peers. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + TransitGatewayConnectPeerId: + type: string + DescribeTransitGatewayConnectsResult: + type: object + properties: + transitGatewayConnectSet: + allOf: + - $ref: '#/components/schemas/TransitGatewayConnectList' + - description: Information about the Connect attachments. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeTransitGatewayMulticastDomainsResult: + type: object + properties: + transitGatewayMulticastDomains: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDomainList' + - description: Information about the transit gateway multicast domains. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + TransitGatewayMulticastDomainId: + type: string + DescribeTransitGatewayPeeringAttachmentsResult: + type: object + properties: + transitGatewayPeeringAttachments: + allOf: + - $ref: '#/components/schemas/TransitGatewayPeeringAttachmentList' + - description: The transit gateway peering attachments. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeTransitGatewayRouteTablesResult: + type: object + properties: + transitGatewayRouteTables: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableList' + - description: Information about the transit gateway route tables. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + TransitGatewayRouteTableId: + type: string + DescribeTransitGatewayVpcAttachmentsResult: + type: object + properties: + transitGatewayVpcAttachments: + allOf: + - $ref: '#/components/schemas/TransitGatewayVpcAttachmentList' + - description: Information about the VPC attachments. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeTransitGatewaysResult: + type: object + properties: + transitGatewaySet: + allOf: + - $ref: '#/components/schemas/TransitGatewayList' + - description: Information about the transit gateways. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + TransitGatewayId: + type: string + DescribeTrunkInterfaceAssociationsResult: + type: object + properties: + interfaceAssociationSet: + allOf: + - $ref: '#/components/schemas/TrunkInterfaceAssociationList' + - description: Information about the trunk associations. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + TrunkInterfaceAssociationId: + type: string + DescribeVolumeAttributeResult: + type: object + example: + AutoEnableIO: + Value: false + VolumeId: vol-049df61146c4d7901 + properties: + autoEnableIO: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description: The state of autoEnableIO attribute. + productCodes: + allOf: + - $ref: '#/components/schemas/ProductCodeList' + - description: A list of product codes. + volumeId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the volume. + DescribeVolumeStatusResult: + type: object + example: + VolumeStatuses: [] + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + volumeStatusSet: + allOf: + - $ref: '#/components/schemas/VolumeStatusList' + - description: Information about the status of the volumes. + VolumeId: + type: string + DescribeVolumesResult: + type: object + example: + Volumes: + - Attachments: + - AttachTime: '2013-12-18T22:35:00.000Z' + DeleteOnTermination: true + Device: /dev/sda1 + InstanceId: i-1234567890abcdef0 + State: attached + VolumeId: vol-049df61146c4d7901 + AvailabilityZone: us-east-1a + CreateTime: '2013-12-18T22:35:00.084Z' + Size: 8 + SnapshotId: snap-1234567890abcdef0 + State: in-use + VolumeId: vol-049df61146c4d7901 + VolumeType: standard + properties: + volumeSet: + allOf: + - $ref: '#/components/schemas/VolumeList' + - description: Information about the volumes. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The NextToken value to include in a future DescribeVolumes request. When the results of a DescribeVolumes request exceed MaxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.' + DescribeVolumesModificationsResult: + type: object + properties: + volumeModificationSet: + allOf: + - $ref: '#/components/schemas/VolumeModificationList' + - description: Information about the volume modifications. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Token for pagination, null if there are no more results ' + DescribeVpcAttributeResult: + type: object + example: + EnableDnsHostnames: + Value: true + VpcId: vpc-a01106c2 + properties: + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + enableDnsHostnames: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description: 'Indicates whether the instances launched in the VPC get DNS hostnames. If this attribute is true, instances in the VPC get DNS hostnames; otherwise, they do not.' + enableDnsSupport: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description: 'Indicates whether DNS resolution is enabled for the VPC. If this attribute is true, the Amazon DNS server resolves DNS hostnames for your instances to their corresponding IP addresses; otherwise, it does not.' + DescribeVpcClassicLinkResult: + type: object + properties: + vpcSet: + allOf: + - $ref: '#/components/schemas/VpcClassicLinkList' + - description: The ClassicLink status of one or more VPCs. + VpcId: + type: string + DescribeVpcClassicLinkDnsSupportResult: + type: object + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/DescribeVpcClassicLinkDnsSupportNextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + vpcs: + allOf: + - $ref: '#/components/schemas/ClassicLinkDnsSupportList' + - description: Information about the ClassicLink DNS support status of the VPCs. + DescribeVpcEndpointConnectionNotificationsResult: + type: object + properties: + connectionNotificationSet: + allOf: + - $ref: '#/components/schemas/ConnectionNotificationSet' + - description: One or more notifications. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeVpcEndpointConnectionsResult: + type: object + properties: + vpcEndpointConnectionSet: + allOf: + - $ref: '#/components/schemas/VpcEndpointConnectionSet' + - description: Information about one or more VPC endpoint connections. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeVpcEndpointServiceConfigurationsResult: + type: object + properties: + serviceConfigurationSet: + allOf: + - $ref: '#/components/schemas/ServiceConfigurationSet' + - description: Information about one or more services. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeVpcEndpointServicePermissionsResult: + type: object + properties: + allowedPrincipals: + allOf: + - $ref: '#/components/schemas/AllowedPrincipalSet' + - description: Information about one or more allowed principals. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeVpcEndpointServicesResult: + type: object + properties: + serviceNameSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: A list of supported services. + serviceDetailSet: + allOf: + - $ref: '#/components/schemas/ServiceDetailSet' + - description: Information about the service. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.' + description: Contains the output of DescribeVpcEndpointServices. + DescribeVpcEndpointsResult: + type: object + properties: + vpcEndpointSet: + allOf: + - $ref: '#/components/schemas/VpcEndpointSet' + - description: Information about the endpoints. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.' + description: Contains the output of DescribeVpcEndpoints. + DescribeVpcPeeringConnectionsResult: + type: object + properties: + vpcPeeringConnectionSet: + allOf: + - $ref: '#/components/schemas/VpcPeeringConnectionList' + - description: Information about the VPC peering connections. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + VpcPeeringConnectionId: + type: string + DescribeVpcsResult: + type: object + example: + Vpcs: + - CidrBlock: 10.0.0.0/16 + DhcpOptionsId: dopt-7a8b9c2d + InstanceTenancy: default + IsDefault: false + State: available + Tags: + - Key: Name + Value: MyVPC + VpcId: vpc-a01106c2 + properties: + vpcSet: + allOf: + - $ref: '#/components/schemas/VpcList' + - description: Information about one or more VPCs. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + DescribeVpnConnectionsResult: + type: object + properties: + vpnConnectionSet: + allOf: + - $ref: '#/components/schemas/VpnConnectionList' + - description: Information about one or more VPN connections. + description: Contains the output of DescribeVpnConnections. + VpnConnectionId: + type: string + DescribeVpnGatewaysResult: + type: object + properties: + vpnGatewaySet: + allOf: + - $ref: '#/components/schemas/VpnGatewayList' + - description: Information about one or more virtual private gateways. + description: Contains the output of DescribeVpnGateways. + VpnGatewayId: + type: string + DetachClassicLinkVpcResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + DisableEbsEncryptionByDefaultResult: + type: object + properties: + ebsEncryptionByDefault: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The updated status of encryption by default. + DisableFastLaunchResult: + type: object + properties: + imageId: + allOf: + - $ref: '#/components/schemas/ImageId' + - description: The ID of the image for which faster-launching has been turned off. + resourceType: + allOf: + - $ref: '#/components/schemas/FastLaunchResourceType' + - description: 'The pre-provisioning resource type that must be cleaned after turning off faster launching for the Windows AMI. Supported values include: snapshot.' + snapshotConfiguration: + allOf: + - $ref: '#/components/schemas/FastLaunchSnapshotConfigurationResponse' + - description: Parameters that were used for faster launching for the Windows AMI before faster launching was turned off. This informs the clean-up process. + launchTemplate: + allOf: + - $ref: '#/components/schemas/FastLaunchLaunchTemplateSpecificationResponse' + - description: The launch template that was used to launch Windows instances from pre-provisioned snapshots. + maxParallelLaunches: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The maximum number of parallel instances to launch for creating resources. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The owner of the Windows AMI for which faster launching was turned off. + state: + allOf: + - $ref: '#/components/schemas/FastLaunchStateCode' + - description: The current state of faster launching for the specified Windows AMI. + stateTransitionReason: + allOf: + - $ref: '#/components/schemas/String' + - description: The reason that the state changed for faster launching for the Windows AMI. + stateTransitionTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time that the state changed for faster launching for the Windows AMI. + DisableFastSnapshotRestoresResult: + type: object + properties: + successful: + allOf: + - $ref: '#/components/schemas/DisableFastSnapshotRestoreSuccessSet' + - description: Information about the snapshots for which fast snapshot restores were successfully disabled. + unsuccessful: + allOf: + - $ref: '#/components/schemas/DisableFastSnapshotRestoreErrorSet' + - description: Information about the snapshots for which fast snapshot restores could not be disabled. + DisableImageDeprecationResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + DisableIpamOrganizationAdminAccountResult: + type: object + properties: + success: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The result of disabling the IPAM account. + DisableSerialConsoleAccessResult: + type: object + properties: + serialConsoleAccessEnabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If true, access to the EC2 serial console of all instances is enabled for your account. If false, access to the EC2 serial console of all instances is disabled for your account.' + DisableTransitGatewayRouteTablePropagationResult: + type: object + properties: + propagation: + allOf: + - $ref: '#/components/schemas/TransitGatewayPropagation' + - description: Information about route propagation. + DisableVpcClassicLinkResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + DisableVpcClassicLinkDnsSupportResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + DisassociateClientVpnTargetNetworkResult: + type: object + properties: + associationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the target network association. + status: + allOf: + - $ref: '#/components/schemas/AssociationStatus' + - description: The current state of the target network association. + DisassociateEnclaveCertificateIamRoleResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + DisassociateIamInstanceProfileResult: + type: object + example: + IamInstanceProfileAssociation: + AssociationId: iip-assoc-05020b59952902f5f + IamInstanceProfile: + Arn: 'arn:aws:iam::123456789012:instance-profile/admin-role' + Id: AIPAI5IVIHMFFYY2DKV5Y + InstanceId: i-123456789abcde123 + State: disassociating + properties: + iamInstanceProfileAssociation: + allOf: + - $ref: '#/components/schemas/IamInstanceProfileAssociation' + - description: Information about the IAM instance profile association. + DisassociateInstanceEventWindowResult: + type: object + properties: + instanceEventWindow: + allOf: + - $ref: '#/components/schemas/InstanceEventWindow' + - description: Information about the event window. + DisassociateSubnetCidrBlockResult: + type: object + properties: + ipv6CidrBlockAssociation: + allOf: + - $ref: '#/components/schemas/SubnetIpv6CidrBlockAssociation' + - description: Information about the IPv6 CIDR block association. + subnetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet. + DisassociateTransitGatewayMulticastDomainResult: + type: object + properties: + associations: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDomainAssociations' + - description: Information about the association. + DisassociateTransitGatewayRouteTableResult: + type: object + properties: + association: + allOf: + - $ref: '#/components/schemas/TransitGatewayAssociation' + - description: Information about the association. + DisassociateTrunkInterfaceResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency.' + DisassociateVpcCidrBlockResult: + type: object + properties: + ipv6CidrBlockAssociation: + allOf: + - $ref: '#/components/schemas/VpcIpv6CidrBlockAssociation' + - description: Information about the IPv6 CIDR block association. + cidrBlockAssociation: + allOf: + - $ref: '#/components/schemas/VpcCidrBlockAssociation' + - description: Information about the IPv4 CIDR block association. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + EnableEbsEncryptionByDefaultResult: + type: object + properties: + ebsEncryptionByDefault: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The updated status of encryption by default. + EnableFastLaunchResult: + type: object + properties: + imageId: + allOf: + - $ref: '#/components/schemas/ImageId' + - description: The image ID that identifies the Windows AMI for which faster launching was enabled. + resourceType: + allOf: + - $ref: '#/components/schemas/FastLaunchResourceType' + - description: The type of resource that was defined for pre-provisioning the Windows AMI for faster launching. + snapshotConfiguration: + allOf: + - $ref: '#/components/schemas/FastLaunchSnapshotConfigurationResponse' + - description: The configuration settings that were defined for creating and managing the pre-provisioned snapshots for faster launching of the Windows AMI. This property is returned when the associated resourceType is snapshot. + launchTemplate: + allOf: + - $ref: '#/components/schemas/FastLaunchLaunchTemplateSpecificationResponse' + - description: The launch template that is used when launching Windows instances from pre-provisioned snapshots. + maxParallelLaunches: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The maximum number of parallel instances to launch for creating resources. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The owner ID for the Windows AMI for which faster launching was enabled. + state: + allOf: + - $ref: '#/components/schemas/FastLaunchStateCode' + - description: The current state of faster launching for the specified Windows AMI. + stateTransitionReason: + allOf: + - $ref: '#/components/schemas/String' + - description: The reason that the state changed for faster launching for the Windows AMI. + stateTransitionTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time that the state changed for faster launching for the Windows AMI. + EnableFastSnapshotRestoresResult: + type: object + properties: + successful: + allOf: + - $ref: '#/components/schemas/EnableFastSnapshotRestoreSuccessSet' + - description: Information about the snapshots for which fast snapshot restores were successfully enabled. + unsuccessful: + allOf: + - $ref: '#/components/schemas/EnableFastSnapshotRestoreErrorSet' + - description: Information about the snapshots for which fast snapshot restores could not be enabled. + EnableImageDeprecationResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + EnableIpamOrganizationAdminAccountResult: + type: object + properties: + success: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The result of enabling the IPAM account. + EnableSerialConsoleAccessResult: + type: object + properties: + serialConsoleAccessEnabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If true, access to the EC2 serial console of all instances is enabled for your account. If false, access to the EC2 serial console of all instances is disabled for your account.' + EnableTransitGatewayRouteTablePropagationResult: + type: object + properties: + propagation: + allOf: + - $ref: '#/components/schemas/TransitGatewayPropagation' + - description: Information about route propagation. + EnableVpcClassicLinkResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + EnableVpcClassicLinkDnsSupportResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + ExportClientVpnClientCertificateRevocationListResult: + type: object + properties: + certificateRevocationList: + allOf: + - $ref: '#/components/schemas/String' + - description: Information about the client certificate revocation list. + status: + allOf: + - $ref: '#/components/schemas/ClientCertificateRevocationListStatus' + - description: The current state of the client certificate revocation list. + ExportClientVpnClientConfigurationResult: + type: object + properties: + clientConfiguration: + allOf: + - $ref: '#/components/schemas/String' + - description: The contents of the Client VPN endpoint configuration file. + ExportImageResult: + type: object + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the image being exported. + diskImageFormat: + allOf: + - $ref: '#/components/schemas/DiskImageFormat' + - description: The disk image format for the exported image. + exportImageTaskId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the export image task. + imageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the image. + roleName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the role that grants VM Import/Export permission to export images to your Amazon S3 bucket. + progress: + allOf: + - $ref: '#/components/schemas/String' + - description: The percent complete of the export image task. + s3ExportLocation: + allOf: + - $ref: '#/components/schemas/ExportTaskS3Location' + - description: Information about the destination Amazon S3 bucket. + status: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The status of the export image task. The possible values are active, completed, deleting, and deleted.' + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: The status message for the export image task. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the export image task. + ExportTransitGatewayRoutesResult: + type: object + properties: + s3Location: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The URL of the exported file in Amazon S3. For example, s3://bucket_name/VPCTransitGateway/TransitGatewayRouteTables/file_name.' + GetAssociatedEnclaveCertificateIamRolesResult: + type: object + properties: + associatedRoleSet: + allOf: + - $ref: '#/components/schemas/AssociatedRolesList' + - description: Information about the associated IAM roles. + GetAssociatedIpv6PoolCidrsResult: + type: object + properties: + ipv6CidrAssociationSet: + allOf: + - $ref: '#/components/schemas/Ipv6CidrAssociationSet' + - description: Information about the IPv6 CIDR block associations. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + GetCapacityReservationUsageResult: + type: object + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + capacityReservationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Capacity Reservation. + instanceType: + allOf: + - $ref: '#/components/schemas/String' + - description: The type of instance for which the Capacity Reservation reserves capacity. + totalInstanceCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of instances for which the Capacity Reservation reserves capacity. + availableInstanceCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The remaining capacity. Indicates the number of instances that can be launched in the Capacity Reservation. + state: + allOf: + - $ref: '#/components/schemas/CapacityReservationState' + - description: '

The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:

  • active - The Capacity Reservation is active and the capacity is available for your use.

  • expired - The Capacity Reservation expired automatically at the date and time specified in your request. The reserved capacity is no longer available for your use.

  • cancelled - The Capacity Reservation was cancelled. The reserved capacity is no longer available for your use.

  • pending - The Capacity Reservation request was successful but the capacity provisioning is still pending.

  • failed - The Capacity Reservation request has failed. A request might fail due to invalid request parameters, capacity constraints, or instance limit constraints. Failed requests are retained for 60 minutes.

' + instanceUsageSet: + allOf: + - $ref: '#/components/schemas/InstanceUsageSet' + - description: Information about the Capacity Reservation usage. + GetCoipPoolUsageResult: + type: object + properties: + coipPoolId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the customer-owned address pool. + coipAddressUsageSet: + allOf: + - $ref: '#/components/schemas/CoipAddressUsageSet' + - description: Information about the address usage. + localGatewayRouteTableId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the local gateway route table. + GetConsoleOutputResult: + type: object + example: + InstanceId: i-1234567890abcdef0 + Output: ... + Timestamp: '2018-05-25T21:23:53.000Z' + properties: + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + output: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The console output, base64-encoded. If you are using a command line tool, the tool decodes the output for you.' + timestamp: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time at which the output was last updated. + GetConsoleScreenshotResult: + type: object + properties: + imageData: + allOf: + - $ref: '#/components/schemas/String' + - description: The data that comprises the image. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + GetDefaultCreditSpecificationResult: + type: object + properties: + instanceFamilyCreditSpecification: + allOf: + - $ref: '#/components/schemas/InstanceFamilyCreditSpecification' + - description: The default credit option for CPU usage of the instance family. + GetEbsDefaultKmsKeyIdResult: + type: object + properties: + kmsKeyId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the default KMS key for encryption by default. + GetEbsEncryptionByDefaultResult: + type: object + properties: + ebsEncryptionByDefault: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether encryption by default is enabled. + GetFlowLogsIntegrationTemplateResult: + type: object + properties: + result: + allOf: + - $ref: '#/components/schemas/String' + - description: The generated CloudFormation template. + AthenaIntegrationsSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/AthenaIntegration' + - xml: + name: item + minItems: 1 + maxItems: 10 + GetGroupsForCapacityReservationResult: + type: object + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + capacityReservationGroupSet: + allOf: + - $ref: '#/components/schemas/CapacityReservationGroupSet' + - description: Information about the resource groups to which the Capacity Reservation has been added. + GetHostReservationPurchasePreviewResult: + type: object + properties: + currencyCode: + allOf: + - $ref: '#/components/schemas/CurrencyCodeValues' + - description: 'The currency in which the totalUpfrontPrice and totalHourlyPrice amounts are specified. At this time, the only supported currency is USD.' + purchase: + allOf: + - $ref: '#/components/schemas/PurchaseSet' + - description: The purchase information of the Dedicated Host reservation and the Dedicated Hosts associated with it. + totalHourlyPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The potential total hourly price of the reservation per hour. + totalUpfrontPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The potential total upfront price. This is billed immediately. + GetInstanceTypesFromInstanceRequirementsResult: + type: object + properties: + instanceTypeSet: + allOf: + - $ref: '#/components/schemas/InstanceTypeInfoFromInstanceRequirementsSet' + - description: The instance types with the specified instance attributes. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next set of results. + ArchitectureType: + type: string + enum: + - i386 + - x86_64 + - arm64 + - x86_64_mac + VirtualizationType: + type: string + enum: + - hvm + - paravirtual + MemoryMiBRequest: + type: object + required: + - Min + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum amount of memory, in MiB. To specify no maximum limit, omit this parameter.' + description: 'The minimum and maximum amount of memory, in MiB.' + MemoryGiBPerVCpuRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Double' + - description: 'The maximum amount of memory per vCPU, in GiB. To specify no maximum limit, omit this parameter.' + description: 'The minimum and maximum amount of memory per vCPU, in GiB.' + ExcludedInstanceTypeSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ExcludedInstanceType' + - xml: + name: item + minItems: 0 + maxItems: 400 + LocalStorage: + type: string + enum: + - included + - required + - excluded + BaselineEbsBandwidthMbpsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum baseline bandwidth, in Mbps. To specify no maximum limit, omit this parameter.' + description: 'The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.' + AcceleratorCountRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum number of accelerators. To specify no maximum limit, omit this parameter. To exclude accelerator-enabled instance types, set Max to 0.' + description: 'The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an instance. To exclude accelerator-enabled instance types, set Max to 0.' + AcceleratorManufacturerSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/AcceleratorManufacturer' + - xml: + name: item + AcceleratorTotalMemoryMiBRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum amount of accelerator memory, in MiB. To specify no maximum limit, omit this parameter.' + description: 'The minimum and maximum amount of total accelerator memory, in MiB.' + GetInstanceUefiDataResult: + type: object + properties: + instanceId: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: The ID of the instance from which to retrieve the UEFI data. + uefiData: + allOf: + - $ref: '#/components/schemas/String' + - description: Base64 representation of the non-volatile UEFI variable store. + GetIpamAddressHistoryResult: + type: object + properties: + historyRecordSet: + allOf: + - $ref: '#/components/schemas/IpamAddressHistoryRecordSet' + - description: 'A historical record for a CIDR within an IPAM scope. If the CIDR is associated with an EC2 instance, you will see an object in the response for the instance and one for the network interface.' + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + GetIpamPoolAllocationsResult: + type: object + properties: + ipamPoolAllocationSet: + allOf: + - $ref: '#/components/schemas/IpamPoolAllocationSet' + - description: The IPAM pool allocations you want information on. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + GetIpamPoolCidrsResult: + type: object + properties: + ipamPoolCidrSet: + allOf: + - $ref: '#/components/schemas/IpamPoolCidrSet' + - description: Information about the CIDRs provisioned to an IPAM pool. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + GetIpamResourceCidrsResult: + type: object + properties: + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + ipamResourceCidrSet: + allOf: + - $ref: '#/components/schemas/IpamResourceCidrSet' + - description: The resource CIDRs. + GetLaunchTemplateDataResult: + type: object + example: + LaunchTemplateData: + BlockDeviceMappings: + - DeviceName: /dev/xvda + Ebs: + DeleteOnTermination: true + Encrypted: false + Iops: 100 + SnapshotId: snap-02594938353ef77d3 + VolumeSize: 8 + VolumeType: gp2 + EbsOptimized: false + ImageId: ami-32cf7b4a + InstanceType: t2.medium + KeyName: my-key-pair + Monitoring: + Enabled: false + NetworkInterfaces: + - AssociatePublicIpAddress: false + DeleteOnTermination: true + Description: '' + DeviceIndex: 0 + Groups: + - sg-d14e1bb4 + Ipv6Addresses: [] + NetworkInterfaceId: eni-4338b5a9 + PrivateIpAddress: 10.0.3.233 + PrivateIpAddresses: + - Primary: true + PrivateIpAddress: 10.0.3.233 + SubnetId: subnet-5264e837 + Placement: + AvailabilityZone: us-east-2b + GroupName: '' + Tenancy: default + properties: + launchTemplateData: + allOf: + - $ref: '#/components/schemas/ResponseLaunchTemplateData' + - description: The instance data. + GetManagedPrefixListAssociationsResult: + type: object + properties: + prefixListAssociationSet: + allOf: + - $ref: '#/components/schemas/PrefixListAssociationSet' + - description: Information about the associations. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + GetManagedPrefixListEntriesResult: + type: object + properties: + entrySet: + allOf: + - $ref: '#/components/schemas/PrefixListEntrySet' + - description: Information about the prefix list entries. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + GetNetworkInsightsAccessScopeAnalysisFindingsResult: + type: object + properties: + networkInsightsAccessScopeAnalysisId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysisId' + - description: The ID of the Network Access Scope analysis. + analysisStatus: + allOf: + - $ref: '#/components/schemas/AnalysisStatus' + - description: The status of Network Access Scope Analysis. + analysisFindingSet: + allOf: + - $ref: '#/components/schemas/AccessScopeAnalysisFindingList' + - description: The findings associated with Network Access Scope Analysis. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + GetNetworkInsightsAccessScopeContentResult: + type: object + properties: + networkInsightsAccessScopeContent: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeContent' + - description: The Network Access Scope content. + GetPasswordDataResult: + type: object + properties: + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Windows instance. + passwordData: + allOf: + - $ref: '#/components/schemas/String' + - description: The password of the instance. Returns an empty string if the password is not available. + timestamp: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time the data was last updated. + GetReservedInstancesExchangeQuoteResult: + type: object + properties: + currencyCode: + allOf: + - $ref: '#/components/schemas/String' + - description: The currency of the transaction. + isValidExchange: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If true, the exchange is valid. If false, the exchange cannot be completed.' + outputReservedInstancesWillExpireAt: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The new end date of the reservation term. + paymentDue: + allOf: + - $ref: '#/components/schemas/String' + - description: The total true upfront charge for the exchange. + reservedInstanceValueRollup: + allOf: + - $ref: '#/components/schemas/ReservationValue' + - description: The cost associated with the Reserved Instance. + reservedInstanceValueSet: + allOf: + - $ref: '#/components/schemas/ReservedInstanceReservationValueSet' + - description: The configuration of your Convertible Reserved Instances. + targetConfigurationValueRollup: + allOf: + - $ref: '#/components/schemas/ReservationValue' + - description: The cost associated with the Reserved Instance. + targetConfigurationValueSet: + allOf: + - $ref: '#/components/schemas/TargetReservationValueSet' + - description: The values of the target Convertible Reserved Instances. + validationFailureReason: + allOf: + - $ref: '#/components/schemas/String' + - description: Describes the reason why the exchange cannot be completed. + description: Contains the output of GetReservedInstancesExchangeQuote. + GetSerialConsoleAccessStatusResult: + type: object + properties: + serialConsoleAccessEnabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If true, access to the EC2 serial console of all instances is enabled for your account. If false, access to the EC2 serial console of all instances is disabled for your account.' + GetSpotPlacementScoresResult: + type: object + properties: + spotPlacementScoreSet: + allOf: + - $ref: '#/components/schemas/SpotPlacementScores' + - description: '

The Spot placement score for the top 10 Regions or Availability Zones, scored on a scale from 1 to 10. Each score
 reflects how likely it is that each Region or Availability Zone will succeed at fulfilling the specified target capacity
 at the time of the Spot placement score request. A score of 10 means that your Spot capacity request is highly likely to succeed in that Region or Availability Zone.

If you request a Spot placement score for Regions, a high score assumes that your fleet request will be configured to use all Availability Zones and the capacity-optimized allocation strategy. If you request a Spot placement score for Availability Zones, a high score assumes that your fleet request will be configured to use a single Availability Zone and the capacity-optimized allocation strategy.

Different
 Regions or Availability Zones might return the same score.

The Spot placement score serves as a recommendation only. No score guarantees that your Spot request will be fully or partially fulfilled.

' + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next set of results. + ArchitectureTypeSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ArchitectureType' + - xml: + name: item + minItems: 0 + maxItems: 3 + InstanceRequirementsRequest: + type: object + required: + - VCpuCount + - MemoryMiB + properties: + undefined: + allOf: + - $ref: '#/components/schemas/MemoryMiBRequest' + - description: 'The minimum and maximum amount of memory, in MiB.' + CpuManufacturer: + allOf: + - $ref: '#/components/schemas/MemoryGiBPerVCpuRequest' + - description: '

The minimum and maximum amount of memory per vCPU, in GiB.

Default: No minimum or maximum limits

' + ExcludedInstanceType: + allOf: + - $ref: '#/components/schemas/ExcludedInstanceTypeSet' + - description: '

The instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (*), to exclude an instance family, type, size, or generation. The following are examples: m5.8xlarge, c5*.*, m5a.*, r*, *3*.

For example, if you specify c5*,Amazon EC2 will exclude the entire C5 instance family, which includes all C5a and C5n instance types. If you specify m5a.*, Amazon EC2 will exclude all the M5a instance types, but not the M5n instance types.

Default: No excluded instance types

' + InstanceGeneration: + allOf: + - $ref: '#/components/schemas/LocalStorage' + - description: '

Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, Amazon EC2 instance store in the Amazon EC2 User Guide.

  • To include instance types with instance store volumes, specify included.

  • To require only instance types with instance store volumes, specify required.

  • To exclude instance types with instance store volumes, specify excluded.

Default: included

' + LocalStorageType: + allOf: + - $ref: '#/components/schemas/BaselineEbsBandwidthMbpsRequest' + - description: '

The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.

Default: No minimum or maximum limits

' + AcceleratorType: + allOf: + - $ref: '#/components/schemas/AcceleratorCountRequest' + - description: '

The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an instance.

To exclude accelerator-enabled instance types, set Max to 0.

Default: No minimum or maximum limits

' + AcceleratorManufacturer: + allOf: + - $ref: '#/components/schemas/AcceleratorManufacturerSet' + - description: '

Indicates whether instance types must have accelerators by specific manufacturers.

  • For instance types with NVIDIA devices, specify nvidia.

  • For instance types with AMD devices, specify amd.

  • For instance types with Amazon Web Services devices, specify amazon-web-services.

  • For instance types with Xilinx devices, specify xilinx.

Default: Any manufacturer

' + AcceleratorName: + allOf: + - $ref: '#/components/schemas/AcceleratorTotalMemoryMiBRequest' + - description: '

The minimum and maximum amount of total accelerator memory, in MiB.

Default: No minimum or maximum limits

' + description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.

When you specify multiple parameters, you get instance types that satisfy all of the specified parameters. If you specify multiple values for a parameter, you get instance types that satisfy any of the specified values.

You must specify VCpuCount and MemoryMiB. All other parameters are optional. Any unspecified optional parameter is set to its default.

For more information, see Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide.

' + GetSubnetCidrReservationsResult: + type: object + properties: + subnetIpv4CidrReservationSet: + allOf: + - $ref: '#/components/schemas/SubnetCidrReservationList' + - description: Information about the IPv4 subnet CIDR reservations. + subnetIpv6CidrReservationSet: + allOf: + - $ref: '#/components/schemas/SubnetCidrReservationList' + - description: Information about the IPv6 subnet CIDR reservations. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + GetTransitGatewayAttachmentPropagationsResult: + type: object + properties: + transitGatewayAttachmentPropagations: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentPropagationList' + - description: Information about the propagation route tables. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + GetTransitGatewayMulticastDomainAssociationsResult: + type: object + properties: + multicastDomainAssociations: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDomainAssociationList' + - description: Information about the multicast domain associations. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + GetTransitGatewayPrefixListReferencesResult: + type: object + properties: + transitGatewayPrefixListReferenceSet: + allOf: + - $ref: '#/components/schemas/TransitGatewayPrefixListReferenceSet' + - description: Information about the prefix list references. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + GetTransitGatewayRouteTableAssociationsResult: + type: object + properties: + associations: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableAssociationList' + - description: Information about the associations. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + GetTransitGatewayRouteTablePropagationsResult: + type: object + properties: + transitGatewayRouteTablePropagations: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTablePropagationList' + - description: Information about the route table propagations. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + GetVpnConnectionDeviceSampleConfigurationResult: + type: object + properties: + vpnConnectionDeviceSampleConfiguration: + allOf: + - $ref: '#/components/schemas/VpnConnectionDeviceSampleConfiguration' + - description: Sample configuration file for the specified customer gateway device. + GetVpnConnectionDeviceTypesResult: + type: object + properties: + vpnConnectionDeviceTypeSet: + allOf: + - $ref: '#/components/schemas/VpnConnectionDeviceTypeList' + - description: List of customer gateway devices that have a sample configuration file available for use. + nextToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: 'The NextToken value to include in a future GetVpnConnectionDeviceTypes request. When the results of a GetVpnConnectionDeviceTypes request exceed MaxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.' + ImportClientVpnClientCertificateRevocationListResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + ImportImageResult: + type: object + properties: + architecture: + allOf: + - $ref: '#/components/schemas/String' + - description: The architecture of the virtual machine. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the import task. + encrypted: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the AMI is encrypted. + hypervisor: + allOf: + - $ref: '#/components/schemas/String' + - description: The target hypervisor of the import task. + imageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Machine Image (AMI) created by the import task. + importTaskId: + allOf: + - $ref: '#/components/schemas/ImportImageTaskId' + - description: The task ID of the import image task. + kmsKeyId: + allOf: + - $ref: '#/components/schemas/KmsKeyId' + - description: The identifier for the symmetric KMS key that was used to create the encrypted AMI. + licenseType: + allOf: + - $ref: '#/components/schemas/String' + - description: The license type of the virtual machine. + platform: + allOf: + - $ref: '#/components/schemas/String' + - description: The operating system of the virtual machine. + progress: + allOf: + - $ref: '#/components/schemas/String' + - description: The progress of the task. + snapshotDetailSet: + allOf: + - $ref: '#/components/schemas/SnapshotDetailList' + - description: Information about the snapshots. + status: + allOf: + - $ref: '#/components/schemas/String' + - description: A brief status of the task. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: A detailed status message of the import task. + licenseSpecifications: + allOf: + - $ref: '#/components/schemas/ImportImageLicenseSpecificationListResponse' + - description: The ARNs of the license configurations. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the import image task. + usageOperation: + allOf: + - $ref: '#/components/schemas/String' + - description: The usage operation value. + ImageDiskContainer: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/UserBucket' + - description: The S3 bucket for the disk image. + description: Describes the disk container object for an import image task. + ImportImageLicenseConfigurationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The ARN of a license configuration. + description: The request information of license configurations. + ImportInstanceResult: + type: object + properties: + conversionTask: + allOf: + - $ref: '#/components/schemas/ConversionTask' + - description: Information about the conversion task. + DiskImage: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VolumeDetail' + - description: Information about the volume. + description: Describes a disk image. + ArchitectureValues: + type: string + enum: + - i386 + - x86_64 + - arm64 + - x86_64_mac + SecurityGroupStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupName' + - xml: + name: SecurityGroup + ShutdownBehavior: + type: string + enum: + - stop + - terminate + Placement: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The Availability Zone of the instance.

If not specified, an Availability Zone will be automatically chosen for you based on the load balancing criteria for the Region.

This parameter is not supported by CreateFleet.

' + affinity: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The affinity setting for the instance on the Dedicated Host. This parameter is not supported for the ImportInstance command.

This parameter is not supported by CreateFleet.

' + groupName: + allOf: + - $ref: '#/components/schemas/PlacementGroupName' + - description: The name of the placement group the instance is in. + partitionNumber: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The number of the partition that the instance is in. Valid only if the placement group strategy is set to partition.

This parameter is not supported by CreateFleet.

' + hostId: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The ID of the Dedicated Host on which the instance resides. This parameter is not supported for the ImportInstance command.

This parameter is not supported by CreateFleet.

' + tenancy: + allOf: + - $ref: '#/components/schemas/Tenancy' + - description: '

The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the ImportInstance command.

This parameter is not supported by CreateFleet.

T3 instances that use the unlimited CPU credit option do not support host tenancy.

' + spreadDomain: + allOf: + - $ref: '#/components/schemas/String' + - description: '

Reserved for future use.

This parameter is not supported by CreateFleet.

' + hostResourceGroupArn: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The ARN of the host resource group in which to launch the instances. If you specify a host resource group ARN, omit the Tenancy parameter or set it to host.

This parameter is not supported by CreateFleet.

' + description: Describes the placement of an instance. + UserData: + type: object + properties: + data: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The user data. If you are using an Amazon Web Services SDK or command line tool, Base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide Base64-encoded text.' + description: Describes the user data for an instance. + ImportKeyPairResult: + type: object + properties: + keyFingerprint: + allOf: + - $ref: '#/components/schemas/String' + - description: '

  • For RSA key pairs, the key fingerprint is the MD5 public key fingerprint as specified in section 4 of RFC 4716.

  • For ED25519 key pairs, the key fingerprint is the base64-encoded SHA-256 digest, which is the default for OpenSSH, starting with OpenSSH 6.8.

' + keyName: + allOf: + - $ref: '#/components/schemas/String' + - description: The key pair name that you provided. + keyPairId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resulting key pair. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags applied to the imported key pair. + ImportSnapshotResult: + type: object + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the import snapshot task. + importTaskId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the import snapshot task. + snapshotTaskDetail: + allOf: + - $ref: '#/components/schemas/SnapshotTaskDetail' + - description: Information about the import snapshot task. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the import snapshot task. + UserBucket: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The file name of the disk image. + description: Describes the Amazon S3 bucket for the disk image. + ImportVolumeResult: + type: object + properties: + conversionTask: + allOf: + - $ref: '#/components/schemas/ConversionTask' + - description: Information about the conversion task. + ListImagesInRecycleBinResult: + type: object + properties: + imageSet: + allOf: + - $ref: '#/components/schemas/ImageRecycleBinInfoList' + - description: Information about the AMIs. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + ListSnapshotsInRecycleBinResult: + type: object + properties: + snapshotSet: + allOf: + - $ref: '#/components/schemas/SnapshotRecycleBinInfoList' + - description: Information about the snapshots. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + ModifyAddressAttributeResult: + type: object + properties: + address: + allOf: + - $ref: '#/components/schemas/AddressAttribute' + - description: Information about the Elastic IP address. + ModifyAvailabilityZoneGroupResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Is true if the request succeeds, and an error otherwise.' + ModifyCapacityReservationResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + ModifyCapacityReservationFleetResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + ModifyClientVpnEndpointResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + ModifyDefaultCreditSpecificationResult: + type: object + properties: + instanceFamilyCreditSpecification: + allOf: + - $ref: '#/components/schemas/InstanceFamilyCreditSpecification' + - description: The default credit option for CPU usage of the instance family. + ModifyEbsDefaultKmsKeyIdResult: + type: object + properties: + kmsKeyId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the default KMS key for encryption by default. + ModifyFleetResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If the request succeeds, the response returns true. If the request fails, no response is returned, and instead an error message is returned.' + ModifyFpgaImageAttributeResult: + type: object + properties: + fpgaImageAttribute: + allOf: + - $ref: '#/components/schemas/FpgaImageAttribute' + - description: Information about the attribute. + LoadPermissionListRequest: + type: array + items: + allOf: + - $ref: '#/components/schemas/LoadPermissionRequest' + - xml: + name: item + ModifyHostsResult: + type: object + properties: + successful: + allOf: + - $ref: '#/components/schemas/ResponseHostIdList' + - description: The IDs of the Dedicated Hosts that were successfully modified. + unsuccessful: + allOf: + - $ref: '#/components/schemas/UnsuccessfulItemList' + - description: The IDs of the Dedicated Hosts that could not be modified. Check whether the setting you requested can be used. + LaunchPermissionList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchPermission' + - xml: + name: item + InstanceBlockDeviceMappingSpecification: + type: object + properties: + deviceName: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The device name (for example, /dev/sdh or xvdh).' + ebs: + allOf: + - $ref: '#/components/schemas/EbsInstanceBlockDeviceSpecification' + - description: Parameters used to automatically set up EBS volumes when the instance is launched. + noDevice: + allOf: + - $ref: '#/components/schemas/String' + - description: suppress the specified device included in the block device mapping. + virtualName: + allOf: + - $ref: '#/components/schemas/String' + - description: The virtual device name. + description: Describes a block device mapping entry. + Blob: + type: string + ModifyInstanceCapacityReservationAttributesResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + CapacityReservationTarget: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The ARN of the Capacity Reservation resource group in which to run the instance. + description: Describes a target Capacity Reservation or Capacity Reservation group. + ModifyInstanceCreditSpecificationResult: + type: object + properties: + successfulInstanceCreditSpecificationSet: + allOf: + - $ref: '#/components/schemas/SuccessfulInstanceCreditSpecificationSet' + - description: Information about the instances whose credit option for CPU usage was successfully modified. + unsuccessfulInstanceCreditSpecificationSet: + allOf: + - $ref: '#/components/schemas/UnsuccessfulInstanceCreditSpecificationSet' + - description: Information about the instances whose credit option for CPU usage was not modified. + InstanceCreditSpecificationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description:

The credit option for CPU usage of the instance. Valid values are standard and unlimited.

T3 instances with host tenancy do not support the unlimited CPU credit option.

+ description: Describes the credit option for CPU usage of a burstable performance instance. + ModifyInstanceEventStartTimeResult: + type: object + properties: + event: + $ref: '#/components/schemas/InstanceStatusEvent' + ModifyInstanceEventWindowResult: + type: object + properties: + instanceEventWindow: + allOf: + - $ref: '#/components/schemas/InstanceEventWindow' + - description: Information about the event window. + ModifyInstanceMaintenanceOptionsResult: + type: object + properties: + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + autoRecovery: + allOf: + - $ref: '#/components/schemas/InstanceAutoRecoveryState' + - description: Provides information on the current automatic recovery behavior of your instance. + ModifyInstanceMetadataOptionsResult: + type: object + properties: + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + instanceMetadataOptions: + allOf: + - $ref: '#/components/schemas/InstanceMetadataOptionsResponse' + - description: The metadata options for the instance. + ModifyInstancePlacementResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Is true if the request succeeds, and an error otherwise.' + ModifyIpamResult: + type: object + properties: + ipam: + allOf: + - $ref: '#/components/schemas/Ipam' + - description: The results of the modification. + RemoveIpamOperatingRegion: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the operating Region you want to remove. + description: '

Remove an operating Region from an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide

' + ModifyIpamPoolResult: + type: object + properties: + ipamPool: + allOf: + - $ref: '#/components/schemas/IpamPool' + - description: The results of the modification. + ModifyIpamResourceCidrResult: + type: object + properties: + ipamResourceCidr: + $ref: '#/components/schemas/IpamResourceCidr' + ModifyIpamScopeResult: + type: object + properties: + ipamScope: + allOf: + - $ref: '#/components/schemas/IpamScope' + - description: The results of the modification. + ModifyLaunchTemplateResult: + type: object + example: + LaunchTemplate: + CreateTime: '2017-12-01T13:35:46.000Z' + CreatedBy: 'arn:aws:iam::123456789012:root' + DefaultVersionNumber: 2 + LatestVersionNumber: 2 + LaunchTemplateId: lt-0abcd290751193123 + LaunchTemplateName: WebServers + properties: + launchTemplate: + allOf: + - $ref: '#/components/schemas/LaunchTemplate' + - description: Information about the launch template. + ModifyManagedPrefixListResult: + type: object + properties: + prefixList: + allOf: + - $ref: '#/components/schemas/ManagedPrefixList' + - description: Information about the prefix list. + RemovePrefixListEntry: + type: object + required: + - Cidr + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The CIDR block. + description: An entry for a prefix list. + NetworkInterfaceAttachmentId: + type: string + ModifyPrivateDnsNameOptionsResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + ModifyReservedInstancesResult: + type: object + properties: + reservedInstancesModificationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID for the modification. + description: Contains the output of ModifyReservedInstances. + ReservedInstancesConfiguration: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone for the modified Reserved Instances. + instanceCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description:

The number of modified Reserved Instances.

This is a required field for a request.

 + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type for the modified Reserved Instances. + platform: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The network platform of the modified Reserved Instances, which is either EC2-Classic or EC2-VPC.' + scope: + allOf: + - $ref: '#/components/schemas/scope' + - description: Whether the Reserved Instance is applied to instances in a Region or instances in a specific Availability Zone. + description: Describes the configuration settings for the modified Reserved Instances. + ModifySecurityGroupRulesResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, returns an error.' + SecurityGroupRuleUpdate: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/SecurityGroupRuleRequest' + - description: Information about the security group rule. + description: Describes an update to a security group rule. + CreateVolumePermissionList: + type: array + items: + allOf: + - $ref: '#/components/schemas/CreateVolumePermission' + - xml: + name: item + ModifySnapshotTierResult: + type: object + properties: + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the snapshot. + tieringStartTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time when the archive process was started. + ModifySpotFleetRequestResponse: + type: object + example: + Return: true + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If the request succeeds, the response returns true. If the request fails, no response is returned, and instead an error message is returned.' + description: Contains the output of ModifySpotFleetRequest. + LaunchTemplateConfig: + type: object + properties: + launchTemplateSpecification: + allOf: + - $ref: '#/components/schemas/FleetLaunchTemplateSpecification' + - description: The launch template. + overrides: + allOf: + - $ref: '#/components/schemas/LaunchTemplateOverridesList' + - description: Any parameters that you specify override the same parameters in the launch template. + description: Describes a launch template and overrides. + ModifyTrafficMirrorFilterNetworkServicesResult: + type: object + properties: + trafficMirrorFilter: + allOf: + - $ref: '#/components/schemas/TrafficMirrorFilter' + - description: The Traffic Mirror filter that the network service is associated with. + TrafficMirrorNetworkService: + type: string + enum: + - amazon-dns + ModifyTrafficMirrorFilterRuleResult: + type: object + properties: + trafficMirrorFilterRule: + allOf: + - $ref: '#/components/schemas/TrafficMirrorFilterRule' + - description: Modifies a Traffic Mirror rule. + TrafficMirrorFilterRuleField: + type: string + enum: + - destination-port-range + - source-port-range + - protocol + - description + ModifyTrafficMirrorSessionResult: + type: object + properties: + trafficMirrorSession: + allOf: + - $ref: '#/components/schemas/TrafficMirrorSession' + - description: Information about the Traffic Mirror session. + TrafficMirrorSessionField: + type: string + enum: + - packet-length + - description + - virtual-network-id + ModifyTransitGatewayResult: + type: object + properties: + transitGateway: + $ref: '#/components/schemas/TransitGateway' + ModifyTransitGatewayPrefixListReferenceResult: + type: object + properties: + transitGatewayPrefixListReference: + allOf: + - $ref: '#/components/schemas/TransitGatewayPrefixListReference' + - description: Information about the prefix list reference. + ModifyTransitGatewayVpcAttachmentResult: + type: object + properties: + transitGatewayVpcAttachment: + allOf: + - $ref: '#/components/schemas/TransitGatewayVpcAttachment' + - description: Information about the modified attachment. + ModifyVolumeResult: + type: object + properties: + volumeModification: + allOf: + - $ref: '#/components/schemas/VolumeModification' + - description: Information about the volume modification. + ModifyVpcEndpointResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + ModifyVpcEndpointConnectionNotificationResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + ModifyVpcEndpointServiceConfigurationResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + ModifyVpcEndpointServicePayerResponsibilityResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + ModifyVpcEndpointServicePermissionsResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + ModifyVpcPeeringConnectionOptionsResult: + type: object + properties: + accepterPeeringConnectionOptions: + allOf: + - $ref: '#/components/schemas/PeeringConnectionOptions' + - description: Information about the VPC peering connection options for the accepter VPC. + requesterPeeringConnectionOptions: + allOf: + - $ref: '#/components/schemas/PeeringConnectionOptions' + - description: Information about the VPC peering connection options for the requester VPC. + ModifyVpcTenancyResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, returns an error.' + ModifyVpnConnectionResult: + type: object + properties: + vpnConnection: + $ref: '#/components/schemas/VpnConnection' + ModifyVpnConnectionOptionsResult: + type: object + properties: + vpnConnection: + $ref: '#/components/schemas/VpnConnection' + ModifyVpnTunnelCertificateResult: + type: object + properties: + vpnConnection: + $ref: '#/components/schemas/VpnConnection' + ModifyVpnTunnelOptionsResult: + type: object + properties: + vpnConnection: + $ref: '#/components/schemas/VpnConnection' + Phase1EncryptionAlgorithmsRequestList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Phase1EncryptionAlgorithmsRequestListValue' + - xml: + name: item + Phase2EncryptionAlgorithmsRequestList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Phase2EncryptionAlgorithmsRequestListValue' + - xml: + name: item + Phase1IntegrityAlgorithmsRequestList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Phase1IntegrityAlgorithmsRequestListValue' + - xml: + name: item + Phase2IntegrityAlgorithmsRequestList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Phase2IntegrityAlgorithmsRequestListValue' + - xml: + name: item + Phase1DHGroupNumbersRequestList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Phase1DHGroupNumbersRequestListValue' + - xml: + name: item + Phase2DHGroupNumbersRequestList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Phase2DHGroupNumbersRequestListValue' + - xml: + name: item + MonitorInstancesResult: + type: object + properties: + instancesSet: + allOf: + - $ref: '#/components/schemas/InstanceMonitoringList' + - description: The monitoring information. + MoveAddressToVpcResult: + type: object + example: + Status: MoveInProgress + properties: + allocationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The allocation ID for the Elastic IP address. + status: + allOf: + - $ref: '#/components/schemas/Status' + - description: The status of the move of the IP address. + MoveByoipCidrToIpamResult: + type: object + properties: + byoipCidr: + $ref: '#/components/schemas/ByoipCidr' + ProvisionByoipCidrResult: + type: object + properties: + byoipCidr: + allOf: + - $ref: '#/components/schemas/ByoipCidr' + - description: Information about the address range. + ProvisionIpamPoolCidrResult: + type: object + properties: + ipamPoolCidr: + allOf: + - $ref: '#/components/schemas/IpamPoolCidr' + - description: Information about the provisioned CIDR. + ProvisionPublicIpv4PoolCidrResult: + type: object + properties: + poolId: + allOf: + - $ref: '#/components/schemas/Ipv4PoolEc2Id' + - description: The ID of the pool that you want to provision the CIDR to. + poolAddressRange: + $ref: '#/components/schemas/PublicIpv4PoolRange' + PurchaseHostReservationResult: + type: object + properties: + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' + currencyCode: + allOf: + - $ref: '#/components/schemas/CurrencyCodeValues' + - description: 'The currency in which the totalUpfrontPrice and totalHourlyPrice amounts are specified. At this time, the only supported currency is USD.' + purchase: + allOf: + - $ref: '#/components/schemas/PurchaseSet' + - description: Describes the details of the purchase. + totalHourlyPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The total hourly price of the reservation calculated per hour. + totalUpfrontPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The total amount charged to your account when you purchase the reservation. + PurchaseReservedInstancesOfferingResult: + type: object + properties: + reservedInstancesId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IDs of the purchased Reserved Instances. If your purchase crosses into a discounted pricing tier, the final Reserved Instances IDs might change. For more information, see Crossing pricing tiers in the Amazon Elastic Compute Cloud User Guide.' + description: Contains the output of PurchaseReservedInstancesOffering. + Double: + type: number + format: double + CurrencyCodeValues: + type: string + enum: + - USD + PurchaseScheduledInstancesResult: + type: object + example: + ScheduledInstanceSet: + - AvailabilityZone: us-west-2b + CreateDate: '2016-01-25T21:43:38.612Z' + HourlyPrice: '0.095' + InstanceCount: 1 + InstanceType: c4.large + NetworkPlatform: EC2-VPC + NextSlotStartTime: '2016-01-31T09:00:00Z' + Platform: Linux/UNIX + Recurrence: + Frequency: Weekly + Interval: 1 + OccurrenceDaySet: + - 1 + OccurrenceRelativeToEnd: false + OccurrenceUnit: '' + ScheduledInstanceId: sci-1234-1234-1234-1234-123456789012 + SlotDurationInHours: 32 + TermEndDate: '2017-01-31T09:00:00Z' + TermStartDate: '2016-01-31T09:00:00Z' + TotalScheduledInstanceHours: 1696 + properties: + scheduledInstanceSet: + allOf: + - $ref: '#/components/schemas/PurchasedScheduledInstanceSet' + - description: Information about the Scheduled Instances. + description: Contains the output of PurchaseScheduledInstances. + PurchaseRequest: + type: object + required: + - InstanceCount + - PurchaseToken + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The purchase token. + description: Describes a request to purchase Scheduled Instances. + RegisterImageResult: + type: object + properties: + imageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the newly registered AMI. + description: Contains the output of RegisterImage. + RegisterInstanceEventNotificationAttributesResult: + type: object + properties: + instanceTagAttribute: + allOf: + - $ref: '#/components/schemas/InstanceTagNotificationAttribute' + - description: The resulting set of tag keys. + RegisterTransitGatewayMulticastGroupMembersResult: + type: object + properties: + registeredMulticastGroupMembers: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastRegisteredGroupMembers' + - description: Information about the registered transit gateway multicast group members. + RegisterTransitGatewayMulticastGroupSourcesResult: + type: object + properties: + registeredMulticastGroupSources: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastRegisteredGroupSources' + - description: Information about the transit gateway multicast group sources. + RejectTransitGatewayMulticastDomainAssociationsResult: + type: object + properties: + associations: + $ref: '#/components/schemas/TransitGatewayMulticastDomainAssociations' + RejectTransitGatewayPeeringAttachmentResult: + type: object + properties: + transitGatewayPeeringAttachment: + allOf: + - $ref: '#/components/schemas/TransitGatewayPeeringAttachment' + - description: The transit gateway peering attachment. + RejectTransitGatewayVpcAttachmentResult: + type: object + properties: + transitGatewayVpcAttachment: + allOf: + - $ref: '#/components/schemas/TransitGatewayVpcAttachment' + - description: Information about the attachment. + RejectVpcEndpointConnectionsResult: + type: object + properties: + unsuccessful: + allOf: + - $ref: '#/components/schemas/UnsuccessfulItemSet' + - description: 'Information about the endpoints that were not rejected, if applicable.' + RejectVpcPeeringConnectionResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + ReleaseHostsResult: + type: object + properties: + successful: + allOf: + - $ref: '#/components/schemas/ResponseHostIdList' + - description: The IDs of the Dedicated Hosts that were successfully released. + unsuccessful: + allOf: + - $ref: '#/components/schemas/UnsuccessfulItemList' + - description: 'The IDs of the Dedicated Hosts that could not be released, including an error message.' + ReleaseIpamPoolAllocationResult: + type: object + properties: + success: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates if the release was successful. + ReplaceIamInstanceProfileAssociationResult: + type: object + properties: + iamInstanceProfileAssociation: + allOf: + - $ref: '#/components/schemas/IamInstanceProfileAssociation' + - description: Information about the IAM instance profile association. + ReplaceNetworkAclAssociationResult: + type: object + example: + NewAssociationId: aclassoc-3999875b + properties: + newAssociationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the new association. + ReplaceRouteTableAssociationResult: + type: object + example: + NewAssociationId: rtbassoc-3a1f0f58 + properties: + newAssociationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the new association. + associationState: + allOf: + - $ref: '#/components/schemas/RouteTableAssociationState' + - description: The state of the association. + ReplaceTransitGatewayRouteResult: + type: object + properties: + route: + allOf: + - $ref: '#/components/schemas/TransitGatewayRoute' + - description: Information about the modified route. + ReportInstanceReasonCodes: + type: string + enum: + - instance-stuck-in-state + - unresponsive + - not-accepting-credentials + - password-not-available + - performance-network + - performance-instance-store + - performance-ebs-volume + - performance-other + - other + RequestSpotFleetResponse: + type: object + example: + SpotFleetRequestId: sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE + properties: + spotFleetRequestId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Spot Fleet request. + description: Contains the output of RequestSpotFleet. + AllocationStrategy: + type: string + enum: + - lowestPrice + - diversified + - capacityOptimized + - capacityOptimizedPrioritized + OnDemandAllocationStrategy: + type: string + enum: + - lowestPrice + - prioritized + SpotMaintenanceStrategies: + type: object + properties: + capacityRebalance: + allOf: + - $ref: '#/components/schemas/SpotCapacityRebalance' + - description: 'The Spot Instance replacement strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. For more information, see Capacity rebalancing in the Amazon EC2 User Guide for Linux Instances.' + description: The strategies for managing your Spot Instances that are at an elevated risk of being interrupted. + ExcessCapacityTerminationPolicy: + type: string + enum: + - noTermination + - default + LaunchSpecsList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SpotFleetLaunchSpecification' + - xml: + name: item + LaunchTemplateConfigList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateConfig' + - xml: + name: item + FleetType: + type: string + enum: + - request + - maintain + - instant + InstanceInterruptionBehavior: + type: string + enum: + - hibernate + - stop + - terminate + LoadBalancersConfig: + type: object + properties: + classicLoadBalancersConfig: + allOf: + - $ref: '#/components/schemas/ClassicLoadBalancersConfig' + - description: The Classic Load Balancers. + targetGroupsConfig: + allOf: + - $ref: '#/components/schemas/TargetGroupsConfig' + - description: The target groups. + description: Describes the Classic Load Balancers and target groups to attach to a Spot Fleet request. + TagSpecificationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagSpecification' + - xml: + name: item + RequestSpotInstancesResult: + type: object + properties: + spotInstanceRequestSet: + allOf: + - $ref: '#/components/schemas/SpotInstanceRequestList' + - description: One or more Spot Instance requests. + description: Contains the output of RequestSpotInstances. + RequestSpotLaunchSpecificationSecurityGroupIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: item + RequestSpotLaunchSpecificationSecurityGroupList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + BlockDeviceMappingList: + type: array + items: + allOf: + - $ref: '#/components/schemas/BlockDeviceMapping' + - xml: + name: item + IamInstanceProfileSpecification: + type: object + properties: + arn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the instance profile. + name: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the instance profile. + description: Describes an IAM instance profile. + KernelId: + type: string + RunInstancesMonitoringEnabled: + type: object + required: + - Enabled + properties: + enabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Indicates whether detailed monitoring is enabled. Otherwise, basic monitoring is enabled.' + description: Describes the monitoring of an instance. + InstanceNetworkInterfaceSpecificationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceNetworkInterfaceSpecification' + - xml: + name: item + SpotPlacement: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The Availability Zone.

[Spot Fleet only] To specify multiple Availability Zones, separate them using commas; for example, "us-west-2a, us-west-2b".

' + groupName: + allOf: + - $ref: '#/components/schemas/PlacementGroupName' + - description: The name of the placement group. + tenancy: + allOf: + - $ref: '#/components/schemas/Tenancy' + - description: The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for Spot Instances. + description: Describes Spot Instance placement. + RamdiskId: + type: string + ResetAddressAttributeResult: + type: object + properties: + address: + allOf: + - $ref: '#/components/schemas/AddressAttribute' + - description: Information about the IP address. + ResetEbsDefaultKmsKeyIdResult: + type: object + properties: + kmsKeyId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the default KMS key for EBS encryption by default. + ResetFpgaImageAttributeResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Is true if the request succeeds, and an error otherwise.' + RestoreAddressToClassicResult: + type: object + example: + PublicIp: 198.51.100.0 + Status: MoveInProgress + properties: + publicIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The Elastic IP address. + status: + allOf: + - $ref: '#/components/schemas/Status' + - description: The move status for the IP address. + RestoreImageFromRecycleBinResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + RestoreManagedPrefixListVersionResult: + type: object + properties: + prefixList: + allOf: + - $ref: '#/components/schemas/ManagedPrefixList' + - description: Information about the prefix list. + RestoreSnapshotFromRecycleBinResult: + type: object + properties: + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the snapshot. + outpostArn: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ARN of the Outpost on which the snapshot is stored. For more information, see Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.' + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description for the snapshot. + encrypted: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the snapshot is encrypted. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the EBS snapshot. + progress: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The progress of the snapshot, as a percentage.' + startTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time stamp when the snapshot was initiated. + status: + allOf: + - $ref: '#/components/schemas/SnapshotState' + - description: The state of the snapshot. + volumeId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the volume that was used to create the snapshot. + volumeSize: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The size of the volume, in GiB.' + RestoreSnapshotTierResult: + type: object + properties: + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the snapshot. + restoreStartTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time when the snapshot restore process started. + restoreDuration: + allOf: + - $ref: '#/components/schemas/Integer' + - description: For temporary restores only. The number of days for which the archived snapshot is temporarily restored. + isPermanentRestore: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the snapshot is permanently restored. true indicates a permanent restore. false indicates a temporary restore. + RevokeClientVpnIngressResult: + type: object + properties: + status: + allOf: + - $ref: '#/components/schemas/ClientVpnAuthorizationRuleStatus' + - description: The current state of the authorization rule. + RevokeSecurityGroupEgressResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, returns an error.' + unknownIpPermissionSet: + allOf: + - $ref: '#/components/schemas/IpPermissionList' + - description: 'The outbound rules that were unknown to the service. In some cases, unknownIpPermissionSet might be in a different format from the request parameter. ' + RevokeSecurityGroupIngressResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, returns an error.' + unknownIpPermissionSet: + allOf: + - $ref: '#/components/schemas/IpPermissionList' + - description: 'The inbound rules that were unknown to the service. In some cases, unknownIpPermissionSet might be in a different format from the request parameter. ' + Reservation: + type: object + example: {} + properties: + groupSet: + allOf: + - $ref: '#/components/schemas/GroupIdentifierList' + - description: '[EC2-Classic only] The security groups.' + instancesSet: + allOf: + - $ref: '#/components/schemas/InstanceList' + - description: The instances. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the reservation. + requesterId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ID of the requester that launched the instances on your behalf (for example, Amazon Web Services Management Console or Auto Scaling).' + reservationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the reservation. + description: 'Describes a launch request for one or more instances, and includes owner, requester, and security group information that applies to all instances in the launch request.' + Tenancy: + type: string + enum: + - default + - dedicated + - host + InstanceNetworkInterfaceSpecification: + type: object + properties: + associatePublicIpAddress: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Indicates whether to assign a public IPv4 address to an instance you launch in a VPC. The public IP address can only be assigned to a network interface for eth0, and can only be assigned to a new network interface, not an existing one. You cannot specify more than one network interface in the request. If launching into a default subnet, the default value is true.' + deleteOnTermination: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If set to true, the interface is deleted when the instance is terminated. You can specify true only if creating a new network interface when launching an instance.' + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the network interface. Applies only if creating a network interface when launching an instance. + deviceIndex: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The position of the network interface in the attachment order. A primary network interface has a device index of 0.

If you specify a network interface when launching an instance, you must specify the device index.

' + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/SecurityGroupIdStringList' + - description: The IDs of the security groups for the network interface. Applies only if creating a network interface when launching an instance. + ipv6AddressCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: A number of IPv6 addresses to assign to the network interface. Amazon EC2 chooses the IPv6 addresses from the range of the subnet. You cannot specify this option and the option to assign specific IPv6 addresses in the same request. You can specify this option if you've specified a minimum number of instances to launch. + ipv6AddressesSet: + allOf: + - $ref: '#/components/schemas/InstanceIpv6AddressList' + - description: One or more IPv6 addresses to assign to the network interface. You cannot specify this option and the option to assign a number of IPv6 addresses in the same request. You cannot specify this option if you've specified a minimum number of instances to launch. + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - description: '

The ID of the network interface.

If you are creating a Spot Fleet, omit this parameter because you can’t specify a network interface ID in a launch specification.

' + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The private IPv4 address of the network interface. Applies only if creating a network interface when launching an instance. You cannot specify this option if you''re launching more than one instance in a RunInstances request.' + privateIpAddressesSet: + allOf: + - $ref: '#/components/schemas/PrivateIpAddressSpecificationList' + - description: 'One or more private IPv4 addresses to assign to the network interface. Only one private IPv4 address can be designated as primary. You cannot specify this option if you''re launching more than one instance in a RunInstances request.' + secondaryPrivateIpAddressCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The number of secondary private IPv4 addresses. You can''t specify this option and specify more than one private IP address using the private IP addresses option. You cannot specify this option if you''re launching more than one instance in a RunInstances request.' + subnetId: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0.

If you are using RequestSpotInstances to create Spot Instances, omit this parameter because you can’t specify the network card index when using this API. To specify the network card index, use RunInstances.

' + Ipv4Prefix: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of IPv4 delegated prefixes to be automatically assigned to the network interface. You cannot use this option if you use the Ipv4Prefix option. + Ipv6Prefix: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of IPv6 delegated prefixes to be automatically assigned to the network interface. You cannot use this option if you use the Ipv6Prefix option. + description: Describes a network interface. + ElasticGpuSpecification: + type: object + required: + - Type + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The type of Elastic Graphics accelerator. For more information about the values to specify for Type, see Elastic Graphics Basics, specifically the Elastic Graphics accelerator column, in the Amazon Elastic Compute Cloud User Guide for Windows Instances.' + description: A specification for an Elastic Graphics accelerator. + ElasticInferenceAccelerator: + type: object + required: + - Type + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ElasticInferenceAcceleratorCount' + - description: '

The number of elastic inference accelerators to attach to the instance.

Default: 1

' + description: ' Describes an elastic inference accelerator. ' + SpotMarketOptions: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceInterruptionBehavior' + - description: The behavior when a Spot Instance is interrupted. The default is terminate. + description: The options for Spot Instances. + LicenseConfigurationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the license configuration. + description: Describes a license configuration. + InstanceMetadataTagsState: + type: string + enum: + - disabled + - enabled + InstanceAutoRecoveryState: + type: string + enum: + - disabled + - default + RunScheduledInstancesResult: + type: object + example: + InstanceIdSet: + - i-1234567890abcdef0 + properties: + instanceIdSet: + allOf: + - $ref: '#/components/schemas/InstanceIdSet' + - description: The IDs of the newly launched instances. + description: Contains the output of RunScheduledInstances. + ScheduledInstancesMonitoring: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether monitoring is enabled. + description: Describes whether monitoring is enabled for a Scheduled Instance. + SearchLocalGatewayRoutesResult: + type: object + properties: + routeSet: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteList' + - description: Information about the routes. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + SearchTransitGatewayMulticastGroupsResult: + type: object + properties: + multicastGroups: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastGroupList' + - description: Information about the transit gateway multicast group. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + SearchTransitGatewayRoutesResult: + type: object + properties: + routeSet: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteList' + - description: Information about the routes. + additionalRoutesAvailable: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether there are additional routes available. + StartInstancesResult: + type: object + example: + StartingInstances: + - CurrentState: + Code: 0 + Name: pending + InstanceId: i-1234567890abcdef0 + PreviousState: + Code: 80 + Name: stopped + properties: + instancesSet: + allOf: + - $ref: '#/components/schemas/InstanceStateChangeList' + - description: Information about the started instances. + StartNetworkInsightsAccessScopeAnalysisResult: + type: object + properties: + networkInsightsAccessScopeAnalysis: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysis' + - description: The Network Access Scope analysis. + StartNetworkInsightsAnalysisResult: + type: object + properties: + networkInsightsAnalysis: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAnalysis' + - description: Information about the network insights analysis. + ResourceArn: + type: string + minLength: 1 + maxLength: 1283 + StartVpcEndpointServicePrivateDnsVerificationResult: + type: object + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, it returns an error.' + StopInstancesResult: + type: object + example: + StoppingInstances: + - CurrentState: + Code: 64 + Name: stopping + InstanceId: i-1234567890abcdef0 + PreviousState: + Code: 16 + Name: running + properties: + instancesSet: + allOf: + - $ref: '#/components/schemas/InstanceStateChangeList' + - description: Information about the stopped instances. + TerminateClientVpnConnectionsResult: + type: object + properties: + clientVpnEndpointId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Client VPN endpoint. + username: + allOf: + - $ref: '#/components/schemas/String' + - description: The user who established the terminated client connections. + connectionStatuses: + allOf: + - $ref: '#/components/schemas/TerminateConnectionStatusSet' + - description: The current state of the client connections. + TerminateInstancesResult: + type: object + example: + TerminatingInstances: + - CurrentState: + Code: 32 + Name: shutting-down + InstanceId: i-1234567890abcdef0 + PreviousState: + Code: 16 + Name: running + properties: + instancesSet: + allOf: + - $ref: '#/components/schemas/InstanceStateChangeList' + - description: Information about the terminated instances. + UnassignIpv6AddressesResult: + type: object + properties: + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network interface. + unassignedIpv6Addresses: + allOf: + - $ref: '#/components/schemas/Ipv6AddressList' + - description: The IPv6 addresses that have been unassigned from the network interface. + unassignedIpv6PrefixSet: + allOf: + - $ref: '#/components/schemas/IpPrefixList' + - description: The IPv4 prefixes that have been unassigned from the network interface. + UnmonitorInstancesResult: + type: object + properties: + instancesSet: + allOf: + - $ref: '#/components/schemas/InstanceMonitoringList' + - description: The monitoring information. + UpdateSecurityGroupRuleDescriptionsEgressResult: + type: object + example: {} + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, returns an error.' + SecurityGroupRuleDescription: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the security group rule. + description:

Describes the description of a security group rule.

You can use this when you want to update the security group rule description for either an inbound or outbound rule.

+ UpdateSecurityGroupRuleDescriptionsIngressResult: + type: object + example: {} + properties: + return: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Returns true if the request succeeds; otherwise, returns an error.' + WithdrawByoipCidrResult: + type: object + properties: + byoipCidr: + allOf: + - $ref: '#/components/schemas/ByoipCidr' + - description: Information about the address pool. + AcceleratorCount: + type: object + properties: + min: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The minimum number of accelerators. If this parameter is not specified, there is no minimum limit.' + max: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum number of accelerators. If this parameter is not specified, there is no maximum limit.' + description: 'The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an instance.' + AcceleratorManufacturer: + type: string + enum: + - nvidia + - amd + - amazon-web-services + - xilinx + AcceleratorName: + type: string + enum: + - a100 + - v100 + - k80 + - t4 + - m60 + - radeon-pro-v520 + - vu9p + AcceleratorNameSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/AcceleratorName' + - xml: + name: item + AcceleratorTotalMemoryMiB: + type: object + properties: + min: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The minimum amount of accelerator memory, in MiB. If this parameter is not specified, there is no minimum limit.' + max: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum amount of accelerator memory, in MiB. If this parameter is not specified, there is no maximum limit.' + description: 'The minimum and maximum amount of total accelerator memory, in MiB.' + AcceleratorType: + type: string + enum: + - gpu + - fpga + - inference + AcceleratorTypeSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/AcceleratorType' + - xml: + name: item + ReservedInstanceIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservationId' + - xml: + name: ReservedInstanceId + TargetConfigurationRequestSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/TargetConfigurationRequest' + - xml: + name: TargetConfigurationRequest + AcceptReservedInstancesExchangeQuoteRequest: + type: object + required: + - ReservedInstanceIds + title: AcceptReservedInstancesExchangeQuoteRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ReservedInstanceId: + allOf: + - $ref: '#/components/schemas/ReservedInstanceIdSet' + - description: The IDs of the Convertible Reserved Instances to exchange for another Convertible Reserved Instance of the same or higher value. + TargetConfiguration: + allOf: + - $ref: '#/components/schemas/TargetConfigurationRequestSet' + - description: The configuration of the target Convertible Reserved Instance to exchange for your current Convertible Reserved Instances. + description: Contains the parameters for accepting the quote. + AcceptTransitGatewayMulticastDomainAssociationsRequest: + type: object + title: AcceptTransitGatewayMulticastDomainAssociationsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayMulticastDomainAssociations: + type: object + properties: + transitGatewayMulticastDomainId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway multicast domain. + transitGatewayAttachmentId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway attachment. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource. + resourceType: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' + - description: 'The type of resource, for example a VPC attachment.' + resourceOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: ' The ID of the Amazon Web Services account that owns the resource.' + subnets: + allOf: + - $ref: '#/components/schemas/SubnetAssociationList' + - description: The subnets associated with the multicast domain. + description: Describes the multicast domain associations. + AcceptTransitGatewayPeeringAttachmentRequest: + type: object + required: + - TransitGatewayAttachmentId + title: AcceptTransitGatewayPeeringAttachmentRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayPeeringAttachment: + type: object + properties: + transitGatewayAttachmentId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway peering attachment. + requesterTgwInfo: + allOf: + - $ref: '#/components/schemas/PeeringTgwInfo' + - description: Information about the requester transit gateway. + accepterTgwInfo: + allOf: + - $ref: '#/components/schemas/PeeringTgwInfo' + - description: Information about the accepter transit gateway. + status: + allOf: + - $ref: '#/components/schemas/PeeringAttachmentStatus' + - description: The status of the transit gateway peering attachment. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentState' + - description: The state of the transit gateway peering attachment. Note that the initiating state has been deprecated. + creationTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time the transit gateway peering attachment was created. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the transit gateway peering attachment. + description: Describes the transit gateway peering attachment. + AcceptTransitGatewayVpcAttachmentRequest: + type: object + required: + - TransitGatewayAttachmentId + title: AcceptTransitGatewayVpcAttachmentRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayVpcAttachment: + type: object + properties: + transitGatewayAttachmentId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the attachment. + transitGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + vpcOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the VPC. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentState' + - description: The state of the VPC attachment. Note that the initiating state has been deprecated. + subnetIds: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The IDs of the subnets. + creationTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The creation time. + options: + allOf: + - $ref: '#/components/schemas/TransitGatewayVpcAttachmentOptions' + - description: The VPC attachment options. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the VPC attachment. + description: Describes a VPC attachment. + VpcEndpointIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcEndpointId' + - xml: + name: item + AcceptVpcEndpointConnectionsRequest: + type: object + required: + - ServiceId + - VpcEndpointIds + title: AcceptVpcEndpointConnectionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpcEndpointServiceId' + - description: The ID of the VPC endpoint service. + VpcEndpointId: + allOf: + - $ref: '#/components/schemas/VpcEndpointIdList' + - description: The IDs of one or more interface VPC endpoints. + UnsuccessfulItemSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/UnsuccessfulItem' + - xml: + name: item + AcceptVpcPeeringConnectionRequest: + type: object + title: AcceptVpcPeeringConnectionRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + vpcPeeringConnectionId: + allOf: + - $ref: '#/components/schemas/VpcPeeringConnectionId' + - description: The ID of the VPC peering connection. You must specify this parameter in the request. + VpcPeeringConnection: + type: object + properties: + accepterVpcInfo: + allOf: + - $ref: '#/components/schemas/VpcPeeringConnectionVpcInfo' + - description: Information about the accepter VPC. CIDR block information is only returned when describing an active VPC peering connection. + expirationTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time that an unaccepted VPC peering connection will expire. + requesterVpcInfo: + allOf: + - $ref: '#/components/schemas/VpcPeeringConnectionVpcInfo' + - description: Information about the requester VPC. CIDR block information is only returned when describing an active VPC peering connection. + status: + allOf: + - $ref: '#/components/schemas/VpcPeeringConnectionStateReason' + - description: The status of the VPC peering connection. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the resource. + vpcPeeringConnectionId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC peering connection. + description: Describes a VPC peering connection. + PathComponentList: + type: array + items: + allOf: + - $ref: '#/components/schemas/PathComponent' + - xml: + name: item + AccessScopeAnalysisFinding: + type: object + properties: + networkInsightsAccessScopeAnalysisId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysisId' + - description: The ID of the Network Access Scope analysis. + networkInsightsAccessScopeId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' + - description: The ID of the Network Access Scope. + findingId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the finding. + findingComponentSet: + allOf: + - $ref: '#/components/schemas/PathComponentList' + - description: The finding components. + description: Describes a finding for a Network Access Scope. + AccessScopeAnalysisFindingList: + type: array + items: + allOf: + - $ref: '#/components/schemas/AccessScopeAnalysisFinding' + - xml: + name: item + PathStatement: + type: object + properties: + packetHeaderStatement: + allOf: + - $ref: '#/components/schemas/PacketHeaderStatement' + - description: The packet header statement. + resourceStatement: + allOf: + - $ref: '#/components/schemas/ResourceStatement' + - description: The resource statement. + description: Describes a path statement. + ThroughResourcesStatementList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ThroughResourcesStatement' + - xml: + name: item + AccessScopePath: + type: object + properties: + source: + allOf: + - $ref: '#/components/schemas/PathStatement' + - description: The source. + destination: + allOf: + - $ref: '#/components/schemas/PathStatement' + - description: The destination. + throughResourceSet: + allOf: + - $ref: '#/components/schemas/ThroughResourcesStatementList' + - description: The through resources. + description: Describes a path. + AccessScopePathList: + type: array + items: + allOf: + - $ref: '#/components/schemas/AccessScopePath' + - xml: + name: item + AccessScopePathListRequest: + type: array + items: + allOf: + - $ref: '#/components/schemas/AccessScopePathRequest' + - xml: + name: item + PathStatementRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ResourceStatementRequest' + - description: The resource statement. + description: Describes a path statement. + ThroughResourcesStatementRequestList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ThroughResourcesStatementRequest' + - xml: + name: item + AccountAttributeValueList: + type: array + items: + allOf: + - $ref: '#/components/schemas/AccountAttributeValue' + - xml: + name: item + AccountAttribute: + type: object + properties: + attributeName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the account attribute. + attributeValueSet: + allOf: + - $ref: '#/components/schemas/AccountAttributeValueList' + - description: The values for the account attribute. + description: Describes an account attribute. + AccountAttributeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/AccountAttribute' + - xml: + name: item + AccountAttributeNameStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/AccountAttributeName' + - xml: + name: attributeName + AccountAttributeValue: + type: object + properties: + attributeValue: + allOf: + - $ref: '#/components/schemas/String' + - description: The value of the attribute. + description: Describes a value of an account attribute. + InstanceHealthStatus: + type: string + enum: + - healthy + - unhealthy + ActiveInstance: + type: object + properties: + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + instanceType: + allOf: + - $ref: '#/components/schemas/String' + - description: The instance type. + spotInstanceRequestId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Spot Instance request. + instanceHealth: + allOf: + - $ref: '#/components/schemas/InstanceHealthStatus' + - description: 'The health status of the instance. If the status of either the instance status check or the system status check is impaired, the health status of the instance is unhealthy. Otherwise, the health status is healthy.' + description: Describes a running instance in a Spot Fleet. + ActiveInstanceSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ActiveInstance' + - xml: + name: item + ActivityStatus: + type: string + enum: + - error + - pending_fulfillment + - pending_termination + - fulfilled + AddIpamOperatingRegionSet: + type: array + items: + $ref: '#/components/schemas/AddIpamOperatingRegion' + minItems: 0 + maxItems: 50 + AddPrefixListEntries: + type: array + items: + $ref: '#/components/schemas/AddPrefixListEntry' + minItems: 0 + maxItems: 100 + AnalysisComponent: + type: object + properties: + id: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the component. + arn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the component. + name: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the analysis component. + description: Describes a path component. + AdditionalDetail: + type: object + properties: + additionalDetailType: + allOf: + - $ref: '#/components/schemas/String' + - description: The information type. + component: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The path component. + description: Describes an additional detail for a path analysis. + AdditionalDetailList: + type: array + items: + allOf: + - $ref: '#/components/schemas/AdditionalDetail' + - xml: + name: item + DomainType: + type: string + enum: + - vpc + - standard + Address: + type: object + properties: + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance that the address is associated with (if any). + publicIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The Elastic IP address. + allocationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID representing the allocation of the address for use with EC2-VPC. + associationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID representing the association of the address with an instance in a VPC. + domain: + allOf: + - $ref: '#/components/schemas/DomainType' + - description: Indicates whether this Elastic IP address is for use with instances in EC2-Classic (standard) or instances in a VPC (vpc). + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network interface. + networkInterfaceOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the network interface. + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The private IP address associated with the Elastic IP address. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the Elastic IP address. + publicIpv4Pool: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of an address pool. + networkBorderGroup: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The name of the unique set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses.' + customerOwnedIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The customer-owned IP address. + customerOwnedIpv4Pool: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the customer-owned address pool. + carrierIp: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The carrier IP address associated. This option is only available for network interfaces which reside in a subnet in a Wavelength Zone (for example an EC2 instance). ' + description: 'Describes an Elastic IP address, or a carrier IP address.' + PublicIpAddress: + type: string + PtrUpdateStatus: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The value for the PTR record update. + status: + allOf: + - $ref: '#/components/schemas/String' + - description: The status of the PTR record update. + reason: + allOf: + - $ref: '#/components/schemas/String' + - description: The reason for the PTR record update. + description: The status of an updated pointer (PTR) record for an Elastic IP address. + AddressAttribute: + type: object + properties: + publicIp: + allOf: + - $ref: '#/components/schemas/PublicIpAddress' + - description: The public IP address. + allocationId: + allOf: + - $ref: '#/components/schemas/AllocationId' + - description: '[EC2-VPC] The allocation ID.' + ptrRecord: + allOf: + - $ref: '#/components/schemas/String' + - description: The pointer (PTR) record for the IP address. + ptrRecordUpdate: + allOf: + - $ref: '#/components/schemas/PtrUpdateStatus' + - description: The updated PTR record for the IP address. + description: The attributes associated with an Elastic IP address. + AddressAttributeName: + type: string + enum: + - domain-name + AddressFamily: + type: string + enum: + - ipv4 + - ipv6 + AddressList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Address' + - xml: + name: item + AddressMaxResults: + type: integer + minimum: 1 + maximum: 1000 + AddressSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/AddressAttribute' + - xml: + name: item + AdvertiseByoipCidrRequest: + type: object + required: + - Cidr + title: AdvertiseByoipCidrRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ByoipCidr: + type: object + properties: + cidr: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The address range, in CIDR notation.' + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the address range. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Upon success, contains the ID of the address pool. Otherwise, contains an error message.' + state: + allOf: + - $ref: '#/components/schemas/ByoipCidrState' + - description: The state of the address pool. + description: Information about an address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP). + Affinity: + type: string + enum: + - default + - host + AllocateAddressRequest: + type: object + title: AllocateAddressRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ID of a customer-owned address pool. Use this parameter to let Amazon EC2 select an address from the address pool. Alternatively, specify a specific address from the address pool.' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to assign to the Elastic IP address. + AutoPlacement: + type: string + enum: + - 'on' + - 'off' + AllocateHostsRequest: + type: object + required: + - AvailabilityZone + - Quantity + title: AllocateHostsRequest + properties: + autoPlacement: + allOf: + - $ref: '#/components/schemas/AutoPlacement' + - description: '

Indicates whether the host accepts any untargeted instance launches that match its instance type configuration, or if it only accepts Host tenancy instance launches that specify its unique host ID. For more information, see Understanding auto-placement and affinity in the Amazon EC2 User Guide.

Default: on

' + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone in which to allocate the Dedicated Host. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' + instanceType: + allOf: + - $ref: '#/components/schemas/String' + - description: '

Specifies the instance family to be supported by the Dedicated Hosts. If you specify an instance family, the Dedicated Hosts support multiple instance types within that instance family.

If you want the Dedicated Hosts to support a specific instance type only, omit this parameter and specify InstanceType instead. You cannot specify InstanceFamily and InstanceType in the same request.

' + quantity: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of Dedicated Hosts to allocate to your account with these parameters. + TagSpecification: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Amazon Web Services Outpost on which to allocate the Dedicated Host. + ResponseHostIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + IpamPoolAllocationDisallowedCidrs: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + AllocateIpamPoolCidrRequest: + type: object + required: + - IpamPoolId + title: AllocateIpamPoolCidrRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: A preview of the next available CIDR in a pool. + DisallowedCidr: + allOf: + - $ref: '#/components/schemas/IpamPoolAllocationDisallowedCidrs' + - description: Exclude a particular CIDR range from being returned by the pool. + IpamPoolAllocation: + type: object + properties: + cidr: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The CIDR for the allocation. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is 10.24.34.0/23. An IPv6 CIDR example is 2001:DB8::/32.' + ipamPoolAllocationId: + allOf: + - $ref: '#/components/schemas/IpamPoolAllocationId' + - description: The ID of an allocation. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the pool allocation. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource. + resourceType: + allOf: + - $ref: '#/components/schemas/IpamPoolAllocationResourceType' + - description: The type of the resource. + resourceRegion: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services Region of the resource. + resourceOwner: + allOf: + - $ref: '#/components/schemas/String' + - description: The owner of the resource. + description: 'In IPAM, an allocation is a CIDR assignment from an IPAM pool to another resource or IPAM pool.' + AllocationIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/AllocationId' + - xml: + name: AllocationId + AllocationIds: + type: array + items: + allOf: + - $ref: '#/components/schemas/AllocationId' + - xml: + name: item + AllocationState: + type: string + enum: + - available + - under-assessment + - permanent-failure + - released + - released-permanent-failure + - pending + PrincipalType: + type: string + enum: + - All + - Service + - OrganizationUnit + - Account + - User + - Role + AllowedPrincipal: + type: object + properties: + principalType: + allOf: + - $ref: '#/components/schemas/PrincipalType' + - description: The type of principal. + principal: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the principal. + description: Describes a principal. + AllowedPrincipalSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/AllowedPrincipal' + - xml: + name: item + AllowsMultipleInstanceTypes: + type: string + enum: + - 'on' + - 'off' + AlternatePathHint: + type: object + properties: + componentId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the component. + componentArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the component. + description: Describes an potential intermediate component of a feasible path. + AlternatePathHintList: + type: array + items: + allOf: + - $ref: '#/components/schemas/AlternatePathHint' + - xml: + name: item + PortRange: + type: object + properties: + from: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The first port in the range. + to: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The last port in the range. + description: Describes a range of ports. + AnalysisAclRule: + type: object + properties: + cidr: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv4 address range, in CIDR notation.' + egress: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the rule is an outbound rule. + portRange: + allOf: + - $ref: '#/components/schemas/PortRange' + - description: The range of ports. + protocol: + allOf: + - $ref: '#/components/schemas/String' + - description: The protocol. + ruleAction: + allOf: + - $ref: '#/components/schemas/String' + - description: Indicates whether to allow or deny traffic that matches the rule. + ruleNumber: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The rule number. + description: Describes a network access control (ACL) rule. + AnalysisComponentList: + type: array + items: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - xml: + name: item + Port: + type: integer + minimum: 1 + maximum: 65535 + AnalysisLoadBalancerListener: + type: object + properties: + loadBalancerPort: + allOf: + - $ref: '#/components/schemas/Port' + - description: The port on which the load balancer is listening. + instancePort: + allOf: + - $ref: '#/components/schemas/Port' + - description: '[Classic Load Balancers] The back-end port for the listener.' + description: Describes a load balancer listener. + IpAddress: + type: string + pattern: '^([0-9]{1,3}.){3}[0-9]{1,3}$' + minLength: 0 + maxLength: 15 + AnalysisLoadBalancerTarget: + type: object + properties: + address: + allOf: + - $ref: '#/components/schemas/IpAddress' + - description: The IP address. + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone. + instance: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: Information about the instance. + port: + allOf: + - $ref: '#/components/schemas/Port' + - description: The port on which the target is listening. + description: Describes a load balancer target. + IpAddressList: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpAddress' + - xml: + name: item + PortRangeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/PortRange' + - xml: + name: item + AnalysisPacketHeader: + type: object + properties: + destinationAddressSet: + allOf: + - $ref: '#/components/schemas/IpAddressList' + - description: The destination addresses. + destinationPortRangeSet: + allOf: + - $ref: '#/components/schemas/PortRangeList' + - description: The destination port ranges. + protocol: + allOf: + - $ref: '#/components/schemas/String' + - description: The protocol. + sourceAddressSet: + allOf: + - $ref: '#/components/schemas/IpAddressList' + - description: The source addresses. + sourcePortRangeSet: + allOf: + - $ref: '#/components/schemas/PortRangeList' + - description: The source port ranges. + description: Describes a header. Reflects any changes made by a component as traffic passes through. The fields of an inbound header are null except for the first component of a path. + AnalysisRouteTableRoute: + type: object + properties: + destinationCidr: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The destination IPv4 address, in CIDR notation.' + destinationPrefixListId: + allOf: + - $ref: '#/components/schemas/String' + - description: The prefix of the Amazon Web Service. + egressOnlyInternetGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of an egress-only internet gateway. + gatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ID of the gateway, such as an internet gateway or virtual private gateway.' + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ID of the instance, such as a NAT instance.' + natGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of a NAT gateway. + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of a network interface. + origin: + allOf: + - $ref: '#/components/schemas/String' + - description: '

Describes how the route was created. The following are the possible values:

  • CreateRouteTable - The route was automatically created when the route table was created.

  • CreateRoute - The route was manually added to the route table.

  • EnableVgwRoutePropagation - The route was propagated by route propagation.

' + transitGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of a transit gateway. + vpcPeeringConnectionId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of a VPC peering connection. + description: Describes a route table route. + AnalysisSecurityGroupRule: + type: object + properties: + cidr: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv4 address range, in CIDR notation.' + direction: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The direction. The following are the possible values:

  • egress

  • ingress

' + securityGroupId: + allOf: + - $ref: '#/components/schemas/String' + - description: The security group ID. + portRange: + allOf: + - $ref: '#/components/schemas/PortRange' + - description: The port range. + prefixListId: + allOf: + - $ref: '#/components/schemas/String' + - description: The prefix list ID. + protocol: + allOf: + - $ref: '#/components/schemas/String' + - description: The protocol name. + description: Describes a security group rule. + AnalysisStatus: + type: string + enum: + - running + - succeeded + - failed + ApplySecurityGroupsToClientVpnTargetNetworkRequest: + type: object + required: + - ClientVpnEndpointId + - VpcId + - SecurityGroupIds + title: ApplySecurityGroupsToClientVpnTargetNetworkRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC in which the associated target network is located. + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ClientVpnSecurityGroupIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: item + ArchitectureTypeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ArchitectureType' + - xml: + name: item + ArnList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - xml: + name: item + IpPrefixList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + AssignIpv6AddressesRequest: + type: object + required: + - NetworkInterfaceId + title: AssignIpv6AddressesRequest + properties: + ipv6AddressCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of additional IPv6 addresses to assign to the network interface. The specified number of IPv6 addresses are assigned in addition to the existing IPv6 addresses that are already assigned to the network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. You can't use this option if specifying specific IPv6 addresses. + ipv6Addresses: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of IPv6 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv6Prefixes option. + Ipv6Prefix: + allOf: + - $ref: '#/components/schemas/IpPrefixList' + - description: One or more IPv6 prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option. + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - description: The ID of the network interface. + Ipv6AddressList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + PrivateIpAddressStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: PrivateIpAddress + AssignPrivateIpAddressesRequest: + type: object + required: + - NetworkInterfaceId + title: AssignPrivateIpAddressesRequest + properties: + allowReassignment: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to allow an IP address that is already assigned to another network interface or instance to be reassigned to the specified network interface. + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - description: The ID of the network interface. + privateIpAddress: + allOf: + - $ref: '#/components/schemas/PrivateIpAddressStringList' + - description: '

One or more IP addresses to be assigned as a secondary private IP address to the network interface. You can''t specify this parameter when also specifying a number of secondary IP addresses.

If you don''t specify an IP address, Amazon EC2 automatically selects an IP address within the subnet range.

' + secondaryPrivateIpAddressCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of secondary IP addresses to assign to the network interface. You can't specify this parameter when also specifying private IP addresses. + Ipv4Prefix: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option. + description: Contains the parameters for AssignPrivateIpAddresses. + AssignedPrivateIpAddressList: + type: array + items: + allOf: + - $ref: '#/components/schemas/AssignedPrivateIpAddress' + - xml: + name: item + Ipv4PrefixesList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv4PrefixSpecification' + - xml: + name: item + AssignedPrivateIpAddress: + type: object + properties: + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The private IP address assigned to the network interface. + description: Describes the private IP addresses assigned to a network interface. + AssociateAddressRequest: + type: object + title: AssociateAddressRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '[EC2-Classic] The Elastic IP address to associate with the instance. This is required for EC2-Classic.' + allowReassociation: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '[EC2-VPC] For a VPC in an EC2-Classic account, specify true to allow an Elastic IP address that is already associated with an instance or network interface to be reassociated with the specified instance or network interface. Otherwise, the operation fails. In a VPC in an EC2-VPC-only account, reassociation is automatic, therefore you can specify false to ensure the operation fails if the Elastic IP address is already associated with another resource.' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - description: '

[EC2-VPC] The ID of the network interface. If the instance has more than one network interface, you must specify a network interface ID.

For EC2-VPC, you can specify either the instance ID or the network interface ID, but not both.

' + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: '[EC2-VPC] The primary or secondary private IP address to associate with the Elastic IP address. If no private IP address is specified, the Elastic IP address is associated with the primary private IP address.' + AssociateClientVpnTargetNetworkRequest: + type: object + required: + - ClientVpnEndpointId + - SubnetId + title: AssociateClientVpnTargetNetworkRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + AssociationStatus: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/AssociationStatusCode' + - description: The state of the target network association. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A message about the status of the target network association, if applicable.' + description: Describes the state of a target network association. + AssociateDhcpOptionsRequest: + type: object + required: + - DhcpOptionsId + - VpcId + title: AssociateDhcpOptionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + AssociateEnclaveCertificateIamRoleRequest: + type: object + title: AssociateEnclaveCertificateIamRoleRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + AssociateIamInstanceProfileRequest: + type: object + required: + - IamInstanceProfile + - InstanceId + title: AssociateIamInstanceProfileRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: The ID of the instance. + IamInstanceProfileAssociation: + type: object + properties: + associationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the association. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + iamInstanceProfile: + allOf: + - $ref: '#/components/schemas/IamInstanceProfile' + - description: The IAM instance profile. + state: + allOf: + - $ref: '#/components/schemas/IamInstanceProfileAssociationState' + - description: The state of the association. + timestamp: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time the IAM instance profile was associated with the instance. + description: Describes an association between an IAM instance profile and an instance. + InstanceEventWindowAssociationRequest: + type: object + properties: + InstanceId: + allOf: + - $ref: '#/components/schemas/InstanceIdList' + - description: 'The IDs of the instances to associate with the event window. If the instance is on a Dedicated Host, you can''t specify the Instance ID parameter; you must use the Dedicated Host ID parameter.' + InstanceTag: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The instance tags to associate with the event window. Any instances associated with the tags will be associated with the event window. + DedicatedHostId: + allOf: + - $ref: '#/components/schemas/DedicatedHostIdList' + - description: The IDs of the Dedicated Hosts to associate with the event window. + description: 'One or more targets associated with the specified event window. Only one type of target (instance ID, instance tag, or Dedicated Host ID) can be associated with an event window.' + AssociateInstanceEventWindowRequest: + type: object + required: + - InstanceEventWindowId + - AssociationTarget + title: AssociateInstanceEventWindowRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowAssociationRequest' + - description: One or more targets associated with the specified event window. + InstanceEventWindow: + type: object + properties: + instanceEventWindowId: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowId' + - description: The ID of the event window. + timeRangeSet: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowTimeRangeList' + - description: One or more time ranges defined for the event window. + name: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the event window. + cronExpression: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowCronExpression' + - description: The cron expression defined for the event window. + associationTarget: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowAssociationTarget' + - description: One or more targets associated with the event window. + state: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowState' + - description: The current state of the event window. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The instance tags associated with the event window. + description: The event window. + RouteGatewayId: + type: string + AssociateRouteTableRequest: + type: object + required: + - RouteTableId + title: AssociateRouteTableRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + routeTableId: + allOf: + - $ref: '#/components/schemas/RouteTableId' + - description: The ID of the route table. + subnetId: + allOf: + - $ref: '#/components/schemas/RouteGatewayId' + - description: The ID of the internet gateway or virtual private gateway. + RouteTableAssociationState: + type: object + properties: + state: + allOf: + - $ref: '#/components/schemas/RouteTableAssociationStateCode' + - description: The state of the association. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The status message, if applicable.' + description: Describes the state of an association between a route table and a subnet or gateway. + AssociateSubnetCidrBlockRequest: + type: object + required: + - Ipv6CidrBlock + - SubnetId + title: AssociateSubnetCidrBlockRequest + properties: + ipv6CidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 CIDR block for your subnet. The subnet must have a /64 prefix length. + subnetId: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: The ID of your subnet. + SubnetIpv6CidrBlockAssociation: + type: object + properties: + associationId: + allOf: + - $ref: '#/components/schemas/SubnetCidrAssociationId' + - description: The ID of the association. + ipv6CidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 CIDR block. + ipv6CidrBlockState: + allOf: + - $ref: '#/components/schemas/SubnetCidrBlockState' + - description: The state of the CIDR block. + description: Describes an association between a subnet and an IPv6 CIDR block. + AssociateTransitGatewayMulticastDomainRequest: + type: object + title: AssociateTransitGatewayMulticastDomainRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + AssociateTransitGatewayRouteTableRequest: + type: object + required: + - TransitGatewayRouteTableId + - TransitGatewayAttachmentId + title: AssociateTransitGatewayRouteTableRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayAssociation: + type: object + properties: + transitGatewayRouteTableId: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableId' + - description: The ID of the transit gateway route table. + transitGatewayAttachmentId: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentId' + - description: The ID of the attachment. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource. + resourceType: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' + - description: The resource type. Note that the tgw-peering resource type has been deprecated. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayAssociationState' + - description: The state of the association. + description: Describes an association between a resource attachment and a transit gateway route table. + AssociateTrunkInterfaceRequest: + type: object + required: + - BranchInterfaceId + - TrunkInterfaceId + title: AssociateTrunkInterfaceRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TrunkInterfaceAssociation: + type: object + properties: + associationId: + allOf: + - $ref: '#/components/schemas/TrunkInterfaceAssociationId' + - description: The ID of the association. + branchInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the branch network interface. + trunkInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the trunk network interface. + interfaceProtocol: + allOf: + - $ref: '#/components/schemas/InterfaceProtocolType' + - description: The interface protocol. Valid values are VLAN and GRE. + vlanId: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The ID of the VLAN when you use the VLAN protocol. + greKey: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The application key when you use the GRE protocol. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the trunk interface association. + description: '

Currently available in limited preview only. If you are interested in using this feature, contact your account manager.

Information about an association between a branch network interface with a trunk network interface.

' + NetmaskLength: + type: integer + AssociateVpcCidrBlockRequest: + type: object + required: + - VpcId + title: AssociateVpcCidrBlockRequest + properties: + amazonProvidedIpv6CidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: An IPv4 CIDR block to associate with the VPC. + vpcId: + allOf: + - $ref: '#/components/schemas/NetmaskLength' + - description: 'The netmask length of the IPv6 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide. ' + VpcIpv6CidrBlockAssociation: + type: object + properties: + associationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The association ID for the IPv6 CIDR block. + ipv6CidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 CIDR block. + ipv6CidrBlockState: + allOf: + - $ref: '#/components/schemas/VpcCidrBlockState' + - description: Information about the state of the CIDR block. + networkBorderGroup: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The name of the unique set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses, for example, us-east-1-wl1-bos-wlz-1.' + ipv6Pool: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated. + description: Describes an IPv6 CIDR block associated with a VPC. + VpcCidrBlockAssociation: + type: object + properties: + associationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The association ID for the IPv4 CIDR block. + cidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv4 CIDR block. + cidrBlockState: + allOf: + - $ref: '#/components/schemas/VpcCidrBlockState' + - description: Information about the state of the CIDR block. + description: Describes an IPv4 CIDR block associated with a VPC. + AssociatedNetworkType: + type: string + enum: + - vpc + AssociatedRole: + type: object + properties: + associatedRoleArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The ARN of the associated IAM role. + certificateS3BucketName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the Amazon S3 bucket in which the Amazon S3 object is stored. + certificateS3ObjectKey: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The key of the Amazon S3 object ey where the certificate, certificate chain, and encrypted private key bundle is stored. The object key is formated as follows: role_arn/certificate_arn. ' + encryptionKmsKeyId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the KMS customer master key (CMK) used to encrypt the private key. + description: Information about the associated IAM roles. + AssociatedRolesList: + type: array + items: + allOf: + - $ref: '#/components/schemas/AssociatedRole' + - xml: + name: item + AssociatedTargetNetwork: + type: object + properties: + networkId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet. + networkType: + allOf: + - $ref: '#/components/schemas/AssociatedNetworkType' + - description: The target network type. + description: Describes a target network that is associated with a Client VPN endpoint. A target network is a subnet in a VPC. + AssociatedTargetNetworkSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/AssociatedTargetNetwork' + - xml: + name: item + AssociationIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/IamInstanceProfileAssociationId' + - xml: + name: AssociationId + AssociationStatusCode: + type: string + enum: + - associating + - associated + - association-failed + - disassociating + - disassociated + MillisecondDateTime: + type: string + format: date-time + AthenaIntegration: + type: object + required: + - IntegrationResultS3DestinationArn + - PartitionLoadFrequency + properties: + undefined: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The end date for the partition. + description: Describes integration options for Amazon Athena. + GroupIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: groupId + AttachClassicLinkVpcRequest: + type: object + required: + - Groups + - InstanceId + - VpcId + title: AttachClassicLinkVpcRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/GroupIdStringList' + - description: The ID of one or more of the VPC's security groups. You cannot specify security groups from a different VPC. + instanceId: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: The ID of an EC2-Classic instance to link to the ClassicLink-enabled VPC. + vpcId: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of a ClassicLink-enabled VPC. + AttachInternetGatewayRequest: + type: object + required: + - InternetGatewayId + - VpcId + title: AttachInternetGatewayRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + internetGatewayId: + allOf: + - $ref: '#/components/schemas/InternetGatewayId' + - description: The ID of the internet gateway. + vpcId: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + AttachNetworkInterfaceRequest: + type: object + required: + - DeviceIndex + - InstanceId + - NetworkInterfaceId + title: AttachNetworkInterfaceRequest + properties: + deviceIndex: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The index of the device for the network interface attachment. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + instanceId: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: The ID of the instance. + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0. + description: Contains the parameters for AttachNetworkInterface. + AttachVolumeRequest: + type: object + required: + - Device + - InstanceId + - VolumeId + title: AttachVolumeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VolumeId' + - description: The ID of the EBS volume. The volume and instance must be within the same Availability Zone. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + AttachVpnGatewayRequest: + type: object + required: + - VpcId + - VpnGatewayId + title: AttachVpnGatewayRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpnGatewayId' + - description: The ID of the virtual private gateway. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for AttachVpnGateway. + VpcAttachment: + type: object + properties: + state: + allOf: + - $ref: '#/components/schemas/AttachmentStatus' + - description: The current state of the attachment. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + description: Describes an attachment between a virtual private gateway and a VPC. + AttachmentStatus: + type: string + enum: + - attaching + - attached + - detaching + - detached + AttributeBooleanValue: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The attribute value. The valid values are true or false. + description: Describes a value for a resource attribute that is a Boolean value. + AttributeValue: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The attribute value. The value is case-sensitive. + description: Describes a value for a resource attribute that is a String. + ClientVpnAuthorizationRuleStatus: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/ClientVpnAuthorizationRuleStatusCode' + - description: The state of the authorization rule. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A message about the status of the authorization rule, if applicable.' + description: Describes the state of an authorization rule. + AuthorizationRule: + type: object + properties: + clientVpnEndpointId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Client VPN endpoint with which the authorization rule is associated. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A brief description of the authorization rule. + groupId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Active Directory group to which the authorization rule grants access. + accessAll: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the authorization rule grants access to all clients. + destinationCidr: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv4 address range, in CIDR notation, of the network to which the authorization rule applies.' + status: + allOf: + - $ref: '#/components/schemas/ClientVpnAuthorizationRuleStatus' + - description: The current state of the authorization rule. + description: Information about an authorization rule. + AuthorizationRuleSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/AuthorizationRule' + - xml: + name: item + AuthorizeClientVpnIngressRequest: + type: object + required: + - ClientVpnEndpointId + - TargetNetworkCidr + title: AuthorizeClientVpnIngressRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + IpPermissionList: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpPermission' + - xml: + name: item + AuthorizeSecurityGroupEgressRequest: + type: object + required: + - GroupId + title: AuthorizeSecurityGroupEgressRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + groupId: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - description: The ID of the security group. + ipPermissions: + allOf: + - $ref: '#/components/schemas/IpPermissionList' + - description: The sets of IP permissions. You can't specify a destination security group and a CIDR IP address range in the same set of permissions. + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags applied to the security group rule. + cidrIp: + allOf: + - $ref: '#/components/schemas/String' + - description: Not supported. Use a set of IP permissions to specify the CIDR. + fromPort: + allOf: + - $ref: '#/components/schemas/Integer' + - description: Not supported. Use a set of IP permissions to specify the port. + ipProtocol: + allOf: + - $ref: '#/components/schemas/String' + - description: Not supported. Use a set of IP permissions to specify the protocol name or number. + toPort: + allOf: + - $ref: '#/components/schemas/Integer' + - description: Not supported. Use a set of IP permissions to specify the port. + sourceSecurityGroupName: + allOf: + - $ref: '#/components/schemas/String' + - description: Not supported. Use a set of IP permissions to specify a destination security group. + sourceSecurityGroupOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: Not supported. Use a set of IP permissions to specify a destination security group. + SecurityGroupRuleList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupRule' + - xml: + name: item + AuthorizeSecurityGroupIngressRequest: + type: object + title: AuthorizeSecurityGroupIngressRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all codes. If you specify all ICMP types, you must specify all codes.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: '[VPC Only] The tags applied to the security group rule.' + AutoAcceptSharedAttachmentsValue: + type: string + enum: + - enable + - disable + AutoRecoveryFlag: + type: boolean + AvailabilityZoneState: + type: string + enum: + - available + - information + - impaired + - unavailable + AvailabilityZoneOptInStatus: + type: string + enum: + - opt-in-not-required + - opted-in + - not-opted-in + AvailabilityZoneMessageList: + type: array + items: + allOf: + - $ref: '#/components/schemas/AvailabilityZoneMessage' + - xml: + name: item + AvailabilityZone: + type: object + properties: + zoneState: + allOf: + - $ref: '#/components/schemas/AvailabilityZoneState' + - description: 'The state of the Availability Zone, Local Zone, or Wavelength Zone. This value is always available.' + optInStatus: + allOf: + - $ref: '#/components/schemas/AvailabilityZoneOptInStatus' + - description: '

For Availability Zones, this parameter always has the value of opt-in-not-required.

For Local Zones and Wavelength Zones, this parameter is the opt-in status. The possible values are opted-in, and not-opted-in.

' + messageSet: + allOf: + - $ref: '#/components/schemas/AvailabilityZoneMessageList' + - description: 'Any messages about the Availability Zone, Local Zone, or Wavelength Zone.' + regionName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the Region. + zoneName: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The name of the Availability Zone, Local Zone, or Wavelength Zone.' + zoneId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ID of the Availability Zone, Local Zone, or Wavelength Zone.' + groupName: + allOf: + - $ref: '#/components/schemas/String' + - description: '

For Availability Zones, this parameter has the same value as the Region name.

For Local Zones, the name of the associated group, for example us-west-2-lax-1.

For Wavelength Zones, the name of the associated group, for example us-east-1-wl1-bos-wlz-1.

' + networkBorderGroup: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the network border group. + zoneType: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The type of zone. The valid values are availability-zone, local-zone, and wavelength-zone.' + parentZoneName: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The name of the zone that handles some of the Local Zone or Wavelength Zone control plane operations, such as API calls.' + parentZoneId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ID of the zone that handles some of the Local Zone or Wavelength Zone control plane operations, such as API calls.' + description: 'Describes Availability Zones, Local Zones, and Wavelength Zones.' + AvailabilityZoneList: + type: array + items: + allOf: + - $ref: '#/components/schemas/AvailabilityZone' + - xml: + name: item + AvailabilityZoneMessage: + type: object + properties: + message: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The message about the Availability Zone, Local Zone, or Wavelength Zone.' + description: 'Describes a message about an Availability Zone, Local Zone, or Wavelength Zone.' + AvailabilityZoneStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: AvailabilityZone + AvailableInstanceCapacityList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceCapacity' + - xml: + name: item + AvailableCapacity: + type: object + properties: + availableInstanceCapacity: + allOf: + - $ref: '#/components/schemas/AvailableInstanceCapacityList' + - description: 'The number of instances that can be launched onto the Dedicated Host depending on the host''s available capacity. For Dedicated Hosts that support multiple instance types, this parameter represents the number of instances for each instance size that is supported on the host.' + availableVCpus: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of vCPUs available for launching instances onto the Dedicated Host. + description: 'The capacity information for instances that can be launched onto the Dedicated Host. ' + InstanceCapacity: + type: object + properties: + availableCapacity: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of instances that can be launched onto the Dedicated Host based on the host's available capacity. + instanceType: + allOf: + - $ref: '#/components/schemas/String' + - description: The instance type supported by the Dedicated Host. + totalCapacity: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The total number of instances that can be launched onto the Dedicated Host if there are no instances running on it. + description: Information about the number of instances that can be launched onto the Dedicated Host. + BareMetal: + type: string + enum: + - included + - required + - excluded + BareMetalFlag: + type: boolean + BaselineBandwidthInMbps: + type: integer + BaselineEbsBandwidthMbps: + type: object + properties: + min: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The minimum baseline bandwidth, in Mbps. If this parameter is not specified, there is no minimum limit.' + max: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum baseline bandwidth, in Mbps. If this parameter is not specified, there is no maximum limit.' + description: 'The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.' + BaselineIops: + type: integer + BaselineThroughputInMBps: + type: number + format: double + BatchState: + type: string + enum: + - submitted + - active + - cancelled + - failed + - cancelled_running + - cancelled_terminating + - modifying + BgpStatus: + type: string + enum: + - up + - down + BillingProductList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + BlobAttributeValue: + type: object + properties: + value: + $ref: '#/components/schemas/Blob' + EbsBlockDevice: + type: object + properties: + deleteOnTermination: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Indicates whether the EBS volume is deleted on instance termination. For more information, see Preserving Amazon EBS volumes on instance termination in the Amazon EC2 User Guide.' + iops: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.

The following are the supported values for each volume type:

  • gp3: 3,000-16,000 IOPS

  • io1: 100-64,000 IOPS

  • io2: 100-64,000 IOPS

For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built on the Nitro System. Other instance families guarantee performance up to 32,000 IOPS.

This parameter is required for io1 and io2 volumes. The default for gp3 volumes is 3,000 IOPS. This parameter is not supported for gp2, st1, sc1, or standard volumes.

' + snapshotId: + allOf: + - $ref: '#/components/schemas/SnapshotId' + - description: The ID of the snapshot. + volumeSize: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.

The following are the supported volumes sizes for each volume type:

  • gp2 and gp3:1-16,384

  • io1 and io2: 4-16,384

  • st1 and sc1: 125-16,384

  • standard: 1-1,024

' + volumeType: + allOf: + - $ref: '#/components/schemas/String' + - description: '

Identifier (key ID, key alias, ID ARN, or alias ARN) for a customer managed CMK under which the EBS volume is encrypted.

This parameter is only supported on BlockDeviceMapping objects called by RunInstances, RequestSpotFleet, and RequestSpotInstances.

' + throughput: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The throughput that the volume supports, in MiB/s.

This parameter is valid only for gp3 volumes.

Valid Range: Minimum value of 125. Maximum value of 1000.

' + outpostArn: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The ARN of the Outpost on which the snapshot is stored.

This parameter is only supported on BlockDeviceMapping objects called by CreateImage.

' + encrypted: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Indicates whether the encryption state of an EBS volume is changed while being restored from a backing snapshot. The effect of setting the encryption state to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see Amazon EBS encryption in the Amazon EC2 User Guide.

In no case can you remove encryption from an encrypted volume.

Encrypted volumes can only be attached to instances that support Amazon EBS encryption. For more information, see Supported instance types.

This parameter is not returned by DescribeImageAttribute.

' + description: Describes a block device for an EBS volume. + BlockDeviceMappingRequestList: + type: array + items: + allOf: + - $ref: '#/components/schemas/BlockDeviceMapping' + - xml: + name: BlockDeviceMapping + BootModeType: + type: string + enum: + - legacy-bios + - uefi + BootModeTypeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/BootModeType' + - xml: + name: item + BootModeValues: + type: string + enum: + - legacy-bios + - uefi + BoxedDouble: + type: number + format: double + BundleIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/BundleId' + - xml: + name: BundleId + Storage: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/S3Storage' + - description: An Amazon S3 storage location. + description: Describes the storage location for an instance store-backed AMI. + BundleInstanceRequest: + type: object + required: + - InstanceId + - Storage + title: BundleInstanceRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Storage' + - description: 'The bucket in which to store the AMI. You can specify a bucket that you already own or a new bucket that Amazon EC2 creates on your behalf. If you specify a bucket that belongs to someone else, Amazon EC2 returns an error.' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for BundleInstance. + BundleTask: + type: object + properties: + bundleId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the bundle task. + error: + allOf: + - $ref: '#/components/schemas/BundleTaskError' + - description: 'If the task fails, a description of the error.' + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance associated with this bundle task. + progress: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The level of task completion, as a percent (for example, 20%).' + startTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time this task started. + state: + allOf: + - $ref: '#/components/schemas/BundleTaskState' + - description: The state of the task. + storage: + allOf: + - $ref: '#/components/schemas/Storage' + - description: The Amazon S3 storage locations. + updateTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time of the most recent update for the task. + description: Describes a bundle task. + BundleTaskError: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/String' + - description: The error code. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: The error message. + description: Describes an error for BundleInstance. + BundleTaskState: + type: string + enum: + - pending + - waiting-for-shutdown + - bundling + - storing + - cancelling + - complete + - failed + BundleTaskList: + type: array + items: + allOf: + - $ref: '#/components/schemas/BundleTask' + - xml: + name: item + BurstablePerformance: + type: string + enum: + - included + - required + - excluded + BurstablePerformanceFlag: + type: boolean + ByoipCidrState: + type: string + enum: + - advertised + - deprovisioned + - failed-deprovision + - failed-provision + - pending-deprovision + - pending-provision + - provisioned + - provisioned-not-publicly-advertisable + ByoipCidrSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ByoipCidr' + - xml: + name: item + CancelBatchErrorCode: + type: string + enum: + - fleetRequestIdDoesNotExist + - fleetRequestIdMalformed + - fleetRequestNotInCancellableState + - unexpectedError + CancelBundleTaskRequest: + type: object + required: + - BundleId + title: CancelBundleTaskRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/BundleId' + - description: The ID of the bundle task. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for CancelBundleTask. + CancelCapacityReservationFleetErrorCode: + type: string + CancelCapacityReservationFleetErrorMessage: + type: string + CancelCapacityReservationFleetError: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/CancelCapacityReservationFleetErrorCode' + - description: The error code. + message: + allOf: + - $ref: '#/components/schemas/CancelCapacityReservationFleetErrorMessage' + - description: The error message. + description: Describes a Capacity Reservation Fleet cancellation error. + CapacityReservationFleetIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleetId' + - xml: + name: item + CancelCapacityReservationFleetsRequest: + type: object + required: + - CapacityReservationFleetIds + title: CancelCapacityReservationFleetsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + CapacityReservationFleetId: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleetIdSet' + - description: The IDs of the Capacity Reservation Fleets to cancel. + CapacityReservationFleetCancellationStateSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleetCancellationState' + - xml: + name: item + FailedCapacityReservationFleetCancellationResultSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/FailedCapacityReservationFleetCancellationResult' + - xml: + name: item + CancelCapacityReservationRequest: + type: object + required: + - CapacityReservationId + title: CancelCapacityReservationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + CancelConversionRequest: + type: object + required: + - ConversionTaskId + title: CancelConversionRequest + properties: + conversionTaskId: + allOf: + - $ref: '#/components/schemas/ConversionTaskId' + - description: The ID of the conversion task. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + reasonMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: The reason for canceling the conversion task. + ExportVmTaskId: + type: string + CancelExportTaskRequest: + type: object + required: + - ExportTaskId + title: CancelExportTaskRequest + properties: + exportTaskId: + allOf: + - $ref: '#/components/schemas/ExportVmTaskId' + - description: The ID of the export task. This is the ID returned by CreateInstanceExportTask. + ImportTaskId: + type: string + CancelImportTaskRequest: + type: object + title: CancelImportTaskRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ImportTaskId' + - description: The ID of the import image or import snapshot task to be canceled. + ReservedInstancesListingId: + type: string + CancelReservedInstancesListingRequest: + type: object + required: + - ReservedInstancesListingId + title: CancelReservedInstancesListingRequest + properties: + reservedInstancesListingId: + allOf: + - $ref: '#/components/schemas/ReservedInstancesListingId' + - description: The ID of the Reserved Instance listing. + description: Contains the parameters for CancelReservedInstancesListing. + ReservedInstancesListingList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservedInstancesListing' + - xml: + name: item + CancelSpotFleetRequestsError: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/CancelBatchErrorCode' + - description: The error code. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: The description for the error code. + description: Describes a Spot Fleet error. + CancelSpotFleetRequestsErrorItem: + type: object + properties: + error: + allOf: + - $ref: '#/components/schemas/CancelSpotFleetRequestsError' + - description: The error. + spotFleetRequestId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Spot Fleet request. + description: Describes a Spot Fleet request that was not successfully canceled. + CancelSpotFleetRequestsErrorSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/CancelSpotFleetRequestsErrorItem' + - xml: + name: item + SpotFleetRequestIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SpotFleetRequestId' + - xml: + name: item + CancelSpotFleetRequestsRequest: + type: object + required: + - SpotFleetRequestIds + - TerminateInstances + title: CancelSpotFleetRequestsRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + spotFleetRequestId: + allOf: + - $ref: '#/components/schemas/SpotFleetRequestIdList' + - description: The IDs of the Spot Fleet requests. + terminateInstances: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to terminate instances for a Spot Fleet request if it is canceled successfully. + description: Contains the parameters for CancelSpotFleetRequests. + CancelSpotFleetRequestsSuccessSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/CancelSpotFleetRequestsSuccessItem' + - xml: + name: item + CancelSpotFleetRequestsSuccessItem: + type: object + properties: + currentSpotFleetRequestState: + allOf: + - $ref: '#/components/schemas/BatchState' + - description: The current state of the Spot Fleet request. + previousSpotFleetRequestState: + allOf: + - $ref: '#/components/schemas/BatchState' + - description: The previous state of the Spot Fleet request. + spotFleetRequestId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Spot Fleet request. + description: Describes a Spot Fleet request that was successfully canceled. + CancelSpotInstanceRequestState: + type: string + enum: + - active + - open + - closed + - cancelled + - completed + SpotInstanceRequestIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SpotInstanceRequestId' + - xml: + name: SpotInstanceRequestId + CancelSpotInstanceRequestsRequest: + type: object + required: + - SpotInstanceRequestIds + title: CancelSpotInstanceRequestsRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + SpotInstanceRequestId: + allOf: + - $ref: '#/components/schemas/SpotInstanceRequestIdList' + - description: One or more Spot Instance request IDs. + description: Contains the parameters for CancelSpotInstanceRequests. + CancelledSpotInstanceRequestList: + type: array + items: + allOf: + - $ref: '#/components/schemas/CancelledSpotInstanceRequest' + - xml: + name: item + CancelledSpotInstanceRequest: + type: object + properties: + spotInstanceRequestId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Spot Instance request. + state: + allOf: + - $ref: '#/components/schemas/CancelSpotInstanceRequestState' + - description: The state of the Spot Instance request. + description: Describes a request to cancel a Spot Instance. + CapacityReservationInstancePlatform: + type: string + enum: + - Linux/UNIX + - Red Hat Enterprise Linux + - SUSE Linux + - Windows + - Windows with SQL Server + - Windows with SQL Server Enterprise + - Windows with SQL Server Standard + - Windows with SQL Server Web + - Linux with SQL Server Standard + - Linux with SQL Server Web + - Linux with SQL Server Enterprise + - RHEL with SQL Server Standard + - RHEL with SQL Server Enterprise + - RHEL with SQL Server Web + - RHEL with HA + - RHEL with HA and SQL Server Standard + - RHEL with HA and SQL Server Enterprise + CapacityReservationTenancy: + type: string + enum: + - default + - dedicated + CapacityReservationState: + type: string + enum: + - active + - expired + - cancelled + - pending + - failed + EndDateType: + type: string + enum: + - unlimited + - limited + InstanceMatchCriteria: + type: string + enum: + - open + - targeted + OutpostArn: + type: string + pattern: '^arn:aws([a-z-]+)?:outposts:[a-z\d-]+:\d{12}:outpost/op-[a-f0-9]{17}$' + PlacementGroupArn: + type: string + pattern: '^arn:aws([a-z-]+)?:ec2:[a-z\d-]+:\d{12}:placement-group/([^\s].+[^\s]){1,255}$' + CapacityReservation: + type: object + properties: + capacityReservationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Capacity Reservation. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the Capacity Reservation. + capacityReservationArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Capacity Reservation. + availabilityZoneId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone ID of the Capacity Reservation. + instanceType: + allOf: + - $ref: '#/components/schemas/String' + - description: The type of instance for which the Capacity Reservation reserves capacity. + instancePlatform: + allOf: + - $ref: '#/components/schemas/CapacityReservationInstancePlatform' + - description: The type of operating system for which the Capacity Reservation reserves capacity. + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone in which the capacity is reserved. + tenancy: + allOf: + - $ref: '#/components/schemas/CapacityReservationTenancy' + - description: '

Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:

  • default - The Capacity Reservation is created on hardware that is shared with other Amazon Web Services accounts.

  • dedicated - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single Amazon Web Services account.

' + totalInstanceCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The total number of instances for which the Capacity Reservation reserves capacity. + availableInstanceCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The remaining capacity. Indicates the number of instances that can be launched in the Capacity Reservation. + ebsOptimized: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the Capacity Reservation supports EBS-optimized instances. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS- optimized instance. + ephemeralStorage: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Indicates whether the Capacity Reservation supports instances with temporary, block-level storage.' + state: + allOf: + - $ref: '#/components/schemas/CapacityReservationState' + - description: '

The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:

  • active - The Capacity Reservation is active and the capacity is available for your use.

  • expired - The Capacity Reservation expired automatically at the date and time specified in your request. The reserved capacity is no longer available for your use.

  • cancelled - The Capacity Reservation was cancelled. The reserved capacity is no longer available for your use.

  • pending - The Capacity Reservation request was successful but the capacity provisioning is still pending.

  • failed - The Capacity Reservation request has failed. A request might fail due to invalid request parameters, capacity constraints, or instance limit constraints. Failed requests are retained for 60 minutes.

' + startDate: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time at which the Capacity Reservation was started. + endDate: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation''s state changes to expired when it reaches its end date and time.' + endDateType: + allOf: + - $ref: '#/components/schemas/EndDateType' + - description: '

Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:

  • unlimited - The Capacity Reservation remains active until you explicitly cancel it.

  • limited - The Capacity Reservation expires automatically at a specified date and time.

' + instanceMatchCriteria: + allOf: + - $ref: '#/components/schemas/InstanceMatchCriteria' + - description: '

Indicates the type of instance launches that the Capacity Reservation accepts. The options include:

  • open - The Capacity Reservation accepts all instances that have matching attributes (instance type, platform, and Availability Zone). Instances that have matching attributes launch into the Capacity Reservation automatically without specifying any additional parameters.

  • targeted - The Capacity Reservation only accepts instances that have matching attributes (instance type, platform, and Availability Zone), and explicitly target the Capacity Reservation. This ensures that only permitted instances can use the reserved capacity.

' + createDate: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The date and time at which the Capacity Reservation was created. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the Capacity Reservation. + outpostArn: + allOf: + - $ref: '#/components/schemas/OutpostArn' + - description: The Amazon Resource Name (ARN) of the Outpost on which the Capacity Reservation was created. + capacityReservationFleetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Capacity Reservation Fleet to which the Capacity Reservation belongs. Only valid for Capacity Reservations that were created by a Capacity Reservation Fleet. + placementGroupArn: + allOf: + - $ref: '#/components/schemas/PlacementGroupArn' + - description: 'The Amazon Resource Name (ARN) of the cluster placement group in which the Capacity Reservation was created. For more information, see Capacity Reservations for cluster placement groups in the Amazon EC2 User Guide.' + description: Describes a Capacity Reservation. + CapacityReservationFleetState: + type: string + enum: + - submitted + - modifying + - active + - partially_fulfilled + - expiring + - expired + - cancelling + - cancelled + - failed + FleetCapacityReservationTenancy: + type: string + enum: + - default + FleetInstanceMatchCriteria: + type: string + enum: + - open + FleetCapacityReservationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/FleetCapacityReservation' + - xml: + name: item + CapacityReservationFleet: + type: object + properties: + capacityReservationFleetId: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleetId' + - description: The ID of the Capacity Reservation Fleet. + capacityReservationFleetArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The ARN of the Capacity Reservation Fleet. + state: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleetState' + - description: '

The state of the Capacity Reservation Fleet. Possible states include:

  • submitted - The Capacity Reservation Fleet request has been submitted and Amazon Elastic Compute Cloud is preparing to create the Capacity Reservations.

  • modifying - The Capacity Reservation Fleet is being modified. The Fleet remains in this state until the modification is complete.

  • active - The Capacity Reservation Fleet has fulfilled its total target capacity and it is attempting to maintain this capacity. The Fleet remains in this state until it is modified or deleted.

  • partially_fulfilled - The Capacity Reservation Fleet has partially fulfilled its total target capacity. There is insufficient Amazon EC2 to fulfill the total target capacity. The Fleet is attempting to asynchronously fulfill its total target capacity.

  • expiring - The Capacity Reservation Fleet has reach its end date and it is in the process of expiring. One or more of its Capacity reservations might still be active.

  • expired - The Capacity Reservation Fleet has reach its end date. The Fleet and its Capacity Reservations are expired. The Fleet can''t create new Capacity Reservations.

  • cancelling - The Capacity Reservation Fleet is in the process of being cancelled. One or more of its Capacity reservations might still be active.

  • cancelled - The Capacity Reservation Fleet has been manually cancelled. The Fleet and its Capacity Reservations are cancelled and the Fleet can''t create new Capacity Reservations.

  • failed - The Capacity Reservation Fleet failed to reserve capacity for the specified instance types.

' + totalTargetCapacity: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The total number of capacity units for which the Capacity Reservation Fleet reserves capacity. For more information, see Total target capacity in the Amazon EC2 User Guide.' + totalFulfilledCapacity: + allOf: + - $ref: '#/components/schemas/Double' + - description: The capacity units that have been fulfilled. + tenancy: + allOf: + - $ref: '#/components/schemas/FleetCapacityReservationTenancy' + - description: '

The tenancy of the Capacity Reservation Fleet. Tenancies include:

  • default - The Capacity Reservation Fleet is created on hardware that is shared with other Amazon Web Services accounts.

  • dedicated - The Capacity Reservation Fleet is created on single-tenant hardware that is dedicated to a single Amazon Web Services account.

' + endDate: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time at which the Capacity Reservation Fleet expires. + createTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time at which the Capacity Reservation Fleet was created. + instanceMatchCriteria: + allOf: + - $ref: '#/components/schemas/FleetInstanceMatchCriteria' + - description: '

Indicates the type of instance launches that the Capacity Reservation Fleet accepts. All Capacity Reservations in the Fleet inherit this instance matching criteria.

Currently, Capacity Reservation Fleets support open instance matching criteria only. This means that instances that have matching attributes (instance type, platform, and Availability Zone) run in the Capacity Reservations automatically. Instances do not need to explicitly target a Capacity Reservation Fleet to use its reserved capacity.

' + allocationStrategy: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The strategy used by the Capacity Reservation Fleet to determine which of the specified instance types to use. For more information, see For more information, see Allocation strategy in the Amazon EC2 User Guide.' + instanceTypeSpecificationSet: + allOf: + - $ref: '#/components/schemas/FleetCapacityReservationSet' + - description: Information about the instance types for which to reserve the capacity. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the Capacity Reservation Fleet. + description: Information about a Capacity Reservation Fleet. + CapacityReservationFleetCancellationState: + type: object + properties: + currentFleetState: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleetState' + - description: The current state of the Capacity Reservation Fleet. + previousFleetState: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleetState' + - description: The previous state of the Capacity Reservation Fleet. + capacityReservationFleetId: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleetId' + - description: The ID of the Capacity Reservation Fleet that was successfully cancelled. + description: Describes a Capacity Reservation Fleet that was successfully cancelled. + CapacityReservationFleetSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleet' + - xml: + name: item + CapacityReservationGroup: + type: object + properties: + groupArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The ARN of the resource group. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the resource group. + description: Describes a resource group to which a Capacity Reservation has been added. + CapacityReservationGroupSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/CapacityReservationGroup' + - xml: + name: item + CapacityReservationIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/CapacityReservationId' + - xml: + name: item + FleetCapacityReservationUsageStrategy: + type: string + enum: + - use-capacity-reservations-first + CapacityReservationOptions: + type: object + properties: + usageStrategy: + allOf: + - $ref: '#/components/schemas/FleetCapacityReservationUsageStrategy' + - description: '

Indicates whether to use unused Capacity Reservations for fulfilling On-Demand capacity.

If you specify use-capacity-reservations-first, the fleet uses unused Capacity Reservations to fulfill On-Demand capacity up to the target On-Demand capacity. If multiple instance pools have unused Capacity Reservations, the On-Demand allocation strategy (lowest-price or prioritized) is applied. If the number of unused Capacity Reservations is less than the On-Demand target capacity, the remaining On-Demand target capacity is launched according to the On-Demand allocation strategy (lowest-price or prioritized).

If you do not specify a value, the fleet fulfils the On-Demand capacity according to the chosen On-Demand allocation strategy.

' + description: '

Describes the strategy for using unused Capacity Reservations for fulfilling On-Demand capacity.

This strategy can only be used if the EC2 Fleet is of type instant.

For more information about Capacity Reservations, see On-Demand Capacity Reservations in the Amazon EC2 User Guide. For examples of using Capacity Reservations in an EC2 Fleet, see EC2 Fleet example configurations in the Amazon EC2 User Guide.

' + CapacityReservationOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/FleetCapacityReservationUsageStrategy' + - description: '

Indicates whether to use unused Capacity Reservations for fulfilling On-Demand capacity.

If you specify use-capacity-reservations-first, the fleet uses unused Capacity Reservations to fulfill On-Demand capacity up to the target On-Demand capacity. If multiple instance pools have unused Capacity Reservations, the On-Demand allocation strategy (lowest-price or prioritized) is applied. If the number of unused Capacity Reservations is less than the On-Demand target capacity, the remaining On-Demand target capacity is launched according to the On-Demand allocation strategy (lowest-price or prioritized).

If you do not specify a value, the fleet fulfils the On-Demand capacity according to the chosen On-Demand allocation strategy.

' + description: '

Describes the strategy for using unused Capacity Reservations for fulfilling On-Demand capacity.

This strategy can only be used if the EC2 Fleet is of type instant.

For more information about Capacity Reservations, see On-Demand Capacity Reservations in the Amazon EC2 User Guide. For examples of using Capacity Reservations in an EC2 Fleet, see EC2 Fleet example configurations in the Amazon EC2 User Guide.

' + CapacityReservationPreference: + type: string + enum: + - open + - none + CapacityReservationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/CapacityReservation' + - xml: + name: item + CapacityReservationSpecification: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/CapacityReservationTarget' + - description: Information about the target Capacity Reservation or Capacity Reservation group. + description: '

Describes an instance''s Capacity Reservation targeting option. You can specify only one parameter at a time. If you specify CapacityReservationPreference and CapacityReservationTarget, the request fails.

Use the CapacityReservationPreference parameter to configure the instance to run as an On-Demand Instance or to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). Use the CapacityReservationTarget parameter to explicitly target a specific Capacity Reservation or a Capacity Reservation group.

' + CapacityReservationTargetResponse: + type: object + properties: + capacityReservationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the targeted Capacity Reservation. + capacityReservationResourceGroupArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The ARN of the targeted Capacity Reservation group. + description: Describes a target Capacity Reservation or Capacity Reservation group. + CapacityReservationSpecificationResponse: + type: object + properties: + capacityReservationPreference: + allOf: + - $ref: '#/components/schemas/CapacityReservationPreference' + - description: '

Describes the instance''s Capacity Reservation preferences. Possible preferences include:

  • open - The instance can run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).

  • none - The instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity.

' + capacityReservationTarget: + allOf: + - $ref: '#/components/schemas/CapacityReservationTargetResponse' + - description: Information about the targeted Capacity Reservation or Capacity Reservation group. + description: 'Describes the instance''s Capacity Reservation targeting preferences. The action returns the capacityReservationPreference response element if the instance is configured to run in On-Demand capacity, or if it is configured in run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). The action returns the capacityReservationTarget response element if the instance explicily targets a specific Capacity Reservation or Capacity Reservation group.' + CarrierGatewayState: + type: string + enum: + - pending + - available + - deleting + - deleted + CarrierGateway: + type: object + properties: + carrierGatewayId: + allOf: + - $ref: '#/components/schemas/CarrierGatewayId' + - description: The ID of the carrier gateway. + vpcId: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC associated with the carrier gateway. + state: + allOf: + - $ref: '#/components/schemas/CarrierGatewayState' + - description: The state of the carrier gateway. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID of the owner of the carrier gateway. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the carrier gateway. + description: Describes a carrier gateway. + CarrierGatewayIdSet: + type: array + items: + $ref: '#/components/schemas/CarrierGatewayId' + CarrierGatewayMaxResults: + type: integer + minimum: 5 + maximum: 1000 + CarrierGatewaySet: + type: array + items: + allOf: + - $ref: '#/components/schemas/CarrierGateway' + - xml: + name: item + CertificateAuthentication: + type: object + properties: + clientRootCertificateChain: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ARN of the client certificate. ' + description: Information about the client certificate used for authentication. + CertificateAuthenticationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in Certificate Manager (ACM). + description: Information about the client certificate to be used for authentication. + CidrAuthorizationContext: + type: object + required: + - Message + - Signature + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The signed authorization message for the prefix and account. + description: 'Provides authorization for Amazon to bring a specific IP address range to a specific Amazon Web Services account using bring your own IP addresses (BYOIP). For more information, see Configuring your BYOIP address range in the Amazon Elastic Compute Cloud User Guide.' + CidrBlock: + type: object + properties: + cidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv4 CIDR block. + description: Describes an IPv4 CIDR block. + CidrBlockSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/CidrBlock' + - xml: + name: item + ClassicLinkDnsSupport: + type: object + properties: + classicLinkDnsSupported: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether ClassicLink DNS support is enabled for the VPC. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + description: Describes the ClassicLink DNS support status of a VPC. + ClassicLinkDnsSupportList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ClassicLinkDnsSupport' + - xml: + name: item + GroupIdentifierList: + type: array + items: + allOf: + - $ref: '#/components/schemas/GroupIdentifier' + - xml: + name: item + ClassicLinkInstance: + type: object + properties: + groupSet: + allOf: + - $ref: '#/components/schemas/GroupIdentifierList' + - description: A list of security groups. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the instance. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + description: Describes a linked EC2-Classic instance. + ClassicLinkInstanceList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ClassicLinkInstance' + - xml: + name: item + ClassicLoadBalancer: + type: object + properties: + name: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the load balancer. + description: Describes a Classic Load Balancer. + ClassicLoadBalancers: + type: array + items: + allOf: + - $ref: '#/components/schemas/ClassicLoadBalancer' + - xml: + name: item + minItems: 1 + maxItems: 5 + ClassicLoadBalancersConfig: + type: object + properties: + classicLoadBalancers: + allOf: + - $ref: '#/components/schemas/ClassicLoadBalancers' + - description: One or more Classic Load Balancers. + description: Describes the Classic Load Balancers to attach to a Spot Fleet. Spot Fleet registers the running Spot Instances with these Classic Load Balancers. + ClientCertificateRevocationListStatusCode: + type: string + enum: + - pending + - active + ClientCertificateRevocationListStatus: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/ClientCertificateRevocationListStatusCode' + - description: The state of the client certificate revocation list. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A message about the status of the client certificate revocation list, if applicable.' + description: Describes the state of a client certificate revocation list. + ClientConnectOptions: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization. + description: The options for managing connection authorization for new client connections. + ClientVpnEndpointAttributeStatus: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/ClientVpnEndpointAttributeStatusCode' + - description: The status code. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: The status message. + description: Describes the status of the Client VPN endpoint attribute. + ClientConnectResponseOptions: + type: object + properties: + enabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether client connect options are enabled. + lambdaFunctionArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization. + status: + allOf: + - $ref: '#/components/schemas/ClientVpnEndpointAttributeStatus' + - description: The status of any updates to the client connect options. + description: The options for managing connection authorization for new client connections. + ClientData: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time that the disk upload starts. + description: Describes the client-specific data. + ClientLoginBannerOptions: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: Customizable text that will be displayed in a banner on Amazon Web Services provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. + description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. + ClientLoginBannerResponseOptions: + type: object + properties: + enabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Current state of text banner feature.

Valid values: true | false

' + bannerText: + allOf: + - $ref: '#/components/schemas/String' + - description: Customizable text that will be displayed in a banner on Amazon Web Services provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. + description: Current state of options for customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. + ClientVpnAssociationId: + type: string + ClientVpnAuthenticationType: + type: string + enum: + - certificate-authentication + - directory-service-authentication + - federated-authentication + DirectoryServiceAuthentication: + type: object + properties: + directoryId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Active Directory used for authentication. + description: Describes an Active Directory. + FederatedAuthentication: + type: object + properties: + samlProviderArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the IAM SAML identity provider. + selfServiceSamlProviderArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal. + description: Describes the IAM SAML identity providers used for federated authentication. + ClientVpnAuthentication: + type: object + properties: + type: + allOf: + - $ref: '#/components/schemas/ClientVpnAuthenticationType' + - description: The authentication type used. + activeDirectory: + allOf: + - $ref: '#/components/schemas/DirectoryServiceAuthentication' + - description: 'Information about the Active Directory, if applicable.' + mutualAuthentication: + allOf: + - $ref: '#/components/schemas/CertificateAuthentication' + - description: 'Information about the authentication certificates, if applicable.' + federatedAuthentication: + allOf: + - $ref: '#/components/schemas/FederatedAuthentication' + - description: 'Information about the IAM SAML identity provider, if applicable.' + description: 'Describes the authentication methods used by a Client VPN endpoint. For more information, see Authentication in the Client VPN Administrator Guide.' + ClientVpnAuthenticationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ClientVpnAuthentication' + - xml: + name: item + FederatedAuthenticationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal. + description: The IAM SAML identity provider used for federated authentication. + ClientVpnAuthenticationRequestList: + type: array + items: + $ref: '#/components/schemas/ClientVpnAuthenticationRequest' + ClientVpnAuthorizationRuleStatusCode: + type: string + enum: + - authorizing + - active + - failed + - revoking + ClientVpnConnectionStatus: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/ClientVpnConnectionStatusCode' + - description: The state of the client connection. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A message about the status of the client connection, if applicable.' + description: Describes the status of a client connection. + ValueStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + ClientVpnConnection: + type: object + properties: + clientVpnEndpointId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Client VPN endpoint to which the client is connected. + timestamp: + allOf: + - $ref: '#/components/schemas/String' + - description: The current date and time. + connectionId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the client connection. + username: + allOf: + - $ref: '#/components/schemas/String' + - description: The username of the client who established the client connection. This information is only provided if Active Directory client authentication is used. + connectionEstablishedTime: + allOf: + - $ref: '#/components/schemas/String' + - description: The date and time the client connection was established. + ingressBytes: + allOf: + - $ref: '#/components/schemas/String' + - description: The number of bytes sent by the client. + egressBytes: + allOf: + - $ref: '#/components/schemas/String' + - description: The number of bytes received by the client. + ingressPackets: + allOf: + - $ref: '#/components/schemas/String' + - description: The number of packets sent by the client. + egressPackets: + allOf: + - $ref: '#/components/schemas/String' + - description: The number of packets received by the client. + clientIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The IP address of the client. + commonName: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The common name associated with the client. This is either the name of the client certificate, or the Active Directory user name.' + status: + allOf: + - $ref: '#/components/schemas/ClientVpnConnectionStatus' + - description: The current state of the client connection. + connectionEndTime: + allOf: + - $ref: '#/components/schemas/String' + - description: The date and time the client connection was terminated. + postureComplianceStatusSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: 'The statuses returned by the client connect handler for posture compliance, if applicable.' + description: Describes a client connection. + ClientVpnConnectionSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ClientVpnConnection' + - xml: + name: item + ClientVpnConnectionStatusCode: + type: string + enum: + - active + - failed-to-terminate + - terminating + - terminated + ClientVpnEndpointStatus: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/ClientVpnEndpointStatusCode' + - description: '

The state of the Client VPN endpoint. Possible states include:

  • pending-associate - The Client VPN endpoint has been created but no target networks have been associated. The Client VPN endpoint cannot accept connections.

  • available - The Client VPN endpoint has been created and a target network has been associated. The Client VPN endpoint can accept connections.

  • deleting - The Client VPN endpoint is being deleted. The Client VPN endpoint cannot accept connections.

  • deleted - The Client VPN endpoint has been deleted. The Client VPN endpoint cannot accept connections.

' + message: + allOf: + - $ref: '#/components/schemas/String' + - description: A message about the status of the Client VPN endpoint. + description: Describes the state of a Client VPN endpoint. + VpnProtocol: + type: string + enum: + - openvpn + TransportProtocol: + type: string + enum: + - tcp + - udp + ConnectionLogResponseOptions: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the Amazon CloudWatch Logs log stream to which connection logging data is published. + description: Information about the client connection logging options for a Client VPN endpoint. + ClientVpnEndpoint: + type: object + properties: + clientVpnEndpointId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Client VPN endpoint. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A brief description of the endpoint. + status: + allOf: + - $ref: '#/components/schemas/ClientVpnEndpointStatus' + - description: The current state of the Client VPN endpoint. + creationTime: + allOf: + - $ref: '#/components/schemas/String' + - description: The date and time the Client VPN endpoint was created. + deletionTime: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The date and time the Client VPN endpoint was deleted, if applicable.' + dnsName: + allOf: + - $ref: '#/components/schemas/String' + - description: The DNS name to be used by clients when connecting to the Client VPN endpoint. + clientCidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv4 address range, in CIDR notation, from which client IP addresses are assigned.' + dnsServer: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: 'Information about the DNS servers to be used for DNS resolution. ' + splitTunnel: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Indicates whether split-tunnel is enabled in the Client VPN endpoint.

For information about split-tunnel VPN endpoints, see Split-Tunnel Client VPN endpoint in the Client VPN Administrator Guide.

' + vpnProtocol: + allOf: + - $ref: '#/components/schemas/VpnProtocol' + - description: The protocol used by the VPN session. + transportProtocol: + allOf: + - $ref: '#/components/schemas/TransportProtocol' + - description: The transport protocol used by the Client VPN endpoint. + vpnPort: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The port number for the Client VPN endpoint. + associatedTargetNetwork: + allOf: + - $ref: '#/components/schemas/AssociatedTargetNetworkSet' + - deprecated: true + description: 'Information about the associated target networks. A target network is a subnet in a VPC.This property is deprecated. To view the target networks associated with a Client VPN endpoint, call DescribeClientVpnTargetNetworks and inspect the clientVpnTargetNetworks response element.' + serverCertificateArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The ARN of the server certificate. + authenticationOptions: + allOf: + - $ref: '#/components/schemas/ClientVpnAuthenticationList' + - description: Information about the authentication method used by the Client VPN endpoint. + connectionLogOptions: + allOf: + - $ref: '#/components/schemas/ConnectionLogResponseOptions' + - description: Information about the client connection logging options for the Client VPN endpoint. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the Client VPN endpoint. + securityGroupIdSet: + allOf: + - $ref: '#/components/schemas/ClientVpnSecurityGroupIdSet' + - description: The IDs of the security groups for the target network. + vpcId: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + selfServicePortalUrl: + allOf: + - $ref: '#/components/schemas/String' + - description: The URL of the self-service portal. + clientConnectOptions: + allOf: + - $ref: '#/components/schemas/ClientConnectResponseOptions' + - description: The options for managing connection authorization for new client connections. + sessionTimeoutHours: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The maximum VPN session duration time in hours.

Valid values: 8 | 10 | 12 | 24

Default value: 24

' + clientLoginBannerOptions: + allOf: + - $ref: '#/components/schemas/ClientLoginBannerResponseOptions' + - description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. + description: Describes a Client VPN endpoint. + ClientVpnEndpointAttributeStatusCode: + type: string + enum: + - applying + - applied + ClientVpnEndpointIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ClientVpnEndpointId' + - xml: + name: item + ClientVpnEndpointStatusCode: + type: string + enum: + - pending-associate + - available + - deleting + - deleted + ClientVpnRouteStatus: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/ClientVpnRouteStatusCode' + - description: The state of the Client VPN endpoint route. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A message about the status of the Client VPN endpoint route, if applicable.' + description: Describes the state of a Client VPN endpoint route. + ClientVpnRoute: + type: object + properties: + clientVpnEndpointId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Client VPN endpoint with which the route is associated. + destinationCidr: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv4 address range, in CIDR notation, of the route destination.' + targetSubnet: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet through which traffic is routed. + type: + allOf: + - $ref: '#/components/schemas/String' + - description: The route type. + origin: + allOf: + - $ref: '#/components/schemas/String' + - description: Indicates how the route was associated with the Client VPN endpoint. associate indicates that the route was automatically added when the target network was associated with the Client VPN endpoint. add-route indicates that the route was manually added using the CreateClientVpnRoute action. + status: + allOf: + - $ref: '#/components/schemas/ClientVpnRouteStatus' + - description: The current state of the route. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A brief description of the route. + description: Information about a Client VPN endpoint route. + ClientVpnRouteSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ClientVpnRoute' + - xml: + name: item + ClientVpnRouteStatusCode: + type: string + enum: + - creating + - active + - failed + - deleting + CoipAddressUsage: + type: object + properties: + allocationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The allocation ID of the address. + awsAccountId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID. + awsService: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services service. + coIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The customer-owned IP address. + description: Describes address usage for a customer-owned address pool. + CoipAddressUsageSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/CoipAddressUsage' + - xml: + name: item + CoipPool: + type: object + properties: + poolId: + allOf: + - $ref: '#/components/schemas/Ipv4PoolCoipId' + - description: The ID of the address pool. + poolCidrSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The address ranges of the address pool. + localGatewayRouteTableId: + allOf: + - $ref: '#/components/schemas/LocalGatewayRoutetableId' + - description: The ID of the local gateway route table. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags. + poolArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The ARN of the address pool. + description: Describes a customer-owned address pool. + CoipPoolId: + type: string + CoipPoolIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv4PoolCoipId' + - xml: + name: item + CoipPoolMaxResults: + type: integer + minimum: 5 + maximum: 1000 + CoipPoolSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/CoipPool' + - xml: + name: item + ConfirmProductInstanceRequest: + type: object + required: + - InstanceId + - ProductCode + title: ConfirmProductInstanceRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The product code. This must be a product code that you own. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ConnectionLogOptions: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the CloudWatch Logs log stream to which the connection data is published. + description: Describes the client connection logging options for the Client VPN endpoint. + ConnectionNotificationType: + type: string + enum: + - Topic + ConnectionNotificationState: + type: string + enum: + - Enabled + - Disabled + ConnectionNotification: + type: object + properties: + connectionNotificationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the notification. + serviceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the endpoint service. + vpcEndpointId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC endpoint. + connectionNotificationType: + allOf: + - $ref: '#/components/schemas/ConnectionNotificationType' + - description: The type of notification. + connectionNotificationArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The ARN of the SNS topic for the notification. + connectionEvents: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: 'The events for the notification. Valid values are Accept, Connect, Delete, and Reject.' + connectionNotificationState: + allOf: + - $ref: '#/components/schemas/ConnectionNotificationState' + - description: The state of the notification. + description: Describes a connection notification for a VPC endpoint or VPC endpoint service. + ConnectionNotificationIdsList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ConnectionNotificationId' + - xml: + name: item + ConnectionNotificationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ConnectionNotification' + - xml: + name: item + ConnectivityType: + type: string + enum: + - private + - public + ConversionIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ConversionTaskId' + - xml: + name: item + ImportInstanceTaskDetails: + type: object + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the task. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + platform: + allOf: + - $ref: '#/components/schemas/PlatformValues' + - description: The instance operating system. + volumes: + allOf: + - $ref: '#/components/schemas/ImportInstanceVolumeDetailSet' + - description: The volumes. + description: Describes an import instance task. + ImportVolumeTaskDetails: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone where the resulting volume will reside. + bytesConverted: + allOf: + - $ref: '#/components/schemas/Long' + - description: The number of bytes converted so far. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description you provided when starting the import volume task. + image: + allOf: + - $ref: '#/components/schemas/DiskImageDescription' + - description: The image. + volume: + allOf: + - $ref: '#/components/schemas/DiskImageVolumeDescription' + - description: The volume. + description: Describes an import volume task. + ConversionTaskState: + type: string + enum: + - active + - cancelling + - cancelled + - completed + ConversionTask: + type: object + properties: + conversionTaskId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the conversion task. + expirationTime: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The time when the task expires. If the upload isn''t complete before the expiration time, we automatically cancel the task.' + importInstance: + allOf: + - $ref: '#/components/schemas/ImportInstanceTaskDetails' + - description: 'If the task is for importing an instance, this contains information about the import instance task.' + importVolume: + allOf: + - $ref: '#/components/schemas/ImportVolumeTaskDetails' + - description: 'If the task is for importing a volume, this contains information about the import volume task.' + state: + allOf: + - $ref: '#/components/schemas/ConversionTaskState' + - description: The state of the conversion task. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: The status message related to the conversion task. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the task. + description: Describes a conversion task. + CopyFpgaImageRequest: + type: object + required: + - SourceFpgaImageId + - SourceRegion + title: CopyFpgaImageRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.' + CopyImageRequest: + type: object + required: + - Name + - SourceImageId + - SourceRegion + title: CopyImageRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: A description for the new AMI in the destination Region. + encrypted: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Specifies whether the destination snapshots of the copied image should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default Key Management Service (KMS) KMS key using KmsKeyId. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.' + kmsKeyId: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The Amazon Resource Name (ARN) of the Outpost to which to copy the AMI. Only specify this parameter when copying an AMI from an Amazon Web Services Region to an Outpost. The AMI must be in the Region of the destination Outpost. You cannot copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

For more information, see Copying AMIs from an Amazon Web Services Region to an Outpost in the Amazon Elastic Compute Cloud User Guide.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for CopyImage. + KmsKeyId: + type: string + CopySnapshotRequest: + type: object + required: + - SourceRegion + - SourceSnapshotId + title: CopySnapshotRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The Amazon Resource Name (ARN) of the Outpost to which to copy the snapshot. Only specify this parameter when copying a snapshot from an Amazon Web Services Region to an Outpost. The snapshot must be in the Region for the destination Outpost. You cannot copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

For more information, see Copy snapshots from an Amazon Web Services Region to an Outpost in the Amazon Elastic Compute Cloud User Guide.

' + destinationRegion: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The destination Region to use in the PresignedUrl parameter of a snapshot copy operation. This parameter is only valid for specifying the destination Region in a PresignedUrl parameter, where it is required.

The snapshot copy is sent to the regional endpoint that you sent the HTTP request to (for example, ec2.us-east-1.amazonaws.com). With the CLI, this is specified using the --region parameter or the default Region in your Amazon Web Services configuration file.

' + encrypted: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, enable encryption using this parameter. Otherwise, omit this parameter. Encrypted snapshots are encrypted, even if you omit this parameter and encryption by default is not enabled. You cannot set this parameter to false. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.' + kmsKeyId: + allOf: + - $ref: '#/components/schemas/KmsKeyId' + - description: '

The identifier of the Key Management Service (KMS) KMS key to use for Amazon EBS encryption. If this parameter is not specified, your KMS key for Amazon EBS is used. If KmsKeyId is specified, the encrypted state must be true.

You can specify the KMS key using any of the following:

  • Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.

  • Key alias. For example, alias/ExampleAlias.

  • Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.

  • Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.

Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails.

' + presignedUrl: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the EBS snapshot to copy. + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to apply to the new snapshot. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + CopyTagsFromSource: + type: string + enum: + - volume + CoreCount: + type: integer + CoreCountList: + type: array + items: + allOf: + - $ref: '#/components/schemas/CoreCount' + - xml: + name: item + CoreNetworkArn: + type: string + CpuManufacturer: + type: string + enum: + - intel + - amd + - amazon-web-services + CpuManufacturerSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/CpuManufacturer' + - xml: + name: item + CpuOptions: + type: object + properties: + coreCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of CPU cores for the instance. + threadsPerCore: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of threads per CPU core. + description: The CPU options for the instance. + CpuOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The number of threads per CPU core. To disable multithreading for the instance, specify a value of 1. Otherwise, specify the default value of 2.' + description: The CPU options for the instance. Both the core count and threads per core must be specified in the request. + CreateCapacityReservationFleetRequest: + type: object + required: + - InstanceTypeSpecifications + - TotalTargetCapacity + title: CreateCapacityReservationFleetRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency.' + InstanceTypeSpecification: + allOf: + - $ref: '#/components/schemas/FleetInstanceMatchCriteria' + - description: '

Indicates the type of instance launches that the Capacity Reservation Fleet accepts. All Capacity Reservations in the Fleet inherit this instance matching criteria.

Currently, Capacity Reservation Fleets support open instance matching criteria only. This means that instances that have matching attributes (instance type, platform, and Availability Zone) run in the Capacity Reservations automatically. Instances do not need to explicitly target a Capacity Reservation Fleet to use its reserved capacity.

' + TagSpecification: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + CreateCapacityReservationRequest: + type: object + required: + - InstanceType + - InstancePlatform + - InstanceCount + title: CreateCapacityReservationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/PlacementGroupArn' + - description: 'The Amazon Resource Name (ARN) of the cluster placement group in which to create the Capacity Reservation. For more information, see Capacity Reservations for cluster placement groups in the Amazon EC2 User Guide.' + CreateCarrierGatewayRequest: + type: object + required: + - VpcId + title: CreateCarrierGatewayRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC to associate with the carrier gateway. + TagSpecification: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + CreateClientVpnEndpointRequest: + type: object + required: + - ClientCidrBlock + - ServerCertificateArn + - AuthenticationOptions + - ConnectionLogOptions + title: CreateClientVpnEndpointRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ARN of the server certificate. For more information, see the Certificate Manager User Guide.' + Authentication: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to apply to the Client VPN endpoint during creation. + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/ClientLoginBannerOptions' + - description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. + CreateClientVpnRouteRequest: + type: object + required: + - ClientVpnEndpointId + - DestinationCidrBlock + - TargetVpcSubnetId + title: CreateClientVpnRouteRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + GatewayType: + type: string + enum: + - ipsec.1 + CreateCustomerGatewayRequest: + type: object + required: + - BgpAsn + - Type + title: CreateCustomerGatewayRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

For devices that support BGP, the customer gateway''s BGP ASN.

Default: 65000

' + IpAddress: + allOf: + - $ref: '#/components/schemas/GatewayType' + - description: The type of VPN connection that this customer gateway supports (ipsec.1). + TagSpecification: + allOf: + - $ref: '#/components/schemas/String' + - description: '

A name for the customer gateway device.

Length Constraints: Up to 255 characters.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for CreateCustomerGateway. + CustomerGateway: + type: object + properties: + bgpAsn: + allOf: + - $ref: '#/components/schemas/String' + - description: The customer gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN). + customerGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the customer gateway. + ipAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The Internet-routable IP address of the customer gateway's outside interface. + certificateArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) for the customer gateway certificate. + state: + allOf: + - $ref: '#/components/schemas/String' + - description: The current state of the customer gateway (pending | available | deleting | deleted). + type: + allOf: + - $ref: '#/components/schemas/String' + - description: The type of VPN connection the customer gateway supports (ipsec.1). + deviceName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of customer gateway device. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the customer gateway. + description: Describes a customer gateway. + CreateDefaultSubnetRequest: + type: object + required: + - AvailabilityZone + title: CreateDefaultSubnetRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Indicates whether to create an IPv6 only subnet. If you already have a default subnet for this Availability Zone, you must delete it before you can create an IPv6 only subnet.' + Subnet: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone of the subnet. + availabilityZoneId: + allOf: + - $ref: '#/components/schemas/String' + - description: The AZ ID of the subnet. + availableIpAddressCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of unused private IPv4 addresses in the subnet. The IPv4 addresses for any stopped instances are considered unavailable. + cidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv4 CIDR block assigned to the subnet. + defaultForAz: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether this is the default subnet for the Availability Zone. + enableLniAtDeviceIndex: + allOf: + - $ref: '#/components/schemas/Integer' + - description: ' Indicates the device position for local network interfaces in this subnet. For example, 1 indicates local network interfaces in this subnet are the secondary network interface (eth1). ' + mapPublicIpOnLaunch: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether instances launched in this subnet receive a public IPv4 address. + mapCustomerOwnedIpOnLaunch: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether a network interface created in this subnet (including a network interface created by RunInstances) receives a customer-owned IPv4 address. + customerOwnedIpv4Pool: + allOf: + - $ref: '#/components/schemas/CoipPoolId' + - description: The customer-owned IPv4 address pool associated with the subnet. + state: + allOf: + - $ref: '#/components/schemas/SubnetState' + - description: The current state of the subnet. + subnetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC the subnet is in. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the subnet. + assignIpv6AddressOnCreation: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether a network interface created in this subnet (including a network interface created by RunInstances) receives an IPv6 address. + ipv6CidrBlockAssociationSet: + allOf: + - $ref: '#/components/schemas/SubnetIpv6CidrBlockAssociationSet' + - description: Information about the IPv6 CIDR blocks associated with the subnet. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the subnet. + subnetArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the subnet. + outpostArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Outpost. + enableDns64: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. + ipv6Native: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether this is an IPv6 only subnet. + privateDnsNameOptionsOnLaunch: + allOf: + - $ref: '#/components/schemas/PrivateDnsNameOptionsOnLaunch' + - description: The type of hostnames to assign to instances in the subnet at launch. An instance hostname is based on the IPv4 address or ID of the instance. + description: Describes a subnet. + CreateDefaultVpcRequest: + type: object + title: CreateDefaultVpcRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Vpc: + type: object + properties: + cidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The primary IPv4 CIDR block for the VPC. + dhcpOptionsId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the set of DHCP options you've associated with the VPC. + state: + allOf: + - $ref: '#/components/schemas/VpcState' + - description: The current state of the VPC. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the VPC. + instanceTenancy: + allOf: + - $ref: '#/components/schemas/Tenancy' + - description: The allowed tenancy of instances launched into the VPC. + ipv6CidrBlockAssociationSet: + allOf: + - $ref: '#/components/schemas/VpcIpv6CidrBlockAssociationSet' + - description: Information about the IPv6 CIDR blocks associated with the VPC. + cidrBlockAssociationSet: + allOf: + - $ref: '#/components/schemas/VpcCidrBlockAssociationSet' + - description: Information about the IPv4 CIDR blocks associated with the VPC. + isDefault: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the VPC is the default VPC. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the VPC. + description: Describes a VPC. + NewDhcpConfigurationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NewDhcpConfiguration' + - xml: + name: item + CreateDhcpOptionsRequest: + type: object + required: + - DhcpConfigurations + title: CreateDhcpOptionsRequest + properties: + dhcpConfiguration: + allOf: + - $ref: '#/components/schemas/NewDhcpConfigurationList' + - description: A DHCP configuration option. + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to assign to the DHCP option. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DhcpOptions: + type: object + properties: + dhcpConfigurationSet: + allOf: + - $ref: '#/components/schemas/DhcpConfigurationList' + - description: One or more DHCP options in the set. + dhcpOptionsId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the set of DHCP options. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the DHCP options set. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the DHCP options set. + description: Describes a set of DHCP options. + CreateEgressOnlyInternetGatewayRequest: + type: object + required: + - VpcId + title: CreateEgressOnlyInternetGatewayRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC for which to create the egress-only internet gateway. + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to assign to the egress-only internet gateway. + EgressOnlyInternetGateway: + type: object + properties: + attachmentSet: + allOf: + - $ref: '#/components/schemas/InternetGatewayAttachmentList' + - description: Information about the attachment of the egress-only internet gateway. + egressOnlyInternetGatewayId: + allOf: + - $ref: '#/components/schemas/EgressOnlyInternetGatewayId' + - description: The ID of the egress-only internet gateway. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the egress-only internet gateway. + description: Describes an egress-only internet gateway. + LaunchTemplateAndOverridesResponse: + type: object + properties: + launchTemplateSpecification: + allOf: + - $ref: '#/components/schemas/FleetLaunchTemplateSpecification' + - description: The launch template. + overrides: + allOf: + - $ref: '#/components/schemas/FleetLaunchTemplateOverrides' + - description: Any parameters that you specify override the same parameters in the launch template. + description: Describes a launch template and overrides. + InstanceLifecycle: + type: string + enum: + - spot + - on-demand + CreateFleetError: + type: object + properties: + launchTemplateAndOverrides: + allOf: + - $ref: '#/components/schemas/LaunchTemplateAndOverridesResponse' + - description: The launch templates and overrides that were used for launching the instances. The values that you specify in the Overrides replace the values in the launch template. + lifecycle: + allOf: + - $ref: '#/components/schemas/InstanceLifecycle' + - description: Indicates if the instance that could not be launched was a Spot Instance or On-Demand Instance. + errorCode: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The error code that indicates why the instance could not be launched. For more information about error codes, see Error codes.' + errorMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The error message that describes why the instance could not be launched. For more information about error messages, see Error codes.' + description: Describes the instances that could not be launched by the fleet. + CreateFleetErrorsSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/CreateFleetError' + - xml: + name: item + InstanceIdsSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: item + PlatformValues: + type: string + enum: + - Windows + CreateFleetInstance: + type: object + properties: + launchTemplateAndOverrides: + allOf: + - $ref: '#/components/schemas/LaunchTemplateAndOverridesResponse' + - description: The launch templates and overrides that were used for launching the instances. The values that you specify in the Overrides replace the values in the launch template. + lifecycle: + allOf: + - $ref: '#/components/schemas/InstanceLifecycle' + - description: Indicates if the instance that was launched is a Spot Instance or On-Demand Instance. + instanceIds: + allOf: + - $ref: '#/components/schemas/InstanceIdsSet' + - description: The IDs of the instances. + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type. + platform: + allOf: + - $ref: '#/components/schemas/PlatformValues' + - description: 'The value is Windows for Windows instances. Otherwise, the value is blank.' + description: Describes the instances that were launched by the fleet. + CreateFleetInstancesSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/CreateFleetInstance' + - xml: + name: item + CreateFleetRequest: + type: object + required: + - LaunchTemplateConfigs + - TargetCapacitySpecification + title: CreateFleetRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Indicates whether EC2 Fleet should replace unhealthy Spot Instances. Supported only for fleets of type maintain. For more information, see EC2 Fleet health checks in the Amazon EC2 User Guide.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/String' + - description: Reserved. + DestinationOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. The default is false. + description: Describes the destination options for a flow log. + CreateFlowLogsRequest: + type: object + required: + - ResourceIds + - ResourceType + - TrafficType + title: CreateFlowLogsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.

If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn or LogGroupName.

' + ResourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The fields to include in the flow log record, in the order in which they should appear. For a list of available fields, see Flow log records. If you omit this parameter, the flow log is created using the default format. If you specify this parameter, you must specify at least one field.

Specify the fields using the ${field-id} format, separated by spaces. For the CLI, surround this parameter value with single quotes on Linux or double quotes on Windows.

' + TagSpecification: + allOf: + - $ref: '#/components/schemas/DestinationOptionsRequest' + - description: The destination options. + CreateFpgaImageRequest: + type: object + required: + - InputStorageLocation + title: CreateFpgaImageRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to apply to the FPGA image during creation. + CreateImageRequest: + type: object + required: + - InstanceId + - Name + title: CreateImageRequest + properties: + blockDeviceMapping: + allOf: + - $ref: '#/components/schemas/BlockDeviceMappingRequestList' + - description: 'The block device mappings. This parameter cannot be used to modify the encryption status of existing volumes or snapshots. To create an AMI with encrypted snapshots, use the CopyImage action.' + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description for the new image. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + instanceId: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: The ID of the instance. + name: + allOf: + - $ref: '#/components/schemas/String' + - description: '

A name for the new image.

Constraints: 3-128 alphanumeric characters, parentheses (()), square brackets ([]), spaces ( ), periods (.), slashes (/), dashes (-), single quotes (''), at-signs (@), or underscores(_)

' + noReboot: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

By default, when Amazon EC2 creates the new AMI, it reboots the instance so that it can take snapshots of the attached volumes while data is at rest, in order to ensure a consistent state. You can set the NoReboot parameter to true in the API request, or use the --no-reboot option in the CLI to prevent Amazon EC2 from shutting down and rebooting the instance.

If you choose to bypass the shutdown and reboot process by setting the NoReboot parameter to true in the API request, or by using the --no-reboot option in the CLI, we can''t guarantee the file system integrity of the created image.

Default: false (follow standard reboot process)

' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: '

The tags to apply to the AMI and snapshots on creation. You can tag the AMI, the snapshots, or both.

  • To tag the AMI, the value for ResourceType must be image.

  • To tag the snapshots that are created of the root volume and of other Amazon EBS volumes that are attached to the instance, the value for ResourceType must be snapshot. The same tag is applied to all of the snapshots that are created.

If you specify other values for ResourceType, the request fails.

To tag an AMI or snapshot after it has been created, see CreateTags.

' + InstanceEventWindowCronExpression: + type: string + CreateInstanceEventWindowRequest: + type: object + title: CreateInstanceEventWindowRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the event window. + TimeRange: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowCronExpression' + - description: '

The cron expression for the event window, for example, * 0-4,20-23 * * 1,5. If you specify a cron expression, you can''t specify a time range.

Constraints:

  • Only hour and day of the week values are supported.

  • For day of the week values, you can specify either integers 0 through 6, or alternative single values SUN through SAT.

  • The minute, month, and year must be specified by *.

  • The hour value must be one or a multiple range, for example, 0-4 or 0-4,20-23.

  • Each hour range must be >= 2 hours, for example, 0-2 or 20-23.

  • The event window must be >= 4 hours. The combined total time ranges in the event window must be >= 4 hours.

For more information about cron expressions, see cron on the Wikipedia website.

' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to apply to the event window. + ExportToS3TaskSpecification: + type: object + properties: + containerFormat: + allOf: + - $ref: '#/components/schemas/ContainerFormat' + - description: 'The container format used to combine disk images with metadata (such as OVF). If absent, only the disk image is exported.' + diskImageFormat: + allOf: + - $ref: '#/components/schemas/DiskImageFormat' + - description: The format for the exported image. + s3Bucket: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon S3 bucket for the destination image. The destination bucket must exist and grant WRITE and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com. + s3Prefix: + allOf: + - $ref: '#/components/schemas/String' + - description: The image is written to a single object in the Amazon S3 bucket at the S3 key s3prefix + exportTaskId + '.' + diskImageFormat. + description: Describes an export instance task. + ExportEnvironment: + type: string + enum: + - citrix + - vmware + - microsoft + CreateInstanceExportTaskRequest: + type: object + required: + - ExportToS3Task + - InstanceId + - TargetEnvironment + title: CreateInstanceExportTaskRequest + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description for the conversion task or the resource being exported. The maximum length is 255 characters. + exportToS3: + allOf: + - $ref: '#/components/schemas/ExportToS3TaskSpecification' + - description: The format and location for an export instance task. + instanceId: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: The ID of the instance. + targetEnvironment: + allOf: + - $ref: '#/components/schemas/ExportEnvironment' + - description: The target virtualization environment. + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to apply to the export instance task during creation. + ExportTask: + type: object + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the resource being exported. + exportTaskId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the export task. + exportToS3: + allOf: + - $ref: '#/components/schemas/ExportToS3Task' + - description: Information about the export task. + instanceExport: + allOf: + - $ref: '#/components/schemas/InstanceExportDetails' + - description: Information about the instance to export. + state: + allOf: + - $ref: '#/components/schemas/ExportTaskState' + - description: The state of the export task. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: The status message related to the export task. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the export task. + description: Describes an export instance task. + CreateInternetGatewayRequest: + type: object + title: CreateInternetGatewayRequest + properties: + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to assign to the internet gateway. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + InternetGateway: + type: object + properties: + attachmentSet: + allOf: + - $ref: '#/components/schemas/InternetGatewayAttachmentList' + - description: Any VPCs attached to the internet gateway. + internetGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the internet gateway. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the internet gateway. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the internet gateway. + description: Describes an internet gateway. + IpamNetmaskLength: + type: integer + minimum: 0 + maximum: 128 + RequestIpamResourceTagList: + type: array + items: + allOf: + - $ref: '#/components/schemas/RequestIpamResourceTag' + - xml: + name: item + IpamPoolAwsService: + type: string + enum: + - ec2 + CreateIpamPoolRequest: + type: object + required: + - IpamScopeId + - AddressFamily + title: CreateIpamPoolRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/IpamNetmaskLength' + - description: 'The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.' + AllocationResourceTag: + allOf: + - $ref: '#/components/schemas/RequestIpamResourceTagList' + - description: 'Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/IpamPoolAwsService' + - description: 'Limits which service in Amazon Web Services that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs.' + IpamPool: + type: object + properties: + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID of the owner of the IPAM pool. + ipamPoolId: + allOf: + - $ref: '#/components/schemas/IpamPoolId' + - description: The ID of the IPAM pool. + sourceIpamPoolId: + allOf: + - $ref: '#/components/schemas/IpamPoolId' + - description: The ID of the source IPAM pool. You can use this option to create an IPAM pool within an existing source pool. + ipamPoolArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The ARN of the IPAM pool. + ipamScopeArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The ARN of the scope of the IPAM pool. + ipamScopeType: + allOf: + - $ref: '#/components/schemas/IpamScopeType' + - description: 'In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.' + ipamArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The ARN of the IPAM. + ipamRegion: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services Region of the IPAM pool. + locale: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The locale of the IPAM pool. In IPAM, the locale is the Amazon Web Services Region where you want to make an IPAM pool available for allocations. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you choose an Amazon Web Services Region for locale that has not been configured as an operating Region for the IPAM, you''ll get an error.' + poolDepth: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The depth of pools in your IPAM pool. The pool depth quota is 10. For more information, see Quotas in IPAM in the Amazon VPC IPAM User Guide. ' + state: + allOf: + - $ref: '#/components/schemas/IpamPoolState' + - description: The state of the IPAM pool. + stateMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: A message related to the failed creation of an IPAM pool. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the IPAM pool. + autoImport: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool''s allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.

A locale must be set on the pool for this feature to work.

' + publiclyAdvertisable: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Determines if a pool is publicly advertisable. This option is not available for pools with AddressFamily set to ipv4. + addressFamily: + allOf: + - $ref: '#/components/schemas/AddressFamily' + - description: The address family of the pool. + allocationMinNetmaskLength: + allOf: + - $ref: '#/components/schemas/IpamNetmaskLength' + - description: The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. The minimum netmask length must be less than the maximum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128. + allocationMaxNetmaskLength: + allOf: + - $ref: '#/components/schemas/IpamNetmaskLength' + - description: The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. The maximum netmask length must be greater than the minimum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128. + allocationDefaultNetmaskLength: + allOf: + - $ref: '#/components/schemas/IpamNetmaskLength' + - description: 'The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.' + allocationResourceTagSet: + allOf: + - $ref: '#/components/schemas/IpamResourceTagList' + - description: 'Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.' + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' + awsService: + allOf: + - $ref: '#/components/schemas/IpamPoolAwsService' + - description: 'Limits which service in Amazon Web Services that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs.' + description: 'In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.' + CreateIpamRequest: + type: object + title: CreateIpamRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: A description for the IPAM. + OperatingRegion: + allOf: + - $ref: '#/components/schemas/AddIpamOperatingRegionSet' + - description: '

The operating Regions for the IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

' + TagSpecification: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' + Ipam: + type: object + properties: + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID of the owner of the IPAM. + ipamId: + allOf: + - $ref: '#/components/schemas/IpamId' + - description: The ID of the IPAM. + ipamArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The ARN of the IPAM. + ipamRegion: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services Region of the IPAM. + publicDefaultScopeId: + allOf: + - $ref: '#/components/schemas/IpamScopeId' + - description: The ID of the IPAM's default public scope. + privateDefaultScopeId: + allOf: + - $ref: '#/components/schemas/IpamScopeId' + - description: The ID of the IPAM's default private scope. + scopeCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The number of scopes in the IPAM. The scope quota is 5. For more information on quotas, see Quotas in IPAM in the Amazon VPC IPAM User Guide. ' + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description for the IPAM. + operatingRegionSet: + allOf: + - $ref: '#/components/schemas/IpamOperatingRegionSet' + - description: '

The operating Regions for an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

' + state: + allOf: + - $ref: '#/components/schemas/IpamState' + - description: The state of the IPAM. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' + description: 'IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization. For more information, see What is IPAM? in the Amazon VPC IPAM User Guide.' + CreateIpamScopeRequest: + type: object + required: + - IpamId + title: CreateIpamScopeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: A description for the scope you're creating. + TagSpecification: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' + IpamScope: + type: object + properties: + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID of the owner of the scope. + ipamScopeId: + allOf: + - $ref: '#/components/schemas/IpamScopeId' + - description: The ID of the scope. + ipamScopeArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The ARN of the scope. + ipamArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The ARN of the IPAM. + ipamRegion: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services Region of the IPAM scope. + ipamScopeType: + allOf: + - $ref: '#/components/schemas/IpamScopeType' + - description: The type of the scope. + isDefault: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Defines if the scope is the default scope or not. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the scope. + poolCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of pools in the scope. + state: + allOf: + - $ref: '#/components/schemas/IpamScopeState' + - description: The state of the IPAM scope. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' + description: '

In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.

For more information, see How IPAM works in the Amazon VPC IPAM User Guide.

' + KeyType: + type: string + enum: + - rsa + - ed25519 + KeyFormat: + type: string + enum: + - pem + - ppk + CreateKeyPairRequest: + type: object + required: + - KeyName + title: CreateKeyPairRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

A unique name for the key pair.

Constraints: Up to 255 ASCII characters

' + dryRun: + allOf: + - $ref: '#/components/schemas/KeyType' + - description: '

The type of key pair. Note that ED25519 keys are not supported for Windows instances.

Default: rsa

' + TagSpecification: + allOf: + - $ref: '#/components/schemas/KeyFormat' + - description: '

The format of the key pair.

Default: pem

' + RequestLaunchTemplateData: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LaunchTemplateIamInstanceProfileSpecificationRequest' + - description: The name or Amazon Resource Name (ARN) of an IAM instance profile. + BlockDeviceMapping: + allOf: + - $ref: '#/components/schemas/LaunchTemplateBlockDeviceMappingRequestList' + - description: The block device mapping. + NetworkInterface: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see Running Commands on Your Linux Instance at Launch (Linux) or Adding User Data (Windows).

If you are creating the launch template for use with Batch, the user data must be provided in the MIME multi-part archive format. For more information, see Amazon EC2 user data in launch templates in the Batch User Guide.

' + TagSpecification: + allOf: + - $ref: '#/components/schemas/LaunchTemplateTagSpecificationRequestList' + - description: 'The tags to apply to the resources during launch. You can only tag instances and volumes on launch. The specified tags are applied to all instances or volumes that are created during launch. To tag a resource after it has been created, see CreateTags.' + ElasticGpuSpecification: + allOf: + - $ref: '#/components/schemas/ElasticGpuSpecificationList' + - description: An elastic GPU to associate with the instance. + ElasticInferenceAccelerator: + allOf: + - $ref: '#/components/schemas/LaunchTemplateElasticInferenceAcceleratorList' + - description: ' The elastic inference accelerator for the instance. ' + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/SecurityGroupIdStringList' + - description: 'One or more security group IDs. You can create a security group using CreateSecurityGroup. You cannot specify both a security group ID and security name in the same request.' + SecurityGroup: + allOf: + - $ref: '#/components/schemas/LaunchTemplateCapacityReservationSpecificationRequest' + - description: 'The Capacity Reservation targeting option. If you do not specify this parameter, the instance''s Capacity Reservation preference defaults to open, which enables it to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).' + LicenseSpecification: + allOf: + - $ref: '#/components/schemas/LaunchTemplateInstanceMaintenanceOptionsRequest' + - description: The maintenance options for the instance. + description:

The information to include in the launch template.

You must specify at least one parameter for the launch template data.

 + CreateLaunchTemplateRequest: + type: object + required: + - LaunchTemplateName + - LaunchTemplateData + title: CreateLaunchTemplateRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/RequestLaunchTemplateData' + - description: The information for the launch template. + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to apply to the launch template during creation. + LaunchTemplate: + type: object + properties: + launchTemplateId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the launch template. + launchTemplateName: + allOf: + - $ref: '#/components/schemas/LaunchTemplateName' + - description: The name of the launch template. + createTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time launch template was created. + createdBy: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The principal that created the launch template. ' + defaultVersionNumber: + allOf: + - $ref: '#/components/schemas/Long' + - description: The version number of the default version of the launch template. + latestVersionNumber: + allOf: + - $ref: '#/components/schemas/Long' + - description: The version number of the latest version of the launch template. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the launch template. + description: Describes a launch template. + ValidationWarning: + type: object + properties: + errorSet: + allOf: + - $ref: '#/components/schemas/ErrorSet' + - description: The error codes and error messages. + description: The error codes and error messages that are returned for the parameters or parameter combinations that are not valid when a new launch template or new version of a launch template is created. + CreateLaunchTemplateVersionRequest: + type: object + required: + - LaunchTemplateData + title: CreateLaunchTemplateVersionRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/RequestLaunchTemplateData' + - description: The information for the launch template. + LaunchTemplateVersion: + type: object + properties: + launchTemplateId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the launch template. + launchTemplateName: + allOf: + - $ref: '#/components/schemas/LaunchTemplateName' + - description: The name of the launch template. + versionNumber: + allOf: + - $ref: '#/components/schemas/Long' + - description: The version number. + versionDescription: + allOf: + - $ref: '#/components/schemas/VersionDescription' + - description: The description for the version. + createTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time the version was created. + createdBy: + allOf: + - $ref: '#/components/schemas/String' + - description: The principal that created the version. + defaultVersion: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the version is the default version. + launchTemplateData: + allOf: + - $ref: '#/components/schemas/ResponseLaunchTemplateData' + - description: Information about the launch template. + description: Describes a launch template version. + CreateLocalGatewayRouteRequest: + type: object + required: + - DestinationCidrBlock + - LocalGatewayRouteTableId + - LocalGatewayVirtualInterfaceGroupId + title: CreateLocalGatewayRouteRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + LocalGatewayRoute: + type: object + properties: + destinationCidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The CIDR block used for destination matches. + localGatewayVirtualInterfaceGroupId: + allOf: + - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroupId' + - description: The ID of the virtual interface group. + type: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteType' + - description: The route type. + state: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteState' + - description: The state of the route. + localGatewayRouteTableId: + allOf: + - $ref: '#/components/schemas/LocalGatewayRoutetableId' + - description: The ID of the local gateway route table. + localGatewayRouteTableArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The Amazon Resource Name (ARN) of the local gateway route table. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the local gateway route. + description: Describes a route for a local gateway route table. + CreateLocalGatewayRouteTableVpcAssociationRequest: + type: object + required: + - LocalGatewayRouteTableId + - VpcId + title: CreateLocalGatewayRouteTableVpcAssociationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + TagSpecification: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + LocalGatewayRouteTableVpcAssociation: + type: object + properties: + localGatewayRouteTableVpcAssociationId: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociationId' + - description: The ID of the association. + localGatewayRouteTableId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the local gateway route table. + localGatewayRouteTableArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The Amazon Resource Name (ARN) of the local gateway route table for the association. + localGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the local gateway. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the local gateway route table for the association. + state: + allOf: + - $ref: '#/components/schemas/String' + - description: The state of the association. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the association. + description: Describes an association between a local gateway route table and a VPC. + CreateManagedPrefixListRequest: + type: object + required: + - PrefixListName + - MaxEntries + - AddressFamily + title: CreateManagedPrefixListRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

A name for the prefix list.

Constraints: Up to 255 characters in length. The name cannot start with com.amazonaws.

' + Entry: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The maximum number of entries for the prefix list. + TagSpecification: + allOf: + - $ref: '#/components/schemas/String' + - description: '

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

Constraints: Up to 255 UTF-8 characters in length.

' + ManagedPrefixList: + type: object + properties: + prefixListId: + allOf: + - $ref: '#/components/schemas/PrefixListResourceId' + - description: The ID of the prefix list. + addressFamily: + allOf: + - $ref: '#/components/schemas/String' + - description: The IP address version. + state: + allOf: + - $ref: '#/components/schemas/PrefixListState' + - description: The current state of the prefix list. + stateMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: The state message. + prefixListArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The Amazon Resource Name (ARN) for the prefix list. + prefixListName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the prefix list. + maxEntries: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The maximum number of entries for the prefix list. + version: + allOf: + - $ref: '#/components/schemas/Long' + - description: The version of the prefix list. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the prefix list. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the owner of the prefix list. + description: Describes a managed prefix list. + CreateNatGatewayRequest: + type: object + required: + - SubnetId + title: CreateNatGatewayRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: The subnet in which to create the NAT gateway. + TagSpecification: + allOf: + - $ref: '#/components/schemas/ConnectivityType' + - description: Indicates whether the NAT gateway supports public or private connectivity. The default is public connectivity. + NatGateway: + type: object + properties: + createTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The date and time the NAT gateway was created. + deleteTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The date and time the NAT gateway was deleted, if applicable.' + failureCode: + allOf: + - $ref: '#/components/schemas/String' + - description: 'If the NAT gateway could not be created, specifies the error code for the failure. (InsufficientFreeAddressesInSubnet | Gateway.NotAttached | InvalidAllocationID.NotFound | Resource.AlreadyAssociated | InternalError | InvalidSubnetID.NotFound)' + failureMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: '

If the NAT gateway could not be created, specifies the error message for the failure, that corresponds to the error code.

  • For InsufficientFreeAddressesInSubnet: "Subnet has insufficient free addresses to create this NAT gateway"

  • For Gateway.NotAttached: "Network vpc-xxxxxxxx has no Internet gateway attached"

  • For InvalidAllocationID.NotFound: "Elastic IP address eipalloc-xxxxxxxx could not be associated with this NAT gateway"

  • For Resource.AlreadyAssociated: "Elastic IP address eipalloc-xxxxxxxx is already associated"

  • For InternalError: "Network interface eni-xxxxxxxx, created and used internally by this NAT gateway is in an invalid state. Please try again."

  • For InvalidSubnetID.NotFound: "The specified subnet subnet-xxxxxxxx does not exist or could not be found."

' + natGatewayAddressSet: + allOf: + - $ref: '#/components/schemas/NatGatewayAddressList' + - description: Information about the IP addresses and network interface associated with the NAT gateway. + natGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the NAT gateway. + provisionedBandwidth: + allOf: + - $ref: '#/components/schemas/ProvisionedBandwidth' + - description: 'Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.' + state: + allOf: + - $ref: '#/components/schemas/NatGatewayState' + - description: '

The state of the NAT gateway.

  • pending: The NAT gateway is being created and is not ready to process traffic.

  • failed: The NAT gateway could not be created. Check the failureCode and failureMessage fields for the reason.

  • available: The NAT gateway is able to process traffic. This status remains until you delete the NAT gateway, and does not indicate the health of the NAT gateway.

  • deleting: The NAT gateway is in the process of being terminated and may still be processing traffic.

  • deleted: The NAT gateway has been terminated and is no longer processing traffic.

' + subnetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet in which the NAT gateway is located. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC in which the NAT gateway is located. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the NAT gateway. + connectivityType: + allOf: + - $ref: '#/components/schemas/ConnectivityType' + - description: Indicates whether the NAT gateway supports public or private connectivity. + description: Describes a NAT gateway. + IcmpTypeCode: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The ICMP code. A value of -1 means all codes for the specified ICMP type. + type: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The ICMP type. A value of -1 means all types. + description: Describes the ICMP type and code. + RuleAction: + type: string + enum: + - allow + - deny + CreateNetworkAclEntryRequest: + type: object + required: + - Egress + - NetworkAclId + - Protocol + - RuleAction + - RuleNumber + title: CreateNetworkAclEntryRequest + properties: + cidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv4 network range to allow or deny, in CIDR notation (for example 172.16.0.0/24). We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + egress: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). + Icmp: + allOf: + - $ref: '#/components/schemas/IcmpTypeCode' + - description: 'ICMP protocol: The ICMP or ICMPv6 type and code. Required if specifying protocol 1 (ICMP) or protocol 58 (ICMPv6) with an IPv6 CIDR block.' + ipv6CidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv6 network range to allow or deny, in CIDR notation (for example 2001:db8:1234:1a00::/64).' + networkAclId: + allOf: + - $ref: '#/components/schemas/NetworkAclId' + - description: The ID of the network ACL. + portRange: + allOf: + - $ref: '#/components/schemas/PortRange' + - description: 'TCP or UDP protocols: The range of ports the rule applies to. Required if specifying protocol 6 (TCP) or 17 (UDP).' + protocol: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The protocol number. A value of "-1" means all protocols. If you specify "-1" or a protocol number other than "6" (TCP), "17" (UDP), or "1" (ICMP), traffic on all ports is allowed, regardless of any ports or ICMP types or codes that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv4 CIDR block, traffic for all ICMP types and codes allowed, regardless of any that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv6 CIDR block, you must specify an ICMP type and code.' + ruleAction: + allOf: + - $ref: '#/components/schemas/RuleAction' + - description: Indicates whether to allow or deny the traffic that matches the rule. + ruleNumber: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.

Constraints: Positive integer from 1 to 32766. The range 32767 to 65535 is reserved for internal use.

' + CreateNetworkAclRequest: + type: object + required: + - VpcId + title: CreateNetworkAclRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + vpcId: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to assign to the network ACL. + NetworkAcl: + type: object + properties: + associationSet: + allOf: + - $ref: '#/components/schemas/NetworkAclAssociationList' + - description: Any associations between the network ACL and one or more subnets + entrySet: + allOf: + - $ref: '#/components/schemas/NetworkAclEntryList' + - description: One or more entries (rules) in the network ACL. + default: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether this is the default network ACL for the VPC. + networkAclId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network ACL. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the network ACL. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC for the network ACL. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the network ACL. + description: Describes a network ACL. + CreateNetworkInsightsAccessScopeRequest: + type: object + required: + - ClientToken + title: CreateNetworkInsightsAccessScopeRequest + properties: + MatchPath: + allOf: + - $ref: '#/components/schemas/AccessScopePathListRequest' + - description: The paths to match. + ExcludePath: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + NetworkInsightsAccessScope: + type: object + properties: + networkInsightsAccessScopeId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' + - description: The ID of the Network Access Scope. + networkInsightsAccessScopeArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The Amazon Resource Name (ARN) of the Network Access Scope. + createdDate: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The creation date. + updatedDate: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The last updated date. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags. + description: Describes a Network Access Scope. + NetworkInsightsAccessScopeContent: + type: object + properties: + networkInsightsAccessScopeId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' + - description: The ID of the Network Access Scope. + matchPathSet: + allOf: + - $ref: '#/components/schemas/AccessScopePathList' + - description: The paths to match. + excludePathSet: + allOf: + - $ref: '#/components/schemas/AccessScopePathList' + - description: The paths to exclude. + description: Describes the Network Access Scope content. + CreateNetworkInsightsPathRequest: + type: object + required: + - Source + - Destination + - Protocol + - ClientToken + title: CreateNetworkInsightsPathRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Port' + - description: The destination port. + TagSpecification: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + NetworkInsightsPath: + type: object + properties: + networkInsightsPathId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsPathId' + - description: The ID of the path. + networkInsightsPathArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The Amazon Resource Name (ARN) of the path. + createdDate: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time stamp when the path was created. + source: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services resource that is the source of the path. + destination: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services resource that is the destination of the path. + sourceIp: + allOf: + - $ref: '#/components/schemas/IpAddress' + - description: The IP address of the Amazon Web Services resource that is the source of the path. + destinationIp: + allOf: + - $ref: '#/components/schemas/IpAddress' + - description: The IP address of the Amazon Web Services resource that is the destination of the path. + protocol: + allOf: + - $ref: '#/components/schemas/Protocol' + - description: The protocol. + destinationPort: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The destination port. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags associated with the path. + description: Describes a path. + CreateNetworkInterfacePermissionRequest: + type: object + required: + - NetworkInterfaceId + - Permission + title: CreateNetworkInterfacePermissionRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for CreateNetworkInterfacePermission. + NetworkInterfacePermission: + type: object + properties: + networkInterfacePermissionId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network interface permission. + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network interface. + awsAccountId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID. + awsService: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Service. + permission: + allOf: + - $ref: '#/components/schemas/InterfacePermissionType' + - description: The type of permission. + permissionState: + allOf: + - $ref: '#/components/schemas/NetworkInterfacePermissionState' + - description: Information about the state of the permission. + description: Describes a permission for a network interface. + InstanceIpv6AddressList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceIpv6Address' + - xml: + name: item + PrivateIpAddressSpecificationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/PrivateIpAddressSpecification' + - xml: + name: item + NetworkInterfaceCreationType: + type: string + enum: + - efa + - branch + - trunk + CreateNetworkInterfaceRequest: + type: object + required: + - SubnetId + title: CreateNetworkInterfaceRequest + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description for the network interface. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/SecurityGroupIdStringList' + - description: The IDs of one or more security groups. + ipv6AddressCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. You can''t use this option if specifying specific IPv6 addresses. If your subnet has the AssignIpv6AddressOnCreation attribute set to true, you can specify 0 to override this setting.' + ipv6Addresses: + allOf: + - $ref: '#/components/schemas/InstanceIpv6AddressList' + - description: One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. You can't use this option if you're specifying a number of IPv6 addresses. + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The primary private IPv4 address of the network interface. If you don''t specify an IPv4 address, Amazon EC2 selects one for you from the subnet''s IPv4 CIDR range. If you specify an IP address, you cannot indicate any IP addresses specified in privateIpAddresses as primary (only one IP address can be designated as primary).' + privateIpAddresses: + allOf: + - $ref: '#/components/schemas/PrivateIpAddressSpecificationList' + - description: One or more private IPv4 addresses. + secondaryPrivateIpAddressCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The number of secondary private IPv4 addresses to assign to a network interface. When you specify a number of secondary IPv4 addresses, Amazon EC2 selects these IP addresses within the subnet''s IPv4 CIDR range. You can''t specify this option and specify more than one private IP address using privateIpAddresses.

The number of IP addresses you can assign to a network interface varies by instance type. For more information, see IP Addresses Per ENI Per Instance Type in the Amazon Virtual Private Cloud User Guide.

' + Ipv4Prefix: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option. + Ipv6Prefix: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceCreationType' + - description:

The type of network interface. The default is interface.

The only supported values are efa and trunk.

+ subnetId: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: The ID of the subnet to associate with the network interface. + TagSpecification: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' + description: Contains the parameters for CreateNetworkInterface. + NetworkInterface: + type: object + properties: + association: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceAssociation' + - description: The association information for an Elastic IP address (IPv4) associated with the network interface. + attachment: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceAttachment' + - description: The network interface attachment. + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description. + groupSet: + allOf: + - $ref: '#/components/schemas/GroupIdentifierList' + - description: Any security groups for the network interface. + interfaceType: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceType' + - description: The type of network interface. + ipv6AddressesSet: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceIpv6AddressesList' + - description: The IPv6 addresses associated with the network interface. + macAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The MAC address. + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network interface. + outpostArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Outpost. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID of the owner of the network interface. + privateDnsName: + allOf: + - $ref: '#/components/schemas/String' + - description: The private DNS name. + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv4 address of the network interface within the subnet. + privateIpAddressesSet: + allOf: + - $ref: '#/components/schemas/NetworkInterfacePrivateIpAddressList' + - description: The private IPv4 addresses associated with the network interface. + ipv4PrefixSet: + allOf: + - $ref: '#/components/schemas/Ipv4PrefixesList' + - description: The IPv4 prefixes that are assigned to the network interface. + ipv6PrefixSet: + allOf: + - $ref: '#/components/schemas/Ipv6PrefixesList' + - description: The IPv6 prefixes that are assigned to the network interface. + requesterId: + allOf: + - $ref: '#/components/schemas/String' + - description: The alias or Amazon Web Services account ID of the principal or service that created the network interface. + requesterManaged: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the network interface is being managed by Amazon Web Services. + sourceDestCheck: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether source/destination checking is enabled. + status: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceStatus' + - description: The status of the network interface. + subnetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the network interface. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + denyAllIgwTraffic: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Indicates whether a network interface with an IPv6 address is unreachable from the public internet. If the value is true, inbound traffic from the internet is dropped and you cannot assign an elastic IP address to the network interface. The network interface is reachable from peered VPCs and resources connected through a transit gateway, including on-premises networks.' + ipv6Native: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether this is an IPv6 only network interface. + ipv6Address: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 globally unique address associated with the network interface. + description: Describes a network interface. + CreatePlacementGroupRequest: + type: object + title: CreatePlacementGroupRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + groupName: + allOf: + - $ref: '#/components/schemas/String' + - description: '

A name for the placement group. Must be unique within the scope of your account for the Region.

Constraints: Up to 255 ASCII characters

' + strategy: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of partitions. Valid only when Strategy is set to partition. + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to apply to the new placement group. + PlacementGroup: + type: object + properties: + groupName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the placement group. + state: + allOf: + - $ref: '#/components/schemas/PlacementGroupState' + - description: The state of the placement group. + strategy: + allOf: + - $ref: '#/components/schemas/PlacementStrategy' + - description: The placement strategy. + partitionCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of partitions. Valid only if strategy is set to partition. + groupId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the placement group. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags applied to the placement group. + groupArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the placement group. + description: Describes a placement group. + CreatePublicIpv4PoolRequest: + type: object + title: CreatePublicIpv4PoolRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' + CreateReplaceRootVolumeTaskRequest: + type: object + required: + - InstanceId + title: CreateReplaceRootVolumeTaskRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to apply to the root volume replacement task. + ReplaceRootVolumeTask: + type: object + properties: + replaceRootVolumeTaskId: + allOf: + - $ref: '#/components/schemas/ReplaceRootVolumeTaskId' + - description: The ID of the root volume replacement task. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance for which the root volume replacement task was created. + taskState: + allOf: + - $ref: '#/components/schemas/ReplaceRootVolumeTaskState' + - description: '

The state of the task. The task can be in one of the following states:

  • pending - the replacement volume is being created.

  • in-progress - the original volume is being detached and the replacement volume is being attached.

  • succeeded - the replacement volume has been successfully attached to the instance and the instance is available.

  • failing - the replacement task is in the process of failing.

  • failed - the replacement task has failed but the original root volume is still attached.

  • failing-detached - the replacement task is in the process of failing. The instance might have no root volume attached.

  • failed-detached - the replacement task has failed and the instance has no root volume attached.

' + startTime: + allOf: + - $ref: '#/components/schemas/String' + - description: The time the task was started. + completeTime: + allOf: + - $ref: '#/components/schemas/String' + - description: The time the task completed. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the task. + description: Information about a root volume replacement task. + PriceScheduleSpecificationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/PriceScheduleSpecification' + - xml: + name: item + CreateReservedInstancesListingRequest: + type: object + required: + - ClientToken + - InstanceCount + - PriceSchedules + - ReservedInstancesId + title: CreateReservedInstancesListingRequest + properties: + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier you provide to ensure idempotency of your listings. This helps avoid duplicate listings. For more information, see Ensuring Idempotency.' + instanceCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of instances that are a part of a Reserved Instance account to be listed in the Reserved Instance Marketplace. This number should be less than or equal to the instance count associated with the Reserved Instance ID specified in this call. + priceSchedules: + allOf: + - $ref: '#/components/schemas/PriceScheduleSpecificationList' + - description: A list specifying the price of the Standard Reserved Instance for each month remaining in the Reserved Instance term. + reservedInstancesId: + allOf: + - $ref: '#/components/schemas/ReservationId' + - description: The ID of the active Standard Reserved Instance. + description: Contains the parameters for CreateReservedInstancesListing. + CreateRestoreImageTaskRequest: + type: object + required: + - Bucket + - ObjectKey + title: CreateRestoreImageTaskRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The name for the restored AMI. The name must be unique for AMIs in the Region for this account. If you do not provide a name, the new AMI gets the same name as the original AMI.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + CreateRouteRequest: + type: object + required: + - RouteTableId + title: CreateRouteRequest + properties: + destinationCidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv4 CIDR address block used for the destination match. Routing decisions are based on the most specific match. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.' + destinationIpv6CidrBlock: + allOf: + - $ref: '#/components/schemas/PrefixListResourceId' + - description: The ID of a prefix list used for the destination match. + dryRun: + allOf: + - $ref: '#/components/schemas/VpcEndpointId' + - description: The ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only. + egressOnlyInternetGatewayId: + allOf: + - $ref: '#/components/schemas/EgressOnlyInternetGatewayId' + - description: '[IPv6 traffic only] The ID of an egress-only internet gateway.' + gatewayId: + allOf: + - $ref: '#/components/schemas/RouteGatewayId' + - description: The ID of an internet gateway or virtual private gateway attached to your VPC. + instanceId: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: The ID of a NAT instance in your VPC. The operation fails if you specify an instance ID unless exactly one network interface is attached. + natGatewayId: + allOf: + - $ref: '#/components/schemas/CarrierGatewayId' + - description:

The ID of the carrier gateway.

You can only use this option when the VPC contains a subnet which is associated with a Wavelength Zone.

+ networkInterfaceId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - description: The ID of a network interface. + routeTableId: + allOf: + - $ref: '#/components/schemas/RouteTableId' + - description: The ID of the route table for the route. + vpcPeeringConnectionId: + allOf: + - $ref: '#/components/schemas/CoreNetworkArn' + - description: The Amazon Resource Name (ARN) of the core network. + CreateRouteTableRequest: + type: object + required: + - VpcId + title: CreateRouteTableRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + vpcId: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to assign to the route table. + RouteTable: + type: object + properties: + associationSet: + allOf: + - $ref: '#/components/schemas/RouteTableAssociationList' + - description: The associations between the route table and one or more subnets or a gateway. + propagatingVgwSet: + allOf: + - $ref: '#/components/schemas/PropagatingVgwList' + - description: Any virtual private gateway (VGW) propagating routes. + routeTableId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the route table. + routeSet: + allOf: + - $ref: '#/components/schemas/RouteList' + - description: The routes in the route table. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the route table. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the route table. + description: Describes a route table. + CreateSecurityGroupRequest: + type: object + required: + - Description + - GroupName + title: CreateSecurityGroupRequest + properties: + GroupDescription: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: '[EC2-VPC] The ID of the VPC. Required for EC2-VPC.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to assign to the security group. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + CreateSnapshotRequest: + type: object + required: + - VolumeId + title: CreateSnapshotRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VolumeId' + - description: The ID of the Amazon EBS volume. + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to apply to the snapshot during creation. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + CreateSnapshotsRequest: + type: object + required: + - InstanceSpecification + title: CreateSnapshotsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The Amazon Resource Name (ARN) of the Outpost on which to create the local snapshots.

  • To create snapshots from an instance in a Region, omit this parameter. The snapshots are created in the same Region as the instance.

  • To create snapshots from an instance on an Outpost and store the snapshots in the Region, omit this parameter. The snapshots are created in the Region for the Outpost.

  • To create snapshots from an instance on an Outpost and store the snapshots on an Outpost, specify the ARN of the destination Outpost. The snapshots must be created on the same Outpost as the instance.

For more information, see Create multi-volume local snapshots from instances on an Outpost in the Amazon Elastic Compute Cloud User Guide.

' + TagSpecification: + allOf: + - $ref: '#/components/schemas/CopyTagsFromSource' + - description: Copies the tags from the specified volume to corresponding snapshot. + SnapshotSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/SnapshotInfo' + - xml: + name: item + CreateSpotDatafeedSubscriptionRequest: + type: object + required: + - Bucket + title: CreateSpotDatafeedSubscriptionRequest + properties: + bucket: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The name of the Amazon S3 bucket in which to store the Spot Instance data feed. For more information about bucket names, see Rules for bucket naming in the Amazon S3 Developer Guide.' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + prefix: + allOf: + - $ref: '#/components/schemas/String' + - description: The prefix for the data feed file names. + description: Contains the parameters for CreateSpotDatafeedSubscription. + SpotDatafeedSubscription: + type: object + properties: + bucket: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the Amazon S3 bucket where the Spot Instance data feed is located. + fault: + allOf: + - $ref: '#/components/schemas/SpotInstanceStateFault' + - description: 'The fault codes for the Spot Instance request, if any.' + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID of the account. + prefix: + allOf: + - $ref: '#/components/schemas/String' + - description: The prefix for the data feed files. + state: + allOf: + - $ref: '#/components/schemas/DatafeedSubscriptionState' + - description: The state of the Spot Instance data feed subscription. + description: Describes the data feed for a Spot Instance. + CreateStoreImageTaskRequest: + type: object + required: + - ImageId + - Bucket + title: CreateStoreImageTaskRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The name of the Amazon S3 bucket in which the AMI object will be stored. The bucket must be in the Region in which the request is being made. The AMI object appears in the bucket only after the upload task has completed. ' + S3ObjectTag: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + CreateSubnetCidrReservationRequest: + type: object + required: + - SubnetId + - Cidr + - ReservationType + title: CreateSubnetCidrReservationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to assign to the subnet CIDR reservation. + SubnetCidrReservation: + type: object + properties: + subnetCidrReservationId: + allOf: + - $ref: '#/components/schemas/SubnetCidrReservationId' + - description: The ID of the subnet CIDR reservation. + subnetId: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: The ID of the subnet. + cidr: + allOf: + - $ref: '#/components/schemas/String' + - description: The CIDR that has been reserved. + reservationType: + allOf: + - $ref: '#/components/schemas/SubnetCidrReservationType' + - description: 'The type of reservation. ' + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ID of the account that owns the subnet CIDR reservation. ' + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description assigned to the subnet CIDR reservation. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the subnet CIDR reservation. + description: Describes a subnet CIDR reservation. + CreateSubnetRequest: + type: object + required: + - VpcId + title: CreateSubnetRequest + properties: + TagSpecification: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to create an IPv6 only subnet. + ResourceIdList: + type: array + items: + $ref: '#/components/schemas/TaggableResourceId' + CreateTagsRequest: + type: object + required: + - Resources + - Tags + title: CreateTagsRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ResourceId: + allOf: + - $ref: '#/components/schemas/ResourceIdList' + - description: '

The IDs of the resources, separated by spaces.

Constraints: Up to 1000 resource IDs. We recommend breaking up this request into smaller batches.

' + Tag: + allOf: + - $ref: '#/components/schemas/TagList' + - description: 'The tags. The value parameter is required, but if you don''t want the tag to have a value, specify the parameter with no value, and we set the value to an empty string.' + CreateTrafficMirrorFilterRequest: + type: object + title: CreateTrafficMirrorFilterRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the Traffic Mirror filter. + TagSpecification: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + TrafficMirrorFilter: + type: object + properties: + trafficMirrorFilterId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Traffic Mirror filter. + ingressFilterRuleSet: + allOf: + - $ref: '#/components/schemas/TrafficMirrorFilterRuleList' + - description: Information about the ingress rules that are associated with the Traffic Mirror filter. + egressFilterRuleSet: + allOf: + - $ref: '#/components/schemas/TrafficMirrorFilterRuleList' + - description: Information about the egress rules that are associated with the Traffic Mirror filter. + networkServiceSet: + allOf: + - $ref: '#/components/schemas/TrafficMirrorNetworkServiceList' + - description: The network service traffic that is associated with the Traffic Mirror filter. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the Traffic Mirror filter. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the Traffic Mirror filter. + description: Describes the Traffic Mirror filter. + CreateTrafficMirrorFilterRuleRequest: + type: object + required: + - TrafficMirrorFilterId + - TrafficDirection + - RuleNumber + - RuleAction + - DestinationCidrBlock + - SourceCidrBlock + title: CreateTrafficMirrorFilterRuleRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + TrafficMirrorFilterRule: + type: object + properties: + trafficMirrorFilterRuleId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Traffic Mirror rule. + trafficMirrorFilterId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Traffic Mirror filter that the rule is associated with. + trafficDirection: + allOf: + - $ref: '#/components/schemas/TrafficDirection' + - description: The traffic direction assigned to the Traffic Mirror rule. + ruleNumber: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The rule number of the Traffic Mirror rule. + ruleAction: + allOf: + - $ref: '#/components/schemas/TrafficMirrorRuleAction' + - description: The action assigned to the Traffic Mirror rule. + protocol: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The protocol assigned to the Traffic Mirror rule. + destinationPortRange: + allOf: + - $ref: '#/components/schemas/TrafficMirrorPortRange' + - description: The destination port range assigned to the Traffic Mirror rule. + sourcePortRange: + allOf: + - $ref: '#/components/schemas/TrafficMirrorPortRange' + - description: The source port range assigned to the Traffic Mirror rule. + destinationCidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The destination CIDR block assigned to the Traffic Mirror rule. + sourceCidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The source CIDR block assigned to the Traffic Mirror rule. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the Traffic Mirror rule. + description: Describes the Traffic Mirror rule. + CreateTrafficMirrorSessionRequest: + type: object + required: + - NetworkInterfaceId + - TrafficMirrorTargetId + - TrafficMirrorFilterId + - SessionNumber + title: CreateTrafficMirrorSessionRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the Traffic Mirror session. + TagSpecification: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + TrafficMirrorSession: + type: object + properties: + trafficMirrorSessionId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID for the Traffic Mirror session. + trafficMirrorTargetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Traffic Mirror target. + trafficMirrorFilterId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Traffic Mirror filter. + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Traffic Mirror session's network interface. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the account that owns the Traffic Mirror session. + packetLength: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The number of bytes in each packet to mirror. These are the bytes after the VXLAN header. To mirror a subset, set this to the length (in bytes) to mirror. For example, if you set this value to 100, then the first 100 bytes that meet the filter criteria are copied to the target. Do not specify this parameter when you want to mirror the entire packet' + sessionNumber: + allOf: + - $ref: '#/components/schemas/Integer' + - description:

The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.

Valid values are 1-32766.

+ virtualNetworkId: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The virtual network ID associated with the Traffic Mirror session. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the Traffic Mirror session. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the Traffic Mirror session. + description: Describes a Traffic Mirror session. + CreateTrafficMirrorTargetRequest: + type: object + title: CreateTrafficMirrorTargetRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the Traffic Mirror target. + TagSpecification: + allOf: + - $ref: '#/components/schemas/VpcEndpointId' + - description: The ID of the Gateway Load Balancer endpoint. + TrafficMirrorTarget: + type: object + properties: + trafficMirrorTargetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Traffic Mirror target. + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The network interface ID that is attached to the target. + networkLoadBalancerArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Network Load Balancer. + type: + allOf: + - $ref: '#/components/schemas/TrafficMirrorTargetType' + - description: The type of Traffic Mirror target. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: Information about the Traffic Mirror target. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the account that owns the Traffic Mirror target. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the Traffic Mirror target. + gatewayLoadBalancerEndpointId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Gateway Load Balancer endpoint. + description: Describes a Traffic Mirror target. + InsideCidrBlocksStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + CreateTransitGatewayConnectPeerRequest: + type: object + required: + - TransitGatewayAttachmentId + - PeerAddress + - InsideCidrBlocks + title: CreateTransitGatewayConnectPeerRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InsideCidrBlocksStringList' + - description: 'The range of inside IP addresses that are used for BGP peering. You must specify a size /29 IPv4 CIDR block from the 169.254.0.0/16 range. The first address from the range must be configured on the appliance as the BGP IP address. You can also optionally specify a size /125 IPv6 CIDR block from the fd00::/8 range.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayConnectPeer: + type: object + properties: + transitGatewayAttachmentId: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentId' + - description: The ID of the Connect attachment. + transitGatewayConnectPeerId: + allOf: + - $ref: '#/components/schemas/TransitGatewayConnectPeerId' + - description: The ID of the Connect peer. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayConnectPeerState' + - description: The state of the Connect peer. + creationTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The creation time. + connectPeerConfiguration: + allOf: + - $ref: '#/components/schemas/TransitGatewayConnectPeerConfiguration' + - description: The Connect peer details. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the Connect peer. + description: Describes a transit gateway Connect peer. + CreateTransitGatewayConnectRequestOptions: + type: object + required: + - Protocol + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ProtocolValue' + - description: The tunnel protocol. + description: The options for a Connect attachment. + CreateTransitGatewayConnectRequest: + type: object + required: + - TransportTransitGatewayAttachmentId + - Options + title: CreateTransitGatewayConnectRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/CreateTransitGatewayConnectRequestOptions' + - description: The Connect attachment options. + TagSpecification: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayConnect: + type: object + properties: + transitGatewayAttachmentId: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentId' + - description: The ID of the Connect attachment. + transportTransitGatewayAttachmentId: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentId' + - description: The ID of the attachment from which the Connect attachment was created. + transitGatewayId: + allOf: + - $ref: '#/components/schemas/TransitGatewayId' + - description: The ID of the transit gateway. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentState' + - description: The state of the attachment. + creationTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The creation time. + options: + allOf: + - $ref: '#/components/schemas/TransitGatewayConnectOptions' + - description: The Connect attachment options. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the attachment. + description: Describes a transit gateway Connect attachment. + CreateTransitGatewayMulticastDomainRequestOptions: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/AutoAcceptSharedAssociationsValue' + - description: Indicates whether to automatically accept cross-account subnet associations that are associated with the transit gateway multicast domain. + description: The options for the transit gateway multicast domain. + CreateTransitGatewayMulticastDomainRequest: + type: object + required: + - TransitGatewayId + title: CreateTransitGatewayMulticastDomainRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/CreateTransitGatewayMulticastDomainRequestOptions' + - description: The options for the transit gateway multicast domain. + TagSpecification: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayMulticastDomain: + type: object + properties: + transitGatewayMulticastDomainId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway multicast domain. + transitGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway. + transitGatewayMulticastDomainArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the transit gateway multicast domain. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: ' The ID of the Amazon Web Services account that owns the transit gateway multicast domain.' + options: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDomainOptions' + - description: The options for the transit gateway multicast domain. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDomainState' + - description: The state of the transit gateway multicast domain. + creationTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time the transit gateway multicast domain was created. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the transit gateway multicast domain. + description: Describes the transit gateway multicast domain. + CreateTransitGatewayPeeringAttachmentRequest: + type: object + required: + - TransitGatewayId + - PeerTransitGatewayId + - PeerAccountId + - PeerRegion + title: CreateTransitGatewayPeeringAttachmentRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The Region where the peer transit gateway is located. + TagSpecification: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + CreateTransitGatewayPrefixListReferenceRequest: + type: object + required: + - TransitGatewayRouteTableId + - PrefixListId + title: CreateTransitGatewayPrefixListReferenceRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayPrefixListReference: + type: object + properties: + transitGatewayRouteTableId: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableId' + - description: The ID of the transit gateway route table. + prefixListId: + allOf: + - $ref: '#/components/schemas/PrefixListResourceId' + - description: The ID of the prefix list. + prefixListOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the prefix list owner. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayPrefixListReferenceState' + - description: The state of the prefix list reference. + blackhole: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether traffic that matches this route is dropped. + transitGatewayAttachment: + allOf: + - $ref: '#/components/schemas/TransitGatewayPrefixListAttachment' + - description: Information about the transit gateway attachment. + description: Describes a prefix list reference. + TransitGatewayRequestOptions: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayCidrBlockStringList' + - description: 'One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6.' + description: Describes the options for a transit gateway. + CreateTransitGatewayRequest: + type: object + title: CreateTransitGatewayRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayRequestOptions' + - description: The transit gateway options. + TagSpecification: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGateway: + type: object + properties: + transitGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway. + transitGatewayArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the transit gateway. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayState' + - description: The state of the transit gateway. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the transit gateway. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the transit gateway. + creationTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The creation time. + options: + allOf: + - $ref: '#/components/schemas/TransitGatewayOptions' + - description: The transit gateway options. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the transit gateway. + description: Describes a transit gateway. + CreateTransitGatewayRouteRequest: + type: object + required: + - DestinationCidrBlock + - TransitGatewayRouteTableId + title: CreateTransitGatewayRouteRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayRoute: + type: object + properties: + destinationCidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The CIDR block used for destination matches. + prefixListId: + allOf: + - $ref: '#/components/schemas/PrefixListResourceId' + - description: The ID of the prefix list used for destination matches. + transitGatewayAttachments: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteAttachmentList' + - description: The attachments. + type: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteType' + - description: The route type. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteState' + - description: The state of the route. + description: Describes a route for a transit gateway route table. + CreateTransitGatewayRouteTableRequest: + type: object + required: + - TransitGatewayId + title: CreateTransitGatewayRouteTableRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayRouteTable: + type: object + properties: + transitGatewayRouteTableId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway route table. + transitGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableState' + - description: The state of the transit gateway route table. + defaultAssociationRouteTable: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether this is the default association route table for the transit gateway. + defaultPropagationRouteTable: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether this is the default propagation route table for the transit gateway. + creationTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The creation time. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the route table. + description: Describes a transit gateway route table. + CreateTransitGatewayVpcAttachmentRequest: + type: object + required: + - TransitGatewayId + - VpcId + - SubnetIds + title: CreateTransitGatewayVpcAttachmentRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + CreateTransitGatewayVpcAttachmentRequestOptions: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ApplianceModeSupportValue' + - description: 'Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable.' + description: Describes the options for a VPC attachment. + PermissionGroup: + type: string + enum: + - all + CreateVolumePermission: + type: object + properties: + group: + allOf: + - $ref: '#/components/schemas/PermissionGroup' + - description: The group to be added or removed. The possible value is all. + userId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account to be added or removed. + description: Describes the user or group to be added or removed from the list of create volume permissions for a volume. + CreateVolumePermissionModifications: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/CreateVolumePermissionList' + - description: Removes the specified Amazon Web Services account ID or group from the list. + description: Describes modifications to the list of create volume permissions for a volume. + VolumeType: + type: string + enum: + - standard + - io1 + - io2 + - gp2 + - sc1 + - st1 + - gp3 + CreateVolumeRequest: + type: object + required: + - AvailabilityZone + title: CreateVolumeRequest + properties: + AvailabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone in which to create the volume. + encrypted: + allOf: + - $ref: '#/components/schemas/VolumeType' + - description: '

The volume type. This parameter can be one of the following values:

  • General Purpose SSD: gp2 | gp3

  • Provisioned IOPS SSD: io1 | io2

  • Throughput Optimized HDD: st1

  • Cold HDD: sc1

  • Magnetic: standard

For more information, see Amazon EBS volume types in the Amazon Elastic Compute Cloud User Guide.

Default: gp2

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency.' + CreateVpcEndpointConnectionNotificationRequest: + type: object + required: + - ConnectionNotificationArn + - ConnectionEvents + title: CreateVpcEndpointConnectionNotificationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + VpcEndpointRouteTableIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/RouteTableId' + - xml: + name: item + VpcEndpointSubnetIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SubnetId' + - xml: + name: item + CreateVpcEndpointRequest: + type: object + required: + - VpcId + - ServiceName + title: CreateVpcEndpointRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '(Interface and gateway endpoints) A policy to attach to the endpoint that controls access to the service. The policy must be in valid JSON format. If this parameter is not specified, we attach a default policy that allows full access to the service.' + RouteTableId: + allOf: + - $ref: '#/components/schemas/VpcEndpointRouteTableIdList' + - description: (Gateway endpoint) One or more route table IDs. + SubnetId: + allOf: + - $ref: '#/components/schemas/VpcEndpointSubnetIdList' + - description: '(Interface and Gateway Load Balancer endpoints) The ID of one or more subnets in which to create an endpoint network interface. For a Gateway Load Balancer endpoint, you can specify one subnet only.' + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

(Interface endpoint) Indicates whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service.

To use a private hosted zone, you must set the following VPC attributes to true: enableDnsHostnames and enableDnsSupport. Use ModifyVpcAttribute to set the VPC attributes.

Default: true

' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to associate with the endpoint. + description: Contains the parameters for CreateVpcEndpoint. + VpcEndpoint: + type: object + properties: + vpcEndpointId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the endpoint. + vpcEndpointType: + allOf: + - $ref: '#/components/schemas/VpcEndpointType' + - description: The type of endpoint. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC to which the endpoint is associated. + serviceName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the service to which the endpoint is associated. + state: + allOf: + - $ref: '#/components/schemas/State' + - description: The state of the endpoint. + policyDocument: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The policy document associated with the endpoint, if applicable.' + routeTableIdSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: (Gateway endpoint) One or more route tables associated with the endpoint. + subnetIdSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: (Interface endpoint) The subnets for the endpoint. + groupSet: + allOf: + - $ref: '#/components/schemas/GroupIdentifierSet' + - description: (Interface endpoint) Information about the security groups that are associated with the network interface. + ipAddressType: + allOf: + - $ref: '#/components/schemas/IpAddressType' + - description: The IP address type for the endpoint. + dnsOptions: + allOf: + - $ref: '#/components/schemas/DnsOptions' + - description: The DNS options for the endpoint. + privateDnsEnabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: (Interface endpoint) Indicates whether the VPC is associated with a private hosted zone. + requesterManaged: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the endpoint is being managed by its service. + networkInterfaceIdSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: (Interface endpoint) One or more network interfaces for the endpoint. + dnsEntrySet: + allOf: + - $ref: '#/components/schemas/DnsEntrySet' + - description: (Interface endpoint) The DNS entries for the endpoint. + creationTimestamp: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time that the endpoint was created. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the endpoint. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the endpoint. + lastError: + allOf: + - $ref: '#/components/schemas/LastError' + - description: The last error that occurred for endpoint. + description: Describes a VPC endpoint. + CreateVpcEndpointServiceConfigurationRequest: + type: object + title: CreateVpcEndpointServiceConfigurationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: (Interface endpoint configuration) The private DNS name to assign to the VPC endpoint service. + NetworkLoadBalancerArn: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The Amazon Resource Names (ARNs) of one or more Network Load Balancers for your service. + GatewayLoadBalancerArn: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The Amazon Resource Names (ARNs) of one or more Gateway Load Balancers. + SupportedIpAddressType: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to associate with the service. + ServiceConfiguration: + type: object + properties: + serviceType: + allOf: + - $ref: '#/components/schemas/ServiceTypeDetailSet' + - description: The type of service. + serviceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the service. + serviceName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the service. + serviceState: + allOf: + - $ref: '#/components/schemas/ServiceState' + - description: The service state. + availabilityZoneSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The Availability Zones in which the service is available. + acceptanceRequired: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether requests from other Amazon Web Services accounts to create an endpoint to the service must first be accepted. + managesVpcEndpoints: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the service manages its VPC endpoints. Management of the service VPC endpoints using the VPC endpoint API is restricted. + networkLoadBalancerArnSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The Amazon Resource Names (ARNs) of the Network Load Balancers for the service. + gatewayLoadBalancerArnSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The Amazon Resource Names (ARNs) of the Gateway Load Balancers for the service. + supportedIpAddressTypeSet: + allOf: + - $ref: '#/components/schemas/SupportedIpAddressTypes' + - description: The supported IP address types. + baseEndpointDnsNameSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The DNS names for the service. + privateDnsName: + allOf: + - $ref: '#/components/schemas/String' + - description: The private DNS name for the service. + privateDnsNameConfiguration: + allOf: + - $ref: '#/components/schemas/PrivateDnsNameConfiguration' + - description: Information about the endpoint service private DNS name configuration. + payerResponsibility: + allOf: + - $ref: '#/components/schemas/PayerResponsibility' + - description: The payer responsibility. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the service. + description: Describes a service configuration for a VPC endpoint service. + CreateVpcPeeringConnectionRequest: + type: object + title: CreateVpcPeeringConnectionRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + peerOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The Amazon Web Services account ID of the owner of the accepter VPC.

Default: Your Amazon Web Services account ID

' + peerVpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC with which you are creating the VPC peering connection. You must specify this parameter in the request. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The Region code for the accepter VPC, if the accepter VPC is located in a Region other than the Region in which you make the request.

Default: The Region in which you make the request.

' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to assign to the peering connection. + CreateVpcRequest: + type: object + title: CreateVpcRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv4 network range for the VPC, in CIDR notation. For example, 10.0.0.0/16. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.' + amazonProvidedIpv6CidrBlock: + allOf: + - $ref: '#/components/schemas/NetmaskLength' + - description: 'The netmask length of the IPv6 CIDR you want to allocate to this VPC from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide.' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + instanceTenancy: + allOf: + - $ref: '#/components/schemas/String' + - description:

The name of the location from which we advertise the IPV6 CIDR block. Use this parameter to limit the address to this location.

You must set AmazonProvidedIpv6CidrBlock to true to use this parameter.

+ TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to assign to the VPC. + VpnConnectionOptionsSpecification: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Indicate whether to enable acceleration for the VPN connection.

Default: false

' + staticRoutesOnly: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The IPv6 CIDR on the Amazon Web Services side of the VPN connection.

Default: ::/0

' + description: Describes VPN connection options. + CreateVpnConnectionRequest: + type: object + required: + - CustomerGatewayId + - Type + title: CreateVpnConnectionRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayId' + - description: 'The ID of the transit gateway. If you specify a transit gateway, you cannot specify a virtual private gateway.' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + options: + allOf: + - $ref: '#/components/schemas/VpnConnectionOptionsSpecification' + - description: The options for the VPN connection. + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to apply to the VPN connection. + description: Contains the parameters for CreateVpnConnection. + VpnConnection: + type: object + properties: + customerGatewayConfiguration: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The configuration information for the VPN connection''s customer gateway (in the native XML format). This element is always present in the CreateVpnConnection response; however, it''s present in the DescribeVpnConnections response only if the VPN connection is in the pending or available state.' + customerGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the customer gateway at your end of the VPN connection. + category: + allOf: + - $ref: '#/components/schemas/String' + - description: The category of the VPN connection. A value of VPN indicates an Amazon Web Services VPN connection. A value of VPN-Classic indicates an Amazon Web Services Classic VPN connection. + state: + allOf: + - $ref: '#/components/schemas/VpnState' + - description: The current state of the VPN connection. + type: + allOf: + - $ref: '#/components/schemas/GatewayType' + - description: The type of VPN connection. + vpnConnectionId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPN connection. + vpnGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the virtual private gateway at the Amazon Web Services side of the VPN connection. + transitGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway associated with the VPN connection. + coreNetworkArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The ARN of the core network. + coreNetworkAttachmentArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The ARN of the core network attachment. + gatewayAssociationState: + allOf: + - $ref: '#/components/schemas/GatewayAssociationState' + - description: The current state of the gateway association. + options: + allOf: + - $ref: '#/components/schemas/VpnConnectionOptions' + - description: The VPN connection options. + routes: + allOf: + - $ref: '#/components/schemas/VpnStaticRouteList' + - description: The static routes associated with the VPN connection. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the VPN connection. + vgwTelemetry: + allOf: + - $ref: '#/components/schemas/VgwTelemetryList' + - description: Information about the VPN tunnel. + description: Describes a VPN connection. + CreateVpnConnectionRouteRequest: + type: object + required: + - DestinationCidrBlock + - VpnConnectionId + title: CreateVpnConnectionRouteRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpnConnectionId' + - description: The ID of the VPN connection. + description: Contains the parameters for CreateVpnConnectionRoute. + CreateVpnGatewayRequest: + type: object + required: + - Type + title: CreateVpnGatewayRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/GatewayType' + - description: The type of VPN connection this virtual private gateway supports. + TagSpecification: + allOf: + - $ref: '#/components/schemas/Long' + - description: '

A private Autonomous System Number (ASN) for the Amazon side of a BGP session. If you''re using a 16-bit ASN, it must be in the 64512 to 65534 range. If you''re using a 32-bit ASN, it must be in the 4200000000 to 4294967294 range.

Default: 64512

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for CreateVpnGateway. + VpnGateway: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The Availability Zone where the virtual private gateway was created, if applicable. This field may be empty or not returned.' + state: + allOf: + - $ref: '#/components/schemas/VpnState' + - description: The current state of the virtual private gateway. + type: + allOf: + - $ref: '#/components/schemas/GatewayType' + - description: The type of VPN connection the virtual private gateway supports. + attachments: + allOf: + - $ref: '#/components/schemas/VpcAttachmentList' + - description: Any VPCs attached to the virtual private gateway. + vpnGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the virtual private gateway. + amazonSideAsn: + allOf: + - $ref: '#/components/schemas/Long' + - description: The private Autonomous System Number (ASN) for the Amazon side of a BGP session. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the virtual private gateway. + description: Describes a virtual private gateway. + CreditSpecification: + type: object + properties: + cpuCredits: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The credit option for CPU usage of a T2, T3, or T3a instance. Valid values are standard and unlimited.' + description: 'Describes the credit option for CPU usage of a T2, T3, or T3a instance.' + CreditSpecificationRequest: + type: object + required: + - CpuCredits + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The credit option for CPU usage of a T2, T3, or T3a instance. Valid values are standard and unlimited.' + description: 'The credit option for CPU usage of a T2, T3, or T3a instance.' + CurrentGenerationFlag: + type: boolean + CustomerGatewayIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/CustomerGatewayId' + - xml: + name: CustomerGatewayId + CustomerGatewayList: + type: array + items: + allOf: + - $ref: '#/components/schemas/CustomerGateway' + - xml: + name: item + DITMaxResults: + type: integer + minimum: 5 + maximum: 100 + DITOMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DatafeedSubscriptionState: + type: string + enum: + - Active + - Inactive + DedicatedHostFlag: + type: boolean + DefaultNetworkCardIndex: + type: integer + DefaultRouteTableAssociationValue: + type: string + enum: + - enable + - disable + DefaultRouteTablePropagationValue: + type: string + enum: + - enable + - disable + DefaultTargetCapacityType: + type: string + enum: + - spot + - on-demand + DefaultingDhcpOptionsId: + type: string + DeleteCarrierGatewayRequest: + type: object + required: + - CarrierGatewayId + title: DeleteCarrierGatewayRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteClientVpnEndpointRequest: + type: object + required: + - ClientVpnEndpointId + title: DeleteClientVpnEndpointRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteClientVpnRouteRequest: + type: object + required: + - ClientVpnEndpointId + - DestinationCidrBlock + title: DeleteClientVpnRouteRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteCustomerGatewayRequest: + type: object + required: + - CustomerGatewayId + title: DeleteCustomerGatewayRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/CustomerGatewayId' + - description: The ID of the customer gateway. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for DeleteCustomerGateway. + DeleteDhcpOptionsRequest: + type: object + required: + - DhcpOptionsId + title: DeleteDhcpOptionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/DhcpOptionsId' + - description: The ID of the DHCP options set. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteEgressOnlyInternetGatewayRequest: + type: object + required: + - EgressOnlyInternetGatewayId + title: DeleteEgressOnlyInternetGatewayRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/EgressOnlyInternetGatewayId' + - description: The ID of the egress-only internet gateway. + DeleteFleetErrorCode: + type: string + enum: + - fleetIdDoesNotExist + - fleetIdMalformed + - fleetNotInDeletableState + - unexpectedError + DeleteFleetError: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/DeleteFleetErrorCode' + - description: The error code. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: The description for the error code. + description: Describes an EC2 Fleet error. + DeleteFleetErrorItem: + type: object + properties: + error: + allOf: + - $ref: '#/components/schemas/DeleteFleetError' + - description: The error. + fleetId: + allOf: + - $ref: '#/components/schemas/FleetId' + - description: The ID of the EC2 Fleet. + description: Describes an EC2 Fleet that was not successfully deleted. + DeleteFleetErrorSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/DeleteFleetErrorItem' + - xml: + name: item + FleetStateCode: + type: string + enum: + - submitted + - active + - deleted + - failed + - deleted_running + - deleted_terminating + - modifying + DeleteFleetSuccessItem: + type: object + properties: + currentFleetState: + allOf: + - $ref: '#/components/schemas/FleetStateCode' + - description: The current state of the EC2 Fleet. + previousFleetState: + allOf: + - $ref: '#/components/schemas/FleetStateCode' + - description: The previous state of the EC2 Fleet. + fleetId: + allOf: + - $ref: '#/components/schemas/FleetId' + - description: The ID of the EC2 Fleet. + description: Describes an EC2 Fleet that was successfully deleted. + DeleteFleetSuccessSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/DeleteFleetSuccessItem' + - xml: + name: item + DeleteFleetsRequest: + type: object + required: + - FleetIds + - TerminateInstances + title: DeleteFleetsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + FleetId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Indicates whether to terminate the instances when the EC2 Fleet is deleted. The default is to terminate the instances.

To let the instances continue to run after the EC2 Fleet is deleted, specify NoTerminateInstances. Supported only for fleets of type maintain and request.

For instant fleets, you cannot specify NoTerminateInstances. A deleted instant fleet with running instances is not supported.

' + FlowLogIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcFlowLogId' + - xml: + name: item + DeleteFlowLogsRequest: + type: object + required: + - FlowLogIds + title: DeleteFlowLogsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + FlowLogId: + allOf: + - $ref: '#/components/schemas/FlowLogIdList' + - description: '

One or more flow log IDs.

Constraint: Maximum of 1000 flow log IDs.

' + DeleteFpgaImageRequest: + type: object + required: + - FpgaImageId + title: DeleteFpgaImageRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/FpgaImageId' + - description: The ID of the AFI. + DeleteInstanceEventWindowRequest: + type: object + required: + - InstanceEventWindowId + title: DeleteInstanceEventWindowRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowId' + - description: The ID of the event window. + InstanceEventWindowStateChange: + type: object + properties: + instanceEventWindowId: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowId' + - description: The ID of the event window. + state: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowState' + - description: The current state of the event window. + description: The state of the event window. + DeleteInternetGatewayRequest: + type: object + required: + - InternetGatewayId + title: DeleteInternetGatewayRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + internetGatewayId: + allOf: + - $ref: '#/components/schemas/InternetGatewayId' + - description: The ID of the internet gateway. + IpamPoolId: + type: string + DeleteIpamPoolRequest: + type: object + required: + - IpamPoolId + title: DeleteIpamPoolRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/IpamPoolId' + - description: The ID of the pool to delete. + DeleteIpamRequest: + type: object + required: + - IpamId + title: DeleteIpamRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Enables you to quickly delete an IPAM, private scopes, pools in private scopes, and any allocations in the pools in private scopes. You cannot delete the IPAM with this option if there is a pool in your public scope. If you use this option, IPAM does the following:

  • Deallocates any CIDRs allocated to VPC resources (such as VPCs) in pools in private scopes.

    No VPC resources are deleted as a result of enabling this option. The CIDR associated with the resource will no longer be allocated from an IPAM pool, but the CIDR itself will remain unchanged.

  • Deprovisions all IPv4 CIDRs provisioned to IPAM pools in private scopes.

  • Deletes all IPAM pools in private scopes.

  • Deletes all non-default private scopes in the IPAM.

  • Deletes the default public and private scopes and the IPAM.

' + IpamScopeId: + type: string + DeleteIpamScopeRequest: + type: object + required: + - IpamScopeId + title: DeleteIpamScopeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/IpamScopeId' + - description: The ID of the scope to delete. + DeleteKeyPairRequest: + type: object + title: DeleteKeyPairRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/KeyPairId' + - description: The ID of the key pair. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteLaunchTemplateRequest: + type: object + title: DeleteLaunchTemplateRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LaunchTemplateName' + - description: The name of the launch template. You must specify either the launch template ID or launch template name in the request. + VersionStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + DeleteLaunchTemplateVersionsRequest: + type: object + required: + - Versions + title: DeleteLaunchTemplateVersionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LaunchTemplateName' + - description: The name of the launch template. You must specify either the launch template ID or launch template name in the request. + LaunchTemplateVersion: + allOf: + - $ref: '#/components/schemas/VersionStringList' + - description: The version numbers of one or more launch template versions to delete. + ResponseError: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/LaunchTemplateErrorCode' + - description: The error code. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The error message, if applicable.' + description: Describes the error that's returned when you cannot delete a launch template version. + DeleteLaunchTemplateVersionsResponseErrorItem: + type: object + properties: + launchTemplateId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the launch template. + launchTemplateName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the launch template. + versionNumber: + allOf: + - $ref: '#/components/schemas/Long' + - description: The version number of the launch template. + responseError: + allOf: + - $ref: '#/components/schemas/ResponseError' + - description: Information about the error. + description: Describes a launch template version that could not be deleted. + DeleteLaunchTemplateVersionsResponseErrorSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/DeleteLaunchTemplateVersionsResponseErrorItem' + - xml: + name: item + DeleteLaunchTemplateVersionsResponseSuccessItem: + type: object + properties: + launchTemplateId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the launch template. + launchTemplateName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the launch template. + versionNumber: + allOf: + - $ref: '#/components/schemas/Long' + - description: The version number of the launch template. + description: Describes a launch template version that was successfully deleted. + DeleteLaunchTemplateVersionsResponseSuccessSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/DeleteLaunchTemplateVersionsResponseSuccessItem' + - xml: + name: item + DeleteLocalGatewayRouteRequest: + type: object + required: + - DestinationCidrBlock + - LocalGatewayRouteTableId + title: DeleteLocalGatewayRouteRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteLocalGatewayRouteTableVpcAssociationRequest: + type: object + required: + - LocalGatewayRouteTableVpcAssociationId + title: DeleteLocalGatewayRouteTableVpcAssociationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteManagedPrefixListRequest: + type: object + required: + - PrefixListId + title: DeleteManagedPrefixListRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/PrefixListResourceId' + - description: The ID of the prefix list. + DeleteNatGatewayRequest: + type: object + required: + - NatGatewayId + title: DeleteNatGatewayRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/NatGatewayId' + - description: The ID of the NAT gateway. + DeleteNetworkAclEntryRequest: + type: object + required: + - Egress + - NetworkAclId + - RuleNumber + title: DeleteNetworkAclEntryRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + egress: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the rule is an egress rule. + networkAclId: + allOf: + - $ref: '#/components/schemas/NetworkAclId' + - description: The ID of the network ACL. + ruleNumber: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The rule number of the entry to delete. + DeleteNetworkAclRequest: + type: object + required: + - NetworkAclId + title: DeleteNetworkAclRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + networkAclId: + allOf: + - $ref: '#/components/schemas/NetworkAclId' + - description: The ID of the network ACL. + DeleteNetworkInsightsAccessScopeAnalysisRequest: + type: object + required: + - NetworkInsightsAccessScopeAnalysisId + title: DeleteNetworkInsightsAccessScopeAnalysisRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteNetworkInsightsAccessScopeRequest: + type: object + required: + - NetworkInsightsAccessScopeId + title: DeleteNetworkInsightsAccessScopeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' + - description: The ID of the Network Access Scope. + DeleteNetworkInsightsAnalysisRequest: + type: object + required: + - NetworkInsightsAnalysisId + title: DeleteNetworkInsightsAnalysisRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAnalysisId' + - description: The ID of the network insights analysis. + DeleteNetworkInsightsPathRequest: + type: object + required: + - NetworkInsightsPathId + title: DeleteNetworkInsightsPathRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/NetworkInsightsPathId' + - description: The ID of the path. + DeleteNetworkInterfacePermissionRequest: + type: object + required: + - NetworkInterfacePermissionId + title: DeleteNetworkInterfacePermissionRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for DeleteNetworkInterfacePermission. + DeleteNetworkInterfaceRequest: + type: object + required: + - NetworkInterfaceId + title: DeleteNetworkInterfaceRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - description: The ID of the network interface. + description: Contains the parameters for DeleteNetworkInterface. + DeletePlacementGroupRequest: + type: object + required: + - GroupName + title: DeletePlacementGroupRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + groupName: + allOf: + - $ref: '#/components/schemas/PlacementGroupName' + - description: The name of the placement group. + DeletePublicIpv4PoolRequest: + type: object + required: + - PoolId + title: DeletePublicIpv4PoolRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Ipv4PoolEc2Id' + - description: The ID of the public IPv4 pool you want to delete. + DeleteQueuedReservedInstancesErrorCode: + type: string + enum: + - reserved-instances-id-invalid + - reserved-instances-not-in-queued-state + - unexpected-error + DeleteQueuedReservedInstancesError: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/DeleteQueuedReservedInstancesErrorCode' + - description: The error code. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: The error message. + description: Describes the error for a Reserved Instance whose queued purchase could not be deleted. + DeleteQueuedReservedInstancesIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservationId' + - xml: + name: item + minItems: 1 + maxItems: 100 + DeleteQueuedReservedInstancesRequest: + type: object + required: + - ReservedInstancesIds + title: DeleteQueuedReservedInstancesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ReservedInstancesId: + allOf: + - $ref: '#/components/schemas/DeleteQueuedReservedInstancesIdList' + - description: The IDs of the Reserved Instances. + SuccessfulQueuedPurchaseDeletionSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/SuccessfulQueuedPurchaseDeletion' + - xml: + name: item + FailedQueuedPurchaseDeletionSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/FailedQueuedPurchaseDeletion' + - xml: + name: item + DeleteRouteRequest: + type: object + required: + - RouteTableId + title: DeleteRouteRequest + properties: + destinationCidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv4 CIDR range for the route. The value you specify must match the CIDR for the route exactly. + destinationIpv6CidrBlock: + allOf: + - $ref: '#/components/schemas/PrefixListResourceId' + - description: The ID of the prefix list for the route. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + routeTableId: + allOf: + - $ref: '#/components/schemas/RouteTableId' + - description: The ID of the route table. + DeleteRouteTableRequest: + type: object + required: + - RouteTableId + title: DeleteRouteTableRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + routeTableId: + allOf: + - $ref: '#/components/schemas/RouteTableId' + - description: The ID of the route table. + DeleteSecurityGroupRequest: + type: object + title: DeleteSecurityGroupRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/SecurityGroupName' + - description: '[EC2-Classic, default VPC] The name of the security group. You can specify either the security group name or the security group ID.' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteSnapshotRequest: + type: object + required: + - SnapshotId + title: DeleteSnapshotRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/SnapshotId' + - description: The ID of the EBS snapshot. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteSpotDatafeedSubscriptionRequest: + type: object + title: DeleteSpotDatafeedSubscriptionRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for DeleteSpotDatafeedSubscription. + DeleteSubnetCidrReservationRequest: + type: object + required: + - SubnetCidrReservationId + title: DeleteSubnetCidrReservationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteSubnetRequest: + type: object + required: + - SubnetId + title: DeleteSubnetRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: The ID of the subnet. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteTagsRequest: + type: object + required: + - Resources + title: DeleteTagsRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + resourceId: + allOf: + - $ref: '#/components/schemas/ResourceIdList' + - description: '

The IDs of the resources, separated by spaces.

Constraints: Up to 1000 resource IDs. We recommend breaking up this request into smaller batches.

' + tag: + allOf: + - $ref: '#/components/schemas/TagList' + - description: '

The tags to delete. Specify a tag key and an optional tag value to delete specific tags. If you specify a tag key without a tag value, we delete any tag with this key regardless of its value. If you specify a tag key with an empty string as the tag value, we delete the tag only if its value is an empty string.

If you omit this parameter, we delete all user-defined tags for the specified resources. We do not delete Amazon Web Services-generated tags (tags that have the aws: prefix).

Constraints: Up to 1000 tags.

' + DeleteTrafficMirrorFilterRequest: + type: object + required: + - TrafficMirrorFilterId + title: DeleteTrafficMirrorFilterRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteTrafficMirrorFilterRuleRequest: + type: object + required: + - TrafficMirrorFilterRuleId + title: DeleteTrafficMirrorFilterRuleRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteTrafficMirrorSessionRequest: + type: object + required: + - TrafficMirrorSessionId + title: DeleteTrafficMirrorSessionRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteTrafficMirrorTargetRequest: + type: object + required: + - TrafficMirrorTargetId + title: DeleteTrafficMirrorTargetRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteTransitGatewayConnectPeerRequest: + type: object + required: + - TransitGatewayConnectPeerId + title: DeleteTransitGatewayConnectPeerRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteTransitGatewayConnectRequest: + type: object + required: + - TransitGatewayAttachmentId + title: DeleteTransitGatewayConnectRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteTransitGatewayMulticastDomainRequest: + type: object + required: + - TransitGatewayMulticastDomainId + title: DeleteTransitGatewayMulticastDomainRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteTransitGatewayPeeringAttachmentRequest: + type: object + required: + - TransitGatewayAttachmentId + title: DeleteTransitGatewayPeeringAttachmentRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteTransitGatewayPrefixListReferenceRequest: + type: object + required: + - TransitGatewayRouteTableId + - PrefixListId + title: DeleteTransitGatewayPrefixListReferenceRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteTransitGatewayRequest: + type: object + required: + - TransitGatewayId + title: DeleteTransitGatewayRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteTransitGatewayRouteRequest: + type: object + required: + - TransitGatewayRouteTableId + - DestinationCidrBlock + title: DeleteTransitGatewayRouteRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteTransitGatewayRouteTableRequest: + type: object + required: + - TransitGatewayRouteTableId + title: DeleteTransitGatewayRouteTableRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteTransitGatewayVpcAttachmentRequest: + type: object + required: + - TransitGatewayAttachmentId + title: DeleteTransitGatewayVpcAttachmentRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteVolumeRequest: + type: object + required: + - VolumeId + title: DeleteVolumeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VolumeId' + - description: The ID of the volume. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteVpcEndpointConnectionNotificationsRequest: + type: object + required: + - ConnectionNotificationIds + title: DeleteVpcEndpointConnectionNotificationsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ConnectionNotificationId: + allOf: + - $ref: '#/components/schemas/ConnectionNotificationIdsList' + - description: One or more notification IDs. + VpcEndpointServiceIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcEndpointServiceId' + - xml: + name: item + DeleteVpcEndpointServiceConfigurationsRequest: + type: object + required: + - ServiceIds + title: DeleteVpcEndpointServiceConfigurationsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ServiceId: + allOf: + - $ref: '#/components/schemas/VpcEndpointServiceIdList' + - description: The IDs of one or more services. + DeleteVpcEndpointsRequest: + type: object + required: + - VpcEndpointIds + title: DeleteVpcEndpointsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + VpcEndpointId: + allOf: + - $ref: '#/components/schemas/VpcEndpointIdList' + - description: One or more VPC endpoint IDs. + description: Contains the parameters for DeleteVpcEndpoints. + DeleteVpcPeeringConnectionRequest: + type: object + required: + - VpcPeeringConnectionId + title: DeleteVpcPeeringConnectionRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + vpcPeeringConnectionId: + allOf: + - $ref: '#/components/schemas/VpcPeeringConnectionId' + - description: The ID of the VPC peering connection. + DeleteVpcRequest: + type: object + required: + - VpcId + title: DeleteVpcRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeleteVpnConnectionRequest: + type: object + required: + - VpnConnectionId + title: DeleteVpnConnectionRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpnConnectionId' + - description: The ID of the VPN connection. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for DeleteVpnConnection. + DeleteVpnConnectionRouteRequest: + type: object + required: + - DestinationCidrBlock + - VpnConnectionId + title: DeleteVpnConnectionRouteRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpnConnectionId' + - description: The ID of the VPN connection. + description: Contains the parameters for DeleteVpnConnectionRoute. + DeleteVpnGatewayRequest: + type: object + required: + - VpnGatewayId + title: DeleteVpnGatewayRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpnGatewayId' + - description: The ID of the virtual private gateway. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for DeleteVpnGateway. + DeprovisionByoipCidrRequest: + type: object + required: + - Cidr + title: DeprovisionByoipCidrRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DeprovisionIpamPoolCidrRequest: + type: object + required: + - IpamPoolId + title: DeprovisionIpamPoolCidrRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The CIDR which you want to deprovision from the pool. + IpamPoolCidr: + type: object + properties: + cidr: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The CIDR provisioned to the IPAM pool. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is 10.24.34.0/23. An IPv6 CIDR example is 2001:DB8::/32.' + state: + allOf: + - $ref: '#/components/schemas/IpamPoolCidrState' + - description: The state of the CIDR. + failureReason: + allOf: + - $ref: '#/components/schemas/IpamPoolCidrFailureReason' + - description: Details related to why an IPAM pool CIDR failed to be provisioned. + description: A CIDR provisioned to an IPAM pool. + DeprovisionPublicIpv4PoolCidrRequest: + type: object + required: + - PoolId + - Cidr + title: DeprovisionPublicIpv4PoolCidrRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The CIDR you want to deprovision from the pool. + DeprovisionedAddressSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + DeregisterImageRequest: + type: object + required: + - ImageId + title: DeregisterImageRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ImageId' + - description: The ID of the AMI. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for DeregisterImage. + DeregisterInstanceTagAttributeRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to deregister all tag keys in the current Region. Specify false to deregister all tag keys. + InstanceTagKey: + allOf: + - $ref: '#/components/schemas/InstanceTagKeySet' + - description: Information about the tag keys to deregister. + description: Information about the tag keys to deregister for the current Region. You can either specify individual tag keys or deregister all tag keys in the current Region. You must specify either IncludeAllTagsOfInstance or InstanceTagKeys in the request + DeregisterInstanceEventNotificationAttributesRequest: + type: object + title: DeregisterInstanceEventNotificationAttributesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/DeregisterInstanceTagAttributeRequest' + - description: Information about the tag keys to deregister. + InstanceTagNotificationAttribute: + type: object + properties: + instanceTagKeySet: + allOf: + - $ref: '#/components/schemas/InstanceTagKeySet' + - description: The registered tag keys. + includeAllTagsOfInstance: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates wheter all tag keys in the current Region are registered to appear in scheduled event notifications. true indicates that all tag keys in the current Region are registered. + description: Describes the registered tag keys for the current Region. + DeregisterTransitGatewayMulticastGroupMembersRequest: + type: object + title: DeregisterTransitGatewayMulticastGroupMembersRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayMulticastDeregisteredGroupMembers: + type: object + properties: + transitGatewayMulticastDomainId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway multicast domain. + deregisteredNetworkInterfaceIds: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The network interface IDs of the deregistered members. + groupIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The IP address assigned to the transit gateway multicast group. + description: Describes the deregistered transit gateway multicast group members. + DeregisterTransitGatewayMulticastGroupSourcesRequest: + type: object + title: DeregisterTransitGatewayMulticastGroupSourcesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayMulticastDeregisteredGroupSources: + type: object + properties: + transitGatewayMulticastDomainId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway multicast domain. + deregisteredNetworkInterfaceIds: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The network interface IDs of the non-registered members. + groupIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The IP address assigned to the transit gateway multicast group. + description: Describes the deregistered transit gateway multicast group sources. + DescribeAccountAttributesRequest: + type: object + title: DescribeAccountAttributesRequest + properties: + attributeName: + allOf: + - $ref: '#/components/schemas/AccountAttributeNameStringList' + - description: The account attribute names. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DescribeAddressesAttributeRequest: + type: object + title: DescribeAddressesAttributeRequest + properties: + AllocationId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + NextToken: + type: string + FilterList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + PublicIpStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: PublicIp + DescribeAddressesRequest: + type: object + title: DescribeAddressesRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters. Filter names and values are case-sensitive.

  • allocation-id - [EC2-VPC] The allocation ID for the address.

  • association-id - [EC2-VPC] The association ID for the address.

  • domain - Indicates whether the address is for use in EC2-Classic (standard) or in a VPC (vpc).

  • instance-id - The ID of the instance the address is associated with, if any.

  • network-border-group - A unique set of Availability Zones, Local Zones, or Wavelength Zones from where Amazon Web Services advertises IP addresses.

  • network-interface-id - [EC2-VPC] The ID of the network interface that the address is associated with, if any.

  • network-interface-owner-id - The Amazon Web Services account ID of the owner.

  • private-ip-address - [EC2-VPC] The private IP address associated with the Elastic IP address.

  • public-ip - The Elastic IP address, or the carrier IP address.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + PublicIp: + allOf: + - $ref: '#/components/schemas/PublicIpStringList' + - description: '

One or more Elastic IP addresses.

Default: Describes all your Elastic IP addresses.

' + AllocationId: + allOf: + - $ref: '#/components/schemas/AllocationIdList' + - description: '[EC2-VPC] Information about the allocation IDs.' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DescribeAggregateIdFormatRequest: + type: object + title: DescribeAggregateIdFormatRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + IdFormatList: + type: array + items: + allOf: + - $ref: '#/components/schemas/IdFormat' + - xml: + name: item + ZoneNameStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: ZoneName + DescribeAvailabilityZonesRequest: + type: object + title: DescribeAvailabilityZonesRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

The filters.

  • group-name - For Availability Zones, use the Region name. For Local Zones, use the name of the group associated with the Local Zone (for example, us-west-2-lax-1) For Wavelength Zones, use the name of the group associated with the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).

  • message - The Zone message.

  • opt-in-status - The opt-in status (opted-in, and not-opted-in | opt-in-not-required).

  • parent-zoneID - The ID of the zone that handles some of the Local Zone and Wavelength Zone control plane operations, such as API calls.

  • parent-zoneName - The ID of the zone that handles some of the Local Zone and Wavelength Zone control plane operations, such as API calls.

  • region-name - The name of the Region for the Zone (for example, us-east-1).

  • state - The state of the Availability Zone, the Local Zone, or the Wavelength Zone (available).

  • zone-id - The ID of the Availability Zone (for example, use1-az1), the Local Zone (for example, usw2-lax1-az1), or the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).

  • zone-type - The type of zone, for example, local-zone.

  • zone-name - The name of the Availability Zone (for example, us-east-1a), the Local Zone (for example, us-west-2-lax-1a), or the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).

  • zone-type - The type of zone, for example, local-zone.

' + ZoneName: + allOf: + - $ref: '#/components/schemas/ZoneNameStringList' + - description: 'The names of the Availability Zones, Local Zones, and Wavelength Zones.' + ZoneId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Include all Availability Zones, Local Zones, and Wavelength Zones regardless of your opt-in status.

If you do not use this parameter, the results include only the zones for the Regions where you have chosen the option to opt in.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DescribeBundleTasksRequest: + type: object + title: DescribeBundleTasksRequest + properties: + BundleId: + allOf: + - $ref: '#/components/schemas/BundleIdStringList' + - description: '

The bundle task IDs.

Default: Describes all your bundle tasks.

' + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

The filters.

  • bundle-id - The ID of the bundle task.

  • error-code - If the task failed, the error code returned.

  • error-message - If the task failed, the error message returned.

  • instance-id - The ID of the instance.

  • progress - The level of task completion, as a percentage (for example, 20%).

  • s3-bucket - The Amazon S3 bucket to store the AMI.

  • s3-prefix - The beginning of the AMI name.

  • start-time - The time the task started (for example, 2013-09-15T17:15:20.000Z).

  • state - The state of the task (pending | waiting-for-shutdown | bundling | storing | cancelling | complete | failed).

  • update-time - The time of the most recent update for the task.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DescribeByoipCidrsMaxResults: + type: integer + minimum: 1 + maximum: 100 + DescribeByoipCidrsRequest: + type: object + required: + - MaxResults + title: DescribeByoipCidrsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + DescribeCapacityReservationFleetsMaxResults: + type: integer + minimum: 1 + maximum: 100 + DescribeCapacityReservationFleetsRequest: + type: object + title: DescribeCapacityReservationFleetsRequest + properties: + CapacityReservationFleetId: + allOf: + - $ref: '#/components/schemas/DescribeCapacityReservationFleetsMaxResults' + - description: 'The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.' + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DescribeCapacityReservationsMaxResults: + type: integer + minimum: 1 + maximum: 1000 + DescribeCapacityReservationsRequest: + type: object + title: DescribeCapacityReservationsRequest + properties: + CapacityReservationId: + allOf: + - $ref: '#/components/schemas/DescribeCapacityReservationsMaxResults' + - description: 'The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.' + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DescribeCarrierGatewaysRequest: + type: object + title: DescribeCarrierGatewaysRequest + properties: + CarrierGatewayId: + allOf: + - $ref: '#/components/schemas/CarrierGatewayIdSet' + - description: One or more carrier gateway IDs. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DescribeClassicLinkInstancesMaxResults: + type: integer + minimum: 5 + maximum: 1000 + InstanceIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + DescribeClassicLinkInstancesRequest: + type: object + title: DescribeClassicLinkInstancesRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • group-id - The ID of a VPC security group that''s associated with the instance.

  • instance-id - The ID of the instance.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC to which the instance is linked.

    vpc-id - The ID of the VPC that the instance is linked to.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + InstanceId: + allOf: + - $ref: '#/components/schemas/InstanceIdStringList' + - description: One or more instance IDs. Must be instances linked to a VPC through ClassicLink. + maxResults: + allOf: + - $ref: '#/components/schemas/DescribeClassicLinkInstancesMaxResults' + - description: '

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

Constraint: If the value is greater than 1000, we return only 1000 items.

' + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next page of results. + DescribeClientVpnAuthorizationRulesMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DescribeClientVpnAuthorizationRulesRequest: + type: object + required: + - ClientVpnEndpointId + title: DescribeClientVpnAuthorizationRulesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to retrieve the next page of results. + Filter: + allOf: + - $ref: '#/components/schemas/DescribeClientVpnAuthorizationRulesMaxResults' + - description: The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value. + DescribeClientVpnConnectionsMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DescribeClientVpnConnectionsRequest: + type: object + required: + - ClientVpnEndpointId + title: DescribeClientVpnConnectionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ClientVpnEndpointId' + - description: The ID of the Client VPN endpoint. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DescribeClientVpnEndpointMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DescribeClientVpnEndpointsRequest: + type: object + title: DescribeClientVpnEndpointsRequest + properties: + ClientVpnEndpointId: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to retrieve the next page of results. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + EndpointSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ClientVpnEndpoint' + - xml: + name: item + DescribeClientVpnRoutesMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DescribeClientVpnRoutesRequest: + type: object + required: + - ClientVpnEndpointId + title: DescribeClientVpnRoutesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ClientVpnEndpointId' + - description: The ID of the Client VPN endpoint. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DescribeClientVpnTargetNetworksMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DescribeClientVpnTargetNetworksRequest: + type: object + required: + - ClientVpnEndpointId + title: DescribeClientVpnTargetNetworksRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to retrieve the next page of results. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TargetNetworkSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/TargetNetwork' + - xml: + name: item + DescribeCoipPoolsRequest: + type: object + title: DescribeCoipPoolsRequest + properties: + PoolId: + allOf: + - $ref: '#/components/schemas/CoipPoolIdSet' + - description: The IDs of the address pools. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DescribeConversionTaskList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ConversionTask' + - xml: + name: item + DescribeConversionTasksRequest: + type: object + title: DescribeConversionTasksRequest + properties: + conversionTaskId: + allOf: + - $ref: '#/components/schemas/ConversionIdStringList' + - description: The conversion task IDs. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DescribeCustomerGatewaysRequest: + type: object + title: DescribeCustomerGatewaysRequest + properties: + CustomerGatewayId: + allOf: + - $ref: '#/components/schemas/CustomerGatewayIdStringList' + - description: '

One or more customer gateway IDs.

Default: Describes all your customer gateways.

' + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • bgp-asn - The customer gateway''s Border Gateway Protocol (BGP) Autonomous System Number (ASN).

  • customer-gateway-id - The ID of the customer gateway.

  • ip-address - The IP address of the customer gateway''s Internet-routable external interface.

  • state - The state of the customer gateway (pending | available | deleting | deleted).

  • type - The type of customer gateway. Currently, the only supported type is ipsec.1.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for DescribeCustomerGateways. + DescribeDhcpOptionsMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DhcpOptionsIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/DhcpOptionsId' + - xml: + name: DhcpOptionsId + DescribeDhcpOptionsRequest: + type: object + title: DescribeDhcpOptionsRequest + properties: + DhcpOptionsId: + allOf: + - $ref: '#/components/schemas/DhcpOptionsIdStringList' + - description: '

The IDs of one or more DHCP options sets.

Default: Describes all your DHCP options sets.

' + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • dhcp-options-id - The ID of a DHCP options set.

  • key - The key for one of the options (for example, domain-name).

  • value - The value for one of the options.

  • owner-id - The ID of the Amazon Web Services account that owns the DHCP options set.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + dryRun: + allOf: + - $ref: '#/components/schemas/DescribeDhcpOptionsMaxResults' + - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + DhcpOptionsList: + type: array + items: + allOf: + - $ref: '#/components/schemas/DhcpOptions' + - xml: + name: item + DescribeEgressOnlyInternetGatewaysMaxResults: + type: integer + minimum: 5 + maximum: 255 + DescribeEgressOnlyInternetGatewaysRequest: + type: object + title: DescribeEgressOnlyInternetGatewaysRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + EgressOnlyInternetGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next page of results. + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + EgressOnlyInternetGatewayList: + type: array + items: + allOf: + - $ref: '#/components/schemas/EgressOnlyInternetGateway' + - xml: + name: item + DescribeElasticGpusMaxResults: + type: integer + minimum: 10 + maximum: 1000 + DescribeElasticGpusRequest: + type: object + title: DescribeElasticGpusRequest + properties: + ElasticGpuId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to request the next page of results. + ElasticGpuSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ElasticGpus' + - xml: + name: item + DescribeExportImageTasksMaxResults: + type: integer + minimum: 1 + maximum: 500 + DescribeExportImageTasksRequest: + type: object + title: DescribeExportImageTasksRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: 'Filter tasks using the task-state filter and one of the following values: active, completed, deleting, or deleted.' + ExportImageTaskId: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: A token that indicates the next page of results. + ExportImageTaskList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ExportImageTask' + - xml: + name: item + ExportTaskIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ExportTaskId' + - xml: + name: ExportTaskId + DescribeExportTasksRequest: + type: object + title: DescribeExportTasksRequest + properties: + exportTaskId: + allOf: + - $ref: '#/components/schemas/ExportTaskIdStringList' + - description: The export task IDs. + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: the filters for the export tasks. + ExportTaskList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ExportTask' + - xml: + name: item + FastLaunchImageIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImageId' + - xml: + name: ImageId + DescribeFastLaunchImagesRequest: + type: object + title: DescribeFastLaunchImagesRequest + properties: + ImageId: + allOf: + - $ref: '#/components/schemas/FastLaunchImageIdList' + - description: Details for one or more Windows AMI image IDs. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DescribeFastLaunchImagesRequestMaxResults: + type: integer + minimum: 0 + maximum: 200 + DescribeFastLaunchImagesSuccessSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/DescribeFastLaunchImagesSuccessItem' + - xml: + name: item + FastLaunchResourceType: + type: string + enum: + - snapshot + FastLaunchSnapshotConfigurationResponse: + type: object + properties: + targetResourceCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of pre-provisioned snapshots requested to keep on hand for a fast-launch enabled Windows AMI. + description: Configuration settings for creating and managing pre-provisioned snapshots for a fast-launch enabled Windows AMI. + FastLaunchLaunchTemplateSpecificationResponse: + type: object + properties: + launchTemplateId: + allOf: + - $ref: '#/components/schemas/LaunchTemplateId' + - description: The ID of the launch template for faster launching of the associated Windows AMI. + launchTemplateName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the launch template for faster launching of the associated Windows AMI. + version: + allOf: + - $ref: '#/components/schemas/String' + - description: The version of the launch template for faster launching of the associated Windows AMI. + description: Identifies the launch template to use for faster launching of the Windows AMI. + FastLaunchStateCode: + type: string + enum: + - enabling + - enabling-failed + - enabled + - enabled-failed + - disabling + - disabling-failed + DescribeFastLaunchImagesSuccessItem: + type: object + properties: + imageId: + allOf: + - $ref: '#/components/schemas/ImageId' + - description: The image ID that identifies the fast-launch enabled Windows image. + resourceType: + allOf: + - $ref: '#/components/schemas/FastLaunchResourceType' + - description: 'The resource type that is used for pre-provisioning the Windows AMI. Supported values include: snapshot.' + snapshotConfiguration: + allOf: + - $ref: '#/components/schemas/FastLaunchSnapshotConfigurationResponse' + - description: A group of parameters that are used for pre-provisioning the associated Windows AMI using snapshots. + launchTemplate: + allOf: + - $ref: '#/components/schemas/FastLaunchLaunchTemplateSpecificationResponse' + - description: The launch template that the fast-launch enabled Windows AMI uses when it launches Windows instances from pre-provisioned snapshots. + maxParallelLaunches: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The maximum number of parallel instances that are launched for creating resources. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The owner ID for the fast-launch enabled Windows AMI. + state: + allOf: + - $ref: '#/components/schemas/FastLaunchStateCode' + - description: The current state of faster launching for the specified Windows AMI. + stateTransitionReason: + allOf: + - $ref: '#/components/schemas/String' + - description: The reason that faster launching for the Windows AMI changed to the current state. + stateTransitionTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time that faster launching for the Windows AMI changed to the current state. + description: Describe details about a fast-launch enabled Windows image that meets the requested criteria. Criteria are defined by the DescribeFastLaunchImages action filters. + FastSnapshotRestoreStateCode: + type: string + enum: + - enabling + - optimizing + - enabled + - disabling + - disabled + DescribeFastSnapshotRestoreSuccessItem: + type: object + properties: + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the snapshot. + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone. + state: + allOf: + - $ref: '#/components/schemas/FastSnapshotRestoreStateCode' + - description: The state of fast snapshot restores. + stateTransitionReason: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The reason for the state transition. The possible values are as follows:

  • Client.UserInitiated - The state successfully transitioned to enabling or disabling.

  • Client.UserInitiated - Lifecycle state transition - The state successfully transitioned to optimizing, enabled, or disabled.

' + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that enabled fast snapshot restores on the snapshot. + ownerAlias: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services owner alias that enabled fast snapshot restores on the snapshot. This is intended for future use. + enablingTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time at which fast snapshot restores entered the enabling state. + optimizingTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time at which fast snapshot restores entered the optimizing state. + enabledTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time at which fast snapshot restores entered the enabled state. + disablingTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time at which fast snapshot restores entered the disabling state. + disabledTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time at which fast snapshot restores entered the disabled state. + description: Describes fast snapshot restores for a snapshot. + DescribeFastSnapshotRestoreSuccessSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/DescribeFastSnapshotRestoreSuccessItem' + - xml: + name: item + DescribeFastSnapshotRestoresMaxResults: + type: integer + minimum: 0 + maximum: 200 + DescribeFastSnapshotRestoresRequest: + type: object + title: DescribeFastSnapshotRestoresRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DescribeFleetError: + type: object + properties: + launchTemplateAndOverrides: + allOf: + - $ref: '#/components/schemas/LaunchTemplateAndOverridesResponse' + - description: The launch templates and overrides that were used for launching the instances. The values that you specify in the Overrides replace the values in the launch template. + lifecycle: + allOf: + - $ref: '#/components/schemas/InstanceLifecycle' + - description: Indicates if the instance that could not be launched was a Spot Instance or On-Demand Instance. + errorCode: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The error code that indicates why the instance could not be launched. For more information about error codes, see Error codes.' + errorMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The error message that describes why the instance could not be launched. For more information about error messages, see Error codes.' + description: Describes the instances that could not be launched by the fleet. + DescribeFleetHistoryRequest: + type: object + required: + - FleetId + - StartTime + title: DescribeFleetHistoryRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The start date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + HistoryRecordSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/HistoryRecordEntry' + - xml: + name: item + DescribeFleetInstancesRequest: + type: object + required: + - FleetId + title: DescribeFleetInstancesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/FleetId' + - description: The ID of the EC2 Fleet. + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description:

The filters.

  • instance-type - The instance type.

+ DescribeFleetsErrorSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/DescribeFleetError' + - xml: + name: item + DescribeFleetsInstances: + type: object + properties: + launchTemplateAndOverrides: + allOf: + - $ref: '#/components/schemas/LaunchTemplateAndOverridesResponse' + - description: The launch templates and overrides that were used for launching the instances. The values that you specify in the Overrides replace the values in the launch template. + lifecycle: + allOf: + - $ref: '#/components/schemas/InstanceLifecycle' + - description: Indicates if the instance that was launched is a Spot Instance or On-Demand Instance. + instanceIds: + allOf: + - $ref: '#/components/schemas/InstanceIdsSet' + - description: The IDs of the instances. + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type. + platform: + allOf: + - $ref: '#/components/schemas/PlatformValues' + - description: 'The value is Windows for Windows instances. Otherwise, the value is blank.' + description: Describes the instances that were launched by the fleet. + DescribeFleetsInstancesSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/DescribeFleetsInstances' + - xml: + name: item + FleetIdSet: + type: array + items: + $ref: '#/components/schemas/FleetId' + DescribeFleetsRequest: + type: object + title: DescribeFleetsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next set of results. + FleetId: + allOf: + - $ref: '#/components/schemas/FleetIdSet' + - description: '

The IDs of the EC2 Fleets.

If a fleet is of type instant, you must specify the fleet ID, otherwise it does not appear in the response.

' + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description:

The filters.

  • activity-status - The progress of the EC2 Fleet ( error | pending-fulfillment | pending-termination | fulfilled).

  • excess-capacity-termination-policy - Indicates whether to terminate running instances if the target capacity is decreased below the current EC2 Fleet size (true | false).

  • fleet-state - The state of the EC2 Fleet (submitted | active | deleted | failed | deleted-running | deleted-terminating | modifying).

  • replace-unhealthy-instances - Indicates whether EC2 Fleet should replace unhealthy instances (true | false).

  • type - The type of request (instant | request | maintain).

+ FleetSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/FleetData' + - xml: + name: item + DescribeFlowLogsRequest: + type: object + title: DescribeFlowLogsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • deliver-log-status - The status of the logs delivery (SUCCESS | FAILED).

  • log-destination-type - The type of destination to which the flow log publishes data. Possible destination types include cloud-watch-logs and s3.

  • flow-log-id - The ID of the flow log.

  • log-group-name - The name of the log group.

  • resource-id - The ID of the VPC, subnet, or network interface.

  • traffic-type - The type of traffic (ACCEPT | REJECT | ALL).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + FlowLogId: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next page of results. + FlowLogSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/FlowLog' + - xml: + name: item + FpgaImageAttributeName: + type: string + enum: + - description + - name + - loadPermission + - productCodes + DescribeFpgaImageAttributeRequest: + type: object + required: + - FpgaImageId + - Attribute + title: DescribeFpgaImageAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/FpgaImageAttributeName' + - description: The AFI attribute. + FpgaImageAttribute: + type: object + properties: + fpgaImageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the AFI. + name: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the AFI. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the AFI. + loadPermissions: + allOf: + - $ref: '#/components/schemas/LoadPermissionList' + - description: The load permissions. + productCodes: + allOf: + - $ref: '#/components/schemas/ProductCodeList' + - description: The product codes. + description: Describes an Amazon FPGA image (AFI) attribute. + DescribeFpgaImagesMaxResults: + type: integer + minimum: 5 + maximum: 1000 + FpgaImageIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/FpgaImageId' + - xml: + name: item + OwnerStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: Owner + DescribeFpgaImagesRequest: + type: object + title: DescribeFpgaImagesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + FpgaImageId: + allOf: + - $ref: '#/components/schemas/FpgaImageIdList' + - description: The AFI IDs. + Owner: + allOf: + - $ref: '#/components/schemas/OwnerStringList' + - description: 'Filters the AFI by owner. Specify an Amazon Web Services account ID, self (owner is the sender of the request), or an Amazon Web Services owner alias (valid values are amazon | aws-marketplace).' + Filter: + allOf: + - $ref: '#/components/schemas/DescribeFpgaImagesMaxResults' + - description: The maximum number of results to return in a single call. + FpgaImageList: + type: array + items: + allOf: + - $ref: '#/components/schemas/FpgaImage' + - xml: + name: item + OfferingId: + type: string + DescribeHostReservationOfferingsRequest: + type: object + title: DescribeHostReservationOfferingsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/OfferingId' + - description: The ID of the reservation offering. + HostOfferingSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/HostOffering' + - xml: + name: item + DescribeHostReservationsMaxResults: + type: integer + minimum: 5 + maximum: 500 + DescribeHostReservationsRequest: + type: object + title: DescribeHostReservationsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. + HostReservationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/HostReservation' + - xml: + name: item + RequestHostIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/DedicatedHostId' + - xml: + name: item + DescribeHostsRequest: + type: object + title: DescribeHostsRequest + properties: + filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

The filters.

  • auto-placement - Whether auto-placement is enabled or disabled (on | off).

  • availability-zone - The Availability Zone of the host.

  • client-token - The idempotency token that you provided when you allocated the host.

  • host-reservation-id - The ID of the reservation assigned to this host.

  • instance-type - The instance type size that the Dedicated Host is configured to support.

  • state - The allocation state of the Dedicated Host (available | under-assessment | permanent-failure | released | released-permanent-failure).

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + hostId: + allOf: + - $ref: '#/components/schemas/RequestHostIdList' + - description: The IDs of the Dedicated Hosts. The IDs are used for targeted instance launches. + maxResults: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.

You cannot specify this parameter and the host IDs parameter in the same request.

' + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. + HostList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Host' + - xml: + name: item + DescribeIamInstanceProfileAssociationsMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DescribeIamInstanceProfileAssociationsRequest: + type: object + title: DescribeIamInstanceProfileAssociationsRequest + properties: + AssociationId: + allOf: + - $ref: '#/components/schemas/AssociationIdList' + - description: The IAM instance profile associations. + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to request the next page of results. + IamInstanceProfileAssociationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/IamInstanceProfileAssociation' + - xml: + name: item + DescribeIdFormatRequest: + type: object + title: DescribeIdFormatRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway ' + DescribeIdentityIdFormatRequest: + type: object + required: + - PrincipalArn + title: DescribeIdentityIdFormatRequest + properties: + principalArn: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ARN of the principal, which can be an IAM role, IAM user, or the root user.' + resource: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway ' + DescribeImageAttributeRequest: + type: object + required: + - Attribute + - ImageId + title: DescribeImageAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ImageId' + - description: The ID of the AMI. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for DescribeImageAttribute. + ExecutableByStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: ExecutableBy + ImageIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImageId' + - xml: + name: ImageId + DescribeImagesRequest: + type: object + title: DescribeImagesRequest + properties: + ExecutableBy: + allOf: + - $ref: '#/components/schemas/ExecutableByStringList' + - description: '

Scopes the images by users with explicit launch permissions. Specify an Amazon Web Services account ID, self (the sender of the request), or all (public AMIs).

  • If you specify an Amazon Web Services account ID that is not your own, only AMIs shared with that specific Amazon Web Services account ID are returned. However, AMIs that are shared with the account’s organization or organizational unit (OU) are not returned.

  • If you specify self or your own Amazon Web Services account ID, AMIs shared with your account are returned. In addition, AMIs that are shared with the organization or OU of which you are member are also returned.

  • If you specify all, all public AMIs are returned.

' + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

The filters.

  • architecture - The image architecture (i386 | x86_64 | arm64).

  • block-device-mapping.delete-on-termination - A Boolean value that indicates whether the Amazon EBS volume is deleted on instance termination.

  • block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).

  • block-device-mapping.snapshot-id - The ID of the snapshot used for the Amazon EBS volume.

  • block-device-mapping.volume-size - The volume size of the Amazon EBS volume, in GiB.

  • block-device-mapping.volume-type - The volume type of the Amazon EBS volume (io1 | io2 | gp2 | gp3 | sc1 | st1 | standard).

  • block-device-mapping.encrypted - A Boolean that indicates whether the Amazon EBS volume is encrypted.

  • creation-date - The time when the image was created, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.

  • description - The description of the image (provided during image creation).

  • ena-support - A Boolean that indicates whether enhanced networking with ENA is enabled.

  • hypervisor - The hypervisor type (ovm | xen).

  • image-id - The ID of the image.

  • image-type - The image type (machine | kernel | ramdisk).

  • is-public - A Boolean that indicates whether the image is public.

  • kernel-id - The kernel ID.

  • manifest-location - The location of the image manifest.

  • name - The name of the AMI (provided during image creation).

  • owner-alias - The owner alias (amazon | aws-marketplace). The valid aliases are defined in an Amazon-maintained list. This is not the Amazon Web Services account alias that can be set using the IAM console. We recommend that you use the Owner request parameter instead of this filter.

  • owner-id - The Amazon Web Services account ID of the owner. We recommend that you use the Owner request parameter instead of this filter.

  • platform - The platform. To only list Windows-based AMIs, use windows.

  • product-code - The product code.

  • product-code.type - The type of the product code (marketplace).

  • ramdisk-id - The RAM disk ID.

  • root-device-name - The device name of the root device volume (for example, /dev/sda1).

  • root-device-type - The type of the root device volume (ebs | instance-store).

  • state - The state of the image (available | pending | failed).

  • state-reason-code - The reason code for the state change.

  • state-reason-message - The message for the state change.

  • sriov-net-support - A value of simple indicates that enhanced networking with the Intel 82599 VF interface is enabled.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • virtualization-type - The virtualization type (paravirtual | hvm).

' + ImageId: + allOf: + - $ref: '#/components/schemas/ImageIdStringList' + - description: '

The image IDs.

Default: Describes all images available to you.

' + Owner: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

If true, all deprecated AMIs are included in the response. If false, no deprecated AMIs are included in the response. If no value is specified, the default value is false.

If you are the AMI owner, all deprecated AMIs appear in the response regardless of the value (true or false) that you set for this parameter.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ImageList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Image' + - xml: + name: item + DescribeImportImageTasksRequest: + type: object + title: DescribeImportImageTasksRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: 'Filter tasks using the task-state filter and one of the following values: active, completed, deleting, or deleted.' + ImportTaskId: + allOf: + - $ref: '#/components/schemas/String' + - description: A token that indicates the next page of results. + ImportImageTaskList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImportImageTask' + - xml: + name: item + DescribeImportSnapshotTasksRequest: + type: object + title: DescribeImportSnapshotTasksRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: The filters. + ImportTaskId: + allOf: + - $ref: '#/components/schemas/String' + - description: A token that indicates the next page of results. + ImportSnapshotTaskList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImportSnapshotTask' + - xml: + name: item + InstanceAttributeName: + type: string + enum: + - instanceType + - kernel + - ramdisk + - userData + - disableApiTermination + - instanceInitiatedShutdownBehavior + - rootDeviceName + - blockDeviceMapping + - productCodes + - sourceDestCheck + - groupSet + - ebsOptimized + - sriovNetSupport + - enaSupport + - enclaveOptions + DescribeInstanceAttributeRequest: + type: object + required: + - Attribute + - InstanceId + title: DescribeInstanceAttributeRequest + properties: + attribute: + allOf: + - $ref: '#/components/schemas/InstanceAttributeName' + - description: '

The instance attribute.

Note: The enaSupport attribute is not supported at this time.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + instanceId: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: The ID of the instance. + DescribeInstanceCreditSpecificationsMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DescribeInstanceCreditSpecificationsRequest: + type: object + title: DescribeInstanceCreditSpecificationsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description:

The filters.

  • instance-id - The ID of the instance.

+ InstanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to retrieve the next page of results. + InstanceCreditSpecificationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceCreditSpecification' + - xml: + name: item + DescribeInstanceEventNotificationAttributesRequest: + type: object + title: DescribeInstanceEventNotificationAttributesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + InstanceEventWindowIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowId' + - xml: + name: InstanceEventWindowId + DescribeInstanceEventWindowsRequest: + type: object + title: DescribeInstanceEventWindowsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + InstanceEventWindowId: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowIdSet' + - description: The IDs of the event windows. + Filter: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to request the next page of results. + description: Describe instance event windows by InstanceEventWindow. + InstanceEventWindowSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceEventWindow' + - xml: + name: item + DescribeInstanceStatusRequest: + type: object + title: DescribeInstanceStatusRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

The filters.

  • availability-zone - The Availability Zone of the instance.

  • event.code - The code for the scheduled event (instance-reboot | system-reboot | system-maintenance | instance-retirement | instance-stop).

  • event.description - A description of the event.

  • event.instance-event-id - The ID of the event whose date and time you are modifying.

  • event.not-after - The latest end time for the scheduled event (for example, 2014-09-15T17:15:20.000Z).

  • event.not-before - The earliest start time for the scheduled event (for example, 2014-09-15T17:15:20.000Z).

  • event.not-before-deadline - The deadline for starting the event (for example, 2014-09-15T17:15:20.000Z).

  • instance-state-code - The code for the instance state, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).

  • instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).

  • instance-status.reachability - Filters on instance status where the name is reachability (passed | failed | initializing | insufficient-data).

  • instance-status.status - The status of the instance (ok | impaired | initializing | insufficient-data | not-applicable).

  • system-status.reachability - Filters on system status where the name is reachability (passed | failed | initializing | insufficient-data).

  • system-status.status - The system status of the instance (ok | impaired | initializing | insufficient-data | not-applicable).

' + InstanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to retrieve the next page of results. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + includeAllInstances: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

When true, includes the health status for all instances. When false, includes the health status for running instances only.

Default: false

' + InstanceStatusList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceStatus' + - xml: + name: item + LocationType: + type: string + enum: + - region + - availability-zone + - availability-zone-id + DescribeInstanceTypeOfferingsRequest: + type: object + title: DescribeInstanceTypeOfferingsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LocationType' + - description: The location type. + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to retrieve the next page of results. + InstanceTypeOfferingsList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceTypeOffering' + - xml: + name: item + RequestInstanceTypeList: + type: array + items: + $ref: '#/components/schemas/InstanceType' + minItems: 0 + maxItems: 100 + DescribeInstanceTypesRequest: + type: object + title: DescribeInstanceTypesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + InstanceType: + allOf: + - $ref: '#/components/schemas/RequestInstanceTypeList' + - description: 'The instance types. For more information, see Instance types in the Amazon EC2 User Guide.' + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token to retrieve the next page of results. + InstanceTypeInfoList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceTypeInfo' + - xml: + name: item + DescribeInstancesRequest: + type: object + title: DescribeInstancesRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

The filters.

  • affinity - The affinity setting for an instance running on a Dedicated Host (default | host).

  • architecture - The instance architecture (i386 | x86_64 | arm64).

  • availability-zone - The Availability Zone of the instance.

  • block-device-mapping.attach-time - The attach time for an EBS volume mapped to the instance, for example, 2010-09-15T17:15:20.000Z.

  • block-device-mapping.delete-on-termination - A Boolean that indicates whether the EBS volume is deleted on instance termination.

  • block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).

  • block-device-mapping.status - The status for the EBS volume (attaching | attached | detaching | detached).

  • block-device-mapping.volume-id - The volume ID of the EBS volume.

  • capacity-reservation-id - The ID of the Capacity Reservation into which the instance was launched.

  • client-token - The idempotency token you provided when you launched the instance.

  • dns-name - The public DNS name of the instance.

  • group-id - The ID of the security group for the instance. EC2-Classic only.

  • group-name - The name of the security group for the instance. EC2-Classic only.

  • hibernation-options.configured - A Boolean that indicates whether the instance is enabled for hibernation. A value of true means that the instance is enabled for hibernation.

  • host-id - The ID of the Dedicated Host on which the instance is running, if applicable.

  • hypervisor - The hypervisor type of the instance (ovm | xen). The value xen is used for both Xen and Nitro hypervisors.

  • iam-instance-profile.arn - The instance profile associated with the instance. Specified as an ARN.

  • image-id - The ID of the image used to launch the instance.

  • instance-id - The ID of the instance.

  • instance-lifecycle - Indicates whether this is a Spot Instance or a Scheduled Instance (spot | scheduled).

  • instance-state-code - The state of the instance, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are: 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).

  • instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).

  • instance-type - The type of instance (for example, t2.micro).

  • instance.group-id - The ID of the security group for the instance.

  • instance.group-name - The name of the security group for the instance.

  • ip-address - The public IPv4 address of the instance.

  • kernel-id - The kernel ID.

  • key-name - The name of the key pair used when the instance was launched.

  • launch-index - When launching multiple instances, this is the index for the instance in the launch group (for example, 0, 1, 2, and so on).

  • launch-time - The time when the instance was launched, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.

  • metadata-options.http-tokens - The metadata request authorization state (optional | required)

  • metadata-options.http-put-response-hop-limit - The http metadata request put response hop limit (integer, possible values 1 to 64)

  • metadata-options.http-endpoint - Enable or disable metadata access on http endpoint (enabled | disabled)

  • monitoring-state - Indicates whether detailed monitoring is enabled (disabled | enabled).

  • network-interface.addresses.private-ip-address - The private IPv4 address associated with the network interface.

  • network-interface.addresses.primary - Specifies whether the IPv4 address of the network interface is the primary private IPv4 address.

  • network-interface.addresses.association.public-ip - The ID of the association of an Elastic IP address (IPv4) with a network interface.

  • network-interface.addresses.association.ip-owner-id - The owner ID of the private IPv4 address associated with the network interface.

  • network-interface.association.public-ip - The address of the Elastic IP address (IPv4) bound to the network interface.

  • network-interface.association.ip-owner-id - The owner of the Elastic IP address (IPv4) associated with the network interface.

  • network-interface.association.allocation-id - The allocation ID returned when you allocated the Elastic IP address (IPv4) for your network interface.

  • network-interface.association.association-id - The association ID returned when the network interface was associated with an IPv4 address.

  • network-interface.attachment.attachment-id - The ID of the interface attachment.

  • network-interface.attachment.instance-id - The ID of the instance to which the network interface is attached.

  • network-interface.attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.

  • network-interface.attachment.device-index - The device index to which the network interface is attached.

  • network-interface.attachment.status - The status of the attachment (attaching | attached | detaching | detached).

  • network-interface.attachment.attach-time - The time that the network interface was attached to an instance.

  • network-interface.attachment.delete-on-termination - Specifies whether the attachment is deleted when an instance is terminated.

  • network-interface.availability-zone - The Availability Zone for the network interface.

  • network-interface.description - The description of the network interface.

  • network-interface.group-id - The ID of a security group associated with the network interface.

  • network-interface.group-name - The name of a security group associated with the network interface.

  • network-interface.ipv6-addresses.ipv6-address - The IPv6 address associated with the network interface.

  • network-interface.mac-address - The MAC address of the network interface.

  • network-interface.network-interface-id - The ID of the network interface.

  • network-interface.owner-id - The ID of the owner of the network interface.

  • network-interface.private-dns-name - The private DNS name of the network interface.

  • network-interface.requester-id - The requester ID for the network interface.

  • network-interface.requester-managed - Indicates whether the network interface is being managed by Amazon Web Services.

  • network-interface.status - The status of the network interface (available) | in-use).

  • network-interface.source-dest-check - Whether the network interface performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the network interface to perform network address translation (NAT) in your VPC.

  • network-interface.subnet-id - The ID of the subnet for the network interface.

  • network-interface.vpc-id - The ID of the VPC for the network interface.

  • outpost-arn - The Amazon Resource Name (ARN) of the Outpost.

  • owner-id - The Amazon Web Services account ID of the instance owner.

  • placement-group-name - The name of the placement group for the instance.

  • placement-partition-number - The partition in which the instance is located.

  • platform - The platform. To list only Windows instances, use windows.

  • private-dns-name - The private IPv4 DNS name of the instance.

  • private-ip-address - The private IPv4 address of the instance.

  • product-code - The product code associated with the AMI used to launch the instance.

  • product-code.type - The type of product code (devpay | marketplace).

  • ramdisk-id - The RAM disk ID.

  • reason - The reason for the current state of the instance (for example, shows "User Initiated [date]" when you stop or terminate the instance). Similar to the state-reason-code filter.

  • requester-id - The ID of the entity that launched the instance on your behalf (for example, Amazon Web Services Management Console, Auto Scaling, and so on).

  • reservation-id - The ID of the instance''s reservation. A reservation ID is created any time you launch an instance. A reservation ID has a one-to-one relationship with an instance launch request, but can be associated with more than one instance if you launch multiple instances using the same launch request. For example, if you launch one instance, you get one reservation ID. If you launch ten instances using the same launch request, you also get one reservation ID.

  • root-device-name - The device name of the root device volume (for example, /dev/sda1).

  • root-device-type - The type of the root device volume (ebs | instance-store).

  • source-dest-check - Indicates whether the instance performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the instance to perform network address translation (NAT) in your VPC.

  • spot-instance-request-id - The ID of the Spot Instance request.

  • state-reason-code - The reason code for the state change.

  • state-reason-message - A message that describes the state change.

  • subnet-id - The ID of the subnet for the instance.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.

  • tenancy - The tenancy of an instance (dedicated | default | host).

  • virtualization-type - The virtualization type of the instance (paravirtual | hvm).

  • vpc-id - The ID of the VPC that the instance is running in.

' + InstanceId: + allOf: + - $ref: '#/components/schemas/InstanceIdStringList' + - description: '

The instance IDs.

Default: Describes all your instances.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + maxResults: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 5 and 1000. You cannot specify this parameter and the instance IDs parameter in the same call.' + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to request the next page of results. + ReservationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Reservation' + - xml: + name: item + DescribeInternetGatewaysMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DescribeInternetGatewaysRequest: + type: object + title: DescribeInternetGatewaysRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • attachment.state - The current state of the attachment between the gateway and the VPC (available). Present only if a VPC is attached.

  • attachment.vpc-id - The ID of an attached VPC.

  • internet-gateway-id - The ID of the Internet gateway.

  • owner-id - The ID of the Amazon Web Services account that owns the internet gateway.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + internetGatewayId: + allOf: + - $ref: '#/components/schemas/DescribeInternetGatewaysMaxResults' + - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + InternetGatewayList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InternetGateway' + - xml: + name: item + DescribeIpamPoolsRequest: + type: object + title: DescribeIpamPoolsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + IpamPoolId: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The IDs of the IPAM pools you would like information on. + IpamPoolSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpamPool' + - xml: + name: item + DescribeIpamScopesRequest: + type: object + title: DescribeIpamScopesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + IpamScopeId: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The IDs of the scopes you want information on. + IpamScopeSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpamScope' + - xml: + name: item + DescribeIpamsRequest: + type: object + title: DescribeIpamsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + IpamId: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The IDs of the IPAMs you want information on. + IpamSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipam' + - xml: + name: item + DescribeIpv6PoolsRequest: + type: object + title: DescribeIpv6PoolsRequest + properties: + PoolId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + Ipv6PoolSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv6Pool' + - xml: + name: item + KeyNameStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/KeyPairName' + - xml: + name: KeyName + KeyPairIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/KeyPairId' + - xml: + name: KeyPairId + DescribeKeyPairsRequest: + type: object + title: DescribeKeyPairsRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

The filters.

  • key-pair-id - The ID of the key pair.

  • fingerprint - The fingerprint of the key pair.

  • key-name - The name of the key pair.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

' + KeyName: + allOf: + - $ref: '#/components/schemas/KeyNameStringList' + - description: '

The key pair names.

Default: Describes all of your key pairs.

' + KeyPairId: + allOf: + - $ref: '#/components/schemas/KeyPairIdStringList' + - description: The IDs of the key pairs. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

If true, the public key material is included in the response.

Default: false

' + KeyPairList: + type: array + items: + allOf: + - $ref: '#/components/schemas/KeyPairInfo' + - xml: + name: item + DescribeLaunchTemplateVersionsRequest: + type: object + title: DescribeLaunchTemplateVersionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LaunchTemplateName' + - description: 'The name of the launch template. To describe one or more versions of a specified launch template, you must specify either the launch template ID or the launch template name in the request. To describe all the latest or default launch template versions in your account, you must omit this parameter.' + LaunchTemplateVersion: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 1 and 200.' + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description:

One or more filters.

  • create-time - The time the launch template version was created.

  • ebs-optimized - A boolean that indicates whether the instance is optimized for Amazon EBS I/O.

  • http-endpoint - Indicates whether the HTTP metadata endpoint on your instances is enabled (enabled | disabled).

  • http-protocol-ipv4 - Indicates whether the IPv4 endpoint for the instance metadata service is enabled (enabled | disabled).

  • host-resource-group-arn - The ARN of the host resource group in which to launch the instances.

  • http-tokens - The state of token usage for your instance metadata requests (optional | required).

  • iam-instance-profile - The ARN of the IAM instance profile.

  • image-id - The ID of the AMI.

  • instance-type - The instance type.

  • is-default-version - A boolean that indicates whether the launch template version is the default version.

  • kernel-id - The kernel ID.

  • license-configuration-arn - The ARN of the license configuration.

  • network-card-index - The index of the network card.

  • ram-disk-id - The RAM disk ID.

+ LaunchTemplateVersionSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateVersion' + - xml: + name: item + DescribeLaunchTemplatesMaxResults: + type: integer + minimum: 1 + maximum: 200 + LaunchTemplateIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateId' + - xml: + name: item + LaunchTemplateNameStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateName' + - xml: + name: item + DescribeLaunchTemplatesRequest: + type: object + title: DescribeLaunchTemplatesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + LaunchTemplateId: + allOf: + - $ref: '#/components/schemas/LaunchTemplateIdStringList' + - description: One or more launch template IDs. + LaunchTemplateName: + allOf: + - $ref: '#/components/schemas/LaunchTemplateNameStringList' + - description: One or more launch template names. + Filter: + allOf: + - $ref: '#/components/schemas/DescribeLaunchTemplatesMaxResults' + - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 1 and 200.' + LaunchTemplateSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplate' + - xml: + name: item + LocalGatewayRouteTableVirtualInterfaceGroupAssociationIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableVirtualInterfaceGroupAssociationId' + - xml: + name: item + DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest: + type: object + title: DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest + properties: + LocalGatewayRouteTableVirtualInterfaceGroupAssociationId: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableVirtualInterfaceGroupAssociationIdSet' + - description: The IDs of the associations. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + LocalGatewayRouteTableVirtualInterfaceGroupAssociationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableVirtualInterfaceGroupAssociation' + - xml: + name: item + LocalGatewayRouteTableVpcAssociationIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociationId' + - xml: + name: item + DescribeLocalGatewayRouteTableVpcAssociationsRequest: + type: object + title: DescribeLocalGatewayRouteTableVpcAssociationsRequest + properties: + LocalGatewayRouteTableVpcAssociationId: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociationIdSet' + - description: The IDs of the associations. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + LocalGatewayRouteTableVpcAssociationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableVpcAssociation' + - xml: + name: item + LocalGatewayRouteTableIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayRoutetableId' + - xml: + name: item + DescribeLocalGatewayRouteTablesRequest: + type: object + title: DescribeLocalGatewayRouteTablesRequest + properties: + LocalGatewayRouteTableId: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableIdSet' + - description: The IDs of the local gateway route tables. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + LocalGatewayRouteTableSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTable' + - xml: + name: item + LocalGatewayVirtualInterfaceGroupIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroupId' + - xml: + name: item + DescribeLocalGatewayVirtualInterfaceGroupsRequest: + type: object + title: DescribeLocalGatewayVirtualInterfaceGroupsRequest + properties: + LocalGatewayVirtualInterfaceGroupId: + allOf: + - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroupIdSet' + - description: The IDs of the virtual interface groups. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + LocalGatewayVirtualInterfaceGroupSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroup' + - xml: + name: item + LocalGatewayVirtualInterfaceIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceId' + - xml: + name: item + DescribeLocalGatewayVirtualInterfacesRequest: + type: object + title: DescribeLocalGatewayVirtualInterfacesRequest + properties: + LocalGatewayVirtualInterfaceId: + allOf: + - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceIdSet' + - description: The IDs of the virtual interfaces. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + LocalGatewayVirtualInterfaceSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayVirtualInterface' + - xml: + name: item + LocalGatewayIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayId' + - xml: + name: item + DescribeLocalGatewaysRequest: + type: object + title: DescribeLocalGatewaysRequest + properties: + LocalGatewayId: + allOf: + - $ref: '#/components/schemas/LocalGatewayIdSet' + - description: The IDs of the local gateways. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + LocalGatewaySet: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGateway' + - xml: + name: item + DescribeManagedPrefixListsRequest: + type: object + title: DescribeManagedPrefixListsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + PrefixListId: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: One or more prefix list IDs. + ManagedPrefixListSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ManagedPrefixList' + - xml: + name: item + DescribeMovingAddressesMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DescribeMovingAddressesRequest: + type: object + title: DescribeMovingAddressesRequest + properties: + filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description:

One or more filters.

  • moving-status - The status of the Elastic IP address (MovingToVpc | RestoringToClassic).

+ dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + maxResults: + allOf: + - $ref: '#/components/schemas/DescribeMovingAddressesMaxResults' + - description: '

The maximum number of results to return for the request in a single page. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. This value can be between 5 and 1000; if MaxResults is given a value outside of this range, an error is returned.

Default: If no value is provided, the default is 1000.

' + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next page of results. + publicIp: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: One or more Elastic IP addresses. + MovingAddressStatusSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/MovingAddressStatus' + - xml: + name: item + DescribeNatGatewaysMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DescribeNatGatewaysRequest: + type: object + title: DescribeNatGatewaysRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/DescribeNatGatewaysMaxResults' + - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + NatGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next page of results. + NatGatewayList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NatGateway' + - xml: + name: item + DescribeNetworkAclsMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DescribeNetworkAclsRequest: + type: object + title: DescribeNetworkAclsRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • association.association-id - The ID of an association ID for the ACL.

  • association.network-acl-id - The ID of the network ACL involved in the association.

  • association.subnet-id - The ID of the subnet involved in the association.

  • default - Indicates whether the ACL is the default network ACL for the VPC.

  • entry.cidr - The IPv4 CIDR range specified in the entry.

  • entry.icmp.code - The ICMP code specified in the entry, if any.

  • entry.icmp.type - The ICMP type specified in the entry, if any.

  • entry.ipv6-cidr - The IPv6 CIDR range specified in the entry.

  • entry.port-range.from - The start of the port range specified in the entry.

  • entry.port-range.to - The end of the port range specified in the entry.

  • entry.protocol - The protocol specified in the entry (tcp | udp | icmp or a protocol number).

  • entry.rule-action - Allows or denies the matching traffic (allow | deny).

  • entry.rule-number - The number of an entry (in other words, rule) in the set of ACL entries.

  • network-acl-id - The ID of the network ACL.

  • owner-id - The ID of the Amazon Web Services account that owns the network ACL.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC for the network ACL.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + NetworkAclId: + allOf: + - $ref: '#/components/schemas/DescribeNetworkAclsMaxResults' + - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + NetworkAclList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkAcl' + - xml: + name: item + DescribeNetworkInsightsAccessScopeAnalysesRequest: + type: object + title: DescribeNetworkInsightsAccessScopeAnalysesRequest + properties: + NetworkInsightsAccessScopeAnalysisId: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: Filters the results based on the start time. The analysis must have started on or before this time. + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + NetworkInsightsAccessScopeAnalysisList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysis' + - xml: + name: item + NetworkInsightsAccessScopeIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' + - xml: + name: item + DescribeNetworkInsightsAccessScopesRequest: + type: object + title: DescribeNetworkInsightsAccessScopesRequest + properties: + NetworkInsightsAccessScopeId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeIdList' + - description: The IDs of the Network Access Scopes. + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + NetworkInsightsAccessScopeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScope' + - xml: + name: item + DescribeNetworkInsightsAnalysesRequest: + type: object + title: DescribeNetworkInsightsAnalysesRequest + properties: + NetworkInsightsAnalysisId: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time when the network insights analyses ended. + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + NetworkInsightsAnalysisList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAnalysis' + - xml: + name: item + NetworkInsightsPathIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInsightsPathId' + - xml: + name: item + DescribeNetworkInsightsPathsRequest: + type: object + title: DescribeNetworkInsightsPathsRequest + properties: + NetworkInsightsPathId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsPathIdList' + - description: The IDs of the paths. + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + NetworkInsightsPathList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInsightsPath' + - xml: + name: item + NetworkInterfaceAttribute: + type: string + enum: + - description + - groupSet + - sourceDestCheck + - attachment + DescribeNetworkInterfaceAttributeRequest: + type: object + required: + - NetworkInterfaceId + title: DescribeNetworkInterfaceAttributeRequest + properties: + attribute: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceAttribute' + - description: The attribute of the network interface. This parameter is required. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - description: The ID of the network interface. + description: Contains the parameters for DescribeNetworkInterfaceAttribute. + NetworkInterfaceAttachment: + type: object + properties: + attachTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The timestamp indicating when the attachment initiated. + attachmentId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network interface attachment. + deleteOnTermination: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the network interface is deleted when the instance is terminated. + deviceIndex: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The device index of the network interface attachment on the instance. + networkCardIndex: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The index of the network card. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + instanceOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID of the owner of the instance. + status: + allOf: + - $ref: '#/components/schemas/AttachmentStatus' + - description: The attachment state. + description: Describes a network interface attachment. + DescribeNetworkInterfacePermissionsMaxResults: + type: integer + minimum: 5 + maximum: 255 + NetworkInterfacePermissionIdList: + type: array + items: + $ref: '#/components/schemas/NetworkInterfacePermissionId' + DescribeNetworkInterfacePermissionsRequest: + type: object + title: DescribeNetworkInterfacePermissionsRequest + properties: + NetworkInterfacePermissionId: + allOf: + - $ref: '#/components/schemas/NetworkInterfacePermissionIdList' + - description: One or more network interface permission IDs. + Filter: + allOf: + - $ref: '#/components/schemas/DescribeNetworkInterfacePermissionsMaxResults' + - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. If this parameter is not specified, up to 50 results are returned by default.' + description: Contains the parameters for DescribeNetworkInterfacePermissions. + NetworkInterfacePermissionList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInterfacePermission' + - xml: + name: item + DescribeNetworkInterfacesMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DescribeNetworkInterfacesRequest: + type: object + title: DescribeNetworkInterfacesRequest + properties: + filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • addresses.private-ip-address - The private IPv4 addresses associated with the network interface.

  • addresses.primary - Whether the private IPv4 address is the primary IP address associated with the network interface.

  • addresses.association.public-ip - The association ID returned when the network interface was associated with the Elastic IP address (IPv4).

  • addresses.association.owner-id - The owner ID of the addresses associated with the network interface.

  • association.association-id - The association ID returned when the network interface was associated with an IPv4 address.

  • association.allocation-id - The allocation ID returned when you allocated the Elastic IP address (IPv4) for your network interface.

  • association.ip-owner-id - The owner of the Elastic IP address (IPv4) associated with the network interface.

  • association.public-ip - The address of the Elastic IP address (IPv4) bound to the network interface.

  • association.public-dns-name - The public DNS name for the network interface (IPv4).

  • attachment.attachment-id - The ID of the interface attachment.

  • attachment.attach-time - The time that the network interface was attached to an instance.

  • attachment.delete-on-termination - Indicates whether the attachment is deleted when an instance is terminated.

  • attachment.device-index - The device index to which the network interface is attached.

  • attachment.instance-id - The ID of the instance to which the network interface is attached.

  • attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.

  • attachment.status - The status of the attachment (attaching | attached | detaching | detached).

  • availability-zone - The Availability Zone of the network interface.

  • description - The description of the network interface.

  • group-id - The ID of a security group associated with the network interface.

  • group-name - The name of a security group associated with the network interface.

  • ipv6-addresses.ipv6-address - An IPv6 address associated with the network interface.

  • interface-type - The type of network interface (api_gateway_managed | aws_codestar_connections_managed | branch | efa | gateway_load_balancer | gateway_load_balancer_endpoint | global_accelerator_managed | interface | iot_rules_managed | lambda | load_balancer | nat_gateway | network_load_balancer | quicksight | transit_gateway | trunk | vpc_endpoint).

  • mac-address - The MAC address of the network interface.

  • network-interface-id - The ID of the network interface.

  • owner-id - The Amazon Web Services account ID of the network interface owner.

  • private-ip-address - The private IPv4 address or addresses of the network interface.

  • private-dns-name - The private DNS name of the network interface (IPv4).

  • requester-id - The alias or Amazon Web Services account ID of the principal or service that created the network interface.

  • requester-managed - Indicates whether the network interface is being managed by an Amazon Web Service (for example, Amazon Web Services Management Console, Auto Scaling, and so on).

  • source-dest-check - Indicates whether the network interface performs source/destination checking. A value of true means checking is enabled, and false means checking is disabled. The value must be false for the network interface to perform network address translation (NAT) in your VPC.

  • status - The status of the network interface. If the network interface is not attached to an instance, the status is available; if a network interface is attached to an instance the status is in-use.

  • subnet-id - The ID of the subnet for the network interface.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC for the network interface.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + NetworkInterfaceId: + allOf: + - $ref: '#/components/schemas/DescribeNetworkInterfacesMaxResults' + - description: The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results. You cannot specify this parameter and the network interface IDs parameter in the same request. + description: Contains the parameters for DescribeNetworkInterfaces. + NetworkInterfaceList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInterface' + - xml: + name: item + PlacementGroupStringList: + type: array + items: + $ref: '#/components/schemas/PlacementGroupName' + PlacementGroupIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/PlacementGroupId' + - xml: + name: GroupId + DescribePlacementGroupsRequest: + type: object + title: DescribePlacementGroupsRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

The filters.

  • group-name - The name of the placement group.

  • group-arn - The Amazon Resource Name (ARN) of the placement group.

  • state - The state of the placement group (pending | available | deleting | deleted).

  • strategy - The strategy of the placement group (cluster | spread | partition).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + groupName: + allOf: + - $ref: '#/components/schemas/PlacementGroupStringList' + - description: '

The names of the placement groups.

Default: Describes all your placement groups, or only those otherwise specified.

' + GroupId: + allOf: + - $ref: '#/components/schemas/PlacementGroupIdStringList' + - description: The IDs of the placement groups. + PlacementGroupList: + type: array + items: + allOf: + - $ref: '#/components/schemas/PlacementGroup' + - xml: + name: item + PrefixListResourceIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/PrefixListResourceId' + - xml: + name: item + DescribePrefixListsRequest: + type: object + title: DescribePrefixListsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next page of results. + PrefixListId: + allOf: + - $ref: '#/components/schemas/PrefixListResourceIdStringList' + - description: One or more prefix list IDs. + PrefixListSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/PrefixList' + - xml: + name: item + DescribePrincipalIdFormatMaxResults: + type: integer + minimum: 1 + maximum: 1000 + DescribePrincipalIdFormatRequest: + type: object + title: DescribePrincipalIdFormatRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Resource: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to request the next page of results. + PrincipalIdFormatList: + type: array + items: + allOf: + - $ref: '#/components/schemas/PrincipalIdFormat' + - xml: + name: item + PoolMaxResults: + type: integer + minimum: 1 + maximum: 10 + DescribePublicIpv4PoolsRequest: + type: object + title: DescribePublicIpv4PoolsRequest + properties: + PoolId: + allOf: + - $ref: '#/components/schemas/PoolMaxResults' + - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + PublicIpv4PoolSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/PublicIpv4Pool' + - xml: + name: item + RegionNameStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: RegionName + DescribeRegionsRequest: + type: object + title: DescribeRegionsRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

The filters.

  • endpoint - The endpoint of the Region (for example, ec2.us-east-1.amazonaws.com).

  • opt-in-status - The opt-in status of the Region (opt-in-not-required | opted-in | not-opted-in).

  • region-name - The name of the Region (for example, us-east-1).

' + RegionName: + allOf: + - $ref: '#/components/schemas/RegionNameStringList' + - description: 'The names of the Regions. You can specify any Regions, whether they are enabled and disabled for your account.' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Indicates whether to display all Regions, including Regions that are disabled for your account.' + RegionList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Region' + - xml: + name: item + DescribeReplaceRootVolumeTasksMaxResults: + type: integer + minimum: 1 + maximum: 50 + ReplaceRootVolumeTaskIds: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReplaceRootVolumeTaskId' + - xml: + name: ReplaceRootVolumeTaskId + DescribeReplaceRootVolumeTasksRequest: + type: object + title: DescribeReplaceRootVolumeTasksRequest + properties: + ReplaceRootVolumeTaskId: + allOf: + - $ref: '#/components/schemas/ReplaceRootVolumeTaskIds' + - description: The ID of the root volume replacement task to view. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ReplaceRootVolumeTasks: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReplaceRootVolumeTask' + - xml: + name: item + DescribeReservedInstancesListingsRequest: + type: object + title: DescribeReservedInstancesListingsRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description:

One or more filters.

  • reserved-instances-id - The ID of the Reserved Instances.

  • reserved-instances-listing-id - The ID of the Reserved Instances listing.

  • status - The status of the Reserved Instance listing (pending | active | cancelled | closed).

  • status-message - The reason for the status.

+ reservedInstancesId: + allOf: + - $ref: '#/components/schemas/ReservationId' + - description: One or more Reserved Instance IDs. + reservedInstancesListingId: + allOf: + - $ref: '#/components/schemas/ReservedInstancesListingId' + - description: One or more Reserved Instance listing IDs. + description: Contains the parameters for DescribeReservedInstancesListings. + ReservedInstancesModificationIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservedInstancesModificationId' + - xml: + name: ReservedInstancesModificationId + DescribeReservedInstancesModificationsRequest: + type: object + title: DescribeReservedInstancesModificationsRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description:

One or more filters.

  • client-token - The idempotency token for the modification request.

  • create-date - The time when the modification request was created.

  • effective-date - The time when the modification becomes effective.

  • modification-result.reserved-instances-id - The ID for the Reserved Instances created as part of the modification request. This ID is only available when the status of the modification is fulfilled.

  • modification-result.target-configuration.availability-zone - The Availability Zone for the new Reserved Instances.

  • modification-result.target-configuration.instance-count - The number of new Reserved Instances.

  • modification-result.target-configuration.instance-type - The instance type of the new Reserved Instances.

  • modification-result.target-configuration.platform - The network platform of the new Reserved Instances (EC2-Classic | EC2-VPC).

  • reserved-instances-id - The ID of the Reserved Instances modified.

  • reserved-instances-modification-id - The ID of the modification request.

  • status - The status of the Reserved Instances modification request (processing | fulfilled | failed).

  • status-message - The reason for the status.

  • update-date - The time when the modification request was last updated.

+ ReservedInstancesModificationId: + allOf: + - $ref: '#/components/schemas/ReservedInstancesModificationIdStringList' + - description: IDs for the submitted modification request. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to retrieve the next page of results. + description: Contains the parameters for DescribeReservedInstancesModifications. + ReservedInstancesModificationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservedInstancesModification' + - xml: + name: item + RIProductDescription: + type: string + enum: + - Linux/UNIX + - Linux/UNIX (Amazon VPC) + - Windows + - Windows (Amazon VPC) + ReservedInstancesOfferingIdStringList: + type: array + items: + $ref: '#/components/schemas/ReservedInstancesOfferingId' + OfferingTypeValues: + type: string + enum: + - Heavy Utilization + - Medium Utilization + - Light Utilization + - No Upfront + - Partial Upfront + - All Upfront + DescribeReservedInstancesOfferingsRequest: + type: object + title: DescribeReservedInstancesOfferingsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone in which the Reserved Instance can be used. + Filter: + allOf: + - $ref: '#/components/schemas/RIProductDescription' + - description: The Reserved Instance product platform description. Instances that include (Amazon VPC) in the description are for use with Amazon VPC. + ReservedInstancesOfferingId: + allOf: + - $ref: '#/components/schemas/ReservedInstancesOfferingIdStringList' + - description: One or more Reserved Instances offering IDs. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + instanceTenancy: + allOf: + - $ref: '#/components/schemas/Tenancy' + - description: '

The tenancy of the instances covered by the reservation. A Reserved Instance with a tenancy of dedicated is applied to instances that run in a VPC on single-tenant hardware (i.e., Dedicated Instances).

Important: The host value cannot be used with this parameter. Use the default or dedicated values only.

Default: default

' + maxResults: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The maximum number of results to return for the request in a single page. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. The maximum is 100.

Default: 100

' + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to retrieve the next page of results. + offeringType: + allOf: + - $ref: '#/components/schemas/OfferingTypeValues' + - description: 'The Reserved Instance offering type. If you are using tools that predate the 2011-11-01 API version, you only have access to the Medium Utilization Reserved Instance offering type. ' + description: Contains the parameters for DescribeReservedInstancesOfferings. + ReservedInstancesOfferingList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservedInstancesOffering' + - xml: + name: item + OfferingClassType: + type: string + enum: + - standard + - convertible + ReservedInstancesIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservationId' + - xml: + name: ReservedInstancesId + DescribeReservedInstancesRequest: + type: object + title: DescribeReservedInstancesRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/OfferingClassType' + - description: Describes whether the Reserved Instance is Standard or Convertible. + ReservedInstancesId: + allOf: + - $ref: '#/components/schemas/ReservedInstancesIdStringList' + - description: '

One or more Reserved Instance IDs.

Default: Describes all your Reserved Instances, or only those otherwise specified.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + offeringType: + allOf: + - $ref: '#/components/schemas/OfferingTypeValues' + - description: 'The Reserved Instance offering type. If you are using tools that predate the 2011-11-01 API version, you only have access to the Medium Utilization Reserved Instance offering type.' + description: Contains the parameters for DescribeReservedInstances. + ReservedInstancesList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservedInstances' + - xml: + name: item + DescribeRouteTablesMaxResults: + type: integer + minimum: 5 + maximum: 100 + DescribeRouteTablesRequest: + type: object + title: DescribeRouteTablesRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • association.route-table-association-id - The ID of an association ID for the route table.

  • association.route-table-id - The ID of the route table involved in the association.

  • association.subnet-id - The ID of the subnet involved in the association.

  • association.main - Indicates whether the route table is the main route table for the VPC (true | false). Route tables that do not have an association ID are not returned in the response.

  • owner-id - The ID of the Amazon Web Services account that owns the route table.

  • route-table-id - The ID of the route table.

  • route.destination-cidr-block - The IPv4 CIDR range specified in a route in the table.

  • route.destination-ipv6-cidr-block - The IPv6 CIDR range specified in a route in the route table.

  • route.destination-prefix-list-id - The ID (prefix) of the Amazon Web Service specified in a route in the table.

  • route.egress-only-internet-gateway-id - The ID of an egress-only Internet gateway specified in a route in the route table.

  • route.gateway-id - The ID of a gateway specified in a route in the table.

  • route.instance-id - The ID of an instance specified in a route in the table.

  • route.nat-gateway-id - The ID of a NAT gateway.

  • route.transit-gateway-id - The ID of a transit gateway.

  • route.origin - Describes how the route was created. CreateRouteTable indicates that the route was automatically created when the route table was created; CreateRoute indicates that the route was manually added to the route table; EnableVgwRoutePropagation indicates that the route was propagated by route propagation.

  • route.state - The state of a route in the route table (active | blackhole). The blackhole state indicates that the route''s target isn''t available (for example, the specified gateway isn''t attached to the VPC, the specified NAT instance has been terminated, and so on).

  • route.vpc-peering-connection-id - The ID of a VPC peering connection specified in a route in the table.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC for the route table.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + RouteTableId: + allOf: + - $ref: '#/components/schemas/DescribeRouteTablesMaxResults' + - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + RouteTableList: + type: array + items: + allOf: + - $ref: '#/components/schemas/RouteTable' + - xml: + name: item + DescribeScheduledInstanceAvailabilityMaxResults: + type: integer + minimum: 5 + maximum: 300 + ScheduledInstanceRecurrenceRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The interval quantity. The interval unit depends on the value of Frequency. For example, every 2 weeks or every 2 months.' + OccurrenceDay: + allOf: + - $ref: '#/components/schemas/String' + - description: The unit for OccurrenceDays (DayOfWeek or DayOfMonth). This value is required for a monthly schedule. You can't specify DayOfWeek with a weekly schedule. You can't specify this value with a daily schedule. + description: Describes the recurring schedule for a Scheduled Instance. + DescribeScheduledInstanceAvailabilityRequest: + type: object + required: + - FirstSlotStartTimeRange + - Recurrence + title: DescribeScheduledInstanceAvailabilityRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/ScheduledInstanceRecurrenceRequest' + - description: The schedule recurrence. + description: Contains the parameters for DescribeScheduledInstanceAvailability. + ScheduledInstanceAvailabilitySet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ScheduledInstanceAvailability' + - xml: + name: item + SlotStartTimeRangeRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The latest date and time, in UTC, for the Scheduled Instance to start.' + description: Describes the time period for a Scheduled Instance to start its first schedule. + DescribeScheduledInstancesRequest: + type: object + title: DescribeScheduledInstancesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next set of results. + ScheduledInstanceId: + allOf: + - $ref: '#/components/schemas/SlotStartTimeRangeRequest' + - description: The time period for the first schedule to start. + description: Contains the parameters for DescribeScheduledInstances. + ScheduledInstanceSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ScheduledInstance' + - xml: + name: item + GroupIds: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: item + DescribeSecurityGroupReferencesRequest: + type: object + required: + - GroupId + title: DescribeSecurityGroupReferencesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/GroupIds' + - description: The IDs of the security groups in your account. + SecurityGroupReferences: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupReference' + - xml: + name: item + DescribeSecurityGroupRulesMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DescribeSecurityGroupRulesRequest: + type: object + title: DescribeSecurityGroupRulesRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • group-id - The ID of the security group.

  • security-group-rule-id - The ID of the security group rule.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

' + SecurityGroupRuleId: + allOf: + - $ref: '#/components/schemas/DescribeSecurityGroupRulesMaxResults' + - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another request with the returned NextToken value. This value can be between 5 and 1000. If this parameter is not specified, then all results are returned.' + DescribeSecurityGroupsMaxResults: + type: integer + minimum: 5 + maximum: 1000 + GroupNameStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupName' + - xml: + name: GroupName + DescribeSecurityGroupsRequest: + type: object + title: DescribeSecurityGroupsRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

The filters. If using multiple filters for rules, the results include security groups for which any combination of rules - not necessarily a single rule - match all filters.

  • description - The description of the security group.

  • egress.ip-permission.cidr - An IPv4 CIDR block for an outbound security group rule.

  • egress.ip-permission.from-port - For an outbound rule, the start of port range for the TCP and UDP protocols, or an ICMP type number.

  • egress.ip-permission.group-id - The ID of a security group that has been referenced in an outbound security group rule.

  • egress.ip-permission.group-name - The name of a security group that is referenced in an outbound security group rule.

  • egress.ip-permission.ipv6-cidr - An IPv6 CIDR block for an outbound security group rule.

  • egress.ip-permission.prefix-list-id - The ID of a prefix list to which a security group rule allows outbound access.

  • egress.ip-permission.protocol - The IP protocol for an outbound security group rule (tcp | udp | icmp, a protocol number, or -1 for all protocols).

  • egress.ip-permission.to-port - For an outbound rule, the end of port range for the TCP and UDP protocols, or an ICMP code.

  • egress.ip-permission.user-id - The ID of an Amazon Web Services account that has been referenced in an outbound security group rule.

  • group-id - The ID of the security group.

  • group-name - The name of the security group.

  • ip-permission.cidr - An IPv4 CIDR block for an inbound security group rule.

  • ip-permission.from-port - For an inbound rule, the start of port range for the TCP and UDP protocols, or an ICMP type number.

  • ip-permission.group-id - The ID of a security group that has been referenced in an inbound security group rule.

  • ip-permission.group-name - The name of a security group that is referenced in an inbound security group rule.

  • ip-permission.ipv6-cidr - An IPv6 CIDR block for an inbound security group rule.

  • ip-permission.prefix-list-id - The ID of a prefix list from which a security group rule allows inbound access.

  • ip-permission.protocol - The IP protocol for an inbound security group rule (tcp | udp | icmp, a protocol number, or -1 for all protocols).

  • ip-permission.to-port - For an inbound rule, the end of port range for the TCP and UDP protocols, or an ICMP code.

  • ip-permission.user-id - The ID of an Amazon Web Services account that has been referenced in an inbound security group rule.

  • owner-id - The Amazon Web Services account ID of the owner of the security group.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC specified when the security group was created.

' + GroupId: + allOf: + - $ref: '#/components/schemas/GroupIdStringList' + - description: '

The IDs of the security groups. Required for security groups in a nondefault VPC.

Default: Describes all of your security groups.

' + GroupName: + allOf: + - $ref: '#/components/schemas/GroupNameStringList' + - description: '

[EC2-Classic and default VPC only] The names of the security groups. You can specify either the security group name or the security group ID. For security groups in a nondefault VPC, use the group-name filter to describe security groups by name.

Default: Describes all of your security groups.

' + dryRun: + allOf: + - $ref: '#/components/schemas/DescribeSecurityGroupsMaxResults' + - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another request with the returned NextToken value. This value can be between 5 and 1000. If this parameter is not specified, then all results are returned.' + SecurityGroupList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroup' + - xml: + name: item + DescribeSnapshotAttributeRequest: + type: object + required: + - Attribute + - SnapshotId + title: DescribeSnapshotAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/SnapshotId' + - description: The ID of the EBS snapshot. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ProductCodeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ProductCode' + - xml: + name: item + DescribeSnapshotTierStatusMaxResults: + type: integer + DescribeSnapshotTierStatusRequest: + type: object + title: DescribeSnapshotTierStatusRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/DescribeSnapshotTierStatusMaxResults' + - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + snapshotTierStatusSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/SnapshotTierStatus' + - xml: + name: item + RestorableByStringList: + type: array + items: + $ref: '#/components/schemas/String' + SnapshotIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SnapshotId' + - xml: + name: SnapshotId + DescribeSnapshotsRequest: + type: object + title: DescribeSnapshotsRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/String' + - description: The NextToken value returned from a previous paginated DescribeSnapshots request where MaxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the NextToken value. This value is null when there are no more results to return. + Owner: + allOf: + - $ref: '#/components/schemas/OwnerStringList' + - description: 'Scopes the results to snapshots with the specified owners. You can specify a combination of Amazon Web Services account IDs, self, and amazon.' + RestorableBy: + allOf: + - $ref: '#/components/schemas/RestorableByStringList' + - description: The IDs of the Amazon Web Services accounts that can create volumes from the snapshot. + SnapshotId: + allOf: + - $ref: '#/components/schemas/SnapshotIdStringList' + - description: '

The snapshot IDs.

Default: Describes the snapshots for which you have create volume permissions.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + SnapshotList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Snapshot' + - xml: + name: item + DescribeSpotDatafeedSubscriptionRequest: + type: object + title: DescribeSpotDatafeedSubscriptionRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for DescribeSpotDatafeedSubscription. + DescribeSpotFleetInstancesMaxResults: + type: integer + minimum: 1 + maximum: 1000 + DescribeSpotFleetInstancesRequest: + type: object + required: + - SpotFleetRequestId + title: DescribeSpotFleetInstancesRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + maxResults: + allOf: + - $ref: '#/components/schemas/DescribeSpotFleetInstancesMaxResults' + - description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next set of results. + spotFleetRequestId: + allOf: + - $ref: '#/components/schemas/SpotFleetRequestId' + - description: The ID of the Spot Fleet request. + description: Contains the parameters for DescribeSpotFleetInstances. + DescribeSpotFleetRequestHistoryMaxResults: + type: integer + minimum: 1 + maximum: 1000 + EventType: + type: string + enum: + - instanceChange + - fleetRequestChange + - error + - information + DescribeSpotFleetRequestHistoryRequest: + type: object + required: + - SpotFleetRequestId + - StartTime + title: DescribeSpotFleetRequestHistoryRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + eventType: + allOf: + - $ref: '#/components/schemas/EventType' + - description: 'The type of events to describe. By default, all events are described.' + maxResults: + allOf: + - $ref: '#/components/schemas/DescribeSpotFleetRequestHistoryMaxResults' + - description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next set of results. + spotFleetRequestId: + allOf: + - $ref: '#/components/schemas/SpotFleetRequestId' + - description: The ID of the Spot Fleet request. + startTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The starting date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + description: Contains the parameters for DescribeSpotFleetRequestHistory. + HistoryRecords: + type: array + items: + allOf: + - $ref: '#/components/schemas/HistoryRecord' + - xml: + name: item + DescribeSpotFleetRequestsRequest: + type: object + title: DescribeSpotFleetRequestsRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + maxResults: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next set of results. + spotFleetRequestId: + allOf: + - $ref: '#/components/schemas/SpotFleetRequestIdList' + - description: The IDs of the Spot Fleet requests. + description: Contains the parameters for DescribeSpotFleetRequests. + SpotFleetRequestConfigSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/SpotFleetRequestConfig' + - xml: + name: item + DescribeSpotInstanceRequestsRequest: + type: object + title: DescribeSpotInstanceRequestsRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • availability-zone-group - The Availability Zone group.

  • create-time - The time stamp when the Spot Instance request was created.

  • fault-code - The fault code related to the request.

  • fault-message - The fault message related to the request.

  • instance-id - The ID of the instance that fulfilled the request.

  • launch-group - The Spot Instance launch group.

  • launch.block-device-mapping.delete-on-termination - Indicates whether the EBS volume is deleted on instance termination.

  • launch.block-device-mapping.device-name - The device name for the volume in the block device mapping (for example, /dev/sdh or xvdh).

  • launch.block-device-mapping.snapshot-id - The ID of the snapshot for the EBS volume.

  • launch.block-device-mapping.volume-size - The size of the EBS volume, in GiB.

  • launch.block-device-mapping.volume-type - The type of EBS volume: gp2 for General Purpose SSD, io1 or io2 for Provisioned IOPS SSD, st1 for Throughput Optimized HDD, sc1for Cold HDD, or standard for Magnetic.

  • launch.group-id - The ID of the security group for the instance.

  • launch.group-name - The name of the security group for the instance.

  • launch.image-id - The ID of the AMI.

  • launch.instance-type - The type of instance (for example, m3.medium).

  • launch.kernel-id - The kernel ID.

  • launch.key-name - The name of the key pair the instance launched with.

  • launch.monitoring-enabled - Whether detailed monitoring is enabled for the Spot Instance.

  • launch.ramdisk-id - The RAM disk ID.

  • launched-availability-zone - The Availability Zone in which the request is launched.

  • network-interface.addresses.primary - Indicates whether the IP address is the primary private IP address.

  • network-interface.delete-on-termination - Indicates whether the network interface is deleted when the instance is terminated.

  • network-interface.description - A description of the network interface.

  • network-interface.device-index - The index of the device for the network interface attachment on the instance.

  • network-interface.group-id - The ID of the security group associated with the network interface.

  • network-interface.network-interface-id - The ID of the network interface.

  • network-interface.private-ip-address - The primary private IP address of the network interface.

  • network-interface.subnet-id - The ID of the subnet for the instance.

  • product-description - The product description associated with the instance (Linux/UNIX | Windows).

  • spot-instance-request-id - The Spot Instance request ID.

  • spot-price - The maximum hourly price for any Spot Instance launched to fulfill the request.

  • state - The state of the Spot Instance request (open | active | closed | cancelled | failed). Spot request status information can help you track your Amazon EC2 Spot Instance requests. For more information, see Spot request status in the Amazon EC2 User Guide for Linux Instances.

  • status-code - The short code describing the most recent evaluation of your Spot Instance request.

  • status-message - The message explaining the status of the Spot Instance request.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • type - The type of Spot Instance request (one-time | persistent).

  • valid-from - The start date of the request.

  • valid-until - The end date of the request.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + SpotInstanceRequestId: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum number of results to return in a single call. Specify a value between 5 and 1000. To retrieve the remaining results, make another call with the returned NextToken value.' + description: Contains the parameters for DescribeSpotInstanceRequests. + SpotInstanceRequestList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SpotInstanceRequest' + - xml: + name: item + InstanceTypeList: + type: array + items: + $ref: '#/components/schemas/InstanceType' + ProductDescriptionList: + type: array + items: + $ref: '#/components/schemas/String' + DescribeSpotPriceHistoryRequest: + type: object + title: DescribeSpotPriceHistoryRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • availability-zone - The Availability Zone for which prices should be returned.

  • instance-type - The type of instance (for example, m3.medium).

  • product-description - The product description for the Spot price (Linux/UNIX | Red Hat Enterprise Linux | SUSE Linux | Windows | Linux/UNIX (Amazon VPC) | Red Hat Enterprise Linux (Amazon VPC) | SUSE Linux (Amazon VPC) | Windows (Amazon VPC)).

  • spot-price - The Spot price. The value must match exactly (or use wildcards; greater than or less than comparison is not supported).

  • timestamp - The time stamp of the Spot price history, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). You can use wildcards (* and ?). Greater than or less than comparison is not supported.

' + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: Filters the results by the specified Availability Zone. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + endTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The date and time, up to the current date, from which to stop retrieving the price history data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + InstanceType: + allOf: + - $ref: '#/components/schemas/InstanceTypeList' + - description: Filters the results by the specified instance types. + maxResults: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum number of results to return in a single call. Specify a value between 1 and 1000. The default value is 1000. To retrieve the remaining results, make another call with the returned NextToken value.' + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next set of results. + ProductDescription: + allOf: + - $ref: '#/components/schemas/ProductDescriptionList' + - description: Filters the results by the specified basic product descriptions. + startTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The date and time, up to the past 90 days, from which to start retrieving the price history data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + description: Contains the parameters for DescribeSpotPriceHistory. + SpotPriceHistoryList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SpotPrice' + - xml: + name: item + DescribeStaleSecurityGroupsMaxResults: + type: integer + minimum: 5 + maximum: 255 + DescribeStaleSecurityGroupsNextToken: + type: string + minLength: 1 + maxLength: 1024 + DescribeStaleSecurityGroupsRequest: + type: object + required: + - VpcId + title: DescribeStaleSecurityGroupsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + StaleSecurityGroupSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/StaleSecurityGroup' + - xml: + name: item + DescribeStoreImageTasksRequestMaxResults: + type: integer + minimum: 1 + maximum: 200 + DescribeStoreImageTasksRequest: + type: object + title: DescribeStoreImageTasksRequest + properties: + ImageId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/DescribeStoreImageTasksRequestMaxResults' + - description: 'The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 1 and 200. You cannot specify this parameter and the ImageIDs parameter in the same call.' + StoreImageTaskResultSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/StoreImageTaskResult' + - xml: + name: item + DescribeSubnetsMaxResults: + type: integer + minimum: 5 + maximum: 1000 + SubnetIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SubnetId' + - xml: + name: SubnetId + DescribeSubnetsRequest: + type: object + title: DescribeSubnetsRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • availability-zone - The Availability Zone for the subnet. You can also use availabilityZone as the filter name.

  • availability-zone-id - The ID of the Availability Zone for the subnet. You can also use availabilityZoneId as the filter name.

  • available-ip-address-count - The number of IPv4 addresses in the subnet that are available.

  • cidr-block - The IPv4 CIDR block of the subnet. The CIDR block you specify must exactly match the subnet''s CIDR block for information to be returned for the subnet. You can also use cidr or cidrBlock as the filter names.

  • default-for-az - Indicates whether this is the default subnet for the Availability Zone (true | false). You can also use defaultForAz as the filter name.

  • ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated with the subnet.

  • ipv6-cidr-block-association.association-id - An association ID for an IPv6 CIDR block associated with the subnet.

  • ipv6-cidr-block-association.state - The state of an IPv6 CIDR block associated with the subnet.

  • ipv6-native - Indicates whether this is an IPv6 only subnet (true | false).

  • outpost-arn - The Amazon Resource Name (ARN) of the Outpost.

  • owner-id - The ID of the Amazon Web Services account that owns the subnet.

  • state - The state of the subnet (pending | available).

  • subnet-arn - The Amazon Resource Name (ARN) of the subnet.

  • subnet-id - The ID of the subnet.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC for the subnet.

' + SubnetId: + allOf: + - $ref: '#/components/schemas/SubnetIdStringList' + - description: '

One or more subnet IDs.

Default: Describes all your subnets.

' + dryRun: + allOf: + - $ref: '#/components/schemas/DescribeSubnetsMaxResults' + - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + SubnetList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Subnet' + - xml: + name: item + DescribeTagsRequest: + type: object + title: DescribeTagsRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

The filters.

  • key - The tag key.

  • resource-id - The ID of the resource.

  • resource-type - The resource type (customer-gateway | dedicated-host | dhcp-options | elastic-ip | fleet | fpga-image | host-reservation | image | instance | internet-gateway | key-pair | launch-template | natgateway | network-acl | network-interface | placement-group | reserved-instances | route-table | security-group | snapshot | spot-instances-request | subnet | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-peering-connection | vpn-connection | vpn-gateway).

  • tag:<key> - The key/value combination of the tag. For example, specify "tag:Owner" for the filter name and "TeamA" for the filter value to find resources with the tag "Owner=TeamA".

  • value - The tag value.

' + maxResults: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum number of results to return in a single call. This value can be between 5 and 1000. To retrieve the remaining results, make another call with the returned NextToken value.' + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to retrieve the next page of results. + TagDescriptionList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TagDescription' + - xml: + name: item + DescribeTrafficMirrorFiltersRequest: + type: object + title: DescribeTrafficMirrorFiltersRequest + properties: + TrafficMirrorFilterId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + TrafficMirrorFilterSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrafficMirrorFilter' + - xml: + name: item + DescribeTrafficMirrorSessionsRequest: + type: object + title: DescribeTrafficMirrorSessionsRequest + properties: + TrafficMirrorSessionId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + TrafficMirrorSessionSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrafficMirrorSession' + - xml: + name: item + DescribeTrafficMirrorTargetsRequest: + type: object + title: DescribeTrafficMirrorTargetsRequest + properties: + TrafficMirrorTargetId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + TrafficMirrorTargetSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrafficMirrorTarget' + - xml: + name: item + TransitGatewayAttachmentIdStringList: + type: array + items: + $ref: '#/components/schemas/TransitGatewayAttachmentId' + DescribeTransitGatewayAttachmentsRequest: + type: object + title: DescribeTransitGatewayAttachmentsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentIdStringList' + - description: The IDs of the attachments. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayAttachmentList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachment' + - xml: + name: item + TransitGatewayConnectPeerIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayConnectPeerId' + - xml: + name: item + DescribeTransitGatewayConnectPeersRequest: + type: object + title: DescribeTransitGatewayConnectPeersRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayConnectPeerIdStringList' + - description: The IDs of the Connect peers. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayConnectPeerList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayConnectPeer' + - xml: + name: item + DescribeTransitGatewayConnectsRequest: + type: object + title: DescribeTransitGatewayConnectsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentIdStringList' + - description: The IDs of the attachments. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayConnectList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayConnect' + - xml: + name: item + TransitGatewayMulticastDomainIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDomainId' + - xml: + name: item + DescribeTransitGatewayMulticastDomainsRequest: + type: object + title: DescribeTransitGatewayMulticastDomainsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDomainIdStringList' + - description: The ID of the transit gateway multicast domain. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayMulticastDomainList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDomain' + - xml: + name: item + DescribeTransitGatewayPeeringAttachmentsRequest: + type: object + title: DescribeTransitGatewayPeeringAttachmentsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentIdStringList' + - description: One or more IDs of the transit gateway peering attachments. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayPeeringAttachmentList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayPeeringAttachment' + - xml: + name: item + TransitGatewayRouteTableIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableId' + - xml: + name: item + DescribeTransitGatewayRouteTablesRequest: + type: object + title: DescribeTransitGatewayRouteTablesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableIdStringList' + - description: The IDs of the transit gateway route tables. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayRouteTableList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTable' + - xml: + name: item + DescribeTransitGatewayVpcAttachmentsRequest: + type: object + title: DescribeTransitGatewayVpcAttachmentsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentIdStringList' + - description: The IDs of the attachments. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayVpcAttachmentList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayVpcAttachment' + - xml: + name: item + TransitGatewayIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayId' + - xml: + name: item + DescribeTransitGatewaysRequest: + type: object + title: DescribeTransitGatewaysRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayIdStringList' + - description: The IDs of the transit gateways. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGateway' + - xml: + name: item + DescribeTrunkInterfaceAssociationsMaxResults: + type: integer + minimum: 5 + maximum: 255 + DescribeTrunkInterfaceAssociationsRequest: + type: object + title: DescribeTrunkInterfaceAssociationsRequest + properties: + AssociationId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/DescribeTrunkInterfaceAssociationsMaxResults' + - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + TrunkInterfaceAssociationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrunkInterfaceAssociation' + - xml: + name: item + DescribeVolumeAttributeRequest: + type: object + required: + - Attribute + - VolumeId + title: DescribeVolumeAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VolumeId' + - description: The ID of the volume. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + VolumeIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VolumeId' + - xml: + name: VolumeId + DescribeVolumeStatusRequest: + type: object + title: DescribeVolumeStatusRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The NextToken value to include in a future DescribeVolumeStatus request. When the results of the request exceed MaxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.' + VolumeId: + allOf: + - $ref: '#/components/schemas/VolumeIdStringList' + - description: '

The IDs of the volumes.

Default: Describes all your volumes.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + VolumeStatusList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VolumeStatusItem' + - xml: + name: item + DescribeVolumesModificationsRequest: + type: object + title: DescribeVolumesModificationsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + VolumeId: + allOf: + - $ref: '#/components/schemas/VolumeIdStringList' + - description: The IDs of the volumes. + Filter: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The maximum number of results (up to a limit of 500) to be returned in a paginated request. + VolumeModificationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VolumeModification' + - xml: + name: item + DescribeVolumesRequest: + type: object + title: DescribeVolumesRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

The filters.

  • attachment.attach-time - The time stamp when the attachment initiated.

  • attachment.delete-on-termination - Whether the volume is deleted on instance termination.

  • attachment.device - The device name specified in the block device mapping (for example, /dev/sda1).

  • attachment.instance-id - The ID of the instance the volume is attached to.

  • attachment.status - The attachment state (attaching | attached | detaching).

  • availability-zone - The Availability Zone in which the volume was created.

  • create-time - The time stamp when the volume was created.

  • encrypted - Indicates whether the volume is encrypted (true | false)

  • multi-attach-enabled - Indicates whether the volume is enabled for Multi-Attach (true | false)

  • fast-restored - Indicates whether the volume was created from a snapshot that is enabled for fast snapshot restore (true | false).

  • size - The size of the volume, in GiB.

  • snapshot-id - The snapshot from which the volume was created.

  • status - The state of the volume (creating | available | in-use | deleting | deleted | error).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • volume-id - The volume ID.

  • volume-type - The Amazon EBS volume type (gp2 | gp3 | io1 | io2 | st1 | sc1| standard)

' + VolumeId: + allOf: + - $ref: '#/components/schemas/VolumeIdStringList' + - description: The volume IDs. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + maxResults: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum number of volume results returned by DescribeVolumes in paginated output. When this parameter is used, DescribeVolumes only returns MaxResults results in a single page along with a NextToken response element. The remaining results of the initial request can be seen by sending another DescribeVolumes request with the returned NextToken value. This value can be between 5 and 500; if MaxResults is given a value larger than 500, only 500 results are returned. If this parameter is not used, then DescribeVolumes returns all results. You cannot specify this parameter and the volume IDs parameter in the same request.' + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The NextToken value returned from a previous paginated DescribeVolumes request where MaxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the NextToken value. This value is null when there are no more results to return. + VolumeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Volume' + - xml: + name: item + DescribeVpcAttributeRequest: + type: object + required: + - Attribute + - VpcId + title: DescribeVpcAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DescribeVpcClassicLinkDnsSupportMaxResults: + type: integer + minimum: 5 + maximum: 255 + DescribeVpcClassicLinkDnsSupportNextToken: + type: string + minLength: 1 + maxLength: 1024 + VpcClassicLinkIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcId' + - xml: + name: VpcId + DescribeVpcClassicLinkDnsSupportRequest: + type: object + title: DescribeVpcClassicLinkDnsSupportRequest + properties: + maxResults: + allOf: + - $ref: '#/components/schemas/DescribeVpcClassicLinkDnsSupportMaxResults' + - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + nextToken: + allOf: + - $ref: '#/components/schemas/VpcClassicLinkIdList' + - description: One or more VPC IDs. + DescribeVpcClassicLinkRequest: + type: object + title: DescribeVpcClassicLinkRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • is-classic-link-enabled - Whether the VPC is enabled for ClassicLink (true | false).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + VpcId: + allOf: + - $ref: '#/components/schemas/VpcClassicLinkIdList' + - description: One or more VPCs for which you want to describe the ClassicLink status. + VpcClassicLinkList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcClassicLink' + - xml: + name: item + DescribeVpcEndpointConnectionNotificationsRequest: + type: object + title: DescribeVpcEndpointConnectionNotificationsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ConnectionNotificationId' + - description: The ID of the notification. + Filter: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to request the next page of results. + DescribeVpcEndpointConnectionsRequest: + type: object + title: DescribeVpcEndpointConnectionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to retrieve the next page of results. + VpcEndpointConnectionSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcEndpointConnection' + - xml: + name: item + DescribeVpcEndpointServiceConfigurationsRequest: + type: object + title: DescribeVpcEndpointServiceConfigurationsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ServiceId: + allOf: + - $ref: '#/components/schemas/VpcEndpointServiceIdList' + - description: The IDs of one or more services. + Filter: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to retrieve the next page of results. + ServiceConfigurationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ServiceConfiguration' + - xml: + name: item + DescribeVpcEndpointServicePermissionsRequest: + type: object + required: + - ServiceId + title: DescribeVpcEndpointServicePermissionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpcEndpointServiceId' + - description: The ID of the service. + Filter: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to retrieve the next page of results. + DescribeVpcEndpointServicesRequest: + type: object + title: DescribeVpcEndpointServicesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ServiceName: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: One or more service names. + Filter: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next set of items to return. (You received this token from a prior call.) + description: Contains the parameters for DescribeVpcEndpointServices. + ServiceDetailSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ServiceDetail' + - xml: + name: item + DescribeVpcEndpointsRequest: + type: object + title: DescribeVpcEndpointsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + VpcEndpointId: + allOf: + - $ref: '#/components/schemas/VpcEndpointIdList' + - description: One or more endpoint IDs. + Filter: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next set of items to return. (You received this token from a prior call.) + description: Contains the parameters for DescribeVpcEndpoints. + VpcEndpointSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcEndpoint' + - xml: + name: item + DescribeVpcPeeringConnectionsMaxResults: + type: integer + minimum: 5 + maximum: 1000 + DescribeVpcPeeringConnectionsRequest: + type: object + title: DescribeVpcPeeringConnectionsRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • accepter-vpc-info.cidr-block - The IPv4 CIDR block of the accepter VPC.

  • accepter-vpc-info.owner-id - The ID of the Amazon Web Services account that owns the accepter VPC.

  • accepter-vpc-info.vpc-id - The ID of the accepter VPC.

  • expiration-time - The expiration date and time for the VPC peering connection.

  • requester-vpc-info.cidr-block - The IPv4 CIDR block of the requester''s VPC.

  • requester-vpc-info.owner-id - The ID of the Amazon Web Services account that owns the requester VPC.

  • requester-vpc-info.vpc-id - The ID of the requester VPC.

  • status-code - The status of the VPC peering connection (pending-acceptance | failed | expired | provisioning | active | deleting | deleted | rejected).

  • status-message - A message that provides more information about the status of the VPC peering connection, if applicable.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-peering-connection-id - The ID of the VPC peering connection.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + VpcPeeringConnectionId: + allOf: + - $ref: '#/components/schemas/DescribeVpcPeeringConnectionsMaxResults' + - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + VpcPeeringConnectionList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcPeeringConnection' + - xml: + name: item + DescribeVpcsMaxResults: + type: integer + minimum: 5 + maximum: 1000 + VpcIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcId' + - xml: + name: VpcId + DescribeVpcsRequest: + type: object + title: DescribeVpcsRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • cidr - The primary IPv4 CIDR block of the VPC. The CIDR block you specify must exactly match the VPC''s CIDR block for information to be returned for the VPC. Must contain the slash followed by one or two digits (for example, /28).

  • cidr-block-association.cidr-block - An IPv4 CIDR block associated with the VPC.

  • cidr-block-association.association-id - The association ID for an IPv4 CIDR block associated with the VPC.

  • cidr-block-association.state - The state of an IPv4 CIDR block associated with the VPC.

  • dhcp-options-id - The ID of a set of DHCP options.

  • ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated with the VPC.

  • ipv6-cidr-block-association.ipv6-pool - The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated.

  • ipv6-cidr-block-association.association-id - The association ID for an IPv6 CIDR block associated with the VPC.

  • ipv6-cidr-block-association.state - The state of an IPv6 CIDR block associated with the VPC.

  • is-default - Indicates whether the VPC is the default VPC.

  • owner-id - The ID of the Amazon Web Services account that owns the VPC.

  • state - The state of the VPC (pending | available).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC.

' + VpcId: + allOf: + - $ref: '#/components/schemas/VpcIdStringList' + - description: '

One or more VPC IDs.

Default: Describes all your VPCs.

' + dryRun: + allOf: + - $ref: '#/components/schemas/DescribeVpcsMaxResults' + - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + VpcList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Vpc' + - xml: + name: item + VpnConnectionIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpnConnectionId' + - xml: + name: VpnConnectionId + DescribeVpnConnectionsRequest: + type: object + title: DescribeVpnConnectionsRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • customer-gateway-configuration - The configuration information for the customer gateway.

  • customer-gateway-id - The ID of a customer gateway associated with the VPN connection.

  • state - The state of the VPN connection (pending | available | deleting | deleted).

  • option.static-routes-only - Indicates whether the connection has static routes only. Used for devices that do not support Border Gateway Protocol (BGP).

  • route.destination-cidr-block - The destination CIDR block. This corresponds to the subnet used in a customer data center.

  • bgp-asn - The BGP Autonomous System Number (ASN) associated with a BGP device.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • type - The type of VPN connection. Currently the only supported type is ipsec.1.

  • vpn-connection-id - The ID of the VPN connection.

  • vpn-gateway-id - The ID of a virtual private gateway associated with the VPN connection.

  • transit-gateway-id - The ID of a transit gateway associated with the VPN connection.

' + VpnConnectionId: + allOf: + - $ref: '#/components/schemas/VpnConnectionIdStringList' + - description: '

One or more VPN connection IDs.

Default: Describes your VPN connections.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for DescribeVpnConnections. + VpnConnectionList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpnConnection' + - xml: + name: item + VpnGatewayIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpnGatewayId' + - xml: + name: VpnGatewayId + DescribeVpnGatewaysRequest: + type: object + title: DescribeVpnGatewaysRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: '

One or more filters.

  • amazon-side-asn - The Autonomous System Number (ASN) for the Amazon side of the gateway.

  • attachment.state - The current state of the attachment between the gateway and the VPC (attaching | attached | detaching | detached).

  • attachment.vpc-id - The ID of an attached VPC.

  • availability-zone - The Availability Zone for the virtual private gateway (if applicable).

  • state - The state of the virtual private gateway (pending | available | deleting | deleted).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • type - The type of virtual private gateway. Currently the only supported type is ipsec.1.

  • vpn-gateway-id - The ID of the virtual private gateway.

' + VpnGatewayId: + allOf: + - $ref: '#/components/schemas/VpnGatewayIdStringList' + - description: '

One or more virtual private gateway IDs.

Default: Describes all your virtual private gateways.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for DescribeVpnGateways. + VpnGatewayList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpnGateway' + - xml: + name: item + DestinationFileFormat: + type: string + enum: + - plain-text + - parquet + DestinationOptionsResponse: + type: object + properties: + fileFormat: + allOf: + - $ref: '#/components/schemas/DestinationFileFormat' + - description: The format for the flow log. + hiveCompatiblePartitions: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. + perHourPartition: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to partition the flow log per hour. + description: Describes the destination options for a flow log. + DetachClassicLinkVpcRequest: + type: object + required: + - InstanceId + - VpcId + title: DetachClassicLinkVpcRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + instanceId: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: The ID of the instance to unlink from the VPC. + vpcId: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC to which the instance is linked. + DetachInternetGatewayRequest: + type: object + required: + - InternetGatewayId + - VpcId + title: DetachInternetGatewayRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + internetGatewayId: + allOf: + - $ref: '#/components/schemas/InternetGatewayId' + - description: The ID of the internet gateway. + vpcId: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + DetachNetworkInterfaceRequest: + type: object + required: + - AttachmentId + title: DetachNetworkInterfaceRequest + properties: + attachmentId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceAttachmentId' + - description: The ID of the attachment. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + force: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Specifies whether to force a detachment.

  • Use the Force parameter only as a last resort to detach a network interface from a failed instance.

  • If you use the Force parameter to detach a network interface, you might not be able to attach a different network interface to the same index on the instance without first stopping and starting the instance.

  • If you force the detachment of a network interface, the instance metadata might not get updated. This means that the attributes associated with the detached network interface might still be visible. The instance metadata will get updated when you stop and start the instance.

' + description: Contains the parameters for DetachNetworkInterface. + DetachVolumeRequest: + type: object + required: + - VolumeId + title: DetachVolumeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VolumeId' + - description: The ID of the volume. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DetachVpnGatewayRequest: + type: object + required: + - VpcId + - VpnGatewayId + title: DetachVpnGatewayRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpnGatewayId' + - description: The ID of the virtual private gateway. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for DetachVpnGateway. + DeviceType: + type: string + enum: + - ebs + - instance-store + DhcpConfigurationValueList: + type: array + items: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - xml: + name: item + DhcpConfiguration: + type: object + properties: + key: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of a DHCP option. + valueSet: + allOf: + - $ref: '#/components/schemas/DhcpConfigurationValueList' + - description: One or more values for the DHCP option. + description: Describes a DHCP configuration option. + DhcpConfigurationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/DhcpConfiguration' + - xml: + name: item + DirectoryServiceAuthenticationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Active Directory to be used for authentication. + description: Describes the Active Directory to be used for client authentication. + DisableEbsEncryptionByDefaultRequest: + type: object + title: DisableEbsEncryptionByDefaultRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DisableFastLaunchRequest: + type: object + required: + - ImageId + title: DisableFastLaunchRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DisableFastSnapshotRestoreStateErrorSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/DisableFastSnapshotRestoreStateErrorItem' + - xml: + name: item + DisableFastSnapshotRestoreErrorItem: + type: object + properties: + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the snapshot. + fastSnapshotRestoreStateErrorSet: + allOf: + - $ref: '#/components/schemas/DisableFastSnapshotRestoreStateErrorSet' + - description: The errors. + description: Contains information about the errors that occurred when disabling fast snapshot restores. + DisableFastSnapshotRestoreErrorSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/DisableFastSnapshotRestoreErrorItem' + - xml: + name: item + DisableFastSnapshotRestoreStateError: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/String' + - description: The error code. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: The error message. + description: Describes an error that occurred when disabling fast snapshot restores. + DisableFastSnapshotRestoreStateErrorItem: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone. + error: + allOf: + - $ref: '#/components/schemas/DisableFastSnapshotRestoreStateError' + - description: The error. + description: Contains information about an error that occurred when disabling fast snapshot restores. + DisableFastSnapshotRestoreSuccessItem: + type: object + properties: + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the snapshot. + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone. + state: + allOf: + - $ref: '#/components/schemas/FastSnapshotRestoreStateCode' + - description: The state of fast snapshot restores for the snapshot. + stateTransitionReason: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The reason for the state transition. The possible values are as follows:

  • Client.UserInitiated - The state successfully transitioned to enabling or disabling.

  • Client.UserInitiated - Lifecycle state transition - The state successfully transitioned to optimizing, enabled, or disabled.

' + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that enabled fast snapshot restores on the snapshot. + ownerAlias: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services owner alias that enabled fast snapshot restores on the snapshot. This is intended for future use. + enablingTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time at which fast snapshot restores entered the enabling state. + optimizingTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time at which fast snapshot restores entered the optimizing state. + enabledTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time at which fast snapshot restores entered the enabled state. + disablingTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time at which fast snapshot restores entered the disabling state. + disabledTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time at which fast snapshot restores entered the disabled state. + description: Describes fast snapshot restores that were successfully disabled. + DisableFastSnapshotRestoreSuccessSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/DisableFastSnapshotRestoreSuccessItem' + - xml: + name: item + DisableFastSnapshotRestoresRequest: + type: object + required: + - AvailabilityZones + - SourceSnapshotIds + title: DisableFastSnapshotRestoresRequest + properties: + AvailabilityZone: + allOf: + - $ref: '#/components/schemas/AvailabilityZoneStringList' + - description: 'One or more Availability Zones. For example, us-east-2a.' + SourceSnapshotId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DisableImageDeprecationRequest: + type: object + required: + - ImageId + title: DisableImageDeprecationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DisableIpamOrganizationAdminAccountRequest: + type: object + required: + - DelegatedAdminAccountId + title: DisableIpamOrganizationAdminAccountRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The Organizations member account ID that you want to disable as IPAM account. + DisableSerialConsoleAccessRequest: + type: object + title: DisableSerialConsoleAccessRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DisableTransitGatewayRouteTablePropagationRequest: + type: object + required: + - TransitGatewayRouteTableId + - TransitGatewayAttachmentId + title: DisableTransitGatewayRouteTablePropagationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayPropagation: + type: object + properties: + transitGatewayAttachmentId: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentId' + - description: The ID of the attachment. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource. + resourceType: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' + - description: The resource type. Note that the tgw-peering resource type has been deprecated. + transitGatewayRouteTableId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway route table. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayPropagationState' + - description: The state. + description: Describes route propagation. + DisableVgwRoutePropagationRequest: + type: object + required: + - GatewayId + - RouteTableId + title: DisableVgwRoutePropagationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for DisableVgwRoutePropagation. + DisableVpcClassicLinkDnsSupportRequest: + type: object + title: DisableVpcClassicLinkDnsSupportRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + DisableVpcClassicLinkRequest: + type: object + required: + - VpcId + title: DisableVpcClassicLinkRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + vpcId: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + DisassociateAddressRequest: + type: object + title: DisassociateAddressRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '[EC2-Classic] The Elastic IP address. Required for EC2-Classic.' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DisassociateClientVpnTargetNetworkRequest: + type: object + required: + - ClientVpnEndpointId + - AssociationId + title: DisassociateClientVpnTargetNetworkRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DisassociateEnclaveCertificateIamRoleRequest: + type: object + title: DisassociateEnclaveCertificateIamRoleRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DisassociateIamInstanceProfileRequest: + type: object + required: + - AssociationId + title: DisassociateIamInstanceProfileRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/IamInstanceProfileAssociationId' + - description: The ID of the IAM instance profile association. + InstanceEventWindowDisassociationRequest: + type: object + properties: + InstanceId: + allOf: + - $ref: '#/components/schemas/InstanceIdList' + - description: The IDs of the instances to disassociate from the event window. + InstanceTag: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The instance tags to disassociate from the event window. Any instances associated with the tags will be disassociated from the event window. + DedicatedHostId: + allOf: + - $ref: '#/components/schemas/DedicatedHostIdList' + - description: The IDs of the Dedicated Hosts to disassociate from the event window. + description: The targets to disassociate from the specified event window. + DisassociateInstanceEventWindowRequest: + type: object + required: + - InstanceEventWindowId + - AssociationTarget + title: DisassociateInstanceEventWindowRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowDisassociationRequest' + - description: One or more targets to disassociate from the specified event window. + RouteTableAssociationId: + type: string + DisassociateRouteTableRequest: + type: object + required: + - AssociationId + title: DisassociateRouteTableRequest + properties: + associationId: + allOf: + - $ref: '#/components/schemas/RouteTableAssociationId' + - description: The association ID representing the current association between the route table and subnet or gateway. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + SubnetCidrAssociationId: + type: string + DisassociateSubnetCidrBlockRequest: + type: object + required: + - AssociationId + title: DisassociateSubnetCidrBlockRequest + properties: + associationId: + allOf: + - $ref: '#/components/schemas/SubnetCidrAssociationId' + - description: The association ID for the CIDR block. + DisassociateTransitGatewayMulticastDomainRequest: + type: object + title: DisassociateTransitGatewayMulticastDomainRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DisassociateTransitGatewayRouteTableRequest: + type: object + required: + - TransitGatewayRouteTableId + - TransitGatewayAttachmentId + title: DisassociateTransitGatewayRouteTableRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + DisassociateTrunkInterfaceRequest: + type: object + required: + - AssociationId + title: DisassociateTrunkInterfaceRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + VpcCidrAssociationId: + type: string + DisassociateVpcCidrBlockRequest: + type: object + required: + - AssociationId + title: DisassociateVpcCidrBlockRequest + properties: + associationId: + allOf: + - $ref: '#/components/schemas/VpcCidrAssociationId' + - description: The association ID for the CIDR block. + DiskCount: + type: integer + VolumeDetail: + type: object + required: + - Size + properties: + size: + type: integer + description: 'The size of the volume, in GiB.' + description: Describes an EBS volume. + DiskImageDescription: + type: object + properties: + checksum: + allOf: + - $ref: '#/components/schemas/String' + - description: The checksum computed for the disk image. + format: + allOf: + - $ref: '#/components/schemas/DiskImageFormat' + - description: The disk image format. + importManifestUrl: + allOf: + - $ref: '#/components/schemas/String' + - description: '

A presigned URL for the import manifest stored in Amazon S3. For information about creating a presigned URL for an Amazon S3 object, read the "Query String Request Authentication Alternative" section of the Authenticating REST Requests topic in the Amazon Simple Storage Service Developer Guide.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' + size: + allOf: + - $ref: '#/components/schemas/Long' + - description: 'The size of the disk image, in GiB.' + description: Describes a disk image. + DiskImageDetail: + type: object + required: + - Bytes + - Format + - ImportManifestUrl + properties: + bytes: + allOf: + - $ref: '#/components/schemas/Long' + - description: 'The size of the disk image, in GiB.' + format: + allOf: + - $ref: '#/components/schemas/DiskImageFormat' + - description: The disk image format. + importManifestUrl: + allOf: + - $ref: '#/components/schemas/String' + - description: '

A presigned URL for the import manifest stored in Amazon S3 and presented here as an Amazon S3 presigned URL. For information about creating a presigned URL for an Amazon S3 object, read the "Query String Request Authentication Alternative" section of the Authenticating REST Requests topic in the Amazon Simple Storage Service Developer Guide.

For information about the import manifest referenced by this API action, see VM Import Manifest.

' + description: Describes a disk image. + DiskImageList: + type: array + items: + $ref: '#/components/schemas/DiskImage' + DiskImageVolumeDescription: + type: object + properties: + id: + allOf: + - $ref: '#/components/schemas/String' + - description: The volume identifier. + size: + allOf: + - $ref: '#/components/schemas/Long' + - description: 'The size of the volume, in GiB.' + description: Describes a disk image volume. + DiskSize: + type: integer + DiskType: + type: string + enum: + - hdd + - ssd + DiskInfo: + type: object + properties: + sizeInGB: + allOf: + - $ref: '#/components/schemas/DiskSize' + - description: The size of the disk in GB. + count: + allOf: + - $ref: '#/components/schemas/DiskCount' + - description: The number of disks with this configuration. + type: + allOf: + - $ref: '#/components/schemas/DiskType' + - description: The type of disk. + description: Describes a disk. + DiskInfoList: + type: array + items: + allOf: + - $ref: '#/components/schemas/DiskInfo' + - xml: + name: item + DnsEntry: + type: object + properties: + dnsName: + allOf: + - $ref: '#/components/schemas/String' + - description: The DNS name. + hostedZoneId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the private hosted zone. + description: Describes a DNS entry. + DnsEntrySet: + type: array + items: + allOf: + - $ref: '#/components/schemas/DnsEntry' + - xml: + name: item + DnsNameState: + type: string + enum: + - pendingVerification + - verified + - failed + DnsOptions: + type: object + properties: + dnsRecordIpType: + allOf: + - $ref: '#/components/schemas/DnsRecordIpType' + - description: The DNS records created for the endpoint. + description: Describes the DNS options for an endpoint. + DnsOptionsSpecification: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/DnsRecordIpType' + - description: The DNS records created for the endpoint. + description: Describes the DNS options for an endpoint. + DnsServersOptionsModifyStructure: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether DNS servers should be used. Specify False to delete the existing DNS servers. + description: Information about the DNS server to be used. + DnsSupportValue: + type: string + enum: + - enable + - disable + DoubleWithConstraints: + type: number + format: double + minimum: 0.001 + maximum: 99.999 + EbsEncryptionSupport: + type: string + enum: + - unsupported + - supported + EbsOptimizedSupport: + type: string + enum: + - unsupported + - supported + - default + EbsOptimizedInfo: + type: object + properties: + baselineBandwidthInMbps: + allOf: + - $ref: '#/components/schemas/BaselineBandwidthInMbps' + - description: 'The baseline bandwidth performance for an EBS-optimized instance type, in Mbps.' + baselineThroughputInMBps: + allOf: + - $ref: '#/components/schemas/BaselineThroughputInMBps' + - description: 'The baseline throughput performance for an EBS-optimized instance type, in MB/s.' + baselineIops: + allOf: + - $ref: '#/components/schemas/BaselineIops' + - description: The baseline input/output storage operations per seconds for an EBS-optimized instance type. + maximumBandwidthInMbps: + allOf: + - $ref: '#/components/schemas/MaximumBandwidthInMbps' + - description: 'The maximum bandwidth performance for an EBS-optimized instance type, in Mbps.' + maximumThroughputInMBps: + allOf: + - $ref: '#/components/schemas/MaximumThroughputInMBps' + - description: 'The maximum throughput performance for an EBS-optimized instance type, in MB/s.' + maximumIops: + allOf: + - $ref: '#/components/schemas/MaximumIops' + - description: The maximum input/output storage operations per second for an EBS-optimized instance type. + description: Describes the optimized EBS performance for supported instance types. + EbsNvmeSupport: + type: string + enum: + - unsupported + - supported + - required + EbsInfo: + type: object + properties: + ebsOptimizedSupport: + allOf: + - $ref: '#/components/schemas/EbsOptimizedSupport' + - description: 'Indicates whether the instance type is Amazon EBS-optimized. For more information, see Amazon EBS-optimized instances in Amazon EC2 User Guide.' + encryptionSupport: + allOf: + - $ref: '#/components/schemas/EbsEncryptionSupport' + - description: Indicates whether Amazon EBS encryption is supported. + ebsOptimizedInfo: + allOf: + - $ref: '#/components/schemas/EbsOptimizedInfo' + - description: Describes the optimized EBS performance for the instance type. + nvmeSupport: + allOf: + - $ref: '#/components/schemas/EbsNvmeSupport' + - description: Indicates whether non-volatile memory express (NVMe) is supported. + description: Describes the Amazon EBS features supported by the instance type. + EbsInstanceBlockDevice: + type: object + properties: + attachTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time stamp when the attachment initiated. + deleteOnTermination: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the volume is deleted on instance termination. + status: + allOf: + - $ref: '#/components/schemas/AttachmentStatus' + - description: The attachment state. + volumeId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the EBS volume. + description: Describes a parameter used to set up an EBS volume in a block device mapping. + EbsInstanceBlockDeviceSpecification: + type: object + properties: + deleteOnTermination: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the volume is deleted on instance termination. + volumeId: + allOf: + - $ref: '#/components/schemas/VolumeId' + - description: The ID of the EBS volume. + description: Describes information used to set up an EBS volume specified in a block device mapping. + MaximumBandwidthInMbps: + type: integer + MaximumThroughputInMBps: + type: number + format: double + MaximumIops: + type: integer + MaximumEfaInterfaces: + type: integer + EfaInfo: + type: object + properties: + maximumEfaInterfaces: + allOf: + - $ref: '#/components/schemas/MaximumEfaInterfaces' + - description: The maximum number of Elastic Fabric Adapters for the instance type. + description: Describes the Elastic Fabric Adapters for the instance type. + EfaSupportedFlag: + type: boolean + InternetGatewayAttachmentList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InternetGatewayAttachment' + - xml: + name: item + EgressOnlyInternetGatewayIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/EgressOnlyInternetGatewayId' + - xml: + name: item + ElasticGpuAssociation: + type: object + properties: + elasticGpuId: + allOf: + - $ref: '#/components/schemas/ElasticGpuId' + - description: The ID of the Elastic Graphics accelerator. + elasticGpuAssociationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the association. + elasticGpuAssociationState: + allOf: + - $ref: '#/components/schemas/String' + - description: The state of the association between the instance and the Elastic Graphics accelerator. + elasticGpuAssociationTime: + allOf: + - $ref: '#/components/schemas/String' + - description: The time the Elastic Graphics accelerator was associated with the instance. + description: Describes the association between an instance and an Elastic Graphics accelerator. + ElasticGpuAssociationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ElasticGpuAssociation' + - xml: + name: item + ElasticGpuStatus: + type: string + enum: + - OK + - IMPAIRED + ElasticGpuHealth: + type: object + properties: + status: + allOf: + - $ref: '#/components/schemas/ElasticGpuStatus' + - description: The health status. + description: Describes the status of an Elastic Graphics accelerator. + ElasticGpuIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ElasticGpuId' + - xml: + name: item + ElasticGpus: + type: object + properties: + elasticGpuId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Elastic Graphics accelerator. + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone in the which the Elastic Graphics accelerator resides. + elasticGpuType: + allOf: + - $ref: '#/components/schemas/String' + - description: The type of Elastic Graphics accelerator. + elasticGpuHealth: + allOf: + - $ref: '#/components/schemas/ElasticGpuHealth' + - description: The status of the Elastic Graphics accelerator. + elasticGpuState: + allOf: + - $ref: '#/components/schemas/ElasticGpuState' + - description: The state of the Elastic Graphics accelerator. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance to which the Elastic Graphics accelerator is attached. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the Elastic Graphics accelerator. + description: Describes an Elastic Graphics accelerator. + ElasticGpuSpecificationResponse: + type: object + properties: + type: + allOf: + - $ref: '#/components/schemas/String' + - description: The elastic GPU type. + description: Describes an elastic GPU. + ElasticGpuSpecificationResponseList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ElasticGpuSpecificationResponse' + - xml: + name: item + ElasticGpuSpecifications: + type: array + items: + allOf: + - $ref: '#/components/schemas/ElasticGpuSpecification' + - xml: + name: item + ElasticGpuState: + type: string + enum: + - ATTACHED + ElasticInferenceAcceleratorCount: + type: integer + minimum: 1 + ElasticInferenceAcceleratorAssociation: + type: object + properties: + elasticInferenceAcceleratorArn: + allOf: + - $ref: '#/components/schemas/String' + - description: ' The Amazon Resource Name (ARN) of the elastic inference accelerator. ' + elasticInferenceAcceleratorAssociationId: + allOf: + - $ref: '#/components/schemas/String' + - description: ' The ID of the association. ' + elasticInferenceAcceleratorAssociationState: + allOf: + - $ref: '#/components/schemas/String' + - description: ' The state of the elastic inference accelerator. ' + elasticInferenceAcceleratorAssociationTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: ' The time at which the elastic inference accelerator is associated with an instance. ' + description: ' Describes the association between an instance and an elastic inference accelerator. ' + ElasticInferenceAcceleratorAssociationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ElasticInferenceAcceleratorAssociation' + - xml: + name: item + ElasticInferenceAccelerators: + type: array + items: + allOf: + - $ref: '#/components/schemas/ElasticInferenceAccelerator' + - xml: + name: item + ElasticIpAssociationId: + type: string + EnaSupport: + type: string + enum: + - unsupported + - supported + - required + EnableEbsEncryptionByDefaultRequest: + type: object + title: EnableEbsEncryptionByDefaultRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + EnableFastLaunchRequest: + type: object + required: + - ImageId + title: EnableFastLaunchRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + EnableFastSnapshotRestoreStateErrorSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/EnableFastSnapshotRestoreStateErrorItem' + - xml: + name: item + EnableFastSnapshotRestoreErrorItem: + type: object + properties: + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the snapshot. + fastSnapshotRestoreStateErrorSet: + allOf: + - $ref: '#/components/schemas/EnableFastSnapshotRestoreStateErrorSet' + - description: The errors. + description: Contains information about the errors that occurred when enabling fast snapshot restores. + EnableFastSnapshotRestoreErrorSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/EnableFastSnapshotRestoreErrorItem' + - xml: + name: item + EnableFastSnapshotRestoreStateError: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/String' + - description: The error code. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: The error message. + description: Describes an error that occurred when enabling fast snapshot restores. + EnableFastSnapshotRestoreStateErrorItem: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone. + error: + allOf: + - $ref: '#/components/schemas/EnableFastSnapshotRestoreStateError' + - description: The error. + description: Contains information about an error that occurred when enabling fast snapshot restores. + EnableFastSnapshotRestoreSuccessItem: + type: object + properties: + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the snapshot. + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone. + state: + allOf: + - $ref: '#/components/schemas/FastSnapshotRestoreStateCode' + - description: The state of fast snapshot restores. + stateTransitionReason: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The reason for the state transition. The possible values are as follows:

  • Client.UserInitiated - The state successfully transitioned to enabling or disabling.

  • Client.UserInitiated - Lifecycle state transition - The state successfully transitioned to optimizing, enabled, or disabled.

' + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that enabled fast snapshot restores on the snapshot. + ownerAlias: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services owner alias that enabled fast snapshot restores on the snapshot. This is intended for future use. + enablingTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time at which fast snapshot restores entered the enabling state. + optimizingTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time at which fast snapshot restores entered the optimizing state. + enabledTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time at which fast snapshot restores entered the enabled state. + disablingTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time at which fast snapshot restores entered the disabling state. + disabledTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time at which fast snapshot restores entered the disabled state. + description: Describes fast snapshot restores that were successfully enabled. + EnableFastSnapshotRestoreSuccessSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/EnableFastSnapshotRestoreSuccessItem' + - xml: + name: item + EnableFastSnapshotRestoresRequest: + type: object + required: + - AvailabilityZones + - SourceSnapshotIds + title: EnableFastSnapshotRestoresRequest + properties: + AvailabilityZone: + allOf: + - $ref: '#/components/schemas/AvailabilityZoneStringList' + - description: 'One or more Availability Zones. For example, us-east-2a.' + SourceSnapshotId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + EnableImageDeprecationRequest: + type: object + required: + - ImageId + - DeprecateAt + title: EnableImageDeprecationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + EnableIpamOrganizationAdminAccountRequest: + type: object + required: + - DelegatedAdminAccountId + title: EnableIpamOrganizationAdminAccountRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The Organizations member account ID that you want to enable as the IPAM account. + EnableSerialConsoleAccessRequest: + type: object + title: EnableSerialConsoleAccessRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + EnableTransitGatewayRouteTablePropagationRequest: + type: object + required: + - TransitGatewayRouteTableId + - TransitGatewayAttachmentId + title: EnableTransitGatewayRouteTablePropagationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + EnableVgwRoutePropagationRequest: + type: object + required: + - GatewayId + - RouteTableId + title: EnableVgwRoutePropagationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for EnableVgwRoutePropagation. + EnableVolumeIORequest: + type: object + required: + - VolumeId + title: EnableVolumeIORequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + volumeId: + allOf: + - $ref: '#/components/schemas/VolumeId' + - description: The ID of the volume. + EnableVpcClassicLinkDnsSupportRequest: + type: object + title: EnableVpcClassicLinkDnsSupportRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + EnableVpcClassicLinkRequest: + type: object + required: + - VpcId + title: EnableVpcClassicLinkRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + vpcId: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + EnclaveOptions: + type: object + properties: + enabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If this parameter is set to true, the instance is enabled for Amazon Web Services Nitro Enclaves; otherwise, it is not enabled for Amazon Web Services Nitro Enclaves.' + description: Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. + EnclaveOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to true.' + description: 'Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.' + EncryptionInTransitSupported: + type: boolean + EphemeralNvmeSupport: + type: string + enum: + - unsupported + - supported + - required + ValidationError: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The error code that indicates why the parameter or parameter combination is not valid. For more information about error codes, see Error Codes.' + message: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The error message that describes why the parameter or parameter combination is not valid. For more information about error messages, see Error Codes.' + description: The error code and error message that is returned for a parameter or parameter combination that is not valid when a new launch template or new version of a launch template is created. + ErrorSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ValidationError' + - xml: + name: item + EventCode: + type: string + enum: + - instance-reboot + - system-reboot + - system-maintenance + - instance-retirement + - instance-stop + EventInformation: + type: object + properties: + eventDescription: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the event. + eventSubType: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The event.

error events:

  • iamFleetRoleInvalid - The EC2 Fleet or Spot Fleet does not have the required permissions either to launch or terminate an instance.

  • allLaunchSpecsTemporarilyBlacklisted - None of the configurations are valid, and several attempts to launch instances have failed. For more information, see the description of the event.

  • spotInstanceCountLimitExceeded - You''ve reached the limit on the number of Spot Instances that you can launch.

  • spotFleetRequestConfigurationInvalid - The configuration is not valid. For more information, see the description of the event.

fleetRequestChange events:

  • active - The EC2 Fleet or Spot Fleet request has been validated and Amazon EC2 is attempting to maintain the target number of running instances.

  • cancelled - The EC2 Fleet or Spot Fleet request is canceled and has no running instances. The EC2 Fleet or Spot Fleet will be deleted two days after its instances are terminated.

  • cancelled_running - The EC2 Fleet or Spot Fleet request is canceled and does not launch additional instances. Its existing instances continue to run until they are interrupted or terminated. The request remains in this state until all instances are interrupted or terminated.

  • cancelled_terminating - The EC2 Fleet or Spot Fleet request is canceled and its instances are terminating. The request remains in this state until all instances are terminated.

  • expired - The EC2 Fleet or Spot Fleet request has expired. If the request was created with TerminateInstancesWithExpiration set, a subsequent terminated event indicates that the instances are terminated.

  • modify_in_progress - The EC2 Fleet or Spot Fleet request is being modified. The request remains in this state until the modification is fully processed.

  • modify_succeeded - The EC2 Fleet or Spot Fleet request was modified.

  • submitted - The EC2 Fleet or Spot Fleet request is being evaluated and Amazon EC2 is preparing to launch the target number of instances.

  • progress - The EC2 Fleet or Spot Fleet request is in the process of being fulfilled.

instanceChange events:

  • launched - A new instance was launched.

  • terminated - An instance was terminated by the user.

  • termination_notified - An instance termination notification was sent when a Spot Instance was terminated by Amazon EC2 during scale-down, when the target capacity of the fleet was modified down, for example, from a target capacity of 4 to a target capacity of 3.

Information events:

  • fleetProgressHalted - The price in every launch specification is not valid because it is below the Spot price (all the launch specifications have produced launchSpecUnusable events). A launch specification might become valid if the Spot price changes.

  • launchSpecTemporarilyBlacklisted - The configuration is not valid and several attempts to launch instances have failed. For more information, see the description of the event.

  • launchSpecUnusable - The price in a launch specification is not valid because it is below the Spot price.

  • registerWithLoadBalancersFailed - An attempt to register instances with load balancers failed. For more information, see the description of the event.

' + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. This information is available only for instanceChange events. + description: Describes an EC2 Fleet or Spot Fleet event. + ExcludedInstanceType: + type: string + pattern: '[a-zA-Z0-9\.\*]+' + minLength: 1 + maxLength: 30 + StringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + TransitGatewayRouteTableRoute: + type: object + properties: + destinationCidr: + allOf: + - $ref: '#/components/schemas/String' + - description: The CIDR block used for destination matches. + state: + allOf: + - $ref: '#/components/schemas/String' + - description: The state of the route. + routeOrigin: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The route origin. The following are the possible values:

  • static

  • propagated

' + prefixListId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the prefix list. + attachmentId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the route attachment. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource for the route attachment. + resourceType: + allOf: + - $ref: '#/components/schemas/String' + - description: The resource type for the route attachment. + description: Describes a route in a transit gateway route table. + Explanation: + type: object + properties: + acl: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The network ACL. + aclRule: + allOf: + - $ref: '#/components/schemas/AnalysisAclRule' + - description: The network ACL rule. + address: + allOf: + - $ref: '#/components/schemas/IpAddress' + - description: 'The IPv4 address, in CIDR notation.' + addressSet: + allOf: + - $ref: '#/components/schemas/IpAddressList' + - description: 'The IPv4 addresses, in CIDR notation.' + attachedTo: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The resource to which the component is attached. + availabilityZoneSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The Availability Zones. + cidrSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The CIDR ranges. + component: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The component. + customerGateway: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The customer gateway. + destination: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The destination. + destinationVpc: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The destination VPC. + direction: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The direction. The following are the possible values:

  • egress

  • ingress

' + explanationCode: + allOf: + - $ref: '#/components/schemas/String' + - description: The explanation code. + ingressRouteTable: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The route table. + internetGateway: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The internet gateway. + loadBalancerArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The Amazon Resource Name (ARN) of the load balancer. + classicLoadBalancerListener: + allOf: + - $ref: '#/components/schemas/AnalysisLoadBalancerListener' + - description: The listener for a Classic Load Balancer. + loadBalancerListenerPort: + allOf: + - $ref: '#/components/schemas/Port' + - description: The listener port of the load balancer. + loadBalancerTarget: + allOf: + - $ref: '#/components/schemas/AnalysisLoadBalancerTarget' + - description: The target. + loadBalancerTargetGroup: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The target group. + loadBalancerTargetGroupSet: + allOf: + - $ref: '#/components/schemas/AnalysisComponentList' + - description: The target groups. + loadBalancerTargetPort: + allOf: + - $ref: '#/components/schemas/Port' + - description: The target port. + elasticLoadBalancerListener: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The load balancer listener. + missingComponent: + allOf: + - $ref: '#/components/schemas/String' + - description: The missing component. + natGateway: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The NAT gateway. + networkInterface: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The network interface. + packetField: + allOf: + - $ref: '#/components/schemas/String' + - description: The packet field. + vpcPeeringConnection: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The VPC peering connection. + port: + allOf: + - $ref: '#/components/schemas/Port' + - description: The port. + portRangeSet: + allOf: + - $ref: '#/components/schemas/PortRangeList' + - description: The port ranges. + prefixList: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The prefix list. + protocolSet: + allOf: + - $ref: '#/components/schemas/StringList' + - description: The protocols. + routeTableRoute: + allOf: + - $ref: '#/components/schemas/AnalysisRouteTableRoute' + - description: The route table route. + routeTable: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The route table. + securityGroup: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The security group. + securityGroupRule: + allOf: + - $ref: '#/components/schemas/AnalysisSecurityGroupRule' + - description: The security group rule. + securityGroupSet: + allOf: + - $ref: '#/components/schemas/AnalysisComponentList' + - description: The security groups. + sourceVpc: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The source VPC. + state: + allOf: + - $ref: '#/components/schemas/String' + - description: The state. + subnet: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The subnet. + subnetRouteTable: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The route table for the subnet. + vpc: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The component VPC. + vpcEndpoint: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The VPC endpoint. + vpnConnection: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The VPN connection. + vpnGateway: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The VPN gateway. + transitGateway: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The transit gateway. + transitGatewayRouteTable: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The transit gateway route table. + transitGatewayRouteTableRoute: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableRoute' + - description: The transit gateway route table route. + transitGatewayAttachment: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The transit gateway attachment. + description: 'Describes an explanation code for an unreachable path. For more information, see Reachability Analyzer explanation codes.' + ExplanationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Explanation' + - xml: + name: item + ExportClientVpnClientCertificateRevocationListRequest: + type: object + required: + - ClientVpnEndpointId + title: ExportClientVpnClientCertificateRevocationListRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ExportClientVpnClientConfigurationRequest: + type: object + required: + - ClientVpnEndpointId + title: ExportClientVpnClientConfigurationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ExportImageRequest: + type: object + required: + - DiskImageFormat + - ImageId + - S3ExportLocation + title: ExportImageRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The name of the role that grants VM Import/Export permission to export images to your Amazon S3 bucket. If this parameter is not specified, the default role is named ''vmimport''.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to apply to the export image task during creation. + ExportTaskS3Location: + type: object + properties: + s3Bucket: + allOf: + - $ref: '#/components/schemas/String' + - description: The destination Amazon S3 bucket. + s3Prefix: + allOf: + - $ref: '#/components/schemas/String' + - description: The prefix (logical hierarchy) in the bucket. + description: Describes the destination for an export image task. + ExportImageTask: + type: object + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the image being exported. + exportImageTaskId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the export image task. + imageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the image. + progress: + allOf: + - $ref: '#/components/schemas/String' + - description: The percent complete of the export image task. + s3ExportLocation: + allOf: + - $ref: '#/components/schemas/ExportTaskS3Location' + - description: Information about the destination Amazon S3 bucket. + status: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The status of the export image task. The possible values are active, completed, deleting, and deleted.' + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: The status message for the export image task. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the export image task. + description: Describes an export image task. + ExportImageTaskIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ExportImageTaskId' + - xml: + name: ExportImageTaskId + ExportToS3Task: + type: object + properties: + containerFormat: + allOf: + - $ref: '#/components/schemas/ContainerFormat' + - description: 'The container format used to combine disk images with metadata (such as OVF). If absent, only the disk image is exported.' + diskImageFormat: + allOf: + - $ref: '#/components/schemas/DiskImageFormat' + - description: The format for the exported image. + s3Bucket: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon S3 bucket for the destination image. The destination bucket must exist and grant WRITE and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com. + s3Key: + allOf: + - $ref: '#/components/schemas/String' + - description: The encryption key for your S3 bucket. + description: Describes the format and location for the export task. + InstanceExportDetails: + type: object + properties: + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource being exported. + targetEnvironment: + allOf: + - $ref: '#/components/schemas/ExportEnvironment' + - description: The target virtualization environment. + description: Describes an instance to export. + ExportTaskState: + type: string + enum: + - active + - cancelling + - cancelled + - completed + ExportTaskS3LocationRequest: + type: object + required: + - S3Bucket + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The prefix (logical hierarchy) in the bucket. + description: Describes the destination for an export image task. + ExportTransitGatewayRoutesRequest: + type: object + required: + - TransitGatewayRouteTableId + - S3Bucket + title: ExportTransitGatewayRoutesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableId' + - description: The ID of the route table. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + FailedCapacityReservationFleetCancellationResult: + type: object + properties: + capacityReservationFleetId: + allOf: + - $ref: '#/components/schemas/CapacityReservationFleetId' + - description: The ID of the Capacity Reservation Fleet that could not be cancelled. + cancelCapacityReservationFleetError: + allOf: + - $ref: '#/components/schemas/CancelCapacityReservationFleetError' + - description: Information about the Capacity Reservation Fleet cancellation error. + description: Describes a Capacity Reservation Fleet that could not be cancelled. + FailedQueuedPurchaseDeletion: + type: object + properties: + error: + allOf: + - $ref: '#/components/schemas/DeleteQueuedReservedInstancesError' + - description: The error. + reservedInstancesId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Reserved Instance. + description: Describes a Reserved Instance whose queued purchase was not deleted. + FastLaunchLaunchTemplateSpecificationRequest: + type: object + required: + - Version + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The version of the launch template to use for faster launching for a Windows AMI. + description: '

Request to create a launch template for a fast-launch enabled Windows AMI.

Note - You can specify either the LaunchTemplateName or the LaunchTemplateId, but not both.

' + FastLaunchSnapshotConfigurationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of pre-provisioned snapshots to keep on hand for a fast-launch enabled Windows AMI. + description: Configuration settings for creating and managing pre-provisioned snapshots for a fast-launch enabled Windows AMI. + FindingsFound: + type: string + enum: + - 'true' + - 'false' + - unknown + FleetActivityStatus: + type: string + enum: + - error + - pending_fulfillment + - pending_termination + - fulfilled + IntegerWithConstraints: + type: integer + minimum: 0 + FleetCapacityReservation: + type: object + properties: + capacityReservationId: + allOf: + - $ref: '#/components/schemas/CapacityReservationId' + - description: The ID of the Capacity Reservation. + availabilityZoneId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Availability Zone in which the Capacity Reservation reserves capacity. + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type for which the Capacity Reservation reserves capacity. + instancePlatform: + allOf: + - $ref: '#/components/schemas/CapacityReservationInstancePlatform' + - description: The type of operating system for which the Capacity Reservation reserves capacity. + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone in which the Capacity Reservation reserves capacity. + totalInstanceCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The total number of instances for which the Capacity Reservation reserves capacity. + fulfilledCapacity: + allOf: + - $ref: '#/components/schemas/Double' + - description: 'The number of capacity units fulfilled by the Capacity Reservation. For more information, see Total target capacity in the Amazon EC2 User Guide.' + ebsOptimized: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the Capacity Reservation reserves capacity for EBS-optimized instance types. + createDate: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time at which the Capacity Reservation was created. + weight: + allOf: + - $ref: '#/components/schemas/DoubleWithConstraints' + - description: 'The weight of the instance type in the Capacity Reservation Fleet. For more information, see Instance type weight in the Amazon EC2 User Guide.' + priority: + allOf: + - $ref: '#/components/schemas/IntegerWithConstraints' + - description: 'The priority of the instance type in the Capacity Reservation Fleet. For more information, see Instance type priority in the Amazon EC2 User Guide.' + description: Information about a Capacity Reservation in a Capacity Reservation Fleet. + FleetExcessCapacityTerminationPolicy: + type: string + enum: + - no-termination + - termination + FleetLaunchTemplateConfigList: + type: array + items: + allOf: + - $ref: '#/components/schemas/FleetLaunchTemplateConfig' + - xml: + name: item + TargetCapacitySpecification: + type: object + properties: + totalTargetCapacity: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The number of units to request, filled using DefaultTargetCapacityType.' + onDemandTargetCapacity: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The number of On-Demand units to request. If you specify a target capacity for Spot units, you cannot specify a target capacity for On-Demand units.' + spotTargetCapacity: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum number of Spot units to launch. If you specify a target capacity for On-Demand units, you cannot specify a target capacity for Spot units.' + defaultTargetCapacityType: + allOf: + - $ref: '#/components/schemas/DefaultTargetCapacityType' + - description: 'The default TotalTargetCapacity, which is either Spot or On-Demand.' + targetCapacityUnitType: + allOf: + - $ref: '#/components/schemas/TargetCapacityUnitType' + - description: '

The unit for the target capacity.

Default: units (translates to number of instances)

' + description: '

The number of units to request. You can choose to set the target capacity in terms of instances or a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.

You can use the On-Demand Instance MaxTotalPrice parameter, the Spot Instance MaxTotalPrice, or both to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, EC2 Fleet will launch instances until it reaches the maximum amount that you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity. The MaxTotalPrice parameters are located in OnDemandOptions and SpotOptions.

' + SpotOptions: + type: object + properties: + allocationStrategy: + allOf: + - $ref: '#/components/schemas/SpotAllocationStrategy' + - description: '

The strategy that determines how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the EC2 Fleet.

lowest-price - EC2 Fleet launches instances from the Spot Instance pools with the lowest price.

diversified - EC2 Fleet launches instances from all of the Spot Instance pools that you specify.

capacity-optimized (recommended) - EC2 Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching. To give certain instance types a higher chance of launching first, use capacity-optimized-prioritized. Set a priority for each instance type by using the Priority parameter for LaunchTemplateOverrides. You can assign the same priority to different LaunchTemplateOverrides. EC2 implements the priorities on a best-effort basis, but optimizes for capacity first. capacity-optimized-prioritized is supported only if your fleet uses a launch template. Note that if the On-Demand AllocationStrategy is set to prioritized, the same priority is applied when fulfilling On-Demand capacity.

Default: lowest-price

' + maintenanceStrategies: + allOf: + - $ref: '#/components/schemas/FleetSpotMaintenanceStrategies' + - description: The strategies for managing your workloads on your Spot Instances that will be interrupted. Currently only the capacity rebalance strategy is available. + instanceInterruptionBehavior: + allOf: + - $ref: '#/components/schemas/SpotInstanceInterruptionBehavior' + - description: '

The behavior when a Spot Instance is interrupted.

Default: terminate

' + instancePoolsToUseCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The number of Spot pools across which to allocate your target Spot capacity. Supported only when AllocationStrategy is set to lowest-price. EC2 Fleet selects the cheapest Spot pools and evenly allocates your target Spot capacity across the number of Spot pools that you specify.

Note that EC2 Fleet attempts to draw Spot Instances from the number of pools that you specify on a best effort basis. If a pool runs out of Spot capacity before fulfilling your target capacity, EC2 Fleet will continue to fulfill your request by drawing from the next cheapest pool. To ensure that your target capacity is met, you might receive Spot Instances from more than the number of pools that you specified. Similarly, if most of the pools have no Spot capacity, you might receive your full target capacity from fewer than the number of pools that you specified.

' + singleInstanceType: + allOf: + - $ref: '#/components/schemas/Boolean' + - description:

Indicates that the fleet uses a single instance type to launch all Spot Instances in the fleet.

Supported only for fleets of type instant.

+ singleAvailabilityZone: + allOf: + - $ref: '#/components/schemas/Boolean' + - description:

Indicates that the fleet launches all Spot Instances into a single Availability Zone.

Supported only for fleets of type instant.

+ minTargetCapacity: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The minimum target capacity for Spot Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.

Supported only for fleets of type instant.

At least one of the following must be specified: SingleAvailabilityZone | SingleInstanceType

' + maxTotalPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The maximum amount per hour for Spot Instances that you're willing to pay. + description: Describes the configuration of Spot Instances in an EC2 Fleet. + OnDemandOptions: + type: object + properties: + allocationStrategy: + allOf: + - $ref: '#/components/schemas/FleetOnDemandAllocationStrategy' + - description: '

The strategy that determines the order of the launch template overrides to use in fulfilling On-Demand capacity.

lowest-price - EC2 Fleet uses price to determine the order, launching the lowest price first.

prioritized - EC2 Fleet uses the priority that you assigned to each launch template override, launching the highest priority first.

Default: lowest-price

' + capacityReservationOptions: + allOf: + - $ref: '#/components/schemas/CapacityReservationOptions' + - description:

The strategy for using unused Capacity Reservations for fulfilling On-Demand capacity.

Supported only for fleets of type instant.

+ singleInstanceType: + allOf: + - $ref: '#/components/schemas/Boolean' + - description:

Indicates that the fleet uses a single instance type to launch all On-Demand Instances in the fleet.

Supported only for fleets of type instant.

+ singleAvailabilityZone: + allOf: + - $ref: '#/components/schemas/Boolean' + - description:

Indicates that the fleet launches all On-Demand Instances into a single Availability Zone.

Supported only for fleets of type instant.

+ minTargetCapacity: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The minimum target capacity for On-Demand Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.

Supported only for fleets of type instant.

At least one of the following must be specified: SingleAvailabilityZone | SingleInstanceType

' + maxTotalPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The maximum amount per hour for On-Demand Instances that you're willing to pay. + description: Describes the configuration of On-Demand Instances in an EC2 Fleet. + FleetData: + type: object + properties: + activityStatus: + allOf: + - $ref: '#/components/schemas/FleetActivityStatus' + - description: 'The progress of the EC2 Fleet. If there is an error, the status is error. After all requests are placed, the status is pending_fulfillment. If the size of the EC2 Fleet is equal to or greater than its target capacity, the status is fulfilled. If the size of the EC2 Fleet is decreased, the status is pending_termination while instances are terminating.' + createTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The creation date and time of the EC2 Fleet. + fleetId: + allOf: + - $ref: '#/components/schemas/FleetId' + - description: The ID of the EC2 Fleet. + fleetState: + allOf: + - $ref: '#/components/schemas/FleetStateCode' + - description: The state of the EC2 Fleet. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: '

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.

Constraints: Maximum 64 ASCII characters

' + excessCapacityTerminationPolicy: + allOf: + - $ref: '#/components/schemas/FleetExcessCapacityTerminationPolicy' + - description: Indicates whether running instances should be terminated if the target capacity of the EC2 Fleet is decreased below the current size of the EC2 Fleet. + fulfilledCapacity: + allOf: + - $ref: '#/components/schemas/Double' + - description: The number of units fulfilled by this request compared to the set target capacity. + fulfilledOnDemandCapacity: + allOf: + - $ref: '#/components/schemas/Double' + - description: The number of units fulfilled by this request compared to the set target On-Demand capacity. + launchTemplateConfigs: + allOf: + - $ref: '#/components/schemas/FleetLaunchTemplateConfigList' + - description: The launch template and overrides. + targetCapacitySpecification: + allOf: + - $ref: '#/components/schemas/TargetCapacitySpecification' + - description: 'The number of units to request. You can choose to set the target capacity in terms of instances or a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.' + terminateInstancesWithExpiration: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Indicates whether running instances should be terminated when the EC2 Fleet expires. ' + type: + allOf: + - $ref: '#/components/schemas/FleetType' + - description: 'The type of request. Indicates whether the EC2 Fleet only requests the target capacity, or also attempts to maintain it. If you request a certain target capacity, EC2 Fleet only places the required requests; it does not attempt to replenish instances if capacity is diminished, and it does not submit requests in alternative capacity pools if capacity is unavailable. To maintain a certain target capacity, EC2 Fleet places the required requests to meet this target capacity. It also automatically replenishes any interrupted Spot Instances. Default: maintain.' + validFrom: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The start date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately. ' + validUntil: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The end date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new instance requests are placed or able to fulfill the request. The default end date is 7 days from the current date. ' + replaceUnhealthyInstances: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Indicates whether EC2 Fleet should replace unhealthy Spot Instances. Supported only for fleets of type maintain. For more information, see EC2 Fleet health checks in the Amazon EC2 User Guide.' + spotOptions: + allOf: + - $ref: '#/components/schemas/SpotOptions' + - description: The configuration of Spot Instances in an EC2 Fleet. + onDemandOptions: + allOf: + - $ref: '#/components/schemas/OnDemandOptions' + - description: The allocation strategy of On-Demand Instances in an EC2 Fleet. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for an EC2 Fleet resource. + errorSet: + allOf: + - $ref: '#/components/schemas/DescribeFleetsErrorSet' + - description: Information about the instances that could not be launched by the fleet. Valid only when Type is set to instant. + fleetInstanceSet: + allOf: + - $ref: '#/components/schemas/DescribeFleetsInstancesSet' + - description: Information about the instances that were launched by the fleet. Valid only when Type is set to instant. + context: + allOf: + - $ref: '#/components/schemas/String' + - description: Reserved. + description: Describes an EC2 Fleet. + FleetEventType: + type: string + enum: + - instance-change + - fleet-change + - service-error + FleetLaunchTemplateSpecification: + type: object + properties: + launchTemplateId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ID of the launch template. If you specify the template ID, you can''t specify the template name.' + launchTemplateName: + allOf: + - $ref: '#/components/schemas/LaunchTemplateName' + - description: 'The name of the launch template. If you specify the template name, you can''t specify the template ID.' + version: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The launch template version number, $Latest, or $Default. You must specify a value, otherwise the request fails.

If the value is $Latest, Amazon EC2 uses the latest version of the launch template.

If the value is $Default, Amazon EC2 uses the default version of the launch template.

' + description: 'Describes the Amazon EC2 launch template and the launch template version that can be used by a Spot Fleet request to configure Amazon EC2 instances. For information about launch templates, see Launching an instance from a launch template in the Amazon EC2 User Guide for Linux Instances.' + FleetLaunchTemplateOverridesList: + type: array + items: + allOf: + - $ref: '#/components/schemas/FleetLaunchTemplateOverrides' + - xml: + name: item + FleetLaunchTemplateConfig: + type: object + properties: + launchTemplateSpecification: + allOf: + - $ref: '#/components/schemas/FleetLaunchTemplateSpecification' + - description: The launch template. + overrides: + allOf: + - $ref: '#/components/schemas/FleetLaunchTemplateOverridesList' + - description: Any parameters that you specify override the same parameters in the launch template. + description: Describes a launch template and overrides. + FleetLaunchTemplateConfigListRequest: + type: array + items: + allOf: + - $ref: '#/components/schemas/FleetLaunchTemplateConfigRequest' + - xml: + name: item + minItems: 0 + maxItems: 50 + FleetLaunchTemplateOverridesListRequest: + type: array + items: + allOf: + - $ref: '#/components/schemas/FleetLaunchTemplateOverridesRequest' + - xml: + name: item + PlacementResponse: + type: object + properties: + groupName: + allOf: + - $ref: '#/components/schemas/PlacementGroupName' + - description: The name of the placement group that the instance is in. + description: Describes the placement of an instance. + InstanceRequirements: + type: object + properties: + vCpuCount: + allOf: + - $ref: '#/components/schemas/VCpuCountRange' + - description: The minimum and maximum number of vCPUs. + memoryMiB: + allOf: + - $ref: '#/components/schemas/MemoryMiB' + - description: 'The minimum and maximum amount of memory, in MiB.' + cpuManufacturerSet: + allOf: + - $ref: '#/components/schemas/CpuManufacturerSet' + - description: '

The CPU manufacturers to include.

  • For instance types with Intel CPUs, specify intel.

  • For instance types with AMD CPUs, specify amd.

  • For instance types with Amazon Web Services CPUs, specify amazon-web-services.

Don''t confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template.

Default: Any manufacturer

' + memoryGiBPerVCpu: + allOf: + - $ref: '#/components/schemas/MemoryGiBPerVCpu' + - description: '

The minimum and maximum amount of memory per vCPU, in GiB.

Default: No minimum or maximum limits

' + excludedInstanceTypeSet: + allOf: + - $ref: '#/components/schemas/ExcludedInstanceTypeSet' + - description: '

The instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (*), to exclude an instance type, size, or generation. The following are examples: m5.8xlarge, c5*.*, m5a.*, r*, *3*.

For example, if you specify c5*,Amazon EC2 will exclude the entire C5 instance family, which includes all C5a and C5n instance types. If you specify m5a.*, Amazon EC2 will exclude all the M5a instance types, but not the M5n instance types.

Default: No excluded instance types

' + instanceGenerationSet: + allOf: + - $ref: '#/components/schemas/InstanceGenerationSet' + - description: '

Indicates whether current or previous generation instance types are included. The current generation instance types are recommended for use. Current generation instance types are typically the latest two to three generations in each instance family. For more information, see Instance types in the Amazon EC2 User Guide.

For current generation instance types, specify current.

For previous generation instance types, specify previous.

Default: Current and previous generation instance types

' + spotMaxPricePercentageOverLowestPrice: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The price protection threshold for Spot Instances. This is the maximum you’ll pay for a Spot Instance, expressed as a percentage above the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance types priced above your threshold.

The parameter accepts an integer, which Amazon EC2 interprets as a percentage.

To turn off price protection, specify a high value, such as 999999.

This parameter is not supported for GetSpotPlacementScores and GetInstanceTypesFromInstanceRequirements.

If you set TargetCapacityUnitType to vcpu or memory-mib, the price protection threshold is applied based on the per-vCPU or per-memory price instead of the per-instance price.

Default: 100

' + onDemandMaxPricePercentageOverLowestPrice: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The price protection threshold for On-Demand Instances. This is the maximum you’ll pay for an On-Demand Instance, expressed as a percentage above the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance types priced above your threshold.

The parameter accepts an integer, which Amazon EC2 interprets as a percentage.

To turn off price protection, specify a high value, such as 999999.

This parameter is not supported for GetSpotPlacementScores and GetInstanceTypesFromInstanceRequirements.

If you set TargetCapacityUnitType to vcpu or memory-mib, the price protection threshold is applied based on the per-vCPU or per-memory price instead of the per-instance price.

Default: 20

' + bareMetal: + allOf: + - $ref: '#/components/schemas/BareMetal' + - description: '

Indicates whether bare metal instance types must be included, excluded, or required.

  • To include bare metal instance types, specify included.

  • To require only bare metal instance types, specify required.

  • To exclude bare metal instance types, specify excluded.

Default: excluded

' + burstablePerformance: + allOf: + - $ref: '#/components/schemas/BurstablePerformance' + - description: '

Indicates whether burstable performance T instance types are included, excluded, or required. For more information, see Burstable performance instances.

  • To include burstable performance instance types, specify included.

  • To require only burstable performance instance types, specify required.

  • To exclude burstable performance instance types, specify excluded.

Default: excluded

' + requireHibernateSupport: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Indicates whether instance types must support hibernation for On-Demand Instances.

This parameter is not supported for GetSpotPlacementScores.

Default: false

' + networkInterfaceCount: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceCount' + - description: '

The minimum and maximum number of network interfaces.

Default: No minimum or maximum limits

' + localStorage: + allOf: + - $ref: '#/components/schemas/LocalStorage' + - description: '

Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, Amazon EC2 instance store in the Amazon EC2 User Guide.

  • To include instance types with instance store volumes, specify included.

  • To require only instance types with instance store volumes, specify required.

  • To exclude instance types with instance store volumes, specify excluded.

Default: included

' + localStorageTypeSet: + allOf: + - $ref: '#/components/schemas/LocalStorageTypeSet' + - description: '

The type of local storage that is required.

  • For instance types with hard disk drive (HDD) storage, specify hdd.

  • For instance types with solid state drive (SDD) storage, specify sdd.

Default: hdd and sdd

' + totalLocalStorageGB: + allOf: + - $ref: '#/components/schemas/TotalLocalStorageGB' + - description: '

The minimum and maximum amount of total local storage, in GB.

Default: No minimum or maximum limits

' + baselineEbsBandwidthMbps: + allOf: + - $ref: '#/components/schemas/BaselineEbsBandwidthMbps' + - description: '

The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.

Default: No minimum or maximum limits

' + acceleratorTypeSet: + allOf: + - $ref: '#/components/schemas/AcceleratorTypeSet' + - description: '

The accelerator types that must be on the instance type.

  • For instance types with GPU accelerators, specify gpu.

  • For instance types with FPGA accelerators, specify fpga.

  • For instance types with inference accelerators, specify inference.

Default: Any accelerator type

' + acceleratorCount: + allOf: + - $ref: '#/components/schemas/AcceleratorCount' + - description: '

The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an instance.

To exclude accelerator-enabled instance types, set Max to 0.

Default: No minimum or maximum limits

' + acceleratorManufacturerSet: + allOf: + - $ref: '#/components/schemas/AcceleratorManufacturerSet' + - description: '

Indicates whether instance types must have accelerators by specific manufacturers.

  • For instance types with NVIDIA devices, specify nvidia.

  • For instance types with AMD devices, specify amd.

  • For instance types with Amazon Web Services devices, specify amazon-web-services.

  • For instance types with Xilinx devices, specify xilinx.

Default: Any manufacturer

' + acceleratorNameSet: + allOf: + - $ref: '#/components/schemas/AcceleratorNameSet' + - description: '

The accelerators that must be on the instance type.

  • For instance types with NVIDIA A100 GPUs, specify a100.

  • For instance types with NVIDIA V100 GPUs, specify v100.

  • For instance types with NVIDIA K80 GPUs, specify k80.

  • For instance types with NVIDIA T4 GPUs, specify t4.

  • For instance types with NVIDIA M60 GPUs, specify m60.

  • For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520.

  • For instance types with Xilinx VU9P FPGAs, specify vu9p.

Default: Any accelerator

' + acceleratorTotalMemoryMiB: + allOf: + - $ref: '#/components/schemas/AcceleratorTotalMemoryMiB' + - description: '

The minimum and maximum amount of total accelerator memory, in MiB.

Default: No minimum or maximum limits

' + description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.

When you specify multiple parameters, you get instance types that satisfy all of the specified parameters. If you specify multiple values for a parameter, you get instance types that satisfy any of the specified values.

You must specify VCpuCount and MemoryMiB. All other parameters are optional. Any unspecified optional parameter is set to its default.

For more information, see Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide.

' + FleetLaunchTemplateOverrides: + type: object + properties: + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: '

The instance type.

If you specify InstanceTypes, you can''t specify InstanceRequirements.

' + maxPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The maximum price per unit hour that you are willing to pay for a Spot Instance. + subnetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet in which to launch the instances. + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone in which to launch the instances. + weightedCapacity: + allOf: + - $ref: '#/components/schemas/Double' + - description: The number of units provided by the specified instance type. + priority: + allOf: + - $ref: '#/components/schemas/Double' + - description: '

The priority for the launch template override. The highest priority is launched first.

If the On-Demand AllocationStrategy is set to prioritized, EC2 Fleet uses priority to determine which launch template override to use first in fulfilling On-Demand capacity.

If the Spot AllocationStrategy is set to capacity-optimized-prioritized, EC2 Fleet uses priority on a best-effort basis to determine which launch template override to use in fulfilling Spot capacity, but optimizes for capacity first.

Valid values are whole numbers starting at 0. The lower the number, the higher the priority. If no number is set, the override has the lowest priority. You can set the same priority for different launch template overrides.

' + placement: + allOf: + - $ref: '#/components/schemas/PlacementResponse' + - description: 'The location where the instance launched, if applicable.' + instanceRequirements: + allOf: + - $ref: '#/components/schemas/InstanceRequirements' + - description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.

If you specify InstanceRequirements, you can''t specify InstanceTypes.

' + description: Describes overrides for a launch template. + FleetLaunchTemplateOverridesRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceRequirementsRequest' + - description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.

If you specify InstanceRequirements, you can''t specify InstanceTypes.

' + description: Describes overrides for a launch template. + FleetLaunchTemplateSpecificationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The launch template version number, $Latest, or $Default. You must specify a value, otherwise the request fails.

If the value is $Latest, Amazon EC2 uses the latest version of the launch template.

If the value is $Default, Amazon EC2 uses the default version of the launch template.

' + description: 'Describes the Amazon EC2 launch template and the launch template version that can be used by an EC2 Fleet to configure Amazon EC2 instances. For information about launch templates, see Launching an instance from a launch template in the Amazon EC2 User Guide.' + FleetOnDemandAllocationStrategy: + type: string + enum: + - lowest-price + - prioritized + FleetReplacementStrategy: + type: string + enum: + - launch + - launch-before-terminate + FleetSpotCapacityRebalance: + type: object + properties: + replacementStrategy: + allOf: + - $ref: '#/components/schemas/FleetReplacementStrategy' + - description: '

The replacement strategy to use. Only available for fleets of type maintain.

launch - EC2 Fleet launches a new replacement Spot Instance when a rebalance notification is emitted for an existing Spot Instance in the fleet. EC2 Fleet does not terminate the instances that receive a rebalance notification. You can terminate the old instances, or you can leave them running. You are charged for all instances while they are running.

launch-before-terminate - EC2 Fleet launches a new replacement Spot Instance when a rebalance notification is emitted for an existing Spot Instance in the fleet, and then, after a delay that you specify (in TerminationDelay), terminates the instances that received a rebalance notification.

' + terminationDelay: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The amount of time (in seconds) that Amazon EC2 waits before terminating the old Spot Instance after launching a new replacement Spot Instance.

Required when ReplacementStrategy is set to launch-before-terminate.

Not valid when ReplacementStrategy is set to launch.

Valid values: Minimum value of 120 seconds. Maximum value of 7200 seconds.

' + description: The strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. + FleetSpotCapacityRebalanceRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The amount of time (in seconds) that Amazon EC2 waits before terminating the old Spot Instance after launching a new replacement Spot Instance.

Required when ReplacementStrategy is set to launch-before-terminate.

Not valid when ReplacementStrategy is set to launch.

Valid values: Minimum value of 120 seconds. Maximum value of 7200 seconds.

' + description: 'The Spot Instance replacement strategy to use when Amazon EC2 emits a rebalance notification signal that your Spot Instance is at an elevated risk of being interrupted. For more information, see Capacity rebalancing in the Amazon EC2 User Guide.' + FleetSpotMaintenanceStrategies: + type: object + properties: + capacityRebalance: + allOf: + - $ref: '#/components/schemas/FleetSpotCapacityRebalance' + - description: The strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. + description: The strategies for managing your Spot Instances that are at an elevated risk of being interrupted. + FleetSpotMaintenanceStrategiesRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/FleetSpotCapacityRebalanceRequest' + - description: The strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. + description: The strategies for managing your Spot Instances that are at an elevated risk of being interrupted. + Float: + type: number + format: float + TrafficType: + type: string + enum: + - ACCEPT + - REJECT + - ALL + LogDestinationType: + type: string + enum: + - cloud-watch-logs + - s3 + FlowLog: + type: object + properties: + creationTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time the flow log was created. + deliverLogsErrorMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Information about the error that occurred. Rate limited indicates that CloudWatch Logs throttling has been applied for one or more network interfaces, or that you''ve reached the limit on the number of log groups that you can create. Access error indicates that the IAM role associated with the flow log does not have sufficient permissions to publish to CloudWatch Logs. Unknown error indicates an internal error.' + deliverLogsPermissionArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The ARN of the IAM role that posts logs to CloudWatch Logs. + deliverLogsStatus: + allOf: + - $ref: '#/components/schemas/String' + - description: The status of the logs delivery (SUCCESS | FAILED). + flowLogId: + allOf: + - $ref: '#/components/schemas/String' + - description: The flow log ID. + flowLogStatus: + allOf: + - $ref: '#/components/schemas/String' + - description: The status of the flow log (ACTIVE). + logGroupName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the flow log group. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource on which the flow log was created. + trafficType: + allOf: + - $ref: '#/components/schemas/TrafficType' + - description: The type of traffic captured for the flow log. + logDestinationType: + allOf: + - $ref: '#/components/schemas/LogDestinationType' + - description: The type of destination to which the flow log data is published. Flow log data can be published to CloudWatch Logs or Amazon S3. + logDestination: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The destination to which the flow log data is published. Flow log data can be published to an CloudWatch Logs log group or an Amazon S3 bucket. If the flow log publishes to CloudWatch Logs, this element indicates the Amazon Resource Name (ARN) of the CloudWatch Logs log group to which the data is published. If the flow log publishes to Amazon S3, this element indicates the ARN of the Amazon S3 bucket to which the data is published.' + logFormat: + allOf: + - $ref: '#/components/schemas/String' + - description: The format of the flow log record. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the flow log. + maxAggregationInterval: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The maximum interval of time, in seconds, during which a flow of packets is captured and aggregated into a flow log record.

When a network interface is attached to a Nitro-based instance, the aggregation interval is always 60 seconds (1 minute) or less, regardless of the specified value.

Valid Values: 60 | 600

' + destinationOptions: + allOf: + - $ref: '#/components/schemas/DestinationOptionsResponse' + - description: The destination options. + description: Describes a flow log. + FlowLogResourceIds: + type: array + items: + allOf: + - $ref: '#/components/schemas/FlowLogResourceId' + - xml: + name: item + FlowLogsResourceType: + type: string + enum: + - VPC + - Subnet + - NetworkInterface + FpgaDeviceCount: + type: integer + FpgaDeviceName: + type: string + FpgaDeviceManufacturerName: + type: string + FpgaDeviceMemoryInfo: + type: object + properties: + sizeInMiB: + allOf: + - $ref: '#/components/schemas/FpgaDeviceMemorySize' + - description: 'The size of the memory available to the FPGA accelerator, in MiB.' + description: Describes the memory for the FPGA accelerator for the instance type. + FpgaDeviceInfo: + type: object + properties: + name: + allOf: + - $ref: '#/components/schemas/FpgaDeviceName' + - description: The name of the FPGA accelerator. + manufacturer: + allOf: + - $ref: '#/components/schemas/FpgaDeviceManufacturerName' + - description: The manufacturer of the FPGA accelerator. + count: + allOf: + - $ref: '#/components/schemas/FpgaDeviceCount' + - description: The count of FPGA accelerators for the instance type. + memoryInfo: + allOf: + - $ref: '#/components/schemas/FpgaDeviceMemoryInfo' + - description: Describes the memory for the FPGA accelerator for the instance type. + description: Describes the FPGA accelerator for the instance type. + FpgaDeviceInfoList: + type: array + items: + allOf: + - $ref: '#/components/schemas/FpgaDeviceInfo' + - xml: + name: item + FpgaDeviceMemorySize: + type: integer + PciId: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the vendor for the subsystem. + description: Describes the data that identifies an Amazon FPGA image (AFI) on the PCI bus. + FpgaImageState: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/FpgaImageStateCode' + - description: '

The state. The following are the possible values:

  • pending - AFI bitstream generation is in progress.

  • available - The AFI is available for use.

  • failed - AFI bitstream generation failed.

  • unavailable - The AFI is no longer available for use.

' + message: + allOf: + - $ref: '#/components/schemas/String' + - description: 'If the state is failed, this is the error message.' + description: Describes the state of the bitstream generation process for an Amazon FPGA image (AFI). + FpgaImage: + type: object + properties: + fpgaImageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The FPGA image identifier (AFI ID). + fpgaImageGlobalId: + allOf: + - $ref: '#/components/schemas/String' + - description: The global FPGA image identifier (AGFI ID). + name: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the AFI. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the AFI. + shellVersion: + allOf: + - $ref: '#/components/schemas/String' + - description: The version of the Amazon Web Services Shell that was used to create the bitstream. + pciId: + allOf: + - $ref: '#/components/schemas/PciId' + - description: Information about the PCI bus. + state: + allOf: + - $ref: '#/components/schemas/FpgaImageState' + - description: Information about the state of the AFI. + createTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The date and time the AFI was created. + updateTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time of the most recent update to the AFI. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the AFI. + ownerAlias: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The alias of the AFI owner. Possible values include self, amazon, and aws-marketplace.' + productCodes: + allOf: + - $ref: '#/components/schemas/ProductCodeList' + - description: The product codes for the AFI. + tags: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the AFI. + public: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the AFI is public. + dataRetentionSupport: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether data retention support is enabled for the AFI. + description: Describes an Amazon FPGA image (AFI). + LoadPermissionList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LoadPermission' + - xml: + name: item + FpgaImageStateCode: + type: string + enum: + - pending + - failed + - available + - unavailable + totalFpgaMemory: + type: integer + FpgaInfo: + type: object + properties: + fpgas: + allOf: + - $ref: '#/components/schemas/FpgaDeviceInfoList' + - description: Describes the FPGAs for the instance type. + totalFpgaMemoryInMiB: + allOf: + - $ref: '#/components/schemas/totalFpgaMemory' + - description: The total memory of all FPGA accelerators for the instance type. + description: Describes the FPGAs for the instance type. + FreeTierEligibleFlag: + type: boolean + GVCDMaxResults: + type: integer + minimum: 200 + maximum: 1000 + GatewayAssociationState: + type: string + enum: + - associated + - not-associated + - associating + - disassociating + GetAssociatedEnclaveCertificateIamRolesRequest: + type: object + title: GetAssociatedEnclaveCertificateIamRolesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + GetAssociatedIpv6PoolCidrsRequest: + type: object + required: + - PoolId + title: GetAssociatedIpv6PoolCidrsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Ipv6CidrAssociationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv6CidrAssociation' + - xml: + name: item + GetCapacityReservationUsageRequest: + type: object + required: + - CapacityReservationId + title: GetCapacityReservationUsageRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + GetCapacityReservationUsageRequestMaxResults: + type: integer + minimum: 1 + maximum: 1000 + InstanceUsageSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceUsage' + - xml: + name: item + GetCoipPoolUsageRequest: + type: object + required: + - PoolId + title: GetCoipPoolUsageRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Ipv4PoolCoipId' + - description: The ID of the address pool. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + GetConsoleOutputRequest: + type: object + required: + - InstanceId + title: GetConsoleOutputRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: The ID of the instance. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

When enabled, retrieves the latest console output for the instance.

Default: disabled (false)

' + GetConsoleScreenshotRequest: + type: object + required: + - InstanceId + title: GetConsoleScreenshotRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'When set to true, acts as keystroke input and wakes up an instance that''s in standby or "sleep" mode.' + UnlimitedSupportedInstanceFamily: + type: string + enum: + - t2 + - t3 + - t3a + - t4g + GetDefaultCreditSpecificationRequest: + type: object + required: + - InstanceFamily + title: GetDefaultCreditSpecificationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/UnlimitedSupportedInstanceFamily' + - description: The instance family. + InstanceFamilyCreditSpecification: + type: object + properties: + instanceFamily: + allOf: + - $ref: '#/components/schemas/UnlimitedSupportedInstanceFamily' + - description: The instance family. + cpuCredits: + allOf: + - $ref: '#/components/schemas/String' + - description: The default credit option for CPU usage of the instance family. Valid values are standard and unlimited. + description: Describes the default credit option for CPU usage of a burstable performance instance family. + GetEbsDefaultKmsKeyIdRequest: + type: object + title: GetEbsDefaultKmsKeyIdRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + GetEbsEncryptionByDefaultRequest: + type: object + title: GetEbsEncryptionByDefaultRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + IntegrateServices: + type: object + properties: + AthenaIntegration: + allOf: + - $ref: '#/components/schemas/AthenaIntegrationsSet' + - description: Information about the integration with Amazon Athena. + description: Describes service integrations with VPC Flow logs. + GetFlowLogsIntegrationTemplateRequest: + type: object + required: + - FlowLogId + - ConfigDeliveryS3DestinationArn + - IntegrateServices + title: GetFlowLogsIntegrationTemplateRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'To store the CloudFormation template in Amazon S3, specify the location in Amazon S3.' + IntegrateService: + allOf: + - $ref: '#/components/schemas/IntegrateServices' + - description: Information about the service integration. + GetGroupsForCapacityReservationRequest: + type: object + required: + - CapacityReservationId + title: GetGroupsForCapacityReservationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + GetGroupsForCapacityReservationRequestMaxResults: + type: integer + minimum: 1 + maximum: 1000 + GetHostReservationPurchasePreviewRequest: + type: object + required: + - HostIdSet + - OfferingId + title: GetHostReservationPurchasePreviewRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/OfferingId' + - description: The offering ID of the reservation. + PurchaseSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/Purchase' + - xml: + name: item + GetInstanceTypesFromInstanceRequirementsRequest: + type: object + required: + - ArchitectureTypes + - VirtualizationTypes + - InstanceRequirements + title: GetInstanceTypesFromInstanceRequirementsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ArchitectureType: + allOf: + - $ref: '#/components/schemas/ArchitectureTypeSet' + - description: The processor architecture type. + VirtualizationType: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next set of results. + InstanceTypeInfoFromInstanceRequirementsSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceTypeInfoFromInstanceRequirements' + - xml: + name: item + GetInstanceUefiDataRequest: + type: object + required: + - InstanceId + title: GetInstanceUefiDataRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + GetIpamAddressHistoryRequest: + type: object + required: + - Cidr + - IpamScopeId + title: GetIpamAddressHistoryRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + IpamAddressHistoryRecordSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpamAddressHistoryRecord' + - xml: + name: item + GetIpamPoolAllocationsMaxResults: + type: integer + minimum: 1000 + maximum: 100000 + IpamPoolAllocationId: + type: string + GetIpamPoolAllocationsRequest: + type: object + required: + - IpamPoolId + title: GetIpamPoolAllocationsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/IpamPoolAllocationId' + - description: The ID of the allocation. + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + IpamPoolAllocationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpamPoolAllocation' + - xml: + name: item + GetIpamPoolCidrsRequest: + type: object + required: + - IpamPoolId + title: GetIpamPoolCidrsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/IpamPoolId' + - description: The ID of the IPAM pool you want the CIDR for. + Filter: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + IpamPoolCidrSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpamPoolCidr' + - xml: + name: item + GetIpamResourceCidrsRequest: + type: object + required: + - IpamScopeId + title: GetIpamResourceCidrsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + Filter: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the resource. + IpamResourceCidrSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpamResourceCidr' + - xml: + name: item + GetLaunchTemplateDataRequest: + type: object + required: + - InstanceId + title: GetLaunchTemplateDataRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: The ID of the instance. + ResponseLaunchTemplateData: + type: object + properties: + kernelId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ID of the kernel, if applicable.' + ebsOptimized: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Indicates whether the instance is optimized for Amazon EBS I/O. ' + iamInstanceProfile: + allOf: + - $ref: '#/components/schemas/LaunchTemplateIamInstanceProfileSpecification' + - description: The IAM instance profile. + blockDeviceMappingSet: + allOf: + - $ref: '#/components/schemas/LaunchTemplateBlockDeviceMappingList' + - description: The block device mappings. + networkInterfaceSet: + allOf: + - $ref: '#/components/schemas/LaunchTemplateInstanceNetworkInterfaceSpecificationList' + - description: The network interfaces. + imageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the AMI that was used to launch the instance. + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type. + keyName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the key pair. + monitoring: + allOf: + - $ref: '#/components/schemas/LaunchTemplatesMonitoring' + - description: The monitoring for the instance. + placement: + allOf: + - $ref: '#/components/schemas/LaunchTemplatePlacement' + - description: The placement of the instance. + ramDiskId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ID of the RAM disk, if applicable.' + disableApiTermination: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If set to true, indicates that the instance cannot be terminated using the Amazon EC2 console, command line tool, or API.' + instanceInitiatedShutdownBehavior: + allOf: + - $ref: '#/components/schemas/ShutdownBehavior' + - description: Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). + userData: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The user data for the instance. ' + tagSpecificationSet: + allOf: + - $ref: '#/components/schemas/LaunchTemplateTagSpecificationList' + - description: The tags. + elasticGpuSpecificationSet: + allOf: + - $ref: '#/components/schemas/ElasticGpuSpecificationResponseList' + - description: The elastic GPU specification. + elasticInferenceAcceleratorSet: + allOf: + - $ref: '#/components/schemas/LaunchTemplateElasticInferenceAcceleratorResponseList' + - description: ' The elastic inference accelerator for the instance. ' + securityGroupIdSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The security group IDs. + securityGroupSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The security group names. + instanceMarketOptions: + allOf: + - $ref: '#/components/schemas/LaunchTemplateInstanceMarketOptions' + - description: The market (purchasing) option for the instances. + creditSpecification: + allOf: + - $ref: '#/components/schemas/CreditSpecification' + - description: The credit option for CPU usage of the instance. + cpuOptions: + allOf: + - $ref: '#/components/schemas/LaunchTemplateCpuOptions' + - description: 'The CPU options for the instance. For more information, see Optimizing CPU options in the Amazon Elastic Compute Cloud User Guide.' + capacityReservationSpecification: + allOf: + - $ref: '#/components/schemas/LaunchTemplateCapacityReservationSpecificationResponse' + - description: Information about the Capacity Reservation targeting option. + licenseSet: + allOf: + - $ref: '#/components/schemas/LaunchTemplateLicenseList' + - description: The license configurations. + hibernationOptions: + allOf: + - $ref: '#/components/schemas/LaunchTemplateHibernationOptions' + - description: 'Indicates whether an instance is configured for hibernation. For more information, see Hibernate your instance in the Amazon Elastic Compute Cloud User Guide.' + metadataOptions: + allOf: + - $ref: '#/components/schemas/LaunchTemplateInstanceMetadataOptions' + - description: 'The metadata options for the instance. For more information, see Instance metadata and user data in the Amazon Elastic Compute Cloud User Guide.' + enclaveOptions: + allOf: + - $ref: '#/components/schemas/LaunchTemplateEnclaveOptions' + - description: Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. + instanceRequirements: + allOf: + - $ref: '#/components/schemas/InstanceRequirements' + - description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.

If you specify InstanceRequirements, you can''t specify InstanceTypes.

' + privateDnsNameOptions: + allOf: + - $ref: '#/components/schemas/LaunchTemplatePrivateDnsNameOptions' + - description: The options for the instance hostname. + maintenanceOptions: + allOf: + - $ref: '#/components/schemas/LaunchTemplateInstanceMaintenanceOptions' + - description: The maintenance options for your instance. + description: 'The information for a launch template. ' + GetManagedPrefixListAssociationsMaxResults: + type: integer + minimum: 5 + maximum: 255 + GetManagedPrefixListAssociationsRequest: + type: object + required: + - PrefixListId + title: GetManagedPrefixListAssociationsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + PrefixListAssociationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/PrefixListAssociation' + - xml: + name: item + GetManagedPrefixListEntriesRequest: + type: object + required: + - PrefixListId + title: GetManagedPrefixListEntriesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The token for the next page of results. + PrefixListEntrySet: + type: array + items: + allOf: + - $ref: '#/components/schemas/PrefixListEntry' + - xml: + name: item + GetNetworkInsightsAccessScopeAnalysisFindingsRequest: + type: object + required: + - NetworkInsightsAccessScopeAnalysisId + title: GetNetworkInsightsAccessScopeAnalysisFindingsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + GetNetworkInsightsAccessScopeContentRequest: + type: object + required: + - NetworkInsightsAccessScopeId + title: GetNetworkInsightsAccessScopeContentRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + GetPasswordDataRequest: + type: object + required: + - InstanceId + title: GetPasswordDataRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: The ID of the Windows instance. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + GetReservedInstancesExchangeQuoteRequest: + type: object + required: + - ReservedInstanceIds + title: GetReservedInstancesExchangeQuoteRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ReservedInstanceId: + allOf: + - $ref: '#/components/schemas/ReservedInstanceIdSet' + - description: The IDs of the Convertible Reserved Instances to exchange. + TargetConfiguration: + allOf: + - $ref: '#/components/schemas/TargetConfigurationRequestSet' + - description: The configuration of the target Convertible Reserved Instance to exchange for your current Convertible Reserved Instances. + description: Contains the parameters for GetReservedInstanceExchangeQuote. + ReservationValue: + type: object + properties: + hourlyPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The hourly rate of the reservation. + remainingTotalValue: + allOf: + - $ref: '#/components/schemas/String' + - description: The balance of the total value (the sum of remainingUpfrontValue + hourlyPrice * number of hours remaining). + remainingUpfrontValue: + allOf: + - $ref: '#/components/schemas/String' + - description: The remaining upfront cost of the reservation. + description: The cost associated with the Reserved Instance. + ReservedInstanceReservationValueSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservedInstanceReservationValue' + - xml: + name: item + TargetReservationValueSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/TargetReservationValue' + - xml: + name: item + GetSerialConsoleAccessStatusRequest: + type: object + title: GetSerialConsoleAccessStatusRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + GetSpotPlacementScoresRequest: + type: object + required: + - TargetCapacity + title: GetSpotPlacementScoresRequest + properties: + InstanceType: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Specify true so that the response returns a list of scored Availability Zones. Otherwise, the response returns a list of scored Regions.

A list of scored Availability Zones is useful if you want to launch all of your Spot capacity into a single Availability Zone.

' + RegionName: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next set of results. + SpotPlacementScores: + type: array + items: + allOf: + - $ref: '#/components/schemas/SpotPlacementScore' + - xml: + name: item + GetSubnetCidrReservationsMaxResults: + type: integer + minimum: 5 + maximum: 1000 + GetSubnetCidrReservationsRequest: + type: object + required: + - SubnetId + title: GetSubnetCidrReservationsRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/GetSubnetCidrReservationsMaxResults' + - description: 'The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.' + SubnetCidrReservationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SubnetCidrReservation' + - xml: + name: item + GetTransitGatewayAttachmentPropagationsRequest: + type: object + required: + - TransitGatewayAttachmentId + title: GetTransitGatewayAttachmentPropagationsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentId' + - description: The ID of the attachment. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayAttachmentPropagationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentPropagation' + - xml: + name: item + GetTransitGatewayMulticastDomainAssociationsRequest: + type: object + title: GetTransitGatewayMulticastDomainAssociationsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDomainId' + - description: The ID of the transit gateway multicast domain. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayMulticastDomainAssociationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDomainAssociation' + - xml: + name: item + GetTransitGatewayPrefixListReferencesRequest: + type: object + required: + - TransitGatewayRouteTableId + title: GetTransitGatewayPrefixListReferencesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableId' + - description: The ID of the transit gateway route table. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayPrefixListReferenceSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayPrefixListReference' + - xml: + name: item + GetTransitGatewayRouteTableAssociationsRequest: + type: object + required: + - TransitGatewayRouteTableId + title: GetTransitGatewayRouteTableAssociationsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableId' + - description: The ID of the transit gateway route table. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayRouteTableAssociationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableAssociation' + - xml: + name: item + GetTransitGatewayRouteTablePropagationsRequest: + type: object + required: + - TransitGatewayRouteTableId + title: GetTransitGatewayRouteTablePropagationsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableId' + - description: The ID of the transit gateway route table. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayRouteTablePropagationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTablePropagation' + - xml: + name: item + GetVpnConnectionDeviceSampleConfigurationRequest: + type: object + required: + - VpnConnectionId + - VpnConnectionDeviceTypeId + title: GetVpnConnectionDeviceSampleConfigurationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + VpnConnectionDeviceSampleConfiguration: + type: string + format: password + GetVpnConnectionDeviceTypesRequest: + type: object + title: GetVpnConnectionDeviceTypesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + VpnConnectionDeviceTypeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpnConnectionDeviceType' + - xml: + name: item + GpuDeviceCount: + type: integer + GpuDeviceName: + type: string + GpuDeviceManufacturerName: + type: string + GpuDeviceMemoryInfo: + type: object + properties: + sizeInMiB: + allOf: + - $ref: '#/components/schemas/GpuDeviceMemorySize' + - description: 'The size of the memory available to the GPU accelerator, in MiB.' + description: Describes the memory available to the GPU accelerator. + GpuDeviceInfo: + type: object + properties: + name: + allOf: + - $ref: '#/components/schemas/GpuDeviceName' + - description: The name of the GPU accelerator. + manufacturer: + allOf: + - $ref: '#/components/schemas/GpuDeviceManufacturerName' + - description: The manufacturer of the GPU accelerator. + count: + allOf: + - $ref: '#/components/schemas/GpuDeviceCount' + - description: The number of GPUs for the instance type. + memoryInfo: + allOf: + - $ref: '#/components/schemas/GpuDeviceMemoryInfo' + - description: Describes the memory available to the GPU accelerator. + description: Describes the GPU accelerators for the instance type. + GpuDeviceInfoList: + type: array + items: + allOf: + - $ref: '#/components/schemas/GpuDeviceInfo' + - xml: + name: item + GpuDeviceMemorySize: + type: integer + totalGpuMemory: + type: integer + GpuInfo: + type: object + properties: + gpus: + allOf: + - $ref: '#/components/schemas/GpuDeviceInfoList' + - description: Describes the GPU accelerators for the instance type. + totalGpuMemoryInMiB: + allOf: + - $ref: '#/components/schemas/totalGpuMemory' + - description: 'The total size of the memory for the GPU accelerators for the instance type, in MiB.' + description: Describes the GPU accelerators for the instance type. + GroupIdentifier: + type: object + properties: + groupName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the security group. + groupId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the security group. + description: Describes a security group. + SecurityGroupIdentifier: + type: object + properties: + groupId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the security group. + groupName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the security group. + description: Describes a security group. + GroupIdentifierSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupIdentifier' + - xml: + name: item + HibernationFlag: + type: boolean + HibernationOptions: + type: object + properties: + configured: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If this parameter is set to true, your instance is enabled for hibernation; otherwise, it is not enabled for hibernation.' + description: 'Indicates whether your instance is configured for hibernation. This parameter is valid only if the instance meets the hibernation prerequisites. For more information, see Hibernate your instance in the Amazon EC2 User Guide.' + HibernationOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

If you set this parameter to true, your instance is enabled for hibernation.

Default: false

' + description: 'Indicates whether your instance is configured for hibernation. This parameter is valid only if the instance meets the hibernation prerequisites. For more information, see Hibernate your instance in the Amazon EC2 User Guide.' + HistoryRecord: + type: object + properties: + eventInformation: + allOf: + - $ref: '#/components/schemas/EventInformation' + - description: Information about the event. + eventType: + allOf: + - $ref: '#/components/schemas/EventType' + - description:

The event type.

  • error - An error with the Spot Fleet request.

  • fleetRequestChange - A change in the status or configuration of the Spot Fleet request.

  • instanceChange - An instance was launched or terminated.

  • Information - An informational event.

+ timestamp: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The date and time of the event, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + description: Describes an event in the history of the Spot Fleet request. + HistoryRecordEntry: + type: object + properties: + eventInformation: + allOf: + - $ref: '#/components/schemas/EventInformation' + - description: Information about the event. + eventType: + allOf: + - $ref: '#/components/schemas/FleetEventType' + - description: The event type. + timestamp: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The date and time of the event, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + description: Describes an event in the history of an EC2 Fleet. + HostProperties: + type: object + properties: + cores: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of cores on the Dedicated Host. + instanceType: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The instance type supported by the Dedicated Host. For example, m5.large. If the host supports multiple instance types, no instanceType is returned.' + instanceFamily: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The instance family supported by the Dedicated Host. For example, m5.' + sockets: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of sockets on the Dedicated Host. + totalVCpus: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The total number of vCPUs on the Dedicated Host. + description: Describes the properties of a Dedicated Host. + HostInstanceList: + type: array + items: + allOf: + - $ref: '#/components/schemas/HostInstance' + - xml: + name: item + HostRecovery: + type: string + enum: + - 'on' + - 'off' + Host: + type: object + properties: + autoPlacement: + allOf: + - $ref: '#/components/schemas/AutoPlacement' + - description: Whether auto-placement is on or off. + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone of the Dedicated Host. + availableCapacity: + allOf: + - $ref: '#/components/schemas/AvailableCapacity' + - description: Information about the instances running on the Dedicated Host. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.' + hostId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Dedicated Host. + hostProperties: + allOf: + - $ref: '#/components/schemas/HostProperties' + - description: The hardware specifications of the Dedicated Host. + hostReservationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The reservation ID of the Dedicated Host. This returns a null response if the Dedicated Host doesn't have an associated reservation. + instances: + allOf: + - $ref: '#/components/schemas/HostInstanceList' + - description: The IDs and instance type that are currently running on the Dedicated Host. + state: + allOf: + - $ref: '#/components/schemas/AllocationState' + - description: The Dedicated Host's state. + allocationTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time that the Dedicated Host was allocated. + releaseTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time that the Dedicated Host was released. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the Dedicated Host. + hostRecovery: + allOf: + - $ref: '#/components/schemas/HostRecovery' + - description: Indicates whether host recovery is enabled or disabled for the Dedicated Host. + allowsMultipleInstanceTypes: + allOf: + - $ref: '#/components/schemas/AllowsMultipleInstanceTypes' + - description: 'Indicates whether the Dedicated Host supports multiple instance types of the same instance family. If the value is on, the Dedicated Host supports multiple instance types in the instance family. If the value is off, the Dedicated Host supports a single instance type only.' + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the Dedicated Host. + availabilityZoneId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Availability Zone in which the Dedicated Host is allocated. + memberOfServiceLinkedResourceGroup: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Indicates whether the Dedicated Host is in a host resource group. If memberOfServiceLinkedResourceGroup is true, the host is in a host resource group; otherwise, it is not.' + outpostArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Amazon Web Services Outpost on which the Dedicated Host is allocated. + description: Describes the properties of the Dedicated Host. + HostInstance: + type: object + properties: + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of instance that is running on the Dedicated Host. + instanceType: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The instance type (for example, m3.medium) of the running instance.' + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the instance. + description: Describes an instance running on a Dedicated Host. + PaymentOption: + type: string + enum: + - AllUpfront + - PartialUpfront + - NoUpfront + HostOffering: + type: object + properties: + currencyCode: + allOf: + - $ref: '#/components/schemas/CurrencyCodeValues' + - description: The currency of the offering. + duration: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The duration of the offering (in seconds). + hourlyPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The hourly price of the offering. + instanceFamily: + allOf: + - $ref: '#/components/schemas/String' + - description: The instance family of the offering. + offeringId: + allOf: + - $ref: '#/components/schemas/OfferingId' + - description: The ID of the offering. + paymentOption: + allOf: + - $ref: '#/components/schemas/PaymentOption' + - description: The available payment option. + upfrontPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The upfront price of the offering. Does not apply to No Upfront offerings. + description: Details about the Dedicated Host Reservation offering. + ResponseHostIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + ReservationState: + type: string + enum: + - payment-pending + - payment-failed + - active + - retired + HostReservation: + type: object + properties: + count: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of Dedicated Hosts the reservation is associated with. + currencyCode: + allOf: + - $ref: '#/components/schemas/CurrencyCodeValues' + - description: 'The currency in which the upfrontPrice and hourlyPrice amounts are specified. At this time, the only supported currency is USD.' + duration: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The length of the reservation''s term, specified in seconds. Can be 31536000 (1 year) | 94608000 (3 years).' + end: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The date and time that the reservation ends. + hostIdSet: + allOf: + - $ref: '#/components/schemas/ResponseHostIdSet' + - description: The IDs of the Dedicated Hosts associated with the reservation. + hostReservationId: + allOf: + - $ref: '#/components/schemas/HostReservationId' + - description: The ID of the reservation that specifies the associated Dedicated Hosts. + hourlyPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The hourly price of the reservation. + instanceFamily: + allOf: + - $ref: '#/components/schemas/String' + - description: The instance family of the Dedicated Host Reservation. The instance family on the Dedicated Host must be the same in order for it to benefit from the reservation. + offeringId: + allOf: + - $ref: '#/components/schemas/OfferingId' + - description: The ID of the reservation. This remains the same regardless of which Dedicated Hosts are associated with it. + paymentOption: + allOf: + - $ref: '#/components/schemas/PaymentOption' + - description: The payment option selected for this reservation. + start: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The date and time that the reservation started. + state: + allOf: + - $ref: '#/components/schemas/ReservationState' + - description: The state of the reservation. + upfrontPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The upfront price of the reservation. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the Dedicated Host Reservation. + description: Details about the Dedicated Host Reservation and associated Dedicated Hosts. + HostReservationIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/HostReservationId' + - xml: + name: item + HostTenancy: + type: string + enum: + - dedicated + - host + HostnameType: + type: string + enum: + - ip-name + - resource-name + Hour: + type: integer + minimum: 0 + maximum: 23 + HttpTokensState: + type: string + enum: + - optional + - required + HypervisorType: + type: string + enum: + - ovm + - xen + IKEVersionsListValue: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The IKE version. + description: The internet key exchange (IKE) version permitted for the VPN tunnel. + IKEVersionsList: + type: array + items: + allOf: + - $ref: '#/components/schemas/IKEVersionsListValue' + - xml: + name: item + IKEVersionsRequestListValue: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The IKE version. + description: The IKE version that is permitted for the VPN tunnel. + IKEVersionsRequestList: + type: array + items: + allOf: + - $ref: '#/components/schemas/IKEVersionsRequestListValue' + - xml: + name: item + IamInstanceProfile: + type: object + properties: + arn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the instance profile. + id: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance profile. + description: Describes an IAM instance profile. + IamInstanceProfileAssociationState: + type: string + enum: + - associating + - associated + - disassociating + - disassociated + IdFormat: + type: object + properties: + deadline: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The date in UTC at which you are permanently switched over to using longer IDs. If a deadline is not yet available for this resource type, this field is not returned.' + resource: + allOf: + - $ref: '#/components/schemas/String' + - description: The type of resource. + useLongIds: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether longer IDs (17-character IDs) are enabled for the resource. + description: Describes the ID format for a resource. + Igmpv2SupportValue: + type: string + enum: + - enable + - disable + ImageTypeValues: + type: string + enum: + - machine + - kernel + - ramdisk + ImageState: + type: string + enum: + - pending + - available + - invalid + - deregistered + - transient + - failed + - error + StateReason: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/String' + - description: The reason code for the state change. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The message for the state change.

  • Server.InsufficientInstanceCapacity: There was insufficient capacity available to satisfy the launch request.

  • Server.InternalError: An internal error caused the instance to terminate during launch.

  • Server.ScheduledStop: The instance was stopped due to a scheduled retirement.

  • Server.SpotInstanceShutdown: The instance was stopped because the number of Spot requests with a maximum price equal to or higher than the Spot price exceeded available capacity or because of an increase in the Spot price.

  • Server.SpotInstanceTermination: The instance was terminated because the number of Spot requests with a maximum price equal to or higher than the Spot price exceeded available capacity or because of an increase in the Spot price.

  • Client.InstanceInitiatedShutdown: The instance was shut down using the shutdown -h command from the instance.

  • Client.InstanceTerminated: The instance was terminated or rebooted during AMI creation.

  • Client.InternalError: A client error caused the instance to terminate during launch.

  • Client.InvalidSnapshot.NotFound: The specified snapshot was not found.

  • Client.UserInitiatedHibernate: Hibernation was initiated on the instance.

  • Client.UserInitiatedShutdown: The instance was shut down using the Amazon EC2 API.

  • Client.VolumeLimitExceeded: The limit on the number of EBS volumes or total storage was exceeded. Decrease usage or request an increase in your account limits.

' + description: Describes a state change. + TpmSupportValues: + type: string + enum: + - v2.0 + Image: + type: object + properties: + architecture: + allOf: + - $ref: '#/components/schemas/ArchitectureValues' + - description: The architecture of the image. + creationDate: + allOf: + - $ref: '#/components/schemas/String' + - description: The date and time the image was created. + imageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the AMI. + imageLocation: + allOf: + - $ref: '#/components/schemas/String' + - description: The location of the AMI. + imageType: + allOf: + - $ref: '#/components/schemas/ImageTypeValues' + - description: The type of image. + isPublic: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the image has public launch permissions. The value is true if this image has public launch permissions or false if it has only implicit and explicit launch permissions. + kernelId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The kernel associated with the image, if any. Only applicable for machine images.' + imageOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the image. + platform: + allOf: + - $ref: '#/components/schemas/PlatformValues' + - description: 'This value is set to windows for Windows AMIs; otherwise, it is blank.' + platformDetails: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The platform details associated with the billing code of the AMI. For more information, see Understanding AMI billing in the Amazon Elastic Compute Cloud User Guide.' + usageOperation: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The operation of the Amazon EC2 instance and the billing code that is associated with the AMI. usageOperation corresponds to the lineitem/Operation column on your Amazon Web Services Cost and Usage Report and in the Amazon Web Services Price List API. You can view these fields on the Instances or AMIs pages in the Amazon EC2 console, or in the responses that are returned by the DescribeImages command in the Amazon EC2 API, or the describe-images command in the CLI.' + productCodes: + allOf: + - $ref: '#/components/schemas/ProductCodeList' + - description: Any product codes associated with the AMI. + ramdiskId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The RAM disk associated with the image, if any. Only applicable for machine images.' + imageState: + allOf: + - $ref: '#/components/schemas/ImageState' + - description: 'The current state of the AMI. If the state is available, the image is successfully registered and can be used to launch an instance.' + blockDeviceMapping: + allOf: + - $ref: '#/components/schemas/BlockDeviceMappingList' + - description: Any block device mapping entries. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the AMI that was provided during image creation. + enaSupport: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Specifies whether enhanced networking with ENA is enabled. + hypervisor: + allOf: + - $ref: '#/components/schemas/HypervisorType' + - description: The hypervisor type of the image. + imageOwnerAlias: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The Amazon Web Services account alias (for example, amazon, self) or the Amazon Web Services account ID of the AMI owner.' + name: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the AMI that was provided during image creation. + rootDeviceName: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The device name of the root device volume (for example, /dev/sda1).' + rootDeviceType: + allOf: + - $ref: '#/components/schemas/DeviceType' + - description: The type of root device used by the AMI. The AMI can use an Amazon EBS volume or an instance store volume. + sriovNetSupport: + allOf: + - $ref: '#/components/schemas/String' + - description: Specifies whether enhanced networking with the Intel 82599 Virtual Function interface is enabled. + stateReason: + allOf: + - $ref: '#/components/schemas/StateReason' + - description: The reason for the state change. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the image. + virtualizationType: + allOf: + - $ref: '#/components/schemas/VirtualizationType' + - description: The type of virtualization of the AMI. + bootMode: + allOf: + - $ref: '#/components/schemas/BootModeValues' + - description: 'The boot mode of the image. For more information, see Boot modes in the Amazon Elastic Compute Cloud User Guide.' + tpmSupport: + allOf: + - $ref: '#/components/schemas/TpmSupportValues' + - description: 'If the image is configured for NitroTPM support, the value is v2.0. For more information, see NitroTPM in the Amazon Elastic Compute Cloud User Guide.' + deprecationTime: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The date and time to deprecate the AMI, in UTC, in the following format: YYYY-MM-DDTHH:MM:SSZ. If you specified a value for seconds, Amazon EC2 rounds the seconds to the nearest minute.' + description: Describes an image. + ImageAttributeName: + type: string + enum: + - description + - kernel + - ramdisk + - launchPermission + - productCodes + - blockDeviceMapping + - sriovNetSupport + - bootMode + - tpmSupport + - uefiData + - lastLaunchedTime + ImageDiskContainerList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImageDiskContainer' + - xml: + name: item + ImageIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImageId' + - xml: + name: item + ImageRecycleBinInfo: + type: object + properties: + imageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the AMI. + name: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the AMI. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the AMI. + recycleBinEnterTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time when the AMI entered the Recycle Bin. + recycleBinExitTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time when the AMI is to be permanently deleted from the Recycle Bin. + description: Information about an AMI that is currently in the Recycle Bin. + ImageRecycleBinInfoList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImageRecycleBinInfo' + - xml: + name: item + ImportClientVpnClientCertificateRevocationListRequest: + type: object + required: + - ClientVpnEndpointId + - CertificateRevocationList + title: ImportClientVpnClientCertificateRevocationListRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ImportImageLicenseConfigurationResponse: + type: object + properties: + licenseConfigurationArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The ARN of a license configuration. + description: ' The response information for license configurations.' + ImportImageLicenseSpecificationListRequest: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImportImageLicenseConfigurationRequest' + - xml: + name: item + ImportImageLicenseSpecificationListResponse: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImportImageLicenseConfigurationResponse' + - xml: + name: item + ImportImageRequest: + type: object + title: ImportImageRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: A description string for the import image task. + DiskContainer: + allOf: + - $ref: '#/components/schemas/ImportImageLicenseSpecificationListRequest' + - description: The ARNs of the license configurations. + TagSpecification: + allOf: + - $ref: '#/components/schemas/BootModeValues' + - description: The boot mode of the virtual machine. + SnapshotDetailList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SnapshotDetail' + - xml: + name: item + ImportImageTask: + type: object + properties: + architecture: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The architecture of the virtual machine.

Valid values: i386 | x86_64 | arm64

' + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the import task. + encrypted: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the image is encrypted. + hypervisor: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The target hypervisor for the import task.

Valid values: xen

' + imageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Machine Image (AMI) of the imported virtual machine. + importTaskId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the import image task. + kmsKeyId: + allOf: + - $ref: '#/components/schemas/String' + - description: The identifier for the KMS key that was used to create the encrypted image. + licenseType: + allOf: + - $ref: '#/components/schemas/String' + - description: The license type of the virtual machine. + platform: + allOf: + - $ref: '#/components/schemas/String' + - description: The description string for the import image task. + progress: + allOf: + - $ref: '#/components/schemas/String' + - description: The percentage of progress of the import image task. + snapshotDetailSet: + allOf: + - $ref: '#/components/schemas/SnapshotDetailList' + - description: Information about the snapshots. + status: + allOf: + - $ref: '#/components/schemas/String' + - description: A brief status for the import image task. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: A descriptive status message for the import image task. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the import image task. + licenseSpecifications: + allOf: + - $ref: '#/components/schemas/ImportImageLicenseSpecificationListResponse' + - description: The ARNs of the license configurations that are associated with the import image task. + usageOperation: + allOf: + - $ref: '#/components/schemas/String' + - description: The usage operation value. + bootMode: + allOf: + - $ref: '#/components/schemas/BootModeValues' + - description: The boot mode of the virtual machine. + description: Describes an import image task. + ImportInstanceLaunchSpecification: + type: object + properties: + additionalInfo: + allOf: + - $ref: '#/components/schemas/String' + - description: Reserved. + architecture: + allOf: + - $ref: '#/components/schemas/ArchitectureValues' + - description: The architecture of the instance. + GroupId: + allOf: + - $ref: '#/components/schemas/SecurityGroupIdStringList' + - description: The security group IDs. + GroupName: + allOf: + - $ref: '#/components/schemas/SecurityGroupStringList' + - description: The security group names. + instanceInitiatedShutdownBehavior: + allOf: + - $ref: '#/components/schemas/ShutdownBehavior' + - description: Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: 'The instance type. For more information about the instance types that you can import, see Instance Types in the VM Import/Export User Guide.' + monitoring: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether monitoring is enabled. + placement: + allOf: + - $ref: '#/components/schemas/Placement' + - description: The placement information for the instance. + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: '[EC2-VPC] An available IP address from the IP address range of the subnet.' + subnetId: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: '[EC2-VPC] The ID of the subnet in which to launch the instance.' + userData: + allOf: + - $ref: '#/components/schemas/UserData' + - description: The Base64-encoded user data to make available to the instance. + description: Describes the launch specification for VM import. + ImportInstanceRequest: + type: object + required: + - Platform + title: ImportInstanceRequest + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description for the instance being imported. + diskImage: + allOf: + - $ref: '#/components/schemas/DiskImageList' + - description: The disk image. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + launchSpecification: + allOf: + - $ref: '#/components/schemas/ImportInstanceLaunchSpecification' + - description: The launch specification. + platform: + allOf: + - $ref: '#/components/schemas/PlatformValues' + - description: The instance operating system. + ImportInstanceVolumeDetailSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImportInstanceVolumeDetailItem' + - xml: + name: item + ImportInstanceVolumeDetailItem: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone where the resulting instance will reside. + bytesConverted: + allOf: + - $ref: '#/components/schemas/Long' + - description: The number of bytes converted so far. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the task. + image: + allOf: + - $ref: '#/components/schemas/DiskImageDescription' + - description: The image. + status: + allOf: + - $ref: '#/components/schemas/String' + - description: The status of the import of this particular disk image. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: The status information or errors related to the disk image. + volume: + allOf: + - $ref: '#/components/schemas/DiskImageVolumeDescription' + - description: The volume. + description: Describes an import volume task. + ImportKeyPairRequest: + type: object + required: + - KeyName + - PublicKeyMaterial + title: ImportKeyPairRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + keyName: + allOf: + - $ref: '#/components/schemas/String' + - description: A unique name for the key pair. + publicKeyMaterial: + allOf: + - $ref: '#/components/schemas/Blob' + - description: 'The public key. For API calls, the text must be base64-encoded. For command line tools, base64 encoding is performed for you.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to apply to the imported key pair. + ImportSnapshotRequest: + type: object + title: ImportSnapshotRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The name of the role to use when not using the default role, ''vmimport''.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to apply to the import snapshot task during creation. + SnapshotTaskDetail: + type: object + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the snapshot. + diskImageSize: + allOf: + - $ref: '#/components/schemas/Double' + - description: 'The size of the disk in the snapshot, in GiB.' + encrypted: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the snapshot is encrypted. + format: + allOf: + - $ref: '#/components/schemas/String' + - description: The format of the disk image from which the snapshot is created. + kmsKeyId: + allOf: + - $ref: '#/components/schemas/String' + - description: The identifier for the KMS key that was used to create the encrypted snapshot. + progress: + allOf: + - $ref: '#/components/schemas/String' + - description: The percentage of completion for the import snapshot task. + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: The snapshot ID of the disk being imported. + status: + allOf: + - $ref: '#/components/schemas/String' + - description: A brief status for the import snapshot task. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: A detailed status message for the import snapshot task. + url: + allOf: + - $ref: '#/components/schemas/String' + - description: The URL of the disk image from which the snapshot is created. + userBucket: + allOf: + - $ref: '#/components/schemas/UserBucketDetails' + - description: The Amazon S3 bucket for the disk image. + description: Details about the import snapshot task. + ImportSnapshotTask: + type: object + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the import snapshot task. + importTaskId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the import snapshot task. + snapshotTaskDetail: + allOf: + - $ref: '#/components/schemas/SnapshotTaskDetail' + - description: Describes an import snapshot task. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the import snapshot task. + description: Describes an import snapshot task. + ImportSnapshotTaskIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImportSnapshotTaskId' + - xml: + name: ImportTaskId + ImportTaskIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImportImageTaskId' + - xml: + name: ImportTaskId + ImportVolumeRequest: + type: object + required: + - AvailabilityZone + - Image + - Volume + title: ImportVolumeRequest + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone for the resulting EBS volume. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the volume. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + image: + allOf: + - $ref: '#/components/schemas/DiskImageDetail' + - description: The disk image. + volume: + allOf: + - $ref: '#/components/schemas/VolumeDetail' + - description: The volume size. + InferenceDeviceInfoList: + type: array + items: + $ref: '#/components/schemas/InferenceDeviceInfo' + InferenceAcceleratorInfo: + type: object + properties: + accelerators: + allOf: + - $ref: '#/components/schemas/InferenceDeviceInfoList' + - description: Describes the Inference accelerators for the instance type. + description: Describes the Inference accelerators for the instance type. + InferenceDeviceCount: + type: integer + InferenceDeviceName: + type: string + InferenceDeviceManufacturerName: + type: string + InferenceDeviceInfo: + type: object + properties: + count: + allOf: + - $ref: '#/components/schemas/InferenceDeviceCount' + - description: The number of Inference accelerators for the instance type. + name: + allOf: + - $ref: '#/components/schemas/InferenceDeviceName' + - description: The name of the Inference accelerator. + manufacturer: + allOf: + - $ref: '#/components/schemas/InferenceDeviceManufacturerName' + - description: The manufacturer of the Inference accelerator. + description: Describes the Inference accelerators for the instance type. + Monitoring: + type: object + properties: + state: + allOf: + - $ref: '#/components/schemas/MonitoringState' + - description: 'Indicates whether detailed monitoring is enabled. Otherwise, basic monitoring is enabled.' + description: Describes the monitoring of an instance. + InstanceState: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The state of the instance as a 16-bit unsigned integer.

The high byte is all of the bits between 2^8 and (2^16)-1, which equals decimal values between 256 and 65,535. These numerical values are used for internal purposes and should be ignored.

The low byte is all of the bits between 2^0 and (2^8)-1, which equals decimal values between 0 and 255.

The valid values for instance-state-code will all be in the range of the low byte and they are:

  • 0 : pending

  • 16 : running

  • 32 : shutting-down

  • 48 : terminated

  • 64 : stopping

  • 80 : stopped

You can ignore the high byte value by zeroing out all of the bits above 2^8 or 256 in decimal.

' + name: + allOf: + - $ref: '#/components/schemas/InstanceStateName' + - description: The current state of the instance. + description: Describes the current state of an instance. + InstanceBlockDeviceMappingList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceBlockDeviceMapping' + - xml: + name: item + InstanceLifecycleType: + type: string + enum: + - spot + - scheduled + InstanceNetworkInterfaceList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceNetworkInterface' + - xml: + name: item + LicenseList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LicenseConfiguration' + - xml: + name: item + InstanceMetadataOptionsResponse: + type: object + properties: + state: + allOf: + - $ref: '#/components/schemas/InstanceMetadataOptionsState' + - description:

The state of the metadata option changes.

pending - The metadata options are being updated and the instance is not ready to process metadata traffic with the new selection.

applied - The metadata options have been successfully applied on the instance.

+ httpTokens: + allOf: + - $ref: '#/components/schemas/HttpTokensState' + - description: '

The state of token usage for your instance metadata requests.

If the state is optional, you can choose to retrieve instance metadata with or without a signed token header on your request. If you retrieve the IAM role credentials without a token, the version 1.0 role credentials are returned. If you retrieve the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned.

If the state is required, you must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credential always returns the version 2.0 credentials; the version 1.0 credentials are not available.

Default: optional

' + httpPutResponseHopLimit: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.

Default: 1

Possible values: Integers from 1 to 64

' + httpEndpoint: + allOf: + - $ref: '#/components/schemas/InstanceMetadataEndpointState' + - description: '

Indicates whether the HTTP metadata endpoint on your instances is enabled or disabled.

If the value is disabled, you cannot access your instance metadata.

' + httpProtocolIpv6: + allOf: + - $ref: '#/components/schemas/InstanceMetadataProtocolState' + - description: Indicates whether the IPv6 endpoint for the instance metadata service is enabled or disabled. + instanceMetadataTags: + allOf: + - $ref: '#/components/schemas/InstanceMetadataTagsState' + - description: 'Indicates whether access to instance tags from the instance metadata is enabled or disabled. For more information, see Work with instance tags using the instance metadata.' + description: The metadata options for the instance. + PrivateDnsNameOptionsResponse: + type: object + properties: + hostnameType: + allOf: + - $ref: '#/components/schemas/HostnameType' + - description: The type of hostname to assign to an instance. + enableResourceNameDnsARecord: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to respond to DNS queries for instance hostnames with DNS A records. + enableResourceNameDnsAAAARecord: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. + description: Describes the options for instance hostnames. + InstanceMaintenanceOptions: + type: object + properties: + autoRecovery: + allOf: + - $ref: '#/components/schemas/InstanceAutoRecoveryState' + - description: Provides information on the current automatic recovery behavior of your instance. + description: The maintenance options for the instance. + Instance: + type: object + properties: + amiLaunchIndex: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The AMI launch index, which can be used to find this instance in the launch group.' + imageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the AMI used to launch the instance. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type. + kernelId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The kernel associated with this instance, if applicable.' + keyName: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The name of the key pair, if this instance was launched with an associated key pair.' + launchTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time the instance was launched. + monitoring: + allOf: + - $ref: '#/components/schemas/Monitoring' + - description: The monitoring for the instance. + placement: + allOf: + - $ref: '#/components/schemas/Placement' + - description: 'The location where the instance launched, if applicable.' + platform: + allOf: + - $ref: '#/components/schemas/PlatformValues' + - description: The value is Windows for Windows instances; otherwise blank. + privateDnsName: + allOf: + - $ref: '#/components/schemas/String' + - description: '

(IPv4 only) The private DNS hostname name assigned to the instance. This DNS hostname can only be used inside the Amazon EC2 network. This name is not available until the instance enters the running state.

[EC2-VPC] The Amazon-provided DNS server resolves Amazon-provided private DNS hostnames if you''ve enabled DNS resolution and DNS hostnames in your VPC. If you are not using the Amazon-provided DNS server in your VPC, your custom domain name servers must resolve the hostname as appropriate.

' + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The private IPv4 address assigned to the instance. + productCodes: + allOf: + - $ref: '#/components/schemas/ProductCodeList' + - description: 'The product codes attached to this instance, if applicable.' + dnsName: + allOf: + - $ref: '#/components/schemas/String' + - description: '(IPv4 only) The public DNS name assigned to the instance. This name is not available until the instance enters the running state. For EC2-VPC, this name is only available if you''ve enabled DNS hostnames for your VPC.' + ipAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The public IPv4 address, or the Carrier IP address assigned to the instance, if applicable.

A Carrier IP address only applies to an instance launched in a subnet associated with a Wavelength Zone.

' + ramdiskId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The RAM disk associated with this instance, if applicable.' + instanceState: + allOf: + - $ref: '#/components/schemas/InstanceState' + - description: The current state of the instance. + reason: + allOf: + - $ref: '#/components/schemas/String' + - description: The reason for the most recent state transition. This might be an empty string. + subnetId: + allOf: + - $ref: '#/components/schemas/String' + - description: '[EC2-VPC] The ID of the subnet in which the instance is running.' + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: '[EC2-VPC] The ID of the VPC in which the instance is running.' + architecture: + allOf: + - $ref: '#/components/schemas/ArchitectureValues' + - description: The architecture of the image. + blockDeviceMapping: + allOf: + - $ref: '#/components/schemas/InstanceBlockDeviceMappingList' + - description: Any block device mapping entries for the instance. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The idempotency token you provided when you launched the instance, if applicable.' + ebsOptimized: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance. + enaSupport: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Specifies whether enhanced networking with ENA is enabled. + hypervisor: + allOf: + - $ref: '#/components/schemas/HypervisorType' + - description: The hypervisor type of the instance. The value xen is used for both Xen and Nitro hypervisors. + iamInstanceProfile: + allOf: + - $ref: '#/components/schemas/IamInstanceProfile' + - description: 'The IAM instance profile associated with the instance, if applicable.' + instanceLifecycle: + allOf: + - $ref: '#/components/schemas/InstanceLifecycleType' + - description: Indicates whether this is a Spot Instance or a Scheduled Instance. + elasticGpuAssociationSet: + allOf: + - $ref: '#/components/schemas/ElasticGpuAssociationList' + - description: The Elastic GPU associated with the instance. + elasticInferenceAcceleratorAssociationSet: + allOf: + - $ref: '#/components/schemas/ElasticInferenceAcceleratorAssociationList' + - description: ' The elastic inference accelerator associated with the instance.' + networkInterfaceSet: + allOf: + - $ref: '#/components/schemas/InstanceNetworkInterfaceList' + - description: '[EC2-VPC] The network interfaces for the instance.' + outpostArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Outpost. + rootDeviceName: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The device name of the root device volume (for example, /dev/sda1).' + rootDeviceType: + allOf: + - $ref: '#/components/schemas/DeviceType' + - description: The root device type used by the AMI. The AMI can use an EBS volume or an instance store volume. + groupSet: + allOf: + - $ref: '#/components/schemas/GroupIdentifierList' + - description: The security groups for the instance. + sourceDestCheck: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether source/destination checking is enabled. + spotInstanceRequestId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'If the request is a Spot Instance request, the ID of the request.' + sriovNetSupport: + allOf: + - $ref: '#/components/schemas/String' + - description: Specifies whether enhanced networking with the Intel 82599 Virtual Function interface is enabled. + stateReason: + allOf: + - $ref: '#/components/schemas/StateReason' + - description: The reason for the most recent state transition. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the instance. + virtualizationType: + allOf: + - $ref: '#/components/schemas/VirtualizationType' + - description: The virtualization type of the instance. + cpuOptions: + allOf: + - $ref: '#/components/schemas/CpuOptions' + - description: The CPU options for the instance. + capacityReservationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Capacity Reservation. + capacityReservationSpecification: + allOf: + - $ref: '#/components/schemas/CapacityReservationSpecificationResponse' + - description: Information about the Capacity Reservation targeting option. + hibernationOptions: + allOf: + - $ref: '#/components/schemas/HibernationOptions' + - description: Indicates whether the instance is enabled for hibernation. + licenseSet: + allOf: + - $ref: '#/components/schemas/LicenseList' + - description: The license configurations for the instance. + metadataOptions: + allOf: + - $ref: '#/components/schemas/InstanceMetadataOptionsResponse' + - description: The metadata options for the instance. + enclaveOptions: + allOf: + - $ref: '#/components/schemas/EnclaveOptions' + - description: Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. + bootMode: + allOf: + - $ref: '#/components/schemas/BootModeValues' + - description: 'The boot mode of the instance. For more information, see Boot modes in the Amazon EC2 User Guide.' + platformDetails: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The platform details value for the instance. For more information, see AMI billing information fields in the Amazon EC2 User Guide.' + usageOperation: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The usage operation value for the instance. For more information, see AMI billing information fields in the Amazon EC2 User Guide.' + usageOperationUpdateTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time that the usage operation was last updated. + privateDnsNameOptions: + allOf: + - $ref: '#/components/schemas/PrivateDnsNameOptionsResponse' + - description: The options for the instance hostname. + ipv6Address: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 address assigned to the instance. + tpmSupport: + allOf: + - $ref: '#/components/schemas/String' + - description: 'If the instance is configured for NitroTPM support, the value is v2.0. For more information, see NitroTPM in the Amazon EC2 User Guide.' + maintenanceOptions: + allOf: + - $ref: '#/components/schemas/InstanceMaintenanceOptions' + - description: Provides information on the recovery and maintenance options of your instance. + description: Describes an instance. + InstanceBlockDeviceMapping: + type: object + properties: + deviceName: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The device name (for example, /dev/sdh or xvdh).' + ebs: + allOf: + - $ref: '#/components/schemas/EbsInstanceBlockDevice' + - description: Parameters used to automatically set up EBS volumes when the instance is launched. + description: Describes a block device mapping. + InstanceBlockDeviceMappingSpecificationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceBlockDeviceMappingSpecification' + - xml: + name: item + ListingState: + type: string + enum: + - available + - sold + - cancelled + - pending + InstanceCount: + type: object + properties: + instanceCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of listed Reserved Instances in the state specified by the state. + state: + allOf: + - $ref: '#/components/schemas/ListingState' + - description: The states of the listed Reserved Instances. + description: Describes a Reserved Instance listing state. + InstanceCountList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceCount' + - xml: + name: item + InstanceCreditSpecification: + type: object + properties: + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + cpuCredits: + allOf: + - $ref: '#/components/schemas/String' + - description: The credit option for CPU usage of the instance. Valid values are standard and unlimited. + description: 'Describes the credit option for CPU usage of a burstable performance instance. ' + InstanceCreditSpecificationListRequest: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceCreditSpecificationRequest' + - xml: + name: item + InstanceEventId: + type: string + InstanceEventWindowTimeRangeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowTimeRange' + - xml: + name: item + InstanceEventWindowAssociationTarget: + type: object + properties: + instanceIdSet: + allOf: + - $ref: '#/components/schemas/InstanceIdList' + - description: The IDs of the instances associated with the event window. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The instance tags associated with the event window. Any instances associated with the tags will be associated with the event window. + dedicatedHostIdSet: + allOf: + - $ref: '#/components/schemas/DedicatedHostIdList' + - description: The IDs of the Dedicated Hosts associated with the event window. + description: One or more targets associated with the event window. + InstanceEventWindowState: + type: string + enum: + - creating + - deleting + - active + - deleted + WeekDay: + type: string + enum: + - sunday + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + InstanceEventWindowTimeRange: + type: object + properties: + startWeekDay: + allOf: + - $ref: '#/components/schemas/WeekDay' + - description: The day on which the time range begins. + startHour: + allOf: + - $ref: '#/components/schemas/Hour' + - description: The hour when the time range begins. + endWeekDay: + allOf: + - $ref: '#/components/schemas/WeekDay' + - description: The day on which the time range ends. + endHour: + allOf: + - $ref: '#/components/schemas/Hour' + - description: The hour when the time range ends. + description: 'The start day and time and the end day and time of the time range, in UTC.' + InstanceEventWindowTimeRangeRequestSet: + type: array + items: + $ref: '#/components/schemas/InstanceEventWindowTimeRangeRequest' + InstanceGeneration: + type: string + enum: + - current + - previous + InstanceGenerationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceGeneration' + - xml: + name: item + InstanceIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: item + InstanceIpv4Prefix: + type: object + properties: + ipv4Prefix: + allOf: + - $ref: '#/components/schemas/String' + - description: One or more IPv4 prefixes assigned to the network interface. + description: Information about an IPv4 prefix. + InstanceIpv4PrefixList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceIpv4Prefix' + - xml: + name: item + InstanceIpv6AddressRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 address. + description: Describes an IPv6 address. + InstanceIpv6AddressListRequest: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceIpv6AddressRequest' + - xml: + name: InstanceIpv6Address + InstanceIpv6Prefix: + type: object + properties: + ipv6Prefix: + allOf: + - $ref: '#/components/schemas/String' + - description: One or more IPv6 prefixes assigned to the network interface. + description: Information about an IPv6 prefix. + InstanceIpv6PrefixList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceIpv6Prefix' + - xml: + name: item + InstanceList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Instance' + - xml: + name: item + InstanceMaintenanceOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceAutoRecoveryState' + - description: 'Disables the automatic recovery behavior of your instance or sets it to default. For more information, see Simplified automatic recovery.' + description: The maintenance options for the instance. + InstanceMarketOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/SpotMarketOptions' + - description: The options for Spot Instances. + description: Describes the market (purchasing) option for the instances. + InstanceMetadataEndpointState: + type: string + enum: + - disabled + - enabled + InstanceMetadataOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceMetadataTagsState' + - description: '

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.

Default: disabled

' + description: The metadata options for the instance. + InstanceMetadataOptionsState: + type: string + enum: + - pending + - applied + InstanceMetadataProtocolState: + type: string + enum: + - disabled + - enabled + InstanceMonitoring: + type: object + properties: + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + monitoring: + allOf: + - $ref: '#/components/schemas/Monitoring' + - description: The monitoring for the instance. + description: Describes the monitoring of an instance. + InstanceMonitoringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceMonitoring' + - xml: + name: item + InstanceNetworkInterfaceAssociation: + type: object + properties: + carrierIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The carrier IP address associated with the network interface. + customerOwnedIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The customer-owned IP address associated with the network interface. + ipOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the owner of the Elastic IP address. + publicDnsName: + allOf: + - $ref: '#/components/schemas/String' + - description: The public DNS name. + publicIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The public IP address or Elastic IP address bound to the network interface. + description: Describes association information for an Elastic IP address (IPv4). + InstanceNetworkInterfaceAttachment: + type: object + properties: + attachTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time stamp when the attachment initiated. + attachmentId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network interface attachment. + deleteOnTermination: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the network interface is deleted when the instance is terminated. + deviceIndex: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The index of the device on the instance for the network interface attachment. + status: + allOf: + - $ref: '#/components/schemas/AttachmentStatus' + - description: The attachment state. + networkCardIndex: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The index of the network card. + description: Describes a network interface attachment. + InstancePrivateIpAddressList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstancePrivateIpAddress' + - xml: + name: item + NetworkInterfaceStatus: + type: string + enum: + - available + - associated + - attaching + - in-use + - detaching + InstanceNetworkInterface: + type: object + properties: + association: + allOf: + - $ref: '#/components/schemas/InstanceNetworkInterfaceAssociation' + - description: The association information for an Elastic IPv4 associated with the network interface. + attachment: + allOf: + - $ref: '#/components/schemas/InstanceNetworkInterfaceAttachment' + - description: The network interface attachment. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description. + groupSet: + allOf: + - $ref: '#/components/schemas/GroupIdentifierList' + - description: One or more security groups. + ipv6AddressesSet: + allOf: + - $ref: '#/components/schemas/InstanceIpv6AddressList' + - description: One or more IPv6 addresses associated with the network interface. + macAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The MAC address. + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network interface. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that created the network interface. + privateDnsName: + allOf: + - $ref: '#/components/schemas/String' + - description: The private DNS name. + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv4 address of the network interface within the subnet. + privateIpAddressesSet: + allOf: + - $ref: '#/components/schemas/InstancePrivateIpAddressList' + - description: One or more private IPv4 addresses associated with the network interface. + sourceDestCheck: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether source/destination checking is enabled. + status: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceStatus' + - description: The status of the network interface. + subnetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + interfaceType: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The type of network interface.

Valid values: interface | efa | trunk

' + ipv4PrefixSet: + allOf: + - $ref: '#/components/schemas/InstanceIpv4PrefixList' + - description: The IPv4 delegated prefixes that are assigned to the network interface. + ipv6PrefixSet: + allOf: + - $ref: '#/components/schemas/InstanceIpv6PrefixList' + - description: The IPv6 delegated prefixes that are assigned to the network interface. + description: Describes a network interface. + InstancePrivateIpAddress: + type: object + properties: + association: + allOf: + - $ref: '#/components/schemas/InstanceNetworkInterfaceAssociation' + - description: The association information for an Elastic IP address for the network interface. + primary: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether this IPv4 address is the primary private IP address of the network interface. + privateDnsName: + allOf: + - $ref: '#/components/schemas/String' + - description: The private IPv4 DNS name. + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The private IPv4 address of the network interface. + description: Describes a private IPv4 address. + VCpuCountRange: + type: object + properties: + min: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The minimum number of vCPUs. If the value is 0, there is no minimum limit.' + max: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum number of vCPUs. If this parameter is not specified, there is no maximum limit.' + description: The minimum and maximum number of vCPUs. + MemoryMiB: + type: object + properties: + min: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The minimum amount of memory, in MiB. If this parameter is not specified, there is no minimum limit.' + max: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum amount of memory, in MiB. If this parameter is not specified, there is no maximum limit.' + description: 'The minimum and maximum amount of memory, in MiB.' + MemoryGiBPerVCpu: + type: object + properties: + min: + allOf: + - $ref: '#/components/schemas/Double' + - description: 'The minimum amount of memory per vCPU, in GiB. If this parameter is not specified, there is no minimum limit.' + max: + allOf: + - $ref: '#/components/schemas/Double' + - description: 'The maximum amount of memory per vCPU, in GiB. If this parameter is not specified, there is no maximum limit.' + description: '

The minimum and maximum amount of memory per vCPU, in GiB.

' + NetworkInterfaceCount: + type: object + properties: + min: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The minimum number of network interfaces. If this parameter is not specified, there is no minimum limit.' + max: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum number of network interfaces. If this parameter is not specified, there is no maximum limit.' + description: The minimum and maximum number of network interfaces. + LocalStorageTypeSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalStorageType' + - xml: + name: item + TotalLocalStorageGB: + type: object + properties: + min: + allOf: + - $ref: '#/components/schemas/Double' + - description: 'The minimum amount of total local storage, in GB. If this parameter is not specified, there is no minimum limit.' + max: + allOf: + - $ref: '#/components/schemas/Double' + - description: 'The maximum amount of total local storage, in GB. If this parameter is not specified, there is no maximum limit.' + description: 'The minimum and maximum amount of total local storage, in GB.' + InstanceRequirementsWithMetadataRequest: + type: object + properties: + ArchitectureType: + allOf: + - $ref: '#/components/schemas/ArchitectureTypeSet' + - description: The architecture type. + VirtualizationType: + allOf: + - $ref: '#/components/schemas/InstanceRequirementsRequest' + - description: 'The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.' + description: '

The architecture type, virtualization type, and other attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.

If you specify InstanceRequirementsWithMetadataRequest, you can''t specify InstanceTypes.

' + InstanceSpecification: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Excludes the root volume from being snapshotted. + description: The instance details to specify which volumes should be snapshotted. + InstanceStateName: + type: string + enum: + - pending + - running + - shutting-down + - terminated + - stopping + - stopped + InstanceStateChange: + type: object + properties: + currentState: + allOf: + - $ref: '#/components/schemas/InstanceState' + - description: The current state of the instance. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + previousState: + allOf: + - $ref: '#/components/schemas/InstanceState' + - description: The previous state of the instance. + description: Describes an instance state change. + InstanceStateChangeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceStateChange' + - xml: + name: item + InstanceStatusEventList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceStatusEvent' + - xml: + name: item + InstanceStatusSummary: + type: object + properties: + details: + allOf: + - $ref: '#/components/schemas/InstanceStatusDetailsList' + - description: The system instance health or application instance health. + status: + allOf: + - $ref: '#/components/schemas/SummaryStatus' + - description: The status. + description: Describes the status of an instance. + InstanceStatus: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone of the instance. + outpostArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Outpost. + eventsSet: + allOf: + - $ref: '#/components/schemas/InstanceStatusEventList' + - description: Any scheduled events associated with the instance. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + instanceState: + allOf: + - $ref: '#/components/schemas/InstanceState' + - description: The intended state of the instance. DescribeInstanceStatus requires that an instance be in the running state. + instanceStatus: + allOf: + - $ref: '#/components/schemas/InstanceStatusSummary' + - description: 'Reports impaired functionality that stems from issues internal to the instance, such as impaired reachability.' + systemStatus: + allOf: + - $ref: '#/components/schemas/InstanceStatusSummary' + - description: 'Reports impaired functionality that stems from issues related to the systems that support an instance, such as hardware failures and network connectivity problems.' + description: Describes the status of an instance. + StatusName: + type: string + enum: + - reachability + StatusType: + type: string + enum: + - passed + - failed + - insufficient-data + - initializing + InstanceStatusDetails: + type: object + properties: + impairedSince: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The time when a status check failed. For an instance that was launched and impaired, this is the time when the instance was launched.' + name: + allOf: + - $ref: '#/components/schemas/StatusName' + - description: The type of instance status. + status: + allOf: + - $ref: '#/components/schemas/StatusType' + - description: The status. + description: Describes the instance status. + InstanceStatusDetailsList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceStatusDetails' + - xml: + name: item + InstanceStatusEvent: + type: object + properties: + instanceEventId: + allOf: + - $ref: '#/components/schemas/InstanceEventId' + - description: The ID of the event. + code: + allOf: + - $ref: '#/components/schemas/EventCode' + - description: The event code. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: '

A description of the event.

After a scheduled event is completed, it can still be described for up to a week. If the event has been completed, this description starts with the following text: [Completed].

' + notAfter: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The latest scheduled end time for the event. + notBefore: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The earliest scheduled start time for the event. + notBeforeDeadline: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The deadline for starting the event. + description: Describes a scheduled event for an instance. + SummaryStatus: + type: string + enum: + - ok + - impaired + - insufficient-data + - not-applicable + - initializing + InstanceStorageEncryptionSupport: + type: string + enum: + - unsupported + - required + InstanceStorageFlag: + type: boolean + InstanceStorageInfo: + type: object + properties: + totalSizeInGB: + allOf: + - $ref: '#/components/schemas/DiskSize' + - description: 'The total size of the disks, in GB.' + disks: + allOf: + - $ref: '#/components/schemas/DiskInfoList' + - description: Describes the disks that are available for the instance type. + nvmeSupport: + allOf: + - $ref: '#/components/schemas/EphemeralNvmeSupport' + - description: Indicates whether non-volatile memory express (NVMe) is supported. + encryptionSupport: + allOf: + - $ref: '#/components/schemas/InstanceStorageEncryptionSupport' + - description: Indicates whether data is encrypted at rest. + description: Describes the instance store features that are supported by the instance type. + InstanceTypeHypervisor: + type: string + enum: + - nitro + - xen + UsageClassTypeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/UsageClassType' + - xml: + name: item + RootDeviceTypeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/RootDeviceType' + - xml: + name: item + VirtualizationTypeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VirtualizationType' + - xml: + name: item + ProcessorInfo: + type: object + properties: + supportedArchitectures: + allOf: + - $ref: '#/components/schemas/ArchitectureTypeList' + - description: The architectures supported by the instance type. + sustainedClockSpeedInGhz: + allOf: + - $ref: '#/components/schemas/ProcessorSustainedClockSpeed' + - description: 'The speed of the processor, in GHz.' + description: Describes the processor used by the instance type. + VCpuInfo: + type: object + properties: + defaultVCpus: + allOf: + - $ref: '#/components/schemas/VCpuCount' + - description: The default number of vCPUs for the instance type. + defaultCores: + allOf: + - $ref: '#/components/schemas/CoreCount' + - description: The default number of cores for the instance type. + defaultThreadsPerCore: + allOf: + - $ref: '#/components/schemas/ThreadsPerCore' + - description: The default number of threads per core for the instance type. + validCores: + allOf: + - $ref: '#/components/schemas/CoreCountList' + - description: The valid number of cores that can be configured for the instance type. + validThreadsPerCore: + allOf: + - $ref: '#/components/schemas/ThreadsPerCoreList' + - description: 'The valid number of threads per core that can be configured for the instance type. ' + description: Describes the vCPU configurations for the instance type. + MemoryInfo: + type: object + properties: + sizeInMiB: + allOf: + - $ref: '#/components/schemas/MemorySize' + - description: 'The size of the memory, in MiB.' + description: Describes the memory for the instance type. + NetworkInfo: + type: object + properties: + networkPerformance: + allOf: + - $ref: '#/components/schemas/NetworkPerformance' + - description: The network performance. + maximumNetworkInterfaces: + allOf: + - $ref: '#/components/schemas/MaxNetworkInterfaces' + - description: The maximum number of network interfaces for the instance type. + maximumNetworkCards: + allOf: + - $ref: '#/components/schemas/MaximumNetworkCards' + - description: The maximum number of physical network cards that can be allocated to the instance. + defaultNetworkCardIndex: + allOf: + - $ref: '#/components/schemas/DefaultNetworkCardIndex' + - description: 'The index of the default network card, starting at 0.' + networkCards: + allOf: + - $ref: '#/components/schemas/NetworkCardInfoList' + - description: Describes the network cards for the instance type. + ipv4AddressesPerInterface: + allOf: + - $ref: '#/components/schemas/MaxIpv4AddrPerInterface' + - description: The maximum number of IPv4 addresses per network interface. + ipv6AddressesPerInterface: + allOf: + - $ref: '#/components/schemas/MaxIpv6AddrPerInterface' + - description: The maximum number of IPv6 addresses per network interface. + ipv6Supported: + allOf: + - $ref: '#/components/schemas/Ipv6Flag' + - description: Indicates whether IPv6 is supported. + enaSupport: + allOf: + - $ref: '#/components/schemas/EnaSupport' + - description: Indicates whether Elastic Network Adapter (ENA) is supported. + efaSupported: + allOf: + - $ref: '#/components/schemas/EfaSupportedFlag' + - description: Indicates whether Elastic Fabric Adapter (EFA) is supported. + efaInfo: + allOf: + - $ref: '#/components/schemas/EfaInfo' + - description: Describes the Elastic Fabric Adapters for the instance type. + encryptionInTransitSupported: + allOf: + - $ref: '#/components/schemas/EncryptionInTransitSupported' + - description: Indicates whether the instance type automatically encrypts in-transit traffic between instances. + description: Describes the networking features of the instance type. + PlacementGroupInfo: + type: object + properties: + supportedStrategies: + allOf: + - $ref: '#/components/schemas/PlacementGroupStrategyList' + - description: The supported placement group types. + description: Describes the placement group support of the instance type. + InstanceTypeInfo: + type: object + properties: + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: 'The instance type. For more information, see Instance types in the Amazon EC2 User Guide.' + currentGeneration: + allOf: + - $ref: '#/components/schemas/CurrentGenerationFlag' + - description: Indicates whether the instance type is current generation. + freeTierEligible: + allOf: + - $ref: '#/components/schemas/FreeTierEligibleFlag' + - description: Indicates whether the instance type is eligible for the free tier. + supportedUsageClasses: + allOf: + - $ref: '#/components/schemas/UsageClassTypeList' + - description: Indicates whether the instance type is offered for spot or On-Demand. + supportedRootDeviceTypes: + allOf: + - $ref: '#/components/schemas/RootDeviceTypeList' + - description: The supported root device types. + supportedVirtualizationTypes: + allOf: + - $ref: '#/components/schemas/VirtualizationTypeList' + - description: The supported virtualization types. + bareMetal: + allOf: + - $ref: '#/components/schemas/BareMetalFlag' + - description: Indicates whether the instance is a bare metal instance type. + hypervisor: + allOf: + - $ref: '#/components/schemas/InstanceTypeHypervisor' + - description: The hypervisor for the instance type. + processorInfo: + allOf: + - $ref: '#/components/schemas/ProcessorInfo' + - description: Describes the processor. + vCpuInfo: + allOf: + - $ref: '#/components/schemas/VCpuInfo' + - description: Describes the vCPU configurations for the instance type. + memoryInfo: + allOf: + - $ref: '#/components/schemas/MemoryInfo' + - description: Describes the memory for the instance type. + instanceStorageSupported: + allOf: + - $ref: '#/components/schemas/InstanceStorageFlag' + - description: Indicates whether instance storage is supported. + instanceStorageInfo: + allOf: + - $ref: '#/components/schemas/InstanceStorageInfo' + - description: Describes the instance storage for the instance type. + ebsInfo: + allOf: + - $ref: '#/components/schemas/EbsInfo' + - description: Describes the Amazon EBS settings for the instance type. + networkInfo: + allOf: + - $ref: '#/components/schemas/NetworkInfo' + - description: Describes the network settings for the instance type. + gpuInfo: + allOf: + - $ref: '#/components/schemas/GpuInfo' + - description: Describes the GPU accelerator settings for the instance type. + fpgaInfo: + allOf: + - $ref: '#/components/schemas/FpgaInfo' + - description: Describes the FPGA accelerator settings for the instance type. + placementGroupInfo: + allOf: + - $ref: '#/components/schemas/PlacementGroupInfo' + - description: Describes the placement group settings for the instance type. + inferenceAcceleratorInfo: + allOf: + - $ref: '#/components/schemas/InferenceAcceleratorInfo' + - description: Describes the Inference accelerator settings for the instance type. + hibernationSupported: + allOf: + - $ref: '#/components/schemas/HibernationFlag' + - description: Indicates whether On-Demand hibernation is supported. + burstablePerformanceSupported: + allOf: + - $ref: '#/components/schemas/BurstablePerformanceFlag' + - description: Indicates whether the instance type is a burstable performance instance type. + dedicatedHostsSupported: + allOf: + - $ref: '#/components/schemas/DedicatedHostFlag' + - description: Indicates whether Dedicated Hosts are supported on the instance type. + autoRecoverySupported: + allOf: + - $ref: '#/components/schemas/AutoRecoveryFlag' + - description: Indicates whether auto recovery is supported. + supportedBootModes: + allOf: + - $ref: '#/components/schemas/BootModeTypeList' + - description: 'The supported boot modes. For more information, see Boot modes in the Amazon EC2 User Guide.' + description: Describes the instance type. + InstanceTypeInfoFromInstanceRequirements: + type: object + properties: + instanceType: + allOf: + - $ref: '#/components/schemas/String' + - description: The matching instance type. + description: The list of instance types with the specified instance attributes. + Location: + type: string + InstanceTypeOffering: + type: object + properties: + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: 'The instance type. For more information, see Instance types in the Amazon EC2 User Guide.' + locationType: + allOf: + - $ref: '#/components/schemas/LocationType' + - description: The location type. + location: + allOf: + - $ref: '#/components/schemas/Location' + - description: 'The identifier for the location. This depends on the location type. For example, if the location type is region, the location is the Region code (for example, us-east-2.)' + description: The instance types offered. + InstanceTypes: + type: array + items: + $ref: '#/components/schemas/String' + minItems: 0 + maxItems: 1000 + InstanceUsage: + type: object + properties: + accountId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that is making use of the Capacity Reservation. + usedInstanceCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of instances the Amazon Web Services account currently has in the Capacity Reservation. + description: Information about the Capacity Reservation usage. + InterfacePermissionType: + type: string + enum: + - INSTANCE-ATTACH + - EIP-ASSOCIATE + InterfaceProtocolType: + type: string + enum: + - VLAN + - GRE + InternetGatewayAttachment: + type: object + properties: + state: + allOf: + - $ref: '#/components/schemas/AttachmentStatus' + - description: 'The current state of the attachment. For an internet gateway, the state is available when attached to a VPC; otherwise, this value is not returned.' + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + description: Describes the attachment of a VPC to an internet gateway or an egress-only internet gateway. + InternetGatewayIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InternetGatewayId' + - xml: + name: item + IpAddressType: + type: string + enum: + - ipv4 + - dualstack + - ipv6 + IpRangeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpRange' + - xml: + name: item + Ipv6RangeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv6Range' + - xml: + name: item + PrefixListIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/PrefixListId' + - xml: + name: item + UserIdGroupPairList: + type: array + items: + allOf: + - $ref: '#/components/schemas/UserIdGroupPair' + - xml: + name: item + IpRange: + type: object + properties: + cidrIp: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv4 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv4 address, use the /32 prefix length.' + description: + allOf: + - $ref: '#/components/schemas/String' + - description: '

A description for the security group rule that references this IPv4 address range.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

' + description: Describes an IPv4 range. + IpRanges: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + IpamId: + type: string + IpamOperatingRegionSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpamOperatingRegion' + - xml: + name: item + IpamState: + type: string + enum: + - create-in-progress + - create-complete + - create-failed + - modify-in-progress + - modify-complete + - modify-failed + - delete-in-progress + - delete-complete + - delete-failed + - isolate-in-progress + - isolate-complete + - restore-in-progress + IpamAddressHistoryMaxResults: + type: integer + minimum: 1 + maximum: 1000 + IpamAddressHistoryResourceType: + type: string + enum: + - eip + - vpc + - subnet + - network-interface + - instance + IpamComplianceStatus: + type: string + enum: + - compliant + - noncompliant + - unmanaged + - ignored + IpamOverlapStatus: + type: string + enum: + - overlapping + - nonoverlapping + - ignored + IpamAddressHistoryRecord: + type: object + properties: + resourceOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource owner. + resourceRegion: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services Region of the resource. + resourceType: + allOf: + - $ref: '#/components/schemas/IpamAddressHistoryResourceType' + - description: The type of the resource. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource. + resourceCidr: + allOf: + - $ref: '#/components/schemas/String' + - description: The CIDR of the resource. + resourceName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the resource. + resourceComplianceStatus: + allOf: + - $ref: '#/components/schemas/IpamComplianceStatus' + - description: 'The compliance status of a resource. For more information on compliance statuses, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.' + resourceOverlapStatus: + allOf: + - $ref: '#/components/schemas/IpamOverlapStatus' + - description: 'The overlap status of an IPAM resource. The overlap status tells you if the CIDR for a resource overlaps with another CIDR in the scope. For more information on overlap statuses, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.' + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The VPC ID of the resource. + sampledStartTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: 'Sampled start time of the resource-to-CIDR association within the IPAM scope. Changes are picked up in periodic snapshots, so the start time may have occurred before this specific time.' + sampledEndTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: 'Sampled end time of the resource-to-CIDR association within the IPAM scope. Changes are picked up in periodic snapshots, so the end time may have occurred before this specific time.' + description: 'The historical record of a CIDR within an IPAM scope. For more information, see View the history of IP addresses in the Amazon VPC IPAM User Guide. ' + IpamCidrAuthorizationContext: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The signed authorization message for the prefix and account. + description: A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP. + IpamManagementState: + type: string + enum: + - managed + - unmanaged + - ignored + IpamMaxResults: + type: integer + minimum: 5 + maximum: 1000 + IpamOperatingRegion: + type: object + properties: + regionName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the operating Region. + description: '

The operating Regions for an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

' + IpamScopeType: + type: string + enum: + - public + - private + IpamPoolState: + type: string + enum: + - create-in-progress + - create-complete + - create-failed + - modify-in-progress + - modify-complete + - modify-failed + - delete-in-progress + - delete-complete + - delete-failed + - isolate-in-progress + - isolate-complete + - restore-in-progress + IpamResourceTagList: + type: array + items: + allOf: + - $ref: '#/components/schemas/IpamResourceTag' + - xml: + name: item + IpamPoolAllocationResourceType: + type: string + enum: + - ipam-pool + - vpc + - ec2-public-ipv4-pool + - custom + IpamPoolCidrState: + type: string + enum: + - pending-provision + - provisioned + - failed-provision + - pending-deprovision + - deprovisioned + - failed-deprovision + - pending-import + - failed-import + IpamPoolCidrFailureReason: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/IpamPoolCidrFailureCode' + - description: An error code related to why an IPAM pool CIDR failed to be provisioned. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: A message related to why an IPAM pool CIDR failed to be provisioned. + description: Details related to why an IPAM pool CIDR failed to be provisioned. + IpamPoolCidrFailureCode: + type: string + enum: + - cidr-not-available + IpamResourceType: + type: string + enum: + - vpc + - subnet + - eip + - public-ipv4-pool + - ipv6-pool + IpamResourceCidr: + type: object + properties: + ipamId: + allOf: + - $ref: '#/components/schemas/IpamId' + - description: The IPAM ID for an IPAM resource. + ipamScopeId: + allOf: + - $ref: '#/components/schemas/IpamScopeId' + - description: The scope ID for an IPAM resource. + ipamPoolId: + allOf: + - $ref: '#/components/schemas/IpamPoolId' + - description: The pool ID for an IPAM resource. + resourceRegion: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services Region for an IPAM resource. + resourceOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account number of the owner of an IPAM resource. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of an IPAM resource. + resourceName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of an IPAM resource. + resourceCidr: + allOf: + - $ref: '#/components/schemas/String' + - description: The CIDR for an IPAM resource. + resourceType: + allOf: + - $ref: '#/components/schemas/IpamResourceType' + - description: The type of IPAM resource. + resourceTagSet: + allOf: + - $ref: '#/components/schemas/IpamResourceTagList' + - description: The tags for an IPAM resource. + ipUsage: + allOf: + - $ref: '#/components/schemas/BoxedDouble' + - description: 'The IP address space in the IPAM pool that is allocated to this resource. To convert the decimal to a percentage, multiply the decimal by 100.' + complianceStatus: + allOf: + - $ref: '#/components/schemas/IpamComplianceStatus' + - description: 'The compliance status of the IPAM resource. For more information on compliance statuses, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.' + managementState: + allOf: + - $ref: '#/components/schemas/IpamManagementState' + - description: 'The management state of the resource. For more information about management states, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.' + overlapStatus: + allOf: + - $ref: '#/components/schemas/IpamOverlapStatus' + - description: 'The overlap status of an IPAM resource. The overlap status tells you if the CIDR for a resource overlaps with another CIDR in the scope. For more information on overlap statuses, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.' + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of a VPC. + description: The CIDR for an IPAM resource. + IpamResourceTag: + type: object + properties: + key: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.' + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The value of the tag. + description: 'The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.' + IpamScopeState: + type: string + enum: + - create-in-progress + - create-complete + - create-failed + - modify-in-progress + - modify-complete + - modify-failed + - delete-in-progress + - delete-complete + - delete-failed + - isolate-in-progress + - isolate-complete + - restore-in-progress + Ipv4PrefixList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv4PrefixSpecificationRequest' + - xml: + name: item + Ipv4PrefixSpecificationResponse: + type: object + properties: + ipv4Prefix: + allOf: + - $ref: '#/components/schemas/String' + - description: One or more IPv4 delegated prefixes assigned to the network interface. + description: Information about the IPv4 delegated prefixes assigned to a network interface. + Ipv4PrefixListResponse: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv4PrefixSpecificationResponse' + - xml: + name: item + Ipv4PrefixSpecification: + type: object + properties: + ipv4Prefix: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv4 prefix. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.' + description: Describes an IPv4 prefix. + Ipv6Address: + type: string + Ipv6CidrAssociation: + type: object + properties: + ipv6Cidr: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 CIDR block. + associatedResource: + allOf: + - $ref: '#/components/schemas/String' + - description: The resource that's associated with the IPv6 CIDR block. + description: Describes an IPv6 CIDR block association. + Ipv6CidrBlock: + type: object + properties: + ipv6CidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 CIDR block. + description: Describes an IPv6 CIDR block. + Ipv6CidrBlockSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv6CidrBlock' + - xml: + name: item + Ipv6Flag: + type: boolean + PoolCidrBlocksSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/PoolCidrBlock' + - xml: + name: item + Ipv6Pool: + type: object + properties: + poolId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the address pool. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description for the address pool. + poolCidrBlockSet: + allOf: + - $ref: '#/components/schemas/PoolCidrBlocksSet' + - description: The CIDR blocks for the address pool. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags for the address pool. + description: Describes an IPv6 address pool. + Ipv6PoolIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv6PoolEc2Id' + - xml: + name: item + Ipv6PoolMaxResults: + type: integer + minimum: 1 + maximum: 1000 + Ipv6PrefixList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv6PrefixSpecificationRequest' + - xml: + name: item + Ipv6PrefixSpecificationResponse: + type: object + properties: + ipv6Prefix: + allOf: + - $ref: '#/components/schemas/String' + - description: One or more IPv6 delegated prefixes assigned to the network interface. + description: Information about the IPv6 delegated prefixes assigned to a network interface. + Ipv6PrefixListResponse: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv6PrefixSpecificationResponse' + - xml: + name: item + Ipv6PrefixSpecification: + type: object + properties: + ipv6Prefix: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 prefix. + description: Describes the IPv6 prefix. + Ipv6PrefixesList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv6PrefixSpecification' + - xml: + name: item + Ipv6Range: + type: object + properties: + cidrIpv6: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv6 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv6 address, use the /128 prefix length.' + description: + allOf: + - $ref: '#/components/schemas/String' + - description: '

A description for the security group rule that references this IPv6 address range.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

' + description: '[EC2-VPC only] Describes an IPv6 range.' + Ipv6SupportValue: + type: string + enum: + - enable + - disable + SensitiveUserData: + type: string + format: password + KeyPairInfo: + type: object + properties: + keyPairId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the key pair. + keyFingerprint: + allOf: + - $ref: '#/components/schemas/String' + - description: '

If you used CreateKeyPair to create the key pair:

  • For RSA key pairs, the key fingerprint is the SHA-1 digest of the DER encoded private key.

  • For ED25519 key pairs, the key fingerprint is the base64-encoded SHA-256 digest, which is the default for OpenSSH, starting with OpenSSH 6.8.

If you used ImportKeyPair to provide Amazon Web Services the public key:

  • For RSA key pairs, the key fingerprint is the MD5 public key fingerprint as specified in section 4 of RFC4716.

  • For ED25519 key pairs, the key fingerprint is the base64-encoded SHA-256 digest, which is the default for OpenSSH, starting with OpenSSH 6.8.

' + keyName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the key pair. + keyType: + allOf: + - $ref: '#/components/schemas/KeyType' + - description: The type of key pair. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags applied to the key pair. + publicKey: + allOf: + - $ref: '#/components/schemas/String' + - description: The public key material. + createTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: '

If you used Amazon EC2 to create the key pair, this is the date and time when the key was created, in ISO 8601 date-time format, in the UTC time zone.

If you imported an existing key pair to Amazon EC2, this is the date and time the key was imported, in ISO 8601 date-time format, in the UTC time zone.

' + description: Describes a key pair. + LastError: + type: object + properties: + message: + allOf: + - $ref: '#/components/schemas/String' + - description: The error message for the VPC endpoint error. + code: + allOf: + - $ref: '#/components/schemas/String' + - description: The error code for the VPC endpoint error. + description: The last error that occurred for a VPC endpoint. + LaunchPermission: + type: object + properties: + group: + allOf: + - $ref: '#/components/schemas/PermissionGroup' + - description: The name of the group. + userId: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The Amazon Web Services account ID.

Constraints: Up to 10 000 account IDs can be specified in a single request.

' + organizationArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of an organization. + organizationalUnitArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of an organizational unit (OU). + description: Describes a launch permission. + LaunchPermissionModifications: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LaunchPermissionList' + - description: 'The Amazon Web Services account ID, organization ARN, or OU ARN to remove from the list of launch permissions for the AMI.' + description: Describes a launch permission modification. + LaunchSpecification: + type: object + properties: + userData: + allOf: + - $ref: '#/components/schemas/String' + - description: The Base64-encoded user data for the instance. + groupSet: + allOf: + - $ref: '#/components/schemas/GroupIdentifierList' + - description: 'One or more security groups. When requesting instances in a VPC, you must specify the IDs of the security groups. When requesting instances in EC2-Classic, you can specify the names or the IDs of the security groups.' + addressingType: + allOf: + - $ref: '#/components/schemas/String' + - description: Deprecated. + blockDeviceMapping: + allOf: + - $ref: '#/components/schemas/BlockDeviceMappingList' + - description: One or more block device mapping entries. + ebsOptimized: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Indicates whether the instance is optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn''t available with all instance types. Additional usage charges apply when using an EBS Optimized instance.

Default: false

' + iamInstanceProfile: + allOf: + - $ref: '#/components/schemas/IamInstanceProfileSpecification' + - description: The IAM instance profile. + imageId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the AMI. + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type. Only one instance type can be specified. + kernelId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the kernel. + keyName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the key pair. + networkInterfaceSet: + allOf: + - $ref: '#/components/schemas/InstanceNetworkInterfaceSpecificationList' + - description: 'One or more network interfaces. If you specify a network interface, you must specify subnet IDs and security group IDs using the network interface.' + placement: + allOf: + - $ref: '#/components/schemas/SpotPlacement' + - description: The placement information for the instance. + ramdiskId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the RAM disk. + subnetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet in which to launch the instance. + monitoring: + $ref: '#/components/schemas/RunInstancesMonitoringEnabled' + description: Describes the launch specification for an instance. + SpotFleetLaunchSpecification: + type: object + properties: + groupSet: + allOf: + - $ref: '#/components/schemas/GroupIdentifierList' + - description: 'One or more security groups. When requesting instances in a VPC, you must specify the IDs of the security groups. When requesting instances in EC2-Classic, you can specify the names or the IDs of the security groups.' + addressingType: + allOf: + - $ref: '#/components/schemas/String' + - description: Deprecated. + blockDeviceMapping: + allOf: + - $ref: '#/components/schemas/BlockDeviceMappingList' + - description: 'One or more block devices that are mapped to the Spot Instances. You can''t specify both a snapshot ID and an encryption value. This is because only blank volumes can be encrypted on creation. If a snapshot is the basis for a volume, it is not blank and its encryption status is used for the volume encryption status.' + ebsOptimized: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Indicates whether the instances are optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn''t available with all instance types. Additional usage charges apply when using an EBS Optimized instance.

Default: false

' + iamInstanceProfile: + allOf: + - $ref: '#/components/schemas/IamInstanceProfileSpecification' + - description: The IAM instance profile. + imageId: + allOf: + - $ref: '#/components/schemas/ImageId' + - description: The ID of the AMI. + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type. + kernelId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the kernel. + keyName: + allOf: + - $ref: '#/components/schemas/KeyPairName' + - description: The name of the key pair. + monitoring: + allOf: + - $ref: '#/components/schemas/SpotFleetMonitoring' + - description: Enable or disable monitoring for the instances. + networkInterfaceSet: + allOf: + - $ref: '#/components/schemas/InstanceNetworkInterfaceSpecificationList' + - description: '

One or more network interfaces. If you specify a network interface, you must specify subnet IDs and security group IDs using the network interface.

SpotFleetLaunchSpecification currently does not support Elastic Fabric Adapter (EFA). To specify an EFA, you must use LaunchTemplateConfig.

' + placement: + allOf: + - $ref: '#/components/schemas/SpotPlacement' + - description: The placement information. + ramdiskId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ID of the RAM disk. Some kernels require additional drivers at launch. Check the kernel requirements for information about whether you need to specify a RAM disk. To find kernel requirements, refer to the Amazon Web Services Resource Center and search for the kernel ID.' + spotPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The maximum price per unit hour that you are willing to pay for a Spot Instance. If this value is not specified, the default is the Spot price specified for the fleet. To determine the Spot price per unit hour, divide the Spot price by the value of WeightedCapacity.' + subnetId: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: 'The IDs of the subnets in which to launch the instances. To specify multiple subnets, separate them using commas; for example, "subnet-1234abcdeexample1, subnet-0987cdef6example2".' + userData: + allOf: + - $ref: '#/components/schemas/String' + - description: The Base64-encoded user data that instances use when starting up. + weightedCapacity: + allOf: + - $ref: '#/components/schemas/Double' + - description: '

The number of units provided by the specified instance type. These are the same units that you chose to set the target capacity in terms of instances, or a performance characteristic such as vCPUs, memory, or I/O.

If the target capacity divided by this value is not a whole number, Amazon EC2 rounds the number of instances to the next whole number. If this value is not specified, the default is 1.

' + tagSpecificationSet: + allOf: + - $ref: '#/components/schemas/SpotFleetTagSpecificationList' + - description: The tags to apply during creation. + instanceRequirements: + allOf: + - $ref: '#/components/schemas/InstanceRequirements' + - description: '

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.

If you specify InstanceRequirements, you can''t specify InstanceTypes.

' + description: 'Describes the launch specification for one or more Spot Instances. If you include On-Demand capacity in your fleet request or want to specify an EFA network device, you can''t use SpotFleetLaunchSpecification; you must use LaunchTemplateConfig.' + LaunchTemplateAutoRecoveryState: + type: string + enum: + - default + - disabled + LaunchTemplateEbsBlockDevice: + type: object + properties: + encrypted: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the EBS volume is encrypted. + deleteOnTermination: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the EBS volume is deleted on instance termination. + iops: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The number of I/O operations per second (IOPS) that the volume supports. ' + kmsKeyId: + allOf: + - $ref: '#/components/schemas/KmsKeyId' + - description: The ARN of the Key Management Service (KMS) CMK used for encryption. + snapshotId: + allOf: + - $ref: '#/components/schemas/SnapshotId' + - description: The ID of the snapshot. + volumeSize: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The size of the volume, in GiB.' + volumeType: + allOf: + - $ref: '#/components/schemas/VolumeType' + - description: The volume type. + throughput: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The throughput that the volume supports, in MiB/s.' + description: Describes a block device for an EBS volume. + LaunchTemplateBlockDeviceMapping: + type: object + properties: + deviceName: + allOf: + - $ref: '#/components/schemas/String' + - description: The device name. + virtualName: + allOf: + - $ref: '#/components/schemas/String' + - description: The virtual device name (ephemeralN). + ebs: + allOf: + - $ref: '#/components/schemas/LaunchTemplateEbsBlockDevice' + - description: Information about the block device for an EBS volume. + noDevice: + allOf: + - $ref: '#/components/schemas/String' + - description: 'To omit the device from the block device mapping, specify an empty string.' + description: Describes a block device mapping. + LaunchTemplateBlockDeviceMappingList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateBlockDeviceMapping' + - xml: + name: item + LaunchTemplateBlockDeviceMappingRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'To omit the device from the block device mapping, specify an empty string.' + description: Describes a block device mapping. + LaunchTemplateCapacityReservationSpecificationResponse: + type: object + properties: + capacityReservationPreference: + allOf: + - $ref: '#/components/schemas/CapacityReservationPreference' + - description: '

Indicates the instance''s Capacity Reservation preferences. Possible preferences include:

  • open - The instance can run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).

  • none - The instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity.

' + capacityReservationTarget: + allOf: + - $ref: '#/components/schemas/CapacityReservationTargetResponse' + - description: Information about the target Capacity Reservation or Capacity Reservation group. + description: Information about the Capacity Reservation targeting option. + LaunchTemplateOverridesList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateOverrides' + - xml: + name: item + LaunchTemplateCpuOptions: + type: object + properties: + coreCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of CPU cores for the instance. + threadsPerCore: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of threads per CPU core. + description: The CPU options for the instance. + LaunchTemplateCpuOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The number of threads per CPU core. To disable multithreading for the instance, specify a value of 1. Otherwise, specify the default value of 2.' + description: The CPU options for the instance. Both the core count and threads per core must be specified in the request. + LaunchTemplateEbsBlockDeviceRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The throughput to provision for a gp3 volume, with a maximum of 1,000 MiB/s.

Valid Range: Minimum value of 125. Maximum value of 1000.

' + description: The parameters for a block device for an EBS volume. + LaunchTemplateElasticInferenceAcceleratorCount: + type: integer + minimum: 1 + LaunchTemplateElasticInferenceAccelerator: + type: object + required: + - Type + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LaunchTemplateElasticInferenceAcceleratorCount' + - description: '

The number of elastic inference accelerators to attach to the instance.

Default: 1

' + description: ' Describes an elastic inference accelerator. ' + LaunchTemplateElasticInferenceAcceleratorResponse: + type: object + properties: + type: + allOf: + - $ref: '#/components/schemas/String' + - description: ' The type of elastic inference accelerator. The possible values are eia1.medium, eia1.large, and eia1.xlarge. ' + count: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The number of elastic inference accelerators to attach to the instance.

Default: 1

' + description: ' Describes an elastic inference accelerator. ' + LaunchTemplateElasticInferenceAcceleratorResponseList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateElasticInferenceAcceleratorResponse' + - xml: + name: item + LaunchTemplateEnclaveOptions: + type: object + properties: + enabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If this parameter is set to true, the instance is enabled for Amazon Web Services Nitro Enclaves; otherwise, it is not enabled for Amazon Web Services Nitro Enclaves.' + description: Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. + LaunchTemplateEnclaveOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to true.' + description: 'Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.' + LaunchTemplateErrorCode: + type: string + enum: + - launchTemplateIdDoesNotExist + - launchTemplateIdMalformed + - launchTemplateNameDoesNotExist + - launchTemplateNameMalformed + - launchTemplateVersionDoesNotExist + - unexpectedError + LaunchTemplateHibernationOptions: + type: object + properties: + configured: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If this parameter is set to true, the instance is enabled for hibernation; otherwise, it is not enabled for hibernation.' + description: Indicates whether an instance is configured for hibernation. + LaunchTemplateHibernationOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

If you set this parameter to true, the instance is enabled for hibernation.

Default: false

' + description: 'Indicates whether the instance is configured for hibernation. This parameter is valid only if the instance meets the hibernation prerequisites.' + LaunchTemplateHttpTokensState: + type: string + enum: + - optional + - required + LaunchTemplateIamInstanceProfileSpecification: + type: object + properties: + arn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the instance profile. + name: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the instance profile. + description: Describes an IAM instance profile. + LaunchTemplateInstanceMaintenanceOptions: + type: object + properties: + autoRecovery: + allOf: + - $ref: '#/components/schemas/LaunchTemplateAutoRecoveryState' + - description: Disables the automatic recovery behavior of your instance or sets it to default. + description: The maintenance options of your instance. + MarketType: + type: string + enum: + - spot + LaunchTemplateSpotMarketOptions: + type: object + properties: + maxPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The maximum hourly price you're willing to pay for the Spot Instances. + spotInstanceType: + allOf: + - $ref: '#/components/schemas/SpotInstanceType' + - description: The Spot Instance request type. + blockDurationMinutes: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The required duration for the Spot Instances (also known as Spot blocks), in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360).' + validUntil: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The end date of the request. For a one-time request, the request remains active until all instances launch, the request is canceled, or this date is reached. If the request is persistent, it remains active until it is canceled or this date and time is reached.' + instanceInterruptionBehavior: + allOf: + - $ref: '#/components/schemas/InstanceInterruptionBehavior' + - description: The behavior when a Spot Instance is interrupted. + description: The options for Spot Instances. + LaunchTemplateInstanceMarketOptions: + type: object + properties: + marketType: + allOf: + - $ref: '#/components/schemas/MarketType' + - description: The market type. + spotOptions: + allOf: + - $ref: '#/components/schemas/LaunchTemplateSpotMarketOptions' + - description: The options for Spot Instances. + description: The market (purchasing) option for the instances. + LaunchTemplateSpotMarketOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceInterruptionBehavior' + - description: The behavior when a Spot Instance is interrupted. The default is terminate. + description: The options for Spot Instances. + LaunchTemplateInstanceMarketOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LaunchTemplateSpotMarketOptionsRequest' + - description: The options for Spot Instances. + description: The market (purchasing) option for the instances. + LaunchTemplateInstanceMetadataEndpointState: + type: string + enum: + - disabled + - enabled + LaunchTemplateInstanceMetadataOptionsState: + type: string + enum: + - pending + - applied + LaunchTemplateInstanceMetadataProtocolIpv6: + type: string + enum: + - disabled + - enabled + LaunchTemplateInstanceMetadataTagsState: + type: string + enum: + - disabled + - enabled + LaunchTemplateInstanceMetadataOptions: + type: object + properties: + state: + allOf: + - $ref: '#/components/schemas/LaunchTemplateInstanceMetadataOptionsState' + - description:

The state of the metadata option changes.

pending - The metadata options are being updated and the instance is not ready to process metadata traffic with the new selection.

applied - The metadata options have been successfully applied on the instance.

+ httpTokens: + allOf: + - $ref: '#/components/schemas/LaunchTemplateHttpTokensState' + - description: '

The state of token usage for your instance metadata requests. If the parameter is not specified in the request, the default state is optional.

If the state is optional, you can choose to retrieve instance metadata with or without a signed token header on your request. If you retrieve the IAM role credentials without a token, the version 1.0 role credentials are returned. If you retrieve the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned.

If the state is required, you must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns the version 2.0 credentials; the version 1.0 credentials are not available.

' + httpPutResponseHopLimit: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.

Default: 1

Possible values: Integers from 1 to 64

' + httpEndpoint: + allOf: + - $ref: '#/components/schemas/LaunchTemplateInstanceMetadataEndpointState' + - description: '

Enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is enabled.

If you specify a value of disabled, you will not be able to access your instance metadata.

' + httpProtocolIpv6: + allOf: + - $ref: '#/components/schemas/LaunchTemplateInstanceMetadataProtocolIpv6' + - description: '

Enables or disables the IPv6 endpoint for the instance metadata service.

Default: disabled

' + instanceMetadataTags: + allOf: + - $ref: '#/components/schemas/LaunchTemplateInstanceMetadataTagsState' + - description: '

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.

Default: disabled

' + description: 'The metadata options for the instance. For more information, see Instance Metadata and User Data in the Amazon Elastic Compute Cloud User Guide.' + LaunchTemplateInstanceMetadataOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LaunchTemplateInstanceMetadataTagsState' + - description: '

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.

Default: disabled

' + description: 'The metadata options for the instance. For more information, see Instance Metadata and User Data in the Amazon Elastic Compute Cloud User Guide.' + LaunchTemplateInstanceNetworkInterfaceSpecification: + type: object + properties: + associateCarrierIpAddress: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Indicates whether to associate a Carrier IP address with eth0 for a new network interface.

Use this option when you launch an instance in a Wavelength Zone and want to associate a Carrier IP address with the network interface. For more information about Carrier IP addresses, see Carrier IP addresses in the Wavelength Developer Guide.

' + associatePublicIpAddress: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to associate a public IPv4 address with eth0 for a new network interface. + deleteOnTermination: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the network interface is deleted when the instance is terminated. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description for the network interface. + deviceIndex: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The device index for the network interface attachment. + groupSet: + allOf: + - $ref: '#/components/schemas/GroupIdStringList' + - description: The IDs of one or more security groups. + interfaceType: + allOf: + - $ref: '#/components/schemas/String' + - description: The type of network interface. + ipv6AddressCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of IPv6 addresses for the network interface. + ipv6AddressesSet: + allOf: + - $ref: '#/components/schemas/InstanceIpv6AddressList' + - description: The IPv6 addresses for the network interface. + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - description: The ID of the network interface. + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The primary private IPv4 address of the network interface. + privateIpAddressesSet: + allOf: + - $ref: '#/components/schemas/PrivateIpAddressSpecificationList' + - description: One or more private IPv4 addresses. + secondaryPrivateIpAddressCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of secondary private IPv4 addresses for the network interface. + subnetId: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: The ID of the subnet for the network interface. + networkCardIndex: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The index of the network card. + ipv4PrefixSet: + allOf: + - $ref: '#/components/schemas/Ipv4PrefixListResponse' + - description: One or more IPv4 prefixes assigned to the network interface. + ipv4PrefixCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of IPv4 prefixes that Amazon Web Services automatically assigned to the network interface. + ipv6PrefixSet: + allOf: + - $ref: '#/components/schemas/Ipv6PrefixListResponse' + - description: One or more IPv6 prefixes assigned to the network interface. + ipv6PrefixCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of IPv6 prefixes that Amazon Web Services automatically assigned to the network interface. + description: Describes a network interface. + LaunchTemplateInstanceNetworkInterfaceSpecificationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateInstanceNetworkInterfaceSpecification' + - xml: + name: item + LaunchTemplateInstanceNetworkInterfaceSpecificationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The device index for the network interface attachment. + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0. + Ipv4Prefix: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of IPv4 prefixes to be automatically assigned to the network interface. You cannot use this option if you use the Ipv4Prefix option. + Ipv6Prefix: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of IPv6 prefixes to be automatically assigned to the network interface. You cannot use this option if you use the Ipv6Prefix option. + description: The parameters for a network interface. + LaunchTemplateInstanceNetworkInterfaceSpecificationRequestList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateInstanceNetworkInterfaceSpecificationRequest' + - xml: + name: InstanceNetworkInterfaceSpecification + LaunchTemplateLicenseConfiguration: + type: object + properties: + licenseConfigurationArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the license configuration. + description: Describes a license configuration. + LaunchTemplateLicenseConfigurationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the license configuration. + description: Describes a license configuration. + LaunchTemplateLicenseList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateLicenseConfiguration' + - xml: + name: item + LaunchTemplateLicenseSpecificationListRequest: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateLicenseConfigurationRequest' + - xml: + name: item + LaunchTemplateOverrides: + type: object + properties: + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type. + spotPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The maximum price per unit hour that you are willing to pay for a Spot Instance. + subnetId: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: The ID of the subnet in which to launch the instances. + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone in which to launch the instances. + weightedCapacity: + allOf: + - $ref: '#/components/schemas/Double' + - description: The number of units provided by the specified instance type. + priority: + allOf: + - $ref: '#/components/schemas/Double' + - description: '

The priority for the launch template override. The highest priority is launched first.

If OnDemandAllocationStrategy is set to prioritized, Spot Fleet uses priority to determine which launch template override to use first in fulfilling On-Demand capacity.

If the Spot AllocationStrategy is set to capacityOptimizedPrioritized, Spot Fleet uses priority on a best-effort basis to determine which launch template override to use in fulfilling Spot capacity, but optimizes for capacity first.

Valid values are whole numbers starting at 0. The lower the number, the higher the priority. If no number is set, the launch template override has the lowest priority. You can set the same priority for different launch template overrides.

' + instanceRequirements: + allOf: + - $ref: '#/components/schemas/InstanceRequirements' + - description: '

The instance requirements. When you specify instance requirements, Amazon EC2 will identify instance types with the provided requirements, and then use your On-Demand and Spot allocation strategies to launch instances from these instance types, in the same way as when you specify a list of instance types.

If you specify InstanceRequirements, you can''t specify InstanceTypes.

' + description: Describes overrides for a launch template. + LaunchTemplatePlacement: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone of the instance. + affinity: + allOf: + - $ref: '#/components/schemas/String' + - description: The affinity setting for the instance on the Dedicated Host. + groupName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the placement group for the instance. + hostId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Dedicated Host for the instance. + tenancy: + allOf: + - $ref: '#/components/schemas/Tenancy' + - description: 'The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. ' + spreadDomain: + allOf: + - $ref: '#/components/schemas/String' + - description: Reserved for future use. + hostResourceGroupArn: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ARN of the host resource group in which to launch the instances. ' + partitionNumber: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of the partition the instance should launch in. Valid only if the placement group strategy is set to partition. + description: Describes the placement of an instance. + LaunchTemplatePlacementRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of the partition the instance should launch in. Valid only if the placement group strategy is set to partition. + description: Describes the placement of an instance. + LaunchTemplatePrivateDnsNameOptions: + type: object + properties: + hostnameType: + allOf: + - $ref: '#/components/schemas/HostnameType' + - description: The type of hostname to assign to an instance. + enableResourceNameDnsARecord: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to respond to DNS queries for instance hostnames with DNS A records. + enableResourceNameDnsAAAARecord: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. + description: Describes the options for instance hostnames. + LaunchTemplatePrivateDnsNameOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. + description: Describes the options for instance hostnames. + LaunchTemplateSpecification: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The version number of the launch template.

Default: The default version for the launch template.

' + description: 'The launch template to use. You must specify either the launch template ID or launch template name in the request, but not both.' + SpotInstanceType: + type: string + enum: + - one-time + - persistent + ResourceType: + type: string + enum: + - capacity-reservation + - client-vpn-endpoint + - customer-gateway + - carrier-gateway + - dedicated-host + - dhcp-options + - egress-only-internet-gateway + - elastic-ip + - elastic-gpu + - export-image-task + - export-instance-task + - fleet + - fpga-image + - host-reservation + - image + - import-image-task + - import-snapshot-task + - instance + - instance-event-window + - internet-gateway + - ipam + - ipam-pool + - ipam-scope + - ipv4pool-ec2 + - ipv6pool-ec2 + - key-pair + - launch-template + - local-gateway + - local-gateway-route-table + - local-gateway-virtual-interface + - local-gateway-virtual-interface-group + - local-gateway-route-table-vpc-association + - local-gateway-route-table-virtual-interface-group-association + - natgateway + - network-acl + - network-interface + - network-insights-analysis + - network-insights-path + - network-insights-access-scope + - network-insights-access-scope-analysis + - placement-group + - prefix-list + - replace-root-volume-task + - reserved-instances + - route-table + - security-group + - security-group-rule + - snapshot + - spot-fleet-request + - spot-instances-request + - subnet + - subnet-cidr-reservation + - traffic-mirror-filter + - traffic-mirror-session + - traffic-mirror-target + - transit-gateway + - transit-gateway-attachment + - transit-gateway-connect-peer + - transit-gateway-multicast-domain + - transit-gateway-route-table + - volume + - vpc + - vpc-endpoint + - vpc-endpoint-service + - vpc-peering-connection + - vpn-connection + - vpn-gateway + - vpc-flow-log + LaunchTemplateTagSpecification: + type: object + properties: + resourceType: + allOf: + - $ref: '#/components/schemas/ResourceType' + - description: The type of resource. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the resource. + description: The tag specification for the launch template. + LaunchTemplateTagSpecificationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LaunchTemplateTagSpecification' + - xml: + name: item + LaunchTemplateTagSpecificationRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ResourceType' + - description: 'The type of resource to tag. Currently, the resource types that support tagging on creation are instance, volume, elastic-gpu, network-interface, and spot-instances-request. To tag a resource after it has been created, see CreateTags.' + Tag: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags to apply to the resource. + description: The tags specification for the launch template. + VersionDescription: + type: string + minLength: 0 + maxLength: 255 + LaunchTemplatesMonitoring: + type: object + properties: + enabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Indicates whether detailed monitoring is enabled. Otherwise, basic monitoring is enabled.' + description: Describes the monitoring for the instance. + LaunchTemplatesMonitoringRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Specify true to enable detailed monitoring. Otherwise, basic monitoring is enabled.' + description: Describes the monitoring for the instance. + LicenseConfiguration: + type: object + properties: + licenseConfigurationArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the license configuration. + description: Describes a license configuration. + LicenseSpecificationListRequest: + type: array + items: + allOf: + - $ref: '#/components/schemas/LicenseConfigurationRequest' + - xml: + name: item + ListImagesInRecycleBinMaxResults: + type: integer + minimum: 1 + maximum: 1000 + ListImagesInRecycleBinRequest: + type: object + title: ListImagesInRecycleBinRequest + properties: + ImageId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ListSnapshotsInRecycleBinMaxResults: + type: integer + minimum: 5 + maximum: 1000 + ListSnapshotsInRecycleBinRequest: + type: object + title: ListSnapshotsInRecycleBinRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The token for the next page of results. + SnapshotId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + SnapshotRecycleBinInfoList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SnapshotRecycleBinInfo' + - xml: + name: item + ListingStatus: + type: string + enum: + - active + - pending + - cancelled + - closed + TargetGroupsConfig: + type: object + properties: + targetGroups: + allOf: + - $ref: '#/components/schemas/TargetGroups' + - description: One or more target groups. + description: Describes the target groups to attach to a Spot Fleet. Spot Fleet registers the running Spot Instances with these target groups. + LoadPermission: + type: object + properties: + userId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID. + group: + allOf: + - $ref: '#/components/schemas/PermissionGroup' + - description: The name of the group. + description: Describes a load permission. + LoadPermissionRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID. + description: Describes a load permission. + LoadPermissionModifications: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LoadPermissionListRequest' + - description: The load permissions to remove. + description: Describes modifications to the load permissions of an Amazon FPGA image (AFI). + LocalGateway: + type: object + properties: + localGatewayId: + allOf: + - $ref: '#/components/schemas/LocalGatewayId' + - description: The ID of the local gateway. + outpostArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Outpost. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the local gateway. + state: + allOf: + - $ref: '#/components/schemas/String' + - description: The state of the local gateway. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the local gateway. + description: Describes a local gateway. + LocalGatewayMaxResults: + type: integer + minimum: 5 + maximum: 1000 + LocalGatewayRouteType: + type: string + enum: + - static + - propagated + LocalGatewayRouteState: + type: string + enum: + - pending + - active + - blackhole + - deleting + - deleted + LocalGatewayRouteList: + type: array + items: + allOf: + - $ref: '#/components/schemas/LocalGatewayRoute' + - xml: + name: item + LocalGatewayRouteTable: + type: object + properties: + localGatewayRouteTableId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the local gateway route table. + localGatewayRouteTableArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The Amazon Resource Name (ARN) of the local gateway route table. + localGatewayId: + allOf: + - $ref: '#/components/schemas/LocalGatewayId' + - description: The ID of the local gateway. + outpostArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Outpost. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the local gateway route table. + state: + allOf: + - $ref: '#/components/schemas/String' + - description: The state of the local gateway route table. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the local gateway route table. + description: Describes a local gateway route table. + LocalGatewayRouteTableVirtualInterfaceGroupAssociation: + type: object + properties: + localGatewayRouteTableVirtualInterfaceGroupAssociationId: + allOf: + - $ref: '#/components/schemas/LocalGatewayRouteTableVirtualInterfaceGroupAssociationId' + - description: The ID of the association. + localGatewayVirtualInterfaceGroupId: + allOf: + - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroupId' + - description: The ID of the virtual interface group. + localGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the local gateway. + localGatewayRouteTableId: + allOf: + - $ref: '#/components/schemas/LocalGatewayId' + - description: The ID of the local gateway route table. + localGatewayRouteTableArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The Amazon Resource Name (ARN) of the local gateway route table for the virtual interface group. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the local gateway virtual interface group association. + state: + allOf: + - $ref: '#/components/schemas/String' + - description: The state of the association. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the association. + description: Describes an association between a local gateway route table and a virtual interface group. + LocalGatewayVirtualInterface: + type: object + properties: + localGatewayVirtualInterfaceId: + allOf: + - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceId' + - description: The ID of the virtual interface. + localGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the local gateway. + vlan: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The ID of the VLAN. + localAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The local address. + peerAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The peer address. + localBgpAsn: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the local gateway. + peerBgpAsn: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The peer BGP ASN. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the local gateway virtual interface. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the virtual interface. + description: Describes a local gateway virtual interface. + LocalGatewayVirtualInterfaceGroup: + type: object + properties: + localGatewayVirtualInterfaceGroupId: + allOf: + - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceGroupId' + - description: The ID of the virtual interface group. + localGatewayVirtualInterfaceIdSet: + allOf: + - $ref: '#/components/schemas/LocalGatewayVirtualInterfaceIdSet' + - description: The IDs of the virtual interfaces. + localGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the local gateway. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the local gateway virtual interface group. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags assigned to the virtual interface group. + description: Describes a local gateway virtual interface group. + LocalStorageType: + type: string + enum: + - hdd + - ssd + PrefixListState: + type: string + enum: + - create-in-progress + - create-complete + - create-failed + - modify-in-progress + - modify-complete + - modify-failed + - restore-in-progress + - restore-complete + - restore-failed + - delete-in-progress + - delete-complete + - delete-failed + MaxIpv4AddrPerInterface: + type: integer + MaxIpv6AddrPerInterface: + type: integer + MaxNetworkInterfaces: + type: integer + MaxResults: + type: integer + MaximumNetworkCards: + type: integer + MembershipType: + type: string + enum: + - static + - igmp + MemorySize: + type: integer + ModifyAddressAttributeRequest: + type: object + required: + - AllocationId + title: ModifyAddressAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyAvailabilityZoneGroupRequest: + type: object + required: + - GroupName + - OptInStatus + title: ModifyAvailabilityZoneGroupRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyAvailabilityZoneOptInStatus: + type: string + enum: + - opted-in + - not-opted-in + ModifyCapacityReservationFleetRequest: + type: object + required: + - CapacityReservationFleetId + title: ModifyCapacityReservationFleetRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Indicates whether to remove the end date from the Capacity Reservation Fleet. If you remove the end date, the Capacity Reservation Fleet does not expire and it remains active until you explicitly cancel it using the CancelCapacityReservationFleet action.

You can''t specify RemoveEndDate and EndDate in the same request.

' + ModifyCapacityReservationRequest: + type: object + required: + - CapacityReservationId + title: ModifyCapacityReservationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: Reserved for future use. + ModifyClientVpnEndpointRequest: + type: object + required: + - ClientVpnEndpointId + title: ModifyClientVpnEndpointRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/ClientLoginBannerOptions' + - description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established. + ModifyDefaultCreditSpecificationRequest: + type: object + required: + - InstanceFamily + - CpuCredits + title: ModifyDefaultCreditSpecificationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The credit option for CPU usage of the instance family.

Valid Values: standard | unlimited

' + ModifyEbsDefaultKmsKeyIdRequest: + type: object + required: + - KmsKeyId + title: ModifyEbsDefaultKmsKeyIdRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyFleetRequest: + type: object + required: + - FleetId + title: ModifyFleetRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/FleetExcessCapacityTerminationPolicy' + - description: Indicates whether running instances should be terminated if the total target capacity of the EC2 Fleet is decreased below the current size of the EC2 Fleet. + LaunchTemplateConfig: + allOf: + - $ref: '#/components/schemas/String' + - description: Reserved. + OperationType: + type: string + enum: + - add + - remove + UserIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: UserId + UserGroupStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: UserGroup + ModifyFpgaImageAttributeRequest: + type: object + required: + - FpgaImageId + title: ModifyFpgaImageAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/OperationType' + - description: The operation type. + UserId: + allOf: + - $ref: '#/components/schemas/UserIdStringList' + - description: The Amazon Web Services account IDs. This parameter is valid only when modifying the loadPermission attribute. + UserGroup: + allOf: + - $ref: '#/components/schemas/UserGroupStringList' + - description: The user groups. This parameter is valid only when modifying the loadPermission attribute. + ProductCode: + allOf: + - $ref: '#/components/schemas/String' + - description: A name for the AFI. + ModifyHostsRequest: + type: object + required: + - HostIds + title: ModifyHostsRequest + properties: + autoPlacement: + allOf: + - $ref: '#/components/schemas/AutoPlacement' + - description: Specify whether to enable or disable auto-placement. + hostId: + allOf: + - $ref: '#/components/schemas/String' + - description: '

Specifies the instance family to be supported by the Dedicated Host. Specify this parameter to modify a Dedicated Host to support multiple instance types within its current instance family.

If you want to modify a Dedicated Host to support a specific instance type only, omit this parameter and specify InstanceType instead. You cannot specify InstanceFamily and InstanceType in the same request.

' + UnsuccessfulItemList: + type: array + items: + allOf: + - $ref: '#/components/schemas/UnsuccessfulItem' + - xml: + name: item + ModifyIdFormatRequest: + type: object + required: + - Resource + - UseLongIds + title: ModifyIdFormatRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicate whether the resource should use longer IDs (17-character IDs). + ModifyIdentityIdFormatRequest: + type: object + required: + - PrincipalArn + - Resource + - UseLongIds + title: ModifyIdentityIdFormatRequest + properties: + principalArn: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ARN of the principal, which can be an IAM user, IAM role, or the root user. Specify all to modify the ID format for all IAM users, IAM roles, and the root user of the account.' + resource: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The type of resource: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

Alternatively, use the all-current option to include all resource types that are currently within their opt-in period for longer IDs.

' + useLongIds: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the resource should use longer IDs (17-character IDs) + ProductCodeStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: ProductCode + OrganizationArnStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: OrganizationArn + OrganizationalUnitArnStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: OrganizationalUnitArn + ModifyImageAttributeRequest: + type: object + required: + - ImageId + title: ModifyImageAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/OperationType' + - description: The operation type. This parameter can be used only when the Attribute parameter is launchPermission. + ProductCode: + allOf: + - $ref: '#/components/schemas/ProductCodeStringList' + - description: Not supported. + UserGroup: + allOf: + - $ref: '#/components/schemas/UserGroupStringList' + - description: The user groups. This parameter can be used only when the Attribute parameter is launchPermission. + UserId: + allOf: + - $ref: '#/components/schemas/String' + - description: The value of the attribute being modified. This parameter can be used only when the Attribute parameter is description. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + OrganizationArn: + allOf: + - $ref: '#/components/schemas/OrganizationArnStringList' + - description: The Amazon Resource Name (ARN) of an organization. This parameter can be used only when the Attribute parameter is launchPermission. + OrganizationalUnitArn: + allOf: + - $ref: '#/components/schemas/OrganizationalUnitArnStringList' + - description: The Amazon Resource Name (ARN) of an organizational unit (OU). This parameter can be used only when the Attribute parameter is launchPermission. + description: Contains the parameters for ModifyImageAttribute. + ModifyInstanceAttributeRequest: + type: object + required: + - InstanceId + title: ModifyInstanceAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description: 'Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.' + attribute: + allOf: + - $ref: '#/components/schemas/InstanceAttributeName' + - description: The name of the attribute. + blockDeviceMapping: + allOf: + - $ref: '#/components/schemas/InstanceBlockDeviceMappingSpecificationList' + - description: '

Modifies the DeleteOnTermination attribute for volumes that are currently attached. The volume must be owned by the caller. If no value is specified for DeleteOnTermination, the default is true and the volume is deleted when the instance is terminated.

To add instance store volumes to an Amazon EBS-backed instance, you must add them when you launch the instance. For more information, see Update the block device mapping when launching an instance in the Amazon EC2 User Guide.

' + disableApiTermination: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description: 'If the value is true, you can''t terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. You cannot use this parameter for Spot Instances.' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ebsOptimized: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description: Specifies whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance. + enaSupport: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description:

Set to true to enable enhanced networking with ENA for the instance.

This option is supported only for HVM instances. Specifying this option with a PV instance can make it unreachable.

+ GroupId: + allOf: + - $ref: '#/components/schemas/GroupIdStringList' + - description: '[EC2-VPC] Replaces the security groups of the instance with the specified security groups. You must specify at least one security group, even if it''s just the default security group for the VPC. You must specify the security group ID, not the security group name.' + instanceId: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: The ID of the instance. + instanceInitiatedShutdownBehavior: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: Specifies whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). + instanceType: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: 'Changes the instance type to the specified value. For more information, see Instance types in the Amazon EC2 User Guide. If the instance type is not valid, the error returned is InvalidInstanceAttributeValue.' + kernel: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: 'Changes the instance''s kernel to the specified value. We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB.' + ramdisk: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: 'Changes the instance''s RAM disk to the specified value. We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB.' + sriovNetSupport: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description:

Set to simple to enable enhanced networking with the Intel 82599 Virtual Function interface for the instance.

There is no way to disable enhanced networking with the Intel 82599 Virtual Function interface at this time.

This option is supported only for HVM instances. Specifying this option with a PV instance can make it unreachable.

+ userData: + allOf: + - $ref: '#/components/schemas/BlobAttributeValue' + - description: 'Changes the instance''s user data to the specified value. If you are using an Amazon Web Services SDK or command line tool, base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide base64-encoded text.' + value: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A new value for the attribute. Use only with the kernel, ramdisk, userData, disableApiTermination, or instanceInitiatedShutdownBehavior attribute.' + ModifyInstanceCapacityReservationAttributesRequest: + type: object + required: + - InstanceId + - CapacityReservationSpecification + title: ModifyInstanceCapacityReservationAttributesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyInstanceCreditSpecificationRequest: + type: object + required: + - InstanceCreditSpecifications + title: ModifyInstanceCreditSpecificationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.' + InstanceCreditSpecification: + allOf: + - $ref: '#/components/schemas/InstanceCreditSpecificationListRequest' + - description: Information about the credit option for CPU usage. + SuccessfulInstanceCreditSpecificationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/SuccessfulInstanceCreditSpecificationItem' + - xml: + name: item + UnsuccessfulInstanceCreditSpecificationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/UnsuccessfulInstanceCreditSpecificationItem' + - xml: + name: item + ModifyInstanceEventStartTimeRequest: + type: object + required: + - InstanceId + - InstanceEventId + - NotBefore + title: ModifyInstanceEventStartTimeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The new date and time when the event will take place. + ModifyInstanceEventWindowRequest: + type: object + required: + - InstanceEventWindowId + title: ModifyInstanceEventWindowRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowId' + - description: The ID of the event window. + TimeRange: + allOf: + - $ref: '#/components/schemas/InstanceEventWindowCronExpression' + - description: '

The cron expression of the event window, for example, * 0-4,20-23 * * 1,5.

Constraints:

  • Only hour and day of the week values are supported.

  • For day of the week values, you can specify either integers 0 through 6, or alternative single values SUN through SAT.

  • The minute, month, and year must be specified by *.

  • The hour value must be one or a multiple range, for example, 0-4 or 0-4,20-23.

  • Each hour range must be >= 2 hours, for example, 0-2 or 20-23.

  • The event window must be >= 4 hours. The combined total time ranges in the event window must be >= 4 hours.

For more information about cron expressions, see cron on the Wikipedia website.

' + ModifyInstanceMaintenanceOptionsRequest: + type: object + required: + - InstanceId + title: ModifyInstanceMaintenanceOptionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyInstanceMetadataOptionsRequest: + type: object + required: + - InstanceId + title: ModifyInstanceMetadataOptionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/InstanceMetadataTagsState' + - description: '

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.

Default: disabled

' + ModifyInstancePlacementRequest: + type: object + required: + - InstanceId + title: ModifyInstancePlacementRequest + properties: + affinity: + allOf: + - $ref: '#/components/schemas/PlacementGroupName' + - description: '

The name of the placement group in which to place the instance. For spread placement groups, the instance must have a tenancy of default. For cluster and partition placement groups, the instance must have a tenancy of default or dedicated.

To remove an instance from a placement group, specify an empty string ("").

' + hostId: + allOf: + - $ref: '#/components/schemas/DedicatedHostId' + - description: The ID of the Dedicated Host with which to associate the instance. + instanceId: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: The ID of the instance that you are modifying. + tenancy: + allOf: + - $ref: '#/components/schemas/String' + - description: The ARN of the host resource group in which to place the instance. + ModifyIpamPoolRequest: + type: object + required: + - IpamPoolId + title: ModifyIpamPoolRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Clear the default netmask length allocation rule for this pool. + AddAllocationResourceTag: + allOf: + - $ref: '#/components/schemas/RequestIpamResourceTagList' + - description: 'Add tag allocation rules to a pool. For more information about allocation rules, see Create a top-level pool in the Amazon VPC IPAM User Guide.' + RemoveAllocationResourceTag: + allOf: + - $ref: '#/components/schemas/RequestIpamResourceTagList' + - description: Remove tag allocation rules from a pool. + RemoveIpamOperatingRegionSet: + type: array + items: + $ref: '#/components/schemas/RemoveIpamOperatingRegion' + minItems: 0 + maxItems: 50 + ModifyIpamRequest: + type: object + required: + - IpamId + title: ModifyIpamRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the IPAM you want to modify. + AddOperatingRegion: + allOf: + - $ref: '#/components/schemas/AddIpamOperatingRegionSet' + - description: '

Choose the operating Regions for the IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

' + RemoveOperatingRegion: + allOf: + - $ref: '#/components/schemas/RemoveIpamOperatingRegionSet' + - description: The operating Regions to remove. + ModifyIpamResourceCidrRequest: + type: object + required: + - ResourceId + - ResourceCidr + - ResourceRegion + - CurrentIpamScopeId + - Monitored + title: ModifyIpamResourceCidrRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Determines if the resource is monitored by IPAM. If a resource is monitored, the resource is discovered by IPAM and you can view details about the resource’s CIDR.' + ModifyIpamScopeRequest: + type: object + required: + - IpamScopeId + title: ModifyIpamScopeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the scope you want to modify. + ModifyLaunchTemplateRequest: + type: object + title: ModifyLaunchTemplateRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LaunchTemplateName' + - description: The name of the launch template. You must specify either the launch template ID or launch template name in the request. + SetDefaultVersion: + allOf: + - $ref: '#/components/schemas/String' + - description: The version number of the launch template to set as the default version. + ModifyManagedPrefixListRequest: + type: object + required: + - PrefixListId + title: ModifyManagedPrefixListRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: A name for the prefix list. + AddEntry: + allOf: + - $ref: '#/components/schemas/AddPrefixListEntries' + - description: One or more entries to add to the prefix list. + RemoveEntry: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The maximum number of entries for the prefix list. You cannot modify the entries of a prefix list and modify the size of a prefix list at the same time.

If any of the resources that reference the prefix list cannot support the new maximum size, the modify operation fails. Check the state message for the IDs of the first ten resources that do not support the new maximum size.

' + NetworkInterfaceAttachmentChanges: + type: object + properties: + attachmentId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceAttachmentId' + - description: The ID of the network interface attachment. + deleteOnTermination: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the network interface is deleted when the instance is terminated. + description: Describes an attachment change. + ModifyNetworkInterfaceAttributeRequest: + type: object + required: + - NetworkInterfaceId + title: ModifyNetworkInterfaceAttributeRequest + properties: + attachment: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceAttachmentChanges' + - description: 'Information about the interface attachment. If modifying the ''delete on termination'' attribute, you must specify the ID of the interface attachment.' + description: + allOf: + - $ref: '#/components/schemas/AttributeValue' + - description: A description for the network interface. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/SecurityGroupIdStringList' + - description: 'Changes the security groups for the network interface. The new set of groups you specify replaces the current set. You must specify at least one group, even if it''s just the default security group in the VPC. You must specify the ID of the security group, not the name.' + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - description: The ID of the network interface. + sourceDestCheck: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description: 'Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.' + description: Contains the parameters for ModifyNetworkInterfaceAttribute. + ModifyPrivateDnsNameOptionsRequest: + type: object + title: ModifyPrivateDnsNameOptionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. + ReservedInstancesConfigurationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservedInstancesConfiguration' + - xml: + name: item + ModifyReservedInstancesRequest: + type: object + required: + - ReservedInstancesIds + - TargetConfigurations + title: ModifyReservedInstancesRequest + properties: + ReservedInstancesId: + allOf: + - $ref: '#/components/schemas/ReservedInstancesIdStringList' + - description: The IDs of the Reserved Instances to modify. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A unique, case-sensitive token you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.' + ReservedInstancesConfigurationSetItemType: + allOf: + - $ref: '#/components/schemas/ReservedInstancesConfigurationList' + - description: The configuration settings for the Reserved Instances to modify. + description: Contains the parameters for ModifyReservedInstances. + ModifySecurityGroupRulesRequest: + type: object + required: + - GroupId + - SecurityGroupRules + title: ModifySecurityGroupRulesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - description: The ID of the security group. + SecurityGroupRule: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifySnapshotAttributeRequest: + type: object + required: + - SnapshotId + title: ModifySnapshotAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/CreateVolumePermissionModifications' + - description: A JSON representation of the snapshot attribute modification. + UserGroup: + allOf: + - $ref: '#/components/schemas/SnapshotId' + - description: The ID of the snapshot. + UserId: + allOf: + - $ref: '#/components/schemas/UserIdStringList' + - description: The account ID to modify for the snapshot. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifySnapshotTierRequest: + type: object + required: + - SnapshotId + title: ModifySnapshotTierRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifySpotFleetRequestRequest: + type: object + required: + - SpotFleetRequestId + title: ModifySpotFleetRequestRequest + properties: + excessCapacityTerminationPolicy: + allOf: + - $ref: '#/components/schemas/ExcessCapacityTerminationPolicy' + - description: Indicates whether running Spot Instances should be terminated if the target capacity of the Spot Fleet request is decreased below the current size of the Spot Fleet. + LaunchTemplateConfig: + allOf: + - $ref: '#/components/schemas/LaunchTemplateConfigList' + - description: 'The launch template and overrides. You can only use this parameter if you specified a launch template (LaunchTemplateConfigs) in your Spot Fleet request. If you specified LaunchSpecifications in your Spot Fleet request, then omit this parameter.' + spotFleetRequestId: + allOf: + - $ref: '#/components/schemas/SpotFleetRequestId' + - description: The ID of the Spot Fleet request. + targetCapacity: + allOf: + - $ref: '#/components/schemas/String' + - description: Reserved. + description: Contains the parameters for ModifySpotFleetRequest. + ModifySubnetAttributeRequest: + type: object + required: + - SubnetId + title: ModifySubnetAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description: Specify true to indicate that network interfaces attached to instances created in the specified subnet should be assigned a public IPv4 address. + subnetId: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description: ' Specify true to indicate that local network interfaces at the current position should be disabled. ' + TrafficMirrorNetworkServiceList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrafficMirrorNetworkService' + - xml: + name: item + ModifyTrafficMirrorFilterNetworkServicesRequest: + type: object + required: + - TrafficMirrorFilterId + title: ModifyTrafficMirrorFilterNetworkServicesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TrafficMirrorFilterId' + - description: The ID of the Traffic Mirror filter. + AddNetworkService: + allOf: + - $ref: '#/components/schemas/TrafficMirrorNetworkServiceList' + - description: 'The network service, for example Amazon DNS, that you want to mirror.' + RemoveNetworkService: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyTrafficMirrorFilterRuleRequest: + type: object + required: + - TrafficMirrorFilterRuleId + title: ModifyTrafficMirrorFilterRuleRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The description to assign to the Traffic Mirror rule. + RemoveField: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyTrafficMirrorSessionRequest: + type: object + required: + - TrafficMirrorSessionId + title: ModifyTrafficMirrorSessionRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The description to assign to the Traffic Mirror session. + RemoveField: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyTransitGatewayOptions: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableId' + - description: The ID of the default propagation route table. + description: The transit gateway options. + ModifyTransitGatewayPrefixListReferenceRequest: + type: object + required: + - TransitGatewayRouteTableId + - PrefixListId + title: ModifyTransitGatewayPrefixListReferenceRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyTransitGatewayRequest: + type: object + required: + - TransitGatewayId + title: ModifyTransitGatewayRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyTransitGatewayVpcAttachmentRequest: + type: object + required: + - TransitGatewayAttachmentId + title: ModifyTransitGatewayVpcAttachmentRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyTransitGatewayVpcAttachmentRequestOptions: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ApplianceModeSupportValue' + - description: 'Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable.' + description: Describes the options for a VPC attachment. + ModifyVolumeAttributeRequest: + type: object + required: + - VolumeId + title: ModifyVolumeAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VolumeId' + - description: The ID of the volume. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyVolumeRequest: + type: object + required: + - VolumeId + title: ModifyVolumeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Specifies whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the volume to up to 16 Nitro-based instances in the same Availability Zone. This parameter is supported with io1 and io2 volumes only. For more information, see Amazon EBS Multi-Attach in the Amazon Elastic Compute Cloud User Guide.' + VolumeModification: + type: object + properties: + volumeId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the volume. + modificationState: + allOf: + - $ref: '#/components/schemas/VolumeModificationState' + - description: The current modification state. The modification state is null for unmodified volumes. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: A status message about the modification progress or failure. + targetSize: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The target size of the volume, in GiB.' + targetIops: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The target IOPS rate of the volume. + targetVolumeType: + allOf: + - $ref: '#/components/schemas/VolumeType' + - description: The target EBS volume type of the volume. + targetThroughput: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The target throughput of the volume, in MiB/s.' + targetMultiAttachEnabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The target setting for Amazon EBS Multi-Attach. + originalSize: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The original size of the volume, in GiB.' + originalIops: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The original IOPS rate of the volume. + originalVolumeType: + allOf: + - $ref: '#/components/schemas/VolumeType' + - description: The original EBS volume type of the volume. + originalThroughput: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The original throughput of the volume, in MiB/s.' + originalMultiAttachEnabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: The original setting for Amazon EBS Multi-Attach. + progress: + allOf: + - $ref: '#/components/schemas/Long' + - description: 'The modification progress, from 0 to 100 percent complete.' + startTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The modification start time. + endTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The modification completion or failure time. + description: '

Describes the modification status of an EBS volume.

If the volume has never been modified, some element values will be null.

' + ModifyVpcAttributeRequest: + type: object + required: + - VpcId + title: ModifyVpcAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/AttributeBooleanValue' + - description: '

Indicates whether the DNS resolution is supported for the VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC network range "plus two" succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is not enabled.

You cannot modify the DNS resolution and DNS hostnames attributes in the same request. Use separate requests for each attribute.

' + vpcId: + allOf: + - $ref: '#/components/schemas/VpcId' + - description: The ID of the VPC. + ModifyVpcEndpointConnectionNotificationRequest: + type: object + required: + - ConnectionNotificationId + title: ModifyVpcEndpointConnectionNotificationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: 'One or more events for the endpoint. Valid values are Accept, Connect, Delete, and Reject.' + VpcEndpointSecurityGroupIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: item + ModifyVpcEndpointRequest: + type: object + required: + - VpcEndpointId + title: ModifyVpcEndpointRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: (Interface and gateway endpoints) A policy to attach to the endpoint that controls access to the service. The policy must be in valid JSON format. + AddRouteTableId: + allOf: + - $ref: '#/components/schemas/VpcEndpointRouteTableIdList' + - description: (Gateway endpoint) One or more route tables IDs to associate with the endpoint. + RemoveRouteTableId: + allOf: + - $ref: '#/components/schemas/VpcEndpointRouteTableIdList' + - description: (Gateway endpoint) One or more route table IDs to disassociate from the endpoint. + AddSubnetId: + allOf: + - $ref: '#/components/schemas/VpcEndpointSubnetIdList' + - description: '(Interface and Gateway Load Balancer endpoints) One or more subnet IDs in which to serve the endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet.' + RemoveSubnetId: + allOf: + - $ref: '#/components/schemas/VpcEndpointSubnetIdList' + - description: (Interface endpoint) One or more subnets IDs in which to remove the endpoint. + AddSecurityGroupId: + allOf: + - $ref: '#/components/schemas/VpcEndpointSecurityGroupIdList' + - description: (Interface endpoint) One or more security group IDs to associate with the network interface. + RemoveSecurityGroupId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: (Interface endpoint) Indicates whether a private hosted zone is associated with the VPC. + description: Contains the parameters for ModifyVpcEndpoint. + ModifyVpcEndpointServiceConfigurationRequest: + type: object + required: + - ServiceId + title: ModifyVpcEndpointServiceConfigurationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether requests to create an endpoint to your service must be accepted. + AddNetworkLoadBalancerArn: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The Amazon Resource Names (ARNs) of Network Load Balancers to add to your service configuration. + RemoveNetworkLoadBalancerArn: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The Amazon Resource Names (ARNs) of Network Load Balancers to remove from your service configuration. + AddGatewayLoadBalancerArn: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The Amazon Resource Names (ARNs) of Gateway Load Balancers to add to your service configuration. + RemoveGatewayLoadBalancerArn: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The Amazon Resource Names (ARNs) of Gateway Load Balancers to remove from your service configuration. + AddSupportedIpAddressType: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The IP address types to add to your service configuration. + RemoveSupportedIpAddressType: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The IP address types to remove from your service configuration. + PayerResponsibility: + type: string + enum: + - ServiceOwner + ModifyVpcEndpointServicePayerResponsibilityRequest: + type: object + required: + - ServiceId + - PayerResponsibility + title: ModifyVpcEndpointServicePayerResponsibilityRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/PayerResponsibility' + - description: 'The entity that is responsible for the endpoint costs. The default is the endpoint owner. If you set the payer responsibility to the service owner, you cannot set it back to the endpoint owner.' + ModifyVpcEndpointServicePermissionsRequest: + type: object + required: + - ServiceId + title: ModifyVpcEndpointServicePermissionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The Amazon Resource Names (ARN) of one or more principals. Permissions are revoked for principals in this list. + ModifyVpcPeeringConnectionOptionsRequest: + type: object + required: + - VpcPeeringConnectionId + title: ModifyVpcPeeringConnectionOptionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpcPeeringConnectionId' + - description: The ID of the VPC peering connection. + PeeringConnectionOptions: + type: object + properties: + allowDnsResolutionFromRemoteVpc: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If true, the public DNS hostnames of instances in the specified VPC resolve to private IP addresses when queried from instances in the peer VPC.' + allowEgressFromLocalClassicLinkToRemoteVpc: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If true, enables outbound communication from an EC2-Classic instance that''s linked to a local VPC using ClassicLink to instances in a peer VPC.' + allowEgressFromLocalVpcToRemoteClassicLink: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If true, enables outbound communication from instances in a local VPC to an EC2-Classic instance that''s linked to a peer VPC using ClassicLink.' + description: Describes the VPC peering connection options. + ModifyVpcTenancyRequest: + type: object + required: + - VpcId + - InstanceTenancy + title: ModifyVpcTenancyRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyVpnConnectionOptionsRequest: + type: object + required: + - VpnConnectionId + title: ModifyVpnConnectionOptionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyVpnConnectionRequest: + type: object + required: + - VpnConnectionId + title: ModifyVpnConnectionRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyVpnTunnelCertificateRequest: + type: object + required: + - VpnConnectionId + - VpnTunnelOutsideIpAddress + title: ModifyVpnTunnelCertificateRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyVpnTunnelOptionsRequest: + type: object + required: + - VpnConnectionId + - VpnTunnelOutsideIpAddress + - TunnelOptions + title: ModifyVpnTunnelOptionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ModifyVpnTunnelOptionsSpecification: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session.

Valid Values: clear | none | restart

Default: clear

' + Phase1EncryptionAlgorithm: + allOf: + - $ref: '#/components/schemas/Phase1EncryptionAlgorithmsRequestList' + - description: '

One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

' + Phase2EncryptionAlgorithm: + allOf: + - $ref: '#/components/schemas/Phase2EncryptionAlgorithmsRequestList' + - description: '

One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

' + Phase1IntegrityAlgorithm: + allOf: + - $ref: '#/components/schemas/Phase1IntegrityAlgorithmsRequestList' + - description: '

One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

' + Phase2IntegrityAlgorithm: + allOf: + - $ref: '#/components/schemas/Phase2IntegrityAlgorithmsRequestList' + - description: '

One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

' + Phase1DHGroupNumber: + allOf: + - $ref: '#/components/schemas/Phase1DHGroupNumbersRequestList' + - description: '

One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

' + Phase2DHGroupNumber: + allOf: + - $ref: '#/components/schemas/Phase2DHGroupNumbersRequestList' + - description: '

One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

' + IKEVersion: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for Amazon Web Services to initiate the IKE negotiation.

Valid Values: add | start

Default: add

' + description: The Amazon Web Services Site-to-Site VPN tunnel options to modify. + MonitorInstancesRequest: + type: object + required: + - InstanceIds + title: MonitorInstancesRequest + properties: + InstanceId: + allOf: + - $ref: '#/components/schemas/InstanceIdStringList' + - description: The IDs of the instances. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + MonitoringState: + type: string + enum: + - disabled + - disabling + - enabled + - pending + MoveAddressToVpcRequest: + type: object + required: + - PublicIp + title: MoveAddressToVpcRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + publicIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The Elastic IP address. + Status: + type: string + enum: + - MoveInProgress + - InVpc + - InClassic + MoveByoipCidrToIpamRequest: + type: object + required: + - Cidr + - IpamPoolId + - IpamPoolOwner + title: MoveByoipCidrToIpamRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID of the owner of the IPAM pool. + MoveStatus: + type: string + enum: + - movingToVpc + - restoringToClassic + MovingAddressStatus: + type: object + properties: + moveStatus: + allOf: + - $ref: '#/components/schemas/MoveStatus' + - description: 'The status of the Elastic IP address that''s being moved to the EC2-VPC platform, or restored to the EC2-Classic platform.' + publicIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The Elastic IP address. + description: Describes the status of a moving Elastic IP address. + MulticastSupportValue: + type: string + enum: + - enable + - disable + NatGatewayAddressList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NatGatewayAddress' + - xml: + name: item + ProvisionedBandwidth: + type: object + properties: + provisionTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.' + provisioned: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.' + requestTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.' + requested: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.' + status: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.' + description: 'Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.' + NatGatewayState: + type: string + enum: + - pending + - failed + - available + - deleting + - deleted + NatGatewayAddress: + type: object + properties: + allocationId: + allOf: + - $ref: '#/components/schemas/String' + - description: '[Public NAT gateway only] The allocation ID of the Elastic IP address that''s associated with the NAT gateway.' + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network interface associated with the NAT gateway. + privateIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The private IP address associated with the NAT gateway. + publicIp: + allOf: + - $ref: '#/components/schemas/String' + - description: '[Public NAT gateway only] The Elastic IP address associated with the NAT gateway.' + description: Describes the IP addresses and network interface associated with a NAT gateway. + NatGatewayIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NatGatewayId' + - xml: + name: item + NetworkAclAssociationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkAclAssociation' + - xml: + name: item + NetworkAclEntryList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkAclEntry' + - xml: + name: item + NetworkAclAssociation: + type: object + properties: + networkAclAssociationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the association between a network ACL and a subnet. + networkAclId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network ACL. + subnetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet. + description: Describes an association between a network ACL and a subnet. + NetworkAclAssociationId: + type: string + NetworkAclEntry: + type: object + properties: + cidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv4 network range to allow or deny, in CIDR notation.' + egress: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the rule is an egress rule (applied to traffic leaving the subnet). + icmpTypeCode: + allOf: + - $ref: '#/components/schemas/IcmpTypeCode' + - description: 'ICMP protocol: The ICMP type and code.' + ipv6CidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv6 network range to allow or deny, in CIDR notation.' + portRange: + allOf: + - $ref: '#/components/schemas/PortRange' + - description: 'TCP or UDP protocols: The range of ports the rule applies to.' + protocol: + allOf: + - $ref: '#/components/schemas/String' + - description: The protocol number. A value of "-1" means all protocols. + ruleAction: + allOf: + - $ref: '#/components/schemas/RuleAction' + - description: Indicates whether to allow or deny the traffic that matches the rule. + ruleNumber: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The rule number for the entry. ACL entries are processed in ascending order by rule number. + description: Describes an entry in a network ACL. + NetworkAclIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkAclId' + - xml: + name: item + NetworkCardIndex: + type: integer + NetworkPerformance: + type: string + NetworkCardInfo: + type: object + properties: + networkCardIndex: + allOf: + - $ref: '#/components/schemas/NetworkCardIndex' + - description: The index of the network card. + networkPerformance: + allOf: + - $ref: '#/components/schemas/NetworkPerformance' + - description: The network performance of the network card. + maximumNetworkInterfaces: + allOf: + - $ref: '#/components/schemas/MaxNetworkInterfaces' + - description: The maximum number of network interfaces for the network card. + description: Describes the network card support of the instance type. + NetworkCardInfoList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkCardInfo' + - xml: + name: item + NetworkInsightsAccessScopeAnalysis: + type: object + properties: + networkInsightsAccessScopeAnalysisId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysisId' + - description: The ID of the Network Access Scope analysis. + networkInsightsAccessScopeAnalysisArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The Amazon Resource Name (ARN) of the Network Access Scope analysis. + networkInsightsAccessScopeId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeId' + - description: The ID of the Network Access Scope. + status: + allOf: + - $ref: '#/components/schemas/AnalysisStatus' + - description: The status. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: The status message. + warningMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: The warning message. + startDate: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The analysis start date. + endDate: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The analysis end date. + findingsFound: + allOf: + - $ref: '#/components/schemas/FindingsFound' + - description: Indicates whether there are findings. + analyzedEniCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of network interfaces analyzed. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags. + description: Describes a Network Access Scope analysis. + NetworkInsightsAccessScopeAnalysisIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAccessScopeAnalysisId' + - xml: + name: item + NetworkInsightsAnalysis: + type: object + properties: + networkInsightsAnalysisId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAnalysisId' + - description: The ID of the network insights analysis. + networkInsightsAnalysisArn: + allOf: + - $ref: '#/components/schemas/ResourceArn' + - description: The Amazon Resource Name (ARN) of the network insights analysis. + networkInsightsPathId: + allOf: + - $ref: '#/components/schemas/NetworkInsightsPathId' + - description: The ID of the path. + filterInArnSet: + allOf: + - $ref: '#/components/schemas/ArnList' + - description: The Amazon Resource Names (ARN) of the Amazon Web Services resources that the path must traverse. + startDate: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time the analysis started. + status: + allOf: + - $ref: '#/components/schemas/AnalysisStatus' + - description: The status of the network insights analysis. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The status message, if the status is failed.' + warningMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: The warning message. + networkPathFound: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the destination is reachable from the source. + forwardPathComponentSet: + allOf: + - $ref: '#/components/schemas/PathComponentList' + - description: The components in the path from source to destination. + returnPathComponentSet: + allOf: + - $ref: '#/components/schemas/PathComponentList' + - description: The components in the path from destination to source. + explanationSet: + allOf: + - $ref: '#/components/schemas/ExplanationList' + - description: 'The explanations. For more information, see Reachability Analyzer explanation codes.' + alternatePathHintSet: + allOf: + - $ref: '#/components/schemas/AlternatePathHintList' + - description: Potential intermediate components. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags. + description: Describes a network insights analysis. + NetworkInsightsAnalysisIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInsightsAnalysisId' + - xml: + name: item + NetworkInsightsMaxResults: + type: integer + minimum: 1 + maximum: 100 + Protocol: + type: string + enum: + - tcp + - udp + NetworkInsightsResourceId: + type: string + NetworkInterfaceAssociation: + type: object + properties: + allocationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The allocation ID. + associationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The association ID. + ipOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Elastic IP address owner. + publicDnsName: + allOf: + - $ref: '#/components/schemas/String' + - description: The public DNS name. + publicIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The address of the Elastic IP address bound to the network interface. + customerOwnedIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The customer-owned IP address associated with the network interface. + carrierIp: + allOf: + - $ref: '#/components/schemas/String' + - description:

The carrier IP address associated with the network interface.

This option is only available when the network interface is in a subnet which is associated with a Wavelength Zone.

+ description: 'Describes association information for an Elastic IP address (IPv4 only), or a Carrier IP address (for a network interface which resides in a subnet in a Wavelength Zone).' + NetworkInterfaceType: + type: string + enum: + - interface + - natGateway + - efa + - trunk + - load_balancer + - network_load_balancer + - vpc_endpoint + - branch + - transit_gateway + - lambda + - quicksight + - global_accelerator_managed + - api_gateway_managed + - gateway_load_balancer + - gateway_load_balancer_endpoint + - iot_rules_managed + - aws_codestar_connections_managed + NetworkInterfaceIpv6AddressesList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceIpv6Address' + - xml: + name: item + NetworkInterfacePrivateIpAddressList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInterfacePrivateIpAddress' + - xml: + name: item + NetworkInterfaceCountRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum number of network interfaces. To specify no maximum limit, omit this parameter.' + description: The minimum and maximum number of network interfaces. + NetworkInterfaceIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - xml: + name: item + NetworkInterfaceIpv6Address: + type: object + properties: + ipv6Address: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 address. + description: Describes an IPv6 address associated with a network interface. + NetworkInterfacePermissionState: + type: object + properties: + state: + allOf: + - $ref: '#/components/schemas/NetworkInterfacePermissionStateCode' + - description: The state of the permission. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A status message, if applicable.' + description: Describes the state of a network interface permission. + NetworkInterfacePermissionStateCode: + type: string + enum: + - pending + - granted + - revoking + - revoked + NetworkInterfacePrivateIpAddress: + type: object + properties: + association: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceAssociation' + - description: The association information for an Elastic IP address (IPv4) associated with the network interface. + primary: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether this IPv4 address is the primary private IPv4 address of the network interface. + privateDnsName: + allOf: + - $ref: '#/components/schemas/String' + - description: The private DNS name. + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The private IPv4 address. + description: Describes the private IPv4 address of a network interface. + OccurrenceDayRequestSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/Integer' + - xml: + name: OccurenceDay + OccurrenceDaySet: + type: array + items: + allOf: + - $ref: '#/components/schemas/Integer' + - xml: + name: item + OnDemandOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The maximum amount per hour for On-Demand Instances that you're willing to pay. + description: Describes the configuration of On-Demand Instances in an EC2 Fleet. + ProtocolList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Protocol' + - xml: + name: item + PacketHeaderStatement: + type: object + properties: + sourceAddressSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The source addresses. + destinationAddressSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The destination addresses. + sourcePortSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The source ports. + destinationPortSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The destination ports. + sourcePrefixListSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The source prefix lists. + destinationPrefixListSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The destination prefix lists. + protocolSet: + allOf: + - $ref: '#/components/schemas/ProtocolList' + - description: The protocols. + description: Describes a packet header statement. + PacketHeaderStatementRequest: + type: object + properties: + SourceAddress: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The source addresses. + DestinationAddress: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The destination addresses. + SourcePort: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The source ports. + DestinationPort: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The destination ports. + SourcePrefixList: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The source prefix lists. + DestinationPrefixList: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The destination prefix lists. + Protocol: + allOf: + - $ref: '#/components/schemas/ProtocolList' + - description: The protocols. + description: Describes a packet header statement. + PartitionLoadFrequency: + type: string + enum: + - none + - daily + - weekly + - monthly + PathComponent: + type: object + properties: + sequenceNumber: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The sequence number. + aclRule: + allOf: + - $ref: '#/components/schemas/AnalysisAclRule' + - description: The network ACL rule. + attachedTo: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The resource to which the path component is attached. + component: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The component. + destinationVpc: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The destination VPC. + outboundHeader: + allOf: + - $ref: '#/components/schemas/AnalysisPacketHeader' + - description: The outbound header. + inboundHeader: + allOf: + - $ref: '#/components/schemas/AnalysisPacketHeader' + - description: The inbound header. + routeTableRoute: + allOf: + - $ref: '#/components/schemas/AnalysisRouteTableRoute' + - description: The route table route. + securityGroupRule: + allOf: + - $ref: '#/components/schemas/AnalysisSecurityGroupRule' + - description: The security group rule. + sourceVpc: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The source VPC. + subnet: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The subnet. + vpc: + allOf: + - $ref: '#/components/schemas/AnalysisComponent' + - description: The component VPC. + additionalDetailSet: + allOf: + - $ref: '#/components/schemas/AdditionalDetailList' + - description: The additional details. + transitGateway: + $ref: '#/components/schemas/AnalysisComponent' + transitGatewayRouteTableRoute: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableRoute' + - description: The route in a transit gateway route table. + description: Describes a path component. + ResourceStatement: + type: object + properties: + resourceSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The resources. + resourceTypeSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The resource types. + description: Describes a resource statement. + ResourceStatementRequest: + type: object + properties: + Resource: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The resources. + ResourceType: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The resource types. + description: Describes a resource statement. + PeeringAttachmentStatus: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/String' + - description: The status code. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The status message, if applicable.' + description: The status of the transit gateway peering attachment. + PeeringConnectionOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'If true, enables outbound communication from instances in a local VPC to an EC2-Classic instance that''s linked to a peer VPC using ClassicLink.' + description: The VPC peering connection options. + PeeringTgwInfo: + type: object + properties: + transitGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the transit gateway. + region: + allOf: + - $ref: '#/components/schemas/String' + - description: The Region of the transit gateway. + description: Information about the transit gateway in the peering attachment. + Phase1DHGroupNumbersListValue: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The Diffie-Hellmann group number. + description: The Diffie-Hellmann group number for phase 1 IKE negotiations. + Phase1DHGroupNumbersList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Phase1DHGroupNumbersListValue' + - xml: + name: item + Phase1DHGroupNumbersRequestListValue: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The Diffie-Hellmann group number. + description: Specifies a Diffie-Hellman group number for the VPN tunnel for phase 1 IKE negotiations. + Phase1EncryptionAlgorithmsListValue: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The value for the encryption algorithm. + description: The encryption algorithm for phase 1 IKE negotiations. + Phase1EncryptionAlgorithmsList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Phase1EncryptionAlgorithmsListValue' + - xml: + name: item + Phase1EncryptionAlgorithmsRequestListValue: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The value for the encryption algorithm. + description: Specifies the encryption algorithm for the VPN tunnel for phase 1 IKE negotiations. + Phase1IntegrityAlgorithmsListValue: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The value for the integrity algorithm. + description: The integrity algorithm for phase 1 IKE negotiations. + Phase1IntegrityAlgorithmsList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Phase1IntegrityAlgorithmsListValue' + - xml: + name: item + Phase1IntegrityAlgorithmsRequestListValue: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The value for the integrity algorithm. + description: Specifies the integrity algorithm for the VPN tunnel for phase 1 IKE negotiations. + Phase2DHGroupNumbersListValue: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The Diffie-Hellmann group number. + description: The Diffie-Hellmann group number for phase 2 IKE negotiations. + Phase2DHGroupNumbersList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Phase2DHGroupNumbersListValue' + - xml: + name: item + Phase2DHGroupNumbersRequestListValue: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The Diffie-Hellmann group number. + description: Specifies a Diffie-Hellman group number for the VPN tunnel for phase 2 IKE negotiations. + Phase2EncryptionAlgorithmsListValue: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The encryption algorithm. + description: The encryption algorithm for phase 2 IKE negotiations. + Phase2EncryptionAlgorithmsList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Phase2EncryptionAlgorithmsListValue' + - xml: + name: item + Phase2EncryptionAlgorithmsRequestListValue: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The encryption algorithm. + description: Specifies the encryption algorithm for the VPN tunnel for phase 2 IKE negotiations. + Phase2IntegrityAlgorithmsListValue: + type: object + properties: + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The integrity algorithm. + description: The integrity algorithm for phase 2 IKE negotiations. + Phase2IntegrityAlgorithmsList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Phase2IntegrityAlgorithmsListValue' + - xml: + name: item + Phase2IntegrityAlgorithmsRequestListValue: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The integrity algorithm. + description: Specifies the integrity algorithm for the VPN tunnel for phase 2 IKE negotiations. + PlacementGroupState: + type: string + enum: + - pending + - available + - deleting + - deleted + PlacementStrategy: + type: string + enum: + - cluster + - spread + - partition + PlacementGroupStrategyList: + type: array + items: + allOf: + - $ref: '#/components/schemas/PlacementGroupStrategy' + - xml: + name: item + PlacementGroupStrategy: + type: string + enum: + - cluster + - partition + - spread + PoolCidrBlock: + type: object + properties: + poolCidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The CIDR block. + description: Describes a CIDR block for an address pool. + PrefixList: + type: object + properties: + cidrSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The IP address range of the Amazon Web Service. + prefixListId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the prefix. + prefixListName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the prefix. + description: Describes prefixes for Amazon Web Services services. + PrefixListAssociation: + type: object + properties: + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource. + resourceOwner: + allOf: + - $ref: '#/components/schemas/String' + - description: The owner of the resource. + description: Describes the resource with which a prefix list is associated. + PrefixListEntry: + type: object + properties: + cidr: + allOf: + - $ref: '#/components/schemas/String' + - description: The CIDR block. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description. + description: Describes a prefix list entry. + PrefixListId: + type: object + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: '

A description for the security group rule that references this prefix list ID.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

' + prefixListId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the prefix. + description: Describes a prefix list ID. + PrefixListIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + PrefixListMaxResults: + type: integer + minimum: 1 + maximum: 100 + PriceSchedule: + type: object + properties: + active: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

The current price schedule, as determined by the term remaining for the Reserved Instance in the listing.

A specific price schedule is always in effect, but only one price schedule can be active at any time. Take, for example, a Reserved Instance listing that has five months remaining in its term. When you specify price schedules for five months and two months, this means that schedule 1, covering the first three months of the remaining term, will be active during months 5, 4, and 3. Then schedule 2, covering the last two months of the term, will be active for months 2 and 1.

' + currencyCode: + allOf: + - $ref: '#/components/schemas/CurrencyCodeValues' + - description: 'The currency for transacting the Reserved Instance resale. At this time, the only supported currency is USD.' + price: + allOf: + - $ref: '#/components/schemas/Double' + - description: The fixed price for the term. + term: + allOf: + - $ref: '#/components/schemas/Long' + - description: 'The number of months remaining in the reservation. For example, 2 is the second to the last month before the capacity reservation expires.' + description: Describes the price for a Reserved Instance. + PriceScheduleList: + type: array + items: + allOf: + - $ref: '#/components/schemas/PriceSchedule' + - xml: + name: item + PricingDetail: + type: object + properties: + count: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of reservations available for the price. + price: + allOf: + - $ref: '#/components/schemas/Double' + - description: The price per instance. + description: Describes a Reserved Instance offering. + PricingDetailsList: + type: array + items: + allOf: + - $ref: '#/components/schemas/PricingDetail' + - xml: + name: item + PrincipalIdFormat: + type: object + properties: + arn: + allOf: + - $ref: '#/components/schemas/String' + - description: PrincipalIdFormatARN description + statusSet: + allOf: + - $ref: '#/components/schemas/IdFormatList' + - description: PrincipalIdFormatStatuses description + description: PrincipalIdFormat description + PrivateDnsDetails: + type: object + properties: + privateDnsName: + allOf: + - $ref: '#/components/schemas/String' + - description: The private DNS name assigned to the VPC endpoint service. + description: Information about the Private DNS name for interface endpoints. + PrivateDnsDetailsSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/PrivateDnsDetails' + - xml: + name: item + PrivateDnsNameConfiguration: + type: object + properties: + state: + allOf: + - $ref: '#/components/schemas/DnsNameState' + - description:

The verification state of the VPC endpoint service.

>Consumers of the endpoint service can use the private name only when the state is verified.

+ type: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The endpoint service verification type, for example TXT.' + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The value the service provider adds to the private DNS name domain record before verification. + name: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the record subdomain the service provider needs to create. The service provider adds the value text to the name. + description: Information about the private DNS name for the service endpoint. + PrivateDnsNameOptionsOnLaunch: + type: object + properties: + hostnameType: + allOf: + - $ref: '#/components/schemas/HostnameType' + - description: 'The type of hostname for EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 only subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID.' + enableResourceNameDnsARecord: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to respond to DNS queries for instance hostnames with DNS A records. + enableResourceNameDnsAAAARecord: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to respond to DNS queries for instance hostname with DNS AAAA records. + description: Describes the options for instance hostnames. + PrivateDnsNameOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. + description: Describes the options for instance hostnames. + ScheduledInstancesPrivateIpAddressConfig: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv4 address. + description: Describes a private IPv4 address for a Scheduled Instance. + PrivateIpAddressConfigSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ScheduledInstancesPrivateIpAddressConfig' + - xml: + name: PrivateIpAddressConfigSet + ProcessorSustainedClockSpeed: + type: number + format: double + ProductCodeValues: + type: string + enum: + - devpay + - marketplace + ProductCode: + type: object + properties: + productCode: + allOf: + - $ref: '#/components/schemas/String' + - description: The product code. + type: + allOf: + - $ref: '#/components/schemas/ProductCodeValues' + - description: The type of product code. + description: Describes a product code. + PropagatingVgw: + type: object + properties: + gatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the virtual private gateway. + description: Describes a virtual private gateway propagating route. + PropagatingVgwList: + type: array + items: + allOf: + - $ref: '#/components/schemas/PropagatingVgw' + - xml: + name: item + ProvisionByoipCidrRequest: + type: object + required: + - Cidr + title: ProvisionByoipCidrRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + PoolTagSpecification: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Reserved. + ProvisionIpamPoolCidrRequest: + type: object + required: + - IpamPoolId + title: ProvisionIpamPoolCidrRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/IpamCidrAuthorizationContext' + - description: A signed document that proves that you are authorized to bring a specified IP address range to Amazon using BYOIP. This option applies to public pools only. + ProvisionPublicIpv4PoolCidrRequest: + type: object + required: + - IpamPoolId + - PoolId + - NetmaskLength + title: ProvisionPublicIpv4PoolCidrRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The netmask length of the CIDR you would like to allocate to the public IPv4 pool. + PublicIpv4PoolRange: + type: object + properties: + firstAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The first IP address in the range. + lastAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The last IP address in the range. + addressCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of addresses in the range. + availableAddressCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of available addresses in the range. + description: Describes an address range of an IPv4 address pool. + PublicIpv4PoolRangeSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/PublicIpv4PoolRange' + - xml: + name: item + PublicIpv4Pool: + type: object + properties: + poolId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the address pool. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the address pool. + poolAddressRangeSet: + allOf: + - $ref: '#/components/schemas/PublicIpv4PoolRangeSet' + - description: The address ranges. + totalAddressCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The total number of addresses. + totalAvailableAddressCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The total number of available addresses. + networkBorderGroup: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the location from which the address pool is advertised. A network border group is a unique set of Availability Zones or Local Zones from where Amazon Web Services advertises public IP addresses. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags for the address pool. + description: Describes an IPv4 address pool. + PublicIpv4PoolIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Ipv4PoolEc2Id' + - xml: + name: item + Purchase: + type: object + properties: + currencyCode: + allOf: + - $ref: '#/components/schemas/CurrencyCodeValues' + - description: 'The currency in which the UpfrontPrice and HourlyPrice amounts are specified. At this time, the only supported currency is USD.' + duration: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The duration of the reservation's term in seconds. + hostIdSet: + allOf: + - $ref: '#/components/schemas/ResponseHostIdSet' + - description: The IDs of the Dedicated Hosts associated with the reservation. + hostReservationId: + allOf: + - $ref: '#/components/schemas/HostReservationId' + - description: The ID of the reservation. + hourlyPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The hourly price of the reservation per hour. + instanceFamily: + allOf: + - $ref: '#/components/schemas/String' + - description: The instance family on the Dedicated Host that the reservation can be associated with. + paymentOption: + allOf: + - $ref: '#/components/schemas/PaymentOption' + - description: The payment option for the reservation. + upfrontPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The upfront price of the reservation. + description: Describes the result of the purchase. + PurchaseHostReservationRequest: + type: object + required: + - HostIdSet + - OfferingId + title: PurchaseHostReservationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/OfferingId' + - description: The ID of the offering. + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: The tags to apply to the Dedicated Host Reservation during purchase. + PurchaseRequestSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/PurchaseRequest' + - xml: + name: PurchaseRequest + minItems: 1 + PurchaseReservedInstancesOfferingRequest: + type: object + required: + - InstanceCount + - ReservedInstancesOfferingId + title: PurchaseReservedInstancesOfferingRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ReservedInstancesOfferingId' + - description: The ID of the Reserved Instance offering to purchase. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + limitPrice: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The time at which to purchase the Reserved Instance, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + description: Contains the parameters for PurchaseReservedInstancesOffering. + PurchaseScheduledInstancesRequest: + type: object + required: + - PurchaseRequests + title: PurchaseScheduledInstancesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + PurchaseRequest: + allOf: + - $ref: '#/components/schemas/PurchaseRequestSet' + - description: The purchase requests. + description: Contains the parameters for PurchaseScheduledInstances. + PurchasedScheduledInstanceSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ScheduledInstance' + - xml: + name: item + ScheduledInstance: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone. + createDate: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The date when the Scheduled Instance was purchased. + hourlyPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The hourly price for a single instance. + instanceCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of instances. + instanceType: + allOf: + - $ref: '#/components/schemas/String' + - description: The instance type. + networkPlatform: + allOf: + - $ref: '#/components/schemas/String' + - description: The network platform (EC2-Classic or EC2-VPC). + nextSlotStartTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time for the next schedule to start. + platform: + allOf: + - $ref: '#/components/schemas/String' + - description: The platform (Linux/UNIX or Windows). + previousSlotEndTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time that the previous schedule ended or will end. + recurrence: + allOf: + - $ref: '#/components/schemas/ScheduledInstanceRecurrence' + - description: The schedule recurrence. + scheduledInstanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Scheduled Instance ID. + slotDurationInHours: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of hours in the schedule. + termEndDate: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The end date for the Scheduled Instance. + termStartDate: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The start date for the Scheduled Instance. + totalScheduledInstanceHours: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The total number of hours for a single instance for the entire term. + description: Describes a Scheduled Instance. + ReasonCodesList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReportInstanceReasonCodes' + - xml: + name: item + RebootInstancesRequest: + type: object + required: + - InstanceIds + title: RebootInstancesRequest + properties: + InstanceId: + allOf: + - $ref: '#/components/schemas/InstanceIdStringList' + - description: The instance IDs. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + RecurringChargeFrequency: + type: string + enum: + - Hourly + RecurringCharge: + type: object + properties: + amount: + allOf: + - $ref: '#/components/schemas/Double' + - description: The amount of the recurring charge. + frequency: + allOf: + - $ref: '#/components/schemas/RecurringChargeFrequency' + - description: The frequency of the recurring charge. + description: Describes a recurring charge. + RecurringChargesList: + type: array + items: + allOf: + - $ref: '#/components/schemas/RecurringCharge' + - xml: + name: item + ReferencedSecurityGroup: + type: object + properties: + groupId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the security group. + peeringStatus: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The status of a VPC peering connection, if applicable.' + userId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + vpcPeeringConnectionId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC peering connection. + description: ' Describes the security group that is referenced in the security group rule.' + Region: + type: object + properties: + regionEndpoint: + allOf: + - $ref: '#/components/schemas/String' + - description: The Region service endpoint. + regionName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the Region. + optInStatus: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The Region opt-in status. The possible values are opt-in-not-required, opted-in, and not-opted-in.' + description: Describes a Region. + RegionNames: + type: array + items: + $ref: '#/components/schemas/String' + minItems: 0 + maxItems: 10 + StringType: + type: string + minLength: 0 + maxLength: 64000 + RegisterImageRequest: + type: object + required: + - Name + title: RegisterImageRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The full path to your AMI manifest in Amazon S3 storage. The specified bucket must have the aws-exec-read canned access control list (ACL) to ensure that it can be accessed by Amazon EC2. For more information, see Canned ACLs in the Amazon S3 Service Developer Guide.' + architecture: + allOf: + - $ref: '#/components/schemas/ArchitectureValues' + - description: '

The architecture of the AMI.

Default: For Amazon EBS-backed AMIs, i386. For instance store-backed AMIs, the architecture specified in the manifest file.

' + BlockDeviceMapping: + allOf: + - $ref: '#/components/schemas/BlockDeviceMappingRequestList' + - description: '

The block device mapping entries.

If you specify an Amazon EBS volume using the ID of an Amazon EBS snapshot, you can''t specify the encryption state of the volume.

If you create an AMI on an Outpost, then all backing snapshots must be on the same Outpost or in the Region of that Outpost. AMIs on an Outpost that include local snapshots can be used to launch instances on the same Outpost only. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.

' + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description for your AMI. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + enaSupport: + allOf: + - $ref: '#/components/schemas/Boolean' + - description:

Set to true to enable enhanced networking with ENA for the AMI and any instances that you launch from the AMI.

This option is supported only for HVM AMIs. Specifying this option with a PV AMI can make instances launched from the AMI unreachable.

+ kernelId: + allOf: + - $ref: '#/components/schemas/KernelId' + - description: The ID of the kernel. + name: + allOf: + - $ref: '#/components/schemas/String' + - description: '

A name for your AMI.

Constraints: 3-128 alphanumeric characters, parentheses (()), square brackets ([]), spaces ( ), periods (.), slashes (/), dashes (-), single quotes (''), at-signs (@), or underscores(_)

' + BillingProduct: + allOf: + - $ref: '#/components/schemas/BillingProductList' + - description: 'The billing product codes. Your account must be authorized to specify billing product codes. Otherwise, you can use the Amazon Web Services Marketplace to bill for the use of an AMI.' + ramdiskId: + allOf: + - $ref: '#/components/schemas/RamdiskId' + - description: The ID of the RAM disk. + rootDeviceName: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The device name of the root device volume (for example, /dev/sda1).' + sriovNetSupport: + allOf: + - $ref: '#/components/schemas/String' + - description:

Set to simple to enable enhanced networking with the Intel 82599 Virtual Function interface for the AMI and any instances that you launch from the AMI.

There is no way to disable sriovNetSupport at this time.

This option is supported only for HVM AMIs. Specifying this option with a PV AMI can make instances launched from the AMI unreachable.

+ virtualizationType: + allOf: + - $ref: '#/components/schemas/StringType' + - description: 'Base64 representation of the non-volatile UEFI variable store. To retrieve the UEFI data, use the GetInstanceUefiData command. You can inspect and modify the UEFI data by using the python-uefivars tool on GitHub. For more information, see UEFI Secure Boot in the Amazon Elastic Compute Cloud User Guide.' + description: Contains the parameters for RegisterImage. + RegisterInstanceTagAttributeRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether to register all tag keys in the current Region. Specify true to register all tag keys. + InstanceTagKey: + allOf: + - $ref: '#/components/schemas/InstanceTagKeySet' + - description: The tag keys to register. + description: Information about the tag keys to register for the current Region. You can either specify individual tag keys or register all tag keys in the current Region. You must specify either IncludeAllTagsOfInstance or InstanceTagKeys in the request + RegisterInstanceEventNotificationAttributesRequest: + type: object + title: RegisterInstanceEventNotificationAttributesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/RegisterInstanceTagAttributeRequest' + - description: Information about the tag keys to register. + RegisterTransitGatewayMulticastGroupMembersRequest: + type: object + title: RegisterTransitGatewayMulticastGroupMembersRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayMulticastRegisteredGroupMembers: + type: object + properties: + transitGatewayMulticastDomainId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway multicast domain. + registeredNetworkInterfaceIds: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The ID of the registered network interfaces. + groupIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The IP address assigned to the transit gateway multicast group. + description: Describes the registered transit gateway multicast group members. + RegisterTransitGatewayMulticastGroupSourcesRequest: + type: object + title: RegisterTransitGatewayMulticastGroupSourcesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayMulticastRegisteredGroupSources: + type: object + properties: + transitGatewayMulticastDomainId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway multicast domain. + registeredNetworkInterfaceIds: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The IDs of the network interfaces members registered with the transit gateway multicast group. + groupIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The IP address assigned to the transit gateway multicast group. + description: Describes the members registered with the transit gateway multicast group. + RejectTransitGatewayMulticastDomainAssociationsRequest: + type: object + title: RejectTransitGatewayMulticastDomainAssociationsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + RejectTransitGatewayPeeringAttachmentRequest: + type: object + required: + - TransitGatewayAttachmentId + title: RejectTransitGatewayPeeringAttachmentRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + RejectTransitGatewayVpcAttachmentRequest: + type: object + required: + - TransitGatewayAttachmentId + title: RejectTransitGatewayVpcAttachmentRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + RejectVpcEndpointConnectionsRequest: + type: object + required: + - ServiceId + - VpcEndpointIds + title: RejectVpcEndpointConnectionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpcEndpointServiceId' + - description: The ID of the service. + VpcEndpointId: + allOf: + - $ref: '#/components/schemas/VpcEndpointIdList' + - description: The IDs of one or more VPC endpoints. + RejectVpcPeeringConnectionRequest: + type: object + required: + - VpcPeeringConnectionId + title: RejectVpcPeeringConnectionRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + vpcPeeringConnectionId: + allOf: + - $ref: '#/components/schemas/VpcPeeringConnectionId' + - description: The ID of the VPC peering connection. + ReleaseAddressRequest: + type: object + title: ReleaseAddressRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses.

If you provide an incorrect network border group, you receive an InvalidAddress.NotFound error.

You cannot use a network border group with EC2 Classic. If you attempt this operation on EC2 classic, you receive an InvalidParameterCombination error.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ReleaseHostsRequest: + type: object + required: + - HostIds + title: ReleaseHostsRequest + properties: + hostId: + allOf: + - $ref: '#/components/schemas/RequestHostIdList' + - description: The IDs of the Dedicated Hosts to release. + ReleaseIpamPoolAllocationRequest: + type: object + required: + - IpamPoolId + - Cidr + - IpamPoolAllocationId + title: ReleaseIpamPoolAllocationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/IpamPoolAllocationId' + - description: The ID of the allocation. + RemovePrefixListEntries: + type: array + items: + $ref: '#/components/schemas/RemovePrefixListEntry' + minItems: 0 + maxItems: 100 + ReplaceIamInstanceProfileAssociationRequest: + type: object + required: + - IamInstanceProfile + - AssociationId + title: ReplaceIamInstanceProfileAssociationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/IamInstanceProfileAssociationId' + - description: The ID of the existing IAM instance profile association. + ReplaceNetworkAclAssociationRequest: + type: object + required: + - AssociationId + - NetworkAclId + title: ReplaceNetworkAclAssociationRequest + properties: + associationId: + allOf: + - $ref: '#/components/schemas/NetworkAclAssociationId' + - description: The ID of the current association between the original network ACL and the subnet. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + networkAclId: + allOf: + - $ref: '#/components/schemas/NetworkAclId' + - description: The ID of the new network ACL to associate with the subnet. + ReplaceNetworkAclEntryRequest: + type: object + required: + - Egress + - NetworkAclId + - Protocol + - RuleAction + - RuleNumber + title: ReplaceNetworkAclEntryRequest + properties: + cidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv4 network range to allow or deny, in CIDR notation (for example 172.16.0.0/24).' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + egress: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Indicates whether to replace the egress rule.

Default: If no value is specified, we replace the ingress rule.

' + Icmp: + allOf: + - $ref: '#/components/schemas/IcmpTypeCode' + - description: 'ICMP protocol: The ICMP or ICMPv6 type and code. Required if specifying protocol 1 (ICMP) or protocol 58 (ICMPv6) with an IPv6 CIDR block.' + ipv6CidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IPv6 network range to allow or deny, in CIDR notation (for example 2001:bd8:1234:1a00::/64).' + networkAclId: + allOf: + - $ref: '#/components/schemas/NetworkAclId' + - description: The ID of the ACL. + portRange: + allOf: + - $ref: '#/components/schemas/PortRange' + - description: 'TCP or UDP protocols: The range of ports the rule applies to. Required if specifying protocol 6 (TCP) or 17 (UDP).' + protocol: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The protocol number. A value of "-1" means all protocols. If you specify "-1" or a protocol number other than "6" (TCP), "17" (UDP), or "1" (ICMP), traffic on all ports is allowed, regardless of any ports or ICMP types or codes that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv4 CIDR block, traffic for all ICMP types and codes allowed, regardless of any that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv6 CIDR block, you must specify an ICMP type and code.' + ruleAction: + allOf: + - $ref: '#/components/schemas/RuleAction' + - description: Indicates whether to allow or deny the traffic that matches the rule. + ruleNumber: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The rule number of the entry to replace. + ReplaceRootVolumeTaskState: + type: string + enum: + - pending + - in-progress + - failing + - succeeded + - failed + - failed-detached + ReplaceRouteRequest: + type: object + required: + - RouteTableId + title: ReplaceRouteRequest + properties: + destinationCidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv4 CIDR address block used for the destination match. The value that you provide must match the CIDR of an existing route in the table. + destinationIpv6CidrBlock: + allOf: + - $ref: '#/components/schemas/PrefixListResourceId' + - description: The ID of the prefix list for the route. + dryRun: + allOf: + - $ref: '#/components/schemas/VpcEndpointId' + - description: The ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only. + egressOnlyInternetGatewayId: + allOf: + - $ref: '#/components/schemas/EgressOnlyInternetGatewayId' + - description: '[IPv6 traffic only] The ID of an egress-only internet gateway.' + gatewayId: + allOf: + - $ref: '#/components/schemas/RouteGatewayId' + - description: The ID of an internet gateway or virtual private gateway. + instanceId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Specifies whether to reset the local route to its default target (local). + natGatewayId: + allOf: + - $ref: '#/components/schemas/CarrierGatewayId' + - description: '[IPv4 traffic only] The ID of a carrier gateway.' + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - description: The ID of a network interface. + routeTableId: + allOf: + - $ref: '#/components/schemas/RouteTableId' + - description: The ID of the route table. + vpcPeeringConnectionId: + allOf: + - $ref: '#/components/schemas/CoreNetworkArn' + - description: The Amazon Resource Name (ARN) of the core network. + ReplaceRouteTableAssociationRequest: + type: object + required: + - AssociationId + - RouteTableId + title: ReplaceRouteTableAssociationRequest + properties: + associationId: + allOf: + - $ref: '#/components/schemas/RouteTableAssociationId' + - description: The association ID. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + routeTableId: + allOf: + - $ref: '#/components/schemas/RouteTableId' + - description: The ID of the new route table to associate with the subnet. + ReplaceTransitGatewayRouteRequest: + type: object + required: + - DestinationCidrBlock + - TransitGatewayRouteTableId + title: ReplaceTransitGatewayRouteRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ReplacementStrategy: + type: string + enum: + - launch + - launch-before-terminate + ReportStatusType: + type: string + enum: + - ok + - impaired + ReportInstanceStatusRequest: + type: object + required: + - Instances + - ReasonCodes + - Status + title: ReportInstanceStatusRequest + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: Descriptive text about the health state of your instance. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + endTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time at which the reported instance health state ended. + instanceId: + allOf: + - $ref: '#/components/schemas/InstanceIdStringList' + - description: The instances. + reasonCode: + allOf: + - $ref: '#/components/schemas/ReasonCodesList' + - description: '

The reason codes that describe the health state of your instance.

  • instance-stuck-in-state: My instance is stuck in a state.

  • unresponsive: My instance is unresponsive.

  • not-accepting-credentials: My instance is not accepting my credentials.

  • password-not-available: A password is not available for my instance.

  • performance-network: My instance is experiencing performance problems that I believe are network related.

  • performance-instance-store: My instance is experiencing performance problems that I believe are related to the instance stores.

  • performance-ebs-volume: My instance is experiencing performance problems that I believe are related to an EBS volume.

  • performance-other: My instance is experiencing performance problems.

  • other: [explain using the description parameter]

' + startTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time at which the reported instance health state began. + status: + allOf: + - $ref: '#/components/schemas/ReportStatusType' + - description: The status of all instances listed. + RequestHostIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/DedicatedHostId' + - xml: + name: item + SpotFleetRequestConfigData: + type: object + required: + - IamFleetRole + - TargetCapacity + properties: + allocationStrategy: + allOf: + - $ref: '#/components/schemas/AllocationStrategy' + - description: '

Indicates how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the Spot Fleet request.

If the allocation strategy is lowestPrice, Spot Fleet launches instances from the Spot Instance pools with the lowest price. This is the default allocation strategy.

If the allocation strategy is diversified, Spot Fleet launches instances from all the Spot Instance pools that you specify.

If the allocation strategy is capacityOptimized (recommended), Spot Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching. To give certain instance types a higher chance of launching first, use capacityOptimizedPrioritized. Set a priority for each instance type by using the Priority parameter for LaunchTemplateOverrides. You can assign the same priority to different LaunchTemplateOverrides. EC2 implements the priorities on a best-effort basis, but optimizes for capacity first. capacityOptimizedPrioritized is supported only if your Spot Fleet uses a launch template. Note that if the OnDemandAllocationStrategy is set to prioritized, the same priority is applied when fulfilling On-Demand capacity.

' + onDemandAllocationStrategy: + allOf: + - $ref: '#/components/schemas/OnDemandAllocationStrategy' + - description: 'The order of the launch template overrides to use in fulfilling On-Demand capacity. If you specify lowestPrice, Spot Fleet uses price to determine the order, launching the lowest price first. If you specify prioritized, Spot Fleet uses the priority that you assign to each Spot Fleet launch template override, launching the highest priority first. If you do not specify a value, Spot Fleet defaults to lowestPrice.' + spotMaintenanceStrategies: + allOf: + - $ref: '#/components/schemas/SpotMaintenanceStrategies' + - description: The strategies for managing your Spot Instances that are at an elevated risk of being interrupted. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A unique, case-sensitive identifier that you provide to ensure the idempotency of your listings. This helps to avoid duplicate listings. For more information, see Ensuring Idempotency.' + excessCapacityTerminationPolicy: + allOf: + - $ref: '#/components/schemas/ExcessCapacityTerminationPolicy' + - description: Indicates whether running Spot Instances should be terminated if you decrease the target capacity of the Spot Fleet request below the current size of the Spot Fleet. + fulfilledCapacity: + allOf: + - $ref: '#/components/schemas/Double' + - description: The number of units fulfilled by this request compared to the set target capacity. You cannot set this value. + onDemandFulfilledCapacity: + allOf: + - $ref: '#/components/schemas/Double' + - description: The number of On-Demand units fulfilled by this request compared to the set target On-Demand capacity. + iamFleetRole: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that grants the Spot Fleet the permission to request, launch, terminate, and tag instances on your behalf. For more information, see Spot Fleet prerequisites in the Amazon EC2 User Guide for Linux Instances. Spot Fleet can terminate Spot Instances on your behalf when you cancel its Spot Fleet request using CancelSpotFleetRequests or when the Spot Fleet request expires, if you set TerminateInstancesWithExpiration.' + launchSpecifications: + allOf: + - $ref: '#/components/schemas/LaunchSpecsList' + - description: 'The launch specifications for the Spot Fleet request. If you specify LaunchSpecifications, you can''t specify LaunchTemplateConfigs. If you include On-Demand capacity in your request, you must use LaunchTemplateConfigs.' + launchTemplateConfigs: + allOf: + - $ref: '#/components/schemas/LaunchTemplateConfigList' + - description: 'The launch template and overrides. If you specify LaunchTemplateConfigs, you can''t specify LaunchSpecifications. If you include On-Demand capacity in your request, you must use LaunchTemplateConfigs.' + spotPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The maximum price per unit hour that you are willing to pay for a Spot Instance. The default is the On-Demand price. + targetCapacity: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The number of units to request for the Spot Fleet. You can choose to set the target capacity in terms of instances or a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.' + onDemandTargetCapacity: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The number of On-Demand units to request. You can choose to set the target capacity in terms of instances or a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.' + onDemandMaxTotalPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The maximum amount per hour for On-Demand Instances that you''re willing to pay. You can use the onDemandMaxTotalPrice parameter, the spotMaxTotalPrice parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, Spot Fleet will launch instances until it reaches the maximum amount you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity.' + spotMaxTotalPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The maximum amount per hour for Spot Instances that you''re willing to pay. You can use the spotdMaxTotalPrice parameter, the onDemandMaxTotalPrice parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, Spot Fleet will launch instances until it reaches the maximum amount you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity.' + terminateInstancesWithExpiration: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether running Spot Instances are terminated when the Spot Fleet request expires. + type: + allOf: + - $ref: '#/components/schemas/FleetType' + - description: 'The type of request. Indicates whether the Spot Fleet only requests the target capacity or also attempts to maintain it. When this value is request, the Spot Fleet only places the required requests. It does not attempt to replenish Spot Instances if capacity is diminished, nor does it submit requests in alternative Spot pools if capacity is not available. When this value is maintain, the Spot Fleet maintains the target capacity. The Spot Fleet places the required requests to meet capacity and automatically replenishes any interrupted instances. Default: maintain. instant is listed but is not used by Spot Fleet.' + validFrom: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The start date and time of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). By default, Amazon EC2 starts fulfilling the request immediately.' + validUntil: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The end date and time of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). After the end date and time, no new Spot Instance requests are placed or able to fulfill the request. If no value is specified, the Spot Fleet request remains until you cancel it.' + replaceUnhealthyInstances: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether Spot Fleet should replace unhealthy instances. + instanceInterruptionBehavior: + allOf: + - $ref: '#/components/schemas/InstanceInterruptionBehavior' + - description: The behavior when a Spot Instance is interrupted. The default is terminate. + loadBalancersConfig: + allOf: + - $ref: '#/components/schemas/LoadBalancersConfig' + - description: '

One or more Classic Load Balancers and target groups to attach to the Spot Fleet request. Spot Fleet registers the running Spot Instances with the specified Classic Load Balancers and target groups.

With Network Load Balancers, Spot Fleet cannot register instances that have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1, G2, HI1, HS1, M1, M2, M3, and T1.

' + instancePoolsToUseCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The number of Spot pools across which to allocate your target Spot capacity. Valid only when Spot AllocationStrategy is set to lowest-price. Spot Fleet selects the cheapest Spot pools and evenly allocates your target Spot capacity across the number of Spot pools that you specify.

Note that Spot Fleet attempts to draw Spot Instances from the number of pools that you specify on a best effort basis. If a pool runs out of Spot capacity before fulfilling your target capacity, Spot Fleet will continue to fulfill your request by drawing from the next cheapest pool. To ensure that your target capacity is met, you might receive Spot Instances from more than the number of pools that you specified. Similarly, if most of the pools have no Spot capacity, you might receive your full target capacity from fewer than the number of pools that you specified.

' + context: + allOf: + - $ref: '#/components/schemas/String' + - description: Reserved. + targetCapacityUnitType: + allOf: + - $ref: '#/components/schemas/TargetCapacityUnitType' + - description: '

The unit for the target capacity.

Default: units (translates to number of instances)

' + TagSpecification: + allOf: + - $ref: '#/components/schemas/TagSpecificationList' + - description: 'The key-value pair for tagging the Spot Fleet request on creation. The value for ResourceType must be spot-fleet-request, otherwise the Spot Fleet request fails. To tag instances at launch, specify the tags in the launch template (valid only if you use LaunchTemplateConfigs) or in the SpotFleetTagSpecification (valid only if you use LaunchSpecifications). For information about tagging after launch, see Tagging Your Resources.' + description: Describes the configuration of a Spot Fleet request. + RequestSpotFleetRequest: + type: object + required: + - SpotFleetRequestConfig + title: RequestSpotFleetRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + spotFleetRequestConfig: + allOf: + - $ref: '#/components/schemas/SpotFleetRequestConfigData' + - description: The configuration for the Spot Fleet request. + description: Contains the parameters for RequestSpotFleet. + RequestSpotLaunchSpecification: + type: object + properties: + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/RequestSpotLaunchSpecificationSecurityGroupIdList' + - description: One or more security group IDs. + SecurityGroup: + allOf: + - $ref: '#/components/schemas/RequestSpotLaunchSpecificationSecurityGroupList' + - description: 'One or more security groups. When requesting instances in a VPC, you must specify the IDs of the security groups. When requesting instances in EC2-Classic, you can specify the names or the IDs of the security groups.' + addressingType: + allOf: + - $ref: '#/components/schemas/String' + - description: Deprecated. + blockDeviceMapping: + allOf: + - $ref: '#/components/schemas/BlockDeviceMappingList' + - description: 'One or more block device mapping entries. You can''t specify both a snapshot ID and an encryption value. This is because only blank volumes can be encrypted on creation. If a snapshot is the basis for a volume, it is not blank and its encryption status is used for the volume encryption status.' + ebsOptimized: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Indicates whether the instance is optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn''t available with all instance types. Additional usage charges apply when using an EBS Optimized instance.

Default: false

' + iamInstanceProfile: + allOf: + - $ref: '#/components/schemas/IamInstanceProfileSpecification' + - description: The IAM instance profile. + imageId: + allOf: + - $ref: '#/components/schemas/ImageId' + - description: The ID of the AMI. + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type. Only one instance type can be specified. + kernelId: + allOf: + - $ref: '#/components/schemas/KernelId' + - description: The ID of the kernel. + keyName: + allOf: + - $ref: '#/components/schemas/KeyPairName' + - description: The name of the key pair. + monitoring: + allOf: + - $ref: '#/components/schemas/RunInstancesMonitoringEnabled' + - description: '

Indicates whether basic or detailed monitoring is enabled for the instance.

Default: Disabled

' + NetworkInterface: + allOf: + - $ref: '#/components/schemas/InstanceNetworkInterfaceSpecificationList' + - description: 'One or more network interfaces. If you specify a network interface, you must specify subnet IDs and security group IDs using the network interface.' + placement: + allOf: + - $ref: '#/components/schemas/SpotPlacement' + - description: The placement information for the instance. + ramdiskId: + allOf: + - $ref: '#/components/schemas/RamdiskId' + - description: The ID of the RAM disk. + subnetId: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: The ID of the subnet in which to launch the instance. + userData: + allOf: + - $ref: '#/components/schemas/String' + - description: The Base64-encoded user data for the instance. User data is limited to 16 KB. + description: Describes the launch specification for an instance. + RequestSpotInstancesRequest: + type: object + title: RequestSpotInstancesRequest + properties: + availabilityZoneGroup: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The user-specified name for a logical grouping of requests.

When you specify an Availability Zone group in a Spot Instance request, all Spot Instances in the request are launched in the same Availability Zone. Instance proximity is maintained with this parameter, but the choice of Availability Zone is not. The group applies only to requests for Spot Instances of the same instance type. Any additional Spot Instance requests that are specified with the same Availability Zone group name are launched in that same Availability Zone, as long as at least one instance from the group is still active.

If there is no active instance running in the Availability Zone group that you specify for a new Spot Instance request (all instances are terminated, the request is expired, or the maximum price you specified falls below current Spot price), then Amazon EC2 launches the instance in any Availability Zone where the constraint can be met. Consequently, the subsequent set of Spot Instances could be placed in a different zone from the original request, even if you specified the same Availability Zone group.

Default: Instances are launched in any available Availability Zone.

' + blockDurationMinutes: + allOf: + - $ref: '#/components/schemas/Integer' + - description: Deprecated. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency in the Amazon EC2 User Guide for Linux Instances.' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + instanceCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The maximum number of Spot Instances to launch.

Default: 1

' + launchGroup: + allOf: + - $ref: '#/components/schemas/RequestSpotLaunchSpecification' + - description: The launch specification. + spotPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The maximum price per hour that you are willing to pay for a Spot Instance. The default is the On-Demand price. + type: + allOf: + - $ref: '#/components/schemas/SpotInstanceType' + - description: '

The Spot Instance request type.

Default: one-time

' + validFrom: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: '

The start date of the request. If this is a one-time request, the request becomes active at this date and time and remains active until all instances launch, the request expires, or the request is canceled. If the request is persistent, the request becomes active at this date and time and remains active until it expires or is canceled.

The specified start date and time cannot be equal to the current date and time. You must specify a start date and time that occurs after the current date and time.

' + validUntil: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: '

The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ).

  • For a persistent request, the request remains active until the ValidUntil date and time is reached. Otherwise, the request remains active until you cancel it.

  • For a one-time request, the request remains active until all instances launch, the request is canceled, or the ValidUntil date and time is reached. By default, the request is valid for 7 days from the date the request was created.

' + TagSpecification: + allOf: + - $ref: '#/components/schemas/InstanceInterruptionBehavior' + - description: The behavior when a Spot Instance is interrupted. The default is terminate. + description: Contains the parameters for RequestSpotInstances. + ReservationFleetInstanceSpecificationList: + type: array + items: + $ref: '#/components/schemas/ReservationFleetInstanceSpecification' + ReservedInstanceLimitPrice: + type: object + properties: + amount: + allOf: + - $ref: '#/components/schemas/Double' + - description: Used for Reserved Instance Marketplace offerings. Specifies the limit price on the total order (instanceCount * price). + currencyCode: + allOf: + - $ref: '#/components/schemas/CurrencyCodeValues' + - description: 'The currency in which the limitPrice amount is specified. At this time, the only supported currency is USD.' + description: Describes the limit price of a Reserved Instance offering. + ReservedInstanceReservationValue: + type: object + properties: + reservationValue: + allOf: + - $ref: '#/components/schemas/ReservationValue' + - description: The total value of the Convertible Reserved Instance that you are exchanging. + reservedInstanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Convertible Reserved Instance that you are exchanging. + description: The total value of the Convertible Reserved Instance. + ReservedInstanceState: + type: string + enum: + - payment-pending + - active + - payment-failed + - retired + - queued + - queued-deleted + scope: + type: string + enum: + - Availability Zone + - Region + ReservedInstances: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone in which the Reserved Instance can be used. + duration: + allOf: + - $ref: '#/components/schemas/Long' + - description: 'The duration of the Reserved Instance, in seconds.' + end: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time when the Reserved Instance expires. + fixedPrice: + allOf: + - $ref: '#/components/schemas/Float' + - description: The purchase price of the Reserved Instance. + instanceCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of reservations purchased. + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type on which the Reserved Instance can be used. + productDescription: + allOf: + - $ref: '#/components/schemas/RIProductDescription' + - description: The Reserved Instance product platform description. + reservedInstancesId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Reserved Instance. + start: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The date and time the Reserved Instance started. + state: + allOf: + - $ref: '#/components/schemas/ReservedInstanceState' + - description: The state of the Reserved Instance purchase. + usagePrice: + allOf: + - $ref: '#/components/schemas/Float' + - description: 'The usage price of the Reserved Instance, per hour.' + currencyCode: + allOf: + - $ref: '#/components/schemas/CurrencyCodeValues' + - description: 'The currency of the Reserved Instance. It''s specified using ISO 4217 standard currency codes. At this time, the only supported currency is USD.' + instanceTenancy: + allOf: + - $ref: '#/components/schemas/Tenancy' + - description: The tenancy of the instance. + offeringClass: + allOf: + - $ref: '#/components/schemas/OfferingClassType' + - description: The offering class of the Reserved Instance. + offeringType: + allOf: + - $ref: '#/components/schemas/OfferingTypeValues' + - description: The Reserved Instance offering type. + recurringCharges: + allOf: + - $ref: '#/components/schemas/RecurringChargesList' + - description: The recurring charge tag assigned to the resource. + scope: + allOf: + - $ref: '#/components/schemas/scope' + - description: The scope of the Reserved Instance. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the resource. + description: Describes a Reserved Instance. + ReservedInstancesId: + type: object + properties: + reservedInstancesId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Reserved Instance. + description: Describes the ID of a Reserved Instance. + ReservedInstancesListing: + type: object + properties: + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A unique, case-sensitive key supplied by the client to ensure that the request is idempotent. For more information, see Ensuring Idempotency.' + createDate: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time the listing was created. + instanceCounts: + allOf: + - $ref: '#/components/schemas/InstanceCountList' + - description: The number of instances in this state. + priceSchedules: + allOf: + - $ref: '#/components/schemas/PriceScheduleList' + - description: The price of the Reserved Instance listing. + reservedInstancesId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Reserved Instance. + reservedInstancesListingId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Reserved Instance listing. + status: + allOf: + - $ref: '#/components/schemas/ListingStatus' + - description: The status of the Reserved Instance listing. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: The reason for the current status of the Reserved Instance listing. The response can be blank. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the resource. + updateDate: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The last modified timestamp of the listing. + description: Describes a Reserved Instance listing. + ReservedInstancesModificationResultList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservedInstancesModificationResult' + - xml: + name: item + ReservedIntancesIds: + type: array + items: + allOf: + - $ref: '#/components/schemas/ReservedInstancesId' + - xml: + name: item + ReservedInstancesModification: + type: object + properties: + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A unique, case-sensitive key supplied by the client to ensure that the request is idempotent. For more information, see Ensuring Idempotency.' + createDate: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time when the modification request was created. + effectiveDate: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time for the modification to become effective. + modificationResultSet: + allOf: + - $ref: '#/components/schemas/ReservedInstancesModificationResultList' + - description: Contains target configurations along with their corresponding new Reserved Instance IDs. + reservedInstancesSet: + allOf: + - $ref: '#/components/schemas/ReservedIntancesIds' + - description: The IDs of one or more Reserved Instances. + reservedInstancesModificationId: + allOf: + - $ref: '#/components/schemas/String' + - description: A unique ID for the Reserved Instance modification. + status: + allOf: + - $ref: '#/components/schemas/String' + - description: The status of the Reserved Instances modification request. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: The reason for the status. + updateDate: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time when the modification request was last updated. + description: Describes a Reserved Instance modification. + ReservedInstancesModificationResult: + type: object + properties: + reservedInstancesId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID for the Reserved Instances that were created as part of the modification request. This field is only available when the modification is fulfilled. + targetConfiguration: + allOf: + - $ref: '#/components/schemas/ReservedInstancesConfiguration' + - description: The target Reserved Instances configurations supplied as part of the modification request. + description: Describes the modification request/s. + ReservedInstancesOffering: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone in which the Reserved Instance can be used. + duration: + allOf: + - $ref: '#/components/schemas/Long' + - description: 'The duration of the Reserved Instance, in seconds.' + fixedPrice: + allOf: + - $ref: '#/components/schemas/Float' + - description: The purchase price of the Reserved Instance. + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type on which the Reserved Instance can be used. + productDescription: + allOf: + - $ref: '#/components/schemas/RIProductDescription' + - description: The Reserved Instance product platform description. + reservedInstancesOfferingId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Reserved Instance offering. This is the offering ID used in GetReservedInstancesExchangeQuote to confirm that an exchange can be made. + usagePrice: + allOf: + - $ref: '#/components/schemas/Float' + - description: 'The usage price of the Reserved Instance, per hour.' + currencyCode: + allOf: + - $ref: '#/components/schemas/CurrencyCodeValues' + - description: 'The currency of the Reserved Instance offering you are purchasing. It''s specified using ISO 4217 standard currency codes. At this time, the only supported currency is USD.' + instanceTenancy: + allOf: + - $ref: '#/components/schemas/Tenancy' + - description: The tenancy of the instance. + marketplace: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Indicates whether the offering is available through the Reserved Instance Marketplace (resale) or Amazon Web Services. If it''s a Reserved Instance Marketplace offering, this is true.' + offeringClass: + allOf: + - $ref: '#/components/schemas/OfferingClassType' + - description: 'If convertible it can be exchanged for Reserved Instances of the same or higher monetary value, with different configurations. If standard, it is not possible to perform an exchange.' + offeringType: + allOf: + - $ref: '#/components/schemas/OfferingTypeValues' + - description: The Reserved Instance offering type. + pricingDetailsSet: + allOf: + - $ref: '#/components/schemas/PricingDetailsList' + - description: The pricing details of the Reserved Instance offering. + recurringCharges: + allOf: + - $ref: '#/components/schemas/RecurringChargesList' + - description: The recurring charge tag assigned to the resource. + scope: + allOf: + - $ref: '#/components/schemas/scope' + - description: Whether the Reserved Instance is applied to instances in a Region or an Availability Zone. + description: Describes a Reserved Instance offering. + ResetAddressAttributeRequest: + type: object + required: + - AllocationId + - Attribute + title: ResetAddressAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ResetEbsDefaultKmsKeyIdRequest: + type: object + title: ResetEbsDefaultKmsKeyIdRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ResetFpgaImageAttributeName: + type: string + enum: + - loadPermission + ResetFpgaImageAttributeRequest: + type: object + required: + - FpgaImageId + title: ResetFpgaImageAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ResetFpgaImageAttributeName' + - description: The attribute. + ResetImageAttributeName: + type: string + enum: + - launchPermission + ResetImageAttributeRequest: + type: object + required: + - Attribute + - ImageId + title: ResetImageAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ImageId' + - description: The ID of the AMI. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + description: Contains the parameters for ResetImageAttribute. + ResetInstanceAttributeRequest: + type: object + required: + - Attribute + - InstanceId + title: ResetInstanceAttributeRequest + properties: + attribute: + allOf: + - $ref: '#/components/schemas/InstanceAttributeName' + - description: '

The attribute to reset.

You can only reset the following attributes: kernel | ramdisk | sourceDestCheck.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + instanceId: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: The ID of the instance. + ResetNetworkInterfaceAttributeRequest: + type: object + required: + - NetworkInterfaceId + title: ResetNetworkInterfaceAttributeRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - description: The ID of the network interface. + sourceDestCheck: + allOf: + - $ref: '#/components/schemas/String' + - description: The source/destination checking attribute. Resets the value to true. + description: Contains the parameters for ResetNetworkInterfaceAttribute. + ResetSnapshotAttributeRequest: + type: object + required: + - Attribute + - SnapshotId + title: ResetSnapshotAttributeRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/SnapshotId' + - description: The ID of the snapshot. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ResourceList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + RestoreAddressToClassicRequest: + type: object + required: + - PublicIp + title: RestoreAddressToClassicRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + publicIp: + allOf: + - $ref: '#/components/schemas/String' + - description: The Elastic IP address. + RestoreImageFromRecycleBinRequest: + type: object + required: + - ImageId + title: RestoreImageFromRecycleBinRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + RestoreManagedPrefixListVersionRequest: + type: object + required: + - PrefixListId + - PreviousVersion + - CurrentVersion + title: RestoreManagedPrefixListVersionRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Long' + - description: The current version number for the prefix list. + RestoreSnapshotFromRecycleBinRequest: + type: object + required: + - SnapshotId + title: RestoreSnapshotFromRecycleBinRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + SnapshotState: + type: string + enum: + - pending + - completed + - error + - recoverable + - recovering + RestoreSnapshotTierRequest: + type: object + required: + - SnapshotId + title: RestoreSnapshotTierRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + RestoreSnapshotTierRequestTemporaryRestoreDays: + type: integer + ResultRange: + type: integer + minimum: 20 + maximum: 500 + RevokeClientVpnIngressRequest: + type: object + required: + - ClientVpnEndpointId + - TargetNetworkCidr + title: RevokeClientVpnIngressRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + SecurityGroupRuleIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + RevokeSecurityGroupEgressRequest: + type: object + required: + - GroupId + title: RevokeSecurityGroupEgressRequest + properties: + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + groupId: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - description: The ID of the security group. + ipPermissions: + allOf: + - $ref: '#/components/schemas/IpPermissionList' + - description: The sets of IP permissions. You can't specify a destination security group and a CIDR IP address range in the same set of permissions. + SecurityGroupRuleId: + allOf: + - $ref: '#/components/schemas/SecurityGroupRuleIdList' + - description: The IDs of the security group rules. + cidrIp: + allOf: + - $ref: '#/components/schemas/String' + - description: Not supported. Use a set of IP permissions to specify the CIDR. + fromPort: + allOf: + - $ref: '#/components/schemas/Integer' + - description: Not supported. Use a set of IP permissions to specify the port. + ipProtocol: + allOf: + - $ref: '#/components/schemas/String' + - description: Not supported. Use a set of IP permissions to specify the protocol name or number. + toPort: + allOf: + - $ref: '#/components/schemas/Integer' + - description: Not supported. Use a set of IP permissions to specify the port. + sourceSecurityGroupName: + allOf: + - $ref: '#/components/schemas/String' + - description: Not supported. Use a set of IP permissions to specify a destination security group. + sourceSecurityGroupOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: Not supported. Use a set of IP permissions to specify a destination security group. + RevokeSecurityGroupIngressRequest: + type: object + title: RevokeSecurityGroupIngressRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all ICMP codes for the ICMP type.' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + SecurityGroupRuleId: + allOf: + - $ref: '#/components/schemas/SecurityGroupRuleIdList' + - description: The IDs of the security group rules. + RootDeviceType: + type: string + enum: + - ebs + - instance-store + RouteOrigin: + type: string + enum: + - CreateRouteTable + - CreateRoute + - EnableVgwRoutePropagation + RouteState: + type: string + enum: + - active + - blackhole + Route: + type: object + properties: + destinationCidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv4 CIDR block used for the destination match. + destinationIpv6CidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 CIDR block used for the destination match. + destinationPrefixListId: + allOf: + - $ref: '#/components/schemas/String' + - description: The prefix of the Amazon Web Service. + egressOnlyInternetGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the egress-only internet gateway. + gatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of a gateway attached to your VPC. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of a NAT instance in your VPC. + instanceOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of Amazon Web Services account that owns the instance. + natGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of a NAT gateway. + transitGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of a transit gateway. + localGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the local gateway. + carrierGatewayId: + allOf: + - $ref: '#/components/schemas/CarrierGatewayId' + - description: The ID of the carrier gateway. + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the network interface. + origin: + allOf: + - $ref: '#/components/schemas/RouteOrigin' + - description:

Describes how the route was created.

  • CreateRouteTable - The route was automatically created when the route table was created.

  • CreateRoute - The route was manually added to the route table.

  • EnableVgwRoutePropagation - The route was propagated by route propagation.

+ state: + allOf: + - $ref: '#/components/schemas/RouteState' + - description: 'The state of the route. The blackhole state indicates that the route''s target isn''t available (for example, the specified gateway isn''t attached to the VPC, or the specified NAT instance has been terminated).' + vpcPeeringConnectionId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of a VPC peering connection. + coreNetworkArn: + allOf: + - $ref: '#/components/schemas/CoreNetworkArn' + - description: The Amazon Resource Name (ARN) of the core network. + description: Describes a route in a route table. + RouteList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Route' + - xml: + name: item + RouteTableAssociationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/RouteTableAssociation' + - xml: + name: item + RouteTableAssociation: + type: object + properties: + main: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether this is the main route table. + routeTableAssociationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the association. + routeTableId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the route table. + subnetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet. A subnet ID is not returned for an implicit association. + gatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the internet gateway or virtual private gateway. + associationState: + allOf: + - $ref: '#/components/schemas/RouteTableAssociationState' + - description: The state of the association. + description: Describes an association between a route table and a subnet or gateway. + RouteTableAssociationStateCode: + type: string + enum: + - associating + - associated + - disassociating + - disassociated + - failed + RouteTableIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/RouteTableId' + - xml: + name: item + RunInstancesUserData: + type: string + format: password + RunInstancesRequest: + type: object + required: + - MaxCount + - MinCount + title: RunInstancesRequest + properties: + BlockDeviceMapping: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

[EC2-VPC] The number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. You cannot specify this option and the option to assign specific IPv6 addresses in the same request. You can specify this option if you''ve specified a minimum number of instances to launch.

You cannot specify this option and the network interfaces option in the same request.

' + Ipv6Address: + allOf: + - $ref: '#/components/schemas/RamdiskId' + - description: '

The ID of the RAM disk to select. Some kernels require additional drivers at launch. Check the kernel requirements for information about whether you need to specify a RAM disk. To find kernel requirements, go to the Amazon Web Services Resource Center and search for the kernel ID.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB in the Amazon EC2 User Guide.

' + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/SecurityGroupIdStringList' + - description: '

The IDs of the security groups. You can create a security group using CreateSecurityGroup.

If you specify a network interface, you must specify any security groups as part of the network interface.

' + SecurityGroup: + allOf: + - $ref: '#/components/schemas/RunInstancesUserData' + - description: 'The user data script to make available to the instance. For more information, see Run commands on your Linux instance at launch and Run commands on your Windows instance at launch. If you are using a command line tool, base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide base64-encoded text. User data is limited to 16 KB.' + additionalInfo: + allOf: + - $ref: '#/components/schemas/String' + - description: Reserved. + clientToken: + allOf: + - $ref: '#/components/schemas/String' + - description: '

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.

For more information, see Ensuring Idempotency.

Constraints: Maximum 64 ASCII characters

' + disableApiTermination: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

If you set this parameter to true, you can''t terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use ModifyInstanceAttribute. Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, you can terminate the instance by running the shutdown command from the instance.

Default: false

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ebsOptimized: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn''t available with all instance types. Additional usage charges apply when using an EBS-optimized instance.

Default: false

' + iamInstanceProfile: + allOf: + - $ref: '#/components/schemas/IamInstanceProfileSpecification' + - description: The name or Amazon Resource Name (ARN) of an IAM instance profile. + instanceInitiatedShutdownBehavior: + allOf: + - $ref: '#/components/schemas/ShutdownBehavior' + - description: '

Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown).

Default: stop

' + networkInterface: + allOf: + - $ref: '#/components/schemas/InstanceNetworkInterfaceSpecificationList' + - description: 'The network interfaces to associate with the instance. If you specify a network interface, you must specify any security groups and subnets as part of the network interface.' + privateIpAddress: + allOf: + - $ref: '#/components/schemas/ElasticGpuSpecifications' + - description: 'An elastic GPU to associate with the instance. An Elastic GPU is a GPU resource that you can attach to your Windows instance to accelerate the graphics performance of your applications. For more information, see Amazon EC2 Elastic GPUs in the Amazon EC2 User Guide.' + ElasticInferenceAccelerator: + allOf: + - $ref: '#/components/schemas/ElasticInferenceAccelerators' + - description:

An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads.

You cannot specify accelerators from different generations in the same request.

+ TagSpecification: + allOf: + - $ref: '#/components/schemas/HibernationOptionsRequest' + - description: '

Indicates whether an instance is enabled for hibernation. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

You can''t enable hibernation and Amazon Web Services Nitro Enclaves on the same instance.

' + LicenseSpecification: + allOf: + - $ref: '#/components/schemas/InstanceMaintenanceOptionsRequest' + - description: The maintenance and recovery options for the instance. + RunScheduledInstancesRequest: + type: object + required: + - LaunchSpecification + - ScheduledInstanceId + title: RunScheduledInstancesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ScheduledInstanceId' + - description: The Scheduled Instance ID. + description: Contains the parameters for RunScheduledInstances. + S3ObjectTagList: + type: array + items: + allOf: + - $ref: '#/components/schemas/S3ObjectTag' + - xml: + name: item + ScheduledInstanceRecurrence: + type: object + properties: + frequency: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The frequency (Daily, Weekly, or Monthly).' + interval: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The interval quantity. The interval unit depends on the value of frequency. For example, every 2 weeks or every 2 months.' + occurrenceDaySet: + allOf: + - $ref: '#/components/schemas/OccurrenceDaySet' + - description: 'The days. For a monthly schedule, this is one or more days of the month (1-31). For a weekly schedule, this is one or more days of the week (1-7, where 1 is Sunday).' + occurrenceRelativeToEnd: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the occurrence is relative to the end of the specified week or month. + occurrenceUnit: + allOf: + - $ref: '#/components/schemas/String' + - description: The unit for occurrenceDaySet (DayOfWeek or DayOfMonth). + description: Describes the recurring schedule for a Scheduled Instance. + ScheduledInstanceAvailability: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone. + availableInstanceCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of available instances. + firstSlotStartTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time period for the first schedule to start. + hourlyPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The hourly price for a single instance. + instanceType: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The instance type. You can specify one of the C3, C4, M4, or R3 instance types.' + maxTermDurationInDays: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The maximum term. The only possible value is 365 days. + minTermDurationInDays: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The minimum term. The only possible value is 365 days. + networkPlatform: + allOf: + - $ref: '#/components/schemas/String' + - description: The network platform (EC2-Classic or EC2-VPC). + platform: + allOf: + - $ref: '#/components/schemas/String' + - description: The platform (Linux/UNIX or Windows). + purchaseToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The purchase token. This token expires in two hours. + recurrence: + allOf: + - $ref: '#/components/schemas/ScheduledInstanceRecurrence' + - description: The schedule recurrence. + slotDurationInHours: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of hours in the schedule. + totalScheduledInstanceHours: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The total number of hours for a single instance for the entire term. + description: Describes a schedule that is available for your Scheduled Instances. + ScheduledInstanceIdRequestSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ScheduledInstanceId' + - xml: + name: ScheduledInstanceId + ScheduledInstancesBlockDeviceMapping: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The virtual device name (ephemeralN). Instance store volumes are numbered starting from 0. An instance type with two available instance store volumes can specify mappings for ephemeral0 and ephemeral1. The number of available instance store volumes depends on the instance type. After you connect to the instance, you must mount the volume.

Constraints: For M3 instances, you must specify instance store volumes in the block device mapping for the instance. When you launch an M3 instance, we ignore any instance store volumes specified in the block device mapping for the AMI.

' + description: Describes a block device mapping for a Scheduled Instance. + ScheduledInstancesBlockDeviceMappingSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ScheduledInstancesBlockDeviceMapping' + - xml: + name: BlockDeviceMapping + ScheduledInstancesEbs: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The volume type. gp2 for General Purpose SSD, io1 or io2 for Provisioned IOPS SSD, Throughput Optimized HDD for st1, Cold HDD for sc1, or standard for Magnetic.

Default: gp2

' + description: Describes an EBS volume for a Scheduled Instance. + ScheduledInstancesIamInstanceProfile: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The name. + description: Describes an IAM instance profile for a Scheduled Instance. + ScheduledInstancesIpv6Address: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Ipv6Address' + - description: The IPv6 address. + description: Describes an IPv6 address. + ScheduledInstancesIpv6AddressList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ScheduledInstancesIpv6Address' + - xml: + name: Ipv6Address + ScheduledInstancesLaunchSpecification: + type: object + required: + - ImageId + properties: + BlockDeviceMapping: + allOf: + - $ref: '#/components/schemas/ScheduledInstancesMonitoring' + - description: Enable or disable monitoring for the instances. + NetworkInterface: + allOf: + - $ref: '#/components/schemas/RamdiskId' + - description: The ID of the RAM disk. + SecurityGroupId: + allOf: + - $ref: '#/components/schemas/String' + - description: The base64-encoded MIME user data. + description: '

Describes the launch specification for a Scheduled Instance.

If you are launching the Scheduled Instance in EC2-VPC, you must specify the ID of the subnet. You can specify the subnet using either SubnetId or NetworkInterface.

' + ScheduledInstancesNetworkInterface: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The index of the device for the network interface attachment. + Group: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of IPv6 addresses to assign to the network interface. The IPv6 addresses are automatically selected from the subnet range. + Ipv6Address: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv4 address of the network interface within the subnet. + PrivateIpAddressConfig: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: The ID of the subnet. + description: Describes a network interface for a Scheduled Instance. + ScheduledInstancesNetworkInterfaceSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ScheduledInstancesNetworkInterface' + - xml: + name: NetworkInterface + ScheduledInstancesPlacement: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/PlacementGroupName' + - description: The name of the placement group. + description: Describes the placement for a Scheduled Instance. + ScheduledInstancesSecurityGroupIdSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: SecurityGroupId + SearchLocalGatewayRoutesRequest: + type: object + required: + - LocalGatewayRouteTableId + title: SearchLocalGatewayRoutesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/LocalGatewayRoutetableId' + - description: The ID of the local gateway route table. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + SearchTransitGatewayMulticastGroupsRequest: + type: object + title: SearchTransitGatewayMulticastGroupsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastDomainId' + - description: The ID of the transit gateway multicast domain. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayMulticastGroupList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulticastGroup' + - xml: + name: item + SearchTransitGatewayRoutesRequest: + type: object + required: + - TransitGatewayRouteTableId + - Filters + title: SearchTransitGatewayRoutesRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteTableId' + - description: The ID of the transit gateway route table. + Filter: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TransitGatewayRouteList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayRoute' + - xml: + name: item + SecurityGroup: + type: object + properties: + groupDescription: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the security group. + groupName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the security group. + ipPermissions: + allOf: + - $ref: '#/components/schemas/IpPermissionList' + - description: The inbound rules associated with the security group. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID of the owner of the security group. + groupId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the security group. + ipPermissionsEgress: + allOf: + - $ref: '#/components/schemas/IpPermissionList' + - description: '[VPC only] The outbound rules associated with the security group.' + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the security group. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: '[VPC only] The ID of the VPC for the security group.' + description: Describes a security group. + SecurityGroupReference: + type: object + properties: + groupId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of your security group. + referencingVpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC with the referencing security group. + vpcPeeringConnectionId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC peering connection. + description: Describes a VPC with a security group that references your security group. + SecurityGroupRuleId: + type: string + SecurityGroupRule: + type: object + properties: + securityGroupRuleId: + allOf: + - $ref: '#/components/schemas/SecurityGroupRuleId' + - description: The ID of the security group rule. + groupId: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - description: The ID of the security group. + groupOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ID of the Amazon Web Services account that owns the security group. ' + isEgress: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the security group rule is an outbound rule. + ipProtocol: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers).

Use -1 to specify all protocols.

' + fromPort: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.' + toPort: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes. ' + cidrIpv4: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv4 CIDR range. + cidrIpv6: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 CIDR range. + prefixListId: + allOf: + - $ref: '#/components/schemas/PrefixListResourceId' + - description: The ID of the prefix list. + referencedGroupInfo: + allOf: + - $ref: '#/components/schemas/ReferencedSecurityGroup' + - description: Describes the security group that is referenced in the rule. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The security group rule description. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags applied to the security group rule. + description: Describes a security group rule. + SecurityGroupRuleDescriptionList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupRuleDescription' + - xml: + name: item + SecurityGroupRuleRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the security group rule. + description: '

Describes a security group rule.

You must specify exactly one of the following parameters, based on the rule type:

  • CidrIpv4

  • CidrIpv6

  • PrefixListId

  • ReferencedGroupId

When you modify a rule, you cannot change the rule type. For example, if the rule uses an IPv4 address range, you must use CidrIpv4 to specify a new IPv4 address range.

' + SecurityGroupRuleUpdateList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupRuleUpdate' + - xml: + name: item + SelfServicePortal: + type: string + enum: + - enabled + - disabled + SendDiagnosticInterruptRequest: + type: object + required: + - InstanceId + title: SendDiagnosticInterruptRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ServiceTypeDetailSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ServiceTypeDetail' + - xml: + name: item + ServiceState: + type: string + enum: + - Pending + - Available + - Deleting + - Deleted + - Failed + SupportedIpAddressTypes: + type: array + items: + allOf: + - $ref: '#/components/schemas/ServiceConnectivityType' + - xml: + name: item + minItems: 0 + maxItems: 2 + ServiceConnectivityType: + type: string + enum: + - ipv4 + - ipv6 + ServiceDetail: + type: object + properties: + serviceName: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the service. + serviceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the endpoint service. + serviceType: + allOf: + - $ref: '#/components/schemas/ServiceTypeDetailSet' + - description: The type of service. + availabilityZoneSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The Availability Zones in which the service is available. + owner: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Web Services account ID of the service owner. + baseEndpointDnsNameSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The DNS names for the service. + privateDnsName: + allOf: + - $ref: '#/components/schemas/String' + - description: The private DNS name for the service. + privateDnsNameSet: + allOf: + - $ref: '#/components/schemas/PrivateDnsDetailsSet' + - description: 'The private DNS names assigned to the VPC endpoint service. ' + vpcEndpointPolicySupported: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the service supports endpoint policies. + acceptanceRequired: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether VPC endpoint connection requests to the service must be accepted by the service owner. + managesVpcEndpoints: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the service manages its VPC endpoints. Management of the service VPC endpoints using the VPC endpoint API is restricted. + payerResponsibility: + allOf: + - $ref: '#/components/schemas/PayerResponsibility' + - description: The payer responsibility. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the service. + privateDnsNameVerificationState: + allOf: + - $ref: '#/components/schemas/DnsNameState' + - description:

The verification state of the VPC endpoint service.

Consumers of the endpoint service cannot use the private name when the state is not verified.

+ supportedIpAddressTypeSet: + allOf: + - $ref: '#/components/schemas/SupportedIpAddressTypes' + - description: The supported IP address types. + description: Describes a VPC endpoint service. + ServiceType: + type: string + enum: + - Interface + - Gateway + - GatewayLoadBalancer + ServiceTypeDetail: + type: object + properties: + serviceType: + allOf: + - $ref: '#/components/schemas/ServiceType' + - description: The type of service. + description: Describes the type of service for a VPC endpoint. + SlotDateTimeRangeRequest: + type: object + required: + - EarliestTime + - LatestTime + properties: + undefined: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The latest date and time, in UTC, for the Scheduled Instance to start. This value must be later than or equal to the earliest date and at most three months in the future.' + description: Describes the time period for a Scheduled Instance to start its first schedule. The time period must span less than one day. + StorageTier: + type: string + enum: + - archive + - standard + SnapshotAttributeName: + type: string + enum: + - productCodes + - createVolumePermission + UserBucketDetails: + type: object + properties: + s3Bucket: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon S3 bucket from which the disk image was created. + s3Key: + allOf: + - $ref: '#/components/schemas/String' + - description: The file name of the disk image. + description: Describes the Amazon S3 bucket for the disk image. + SnapshotDetail: + type: object + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description for the snapshot. + deviceName: + allOf: + - $ref: '#/components/schemas/String' + - description: The block device mapping for the snapshot. + diskImageSize: + allOf: + - $ref: '#/components/schemas/Double' + - description: 'The size of the disk in the snapshot, in GiB.' + format: + allOf: + - $ref: '#/components/schemas/String' + - description: The format of the disk image from which the snapshot is created. + progress: + allOf: + - $ref: '#/components/schemas/String' + - description: The percentage of progress for the task. + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: The snapshot ID of the disk being imported. + status: + allOf: + - $ref: '#/components/schemas/String' + - description: A brief status of the snapshot creation. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: A detailed status message for the snapshot creation. + url: + allOf: + - $ref: '#/components/schemas/String' + - description: The URL used to access the disk image. + userBucket: + allOf: + - $ref: '#/components/schemas/UserBucketDetails' + - description: The Amazon S3 bucket for the disk image. + description: Describes the snapshot created from the imported disk. + SnapshotDiskContainer: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/UserBucket' + - description: The Amazon S3 bucket for the disk image. + description: The disk container object for the import snapshot request. + SnapshotInfo: + type: object + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: Description specified by the CreateSnapshotRequest that has been applied to all snapshots. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Tags associated with this snapshot. + encrypted: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the snapshot is encrypted. + volumeId: + allOf: + - $ref: '#/components/schemas/String' + - description: Source volume from which this snapshot was created. + state: + allOf: + - $ref: '#/components/schemas/SnapshotState' + - description: Current state of the snapshot. + volumeSize: + allOf: + - $ref: '#/components/schemas/Integer' + - description: Size of the volume from which this snapshot was created. + startTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: Time this snapshot was started. This is the same for all snapshots initiated by the same request. + progress: + allOf: + - $ref: '#/components/schemas/String' + - description: Progress this snapshot has made towards completing. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: Account id used when creating this snapshot. + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: Snapshot id that can be used to describe this snapshot. + outpostArn: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ARN of the Outpost on which the snapshot is stored. For more information, see Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.' + description: Information about a snapshot. + SnapshotRecycleBinInfo: + type: object + properties: + snapshotId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the snapshot. + recycleBinEnterTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time when the snaphsot entered the Recycle Bin. + recycleBinExitTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time when the snapshot is to be permanently deleted from the Recycle Bin. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description for the snapshot. + volumeId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the volume from which the snapshot was created. + description: Information about a snapshot that is currently in the Recycle Bin. + TieringOperationStatus: + type: string + enum: + - archival-in-progress + - archival-completed + - archival-failed + - temporary-restore-in-progress + - temporary-restore-completed + - temporary-restore-failed + - permanent-restore-in-progress + - permanent-restore-completed + - permanent-restore-failed + SnapshotTierStatus: + type: object + properties: + snapshotId: + allOf: + - $ref: '#/components/schemas/SnapshotId' + - description: The ID of the snapshot. + volumeId: + allOf: + - $ref: '#/components/schemas/VolumeId' + - description: The ID of the volume from which the snapshot was created. + status: + allOf: + - $ref: '#/components/schemas/SnapshotState' + - description: The state of the snapshot. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the snapshot. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags that are assigned to the snapshot. + storageTier: + allOf: + - $ref: '#/components/schemas/StorageTier' + - description: The storage tier in which the snapshot is stored. standard indicates that the snapshot is stored in the standard snapshot storage tier and that it is ready for use. archive indicates that the snapshot is currently archived and that it must be restored before it can be used. + lastTieringStartTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time when the last archive or restore process was started. + lastTieringProgress: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The progress of the last archive or restore process, as a percentage.' + lastTieringOperationStatus: + allOf: + - $ref: '#/components/schemas/TieringOperationStatus' + - description: The status of the last archive or restore process. + lastTieringOperationStatusDetail: + allOf: + - $ref: '#/components/schemas/String' + - description: A message describing the status of the last archive or restore process. + archivalCompleteTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time when the last archive process was completed. + restoreExpiryTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: Only for archived snapshots that are temporarily restored. Indicates the date and time when a temporarily restored snapshot will be automatically re-archived. + description: Provides information about a snapshot's storage tier. + SpotAllocationStrategy: + type: string + enum: + - lowest-price + - diversified + - capacity-optimized + - capacity-optimized-prioritized + SpotCapacityRebalance: + type: object + properties: + replacementStrategy: + allOf: + - $ref: '#/components/schemas/ReplacementStrategy' + - description: '

The replacement strategy to use. Only available for fleets of type maintain.

launch - Spot Fleet launches a new replacement Spot Instance when a rebalance notification is emitted for an existing Spot Instance in the fleet. Spot Fleet does not terminate the instances that receive a rebalance notification. You can terminate the old instances, or you can leave them running. You are charged for all instances while they are running.

launch-before-terminate - Spot Fleet launches a new replacement Spot Instance when a rebalance notification is emitted for an existing Spot Instance in the fleet, and then, after a delay that you specify (in TerminationDelay), terminates the instances that received a rebalance notification.

' + terminationDelay: + allOf: + - $ref: '#/components/schemas/Integer' + - description: '

The amount of time (in seconds) that Amazon EC2 waits before terminating the old Spot Instance after launching a new replacement Spot Instance.

Required when ReplacementStrategy is set to launch-before-terminate.

Not valid when ReplacementStrategy is set to launch.

Valid values: Minimum value of 120 seconds. Maximum value of 7200 seconds.

' + description: 'The Spot Instance replacement strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. For more information, see Capacity rebalancing in the Amazon EC2 User Guide for Linux Instances.' + SpotInstanceStateFault: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/String' + - description: The reason code for the Spot Instance state change. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: The message for the Spot Instance state change. + description: Describes a Spot Instance state change. + SpotFleetMonitoring: + type: object + properties: + enabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Enables monitoring for the instance.

Default: false

' + description: Describes whether monitoring is enabled. + SpotFleetTagSpecificationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SpotFleetTagSpecification' + - xml: + name: item + SpotFleetRequestConfig: + type: object + properties: + activityStatus: + allOf: + - $ref: '#/components/schemas/ActivityStatus' + - description: 'The progress of the Spot Fleet request. If there is an error, the status is error. After all requests are placed, the status is pending_fulfillment. If the size of the fleet is equal to or greater than its target capacity, the status is fulfilled. If the size of the fleet is decreased, the status is pending_termination while Spot Instances are terminating.' + createTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The creation date and time of the request. + spotFleetRequestConfig: + allOf: + - $ref: '#/components/schemas/SpotFleetRequestConfigData' + - description: The configuration of the Spot Fleet request. + spotFleetRequestId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Spot Fleet request. + spotFleetRequestState: + allOf: + - $ref: '#/components/schemas/BatchState' + - description: The state of the Spot Fleet request. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for a Spot Fleet resource. + description: Describes a Spot Fleet request. + SpotFleetTagSpecification: + type: object + properties: + resourceType: + allOf: + - $ref: '#/components/schemas/ResourceType' + - description: 'The type of resource. Currently, the only resource type that is supported is instance. To tag the Spot Fleet request on creation, use the TagSpecifications parameter in SpotFleetRequestConfigData .' + tag: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags. + description: The tags for a Spot Fleet resource. + SpotInstanceInterruptionBehavior: + type: string + enum: + - hibernate + - stop + - terminate + SpotInstanceState: + type: string + enum: + - open + - active + - closed + - cancelled + - failed + SpotInstanceStatus: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The status code. For a list of status codes, see Spot request status codes in the Amazon EC2 User Guide for Linux Instances.' + message: + allOf: + - $ref: '#/components/schemas/String' + - description: The description for the status code. + updateTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The date and time of the most recent status update, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + description: Describes the status of a Spot Instance request. + SpotInstanceRequest: + type: object + properties: + actualBlockHourlyPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: Deprecated. + availabilityZoneGroup: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The Availability Zone group. If you specify the same Availability Zone group for all Spot Instance requests, all Spot Instances are launched in the same Availability Zone.' + blockDurationMinutes: + allOf: + - $ref: '#/components/schemas/Integer' + - description: Deprecated. + createTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The date and time when the Spot Instance request was created, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + fault: + allOf: + - $ref: '#/components/schemas/SpotInstanceStateFault' + - description: 'The fault codes for the Spot Instance request, if any.' + instanceId: + allOf: + - $ref: '#/components/schemas/InstanceId' + - description: 'The instance ID, if an instance has been launched to fulfill the Spot Instance request.' + launchGroup: + allOf: + - $ref: '#/components/schemas/String' + - description: The instance launch group. Launch groups are Spot Instances that launch together and terminate together. + launchSpecification: + allOf: + - $ref: '#/components/schemas/LaunchSpecification' + - description: Additional information for launching instances. + launchedAvailabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone in which the request is launched. + productDescription: + allOf: + - $ref: '#/components/schemas/RIProductDescription' + - description: The product description associated with the Spot Instance. + spotInstanceRequestId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Spot Instance request. + spotPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The maximum price per hour that you are willing to pay for a Spot Instance. + state: + allOf: + - $ref: '#/components/schemas/SpotInstanceState' + - description: 'The state of the Spot Instance request. Spot request status information helps track your Spot Instance requests. For more information, see Spot request status in the Amazon EC2 User Guide for Linux Instances.' + status: + allOf: + - $ref: '#/components/schemas/SpotInstanceStatus' + - description: The status code and status message describing the Spot Instance request. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the resource. + type: + allOf: + - $ref: '#/components/schemas/SpotInstanceType' + - description: The Spot Instance request type. + validFrom: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The start date of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). The request becomes active at this date and time.' + validUntil: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: '

The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ).

  • For a persistent request, the request remains active until the validUntil date and time is reached. Otherwise, the request remains active until you cancel it.

  • For a one-time request, the request remains active until all instances launch, the request is canceled, or the validUntil date and time is reached. By default, the request is valid for 7 days from the date the request was created.

' + instanceInterruptionBehavior: + allOf: + - $ref: '#/components/schemas/InstanceInterruptionBehavior' + - description: The behavior when a Spot Instance is interrupted. + description: Describes a Spot Instance request. + SpotOptionsRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The maximum amount per hour for Spot Instances that you're willing to pay. + description: Describes the configuration of Spot Instances in an EC2 Fleet request. + SpotPlacementScore: + type: object + properties: + region: + allOf: + - $ref: '#/components/schemas/String' + - description: The Region. + availabilityZoneId: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone. + score: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The placement score, on a scale from 1 to 10. A score of 10 indicates that your Spot request is highly likely to succeed in this Region or Availability Zone. A score of 1 indicates that your Spot request is not likely to succeed. ' + description: The Spot placement score for this Region or Availability Zone. The score is calculated based on the assumption that the capacity-optimized allocation strategy is used and that all of the Availability Zones in the Region can be used. + SpotPlacementScoresMaxResults: + type: integer + minimum: 10 + maximum: 1000 + SpotPlacementScoresTargetCapacity: + type: integer + minimum: 1 + maximum: 2000000000 + SpotPrice: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone. + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type. + productDescription: + allOf: + - $ref: '#/components/schemas/RIProductDescription' + - description: A general description of the AMI. + spotPrice: + allOf: + - $ref: '#/components/schemas/String' + - description: The maximum price per hour that you are willing to pay for a Spot Instance. + timestamp: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: 'The date and time the request was created, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).' + description: Describes the maximum price per hour that you are willing to pay for a Spot Instance. + UserIdGroupPairSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/UserIdGroupPair' + - xml: + name: item + StaleIpPermission: + type: object + properties: + fromPort: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The start of the port range for the TCP and UDP protocols, or an ICMP type number. A value of -1 indicates all ICMP types. ' + ipProtocol: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The IP protocol name (for tcp, udp, and icmp) or number (see Protocol Numbers).' + ipRanges: + allOf: + - $ref: '#/components/schemas/IpRanges' + - description: The IP ranges. Not applicable for stale security group rules. + prefixListIds: + allOf: + - $ref: '#/components/schemas/PrefixListIdSet' + - description: The prefix list IDs. Not applicable for stale security group rules. + toPort: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The end of the port range for the TCP and UDP protocols, or an ICMP type number. A value of -1 indicates all ICMP types. ' + groups: + allOf: + - $ref: '#/components/schemas/UserIdGroupPairSet' + - description: 'The security group pairs. Returns the ID of the referenced security group and VPC, and the ID and status of the VPC peering connection.' + description: Describes a stale rule in a security group. + StaleIpPermissionSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/StaleIpPermission' + - xml: + name: item + StaleSecurityGroup: + type: object + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description of the security group. + groupId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the security group. + groupName: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the security group. + staleIpPermissions: + allOf: + - $ref: '#/components/schemas/StaleIpPermissionSet' + - description: Information about the stale inbound rules in the security group. + staleIpPermissionsEgress: + allOf: + - $ref: '#/components/schemas/StaleIpPermissionSet' + - description: Information about the stale outbound rules in the security group. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC for the security group. + description: Describes a stale security group (a security group that contains stale rules). + StartInstancesRequest: + type: object + required: + - InstanceIds + title: StartInstancesRequest + properties: + InstanceId: + allOf: + - $ref: '#/components/schemas/InstanceIdStringList' + - description: The IDs of the instances. + additionalInfo: + allOf: + - $ref: '#/components/schemas/String' + - description: Reserved. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + StartNetworkInsightsAccessScopeAnalysisRequest: + type: object + required: + - NetworkInsightsAccessScopeId + - ClientToken + title: StartNetworkInsightsAccessScopeAnalysisRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + StartNetworkInsightsAnalysisRequest: + type: object + required: + - NetworkInsightsPathId + - ClientToken + title: StartNetworkInsightsAnalysisRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/NetworkInsightsPathId' + - description: The ID of the path. + FilterInArn: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TagSpecification: + allOf: + - $ref: '#/components/schemas/String' + - description: 'Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.' + StartVpcEndpointServicePrivateDnsVerificationRequest: + type: object + required: + - ServiceId + title: StartVpcEndpointServicePrivateDnsVerificationRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VpcEndpointServiceId' + - description: The ID of the endpoint service. + State: + type: string + enum: + - PendingAcceptance + - Pending + - Available + - Deleting + - Deleted + - Rejected + - Failed + - Expired + StaticSourcesSupportValue: + type: string + enum: + - enable + - disable + StopInstancesRequest: + type: object + required: + - InstanceIds + title: StopInstancesRequest + properties: + InstanceId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Hibernates the instance if the instance was enabled for hibernation at launch. If the instance cannot hibernate successfully, a normal shutdown occurs. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

Default: false

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + force: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Forces the instances to stop. The instances do not have an opportunity to flush file system caches or file system metadata. If you use this option, you must perform file system check and repair procedures. This option is not recommended for Windows instances.

Default: false

' + StorageLocation: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The key. + description: Describes a storage location in Amazon S3. + StoreImageTaskResult: + type: object + properties: + amiId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the AMI that is being stored. + taskStartTime: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The time the task started. + bucket: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the Amazon S3 bucket that contains the stored AMI object. + s3objectKey: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the stored AMI object in the bucket. + progressPercentage: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The progress of the task as a percentage. + storeTaskState: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The state of the store task (InProgress, Completed, or Failed).' + storeTaskFailureReason: + allOf: + - $ref: '#/components/schemas/String' + - description: 'If the tasks fails, the reason for the failure is returned. If the task succeeds, null is returned.' + description: 'The information about the AMI store task, including the progress of the task.' + SubnetState: + type: string + enum: + - pending + - available + SubnetIpv6CidrBlockAssociationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/SubnetIpv6CidrBlockAssociation' + - xml: + name: item + TransitGatewayMulitcastDomainAssociationState: + type: string + enum: + - pendingAcceptance + - associating + - associated + - disassociating + - disassociated + - rejected + - failed + SubnetAssociation: + type: object + properties: + subnetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayMulitcastDomainAssociationState' + - description: The state of the subnet association. + description: Describes the subnet association with the transit gateway multicast domain. + SubnetAssociationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SubnetAssociation' + - xml: + name: item + SubnetCidrBlockStateCode: + type: string + enum: + - associating + - associated + - disassociating + - disassociated + - failing + - failed + SubnetCidrBlockState: + type: object + properties: + state: + allOf: + - $ref: '#/components/schemas/SubnetCidrBlockStateCode' + - description: The state of a CIDR block. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A message about the status of the CIDR block, if applicable.' + description: Describes the state of a CIDR block. + SubnetCidrReservationId: + type: string + SubnetCidrReservationType: + type: string + enum: + - prefix + - explicit + SuccessfulInstanceCreditSpecificationItem: + type: object + properties: + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + description: Describes the burstable performance instance whose credit option for CPU usage was successfully modified. + SuccessfulQueuedPurchaseDeletion: + type: object + properties: + reservedInstancesId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Reserved Instance. + description: Describes a Reserved Instance whose queued purchase was successfully deleted. + TagDescription: + type: object + properties: + key: + allOf: + - $ref: '#/components/schemas/String' + - description: The tag key. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource. + resourceType: + allOf: + - $ref: '#/components/schemas/ResourceType' + - description: The resource type. + value: + allOf: + - $ref: '#/components/schemas/String' + - description: The tag value. + description: Describes a tag. + TargetCapacitySpecificationRequest: + type: object + required: + - TotalTargetCapacity + properties: + undefined: + allOf: + - $ref: '#/components/schemas/TargetCapacityUnitType' + - description: '

The unit for the target capacity.

Default: units (translates to number of instances)

' + description: '

The number of units to request. You can choose to set the target capacity as the number of instances. Or you can set the target capacity to a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.

You can use the On-Demand Instance MaxTotalPrice parameter, the Spot Instance MaxTotalPrice parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, EC2 Fleet will launch instances until it reaches the maximum amount that you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity. The MaxTotalPrice parameters are located in OnDemandOptionsRequest and SpotOptionsRequest.

' + TargetConfiguration: + type: object + properties: + instanceCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of instances the Convertible Reserved Instance offering can be applied to. This parameter is reserved and cannot be specified in a request + offeringId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Convertible Reserved Instance offering. + description: Information about the Convertible Reserved Instance offering. + TargetGroup: + type: object + properties: + arn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the target group. + description: Describes a load balancer target group. + TargetGroups: + type: array + items: + allOf: + - $ref: '#/components/schemas/TargetGroup' + - xml: + name: item + minItems: 1 + maxItems: 5 + TargetNetwork: + type: object + properties: + associationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the association. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC in which the target network (subnet) is located. + targetNetworkId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet specified as the target network. + clientVpnEndpointId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Client VPN endpoint with which the target network is associated. + status: + allOf: + - $ref: '#/components/schemas/AssociationStatus' + - description: The current state of the target network association. + securityGroups: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The IDs of the security groups applied to the target network association. + description: Describes a target network associated with a Client VPN endpoint. + TargetReservationValue: + type: object + properties: + reservationValue: + allOf: + - $ref: '#/components/schemas/ReservationValue' + - description: 'The total value of the Convertible Reserved Instances that make up the exchange. This is the sum of the list value, remaining upfront price, and additional upfront cost of the exchange.' + targetConfiguration: + allOf: + - $ref: '#/components/schemas/TargetConfiguration' + - description: The configuration of the Convertible Reserved Instances that make up the exchange. + description: The total value of the new Convertible Reserved Instances. + TargetStorageTier: + type: string + enum: + - archive + TelemetryStatus: + type: string + enum: + - UP + - DOWN + TerminateClientVpnConnectionsRequest: + type: object + required: + - ClientVpnEndpointId + title: TerminateClientVpnConnectionsRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + TerminateConnectionStatusSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/TerminateConnectionStatus' + - xml: + name: item + TerminateConnectionStatus: + type: object + properties: + connectionId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the client connection. + previousStatus: + allOf: + - $ref: '#/components/schemas/ClientVpnConnectionStatus' + - description: The state of the client connection. + currentStatus: + allOf: + - $ref: '#/components/schemas/ClientVpnConnectionStatus' + - description: 'A message about the status of the client connection, if applicable.' + description: Information about a terminated Client VPN endpoint client connection. + TerminateInstancesRequest: + type: object + required: + - InstanceIds + title: TerminateInstancesRequest + properties: + InstanceId: + allOf: + - $ref: '#/components/schemas/InstanceIdStringList' + - description: '

The IDs of the instances.

Constraints: Up to 1000 instance IDs. We recommend breaking up this request into smaller batches.

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ThreadsPerCore: + type: integer + ThreadsPerCoreList: + type: array + items: + allOf: + - $ref: '#/components/schemas/ThreadsPerCore' + - xml: + name: item + ThroughResourcesStatement: + type: object + properties: + resourceStatement: + allOf: + - $ref: '#/components/schemas/ResourceStatement' + - description: The resource statement. + description: Describes a through resource statement. + ThroughResourcesStatementRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/ResourceStatementRequest' + - description: The resource statement. + description: Describes a through resource statement. + TotalLocalStorageGBRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Double' + - description: 'The maximum amount of total local storage, in GB. To specify no maximum limit, omit this parameter.' + description: 'The minimum and maximum amount of total local storage, in GB.' + TrafficDirection: + type: string + enum: + - ingress + - egress + TrafficMirrorFilterRuleList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrafficMirrorFilterRule' + - xml: + name: item + TrafficMirrorFilterIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrafficMirrorFilterId' + - xml: + name: item + TrafficMirrorRuleAction: + type: string + enum: + - accept + - reject + TrafficMirrorPortRange: + type: object + properties: + fromPort: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The start of the Traffic Mirror port range. This applies to the TCP and UDP protocols. + toPort: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The end of the Traffic Mirror port range. This applies to the TCP and UDP protocols. + description: Describes the Traffic Mirror port range. + TrafficMirrorFilterRuleFieldList: + type: array + items: + $ref: '#/components/schemas/TrafficMirrorFilterRuleField' + TrafficMirrorFilterRuleId: + type: string + TrafficMirrorPortRangeRequest: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The last port in the Traffic Mirror port range. This applies to the TCP and UDP protocols. + description: Information about the Traffic Mirror filter rule port range. + TrafficMirrorSessionFieldList: + type: array + items: + $ref: '#/components/schemas/TrafficMirrorSessionField' + TrafficMirrorSessionIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrafficMirrorSessionId' + - xml: + name: item + TrafficMirrorTargetType: + type: string + enum: + - network-interface + - network-load-balancer + - gateway-load-balancer-endpoint + TrafficMirrorTargetIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrafficMirrorTargetId' + - xml: + name: item + TrafficMirroringMaxResults: + type: integer + minimum: 5 + maximum: 1000 + TransitAssociationGatewayId: + type: string + TransitGatewayState: + type: string + enum: + - pending + - available + - modifying + - deleting + - deleted + TransitGatewayOptions: + type: object + properties: + amazonSideAsn: + allOf: + - $ref: '#/components/schemas/Long' + - description: A private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs. + transitGatewayCidrBlocks: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The transit gateway CIDR blocks. + autoAcceptSharedAttachments: + allOf: + - $ref: '#/components/schemas/AutoAcceptSharedAttachmentsValue' + - description: Indicates whether attachment requests are automatically accepted. + defaultRouteTableAssociation: + allOf: + - $ref: '#/components/schemas/DefaultRouteTableAssociationValue' + - description: Indicates whether resource attachments are automatically associated with the default association route table. + associationDefaultRouteTableId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the default association route table. + defaultRouteTablePropagation: + allOf: + - $ref: '#/components/schemas/DefaultRouteTablePropagationValue' + - description: Indicates whether resource attachments automatically propagate routes to the default propagation route table. + propagationDefaultRouteTableId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the default propagation route table. + vpnEcmpSupport: + allOf: + - $ref: '#/components/schemas/VpnEcmpSupportValue' + - description: Indicates whether Equal Cost Multipath Protocol support is enabled. + dnsSupport: + allOf: + - $ref: '#/components/schemas/DnsSupportValue' + - description: Indicates whether DNS support is enabled. + multicastSupport: + allOf: + - $ref: '#/components/schemas/MulticastSupportValue' + - description: Indicates whether multicast is enabled on the transit gateway + description: Describes the options for a transit gateway. + TransitGatewayAttachmentResourceType: + type: string + enum: + - vpc + - vpn + - direct-connect-gateway + - connect + - peering + - tgw-peering + TransitGatewayAssociationState: + type: string + enum: + - associating + - associated + - disassociating + - disassociated + TransitGatewayAttachmentState: + type: string + enum: + - initiating + - initiatingRequest + - pendingAcceptance + - rollingBack + - pending + - available + - modifying + - deleting + - deleted + - failed + - rejected + - rejecting + - failing + TransitGatewayAttachmentAssociation: + type: object + properties: + transitGatewayRouteTableId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the route table for the transit gateway. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayAssociationState' + - description: The state of the association. + description: Describes an association. + TransitGatewayAttachment: + type: object + properties: + transitGatewayAttachmentId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the attachment. + transitGatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway. + transitGatewayOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the transit gateway. + resourceOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the resource. + resourceType: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' + - description: The resource type. Note that the tgw-peering resource type has been deprecated. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentState' + - description: The attachment state. Note that the initiating state has been deprecated. + association: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentAssociation' + - description: The association. + creationTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The creation time. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: The tags for the attachment. + description: Describes an attachment between a resource and a transit gateway. + TransitGatewayAttachmentBgpConfiguration: + type: object + properties: + transitGatewayAsn: + allOf: + - $ref: '#/components/schemas/Long' + - description: The transit gateway Autonomous System Number (ASN). + peerAsn: + allOf: + - $ref: '#/components/schemas/Long' + - description: The peer Autonomous System Number (ASN). + transitGatewayAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The interior BGP peer IP address for the transit gateway. + peerAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The interior BGP peer IP address for the appliance. + bgpStatus: + allOf: + - $ref: '#/components/schemas/BgpStatus' + - description: The BGP status. + description: The BGP configuration information. + TransitGatewayAttachmentBgpConfigurationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentBgpConfiguration' + - xml: + name: item + TransitGatewayPropagationState: + type: string + enum: + - enabling + - enabled + - disabling + - disabled + TransitGatewayAttachmentPropagation: + type: object + properties: + transitGatewayRouteTableId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the propagation route table. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayPropagationState' + - description: The state of the propagation route table. + description: Describes a propagation route table. + TransitGatewayConnectOptions: + type: object + properties: + protocol: + allOf: + - $ref: '#/components/schemas/ProtocolValue' + - description: The tunnel protocol. + description: Describes the Connect attachment options. + TransitGatewayConnectPeerState: + type: string + enum: + - pending + - available + - deleting + - deleted + TransitGatewayConnectPeerConfiguration: + type: object + properties: + transitGatewayAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The Connect peer IP address on the transit gateway side of the tunnel. + peerAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The Connect peer IP address on the appliance side of the tunnel. + insideCidrBlocks: + allOf: + - $ref: '#/components/schemas/InsideCidrBlocksStringList' + - description: The range of interior BGP peer IP addresses. + protocol: + allOf: + - $ref: '#/components/schemas/ProtocolValue' + - description: The tunnel protocol. + bgpConfigurations: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentBgpConfigurationList' + - description: The BGP configuration details. + description: Describes the Connect peer details. + TransitGatewayConnectRequestBgpOptions: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Long' + - description: The peer Autonomous System Number (ASN). + description: The BGP options for the Connect attachment. + TransitGatewayMaxResults: + type: integer + minimum: 5 + maximum: 1000 + TransitGatewayMulticastDomainOptions: + type: object + properties: + igmpv2Support: + allOf: + - $ref: '#/components/schemas/Igmpv2SupportValue' + - description: Indicates whether Internet Group Management Protocol (IGMP) version 2 is turned on for the transit gateway multicast domain. + staticSourcesSupport: + allOf: + - $ref: '#/components/schemas/StaticSourcesSupportValue' + - description: Indicates whether support for statically configuring transit gateway multicast group sources is turned on. + autoAcceptSharedAssociations: + allOf: + - $ref: '#/components/schemas/AutoAcceptSharedAssociationsValue' + - description: Indicates whether to automatically cross-account subnet associations that are associated with the transit gateway multicast domain. + description: Describes the options for a transit gateway multicast domain. + TransitGatewayMulticastDomainState: + type: string + enum: + - pending + - available + - deleting + - deleted + TransitGatewayMulticastDomainAssociation: + type: object + properties: + transitGatewayAttachmentId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway attachment. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource. + resourceType: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' + - description: 'The type of resource, for example a VPC attachment.' + resourceOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: ' The ID of the Amazon Web Services account that owns the transit gateway multicast domain association resource.' + subnet: + allOf: + - $ref: '#/components/schemas/SubnetAssociation' + - description: The subnet associated with the transit gateway multicast domain. + description: Describes the resources associated with the transit gateway multicast domain. + TransitGatewayMulticastGroup: + type: object + properties: + groupIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The IP address assigned to the transit gateway multicast group. + transitGatewayAttachmentId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway attachment. + subnetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource. + resourceType: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' + - description: 'The type of resource, for example a VPC attachment.' + resourceOwnerId: + allOf: + - $ref: '#/components/schemas/String' + - description: ' The ID of the Amazon Web Services account that owns the transit gateway multicast domain group resource.' + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the transit gateway attachment. + groupMember: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates that the resource is a transit gateway multicast group member. + groupSource: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates that the resource is a transit gateway multicast group member. + memberType: + allOf: + - $ref: '#/components/schemas/MembershipType' + - description: 'The member type (for example, static).' + sourceType: + allOf: + - $ref: '#/components/schemas/MembershipType' + - description: The source type. + description: Describes the transit gateway multicast group resources. + TransitGatewayNetworkInterfaceIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - xml: + name: item + VpnEcmpSupportValue: + type: string + enum: + - enable + - disable + TransitGatewayPrefixListAttachment: + type: object + properties: + transitGatewayAttachmentId: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentId' + - description: The ID of the attachment. + resourceType: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' + - description: The resource type. Note that the tgw-peering resource type has been deprecated. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource. + description: Describes a transit gateway prefix list attachment. + TransitGatewayPrefixListReferenceState: + type: string + enum: + - pending + - available + - modifying + - deleting + TransitGatewayRouteAttachmentList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TransitGatewayRouteAttachment' + - xml: + name: item + TransitGatewayRouteType: + type: string + enum: + - static + - propagated + TransitGatewayRouteState: + type: string + enum: + - pending + - active + - blackhole + - deleting + - deleted + TransitGatewayRouteAttachment: + type: object + properties: + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource. + transitGatewayAttachmentId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the attachment. + resourceType: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' + - description: 'The resource type. Note that the tgw-peering resource type has been deprecated. ' + description: Describes a route attachment. + TransitGatewayRouteTableState: + type: string + enum: + - pending + - available + - deleting + - deleted + TransitGatewayRouteTableAssociation: + type: object + properties: + transitGatewayAttachmentId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the attachment. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource. + resourceType: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' + - description: The resource type. Note that the tgw-peering resource type has been deprecated. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayAssociationState' + - description: The state of the association. + description: Describes an association between a route table and a resource attachment. + TransitGatewayRouteTablePropagation: + type: object + properties: + transitGatewayAttachmentId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the attachment. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource. + resourceType: + allOf: + - $ref: '#/components/schemas/TransitGatewayAttachmentResourceType' + - description: The type of resource. Note that the tgw-peering resource type has been deprecated. + state: + allOf: + - $ref: '#/components/schemas/TransitGatewayPropagationState' + - description: The state of the resource. + description: Describes a route table propagation. + TransitGatewaySubnetIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SubnetId' + - xml: + name: item + TransitGatewayVpcAttachmentOptions: + type: object + properties: + dnsSupport: + allOf: + - $ref: '#/components/schemas/DnsSupportValue' + - description: Indicates whether DNS support is enabled. + ipv6Support: + allOf: + - $ref: '#/components/schemas/Ipv6SupportValue' + - description: Indicates whether IPv6 support is disabled. + applianceModeSupport: + allOf: + - $ref: '#/components/schemas/ApplianceModeSupportValue' + - description: Indicates whether appliance mode support is enabled. + description: Describes the VPC attachment options. + TrunkInterfaceAssociationIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TrunkInterfaceAssociationId' + - xml: + name: item + TunnelInsideIpVersion: + type: string + enum: + - ipv4 + - ipv6 + TunnelOption: + type: object + properties: + outsideIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The external IP address of the VPN tunnel. + tunnelInsideCidr: + allOf: + - $ref: '#/components/schemas/String' + - description: The range of inside IPv4 addresses for the tunnel. + tunnelInsideIpv6Cidr: + allOf: + - $ref: '#/components/schemas/String' + - description: The range of inside IPv6 addresses for the tunnel. + preSharedKey: + allOf: + - $ref: '#/components/schemas/String' + - description: The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and the customer gateway. + phase1LifetimeSeconds: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The lifetime for phase 1 of the IKE negotiation, in seconds.' + phase2LifetimeSeconds: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The lifetime for phase 2 of the IKE negotiation, in seconds.' + rekeyMarginTimeSeconds: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The margin time, in seconds, before the phase 2 lifetime expires, during which the Amazon Web Services side of the VPN connection performs an IKE rekey.' + rekeyFuzzPercentage: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The percentage of the rekey window determined by RekeyMarginTimeSeconds during which the rekey time is randomly selected. + replayWindowSize: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of packets in an IKE replay window. + dpdTimeoutSeconds: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of seconds after which a DPD timeout occurs. + dpdTimeoutAction: + allOf: + - $ref: '#/components/schemas/String' + - description: The action to take after a DPD timeout occurs. + phase1EncryptionAlgorithmSet: + allOf: + - $ref: '#/components/schemas/Phase1EncryptionAlgorithmsList' + - description: The permitted encryption algorithms for the VPN tunnel for phase 1 IKE negotiations. + phase2EncryptionAlgorithmSet: + allOf: + - $ref: '#/components/schemas/Phase2EncryptionAlgorithmsList' + - description: The permitted encryption algorithms for the VPN tunnel for phase 2 IKE negotiations. + phase1IntegrityAlgorithmSet: + allOf: + - $ref: '#/components/schemas/Phase1IntegrityAlgorithmsList' + - description: The permitted integrity algorithms for the VPN tunnel for phase 1 IKE negotiations. + phase2IntegrityAlgorithmSet: + allOf: + - $ref: '#/components/schemas/Phase2IntegrityAlgorithmsList' + - description: The permitted integrity algorithms for the VPN tunnel for phase 2 IKE negotiations. + phase1DHGroupNumberSet: + allOf: + - $ref: '#/components/schemas/Phase1DHGroupNumbersList' + - description: The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 1 IKE negotiations. + phase2DHGroupNumberSet: + allOf: + - $ref: '#/components/schemas/Phase2DHGroupNumbersList' + - description: The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 2 IKE negotiations. + ikeVersionSet: + allOf: + - $ref: '#/components/schemas/IKEVersionsList' + - description: The IKE versions that are permitted for the VPN tunnel. + startupAction: + allOf: + - $ref: '#/components/schemas/String' + - description: The action to take when the establishing the VPN tunnels for a VPN connection. + description: The VPN tunnel options. + TunnelOptionsList: + type: array + items: + allOf: + - $ref: '#/components/schemas/TunnelOption' + - xml: + name: item + UnassignIpv6AddressesRequest: + type: object + required: + - NetworkInterfaceId + title: UnassignIpv6AddressesRequest + properties: + ipv6Addresses: + allOf: + - $ref: '#/components/schemas/Ipv6AddressList' + - description: The IPv6 addresses to unassign from the network interface. + Ipv6Prefix: + allOf: + - $ref: '#/components/schemas/IpPrefixList' + - description: One or more IPv6 prefixes to unassign from the network interface. + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - description: The ID of the network interface. + UnassignPrivateIpAddressesRequest: + type: object + required: + - NetworkInterfaceId + title: UnassignPrivateIpAddressesRequest + properties: + networkInterfaceId: + allOf: + - $ref: '#/components/schemas/NetworkInterfaceId' + - description: The ID of the network interface. + privateIpAddress: + allOf: + - $ref: '#/components/schemas/PrivateIpAddressStringList' + - description: The secondary private IP addresses to unassign from the network interface. You can specify this option multiple times to unassign more than one IP address. + Ipv4Prefix: + allOf: + - $ref: '#/components/schemas/IpPrefixList' + - description: The IPv4 prefixes to unassign from the network interface. + description: Contains the parameters for UnassignPrivateIpAddresses. + UnmonitorInstancesRequest: + type: object + required: + - InstanceIds + title: UnmonitorInstancesRequest + properties: + InstanceId: + allOf: + - $ref: '#/components/schemas/InstanceIdStringList' + - description: The IDs of the instances. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + UnsuccessfulInstanceCreditSpecificationErrorCode: + type: string + enum: + - InvalidInstanceID.Malformed + - InvalidInstanceID.NotFound + - IncorrectInstanceState + - InstanceCreditSpecification.NotSupported + UnsuccessfulInstanceCreditSpecificationItemError: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/UnsuccessfulInstanceCreditSpecificationErrorCode' + - description: The error code. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: The applicable error message. + description: Information about the error for the burstable performance instance whose credit option for CPU usage was not modified. + UnsuccessfulInstanceCreditSpecificationItem: + type: object + properties: + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + error: + allOf: + - $ref: '#/components/schemas/UnsuccessfulInstanceCreditSpecificationItemError' + - description: The applicable error for the burstable performance instance whose credit option for CPU usage was not modified. + description: Describes the burstable performance instance whose credit option for CPU usage was not modified. + UnsuccessfulItemError: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/String' + - description: The error code. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: The error message accompanying the error code. + description: 'Information about the error that occurred. For more information about errors, see Error codes.' + UnsuccessfulItem: + type: object + properties: + error: + allOf: + - $ref: '#/components/schemas/UnsuccessfulItemError' + - description: Information about the error. + resourceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the resource. + description: Information about items that were not successfully processed in a batch call. + UpdateSecurityGroupRuleDescriptionsEgressRequest: + type: object + title: UpdateSecurityGroupRuleDescriptionsEgressRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/IpPermissionList' + - description: The IP permissions for the security group rule. You must specify either the IP permissions or the description. + SecurityGroupRuleDescription: + allOf: + - $ref: '#/components/schemas/SecurityGroupRuleDescriptionList' + - description: The description for the egress security group rules. You must specify either the description or the IP permissions. + UpdateSecurityGroupRuleDescriptionsIngressRequest: + type: object + title: UpdateSecurityGroupRuleDescriptionsIngressRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/IpPermissionList' + - description: The IP permissions for the security group rule. You must specify either IP permissions or a description. + SecurityGroupRuleDescription: + allOf: + - $ref: '#/components/schemas/SecurityGroupRuleDescriptionList' + - description: '[VPC only] The description for the ingress security group rules. You must specify either a description or IP permissions.' + UsageClassType: + type: string + enum: + - spot + - on-demand + UserIdGroupPair: + type: object + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: '

A description for the security group rule that references this user ID group pair.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

' + groupId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the security group. + groupName: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The name of the security group. In a request, use this parameter for a security group in EC2-Classic or a default VPC only. For a security group in a nondefault VPC, use the security group ID.

For a referenced security group in another VPC, this value is not returned if the referenced security group is deleted.

' + peeringStatus: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The status of a VPC peering connection, if applicable.' + userId: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The ID of an Amazon Web Services account.

For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned.

[EC2-Classic] Required when adding or removing rules that reference a security group in another Amazon Web Services account.

' + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ID of the VPC for the referenced security group, if applicable.' + vpcPeeringConnectionId: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The ID of the VPC peering connection, if applicable.' + description: Describes a security group and Amazon Web Services account ID pair. + VCpuCount: + type: integer + VCpuCountRangeRequest: + type: object + required: + - Min + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Integer' + - description: 'The maximum number of vCPUs. To specify no maximum limit, omit this parameter.' + description: The minimum and maximum number of vCPUs. + VgwTelemetry: + type: object + properties: + acceptedRouteCount: + allOf: + - $ref: '#/components/schemas/Integer' + - description: The number of accepted routes. + lastStatusChange: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The date and time of the last change in status. + outsideIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: The Internet-routable IP address of the virtual private gateway's outside interface. + status: + allOf: + - $ref: '#/components/schemas/TelemetryStatus' + - description: The status of the VPN tunnel. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: 'If an error occurs, a description of the error.' + certificateArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate. + description: Describes telemetry for a VPN tunnel. + VgwTelemetryList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VgwTelemetry' + - xml: + name: item + VirtualizationTypeSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/VirtualizationType' + - xml: + name: item + minItems: 0 + maxItems: 2 + VolumeAttachmentList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VolumeAttachment' + - xml: + name: item + VolumeState: + type: string + enum: + - creating + - available + - in-use + - deleting + - deleted + - error + VolumeAttachmentState: + type: string + enum: + - attaching + - attached + - detaching + - detached + - busy + VolumeAttributeName: + type: string + enum: + - autoEnableIO + - productCodes + VolumeModificationState: + type: string + enum: + - modifying + - optimizing + - completed + - failed + VolumeStatusAction: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/String' + - description: 'The code identifying the operation, for example, enable-volume-io.' + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the operation. + eventId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the event associated with this operation. + eventType: + allOf: + - $ref: '#/components/schemas/String' + - description: The event type associated with this operation. + description: Describes a volume status operation code. + VolumeStatusActionsList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VolumeStatusAction' + - xml: + name: item + VolumeStatusAttachmentStatus: + type: object + properties: + ioPerformance: + allOf: + - $ref: '#/components/schemas/String' + - description: The maximum IOPS supported by the attached instance. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the attached instance. + description: Information about the instances to which the volume is attached. + VolumeStatusAttachmentStatusList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VolumeStatusAttachmentStatus' + - xml: + name: item + VolumeStatusName: + type: string + enum: + - io-enabled + - io-performance + VolumeStatusDetails: + type: object + properties: + name: + allOf: + - $ref: '#/components/schemas/VolumeStatusName' + - description: The name of the volume status. + status: + allOf: + - $ref: '#/components/schemas/String' + - description: The intended status of the volume status. + description: Describes a volume status. + VolumeStatusDetailsList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VolumeStatusDetails' + - xml: + name: item + VolumeStatusEvent: + type: object + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the event. + eventId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of this event. + eventType: + allOf: + - $ref: '#/components/schemas/String' + - description: The type of this event. + notAfter: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The latest end time of the event. + notBefore: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The earliest start time of the event. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance associated with the event. + description: Describes a volume status event. + VolumeStatusEventsList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VolumeStatusEvent' + - xml: + name: item + VolumeStatusInfoStatus: + type: string + enum: + - ok + - impaired + - insufficient-data + VolumeStatusInfo: + type: object + properties: + details: + allOf: + - $ref: '#/components/schemas/VolumeStatusDetailsList' + - description: The details of the volume status. + status: + allOf: + - $ref: '#/components/schemas/VolumeStatusInfoStatus' + - description: The status of the volume. + description: Describes the status of a volume. + VolumeStatusItem: + type: object + properties: + actionsSet: + allOf: + - $ref: '#/components/schemas/VolumeStatusActionsList' + - description: The details of the operation. + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone of the volume. + outpostArn: + allOf: + - $ref: '#/components/schemas/String' + - description: The Amazon Resource Name (ARN) of the Outpost. + eventsSet: + allOf: + - $ref: '#/components/schemas/VolumeStatusEventsList' + - description: A list of events associated with the volume. + volumeId: + allOf: + - $ref: '#/components/schemas/String' + - description: The volume ID. + volumeStatus: + allOf: + - $ref: '#/components/schemas/VolumeStatusInfo' + - description: The volume status. + attachmentStatuses: + allOf: + - $ref: '#/components/schemas/VolumeStatusAttachmentStatusList' + - description: Information about the instances to which the volume is attached. + description: Describes the volume status. + VpcState: + type: string + enum: + - pending + - available + VpcIpv6CidrBlockAssociationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcIpv6CidrBlockAssociation' + - xml: + name: item + VpcCidrBlockAssociationSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcCidrBlockAssociation' + - xml: + name: item + VpcAttachmentList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcAttachment' + - xml: + name: item + VpcAttributeName: + type: string + enum: + - enableDnsSupport + - enableDnsHostnames + VpcCidrBlockState: + type: object + properties: + state: + allOf: + - $ref: '#/components/schemas/VpcCidrBlockStateCode' + - description: The state of the CIDR block. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A message about the status of the CIDR block, if applicable.' + description: Describes the state of a CIDR block. + VpcCidrBlockStateCode: + type: string + enum: + - associating + - associated + - disassociating + - disassociated + - failing + - failed + VpcClassicLink: + type: object + properties: + classicLinkEnabled: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the VPC is enabled for ClassicLink. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the VPC. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + description: Describes whether a VPC is enabled for ClassicLink. + VpcEndpointType: + type: string + enum: + - Interface + - Gateway + - GatewayLoadBalancer + VpcEndpointConnection: + type: object + properties: + serviceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the service to which the endpoint is connected. + vpcEndpointId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC endpoint. + vpcEndpointOwner: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the VPC endpoint. + vpcEndpointState: + allOf: + - $ref: '#/components/schemas/State' + - description: The state of the VPC endpoint. + creationTimestamp: + allOf: + - $ref: '#/components/schemas/MillisecondDateTime' + - description: The date and time that the VPC endpoint was created. + dnsEntrySet: + allOf: + - $ref: '#/components/schemas/DnsEntrySet' + - description: The DNS entries for the VPC endpoint. + networkLoadBalancerArnSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The Amazon Resource Names (ARNs) of the network load balancers for the service. + gatewayLoadBalancerArnSet: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The Amazon Resource Names (ARNs) of the Gateway Load Balancers for the service. + ipAddressType: + allOf: + - $ref: '#/components/schemas/IpAddressType' + - description: The IP address type for the endpoint. + description: Describes a VPC endpoint connection to a service. + VpcPeeringConnectionVpcInfo: + type: object + properties: + cidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv4 CIDR block for the VPC. + ipv6CidrBlockSet: + allOf: + - $ref: '#/components/schemas/Ipv6CidrBlockSet' + - description: The IPv6 CIDR block for the VPC. + cidrBlockSet: + allOf: + - $ref: '#/components/schemas/CidrBlockSet' + - description: Information about the IPv4 CIDR blocks for the VPC. + ownerId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the Amazon Web Services account that owns the VPC. + peeringOptions: + allOf: + - $ref: '#/components/schemas/VpcPeeringConnectionOptionsDescription' + - description: Information about the VPC peering connection options for the accepter or requester VPC. + vpcId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the VPC. + region: + allOf: + - $ref: '#/components/schemas/String' + - description: The Region in which the VPC is located. + description: Describes a VPC in a VPC peering connection. + VpcPeeringConnectionStateReason: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/VpcPeeringConnectionStateReasonCode' + - description: The status of the VPC peering connection. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: 'A message that provides more information about the status, if applicable.' + description: Describes the status of a VPC peering connection. + VpcPeeringConnectionIdList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpcPeeringConnectionId' + - xml: + name: item + VpcPeeringConnectionOptionsDescription: + type: object + properties: + allowDnsResolutionFromRemoteVpc: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether a local VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC. + allowEgressFromLocalClassicLinkToRemoteVpc: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection. + allowEgressFromLocalVpcToRemoteClassicLink: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection. + description: Describes the VPC peering connection options. + VpcPeeringConnectionStateReasonCode: + type: string + enum: + - initiating-request + - pending-acceptance + - active + - deleted + - rejected + - failed + - expired + - provisioning + - deleting + VpcTenancy: + type: string + enum: + - default + VpnState: + type: string + enum: + - pending + - available + - deleting + - deleted + VpnConnectionOptions: + type: object + properties: + enableAcceleration: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether acceleration is enabled for the VPN connection. + staticRoutesOnly: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP. + localIpv4NetworkCidr: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection. + remoteIpv4NetworkCidr: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv4 CIDR on the Amazon Web Services side of the VPN connection. + localIpv6NetworkCidr: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection. + remoteIpv6NetworkCidr: + allOf: + - $ref: '#/components/schemas/String' + - description: The IPv6 CIDR on the Amazon Web Services side of the VPN connection. + tunnelInsideIpVersion: + allOf: + - $ref: '#/components/schemas/TunnelInsideIpVersion' + - description: Indicates whether the VPN tunnels process IPv4 or IPv6 traffic. + tunnelOptionSet: + allOf: + - $ref: '#/components/schemas/TunnelOptionsList' + - description: Indicates the VPN tunnel options. + description: Describes VPN connection options. + VpnStaticRouteList: + type: array + items: + allOf: + - $ref: '#/components/schemas/VpnStaticRoute' + - xml: + name: item + VpnConnectionDeviceType: + type: object + properties: + vpnConnectionDeviceTypeId: + allOf: + - $ref: '#/components/schemas/String' + - description: Customer gateway device identifier. + vendor: + allOf: + - $ref: '#/components/schemas/String' + - description: Customer gateway device vendor. + platform: + allOf: + - $ref: '#/components/schemas/String' + - description: Customer gateway device platform. + software: + allOf: + - $ref: '#/components/schemas/String' + - description: Customer gateway device software version. + description: 'List of customer gateway devices that have a sample configuration file available for use. You can also see the list of device types with sample configuration files available under Your customer gateway device in the Amazon Web Services Site-to-Site VPN User Guide.' + VpnConnectionDeviceTypeId: + type: string + VpnStaticRouteSource: + type: string + enum: + - Static + VpnStaticRoute: + type: object + properties: + destinationCidrBlock: + allOf: + - $ref: '#/components/schemas/String' + - description: The CIDR block associated with the local subnet of the customer data center. + source: + allOf: + - $ref: '#/components/schemas/VpnStaticRouteSource' + - description: Indicates how the routes were provided. + state: + allOf: + - $ref: '#/components/schemas/VpnState' + - description: The current state of the static route. + description: Describes a static route for a VPN connection. + VpnTunnelOptionsSpecification: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session.

Valid Values: clear | none | restart

Default: clear

' + Phase1EncryptionAlgorithm: + allOf: + - $ref: '#/components/schemas/Phase1EncryptionAlgorithmsRequestList' + - description: '

One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

' + Phase2EncryptionAlgorithm: + allOf: + - $ref: '#/components/schemas/Phase2EncryptionAlgorithmsRequestList' + - description: '

One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

' + Phase1IntegrityAlgorithm: + allOf: + - $ref: '#/components/schemas/Phase1IntegrityAlgorithmsRequestList' + - description: '

One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

' + Phase2IntegrityAlgorithm: + allOf: + - $ref: '#/components/schemas/Phase2IntegrityAlgorithmsRequestList' + - description: '

One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

' + Phase1DHGroupNumber: + allOf: + - $ref: '#/components/schemas/Phase1DHGroupNumbersRequestList' + - description: '

One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations.

Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

' + Phase2DHGroupNumber: + allOf: + - $ref: '#/components/schemas/Phase2DHGroupNumbersRequestList' + - description: '

One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations.

Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

' + IKEVersion: + allOf: + - $ref: '#/components/schemas/String' + - description: '

The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for Amazon Web Services to initiate the IKE negotiation.

Valid Values: add | start

Default: add

' + description: The tunnel options for a single VPN tunnel. + VpnTunnelOptionsSpecificationsList: + type: array + items: + $ref: '#/components/schemas/VpnTunnelOptionsSpecification' + WithdrawByoipCidrRequest: + type: object + required: + - Cidr + title: WithdrawByoipCidrRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: 'Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.' + ZoneIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: ZoneId +security: + - hmac: [] +x-stackQL-config: + queryParamTranspose: + algorithm: AWSCanonical + requestTranslate: + algorithm: get_query_to_post_form_utf_8 \ No newline at end of file diff --git a/providers/src/aws/v00.00.00000/services/iam.yaml b/providers/src/aws/v00.00.00000/services/iam.yaml index 3b7f62cf..585d8064 100644 --- a/providers/src/aws/v00.00.00000/services/iam.yaml +++ b/providers/src/aws/v00.00.00000/services/iam.yaml @@ -1,31632 +1,2011 @@ -components: - parameters: - X-Amz-Algorithm: - in: header - name: X-Amz-Algorithm - required: false - schema: - type: string - X-Amz-Content-Sha256: - in: header - name: X-Amz-Content-Sha256 - required: false - schema: - type: string - X-Amz-Credential: - in: header - name: X-Amz-Credential - required: false - schema: - type: string - X-Amz-Date: - in: header - name: X-Amz-Date - required: false - schema: - type: string - X-Amz-Security-Token: - in: header - name: X-Amz-Security-Token - required: false - schema: - type: string - X-Amz-Signature: - in: header - name: X-Amz-Signature - required: false - schema: - type: string - X-Amz-SignedHeaders: - in: header - name: X-Amz-SignedHeaders - required: false - schema: - type: string - schemas: - AccessAdvisorUsageGranularityType: - enum: - - SERVICE_LEVEL - - ACTION_LEVEL - type: string - AccessDetail: - description:

An object that contains details about when a principal in the - reported Organizations entity last attempted to access an Amazon Web Services - service. A principal can be an IAM user, an IAM role, or the Amazon Web Services - account root user within the reported Organizations entity.

This data - type is a response element in the GetOrganizationsAccessReport operation.

- properties: - EntityPath: - allOf: - - $ref: '#/components/schemas/organizationsEntityPathType' - - description:

The path of the Organizations entity (root, organizational - unit, or account) from which an authenticated principal last attempted - to access the service. Amazon Web Services does not report unauthenticated - requests.

This field is null if no principals (IAM users, IAM - roles, or root users) in the reported Organizations entity attempted - to access the service within the reporting - period.

- LastAuthenticatedTime: - allOf: - - $ref: '#/components/schemas/dateType' - - description: "

The date and time, in\_ISO 8601 date-time format, when an authenticated principal most\ - \ recently attempted to access the service. Amazon Web Services does\ - \ not report unauthenticated requests.

This field is null if\ - \ no principals in the reported Organizations entity attempted to access\ - \ the service within the reporting period.

" - Region: - allOf: - - $ref: '#/components/schemas/stringType' - - description:

The Region where the last service access attempt occurred.

-

This field is null if no principals in the reported Organizations - entity attempted to access the service within the reporting - period.

- ServiceName: - allOf: - - $ref: '#/components/schemas/serviceNameType' - - description: The name of the service in which access was attempted. - ServiceNamespace: - allOf: - - $ref: '#/components/schemas/serviceNamespaceType' - - description: "

The namespace of the service in which access was attempted.

\ - \

To learn the service namespace of a service, see Actions, resources, and condition keys for Amazon Web Services services\ - \ in the Service Authorization Reference. Choose the name of\ - \ the service to view details for that service. In the first paragraph,\ - \ find the service prefix. For example, (service prefix: a4b).\ - \ For more information about service namespaces, see Amazon Web Services service namespaces in the\_Amazon Web Services\ - \ General Reference.

" - TotalAuthenticatedEntities: - allOf: - - $ref: '#/components/schemas/integerType' - - description: The number of accounts with authenticated principals (root - users, IAM users, and IAM roles) that attempted to access the service - in the reporting period. - required: - - ServiceName - - ServiceNamespace - type: object - AccessDetails: - items: - allOf: - - $ref: '#/components/schemas/AccessDetail' - - xml: - name: member - type: array - AccessKey: - description:

Contains information about an Amazon Web Services access key.

-

This data type is used as a response element in the CreateAccessKey - and ListAccessKeys operations.

The SecretAccessKey - value is returned only in response to CreateAccessKey. You can get - a secret access key only when you first create an access key; you cannot recover - the secret access key later. If you lose a secret access key, you must create - a new access key.

 - properties: - AccessKeyId: - allOf: - - $ref: '#/components/schemas/accessKeyIdType' - - description: The ID for this access key. - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date when the access key was created. - SecretAccessKey: - allOf: - - $ref: '#/components/schemas/accessKeySecretType' - - description: The secret key used to sign requests. - Status: - allOf: - - $ref: '#/components/schemas/statusType' - - description: 'The status of the access key. Active means - that the key is valid for API calls, while Inactive means - it is not. ' - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: The name of the IAM user that the access key is associated - with. - required: - - UserName - - AccessKeyId - - Status - - SecretAccessKey - type: object - AccessKeyLastUsed: - description:

Contains information about the last time an Amazon Web Services - access key was used since IAM began tracking this information on April 22, - 2015.

This data type is used as a response element in the GetAccessKeyLastUsed - operation.

- properties: - LastUsedDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description:

The date and time, in ISO - 8601 date-time format, when the access key was most recently used. - This field is null in the following situations:

  • The - user does not have an access key.

  • An access key exists - but has not been used since IAM began tracking this information.

    -

  • There is no sign-in data associated with the user.

    -
- Region: - allOf: - - $ref: '#/components/schemas/stringType' - - description:

The Amazon Web Services Region where this access key was - most recently used. The value for this field is "N/A" in the following - situations:

  • The user does not have an access key.

    -

  • An access key exists but has not been used since IAM began - tracking this information.

  • There is no sign-in data - associated with the user.

For more information about - Amazon Web Services Regions, see Regions - and endpoints in the Amazon Web Services General Reference.

- ServiceName: - allOf: - - $ref: '#/components/schemas/stringType' - - description:

The name of the Amazon Web Services service with which - this access key was most recently used. The value of this field is "N/A" - in the following situations:

  • The user does not have - an access key.

  • An access key exists but has not been - used since IAM started tracking this information.

  • There - is no sign-in data associated with the user.

- required: - - LastUsedDate - - ServiceName - - Region - type: object - AccessKeyMetadata: - description:

Contains information about an Amazon Web Services access key, - without its secret key.

This data type is used as a response element - in the ListAccessKeys operation.

- properties: - AccessKeyId: - allOf: - - $ref: '#/components/schemas/accessKeyIdType' - - description: The ID for this access key. - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date when the access key was created. - Status: - allOf: - - $ref: '#/components/schemas/statusType' - - description: The status of the access key. Active means that - the key is valid for API calls; Inactive means it is not. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: The name of the IAM user that the key is associated with. - type: object - ActionNameListType: - items: - allOf: - - $ref: '#/components/schemas/ActionNameType' - - xml: - name: member - type: array - ActionNameType: - maxLength: 128 - minLength: 3 - type: string - AddClientIDToOpenIDConnectProviderRequest: - properties: - ClientID: - allOf: - - $ref: '#/components/schemas/clientIDType' - - description: The client ID (also known as audience) to add to the IAM - OpenID Connect provider resource. - OpenIDConnectProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: The Amazon Resource Name (ARN) of the IAM OpenID Connect - (OIDC) provider resource to add the client ID to. You can get a list - of OIDC provider ARNs by using the ListOpenIDConnectProviders - operation. - required: - - OpenIDConnectProviderArn - - ClientID - title: AddClientIDToOpenIDConnectProviderRequest - type: object - AddRoleToInstanceProfileRequest: - properties: - InstanceProfileName: - allOf: - - $ref: '#/components/schemas/instanceProfileNameType' - - description: '

The name of the instance profile to update.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name of the role to add.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following - characters: _+=,.@-

' - required: - - InstanceProfileName - - RoleName - title: AddRoleToInstanceProfileRequest - type: object - AddUserToGroupRequest: - properties: - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: '

The name of the group to update.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user to add.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following - characters: _+=,.@-

' - required: - - GroupName - - UserName - title: AddUserToGroupRequest - type: object - ArnListType: - items: - allOf: - - $ref: '#/components/schemas/arnType' - - xml: - name: member - type: array - AttachGroupPolicyRequest: - properties: - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: '

The name (friendly name, not ARN) of the group to attach - the policy to.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the IAM policy you want - to attach.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- required: - - GroupName - - PolicyArn - title: AttachGroupPolicyRequest - type: object - AttachRolePolicyRequest: - properties: - PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the IAM policy you want - to attach.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name (friendly name, not ARN) of the role to attach - the policy to.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - RoleName - - PolicyArn - title: AttachRolePolicyRequest - type: object - AttachUserPolicyRequest: - properties: - PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the IAM policy you want - to attach.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name (friendly name, not ARN) of the IAM user to - attach the policy to.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - - PolicyArn - title: AttachUserPolicyRequest - type: object - AttachedPermissionsBoundary: - description:

Contains information about an attached permissions boundary.

-

An attached permissions boundary is a managed policy that has been attached - to a user or role to set the permissions boundary.

For more information - about permissions boundaries, see Permissions - boundaries for IAM identities in the IAM User Guide.

- properties: - PermissionsBoundaryArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: ' The ARN of the policy used to set the permissions boundary - for the user or role.' - PermissionsBoundaryType: - allOf: - - $ref: '#/components/schemas/PermissionsBoundaryAttachmentType' - - description: ' The permissions boundary usage type that indicates what - type of IAM resource is used as the permissions boundary for an entity. - This data type can only have a value of Policy.' - type: object - AttachedPolicy: - description:

Contains information about an attached policy.

An attached - policy is a managed policy that has been attached to a user, group, or role. - This data type is used as a response element in the ListAttachedGroupPolicies, - ListAttachedRolePolicies, ListAttachedUserPolicies, and GetAccountAuthorizationDetails - operations.

For more information about managed policies, refer to - Managed - policies and inline policies in the IAM User Guide.

- properties: - PolicyArn: - $ref: '#/components/schemas/arnType' - PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: The friendly name of the attached policy. - type: object - BootstrapDatum: - format: password - type: string - ChangePasswordRequest: - properties: - NewPassword: - allOf: - - $ref: '#/components/schemas/passwordType' - - description:

The new password. The new password must conform to the - Amazon Web Services account's password policy, if one exists.

The - regex pattern that is - used to validate this parameter is a string of characters. That string - can include almost any printable ASCII character from the space (\u0020) - through the end of the ASCII character range (\u00FF). - You can also include the tab (\u0009), line feed (\u000A), - and carriage return (\u000D) characters. Any of these characters - are valid in a password. However, many tools, such as the Amazon Web - Services Management Console, might restrict the ability to type certain - characters because they have special meaning within that tool.

- OldPassword: - allOf: - - $ref: '#/components/schemas/passwordType' - - description: The IAM user's current password. - required: - - OldPassword - - NewPassword - title: ChangePasswordRequest - type: object - ColumnNumber: - type: integer - ConcurrentModificationException: {} - ContextEntry: - description:

Contains information about a condition context key. It includes - the name of the key and specifies the value (or values, if the context key - supports multiple values) to use in the simulation. This information is used - when evaluating the Condition elements of the input policies.

-

This data type is used as an input parameter to SimulateCustomPolicy - and SimulatePrincipalPolicy.

- properties: - ContextKeyName: - allOf: - - $ref: '#/components/schemas/ContextKeyNameType' - - description: The full name of a condition context key, including the service - prefix. For example, aws:SourceIp or s3:VersionId. - ContextKeyType: - allOf: - - $ref: '#/components/schemas/ContextKeyTypeEnum' - - description: The data type of the value (or values) specified in the ContextKeyValues - parameter. - ContextKeyValues: - allOf: - - $ref: '#/components/schemas/ContextKeyValueListType' - - description: The value (or values, if the condition context key supports - multiple values) to provide to the simulation when the key is referenced - by a Condition element in an input policy. - type: object - ContextEntryListType: - items: - allOf: - - $ref: '#/components/schemas/ContextEntry' - - xml: - name: member - type: array - ContextKeyNameType: - maxLength: 256 - minLength: 5 - type: string - ContextKeyNamesResultListType: - items: - allOf: - - $ref: '#/components/schemas/ContextKeyNameType' - - xml: - name: member - type: array - ContextKeyTypeEnum: - enum: - - string - - stringList - - numeric - - numericList - - boolean - - booleanList - - ip - - ipList - - binary - - binaryList - - date - - dateList - type: string - ContextKeyValueListType: - items: - allOf: - - $ref: '#/components/schemas/ContextKeyValueType' - - xml: - name: member - type: array - ContextKeyValueType: - type: string - CreateAccessKeyRequest: - properties: - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the IAM user that the new key will belong - to.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - title: CreateAccessKeyRequest - type: object - CreateAccessKeyResponse: - description: 'Contains the response to a successful CreateAccessKey request. ' - example: - AccessKey: - AccessKeyId: AKIAIOSFODNN7EXAMPLE - CreateDate: '2015-03-09T18:39:23.411Z' - SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY - Status: Active - UserName: Bob - properties: - AccessKey: - allOf: - - $ref: '#/components/schemas/AccessKey' - - description: A structure with details about the access key. - required: - - AccessKey - type: object - CreateAccountAliasRequest: - properties: - AccountAlias: - allOf: - - $ref: '#/components/schemas/accountAliasType' - - description:

The account alias to create.

This parameter allows - (through its regex pattern) - a string of characters consisting of lowercase letters, digits, and - dashes. You cannot start or finish with a dash, nor can you have two - dashes in a row.

- required: - - AccountAlias - title: CreateAccountAliasRequest - type: object - CreateGroupRequest: - properties: - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description:

The name of the group to create. Do not include the path - in this value.

IAM user, group, role, and policy names must be - unique within the account. Names are not distinguished by case. For - example, you cannot create resources named both "MyResource" and "myresource".

- Path: - allOf: - - $ref: '#/components/schemas/pathType' - - description:

The path to the group. For more information about paths, - see IAM - identifiers in the IAM User Guide.

This parameter - is optional. If it is not included, it defaults to a slash (/).

-

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- required: - - GroupName - title: CreateGroupRequest - type: object - CreateGroupResponse: - description: 'Contains the response to a successful CreateGroup request. ' - example: - Group: - Arn: arn:aws:iam::123456789012:group/Admins - CreateDate: '2015-03-09T20:30:24.940Z' - GroupId: AIDGPMS9RO4H3FEXAMPLE - GroupName: Admins - Path: / - properties: - Group: - allOf: - - $ref: '#/components/schemas/Group' - - description: A structure containing details about the new group. - required: - - Group - type: object - CreateInstanceProfileRequest: - properties: - InstanceProfileName: - allOf: - - $ref: '#/components/schemas/instanceProfileNameType' - - description: '

The name of the instance profile to create.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - Path: - allOf: - - $ref: '#/components/schemas/pathType' - - description:

The path to the instance profile. For more information - about paths, see IAM - Identifiers in the IAM User Guide.

This parameter - is optional. If it is not included, it defaults to a slash (/).

-

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description:

A list of tags that you want to attach to the newly created - IAM instance profile. Each tag consists of a key name and an associated - value. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

If any - one of the tags is invalid or if you exceed the allowed maximum number - of tags, then the entire request fails and the resource is not created.

- - required: - - InstanceProfileName - title: CreateInstanceProfileRequest - type: object - CreateInstanceProfileResponse: - description: 'Contains the response to a successful CreateInstanceProfile - request. ' - example: - InstanceProfile: - Arn: arn:aws:iam::123456789012:instance-profile/Webserver - CreateDate: '2015-03-09T20:33:19.626Z' - InstanceProfileId: AIPAJMBYC7DLSPEXAMPLE - InstanceProfileName: Webserver - Path: / - Roles: [] - properties: - InstanceProfile: - allOf: - - $ref: '#/components/schemas/InstanceProfile' - - description: A structure containing details about the new instance profile. - required: - - InstanceProfile - type: object - CreateLoginProfileRequest: - properties: - Password: - allOf: - - $ref: '#/components/schemas/passwordType' - - description:

The new password for the user.

The regex - pattern that is used to validate this parameter is a string of characters. - That string can include almost any printable ASCII character from the - space (\u0020) through the end of the ASCII character range - (\u00FF). You can also include the tab (\u0009), - line feed (\u000A), and carriage return (\u000D) - characters. Any of these characters are valid in a password. However, - many tools, such as the Amazon Web Services Management Console, might - restrict the ability to type certain characters because they have special - meaning within that tool.

- PasswordResetRequired: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: Specifies whether the user is required to set a new password - on next sign-in. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name of the IAM user to create a password for. The - user must already exist.

This parameter allows (through its regex pattern) a string of - characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - required: - - UserName - - Password - title: CreateLoginProfileRequest - type: object - CreateLoginProfileResponse: - description: 'Contains the response to a successful CreateLoginProfile - request. ' - example: - LoginProfile: - CreateDate: '2015-03-10T20:55:40.274Z' - PasswordResetRequired: true - UserName: Bob - properties: - LoginProfile: - allOf: - - $ref: '#/components/schemas/LoginProfile' - - description: A structure containing the user name and password create - date. - required: - - LoginProfile - type: object - CreateOpenIDConnectProviderRequest: - properties: - ClientIDList: - allOf: - - $ref: '#/components/schemas/clientIDListType' - - description:

Provides a list of client IDs, also known as audiences. - When a mobile or web app registers with an OpenID Connect provider, - they establish a value that identifies the application. This is the - value that's sent as the client_id parameter on OAuth requests.

-

You can register multiple client IDs with the same provider. For - example, you might have multiple applications that use the same OIDC - provider. You cannot register more than 100 client IDs with a single - IAM OIDC provider.

There is no defined format for a client ID. - The CreateOpenIDConnectProviderRequest operation accepts - client IDs up to 255 characters long.

- Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description:

A list of tags that you want to attach to the new IAM - OpenID Connect (OIDC) provider. Each tag consists of a key name and - an associated value. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

If any - one of the tags is invalid or if you exceed the allowed maximum number - of tags, then the entire request fails and the resource is not created.

- - ThumbprintList: - allOf: - - $ref: '#/components/schemas/thumbprintListType' - - description:

A list of server certificate thumbprints for the OpenID - Connect (OIDC) identity provider's server certificates. Typically this - list includes only one entry. However, IAM lets you have up to five - thumbprints for an OIDC provider. This lets you maintain multiple thumbprints - if the identity provider is rotating certificates.

The server - certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 - certificate used by the domain where the OpenID Connect provider makes - its keys available. It is always a 40-character string.

You must - provide at least one thumbprint when creating an IAM OIDC provider. - For example, assume that the OIDC provider is server.example.com - and the provider stores its keys at https://keys.server.example.com/openid-connect. - In that case, the thumbprint string would be the hex-encoded SHA-1 hash - value of the certificate used by https://keys.server.example.com. -

For more information about obtaining the OIDC provider thumbprint, - see Obtaining - the thumbprint for an OpenID Connect provider in the IAM User - Guide.

- Url: - allOf: - - $ref: '#/components/schemas/OpenIDConnectProviderUrlType' - - description:

The URL of the identity provider. The URL must begin with - https:// and should correspond to the iss - claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, - path components are allowed but query parameters are not. Typically - the URL consists of only a hostname, like https://server.example.org - or https://example.com. The URL should not contain a port - number.

You cannot register the same provider multiple times - in a single Amazon Web Services account. If you try to submit a URL - that has already been used for an OpenID Connect provider in the Amazon - Web Services account, you will get an error.

- required: - - Url - - ThumbprintList - title: CreateOpenIDConnectProviderRequest - type: object - CreateOpenIDConnectProviderResponse: - description: 'Contains the response to a successful CreateOpenIDConnectProvider - request. ' - example: - OpenIDConnectProviderArn: arn:aws:iam::123456789012:oidc-provider/server.example.com - properties: - OpenIDConnectProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: 'The Amazon Resource Name (ARN) of the new IAM OpenID Connect - provider that is created. For more information, see OpenIDConnectProviderListEntry. ' - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: A list of tags that are attached to the new IAM OIDC provider. - The returned list of tags is sorted by tag key. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide. - type: object - CreatePolicyRequest: - properties: - Description: - allOf: - - $ref: '#/components/schemas/policyDescriptionType' - - description:

A friendly description of the policy.

Typically - used to store information about the permissions defined in the policy. - For example, "Grants access to production DynamoDB tables."

The - policy description is immutable. After a value is assigned, it cannot - be changed.

- Path: - allOf: - - $ref: '#/components/schemas/policyPathType' - - description:

The path for the policy.

For more information about - paths, see IAM - identifiers in the IAM User Guide.

This parameter - is optional. If it is not included, it defaults to a slash (/).

-

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

You - cannot use an asterisk (*) in the path name.

 - PolicyDocument: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description:

The JSON policy document that you want to use as the content - for the new policy.

You must provide policies in JSON format - in IAM. However, for CloudFormation templates formatted in YAML, you - can provide the policy in JSON or YAML format. CloudFormation always - converts a YAML policy to JSON format before submitting it to IAM.

-

The maximum length of the policy document that you can pass in this - operation, including whitespace, is listed below. To view the maximum - character counts of a managed policy with no whitespaces, see IAM - and STS character quotas.

To learn more about JSON policy - grammar, see Grammar - of the IAM JSON policy language in the IAM User Guide.

-

The regex pattern used - to validate this parameter is a string of characters consisting of the - following:

  • Any printable ASCII character ranging from - the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description:

The friendly name of the policy.

IAM user, group, - role, and policy names must be unique within the account. Names are - not distinguished by case. For example, you cannot create resources - named both "MyResource" and "myresource".

- Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description:

A list of tags that you want to attach to the new IAM - customer managed policy. Each tag consists of a key name and an associated - value. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

If any - one of the tags is invalid or if you exceed the allowed maximum number - of tags, then the entire request fails and the resource is not created.

- - required: - - PolicyName - - PolicyDocument - title: CreatePolicyRequest - type: object - CreatePolicyResponse: - description: 'Contains the response to a successful CreatePolicy request. ' - properties: - Policy: - allOf: - - $ref: '#/components/schemas/Policy' - - description: A structure containing details about the new policy. - type: object - CreatePolicyVersionRequest: - properties: - PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the IAM policy to which - you want to add a new version.

For more information about ARNs, - see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- PolicyDocument: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description:

The JSON policy document that you want to use as the content - for this new version of the policy.

You must provide policies - in JSON format in IAM. However, for CloudFormation templates formatted - in YAML, you can provide the policy in JSON or YAML format. CloudFormation - always converts a YAML policy to JSON format before submitting it to - IAM.

The maximum length of the policy document that you can pass - in this operation, including whitespace, is listed below. To view the - maximum character counts of a managed policy with no whitespaces, see - IAM - and STS character quotas.

The regex - pattern used to validate this parameter is a string of characters - consisting of the following:

  • Any printable ASCII character - ranging from the space character (\u0020) through the end - of the ASCII character range

  • The printable characters - in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- SetAsDefault: - allOf: - - $ref: '#/components/schemas/booleanType' - - description:

Specifies whether to set this version as the policy's - default version.

When this parameter is true, the - new policy version becomes the operative version. That is, it becomes - the version that is in effect for the IAM users, groups, and roles that - the policy is attached to.

For more information about managed - policy versions, see Versioning - for managed policies in the IAM User Guide.

- required: - - PolicyArn - - PolicyDocument - title: CreatePolicyVersionRequest - type: object - CreatePolicyVersionResponse: - description: 'Contains the response to a successful CreatePolicyVersion - request. ' - properties: - PolicyVersion: - allOf: - - $ref: '#/components/schemas/PolicyVersion' - - description: A structure containing details about the new policy version. - type: object - CreateRoleRequest: - properties: - AssumeRolePolicyDocument: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description:

The trust relationship policy document that grants an - entity permission to assume the role.

In IAM, you must provide - a JSON policy that has been converted to a string. However, for CloudFormation - templates formatted in YAML, you can provide the policy in JSON or YAML - format. CloudFormation always converts a YAML policy to JSON format - before submitting it to IAM.

The regex - pattern used to validate this parameter is a string of characters - consisting of the following:

  • Any printable ASCII character - ranging from the space character (\u0020) through the end - of the ASCII character range

  • The printable characters - in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -

Upon success, the response includes the same trust policy - in JSON format.

- Description: - allOf: - - $ref: '#/components/schemas/roleDescriptionType' - - description: A description of the role. - MaxSessionDuration: - allOf: - - $ref: '#/components/schemas/roleMaxSessionDurationType' - - description:

The maximum session duration (in seconds) that you want - to set for the specified role. If you do not specify a value for this - setting, the default maximum of one hour is applied. This setting can - have a value from 1 hour to 12 hours.

Anyone who assumes the - role from the or API can use the DurationSeconds API parameter - or the duration-seconds CLI parameter to request a longer - session. The MaxSessionDuration setting determines the - maximum duration that can be requested using the DurationSeconds - parameter. If users don't specify a value for the DurationSeconds - parameter, their security credentials are valid for one hour by default. - This applies when you use the AssumeRole* API operations - or the assume-role* CLI operations but does not apply when - you use those operations to create a console URL. For more information, - see Using - IAM roles in the IAM User Guide.

- Path: - allOf: - - $ref: '#/components/schemas/pathType' - - description:

The path to the role. For more information about paths, - see IAM - Identifiers in the IAM User Guide.

This parameter - is optional. If it is not included, it defaults to a slash (/).

-

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- PermissionsBoundary: - allOf: - - $ref: '#/components/schemas/arnType' - - description: The ARN of the policy that is used to set the permissions - boundary for the role. - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description:

The name of the role to create.

IAM user, group, - role, and policy names must be unique within the account. Names are - not distinguished by case. For example, you cannot create resources - named both "MyResource" and "myresource".

- Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description:

A list of tags that you want to attach to the new role. - Each tag consists of a key name and an associated value. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide.

If any - one of the tags is invalid or if you exceed the allowed maximum number - of tags, then the entire request fails and the resource is not created.

- - required: - - RoleName - - AssumeRolePolicyDocument - title: CreateRoleRequest - type: object - CreateRoleResponse: - description: 'Contains the response to a successful CreateRole request. ' - example: - Role: - Arn: arn:aws:iam::123456789012:role/Test-Role - AssumeRolePolicyDocument: - CreateDate: '2013-06-07T20:43:32.821Z' - Path: / - RoleId: AKIAIOSFODNN7EXAMPLE - RoleName: Test-Role - properties: - Role: - allOf: - - $ref: '#/components/schemas/Role' - - description: A structure containing details about the new role. - required: - - Role - type: object - CreateSAMLProviderRequest: - properties: - Name: - allOf: - - $ref: '#/components/schemas/SAMLProviderNameType' - - description: '

The name of the provider to create.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - SAMLMetadataDocument: - allOf: - - $ref: '#/components/schemas/SAMLMetadataDocumentType' - - description:

An XML document generated by an identity provider (IdP) - that supports SAML 2.0. The document includes the issuer's name, expiration - information, and keys that can be used to validate the SAML authentication - response (assertions) that are received from the IdP. You must generate - the metadata document using the identity management software that is - used as your organization's IdP.

For more information, see About - SAML 2.0-based federation in the IAM User Guide

- Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description:

A list of tags that you want to attach to the new IAM - SAML provider. Each tag consists of a key name and an associated value. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

If any - one of the tags is invalid or if you exceed the allowed maximum number - of tags, then the entire request fails and the resource is not created.

- - required: - - SAMLMetadataDocument - - Name - title: CreateSAMLProviderRequest - type: object - CreateSAMLProviderResponse: - description: 'Contains the response to a successful CreateSAMLProvider - request. ' - properties: - SAMLProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: The Amazon Resource Name (ARN) of the new SAML provider resource - in IAM. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: A list of tags that are attached to the new IAM SAML provider. - The returned list of tags is sorted by tag key. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide. - type: object - CreateServiceLinkedRoleRequest: - properties: - AWSServiceName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: '

The service principal for the Amazon Web Services service - to which this role is attached. You use a string similar to a URL but - without the http:// in front. For example: elasticbeanstalk.amazonaws.com. -

Service principals are unique and case-sensitive. To find the - exact service principal for your service-linked role, see Amazon - Web Services services that work with IAM in the IAM User Guide. - Look for the services that have Yes in the Service-Linked - Role column. Choose the Yes link to view the service-linked - role documentation for that service.

' - CustomSuffix: - allOf: - - $ref: '#/components/schemas/customSuffixType' - - description:

A string that you provide, which is combined with - the service-provided prefix to form the complete role name. If you make - multiple requests for the same service, then you must supply a different - CustomSuffix for each request. Otherwise the request fails - with a duplicate role name error. For example, you could add -1 - or -debug to the suffix.

Some services do not support - the CustomSuffix parameter. If you provide an optional - suffix and the operation fails, try the operation again without the - suffix.

- Description: - allOf: - - $ref: '#/components/schemas/roleDescriptionType' - - description: The description of the role. - required: - - AWSServiceName - title: CreateServiceLinkedRoleRequest - type: object - CreateServiceLinkedRoleResponse: - properties: - Role: - allOf: - - $ref: '#/components/schemas/Role' - - description: A Role object that contains details about the newly - created role. - type: object - CreateServiceSpecificCredentialRequest: - properties: - ServiceName: - allOf: - - $ref: '#/components/schemas/serviceName' - - description: The name of the Amazon Web Services service that is to be - associated with the credentials. The service you specify here is the - only service that can be accessed using these credentials. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name of the IAM user that is to be associated with - the credentials. The new service-specific credentials have the same - permissions as the associated user except that they can be used only - to access the specified service.

This parameter allows (through - its regex pattern) a string - of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - required: - - UserName - - ServiceName - title: CreateServiceSpecificCredentialRequest - type: object - CreateServiceSpecificCredentialResponse: - properties: - ServiceSpecificCredential: - allOf: - - $ref: '#/components/schemas/ServiceSpecificCredential' - - description:

A structure that contains information about the newly - created service-specific credential.

This is the - only time that the password for this credential set is available. It - cannot be recovered later. Instead, you must reset the password with - ResetServiceSpecificCredential.

 - type: object - CreateUserRequest: - properties: - Path: - allOf: - - $ref: '#/components/schemas/pathType' - - description:

The path for the user name. For more information about - paths, see IAM - identifiers in the IAM User Guide.

This parameter - is optional. If it is not included, it defaults to a slash (/).

-

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- PermissionsBoundary: - allOf: - - $ref: '#/components/schemas/arnType' - - description: The ARN of the policy that is used to set the permissions - boundary for the user. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description:

A list of tags that you want to attach to the new user. - Each tag consists of a key name and an associated value. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide.

If any - one of the tags is invalid or if you exceed the allowed maximum number - of tags, then the entire request fails and the resource is not created.

- - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description:

The name of the user to create.

IAM user, group, - role, and policy names must be unique within the account. Names are - not distinguished by case. For example, you cannot create resources - named both "MyResource" and "myresource".

- required: - - UserName - title: CreateUserRequest - type: object - CreateUserResponse: - description: 'Contains the response to a successful CreateUser request. ' - example: - User: - Arn: arn:aws:iam::123456789012:user/Bob - CreateDate: '2013-06-08T03:20:41.270Z' - Path: / - UserId: AKIAIOSFODNN7EXAMPLE - UserName: Bob - properties: - User: - allOf: - - $ref: '#/components/schemas/User' - - description: A structure with details about the new IAM user. - type: object - CreateVirtualMFADeviceRequest: - properties: - Path: - allOf: - - $ref: '#/components/schemas/pathType' - - description:

The path for the virtual MFA device. For more information - about paths, see IAM - identifiers in the IAM User Guide.

This parameter - is optional. If it is not included, it defaults to a slash (/).

-

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description:

A list of tags that you want to attach to the new IAM - virtual MFA device. Each tag consists of a key name and an associated - value. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

If any - one of the tags is invalid or if you exceed the allowed maximum number - of tags, then the entire request fails and the resource is not created.

- - VirtualMFADeviceName: - allOf: - - $ref: '#/components/schemas/virtualMFADeviceName' - - description: '

The name of the virtual MFA device. Use with path to - uniquely identify a virtual MFA device.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following - characters: _+=,.@-

' - required: - - VirtualMFADeviceName - title: CreateVirtualMFADeviceRequest - type: object - CreateVirtualMFADeviceResponse: - description: 'Contains the response to a successful CreateVirtualMFADevice - request. ' - properties: - VirtualMFADevice: - allOf: - - $ref: '#/components/schemas/VirtualMFADevice' - - description: A structure containing details about the new virtual MFA - device. - required: - - VirtualMFADevice - type: object - CredentialReportExpiredException: {} - CredentialReportNotPresentException: {} - CredentialReportNotReadyException: {} - DeactivateMFADeviceRequest: - properties: - SerialNumber: - allOf: - - $ref: '#/components/schemas/serialNumberType' - - description: '

The serial number that uniquely identifies the MFA device. - For virtual MFA devices, the serial number is the device ARN.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: =,.@:/-

' - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user whose MFA device you want to deactivate.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - - SerialNumber - title: DeactivateMFADeviceRequest - type: object - DeleteAccessKeyRequest: - properties: - AccessKeyId: - allOf: - - $ref: '#/components/schemas/accessKeyIdType' - - description:

The access key ID for the access key ID and secret access - key you want to delete.

This parameter allows (through its regex pattern) a string of - characters that can consist of any upper or lowercased letter or digit.

- UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user whose access key pair you want to - delete.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - AccessKeyId - title: DeleteAccessKeyRequest - type: object - DeleteAccountAliasRequest: - properties: - AccountAlias: - allOf: - - $ref: '#/components/schemas/accountAliasType' - - description:

The name of the account alias to delete.

This parameter - allows (through its regex - pattern) a string of characters consisting of lowercase letters, - digits, and dashes. You cannot start or finish with a dash, nor can - you have two dashes in a row.

- required: - - AccountAlias - title: DeleteAccountAliasRequest - type: object - DeleteConflictException: {} - DeleteGroupPolicyRequest: - properties: - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: '

The name (friendly name, not ARN) identifying the group - that the policy is embedded in.

This parameter allows (through - its regex pattern) a string - of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: '

The name identifying the policy document to delete.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - GroupName - - PolicyName - title: DeleteGroupPolicyRequest - type: object - DeleteGroupRequest: - properties: - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: '

The name of the IAM group to delete.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - GroupName - title: DeleteGroupRequest - type: object - DeleteInstanceProfileRequest: - properties: - InstanceProfileName: - allOf: - - $ref: '#/components/schemas/instanceProfileNameType' - - description: '

The name of the instance profile to delete.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - InstanceProfileName - title: DeleteInstanceProfileRequest - type: object - DeleteLoginProfileRequest: - properties: - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name of the user whose password you want to delete.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - title: DeleteLoginProfileRequest - type: object - DeleteOpenIDConnectProviderRequest: - properties: - OpenIDConnectProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: The Amazon Resource Name (ARN) of the IAM OpenID Connect - provider resource object to delete. You can get a list of OpenID Connect - provider resource ARNs by using the ListOpenIDConnectProviders - operation. - required: - - OpenIDConnectProviderArn - title: DeleteOpenIDConnectProviderRequest - type: object - DeletePolicyRequest: - properties: - PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the IAM policy you want - to delete.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- required: - - PolicyArn - title: DeletePolicyRequest - type: object - DeletePolicyVersionRequest: - properties: - PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the IAM policy from - which you want to delete a version.

For more information about - ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- VersionId: - allOf: - - $ref: '#/components/schemas/policyVersionIdType' - - description:

The policy version to delete.

This parameter allows - (through its regex pattern) - a string of characters that consists of the lowercase letter 'v' followed - by one or two digits, and optionally followed by a period '.' and a - string of letters and digits.

For more information about managed - policy versions, see Versioning - for managed policies in the IAM User Guide.

- required: - - PolicyArn - - VersionId - title: DeletePolicyVersionRequest - type: object - DeleteRolePermissionsBoundaryRequest: - properties: - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: The name (friendly name, not ARN) of the IAM role from which - you want to remove the permissions boundary. - required: - - RoleName - title: DeleteRolePermissionsBoundaryRequest - type: object - DeleteRolePolicyRequest: - properties: - PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: '

The name of the inline policy to delete from the specified - IAM role.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name (friendly name, not ARN) identifying the role - that the policy is embedded in.

This parameter allows (through - its regex pattern) a string - of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - required: - - RoleName - - PolicyName - title: DeleteRolePolicyRequest - type: object - DeleteRoleRequest: - properties: - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name of the role to delete.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - RoleName - title: DeleteRoleRequest - type: object - DeleteSAMLProviderRequest: - properties: - SAMLProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: The Amazon Resource Name (ARN) of the SAML provider to delete. - required: - - SAMLProviderArn - title: DeleteSAMLProviderRequest - type: object - DeleteSSHPublicKeyRequest: - properties: - SSHPublicKeyId: - allOf: - - $ref: '#/components/schemas/publicKeyIdType' - - description:

The unique identifier for the SSH public key.

This - parameter allows (through its regex - pattern) a string of characters that can consist of any upper or - lowercased letter or digit.

- UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name of the IAM user associated with the SSH public - key.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - - SSHPublicKeyId - title: DeleteSSHPublicKeyRequest - type: object - DeleteServerCertificateRequest: - properties: - ServerCertificateName: - allOf: - - $ref: '#/components/schemas/serverCertificateNameType' - - description: '

The name of the server certificate you want to delete.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - ServerCertificateName - title: DeleteServerCertificateRequest - type: object - DeleteServiceLinkedRoleRequest: - properties: - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: The name of the service-linked role to be deleted. - required: - - RoleName - title: DeleteServiceLinkedRoleRequest - type: object - DeleteServiceLinkedRoleResponse: - properties: - DeletionTaskId: - allOf: - - $ref: '#/components/schemas/DeletionTaskIdType' - - description: The deletion task identifier that you can use to check the - status of the deletion. This identifier is returned in the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>. - required: - - DeletionTaskId - type: object - DeleteServiceSpecificCredentialRequest: - properties: - ServiceSpecificCredentialId: - allOf: - - $ref: '#/components/schemas/serviceSpecificCredentialId' - - description:

The unique identifier of the service-specific credential. - You can get this value by calling ListServiceSpecificCredentials.

-

This parameter allows (through its regex - pattern) a string of characters that can consist of any upper or - lowercased letter or digit.

- UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name of the IAM user associated with the service-specific - credential. If this value is not specified, then the operation assumes - the user whose credentials are used to call the operation.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - ServiceSpecificCredentialId - title: DeleteServiceSpecificCredentialRequest - type: object - DeleteSigningCertificateRequest: - properties: - CertificateId: - allOf: - - $ref: '#/components/schemas/certificateIdType' - - description:

The ID of the signing certificate to delete.

The - format of this parameter, as described by its regex - pattern, is a string of characters that can be upper- or lower-cased - letters or digits.

- UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user the signing certificate belongs - to.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - CertificateId - title: DeleteSigningCertificateRequest - type: object - DeleteUserPermissionsBoundaryRequest: - properties: - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: The name (friendly name, not ARN) of the IAM user from which - you want to remove the permissions boundary. - required: - - UserName - title: DeleteUserPermissionsBoundaryRequest - type: object - DeleteUserPolicyRequest: - properties: - PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: '

The name identifying the policy document to delete.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name (friendly name, not ARN) identifying the user - that the policy is embedded in.

This parameter allows (through - its regex pattern) a string - of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - required: - - UserName - - PolicyName - title: DeleteUserPolicyRequest - type: object - DeleteUserRequest: - properties: - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user to delete.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - title: DeleteUserRequest - type: object - DeleteVirtualMFADeviceRequest: - properties: - SerialNumber: - allOf: - - $ref: '#/components/schemas/serialNumberType' - - description: '

The serial number that uniquely identifies the MFA device. - For virtual MFA devices, the serial number is the same as the ARN.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: =,.@:/-

' - required: - - SerialNumber - title: DeleteVirtualMFADeviceRequest - type: object - DeletionTaskFailureReasonType: - description:

The reason that the service-linked role deletion failed.

-

This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus - operation.

- properties: - Reason: - allOf: - - $ref: '#/components/schemas/ReasonType' - - description: A short description of the reason that the service-linked - role deletion failed. - RoleUsageList: - allOf: - - $ref: '#/components/schemas/RoleUsageListType' - - description: A list of objects that contains details about the service-linked - role deletion failure, if that information is returned by the service. - If the service-linked role has active sessions or if any resources that - were used by the role have not been deleted from the linked service, - the role can't be deleted. This parameter includes a list of the resources - that are associated with the role and the Region in which the resources - are being used. - type: object - DeletionTaskIdType: - maxLength: 1000 - minLength: 1 - type: string - DeletionTaskStatusType: - enum: - - SUCCEEDED - - IN_PROGRESS - - FAILED - - NOT_STARTED - type: string - DetachGroupPolicyRequest: - properties: - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: '

The name (friendly name, not ARN) of the IAM group to - detach the policy from.

This parameter allows (through its regex pattern) a string of - characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the IAM policy you want - to detach.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- required: - - GroupName - - PolicyArn - title: DetachGroupPolicyRequest - type: object - DetachRolePolicyRequest: - properties: - PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the IAM policy you want - to detach.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name (friendly name, not ARN) of the IAM role to - detach the policy from.

This parameter allows (through its regex pattern) a string of - characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - required: - - RoleName - - PolicyArn - title: DetachRolePolicyRequest - type: object - DetachUserPolicyRequest: - properties: - PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the IAM policy you want - to detach.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name (friendly name, not ARN) of the IAM user to - detach the policy from.

This parameter allows (through its regex pattern) a string of - characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - required: - - UserName - - PolicyArn - title: DetachUserPolicyRequest - type: object - DuplicateCertificateException: {} - DuplicateSSHPublicKeyException: {} - EnableMFADeviceRequest: - properties: - AuthenticationCode1: - allOf: - - $ref: '#/components/schemas/authenticationCodeType' - - description:

An authentication code emitted by the device.

The - format for this parameter is a string of six digits.

-

Submit your request immediately after generating the authentication - codes. If you generate the codes and then wait too long to submit the - request, the MFA device successfully associates with the user but the - MFA device becomes out of sync. This happens because time-based one-time - passwords (TOTP) expire after a short period of time. If this happens, - you can resync - the device.

 - AuthenticationCode2: - allOf: - - $ref: '#/components/schemas/authenticationCodeType' - - description:

A subsequent authentication code emitted by the device.

-

The format for this parameter is a string of six digits.

-

Submit your request immediately after generating the authentication - codes. If you generate the codes and then wait too long to submit the - request, the MFA device successfully associates with the user but the - MFA device becomes out of sync. This happens because time-based one-time - passwords (TOTP) expire after a short period of time. If this happens, - you can resync - the device.

 - SerialNumber: - allOf: - - $ref: '#/components/schemas/serialNumberType' - - description: '

The serial number that uniquely identifies the MFA device. - For virtual MFA devices, the serial number is the device ARN.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: =,.@:/-

' - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the IAM user for whom you want to enable - the MFA device.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - - SerialNumber - - AuthenticationCode1 - - AuthenticationCode2 - title: EnableMFADeviceRequest - type: object - EntityAlreadyExistsException: {} - EntityDetails: - description:

An object that contains details about when the IAM entities - (users or roles) were last used in an attempt to access the specified Amazon - Web Services service.

This data type is a response element in the GetServiceLastAccessedDetailsWithEntities - operation.

- properties: - EntityInfo: - allOf: - - $ref: '#/components/schemas/EntityInfo' - - description: "The\_EntityInfo object that contains details\ - \ about the entity (user or role)." - LastAuthenticated: - allOf: - - $ref: '#/components/schemas/dateType' - - description: "

The date and time, in\_ISO 8601 date-time format, when the authenticated entity last attempted\ - \ to access Amazon Web Services. Amazon Web Services does not report\ - \ unauthenticated requests.

This field is null if no IAM entities\ - \ attempted to access the service within the reporting period.

" - required: - - EntityInfo - type: object - EntityInfo: - description:

Contains details about the specified entity (user or role).

-

This data type is an element of the EntityDetails object.

- properties: - Arn: - $ref: '#/components/schemas/arnType' - Id: - allOf: - - $ref: '#/components/schemas/idType' - - description: The identifier of the entity (user or role). - Name: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: The name of the entity (user or role). - Path: - allOf: - - $ref: '#/components/schemas/pathType' - - description: 'The path to the entity (user or role). For more information - about paths, see IAM - identifiers in the IAM User Guide. ' - Type: - allOf: - - $ref: '#/components/schemas/policyOwnerEntityType' - - description: The type of entity (user or role). - required: - - Arn - - Name - - Type - - Id - type: object - EntityTemporarilyUnmodifiableException: {} - EntityType: - enum: - - User - - Role - - Group - - LocalManagedPolicy - - AWSManagedPolicy - type: string - ErrorDetails: - description:

Contains information about the reason that the operation failed.

-

This data type is used as a response element in the GetOrganizationsAccessReport, - GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities - operations.

- properties: - Code: - allOf: - - $ref: '#/components/schemas/stringType' - - description: The error code associated with the operation failure. - Message: - allOf: - - $ref: '#/components/schemas/stringType' - - description: Detailed information about the reason that the operation - failed. - required: - - Message - - Code - type: object - EvalDecisionDetailsType: - additionalProperties: - $ref: '#/components/schemas/PolicyEvaluationDecisionType' - type: object - EvalDecisionSourceType: - maxLength: 256 - minLength: 3 - type: string - EvaluationResult: - description:

Contains the results of a simulation.

This data type - is used by the return parameter of SimulateCustomPolicy - and SimulatePrincipalPolicy .

- properties: - EvalActionName: - allOf: - - $ref: '#/components/schemas/ActionNameType' - - description: The name of the API operation tested on the indicated resource. - EvalDecision: - allOf: - - $ref: '#/components/schemas/PolicyEvaluationDecisionType' - - description: The result of the simulation. - EvalDecisionDetails: - allOf: - - $ref: '#/components/schemas/EvalDecisionDetailsType' - - description:

Additional details about the results of the cross-account - evaluation decision. This parameter is populated for only cross-account - simulations. It contains a brief summary of how each policy type contributes - to the final evaluation decision.

If the simulation evaluates - policies within the same account and includes a resource ARN, then the - parameter is present but the response is empty. If the simulation evaluates - policies within the same account and specifies all resources (*), - then the parameter is not returned.

When you make a cross-account - request, Amazon Web Services evaluates the request in the trusting account - and the trusted account. The request is allowed only if both evaluations - return true. For more information about how policies are - evaluated, see Evaluating - policies within a single account.

If an Organizations SCP - included in the evaluation denies access, the simulation ends. In this - case, policy evaluation does not proceed any further and this parameter - is not returned.

- EvalResourceName: - allOf: - - $ref: '#/components/schemas/ResourceNameType' - - description: The ARN of the resource that the indicated API operation - was tested on. - MatchedStatements: - allOf: - - $ref: '#/components/schemas/StatementListType' - - description: A list of the statements in the input policies that determine - the result for this scenario. Remember that even if multiple statements - allow the operation on the resource, if only one statement denies that - operation, then the explicit deny overrides any allow. In addition, - the deny statement is the only entry included in the result. - MissingContextValues: - allOf: - - $ref: '#/components/schemas/ContextKeyNamesResultListType' - - description: A list of context keys that are required by the included - input policies but that were not provided by one of the input parameters. - This list is used when the resource in a simulation is "*", either explicitly, - or when the ResourceArns parameter blank. If you include - a list of resources, then any missing context values are instead included - under the ResourceSpecificResults section. To discover - the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy - or GetContextKeysForPrincipalPolicy. - OrganizationsDecisionDetail: - allOf: - - $ref: '#/components/schemas/OrganizationsDecisionDetail' - - description: A structure that details how Organizations and its service - control policies affect the results of the simulation. Only applies - if the simulated user's account is part of an organization. - PermissionsBoundaryDecisionDetail: - allOf: - - $ref: '#/components/schemas/PermissionsBoundaryDecisionDetail' - - description: Contains information about the effect that a permissions - boundary has on a policy simulation when the boundary is applied to - an IAM entity. - ResourceSpecificResults: - allOf: - - $ref: '#/components/schemas/ResourceSpecificResultListType' - - description: The individual results of the simulation of the API operation - specified in EvalActionName on each resource. - required: - - EvalActionName - - EvalDecision - type: object - EvaluationResultsListType: - items: - allOf: - - $ref: '#/components/schemas/EvaluationResult' - - xml: - name: member - type: array - GenerateCredentialReportResponse: - description: 'Contains the response to a successful GenerateCredentialReport - request. ' - properties: - Description: - allOf: - - $ref: '#/components/schemas/ReportStateDescriptionType' - - description: Information about the credential report. - State: - allOf: - - $ref: '#/components/schemas/ReportStateType' - - description: Information about the state of the credential report. - type: object - GenerateOrganizationsAccessReportRequest: - properties: - EntityPath: - allOf: - - $ref: '#/components/schemas/organizationsEntityPathType' - - description: The path of the Organizations entity (root, OU, or account). - You can build an entity path using the known structure of your organization. - For example, assume that your account ID is 123456789012 - and its parent OU ID is ou-rge0-awsabcde. The organization - root ID is r-f6g7h8i9j0example and your organization ID - is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012. - OrganizationsPolicyId: - allOf: - - $ref: '#/components/schemas/organizationsPolicyIdType' - - description:

The identifier of the Organizations service control policy - (SCP). This parameter is optional.

This ID is used to generate - information about when an account principal that is limited by the SCP - attempted to access an Amazon Web Services service.

- required: - - EntityPath - title: GenerateOrganizationsAccessReportRequest - type: object - GenerateOrganizationsAccessReportResponse: - example: - JobId: examplea-1234-b567-cde8-90fg123abcd4 - properties: - JobId: - allOf: - - $ref: '#/components/schemas/jobIDType' - - description: The job identifier that you can use in the GetOrganizationsAccessReport - operation. - type: object - GenerateServiceLastAccessedDetailsRequest: - properties: - Arn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: The ARN of the IAM resource (user, group, role, or managed - policy) used to generate information about when the resource was last - used in an attempt to access an Amazon Web Services service. - Granularity: - allOf: - - $ref: '#/components/schemas/AccessAdvisorUsageGranularityType' - - description: The level of detail that you want to generate. You can specify - whether you want to generate information about the last attempt to access - services or actions. If you specify service-level granularity, this - operation generates only service data. If you specify action-level granularity, - it generates service and action data. If you don't include this optional - parameter, the operation generates service data. - required: - - Arn - title: GenerateServiceLastAccessedDetailsRequest - type: object - GenerateServiceLastAccessedDetailsResponse: - example: - JobId: examplef-1305-c245-eba4-71fe298bcda7 - properties: - JobId: - allOf: - - $ref: '#/components/schemas/jobIDType' - - description: The JobId that you can use in the GetServiceLastAccessedDetails - or GetServiceLastAccessedDetailsWithEntities operations. The - JobId returned by GenerateServiceLastAccessedDetail - must be used by the same role within a session, or by the same user - when used to call GetServiceLastAccessedDetail. - type: object - GetAccessKeyLastUsedRequest: - properties: - AccessKeyId: - allOf: - - $ref: '#/components/schemas/accessKeyIdType' - - description:

The identifier of an access key.

This parameter - allows (through its regex - pattern) a string of characters that can consist of any upper or - lowercased letter or digit.

- required: - - AccessKeyId - title: GetAccessKeyLastUsedRequest - type: object - GetAccessKeyLastUsedResponse: - description: Contains the response to a successful GetAccessKeyLastUsed - request. It is also returned as a member of the AccessKeyMetaData structure - returned by the ListAccessKeys action. - properties: - AccessKeyLastUsed: - allOf: - - $ref: '#/components/schemas/AccessKeyLastUsed' - - description: Contains information about the last time the access key was - used. - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description:

The name of the IAM user that owns this access key.

-

- type: object - GetAccountAuthorizationDetailsRequest: - properties: - Filter: - allOf: - - $ref: '#/components/schemas/entityListType' - - description:

A list of entity types used to filter the results. Only - the entities that match the types you specify are included in the output. - Use the value LocalManagedPolicy to include customer managed - policies.

The format for this parameter is a comma-separated - (if more than one) list of strings. Each string value in the list must - be one of the valid values listed below.

- Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- title: GetAccountAuthorizationDetailsRequest - type: object - GetAccountAuthorizationDetailsResponse: - description: 'Contains the response to a successful GetAccountAuthorizationDetails - request. ' - properties: - GroupDetailList: - allOf: - - $ref: '#/components/schemas/groupDetailListType' - - description: A list containing information about IAM groups. - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - Policies: - allOf: - - $ref: '#/components/schemas/ManagedPolicyDetailListType' - - description: A list containing information about managed policies. - RoleDetailList: - allOf: - - $ref: '#/components/schemas/roleDetailListType' - - description: A list containing information about IAM roles. - UserDetailList: - allOf: - - $ref: '#/components/schemas/userDetailListType' - - description: A list containing information about IAM users. - type: object - GetAccountPasswordPolicyResponse: - description: 'Contains the response to a successful GetAccountPasswordPolicy - request. ' - example: - PasswordPolicy: - AllowUsersToChangePassword: false - ExpirePasswords: false - HardExpiry: false - MaxPasswordAge: 90 - MinimumPasswordLength: 8 - PasswordReusePrevention: 12 - RequireLowercaseCharacters: false - RequireNumbers: true - RequireSymbols: true - RequireUppercaseCharacters: false - properties: - PasswordPolicy: - allOf: - - $ref: '#/components/schemas/PasswordPolicy' - - description: A structure that contains details about the account's password - policy. - required: - - PasswordPolicy - type: object - GetAccountSummaryResponse: - description: 'Contains the response to a successful GetAccountSummary - request. ' - example: - SummaryMap: - AccessKeysPerUserQuota: 2 - AccountAccessKeysPresent: 1 - AccountMFAEnabled: 0 - AccountSigningCertificatesPresent: 0 - AttachedPoliciesPerGroupQuota: 10 - AttachedPoliciesPerRoleQuota: 10 - AttachedPoliciesPerUserQuota: 10 - GlobalEndpointTokenVersion: 2 - GroupPolicySizeQuota: 5120 - Groups: 15 - GroupsPerUserQuota: 10 - GroupsQuota: 100 - MFADevices: 6 - MFADevicesInUse: 3 - Policies: 8 - PoliciesQuota: 1000 - PolicySizeQuota: 5120 - PolicyVersionsInUse: 22 - PolicyVersionsInUseQuota: 10000 - ServerCertificates: 1 - ServerCertificatesQuota: 20 - SigningCertificatesPerUserQuota: 2 - UserPolicySizeQuota: 2048 - Users: 27 - UsersQuota: 5000 - VersionsPerPolicyQuota: 5 - properties: - SummaryMap: - allOf: - - $ref: '#/components/schemas/summaryMapType' - - description: "A set of key\u2013value pairs containing information about\ - \ IAM entity usage and IAM quotas." - type: object - GetContextKeysForCustomPolicyRequest: - properties: - PolicyInputList: - allOf: - - $ref: '#/components/schemas/SimulationPolicyListType' - - description:

A list of policies for which you want the list of context - keys referenced in those policies. Each document is specified as a string - containing the complete, valid JSON text of an IAM policy.

The - regex pattern used to - validate this parameter is a string of characters consisting of the - following:

  • Any printable ASCII character ranging from - the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- required: - - PolicyInputList - title: GetContextKeysForCustomPolicyRequest - type: object - GetContextKeysForPolicyResponse: - description: 'Contains the response to a successful GetContextKeysForPrincipalPolicy - or GetContextKeysForCustomPolicy request. ' - properties: - ContextKeyNames: - allOf: - - $ref: '#/components/schemas/ContextKeyNamesResultListType' - - description: The list of context keys that are referenced in the input - policies. - type: object - GetContextKeysForPrincipalPolicyRequest: - properties: - PolicyInputList: - allOf: - - $ref: '#/components/schemas/SimulationPolicyListType' - - description:

An optional list of additional policies for which you - want the list of context keys that are referenced.

The regex - pattern used to validate this parameter is a string of characters - consisting of the following:

  • Any printable ASCII character - ranging from the space character (\u0020) through the end - of the ASCII character range

  • The printable characters - in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- PolicySourceArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The ARN of a user, group, or role whose policies contain - the context keys that you want listed. If you specify a user, the list - includes context keys that are found in all policies that are attached - to the user. The list also includes all groups that the user is a member - of. If you pick a group or a role, then it includes only those context - keys that are found in policies attached to that entity. Note that all - parameters are shown in unencoded form here for clarity, but must be - URL encoded to be included as a part of a real HTML request.

For - more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- required: - - PolicySourceArn - title: GetContextKeysForPrincipalPolicyRequest - type: object - GetCredentialReportResponse: - description: 'Contains the response to a successful GetCredentialReport - request. ' - properties: - Content: - allOf: - - $ref: '#/components/schemas/ReportContentType' - - description: Contains the credential report. The report is Base64-encoded. - GeneratedTime: - allOf: - - $ref: '#/components/schemas/dateType' - - description: ' The date and time when the credential report was created, - in ISO 8601 date-time format.' - ReportFormat: - allOf: - - $ref: '#/components/schemas/ReportFormatType' - - description: The format (MIME type) of the credential report. - type: object - GetGroupPolicyRequest: - properties: - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: '

The name of the group the policy is associated with.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: '

The name of the policy document to get.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - GroupName - - PolicyName - title: GetGroupPolicyRequest - type: object - GetGroupPolicyResponse: - description: 'Contains the response to a successful GetGroupPolicy request. ' - properties: - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: The group the policy is associated with. - PolicyDocument: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description:

The policy document.

IAM stores policies in JSON - format. However, resources that were created using CloudFormation templates - can be formatted in YAML. CloudFormation always converts a YAML policy - to JSON format before submitting it to IAM.

- PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: The name of the policy. - required: - - GroupName - - PolicyName - - PolicyDocument - type: object - GetGroupRequest: - properties: - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: '

The name of the group.

This parameter allows (through - its regex pattern) a string - of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- required: - - GroupName - title: GetGroupRequest - type: object - GetGroupResponse: - description: 'Contains the response to a successful GetGroup request. ' - properties: - Group: - allOf: - - $ref: '#/components/schemas/Group' - - description: A structure that contains details about the group. - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - Users: - allOf: - - $ref: '#/components/schemas/userListType' - - description: A list of users in the group. - required: - - Group - - Users - type: object - GetInstanceProfileRequest: - properties: - InstanceProfileName: - allOf: - - $ref: '#/components/schemas/instanceProfileNameType' - - description: '

The name of the instance profile to get information about.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - InstanceProfileName - title: GetInstanceProfileRequest - type: object - GetInstanceProfileResponse: - description: 'Contains the response to a successful GetInstanceProfile - request. ' - example: - InstanceProfile: - Arn: arn:aws:iam::336924118301:instance-profile/ExampleInstanceProfile - CreateDate: '2013-06-12T23:52:02Z' - InstanceProfileId: AID2MAB8DPLSRHEXAMPLE - InstanceProfileName: ExampleInstanceProfile - Path: / - Roles: - - Arn: arn:aws:iam::336924118301:role/Test-Role - AssumeRolePolicyDocument: - CreateDate: '2013-01-09T06:33:26Z' - Path: / - RoleId: AIDGPMS9RO4H3FEXAMPLE - RoleName: Test-Role - properties: - InstanceProfile: - allOf: - - $ref: '#/components/schemas/InstanceProfile' - - description: A structure containing details about the instance profile. - required: - - InstanceProfile - type: object - GetLoginProfileRequest: - properties: - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name of the user whose login profile you want to - retrieve.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - title: GetLoginProfileRequest - type: object - GetLoginProfileResponse: - description: 'Contains the response to a successful GetLoginProfile request. ' - example: - LoginProfile: - CreateDate: '2012-09-21T23:03:39Z' - UserName: Anika - properties: - LoginProfile: - allOf: - - $ref: '#/components/schemas/LoginProfile' - - description: A structure containing the user name and the profile creation - date for the user. - required: - - LoginProfile - type: object - GetOpenIDConnectProviderRequest: - properties: - OpenIDConnectProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the OIDC provider resource - object in IAM to get information for. You can get a list of OIDC provider - resource ARNs by using the ListOpenIDConnectProviders operation.

-

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- required: - - OpenIDConnectProviderArn - title: GetOpenIDConnectProviderRequest - type: object - GetOpenIDConnectProviderResponse: - description: 'Contains the response to a successful GetOpenIDConnectProvider - request. ' - properties: - ClientIDList: - allOf: - - $ref: '#/components/schemas/clientIDListType' - - description: A list of client IDs (also known as audiences) that are associated - with the specified IAM OIDC provider resource object. For more information, - see CreateOpenIDConnectProvider. - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time when the IAM OIDC provider resource object - was created in the Amazon Web Services account. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: A list of tags that are attached to the specified IAM OIDC - provider. The returned list of tags is sorted by tag key. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide. - ThumbprintList: - allOf: - - $ref: '#/components/schemas/thumbprintListType' - - description: 'A list of certificate thumbprints that are associated with - the specified IAM OIDC provider resource object. For more information, - see CreateOpenIDConnectProvider. ' - Url: - allOf: - - $ref: '#/components/schemas/OpenIDConnectProviderUrlType' - - description: The URL that the IAM OIDC provider resource object is associated - with. For more information, see CreateOpenIDConnectProvider. - type: object - GetOrganizationsAccessReportRequest: - properties: - JobId: - allOf: - - $ref: '#/components/schemas/jobIDType' - - description: The identifier of the request generated by the GenerateOrganizationsAccessReport - operation. - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- SortKey: - allOf: - - $ref: '#/components/schemas/sortKeyType' - - description: The key that is used to sort the results. If you choose the - namespace key, the results are returned in alphabetical order. If you - choose the time key, the results are sorted numerically by the date - and time. - required: - - JobId - title: GetOrganizationsAccessReportRequest - type: object - GetOrganizationsAccessReportResponse: - example: - AccessDetails: - - EntityPath: o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-1a2b3c-k9l8m7n6o5example/111122223333 - LastAuthenticatedTime: '2019-05-25T16:29:52Z' - Region: us-east-1 - ServiceName: Amazon DynamoDB - ServiceNamespace: dynamodb - TotalAuthenticatedEntities: 2 - - EntityPath: o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-1a2b3c-k9l8m7n6o5example/123456789012 - LastAuthenticatedTime: '2019-06-15T13:12:06Z' - Region: us-east-1 - ServiceName: AWS Identity and Access Management - ServiceNamespace: iam - TotalAuthenticatedEntities: 4 - - ServiceName: Amazon Simple Storage Service - ServiceNamespace: s3 - TotalAuthenticatedEntities: 0 - IsTruncated: false - JobCompletionDate: '2019-06-18T19:47:35.241Z' - JobCreationDate: '2019-06-18T19:47:31.466Z' - JobStatus: COMPLETED - NumberOfServicesAccessible: 3 - NumberOfServicesNotAccessed: 1 - properties: - AccessDetails: - allOf: - - $ref: '#/components/schemas/AccessDetails' - - description: "An\_object that contains details about the most recent attempt\ - \ to access the service." - ErrorDetails: - $ref: '#/components/schemas/ErrorDetails' - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - JobCompletionDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: "

The date and time, in\_ISO 8601 date-time format, when the generated report job was completed\ - \ or failed.

This field is null if the job is still in progress,\ - \ as indicated by a job status value of IN_PROGRESS.

" - JobCreationDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: "The date and time, in\_ISO 8601 date-time format, when the report job was created." - JobStatus: - allOf: - - $ref: '#/components/schemas/jobStatusType' - - description: The status of the job. - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - NumberOfServicesAccessible: - allOf: - - $ref: '#/components/schemas/integerType' - - description: The number of services that the applicable SCPs allow account - principals to access. - NumberOfServicesNotAccessed: - allOf: - - $ref: '#/components/schemas/integerType' - - description: The number of services that account principals are allowed - but did not attempt to access. - required: - - JobStatus - - JobCreationDate - type: object - GetPolicyRequest: - properties: - PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the managed policy that - you want information about.

For more information about ARNs, - see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- required: - - PolicyArn - title: GetPolicyRequest - type: object - GetPolicyResponse: - description: 'Contains the response to a successful GetPolicy request. ' - properties: - Policy: - allOf: - - $ref: '#/components/schemas/Policy' - - description: A structure containing details about the policy. - type: object - GetPolicyVersionRequest: - properties: - PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the managed policy that - you want information about.

For more information about ARNs, - see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- VersionId: - allOf: - - $ref: '#/components/schemas/policyVersionIdType' - - description:

Identifies the policy version to retrieve.

This - parameter allows (through its regex - pattern) a string of characters that consists of the lowercase letter - 'v' followed by one or two digits, and optionally followed by a period - '.' and a string of letters and digits.

- required: - - PolicyArn - - VersionId - title: GetPolicyVersionRequest - type: object - GetPolicyVersionResponse: - description: 'Contains the response to a successful GetPolicyVersion - request. ' - properties: - PolicyVersion: - allOf: - - $ref: '#/components/schemas/PolicyVersion' - - description: A structure containing details about the policy version. - type: object - GetRolePolicyRequest: - properties: - PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: '

The name of the policy document to get.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name of the role associated with the policy.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - RoleName - - PolicyName - title: GetRolePolicyRequest - type: object - GetRolePolicyResponse: - description: 'Contains the response to a successful GetRolePolicy request. ' - properties: - PolicyDocument: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description:

The policy document.

IAM stores policies in JSON - format. However, resources that were created using CloudFormation templates - can be formatted in YAML. CloudFormation always converts a YAML policy - to JSON format before submitting it to IAM.

- PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: The name of the policy. - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: The role the policy is associated with. - required: - - RoleName - - PolicyName - - PolicyDocument - type: object - GetRoleRequest: - properties: - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name of the IAM role to get information about.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - RoleName - title: GetRoleRequest - type: object - GetRoleResponse: - description: 'Contains the response to a successful GetRole request. ' - example: - Role: - Arn: arn:aws:iam::123456789012:role/Test-Role - AssumeRolePolicyDocument: - CreateDate: '2013-04-18T05:01:58Z' - MaxSessionDuration: 3600 - Path: / - RoleId: AROADBQP57FF2AEXAMPLE - RoleLastUsed: - LastUsedDate: '2019-11-18T05:01:58Z' - Region: us-east-1 - RoleName: Test-Role - properties: - Role: - allOf: - - $ref: '#/components/schemas/Role' - - description: A structure containing details about the IAM role. - required: - - Role - type: object - GetSAMLProviderRequest: - properties: - SAMLProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the SAML provider resource - object in IAM to get information about.

For more information - about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- required: - - SAMLProviderArn - title: GetSAMLProviderRequest - type: object - GetSAMLProviderResponse: - description: 'Contains the response to a successful GetSAMLProvider request. ' - properties: - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time when the SAML provider was created. - SAMLMetadataDocument: - allOf: - - $ref: '#/components/schemas/SAMLMetadataDocumentType' - - description: The XML metadata document that includes information about - an identity provider. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: A list of tags that are attached to the specified IAM SAML - provider. The returned list of tags is sorted by tag key. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide. - ValidUntil: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The expiration date and time for the SAML provider. - type: object - GetSSHPublicKeyRequest: - properties: - Encoding: - allOf: - - $ref: '#/components/schemas/encodingType' - - description: Specifies the public key encoding format to use in the response. - To retrieve the public key in ssh-rsa format, use SSH. - To retrieve the public key in PEM format, use PEM. - SSHPublicKeyId: - allOf: - - $ref: '#/components/schemas/publicKeyIdType' - - description:

The unique identifier for the SSH public key.

This - parameter allows (through its regex - pattern) a string of characters that can consist of any upper or - lowercased letter or digit.

- UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name of the IAM user associated with the SSH public - key.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - - SSHPublicKeyId - - Encoding - title: GetSSHPublicKeyRequest - type: object - GetSSHPublicKeyResponse: - description: Contains the response to a successful GetSSHPublicKey request. - properties: - SSHPublicKey: - allOf: - - $ref: '#/components/schemas/SSHPublicKey' - - description: A structure containing details about the SSH public key. - type: object - GetServerCertificateRequest: - properties: - ServerCertificateName: - allOf: - - $ref: '#/components/schemas/serverCertificateNameType' - - description: '

The name of the server certificate you want to retrieve - information about.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - ServerCertificateName - title: GetServerCertificateRequest - type: object - GetServerCertificateResponse: - description: 'Contains the response to a successful GetServerCertificate - request. ' - properties: - ServerCertificate: - allOf: - - $ref: '#/components/schemas/ServerCertificate' - - description: A structure containing details about the server certificate. - required: - - ServerCertificate - type: object - GetServiceLastAccessedDetailsRequest: - properties: - JobId: - allOf: - - $ref: '#/components/schemas/jobIDType' - - description: The ID of the request generated by the GenerateServiceLastAccessedDetails - operation. The JobId returned by GenerateServiceLastAccessedDetail - must be used by the same role within a session, or by the same user - when used to call GetServiceLastAccessedDetail. - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- required: - - JobId - title: GetServiceLastAccessedDetailsRequest - type: object - GetServiceLastAccessedDetailsResponse: - example: - IsTruncated: false - JobCompletionDate: '2018-10-24T19:47:35.241Z' - JobCreationDate: '2018-10-24T19:47:31.466Z' - JobStatus: COMPLETED - ServicesLastAccessed: - - LastAuthenticated: '2018-10-24T19:11:00Z' - LastAuthenticatedEntity: arn:aws:iam::123456789012:user/AWSExampleUser01 - ServiceName: AWS Identity and Access Management - ServiceNamespace: iam - TotalAuthenticatedEntities: 2 - - ServiceName: Amazon Simple Storage Service - ServiceNamespace: s3 - TotalAuthenticatedEntities: 0 - properties: - Error: - allOf: - - $ref: '#/components/schemas/ErrorDetails' - - description: An object that contains details about the reason the operation - failed. - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - JobCompletionDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: "

The date and time, in\_ISO 8601 date-time format, when the generated report job was completed\ - \ or failed.

This field is null if the job is still in progress,\ - \ as indicated by a job status value of IN_PROGRESS.

" - JobCreationDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: "The date and time, in\_ISO 8601 date-time format, when the report job was created." - JobStatus: - allOf: - - $ref: '#/components/schemas/jobStatusType' - - description: The status of the job. - JobType: - allOf: - - $ref: '#/components/schemas/AccessAdvisorUsageGranularityType' - - description: The type of job. Service jobs return information about when - each service was last accessed. Action jobs also include information - about when tracked actions within the service were last accessed. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - ServicesLastAccessed: - allOf: - - $ref: '#/components/schemas/ServicesLastAccessed' - - description: " A\_ServiceLastAccessed object that contains\ - \ details about the most recent attempt to access the service." - required: - - JobStatus - - JobCreationDate - - ServicesLastAccessed - - JobCompletionDate - type: object - GetServiceLastAccessedDetailsWithEntitiesRequest: - properties: - JobId: - allOf: - - $ref: '#/components/schemas/jobIDType' - - description: The ID of the request generated by the GenerateServiceLastAccessedDetails - operation. - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- ServiceNamespace: - allOf: - - $ref: '#/components/schemas/serviceNamespaceType' - - description: "

The service namespace for an Amazon Web Services service.\ - \ Provide the service namespace to learn when the IAM entity last attempted\ - \ to access the specified service.

To learn the service namespace\ - \ for a service, see Actions, resources, and condition keys for Amazon Web Services services\ - \ in the IAM User Guide. Choose the name of the service to view\ - \ details for that service. In the first paragraph, find the service\ - \ prefix. For example, (service prefix: a4b). For more\ - \ information about service namespaces, see Amazon Web Services service namespaces in the\_Amazon Web Services\ - \ General Reference.

" - required: - - JobId - - ServiceNamespace - title: GetServiceLastAccessedDetailsWithEntitiesRequest - type: object - GetServiceLastAccessedDetailsWithEntitiesResponse: - example: - EntityDetailsList: - - EntityInfo: - Arn: arn:aws:iam::123456789012:user/AWSExampleUser01 - Id: AIDAEX2EXAMPLEB6IGCDC - Name: AWSExampleUser01 - Path: / - Type: USER - LastAuthenticated: '2018-10-24T19:10:00Z' - - EntityInfo: - Arn: arn:aws:iam::123456789012:role/AWSExampleRole01 - Id: AROAEAEXAMPLEIANXSIU4 - Name: AWSExampleRole01 - Path: / - Type: ROLE - IsTruncated: false - JobCompletionDate: '2018-10-24T19:47:35.241Z' - JobCreationDate: '2018-10-24T19:47:31.466Z' - JobStatus: COMPLETED - properties: - EntityDetailsList: - allOf: - - $ref: '#/components/schemas/entityDetailsListType' - - description: "An\_EntityDetailsList object that contains\ - \ details about when an IAM entity (user or role) used group or policy\ - \ permissions in an attempt to access the specified Amazon Web Services\ - \ service." - Error: - allOf: - - $ref: '#/components/schemas/ErrorDetails' - - description: An object that contains details about the reason the operation - failed. - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - JobCompletionDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: "

The date and time, in\_ISO 8601 date-time format, when the generated report job was completed\ - \ or failed.

This field is null if the job is still in progress,\ - \ as indicated by a job status value of IN_PROGRESS.

" - JobCreationDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: "The date and time, in\_ISO 8601 date-time format, when the report job was created." - JobStatus: - allOf: - - $ref: '#/components/schemas/jobStatusType' - - description: The status of the job. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - required: - - JobStatus - - JobCreationDate - - JobCompletionDate - - EntityDetailsList - type: object - GetServiceLinkedRoleDeletionStatusRequest: - properties: - DeletionTaskId: - allOf: - - $ref: '#/components/schemas/DeletionTaskIdType' - - description: The deletion task identifier. This identifier is returned - by the DeleteServiceLinkedRole operation in the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>. - required: - - DeletionTaskId - title: GetServiceLinkedRoleDeletionStatusRequest - type: object - GetServiceLinkedRoleDeletionStatusResponse: - properties: - Reason: - allOf: - - $ref: '#/components/schemas/DeletionTaskFailureReasonType' - - description: An object that contains details about the reason the deletion - failed. - Status: - allOf: - - $ref: '#/components/schemas/DeletionTaskStatusType' - - description: The status of the deletion. - required: - - Status - type: object - GetUserPolicyRequest: - properties: - PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: '

The name of the policy document to get.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user who the policy is associated with.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - - PolicyName - title: GetUserPolicyRequest - type: object - GetUserPolicyResponse: - description: 'Contains the response to a successful GetUserPolicy request. ' - properties: - PolicyDocument: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description:

The policy document.

IAM stores policies in JSON - format. However, resources that were created using CloudFormation templates - can be formatted in YAML. CloudFormation always converts a YAML policy - to JSON format before submitting it to IAM.

- PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: The name of the policy. - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: The user the policy is associated with. - required: - - UserName - - PolicyName - - PolicyDocument - type: object - GetUserRequest: - properties: - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user to get information about.

This - parameter is optional. If it is not included, it defaults to the user - making the request. This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - title: GetUserRequest - type: object - GetUserResponse: - description: 'Contains the response to a successful GetUser request. ' - example: - User: - Arn: arn:aws:iam::123456789012:user/Bob - CreateDate: '2012-09-21T23:03:13Z' - Path: / - UserId: AKIAIOSFODNN7EXAMPLE - UserName: Bob - properties: - User: - allOf: - - $ref: '#/components/schemas/User' - - description:

A structure containing details about the IAM user.

-

Due to a service issue, password last used data does - not include password use from May 3, 2018 22:50 PDT to May 23, 2018 - 14:08 PDT. This affects last - sign-in dates shown in the IAM console and password last used dates - in the IAM - credential report, and returned by this operation. If users signed - in during the affected time, the password last used date that is returned - is the date the user last signed in before May 3, 2018. For users that - signed in after May 23, 2018 14:08 PDT, the returned password last used - date is accurate.

You can use password last used information - to identify unused credentials for deletion. For example, you might - delete users who did not sign in to Amazon Web Services in the last - 90 days. In cases like this, we recommend that you adjust your evaluation - window to include dates after May 23, 2018. Alternatively, if your users - use access keys to access Amazon Web Services programmatically you can - refer to access key last used information because it is accurate for - all dates.

- required: - - User - type: object - Group: - description:

Contains information about an IAM group entity.

This - data type is used as a response element in the following operations:

- properties: - Arn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: ' The Amazon Resource Name (ARN) specifying the group. For - more information about ARNs and how to use them in policies, see IAM - identifiers in the IAM User Guide. ' - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time, in ISO - 8601 date-time format, when the group was created. - GroupId: - allOf: - - $ref: '#/components/schemas/idType' - - description: ' The stable and unique string identifying the group. For - more information about IDs, see IAM - identifiers in the IAM User Guide. ' - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: The friendly name that identifies the group. - Path: - allOf: - - $ref: '#/components/schemas/pathType' - - description: 'The path to the group. For more information about paths, - see IAM - identifiers in the IAM User Guide. ' - required: - - Path - - GroupName - - GroupId - - Arn - - CreateDate - type: object - GroupDetail: - description:

Contains information about an IAM group, including all of the - group's policies.

This data type is used as a response element in the - GetAccountAuthorizationDetails operation.

- properties: - Arn: - $ref: '#/components/schemas/arnType' - AttachedManagedPolicies: - allOf: - - $ref: '#/components/schemas/attachedPoliciesListType' - - description: A list of the managed policies attached to the group. - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time, in ISO - 8601 date-time format, when the group was created. - GroupId: - allOf: - - $ref: '#/components/schemas/idType' - - description: The stable and unique string identifying the group. For more - information about IDs, see IAM - identifiers in the IAM User Guide. - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: The friendly name that identifies the group. - GroupPolicyList: - allOf: - - $ref: '#/components/schemas/policyDetailListType' - - description: A list of the inline policies embedded in the group. - Path: - allOf: - - $ref: '#/components/schemas/pathType' - - description: The path to the group. For more information about paths, - see IAM - identifiers in the IAM User Guide. - type: object - InstanceProfile: - description:

Contains information about an instance profile.

This - data type is used as a response element in the following operations:

- properties: - Arn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: ' The Amazon Resource Name (ARN) specifying the instance - profile. For more information about ARNs and how to use them in policies, - see IAM - identifiers in the IAM User Guide. ' - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date when the instance profile was created. - InstanceProfileId: - allOf: - - $ref: '#/components/schemas/idType' - - description: ' The stable and unique string identifying the instance profile. - For more information about IDs, see IAM - identifiers in the IAM User Guide. ' - InstanceProfileName: - allOf: - - $ref: '#/components/schemas/instanceProfileNameType' - - description: The name identifying the instance profile. - Path: - allOf: - - $ref: '#/components/schemas/pathType' - - description: ' The path to the instance profile. For more information - about paths, see IAM - identifiers in the IAM User Guide. ' - Roles: - allOf: - - $ref: '#/components/schemas/roleListType' - - description: The role associated with the instance profile. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: A list of tags that are attached to the instance profile. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide. - required: - - Path - - InstanceProfileName - - InstanceProfileId - - Arn - - CreateDate - - Roles - type: object - InvalidAuthenticationCodeException: {} - InvalidCertificateException: {} - InvalidInputException: {} - InvalidPublicKeyException: {} - InvalidUserTypeException: {} - KeyPairMismatchException: {} - LimitExceededException: {} - LineNumber: - type: integer - ListAccessKeysRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user.

This parameter allows (through - its regex pattern) a string - of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - title: ListAccessKeysRequest - type: object - ListAccessKeysResponse: - description: 'Contains the response to a successful ListAccessKeys request. ' - example: - AccessKeyMetadata: - - AccessKeyId: AKIA111111111EXAMPLE - CreateDate: '2016-12-01T22:19:58Z' - Status: Active - UserName: Alice - - AccessKeyId: AKIA222222222EXAMPLE - CreateDate: '2016-12-01T22:20:01Z' - Status: Active - UserName: Alice - properties: - AccessKeyMetadata: - allOf: - - $ref: '#/components/schemas/accessKeyMetadataListType' - - description: A list of objects containing metadata about the access keys. - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - required: - - AccessKeyMetadata - type: object - ListAccountAliasesRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- title: ListAccountAliasesRequest - type: object - ListAccountAliasesResponse: - description: 'Contains the response to a successful ListAccountAliases - request. ' - example: - AccountAliases: - - exmaple-corporation - properties: - AccountAliases: - allOf: - - $ref: '#/components/schemas/accountAliasListType' - - description: A list of aliases associated with the account. Amazon Web - Services supports only one alias per account. - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - required: - - AccountAliases - type: object - ListAttachedGroupPoliciesRequest: - properties: - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: '

The name (friendly name, not ARN) of the group to list - attached policies for.

This parameter allows (through its regex pattern) a string of - characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- PathPrefix: - allOf: - - $ref: '#/components/schemas/policyPathType' - - description:

The path prefix for filtering the results. This parameter - is optional. If it is not included, it defaults to a slash (/), listing - all policies.

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- required: - - GroupName - title: ListAttachedGroupPoliciesRequest - type: object - ListAttachedGroupPoliciesResponse: - description: 'Contains the response to a successful ListAttachedGroupPolicies - request. ' - properties: - AttachedPolicies: - allOf: - - $ref: '#/components/schemas/attachedPoliciesListType' - - description: A list of the attached policies. - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - type: object - ListAttachedRolePoliciesRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- PathPrefix: - allOf: - - $ref: '#/components/schemas/policyPathType' - - description:

The path prefix for filtering the results. This parameter - is optional. If it is not included, it defaults to a slash (/), listing - all policies.

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name (friendly name, not ARN) of the role to list - attached policies for.

This parameter allows (through its regex pattern) a string of - characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - required: - - RoleName - title: ListAttachedRolePoliciesRequest - type: object - ListAttachedRolePoliciesResponse: - description: 'Contains the response to a successful ListAttachedRolePolicies - request. ' - properties: - AttachedPolicies: - allOf: - - $ref: '#/components/schemas/attachedPoliciesListType' - - description: A list of the attached policies. - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - type: object - ListAttachedUserPoliciesRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- PathPrefix: - allOf: - - $ref: '#/components/schemas/policyPathType' - - description:

The path prefix for filtering the results. This parameter - is optional. If it is not included, it defaults to a slash (/), listing - all policies.

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name (friendly name, not ARN) of the user to list - attached policies for.

This parameter allows (through its regex pattern) a string of - characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - required: - - UserName - title: ListAttachedUserPoliciesRequest - type: object - ListAttachedUserPoliciesResponse: - description: 'Contains the response to a successful ListAttachedUserPolicies - request. ' - properties: - AttachedPolicies: - allOf: - - $ref: '#/components/schemas/attachedPoliciesListType' - - description: A list of the attached policies. - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - type: object - ListEntitiesForPolicyRequest: - properties: - EntityFilter: - allOf: - - $ref: '#/components/schemas/EntityType' - - description:

The entity type to use for filtering the results.

-

For example, when EntityFilter is Role, - only the roles that are attached to the specified policy are returned. - This parameter is optional. If it is not included, all attached entities - (users, groups, and roles) are returned. The argument for this parameter - must be one of the valid values listed below.

- Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- PathPrefix: - allOf: - - $ref: '#/components/schemas/pathType' - - description:

The path prefix for filtering the results. This parameter - is optional. If it is not included, it defaults to a slash (/), listing - all entities.

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the IAM policy for which - you want the versions.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- PolicyUsageFilter: - allOf: - - $ref: '#/components/schemas/PolicyUsageType' - - description: "

The policy usage method to use for filtering the results.

\ - \

To list only permissions policies, set\_PolicyUsageFilter\_\ - to\_PermissionsPolicy. To list only the policies used to\ - \ set permissions boundaries, set\_the value to\_PermissionsBoundary.

\ - \

This parameter is optional. If it is not included, all policies\ - \ are returned.

" - required: - - PolicyArn - title: ListEntitiesForPolicyRequest - type: object - ListEntitiesForPolicyResponse: - description: 'Contains the response to a successful ListEntitiesForPolicy - request. ' - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - PolicyGroups: - allOf: - - $ref: '#/components/schemas/PolicyGroupListType' - - description: A list of IAM groups that the policy is attached to. - PolicyRoles: - allOf: - - $ref: '#/components/schemas/PolicyRoleListType' - - description: A list of IAM roles that the policy is attached to. - PolicyUsers: - allOf: - - $ref: '#/components/schemas/PolicyUserListType' - - description: A list of IAM users that the policy is attached to. - type: object - ListGroupPoliciesRequest: - properties: - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: '

The name of the group to list policies for.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- required: - - GroupName - title: ListGroupPoliciesRequest - type: object - ListGroupPoliciesResponse: - description: 'Contains the response to a successful ListGroupPolicies - request. ' - example: - PolicyNames: - - AdminRoot - - KeyPolicy - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - PolicyNames: - allOf: - - $ref: '#/components/schemas/policyNameListType' - - description: '

A list of policy names.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following - characters: _+=,.@-

' - required: - - PolicyNames - type: object - ListGroupsForUserRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user to list groups for.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - title: ListGroupsForUserRequest - type: object - ListGroupsForUserResponse: - description: 'Contains the response to a successful ListGroupsForUser - request. ' - example: - Groups: - - Arn: arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_1234/engineering/Test - CreateDate: '2016-11-30T14:10:01.156Z' - GroupId: AGP2111111111EXAMPLE - GroupName: Test - Path: /division_abc/subdivision_xyz/product_1234/engineering/ - - Arn: arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_1234/Managers - CreateDate: '2016-06-12T20:14:52.032Z' - GroupId: AGPI222222222SEXAMPLE - GroupName: Managers - Path: /division_abc/subdivision_xyz/product_1234/ - properties: - Groups: - allOf: - - $ref: '#/components/schemas/groupListType' - - description: A list of groups. - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - required: - - Groups - type: object - ListGroupsRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- PathPrefix: - allOf: - - $ref: '#/components/schemas/pathPrefixType' - - description:

The path prefix for filtering the results. For example, - the prefix /division_abc/subdivision_xyz/ gets all groups - whose path starts with /division_abc/subdivision_xyz/.

-

This parameter is optional. If it is not included, it defaults to - a slash (/), listing all groups. This parameter allows (through its - regex pattern) a string - of characters consisting of either a forward slash (/) by itself or - a string that must begin and end with forward slashes. In addition, - it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- title: ListGroupsRequest - type: object - ListGroupsResponse: - description: 'Contains the response to a successful ListGroups request. ' - example: - Groups: - - Arn: arn:aws:iam::123456789012:group/Admins - CreateDate: '2016-12-15T21:40:08.121Z' - GroupId: AGPA1111111111EXAMPLE - GroupName: Admins - Path: /division_abc/subdivision_xyz/ - - Arn: arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_1234/engineering/Test - CreateDate: '2016-11-30T14:10:01.156Z' - GroupId: AGP22222222222EXAMPLE - GroupName: Test - Path: /division_abc/subdivision_xyz/product_1234/engineering/ - - Arn: arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_1234/Managers - CreateDate: '2016-06-12T20:14:52.032Z' - GroupId: AGPI3333333333EXAMPLE - GroupName: Managers - Path: /division_abc/subdivision_xyz/product_1234/ - properties: - Groups: - allOf: - - $ref: '#/components/schemas/groupListType' - - description: A list of groups. - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - required: - - Groups - type: object - ListInstanceProfileTagsRequest: - properties: - InstanceProfileName: - allOf: - - $ref: '#/components/schemas/instanceProfileNameType' - - description: '

The name of the IAM instance profile whose tags you want - to see.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- required: - - InstanceProfileName - title: ListInstanceProfileTagsRequest - type: object - ListInstanceProfileTagsResponse: - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that are currently attached to the IAM instance - profile. Each tag consists of a key name and an associated value. If - no tags are attached to the specified resource, the response contains - an empty list. - required: - - Tags - type: object - ListInstanceProfilesForRoleRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name of the role to list instance profiles for.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - RoleName - title: ListInstanceProfilesForRoleRequest - type: object - ListInstanceProfilesForRoleResponse: - description: 'Contains the response to a successful ListInstanceProfilesForRole - request. ' - properties: - InstanceProfiles: - allOf: - - $ref: '#/components/schemas/instanceProfileListType' - - description: A list of instance profiles. - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - required: - - InstanceProfiles - type: object - ListInstanceProfilesRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- PathPrefix: - allOf: - - $ref: '#/components/schemas/pathPrefixType' - - description:

The path prefix for filtering the results. For example, - the prefix /application_abc/component_xyz/ gets all instance - profiles whose path starts with /application_abc/component_xyz/.

-

This parameter is optional. If it is not included, it defaults to - a slash (/), listing all instance profiles. This parameter allows (through - its regex pattern) a string - of characters consisting of either a forward slash (/) by itself or - a string that must begin and end with forward slashes. In addition, - it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- title: ListInstanceProfilesRequest - type: object - ListInstanceProfilesResponse: - description: 'Contains the response to a successful ListInstanceProfiles - request. ' - properties: - InstanceProfiles: - allOf: - - $ref: '#/components/schemas/instanceProfileListType' - - description: A list of instance profiles. - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - required: - - InstanceProfiles - type: object - ListMFADeviceTagsRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- SerialNumber: - allOf: - - $ref: '#/components/schemas/serialNumberType' - - description: '

The unique identifier for the IAM virtual MFA device - whose tags you want to see. For virtual MFA devices, the serial number - is the same as the ARN.

This parameter allows (through its regex pattern) a string of - characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - required: - - SerialNumber - title: ListMFADeviceTagsRequest - type: object - ListMFADeviceTagsResponse: - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that are currently attached to the virtual - MFA device. Each tag consists of a key name and an associated value. - If no tags are attached to the specified resource, the response contains - an empty list. - required: - - Tags - type: object - ListMFADevicesRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user whose MFA devices you want to list.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - title: ListMFADevicesRequest - type: object - ListMFADevicesResponse: - description: 'Contains the response to a successful ListMFADevices request. ' - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - MFADevices: - allOf: - - $ref: '#/components/schemas/mfaDeviceListType' - - description: A list of MFA devices. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - required: - - MFADevices - type: object - ListOpenIDConnectProviderTagsRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- OpenIDConnectProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: '

The ARN of the OpenID Connect (OIDC) identity provider - whose tags you want to see.

This parameter allows (through its - regex pattern) a string - of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - required: - - OpenIDConnectProviderArn - title: ListOpenIDConnectProviderTagsRequest - type: object - ListOpenIDConnectProviderTagsResponse: - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that are currently attached to the OpenID - Connect (OIDC) identity provider. Each tag consists of a key name and - an associated value. If no tags are attached to the specified resource, - the response contains an empty list. - required: - - Tags - type: object - ListOpenIDConnectProvidersRequest: - properties: {} - title: ListOpenIDConnectProvidersRequest - type: object - ListOpenIDConnectProvidersResponse: - description: 'Contains the response to a successful ListOpenIDConnectProviders - request. ' - properties: - OpenIDConnectProviderList: - allOf: - - $ref: '#/components/schemas/OpenIDConnectProviderListType' - - description: The list of IAM OIDC provider resource objects defined in - the Amazon Web Services account. - type: object - ListPoliciesGrantingServiceAccessEntry: - description:

Contains details about the permissions policies that are attached - to the specified identity (user, group, or role).

This data type is - used as a response element in the ListPoliciesGrantingServiceAccess - operation.

- properties: - Policies: - allOf: - - $ref: '#/components/schemas/policyGrantingServiceAccessListType' - - description: "The\_PoliciesGrantingServiceAccess object that\ - \ contains details about the policy." - ServiceNamespace: - allOf: - - $ref: '#/components/schemas/serviceNamespaceType' - - description: "

The namespace of the service that was accessed.

To\ - \ learn the service namespace of a service, see Actions, resources, and condition keys for Amazon Web Services services\ - \ in the Service Authorization Reference. Choose the name of\ - \ the service to view details for that service. In the first paragraph,\ - \ find the service prefix. For example, (service prefix: a4b).\ - \ For more information about service namespaces, see Amazon Web Services service namespaces in the\_Amazon Web Services\ - \ General Reference.

" - type: object - ListPoliciesGrantingServiceAccessRequest: - properties: - Arn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: The ARN of the IAM identity (user, group, or role) whose - policies you want to list. - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - ServiceNamespaces: - allOf: - - $ref: '#/components/schemas/serviceNamespaceListType' - - description: "

The service namespace for the Amazon Web Services services\ - \ whose policies you want to list.

To learn the service namespace\ - \ for a service, see Actions, resources, and condition keys for Amazon Web Services services\ - \ in the IAM User Guide. Choose the name of the service to view\ - \ details for that service. In the first paragraph, find the service\ - \ prefix. For example, (service prefix: a4b). For more\ - \ information about service namespaces, see Amazon Web Services service namespaces in the\_Amazon Web Services\ - \ General Reference.

" - required: - - Arn - - ServiceNamespaces - title: ListPoliciesGrantingServiceAccessRequest - type: object - ListPoliciesGrantingServiceAccessResponse: - example: - IsTruncated: false - PoliciesGrantingServiceAccess: - - Policies: - - PolicyArn: arn:aws:iam::123456789012:policy/ExampleIamPolicy - PolicyName: ExampleIamPolicy - PolicyType: MANAGED - - EntityName: AWSExampleGroup1 - EntityType: GROUP - PolicyName: ExampleGroup1Policy - PolicyType: INLINE - ServiceNamespace: iam - - Policies: - - PolicyArn: arn:aws:iam::123456789012:policy/ExampleEc2Policy - PolicyName: ExampleEc2Policy - PolicyType: MANAGED - ServiceNamespace: ec2 - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. We recommend that you check IsTruncated after - every call to ensure that you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - PoliciesGrantingServiceAccess: - allOf: - - $ref: '#/components/schemas/listPolicyGrantingServiceAccessResponseListType' - - description: "A\_ListPoliciesGrantingServiceAccess object\ - \ that contains details about the permissions policies attached to the\ - \ specified identity (user, group, or role)." - required: - - PoliciesGrantingServiceAccess - type: object - ListPoliciesRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- OnlyAttached: - allOf: - - $ref: '#/components/schemas/booleanType' - - description:

A flag to filter the results to only the attached policies.

-

When OnlyAttached is true, the returned - list contains only the policies that are attached to an IAM user, group, - or role. When OnlyAttached is false, or when - the parameter is not included, all policies are returned.

- PathPrefix: - allOf: - - $ref: '#/components/schemas/policyPathType' - - description: The path prefix for filtering the results. This parameter - is optional. If it is not included, it defaults to a slash (/), listing - all policies. This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters. - PolicyUsageFilter: - allOf: - - $ref: '#/components/schemas/PolicyUsageType' - - description: "

The policy usage method to use for filtering the results.

\ - \

To list only permissions policies, set\_PolicyUsageFilter\_\ - to\_PermissionsPolicy. To list only the policies used to\ - \ set permissions boundaries, set\_the value to\_PermissionsBoundary.

\ - \

This parameter is optional. If it is not included, all policies\ - \ are returned.

" - Scope: - allOf: - - $ref: '#/components/schemas/policyScopeType' - - description:

The scope to use for filtering the results.

To - list only Amazon Web Services managed policies, set Scope - to AWS. To list only the customer managed policies in your - Amazon Web Services account, set Scope to Local.

-

This parameter is optional. If it is not included, or if it is set - to All, all policies are returned.

- title: ListPoliciesRequest - type: object - ListPoliciesResponse: - description: 'Contains the response to a successful ListPolicies request. ' - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - Policies: - allOf: - - $ref: '#/components/schemas/policyListType' - - description: A list of policies. - type: object - ListPolicyTagsRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: '

The ARN of the IAM customer managed policy whose tags - you want to see.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - PolicyArn - title: ListPolicyTagsRequest - type: object - ListPolicyTagsResponse: - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that are currently attached to the IAM customer - managed policy. Each tag consists of a key name and an associated value. - If no tags are attached to the specified resource, the response contains - an empty list. - required: - - Tags - type: object - ListPolicyVersionsRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the IAM policy for which - you want the versions.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- required: - - PolicyArn - title: ListPolicyVersionsRequest - type: object - ListPolicyVersionsResponse: - description: 'Contains the response to a successful ListPolicyVersions - request. ' - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - Versions: - allOf: - - $ref: '#/components/schemas/policyDocumentVersionListType' - - description:

A list of policy versions.

For more information - about managed policy versions, see Versioning - for managed policies in the IAM User Guide.

- type: object - ListRolePoliciesRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name of the role to list policies for.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - RoleName - title: ListRolePoliciesRequest - type: object - ListRolePoliciesResponse: - description: 'Contains the response to a successful ListRolePolicies - request. ' - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - PolicyNames: - allOf: - - $ref: '#/components/schemas/policyNameListType' - - description: A list of policy names. - required: - - PolicyNames - type: object - ListRoleTagsRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name of the IAM role for which you want to see the - list of tags.

This parameter accepts (through its regex - pattern) a string of characters that consist of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - RoleName - title: ListRoleTagsRequest - type: object - ListRoleTagsResponse: - example: - IsTruncated: false - Tags: - - Key: Dept - Value: '12345' - - Key: Team - Value: Accounting - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that are currently attached to the role. - Each tag consists of a key name and an associated value. If no tags - are attached to the specified resource, the response contains an empty - list. - required: - - Tags - type: object - ListRolesRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- PathPrefix: - allOf: - - $ref: '#/components/schemas/pathPrefixType' - - description:

The path prefix for filtering the results. For example, - the prefix /application_abc/component_xyz/ gets all roles - whose path starts with /application_abc/component_xyz/.

-

This parameter is optional. If it is not included, it defaults to - a slash (/), listing all roles. This parameter allows (through its regex pattern) a string of - characters consisting of either a forward slash (/) by itself or a string - that must begin and end with forward slashes. In addition, it can contain - any ASCII character from the ! (\u0021) through the DEL - character (\u007F), including most punctuation characters, - digits, and upper and lowercased letters.

- title: ListRolesRequest - type: object - ListRolesResponse: - description: 'Contains the response to a successful ListRoles request. ' - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - Roles: - allOf: - - $ref: '#/components/schemas/roleListType' - - description: A list of roles. - required: - - Roles - type: object - ListSAMLProviderTagsRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- SAMLProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: '

The ARN of the Security Assertion Markup Language (SAML) - identity provider whose tags you want to see.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - SAMLProviderArn - title: ListSAMLProviderTagsRequest - type: object - ListSAMLProviderTagsResponse: - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that are currently attached to the Security - Assertion Markup Language (SAML) identity provider. Each tag consists - of a key name and an associated value. If no tags are attached to the - specified resource, the response contains an empty list. - required: - - Tags - type: object - ListSAMLProvidersRequest: - properties: {} - title: ListSAMLProvidersRequest - type: object - ListSAMLProvidersResponse: - description: 'Contains the response to a successful ListSAMLProviders - request. ' - properties: - SAMLProviderList: - allOf: - - $ref: '#/components/schemas/SAMLProviderListType' - - description: The list of SAML provider resource objects defined in IAM - for this Amazon Web Services account. - type: object - ListSSHPublicKeysRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name of the IAM user to list SSH public keys for. - If none is specified, the UserName field is determined - implicitly based on the Amazon Web Services access key used to sign - the request.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - title: ListSSHPublicKeysRequest - type: object - ListSSHPublicKeysResponse: - description: Contains the response to a successful ListSSHPublicKeys - request. - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - SSHPublicKeys: - allOf: - - $ref: '#/components/schemas/SSHPublicKeyListType' - - description: A list of the SSH public keys assigned to IAM user. - type: object - ListServerCertificateTagsRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- ServerCertificateName: - allOf: - - $ref: '#/components/schemas/serverCertificateNameType' - - description: '

The name of the IAM server certificate whose tags you - want to see.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - ServerCertificateName - title: ListServerCertificateTagsRequest - type: object - ListServerCertificateTagsResponse: - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that are currently attached to the IAM server - certificate. Each tag consists of a key name and an associated value. - If no tags are attached to the specified resource, the response contains - an empty list. - required: - - Tags - type: object - ListServerCertificatesRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- PathPrefix: - allOf: - - $ref: '#/components/schemas/pathPrefixType' - - description: '

The path prefix for filtering the results. For example: - /company/servercerts would get all server certificates - for which the path starts with /company/servercerts.

-

This parameter is optional. If it is not included, it defaults to - a slash (/), listing all server certificates. This parameter allows - (through its regex pattern) - a string of characters consisting of either a forward slash (/) by itself - or a string that must begin and end with forward slashes. In addition, - it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

' - title: ListServerCertificatesRequest - type: object - ListServerCertificatesResponse: - description: 'Contains the response to a successful ListServerCertificates - request. ' - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - ServerCertificateMetadataList: - allOf: - - $ref: '#/components/schemas/serverCertificateMetadataListType' - - description: A list of server certificates. - required: - - ServerCertificateMetadataList - type: object - ListServiceSpecificCredentialsRequest: - properties: - ServiceName: - allOf: - - $ref: '#/components/schemas/serviceName' - - description: Filters the returned results to only those for the specified - Amazon Web Services service. If not specified, then Amazon Web Services - returns service-specific credentials for all services. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name of the user whose service-specific credentials - you want information about. If this value is not specified, then the - operation assumes the user whose credentials are used to call the operation.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - title: ListServiceSpecificCredentialsRequest - type: object - ListServiceSpecificCredentialsResponse: - properties: - ServiceSpecificCredentials: - allOf: - - $ref: '#/components/schemas/ServiceSpecificCredentialsListType' - - description: A list of structures that each contain details about a service-specific - credential. - type: object - ListSigningCertificatesRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the IAM user whose signing certificates you - want to examine.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - title: ListSigningCertificatesRequest - type: object - ListSigningCertificatesResponse: - description: 'Contains the response to a successful ListSigningCertificates - request. ' - example: - Certificates: - - CertificateBody: '-----BEGIN CERTIFICATE----------END - CERTIFICATE-----' - CertificateId: TA7SMP42TDN5Z26OBPJE7EXAMPLE - Status: Active - UploadDate: '2013-06-06T21:40:08Z' - UserName: Bob - properties: - Certificates: - allOf: - - $ref: '#/components/schemas/certificateListType' - - description: A list of the user's signing certificate information. - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - required: - - Certificates - type: object - ListUserPoliciesRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user to list policies for.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - title: ListUserPoliciesRequest - type: object - ListUserPoliciesResponse: - description: 'Contains the response to a successful ListUserPolicies - request. ' - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - PolicyNames: - allOf: - - $ref: '#/components/schemas/policyNameListType' - - description: A list of policy names. - required: - - PolicyNames - type: object - ListUserTagsRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the IAM user whose tags you want to see.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - title: ListUserTagsRequest - type: object - ListUserTagsResponse: - example: - IsTruncated: false - Tags: - - Key: Dept - Value: '12345' - - Key: Team - Value: Accounting - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that are currently attached to the user. - Each tag consists of a key name and an associated value. If no tags - are attached to the specified resource, the response contains an empty - list. - required: - - Tags - type: object - ListUsersRequest: - properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- PathPrefix: - allOf: - - $ref: '#/components/schemas/pathPrefixType' - - description: '

The path prefix for filtering the results. For example: - /division_abc/subdivision_xyz/, which would get all user - names whose path starts with /division_abc/subdivision_xyz/.

-

This parameter is optional. If it is not included, it defaults to - a slash (/), listing all user names. This parameter allows (through - its regex pattern) a string - of characters consisting of either a forward slash (/) by itself or - a string that must begin and end with forward slashes. In addition, - it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

' - title: ListUsersRequest - type: object - ListUsersResponse: - description: 'Contains the response to a successful ListUsers request. ' - example: - Users: - - Arn: arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/engineering/Juan - CreateDate: '2012-09-05T19:38:48Z' - PasswordLastUsed: '2016-09-08T21:47:36Z' - Path: /division_abc/subdivision_xyz/engineering/ - UserId: AID2MAB8DPLSRHEXAMPLE - UserName: Juan - - Arn: arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/engineering/Anika - CreateDate: '2014-04-09T15:43:45Z' - PasswordLastUsed: '2016-09-24T16:18:07Z' - Path: /division_abc/subdivision_xyz/engineering/ - UserId: AIDIODR4TAW7CSEXAMPLE - UserName: Anika - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - Users: - allOf: - - $ref: '#/components/schemas/userListType' - - description: A list of users. - required: - - Users - type: object - ListVirtualMFADevicesRequest: - properties: - AssignmentStatus: - allOf: - - $ref: '#/components/schemas/assignmentStatusType' - - description: ' The status (Unassigned or Assigned) - of the devices to list. If you do not specify an AssignmentStatus, - the operation defaults to Any, which lists both assigned - and unassigned virtual MFA devices.,' - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- title: ListVirtualMFADevicesRequest - type: object - ListVirtualMFADevicesResponse: - description: 'Contains the response to a successful ListVirtualMFADevices - request. ' - example: - VirtualMFADevices: - - SerialNumber: arn:aws:iam::123456789012:mfa/ExampleMFADevice - - SerialNumber: arn:aws:iam::123456789012:mfa/Juan - properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - VirtualMFADevices: - allOf: - - $ref: '#/components/schemas/virtualMFADeviceListType' - - description: ' The list of virtual MFA devices in the current account - that match the AssignmentStatus value that was passed in - the request.' - required: - - VirtualMFADevices - type: object - LoginProfile: - description:

Contains the user name and password create date for a user.

-

This data type is used as a response element in the CreateLoginProfile - and GetLoginProfile operations.

- properties: - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date when the password for the user was created. - PasswordResetRequired: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: Specifies whether the user is required to set a new password - on next sign-in. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: The name of the user, which can be used for signing in to - the Amazon Web Services Management Console. - required: - - UserName - - CreateDate - type: object - MFADevice: - description:

Contains information about an MFA device.

This data type - is used as a response element in the ListMFADevices operation.

- properties: - EnableDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date when the MFA device was enabled for the user. - SerialNumber: - allOf: - - $ref: '#/components/schemas/serialNumberType' - - description: The serial number that uniquely identifies the MFA device. - For virtual MFA devices, the serial number is the device ARN. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: The user with whom the MFA device is associated. - required: - - UserName - - SerialNumber - - EnableDate - type: object - MalformedCertificateException: {} - MalformedPolicyDocumentException: {} - ManagedPolicyDetail: - description:

Contains information about a managed policy, including the policy's - ARN, versions, and the number of principal entities (users, groups, and roles) - that the policy is attached to.

This data type is used as a response - element in the GetAccountAuthorizationDetails operation.

For - more information about managed policies, see Managed - policies and inline policies in the IAM User Guide.

- properties: - Arn: - $ref: '#/components/schemas/arnType' - AttachmentCount: - allOf: - - $ref: '#/components/schemas/attachmentCountType' - - description: The number of principal entities (users, groups, and roles) - that the policy is attached to. - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time, in ISO - 8601 date-time format, when the policy was created. - DefaultVersionId: - allOf: - - $ref: '#/components/schemas/policyVersionIdType' - - description:

The identifier for the version of the policy that is set - as the default (operative) version.

For more information about - policy versions, see Versioning - for managed policies in the IAM User Guide.

- Description: - allOf: - - $ref: '#/components/schemas/policyDescriptionType' - - description: A friendly description of the policy. - IsAttachable: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: Specifies whether the policy can be attached to an IAM user, - group, or role. - Path: - allOf: - - $ref: '#/components/schemas/policyPathType' - - description:

The path to the policy.

For more information about - paths, see IAM - identifiers in the IAM User Guide.

- PermissionsBoundaryUsageCount: - allOf: - - $ref: '#/components/schemas/attachmentCountType' - - description:

The number of entities (users and roles) for which the - policy is used as the permissions boundary.

For more information - about permissions boundaries, see Permissions - boundaries for IAM identities in the IAM User Guide.

- PolicyId: - allOf: - - $ref: '#/components/schemas/idType' - - description:

The stable and unique string identifying the policy.

-

For more information about IDs, see IAM - identifiers in the IAM User Guide.

- PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: The friendly name (not ARN) identifying the policy. - PolicyVersionList: - allOf: - - $ref: '#/components/schemas/policyDocumentVersionListType' - - description: A list containing information about the versions of the policy. - UpdateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description:

The date and time, in ISO - 8601 date-time format, when the policy was last updated.

When - a policy has only one version, this field contains the date and time - when the policy was created. When a policy has more than one version, - this field contains the date and time when the most recent policy version - was created.

- type: object - ManagedPolicyDetailListType: - items: - allOf: - - $ref: '#/components/schemas/ManagedPolicyDetail' - - xml: - name: member - type: array - NoSuchEntityException: {} - OpenIDConnectProviderListEntry: - description: Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect - provider. - properties: - Arn: - $ref: '#/components/schemas/arnType' - type: object - OpenIDConnectProviderListType: - description: Contains a list of IAM OpenID Connect providers. - items: - allOf: - - $ref: '#/components/schemas/OpenIDConnectProviderListEntry' - - xml: - name: member - type: array - OpenIDConnectProviderUrlType: - description: Contains a URL that specifies the endpoint for an OpenID Connect - provider. - maxLength: 255 - minLength: 1 - type: string - OrganizationsDecisionDetail: - description: Contains information about the effect that Organizations has on - a policy simulation. - properties: - AllowedByOrganizations: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: Specifies whether the simulated operation is allowed by the - Organizations service control policies that impact the simulated user's - account. - type: object - PasswordPolicy: - description:

Contains information about the account password policy.

-

This data type is used as a response element in the GetAccountPasswordPolicy - operation.

- properties: - AllowUsersToChangePassword: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: Specifies whether IAM users are allowed to change their own - password. Gives IAM users permissions to iam:ChangePassword - for only their user and to the iam:GetAccountPasswordPolicy - action. This option does not attach a permissions policy to each user, - rather the permissions are applied at the account-level for all users - by IAM. - ExpirePasswords: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: Indicates whether passwords in the account expire. Returns - true if MaxPasswordAge contains a value greater than 0. - Returns false if MaxPasswordAge is 0 or not present. - HardExpiry: - allOf: - - $ref: '#/components/schemas/booleanObjectType' - - description: Specifies whether IAM users are prevented from setting a - new password via the Amazon Web Services Management Console after their - password has expired. The IAM user cannot access the console until an - administrator resets the password. IAM users with iam:ChangePassword - permission and active access keys can reset their own expired console - password using the CLI or API. - MaxPasswordAge: - allOf: - - $ref: '#/components/schemas/maxPasswordAgeType' - - description: The number of days that an IAM user password is valid. - MinimumPasswordLength: - allOf: - - $ref: '#/components/schemas/minimumPasswordLengthType' - - description: Minimum length to require for IAM user passwords. - PasswordReusePrevention: - allOf: - - $ref: '#/components/schemas/passwordReusePreventionType' - - description: Specifies the number of previous passwords that IAM users - are prevented from reusing. - RequireLowercaseCharacters: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: Specifies whether IAM user passwords must contain at least - one lowercase character (a to z). - RequireNumbers: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: Specifies whether IAM user passwords must contain at least - one numeric character (0 to 9). - RequireSymbols: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: '

Specifies whether IAM user passwords must contain at - least one of the following symbols:

! @ # $ % ^ & * ( ) _ - + - = [ ] { } | ''

' - RequireUppercaseCharacters: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: Specifies whether IAM user passwords must contain at least - one uppercase character (A to Z). - type: object - PasswordPolicyViolationException: {} - PermissionsBoundaryAttachmentType: - enum: - - PermissionsBoundaryPolicy - type: string - PermissionsBoundaryDecisionDetail: - description: Contains information about the effect that a permissions boundary - has on a policy simulation when the boundary is applied to an IAM entity. - properties: - AllowedByPermissionsBoundary: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: Specifies whether an action is allowed by a permissions boundary - that is applied to an IAM entity (user or role). A value of true - means that the permissions boundary does not deny the action. This means - that the policy includes an Allow statement that matches - the request. In this case, if an identity-based policy also allows the - action, the request is allowed. A value of false means - that either the requested action is not allowed (implicitly denied) - or that the action is explicitly denied by the permissions boundary. - In both of these cases, the action is not allowed, regardless of the - identity-based policy. - type: object - Policy: - description:

Contains information about a managed policy.

This data - type is used as a response element in the CreatePolicy, GetPolicy, - and ListPolicies operations.

For more information about managed - policies, refer to Managed - policies and inline policies in the IAM User Guide.

- properties: - Arn: - $ref: '#/components/schemas/arnType' - AttachmentCount: - allOf: - - $ref: '#/components/schemas/attachmentCountType' - - description: The number of entities (users, groups, and roles) that the - policy is attached to. - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time, in ISO - 8601 date-time format, when the policy was created. - DefaultVersionId: - allOf: - - $ref: '#/components/schemas/policyVersionIdType' - - description: The identifier for the version of the policy that is set - as the default version. - Description: - allOf: - - $ref: '#/components/schemas/policyDescriptionType' - - description:

A friendly description of the policy.

This element - is included in the response to the GetPolicy operation. It is - not included in the response to the ListPolicies operation.

- IsAttachable: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: Specifies whether the policy can be attached to an IAM user, - group, or role. - Path: - allOf: - - $ref: '#/components/schemas/policyPathType' - - description:

The path to the policy.

For more information about - paths, see IAM - identifiers in the IAM User Guide.

- PermissionsBoundaryUsageCount: - allOf: - - $ref: '#/components/schemas/attachmentCountType' - - description:

The number of entities (users and roles) for which the - policy is used to set the permissions boundary.

For more information - about permissions boundaries, see Permissions - boundaries for IAM identities in the IAM User Guide.

- PolicyId: - allOf: - - $ref: '#/components/schemas/idType' - - description:

The stable and unique string identifying the policy.

-

For more information about IDs, see IAM - identifiers in the IAM User Guide.

- PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: The friendly name (not ARN) identifying the policy. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: A list of tags that are attached to the instance profile. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide. - UpdateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description:

The date and time, in ISO - 8601 date-time format, when the policy was last updated.

When - a policy has only one version, this field contains the date and time - when the policy was created. When a policy has more than one version, - this field contains the date and time when the most recent policy version - was created.

- type: object - PolicyDetail: - description:

Contains information about an IAM policy, including the policy - document.

This data type is used as a response element in the GetAccountAuthorizationDetails - operation.

- properties: - PolicyDocument: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description: The policy document. - PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: The name of the policy. - type: object - PolicyEvaluationDecisionType: - enum: - - allowed - - explicitDeny - - implicitDeny - type: string - PolicyEvaluationException: {} - PolicyGrantingServiceAccess: - description:

Contains details about the permissions policies that are attached - to the specified identity (user, group, or role).

This data type is - an element of the ListPoliciesGrantingServiceAccessEntry object.

- properties: - EntityName: - allOf: - - $ref: '#/components/schemas/entityNameType' - - description:

The name of the entity (user or role) to which the inline - policy is attached.

This field is null for managed policies. - For more information about these policy types, see Managed - policies and inline policies in the IAM User Guide.

- EntityType: - allOf: - - $ref: '#/components/schemas/policyOwnerEntityType' - - description:

The type of entity (user or role) that used the policy - to access the service to which the inline policy is attached.

This - field is null for managed policies. For more information about these - policy types, see Managed - policies and inline policies in the IAM User Guide.

- PolicyArn: - $ref: '#/components/schemas/arnType' - PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: The policy name. - PolicyType: - allOf: - - $ref: '#/components/schemas/policyType' - - description: The policy type. For more information about these policy - types, see Managed - policies and inline policies in the IAM User Guide. - required: - - PolicyName - - PolicyType - type: object - PolicyGroup: - description:

Contains information about a group that a managed policy is - attached to.

This data type is used as a response element in the ListEntitiesForPolicy - operation.

For more information about managed policies, refer to Managed - policies and inline policies in the IAM User Guide.

- properties: - GroupId: - allOf: - - $ref: '#/components/schemas/idType' - - description: The stable and unique string identifying the group. For more - information about IDs, see IAM - identifiers in the IAM User Guide. - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: The name (friendly name, not ARN) identifying the group. - type: object - PolicyGroupListType: - items: - allOf: - - $ref: '#/components/schemas/PolicyGroup' - - xml: - name: member - type: array - PolicyIdentifierType: - type: string - PolicyNotAttachableException: {} - PolicyRole: - description:

Contains information about a role that a managed policy is attached - to.

This data type is used as a response element in the ListEntitiesForPolicy - operation.

For more information about managed policies, refer to Managed - policies and inline policies in the IAM User Guide.

- properties: - RoleId: - allOf: - - $ref: '#/components/schemas/idType' - - description: The stable and unique string identifying the role. For more - information about IDs, see IAM - identifiers in the IAM User Guide. - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: The name (friendly name, not ARN) identifying the role. - type: object - PolicyRoleListType: - items: - allOf: - - $ref: '#/components/schemas/PolicyRole' - - xml: - name: member - type: array - PolicySourceType: - enum: - - user - - group - - role - - aws-managed - - user-managed - - resource - - none - type: string - PolicyUsageType: - description:

The policy usage type that indicates whether the policy is used - as a permissions policy or as the permissions boundary for an entity.

-

For more information about permissions boundaries, see Permissions - boundaries for IAM identities in the IAM User Guide.

- enum: - - PermissionsPolicy - - PermissionsBoundary - type: string - PolicyUser: - description:

Contains information about a user that a managed policy is attached - to.

This data type is used as a response element in the ListEntitiesForPolicy - operation.

For more information about managed policies, refer to Managed - policies and inline policies in the IAM User Guide.

- properties: - UserId: - allOf: - - $ref: '#/components/schemas/idType' - - description: The stable and unique string identifying the user. For more - information about IDs, see IAM - identifiers in the IAM User Guide. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: The name (friendly name, not ARN) identifying the user. - type: object - PolicyUserListType: - items: - allOf: - - $ref: '#/components/schemas/PolicyUser' - - xml: - name: member - type: array - PolicyVersion: - description:

Contains information about a version of a managed policy.

-

This data type is used as a response element in the CreatePolicyVersion, - GetPolicyVersion, ListPolicyVersions, and GetAccountAuthorizationDetails - operations.

For more information about managed policies, refer to - Managed - policies and inline policies in the IAM User Guide.

- properties: - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time, in ISO - 8601 date-time format, when the policy version was created. - Document: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description:

The policy document.

The policy document is returned - in the response to the GetPolicyVersion and GetAccountAuthorizationDetails - operations. It is not returned in the response to the CreatePolicyVersion - or ListPolicyVersions operations.

The policy document - returned in this structure is URL-encoded compliant with RFC - 3986. You can use a URL decoding method to convert the policy back - to plain JSON text. For example, if you use Java, you can use the decode - method of the java.net.URLDecoder utility class in the - Java SDK. Other languages and SDKs provide similar functionality.

- IsDefaultVersion: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: Specifies whether the policy version is set as the policy's - default version. - VersionId: - allOf: - - $ref: '#/components/schemas/policyVersionIdType' - - description:

The identifier for the policy version.

Policy version - identifiers always begin with v (always lowercase). When - a policy is created, the first policy version is v1.

- type: object - Position: - description:

Contains the row and column of a location of a Statement - element in a policy document.

This data type is used as a member of - the Statement type.

- properties: - Column: - allOf: - - $ref: '#/components/schemas/ColumnNumber' - - description: The column in the line containing the specified position - in the document. - Line: - allOf: - - $ref: '#/components/schemas/LineNumber' - - description: The line containing the specified position in the document. - type: object - PutGroupPolicyRequest: - properties: - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: '

The name of the group to associate the policy with.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-.

' - PolicyDocument: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description:

The policy document.

You must provide policies - in JSON format in IAM. However, for CloudFormation templates formatted - in YAML, you can provide the policy in JSON or YAML format. CloudFormation - always converts a YAML policy to JSON format before submitting it to - = IAM.

The regex pattern - used to validate this parameter is a string of characters consisting - of the following:

  • Any printable ASCII character ranging - from the space character (\u0020) through the end of the - ASCII character range

  • The printable characters in - the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: '

The name of the policy document.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - GroupName - - PolicyName - - PolicyDocument - title: PutGroupPolicyRequest - type: object - PutRolePermissionsBoundaryRequest: - properties: - PermissionsBoundary: - allOf: - - $ref: '#/components/schemas/arnType' - - description: The ARN of the policy that is used to set the permissions - boundary for the role. - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: The name (friendly name, not ARN) of the IAM role for which - you want to set the permissions boundary. - required: - - RoleName - - PermissionsBoundary - title: PutRolePermissionsBoundaryRequest - type: object - PutRolePolicyRequest: - properties: - PolicyDocument: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description:

The policy document.

You must provide policies - in JSON format in IAM. However, for CloudFormation templates formatted - in YAML, you can provide the policy in JSON or YAML format. CloudFormation - always converts a YAML policy to JSON format before submitting it to - IAM.

The regex pattern - used to validate this parameter is a string of characters consisting - of the following:

  • Any printable ASCII character ranging - from the space character (\u0020) through the end of the - ASCII character range

  • The printable characters in - the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: '

The name of the policy document.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name of the role to associate the policy with.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - RoleName - - PolicyName - - PolicyDocument - title: PutRolePolicyRequest - type: object - PutUserPermissionsBoundaryRequest: - properties: - PermissionsBoundary: - allOf: - - $ref: '#/components/schemas/arnType' - - description: The ARN of the policy that is used to set the permissions - boundary for the user. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: The name (friendly name, not ARN) of the IAM user for which - you want to set the permissions boundary. - required: - - UserName - - PermissionsBoundary - title: PutUserPermissionsBoundaryRequest - type: object - PutUserPolicyRequest: - properties: - PolicyDocument: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description:

The policy document.

You must provide policies - in JSON format in IAM. However, for CloudFormation templates formatted - in YAML, you can provide the policy in JSON or YAML format. CloudFormation - always converts a YAML policy to JSON format before submitting it to - IAM.

The regex pattern - used to validate this parameter is a string of characters consisting - of the following:

  • Any printable ASCII character ranging - from the space character (\u0020) through the end of the - ASCII character range

  • The printable characters in - the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- PolicyName: - allOf: - - $ref: '#/components/schemas/policyNameType' - - description: '

The name of the policy document.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user to associate the policy with.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - - PolicyName - - PolicyDocument - title: PutUserPolicyRequest - type: object - ReasonType: - maxLength: 1000 - type: string - RegionNameType: - maxLength: 100 - minLength: 1 - type: string - RemoveClientIDFromOpenIDConnectProviderRequest: - properties: - ClientID: - allOf: - - $ref: '#/components/schemas/clientIDType' - - description: The client ID (also known as audience) to remove from the - IAM OIDC provider resource. For more information about client IDs, see - CreateOpenIDConnectProvider. - OpenIDConnectProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the IAM OIDC provider - resource to remove the client ID from. You can get a list of OIDC provider - ARNs by using the ListOpenIDConnectProviders operation.

For - more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- required: - - OpenIDConnectProviderArn - - ClientID - title: RemoveClientIDFromOpenIDConnectProviderRequest - type: object - RemoveRoleFromInstanceProfileRequest: - properties: - InstanceProfileName: - allOf: - - $ref: '#/components/schemas/instanceProfileNameType' - - description: '

The name of the instance profile to update.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name of the role to remove.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - InstanceProfileName - - RoleName - title: RemoveRoleFromInstanceProfileRequest - type: object - RemoveUserFromGroupRequest: - properties: - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: '

The name of the group to update.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user to remove.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - GroupName - - UserName - title: RemoveUserFromGroupRequest - type: object - ReportContentType: - type: string - ReportFormatType: - enum: - - text/csv - type: string - ReportGenerationLimitExceededException: {} - ReportStateDescriptionType: - type: string - ReportStateType: - enum: - - STARTED - - INPROGRESS - - COMPLETE - type: string - ResetServiceSpecificCredentialRequest: - properties: - ServiceSpecificCredentialId: - allOf: - - $ref: '#/components/schemas/serviceSpecificCredentialId' - - description:

The unique identifier of the service-specific credential.

-

This parameter allows (through its regex - pattern) a string of characters that can consist of any upper or - lowercased letter or digit.

- UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name of the IAM user associated with the service-specific - credential. If this value is not specified, then the operation assumes - the user whose credentials are used to call the operation.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - ServiceSpecificCredentialId - title: ResetServiceSpecificCredentialRequest - type: object - ResetServiceSpecificCredentialResponse: - properties: - ServiceSpecificCredential: - allOf: - - $ref: '#/components/schemas/ServiceSpecificCredential' - - description:

A structure with details about the updated service-specific - credential, including the new password.

This is the - only time that you can access the password. You cannot recover - the password later, but you can reset it again.

 - type: object - ResourceHandlingOptionType: - maxLength: 64 - minLength: 1 - type: string - ResourceNameListType: - items: - allOf: - - $ref: '#/components/schemas/ResourceNameType' - - xml: - name: member - type: array - ResourceNameType: - maxLength: 2048 - minLength: 1 - type: string - ResourceSpecificResult: - description:

Contains the result of the simulation of a single API operation - call on a single resource.

This data type is used by a member of the - EvaluationResult data type.

- properties: - EvalDecisionDetails: - allOf: - - $ref: '#/components/schemas/EvalDecisionDetailsType' - - description: Additional details about the results of the evaluation decision - on a single resource. This parameter is returned only for cross-account - simulations. This parameter explains how each policy type contributes - to the resource-specific evaluation decision. - EvalResourceDecision: - allOf: - - $ref: '#/components/schemas/PolicyEvaluationDecisionType' - - description: The result of the simulation of the simulated API operation - on the resource specified in EvalResourceName. - EvalResourceName: - allOf: - - $ref: '#/components/schemas/ResourceNameType' - - description: The name of the simulated resource, in Amazon Resource Name - (ARN) format. - MatchedStatements: - allOf: - - $ref: '#/components/schemas/StatementListType' - - description: A list of the statements in the input policies that determine - the result for this part of the simulation. Remember that even if multiple - statements allow the operation on the resource, if any statement - denies that operation, then the explicit deny overrides any allow. In - addition, the deny statement is the only entry included in the result. - MissingContextValues: - allOf: - - $ref: '#/components/schemas/ContextKeyNamesResultListType' - - description: A list of context keys that are required by the included - input policies but that were not provided by one of the input parameters. - This list is used when a list of ARNs is included in the ResourceArns - parameter instead of "*". If you do not specify individual resources, - by setting ResourceArns to "*" or by not including the - ResourceArns parameter, then any missing context values - are instead included under the EvaluationResults section. - To discover the context keys used by a set of policies, you can call - GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy. - PermissionsBoundaryDecisionDetail: - allOf: - - $ref: '#/components/schemas/PermissionsBoundaryDecisionDetail' - - description: Contains information about the effect that a permissions - boundary has on a policy simulation when that boundary is applied to - an IAM entity. - required: - - EvalResourceName - - EvalResourceDecision - type: object - ResourceSpecificResultListType: - items: - allOf: - - $ref: '#/components/schemas/ResourceSpecificResult' - - xml: - name: member - type: array - ResyncMFADeviceRequest: - properties: - AuthenticationCode1: - allOf: - - $ref: '#/components/schemas/authenticationCodeType' - - description:

An authentication code emitted by the device.

The - format for this parameter is a sequence of six digits.

- AuthenticationCode2: - allOf: - - $ref: '#/components/schemas/authenticationCodeType' - - description:

A subsequent authentication code emitted by the device.

-

The format for this parameter is a sequence of six digits.

- SerialNumber: - allOf: - - $ref: '#/components/schemas/serialNumberType' - - description: '

Serial number that uniquely identifies the MFA device.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user whose MFA device you want to resynchronize.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - - SerialNumber - - AuthenticationCode1 - - AuthenticationCode2 - title: ResyncMFADeviceRequest - type: object - Role: - description: Contains information about an IAM role. This structure is returned - as a response element in several API operations that interact with roles. - properties: - Arn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: ' The Amazon Resource Name (ARN) specifying the role. For - more information about ARNs and how to use them in policies, see IAM - identifiers in the IAM User Guide guide. ' - AssumeRolePolicyDocument: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description: The policy that grants an entity permission to assume the - role. - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time, in ISO - 8601 date-time format, when the role was created. - Description: - allOf: - - $ref: '#/components/schemas/roleDescriptionType' - - description: A description of the role that you provide. - MaxSessionDuration: - allOf: - - $ref: '#/components/schemas/roleMaxSessionDurationType' - - description: The maximum session duration (in seconds) for the specified - role. Anyone who uses the CLI, or API to assume the role can specify - the duration using the optional DurationSeconds API parameter - or duration-seconds CLI parameter. - Path: - allOf: - - $ref: '#/components/schemas/pathType' - - description: ' The path to the role. For more information about paths, - see IAM - identifiers in the IAM User Guide. ' - PermissionsBoundary: - allOf: - - $ref: '#/components/schemas/AttachedPermissionsBoundary' - - description:

The ARN of the policy used to set the permissions boundary - for the role.

For more information about permissions boundaries, - see Permissions - boundaries for IAM identities in the IAM User Guide.

- RoleId: - allOf: - - $ref: '#/components/schemas/idType' - - description: ' The stable and unique string identifying the role. For - more information about IDs, see IAM - identifiers in the IAM User Guide. ' - RoleLastUsed: - allOf: - - $ref: '#/components/schemas/RoleLastUsed' - - description: Contains information about the last time that an IAM role - was used. This includes the date and time and the Region in which the - role was last used. Activity is only reported for the trailing 400 days. - This period can be shorter if your Region began supporting these features - within the last year. The role might have been used more than 400 days - ago. For more information, see Regions - where data is tracked in the IAM User Guide. - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: The friendly name that identifies the role. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: A list of tags that are attached to the role. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide. - required: - - Path - - RoleName - - RoleId - - Arn - - CreateDate - type: object - RoleDetail: - description:

Contains information about an IAM role, including all of the - role's policies.

This data type is used as a response element in the - GetAccountAuthorizationDetails operation.

- properties: - Arn: - $ref: '#/components/schemas/arnType' - AssumeRolePolicyDocument: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description: The trust policy that grants permission to assume the role. - AttachedManagedPolicies: - allOf: - - $ref: '#/components/schemas/attachedPoliciesListType' - - description: A list of managed policies attached to the role. These policies - are the role's access (permissions) policies. - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time, in ISO - 8601 date-time format, when the role was created. - InstanceProfileList: - allOf: - - $ref: '#/components/schemas/instanceProfileListType' - - description: A list of instance profiles that contain this role. - Path: - allOf: - - $ref: '#/components/schemas/pathType' - - description: The path to the role. For more information about paths, see - IAM - identifiers in the IAM User Guide. - PermissionsBoundary: - allOf: - - $ref: '#/components/schemas/AttachedPermissionsBoundary' - - description:

The ARN of the policy used to set the permissions boundary - for the role.

For more information about permissions boundaries, - see Permissions - boundaries for IAM identities in the IAM User Guide.

- RoleId: - allOf: - - $ref: '#/components/schemas/idType' - - description: The stable and unique string identifying the role. For more - information about IDs, see IAM - identifiers in the IAM User Guide. - RoleLastUsed: - allOf: - - $ref: '#/components/schemas/RoleLastUsed' - - description: Contains information about the last time that an IAM role - was used. This includes the date and time and the Region in which the - role was last used. Activity is only reported for the trailing 400 days. - This period can be shorter if your Region began supporting these features - within the last year. The role might have been used more than 400 days - ago. For more information, see Regions - where data is tracked in the IAM User Guide. - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: The friendly name that identifies the role. - RolePolicyList: - allOf: - - $ref: '#/components/schemas/policyDetailListType' - - description: A list of inline policies embedded in the role. These policies - are the role's access (permissions) policies. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: A list of tags that are attached to the role. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide. - type: object - RoleLastUsed: - description:

Contains information about the last time that an IAM role was - used. This includes the date and time and the Region in which the role was - last used. Activity is only reported for the trailing 400 days. This period - can be shorter if your Region began supporting these features within the last - year. The role might have been used more than 400 days ago. For more information, - see Regions - where data is tracked in the IAM User Guide.

This data type - is returned as a response element in the GetRole and GetAccountAuthorizationDetails - operations.

- properties: - LastUsedDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: "

The date and time, in\_ISO 8601 date-time format that the role was last used.

This\ - \ field is null if the role has not been used within the IAM tracking\ - \ period. For more information about the tracking period, see Regions where data is tracked in the IAM User Guide.

" - Region: - allOf: - - $ref: '#/components/schemas/stringType' - - description: The name of the Amazon Web Services Region in which the role - was last used. - type: object - RoleUsageListType: - items: - allOf: - - $ref: '#/components/schemas/RoleUsageType' - - xml: - name: member - type: array - RoleUsageType: - description:

An object that contains details about how a service-linked role - is used, if that information is returned by the service.

This data - type is used as a response element in the GetServiceLinkedRoleDeletionStatus - operation.

- properties: - Region: - allOf: - - $ref: '#/components/schemas/RegionNameType' - - description: The name of the Region where the service-linked role is being - used. - Resources: - allOf: - - $ref: '#/components/schemas/ArnListType' - - description: The name of the resource that is using the service-linked - role. - type: object - SAMLMetadataDocumentType: - maxLength: 10000000 - minLength: 1000 - type: string - SAMLProviderListEntry: - description: Contains the list of SAML providers for this account. - properties: - Arn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: The Amazon Resource Name (ARN) of the SAML provider. - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time when the SAML provider was created. - ValidUntil: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The expiration date and time for the SAML provider. - type: object - SAMLProviderListType: - items: - allOf: - - $ref: '#/components/schemas/SAMLProviderListEntry' - - xml: - name: member - type: array - SAMLProviderNameType: - maxLength: 128 - minLength: 1 - pattern: '[\w._-]+' - type: string - SSHPublicKey: - description:

Contains information about an SSH public key.

This data - type is used as a response element in the GetSSHPublicKey and UploadSSHPublicKey - operations.

- properties: - Fingerprint: - allOf: - - $ref: '#/components/schemas/publicKeyFingerprintType' - - description: The MD5 message digest of the SSH public key. - SSHPublicKeyBody: - allOf: - - $ref: '#/components/schemas/publicKeyMaterialType' - - description: The SSH public key. - SSHPublicKeyId: - allOf: - - $ref: '#/components/schemas/publicKeyIdType' - - description: The unique identifier for the SSH public key. - Status: - allOf: - - $ref: '#/components/schemas/statusType' - - description: The status of the SSH public key. Active means - that the key can be used for authentication with an CodeCommit repository. - Inactive means that the key cannot be used. - UploadDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time, in ISO - 8601 date-time format, when the SSH public key was uploaded. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: The name of the IAM user associated with the SSH public key. - required: - - UserName - - SSHPublicKeyId - - Fingerprint - - SSHPublicKeyBody - - Status - type: object - SSHPublicKeyListType: - items: - allOf: - - $ref: '#/components/schemas/SSHPublicKeyMetadata' - - xml: - name: member - type: array - SSHPublicKeyMetadata: - description:

Contains information about an SSH public key, without the key's - body or fingerprint.

This data type is used as a response element in - the ListSSHPublicKeys operation.

- properties: - SSHPublicKeyId: - allOf: - - $ref: '#/components/schemas/publicKeyIdType' - - description: The unique identifier for the SSH public key. - Status: - allOf: - - $ref: '#/components/schemas/statusType' - - description: The status of the SSH public key. Active means - that the key can be used for authentication with an CodeCommit repository. - Inactive means that the key cannot be used. - UploadDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time, in ISO - 8601 date-time format, when the SSH public key was uploaded. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: The name of the IAM user associated with the SSH public key. - required: - - UserName - - SSHPublicKeyId - - Status - - UploadDate - type: object - ServerCertificate: - description:

Contains information about a server certificate.

This - data type is used as a response element in the GetServerCertificate - operation.

- properties: - CertificateBody: - allOf: - - $ref: '#/components/schemas/certificateBodyType' - - description: The contents of the public key certificate. - CertificateChain: - allOf: - - $ref: '#/components/schemas/certificateChainType' - - description: The contents of the public key certificate chain. - ServerCertificateMetadata: - allOf: - - $ref: '#/components/schemas/ServerCertificateMetadata' - - description: The meta information of the server certificate, such as its - name, path, ID, and ARN. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: A list of tags that are attached to the server certificate. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide. - required: - - ServerCertificateMetadata - - CertificateBody - type: object - ServerCertificateMetadata: - description:

Contains information about a server certificate without its - certificate body, certificate chain, and private key.

This data type - is used as a response element in the UploadServerCertificate and ListServerCertificates - operations.

- properties: - Arn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: ' The Amazon Resource Name (ARN) specifying the server certificate. - For more information about ARNs and how to use them in policies, see - IAM - identifiers in the IAM User Guide. ' - Expiration: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date on which the certificate is set to expire. - Path: - allOf: - - $ref: '#/components/schemas/pathType' - - description: ' The path to the server certificate. For more information - about paths, see IAM - identifiers in the IAM User Guide. ' - ServerCertificateId: - allOf: - - $ref: '#/components/schemas/idType' - - description: ' The stable and unique string identifying the server certificate. - For more information about IDs, see IAM - identifiers in the IAM User Guide. ' - ServerCertificateName: - allOf: - - $ref: '#/components/schemas/serverCertificateNameType' - - description: The name that identifies the server certificate. - UploadDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date when the server certificate was uploaded. - required: - - Path - - ServerCertificateName - - ServerCertificateId - - Arn - type: object - ServiceFailureException: {} - ServiceLastAccessed: - description:

Contains details about the most recent attempt to access the - service.

This data type is used as a response element in the GetServiceLastAccessedDetails - operation.

- properties: - LastAuthenticated: - allOf: - - $ref: '#/components/schemas/dateType' - - description: "

The date and time, in\_ISO 8601 date-time format, when an authenticated entity most recently\ - \ attempted to access the service. Amazon Web Services does not report\ - \ unauthenticated requests.

This field is null if no IAM entities\ - \ attempted to access the service within the reporting period.

" - LastAuthenticatedEntity: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The ARN of the authenticated entity (user or role) that - last attempted to access the service. Amazon Web Services does not report - unauthenticated requests.

This field is null if no IAM entities - attempted to access the service within the reporting - period.

- LastAuthenticatedRegion: - allOf: - - $ref: '#/components/schemas/stringType' - - description:

The Region from which the authenticated entity (user or - role) last attempted to access the service. Amazon Web Services does - not report unauthenticated requests.

This field is null if no - IAM entities attempted to access the service within the reporting - period.

- ServiceName: - allOf: - - $ref: '#/components/schemas/serviceNameType' - - description: The name of the service in which access was attempted. - ServiceNamespace: - allOf: - - $ref: '#/components/schemas/serviceNamespaceType' - - description: "

The namespace of the service in which access was attempted.

\ - \

To learn the service namespace of a service, see Actions, resources, and condition keys for Amazon Web Services services\ - \ in the Service Authorization Reference. Choose the name of\ - \ the service to view details for that service. In the first paragraph,\ - \ find the service prefix. For example, (service prefix: a4b).\ - \ For more information about service namespaces, see Amazon Web Services Service Namespaces in the\_Amazon Web Services\ - \ General Reference.

" - TotalAuthenticatedEntities: - allOf: - - $ref: '#/components/schemas/integerType' - - description:

The total number of authenticated principals (root user, - IAM users, or IAM roles) that have attempted to access the service.

-

This field is null if no principals attempted to access the service - within the reporting - period.

- TrackedActionsLastAccessed: - allOf: - - $ref: '#/components/schemas/TrackedActionsLastAccessed' - - description:

An object that contains details about the most recent - attempt to access a tracked action within the service.

This field - is null if there no tracked actions or if the principal did not use - the tracked actions within the reporting - period. This field is also null if the report was generated at the - service level and not the action level. For more information, see the - Granularity field in GenerateServiceLastAccessedDetails.

- required: - - ServiceName - - ServiceNamespace - type: object - ServiceNotSupportedException: {} - ServiceSpecificCredential: - description: Contains the details of a service-specific credential. - properties: - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time, in ISO - 8601 date-time format, when the service-specific credential were - created. - ServiceName: - allOf: - - $ref: '#/components/schemas/serviceName' - - description: The name of the service associated with the service-specific - credential. - ServicePassword: - allOf: - - $ref: '#/components/schemas/servicePassword' - - description: The generated password for the service-specific credential. - ServiceSpecificCredentialId: - allOf: - - $ref: '#/components/schemas/serviceSpecificCredentialId' - - description: The unique identifier for the service-specific credential. - ServiceUserName: - allOf: - - $ref: '#/components/schemas/serviceUserName' - - description: The generated user name for the service-specific credential. - This value is generated by combining the IAM user's name combined with - the ID number of the Amazon Web Services account, as in jane-at-123456789012, - for example. This value cannot be configured by the user. - Status: - allOf: - - $ref: '#/components/schemas/statusType' - - description: The status of the service-specific credential. Active - means that the key is valid for API calls, while Inactive - means it is not. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: The name of the IAM user associated with the service-specific - credential. - required: - - CreateDate - - ServiceName - - ServiceUserName - - ServicePassword - - ServiceSpecificCredentialId - - UserName - - Status - type: object - ServiceSpecificCredentialMetadata: - description: Contains additional details about a service-specific credential. - properties: - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time, in ISO - 8601 date-time format, when the service-specific credential were - created. - ServiceName: - allOf: - - $ref: '#/components/schemas/serviceName' - - description: The name of the service associated with the service-specific - credential. - ServiceSpecificCredentialId: - allOf: - - $ref: '#/components/schemas/serviceSpecificCredentialId' - - description: The unique identifier for the service-specific credential. - ServiceUserName: - allOf: - - $ref: '#/components/schemas/serviceUserName' - - description: The generated user name for the service-specific credential. - Status: - allOf: - - $ref: '#/components/schemas/statusType' - - description: The status of the service-specific credential. Active - means that the key is valid for API calls, while Inactive - means it is not. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: The name of the IAM user associated with the service-specific - credential. - required: - - UserName - - Status - - ServiceUserName - - CreateDate - - ServiceSpecificCredentialId - - ServiceName - type: object - ServiceSpecificCredentialsListType: - items: - allOf: - - $ref: '#/components/schemas/ServiceSpecificCredentialMetadata' - - xml: - name: member - type: array - ServicesLastAccessed: - items: - allOf: - - $ref: '#/components/schemas/ServiceLastAccessed' - - xml: - name: member - type: array - SetDefaultPolicyVersionRequest: - properties: - PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the IAM policy whose - default version you want to set.

For more information about ARNs, - see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- VersionId: - allOf: - - $ref: '#/components/schemas/policyVersionIdType' - - description:

The version of the policy to set as the default (operative) - version.

For more information about managed policy versions, - see Versioning - for managed policies in the IAM User Guide.

- required: - - PolicyArn - - VersionId - title: SetDefaultPolicyVersionRequest - type: object - SetSecurityTokenServicePreferencesRequest: - properties: - GlobalEndpointTokenVersion: - allOf: - - $ref: '#/components/schemas/globalEndpointTokenVersion' - - description:

The version of the global endpoint token. Version 1 tokens - are valid only in Amazon Web Services Regions that are available by - default. These tokens do not work in manually enabled Regions, such - as Asia Pacific (Hong Kong). Version 2 tokens are valid in all Regions. - However, version 2 tokens are longer and might affect systems where - you temporarily store tokens.

For information, see Activating - and deactivating STS in an Amazon Web Services Region in the IAM - User Guide.

- required: - - GlobalEndpointTokenVersion - title: SetSecurityTokenServicePreferencesRequest - type: object - SigningCertificate: - description:

Contains information about an X.509 signing certificate.

-

This data type is used as a response element in the UploadSigningCertificate - and ListSigningCertificates operations.

- properties: - CertificateBody: - allOf: - - $ref: '#/components/schemas/certificateBodyType' - - description: The contents of the signing certificate. - CertificateId: - allOf: - - $ref: '#/components/schemas/certificateIdType' - - description: The ID for the signing certificate. - Status: - allOf: - - $ref: '#/components/schemas/statusType' - - description: The status of the signing certificate. Active - means that the key is valid for API calls, while Inactive - means it is not. - UploadDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date when the signing certificate was uploaded. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: The name of the user the signing certificate is associated - with. - required: - - UserName - - CertificateId - - CertificateBody - - Status - type: object - SimulateCustomPolicyRequest: - properties: - ActionNames: - allOf: - - $ref: '#/components/schemas/ActionNameListType' - - description: A list of names of API operations to evaluate in the simulation. - Each operation is evaluated against each resource. Each operation must - include the service identifier, such as iam:CreateUser. - This operation does not support using wildcards (*) in an action name. - CallerArn: - allOf: - - $ref: '#/components/schemas/ResourceNameType' - - description:

The ARN of the IAM user that you want to use as the simulated - caller of the API operations. CallerArn is required if - you include a ResourcePolicy so that the policy's Principal - element has a value to use in evaluating the policy.

You can - specify only the ARN of an IAM user. You cannot specify the ARN of an - assumed role, federated user, or a service principal.

- ContextEntries: - allOf: - - $ref: '#/components/schemas/ContextEntryListType' - - description: A list of context keys and corresponding values for the simulation - to use. Whenever a context key is evaluated in one of the simulated - IAM permissions policies, the corresponding value is supplied. - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- PermissionsBoundaryPolicyInputList: - allOf: - - $ref: '#/components/schemas/SimulationPolicyListType' - - description:

The IAM permissions boundary policy to simulate. The permissions - boundary sets the maximum permissions that an IAM entity can have. You - can input only one permissions boundary when you pass a policy to this - operation. For more information about permissions boundaries, see Permissions - boundaries for IAM entities in the IAM User Guide. The policy - input is specified as a string that contains the complete, valid JSON - text of a permissions boundary policy.

The maximum length of - the policy document that you can pass in this operation, including whitespace, - is listed below. To view the maximum character counts of a managed policy - with no whitespaces, see IAM - and STS character quotas.

The regex - pattern used to validate this parameter is a string of characters - consisting of the following:

  • Any printable ASCII character - ranging from the space character (\u0020) through the end - of the ASCII character range

  • The printable characters - in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- PolicyInputList: - allOf: - - $ref: '#/components/schemas/SimulationPolicyListType' - - description:

A list of policy documents to include in the simulation. - Each document is specified as a string containing the complete, valid - JSON text of an IAM policy. Do not include any resource-based policies - in this parameter. Any resource-based policy must be submitted with - the ResourcePolicy parameter. The policies cannot be "scope-down" - policies, such as you could include in a call to GetFederationToken - or one of the AssumeRole - API operations. In other words, do not use policies designed to restrict - what a user can do while using the temporary credentials.

The - maximum length of the policy document that you can pass in this operation, - including whitespace, is listed below. To view the maximum character - counts of a managed policy with no whitespaces, see IAM - and STS character quotas.

The regex - pattern used to validate this parameter is a string of characters - consisting of the following:

  • Any printable ASCII character - ranging from the space character (\u0020) through the end - of the ASCII character range

  • The printable characters - in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- ResourceArns: - allOf: - - $ref: '#/components/schemas/ResourceNameListType' - - description:

A list of ARNs of Amazon Web Services resources to include - in the simulation. If this parameter is not provided, then the value - defaults to * (all resources). Each API in the ActionNames - parameter is evaluated for each resource in this list. The simulation - determines the access result (allowed or denied) of each combination - and reports it in the response. You can simulate resources that don't - exist in your account.

The simulation does not automatically - retrieve policies for the specified resources. If you want to include - a resource policy in the simulation, then you must include the policy - as a string in the ResourcePolicy parameter.

If - you include a ResourcePolicy, then it must be applicable - to all of the resources included in the simulation or you receive an - invalid input error.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- ResourceHandlingOption: - allOf: - - $ref: '#/components/schemas/ResourceHandlingOptionType' - - description:

Specifies the type of simulation to run. Different API - operations that support resource-based policies require different combinations - of resources. By specifying the type of simulation to run, you enable - the policy simulator to enforce the presence of the required resources - to ensure reliable simulation results. If your simulation does not match - one of the following scenarios, then you can omit this parameter. The - following list shows each of the supported scenario values and the resources - that you must define to run the simulation.

Each of the EC2 scenarios - requires that you specify instance, image, and security-group resources. - If your scenario includes an EBS volume, then you must specify that - volume as a resource. If the EC2 scenario includes VPC, then you must - supply the network-interface resource. If it includes an IP subnet, - then you must specify the subnet resource. For more information on the - EC2 scenario options, see Supported - platforms in the Amazon EC2 User Guide.

  • - EC2-Classic-InstanceStore

    instance, image, security-group

    -

  • EC2-Classic-EBS

    instance, image, security-group, - volume

  • EC2-VPC-InstanceStore

    instance, - image, security-group, network-interface

  • EC2-VPC-InstanceStore-Subnet -

    instance, image, security-group, network-interface, subnet

    -

  • EC2-VPC-EBS

    instance, image, security-group, - network-interface, volume

  • EC2-VPC-EBS-Subnet -

    instance, image, security-group, network-interface, subnet, - volume

- ResourceOwner: - allOf: - - $ref: '#/components/schemas/ResourceNameType' - - description: '

An ARN representing the Amazon Web Services account ID - that specifies the owner of any simulated resource that does not identify - its owner in the resource ARN. Examples of resource ARNs include an - S3 bucket or object. If ResourceOwner is specified, it - is also used as the account owner of any ResourcePolicy - included in the simulation. If the ResourceOwner parameter - is not specified, then the owner of the resources and the resource policy - defaults to the account of the identity provided in CallerArn. - This parameter is required only if you specify a resource-based policy - and account that owns the resource is different from the account that - owns the simulated calling user CallerArn.

The ARN - for an account uses the following syntax: arn:aws:iam::AWS-account-ID:root. - For example, to represent the account with the 112233445566 ID, use - the following ARN: arn:aws:iam::112233445566-ID:root.

' - ResourcePolicy: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description:

A resource-based policy to include in the simulation provided - as a string. Each resource in the simulation is treated as if it had - this policy attached. You can include only one resource-based policy - in a simulation.

The maximum length of the policy document that - you can pass in this operation, including whitespace, is listed below. - To view the maximum character counts of a managed policy with no whitespaces, - see IAM - and STS character quotas.

The regex - pattern used to validate this parameter is a string of characters - consisting of the following:

  • Any printable ASCII character - ranging from the space character (\u0020) through the end - of the ASCII character range

  • The printable characters - in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- required: - - PolicyInputList - - ActionNames - title: SimulateCustomPolicyRequest - type: object - SimulatePolicyResponse: - description: Contains the response to a successful SimulatePrincipalPolicy - or SimulateCustomPolicy request. - properties: - EvaluationResults: - allOf: - - $ref: '#/components/schemas/EvaluationResultsListType' - - description: The results of the simulation. - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. - If your results were truncated, you can make a subsequent pagination - request using the Marker request parameter to retrieve - more items. Note that IAM might return fewer than the MaxItems - number of results even when there are more results available. We recommend - that you check IsTruncated after every call to ensure that - you receive all your results. - Marker: - allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this - element is present and contains the value to use for the Marker - parameter in a subsequent pagination request. - type: object - SimulatePrincipalPolicyRequest: - properties: - ActionNames: - allOf: - - $ref: '#/components/schemas/ActionNameListType' - - description: A list of names of API operations to evaluate in the simulation. - Each operation is evaluated for each resource. Each operation must include - the service identifier, such as iam:CreateUser. - CallerArn: - allOf: - - $ref: '#/components/schemas/ResourceNameType' - - description:

The ARN of the IAM user that you want to specify as the - simulated caller of the API operations. If you do not specify a CallerArn, - it defaults to the ARN of the user that you specify in PolicySourceArn, - if you specified a user. If you include both a PolicySourceArn - (for example, arn:aws:iam::123456789012:user/David) and - a CallerArn (for example, arn:aws:iam::123456789012:user/Bob), - the result is that you simulate calling the API operations as Bob, as - if Bob had David's policies.

You can specify only the ARN of - an IAM user. You cannot specify the ARN of an assumed role, federated - user, or a service principal.

CallerArn is required - if you include a ResourcePolicy and the PolicySourceArn - is not the ARN for an IAM user. This is required so that the resource-based - policy's Principal element has a value to use in evaluating - the policy.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- ContextEntries: - allOf: - - $ref: '#/components/schemas/ContextEntryListType' - - description: A list of context keys and corresponding values for the simulation - to use. Whenever a context key is evaluated in one of the simulated - IAM permissions policies, the corresponding value is supplied. - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only - after you receive a response indicating that the results are truncated. - Set it to the value of the Marker element in the response - that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description:

Use this only when paginating results to indicate the - maximum number of items you want in the response. If additional items - exist beyond the maximum you specify, the IsTruncated response - element is true.

If you do not include this parameter, - the number of items defaults to 100. Note that IAM might return fewer - results, even when there are more results available. In that case, the - IsTruncated response element returns true, - and Marker contains a value to include in the subsequent - call that tells the service where to continue from.

- PermissionsBoundaryPolicyInputList: - allOf: - - $ref: '#/components/schemas/SimulationPolicyListType' - - description:

The IAM permissions boundary policy to simulate. The permissions - boundary sets the maximum permissions that the entity can have. You - can input only one permissions boundary when you pass a policy to this - operation. An IAM entity can only have one permissions boundary in effect - at a time. For example, if a permissions boundary is attached to an - entity and you pass in a different permissions boundary policy using - this parameter, then the new permissions boundary policy is used for - the simulation. For more information about permissions boundaries, see - Permissions - boundaries for IAM entities in the IAM User Guide. The policy - input is specified as a string containing the complete, valid JSON text - of a permissions boundary policy.

The maximum length of the policy - document that you can pass in this operation, including whitespace, - is listed below. To view the maximum character counts of a managed policy - with no whitespaces, see IAM - and STS character quotas.

The regex - pattern used to validate this parameter is a string of characters - consisting of the following:

  • Any printable ASCII character - ranging from the space character (\u0020) through the end - of the ASCII character range

  • The printable characters - in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- PolicyInputList: - allOf: - - $ref: '#/components/schemas/SimulationPolicyListType' - - description:

An optional list of additional policy documents to include - in the simulation. Each document is specified as a string containing - the complete, valid JSON text of an IAM policy.

The regex - pattern used to validate this parameter is a string of characters - consisting of the following:

  • Any printable ASCII character - ranging from the space character (\u0020) through the end - of the ASCII character range

  • The printable characters - in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- PolicySourceArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of a user, group, or role - whose policies you want to include in the simulation. If you specify - a user, group, or role, the simulation includes all policies that are - associated with that entity. If you specify a user, the simulation also - includes all policies that are attached to any groups the user belongs - to.

The maximum length of the policy document that you can pass - in this operation, including whitespace, is listed below. To view the - maximum character counts of a managed policy with no whitespaces, see - IAM - and STS character quotas.

For more information about ARNs, - see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- ResourceArns: - allOf: - - $ref: '#/components/schemas/ResourceNameListType' - - description:

A list of ARNs of Amazon Web Services resources to include - in the simulation. If this parameter is not provided, then the value - defaults to * (all resources). Each API in the ActionNames - parameter is evaluated for each resource in this list. The simulation - determines the access result (allowed or denied) of each combination - and reports it in the response. You can simulate resources that don't - exist in your account.

The simulation does not automatically - retrieve policies for the specified resources. If you want to include - a resource policy in the simulation, then you must include the policy - as a string in the ResourcePolicy parameter.

For - more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- ResourceHandlingOption: - allOf: - - $ref: '#/components/schemas/ResourceHandlingOptionType' - - description:

Specifies the type of simulation to run. Different API - operations that support resource-based policies require different combinations - of resources. By specifying the type of simulation to run, you enable - the policy simulator to enforce the presence of the required resources - to ensure reliable simulation results. If your simulation does not match - one of the following scenarios, then you can omit this parameter. The - following list shows each of the supported scenario values and the resources - that you must define to run the simulation.

Each of the EC2 scenarios - requires that you specify instance, image, and security group resources. - If your scenario includes an EBS volume, then you must specify that - volume as a resource. If the EC2 scenario includes VPC, then you must - supply the network interface resource. If it includes an IP subnet, - then you must specify the subnet resource. For more information on the - EC2 scenario options, see Supported - platforms in the Amazon EC2 User Guide.

  • - EC2-Classic-InstanceStore

    instance, image, security group

    -

  • EC2-Classic-EBS

    instance, image, security - group, volume

  • EC2-VPC-InstanceStore

    instance, - image, security group, network interface

  • EC2-VPC-InstanceStore-Subnet -

    instance, image, security group, network interface, subnet

    -

  • EC2-VPC-EBS

    instance, image, security - group, network interface, volume

  • EC2-VPC-EBS-Subnet -

    instance, image, security group, network interface, subnet, - volume

- ResourceOwner: - allOf: - - $ref: '#/components/schemas/ResourceNameType' - - description: An Amazon Web Services account ID that specifies the owner - of any simulated resource that does not identify its owner in the resource - ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner - is specified, it is also used as the account owner of any ResourcePolicy - included in the simulation. If the ResourceOwner parameter - is not specified, then the owner of the resources and the resource policy - defaults to the account of the identity provided in CallerArn. - This parameter is required only if you specify a resource-based policy - and account that owns the resource is different from the account that - owns the simulated calling user CallerArn. - ResourcePolicy: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description:

A resource-based policy to include in the simulation provided - as a string. Each resource in the simulation is treated as if it had - this policy attached. You can include only one resource-based policy - in a simulation.

The maximum length of the policy document that - you can pass in this operation, including whitespace, is listed below. - To view the maximum character counts of a managed policy with no whitespaces, - see IAM - and STS character quotas.

The regex - pattern used to validate this parameter is a string of characters - consisting of the following:

  • Any printable ASCII character - ranging from the space character (\u0020) through the end - of the ASCII character range

  • The printable characters - in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- required: - - PolicySourceArn - - ActionNames - title: SimulatePrincipalPolicyRequest - type: object - SimulationPolicyListType: - items: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - xml: - name: member - type: array - Statement: - description:

Contains a reference to a Statement element in - a policy document that determines the result of the simulation.

This - data type is used by the MatchedStatements member of the - EvaluationResult type.

- properties: - EndPosition: - allOf: - - $ref: '#/components/schemas/Position' - - description: The row and column of the end of a Statement - in an IAM policy. - SourcePolicyId: - allOf: - - $ref: '#/components/schemas/PolicyIdentifierType' - - description: The identifier of the policy that was provided as an input. - SourcePolicyType: - allOf: - - $ref: '#/components/schemas/PolicySourceType' - - description: The type of the policy. - StartPosition: - allOf: - - $ref: '#/components/schemas/Position' - - description: The row and column of the beginning of the Statement - in an IAM policy. - type: object - StatementListType: - items: - allOf: - - $ref: '#/components/schemas/Statement' - - xml: - name: member - type: array - Tag: - description: A structure that represents user-provided metadata that can be - associated with an IAM resource. For more information about tagging, see Tagging - IAM resources in the IAM User Guide. - properties: - Key: - allOf: - - $ref: '#/components/schemas/tagKeyType' - - description: The key name that can be used to look up or retrieve the - associated value. For example, Department or Cost - Center are common choices. - Value: - allOf: - - $ref: '#/components/schemas/tagValueType' - - description:

The value associated with this tag. For example, tags - with a key name of Department could have values such as - Human Resources, Accounting, and Support. - Tags with a key name of Cost Center might have values that - consist of the number associated with the different cost centers in - your company. Typically, many resources have tags with the same key - name but with different values.

Amazon Web Services always - interprets the tag Value as a single string. If you need - to store an array, you can store comma-separated values in the string. - However, you must interpret the value in your code.

 - required: - - Key - - Value - type: object - TagInstanceProfileRequest: - properties: - InstanceProfileName: - allOf: - - $ref: '#/components/schemas/instanceProfileNameType' - - description: '

The name of the IAM instance profile to which you want - to add tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that you want to attach to the IAM instance - profile. Each tag consists of a key name and an associated value. - required: - - InstanceProfileName - - Tags - title: TagInstanceProfileRequest - type: object - TagMFADeviceRequest: - properties: - SerialNumber: - allOf: - - $ref: '#/components/schemas/serialNumberType' - - description: '

The unique identifier for the IAM virtual MFA device - to which you want to add tags. For virtual MFA devices, the serial number - is the same as the ARN.

This parameter allows (through its regex pattern) a string of - characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that you want to attach to the IAM virtual - MFA device. Each tag consists of a key name and an associated value. - required: - - SerialNumber - - Tags - title: TagMFADeviceRequest - type: object - TagOpenIDConnectProviderRequest: - properties: - OpenIDConnectProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: '

The ARN of the OIDC identity provider in IAM to which - you want to add tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that you want to attach to the OIDC identity - provider in IAM. Each tag consists of a key name and an associated value. - required: - - OpenIDConnectProviderArn - - Tags - title: TagOpenIDConnectProviderRequest - type: object - TagPolicyRequest: - properties: - PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: '

The ARN of the IAM customer managed policy to which you - want to add tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that you want to attach to the IAM customer - managed policy. Each tag consists of a key name and an associated value. - required: - - PolicyArn - - Tags - title: TagPolicyRequest - type: object - TagRoleRequest: - properties: - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name of the IAM role to which you want to add tags.

-

This parameter accepts (through its regex - pattern) a string of characters that consist of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that you want to attach to the IAM role. - Each tag consists of a key name and an associated value. - required: - - RoleName - - Tags - title: TagRoleRequest - type: object - TagSAMLProviderRequest: - properties: - SAMLProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: '

The ARN of the SAML identity provider in IAM to which - you want to add tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that you want to attach to the SAML identity - provider in IAM. Each tag consists of a key name and an associated value. - required: - - SAMLProviderArn - - Tags - title: TagSAMLProviderRequest - type: object - TagServerCertificateRequest: - properties: - ServerCertificateName: - allOf: - - $ref: '#/components/schemas/serverCertificateNameType' - - description: '

The name of the IAM server certificate to which you want - to add tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that you want to attach to the IAM server - certificate. Each tag consists of a key name and an associated value. - required: - - ServerCertificateName - - Tags - title: TagServerCertificateRequest - type: object - TagUserRequest: - properties: - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that you want to attach to the IAM user. - Each tag consists of a key name and an associated value. - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the IAM user to which you want to add tags.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - - Tags - title: TagUserRequest - type: object - TrackedActionLastAccessed: - description:

Contains details about the most recent attempt to access an - action within the service.

This data type is used as a response element - in the GetServiceLastAccessedDetails operation.

- properties: - ActionName: - allOf: - - $ref: '#/components/schemas/stringType' - - description: The name of the tracked action to which access was attempted. - Tracked actions are actions that report activity to IAM. - LastAccessedEntity: - $ref: '#/components/schemas/arnType' - LastAccessedRegion: - allOf: - - $ref: '#/components/schemas/stringType' - - description:

The Region from which the authenticated entity (user or - role) last attempted to access the tracked action. Amazon Web Services - does not report unauthenticated requests.

This field is null - if no IAM entities attempted to access the service within the reporting - period.

- LastAccessedTime: - allOf: - - $ref: '#/components/schemas/dateType' - - description: "

The date and time, in\_ISO 8601 date-time format, when an authenticated entity most recently\ - \ attempted to access the tracked service. Amazon Web Services does\ - \ not report unauthenticated requests.

This field is null if\ - \ no IAM entities attempted to access the service within the reporting period.

" - type: object - TrackedActionsLastAccessed: - items: - allOf: - - $ref: '#/components/schemas/TrackedActionLastAccessed' - - xml: - name: member - type: array - UnmodifiableEntityException: {} - UnrecognizedPublicKeyEncodingException: {} - UntagInstanceProfileRequest: - properties: - InstanceProfileName: - allOf: - - $ref: '#/components/schemas/instanceProfileNameType' - - description: '

The name of the IAM instance profile from which you want - to remove tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - TagKeys: - allOf: - - $ref: '#/components/schemas/tagKeyListType' - - description: A list of key names as a simple array of strings. The tags - with matching keys are removed from the specified instance profile. - required: - - InstanceProfileName - - TagKeys - title: UntagInstanceProfileRequest - type: object - UntagMFADeviceRequest: - properties: - SerialNumber: - allOf: - - $ref: '#/components/schemas/serialNumberType' - - description: '

The unique identifier for the IAM virtual MFA device - from which you want to remove tags. For virtual MFA devices, the serial - number is the same as the ARN.

This parameter allows (through - its regex pattern) a string - of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - TagKeys: - allOf: - - $ref: '#/components/schemas/tagKeyListType' - - description: A list of key names as a simple array of strings. The tags - with matching keys are removed from the specified instance profile. - required: - - SerialNumber - - TagKeys - title: UntagMFADeviceRequest - type: object - UntagOpenIDConnectProviderRequest: - properties: - OpenIDConnectProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: '

The ARN of the OIDC provider in IAM from which you want - to remove tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - TagKeys: - allOf: - - $ref: '#/components/schemas/tagKeyListType' - - description: A list of key names as a simple array of strings. The tags - with matching keys are removed from the specified OIDC provider. - required: - - OpenIDConnectProviderArn - - TagKeys - title: UntagOpenIDConnectProviderRequest - type: object - UntagPolicyRequest: - properties: - PolicyArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: '

The ARN of the IAM customer managed policy from which - you want to remove tags.

This parameter allows (through its regex pattern) a string of - characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - TagKeys: - allOf: - - $ref: '#/components/schemas/tagKeyListType' - - description: A list of key names as a simple array of strings. The tags - with matching keys are removed from the specified policy. - required: - - PolicyArn - - TagKeys - title: UntagPolicyRequest - type: object - UntagRoleRequest: - properties: - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name of the IAM role from which you want to remove - tags.

This parameter accepts (through its regex - pattern) a string of characters that consist of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - TagKeys: - allOf: - - $ref: '#/components/schemas/tagKeyListType' - - description: A list of key names as a simple array of strings. The tags - with matching keys are removed from the specified role. - required: - - RoleName - - TagKeys - title: UntagRoleRequest - type: object - UntagSAMLProviderRequest: - properties: - SAMLProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: '

The ARN of the SAML identity provider in IAM from which - you want to remove tags.

This parameter allows (through its regex pattern) a string of - characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: - _+=,.@-

' - TagKeys: - allOf: - - $ref: '#/components/schemas/tagKeyListType' - - description: A list of key names as a simple array of strings. The tags - with matching keys are removed from the specified SAML identity provider. - required: - - SAMLProviderArn - - TagKeys - title: UntagSAMLProviderRequest - type: object - UntagServerCertificateRequest: - properties: - ServerCertificateName: - allOf: - - $ref: '#/components/schemas/serverCertificateNameType' - - description: '

The name of the IAM server certificate from which you - want to remove tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - TagKeys: - allOf: - - $ref: '#/components/schemas/tagKeyListType' - - description: A list of key names as a simple array of strings. The tags - with matching keys are removed from the specified IAM server certificate. - required: - - ServerCertificateName - - TagKeys - title: UntagServerCertificateRequest - type: object - UntagUserRequest: - properties: - TagKeys: - allOf: - - $ref: '#/components/schemas/tagKeyListType' - - description: A list of key names as a simple array of strings. The tags - with matching keys are removed from the specified user. - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the IAM user from which you want to remove - tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - - TagKeys - title: UntagUserRequest - type: object - UpdateAccessKeyRequest: - properties: - AccessKeyId: - allOf: - - $ref: '#/components/schemas/accessKeyIdType' - - description:

The access key ID of the secret access key you want to - update.

This parameter allows (through its regex - pattern) a string of characters that can consist of any upper or - lowercased letter or digit.

- Status: - allOf: - - $ref: '#/components/schemas/statusType' - - description: ' The status you want to assign to the secret access key. - Active means that the key can be used for programmatic - calls to Amazon Web Services, while Inactive means that - the key cannot be used.' - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user whose key you want to update.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - AccessKeyId - - Status - title: UpdateAccessKeyRequest - type: object - UpdateAccountPasswordPolicyRequest: - properties: - AllowUsersToChangePassword: - allOf: - - $ref: '#/components/schemas/booleanType' - - description:

Allows all IAM users in your account to use the Amazon - Web Services Management Console to change their own passwords. For more - information, see Permitting - IAM users to change their own passwords in the IAM User Guide.

-

If you do not specify a value for this parameter, then the operation - uses the default value of false. The result is that IAM - users in the account do not automatically have permissions to change - their own password.

- HardExpiry: - allOf: - - $ref: '#/components/schemas/booleanObjectType' - - description:

Prevents IAM users who are accessing the account via - the Amazon Web Services Management Console from setting a new console - password after their password has expired. The IAM user cannot access - the console until an administrator resets the password.

If you - do not specify a value for this parameter, then the operation uses the - default value of false. The result is that IAM users can - change their passwords after they expire and continue to sign in as - the user.

In the Amazon Web Services Management Console, - the custom password policy option Allow users to change their own - password gives IAM users permissions to iam:ChangePassword - for only their user and to the iam:GetAccountPasswordPolicy - action. This option does not attach a permissions policy to each user, - rather the permissions are applied at the account-level for all users - by IAM. IAM users with iam:ChangePassword permission and - active access keys can reset their own expired console password using - the CLI or API.

 - MaxPasswordAge: - allOf: - - $ref: '#/components/schemas/maxPasswordAgeType' - - description:

The number of days that an IAM user password is valid.

-

If you do not specify a value for this parameter, then the operation - uses the default value of 0. The result is that IAM user - passwords never expire.

- MinimumPasswordLength: - allOf: - - $ref: '#/components/schemas/minimumPasswordLengthType' - - description:

The minimum number of characters allowed in an IAM user - password.

If you do not specify a value for this parameter, then - the operation uses the default value of 6.

- PasswordReusePrevention: - allOf: - - $ref: '#/components/schemas/passwordReusePreventionType' - - description:

Specifies the number of previous passwords that IAM users - are prevented from reusing.

If you do not specify a value for - this parameter, then the operation uses the default value of 0. - The result is that IAM users are not prevented from reusing previous - passwords.

- RequireLowercaseCharacters: - allOf: - - $ref: '#/components/schemas/booleanType' - - description:

Specifies whether IAM user passwords must contain at least - one lowercase character from the ISO basic Latin alphabet (a to z).

-

If you do not specify a value for this parameter, then the operation - uses the default value of false. The result is that passwords - do not require at least one lowercase character.

- RequireNumbers: - allOf: - - $ref: '#/components/schemas/booleanType' - - description:

Specifies whether IAM user passwords must contain at least - one numeric character (0 to 9).

If you do not specify a value - for this parameter, then the operation uses the default value of false. - The result is that passwords do not require at least one numeric character.

- RequireSymbols: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: '

Specifies whether IAM user passwords must contain at - least one of the following non-alphanumeric characters:

! @ # - $ % ^ & * ( ) _ + - = [ ] { } | ''

If you do not specify - a value for this parameter, then the operation uses the default value - of false. The result is that passwords do not require at - least one symbol character.

' - RequireUppercaseCharacters: - allOf: - - $ref: '#/components/schemas/booleanType' - - description:

Specifies whether IAM user passwords must contain at least - one uppercase character from the ISO basic Latin alphabet (A to Z).

-

If you do not specify a value for this parameter, then the operation - uses the default value of false. The result is that passwords - do not require at least one uppercase character.

- title: UpdateAccountPasswordPolicyRequest - type: object - UpdateAssumeRolePolicyRequest: - properties: - PolicyDocument: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description:

The policy that grants an entity permission to assume - the role.

You must provide policies in JSON format in IAM. However, - for CloudFormation templates formatted in YAML, you can provide the - policy in JSON or YAML format. CloudFormation always converts a YAML - policy to JSON format before submitting it to IAM.

The regex - pattern used to validate this parameter is a string of characters - consisting of the following:

  • Any printable ASCII character - ranging from the space character (\u0020) through the end - of the ASCII character range

  • The printable characters - in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name of the role to update with the new policy.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - RoleName - - PolicyDocument - title: UpdateAssumeRolePolicyRequest - type: object - UpdateGroupRequest: - properties: - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: '

Name of the IAM group to update. If you''re changing - the name of the group, this is the original name.

This parameter - allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - NewGroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description:

New name for the IAM group. Only include this if changing - the group's name.

IAM user, group, role, and policy names must - be unique within the account. Names are not distinguished by case. For - example, you cannot create resources named both "MyResource" and "myresource".

- NewPath: - allOf: - - $ref: '#/components/schemas/pathType' - - description:

New path for the IAM group. Only include this if changing - the group's path.

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- required: - - GroupName - title: UpdateGroupRequest - type: object - UpdateLoginProfileRequest: - properties: - Password: - allOf: - - $ref: '#/components/schemas/passwordType' - - description:

The new password for the specified IAM user.

The - regex pattern used to - validate this parameter is a string of characters consisting of the - following:

  • Any printable ASCII character ranging from - the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -

However, the format can be further restricted by the - account administrator by setting a password policy on the Amazon Web - Services account. For more information, see UpdateAccountPasswordPolicy.

- PasswordResetRequired: - allOf: - - $ref: '#/components/schemas/booleanObjectType' - - description: Allows this new password to be used only once by requiring - the specified IAM user to set a new password on next sign-in. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name of the user whose password you want to update.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - title: UpdateLoginProfileRequest - type: object - UpdateOpenIDConnectProviderThumbprintRequest: - properties: - OpenIDConnectProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the IAM OIDC provider - resource object for which you want to update the thumbprint. You can - get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders - operation.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- ThumbprintList: - allOf: - - $ref: '#/components/schemas/thumbprintListType' - - description: 'A list of certificate thumbprints that are associated with - the specified IAM OpenID Connect provider. For more information, see - CreateOpenIDConnectProvider. ' - required: - - OpenIDConnectProviderArn - - ThumbprintList - title: UpdateOpenIDConnectProviderThumbprintRequest - type: object - UpdateRoleDescriptionRequest: - properties: - Description: - allOf: - - $ref: '#/components/schemas/roleDescriptionType' - - description: The new description that you want to apply to the specified - role. - RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: The name of the role that you want to modify. - required: - - RoleName - - Description - title: UpdateRoleDescriptionRequest - type: object - UpdateRoleDescriptionResponse: - properties: - Role: - allOf: - - $ref: '#/components/schemas/Role' - - description: A structure that contains details about the modified role. - type: object - UpdateRoleRequest: - properties: - Description: - allOf: - - $ref: '#/components/schemas/roleDescriptionType' - - description: The new description that you want to apply to the specified - role. - MaxSessionDuration: - allOf: - - $ref: '#/components/schemas/roleMaxSessionDurationType' - - description:

The maximum session duration (in seconds) that you want - to set for the specified role. If you do not specify a value for this - setting, the default maximum of one hour is applied. This setting can - have a value from 1 hour to 12 hours.

Anyone who assumes the - role from the CLI or API can use the DurationSeconds API - parameter or the duration-seconds CLI parameter to request - a longer session. The MaxSessionDuration setting determines - the maximum duration that can be requested using the DurationSeconds - parameter. If users don't specify a value for the DurationSeconds - parameter, their security credentials are valid for one hour by default. - This applies when you use the AssumeRole* API operations - or the assume-role* CLI operations but does not apply when - you use those operations to create a console URL. For more information, - see Using - IAM roles in the IAM User Guide.

- RoleName: - allOf: - - $ref: '#/components/schemas/roleNameType' - - description: The name of the role that you want to modify. - required: - - RoleName - title: UpdateRoleRequest - type: object - UpdateRoleResponse: - properties: {} - type: object - UpdateSAMLProviderRequest: - properties: - SAMLMetadataDocument: - allOf: - - $ref: '#/components/schemas/SAMLMetadataDocumentType' - - description: An XML document generated by an identity provider (IdP) that - supports SAML 2.0. The document includes the issuer's name, expiration - information, and keys that can be used to validate the SAML authentication - response (assertions) that are received from the IdP. You must generate - the metadata document using the identity management software that is - used as your organization's IdP. - SAMLProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description:

The Amazon Resource Name (ARN) of the SAML provider to - update.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- required: - - SAMLMetadataDocument - - SAMLProviderArn - title: UpdateSAMLProviderRequest - type: object - UpdateSAMLProviderResponse: - description: 'Contains the response to a successful UpdateSAMLProvider - request. ' - properties: - SAMLProviderArn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: The Amazon Resource Name (ARN) of the SAML provider that - was updated. - type: object - UpdateSSHPublicKeyRequest: - properties: - SSHPublicKeyId: - allOf: - - $ref: '#/components/schemas/publicKeyIdType' - - description:

The unique identifier for the SSH public key.

This - parameter allows (through its regex - pattern) a string of characters that can consist of any upper or - lowercased letter or digit.

- Status: - allOf: - - $ref: '#/components/schemas/statusType' - - description: The status to assign to the SSH public key. Active - means that the key can be used for authentication with an CodeCommit - repository. Inactive means that the key cannot be used. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name of the IAM user associated with the SSH public - key.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - - SSHPublicKeyId - - Status - title: UpdateSSHPublicKeyRequest - type: object - UpdateServerCertificateRequest: - properties: - NewPath: - allOf: - - $ref: '#/components/schemas/pathType' - - description:

The new path for the server certificate. Include this - only if you are updating the server certificate's path.

This - parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- NewServerCertificateName: - allOf: - - $ref: '#/components/schemas/serverCertificateNameType' - - description: '

The new name for the server certificate. Include this - only if you are updating the server certificate''s name. The name of - the certificate cannot contain any spaces.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following - characters: _+=,.@-

' - ServerCertificateName: - allOf: - - $ref: '#/components/schemas/serverCertificateNameType' - - description: '

The name of the server certificate that you want to update.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - ServerCertificateName - title: UpdateServerCertificateRequest - type: object - UpdateServiceSpecificCredentialRequest: - properties: - ServiceSpecificCredentialId: - allOf: - - $ref: '#/components/schemas/serviceSpecificCredentialId' - - description:

The unique identifier of the service-specific credential.

-

This parameter allows (through its regex - pattern) a string of characters that can consist of any upper or - lowercased letter or digit.

- Status: - allOf: - - $ref: '#/components/schemas/statusType' - - description: The status to be assigned to the service-specific credential. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name of the IAM user associated with the service-specific - credential. If you do not specify this value, then the operation assumes - the user whose credentials are used to call the operation.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - ServiceSpecificCredentialId - - Status - title: UpdateServiceSpecificCredentialRequest - type: object - UpdateSigningCertificateRequest: - properties: - CertificateId: - allOf: - - $ref: '#/components/schemas/certificateIdType' - - description:

The ID of the signing certificate you want to update.

-

This parameter allows (through its regex - pattern) a string of characters that can consist of any upper or - lowercased letter or digit.

- Status: - allOf: - - $ref: '#/components/schemas/statusType' - - description: ' The status you want to assign to the certificate. Active - means that the certificate can be used for programmatic calls to Amazon - Web Services Inactive means that the certificate cannot - be used.' - UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the IAM user the signing certificate belongs - to.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - CertificateId - - Status - title: UpdateSigningCertificateRequest - type: object - UpdateUserRequest: - properties: - NewPath: - allOf: - - $ref: '#/components/schemas/pathType' - - description:

New path for the IAM user. Include this parameter only - if you're changing the user's path.

This parameter allows (through - its regex pattern) a string - of characters consisting of either a forward slash (/) by itself or - a string that must begin and end with forward slashes. In addition, - it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- NewUserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description:

New name for the user. Include this parameter only if - you're changing the user's name.

IAM user, group, role, and policy - names must be unique within the account. Names are not distinguished - by case. For example, you cannot create resources named both "MyResource" - and "myresource".

- UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

Name of the user to update. If you''re changing the name - of the user, this is the original user name.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following - characters: _+=,.@-

' - required: - - UserName - title: UpdateUserRequest - type: object - UploadSSHPublicKeyRequest: - properties: - SSHPublicKeyBody: - allOf: - - $ref: '#/components/schemas/publicKeyMaterialType' - - description:

The SSH public key. The public key must be encoded in - ssh-rsa format or PEM format. The minimum bit-length of the public key - is 2048 bits. For example, you can generate a 2048-bit key, and the - resulting PEM file is 1679 bytes long.

The regex - pattern used to validate this parameter is a string of characters - consisting of the following:

  • Any printable ASCII character - ranging from the space character (\u0020) through the end - of the ASCII character range

  • The printable characters - in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: '

The name of the IAM user to associate the SSH public - key with.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - UserName - - SSHPublicKeyBody - title: UploadSSHPublicKeyRequest - type: object - UploadSSHPublicKeyResponse: - description: Contains the response to a successful UploadSSHPublicKey - request. - properties: - SSHPublicKey: - allOf: - - $ref: '#/components/schemas/SSHPublicKey' - - description: Contains information about the SSH public key. - type: object - UploadServerCertificateRequest: - properties: - CertificateBody: - allOf: - - $ref: '#/components/schemas/certificateBodyType' - - description:

The contents of the public key certificate in PEM-encoded - format.

The regex pattern - used to validate this parameter is a string of characters consisting - of the following:

  • Any printable ASCII character ranging - from the space character (\u0020) through the end of the - ASCII character range

  • The printable characters in - the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- CertificateChain: - allOf: - - $ref: '#/components/schemas/certificateChainType' - - description:

The contents of the certificate chain. This is typically - a concatenation of the PEM-encoded public key certificates of the chain.

-

The regex pattern used - to validate this parameter is a string of characters consisting of the - following:

  • Any printable ASCII character ranging from - the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- Path: - allOf: - - $ref: '#/components/schemas/pathType' - - description:

The path for the server certificate. For more information - about paths, see IAM - identifiers in the IAM User Guide.

This parameter - is optional. If it is not included, it defaults to a slash (/). This - parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- If you are uploading a server certificate specifically for use with - Amazon CloudFront distributions, you must specify a path using the path - parameter. The path must begin with /cloudfront and must - include a trailing slash (for example, /cloudfront/test/).

- - PrivateKey: - allOf: - - $ref: '#/components/schemas/privateKeyType' - - description:

The contents of the private key in PEM-encoded format.

-

The regex pattern used - to validate this parameter is a string of characters consisting of the - following:

  • Any printable ASCII character ranging from - the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line - feed (\u000A), and carriage return (\u000D)

    -
- ServerCertificateName: - allOf: - - $ref: '#/components/schemas/serverCertificateNameType' - - description: '

The name for the server certificate. Do not include the - path in this value. The name of the certificate cannot contain any spaces.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description:

A list of tags that you want to attach to the new IAM - server certificate resource. Each tag consists of a key name and an - associated value. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

If any - one of the tags is invalid or if you exceed the allowed maximum number - of tags, then the entire request fails and the resource is not created.

- - required: - - ServerCertificateName - - CertificateBody - - PrivateKey - title: UploadServerCertificateRequest - type: object - UploadServerCertificateResponse: - description: 'Contains the response to a successful UploadServerCertificate - request. ' - example: - ServerCertificateMetadata: - Arn: arn:aws:iam::123456789012:server-certificate/company/servercerts/ProdServerCert - Expiration: '2012-05-08T01:02:03.004Z' - Path: /company/servercerts/ - ServerCertificateId: ASCA1111111111EXAMPLE - ServerCertificateName: ProdServerCert - UploadDate: '2010-05-08T01:02:03.004Z' - properties: - ServerCertificateMetadata: - allOf: - - $ref: '#/components/schemas/ServerCertificateMetadata' - - description: The meta information of the uploaded server certificate without - its certificate body, certificate chain, and private key. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: A list of tags that are attached to the new IAM server certificate. - The returned list of tags is sorted by tag key. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide. - type: object - UploadSigningCertificateRequest: - properties: - CertificateBody: - allOf: - - $ref: '#/components/schemas/certificateBodyType' - - description:

The contents of the signing certificate.

The regex pattern used to validate - this parameter is a string of characters consisting of the following:

-

  • Any printable ASCII character ranging from the space character - (\u0020) through the end of the ASCII character range

    -

  • The printable characters in the Basic Latin and Latin-1 - Supplement character set (through \u00FF)

  • -

    The special characters tab (\u0009), line feed (\u000A), - and carriage return (\u000D)

- UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user the signing certificate is for.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase - alphanumeric characters with no spaces. You can also include any of - the following characters: _+=,.@-

' - required: - - CertificateBody - title: UploadSigningCertificateRequest - type: object - UploadSigningCertificateResponse: - description: 'Contains the response to a successful UploadSigningCertificate - request. ' - example: - Certificate: - CertificateBody: '-----BEGIN CERTIFICATE----------END - CERTIFICATE-----' - CertificateId: ID123456789012345EXAMPLE - Status: Active - UploadDate: '2015-06-06T21:40:08.121Z' - UserName: Bob - properties: - Certificate: - allOf: - - $ref: '#/components/schemas/SigningCertificate' - - description: Information about the certificate. - required: - - Certificate - type: object - User: - description:

Contains information about an IAM user entity.

This data - type is used as a response element in the following operations:

- properties: - Arn: - allOf: - - $ref: '#/components/schemas/arnType' - - description: 'The Amazon Resource Name (ARN) that identifies the user. - For more information about ARNs and how to use ARNs in policies, see - IAM - Identifiers in the IAM User Guide. ' - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time, in ISO - 8601 date-time format, when the user was created. - PasswordLastUsed: - allOf: - - $ref: '#/components/schemas/dateType' - - description:

The date and time, in ISO - 8601 date-time format, when the user's password was last used to - sign in to an Amazon Web Services website. For a list of Amazon Web - Services websites that capture a user's last sign-in time, see the Credential - reports topic in the IAM User Guide. If a password is used - more than once in a five-minute span, only the first use is returned - in this field. If the field is null (no value), then it indicates that - they never signed in with a password. This can be because:

    -

  • The user never had a password.

  • A password - exists but has not been used since IAM started tracking this information - on October 20, 2014.

A null value does not mean that - the user never had a password. Also, if the user does not currently - have a password but had one in the past, then this field contains the - date and time the most recent password was used.

This value is - returned only in the GetUser and ListUsers operations. -

- Path: - allOf: - - $ref: '#/components/schemas/pathType' - - description:

The path to the user. For more information about paths, - see IAM - identifiers in the IAM User Guide.

The ARN of the - policy used to set the permissions boundary for the user.

- PermissionsBoundary: - allOf: - - $ref: '#/components/schemas/AttachedPermissionsBoundary' - - description: For more information about permissions boundaries, see Permissions - boundaries for IAM identities in the IAM User Guide. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: A list of tags that are associated with the user. For more - information about tagging, see Tagging - IAM resources in the IAM User Guide. - UserId: - allOf: - - $ref: '#/components/schemas/idType' - - description: The stable and unique string identifying the user. For more - information about IDs, see IAM - identifiers in the IAM User Guide. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: The friendly name identifying the user. - required: - - Path - - UserName - - UserId - - Arn - - CreateDate - type: object - UserDetail: - description:

Contains information about an IAM user, including all the user's - policies and all the IAM groups the user is in.

This data type is used - as a response element in the GetAccountAuthorizationDetails operation.

- properties: - Arn: - $ref: '#/components/schemas/arnType' - AttachedManagedPolicies: - allOf: - - $ref: '#/components/schemas/attachedPoliciesListType' - - description: A list of the managed policies attached to the user. - CreateDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time, in ISO - 8601 date-time format, when the user was created. - GroupList: - allOf: - - $ref: '#/components/schemas/groupNameListType' - - description: A list of IAM groups that the user is in. - Path: - allOf: - - $ref: '#/components/schemas/pathType' - - description: The path to the user. For more information about paths, see - IAM - identifiers in the IAM User Guide. - PermissionsBoundary: - allOf: - - $ref: '#/components/schemas/AttachedPermissionsBoundary' - - description:

The ARN of the policy used to set the permissions boundary - for the user.

For more information about permissions boundaries, - see Permissions - boundaries for IAM identities in the IAM User Guide.

- Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: A list of tags that are associated with the user. For more - information about tagging, see Tagging - IAM resources in the IAM User Guide. - UserId: - allOf: - - $ref: '#/components/schemas/idType' - - description: The stable and unique string identifying the user. For more - information about IDs, see IAM - identifiers in the IAM User Guide. - UserName: - allOf: - - $ref: '#/components/schemas/userNameType' - - description: The friendly name identifying the user. - UserPolicyList: - allOf: - - $ref: '#/components/schemas/policyDetailListType' - - description: A list of the inline policies embedded in the user. - type: object - VirtualMFADevice: - description: Contains information about a virtual MFA device. - properties: - Base32StringSeed: - allOf: - - $ref: '#/components/schemas/BootstrapDatum' - - description: ' The base32 seed defined as specified in RFC3548. - The Base32StringSeed is base64-encoded. ' - EnableDate: - allOf: - - $ref: '#/components/schemas/dateType' - - description: The date and time on which the virtual MFA device was enabled. - QRCodePNG: - allOf: - - $ref: '#/components/schemas/BootstrapDatum' - - description: ' A QR code PNG image that encodes otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String - where $virtualMFADeviceName is one of the create call arguments. - AccountName is the user name if set (otherwise, the account - ID otherwise), and Base32String is the seed in base32 format. - The Base32String value is base64-encoded. ' - SerialNumber: - allOf: - - $ref: '#/components/schemas/serialNumberType' - - description: The serial number associated with VirtualMFADevice. - Tags: - allOf: - - $ref: '#/components/schemas/tagListType' - - description: A list of tags that are attached to the virtual MFA device. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide. - User: - allOf: - - $ref: '#/components/schemas/User' - - description: The IAM user associated with this virtual MFA device. - required: - - SerialNumber - type: object - accessKeyIdType: - maxLength: 128 - minLength: 16 - pattern: '[\w]+' - type: string - accessKeyMetadataListType: - description:

Contains a list of access key metadata.

This data type - is used as a response element in the ListAccessKeys operation.

- items: - allOf: - - $ref: '#/components/schemas/AccessKeyMetadata' - - xml: - name: member - type: array - accessKeySecretType: - format: password - type: string - accountAliasListType: - items: - allOf: - - $ref: '#/components/schemas/accountAliasType' - - xml: - name: member - type: array - accountAliasType: - maxLength: 63 - minLength: 3 - pattern: ^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$ - type: string - arnType: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - assignmentStatusType: - enum: - - Assigned - - Unassigned - - Any - type: string - attachedPoliciesListType: - items: - allOf: - - $ref: '#/components/schemas/AttachedPolicy' - - xml: - name: member - type: array - attachmentCountType: - type: integer - authenticationCodeType: - maxLength: 6 - minLength: 6 - pattern: '[\d]+' - type: string - booleanObjectType: - type: boolean - booleanType: - type: boolean - certificateBodyType: - maxLength: 16384 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - certificateChainType: - maxLength: 2097152 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - certificateIdType: - maxLength: 128 - minLength: 24 - pattern: '[\w]+' - type: string - certificateListType: - description:

Contains a list of signing certificates.

This data type - is used as a response element in the ListSigningCertificates operation.

- items: - allOf: - - $ref: '#/components/schemas/SigningCertificate' - - xml: - name: member - type: array - clientIDListType: - items: - allOf: - - $ref: '#/components/schemas/clientIDType' - - xml: - name: member - type: array - clientIDType: - maxLength: 255 - minLength: 1 - type: string - customSuffixType: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - dateType: - format: date-time - type: string - encodingType: - enum: - - SSH - - PEM - type: string - entityDetailsListType: - items: - allOf: - - $ref: '#/components/schemas/EntityDetails' - - xml: - name: member - type: array - entityListType: - items: - allOf: - - $ref: '#/components/schemas/EntityType' - - xml: - name: member - type: array - entityNameType: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - existingUserNameType: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - globalEndpointTokenVersion: - enum: - - v1Token - - v2Token - type: string - groupDetailListType: - items: - allOf: - - $ref: '#/components/schemas/GroupDetail' - - xml: - name: member - type: array - groupListType: - description:

Contains a list of IAM groups.

This data type is used - as a response element in the ListGroups operation.

- items: - allOf: - - $ref: '#/components/schemas/Group' - - xml: - name: member - type: array - groupNameListType: - items: - allOf: - - $ref: '#/components/schemas/groupNameType' - - xml: - name: member - type: array - groupNameType: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - idType: - maxLength: 128 - minLength: 16 - pattern: '[\w]+' - type: string - instanceProfileListType: - description: Contains a list of instance profiles. - items: - allOf: - - $ref: '#/components/schemas/InstanceProfile' - - xml: - name: member - type: array - instanceProfileNameType: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - integerType: - type: integer - jobIDType: - maxLength: 36 - minLength: 36 - type: string - jobStatusType: - enum: - - IN_PROGRESS - - COMPLETED - - FAILED - type: string - listPolicyGrantingServiceAccessResponseListType: - items: - allOf: - - $ref: '#/components/schemas/ListPoliciesGrantingServiceAccessEntry' - - xml: - name: member - type: array - markerType: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - maxItemsType: - maximum: 1000 - minimum: 1 - type: integer - maxPasswordAgeType: - maximum: 1095 - minimum: 1 - type: integer - mfaDeviceListType: - description:

Contains a list of MFA devices.

This data type is used - as a response element in the ListMFADevices and ListVirtualMFADevices - operations.

- items: - allOf: - - $ref: '#/components/schemas/MFADevice' - - xml: - name: member - type: array - minimumPasswordLengthType: - maximum: 128 - minimum: 6 - type: integer - organizationsEntityPathType: - maxLength: 427 - minLength: 19 - pattern: ^o-[0-9a-z]{10,32}\/r-[0-9a-z]{4,32}[0-9a-z-\/]* - type: string - organizationsPolicyIdType: - pattern: ^p-[0-9a-zA-Z_]{8,128}$ - type: string - passwordReusePreventionType: - maximum: 24 - minimum: 1 - type: integer - passwordType: - format: password - maxLength: 128 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - pathPrefixType: - maxLength: 512 - minLength: 1 - pattern: \u002F[\u0021-\u007F]* - type: string - pathType: - maxLength: 512 - minLength: 1 - pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) - type: string - policyDescriptionType: - maxLength: 1000 - type: string - policyDetailListType: - items: - allOf: - - $ref: '#/components/schemas/PolicyDetail' - - xml: - name: member - type: array - policyDocumentType: - maxLength: 131072 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - policyDocumentVersionListType: - items: - allOf: - - $ref: '#/components/schemas/PolicyVersion' - - xml: - name: member - type: array - policyGrantingServiceAccessListType: - items: - allOf: - - $ref: '#/components/schemas/PolicyGrantingServiceAccess' - - xml: - name: member - type: array - policyListType: - items: - allOf: - - $ref: '#/components/schemas/Policy' - - xml: - name: member - type: array - policyNameListType: - description:

Contains a list of policy names.

This data type is used - as a response element in the ListPolicies operation.

- items: - allOf: - - $ref: '#/components/schemas/policyNameType' - - xml: - name: member - type: array - policyNameType: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - policyOwnerEntityType: - enum: - - USER - - ROLE - - GROUP - type: string - policyPathType: - maxLength: 512 - minLength: 1 - pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ - type: string - policyScopeType: - enum: - - All - - AWS - - Local - type: string - policyType: - enum: - - INLINE - - MANAGED - type: string - policyVersionIdType: - pattern: v[1-9][0-9]*(\.[A-Za-z0-9-]*)? - type: string - privateKeyType: - format: password - maxLength: 16384 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - publicKeyFingerprintType: - maxLength: 48 - minLength: 48 - pattern: '[:\w]+' - type: string - publicKeyIdType: - maxLength: 128 - minLength: 20 - pattern: '[\w]+' - type: string - publicKeyMaterialType: - maxLength: 16384 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - responseMarkerType: - type: string - roleDescriptionType: - maxLength: 1000 - pattern: '[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}]*' - type: string - roleDetailListType: - items: - allOf: - - $ref: '#/components/schemas/RoleDetail' - - xml: - name: member - type: array - roleListType: - description:

Contains a list of IAM roles.

This data type is used - as a response element in the ListRoles operation.

- items: - allOf: - - $ref: '#/components/schemas/Role' - - xml: - name: member - type: array - roleMaxSessionDurationType: - maximum: 43200 - minimum: 3600 - type: integer - roleNameType: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - serialNumberType: - maxLength: 256 - minLength: 9 - pattern: '[\w+=/:,.@-]+' - type: string - serverCertificateMetadataListType: - items: - allOf: - - $ref: '#/components/schemas/ServerCertificateMetadata' - - xml: - name: member - type: array - serverCertificateNameType: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - serviceName: - type: string - serviceNameType: - type: string - serviceNamespaceListType: - items: - allOf: - - $ref: '#/components/schemas/serviceNamespaceType' - - xml: - name: member - maxItems: 200 - minItems: 1 - type: array - serviceNamespaceType: - maxLength: 64 - minLength: 1 - pattern: '[\w-]*' - type: string - servicePassword: - format: password - type: string - serviceSpecificCredentialId: - maxLength: 128 - minLength: 20 - pattern: '[\w]+' - type: string - serviceUserName: - maxLength: 200 - minLength: 17 - pattern: '[\w+=,.@-]+' - type: string - sortKeyType: - enum: - - SERVICE_NAMESPACE_ASCENDING - - SERVICE_NAMESPACE_DESCENDING - - LAST_AUTHENTICATED_TIME_ASCENDING - - LAST_AUTHENTICATED_TIME_DESCENDING - type: string - statusType: - enum: - - Active - - Inactive - type: string - stringType: - type: string - summaryKeyType: - enum: - - Users - - UsersQuota - - Groups - - GroupsQuota - - ServerCertificates - - ServerCertificatesQuota - - UserPolicySizeQuota - - GroupPolicySizeQuota - - GroupsPerUserQuota - - SigningCertificatesPerUserQuota - - AccessKeysPerUserQuota - - MFADevices - - MFADevicesInUse - - AccountMFAEnabled - - AccountAccessKeysPresent - - AccountSigningCertificatesPresent - - AttachedPoliciesPerGroupQuota - - AttachedPoliciesPerRoleQuota - - AttachedPoliciesPerUserQuota - - Policies - - PoliciesQuota - - PolicySizeQuota - - PolicyVersionsInUse - - PolicyVersionsInUseQuota - - VersionsPerPolicyQuota - - GlobalEndpointTokenVersion - type: string - summaryMapType: - additionalProperties: - $ref: '#/components/schemas/summaryValueType' - type: object - summaryValueType: - type: integer - tagKeyListType: - items: - allOf: - - $ref: '#/components/schemas/tagKeyType' - - xml: - name: member - maxItems: 50 - type: array - tagKeyType: - maxLength: 128 - minLength: 1 - pattern: '[\p{L}\p{Z}\p{N}_.:/=+\-@]+' - type: string - tagListType: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - tagValueType: - maxLength: 256 - minLength: 0 - pattern: '[\p{L}\p{Z}\p{N}_.:/=+\-@]*' - type: string - thumbprintListType: - description: Contains a list of thumbprints of identity provider server certificates. - items: - allOf: - - $ref: '#/components/schemas/thumbprintType' - - xml: - name: member - type: array - thumbprintType: - description:

Contains a thumbprint for an identity provider's server certificate.

-

The identity provider's server certificate thumbprint is the hex-encoded - SHA-1 hash value of the self-signed X.509 certificate. This thumbprint is - used by the domain where the OpenID Connect provider makes its keys available. - The thumbprint is always a 40-character string.

- maxLength: 40 - minLength: 40 - type: string - userDetailListType: - items: - allOf: - - $ref: '#/components/schemas/UserDetail' - - xml: - name: member - type: array - userListType: - description:

Contains a list of users.

This data type is used as a - response element in the GetGroup and ListUsers operations.

- items: - allOf: - - $ref: '#/components/schemas/User' - - xml: - name: member - type: array - userNameType: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - virtualMFADeviceListType: - items: - allOf: - - $ref: '#/components/schemas/VirtualMFADevice' - - xml: - name: member - type: array - virtualMFADeviceName: - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - securitySchemes: - hmac: - description: Amazon Signature authorization v4 - in: header - name: Authorization - type: apiKey - x-amazon-apigateway-authtype: awsSigv4 - x-stackQL-resources: - access_key_last_useds: - id: aws.iam.access_key_last_useds - methods: - access_key_last_useds_Get: - operation: - $ref: '#/paths/~1?Action=GetAccessKeyLastUsed&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetAccessKeyLastUsedResult - openAPIDocKey: '200' - name: access_key_last_useds - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/access_key_last_useds/methods/access_key_last_useds_Get' - update: [] - title: access_key_last_useds - access_keys: - id: aws.iam.access_keys - methods: - access_keys_Create: - operation: - $ref: '#/paths/~1?Action=CreateAccessKey&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - access_keys_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteAccessKey&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - access_keys_List: - operation: - $ref: '#/paths/~1?Action=ListAccessKeys&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListAccessKeysResult/AccessKeyMetadata/member - openAPIDocKey: '200' - access_keys_Update: - operation: - $ref: '#/paths/~1?Action=UpdateAccessKey&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: access_keys - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/access_keys/methods/access_keys_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/access_keys/methods/access_keys_Create' - select: - - $ref: '#/components/x-stackQL-resources/access_keys/methods/access_keys_List' - update: [] - title: access_keys - account_alias: - id: aws.iam.account_alias - methods: - account_alias_Create: - operation: - $ref: '#/paths/~1?Action=CreateAccountAlias&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - account_alias_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteAccountAlias&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: account_alias - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/account_alias/methods/account_alias_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/account_alias/methods/account_alias_Create' - select: [] - update: [] - title: account_alias - account_aliases: - id: aws.iam.account_aliases - methods: - account_aliases_List: - operation: - $ref: '#/paths/~1?Action=ListAccountAliases&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListAccountAliasesResult/AccountAliases/member - openAPIDocKey: '200' - name: account_aliases - sqlVerbs: - delete: [] - insert: [] - select: [] - # - $ref: '#/components/x-stackQL-resources/account_aliases/methods/account_aliases_List' - update: [] - title: account_aliases - account_authorization_details: - id: aws.iam.account_authorization_details - methods: - account_authorization_details_Get: - operation: - $ref: '#/paths/~1?Action=GetAccountAuthorizationDetails&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetAccountAuthorizationDetailsResult - openAPIDocKey: '200' - name: account_authorization_details - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/account_authorization_details/methods/account_authorization_details_Get' - update: [] - title: account_authorization_details - account_password_policies: - id: aws.iam.account_password_policies - methods: - account_password_policies_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteAccountPasswordPolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - account_password_policies_Get: - operation: - $ref: '#/paths/~1?Action=GetAccountPasswordPolicy&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetAccountPasswordPolicyResult - openAPIDocKey: '200' - account_password_policies_Update: - operation: - $ref: '#/paths/~1?Action=UpdateAccountPasswordPolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: account_password_policies - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/account_password_policies/methods/account_password_policies_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/account_password_policies/methods/account_password_policies_Get' - update: [] - title: account_password_policies - account_summaries: - id: aws.iam.account_summaries - methods: - account_summaries_Get: - operation: - $ref: '#/paths/~1?Action=GetAccountSummary&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetAccountSummaryResult - openAPIDocKey: '200' - name: account_summaries - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/account_summaries/methods/account_summaries_Get' - update: [] - title: account_summaries - assume_role_policies: - id: aws.iam.assume_role_policies - methods: - assume_role_policies_Update: - operation: - $ref: '#/paths/~1?Action=UpdateAssumeRolePolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: assume_role_policies - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: assume_role_policies - attached_group_policies: - id: aws.iam.attached_group_policies - methods: - attached_group_policies_List: - operation: - $ref: '#/paths/~1?Action=ListAttachedGroupPolicies&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListAttachedGroupPoliciesResult/AttachedPolicies/member - openAPIDocKey: '200' - name: attached_group_policies - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/attached_group_policies/methods/attached_group_policies_List' - update: [] - title: attached_group_policies - attached_role_policies: - id: aws.iam.attached_role_policies - methods: - attached_role_policies_List: - operation: - $ref: '#/paths/~1?Action=ListAttachedRolePolicies&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListAttachedRolePoliciesResult/AttachedPolicies/member - openAPIDocKey: '200' - name: attached_role_policies - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/attached_role_policies/methods/attached_role_policies_List' - update: [] - title: attached_role_policies - attached_user_policies: - id: aws.iam.attached_user_policies - methods: - attached_user_policies_List: - operation: - $ref: '#/paths/~1?Action=ListAttachedUserPolicies&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListAttachedUserPoliciesResult/AttachedPolicies/member - openAPIDocKey: '200' - name: attached_user_policies - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/attached_user_policies/methods/attached_user_policies_List' - update: [] - title: attached_user_policies - client_id_from_open_id_connect_providers: - id: aws.iam.client_id_from_open_id_connect_providers - methods: - client_id_from_open_id_connect_providers_Remove: - operation: - $ref: '#/paths/~1?Action=RemoveClientIDFromOpenIDConnectProvider&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: client_id_from_open_id_connect_providers - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: client_id_from_open_id_connect_providers - # client_id_to_open_id_connect_providers: - # id: aws.iam.client_id_to_open_id_connect_providers - # methods: {} - # name: client_id_to_open_id_connect_providers - # sqlVerbs: - # delete: [] - # insert: [] - # select: [] - # update: [] - # title: client_id_to_open_id_connect_providers - context_keys_for_custom_policies: - id: aws.iam.context_keys_for_custom_policies - methods: - context_keys_for_custom_policies_Get: - operation: - $ref: '#/paths/~1?Action=GetContextKeysForCustomPolicy&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetContextKeysForCustomPolicyResult - openAPIDocKey: '200' - name: context_keys_for_custom_policies - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/context_keys_for_custom_policies/methods/context_keys_for_custom_policies_Get' - update: [] - title: context_keys_for_custom_policies - context_keys_for_principal_policies: - id: aws.iam.context_keys_for_principal_policies - methods: - context_keys_for_principal_policies_Get: - operation: - $ref: '#/paths/~1?Action=GetContextKeysForPrincipalPolicy&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetContextKeysForPrincipalPolicyResult - openAPIDocKey: '200' - name: context_keys_for_principal_policies - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/context_keys_for_principal_policies/methods/context_keys_for_principal_policies_Get' - update: [] - title: context_keys_for_principal_policies - credential_reports: - id: aws.iam.credential_reports - methods: - credential_reports_Generate: - operation: - $ref: '#/paths/~1?Action=GenerateCredentialReport&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - credential_reports_Get: - operation: - $ref: '#/paths/~1?Action=GetCredentialReport&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetCredentialReportResult - openAPIDocKey: '200' - name: credential_reports - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/credential_reports/methods/credential_reports_Get' - update: [] - title: credential_reports - custom_policies: - id: aws.iam.custom_policies - methods: - custom_policies_Simulate: - operation: - $ref: '#/paths/~1?Action=SimulateCustomPolicy&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: custom_policies - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: custom_policies - default_policy_versions: - id: aws.iam.default_policy_versions - methods: - default_policy_versions_Set: - operation: - $ref: '#/paths/~1?Action=SetDefaultPolicyVersion&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: default_policy_versions - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: default_policy_versions - entities_for_policies: - id: aws.iam.entities_for_policies - methods: - entities_for_policies_List: - operation: - $ref: '#/paths/~1?Action=ListEntitiesForPolicy&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListEntitiesForPolicyResult/PolicyGroups/member - openAPIDocKey: '200' - name: entities_for_policies - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/entities_for_policies/methods/entities_for_policies_List' - update: [] - title: entities_for_policies - group_policies: - id: aws.iam.group_policies - methods: - group_policies_Attach: - operation: - $ref: '#/paths/~1?Action=AttachGroupPolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - group_policies_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteGroupPolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - group_policies_Detach: - operation: - $ref: '#/paths/~1?Action=DetachGroupPolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - group_policies_Get: - operation: - $ref: '#/paths/~1?Action=GetGroupPolicy&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetGroupPolicyResult - openAPIDocKey: '200' - group_policies_List: - operation: - $ref: '#/paths/~1?Action=ListGroupPolicies&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListGroupPoliciesResult/PolicyNames/member - openAPIDocKey: '200' - group_policies_Put: - operation: - $ref: '#/paths/~1?Action=PutGroupPolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: group_policies - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/group_policies/methods/group_policies_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/group_policies/methods/group_policies_Get' - - $ref: '#/components/x-stackQL-resources/group_policies/methods/group_policies_List' - update: [] - title: group_policies - groups: - id: aws.iam.groups - methods: - groups_Create: - operation: - $ref: '#/paths/~1?Action=CreateGroup&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - groups_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteGroup&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - groups_Get: - operation: - $ref: '#/paths/~1?Action=GetGroup&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetGroupResult/Group - openAPIDocKey: '200' - groups_List: - operation: - $ref: '#/paths/~1?Action=ListGroups&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListGroupsResult/Groups/member - openAPIDocKey: '200' - groups_Update: - operation: - $ref: '#/paths/~1?Action=UpdateGroup&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: groups - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/groups/methods/groups_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/groups/methods/groups_Create' - select: - - $ref: '#/components/x-stackQL-resources/groups/methods/groups_Get' - - $ref: '#/components/x-stackQL-resources/groups/methods/groups_List' - update: [] - title: groups - groups_for_users: - id: aws.iam.groups_for_users - methods: - groups_for_users_List: - operation: - $ref: '#/paths/~1?Action=ListGroupsForUser&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListGroupsForUserResult/Groups/member - openAPIDocKey: '200' - name: groups_for_users - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/groups_for_users/methods/groups_for_users_List' - update: [] - title: groups_for_users - instance_profile_tags: - id: aws.iam.instance_profile_tags - methods: - instance_profile_tags_List: - operation: - $ref: '#/paths/~1?Action=ListInstanceProfileTags&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListInstanceProfileTagsResult/Tags/member - openAPIDocKey: '200' - name: instance_profile_tags - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/instance_profile_tags/methods/instance_profile_tags_List' - update: [] - title: instance_profile_tags - instance_profiles: - id: aws.iam.instance_profiles - methods: - instance_profiles_Create: - operation: - $ref: '#/paths/~1?Action=CreateInstanceProfile&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - instance_profiles_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteInstanceProfile&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - instance_profiles_Get: - operation: - $ref: '#/paths/~1?Action=GetInstanceProfile&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetInstanceProfileResult - openAPIDocKey: '200' - instance_profiles_List: - operation: - $ref: '#/paths/~1?Action=ListInstanceProfiles&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListInstanceProfilesResult/InstanceProfiles/member - openAPIDocKey: '200' - instance_profiles_Tag: - operation: - $ref: '#/paths/~1?Action=TagInstanceProfile&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - instance_profiles_Untag: - operation: - $ref: '#/paths/~1?Action=UntagInstanceProfile&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: instance_profiles - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/instance_profiles/methods/instance_profiles_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/instance_profiles/methods/instance_profiles_Create' - select: - - $ref: '#/components/x-stackQL-resources/instance_profiles/methods/instance_profiles_Get' - - $ref: '#/components/x-stackQL-resources/instance_profiles/methods/instance_profiles_List' - update: [] - title: instance_profiles - instance_profiles_for_roles: - id: aws.iam.instance_profiles_for_roles - methods: - instance_profiles_for_roles_List: - operation: - $ref: '#/paths/~1?Action=ListInstanceProfilesForRole&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListInstanceProfilesForRoleResult/InstanceProfiles/member - openAPIDocKey: '200' - name: instance_profiles_for_roles - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/instance_profiles_for_roles/methods/instance_profiles_for_roles_List' - update: [] - title: instance_profiles_for_roles - login_profiles: - id: aws.iam.login_profiles - methods: - login_profiles_Create: - operation: - $ref: '#/paths/~1?Action=CreateLoginProfile&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - login_profiles_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteLoginProfile&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - login_profiles_Get: - operation: - $ref: '#/paths/~1?Action=GetLoginProfile&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetLoginProfileResult - openAPIDocKey: '200' - login_profiles_Update: - operation: - $ref: '#/paths/~1?Action=UpdateLoginProfile&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: login_profiles - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/login_profiles/methods/login_profiles_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/login_profiles/methods/login_profiles_Create' - select: - - $ref: '#/components/x-stackQL-resources/login_profiles/methods/login_profiles_Get' - update: [] - title: login_profiles - mfa_device_tags: - id: aws.iam.mfa_device_tags - methods: - mfa_device_tags_List: - operation: - $ref: '#/paths/~1?Action=ListMFADeviceTags&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListMFADeviceTagsResult/Tags/member - openAPIDocKey: '200' - name: mfa_device_tags - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/mfa_device_tags/methods/mfa_device_tags_List' - update: [] - title: mfa_device_tags - mfa_devices: - id: aws.iam.mfa_devices - methods: - mfa_devices_Deactivate: - operation: - $ref: '#/paths/~1?Action=DeactivateMFADevice&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - mfa_devices_Enable: - operation: - $ref: '#/paths/~1?Action=EnableMFADevice&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - mfa_devices_List: - operation: - $ref: '#/paths/~1?Action=ListMFADevices&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListMFADevicesResult/MFADevices/member - openAPIDocKey: '200' - mfa_devices_Resync: - operation: - $ref: '#/paths/~1?Action=ResyncMFADevice&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - mfa_devices_Tag: - operation: - $ref: '#/paths/~1?Action=TagMFADevice&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - mfa_devices_Untag: - operation: - $ref: '#/paths/~1?Action=UntagMFADevice&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: mfa_devices - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/mfa_devices/methods/mfa_devices_List' - update: [] - title: mfa_devices - open_id_connect_provider_tags: - id: aws.iam.open_id_connect_provider_tags - methods: - open_id_connect_provider_tags_List: - operation: - $ref: '#/paths/~1?Action=ListOpenIDConnectProviderTags&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListOpenIDConnectProviderTagsResult/Tags/member - openAPIDocKey: '200' - name: open_id_connect_provider_tags - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/open_id_connect_provider_tags/methods/open_id_connect_provider_tags_List' - update: [] - title: open_id_connect_provider_tags - open_id_connect_provider_thumbprints: - id: aws.iam.open_id_connect_provider_thumbprints - methods: - open_id_connect_provider_thumbprints_Update: - operation: - $ref: '#/paths/~1?Action=UpdateOpenIDConnectProviderThumbprint&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: open_id_connect_provider_thumbprints - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: open_id_connect_provider_thumbprints - open_id_connect_providers: - id: aws.iam.open_id_connect_providers - methods: - open_id_connect_providers_Create: - operation: - $ref: '#/paths/~1?Action=CreateOpenIDConnectProvider&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - open_id_connect_providers_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteOpenIDConnectProvider&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - open_id_connect_providers_Get: - operation: - $ref: '#/paths/~1?Action=GetOpenIDConnectProvider&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetOpenIDConnectProviderResult - openAPIDocKey: '200' - open_id_connect_providers_List: - operation: - $ref: '#/paths/~1?Action=ListOpenIDConnectProviders&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListOpenIDConnectProvidersResult/OpenIDConnectProviderList/member - openAPIDocKey: '200' - open_id_connect_providers_Tag: - operation: - $ref: '#/paths/~1?Action=TagOpenIDConnectProvider&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - open_id_connect_providers_Untag: - operation: - $ref: '#/paths/~1?Action=UntagOpenIDConnectProvider&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: open_id_connect_providers - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/open_id_connect_providers/methods/open_id_connect_providers_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/open_id_connect_providers/methods/open_id_connect_providers_Create' - select: - - $ref: '#/components/x-stackQL-resources/open_id_connect_providers/methods/open_id_connect_providers_Get' - - $ref: '#/components/x-stackQL-resources/open_id_connect_providers/methods/open_id_connect_providers_List' - update: [] - title: open_id_connect_providers - organizations_access_reports: - id: aws.iam.organizations_access_reports - methods: - organizations_access_reports_Generate: - operation: - $ref: '#/paths/~1?Action=GenerateOrganizationsAccessReport&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - organizations_access_reports_Get: - operation: - $ref: '#/paths/~1?Action=GetOrganizationsAccessReport&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetOrganizationsAccessReportResult - openAPIDocKey: '200' - name: organizations_access_reports - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/organizations_access_reports/methods/organizations_access_reports_Get' - update: [] - title: organizations_access_reports - passwords: - id: aws.iam.passwords - methods: - passwords_Change: - operation: - $ref: '#/paths/~1?Action=ChangePassword&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: passwords - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: passwords - policies: - id: aws.iam.policies - methods: - policies_Create: - operation: - $ref: '#/paths/~1?Action=CreatePolicy&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - policies_Delete: - operation: - $ref: '#/paths/~1?Action=DeletePolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - policies_Get: - operation: - $ref: '#/paths/~1?Action=GetPolicy&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetPolicyResult - openAPIDocKey: '200' - policies_List: - operation: - $ref: '#/paths/~1?Action=ListPolicies&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListPoliciesResult/Policies/member - openAPIDocKey: '200' - policies_Tag: - operation: - $ref: '#/paths/~1?Action=TagPolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - policies_Untag: - operation: - $ref: '#/paths/~1?Action=UntagPolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: policies - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/policies/methods/policies_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/policies/methods/policies_Create' - select: - - $ref: '#/components/x-stackQL-resources/policies/methods/policies_Get' - - $ref: '#/components/x-stackQL-resources/policies/methods/policies_List' - update: [] - title: policies - policy_tags: - id: aws.iam.policy_tags - methods: - policy_tags_List: - operation: - $ref: '#/paths/~1?Action=ListPolicyTags&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListPolicyTagsResult/Tags/member - openAPIDocKey: '200' - name: policy_tags - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/policy_tags/methods/policy_tags_List' - update: [] - title: policy_tags - policy_versions: - id: aws.iam.policy_versions - methods: - policy_versions_Create: - operation: - $ref: '#/paths/~1?Action=CreatePolicyVersion&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - policy_versions_Delete: - operation: - $ref: '#/paths/~1?Action=DeletePolicyVersion&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - policy_versions_Get: - operation: - $ref: '#/paths/~1?Action=GetPolicyVersion&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetPolicyVersionResult - openAPIDocKey: '200' - policy_versions_List: - operation: - $ref: '#/paths/~1?Action=ListPolicyVersions&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListPolicyVersionsResult/Versions/member - openAPIDocKey: '200' - name: policy_versions - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/policy_versions/methods/policy_versions_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/policy_versions/methods/policy_versions_Create' - select: - - $ref: '#/components/x-stackQL-resources/policy_versions/methods/policy_versions_Get' - - $ref: '#/components/x-stackQL-resources/policy_versions/methods/policy_versions_List' - update: [] - title: policy_versions - principal_policies: - id: aws.iam.principal_policies - methods: - principal_policies_Simulate: - operation: - $ref: '#/paths/~1?Action=SimulatePrincipalPolicy&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: principal_policies - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: principal_policies - role_descriptions: - id: aws.iam.role_descriptions - methods: - role_descriptions_Update: - operation: - $ref: '#/paths/~1?Action=UpdateRoleDescription&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: role_descriptions - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: role_descriptions - role_from_instance_profiles: - id: aws.iam.role_from_instance_profiles - methods: - role_from_instance_profiles_Remove: - operation: - $ref: '#/paths/~1?Action=RemoveRoleFromInstanceProfile&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: role_from_instance_profiles - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: role_from_instance_profiles - role_permissions_boundaries: - id: aws.iam.role_permissions_boundaries - methods: - role_permissions_boundaries_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteRolePermissionsBoundary&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - role_permissions_boundaries_Put: - operation: - $ref: '#/paths/~1?Action=PutRolePermissionsBoundary&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: role_permissions_boundaries - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/role_permissions_boundaries/methods/role_permissions_boundaries_Delete' - insert: [] - select: [] - update: [] - title: role_permissions_boundaries - role_policies: - id: aws.iam.role_policies - methods: - role_policies_Attach: - operation: - $ref: '#/paths/~1?Action=AttachRolePolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - role_policies_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteRolePolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - role_policies_Detach: - operation: - $ref: '#/paths/~1?Action=DetachRolePolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - role_policies_Get: - operation: - $ref: '#/paths/~1?Action=GetRolePolicy&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetRolePolicyResult - openAPIDocKey: '200' - role_policies_List: - operation: - $ref: '#/paths/~1?Action=ListRolePolicies&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListRolePoliciesResult/PolicyNames/member - openAPIDocKey: '200' - role_policies_Put: - operation: - $ref: '#/paths/~1?Action=PutRolePolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: role_policies - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/role_policies/methods/role_policies_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/role_policies/methods/role_policies_Get' - - $ref: '#/components/x-stackQL-resources/role_policies/methods/role_policies_List' - update: [] - title: role_policies - role_tags: - id: aws.iam.role_tags - methods: - role_tags_List: - operation: - $ref: '#/paths/~1?Action=ListRoleTags&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListRoleTagsResult/Tags/member - openAPIDocKey: '200' - name: role_tags - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/role_tags/methods/role_tags_List' - update: [] - title: role_tags - role_to_instance_profiles: - id: aws.iam.role_to_instance_profiles - methods: - role_to_instance_profiles_Add: - operation: - $ref: '#/paths/~1?Action=AddRoleToInstanceProfile&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: role_to_instance_profiles - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: role_to_instance_profiles - roles: - id: aws.iam.roles - methods: - roles_Create: - operation: - $ref: '#/paths/~1?Action=CreateRole&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - roles_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteRole&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - roles_Get: - operation: - $ref: '#/paths/~1?Action=GetRole&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetRoleResult/Role - openAPIDocKey: '200' - roles_List: - operation: - $ref: '#/paths/~1?Action=ListRoles&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListRolesResult/Roles/member - openAPIDocKey: '200' - roles_Tag: - operation: - $ref: '#/paths/~1?Action=TagRole&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - roles_Untag: - operation: - $ref: '#/paths/~1?Action=UntagRole&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - roles_Update: - operation: - $ref: '#/paths/~1?Action=UpdateRole&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: roles - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/roles/methods/roles_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/roles/methods/roles_Create' - select: - - $ref: '#/components/x-stackQL-resources/roles/methods/roles_Get' - - $ref: '#/components/x-stackQL-resources/roles/methods/roles_List' - update: [] - title: roles - saml_provider_tags: - id: aws.iam.saml_provider_tags - methods: - saml_provider_tags_List: - operation: - $ref: '#/paths/~1?Action=ListSAMLProviderTags&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListSAMLProviderTagsResult/Tags/member - openAPIDocKey: '200' - name: saml_provider_tags - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/saml_provider_tags/methods/saml_provider_tags_List' - update: [] - title: saml_provider_tags - saml_providers: - id: aws.iam.saml_providers - methods: - saml_providers_Create: - operation: - $ref: '#/paths/~1?Action=CreateSAMLProvider&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - saml_providers_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteSAMLProvider&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - saml_providers_Get: - operation: - $ref: '#/paths/~1?Action=GetSAMLProvider&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetSAMLProviderResult - openAPIDocKey: '200' - saml_providers_List: - operation: - $ref: '#/paths/~1?Action=ListSAMLProviders&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListSAMLProvidersResult/SAMLProviderList/member - openAPIDocKey: '200' - saml_providers_Tag: - operation: - $ref: '#/paths/~1?Action=TagSAMLProvider&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - saml_providers_Untag: - operation: - $ref: '#/paths/~1?Action=UntagSAMLProvider&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - saml_providers_Update: - operation: - $ref: '#/paths/~1?Action=UpdateSAMLProvider&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: saml_providers - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/saml_providers/methods/saml_providers_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/saml_providers/methods/saml_providers_Create' - select: - - $ref: '#/components/x-stackQL-resources/saml_providers/methods/saml_providers_Get' - - $ref: '#/components/x-stackQL-resources/saml_providers/methods/saml_providers_List' - update: [] - title: saml_providers - security_token_service_preferences: - id: aws.iam.security_token_service_preferences - methods: - security_token_service_preferences_Set: - operation: - $ref: '#/paths/~1?Action=SetSecurityTokenServicePreferences&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: security_token_service_preferences - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: security_token_service_preferences - server_certificate_tags: - id: aws.iam.server_certificate_tags - methods: - server_certificate_tags_List: - operation: - $ref: '#/paths/~1?Action=ListServerCertificateTags&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListServerCertificateTagsResult/Tags/member - openAPIDocKey: '200' - name: server_certificate_tags - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/server_certificate_tags/methods/server_certificate_tags_List' - update: [] - title: server_certificate_tags - server_certificates: - id: aws.iam.server_certificates - methods: - server_certificates_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteServerCertificate&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - server_certificates_Get: - operation: - $ref: '#/paths/~1?Action=GetServerCertificate&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetServerCertificateResult - openAPIDocKey: '200' - server_certificates_List: - operation: - $ref: '#/paths/~1?Action=ListServerCertificates&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListServerCertificatesResult/ServerCertificateMetadataList/member - openAPIDocKey: '200' - server_certificates_Tag: - operation: - $ref: '#/paths/~1?Action=TagServerCertificate&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - server_certificates_Untag: - operation: - $ref: '#/paths/~1?Action=UntagServerCertificate&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - server_certificates_Update: - operation: - $ref: '#/paths/~1?Action=UpdateServerCertificate&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - server_certificates_Upload: - operation: - $ref: '#/paths/~1?Action=UploadServerCertificate&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: server_certificates - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/server_certificates/methods/server_certificates_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/server_certificates/methods/server_certificates_Get' - - $ref: '#/components/x-stackQL-resources/server_certificates/methods/server_certificates_List' - update: [] - title: server_certificates - service_last_accessed_details: - id: aws.iam.service_last_accessed_details - methods: - service_last_accessed_details_Generate: - operation: - $ref: '#/paths/~1?Action=GenerateServiceLastAccessedDetails&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - service_last_accessed_details_Get: - operation: - $ref: '#/paths/~1?Action=GetServiceLastAccessedDetails&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetServiceLastAccessedDetailsResult - openAPIDocKey: '200' - name: service_last_accessed_details - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/service_last_accessed_details/methods/service_last_accessed_details_Get' - update: [] - title: service_last_accessed_details - service_last_accessed_details_with_entities: - id: aws.iam.service_last_accessed_details_with_entities - methods: - service_last_accessed_details_with_entities_Get: - operation: - $ref: '#/paths/~1?Action=GetServiceLastAccessedDetailsWithEntities&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetServiceLastAccessedDetailsWithEntitiesResult - openAPIDocKey: '200' - name: service_last_accessed_details_with_entities - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/service_last_accessed_details_with_entities/methods/service_last_accessed_details_with_entities_Get' - update: [] - title: service_last_accessed_details_with_entities - service_linked_role_deletion_status: - id: aws.iam.service_linked_role_deletion_status - methods: - service_linked_role_deletion_status_Get: - operation: - $ref: '#/paths/~1?Action=GetServiceLinkedRoleDeletionStatus&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetServiceLinkedRoleDeletionStatusResult - openAPIDocKey: '200' - name: service_linked_role_deletion_status - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/service_linked_role_deletion_status/methods/service_linked_role_deletion_status_Get' - update: [] - title: service_linked_role_deletion_status - service_linked_roles: - id: aws.iam.service_linked_roles - methods: - service_linked_roles_Create: - operation: - $ref: '#/paths/~1?Action=CreateServiceLinkedRole&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - service_linked_roles_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteServiceLinkedRole&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: service_linked_roles - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/service_linked_roles/methods/service_linked_roles_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/service_linked_roles/methods/service_linked_roles_Create' - select: [] - update: [] - title: service_linked_roles - service_specific_credentials: - id: aws.iam.service_specific_credentials - methods: - service_specific_credentials_Create: - operation: - $ref: '#/paths/~1?Action=CreateServiceSpecificCredential&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - service_specific_credentials_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteServiceSpecificCredential&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - service_specific_credentials_List: - operation: - $ref: '#/paths/~1?Action=ListServiceSpecificCredentials&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListServiceSpecificCredentialsResult/ServiceSpecificCredentials/member - openAPIDocKey: '200' - service_specific_credentials_Reset: - operation: - $ref: '#/paths/~1?Action=ResetServiceSpecificCredential&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - service_specific_credentials_Update: - operation: - $ref: '#/paths/~1?Action=UpdateServiceSpecificCredential&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: service_specific_credentials - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/service_specific_credentials/methods/service_specific_credentials_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/service_specific_credentials/methods/service_specific_credentials_Create' - select: - - $ref: '#/components/x-stackQL-resources/service_specific_credentials/methods/service_specific_credentials_List' - update: [] - title: service_specific_credentials - signing_certificates: - id: aws.iam.signing_certificates - methods: - signing_certificates_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteSigningCertificate&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - signing_certificates_List: - operation: - $ref: '#/paths/~1?Action=ListSigningCertificates&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListSigningCertificatesResult/Certificates/member - openAPIDocKey: '200' - signing_certificates_Update: - operation: - $ref: '#/paths/~1?Action=UpdateSigningCertificate&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - signing_certificates_Upload: - operation: - $ref: '#/paths/~1?Action=UploadSigningCertificate&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: signing_certificates - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/signing_certificates/methods/signing_certificates_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/signing_certificates/methods/signing_certificates_List' - update: [] - title: signing_certificates - ssh_public_keys: - id: aws.iam.ssh_public_keys - methods: - ssh_public_keys_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteSSHPublicKey&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - ssh_public_keys_Get: - operation: - $ref: '#/paths/~1?Action=GetSSHPublicKey&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetSSHPublicKeyResult - openAPIDocKey: '200' - ssh_public_keys_List: - operation: - $ref: '#/paths/~1?Action=ListSSHPublicKeys&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListSSHPublicKeysResult/SSHPublicKeys/member - openAPIDocKey: '200' - ssh_public_keys_Update: - operation: - $ref: '#/paths/~1?Action=UpdateSSHPublicKey&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - ssh_public_keys_Upload: - operation: - $ref: '#/paths/~1?Action=UploadSSHPublicKey&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: ssh_public_keys - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/ssh_public_keys/methods/ssh_public_keys_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/ssh_public_keys/methods/ssh_public_keys_Get' - - $ref: '#/components/x-stackQL-resources/ssh_public_keys/methods/ssh_public_keys_List' - update: [] - title: ssh_public_keys - user_from_groups: - id: aws.iam.user_from_groups - methods: - user_from_groups_Remove: - operation: - $ref: '#/paths/~1?Action=RemoveUserFromGroup&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: user_from_groups - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: user_from_groups - user_permissions_boundaries: - id: aws.iam.user_permissions_boundaries - methods: - user_permissions_boundaries_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteUserPermissionsBoundary&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - user_permissions_boundaries_Put: - operation: - $ref: '#/paths/~1?Action=PutUserPermissionsBoundary&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: user_permissions_boundaries - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/user_permissions_boundaries/methods/user_permissions_boundaries_Delete' - insert: [] - select: [] - update: [] - title: user_permissions_boundaries - user_policies: - id: aws.iam.user_policies - methods: - user_policies_Attach: - operation: - $ref: '#/paths/~1?Action=AttachUserPolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - user_policies_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteUserPolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - user_policies_Detach: - operation: - $ref: '#/paths/~1?Action=DetachUserPolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - user_policies_Get: - operation: - $ref: '#/paths/~1?Action=GetUserPolicy&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetUserPolicyResult - openAPIDocKey: '200' - user_policies_List: - operation: - $ref: '#/paths/~1?Action=ListUserPolicies&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListUserPoliciesResult/PolicyNames/member - openAPIDocKey: '200' - user_policies_Put: - operation: - $ref: '#/paths/~1?Action=PutUserPolicy&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: user_policies - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/user_policies/methods/user_policies_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/user_policies/methods/user_policies_Get' - - $ref: '#/components/x-stackQL-resources/user_policies/methods/user_policies_List' - update: [] - title: user_policies - user_tags: - id: aws.iam.user_tags - methods: - user_tags_List: - operation: - $ref: '#/paths/~1?Action=ListUserTags&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListUserTagsResult/Tags/member - openAPIDocKey: '200' - name: user_tags - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/user_tags/methods/user_tags_List' - update: [] - title: user_tags - user_to_groups: - id: aws.iam.user_to_groups - methods: - user_to_groups_Add: - operation: - $ref: '#/paths/~1?Action=AddUserToGroup&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: user_to_groups - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: user_to_groups - users: - id: aws.iam.users - methods: - users_Create: - operation: - $ref: '#/paths/~1?Action=CreateUser&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - users_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteUser&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - users_Get: - operation: - $ref: '#/paths/~1?Action=GetUser&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/GetUserResult/User - openAPIDocKey: '200' - users_List: - operation: - $ref: '#/paths/~1?Action=ListUsers&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListUsersResult/Users/member - openAPIDocKey: '200' - users_Tag: - operation: - $ref: '#/paths/~1?Action=TagUser&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - users_Untag: - operation: - $ref: '#/paths/~1?Action=UntagUser&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - users_Update: - operation: - $ref: '#/paths/~1?Action=UpdateUser&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - name: users - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/users/methods/users_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/users/methods/users_Create' - select: - - $ref: '#/components/x-stackQL-resources/users/methods/users_List' - update: [] - title: users - virtual_mfa_devices: - id: aws.iam.virtual_mfa_devices - methods: - virtual_mfa_devices_Create: - operation: - $ref: '#/paths/~1?Action=CreateVirtualMFADevice&Version=2010-05-08/get' - response: - mediaType: text/xml - openAPIDocKey: '200' - virtual_mfa_devices_Delete: - operation: - $ref: '#/paths/~1?Action=DeleteVirtualMFADevice&Version=2010-05-08/get' - response: - openAPIDocKey: '200' - virtual_mfa_devices_List: - operation: - $ref: '#/paths/~1?Action=ListVirtualMFADevices&Version=2010-05-08/get' - response: - mediaType: text/xml - objectKey: /*/ListVirtualMFADevicesResult/VirtualMFADevices/member - openAPIDocKey: '200' - name: virtual_mfa_devices - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/virtual_mfa_devices/methods/virtual_mfa_devices_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/virtual_mfa_devices/methods/virtual_mfa_devices_Create' - select: - - $ref: '#/components/x-stackQL-resources/virtual_mfa_devices/methods/virtual_mfa_devices_List' - update: [] - title: virtual_mfa_devices -externalDocs: - description: Amazon Web Services documentation - url: https://docs.aws.amazon.com/iam/ -info: - contact: - email: mike.ralphson@gmail.com - name: Mike Ralphson - url: https://github.com/mermade/aws2openapi - x-twitter: PermittedSoc - description: Identity and Access Management

Identity and - Access Management (IAM) is a web service for securely controlling access to Amazon - Web Services services. With IAM, you can centrally manage users, security credentials - such as access keys, and permissions that control which Amazon Web Services resources - users and applications can access. For more information about IAM, see Identity - and Access Management (IAM) and the Identity - and Access Management User Guide.

- license: - name: Apache 2.0 License - url: http://www.apache.org/licenses/ - termsOfService: https://aws.amazon.com/service-terms/ - title: AWS Identity and Access Management - version: '2010-05-08' - x-apiClientRegistration: - url: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct - x-apisguru-categories: - - cloud - x-logo: - backgroundColor: '#FFFFFF' - url: https://twitter.com/awscloud/profile_image?size=original - x-origin: - - contentType: application/json - converter: - url: https://github.com/mermade/aws2openapi - version: 1.0.0 - url: https://raw.githubusercontent.com/aws/aws-sdk-js/master/apis/iam-2010-05-08.normal.json - x-apisguru-driver: external - x-preferred: true - x-providerName: amazonaws.com - x-release: v4 - x-serviceName: iam -openapi: 3.0.0 -paths: - /?Action=AddClientIDToOpenIDConnectProvider&Version=2010-05-08: - get: - description:

Adds a new client ID (also known as audience) to the list of - client IDs already registered for the specified IAM OpenID Connect (OIDC) - provider resource.

This operation is idempotent; it does not fail or - return an error if you add an existing client ID to the provider.

- operationId: GET_AddClientIDToOpenIDConnectProvider - parameters: - - description: The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) - provider resource to add the client ID to. You can get a list of OIDC provider - ARNs by using the ListOpenIDConnectProviders operation. - in: query - name: OpenIDConnectProviderArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description: The client ID (also known as audience) to add to the IAM OpenID - Connect provider resource. - in: query - name: ClientID - required: true - schema: - maxLength: 255 - minLength: 1 - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: AddClientIDToOpenIDConnectProvider - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Adds a new client ID (also known as audience) to the list of - client IDs already registered for the specified IAM OpenID Connect (OIDC) - provider resource.

This operation is idempotent; it does not fail or - return an error if you add an existing client ID to the provider.

- operationId: POST_AddClientIDToOpenIDConnectProvider - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AddClientIDToOpenIDConnectProviderRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: AddClientIDToOpenIDConnectProvider - /?Action=AddRoleToInstanceProfile&Version=2010-05-08: - get: - description:

Adds the specified IAM role to the specified instance profile. - An instance profile can contain only one role, and this quota cannot be increased. - You can remove the existing role and then add a different role to an instance - profile. You must then wait for the change to appear across all of Amazon - Web Services because of eventual - consistency. To force the change, you must disassociate - the instance profile and then associate - the instance profile, or you can stop your instance and then restart it.

-

The caller of this operation must be granted the PassRole - permission on the IAM role by a permissions policy.

For more - information about roles, see Working - with roles. For more information about instance profiles, see About - instance profiles.

- operationId: GET_AddRoleToInstanceProfile - parameters: - - description: '

The name of the instance profile to update.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: InstanceProfileName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

The name of the role to add.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: AddRoleToInstanceProfile - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Adds the specified IAM role to the specified instance profile. - An instance profile can contain only one role, and this quota cannot be increased. - You can remove the existing role and then add a different role to an instance - profile. You must then wait for the change to appear across all of Amazon - Web Services because of eventual - consistency. To force the change, you must disassociate - the instance profile and then associate - the instance profile, or you can stop your instance and then restart it.

-

The caller of this operation must be granted the PassRole - permission on the IAM role by a permissions policy.

For more - information about roles, see Working - with roles. For more information about instance profiles, see About - instance profiles.

- operationId: POST_AddRoleToInstanceProfile - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AddRoleToInstanceProfileRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: AddRoleToInstanceProfile - /?Action=AddUserToGroup&Version=2010-05-08: - get: - description: Adds the specified user to the specified group. - operationId: GET_AddUserToGroup - parameters: - - description: '

The name of the group to update.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: GroupName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

The name of the user to add.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: AddUserToGroup - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Adds the specified user to the specified group. - operationId: POST_AddUserToGroup - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AddUserToGroupRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: AddUserToGroup - /?Action=AttachGroupPolicy&Version=2010-05-08: - get: - description:

Attaches the specified managed policy to the specified IAM group.

-

You use this operation to attach a managed policy to a group. To embed - an inline policy in a group, use PutGroupPolicy.

As a best practice, - you can validate your IAM policies. To learn more, see Validating - IAM policies in the IAM User Guide.

For more information - about policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: GET_AttachGroupPolicy - parameters: - - description: '

The name (friendly name, not ARN) of the group to attach - the policy to.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: GroupName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The Amazon Resource Name (ARN) of the IAM policy you want - to attach.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/PolicyNotAttachableException' - description: PolicyNotAttachableException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: AttachGroupPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Attaches the specified managed policy to the specified IAM group.

-

You use this operation to attach a managed policy to a group. To embed - an inline policy in a group, use PutGroupPolicy.

As a best practice, - you can validate your IAM policies. To learn more, see Validating - IAM policies in the IAM User Guide.

For more information - about policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: POST_AttachGroupPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AttachGroupPolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/PolicyNotAttachableException' - description: PolicyNotAttachableException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: AttachGroupPolicy - /?Action=AttachRolePolicy&Version=2010-05-08: - get: - description:

Attaches the specified managed policy to the specified IAM role. - When you attach a managed policy to a role, the managed policy becomes part - of the role's permission (access) policy.

You cannot use a managed - policy as the role's trust policy. The role's trust policy is created at the - same time as the role, using CreateRole. You can update a role's trust - policy using UpdateAssumeRolePolicy.

Use this operation - to attach a managed policy to a role. To embed an inline policy in - a role, use PutRolePolicy. For more information about policies, see - Managed - policies and inline policies in the IAM User Guide.

As a - best practice, you can validate your IAM policies. To learn more, see Validating - IAM policies in the IAM User Guide.

- operationId: GET_AttachRolePolicy - parameters: - - description: '

The name (friendly name, not ARN) of the role to attach the - policy to.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The Amazon Resource Name (ARN) of the IAM policy you want - to attach.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/PolicyNotAttachableException' - description: PolicyNotAttachableException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: AttachRolePolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Attaches the specified managed policy to the specified IAM role. - When you attach a managed policy to a role, the managed policy becomes part - of the role's permission (access) policy.

You cannot use a managed - policy as the role's trust policy. The role's trust policy is created at the - same time as the role, using CreateRole. You can update a role's trust - policy using UpdateAssumeRolePolicy.

Use this operation - to attach a managed policy to a role. To embed an inline policy in - a role, use PutRolePolicy. For more information about policies, see - Managed - policies and inline policies in the IAM User Guide.

As a - best practice, you can validate your IAM policies. To learn more, see Validating - IAM policies in the IAM User Guide.

- operationId: POST_AttachRolePolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AttachRolePolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/PolicyNotAttachableException' - description: PolicyNotAttachableException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: AttachRolePolicy - /?Action=AttachUserPolicy&Version=2010-05-08: - get: - description:

Attaches the specified managed policy to the specified user.

-

You use this operation to attach a managed policy to a user. To - embed an inline policy in a user, use PutUserPolicy.

As a best - practice, you can validate your IAM policies. To learn more, see Validating - IAM policies in the IAM User Guide.

For more information - about policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: GET_AttachUserPolicy - parameters: - - description: '

The name (friendly name, not ARN) of the IAM user to attach - the policy to.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The Amazon Resource Name (ARN) of the IAM policy you want - to attach.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/PolicyNotAttachableException' - description: PolicyNotAttachableException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: AttachUserPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Attaches the specified managed policy to the specified user.

-

You use this operation to attach a managed policy to a user. To - embed an inline policy in a user, use PutUserPolicy.

As a best - practice, you can validate your IAM policies. To learn more, see Validating - IAM policies in the IAM User Guide.

For more information - about policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: POST_AttachUserPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/AttachUserPolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/PolicyNotAttachableException' - description: PolicyNotAttachableException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: AttachUserPolicy - /?Action=ChangePassword&Version=2010-05-08: - get: - description:

Changes the password of the IAM user who is calling this operation. - This operation can be performed using the CLI, the Amazon Web Services API, - or the My Security Credentials page in the Amazon Web Services Management - Console. The Amazon Web Services account root user password is not affected - by this operation.

Use UpdateLoginProfile to use the CLI, the - Amazon Web Services API, or the Users page in the IAM console to change - the password for any IAM user. For more information about modifying passwords, - see Managing - passwords in the IAM User Guide.

- operationId: GET_ChangePassword - parameters: - - description: The IAM user's current password. - in: query - name: OldPassword - required: true - schema: - format: password - maxLength: 128 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - - description:

The new password. The new password must conform to the Amazon - Web Services account's password policy, if one exists.

The regex - pattern that is used to validate this parameter is a string of characters. - That string can include almost any printable ASCII character from the space - (\u0020) through the end of the ASCII character range (\u00FF). - You can also include the tab (\u0009), line feed (\u000A), - and carriage return (\u000D) characters. Any of these characters - are valid in a password. However, many tools, such as the Amazon Web Services - Management Console, might restrict the ability to type certain characters - because they have special meaning within that tool.

- in: query - name: NewPassword - required: true - schema: - format: password - maxLength: 128 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidUserTypeException' - description: InvalidUserTypeException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' - description: EntityTemporarilyUnmodifiableException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/PasswordPolicyViolationException' - description: PasswordPolicyViolationException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ChangePassword - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Changes the password of the IAM user who is calling this operation. - This operation can be performed using the CLI, the Amazon Web Services API, - or the My Security Credentials page in the Amazon Web Services Management - Console. The Amazon Web Services account root user password is not affected - by this operation.

Use UpdateLoginProfile to use the CLI, the - Amazon Web Services API, or the Users page in the IAM console to change - the password for any IAM user. For more information about modifying passwords, - see Managing - passwords in the IAM User Guide.

- operationId: POST_ChangePassword - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ChangePasswordRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidUserTypeException' - description: InvalidUserTypeException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' - description: EntityTemporarilyUnmodifiableException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/PasswordPolicyViolationException' - description: PasswordPolicyViolationException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ChangePassword - /?Action=CreateAccessKey&Version=2010-05-08: - get: - description:

Creates a new Amazon Web Services secret access key and corresponding - Amazon Web Services access key ID for the specified user. The default status - for new keys is Active.

If you do not specify a user name, - IAM determines the user name implicitly based on the Amazon Web Services access - key ID signing the request. This operation works for access keys under the - Amazon Web Services account. Consequently, you can use this operation to manage - Amazon Web Services account root user credentials. This is true even if the - Amazon Web Services account has no associated users.

For information - about quotas on the number of keys you can create, see IAM - and STS quotas in the IAM User Guide.

To ensure - the security of your Amazon Web Services account, the secret access key is - accessible only during key and user creation. You must save the key (for example, - in a text file) if you want to be able to access it again. If a secret key - is lost, you can delete the access keys for the associated user and then create - new keys.

 - operationId: GET_CreateAccessKey - parameters: - - description: '

The name of the IAM user that the new key will belong to.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: false - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - CreateAccessKeyResult: - $ref: '#/components/schemas/CreateAccessKeyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateAccessKey - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Creates a new Amazon Web Services secret access key and corresponding - Amazon Web Services access key ID for the specified user. The default status - for new keys is Active.

If you do not specify a user name, - IAM determines the user name implicitly based on the Amazon Web Services access - key ID signing the request. This operation works for access keys under the - Amazon Web Services account. Consequently, you can use this operation to manage - Amazon Web Services account root user credentials. This is true even if the - Amazon Web Services account has no associated users.

For information - about quotas on the number of keys you can create, see IAM - and STS quotas in the IAM User Guide.

To ensure - the security of your Amazon Web Services account, the secret access key is - accessible only during key and user creation. You must save the key (for example, - in a text file) if you want to be able to access it again. If a secret key - is lost, you can delete the access keys for the associated user and then create - new keys.

 - operationId: POST_CreateAccessKey - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateAccessKeyRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - CreateAccessKeyResult: - $ref: '#/components/schemas/CreateAccessKeyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateAccessKey - /?Action=CreateAccountAlias&Version=2010-05-08: - get: - description: Creates an alias for your Amazon Web Services account. For information - about using an Amazon Web Services account alias, see Using - an alias for your Amazon Web Services account ID in the IAM User Guide. - operationId: GET_CreateAccountAlias - parameters: - - description:

The account alias to create.

This parameter allows - (through its regex pattern) - a string of characters consisting of lowercase letters, digits, and dashes. - You cannot start or finish with a dash, nor can you have two dashes in a - row.

- in: query - name: AccountAlias - required: true - schema: - maxLength: 63 - minLength: 3 - pattern: ^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$ - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateAccountAlias - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Creates an alias for your Amazon Web Services account. For information - about using an Amazon Web Services account alias, see Using - an alias for your Amazon Web Services account ID in the IAM User Guide. - operationId: POST_CreateAccountAlias - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateAccountAliasRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateAccountAlias - /?Action=CreateGroup&Version=2010-05-08: - get: - description:

Creates a new group.

For information about the number - of groups you can create, see IAM - and STS quotas in the IAM User Guide.

- operationId: GET_CreateGroup - parameters: - - description:

The path to the group. For more information about paths, - see IAM - identifiers in the IAM User Guide.

This parameter is optional. - If it is not included, it defaults to a slash (/).

This parameter - allows (through its regex pattern) - a string of characters consisting of either a forward slash (/) by itself - or a string that must begin and end with forward slashes. In addition, it - can contain any ASCII character from the ! (\u0021) through - the DEL character (\u007F), including most punctuation characters, - digits, and upper and lowercased letters.

- in: query - name: Path - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) - type: string - - description:

The name of the group to create. Do not include the path in - this value.

IAM user, group, role, and policy names must be unique - within the account. Names are not distinguished by case. For example, you - cannot create resources named both "MyResource" and "myresource".

- in: query - name: GroupName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - CreateGroupResult: - $ref: '#/components/schemas/CreateGroupResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateGroup - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Creates a new group.

For information about the number - of groups you can create, see IAM - and STS quotas in the IAM User Guide.

- operationId: POST_CreateGroup - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateGroupRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - CreateGroupResult: - $ref: '#/components/schemas/CreateGroupResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateGroup - /?Action=CreateInstanceProfile&Version=2010-05-08: - get: - description:

Creates a new instance profile. For information about instance - profiles, see Using - roles for applications on Amazon EC2 in the IAM User Guide, and - Instance - profiles in the Amazon EC2 User Guide.

For information - about the number of instance profiles you can create, see IAM - object quotas in the IAM User Guide.

- operationId: GET_CreateInstanceProfile - parameters: - - description: '

The name of the instance profile to create.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: InstanceProfileName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The path to the instance profile. For more information about - paths, see IAM - Identifiers in the IAM User Guide.

This parameter is optional. - If it is not included, it defaults to a slash (/).

This parameter - allows (through its regex pattern) - a string of characters consisting of either a forward slash (/) by itself - or a string that must begin and end with forward slashes. In addition, it - can contain any ASCII character from the ! (\u0021) through - the DEL character (\u007F), including most punctuation characters, - digits, and upper and lowercased letters.

- in: query - name: Path - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) - type: string - - description:

A list of tags that you want to attach to the newly created - IAM instance profile. Each tag consists of a key name and an associated - value. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

If any one - of the tags is invalid or if you exceed the allowed maximum number of tags, - then the entire request fails and the resource is not created.

 - in: query - name: Tags - required: false - schema: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - content: - text/xml: - schema: - properties: - CreateInstanceProfileResult: - $ref: '#/components/schemas/CreateInstanceProfileResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateInstanceProfile - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Creates a new instance profile. For information about instance - profiles, see Using - roles for applications on Amazon EC2 in the IAM User Guide, and - Instance - profiles in the Amazon EC2 User Guide.

For information - about the number of instance profiles you can create, see IAM - object quotas in the IAM User Guide.

- operationId: POST_CreateInstanceProfile - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateInstanceProfileRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - CreateInstanceProfileResult: - $ref: '#/components/schemas/CreateInstanceProfileResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateInstanceProfile - /?Action=CreateLoginProfile&Version=2010-05-08: - get: - description:

Creates a password for the specified IAM user. A password allows - an IAM user to access Amazon Web Services services through the Amazon Web - Services Management Console.

You can use the CLI, the Amazon Web Services - API, or the Users page in the IAM console to create a password for - any IAM user. Use ChangePassword to update your own existing password - in the My Security Credentials page in the Amazon Web Services Management - Console.

For more information about managing passwords, see Managing - passwords in the IAM User Guide.

- operationId: GET_CreateLoginProfile - parameters: - - description: '

The name of the IAM user to create a password for. The user - must already exist.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The new password for the user.

The regex - pattern that is used to validate this parameter is a string of characters. - That string can include almost any printable ASCII character from the space - (\u0020) through the end of the ASCII character range (\u00FF). - You can also include the tab (\u0009), line feed (\u000A), - and carriage return (\u000D) characters. Any of these characters - are valid in a password. However, many tools, such as the Amazon Web Services - Management Console, might restrict the ability to type certain characters - because they have special meaning within that tool.

- in: query - name: Password - required: true - schema: - format: password - maxLength: 128 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - - description: Specifies whether the user is required to set a new password - on next sign-in. - in: query - name: PasswordResetRequired - required: false - schema: - type: boolean - responses: - '200': - content: - text/xml: - schema: - properties: - CreateLoginProfileResult: - $ref: '#/components/schemas/CreateLoginProfileResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/PasswordPolicyViolationException' - description: PasswordPolicyViolationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateLoginProfile - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Creates a password for the specified IAM user. A password allows - an IAM user to access Amazon Web Services services through the Amazon Web - Services Management Console.

You can use the CLI, the Amazon Web Services - API, or the Users page in the IAM console to create a password for - any IAM user. Use ChangePassword to update your own existing password - in the My Security Credentials page in the Amazon Web Services Management - Console.

For more information about managing passwords, see Managing - passwords in the IAM User Guide.

- operationId: POST_CreateLoginProfile - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateLoginProfileRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - CreateLoginProfileResult: - $ref: '#/components/schemas/CreateLoginProfileResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/PasswordPolicyViolationException' - description: PasswordPolicyViolationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateLoginProfile - /?Action=CreateOpenIDConnectProvider&Version=2010-05-08: - get: - description:

Creates an IAM entity to describe an identity provider (IdP) - that supports OpenID Connect (OIDC).

-

The OIDC provider that you create with this operation can be used as a - principal in a role's trust policy. Such a policy establishes a trust relationship - between Amazon Web Services and the OIDC provider.

If you are using - an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't - need to create a separate IAM identity provider. These OIDC identity providers - are already built-in to Amazon Web Services and are available for your use. - Instead, you can move directly to creating new roles using your identity provider. - To learn more, see Creating - a role for web identity or OpenID connect federation in the IAM User - Guide.

When you create the IAM OIDC provider, you specify the following:

-

  • The URL of the OIDC identity provider (IdP) to trust

    • -

  • A list of client IDs (also known as audiences) that identify the application - or applications allowed to authenticate using the OIDC provider

    • -

  • A list of thumbprints of one or more server certificates that the - IdP uses

You get all of this information from the OIDC - IdP you want to use to access Amazon Web Services.

Amazon Web - Services secures communication with some OIDC identity providers (IdPs) through - our library of trusted certificate authorities (CAs) instead of using a certificate - thumbprint to verify your IdP server certificate. These OIDC IdPs include - Google, and those that use an Amazon S3 bucket to host a JSON Web Key Set - (JWKS) endpoint. In these cases, your legacy thumbprint remains in your configuration, - but is no longer used for validation.

The trust for - the OIDC provider is derived from the IAM provider that this operation creates. - Therefore, it is best to limit access to the CreateOpenIDConnectProvider - operation to highly privileged users.

 - operationId: GET_CreateOpenIDConnectProvider - parameters: - - description:

The URL of the identity provider. The URL must begin with - https:// and should correspond to the iss claim - in the provider's OpenID Connect ID tokens. Per the OIDC standard, path - components are allowed but query parameters are not. Typically the URL consists - of only a hostname, like https://server.example.org or https://example.com. - The URL should not contain a port number.

You cannot register the - same provider multiple times in a single Amazon Web Services account. If - you try to submit a URL that has already been used for an OpenID Connect - provider in the Amazon Web Services account, you will get an error.

- in: query - name: Url - required: true - schema: - description: Contains a URL that specifies the endpoint for an OpenID Connect - provider. - maxLength: 255 - minLength: 1 - type: string - - description:

Provides a list of client IDs, also known as audiences. When - a mobile or web app registers with an OpenID Connect provider, they establish - a value that identifies the application. This is the value that's sent as - the client_id parameter on OAuth requests.

You can register - multiple client IDs with the same provider. For example, you might have - multiple applications that use the same OIDC provider. You cannot register - more than 100 client IDs with a single IAM OIDC provider.

There is - no defined format for a client ID. The CreateOpenIDConnectProviderRequest - operation accepts client IDs up to 255 characters long.

- in: query - name: ClientIDList - required: false - schema: - items: - allOf: - - $ref: '#/components/schemas/clientIDType' - - xml: - name: member - type: array - - description:

A list of server certificate thumbprints for the OpenID Connect - (OIDC) identity provider's server certificates. Typically this list includes - only one entry. However, IAM lets you have up to five thumbprints for an - OIDC provider. This lets you maintain multiple thumbprints if the identity - provider is rotating certificates.

The server certificate thumbprint - is the hex-encoded SHA-1 hash value of the X.509 certificate used by the - domain where the OpenID Connect provider makes its keys available. It is - always a 40-character string.

You must provide at least one thumbprint - when creating an IAM OIDC provider. For example, assume that the OIDC provider - is server.example.com and the provider stores its keys at https://keys.server.example.com/openid-connect. - In that case, the thumbprint string would be the hex-encoded SHA-1 hash - value of the certificate used by https://keys.server.example.com. -

For more information about obtaining the OIDC provider thumbprint, - see Obtaining - the thumbprint for an OpenID Connect provider in the IAM User Guide.

- in: query - name: ThumbprintList - required: true - schema: - description: Contains a list of thumbprints of identity provider server - certificates. - items: - allOf: - - $ref: '#/components/schemas/thumbprintType' - - xml: - name: member - type: array - - description:

A list of tags that you want to attach to the new IAM OpenID - Connect (OIDC) provider. Each tag consists of a key name and an associated - value. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

If any one - of the tags is invalid or if you exceed the allowed maximum number of tags, - then the entire request fails and the resource is not created.

 - in: query - name: Tags - required: false - schema: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - content: - text/xml: - schema: - properties: - CreateOpenIDConnectProviderResult: - $ref: '#/components/schemas/CreateOpenIDConnectProviderResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateOpenIDConnectProvider - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Creates an IAM entity to describe an identity provider (IdP) - that supports OpenID Connect (OIDC).

-

The OIDC provider that you create with this operation can be used as a - principal in a role's trust policy. Such a policy establishes a trust relationship - between Amazon Web Services and the OIDC provider.

If you are using - an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't - need to create a separate IAM identity provider. These OIDC identity providers - are already built-in to Amazon Web Services and are available for your use. - Instead, you can move directly to creating new roles using your identity provider. - To learn more, see Creating - a role for web identity or OpenID connect federation in the IAM User - Guide.

When you create the IAM OIDC provider, you specify the following:

-

  • The URL of the OIDC identity provider (IdP) to trust

    • -

  • A list of client IDs (also known as audiences) that identify the application - or applications allowed to authenticate using the OIDC provider

    • -

  • A list of thumbprints of one or more server certificates that the - IdP uses

You get all of this information from the OIDC - IdP you want to use to access Amazon Web Services.

Amazon Web - Services secures communication with some OIDC identity providers (IdPs) through - our library of trusted certificate authorities (CAs) instead of using a certificate - thumbprint to verify your IdP server certificate. These OIDC IdPs include - Google, and those that use an Amazon S3 bucket to host a JSON Web Key Set - (JWKS) endpoint. In these cases, your legacy thumbprint remains in your configuration, - but is no longer used for validation.

The trust for - the OIDC provider is derived from the IAM provider that this operation creates. - Therefore, it is best to limit access to the CreateOpenIDConnectProvider - operation to highly privileged users.

 - operationId: POST_CreateOpenIDConnectProvider - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateOpenIDConnectProviderRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - CreateOpenIDConnectProviderResult: - $ref: '#/components/schemas/CreateOpenIDConnectProviderResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateOpenIDConnectProvider - /?Action=CreatePolicy&Version=2010-05-08: - get: - description:

Creates a new managed policy for your Amazon Web Services account.

-

This operation creates a policy version with a version identifier of v1 - and sets v1 as the policy's default version. For more information about policy - versions, see Versioning - for managed policies in the IAM User Guide.

As a best practice, - you can validate your IAM policies. To learn more, see Validating - IAM policies in the IAM User Guide.

For more information - about managed policies in general, see Managed - policies and inline policies in the IAM User Guide.

- operationId: GET_CreatePolicy - parameters: - - description:

The friendly name of the policy.

IAM user, group, role, - and policy names must be unique within the account. Names are not distinguished - by case. For example, you cannot create resources named both "MyResource" - and "myresource".

- in: query - name: PolicyName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The path for the policy.

For more information about - paths, see IAM - identifiers in the IAM User Guide.

This parameter is optional. - If it is not included, it defaults to a slash (/).

This parameter - allows (through its regex pattern) - a string of characters consisting of either a forward slash (/) by itself - or a string that must begin and end with forward slashes. In addition, it - can contain any ASCII character from the ! (\u0021) through - the DEL character (\u007F), including most punctuation characters, - digits, and upper and lowercased letters.

You cannot use an - asterisk (*) in the path name.

 - in: query - name: Path - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ - type: string - - description:

The JSON policy document that you want to use as the content - for the new policy.

You must provide policies in JSON format in IAM. - However, for CloudFormation templates formatted in YAML, you can provide - the policy in JSON or YAML format. CloudFormation always converts a YAML - policy to JSON format before submitting it to IAM.

The maximum length - of the policy document that you can pass in this operation, including whitespace, - is listed below. To view the maximum character counts of a managed policy - with no whitespaces, see IAM - and STS character quotas.

To learn more about JSON policy grammar, - see Grammar - of the IAM JSON policy language in the IAM User Guide.

The - regex pattern used to validate - this parameter is a string of characters consisting of the following:

-

  • Any printable ASCII character ranging from the space character - (\u0020) through the end of the ASCII character range

    • -

  • The printable characters in the Basic Latin and Latin-1 Supplement - character set (through \u00FF)

  • The special - characters tab (\u0009), line feed (\u000A), and - carriage return (\u000D)

- in: query - name: PolicyDocument - required: true - schema: - maxLength: 131072 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - - description:

A friendly description of the policy.

Typically used - to store information about the permissions defined in the policy. For example, - "Grants access to production DynamoDB tables."

The policy description - is immutable. After a value is assigned, it cannot be changed.

- in: query - name: Description - required: false - schema: - maxLength: 1000 - type: string - - description:

A list of tags that you want to attach to the new IAM customer - managed policy. Each tag consists of a key name and an associated value. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

If any one - of the tags is invalid or if you exceed the allowed maximum number of tags, - then the entire request fails and the resource is not created.

 - in: query - name: Tags - required: false - schema: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - content: - text/xml: - schema: - properties: - CreatePolicyResult: - $ref: '#/components/schemas/CreatePolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreatePolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Creates a new managed policy for your Amazon Web Services account.

-

This operation creates a policy version with a version identifier of v1 - and sets v1 as the policy's default version. For more information about policy - versions, see Versioning - for managed policies in the IAM User Guide.

As a best practice, - you can validate your IAM policies. To learn more, see Validating - IAM policies in the IAM User Guide.

For more information - about managed policies in general, see Managed - policies and inline policies in the IAM User Guide.

- operationId: POST_CreatePolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreatePolicyRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - CreatePolicyResult: - $ref: '#/components/schemas/CreatePolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreatePolicy - /?Action=CreatePolicyVersion&Version=2010-05-08: - get: - description:

Creates a new version of the specified managed policy. To update - a managed policy, you create a new policy version. A managed policy can have - up to five versions. If the policy has five versions, you must delete an existing - version using DeletePolicyVersion before you create a new version.

-

Optionally, you can set the new version as the policy's default version. - The default version is the version that is in effect for the IAM users, groups, - and roles to which the policy is attached.

For more information about - managed policy versions, see Versioning - for managed policies in the IAM User Guide.

- operationId: GET_CreatePolicyVersion - parameters: - - description:

The Amazon Resource Name (ARN) of the IAM policy to which - you want to add a new version.

For more information about ARNs, see - Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description:

The JSON policy document that you want to use as the content - for this new version of the policy.

You must provide policies in - JSON format in IAM. However, for CloudFormation templates formatted in YAML, - you can provide the policy in JSON or YAML format. CloudFormation always - converts a YAML policy to JSON format before submitting it to IAM.

The - maximum length of the policy document that you can pass in this operation, - including whitespace, is listed below. To view the maximum character counts - of a managed policy with no whitespaces, see IAM - and STS character quotas.

The regex - pattern used to validate this parameter is a string of characters consisting - of the following:

  • Any printable ASCII character ranging - from the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line feed - (\u000A), and carriage return (\u000D)

    • -
- in: query - name: PolicyDocument - required: true - schema: - maxLength: 131072 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - - description:

Specifies whether to set this version as the policy's default - version.

When this parameter is true, the new policy - version becomes the operative version. That is, it becomes the version that - is in effect for the IAM users, groups, and roles that the policy is attached - to.

For more information about managed policy versions, see Versioning - for managed policies in the IAM User Guide.

- in: query - name: SetAsDefault - required: false - schema: - type: boolean - responses: - '200': - content: - text/xml: - schema: - properties: - CreatePolicyVersionResult: - $ref: '#/components/schemas/CreatePolicyVersionResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreatePolicyVersion - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Creates a new version of the specified managed policy. To update - a managed policy, you create a new policy version. A managed policy can have - up to five versions. If the policy has five versions, you must delete an existing - version using DeletePolicyVersion before you create a new version.

-

Optionally, you can set the new version as the policy's default version. - The default version is the version that is in effect for the IAM users, groups, - and roles to which the policy is attached.

For more information about - managed policy versions, see Versioning - for managed policies in the IAM User Guide.

- operationId: POST_CreatePolicyVersion - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreatePolicyVersionRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - CreatePolicyVersionResult: - $ref: '#/components/schemas/CreatePolicyVersionResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreatePolicyVersion - /?Action=CreateRole&Version=2010-05-08: - get: - description: Creates a new role for your Amazon Web Services account. For more - information about roles, see IAM - roles. For information about quotas for role names and the number of roles - you can create, see IAM - and STS quotas in the IAM User Guide. - operationId: GET_CreateRole - parameters: - - description:

The path to the role. For more information about paths, see - IAM - Identifiers in the IAM User Guide.

This parameter is optional. - If it is not included, it defaults to a slash (/).

This parameter - allows (through its regex pattern) - a string of characters consisting of either a forward slash (/) by itself - or a string that must begin and end with forward slashes. In addition, it - can contain any ASCII character from the ! (\u0021) through - the DEL character (\u007F), including most punctuation characters, - digits, and upper and lowercased letters.

- in: query - name: Path - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) - type: string - - description:

The name of the role to create.

IAM user, group, role, - and policy names must be unique within the account. Names are not distinguished - by case. For example, you cannot create resources named both "MyResource" - and "myresource".

- in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The trust relationship policy document that grants an entity - permission to assume the role.

In IAM, you must provide a JSON policy - that has been converted to a string. However, for CloudFormation templates - formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation - always converts a YAML policy to JSON format before submitting it to IAM.

-

The regex pattern used - to validate this parameter is a string of characters consisting of the following:

-

  • Any printable ASCII character ranging from the space character - (\u0020) through the end of the ASCII character range

    • -

  • The printable characters in the Basic Latin and Latin-1 Supplement - character set (through \u00FF)

  • The special - characters tab (\u0009), line feed (\u000A), and - carriage return (\u000D)

Upon success, - the response includes the same trust policy in JSON format.

- in: query - name: AssumeRolePolicyDocument - required: true - schema: - maxLength: 131072 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - - description: A description of the role. - in: query - name: Description - required: false - schema: - maxLength: 1000 - pattern: '[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}]*' - type: string - - description:

The maximum session duration (in seconds) that you want to - set for the specified role. If you do not specify a value for this setting, - the default maximum of one hour is applied. This setting can have a value - from 1 hour to 12 hours.

Anyone who assumes the role from the or - API can use the DurationSeconds API parameter or the duration-seconds - CLI parameter to request a longer session. The MaxSessionDuration - setting determines the maximum duration that can be requested using the - DurationSeconds parameter. If users don't specify a value for - the DurationSeconds parameter, their security credentials are - valid for one hour by default. This applies when you use the AssumeRole* - API operations or the assume-role* CLI operations but does - not apply when you use those operations to create a console URL. For more - information, see Using - IAM roles in the IAM User Guide.

- in: query - name: MaxSessionDuration - required: false - schema: - maximum: 43200 - minimum: 3600 - type: integer - - description: The ARN of the policy that is used to set the permissions boundary - for the role. - in: query - name: PermissionsBoundary - required: false - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description:

A list of tags that you want to attach to the new role. Each - tag consists of a key name and an associated value. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide.

If any one - of the tags is invalid or if you exceed the allowed maximum number of tags, - then the entire request fails and the resource is not created.

 - in: query - name: Tags - required: false - schema: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - content: - text/xml: - schema: - properties: - CreateRoleResult: - $ref: '#/components/schemas/CreateRoleResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateRole - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Creates a new role for your Amazon Web Services account. For more - information about roles, see IAM - roles. For information about quotas for role names and the number of roles - you can create, see IAM - and STS quotas in the IAM User Guide. - operationId: POST_CreateRole - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateRoleRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - CreateRoleResult: - $ref: '#/components/schemas/CreateRoleResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateRole - /?Action=CreateSAMLProvider&Version=2010-05-08: - get: - description:

Creates an IAM resource that describes an identity provider - (IdP) that supports SAML 2.0.

The SAML provider resource that you create - with this operation can be used as a principal in an IAM role's trust policy. - Such a policy can enable federated users who sign in using the SAML IdP to - assume the role. You can create an IAM role that supports Web-based single - sign-on (SSO) to the Amazon Web Services Management Console or one that supports - API access to Amazon Web Services.

When you create the SAML provider - resource, you upload a SAML metadata document that you get from your IdP. - That document includes the issuer's name, expiration information, and keys - that can be used to validate the SAML authentication response (assertions) - that the IdP sends. You must generate the metadata document using the identity - management software that is used as your organization's IdP.

- This operation requires Signature - Version 4.

For more information, see Enabling - SAML 2.0 federated users to access the Amazon Web Services Management Console - and About - SAML 2.0-based federation in the IAM User Guide.

- operationId: GET_CreateSAMLProvider - parameters: - - description:

An XML document generated by an identity provider (IdP) that - supports SAML 2.0. The document includes the issuer's name, expiration information, - and keys that can be used to validate the SAML authentication response (assertions) - that are received from the IdP. You must generate the metadata document - using the identity management software that is used as your organization's - IdP.

For more information, see About - SAML 2.0-based federation in the IAM User Guide

- in: query - name: SAMLMetadataDocument - required: true - schema: - maxLength: 10000000 - minLength: 1000 - type: string - - description: '

The name of the provider to create.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: Name - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w._-]+' - type: string - - description:

A list of tags that you want to attach to the new IAM SAML - provider. Each tag consists of a key name and an associated value. For more - information about tagging, see Tagging - IAM resources in the IAM User Guide.

If any one - of the tags is invalid or if you exceed the allowed maximum number of tags, - then the entire request fails and the resource is not created.

 - in: query - name: Tags - required: false - schema: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - content: - text/xml: - schema: - properties: - CreateSAMLProviderResult: - $ref: '#/components/schemas/CreateSAMLProviderResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateSAMLProvider - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Creates an IAM resource that describes an identity provider - (IdP) that supports SAML 2.0.

The SAML provider resource that you create - with this operation can be used as a principal in an IAM role's trust policy. - Such a policy can enable federated users who sign in using the SAML IdP to - assume the role. You can create an IAM role that supports Web-based single - sign-on (SSO) to the Amazon Web Services Management Console or one that supports - API access to Amazon Web Services.

When you create the SAML provider - resource, you upload a SAML metadata document that you get from your IdP. - That document includes the issuer's name, expiration information, and keys - that can be used to validate the SAML authentication response (assertions) - that the IdP sends. You must generate the metadata document using the identity - management software that is used as your organization's IdP.

- This operation requires Signature - Version 4.

For more information, see Enabling - SAML 2.0 federated users to access the Amazon Web Services Management Console - and About - SAML 2.0-based federation in the IAM User Guide.

- operationId: POST_CreateSAMLProvider - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateSAMLProviderRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - CreateSAMLProviderResult: - $ref: '#/components/schemas/CreateSAMLProviderResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateSAMLProvider - /?Action=CreateServiceLinkedRole&Version=2010-05-08: - get: - description:

Creates an IAM role that is linked to a specific Amazon Web - Services service. The service controls the attached policies and when the - role can be deleted. This helps ensure that the service is not broken by an - unexpectedly changed or deleted role, which could put your Amazon Web Services - resources into an unknown state. Allowing the service to control the role - helps improve service stability and proper cleanup when a service and its - role are no longer needed. For more information, see Using - service-linked roles in the IAM User Guide.

To attach a - policy to this service-linked role, you must make the request using the Amazon - Web Services service that depends on this role.

- operationId: GET_CreateServiceLinkedRole - parameters: - - description: '

The service principal for the Amazon Web Services service - to which this role is attached. You use a string similar to a URL but without - the http:// in front. For example: elasticbeanstalk.amazonaws.com. -

Service principals are unique and case-sensitive. To find the exact - service principal for your service-linked role, see Amazon - Web Services services that work with IAM in the IAM User Guide. - Look for the services that have Yes in the Service-Linked Role - column. Choose the Yes link to view the service-linked role documentation - for that service.

' - in: query - name: AWSServiceName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: The description of the role. - in: query - name: Description - required: false - schema: - maxLength: 1000 - pattern: '[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}]*' - type: string - - description:

A string that you provide, which is combined with the - service-provided prefix to form the complete role name. If you make multiple - requests for the same service, then you must supply a different CustomSuffix - for each request. Otherwise the request fails with a duplicate role name - error. For example, you could add -1 or -debug - to the suffix.

Some services do not support the CustomSuffix - parameter. If you provide an optional suffix and the operation fails, try - the operation again without the suffix.

- in: query - name: CustomSuffix - required: false - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - CreateServiceLinkedRoleResult: - $ref: '#/components/schemas/CreateServiceLinkedRoleResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateServiceLinkedRole - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Creates an IAM role that is linked to a specific Amazon Web - Services service. The service controls the attached policies and when the - role can be deleted. This helps ensure that the service is not broken by an - unexpectedly changed or deleted role, which could put your Amazon Web Services - resources into an unknown state. Allowing the service to control the role - helps improve service stability and proper cleanup when a service and its - role are no longer needed. For more information, see Using - service-linked roles in the IAM User Guide.

To attach a - policy to this service-linked role, you must make the request using the Amazon - Web Services service that depends on this role.

- operationId: POST_CreateServiceLinkedRole - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateServiceLinkedRoleRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - CreateServiceLinkedRoleResult: - $ref: '#/components/schemas/CreateServiceLinkedRoleResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateServiceLinkedRole - /?Action=CreateServiceSpecificCredential&Version=2010-05-08: - get: - description: '

Generates a set of credentials consisting of a user name and - password that can be used to access the service specified in the request. - These credentials are generated by IAM, and can be used only for the specified - service.

You can have a maximum of two sets of service-specific credentials - for each supported service per user.

You can create service-specific - credentials for CodeCommit and Amazon Keyspaces (for Apache Cassandra).

-

You can reset the password to a new service-generated value by calling - ResetServiceSpecificCredential.

For more information about service-specific - credentials, see Using - IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web Services access - keys in the IAM User Guide.

' - operationId: GET_CreateServiceSpecificCredential - parameters: - - description: '

The name of the IAM user that is to be associated with the - credentials. The new service-specific credentials have the same permissions - as the associated user except that they can be used only to access the specified - service.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: The name of the Amazon Web Services service that is to be associated - with the credentials. The service you specify here is the only service that - can be accessed using these credentials. - in: query - name: ServiceName - required: true - schema: - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - CreateServiceSpecificCredentialResult: - $ref: '#/components/schemas/CreateServiceSpecificCredentialResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceNotSupportedException' - description: ServiceNotSupportedException - x-aws-operation-name: CreateServiceSpecificCredential - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: '

Generates a set of credentials consisting of a user name and - password that can be used to access the service specified in the request. - These credentials are generated by IAM, and can be used only for the specified - service.

You can have a maximum of two sets of service-specific credentials - for each supported service per user.

You can create service-specific - credentials for CodeCommit and Amazon Keyspaces (for Apache Cassandra).

-

You can reset the password to a new service-generated value by calling - ResetServiceSpecificCredential.

For more information about service-specific - credentials, see Using - IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web Services access - keys in the IAM User Guide.

' - operationId: POST_CreateServiceSpecificCredential - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateServiceSpecificCredentialRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - CreateServiceSpecificCredentialResult: - $ref: '#/components/schemas/CreateServiceSpecificCredentialResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceNotSupportedException' - description: ServiceNotSupportedException - x-aws-operation-name: CreateServiceSpecificCredential - /?Action=CreateUser&Version=2010-05-08: - get: - description:

Creates a new IAM user for your Amazon Web Services account.

-

For information about quotas for the number of IAM users you can create, - see IAM - and STS quotas in the IAM User Guide.

- operationId: GET_CreateUser - parameters: - - description:

The path for the user name. For more information about paths, - see IAM - identifiers in the IAM User Guide.

This parameter is optional. - If it is not included, it defaults to a slash (/).

This parameter - allows (through its regex pattern) - a string of characters consisting of either a forward slash (/) by itself - or a string that must begin and end with forward slashes. In addition, it - can contain any ASCII character from the ! (\u0021) through - the DEL character (\u007F), including most punctuation characters, - digits, and upper and lowercased letters.

- in: query - name: Path - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) - type: string - - description:

The name of the user to create.

IAM user, group, role, - and policy names must be unique within the account. Names are not distinguished - by case. For example, you cannot create resources named both "MyResource" - and "myresource".

- in: query - name: UserName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: The ARN of the policy that is used to set the permissions boundary - for the user. - in: query - name: PermissionsBoundary - required: false - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description:

A list of tags that you want to attach to the new user. Each - tag consists of a key name and an associated value. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide.

If any one - of the tags is invalid or if you exceed the allowed maximum number of tags, - then the entire request fails and the resource is not created.

 - in: query - name: Tags - required: false - schema: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - content: - text/xml: - schema: - properties: - CreateUserResult: - $ref: '#/components/schemas/CreateUserResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateUser - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Creates a new IAM user for your Amazon Web Services account.

-

For information about quotas for the number of IAM users you can create, - see IAM - and STS quotas in the IAM User Guide.

- operationId: POST_CreateUser - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateUserRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - CreateUserResult: - $ref: '#/components/schemas/CreateUserResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateUser - /?Action=CreateVirtualMFADevice&Version=2010-05-08: - get: - description:

Creates a new virtual MFA device for the Amazon Web Services - account. After creating the virtual MFA, use EnableMFADevice to attach - the MFA device to an IAM user. For more information about creating and working - with virtual MFA devices, see Using - a virtual MFA device in the IAM User Guide.

For information - about the maximum number of MFA devices you can create, see IAM - and STS quotas in the IAM User Guide.

The seed - information contained in the QR code and the Base32 string should be treated - like any other secret access information. In other words, protect the seed - information as you would your Amazon Web Services access keys or your passwords. - After you provision your virtual device, you should ensure that the information - is destroyed following secure procedures.

 - operationId: GET_CreateVirtualMFADevice - parameters: - - description:

The path for the virtual MFA device. For more information - about paths, see IAM - identifiers in the IAM User Guide.

This parameter is optional. - If it is not included, it defaults to a slash (/).

This parameter - allows (through its regex pattern) - a string of characters consisting of either a forward slash (/) by itself - or a string that must begin and end with forward slashes. In addition, it - can contain any ASCII character from the ! (\u0021) through - the DEL character (\u007F), including most punctuation characters, - digits, and upper and lowercased letters.

- in: query - name: Path - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) - type: string - - description: '

The name of the virtual MFA device. Use with path to uniquely - identify a virtual MFA device.

This parameter allows (through its - regex pattern) a string of - characters consisting of upper and lowercase alphanumeric characters with - no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: VirtualMFADeviceName - required: true - schema: - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

A list of tags that you want to attach to the new IAM virtual - MFA device. Each tag consists of a key name and an associated value. For - more information about tagging, see Tagging - IAM resources in the IAM User Guide.

If any one - of the tags is invalid or if you exceed the allowed maximum number of tags, - then the entire request fails and the resource is not created.

 - in: query - name: Tags - required: false - schema: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - content: - text/xml: - schema: - properties: - CreateVirtualMFADeviceResult: - $ref: '#/components/schemas/CreateVirtualMFADeviceResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateVirtualMFADevice - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Creates a new virtual MFA device for the Amazon Web Services - account. After creating the virtual MFA, use EnableMFADevice to attach - the MFA device to an IAM user. For more information about creating and working - with virtual MFA devices, see Using - a virtual MFA device in the IAM User Guide.

For information - about the maximum number of MFA devices you can create, see IAM - and STS quotas in the IAM User Guide.

The seed - information contained in the QR code and the Base32 string should be treated - like any other secret access information. In other words, protect the seed - information as you would your Amazon Web Services access keys or your passwords. - After you provision your virtual device, you should ensure that the information - is destroyed following secure procedures.

 - operationId: POST_CreateVirtualMFADevice - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateVirtualMFADeviceRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - CreateVirtualMFADeviceResult: - $ref: '#/components/schemas/CreateVirtualMFADeviceResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: CreateVirtualMFADevice - /?Action=DeactivateMFADevice&Version=2010-05-08: - get: - description:

Deactivates the specified MFA device and removes it from association - with the user name for which it was originally enabled.

For more information - about creating and working with virtual MFA devices, see Enabling - a virtual multi-factor authentication (MFA) device in the IAM User - Guide.

- operationId: GET_DeactivateMFADevice - parameters: - - description: '

The name of the user whose MFA device you want to deactivate.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

The serial number that uniquely identifies the MFA device. - For virtual MFA devices, the serial number is the device ARN.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - =,.@:/-

' - in: query - name: SerialNumber - required: true - schema: - maxLength: 256 - minLength: 9 - pattern: '[\w+=/:,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' - description: EntityTemporarilyUnmodifiableException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeactivateMFADevice - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deactivates the specified MFA device and removes it from association - with the user name for which it was originally enabled.

For more information - about creating and working with virtual MFA devices, see Enabling - a virtual multi-factor authentication (MFA) device in the IAM User - Guide.

- operationId: POST_DeactivateMFADevice - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeactivateMFADeviceRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' - description: EntityTemporarilyUnmodifiableException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeactivateMFADevice - /?Action=DeleteAccessKey&Version=2010-05-08: - get: - description:

Deletes the access key pair associated with the specified IAM - user.

If you do not specify a user name, IAM determines the user name - implicitly based on the Amazon Web Services access key ID signing the request. - This operation works for access keys under the Amazon Web Services account. - Consequently, you can use this operation to manage Amazon Web Services account - root user credentials even if the Amazon Web Services account has no associated - users.

- operationId: GET_DeleteAccessKey - parameters: - - description: '

The name of the user whose access key pair you want to delete.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: false - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The access key ID for the access key ID and secret access - key you want to delete.

This parameter allows (through its regex - pattern) a string of characters that can consist of any upper or lowercased - letter or digit.

- in: query - name: AccessKeyId - required: true - schema: - maxLength: 128 - minLength: 16 - pattern: '[\w]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteAccessKey - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes the access key pair associated with the specified IAM - user.

If you do not specify a user name, IAM determines the user name - implicitly based on the Amazon Web Services access key ID signing the request. - This operation works for access keys under the Amazon Web Services account. - Consequently, you can use this operation to manage Amazon Web Services account - root user credentials even if the Amazon Web Services account has no associated - users.

- operationId: POST_DeleteAccessKey - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteAccessKeyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteAccessKey - /?Action=DeleteAccountAlias&Version=2010-05-08: - get: - description: ' Deletes the specified Amazon Web Services account alias. For - information about using an Amazon Web Services account alias, see Using - an alias for your Amazon Web Services account ID in the IAM User Guide.' - operationId: GET_DeleteAccountAlias - parameters: - - description:

The name of the account alias to delete.

This parameter - allows (through its regex pattern) - a string of characters consisting of lowercase letters, digits, and dashes. - You cannot start or finish with a dash, nor can you have two dashes in a - row.

- in: query - name: AccountAlias - required: true - schema: - maxLength: 63 - minLength: 3 - pattern: ^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$ - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteAccountAlias - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: ' Deletes the specified Amazon Web Services account alias. For - information about using an Amazon Web Services account alias, see Using - an alias for your Amazon Web Services account ID in the IAM User Guide.' - operationId: POST_DeleteAccountAlias - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteAccountAliasRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteAccountAlias - /?Action=DeleteAccountPasswordPolicy&Version=2010-05-08: - get: - description: Deletes the password policy for the Amazon Web Services account. - There are no parameters. - operationId: GET_DeleteAccountPasswordPolicy - parameters: [] - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteAccountPasswordPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Deletes the password policy for the Amazon Web Services account. - There are no parameters. - operationId: POST_DeleteAccountPasswordPolicy - parameters: [] - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteAccountPasswordPolicy - /?Action=DeleteGroup&Version=2010-05-08: - get: - description: Deletes the specified IAM group. The group must not contain any - users or have any attached policies. - operationId: GET_DeleteGroup - parameters: - - description: '

The name of the IAM group to delete.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: GroupName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteGroup - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Deletes the specified IAM group. The group must not contain any - users or have any attached policies. - operationId: POST_DeleteGroup - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteGroupRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteGroup - /?Action=DeleteGroupPolicy&Version=2010-05-08: - get: - description:

Deletes the specified inline policy that is embedded in the - specified IAM group.

A group can also have managed policies attached - to it. To detach a managed policy from a group, use DetachGroupPolicy. - For more information about policies, refer to Managed - policies and inline policies in the IAM User Guide.

- operationId: GET_DeleteGroupPolicy - parameters: - - description: '

The name (friendly name, not ARN) identifying the group that - the policy is embedded in.

This parameter allows (through its regex pattern) a string of characters - consisting of upper and lowercase alphanumeric characters with no spaces. - You can also include any of the following characters: _+=,.@-

' - in: query - name: GroupName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

The name identifying the policy document to delete.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: PolicyName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteGroupPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes the specified inline policy that is embedded in the - specified IAM group.

A group can also have managed policies attached - to it. To detach a managed policy from a group, use DetachGroupPolicy. - For more information about policies, refer to Managed - policies and inline policies in the IAM User Guide.

- operationId: POST_DeleteGroupPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteGroupPolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteGroupPolicy - /?Action=DeleteInstanceProfile&Version=2010-05-08: - get: - description:

Deletes the specified instance profile. The instance profile - must not have an associated role.

Make sure that you do - not have any Amazon EC2 instances running with the instance profile you are - about to delete. Deleting a role or instance profile that is associated with - a running instance will break any applications running on the instance.

-

For more information about instance profiles, see About - instance profiles.

- operationId: GET_DeleteInstanceProfile - parameters: - - description: '

The name of the instance profile to delete.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: InstanceProfileName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteInstanceProfile - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes the specified instance profile. The instance profile - must not have an associated role.

Make sure that you do - not have any Amazon EC2 instances running with the instance profile you are - about to delete. Deleting a role or instance profile that is associated with - a running instance will break any applications running on the instance.

-

For more information about instance profiles, see About - instance profiles.

- operationId: POST_DeleteInstanceProfile - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteInstanceProfileRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteInstanceProfile - /?Action=DeleteLoginProfile&Version=2010-05-08: - get: - description:

Deletes the password for the specified IAM user, which terminates - the user's ability to access Amazon Web Services services through the Amazon - Web Services Management Console.

You can use the CLI, the Amazon Web - Services API, or the Users page in the IAM console to delete a password - for any IAM user. You can use ChangePassword to update, but not delete, - your own password in the My Security Credentials page in the Amazon - Web Services Management Console.

Deleting a user's password - does not prevent a user from accessing Amazon Web Services through the command - line interface or the API. To prevent all user access, you must also either - make any access keys inactive or delete them. For more information about making - keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey. -

- operationId: GET_DeleteLoginProfile - parameters: - - description: '

The name of the user whose password you want to delete.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' - description: EntityTemporarilyUnmodifiableException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteLoginProfile - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes the password for the specified IAM user, which terminates - the user's ability to access Amazon Web Services services through the Amazon - Web Services Management Console.

You can use the CLI, the Amazon Web - Services API, or the Users page in the IAM console to delete a password - for any IAM user. You can use ChangePassword to update, but not delete, - your own password in the My Security Credentials page in the Amazon - Web Services Management Console.

Deleting a user's password - does not prevent a user from accessing Amazon Web Services through the command - line interface or the API. To prevent all user access, you must also either - make any access keys inactive or delete them. For more information about making - keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey. -

- operationId: POST_DeleteLoginProfile - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteLoginProfileRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' - description: EntityTemporarilyUnmodifiableException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteLoginProfile - /?Action=DeleteOpenIDConnectProvider&Version=2010-05-08: - get: - description:

Deletes an OpenID Connect identity provider (IdP) resource object - in IAM.

Deleting an IAM OIDC provider resource does not update any - roles that reference the provider as a principal in their trust policies. - Any attempt to assume a role that references a deleted provider fails.

-

This operation is idempotent; it does not fail or return an error if you - call the operation for a provider that does not exist.

- operationId: GET_DeleteOpenIDConnectProvider - parameters: - - description: The Amazon Resource Name (ARN) of the IAM OpenID Connect provider - resource object to delete. You can get a list of OpenID Connect provider - resource ARNs by using the ListOpenIDConnectProviders operation. - in: query - name: OpenIDConnectProviderArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteOpenIDConnectProvider - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes an OpenID Connect identity provider (IdP) resource object - in IAM.

Deleting an IAM OIDC provider resource does not update any - roles that reference the provider as a principal in their trust policies. - Any attempt to assume a role that references a deleted provider fails.

-

This operation is idempotent; it does not fail or return an error if you - call the operation for a provider that does not exist.

- operationId: POST_DeleteOpenIDConnectProvider - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteOpenIDConnectProviderRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteOpenIDConnectProvider - /?Action=DeletePolicy&Version=2010-05-08: - get: - description:

Deletes the specified managed policy.

Before you can - delete a managed policy, you must first detach the policy from all users, - groups, and roles that it is attached to. In addition, you must delete all - the policy's versions. The following steps describe the process for deleting - a managed policy:

  • Detach the policy from all users, groups, - and roles that the policy is attached to, using DetachUserPolicy, DetachGroupPolicy, - or DetachRolePolicy. To list all the users, groups, and roles that - a policy is attached to, use ListEntitiesForPolicy.

  • -

    Delete all versions of the policy using DeletePolicyVersion. To - list the policy's versions, use ListPolicyVersions. You cannot use - DeletePolicyVersion to delete the version that is marked as the default - version. You delete the policy's default version in the next step of the process.

    -

  • Delete the policy (this automatically deletes the policy's default - version) using this operation.

For information about managed - policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: GET_DeletePolicy - parameters: - - description:

The Amazon Resource Name (ARN) of the IAM policy you want - to delete.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeletePolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes the specified managed policy.

Before you can - delete a managed policy, you must first detach the policy from all users, - groups, and roles that it is attached to. In addition, you must delete all - the policy's versions. The following steps describe the process for deleting - a managed policy:

  • Detach the policy from all users, groups, - and roles that the policy is attached to, using DetachUserPolicy, DetachGroupPolicy, - or DetachRolePolicy. To list all the users, groups, and roles that - a policy is attached to, use ListEntitiesForPolicy.

  • -

    Delete all versions of the policy using DeletePolicyVersion. To - list the policy's versions, use ListPolicyVersions. You cannot use - DeletePolicyVersion to delete the version that is marked as the default - version. You delete the policy's default version in the next step of the process.

    -

  • Delete the policy (this automatically deletes the policy's default - version) using this operation.

For information about managed - policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: POST_DeletePolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeletePolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeletePolicy - /?Action=DeletePolicyVersion&Version=2010-05-08: - get: - description:

Deletes the specified version from the specified managed policy.

-

You cannot delete the default version from a policy using this operation. - To delete the default version from a policy, use DeletePolicy. To find - out which version of a policy is marked as the default version, use ListPolicyVersions.

-

For information about versions for managed policies, see Versioning - for managed policies in the IAM User Guide.

- operationId: GET_DeletePolicyVersion - parameters: - - description:

The Amazon Resource Name (ARN) of the IAM policy from which - you want to delete a version.

For more information about ARNs, see - Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description:

The policy version to delete.

This parameter allows - (through its regex pattern) - a string of characters that consists of the lowercase letter 'v' followed - by one or two digits, and optionally followed by a period '.' and a string - of letters and digits.

For more information about managed policy - versions, see Versioning - for managed policies in the IAM User Guide.

- in: query - name: VersionId - required: true - schema: - pattern: v[1-9][0-9]*(\.[A-Za-z0-9-]*)? - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeletePolicyVersion - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes the specified version from the specified managed policy.

-

You cannot delete the default version from a policy using this operation. - To delete the default version from a policy, use DeletePolicy. To find - out which version of a policy is marked as the default version, use ListPolicyVersions.

-

For information about versions for managed policies, see Versioning - for managed policies in the IAM User Guide.

- operationId: POST_DeletePolicyVersion - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeletePolicyVersionRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeletePolicyVersion - /?Action=DeleteRole&Version=2010-05-08: - get: - description:

Deletes the specified role. The role must not have any policies - attached. For more information about roles, see Working - with roles.

Make sure that you do not have any Amazon - EC2 instances running with the role you are about to delete. Deleting a role - or instance profile that is associated with a running instance will break - any applications running on the instance.

 - operationId: GET_DeleteRole - parameters: - - description: '

The name of the role to delete.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteRole - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes the specified role. The role must not have any policies - attached. For more information about roles, see Working - with roles.

Make sure that you do not have any Amazon - EC2 instances running with the role you are about to delete. Deleting a role - or instance profile that is associated with a running instance will break - any applications running on the instance.

 - operationId: POST_DeleteRole - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteRoleRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteRole - /?Action=DeleteRolePermissionsBoundary&Version=2010-05-08: - get: - description:

Deletes the permissions boundary for the specified IAM role. -

Deleting the permissions boundary for a role might increase - its permissions. For example, it might allow anyone who assumes the role to - perform all the actions granted in its permissions policies.

- operationId: GET_DeleteRolePermissionsBoundary - parameters: - - description: The name (friendly name, not ARN) of the IAM role from which - you want to remove the permissions boundary. - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteRolePermissionsBoundary - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes the permissions boundary for the specified IAM role. -

Deleting the permissions boundary for a role might increase - its permissions. For example, it might allow anyone who assumes the role to - perform all the actions granted in its permissions policies.

- operationId: POST_DeleteRolePermissionsBoundary - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteRolePermissionsBoundaryRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteRolePermissionsBoundary - /?Action=DeleteRolePolicy&Version=2010-05-08: - get: - description:

Deletes the specified inline policy that is embedded in the - specified IAM role.

A role can also have managed policies attached - to it. To detach a managed policy from a role, use DetachRolePolicy. - For more information about policies, refer to Managed - policies and inline policies in the IAM User Guide.

- operationId: GET_DeleteRolePolicy - parameters: - - description: '

The name (friendly name, not ARN) identifying the role that - the policy is embedded in.

This parameter allows (through its regex pattern) a string of characters - consisting of upper and lowercase alphanumeric characters with no spaces. - You can also include any of the following characters: _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

The name of the inline policy to delete from the specified - IAM role.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: PolicyName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteRolePolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes the specified inline policy that is embedded in the - specified IAM role.

A role can also have managed policies attached - to it. To detach a managed policy from a role, use DetachRolePolicy. - For more information about policies, refer to Managed - policies and inline policies in the IAM User Guide.

- operationId: POST_DeleteRolePolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteRolePolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteRolePolicy - /?Action=DeleteSAMLProvider&Version=2010-05-08: - get: - description:

Deletes a SAML provider resource in IAM.

Deleting the - provider resource from IAM does not update any roles that reference the SAML - provider resource's ARN as a principal in their trust policies. Any attempt - to assume a role that references a non-existent provider resource ARN fails.

-

This operation requires Signature - Version 4.

 - operationId: GET_DeleteSAMLProvider - parameters: - - description: The Amazon Resource Name (ARN) of the SAML provider to delete. - in: query - name: SAMLProviderArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteSAMLProvider - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes a SAML provider resource in IAM.

Deleting the - provider resource from IAM does not update any roles that reference the SAML - provider resource's ARN as a principal in their trust policies. Any attempt - to assume a role that references a non-existent provider resource ARN fails.

-

This operation requires Signature - Version 4.

 - operationId: POST_DeleteSAMLProvider - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteSAMLProviderRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteSAMLProvider - /?Action=DeleteSSHPublicKey&Version=2010-05-08: - get: - description:

Deletes the specified SSH public key.

The SSH public - key deleted by this operation is used only for authenticating the associated - IAM user to an CodeCommit repository. For more information about using SSH - keys to authenticate to an CodeCommit repository, see Set - up CodeCommit for SSH connections in the CodeCommit User Guide.

- operationId: GET_DeleteSSHPublicKey - parameters: - - description: '

The name of the IAM user associated with the SSH public key.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The unique identifier for the SSH public key.

This - parameter allows (through its regex - pattern) a string of characters that can consist of any upper or lowercased - letter or digit.

- in: query - name: SSHPublicKeyId - required: true - schema: - maxLength: 128 - minLength: 20 - pattern: '[\w]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: DeleteSSHPublicKey - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes the specified SSH public key.

The SSH public - key deleted by this operation is used only for authenticating the associated - IAM user to an CodeCommit repository. For more information about using SSH - keys to authenticate to an CodeCommit repository, see Set - up CodeCommit for SSH connections in the CodeCommit User Guide.

- operationId: POST_DeleteSSHPublicKey - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteSSHPublicKeyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: DeleteSSHPublicKey - /?Action=DeleteServerCertificate&Version=2010-05-08: - get: - description:

Deletes the specified server certificate.

For more information - about working with server certificates, see Working - with server certificates in the IAM User Guide. This topic also - includes a list of Amazon Web Services services that can use the server certificates - that you manage with IAM.

If you are using a server certificate - with Elastic Load Balancing, deleting the certificate could have implications - for your application. If Elastic Load Balancing doesn't detect the deletion - of bound certificates, it may continue to use the certificates. This could - cause Elastic Load Balancing to stop accepting traffic. We recommend that - you remove the reference to the certificate from Elastic Load Balancing before - using this command to delete the certificate. For more information, see DeleteLoadBalancerListeners - in the Elastic Load Balancing API Reference.

 - operationId: GET_DeleteServerCertificate - parameters: - - description: '

The name of the server certificate you want to delete.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: ServerCertificateName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteServerCertificate - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes the specified server certificate.

For more information - about working with server certificates, see Working - with server certificates in the IAM User Guide. This topic also - includes a list of Amazon Web Services services that can use the server certificates - that you manage with IAM.

If you are using a server certificate - with Elastic Load Balancing, deleting the certificate could have implications - for your application. If Elastic Load Balancing doesn't detect the deletion - of bound certificates, it may continue to use the certificates. This could - cause Elastic Load Balancing to stop accepting traffic. We recommend that - you remove the reference to the certificate from Elastic Load Balancing before - using this command to delete the certificate. For more information, see DeleteLoadBalancerListeners - in the Elastic Load Balancing API Reference.

 - operationId: POST_DeleteServerCertificate - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteServerCertificateRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteServerCertificate - /?Action=DeleteServiceLinkedRole&Version=2010-05-08: - get: - description: '

Submits a service-linked role deletion request and returns - a DeletionTaskId, which you can use to check the status of the - deletion. Before you call this operation, confirm that the role has no active - sessions and that any resources used by the role in the linked service are - deleted. If you call this operation more than once for the same service-linked - role and an earlier deletion task is not complete, then the DeletionTaskId - of the earlier request is returned.

If you submit a deletion request - for a service-linked role whose linked service is still accessing a resource, - then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus - operation returns the reason for the failure, usually including the resources - that must be deleted. To delete the service-linked role, you must first remove - those resources from the linked service and then submit the deletion request - again. Resources are specific to the service that is linked to the role. For - more information about removing resources from a service, see the Amazon - Web Services documentation for your service.

For more information - about service-linked roles, see Roles - terms and concepts: Amazon Web Services service-linked role in the IAM - User Guide.

' - operationId: GET_DeleteServiceLinkedRole - parameters: - - description: The name of the service-linked role to be deleted. - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - DeleteServiceLinkedRoleResult: - $ref: '#/components/schemas/DeleteServiceLinkedRoleResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteServiceLinkedRole - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: '

Submits a service-linked role deletion request and returns - a DeletionTaskId, which you can use to check the status of the - deletion. Before you call this operation, confirm that the role has no active - sessions and that any resources used by the role in the linked service are - deleted. If you call this operation more than once for the same service-linked - role and an earlier deletion task is not complete, then the DeletionTaskId - of the earlier request is returned.

If you submit a deletion request - for a service-linked role whose linked service is still accessing a resource, - then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus - operation returns the reason for the failure, usually including the resources - that must be deleted. To delete the service-linked role, you must first remove - those resources from the linked service and then submit the deletion request - again. Resources are specific to the service that is linked to the role. For - more information about removing resources from a service, see the Amazon - Web Services documentation for your service.

For more information - about service-linked roles, see Roles - terms and concepts: Amazon Web Services service-linked role in the IAM - User Guide.

' - operationId: POST_DeleteServiceLinkedRole - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteServiceLinkedRoleRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - DeleteServiceLinkedRoleResult: - $ref: '#/components/schemas/DeleteServiceLinkedRoleResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteServiceLinkedRole - /?Action=DeleteServiceSpecificCredential&Version=2010-05-08: - get: - description: Deletes the specified service-specific credential. - operationId: GET_DeleteServiceSpecificCredential - parameters: - - description: '

The name of the IAM user associated with the service-specific - credential. If this value is not specified, then the operation assumes the - user whose credentials are used to call the operation.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: UserName - required: false - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The unique identifier of the service-specific credential. - You can get this value by calling ListServiceSpecificCredentials.

-

This parameter allows (through its regex - pattern) a string of characters that can consist of any upper or lowercased - letter or digit.

- in: query - name: ServiceSpecificCredentialId - required: true - schema: - maxLength: 128 - minLength: 20 - pattern: '[\w]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: DeleteServiceSpecificCredential - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Deletes the specified service-specific credential. - operationId: POST_DeleteServiceSpecificCredential - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteServiceSpecificCredentialRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: DeleteServiceSpecificCredential - /?Action=DeleteSigningCertificate&Version=2010-05-08: - get: - description:

Deletes a signing certificate associated with the specified - IAM user.

If you do not specify a user name, IAM determines the user - name implicitly based on the Amazon Web Services access key ID signing the - request. This operation works for access keys under the Amazon Web Services - account. Consequently, you can use this operation to manage Amazon Web Services - account root user credentials even if the Amazon Web Services account has - no associated IAM users.

- operationId: GET_DeleteSigningCertificate - parameters: - - description: '

The name of the user the signing certificate belongs to.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: false - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The ID of the signing certificate to delete.

The format - of this parameter, as described by its regex - pattern, is a string of characters that can be upper- or lower-cased letters - or digits.

- in: query - name: CertificateId - required: true - schema: - maxLength: 128 - minLength: 24 - pattern: '[\w]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteSigningCertificate - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes a signing certificate associated with the specified - IAM user.

If you do not specify a user name, IAM determines the user - name implicitly based on the Amazon Web Services access key ID signing the - request. This operation works for access keys under the Amazon Web Services - account. Consequently, you can use this operation to manage Amazon Web Services - account root user credentials even if the Amazon Web Services account has - no associated IAM users.

- operationId: POST_DeleteSigningCertificate - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteSigningCertificateRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteSigningCertificate - /?Action=DeleteUser&Version=2010-05-08: - get: - description:

Deletes the specified IAM user. Unlike the Amazon Web Services - Management Console, when you delete a user programmatically, you must delete - the items attached to the user manually, or the deletion fails. For more information, - see Deleting - an IAM user. Before attempting to delete a user, remove the following - items:

- operationId: GET_DeleteUser - parameters: - - description: '

The name of the user to delete.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteUser - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes the specified IAM user. Unlike the Amazon Web Services - Management Console, when you delete a user programmatically, you must delete - the items attached to the user manually, or the deletion fails. For more information, - see Deleting - an IAM user. Before attempting to delete a user, remove the following - items:

- operationId: POST_DeleteUser - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteUserRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteUser - /?Action=DeleteUserPermissionsBoundary&Version=2010-05-08: - get: - description:

Deletes the permissions boundary for the specified IAM user.

-

Deleting the permissions boundary for a user might increase - its permissions by allowing the user to perform all the actions granted in - its permissions policies.

- operationId: GET_DeleteUserPermissionsBoundary - parameters: - - description: The name (friendly name, not ARN) of the IAM user from which - you want to remove the permissions boundary. - in: query - name: UserName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteUserPermissionsBoundary - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes the permissions boundary for the specified IAM user.

-

Deleting the permissions boundary for a user might increase - its permissions by allowing the user to perform all the actions granted in - its permissions policies.

- operationId: POST_DeleteUserPermissionsBoundary - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteUserPermissionsBoundaryRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteUserPermissionsBoundary - /?Action=DeleteUserPolicy&Version=2010-05-08: - get: - description:

Deletes the specified inline policy that is embedded in the - specified IAM user.

A user can also have managed policies attached - to it. To detach a managed policy from a user, use DetachUserPolicy. - For more information about policies, refer to Managed - policies and inline policies in the IAM User Guide.

- operationId: GET_DeleteUserPolicy - parameters: - - description: '

The name (friendly name, not ARN) identifying the user that - the policy is embedded in.

This parameter allows (through its regex pattern) a string of characters - consisting of upper and lowercase alphanumeric characters with no spaces. - You can also include any of the following characters: _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

The name identifying the policy document to delete.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: PolicyName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteUserPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes the specified inline policy that is embedded in the - specified IAM user.

A user can also have managed policies attached - to it. To detach a managed policy from a user, use DetachUserPolicy. - For more information about policies, refer to Managed - policies and inline policies in the IAM User Guide.

- operationId: POST_DeleteUserPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteUserPolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteUserPolicy - /?Action=DeleteVirtualMFADevice&Version=2010-05-08: - get: - description:

Deletes a virtual MFA device.

You must deactivate - a user's virtual MFA device before you can delete it. For information about - deactivating MFA devices, see DeactivateMFADevice.

- operationId: GET_DeleteVirtualMFADevice - parameters: - - description: '

The serial number that uniquely identifies the MFA device. - For virtual MFA devices, the serial number is the same as the ARN.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - =,.@:/-

' - in: query - name: SerialNumber - required: true - schema: - maxLength: 256 - minLength: 9 - pattern: '[\w+=/:,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteVirtualMFADevice - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Deletes a virtual MFA device.

You must deactivate - a user's virtual MFA device before you can delete it. For information about - deactivating MFA devices, see DeactivateMFADevice.

- operationId: POST_DeleteVirtualMFADevice - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteVirtualMFADeviceRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteConflictException' - description: DeleteConflictException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DeleteVirtualMFADevice - /?Action=DetachGroupPolicy&Version=2010-05-08: - get: - description:

Removes the specified managed policy from the specified IAM - group.

A group can also have inline policies embedded with it. To delete - an inline policy, use DeleteGroupPolicy. For information about policies, - see Managed - policies and inline policies in the IAM User Guide.

- operationId: GET_DetachGroupPolicy - parameters: - - description: '

The name (friendly name, not ARN) of the IAM group to detach - the policy from.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: GroupName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The Amazon Resource Name (ARN) of the IAM policy you want - to detach.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DetachGroupPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Removes the specified managed policy from the specified IAM - group.

A group can also have inline policies embedded with it. To delete - an inline policy, use DeleteGroupPolicy. For information about policies, - see Managed - policies and inline policies in the IAM User Guide.

- operationId: POST_DetachGroupPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DetachGroupPolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DetachGroupPolicy - /?Action=DetachRolePolicy&Version=2010-05-08: - get: - description:

Removes the specified managed policy from the specified role.

-

A role can also have inline policies embedded with it. To delete an inline - policy, use DeleteRolePolicy. For information about policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: GET_DetachRolePolicy - parameters: - - description: '

The name (friendly name, not ARN) of the IAM role to detach - the policy from.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The Amazon Resource Name (ARN) of the IAM policy you want - to detach.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DetachRolePolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Removes the specified managed policy from the specified role.

-

A role can also have inline policies embedded with it. To delete an inline - policy, use DeleteRolePolicy. For information about policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: POST_DetachRolePolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DetachRolePolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DetachRolePolicy - /?Action=DetachUserPolicy&Version=2010-05-08: - get: - description:

Removes the specified managed policy from the specified user.

-

A user can also have inline policies embedded with it. To delete an inline - policy, use DeleteUserPolicy. For information about policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: GET_DetachUserPolicy - parameters: - - description: '

The name (friendly name, not ARN) of the IAM user to detach - the policy from.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The Amazon Resource Name (ARN) of the IAM policy you want - to detach.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DetachUserPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Removes the specified managed policy from the specified user.

-

A user can also have inline policies embedded with it. To delete an inline - policy, use DeleteUserPolicy. For information about policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: POST_DetachUserPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/DetachUserPolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: DetachUserPolicy - /?Action=EnableMFADevice&Version=2010-05-08: - get: - description: Enables the specified MFA device and associates it with the specified - IAM user. When enabled, the MFA device is required for every subsequent login - by the IAM user associated with the device. - operationId: GET_EnableMFADevice - parameters: - - description: '

The name of the IAM user for whom you want to enable the - MFA device.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

The serial number that uniquely identifies the MFA device. - For virtual MFA devices, the serial number is the device ARN.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - =,.@:/-

' - in: query - name: SerialNumber - required: true - schema: - maxLength: 256 - minLength: 9 - pattern: '[\w+=/:,.@-]+' - type: string - - description:

An authentication code emitted by the device.

The - format for this parameter is a string of six digits.

Submit - your request immediately after generating the authentication codes. If you - generate the codes and then wait too long to submit the request, the MFA - device successfully associates with the user but the MFA device becomes - out of sync. This happens because time-based one-time passwords (TOTP) expire - after a short period of time. If this happens, you can resync - the device.

 - in: query - name: AuthenticationCode1 - required: true - schema: - maxLength: 6 - minLength: 6 - pattern: '[\d]+' - type: string - - description:

A subsequent authentication code emitted by the device.

-

The format for this parameter is a string of six digits.

-

Submit your request immediately after generating the authentication codes. - If you generate the codes and then wait too long to submit the request, - the MFA device successfully associates with the user but the MFA device - becomes out of sync. This happens because time-based one-time passwords - (TOTP) expire after a short period of time. If this happens, you can resync - the device.

 - in: query - name: AuthenticationCode2 - required: true - schema: - maxLength: 6 - minLength: 6 - pattern: '[\d]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' - description: EntityTemporarilyUnmodifiableException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidAuthenticationCodeException' - description: InvalidAuthenticationCodeException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: EnableMFADevice - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Enables the specified MFA device and associates it with the specified - IAM user. When enabled, the MFA device is required for every subsequent login - by the IAM user associated with the device. - operationId: POST_EnableMFADevice - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/EnableMFADeviceRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' - description: EntityTemporarilyUnmodifiableException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidAuthenticationCodeException' - description: InvalidAuthenticationCodeException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: EnableMFADevice - /?Action=GenerateCredentialReport&Version=2010-05-08: - get: - description: ' Generates a credential report for the Amazon Web Services account. - For more information about the credential report, see Getting - credential reports in the IAM User Guide.' - operationId: GET_GenerateCredentialReport - parameters: [] - responses: - '200': - content: - text/xml: - schema: - properties: - GenerateCredentialReportResult: - $ref: '#/components/schemas/GenerateCredentialReportResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GenerateCredentialReport - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: ' Generates a credential report for the Amazon Web Services account. - For more information about the credential report, see Getting - credential reports in the IAM User Guide.' - operationId: POST_GenerateCredentialReport - parameters: [] - responses: - '200': - content: - text/xml: - schema: - properties: - GenerateCredentialReportResult: - $ref: '#/components/schemas/GenerateCredentialReportResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GenerateCredentialReport - /?Action=GenerateOrganizationsAccessReport&Version=2010-05-08: - get: - description: "

Generates a report for service last accessed data for Organizations.\ - \ You can generate a report for any entities (organization root, organizational\ - \ unit, or account) or policies in your organization.

To call this\ - \ operation, you must be signed in using your Organizations management account\ - \ credentials. You can use your long-term IAM user or root user credentials,\ - \ or temporary credentials from assuming an IAM role. SCPs must be enabled\ - \ for your organization root. You must have the required IAM and Organizations\ - \ permissions. For more information, see Refining permissions using service last accessed data in the IAM User\ - \ Guide.

You can generate a service last accessed data report for\ - \ entities by specifying only the entity's path. This data includes a list\ - \ of services that are allowed by any service control policies (SCPs) that\ - \ apply to the entity.

You can generate a service last accessed data\ - \ report for a policy by specifying an entity's path and an optional Organizations\ - \ policy ID. This data includes a list of services that are allowed by the\ - \ specified SCP.

For each service in both report types, the data includes\ - \ the most recent account activity that the policy allows to account principals\ - \ in the entity or the entity's children. For important information about\ - \ the data, reporting period, permissions required, troubleshooting, and supported\ - \ Regions see Reducing permissions using service last accessed data in the IAM User\ - \ Guide.

The data includes\_all\_attempts to access\ - \ Amazon Web Services, not just the successful ones. This includes all attempts\ - \ that were made using the Amazon Web Services Management Console, the Amazon\ - \ Web Services API through any of the SDKs, or any of the command line tools.\ - \ An unexpected entry in the service last accessed data does not mean that\ - \ an account has been compromised, because the request might have been denied.\ - \ Refer to your CloudTrail logs as the authoritative source for information\ - \ about all API calls and whether they were successful or denied access. For\ - \ more information, see\_Logging IAM events with CloudTrail in the IAM User Guide.

\ - \

This operation returns a JobId. Use this parameter\ - \ in the GetOrganizationsAccessReport operation to check\ - \ the status of the report generation. To check the status of this request,\ - \ use the JobId parameter in the GetOrganizationsAccessReport\ - \ operation and test the JobStatus response parameter.\ - \ When the job is complete, you can retrieve the report.

To generate\ - \ a service last accessed data report for entities, specify an entity path\ - \ without specifying the optional Organizations policy ID. The type of entity\ - \ that you specify determines the data returned in the report.

  • \ - \

    Root \u2013 When you specify the organizations root as the entity,\ - \ the resulting report lists all of the services allowed by SCPs that are\ - \ attached to your root. For each service, the report includes data for all\ - \ accounts in your organization except the management account, because the\ - \ management account is not limited by SCPs.

  • OU\ - \ \u2013 When you specify an organizational unit (OU) as the entity, the resulting\ - \ report lists all of the services allowed by SCPs that are attached to the\ - \ OU and its parents. For each service, the report includes data for all accounts\ - \ in the OU or its children. This data excludes the management account, because\ - \ the management account is not limited by SCPs.

  • management\ - \ account \u2013 When you specify the management account, the resulting\ - \ report lists all Amazon Web Services services, because the management account\ - \ is not limited by SCPs. For each service, the report includes data for only\ - \ the management account.

  • Account \u2013 When you\ - \ specify another account as the entity, the resulting report lists all of\ - \ the services allowed by SCPs that are attached to the account and its parents.\ - \ For each service, the report includes data for only the specified account.

    \ - \

To generate a service last accessed data report for policies,\ - \ specify an entity path and the optional Organizations policy ID. The type\ - \ of entity that you specify determines the data returned for each service.

\ - \

  • Root \u2013 When you specify the root entity and a\ - \ policy ID, the resulting report lists all of the services that are allowed\ - \ by the specified SCP. For each service, the report includes data for all\ - \ accounts in your organization to which the SCP applies. This data excludes\ - \ the management account, because the management account is not limited by\ - \ SCPs. If the SCP is not attached to any entities in the organization, then\ - \ the report will return a list of services with no data.

  • \ - \ OU \u2013 When you specify an OU entity and a policy ID, the resulting\ - \ report lists all of the services that are allowed by the specified SCP.\ - \ For each service, the report includes data for all accounts in the OU or\ - \ its children to which the SCP applies. This means that other accounts outside\ - \ the OU that are affected by the SCP might not be included in the data. This\ - \ data excludes the management account, because the management account is\ - \ not limited by SCPs. If the SCP is not attached to the OU or one of its\ - \ children, the report will return a list of services with no data.

    • \ - \

  • management account \u2013 When you specify the management\ - \ account, the resulting report lists all Amazon Web Services services, because\ - \ the management account is not limited by SCPs. If you specify a policy ID\ - \ in the CLI or API, the policy is ignored. For each service, the report includes\ - \ data for only the management account.

  • Account\ - \ \u2013 When you specify another account entity and a policy ID, the resulting\ - \ report lists all of the services that are allowed by the specified SCP.\ - \ For each service, the report includes data for only the specified account.\ - \ This means that other accounts in the organization that are affected by\ - \ the SCP might not be included in the data. If the SCP is not attached to\ - \ the account, the report will return a list of services with no data.

    \ - \

Service last accessed data does not use other policy\ - \ types when determining whether a principal could access a service. These\ - \ other policy types include identity-based policies, resource-based policies,\ - \ access control lists, IAM permissions boundaries, and STS assume role policies.\ - \ It only applies SCP logic. For more about the evaluation of policy types,\ - \ see Evaluating policies in the IAM User Guide.

For\ - \ more information about service last accessed data, see Reducing policy scope by viewing user activity in the IAM User Guide.

" - operationId: GET_GenerateOrganizationsAccessReport - parameters: - - description: The path of the Organizations entity (root, OU, or account). - You can build an entity path using the known structure of your organization. - For example, assume that your account ID is 123456789012 and - its parent OU ID is ou-rge0-awsabcde. The organization root - ID is r-f6g7h8i9j0example and your organization ID is o-a1b2c3d4e5. - Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012. - in: query - name: EntityPath - required: true - schema: - maxLength: 427 - minLength: 19 - pattern: ^o-[0-9a-z]{10,32}\/r-[0-9a-z]{4,32}[0-9a-z-\/]* - type: string - - description:

The identifier of the Organizations service control policy - (SCP). This parameter is optional.

This ID is used to generate information - about when an account principal that is limited by the SCP attempted to - access an Amazon Web Services service.

- in: query - name: OrganizationsPolicyId - required: false - schema: - pattern: ^p-[0-9a-zA-Z_]{8,128}$ - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GenerateOrganizationsAccessReportResult: - $ref: '#/components/schemas/GenerateOrganizationsAccessReportResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ReportGenerationLimitExceededException' - description: ReportGenerationLimitExceededException - x-aws-operation-name: GenerateOrganizationsAccessReport - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: "

Generates a report for service last accessed data for Organizations.\ - \ You can generate a report for any entities (organization root, organizational\ - \ unit, or account) or policies in your organization.

To call this\ - \ operation, you must be signed in using your Organizations management account\ - \ credentials. You can use your long-term IAM user or root user credentials,\ - \ or temporary credentials from assuming an IAM role. SCPs must be enabled\ - \ for your organization root. You must have the required IAM and Organizations\ - \ permissions. For more information, see Refining permissions using service last accessed data in the IAM User\ - \ Guide.

You can generate a service last accessed data report for\ - \ entities by specifying only the entity's path. This data includes a list\ - \ of services that are allowed by any service control policies (SCPs) that\ - \ apply to the entity.

You can generate a service last accessed data\ - \ report for a policy by specifying an entity's path and an optional Organizations\ - \ policy ID. This data includes a list of services that are allowed by the\ - \ specified SCP.

For each service in both report types, the data includes\ - \ the most recent account activity that the policy allows to account principals\ - \ in the entity or the entity's children. For important information about\ - \ the data, reporting period, permissions required, troubleshooting, and supported\ - \ Regions see Reducing permissions using service last accessed data in the IAM User\ - \ Guide.

The data includes\_all\_attempts to access\ - \ Amazon Web Services, not just the successful ones. This includes all attempts\ - \ that were made using the Amazon Web Services Management Console, the Amazon\ - \ Web Services API through any of the SDKs, or any of the command line tools.\ - \ An unexpected entry in the service last accessed data does not mean that\ - \ an account has been compromised, because the request might have been denied.\ - \ Refer to your CloudTrail logs as the authoritative source for information\ - \ about all API calls and whether they were successful or denied access. For\ - \ more information, see\_Logging IAM events with CloudTrail in the IAM User Guide.

\ - \

This operation returns a JobId. Use this parameter\ - \ in the GetOrganizationsAccessReport operation to check\ - \ the status of the report generation. To check the status of this request,\ - \ use the JobId parameter in the GetOrganizationsAccessReport\ - \ operation and test the JobStatus response parameter.\ - \ When the job is complete, you can retrieve the report.

To generate\ - \ a service last accessed data report for entities, specify an entity path\ - \ without specifying the optional Organizations policy ID. The type of entity\ - \ that you specify determines the data returned in the report.

  • \ - \

    Root \u2013 When you specify the organizations root as the entity,\ - \ the resulting report lists all of the services allowed by SCPs that are\ - \ attached to your root. For each service, the report includes data for all\ - \ accounts in your organization except the management account, because the\ - \ management account is not limited by SCPs.

  • OU\ - \ \u2013 When you specify an organizational unit (OU) as the entity, the resulting\ - \ report lists all of the services allowed by SCPs that are attached to the\ - \ OU and its parents. For each service, the report includes data for all accounts\ - \ in the OU or its children. This data excludes the management account, because\ - \ the management account is not limited by SCPs.

  • management\ - \ account \u2013 When you specify the management account, the resulting\ - \ report lists all Amazon Web Services services, because the management account\ - \ is not limited by SCPs. For each service, the report includes data for only\ - \ the management account.

  • Account \u2013 When you\ - \ specify another account as the entity, the resulting report lists all of\ - \ the services allowed by SCPs that are attached to the account and its parents.\ - \ For each service, the report includes data for only the specified account.

    \ - \

To generate a service last accessed data report for policies,\ - \ specify an entity path and the optional Organizations policy ID. The type\ - \ of entity that you specify determines the data returned for each service.

\ - \

  • Root \u2013 When you specify the root entity and a\ - \ policy ID, the resulting report lists all of the services that are allowed\ - \ by the specified SCP. For each service, the report includes data for all\ - \ accounts in your organization to which the SCP applies. This data excludes\ - \ the management account, because the management account is not limited by\ - \ SCPs. If the SCP is not attached to any entities in the organization, then\ - \ the report will return a list of services with no data.

  • \ - \ OU \u2013 When you specify an OU entity and a policy ID, the resulting\ - \ report lists all of the services that are allowed by the specified SCP.\ - \ For each service, the report includes data for all accounts in the OU or\ - \ its children to which the SCP applies. This means that other accounts outside\ - \ the OU that are affected by the SCP might not be included in the data. This\ - \ data excludes the management account, because the management account is\ - \ not limited by SCPs. If the SCP is not attached to the OU or one of its\ - \ children, the report will return a list of services with no data.

    • \ - \

  • management account \u2013 When you specify the management\ - \ account, the resulting report lists all Amazon Web Services services, because\ - \ the management account is not limited by SCPs. If you specify a policy ID\ - \ in the CLI or API, the policy is ignored. For each service, the report includes\ - \ data for only the management account.

  • Account\ - \ \u2013 When you specify another account entity and a policy ID, the resulting\ - \ report lists all of the services that are allowed by the specified SCP.\ - \ For each service, the report includes data for only the specified account.\ - \ This means that other accounts in the organization that are affected by\ - \ the SCP might not be included in the data. If the SCP is not attached to\ - \ the account, the report will return a list of services with no data.

    \ - \

Service last accessed data does not use other policy\ - \ types when determining whether a principal could access a service. These\ - \ other policy types include identity-based policies, resource-based policies,\ - \ access control lists, IAM permissions boundaries, and STS assume role policies.\ - \ It only applies SCP logic. For more about the evaluation of policy types,\ - \ see Evaluating policies in the IAM User Guide.

For\ - \ more information about service last accessed data, see Reducing policy scope by viewing user activity in the IAM User Guide.

" - operationId: POST_GenerateOrganizationsAccessReport - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GenerateOrganizationsAccessReportRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GenerateOrganizationsAccessReportResult: - $ref: '#/components/schemas/GenerateOrganizationsAccessReportResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ReportGenerationLimitExceededException' - description: ReportGenerationLimitExceededException - x-aws-operation-name: GenerateOrganizationsAccessReport - /?Action=GenerateServiceLastAccessedDetails&Version=2010-05-08: - get: - description: "

Generates a report that includes details about when an IAM\ - \ resource (user, group, role, or policy) was last used in an attempt to access\ - \ Amazon Web Services services. Recent activity usually appears within four\ - \ hours. IAM reports activity for at least the last 400 days, or less if your\ - \ Region began supporting this feature within the last year. For more information,\ - \ see Regions where data is tracked.

The service last accessed\ - \ data includes\_all\_attempts to access an Amazon Web Services API, not just\ - \ the successful ones. This includes all attempts that were made using the\ - \ Amazon Web Services Management Console, the Amazon Web Services API through\ - \ any of the SDKs, or any of the command line tools. An unexpected entry in\ - \ the service last accessed data does not mean that your account has been\ - \ compromised, because the request might have been denied. Refer to your CloudTrail\ - \ logs as the authoritative source for information about all API calls and\ - \ whether they were successful or denied access. For more information, see\_\ - Logging IAM events with CloudTrail in the IAM User Guide.

\ - \

The GenerateServiceLastAccessedDetails operation\ - \ returns a JobId. Use this parameter in the following operations\ - \ to retrieve the following details from your report:

  • GetServiceLastAccessedDetails\ - \ \u2013 Use this operation for users, groups, roles, or policies to list\ - \ every Amazon Web Services service that the resource could access using permissions\ - \ policies. For each service, the response includes information about the\ - \ most recent access attempt.

    The JobId returned by GenerateServiceLastAccessedDetail\ - \ must be used by the same role within a session, or by the same user when\ - \ used to call GetServiceLastAccessedDetail.

  • \ - \ GetServiceLastAccessedDetailsWithEntities \u2013 Use this operation\ - \ for groups and policies to list information about the associated entities\ - \ (users or roles) that attempted to access a specific Amazon Web Services\ - \ service.

To check the status of the GenerateServiceLastAccessedDetails\ - \ request, use the JobId parameter in the same operations and\ - \ test the JobStatus response parameter.

For additional\ - \ information about the permissions policies that allow an identity (user,\ - \ group, or role) to access specific services, use the ListPoliciesGrantingServiceAccess\ - \ operation.

Service last accessed data does not use other policy\ - \ types when determining whether a resource could access a service. These\ - \ other policy types include resource-based policies, access control lists,\ - \ Organizations policies, IAM permissions boundaries, and STS assume role\ - \ policies. It only applies permissions policy logic. For more about the evaluation\ - \ of policy types, see Evaluating policies in the IAM User Guide.

For\ - \ more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User\ - \ Guide.

" - operationId: GET_GenerateServiceLastAccessedDetails - parameters: - - description: The ARN of the IAM resource (user, group, role, or managed policy) - used to generate information about when the resource was last used in an - attempt to access an Amazon Web Services service. - in: query - name: Arn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description: The level of detail that you want to generate. You can specify - whether you want to generate information about the last attempt to access - services or actions. If you specify service-level granularity, this operation - generates only service data. If you specify action-level granularity, it - generates service and action data. If you don't include this optional parameter, - the operation generates service data. - in: query - name: Granularity - required: false - schema: - enum: - - SERVICE_LEVEL - - ACTION_LEVEL - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GenerateServiceLastAccessedDetailsResult: - $ref: '#/components/schemas/GenerateServiceLastAccessedDetailsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: GenerateServiceLastAccessedDetails - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: "

Generates a report that includes details about when an IAM\ - \ resource (user, group, role, or policy) was last used in an attempt to access\ - \ Amazon Web Services services. Recent activity usually appears within four\ - \ hours. IAM reports activity for at least the last 400 days, or less if your\ - \ Region began supporting this feature within the last year. For more information,\ - \ see Regions where data is tracked.

The service last accessed\ - \ data includes\_all\_attempts to access an Amazon Web Services API, not just\ - \ the successful ones. This includes all attempts that were made using the\ - \ Amazon Web Services Management Console, the Amazon Web Services API through\ - \ any of the SDKs, or any of the command line tools. An unexpected entry in\ - \ the service last accessed data does not mean that your account has been\ - \ compromised, because the request might have been denied. Refer to your CloudTrail\ - \ logs as the authoritative source for information about all API calls and\ - \ whether they were successful or denied access. For more information, see\_\ - Logging IAM events with CloudTrail in the IAM User Guide.

\ - \

The GenerateServiceLastAccessedDetails operation\ - \ returns a JobId. Use this parameter in the following operations\ - \ to retrieve the following details from your report:

  • GetServiceLastAccessedDetails\ - \ \u2013 Use this operation for users, groups, roles, or policies to list\ - \ every Amazon Web Services service that the resource could access using permissions\ - \ policies. For each service, the response includes information about the\ - \ most recent access attempt.

    The JobId returned by GenerateServiceLastAccessedDetail\ - \ must be used by the same role within a session, or by the same user when\ - \ used to call GetServiceLastAccessedDetail.

  • \ - \ GetServiceLastAccessedDetailsWithEntities \u2013 Use this operation\ - \ for groups and policies to list information about the associated entities\ - \ (users or roles) that attempted to access a specific Amazon Web Services\ - \ service.

To check the status of the GenerateServiceLastAccessedDetails\ - \ request, use the JobId parameter in the same operations and\ - \ test the JobStatus response parameter.

For additional\ - \ information about the permissions policies that allow an identity (user,\ - \ group, or role) to access specific services, use the ListPoliciesGrantingServiceAccess\ - \ operation.

Service last accessed data does not use other policy\ - \ types when determining whether a resource could access a service. These\ - \ other policy types include resource-based policies, access control lists,\ - \ Organizations policies, IAM permissions boundaries, and STS assume role\ - \ policies. It only applies permissions policy logic. For more about the evaluation\ - \ of policy types, see Evaluating policies in the IAM User Guide.

For\ - \ more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User\ - \ Guide.

" - operationId: POST_GenerateServiceLastAccessedDetails - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GenerateServiceLastAccessedDetailsRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GenerateServiceLastAccessedDetailsResult: - $ref: '#/components/schemas/GenerateServiceLastAccessedDetailsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: GenerateServiceLastAccessedDetails - /?Action=GetAccessKeyLastUsed&Version=2010-05-08: - get: - description: Retrieves information about when the specified access key was last - used. The information includes the date and time of last use, along with the - Amazon Web Services service and Region that were specified in the last request - made with that key. - operationId: GET_GetAccessKeyLastUsed - parameters: - - description:

The identifier of an access key.

This parameter allows - (through its regex pattern) - a string of characters that can consist of any upper or lowercased letter - or digit.

- in: query - name: AccessKeyId - required: true - schema: - maxLength: 128 - minLength: 16 - pattern: '[\w]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetAccessKeyLastUsedResult: - $ref: '#/components/schemas/GetAccessKeyLastUsedResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: GetAccessKeyLastUsed - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Retrieves information about when the specified access key was last - used. The information includes the date and time of last use, along with the - Amazon Web Services service and Region that were specified in the last request - made with that key. - operationId: POST_GetAccessKeyLastUsed - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetAccessKeyLastUsedRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetAccessKeyLastUsedResult: - $ref: '#/components/schemas/GetAccessKeyLastUsedResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: GetAccessKeyLastUsed - /?Action=GetAccountAuthorizationDetails&Version=2010-05-08: - get: - description:

Retrieves information about all IAM users, groups, roles, and - policies in your Amazon Web Services account, including their relationships - to one another. Use this operation to obtain a snapshot of the configuration - of IAM permissions (users, groups, roles, and policies) in your account.

-

Policies returned by this operation are URL-encoded compliant with - RFC 3986. You can use a - URL decoding method to convert the policy back to plain JSON text. For example, - if you use Java, you can use the decode method of the java.net.URLDecoder - utility class in the Java SDK. Other languages and SDKs provide similar functionality.

-

You can optionally filter the results using the Filter - parameter. You can paginate the results using the MaxItems and - Marker parameters.

- operationId: GET_GetAccountAuthorizationDetails - parameters: - - description:

A list of entity types used to filter the results. Only the - entities that match the types you specify are included in the output. Use - the value LocalManagedPolicy to include customer managed policies.

-

The format for this parameter is a comma-separated (if more than one) - list of strings. Each string value in the list must be one of the valid - values listed below.

- in: query - name: Filter - required: false - schema: - items: - allOf: - - $ref: '#/components/schemas/EntityType' - - xml: - name: member - type: array - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetAccountAuthorizationDetailsResult: - $ref: '#/components/schemas/GetAccountAuthorizationDetailsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetAccountAuthorizationDetails - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Retrieves information about all IAM users, groups, roles, and - policies in your Amazon Web Services account, including their relationships - to one another. Use this operation to obtain a snapshot of the configuration - of IAM permissions (users, groups, roles, and policies) in your account.

-

Policies returned by this operation are URL-encoded compliant with - RFC 3986. You can use a - URL decoding method to convert the policy back to plain JSON text. For example, - if you use Java, you can use the decode method of the java.net.URLDecoder - utility class in the Java SDK. Other languages and SDKs provide similar functionality.

-

You can optionally filter the results using the Filter - parameter. You can paginate the results using the MaxItems and - Marker parameters.

- operationId: POST_GetAccountAuthorizationDetails - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetAccountAuthorizationDetailsRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetAccountAuthorizationDetailsResult: - $ref: '#/components/schemas/GetAccountAuthorizationDetailsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetAccountAuthorizationDetails - /?Action=GetAccountPasswordPolicy&Version=2010-05-08: - get: - description: Retrieves the password policy for the Amazon Web Services account. - This tells you the complexity requirements and mandatory rotation periods - for the IAM user passwords in your account. For more information about using - a password policy, see Managing - an IAM password policy. - operationId: GET_GetAccountPasswordPolicy - parameters: [] - responses: - '200': - content: - text/xml: - schema: - properties: - GetAccountPasswordPolicyResult: - $ref: '#/components/schemas/GetAccountPasswordPolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetAccountPasswordPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Retrieves the password policy for the Amazon Web Services account. - This tells you the complexity requirements and mandatory rotation periods - for the IAM user passwords in your account. For more information about using - a password policy, see Managing - an IAM password policy. - operationId: POST_GetAccountPasswordPolicy - parameters: [] - responses: - '200': - content: - text/xml: - schema: - properties: - GetAccountPasswordPolicyResult: - $ref: '#/components/schemas/GetAccountPasswordPolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetAccountPasswordPolicy - /?Action=GetAccountSummary&Version=2010-05-08: - get: - description:

Retrieves information about IAM entity usage and IAM quotas - in the Amazon Web Services account.

For information about IAM quotas, - see IAM - and STS quotas in the IAM User Guide.

- operationId: GET_GetAccountSummary - parameters: [] - responses: - '200': - content: - text/xml: - schema: - properties: - GetAccountSummaryResult: - $ref: '#/components/schemas/GetAccountSummaryResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetAccountSummary - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Retrieves information about IAM entity usage and IAM quotas - in the Amazon Web Services account.

For information about IAM quotas, - see IAM - and STS quotas in the IAM User Guide.

- operationId: POST_GetAccountSummary - parameters: [] - responses: - '200': - content: - text/xml: - schema: - properties: - GetAccountSummaryResult: - $ref: '#/components/schemas/GetAccountSummaryResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetAccountSummary - /?Action=GetContextKeysForCustomPolicy&Version=2010-05-08: - get: - description:

Gets a list of all of the context keys referenced in the input - policies. The policies are supplied as a list of one or more strings. To get - the context keys from policies associated with an IAM user, group, or role, - use GetContextKeysForPrincipalPolicy.

Context keys are variables - maintained by Amazon Web Services and its services that provide details about - the context of an API query request. Context keys can be evaluated by testing - against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy - to understand what key names and values you must supply when you call SimulateCustomPolicy. - Note that all parameters are shown in unencoded form here for clarity but - must be URL encoded to be included as a part of a real HTML request.

- operationId: GET_GetContextKeysForCustomPolicy - parameters: - - description:

A list of policies for which you want the list of context - keys referenced in those policies. Each document is specified as a string - containing the complete, valid JSON text of an IAM policy.

The regex pattern used to validate - this parameter is a string of characters consisting of the following:

-

  • Any printable ASCII character ranging from the space character - (\u0020) through the end of the ASCII character range

    • -

  • The printable characters in the Basic Latin and Latin-1 Supplement - character set (through \u00FF)

  • The special - characters tab (\u0009), line feed (\u000A), and - carriage return (\u000D)

- in: query - name: PolicyInputList - required: true - schema: - items: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - xml: - name: member - type: array - responses: - '200': - content: - text/xml: - schema: - properties: - GetContextKeysForCustomPolicyResult: - $ref: '#/components/schemas/GetContextKeysForPolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: GetContextKeysForCustomPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Gets a list of all of the context keys referenced in the input - policies. The policies are supplied as a list of one or more strings. To get - the context keys from policies associated with an IAM user, group, or role, - use GetContextKeysForPrincipalPolicy.

Context keys are variables - maintained by Amazon Web Services and its services that provide details about - the context of an API query request. Context keys can be evaluated by testing - against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy - to understand what key names and values you must supply when you call SimulateCustomPolicy. - Note that all parameters are shown in unencoded form here for clarity but - must be URL encoded to be included as a part of a real HTML request.

- operationId: POST_GetContextKeysForCustomPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetContextKeysForCustomPolicyRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetContextKeysForCustomPolicyResult: - $ref: '#/components/schemas/GetContextKeysForPolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: GetContextKeysForCustomPolicy - /?Action=GetContextKeysForPrincipalPolicy&Version=2010-05-08: - get: - description:

Gets a list of all of the context keys referenced in all the - IAM policies that are attached to the specified IAM entity. The entity can - be an IAM user, group, or role. If you specify a user, then the request also - includes all of the policies attached to groups that the user is a member - of.

You can optionally include a list of one or more additional policies, - specified as strings. If you want to include only a list of policies - by string, use GetContextKeysForCustomPolicy instead.

Note: - This operation discloses information about the permissions granted to other - users. If you do not want users to see other user's permissions, then consider - allowing them to use GetContextKeysForCustomPolicy instead.

Context - keys are variables maintained by Amazon Web Services and its services that - provide details about the context of an API query request. Context keys can - be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy - to understand what key names and values you must supply when you call SimulatePrincipalPolicy.

- operationId: GET_GetContextKeysForPrincipalPolicy - parameters: - - description:

The ARN of a user, group, or role whose policies contain the - context keys that you want listed. If you specify a user, the list includes - context keys that are found in all policies that are attached to the user. - The list also includes all groups that the user is a member of. If you pick - a group or a role, then it includes only those context keys that are found - in policies attached to that entity. Note that all parameters are shown - in unencoded form here for clarity, but must be URL encoded to be included - as a part of a real HTML request.

For more information about ARNs, - see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicySourceArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description:

An optional list of additional policies for which you want - the list of context keys that are referenced.

The regex - pattern used to validate this parameter is a string of characters consisting - of the following:

  • Any printable ASCII character ranging - from the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line feed - (\u000A), and carriage return (\u000D)

    • -
- in: query - name: PolicyInputList - required: false - schema: - items: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - xml: - name: member - type: array - responses: - '200': - content: - text/xml: - schema: - properties: - GetContextKeysForPrincipalPolicyResult: - $ref: '#/components/schemas/GetContextKeysForPolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: GetContextKeysForPrincipalPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Gets a list of all of the context keys referenced in all the - IAM policies that are attached to the specified IAM entity. The entity can - be an IAM user, group, or role. If you specify a user, then the request also - includes all of the policies attached to groups that the user is a member - of.

You can optionally include a list of one or more additional policies, - specified as strings. If you want to include only a list of policies - by string, use GetContextKeysForCustomPolicy instead.

Note: - This operation discloses information about the permissions granted to other - users. If you do not want users to see other user's permissions, then consider - allowing them to use GetContextKeysForCustomPolicy instead.

Context - keys are variables maintained by Amazon Web Services and its services that - provide details about the context of an API query request. Context keys can - be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy - to understand what key names and values you must supply when you call SimulatePrincipalPolicy.

- operationId: POST_GetContextKeysForPrincipalPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetContextKeysForPrincipalPolicyRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetContextKeysForPrincipalPolicyResult: - $ref: '#/components/schemas/GetContextKeysForPolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: GetContextKeysForPrincipalPolicy - /?Action=GetCredentialReport&Version=2010-05-08: - get: - description: ' Retrieves a credential report for the Amazon Web Services account. - For more information about the credential report, see Getting - credential reports in the IAM User Guide.' - operationId: GET_GetCredentialReport - parameters: [] - responses: - '200': - content: - text/xml: - schema: - properties: - GetCredentialReportResult: - $ref: '#/components/schemas/GetCredentialReportResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/CredentialReportNotPresentException' - description: CredentialReportNotPresentException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/CredentialReportExpiredException' - description: CredentialReportExpiredException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/CredentialReportNotReadyException' - description: CredentialReportNotReadyException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetCredentialReport - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: ' Retrieves a credential report for the Amazon Web Services account. - For more information about the credential report, see Getting - credential reports in the IAM User Guide.' - operationId: POST_GetCredentialReport - parameters: [] - responses: - '200': - content: - text/xml: - schema: - properties: - GetCredentialReportResult: - $ref: '#/components/schemas/GetCredentialReportResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/CredentialReportNotPresentException' - description: CredentialReportNotPresentException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/CredentialReportExpiredException' - description: CredentialReportExpiredException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/CredentialReportNotReadyException' - description: CredentialReportNotReadyException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetCredentialReport - /?Action=GetGroup&Version=2010-05-08: - get: - description: ' Returns a list of IAM users that are in the specified IAM group. - You can paginate the results using the MaxItems and Marker - parameters.' - operationId: GET_GetGroup - parameters: - - description: '

The name of the group.

This parameter allows (through - its regex pattern) a string - of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: GroupName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - GetGroupResult: - $ref: '#/components/schemas/GetGroupResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetGroup - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: ' Returns a list of IAM users that are in the specified IAM group. - You can paginate the results using the MaxItems and Marker - parameters.' - operationId: POST_GetGroup - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetGroupRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetGroupResult: - $ref: '#/components/schemas/GetGroupResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetGroup - /?Action=GetGroupPolicy&Version=2010-05-08: - get: - description:

Retrieves the specified inline policy document that is embedded - in the specified IAM group.

Policies returned by this operation - are URL-encoded compliant with RFC - 3986. You can use a URL decoding method to convert the policy back to - plain JSON text. For example, if you use Java, you can use the decode - method of the java.net.URLDecoder utility class in the Java SDK. - Other languages and SDKs provide similar functionality.

An - IAM group can also have managed policies attached to it. To retrieve a managed - policy document that is attached to a group, use GetPolicy to determine - the policy's default version, then use GetPolicyVersion to retrieve - the policy document.

For more information about policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: GET_GetGroupPolicy - parameters: - - description: '

The name of the group the policy is associated with.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: GroupName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

The name of the policy document to get.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: PolicyName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetGroupPolicyResult: - $ref: '#/components/schemas/GetGroupPolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetGroupPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Retrieves the specified inline policy document that is embedded - in the specified IAM group.

Policies returned by this operation - are URL-encoded compliant with RFC - 3986. You can use a URL decoding method to convert the policy back to - plain JSON text. For example, if you use Java, you can use the decode - method of the java.net.URLDecoder utility class in the Java SDK. - Other languages and SDKs provide similar functionality.

An - IAM group can also have managed policies attached to it. To retrieve a managed - policy document that is attached to a group, use GetPolicy to determine - the policy's default version, then use GetPolicyVersion to retrieve - the policy document.

For more information about policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: POST_GetGroupPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetGroupPolicyRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetGroupPolicyResult: - $ref: '#/components/schemas/GetGroupPolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetGroupPolicy - /?Action=GetInstanceProfile&Version=2010-05-08: - get: - description: ' Retrieves information about the specified instance profile, including - the instance profile''s path, GUID, ARN, and role. For more information about - instance profiles, see About - instance profiles in the IAM User Guide.' - operationId: GET_GetInstanceProfile - parameters: - - description: '

The name of the instance profile to get information about.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: InstanceProfileName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetInstanceProfileResult: - $ref: '#/components/schemas/GetInstanceProfileResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetInstanceProfile - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: ' Retrieves information about the specified instance profile, including - the instance profile''s path, GUID, ARN, and role. For more information about - instance profiles, see About - instance profiles in the IAM User Guide.' - operationId: POST_GetInstanceProfile - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetInstanceProfileRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetInstanceProfileResult: - $ref: '#/components/schemas/GetInstanceProfileResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetInstanceProfile - /?Action=GetLoginProfile&Version=2010-05-08: - get: - description:

Retrieves the user name for the specified IAM user. A login - profile is created when you create a password for the user to access the Amazon - Web Services Management Console. If the user does not exist or does not have - a password, the operation returns a 404 (NoSuchEntity) error.

-

If you create an IAM user with access to the console, the CreateDate - reflects the date you created the initial password for the user.

If - you create an IAM user with programmatic access, and then later add a password - for the user to access the Amazon Web Services Management Console, the CreateDate - reflects the initial password creation date. A user with programmatic access - does not have a login profile unless you create a password for the user to - access the Amazon Web Services Management Console.

- operationId: GET_GetLoginProfile - parameters: - - description: '

The name of the user whose login profile you want to retrieve.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetLoginProfileResult: - $ref: '#/components/schemas/GetLoginProfileResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetLoginProfile - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Retrieves the user name for the specified IAM user. A login - profile is created when you create a password for the user to access the Amazon - Web Services Management Console. If the user does not exist or does not have - a password, the operation returns a 404 (NoSuchEntity) error.

-

If you create an IAM user with access to the console, the CreateDate - reflects the date you created the initial password for the user.

If - you create an IAM user with programmatic access, and then later add a password - for the user to access the Amazon Web Services Management Console, the CreateDate - reflects the initial password creation date. A user with programmatic access - does not have a login profile unless you create a password for the user to - access the Amazon Web Services Management Console.

- operationId: POST_GetLoginProfile - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetLoginProfileRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetLoginProfileResult: - $ref: '#/components/schemas/GetLoginProfileResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetLoginProfile - /?Action=GetOpenIDConnectProvider&Version=2010-05-08: - get: - description: Returns information about the specified OpenID Connect (OIDC) provider - resource object in IAM. - operationId: GET_GetOpenIDConnectProvider - parameters: - - description:

The Amazon Resource Name (ARN) of the OIDC provider resource - object in IAM to get information for. You can get a list of OIDC provider - resource ARNs by using the ListOpenIDConnectProviders operation.

-

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: OpenIDConnectProviderArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetOpenIDConnectProviderResult: - $ref: '#/components/schemas/GetOpenIDConnectProviderResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetOpenIDConnectProvider - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Returns information about the specified OpenID Connect (OIDC) provider - resource object in IAM. - operationId: POST_GetOpenIDConnectProvider - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetOpenIDConnectProviderRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetOpenIDConnectProviderResult: - $ref: '#/components/schemas/GetOpenIDConnectProviderResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetOpenIDConnectProvider - /?Action=GetOrganizationsAccessReport&Version=2010-05-08: - get: - description:

Retrieves the service last accessed data report for Organizations - that was previously generated using the GenerateOrganizationsAccessReport - operation. This operation retrieves the status of your report job - and the report contents.

Depending on the parameters that you passed - when you generated the report, the data returned could include different information. - For details, see GenerateOrganizationsAccessReport.

To call - this operation, you must be signed in to the management account in your organization. - SCPs must be enabled for your organization root. You must have permissions - to perform this operation. For more information, see Refining - permissions using service last accessed data in the IAM User Guide.

-

For each service that principals in an account (root users, IAM users, - or IAM roles) could access using SCPs, the operation returns details about - the most recent access attempt. If there was no attempt, the service is listed - without details about the most recent attempt to access the service. If the - operation fails, it returns the reason that it failed.

By default, - the list is sorted by service namespace.

- operationId: GET_GetOrganizationsAccessReport - parameters: - - description: The identifier of the request generated by the GenerateOrganizationsAccessReport - operation. - in: query - name: JobId - required: true - schema: - maxLength: 36 - minLength: 36 - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description: The key that is used to sort the results. If you choose the namespace - key, the results are returned in alphabetical order. If you choose the time - key, the results are sorted numerically by the date and time. - in: query - name: SortKey - required: false - schema: - enum: - - SERVICE_NAMESPACE_ASCENDING - - SERVICE_NAMESPACE_DESCENDING - - LAST_AUTHENTICATED_TIME_ASCENDING - - LAST_AUTHENTICATED_TIME_DESCENDING - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetOrganizationsAccessReportResult: - $ref: '#/components/schemas/GetOrganizationsAccessReportResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: GetOrganizationsAccessReport - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Retrieves the service last accessed data report for Organizations - that was previously generated using the GenerateOrganizationsAccessReport - operation. This operation retrieves the status of your report job - and the report contents.

Depending on the parameters that you passed - when you generated the report, the data returned could include different information. - For details, see GenerateOrganizationsAccessReport.

To call - this operation, you must be signed in to the management account in your organization. - SCPs must be enabled for your organization root. You must have permissions - to perform this operation. For more information, see Refining - permissions using service last accessed data in the IAM User Guide.

-

For each service that principals in an account (root users, IAM users, - or IAM roles) could access using SCPs, the operation returns details about - the most recent access attempt. If there was no attempt, the service is listed - without details about the most recent attempt to access the service. If the - operation fails, it returns the reason that it failed.

By default, - the list is sorted by service namespace.

- operationId: POST_GetOrganizationsAccessReport - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetOrganizationsAccessReportRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetOrganizationsAccessReportResult: - $ref: '#/components/schemas/GetOrganizationsAccessReportResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: GetOrganizationsAccessReport - /?Action=GetPolicy&Version=2010-05-08: - get: - description:

Retrieves information about the specified managed policy, including - the policy's default version and the total number of IAM users, groups, and - roles to which the policy is attached. To retrieve the list of the specific - users, groups, and roles that the policy is attached to, use ListEntitiesForPolicy. - This operation returns metadata about the policy. To retrieve the actual policy - document for a specific version of the policy, use GetPolicyVersion.

-

This operation retrieves information about managed policies. To retrieve - information about an inline policy that is embedded with an IAM user, group, - or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

-

For more information about policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: GET_GetPolicy - parameters: - - description:

The Amazon Resource Name (ARN) of the managed policy that - you want information about.

For more information about ARNs, see - Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetPolicyResult: - $ref: '#/components/schemas/GetPolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Retrieves information about the specified managed policy, including - the policy's default version and the total number of IAM users, groups, and - roles to which the policy is attached. To retrieve the list of the specific - users, groups, and roles that the policy is attached to, use ListEntitiesForPolicy. - This operation returns metadata about the policy. To retrieve the actual policy - document for a specific version of the policy, use GetPolicyVersion.

-

This operation retrieves information about managed policies. To retrieve - information about an inline policy that is embedded with an IAM user, group, - or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

-

For more information about policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: POST_GetPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetPolicyRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetPolicyResult: - $ref: '#/components/schemas/GetPolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetPolicy - /?Action=GetPolicyVersion&Version=2010-05-08: - get: - description:

Retrieves information about the specified version of the specified - managed policy, including the policy document.

Policies returned - by this operation are URL-encoded compliant with RFC - 3986. You can use a URL decoding method to convert the policy back to - plain JSON text. For example, if you use Java, you can use the decode - method of the java.net.URLDecoder utility class in the Java SDK. - Other languages and SDKs provide similar functionality.

To - list the available versions for a policy, use ListPolicyVersions.

-

This operation retrieves information about managed policies. To retrieve - information about an inline policy that is embedded in a user, group, or role, - use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

-

For more information about the types of policies, see Managed - policies and inline policies in the IAM User Guide.

For - more information about managed policy versions, see Versioning - for managed policies in the IAM User Guide.

- operationId: GET_GetPolicyVersion - parameters: - - description:

The Amazon Resource Name (ARN) of the managed policy that - you want information about.

For more information about ARNs, see - Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description:

Identifies the policy version to retrieve.

This parameter - allows (through its regex pattern) - a string of characters that consists of the lowercase letter 'v' followed - by one or two digits, and optionally followed by a period '.' and a string - of letters and digits.

- in: query - name: VersionId - required: true - schema: - pattern: v[1-9][0-9]*(\.[A-Za-z0-9-]*)? - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetPolicyVersionResult: - $ref: '#/components/schemas/GetPolicyVersionResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetPolicyVersion - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Retrieves information about the specified version of the specified - managed policy, including the policy document.

Policies returned - by this operation are URL-encoded compliant with RFC - 3986. You can use a URL decoding method to convert the policy back to - plain JSON text. For example, if you use Java, you can use the decode - method of the java.net.URLDecoder utility class in the Java SDK. - Other languages and SDKs provide similar functionality.

To - list the available versions for a policy, use ListPolicyVersions.

-

This operation retrieves information about managed policies. To retrieve - information about an inline policy that is embedded in a user, group, or role, - use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

-

For more information about the types of policies, see Managed - policies and inline policies in the IAM User Guide.

For - more information about managed policy versions, see Versioning - for managed policies in the IAM User Guide.

- operationId: POST_GetPolicyVersion - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetPolicyVersionRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetPolicyVersionResult: - $ref: '#/components/schemas/GetPolicyVersionResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetPolicyVersion - /?Action=GetRole&Version=2010-05-08: - get: - description:

Retrieves information about the specified role, including the - role's path, GUID, ARN, and the role's trust policy that grants permission - to assume the role. For more information about roles, see Working - with roles.

Policies returned by this operation are URL-encoded - compliant with RFC 3986. - You can use a URL decoding method to convert the policy back to plain JSON - text. For example, if you use Java, you can use the decode method - of the java.net.URLDecoder utility class in the Java SDK. Other - languages and SDKs provide similar functionality.

 - operationId: GET_GetRole - parameters: - - description: '

The name of the IAM role to get information about.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetRoleResult: - $ref: '#/components/schemas/GetRoleResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetRole - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Retrieves information about the specified role, including the - role's path, GUID, ARN, and the role's trust policy that grants permission - to assume the role. For more information about roles, see Working - with roles.

Policies returned by this operation are URL-encoded - compliant with RFC 3986. - You can use a URL decoding method to convert the policy back to plain JSON - text. For example, if you use Java, you can use the decode method - of the java.net.URLDecoder utility class in the Java SDK. Other - languages and SDKs provide similar functionality.

 - operationId: POST_GetRole - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetRoleRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetRoleResult: - $ref: '#/components/schemas/GetRoleResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetRole - /?Action=GetRolePolicy&Version=2010-05-08: - get: - description:

Retrieves the specified inline policy document that is embedded - with the specified IAM role.

Policies returned by this operation - are URL-encoded compliant with RFC - 3986. You can use a URL decoding method to convert the policy back to - plain JSON text. For example, if you use Java, you can use the decode - method of the java.net.URLDecoder utility class in the Java SDK. - Other languages and SDKs provide similar functionality.

An - IAM role can also have managed policies attached to it. To retrieve a managed - policy document that is attached to a role, use GetPolicy to determine - the policy's default version, then use GetPolicyVersion to retrieve - the policy document.

For more information about policies, see Managed - policies and inline policies in the IAM User Guide.

For - more information about roles, see Using - roles to delegate permissions and federate identities.

- operationId: GET_GetRolePolicy - parameters: - - description: '

The name of the role associated with the policy.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

The name of the policy document to get.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: PolicyName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetRolePolicyResult: - $ref: '#/components/schemas/GetRolePolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetRolePolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Retrieves the specified inline policy document that is embedded - with the specified IAM role.

Policies returned by this operation - are URL-encoded compliant with RFC - 3986. You can use a URL decoding method to convert the policy back to - plain JSON text. For example, if you use Java, you can use the decode - method of the java.net.URLDecoder utility class in the Java SDK. - Other languages and SDKs provide similar functionality.

An - IAM role can also have managed policies attached to it. To retrieve a managed - policy document that is attached to a role, use GetPolicy to determine - the policy's default version, then use GetPolicyVersion to retrieve - the policy document.

For more information about policies, see Managed - policies and inline policies in the IAM User Guide.

For - more information about roles, see Using - roles to delegate permissions and federate identities.

- operationId: POST_GetRolePolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetRolePolicyRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetRolePolicyResult: - $ref: '#/components/schemas/GetRolePolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetRolePolicy - /?Action=GetSAMLProvider&Version=2010-05-08: - get: - description:

Returns the SAML provider metadocument that was uploaded when - the IAM SAML provider resource object was created or updated.

This - operation requires Signature - Version 4.

 - operationId: GET_GetSAMLProvider - parameters: - - description:

The Amazon Resource Name (ARN) of the SAML provider resource - object in IAM to get information about.

For more information about - ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: SAMLProviderArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetSAMLProviderResult: - $ref: '#/components/schemas/GetSAMLProviderResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetSAMLProvider - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Returns the SAML provider metadocument that was uploaded when - the IAM SAML provider resource object was created or updated.

This - operation requires Signature - Version 4.

 - operationId: POST_GetSAMLProvider - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetSAMLProviderRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetSAMLProviderResult: - $ref: '#/components/schemas/GetSAMLProviderResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetSAMLProvider - /?Action=GetSSHPublicKey&Version=2010-05-08: - get: - description:

Retrieves the specified SSH public key, including metadata about - the key.

The SSH public key retrieved by this operation is used only - for authenticating the associated IAM user to an CodeCommit repository. For - more information about using SSH keys to authenticate to an CodeCommit repository, - see Set - up CodeCommit for SSH connections in the CodeCommit User Guide.

- operationId: GET_GetSSHPublicKey - parameters: - - description: '

The name of the IAM user associated with the SSH public key.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The unique identifier for the SSH public key.

This - parameter allows (through its regex - pattern) a string of characters that can consist of any upper or lowercased - letter or digit.

- in: query - name: SSHPublicKeyId - required: true - schema: - maxLength: 128 - minLength: 20 - pattern: '[\w]+' - type: string - - description: Specifies the public key encoding format to use in the response. - To retrieve the public key in ssh-rsa format, use SSH. To retrieve - the public key in PEM format, use PEM. - in: query - name: Encoding - required: true - schema: - enum: - - SSH - - PEM - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetSSHPublicKeyResult: - $ref: '#/components/schemas/GetSSHPublicKeyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnrecognizedPublicKeyEncodingException' - description: UnrecognizedPublicKeyEncodingException - x-aws-operation-name: GetSSHPublicKey - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Retrieves the specified SSH public key, including metadata about - the key.

The SSH public key retrieved by this operation is used only - for authenticating the associated IAM user to an CodeCommit repository. For - more information about using SSH keys to authenticate to an CodeCommit repository, - see Set - up CodeCommit for SSH connections in the CodeCommit User Guide.

- operationId: POST_GetSSHPublicKey - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetSSHPublicKeyRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetSSHPublicKeyResult: - $ref: '#/components/schemas/GetSSHPublicKeyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnrecognizedPublicKeyEncodingException' - description: UnrecognizedPublicKeyEncodingException - x-aws-operation-name: GetSSHPublicKey - /?Action=GetServerCertificate&Version=2010-05-08: - get: - description:

Retrieves information about the specified server certificate - stored in IAM.

For more information about working with server certificates, - see Working - with server certificates in the IAM User Guide. This topic includes - a list of Amazon Web Services services that can use the server certificates - that you manage with IAM.

- operationId: GET_GetServerCertificate - parameters: - - description: '

The name of the server certificate you want to retrieve information - about.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: ServerCertificateName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetServerCertificateResult: - $ref: '#/components/schemas/GetServerCertificateResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetServerCertificate - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Retrieves information about the specified server certificate - stored in IAM.

For more information about working with server certificates, - see Working - with server certificates in the IAM User Guide. This topic includes - a list of Amazon Web Services services that can use the server certificates - that you manage with IAM.

- operationId: POST_GetServerCertificate - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetServerCertificateRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetServerCertificateResult: - $ref: '#/components/schemas/GetServerCertificateResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetServerCertificate - /?Action=GetServiceLastAccessedDetails&Version=2010-05-08: - get: - description: "

Retrieves a service last accessed report that was created using\ - \ the GenerateServiceLastAccessedDetails operation. You can use\ - \ the JobId parameter in GetServiceLastAccessedDetails\ - \ to retrieve the status of your report job. When the report is complete,\ - \ you can retrieve the generated report. The report includes a list of Amazon\ - \ Web Services services that the resource (user, group, role, or managed policy)\ - \ can access.

Service last accessed data does not use other\ - \ policy types when determining whether a resource could access a service.\ - \ These other policy types include resource-based policies, access control\ - \ lists, Organizations policies, IAM permissions boundaries, and STS assume\ - \ role policies. It only applies permissions policy logic. For more about\ - \ the evaluation of policy types, see Evaluating policies in the IAM User Guide.

For\ - \ each service that the resource could access using permissions policies,\ - \ the operation returns details about the most recent access attempt. If there\ - \ was no attempt, the service is listed without details about the most recent\ - \ attempt to access the service. If the operation fails, the GetServiceLastAccessedDetails\ - \ operation returns the reason that it failed.

The GetServiceLastAccessedDetails\ - \ operation returns a list of services. This list includes the number of entities\ - \ that have attempted to access the service and the date and time of the last\ - \ attempt. It also returns the ARN of the following entity, depending on the\ - \ resource ARN that you used to generate the report:

  • User\ - \ \u2013 Returns the user ARN that you used to generate the report

    • \ - \

  • Group \u2013 Returns the ARN of the group member (user)\ - \ that last attempted to access the service

  • Role\ - \ \u2013 Returns the role ARN that you used to generate the report

    • \ - \

  • Policy \u2013 Returns the ARN of the user or role that last\ - \ used the policy to attempt to access the service

By default,\ - \ the list is sorted by service namespace.

If you specified ACTION_LEVEL\ - \ granularity when you generated the report, this operation returns service\ - \ and action last accessed data. This includes the most recent access attempt\ - \ for each tracked action within a service. Otherwise, this operation returns\ - \ only service data.

For more information about service and action\ - \ last accessed data, see Reducing permissions using service last accessed data in the IAM User\ - \ Guide.

" - operationId: GET_GetServiceLastAccessedDetails - parameters: - - description: The ID of the request generated by the GenerateServiceLastAccessedDetails - operation. The JobId returned by GenerateServiceLastAccessedDetail - must be used by the same role within a session, or by the same user when - used to call GetServiceLastAccessedDetail. - in: query - name: JobId - required: true - schema: - maxLength: 36 - minLength: 36 - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetServiceLastAccessedDetailsResult: - $ref: '#/components/schemas/GetServiceLastAccessedDetailsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: GetServiceLastAccessedDetails - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: "

Retrieves a service last accessed report that was created using\ - \ the GenerateServiceLastAccessedDetails operation. You can use\ - \ the JobId parameter in GetServiceLastAccessedDetails\ - \ to retrieve the status of your report job. When the report is complete,\ - \ you can retrieve the generated report. The report includes a list of Amazon\ - \ Web Services services that the resource (user, group, role, or managed policy)\ - \ can access.

Service last accessed data does not use other\ - \ policy types when determining whether a resource could access a service.\ - \ These other policy types include resource-based policies, access control\ - \ lists, Organizations policies, IAM permissions boundaries, and STS assume\ - \ role policies. It only applies permissions policy logic. For more about\ - \ the evaluation of policy types, see Evaluating policies in the IAM User Guide.

For\ - \ each service that the resource could access using permissions policies,\ - \ the operation returns details about the most recent access attempt. If there\ - \ was no attempt, the service is listed without details about the most recent\ - \ attempt to access the service. If the operation fails, the GetServiceLastAccessedDetails\ - \ operation returns the reason that it failed.

The GetServiceLastAccessedDetails\ - \ operation returns a list of services. This list includes the number of entities\ - \ that have attempted to access the service and the date and time of the last\ - \ attempt. It also returns the ARN of the following entity, depending on the\ - \ resource ARN that you used to generate the report:

  • User\ - \ \u2013 Returns the user ARN that you used to generate the report

    • \ - \

  • Group \u2013 Returns the ARN of the group member (user)\ - \ that last attempted to access the service

  • Role\ - \ \u2013 Returns the role ARN that you used to generate the report

    • \ - \

  • Policy \u2013 Returns the ARN of the user or role that last\ - \ used the policy to attempt to access the service

By default,\ - \ the list is sorted by service namespace.

If you specified ACTION_LEVEL\ - \ granularity when you generated the report, this operation returns service\ - \ and action last accessed data. This includes the most recent access attempt\ - \ for each tracked action within a service. Otherwise, this operation returns\ - \ only service data.

For more information about service and action\ - \ last accessed data, see Reducing permissions using service last accessed data in the IAM User\ - \ Guide.

" - operationId: POST_GetServiceLastAccessedDetails - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetServiceLastAccessedDetailsRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetServiceLastAccessedDetailsResult: - $ref: '#/components/schemas/GetServiceLastAccessedDetailsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: GetServiceLastAccessedDetails - /?Action=GetServiceLastAccessedDetailsWithEntities&Version=2010-05-08: - get: - description: "

After you generate a group or policy report using the GenerateServiceLastAccessedDetails\ - \ operation, you can use the JobId parameter in GetServiceLastAccessedDetailsWithEntities.\ - \ This operation retrieves the status of your report job and a list of entities\ - \ that could have used group or policy permissions to access the specified\ - \ service.

  • Group \u2013 For a group report, this\ - \ operation returns a list of users in the group that could have used the\ - \ group\u2019s policies in an attempt to access the service.

  • \ - \

    Policy \u2013 For a policy report, this operation returns a list\ - \ of entities (users or roles) that could have used the policy in an attempt\ - \ to access the service.

You can also use this operation\ - \ for user or role reports to retrieve details about those entities.

If\ - \ the operation fails, the GetServiceLastAccessedDetailsWithEntities\ - \ operation returns the reason that it failed.

By default, the list\ - \ of associated entities is sorted by date, with the most recent access listed\ - \ first.

" - operationId: GET_GetServiceLastAccessedDetailsWithEntities - parameters: - - description: The ID of the request generated by the GenerateServiceLastAccessedDetails - operation. - in: query - name: JobId - required: true - schema: - maxLength: 36 - minLength: 36 - type: string - - description: "

The service namespace for an Amazon Web Services service.\ - \ Provide the service namespace to learn when the IAM entity last attempted\ - \ to access the specified service.

To learn the service namespace\ - \ for a service, see Actions, resources, and condition keys for Amazon Web Services services\ - \ in the IAM User Guide. Choose the name of the service to view details\ - \ for that service. In the first paragraph, find the service prefix. For\ - \ example, (service prefix: a4b). For more information about\ - \ service namespaces, see Amazon Web Services service namespaces in the\_Amazon Web Services\ - \ General Reference.

" - in: query - name: ServiceNamespace - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w-]*' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetServiceLastAccessedDetailsWithEntitiesResult: - $ref: '#/components/schemas/GetServiceLastAccessedDetailsWithEntitiesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: GetServiceLastAccessedDetailsWithEntities - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: "

After you generate a group or policy report using the GenerateServiceLastAccessedDetails\ - \ operation, you can use the JobId parameter in GetServiceLastAccessedDetailsWithEntities.\ - \ This operation retrieves the status of your report job and a list of entities\ - \ that could have used group or policy permissions to access the specified\ - \ service.

  • Group \u2013 For a group report, this\ - \ operation returns a list of users in the group that could have used the\ - \ group\u2019s policies in an attempt to access the service.

  • \ - \

    Policy \u2013 For a policy report, this operation returns a list\ - \ of entities (users or roles) that could have used the policy in an attempt\ - \ to access the service.

You can also use this operation\ - \ for user or role reports to retrieve details about those entities.

If\ - \ the operation fails, the GetServiceLastAccessedDetailsWithEntities\ - \ operation returns the reason that it failed.

By default, the list\ - \ of associated entities is sorted by date, with the most recent access listed\ - \ first.

" - operationId: POST_GetServiceLastAccessedDetailsWithEntities - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetServiceLastAccessedDetailsWithEntitiesRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetServiceLastAccessedDetailsWithEntitiesResult: - $ref: '#/components/schemas/GetServiceLastAccessedDetailsWithEntitiesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: GetServiceLastAccessedDetailsWithEntities - /?Action=GetServiceLinkedRoleDeletionStatus&Version=2010-05-08: - get: - description: Retrieves the status of your service-linked role deletion. After - you use DeleteServiceLinkedRole to submit a service-linked role for - deletion, you can use the DeletionTaskId parameter in GetServiceLinkedRoleDeletionStatus - to check the status of the deletion. If the deletion fails, this operation - returns the reason that it failed, if that information is returned by the - service. - operationId: GET_GetServiceLinkedRoleDeletionStatus - parameters: - - description: The deletion task identifier. This identifier is returned by - the DeleteServiceLinkedRole operation in the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>. - in: query - name: DeletionTaskId - required: true - schema: - maxLength: 1000 - minLength: 1 - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetServiceLinkedRoleDeletionStatusResult: - $ref: '#/components/schemas/GetServiceLinkedRoleDeletionStatusResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetServiceLinkedRoleDeletionStatus - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Retrieves the status of your service-linked role deletion. After - you use DeleteServiceLinkedRole to submit a service-linked role for - deletion, you can use the DeletionTaskId parameter in GetServiceLinkedRoleDeletionStatus - to check the status of the deletion. If the deletion fails, this operation - returns the reason that it failed, if that information is returned by the - service. - operationId: POST_GetServiceLinkedRoleDeletionStatus - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetServiceLinkedRoleDeletionStatusRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetServiceLinkedRoleDeletionStatusResult: - $ref: '#/components/schemas/GetServiceLinkedRoleDeletionStatusResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetServiceLinkedRoleDeletionStatus - /?Action=GetUser&Version=2010-05-08: - get: - description:

Retrieves information about the specified IAM user, including - the user's creation date, path, unique ID, and ARN.

If you do not specify - a user name, IAM determines the user name implicitly based on the Amazon Web - Services access key ID used to sign the request to this operation.

- operationId: GET_GetUser - parameters: - - description: '

The name of the user to get information about.

This - parameter is optional. If it is not included, it defaults to the user making - the request. This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: false - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetUserResult: - $ref: '#/components/schemas/GetUserResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetUser - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Retrieves information about the specified IAM user, including - the user's creation date, path, unique ID, and ARN.

If you do not specify - a user name, IAM determines the user name implicitly based on the Amazon Web - Services access key ID used to sign the request to this operation.

- operationId: POST_GetUser - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetUserRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetUserResult: - $ref: '#/components/schemas/GetUserResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetUser - /?Action=GetUserPolicy&Version=2010-05-08: - get: - description:

Retrieves the specified inline policy document that is embedded - in the specified IAM user.

Policies returned by this operation - are URL-encoded compliant with RFC - 3986. You can use a URL decoding method to convert the policy back to - plain JSON text. For example, if you use Java, you can use the decode - method of the java.net.URLDecoder utility class in the Java SDK. - Other languages and SDKs provide similar functionality.

An - IAM user can also have managed policies attached to it. To retrieve a managed - policy document that is attached to a user, use GetPolicy to determine - the policy's default version. Then use GetPolicyVersion to retrieve - the policy document.

For more information about policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: GET_GetUserPolicy - parameters: - - description: '

The name of the user who the policy is associated with.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

The name of the policy document to get.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: PolicyName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - GetUserPolicyResult: - $ref: '#/components/schemas/GetUserPolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetUserPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Retrieves the specified inline policy document that is embedded - in the specified IAM user.

Policies returned by this operation - are URL-encoded compliant with RFC - 3986. You can use a URL decoding method to convert the policy back to - plain JSON text. For example, if you use Java, you can use the decode - method of the java.net.URLDecoder utility class in the Java SDK. - Other languages and SDKs provide similar functionality.

An - IAM user can also have managed policies attached to it. To retrieve a managed - policy document that is attached to a user, use GetPolicy to determine - the policy's default version. Then use GetPolicyVersion to retrieve - the policy document.

For more information about policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: POST_GetUserPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/GetUserPolicyRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - GetUserPolicyResult: - $ref: '#/components/schemas/GetUserPolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: GetUserPolicy - /?Action=ListAccessKeys&Version=2010-05-08: - get: - description:

Returns information about the access key IDs associated with - the specified IAM user. If there is none, the operation returns an empty list.

-

Although each user is limited to a small number of keys, you can still - paginate the results using the MaxItems and Marker - parameters.

If the UserName field is not specified, the - user name is determined implicitly based on the Amazon Web Services access - key ID used to sign the request. This operation works for access keys under - the Amazon Web Services account. Consequently, you can use this operation - to manage Amazon Web Services account root user credentials even if the Amazon - Web Services account has no associated users.

To ensure the - security of your Amazon Web Services account, the secret access key is accessible - only during key and user creation.

 - operationId: GET_ListAccessKeys - parameters: - - description: '

The name of the user.

This parameter allows (through - its regex pattern) a string - of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: UserName - required: false - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListAccessKeysResult: - $ref: '#/components/schemas/ListAccessKeysResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListAccessKeys - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Returns information about the access key IDs associated with - the specified IAM user. If there is none, the operation returns an empty list.

-

Although each user is limited to a small number of keys, you can still - paginate the results using the MaxItems and Marker - parameters.

If the UserName field is not specified, the - user name is determined implicitly based on the Amazon Web Services access - key ID used to sign the request. This operation works for access keys under - the Amazon Web Services account. Consequently, you can use this operation - to manage Amazon Web Services account root user credentials even if the Amazon - Web Services account has no associated users.

To ensure the - security of your Amazon Web Services account, the secret access key is accessible - only during key and user creation.

 - operationId: POST_ListAccessKeys - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListAccessKeysRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListAccessKeysResult: - $ref: '#/components/schemas/ListAccessKeysResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListAccessKeys - /?Action=ListAccountAliases&Version=2010-05-08: - get: - description: 'Lists the account alias associated with the Amazon Web Services - account (Note: you can have only one). For information about using an Amazon - Web Services account alias, see Using - an alias for your Amazon Web Services account ID in the IAM User Guide.' - operationId: GET_ListAccountAliases - parameters: - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListAccountAliasesResult: - $ref: '#/components/schemas/ListAccountAliasesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListAccountAliases - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: 'Lists the account alias associated with the Amazon Web Services - account (Note: you can have only one). For information about using an Amazon - Web Services account alias, see Using - an alias for your Amazon Web Services account ID in the IAM User Guide.' - operationId: POST_ListAccountAliases - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListAccountAliasesRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListAccountAliasesResult: - $ref: '#/components/schemas/ListAccountAliasesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListAccountAliases - /?Action=ListAttachedGroupPolicies&Version=2010-05-08: - get: - description:

Lists all managed policies that are attached to the specified - IAM group.

An IAM group can also have inline policies embedded with - it. To list the inline policies for a group, use ListGroupPolicies. - For information about policies, see Managed - policies and inline policies in the IAM User Guide.

You - can paginate the results using the MaxItems and Marker - parameters. You can use the PathPrefix parameter to limit the - list of policies to only those matching the specified path prefix. If there - are no policies attached to the specified group (or none that match the specified - path prefix), the operation returns an empty list.

- operationId: GET_ListAttachedGroupPolicies - parameters: - - description: '

The name (friendly name, not ARN) of the group to list attached - policies for.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: GroupName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The path prefix for filtering the results. This parameter - is optional. If it is not included, it defaults to a slash (/), listing - all policies.

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- in: query - name: PathPrefix - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListAttachedGroupPoliciesResult: - $ref: '#/components/schemas/ListAttachedGroupPoliciesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListAttachedGroupPolicies - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists all managed policies that are attached to the specified - IAM group.

An IAM group can also have inline policies embedded with - it. To list the inline policies for a group, use ListGroupPolicies. - For information about policies, see Managed - policies and inline policies in the IAM User Guide.

You - can paginate the results using the MaxItems and Marker - parameters. You can use the PathPrefix parameter to limit the - list of policies to only those matching the specified path prefix. If there - are no policies attached to the specified group (or none that match the specified - path prefix), the operation returns an empty list.

- operationId: POST_ListAttachedGroupPolicies - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListAttachedGroupPoliciesRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListAttachedGroupPoliciesResult: - $ref: '#/components/schemas/ListAttachedGroupPoliciesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListAttachedGroupPolicies - /?Action=ListAttachedRolePolicies&Version=2010-05-08: - get: - description:

Lists all managed policies that are attached to the specified - IAM role.

An IAM role can also have inline policies embedded with it. - To list the inline policies for a role, use ListRolePolicies. For information - about policies, see Managed - policies and inline policies in the IAM User Guide.

You - can paginate the results using the MaxItems and Marker - parameters. You can use the PathPrefix parameter to limit the - list of policies to only those matching the specified path prefix. If there - are no policies attached to the specified role (or none that match the specified - path prefix), the operation returns an empty list.

- operationId: GET_ListAttachedRolePolicies - parameters: - - description: '

The name (friendly name, not ARN) of the role to list attached - policies for.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The path prefix for filtering the results. This parameter - is optional. If it is not included, it defaults to a slash (/), listing - all policies.

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- in: query - name: PathPrefix - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListAttachedRolePoliciesResult: - $ref: '#/components/schemas/ListAttachedRolePoliciesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListAttachedRolePolicies - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists all managed policies that are attached to the specified - IAM role.

An IAM role can also have inline policies embedded with it. - To list the inline policies for a role, use ListRolePolicies. For information - about policies, see Managed - policies and inline policies in the IAM User Guide.

You - can paginate the results using the MaxItems and Marker - parameters. You can use the PathPrefix parameter to limit the - list of policies to only those matching the specified path prefix. If there - are no policies attached to the specified role (or none that match the specified - path prefix), the operation returns an empty list.

- operationId: POST_ListAttachedRolePolicies - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListAttachedRolePoliciesRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListAttachedRolePoliciesResult: - $ref: '#/components/schemas/ListAttachedRolePoliciesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListAttachedRolePolicies - /?Action=ListAttachedUserPolicies&Version=2010-05-08: - get: - description:

Lists all managed policies that are attached to the specified - IAM user.

An IAM user can also have inline policies embedded with it. - To list the inline policies for a user, use ListUserPolicies. For information - about policies, see Managed - policies and inline policies in the IAM User Guide.

You - can paginate the results using the MaxItems and Marker - parameters. You can use the PathPrefix parameter to limit the - list of policies to only those matching the specified path prefix. If there - are no policies attached to the specified group (or none that match the specified - path prefix), the operation returns an empty list.

- operationId: GET_ListAttachedUserPolicies - parameters: - - description: '

The name (friendly name, not ARN) of the user to list attached - policies for.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The path prefix for filtering the results. This parameter - is optional. If it is not included, it defaults to a slash (/), listing - all policies.

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- in: query - name: PathPrefix - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListAttachedUserPoliciesResult: - $ref: '#/components/schemas/ListAttachedUserPoliciesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListAttachedUserPolicies - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists all managed policies that are attached to the specified - IAM user.

An IAM user can also have inline policies embedded with it. - To list the inline policies for a user, use ListUserPolicies. For information - about policies, see Managed - policies and inline policies in the IAM User Guide.

You - can paginate the results using the MaxItems and Marker - parameters. You can use the PathPrefix parameter to limit the - list of policies to only those matching the specified path prefix. If there - are no policies attached to the specified group (or none that match the specified - path prefix), the operation returns an empty list.

- operationId: POST_ListAttachedUserPolicies - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListAttachedUserPoliciesRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListAttachedUserPoliciesResult: - $ref: '#/components/schemas/ListAttachedUserPoliciesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListAttachedUserPolicies - /?Action=ListEntitiesForPolicy&Version=2010-05-08: - get: - description:

Lists all IAM users, groups, and roles that the specified managed - policy is attached to.

You can use the optional EntityFilter - parameter to limit the results to a particular type of entity (users, groups, - or roles). For example, to list only the roles that are attached to the specified - policy, set EntityFilter to Role.

You can - paginate the results using the MaxItems and Marker - parameters.

- operationId: GET_ListEntitiesForPolicy - parameters: - - description:

The Amazon Resource Name (ARN) of the IAM policy for which - you want the versions.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description:

The entity type to use for filtering the results.

For - example, when EntityFilter is Role, only the roles - that are attached to the specified policy are returned. This parameter is - optional. If it is not included, all attached entities (users, groups, and - roles) are returned. The argument for this parameter must be one of the - valid values listed below.

- in: query - name: EntityFilter - required: false - schema: - enum: - - User - - Role - - Group - - LocalManagedPolicy - - AWSManagedPolicy - type: string - - description:

The path prefix for filtering the results. This parameter - is optional. If it is not included, it defaults to a slash (/), listing - all entities.

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- in: query - name: PathPrefix - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) - type: string - - description: "

The policy usage method to use for filtering the results.

\ - \

To list only permissions policies, set\_PolicyUsageFilter\_\ - to\_PermissionsPolicy. To list only the policies used to set\ - \ permissions boundaries, set\_the value to\_PermissionsBoundary.

\ - \

This parameter is optional. If it is not included, all policies are\ - \ returned.

" - in: query - name: PolicyUsageFilter - required: false - schema: - description:

The policy usage type that indicates whether the policy - is used as a permissions policy or as the permissions boundary for an - entity.

For more information about permissions boundaries, see - Permissions - boundaries for IAM identities in the IAM User Guide.

- enum: - - PermissionsPolicy - - PermissionsBoundary - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListEntitiesForPolicyResult: - $ref: '#/components/schemas/ListEntitiesForPolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListEntitiesForPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists all IAM users, groups, and roles that the specified managed - policy is attached to.

You can use the optional EntityFilter - parameter to limit the results to a particular type of entity (users, groups, - or roles). For example, to list only the roles that are attached to the specified - policy, set EntityFilter to Role.

You can - paginate the results using the MaxItems and Marker - parameters.

- operationId: POST_ListEntitiesForPolicy - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListEntitiesForPolicyRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListEntitiesForPolicyResult: - $ref: '#/components/schemas/ListEntitiesForPolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListEntitiesForPolicy - /?Action=ListGroupPolicies&Version=2010-05-08: - get: - description:

Lists the names of the inline policies that are embedded in - the specified IAM group.

An IAM group can also have managed policies - attached to it. To list the managed policies that are attached to a group, - use ListAttachedGroupPolicies. For more information about policies, - see Managed - policies and inline policies in the IAM User Guide.

You - can paginate the results using the MaxItems and Marker - parameters. If there are no inline policies embedded with the specified group, - the operation returns an empty list.

- operationId: GET_ListGroupPolicies - parameters: - - description: '

The name of the group to list policies for.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: GroupName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListGroupPoliciesResult: - $ref: '#/components/schemas/ListGroupPoliciesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListGroupPolicies - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the names of the inline policies that are embedded in - the specified IAM group.

An IAM group can also have managed policies - attached to it. To list the managed policies that are attached to a group, - use ListAttachedGroupPolicies. For more information about policies, - see Managed - policies and inline policies in the IAM User Guide.

You - can paginate the results using the MaxItems and Marker - parameters. If there are no inline policies embedded with the specified group, - the operation returns an empty list.

- operationId: POST_ListGroupPolicies - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListGroupPoliciesRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListGroupPoliciesResult: - $ref: '#/components/schemas/ListGroupPoliciesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListGroupPolicies - /?Action=ListGroups&Version=2010-05-08: - get: - description:

Lists the IAM groups that have the specified path prefix.

-

You can paginate the results using the MaxItems and Marker - parameters.

- operationId: GET_ListGroups - parameters: - - description:

The path prefix for filtering the results. For example, the - prefix /division_abc/subdivision_xyz/ gets all groups whose - path starts with /division_abc/subdivision_xyz/.

This - parameter is optional. If it is not included, it defaults to a slash (/), - listing all groups. This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- in: query - name: PathPrefix - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: \u002F[\u0021-\u007F]* - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListGroupsResult: - $ref: '#/components/schemas/ListGroupsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListGroups - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the IAM groups that have the specified path prefix.

-

You can paginate the results using the MaxItems and Marker - parameters.

- operationId: POST_ListGroups - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListGroupsRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListGroupsResult: - $ref: '#/components/schemas/ListGroupsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListGroups - /?Action=ListGroupsForUser&Version=2010-05-08: - get: - description:

Lists the IAM groups that the specified IAM user belongs to.

-

You can paginate the results using the MaxItems and Marker - parameters.

- operationId: GET_ListGroupsForUser - parameters: - - description: '

The name of the user to list groups for.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListGroupsForUserResult: - $ref: '#/components/schemas/ListGroupsForUserResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListGroupsForUser - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the IAM groups that the specified IAM user belongs to.

-

You can paginate the results using the MaxItems and Marker - parameters.

- operationId: POST_ListGroupsForUser - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListGroupsForUserRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListGroupsForUserResult: - $ref: '#/components/schemas/ListGroupsForUserResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListGroupsForUser - /?Action=ListInstanceProfileTags&Version=2010-05-08: - get: - description: Lists the tags that are attached to the specified IAM instance - profile. The returned list of tags is sorted by tag key. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: GET_ListInstanceProfileTags - parameters: - - description: '

The name of the IAM instance profile whose tags you want - to see.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: InstanceProfileName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListInstanceProfileTagsResult: - $ref: '#/components/schemas/ListInstanceProfileTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListInstanceProfileTags - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Lists the tags that are attached to the specified IAM instance - profile. The returned list of tags is sorted by tag key. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: POST_ListInstanceProfileTags - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListInstanceProfileTagsRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListInstanceProfileTagsResult: - $ref: '#/components/schemas/ListInstanceProfileTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListInstanceProfileTags - /?Action=ListInstanceProfiles&Version=2010-05-08: - get: - description:

Lists the instance profiles that have the specified path prefix. - If there are none, the operation returns an empty list. For more information - about instance profiles, see About - instance profiles.

IAM resource-listing operations return - a subset of the available attributes for the resource. For example, this operation - does not return tags, even though they are an attribute of the returned object. - To view all of the information for an instance profile, see GetInstanceProfile.

-

You can paginate the results using the MaxItems and - Marker parameters.

- operationId: GET_ListInstanceProfiles - parameters: - - description:

The path prefix for filtering the results. For example, the - prefix /application_abc/component_xyz/ gets all instance profiles - whose path starts with /application_abc/component_xyz/.

-

This parameter is optional. If it is not included, it defaults to a slash - (/), listing all instance profiles. This parameter allows (through its regex pattern) a string of characters - consisting of either a forward slash (/) by itself or a string that must - begin and end with forward slashes. In addition, it can contain any ASCII - character from the ! (\u0021) through the DEL character (\u007F), - including most punctuation characters, digits, and upper and lowercased - letters.

- in: query - name: PathPrefix - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: \u002F[\u0021-\u007F]* - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListInstanceProfilesResult: - $ref: '#/components/schemas/ListInstanceProfilesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListInstanceProfiles - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the instance profiles that have the specified path prefix. - If there are none, the operation returns an empty list. For more information - about instance profiles, see About - instance profiles.

IAM resource-listing operations return - a subset of the available attributes for the resource. For example, this operation - does not return tags, even though they are an attribute of the returned object. - To view all of the information for an instance profile, see GetInstanceProfile.

-

You can paginate the results using the MaxItems and - Marker parameters.

- operationId: POST_ListInstanceProfiles - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListInstanceProfilesRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListInstanceProfilesResult: - $ref: '#/components/schemas/ListInstanceProfilesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListInstanceProfiles - /?Action=ListInstanceProfilesForRole&Version=2010-05-08: - get: - description:

Lists the instance profiles that have the specified associated - IAM role. If there are none, the operation returns an empty list. For more - information about instance profiles, go to About - instance profiles.

You can paginate the results using the MaxItems - and Marker parameters.

- operationId: GET_ListInstanceProfilesForRole - parameters: - - description: '

The name of the role to list instance profiles for.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListInstanceProfilesForRoleResult: - $ref: '#/components/schemas/ListInstanceProfilesForRoleResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListInstanceProfilesForRole - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the instance profiles that have the specified associated - IAM role. If there are none, the operation returns an empty list. For more - information about instance profiles, go to About - instance profiles.

You can paginate the results using the MaxItems - and Marker parameters.

- operationId: POST_ListInstanceProfilesForRole - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListInstanceProfilesForRoleRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListInstanceProfilesForRoleResult: - $ref: '#/components/schemas/ListInstanceProfilesForRoleResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListInstanceProfilesForRole - /?Action=ListMFADeviceTags&Version=2010-05-08: - get: - description: Lists the tags that are attached to the specified IAM virtual multi-factor - authentication (MFA) device. The returned list of tags is sorted by tag key. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: GET_ListMFADeviceTags - parameters: - - description: '

The unique identifier for the IAM virtual MFA device whose - tags you want to see. For virtual MFA devices, the serial number is the - same as the ARN.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: SerialNumber - required: true - schema: - maxLength: 256 - minLength: 9 - pattern: '[\w+=/:,.@-]+' - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListMFADeviceTagsResult: - $ref: '#/components/schemas/ListMFADeviceTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListMFADeviceTags - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Lists the tags that are attached to the specified IAM virtual multi-factor - authentication (MFA) device. The returned list of tags is sorted by tag key. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: POST_ListMFADeviceTags - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListMFADeviceTagsRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListMFADeviceTagsResult: - $ref: '#/components/schemas/ListMFADeviceTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListMFADeviceTags - /?Action=ListMFADevices&Version=2010-05-08: - get: - description:

Lists the MFA devices for an IAM user. If the request includes - a IAM user name, then this operation lists all the MFA devices associated - with the specified user. If you do not specify a user name, IAM determines - the user name implicitly based on the Amazon Web Services access key ID signing - the request for this operation.

You can paginate the results using - the MaxItems and Marker parameters.

- operationId: GET_ListMFADevices - parameters: - - description: '

The name of the user whose MFA devices you want to list.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: false - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListMFADevicesResult: - $ref: '#/components/schemas/ListMFADevicesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListMFADevices - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the MFA devices for an IAM user. If the request includes - a IAM user name, then this operation lists all the MFA devices associated - with the specified user. If you do not specify a user name, IAM determines - the user name implicitly based on the Amazon Web Services access key ID signing - the request for this operation.

You can paginate the results using - the MaxItems and Marker parameters.

- operationId: POST_ListMFADevices - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListMFADevicesRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListMFADevicesResult: - $ref: '#/components/schemas/ListMFADevicesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListMFADevices - /?Action=ListOpenIDConnectProviderTags&Version=2010-05-08: - get: - description:

Lists the tags that are attached to the specified OpenID Connect - (OIDC)-compatible identity provider. The returned list of tags is sorted by - tag key. For more information, see About - web identity federation.

For more information about tagging, see - Tagging - IAM resources in the IAM User Guide.

- operationId: GET_ListOpenIDConnectProviderTags - parameters: - - description: '

The ARN of the OpenID Connect (OIDC) identity provider whose - tags you want to see.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: OpenIDConnectProviderArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListOpenIDConnectProviderTagsResult: - $ref: '#/components/schemas/ListOpenIDConnectProviderTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: ListOpenIDConnectProviderTags - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the tags that are attached to the specified OpenID Connect - (OIDC)-compatible identity provider. The returned list of tags is sorted by - tag key. For more information, see About - web identity federation.

For more information about tagging, see - Tagging - IAM resources in the IAM User Guide.

- operationId: POST_ListOpenIDConnectProviderTags - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListOpenIDConnectProviderTagsRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListOpenIDConnectProviderTagsResult: - $ref: '#/components/schemas/ListOpenIDConnectProviderTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: ListOpenIDConnectProviderTags - /?Action=ListOpenIDConnectProviders&Version=2010-05-08: - get: - description:

Lists information about the IAM OpenID Connect (OIDC) provider - resource objects defined in the Amazon Web Services account.

IAM - resource-listing operations return a subset of the available attributes for - the resource. For example, this operation does not return tags, even though - they are an attribute of the returned object. To view all of the information - for an OIDC provider, see GetOpenIDConnectProvider.

 - operationId: GET_ListOpenIDConnectProviders - parameters: [] - responses: - '200': - content: - text/xml: - schema: - properties: - ListOpenIDConnectProvidersResult: - $ref: '#/components/schemas/ListOpenIDConnectProvidersResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListOpenIDConnectProviders - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists information about the IAM OpenID Connect (OIDC) provider - resource objects defined in the Amazon Web Services account.

IAM - resource-listing operations return a subset of the available attributes for - the resource. For example, this operation does not return tags, even though - they are an attribute of the returned object. To view all of the information - for an OIDC provider, see GetOpenIDConnectProvider.

 - operationId: POST_ListOpenIDConnectProviders - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListOpenIDConnectProvidersRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListOpenIDConnectProvidersResult: - $ref: '#/components/schemas/ListOpenIDConnectProvidersResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListOpenIDConnectProviders - /?Action=ListPolicies&Version=2010-05-08: - get: - description:

Lists all the managed policies that are available in your Amazon - Web Services account, including your own customer-defined managed policies - and all Amazon Web Services managed policies.

You can filter the list - of policies that is returned using the optional OnlyAttached, - Scope, and PathPrefix parameters. For example, to - list only the customer managed policies in your Amazon Web Services account, - set Scope to Local. To list only Amazon Web Services - managed policies, set Scope to AWS.

You can - paginate the results using the MaxItems and Marker - parameters.

For more information about managed policies, see Managed - policies and inline policies in the IAM User Guide.

-

IAM resource-listing operations return a subset of the available attributes - for the resource. For example, this operation does not return tags, even though - they are an attribute of the returned object. To view all of the information - for a customer manged policy, see GetPolicy.

 - operationId: GET_ListPolicies - parameters: - - description:

The scope to use for filtering the results.

To list - only Amazon Web Services managed policies, set Scope to AWS. - To list only the customer managed policies in your Amazon Web Services account, - set Scope to Local.

This parameter is optional. - If it is not included, or if it is set to All, all policies - are returned.

- in: query - name: Scope - required: false - schema: - enum: - - All - - AWS - - Local - type: string - - description:

A flag to filter the results to only the attached policies.

-

When OnlyAttached is true, the returned list - contains only the policies that are attached to an IAM user, group, or role. - When OnlyAttached is false, or when the parameter - is not included, all policies are returned.

- in: query - name: OnlyAttached - required: false - schema: - type: boolean - - description: The path prefix for filtering the results. This parameter is - optional. If it is not included, it defaults to a slash (/), listing all - policies. This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters. - in: query - name: PathPrefix - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ - type: string - - description: "

The policy usage method to use for filtering the results.

\ - \

To list only permissions policies, set\_PolicyUsageFilter\_\ - to\_PermissionsPolicy. To list only the policies used to set\ - \ permissions boundaries, set\_the value to\_PermissionsBoundary.

\ - \

This parameter is optional. If it is not included, all policies are\ - \ returned.

" - in: query - name: PolicyUsageFilter - required: false - schema: - description:

The policy usage type that indicates whether the policy - is used as a permissions policy or as the permissions boundary for an - entity.

For more information about permissions boundaries, see - Permissions - boundaries for IAM identities in the IAM User Guide.

- enum: - - PermissionsPolicy - - PermissionsBoundary - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListPoliciesResult: - $ref: '#/components/schemas/ListPoliciesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListPolicies - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists all the managed policies that are available in your Amazon - Web Services account, including your own customer-defined managed policies - and all Amazon Web Services managed policies.

You can filter the list - of policies that is returned using the optional OnlyAttached, - Scope, and PathPrefix parameters. For example, to - list only the customer managed policies in your Amazon Web Services account, - set Scope to Local. To list only Amazon Web Services - managed policies, set Scope to AWS.

You can - paginate the results using the MaxItems and Marker - parameters.

For more information about managed policies, see Managed - policies and inline policies in the IAM User Guide.

-

IAM resource-listing operations return a subset of the available attributes - for the resource. For example, this operation does not return tags, even though - they are an attribute of the returned object. To view all of the information - for a customer manged policy, see GetPolicy.

 - operationId: POST_ListPolicies - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListPoliciesRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListPoliciesResult: - $ref: '#/components/schemas/ListPoliciesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListPolicies - /?Action=ListPoliciesGrantingServiceAccess&Version=2010-05-08: - get: - description: "

Retrieves a list of policies that the IAM identity (user, group,\ - \ or role) can use to access each specified service.

This operation\ - \ does not use other policy types when determining whether a resource could\ - \ access a service. These other policy types include resource-based policies,\ - \ access control lists, Organizations policies, IAM permissions boundaries,\ - \ and STS assume role policies. It only applies permissions policy logic.\ - \ For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

The\ - \ list of policies returned by the operation depends on the ARN of the identity\ - \ that you provide.

  • User \u2013 The list of policies\ - \ includes the managed and inline policies that are attached to the user directly.\ - \ The list also includes any additional managed and inline policies that are\ - \ attached to the group to which the user belongs.

  • Group\ - \ \u2013 The list of policies includes only the managed and inline policies\ - \ that are attached to the group directly. Policies that are attached to the\ - \ group\u2019s user are not included.

  • Role \u2013\ - \ The list of policies includes only the managed and inline policies that\ - \ are attached to the role.

For each managed policy, this\ - \ operation returns the ARN and policy name. For each inline policy, it returns\ - \ the policy name and the entity to which it is attached. Inline policies\ - \ do not have an ARN. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.

\ - \

Policies that are attached to users and roles as permissions boundaries\ - \ are not returned. To view which managed policy is currently used to set\ - \ the permissions boundary for a user or role, use the GetUser or GetRole\ - \ operations.

" - operationId: GET_ListPoliciesGrantingServiceAccess - parameters: - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description: The ARN of the IAM identity (user, group, or role) whose policies - you want to list. - in: query - name: Arn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description: "

The service namespace for the Amazon Web Services services\ - \ whose policies you want to list.

To learn the service namespace\ - \ for a service, see Actions, resources, and condition keys for Amazon Web Services services\ - \ in the IAM User Guide. Choose the name of the service to view details\ - \ for that service. In the first paragraph, find the service prefix. For\ - \ example, (service prefix: a4b). For more information about\ - \ service namespaces, see Amazon Web Services service namespaces in the\_Amazon Web Services\ - \ General Reference.

" - in: query - name: ServiceNamespaces - required: true - schema: - items: - allOf: - - $ref: '#/components/schemas/serviceNamespaceType' - - xml: - name: member - maxItems: 200 - minItems: 1 - type: array - responses: - '200': - content: - text/xml: - schema: - properties: - ListPoliciesGrantingServiceAccessResult: - $ref: '#/components/schemas/ListPoliciesGrantingServiceAccessResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: ListPoliciesGrantingServiceAccess - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: "

Retrieves a list of policies that the IAM identity (user, group,\ - \ or role) can use to access each specified service.

This operation\ - \ does not use other policy types when determining whether a resource could\ - \ access a service. These other policy types include resource-based policies,\ - \ access control lists, Organizations policies, IAM permissions boundaries,\ - \ and STS assume role policies. It only applies permissions policy logic.\ - \ For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

The\ - \ list of policies returned by the operation depends on the ARN of the identity\ - \ that you provide.

  • User \u2013 The list of policies\ - \ includes the managed and inline policies that are attached to the user directly.\ - \ The list also includes any additional managed and inline policies that are\ - \ attached to the group to which the user belongs.

  • Group\ - \ \u2013 The list of policies includes only the managed and inline policies\ - \ that are attached to the group directly. Policies that are attached to the\ - \ group\u2019s user are not included.

  • Role \u2013\ - \ The list of policies includes only the managed and inline policies that\ - \ are attached to the role.

For each managed policy, this\ - \ operation returns the ARN and policy name. For each inline policy, it returns\ - \ the policy name and the entity to which it is attached. Inline policies\ - \ do not have an ARN. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.

\ - \

Policies that are attached to users and roles as permissions boundaries\ - \ are not returned. To view which managed policy is currently used to set\ - \ the permissions boundary for a user or role, use the GetUser or GetRole\ - \ operations.

" - operationId: POST_ListPoliciesGrantingServiceAccess - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListPoliciesGrantingServiceAccessRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListPoliciesGrantingServiceAccessResult: - $ref: '#/components/schemas/ListPoliciesGrantingServiceAccessResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: ListPoliciesGrantingServiceAccess - /?Action=ListPolicyTags&Version=2010-05-08: - get: - description: Lists the tags that are attached to the specified IAM customer - managed policy. The returned list of tags is sorted by tag key. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: GET_ListPolicyTags - parameters: - - description: '

The ARN of the IAM customer managed policy whose tags you - want to see.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListPolicyTagsResult: - $ref: '#/components/schemas/ListPolicyTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: ListPolicyTags - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Lists the tags that are attached to the specified IAM customer - managed policy. The returned list of tags is sorted by tag key. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: POST_ListPolicyTags - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListPolicyTagsRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListPolicyTagsResult: - $ref: '#/components/schemas/ListPolicyTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: ListPolicyTags - /?Action=ListPolicyVersions&Version=2010-05-08: - get: - description:

Lists information about the versions of the specified managed - policy, including the version that is currently set as the policy's default - version.

For more information about managed policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: GET_ListPolicyVersions - parameters: - - description:

The Amazon Resource Name (ARN) of the IAM policy for which - you want the versions.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListPolicyVersionsResult: - $ref: '#/components/schemas/ListPolicyVersionsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListPolicyVersions - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists information about the versions of the specified managed - policy, including the version that is currently set as the policy's default - version.

For more information about managed policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: POST_ListPolicyVersions - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListPolicyVersionsRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListPolicyVersionsResult: - $ref: '#/components/schemas/ListPolicyVersionsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListPolicyVersions - /?Action=ListRolePolicies&Version=2010-05-08: - get: - description:

Lists the names of the inline policies that are embedded in - the specified IAM role.

An IAM role can also have managed policies - attached to it. To list the managed policies that are attached to a role, - use ListAttachedRolePolicies. For more information about policies, - see Managed - policies and inline policies in the IAM User Guide.

You - can paginate the results using the MaxItems and Marker - parameters. If there are no inline policies embedded with the specified role, - the operation returns an empty list.

- operationId: GET_ListRolePolicies - parameters: - - description: '

The name of the role to list policies for.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListRolePoliciesResult: - $ref: '#/components/schemas/ListRolePoliciesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListRolePolicies - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the names of the inline policies that are embedded in - the specified IAM role.

An IAM role can also have managed policies - attached to it. To list the managed policies that are attached to a role, - use ListAttachedRolePolicies. For more information about policies, - see Managed - policies and inline policies in the IAM User Guide.

You - can paginate the results using the MaxItems and Marker - parameters. If there are no inline policies embedded with the specified role, - the operation returns an empty list.

- operationId: POST_ListRolePolicies - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListRolePoliciesRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListRolePoliciesResult: - $ref: '#/components/schemas/ListRolePoliciesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListRolePolicies - /?Action=ListRoleTags&Version=2010-05-08: - get: - description: Lists the tags that are attached to the specified role. The returned - list of tags is sorted by tag key. For more information about tagging, see - Tagging - IAM resources in the IAM User Guide. - operationId: GET_ListRoleTags - parameters: - - description: '

The name of the IAM role for which you want to see the list - of tags.

This parameter accepts (through its regex - pattern) a string of characters that consist of upper and lowercase - alphanumeric characters with no spaces. You can also include any of the - following characters: _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListRoleTagsResult: - $ref: '#/components/schemas/ListRoleTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListRoleTags - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Lists the tags that are attached to the specified role. The returned - list of tags is sorted by tag key. For more information about tagging, see - Tagging - IAM resources in the IAM User Guide. - operationId: POST_ListRoleTags - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListRoleTagsRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListRoleTagsResult: - $ref: '#/components/schemas/ListRoleTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListRoleTags - /?Action=ListRoles&Version=2010-05-08: - get: - description:

Lists the IAM roles that have the specified path prefix. If - there are none, the operation returns an empty list. For more information - about roles, see Working - with roles.

IAM resource-listing operations return a subset - of the available attributes for the resource. For example, this operation - does not return tags, even though they are an attribute of the returned object. - To view all of the information for a role, see GetRole.

 -

You can paginate the results using the MaxItems and Marker - parameters.

- operationId: GET_ListRoles - parameters: - - description:

The path prefix for filtering the results. For example, the - prefix /application_abc/component_xyz/ gets all roles whose - path starts with /application_abc/component_xyz/.

This - parameter is optional. If it is not included, it defaults to a slash (/), - listing all roles. This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- in: query - name: PathPrefix - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: \u002F[\u0021-\u007F]* - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListRolesResult: - $ref: '#/components/schemas/ListRolesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListRoles - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the IAM roles that have the specified path prefix. If - there are none, the operation returns an empty list. For more information - about roles, see Working - with roles.

IAM resource-listing operations return a subset - of the available attributes for the resource. For example, this operation - does not return tags, even though they are an attribute of the returned object. - To view all of the information for a role, see GetRole.

 -

You can paginate the results using the MaxItems and Marker - parameters.

- operationId: POST_ListRoles - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListRolesRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListRolesResult: - $ref: '#/components/schemas/ListRolesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListRoles - /?Action=ListSAMLProviderTags&Version=2010-05-08: - get: - description:

Lists the tags that are attached to the specified Security Assertion - Markup Language (SAML) identity provider. The returned list of tags is sorted - by tag key. For more information, see About - SAML 2.0-based federation.

For more information about tagging, - see Tagging - IAM resources in the IAM User Guide.

- operationId: GET_ListSAMLProviderTags - parameters: - - description: '

The ARN of the Security Assertion Markup Language (SAML) - identity provider whose tags you want to see.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: SAMLProviderArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListSAMLProviderTagsResult: - $ref: '#/components/schemas/ListSAMLProviderTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: ListSAMLProviderTags - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the tags that are attached to the specified Security Assertion - Markup Language (SAML) identity provider. The returned list of tags is sorted - by tag key. For more information, see About - SAML 2.0-based federation.

For more information about tagging, - see Tagging - IAM resources in the IAM User Guide.

- operationId: POST_ListSAMLProviderTags - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListSAMLProviderTagsRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListSAMLProviderTagsResult: - $ref: '#/components/schemas/ListSAMLProviderTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - x-aws-operation-name: ListSAMLProviderTags - /?Action=ListSAMLProviders&Version=2010-05-08: - get: - description:

Lists the SAML provider resource objects defined in IAM in the - account. IAM resource-listing operations return a subset of the available - attributes for the resource. For example, this operation does not return tags, - even though they are an attribute of the returned object. To view all of the - information for a SAML provider, see GetSAMLProvider.

-

This operation requires Signature - Version 4.

 - operationId: GET_ListSAMLProviders - parameters: [] - responses: - '200': - content: - text/xml: - schema: - properties: - ListSAMLProvidersResult: - $ref: '#/components/schemas/ListSAMLProvidersResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListSAMLProviders - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the SAML provider resource objects defined in IAM in the - account. IAM resource-listing operations return a subset of the available - attributes for the resource. For example, this operation does not return tags, - even though they are an attribute of the returned object. To view all of the - information for a SAML provider, see GetSAMLProvider.

-

This operation requires Signature - Version 4.

 - operationId: POST_ListSAMLProviders - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListSAMLProvidersRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListSAMLProvidersResult: - $ref: '#/components/schemas/ListSAMLProvidersResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListSAMLProviders - /?Action=ListSSHPublicKeys&Version=2010-05-08: - get: - description:

Returns information about the SSH public keys associated with - the specified IAM user. If none exists, the operation returns an empty list.

-

The SSH public keys returned by this operation are used only for authenticating - the IAM user to an CodeCommit repository. For more information about using - SSH keys to authenticate to an CodeCommit repository, see Set - up CodeCommit for SSH connections in the CodeCommit User Guide.

-

Although each user is limited to a small number of keys, you can still - paginate the results using the MaxItems and Marker - parameters.

- operationId: GET_ListSSHPublicKeys - parameters: - - description: '

The name of the IAM user to list SSH public keys for. If - none is specified, the UserName field is determined implicitly - based on the Amazon Web Services access key used to sign the request.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: false - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListSSHPublicKeysResult: - $ref: '#/components/schemas/ListSSHPublicKeysResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: ListSSHPublicKeys - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Returns information about the SSH public keys associated with - the specified IAM user. If none exists, the operation returns an empty list.

-

The SSH public keys returned by this operation are used only for authenticating - the IAM user to an CodeCommit repository. For more information about using - SSH keys to authenticate to an CodeCommit repository, see Set - up CodeCommit for SSH connections in the CodeCommit User Guide.

-

Although each user is limited to a small number of keys, you can still - paginate the results using the MaxItems and Marker - parameters.

- operationId: POST_ListSSHPublicKeys - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListSSHPublicKeysRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListSSHPublicKeysResult: - $ref: '#/components/schemas/ListSSHPublicKeysResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: ListSSHPublicKeys - /?Action=ListServerCertificateTags&Version=2010-05-08: - get: - description:

Lists the tags that are attached to the specified IAM server - certificate. The returned list of tags is sorted by tag key. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide.

For certificates - in a Region supported by Certificate Manager (ACM), we recommend that you - don't use IAM server certificates. Instead, use ACM to provision, manage, - and deploy your server certificates. For more information about IAM server - certificates, Working - with server certificates in the IAM User Guide.

 - operationId: GET_ListServerCertificateTags - parameters: - - description: '

The name of the IAM server certificate whose tags you want - to see.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: ServerCertificateName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListServerCertificateTagsResult: - $ref: '#/components/schemas/ListServerCertificateTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListServerCertificateTags - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the tags that are attached to the specified IAM server - certificate. The returned list of tags is sorted by tag key. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide.

For certificates - in a Region supported by Certificate Manager (ACM), we recommend that you - don't use IAM server certificates. Instead, use ACM to provision, manage, - and deploy your server certificates. For more information about IAM server - certificates, Working - with server certificates in the IAM User Guide.

 - operationId: POST_ListServerCertificateTags - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListServerCertificateTagsRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListServerCertificateTagsResult: - $ref: '#/components/schemas/ListServerCertificateTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListServerCertificateTags - /?Action=ListServerCertificates&Version=2010-05-08: - get: - description:

Lists the server certificates stored in IAM that have the specified - path prefix. If none exist, the operation returns an empty list.

You - can paginate the results using the MaxItems and Marker - parameters.

For more information about working with server certificates, - see Working - with server certificates in the IAM User Guide. This topic also - includes a list of Amazon Web Services services that can use the server certificates - that you manage with IAM.

IAM resource-listing operations return - a subset of the available attributes for the resource. For example, this operation - does not return tags, even though they are an attribute of the returned object. - To view all of the information for a servercertificate, see GetServerCertificate.

- - operationId: GET_ListServerCertificates - parameters: - - description: '

The path prefix for filtering the results. For example: - /company/servercerts would get all server certificates for - which the path starts with /company/servercerts.

This - parameter is optional. If it is not included, it defaults to a slash (/), - listing all server certificates. This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

' - in: query - name: PathPrefix - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: \u002F[\u0021-\u007F]* - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListServerCertificatesResult: - $ref: '#/components/schemas/ListServerCertificatesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListServerCertificates - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the server certificates stored in IAM that have the specified - path prefix. If none exist, the operation returns an empty list.

You - can paginate the results using the MaxItems and Marker - parameters.

For more information about working with server certificates, - see Working - with server certificates in the IAM User Guide. This topic also - includes a list of Amazon Web Services services that can use the server certificates - that you manage with IAM.

IAM resource-listing operations return - a subset of the available attributes for the resource. For example, this operation - does not return tags, even though they are an attribute of the returned object. - To view all of the information for a servercertificate, see GetServerCertificate.

- - operationId: POST_ListServerCertificates - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListServerCertificatesRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListServerCertificatesResult: - $ref: '#/components/schemas/ListServerCertificatesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListServerCertificates - /?Action=ListServiceSpecificCredentials&Version=2010-05-08: - get: - description: Returns information about the service-specific credentials associated - with the specified IAM user. If none exists, the operation returns an empty - list. The service-specific credentials returned by this operation are used - only for authenticating the IAM user to a specific service. For more information - about using service-specific credentials to authenticate to an Amazon Web - Services service, see Set - up service-specific credentials in the CodeCommit User Guide. - operationId: GET_ListServiceSpecificCredentials - parameters: - - description: '

The name of the user whose service-specific credentials you - want information about. If this value is not specified, then the operation - assumes the user whose credentials are used to call the operation.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: false - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: Filters the returned results to only those for the specified - Amazon Web Services service. If not specified, then Amazon Web Services - returns service-specific credentials for all services. - in: query - name: ServiceName - required: false - schema: - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - ListServiceSpecificCredentialsResult: - $ref: '#/components/schemas/ListServiceSpecificCredentialsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceNotSupportedException' - description: ServiceNotSupportedException - x-aws-operation-name: ListServiceSpecificCredentials - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Returns information about the service-specific credentials associated - with the specified IAM user. If none exists, the operation returns an empty - list. The service-specific credentials returned by this operation are used - only for authenticating the IAM user to a specific service. For more information - about using service-specific credentials to authenticate to an Amazon Web - Services service, see Set - up service-specific credentials in the CodeCommit User Guide. - operationId: POST_ListServiceSpecificCredentials - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListServiceSpecificCredentialsRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListServiceSpecificCredentialsResult: - $ref: '#/components/schemas/ListServiceSpecificCredentialsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceNotSupportedException' - description: ServiceNotSupportedException - x-aws-operation-name: ListServiceSpecificCredentials - /?Action=ListSigningCertificates&Version=2010-05-08: - get: - description:

Returns information about the signing certificates associated - with the specified IAM user. If none exists, the operation returns an empty - list.

Although each user is limited to a small number of signing certificates, - you can still paginate the results using the MaxItems and Marker - parameters.

If the UserName field is not specified, the - user name is determined implicitly based on the Amazon Web Services access - key ID used to sign the request for this operation. This operation works for - access keys under the Amazon Web Services account. Consequently, you can use - this operation to manage Amazon Web Services account root user credentials - even if the Amazon Web Services account has no associated users.

- operationId: GET_ListSigningCertificates - parameters: - - description: '

The name of the IAM user whose signing certificates you want - to examine.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: false - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListSigningCertificatesResult: - $ref: '#/components/schemas/ListSigningCertificatesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListSigningCertificates - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Returns information about the signing certificates associated - with the specified IAM user. If none exists, the operation returns an empty - list.

Although each user is limited to a small number of signing certificates, - you can still paginate the results using the MaxItems and Marker - parameters.

If the UserName field is not specified, the - user name is determined implicitly based on the Amazon Web Services access - key ID used to sign the request for this operation. This operation works for - access keys under the Amazon Web Services account. Consequently, you can use - this operation to manage Amazon Web Services account root user credentials - even if the Amazon Web Services account has no associated users.

- operationId: POST_ListSigningCertificates - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListSigningCertificatesRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListSigningCertificatesResult: - $ref: '#/components/schemas/ListSigningCertificatesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListSigningCertificates - /?Action=ListUserPolicies&Version=2010-05-08: - get: - description:

Lists the names of the inline policies embedded in the specified - IAM user.

An IAM user can also have managed policies attached to it. - To list the managed policies that are attached to a user, use ListAttachedUserPolicies. - For more information about policies, see Managed - policies and inline policies in the IAM User Guide.

You - can paginate the results using the MaxItems and Marker - parameters. If there are no inline policies embedded with the specified user, - the operation returns an empty list.

- operationId: GET_ListUserPolicies - parameters: - - description: '

The name of the user to list policies for.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListUserPoliciesResult: - $ref: '#/components/schemas/ListUserPoliciesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListUserPolicies - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the names of the inline policies embedded in the specified - IAM user.

An IAM user can also have managed policies attached to it. - To list the managed policies that are attached to a user, use ListAttachedUserPolicies. - For more information about policies, see Managed - policies and inline policies in the IAM User Guide.

You - can paginate the results using the MaxItems and Marker - parameters. If there are no inline policies embedded with the specified user, - the operation returns an empty list.

- operationId: POST_ListUserPolicies - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListUserPoliciesRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListUserPoliciesResult: - $ref: '#/components/schemas/ListUserPoliciesResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListUserPolicies - /?Action=ListUserTags&Version=2010-05-08: - get: - description: Lists the tags that are attached to the specified IAM user. The - returned list of tags is sorted by tag key. For more information about tagging, - see Tagging - IAM resources in the IAM User Guide. - operationId: GET_ListUserTags - parameters: - - description: '

The name of the IAM user whose tags you want to see.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListUserTagsResult: - $ref: '#/components/schemas/ListUserTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListUserTags - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Lists the tags that are attached to the specified IAM user. The - returned list of tags is sorted by tag key. For more information about tagging, - see Tagging - IAM resources in the IAM User Guide. - operationId: POST_ListUserTags - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListUserTagsRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListUserTagsResult: - $ref: '#/components/schemas/ListUserTagsResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListUserTags - /?Action=ListUsers&Version=2010-05-08: - get: - description:

Lists the IAM users that have the specified path prefix. If - no path prefix is specified, the operation returns all users in the Amazon - Web Services account. If there are none, the operation returns an empty list.

-

IAM resource-listing operations return a subset of the available - attributes for the resource. For example, this operation does not return tags, - even though they are an attribute of the returned object. To view all of the - information for a user, see GetUser.

You can paginate - the results using the MaxItems and Marker parameters.

- operationId: GET_ListUsers - parameters: - - description: '

The path prefix for filtering the results. For example: - /division_abc/subdivision_xyz/, which would get all user names - whose path starts with /division_abc/subdivision_xyz/.

-

This parameter is optional. If it is not included, it defaults to a slash - (/), listing all user names. This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

' - in: query - name: PathPrefix - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: \u002F[\u0021-\u007F]* - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListUsersResult: - $ref: '#/components/schemas/ListUsersResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListUsers - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the IAM users that have the specified path prefix. If - no path prefix is specified, the operation returns all users in the Amazon - Web Services account. If there are none, the operation returns an empty list.

-

IAM resource-listing operations return a subset of the available - attributes for the resource. For example, this operation does not return tags, - even though they are an attribute of the returned object. To view all of the - information for a user, see GetUser.

You can paginate - the results using the MaxItems and Marker parameters.

- operationId: POST_ListUsers - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListUsersRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListUsersResult: - $ref: '#/components/schemas/ListUsersResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ListUsers - /?Action=ListVirtualMFADevices&Version=2010-05-08: - get: - description:

Lists the virtual MFA devices defined in the Amazon Web Services - account by assignment status. If you do not specify an assignment status, - the operation returns a list of all virtual MFA devices. Assignment status - can be Assigned, Unassigned, or Any.

-

IAM resource-listing operations return a subset of the available - attributes for the resource. For example, this operation does not return tags, - even though they are an attribute of the returned object. To view tag information - for a virtual MFA device, see ListMFADeviceTags.

You - can paginate the results using the MaxItems and Marker - parameters.

- operationId: GET_ListVirtualMFADevices - parameters: - - description: ' The status (Unassigned or Assigned) - of the devices to list. If you do not specify an AssignmentStatus, - the operation defaults to Any, which lists both assigned and - unassigned virtual MFA devices.,' - in: query - name: AssignmentStatus - required: false - schema: - enum: - - Assigned - - Unassigned - - Any - type: string - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - ListVirtualMFADevicesResult: - $ref: '#/components/schemas/ListVirtualMFADevicesResponse' - type: object - description: Success - x-aws-operation-name: ListVirtualMFADevices - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Lists the virtual MFA devices defined in the Amazon Web Services - account by assignment status. If you do not specify an assignment status, - the operation returns a list of all virtual MFA devices. Assignment status - can be Assigned, Unassigned, or Any.

-

IAM resource-listing operations return a subset of the available - attributes for the resource. For example, this operation does not return tags, - even though they are an attribute of the returned object. To view tag information - for a virtual MFA device, see ListMFADeviceTags.

You - can paginate the results using the MaxItems and Marker - parameters.

- operationId: POST_ListVirtualMFADevices - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ListVirtualMFADevicesRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ListVirtualMFADevicesResult: - $ref: '#/components/schemas/ListVirtualMFADevicesResponse' - type: object - description: Success - x-aws-operation-name: ListVirtualMFADevices - /?Action=PutGroupPolicy&Version=2010-05-08: - get: - description:

Adds or updates an inline policy document that is embedded in - the specified IAM group.

A user can also have managed policies attached - to it. To attach a managed policy to a group, use AttachGroupPolicy. - To create a new managed policy, use CreatePolicy. For information about - policies, see Managed - policies and inline policies in the IAM User Guide.

For - information about the maximum number of inline policies that you can embed - in a group, see IAM - and STS quotas in the IAM User Guide.

Because policy - documents can be large, you should use POST rather than GET when calling PutGroupPolicy. - For general information about using the Query API with IAM, see Making - query requests in the IAM User Guide.

 - operationId: GET_PutGroupPolicy - parameters: - - description: '

The name of the group to associate the policy with.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-.

' - in: query - name: GroupName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

The name of the policy document.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: PolicyName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The policy document.

You must provide policies in JSON - format in IAM. However, for CloudFormation templates formatted in YAML, - you can provide the policy in JSON or YAML format. CloudFormation always - converts a YAML policy to JSON format before submitting it to = IAM.

-

The regex pattern used - to validate this parameter is a string of characters consisting of the following:

-

  • Any printable ASCII character ranging from the space character - (\u0020) through the end of the ASCII character range

    • -

  • The printable characters in the Basic Latin and Latin-1 Supplement - character set (through \u00FF)

  • The special - characters tab (\u0009), line feed (\u000A), and - carriage return (\u000D)

- in: query - name: PolicyDocument - required: true - schema: - maxLength: 131072 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: PutGroupPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Adds or updates an inline policy document that is embedded in - the specified IAM group.

A user can also have managed policies attached - to it. To attach a managed policy to a group, use AttachGroupPolicy. - To create a new managed policy, use CreatePolicy. For information about - policies, see Managed - policies and inline policies in the IAM User Guide.

For - information about the maximum number of inline policies that you can embed - in a group, see IAM - and STS quotas in the IAM User Guide.

Because policy - documents can be large, you should use POST rather than GET when calling PutGroupPolicy. - For general information about using the Query API with IAM, see Making - query requests in the IAM User Guide.

 - operationId: POST_PutGroupPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/PutGroupPolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: PutGroupPolicy - /?Action=PutRolePermissionsBoundary&Version=2010-05-08: - get: - description:

Adds or updates the policy that is specified as the IAM role's - permissions boundary. You can use an Amazon Web Services managed policy or - a customer managed policy to set the boundary for a role. Use the boundary - to control the maximum permissions that the role can have. Setting a permissions - boundary is an advanced feature that can affect the permissions for the role.

-

You cannot set the boundary for a service-linked role.

-

Policies used as permissions boundaries do not provide permissions. You - must also attach a permissions policy to the role. To learn how the effective - permissions for a role are evaluated, see IAM - JSON policy evaluation logic in the IAM User Guide.

- operationId: GET_PutRolePermissionsBoundary - parameters: - - description: The name (friendly name, not ARN) of the IAM role for which you - want to set the permissions boundary. - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: The ARN of the policy that is used to set the permissions boundary - for the role. - in: query - name: PermissionsBoundary - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/PolicyNotAttachableException' - description: PolicyNotAttachableException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: PutRolePermissionsBoundary - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Adds or updates the policy that is specified as the IAM role's - permissions boundary. You can use an Amazon Web Services managed policy or - a customer managed policy to set the boundary for a role. Use the boundary - to control the maximum permissions that the role can have. Setting a permissions - boundary is an advanced feature that can affect the permissions for the role.

-

You cannot set the boundary for a service-linked role.

-

Policies used as permissions boundaries do not provide permissions. You - must also attach a permissions policy to the role. To learn how the effective - permissions for a role are evaluated, see IAM - JSON policy evaluation logic in the IAM User Guide.

- operationId: POST_PutRolePermissionsBoundary - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/PutRolePermissionsBoundaryRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/PolicyNotAttachableException' - description: PolicyNotAttachableException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: PutRolePermissionsBoundary - /?Action=PutRolePolicy&Version=2010-05-08: - get: - description:

Adds or updates an inline policy document that is embedded in - the specified IAM role.

When you embed an inline policy in a role, - the inline policy is used as part of the role's access (permissions) policy. - The role's trust policy is created at the same time as the role, using CreateRole. - You can update a role's trust policy using UpdateAssumeRolePolicy. - For more information about IAM roles, see Using - roles to delegate permissions and federate identities.

A role can - also have a managed policy attached to it. To attach a managed policy to a - role, use AttachRolePolicy. To create a new managed policy, use CreatePolicy. - For information about policies, see Managed - policies and inline policies in the IAM User Guide.

For - information about the maximum number of inline policies that you can embed - with a role, see IAM - and STS quotas in the IAM User Guide.

Because policy - documents can be large, you should use POST rather than GET when calling PutRolePolicy. - For general information about using the Query API with IAM, see Making - query requests in the IAM User Guide.

 - operationId: GET_PutRolePolicy - parameters: - - description: '

The name of the role to associate the policy with.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

The name of the policy document.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: PolicyName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The policy document.

You must provide policies in JSON - format in IAM. However, for CloudFormation templates formatted in YAML, - you can provide the policy in JSON or YAML format. CloudFormation always - converts a YAML policy to JSON format before submitting it to IAM.

The - regex pattern used to validate - this parameter is a string of characters consisting of the following:

-

  • Any printable ASCII character ranging from the space character - (\u0020) through the end of the ASCII character range

    • -

  • The printable characters in the Basic Latin and Latin-1 Supplement - character set (through \u00FF)

  • The special - characters tab (\u0009), line feed (\u000A), and - carriage return (\u000D)

- in: query - name: PolicyDocument - required: true - schema: - maxLength: 131072 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: PutRolePolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Adds or updates an inline policy document that is embedded in - the specified IAM role.

When you embed an inline policy in a role, - the inline policy is used as part of the role's access (permissions) policy. - The role's trust policy is created at the same time as the role, using CreateRole. - You can update a role's trust policy using UpdateAssumeRolePolicy. - For more information about IAM roles, see Using - roles to delegate permissions and federate identities.

A role can - also have a managed policy attached to it. To attach a managed policy to a - role, use AttachRolePolicy. To create a new managed policy, use CreatePolicy. - For information about policies, see Managed - policies and inline policies in the IAM User Guide.

For - information about the maximum number of inline policies that you can embed - with a role, see IAM - and STS quotas in the IAM User Guide.

Because policy - documents can be large, you should use POST rather than GET when calling PutRolePolicy. - For general information about using the Query API with IAM, see Making - query requests in the IAM User Guide.

 - operationId: POST_PutRolePolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/PutRolePolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: PutRolePolicy - /?Action=PutUserPermissionsBoundary&Version=2010-05-08: - get: - description:

Adds or updates the policy that is specified as the IAM user's - permissions boundary. You can use an Amazon Web Services managed policy or - a customer managed policy to set the boundary for a user. Use the boundary - to control the maximum permissions that the user can have. Setting a permissions - boundary is an advanced feature that can affect the permissions for the user.

-

Policies that are used as permissions boundaries do not provide - permissions. You must also attach a permissions policy to the user. To learn - how the effective permissions for a user are evaluated, see IAM - JSON policy evaluation logic in the IAM User Guide.

- operationId: GET_PutUserPermissionsBoundary - parameters: - - description: The name (friendly name, not ARN) of the IAM user for which you - want to set the permissions boundary. - in: query - name: UserName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: The ARN of the policy that is used to set the permissions boundary - for the user. - in: query - name: PermissionsBoundary - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/PolicyNotAttachableException' - description: PolicyNotAttachableException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: PutUserPermissionsBoundary - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Adds or updates the policy that is specified as the IAM user's - permissions boundary. You can use an Amazon Web Services managed policy or - a customer managed policy to set the boundary for a user. Use the boundary - to control the maximum permissions that the user can have. Setting a permissions - boundary is an advanced feature that can affect the permissions for the user.

-

Policies that are used as permissions boundaries do not provide - permissions. You must also attach a permissions policy to the user. To learn - how the effective permissions for a user are evaluated, see IAM - JSON policy evaluation logic in the IAM User Guide.

- operationId: POST_PutUserPermissionsBoundary - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/PutUserPermissionsBoundaryRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/PolicyNotAttachableException' - description: PolicyNotAttachableException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: PutUserPermissionsBoundary - /?Action=PutUserPolicy&Version=2010-05-08: - get: - description:

Adds or updates an inline policy document that is embedded in - the specified IAM user.

An IAM user can also have a managed policy - attached to it. To attach a managed policy to a user, use AttachUserPolicy. - To create a new managed policy, use CreatePolicy. For information about - policies, see Managed - policies and inline policies in the IAM User Guide.

For - information about the maximum number of inline policies that you can embed - in a user, see IAM - and STS quotas in the IAM User Guide.

Because policy - documents can be large, you should use POST rather than GET when calling PutUserPolicy. - For general information about using the Query API with IAM, see Making - query requests in the IAM User Guide.

 - operationId: GET_PutUserPolicy - parameters: - - description: '

The name of the user to associate the policy with.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

The name of the policy document.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: PolicyName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The policy document.

You must provide policies in JSON - format in IAM. However, for CloudFormation templates formatted in YAML, - you can provide the policy in JSON or YAML format. CloudFormation always - converts a YAML policy to JSON format before submitting it to IAM.

The - regex pattern used to validate - this parameter is a string of characters consisting of the following:

-

  • Any printable ASCII character ranging from the space character - (\u0020) through the end of the ASCII character range

    • -

  • The printable characters in the Basic Latin and Latin-1 Supplement - character set (through \u00FF)

  • The special - characters tab (\u0009), line feed (\u000A), and - carriage return (\u000D)

- in: query - name: PolicyDocument - required: true - schema: - maxLength: 131072 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: PutUserPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Adds or updates an inline policy document that is embedded in - the specified IAM user.

An IAM user can also have a managed policy - attached to it. To attach a managed policy to a user, use AttachUserPolicy. - To create a new managed policy, use CreatePolicy. For information about - policies, see Managed - policies and inline policies in the IAM User Guide.

For - information about the maximum number of inline policies that you can embed - in a user, see IAM - and STS quotas in the IAM User Guide.

Because policy - documents can be large, you should use POST rather than GET when calling PutUserPolicy. - For general information about using the Query API with IAM, see Making - query requests in the IAM User Guide.

 - operationId: POST_PutUserPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/PutUserPolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: PutUserPolicy - /?Action=RemoveClientIDFromOpenIDConnectProvider&Version=2010-05-08: - get: - description:

Removes the specified client ID (also known as audience) from - the list of client IDs registered for the specified IAM OpenID Connect (OIDC) - provider resource object.

This operation is idempotent; it does not - fail or return an error if you try to remove a client ID that does not exist.

- operationId: GET_RemoveClientIDFromOpenIDConnectProvider - parameters: - - description:

The Amazon Resource Name (ARN) of the IAM OIDC provider resource - to remove the client ID from. You can get a list of OIDC provider ARNs by - using the ListOpenIDConnectProviders operation.

For more information - about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: OpenIDConnectProviderArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description: The client ID (also known as audience) to remove from the IAM - OIDC provider resource. For more information about client IDs, see CreateOpenIDConnectProvider. - in: query - name: ClientID - required: true - schema: - maxLength: 255 - minLength: 1 - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: RemoveClientIDFromOpenIDConnectProvider - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Removes the specified client ID (also known as audience) from - the list of client IDs registered for the specified IAM OpenID Connect (OIDC) - provider resource object.

This operation is idempotent; it does not - fail or return an error if you try to remove a client ID that does not exist.

- operationId: POST_RemoveClientIDFromOpenIDConnectProvider - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RemoveClientIDFromOpenIDConnectProviderRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: RemoveClientIDFromOpenIDConnectProvider - /?Action=RemoveRoleFromInstanceProfile&Version=2010-05-08: - get: - description:

Removes the specified IAM role from the specified EC2 instance - profile.

Make sure that you do not have any Amazon EC2 - instances running with the role you are about to remove from the instance - profile. Removing a role from an instance profile that is associated with - a running instance might break any applications running on the instance.

-

For more information about IAM roles, see Working - with roles. For more information about instance profiles, see About - instance profiles.

- operationId: GET_RemoveRoleFromInstanceProfile - parameters: - - description: '

The name of the instance profile to update.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: InstanceProfileName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

The name of the role to remove.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: RemoveRoleFromInstanceProfile - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Removes the specified IAM role from the specified EC2 instance - profile.

Make sure that you do not have any Amazon EC2 - instances running with the role you are about to remove from the instance - profile. Removing a role from an instance profile that is associated with - a running instance might break any applications running on the instance.

-

For more information about IAM roles, see Working - with roles. For more information about instance profiles, see About - instance profiles.

- operationId: POST_RemoveRoleFromInstanceProfile - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RemoveRoleFromInstanceProfileRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: RemoveRoleFromInstanceProfile - /?Action=RemoveUserFromGroup&Version=2010-05-08: - get: - description: Removes the specified user from the specified group. - operationId: GET_RemoveUserFromGroup - parameters: - - description: '

The name of the group to update.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: GroupName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

The name of the user to remove.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: RemoveUserFromGroup - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Removes the specified user from the specified group. - operationId: POST_RemoveUserFromGroup - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/RemoveUserFromGroupRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: RemoveUserFromGroup - /?Action=ResetServiceSpecificCredential&Version=2010-05-08: - get: - description: Resets the password for a service-specific credential. The new - password is Amazon Web Services generated and cryptographically strong. It - cannot be configured by the user. Resetting the password immediately invalidates - the previous password associated with this user. - operationId: GET_ResetServiceSpecificCredential - parameters: - - description: '

The name of the IAM user associated with the service-specific - credential. If this value is not specified, then the operation assumes the - user whose credentials are used to call the operation.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: UserName - required: false - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The unique identifier of the service-specific credential.

-

This parameter allows (through its regex - pattern) a string of characters that can consist of any upper or lowercased - letter or digit.

- in: query - name: ServiceSpecificCredentialId - required: true - schema: - maxLength: 128 - minLength: 20 - pattern: '[\w]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - ResetServiceSpecificCredentialResult: - $ref: '#/components/schemas/ResetServiceSpecificCredentialResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: ResetServiceSpecificCredential - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Resets the password for a service-specific credential. The new - password is Amazon Web Services generated and cryptographically strong. It - cannot be configured by the user. Resetting the password immediately invalidates - the previous password associated with this user. - operationId: POST_ResetServiceSpecificCredential - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ResetServiceSpecificCredentialRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - ResetServiceSpecificCredentialResult: - $ref: '#/components/schemas/ResetServiceSpecificCredentialResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: ResetServiceSpecificCredential - /?Action=ResyncMFADevice&Version=2010-05-08: - get: - description:

Synchronizes the specified MFA device with its IAM resource - object on the Amazon Web Services servers.

For more information about - creating and working with virtual MFA devices, see Using - a virtual MFA device in the IAM User Guide.

- operationId: GET_ResyncMFADevice - parameters: - - description: '

The name of the user whose MFA device you want to resynchronize.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: '

Serial number that uniquely identifies the MFA device.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: SerialNumber - required: true - schema: - maxLength: 256 - minLength: 9 - pattern: '[\w+=/:,.@-]+' - type: string - - description:

An authentication code emitted by the device.

The format - for this parameter is a sequence of six digits.

- in: query - name: AuthenticationCode1 - required: true - schema: - maxLength: 6 - minLength: 6 - pattern: '[\d]+' - type: string - - description:

A subsequent authentication code emitted by the device.

-

The format for this parameter is a sequence of six digits.

- in: query - name: AuthenticationCode2 - required: true - schema: - maxLength: 6 - minLength: 6 - pattern: '[\d]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidAuthenticationCodeException' - description: InvalidAuthenticationCodeException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ResyncMFADevice - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Synchronizes the specified MFA device with its IAM resource - object on the Amazon Web Services servers.

For more information about - creating and working with virtual MFA devices, see Using - a virtual MFA device in the IAM User Guide.

- operationId: POST_ResyncMFADevice - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/ResyncMFADeviceRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidAuthenticationCodeException' - description: InvalidAuthenticationCodeException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: ResyncMFADevice - /?Action=SetDefaultPolicyVersion&Version=2010-05-08: - get: - description:

Sets the specified version of the specified policy as the policy's - default (operative) version.

This operation affects all users, groups, - and roles that the policy is attached to. To list the users, groups, and roles - that the policy is attached to, use ListEntitiesForPolicy.

For - information about managed policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: GET_SetDefaultPolicyVersion - parameters: - - description:

The Amazon Resource Name (ARN) of the IAM policy whose default - version you want to set.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description:

The version of the policy to set as the default (operative) - version.

For more information about managed policy versions, see - Versioning - for managed policies in the IAM User Guide.

- in: query - name: VersionId - required: true - schema: - pattern: v[1-9][0-9]*(\.[A-Za-z0-9-]*)? +openapi: 3.0.0 +info: + title: IAM + version: 1.0.0 +paths: {} +components: + schemas: + Policy: + description: |- + Contains information about an attached policy. + An attached policy is a managed policy that has been attached to a user, group, or role. + For more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*. + type: object + additionalProperties: false + properties: + PolicyDocument: + description: The entire contents of the policy that defines permissions. For more information, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). + type: object + PolicyName: + description: The friendly name (not ARN) identifying the policy. type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: SetDefaultPolicyVersion - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Sets the specified version of the specified policy as the policy's - default (operative) version.

This operation affects all users, groups, - and roles that the policy is attached to. To list the users, groups, and roles - that the policy is attached to, use ListEntitiesForPolicy.

For - information about managed policies, see Managed - policies and inline policies in the IAM User Guide.

- operationId: POST_SetDefaultPolicyVersion - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/SetDefaultPolicyVersionRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: SetDefaultPolicyVersion - /?Action=SetSecurityTokenServicePreferences&Version=2010-05-08: - get: - description:

Sets the specified version of the global endpoint token as the - token version used for the Amazon Web Services account.

By default, - Security Token Service (STS) is available as a global service, and all STS - requests go to a single endpoint at https://sts.amazonaws.com. - Amazon Web Services recommends using Regional STS endpoints to reduce latency, - build in redundancy, and increase session token availability. For information - about Regional endpoints for STS, see Security - Token Service endpoints and quotas in the Amazon Web Services General - Reference.

If you make an STS call to the global endpoint, the - resulting session tokens might be valid in some Regions but not others. It - depends on the version that is set in this operation. Version 1 tokens are - valid only in Amazon Web Services Regions that are available by default. These - tokens do not work in manually enabled Regions, such as Asia Pacific (Hong - Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens - are longer and might affect systems where you temporarily store tokens. For - information, see Activating - and deactivating STS in an Amazon Web Services Region in the IAM User - Guide.

To view the current session token version, see the GlobalEndpointTokenVersion - entry in the response of the GetAccountSummary operation.

- operationId: GET_SetSecurityTokenServicePreferences - parameters: - - description:

The version of the global endpoint token. Version 1 tokens - are valid only in Amazon Web Services Regions that are available by default. - These tokens do not work in manually enabled Regions, such as Asia Pacific - (Hong Kong). Version 2 tokens are valid in all Regions. However, version - 2 tokens are longer and might affect systems where you temporarily store - tokens.

For information, see Activating - and deactivating STS in an Amazon Web Services Region in the IAM - User Guide.

- in: query - name: GlobalEndpointTokenVersion - required: true - schema: - enum: - - v1Token - - v2Token + required: + - PolicyName + - PolicyDocument + Group: + type: object + properties: + Arn: + description: '' type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: SetSecurityTokenServicePreferences - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Sets the specified version of the global endpoint token as the - token version used for the Amazon Web Services account.

By default, - Security Token Service (STS) is available as a global service, and all STS - requests go to a single endpoint at https://sts.amazonaws.com. - Amazon Web Services recommends using Regional STS endpoints to reduce latency, - build in redundancy, and increase session token availability. For information - about Regional endpoints for STS, see Security - Token Service endpoints and quotas in the Amazon Web Services General - Reference.

If you make an STS call to the global endpoint, the - resulting session tokens might be valid in some Regions but not others. It - depends on the version that is set in this operation. Version 1 tokens are - valid only in Amazon Web Services Regions that are available by default. These - tokens do not work in manually enabled Regions, such as Asia Pacific (Hong - Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens - are longer and might affect systems where you temporarily store tokens. For - information, see Activating - and deactivating STS in an Amazon Web Services Region in the IAM User - Guide.

To view the current session token version, see the GlobalEndpointTokenVersion - entry in the response of the GetAccountSummary operation.

- operationId: POST_SetSecurityTokenServicePreferences - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/SetSecurityTokenServicePreferencesRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: SetSecurityTokenServicePreferences - /?Action=SimulateCustomPolicy&Version=2010-05-08: - get: - description:

Simulate how a set of IAM policies and optionally a resource-based - policy works with a list of API operations and Amazon Web Services resources - to determine the policies' effective permissions. The policies are provided - as strings.

The simulation does not perform the API operations; it - only checks the authorization to determine if the simulated policies allow - or deny the operations. You can simulate resources that don't exist in your - account.

If you want to simulate existing policies that are attached - to an IAM user, group, or role, use SimulatePrincipalPolicy instead.

-

Context keys are variables that are maintained by Amazon Web Services and - its services and which provide details about the context of an API query request. - You can use the Condition element of an IAM policy to evaluate - context keys. To get the list of context keys that the policies require for - correct simulation, use GetContextKeysForCustomPolicy.

If the - output is long, you can use MaxItems and Marker - parameters to paginate the results.

For more information about using - the policy simulator, see Testing - IAM policies with the IAM policy simulator in the IAM User Guide.

- operationId: GET_SimulateCustomPolicy - parameters: - - description:

A list of policy documents to include in the simulation. Each - document is specified as a string containing the complete, valid JSON text - of an IAM policy. Do not include any resource-based policies in this parameter. - Any resource-based policy must be submitted with the ResourcePolicy - parameter. The policies cannot be "scope-down" policies, such as you could - include in a call to GetFederationToken - or one of the AssumeRole - API operations. In other words, do not use policies designed to restrict - what a user can do while using the temporary credentials.

The maximum - length of the policy document that you can pass in this operation, including - whitespace, is listed below. To view the maximum character counts of a managed - policy with no whitespaces, see IAM - and STS character quotas.

The regex - pattern used to validate this parameter is a string of characters consisting - of the following:

  • Any printable ASCII character ranging - from the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line feed - (\u000A), and carriage return (\u000D)

    • -
- in: query - name: PolicyInputList - required: true - schema: - items: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - xml: - name: member - type: array - - description:

The IAM permissions boundary policy to simulate. The permissions - boundary sets the maximum permissions that an IAM entity can have. You can - input only one permissions boundary when you pass a policy to this operation. - For more information about permissions boundaries, see Permissions - boundaries for IAM entities in the IAM User Guide. The policy - input is specified as a string that contains the complete, valid JSON text - of a permissions boundary policy.

The maximum length of the policy - document that you can pass in this operation, including whitespace, is listed - below. To view the maximum character counts of a managed policy with no - whitespaces, see IAM - and STS character quotas.

The regex - pattern used to validate this parameter is a string of characters consisting - of the following:

  • Any printable ASCII character ranging - from the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line feed - (\u000A), and carriage return (\u000D)

    • -
- in: query - name: PermissionsBoundaryPolicyInputList - required: false - schema: - items: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - xml: - name: member + GroupName: + description: |- + The name of the group to create. Do not include the path in this value. + The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". If you don't specify a name, CFN generates a unique physical ID and uses that ID for the group name. + If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). + Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. + type: string + ManagedPolicyArns: + description: |- + The Amazon Resource Name (ARN) of the IAM policy you want to attach. + For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. type: array - - description: A list of names of API operations to evaluate in the simulation. - Each operation is evaluated against each resource. Each operation must include - the service identifier, such as iam:CreateUser. This operation - does not support using wildcards (*) in an action name. - in: query - name: ActionNames - required: true - schema: + uniqueItems: true + x-insertionOrder: false items: - allOf: - - $ref: '#/components/schemas/ActionNameType' - - xml: - name: member + type: string + Path: + description: |- + The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. + This parameter is optional. If it is not included, it defaults to a slash (/). + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. + type: string + Policies: + description: |- + Adds or updates an inline policy document that is embedded in the specified IAM group. To view AWS::IAM::Group snippets, see [Declaring an Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group). + The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail. + For information about limits on the number of inline policies that you can embed in a group, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. type: array - - description:

A list of ARNs of Amazon Web Services resources to include - in the simulation. If this parameter is not provided, then the value defaults - to * (all resources). Each API in the ActionNames - parameter is evaluated for each resource in this list. The simulation determines - the access result (allowed or denied) of each combination and reports it - in the response. You can simulate resources that don't exist in your account.

-

The simulation does not automatically retrieve policies for the specified - resources. If you want to include a resource policy in the simulation, then - you must include the policy as a string in the ResourcePolicy - parameter.

If you include a ResourcePolicy, then it - must be applicable to all of the resources included in the simulation or - you receive an invalid input error.

For more information about ARNs, - see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: ResourceArns - required: false - schema: + uniqueItems: false + x-insertionOrder: false items: - allOf: - - $ref: '#/components/schemas/ResourceNameType' - - xml: - name: member - type: array - - description:

A resource-based policy to include in the simulation provided - as a string. Each resource in the simulation is treated as if it had this - policy attached. You can include only one resource-based policy in a simulation.

-

The maximum length of the policy document that you can pass in this operation, - including whitespace, is listed below. To view the maximum character counts - of a managed policy with no whitespaces, see IAM - and STS character quotas.

The regex - pattern used to validate this parameter is a string of characters consisting - of the following:

  • Any printable ASCII character ranging - from the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line feed - (\u000A), and carriage return (\u000D)

    • -
- in: query - name: ResourcePolicy - required: false - schema: - maxLength: 131072 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - - description: '

An ARN representing the Amazon Web Services account ID that - specifies the owner of any simulated resource that does not identify its - owner in the resource ARN. Examples of resource ARNs include an S3 bucket - or object. If ResourceOwner is specified, it is also used as - the account owner of any ResourcePolicy included in the simulation. - If the ResourceOwner parameter is not specified, then the owner - of the resources and the resource policy defaults to the account of the - identity provided in CallerArn. This parameter is required - only if you specify a resource-based policy and account that owns the resource - is different from the account that owns the simulated calling user CallerArn.

-

The ARN for an account uses the following syntax: arn:aws:iam::AWS-account-ID:root. - For example, to represent the account with the 112233445566 ID, use the - following ARN: arn:aws:iam::112233445566-ID:root.

' - in: query - name: ResourceOwner - required: false - schema: - maxLength: 2048 - minLength: 1 + $ref: '#/components/schemas/Policy' + x-stackql-resource-name: group + description: |- + Creates a new group. + For information about the number of groups you can create, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. + x-type-name: AWS::IAM::Group + x-stackql-primary-identifier: + - GroupName + x-create-only-properties: + - GroupName + x-read-only-properties: + - Arn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:CreateGroup + - iam:PutGroupPolicy + - iam:AttachGroupPolicy + - iam:GetGroupPolicy + - iam:GetGroup + read: + - iam:GetGroup + - iam:ListGroupPolicies + - iam:GetGroupPolicy + - iam:ListAttachedGroupPolicies + update: + - iam:GetGroup + - iam:UpdateGroup + - iam:DetachGroupPolicy + - iam:AttachGroupPolicy + - iam:DeleteGroupPolicy + - iam:PutGroupPolicy + - iam:GetGroupPolicy + delete: + - iam:GetGroup + - iam:DeleteGroup + - iam:ListAttachedGroupPolicies + - iam:ListGroupPolicies + - iam:DetachGroupPolicy + - iam:DeleteGroupPolicy + - iam:GetGroupPolicy + list: + - iam:ListGroups + GroupPolicy: + type: object + properties: + PolicyDocument: + description: |- + The policy document. + You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. + The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range + + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) + + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) + type: object + PolicyName: + description: |- + The name of the policy document. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- type: string - - description:

The ARN of the IAM user that you want to use as the simulated - caller of the API operations. CallerArn is required if you - include a ResourcePolicy so that the policy's Principal - element has a value to use in evaluating the policy.

You can specify - only the ARN of an IAM user. You cannot specify the ARN of an assumed role, - federated user, or a service principal.

- in: query - name: CallerArn - required: false - schema: - maxLength: 2048 - minLength: 1 + GroupName: + description: |- + The name of the group to associate the policy with. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. + type: string + required: + - PolicyName + - GroupName + x-stackql-resource-name: group_policy + description: |- + Adds or updates an inline policy document that is embedded in the specified IAM group. + A group can also have managed policies attached to it. To attach a managed policy to a group, use [AWS::IAM::Group](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. + For information about the maximum number of inline policies that you can embed in a group, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. + x-type-name: AWS::IAM::GroupPolicy + x-stackql-primary-identifier: + - PolicyName + - GroupName + x-create-only-properties: + - PolicyName + - GroupName + x-required-properties: + - PolicyName + - GroupName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:PutGroupPolicy + - iam:GetGroupPolicy + read: + - iam:GetGroupPolicy + update: + - iam:PutGroupPolicy + - iam:GetGroupPolicy + delete: + - iam:DeleteGroupPolicy + - iam:GetGroupPolicy + InstanceProfile: + type: object + properties: + Path: type: string - - description: A list of context keys and corresponding values for the simulation - to use. Whenever a context key is evaluated in one of the simulated IAM - permissions policies, the corresponding value is supplied. - in: query - name: ContextEntries - required: false - schema: - items: - allOf: - - $ref: '#/components/schemas/ContextEntry' - - xml: - name: member + description: |- + The path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. + This parameter is optional. If it is not included, it defaults to a slash (/). + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. + Roles: type: array - - description:

Specifies the type of simulation to run. Different API operations - that support resource-based policies require different combinations of resources. - By specifying the type of simulation to run, you enable the policy simulator - to enforce the presence of the required resources to ensure reliable simulation - results. If your simulation does not match one of the following scenarios, - then you can omit this parameter. The following list shows each of the supported - scenario values and the resources that you must define to run the simulation.

-

Each of the EC2 scenarios requires that you specify instance, image, - and security-group resources. If your scenario includes an EBS volume, then - you must specify that volume as a resource. If the EC2 scenario includes - VPC, then you must supply the network-interface resource. If it includes - an IP subnet, then you must specify the subnet resource. For more information - on the EC2 scenario options, see Supported - platforms in the Amazon EC2 User Guide.

  • EC2-Classic-InstanceStore -

    instance, image, security-group

  • EC2-Classic-EBS -

    instance, image, security-group, volume

  • EC2-VPC-InstanceStore -

    instance, image, security-group, network-interface

  • -

    EC2-VPC-InstanceStore-Subnet

    instance, image, security-group, - network-interface, subnet

  • EC2-VPC-EBS

    instance, - image, security-group, network-interface, volume

  • EC2-VPC-EBS-Subnet -

    instance, image, security-group, network-interface, subnet, volume

    -
- in: query - name: ResourceHandlingOption - required: false - schema: - maxLength: 64 - minLength: 1 - type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - SimulateCustomPolicyResult: - $ref: '#/components/schemas/SimulatePolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/PolicyEvaluationException' - description: PolicyEvaluationException - x-aws-operation-name: SimulateCustomPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Simulate how a set of IAM policies and optionally a resource-based - policy works with a list of API operations and Amazon Web Services resources - to determine the policies' effective permissions. The policies are provided - as strings.

The simulation does not perform the API operations; it - only checks the authorization to determine if the simulated policies allow - or deny the operations. You can simulate resources that don't exist in your - account.

If you want to simulate existing policies that are attached - to an IAM user, group, or role, use SimulatePrincipalPolicy instead.

-

Context keys are variables that are maintained by Amazon Web Services and - its services and which provide details about the context of an API query request. - You can use the Condition element of an IAM policy to evaluate - context keys. To get the list of context keys that the policies require for - correct simulation, use GetContextKeysForCustomPolicy.

If the - output is long, you can use MaxItems and Marker - parameters to paginate the results.

For more information about using - the policy simulator, see Testing - IAM policies with the IAM policy simulator in the IAM User Guide.

- operationId: POST_SimulateCustomPolicy - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: + description: The name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions. + uniqueItems: true + x-insertionOrder: false + items: + type: string + InstanceProfileName: type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: + description: |- + The name of the instance profile to create. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + Arn: type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/SimulateCustomPolicyRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - SimulateCustomPolicyResult: - $ref: '#/components/schemas/SimulatePolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/PolicyEvaluationException' - description: PolicyEvaluationException - x-aws-operation-name: SimulateCustomPolicy - /?Action=SimulatePrincipalPolicy&Version=2010-05-08: - get: - description:

Simulate how a set of IAM policies attached to an IAM entity - works with a list of API operations and Amazon Web Services resources to determine - the policies' effective permissions. The entity can be an IAM user, group, - or role. If you specify a user, then the simulation also includes all of the - policies that are attached to groups that the user belongs to. You can simulate - resources that don't exist in your account.

You can optionally include - a list of one or more additional policies specified as strings to include - in the simulation. If you want to simulate only policies specified as strings, - use SimulateCustomPolicy instead.

You can also optionally include - one resource-based policy to be evaluated with each of the resources included - in the simulation.

The simulation does not perform the API operations; - it only checks the authorization to determine if the simulated policies allow - or deny the operations.

Note: This operation discloses information - about the permissions granted to other users. If you do not want users to - see other user's permissions, then consider allowing them to use SimulateCustomPolicy - instead.

Context keys are variables maintained by Amazon Web Services - and its services that provide details about the context of an API query request. - You can use the Condition element of an IAM policy to evaluate - context keys. To get the list of context keys that the policies require for - correct simulation, use GetContextKeysForPrincipalPolicy.

If - the output is long, you can use the MaxItems and Marker - parameters to paginate the results.

For more information about using - the policy simulator, see Testing - IAM policies with the IAM policy simulator in the IAM User Guide.

- operationId: GET_SimulatePrincipalPolicy - parameters: - - description:

The Amazon Resource Name (ARN) of a user, group, or role whose - policies you want to include in the simulation. If you specify a user, group, - or role, the simulation includes all policies that are associated with that - entity. If you specify a user, the simulation also includes all policies - that are attached to any groups the user belongs to.

The maximum - length of the policy document that you can pass in this operation, including - whitespace, is listed below. To view the maximum character counts of a managed - policy with no whitespaces, see IAM - and STS character quotas.

For more information about ARNs, see - Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: PolicySourceArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 + description: '' + required: + - Roles + x-stackql-resource-name: instance_profile + description: |- + Creates a new instance profile. For information about instance profiles, see [Using instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html). + For information about the number of instance profiles you can create, see [object quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *User Guide*. + x-type-name: AWS::IAM::InstanceProfile + x-stackql-primary-identifier: + - InstanceProfileName + x-create-only-properties: + - InstanceProfileName + - Path + x-read-only-properties: + - Arn + x-required-properties: + - Roles + x-required-permissions: + create: + - iam:CreateInstanceProfile + - iam:PassRole + - iam:AddRoleToInstanceProfile + - iam:GetInstanceProfile + read: + - iam:GetInstanceProfile + update: + - iam:PassRole + - iam:RemoveRoleFromInstanceProfile + - iam:AddRoleToInstanceProfile + - iam:GetInstanceProfile + delete: + - iam:GetInstanceProfile + - iam:RemoveRoleFromInstanceProfile + - iam:DeleteInstanceProfile + list: + - iam:ListInstanceProfiles + ManagedPolicy: + type: object + properties: + Description: type: string - - description:

An optional list of additional policy documents to include - in the simulation. Each document is specified as a string containing the - complete, valid JSON text of an IAM policy.

The regex - pattern used to validate this parameter is a string of characters consisting - of the following:

  • Any printable ASCII character ranging - from the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line feed - (\u000A), and carriage return (\u000D)

    • -
- in: query - name: PolicyInputList - required: false - schema: - items: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - xml: - name: member + description: |- + A friendly description of the policy. + Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables." + The policy description is immutable. After a value is assigned, it cannot be changed. + Groups: + x-insertionOrder: false type: array - - description:

The IAM permissions boundary policy to simulate. The permissions - boundary sets the maximum permissions that the entity can have. You can - input only one permissions boundary when you pass a policy to this operation. - An IAM entity can only have one permissions boundary in effect at a time. - For example, if a permissions boundary is attached to an entity and you - pass in a different permissions boundary policy using this parameter, then - the new permissions boundary policy is used for the simulation. For more - information about permissions boundaries, see Permissions - boundaries for IAM entities in the IAM User Guide. The policy - input is specified as a string containing the complete, valid JSON text - of a permissions boundary policy.

The maximum length of the policy - document that you can pass in this operation, including whitespace, is listed - below. To view the maximum character counts of a managed policy with no - whitespaces, see IAM - and STS character quotas.

The regex - pattern used to validate this parameter is a string of characters consisting - of the following:

  • Any printable ASCII character ranging - from the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line feed - (\u000A), and carriage return (\u000D)

    • -
- in: query - name: PermissionsBoundaryPolicyInputList - required: false - schema: + description: |- + The name (friendly name, not ARN) of the group to attach the policy to. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + uniqueItems: true items: - allOf: - - $ref: '#/components/schemas/policyDocumentType' - - xml: - name: member + type: string + ManagedPolicyName: + type: string + description: |- + The friendly name of the policy. + If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). + Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. + Path: + type: string + default: / + description: |- + The path for the policy. + For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. + This parameter is optional. If it is not included, it defaults to a slash (/). + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. + You cannot use an asterisk (*) in the path name. + PolicyDocument: + type: object + description: |- + The JSON policy document that you want to use as the content for the new policy. + You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. + The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + To learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide*. + The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range + + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) + + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) + Roles: + x-insertionOrder: false type: array - - description: A list of names of API operations to evaluate in the simulation. - Each operation is evaluated for each resource. Each operation must include - the service identifier, such as iam:CreateUser. - in: query - name: ActionNames - required: true - schema: + description: |- + The name (friendly name, not ARN) of the role to attach the policy to. + This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + If an external policy (such as ``AWS::IAM::Policy`` or ``AWS::IAM::ManagedPolicy``) has a ``Ref`` to a role and if a resource (such as ``AWS::ECS::Service``) also has a ``Ref`` to the same role, add a ``DependsOn`` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an ``AWS::ECS::Service`` resource, the ``DependsOn`` attribute ensures that CFN deletes the ``AWS::ECS::Service`` resource before deleting its role's policy. + uniqueItems: true items: - allOf: - - $ref: '#/components/schemas/ActionNameType' - - xml: - name: member + type: string + Users: + x-insertionOrder: false type: array - - description:

A list of ARNs of Amazon Web Services resources to include - in the simulation. If this parameter is not provided, then the value defaults - to * (all resources). Each API in the ActionNames - parameter is evaluated for each resource in this list. The simulation determines - the access result (allowed or denied) of each combination and reports it - in the response. You can simulate resources that don't exist in your account.

-

The simulation does not automatically retrieve policies for the specified - resources. If you want to include a resource policy in the simulation, then - you must include the policy as a string in the ResourcePolicy - parameter.

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: ResourceArns - required: false - schema: + description: |- + The name (friendly name, not ARN) of the IAM user to attach the policy to. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + uniqueItems: true items: - allOf: - - $ref: '#/components/schemas/ResourceNameType' - - xml: - name: member - type: array - - description:

A resource-based policy to include in the simulation provided - as a string. Each resource in the simulation is treated as if it had this - policy attached. You can include only one resource-based policy in a simulation.

-

The maximum length of the policy document that you can pass in this operation, - including whitespace, is listed below. To view the maximum character counts - of a managed policy with no whitespaces, see IAM - and STS character quotas.

The regex - pattern used to validate this parameter is a string of characters consisting - of the following:

  • Any printable ASCII character ranging - from the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line feed - (\u000A), and carriage return (\u000D)

    • -
- in: query - name: ResourcePolicy - required: false - schema: - maxLength: 131072 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + PolicyArn: type: string - - description: An Amazon Web Services account ID that specifies the owner of - any simulated resource that does not identify its owner in the resource - ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner - is specified, it is also used as the account owner of any ResourcePolicy - included in the simulation. If the ResourceOwner parameter - is not specified, then the owner of the resources and the resource policy - defaults to the account of the identity provided in CallerArn. - This parameter is required only if you specify a resource-based policy and - account that owns the resource is different from the account that owns the - simulated calling user CallerArn. - in: query - name: ResourceOwner - required: false - schema: - maxLength: 2048 - minLength: 1 + description: '' + AttachmentCount: + type: integer + description: '' + CreateDate: type: string - - description:

The ARN of the IAM user that you want to specify as the simulated - caller of the API operations. If you do not specify a CallerArn, - it defaults to the ARN of the user that you specify in PolicySourceArn, - if you specified a user. If you include both a PolicySourceArn - (for example, arn:aws:iam::123456789012:user/David) and a CallerArn - (for example, arn:aws:iam::123456789012:user/Bob), the result - is that you simulate calling the API operations as Bob, as if Bob had David's - policies.

You can specify only the ARN of an IAM user. You cannot - specify the ARN of an assumed role, federated user, or a service principal.

-

CallerArn is required if you include a ResourcePolicy - and the PolicySourceArn is not the ARN for an IAM user. This - is required so that the resource-based policy's Principal element - has a value to use in evaluating the policy.

For more information - about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: CallerArn - required: false - schema: - maxLength: 2048 - minLength: 1 + description: '' + UpdateDate: type: string - - description: A list of context keys and corresponding values for the simulation - to use. Whenever a context key is evaluated in one of the simulated IAM - permissions policies, the corresponding value is supplied. - in: query - name: ContextEntries - required: false - schema: - items: - allOf: - - $ref: '#/components/schemas/ContextEntry' - - xml: - name: member - type: array - - description:

Specifies the type of simulation to run. Different API operations - that support resource-based policies require different combinations of resources. - By specifying the type of simulation to run, you enable the policy simulator - to enforce the presence of the required resources to ensure reliable simulation - results. If your simulation does not match one of the following scenarios, - then you can omit this parameter. The following list shows each of the supported - scenario values and the resources that you must define to run the simulation.

-

Each of the EC2 scenarios requires that you specify instance, image, - and security group resources. If your scenario includes an EBS volume, then - you must specify that volume as a resource. If the EC2 scenario includes - VPC, then you must supply the network interface resource. If it includes - an IP subnet, then you must specify the subnet resource. For more information - on the EC2 scenario options, see Supported - platforms in the Amazon EC2 User Guide.

  • EC2-Classic-InstanceStore -

    instance, image, security group

  • EC2-Classic-EBS -

    instance, image, security group, volume

  • EC2-VPC-InstanceStore -

    instance, image, security group, network interface

  • -

    EC2-VPC-InstanceStore-Subnet

    instance, image, security - group, network interface, subnet

  • EC2-VPC-EBS

    -

    instance, image, security group, network interface, volume

    • -

  • EC2-VPC-EBS-Subnet

    instance, image, security group, - network interface, subnet, volume

- in: query - name: ResourceHandlingOption - required: false - schema: - maxLength: 64 - minLength: 1 + description: '' + DefaultVersionId: type: string - - description:

Use this only when paginating results to indicate the maximum - number of items you want in the response. If additional items exist beyond - the maximum you specify, the IsTruncated response element is - true.

If you do not include this parameter, the number - of items defaults to 100. Note that IAM might return fewer results, even - when there are more results available. In that case, the IsTruncated - response element returns true, and Marker contains - a value to include in the subsequent call that tells the service where to - continue from.

- in: query - name: MaxItems - required: false - schema: - maximum: 1000 - minimum: 1 + description: '' + IsAttachable: + type: boolean + description: '' + PermissionsBoundaryUsageCount: type: integer - - description: Use this parameter only when paginating results and only after - you receive a response indicating that the results are truncated. Set it - to the value of the Marker element in the response that you - received to indicate where the next call should start. - in: query - name: Marker - required: false - schema: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - responses: - '200': - content: - text/xml: - schema: - properties: - SimulatePrincipalPolicyResult: - $ref: '#/components/schemas/SimulatePolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/PolicyEvaluationException' - description: PolicyEvaluationException - x-aws-operation-name: SimulatePrincipalPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Simulate how a set of IAM policies attached to an IAM entity - works with a list of API operations and Amazon Web Services resources to determine - the policies' effective permissions. The entity can be an IAM user, group, - or role. If you specify a user, then the simulation also includes all of the - policies that are attached to groups that the user belongs to. You can simulate - resources that don't exist in your account.

You can optionally include - a list of one or more additional policies specified as strings to include - in the simulation. If you want to simulate only policies specified as strings, - use SimulateCustomPolicy instead.

You can also optionally include - one resource-based policy to be evaluated with each of the resources included - in the simulation.

The simulation does not perform the API operations; - it only checks the authorization to determine if the simulated policies allow - or deny the operations.

Note: This operation discloses information - about the permissions granted to other users. If you do not want users to - see other user's permissions, then consider allowing them to use SimulateCustomPolicy - instead.

Context keys are variables maintained by Amazon Web Services - and its services that provide details about the context of an API query request. - You can use the Condition element of an IAM policy to evaluate - context keys. To get the list of context keys that the policies require for - correct simulation, use GetContextKeysForPrincipalPolicy.

If - the output is long, you can use the MaxItems and Marker - parameters to paginate the results.

For more information about using - the policy simulator, see Testing - IAM policies with the IAM policy simulator in the IAM User Guide.

- operationId: POST_SimulatePrincipalPolicy - parameters: - - description: Pagination limit - in: query - name: MaxItems - required: false - schema: + description: '' + PolicyId: type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: + description: '' + required: + - PolicyDocument + x-stackql-resource-name: managed_policy + description: |- + Creates a new managed policy for your AWS-account. + This operation creates a policy version with a version identifier of ``v1`` and sets v1 as the policy's default version. For more information about policy versions, see [Versioning for managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) in the *IAM User Guide*. + As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) in the *IAM User Guide*. + For more information about managed policies in general, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. + x-type-name: AWS::IAM::ManagedPolicy + x-stackql-primary-identifier: + - PolicyArn + x-create-only-properties: + - ManagedPolicyName + - Description + - Path + x-read-only-properties: + - PolicyArn + - AttachmentCount + - CreateDate + - DefaultVersionId + - IsAttachable + - PermissionsBoundaryUsageCount + - PolicyId + - UpdateDate + x-required-properties: + - PolicyDocument + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:CreatePolicy + - iam:AttachGroupPolicy + - iam:AttachUserPolicy + - iam:AttachRolePolicy + read: + - iam:GetPolicy + - iam:ListEntitiesForPolicy + - iam:GetPolicyVersion + update: + - iam:DetachRolePolicy + - iam:GetPolicy + - iam:ListPolicyVersions + - iam:DetachGroupPolicy + - iam:DetachUserPolicy + - iam:CreatePolicyVersion + - iam:DeletePolicyVersion + - iam:AttachGroupPolicy + - iam:AttachUserPolicy + - iam:AttachRolePolicy + delete: + - iam:DetachRolePolicy + - iam:GetPolicy + - iam:ListPolicyVersions + - iam:DetachGroupPolicy + - iam:DetachUserPolicy + - iam:DeletePolicyVersion + - iam:DeletePolicy + - iam:ListEntitiesForPolicy + list: + - iam:ListPolicies + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Value: + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' type: string - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/SimulatePrincipalPolicyRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - SimulatePrincipalPolicyResult: - $ref: '#/components/schemas/SimulatePolicyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/PolicyEvaluationException' - description: PolicyEvaluationException - x-aws-operation-name: SimulatePrincipalPolicy - /?Action=TagInstanceProfile&Version=2010-05-08: - get: - description:

Adds one or more tags to an IAM instance profile. If a tag with - the same key name already exists, then that tag is overwritten with the new - value.

Each tag consists of a key name and an associated value. By - assigning tags to your resources, you can do the following:

  • -

    Administrative grouping and discovery - Attach tags to resources - to aid in organization and search. For example, you could search for all resources - with the key name Project and the value MyImportantProject. - Or search for all resources with the key name Cost Center and the value - 41200.

  • Access control - Include tags in - IAM user-based and resource-based policies. You can use tags to restrict access - to only an IAM instance profile that has a specified tag attached. For examples - of policies that show how to use tags to control access, see Control - access using IAM tags in the IAM User Guide.

-

  • If any one of the tags is invalid or if you exceed the allowed - maximum number of tags, then the entire request fails and the resource is - not created. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

- - operationId: GET_TagInstanceProfile - parameters: - - description: '

The name of the IAM instance profile to which you want to - add tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: InstanceProfileName - required: true - schema: - maxLength: 128 minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: The list of tags that you want to attach to the IAM instance - profile. Each tag consists of a key name and an associated value. - in: query - name: Tags - required: true - schema: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagInstanceProfile - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Adds one or more tags to an IAM instance profile. If a tag with - the same key name already exists, then that tag is overwritten with the new - value.

Each tag consists of a key name and an associated value. By - assigning tags to your resources, you can do the following:

  • -

    Administrative grouping and discovery - Attach tags to resources - to aid in organization and search. For example, you could search for all resources - with the key name Project and the value MyImportantProject. - Or search for all resources with the key name Cost Center and the value - 41200.

  • Access control - Include tags in - IAM user-based and resource-based policies. You can use tags to restrict access - to only an IAM instance profile that has a specified tag attached. For examples - of policies that show how to use tags to control access, see Control - access using IAM tags in the IAM User Guide.

-

  • If any one of the tags is invalid or if you exceed the allowed - maximum number of tags, then the entire request fails and the resource is - not created. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

- - operationId: POST_TagInstanceProfile - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/TagInstanceProfileRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagInstanceProfile - /?Action=TagMFADevice&Version=2010-05-08: - get: - description:

Adds one or more tags to an IAM virtual multi-factor authentication - (MFA) device. If a tag with the same key name already exists, then that tag - is overwritten with the new value.

A tag consists of a key name and - an associated value. By assigning tags to your resources, you can do the following:

-

  • Administrative grouping and discovery - Attach tags to - resources to aid in organization and search. For example, you could search - for all resources with the key name Project and the value MyImportantProject. - Or search for all resources with the key name Cost Center and the value - 41200.

  • Access control - Include tags in - IAM user-based and resource-based policies. You can use tags to restrict access - to only an IAM virtual MFA device that has a specified tag attached. For examples - of policies that show how to use tags to control access, see Control - access using IAM tags in the IAM User Guide.

-

  • If any one of the tags is invalid or if you exceed the allowed - maximum number of tags, then the entire request fails and the resource is - not created. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

- - operationId: GET_TagMFADevice - parameters: - - description: '

The unique identifier for the IAM virtual MFA device to which - you want to add tags. For virtual MFA devices, the serial number is the - same as the ARN.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: SerialNumber - required: true - schema: maxLength: 256 - minLength: 9 - pattern: '[\w+=/:,.@-]+' - type: string - - description: The list of tags that you want to attach to the IAM virtual MFA - device. Each tag consists of a key name and an associated value. - in: query - name: Tags - required: true - schema: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagMFADevice - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Adds one or more tags to an IAM virtual multi-factor authentication - (MFA) device. If a tag with the same key name already exists, then that tag - is overwritten with the new value.

A tag consists of a key name and - an associated value. By assigning tags to your resources, you can do the following:

-

  • Administrative grouping and discovery - Attach tags to - resources to aid in organization and search. For example, you could search - for all resources with the key name Project and the value MyImportantProject. - Or search for all resources with the key name Cost Center and the value - 41200.

  • Access control - Include tags in - IAM user-based and resource-based policies. You can use tags to restrict access - to only an IAM virtual MFA device that has a specified tag attached. For examples - of policies that show how to use tags to control access, see Control - access using IAM tags in the IAM User Guide.

-

  • If any one of the tags is invalid or if you exceed the allowed - maximum number of tags, then the entire request fails and the resource is - not created. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

- - operationId: POST_TagMFADevice - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/TagMFADeviceRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagMFADevice - /?Action=TagOpenIDConnectProvider&Version=2010-05-08: - get: - description:

Adds one or more tags to an OpenID Connect (OIDC)-compatible - identity provider. For more information about these providers, see About - web identity federation. If a tag with the same key name already exists, - then that tag is overwritten with the new value.

A tag consists of - a key name and an associated value. By assigning tags to your resources, you - can do the following:

  • Administrative grouping and discovery - - Attach tags to resources to aid in organization and search. For example, - you could search for all resources with the key name Project and the - value MyImportantProject. Or search for all resources with the key - name Cost Center and the value 41200.

  • Access - control - Include tags in IAM user-based and resource-based policies. - You can use tags to restrict access to only an OIDC provider that has a specified - tag attached. For examples of policies that show how to use tags to control - access, see Control - access using IAM tags in the IAM User Guide.

-

  • If any one of the tags is invalid or if you exceed the allowed - maximum number of tags, then the entire request fails and the resource is - not created. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

- - operationId: GET_TagOpenIDConnectProvider - parameters: - - description: '

The ARN of the OIDC identity provider in IAM to which you - want to add tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: OpenIDConnectProviderArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description: The list of tags that you want to attach to the OIDC identity - provider in IAM. Each tag consists of a key name and an associated value. - in: query - name: Tags - required: true - schema: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagOpenIDConnectProvider - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Adds one or more tags to an OpenID Connect (OIDC)-compatible - identity provider. For more information about these providers, see About - web identity federation. If a tag with the same key name already exists, - then that tag is overwritten with the new value.

A tag consists of - a key name and an associated value. By assigning tags to your resources, you - can do the following:

  • Administrative grouping and discovery - - Attach tags to resources to aid in organization and search. For example, - you could search for all resources with the key name Project and the - value MyImportantProject. Or search for all resources with the key - name Cost Center and the value 41200.

  • Access - control - Include tags in IAM user-based and resource-based policies. - You can use tags to restrict access to only an OIDC provider that has a specified - tag attached. For examples of policies that show how to use tags to control - access, see Control - access using IAM tags in the IAM User Guide.

-

  • If any one of the tags is invalid or if you exceed the allowed - maximum number of tags, then the entire request fails and the resource is - not created. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

- - operationId: POST_TagOpenIDConnectProvider - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/TagOpenIDConnectProviderRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagOpenIDConnectProvider - /?Action=TagPolicy&Version=2010-05-08: - get: - description:

Adds one or more tags to an IAM customer managed policy. If - a tag with the same key name already exists, then that tag is overwritten - with the new value.

A tag consists of a key name and an associated - value. By assigning tags to your resources, you can do the following:

-

  • Administrative grouping and discovery - Attach tags to - resources to aid in organization and search. For example, you could search - for all resources with the key name Project and the value MyImportantProject. - Or search for all resources with the key name Cost Center and the value - 41200.

  • Access control - Include tags in - IAM user-based and resource-based policies. You can use tags to restrict access - to only an IAM customer managed policy that has a specified tag attached. - For examples of policies that show how to use tags to control access, see - Control - access using IAM tags in the IAM User Guide.

-

  • If any one of the tags is invalid or if you exceed the allowed - maximum number of tags, then the entire request fails and the resource is - not created. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

- - operationId: GET_TagPolicy - parameters: - - description: '

The ARN of the IAM customer managed policy to which you want - to add tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 + Key: + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' type: string - - description: The list of tags that you want to attach to the IAM customer - managed policy. Each tag consists of a key name and an associated value. - in: query - name: Tags - required: true - schema: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Adds one or more tags to an IAM customer managed policy. If - a tag with the same key name already exists, then that tag is overwritten - with the new value.

A tag consists of a key name and an associated - value. By assigning tags to your resources, you can do the following:

-

  • Administrative grouping and discovery - Attach tags to - resources to aid in organization and search. For example, you could search - for all resources with the key name Project and the value MyImportantProject. - Or search for all resources with the key name Cost Center and the value - 41200.

  • Access control - Include tags in - IAM user-based and resource-based policies. You can use tags to restrict access - to only an IAM customer managed policy that has a specified tag attached. - For examples of policies that show how to use tags to control access, see - Control - access using IAM tags in the IAM User Guide.

-

  • If any one of the tags is invalid or if you exceed the allowed - maximum number of tags, then the entire request fails and the resource is - not created. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

- - operationId: POST_TagPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/TagPolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagPolicy - /?Action=TagRole&Version=2010-05-08: - get: - description:

Adds one or more tags to an IAM role. The role can be a regular - role or a service-linked role. If a tag with the same key name already exists, - then that tag is overwritten with the new value.

A tag consists of - a key name and an associated value. By assigning tags to your resources, you - can do the following:

  • Administrative grouping and discovery - - Attach tags to resources to aid in organization and search. For example, - you could search for all resources with the key name Project and the - value MyImportantProject. Or search for all resources with the key - name Cost Center and the value 41200.

  • Access - control - Include tags in IAM user-based and resource-based policies. - You can use tags to restrict access to only an IAM role that has a specified - tag attached. You can also restrict access to only those resources that have - a certain tag attached. For examples of policies that show how to use tags - to control access, see Control - access using IAM tags in the IAM User Guide.

  • - Cost allocation - Use tags to help track which individuals and teams - are using which Amazon Web Services resources.

    -

  • If any one of the tags is invalid or if you exceed the allowed maximum - number of tags, then the entire request fails and the resource is not created. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

-

For more information about tagging, see Tagging - IAM identities in the IAM User Guide.

- operationId: GET_TagRole - parameters: - - description: '

The name of the IAM role to which you want to add tags.

-

This parameter accepts (through its regex - pattern) a string of characters that consist of upper and lowercase - alphanumeric characters with no spaces. You can also include any of the - following characters: _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: The list of tags that you want to attach to the IAM role. Each - tag consists of a key name and an associated value. - in: query - name: Tags - required: true - schema: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagRole - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Adds one or more tags to an IAM role. The role can be a regular - role or a service-linked role. If a tag with the same key name already exists, - then that tag is overwritten with the new value.

A tag consists of - a key name and an associated value. By assigning tags to your resources, you - can do the following:

  • Administrative grouping and discovery - - Attach tags to resources to aid in organization and search. For example, - you could search for all resources with the key name Project and the - value MyImportantProject. Or search for all resources with the key - name Cost Center and the value 41200.

  • Access - control - Include tags in IAM user-based and resource-based policies. - You can use tags to restrict access to only an IAM role that has a specified - tag attached. You can also restrict access to only those resources that have - a certain tag attached. For examples of policies that show how to use tags - to control access, see Control - access using IAM tags in the IAM User Guide.

  • - Cost allocation - Use tags to help track which individuals and teams - are using which Amazon Web Services resources.

    -

  • If any one of the tags is invalid or if you exceed the allowed maximum - number of tags, then the entire request fails and the resource is not created. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

-

For more information about tagging, see Tagging - IAM identities in the IAM User Guide.

- operationId: POST_TagRole - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/TagRoleRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagRole - /?Action=TagSAMLProvider&Version=2010-05-08: - get: - description:

Adds one or more tags to a Security Assertion Markup Language - (SAML) identity provider. For more information about these providers, see - About - SAML 2.0-based federation . If a tag with the same key name already exists, - then that tag is overwritten with the new value.

A tag consists of - a key name and an associated value. By assigning tags to your resources, you - can do the following:

  • Administrative grouping and discovery - - Attach tags to resources to aid in organization and search. For example, - you could search for all resources with the key name Project and the - value MyImportantProject. Or search for all resources with the key - name Cost Center and the value 41200.

  • Access - control - Include tags in IAM user-based and resource-based policies. - You can use tags to restrict access to only a SAML identity provider that - has a specified tag attached. For examples of policies that show how to use - tags to control access, see Control - access using IAM tags in the IAM User Guide.

-

  • If any one of the tags is invalid or if you exceed the allowed - maximum number of tags, then the entire request fails and the resource is - not created. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

- - operationId: GET_TagSAMLProvider - parameters: - - description: '

The ARN of the SAML identity provider in IAM to which you - want to add tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: SAMLProviderArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description: The list of tags that you want to attach to the SAML identity - provider in IAM. Each tag consists of a key name and an associated value. - in: query - name: Tags - required: true - schema: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagSAMLProvider - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Adds one or more tags to a Security Assertion Markup Language - (SAML) identity provider. For more information about these providers, see - About - SAML 2.0-based federation . If a tag with the same key name already exists, - then that tag is overwritten with the new value.

A tag consists of - a key name and an associated value. By assigning tags to your resources, you - can do the following:

  • Administrative grouping and discovery - - Attach tags to resources to aid in organization and search. For example, - you could search for all resources with the key name Project and the - value MyImportantProject. Or search for all resources with the key - name Cost Center and the value 41200.

  • Access - control - Include tags in IAM user-based and resource-based policies. - You can use tags to restrict access to only a SAML identity provider that - has a specified tag attached. For examples of policies that show how to use - tags to control access, see Control - access using IAM tags in the IAM User Guide.

-

  • If any one of the tags is invalid or if you exceed the allowed - maximum number of tags, then the entire request fails and the resource is - not created. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

- - operationId: POST_TagSAMLProvider - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/TagSAMLProviderRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagSAMLProvider - /?Action=TagServerCertificate&Version=2010-05-08: - get: - description:

Adds one or more tags to an IAM server certificate. If a tag - with the same key name already exists, then that tag is overwritten with the - new value.

For certificates in a Region supported by Certificate - Manager (ACM), we recommend that you don't use IAM server certificates. Instead, - use ACM to provision, manage, and deploy your server certificates. For more - information about IAM server certificates, Working - with server certificates in the IAM User Guide.

A - tag consists of a key name and an associated value. By assigning tags to your - resources, you can do the following:

  • Administrative grouping - and discovery - Attach tags to resources to aid in organization and search. - For example, you could search for all resources with the key name Project - and the value MyImportantProject. Or search for all resources with - the key name Cost Center and the value 41200.

  • -

    Access control - Include tags in IAM user-based and resource-based - policies. You can use tags to restrict access to only a server certificate - that has a specified tag attached. For examples of policies that show how - to use tags to control access, see Control - access using IAM tags in the IAM User Guide.

  • - Cost allocation - Use tags to help track which individuals and teams - are using which Amazon Web Services resources.

    -

  • If any one of the tags is invalid or if you exceed the allowed maximum - number of tags, then the entire request fails and the resource is not created. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

- - operationId: GET_TagServerCertificate - parameters: - - description: '

The name of the IAM server certificate to which you want - to add tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: ServerCertificateName - required: true - schema: maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: The list of tags that you want to attach to the IAM server certificate. - Each tag consists of a key name and an associated value. - in: query - name: Tags - required: true - schema: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 + required: + - Value + - Key + OIDCProvider: + type: object + properties: + ClientIdList: type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagServerCertificate - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Adds one or more tags to an IAM server certificate. If a tag - with the same key name already exists, then that tag is overwritten with the - new value.

For certificates in a Region supported by Certificate - Manager (ACM), we recommend that you don't use IAM server certificates. Instead, - use ACM to provision, manage, and deploy your server certificates. For more - information about IAM server certificates, Working - with server certificates in the IAM User Guide.

A - tag consists of a key name and an associated value. By assigning tags to your - resources, you can do the following:

  • Administrative grouping - and discovery - Attach tags to resources to aid in organization and search. - For example, you could search for all resources with the key name Project - and the value MyImportantProject. Or search for all resources with - the key name Cost Center and the value 41200.

  • -

    Access control - Include tags in IAM user-based and resource-based - policies. You can use tags to restrict access to only a server certificate - that has a specified tag attached. For examples of policies that show how - to use tags to control access, see Control - access using IAM tags in the IAM User Guide.

  • - Cost allocation - Use tags to help track which individuals and teams - are using which Amazon Web Services resources.

    -

  • If any one of the tags is invalid or if you exceed the allowed maximum - number of tags, then the entire request fails and the resource is not created. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

- - operationId: POST_TagServerCertificate - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/TagServerCertificateRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagServerCertificate - /?Action=TagUser&Version=2010-05-08: - get: - description:

Adds one or more tags to an IAM user. If a tag with the same - key name already exists, then that tag is overwritten with the new value.

-

A tag consists of a key name and an associated value. By assigning tags - to your resources, you can do the following:

  • Administrative - grouping and discovery - Attach tags to resources to aid in organization - and search. For example, you could search for all resources with the key name - Project and the value MyImportantProject. Or search for all - resources with the key name Cost Center and the value 41200. -

  • Access control - Include tags in IAM user-based - and resource-based policies. You can use tags to restrict access to only an - IAM requesting user that has a specified tag attached. You can also restrict - access to only those resources that have a certain tag attached. For examples - of policies that show how to use tags to control access, see Control - access using IAM tags in the IAM User Guide.

  • - Cost allocation - Use tags to help track which individuals and teams - are using which Amazon Web Services resources.

    -

  • If any one of the tags is invalid or if you exceed the allowed maximum - number of tags, then the entire request fails and the resource is not created. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

-

For more information about tagging, see Tagging - IAM identities in the IAM User Guide.

- operationId: GET_TagUser - parameters: - - description: '

The name of the IAM user to which you want to add tags.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: The list of tags that you want to attach to the IAM user. Each - tag consists of a key name and an associated value. - in: query - name: Tags - required: true - schema: + x-insertionOrder: false items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagUser - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Adds one or more tags to an IAM user. If a tag with the same - key name already exists, then that tag is overwritten with the new value.

-

A tag consists of a key name and an associated value. By assigning tags - to your resources, you can do the following:

  • Administrative - grouping and discovery - Attach tags to resources to aid in organization - and search. For example, you could search for all resources with the key name - Project and the value MyImportantProject. Or search for all - resources with the key name Cost Center and the value 41200. -

  • Access control - Include tags in IAM user-based - and resource-based policies. You can use tags to restrict access to only an - IAM requesting user that has a specified tag attached. You can also restrict - access to only those resources that have a certain tag attached. For examples - of policies that show how to use tags to control access, see Control - access using IAM tags in the IAM User Guide.

  • - Cost allocation - Use tags to help track which individuals and teams - are using which Amazon Web Services resources.

    -

  • If any one of the tags is invalid or if you exceed the allowed maximum - number of tags, then the entire request fails and the resource is not created. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

  • Amazon Web - Services always interprets the tag Value as a single string. - If you need to store an array, you can store comma-separated values in the - string. However, you must interpret the value in your code.

-

For more information about tagging, see Tagging - IAM identities in the IAM User Guide.

- operationId: POST_TagUser - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/TagUserRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: TagUser - /?Action=UntagInstanceProfile&Version=2010-05-08: - get: - description: Removes the specified tags from the IAM instance profile. For more - information about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: GET_UntagInstanceProfile - parameters: - - description: '

The name of the IAM instance profile from which you want - to remove tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: InstanceProfileName - required: true - schema: - maxLength: 128 + minLength: 1 + maxLength: 255 + type: string + Url: minLength: 1 - pattern: '[\w+=,.@-]+' + maxLength: 255 type: string - - description: A list of key names as a simple array of strings. The tags with - matching keys are removed from the specified instance profile. - in: query - name: TagKeys - required: true - schema: - items: - allOf: - - $ref: '#/components/schemas/tagKeyType' - - xml: - name: member - maxItems: 50 + ThumbprintList: type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagInstanceProfile - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Removes the specified tags from the IAM instance profile. For more - information about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: POST_UntagInstanceProfile - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UntagInstanceProfileRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagInstanceProfile - /?Action=UntagMFADevice&Version=2010-05-08: - get: - description: Removes the specified tags from the IAM virtual multi-factor authentication - (MFA) device. For more information about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: GET_UntagMFADevice - parameters: - - description: '

The unique identifier for the IAM virtual MFA device from - which you want to remove tags. For virtual MFA devices, the serial number - is the same as the ARN.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: SerialNumber - required: true - schema: - maxLength: 256 - minLength: 9 - pattern: '[\w+=/:,.@-]+' - type: string - - description: A list of key names as a simple array of strings. The tags with - matching keys are removed from the specified instance profile. - in: query - name: TagKeys - required: true - schema: + x-insertionOrder: false items: - allOf: - - $ref: '#/components/schemas/tagKeyType' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagMFADevice - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Removes the specified tags from the IAM virtual multi-factor authentication - (MFA) device. For more information about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: POST_UntagMFADevice - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UntagMFADeviceRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagMFADevice - /?Action=UntagOpenIDConnectProvider&Version=2010-05-08: - get: - description: Removes the specified tags from the specified OpenID Connect (OIDC)-compatible - identity provider in IAM. For more information about OIDC providers, see About - web identity federation. For more information about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: GET_UntagOpenIDConnectProvider - parameters: - - description: '

The ARN of the OIDC provider in IAM from which you want to - remove tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: OpenIDConnectProviderArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 + minLength: 40 + maxLength: 40 + pattern: '[0-9A-Fa-f]{40}' + type: string + maxItems: 5 + Arn: + description: Amazon Resource Name (ARN) of the OIDC provider minLength: 20 - type: string - - description: A list of key names as a simple array of strings. The tags with - matching keys are removed from the specified OIDC provider. - in: query - name: TagKeys - required: true - schema: - items: - allOf: - - $ref: '#/components/schemas/tagKeyType' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagOpenIDConnectProvider - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Removes the specified tags from the specified OpenID Connect (OIDC)-compatible - identity provider in IAM. For more information about OIDC providers, see About - web identity federation. For more information about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: POST_UntagOpenIDConnectProvider - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UntagOpenIDConnectProviderRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagOpenIDConnectProvider - /?Action=UntagPolicy&Version=2010-05-08: - get: - description: Removes the specified tags from the customer managed policy. For - more information about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: GET_UntagPolicy - parameters: - - description: '

The ARN of the IAM customer managed policy from which you - want to remove tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: PolicyArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

maxLength: 2048 - minLength: 20 type: string - - description: A list of key names as a simple array of strings. The tags with - matching keys are removed from the specified policy. - in: query - name: TagKeys - required: true - schema: - items: - allOf: - - $ref: '#/components/schemas/tagKeyType' - - xml: - name: member - maxItems: 50 + Tags: type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Removes the specified tags from the customer managed policy. For - more information about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: POST_UntagPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UntagPolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagPolicy - /?Action=UntagRole&Version=2010-05-08: - get: - description: Removes the specified tags from the role. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: GET_UntagRole - parameters: - - description: '

The name of the IAM role from which you want to remove tags.

-

This parameter accepts (through its regex - pattern) a string of characters that consist of upper and lowercase - alphanumeric characters with no spaces. You can also include any of the - following characters: _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description: A list of key names as a simple array of strings. The tags with - matching keys are removed from the specified role. - in: query - name: TagKeys - required: true - schema: + uniqueItems: false + x-insertionOrder: false items: - allOf: - - $ref: '#/components/schemas/tagKeyType' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagRole - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Removes the specified tags from the role. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: POST_UntagRole - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UntagRoleRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagRole - /?Action=UntagSAMLProvider&Version=2010-05-08: - get: - description: Removes the specified tags from the specified Security Assertion - Markup Language (SAML) identity provider in IAM. For more information about - these providers, see About - web identity federation. For more information about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: GET_UntagSAMLProvider - parameters: - - description: '

The ARN of the SAML identity provider in IAM from which you - want to remove tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: SAMLProviderArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 + $ref: '#/components/schemas/Tag' + required: + - ThumbprintList + x-stackql-resource-name: oidc_provider + description: Resource Type definition for AWS::IAM::OIDCProvider + x-type-name: AWS::IAM::OIDCProvider + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Url + x-read-only-properties: + - Arn + x-required-properties: + - ThumbprintList + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:CreateOpenIDConnectProvider + - iam:TagOpenIDConnectProvider + - iam:GetOpenIDConnectProvider + read: + - iam:GetOpenIDConnectProvider + update: + - iam:UpdateOpenIDConnectProviderThumbprint + - iam:RemoveClientIDFromOpenIDConnectProvider + - iam:AddClientIDToOpenIDConnectProvider + - iam:GetOpenIDConnectProvider + - iam:TagOpenIDConnectProvider + - iam:UntagOpenIDConnectProvider + - iam:ListOpenIDConnectProviderTags + delete: + - iam:DeleteOpenIDConnectProvider + list: + - iam:ListOpenIDConnectProvider + - iam:GetOpenIDConnectProvider + Role: + type: object + properties: + Arn: + description: '' type: string - - description: A list of key names as a simple array of strings. The tags with - matching keys are removed from the specified SAML identity provider. - in: query - name: TagKeys - required: true - schema: - items: - allOf: - - $ref: '#/components/schemas/tagKeyType' - - xml: - name: member - maxItems: 50 - type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagSAMLProvider - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Removes the specified tags from the specified Security Assertion - Markup Language (SAML) identity provider in IAM. For more information about - these providers, see About - web identity federation. For more information about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: POST_UntagSAMLProvider - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UntagSAMLProviderRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagSAMLProvider - /?Action=UntagServerCertificate&Version=2010-05-08: - get: - description:

Removes the specified tags from the IAM server certificate. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

For certificates - in a Region supported by Certificate Manager (ACM), we recommend that you - don't use IAM server certificates. Instead, use ACM to provision, manage, - and deploy your server certificates. For more information about IAM server - certificates, Working - with server certificates in the IAM User Guide.

 - operationId: GET_UntagServerCertificate - parameters: - - description: '

The name of the IAM server certificate from which you want - to remove tags.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: ServerCertificateName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' + AssumeRolePolicyDocument: + description: >- + The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples). For more information about the elements that you can use in an IAM policy, see [Policy Elements + Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *User Guide*. + type: object + Description: + description: A description of the role that you provide. type: string - - description: A list of key names as a simple array of strings. The tags with - matching keys are removed from the specified IAM server certificate. - in: query - name: TagKeys - required: true - schema: - items: - allOf: - - $ref: '#/components/schemas/tagKeyType' - - xml: - name: member - maxItems: 50 + ManagedPolicyArns: + description: |- + A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role. + For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagServerCertificate - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Removes the specified tags from the IAM server certificate. - For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

For certificates - in a Region supported by Certificate Manager (ACM), we recommend that you - don't use IAM server certificates. Instead, use ACM to provision, manage, - and deploy your server certificates. For more information about IAM server - certificates, Working - with server certificates in the IAM User Guide.

 - operationId: POST_UntagServerCertificate - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UntagServerCertificateRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagServerCertificate - /?Action=UntagUser&Version=2010-05-08: - get: - description: Removes the specified tags from the user. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: GET_UntagUser - parameters: - - description: '

The name of the IAM user from which you want to remove tags.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' + uniqueItems: true + x-insertionOrder: false + items: + type: string + MaxSessionDuration: + description: |- + The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours. + Anyone who assumes the role from the CLI or API can use the ``DurationSeconds`` API parameter or the ``duration-seconds`` CLI parameter to request a longer session. The ``MaxSessionDuration`` setting determines the maximum duration that can be requested using the ``DurationSeconds`` parameter. If users don't specify a value for the ``DurationSeconds`` parameter, their security credentials are valid for one hour by default. This applies when you use the ``AssumeRole*`` API operations or the ``assume-role*`` CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*. + type: integer + Path: + description: |- + The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. + This parameter is optional. If it is not included, it defaults to a slash (/). + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. + default: / type: string - - description: A list of key names as a simple array of strings. The tags with - matching keys are removed from the specified user. - in: query - name: TagKeys - required: true - schema: + PermissionsBoundary: + description: |- + The ARN of the policy used to set the permissions boundary for the role. + For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*. + type: string + Policies: + description: |- + Adds or updates an inline policy document that is embedded in the specified IAM role. + When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html). + A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*. + For information about limits on the number of inline policies that you can embed with a role, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. + If an external policy (such as ``AWS::IAM::Policy`` or + type: array + x-insertionOrder: false + uniqueItems: false items: - allOf: - - $ref: '#/components/schemas/tagKeyType' - - xml: - name: member - maxItems: 50 + $ref: '#/components/schemas/Policy' + RoleId: + description: '' + type: string + RoleName: + description: |- + A name for the IAM role, up to 64 characters in length. For valid values, see the ``RoleName`` parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*. + This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1". + If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name. + If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/Use + type: string + Tags: + description: A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*. type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagUser - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Removes the specified tags from the user. For more information - about tagging, see Tagging - IAM resources in the IAM User Guide. - operationId: POST_UntagUser - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UntagUserRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UntagUser - /?Action=UpdateAccessKey&Version=2010-05-08: - get: - description:

Changes the status of the specified access key from Active to - Inactive, or vice versa. This operation can be used to disable a user's key - as part of a key rotation workflow.

If the UserName is - not specified, the user name is determined implicitly based on the Amazon - Web Services access key ID used to sign the request. This operation works - for access keys under the Amazon Web Services account. Consequently, you can - use this operation to manage Amazon Web Services account root user credentials - even if the Amazon Web Services account has no associated users.

For - information about rotating keys, see Managing - keys and certificates in the IAM User Guide.

- operationId: GET_UpdateAccessKey - parameters: - - description: '

The name of the user whose key you want to update.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: false - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - AssumeRolePolicyDocument + x-stackql-resource-name: role + description: |- + Creates a new role for your AWS-account. + For more information about roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *IAM User Guide*. For information about quotas for role names and the number of roles you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. + x-type-name: AWS::IAM::Role + x-stackql-primary-identifier: + - RoleName + x-create-only-properties: + - Path + - RoleName + x-read-only-properties: + - Arn + - RoleId + x-required-properties: + - AssumeRolePolicyDocument + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:CreateRole + - iam:PutRolePolicy + - iam:AttachRolePolicy + - iam:GetRolePolicy + - iam:TagRole + - iam:UntagRole + - iam:GetRole + read: + - iam:GetRole + - iam:ListAttachedRolePolicies + - iam:ListRolePolicies + - iam:GetRolePolicy + update: + - iam:UpdateRole + - iam:UpdateRoleDescription + - iam:UpdateAssumeRolePolicy + - iam:DetachRolePolicy + - iam:AttachRolePolicy + - iam:DeleteRolePermissionsBoundary + - iam:PutRolePermissionsBoundary + - iam:DeleteRolePolicy + - iam:PutRolePolicy + - iam:TagRole + - iam:UntagRole + delete: + - iam:DeleteRole + - iam:DetachRolePolicy + - iam:DeleteRolePolicy + - iam:GetRole + - iam:ListAttachedRolePolicies + - iam:ListRolePolicies + - iam:TagRole + - iam:UntagRole + list: + - iam:ListRoles + RolePolicy: + type: object + properties: + PolicyDocument: + description: |- + The policy document. + You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. + The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range + + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) + + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) + type: object + PolicyName: + description: |- + The name of the policy document. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- type: string - - description:

The access key ID of the secret access key you want to update.

-

This parameter allows (through its regex - pattern) a string of characters that can consist of any upper or lowercased - letter or digit.

- in: query - name: AccessKeyId - required: true - schema: + RoleName: + description: |- + The name of the role to associate the policy with. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + type: string + required: + - PolicyName + - RoleName + x-stackql-resource-name: role_policy + description: |- + Adds or updates an inline policy document that is embedded in the specified IAM role. + When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html). You can update a role's trust policy using [UpdateAssumeRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html). For information about roles, see [roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) in the *IAM User Guide*. + A role can also have a managed policy attached to it. To attach a managed policy to a role, use [AWS::IAM::Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. + For information about the maximum number of inline policies that you can embed with a role, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. + x-type-name: AWS::IAM::RolePolicy + x-stackql-primary-identifier: + - PolicyName + - RoleName + x-create-only-properties: + - PolicyName + - RoleName + x-required-properties: + - PolicyName + - RoleName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:PutRolePolicy + - iam:GetRolePolicy + read: + - iam:GetRolePolicy + update: + - iam:PutRolePolicy + - iam:GetRolePolicy + delete: + - iam:DeleteRolePolicy + - iam:GetRolePolicy + SAMLProvider: + type: object + properties: + Name: + minLength: 1 maxLength: 128 - minLength: 16 - pattern: '[\w]+' + pattern: '[\w._-]+' type: string - - description: ' The status you want to assign to the secret access key. Active - means that the key can be used for programmatic calls to Amazon Web Services, - while Inactive means that the key cannot be used.' - in: query - name: Status - required: true - schema: - enum: - - Active - - Inactive + SamlMetadataDocument: + minLength: 1000 + maxLength: 10000000 type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateAccessKey - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Changes the status of the specified access key from Active to - Inactive, or vice versa. This operation can be used to disable a user's key - as part of a key rotation workflow.

If the UserName is - not specified, the user name is determined implicitly based on the Amazon - Web Services access key ID used to sign the request. This operation works - for access keys under the Amazon Web Services account. Consequently, you can - use this operation to manage Amazon Web Services account root user credentials - even if the Amazon Web Services account has no associated users.

For - information about rotating keys, see Managing - keys and certificates in the IAM User Guide.

- operationId: POST_UpdateAccessKey - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateAccessKeyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateAccessKey - /?Action=UpdateAccountPasswordPolicy&Version=2010-05-08: - get: - description:

Updates the password policy settings for the Amazon Web Services - account.

This operation does not support partial updates. No - parameters are required, but if you do not specify a parameter, that parameter's - value reverts to its default value. See the Request Parameters section - for each parameter's default value. Also note that some parameters do not - allow the default parameter to be explicitly set. Instead, to invoke the default - value, do not include that parameter when you invoke the operation.

 -

For more information about using a password policy, see Managing - an IAM password policy in the IAM User Guide.

- operationId: GET_UpdateAccountPasswordPolicy - parameters: - - description:

The minimum number of characters allowed in an IAM user password.

-

If you do not specify a value for this parameter, then the operation - uses the default value of 6.

- in: query - name: MinimumPasswordLength - required: false - schema: - maximum: 128 - minimum: 6 - type: integer - - description: '

Specifies whether IAM user passwords must contain at least - one of the following non-alphanumeric characters:

! @ # $ % ^ & - * ( ) _ + - = [ ] { } | ''

If you do not specify a value for this - parameter, then the operation uses the default value of false. - The result is that passwords do not require at least one symbol character.

' - in: query - name: RequireSymbols - required: false - schema: - type: boolean - - description:

Specifies whether IAM user passwords must contain at least - one numeric character (0 to 9).

If you do not specify a value for - this parameter, then the operation uses the default value of false. - The result is that passwords do not require at least one numeric character.

- in: query - name: RequireNumbers - required: false - schema: - type: boolean - - description:

Specifies whether IAM user passwords must contain at least - one uppercase character from the ISO basic Latin alphabet (A to Z).

-

If you do not specify a value for this parameter, then the operation - uses the default value of false. The result is that passwords - do not require at least one uppercase character.

- in: query - name: RequireUppercaseCharacters - required: false - schema: - type: boolean - - description:

Specifies whether IAM user passwords must contain at least - one lowercase character from the ISO basic Latin alphabet (a to z).

-

If you do not specify a value for this parameter, then the operation - uses the default value of false. The result is that passwords - do not require at least one lowercase character.

- in: query - name: RequireLowercaseCharacters - required: false - schema: - type: boolean - - description:

Allows all IAM users in your account to use the Amazon Web - Services Management Console to change their own passwords. For more information, - see Permitting - IAM users to change their own passwords in the IAM User Guide.

-

If you do not specify a value for this parameter, then the operation - uses the default value of false. The result is that IAM users - in the account do not automatically have permissions to change their own - password.

- in: query - name: AllowUsersToChangePassword - required: false - schema: - type: boolean - - description:

The number of days that an IAM user password is valid.

-

If you do not specify a value for this parameter, then the operation - uses the default value of 0. The result is that IAM user passwords - never expire.

- in: query - name: MaxPasswordAge - required: false - schema: - maximum: 1095 - minimum: 1 - type: integer - - description:

Specifies the number of previous passwords that IAM users - are prevented from reusing.

If you do not specify a value for this - parameter, then the operation uses the default value of 0. - The result is that IAM users are not prevented from reusing previous passwords.

- in: query - name: PasswordReusePrevention - required: false - schema: - maximum: 24 - minimum: 1 - type: integer - - description:

Prevents IAM users who are accessing the account via the - Amazon Web Services Management Console from setting a new console password - after their password has expired. The IAM user cannot access the console - until an administrator resets the password.

If you do not specify - a value for this parameter, then the operation uses the default value of - false. The result is that IAM users can change their passwords - after they expire and continue to sign in as the user.

In - the Amazon Web Services Management Console, the custom password policy option - Allow users to change their own password gives IAM users permissions - to iam:ChangePassword for only their user and to the iam:GetAccountPasswordPolicy - action. This option does not attach a permissions policy to each user, rather - the permissions are applied at the account-level for all users by IAM. IAM - users with iam:ChangePassword permission and active access - keys can reset their own expired console password using the CLI or API.

- - in: query - name: HardExpiry - required: false - schema: - type: boolean - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateAccountPasswordPolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Updates the password policy settings for the Amazon Web Services - account.

This operation does not support partial updates. No - parameters are required, but if you do not specify a parameter, that parameter's - value reverts to its default value. See the Request Parameters section - for each parameter's default value. Also note that some parameters do not - allow the default parameter to be explicitly set. Instead, to invoke the default - value, do not include that parameter when you invoke the operation.

 -

For more information about using a password policy, see Managing - an IAM password policy in the IAM User Guide.

- operationId: POST_UpdateAccountPasswordPolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateAccountPasswordPolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateAccountPasswordPolicy - /?Action=UpdateAssumeRolePolicy&Version=2010-05-08: - get: - description: Updates the policy that grants an IAM entity permission to assume - a role. This is typically referred to as the "role trust policy". For more - information about roles, see Using - roles to delegate permissions and federate identities. - operationId: GET_UpdateAssumeRolePolicy - parameters: - - description: '

The name of the role to update with the new policy.

This - parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: RoleName - required: true - schema: - maxLength: 64 + Arn: + description: Amazon Resource Name (ARN) of the SAML provider minLength: 1 - pattern: '[\w+=,.@-]+' + maxLength: 1600 type: string - - description:

The policy that grants an entity permission to assume the - role.

You must provide policies in JSON format in IAM. However, for - CloudFormation templates formatted in YAML, you can provide the policy in - JSON or YAML format. CloudFormation always converts a YAML policy to JSON - format before submitting it to IAM.

The regex - pattern used to validate this parameter is a string of characters consisting - of the following:

  • Any printable ASCII character ranging - from the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line feed - (\u000A), and carriage return (\u000D)

    • -
- in: query - name: PolicyDocument - required: true - schema: - maxLength: 131072 + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - SamlMetadataDocument + x-stackql-resource-name: saml_provider + description: Resource Type definition for AWS::IAM::SAMLProvider + x-type-name: AWS::IAM::SAMLProvider + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - SamlMetadataDocument + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:CreateSAMLProvider + - iam:GetSAMLProvider + - iam:TagSAMLProvider + read: + - iam:GetSAMLProvider + update: + - iam:UpdateSAMLProvider + - iam:GetSAMLProvider + - iam:TagSAMLProvider + - iam:ListSAMLProviderTags + - iam:UntagSAMLProvider + delete: + - iam:DeleteSAMLProvider + list: + - iam:ListSAMLProviders + - iam:GetSAMLProvider + ServerCertificate: + type: object + properties: + CertificateBody: minLength: 1 + maxLength: 16384 pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateAssumeRolePolicy - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Updates the policy that grants an IAM entity permission to assume - a role. This is typically referred to as the "role trust policy". For more - information about roles, see Using - roles to delegate permissions and federate identities. - operationId: POST_UpdateAssumeRolePolicy - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateAssumeRolePolicyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedPolicyDocumentException' - description: MalformedPolicyDocumentException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateAssumeRolePolicy - /?Action=UpdateGroup&Version=2010-05-08: - get: - description:

Updates the name and/or the path of the specified IAM group.

-

You should understand the implications of changing a group's - path or name. For more information, see Renaming - users and groups in the IAM User Guide.

 -

The person making the request (the principal), must have permission to - change the role group with the old name and the new name. For example, to - change the group named Managers to MGRs, the principal - must have a policy that allows them to update both groups. If the principal - has permission to update the Managers group, but not the MGRs - group, then the update fails. For more information about permissions, see - Access - management.

- operationId: GET_UpdateGroup - parameters: - - description: '

Name of the IAM group to update. If you''re changing the - name of the group, this is the original name.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: GroupName - required: true - schema: - maxLength: 128 + CertificateChain: minLength: 1 - pattern: '[\w+=,.@-]+' + maxLength: 2097152 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' type: string - - description:

New path for the IAM group. Only include this if changing - the group's path.

This parameter allows (through its regex - pattern) a string of characters consisting of either a forward slash - (/) by itself or a string that must begin and end with forward slashes. - In addition, it can contain any ASCII character from the ! (\u0021) - through the DEL character (\u007F), including most punctuation - characters, digits, and upper and lowercased letters.

- in: query - name: NewPath - required: false - schema: - maxLength: 512 + ServerCertificateName: minLength: 1 - pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) - type: string - - description:

New name for the IAM group. Only include this if changing - the group's name.

IAM user, group, role, and policy names must be - unique within the account. Names are not distinguished by case. For example, - you cannot create resources named both "MyResource" and "myresource".

- in: query - name: NewGroupName - required: false - schema: maxLength: 128 - minLength: 1 pattern: '[\w+=,.@-]+' type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateGroup - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Updates the name and/or the path of the specified IAM group.

-

You should understand the implications of changing a group's - path or name. For more information, see Renaming - users and groups in the IAM User Guide.

 -

The person making the request (the principal), must have permission to - change the role group with the old name and the new name. For example, to - change the group named Managers to MGRs, the principal - must have a policy that allows them to update both groups. If the principal - has permission to update the Managers group, but not the MGRs - group, then the update fails. For more information about permissions, see - Access - management.

- operationId: POST_UpdateGroup - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateGroupRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateGroup - /?Action=UpdateLoginProfile&Version=2010-05-08: - get: - description:

Changes the password for the specified IAM user. You can use - the CLI, the Amazon Web Services API, or the Users page in the IAM - console to change the password for any IAM user. Use ChangePassword - to change your own password in the My Security Credentials page in - the Amazon Web Services Management Console.

For more information about - modifying passwords, see Managing - passwords in the IAM User Guide.

- operationId: GET_UpdateLoginProfile - parameters: - - description: '

The name of the user whose password you want to update.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 64 + Path: minLength: 1 - pattern: '[\w+=,.@-]+' + maxLength: 512 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) type: string - - description:

The new password for the specified IAM user.

The regex pattern used to validate - this parameter is a string of characters consisting of the following:

-

  • Any printable ASCII character ranging from the space character - (\u0020) through the end of the ASCII character range

    • -

  • The printable characters in the Basic Latin and Latin-1 Supplement - character set (through \u00FF)

  • The special - characters tab (\u0009), line feed (\u000A), and - carriage return (\u000D)

However, the format - can be further restricted by the account administrator by setting a password - policy on the Amazon Web Services account. For more information, see UpdateAccountPasswordPolicy.

- in: query - name: Password - required: false - schema: - format: password - maxLength: 128 + PrivateKey: minLength: 1 + maxLength: 16384 pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' type: string - - description: Allows this new password to be used only once by requiring the - specified IAM user to set a new password on next sign-in. - in: query - name: PasswordResetRequired - required: false - schema: - type: boolean - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' - description: EntityTemporarilyUnmodifiableException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/PasswordPolicyViolationException' - description: PasswordPolicyViolationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateLoginProfile - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Changes the password for the specified IAM user. You can use - the CLI, the Amazon Web Services API, or the Users page in the IAM - console to change the password for any IAM user. Use ChangePassword - to change your own password in the My Security Credentials page in - the Amazon Web Services Management Console.

For more information about - modifying passwords, see Managing - passwords in the IAM User Guide.

- operationId: POST_UpdateLoginProfile - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateLoginProfileRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' - description: EntityTemporarilyUnmodifiableException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/PasswordPolicyViolationException' - description: PasswordPolicyViolationException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateLoginProfile - /?Action=UpdateOpenIDConnectProviderThumbprint&Version=2010-05-08: - get: - description:

Replaces the existing list of server certificate thumbprints - associated with an OpenID Connect (OIDC) provider resource object with a new - list of thumbprints.

The list that you pass with this operation completely - replaces the existing list of thumbprints. (The lists are not merged.)

-

Typically, you need to update a thumbprint only when the identity provider - certificate changes, which occurs rarely. However, if the provider's certificate - does change, any attempt to assume an IAM role that specifies the OIDC - provider as a principal fails until the certificate thumbprint is updated.

-

Amazon Web Services secures communication with some OIDC identity - providers (IdPs) through our library of trusted certificate authorities (CAs) - instead of using a certificate thumbprint to verify your IdP server certificate. - These OIDC IdPs include Google, and those that use an Amazon S3 bucket to - host a JSON Web Key Set (JWKS) endpoint. In these cases, your legacy thumbprint - remains in your configuration, but is no longer used for validation.

 -

Trust for the OIDC provider is derived from the provider certificate - and is validated by the thumbprint. Therefore, it is best to limit access - to the UpdateOpenIDConnectProviderThumbprint operation to highly - privileged users.

 - operationId: GET_UpdateOpenIDConnectProviderThumbprint - parameters: - - description:

The Amazon Resource Name (ARN) of the IAM OIDC provider resource - object for which you want to update the thumbprint. You can get a list of - OIDC provider ARNs by using the ListOpenIDConnectProviders operation.

-

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: OpenIDConnectProviderArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 - type: string - - description: 'A list of certificate thumbprints that are associated with the - specified IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider. ' - in: query - name: ThumbprintList - required: true - schema: - description: Contains a list of thumbprints of identity provider server - certificates. - items: - allOf: - - $ref: '#/components/schemas/thumbprintType' - - xml: - name: member - type: array - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateOpenIDConnectProviderThumbprint - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Replaces the existing list of server certificate thumbprints - associated with an OpenID Connect (OIDC) provider resource object with a new - list of thumbprints.

The list that you pass with this operation completely - replaces the existing list of thumbprints. (The lists are not merged.)

-

Typically, you need to update a thumbprint only when the identity provider - certificate changes, which occurs rarely. However, if the provider's certificate - does change, any attempt to assume an IAM role that specifies the OIDC - provider as a principal fails until the certificate thumbprint is updated.

-

Amazon Web Services secures communication with some OIDC identity - providers (IdPs) through our library of trusted certificate authorities (CAs) - instead of using a certificate thumbprint to verify your IdP server certificate. - These OIDC IdPs include Google, and those that use an Amazon S3 bucket to - host a JSON Web Key Set (JWKS) endpoint. In these cases, your legacy thumbprint - remains in your configuration, but is no longer used for validation.

 -

Trust for the OIDC provider is derived from the provider certificate - and is validated by the thumbprint. Therefore, it is best to limit access - to the UpdateOpenIDConnectProviderThumbprint operation to highly - privileged users.

 - operationId: POST_UpdateOpenIDConnectProviderThumbprint - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateOpenIDConnectProviderThumbprintRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateOpenIDConnectProviderThumbprint - /?Action=UpdateRole&Version=2010-05-08: - get: - description: Updates the description or maximum session duration setting of - a role. - operationId: GET_UpdateRole - parameters: - - description: The name of the role that you want to modify. - in: query - name: RoleName - required: true - schema: - maxLength: 64 + Arn: + description: Amazon Resource Name (ARN) of the server certificate minLength: 1 - pattern: '[\w+=,.@-]+' + maxLength: 1600 type: string - - description: The new description that you want to apply to the specified role. - in: query - name: Description - required: false - schema: - maxLength: 1000 - pattern: '[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}]*' - type: string - - description:

The maximum session duration (in seconds) that you want to - set for the specified role. If you do not specify a value for this setting, - the default maximum of one hour is applied. This setting can have a value - from 1 hour to 12 hours.

Anyone who assumes the role from the CLI - or API can use the DurationSeconds API parameter or the duration-seconds - CLI parameter to request a longer session. The MaxSessionDuration - setting determines the maximum duration that can be requested using the - DurationSeconds parameter. If users don't specify a value for - the DurationSeconds parameter, their security credentials are - valid for one hour by default. This applies when you use the AssumeRole* - API operations or the assume-role* CLI operations but does - not apply when you use those operations to create a console URL. For more - information, see Using - IAM roles in the IAM User Guide.

- in: query - name: MaxSessionDuration - required: false - schema: - maximum: 43200 - minimum: 3600 - type: integer - responses: - '200': - content: - text/xml: - schema: - properties: - UpdateRoleResult: - $ref: '#/components/schemas/UpdateRoleResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateRole - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Updates the description or maximum session duration setting of - a role. - operationId: POST_UpdateRole - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateRoleRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - UpdateRoleResult: - $ref: '#/components/schemas/UpdateRoleResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateRole - /?Action=UpdateRoleDescription&Version=2010-05-08: - get: - description:

Use UpdateRole instead.

Modifies only the description - of a role. This operation performs the same function as the Description - parameter in the UpdateRole operation.

- operationId: GET_UpdateRoleDescription - parameters: - - description: The name of the role that you want to modify. - in: query - name: RoleName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: server_certificate + description: Resource Type definition for AWS::IAM::ServerCertificate + x-type-name: AWS::IAM::ServerCertificate + x-stackql-primary-identifier: + - ServerCertificateName + x-create-only-properties: + - ServerCertificateName + - PrivateKey + - CertificateBody + - CertificateChain + x-write-only-properties: + - PrivateKey + - CertificateBody + - CertificateChain + x-read-only-properties: + - Arn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:UploadServerCertificate + - iam:TagServerCertificate + - iam:GetServerCertificate + read: + - iam:GetServerCertificate + update: + - iam:TagServerCertificate + - iam:UntagServerCertificate + - iam:ListServerCertificateTags + - iam:GetServerCertificate + delete: + - iam:DeleteServerCertificate + list: + - iam:ListServerCertificates + - iam:GetServerCertificate + ServiceLinkedRole: + type: object + properties: + RoleName: + description: The name of the role. type: string - - description: The new description that you want to apply to the specified role. - in: query - name: Description - required: true - schema: - maxLength: 1000 - pattern: '[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}]*' + CustomSuffix: + description: A string that you provide, which is combined with the service-provided prefix to form the complete role name. type: string - responses: - '200': - content: - text/xml: - schema: - properties: - UpdateRoleDescriptionResult: - $ref: '#/components/schemas/UpdateRoleDescriptionResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateRoleDescription - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Use UpdateRole instead.

Modifies only the description - of a role. This operation performs the same function as the Description - parameter in the UpdateRole operation.

- operationId: POST_UpdateRoleDescription - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateRoleDescriptionRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - UpdateRoleDescriptionResult: - $ref: '#/components/schemas/UpdateRoleDescriptionResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnmodifiableEntityException' - description: UnmodifiableEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateRoleDescription - /?Action=UpdateSAMLProvider&Version=2010-05-08: - get: - description:

Updates the metadata document for an existing SAML provider - resource object.

This operation requires Signature - Version 4.

 - operationId: GET_UpdateSAMLProvider - parameters: - - description: An XML document generated by an identity provider (IdP) that - supports SAML 2.0. The document includes the issuer's name, expiration information, - and keys that can be used to validate the SAML authentication response (assertions) - that are received from the IdP. You must generate the metadata document - using the identity management software that is used as your organization's - IdP. - in: query - name: SAMLMetadataDocument - required: true - schema: - maxLength: 10000000 - minLength: 1000 + Description: + description: The description of the role. type: string - - description:

The Amazon Resource Name (ARN) of the SAML provider to update.

-

For more information about ARNs, see Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference.

- in: query - name: SAMLProviderArn - required: true - schema: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers - for Amazon Web Services resources.

For more information about ARNs, - go to Amazon - Resource Names (ARNs) in the Amazon Web Services General Reference. -

- maxLength: 2048 - minLength: 20 + AWSServiceName: + description: The service principal for the AWS service to which this role is attached. + type: string + required: [] + x-stackql-resource-name: service_linked_role + description: Resource Type definition for AWS::IAM::ServiceLinkedRole + x-type-name: AWS::IAM::ServiceLinkedRole + x-stackql-primary-identifier: + - RoleName + x-create-only-properties: + - CustomSuffix + - AWSServiceName + x-write-only-properties: + - CustomSuffix + - AWSServiceName + x-read-only-properties: + - RoleName + x-required-properties: [] + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:CreateServiceLinkedRole + - iam:GetRole + read: + - iam:GetRole + update: + - iam:UpdateRole + - iam:GetRole + delete: + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + - iam:GetRole + LoginProfile: + description: Creates a password for the specified user, giving the user the ability to access AWS services through the console. For more information about managing passwords, see [Managing Passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*. + type: object + additionalProperties: false + properties: + PasswordResetRequired: + description: Specifies whether the user is required to set a new password on next sign-in. + type: boolean + Password: + description: The user's password. type: string - responses: - '200': - content: - text/xml: - schema: - properties: - UpdateSAMLProviderResult: - $ref: '#/components/schemas/UpdateSAMLProviderResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateSAMLProvider - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Updates the metadata document for an existing SAML provider - resource object.

This operation requires Signature - Version 4.

 - operationId: POST_UpdateSAMLProvider - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateSAMLProviderRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - UpdateSAMLProviderResult: - $ref: '#/components/schemas/UpdateSAMLProviderResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateSAMLProvider - /?Action=UpdateSSHPublicKey&Version=2010-05-08: - get: - description:

Sets the status of an IAM user's SSH public key to active or - inactive. SSH public keys that are inactive cannot be used for authentication. - This operation can be used to disable a user's SSH public key as part of a - key rotation work flow.

The SSH public key affected by this operation - is used only for authenticating the associated IAM user to an CodeCommit repository. - For more information about using SSH keys to authenticate to an CodeCommit - repository, see Set - up CodeCommit for SSH connections in the CodeCommit User Guide.

- operationId: GET_UpdateSSHPublicKey - parameters: - - description: '

The name of the IAM user associated with the SSH public key.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' + required: + - Password + User: + type: object + properties: + Path: + description: |- + The path for the user name. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. + This parameter is optional. If it is not included, it defaults to a slash (/). + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. + type: string + ManagedPolicyArns: + description: |- + A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user. + For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Policies: + description: |- + Adds or updates an inline policy document that is embedded in the specified IAM user. To view AWS::IAM::User snippets, see [Declaring an User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user). + The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail. + For information about limits on the number of inline policies that you can embed in a user, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Policy' + UserName: + description: |- + The name of the user to create. Do not include the path in this value. + This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both "John" and "john". + If you don't specify a name, CFN generates a unique physical ID and uses that ID for the user name. + If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). + Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. type: string - - description:

The unique identifier for the SSH public key.

This - parameter allows (through its regex - pattern) a string of characters that can consist of any upper or lowercased - letter or digit.

- in: query - name: SSHPublicKeyId - required: true - schema: - maxLength: 128 - minLength: 20 - pattern: '[\w]+' + Groups: + description: A list of group names to which you want to add the user. + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + Arn: + description: '' type: string - - description: The status to assign to the SSH public key. Active - means that the key can be used for authentication with an CodeCommit repository. - Inactive means that the key cannot be used. - in: query - name: Status - required: true - schema: - enum: - - Active - - Inactive + LoginProfile: + description: |- + Creates a password for the specified IAM user. A password allows an IAM user to access AWS services through the console. + You can use the CLI, the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the console. + For more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*. + $ref: '#/components/schemas/LoginProfile' + Tags: + description: |- + A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*. + If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + PermissionsBoundary: + description: |- + The ARN of the managed policy that is used to set the permissions boundary for the user. + A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*. + For more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide*. + type: string + x-stackql-resource-name: user + description: |- + Creates a new IAM user for your AWS-account. + For information about quotas for the number of IAM users you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. + x-type-name: AWS::IAM::User + x-stackql-primary-identifier: + - UserName + x-create-only-properties: + - UserName + x-write-only-properties: + - LoginProfile/Password + x-read-only-properties: + - Arn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:CreateLoginProfile + - iam:AddUserToGroup + - iam:PutUserPolicy + - iam:AttachUserPolicy + - iam:CreateUser + - iam:GetUser + - iam:TagUser + read: + - iam:GetUserPolicy + - iam:ListGroupsForUser + - iam:ListAttachedUserPolicies + - iam:ListUserPolicies + - iam:GetUser + - iam:GetLoginProfile + update: + - iam:UpdateLoginProfile + - iam:UpdateUser + - iam:PutUserPermissionsBoundary + - iam:AttachUserPolicy + - iam:DeleteUserPolicy + - iam:DeleteUserPermissionsBoundary + - iam:TagUser + - iam:UntagUser + - iam:CreateLoginProfile + - iam:RemoveUserFromGroup + - iam:AddUserToGroup + - iam:PutUserPolicy + - iam:DetachUserPolicy + - iam:GetLoginProfile + - iam:DeleteLoginProfile + - iam:GetUser + - iam:ListUserTags + delete: + - iam:DeleteAccessKey + - iam:RemoveUserFromGroup + - iam:DeleteUserPolicy + - iam:DeleteUser + - iam:DetachUserPolicy + - iam:DeleteLoginProfile + - iam:ListAccessKeys + - iam:GetUserPolicy + - iam:ListGroupsForUser + - iam:ListAttachedUserPolicies + - iam:ListUserPolicies + - iam:GetUser + - iam:GetLoginProfile + list: + - iam:listUsers + UserPolicy: + type: object + properties: + PolicyDocument: + description: |- + The policy document. + You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. + The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range + + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) + + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) + type: object + PolicyName: + description: |- + The name of the policy document. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: UpdateSSHPublicKey - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Sets the status of an IAM user's SSH public key to active or - inactive. SSH public keys that are inactive cannot be used for authentication. - This operation can be used to disable a user's SSH public key as part of a - key rotation work flow.

The SSH public key affected by this operation - is used only for authenticating the associated IAM user to an CodeCommit repository. - For more information about using SSH keys to authenticate to an CodeCommit - repository, see Set - up CodeCommit for SSH connections in the CodeCommit User Guide.

- operationId: POST_UpdateSSHPublicKey - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateSSHPublicKeyRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: UpdateSSHPublicKey - /?Action=UpdateServerCertificate&Version=2010-05-08: - get: - description:

Updates the name and/or the path of the specified server certificate - stored in IAM.

For more information about working with server certificates, - see Working - with server certificates in the IAM User Guide. This topic also - includes a list of Amazon Web Services services that can use the server certificates - that you manage with IAM.

You should understand the implications - of changing a server certificate's path or name. For more information, see - Renaming - a server certificate in the IAM User Guide.

 -

The person making the request (the principal), must have permission to - change the server certificate with the old name and the new name. For example, - to change the certificate named ProductionCert to ProdCert, - the principal must have a policy that allows them to update both certificates. - If the principal has permission to update the ProductionCert - group, but not the ProdCert certificate, then the update fails. - For more information about permissions, see Access - management in the IAM User Guide.

 - operationId: GET_UpdateServerCertificate - parameters: - - description: '

The name of the server certificate that you want to update.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: ServerCertificateName - required: true - schema: - maxLength: 128 + UserName: + description: |- + The name of the user to associate the policy with. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + type: string + required: + - PolicyName + - UserName + x-stackql-resource-name: user_policy + description: |- + Adds or updates an inline policy document that is embedded in the specified IAM user. + An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use [AWS::IAM::User](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. + For information about the maximum number of inline policies that you can embed in a user, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. + x-type-name: AWS::IAM::UserPolicy + x-stackql-primary-identifier: + - PolicyName + - UserName + x-create-only-properties: + - PolicyName + - UserName + x-required-properties: + - PolicyName + - UserName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:PutUserPolicy + - iam:GetUserPolicy + read: + - iam:GetUserPolicy + update: + - iam:PutUserPolicy + - iam:GetUserPolicy + delete: + - iam:DeleteUserPolicy + - iam:GetUserPolicy + VirtualMFADevice: + type: object + properties: + VirtualMfaDeviceName: minLength: 1 + maxLength: 226 pattern: '[\w+=,.@-]+' type: string - - description:

The new path for the server certificate. Include this only - if you are updating the server certificate's path.

This parameter - allows (through its regex pattern) - a string of characters consisting of either a forward slash (/) by itself - or a string that must begin and end with forward slashes. In addition, it - can contain any ASCII character from the ! (\u0021) through - the DEL character (\u007F), including most punctuation characters, - digits, and upper and lowercased letters.

- in: query - name: NewPath - required: false - schema: - maxLength: 512 + Path: minLength: 1 + maxLength: 512 pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) type: string - - description: '

The new name for the server certificate. Include this only - if you are updating the server certificate''s name. The name of the certificate - cannot contain any spaces.

This parameter allows (through its regex pattern) a string of characters - consisting of upper and lowercase alphanumeric characters with no spaces. - You can also include any of the following characters: _+=,.@-

' - in: query - name: NewServerCertificateName - required: false - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateServerCertificate - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Updates the name and/or the path of the specified server certificate - stored in IAM.

For more information about working with server certificates, - see Working - with server certificates in the IAM User Guide. This topic also - includes a list of Amazon Web Services services that can use the server certificates - that you manage with IAM.

You should understand the implications - of changing a server certificate's path or name. For more information, see - Renaming - a server certificate in the IAM User Guide.

 -

The person making the request (the principal), must have permission to - change the server certificate with the old name and the new name. For example, - to change the certificate named ProductionCert to ProdCert, - the principal must have a policy that allows them to update both certificates. - If the principal has permission to update the ProductionCert - group, but not the ProdCert certificate, then the update fails. - For more information about permissions, see Access - management in the IAM User Guide.

 - operationId: POST_UpdateServerCertificate - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateServerCertificateRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateServerCertificate - /?Action=UpdateServiceSpecificCredential&Version=2010-05-08: - get: - description: Sets the status of a service-specific credential to Active - or Inactive. Service-specific credentials that are inactive cannot - be used for authentication to the service. This operation can be used to disable - a user's service-specific credential as part of a credential rotation work - flow. - operationId: GET_UpdateServiceSpecificCredential - parameters: - - description: '

The name of the IAM user associated with the service-specific - credential. If you do not specify this value, then the operation assumes - the user whose credentials are used to call the operation.

This parameter - allows (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: UserName - required: false - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' + SerialNumber: + minLength: 9 + maxLength: 256 + pattern: '[\w+=/:,.@-]+' type: string - - description:

The unique identifier of the service-specific credential.

-

This parameter allows (through its regex - pattern) a string of characters that can consist of any upper or lowercased - letter or digit.

- in: query - name: ServiceSpecificCredentialId - required: true - schema: - maxLength: 128 - minLength: 20 - pattern: '[\w]+' + Users: + type: array + uniqueItems: false + items: + type: string + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + required: + - Users + x-stackql-resource-name: virtualmfa_device + description: Resource Type definition for AWS::IAM::VirtualMFADevice + x-type-name: AWS::IAM::VirtualMFADevice + x-stackql-primary-identifier: + - SerialNumber + x-create-only-properties: + - VirtualMfaDeviceName + - Base32StringSeed + - Path + x-read-only-properties: + - SerialNumber + x-required-properties: + - Users + x-required-permissions: + create: + - iam:CreateVirtualMFADevice + - iam:EnableMFADevice + - iam:ListVirtualMFADevices + read: + - iam:ListVirtualMFADevices + update: + - iam:TagMFADevice + - iam:UntagMFADevice + delete: + - iam:DeleteVirtualMFADevice + - iam:DeactivateMFADevice + list: + - iam:ListVirtualMFADevices + region: + type: string + description: The AWS region (always `us-east-1` for IAM resources) + user_policies: + description: List of user policies by UserName (requires `aws` provider to be installed) + type: object + additionalProperties: false + properties: + UserName: type: string - - description: The status to be assigned to the service-specific credential. - in: query - name: Status - required: true - schema: - enum: - - Active - - Inactive + description: The IAM user name + member: type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: UpdateServiceSpecificCredential - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description: Sets the status of a service-specific credential to Active - or Inactive. Service-specific credentials that are inactive cannot - be used for authentication to the service. This operation can be used to disable - a user's service-specific credential as part of a credential rotation work - flow. - operationId: POST_UpdateServiceSpecificCredential - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateServiceSpecificCredentialRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - x-aws-operation-name: UpdateServiceSpecificCredential - /?Action=UpdateSigningCertificate&Version=2010-05-08: - get: - description:

Changes the status of the specified user signing certificate - from active to disabled, or vice versa. This operation can be used to disable - an IAM user's signing certificate as part of a certificate rotation work flow.

-

If the UserName field is not specified, the user name is determined - implicitly based on the Amazon Web Services access key ID used to sign the - request. This operation works for access keys under the Amazon Web Services - account. Consequently, you can use this operation to manage Amazon Web Services - account root user credentials even if the Amazon Web Services account has - no associated users.

- operationId: GET_UpdateSigningCertificate - parameters: - - description: '

The name of the IAM user the signing certificate belongs - to.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: false - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' + description: The user policy name + region: + $ref: '#/components/schemas/region' + x-example-where-clause: WHERE UserName = '' + group_policies: + description: List of group policies by GroupName (requires `aws` provider to be installed) + type: object + additionalProperties: false + properties: + GroupName: type: string - - description:

The ID of the signing certificate you want to update.

-

This parameter allows (through its regex - pattern) a string of characters that can consist of any upper or lowercased - letter or digit.

- in: query - name: CertificateId - required: true - schema: - maxLength: 128 - minLength: 24 - pattern: '[\w]+' + description: The IAM group name + PolicyName: type: string - - description: ' The status you want to assign to the certificate. Active - means that the certificate can be used for programmatic calls to Amazon - Web Services Inactive means that the certificate cannot be - used.' - in: query - name: Status - required: true - schema: - enum: - - Active - - Inactive + description: The group policy name + PolicyDocument: type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateSigningCertificate - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Changes the status of the specified user signing certificate - from active to disabled, or vice versa. This operation can be used to disable - an IAM user's signing certificate as part of a certificate rotation work flow.

-

If the UserName field is not specified, the user name is determined - implicitly based on the Amazon Web Services access key ID used to sign the - request. This operation works for access keys under the Amazon Web Services - account. Consequently, you can use this operation to manage Amazon Web Services - account root user credentials even if the Amazon Web Services account has - no associated users.

- operationId: POST_UpdateSigningCertificate - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateSigningCertificateRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateSigningCertificate - /?Action=UpdateUser&Version=2010-05-08: - get: - description:

Updates the name and/or the path of the specified IAM user.

-

You should understand the implications of changing an IAM - user's path or name. For more information, see Renaming - an IAM user and Renaming - an IAM group in the IAM User Guide.

- To change a user name, the requester must have appropriate permissions on - both the source object and the target object. For example, to change Bob to - Robert, the entity making the request must have permission on Bob and Robert, - or must have permission on all (*). For more information about permissions, - see Permissions - and policies.

- operationId: GET_UpdateUser - parameters: - - description: '

Name of the user to update. If you''re changing the name - of the user, this is the original user name.

This parameter allows - (through its regex pattern) - a string of characters consisting of upper and lowercase alphanumeric characters - with no spaces. You can also include any of the following characters: _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' + description: The group policy document + region: + $ref: '#/components/schemas/region' + x-example-where-clause: WHERE GroupName = '' + role_policies: + description: List of policies by RoleName (requires `aws` provider to be installed) + type: object + additionalProperties: false + properties: + RoleName: type: string - - description:

New path for the IAM user. Include this parameter only if - you're changing the user's path.

This parameter allows (through its - regex pattern) a string of - characters consisting of either a forward slash (/) by itself or a string - that must begin and end with forward slashes. In addition, it can contain - any ASCII character from the ! (\u0021) through the DEL character - (\u007F), including most punctuation characters, digits, and - upper and lowercased letters.

- in: query - name: NewPath - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + description: The IAM role name + PolicyName: type: string - - description:

New name for the user. Include this parameter only if you're - changing the user's name.

IAM user, group, role, and policy names - must be unique within the account. Names are not distinguished by case. - For example, you cannot create resources named both "MyResource" and "myresource".

- in: query - name: NewUserName - required: false - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' + description: The role policy name + PolicyDocument: type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' - description: EntityTemporarilyUnmodifiableException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateUser - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Updates the name and/or the path of the specified IAM user.

-

You should understand the implications of changing an IAM - user's path or name. For more information, see Renaming - an IAM user and Renaming - an IAM group in the IAM User Guide.

- To change a user name, the requester must have appropriate permissions on - both the source object and the target object. For example, to change Bob to - Robert, the entity making the request must have permission on Bob and Robert, - or must have permission on all (*). For more information about permissions, - see Permissions - and policies.

- operationId: POST_UpdateUser - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UpdateUserRequest' - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' - description: EntityTemporarilyUnmodifiableException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UpdateUser - /?Action=UploadSSHPublicKey&Version=2010-05-08: - get: - description:

Uploads an SSH public key and associates it with the specified - IAM user.

The SSH public key uploaded by this operation can be used - only for authenticating the associated IAM user to an CodeCommit repository. - For more information about using SSH keys to authenticate to an CodeCommit - repository, see Set - up CodeCommit for SSH connections in the CodeCommit User Guide.

- operationId: GET_UploadSSHPublicKey - parameters: - - description: '

The name of the IAM user to associate the SSH public key - with.

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: true - schema: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' + description: The role policy document + region: + $ref: '#/components/schemas/region' + x-example-where-clause: WHERE RoleName = '' + policies: + description: List of policies (requires `aws` provider to be installed) + type: object + additionalProperties: false + properties: + PolicyName: type: string - - description:

The SSH public key. The public key must be encoded in ssh-rsa - format or PEM format. The minimum bit-length of the public key is 2048 bits. - For example, you can generate a 2048-bit key, and the resulting PEM file - is 1679 bytes long.

The regex - pattern used to validate this parameter is a string of characters consisting - of the following:

  • Any printable ASCII character ranging - from the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line feed - (\u000A), and carriage return (\u000D)

    • -
- in: query - name: SSHPublicKeyBody - required: true - schema: - maxLength: 16384 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + description: The name for the policy + Arn: type: string - responses: - '200': - content: - text/xml: - schema: - properties: - UploadSSHPublicKeyResult: - $ref: '#/components/schemas/UploadSSHPublicKeyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidPublicKeyException' - description: InvalidPublicKeyException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/DuplicateSSHPublicKeyException' - description: DuplicateSSHPublicKeyException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnrecognizedPublicKeyEncodingException' - description: UnrecognizedPublicKeyEncodingException - x-aws-operation-name: UploadSSHPublicKey - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Uploads an SSH public key and associates it with the specified - IAM user.

The SSH public key uploaded by this operation can be used - only for authenticating the associated IAM user to an CodeCommit repository. - For more information about using SSH keys to authenticate to an CodeCommit - repository, see Set - up CodeCommit for SSH connections in the CodeCommit User Guide.

- operationId: POST_UploadSSHPublicKey - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UploadSSHPublicKeyRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - UploadSSHPublicKeyResult: - $ref: '#/components/schemas/UploadSSHPublicKeyResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidPublicKeyException' - description: InvalidPublicKeyException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/DuplicateSSHPublicKeyException' - description: DuplicateSSHPublicKeyException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/UnrecognizedPublicKeyEncodingException' - description: UnrecognizedPublicKeyEncodingException - x-aws-operation-name: UploadSSHPublicKey - /?Action=UploadServerCertificate&Version=2010-05-08: - get: - description:

Uploads a server certificate entity for the Amazon Web Services - account. The server certificate entity includes a public key certificate, - a private key, and an optional certificate chain, which should all be PEM-encoded.

-

We recommend that you use Certificate - Manager to provision, manage, and deploy your server certificates. With - ACM you can request a certificate, deploy it to Amazon Web Services resources, - and let ACM handle certificate renewals for you. Certificates provided by - ACM are free. For more information about using ACM, see the Certificate - Manager User Guide.

For more information about working with server - certificates, see Working - with server certificates in the IAM User Guide. This topic includes - a list of Amazon Web Services services that can use the server certificates - that you manage with IAM.

For information about the number of server - certificates you can upload, see IAM - and STS quotas in the IAM User Guide.

Because the - body of the public key certificate, private key, and the certificate chain - can be large, you should use POST rather than GET when calling UploadServerCertificate. - For information about setting up signatures and authorization through the - API, see Signing - Amazon Web Services API requests in the Amazon Web Services General - Reference. For general information about using the Query API with IAM, - see Calling - the API by making HTTP query requests in the IAM User Guide.

- - operationId: GET_UploadServerCertificate - parameters: - - description:

The path for the server certificate. For more information - about paths, see IAM - identifiers in the IAM User Guide.

This parameter is optional. - If it is not included, it defaults to a slash (/). This parameter allows - (through its regex pattern) - a string of characters consisting of either a forward slash (/) by itself - or a string that must begin and end with forward slashes. In addition, it - can contain any ASCII character from the ! (\u0021) through - the DEL character (\u007F), including most punctuation characters, - digits, and upper and lowercased letters.

If you are uploading - a server certificate specifically for use with Amazon CloudFront distributions, - you must specify a path using the path parameter. The path - must begin with /cloudfront and must include a trailing slash - (for example, /cloudfront/test/).

 - in: query - name: Path - required: false - schema: - maxLength: 512 - minLength: 1 - pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + description: The ARN + AttachmentCount: + type: number + description: The attachment count for the policy + CreateDate: type: string - - description: '

The name for the server certificate. Do not include the path - in this value. The name of the certificate cannot contain any spaces.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: ServerCertificateName - required: true - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' + description: The creation date for the policy + DefaultVersionId: type: string - - description:

The contents of the public key certificate in PEM-encoded - format.

The regex pattern - used to validate this parameter is a string of characters consisting of - the following:

  • Any printable ASCII character ranging from - the space character (\u0020) through the end of the ASCII character - range

  • The printable characters in the Basic Latin and - Latin-1 Supplement character set (through \u00FF)

    • -

  • The special characters tab (\u0009), line feed (\u000A), - and carriage return (\u000D)

- in: query - name: CertificateBody - required: true - schema: - maxLength: 16384 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + description: The default version id for the policy + Description: type: string - - description:

The contents of the private key in PEM-encoded format.

-

The regex pattern used - to validate this parameter is a string of characters consisting of the following:

-

  • Any printable ASCII character ranging from the space character - (\u0020) through the end of the ASCII character range

    • -

  • The printable characters in the Basic Latin and Latin-1 Supplement - character set (through \u00FF)

  • The special - characters tab (\u0009), line feed (\u000A), and - carriage return (\u000D)

- in: query - name: PrivateKey - required: true - schema: - format: password - maxLength: 16384 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + description: The description for the policy + IsAttachable: + type: boolean + description: Is the policy attachable? + Path: type: string - - description:

The contents of the certificate chain. This is typically a - concatenation of the PEM-encoded public key certificates of the chain.

-

The regex pattern used - to validate this parameter is a string of characters consisting of the following:

-

  • Any printable ASCII character ranging from the space character - (\u0020) through the end of the ASCII character range

    • -

  • The printable characters in the Basic Latin and Latin-1 Supplement - character set (through \u00FF)

  • The special - characters tab (\u0009), line feed (\u000A), and - carriage return (\u000D)

- in: query - name: CertificateChain - required: false - schema: - maxLength: 2097152 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + description: The path for the policy + PermissionsBoundaryUsageCount: + type: number + description: The permissions boundary usage count for the policy + PolicyId: type: string - - description:

A list of tags that you want to attach to the new IAM server - certificate resource. Each tag consists of a key name and an associated - value. For more information about tagging, see Tagging - IAM resources in the IAM User Guide.

If any one - of the tags is invalid or if you exceed the allowed maximum number of tags, - then the entire request fails and the resource is not created.

 - in: query - name: Tags - required: false - schema: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 + description: The id for the policy + Tags: type: array - responses: - '200': - content: - text/xml: - schema: - properties: - UploadServerCertificateResult: - $ref: '#/components/schemas/UploadServerCertificateResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedCertificateException' - description: MalformedCertificateException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/KeyPairMismatchException' - description: KeyPairMismatchException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '486': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UploadServerCertificate - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Uploads a server certificate entity for the Amazon Web Services - account. The server certificate entity includes a public key certificate, - a private key, and an optional certificate chain, which should all be PEM-encoded.

-

We recommend that you use Certificate - Manager to provision, manage, and deploy your server certificates. With - ACM you can request a certificate, deploy it to Amazon Web Services resources, - and let ACM handle certificate renewals for you. Certificates provided by - ACM are free. For more information about using ACM, see the Certificate - Manager User Guide.

For more information about working with server - certificates, see Working - with server certificates in the IAM User Guide. This topic includes - a list of Amazon Web Services services that can use the server certificates - that you manage with IAM.

For information about the number of server - certificates you can upload, see IAM - and STS quotas in the IAM User Guide.

Because the - body of the public key certificate, private key, and the certificate chain - can be large, you should use POST rather than GET when calling UploadServerCertificate. - For information about setting up signatures and authorization through the - API, see Signing - Amazon Web Services API requests in the Amazon Web Services General - Reference. For general information about using the Query API with IAM, - see Calling - the API by making HTTP query requests in the IAM User Guide.

- - operationId: POST_UploadServerCertificate - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UploadServerCertificateRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - UploadServerCertificateResult: - $ref: '#/components/schemas/UploadServerCertificateResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidInputException' - description: InvalidInputException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedCertificateException' - description: MalformedCertificateException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/KeyPairMismatchException' - description: KeyPairMismatchException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/ConcurrentModificationException' - description: ConcurrentModificationException - '486': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UploadServerCertificate - /?Action=UploadSigningCertificate&Version=2010-05-08: - get: - description:

Uploads an X.509 signing certificate and associates it with - the specified IAM user. Some Amazon Web Services services require you to use - certificates to validate requests that are signed with a corresponding private - key. When you upload the certificate, its default status is Active.

-

For information about when you would use an X.509 signing certificate, - see Managing - server certificates in IAM in the IAM User Guide.

If the - UserName is not specified, the IAM user name is determined implicitly - based on the Amazon Web Services access key ID used to sign the request. This - operation works for access keys under the Amazon Web Services account. Consequently, - you can use this operation to manage Amazon Web Services account root user - credentials even if the Amazon Web Services account has no associated users.

-

Because the body of an X.509 certificate can be large, you should - use POST rather than GET when calling UploadSigningCertificate. - For information about setting up signatures and authorization through the - API, see Signing - Amazon Web Services API requests in the Amazon Web Services General - Reference. For general information about using the Query API with IAM, - see Making - query requests in the IAM User Guide.

 - operationId: GET_UploadSigningCertificate - parameters: - - description: '

The name of the user the signing certificate is for.

-

This parameter allows (through its regex - pattern) a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following characters: - _+=,.@-

' - in: query - name: UserName - required: false - schema: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - - description:

The contents of the signing certificate.

The regex - pattern used to validate this parameter is a string of characters consisting - of the following:

  • Any printable ASCII character ranging - from the space character (\u0020) through the end of the ASCII - character range

  • The printable characters in the Basic - Latin and Latin-1 Supplement character set (through \u00FF)

    -

  • The special characters tab (\u0009), line feed - (\u000A), and carriage return (\u000D)

    • -
- in: query - name: CertificateBody - required: true - schema: - maxLength: 16384 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + description: Tags for the policy + UpdateDate: type: string - responses: - '200': - content: - text/xml: - schema: - properties: - UploadSigningCertificateResult: - $ref: '#/components/schemas/UploadSigningCertificateResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedCertificateException' - description: MalformedCertificateException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidCertificateException' - description: InvalidCertificateException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/DuplicateCertificateException' - description: DuplicateCertificateException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '486': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UploadSigningCertificate - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - description:

Uploads an X.509 signing certificate and associates it with - the specified IAM user. Some Amazon Web Services services require you to use - certificates to validate requests that are signed with a corresponding private - key. When you upload the certificate, its default status is Active.

-

For information about when you would use an X.509 signing certificate, - see Managing - server certificates in IAM in the IAM User Guide.

If the - UserName is not specified, the IAM user name is determined implicitly - based on the Amazon Web Services access key ID used to sign the request. This - operation works for access keys under the Amazon Web Services account. Consequently, - you can use this operation to manage Amazon Web Services account root user - credentials even if the Amazon Web Services account has no associated users.

-

Because the body of an X.509 certificate can be large, you should - use POST rather than GET when calling UploadSigningCertificate. - For information about setting up signatures and authorization through the - API, see Signing - Amazon Web Services API requests in the Amazon Web Services General - Reference. For general information about using the Query API with IAM, - see Making - query requests in the IAM User Guide.

 - operationId: POST_UploadSigningCertificate - parameters: [] - requestBody: - content: - text/xml: - schema: - $ref: '#/components/schemas/UploadSigningCertificateRequest' - responses: - '200': - content: - text/xml: - schema: - properties: - UploadSigningCertificateResult: - $ref: '#/components/schemas/UploadSigningCertificateResponse' - type: object - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/LimitExceededException' - description: LimitExceededException - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/EntityAlreadyExistsException' - description: EntityAlreadyExistsException - '482': - content: - text/xml: - schema: - $ref: '#/components/schemas/MalformedCertificateException' - description: MalformedCertificateException - '483': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidCertificateException' - description: InvalidCertificateException - '484': - content: - text/xml: - schema: - $ref: '#/components/schemas/DuplicateCertificateException' - description: DuplicateCertificateException - '485': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchEntityException' - description: NoSuchEntityException - '486': - content: - text/xml: - schema: - $ref: '#/components/schemas/ServiceFailureException' - description: ServiceFailureException - x-aws-operation-name: UploadSigningCertificate -security: -- hmac: [] -servers: -- description: The general IAM multi-region endpoint - url: https://iam.amazonaws.com - variables: - region: - description: The AWS region - enum: - - us-east-1 - - us-east-2 - - us-west-1 - - us-west-2 - - us-gov-west-1 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-southeast-1 - - ap-southeast-2 - - ap-east-1 - - ap-south-1 - - sa-east-1 - - me-south-1 - default: us-east-1 -x-stackQL-config: - queryParamTranspose: - algorithm: AWSCanonical - requestTranslate: - algorithm: get_query_to_post_form_utf_8 + description: The update date for the policy + region: + $ref: '#/components/schemas/region' + x-example-where-clause: '' + x-stackQL-resources: + groups: + name: groups + id: aws.iam.groups + x-cfn-schema-name: Group + x-type: list + x-identifiers: + - GroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GroupName') as group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::Group' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GroupName') as group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::Group' + AND region = 'us-east-1' + group: + name: group + id: aws.iam.group + x-cfn-schema-name: Group + x-type: get + x-identifiers: + - GroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.GroupName') as group_name, + JSON_EXTRACT(Properties, '$.ManagedPolicyArns') as managed_policy_arns, + JSON_EXTRACT(Properties, '$.Path') as path, + JSON_EXTRACT(Properties, '$.Policies') as policies + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::Group' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'GroupName') as group_name, + json_extract_path_text(Properties, 'ManagedPolicyArns') as managed_policy_arns, + json_extract_path_text(Properties, 'Path') as path, + json_extract_path_text(Properties, 'Policies') as policies + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::Group' + AND data__Identifier = '' + AND region = 'us-east-1' + group_policy: + name: group_policy + id: aws.iam.group_policy + x-cfn-schema-name: GroupPolicy + x-type: get + x-identifiers: + - PolicyName + - GroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, + JSON_EXTRACT(Properties, '$.GroupName') as group_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::GroupPolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'PolicyName') as policy_name, + json_extract_path_text(Properties, 'GroupName') as group_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::GroupPolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + instance_profiles: + name: instance_profiles + id: aws.iam.instance_profiles + x-cfn-schema-name: InstanceProfile + x-type: list + x-identifiers: + - InstanceProfileName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InstanceProfileName') as instance_profile_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::InstanceProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InstanceProfileName') as instance_profile_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::InstanceProfile' + AND region = 'us-east-1' + instance_profile: + name: instance_profile + id: aws.iam.instance_profile + x-cfn-schema-name: InstanceProfile + x-type: get + x-identifiers: + - InstanceProfileName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Path') as path, + JSON_EXTRACT(Properties, '$.Roles') as roles, + JSON_EXTRACT(Properties, '$.InstanceProfileName') as instance_profile_name, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::InstanceProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Path') as path, + json_extract_path_text(Properties, 'Roles') as roles, + json_extract_path_text(Properties, 'InstanceProfileName') as instance_profile_name, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::InstanceProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + managed_policies: + name: managed_policies + id: aws.iam.managed_policies + x-cfn-schema-name: ManagedPolicy + x-type: list + x-identifiers: + - PolicyArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PolicyArn') as policy_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::ManagedPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PolicyArn') as policy_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::ManagedPolicy' + AND region = 'us-east-1' + managed_policy: + name: managed_policy + id: aws.iam.managed_policy + x-cfn-schema-name: ManagedPolicy + x-type: get + x-identifiers: + - PolicyArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Groups') as groups, + JSON_EXTRACT(Properties, '$.ManagedPolicyName') as managed_policy_name, + JSON_EXTRACT(Properties, '$.Path') as path, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.Roles') as roles, + JSON_EXTRACT(Properties, '$.Users') as users, + JSON_EXTRACT(Properties, '$.PolicyArn') as policy_arn, + JSON_EXTRACT(Properties, '$.AttachmentCount') as attachment_count, + JSON_EXTRACT(Properties, '$.CreateDate') as create_date, + JSON_EXTRACT(Properties, '$.UpdateDate') as update_date, + JSON_EXTRACT(Properties, '$.DefaultVersionId') as default_version_id, + JSON_EXTRACT(Properties, '$.IsAttachable') as is_attachable, + JSON_EXTRACT(Properties, '$.PermissionsBoundaryUsageCount') as permissions_boundary_usage_count, + JSON_EXTRACT(Properties, '$.PolicyId') as policy_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::ManagedPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Groups') as groups, + json_extract_path_text(Properties, 'ManagedPolicyName') as managed_policy_name, + json_extract_path_text(Properties, 'Path') as path, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'Roles') as roles, + json_extract_path_text(Properties, 'Users') as users, + json_extract_path_text(Properties, 'PolicyArn') as policy_arn, + json_extract_path_text(Properties, 'AttachmentCount') as attachment_count, + json_extract_path_text(Properties, 'CreateDate') as create_date, + json_extract_path_text(Properties, 'UpdateDate') as update_date, + json_extract_path_text(Properties, 'DefaultVersionId') as default_version_id, + json_extract_path_text(Properties, 'IsAttachable') as is_attachable, + json_extract_path_text(Properties, 'PermissionsBoundaryUsageCount') as permissions_boundary_usage_count, + json_extract_path_text(Properties, 'PolicyId') as policy_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::ManagedPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + oidc_providers: + name: oidc_providers + id: aws.iam.oidc_providers + x-cfn-schema-name: OIDCProvider + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::OIDCProvider' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::OIDCProvider' + AND region = 'us-east-1' + oidc_provider: + name: oidc_provider + id: aws.iam.oidc_provider + x-cfn-schema-name: OIDCProvider + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ClientIdList') as client_id_list, + JSON_EXTRACT(Properties, '$.Url') as url, + JSON_EXTRACT(Properties, '$.ThumbprintList') as thumbprint_list, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::OIDCProvider' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ClientIdList') as client_id_list, + json_extract_path_text(Properties, 'Url') as url, + json_extract_path_text(Properties, 'ThumbprintList') as thumbprint_list, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::OIDCProvider' + AND data__Identifier = '' + AND region = 'us-east-1' + roles: + name: roles + id: aws.iam.roles + x-cfn-schema-name: Role + x-type: list + x-identifiers: + - RoleName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RoleName') as role_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::Role' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RoleName') as role_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::Role' + AND region = 'us-east-1' + role: + name: role + id: aws.iam.role + x-cfn-schema-name: Role + x-type: get + x-identifiers: + - RoleName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AssumeRolePolicyDocument') as assume_role_policy_document, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ManagedPolicyArns') as managed_policy_arns, + JSON_EXTRACT(Properties, '$.MaxSessionDuration') as max_session_duration, + JSON_EXTRACT(Properties, '$.Path') as path, + JSON_EXTRACT(Properties, '$.PermissionsBoundary') as permissions_boundary, + JSON_EXTRACT(Properties, '$.Policies') as policies, + JSON_EXTRACT(Properties, '$.RoleId') as role_id, + JSON_EXTRACT(Properties, '$.RoleName') as role_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::Role' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AssumeRolePolicyDocument') as assume_role_policy_document, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ManagedPolicyArns') as managed_policy_arns, + json_extract_path_text(Properties, 'MaxSessionDuration') as max_session_duration, + json_extract_path_text(Properties, 'Path') as path, + json_extract_path_text(Properties, 'PermissionsBoundary') as permissions_boundary, + json_extract_path_text(Properties, 'Policies') as policies, + json_extract_path_text(Properties, 'RoleId') as role_id, + json_extract_path_text(Properties, 'RoleName') as role_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::Role' + AND data__Identifier = '' + AND region = 'us-east-1' + role_policy: + name: role_policy + id: aws.iam.role_policy + x-cfn-schema-name: RolePolicy + x-type: get + x-identifiers: + - PolicyName + - RoleName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, + JSON_EXTRACT(Properties, '$.RoleName') as role_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::RolePolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'PolicyName') as policy_name, + json_extract_path_text(Properties, 'RoleName') as role_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::RolePolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + saml_providers: + name: saml_providers + id: aws.iam.saml_providers + x-cfn-schema-name: SAMLProvider + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::SAMLProvider' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::SAMLProvider' + AND region = 'us-east-1' + saml_provider: + name: saml_provider + id: aws.iam.saml_provider + x-cfn-schema-name: SAMLProvider + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.SamlMetadataDocument') as saml_metadata_document, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::SAMLProvider' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'SamlMetadataDocument') as saml_metadata_document, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::SAMLProvider' + AND data__Identifier = '' + AND region = 'us-east-1' + server_certificates: + name: server_certificates + id: aws.iam.server_certificates + x-cfn-schema-name: ServerCertificate + x-type: list + x-identifiers: + - ServerCertificateName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ServerCertificateName') as server_certificate_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::ServerCertificate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ServerCertificateName') as server_certificate_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::ServerCertificate' + AND region = 'us-east-1' + server_certificate: + name: server_certificate + id: aws.iam.server_certificate + x-cfn-schema-name: ServerCertificate + x-type: get + x-identifiers: + - ServerCertificateName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CertificateBody') as certificate_body, + JSON_EXTRACT(Properties, '$.CertificateChain') as certificate_chain, + JSON_EXTRACT(Properties, '$.ServerCertificateName') as server_certificate_name, + JSON_EXTRACT(Properties, '$.Path') as path, + JSON_EXTRACT(Properties, '$.PrivateKey') as private_key, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::ServerCertificate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CertificateBody') as certificate_body, + json_extract_path_text(Properties, 'CertificateChain') as certificate_chain, + json_extract_path_text(Properties, 'ServerCertificateName') as server_certificate_name, + json_extract_path_text(Properties, 'Path') as path, + json_extract_path_text(Properties, 'PrivateKey') as private_key, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::ServerCertificate' + AND data__Identifier = '' + AND region = 'us-east-1' + service_linked_role: + name: service_linked_role + id: aws.iam.service_linked_role + x-cfn-schema-name: ServiceLinkedRole + x-type: get + x-identifiers: + - RoleName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RoleName') as role_name, + JSON_EXTRACT(Properties, '$.CustomSuffix') as custom_suffix, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.AWSServiceName') as aws_service_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::ServiceLinkedRole' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RoleName') as role_name, + json_extract_path_text(Properties, 'CustomSuffix') as custom_suffix, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'AWSServiceName') as aws_service_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::ServiceLinkedRole' + AND data__Identifier = '' + AND region = 'us-east-1' + users: + name: users + id: aws.iam.users + x-cfn-schema-name: User + x-type: list + x-identifiers: + - UserName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.UserName') as user_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::User' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'UserName') as user_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::User' + AND region = 'us-east-1' + user: + name: user + id: aws.iam.user + x-cfn-schema-name: User + x-type: get + x-identifiers: + - UserName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Path') as path, + JSON_EXTRACT(Properties, '$.ManagedPolicyArns') as managed_policy_arns, + JSON_EXTRACT(Properties, '$.Policies') as policies, + JSON_EXTRACT(Properties, '$.UserName') as user_name, + JSON_EXTRACT(Properties, '$.Groups') as groups, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.LoginProfile') as login_profile, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.PermissionsBoundary') as permissions_boundary + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::User' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Path') as path, + json_extract_path_text(Properties, 'ManagedPolicyArns') as managed_policy_arns, + json_extract_path_text(Properties, 'Policies') as policies, + json_extract_path_text(Properties, 'UserName') as user_name, + json_extract_path_text(Properties, 'Groups') as groups, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'LoginProfile') as login_profile, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'PermissionsBoundary') as permissions_boundary + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::User' + AND data__Identifier = '' + AND region = 'us-east-1' + user_policy: + name: user_policy + id: aws.iam.user_policy + x-cfn-schema-name: UserPolicy + x-type: get + x-identifiers: + - PolicyName + - UserName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, + JSON_EXTRACT(Properties, '$.UserName') as user_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::UserPolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'PolicyName') as policy_name, + json_extract_path_text(Properties, 'UserName') as user_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::UserPolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + virtualmfa_devices: + name: virtualmfa_devices + id: aws.iam.virtualmfa_devices + x-cfn-schema-name: VirtualMFADevice + x-type: list + x-identifiers: + - SerialNumber + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SerialNumber') as serial_number + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::VirtualMFADevice' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SerialNumber') as serial_number + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::VirtualMFADevice' + AND region = 'us-east-1' + virtualmfa_device: + name: virtualmfa_device + id: aws.iam.virtualmfa_device + x-cfn-schema-name: VirtualMFADevice + x-type: get + x-identifiers: + - SerialNumber + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.VirtualMfaDeviceName') as virtual_mfa_device_name, + JSON_EXTRACT(Properties, '$.Path') as path, + JSON_EXTRACT(Properties, '$.SerialNumber') as serial_number, + JSON_EXTRACT(Properties, '$.Users') as users, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::VirtualMFADevice' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'VirtualMfaDeviceName') as virtual_mfa_device_name, + json_extract_path_text(Properties, 'Path') as path, + json_extract_path_text(Properties, 'SerialNumber') as serial_number, + json_extract_path_text(Properties, 'Users') as users, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::VirtualMFADevice' + AND data__Identifier = '' + AND region = 'us-east-1' + user_policies: + name: user_policies + id: aws.iam.user_policies + x-cfn-schema-name: user_policies + x-type: custom_list + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + UserName, + member, + region + FROM aws.iam_api.user_policies + WHERE UserName = '' + AND region = 'us-east-1' + group_policies: + name: group_policies + id: aws.iam.group_policies + x-cfn-schema-name: group_policies + x-type: custom_list + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + GroupName, + PolicyName, + PolicyDocument, + region + FROM aws.iam_api.group_policies + WHERE GroupName = '' + AND region = 'us-east-1' + policies: + name: policies + id: aws.iam.policies + x-cfn-schema-name: policies + x-type: custom_list + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + PolicyName, + Arn, + AttachmentCount, + CreateDate, + DefaultVersionId, + Description, + IsAttachable, + Path, + PermissionsBoundaryUsageCount, + PolicyId, + Tags, + UpdateDate, + region + FROM aws.iam_api.policies + WHERE region = 'us-east-1' + role_policies: + name: role_policies + id: aws.iam.role_policies + x-cfn-schema-name: role_policies + x-type: custom_list + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + RoleName, + PolicyName, + PolicyDocument, + region + FROM aws.iam_api.role_policies + WHERE RoleName = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/iam_api.yaml b/providers/src/aws/v00.00.00000/services/iam_api.yaml new file mode 100644 index 00000000..7b27bb4b --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/iam_api.yaml @@ -0,0 +1,31632 @@ +components: + parameters: + X-Amz-Algorithm: + in: header + name: X-Amz-Algorithm + required: false + schema: + type: string + X-Amz-Content-Sha256: + in: header + name: X-Amz-Content-Sha256 + required: false + schema: + type: string + X-Amz-Credential: + in: header + name: X-Amz-Credential + required: false + schema: + type: string + X-Amz-Date: + in: header + name: X-Amz-Date + required: false + schema: + type: string + X-Amz-Security-Token: + in: header + name: X-Amz-Security-Token + required: false + schema: + type: string + X-Amz-Signature: + in: header + name: X-Amz-Signature + required: false + schema: + type: string + X-Amz-SignedHeaders: + in: header + name: X-Amz-SignedHeaders + required: false + schema: + type: string + schemas: + AccessAdvisorUsageGranularityType: + enum: + - SERVICE_LEVEL + - ACTION_LEVEL + type: string + AccessDetail: + description:

An object that contains details about when a principal in the + reported Organizations entity last attempted to access an Amazon Web Services + service. A principal can be an IAM user, an IAM role, or the Amazon Web Services + account root user within the reported Organizations entity.

This data + type is a response element in the GetOrganizationsAccessReport operation.

+ properties: + EntityPath: + allOf: + - $ref: '#/components/schemas/organizationsEntityPathType' + - description:

The path of the Organizations entity (root, organizational + unit, or account) from which an authenticated principal last attempted + to access the service. Amazon Web Services does not report unauthenticated + requests.

This field is null if no principals (IAM users, IAM + roles, or root users) in the reported Organizations entity attempted + to access the service within the reporting + period.

+ LastAuthenticatedTime: + allOf: + - $ref: '#/components/schemas/dateType' + - description: "

The date and time, in\_ISO 8601 date-time format, when an authenticated principal most\ + \ recently attempted to access the service. Amazon Web Services does\ + \ not report unauthenticated requests.

This field is null if\ + \ no principals in the reported Organizations entity attempted to access\ + \ the service within the reporting period.

" + Region: + allOf: + - $ref: '#/components/schemas/stringType' + - description:

The Region where the last service access attempt occurred.

+

This field is null if no principals in the reported Organizations + entity attempted to access the service within the reporting + period.

+ ServiceName: + allOf: + - $ref: '#/components/schemas/serviceNameType' + - description: The name of the service in which access was attempted. + ServiceNamespace: + allOf: + - $ref: '#/components/schemas/serviceNamespaceType' + - description: "

The namespace of the service in which access was attempted.

\ + \

To learn the service namespace of a service, see Actions, resources, and condition keys for Amazon Web Services services\ + \ in the Service Authorization Reference. Choose the name of\ + \ the service to view details for that service. In the first paragraph,\ + \ find the service prefix. For example, (service prefix: a4b).\ + \ For more information about service namespaces, see Amazon Web Services service namespaces in the\_Amazon Web Services\ + \ General Reference.

" + TotalAuthenticatedEntities: + allOf: + - $ref: '#/components/schemas/integerType' + - description: The number of accounts with authenticated principals (root + users, IAM users, and IAM roles) that attempted to access the service + in the reporting period. + required: + - ServiceName + - ServiceNamespace + type: object + AccessDetails: + items: + allOf: + - $ref: '#/components/schemas/AccessDetail' + - xml: + name: member + type: array + AccessKey: + description:

Contains information about an Amazon Web Services access key.

+

This data type is used as a response element in the CreateAccessKey + and ListAccessKeys operations.

The SecretAccessKey + value is returned only in response to CreateAccessKey. You can get + a secret access key only when you first create an access key; you cannot recover + the secret access key later. If you lose a secret access key, you must create + a new access key.

 + properties: + AccessKeyId: + allOf: + - $ref: '#/components/schemas/accessKeyIdType' + - description: The ID for this access key. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date when the access key was created. + SecretAccessKey: + allOf: + - $ref: '#/components/schemas/accessKeySecretType' + - description: The secret key used to sign requests. + Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: 'The status of the access key. Active means + that the key is valid for API calls, while Inactive means + it is not. ' + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the IAM user that the access key is associated + with. + required: + - UserName + - AccessKeyId + - Status + - SecretAccessKey + type: object + AccessKeyLastUsed: + description:

Contains information about the last time an Amazon Web Services + access key was used since IAM began tracking this information on April 22, + 2015.

This data type is used as a response element in the GetAccessKeyLastUsed + operation.

+ properties: + LastUsedDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description:

The date and time, in ISO + 8601 date-time format, when the access key was most recently used. + This field is null in the following situations:

  • The + user does not have an access key.

  • An access key exists + but has not been used since IAM began tracking this information.

    +

  • There is no sign-in data associated with the user.

    +
+ Region: + allOf: + - $ref: '#/components/schemas/stringType' + - description:

The Amazon Web Services Region where this access key was + most recently used. The value for this field is "N/A" in the following + situations:

  • The user does not have an access key.

    +

  • An access key exists but has not been used since IAM began + tracking this information.

  • There is no sign-in data + associated with the user.

For more information about + Amazon Web Services Regions, see Regions + and endpoints in the Amazon Web Services General Reference.

+ ServiceName: + allOf: + - $ref: '#/components/schemas/stringType' + - description:

The name of the Amazon Web Services service with which + this access key was most recently used. The value of this field is "N/A" + in the following situations:

  • The user does not have + an access key.

  • An access key exists but has not been + used since IAM started tracking this information.

  • There + is no sign-in data associated with the user.

+ required: + - LastUsedDate + - ServiceName + - Region + type: object + AccessKeyMetadata: + description:

Contains information about an Amazon Web Services access key, + without its secret key.

This data type is used as a response element + in the ListAccessKeys operation.

+ properties: + AccessKeyId: + allOf: + - $ref: '#/components/schemas/accessKeyIdType' + - description: The ID for this access key. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date when the access key was created. + Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status of the access key. Active means that + the key is valid for API calls; Inactive means it is not. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the IAM user that the key is associated with. + type: object + ActionNameListType: + items: + allOf: + - $ref: '#/components/schemas/ActionNameType' + - xml: + name: member + type: array + ActionNameType: + maxLength: 128 + minLength: 3 + type: string + AddClientIDToOpenIDConnectProviderRequest: + properties: + ClientID: + allOf: + - $ref: '#/components/schemas/clientIDType' + - description: The client ID (also known as audience) to add to the IAM + OpenID Connect provider resource. + OpenIDConnectProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: The Amazon Resource Name (ARN) of the IAM OpenID Connect + (OIDC) provider resource to add the client ID to. You can get a list + of OIDC provider ARNs by using the ListOpenIDConnectProviders + operation. + required: + - OpenIDConnectProviderArn + - ClientID + title: AddClientIDToOpenIDConnectProviderRequest + type: object + AddRoleToInstanceProfileRequest: + properties: + InstanceProfileName: + allOf: + - $ref: '#/components/schemas/instanceProfileNameType' + - description: '

The name of the instance profile to update.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name of the role to add.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following + characters: _+=,.@-

' + required: + - InstanceProfileName + - RoleName + title: AddRoleToInstanceProfileRequest + type: object + AddUserToGroupRequest: + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

The name of the group to update.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user to add.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following + characters: _+=,.@-

' + required: + - GroupName + - UserName + title: AddUserToGroupRequest + type: object + ArnListType: + items: + allOf: + - $ref: '#/components/schemas/arnType' + - xml: + name: member + type: array + AttachGroupPolicyRequest: + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

The name (friendly name, not ARN) of the group to attach + the policy to.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM policy you want + to attach.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ required: + - GroupName + - PolicyArn + title: AttachGroupPolicyRequest + type: object + AttachRolePolicyRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM policy you want + to attach.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name (friendly name, not ARN) of the role to attach + the policy to.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - RoleName + - PolicyArn + title: AttachRolePolicyRequest + type: object + AttachUserPolicyRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM policy you want + to attach.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name (friendly name, not ARN) of the IAM user to + attach the policy to.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + - PolicyArn + title: AttachUserPolicyRequest + type: object + AttachedPermissionsBoundary: + description:

Contains information about an attached permissions boundary.

+

An attached permissions boundary is a managed policy that has been attached + to a user or role to set the permissions boundary.

For more information + about permissions boundaries, see Permissions + boundaries for IAM identities in the IAM User Guide.

+ properties: + PermissionsBoundaryArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: ' The ARN of the policy used to set the permissions boundary + for the user or role.' + PermissionsBoundaryType: + allOf: + - $ref: '#/components/schemas/PermissionsBoundaryAttachmentType' + - description: ' The permissions boundary usage type that indicates what + type of IAM resource is used as the permissions boundary for an entity. + This data type can only have a value of Policy.' + type: object + AttachedPolicy: + description:

Contains information about an attached policy.

An attached + policy is a managed policy that has been attached to a user, group, or role. + This data type is used as a response element in the ListAttachedGroupPolicies, + ListAttachedRolePolicies, ListAttachedUserPolicies, and GetAccountAuthorizationDetails + operations.

For more information about managed policies, refer to + Managed + policies and inline policies in the IAM User Guide.

+ properties: + PolicyArn: + $ref: '#/components/schemas/arnType' + PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: The friendly name of the attached policy. + type: object + BootstrapDatum: + format: password + type: string + ChangePasswordRequest: + properties: + NewPassword: + allOf: + - $ref: '#/components/schemas/passwordType' + - description:

The new password. The new password must conform to the + Amazon Web Services account's password policy, if one exists.

The + regex pattern that is + used to validate this parameter is a string of characters. That string + can include almost any printable ASCII character from the space (\u0020) + through the end of the ASCII character range (\u00FF). + You can also include the tab (\u0009), line feed (\u000A), + and carriage return (\u000D) characters. Any of these characters + are valid in a password. However, many tools, such as the Amazon Web + Services Management Console, might restrict the ability to type certain + characters because they have special meaning within that tool.

+ OldPassword: + allOf: + - $ref: '#/components/schemas/passwordType' + - description: The IAM user's current password. + required: + - OldPassword + - NewPassword + title: ChangePasswordRequest + type: object + ColumnNumber: + type: integer + ConcurrentModificationException: {} + ContextEntry: + description:

Contains information about a condition context key. It includes + the name of the key and specifies the value (or values, if the context key + supports multiple values) to use in the simulation. This information is used + when evaluating the Condition elements of the input policies.

+

This data type is used as an input parameter to SimulateCustomPolicy + and SimulatePrincipalPolicy.

+ properties: + ContextKeyName: + allOf: + - $ref: '#/components/schemas/ContextKeyNameType' + - description: The full name of a condition context key, including the service + prefix. For example, aws:SourceIp or s3:VersionId. + ContextKeyType: + allOf: + - $ref: '#/components/schemas/ContextKeyTypeEnum' + - description: The data type of the value (or values) specified in the ContextKeyValues + parameter. + ContextKeyValues: + allOf: + - $ref: '#/components/schemas/ContextKeyValueListType' + - description: The value (or values, if the condition context key supports + multiple values) to provide to the simulation when the key is referenced + by a Condition element in an input policy. + type: object + ContextEntryListType: + items: + allOf: + - $ref: '#/components/schemas/ContextEntry' + - xml: + name: member + type: array + ContextKeyNameType: + maxLength: 256 + minLength: 5 + type: string + ContextKeyNamesResultListType: + items: + allOf: + - $ref: '#/components/schemas/ContextKeyNameType' + - xml: + name: member + type: array + ContextKeyTypeEnum: + enum: + - string + - stringList + - numeric + - numericList + - boolean + - booleanList + - ip + - ipList + - binary + - binaryList + - date + - dateList + type: string + ContextKeyValueListType: + items: + allOf: + - $ref: '#/components/schemas/ContextKeyValueType' + - xml: + name: member + type: array + ContextKeyValueType: + type: string + CreateAccessKeyRequest: + properties: + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the IAM user that the new key will belong + to.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + title: CreateAccessKeyRequest + type: object + CreateAccessKeyResponse: + description: 'Contains the response to a successful CreateAccessKey request. ' + example: + AccessKey: + AccessKeyId: AKIAIOSFODNN7EXAMPLE + CreateDate: '2015-03-09T18:39:23.411Z' + SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY + Status: Active + UserName: Bob + properties: + AccessKey: + allOf: + - $ref: '#/components/schemas/AccessKey' + - description: A structure with details about the access key. + required: + - AccessKey + type: object + CreateAccountAliasRequest: + properties: + AccountAlias: + allOf: + - $ref: '#/components/schemas/accountAliasType' + - description:

The account alias to create.

This parameter allows + (through its regex pattern) + a string of characters consisting of lowercase letters, digits, and + dashes. You cannot start or finish with a dash, nor can you have two + dashes in a row.

+ required: + - AccountAlias + title: CreateAccountAliasRequest + type: object + CreateGroupRequest: + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description:

The name of the group to create. Do not include the path + in this value.

IAM user, group, role, and policy names must be + unique within the account. Names are not distinguished by case. For + example, you cannot create resources named both "MyResource" and "myresource".

+ Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description:

The path to the group. For more information about paths, + see IAM + identifiers in the IAM User Guide.

This parameter + is optional. If it is not included, it defaults to a slash (/).

+

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ required: + - GroupName + title: CreateGroupRequest + type: object + CreateGroupResponse: + description: 'Contains the response to a successful CreateGroup request. ' + example: + Group: + Arn: arn:aws:iam::123456789012:group/Admins + CreateDate: '2015-03-09T20:30:24.940Z' + GroupId: AIDGPMS9RO4H3FEXAMPLE + GroupName: Admins + Path: / + properties: + Group: + allOf: + - $ref: '#/components/schemas/Group' + - description: A structure containing details about the new group. + required: + - Group + type: object + CreateInstanceProfileRequest: + properties: + InstanceProfileName: + allOf: + - $ref: '#/components/schemas/instanceProfileNameType' + - description: '

The name of the instance profile to create.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description:

The path to the instance profile. For more information + about paths, see IAM + Identifiers in the IAM User Guide.

This parameter + is optional. If it is not included, it defaults to a slash (/).

+

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description:

A list of tags that you want to attach to the newly created + IAM instance profile. Each tag consists of a key name and an associated + value. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

If any + one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created.

+ + required: + - InstanceProfileName + title: CreateInstanceProfileRequest + type: object + CreateInstanceProfileResponse: + description: 'Contains the response to a successful CreateInstanceProfile + request. ' + example: + InstanceProfile: + Arn: arn:aws:iam::123456789012:instance-profile/Webserver + CreateDate: '2015-03-09T20:33:19.626Z' + InstanceProfileId: AIPAJMBYC7DLSPEXAMPLE + InstanceProfileName: Webserver + Path: / + Roles: [] + properties: + InstanceProfile: + allOf: + - $ref: '#/components/schemas/InstanceProfile' + - description: A structure containing details about the new instance profile. + required: + - InstanceProfile + type: object + CreateLoginProfileRequest: + properties: + Password: + allOf: + - $ref: '#/components/schemas/passwordType' + - description:

The new password for the user.

The regex + pattern that is used to validate this parameter is a string of characters. + That string can include almost any printable ASCII character from the + space (\u0020) through the end of the ASCII character range + (\u00FF). You can also include the tab (\u0009), + line feed (\u000A), and carriage return (\u000D) + characters. Any of these characters are valid in a password. However, + many tools, such as the Amazon Web Services Management Console, might + restrict the ability to type certain characters because they have special + meaning within that tool.

+ PasswordResetRequired: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether the user is required to set a new password + on next sign-in. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user to create a password for. The + user must already exist.

This parameter allows (through its regex pattern) a string of + characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + required: + - UserName + - Password + title: CreateLoginProfileRequest + type: object + CreateLoginProfileResponse: + description: 'Contains the response to a successful CreateLoginProfile + request. ' + example: + LoginProfile: + CreateDate: '2015-03-10T20:55:40.274Z' + PasswordResetRequired: true + UserName: Bob + properties: + LoginProfile: + allOf: + - $ref: '#/components/schemas/LoginProfile' + - description: A structure containing the user name and password create + date. + required: + - LoginProfile + type: object + CreateOpenIDConnectProviderRequest: + properties: + ClientIDList: + allOf: + - $ref: '#/components/schemas/clientIDListType' + - description:

Provides a list of client IDs, also known as audiences. + When a mobile or web app registers with an OpenID Connect provider, + they establish a value that identifies the application. This is the + value that's sent as the client_id parameter on OAuth requests.

+

You can register multiple client IDs with the same provider. For + example, you might have multiple applications that use the same OIDC + provider. You cannot register more than 100 client IDs with a single + IAM OIDC provider.

There is no defined format for a client ID. + The CreateOpenIDConnectProviderRequest operation accepts + client IDs up to 255 characters long.

+ Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description:

A list of tags that you want to attach to the new IAM + OpenID Connect (OIDC) provider. Each tag consists of a key name and + an associated value. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

If any + one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created.

+ + ThumbprintList: + allOf: + - $ref: '#/components/schemas/thumbprintListType' + - description:

A list of server certificate thumbprints for the OpenID + Connect (OIDC) identity provider's server certificates. Typically this + list includes only one entry. However, IAM lets you have up to five + thumbprints for an OIDC provider. This lets you maintain multiple thumbprints + if the identity provider is rotating certificates.

The server + certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 + certificate used by the domain where the OpenID Connect provider makes + its keys available. It is always a 40-character string.

You must + provide at least one thumbprint when creating an IAM OIDC provider. + For example, assume that the OIDC provider is server.example.com + and the provider stores its keys at https://keys.server.example.com/openid-connect. + In that case, the thumbprint string would be the hex-encoded SHA-1 hash + value of the certificate used by https://keys.server.example.com. +

For more information about obtaining the OIDC provider thumbprint, + see Obtaining + the thumbprint for an OpenID Connect provider in the IAM User + Guide.

+ Url: + allOf: + - $ref: '#/components/schemas/OpenIDConnectProviderUrlType' + - description:

The URL of the identity provider. The URL must begin with + https:// and should correspond to the iss + claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, + path components are allowed but query parameters are not. Typically + the URL consists of only a hostname, like https://server.example.org + or https://example.com. The URL should not contain a port + number.

You cannot register the same provider multiple times + in a single Amazon Web Services account. If you try to submit a URL + that has already been used for an OpenID Connect provider in the Amazon + Web Services account, you will get an error.

+ required: + - Url + - ThumbprintList + title: CreateOpenIDConnectProviderRequest + type: object + CreateOpenIDConnectProviderResponse: + description: 'Contains the response to a successful CreateOpenIDConnectProvider + request. ' + example: + OpenIDConnectProviderArn: arn:aws:iam::123456789012:oidc-provider/server.example.com + properties: + OpenIDConnectProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: 'The Amazon Resource Name (ARN) of the new IAM OpenID Connect + provider that is created. For more information, see OpenIDConnectProviderListEntry. ' + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: A list of tags that are attached to the new IAM OIDC provider. + The returned list of tags is sorted by tag key. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide. + type: object + CreatePolicyRequest: + properties: + Description: + allOf: + - $ref: '#/components/schemas/policyDescriptionType' + - description:

A friendly description of the policy.

Typically + used to store information about the permissions defined in the policy. + For example, "Grants access to production DynamoDB tables."

The + policy description is immutable. After a value is assigned, it cannot + be changed.

+ Path: + allOf: + - $ref: '#/components/schemas/policyPathType' + - description:

The path for the policy.

For more information about + paths, see IAM + identifiers in the IAM User Guide.

This parameter + is optional. If it is not included, it defaults to a slash (/).

+

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

You + cannot use an asterisk (*) in the path name.

 + PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description:

The JSON policy document that you want to use as the content + for the new policy.

You must provide policies in JSON format + in IAM. However, for CloudFormation templates formatted in YAML, you + can provide the policy in JSON or YAML format. CloudFormation always + converts a YAML policy to JSON format before submitting it to IAM.

+

The maximum length of the policy document that you can pass in this + operation, including whitespace, is listed below. To view the maximum + character counts of a managed policy with no whitespaces, see IAM + and STS character quotas.

To learn more about JSON policy + grammar, see Grammar + of the IAM JSON policy language in the IAM User Guide.

+

The regex pattern used + to validate this parameter is a string of characters consisting of the + following:

  • Any printable ASCII character ranging from + the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description:

The friendly name of the policy.

IAM user, group, + role, and policy names must be unique within the account. Names are + not distinguished by case. For example, you cannot create resources + named both "MyResource" and "myresource".

+ Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description:

A list of tags that you want to attach to the new IAM + customer managed policy. Each tag consists of a key name and an associated + value. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

If any + one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created.

+ + required: + - PolicyName + - PolicyDocument + title: CreatePolicyRequest + type: object + CreatePolicyResponse: + description: 'Contains the response to a successful CreatePolicy request. ' + properties: + Policy: + allOf: + - $ref: '#/components/schemas/Policy' + - description: A structure containing details about the new policy. + type: object + CreatePolicyVersionRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM policy to which + you want to add a new version.

For more information about ARNs, + see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description:

The JSON policy document that you want to use as the content + for this new version of the policy.

You must provide policies + in JSON format in IAM. However, for CloudFormation templates formatted + in YAML, you can provide the policy in JSON or YAML format. CloudFormation + always converts a YAML policy to JSON format before submitting it to + IAM.

The maximum length of the policy document that you can pass + in this operation, including whitespace, is listed below. To view the + maximum character counts of a managed policy with no whitespaces, see + IAM + and STS character quotas.

The regex + pattern used to validate this parameter is a string of characters + consisting of the following:

  • Any printable ASCII character + ranging from the space character (\u0020) through the end + of the ASCII character range

  • The printable characters + in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ SetAsDefault: + allOf: + - $ref: '#/components/schemas/booleanType' + - description:

Specifies whether to set this version as the policy's + default version.

When this parameter is true, the + new policy version becomes the operative version. That is, it becomes + the version that is in effect for the IAM users, groups, and roles that + the policy is attached to.

For more information about managed + policy versions, see Versioning + for managed policies in the IAM User Guide.

+ required: + - PolicyArn + - PolicyDocument + title: CreatePolicyVersionRequest + type: object + CreatePolicyVersionResponse: + description: 'Contains the response to a successful CreatePolicyVersion + request. ' + properties: + PolicyVersion: + allOf: + - $ref: '#/components/schemas/PolicyVersion' + - description: A structure containing details about the new policy version. + type: object + CreateRoleRequest: + properties: + AssumeRolePolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description:

The trust relationship policy document that grants an + entity permission to assume the role.

In IAM, you must provide + a JSON policy that has been converted to a string. However, for CloudFormation + templates formatted in YAML, you can provide the policy in JSON or YAML + format. CloudFormation always converts a YAML policy to JSON format + before submitting it to IAM.

The regex + pattern used to validate this parameter is a string of characters + consisting of the following:

  • Any printable ASCII character + ranging from the space character (\u0020) through the end + of the ASCII character range

  • The printable characters + in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +

Upon success, the response includes the same trust policy + in JSON format.

+ Description: + allOf: + - $ref: '#/components/schemas/roleDescriptionType' + - description: A description of the role. + MaxSessionDuration: + allOf: + - $ref: '#/components/schemas/roleMaxSessionDurationType' + - description:

The maximum session duration (in seconds) that you want + to set for the specified role. If you do not specify a value for this + setting, the default maximum of one hour is applied. This setting can + have a value from 1 hour to 12 hours.

Anyone who assumes the + role from the or API can use the DurationSeconds API parameter + or the duration-seconds CLI parameter to request a longer + session. The MaxSessionDuration setting determines the + maximum duration that can be requested using the DurationSeconds + parameter. If users don't specify a value for the DurationSeconds + parameter, their security credentials are valid for one hour by default. + This applies when you use the AssumeRole* API operations + or the assume-role* CLI operations but does not apply when + you use those operations to create a console URL. For more information, + see Using + IAM roles in the IAM User Guide.

+ Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description:

The path to the role. For more information about paths, + see IAM + Identifiers in the IAM User Guide.

This parameter + is optional. If it is not included, it defaults to a slash (/).

+

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ PermissionsBoundary: + allOf: + - $ref: '#/components/schemas/arnType' + - description: The ARN of the policy that is used to set the permissions + boundary for the role. + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description:

The name of the role to create.

IAM user, group, + role, and policy names must be unique within the account. Names are + not distinguished by case. For example, you cannot create resources + named both "MyResource" and "myresource".

+ Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description:

A list of tags that you want to attach to the new role. + Each tag consists of a key name and an associated value. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide.

If any + one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created.

+ + required: + - RoleName + - AssumeRolePolicyDocument + title: CreateRoleRequest + type: object + CreateRoleResponse: + description: 'Contains the response to a successful CreateRole request. ' + example: + Role: + Arn: arn:aws:iam::123456789012:role/Test-Role + AssumeRolePolicyDocument: + CreateDate: '2013-06-07T20:43:32.821Z' + Path: / + RoleId: AKIAIOSFODNN7EXAMPLE + RoleName: Test-Role + properties: + Role: + allOf: + - $ref: '#/components/schemas/Role' + - description: A structure containing details about the new role. + required: + - Role + type: object + CreateSAMLProviderRequest: + properties: + Name: + allOf: + - $ref: '#/components/schemas/SAMLProviderNameType' + - description: '

The name of the provider to create.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + SAMLMetadataDocument: + allOf: + - $ref: '#/components/schemas/SAMLMetadataDocumentType' + - description:

An XML document generated by an identity provider (IdP) + that supports SAML 2.0. The document includes the issuer's name, expiration + information, and keys that can be used to validate the SAML authentication + response (assertions) that are received from the IdP. You must generate + the metadata document using the identity management software that is + used as your organization's IdP.

For more information, see About + SAML 2.0-based federation in the IAM User Guide

+ Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description:

A list of tags that you want to attach to the new IAM + SAML provider. Each tag consists of a key name and an associated value. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

If any + one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created.

+ + required: + - SAMLMetadataDocument + - Name + title: CreateSAMLProviderRequest + type: object + CreateSAMLProviderResponse: + description: 'Contains the response to a successful CreateSAMLProvider + request. ' + properties: + SAMLProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: The Amazon Resource Name (ARN) of the new SAML provider resource + in IAM. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: A list of tags that are attached to the new IAM SAML provider. + The returned list of tags is sorted by tag key. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide. + type: object + CreateServiceLinkedRoleRequest: + properties: + AWSServiceName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

The service principal for the Amazon Web Services service + to which this role is attached. You use a string similar to a URL but + without the http:// in front. For example: elasticbeanstalk.amazonaws.com. +

Service principals are unique and case-sensitive. To find the + exact service principal for your service-linked role, see Amazon + Web Services services that work with IAM in the IAM User Guide. + Look for the services that have Yes in the Service-Linked + Role column. Choose the Yes link to view the service-linked + role documentation for that service.

' + CustomSuffix: + allOf: + - $ref: '#/components/schemas/customSuffixType' + - description:

A string that you provide, which is combined with + the service-provided prefix to form the complete role name. If you make + multiple requests for the same service, then you must supply a different + CustomSuffix for each request. Otherwise the request fails + with a duplicate role name error. For example, you could add -1 + or -debug to the suffix.

Some services do not support + the CustomSuffix parameter. If you provide an optional + suffix and the operation fails, try the operation again without the + suffix.

+ Description: + allOf: + - $ref: '#/components/schemas/roleDescriptionType' + - description: The description of the role. + required: + - AWSServiceName + title: CreateServiceLinkedRoleRequest + type: object + CreateServiceLinkedRoleResponse: + properties: + Role: + allOf: + - $ref: '#/components/schemas/Role' + - description: A Role object that contains details about the newly + created role. + type: object + CreateServiceSpecificCredentialRequest: + properties: + ServiceName: + allOf: + - $ref: '#/components/schemas/serviceName' + - description: The name of the Amazon Web Services service that is to be + associated with the credentials. The service you specify here is the + only service that can be accessed using these credentials. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user that is to be associated with + the credentials. The new service-specific credentials have the same + permissions as the associated user except that they can be used only + to access the specified service.

This parameter allows (through + its regex pattern) a string + of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + required: + - UserName + - ServiceName + title: CreateServiceSpecificCredentialRequest + type: object + CreateServiceSpecificCredentialResponse: + properties: + ServiceSpecificCredential: + allOf: + - $ref: '#/components/schemas/ServiceSpecificCredential' + - description:

A structure that contains information about the newly + created service-specific credential.

This is the + only time that the password for this credential set is available. It + cannot be recovered later. Instead, you must reset the password with + ResetServiceSpecificCredential.

 + type: object + CreateUserRequest: + properties: + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description:

The path for the user name. For more information about + paths, see IAM + identifiers in the IAM User Guide.

This parameter + is optional. If it is not included, it defaults to a slash (/).

+

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ PermissionsBoundary: + allOf: + - $ref: '#/components/schemas/arnType' + - description: The ARN of the policy that is used to set the permissions + boundary for the user. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description:

A list of tags that you want to attach to the new user. + Each tag consists of a key name and an associated value. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide.

If any + one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created.

+ + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description:

The name of the user to create.

IAM user, group, + role, and policy names must be unique within the account. Names are + not distinguished by case. For example, you cannot create resources + named both "MyResource" and "myresource".

+ required: + - UserName + title: CreateUserRequest + type: object + CreateUserResponse: + description: 'Contains the response to a successful CreateUser request. ' + example: + User: + Arn: arn:aws:iam::123456789012:user/Bob + CreateDate: '2013-06-08T03:20:41.270Z' + Path: / + UserId: AKIAIOSFODNN7EXAMPLE + UserName: Bob + properties: + User: + allOf: + - $ref: '#/components/schemas/User' + - description: A structure with details about the new IAM user. + type: object + CreateVirtualMFADeviceRequest: + properties: + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description:

The path for the virtual MFA device. For more information + about paths, see IAM + identifiers in the IAM User Guide.

This parameter + is optional. If it is not included, it defaults to a slash (/).

+

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description:

A list of tags that you want to attach to the new IAM + virtual MFA device. Each tag consists of a key name and an associated + value. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

If any + one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created.

+ + VirtualMFADeviceName: + allOf: + - $ref: '#/components/schemas/virtualMFADeviceName' + - description: '

The name of the virtual MFA device. Use with path to + uniquely identify a virtual MFA device.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following + characters: _+=,.@-

' + required: + - VirtualMFADeviceName + title: CreateVirtualMFADeviceRequest + type: object + CreateVirtualMFADeviceResponse: + description: 'Contains the response to a successful CreateVirtualMFADevice + request. ' + properties: + VirtualMFADevice: + allOf: + - $ref: '#/components/schemas/VirtualMFADevice' + - description: A structure containing details about the new virtual MFA + device. + required: + - VirtualMFADevice + type: object + CredentialReportExpiredException: {} + CredentialReportNotPresentException: {} + CredentialReportNotReadyException: {} + DeactivateMFADeviceRequest: + properties: + SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: '

The serial number that uniquely identifies the MFA device. + For virtual MFA devices, the serial number is the device ARN.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: =,.@:/-

' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user whose MFA device you want to deactivate.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + - SerialNumber + title: DeactivateMFADeviceRequest + type: object + DeleteAccessKeyRequest: + properties: + AccessKeyId: + allOf: + - $ref: '#/components/schemas/accessKeyIdType' + - description:

The access key ID for the access key ID and secret access + key you want to delete.

This parameter allows (through its regex pattern) a string of + characters that can consist of any upper or lowercased letter or digit.

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user whose access key pair you want to + delete.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - AccessKeyId + title: DeleteAccessKeyRequest + type: object + DeleteAccountAliasRequest: + properties: + AccountAlias: + allOf: + - $ref: '#/components/schemas/accountAliasType' + - description:

The name of the account alias to delete.

This parameter + allows (through its regex + pattern) a string of characters consisting of lowercase letters, + digits, and dashes. You cannot start or finish with a dash, nor can + you have two dashes in a row.

+ required: + - AccountAlias + title: DeleteAccountAliasRequest + type: object + DeleteConflictException: {} + DeleteGroupPolicyRequest: + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

The name (friendly name, not ARN) identifying the group + that the policy is embedded in.

This parameter allows (through + its regex pattern) a string + of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: '

The name identifying the policy document to delete.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - GroupName + - PolicyName + title: DeleteGroupPolicyRequest + type: object + DeleteGroupRequest: + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

The name of the IAM group to delete.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - GroupName + title: DeleteGroupRequest + type: object + DeleteInstanceProfileRequest: + properties: + InstanceProfileName: + allOf: + - $ref: '#/components/schemas/instanceProfileNameType' + - description: '

The name of the instance profile to delete.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - InstanceProfileName + title: DeleteInstanceProfileRequest + type: object + DeleteLoginProfileRequest: + properties: + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the user whose password you want to delete.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + title: DeleteLoginProfileRequest + type: object + DeleteOpenIDConnectProviderRequest: + properties: + OpenIDConnectProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: The Amazon Resource Name (ARN) of the IAM OpenID Connect + provider resource object to delete. You can get a list of OpenID Connect + provider resource ARNs by using the ListOpenIDConnectProviders + operation. + required: + - OpenIDConnectProviderArn + title: DeleteOpenIDConnectProviderRequest + type: object + DeletePolicyRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM policy you want + to delete.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ required: + - PolicyArn + title: DeletePolicyRequest + type: object + DeletePolicyVersionRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM policy from + which you want to delete a version.

For more information about + ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ VersionId: + allOf: + - $ref: '#/components/schemas/policyVersionIdType' + - description:

The policy version to delete.

This parameter allows + (through its regex pattern) + a string of characters that consists of the lowercase letter 'v' followed + by one or two digits, and optionally followed by a period '.' and a + string of letters and digits.

For more information about managed + policy versions, see Versioning + for managed policies in the IAM User Guide.

+ required: + - PolicyArn + - VersionId + title: DeletePolicyVersionRequest + type: object + DeleteRolePermissionsBoundaryRequest: + properties: + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: The name (friendly name, not ARN) of the IAM role from which + you want to remove the permissions boundary. + required: + - RoleName + title: DeleteRolePermissionsBoundaryRequest + type: object + DeleteRolePolicyRequest: + properties: + PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: '

The name of the inline policy to delete from the specified + IAM role.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name (friendly name, not ARN) identifying the role + that the policy is embedded in.

This parameter allows (through + its regex pattern) a string + of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + required: + - RoleName + - PolicyName + title: DeleteRolePolicyRequest + type: object + DeleteRoleRequest: + properties: + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name of the role to delete.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - RoleName + title: DeleteRoleRequest + type: object + DeleteSAMLProviderRequest: + properties: + SAMLProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: The Amazon Resource Name (ARN) of the SAML provider to delete. + required: + - SAMLProviderArn + title: DeleteSAMLProviderRequest + type: object + DeleteSSHPublicKeyRequest: + properties: + SSHPublicKeyId: + allOf: + - $ref: '#/components/schemas/publicKeyIdType' + - description:

The unique identifier for the SSH public key.

This + parameter allows (through its regex + pattern) a string of characters that can consist of any upper or + lowercased letter or digit.

+ UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user associated with the SSH public + key.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + - SSHPublicKeyId + title: DeleteSSHPublicKeyRequest + type: object + DeleteServerCertificateRequest: + properties: + ServerCertificateName: + allOf: + - $ref: '#/components/schemas/serverCertificateNameType' + - description: '

The name of the server certificate you want to delete.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - ServerCertificateName + title: DeleteServerCertificateRequest + type: object + DeleteServiceLinkedRoleRequest: + properties: + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: The name of the service-linked role to be deleted. + required: + - RoleName + title: DeleteServiceLinkedRoleRequest + type: object + DeleteServiceLinkedRoleResponse: + properties: + DeletionTaskId: + allOf: + - $ref: '#/components/schemas/DeletionTaskIdType' + - description: The deletion task identifier that you can use to check the + status of the deletion. This identifier is returned in the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>. + required: + - DeletionTaskId + type: object + DeleteServiceSpecificCredentialRequest: + properties: + ServiceSpecificCredentialId: + allOf: + - $ref: '#/components/schemas/serviceSpecificCredentialId' + - description:

The unique identifier of the service-specific credential. + You can get this value by calling ListServiceSpecificCredentials.

+

This parameter allows (through its regex + pattern) a string of characters that can consist of any upper or + lowercased letter or digit.

+ UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user associated with the service-specific + credential. If this value is not specified, then the operation assumes + the user whose credentials are used to call the operation.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - ServiceSpecificCredentialId + title: DeleteServiceSpecificCredentialRequest + type: object + DeleteSigningCertificateRequest: + properties: + CertificateId: + allOf: + - $ref: '#/components/schemas/certificateIdType' + - description:

The ID of the signing certificate to delete.

The + format of this parameter, as described by its regex + pattern, is a string of characters that can be upper- or lower-cased + letters or digits.

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user the signing certificate belongs + to.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - CertificateId + title: DeleteSigningCertificateRequest + type: object + DeleteUserPermissionsBoundaryRequest: + properties: + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name (friendly name, not ARN) of the IAM user from which + you want to remove the permissions boundary. + required: + - UserName + title: DeleteUserPermissionsBoundaryRequest + type: object + DeleteUserPolicyRequest: + properties: + PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: '

The name identifying the policy document to delete.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name (friendly name, not ARN) identifying the user + that the policy is embedded in.

This parameter allows (through + its regex pattern) a string + of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + required: + - UserName + - PolicyName + title: DeleteUserPolicyRequest + type: object + DeleteUserRequest: + properties: + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user to delete.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + title: DeleteUserRequest + type: object + DeleteVirtualMFADeviceRequest: + properties: + SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: '

The serial number that uniquely identifies the MFA device. + For virtual MFA devices, the serial number is the same as the ARN.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: =,.@:/-

' + required: + - SerialNumber + title: DeleteVirtualMFADeviceRequest + type: object + DeletionTaskFailureReasonType: + description:

The reason that the service-linked role deletion failed.

+

This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus + operation.

+ properties: + Reason: + allOf: + - $ref: '#/components/schemas/ReasonType' + - description: A short description of the reason that the service-linked + role deletion failed. + RoleUsageList: + allOf: + - $ref: '#/components/schemas/RoleUsageListType' + - description: A list of objects that contains details about the service-linked + role deletion failure, if that information is returned by the service. + If the service-linked role has active sessions or if any resources that + were used by the role have not been deleted from the linked service, + the role can't be deleted. This parameter includes a list of the resources + that are associated with the role and the Region in which the resources + are being used. + type: object + DeletionTaskIdType: + maxLength: 1000 + minLength: 1 + type: string + DeletionTaskStatusType: + enum: + - SUCCEEDED + - IN_PROGRESS + - FAILED + - NOT_STARTED + type: string + DetachGroupPolicyRequest: + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

The name (friendly name, not ARN) of the IAM group to + detach the policy from.

This parameter allows (through its regex pattern) a string of + characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM policy you want + to detach.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ required: + - GroupName + - PolicyArn + title: DetachGroupPolicyRequest + type: object + DetachRolePolicyRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM policy you want + to detach.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name (friendly name, not ARN) of the IAM role to + detach the policy from.

This parameter allows (through its regex pattern) a string of + characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + required: + - RoleName + - PolicyArn + title: DetachRolePolicyRequest + type: object + DetachUserPolicyRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM policy you want + to detach.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name (friendly name, not ARN) of the IAM user to + detach the policy from.

This parameter allows (through its regex pattern) a string of + characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + required: + - UserName + - PolicyArn + title: DetachUserPolicyRequest + type: object + DuplicateCertificateException: {} + DuplicateSSHPublicKeyException: {} + EnableMFADeviceRequest: + properties: + AuthenticationCode1: + allOf: + - $ref: '#/components/schemas/authenticationCodeType' + - description:

An authentication code emitted by the device.

The + format for this parameter is a string of six digits.

+

Submit your request immediately after generating the authentication + codes. If you generate the codes and then wait too long to submit the + request, the MFA device successfully associates with the user but the + MFA device becomes out of sync. This happens because time-based one-time + passwords (TOTP) expire after a short period of time. If this happens, + you can resync + the device.

 + AuthenticationCode2: + allOf: + - $ref: '#/components/schemas/authenticationCodeType' + - description:

A subsequent authentication code emitted by the device.

+

The format for this parameter is a string of six digits.

+

Submit your request immediately after generating the authentication + codes. If you generate the codes and then wait too long to submit the + request, the MFA device successfully associates with the user but the + MFA device becomes out of sync. This happens because time-based one-time + passwords (TOTP) expire after a short period of time. If this happens, + you can resync + the device.

 + SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: '

The serial number that uniquely identifies the MFA device. + For virtual MFA devices, the serial number is the device ARN.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: =,.@:/-

' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the IAM user for whom you want to enable + the MFA device.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + - SerialNumber + - AuthenticationCode1 + - AuthenticationCode2 + title: EnableMFADeviceRequest + type: object + EntityAlreadyExistsException: {} + EntityDetails: + description:

An object that contains details about when the IAM entities + (users or roles) were last used in an attempt to access the specified Amazon + Web Services service.

This data type is a response element in the GetServiceLastAccessedDetailsWithEntities + operation.

+ properties: + EntityInfo: + allOf: + - $ref: '#/components/schemas/EntityInfo' + - description: "The\_EntityInfo object that contains details\ + \ about the entity (user or role)." + LastAuthenticated: + allOf: + - $ref: '#/components/schemas/dateType' + - description: "

The date and time, in\_ISO 8601 date-time format, when the authenticated entity last attempted\ + \ to access Amazon Web Services. Amazon Web Services does not report\ + \ unauthenticated requests.

This field is null if no IAM entities\ + \ attempted to access the service within the reporting period.

" + required: + - EntityInfo + type: object + EntityInfo: + description:

Contains details about the specified entity (user or role).

+

This data type is an element of the EntityDetails object.

+ properties: + Arn: + $ref: '#/components/schemas/arnType' + Id: + allOf: + - $ref: '#/components/schemas/idType' + - description: The identifier of the entity (user or role). + Name: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the entity (user or role). + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description: 'The path to the entity (user or role). For more information + about paths, see IAM + identifiers in the IAM User Guide. ' + Type: + allOf: + - $ref: '#/components/schemas/policyOwnerEntityType' + - description: The type of entity (user or role). + required: + - Arn + - Name + - Type + - Id + type: object + EntityTemporarilyUnmodifiableException: {} + EntityType: + enum: + - User + - Role + - Group + - LocalManagedPolicy + - AWSManagedPolicy + type: string + ErrorDetails: + description:

Contains information about the reason that the operation failed.

+

This data type is used as a response element in the GetOrganizationsAccessReport, + GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities + operations.

+ properties: + Code: + allOf: + - $ref: '#/components/schemas/stringType' + - description: The error code associated with the operation failure. + Message: + allOf: + - $ref: '#/components/schemas/stringType' + - description: Detailed information about the reason that the operation + failed. + required: + - Message + - Code + type: object + EvalDecisionDetailsType: + additionalProperties: + $ref: '#/components/schemas/PolicyEvaluationDecisionType' + type: object + EvalDecisionSourceType: + maxLength: 256 + minLength: 3 + type: string + EvaluationResult: + description:

Contains the results of a simulation.

This data type + is used by the return parameter of SimulateCustomPolicy + and SimulatePrincipalPolicy .

+ properties: + EvalActionName: + allOf: + - $ref: '#/components/schemas/ActionNameType' + - description: The name of the API operation tested on the indicated resource. + EvalDecision: + allOf: + - $ref: '#/components/schemas/PolicyEvaluationDecisionType' + - description: The result of the simulation. + EvalDecisionDetails: + allOf: + - $ref: '#/components/schemas/EvalDecisionDetailsType' + - description:

Additional details about the results of the cross-account + evaluation decision. This parameter is populated for only cross-account + simulations. It contains a brief summary of how each policy type contributes + to the final evaluation decision.

If the simulation evaluates + policies within the same account and includes a resource ARN, then the + parameter is present but the response is empty. If the simulation evaluates + policies within the same account and specifies all resources (*), + then the parameter is not returned.

When you make a cross-account + request, Amazon Web Services evaluates the request in the trusting account + and the trusted account. The request is allowed only if both evaluations + return true. For more information about how policies are + evaluated, see Evaluating + policies within a single account.

If an Organizations SCP + included in the evaluation denies access, the simulation ends. In this + case, policy evaluation does not proceed any further and this parameter + is not returned.

+ EvalResourceName: + allOf: + - $ref: '#/components/schemas/ResourceNameType' + - description: The ARN of the resource that the indicated API operation + was tested on. + MatchedStatements: + allOf: + - $ref: '#/components/schemas/StatementListType' + - description: A list of the statements in the input policies that determine + the result for this scenario. Remember that even if multiple statements + allow the operation on the resource, if only one statement denies that + operation, then the explicit deny overrides any allow. In addition, + the deny statement is the only entry included in the result. + MissingContextValues: + allOf: + - $ref: '#/components/schemas/ContextKeyNamesResultListType' + - description: A list of context keys that are required by the included + input policies but that were not provided by one of the input parameters. + This list is used when the resource in a simulation is "*", either explicitly, + or when the ResourceArns parameter blank. If you include + a list of resources, then any missing context values are instead included + under the ResourceSpecificResults section. To discover + the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy + or GetContextKeysForPrincipalPolicy. + OrganizationsDecisionDetail: + allOf: + - $ref: '#/components/schemas/OrganizationsDecisionDetail' + - description: A structure that details how Organizations and its service + control policies affect the results of the simulation. Only applies + if the simulated user's account is part of an organization. + PermissionsBoundaryDecisionDetail: + allOf: + - $ref: '#/components/schemas/PermissionsBoundaryDecisionDetail' + - description: Contains information about the effect that a permissions + boundary has on a policy simulation when the boundary is applied to + an IAM entity. + ResourceSpecificResults: + allOf: + - $ref: '#/components/schemas/ResourceSpecificResultListType' + - description: The individual results of the simulation of the API operation + specified in EvalActionName on each resource. + required: + - EvalActionName + - EvalDecision + type: object + EvaluationResultsListType: + items: + allOf: + - $ref: '#/components/schemas/EvaluationResult' + - xml: + name: member + type: array + GenerateCredentialReportResponse: + description: 'Contains the response to a successful GenerateCredentialReport + request. ' + properties: + Description: + allOf: + - $ref: '#/components/schemas/ReportStateDescriptionType' + - description: Information about the credential report. + State: + allOf: + - $ref: '#/components/schemas/ReportStateType' + - description: Information about the state of the credential report. + type: object + GenerateOrganizationsAccessReportRequest: + properties: + EntityPath: + allOf: + - $ref: '#/components/schemas/organizationsEntityPathType' + - description: The path of the Organizations entity (root, OU, or account). + You can build an entity path using the known structure of your organization. + For example, assume that your account ID is 123456789012 + and its parent OU ID is ou-rge0-awsabcde. The organization + root ID is r-f6g7h8i9j0example and your organization ID + is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012. + OrganizationsPolicyId: + allOf: + - $ref: '#/components/schemas/organizationsPolicyIdType' + - description:

The identifier of the Organizations service control policy + (SCP). This parameter is optional.

This ID is used to generate + information about when an account principal that is limited by the SCP + attempted to access an Amazon Web Services service.

+ required: + - EntityPath + title: GenerateOrganizationsAccessReportRequest + type: object + GenerateOrganizationsAccessReportResponse: + example: + JobId: examplea-1234-b567-cde8-90fg123abcd4 + properties: + JobId: + allOf: + - $ref: '#/components/schemas/jobIDType' + - description: The job identifier that you can use in the GetOrganizationsAccessReport + operation. + type: object + GenerateServiceLastAccessedDetailsRequest: + properties: + Arn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: The ARN of the IAM resource (user, group, role, or managed + policy) used to generate information about when the resource was last + used in an attempt to access an Amazon Web Services service. + Granularity: + allOf: + - $ref: '#/components/schemas/AccessAdvisorUsageGranularityType' + - description: The level of detail that you want to generate. You can specify + whether you want to generate information about the last attempt to access + services or actions. If you specify service-level granularity, this + operation generates only service data. If you specify action-level granularity, + it generates service and action data. If you don't include this optional + parameter, the operation generates service data. + required: + - Arn + title: GenerateServiceLastAccessedDetailsRequest + type: object + GenerateServiceLastAccessedDetailsResponse: + example: + JobId: examplef-1305-c245-eba4-71fe298bcda7 + properties: + JobId: + allOf: + - $ref: '#/components/schemas/jobIDType' + - description: The JobId that you can use in the GetServiceLastAccessedDetails + or GetServiceLastAccessedDetailsWithEntities operations. The + JobId returned by GenerateServiceLastAccessedDetail + must be used by the same role within a session, or by the same user + when used to call GetServiceLastAccessedDetail. + type: object + GetAccessKeyLastUsedRequest: + properties: + AccessKeyId: + allOf: + - $ref: '#/components/schemas/accessKeyIdType' + - description:

The identifier of an access key.

This parameter + allows (through its regex + pattern) a string of characters that can consist of any upper or + lowercased letter or digit.

+ required: + - AccessKeyId + title: GetAccessKeyLastUsedRequest + type: object + GetAccessKeyLastUsedResponse: + description: Contains the response to a successful GetAccessKeyLastUsed + request. It is also returned as a member of the AccessKeyMetaData structure + returned by the ListAccessKeys action. + properties: + AccessKeyLastUsed: + allOf: + - $ref: '#/components/schemas/AccessKeyLastUsed' + - description: Contains information about the last time the access key was + used. + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description:

The name of the IAM user that owns this access key.

+

+ type: object + GetAccountAuthorizationDetailsRequest: + properties: + Filter: + allOf: + - $ref: '#/components/schemas/entityListType' + - description:

A list of entity types used to filter the results. Only + the entities that match the types you specify are included in the output. + Use the value LocalManagedPolicy to include customer managed + policies.

The format for this parameter is a comma-separated + (if more than one) list of strings. Each string value in the list must + be one of the valid values listed below.

+ Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ title: GetAccountAuthorizationDetailsRequest + type: object + GetAccountAuthorizationDetailsResponse: + description: 'Contains the response to a successful GetAccountAuthorizationDetails + request. ' + properties: + GroupDetailList: + allOf: + - $ref: '#/components/schemas/groupDetailListType' + - description: A list containing information about IAM groups. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + Policies: + allOf: + - $ref: '#/components/schemas/ManagedPolicyDetailListType' + - description: A list containing information about managed policies. + RoleDetailList: + allOf: + - $ref: '#/components/schemas/roleDetailListType' + - description: A list containing information about IAM roles. + UserDetailList: + allOf: + - $ref: '#/components/schemas/userDetailListType' + - description: A list containing information about IAM users. + type: object + GetAccountPasswordPolicyResponse: + description: 'Contains the response to a successful GetAccountPasswordPolicy + request. ' + example: + PasswordPolicy: + AllowUsersToChangePassword: false + ExpirePasswords: false + HardExpiry: false + MaxPasswordAge: 90 + MinimumPasswordLength: 8 + PasswordReusePrevention: 12 + RequireLowercaseCharacters: false + RequireNumbers: true + RequireSymbols: true + RequireUppercaseCharacters: false + properties: + PasswordPolicy: + allOf: + - $ref: '#/components/schemas/PasswordPolicy' + - description: A structure that contains details about the account's password + policy. + required: + - PasswordPolicy + type: object + GetAccountSummaryResponse: + description: 'Contains the response to a successful GetAccountSummary + request. ' + example: + SummaryMap: + AccessKeysPerUserQuota: 2 + AccountAccessKeysPresent: 1 + AccountMFAEnabled: 0 + AccountSigningCertificatesPresent: 0 + AttachedPoliciesPerGroupQuota: 10 + AttachedPoliciesPerRoleQuota: 10 + AttachedPoliciesPerUserQuota: 10 + GlobalEndpointTokenVersion: 2 + GroupPolicySizeQuota: 5120 + Groups: 15 + GroupsPerUserQuota: 10 + GroupsQuota: 100 + MFADevices: 6 + MFADevicesInUse: 3 + Policies: 8 + PoliciesQuota: 1000 + PolicySizeQuota: 5120 + PolicyVersionsInUse: 22 + PolicyVersionsInUseQuota: 10000 + ServerCertificates: 1 + ServerCertificatesQuota: 20 + SigningCertificatesPerUserQuota: 2 + UserPolicySizeQuota: 2048 + Users: 27 + UsersQuota: 5000 + VersionsPerPolicyQuota: 5 + properties: + SummaryMap: + allOf: + - $ref: '#/components/schemas/summaryMapType' + - description: "A set of key\u2013value pairs containing information about\ + \ IAM entity usage and IAM quotas." + type: object + GetContextKeysForCustomPolicyRequest: + properties: + PolicyInputList: + allOf: + - $ref: '#/components/schemas/SimulationPolicyListType' + - description:

A list of policies for which you want the list of context + keys referenced in those policies. Each document is specified as a string + containing the complete, valid JSON text of an IAM policy.

The + regex pattern used to + validate this parameter is a string of characters consisting of the + following:

  • Any printable ASCII character ranging from + the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ required: + - PolicyInputList + title: GetContextKeysForCustomPolicyRequest + type: object + GetContextKeysForPolicyResponse: + description: 'Contains the response to a successful GetContextKeysForPrincipalPolicy + or GetContextKeysForCustomPolicy request. ' + properties: + ContextKeyNames: + allOf: + - $ref: '#/components/schemas/ContextKeyNamesResultListType' + - description: The list of context keys that are referenced in the input + policies. + type: object + GetContextKeysForPrincipalPolicyRequest: + properties: + PolicyInputList: + allOf: + - $ref: '#/components/schemas/SimulationPolicyListType' + - description:

An optional list of additional policies for which you + want the list of context keys that are referenced.

The regex + pattern used to validate this parameter is a string of characters + consisting of the following:

  • Any printable ASCII character + ranging from the space character (\u0020) through the end + of the ASCII character range

  • The printable characters + in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ PolicySourceArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The ARN of a user, group, or role whose policies contain + the context keys that you want listed. If you specify a user, the list + includes context keys that are found in all policies that are attached + to the user. The list also includes all groups that the user is a member + of. If you pick a group or a role, then it includes only those context + keys that are found in policies attached to that entity. Note that all + parameters are shown in unencoded form here for clarity, but must be + URL encoded to be included as a part of a real HTML request.

For + more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ required: + - PolicySourceArn + title: GetContextKeysForPrincipalPolicyRequest + type: object + GetCredentialReportResponse: + description: 'Contains the response to a successful GetCredentialReport + request. ' + properties: + Content: + allOf: + - $ref: '#/components/schemas/ReportContentType' + - description: Contains the credential report. The report is Base64-encoded. + GeneratedTime: + allOf: + - $ref: '#/components/schemas/dateType' + - description: ' The date and time when the credential report was created, + in ISO 8601 date-time format.' + ReportFormat: + allOf: + - $ref: '#/components/schemas/ReportFormatType' + - description: The format (MIME type) of the credential report. + type: object + GetGroupPolicyRequest: + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

The name of the group the policy is associated with.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: '

The name of the policy document to get.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - GroupName + - PolicyName + title: GetGroupPolicyRequest + type: object + GetGroupPolicyResponse: + description: 'Contains the response to a successful GetGroupPolicy request. ' + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: The group the policy is associated with. + PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description:

The policy document.

IAM stores policies in JSON + format. However, resources that were created using CloudFormation templates + can be formatted in YAML. CloudFormation always converts a YAML policy + to JSON format before submitting it to IAM.

+ PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: The name of the policy. + required: + - GroupName + - PolicyName + - PolicyDocument + type: object + GetGroupRequest: + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

The name of the group.

This parameter allows (through + its regex pattern) a string + of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ required: + - GroupName + title: GetGroupRequest + type: object + GetGroupResponse: + description: 'Contains the response to a successful GetGroup request. ' + properties: + Group: + allOf: + - $ref: '#/components/schemas/Group' + - description: A structure that contains details about the group. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + Users: + allOf: + - $ref: '#/components/schemas/userListType' + - description: A list of users in the group. + required: + - Group + - Users + type: object + GetInstanceProfileRequest: + properties: + InstanceProfileName: + allOf: + - $ref: '#/components/schemas/instanceProfileNameType' + - description: '

The name of the instance profile to get information about.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - InstanceProfileName + title: GetInstanceProfileRequest + type: object + GetInstanceProfileResponse: + description: 'Contains the response to a successful GetInstanceProfile + request. ' + example: + InstanceProfile: + Arn: arn:aws:iam::336924118301:instance-profile/ExampleInstanceProfile + CreateDate: '2013-06-12T23:52:02Z' + InstanceProfileId: AID2MAB8DPLSRHEXAMPLE + InstanceProfileName: ExampleInstanceProfile + Path: / + Roles: + - Arn: arn:aws:iam::336924118301:role/Test-Role + AssumeRolePolicyDocument: + CreateDate: '2013-01-09T06:33:26Z' + Path: / + RoleId: AIDGPMS9RO4H3FEXAMPLE + RoleName: Test-Role + properties: + InstanceProfile: + allOf: + - $ref: '#/components/schemas/InstanceProfile' + - description: A structure containing details about the instance profile. + required: + - InstanceProfile + type: object + GetLoginProfileRequest: + properties: + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the user whose login profile you want to + retrieve.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + title: GetLoginProfileRequest + type: object + GetLoginProfileResponse: + description: 'Contains the response to a successful GetLoginProfile request. ' + example: + LoginProfile: + CreateDate: '2012-09-21T23:03:39Z' + UserName: Anika + properties: + LoginProfile: + allOf: + - $ref: '#/components/schemas/LoginProfile' + - description: A structure containing the user name and the profile creation + date for the user. + required: + - LoginProfile + type: object + GetOpenIDConnectProviderRequest: + properties: + OpenIDConnectProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the OIDC provider resource + object in IAM to get information for. You can get a list of OIDC provider + resource ARNs by using the ListOpenIDConnectProviders operation.

+

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ required: + - OpenIDConnectProviderArn + title: GetOpenIDConnectProviderRequest + type: object + GetOpenIDConnectProviderResponse: + description: 'Contains the response to a successful GetOpenIDConnectProvider + request. ' + properties: + ClientIDList: + allOf: + - $ref: '#/components/schemas/clientIDListType' + - description: A list of client IDs (also known as audiences) that are associated + with the specified IAM OIDC provider resource object. For more information, + see CreateOpenIDConnectProvider. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time when the IAM OIDC provider resource object + was created in the Amazon Web Services account. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: A list of tags that are attached to the specified IAM OIDC + provider. The returned list of tags is sorted by tag key. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide. + ThumbprintList: + allOf: + - $ref: '#/components/schemas/thumbprintListType' + - description: 'A list of certificate thumbprints that are associated with + the specified IAM OIDC provider resource object. For more information, + see CreateOpenIDConnectProvider. ' + Url: + allOf: + - $ref: '#/components/schemas/OpenIDConnectProviderUrlType' + - description: The URL that the IAM OIDC provider resource object is associated + with. For more information, see CreateOpenIDConnectProvider. + type: object + GetOrganizationsAccessReportRequest: + properties: + JobId: + allOf: + - $ref: '#/components/schemas/jobIDType' + - description: The identifier of the request generated by the GenerateOrganizationsAccessReport + operation. + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ SortKey: + allOf: + - $ref: '#/components/schemas/sortKeyType' + - description: The key that is used to sort the results. If you choose the + namespace key, the results are returned in alphabetical order. If you + choose the time key, the results are sorted numerically by the date + and time. + required: + - JobId + title: GetOrganizationsAccessReportRequest + type: object + GetOrganizationsAccessReportResponse: + example: + AccessDetails: + - EntityPath: o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-1a2b3c-k9l8m7n6o5example/111122223333 + LastAuthenticatedTime: '2019-05-25T16:29:52Z' + Region: us-east-1 + ServiceName: Amazon DynamoDB + ServiceNamespace: dynamodb + TotalAuthenticatedEntities: 2 + - EntityPath: o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-1a2b3c-k9l8m7n6o5example/123456789012 + LastAuthenticatedTime: '2019-06-15T13:12:06Z' + Region: us-east-1 + ServiceName: AWS Identity and Access Management + ServiceNamespace: iam + TotalAuthenticatedEntities: 4 + - ServiceName: Amazon Simple Storage Service + ServiceNamespace: s3 + TotalAuthenticatedEntities: 0 + IsTruncated: false + JobCompletionDate: '2019-06-18T19:47:35.241Z' + JobCreationDate: '2019-06-18T19:47:31.466Z' + JobStatus: COMPLETED + NumberOfServicesAccessible: 3 + NumberOfServicesNotAccessed: 1 + properties: + AccessDetails: + allOf: + - $ref: '#/components/schemas/AccessDetails' + - description: "An\_object that contains details about the most recent attempt\ + \ to access the service." + ErrorDetails: + $ref: '#/components/schemas/ErrorDetails' + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + JobCompletionDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: "

The date and time, in\_ISO 8601 date-time format, when the generated report job was completed\ + \ or failed.

This field is null if the job is still in progress,\ + \ as indicated by a job status value of IN_PROGRESS.

" + JobCreationDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: "The date and time, in\_ISO 8601 date-time format, when the report job was created." + JobStatus: + allOf: + - $ref: '#/components/schemas/jobStatusType' + - description: The status of the job. + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + NumberOfServicesAccessible: + allOf: + - $ref: '#/components/schemas/integerType' + - description: The number of services that the applicable SCPs allow account + principals to access. + NumberOfServicesNotAccessed: + allOf: + - $ref: '#/components/schemas/integerType' + - description: The number of services that account principals are allowed + but did not attempt to access. + required: + - JobStatus + - JobCreationDate + type: object + GetPolicyRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the managed policy that + you want information about.

For more information about ARNs, + see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ required: + - PolicyArn + title: GetPolicyRequest + type: object + GetPolicyResponse: + description: 'Contains the response to a successful GetPolicy request. ' + properties: + Policy: + allOf: + - $ref: '#/components/schemas/Policy' + - description: A structure containing details about the policy. + type: object + GetPolicyVersionRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the managed policy that + you want information about.

For more information about ARNs, + see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ VersionId: + allOf: + - $ref: '#/components/schemas/policyVersionIdType' + - description:

Identifies the policy version to retrieve.

This + parameter allows (through its regex + pattern) a string of characters that consists of the lowercase letter + 'v' followed by one or two digits, and optionally followed by a period + '.' and a string of letters and digits.

+ required: + - PolicyArn + - VersionId + title: GetPolicyVersionRequest + type: object + GetPolicyVersionResponse: + description: 'Contains the response to a successful GetPolicyVersion + request. ' + properties: + PolicyVersion: + allOf: + - $ref: '#/components/schemas/PolicyVersion' + - description: A structure containing details about the policy version. + type: object + GetRolePolicyRequest: + properties: + PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: '

The name of the policy document to get.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name of the role associated with the policy.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - RoleName + - PolicyName + title: GetRolePolicyRequest + type: object + GetRolePolicyResponse: + description: 'Contains the response to a successful GetRolePolicy request. ' + properties: + PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description:

The policy document.

IAM stores policies in JSON + format. However, resources that were created using CloudFormation templates + can be formatted in YAML. CloudFormation always converts a YAML policy + to JSON format before submitting it to IAM.

+ PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: The name of the policy. + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: The role the policy is associated with. + required: + - RoleName + - PolicyName + - PolicyDocument + type: object + GetRoleRequest: + properties: + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name of the IAM role to get information about.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - RoleName + title: GetRoleRequest + type: object + GetRoleResponse: + description: 'Contains the response to a successful GetRole request. ' + example: + Role: + Arn: arn:aws:iam::123456789012:role/Test-Role + AssumeRolePolicyDocument: + CreateDate: '2013-04-18T05:01:58Z' + MaxSessionDuration: 3600 + Path: / + RoleId: AROADBQP57FF2AEXAMPLE + RoleLastUsed: + LastUsedDate: '2019-11-18T05:01:58Z' + Region: us-east-1 + RoleName: Test-Role + properties: + Role: + allOf: + - $ref: '#/components/schemas/Role' + - description: A structure containing details about the IAM role. + required: + - Role + type: object + GetSAMLProviderRequest: + properties: + SAMLProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the SAML provider resource + object in IAM to get information about.

For more information + about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ required: + - SAMLProviderArn + title: GetSAMLProviderRequest + type: object + GetSAMLProviderResponse: + description: 'Contains the response to a successful GetSAMLProvider request. ' + properties: + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time when the SAML provider was created. + SAMLMetadataDocument: + allOf: + - $ref: '#/components/schemas/SAMLMetadataDocumentType' + - description: The XML metadata document that includes information about + an identity provider. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: A list of tags that are attached to the specified IAM SAML + provider. The returned list of tags is sorted by tag key. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide. + ValidUntil: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The expiration date and time for the SAML provider. + type: object + GetSSHPublicKeyRequest: + properties: + Encoding: + allOf: + - $ref: '#/components/schemas/encodingType' + - description: Specifies the public key encoding format to use in the response. + To retrieve the public key in ssh-rsa format, use SSH. + To retrieve the public key in PEM format, use PEM. + SSHPublicKeyId: + allOf: + - $ref: '#/components/schemas/publicKeyIdType' + - description:

The unique identifier for the SSH public key.

This + parameter allows (through its regex + pattern) a string of characters that can consist of any upper or + lowercased letter or digit.

+ UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user associated with the SSH public + key.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + - SSHPublicKeyId + - Encoding + title: GetSSHPublicKeyRequest + type: object + GetSSHPublicKeyResponse: + description: Contains the response to a successful GetSSHPublicKey request. + properties: + SSHPublicKey: + allOf: + - $ref: '#/components/schemas/SSHPublicKey' + - description: A structure containing details about the SSH public key. + type: object + GetServerCertificateRequest: + properties: + ServerCertificateName: + allOf: + - $ref: '#/components/schemas/serverCertificateNameType' + - description: '

The name of the server certificate you want to retrieve + information about.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - ServerCertificateName + title: GetServerCertificateRequest + type: object + GetServerCertificateResponse: + description: 'Contains the response to a successful GetServerCertificate + request. ' + properties: + ServerCertificate: + allOf: + - $ref: '#/components/schemas/ServerCertificate' + - description: A structure containing details about the server certificate. + required: + - ServerCertificate + type: object + GetServiceLastAccessedDetailsRequest: + properties: + JobId: + allOf: + - $ref: '#/components/schemas/jobIDType' + - description: The ID of the request generated by the GenerateServiceLastAccessedDetails + operation. The JobId returned by GenerateServiceLastAccessedDetail + must be used by the same role within a session, or by the same user + when used to call GetServiceLastAccessedDetail. + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ required: + - JobId + title: GetServiceLastAccessedDetailsRequest + type: object + GetServiceLastAccessedDetailsResponse: + example: + IsTruncated: false + JobCompletionDate: '2018-10-24T19:47:35.241Z' + JobCreationDate: '2018-10-24T19:47:31.466Z' + JobStatus: COMPLETED + ServicesLastAccessed: + - LastAuthenticated: '2018-10-24T19:11:00Z' + LastAuthenticatedEntity: arn:aws:iam::123456789012:user/AWSExampleUser01 + ServiceName: AWS Identity and Access Management + ServiceNamespace: iam + TotalAuthenticatedEntities: 2 + - ServiceName: Amazon Simple Storage Service + ServiceNamespace: s3 + TotalAuthenticatedEntities: 0 + properties: + Error: + allOf: + - $ref: '#/components/schemas/ErrorDetails' + - description: An object that contains details about the reason the operation + failed. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + JobCompletionDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: "

The date and time, in\_ISO 8601 date-time format, when the generated report job was completed\ + \ or failed.

This field is null if the job is still in progress,\ + \ as indicated by a job status value of IN_PROGRESS.

" + JobCreationDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: "The date and time, in\_ISO 8601 date-time format, when the report job was created." + JobStatus: + allOf: + - $ref: '#/components/schemas/jobStatusType' + - description: The status of the job. + JobType: + allOf: + - $ref: '#/components/schemas/AccessAdvisorUsageGranularityType' + - description: The type of job. Service jobs return information about when + each service was last accessed. Action jobs also include information + about when tracked actions within the service were last accessed. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + ServicesLastAccessed: + allOf: + - $ref: '#/components/schemas/ServicesLastAccessed' + - description: " A\_ServiceLastAccessed object that contains\ + \ details about the most recent attempt to access the service." + required: + - JobStatus + - JobCreationDate + - ServicesLastAccessed + - JobCompletionDate + type: object + GetServiceLastAccessedDetailsWithEntitiesRequest: + properties: + JobId: + allOf: + - $ref: '#/components/schemas/jobIDType' + - description: The ID of the request generated by the GenerateServiceLastAccessedDetails + operation. + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ ServiceNamespace: + allOf: + - $ref: '#/components/schemas/serviceNamespaceType' + - description: "

The service namespace for an Amazon Web Services service.\ + \ Provide the service namespace to learn when the IAM entity last attempted\ + \ to access the specified service.

To learn the service namespace\ + \ for a service, see Actions, resources, and condition keys for Amazon Web Services services\ + \ in the IAM User Guide. Choose the name of the service to view\ + \ details for that service. In the first paragraph, find the service\ + \ prefix. For example, (service prefix: a4b). For more\ + \ information about service namespaces, see Amazon Web Services service namespaces in the\_Amazon Web Services\ + \ General Reference.

" + required: + - JobId + - ServiceNamespace + title: GetServiceLastAccessedDetailsWithEntitiesRequest + type: object + GetServiceLastAccessedDetailsWithEntitiesResponse: + example: + EntityDetailsList: + - EntityInfo: + Arn: arn:aws:iam::123456789012:user/AWSExampleUser01 + Id: AIDAEX2EXAMPLEB6IGCDC + Name: AWSExampleUser01 + Path: / + Type: USER + LastAuthenticated: '2018-10-24T19:10:00Z' + - EntityInfo: + Arn: arn:aws:iam::123456789012:role/AWSExampleRole01 + Id: AROAEAEXAMPLEIANXSIU4 + Name: AWSExampleRole01 + Path: / + Type: ROLE + IsTruncated: false + JobCompletionDate: '2018-10-24T19:47:35.241Z' + JobCreationDate: '2018-10-24T19:47:31.466Z' + JobStatus: COMPLETED + properties: + EntityDetailsList: + allOf: + - $ref: '#/components/schemas/entityDetailsListType' + - description: "An\_EntityDetailsList object that contains\ + \ details about when an IAM entity (user or role) used group or policy\ + \ permissions in an attempt to access the specified Amazon Web Services\ + \ service." + Error: + allOf: + - $ref: '#/components/schemas/ErrorDetails' + - description: An object that contains details about the reason the operation + failed. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + JobCompletionDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: "

The date and time, in\_ISO 8601 date-time format, when the generated report job was completed\ + \ or failed.

This field is null if the job is still in progress,\ + \ as indicated by a job status value of IN_PROGRESS.

" + JobCreationDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: "The date and time, in\_ISO 8601 date-time format, when the report job was created." + JobStatus: + allOf: + - $ref: '#/components/schemas/jobStatusType' + - description: The status of the job. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + required: + - JobStatus + - JobCreationDate + - JobCompletionDate + - EntityDetailsList + type: object + GetServiceLinkedRoleDeletionStatusRequest: + properties: + DeletionTaskId: + allOf: + - $ref: '#/components/schemas/DeletionTaskIdType' + - description: The deletion task identifier. This identifier is returned + by the DeleteServiceLinkedRole operation in the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>. + required: + - DeletionTaskId + title: GetServiceLinkedRoleDeletionStatusRequest + type: object + GetServiceLinkedRoleDeletionStatusResponse: + properties: + Reason: + allOf: + - $ref: '#/components/schemas/DeletionTaskFailureReasonType' + - description: An object that contains details about the reason the deletion + failed. + Status: + allOf: + - $ref: '#/components/schemas/DeletionTaskStatusType' + - description: The status of the deletion. + required: + - Status + type: object + GetUserPolicyRequest: + properties: + PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: '

The name of the policy document to get.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user who the policy is associated with.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + - PolicyName + title: GetUserPolicyRequest + type: object + GetUserPolicyResponse: + description: 'Contains the response to a successful GetUserPolicy request. ' + properties: + PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description:

The policy document.

IAM stores policies in JSON + format. However, resources that were created using CloudFormation templates + can be formatted in YAML. CloudFormation always converts a YAML policy + to JSON format before submitting it to IAM.

+ PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: The name of the policy. + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: The user the policy is associated with. + required: + - UserName + - PolicyName + - PolicyDocument + type: object + GetUserRequest: + properties: + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user to get information about.

This + parameter is optional. If it is not included, it defaults to the user + making the request. This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + title: GetUserRequest + type: object + GetUserResponse: + description: 'Contains the response to a successful GetUser request. ' + example: + User: + Arn: arn:aws:iam::123456789012:user/Bob + CreateDate: '2012-09-21T23:03:13Z' + Path: / + UserId: AKIAIOSFODNN7EXAMPLE + UserName: Bob + properties: + User: + allOf: + - $ref: '#/components/schemas/User' + - description:

A structure containing details about the IAM user.

+

Due to a service issue, password last used data does + not include password use from May 3, 2018 22:50 PDT to May 23, 2018 + 14:08 PDT. This affects last + sign-in dates shown in the IAM console and password last used dates + in the IAM + credential report, and returned by this operation. If users signed + in during the affected time, the password last used date that is returned + is the date the user last signed in before May 3, 2018. For users that + signed in after May 23, 2018 14:08 PDT, the returned password last used + date is accurate.

You can use password last used information + to identify unused credentials for deletion. For example, you might + delete users who did not sign in to Amazon Web Services in the last + 90 days. In cases like this, we recommend that you adjust your evaluation + window to include dates after May 23, 2018. Alternatively, if your users + use access keys to access Amazon Web Services programmatically you can + refer to access key last used information because it is accurate for + all dates.

+ required: + - User + type: object + Group: + description:

Contains information about an IAM group entity.

This + data type is used as a response element in the following operations:

+ properties: + Arn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: ' The Amazon Resource Name (ARN) specifying the group. For + more information about ARNs and how to use them in policies, see IAM + identifiers in the IAM User Guide. ' + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO + 8601 date-time format, when the group was created. + GroupId: + allOf: + - $ref: '#/components/schemas/idType' + - description: ' The stable and unique string identifying the group. For + more information about IDs, see IAM + identifiers in the IAM User Guide. ' + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: The friendly name that identifies the group. + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description: 'The path to the group. For more information about paths, + see IAM + identifiers in the IAM User Guide. ' + required: + - Path + - GroupName + - GroupId + - Arn + - CreateDate + type: object + GroupDetail: + description:

Contains information about an IAM group, including all of the + group's policies.

This data type is used as a response element in the + GetAccountAuthorizationDetails operation.

+ properties: + Arn: + $ref: '#/components/schemas/arnType' + AttachedManagedPolicies: + allOf: + - $ref: '#/components/schemas/attachedPoliciesListType' + - description: A list of the managed policies attached to the group. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO + 8601 date-time format, when the group was created. + GroupId: + allOf: + - $ref: '#/components/schemas/idType' + - description: The stable and unique string identifying the group. For more + information about IDs, see IAM + identifiers in the IAM User Guide. + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: The friendly name that identifies the group. + GroupPolicyList: + allOf: + - $ref: '#/components/schemas/policyDetailListType' + - description: A list of the inline policies embedded in the group. + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description: The path to the group. For more information about paths, + see IAM + identifiers in the IAM User Guide. + type: object + InstanceProfile: + description:

Contains information about an instance profile.

This + data type is used as a response element in the following operations:

+ properties: + Arn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: ' The Amazon Resource Name (ARN) specifying the instance + profile. For more information about ARNs and how to use them in policies, + see IAM + identifiers in the IAM User Guide. ' + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date when the instance profile was created. + InstanceProfileId: + allOf: + - $ref: '#/components/schemas/idType' + - description: ' The stable and unique string identifying the instance profile. + For more information about IDs, see IAM + identifiers in the IAM User Guide. ' + InstanceProfileName: + allOf: + - $ref: '#/components/schemas/instanceProfileNameType' + - description: The name identifying the instance profile. + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description: ' The path to the instance profile. For more information + about paths, see IAM + identifiers in the IAM User Guide. ' + Roles: + allOf: + - $ref: '#/components/schemas/roleListType' + - description: The role associated with the instance profile. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: A list of tags that are attached to the instance profile. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide. + required: + - Path + - InstanceProfileName + - InstanceProfileId + - Arn + - CreateDate + - Roles + type: object + InvalidAuthenticationCodeException: {} + InvalidCertificateException: {} + InvalidInputException: {} + InvalidPublicKeyException: {} + InvalidUserTypeException: {} + KeyPairMismatchException: {} + LimitExceededException: {} + LineNumber: + type: integer + ListAccessKeysRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user.

This parameter allows (through + its regex pattern) a string + of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + title: ListAccessKeysRequest + type: object + ListAccessKeysResponse: + description: 'Contains the response to a successful ListAccessKeys request. ' + example: + AccessKeyMetadata: + - AccessKeyId: AKIA111111111EXAMPLE + CreateDate: '2016-12-01T22:19:58Z' + Status: Active + UserName: Alice + - AccessKeyId: AKIA222222222EXAMPLE + CreateDate: '2016-12-01T22:20:01Z' + Status: Active + UserName: Alice + properties: + AccessKeyMetadata: + allOf: + - $ref: '#/components/schemas/accessKeyMetadataListType' + - description: A list of objects containing metadata about the access keys. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + required: + - AccessKeyMetadata + type: object + ListAccountAliasesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ title: ListAccountAliasesRequest + type: object + ListAccountAliasesResponse: + description: 'Contains the response to a successful ListAccountAliases + request. ' + example: + AccountAliases: + - exmaple-corporation + properties: + AccountAliases: + allOf: + - $ref: '#/components/schemas/accountAliasListType' + - description: A list of aliases associated with the account. Amazon Web + Services supports only one alias per account. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + required: + - AccountAliases + type: object + ListAttachedGroupPoliciesRequest: + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

The name (friendly name, not ARN) of the group to list + attached policies for.

This parameter allows (through its regex pattern) a string of + characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ PathPrefix: + allOf: + - $ref: '#/components/schemas/policyPathType' + - description:

The path prefix for filtering the results. This parameter + is optional. If it is not included, it defaults to a slash (/), listing + all policies.

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ required: + - GroupName + title: ListAttachedGroupPoliciesRequest + type: object + ListAttachedGroupPoliciesResponse: + description: 'Contains the response to a successful ListAttachedGroupPolicies + request. ' + properties: + AttachedPolicies: + allOf: + - $ref: '#/components/schemas/attachedPoliciesListType' + - description: A list of the attached policies. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + type: object + ListAttachedRolePoliciesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ PathPrefix: + allOf: + - $ref: '#/components/schemas/policyPathType' + - description:

The path prefix for filtering the results. This parameter + is optional. If it is not included, it defaults to a slash (/), listing + all policies.

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name (friendly name, not ARN) of the role to list + attached policies for.

This parameter allows (through its regex pattern) a string of + characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + required: + - RoleName + title: ListAttachedRolePoliciesRequest + type: object + ListAttachedRolePoliciesResponse: + description: 'Contains the response to a successful ListAttachedRolePolicies + request. ' + properties: + AttachedPolicies: + allOf: + - $ref: '#/components/schemas/attachedPoliciesListType' + - description: A list of the attached policies. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + type: object + ListAttachedUserPoliciesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ PathPrefix: + allOf: + - $ref: '#/components/schemas/policyPathType' + - description:

The path prefix for filtering the results. This parameter + is optional. If it is not included, it defaults to a slash (/), listing + all policies.

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name (friendly name, not ARN) of the user to list + attached policies for.

This parameter allows (through its regex pattern) a string of + characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + required: + - UserName + title: ListAttachedUserPoliciesRequest + type: object + ListAttachedUserPoliciesResponse: + description: 'Contains the response to a successful ListAttachedUserPolicies + request. ' + properties: + AttachedPolicies: + allOf: + - $ref: '#/components/schemas/attachedPoliciesListType' + - description: A list of the attached policies. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + type: object + ListEntitiesForPolicyRequest: + properties: + EntityFilter: + allOf: + - $ref: '#/components/schemas/EntityType' + - description:

The entity type to use for filtering the results.

+

For example, when EntityFilter is Role, + only the roles that are attached to the specified policy are returned. + This parameter is optional. If it is not included, all attached entities + (users, groups, and roles) are returned. The argument for this parameter + must be one of the valid values listed below.

+ Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ PathPrefix: + allOf: + - $ref: '#/components/schemas/pathType' + - description:

The path prefix for filtering the results. This parameter + is optional. If it is not included, it defaults to a slash (/), listing + all entities.

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM policy for which + you want the versions.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ PolicyUsageFilter: + allOf: + - $ref: '#/components/schemas/PolicyUsageType' + - description: "

The policy usage method to use for filtering the results.

\ + \

To list only permissions policies, set\_PolicyUsageFilter\_\ + to\_PermissionsPolicy. To list only the policies used to\ + \ set permissions boundaries, set\_the value to\_PermissionsBoundary.

\ + \

This parameter is optional. If it is not included, all policies\ + \ are returned.

" + required: + - PolicyArn + title: ListEntitiesForPolicyRequest + type: object + ListEntitiesForPolicyResponse: + description: 'Contains the response to a successful ListEntitiesForPolicy + request. ' + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + PolicyGroups: + allOf: + - $ref: '#/components/schemas/PolicyGroupListType' + - description: A list of IAM groups that the policy is attached to. + PolicyRoles: + allOf: + - $ref: '#/components/schemas/PolicyRoleListType' + - description: A list of IAM roles that the policy is attached to. + PolicyUsers: + allOf: + - $ref: '#/components/schemas/PolicyUserListType' + - description: A list of IAM users that the policy is attached to. + type: object + ListGroupPoliciesRequest: + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

The name of the group to list policies for.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ required: + - GroupName + title: ListGroupPoliciesRequest + type: object + ListGroupPoliciesResponse: + description: 'Contains the response to a successful ListGroupPolicies + request. ' + example: + PolicyNames: + - AdminRoot + - KeyPolicy + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + PolicyNames: + allOf: + - $ref: '#/components/schemas/policyNameListType' + - description: '

A list of policy names.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following + characters: _+=,.@-

' + required: + - PolicyNames + type: object + ListGroupsForUserRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user to list groups for.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + title: ListGroupsForUserRequest + type: object + ListGroupsForUserResponse: + description: 'Contains the response to a successful ListGroupsForUser + request. ' + example: + Groups: + - Arn: arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_1234/engineering/Test + CreateDate: '2016-11-30T14:10:01.156Z' + GroupId: AGP2111111111EXAMPLE + GroupName: Test + Path: /division_abc/subdivision_xyz/product_1234/engineering/ + - Arn: arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_1234/Managers + CreateDate: '2016-06-12T20:14:52.032Z' + GroupId: AGPI222222222SEXAMPLE + GroupName: Managers + Path: /division_abc/subdivision_xyz/product_1234/ + properties: + Groups: + allOf: + - $ref: '#/components/schemas/groupListType' + - description: A list of groups. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + required: + - Groups + type: object + ListGroupsRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ PathPrefix: + allOf: + - $ref: '#/components/schemas/pathPrefixType' + - description:

The path prefix for filtering the results. For example, + the prefix /division_abc/subdivision_xyz/ gets all groups + whose path starts with /division_abc/subdivision_xyz/.

+

This parameter is optional. If it is not included, it defaults to + a slash (/), listing all groups. This parameter allows (through its + regex pattern) a string + of characters consisting of either a forward slash (/) by itself or + a string that must begin and end with forward slashes. In addition, + it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ title: ListGroupsRequest + type: object + ListGroupsResponse: + description: 'Contains the response to a successful ListGroups request. ' + example: + Groups: + - Arn: arn:aws:iam::123456789012:group/Admins + CreateDate: '2016-12-15T21:40:08.121Z' + GroupId: AGPA1111111111EXAMPLE + GroupName: Admins + Path: /division_abc/subdivision_xyz/ + - Arn: arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_1234/engineering/Test + CreateDate: '2016-11-30T14:10:01.156Z' + GroupId: AGP22222222222EXAMPLE + GroupName: Test + Path: /division_abc/subdivision_xyz/product_1234/engineering/ + - Arn: arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_1234/Managers + CreateDate: '2016-06-12T20:14:52.032Z' + GroupId: AGPI3333333333EXAMPLE + GroupName: Managers + Path: /division_abc/subdivision_xyz/product_1234/ + properties: + Groups: + allOf: + - $ref: '#/components/schemas/groupListType' + - description: A list of groups. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + required: + - Groups + type: object + ListInstanceProfileTagsRequest: + properties: + InstanceProfileName: + allOf: + - $ref: '#/components/schemas/instanceProfileNameType' + - description: '

The name of the IAM instance profile whose tags you want + to see.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ required: + - InstanceProfileName + title: ListInstanceProfileTagsRequest + type: object + ListInstanceProfileTagsResponse: + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that are currently attached to the IAM instance + profile. Each tag consists of a key name and an associated value. If + no tags are attached to the specified resource, the response contains + an empty list. + required: + - Tags + type: object + ListInstanceProfilesForRoleRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name of the role to list instance profiles for.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - RoleName + title: ListInstanceProfilesForRoleRequest + type: object + ListInstanceProfilesForRoleResponse: + description: 'Contains the response to a successful ListInstanceProfilesForRole + request. ' + properties: + InstanceProfiles: + allOf: + - $ref: '#/components/schemas/instanceProfileListType' + - description: A list of instance profiles. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + required: + - InstanceProfiles + type: object + ListInstanceProfilesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ PathPrefix: + allOf: + - $ref: '#/components/schemas/pathPrefixType' + - description:

The path prefix for filtering the results. For example, + the prefix /application_abc/component_xyz/ gets all instance + profiles whose path starts with /application_abc/component_xyz/.

+

This parameter is optional. If it is not included, it defaults to + a slash (/), listing all instance profiles. This parameter allows (through + its regex pattern) a string + of characters consisting of either a forward slash (/) by itself or + a string that must begin and end with forward slashes. In addition, + it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ title: ListInstanceProfilesRequest + type: object + ListInstanceProfilesResponse: + description: 'Contains the response to a successful ListInstanceProfiles + request. ' + properties: + InstanceProfiles: + allOf: + - $ref: '#/components/schemas/instanceProfileListType' + - description: A list of instance profiles. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + required: + - InstanceProfiles + type: object + ListMFADeviceTagsRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: '

The unique identifier for the IAM virtual MFA device + whose tags you want to see. For virtual MFA devices, the serial number + is the same as the ARN.

This parameter allows (through its regex pattern) a string of + characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + required: + - SerialNumber + title: ListMFADeviceTagsRequest + type: object + ListMFADeviceTagsResponse: + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that are currently attached to the virtual + MFA device. Each tag consists of a key name and an associated value. + If no tags are attached to the specified resource, the response contains + an empty list. + required: + - Tags + type: object + ListMFADevicesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user whose MFA devices you want to list.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + title: ListMFADevicesRequest + type: object + ListMFADevicesResponse: + description: 'Contains the response to a successful ListMFADevices request. ' + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + MFADevices: + allOf: + - $ref: '#/components/schemas/mfaDeviceListType' + - description: A list of MFA devices. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + required: + - MFADevices + type: object + ListOpenIDConnectProviderTagsRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ OpenIDConnectProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: '

The ARN of the OpenID Connect (OIDC) identity provider + whose tags you want to see.

This parameter allows (through its + regex pattern) a string + of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + required: + - OpenIDConnectProviderArn + title: ListOpenIDConnectProviderTagsRequest + type: object + ListOpenIDConnectProviderTagsResponse: + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that are currently attached to the OpenID + Connect (OIDC) identity provider. Each tag consists of a key name and + an associated value. If no tags are attached to the specified resource, + the response contains an empty list. + required: + - Tags + type: object + ListOpenIDConnectProvidersRequest: + properties: {} + title: ListOpenIDConnectProvidersRequest + type: object + ListOpenIDConnectProvidersResponse: + description: 'Contains the response to a successful ListOpenIDConnectProviders + request. ' + properties: + OpenIDConnectProviderList: + allOf: + - $ref: '#/components/schemas/OpenIDConnectProviderListType' + - description: The list of IAM OIDC provider resource objects defined in + the Amazon Web Services account. + type: object + ListPoliciesGrantingServiceAccessEntry: + description:

Contains details about the permissions policies that are attached + to the specified identity (user, group, or role).

This data type is + used as a response element in the ListPoliciesGrantingServiceAccess + operation.

+ properties: + Policies: + allOf: + - $ref: '#/components/schemas/policyGrantingServiceAccessListType' + - description: "The\_PoliciesGrantingServiceAccess object that\ + \ contains details about the policy." + ServiceNamespace: + allOf: + - $ref: '#/components/schemas/serviceNamespaceType' + - description: "

The namespace of the service that was accessed.

To\ + \ learn the service namespace of a service, see Actions, resources, and condition keys for Amazon Web Services services\ + \ in the Service Authorization Reference. Choose the name of\ + \ the service to view details for that service. In the first paragraph,\ + \ find the service prefix. For example, (service prefix: a4b).\ + \ For more information about service namespaces, see Amazon Web Services service namespaces in the\_Amazon Web Services\ + \ General Reference.

" + type: object + ListPoliciesGrantingServiceAccessRequest: + properties: + Arn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: The ARN of the IAM identity (user, group, or role) whose + policies you want to list. + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + ServiceNamespaces: + allOf: + - $ref: '#/components/schemas/serviceNamespaceListType' + - description: "

The service namespace for the Amazon Web Services services\ + \ whose policies you want to list.

To learn the service namespace\ + \ for a service, see Actions, resources, and condition keys for Amazon Web Services services\ + \ in the IAM User Guide. Choose the name of the service to view\ + \ details for that service. In the first paragraph, find the service\ + \ prefix. For example, (service prefix: a4b). For more\ + \ information about service namespaces, see Amazon Web Services service namespaces in the\_Amazon Web Services\ + \ General Reference.

" + required: + - Arn + - ServiceNamespaces + title: ListPoliciesGrantingServiceAccessRequest + type: object + ListPoliciesGrantingServiceAccessResponse: + example: + IsTruncated: false + PoliciesGrantingServiceAccess: + - Policies: + - PolicyArn: arn:aws:iam::123456789012:policy/ExampleIamPolicy + PolicyName: ExampleIamPolicy + PolicyType: MANAGED + - EntityName: AWSExampleGroup1 + EntityType: GROUP + PolicyName: ExampleGroup1Policy + PolicyType: INLINE + ServiceNamespace: iam + - Policies: + - PolicyArn: arn:aws:iam::123456789012:policy/ExampleEc2Policy + PolicyName: ExampleEc2Policy + PolicyType: MANAGED + ServiceNamespace: ec2 + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. We recommend that you check IsTruncated after + every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + PoliciesGrantingServiceAccess: + allOf: + - $ref: '#/components/schemas/listPolicyGrantingServiceAccessResponseListType' + - description: "A\_ListPoliciesGrantingServiceAccess object\ + \ that contains details about the permissions policies attached to the\ + \ specified identity (user, group, or role)." + required: + - PoliciesGrantingServiceAccess + type: object + ListPoliciesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ OnlyAttached: + allOf: + - $ref: '#/components/schemas/booleanType' + - description:

A flag to filter the results to only the attached policies.

+

When OnlyAttached is true, the returned + list contains only the policies that are attached to an IAM user, group, + or role. When OnlyAttached is false, or when + the parameter is not included, all policies are returned.

+ PathPrefix: + allOf: + - $ref: '#/components/schemas/policyPathType' + - description: The path prefix for filtering the results. This parameter + is optional. If it is not included, it defaults to a slash (/), listing + all policies. This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters. + PolicyUsageFilter: + allOf: + - $ref: '#/components/schemas/PolicyUsageType' + - description: "

The policy usage method to use for filtering the results.

\ + \

To list only permissions policies, set\_PolicyUsageFilter\_\ + to\_PermissionsPolicy. To list only the policies used to\ + \ set permissions boundaries, set\_the value to\_PermissionsBoundary.

\ + \

This parameter is optional. If it is not included, all policies\ + \ are returned.

" + Scope: + allOf: + - $ref: '#/components/schemas/policyScopeType' + - description:

The scope to use for filtering the results.

To + list only Amazon Web Services managed policies, set Scope + to AWS. To list only the customer managed policies in your + Amazon Web Services account, set Scope to Local.

+

This parameter is optional. If it is not included, or if it is set + to All, all policies are returned.

+ title: ListPoliciesRequest + type: object + ListPoliciesResponse: + description: 'Contains the response to a successful ListPolicies request. ' + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + Policies: + allOf: + - $ref: '#/components/schemas/policyListType' + - description: A list of policies. + type: object + ListPolicyTagsRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: '

The ARN of the IAM customer managed policy whose tags + you want to see.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - PolicyArn + title: ListPolicyTagsRequest + type: object + ListPolicyTagsResponse: + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that are currently attached to the IAM customer + managed policy. Each tag consists of a key name and an associated value. + If no tags are attached to the specified resource, the response contains + an empty list. + required: + - Tags + type: object + ListPolicyVersionsRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM policy for which + you want the versions.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ required: + - PolicyArn + title: ListPolicyVersionsRequest + type: object + ListPolicyVersionsResponse: + description: 'Contains the response to a successful ListPolicyVersions + request. ' + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + Versions: + allOf: + - $ref: '#/components/schemas/policyDocumentVersionListType' + - description:

A list of policy versions.

For more information + about managed policy versions, see Versioning + for managed policies in the IAM User Guide.

+ type: object + ListRolePoliciesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name of the role to list policies for.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - RoleName + title: ListRolePoliciesRequest + type: object + ListRolePoliciesResponse: + description: 'Contains the response to a successful ListRolePolicies + request. ' + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + PolicyNames: + allOf: + - $ref: '#/components/schemas/policyNameListType' + - description: A list of policy names. + required: + - PolicyNames + type: object + ListRoleTagsRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name of the IAM role for which you want to see the + list of tags.

This parameter accepts (through its regex + pattern) a string of characters that consist of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - RoleName + title: ListRoleTagsRequest + type: object + ListRoleTagsResponse: + example: + IsTruncated: false + Tags: + - Key: Dept + Value: '12345' + - Key: Team + Value: Accounting + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that are currently attached to the role. + Each tag consists of a key name and an associated value. If no tags + are attached to the specified resource, the response contains an empty + list. + required: + - Tags + type: object + ListRolesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ PathPrefix: + allOf: + - $ref: '#/components/schemas/pathPrefixType' + - description:

The path prefix for filtering the results. For example, + the prefix /application_abc/component_xyz/ gets all roles + whose path starts with /application_abc/component_xyz/.

+

This parameter is optional. If it is not included, it defaults to + a slash (/), listing all roles. This parameter allows (through its regex pattern) a string of + characters consisting of either a forward slash (/) by itself or a string + that must begin and end with forward slashes. In addition, it can contain + any ASCII character from the ! (\u0021) through the DEL + character (\u007F), including most punctuation characters, + digits, and upper and lowercased letters.

+ title: ListRolesRequest + type: object + ListRolesResponse: + description: 'Contains the response to a successful ListRoles request. ' + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + Roles: + allOf: + - $ref: '#/components/schemas/roleListType' + - description: A list of roles. + required: + - Roles + type: object + ListSAMLProviderTagsRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ SAMLProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: '

The ARN of the Security Assertion Markup Language (SAML) + identity provider whose tags you want to see.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - SAMLProviderArn + title: ListSAMLProviderTagsRequest + type: object + ListSAMLProviderTagsResponse: + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that are currently attached to the Security + Assertion Markup Language (SAML) identity provider. Each tag consists + of a key name and an associated value. If no tags are attached to the + specified resource, the response contains an empty list. + required: + - Tags + type: object + ListSAMLProvidersRequest: + properties: {} + title: ListSAMLProvidersRequest + type: object + ListSAMLProvidersResponse: + description: 'Contains the response to a successful ListSAMLProviders + request. ' + properties: + SAMLProviderList: + allOf: + - $ref: '#/components/schemas/SAMLProviderListType' + - description: The list of SAML provider resource objects defined in IAM + for this Amazon Web Services account. + type: object + ListSSHPublicKeysRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user to list SSH public keys for. + If none is specified, the UserName field is determined + implicitly based on the Amazon Web Services access key used to sign + the request.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + title: ListSSHPublicKeysRequest + type: object + ListSSHPublicKeysResponse: + description: Contains the response to a successful ListSSHPublicKeys + request. + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + SSHPublicKeys: + allOf: + - $ref: '#/components/schemas/SSHPublicKeyListType' + - description: A list of the SSH public keys assigned to IAM user. + type: object + ListServerCertificateTagsRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ ServerCertificateName: + allOf: + - $ref: '#/components/schemas/serverCertificateNameType' + - description: '

The name of the IAM server certificate whose tags you + want to see.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - ServerCertificateName + title: ListServerCertificateTagsRequest + type: object + ListServerCertificateTagsResponse: + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that are currently attached to the IAM server + certificate. Each tag consists of a key name and an associated value. + If no tags are attached to the specified resource, the response contains + an empty list. + required: + - Tags + type: object + ListServerCertificatesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ PathPrefix: + allOf: + - $ref: '#/components/schemas/pathPrefixType' + - description: '

The path prefix for filtering the results. For example: + /company/servercerts would get all server certificates + for which the path starts with /company/servercerts.

+

This parameter is optional. If it is not included, it defaults to + a slash (/), listing all server certificates. This parameter allows + (through its regex pattern) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, + it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

' + title: ListServerCertificatesRequest + type: object + ListServerCertificatesResponse: + description: 'Contains the response to a successful ListServerCertificates + request. ' + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + ServerCertificateMetadataList: + allOf: + - $ref: '#/components/schemas/serverCertificateMetadataListType' + - description: A list of server certificates. + required: + - ServerCertificateMetadataList + type: object + ListServiceSpecificCredentialsRequest: + properties: + ServiceName: + allOf: + - $ref: '#/components/schemas/serviceName' + - description: Filters the returned results to only those for the specified + Amazon Web Services service. If not specified, then Amazon Web Services + returns service-specific credentials for all services. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the user whose service-specific credentials + you want information about. If this value is not specified, then the + operation assumes the user whose credentials are used to call the operation.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + title: ListServiceSpecificCredentialsRequest + type: object + ListServiceSpecificCredentialsResponse: + properties: + ServiceSpecificCredentials: + allOf: + - $ref: '#/components/schemas/ServiceSpecificCredentialsListType' + - description: A list of structures that each contain details about a service-specific + credential. + type: object + ListSigningCertificatesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the IAM user whose signing certificates you + want to examine.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + title: ListSigningCertificatesRequest + type: object + ListSigningCertificatesResponse: + description: 'Contains the response to a successful ListSigningCertificates + request. ' + example: + Certificates: + - CertificateBody: '-----BEGIN CERTIFICATE----------END + CERTIFICATE-----' + CertificateId: TA7SMP42TDN5Z26OBPJE7EXAMPLE + Status: Active + UploadDate: '2013-06-06T21:40:08Z' + UserName: Bob + properties: + Certificates: + allOf: + - $ref: '#/components/schemas/certificateListType' + - description: A list of the user's signing certificate information. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + required: + - Certificates + type: object + ListUserPoliciesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user to list policies for.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + title: ListUserPoliciesRequest + type: object + ListUserPoliciesResponse: + description: 'Contains the response to a successful ListUserPolicies + request. ' + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + PolicyNames: + allOf: + - $ref: '#/components/schemas/policyNameListType' + - description: A list of policy names. + required: + - PolicyNames + type: object + ListUserTagsRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the IAM user whose tags you want to see.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + title: ListUserTagsRequest + type: object + ListUserTagsResponse: + example: + IsTruncated: false + Tags: + - Key: Dept + Value: '12345' + - Key: Team + Value: Accounting + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that are currently attached to the user. + Each tag consists of a key name and an associated value. If no tags + are attached to the specified resource, the response contains an empty + list. + required: + - Tags + type: object + ListUsersRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ PathPrefix: + allOf: + - $ref: '#/components/schemas/pathPrefixType' + - description: '

The path prefix for filtering the results. For example: + /division_abc/subdivision_xyz/, which would get all user + names whose path starts with /division_abc/subdivision_xyz/.

+

This parameter is optional. If it is not included, it defaults to + a slash (/), listing all user names. This parameter allows (through + its regex pattern) a string + of characters consisting of either a forward slash (/) by itself or + a string that must begin and end with forward slashes. In addition, + it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

' + title: ListUsersRequest + type: object + ListUsersResponse: + description: 'Contains the response to a successful ListUsers request. ' + example: + Users: + - Arn: arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/engineering/Juan + CreateDate: '2012-09-05T19:38:48Z' + PasswordLastUsed: '2016-09-08T21:47:36Z' + Path: /division_abc/subdivision_xyz/engineering/ + UserId: AID2MAB8DPLSRHEXAMPLE + UserName: Juan + - Arn: arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/engineering/Anika + CreateDate: '2014-04-09T15:43:45Z' + PasswordLastUsed: '2016-09-24T16:18:07Z' + Path: /division_abc/subdivision_xyz/engineering/ + UserId: AIDIODR4TAW7CSEXAMPLE + UserName: Anika + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + Users: + allOf: + - $ref: '#/components/schemas/userListType' + - description: A list of users. + required: + - Users + type: object + ListVirtualMFADevicesRequest: + properties: + AssignmentStatus: + allOf: + - $ref: '#/components/schemas/assignmentStatusType' + - description: ' The status (Unassigned or Assigned) + of the devices to list. If you do not specify an AssignmentStatus, + the operation defaults to Any, which lists both assigned + and unassigned virtual MFA devices.,' + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ title: ListVirtualMFADevicesRequest + type: object + ListVirtualMFADevicesResponse: + description: 'Contains the response to a successful ListVirtualMFADevices + request. ' + example: + VirtualMFADevices: + - SerialNumber: arn:aws:iam::123456789012:mfa/ExampleMFADevice + - SerialNumber: arn:aws:iam::123456789012:mfa/Juan + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + VirtualMFADevices: + allOf: + - $ref: '#/components/schemas/virtualMFADeviceListType' + - description: ' The list of virtual MFA devices in the current account + that match the AssignmentStatus value that was passed in + the request.' + required: + - VirtualMFADevices + type: object + LoginProfile: + description:

Contains the user name and password create date for a user.

+

This data type is used as a response element in the CreateLoginProfile + and GetLoginProfile operations.

+ properties: + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date when the password for the user was created. + PasswordResetRequired: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether the user is required to set a new password + on next sign-in. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the user, which can be used for signing in to + the Amazon Web Services Management Console. + required: + - UserName + - CreateDate + type: object + MFADevice: + description:

Contains information about an MFA device.

This data type + is used as a response element in the ListMFADevices operation.

+ properties: + EnableDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date when the MFA device was enabled for the user. + SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: The serial number that uniquely identifies the MFA device. + For virtual MFA devices, the serial number is the device ARN. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The user with whom the MFA device is associated. + required: + - UserName + - SerialNumber + - EnableDate + type: object + MalformedCertificateException: {} + MalformedPolicyDocumentException: {} + ManagedPolicyDetail: + description:

Contains information about a managed policy, including the policy's + ARN, versions, and the number of principal entities (users, groups, and roles) + that the policy is attached to.

This data type is used as a response + element in the GetAccountAuthorizationDetails operation.

For + more information about managed policies, see Managed + policies and inline policies in the IAM User Guide.

+ properties: + Arn: + $ref: '#/components/schemas/arnType' + AttachmentCount: + allOf: + - $ref: '#/components/schemas/attachmentCountType' + - description: The number of principal entities (users, groups, and roles) + that the policy is attached to. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO + 8601 date-time format, when the policy was created. + DefaultVersionId: + allOf: + - $ref: '#/components/schemas/policyVersionIdType' + - description:

The identifier for the version of the policy that is set + as the default (operative) version.

For more information about + policy versions, see Versioning + for managed policies in the IAM User Guide.

+ Description: + allOf: + - $ref: '#/components/schemas/policyDescriptionType' + - description: A friendly description of the policy. + IsAttachable: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether the policy can be attached to an IAM user, + group, or role. + Path: + allOf: + - $ref: '#/components/schemas/policyPathType' + - description:

The path to the policy.

For more information about + paths, see IAM + identifiers in the IAM User Guide.

+ PermissionsBoundaryUsageCount: + allOf: + - $ref: '#/components/schemas/attachmentCountType' + - description:

The number of entities (users and roles) for which the + policy is used as the permissions boundary.

For more information + about permissions boundaries, see Permissions + boundaries for IAM identities in the IAM User Guide.

+ PolicyId: + allOf: + - $ref: '#/components/schemas/idType' + - description:

The stable and unique string identifying the policy.

+

For more information about IDs, see IAM + identifiers in the IAM User Guide.

+ PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: The friendly name (not ARN) identifying the policy. + PolicyVersionList: + allOf: + - $ref: '#/components/schemas/policyDocumentVersionListType' + - description: A list containing information about the versions of the policy. + UpdateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description:

The date and time, in ISO + 8601 date-time format, when the policy was last updated.

When + a policy has only one version, this field contains the date and time + when the policy was created. When a policy has more than one version, + this field contains the date and time when the most recent policy version + was created.

+ type: object + ManagedPolicyDetailListType: + items: + allOf: + - $ref: '#/components/schemas/ManagedPolicyDetail' + - xml: + name: member + type: array + NoSuchEntityException: {} + OpenIDConnectProviderListEntry: + description: Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect + provider. + properties: + Arn: + $ref: '#/components/schemas/arnType' + type: object + OpenIDConnectProviderListType: + description: Contains a list of IAM OpenID Connect providers. + items: + allOf: + - $ref: '#/components/schemas/OpenIDConnectProviderListEntry' + - xml: + name: member + type: array + OpenIDConnectProviderUrlType: + description: Contains a URL that specifies the endpoint for an OpenID Connect + provider. + maxLength: 255 + minLength: 1 + type: string + OrganizationsDecisionDetail: + description: Contains information about the effect that Organizations has on + a policy simulation. + properties: + AllowedByOrganizations: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether the simulated operation is allowed by the + Organizations service control policies that impact the simulated user's + account. + type: object + PasswordPolicy: + description:

Contains information about the account password policy.

+

This data type is used as a response element in the GetAccountPasswordPolicy + operation.

+ properties: + AllowUsersToChangePassword: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether IAM users are allowed to change their own + password. Gives IAM users permissions to iam:ChangePassword + for only their user and to the iam:GetAccountPasswordPolicy + action. This option does not attach a permissions policy to each user, + rather the permissions are applied at the account-level for all users + by IAM. + ExpirePasswords: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Indicates whether passwords in the account expire. Returns + true if MaxPasswordAge contains a value greater than 0. + Returns false if MaxPasswordAge is 0 or not present. + HardExpiry: + allOf: + - $ref: '#/components/schemas/booleanObjectType' + - description: Specifies whether IAM users are prevented from setting a + new password via the Amazon Web Services Management Console after their + password has expired. The IAM user cannot access the console until an + administrator resets the password. IAM users with iam:ChangePassword + permission and active access keys can reset their own expired console + password using the CLI or API. + MaxPasswordAge: + allOf: + - $ref: '#/components/schemas/maxPasswordAgeType' + - description: The number of days that an IAM user password is valid. + MinimumPasswordLength: + allOf: + - $ref: '#/components/schemas/minimumPasswordLengthType' + - description: Minimum length to require for IAM user passwords. + PasswordReusePrevention: + allOf: + - $ref: '#/components/schemas/passwordReusePreventionType' + - description: Specifies the number of previous passwords that IAM users + are prevented from reusing. + RequireLowercaseCharacters: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether IAM user passwords must contain at least + one lowercase character (a to z). + RequireNumbers: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether IAM user passwords must contain at least + one numeric character (0 to 9). + RequireSymbols: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: '

Specifies whether IAM user passwords must contain at + least one of the following symbols:

! @ # $ % ^ & * ( ) _ + + - = [ ] { } | ''

' + RequireUppercaseCharacters: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether IAM user passwords must contain at least + one uppercase character (A to Z). + type: object + PasswordPolicyViolationException: {} + PermissionsBoundaryAttachmentType: + enum: + - PermissionsBoundaryPolicy + type: string + PermissionsBoundaryDecisionDetail: + description: Contains information about the effect that a permissions boundary + has on a policy simulation when the boundary is applied to an IAM entity. + properties: + AllowedByPermissionsBoundary: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether an action is allowed by a permissions boundary + that is applied to an IAM entity (user or role). A value of true + means that the permissions boundary does not deny the action. This means + that the policy includes an Allow statement that matches + the request. In this case, if an identity-based policy also allows the + action, the request is allowed. A value of false means + that either the requested action is not allowed (implicitly denied) + or that the action is explicitly denied by the permissions boundary. + In both of these cases, the action is not allowed, regardless of the + identity-based policy. + type: object + Policy: + description:

Contains information about a managed policy.

This data + type is used as a response element in the CreatePolicy, GetPolicy, + and ListPolicies operations.

For more information about managed + policies, refer to Managed + policies and inline policies in the IAM User Guide.

+ properties: + Arn: + $ref: '#/components/schemas/arnType' + AttachmentCount: + allOf: + - $ref: '#/components/schemas/attachmentCountType' + - description: The number of entities (users, groups, and roles) that the + policy is attached to. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO + 8601 date-time format, when the policy was created. + DefaultVersionId: + allOf: + - $ref: '#/components/schemas/policyVersionIdType' + - description: The identifier for the version of the policy that is set + as the default version. + Description: + allOf: + - $ref: '#/components/schemas/policyDescriptionType' + - description:

A friendly description of the policy.

This element + is included in the response to the GetPolicy operation. It is + not included in the response to the ListPolicies operation.

+ IsAttachable: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether the policy can be attached to an IAM user, + group, or role. + Path: + allOf: + - $ref: '#/components/schemas/policyPathType' + - description:

The path to the policy.

For more information about + paths, see IAM + identifiers in the IAM User Guide.

+ PermissionsBoundaryUsageCount: + allOf: + - $ref: '#/components/schemas/attachmentCountType' + - description:

The number of entities (users and roles) for which the + policy is used to set the permissions boundary.

For more information + about permissions boundaries, see Permissions + boundaries for IAM identities in the IAM User Guide.

+ PolicyId: + allOf: + - $ref: '#/components/schemas/idType' + - description:

The stable and unique string identifying the policy.

+

For more information about IDs, see IAM + identifiers in the IAM User Guide.

+ PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: The friendly name (not ARN) identifying the policy. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: A list of tags that are attached to the instance profile. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide. + UpdateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description:

The date and time, in ISO + 8601 date-time format, when the policy was last updated.

When + a policy has only one version, this field contains the date and time + when the policy was created. When a policy has more than one version, + this field contains the date and time when the most recent policy version + was created.

+ type: object + PolicyDetail: + description:

Contains information about an IAM policy, including the policy + document.

This data type is used as a response element in the GetAccountAuthorizationDetails + operation.

+ properties: + PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description: The policy document. + PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: The name of the policy. + type: object + PolicyEvaluationDecisionType: + enum: + - allowed + - explicitDeny + - implicitDeny + type: string + PolicyEvaluationException: {} + PolicyGrantingServiceAccess: + description:

Contains details about the permissions policies that are attached + to the specified identity (user, group, or role).

This data type is + an element of the ListPoliciesGrantingServiceAccessEntry object.

+ properties: + EntityName: + allOf: + - $ref: '#/components/schemas/entityNameType' + - description:

The name of the entity (user or role) to which the inline + policy is attached.

This field is null for managed policies. + For more information about these policy types, see Managed + policies and inline policies in the IAM User Guide.

+ EntityType: + allOf: + - $ref: '#/components/schemas/policyOwnerEntityType' + - description:

The type of entity (user or role) that used the policy + to access the service to which the inline policy is attached.

This + field is null for managed policies. For more information about these + policy types, see Managed + policies and inline policies in the IAM User Guide.

+ PolicyArn: + $ref: '#/components/schemas/arnType' + PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: The policy name. + PolicyType: + allOf: + - $ref: '#/components/schemas/policyType' + - description: The policy type. For more information about these policy + types, see Managed + policies and inline policies in the IAM User Guide. + required: + - PolicyName + - PolicyType + type: object + PolicyGroup: + description:

Contains information about a group that a managed policy is + attached to.

This data type is used as a response element in the ListEntitiesForPolicy + operation.

For more information about managed policies, refer to Managed + policies and inline policies in the IAM User Guide.

+ properties: + GroupId: + allOf: + - $ref: '#/components/schemas/idType' + - description: The stable and unique string identifying the group. For more + information about IDs, see IAM + identifiers in the IAM User Guide. + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: The name (friendly name, not ARN) identifying the group. + type: object + PolicyGroupListType: + items: + allOf: + - $ref: '#/components/schemas/PolicyGroup' + - xml: + name: member + type: array + PolicyIdentifierType: + type: string + PolicyNotAttachableException: {} + PolicyRole: + description:

Contains information about a role that a managed policy is attached + to.

This data type is used as a response element in the ListEntitiesForPolicy + operation.

For more information about managed policies, refer to Managed + policies and inline policies in the IAM User Guide.

+ properties: + RoleId: + allOf: + - $ref: '#/components/schemas/idType' + - description: The stable and unique string identifying the role. For more + information about IDs, see IAM + identifiers in the IAM User Guide. + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: The name (friendly name, not ARN) identifying the role. + type: object + PolicyRoleListType: + items: + allOf: + - $ref: '#/components/schemas/PolicyRole' + - xml: + name: member + type: array + PolicySourceType: + enum: + - user + - group + - role + - aws-managed + - user-managed + - resource + - none + type: string + PolicyUsageType: + description:

The policy usage type that indicates whether the policy is used + as a permissions policy or as the permissions boundary for an entity.

+

For more information about permissions boundaries, see Permissions + boundaries for IAM identities in the IAM User Guide.

+ enum: + - PermissionsPolicy + - PermissionsBoundary + type: string + PolicyUser: + description:

Contains information about a user that a managed policy is attached + to.

This data type is used as a response element in the ListEntitiesForPolicy + operation.

For more information about managed policies, refer to Managed + policies and inline policies in the IAM User Guide.

+ properties: + UserId: + allOf: + - $ref: '#/components/schemas/idType' + - description: The stable and unique string identifying the user. For more + information about IDs, see IAM + identifiers in the IAM User Guide. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name (friendly name, not ARN) identifying the user. + type: object + PolicyUserListType: + items: + allOf: + - $ref: '#/components/schemas/PolicyUser' + - xml: + name: member + type: array + PolicyVersion: + description:

Contains information about a version of a managed policy.

+

This data type is used as a response element in the CreatePolicyVersion, + GetPolicyVersion, ListPolicyVersions, and GetAccountAuthorizationDetails + operations.

For more information about managed policies, refer to + Managed + policies and inline policies in the IAM User Guide.

+ properties: + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO + 8601 date-time format, when the policy version was created. + Document: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description:

The policy document.

The policy document is returned + in the response to the GetPolicyVersion and GetAccountAuthorizationDetails + operations. It is not returned in the response to the CreatePolicyVersion + or ListPolicyVersions operations.

The policy document + returned in this structure is URL-encoded compliant with RFC + 3986. You can use a URL decoding method to convert the policy back + to plain JSON text. For example, if you use Java, you can use the decode + method of the java.net.URLDecoder utility class in the + Java SDK. Other languages and SDKs provide similar functionality.

+ IsDefaultVersion: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether the policy version is set as the policy's + default version. + VersionId: + allOf: + - $ref: '#/components/schemas/policyVersionIdType' + - description:

The identifier for the policy version.

Policy version + identifiers always begin with v (always lowercase). When + a policy is created, the first policy version is v1.

+ type: object + Position: + description:

Contains the row and column of a location of a Statement + element in a policy document.

This data type is used as a member of + the Statement type.

+ properties: + Column: + allOf: + - $ref: '#/components/schemas/ColumnNumber' + - description: The column in the line containing the specified position + in the document. + Line: + allOf: + - $ref: '#/components/schemas/LineNumber' + - description: The line containing the specified position in the document. + type: object + PutGroupPolicyRequest: + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

The name of the group to associate the policy with.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-.

' + PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description:

The policy document.

You must provide policies + in JSON format in IAM. However, for CloudFormation templates formatted + in YAML, you can provide the policy in JSON or YAML format. CloudFormation + always converts a YAML policy to JSON format before submitting it to + = IAM.

The regex pattern + used to validate this parameter is a string of characters consisting + of the following:

  • Any printable ASCII character ranging + from the space character (\u0020) through the end of the + ASCII character range

  • The printable characters in + the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: '

The name of the policy document.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - GroupName + - PolicyName + - PolicyDocument + title: PutGroupPolicyRequest + type: object + PutRolePermissionsBoundaryRequest: + properties: + PermissionsBoundary: + allOf: + - $ref: '#/components/schemas/arnType' + - description: The ARN of the policy that is used to set the permissions + boundary for the role. + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: The name (friendly name, not ARN) of the IAM role for which + you want to set the permissions boundary. + required: + - RoleName + - PermissionsBoundary + title: PutRolePermissionsBoundaryRequest + type: object + PutRolePolicyRequest: + properties: + PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description:

The policy document.

You must provide policies + in JSON format in IAM. However, for CloudFormation templates formatted + in YAML, you can provide the policy in JSON or YAML format. CloudFormation + always converts a YAML policy to JSON format before submitting it to + IAM.

The regex pattern + used to validate this parameter is a string of characters consisting + of the following:

  • Any printable ASCII character ranging + from the space character (\u0020) through the end of the + ASCII character range

  • The printable characters in + the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: '

The name of the policy document.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name of the role to associate the policy with.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - RoleName + - PolicyName + - PolicyDocument + title: PutRolePolicyRequest + type: object + PutUserPermissionsBoundaryRequest: + properties: + PermissionsBoundary: + allOf: + - $ref: '#/components/schemas/arnType' + - description: The ARN of the policy that is used to set the permissions + boundary for the user. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name (friendly name, not ARN) of the IAM user for which + you want to set the permissions boundary. + required: + - UserName + - PermissionsBoundary + title: PutUserPermissionsBoundaryRequest + type: object + PutUserPolicyRequest: + properties: + PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description:

The policy document.

You must provide policies + in JSON format in IAM. However, for CloudFormation templates formatted + in YAML, you can provide the policy in JSON or YAML format. CloudFormation + always converts a YAML policy to JSON format before submitting it to + IAM.

The regex pattern + used to validate this parameter is a string of characters consisting + of the following:

  • Any printable ASCII character ranging + from the space character (\u0020) through the end of the + ASCII character range

  • The printable characters in + the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: '

The name of the policy document.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user to associate the policy with.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + - PolicyName + - PolicyDocument + title: PutUserPolicyRequest + type: object + ReasonType: + maxLength: 1000 + type: string + RegionNameType: + maxLength: 100 + minLength: 1 + type: string + RemoveClientIDFromOpenIDConnectProviderRequest: + properties: + ClientID: + allOf: + - $ref: '#/components/schemas/clientIDType' + - description: The client ID (also known as audience) to remove from the + IAM OIDC provider resource. For more information about client IDs, see + CreateOpenIDConnectProvider. + OpenIDConnectProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM OIDC provider + resource to remove the client ID from. You can get a list of OIDC provider + ARNs by using the ListOpenIDConnectProviders operation.

For + more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ required: + - OpenIDConnectProviderArn + - ClientID + title: RemoveClientIDFromOpenIDConnectProviderRequest + type: object + RemoveRoleFromInstanceProfileRequest: + properties: + InstanceProfileName: + allOf: + - $ref: '#/components/schemas/instanceProfileNameType' + - description: '

The name of the instance profile to update.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name of the role to remove.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - InstanceProfileName + - RoleName + title: RemoveRoleFromInstanceProfileRequest + type: object + RemoveUserFromGroupRequest: + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

The name of the group to update.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user to remove.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - GroupName + - UserName + title: RemoveUserFromGroupRequest + type: object + ReportContentType: + type: string + ReportFormatType: + enum: + - text/csv + type: string + ReportGenerationLimitExceededException: {} + ReportStateDescriptionType: + type: string + ReportStateType: + enum: + - STARTED + - INPROGRESS + - COMPLETE + type: string + ResetServiceSpecificCredentialRequest: + properties: + ServiceSpecificCredentialId: + allOf: + - $ref: '#/components/schemas/serviceSpecificCredentialId' + - description:

The unique identifier of the service-specific credential.

+

This parameter allows (through its regex + pattern) a string of characters that can consist of any upper or + lowercased letter or digit.

+ UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user associated with the service-specific + credential. If this value is not specified, then the operation assumes + the user whose credentials are used to call the operation.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - ServiceSpecificCredentialId + title: ResetServiceSpecificCredentialRequest + type: object + ResetServiceSpecificCredentialResponse: + properties: + ServiceSpecificCredential: + allOf: + - $ref: '#/components/schemas/ServiceSpecificCredential' + - description:

A structure with details about the updated service-specific + credential, including the new password.

This is the + only time that you can access the password. You cannot recover + the password later, but you can reset it again.

 + type: object + ResourceHandlingOptionType: + maxLength: 64 + minLength: 1 + type: string + ResourceNameListType: + items: + allOf: + - $ref: '#/components/schemas/ResourceNameType' + - xml: + name: member + type: array + ResourceNameType: + maxLength: 2048 + minLength: 1 + type: string + ResourceSpecificResult: + description:

Contains the result of the simulation of a single API operation + call on a single resource.

This data type is used by a member of the + EvaluationResult data type.

+ properties: + EvalDecisionDetails: + allOf: + - $ref: '#/components/schemas/EvalDecisionDetailsType' + - description: Additional details about the results of the evaluation decision + on a single resource. This parameter is returned only for cross-account + simulations. This parameter explains how each policy type contributes + to the resource-specific evaluation decision. + EvalResourceDecision: + allOf: + - $ref: '#/components/schemas/PolicyEvaluationDecisionType' + - description: The result of the simulation of the simulated API operation + on the resource specified in EvalResourceName. + EvalResourceName: + allOf: + - $ref: '#/components/schemas/ResourceNameType' + - description: The name of the simulated resource, in Amazon Resource Name + (ARN) format. + MatchedStatements: + allOf: + - $ref: '#/components/schemas/StatementListType' + - description: A list of the statements in the input policies that determine + the result for this part of the simulation. Remember that even if multiple + statements allow the operation on the resource, if any statement + denies that operation, then the explicit deny overrides any allow. In + addition, the deny statement is the only entry included in the result. + MissingContextValues: + allOf: + - $ref: '#/components/schemas/ContextKeyNamesResultListType' + - description: A list of context keys that are required by the included + input policies but that were not provided by one of the input parameters. + This list is used when a list of ARNs is included in the ResourceArns + parameter instead of "*". If you do not specify individual resources, + by setting ResourceArns to "*" or by not including the + ResourceArns parameter, then any missing context values + are instead included under the EvaluationResults section. + To discover the context keys used by a set of policies, you can call + GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy. + PermissionsBoundaryDecisionDetail: + allOf: + - $ref: '#/components/schemas/PermissionsBoundaryDecisionDetail' + - description: Contains information about the effect that a permissions + boundary has on a policy simulation when that boundary is applied to + an IAM entity. + required: + - EvalResourceName + - EvalResourceDecision + type: object + ResourceSpecificResultListType: + items: + allOf: + - $ref: '#/components/schemas/ResourceSpecificResult' + - xml: + name: member + type: array + ResyncMFADeviceRequest: + properties: + AuthenticationCode1: + allOf: + - $ref: '#/components/schemas/authenticationCodeType' + - description:

An authentication code emitted by the device.

The + format for this parameter is a sequence of six digits.

+ AuthenticationCode2: + allOf: + - $ref: '#/components/schemas/authenticationCodeType' + - description:

A subsequent authentication code emitted by the device.

+

The format for this parameter is a sequence of six digits.

+ SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: '

Serial number that uniquely identifies the MFA device.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user whose MFA device you want to resynchronize.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + - SerialNumber + - AuthenticationCode1 + - AuthenticationCode2 + title: ResyncMFADeviceRequest + type: object + Role: + description: Contains information about an IAM role. This structure is returned + as a response element in several API operations that interact with roles. + properties: + Arn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: ' The Amazon Resource Name (ARN) specifying the role. For + more information about ARNs and how to use them in policies, see IAM + identifiers in the IAM User Guide guide. ' + AssumeRolePolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description: The policy that grants an entity permission to assume the + role. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO + 8601 date-time format, when the role was created. + Description: + allOf: + - $ref: '#/components/schemas/roleDescriptionType' + - description: A description of the role that you provide. + MaxSessionDuration: + allOf: + - $ref: '#/components/schemas/roleMaxSessionDurationType' + - description: The maximum session duration (in seconds) for the specified + role. Anyone who uses the CLI, or API to assume the role can specify + the duration using the optional DurationSeconds API parameter + or duration-seconds CLI parameter. + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description: ' The path to the role. For more information about paths, + see IAM + identifiers in the IAM User Guide. ' + PermissionsBoundary: + allOf: + - $ref: '#/components/schemas/AttachedPermissionsBoundary' + - description:

The ARN of the policy used to set the permissions boundary + for the role.

For more information about permissions boundaries, + see Permissions + boundaries for IAM identities in the IAM User Guide.

+ RoleId: + allOf: + - $ref: '#/components/schemas/idType' + - description: ' The stable and unique string identifying the role. For + more information about IDs, see IAM + identifiers in the IAM User Guide. ' + RoleLastUsed: + allOf: + - $ref: '#/components/schemas/RoleLastUsed' + - description: Contains information about the last time that an IAM role + was used. This includes the date and time and the Region in which the + role was last used. Activity is only reported for the trailing 400 days. + This period can be shorter if your Region began supporting these features + within the last year. The role might have been used more than 400 days + ago. For more information, see Regions + where data is tracked in the IAM User Guide. + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: The friendly name that identifies the role. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: A list of tags that are attached to the role. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide. + required: + - Path + - RoleName + - RoleId + - Arn + - CreateDate + type: object + RoleDetail: + description:

Contains information about an IAM role, including all of the + role's policies.

This data type is used as a response element in the + GetAccountAuthorizationDetails operation.

+ properties: + Arn: + $ref: '#/components/schemas/arnType' + AssumeRolePolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description: The trust policy that grants permission to assume the role. + AttachedManagedPolicies: + allOf: + - $ref: '#/components/schemas/attachedPoliciesListType' + - description: A list of managed policies attached to the role. These policies + are the role's access (permissions) policies. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO + 8601 date-time format, when the role was created. + InstanceProfileList: + allOf: + - $ref: '#/components/schemas/instanceProfileListType' + - description: A list of instance profiles that contain this role. + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description: The path to the role. For more information about paths, see + IAM + identifiers in the IAM User Guide. + PermissionsBoundary: + allOf: + - $ref: '#/components/schemas/AttachedPermissionsBoundary' + - description:

The ARN of the policy used to set the permissions boundary + for the role.

For more information about permissions boundaries, + see Permissions + boundaries for IAM identities in the IAM User Guide.

+ RoleId: + allOf: + - $ref: '#/components/schemas/idType' + - description: The stable and unique string identifying the role. For more + information about IDs, see IAM + identifiers in the IAM User Guide. + RoleLastUsed: + allOf: + - $ref: '#/components/schemas/RoleLastUsed' + - description: Contains information about the last time that an IAM role + was used. This includes the date and time and the Region in which the + role was last used. Activity is only reported for the trailing 400 days. + This period can be shorter if your Region began supporting these features + within the last year. The role might have been used more than 400 days + ago. For more information, see Regions + where data is tracked in the IAM User Guide. + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: The friendly name that identifies the role. + RolePolicyList: + allOf: + - $ref: '#/components/schemas/policyDetailListType' + - description: A list of inline policies embedded in the role. These policies + are the role's access (permissions) policies. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: A list of tags that are attached to the role. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide. + type: object + RoleLastUsed: + description:

Contains information about the last time that an IAM role was + used. This includes the date and time and the Region in which the role was + last used. Activity is only reported for the trailing 400 days. This period + can be shorter if your Region began supporting these features within the last + year. The role might have been used more than 400 days ago. For more information, + see Regions + where data is tracked in the IAM User Guide.

This data type + is returned as a response element in the GetRole and GetAccountAuthorizationDetails + operations.

+ properties: + LastUsedDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: "

The date and time, in\_ISO 8601 date-time format that the role was last used.

This\ + \ field is null if the role has not been used within the IAM tracking\ + \ period. For more information about the tracking period, see Regions where data is tracked in the IAM User Guide.

" + Region: + allOf: + - $ref: '#/components/schemas/stringType' + - description: The name of the Amazon Web Services Region in which the role + was last used. + type: object + RoleUsageListType: + items: + allOf: + - $ref: '#/components/schemas/RoleUsageType' + - xml: + name: member + type: array + RoleUsageType: + description:

An object that contains details about how a service-linked role + is used, if that information is returned by the service.

This data + type is used as a response element in the GetServiceLinkedRoleDeletionStatus + operation.

+ properties: + Region: + allOf: + - $ref: '#/components/schemas/RegionNameType' + - description: The name of the Region where the service-linked role is being + used. + Resources: + allOf: + - $ref: '#/components/schemas/ArnListType' + - description: The name of the resource that is using the service-linked + role. + type: object + SAMLMetadataDocumentType: + maxLength: 10000000 + minLength: 1000 + type: string + SAMLProviderListEntry: + description: Contains the list of SAML providers for this account. + properties: + Arn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: The Amazon Resource Name (ARN) of the SAML provider. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time when the SAML provider was created. + ValidUntil: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The expiration date and time for the SAML provider. + type: object + SAMLProviderListType: + items: + allOf: + - $ref: '#/components/schemas/SAMLProviderListEntry' + - xml: + name: member + type: array + SAMLProviderNameType: + maxLength: 128 + minLength: 1 + pattern: '[\w._-]+' + type: string + SSHPublicKey: + description:

Contains information about an SSH public key.

This data + type is used as a response element in the GetSSHPublicKey and UploadSSHPublicKey + operations.

+ properties: + Fingerprint: + allOf: + - $ref: '#/components/schemas/publicKeyFingerprintType' + - description: The MD5 message digest of the SSH public key. + SSHPublicKeyBody: + allOf: + - $ref: '#/components/schemas/publicKeyMaterialType' + - description: The SSH public key. + SSHPublicKeyId: + allOf: + - $ref: '#/components/schemas/publicKeyIdType' + - description: The unique identifier for the SSH public key. + Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status of the SSH public key. Active means + that the key can be used for authentication with an CodeCommit repository. + Inactive means that the key cannot be used. + UploadDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO + 8601 date-time format, when the SSH public key was uploaded. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the IAM user associated with the SSH public key. + required: + - UserName + - SSHPublicKeyId + - Fingerprint + - SSHPublicKeyBody + - Status + type: object + SSHPublicKeyListType: + items: + allOf: + - $ref: '#/components/schemas/SSHPublicKeyMetadata' + - xml: + name: member + type: array + SSHPublicKeyMetadata: + description:

Contains information about an SSH public key, without the key's + body or fingerprint.

This data type is used as a response element in + the ListSSHPublicKeys operation.

+ properties: + SSHPublicKeyId: + allOf: + - $ref: '#/components/schemas/publicKeyIdType' + - description: The unique identifier for the SSH public key. + Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status of the SSH public key. Active means + that the key can be used for authentication with an CodeCommit repository. + Inactive means that the key cannot be used. + UploadDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO + 8601 date-time format, when the SSH public key was uploaded. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the IAM user associated with the SSH public key. + required: + - UserName + - SSHPublicKeyId + - Status + - UploadDate + type: object + ServerCertificate: + description:

Contains information about a server certificate.

This + data type is used as a response element in the GetServerCertificate + operation.

+ properties: + CertificateBody: + allOf: + - $ref: '#/components/schemas/certificateBodyType' + - description: The contents of the public key certificate. + CertificateChain: + allOf: + - $ref: '#/components/schemas/certificateChainType' + - description: The contents of the public key certificate chain. + ServerCertificateMetadata: + allOf: + - $ref: '#/components/schemas/ServerCertificateMetadata' + - description: The meta information of the server certificate, such as its + name, path, ID, and ARN. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: A list of tags that are attached to the server certificate. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide. + required: + - ServerCertificateMetadata + - CertificateBody + type: object + ServerCertificateMetadata: + description:

Contains information about a server certificate without its + certificate body, certificate chain, and private key.

This data type + is used as a response element in the UploadServerCertificate and ListServerCertificates + operations.

+ properties: + Arn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: ' The Amazon Resource Name (ARN) specifying the server certificate. + For more information about ARNs and how to use them in policies, see + IAM + identifiers in the IAM User Guide. ' + Expiration: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date on which the certificate is set to expire. + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description: ' The path to the server certificate. For more information + about paths, see IAM + identifiers in the IAM User Guide. ' + ServerCertificateId: + allOf: + - $ref: '#/components/schemas/idType' + - description: ' The stable and unique string identifying the server certificate. + For more information about IDs, see IAM + identifiers in the IAM User Guide. ' + ServerCertificateName: + allOf: + - $ref: '#/components/schemas/serverCertificateNameType' + - description: The name that identifies the server certificate. + UploadDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date when the server certificate was uploaded. + required: + - Path + - ServerCertificateName + - ServerCertificateId + - Arn + type: object + ServiceFailureException: {} + ServiceLastAccessed: + description:

Contains details about the most recent attempt to access the + service.

This data type is used as a response element in the GetServiceLastAccessedDetails + operation.

+ properties: + LastAuthenticated: + allOf: + - $ref: '#/components/schemas/dateType' + - description: "

The date and time, in\_ISO 8601 date-time format, when an authenticated entity most recently\ + \ attempted to access the service. Amazon Web Services does not report\ + \ unauthenticated requests.

This field is null if no IAM entities\ + \ attempted to access the service within the reporting period.

" + LastAuthenticatedEntity: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The ARN of the authenticated entity (user or role) that + last attempted to access the service. Amazon Web Services does not report + unauthenticated requests.

This field is null if no IAM entities + attempted to access the service within the reporting + period.

+ LastAuthenticatedRegion: + allOf: + - $ref: '#/components/schemas/stringType' + - description:

The Region from which the authenticated entity (user or + role) last attempted to access the service. Amazon Web Services does + not report unauthenticated requests.

This field is null if no + IAM entities attempted to access the service within the reporting + period.

+ ServiceName: + allOf: + - $ref: '#/components/schemas/serviceNameType' + - description: The name of the service in which access was attempted. + ServiceNamespace: + allOf: + - $ref: '#/components/schemas/serviceNamespaceType' + - description: "

The namespace of the service in which access was attempted.

\ + \

To learn the service namespace of a service, see Actions, resources, and condition keys for Amazon Web Services services\ + \ in the Service Authorization Reference. Choose the name of\ + \ the service to view details for that service. In the first paragraph,\ + \ find the service prefix. For example, (service prefix: a4b).\ + \ For more information about service namespaces, see Amazon Web Services Service Namespaces in the\_Amazon Web Services\ + \ General Reference.

" + TotalAuthenticatedEntities: + allOf: + - $ref: '#/components/schemas/integerType' + - description:

The total number of authenticated principals (root user, + IAM users, or IAM roles) that have attempted to access the service.

+

This field is null if no principals attempted to access the service + within the reporting + period.

+ TrackedActionsLastAccessed: + allOf: + - $ref: '#/components/schemas/TrackedActionsLastAccessed' + - description:

An object that contains details about the most recent + attempt to access a tracked action within the service.

This field + is null if there no tracked actions or if the principal did not use + the tracked actions within the reporting + period. This field is also null if the report was generated at the + service level and not the action level. For more information, see the + Granularity field in GenerateServiceLastAccessedDetails.

+ required: + - ServiceName + - ServiceNamespace + type: object + ServiceNotSupportedException: {} + ServiceSpecificCredential: + description: Contains the details of a service-specific credential. + properties: + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO + 8601 date-time format, when the service-specific credential were + created. + ServiceName: + allOf: + - $ref: '#/components/schemas/serviceName' + - description: The name of the service associated with the service-specific + credential. + ServicePassword: + allOf: + - $ref: '#/components/schemas/servicePassword' + - description: The generated password for the service-specific credential. + ServiceSpecificCredentialId: + allOf: + - $ref: '#/components/schemas/serviceSpecificCredentialId' + - description: The unique identifier for the service-specific credential. + ServiceUserName: + allOf: + - $ref: '#/components/schemas/serviceUserName' + - description: The generated user name for the service-specific credential. + This value is generated by combining the IAM user's name combined with + the ID number of the Amazon Web Services account, as in jane-at-123456789012, + for example. This value cannot be configured by the user. + Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status of the service-specific credential. Active + means that the key is valid for API calls, while Inactive + means it is not. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the IAM user associated with the service-specific + credential. + required: + - CreateDate + - ServiceName + - ServiceUserName + - ServicePassword + - ServiceSpecificCredentialId + - UserName + - Status + type: object + ServiceSpecificCredentialMetadata: + description: Contains additional details about a service-specific credential. + properties: + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO + 8601 date-time format, when the service-specific credential were + created. + ServiceName: + allOf: + - $ref: '#/components/schemas/serviceName' + - description: The name of the service associated with the service-specific + credential. + ServiceSpecificCredentialId: + allOf: + - $ref: '#/components/schemas/serviceSpecificCredentialId' + - description: The unique identifier for the service-specific credential. + ServiceUserName: + allOf: + - $ref: '#/components/schemas/serviceUserName' + - description: The generated user name for the service-specific credential. + Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status of the service-specific credential. Active + means that the key is valid for API calls, while Inactive + means it is not. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the IAM user associated with the service-specific + credential. + required: + - UserName + - Status + - ServiceUserName + - CreateDate + - ServiceSpecificCredentialId + - ServiceName + type: object + ServiceSpecificCredentialsListType: + items: + allOf: + - $ref: '#/components/schemas/ServiceSpecificCredentialMetadata' + - xml: + name: member + type: array + ServicesLastAccessed: + items: + allOf: + - $ref: '#/components/schemas/ServiceLastAccessed' + - xml: + name: member + type: array + SetDefaultPolicyVersionRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM policy whose + default version you want to set.

For more information about ARNs, + see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ VersionId: + allOf: + - $ref: '#/components/schemas/policyVersionIdType' + - description:

The version of the policy to set as the default (operative) + version.

For more information about managed policy versions, + see Versioning + for managed policies in the IAM User Guide.

+ required: + - PolicyArn + - VersionId + title: SetDefaultPolicyVersionRequest + type: object + SetSecurityTokenServicePreferencesRequest: + properties: + GlobalEndpointTokenVersion: + allOf: + - $ref: '#/components/schemas/globalEndpointTokenVersion' + - description:

The version of the global endpoint token. Version 1 tokens + are valid only in Amazon Web Services Regions that are available by + default. These tokens do not work in manually enabled Regions, such + as Asia Pacific (Hong Kong). Version 2 tokens are valid in all Regions. + However, version 2 tokens are longer and might affect systems where + you temporarily store tokens.

For information, see Activating + and deactivating STS in an Amazon Web Services Region in the IAM + User Guide.

+ required: + - GlobalEndpointTokenVersion + title: SetSecurityTokenServicePreferencesRequest + type: object + SigningCertificate: + description:

Contains information about an X.509 signing certificate.

+

This data type is used as a response element in the UploadSigningCertificate + and ListSigningCertificates operations.

+ properties: + CertificateBody: + allOf: + - $ref: '#/components/schemas/certificateBodyType' + - description: The contents of the signing certificate. + CertificateId: + allOf: + - $ref: '#/components/schemas/certificateIdType' + - description: The ID for the signing certificate. + Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status of the signing certificate. Active + means that the key is valid for API calls, while Inactive + means it is not. + UploadDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date when the signing certificate was uploaded. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the user the signing certificate is associated + with. + required: + - UserName + - CertificateId + - CertificateBody + - Status + type: object + SimulateCustomPolicyRequest: + properties: + ActionNames: + allOf: + - $ref: '#/components/schemas/ActionNameListType' + - description: A list of names of API operations to evaluate in the simulation. + Each operation is evaluated against each resource. Each operation must + include the service identifier, such as iam:CreateUser. + This operation does not support using wildcards (*) in an action name. + CallerArn: + allOf: + - $ref: '#/components/schemas/ResourceNameType' + - description:

The ARN of the IAM user that you want to use as the simulated + caller of the API operations. CallerArn is required if + you include a ResourcePolicy so that the policy's Principal + element has a value to use in evaluating the policy.

You can + specify only the ARN of an IAM user. You cannot specify the ARN of an + assumed role, federated user, or a service principal.

+ ContextEntries: + allOf: + - $ref: '#/components/schemas/ContextEntryListType' + - description: A list of context keys and corresponding values for the simulation + to use. Whenever a context key is evaluated in one of the simulated + IAM permissions policies, the corresponding value is supplied. + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ PermissionsBoundaryPolicyInputList: + allOf: + - $ref: '#/components/schemas/SimulationPolicyListType' + - description:

The IAM permissions boundary policy to simulate. The permissions + boundary sets the maximum permissions that an IAM entity can have. You + can input only one permissions boundary when you pass a policy to this + operation. For more information about permissions boundaries, see Permissions + boundaries for IAM entities in the IAM User Guide. The policy + input is specified as a string that contains the complete, valid JSON + text of a permissions boundary policy.

The maximum length of + the policy document that you can pass in this operation, including whitespace, + is listed below. To view the maximum character counts of a managed policy + with no whitespaces, see IAM + and STS character quotas.

The regex + pattern used to validate this parameter is a string of characters + consisting of the following:

  • Any printable ASCII character + ranging from the space character (\u0020) through the end + of the ASCII character range

  • The printable characters + in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ PolicyInputList: + allOf: + - $ref: '#/components/schemas/SimulationPolicyListType' + - description:

A list of policy documents to include in the simulation. + Each document is specified as a string containing the complete, valid + JSON text of an IAM policy. Do not include any resource-based policies + in this parameter. Any resource-based policy must be submitted with + the ResourcePolicy parameter. The policies cannot be "scope-down" + policies, such as you could include in a call to GetFederationToken + or one of the AssumeRole + API operations. In other words, do not use policies designed to restrict + what a user can do while using the temporary credentials.

The + maximum length of the policy document that you can pass in this operation, + including whitespace, is listed below. To view the maximum character + counts of a managed policy with no whitespaces, see IAM + and STS character quotas.

The regex + pattern used to validate this parameter is a string of characters + consisting of the following:

  • Any printable ASCII character + ranging from the space character (\u0020) through the end + of the ASCII character range

  • The printable characters + in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ ResourceArns: + allOf: + - $ref: '#/components/schemas/ResourceNameListType' + - description:

A list of ARNs of Amazon Web Services resources to include + in the simulation. If this parameter is not provided, then the value + defaults to * (all resources). Each API in the ActionNames + parameter is evaluated for each resource in this list. The simulation + determines the access result (allowed or denied) of each combination + and reports it in the response. You can simulate resources that don't + exist in your account.

The simulation does not automatically + retrieve policies for the specified resources. If you want to include + a resource policy in the simulation, then you must include the policy + as a string in the ResourcePolicy parameter.

If + you include a ResourcePolicy, then it must be applicable + to all of the resources included in the simulation or you receive an + invalid input error.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ ResourceHandlingOption: + allOf: + - $ref: '#/components/schemas/ResourceHandlingOptionType' + - description:

Specifies the type of simulation to run. Different API + operations that support resource-based policies require different combinations + of resources. By specifying the type of simulation to run, you enable + the policy simulator to enforce the presence of the required resources + to ensure reliable simulation results. If your simulation does not match + one of the following scenarios, then you can omit this parameter. The + following list shows each of the supported scenario values and the resources + that you must define to run the simulation.

Each of the EC2 scenarios + requires that you specify instance, image, and security-group resources. + If your scenario includes an EBS volume, then you must specify that + volume as a resource. If the EC2 scenario includes VPC, then you must + supply the network-interface resource. If it includes an IP subnet, + then you must specify the subnet resource. For more information on the + EC2 scenario options, see Supported + platforms in the Amazon EC2 User Guide.

  • + EC2-Classic-InstanceStore

    instance, image, security-group

    +

  • EC2-Classic-EBS

    instance, image, security-group, + volume

  • EC2-VPC-InstanceStore

    instance, + image, security-group, network-interface

  • EC2-VPC-InstanceStore-Subnet +

    instance, image, security-group, network-interface, subnet

    +

  • EC2-VPC-EBS

    instance, image, security-group, + network-interface, volume

  • EC2-VPC-EBS-Subnet +

    instance, image, security-group, network-interface, subnet, + volume

+ ResourceOwner: + allOf: + - $ref: '#/components/schemas/ResourceNameType' + - description: '

An ARN representing the Amazon Web Services account ID + that specifies the owner of any simulated resource that does not identify + its owner in the resource ARN. Examples of resource ARNs include an + S3 bucket or object. If ResourceOwner is specified, it + is also used as the account owner of any ResourcePolicy + included in the simulation. If the ResourceOwner parameter + is not specified, then the owner of the resources and the resource policy + defaults to the account of the identity provided in CallerArn. + This parameter is required only if you specify a resource-based policy + and account that owns the resource is different from the account that + owns the simulated calling user CallerArn.

The ARN + for an account uses the following syntax: arn:aws:iam::AWS-account-ID:root. + For example, to represent the account with the 112233445566 ID, use + the following ARN: arn:aws:iam::112233445566-ID:root.

' + ResourcePolicy: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description:

A resource-based policy to include in the simulation provided + as a string. Each resource in the simulation is treated as if it had + this policy attached. You can include only one resource-based policy + in a simulation.

The maximum length of the policy document that + you can pass in this operation, including whitespace, is listed below. + To view the maximum character counts of a managed policy with no whitespaces, + see IAM + and STS character quotas.

The regex + pattern used to validate this parameter is a string of characters + consisting of the following:

  • Any printable ASCII character + ranging from the space character (\u0020) through the end + of the ASCII character range

  • The printable characters + in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ required: + - PolicyInputList + - ActionNames + title: SimulateCustomPolicyRequest + type: object + SimulatePolicyResponse: + description: Contains the response to a successful SimulatePrincipalPolicy + or SimulateCustomPolicy request. + properties: + EvaluationResults: + allOf: + - $ref: '#/components/schemas/EvaluationResultsListType' + - description: The results of the simulation. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. + If your results were truncated, you can make a subsequent pagination + request using the Marker request parameter to retrieve + more items. Note that IAM might return fewer than the MaxItems + number of results even when there are more results available. We recommend + that you check IsTruncated after every call to ensure that + you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this + element is present and contains the value to use for the Marker + parameter in a subsequent pagination request. + type: object + SimulatePrincipalPolicyRequest: + properties: + ActionNames: + allOf: + - $ref: '#/components/schemas/ActionNameListType' + - description: A list of names of API operations to evaluate in the simulation. + Each operation is evaluated for each resource. Each operation must include + the service identifier, such as iam:CreateUser. + CallerArn: + allOf: + - $ref: '#/components/schemas/ResourceNameType' + - description:

The ARN of the IAM user that you want to specify as the + simulated caller of the API operations. If you do not specify a CallerArn, + it defaults to the ARN of the user that you specify in PolicySourceArn, + if you specified a user. If you include both a PolicySourceArn + (for example, arn:aws:iam::123456789012:user/David) and + a CallerArn (for example, arn:aws:iam::123456789012:user/Bob), + the result is that you simulate calling the API operations as Bob, as + if Bob had David's policies.

You can specify only the ARN of + an IAM user. You cannot specify the ARN of an assumed role, federated + user, or a service principal.

CallerArn is required + if you include a ResourcePolicy and the PolicySourceArn + is not the ARN for an IAM user. This is required so that the resource-based + policy's Principal element has a value to use in evaluating + the policy.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ ContextEntries: + allOf: + - $ref: '#/components/schemas/ContextEntryListType' + - description: A list of context keys and corresponding values for the simulation + to use. Whenever a context key is evaluated in one of the simulated + IAM permissions policies, the corresponding value is supplied. + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only + after you receive a response indicating that the results are truncated. + Set it to the value of the Marker element in the response + that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description:

Use this only when paginating results to indicate the + maximum number of items you want in the response. If additional items + exist beyond the maximum you specify, the IsTruncated response + element is true.

If you do not include this parameter, + the number of items defaults to 100. Note that IAM might return fewer + results, even when there are more results available. In that case, the + IsTruncated response element returns true, + and Marker contains a value to include in the subsequent + call that tells the service where to continue from.

+ PermissionsBoundaryPolicyInputList: + allOf: + - $ref: '#/components/schemas/SimulationPolicyListType' + - description:

The IAM permissions boundary policy to simulate. The permissions + boundary sets the maximum permissions that the entity can have. You + can input only one permissions boundary when you pass a policy to this + operation. An IAM entity can only have one permissions boundary in effect + at a time. For example, if a permissions boundary is attached to an + entity and you pass in a different permissions boundary policy using + this parameter, then the new permissions boundary policy is used for + the simulation. For more information about permissions boundaries, see + Permissions + boundaries for IAM entities in the IAM User Guide. The policy + input is specified as a string containing the complete, valid JSON text + of a permissions boundary policy.

The maximum length of the policy + document that you can pass in this operation, including whitespace, + is listed below. To view the maximum character counts of a managed policy + with no whitespaces, see IAM + and STS character quotas.

The regex + pattern used to validate this parameter is a string of characters + consisting of the following:

  • Any printable ASCII character + ranging from the space character (\u0020) through the end + of the ASCII character range

  • The printable characters + in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ PolicyInputList: + allOf: + - $ref: '#/components/schemas/SimulationPolicyListType' + - description:

An optional list of additional policy documents to include + in the simulation. Each document is specified as a string containing + the complete, valid JSON text of an IAM policy.

The regex + pattern used to validate this parameter is a string of characters + consisting of the following:

  • Any printable ASCII character + ranging from the space character (\u0020) through the end + of the ASCII character range

  • The printable characters + in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ PolicySourceArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of a user, group, or role + whose policies you want to include in the simulation. If you specify + a user, group, or role, the simulation includes all policies that are + associated with that entity. If you specify a user, the simulation also + includes all policies that are attached to any groups the user belongs + to.

The maximum length of the policy document that you can pass + in this operation, including whitespace, is listed below. To view the + maximum character counts of a managed policy with no whitespaces, see + IAM + and STS character quotas.

For more information about ARNs, + see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ ResourceArns: + allOf: + - $ref: '#/components/schemas/ResourceNameListType' + - description:

A list of ARNs of Amazon Web Services resources to include + in the simulation. If this parameter is not provided, then the value + defaults to * (all resources). Each API in the ActionNames + parameter is evaluated for each resource in this list. The simulation + determines the access result (allowed or denied) of each combination + and reports it in the response. You can simulate resources that don't + exist in your account.

The simulation does not automatically + retrieve policies for the specified resources. If you want to include + a resource policy in the simulation, then you must include the policy + as a string in the ResourcePolicy parameter.

For + more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ ResourceHandlingOption: + allOf: + - $ref: '#/components/schemas/ResourceHandlingOptionType' + - description:

Specifies the type of simulation to run. Different API + operations that support resource-based policies require different combinations + of resources. By specifying the type of simulation to run, you enable + the policy simulator to enforce the presence of the required resources + to ensure reliable simulation results. If your simulation does not match + one of the following scenarios, then you can omit this parameter. The + following list shows each of the supported scenario values and the resources + that you must define to run the simulation.

Each of the EC2 scenarios + requires that you specify instance, image, and security group resources. + If your scenario includes an EBS volume, then you must specify that + volume as a resource. If the EC2 scenario includes VPC, then you must + supply the network interface resource. If it includes an IP subnet, + then you must specify the subnet resource. For more information on the + EC2 scenario options, see Supported + platforms in the Amazon EC2 User Guide.

  • + EC2-Classic-InstanceStore

    instance, image, security group

    +

  • EC2-Classic-EBS

    instance, image, security + group, volume

  • EC2-VPC-InstanceStore

    instance, + image, security group, network interface

  • EC2-VPC-InstanceStore-Subnet +

    instance, image, security group, network interface, subnet

    +

  • EC2-VPC-EBS

    instance, image, security + group, network interface, volume

  • EC2-VPC-EBS-Subnet +

    instance, image, security group, network interface, subnet, + volume

+ ResourceOwner: + allOf: + - $ref: '#/components/schemas/ResourceNameType' + - description: An Amazon Web Services account ID that specifies the owner + of any simulated resource that does not identify its owner in the resource + ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner + is specified, it is also used as the account owner of any ResourcePolicy + included in the simulation. If the ResourceOwner parameter + is not specified, then the owner of the resources and the resource policy + defaults to the account of the identity provided in CallerArn. + This parameter is required only if you specify a resource-based policy + and account that owns the resource is different from the account that + owns the simulated calling user CallerArn. + ResourcePolicy: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description:

A resource-based policy to include in the simulation provided + as a string. Each resource in the simulation is treated as if it had + this policy attached. You can include only one resource-based policy + in a simulation.

The maximum length of the policy document that + you can pass in this operation, including whitespace, is listed below. + To view the maximum character counts of a managed policy with no whitespaces, + see IAM + and STS character quotas.

The regex + pattern used to validate this parameter is a string of characters + consisting of the following:

  • Any printable ASCII character + ranging from the space character (\u0020) through the end + of the ASCII character range

  • The printable characters + in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ required: + - PolicySourceArn + - ActionNames + title: SimulatePrincipalPolicyRequest + type: object + SimulationPolicyListType: + items: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - xml: + name: member + type: array + Statement: + description:

Contains a reference to a Statement element in + a policy document that determines the result of the simulation.

This + data type is used by the MatchedStatements member of the + EvaluationResult type.

+ properties: + EndPosition: + allOf: + - $ref: '#/components/schemas/Position' + - description: The row and column of the end of a Statement + in an IAM policy. + SourcePolicyId: + allOf: + - $ref: '#/components/schemas/PolicyIdentifierType' + - description: The identifier of the policy that was provided as an input. + SourcePolicyType: + allOf: + - $ref: '#/components/schemas/PolicySourceType' + - description: The type of the policy. + StartPosition: + allOf: + - $ref: '#/components/schemas/Position' + - description: The row and column of the beginning of the Statement + in an IAM policy. + type: object + StatementListType: + items: + allOf: + - $ref: '#/components/schemas/Statement' + - xml: + name: member + type: array + Tag: + description: A structure that represents user-provided metadata that can be + associated with an IAM resource. For more information about tagging, see Tagging + IAM resources in the IAM User Guide. + properties: + Key: + allOf: + - $ref: '#/components/schemas/tagKeyType' + - description: The key name that can be used to look up or retrieve the + associated value. For example, Department or Cost + Center are common choices. + Value: + allOf: + - $ref: '#/components/schemas/tagValueType' + - description:

The value associated with this tag. For example, tags + with a key name of Department could have values such as + Human Resources, Accounting, and Support. + Tags with a key name of Cost Center might have values that + consist of the number associated with the different cost centers in + your company. Typically, many resources have tags with the same key + name but with different values.

Amazon Web Services always + interprets the tag Value as a single string. If you need + to store an array, you can store comma-separated values in the string. + However, you must interpret the value in your code.

 + required: + - Key + - Value + type: object + TagInstanceProfileRequest: + properties: + InstanceProfileName: + allOf: + - $ref: '#/components/schemas/instanceProfileNameType' + - description: '

The name of the IAM instance profile to which you want + to add tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that you want to attach to the IAM instance + profile. Each tag consists of a key name and an associated value. + required: + - InstanceProfileName + - Tags + title: TagInstanceProfileRequest + type: object + TagMFADeviceRequest: + properties: + SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: '

The unique identifier for the IAM virtual MFA device + to which you want to add tags. For virtual MFA devices, the serial number + is the same as the ARN.

This parameter allows (through its regex pattern) a string of + characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that you want to attach to the IAM virtual + MFA device. Each tag consists of a key name and an associated value. + required: + - SerialNumber + - Tags + title: TagMFADeviceRequest + type: object + TagOpenIDConnectProviderRequest: + properties: + OpenIDConnectProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: '

The ARN of the OIDC identity provider in IAM to which + you want to add tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that you want to attach to the OIDC identity + provider in IAM. Each tag consists of a key name and an associated value. + required: + - OpenIDConnectProviderArn + - Tags + title: TagOpenIDConnectProviderRequest + type: object + TagPolicyRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: '

The ARN of the IAM customer managed policy to which you + want to add tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that you want to attach to the IAM customer + managed policy. Each tag consists of a key name and an associated value. + required: + - PolicyArn + - Tags + title: TagPolicyRequest + type: object + TagRoleRequest: + properties: + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name of the IAM role to which you want to add tags.

+

This parameter accepts (through its regex + pattern) a string of characters that consist of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that you want to attach to the IAM role. + Each tag consists of a key name and an associated value. + required: + - RoleName + - Tags + title: TagRoleRequest + type: object + TagSAMLProviderRequest: + properties: + SAMLProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: '

The ARN of the SAML identity provider in IAM to which + you want to add tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that you want to attach to the SAML identity + provider in IAM. Each tag consists of a key name and an associated value. + required: + - SAMLProviderArn + - Tags + title: TagSAMLProviderRequest + type: object + TagServerCertificateRequest: + properties: + ServerCertificateName: + allOf: + - $ref: '#/components/schemas/serverCertificateNameType' + - description: '

The name of the IAM server certificate to which you want + to add tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that you want to attach to the IAM server + certificate. Each tag consists of a key name and an associated value. + required: + - ServerCertificateName + - Tags + title: TagServerCertificateRequest + type: object + TagUserRequest: + properties: + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that you want to attach to the IAM user. + Each tag consists of a key name and an associated value. + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the IAM user to which you want to add tags.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + - Tags + title: TagUserRequest + type: object + TrackedActionLastAccessed: + description:

Contains details about the most recent attempt to access an + action within the service.

This data type is used as a response element + in the GetServiceLastAccessedDetails operation.

+ properties: + ActionName: + allOf: + - $ref: '#/components/schemas/stringType' + - description: The name of the tracked action to which access was attempted. + Tracked actions are actions that report activity to IAM. + LastAccessedEntity: + $ref: '#/components/schemas/arnType' + LastAccessedRegion: + allOf: + - $ref: '#/components/schemas/stringType' + - description:

The Region from which the authenticated entity (user or + role) last attempted to access the tracked action. Amazon Web Services + does not report unauthenticated requests.

This field is null + if no IAM entities attempted to access the service within the reporting + period.

+ LastAccessedTime: + allOf: + - $ref: '#/components/schemas/dateType' + - description: "

The date and time, in\_ISO 8601 date-time format, when an authenticated entity most recently\ + \ attempted to access the tracked service. Amazon Web Services does\ + \ not report unauthenticated requests.

This field is null if\ + \ no IAM entities attempted to access the service within the reporting period.

" + type: object + TrackedActionsLastAccessed: + items: + allOf: + - $ref: '#/components/schemas/TrackedActionLastAccessed' + - xml: + name: member + type: array + UnmodifiableEntityException: {} + UnrecognizedPublicKeyEncodingException: {} + UntagInstanceProfileRequest: + properties: + InstanceProfileName: + allOf: + - $ref: '#/components/schemas/instanceProfileNameType' + - description: '

The name of the IAM instance profile from which you want + to remove tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + TagKeys: + allOf: + - $ref: '#/components/schemas/tagKeyListType' + - description: A list of key names as a simple array of strings. The tags + with matching keys are removed from the specified instance profile. + required: + - InstanceProfileName + - TagKeys + title: UntagInstanceProfileRequest + type: object + UntagMFADeviceRequest: + properties: + SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: '

The unique identifier for the IAM virtual MFA device + from which you want to remove tags. For virtual MFA devices, the serial + number is the same as the ARN.

This parameter allows (through + its regex pattern) a string + of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + TagKeys: + allOf: + - $ref: '#/components/schemas/tagKeyListType' + - description: A list of key names as a simple array of strings. The tags + with matching keys are removed from the specified instance profile. + required: + - SerialNumber + - TagKeys + title: UntagMFADeviceRequest + type: object + UntagOpenIDConnectProviderRequest: + properties: + OpenIDConnectProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: '

The ARN of the OIDC provider in IAM from which you want + to remove tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + TagKeys: + allOf: + - $ref: '#/components/schemas/tagKeyListType' + - description: A list of key names as a simple array of strings. The tags + with matching keys are removed from the specified OIDC provider. + required: + - OpenIDConnectProviderArn + - TagKeys + title: UntagOpenIDConnectProviderRequest + type: object + UntagPolicyRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: '

The ARN of the IAM customer managed policy from which + you want to remove tags.

This parameter allows (through its regex pattern) a string of + characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + TagKeys: + allOf: + - $ref: '#/components/schemas/tagKeyListType' + - description: A list of key names as a simple array of strings. The tags + with matching keys are removed from the specified policy. + required: + - PolicyArn + - TagKeys + title: UntagPolicyRequest + type: object + UntagRoleRequest: + properties: + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name of the IAM role from which you want to remove + tags.

This parameter accepts (through its regex + pattern) a string of characters that consist of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + TagKeys: + allOf: + - $ref: '#/components/schemas/tagKeyListType' + - description: A list of key names as a simple array of strings. The tags + with matching keys are removed from the specified role. + required: + - RoleName + - TagKeys + title: UntagRoleRequest + type: object + UntagSAMLProviderRequest: + properties: + SAMLProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: '

The ARN of the SAML identity provider in IAM from which + you want to remove tags.

This parameter allows (through its regex pattern) a string of + characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: + _+=,.@-

' + TagKeys: + allOf: + - $ref: '#/components/schemas/tagKeyListType' + - description: A list of key names as a simple array of strings. The tags + with matching keys are removed from the specified SAML identity provider. + required: + - SAMLProviderArn + - TagKeys + title: UntagSAMLProviderRequest + type: object + UntagServerCertificateRequest: + properties: + ServerCertificateName: + allOf: + - $ref: '#/components/schemas/serverCertificateNameType' + - description: '

The name of the IAM server certificate from which you + want to remove tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + TagKeys: + allOf: + - $ref: '#/components/schemas/tagKeyListType' + - description: A list of key names as a simple array of strings. The tags + with matching keys are removed from the specified IAM server certificate. + required: + - ServerCertificateName + - TagKeys + title: UntagServerCertificateRequest + type: object + UntagUserRequest: + properties: + TagKeys: + allOf: + - $ref: '#/components/schemas/tagKeyListType' + - description: A list of key names as a simple array of strings. The tags + with matching keys are removed from the specified user. + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the IAM user from which you want to remove + tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + - TagKeys + title: UntagUserRequest + type: object + UpdateAccessKeyRequest: + properties: + AccessKeyId: + allOf: + - $ref: '#/components/schemas/accessKeyIdType' + - description:

The access key ID of the secret access key you want to + update.

This parameter allows (through its regex + pattern) a string of characters that can consist of any upper or + lowercased letter or digit.

+ Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: ' The status you want to assign to the secret access key. + Active means that the key can be used for programmatic + calls to Amazon Web Services, while Inactive means that + the key cannot be used.' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user whose key you want to update.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - AccessKeyId + - Status + title: UpdateAccessKeyRequest + type: object + UpdateAccountPasswordPolicyRequest: + properties: + AllowUsersToChangePassword: + allOf: + - $ref: '#/components/schemas/booleanType' + - description:

Allows all IAM users in your account to use the Amazon + Web Services Management Console to change their own passwords. For more + information, see Permitting + IAM users to change their own passwords in the IAM User Guide.

+

If you do not specify a value for this parameter, then the operation + uses the default value of false. The result is that IAM + users in the account do not automatically have permissions to change + their own password.

+ HardExpiry: + allOf: + - $ref: '#/components/schemas/booleanObjectType' + - description:

Prevents IAM users who are accessing the account via + the Amazon Web Services Management Console from setting a new console + password after their password has expired. The IAM user cannot access + the console until an administrator resets the password.

If you + do not specify a value for this parameter, then the operation uses the + default value of false. The result is that IAM users can + change their passwords after they expire and continue to sign in as + the user.

In the Amazon Web Services Management Console, + the custom password policy option Allow users to change their own + password gives IAM users permissions to iam:ChangePassword + for only their user and to the iam:GetAccountPasswordPolicy + action. This option does not attach a permissions policy to each user, + rather the permissions are applied at the account-level for all users + by IAM. IAM users with iam:ChangePassword permission and + active access keys can reset their own expired console password using + the CLI or API.

 + MaxPasswordAge: + allOf: + - $ref: '#/components/schemas/maxPasswordAgeType' + - description:

The number of days that an IAM user password is valid.

+

If you do not specify a value for this parameter, then the operation + uses the default value of 0. The result is that IAM user + passwords never expire.

+ MinimumPasswordLength: + allOf: + - $ref: '#/components/schemas/minimumPasswordLengthType' + - description:

The minimum number of characters allowed in an IAM user + password.

If you do not specify a value for this parameter, then + the operation uses the default value of 6.

+ PasswordReusePrevention: + allOf: + - $ref: '#/components/schemas/passwordReusePreventionType' + - description:

Specifies the number of previous passwords that IAM users + are prevented from reusing.

If you do not specify a value for + this parameter, then the operation uses the default value of 0. + The result is that IAM users are not prevented from reusing previous + passwords.

+ RequireLowercaseCharacters: + allOf: + - $ref: '#/components/schemas/booleanType' + - description:

Specifies whether IAM user passwords must contain at least + one lowercase character from the ISO basic Latin alphabet (a to z).

+

If you do not specify a value for this parameter, then the operation + uses the default value of false. The result is that passwords + do not require at least one lowercase character.

+ RequireNumbers: + allOf: + - $ref: '#/components/schemas/booleanType' + - description:

Specifies whether IAM user passwords must contain at least + one numeric character (0 to 9).

If you do not specify a value + for this parameter, then the operation uses the default value of false. + The result is that passwords do not require at least one numeric character.

+ RequireSymbols: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: '

Specifies whether IAM user passwords must contain at + least one of the following non-alphanumeric characters:

! @ # + $ % ^ & * ( ) _ + - = [ ] { } | ''

If you do not specify + a value for this parameter, then the operation uses the default value + of false. The result is that passwords do not require at + least one symbol character.

' + RequireUppercaseCharacters: + allOf: + - $ref: '#/components/schemas/booleanType' + - description:

Specifies whether IAM user passwords must contain at least + one uppercase character from the ISO basic Latin alphabet (A to Z).

+

If you do not specify a value for this parameter, then the operation + uses the default value of false. The result is that passwords + do not require at least one uppercase character.

+ title: UpdateAccountPasswordPolicyRequest + type: object + UpdateAssumeRolePolicyRequest: + properties: + PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description:

The policy that grants an entity permission to assume + the role.

You must provide policies in JSON format in IAM. However, + for CloudFormation templates formatted in YAML, you can provide the + policy in JSON or YAML format. CloudFormation always converts a YAML + policy to JSON format before submitting it to IAM.

The regex + pattern used to validate this parameter is a string of characters + consisting of the following:

  • Any printable ASCII character + ranging from the space character (\u0020) through the end + of the ASCII character range

  • The printable characters + in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name of the role to update with the new policy.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - RoleName + - PolicyDocument + title: UpdateAssumeRolePolicyRequest + type: object + UpdateGroupRequest: + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

Name of the IAM group to update. If you''re changing + the name of the group, this is the original name.

This parameter + allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + NewGroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description:

New name for the IAM group. Only include this if changing + the group's name.

IAM user, group, role, and policy names must + be unique within the account. Names are not distinguished by case. For + example, you cannot create resources named both "MyResource" and "myresource".

+ NewPath: + allOf: + - $ref: '#/components/schemas/pathType' + - description:

New path for the IAM group. Only include this if changing + the group's path.

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ required: + - GroupName + title: UpdateGroupRequest + type: object + UpdateLoginProfileRequest: + properties: + Password: + allOf: + - $ref: '#/components/schemas/passwordType' + - description:

The new password for the specified IAM user.

The + regex pattern used to + validate this parameter is a string of characters consisting of the + following:

  • Any printable ASCII character ranging from + the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +

However, the format can be further restricted by the + account administrator by setting a password policy on the Amazon Web + Services account. For more information, see UpdateAccountPasswordPolicy.

+ PasswordResetRequired: + allOf: + - $ref: '#/components/schemas/booleanObjectType' + - description: Allows this new password to be used only once by requiring + the specified IAM user to set a new password on next sign-in. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the user whose password you want to update.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + title: UpdateLoginProfileRequest + type: object + UpdateOpenIDConnectProviderThumbprintRequest: + properties: + OpenIDConnectProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM OIDC provider + resource object for which you want to update the thumbprint. You can + get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders + operation.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ ThumbprintList: + allOf: + - $ref: '#/components/schemas/thumbprintListType' + - description: 'A list of certificate thumbprints that are associated with + the specified IAM OpenID Connect provider. For more information, see + CreateOpenIDConnectProvider. ' + required: + - OpenIDConnectProviderArn + - ThumbprintList + title: UpdateOpenIDConnectProviderThumbprintRequest + type: object + UpdateRoleDescriptionRequest: + properties: + Description: + allOf: + - $ref: '#/components/schemas/roleDescriptionType' + - description: The new description that you want to apply to the specified + role. + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: The name of the role that you want to modify. + required: + - RoleName + - Description + title: UpdateRoleDescriptionRequest + type: object + UpdateRoleDescriptionResponse: + properties: + Role: + allOf: + - $ref: '#/components/schemas/Role' + - description: A structure that contains details about the modified role. + type: object + UpdateRoleRequest: + properties: + Description: + allOf: + - $ref: '#/components/schemas/roleDescriptionType' + - description: The new description that you want to apply to the specified + role. + MaxSessionDuration: + allOf: + - $ref: '#/components/schemas/roleMaxSessionDurationType' + - description:

The maximum session duration (in seconds) that you want + to set for the specified role. If you do not specify a value for this + setting, the default maximum of one hour is applied. This setting can + have a value from 1 hour to 12 hours.

Anyone who assumes the + role from the CLI or API can use the DurationSeconds API + parameter or the duration-seconds CLI parameter to request + a longer session. The MaxSessionDuration setting determines + the maximum duration that can be requested using the DurationSeconds + parameter. If users don't specify a value for the DurationSeconds + parameter, their security credentials are valid for one hour by default. + This applies when you use the AssumeRole* API operations + or the assume-role* CLI operations but does not apply when + you use those operations to create a console URL. For more information, + see Using + IAM roles in the IAM User Guide.

+ RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: The name of the role that you want to modify. + required: + - RoleName + title: UpdateRoleRequest + type: object + UpdateRoleResponse: + properties: {} + type: object + UpdateSAMLProviderRequest: + properties: + SAMLMetadataDocument: + allOf: + - $ref: '#/components/schemas/SAMLMetadataDocumentType' + - description: An XML document generated by an identity provider (IdP) that + supports SAML 2.0. The document includes the issuer's name, expiration + information, and keys that can be used to validate the SAML authentication + response (assertions) that are received from the IdP. You must generate + the metadata document using the identity management software that is + used as your organization's IdP. + SAMLProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the SAML provider to + update.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ required: + - SAMLMetadataDocument + - SAMLProviderArn + title: UpdateSAMLProviderRequest + type: object + UpdateSAMLProviderResponse: + description: 'Contains the response to a successful UpdateSAMLProvider + request. ' + properties: + SAMLProviderArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: The Amazon Resource Name (ARN) of the SAML provider that + was updated. + type: object + UpdateSSHPublicKeyRequest: + properties: + SSHPublicKeyId: + allOf: + - $ref: '#/components/schemas/publicKeyIdType' + - description:

The unique identifier for the SSH public key.

This + parameter allows (through its regex + pattern) a string of characters that can consist of any upper or + lowercased letter or digit.

+ Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status to assign to the SSH public key. Active + means that the key can be used for authentication with an CodeCommit + repository. Inactive means that the key cannot be used. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user associated with the SSH public + key.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + - SSHPublicKeyId + - Status + title: UpdateSSHPublicKeyRequest + type: object + UpdateServerCertificateRequest: + properties: + NewPath: + allOf: + - $ref: '#/components/schemas/pathType' + - description:

The new path for the server certificate. Include this + only if you are updating the server certificate's path.

This + parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ NewServerCertificateName: + allOf: + - $ref: '#/components/schemas/serverCertificateNameType' + - description: '

The new name for the server certificate. Include this + only if you are updating the server certificate''s name. The name of + the certificate cannot contain any spaces.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following + characters: _+=,.@-

' + ServerCertificateName: + allOf: + - $ref: '#/components/schemas/serverCertificateNameType' + - description: '

The name of the server certificate that you want to update.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - ServerCertificateName + title: UpdateServerCertificateRequest + type: object + UpdateServiceSpecificCredentialRequest: + properties: + ServiceSpecificCredentialId: + allOf: + - $ref: '#/components/schemas/serviceSpecificCredentialId' + - description:

The unique identifier of the service-specific credential.

+

This parameter allows (through its regex + pattern) a string of characters that can consist of any upper or + lowercased letter or digit.

+ Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status to be assigned to the service-specific credential. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user associated with the service-specific + credential. If you do not specify this value, then the operation assumes + the user whose credentials are used to call the operation.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - ServiceSpecificCredentialId + - Status + title: UpdateServiceSpecificCredentialRequest + type: object + UpdateSigningCertificateRequest: + properties: + CertificateId: + allOf: + - $ref: '#/components/schemas/certificateIdType' + - description:

The ID of the signing certificate you want to update.

+

This parameter allows (through its regex + pattern) a string of characters that can consist of any upper or + lowercased letter or digit.

+ Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: ' The status you want to assign to the certificate. Active + means that the certificate can be used for programmatic calls to Amazon + Web Services Inactive means that the certificate cannot + be used.' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the IAM user the signing certificate belongs + to.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - CertificateId + - Status + title: UpdateSigningCertificateRequest + type: object + UpdateUserRequest: + properties: + NewPath: + allOf: + - $ref: '#/components/schemas/pathType' + - description:

New path for the IAM user. Include this parameter only + if you're changing the user's path.

This parameter allows (through + its regex pattern) a string + of characters consisting of either a forward slash (/) by itself or + a string that must begin and end with forward slashes. In addition, + it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ NewUserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description:

New name for the user. Include this parameter only if + you're changing the user's name.

IAM user, group, role, and policy + names must be unique within the account. Names are not distinguished + by case. For example, you cannot create resources named both "MyResource" + and "myresource".

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

Name of the user to update. If you''re changing the name + of the user, this is the original user name.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following + characters: _+=,.@-

' + required: + - UserName + title: UpdateUserRequest + type: object + UploadSSHPublicKeyRequest: + properties: + SSHPublicKeyBody: + allOf: + - $ref: '#/components/schemas/publicKeyMaterialType' + - description:

The SSH public key. The public key must be encoded in + ssh-rsa format or PEM format. The minimum bit-length of the public key + is 2048 bits. For example, you can generate a 2048-bit key, and the + resulting PEM file is 1679 bytes long.

The regex + pattern used to validate this parameter is a string of characters + consisting of the following:

  • Any printable ASCII character + ranging from the space character (\u0020) through the end + of the ASCII character range

  • The printable characters + in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user to associate the SSH public + key with.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - UserName + - SSHPublicKeyBody + title: UploadSSHPublicKeyRequest + type: object + UploadSSHPublicKeyResponse: + description: Contains the response to a successful UploadSSHPublicKey + request. + properties: + SSHPublicKey: + allOf: + - $ref: '#/components/schemas/SSHPublicKey' + - description: Contains information about the SSH public key. + type: object + UploadServerCertificateRequest: + properties: + CertificateBody: + allOf: + - $ref: '#/components/schemas/certificateBodyType' + - description:

The contents of the public key certificate in PEM-encoded + format.

The regex pattern + used to validate this parameter is a string of characters consisting + of the following:

  • Any printable ASCII character ranging + from the space character (\u0020) through the end of the + ASCII character range

  • The printable characters in + the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ CertificateChain: + allOf: + - $ref: '#/components/schemas/certificateChainType' + - description:

The contents of the certificate chain. This is typically + a concatenation of the PEM-encoded public key certificates of the chain.

+

The regex pattern used + to validate this parameter is a string of characters consisting of the + following:

  • Any printable ASCII character ranging from + the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description:

The path for the server certificate. For more information + about paths, see IAM + identifiers in the IAM User Guide.

This parameter + is optional. If it is not included, it defaults to a slash (/). This + parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ If you are uploading a server certificate specifically for use with + Amazon CloudFront distributions, you must specify a path using the path + parameter. The path must begin with /cloudfront and must + include a trailing slash (for example, /cloudfront/test/).

+ + PrivateKey: + allOf: + - $ref: '#/components/schemas/privateKeyType' + - description:

The contents of the private key in PEM-encoded format.

+

The regex pattern used + to validate this parameter is a string of characters consisting of the + following:

  • Any printable ASCII character ranging from + the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line + feed (\u000A), and carriage return (\u000D)

    +
+ ServerCertificateName: + allOf: + - $ref: '#/components/schemas/serverCertificateNameType' + - description: '

The name for the server certificate. Do not include the + path in this value. The name of the certificate cannot contain any spaces.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description:

A list of tags that you want to attach to the new IAM + server certificate resource. Each tag consists of a key name and an + associated value. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

If any + one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created.

+ + required: + - ServerCertificateName + - CertificateBody + - PrivateKey + title: UploadServerCertificateRequest + type: object + UploadServerCertificateResponse: + description: 'Contains the response to a successful UploadServerCertificate + request. ' + example: + ServerCertificateMetadata: + Arn: arn:aws:iam::123456789012:server-certificate/company/servercerts/ProdServerCert + Expiration: '2012-05-08T01:02:03.004Z' + Path: /company/servercerts/ + ServerCertificateId: ASCA1111111111EXAMPLE + ServerCertificateName: ProdServerCert + UploadDate: '2010-05-08T01:02:03.004Z' + properties: + ServerCertificateMetadata: + allOf: + - $ref: '#/components/schemas/ServerCertificateMetadata' + - description: The meta information of the uploaded server certificate without + its certificate body, certificate chain, and private key. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: A list of tags that are attached to the new IAM server certificate. + The returned list of tags is sorted by tag key. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide. + type: object + UploadSigningCertificateRequest: + properties: + CertificateBody: + allOf: + - $ref: '#/components/schemas/certificateBodyType' + - description:

The contents of the signing certificate.

The regex pattern used to validate + this parameter is a string of characters consisting of the following:

+

  • Any printable ASCII character ranging from the space character + (\u0020) through the end of the ASCII character range

    +

  • The printable characters in the Basic Latin and Latin-1 + Supplement character set (through \u00FF)

  • +

    The special characters tab (\u0009), line feed (\u000A), + and carriage return (\u000D)

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user the signing certificate is for.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase + alphanumeric characters with no spaces. You can also include any of + the following characters: _+=,.@-

' + required: + - CertificateBody + title: UploadSigningCertificateRequest + type: object + UploadSigningCertificateResponse: + description: 'Contains the response to a successful UploadSigningCertificate + request. ' + example: + Certificate: + CertificateBody: '-----BEGIN CERTIFICATE----------END + CERTIFICATE-----' + CertificateId: ID123456789012345EXAMPLE + Status: Active + UploadDate: '2015-06-06T21:40:08.121Z' + UserName: Bob + properties: + Certificate: + allOf: + - $ref: '#/components/schemas/SigningCertificate' + - description: Information about the certificate. + required: + - Certificate + type: object + User: + description:

Contains information about an IAM user entity.

This data + type is used as a response element in the following operations:

+ properties: + Arn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: 'The Amazon Resource Name (ARN) that identifies the user. + For more information about ARNs and how to use ARNs in policies, see + IAM + Identifiers in the IAM User Guide. ' + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO + 8601 date-time format, when the user was created. + PasswordLastUsed: + allOf: + - $ref: '#/components/schemas/dateType' + - description:

The date and time, in ISO + 8601 date-time format, when the user's password was last used to + sign in to an Amazon Web Services website. For a list of Amazon Web + Services websites that capture a user's last sign-in time, see the Credential + reports topic in the IAM User Guide. If a password is used + more than once in a five-minute span, only the first use is returned + in this field. If the field is null (no value), then it indicates that + they never signed in with a password. This can be because:

    +

  • The user never had a password.

  • A password + exists but has not been used since IAM started tracking this information + on October 20, 2014.

A null value does not mean that + the user never had a password. Also, if the user does not currently + have a password but had one in the past, then this field contains the + date and time the most recent password was used.

This value is + returned only in the GetUser and ListUsers operations. +

+ Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description:

The path to the user. For more information about paths, + see IAM + identifiers in the IAM User Guide.

The ARN of the + policy used to set the permissions boundary for the user.

+ PermissionsBoundary: + allOf: + - $ref: '#/components/schemas/AttachedPermissionsBoundary' + - description: For more information about permissions boundaries, see Permissions + boundaries for IAM identities in the IAM User Guide. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: A list of tags that are associated with the user. For more + information about tagging, see Tagging + IAM resources in the IAM User Guide. + UserId: + allOf: + - $ref: '#/components/schemas/idType' + - description: The stable and unique string identifying the user. For more + information about IDs, see IAM + identifiers in the IAM User Guide. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The friendly name identifying the user. + required: + - Path + - UserName + - UserId + - Arn + - CreateDate + type: object + UserDetail: + description:

Contains information about an IAM user, including all the user's + policies and all the IAM groups the user is in.

This data type is used + as a response element in the GetAccountAuthorizationDetails operation.

+ properties: + Arn: + $ref: '#/components/schemas/arnType' + AttachedManagedPolicies: + allOf: + - $ref: '#/components/schemas/attachedPoliciesListType' + - description: A list of the managed policies attached to the user. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO + 8601 date-time format, when the user was created. + GroupList: + allOf: + - $ref: '#/components/schemas/groupNameListType' + - description: A list of IAM groups that the user is in. + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description: The path to the user. For more information about paths, see + IAM + identifiers in the IAM User Guide. + PermissionsBoundary: + allOf: + - $ref: '#/components/schemas/AttachedPermissionsBoundary' + - description:

The ARN of the policy used to set the permissions boundary + for the user.

For more information about permissions boundaries, + see Permissions + boundaries for IAM identities in the IAM User Guide.

+ Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: A list of tags that are associated with the user. For more + information about tagging, see Tagging + IAM resources in the IAM User Guide. + UserId: + allOf: + - $ref: '#/components/schemas/idType' + - description: The stable and unique string identifying the user. For more + information about IDs, see IAM + identifiers in the IAM User Guide. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The friendly name identifying the user. + UserPolicyList: + allOf: + - $ref: '#/components/schemas/policyDetailListType' + - description: A list of the inline policies embedded in the user. + type: object + VirtualMFADevice: + description: Contains information about a virtual MFA device. + properties: + Base32StringSeed: + allOf: + - $ref: '#/components/schemas/BootstrapDatum' + - description: ' The base32 seed defined as specified in RFC3548. + The Base32StringSeed is base64-encoded. ' + EnableDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time on which the virtual MFA device was enabled. + QRCodePNG: + allOf: + - $ref: '#/components/schemas/BootstrapDatum' + - description: ' A QR code PNG image that encodes otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String + where $virtualMFADeviceName is one of the create call arguments. + AccountName is the user name if set (otherwise, the account + ID otherwise), and Base32String is the seed in base32 format. + The Base32String value is base64-encoded. ' + SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: The serial number associated with VirtualMFADevice. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: A list of tags that are attached to the virtual MFA device. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide. + User: + allOf: + - $ref: '#/components/schemas/User' + - description: The IAM user associated with this virtual MFA device. + required: + - SerialNumber + type: object + accessKeyIdType: + maxLength: 128 + minLength: 16 + pattern: '[\w]+' + type: string + accessKeyMetadataListType: + description:

Contains a list of access key metadata.

This data type + is used as a response element in the ListAccessKeys operation.

+ items: + allOf: + - $ref: '#/components/schemas/AccessKeyMetadata' + - xml: + name: member + type: array + accessKeySecretType: + format: password + type: string + accountAliasListType: + items: + allOf: + - $ref: '#/components/schemas/accountAliasType' + - xml: + name: member + type: array + accountAliasType: + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$ + type: string + arnType: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + assignmentStatusType: + enum: + - Assigned + - Unassigned + - Any + type: string + attachedPoliciesListType: + items: + allOf: + - $ref: '#/components/schemas/AttachedPolicy' + - xml: + name: member + type: array + attachmentCountType: + type: integer + authenticationCodeType: + maxLength: 6 + minLength: 6 + pattern: '[\d]+' + type: string + booleanObjectType: + type: boolean + booleanType: + type: boolean + certificateBodyType: + maxLength: 16384 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + certificateChainType: + maxLength: 2097152 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + certificateIdType: + maxLength: 128 + minLength: 24 + pattern: '[\w]+' + type: string + certificateListType: + description:

Contains a list of signing certificates.

This data type + is used as a response element in the ListSigningCertificates operation.

+ items: + allOf: + - $ref: '#/components/schemas/SigningCertificate' + - xml: + name: member + type: array + clientIDListType: + items: + allOf: + - $ref: '#/components/schemas/clientIDType' + - xml: + name: member + type: array + clientIDType: + maxLength: 255 + minLength: 1 + type: string + customSuffixType: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + dateType: + format: date-time + type: string + encodingType: + enum: + - SSH + - PEM + type: string + entityDetailsListType: + items: + allOf: + - $ref: '#/components/schemas/EntityDetails' + - xml: + name: member + type: array + entityListType: + items: + allOf: + - $ref: '#/components/schemas/EntityType' + - xml: + name: member + type: array + entityNameType: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + existingUserNameType: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + globalEndpointTokenVersion: + enum: + - v1Token + - v2Token + type: string + groupDetailListType: + items: + allOf: + - $ref: '#/components/schemas/GroupDetail' + - xml: + name: member + type: array + groupListType: + description:

Contains a list of IAM groups.

This data type is used + as a response element in the ListGroups operation.

+ items: + allOf: + - $ref: '#/components/schemas/Group' + - xml: + name: member + type: array + groupNameListType: + items: + allOf: + - $ref: '#/components/schemas/groupNameType' + - xml: + name: member + type: array + groupNameType: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + idType: + maxLength: 128 + minLength: 16 + pattern: '[\w]+' + type: string + instanceProfileListType: + description: Contains a list of instance profiles. + items: + allOf: + - $ref: '#/components/schemas/InstanceProfile' + - xml: + name: member + type: array + instanceProfileNameType: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + integerType: + type: integer + jobIDType: + maxLength: 36 + minLength: 36 + type: string + jobStatusType: + enum: + - IN_PROGRESS + - COMPLETED + - FAILED + type: string + listPolicyGrantingServiceAccessResponseListType: + items: + allOf: + - $ref: '#/components/schemas/ListPoliciesGrantingServiceAccessEntry' + - xml: + name: member + type: array + markerType: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + maxItemsType: + maximum: 1000 + minimum: 1 + type: integer + maxPasswordAgeType: + maximum: 1095 + minimum: 1 + type: integer + mfaDeviceListType: + description:

Contains a list of MFA devices.

This data type is used + as a response element in the ListMFADevices and ListVirtualMFADevices + operations.

+ items: + allOf: + - $ref: '#/components/schemas/MFADevice' + - xml: + name: member + type: array + minimumPasswordLengthType: + maximum: 128 + minimum: 6 + type: integer + organizationsEntityPathType: + maxLength: 427 + minLength: 19 + pattern: ^o-[0-9a-z]{10,32}\/r-[0-9a-z]{4,32}[0-9a-z-\/]* + type: string + organizationsPolicyIdType: + pattern: ^p-[0-9a-zA-Z_]{8,128}$ + type: string + passwordReusePreventionType: + maximum: 24 + minimum: 1 + type: integer + passwordType: + format: password + maxLength: 128 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + pathPrefixType: + maxLength: 512 + minLength: 1 + pattern: \u002F[\u0021-\u007F]* + type: string + pathType: + maxLength: 512 + minLength: 1 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + policyDescriptionType: + maxLength: 1000 + type: string + policyDetailListType: + items: + allOf: + - $ref: '#/components/schemas/PolicyDetail' + - xml: + name: member + type: array + policyDocumentType: + maxLength: 131072 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + policyDocumentVersionListType: + items: + allOf: + - $ref: '#/components/schemas/PolicyVersion' + - xml: + name: member + type: array + policyGrantingServiceAccessListType: + items: + allOf: + - $ref: '#/components/schemas/PolicyGrantingServiceAccess' + - xml: + name: member + type: array + policyListType: + items: + allOf: + - $ref: '#/components/schemas/Policy' + - xml: + name: member + type: array + policyNameListType: + description:

Contains a list of policy names.

This data type is used + as a response element in the ListPolicies operation.

+ items: + allOf: + - $ref: '#/components/schemas/policyNameType' + - xml: + name: member + type: array + policyNameType: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + policyOwnerEntityType: + enum: + - USER + - ROLE + - GROUP + type: string + policyPathType: + maxLength: 512 + minLength: 1 + pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ + type: string + policyScopeType: + enum: + - All + - AWS + - Local + type: string + policyType: + enum: + - INLINE + - MANAGED + type: string + policyVersionIdType: + pattern: v[1-9][0-9]*(\.[A-Za-z0-9-]*)? + type: string + privateKeyType: + format: password + maxLength: 16384 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + publicKeyFingerprintType: + maxLength: 48 + minLength: 48 + pattern: '[:\w]+' + type: string + publicKeyIdType: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + publicKeyMaterialType: + maxLength: 16384 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + responseMarkerType: + type: string + roleDescriptionType: + maxLength: 1000 + pattern: '[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}]*' + type: string + roleDetailListType: + items: + allOf: + - $ref: '#/components/schemas/RoleDetail' + - xml: + name: member + type: array + roleListType: + description:

Contains a list of IAM roles.

This data type is used + as a response element in the ListRoles operation.

+ items: + allOf: + - $ref: '#/components/schemas/Role' + - xml: + name: member + type: array + roleMaxSessionDurationType: + maximum: 43200 + minimum: 3600 + type: integer + roleNameType: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + serialNumberType: + maxLength: 256 + minLength: 9 + pattern: '[\w+=/:,.@-]+' + type: string + serverCertificateMetadataListType: + items: + allOf: + - $ref: '#/components/schemas/ServerCertificateMetadata' + - xml: + name: member + type: array + serverCertificateNameType: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + serviceName: + type: string + serviceNameType: + type: string + serviceNamespaceListType: + items: + allOf: + - $ref: '#/components/schemas/serviceNamespaceType' + - xml: + name: member + maxItems: 200 + minItems: 1 + type: array + serviceNamespaceType: + maxLength: 64 + minLength: 1 + pattern: '[\w-]*' + type: string + servicePassword: + format: password + type: string + serviceSpecificCredentialId: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + serviceUserName: + maxLength: 200 + minLength: 17 + pattern: '[\w+=,.@-]+' + type: string + sortKeyType: + enum: + - SERVICE_NAMESPACE_ASCENDING + - SERVICE_NAMESPACE_DESCENDING + - LAST_AUTHENTICATED_TIME_ASCENDING + - LAST_AUTHENTICATED_TIME_DESCENDING + type: string + statusType: + enum: + - Active + - Inactive + type: string + stringType: + type: string + summaryKeyType: + enum: + - Users + - UsersQuota + - Groups + - GroupsQuota + - ServerCertificates + - ServerCertificatesQuota + - UserPolicySizeQuota + - GroupPolicySizeQuota + - GroupsPerUserQuota + - SigningCertificatesPerUserQuota + - AccessKeysPerUserQuota + - MFADevices + - MFADevicesInUse + - AccountMFAEnabled + - AccountAccessKeysPresent + - AccountSigningCertificatesPresent + - AttachedPoliciesPerGroupQuota + - AttachedPoliciesPerRoleQuota + - AttachedPoliciesPerUserQuota + - Policies + - PoliciesQuota + - PolicySizeQuota + - PolicyVersionsInUse + - PolicyVersionsInUseQuota + - VersionsPerPolicyQuota + - GlobalEndpointTokenVersion + type: string + summaryMapType: + additionalProperties: + $ref: '#/components/schemas/summaryValueType' + type: object + summaryValueType: + type: integer + tagKeyListType: + items: + allOf: + - $ref: '#/components/schemas/tagKeyType' + - xml: + name: member + maxItems: 50 + type: array + tagKeyType: + maxLength: 128 + minLength: 1 + pattern: '[\p{L}\p{Z}\p{N}_.:/=+\-@]+' + type: string + tagListType: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + tagValueType: + maxLength: 256 + minLength: 0 + pattern: '[\p{L}\p{Z}\p{N}_.:/=+\-@]*' + type: string + thumbprintListType: + description: Contains a list of thumbprints of identity provider server certificates. + items: + allOf: + - $ref: '#/components/schemas/thumbprintType' + - xml: + name: member + type: array + thumbprintType: + description:

Contains a thumbprint for an identity provider's server certificate.

+

The identity provider's server certificate thumbprint is the hex-encoded + SHA-1 hash value of the self-signed X.509 certificate. This thumbprint is + used by the domain where the OpenID Connect provider makes its keys available. + The thumbprint is always a 40-character string.

+ maxLength: 40 + minLength: 40 + type: string + userDetailListType: + items: + allOf: + - $ref: '#/components/schemas/UserDetail' + - xml: + name: member + type: array + userListType: + description:

Contains a list of users.

This data type is used as a + response element in the GetGroup and ListUsers operations.

+ items: + allOf: + - $ref: '#/components/schemas/User' + - xml: + name: member + type: array + userNameType: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + virtualMFADeviceListType: + items: + allOf: + - $ref: '#/components/schemas/VirtualMFADevice' + - xml: + name: member + type: array + virtualMFADeviceName: + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + securitySchemes: + hmac: + description: Amazon Signature authorization v4 + in: header + name: Authorization + type: apiKey + x-amazon-apigateway-authtype: awsSigv4 + x-stackQL-resources: + access_key_last_useds: + id: aws.iam_api.access_key_last_useds + methods: + access_key_last_useds_Get: + operation: + $ref: '#/paths/~1?Action=GetAccessKeyLastUsed&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetAccessKeyLastUsedResult + openAPIDocKey: '200' + name: access_key_last_useds + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/access_key_last_useds/methods/access_key_last_useds_Get' + update: [] + title: access_key_last_useds + access_keys: + id: aws.iam_api.access_keys + methods: + access_keys_Create: + operation: + $ref: '#/paths/~1?Action=CreateAccessKey&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + access_keys_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteAccessKey&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + access_keys_List: + operation: + $ref: '#/paths/~1?Action=ListAccessKeys&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListAccessKeysResult/AccessKeyMetadata/member + openAPIDocKey: '200' + access_keys_Update: + operation: + $ref: '#/paths/~1?Action=UpdateAccessKey&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: access_keys + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/access_keys/methods/access_keys_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/access_keys/methods/access_keys_Create' + select: + - $ref: '#/components/x-stackQL-resources/access_keys/methods/access_keys_List' + update: [] + title: access_keys + account_alias: + id: aws.iam_api.account_alias + methods: + account_alias_Create: + operation: + $ref: '#/paths/~1?Action=CreateAccountAlias&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + account_alias_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteAccountAlias&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: account_alias + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/account_alias/methods/account_alias_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/account_alias/methods/account_alias_Create' + select: [] + update: [] + title: account_alias + account_aliases: + id: aws.iam_api.account_aliases + methods: + account_aliases_List: + operation: + $ref: '#/paths/~1?Action=ListAccountAliases&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListAccountAliasesResult/AccountAliases/member + openAPIDocKey: '200' + name: account_aliases + sqlVerbs: + delete: [] + insert: [] + select: [] + # - $ref: '#/components/x-stackQL-resources/account_aliases/methods/account_aliases_List' + update: [] + title: account_aliases + account_authorization_details: + id: aws.iam_api.account_authorization_details + methods: + account_authorization_details_Get: + operation: + $ref: '#/paths/~1?Action=GetAccountAuthorizationDetails&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetAccountAuthorizationDetailsResult + openAPIDocKey: '200' + name: account_authorization_details + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/account_authorization_details/methods/account_authorization_details_Get' + update: [] + title: account_authorization_details + account_password_policies: + id: aws.iam_api.account_password_policies + methods: + account_password_policies_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteAccountPasswordPolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + account_password_policies_Get: + operation: + $ref: '#/paths/~1?Action=GetAccountPasswordPolicy&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetAccountPasswordPolicyResult + openAPIDocKey: '200' + account_password_policies_Update: + operation: + $ref: '#/paths/~1?Action=UpdateAccountPasswordPolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: account_password_policies + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/account_password_policies/methods/account_password_policies_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/account_password_policies/methods/account_password_policies_Get' + update: [] + title: account_password_policies + account_summaries: + id: aws.iam_api.account_summaries + methods: + account_summaries_Get: + operation: + $ref: '#/paths/~1?Action=GetAccountSummary&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetAccountSummaryResult + openAPIDocKey: '200' + name: account_summaries + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/account_summaries/methods/account_summaries_Get' + update: [] + title: account_summaries + assume_role_policies: + id: aws.iam_api.assume_role_policies + methods: + assume_role_policies_Update: + operation: + $ref: '#/paths/~1?Action=UpdateAssumeRolePolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: assume_role_policies + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: assume_role_policies + attached_group_policies: + id: aws.iam_api.attached_group_policies + methods: + attached_group_policies_List: + operation: + $ref: '#/paths/~1?Action=ListAttachedGroupPolicies&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListAttachedGroupPoliciesResult/AttachedPolicies/member + openAPIDocKey: '200' + name: attached_group_policies + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/attached_group_policies/methods/attached_group_policies_List' + update: [] + title: attached_group_policies + attached_role_policies: + id: aws.iam_api.attached_role_policies + methods: + attached_role_policies_List: + operation: + $ref: '#/paths/~1?Action=ListAttachedRolePolicies&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListAttachedRolePoliciesResult/AttachedPolicies/member + openAPIDocKey: '200' + name: attached_role_policies + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/attached_role_policies/methods/attached_role_policies_List' + update: [] + title: attached_role_policies + attached_user_policies: + id: aws.iam_api.attached_user_policies + methods: + attached_user_policies_List: + operation: + $ref: '#/paths/~1?Action=ListAttachedUserPolicies&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListAttachedUserPoliciesResult/AttachedPolicies/member + openAPIDocKey: '200' + name: attached_user_policies + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/attached_user_policies/methods/attached_user_policies_List' + update: [] + title: attached_user_policies + client_id_from_open_id_connect_providers: + id: aws.iam_api.client_id_from_open_id_connect_providers + methods: + client_id_from_open_id_connect_providers_Remove: + operation: + $ref: '#/paths/~1?Action=RemoveClientIDFromOpenIDConnectProvider&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: client_id_from_open_id_connect_providers + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: client_id_from_open_id_connect_providers + # client_id_to_open_id_connect_providers: + # id: aws.iam_api.client_id_to_open_id_connect_providers + # methods: {} + # name: client_id_to_open_id_connect_providers + # sqlVerbs: + # delete: [] + # insert: [] + # select: [] + # update: [] + # title: client_id_to_open_id_connect_providers + context_keys_for_custom_policies: + id: aws.iam_api.context_keys_for_custom_policies + methods: + context_keys_for_custom_policies_Get: + operation: + $ref: '#/paths/~1?Action=GetContextKeysForCustomPolicy&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetContextKeysForCustomPolicyResult + openAPIDocKey: '200' + name: context_keys_for_custom_policies + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/context_keys_for_custom_policies/methods/context_keys_for_custom_policies_Get' + update: [] + title: context_keys_for_custom_policies + context_keys_for_principal_policies: + id: aws.iam_api.context_keys_for_principal_policies + methods: + context_keys_for_principal_policies_Get: + operation: + $ref: '#/paths/~1?Action=GetContextKeysForPrincipalPolicy&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetContextKeysForPrincipalPolicyResult + openAPIDocKey: '200' + name: context_keys_for_principal_policies + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/context_keys_for_principal_policies/methods/context_keys_for_principal_policies_Get' + update: [] + title: context_keys_for_principal_policies + credential_reports: + id: aws.iam_api.credential_reports + methods: + credential_reports_Generate: + operation: + $ref: '#/paths/~1?Action=GenerateCredentialReport&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + credential_reports_Get: + operation: + $ref: '#/paths/~1?Action=GetCredentialReport&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetCredentialReportResult + openAPIDocKey: '200' + name: credential_reports + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/credential_reports/methods/credential_reports_Get' + update: [] + title: credential_reports + custom_policies: + id: aws.iam_api.custom_policies + methods: + custom_policies_Simulate: + operation: + $ref: '#/paths/~1?Action=SimulateCustomPolicy&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: custom_policies + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: custom_policies + default_policy_versions: + id: aws.iam_api.default_policy_versions + methods: + default_policy_versions_Set: + operation: + $ref: '#/paths/~1?Action=SetDefaultPolicyVersion&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: default_policy_versions + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: default_policy_versions + entities_for_policies: + id: aws.iam_api.entities_for_policies + methods: + entities_for_policies_List: + operation: + $ref: '#/paths/~1?Action=ListEntitiesForPolicy&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListEntitiesForPolicyResult/PolicyGroups/member + openAPIDocKey: '200' + name: entities_for_policies + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/entities_for_policies/methods/entities_for_policies_List' + update: [] + title: entities_for_policies + group_policies: + id: aws.iam_api.group_policies + methods: + group_policies_Attach: + operation: + $ref: '#/paths/~1?Action=AttachGroupPolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + group_policies_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteGroupPolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + group_policies_Detach: + operation: + $ref: '#/paths/~1?Action=DetachGroupPolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + group_policies_Get: + operation: + $ref: '#/paths/~1?Action=GetGroupPolicy&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetGroupPolicyResult + openAPIDocKey: '200' + group_policies_List: + operation: + $ref: '#/paths/~1?Action=ListGroupPolicies&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListGroupPoliciesResult/PolicyNames/member + openAPIDocKey: '200' + group_policies_Put: + operation: + $ref: '#/paths/~1?Action=PutGroupPolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: group_policies + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/group_policies/methods/group_policies_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/group_policies/methods/group_policies_Get' + - $ref: '#/components/x-stackQL-resources/group_policies/methods/group_policies_List' + update: [] + title: group_policies + groups: + id: aws.iam_api.groups + methods: + groups_Create: + operation: + $ref: '#/paths/~1?Action=CreateGroup&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + groups_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteGroup&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + groups_Get: + operation: + $ref: '#/paths/~1?Action=GetGroup&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetGroupResult/Group + openAPIDocKey: '200' + groups_List: + operation: + $ref: '#/paths/~1?Action=ListGroups&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListGroupsResult/Groups/member + openAPIDocKey: '200' + groups_Update: + operation: + $ref: '#/paths/~1?Action=UpdateGroup&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: groups + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/groups/methods/groups_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/groups/methods/groups_Create' + select: + - $ref: '#/components/x-stackQL-resources/groups/methods/groups_Get' + - $ref: '#/components/x-stackQL-resources/groups/methods/groups_List' + update: [] + title: groups + groups_for_users: + id: aws.iam_api.groups_for_users + methods: + groups_for_users_List: + operation: + $ref: '#/paths/~1?Action=ListGroupsForUser&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListGroupsForUserResult/Groups/member + openAPIDocKey: '200' + name: groups_for_users + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/groups_for_users/methods/groups_for_users_List' + update: [] + title: groups_for_users + instance_profile_tags: + id: aws.iam_api.instance_profile_tags + methods: + instance_profile_tags_List: + operation: + $ref: '#/paths/~1?Action=ListInstanceProfileTags&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListInstanceProfileTagsResult/Tags/member + openAPIDocKey: '200' + name: instance_profile_tags + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/instance_profile_tags/methods/instance_profile_tags_List' + update: [] + title: instance_profile_tags + instance_profiles: + id: aws.iam_api.instance_profiles + methods: + instance_profiles_Create: + operation: + $ref: '#/paths/~1?Action=CreateInstanceProfile&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + instance_profiles_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteInstanceProfile&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + instance_profiles_Get: + operation: + $ref: '#/paths/~1?Action=GetInstanceProfile&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetInstanceProfileResult + openAPIDocKey: '200' + instance_profiles_List: + operation: + $ref: '#/paths/~1?Action=ListInstanceProfiles&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListInstanceProfilesResult/InstanceProfiles/member + openAPIDocKey: '200' + instance_profiles_Tag: + operation: + $ref: '#/paths/~1?Action=TagInstanceProfile&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + instance_profiles_Untag: + operation: + $ref: '#/paths/~1?Action=UntagInstanceProfile&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: instance_profiles + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/instance_profiles/methods/instance_profiles_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/instance_profiles/methods/instance_profiles_Create' + select: + - $ref: '#/components/x-stackQL-resources/instance_profiles/methods/instance_profiles_Get' + - $ref: '#/components/x-stackQL-resources/instance_profiles/methods/instance_profiles_List' + update: [] + title: instance_profiles + instance_profiles_for_roles: + id: aws.iam_api.instance_profiles_for_roles + methods: + instance_profiles_for_roles_List: + operation: + $ref: '#/paths/~1?Action=ListInstanceProfilesForRole&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListInstanceProfilesForRoleResult/InstanceProfiles/member + openAPIDocKey: '200' + name: instance_profiles_for_roles + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/instance_profiles_for_roles/methods/instance_profiles_for_roles_List' + update: [] + title: instance_profiles_for_roles + login_profiles: + id: aws.iam_api.login_profiles + methods: + login_profiles_Create: + operation: + $ref: '#/paths/~1?Action=CreateLoginProfile&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + login_profiles_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteLoginProfile&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + login_profiles_Get: + operation: + $ref: '#/paths/~1?Action=GetLoginProfile&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetLoginProfileResult + openAPIDocKey: '200' + login_profiles_Update: + operation: + $ref: '#/paths/~1?Action=UpdateLoginProfile&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: login_profiles + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/login_profiles/methods/login_profiles_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/login_profiles/methods/login_profiles_Create' + select: + - $ref: '#/components/x-stackQL-resources/login_profiles/methods/login_profiles_Get' + update: [] + title: login_profiles + mfa_device_tags: + id: aws.iam_api.mfa_device_tags + methods: + mfa_device_tags_List: + operation: + $ref: '#/paths/~1?Action=ListMFADeviceTags&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListMFADeviceTagsResult/Tags/member + openAPIDocKey: '200' + name: mfa_device_tags + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/mfa_device_tags/methods/mfa_device_tags_List' + update: [] + title: mfa_device_tags + mfa_devices: + id: aws.iam_api.mfa_devices + methods: + mfa_devices_Deactivate: + operation: + $ref: '#/paths/~1?Action=DeactivateMFADevice&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + mfa_devices_Enable: + operation: + $ref: '#/paths/~1?Action=EnableMFADevice&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + mfa_devices_List: + operation: + $ref: '#/paths/~1?Action=ListMFADevices&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListMFADevicesResult/MFADevices/member + openAPIDocKey: '200' + mfa_devices_Resync: + operation: + $ref: '#/paths/~1?Action=ResyncMFADevice&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + mfa_devices_Tag: + operation: + $ref: '#/paths/~1?Action=TagMFADevice&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + mfa_devices_Untag: + operation: + $ref: '#/paths/~1?Action=UntagMFADevice&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: mfa_devices + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/mfa_devices/methods/mfa_devices_List' + update: [] + title: mfa_devices + open_id_connect_provider_tags: + id: aws.iam_api.open_id_connect_provider_tags + methods: + open_id_connect_provider_tags_List: + operation: + $ref: '#/paths/~1?Action=ListOpenIDConnectProviderTags&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListOpenIDConnectProviderTagsResult/Tags/member + openAPIDocKey: '200' + name: open_id_connect_provider_tags + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/open_id_connect_provider_tags/methods/open_id_connect_provider_tags_List' + update: [] + title: open_id_connect_provider_tags + open_id_connect_provider_thumbprints: + id: aws.iam_api.open_id_connect_provider_thumbprints + methods: + open_id_connect_provider_thumbprints_Update: + operation: + $ref: '#/paths/~1?Action=UpdateOpenIDConnectProviderThumbprint&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: open_id_connect_provider_thumbprints + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: open_id_connect_provider_thumbprints + open_id_connect_providers: + id: aws.iam_api.open_id_connect_providers + methods: + open_id_connect_providers_Create: + operation: + $ref: '#/paths/~1?Action=CreateOpenIDConnectProvider&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + open_id_connect_providers_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteOpenIDConnectProvider&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + open_id_connect_providers_Get: + operation: + $ref: '#/paths/~1?Action=GetOpenIDConnectProvider&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetOpenIDConnectProviderResult + openAPIDocKey: '200' + open_id_connect_providers_List: + operation: + $ref: '#/paths/~1?Action=ListOpenIDConnectProviders&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListOpenIDConnectProvidersResult/OpenIDConnectProviderList/member + openAPIDocKey: '200' + open_id_connect_providers_Tag: + operation: + $ref: '#/paths/~1?Action=TagOpenIDConnectProvider&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + open_id_connect_providers_Untag: + operation: + $ref: '#/paths/~1?Action=UntagOpenIDConnectProvider&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: open_id_connect_providers + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/open_id_connect_providers/methods/open_id_connect_providers_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/open_id_connect_providers/methods/open_id_connect_providers_Create' + select: + - $ref: '#/components/x-stackQL-resources/open_id_connect_providers/methods/open_id_connect_providers_Get' + - $ref: '#/components/x-stackQL-resources/open_id_connect_providers/methods/open_id_connect_providers_List' + update: [] + title: open_id_connect_providers + organizations_access_reports: + id: aws.iam_api.organizations_access_reports + methods: + organizations_access_reports_Generate: + operation: + $ref: '#/paths/~1?Action=GenerateOrganizationsAccessReport&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + organizations_access_reports_Get: + operation: + $ref: '#/paths/~1?Action=GetOrganizationsAccessReport&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetOrganizationsAccessReportResult + openAPIDocKey: '200' + name: organizations_access_reports + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/organizations_access_reports/methods/organizations_access_reports_Get' + update: [] + title: organizations_access_reports + passwords: + id: aws.iam_api.passwords + methods: + passwords_Change: + operation: + $ref: '#/paths/~1?Action=ChangePassword&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: passwords + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: passwords + policies: + id: aws.iam_api.policies + methods: + policies_Create: + operation: + $ref: '#/paths/~1?Action=CreatePolicy&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + policies_Delete: + operation: + $ref: '#/paths/~1?Action=DeletePolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + policies_Get: + operation: + $ref: '#/paths/~1?Action=GetPolicy&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetPolicyResult + openAPIDocKey: '200' + policies_List: + operation: + $ref: '#/paths/~1?Action=ListPolicies&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListPoliciesResult/Policies/member + openAPIDocKey: '200' + policies_Tag: + operation: + $ref: '#/paths/~1?Action=TagPolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + policies_Untag: + operation: + $ref: '#/paths/~1?Action=UntagPolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: policies + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/policies/methods/policies_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/policies/methods/policies_Create' + select: + - $ref: '#/components/x-stackQL-resources/policies/methods/policies_Get' + - $ref: '#/components/x-stackQL-resources/policies/methods/policies_List' + update: [] + title: policies + policy_tags: + id: aws.iam_api.policy_tags + methods: + policy_tags_List: + operation: + $ref: '#/paths/~1?Action=ListPolicyTags&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListPolicyTagsResult/Tags/member + openAPIDocKey: '200' + name: policy_tags + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/policy_tags/methods/policy_tags_List' + update: [] + title: policy_tags + policy_versions: + id: aws.iam_api.policy_versions + methods: + policy_versions_Create: + operation: + $ref: '#/paths/~1?Action=CreatePolicyVersion&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + policy_versions_Delete: + operation: + $ref: '#/paths/~1?Action=DeletePolicyVersion&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + policy_versions_Get: + operation: + $ref: '#/paths/~1?Action=GetPolicyVersion&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetPolicyVersionResult + openAPIDocKey: '200' + policy_versions_List: + operation: + $ref: '#/paths/~1?Action=ListPolicyVersions&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListPolicyVersionsResult/Versions/member + openAPIDocKey: '200' + name: policy_versions + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/policy_versions/methods/policy_versions_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/policy_versions/methods/policy_versions_Create' + select: + - $ref: '#/components/x-stackQL-resources/policy_versions/methods/policy_versions_Get' + - $ref: '#/components/x-stackQL-resources/policy_versions/methods/policy_versions_List' + update: [] + title: policy_versions + principal_policies: + id: aws.iam_api.principal_policies + methods: + principal_policies_Simulate: + operation: + $ref: '#/paths/~1?Action=SimulatePrincipalPolicy&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: principal_policies + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: principal_policies + role_descriptions: + id: aws.iam_api.role_descriptions + methods: + role_descriptions_Update: + operation: + $ref: '#/paths/~1?Action=UpdateRoleDescription&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: role_descriptions + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: role_descriptions + role_from_instance_profiles: + id: aws.iam_api.role_from_instance_profiles + methods: + role_from_instance_profiles_Remove: + operation: + $ref: '#/paths/~1?Action=RemoveRoleFromInstanceProfile&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: role_from_instance_profiles + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: role_from_instance_profiles + role_permissions_boundaries: + id: aws.iam_api.role_permissions_boundaries + methods: + role_permissions_boundaries_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteRolePermissionsBoundary&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + role_permissions_boundaries_Put: + operation: + $ref: '#/paths/~1?Action=PutRolePermissionsBoundary&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: role_permissions_boundaries + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/role_permissions_boundaries/methods/role_permissions_boundaries_Delete' + insert: [] + select: [] + update: [] + title: role_permissions_boundaries + role_policies: + id: aws.iam_api.role_policies + methods: + role_policies_Attach: + operation: + $ref: '#/paths/~1?Action=AttachRolePolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + role_policies_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteRolePolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + role_policies_Detach: + operation: + $ref: '#/paths/~1?Action=DetachRolePolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + role_policies_Get: + operation: + $ref: '#/paths/~1?Action=GetRolePolicy&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetRolePolicyResult + openAPIDocKey: '200' + role_policies_List: + operation: + $ref: '#/paths/~1?Action=ListRolePolicies&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListRolePoliciesResult/PolicyNames/member + openAPIDocKey: '200' + role_policies_Put: + operation: + $ref: '#/paths/~1?Action=PutRolePolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: role_policies + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/role_policies/methods/role_policies_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/role_policies/methods/role_policies_Get' + - $ref: '#/components/x-stackQL-resources/role_policies/methods/role_policies_List' + update: [] + title: role_policies + role_tags: + id: aws.iam_api.role_tags + methods: + role_tags_List: + operation: + $ref: '#/paths/~1?Action=ListRoleTags&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListRoleTagsResult/Tags/member + openAPIDocKey: '200' + name: role_tags + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/role_tags/methods/role_tags_List' + update: [] + title: role_tags + role_to_instance_profiles: + id: aws.iam_api.role_to_instance_profiles + methods: + role_to_instance_profiles_Add: + operation: + $ref: '#/paths/~1?Action=AddRoleToInstanceProfile&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: role_to_instance_profiles + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: role_to_instance_profiles + roles: + id: aws.iam_api.roles + methods: + roles_Create: + operation: + $ref: '#/paths/~1?Action=CreateRole&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + roles_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteRole&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + roles_Get: + operation: + $ref: '#/paths/~1?Action=GetRole&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetRoleResult/Role + openAPIDocKey: '200' + roles_List: + operation: + $ref: '#/paths/~1?Action=ListRoles&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListRolesResult/Roles/member + openAPIDocKey: '200' + roles_Tag: + operation: + $ref: '#/paths/~1?Action=TagRole&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + roles_Untag: + operation: + $ref: '#/paths/~1?Action=UntagRole&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + roles_Update: + operation: + $ref: '#/paths/~1?Action=UpdateRole&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: roles + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/roles/methods/roles_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/roles/methods/roles_Create' + select: + - $ref: '#/components/x-stackQL-resources/roles/methods/roles_Get' + - $ref: '#/components/x-stackQL-resources/roles/methods/roles_List' + update: [] + title: roles + saml_provider_tags: + id: aws.iam_api.saml_provider_tags + methods: + saml_provider_tags_List: + operation: + $ref: '#/paths/~1?Action=ListSAMLProviderTags&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListSAMLProviderTagsResult/Tags/member + openAPIDocKey: '200' + name: saml_provider_tags + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/saml_provider_tags/methods/saml_provider_tags_List' + update: [] + title: saml_provider_tags + saml_providers: + id: aws.iam_api.saml_providers + methods: + saml_providers_Create: + operation: + $ref: '#/paths/~1?Action=CreateSAMLProvider&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + saml_providers_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteSAMLProvider&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + saml_providers_Get: + operation: + $ref: '#/paths/~1?Action=GetSAMLProvider&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetSAMLProviderResult + openAPIDocKey: '200' + saml_providers_List: + operation: + $ref: '#/paths/~1?Action=ListSAMLProviders&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListSAMLProvidersResult/SAMLProviderList/member + openAPIDocKey: '200' + saml_providers_Tag: + operation: + $ref: '#/paths/~1?Action=TagSAMLProvider&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + saml_providers_Untag: + operation: + $ref: '#/paths/~1?Action=UntagSAMLProvider&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + saml_providers_Update: + operation: + $ref: '#/paths/~1?Action=UpdateSAMLProvider&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: saml_providers + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/saml_providers/methods/saml_providers_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/saml_providers/methods/saml_providers_Create' + select: + - $ref: '#/components/x-stackQL-resources/saml_providers/methods/saml_providers_Get' + - $ref: '#/components/x-stackQL-resources/saml_providers/methods/saml_providers_List' + update: [] + title: saml_providers + security_token_service_preferences: + id: aws.iam_api.security_token_service_preferences + methods: + security_token_service_preferences_Set: + operation: + $ref: '#/paths/~1?Action=SetSecurityTokenServicePreferences&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: security_token_service_preferences + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: security_token_service_preferences + server_certificate_tags: + id: aws.iam_api.server_certificate_tags + methods: + server_certificate_tags_List: + operation: + $ref: '#/paths/~1?Action=ListServerCertificateTags&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListServerCertificateTagsResult/Tags/member + openAPIDocKey: '200' + name: server_certificate_tags + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/server_certificate_tags/methods/server_certificate_tags_List' + update: [] + title: server_certificate_tags + server_certificates: + id: aws.iam_api.server_certificates + methods: + server_certificates_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteServerCertificate&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + server_certificates_Get: + operation: + $ref: '#/paths/~1?Action=GetServerCertificate&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetServerCertificateResult + openAPIDocKey: '200' + server_certificates_List: + operation: + $ref: '#/paths/~1?Action=ListServerCertificates&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListServerCertificatesResult/ServerCertificateMetadataList/member + openAPIDocKey: '200' + server_certificates_Tag: + operation: + $ref: '#/paths/~1?Action=TagServerCertificate&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + server_certificates_Untag: + operation: + $ref: '#/paths/~1?Action=UntagServerCertificate&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + server_certificates_Update: + operation: + $ref: '#/paths/~1?Action=UpdateServerCertificate&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + server_certificates_Upload: + operation: + $ref: '#/paths/~1?Action=UploadServerCertificate&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: server_certificates + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/server_certificates/methods/server_certificates_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/server_certificates/methods/server_certificates_Get' + - $ref: '#/components/x-stackQL-resources/server_certificates/methods/server_certificates_List' + update: [] + title: server_certificates + service_last_accessed_details: + id: aws.iam_api.service_last_accessed_details + methods: + service_last_accessed_details_Generate: + operation: + $ref: '#/paths/~1?Action=GenerateServiceLastAccessedDetails&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + service_last_accessed_details_Get: + operation: + $ref: '#/paths/~1?Action=GetServiceLastAccessedDetails&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetServiceLastAccessedDetailsResult + openAPIDocKey: '200' + name: service_last_accessed_details + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/service_last_accessed_details/methods/service_last_accessed_details_Get' + update: [] + title: service_last_accessed_details + service_last_accessed_details_with_entities: + id: aws.iam_api.service_last_accessed_details_with_entities + methods: + service_last_accessed_details_with_entities_Get: + operation: + $ref: '#/paths/~1?Action=GetServiceLastAccessedDetailsWithEntities&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetServiceLastAccessedDetailsWithEntitiesResult + openAPIDocKey: '200' + name: service_last_accessed_details_with_entities + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/service_last_accessed_details_with_entities/methods/service_last_accessed_details_with_entities_Get' + update: [] + title: service_last_accessed_details_with_entities + service_linked_role_deletion_status: + id: aws.iam_api.service_linked_role_deletion_status + methods: + service_linked_role_deletion_status_Get: + operation: + $ref: '#/paths/~1?Action=GetServiceLinkedRoleDeletionStatus&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetServiceLinkedRoleDeletionStatusResult + openAPIDocKey: '200' + name: service_linked_role_deletion_status + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/service_linked_role_deletion_status/methods/service_linked_role_deletion_status_Get' + update: [] + title: service_linked_role_deletion_status + service_linked_roles: + id: aws.iam_api.service_linked_roles + methods: + service_linked_roles_Create: + operation: + $ref: '#/paths/~1?Action=CreateServiceLinkedRole&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + service_linked_roles_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteServiceLinkedRole&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: service_linked_roles + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/service_linked_roles/methods/service_linked_roles_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/service_linked_roles/methods/service_linked_roles_Create' + select: [] + update: [] + title: service_linked_roles + service_specific_credentials: + id: aws.iam_api.service_specific_credentials + methods: + service_specific_credentials_Create: + operation: + $ref: '#/paths/~1?Action=CreateServiceSpecificCredential&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + service_specific_credentials_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteServiceSpecificCredential&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + service_specific_credentials_List: + operation: + $ref: '#/paths/~1?Action=ListServiceSpecificCredentials&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListServiceSpecificCredentialsResult/ServiceSpecificCredentials/member + openAPIDocKey: '200' + service_specific_credentials_Reset: + operation: + $ref: '#/paths/~1?Action=ResetServiceSpecificCredential&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + service_specific_credentials_Update: + operation: + $ref: '#/paths/~1?Action=UpdateServiceSpecificCredential&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: service_specific_credentials + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/service_specific_credentials/methods/service_specific_credentials_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/service_specific_credentials/methods/service_specific_credentials_Create' + select: + - $ref: '#/components/x-stackQL-resources/service_specific_credentials/methods/service_specific_credentials_List' + update: [] + title: service_specific_credentials + signing_certificates: + id: aws.iam_api.signing_certificates + methods: + signing_certificates_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteSigningCertificate&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + signing_certificates_List: + operation: + $ref: '#/paths/~1?Action=ListSigningCertificates&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListSigningCertificatesResult/Certificates/member + openAPIDocKey: '200' + signing_certificates_Update: + operation: + $ref: '#/paths/~1?Action=UpdateSigningCertificate&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + signing_certificates_Upload: + operation: + $ref: '#/paths/~1?Action=UploadSigningCertificate&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: signing_certificates + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/signing_certificates/methods/signing_certificates_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/signing_certificates/methods/signing_certificates_List' + update: [] + title: signing_certificates + ssh_public_keys: + id: aws.iam_api.ssh_public_keys + methods: + ssh_public_keys_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteSSHPublicKey&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + ssh_public_keys_Get: + operation: + $ref: '#/paths/~1?Action=GetSSHPublicKey&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetSSHPublicKeyResult + openAPIDocKey: '200' + ssh_public_keys_List: + operation: + $ref: '#/paths/~1?Action=ListSSHPublicKeys&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListSSHPublicKeysResult/SSHPublicKeys/member + openAPIDocKey: '200' + ssh_public_keys_Update: + operation: + $ref: '#/paths/~1?Action=UpdateSSHPublicKey&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + ssh_public_keys_Upload: + operation: + $ref: '#/paths/~1?Action=UploadSSHPublicKey&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: ssh_public_keys + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/ssh_public_keys/methods/ssh_public_keys_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/ssh_public_keys/methods/ssh_public_keys_Get' + - $ref: '#/components/x-stackQL-resources/ssh_public_keys/methods/ssh_public_keys_List' + update: [] + title: ssh_public_keys + user_from_groups: + id: aws.iam_api.user_from_groups + methods: + user_from_groups_Remove: + operation: + $ref: '#/paths/~1?Action=RemoveUserFromGroup&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: user_from_groups + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: user_from_groups + user_permissions_boundaries: + id: aws.iam_api.user_permissions_boundaries + methods: + user_permissions_boundaries_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteUserPermissionsBoundary&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + user_permissions_boundaries_Put: + operation: + $ref: '#/paths/~1?Action=PutUserPermissionsBoundary&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: user_permissions_boundaries + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/user_permissions_boundaries/methods/user_permissions_boundaries_Delete' + insert: [] + select: [] + update: [] + title: user_permissions_boundaries + user_policies: + id: aws.iam_api.user_policies + methods: + user_policies_Attach: + operation: + $ref: '#/paths/~1?Action=AttachUserPolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + user_policies_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteUserPolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + user_policies_Detach: + operation: + $ref: '#/paths/~1?Action=DetachUserPolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + user_policies_Get: + operation: + $ref: '#/paths/~1?Action=GetUserPolicy&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetUserPolicyResult + openAPIDocKey: '200' + user_policies_List: + operation: + $ref: '#/paths/~1?Action=ListUserPolicies&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListUserPoliciesResult/PolicyNames/member + openAPIDocKey: '200' + user_policies_Put: + operation: + $ref: '#/paths/~1?Action=PutUserPolicy&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: user_policies + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/user_policies/methods/user_policies_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/user_policies/methods/user_policies_Get' + - $ref: '#/components/x-stackQL-resources/user_policies/methods/user_policies_List' + update: [] + title: user_policies + user_tags: + id: aws.iam_api.user_tags + methods: + user_tags_List: + operation: + $ref: '#/paths/~1?Action=ListUserTags&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListUserTagsResult/Tags/member + openAPIDocKey: '200' + name: user_tags + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/user_tags/methods/user_tags_List' + update: [] + title: user_tags + user_to_groups: + id: aws.iam_api.user_to_groups + methods: + user_to_groups_Add: + operation: + $ref: '#/paths/~1?Action=AddUserToGroup&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: user_to_groups + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: user_to_groups + users: + id: aws.iam_api.users + methods: + users_Create: + operation: + $ref: '#/paths/~1?Action=CreateUser&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + users_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteUser&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + users_Get: + operation: + $ref: '#/paths/~1?Action=GetUser&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/GetUserResult/User + openAPIDocKey: '200' + users_List: + operation: + $ref: '#/paths/~1?Action=ListUsers&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListUsersResult/Users/member + openAPIDocKey: '200' + users_Tag: + operation: + $ref: '#/paths/~1?Action=TagUser&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + users_Untag: + operation: + $ref: '#/paths/~1?Action=UntagUser&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + users_Update: + operation: + $ref: '#/paths/~1?Action=UpdateUser&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + name: users + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/users/methods/users_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/users/methods/users_Create' + select: + - $ref: '#/components/x-stackQL-resources/users/methods/users_List' + update: [] + title: users + virtual_mfa_devices: + id: aws.iam_api.virtual_mfa_devices + methods: + virtual_mfa_devices_Create: + operation: + $ref: '#/paths/~1?Action=CreateVirtualMFADevice&Version=2010-05-08/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + virtual_mfa_devices_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteVirtualMFADevice&Version=2010-05-08/get' + response: + openAPIDocKey: '200' + virtual_mfa_devices_List: + operation: + $ref: '#/paths/~1?Action=ListVirtualMFADevices&Version=2010-05-08/get' + response: + mediaType: text/xml + objectKey: /*/ListVirtualMFADevicesResult/VirtualMFADevices/member + openAPIDocKey: '200' + name: virtual_mfa_devices + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/virtual_mfa_devices/methods/virtual_mfa_devices_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/virtual_mfa_devices/methods/virtual_mfa_devices_Create' + select: + - $ref: '#/components/x-stackQL-resources/virtual_mfa_devices/methods/virtual_mfa_devices_List' + update: [] + title: virtual_mfa_devices +externalDocs: + description: Amazon Web Services documentation + url: https://docs.aws.amazon.com/iam/ +info: + contact: + email: mike.ralphson@gmail.com + name: Mike Ralphson + url: https://github.com/mermade/aws2openapi + x-twitter: PermittedSoc + description: Identity and Access Management

Identity and + Access Management (IAM) is a web service for securely controlling access to Amazon + Web Services services. With IAM, you can centrally manage users, security credentials + such as access keys, and permissions that control which Amazon Web Services resources + users and applications can access. For more information about IAM, see Identity + and Access Management (IAM) and the Identity + and Access Management User Guide.

+ license: + name: Apache 2.0 License + url: http://www.apache.org/licenses/ + termsOfService: https://aws.amazon.com/service-terms/ + title: AWS Identity and Access Management + version: '2010-05-08' + x-apiClientRegistration: + url: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct + x-apisguru-categories: + - cloud + x-logo: + backgroundColor: '#FFFFFF' + url: https://twitter.com/awscloud/profile_image?size=original + x-origin: + - contentType: application/json + converter: + url: https://github.com/mermade/aws2openapi + version: 1.0.0 + url: https://raw.githubusercontent.com/aws/aws-sdk-js/master/apis/iam-2010-05-08.normal.json + x-apisguru-driver: external + x-preferred: true + x-providerName: amazonaws.com + x-release: v4 + x-serviceName: iam +openapi: 3.0.0 +paths: + /?Action=AddClientIDToOpenIDConnectProvider&Version=2010-05-08: + get: + description:

Adds a new client ID (also known as audience) to the list of + client IDs already registered for the specified IAM OpenID Connect (OIDC) + provider resource.

This operation is idempotent; it does not fail or + return an error if you add an existing client ID to the provider.

+ operationId: GET_AddClientIDToOpenIDConnectProvider + parameters: + - description: The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) + provider resource to add the client ID to. You can get a list of OIDC provider + ARNs by using the ListOpenIDConnectProviders operation. + in: query + name: OpenIDConnectProviderArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description: The client ID (also known as audience) to add to the IAM OpenID + Connect provider resource. + in: query + name: ClientID + required: true + schema: + maxLength: 255 + minLength: 1 + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: AddClientIDToOpenIDConnectProvider + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Adds a new client ID (also known as audience) to the list of + client IDs already registered for the specified IAM OpenID Connect (OIDC) + provider resource.

This operation is idempotent; it does not fail or + return an error if you add an existing client ID to the provider.

+ operationId: POST_AddClientIDToOpenIDConnectProvider + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AddClientIDToOpenIDConnectProviderRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: AddClientIDToOpenIDConnectProvider + /?Action=AddRoleToInstanceProfile&Version=2010-05-08: + get: + description:

Adds the specified IAM role to the specified instance profile. + An instance profile can contain only one role, and this quota cannot be increased. + You can remove the existing role and then add a different role to an instance + profile. You must then wait for the change to appear across all of Amazon + Web Services because of eventual + consistency. To force the change, you must disassociate + the instance profile and then associate + the instance profile, or you can stop your instance and then restart it.

+

The caller of this operation must be granted the PassRole + permission on the IAM role by a permissions policy.

For more + information about roles, see Working + with roles. For more information about instance profiles, see About + instance profiles.

+ operationId: GET_AddRoleToInstanceProfile + parameters: + - description: '

The name of the instance profile to update.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: InstanceProfileName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The name of the role to add.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: AddRoleToInstanceProfile + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Adds the specified IAM role to the specified instance profile. + An instance profile can contain only one role, and this quota cannot be increased. + You can remove the existing role and then add a different role to an instance + profile. You must then wait for the change to appear across all of Amazon + Web Services because of eventual + consistency. To force the change, you must disassociate + the instance profile and then associate + the instance profile, or you can stop your instance and then restart it.

+

The caller of this operation must be granted the PassRole + permission on the IAM role by a permissions policy.

For more + information about roles, see Working + with roles. For more information about instance profiles, see About + instance profiles.

+ operationId: POST_AddRoleToInstanceProfile + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AddRoleToInstanceProfileRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: AddRoleToInstanceProfile + /?Action=AddUserToGroup&Version=2010-05-08: + get: + description: Adds the specified user to the specified group. + operationId: GET_AddUserToGroup + parameters: + - description: '

The name of the group to update.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: GroupName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The name of the user to add.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: AddUserToGroup + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Adds the specified user to the specified group. + operationId: POST_AddUserToGroup + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AddUserToGroupRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: AddUserToGroup + /?Action=AttachGroupPolicy&Version=2010-05-08: + get: + description:

Attaches the specified managed policy to the specified IAM group.

+

You use this operation to attach a managed policy to a group. To embed + an inline policy in a group, use PutGroupPolicy.

As a best practice, + you can validate your IAM policies. To learn more, see Validating + IAM policies in the IAM User Guide.

For more information + about policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: GET_AttachGroupPolicy + parameters: + - description: '

The name (friendly name, not ARN) of the group to attach + the policy to.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: GroupName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The Amazon Resource Name (ARN) of the IAM policy you want + to attach.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/PolicyNotAttachableException' + description: PolicyNotAttachableException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: AttachGroupPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Attaches the specified managed policy to the specified IAM group.

+

You use this operation to attach a managed policy to a group. To embed + an inline policy in a group, use PutGroupPolicy.

As a best practice, + you can validate your IAM policies. To learn more, see Validating + IAM policies in the IAM User Guide.

For more information + about policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: POST_AttachGroupPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AttachGroupPolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/PolicyNotAttachableException' + description: PolicyNotAttachableException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: AttachGroupPolicy + /?Action=AttachRolePolicy&Version=2010-05-08: + get: + description:

Attaches the specified managed policy to the specified IAM role. + When you attach a managed policy to a role, the managed policy becomes part + of the role's permission (access) policy.

You cannot use a managed + policy as the role's trust policy. The role's trust policy is created at the + same time as the role, using CreateRole. You can update a role's trust + policy using UpdateAssumeRolePolicy.

Use this operation + to attach a managed policy to a role. To embed an inline policy in + a role, use PutRolePolicy. For more information about policies, see + Managed + policies and inline policies in the IAM User Guide.

As a + best practice, you can validate your IAM policies. To learn more, see Validating + IAM policies in the IAM User Guide.

+ operationId: GET_AttachRolePolicy + parameters: + - description: '

The name (friendly name, not ARN) of the role to attach the + policy to.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The Amazon Resource Name (ARN) of the IAM policy you want + to attach.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/PolicyNotAttachableException' + description: PolicyNotAttachableException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: AttachRolePolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Attaches the specified managed policy to the specified IAM role. + When you attach a managed policy to a role, the managed policy becomes part + of the role's permission (access) policy.

You cannot use a managed + policy as the role's trust policy. The role's trust policy is created at the + same time as the role, using CreateRole. You can update a role's trust + policy using UpdateAssumeRolePolicy.

Use this operation + to attach a managed policy to a role. To embed an inline policy in + a role, use PutRolePolicy. For more information about policies, see + Managed + policies and inline policies in the IAM User Guide.

As a + best practice, you can validate your IAM policies. To learn more, see Validating + IAM policies in the IAM User Guide.

+ operationId: POST_AttachRolePolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AttachRolePolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/PolicyNotAttachableException' + description: PolicyNotAttachableException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: AttachRolePolicy + /?Action=AttachUserPolicy&Version=2010-05-08: + get: + description:

Attaches the specified managed policy to the specified user.

+

You use this operation to attach a managed policy to a user. To + embed an inline policy in a user, use PutUserPolicy.

As a best + practice, you can validate your IAM policies. To learn more, see Validating + IAM policies in the IAM User Guide.

For more information + about policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: GET_AttachUserPolicy + parameters: + - description: '

The name (friendly name, not ARN) of the IAM user to attach + the policy to.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The Amazon Resource Name (ARN) of the IAM policy you want + to attach.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/PolicyNotAttachableException' + description: PolicyNotAttachableException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: AttachUserPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Attaches the specified managed policy to the specified user.

+

You use this operation to attach a managed policy to a user. To + embed an inline policy in a user, use PutUserPolicy.

As a best + practice, you can validate your IAM policies. To learn more, see Validating + IAM policies in the IAM User Guide.

For more information + about policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: POST_AttachUserPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/AttachUserPolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/PolicyNotAttachableException' + description: PolicyNotAttachableException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: AttachUserPolicy + /?Action=ChangePassword&Version=2010-05-08: + get: + description:

Changes the password of the IAM user who is calling this operation. + This operation can be performed using the CLI, the Amazon Web Services API, + or the My Security Credentials page in the Amazon Web Services Management + Console. The Amazon Web Services account root user password is not affected + by this operation.

Use UpdateLoginProfile to use the CLI, the + Amazon Web Services API, or the Users page in the IAM console to change + the password for any IAM user. For more information about modifying passwords, + see Managing + passwords in the IAM User Guide.

+ operationId: GET_ChangePassword + parameters: + - description: The IAM user's current password. + in: query + name: OldPassword + required: true + schema: + format: password + maxLength: 128 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + - description:

The new password. The new password must conform to the Amazon + Web Services account's password policy, if one exists.

The regex + pattern that is used to validate this parameter is a string of characters. + That string can include almost any printable ASCII character from the space + (\u0020) through the end of the ASCII character range (\u00FF). + You can also include the tab (\u0009), line feed (\u000A), + and carriage return (\u000D) characters. Any of these characters + are valid in a password. However, many tools, such as the Amazon Web Services + Management Console, might restrict the ability to type certain characters + because they have special meaning within that tool.

+ in: query + name: NewPassword + required: true + schema: + format: password + maxLength: 128 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidUserTypeException' + description: InvalidUserTypeException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/PasswordPolicyViolationException' + description: PasswordPolicyViolationException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ChangePassword + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Changes the password of the IAM user who is calling this operation. + This operation can be performed using the CLI, the Amazon Web Services API, + or the My Security Credentials page in the Amazon Web Services Management + Console. The Amazon Web Services account root user password is not affected + by this operation.

Use UpdateLoginProfile to use the CLI, the + Amazon Web Services API, or the Users page in the IAM console to change + the password for any IAM user. For more information about modifying passwords, + see Managing + passwords in the IAM User Guide.

+ operationId: POST_ChangePassword + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ChangePasswordRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidUserTypeException' + description: InvalidUserTypeException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/PasswordPolicyViolationException' + description: PasswordPolicyViolationException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ChangePassword + /?Action=CreateAccessKey&Version=2010-05-08: + get: + description:

Creates a new Amazon Web Services secret access key and corresponding + Amazon Web Services access key ID for the specified user. The default status + for new keys is Active.

If you do not specify a user name, + IAM determines the user name implicitly based on the Amazon Web Services access + key ID signing the request. This operation works for access keys under the + Amazon Web Services account. Consequently, you can use this operation to manage + Amazon Web Services account root user credentials. This is true even if the + Amazon Web Services account has no associated users.

For information + about quotas on the number of keys you can create, see IAM + and STS quotas in the IAM User Guide.

To ensure + the security of your Amazon Web Services account, the secret access key is + accessible only during key and user creation. You must save the key (for example, + in a text file) if you want to be able to access it again. If a secret key + is lost, you can delete the access keys for the associated user and then create + new keys.

 + operationId: GET_CreateAccessKey + parameters: + - description: '

The name of the IAM user that the new key will belong to.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + CreateAccessKeyResult: + $ref: '#/components/schemas/CreateAccessKeyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateAccessKey + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Creates a new Amazon Web Services secret access key and corresponding + Amazon Web Services access key ID for the specified user. The default status + for new keys is Active.

If you do not specify a user name, + IAM determines the user name implicitly based on the Amazon Web Services access + key ID signing the request. This operation works for access keys under the + Amazon Web Services account. Consequently, you can use this operation to manage + Amazon Web Services account root user credentials. This is true even if the + Amazon Web Services account has no associated users.

For information + about quotas on the number of keys you can create, see IAM + and STS quotas in the IAM User Guide.

To ensure + the security of your Amazon Web Services account, the secret access key is + accessible only during key and user creation. You must save the key (for example, + in a text file) if you want to be able to access it again. If a secret key + is lost, you can delete the access keys for the associated user and then create + new keys.

 + operationId: POST_CreateAccessKey + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateAccessKeyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreateAccessKeyResult: + $ref: '#/components/schemas/CreateAccessKeyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateAccessKey + /?Action=CreateAccountAlias&Version=2010-05-08: + get: + description: Creates an alias for your Amazon Web Services account. For information + about using an Amazon Web Services account alias, see Using + an alias for your Amazon Web Services account ID in the IAM User Guide. + operationId: GET_CreateAccountAlias + parameters: + - description:

The account alias to create.

This parameter allows + (through its regex pattern) + a string of characters consisting of lowercase letters, digits, and dashes. + You cannot start or finish with a dash, nor can you have two dashes in a + row.

+ in: query + name: AccountAlias + required: true + schema: + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$ + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateAccountAlias + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Creates an alias for your Amazon Web Services account. For information + about using an Amazon Web Services account alias, see Using + an alias for your Amazon Web Services account ID in the IAM User Guide. + operationId: POST_CreateAccountAlias + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateAccountAliasRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateAccountAlias + /?Action=CreateGroup&Version=2010-05-08: + get: + description:

Creates a new group.

For information about the number + of groups you can create, see IAM + and STS quotas in the IAM User Guide.

+ operationId: GET_CreateGroup + parameters: + - description:

The path to the group. For more information about paths, + see IAM + identifiers in the IAM User Guide.

This parameter is optional. + If it is not included, it defaults to a slash (/).

This parameter + allows (through its regex pattern) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through + the DEL character (\u007F), including most punctuation characters, + digits, and upper and lowercased letters.

+ in: query + name: Path + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + - description:

The name of the group to create. Do not include the path in + this value.

IAM user, group, role, and policy names must be unique + within the account. Names are not distinguished by case. For example, you + cannot create resources named both "MyResource" and "myresource".

+ in: query + name: GroupName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + CreateGroupResult: + $ref: '#/components/schemas/CreateGroupResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateGroup + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Creates a new group.

For information about the number + of groups you can create, see IAM + and STS quotas in the IAM User Guide.

+ operationId: POST_CreateGroup + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateGroupRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreateGroupResult: + $ref: '#/components/schemas/CreateGroupResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateGroup + /?Action=CreateInstanceProfile&Version=2010-05-08: + get: + description:

Creates a new instance profile. For information about instance + profiles, see Using + roles for applications on Amazon EC2 in the IAM User Guide, and + Instance + profiles in the Amazon EC2 User Guide.

For information + about the number of instance profiles you can create, see IAM + object quotas in the IAM User Guide.

+ operationId: GET_CreateInstanceProfile + parameters: + - description: '

The name of the instance profile to create.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: InstanceProfileName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The path to the instance profile. For more information about + paths, see IAM + Identifiers in the IAM User Guide.

This parameter is optional. + If it is not included, it defaults to a slash (/).

This parameter + allows (through its regex pattern) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through + the DEL character (\u007F), including most punctuation characters, + digits, and upper and lowercased letters.

+ in: query + name: Path + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + - description:

A list of tags that you want to attach to the newly created + IAM instance profile. Each tag consists of a key name and an associated + value. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

If any one + of the tags is invalid or if you exceed the allowed maximum number of tags, + then the entire request fails and the resource is not created.

 + in: query + name: Tags + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + content: + text/xml: + schema: + properties: + CreateInstanceProfileResult: + $ref: '#/components/schemas/CreateInstanceProfileResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateInstanceProfile + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Creates a new instance profile. For information about instance + profiles, see Using + roles for applications on Amazon EC2 in the IAM User Guide, and + Instance + profiles in the Amazon EC2 User Guide.

For information + about the number of instance profiles you can create, see IAM + object quotas in the IAM User Guide.

+ operationId: POST_CreateInstanceProfile + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateInstanceProfileRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreateInstanceProfileResult: + $ref: '#/components/schemas/CreateInstanceProfileResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateInstanceProfile + /?Action=CreateLoginProfile&Version=2010-05-08: + get: + description:

Creates a password for the specified IAM user. A password allows + an IAM user to access Amazon Web Services services through the Amazon Web + Services Management Console.

You can use the CLI, the Amazon Web Services + API, or the Users page in the IAM console to create a password for + any IAM user. Use ChangePassword to update your own existing password + in the My Security Credentials page in the Amazon Web Services Management + Console.

For more information about managing passwords, see Managing + passwords in the IAM User Guide.

+ operationId: GET_CreateLoginProfile + parameters: + - description: '

The name of the IAM user to create a password for. The user + must already exist.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The new password for the user.

The regex + pattern that is used to validate this parameter is a string of characters. + That string can include almost any printable ASCII character from the space + (\u0020) through the end of the ASCII character range (\u00FF). + You can also include the tab (\u0009), line feed (\u000A), + and carriage return (\u000D) characters. Any of these characters + are valid in a password. However, many tools, such as the Amazon Web Services + Management Console, might restrict the ability to type certain characters + because they have special meaning within that tool.

+ in: query + name: Password + required: true + schema: + format: password + maxLength: 128 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + - description: Specifies whether the user is required to set a new password + on next sign-in. + in: query + name: PasswordResetRequired + required: false + schema: + type: boolean + responses: + '200': + content: + text/xml: + schema: + properties: + CreateLoginProfileResult: + $ref: '#/components/schemas/CreateLoginProfileResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/PasswordPolicyViolationException' + description: PasswordPolicyViolationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateLoginProfile + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Creates a password for the specified IAM user. A password allows + an IAM user to access Amazon Web Services services through the Amazon Web + Services Management Console.

You can use the CLI, the Amazon Web Services + API, or the Users page in the IAM console to create a password for + any IAM user. Use ChangePassword to update your own existing password + in the My Security Credentials page in the Amazon Web Services Management + Console.

For more information about managing passwords, see Managing + passwords in the IAM User Guide.

+ operationId: POST_CreateLoginProfile + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateLoginProfileRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreateLoginProfileResult: + $ref: '#/components/schemas/CreateLoginProfileResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/PasswordPolicyViolationException' + description: PasswordPolicyViolationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateLoginProfile + /?Action=CreateOpenIDConnectProvider&Version=2010-05-08: + get: + description:

Creates an IAM entity to describe an identity provider (IdP) + that supports OpenID Connect (OIDC).

+

The OIDC provider that you create with this operation can be used as a + principal in a role's trust policy. Such a policy establishes a trust relationship + between Amazon Web Services and the OIDC provider.

If you are using + an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't + need to create a separate IAM identity provider. These OIDC identity providers + are already built-in to Amazon Web Services and are available for your use. + Instead, you can move directly to creating new roles using your identity provider. + To learn more, see Creating + a role for web identity or OpenID connect federation in the IAM User + Guide.

When you create the IAM OIDC provider, you specify the following:

+

  • The URL of the OIDC identity provider (IdP) to trust

    • +

  • A list of client IDs (also known as audiences) that identify the application + or applications allowed to authenticate using the OIDC provider

    • +

  • A list of thumbprints of one or more server certificates that the + IdP uses

You get all of this information from the OIDC + IdP you want to use to access Amazon Web Services.

Amazon Web + Services secures communication with some OIDC identity providers (IdPs) through + our library of trusted certificate authorities (CAs) instead of using a certificate + thumbprint to verify your IdP server certificate. These OIDC IdPs include + Google, and those that use an Amazon S3 bucket to host a JSON Web Key Set + (JWKS) endpoint. In these cases, your legacy thumbprint remains in your configuration, + but is no longer used for validation.

The trust for + the OIDC provider is derived from the IAM provider that this operation creates. + Therefore, it is best to limit access to the CreateOpenIDConnectProvider + operation to highly privileged users.

 + operationId: GET_CreateOpenIDConnectProvider + parameters: + - description:

The URL of the identity provider. The URL must begin with + https:// and should correspond to the iss claim + in the provider's OpenID Connect ID tokens. Per the OIDC standard, path + components are allowed but query parameters are not. Typically the URL consists + of only a hostname, like https://server.example.org or https://example.com. + The URL should not contain a port number.

You cannot register the + same provider multiple times in a single Amazon Web Services account. If + you try to submit a URL that has already been used for an OpenID Connect + provider in the Amazon Web Services account, you will get an error.

+ in: query + name: Url + required: true + schema: + description: Contains a URL that specifies the endpoint for an OpenID Connect + provider. + maxLength: 255 + minLength: 1 + type: string + - description:

Provides a list of client IDs, also known as audiences. When + a mobile or web app registers with an OpenID Connect provider, they establish + a value that identifies the application. This is the value that's sent as + the client_id parameter on OAuth requests.

You can register + multiple client IDs with the same provider. For example, you might have + multiple applications that use the same OIDC provider. You cannot register + more than 100 client IDs with a single IAM OIDC provider.

There is + no defined format for a client ID. The CreateOpenIDConnectProviderRequest + operation accepts client IDs up to 255 characters long.

+ in: query + name: ClientIDList + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/clientIDType' + - xml: + name: member + type: array + - description:

A list of server certificate thumbprints for the OpenID Connect + (OIDC) identity provider's server certificates. Typically this list includes + only one entry. However, IAM lets you have up to five thumbprints for an + OIDC provider. This lets you maintain multiple thumbprints if the identity + provider is rotating certificates.

The server certificate thumbprint + is the hex-encoded SHA-1 hash value of the X.509 certificate used by the + domain where the OpenID Connect provider makes its keys available. It is + always a 40-character string.

You must provide at least one thumbprint + when creating an IAM OIDC provider. For example, assume that the OIDC provider + is server.example.com and the provider stores its keys at https://keys.server.example.com/openid-connect. + In that case, the thumbprint string would be the hex-encoded SHA-1 hash + value of the certificate used by https://keys.server.example.com. +

For more information about obtaining the OIDC provider thumbprint, + see Obtaining + the thumbprint for an OpenID Connect provider in the IAM User Guide.

+ in: query + name: ThumbprintList + required: true + schema: + description: Contains a list of thumbprints of identity provider server + certificates. + items: + allOf: + - $ref: '#/components/schemas/thumbprintType' + - xml: + name: member + type: array + - description:

A list of tags that you want to attach to the new IAM OpenID + Connect (OIDC) provider. Each tag consists of a key name and an associated + value. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

If any one + of the tags is invalid or if you exceed the allowed maximum number of tags, + then the entire request fails and the resource is not created.

 + in: query + name: Tags + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + content: + text/xml: + schema: + properties: + CreateOpenIDConnectProviderResult: + $ref: '#/components/schemas/CreateOpenIDConnectProviderResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateOpenIDConnectProvider + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Creates an IAM entity to describe an identity provider (IdP) + that supports OpenID Connect (OIDC).

+

The OIDC provider that you create with this operation can be used as a + principal in a role's trust policy. Such a policy establishes a trust relationship + between Amazon Web Services and the OIDC provider.

If you are using + an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't + need to create a separate IAM identity provider. These OIDC identity providers + are already built-in to Amazon Web Services and are available for your use. + Instead, you can move directly to creating new roles using your identity provider. + To learn more, see Creating + a role for web identity or OpenID connect federation in the IAM User + Guide.

When you create the IAM OIDC provider, you specify the following:

+

  • The URL of the OIDC identity provider (IdP) to trust

    • +

  • A list of client IDs (also known as audiences) that identify the application + or applications allowed to authenticate using the OIDC provider

    • +

  • A list of thumbprints of one or more server certificates that the + IdP uses

You get all of this information from the OIDC + IdP you want to use to access Amazon Web Services.

Amazon Web + Services secures communication with some OIDC identity providers (IdPs) through + our library of trusted certificate authorities (CAs) instead of using a certificate + thumbprint to verify your IdP server certificate. These OIDC IdPs include + Google, and those that use an Amazon S3 bucket to host a JSON Web Key Set + (JWKS) endpoint. In these cases, your legacy thumbprint remains in your configuration, + but is no longer used for validation.

The trust for + the OIDC provider is derived from the IAM provider that this operation creates. + Therefore, it is best to limit access to the CreateOpenIDConnectProvider + operation to highly privileged users.

 + operationId: POST_CreateOpenIDConnectProvider + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateOpenIDConnectProviderRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreateOpenIDConnectProviderResult: + $ref: '#/components/schemas/CreateOpenIDConnectProviderResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateOpenIDConnectProvider + /?Action=CreatePolicy&Version=2010-05-08: + get: + description:

Creates a new managed policy for your Amazon Web Services account.

+

This operation creates a policy version with a version identifier of v1 + and sets v1 as the policy's default version. For more information about policy + versions, see Versioning + for managed policies in the IAM User Guide.

As a best practice, + you can validate your IAM policies. To learn more, see Validating + IAM policies in the IAM User Guide.

For more information + about managed policies in general, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: GET_CreatePolicy + parameters: + - description:

The friendly name of the policy.

IAM user, group, role, + and policy names must be unique within the account. Names are not distinguished + by case. For example, you cannot create resources named both "MyResource" + and "myresource".

+ in: query + name: PolicyName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The path for the policy.

For more information about + paths, see IAM + identifiers in the IAM User Guide.

This parameter is optional. + If it is not included, it defaults to a slash (/).

This parameter + allows (through its regex pattern) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through + the DEL character (\u007F), including most punctuation characters, + digits, and upper and lowercased letters.

You cannot use an + asterisk (*) in the path name.

 + in: query + name: Path + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ + type: string + - description:

The JSON policy document that you want to use as the content + for the new policy.

You must provide policies in JSON format in IAM. + However, for CloudFormation templates formatted in YAML, you can provide + the policy in JSON or YAML format. CloudFormation always converts a YAML + policy to JSON format before submitting it to IAM.

The maximum length + of the policy document that you can pass in this operation, including whitespace, + is listed below. To view the maximum character counts of a managed policy + with no whitespaces, see IAM + and STS character quotas.

To learn more about JSON policy grammar, + see Grammar + of the IAM JSON policy language in the IAM User Guide.

The + regex pattern used to validate + this parameter is a string of characters consisting of the following:

+

  • Any printable ASCII character ranging from the space character + (\u0020) through the end of the ASCII character range

    • +

  • The printable characters in the Basic Latin and Latin-1 Supplement + character set (through \u00FF)

  • The special + characters tab (\u0009), line feed (\u000A), and + carriage return (\u000D)

+ in: query + name: PolicyDocument + required: true + schema: + maxLength: 131072 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + - description:

A friendly description of the policy.

Typically used + to store information about the permissions defined in the policy. For example, + "Grants access to production DynamoDB tables."

The policy description + is immutable. After a value is assigned, it cannot be changed.

+ in: query + name: Description + required: false + schema: + maxLength: 1000 + type: string + - description:

A list of tags that you want to attach to the new IAM customer + managed policy. Each tag consists of a key name and an associated value. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

If any one + of the tags is invalid or if you exceed the allowed maximum number of tags, + then the entire request fails and the resource is not created.

 + in: query + name: Tags + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + content: + text/xml: + schema: + properties: + CreatePolicyResult: + $ref: '#/components/schemas/CreatePolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreatePolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Creates a new managed policy for your Amazon Web Services account.

+

This operation creates a policy version with a version identifier of v1 + and sets v1 as the policy's default version. For more information about policy + versions, see Versioning + for managed policies in the IAM User Guide.

As a best practice, + you can validate your IAM policies. To learn more, see Validating + IAM policies in the IAM User Guide.

For more information + about managed policies in general, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: POST_CreatePolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreatePolicyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreatePolicyResult: + $ref: '#/components/schemas/CreatePolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreatePolicy + /?Action=CreatePolicyVersion&Version=2010-05-08: + get: + description:

Creates a new version of the specified managed policy. To update + a managed policy, you create a new policy version. A managed policy can have + up to five versions. If the policy has five versions, you must delete an existing + version using DeletePolicyVersion before you create a new version.

+

Optionally, you can set the new version as the policy's default version. + The default version is the version that is in effect for the IAM users, groups, + and roles to which the policy is attached.

For more information about + managed policy versions, see Versioning + for managed policies in the IAM User Guide.

+ operationId: GET_CreatePolicyVersion + parameters: + - description:

The Amazon Resource Name (ARN) of the IAM policy to which + you want to add a new version.

For more information about ARNs, see + Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description:

The JSON policy document that you want to use as the content + for this new version of the policy.

You must provide policies in + JSON format in IAM. However, for CloudFormation templates formatted in YAML, + you can provide the policy in JSON or YAML format. CloudFormation always + converts a YAML policy to JSON format before submitting it to IAM.

The + maximum length of the policy document that you can pass in this operation, + including whitespace, is listed below. To view the maximum character counts + of a managed policy with no whitespaces, see IAM + and STS character quotas.

The regex + pattern used to validate this parameter is a string of characters consisting + of the following:

  • Any printable ASCII character ranging + from the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line feed + (\u000A), and carriage return (\u000D)

    • +
+ in: query + name: PolicyDocument + required: true + schema: + maxLength: 131072 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + - description:

Specifies whether to set this version as the policy's default + version.

When this parameter is true, the new policy + version becomes the operative version. That is, it becomes the version that + is in effect for the IAM users, groups, and roles that the policy is attached + to.

For more information about managed policy versions, see Versioning + for managed policies in the IAM User Guide.

+ in: query + name: SetAsDefault + required: false + schema: + type: boolean + responses: + '200': + content: + text/xml: + schema: + properties: + CreatePolicyVersionResult: + $ref: '#/components/schemas/CreatePolicyVersionResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreatePolicyVersion + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Creates a new version of the specified managed policy. To update + a managed policy, you create a new policy version. A managed policy can have + up to five versions. If the policy has five versions, you must delete an existing + version using DeletePolicyVersion before you create a new version.

+

Optionally, you can set the new version as the policy's default version. + The default version is the version that is in effect for the IAM users, groups, + and roles to which the policy is attached.

For more information about + managed policy versions, see Versioning + for managed policies in the IAM User Guide.

+ operationId: POST_CreatePolicyVersion + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreatePolicyVersionRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreatePolicyVersionResult: + $ref: '#/components/schemas/CreatePolicyVersionResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreatePolicyVersion + /?Action=CreateRole&Version=2010-05-08: + get: + description: Creates a new role for your Amazon Web Services account. For more + information about roles, see IAM + roles. For information about quotas for role names and the number of roles + you can create, see IAM + and STS quotas in the IAM User Guide. + operationId: GET_CreateRole + parameters: + - description:

The path to the role. For more information about paths, see + IAM + Identifiers in the IAM User Guide.

This parameter is optional. + If it is not included, it defaults to a slash (/).

This parameter + allows (through its regex pattern) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through + the DEL character (\u007F), including most punctuation characters, + digits, and upper and lowercased letters.

+ in: query + name: Path + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + - description:

The name of the role to create.

IAM user, group, role, + and policy names must be unique within the account. Names are not distinguished + by case. For example, you cannot create resources named both "MyResource" + and "myresource".

+ in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The trust relationship policy document that grants an entity + permission to assume the role.

In IAM, you must provide a JSON policy + that has been converted to a string. However, for CloudFormation templates + formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation + always converts a YAML policy to JSON format before submitting it to IAM.

+

The regex pattern used + to validate this parameter is a string of characters consisting of the following:

+

  • Any printable ASCII character ranging from the space character + (\u0020) through the end of the ASCII character range

    • +

  • The printable characters in the Basic Latin and Latin-1 Supplement + character set (through \u00FF)

  • The special + characters tab (\u0009), line feed (\u000A), and + carriage return (\u000D)

Upon success, + the response includes the same trust policy in JSON format.

+ in: query + name: AssumeRolePolicyDocument + required: true + schema: + maxLength: 131072 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + - description: A description of the role. + in: query + name: Description + required: false + schema: + maxLength: 1000 + pattern: '[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}]*' + type: string + - description:

The maximum session duration (in seconds) that you want to + set for the specified role. If you do not specify a value for this setting, + the default maximum of one hour is applied. This setting can have a value + from 1 hour to 12 hours.

Anyone who assumes the role from the or + API can use the DurationSeconds API parameter or the duration-seconds + CLI parameter to request a longer session. The MaxSessionDuration + setting determines the maximum duration that can be requested using the + DurationSeconds parameter. If users don't specify a value for + the DurationSeconds parameter, their security credentials are + valid for one hour by default. This applies when you use the AssumeRole* + API operations or the assume-role* CLI operations but does + not apply when you use those operations to create a console URL. For more + information, see Using + IAM roles in the IAM User Guide.

+ in: query + name: MaxSessionDuration + required: false + schema: + maximum: 43200 + minimum: 3600 + type: integer + - description: The ARN of the policy that is used to set the permissions boundary + for the role. + in: query + name: PermissionsBoundary + required: false + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description:

A list of tags that you want to attach to the new role. Each + tag consists of a key name and an associated value. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide.

If any one + of the tags is invalid or if you exceed the allowed maximum number of tags, + then the entire request fails and the resource is not created.

 + in: query + name: Tags + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + content: + text/xml: + schema: + properties: + CreateRoleResult: + $ref: '#/components/schemas/CreateRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateRole + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Creates a new role for your Amazon Web Services account. For more + information about roles, see IAM + roles. For information about quotas for role names and the number of roles + you can create, see IAM + and STS quotas in the IAM User Guide. + operationId: POST_CreateRole + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateRoleRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreateRoleResult: + $ref: '#/components/schemas/CreateRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateRole + /?Action=CreateSAMLProvider&Version=2010-05-08: + get: + description:

Creates an IAM resource that describes an identity provider + (IdP) that supports SAML 2.0.

The SAML provider resource that you create + with this operation can be used as a principal in an IAM role's trust policy. + Such a policy can enable federated users who sign in using the SAML IdP to + assume the role. You can create an IAM role that supports Web-based single + sign-on (SSO) to the Amazon Web Services Management Console or one that supports + API access to Amazon Web Services.

When you create the SAML provider + resource, you upload a SAML metadata document that you get from your IdP. + That document includes the issuer's name, expiration information, and keys + that can be used to validate the SAML authentication response (assertions) + that the IdP sends. You must generate the metadata document using the identity + management software that is used as your organization's IdP.

+ This operation requires Signature + Version 4.

For more information, see Enabling + SAML 2.0 federated users to access the Amazon Web Services Management Console + and About + SAML 2.0-based federation in the IAM User Guide.

+ operationId: GET_CreateSAMLProvider + parameters: + - description:

An XML document generated by an identity provider (IdP) that + supports SAML 2.0. The document includes the issuer's name, expiration information, + and keys that can be used to validate the SAML authentication response (assertions) + that are received from the IdP. You must generate the metadata document + using the identity management software that is used as your organization's + IdP.

For more information, see About + SAML 2.0-based federation in the IAM User Guide

+ in: query + name: SAMLMetadataDocument + required: true + schema: + maxLength: 10000000 + minLength: 1000 + type: string + - description: '

The name of the provider to create.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: Name + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w._-]+' + type: string + - description:

A list of tags that you want to attach to the new IAM SAML + provider. Each tag consists of a key name and an associated value. For more + information about tagging, see Tagging + IAM resources in the IAM User Guide.

If any one + of the tags is invalid or if you exceed the allowed maximum number of tags, + then the entire request fails and the resource is not created.

 + in: query + name: Tags + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + content: + text/xml: + schema: + properties: + CreateSAMLProviderResult: + $ref: '#/components/schemas/CreateSAMLProviderResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateSAMLProvider + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Creates an IAM resource that describes an identity provider + (IdP) that supports SAML 2.0.

The SAML provider resource that you create + with this operation can be used as a principal in an IAM role's trust policy. + Such a policy can enable federated users who sign in using the SAML IdP to + assume the role. You can create an IAM role that supports Web-based single + sign-on (SSO) to the Amazon Web Services Management Console or one that supports + API access to Amazon Web Services.

When you create the SAML provider + resource, you upload a SAML metadata document that you get from your IdP. + That document includes the issuer's name, expiration information, and keys + that can be used to validate the SAML authentication response (assertions) + that the IdP sends. You must generate the metadata document using the identity + management software that is used as your organization's IdP.

+ This operation requires Signature + Version 4.

For more information, see Enabling + SAML 2.0 federated users to access the Amazon Web Services Management Console + and About + SAML 2.0-based federation in the IAM User Guide.

+ operationId: POST_CreateSAMLProvider + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateSAMLProviderRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreateSAMLProviderResult: + $ref: '#/components/schemas/CreateSAMLProviderResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateSAMLProvider + /?Action=CreateServiceLinkedRole&Version=2010-05-08: + get: + description:

Creates an IAM role that is linked to a specific Amazon Web + Services service. The service controls the attached policies and when the + role can be deleted. This helps ensure that the service is not broken by an + unexpectedly changed or deleted role, which could put your Amazon Web Services + resources into an unknown state. Allowing the service to control the role + helps improve service stability and proper cleanup when a service and its + role are no longer needed. For more information, see Using + service-linked roles in the IAM User Guide.

To attach a + policy to this service-linked role, you must make the request using the Amazon + Web Services service that depends on this role.

+ operationId: GET_CreateServiceLinkedRole + parameters: + - description: '

The service principal for the Amazon Web Services service + to which this role is attached. You use a string similar to a URL but without + the http:// in front. For example: elasticbeanstalk.amazonaws.com. +

Service principals are unique and case-sensitive. To find the exact + service principal for your service-linked role, see Amazon + Web Services services that work with IAM in the IAM User Guide. + Look for the services that have Yes in the Service-Linked Role + column. Choose the Yes link to view the service-linked role documentation + for that service.

' + in: query + name: AWSServiceName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: The description of the role. + in: query + name: Description + required: false + schema: + maxLength: 1000 + pattern: '[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}]*' + type: string + - description:

A string that you provide, which is combined with the + service-provided prefix to form the complete role name. If you make multiple + requests for the same service, then you must supply a different CustomSuffix + for each request. Otherwise the request fails with a duplicate role name + error. For example, you could add -1 or -debug + to the suffix.

Some services do not support the CustomSuffix + parameter. If you provide an optional suffix and the operation fails, try + the operation again without the suffix.

+ in: query + name: CustomSuffix + required: false + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + CreateServiceLinkedRoleResult: + $ref: '#/components/schemas/CreateServiceLinkedRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateServiceLinkedRole + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Creates an IAM role that is linked to a specific Amazon Web + Services service. The service controls the attached policies and when the + role can be deleted. This helps ensure that the service is not broken by an + unexpectedly changed or deleted role, which could put your Amazon Web Services + resources into an unknown state. Allowing the service to control the role + helps improve service stability and proper cleanup when a service and its + role are no longer needed. For more information, see Using + service-linked roles in the IAM User Guide.

To attach a + policy to this service-linked role, you must make the request using the Amazon + Web Services service that depends on this role.

+ operationId: POST_CreateServiceLinkedRole + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateServiceLinkedRoleRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreateServiceLinkedRoleResult: + $ref: '#/components/schemas/CreateServiceLinkedRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateServiceLinkedRole + /?Action=CreateServiceSpecificCredential&Version=2010-05-08: + get: + description: '

Generates a set of credentials consisting of a user name and + password that can be used to access the service specified in the request. + These credentials are generated by IAM, and can be used only for the specified + service.

You can have a maximum of two sets of service-specific credentials + for each supported service per user.

You can create service-specific + credentials for CodeCommit and Amazon Keyspaces (for Apache Cassandra).

+

You can reset the password to a new service-generated value by calling + ResetServiceSpecificCredential.

For more information about service-specific + credentials, see Using + IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web Services access + keys in the IAM User Guide.

' + operationId: GET_CreateServiceSpecificCredential + parameters: + - description: '

The name of the IAM user that is to be associated with the + credentials. The new service-specific credentials have the same permissions + as the associated user except that they can be used only to access the specified + service.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: The name of the Amazon Web Services service that is to be associated + with the credentials. The service you specify here is the only service that + can be accessed using these credentials. + in: query + name: ServiceName + required: true + schema: + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + CreateServiceSpecificCredentialResult: + $ref: '#/components/schemas/CreateServiceSpecificCredentialResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceNotSupportedException' + description: ServiceNotSupportedException + x-aws-operation-name: CreateServiceSpecificCredential + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: '

Generates a set of credentials consisting of a user name and + password that can be used to access the service specified in the request. + These credentials are generated by IAM, and can be used only for the specified + service.

You can have a maximum of two sets of service-specific credentials + for each supported service per user.

You can create service-specific + credentials for CodeCommit and Amazon Keyspaces (for Apache Cassandra).

+

You can reset the password to a new service-generated value by calling + ResetServiceSpecificCredential.

For more information about service-specific + credentials, see Using + IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web Services access + keys in the IAM User Guide.

' + operationId: POST_CreateServiceSpecificCredential + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateServiceSpecificCredentialRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreateServiceSpecificCredentialResult: + $ref: '#/components/schemas/CreateServiceSpecificCredentialResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceNotSupportedException' + description: ServiceNotSupportedException + x-aws-operation-name: CreateServiceSpecificCredential + /?Action=CreateUser&Version=2010-05-08: + get: + description:

Creates a new IAM user for your Amazon Web Services account.

+

For information about quotas for the number of IAM users you can create, + see IAM + and STS quotas in the IAM User Guide.

+ operationId: GET_CreateUser + parameters: + - description:

The path for the user name. For more information about paths, + see IAM + identifiers in the IAM User Guide.

This parameter is optional. + If it is not included, it defaults to a slash (/).

This parameter + allows (through its regex pattern) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through + the DEL character (\u007F), including most punctuation characters, + digits, and upper and lowercased letters.

+ in: query + name: Path + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + - description:

The name of the user to create.

IAM user, group, role, + and policy names must be unique within the account. Names are not distinguished + by case. For example, you cannot create resources named both "MyResource" + and "myresource".

+ in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: The ARN of the policy that is used to set the permissions boundary + for the user. + in: query + name: PermissionsBoundary + required: false + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description:

A list of tags that you want to attach to the new user. Each + tag consists of a key name and an associated value. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide.

If any one + of the tags is invalid or if you exceed the allowed maximum number of tags, + then the entire request fails and the resource is not created.

 + in: query + name: Tags + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + content: + text/xml: + schema: + properties: + CreateUserResult: + $ref: '#/components/schemas/CreateUserResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateUser + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Creates a new IAM user for your Amazon Web Services account.

+

For information about quotas for the number of IAM users you can create, + see IAM + and STS quotas in the IAM User Guide.

+ operationId: POST_CreateUser + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateUserRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreateUserResult: + $ref: '#/components/schemas/CreateUserResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateUser + /?Action=CreateVirtualMFADevice&Version=2010-05-08: + get: + description:

Creates a new virtual MFA device for the Amazon Web Services + account. After creating the virtual MFA, use EnableMFADevice to attach + the MFA device to an IAM user. For more information about creating and working + with virtual MFA devices, see Using + a virtual MFA device in the IAM User Guide.

For information + about the maximum number of MFA devices you can create, see IAM + and STS quotas in the IAM User Guide.

The seed + information contained in the QR code and the Base32 string should be treated + like any other secret access information. In other words, protect the seed + information as you would your Amazon Web Services access keys or your passwords. + After you provision your virtual device, you should ensure that the information + is destroyed following secure procedures.

 + operationId: GET_CreateVirtualMFADevice + parameters: + - description:

The path for the virtual MFA device. For more information + about paths, see IAM + identifiers in the IAM User Guide.

This parameter is optional. + If it is not included, it defaults to a slash (/).

This parameter + allows (through its regex pattern) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through + the DEL character (\u007F), including most punctuation characters, + digits, and upper and lowercased letters.

+ in: query + name: Path + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + - description: '

The name of the virtual MFA device. Use with path to uniquely + identify a virtual MFA device.

This parameter allows (through its + regex pattern) a string of + characters consisting of upper and lowercase alphanumeric characters with + no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: VirtualMFADeviceName + required: true + schema: + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

A list of tags that you want to attach to the new IAM virtual + MFA device. Each tag consists of a key name and an associated value. For + more information about tagging, see Tagging + IAM resources in the IAM User Guide.

If any one + of the tags is invalid or if you exceed the allowed maximum number of tags, + then the entire request fails and the resource is not created.

 + in: query + name: Tags + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + content: + text/xml: + schema: + properties: + CreateVirtualMFADeviceResult: + $ref: '#/components/schemas/CreateVirtualMFADeviceResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateVirtualMFADevice + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Creates a new virtual MFA device for the Amazon Web Services + account. After creating the virtual MFA, use EnableMFADevice to attach + the MFA device to an IAM user. For more information about creating and working + with virtual MFA devices, see Using + a virtual MFA device in the IAM User Guide.

For information + about the maximum number of MFA devices you can create, see IAM + and STS quotas in the IAM User Guide.

The seed + information contained in the QR code and the Base32 string should be treated + like any other secret access information. In other words, protect the seed + information as you would your Amazon Web Services access keys or your passwords. + After you provision your virtual device, you should ensure that the information + is destroyed following secure procedures.

 + operationId: POST_CreateVirtualMFADevice + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateVirtualMFADeviceRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreateVirtualMFADeviceResult: + $ref: '#/components/schemas/CreateVirtualMFADeviceResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateVirtualMFADevice + /?Action=DeactivateMFADevice&Version=2010-05-08: + get: + description:

Deactivates the specified MFA device and removes it from association + with the user name for which it was originally enabled.

For more information + about creating and working with virtual MFA devices, see Enabling + a virtual multi-factor authentication (MFA) device in the IAM User + Guide.

+ operationId: GET_DeactivateMFADevice + parameters: + - description: '

The name of the user whose MFA device you want to deactivate.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The serial number that uniquely identifies the MFA device. + For virtual MFA devices, the serial number is the device ARN.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + =,.@:/-

' + in: query + name: SerialNumber + required: true + schema: + maxLength: 256 + minLength: 9 + pattern: '[\w+=/:,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeactivateMFADevice + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deactivates the specified MFA device and removes it from association + with the user name for which it was originally enabled.

For more information + about creating and working with virtual MFA devices, see Enabling + a virtual multi-factor authentication (MFA) device in the IAM User + Guide.

+ operationId: POST_DeactivateMFADevice + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeactivateMFADeviceRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeactivateMFADevice + /?Action=DeleteAccessKey&Version=2010-05-08: + get: + description:

Deletes the access key pair associated with the specified IAM + user.

If you do not specify a user name, IAM determines the user name + implicitly based on the Amazon Web Services access key ID signing the request. + This operation works for access keys under the Amazon Web Services account. + Consequently, you can use this operation to manage Amazon Web Services account + root user credentials even if the Amazon Web Services account has no associated + users.

+ operationId: GET_DeleteAccessKey + parameters: + - description: '

The name of the user whose access key pair you want to delete.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The access key ID for the access key ID and secret access + key you want to delete.

This parameter allows (through its regex + pattern) a string of characters that can consist of any upper or lowercased + letter or digit.

+ in: query + name: AccessKeyId + required: true + schema: + maxLength: 128 + minLength: 16 + pattern: '[\w]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteAccessKey + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes the access key pair associated with the specified IAM + user.

If you do not specify a user name, IAM determines the user name + implicitly based on the Amazon Web Services access key ID signing the request. + This operation works for access keys under the Amazon Web Services account. + Consequently, you can use this operation to manage Amazon Web Services account + root user credentials even if the Amazon Web Services account has no associated + users.

+ operationId: POST_DeleteAccessKey + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteAccessKeyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteAccessKey + /?Action=DeleteAccountAlias&Version=2010-05-08: + get: + description: ' Deletes the specified Amazon Web Services account alias. For + information about using an Amazon Web Services account alias, see Using + an alias for your Amazon Web Services account ID in the IAM User Guide.' + operationId: GET_DeleteAccountAlias + parameters: + - description:

The name of the account alias to delete.

This parameter + allows (through its regex pattern) + a string of characters consisting of lowercase letters, digits, and dashes. + You cannot start or finish with a dash, nor can you have two dashes in a + row.

+ in: query + name: AccountAlias + required: true + schema: + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$ + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteAccountAlias + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: ' Deletes the specified Amazon Web Services account alias. For + information about using an Amazon Web Services account alias, see Using + an alias for your Amazon Web Services account ID in the IAM User Guide.' + operationId: POST_DeleteAccountAlias + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteAccountAliasRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteAccountAlias + /?Action=DeleteAccountPasswordPolicy&Version=2010-05-08: + get: + description: Deletes the password policy for the Amazon Web Services account. + There are no parameters. + operationId: GET_DeleteAccountPasswordPolicy + parameters: [] + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteAccountPasswordPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Deletes the password policy for the Amazon Web Services account. + There are no parameters. + operationId: POST_DeleteAccountPasswordPolicy + parameters: [] + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteAccountPasswordPolicy + /?Action=DeleteGroup&Version=2010-05-08: + get: + description: Deletes the specified IAM group. The group must not contain any + users or have any attached policies. + operationId: GET_DeleteGroup + parameters: + - description: '

The name of the IAM group to delete.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: GroupName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteGroup + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Deletes the specified IAM group. The group must not contain any + users or have any attached policies. + operationId: POST_DeleteGroup + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteGroupRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteGroup + /?Action=DeleteGroupPolicy&Version=2010-05-08: + get: + description:

Deletes the specified inline policy that is embedded in the + specified IAM group.

A group can also have managed policies attached + to it. To detach a managed policy from a group, use DetachGroupPolicy. + For more information about policies, refer to Managed + policies and inline policies in the IAM User Guide.

+ operationId: GET_DeleteGroupPolicy + parameters: + - description: '

The name (friendly name, not ARN) identifying the group that + the policy is embedded in.

This parameter allows (through its regex pattern) a string of characters + consisting of upper and lowercase alphanumeric characters with no spaces. + You can also include any of the following characters: _+=,.@-

' + in: query + name: GroupName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The name identifying the policy document to delete.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: PolicyName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteGroupPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes the specified inline policy that is embedded in the + specified IAM group.

A group can also have managed policies attached + to it. To detach a managed policy from a group, use DetachGroupPolicy. + For more information about policies, refer to Managed + policies and inline policies in the IAM User Guide.

+ operationId: POST_DeleteGroupPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteGroupPolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteGroupPolicy + /?Action=DeleteInstanceProfile&Version=2010-05-08: + get: + description:

Deletes the specified instance profile. The instance profile + must not have an associated role.

Make sure that you do + not have any Amazon EC2 instances running with the instance profile you are + about to delete. Deleting a role or instance profile that is associated with + a running instance will break any applications running on the instance.

+

For more information about instance profiles, see About + instance profiles.

+ operationId: GET_DeleteInstanceProfile + parameters: + - description: '

The name of the instance profile to delete.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: InstanceProfileName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteInstanceProfile + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes the specified instance profile. The instance profile + must not have an associated role.

Make sure that you do + not have any Amazon EC2 instances running with the instance profile you are + about to delete. Deleting a role or instance profile that is associated with + a running instance will break any applications running on the instance.

+

For more information about instance profiles, see About + instance profiles.

+ operationId: POST_DeleteInstanceProfile + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteInstanceProfileRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteInstanceProfile + /?Action=DeleteLoginProfile&Version=2010-05-08: + get: + description:

Deletes the password for the specified IAM user, which terminates + the user's ability to access Amazon Web Services services through the Amazon + Web Services Management Console.

You can use the CLI, the Amazon Web + Services API, or the Users page in the IAM console to delete a password + for any IAM user. You can use ChangePassword to update, but not delete, + your own password in the My Security Credentials page in the Amazon + Web Services Management Console.

Deleting a user's password + does not prevent a user from accessing Amazon Web Services through the command + line interface or the API. To prevent all user access, you must also either + make any access keys inactive or delete them. For more information about making + keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey. +

+ operationId: GET_DeleteLoginProfile + parameters: + - description: '

The name of the user whose password you want to delete.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteLoginProfile + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes the password for the specified IAM user, which terminates + the user's ability to access Amazon Web Services services through the Amazon + Web Services Management Console.

You can use the CLI, the Amazon Web + Services API, or the Users page in the IAM console to delete a password + for any IAM user. You can use ChangePassword to update, but not delete, + your own password in the My Security Credentials page in the Amazon + Web Services Management Console.

Deleting a user's password + does not prevent a user from accessing Amazon Web Services through the command + line interface or the API. To prevent all user access, you must also either + make any access keys inactive or delete them. For more information about making + keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey. +

+ operationId: POST_DeleteLoginProfile + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteLoginProfileRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteLoginProfile + /?Action=DeleteOpenIDConnectProvider&Version=2010-05-08: + get: + description:

Deletes an OpenID Connect identity provider (IdP) resource object + in IAM.

Deleting an IAM OIDC provider resource does not update any + roles that reference the provider as a principal in their trust policies. + Any attempt to assume a role that references a deleted provider fails.

+

This operation is idempotent; it does not fail or return an error if you + call the operation for a provider that does not exist.

+ operationId: GET_DeleteOpenIDConnectProvider + parameters: + - description: The Amazon Resource Name (ARN) of the IAM OpenID Connect provider + resource object to delete. You can get a list of OpenID Connect provider + resource ARNs by using the ListOpenIDConnectProviders operation. + in: query + name: OpenIDConnectProviderArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteOpenIDConnectProvider + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes an OpenID Connect identity provider (IdP) resource object + in IAM.

Deleting an IAM OIDC provider resource does not update any + roles that reference the provider as a principal in their trust policies. + Any attempt to assume a role that references a deleted provider fails.

+

This operation is idempotent; it does not fail or return an error if you + call the operation for a provider that does not exist.

+ operationId: POST_DeleteOpenIDConnectProvider + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteOpenIDConnectProviderRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteOpenIDConnectProvider + /?Action=DeletePolicy&Version=2010-05-08: + get: + description:

Deletes the specified managed policy.

Before you can + delete a managed policy, you must first detach the policy from all users, + groups, and roles that it is attached to. In addition, you must delete all + the policy's versions. The following steps describe the process for deleting + a managed policy:

  • Detach the policy from all users, groups, + and roles that the policy is attached to, using DetachUserPolicy, DetachGroupPolicy, + or DetachRolePolicy. To list all the users, groups, and roles that + a policy is attached to, use ListEntitiesForPolicy.

  • +

    Delete all versions of the policy using DeletePolicyVersion. To + list the policy's versions, use ListPolicyVersions. You cannot use + DeletePolicyVersion to delete the version that is marked as the default + version. You delete the policy's default version in the next step of the process.

    +

  • Delete the policy (this automatically deletes the policy's default + version) using this operation.

For information about managed + policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: GET_DeletePolicy + parameters: + - description:

The Amazon Resource Name (ARN) of the IAM policy you want + to delete.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeletePolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes the specified managed policy.

Before you can + delete a managed policy, you must first detach the policy from all users, + groups, and roles that it is attached to. In addition, you must delete all + the policy's versions. The following steps describe the process for deleting + a managed policy:

  • Detach the policy from all users, groups, + and roles that the policy is attached to, using DetachUserPolicy, DetachGroupPolicy, + or DetachRolePolicy. To list all the users, groups, and roles that + a policy is attached to, use ListEntitiesForPolicy.

  • +

    Delete all versions of the policy using DeletePolicyVersion. To + list the policy's versions, use ListPolicyVersions. You cannot use + DeletePolicyVersion to delete the version that is marked as the default + version. You delete the policy's default version in the next step of the process.

    +

  • Delete the policy (this automatically deletes the policy's default + version) using this operation.

For information about managed + policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: POST_DeletePolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeletePolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeletePolicy + /?Action=DeletePolicyVersion&Version=2010-05-08: + get: + description:

Deletes the specified version from the specified managed policy.

+

You cannot delete the default version from a policy using this operation. + To delete the default version from a policy, use DeletePolicy. To find + out which version of a policy is marked as the default version, use ListPolicyVersions.

+

For information about versions for managed policies, see Versioning + for managed policies in the IAM User Guide.

+ operationId: GET_DeletePolicyVersion + parameters: + - description:

The Amazon Resource Name (ARN) of the IAM policy from which + you want to delete a version.

For more information about ARNs, see + Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description:

The policy version to delete.

This parameter allows + (through its regex pattern) + a string of characters that consists of the lowercase letter 'v' followed + by one or two digits, and optionally followed by a period '.' and a string + of letters and digits.

For more information about managed policy + versions, see Versioning + for managed policies in the IAM User Guide.

+ in: query + name: VersionId + required: true + schema: + pattern: v[1-9][0-9]*(\.[A-Za-z0-9-]*)? + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeletePolicyVersion + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes the specified version from the specified managed policy.

+

You cannot delete the default version from a policy using this operation. + To delete the default version from a policy, use DeletePolicy. To find + out which version of a policy is marked as the default version, use ListPolicyVersions.

+

For information about versions for managed policies, see Versioning + for managed policies in the IAM User Guide.

+ operationId: POST_DeletePolicyVersion + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeletePolicyVersionRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeletePolicyVersion + /?Action=DeleteRole&Version=2010-05-08: + get: + description:

Deletes the specified role. The role must not have any policies + attached. For more information about roles, see Working + with roles.

Make sure that you do not have any Amazon + EC2 instances running with the role you are about to delete. Deleting a role + or instance profile that is associated with a running instance will break + any applications running on the instance.

 + operationId: GET_DeleteRole + parameters: + - description: '

The name of the role to delete.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteRole + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes the specified role. The role must not have any policies + attached. For more information about roles, see Working + with roles.

Make sure that you do not have any Amazon + EC2 instances running with the role you are about to delete. Deleting a role + or instance profile that is associated with a running instance will break + any applications running on the instance.

 + operationId: POST_DeleteRole + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteRoleRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteRole + /?Action=DeleteRolePermissionsBoundary&Version=2010-05-08: + get: + description:

Deletes the permissions boundary for the specified IAM role. +

Deleting the permissions boundary for a role might increase + its permissions. For example, it might allow anyone who assumes the role to + perform all the actions granted in its permissions policies.

+ operationId: GET_DeleteRolePermissionsBoundary + parameters: + - description: The name (friendly name, not ARN) of the IAM role from which + you want to remove the permissions boundary. + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteRolePermissionsBoundary + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes the permissions boundary for the specified IAM role. +

Deleting the permissions boundary for a role might increase + its permissions. For example, it might allow anyone who assumes the role to + perform all the actions granted in its permissions policies.

+ operationId: POST_DeleteRolePermissionsBoundary + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteRolePermissionsBoundaryRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteRolePermissionsBoundary + /?Action=DeleteRolePolicy&Version=2010-05-08: + get: + description:

Deletes the specified inline policy that is embedded in the + specified IAM role.

A role can also have managed policies attached + to it. To detach a managed policy from a role, use DetachRolePolicy. + For more information about policies, refer to Managed + policies and inline policies in the IAM User Guide.

+ operationId: GET_DeleteRolePolicy + parameters: + - description: '

The name (friendly name, not ARN) identifying the role that + the policy is embedded in.

This parameter allows (through its regex pattern) a string of characters + consisting of upper and lowercase alphanumeric characters with no spaces. + You can also include any of the following characters: _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The name of the inline policy to delete from the specified + IAM role.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: PolicyName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteRolePolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes the specified inline policy that is embedded in the + specified IAM role.

A role can also have managed policies attached + to it. To detach a managed policy from a role, use DetachRolePolicy. + For more information about policies, refer to Managed + policies and inline policies in the IAM User Guide.

+ operationId: POST_DeleteRolePolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteRolePolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteRolePolicy + /?Action=DeleteSAMLProvider&Version=2010-05-08: + get: + description:

Deletes a SAML provider resource in IAM.

Deleting the + provider resource from IAM does not update any roles that reference the SAML + provider resource's ARN as a principal in their trust policies. Any attempt + to assume a role that references a non-existent provider resource ARN fails.

+

This operation requires Signature + Version 4.

 + operationId: GET_DeleteSAMLProvider + parameters: + - description: The Amazon Resource Name (ARN) of the SAML provider to delete. + in: query + name: SAMLProviderArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteSAMLProvider + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes a SAML provider resource in IAM.

Deleting the + provider resource from IAM does not update any roles that reference the SAML + provider resource's ARN as a principal in their trust policies. Any attempt + to assume a role that references a non-existent provider resource ARN fails.

+

This operation requires Signature + Version 4.

 + operationId: POST_DeleteSAMLProvider + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteSAMLProviderRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteSAMLProvider + /?Action=DeleteSSHPublicKey&Version=2010-05-08: + get: + description:

Deletes the specified SSH public key.

The SSH public + key deleted by this operation is used only for authenticating the associated + IAM user to an CodeCommit repository. For more information about using SSH + keys to authenticate to an CodeCommit repository, see Set + up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: GET_DeleteSSHPublicKey + parameters: + - description: '

The name of the IAM user associated with the SSH public key.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The unique identifier for the SSH public key.

This + parameter allows (through its regex + pattern) a string of characters that can consist of any upper or lowercased + letter or digit.

+ in: query + name: SSHPublicKeyId + required: true + schema: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: DeleteSSHPublicKey + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes the specified SSH public key.

The SSH public + key deleted by this operation is used only for authenticating the associated + IAM user to an CodeCommit repository. For more information about using SSH + keys to authenticate to an CodeCommit repository, see Set + up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: POST_DeleteSSHPublicKey + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteSSHPublicKeyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: DeleteSSHPublicKey + /?Action=DeleteServerCertificate&Version=2010-05-08: + get: + description:

Deletes the specified server certificate.

For more information + about working with server certificates, see Working + with server certificates in the IAM User Guide. This topic also + includes a list of Amazon Web Services services that can use the server certificates + that you manage with IAM.

If you are using a server certificate + with Elastic Load Balancing, deleting the certificate could have implications + for your application. If Elastic Load Balancing doesn't detect the deletion + of bound certificates, it may continue to use the certificates. This could + cause Elastic Load Balancing to stop accepting traffic. We recommend that + you remove the reference to the certificate from Elastic Load Balancing before + using this command to delete the certificate. For more information, see DeleteLoadBalancerListeners + in the Elastic Load Balancing API Reference.

 + operationId: GET_DeleteServerCertificate + parameters: + - description: '

The name of the server certificate you want to delete.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: ServerCertificateName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteServerCertificate + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes the specified server certificate.

For more information + about working with server certificates, see Working + with server certificates in the IAM User Guide. This topic also + includes a list of Amazon Web Services services that can use the server certificates + that you manage with IAM.

If you are using a server certificate + with Elastic Load Balancing, deleting the certificate could have implications + for your application. If Elastic Load Balancing doesn't detect the deletion + of bound certificates, it may continue to use the certificates. This could + cause Elastic Load Balancing to stop accepting traffic. We recommend that + you remove the reference to the certificate from Elastic Load Balancing before + using this command to delete the certificate. For more information, see DeleteLoadBalancerListeners + in the Elastic Load Balancing API Reference.

 + operationId: POST_DeleteServerCertificate + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteServerCertificateRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteServerCertificate + /?Action=DeleteServiceLinkedRole&Version=2010-05-08: + get: + description: '

Submits a service-linked role deletion request and returns + a DeletionTaskId, which you can use to check the status of the + deletion. Before you call this operation, confirm that the role has no active + sessions and that any resources used by the role in the linked service are + deleted. If you call this operation more than once for the same service-linked + role and an earlier deletion task is not complete, then the DeletionTaskId + of the earlier request is returned.

If you submit a deletion request + for a service-linked role whose linked service is still accessing a resource, + then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus + operation returns the reason for the failure, usually including the resources + that must be deleted. To delete the service-linked role, you must first remove + those resources from the linked service and then submit the deletion request + again. Resources are specific to the service that is linked to the role. For + more information about removing resources from a service, see the Amazon + Web Services documentation for your service.

For more information + about service-linked roles, see Roles + terms and concepts: Amazon Web Services service-linked role in the IAM + User Guide.

' + operationId: GET_DeleteServiceLinkedRole + parameters: + - description: The name of the service-linked role to be deleted. + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + DeleteServiceLinkedRoleResult: + $ref: '#/components/schemas/DeleteServiceLinkedRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteServiceLinkedRole + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: '

Submits a service-linked role deletion request and returns + a DeletionTaskId, which you can use to check the status of the + deletion. Before you call this operation, confirm that the role has no active + sessions and that any resources used by the role in the linked service are + deleted. If you call this operation more than once for the same service-linked + role and an earlier deletion task is not complete, then the DeletionTaskId + of the earlier request is returned.

If you submit a deletion request + for a service-linked role whose linked service is still accessing a resource, + then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus + operation returns the reason for the failure, usually including the resources + that must be deleted. To delete the service-linked role, you must first remove + those resources from the linked service and then submit the deletion request + again. Resources are specific to the service that is linked to the role. For + more information about removing resources from a service, see the Amazon + Web Services documentation for your service.

For more information + about service-linked roles, see Roles + terms and concepts: Amazon Web Services service-linked role in the IAM + User Guide.

' + operationId: POST_DeleteServiceLinkedRole + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteServiceLinkedRoleRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + DeleteServiceLinkedRoleResult: + $ref: '#/components/schemas/DeleteServiceLinkedRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteServiceLinkedRole + /?Action=DeleteServiceSpecificCredential&Version=2010-05-08: + get: + description: Deletes the specified service-specific credential. + operationId: GET_DeleteServiceSpecificCredential + parameters: + - description: '

The name of the IAM user associated with the service-specific + credential. If this value is not specified, then the operation assumes the + user whose credentials are used to call the operation.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The unique identifier of the service-specific credential. + You can get this value by calling ListServiceSpecificCredentials.

+

This parameter allows (through its regex + pattern) a string of characters that can consist of any upper or lowercased + letter or digit.

+ in: query + name: ServiceSpecificCredentialId + required: true + schema: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: DeleteServiceSpecificCredential + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Deletes the specified service-specific credential. + operationId: POST_DeleteServiceSpecificCredential + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteServiceSpecificCredentialRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: DeleteServiceSpecificCredential + /?Action=DeleteSigningCertificate&Version=2010-05-08: + get: + description:

Deletes a signing certificate associated with the specified + IAM user.

If you do not specify a user name, IAM determines the user + name implicitly based on the Amazon Web Services access key ID signing the + request. This operation works for access keys under the Amazon Web Services + account. Consequently, you can use this operation to manage Amazon Web Services + account root user credentials even if the Amazon Web Services account has + no associated IAM users.

+ operationId: GET_DeleteSigningCertificate + parameters: + - description: '

The name of the user the signing certificate belongs to.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The ID of the signing certificate to delete.

The format + of this parameter, as described by its regex + pattern, is a string of characters that can be upper- or lower-cased letters + or digits.

+ in: query + name: CertificateId + required: true + schema: + maxLength: 128 + minLength: 24 + pattern: '[\w]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteSigningCertificate + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes a signing certificate associated with the specified + IAM user.

If you do not specify a user name, IAM determines the user + name implicitly based on the Amazon Web Services access key ID signing the + request. This operation works for access keys under the Amazon Web Services + account. Consequently, you can use this operation to manage Amazon Web Services + account root user credentials even if the Amazon Web Services account has + no associated IAM users.

+ operationId: POST_DeleteSigningCertificate + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteSigningCertificateRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteSigningCertificate + /?Action=DeleteUser&Version=2010-05-08: + get: + description:

Deletes the specified IAM user. Unlike the Amazon Web Services + Management Console, when you delete a user programmatically, you must delete + the items attached to the user manually, or the deletion fails. For more information, + see Deleting + an IAM user. Before attempting to delete a user, remove the following + items:

+ operationId: GET_DeleteUser + parameters: + - description: '

The name of the user to delete.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteUser + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes the specified IAM user. Unlike the Amazon Web Services + Management Console, when you delete a user programmatically, you must delete + the items attached to the user manually, or the deletion fails. For more information, + see Deleting + an IAM user. Before attempting to delete a user, remove the following + items:

+ operationId: POST_DeleteUser + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteUserRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteUser + /?Action=DeleteUserPermissionsBoundary&Version=2010-05-08: + get: + description:

Deletes the permissions boundary for the specified IAM user.

+

Deleting the permissions boundary for a user might increase + its permissions by allowing the user to perform all the actions granted in + its permissions policies.

+ operationId: GET_DeleteUserPermissionsBoundary + parameters: + - description: The name (friendly name, not ARN) of the IAM user from which + you want to remove the permissions boundary. + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteUserPermissionsBoundary + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes the permissions boundary for the specified IAM user.

+

Deleting the permissions boundary for a user might increase + its permissions by allowing the user to perform all the actions granted in + its permissions policies.

+ operationId: POST_DeleteUserPermissionsBoundary + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteUserPermissionsBoundaryRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteUserPermissionsBoundary + /?Action=DeleteUserPolicy&Version=2010-05-08: + get: + description:

Deletes the specified inline policy that is embedded in the + specified IAM user.

A user can also have managed policies attached + to it. To detach a managed policy from a user, use DetachUserPolicy. + For more information about policies, refer to Managed + policies and inline policies in the IAM User Guide.

+ operationId: GET_DeleteUserPolicy + parameters: + - description: '

The name (friendly name, not ARN) identifying the user that + the policy is embedded in.

This parameter allows (through its regex pattern) a string of characters + consisting of upper and lowercase alphanumeric characters with no spaces. + You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The name identifying the policy document to delete.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: PolicyName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteUserPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes the specified inline policy that is embedded in the + specified IAM user.

A user can also have managed policies attached + to it. To detach a managed policy from a user, use DetachUserPolicy. + For more information about policies, refer to Managed + policies and inline policies in the IAM User Guide.

+ operationId: POST_DeleteUserPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteUserPolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteUserPolicy + /?Action=DeleteVirtualMFADevice&Version=2010-05-08: + get: + description:

Deletes a virtual MFA device.

You must deactivate + a user's virtual MFA device before you can delete it. For information about + deactivating MFA devices, see DeactivateMFADevice.

+ operationId: GET_DeleteVirtualMFADevice + parameters: + - description: '

The serial number that uniquely identifies the MFA device. + For virtual MFA devices, the serial number is the same as the ARN.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + =,.@:/-

' + in: query + name: SerialNumber + required: true + schema: + maxLength: 256 + minLength: 9 + pattern: '[\w+=/:,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteVirtualMFADevice + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes a virtual MFA device.

You must deactivate + a user's virtual MFA device before you can delete it. For information about + deactivating MFA devices, see DeactivateMFADevice.

+ operationId: POST_DeleteVirtualMFADevice + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteVirtualMFADeviceRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteVirtualMFADevice + /?Action=DetachGroupPolicy&Version=2010-05-08: + get: + description:

Removes the specified managed policy from the specified IAM + group.

A group can also have inline policies embedded with it. To delete + an inline policy, use DeleteGroupPolicy. For information about policies, + see Managed + policies and inline policies in the IAM User Guide.

+ operationId: GET_DetachGroupPolicy + parameters: + - description: '

The name (friendly name, not ARN) of the IAM group to detach + the policy from.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: GroupName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The Amazon Resource Name (ARN) of the IAM policy you want + to detach.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DetachGroupPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Removes the specified managed policy from the specified IAM + group.

A group can also have inline policies embedded with it. To delete + an inline policy, use DeleteGroupPolicy. For information about policies, + see Managed + policies and inline policies in the IAM User Guide.

+ operationId: POST_DetachGroupPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DetachGroupPolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DetachGroupPolicy + /?Action=DetachRolePolicy&Version=2010-05-08: + get: + description:

Removes the specified managed policy from the specified role.

+

A role can also have inline policies embedded with it. To delete an inline + policy, use DeleteRolePolicy. For information about policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: GET_DetachRolePolicy + parameters: + - description: '

The name (friendly name, not ARN) of the IAM role to detach + the policy from.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The Amazon Resource Name (ARN) of the IAM policy you want + to detach.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DetachRolePolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Removes the specified managed policy from the specified role.

+

A role can also have inline policies embedded with it. To delete an inline + policy, use DeleteRolePolicy. For information about policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: POST_DetachRolePolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DetachRolePolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DetachRolePolicy + /?Action=DetachUserPolicy&Version=2010-05-08: + get: + description:

Removes the specified managed policy from the specified user.

+

A user can also have inline policies embedded with it. To delete an inline + policy, use DeleteUserPolicy. For information about policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: GET_DetachUserPolicy + parameters: + - description: '

The name (friendly name, not ARN) of the IAM user to detach + the policy from.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The Amazon Resource Name (ARN) of the IAM policy you want + to detach.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DetachUserPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Removes the specified managed policy from the specified user.

+

A user can also have inline policies embedded with it. To delete an inline + policy, use DeleteUserPolicy. For information about policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: POST_DetachUserPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DetachUserPolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DetachUserPolicy + /?Action=EnableMFADevice&Version=2010-05-08: + get: + description: Enables the specified MFA device and associates it with the specified + IAM user. When enabled, the MFA device is required for every subsequent login + by the IAM user associated with the device. + operationId: GET_EnableMFADevice + parameters: + - description: '

The name of the IAM user for whom you want to enable the + MFA device.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The serial number that uniquely identifies the MFA device. + For virtual MFA devices, the serial number is the device ARN.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + =,.@:/-

' + in: query + name: SerialNumber + required: true + schema: + maxLength: 256 + minLength: 9 + pattern: '[\w+=/:,.@-]+' + type: string + - description:

An authentication code emitted by the device.

The + format for this parameter is a string of six digits.

Submit + your request immediately after generating the authentication codes. If you + generate the codes and then wait too long to submit the request, the MFA + device successfully associates with the user but the MFA device becomes + out of sync. This happens because time-based one-time passwords (TOTP) expire + after a short period of time. If this happens, you can resync + the device.

 + in: query + name: AuthenticationCode1 + required: true + schema: + maxLength: 6 + minLength: 6 + pattern: '[\d]+' + type: string + - description:

A subsequent authentication code emitted by the device.

+

The format for this parameter is a string of six digits.

+

Submit your request immediately after generating the authentication codes. + If you generate the codes and then wait too long to submit the request, + the MFA device successfully associates with the user but the MFA device + becomes out of sync. This happens because time-based one-time passwords + (TOTP) expire after a short period of time. If this happens, you can resync + the device.

 + in: query + name: AuthenticationCode2 + required: true + schema: + maxLength: 6 + minLength: 6 + pattern: '[\d]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidAuthenticationCodeException' + description: InvalidAuthenticationCodeException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: EnableMFADevice + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Enables the specified MFA device and associates it with the specified + IAM user. When enabled, the MFA device is required for every subsequent login + by the IAM user associated with the device. + operationId: POST_EnableMFADevice + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableMFADeviceRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidAuthenticationCodeException' + description: InvalidAuthenticationCodeException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: EnableMFADevice + /?Action=GenerateCredentialReport&Version=2010-05-08: + get: + description: ' Generates a credential report for the Amazon Web Services account. + For more information about the credential report, see Getting + credential reports in the IAM User Guide.' + operationId: GET_GenerateCredentialReport + parameters: [] + responses: + '200': + content: + text/xml: + schema: + properties: + GenerateCredentialReportResult: + $ref: '#/components/schemas/GenerateCredentialReportResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GenerateCredentialReport + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: ' Generates a credential report for the Amazon Web Services account. + For more information about the credential report, see Getting + credential reports in the IAM User Guide.' + operationId: POST_GenerateCredentialReport + parameters: [] + responses: + '200': + content: + text/xml: + schema: + properties: + GenerateCredentialReportResult: + $ref: '#/components/schemas/GenerateCredentialReportResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GenerateCredentialReport + /?Action=GenerateOrganizationsAccessReport&Version=2010-05-08: + get: + description: "

Generates a report for service last accessed data for Organizations.\ + \ You can generate a report for any entities (organization root, organizational\ + \ unit, or account) or policies in your organization.

To call this\ + \ operation, you must be signed in using your Organizations management account\ + \ credentials. You can use your long-term IAM user or root user credentials,\ + \ or temporary credentials from assuming an IAM role. SCPs must be enabled\ + \ for your organization root. You must have the required IAM and Organizations\ + \ permissions. For more information, see Refining permissions using service last accessed data in the IAM User\ + \ Guide.

You can generate a service last accessed data report for\ + \ entities by specifying only the entity's path. This data includes a list\ + \ of services that are allowed by any service control policies (SCPs) that\ + \ apply to the entity.

You can generate a service last accessed data\ + \ report for a policy by specifying an entity's path and an optional Organizations\ + \ policy ID. This data includes a list of services that are allowed by the\ + \ specified SCP.

For each service in both report types, the data includes\ + \ the most recent account activity that the policy allows to account principals\ + \ in the entity or the entity's children. For important information about\ + \ the data, reporting period, permissions required, troubleshooting, and supported\ + \ Regions see Reducing permissions using service last accessed data in the IAM User\ + \ Guide.

The data includes\_all\_attempts to access\ + \ Amazon Web Services, not just the successful ones. This includes all attempts\ + \ that were made using the Amazon Web Services Management Console, the Amazon\ + \ Web Services API through any of the SDKs, or any of the command line tools.\ + \ An unexpected entry in the service last accessed data does not mean that\ + \ an account has been compromised, because the request might have been denied.\ + \ Refer to your CloudTrail logs as the authoritative source for information\ + \ about all API calls and whether they were successful or denied access. For\ + \ more information, see\_Logging IAM events with CloudTrail in the IAM User Guide.

\ + \

This operation returns a JobId. Use this parameter\ + \ in the GetOrganizationsAccessReport operation to check\ + \ the status of the report generation. To check the status of this request,\ + \ use the JobId parameter in the GetOrganizationsAccessReport\ + \ operation and test the JobStatus response parameter.\ + \ When the job is complete, you can retrieve the report.

To generate\ + \ a service last accessed data report for entities, specify an entity path\ + \ without specifying the optional Organizations policy ID. The type of entity\ + \ that you specify determines the data returned in the report.

  • \ + \

    Root \u2013 When you specify the organizations root as the entity,\ + \ the resulting report lists all of the services allowed by SCPs that are\ + \ attached to your root. For each service, the report includes data for all\ + \ accounts in your organization except the management account, because the\ + \ management account is not limited by SCPs.

  • OU\ + \ \u2013 When you specify an organizational unit (OU) as the entity, the resulting\ + \ report lists all of the services allowed by SCPs that are attached to the\ + \ OU and its parents. For each service, the report includes data for all accounts\ + \ in the OU or its children. This data excludes the management account, because\ + \ the management account is not limited by SCPs.

  • management\ + \ account \u2013 When you specify the management account, the resulting\ + \ report lists all Amazon Web Services services, because the management account\ + \ is not limited by SCPs. For each service, the report includes data for only\ + \ the management account.

  • Account \u2013 When you\ + \ specify another account as the entity, the resulting report lists all of\ + \ the services allowed by SCPs that are attached to the account and its parents.\ + \ For each service, the report includes data for only the specified account.

    \ + \

To generate a service last accessed data report for policies,\ + \ specify an entity path and the optional Organizations policy ID. The type\ + \ of entity that you specify determines the data returned for each service.

\ + \

  • Root \u2013 When you specify the root entity and a\ + \ policy ID, the resulting report lists all of the services that are allowed\ + \ by the specified SCP. For each service, the report includes data for all\ + \ accounts in your organization to which the SCP applies. This data excludes\ + \ the management account, because the management account is not limited by\ + \ SCPs. If the SCP is not attached to any entities in the organization, then\ + \ the report will return a list of services with no data.

  • \ + \ OU \u2013 When you specify an OU entity and a policy ID, the resulting\ + \ report lists all of the services that are allowed by the specified SCP.\ + \ For each service, the report includes data for all accounts in the OU or\ + \ its children to which the SCP applies. This means that other accounts outside\ + \ the OU that are affected by the SCP might not be included in the data. This\ + \ data excludes the management account, because the management account is\ + \ not limited by SCPs. If the SCP is not attached to the OU or one of its\ + \ children, the report will return a list of services with no data.

    • \ + \

  • management account \u2013 When you specify the management\ + \ account, the resulting report lists all Amazon Web Services services, because\ + \ the management account is not limited by SCPs. If you specify a policy ID\ + \ in the CLI or API, the policy is ignored. For each service, the report includes\ + \ data for only the management account.

  • Account\ + \ \u2013 When you specify another account entity and a policy ID, the resulting\ + \ report lists all of the services that are allowed by the specified SCP.\ + \ For each service, the report includes data for only the specified account.\ + \ This means that other accounts in the organization that are affected by\ + \ the SCP might not be included in the data. If the SCP is not attached to\ + \ the account, the report will return a list of services with no data.

    \ + \

Service last accessed data does not use other policy\ + \ types when determining whether a principal could access a service. These\ + \ other policy types include identity-based policies, resource-based policies,\ + \ access control lists, IAM permissions boundaries, and STS assume role policies.\ + \ It only applies SCP logic. For more about the evaluation of policy types,\ + \ see Evaluating policies in the IAM User Guide.

For\ + \ more information about service last accessed data, see Reducing policy scope by viewing user activity in the IAM User Guide.

" + operationId: GET_GenerateOrganizationsAccessReport + parameters: + - description: The path of the Organizations entity (root, OU, or account). + You can build an entity path using the known structure of your organization. + For example, assume that your account ID is 123456789012 and + its parent OU ID is ou-rge0-awsabcde. The organization root + ID is r-f6g7h8i9j0example and your organization ID is o-a1b2c3d4e5. + Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012. + in: query + name: EntityPath + required: true + schema: + maxLength: 427 + minLength: 19 + pattern: ^o-[0-9a-z]{10,32}\/r-[0-9a-z]{4,32}[0-9a-z-\/]* + type: string + - description:

The identifier of the Organizations service control policy + (SCP). This parameter is optional.

This ID is used to generate information + about when an account principal that is limited by the SCP attempted to + access an Amazon Web Services service.

+ in: query + name: OrganizationsPolicyId + required: false + schema: + pattern: ^p-[0-9a-zA-Z_]{8,128}$ + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GenerateOrganizationsAccessReportResult: + $ref: '#/components/schemas/GenerateOrganizationsAccessReportResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ReportGenerationLimitExceededException' + description: ReportGenerationLimitExceededException + x-aws-operation-name: GenerateOrganizationsAccessReport + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: "

Generates a report for service last accessed data for Organizations.\ + \ You can generate a report for any entities (organization root, organizational\ + \ unit, or account) or policies in your organization.

To call this\ + \ operation, you must be signed in using your Organizations management account\ + \ credentials. You can use your long-term IAM user or root user credentials,\ + \ or temporary credentials from assuming an IAM role. SCPs must be enabled\ + \ for your organization root. You must have the required IAM and Organizations\ + \ permissions. For more information, see Refining permissions using service last accessed data in the IAM User\ + \ Guide.

You can generate a service last accessed data report for\ + \ entities by specifying only the entity's path. This data includes a list\ + \ of services that are allowed by any service control policies (SCPs) that\ + \ apply to the entity.

You can generate a service last accessed data\ + \ report for a policy by specifying an entity's path and an optional Organizations\ + \ policy ID. This data includes a list of services that are allowed by the\ + \ specified SCP.

For each service in both report types, the data includes\ + \ the most recent account activity that the policy allows to account principals\ + \ in the entity or the entity's children. For important information about\ + \ the data, reporting period, permissions required, troubleshooting, and supported\ + \ Regions see Reducing permissions using service last accessed data in the IAM User\ + \ Guide.

The data includes\_all\_attempts to access\ + \ Amazon Web Services, not just the successful ones. This includes all attempts\ + \ that were made using the Amazon Web Services Management Console, the Amazon\ + \ Web Services API through any of the SDKs, or any of the command line tools.\ + \ An unexpected entry in the service last accessed data does not mean that\ + \ an account has been compromised, because the request might have been denied.\ + \ Refer to your CloudTrail logs as the authoritative source for information\ + \ about all API calls and whether they were successful or denied access. For\ + \ more information, see\_Logging IAM events with CloudTrail in the IAM User Guide.

\ + \

This operation returns a JobId. Use this parameter\ + \ in the GetOrganizationsAccessReport operation to check\ + \ the status of the report generation. To check the status of this request,\ + \ use the JobId parameter in the GetOrganizationsAccessReport\ + \ operation and test the JobStatus response parameter.\ + \ When the job is complete, you can retrieve the report.

To generate\ + \ a service last accessed data report for entities, specify an entity path\ + \ without specifying the optional Organizations policy ID. The type of entity\ + \ that you specify determines the data returned in the report.

  • \ + \

    Root \u2013 When you specify the organizations root as the entity,\ + \ the resulting report lists all of the services allowed by SCPs that are\ + \ attached to your root. For each service, the report includes data for all\ + \ accounts in your organization except the management account, because the\ + \ management account is not limited by SCPs.

  • OU\ + \ \u2013 When you specify an organizational unit (OU) as the entity, the resulting\ + \ report lists all of the services allowed by SCPs that are attached to the\ + \ OU and its parents. For each service, the report includes data for all accounts\ + \ in the OU or its children. This data excludes the management account, because\ + \ the management account is not limited by SCPs.

  • management\ + \ account \u2013 When you specify the management account, the resulting\ + \ report lists all Amazon Web Services services, because the management account\ + \ is not limited by SCPs. For each service, the report includes data for only\ + \ the management account.

  • Account \u2013 When you\ + \ specify another account as the entity, the resulting report lists all of\ + \ the services allowed by SCPs that are attached to the account and its parents.\ + \ For each service, the report includes data for only the specified account.

    \ + \

To generate a service last accessed data report for policies,\ + \ specify an entity path and the optional Organizations policy ID. The type\ + \ of entity that you specify determines the data returned for each service.

\ + \

  • Root \u2013 When you specify the root entity and a\ + \ policy ID, the resulting report lists all of the services that are allowed\ + \ by the specified SCP. For each service, the report includes data for all\ + \ accounts in your organization to which the SCP applies. This data excludes\ + \ the management account, because the management account is not limited by\ + \ SCPs. If the SCP is not attached to any entities in the organization, then\ + \ the report will return a list of services with no data.

  • \ + \ OU \u2013 When you specify an OU entity and a policy ID, the resulting\ + \ report lists all of the services that are allowed by the specified SCP.\ + \ For each service, the report includes data for all accounts in the OU or\ + \ its children to which the SCP applies. This means that other accounts outside\ + \ the OU that are affected by the SCP might not be included in the data. This\ + \ data excludes the management account, because the management account is\ + \ not limited by SCPs. If the SCP is not attached to the OU or one of its\ + \ children, the report will return a list of services with no data.

    • \ + \

  • management account \u2013 When you specify the management\ + \ account, the resulting report lists all Amazon Web Services services, because\ + \ the management account is not limited by SCPs. If you specify a policy ID\ + \ in the CLI or API, the policy is ignored. For each service, the report includes\ + \ data for only the management account.

  • Account\ + \ \u2013 When you specify another account entity and a policy ID, the resulting\ + \ report lists all of the services that are allowed by the specified SCP.\ + \ For each service, the report includes data for only the specified account.\ + \ This means that other accounts in the organization that are affected by\ + \ the SCP might not be included in the data. If the SCP is not attached to\ + \ the account, the report will return a list of services with no data.

    \ + \

Service last accessed data does not use other policy\ + \ types when determining whether a principal could access a service. These\ + \ other policy types include identity-based policies, resource-based policies,\ + \ access control lists, IAM permissions boundaries, and STS assume role policies.\ + \ It only applies SCP logic. For more about the evaluation of policy types,\ + \ see Evaluating policies in the IAM User Guide.

For\ + \ more information about service last accessed data, see Reducing policy scope by viewing user activity in the IAM User Guide.

" + operationId: POST_GenerateOrganizationsAccessReport + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GenerateOrganizationsAccessReportRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GenerateOrganizationsAccessReportResult: + $ref: '#/components/schemas/GenerateOrganizationsAccessReportResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ReportGenerationLimitExceededException' + description: ReportGenerationLimitExceededException + x-aws-operation-name: GenerateOrganizationsAccessReport + /?Action=GenerateServiceLastAccessedDetails&Version=2010-05-08: + get: + description: "

Generates a report that includes details about when an IAM\ + \ resource (user, group, role, or policy) was last used in an attempt to access\ + \ Amazon Web Services services. Recent activity usually appears within four\ + \ hours. IAM reports activity for at least the last 400 days, or less if your\ + \ Region began supporting this feature within the last year. For more information,\ + \ see Regions where data is tracked.

The service last accessed\ + \ data includes\_all\_attempts to access an Amazon Web Services API, not just\ + \ the successful ones. This includes all attempts that were made using the\ + \ Amazon Web Services Management Console, the Amazon Web Services API through\ + \ any of the SDKs, or any of the command line tools. An unexpected entry in\ + \ the service last accessed data does not mean that your account has been\ + \ compromised, because the request might have been denied. Refer to your CloudTrail\ + \ logs as the authoritative source for information about all API calls and\ + \ whether they were successful or denied access. For more information, see\_\ + Logging IAM events with CloudTrail in the IAM User Guide.

\ + \

The GenerateServiceLastAccessedDetails operation\ + \ returns a JobId. Use this parameter in the following operations\ + \ to retrieve the following details from your report:

  • GetServiceLastAccessedDetails\ + \ \u2013 Use this operation for users, groups, roles, or policies to list\ + \ every Amazon Web Services service that the resource could access using permissions\ + \ policies. For each service, the response includes information about the\ + \ most recent access attempt.

    The JobId returned by GenerateServiceLastAccessedDetail\ + \ must be used by the same role within a session, or by the same user when\ + \ used to call GetServiceLastAccessedDetail.

  • \ + \ GetServiceLastAccessedDetailsWithEntities \u2013 Use this operation\ + \ for groups and policies to list information about the associated entities\ + \ (users or roles) that attempted to access a specific Amazon Web Services\ + \ service.

To check the status of the GenerateServiceLastAccessedDetails\ + \ request, use the JobId parameter in the same operations and\ + \ test the JobStatus response parameter.

For additional\ + \ information about the permissions policies that allow an identity (user,\ + \ group, or role) to access specific services, use the ListPoliciesGrantingServiceAccess\ + \ operation.

Service last accessed data does not use other policy\ + \ types when determining whether a resource could access a service. These\ + \ other policy types include resource-based policies, access control lists,\ + \ Organizations policies, IAM permissions boundaries, and STS assume role\ + \ policies. It only applies permissions policy logic. For more about the evaluation\ + \ of policy types, see Evaluating policies in the IAM User Guide.

For\ + \ more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User\ + \ Guide.

" + operationId: GET_GenerateServiceLastAccessedDetails + parameters: + - description: The ARN of the IAM resource (user, group, role, or managed policy) + used to generate information about when the resource was last used in an + attempt to access an Amazon Web Services service. + in: query + name: Arn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description: The level of detail that you want to generate. You can specify + whether you want to generate information about the last attempt to access + services or actions. If you specify service-level granularity, this operation + generates only service data. If you specify action-level granularity, it + generates service and action data. If you don't include this optional parameter, + the operation generates service data. + in: query + name: Granularity + required: false + schema: + enum: + - SERVICE_LEVEL + - ACTION_LEVEL + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GenerateServiceLastAccessedDetailsResult: + $ref: '#/components/schemas/GenerateServiceLastAccessedDetailsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GenerateServiceLastAccessedDetails + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: "

Generates a report that includes details about when an IAM\ + \ resource (user, group, role, or policy) was last used in an attempt to access\ + \ Amazon Web Services services. Recent activity usually appears within four\ + \ hours. IAM reports activity for at least the last 400 days, or less if your\ + \ Region began supporting this feature within the last year. For more information,\ + \ see Regions where data is tracked.

The service last accessed\ + \ data includes\_all\_attempts to access an Amazon Web Services API, not just\ + \ the successful ones. This includes all attempts that were made using the\ + \ Amazon Web Services Management Console, the Amazon Web Services API through\ + \ any of the SDKs, or any of the command line tools. An unexpected entry in\ + \ the service last accessed data does not mean that your account has been\ + \ compromised, because the request might have been denied. Refer to your CloudTrail\ + \ logs as the authoritative source for information about all API calls and\ + \ whether they were successful or denied access. For more information, see\_\ + Logging IAM events with CloudTrail in the IAM User Guide.

\ + \

The GenerateServiceLastAccessedDetails operation\ + \ returns a JobId. Use this parameter in the following operations\ + \ to retrieve the following details from your report:

  • GetServiceLastAccessedDetails\ + \ \u2013 Use this operation for users, groups, roles, or policies to list\ + \ every Amazon Web Services service that the resource could access using permissions\ + \ policies. For each service, the response includes information about the\ + \ most recent access attempt.

    The JobId returned by GenerateServiceLastAccessedDetail\ + \ must be used by the same role within a session, or by the same user when\ + \ used to call GetServiceLastAccessedDetail.

  • \ + \ GetServiceLastAccessedDetailsWithEntities \u2013 Use this operation\ + \ for groups and policies to list information about the associated entities\ + \ (users or roles) that attempted to access a specific Amazon Web Services\ + \ service.

To check the status of the GenerateServiceLastAccessedDetails\ + \ request, use the JobId parameter in the same operations and\ + \ test the JobStatus response parameter.

For additional\ + \ information about the permissions policies that allow an identity (user,\ + \ group, or role) to access specific services, use the ListPoliciesGrantingServiceAccess\ + \ operation.

Service last accessed data does not use other policy\ + \ types when determining whether a resource could access a service. These\ + \ other policy types include resource-based policies, access control lists,\ + \ Organizations policies, IAM permissions boundaries, and STS assume role\ + \ policies. It only applies permissions policy logic. For more about the evaluation\ + \ of policy types, see Evaluating policies in the IAM User Guide.

For\ + \ more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User\ + \ Guide.

" + operationId: POST_GenerateServiceLastAccessedDetails + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GenerateServiceLastAccessedDetailsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GenerateServiceLastAccessedDetailsResult: + $ref: '#/components/schemas/GenerateServiceLastAccessedDetailsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GenerateServiceLastAccessedDetails + /?Action=GetAccessKeyLastUsed&Version=2010-05-08: + get: + description: Retrieves information about when the specified access key was last + used. The information includes the date and time of last use, along with the + Amazon Web Services service and Region that were specified in the last request + made with that key. + operationId: GET_GetAccessKeyLastUsed + parameters: + - description:

The identifier of an access key.

This parameter allows + (through its regex pattern) + a string of characters that can consist of any upper or lowercased letter + or digit.

+ in: query + name: AccessKeyId + required: true + schema: + maxLength: 128 + minLength: 16 + pattern: '[\w]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetAccessKeyLastUsedResult: + $ref: '#/components/schemas/GetAccessKeyLastUsedResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: GetAccessKeyLastUsed + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Retrieves information about when the specified access key was last + used. The information includes the date and time of last use, along with the + Amazon Web Services service and Region that were specified in the last request + made with that key. + operationId: POST_GetAccessKeyLastUsed + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetAccessKeyLastUsedRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetAccessKeyLastUsedResult: + $ref: '#/components/schemas/GetAccessKeyLastUsedResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: GetAccessKeyLastUsed + /?Action=GetAccountAuthorizationDetails&Version=2010-05-08: + get: + description:

Retrieves information about all IAM users, groups, roles, and + policies in your Amazon Web Services account, including their relationships + to one another. Use this operation to obtain a snapshot of the configuration + of IAM permissions (users, groups, roles, and policies) in your account.

+

Policies returned by this operation are URL-encoded compliant with + RFC 3986. You can use a + URL decoding method to convert the policy back to plain JSON text. For example, + if you use Java, you can use the decode method of the java.net.URLDecoder + utility class in the Java SDK. Other languages and SDKs provide similar functionality.

+

You can optionally filter the results using the Filter + parameter. You can paginate the results using the MaxItems and + Marker parameters.

+ operationId: GET_GetAccountAuthorizationDetails + parameters: + - description:

A list of entity types used to filter the results. Only the + entities that match the types you specify are included in the output. Use + the value LocalManagedPolicy to include customer managed policies.

+

The format for this parameter is a comma-separated (if more than one) + list of strings. Each string value in the list must be one of the valid + values listed below.

+ in: query + name: Filter + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/EntityType' + - xml: + name: member + type: array + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetAccountAuthorizationDetailsResult: + $ref: '#/components/schemas/GetAccountAuthorizationDetailsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetAccountAuthorizationDetails + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Retrieves information about all IAM users, groups, roles, and + policies in your Amazon Web Services account, including their relationships + to one another. Use this operation to obtain a snapshot of the configuration + of IAM permissions (users, groups, roles, and policies) in your account.

+

Policies returned by this operation are URL-encoded compliant with + RFC 3986. You can use a + URL decoding method to convert the policy back to plain JSON text. For example, + if you use Java, you can use the decode method of the java.net.URLDecoder + utility class in the Java SDK. Other languages and SDKs provide similar functionality.

+

You can optionally filter the results using the Filter + parameter. You can paginate the results using the MaxItems and + Marker parameters.

+ operationId: POST_GetAccountAuthorizationDetails + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetAccountAuthorizationDetailsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetAccountAuthorizationDetailsResult: + $ref: '#/components/schemas/GetAccountAuthorizationDetailsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetAccountAuthorizationDetails + /?Action=GetAccountPasswordPolicy&Version=2010-05-08: + get: + description: Retrieves the password policy for the Amazon Web Services account. + This tells you the complexity requirements and mandatory rotation periods + for the IAM user passwords in your account. For more information about using + a password policy, see Managing + an IAM password policy. + operationId: GET_GetAccountPasswordPolicy + parameters: [] + responses: + '200': + content: + text/xml: + schema: + properties: + GetAccountPasswordPolicyResult: + $ref: '#/components/schemas/GetAccountPasswordPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetAccountPasswordPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Retrieves the password policy for the Amazon Web Services account. + This tells you the complexity requirements and mandatory rotation periods + for the IAM user passwords in your account. For more information about using + a password policy, see Managing + an IAM password policy. + operationId: POST_GetAccountPasswordPolicy + parameters: [] + responses: + '200': + content: + text/xml: + schema: + properties: + GetAccountPasswordPolicyResult: + $ref: '#/components/schemas/GetAccountPasswordPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetAccountPasswordPolicy + /?Action=GetAccountSummary&Version=2010-05-08: + get: + description:

Retrieves information about IAM entity usage and IAM quotas + in the Amazon Web Services account.

For information about IAM quotas, + see IAM + and STS quotas in the IAM User Guide.

+ operationId: GET_GetAccountSummary + parameters: [] + responses: + '200': + content: + text/xml: + schema: + properties: + GetAccountSummaryResult: + $ref: '#/components/schemas/GetAccountSummaryResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetAccountSummary + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Retrieves information about IAM entity usage and IAM quotas + in the Amazon Web Services account.

For information about IAM quotas, + see IAM + and STS quotas in the IAM User Guide.

+ operationId: POST_GetAccountSummary + parameters: [] + responses: + '200': + content: + text/xml: + schema: + properties: + GetAccountSummaryResult: + $ref: '#/components/schemas/GetAccountSummaryResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetAccountSummary + /?Action=GetContextKeysForCustomPolicy&Version=2010-05-08: + get: + description:

Gets a list of all of the context keys referenced in the input + policies. The policies are supplied as a list of one or more strings. To get + the context keys from policies associated with an IAM user, group, or role, + use GetContextKeysForPrincipalPolicy.

Context keys are variables + maintained by Amazon Web Services and its services that provide details about + the context of an API query request. Context keys can be evaluated by testing + against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy + to understand what key names and values you must supply when you call SimulateCustomPolicy. + Note that all parameters are shown in unencoded form here for clarity but + must be URL encoded to be included as a part of a real HTML request.

+ operationId: GET_GetContextKeysForCustomPolicy + parameters: + - description:

A list of policies for which you want the list of context + keys referenced in those policies. Each document is specified as a string + containing the complete, valid JSON text of an IAM policy.

The regex pattern used to validate + this parameter is a string of characters consisting of the following:

+

  • Any printable ASCII character ranging from the space character + (\u0020) through the end of the ASCII character range

    • +

  • The printable characters in the Basic Latin and Latin-1 Supplement + character set (through \u00FF)

  • The special + characters tab (\u0009), line feed (\u000A), and + carriage return (\u000D)

+ in: query + name: PolicyInputList + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - xml: + name: member + type: array + responses: + '200': + content: + text/xml: + schema: + properties: + GetContextKeysForCustomPolicyResult: + $ref: '#/components/schemas/GetContextKeysForPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GetContextKeysForCustomPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Gets a list of all of the context keys referenced in the input + policies. The policies are supplied as a list of one or more strings. To get + the context keys from policies associated with an IAM user, group, or role, + use GetContextKeysForPrincipalPolicy.

Context keys are variables + maintained by Amazon Web Services and its services that provide details about + the context of an API query request. Context keys can be evaluated by testing + against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy + to understand what key names and values you must supply when you call SimulateCustomPolicy. + Note that all parameters are shown in unencoded form here for clarity but + must be URL encoded to be included as a part of a real HTML request.

+ operationId: POST_GetContextKeysForCustomPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetContextKeysForCustomPolicyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetContextKeysForCustomPolicyResult: + $ref: '#/components/schemas/GetContextKeysForPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GetContextKeysForCustomPolicy + /?Action=GetContextKeysForPrincipalPolicy&Version=2010-05-08: + get: + description:

Gets a list of all of the context keys referenced in all the + IAM policies that are attached to the specified IAM entity. The entity can + be an IAM user, group, or role. If you specify a user, then the request also + includes all of the policies attached to groups that the user is a member + of.

You can optionally include a list of one or more additional policies, + specified as strings. If you want to include only a list of policies + by string, use GetContextKeysForCustomPolicy instead.

Note: + This operation discloses information about the permissions granted to other + users. If you do not want users to see other user's permissions, then consider + allowing them to use GetContextKeysForCustomPolicy instead.

Context + keys are variables maintained by Amazon Web Services and its services that + provide details about the context of an API query request. Context keys can + be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy + to understand what key names and values you must supply when you call SimulatePrincipalPolicy.

+ operationId: GET_GetContextKeysForPrincipalPolicy + parameters: + - description:

The ARN of a user, group, or role whose policies contain the + context keys that you want listed. If you specify a user, the list includes + context keys that are found in all policies that are attached to the user. + The list also includes all groups that the user is a member of. If you pick + a group or a role, then it includes only those context keys that are found + in policies attached to that entity. Note that all parameters are shown + in unencoded form here for clarity, but must be URL encoded to be included + as a part of a real HTML request.

For more information about ARNs, + see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicySourceArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description:

An optional list of additional policies for which you want + the list of context keys that are referenced.

The regex + pattern used to validate this parameter is a string of characters consisting + of the following:

  • Any printable ASCII character ranging + from the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line feed + (\u000A), and carriage return (\u000D)

    • +
+ in: query + name: PolicyInputList + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - xml: + name: member + type: array + responses: + '200': + content: + text/xml: + schema: + properties: + GetContextKeysForPrincipalPolicyResult: + $ref: '#/components/schemas/GetContextKeysForPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GetContextKeysForPrincipalPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Gets a list of all of the context keys referenced in all the + IAM policies that are attached to the specified IAM entity. The entity can + be an IAM user, group, or role. If you specify a user, then the request also + includes all of the policies attached to groups that the user is a member + of.

You can optionally include a list of one or more additional policies, + specified as strings. If you want to include only a list of policies + by string, use GetContextKeysForCustomPolicy instead.

Note: + This operation discloses information about the permissions granted to other + users. If you do not want users to see other user's permissions, then consider + allowing them to use GetContextKeysForCustomPolicy instead.

Context + keys are variables maintained by Amazon Web Services and its services that + provide details about the context of an API query request. Context keys can + be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy + to understand what key names and values you must supply when you call SimulatePrincipalPolicy.

+ operationId: POST_GetContextKeysForPrincipalPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetContextKeysForPrincipalPolicyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetContextKeysForPrincipalPolicyResult: + $ref: '#/components/schemas/GetContextKeysForPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GetContextKeysForPrincipalPolicy + /?Action=GetCredentialReport&Version=2010-05-08: + get: + description: ' Retrieves a credential report for the Amazon Web Services account. + For more information about the credential report, see Getting + credential reports in the IAM User Guide.' + operationId: GET_GetCredentialReport + parameters: [] + responses: + '200': + content: + text/xml: + schema: + properties: + GetCredentialReportResult: + $ref: '#/components/schemas/GetCredentialReportResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/CredentialReportNotPresentException' + description: CredentialReportNotPresentException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/CredentialReportExpiredException' + description: CredentialReportExpiredException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/CredentialReportNotReadyException' + description: CredentialReportNotReadyException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetCredentialReport + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: ' Retrieves a credential report for the Amazon Web Services account. + For more information about the credential report, see Getting + credential reports in the IAM User Guide.' + operationId: POST_GetCredentialReport + parameters: [] + responses: + '200': + content: + text/xml: + schema: + properties: + GetCredentialReportResult: + $ref: '#/components/schemas/GetCredentialReportResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/CredentialReportNotPresentException' + description: CredentialReportNotPresentException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/CredentialReportExpiredException' + description: CredentialReportExpiredException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/CredentialReportNotReadyException' + description: CredentialReportNotReadyException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetCredentialReport + /?Action=GetGroup&Version=2010-05-08: + get: + description: ' Returns a list of IAM users that are in the specified IAM group. + You can paginate the results using the MaxItems and Marker + parameters.' + operationId: GET_GetGroup + parameters: + - description: '

The name of the group.

This parameter allows (through + its regex pattern) a string + of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: GroupName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + GetGroupResult: + $ref: '#/components/schemas/GetGroupResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetGroup + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: ' Returns a list of IAM users that are in the specified IAM group. + You can paginate the results using the MaxItems and Marker + parameters.' + operationId: POST_GetGroup + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetGroupRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetGroupResult: + $ref: '#/components/schemas/GetGroupResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetGroup + /?Action=GetGroupPolicy&Version=2010-05-08: + get: + description:

Retrieves the specified inline policy document that is embedded + in the specified IAM group.

Policies returned by this operation + are URL-encoded compliant with RFC + 3986. You can use a URL decoding method to convert the policy back to + plain JSON text. For example, if you use Java, you can use the decode + method of the java.net.URLDecoder utility class in the Java SDK. + Other languages and SDKs provide similar functionality.

An + IAM group can also have managed policies attached to it. To retrieve a managed + policy document that is attached to a group, use GetPolicy to determine + the policy's default version, then use GetPolicyVersion to retrieve + the policy document.

For more information about policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: GET_GetGroupPolicy + parameters: + - description: '

The name of the group the policy is associated with.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: GroupName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The name of the policy document to get.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: PolicyName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetGroupPolicyResult: + $ref: '#/components/schemas/GetGroupPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetGroupPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Retrieves the specified inline policy document that is embedded + in the specified IAM group.

Policies returned by this operation + are URL-encoded compliant with RFC + 3986. You can use a URL decoding method to convert the policy back to + plain JSON text. For example, if you use Java, you can use the decode + method of the java.net.URLDecoder utility class in the Java SDK. + Other languages and SDKs provide similar functionality.

An + IAM group can also have managed policies attached to it. To retrieve a managed + policy document that is attached to a group, use GetPolicy to determine + the policy's default version, then use GetPolicyVersion to retrieve + the policy document.

For more information about policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: POST_GetGroupPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetGroupPolicyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetGroupPolicyResult: + $ref: '#/components/schemas/GetGroupPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetGroupPolicy + /?Action=GetInstanceProfile&Version=2010-05-08: + get: + description: ' Retrieves information about the specified instance profile, including + the instance profile''s path, GUID, ARN, and role. For more information about + instance profiles, see About + instance profiles in the IAM User Guide.' + operationId: GET_GetInstanceProfile + parameters: + - description: '

The name of the instance profile to get information about.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: InstanceProfileName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetInstanceProfileResult: + $ref: '#/components/schemas/GetInstanceProfileResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetInstanceProfile + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: ' Retrieves information about the specified instance profile, including + the instance profile''s path, GUID, ARN, and role. For more information about + instance profiles, see About + instance profiles in the IAM User Guide.' + operationId: POST_GetInstanceProfile + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetInstanceProfileRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetInstanceProfileResult: + $ref: '#/components/schemas/GetInstanceProfileResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetInstanceProfile + /?Action=GetLoginProfile&Version=2010-05-08: + get: + description:

Retrieves the user name for the specified IAM user. A login + profile is created when you create a password for the user to access the Amazon + Web Services Management Console. If the user does not exist or does not have + a password, the operation returns a 404 (NoSuchEntity) error.

+

If you create an IAM user with access to the console, the CreateDate + reflects the date you created the initial password for the user.

If + you create an IAM user with programmatic access, and then later add a password + for the user to access the Amazon Web Services Management Console, the CreateDate + reflects the initial password creation date. A user with programmatic access + does not have a login profile unless you create a password for the user to + access the Amazon Web Services Management Console.

+ operationId: GET_GetLoginProfile + parameters: + - description: '

The name of the user whose login profile you want to retrieve.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetLoginProfileResult: + $ref: '#/components/schemas/GetLoginProfileResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetLoginProfile + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Retrieves the user name for the specified IAM user. A login + profile is created when you create a password for the user to access the Amazon + Web Services Management Console. If the user does not exist or does not have + a password, the operation returns a 404 (NoSuchEntity) error.

+

If you create an IAM user with access to the console, the CreateDate + reflects the date you created the initial password for the user.

If + you create an IAM user with programmatic access, and then later add a password + for the user to access the Amazon Web Services Management Console, the CreateDate + reflects the initial password creation date. A user with programmatic access + does not have a login profile unless you create a password for the user to + access the Amazon Web Services Management Console.

+ operationId: POST_GetLoginProfile + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetLoginProfileRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetLoginProfileResult: + $ref: '#/components/schemas/GetLoginProfileResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetLoginProfile + /?Action=GetOpenIDConnectProvider&Version=2010-05-08: + get: + description: Returns information about the specified OpenID Connect (OIDC) provider + resource object in IAM. + operationId: GET_GetOpenIDConnectProvider + parameters: + - description:

The Amazon Resource Name (ARN) of the OIDC provider resource + object in IAM to get information for. You can get a list of OIDC provider + resource ARNs by using the ListOpenIDConnectProviders operation.

+

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: OpenIDConnectProviderArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetOpenIDConnectProviderResult: + $ref: '#/components/schemas/GetOpenIDConnectProviderResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetOpenIDConnectProvider + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Returns information about the specified OpenID Connect (OIDC) provider + resource object in IAM. + operationId: POST_GetOpenIDConnectProvider + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetOpenIDConnectProviderRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetOpenIDConnectProviderResult: + $ref: '#/components/schemas/GetOpenIDConnectProviderResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetOpenIDConnectProvider + /?Action=GetOrganizationsAccessReport&Version=2010-05-08: + get: + description:

Retrieves the service last accessed data report for Organizations + that was previously generated using the GenerateOrganizationsAccessReport + operation. This operation retrieves the status of your report job + and the report contents.

Depending on the parameters that you passed + when you generated the report, the data returned could include different information. + For details, see GenerateOrganizationsAccessReport.

To call + this operation, you must be signed in to the management account in your organization. + SCPs must be enabled for your organization root. You must have permissions + to perform this operation. For more information, see Refining + permissions using service last accessed data in the IAM User Guide.

+

For each service that principals in an account (root users, IAM users, + or IAM roles) could access using SCPs, the operation returns details about + the most recent access attempt. If there was no attempt, the service is listed + without details about the most recent attempt to access the service. If the + operation fails, it returns the reason that it failed.

By default, + the list is sorted by service namespace.

+ operationId: GET_GetOrganizationsAccessReport + parameters: + - description: The identifier of the request generated by the GenerateOrganizationsAccessReport + operation. + in: query + name: JobId + required: true + schema: + maxLength: 36 + minLength: 36 + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description: The key that is used to sort the results. If you choose the namespace + key, the results are returned in alphabetical order. If you choose the time + key, the results are sorted numerically by the date and time. + in: query + name: SortKey + required: false + schema: + enum: + - SERVICE_NAMESPACE_ASCENDING + - SERVICE_NAMESPACE_DESCENDING + - LAST_AUTHENTICATED_TIME_ASCENDING + - LAST_AUTHENTICATED_TIME_DESCENDING + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetOrganizationsAccessReportResult: + $ref: '#/components/schemas/GetOrganizationsAccessReportResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: GetOrganizationsAccessReport + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Retrieves the service last accessed data report for Organizations + that was previously generated using the GenerateOrganizationsAccessReport + operation. This operation retrieves the status of your report job + and the report contents.

Depending on the parameters that you passed + when you generated the report, the data returned could include different information. + For details, see GenerateOrganizationsAccessReport.

To call + this operation, you must be signed in to the management account in your organization. + SCPs must be enabled for your organization root. You must have permissions + to perform this operation. For more information, see Refining + permissions using service last accessed data in the IAM User Guide.

+

For each service that principals in an account (root users, IAM users, + or IAM roles) could access using SCPs, the operation returns details about + the most recent access attempt. If there was no attempt, the service is listed + without details about the most recent attempt to access the service. If the + operation fails, it returns the reason that it failed.

By default, + the list is sorted by service namespace.

+ operationId: POST_GetOrganizationsAccessReport + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetOrganizationsAccessReportRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetOrganizationsAccessReportResult: + $ref: '#/components/schemas/GetOrganizationsAccessReportResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: GetOrganizationsAccessReport + /?Action=GetPolicy&Version=2010-05-08: + get: + description:

Retrieves information about the specified managed policy, including + the policy's default version and the total number of IAM users, groups, and + roles to which the policy is attached. To retrieve the list of the specific + users, groups, and roles that the policy is attached to, use ListEntitiesForPolicy. + This operation returns metadata about the policy. To retrieve the actual policy + document for a specific version of the policy, use GetPolicyVersion.

+

This operation retrieves information about managed policies. To retrieve + information about an inline policy that is embedded with an IAM user, group, + or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

+

For more information about policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: GET_GetPolicy + parameters: + - description:

The Amazon Resource Name (ARN) of the managed policy that + you want information about.

For more information about ARNs, see + Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetPolicyResult: + $ref: '#/components/schemas/GetPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Retrieves information about the specified managed policy, including + the policy's default version and the total number of IAM users, groups, and + roles to which the policy is attached. To retrieve the list of the specific + users, groups, and roles that the policy is attached to, use ListEntitiesForPolicy. + This operation returns metadata about the policy. To retrieve the actual policy + document for a specific version of the policy, use GetPolicyVersion.

+

This operation retrieves information about managed policies. To retrieve + information about an inline policy that is embedded with an IAM user, group, + or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

+

For more information about policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: POST_GetPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetPolicyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetPolicyResult: + $ref: '#/components/schemas/GetPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetPolicy + /?Action=GetPolicyVersion&Version=2010-05-08: + get: + description:

Retrieves information about the specified version of the specified + managed policy, including the policy document.

Policies returned + by this operation are URL-encoded compliant with RFC + 3986. You can use a URL decoding method to convert the policy back to + plain JSON text. For example, if you use Java, you can use the decode + method of the java.net.URLDecoder utility class in the Java SDK. + Other languages and SDKs provide similar functionality.

To + list the available versions for a policy, use ListPolicyVersions.

+

This operation retrieves information about managed policies. To retrieve + information about an inline policy that is embedded in a user, group, or role, + use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

+

For more information about the types of policies, see Managed + policies and inline policies in the IAM User Guide.

For + more information about managed policy versions, see Versioning + for managed policies in the IAM User Guide.

+ operationId: GET_GetPolicyVersion + parameters: + - description:

The Amazon Resource Name (ARN) of the managed policy that + you want information about.

For more information about ARNs, see + Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description:

Identifies the policy version to retrieve.

This parameter + allows (through its regex pattern) + a string of characters that consists of the lowercase letter 'v' followed + by one or two digits, and optionally followed by a period '.' and a string + of letters and digits.

+ in: query + name: VersionId + required: true + schema: + pattern: v[1-9][0-9]*(\.[A-Za-z0-9-]*)? + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetPolicyVersionResult: + $ref: '#/components/schemas/GetPolicyVersionResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetPolicyVersion + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Retrieves information about the specified version of the specified + managed policy, including the policy document.

Policies returned + by this operation are URL-encoded compliant with RFC + 3986. You can use a URL decoding method to convert the policy back to + plain JSON text. For example, if you use Java, you can use the decode + method of the java.net.URLDecoder utility class in the Java SDK. + Other languages and SDKs provide similar functionality.

To + list the available versions for a policy, use ListPolicyVersions.

+

This operation retrieves information about managed policies. To retrieve + information about an inline policy that is embedded in a user, group, or role, + use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

+

For more information about the types of policies, see Managed + policies and inline policies in the IAM User Guide.

For + more information about managed policy versions, see Versioning + for managed policies in the IAM User Guide.

+ operationId: POST_GetPolicyVersion + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetPolicyVersionRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetPolicyVersionResult: + $ref: '#/components/schemas/GetPolicyVersionResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetPolicyVersion + /?Action=GetRole&Version=2010-05-08: + get: + description:

Retrieves information about the specified role, including the + role's path, GUID, ARN, and the role's trust policy that grants permission + to assume the role. For more information about roles, see Working + with roles.

Policies returned by this operation are URL-encoded + compliant with RFC 3986. + You can use a URL decoding method to convert the policy back to plain JSON + text. For example, if you use Java, you can use the decode method + of the java.net.URLDecoder utility class in the Java SDK. Other + languages and SDKs provide similar functionality.

 + operationId: GET_GetRole + parameters: + - description: '

The name of the IAM role to get information about.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetRoleResult: + $ref: '#/components/schemas/GetRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetRole + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Retrieves information about the specified role, including the + role's path, GUID, ARN, and the role's trust policy that grants permission + to assume the role. For more information about roles, see Working + with roles.

Policies returned by this operation are URL-encoded + compliant with RFC 3986. + You can use a URL decoding method to convert the policy back to plain JSON + text. For example, if you use Java, you can use the decode method + of the java.net.URLDecoder utility class in the Java SDK. Other + languages and SDKs provide similar functionality.

 + operationId: POST_GetRole + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetRoleRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetRoleResult: + $ref: '#/components/schemas/GetRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetRole + /?Action=GetRolePolicy&Version=2010-05-08: + get: + description:

Retrieves the specified inline policy document that is embedded + with the specified IAM role.

Policies returned by this operation + are URL-encoded compliant with RFC + 3986. You can use a URL decoding method to convert the policy back to + plain JSON text. For example, if you use Java, you can use the decode + method of the java.net.URLDecoder utility class in the Java SDK. + Other languages and SDKs provide similar functionality.

An + IAM role can also have managed policies attached to it. To retrieve a managed + policy document that is attached to a role, use GetPolicy to determine + the policy's default version, then use GetPolicyVersion to retrieve + the policy document.

For more information about policies, see Managed + policies and inline policies in the IAM User Guide.

For + more information about roles, see Using + roles to delegate permissions and federate identities.

+ operationId: GET_GetRolePolicy + parameters: + - description: '

The name of the role associated with the policy.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The name of the policy document to get.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: PolicyName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetRolePolicyResult: + $ref: '#/components/schemas/GetRolePolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetRolePolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Retrieves the specified inline policy document that is embedded + with the specified IAM role.

Policies returned by this operation + are URL-encoded compliant with RFC + 3986. You can use a URL decoding method to convert the policy back to + plain JSON text. For example, if you use Java, you can use the decode + method of the java.net.URLDecoder utility class in the Java SDK. + Other languages and SDKs provide similar functionality.

An + IAM role can also have managed policies attached to it. To retrieve a managed + policy document that is attached to a role, use GetPolicy to determine + the policy's default version, then use GetPolicyVersion to retrieve + the policy document.

For more information about policies, see Managed + policies and inline policies in the IAM User Guide.

For + more information about roles, see Using + roles to delegate permissions and federate identities.

+ operationId: POST_GetRolePolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetRolePolicyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetRolePolicyResult: + $ref: '#/components/schemas/GetRolePolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetRolePolicy + /?Action=GetSAMLProvider&Version=2010-05-08: + get: + description:

Returns the SAML provider metadocument that was uploaded when + the IAM SAML provider resource object was created or updated.

This + operation requires Signature + Version 4.

 + operationId: GET_GetSAMLProvider + parameters: + - description:

The Amazon Resource Name (ARN) of the SAML provider resource + object in IAM to get information about.

For more information about + ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: SAMLProviderArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetSAMLProviderResult: + $ref: '#/components/schemas/GetSAMLProviderResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetSAMLProvider + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Returns the SAML provider metadocument that was uploaded when + the IAM SAML provider resource object was created or updated.

This + operation requires Signature + Version 4.

 + operationId: POST_GetSAMLProvider + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetSAMLProviderRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetSAMLProviderResult: + $ref: '#/components/schemas/GetSAMLProviderResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetSAMLProvider + /?Action=GetSSHPublicKey&Version=2010-05-08: + get: + description:

Retrieves the specified SSH public key, including metadata about + the key.

The SSH public key retrieved by this operation is used only + for authenticating the associated IAM user to an CodeCommit repository. For + more information about using SSH keys to authenticate to an CodeCommit repository, + see Set + up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: GET_GetSSHPublicKey + parameters: + - description: '

The name of the IAM user associated with the SSH public key.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The unique identifier for the SSH public key.

This + parameter allows (through its regex + pattern) a string of characters that can consist of any upper or lowercased + letter or digit.

+ in: query + name: SSHPublicKeyId + required: true + schema: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + - description: Specifies the public key encoding format to use in the response. + To retrieve the public key in ssh-rsa format, use SSH. To retrieve + the public key in PEM format, use PEM. + in: query + name: Encoding + required: true + schema: + enum: + - SSH + - PEM + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetSSHPublicKeyResult: + $ref: '#/components/schemas/GetSSHPublicKeyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnrecognizedPublicKeyEncodingException' + description: UnrecognizedPublicKeyEncodingException + x-aws-operation-name: GetSSHPublicKey + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Retrieves the specified SSH public key, including metadata about + the key.

The SSH public key retrieved by this operation is used only + for authenticating the associated IAM user to an CodeCommit repository. For + more information about using SSH keys to authenticate to an CodeCommit repository, + see Set + up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: POST_GetSSHPublicKey + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetSSHPublicKeyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetSSHPublicKeyResult: + $ref: '#/components/schemas/GetSSHPublicKeyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnrecognizedPublicKeyEncodingException' + description: UnrecognizedPublicKeyEncodingException + x-aws-operation-name: GetSSHPublicKey + /?Action=GetServerCertificate&Version=2010-05-08: + get: + description:

Retrieves information about the specified server certificate + stored in IAM.

For more information about working with server certificates, + see Working + with server certificates in the IAM User Guide. This topic includes + a list of Amazon Web Services services that can use the server certificates + that you manage with IAM.

+ operationId: GET_GetServerCertificate + parameters: + - description: '

The name of the server certificate you want to retrieve information + about.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: ServerCertificateName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetServerCertificateResult: + $ref: '#/components/schemas/GetServerCertificateResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetServerCertificate + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Retrieves information about the specified server certificate + stored in IAM.

For more information about working with server certificates, + see Working + with server certificates in the IAM User Guide. This topic includes + a list of Amazon Web Services services that can use the server certificates + that you manage with IAM.

+ operationId: POST_GetServerCertificate + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetServerCertificateRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetServerCertificateResult: + $ref: '#/components/schemas/GetServerCertificateResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetServerCertificate + /?Action=GetServiceLastAccessedDetails&Version=2010-05-08: + get: + description: "

Retrieves a service last accessed report that was created using\ + \ the GenerateServiceLastAccessedDetails operation. You can use\ + \ the JobId parameter in GetServiceLastAccessedDetails\ + \ to retrieve the status of your report job. When the report is complete,\ + \ you can retrieve the generated report. The report includes a list of Amazon\ + \ Web Services services that the resource (user, group, role, or managed policy)\ + \ can access.

Service last accessed data does not use other\ + \ policy types when determining whether a resource could access a service.\ + \ These other policy types include resource-based policies, access control\ + \ lists, Organizations policies, IAM permissions boundaries, and STS assume\ + \ role policies. It only applies permissions policy logic. For more about\ + \ the evaluation of policy types, see Evaluating policies in the IAM User Guide.

For\ + \ each service that the resource could access using permissions policies,\ + \ the operation returns details about the most recent access attempt. If there\ + \ was no attempt, the service is listed without details about the most recent\ + \ attempt to access the service. If the operation fails, the GetServiceLastAccessedDetails\ + \ operation returns the reason that it failed.

The GetServiceLastAccessedDetails\ + \ operation returns a list of services. This list includes the number of entities\ + \ that have attempted to access the service and the date and time of the last\ + \ attempt. It also returns the ARN of the following entity, depending on the\ + \ resource ARN that you used to generate the report:

  • User\ + \ \u2013 Returns the user ARN that you used to generate the report

    • \ + \

  • Group \u2013 Returns the ARN of the group member (user)\ + \ that last attempted to access the service

  • Role\ + \ \u2013 Returns the role ARN that you used to generate the report

    • \ + \

  • Policy \u2013 Returns the ARN of the user or role that last\ + \ used the policy to attempt to access the service

By default,\ + \ the list is sorted by service namespace.

If you specified ACTION_LEVEL\ + \ granularity when you generated the report, this operation returns service\ + \ and action last accessed data. This includes the most recent access attempt\ + \ for each tracked action within a service. Otherwise, this operation returns\ + \ only service data.

For more information about service and action\ + \ last accessed data, see Reducing permissions using service last accessed data in the IAM User\ + \ Guide.

" + operationId: GET_GetServiceLastAccessedDetails + parameters: + - description: The ID of the request generated by the GenerateServiceLastAccessedDetails + operation. The JobId returned by GenerateServiceLastAccessedDetail + must be used by the same role within a session, or by the same user when + used to call GetServiceLastAccessedDetail. + in: query + name: JobId + required: true + schema: + maxLength: 36 + minLength: 36 + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetServiceLastAccessedDetailsResult: + $ref: '#/components/schemas/GetServiceLastAccessedDetailsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GetServiceLastAccessedDetails + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: "

Retrieves a service last accessed report that was created using\ + \ the GenerateServiceLastAccessedDetails operation. You can use\ + \ the JobId parameter in GetServiceLastAccessedDetails\ + \ to retrieve the status of your report job. When the report is complete,\ + \ you can retrieve the generated report. The report includes a list of Amazon\ + \ Web Services services that the resource (user, group, role, or managed policy)\ + \ can access.

Service last accessed data does not use other\ + \ policy types when determining whether a resource could access a service.\ + \ These other policy types include resource-based policies, access control\ + \ lists, Organizations policies, IAM permissions boundaries, and STS assume\ + \ role policies. It only applies permissions policy logic. For more about\ + \ the evaluation of policy types, see Evaluating policies in the IAM User Guide.

For\ + \ each service that the resource could access using permissions policies,\ + \ the operation returns details about the most recent access attempt. If there\ + \ was no attempt, the service is listed without details about the most recent\ + \ attempt to access the service. If the operation fails, the GetServiceLastAccessedDetails\ + \ operation returns the reason that it failed.

The GetServiceLastAccessedDetails\ + \ operation returns a list of services. This list includes the number of entities\ + \ that have attempted to access the service and the date and time of the last\ + \ attempt. It also returns the ARN of the following entity, depending on the\ + \ resource ARN that you used to generate the report:

  • User\ + \ \u2013 Returns the user ARN that you used to generate the report

    • \ + \

  • Group \u2013 Returns the ARN of the group member (user)\ + \ that last attempted to access the service

  • Role\ + \ \u2013 Returns the role ARN that you used to generate the report

    • \ + \

  • Policy \u2013 Returns the ARN of the user or role that last\ + \ used the policy to attempt to access the service

By default,\ + \ the list is sorted by service namespace.

If you specified ACTION_LEVEL\ + \ granularity when you generated the report, this operation returns service\ + \ and action last accessed data. This includes the most recent access attempt\ + \ for each tracked action within a service. Otherwise, this operation returns\ + \ only service data.

For more information about service and action\ + \ last accessed data, see Reducing permissions using service last accessed data in the IAM User\ + \ Guide.

" + operationId: POST_GetServiceLastAccessedDetails + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetServiceLastAccessedDetailsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetServiceLastAccessedDetailsResult: + $ref: '#/components/schemas/GetServiceLastAccessedDetailsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GetServiceLastAccessedDetails + /?Action=GetServiceLastAccessedDetailsWithEntities&Version=2010-05-08: + get: + description: "

After you generate a group or policy report using the GenerateServiceLastAccessedDetails\ + \ operation, you can use the JobId parameter in GetServiceLastAccessedDetailsWithEntities.\ + \ This operation retrieves the status of your report job and a list of entities\ + \ that could have used group or policy permissions to access the specified\ + \ service.

  • Group \u2013 For a group report, this\ + \ operation returns a list of users in the group that could have used the\ + \ group\u2019s policies in an attempt to access the service.

  • \ + \

    Policy \u2013 For a policy report, this operation returns a list\ + \ of entities (users or roles) that could have used the policy in an attempt\ + \ to access the service.

You can also use this operation\ + \ for user or role reports to retrieve details about those entities.

If\ + \ the operation fails, the GetServiceLastAccessedDetailsWithEntities\ + \ operation returns the reason that it failed.

By default, the list\ + \ of associated entities is sorted by date, with the most recent access listed\ + \ first.

" + operationId: GET_GetServiceLastAccessedDetailsWithEntities + parameters: + - description: The ID of the request generated by the GenerateServiceLastAccessedDetails + operation. + in: query + name: JobId + required: true + schema: + maxLength: 36 + minLength: 36 + type: string + - description: "

The service namespace for an Amazon Web Services service.\ + \ Provide the service namespace to learn when the IAM entity last attempted\ + \ to access the specified service.

To learn the service namespace\ + \ for a service, see Actions, resources, and condition keys for Amazon Web Services services\ + \ in the IAM User Guide. Choose the name of the service to view details\ + \ for that service. In the first paragraph, find the service prefix. For\ + \ example, (service prefix: a4b). For more information about\ + \ service namespaces, see Amazon Web Services service namespaces in the\_Amazon Web Services\ + \ General Reference.

" + in: query + name: ServiceNamespace + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w-]*' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetServiceLastAccessedDetailsWithEntitiesResult: + $ref: '#/components/schemas/GetServiceLastAccessedDetailsWithEntitiesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GetServiceLastAccessedDetailsWithEntities + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: "

After you generate a group or policy report using the GenerateServiceLastAccessedDetails\ + \ operation, you can use the JobId parameter in GetServiceLastAccessedDetailsWithEntities.\ + \ This operation retrieves the status of your report job and a list of entities\ + \ that could have used group or policy permissions to access the specified\ + \ service.

  • Group \u2013 For a group report, this\ + \ operation returns a list of users in the group that could have used the\ + \ group\u2019s policies in an attempt to access the service.

  • \ + \

    Policy \u2013 For a policy report, this operation returns a list\ + \ of entities (users or roles) that could have used the policy in an attempt\ + \ to access the service.

You can also use this operation\ + \ for user or role reports to retrieve details about those entities.

If\ + \ the operation fails, the GetServiceLastAccessedDetailsWithEntities\ + \ operation returns the reason that it failed.

By default, the list\ + \ of associated entities is sorted by date, with the most recent access listed\ + \ first.

" + operationId: POST_GetServiceLastAccessedDetailsWithEntities + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetServiceLastAccessedDetailsWithEntitiesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetServiceLastAccessedDetailsWithEntitiesResult: + $ref: '#/components/schemas/GetServiceLastAccessedDetailsWithEntitiesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GetServiceLastAccessedDetailsWithEntities + /?Action=GetServiceLinkedRoleDeletionStatus&Version=2010-05-08: + get: + description: Retrieves the status of your service-linked role deletion. After + you use DeleteServiceLinkedRole to submit a service-linked role for + deletion, you can use the DeletionTaskId parameter in GetServiceLinkedRoleDeletionStatus + to check the status of the deletion. If the deletion fails, this operation + returns the reason that it failed, if that information is returned by the + service. + operationId: GET_GetServiceLinkedRoleDeletionStatus + parameters: + - description: The deletion task identifier. This identifier is returned by + the DeleteServiceLinkedRole operation in the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>. + in: query + name: DeletionTaskId + required: true + schema: + maxLength: 1000 + minLength: 1 + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetServiceLinkedRoleDeletionStatusResult: + $ref: '#/components/schemas/GetServiceLinkedRoleDeletionStatusResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetServiceLinkedRoleDeletionStatus + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Retrieves the status of your service-linked role deletion. After + you use DeleteServiceLinkedRole to submit a service-linked role for + deletion, you can use the DeletionTaskId parameter in GetServiceLinkedRoleDeletionStatus + to check the status of the deletion. If the deletion fails, this operation + returns the reason that it failed, if that information is returned by the + service. + operationId: POST_GetServiceLinkedRoleDeletionStatus + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetServiceLinkedRoleDeletionStatusRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetServiceLinkedRoleDeletionStatusResult: + $ref: '#/components/schemas/GetServiceLinkedRoleDeletionStatusResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetServiceLinkedRoleDeletionStatus + /?Action=GetUser&Version=2010-05-08: + get: + description:

Retrieves information about the specified IAM user, including + the user's creation date, path, unique ID, and ARN.

If you do not specify + a user name, IAM determines the user name implicitly based on the Amazon Web + Services access key ID used to sign the request to this operation.

+ operationId: GET_GetUser + parameters: + - description: '

The name of the user to get information about.

This + parameter is optional. If it is not included, it defaults to the user making + the request. This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetUserResult: + $ref: '#/components/schemas/GetUserResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetUser + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Retrieves information about the specified IAM user, including + the user's creation date, path, unique ID, and ARN.

If you do not specify + a user name, IAM determines the user name implicitly based on the Amazon Web + Services access key ID used to sign the request to this operation.

+ operationId: POST_GetUser + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetUserRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetUserResult: + $ref: '#/components/schemas/GetUserResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetUser + /?Action=GetUserPolicy&Version=2010-05-08: + get: + description:

Retrieves the specified inline policy document that is embedded + in the specified IAM user.

Policies returned by this operation + are URL-encoded compliant with RFC + 3986. You can use a URL decoding method to convert the policy back to + plain JSON text. For example, if you use Java, you can use the decode + method of the java.net.URLDecoder utility class in the Java SDK. + Other languages and SDKs provide similar functionality.

An + IAM user can also have managed policies attached to it. To retrieve a managed + policy document that is attached to a user, use GetPolicy to determine + the policy's default version. Then use GetPolicyVersion to retrieve + the policy document.

For more information about policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: GET_GetUserPolicy + parameters: + - description: '

The name of the user who the policy is associated with.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The name of the policy document to get.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: PolicyName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetUserPolicyResult: + $ref: '#/components/schemas/GetUserPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetUserPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Retrieves the specified inline policy document that is embedded + in the specified IAM user.

Policies returned by this operation + are URL-encoded compliant with RFC + 3986. You can use a URL decoding method to convert the policy back to + plain JSON text. For example, if you use Java, you can use the decode + method of the java.net.URLDecoder utility class in the Java SDK. + Other languages and SDKs provide similar functionality.

An + IAM user can also have managed policies attached to it. To retrieve a managed + policy document that is attached to a user, use GetPolicy to determine + the policy's default version. Then use GetPolicyVersion to retrieve + the policy document.

For more information about policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: POST_GetUserPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetUserPolicyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetUserPolicyResult: + $ref: '#/components/schemas/GetUserPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetUserPolicy + /?Action=ListAccessKeys&Version=2010-05-08: + get: + description:

Returns information about the access key IDs associated with + the specified IAM user. If there is none, the operation returns an empty list.

+

Although each user is limited to a small number of keys, you can still + paginate the results using the MaxItems and Marker + parameters.

If the UserName field is not specified, the + user name is determined implicitly based on the Amazon Web Services access + key ID used to sign the request. This operation works for access keys under + the Amazon Web Services account. Consequently, you can use this operation + to manage Amazon Web Services account root user credentials even if the Amazon + Web Services account has no associated users.

To ensure the + security of your Amazon Web Services account, the secret access key is accessible + only during key and user creation.

 + operationId: GET_ListAccessKeys + parameters: + - description: '

The name of the user.

This parameter allows (through + its regex pattern) a string + of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListAccessKeysResult: + $ref: '#/components/schemas/ListAccessKeysResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAccessKeys + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Returns information about the access key IDs associated with + the specified IAM user. If there is none, the operation returns an empty list.

+

Although each user is limited to a small number of keys, you can still + paginate the results using the MaxItems and Marker + parameters.

If the UserName field is not specified, the + user name is determined implicitly based on the Amazon Web Services access + key ID used to sign the request. This operation works for access keys under + the Amazon Web Services account. Consequently, you can use this operation + to manage Amazon Web Services account root user credentials even if the Amazon + Web Services account has no associated users.

To ensure the + security of your Amazon Web Services account, the secret access key is accessible + only during key and user creation.

 + operationId: POST_ListAccessKeys + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListAccessKeysRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListAccessKeysResult: + $ref: '#/components/schemas/ListAccessKeysResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAccessKeys + /?Action=ListAccountAliases&Version=2010-05-08: + get: + description: 'Lists the account alias associated with the Amazon Web Services + account (Note: you can have only one). For information about using an Amazon + Web Services account alias, see Using + an alias for your Amazon Web Services account ID in the IAM User Guide.' + operationId: GET_ListAccountAliases + parameters: + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListAccountAliasesResult: + $ref: '#/components/schemas/ListAccountAliasesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAccountAliases + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: 'Lists the account alias associated with the Amazon Web Services + account (Note: you can have only one). For information about using an Amazon + Web Services account alias, see Using + an alias for your Amazon Web Services account ID in the IAM User Guide.' + operationId: POST_ListAccountAliases + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListAccountAliasesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListAccountAliasesResult: + $ref: '#/components/schemas/ListAccountAliasesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAccountAliases + /?Action=ListAttachedGroupPolicies&Version=2010-05-08: + get: + description:

Lists all managed policies that are attached to the specified + IAM group.

An IAM group can also have inline policies embedded with + it. To list the inline policies for a group, use ListGroupPolicies. + For information about policies, see Managed + policies and inline policies in the IAM User Guide.

You + can paginate the results using the MaxItems and Marker + parameters. You can use the PathPrefix parameter to limit the + list of policies to only those matching the specified path prefix. If there + are no policies attached to the specified group (or none that match the specified + path prefix), the operation returns an empty list.

+ operationId: GET_ListAttachedGroupPolicies + parameters: + - description: '

The name (friendly name, not ARN) of the group to list attached + policies for.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: GroupName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The path prefix for filtering the results. This parameter + is optional. If it is not included, it defaults to a slash (/), listing + all policies.

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ in: query + name: PathPrefix + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListAttachedGroupPoliciesResult: + $ref: '#/components/schemas/ListAttachedGroupPoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAttachedGroupPolicies + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists all managed policies that are attached to the specified + IAM group.

An IAM group can also have inline policies embedded with + it. To list the inline policies for a group, use ListGroupPolicies. + For information about policies, see Managed + policies and inline policies in the IAM User Guide.

You + can paginate the results using the MaxItems and Marker + parameters. You can use the PathPrefix parameter to limit the + list of policies to only those matching the specified path prefix. If there + are no policies attached to the specified group (or none that match the specified + path prefix), the operation returns an empty list.

+ operationId: POST_ListAttachedGroupPolicies + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListAttachedGroupPoliciesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListAttachedGroupPoliciesResult: + $ref: '#/components/schemas/ListAttachedGroupPoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAttachedGroupPolicies + /?Action=ListAttachedRolePolicies&Version=2010-05-08: + get: + description:

Lists all managed policies that are attached to the specified + IAM role.

An IAM role can also have inline policies embedded with it. + To list the inline policies for a role, use ListRolePolicies. For information + about policies, see Managed + policies and inline policies in the IAM User Guide.

You + can paginate the results using the MaxItems and Marker + parameters. You can use the PathPrefix parameter to limit the + list of policies to only those matching the specified path prefix. If there + are no policies attached to the specified role (or none that match the specified + path prefix), the operation returns an empty list.

+ operationId: GET_ListAttachedRolePolicies + parameters: + - description: '

The name (friendly name, not ARN) of the role to list attached + policies for.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The path prefix for filtering the results. This parameter + is optional. If it is not included, it defaults to a slash (/), listing + all policies.

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ in: query + name: PathPrefix + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListAttachedRolePoliciesResult: + $ref: '#/components/schemas/ListAttachedRolePoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAttachedRolePolicies + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists all managed policies that are attached to the specified + IAM role.

An IAM role can also have inline policies embedded with it. + To list the inline policies for a role, use ListRolePolicies. For information + about policies, see Managed + policies and inline policies in the IAM User Guide.

You + can paginate the results using the MaxItems and Marker + parameters. You can use the PathPrefix parameter to limit the + list of policies to only those matching the specified path prefix. If there + are no policies attached to the specified role (or none that match the specified + path prefix), the operation returns an empty list.

+ operationId: POST_ListAttachedRolePolicies + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListAttachedRolePoliciesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListAttachedRolePoliciesResult: + $ref: '#/components/schemas/ListAttachedRolePoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAttachedRolePolicies + /?Action=ListAttachedUserPolicies&Version=2010-05-08: + get: + description:

Lists all managed policies that are attached to the specified + IAM user.

An IAM user can also have inline policies embedded with it. + To list the inline policies for a user, use ListUserPolicies. For information + about policies, see Managed + policies and inline policies in the IAM User Guide.

You + can paginate the results using the MaxItems and Marker + parameters. You can use the PathPrefix parameter to limit the + list of policies to only those matching the specified path prefix. If there + are no policies attached to the specified group (or none that match the specified + path prefix), the operation returns an empty list.

+ operationId: GET_ListAttachedUserPolicies + parameters: + - description: '

The name (friendly name, not ARN) of the user to list attached + policies for.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The path prefix for filtering the results. This parameter + is optional. If it is not included, it defaults to a slash (/), listing + all policies.

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ in: query + name: PathPrefix + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListAttachedUserPoliciesResult: + $ref: '#/components/schemas/ListAttachedUserPoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAttachedUserPolicies + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists all managed policies that are attached to the specified + IAM user.

An IAM user can also have inline policies embedded with it. + To list the inline policies for a user, use ListUserPolicies. For information + about policies, see Managed + policies and inline policies in the IAM User Guide.

You + can paginate the results using the MaxItems and Marker + parameters. You can use the PathPrefix parameter to limit the + list of policies to only those matching the specified path prefix. If there + are no policies attached to the specified group (or none that match the specified + path prefix), the operation returns an empty list.

+ operationId: POST_ListAttachedUserPolicies + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListAttachedUserPoliciesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListAttachedUserPoliciesResult: + $ref: '#/components/schemas/ListAttachedUserPoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAttachedUserPolicies + /?Action=ListEntitiesForPolicy&Version=2010-05-08: + get: + description:

Lists all IAM users, groups, and roles that the specified managed + policy is attached to.

You can use the optional EntityFilter + parameter to limit the results to a particular type of entity (users, groups, + or roles). For example, to list only the roles that are attached to the specified + policy, set EntityFilter to Role.

You can + paginate the results using the MaxItems and Marker + parameters.

+ operationId: GET_ListEntitiesForPolicy + parameters: + - description:

The Amazon Resource Name (ARN) of the IAM policy for which + you want the versions.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description:

The entity type to use for filtering the results.

For + example, when EntityFilter is Role, only the roles + that are attached to the specified policy are returned. This parameter is + optional. If it is not included, all attached entities (users, groups, and + roles) are returned. The argument for this parameter must be one of the + valid values listed below.

+ in: query + name: EntityFilter + required: false + schema: + enum: + - User + - Role + - Group + - LocalManagedPolicy + - AWSManagedPolicy + type: string + - description:

The path prefix for filtering the results. This parameter + is optional. If it is not included, it defaults to a slash (/), listing + all entities.

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ in: query + name: PathPrefix + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + - description: "

The policy usage method to use for filtering the results.

\ + \

To list only permissions policies, set\_PolicyUsageFilter\_\ + to\_PermissionsPolicy. To list only the policies used to set\ + \ permissions boundaries, set\_the value to\_PermissionsBoundary.

\ + \

This parameter is optional. If it is not included, all policies are\ + \ returned.

" + in: query + name: PolicyUsageFilter + required: false + schema: + description:

The policy usage type that indicates whether the policy + is used as a permissions policy or as the permissions boundary for an + entity.

For more information about permissions boundaries, see + Permissions + boundaries for IAM identities in the IAM User Guide.

+ enum: + - PermissionsPolicy + - PermissionsBoundary + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListEntitiesForPolicyResult: + $ref: '#/components/schemas/ListEntitiesForPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListEntitiesForPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists all IAM users, groups, and roles that the specified managed + policy is attached to.

You can use the optional EntityFilter + parameter to limit the results to a particular type of entity (users, groups, + or roles). For example, to list only the roles that are attached to the specified + policy, set EntityFilter to Role.

You can + paginate the results using the MaxItems and Marker + parameters.

+ operationId: POST_ListEntitiesForPolicy + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListEntitiesForPolicyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListEntitiesForPolicyResult: + $ref: '#/components/schemas/ListEntitiesForPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListEntitiesForPolicy + /?Action=ListGroupPolicies&Version=2010-05-08: + get: + description:

Lists the names of the inline policies that are embedded in + the specified IAM group.

An IAM group can also have managed policies + attached to it. To list the managed policies that are attached to a group, + use ListAttachedGroupPolicies. For more information about policies, + see Managed + policies and inline policies in the IAM User Guide.

You + can paginate the results using the MaxItems and Marker + parameters. If there are no inline policies embedded with the specified group, + the operation returns an empty list.

+ operationId: GET_ListGroupPolicies + parameters: + - description: '

The name of the group to list policies for.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: GroupName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListGroupPoliciesResult: + $ref: '#/components/schemas/ListGroupPoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListGroupPolicies + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the names of the inline policies that are embedded in + the specified IAM group.

An IAM group can also have managed policies + attached to it. To list the managed policies that are attached to a group, + use ListAttachedGroupPolicies. For more information about policies, + see Managed + policies and inline policies in the IAM User Guide.

You + can paginate the results using the MaxItems and Marker + parameters. If there are no inline policies embedded with the specified group, + the operation returns an empty list.

+ operationId: POST_ListGroupPolicies + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListGroupPoliciesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListGroupPoliciesResult: + $ref: '#/components/schemas/ListGroupPoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListGroupPolicies + /?Action=ListGroups&Version=2010-05-08: + get: + description:

Lists the IAM groups that have the specified path prefix.

+

You can paginate the results using the MaxItems and Marker + parameters.

+ operationId: GET_ListGroups + parameters: + - description:

The path prefix for filtering the results. For example, the + prefix /division_abc/subdivision_xyz/ gets all groups whose + path starts with /division_abc/subdivision_xyz/.

This + parameter is optional. If it is not included, it defaults to a slash (/), + listing all groups. This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ in: query + name: PathPrefix + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: \u002F[\u0021-\u007F]* + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListGroupsResult: + $ref: '#/components/schemas/ListGroupsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListGroups + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the IAM groups that have the specified path prefix.

+

You can paginate the results using the MaxItems and Marker + parameters.

+ operationId: POST_ListGroups + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListGroupsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListGroupsResult: + $ref: '#/components/schemas/ListGroupsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListGroups + /?Action=ListGroupsForUser&Version=2010-05-08: + get: + description:

Lists the IAM groups that the specified IAM user belongs to.

+

You can paginate the results using the MaxItems and Marker + parameters.

+ operationId: GET_ListGroupsForUser + parameters: + - description: '

The name of the user to list groups for.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListGroupsForUserResult: + $ref: '#/components/schemas/ListGroupsForUserResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListGroupsForUser + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the IAM groups that the specified IAM user belongs to.

+

You can paginate the results using the MaxItems and Marker + parameters.

+ operationId: POST_ListGroupsForUser + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListGroupsForUserRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListGroupsForUserResult: + $ref: '#/components/schemas/ListGroupsForUserResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListGroupsForUser + /?Action=ListInstanceProfileTags&Version=2010-05-08: + get: + description: Lists the tags that are attached to the specified IAM instance + profile. The returned list of tags is sorted by tag key. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: GET_ListInstanceProfileTags + parameters: + - description: '

The name of the IAM instance profile whose tags you want + to see.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: InstanceProfileName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListInstanceProfileTagsResult: + $ref: '#/components/schemas/ListInstanceProfileTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListInstanceProfileTags + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Lists the tags that are attached to the specified IAM instance + profile. The returned list of tags is sorted by tag key. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: POST_ListInstanceProfileTags + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListInstanceProfileTagsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListInstanceProfileTagsResult: + $ref: '#/components/schemas/ListInstanceProfileTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListInstanceProfileTags + /?Action=ListInstanceProfiles&Version=2010-05-08: + get: + description:

Lists the instance profiles that have the specified path prefix. + If there are none, the operation returns an empty list. For more information + about instance profiles, see About + instance profiles.

IAM resource-listing operations return + a subset of the available attributes for the resource. For example, this operation + does not return tags, even though they are an attribute of the returned object. + To view all of the information for an instance profile, see GetInstanceProfile.

+

You can paginate the results using the MaxItems and + Marker parameters.

+ operationId: GET_ListInstanceProfiles + parameters: + - description:

The path prefix for filtering the results. For example, the + prefix /application_abc/component_xyz/ gets all instance profiles + whose path starts with /application_abc/component_xyz/.

+

This parameter is optional. If it is not included, it defaults to a slash + (/), listing all instance profiles. This parameter allows (through its regex pattern) a string of characters + consisting of either a forward slash (/) by itself or a string that must + begin and end with forward slashes. In addition, it can contain any ASCII + character from the ! (\u0021) through the DEL character (\u007F), + including most punctuation characters, digits, and upper and lowercased + letters.

+ in: query + name: PathPrefix + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: \u002F[\u0021-\u007F]* + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListInstanceProfilesResult: + $ref: '#/components/schemas/ListInstanceProfilesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListInstanceProfiles + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the instance profiles that have the specified path prefix. + If there are none, the operation returns an empty list. For more information + about instance profiles, see About + instance profiles.

IAM resource-listing operations return + a subset of the available attributes for the resource. For example, this operation + does not return tags, even though they are an attribute of the returned object. + To view all of the information for an instance profile, see GetInstanceProfile.

+

You can paginate the results using the MaxItems and + Marker parameters.

+ operationId: POST_ListInstanceProfiles + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListInstanceProfilesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListInstanceProfilesResult: + $ref: '#/components/schemas/ListInstanceProfilesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListInstanceProfiles + /?Action=ListInstanceProfilesForRole&Version=2010-05-08: + get: + description:

Lists the instance profiles that have the specified associated + IAM role. If there are none, the operation returns an empty list. For more + information about instance profiles, go to About + instance profiles.

You can paginate the results using the MaxItems + and Marker parameters.

+ operationId: GET_ListInstanceProfilesForRole + parameters: + - description: '

The name of the role to list instance profiles for.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListInstanceProfilesForRoleResult: + $ref: '#/components/schemas/ListInstanceProfilesForRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListInstanceProfilesForRole + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the instance profiles that have the specified associated + IAM role. If there are none, the operation returns an empty list. For more + information about instance profiles, go to About + instance profiles.

You can paginate the results using the MaxItems + and Marker parameters.

+ operationId: POST_ListInstanceProfilesForRole + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListInstanceProfilesForRoleRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListInstanceProfilesForRoleResult: + $ref: '#/components/schemas/ListInstanceProfilesForRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListInstanceProfilesForRole + /?Action=ListMFADeviceTags&Version=2010-05-08: + get: + description: Lists the tags that are attached to the specified IAM virtual multi-factor + authentication (MFA) device. The returned list of tags is sorted by tag key. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: GET_ListMFADeviceTags + parameters: + - description: '

The unique identifier for the IAM virtual MFA device whose + tags you want to see. For virtual MFA devices, the serial number is the + same as the ARN.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: SerialNumber + required: true + schema: + maxLength: 256 + minLength: 9 + pattern: '[\w+=/:,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListMFADeviceTagsResult: + $ref: '#/components/schemas/ListMFADeviceTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListMFADeviceTags + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Lists the tags that are attached to the specified IAM virtual multi-factor + authentication (MFA) device. The returned list of tags is sorted by tag key. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: POST_ListMFADeviceTags + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListMFADeviceTagsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListMFADeviceTagsResult: + $ref: '#/components/schemas/ListMFADeviceTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListMFADeviceTags + /?Action=ListMFADevices&Version=2010-05-08: + get: + description:

Lists the MFA devices for an IAM user. If the request includes + a IAM user name, then this operation lists all the MFA devices associated + with the specified user. If you do not specify a user name, IAM determines + the user name implicitly based on the Amazon Web Services access key ID signing + the request for this operation.

You can paginate the results using + the MaxItems and Marker parameters.

+ operationId: GET_ListMFADevices + parameters: + - description: '

The name of the user whose MFA devices you want to list.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListMFADevicesResult: + $ref: '#/components/schemas/ListMFADevicesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListMFADevices + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the MFA devices for an IAM user. If the request includes + a IAM user name, then this operation lists all the MFA devices associated + with the specified user. If you do not specify a user name, IAM determines + the user name implicitly based on the Amazon Web Services access key ID signing + the request for this operation.

You can paginate the results using + the MaxItems and Marker parameters.

+ operationId: POST_ListMFADevices + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListMFADevicesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListMFADevicesResult: + $ref: '#/components/schemas/ListMFADevicesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListMFADevices + /?Action=ListOpenIDConnectProviderTags&Version=2010-05-08: + get: + description:

Lists the tags that are attached to the specified OpenID Connect + (OIDC)-compatible identity provider. The returned list of tags is sorted by + tag key. For more information, see About + web identity federation.

For more information about tagging, see + Tagging + IAM resources in the IAM User Guide.

+ operationId: GET_ListOpenIDConnectProviderTags + parameters: + - description: '

The ARN of the OpenID Connect (OIDC) identity provider whose + tags you want to see.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: OpenIDConnectProviderArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListOpenIDConnectProviderTagsResult: + $ref: '#/components/schemas/ListOpenIDConnectProviderTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: ListOpenIDConnectProviderTags + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the tags that are attached to the specified OpenID Connect + (OIDC)-compatible identity provider. The returned list of tags is sorted by + tag key. For more information, see About + web identity federation.

For more information about tagging, see + Tagging + IAM resources in the IAM User Guide.

+ operationId: POST_ListOpenIDConnectProviderTags + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListOpenIDConnectProviderTagsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListOpenIDConnectProviderTagsResult: + $ref: '#/components/schemas/ListOpenIDConnectProviderTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: ListOpenIDConnectProviderTags + /?Action=ListOpenIDConnectProviders&Version=2010-05-08: + get: + description:

Lists information about the IAM OpenID Connect (OIDC) provider + resource objects defined in the Amazon Web Services account.

IAM + resource-listing operations return a subset of the available attributes for + the resource. For example, this operation does not return tags, even though + they are an attribute of the returned object. To view all of the information + for an OIDC provider, see GetOpenIDConnectProvider.

 + operationId: GET_ListOpenIDConnectProviders + parameters: [] + responses: + '200': + content: + text/xml: + schema: + properties: + ListOpenIDConnectProvidersResult: + $ref: '#/components/schemas/ListOpenIDConnectProvidersResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListOpenIDConnectProviders + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists information about the IAM OpenID Connect (OIDC) provider + resource objects defined in the Amazon Web Services account.

IAM + resource-listing operations return a subset of the available attributes for + the resource. For example, this operation does not return tags, even though + they are an attribute of the returned object. To view all of the information + for an OIDC provider, see GetOpenIDConnectProvider.

 + operationId: POST_ListOpenIDConnectProviders + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListOpenIDConnectProvidersRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListOpenIDConnectProvidersResult: + $ref: '#/components/schemas/ListOpenIDConnectProvidersResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListOpenIDConnectProviders + /?Action=ListPolicies&Version=2010-05-08: + get: + description:

Lists all the managed policies that are available in your Amazon + Web Services account, including your own customer-defined managed policies + and all Amazon Web Services managed policies.

You can filter the list + of policies that is returned using the optional OnlyAttached, + Scope, and PathPrefix parameters. For example, to + list only the customer managed policies in your Amazon Web Services account, + set Scope to Local. To list only Amazon Web Services + managed policies, set Scope to AWS.

You can + paginate the results using the MaxItems and Marker + parameters.

For more information about managed policies, see Managed + policies and inline policies in the IAM User Guide.

+

IAM resource-listing operations return a subset of the available attributes + for the resource. For example, this operation does not return tags, even though + they are an attribute of the returned object. To view all of the information + for a customer manged policy, see GetPolicy.

 + operationId: GET_ListPolicies + parameters: + - description:

The scope to use for filtering the results.

To list + only Amazon Web Services managed policies, set Scope to AWS. + To list only the customer managed policies in your Amazon Web Services account, + set Scope to Local.

This parameter is optional. + If it is not included, or if it is set to All, all policies + are returned.

+ in: query + name: Scope + required: false + schema: + enum: + - All + - AWS + - Local + type: string + - description:

A flag to filter the results to only the attached policies.

+

When OnlyAttached is true, the returned list + contains only the policies that are attached to an IAM user, group, or role. + When OnlyAttached is false, or when the parameter + is not included, all policies are returned.

+ in: query + name: OnlyAttached + required: false + schema: + type: boolean + - description: The path prefix for filtering the results. This parameter is + optional. If it is not included, it defaults to a slash (/), listing all + policies. This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters. + in: query + name: PathPrefix + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ + type: string + - description: "

The policy usage method to use for filtering the results.

\ + \

To list only permissions policies, set\_PolicyUsageFilter\_\ + to\_PermissionsPolicy. To list only the policies used to set\ + \ permissions boundaries, set\_the value to\_PermissionsBoundary.

\ + \

This parameter is optional. If it is not included, all policies are\ + \ returned.

" + in: query + name: PolicyUsageFilter + required: false + schema: + description:

The policy usage type that indicates whether the policy + is used as a permissions policy or as the permissions boundary for an + entity.

For more information about permissions boundaries, see + Permissions + boundaries for IAM identities in the IAM User Guide.

+ enum: + - PermissionsPolicy + - PermissionsBoundary + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListPoliciesResult: + $ref: '#/components/schemas/ListPoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListPolicies + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists all the managed policies that are available in your Amazon + Web Services account, including your own customer-defined managed policies + and all Amazon Web Services managed policies.

You can filter the list + of policies that is returned using the optional OnlyAttached, + Scope, and PathPrefix parameters. For example, to + list only the customer managed policies in your Amazon Web Services account, + set Scope to Local. To list only Amazon Web Services + managed policies, set Scope to AWS.

You can + paginate the results using the MaxItems and Marker + parameters.

For more information about managed policies, see Managed + policies and inline policies in the IAM User Guide.

+

IAM resource-listing operations return a subset of the available attributes + for the resource. For example, this operation does not return tags, even though + they are an attribute of the returned object. To view all of the information + for a customer manged policy, see GetPolicy.

 + operationId: POST_ListPolicies + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListPoliciesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListPoliciesResult: + $ref: '#/components/schemas/ListPoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListPolicies + /?Action=ListPoliciesGrantingServiceAccess&Version=2010-05-08: + get: + description: "

Retrieves a list of policies that the IAM identity (user, group,\ + \ or role) can use to access each specified service.

This operation\ + \ does not use other policy types when determining whether a resource could\ + \ access a service. These other policy types include resource-based policies,\ + \ access control lists, Organizations policies, IAM permissions boundaries,\ + \ and STS assume role policies. It only applies permissions policy logic.\ + \ For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

The\ + \ list of policies returned by the operation depends on the ARN of the identity\ + \ that you provide.

  • User \u2013 The list of policies\ + \ includes the managed and inline policies that are attached to the user directly.\ + \ The list also includes any additional managed and inline policies that are\ + \ attached to the group to which the user belongs.

  • Group\ + \ \u2013 The list of policies includes only the managed and inline policies\ + \ that are attached to the group directly. Policies that are attached to the\ + \ group\u2019s user are not included.

  • Role \u2013\ + \ The list of policies includes only the managed and inline policies that\ + \ are attached to the role.

For each managed policy, this\ + \ operation returns the ARN and policy name. For each inline policy, it returns\ + \ the policy name and the entity to which it is attached. Inline policies\ + \ do not have an ARN. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.

\ + \

Policies that are attached to users and roles as permissions boundaries\ + \ are not returned. To view which managed policy is currently used to set\ + \ the permissions boundary for a user or role, use the GetUser or GetRole\ + \ operations.

" + operationId: GET_ListPoliciesGrantingServiceAccess + parameters: + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description: The ARN of the IAM identity (user, group, or role) whose policies + you want to list. + in: query + name: Arn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description: "

The service namespace for the Amazon Web Services services\ + \ whose policies you want to list.

To learn the service namespace\ + \ for a service, see Actions, resources, and condition keys for Amazon Web Services services\ + \ in the IAM User Guide. Choose the name of the service to view details\ + \ for that service. In the first paragraph, find the service prefix. For\ + \ example, (service prefix: a4b). For more information about\ + \ service namespaces, see Amazon Web Services service namespaces in the\_Amazon Web Services\ + \ General Reference.

" + in: query + name: ServiceNamespaces + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/serviceNamespaceType' + - xml: + name: member + maxItems: 200 + minItems: 1 + type: array + responses: + '200': + content: + text/xml: + schema: + properties: + ListPoliciesGrantingServiceAccessResult: + $ref: '#/components/schemas/ListPoliciesGrantingServiceAccessResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: ListPoliciesGrantingServiceAccess + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: "

Retrieves a list of policies that the IAM identity (user, group,\ + \ or role) can use to access each specified service.

This operation\ + \ does not use other policy types when determining whether a resource could\ + \ access a service. These other policy types include resource-based policies,\ + \ access control lists, Organizations policies, IAM permissions boundaries,\ + \ and STS assume role policies. It only applies permissions policy logic.\ + \ For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

The\ + \ list of policies returned by the operation depends on the ARN of the identity\ + \ that you provide.

  • User \u2013 The list of policies\ + \ includes the managed and inline policies that are attached to the user directly.\ + \ The list also includes any additional managed and inline policies that are\ + \ attached to the group to which the user belongs.

  • Group\ + \ \u2013 The list of policies includes only the managed and inline policies\ + \ that are attached to the group directly. Policies that are attached to the\ + \ group\u2019s user are not included.

  • Role \u2013\ + \ The list of policies includes only the managed and inline policies that\ + \ are attached to the role.

For each managed policy, this\ + \ operation returns the ARN and policy name. For each inline policy, it returns\ + \ the policy name and the entity to which it is attached. Inline policies\ + \ do not have an ARN. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.

\ + \

Policies that are attached to users and roles as permissions boundaries\ + \ are not returned. To view which managed policy is currently used to set\ + \ the permissions boundary for a user or role, use the GetUser or GetRole\ + \ operations.

" + operationId: POST_ListPoliciesGrantingServiceAccess + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListPoliciesGrantingServiceAccessRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListPoliciesGrantingServiceAccessResult: + $ref: '#/components/schemas/ListPoliciesGrantingServiceAccessResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: ListPoliciesGrantingServiceAccess + /?Action=ListPolicyTags&Version=2010-05-08: + get: + description: Lists the tags that are attached to the specified IAM customer + managed policy. The returned list of tags is sorted by tag key. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: GET_ListPolicyTags + parameters: + - description: '

The ARN of the IAM customer managed policy whose tags you + want to see.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListPolicyTagsResult: + $ref: '#/components/schemas/ListPolicyTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: ListPolicyTags + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Lists the tags that are attached to the specified IAM customer + managed policy. The returned list of tags is sorted by tag key. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: POST_ListPolicyTags + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListPolicyTagsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListPolicyTagsResult: + $ref: '#/components/schemas/ListPolicyTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: ListPolicyTags + /?Action=ListPolicyVersions&Version=2010-05-08: + get: + description:

Lists information about the versions of the specified managed + policy, including the version that is currently set as the policy's default + version.

For more information about managed policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: GET_ListPolicyVersions + parameters: + - description:

The Amazon Resource Name (ARN) of the IAM policy for which + you want the versions.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListPolicyVersionsResult: + $ref: '#/components/schemas/ListPolicyVersionsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListPolicyVersions + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists information about the versions of the specified managed + policy, including the version that is currently set as the policy's default + version.

For more information about managed policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: POST_ListPolicyVersions + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListPolicyVersionsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListPolicyVersionsResult: + $ref: '#/components/schemas/ListPolicyVersionsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListPolicyVersions + /?Action=ListRolePolicies&Version=2010-05-08: + get: + description:

Lists the names of the inline policies that are embedded in + the specified IAM role.

An IAM role can also have managed policies + attached to it. To list the managed policies that are attached to a role, + use ListAttachedRolePolicies. For more information about policies, + see Managed + policies and inline policies in the IAM User Guide.

You + can paginate the results using the MaxItems and Marker + parameters. If there are no inline policies embedded with the specified role, + the operation returns an empty list.

+ operationId: GET_ListRolePolicies + parameters: + - description: '

The name of the role to list policies for.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListRolePoliciesResult: + $ref: '#/components/schemas/ListRolePoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListRolePolicies + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the names of the inline policies that are embedded in + the specified IAM role.

An IAM role can also have managed policies + attached to it. To list the managed policies that are attached to a role, + use ListAttachedRolePolicies. For more information about policies, + see Managed + policies and inline policies in the IAM User Guide.

You + can paginate the results using the MaxItems and Marker + parameters. If there are no inline policies embedded with the specified role, + the operation returns an empty list.

+ operationId: POST_ListRolePolicies + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListRolePoliciesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListRolePoliciesResult: + $ref: '#/components/schemas/ListRolePoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListRolePolicies + /?Action=ListRoleTags&Version=2010-05-08: + get: + description: Lists the tags that are attached to the specified role. The returned + list of tags is sorted by tag key. For more information about tagging, see + Tagging + IAM resources in the IAM User Guide. + operationId: GET_ListRoleTags + parameters: + - description: '

The name of the IAM role for which you want to see the list + of tags.

This parameter accepts (through its regex + pattern) a string of characters that consist of upper and lowercase + alphanumeric characters with no spaces. You can also include any of the + following characters: _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListRoleTagsResult: + $ref: '#/components/schemas/ListRoleTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListRoleTags + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Lists the tags that are attached to the specified role. The returned + list of tags is sorted by tag key. For more information about tagging, see + Tagging + IAM resources in the IAM User Guide. + operationId: POST_ListRoleTags + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListRoleTagsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListRoleTagsResult: + $ref: '#/components/schemas/ListRoleTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListRoleTags + /?Action=ListRoles&Version=2010-05-08: + get: + description:

Lists the IAM roles that have the specified path prefix. If + there are none, the operation returns an empty list. For more information + about roles, see Working + with roles.

IAM resource-listing operations return a subset + of the available attributes for the resource. For example, this operation + does not return tags, even though they are an attribute of the returned object. + To view all of the information for a role, see GetRole.

 +

You can paginate the results using the MaxItems and Marker + parameters.

+ operationId: GET_ListRoles + parameters: + - description:

The path prefix for filtering the results. For example, the + prefix /application_abc/component_xyz/ gets all roles whose + path starts with /application_abc/component_xyz/.

This + parameter is optional. If it is not included, it defaults to a slash (/), + listing all roles. This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ in: query + name: PathPrefix + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: \u002F[\u0021-\u007F]* + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListRolesResult: + $ref: '#/components/schemas/ListRolesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListRoles + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the IAM roles that have the specified path prefix. If + there are none, the operation returns an empty list. For more information + about roles, see Working + with roles.

IAM resource-listing operations return a subset + of the available attributes for the resource. For example, this operation + does not return tags, even though they are an attribute of the returned object. + To view all of the information for a role, see GetRole.

 +

You can paginate the results using the MaxItems and Marker + parameters.

+ operationId: POST_ListRoles + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListRolesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListRolesResult: + $ref: '#/components/schemas/ListRolesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListRoles + /?Action=ListSAMLProviderTags&Version=2010-05-08: + get: + description:

Lists the tags that are attached to the specified Security Assertion + Markup Language (SAML) identity provider. The returned list of tags is sorted + by tag key. For more information, see About + SAML 2.0-based federation.

For more information about tagging, + see Tagging + IAM resources in the IAM User Guide.

+ operationId: GET_ListSAMLProviderTags + parameters: + - description: '

The ARN of the Security Assertion Markup Language (SAML) + identity provider whose tags you want to see.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: SAMLProviderArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListSAMLProviderTagsResult: + $ref: '#/components/schemas/ListSAMLProviderTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: ListSAMLProviderTags + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the tags that are attached to the specified Security Assertion + Markup Language (SAML) identity provider. The returned list of tags is sorted + by tag key. For more information, see About + SAML 2.0-based federation.

For more information about tagging, + see Tagging + IAM resources in the IAM User Guide.

+ operationId: POST_ListSAMLProviderTags + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListSAMLProviderTagsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListSAMLProviderTagsResult: + $ref: '#/components/schemas/ListSAMLProviderTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: ListSAMLProviderTags + /?Action=ListSAMLProviders&Version=2010-05-08: + get: + description:

Lists the SAML provider resource objects defined in IAM in the + account. IAM resource-listing operations return a subset of the available + attributes for the resource. For example, this operation does not return tags, + even though they are an attribute of the returned object. To view all of the + information for a SAML provider, see GetSAMLProvider.

+

This operation requires Signature + Version 4.

 + operationId: GET_ListSAMLProviders + parameters: [] + responses: + '200': + content: + text/xml: + schema: + properties: + ListSAMLProvidersResult: + $ref: '#/components/schemas/ListSAMLProvidersResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListSAMLProviders + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the SAML provider resource objects defined in IAM in the + account. IAM resource-listing operations return a subset of the available + attributes for the resource. For example, this operation does not return tags, + even though they are an attribute of the returned object. To view all of the + information for a SAML provider, see GetSAMLProvider.

+

This operation requires Signature + Version 4.

 + operationId: POST_ListSAMLProviders + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListSAMLProvidersRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListSAMLProvidersResult: + $ref: '#/components/schemas/ListSAMLProvidersResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListSAMLProviders + /?Action=ListSSHPublicKeys&Version=2010-05-08: + get: + description:

Returns information about the SSH public keys associated with + the specified IAM user. If none exists, the operation returns an empty list.

+

The SSH public keys returned by this operation are used only for authenticating + the IAM user to an CodeCommit repository. For more information about using + SSH keys to authenticate to an CodeCommit repository, see Set + up CodeCommit for SSH connections in the CodeCommit User Guide.

+

Although each user is limited to a small number of keys, you can still + paginate the results using the MaxItems and Marker + parameters.

+ operationId: GET_ListSSHPublicKeys + parameters: + - description: '

The name of the IAM user to list SSH public keys for. If + none is specified, the UserName field is determined implicitly + based on the Amazon Web Services access key used to sign the request.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListSSHPublicKeysResult: + $ref: '#/components/schemas/ListSSHPublicKeysResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: ListSSHPublicKeys + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Returns information about the SSH public keys associated with + the specified IAM user. If none exists, the operation returns an empty list.

+

The SSH public keys returned by this operation are used only for authenticating + the IAM user to an CodeCommit repository. For more information about using + SSH keys to authenticate to an CodeCommit repository, see Set + up CodeCommit for SSH connections in the CodeCommit User Guide.

+

Although each user is limited to a small number of keys, you can still + paginate the results using the MaxItems and Marker + parameters.

+ operationId: POST_ListSSHPublicKeys + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListSSHPublicKeysRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListSSHPublicKeysResult: + $ref: '#/components/schemas/ListSSHPublicKeysResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: ListSSHPublicKeys + /?Action=ListServerCertificateTags&Version=2010-05-08: + get: + description:

Lists the tags that are attached to the specified IAM server + certificate. The returned list of tags is sorted by tag key. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide.

For certificates + in a Region supported by Certificate Manager (ACM), we recommend that you + don't use IAM server certificates. Instead, use ACM to provision, manage, + and deploy your server certificates. For more information about IAM server + certificates, Working + with server certificates in the IAM User Guide.

 + operationId: GET_ListServerCertificateTags + parameters: + - description: '

The name of the IAM server certificate whose tags you want + to see.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: ServerCertificateName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListServerCertificateTagsResult: + $ref: '#/components/schemas/ListServerCertificateTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListServerCertificateTags + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the tags that are attached to the specified IAM server + certificate. The returned list of tags is sorted by tag key. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide.

For certificates + in a Region supported by Certificate Manager (ACM), we recommend that you + don't use IAM server certificates. Instead, use ACM to provision, manage, + and deploy your server certificates. For more information about IAM server + certificates, Working + with server certificates in the IAM User Guide.

 + operationId: POST_ListServerCertificateTags + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListServerCertificateTagsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListServerCertificateTagsResult: + $ref: '#/components/schemas/ListServerCertificateTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListServerCertificateTags + /?Action=ListServerCertificates&Version=2010-05-08: + get: + description:

Lists the server certificates stored in IAM that have the specified + path prefix. If none exist, the operation returns an empty list.

You + can paginate the results using the MaxItems and Marker + parameters.

For more information about working with server certificates, + see Working + with server certificates in the IAM User Guide. This topic also + includes a list of Amazon Web Services services that can use the server certificates + that you manage with IAM.

IAM resource-listing operations return + a subset of the available attributes for the resource. For example, this operation + does not return tags, even though they are an attribute of the returned object. + To view all of the information for a servercertificate, see GetServerCertificate.

+ + operationId: GET_ListServerCertificates + parameters: + - description: '

The path prefix for filtering the results. For example: + /company/servercerts would get all server certificates for + which the path starts with /company/servercerts.

This + parameter is optional. If it is not included, it defaults to a slash (/), + listing all server certificates. This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

' + in: query + name: PathPrefix + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: \u002F[\u0021-\u007F]* + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListServerCertificatesResult: + $ref: '#/components/schemas/ListServerCertificatesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListServerCertificates + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the server certificates stored in IAM that have the specified + path prefix. If none exist, the operation returns an empty list.

You + can paginate the results using the MaxItems and Marker + parameters.

For more information about working with server certificates, + see Working + with server certificates in the IAM User Guide. This topic also + includes a list of Amazon Web Services services that can use the server certificates + that you manage with IAM.

IAM resource-listing operations return + a subset of the available attributes for the resource. For example, this operation + does not return tags, even though they are an attribute of the returned object. + To view all of the information for a servercertificate, see GetServerCertificate.

+ + operationId: POST_ListServerCertificates + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListServerCertificatesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListServerCertificatesResult: + $ref: '#/components/schemas/ListServerCertificatesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListServerCertificates + /?Action=ListServiceSpecificCredentials&Version=2010-05-08: + get: + description: Returns information about the service-specific credentials associated + with the specified IAM user. If none exists, the operation returns an empty + list. The service-specific credentials returned by this operation are used + only for authenticating the IAM user to a specific service. For more information + about using service-specific credentials to authenticate to an Amazon Web + Services service, see Set + up service-specific credentials in the CodeCommit User Guide. + operationId: GET_ListServiceSpecificCredentials + parameters: + - description: '

The name of the user whose service-specific credentials you + want information about. If this value is not specified, then the operation + assumes the user whose credentials are used to call the operation.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Filters the returned results to only those for the specified + Amazon Web Services service. If not specified, then Amazon Web Services + returns service-specific credentials for all services. + in: query + name: ServiceName + required: false + schema: + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + ListServiceSpecificCredentialsResult: + $ref: '#/components/schemas/ListServiceSpecificCredentialsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceNotSupportedException' + description: ServiceNotSupportedException + x-aws-operation-name: ListServiceSpecificCredentials + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Returns information about the service-specific credentials associated + with the specified IAM user. If none exists, the operation returns an empty + list. The service-specific credentials returned by this operation are used + only for authenticating the IAM user to a specific service. For more information + about using service-specific credentials to authenticate to an Amazon Web + Services service, see Set + up service-specific credentials in the CodeCommit User Guide. + operationId: POST_ListServiceSpecificCredentials + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListServiceSpecificCredentialsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListServiceSpecificCredentialsResult: + $ref: '#/components/schemas/ListServiceSpecificCredentialsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceNotSupportedException' + description: ServiceNotSupportedException + x-aws-operation-name: ListServiceSpecificCredentials + /?Action=ListSigningCertificates&Version=2010-05-08: + get: + description:

Returns information about the signing certificates associated + with the specified IAM user. If none exists, the operation returns an empty + list.

Although each user is limited to a small number of signing certificates, + you can still paginate the results using the MaxItems and Marker + parameters.

If the UserName field is not specified, the + user name is determined implicitly based on the Amazon Web Services access + key ID used to sign the request for this operation. This operation works for + access keys under the Amazon Web Services account. Consequently, you can use + this operation to manage Amazon Web Services account root user credentials + even if the Amazon Web Services account has no associated users.

+ operationId: GET_ListSigningCertificates + parameters: + - description: '

The name of the IAM user whose signing certificates you want + to examine.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListSigningCertificatesResult: + $ref: '#/components/schemas/ListSigningCertificatesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListSigningCertificates + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Returns information about the signing certificates associated + with the specified IAM user. If none exists, the operation returns an empty + list.

Although each user is limited to a small number of signing certificates, + you can still paginate the results using the MaxItems and Marker + parameters.

If the UserName field is not specified, the + user name is determined implicitly based on the Amazon Web Services access + key ID used to sign the request for this operation. This operation works for + access keys under the Amazon Web Services account. Consequently, you can use + this operation to manage Amazon Web Services account root user credentials + even if the Amazon Web Services account has no associated users.

+ operationId: POST_ListSigningCertificates + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListSigningCertificatesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListSigningCertificatesResult: + $ref: '#/components/schemas/ListSigningCertificatesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListSigningCertificates + /?Action=ListUserPolicies&Version=2010-05-08: + get: + description:

Lists the names of the inline policies embedded in the specified + IAM user.

An IAM user can also have managed policies attached to it. + To list the managed policies that are attached to a user, use ListAttachedUserPolicies. + For more information about policies, see Managed + policies and inline policies in the IAM User Guide.

You + can paginate the results using the MaxItems and Marker + parameters. If there are no inline policies embedded with the specified user, + the operation returns an empty list.

+ operationId: GET_ListUserPolicies + parameters: + - description: '

The name of the user to list policies for.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListUserPoliciesResult: + $ref: '#/components/schemas/ListUserPoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListUserPolicies + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the names of the inline policies embedded in the specified + IAM user.

An IAM user can also have managed policies attached to it. + To list the managed policies that are attached to a user, use ListAttachedUserPolicies. + For more information about policies, see Managed + policies and inline policies in the IAM User Guide.

You + can paginate the results using the MaxItems and Marker + parameters. If there are no inline policies embedded with the specified user, + the operation returns an empty list.

+ operationId: POST_ListUserPolicies + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListUserPoliciesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListUserPoliciesResult: + $ref: '#/components/schemas/ListUserPoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListUserPolicies + /?Action=ListUserTags&Version=2010-05-08: + get: + description: Lists the tags that are attached to the specified IAM user. The + returned list of tags is sorted by tag key. For more information about tagging, + see Tagging + IAM resources in the IAM User Guide. + operationId: GET_ListUserTags + parameters: + - description: '

The name of the IAM user whose tags you want to see.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListUserTagsResult: + $ref: '#/components/schemas/ListUserTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListUserTags + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Lists the tags that are attached to the specified IAM user. The + returned list of tags is sorted by tag key. For more information about tagging, + see Tagging + IAM resources in the IAM User Guide. + operationId: POST_ListUserTags + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListUserTagsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListUserTagsResult: + $ref: '#/components/schemas/ListUserTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListUserTags + /?Action=ListUsers&Version=2010-05-08: + get: + description:

Lists the IAM users that have the specified path prefix. If + no path prefix is specified, the operation returns all users in the Amazon + Web Services account. If there are none, the operation returns an empty list.

+

IAM resource-listing operations return a subset of the available + attributes for the resource. For example, this operation does not return tags, + even though they are an attribute of the returned object. To view all of the + information for a user, see GetUser.

You can paginate + the results using the MaxItems and Marker parameters.

+ operationId: GET_ListUsers + parameters: + - description: '

The path prefix for filtering the results. For example: + /division_abc/subdivision_xyz/, which would get all user names + whose path starts with /division_abc/subdivision_xyz/.

+

This parameter is optional. If it is not included, it defaults to a slash + (/), listing all user names. This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

' + in: query + name: PathPrefix + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: \u002F[\u0021-\u007F]* + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListUsersResult: + $ref: '#/components/schemas/ListUsersResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListUsers + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the IAM users that have the specified path prefix. If + no path prefix is specified, the operation returns all users in the Amazon + Web Services account. If there are none, the operation returns an empty list.

+

IAM resource-listing operations return a subset of the available + attributes for the resource. For example, this operation does not return tags, + even though they are an attribute of the returned object. To view all of the + information for a user, see GetUser.

You can paginate + the results using the MaxItems and Marker parameters.

+ operationId: POST_ListUsers + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListUsersRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListUsersResult: + $ref: '#/components/schemas/ListUsersResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListUsers + /?Action=ListVirtualMFADevices&Version=2010-05-08: + get: + description:

Lists the virtual MFA devices defined in the Amazon Web Services + account by assignment status. If you do not specify an assignment status, + the operation returns a list of all virtual MFA devices. Assignment status + can be Assigned, Unassigned, or Any.

+

IAM resource-listing operations return a subset of the available + attributes for the resource. For example, this operation does not return tags, + even though they are an attribute of the returned object. To view tag information + for a virtual MFA device, see ListMFADeviceTags.

You + can paginate the results using the MaxItems and Marker + parameters.

+ operationId: GET_ListVirtualMFADevices + parameters: + - description: ' The status (Unassigned or Assigned) + of the devices to list. If you do not specify an AssignmentStatus, + the operation defaults to Any, which lists both assigned and + unassigned virtual MFA devices.,' + in: query + name: AssignmentStatus + required: false + schema: + enum: + - Assigned + - Unassigned + - Any + type: string + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListVirtualMFADevicesResult: + $ref: '#/components/schemas/ListVirtualMFADevicesResponse' + type: object + description: Success + x-aws-operation-name: ListVirtualMFADevices + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the virtual MFA devices defined in the Amazon Web Services + account by assignment status. If you do not specify an assignment status, + the operation returns a list of all virtual MFA devices. Assignment status + can be Assigned, Unassigned, or Any.

+

IAM resource-listing operations return a subset of the available + attributes for the resource. For example, this operation does not return tags, + even though they are an attribute of the returned object. To view tag information + for a virtual MFA device, see ListMFADeviceTags.

You + can paginate the results using the MaxItems and Marker + parameters.

+ operationId: POST_ListVirtualMFADevices + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListVirtualMFADevicesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListVirtualMFADevicesResult: + $ref: '#/components/schemas/ListVirtualMFADevicesResponse' + type: object + description: Success + x-aws-operation-name: ListVirtualMFADevices + /?Action=PutGroupPolicy&Version=2010-05-08: + get: + description:

Adds or updates an inline policy document that is embedded in + the specified IAM group.

A user can also have managed policies attached + to it. To attach a managed policy to a group, use AttachGroupPolicy. + To create a new managed policy, use CreatePolicy. For information about + policies, see Managed + policies and inline policies in the IAM User Guide.

For + information about the maximum number of inline policies that you can embed + in a group, see IAM + and STS quotas in the IAM User Guide.

Because policy + documents can be large, you should use POST rather than GET when calling PutGroupPolicy. + For general information about using the Query API with IAM, see Making + query requests in the IAM User Guide.

 + operationId: GET_PutGroupPolicy + parameters: + - description: '

The name of the group to associate the policy with.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-.

' + in: query + name: GroupName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The name of the policy document.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: PolicyName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The policy document.

You must provide policies in JSON + format in IAM. However, for CloudFormation templates formatted in YAML, + you can provide the policy in JSON or YAML format. CloudFormation always + converts a YAML policy to JSON format before submitting it to = IAM.

+

The regex pattern used + to validate this parameter is a string of characters consisting of the following:

+

  • Any printable ASCII character ranging from the space character + (\u0020) through the end of the ASCII character range

    • +

  • The printable characters in the Basic Latin and Latin-1 Supplement + character set (through \u00FF)

  • The special + characters tab (\u0009), line feed (\u000A), and + carriage return (\u000D)

+ in: query + name: PolicyDocument + required: true + schema: + maxLength: 131072 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: PutGroupPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Adds or updates an inline policy document that is embedded in + the specified IAM group.

A user can also have managed policies attached + to it. To attach a managed policy to a group, use AttachGroupPolicy. + To create a new managed policy, use CreatePolicy. For information about + policies, see Managed + policies and inline policies in the IAM User Guide.

For + information about the maximum number of inline policies that you can embed + in a group, see IAM + and STS quotas in the IAM User Guide.

Because policy + documents can be large, you should use POST rather than GET when calling PutGroupPolicy. + For general information about using the Query API with IAM, see Making + query requests in the IAM User Guide.

 + operationId: POST_PutGroupPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/PutGroupPolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: PutGroupPolicy + /?Action=PutRolePermissionsBoundary&Version=2010-05-08: + get: + description:

Adds or updates the policy that is specified as the IAM role's + permissions boundary. You can use an Amazon Web Services managed policy or + a customer managed policy to set the boundary for a role. Use the boundary + to control the maximum permissions that the role can have. Setting a permissions + boundary is an advanced feature that can affect the permissions for the role.

+

You cannot set the boundary for a service-linked role.

+

Policies used as permissions boundaries do not provide permissions. You + must also attach a permissions policy to the role. To learn how the effective + permissions for a role are evaluated, see IAM + JSON policy evaluation logic in the IAM User Guide.

+ operationId: GET_PutRolePermissionsBoundary + parameters: + - description: The name (friendly name, not ARN) of the IAM role for which you + want to set the permissions boundary. + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: The ARN of the policy that is used to set the permissions boundary + for the role. + in: query + name: PermissionsBoundary + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/PolicyNotAttachableException' + description: PolicyNotAttachableException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: PutRolePermissionsBoundary + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Adds or updates the policy that is specified as the IAM role's + permissions boundary. You can use an Amazon Web Services managed policy or + a customer managed policy to set the boundary for a role. Use the boundary + to control the maximum permissions that the role can have. Setting a permissions + boundary is an advanced feature that can affect the permissions for the role.

+

You cannot set the boundary for a service-linked role.

+

Policies used as permissions boundaries do not provide permissions. You + must also attach a permissions policy to the role. To learn how the effective + permissions for a role are evaluated, see IAM + JSON policy evaluation logic in the IAM User Guide.

+ operationId: POST_PutRolePermissionsBoundary + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/PutRolePermissionsBoundaryRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/PolicyNotAttachableException' + description: PolicyNotAttachableException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: PutRolePermissionsBoundary + /?Action=PutRolePolicy&Version=2010-05-08: + get: + description:

Adds or updates an inline policy document that is embedded in + the specified IAM role.

When you embed an inline policy in a role, + the inline policy is used as part of the role's access (permissions) policy. + The role's trust policy is created at the same time as the role, using CreateRole. + You can update a role's trust policy using UpdateAssumeRolePolicy. + For more information about IAM roles, see Using + roles to delegate permissions and federate identities.

A role can + also have a managed policy attached to it. To attach a managed policy to a + role, use AttachRolePolicy. To create a new managed policy, use CreatePolicy. + For information about policies, see Managed + policies and inline policies in the IAM User Guide.

For + information about the maximum number of inline policies that you can embed + with a role, see IAM + and STS quotas in the IAM User Guide.

Because policy + documents can be large, you should use POST rather than GET when calling PutRolePolicy. + For general information about using the Query API with IAM, see Making + query requests in the IAM User Guide.

 + operationId: GET_PutRolePolicy + parameters: + - description: '

The name of the role to associate the policy with.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The name of the policy document.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: PolicyName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The policy document.

You must provide policies in JSON + format in IAM. However, for CloudFormation templates formatted in YAML, + you can provide the policy in JSON or YAML format. CloudFormation always + converts a YAML policy to JSON format before submitting it to IAM.

The + regex pattern used to validate + this parameter is a string of characters consisting of the following:

+

  • Any printable ASCII character ranging from the space character + (\u0020) through the end of the ASCII character range

    • +

  • The printable characters in the Basic Latin and Latin-1 Supplement + character set (through \u00FF)

  • The special + characters tab (\u0009), line feed (\u000A), and + carriage return (\u000D)

+ in: query + name: PolicyDocument + required: true + schema: + maxLength: 131072 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: PutRolePolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Adds or updates an inline policy document that is embedded in + the specified IAM role.

When you embed an inline policy in a role, + the inline policy is used as part of the role's access (permissions) policy. + The role's trust policy is created at the same time as the role, using CreateRole. + You can update a role's trust policy using UpdateAssumeRolePolicy. + For more information about IAM roles, see Using + roles to delegate permissions and federate identities.

A role can + also have a managed policy attached to it. To attach a managed policy to a + role, use AttachRolePolicy. To create a new managed policy, use CreatePolicy. + For information about policies, see Managed + policies and inline policies in the IAM User Guide.

For + information about the maximum number of inline policies that you can embed + with a role, see IAM + and STS quotas in the IAM User Guide.

Because policy + documents can be large, you should use POST rather than GET when calling PutRolePolicy. + For general information about using the Query API with IAM, see Making + query requests in the IAM User Guide.

 + operationId: POST_PutRolePolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/PutRolePolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: PutRolePolicy + /?Action=PutUserPermissionsBoundary&Version=2010-05-08: + get: + description:

Adds or updates the policy that is specified as the IAM user's + permissions boundary. You can use an Amazon Web Services managed policy or + a customer managed policy to set the boundary for a user. Use the boundary + to control the maximum permissions that the user can have. Setting a permissions + boundary is an advanced feature that can affect the permissions for the user.

+

Policies that are used as permissions boundaries do not provide + permissions. You must also attach a permissions policy to the user. To learn + how the effective permissions for a user are evaluated, see IAM + JSON policy evaluation logic in the IAM User Guide.

+ operationId: GET_PutUserPermissionsBoundary + parameters: + - description: The name (friendly name, not ARN) of the IAM user for which you + want to set the permissions boundary. + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: The ARN of the policy that is used to set the permissions boundary + for the user. + in: query + name: PermissionsBoundary + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/PolicyNotAttachableException' + description: PolicyNotAttachableException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: PutUserPermissionsBoundary + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Adds or updates the policy that is specified as the IAM user's + permissions boundary. You can use an Amazon Web Services managed policy or + a customer managed policy to set the boundary for a user. Use the boundary + to control the maximum permissions that the user can have. Setting a permissions + boundary is an advanced feature that can affect the permissions for the user.

+

Policies that are used as permissions boundaries do not provide + permissions. You must also attach a permissions policy to the user. To learn + how the effective permissions for a user are evaluated, see IAM + JSON policy evaluation logic in the IAM User Guide.

+ operationId: POST_PutUserPermissionsBoundary + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/PutUserPermissionsBoundaryRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/PolicyNotAttachableException' + description: PolicyNotAttachableException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: PutUserPermissionsBoundary + /?Action=PutUserPolicy&Version=2010-05-08: + get: + description:

Adds or updates an inline policy document that is embedded in + the specified IAM user.

An IAM user can also have a managed policy + attached to it. To attach a managed policy to a user, use AttachUserPolicy. + To create a new managed policy, use CreatePolicy. For information about + policies, see Managed + policies and inline policies in the IAM User Guide.

For + information about the maximum number of inline policies that you can embed + in a user, see IAM + and STS quotas in the IAM User Guide.

Because policy + documents can be large, you should use POST rather than GET when calling PutUserPolicy. + For general information about using the Query API with IAM, see Making + query requests in the IAM User Guide.

 + operationId: GET_PutUserPolicy + parameters: + - description: '

The name of the user to associate the policy with.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The name of the policy document.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: PolicyName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The policy document.

You must provide policies in JSON + format in IAM. However, for CloudFormation templates formatted in YAML, + you can provide the policy in JSON or YAML format. CloudFormation always + converts a YAML policy to JSON format before submitting it to IAM.

The + regex pattern used to validate + this parameter is a string of characters consisting of the following:

+

  • Any printable ASCII character ranging from the space character + (\u0020) through the end of the ASCII character range

    • +

  • The printable characters in the Basic Latin and Latin-1 Supplement + character set (through \u00FF)

  • The special + characters tab (\u0009), line feed (\u000A), and + carriage return (\u000D)

+ in: query + name: PolicyDocument + required: true + schema: + maxLength: 131072 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: PutUserPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Adds or updates an inline policy document that is embedded in + the specified IAM user.

An IAM user can also have a managed policy + attached to it. To attach a managed policy to a user, use AttachUserPolicy. + To create a new managed policy, use CreatePolicy. For information about + policies, see Managed + policies and inline policies in the IAM User Guide.

For + information about the maximum number of inline policies that you can embed + in a user, see IAM + and STS quotas in the IAM User Guide.

Because policy + documents can be large, you should use POST rather than GET when calling PutUserPolicy. + For general information about using the Query API with IAM, see Making + query requests in the IAM User Guide.

 + operationId: POST_PutUserPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/PutUserPolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: PutUserPolicy + /?Action=RemoveClientIDFromOpenIDConnectProvider&Version=2010-05-08: + get: + description:

Removes the specified client ID (also known as audience) from + the list of client IDs registered for the specified IAM OpenID Connect (OIDC) + provider resource object.

This operation is idempotent; it does not + fail or return an error if you try to remove a client ID that does not exist.

+ operationId: GET_RemoveClientIDFromOpenIDConnectProvider + parameters: + - description:

The Amazon Resource Name (ARN) of the IAM OIDC provider resource + to remove the client ID from. You can get a list of OIDC provider ARNs by + using the ListOpenIDConnectProviders operation.

For more information + about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: OpenIDConnectProviderArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description: The client ID (also known as audience) to remove from the IAM + OIDC provider resource. For more information about client IDs, see CreateOpenIDConnectProvider. + in: query + name: ClientID + required: true + schema: + maxLength: 255 + minLength: 1 + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: RemoveClientIDFromOpenIDConnectProvider + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Removes the specified client ID (also known as audience) from + the list of client IDs registered for the specified IAM OpenID Connect (OIDC) + provider resource object.

This operation is idempotent; it does not + fail or return an error if you try to remove a client ID that does not exist.

+ operationId: POST_RemoveClientIDFromOpenIDConnectProvider + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RemoveClientIDFromOpenIDConnectProviderRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: RemoveClientIDFromOpenIDConnectProvider + /?Action=RemoveRoleFromInstanceProfile&Version=2010-05-08: + get: + description:

Removes the specified IAM role from the specified EC2 instance + profile.

Make sure that you do not have any Amazon EC2 + instances running with the role you are about to remove from the instance + profile. Removing a role from an instance profile that is associated with + a running instance might break any applications running on the instance.

+

For more information about IAM roles, see Working + with roles. For more information about instance profiles, see About + instance profiles.

+ operationId: GET_RemoveRoleFromInstanceProfile + parameters: + - description: '

The name of the instance profile to update.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: InstanceProfileName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The name of the role to remove.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: RemoveRoleFromInstanceProfile + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Removes the specified IAM role from the specified EC2 instance + profile.

Make sure that you do not have any Amazon EC2 + instances running with the role you are about to remove from the instance + profile. Removing a role from an instance profile that is associated with + a running instance might break any applications running on the instance.

+

For more information about IAM roles, see Working + with roles. For more information about instance profiles, see About + instance profiles.

+ operationId: POST_RemoveRoleFromInstanceProfile + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RemoveRoleFromInstanceProfileRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: RemoveRoleFromInstanceProfile + /?Action=RemoveUserFromGroup&Version=2010-05-08: + get: + description: Removes the specified user from the specified group. + operationId: GET_RemoveUserFromGroup + parameters: + - description: '

The name of the group to update.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: GroupName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The name of the user to remove.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: RemoveUserFromGroup + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Removes the specified user from the specified group. + operationId: POST_RemoveUserFromGroup + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/RemoveUserFromGroupRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: RemoveUserFromGroup + /?Action=ResetServiceSpecificCredential&Version=2010-05-08: + get: + description: Resets the password for a service-specific credential. The new + password is Amazon Web Services generated and cryptographically strong. It + cannot be configured by the user. Resetting the password immediately invalidates + the previous password associated with this user. + operationId: GET_ResetServiceSpecificCredential + parameters: + - description: '

The name of the IAM user associated with the service-specific + credential. If this value is not specified, then the operation assumes the + user whose credentials are used to call the operation.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The unique identifier of the service-specific credential.

+

This parameter allows (through its regex + pattern) a string of characters that can consist of any upper or lowercased + letter or digit.

+ in: query + name: ServiceSpecificCredentialId + required: true + schema: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + ResetServiceSpecificCredentialResult: + $ref: '#/components/schemas/ResetServiceSpecificCredentialResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: ResetServiceSpecificCredential + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Resets the password for a service-specific credential. The new + password is Amazon Web Services generated and cryptographically strong. It + cannot be configured by the user. Resetting the password immediately invalidates + the previous password associated with this user. + operationId: POST_ResetServiceSpecificCredential + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ResetServiceSpecificCredentialRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ResetServiceSpecificCredentialResult: + $ref: '#/components/schemas/ResetServiceSpecificCredentialResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: ResetServiceSpecificCredential + /?Action=ResyncMFADevice&Version=2010-05-08: + get: + description:

Synchronizes the specified MFA device with its IAM resource + object on the Amazon Web Services servers.

For more information about + creating and working with virtual MFA devices, see Using + a virtual MFA device in the IAM User Guide.

+ operationId: GET_ResyncMFADevice + parameters: + - description: '

The name of the user whose MFA device you want to resynchronize.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

Serial number that uniquely identifies the MFA device.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: SerialNumber + required: true + schema: + maxLength: 256 + minLength: 9 + pattern: '[\w+=/:,.@-]+' + type: string + - description:

An authentication code emitted by the device.

The format + for this parameter is a sequence of six digits.

+ in: query + name: AuthenticationCode1 + required: true + schema: + maxLength: 6 + minLength: 6 + pattern: '[\d]+' + type: string + - description:

A subsequent authentication code emitted by the device.

+

The format for this parameter is a sequence of six digits.

+ in: query + name: AuthenticationCode2 + required: true + schema: + maxLength: 6 + minLength: 6 + pattern: '[\d]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidAuthenticationCodeException' + description: InvalidAuthenticationCodeException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ResyncMFADevice + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Synchronizes the specified MFA device with its IAM resource + object on the Amazon Web Services servers.

For more information about + creating and working with virtual MFA devices, see Using + a virtual MFA device in the IAM User Guide.

+ operationId: POST_ResyncMFADevice + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ResyncMFADeviceRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidAuthenticationCodeException' + description: InvalidAuthenticationCodeException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ResyncMFADevice + /?Action=SetDefaultPolicyVersion&Version=2010-05-08: + get: + description:

Sets the specified version of the specified policy as the policy's + default (operative) version.

This operation affects all users, groups, + and roles that the policy is attached to. To list the users, groups, and roles + that the policy is attached to, use ListEntitiesForPolicy.

For + information about managed policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: GET_SetDefaultPolicyVersion + parameters: + - description:

The Amazon Resource Name (ARN) of the IAM policy whose default + version you want to set.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description:

The version of the policy to set as the default (operative) + version.

For more information about managed policy versions, see + Versioning + for managed policies in the IAM User Guide.

+ in: query + name: VersionId + required: true + schema: + pattern: v[1-9][0-9]*(\.[A-Za-z0-9-]*)? + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: SetDefaultPolicyVersion + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Sets the specified version of the specified policy as the policy's + default (operative) version.

This operation affects all users, groups, + and roles that the policy is attached to. To list the users, groups, and roles + that the policy is attached to, use ListEntitiesForPolicy.

For + information about managed policies, see Managed + policies and inline policies in the IAM User Guide.

+ operationId: POST_SetDefaultPolicyVersion + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/SetDefaultPolicyVersionRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: SetDefaultPolicyVersion + /?Action=SetSecurityTokenServicePreferences&Version=2010-05-08: + get: + description:

Sets the specified version of the global endpoint token as the + token version used for the Amazon Web Services account.

By default, + Security Token Service (STS) is available as a global service, and all STS + requests go to a single endpoint at https://sts.amazonaws.com. + Amazon Web Services recommends using Regional STS endpoints to reduce latency, + build in redundancy, and increase session token availability. For information + about Regional endpoints for STS, see Security + Token Service endpoints and quotas in the Amazon Web Services General + Reference.

If you make an STS call to the global endpoint, the + resulting session tokens might be valid in some Regions but not others. It + depends on the version that is set in this operation. Version 1 tokens are + valid only in Amazon Web Services Regions that are available by default. These + tokens do not work in manually enabled Regions, such as Asia Pacific (Hong + Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens + are longer and might affect systems where you temporarily store tokens. For + information, see Activating + and deactivating STS in an Amazon Web Services Region in the IAM User + Guide.

To view the current session token version, see the GlobalEndpointTokenVersion + entry in the response of the GetAccountSummary operation.

+ operationId: GET_SetSecurityTokenServicePreferences + parameters: + - description:

The version of the global endpoint token. Version 1 tokens + are valid only in Amazon Web Services Regions that are available by default. + These tokens do not work in manually enabled Regions, such as Asia Pacific + (Hong Kong). Version 2 tokens are valid in all Regions. However, version + 2 tokens are longer and might affect systems where you temporarily store + tokens.

For information, see Activating + and deactivating STS in an Amazon Web Services Region in the IAM + User Guide.

+ in: query + name: GlobalEndpointTokenVersion + required: true + schema: + enum: + - v1Token + - v2Token + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: SetSecurityTokenServicePreferences + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Sets the specified version of the global endpoint token as the + token version used for the Amazon Web Services account.

By default, + Security Token Service (STS) is available as a global service, and all STS + requests go to a single endpoint at https://sts.amazonaws.com. + Amazon Web Services recommends using Regional STS endpoints to reduce latency, + build in redundancy, and increase session token availability. For information + about Regional endpoints for STS, see Security + Token Service endpoints and quotas in the Amazon Web Services General + Reference.

If you make an STS call to the global endpoint, the + resulting session tokens might be valid in some Regions but not others. It + depends on the version that is set in this operation. Version 1 tokens are + valid only in Amazon Web Services Regions that are available by default. These + tokens do not work in manually enabled Regions, such as Asia Pacific (Hong + Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens + are longer and might affect systems where you temporarily store tokens. For + information, see Activating + and deactivating STS in an Amazon Web Services Region in the IAM User + Guide.

To view the current session token version, see the GlobalEndpointTokenVersion + entry in the response of the GetAccountSummary operation.

+ operationId: POST_SetSecurityTokenServicePreferences + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/SetSecurityTokenServicePreferencesRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: SetSecurityTokenServicePreferences + /?Action=SimulateCustomPolicy&Version=2010-05-08: + get: + description:

Simulate how a set of IAM policies and optionally a resource-based + policy works with a list of API operations and Amazon Web Services resources + to determine the policies' effective permissions. The policies are provided + as strings.

The simulation does not perform the API operations; it + only checks the authorization to determine if the simulated policies allow + or deny the operations. You can simulate resources that don't exist in your + account.

If you want to simulate existing policies that are attached + to an IAM user, group, or role, use SimulatePrincipalPolicy instead.

+

Context keys are variables that are maintained by Amazon Web Services and + its services and which provide details about the context of an API query request. + You can use the Condition element of an IAM policy to evaluate + context keys. To get the list of context keys that the policies require for + correct simulation, use GetContextKeysForCustomPolicy.

If the + output is long, you can use MaxItems and Marker + parameters to paginate the results.

For more information about using + the policy simulator, see Testing + IAM policies with the IAM policy simulator in the IAM User Guide.

+ operationId: GET_SimulateCustomPolicy + parameters: + - description:

A list of policy documents to include in the simulation. Each + document is specified as a string containing the complete, valid JSON text + of an IAM policy. Do not include any resource-based policies in this parameter. + Any resource-based policy must be submitted with the ResourcePolicy + parameter. The policies cannot be "scope-down" policies, such as you could + include in a call to GetFederationToken + or one of the AssumeRole + API operations. In other words, do not use policies designed to restrict + what a user can do while using the temporary credentials.

The maximum + length of the policy document that you can pass in this operation, including + whitespace, is listed below. To view the maximum character counts of a managed + policy with no whitespaces, see IAM + and STS character quotas.

The regex + pattern used to validate this parameter is a string of characters consisting + of the following:

  • Any printable ASCII character ranging + from the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line feed + (\u000A), and carriage return (\u000D)

    • +
+ in: query + name: PolicyInputList + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - xml: + name: member + type: array + - description:

The IAM permissions boundary policy to simulate. The permissions + boundary sets the maximum permissions that an IAM entity can have. You can + input only one permissions boundary when you pass a policy to this operation. + For more information about permissions boundaries, see Permissions + boundaries for IAM entities in the IAM User Guide. The policy + input is specified as a string that contains the complete, valid JSON text + of a permissions boundary policy.

The maximum length of the policy + document that you can pass in this operation, including whitespace, is listed + below. To view the maximum character counts of a managed policy with no + whitespaces, see IAM + and STS character quotas.

The regex + pattern used to validate this parameter is a string of characters consisting + of the following:

  • Any printable ASCII character ranging + from the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line feed + (\u000A), and carriage return (\u000D)

    • +
+ in: query + name: PermissionsBoundaryPolicyInputList + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - xml: + name: member + type: array + - description: A list of names of API operations to evaluate in the simulation. + Each operation is evaluated against each resource. Each operation must include + the service identifier, such as iam:CreateUser. This operation + does not support using wildcards (*) in an action name. + in: query + name: ActionNames + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/ActionNameType' + - xml: + name: member + type: array + - description:

A list of ARNs of Amazon Web Services resources to include + in the simulation. If this parameter is not provided, then the value defaults + to * (all resources). Each API in the ActionNames + parameter is evaluated for each resource in this list. The simulation determines + the access result (allowed or denied) of each combination and reports it + in the response. You can simulate resources that don't exist in your account.

+

The simulation does not automatically retrieve policies for the specified + resources. If you want to include a resource policy in the simulation, then + you must include the policy as a string in the ResourcePolicy + parameter.

If you include a ResourcePolicy, then it + must be applicable to all of the resources included in the simulation or + you receive an invalid input error.

For more information about ARNs, + see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: ResourceArns + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/ResourceNameType' + - xml: + name: member + type: array + - description:

A resource-based policy to include in the simulation provided + as a string. Each resource in the simulation is treated as if it had this + policy attached. You can include only one resource-based policy in a simulation.

+

The maximum length of the policy document that you can pass in this operation, + including whitespace, is listed below. To view the maximum character counts + of a managed policy with no whitespaces, see IAM + and STS character quotas.

The regex + pattern used to validate this parameter is a string of characters consisting + of the following:

  • Any printable ASCII character ranging + from the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line feed + (\u000A), and carriage return (\u000D)

    • +
+ in: query + name: ResourcePolicy + required: false + schema: + maxLength: 131072 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + - description: '

An ARN representing the Amazon Web Services account ID that + specifies the owner of any simulated resource that does not identify its + owner in the resource ARN. Examples of resource ARNs include an S3 bucket + or object. If ResourceOwner is specified, it is also used as + the account owner of any ResourcePolicy included in the simulation. + If the ResourceOwner parameter is not specified, then the owner + of the resources and the resource policy defaults to the account of the + identity provided in CallerArn. This parameter is required + only if you specify a resource-based policy and account that owns the resource + is different from the account that owns the simulated calling user CallerArn.

+

The ARN for an account uses the following syntax: arn:aws:iam::AWS-account-ID:root. + For example, to represent the account with the 112233445566 ID, use the + following ARN: arn:aws:iam::112233445566-ID:root.

' + in: query + name: ResourceOwner + required: false + schema: + maxLength: 2048 + minLength: 1 + type: string + - description:

The ARN of the IAM user that you want to use as the simulated + caller of the API operations. CallerArn is required if you + include a ResourcePolicy so that the policy's Principal + element has a value to use in evaluating the policy.

You can specify + only the ARN of an IAM user. You cannot specify the ARN of an assumed role, + federated user, or a service principal.

+ in: query + name: CallerArn + required: false + schema: + maxLength: 2048 + minLength: 1 + type: string + - description: A list of context keys and corresponding values for the simulation + to use. Whenever a context key is evaluated in one of the simulated IAM + permissions policies, the corresponding value is supplied. + in: query + name: ContextEntries + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/ContextEntry' + - xml: + name: member + type: array + - description:

Specifies the type of simulation to run. Different API operations + that support resource-based policies require different combinations of resources. + By specifying the type of simulation to run, you enable the policy simulator + to enforce the presence of the required resources to ensure reliable simulation + results. If your simulation does not match one of the following scenarios, + then you can omit this parameter. The following list shows each of the supported + scenario values and the resources that you must define to run the simulation.

+

Each of the EC2 scenarios requires that you specify instance, image, + and security-group resources. If your scenario includes an EBS volume, then + you must specify that volume as a resource. If the EC2 scenario includes + VPC, then you must supply the network-interface resource. If it includes + an IP subnet, then you must specify the subnet resource. For more information + on the EC2 scenario options, see Supported + platforms in the Amazon EC2 User Guide.

  • EC2-Classic-InstanceStore +

    instance, image, security-group

  • EC2-Classic-EBS +

    instance, image, security-group, volume

  • EC2-VPC-InstanceStore +

    instance, image, security-group, network-interface

  • +

    EC2-VPC-InstanceStore-Subnet

    instance, image, security-group, + network-interface, subnet

  • EC2-VPC-EBS

    instance, + image, security-group, network-interface, volume

  • EC2-VPC-EBS-Subnet +

    instance, image, security-group, network-interface, subnet, volume

    +
+ in: query + name: ResourceHandlingOption + required: false + schema: + maxLength: 64 + minLength: 1 + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + SimulateCustomPolicyResult: + $ref: '#/components/schemas/SimulatePolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/PolicyEvaluationException' + description: PolicyEvaluationException + x-aws-operation-name: SimulateCustomPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Simulate how a set of IAM policies and optionally a resource-based + policy works with a list of API operations and Amazon Web Services resources + to determine the policies' effective permissions. The policies are provided + as strings.

The simulation does not perform the API operations; it + only checks the authorization to determine if the simulated policies allow + or deny the operations. You can simulate resources that don't exist in your + account.

If you want to simulate existing policies that are attached + to an IAM user, group, or role, use SimulatePrincipalPolicy instead.

+

Context keys are variables that are maintained by Amazon Web Services and + its services and which provide details about the context of an API query request. + You can use the Condition element of an IAM policy to evaluate + context keys. To get the list of context keys that the policies require for + correct simulation, use GetContextKeysForCustomPolicy.

If the + output is long, you can use MaxItems and Marker + parameters to paginate the results.

For more information about using + the policy simulator, see Testing + IAM policies with the IAM policy simulator in the IAM User Guide.

+ operationId: POST_SimulateCustomPolicy + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/SimulateCustomPolicyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + SimulateCustomPolicyResult: + $ref: '#/components/schemas/SimulatePolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/PolicyEvaluationException' + description: PolicyEvaluationException + x-aws-operation-name: SimulateCustomPolicy + /?Action=SimulatePrincipalPolicy&Version=2010-05-08: + get: + description:

Simulate how a set of IAM policies attached to an IAM entity + works with a list of API operations and Amazon Web Services resources to determine + the policies' effective permissions. The entity can be an IAM user, group, + or role. If you specify a user, then the simulation also includes all of the + policies that are attached to groups that the user belongs to. You can simulate + resources that don't exist in your account.

You can optionally include + a list of one or more additional policies specified as strings to include + in the simulation. If you want to simulate only policies specified as strings, + use SimulateCustomPolicy instead.

You can also optionally include + one resource-based policy to be evaluated with each of the resources included + in the simulation.

The simulation does not perform the API operations; + it only checks the authorization to determine if the simulated policies allow + or deny the operations.

Note: This operation discloses information + about the permissions granted to other users. If you do not want users to + see other user's permissions, then consider allowing them to use SimulateCustomPolicy + instead.

Context keys are variables maintained by Amazon Web Services + and its services that provide details about the context of an API query request. + You can use the Condition element of an IAM policy to evaluate + context keys. To get the list of context keys that the policies require for + correct simulation, use GetContextKeysForPrincipalPolicy.

If + the output is long, you can use the MaxItems and Marker + parameters to paginate the results.

For more information about using + the policy simulator, see Testing + IAM policies with the IAM policy simulator in the IAM User Guide.

+ operationId: GET_SimulatePrincipalPolicy + parameters: + - description:

The Amazon Resource Name (ARN) of a user, group, or role whose + policies you want to include in the simulation. If you specify a user, group, + or role, the simulation includes all policies that are associated with that + entity. If you specify a user, the simulation also includes all policies + that are attached to any groups the user belongs to.

The maximum + length of the policy document that you can pass in this operation, including + whitespace, is listed below. To view the maximum character counts of a managed + policy with no whitespaces, see IAM + and STS character quotas.

For more information about ARNs, see + Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicySourceArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description:

An optional list of additional policy documents to include + in the simulation. Each document is specified as a string containing the + complete, valid JSON text of an IAM policy.

The regex + pattern used to validate this parameter is a string of characters consisting + of the following:

  • Any printable ASCII character ranging + from the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line feed + (\u000A), and carriage return (\u000D)

    • +
+ in: query + name: PolicyInputList + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - xml: + name: member + type: array + - description:

The IAM permissions boundary policy to simulate. The permissions + boundary sets the maximum permissions that the entity can have. You can + input only one permissions boundary when you pass a policy to this operation. + An IAM entity can only have one permissions boundary in effect at a time. + For example, if a permissions boundary is attached to an entity and you + pass in a different permissions boundary policy using this parameter, then + the new permissions boundary policy is used for the simulation. For more + information about permissions boundaries, see Permissions + boundaries for IAM entities in the IAM User Guide. The policy + input is specified as a string containing the complete, valid JSON text + of a permissions boundary policy.

The maximum length of the policy + document that you can pass in this operation, including whitespace, is listed + below. To view the maximum character counts of a managed policy with no + whitespaces, see IAM + and STS character quotas.

The regex + pattern used to validate this parameter is a string of characters consisting + of the following:

  • Any printable ASCII character ranging + from the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line feed + (\u000A), and carriage return (\u000D)

    • +
+ in: query + name: PermissionsBoundaryPolicyInputList + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - xml: + name: member + type: array + - description: A list of names of API operations to evaluate in the simulation. + Each operation is evaluated for each resource. Each operation must include + the service identifier, such as iam:CreateUser. + in: query + name: ActionNames + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/ActionNameType' + - xml: + name: member + type: array + - description:

A list of ARNs of Amazon Web Services resources to include + in the simulation. If this parameter is not provided, then the value defaults + to * (all resources). Each API in the ActionNames + parameter is evaluated for each resource in this list. The simulation determines + the access result (allowed or denied) of each combination and reports it + in the response. You can simulate resources that don't exist in your account.

+

The simulation does not automatically retrieve policies for the specified + resources. If you want to include a resource policy in the simulation, then + you must include the policy as a string in the ResourcePolicy + parameter.

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: ResourceArns + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/ResourceNameType' + - xml: + name: member + type: array + - description:

A resource-based policy to include in the simulation provided + as a string. Each resource in the simulation is treated as if it had this + policy attached. You can include only one resource-based policy in a simulation.

+

The maximum length of the policy document that you can pass in this operation, + including whitespace, is listed below. To view the maximum character counts + of a managed policy with no whitespaces, see IAM + and STS character quotas.

The regex + pattern used to validate this parameter is a string of characters consisting + of the following:

  • Any printable ASCII character ranging + from the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line feed + (\u000A), and carriage return (\u000D)

    • +
+ in: query + name: ResourcePolicy + required: false + schema: + maxLength: 131072 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + - description: An Amazon Web Services account ID that specifies the owner of + any simulated resource that does not identify its owner in the resource + ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner + is specified, it is also used as the account owner of any ResourcePolicy + included in the simulation. If the ResourceOwner parameter + is not specified, then the owner of the resources and the resource policy + defaults to the account of the identity provided in CallerArn. + This parameter is required only if you specify a resource-based policy and + account that owns the resource is different from the account that owns the + simulated calling user CallerArn. + in: query + name: ResourceOwner + required: false + schema: + maxLength: 2048 + minLength: 1 + type: string + - description:

The ARN of the IAM user that you want to specify as the simulated + caller of the API operations. If you do not specify a CallerArn, + it defaults to the ARN of the user that you specify in PolicySourceArn, + if you specified a user. If you include both a PolicySourceArn + (for example, arn:aws:iam::123456789012:user/David) and a CallerArn + (for example, arn:aws:iam::123456789012:user/Bob), the result + is that you simulate calling the API operations as Bob, as if Bob had David's + policies.

You can specify only the ARN of an IAM user. You cannot + specify the ARN of an assumed role, federated user, or a service principal.

+

CallerArn is required if you include a ResourcePolicy + and the PolicySourceArn is not the ARN for an IAM user. This + is required so that the resource-based policy's Principal element + has a value to use in evaluating the policy.

For more information + about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: CallerArn + required: false + schema: + maxLength: 2048 + minLength: 1 + type: string + - description: A list of context keys and corresponding values for the simulation + to use. Whenever a context key is evaluated in one of the simulated IAM + permissions policies, the corresponding value is supplied. + in: query + name: ContextEntries + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/ContextEntry' + - xml: + name: member + type: array + - description:

Specifies the type of simulation to run. Different API operations + that support resource-based policies require different combinations of resources. + By specifying the type of simulation to run, you enable the policy simulator + to enforce the presence of the required resources to ensure reliable simulation + results. If your simulation does not match one of the following scenarios, + then you can omit this parameter. The following list shows each of the supported + scenario values and the resources that you must define to run the simulation.

+

Each of the EC2 scenarios requires that you specify instance, image, + and security group resources. If your scenario includes an EBS volume, then + you must specify that volume as a resource. If the EC2 scenario includes + VPC, then you must supply the network interface resource. If it includes + an IP subnet, then you must specify the subnet resource. For more information + on the EC2 scenario options, see Supported + platforms in the Amazon EC2 User Guide.

  • EC2-Classic-InstanceStore +

    instance, image, security group

  • EC2-Classic-EBS +

    instance, image, security group, volume

  • EC2-VPC-InstanceStore +

    instance, image, security group, network interface

  • +

    EC2-VPC-InstanceStore-Subnet

    instance, image, security + group, network interface, subnet

  • EC2-VPC-EBS

    +

    instance, image, security group, network interface, volume

    • +

  • EC2-VPC-EBS-Subnet

    instance, image, security group, + network interface, subnet, volume

+ in: query + name: ResourceHandlingOption + required: false + schema: + maxLength: 64 + minLength: 1 + type: string + - description:

Use this only when paginating results to indicate the maximum + number of items you want in the response. If additional items exist beyond + the maximum you specify, the IsTruncated response element is + true.

If you do not include this parameter, the number + of items defaults to 100. Note that IAM might return fewer results, even + when there are more results available. In that case, the IsTruncated + response element returns true, and Marker contains + a value to include in the subsequent call that tells the service where to + continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + - description: Use this parameter only when paginating results and only after + you receive a response indicating that the results are truncated. Set it + to the value of the Marker element in the response that you + received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + SimulatePrincipalPolicyResult: + $ref: '#/components/schemas/SimulatePolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/PolicyEvaluationException' + description: PolicyEvaluationException + x-aws-operation-name: SimulatePrincipalPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Simulate how a set of IAM policies attached to an IAM entity + works with a list of API operations and Amazon Web Services resources to determine + the policies' effective permissions. The entity can be an IAM user, group, + or role. If you specify a user, then the simulation also includes all of the + policies that are attached to groups that the user belongs to. You can simulate + resources that don't exist in your account.

You can optionally include + a list of one or more additional policies specified as strings to include + in the simulation. If you want to simulate only policies specified as strings, + use SimulateCustomPolicy instead.

You can also optionally include + one resource-based policy to be evaluated with each of the resources included + in the simulation.

The simulation does not perform the API operations; + it only checks the authorization to determine if the simulated policies allow + or deny the operations.

Note: This operation discloses information + about the permissions granted to other users. If you do not want users to + see other user's permissions, then consider allowing them to use SimulateCustomPolicy + instead.

Context keys are variables maintained by Amazon Web Services + and its services that provide details about the context of an API query request. + You can use the Condition element of an IAM policy to evaluate + context keys. To get the list of context keys that the policies require for + correct simulation, use GetContextKeysForPrincipalPolicy.

If + the output is long, you can use the MaxItems and Marker + parameters to paginate the results.

For more information about using + the policy simulator, see Testing + IAM policies with the IAM policy simulator in the IAM User Guide.

+ operationId: POST_SimulatePrincipalPolicy + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/SimulatePrincipalPolicyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + SimulatePrincipalPolicyResult: + $ref: '#/components/schemas/SimulatePolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/PolicyEvaluationException' + description: PolicyEvaluationException + x-aws-operation-name: SimulatePrincipalPolicy + /?Action=TagInstanceProfile&Version=2010-05-08: + get: + description:

Adds one or more tags to an IAM instance profile. If a tag with + the same key name already exists, then that tag is overwritten with the new + value.

Each tag consists of a key name and an associated value. By + assigning tags to your resources, you can do the following:

  • +

    Administrative grouping and discovery - Attach tags to resources + to aid in organization and search. For example, you could search for all resources + with the key name Project and the value MyImportantProject. + Or search for all resources with the key name Cost Center and the value + 41200.

  • Access control - Include tags in + IAM user-based and resource-based policies. You can use tags to restrict access + to only an IAM instance profile that has a specified tag attached. For examples + of policies that show how to use tags to control access, see Control + access using IAM tags in the IAM User Guide.

+

  • If any one of the tags is invalid or if you exceed the allowed + maximum number of tags, then the entire request fails and the resource is + not created. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+ + operationId: GET_TagInstanceProfile + parameters: + - description: '

The name of the IAM instance profile to which you want to + add tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: InstanceProfileName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: The list of tags that you want to attach to the IAM instance + profile. Each tag consists of a key name and an associated value. + in: query + name: Tags + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagInstanceProfile + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Adds one or more tags to an IAM instance profile. If a tag with + the same key name already exists, then that tag is overwritten with the new + value.

Each tag consists of a key name and an associated value. By + assigning tags to your resources, you can do the following:

  • +

    Administrative grouping and discovery - Attach tags to resources + to aid in organization and search. For example, you could search for all resources + with the key name Project and the value MyImportantProject. + Or search for all resources with the key name Cost Center and the value + 41200.

  • Access control - Include tags in + IAM user-based and resource-based policies. You can use tags to restrict access + to only an IAM instance profile that has a specified tag attached. For examples + of policies that show how to use tags to control access, see Control + access using IAM tags in the IAM User Guide.

+

  • If any one of the tags is invalid or if you exceed the allowed + maximum number of tags, then the entire request fails and the resource is + not created. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+ + operationId: POST_TagInstanceProfile + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/TagInstanceProfileRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagInstanceProfile + /?Action=TagMFADevice&Version=2010-05-08: + get: + description:

Adds one or more tags to an IAM virtual multi-factor authentication + (MFA) device. If a tag with the same key name already exists, then that tag + is overwritten with the new value.

A tag consists of a key name and + an associated value. By assigning tags to your resources, you can do the following:

+

  • Administrative grouping and discovery - Attach tags to + resources to aid in organization and search. For example, you could search + for all resources with the key name Project and the value MyImportantProject. + Or search for all resources with the key name Cost Center and the value + 41200.

  • Access control - Include tags in + IAM user-based and resource-based policies. You can use tags to restrict access + to only an IAM virtual MFA device that has a specified tag attached. For examples + of policies that show how to use tags to control access, see Control + access using IAM tags in the IAM User Guide.

+

  • If any one of the tags is invalid or if you exceed the allowed + maximum number of tags, then the entire request fails and the resource is + not created. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+ + operationId: GET_TagMFADevice + parameters: + - description: '

The unique identifier for the IAM virtual MFA device to which + you want to add tags. For virtual MFA devices, the serial number is the + same as the ARN.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: SerialNumber + required: true + schema: + maxLength: 256 + minLength: 9 + pattern: '[\w+=/:,.@-]+' + type: string + - description: The list of tags that you want to attach to the IAM virtual MFA + device. Each tag consists of a key name and an associated value. + in: query + name: Tags + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagMFADevice + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Adds one or more tags to an IAM virtual multi-factor authentication + (MFA) device. If a tag with the same key name already exists, then that tag + is overwritten with the new value.

A tag consists of a key name and + an associated value. By assigning tags to your resources, you can do the following:

+

  • Administrative grouping and discovery - Attach tags to + resources to aid in organization and search. For example, you could search + for all resources with the key name Project and the value MyImportantProject. + Or search for all resources with the key name Cost Center and the value + 41200.

  • Access control - Include tags in + IAM user-based and resource-based policies. You can use tags to restrict access + to only an IAM virtual MFA device that has a specified tag attached. For examples + of policies that show how to use tags to control access, see Control + access using IAM tags in the IAM User Guide.

+

  • If any one of the tags is invalid or if you exceed the allowed + maximum number of tags, then the entire request fails and the resource is + not created. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+ + operationId: POST_TagMFADevice + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/TagMFADeviceRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagMFADevice + /?Action=TagOpenIDConnectProvider&Version=2010-05-08: + get: + description:

Adds one or more tags to an OpenID Connect (OIDC)-compatible + identity provider. For more information about these providers, see About + web identity federation. If a tag with the same key name already exists, + then that tag is overwritten with the new value.

A tag consists of + a key name and an associated value. By assigning tags to your resources, you + can do the following:

  • Administrative grouping and discovery + - Attach tags to resources to aid in organization and search. For example, + you could search for all resources with the key name Project and the + value MyImportantProject. Or search for all resources with the key + name Cost Center and the value 41200.

  • Access + control - Include tags in IAM user-based and resource-based policies. + You can use tags to restrict access to only an OIDC provider that has a specified + tag attached. For examples of policies that show how to use tags to control + access, see Control + access using IAM tags in the IAM User Guide.

+

  • If any one of the tags is invalid or if you exceed the allowed + maximum number of tags, then the entire request fails and the resource is + not created. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+ + operationId: GET_TagOpenIDConnectProvider + parameters: + - description: '

The ARN of the OIDC identity provider in IAM to which you + want to add tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: OpenIDConnectProviderArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description: The list of tags that you want to attach to the OIDC identity + provider in IAM. Each tag consists of a key name and an associated value. + in: query + name: Tags + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagOpenIDConnectProvider + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Adds one or more tags to an OpenID Connect (OIDC)-compatible + identity provider. For more information about these providers, see About + web identity federation. If a tag with the same key name already exists, + then that tag is overwritten with the new value.

A tag consists of + a key name and an associated value. By assigning tags to your resources, you + can do the following:

  • Administrative grouping and discovery + - Attach tags to resources to aid in organization and search. For example, + you could search for all resources with the key name Project and the + value MyImportantProject. Or search for all resources with the key + name Cost Center and the value 41200.

  • Access + control - Include tags in IAM user-based and resource-based policies. + You can use tags to restrict access to only an OIDC provider that has a specified + tag attached. For examples of policies that show how to use tags to control + access, see Control + access using IAM tags in the IAM User Guide.

+

  • If any one of the tags is invalid or if you exceed the allowed + maximum number of tags, then the entire request fails and the resource is + not created. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+ + operationId: POST_TagOpenIDConnectProvider + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/TagOpenIDConnectProviderRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagOpenIDConnectProvider + /?Action=TagPolicy&Version=2010-05-08: + get: + description:

Adds one or more tags to an IAM customer managed policy. If + a tag with the same key name already exists, then that tag is overwritten + with the new value.

A tag consists of a key name and an associated + value. By assigning tags to your resources, you can do the following:

+

  • Administrative grouping and discovery - Attach tags to + resources to aid in organization and search. For example, you could search + for all resources with the key name Project and the value MyImportantProject. + Or search for all resources with the key name Cost Center and the value + 41200.

  • Access control - Include tags in + IAM user-based and resource-based policies. You can use tags to restrict access + to only an IAM customer managed policy that has a specified tag attached. + For examples of policies that show how to use tags to control access, see + Control + access using IAM tags in the IAM User Guide.

+

  • If any one of the tags is invalid or if you exceed the allowed + maximum number of tags, then the entire request fails and the resource is + not created. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+ + operationId: GET_TagPolicy + parameters: + - description: '

The ARN of the IAM customer managed policy to which you want + to add tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description: The list of tags that you want to attach to the IAM customer + managed policy. Each tag consists of a key name and an associated value. + in: query + name: Tags + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Adds one or more tags to an IAM customer managed policy. If + a tag with the same key name already exists, then that tag is overwritten + with the new value.

A tag consists of a key name and an associated + value. By assigning tags to your resources, you can do the following:

+

  • Administrative grouping and discovery - Attach tags to + resources to aid in organization and search. For example, you could search + for all resources with the key name Project and the value MyImportantProject. + Or search for all resources with the key name Cost Center and the value + 41200.

  • Access control - Include tags in + IAM user-based and resource-based policies. You can use tags to restrict access + to only an IAM customer managed policy that has a specified tag attached. + For examples of policies that show how to use tags to control access, see + Control + access using IAM tags in the IAM User Guide.

+

  • If any one of the tags is invalid or if you exceed the allowed + maximum number of tags, then the entire request fails and the resource is + not created. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+ + operationId: POST_TagPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/TagPolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagPolicy + /?Action=TagRole&Version=2010-05-08: + get: + description:

Adds one or more tags to an IAM role. The role can be a regular + role or a service-linked role. If a tag with the same key name already exists, + then that tag is overwritten with the new value.

A tag consists of + a key name and an associated value. By assigning tags to your resources, you + can do the following:

  • Administrative grouping and discovery + - Attach tags to resources to aid in organization and search. For example, + you could search for all resources with the key name Project and the + value MyImportantProject. Or search for all resources with the key + name Cost Center and the value 41200.

  • Access + control - Include tags in IAM user-based and resource-based policies. + You can use tags to restrict access to only an IAM role that has a specified + tag attached. You can also restrict access to only those resources that have + a certain tag attached. For examples of policies that show how to use tags + to control access, see Control + access using IAM tags in the IAM User Guide.

  • + Cost allocation - Use tags to help track which individuals and teams + are using which Amazon Web Services resources.

    +

  • If any one of the tags is invalid or if you exceed the allowed maximum + number of tags, then the entire request fails and the resource is not created. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+

For more information about tagging, see Tagging + IAM identities in the IAM User Guide.

+ operationId: GET_TagRole + parameters: + - description: '

The name of the IAM role to which you want to add tags.

+

This parameter accepts (through its regex + pattern) a string of characters that consist of upper and lowercase + alphanumeric characters with no spaces. You can also include any of the + following characters: _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: The list of tags that you want to attach to the IAM role. Each + tag consists of a key name and an associated value. + in: query + name: Tags + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagRole + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Adds one or more tags to an IAM role. The role can be a regular + role or a service-linked role. If a tag with the same key name already exists, + then that tag is overwritten with the new value.

A tag consists of + a key name and an associated value. By assigning tags to your resources, you + can do the following:

  • Administrative grouping and discovery + - Attach tags to resources to aid in organization and search. For example, + you could search for all resources with the key name Project and the + value MyImportantProject. Or search for all resources with the key + name Cost Center and the value 41200.

  • Access + control - Include tags in IAM user-based and resource-based policies. + You can use tags to restrict access to only an IAM role that has a specified + tag attached. You can also restrict access to only those resources that have + a certain tag attached. For examples of policies that show how to use tags + to control access, see Control + access using IAM tags in the IAM User Guide.

  • + Cost allocation - Use tags to help track which individuals and teams + are using which Amazon Web Services resources.

    +

  • If any one of the tags is invalid or if you exceed the allowed maximum + number of tags, then the entire request fails and the resource is not created. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+

For more information about tagging, see Tagging + IAM identities in the IAM User Guide.

+ operationId: POST_TagRole + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/TagRoleRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagRole + /?Action=TagSAMLProvider&Version=2010-05-08: + get: + description:

Adds one or more tags to a Security Assertion Markup Language + (SAML) identity provider. For more information about these providers, see + About + SAML 2.0-based federation . If a tag with the same key name already exists, + then that tag is overwritten with the new value.

A tag consists of + a key name and an associated value. By assigning tags to your resources, you + can do the following:

  • Administrative grouping and discovery + - Attach tags to resources to aid in organization and search. For example, + you could search for all resources with the key name Project and the + value MyImportantProject. Or search for all resources with the key + name Cost Center and the value 41200.

  • Access + control - Include tags in IAM user-based and resource-based policies. + You can use tags to restrict access to only a SAML identity provider that + has a specified tag attached. For examples of policies that show how to use + tags to control access, see Control + access using IAM tags in the IAM User Guide.

+

  • If any one of the tags is invalid or if you exceed the allowed + maximum number of tags, then the entire request fails and the resource is + not created. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+ + operationId: GET_TagSAMLProvider + parameters: + - description: '

The ARN of the SAML identity provider in IAM to which you + want to add tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: SAMLProviderArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description: The list of tags that you want to attach to the SAML identity + provider in IAM. Each tag consists of a key name and an associated value. + in: query + name: Tags + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagSAMLProvider + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Adds one or more tags to a Security Assertion Markup Language + (SAML) identity provider. For more information about these providers, see + About + SAML 2.0-based federation . If a tag with the same key name already exists, + then that tag is overwritten with the new value.

A tag consists of + a key name and an associated value. By assigning tags to your resources, you + can do the following:

  • Administrative grouping and discovery + - Attach tags to resources to aid in organization and search. For example, + you could search for all resources with the key name Project and the + value MyImportantProject. Or search for all resources with the key + name Cost Center and the value 41200.

  • Access + control - Include tags in IAM user-based and resource-based policies. + You can use tags to restrict access to only a SAML identity provider that + has a specified tag attached. For examples of policies that show how to use + tags to control access, see Control + access using IAM tags in the IAM User Guide.

+

  • If any one of the tags is invalid or if you exceed the allowed + maximum number of tags, then the entire request fails and the resource is + not created. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+ + operationId: POST_TagSAMLProvider + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/TagSAMLProviderRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagSAMLProvider + /?Action=TagServerCertificate&Version=2010-05-08: + get: + description:

Adds one or more tags to an IAM server certificate. If a tag + with the same key name already exists, then that tag is overwritten with the + new value.

For certificates in a Region supported by Certificate + Manager (ACM), we recommend that you don't use IAM server certificates. Instead, + use ACM to provision, manage, and deploy your server certificates. For more + information about IAM server certificates, Working + with server certificates in the IAM User Guide.

A + tag consists of a key name and an associated value. By assigning tags to your + resources, you can do the following:

  • Administrative grouping + and discovery - Attach tags to resources to aid in organization and search. + For example, you could search for all resources with the key name Project + and the value MyImportantProject. Or search for all resources with + the key name Cost Center and the value 41200.

  • +

    Access control - Include tags in IAM user-based and resource-based + policies. You can use tags to restrict access to only a server certificate + that has a specified tag attached. For examples of policies that show how + to use tags to control access, see Control + access using IAM tags in the IAM User Guide.

  • + Cost allocation - Use tags to help track which individuals and teams + are using which Amazon Web Services resources.

    +

  • If any one of the tags is invalid or if you exceed the allowed maximum + number of tags, then the entire request fails and the resource is not created. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+ + operationId: GET_TagServerCertificate + parameters: + - description: '

The name of the IAM server certificate to which you want + to add tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: ServerCertificateName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: The list of tags that you want to attach to the IAM server certificate. + Each tag consists of a key name and an associated value. + in: query + name: Tags + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagServerCertificate + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Adds one or more tags to an IAM server certificate. If a tag + with the same key name already exists, then that tag is overwritten with the + new value.

For certificates in a Region supported by Certificate + Manager (ACM), we recommend that you don't use IAM server certificates. Instead, + use ACM to provision, manage, and deploy your server certificates. For more + information about IAM server certificates, Working + with server certificates in the IAM User Guide.

A + tag consists of a key name and an associated value. By assigning tags to your + resources, you can do the following:

  • Administrative grouping + and discovery - Attach tags to resources to aid in organization and search. + For example, you could search for all resources with the key name Project + and the value MyImportantProject. Or search for all resources with + the key name Cost Center and the value 41200.

  • +

    Access control - Include tags in IAM user-based and resource-based + policies. You can use tags to restrict access to only a server certificate + that has a specified tag attached. For examples of policies that show how + to use tags to control access, see Control + access using IAM tags in the IAM User Guide.

  • + Cost allocation - Use tags to help track which individuals and teams + are using which Amazon Web Services resources.

    +

  • If any one of the tags is invalid or if you exceed the allowed maximum + number of tags, then the entire request fails and the resource is not created. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+ + operationId: POST_TagServerCertificate + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/TagServerCertificateRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagServerCertificate + /?Action=TagUser&Version=2010-05-08: + get: + description:

Adds one or more tags to an IAM user. If a tag with the same + key name already exists, then that tag is overwritten with the new value.

+

A tag consists of a key name and an associated value. By assigning tags + to your resources, you can do the following:

  • Administrative + grouping and discovery - Attach tags to resources to aid in organization + and search. For example, you could search for all resources with the key name + Project and the value MyImportantProject. Or search for all + resources with the key name Cost Center and the value 41200. +

  • Access control - Include tags in IAM user-based + and resource-based policies. You can use tags to restrict access to only an + IAM requesting user that has a specified tag attached. You can also restrict + access to only those resources that have a certain tag attached. For examples + of policies that show how to use tags to control access, see Control + access using IAM tags in the IAM User Guide.

  • + Cost allocation - Use tags to help track which individuals and teams + are using which Amazon Web Services resources.

    +

  • If any one of the tags is invalid or if you exceed the allowed maximum + number of tags, then the entire request fails and the resource is not created. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+

For more information about tagging, see Tagging + IAM identities in the IAM User Guide.

+ operationId: GET_TagUser + parameters: + - description: '

The name of the IAM user to which you want to add tags.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: The list of tags that you want to attach to the IAM user. Each + tag consists of a key name and an associated value. + in: query + name: Tags + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagUser + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Adds one or more tags to an IAM user. If a tag with the same + key name already exists, then that tag is overwritten with the new value.

+

A tag consists of a key name and an associated value. By assigning tags + to your resources, you can do the following:

  • Administrative + grouping and discovery - Attach tags to resources to aid in organization + and search. For example, you could search for all resources with the key name + Project and the value MyImportantProject. Or search for all + resources with the key name Cost Center and the value 41200. +

  • Access control - Include tags in IAM user-based + and resource-based policies. You can use tags to restrict access to only an + IAM requesting user that has a specified tag attached. You can also restrict + access to only those resources that have a certain tag attached. For examples + of policies that show how to use tags to control access, see Control + access using IAM tags in the IAM User Guide.

  • + Cost allocation - Use tags to help track which individuals and teams + are using which Amazon Web Services resources.

    +

  • If any one of the tags is invalid or if you exceed the allowed maximum + number of tags, then the entire request fails and the resource is not created. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

  • Amazon Web + Services always interprets the tag Value as a single string. + If you need to store an array, you can store comma-separated values in the + string. However, you must interpret the value in your code.

+

For more information about tagging, see Tagging + IAM identities in the IAM User Guide.

+ operationId: POST_TagUser + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/TagUserRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagUser + /?Action=UntagInstanceProfile&Version=2010-05-08: + get: + description: Removes the specified tags from the IAM instance profile. For more + information about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: GET_UntagInstanceProfile + parameters: + - description: '

The name of the IAM instance profile from which you want + to remove tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: InstanceProfileName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: A list of key names as a simple array of strings. The tags with + matching keys are removed from the specified instance profile. + in: query + name: TagKeys + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/tagKeyType' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagInstanceProfile + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Removes the specified tags from the IAM instance profile. For more + information about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: POST_UntagInstanceProfile + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UntagInstanceProfileRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagInstanceProfile + /?Action=UntagMFADevice&Version=2010-05-08: + get: + description: Removes the specified tags from the IAM virtual multi-factor authentication + (MFA) device. For more information about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: GET_UntagMFADevice + parameters: + - description: '

The unique identifier for the IAM virtual MFA device from + which you want to remove tags. For virtual MFA devices, the serial number + is the same as the ARN.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: SerialNumber + required: true + schema: + maxLength: 256 + minLength: 9 + pattern: '[\w+=/:,.@-]+' + type: string + - description: A list of key names as a simple array of strings. The tags with + matching keys are removed from the specified instance profile. + in: query + name: TagKeys + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/tagKeyType' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagMFADevice + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Removes the specified tags from the IAM virtual multi-factor authentication + (MFA) device. For more information about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: POST_UntagMFADevice + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UntagMFADeviceRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagMFADevice + /?Action=UntagOpenIDConnectProvider&Version=2010-05-08: + get: + description: Removes the specified tags from the specified OpenID Connect (OIDC)-compatible + identity provider in IAM. For more information about OIDC providers, see About + web identity federation. For more information about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: GET_UntagOpenIDConnectProvider + parameters: + - description: '

The ARN of the OIDC provider in IAM from which you want to + remove tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: OpenIDConnectProviderArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description: A list of key names as a simple array of strings. The tags with + matching keys are removed from the specified OIDC provider. + in: query + name: TagKeys + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/tagKeyType' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagOpenIDConnectProvider + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Removes the specified tags from the specified OpenID Connect (OIDC)-compatible + identity provider in IAM. For more information about OIDC providers, see About + web identity federation. For more information about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: POST_UntagOpenIDConnectProvider + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UntagOpenIDConnectProviderRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagOpenIDConnectProvider + /?Action=UntagPolicy&Version=2010-05-08: + get: + description: Removes the specified tags from the customer managed policy. For + more information about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: GET_UntagPolicy + parameters: + - description: '

The ARN of the IAM customer managed policy from which you + want to remove tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description: A list of key names as a simple array of strings. The tags with + matching keys are removed from the specified policy. + in: query + name: TagKeys + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/tagKeyType' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Removes the specified tags from the customer managed policy. For + more information about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: POST_UntagPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UntagPolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagPolicy + /?Action=UntagRole&Version=2010-05-08: + get: + description: Removes the specified tags from the role. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: GET_UntagRole + parameters: + - description: '

The name of the IAM role from which you want to remove tags.

+

This parameter accepts (through its regex + pattern) a string of characters that consist of upper and lowercase + alphanumeric characters with no spaces. You can also include any of the + following characters: _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: A list of key names as a simple array of strings. The tags with + matching keys are removed from the specified role. + in: query + name: TagKeys + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/tagKeyType' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagRole + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Removes the specified tags from the role. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: POST_UntagRole + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UntagRoleRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagRole + /?Action=UntagSAMLProvider&Version=2010-05-08: + get: + description: Removes the specified tags from the specified Security Assertion + Markup Language (SAML) identity provider in IAM. For more information about + these providers, see About + web identity federation. For more information about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: GET_UntagSAMLProvider + parameters: + - description: '

The ARN of the SAML identity provider in IAM from which you + want to remove tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: SAMLProviderArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description: A list of key names as a simple array of strings. The tags with + matching keys are removed from the specified SAML identity provider. + in: query + name: TagKeys + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/tagKeyType' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagSAMLProvider + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Removes the specified tags from the specified Security Assertion + Markup Language (SAML) identity provider in IAM. For more information about + these providers, see About + web identity federation. For more information about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: POST_UntagSAMLProvider + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UntagSAMLProviderRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagSAMLProvider + /?Action=UntagServerCertificate&Version=2010-05-08: + get: + description:

Removes the specified tags from the IAM server certificate. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

For certificates + in a Region supported by Certificate Manager (ACM), we recommend that you + don't use IAM server certificates. Instead, use ACM to provision, manage, + and deploy your server certificates. For more information about IAM server + certificates, Working + with server certificates in the IAM User Guide.

 + operationId: GET_UntagServerCertificate + parameters: + - description: '

The name of the IAM server certificate from which you want + to remove tags.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: ServerCertificateName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: A list of key names as a simple array of strings. The tags with + matching keys are removed from the specified IAM server certificate. + in: query + name: TagKeys + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/tagKeyType' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagServerCertificate + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Removes the specified tags from the IAM server certificate. + For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

For certificates + in a Region supported by Certificate Manager (ACM), we recommend that you + don't use IAM server certificates. Instead, use ACM to provision, manage, + and deploy your server certificates. For more information about IAM server + certificates, Working + with server certificates in the IAM User Guide.

 + operationId: POST_UntagServerCertificate + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UntagServerCertificateRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagServerCertificate + /?Action=UntagUser&Version=2010-05-08: + get: + description: Removes the specified tags from the user. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: GET_UntagUser + parameters: + - description: '

The name of the IAM user from which you want to remove tags.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: A list of key names as a simple array of strings. The tags with + matching keys are removed from the specified user. + in: query + name: TagKeys + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/tagKeyType' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagUser + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Removes the specified tags from the user. For more information + about tagging, see Tagging + IAM resources in the IAM User Guide. + operationId: POST_UntagUser + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UntagUserRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagUser + /?Action=UpdateAccessKey&Version=2010-05-08: + get: + description:

Changes the status of the specified access key from Active to + Inactive, or vice versa. This operation can be used to disable a user's key + as part of a key rotation workflow.

If the UserName is + not specified, the user name is determined implicitly based on the Amazon + Web Services access key ID used to sign the request. This operation works + for access keys under the Amazon Web Services account. Consequently, you can + use this operation to manage Amazon Web Services account root user credentials + even if the Amazon Web Services account has no associated users.

For + information about rotating keys, see Managing + keys and certificates in the IAM User Guide.

+ operationId: GET_UpdateAccessKey + parameters: + - description: '

The name of the user whose key you want to update.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The access key ID of the secret access key you want to update.

+

This parameter allows (through its regex + pattern) a string of characters that can consist of any upper or lowercased + letter or digit.

+ in: query + name: AccessKeyId + required: true + schema: + maxLength: 128 + minLength: 16 + pattern: '[\w]+' + type: string + - description: ' The status you want to assign to the secret access key. Active + means that the key can be used for programmatic calls to Amazon Web Services, + while Inactive means that the key cannot be used.' + in: query + name: Status + required: true + schema: + enum: + - Active + - Inactive + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateAccessKey + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Changes the status of the specified access key from Active to + Inactive, or vice versa. This operation can be used to disable a user's key + as part of a key rotation workflow.

If the UserName is + not specified, the user name is determined implicitly based on the Amazon + Web Services access key ID used to sign the request. This operation works + for access keys under the Amazon Web Services account. Consequently, you can + use this operation to manage Amazon Web Services account root user credentials + even if the Amazon Web Services account has no associated users.

For + information about rotating keys, see Managing + keys and certificates in the IAM User Guide.

+ operationId: POST_UpdateAccessKey + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateAccessKeyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateAccessKey + /?Action=UpdateAccountPasswordPolicy&Version=2010-05-08: + get: + description:

Updates the password policy settings for the Amazon Web Services + account.

This operation does not support partial updates. No + parameters are required, but if you do not specify a parameter, that parameter's + value reverts to its default value. See the Request Parameters section + for each parameter's default value. Also note that some parameters do not + allow the default parameter to be explicitly set. Instead, to invoke the default + value, do not include that parameter when you invoke the operation.

 +

For more information about using a password policy, see Managing + an IAM password policy in the IAM User Guide.

+ operationId: GET_UpdateAccountPasswordPolicy + parameters: + - description:

The minimum number of characters allowed in an IAM user password.

+

If you do not specify a value for this parameter, then the operation + uses the default value of 6.

+ in: query + name: MinimumPasswordLength + required: false + schema: + maximum: 128 + minimum: 6 + type: integer + - description: '

Specifies whether IAM user passwords must contain at least + one of the following non-alphanumeric characters:

! @ # $ % ^ & + * ( ) _ + - = [ ] { } | ''

If you do not specify a value for this + parameter, then the operation uses the default value of false. + The result is that passwords do not require at least one symbol character.

' + in: query + name: RequireSymbols + required: false + schema: + type: boolean + - description:

Specifies whether IAM user passwords must contain at least + one numeric character (0 to 9).

If you do not specify a value for + this parameter, then the operation uses the default value of false. + The result is that passwords do not require at least one numeric character.

+ in: query + name: RequireNumbers + required: false + schema: + type: boolean + - description:

Specifies whether IAM user passwords must contain at least + one uppercase character from the ISO basic Latin alphabet (A to Z).

+

If you do not specify a value for this parameter, then the operation + uses the default value of false. The result is that passwords + do not require at least one uppercase character.

+ in: query + name: RequireUppercaseCharacters + required: false + schema: + type: boolean + - description:

Specifies whether IAM user passwords must contain at least + one lowercase character from the ISO basic Latin alphabet (a to z).

+

If you do not specify a value for this parameter, then the operation + uses the default value of false. The result is that passwords + do not require at least one lowercase character.

+ in: query + name: RequireLowercaseCharacters + required: false + schema: + type: boolean + - description:

Allows all IAM users in your account to use the Amazon Web + Services Management Console to change their own passwords. For more information, + see Permitting + IAM users to change their own passwords in the IAM User Guide.

+

If you do not specify a value for this parameter, then the operation + uses the default value of false. The result is that IAM users + in the account do not automatically have permissions to change their own + password.

+ in: query + name: AllowUsersToChangePassword + required: false + schema: + type: boolean + - description:

The number of days that an IAM user password is valid.

+

If you do not specify a value for this parameter, then the operation + uses the default value of 0. The result is that IAM user passwords + never expire.

+ in: query + name: MaxPasswordAge + required: false + schema: + maximum: 1095 + minimum: 1 + type: integer + - description:

Specifies the number of previous passwords that IAM users + are prevented from reusing.

If you do not specify a value for this + parameter, then the operation uses the default value of 0. + The result is that IAM users are not prevented from reusing previous passwords.

+ in: query + name: PasswordReusePrevention + required: false + schema: + maximum: 24 + minimum: 1 + type: integer + - description:

Prevents IAM users who are accessing the account via the + Amazon Web Services Management Console from setting a new console password + after their password has expired. The IAM user cannot access the console + until an administrator resets the password.

If you do not specify + a value for this parameter, then the operation uses the default value of + false. The result is that IAM users can change their passwords + after they expire and continue to sign in as the user.

In + the Amazon Web Services Management Console, the custom password policy option + Allow users to change their own password gives IAM users permissions + to iam:ChangePassword for only their user and to the iam:GetAccountPasswordPolicy + action. This option does not attach a permissions policy to each user, rather + the permissions are applied at the account-level for all users by IAM. IAM + users with iam:ChangePassword permission and active access + keys can reset their own expired console password using the CLI or API.

+ + in: query + name: HardExpiry + required: false + schema: + type: boolean + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateAccountPasswordPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Updates the password policy settings for the Amazon Web Services + account.

This operation does not support partial updates. No + parameters are required, but if you do not specify a parameter, that parameter's + value reverts to its default value. See the Request Parameters section + for each parameter's default value. Also note that some parameters do not + allow the default parameter to be explicitly set. Instead, to invoke the default + value, do not include that parameter when you invoke the operation.

 +

For more information about using a password policy, see Managing + an IAM password policy in the IAM User Guide.

+ operationId: POST_UpdateAccountPasswordPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateAccountPasswordPolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateAccountPasswordPolicy + /?Action=UpdateAssumeRolePolicy&Version=2010-05-08: + get: + description: Updates the policy that grants an IAM entity permission to assume + a role. This is typically referred to as the "role trust policy". For more + information about roles, see Using + roles to delegate permissions and federate identities. + operationId: GET_UpdateAssumeRolePolicy + parameters: + - description: '

The name of the role to update with the new policy.

This + parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The policy that grants an entity permission to assume the + role.

You must provide policies in JSON format in IAM. However, for + CloudFormation templates formatted in YAML, you can provide the policy in + JSON or YAML format. CloudFormation always converts a YAML policy to JSON + format before submitting it to IAM.

The regex + pattern used to validate this parameter is a string of characters consisting + of the following:

  • Any printable ASCII character ranging + from the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line feed + (\u000A), and carriage return (\u000D)

    • +
+ in: query + name: PolicyDocument + required: true + schema: + maxLength: 131072 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateAssumeRolePolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Updates the policy that grants an IAM entity permission to assume + a role. This is typically referred to as the "role trust policy". For more + information about roles, see Using + roles to delegate permissions and federate identities. + operationId: POST_UpdateAssumeRolePolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateAssumeRolePolicyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateAssumeRolePolicy + /?Action=UpdateGroup&Version=2010-05-08: + get: + description:

Updates the name and/or the path of the specified IAM group.

+

You should understand the implications of changing a group's + path or name. For more information, see Renaming + users and groups in the IAM User Guide.

 +

The person making the request (the principal), must have permission to + change the role group with the old name and the new name. For example, to + change the group named Managers to MGRs, the principal + must have a policy that allows them to update both groups. If the principal + has permission to update the Managers group, but not the MGRs + group, then the update fails. For more information about permissions, see + Access + management.

+ operationId: GET_UpdateGroup + parameters: + - description: '

Name of the IAM group to update. If you''re changing the + name of the group, this is the original name.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: GroupName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

New path for the IAM group. Only include this if changing + the group's path.

This parameter allows (through its regex + pattern) a string of characters consisting of either a forward slash + (/) by itself or a string that must begin and end with forward slashes. + In addition, it can contain any ASCII character from the ! (\u0021) + through the DEL character (\u007F), including most punctuation + characters, digits, and upper and lowercased letters.

+ in: query + name: NewPath + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + - description:

New name for the IAM group. Only include this if changing + the group's name.

IAM user, group, role, and policy names must be + unique within the account. Names are not distinguished by case. For example, + you cannot create resources named both "MyResource" and "myresource".

+ in: query + name: NewGroupName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateGroup + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Updates the name and/or the path of the specified IAM group.

+

You should understand the implications of changing a group's + path or name. For more information, see Renaming + users and groups in the IAM User Guide.

 +

The person making the request (the principal), must have permission to + change the role group with the old name and the new name. For example, to + change the group named Managers to MGRs, the principal + must have a policy that allows them to update both groups. If the principal + has permission to update the Managers group, but not the MGRs + group, then the update fails. For more information about permissions, see + Access + management.

+ operationId: POST_UpdateGroup + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateGroupRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateGroup + /?Action=UpdateLoginProfile&Version=2010-05-08: + get: + description:

Changes the password for the specified IAM user. You can use + the CLI, the Amazon Web Services API, or the Users page in the IAM + console to change the password for any IAM user. Use ChangePassword + to change your own password in the My Security Credentials page in + the Amazon Web Services Management Console.

For more information about + modifying passwords, see Managing + passwords in the IAM User Guide.

+ operationId: GET_UpdateLoginProfile + parameters: + - description: '

The name of the user whose password you want to update.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The new password for the specified IAM user.

The regex pattern used to validate + this parameter is a string of characters consisting of the following:

+

  • Any printable ASCII character ranging from the space character + (\u0020) through the end of the ASCII character range

    • +

  • The printable characters in the Basic Latin and Latin-1 Supplement + character set (through \u00FF)

  • The special + characters tab (\u0009), line feed (\u000A), and + carriage return (\u000D)

However, the format + can be further restricted by the account administrator by setting a password + policy on the Amazon Web Services account. For more information, see UpdateAccountPasswordPolicy.

+ in: query + name: Password + required: false + schema: + format: password + maxLength: 128 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + - description: Allows this new password to be used only once by requiring the + specified IAM user to set a new password on next sign-in. + in: query + name: PasswordResetRequired + required: false + schema: + type: boolean + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/PasswordPolicyViolationException' + description: PasswordPolicyViolationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateLoginProfile + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Changes the password for the specified IAM user. You can use + the CLI, the Amazon Web Services API, or the Users page in the IAM + console to change the password for any IAM user. Use ChangePassword + to change your own password in the My Security Credentials page in + the Amazon Web Services Management Console.

For more information about + modifying passwords, see Managing + passwords in the IAM User Guide.

+ operationId: POST_UpdateLoginProfile + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateLoginProfileRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/PasswordPolicyViolationException' + description: PasswordPolicyViolationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateLoginProfile + /?Action=UpdateOpenIDConnectProviderThumbprint&Version=2010-05-08: + get: + description:

Replaces the existing list of server certificate thumbprints + associated with an OpenID Connect (OIDC) provider resource object with a new + list of thumbprints.

The list that you pass with this operation completely + replaces the existing list of thumbprints. (The lists are not merged.)

+

Typically, you need to update a thumbprint only when the identity provider + certificate changes, which occurs rarely. However, if the provider's certificate + does change, any attempt to assume an IAM role that specifies the OIDC + provider as a principal fails until the certificate thumbprint is updated.

+

Amazon Web Services secures communication with some OIDC identity + providers (IdPs) through our library of trusted certificate authorities (CAs) + instead of using a certificate thumbprint to verify your IdP server certificate. + These OIDC IdPs include Google, and those that use an Amazon S3 bucket to + host a JSON Web Key Set (JWKS) endpoint. In these cases, your legacy thumbprint + remains in your configuration, but is no longer used for validation.

 +

Trust for the OIDC provider is derived from the provider certificate + and is validated by the thumbprint. Therefore, it is best to limit access + to the UpdateOpenIDConnectProviderThumbprint operation to highly + privileged users.

 + operationId: GET_UpdateOpenIDConnectProviderThumbprint + parameters: + - description:

The Amazon Resource Name (ARN) of the IAM OIDC provider resource + object for which you want to update the thumbprint. You can get a list of + OIDC provider ARNs by using the ListOpenIDConnectProviders operation.

+

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: OpenIDConnectProviderArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + - description: 'A list of certificate thumbprints that are associated with the + specified IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider. ' + in: query + name: ThumbprintList + required: true + schema: + description: Contains a list of thumbprints of identity provider server + certificates. + items: + allOf: + - $ref: '#/components/schemas/thumbprintType' + - xml: + name: member + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateOpenIDConnectProviderThumbprint + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Replaces the existing list of server certificate thumbprints + associated with an OpenID Connect (OIDC) provider resource object with a new + list of thumbprints.

The list that you pass with this operation completely + replaces the existing list of thumbprints. (The lists are not merged.)

+

Typically, you need to update a thumbprint only when the identity provider + certificate changes, which occurs rarely. However, if the provider's certificate + does change, any attempt to assume an IAM role that specifies the OIDC + provider as a principal fails until the certificate thumbprint is updated.

+

Amazon Web Services secures communication with some OIDC identity + providers (IdPs) through our library of trusted certificate authorities (CAs) + instead of using a certificate thumbprint to verify your IdP server certificate. + These OIDC IdPs include Google, and those that use an Amazon S3 bucket to + host a JSON Web Key Set (JWKS) endpoint. In these cases, your legacy thumbprint + remains in your configuration, but is no longer used for validation.

 +

Trust for the OIDC provider is derived from the provider certificate + and is validated by the thumbprint. Therefore, it is best to limit access + to the UpdateOpenIDConnectProviderThumbprint operation to highly + privileged users.

 + operationId: POST_UpdateOpenIDConnectProviderThumbprint + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateOpenIDConnectProviderThumbprintRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateOpenIDConnectProviderThumbprint + /?Action=UpdateRole&Version=2010-05-08: + get: + description: Updates the description or maximum session duration setting of + a role. + operationId: GET_UpdateRole + parameters: + - description: The name of the role that you want to modify. + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: The new description that you want to apply to the specified role. + in: query + name: Description + required: false + schema: + maxLength: 1000 + pattern: '[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}]*' + type: string + - description:

The maximum session duration (in seconds) that you want to + set for the specified role. If you do not specify a value for this setting, + the default maximum of one hour is applied. This setting can have a value + from 1 hour to 12 hours.

Anyone who assumes the role from the CLI + or API can use the DurationSeconds API parameter or the duration-seconds + CLI parameter to request a longer session. The MaxSessionDuration + setting determines the maximum duration that can be requested using the + DurationSeconds parameter. If users don't specify a value for + the DurationSeconds parameter, their security credentials are + valid for one hour by default. This applies when you use the AssumeRole* + API operations or the assume-role* CLI operations but does + not apply when you use those operations to create a console URL. For more + information, see Using + IAM roles in the IAM User Guide.

+ in: query + name: MaxSessionDuration + required: false + schema: + maximum: 43200 + minimum: 3600 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + UpdateRoleResult: + $ref: '#/components/schemas/UpdateRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateRole + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Updates the description or maximum session duration setting of + a role. + operationId: POST_UpdateRole + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateRoleRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + UpdateRoleResult: + $ref: '#/components/schemas/UpdateRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateRole + /?Action=UpdateRoleDescription&Version=2010-05-08: + get: + description:

Use UpdateRole instead.

Modifies only the description + of a role. This operation performs the same function as the Description + parameter in the UpdateRole operation.

+ operationId: GET_UpdateRoleDescription + parameters: + - description: The name of the role that you want to modify. + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: The new description that you want to apply to the specified role. + in: query + name: Description + required: true + schema: + maxLength: 1000 + pattern: '[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}]*' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + UpdateRoleDescriptionResult: + $ref: '#/components/schemas/UpdateRoleDescriptionResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateRoleDescription + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Use UpdateRole instead.

Modifies only the description + of a role. This operation performs the same function as the Description + parameter in the UpdateRole operation.

+ operationId: POST_UpdateRoleDescription + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateRoleDescriptionRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + UpdateRoleDescriptionResult: + $ref: '#/components/schemas/UpdateRoleDescriptionResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmodifiableEntityException' + description: UnmodifiableEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateRoleDescription + /?Action=UpdateSAMLProvider&Version=2010-05-08: + get: + description:

Updates the metadata document for an existing SAML provider + resource object.

This operation requires Signature + Version 4.

 + operationId: GET_UpdateSAMLProvider + parameters: + - description: An XML document generated by an identity provider (IdP) that + supports SAML 2.0. The document includes the issuer's name, expiration information, + and keys that can be used to validate the SAML authentication response (assertions) + that are received from the IdP. You must generate the metadata document + using the identity management software that is used as your organization's + IdP. + in: query + name: SAMLMetadataDocument + required: true + schema: + maxLength: 10000000 + minLength: 1000 + type: string + - description:

The Amazon Resource Name (ARN) of the SAML provider to update.

+

For more information about ARNs, see Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: SAMLProviderArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers + for Amazon Web Services resources.

For more information about ARNs, + go to Amazon + Resource Names (ARNs) in the Amazon Web Services General Reference. +

+ maxLength: 2048 + minLength: 20 + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + UpdateSAMLProviderResult: + $ref: '#/components/schemas/UpdateSAMLProviderResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateSAMLProvider + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Updates the metadata document for an existing SAML provider + resource object.

This operation requires Signature + Version 4.

 + operationId: POST_UpdateSAMLProvider + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateSAMLProviderRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + UpdateSAMLProviderResult: + $ref: '#/components/schemas/UpdateSAMLProviderResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateSAMLProvider + /?Action=UpdateSSHPublicKey&Version=2010-05-08: + get: + description:

Sets the status of an IAM user's SSH public key to active or + inactive. SSH public keys that are inactive cannot be used for authentication. + This operation can be used to disable a user's SSH public key as part of a + key rotation work flow.

The SSH public key affected by this operation + is used only for authenticating the associated IAM user to an CodeCommit repository. + For more information about using SSH keys to authenticate to an CodeCommit + repository, see Set + up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: GET_UpdateSSHPublicKey + parameters: + - description: '

The name of the IAM user associated with the SSH public key.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The unique identifier for the SSH public key.

This + parameter allows (through its regex + pattern) a string of characters that can consist of any upper or lowercased + letter or digit.

+ in: query + name: SSHPublicKeyId + required: true + schema: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + - description: The status to assign to the SSH public key. Active + means that the key can be used for authentication with an CodeCommit repository. + Inactive means that the key cannot be used. + in: query + name: Status + required: true + schema: + enum: + - Active + - Inactive + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: UpdateSSHPublicKey + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Sets the status of an IAM user's SSH public key to active or + inactive. SSH public keys that are inactive cannot be used for authentication. + This operation can be used to disable a user's SSH public key as part of a + key rotation work flow.

The SSH public key affected by this operation + is used only for authenticating the associated IAM user to an CodeCommit repository. + For more information about using SSH keys to authenticate to an CodeCommit + repository, see Set + up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: POST_UpdateSSHPublicKey + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateSSHPublicKeyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: UpdateSSHPublicKey + /?Action=UpdateServerCertificate&Version=2010-05-08: + get: + description:

Updates the name and/or the path of the specified server certificate + stored in IAM.

For more information about working with server certificates, + see Working + with server certificates in the IAM User Guide. This topic also + includes a list of Amazon Web Services services that can use the server certificates + that you manage with IAM.

You should understand the implications + of changing a server certificate's path or name. For more information, see + Renaming + a server certificate in the IAM User Guide.

 +

The person making the request (the principal), must have permission to + change the server certificate with the old name and the new name. For example, + to change the certificate named ProductionCert to ProdCert, + the principal must have a policy that allows them to update both certificates. + If the principal has permission to update the ProductionCert + group, but not the ProdCert certificate, then the update fails. + For more information about permissions, see Access + management in the IAM User Guide.

 + operationId: GET_UpdateServerCertificate + parameters: + - description: '

The name of the server certificate that you want to update.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: ServerCertificateName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The new path for the server certificate. Include this only + if you are updating the server certificate's path.

This parameter + allows (through its regex pattern) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through + the DEL character (\u007F), including most punctuation characters, + digits, and upper and lowercased letters.

+ in: query + name: NewPath + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + - description: '

The new name for the server certificate. Include this only + if you are updating the server certificate''s name. The name of the certificate + cannot contain any spaces.

This parameter allows (through its regex pattern) a string of characters + consisting of upper and lowercase alphanumeric characters with no spaces. + You can also include any of the following characters: _+=,.@-

' + in: query + name: NewServerCertificateName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateServerCertificate + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Updates the name and/or the path of the specified server certificate + stored in IAM.

For more information about working with server certificates, + see Working + with server certificates in the IAM User Guide. This topic also + includes a list of Amazon Web Services services that can use the server certificates + that you manage with IAM.

You should understand the implications + of changing a server certificate's path or name. For more information, see + Renaming + a server certificate in the IAM User Guide.

 +

The person making the request (the principal), must have permission to + change the server certificate with the old name and the new name. For example, + to change the certificate named ProductionCert to ProdCert, + the principal must have a policy that allows them to update both certificates. + If the principal has permission to update the ProductionCert + group, but not the ProdCert certificate, then the update fails. + For more information about permissions, see Access + management in the IAM User Guide.

 + operationId: POST_UpdateServerCertificate + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateServerCertificateRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateServerCertificate + /?Action=UpdateServiceSpecificCredential&Version=2010-05-08: + get: + description: Sets the status of a service-specific credential to Active + or Inactive. Service-specific credentials that are inactive cannot + be used for authentication to the service. This operation can be used to disable + a user's service-specific credential as part of a credential rotation work + flow. + operationId: GET_UpdateServiceSpecificCredential + parameters: + - description: '

The name of the IAM user associated with the service-specific + credential. If you do not specify this value, then the operation assumes + the user whose credentials are used to call the operation.

This parameter + allows (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The unique identifier of the service-specific credential.

+

This parameter allows (through its regex + pattern) a string of characters that can consist of any upper or lowercased + letter or digit.

+ in: query + name: ServiceSpecificCredentialId + required: true + schema: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + - description: The status to be assigned to the service-specific credential. + in: query + name: Status + required: true + schema: + enum: + - Active + - Inactive + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: UpdateServiceSpecificCredential + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Sets the status of a service-specific credential to Active + or Inactive. Service-specific credentials that are inactive cannot + be used for authentication to the service. This operation can be used to disable + a user's service-specific credential as part of a credential rotation work + flow. + operationId: POST_UpdateServiceSpecificCredential + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateServiceSpecificCredentialRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: UpdateServiceSpecificCredential + /?Action=UpdateSigningCertificate&Version=2010-05-08: + get: + description:

Changes the status of the specified user signing certificate + from active to disabled, or vice versa. This operation can be used to disable + an IAM user's signing certificate as part of a certificate rotation work flow.

+

If the UserName field is not specified, the user name is determined + implicitly based on the Amazon Web Services access key ID used to sign the + request. This operation works for access keys under the Amazon Web Services + account. Consequently, you can use this operation to manage Amazon Web Services + account root user credentials even if the Amazon Web Services account has + no associated users.

+ operationId: GET_UpdateSigningCertificate + parameters: + - description: '

The name of the IAM user the signing certificate belongs + to.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The ID of the signing certificate you want to update.

+

This parameter allows (through its regex + pattern) a string of characters that can consist of any upper or lowercased + letter or digit.

+ in: query + name: CertificateId + required: true + schema: + maxLength: 128 + minLength: 24 + pattern: '[\w]+' + type: string + - description: ' The status you want to assign to the certificate. Active + means that the certificate can be used for programmatic calls to Amazon + Web Services Inactive means that the certificate cannot be + used.' + in: query + name: Status + required: true + schema: + enum: + - Active + - Inactive + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateSigningCertificate + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Changes the status of the specified user signing certificate + from active to disabled, or vice versa. This operation can be used to disable + an IAM user's signing certificate as part of a certificate rotation work flow.

+

If the UserName field is not specified, the user name is determined + implicitly based on the Amazon Web Services access key ID used to sign the + request. This operation works for access keys under the Amazon Web Services + account. Consequently, you can use this operation to manage Amazon Web Services + account root user credentials even if the Amazon Web Services account has + no associated users.

+ operationId: POST_UpdateSigningCertificate + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateSigningCertificateRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateSigningCertificate + /?Action=UpdateUser&Version=2010-05-08: + get: + description:

Updates the name and/or the path of the specified IAM user.

+

You should understand the implications of changing an IAM + user's path or name. For more information, see Renaming + an IAM user and Renaming + an IAM group in the IAM User Guide.

+ To change a user name, the requester must have appropriate permissions on + both the source object and the target object. For example, to change Bob to + Robert, the entity making the request must have permission on Bob and Robert, + or must have permission on all (*). For more information about permissions, + see Permissions + and policies.

+ operationId: GET_UpdateUser + parameters: + - description: '

Name of the user to update. If you''re changing the name + of the user, this is the original user name.

This parameter allows + (through its regex pattern) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

New path for the IAM user. Include this parameter only if + you're changing the user's path.

This parameter allows (through its + regex pattern) a string of + characters consisting of either a forward slash (/) by itself or a string + that must begin and end with forward slashes. In addition, it can contain + any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and + upper and lowercased letters.

+ in: query + name: NewPath + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + - description:

New name for the user. Include this parameter only if you're + changing the user's name.

IAM user, group, role, and policy names + must be unique within the account. Names are not distinguished by case. + For example, you cannot create resources named both "MyResource" and "myresource".

+ in: query + name: NewUserName + required: false + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateUser + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Updates the name and/or the path of the specified IAM user.

+

You should understand the implications of changing an IAM + user's path or name. For more information, see Renaming + an IAM user and Renaming + an IAM group in the IAM User Guide.

+ To change a user name, the requester must have appropriate permissions on + both the source object and the target object. For example, to change Bob to + Robert, the entity making the request must have permission on Bob and Robert, + or must have permission on all (*). For more information about permissions, + see Permissions + and policies.

+ operationId: POST_UpdateUser + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateUserRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateUser + /?Action=UploadSSHPublicKey&Version=2010-05-08: + get: + description:

Uploads an SSH public key and associates it with the specified + IAM user.

The SSH public key uploaded by this operation can be used + only for authenticating the associated IAM user to an CodeCommit repository. + For more information about using SSH keys to authenticate to an CodeCommit + repository, see Set + up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: GET_UploadSSHPublicKey + parameters: + - description: '

The name of the IAM user to associate the SSH public key + with.

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The SSH public key. The public key must be encoded in ssh-rsa + format or PEM format. The minimum bit-length of the public key is 2048 bits. + For example, you can generate a 2048-bit key, and the resulting PEM file + is 1679 bytes long.

The regex + pattern used to validate this parameter is a string of characters consisting + of the following:

  • Any printable ASCII character ranging + from the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line feed + (\u000A), and carriage return (\u000D)

    • +
+ in: query + name: SSHPublicKeyBody + required: true + schema: + maxLength: 16384 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + UploadSSHPublicKeyResult: + $ref: '#/components/schemas/UploadSSHPublicKeyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidPublicKeyException' + description: InvalidPublicKeyException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/DuplicateSSHPublicKeyException' + description: DuplicateSSHPublicKeyException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnrecognizedPublicKeyEncodingException' + description: UnrecognizedPublicKeyEncodingException + x-aws-operation-name: UploadSSHPublicKey + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Uploads an SSH public key and associates it with the specified + IAM user.

The SSH public key uploaded by this operation can be used + only for authenticating the associated IAM user to an CodeCommit repository. + For more information about using SSH keys to authenticate to an CodeCommit + repository, see Set + up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: POST_UploadSSHPublicKey + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UploadSSHPublicKeyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + UploadSSHPublicKeyResult: + $ref: '#/components/schemas/UploadSSHPublicKeyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidPublicKeyException' + description: InvalidPublicKeyException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/DuplicateSSHPublicKeyException' + description: DuplicateSSHPublicKeyException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnrecognizedPublicKeyEncodingException' + description: UnrecognizedPublicKeyEncodingException + x-aws-operation-name: UploadSSHPublicKey + /?Action=UploadServerCertificate&Version=2010-05-08: + get: + description:

Uploads a server certificate entity for the Amazon Web Services + account. The server certificate entity includes a public key certificate, + a private key, and an optional certificate chain, which should all be PEM-encoded.

+

We recommend that you use Certificate + Manager to provision, manage, and deploy your server certificates. With + ACM you can request a certificate, deploy it to Amazon Web Services resources, + and let ACM handle certificate renewals for you. Certificates provided by + ACM are free. For more information about using ACM, see the Certificate + Manager User Guide.

For more information about working with server + certificates, see Working + with server certificates in the IAM User Guide. This topic includes + a list of Amazon Web Services services that can use the server certificates + that you manage with IAM.

For information about the number of server + certificates you can upload, see IAM + and STS quotas in the IAM User Guide.

Because the + body of the public key certificate, private key, and the certificate chain + can be large, you should use POST rather than GET when calling UploadServerCertificate. + For information about setting up signatures and authorization through the + API, see Signing + Amazon Web Services API requests in the Amazon Web Services General + Reference. For general information about using the Query API with IAM, + see Calling + the API by making HTTP query requests in the IAM User Guide.

+ + operationId: GET_UploadServerCertificate + parameters: + - description:

The path for the server certificate. For more information + about paths, see IAM + identifiers in the IAM User Guide.

This parameter is optional. + If it is not included, it defaults to a slash (/). This parameter allows + (through its regex pattern) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through + the DEL character (\u007F), including most punctuation characters, + digits, and upper and lowercased letters.

If you are uploading + a server certificate specifically for use with Amazon CloudFront distributions, + you must specify a path using the path parameter. The path + must begin with /cloudfront and must include a trailing slash + (for example, /cloudfront/test/).

 + in: query + name: Path + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + - description: '

The name for the server certificate. Do not include the path + in this value. The name of the certificate cannot contain any spaces.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: ServerCertificateName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The contents of the public key certificate in PEM-encoded + format.

The regex pattern + used to validate this parameter is a string of characters consisting of + the following:

  • Any printable ASCII character ranging from + the space character (\u0020) through the end of the ASCII character + range

  • The printable characters in the Basic Latin and + Latin-1 Supplement character set (through \u00FF)

    • +

  • The special characters tab (\u0009), line feed (\u000A), + and carriage return (\u000D)

+ in: query + name: CertificateBody + required: true + schema: + maxLength: 16384 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + - description:

The contents of the private key in PEM-encoded format.

+

The regex pattern used + to validate this parameter is a string of characters consisting of the following:

+

  • Any printable ASCII character ranging from the space character + (\u0020) through the end of the ASCII character range

    • +

  • The printable characters in the Basic Latin and Latin-1 Supplement + character set (through \u00FF)

  • The special + characters tab (\u0009), line feed (\u000A), and + carriage return (\u000D)

+ in: query + name: PrivateKey + required: true + schema: + format: password + maxLength: 16384 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + - description:

The contents of the certificate chain. This is typically a + concatenation of the PEM-encoded public key certificates of the chain.

+

The regex pattern used + to validate this parameter is a string of characters consisting of the following:

+

  • Any printable ASCII character ranging from the space character + (\u0020) through the end of the ASCII character range

    • +

  • The printable characters in the Basic Latin and Latin-1 Supplement + character set (through \u00FF)

  • The special + characters tab (\u0009), line feed (\u000A), and + carriage return (\u000D)

+ in: query + name: CertificateChain + required: false + schema: + maxLength: 2097152 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + - description:

A list of tags that you want to attach to the new IAM server + certificate resource. Each tag consists of a key name and an associated + value. For more information about tagging, see Tagging + IAM resources in the IAM User Guide.

If any one + of the tags is invalid or if you exceed the allowed maximum number of tags, + then the entire request fails and the resource is not created.

 + in: query + name: Tags + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + content: + text/xml: + schema: + properties: + UploadServerCertificateResult: + $ref: '#/components/schemas/UploadServerCertificateResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedCertificateException' + description: MalformedCertificateException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/KeyPairMismatchException' + description: KeyPairMismatchException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '486': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UploadServerCertificate + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Uploads a server certificate entity for the Amazon Web Services + account. The server certificate entity includes a public key certificate, + a private key, and an optional certificate chain, which should all be PEM-encoded.

+

We recommend that you use Certificate + Manager to provision, manage, and deploy your server certificates. With + ACM you can request a certificate, deploy it to Amazon Web Services resources, + and let ACM handle certificate renewals for you. Certificates provided by + ACM are free. For more information about using ACM, see the Certificate + Manager User Guide.

For more information about working with server + certificates, see Working + with server certificates in the IAM User Guide. This topic includes + a list of Amazon Web Services services that can use the server certificates + that you manage with IAM.

For information about the number of server + certificates you can upload, see IAM + and STS quotas in the IAM User Guide.

Because the + body of the public key certificate, private key, and the certificate chain + can be large, you should use POST rather than GET when calling UploadServerCertificate. + For information about setting up signatures and authorization through the + API, see Signing + Amazon Web Services API requests in the Amazon Web Services General + Reference. For general information about using the Query API with IAM, + see Calling + the API by making HTTP query requests in the IAM User Guide.

+ + operationId: POST_UploadServerCertificate + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UploadServerCertificateRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + UploadServerCertificateResult: + $ref: '#/components/schemas/UploadServerCertificateResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedCertificateException' + description: MalformedCertificateException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/KeyPairMismatchException' + description: KeyPairMismatchException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '486': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UploadServerCertificate + /?Action=UploadSigningCertificate&Version=2010-05-08: + get: + description:

Uploads an X.509 signing certificate and associates it with + the specified IAM user. Some Amazon Web Services services require you to use + certificates to validate requests that are signed with a corresponding private + key. When you upload the certificate, its default status is Active.

+

For information about when you would use an X.509 signing certificate, + see Managing + server certificates in IAM in the IAM User Guide.

If the + UserName is not specified, the IAM user name is determined implicitly + based on the Amazon Web Services access key ID used to sign the request. This + operation works for access keys under the Amazon Web Services account. Consequently, + you can use this operation to manage Amazon Web Services account root user + credentials even if the Amazon Web Services account has no associated users.

+

Because the body of an X.509 certificate can be large, you should + use POST rather than GET when calling UploadSigningCertificate. + For information about setting up signatures and authorization through the + API, see Signing + Amazon Web Services API requests in the Amazon Web Services General + Reference. For general information about using the Query API with IAM, + see Making + query requests in the IAM User Guide.

 + operationId: GET_UploadSigningCertificate + parameters: + - description: '

The name of the user the signing certificate is for.

+

This parameter allows (through its regex + pattern) a string of characters consisting of upper and lowercase alphanumeric + characters with no spaces. You can also include any of the following characters: + _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The contents of the signing certificate.

The regex + pattern used to validate this parameter is a string of characters consisting + of the following:

  • Any printable ASCII character ranging + from the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic + Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line feed + (\u000A), and carriage return (\u000D)

    • +
+ in: query + name: CertificateBody + required: true + schema: + maxLength: 16384 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + UploadSigningCertificateResult: + $ref: '#/components/schemas/UploadSigningCertificateResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedCertificateException' + description: MalformedCertificateException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidCertificateException' + description: InvalidCertificateException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/DuplicateCertificateException' + description: DuplicateCertificateException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '486': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UploadSigningCertificate + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Uploads an X.509 signing certificate and associates it with + the specified IAM user. Some Amazon Web Services services require you to use + certificates to validate requests that are signed with a corresponding private + key. When you upload the certificate, its default status is Active.

+

For information about when you would use an X.509 signing certificate, + see Managing + server certificates in IAM in the IAM User Guide.

If the + UserName is not specified, the IAM user name is determined implicitly + based on the Amazon Web Services access key ID used to sign the request. This + operation works for access keys under the Amazon Web Services account. Consequently, + you can use this operation to manage Amazon Web Services account root user + credentials even if the Amazon Web Services account has no associated users.

+

Because the body of an X.509 certificate can be large, you should + use POST rather than GET when calling UploadSigningCertificate. + For information about setting up signatures and authorization through the + API, see Signing + Amazon Web Services API requests in the Amazon Web Services General + Reference. For general information about using the Query API with IAM, + see Making + query requests in the IAM User Guide.

 + operationId: POST_UploadSigningCertificate + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UploadSigningCertificateRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + UploadSigningCertificateResult: + $ref: '#/components/schemas/UploadSigningCertificateResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedCertificateException' + description: MalformedCertificateException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidCertificateException' + description: InvalidCertificateException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/DuplicateCertificateException' + description: DuplicateCertificateException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '486': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UploadSigningCertificate +security: +- hmac: [] +servers: +- description: The general IAM multi-region endpoint + url: https://iam.amazonaws.com + variables: + region: + description: The AWS region + enum: + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - us-gov-west-1 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-southeast-1 + - ap-southeast-2 + - ap-east-1 + - ap-south-1 + - sa-east-1 + - me-south-1 + default: us-east-1 +x-stackQL-config: + queryParamTranspose: + algorithm: AWSCanonical + requestTranslate: + algorithm: get_query_to_post_form_utf_8 \ No newline at end of file diff --git a/providers/src/aws/v00.00.00000/services/s3.yaml b/providers/src/aws/v00.00.00000/services/s3.yaml index 78433704..d28a3eda 100644 --- a/providers/src/aws/v00.00.00000/services/s3.yaml +++ b/providers/src/aws/v00.00.00000/services/s3.yaml @@ -1,17160 +1,3102 @@ +openapi: 3.0.0 +info: + title: S3 + version: 1.0.0 +paths: {} components: - parameters: - x-amz-security-token: - in: header - name: x-amz-security-token - required: false - schema: - type: string schemas: - AbortDate: - format: date-time - type: string - AbortIncompleteMultipartUpload: - description: Specifies the days since the initiation of an incomplete multipart - upload that Amazon S3 will wait before permanently removing all parts of the - upload. For more information, see - Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy - in the Amazon S3 User Guide. - properties: - DaysAfterInitiation: - allOf: - - $ref: '#/components/schemas/DaysAfterInitiation' - - description: Specifies the number of days after which Amazon S3 aborts - an incomplete multipart upload. - type: object - AbortMultipartUploadOutput: - example: {} - properties: {} + Grantee: type: object - AbortMultipartUploadRequest: - properties: {} + additionalProperties: false + properties: + GranteeType: + description: Configures the transfer acceleration state for an Amazon S3 bucket. + type: string + enum: + - IAM + - DIRECTORY_USER + - DIRECTORY_GROUP + GranteeIdentifier: + description: The unique identifier of the Grantee + type: string required: - - Bucket - - Key - - UploadId - title: AbortMultipartUploadRequest + - GranteeType + - GranteeIdentifier + AccessGrantsLocationConfiguration: type: object - AbortRuleId: - type: string - AccelerateConfiguration: - description: Configures the transfer acceleration state for an Amazon S3 bucket. - For more information, see Amazon - S3 Transfer Acceleration in the Amazon S3 User Guide. + additionalProperties: false properties: - Status: - allOf: - - $ref: '#/components/schemas/BucketAccelerateStatus' - - description: Specifies the transfer acceleration status of the bucket. - type: object - AcceptRanges: + S3SubPrefix: + description: The S3 sub prefix of a registered location in your S3 Access Grants instance + type: string + required: + - S3SubPrefix + AccessGrantArn: + description: the Amazon Resource Name (ARN) of the specified access grant. type: string - AccessControlPolicy: - description: Contains the elements that set the ACL permissions for an object - per grantee. - properties: - AccessControlList: - allOf: - - $ref: '#/components/schemas/Grants' - - description: A list of grants. - Owner: - allOf: - - $ref: '#/components/schemas/Owner' - - description: Container for the bucket owner's display name and ID. + Tag: type: object - AccessControlTranslation: - description: A container for information about access control for replicas. + additionalProperties: false properties: - Owner: - allOf: - - $ref: '#/components/schemas/OwnerOverride' - - description: Specifies the replica ownership. For default and valid values, - see PUT - bucket replication in the Amazon S3 API Reference. + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 0 + maxLength: 256 required: - - Owner + - Key + - Value + AccessGrant: type: object - AccessPointArn: - type: string - AccountId: - type: string - AllowQuotedRecordDelimiter: - type: boolean - AllowedHeader: - type: string - AllowedHeaders: - items: - $ref: '#/components/schemas/AllowedHeader' - type: array - xml: - wrapped: false - AllowedMethod: - type: string - AllowedMethods: - items: - $ref: '#/components/schemas/AllowedMethod' - type: array - xml: - wrapped: false - AllowedOrigin: - type: string - AllowedOrigins: - items: - $ref: '#/components/schemas/AllowedOrigin' - type: array - xml: - wrapped: false - AnalyticsAndOperator: - description: A conjunction (logical AND) of predicates, which is used in evaluating - a metrics filter. The operator must have at least two predicates in any combination, - and an object must match all of the predicates for the filter to apply. properties: - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description: 'The prefix to use when evaluating an AND predicate: The - prefix that an object must have to be included in the metrics results.' - Tag: - allOf: - - $ref: '#/components/schemas/TagSet' - - description: The list of tags to use when evaluating an AND predicate. + AccessGrantId: + description: The ID assigned to this access grant. + type: string + x-examples: + - 7c89cbd1-0f4e-40e3-861d-afb906952b77 + AccessGrantsLocationId: + description: The custom S3 location to be accessed by the grantee + type: string + x-examples: + - 125f332b-a499-4eb6-806f-8a6a1aa4cb96 + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + Permission: + description: The level of access to be afforded to the grantee + type: string + enum: + - READ + - WRITE + - READWRITE + ApplicationArn: + description: The ARN of the application grantees will use to access the location + type: string + S3PrefixType: + description: The type of S3SubPrefix. + type: string + enum: + - Object + GrantScope: + description: The S3 path of the data to which you are granting access. It is a combination of the S3 path of the registered location and the subprefix. + type: string + AccessGrantArn: + $ref: '#/components/schemas/AccessGrantArn' + description: The Amazon Resource Name (ARN) of the specified access grant. + x-examples: + - arn:aws:s3:us-east-2:111122223333:access-grants/default/grant/7c89cbd1-0f4e-40e3-861d-afb906952b77 + Grantee: + $ref: '#/components/schemas/Grantee' + description: The principal who will be granted permission to access S3. + AccessGrantsLocationConfiguration: + $ref: '#/components/schemas/AccessGrantsLocationConfiguration' + description: The configuration options of the grant location, which is the S3 path to the data to which you are granting access. + required: + - Grantee + - Permission + - AccessGrantsLocationId + x-stackql-resource-name: access_grant + description: The AWS::S3::AccessGrant resource is an Amazon S3 resource type representing permissions to a specific S3 bucket or prefix hosted in an S3 Access Grants instance. + x-type-name: AWS::S3::AccessGrant + x-stackql-primary-identifier: + - AccessGrantId + x-create-only-properties: + - S3PrefixType + - Tags + x-write-only-properties: + - Tags + - S3PrefixType + x-read-only-properties: + - AccessGrantId + - AccessGrantArn + - GrantScope + x-required-properties: + - Grantee + - Permission + - AccessGrantsLocationId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - s3:CreateAccessGrant + - s3:TagResource + read: + - s3:GetAccessGrant + delete: + - s3:DeleteAccessGrant + list: + - s3:ListAccessGrants + update: + - s3:TagResource + AccessGrantsInstanceArn: + description: The Amazon Resource Name (ARN) of the specified Access Grants instance. + type: string + IdentityCenterArn: + description: The Amazon Resource Name (ARN) of the specified AWS Identity Center. + type: string + AccessGrantsInstance: + type: object + properties: + AccessGrantsInstanceArn: + $ref: '#/components/schemas/AccessGrantsInstanceArn' + description: The Amazon Resource Name (ARN) of the specified Access Grants instance. + x-examples: + - arn:aws:s3:us-east-2:479290226168:access-grants/default + IdentityCenterArn: + $ref: '#/components/schemas/IdentityCenterArn' + description: The Amazon Resource Name (ARN) of the specified AWS Identity Center. + x-examples: + - arn:aws:sso:::instance/ssoins-6987e6a2fc43873b + AccessGrantsInstanceId: + type: string + description: A unique identifier for the specified access grants instance. + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + required: [] + x-stackql-resource-name: access_grants_instance + description: The AWS::S3::AccessGrantsInstance resource is an Amazon S3 resource type that hosts Access Grants and their associated locations + x-type-name: AWS::S3::AccessGrantsInstance + x-stackql-primary-identifier: + - AccessGrantsInstanceArn + x-create-only-properties: + - Tags + x-write-only-properties: + - Tags + x-read-only-properties: + - AccessGrantsInstanceArn + - AccessGrantsInstanceId + x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - s3:CreateAccessGrantsInstance + - s3:TagResource + read: + - s3:GetAccessGrantsInstance + delete: + - s3:DeleteAccessGrantsInstance + update: + - s3:TagResource + list: + - s3:ListAccessGrantsInstances + AccessGrantsLocation: type: object - xml: - wrapped: false - AnalyticsConfiguration: - description: Specifies the configuration and any analyses for the analytics - filter of an Amazon S3 bucket. properties: - Filter: - allOf: - - $ref: '#/components/schemas/AnalyticsFilter' - - description: The filter used to describe a set of objects for analyses. - A filter must have exactly one prefix, one tag, or one conjunction (AnalyticsAndOperator). - If no filter is provided, all objects will be considered in any analysis. - Id: - allOf: - - $ref: '#/components/schemas/AnalyticsId' - - description: The ID that identifies the analytics configuration. - StorageClassAnalysis: - allOf: - - $ref: '#/components/schemas/StorageClassAnalysis' - - description: ' Contains data related to access patterns to be collected - and made available to analyze the tradeoffs between different storage - classes. ' - required: - - Id - - StorageClassAnalysis + AccessGrantsLocationArn: + description: The Amazon Resource Name (ARN) of the specified Access Grants location. + type: string + x-examples: + - arn:aws:s3:us-east-2:479290226168:access-grants/default/location/125f332b-a499-4eb6-806f-8a6a1aa4cb96 + AccessGrantsLocationId: + type: string + description: The unique identifier for the specified Access Grants location. + IamRoleArn: + description: The Amazon Resource Name (ARN) of the access grant location's associated IAM role. + type: string + x-examples: + - arn:aws:iamw::123456789012:role/rolename + LocationScope: + type: string + description: Descriptor for where the location actually points + x-examples: + - s3://test-bucket-access-grants-cmh/prefixA + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + required: [] + x-stackql-resource-name: access_grants_location + description: The AWS::S3::AccessGrantsLocation resource is an Amazon S3 resource type hosted in an access grants instance which can be the target of S3 access grants. + x-type-name: AWS::S3::AccessGrantsLocation + x-stackql-primary-identifier: + - AccessGrantsLocationId + x-create-only-properties: + - Tags + x-write-only-properties: + - Tags + x-read-only-properties: + - AccessGrantsLocationArn + - AccessGrantsLocationId + x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - s3:CreateAccessGrantsLocation + - iam:PassRole + - s3:TagResource + read: + - s3:GetAccessGrantsLocation + delete: + - s3:DeleteAccessGrantsLocation + list: + - s3:ListAccessGrantsLocations + update: + - s3:UpdateAccessGrantsLocation + - s3:TagResource + - iam:PassRole + VpcConfiguration: + description: The Virtual Private Cloud (VPC) configuration for a bucket access point. type: object - AnalyticsConfigurationList: - items: - $ref: '#/components/schemas/AnalyticsConfiguration' - type: array - xml: - wrapped: false - AnalyticsExportDestination: - description: Where to publish the analytics results. properties: - S3BucketDestination: - allOf: - - $ref: '#/components/schemas/AnalyticsS3BucketDestination' - - description: A destination signifying output to an S3 bucket. - required: - - S3BucketDestination + VpcId: + description: If this field is specified, this access point will only allow connections from the specified VPC ID. + type: string + minLength: 1 + maxLength: 1024 + PublicAccessBlockConfiguration: type: object - AnalyticsFilter: - description: The filter used to describe a set of objects for analyses. A filter - must have exactly one prefix, one tag, or one conjunction (AnalyticsAndOperator). - If no filter is provided, all objects will be considered in any analysis. properties: - And: - allOf: - - $ref: '#/components/schemas/AnalyticsAndOperator' - - description: A conjunction (logical AND) of predicates, which is used - in evaluating an analytics filter. The operator must have at least two - predicates. - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description: The prefix to use when evaluating an analytics filter. - Tag: - allOf: - - $ref: '#/components/schemas/Tag' - - description: The tag to use when evaluating an analytics filter. - type: object - AnalyticsId: + BlockPublicAcls: + type: boolean + description: |- + Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior: + - PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public. + - PUT Object calls fail if the request includes a public ACL. + . - PUT Bucket calls fail if the request includes a public ACL. + Enabling this setting doesn't affect existing policies or ACLs. + IgnorePublicAcls: + type: boolean + description: Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain. Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. + BlockPublicPolicy: + type: boolean + description: Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. Enabling this setting doesn't affect existing bucket policies. + RestrictPublicBuckets: + type: boolean + description: |- + Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to TRUE restricts access to this bucket to only AWS services and authorized users within this account if the bucket has a public policy. + Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. + additionalProperties: false + Arn: + description: The Amazon Resource Name (ARN) of the specified resource. type: string - AnalyticsS3BucketDestination: - description: Contains information about where to publish the analytics results. - properties: - Bucket: - allOf: - - $ref: '#/components/schemas/BucketName' - - description: The Amazon Resource Name (ARN) of the bucket to which data - is exported. - BucketAccountId: - allOf: - - $ref: '#/components/schemas/AccountId' - - description:

The account ID that owns the destination S3 bucket. If - no account ID is provided, the owner is not validated before exporting - data.

Although this value is optional, we strongly recommend - that you set it to help prevent problems if the destination bucket ownership - changes.

- Format: - allOf: - - $ref: '#/components/schemas/AnalyticsS3ExportFileFormat' - - description: Specifies the file format used when exporting data to Amazon - S3. - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description: The prefix to use when exporting data. The prefix is prepended - to all results. - required: - - Format - - Bucket + AccessPoint: type: object - AnalyticsS3ExportFileFormat: - enum: - - CSV - type: string - ArchiveStatus: - enum: - - ARCHIVE_ACCESS - - DEEP_ARCHIVE_ACCESS - type: string - Body: - type: string - Bucket: - description: ' In terms of implementation, a Bucket is a resource. An Amazon - S3 bucket name is globally unique, and the namespace is shared by all Amazon - Web Services accounts. ' properties: - CreationDate: - allOf: - - $ref: '#/components/schemas/CreationDate' - - description: Date the bucket was created. This date can change when making - changes to your bucket, such as editing its bucket policy. Name: - allOf: - - $ref: '#/components/schemas/BucketName' - - description: The name of the bucket. + description: The name you want to assign to this Access Point. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the access point name. + type: string + pattern: ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ + minLength: 3 + maxLength: 50 + Alias: + description: The alias of this Access Point. This alias can be used for compatibility purposes with other AWS services and third-party applications. + type: string + pattern: ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ + minLength: 3 + maxLength: 63 + Bucket: + description: The name of the bucket that you want to associate this Access Point with. + type: string + minLength: 3 + maxLength: 255 + BucketAccountId: + description: The AWS account ID associated with the S3 bucket associated with this access point. + type: string + pattern: ^\d{12}$ + maxLength: 64 + VpcConfiguration: + description: If you include this field, Amazon S3 restricts access to this Access Point to requests from the specified Virtual Private Cloud (VPC). + $ref: '#/components/schemas/VpcConfiguration' + PublicAccessBlockConfiguration: + description: The PublicAccessBlock configuration that you want to apply to this Access Point. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status 'The Meaning of Public' in the Amazon Simple Storage Service Developer Guide. + $ref: '#/components/schemas/PublicAccessBlockConfiguration' + Policy: + description: The Access Point Policy you want to apply to this access point. + type: object + NetworkOrigin: + description: Indicates whether this Access Point allows access from the public Internet. If VpcConfiguration is specified for this Access Point, then NetworkOrigin is VPC, and the Access Point doesn't allow access from the public Internet. Otherwise, NetworkOrigin is Internet, and the Access Point allows access from the public Internet, subject to the Access Point and bucket access policies. + type: string + enum: + - Internet + - VPC + Arn: + $ref: '#/components/schemas/Arn' + description: The Amazon Resource Name (ARN) of the specified accesspoint. + x-examples: + - arn:aws:s3:us-west-2:123456789012:accesspoint/test + required: + - Bucket + x-stackql-resource-name: access_point + description: The AWS::S3::AccessPoint resource is an Amazon S3 resource type that you can use to access buckets. + x-type-name: AWS::S3::AccessPoint + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - Bucket + - BucketAccountId + - VpcConfiguration + x-read-only-properties: + - Alias + - NetworkOrigin + - Arn + x-required-properties: + - Bucket + x-required-permissions: + create: + - s3:CreateAccessPoint + - s3:PutAccessPointPolicy + - s3:PutAccessPointPublicAccessBlock + read: + - s3:GetAccessPoint + - s3:GetAccessPointPolicy + update: + - s3:PutAccessPointPolicy + - s3:PutAccessPointPublicAccessBlock + - s3:DeleteAccessPointPolicy + - s3:GetAccessPoint + - s3:GetAccessPointPolicy + delete: + - s3:DeleteAccessPointPolicy + - s3:DeleteAccessPoint + list: + - s3:ListAccessPoints + TagFilter: + description: Specifies tags to use to identify a subset of objects for an Amazon S3 bucket. type: object - BucketAccelerateStatus: - enum: - - Enabled - - Suspended - type: string - BucketAlreadyExists: {} - BucketAlreadyOwnedByYou: {} - BucketCannedACL: - enum: - - private - - public-read - - public-read-write - - authenticated-read - type: string - BucketKeyEnabled: - type: boolean - BucketLifecycleConfiguration: - description: Specifies the lifecycle configuration for objects in an Amazon - S3 bucket. For more information, see Object - Lifecycle Management in the Amazon S3 User Guide. + additionalProperties: false properties: - Rule: - allOf: - - $ref: '#/components/schemas/LifecycleRules' - - description: A lifecycle rule for individual objects in an Amazon S3 bucket. + Value: + type: string + description: The tag value. + Key: + type: string + description: The tag key. required: - - Rules - type: object - BucketLocationConstraint: - enum: - - af-south-1 - - ap-east-1 - - ap-northeast-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-south-1 - - ap-southeast-1 - - ap-southeast-2 - - ca-central-1 - - cn-north-1 - - cn-northwest-1 - - EU - - eu-central-1 - - eu-north-1 - - eu-south-1 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - me-south-1 - - sa-east-1 - - us-east-2 - - us-gov-east-1 - - us-gov-west-1 - - us-west-1 - - us-west-2 - type: string - BucketLoggingStatus: - description: Container for logging status information. - properties: - LoggingEnabled: - $ref: '#/components/schemas/LoggingEnabled' + - Value + - Key + Destination: + description: Specifies information about where to publish analysis or configuration results for an Amazon S3 bucket. type: object - BucketLogsPermission: - enum: - - FULL_CONTROL - - READ - - WRITE - type: string - BucketName: - type: string - BucketVersioningStatus: - enum: - - Enabled - - Suspended - type: string - Buckets: - items: - allOf: - - $ref: '#/components/schemas/Bucket' - - xml: - name: Bucket - type: array - BypassGovernanceRetention: - type: boolean - BytesProcessed: - type: integer - BytesReturned: - type: integer - BytesScanned: - type: integer - CORSConfiguration: - description: Describes the cross-origin access configuration for objects in - an Amazon S3 bucket. For more information, see Enabling - Cross-Origin Resource Sharing in the Amazon S3 User Guide. + additionalProperties: false properties: - CORSRule: - allOf: - - $ref: '#/components/schemas/CORSRules' - - description: A set of origins and methods (cross-origin access that you - want to allow). You can add up to 100 rules to the configuration. + BucketArn: + description: The Amazon Resource Name (ARN) of the bucket to which data is exported. + type: string + BucketAccountId: + description: |- + The account ID that owns the destination S3 bucket. If no account ID is provided, the owner is not validated before exporting data. + Although this value is optional, we strongly recommend that you set it to help prevent problems if the destination bucket ownership changes. + type: string + Format: + description: |- + Specifies the file format used when exporting data to Amazon S3. + *Allowed values*: ``CSV`` | ``ORC`` | ``Parquet`` + type: string + enum: + - CSV + - ORC + - Parquet + Prefix: + description: The prefix to use when exporting data. The prefix is prepended to all results. + type: string required: - - CORSRules + - BucketArn + - Format + AccelerateConfiguration: type: object - CORSRule: - description: Specifies a cross-origin access rule for an Amazon S3 bucket. + additionalProperties: false properties: - AllowedHeader: - allOf: - - $ref: '#/components/schemas/AllowedHeaders' - - description: Headers that are specified in the Access-Control-Request-Headers - header. These headers are allowed in a preflight OPTIONS request. In - response to any preflight OPTIONS request, Amazon S3 returns any requested - headers that are allowed. - AllowedMethod: - allOf: - - $ref: '#/components/schemas/AllowedMethods' - - description: An HTTP method that you allow the origin to execute. Valid - values are GET, PUT, HEAD, POST, - and DELETE. - AllowedOrigin: - allOf: - - $ref: '#/components/schemas/AllowedOrigins' - - description: One or more origins you want customers to be able to access - the bucket from. - ExposeHeader: - allOf: - - $ref: '#/components/schemas/ExposeHeaders' - - description: One or more headers in the response that you want customers - to be able to access from their applications (for example, from a JavaScript - XMLHttpRequest object). - ID: - allOf: - - $ref: '#/components/schemas/ID' - - description: Unique identifier for the rule. The value cannot be longer - than 255 characters. - MaxAgeSeconds: - allOf: - - $ref: '#/components/schemas/MaxAgeSeconds' - - description: The time in seconds that your browser is to cache the preflight - response for the specified resource. + AccelerationStatus: + description: Specifies the transfer acceleration status of the bucket. + type: string + enum: + - Enabled + - Suspended required: - - AllowedMethods - - AllowedOrigins - type: object - CORSRules: - items: - $ref: '#/components/schemas/CORSRule' - type: array - xml: - wrapped: false - CSVInput: - description: Describes how an uncompressed comma-separated values (CSV)-formatted - input object is formatted. - properties: - AllowQuotedRecordDelimiter: - allOf: - - $ref: '#/components/schemas/AllowQuotedRecordDelimiter' - - description: Specifies that CSV field values may contain quoted record - delimiters and such records should be allowed. Default value is FALSE. - Setting this value to TRUE may lower performance. - Comments: - allOf: - - $ref: '#/components/schemas/Comments' - - description: A single character used to indicate that a row should be - ignored when the character is present at the start of that row. You - can specify any character to indicate a comment line. - FieldDelimiter: - allOf: - - $ref: '#/components/schemas/FieldDelimiter' - - description: A single character used to separate individual fields in - a record. You can specify an arbitrary delimiter. - FileHeaderInfo: - allOf: - - $ref: '#/components/schemas/FileHeaderInfo' - - description: "

Describes the first line of input. Valid values are:

\ - \

  • NONE: First line is not a header.

    • \ - \

  • IGNORE: First line is a header, but you can't\ - \ use the header values to indicate the column in an expression. You\ - \ can use column position (such as _1, _2, \u2026) to indicate the column\ - \ (SELECT s._1 FROM OBJECT s).

  • Use:\ - \ First line is a header, and you can use the header value to identify\ - \ a column in an expression (SELECT \"name\" FROM OBJECT).\ - \

" - QuoteCharacter: - allOf: - - $ref: '#/components/schemas/QuoteCharacter' - - description: '

A single character used for escaping when the field delimiter - is part of the value. For example, if the value is a, b, - Amazon S3 wraps this field value in quotation marks, as follows: " - a , b ".

Type: String

Default: "

-

Ancestors: CSV

' - QuoteEscapeCharacter: - allOf: - - $ref: '#/components/schemas/QuoteEscapeCharacter' - - description: A single character used for escaping the quotation mark character - inside an already escaped value. For example, the value """ a - , b """ is parsed as " a , b ". - RecordDelimiter: - allOf: - - $ref: '#/components/schemas/RecordDelimiter' - - description: A single character used to separate individual records in - the input. Instead of the default value, you can specify an arbitrary - delimiter. - type: object - CSVOutput: - description: Describes how uncompressed comma-separated values (CSV)-formatted - results are formatted. - properties: - FieldDelimiter: - allOf: - - $ref: '#/components/schemas/FieldDelimiter' - - description: The value used to separate individual fields in a record. - You can specify an arbitrary delimiter. - QuoteCharacter: - allOf: - - $ref: '#/components/schemas/QuoteCharacter' - - description: 'A single character used for escaping when the field delimiter - is part of the value. For example, if the value is a, b, - Amazon S3 wraps this field value in quotation marks, as follows: " - a , b ".' - QuoteEscapeCharacter: - allOf: - - $ref: '#/components/schemas/QuoteEscapeCharacter' - - description: The single character used for escaping the quote character - inside an already escaped value. - QuoteFields: - allOf: - - $ref: '#/components/schemas/QuoteFields' - - description: '

Indicates whether to use quotation marks around output - fields.

  • ALWAYS: Always use quotation - marks for output fields.

  • ASNEEDED: Use - quotation marks for output fields when needed.

' - RecordDelimiter: - allOf: - - $ref: '#/components/schemas/RecordDelimiter' - - description: A single character used to separate individual records in - the output. Instead of the default value, you can specify an arbitrary - delimiter. - type: object - CacheControl: - type: string - Checksum: - description: Contains all the possible checksum or digest values for an object. - properties: - ChecksumCRC32: - allOf: - - $ref: '#/components/schemas/ChecksumCRC32' - - description: The base64-encoded, 32-bit CRC32 checksum of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumCRC32C: - allOf: - - $ref: '#/components/schemas/ChecksumCRC32C' - - description: The base64-encoded, 32-bit CRC32C checksum of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumSHA1: - allOf: - - $ref: '#/components/schemas/ChecksumSHA1' - - description: The base64-encoded, 160-bit SHA-1 digest of the object. This - will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumSHA256: - allOf: - - $ref: '#/components/schemas/ChecksumSHA256' - - description: The base64-encoded, 256-bit SHA-256 digest of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. + - AccelerationStatus + description: Configures the transfer acceleration state for an Amazon S3 bucket. For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide*. + AnalyticsConfiguration: + description: Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket. type: object - ChecksumAlgorithm: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - ChecksumAlgorithmList: - items: - $ref: '#/components/schemas/ChecksumAlgorithm' - type: array - xml: - wrapped: false - ChecksumCRC32: - type: string - ChecksumCRC32C: - type: string - ChecksumMode: - enum: - - ENABLED - type: string - ChecksumSHA1: - type: string - ChecksumSHA256: - type: string - CloudFunction: - type: string - CloudFunctionConfiguration: - description: Container for specifying the Lambda notification configuration. + additionalProperties: false properties: - CloudFunction: - allOf: - - $ref: '#/components/schemas/CloudFunction' - - description: Lambda cloud function ARN that Amazon S3 can invoke when - it detects events of the specified type. - Event: - allOf: - - $ref: '#/components/schemas/EventList' - - description: Bucket events for which to send notifications. + TagFilters: + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/TagFilter' + description: |- + The tags to use when evaluating an analytics filter. + The analytics only includes objects that meet the filter's criteria. If no filter is specified, all of the contents of the bucket are included in the analysis. + StorageClassAnalysis: + $ref: '#/components/schemas/StorageClassAnalysis' + description: Contains data related to access patterns to be collected and made available to analyze the tradeoffs between different storage classes. Id: - $ref: '#/components/schemas/NotificationId' - InvocationRole: - allOf: - - $ref: '#/components/schemas/CloudFunctionInvocationRole' - - description: The role supporting the invocation of the Lambda function - type: object - CloudFunctionInvocationRole: - type: string - Code: - type: string - Comments: - type: string - CommonPrefix: - description: 'Container for all (if there are any) keys between Prefix and the - next occurrence of the string specified by a delimiter. CommonPrefixes lists - keys that act like subdirectories in the directory specified by Prefix. For - example, if the prefix is notes/ and the delimiter is a slash (/) as in notes/summer/july, - the common prefix is notes/summer/. ' - properties: + description: The ID that identifies the analytics configuration. + type: string Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description: Container for the specified common prefix. - type: object - CommonPrefixList: - items: - $ref: '#/components/schemas/CommonPrefix' - type: array - xml: - wrapped: false - CompleteMultipartUploadOutput: - example: - Bucket: acexamplebucket - ETag: '"4d9031c7644d8081c2829f4ea23c55f7-2"' - Key: bigobject - Location: https://examplebucket.s3..amazonaws.com/bigobject - properties: - Bucket: - allOf: - - $ref: '#/components/schemas/BucketName' - - description:

The name of the bucket that contains the newly created - object. Does not return the access point ARN or access point alias if - used.

When using this action with an access point, you must direct - requests to the access point hostname. The access point hostname takes - the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - When using this action with an access point through the Amazon Web Services - SDKs, you provide the access point ARN in place of the bucket name. - For more information about access point ARNs, see Using - access points in the Amazon S3 User Guide.

When using - this action with Amazon S3 on Outposts, you must direct requests to - the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. - When using this action with S3 on Outposts through the Amazon Web Services - SDKs, you provide the Outposts bucket ARN in place of the bucket name. - For more information about S3 on Outposts ARNs, see Using - Amazon S3 on Outposts in the Amazon S3 User Guide.

- ChecksumCRC32: - allOf: - - $ref: '#/components/schemas/ChecksumCRC32' - - description: The base64-encoded, 32-bit CRC32 checksum of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumCRC32C: - allOf: - - $ref: '#/components/schemas/ChecksumCRC32C' - - description: The base64-encoded, 32-bit CRC32C checksum of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumSHA1: - allOf: - - $ref: '#/components/schemas/ChecksumSHA1' - - description: The base64-encoded, 160-bit SHA-1 digest of the object. This - will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumSHA256: - allOf: - - $ref: '#/components/schemas/ChecksumSHA256' - - description: The base64-encoded, 256-bit SHA-256 digest of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ETag: - allOf: - - $ref: '#/components/schemas/ETag' - - description: Entity tag that identifies the newly created object's data. - Objects with different object data will have different entity tags. - The entity tag is an opaque string. The entity tag may or may not be - an MD5 digest of the object data. If the entity tag is not an MD5 digest - of the object data, it will contain one or more nonhexadecimal characters - and/or will consist of less than 32 or more than 32 hexadecimal digits. - For more information about how the entity tag is calculated, see Checking - object integrity in the Amazon S3 User Guide. - Key: - allOf: - - $ref: '#/components/schemas/ObjectKey' - - description: The object key of the newly created object. - Location: - allOf: - - $ref: '#/components/schemas/Location' - - description: The URI that identifies the newly created object. - type: object - CompleteMultipartUploadRequest: - properties: - CompleteMultipartUpload: - allOf: - - $ref: '#/components/schemas/CompletedMultipartUpload' - - description: The container for the multipart upload request information. + description: The prefix that an object must have to be included in the analytics results. + type: string required: - - Bucket - - Key - - UploadId - title: CompleteMultipartUploadRequest - type: object - xml: - namespace: http://s3.amazonaws.com/doc/2006-03-01/ - CompletedMultipartUpload: - description: The container for the completed multipart upload details. - properties: - Part: - allOf: - - $ref: '#/components/schemas/CompletedPartList' - - description:

Array of CompletedPart data types.

If you do not - supply a valid Part with your request, the service sends - back an HTTP 400 response.

- type: object - CompletedPart: - description: Details of the parts that were uploaded. - properties: - ChecksumCRC32: - allOf: - - $ref: '#/components/schemas/ChecksumCRC32' - - description: The base64-encoded, 32-bit CRC32 checksum of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumCRC32C: - allOf: - - $ref: '#/components/schemas/ChecksumCRC32C' - - description: The base64-encoded, 32-bit CRC32C checksum of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumSHA1: - allOf: - - $ref: '#/components/schemas/ChecksumSHA1' - - description: The base64-encoded, 160-bit SHA-1 digest of the object. This - will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumSHA256: - allOf: - - $ref: '#/components/schemas/ChecksumSHA256' - - description: The base64-encoded, 256-bit SHA-256 digest of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ETag: - allOf: - - $ref: '#/components/schemas/ETag' - - description: Entity tag returned when the part was uploaded. - PartNumber: - allOf: - - $ref: '#/components/schemas/PartNumber' - - description: Part number that identifies the part. This is a positive - integer between 1 and 10,000. + - StorageClassAnalysis + - Id + StorageClassAnalysis: + description: Specifies data related to access patterns to be collected and made available to analyze the tradeoffs between different storage classes for an Amazon S3 bucket. type: object - CompletedPartList: - items: - $ref: '#/components/schemas/CompletedPart' - type: array - xml: - wrapped: false - CompressionType: - enum: - - NONE - - GZIP - - BZIP2 - type: string - Condition: - description: A container for describing a condition that must be met for the - specified redirect to apply. For example, 1. If request is for pages in the - /docs folder, redirect to the /documents folder. - 2. If request results in HTTP error 4xx, redirect request to another host - where you might process the error. + additionalProperties: false properties: - HttpErrorCodeReturnedEquals: - allOf: - - $ref: '#/components/schemas/HttpErrorCodeReturnedEquals' - - description: The HTTP error code when the redirect is applied. In the - event of an error, if the error code equals this value, then the specified - redirect is applied. Required when parent element Condition - is specified and sibling KeyPrefixEquals is not specified. - If both are specified, then both must be true for the redirect to be - applied. - KeyPrefixEquals: - allOf: - - $ref: '#/components/schemas/KeyPrefixEquals' - - description:

The object key name prefix when the redirect is applied. - For example, to redirect requests for ExamplePage.html, - the key prefix will be ExamplePage.html. To redirect request - for all pages with the prefix docs/, the key prefix will - be /docs, which identifies all objects in the docs/ - folder. Required when the parent element Condition is specified - and sibling HttpErrorCodeReturnedEquals is not specified. - If both conditions are specified, both must be true for the redirect - to be applied.

Replacement must be made for object - keys containing special characters (such as carriage returns) when using - XML requests. For more information, see - XML related object key constraints.

 - type: object - ConfirmRemoveSelfBucketAccess: - type: boolean - ContentDisposition: - type: string - ContentEncoding: - type: string - ContentLanguage: - type: string - ContentLength: - type: integer - ContentMD5: - type: string - ContentRange: - type: string - ContentType: - type: string - ContinuationEvent: - description:

- properties: {} + DataExport: + $ref: '#/components/schemas/DataExport' + description: Specifies how data related to the storage class analysis for an Amazon S3 bucket should be exported. + DataExport: + description: Specifies how Amazon S3 Storage Lens metrics should be exported. type: object - CopyObjectOutput: - example: - CopyObjectResult: - ETag: '"6805f2cfc46c0f04559748bb039d69ae"' - LastModified: '2016-12-15T17:38:53.000Z' + additionalProperties: false properties: - CopyObjectResult: - allOf: - - $ref: '#/components/schemas/CopyObjectResult' - - description: Container for all response elements. + S3BucketDestination: + $ref: '#/components/schemas/S3BucketDestination' + CloudWatchMetrics: + $ref: '#/components/schemas/CloudWatchMetrics' + BucketEncryption: + description: Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide*. type: object - CopyObjectRequest: + additionalProperties: false properties: - x-amz-meta-: - allOf: - - $ref: '#/components/schemas/Metadata' - - description: A map of metadata to store with the object in S3. + ServerSideEncryptionConfiguration: + description: Specifies the default server-side-encryption configuration. + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/ServerSideEncryptionRule' required: - - Bucket - - CopySource - - Key - title: CopyObjectRequest - type: object - CopyObjectResult: - description: Container for all response elements. - properties: - ChecksumCRC32: - allOf: - - $ref: '#/components/schemas/ChecksumCRC32' - - description: The base64-encoded, 32-bit CRC32 checksum of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumCRC32C: - allOf: - - $ref: '#/components/schemas/ChecksumCRC32C' - - description: The base64-encoded, 32-bit CRC32C checksum of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumSHA1: - allOf: - - $ref: '#/components/schemas/ChecksumSHA1' - - description: The base64-encoded, 160-bit SHA-1 digest of the object. This - will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumSHA256: - allOf: - - $ref: '#/components/schemas/ChecksumSHA256' - - description: The base64-encoded, 256-bit SHA-256 digest of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ETag: - allOf: - - $ref: '#/components/schemas/ETag' - - description: Returns the ETag of the new object. The ETag reflects only - changes to the contents of an object, not its metadata. - LastModified: - allOf: - - $ref: '#/components/schemas/LastModified' - - description: Creation date of the object. + - ServerSideEncryptionConfiguration + ServerSideEncryptionRule: + description: Specifies the default server-side encryption configuration. type: object - CopyPartResult: - description: Container for all response elements. + additionalProperties: false properties: - ChecksumCRC32: - allOf: - - $ref: '#/components/schemas/ChecksumCRC32' - - description: The base64-encoded, 32-bit CRC32 checksum of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumCRC32C: - allOf: - - $ref: '#/components/schemas/ChecksumCRC32C' - - description: The base64-encoded, 32-bit CRC32C checksum of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumSHA1: - allOf: - - $ref: '#/components/schemas/ChecksumSHA1' - - description: The base64-encoded, 160-bit SHA-1 digest of the object. This - will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumSHA256: - allOf: - - $ref: '#/components/schemas/ChecksumSHA256' - - description: The base64-encoded, 256-bit SHA-256 digest of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ETag: - allOf: - - $ref: '#/components/schemas/ETag' - - description: Entity tag of the object. - LastModified: - allOf: - - $ref: '#/components/schemas/LastModified' - - description: Date and time at which the object was uploaded. + BucketKeyEnabled: + description: |- + Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the ``BucketKeyEnabled`` element to ``true`` causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled. + For more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the *Amazon S3 User Guide*. + type: boolean + ServerSideEncryptionByDefault: + $ref: '#/components/schemas/ServerSideEncryptionByDefault' + description: Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. + ServerSideEncryptionByDefault: + description: >- + Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket + encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*. type: object - CopySource: - pattern: \/.+\/.+ - type: string - CopySourceIfMatch: - type: string - CopySourceIfModifiedSince: - format: date-time - type: string - CopySourceIfNoneMatch: - type: string - CopySourceIfUnmodifiedSince: - format: date-time - type: string - CopySourceRange: - type: string - CopySourceSSECustomerAlgorithm: - type: string - CopySourceSSECustomerKey: - format: password - type: string - CopySourceSSECustomerKeyMD5: - type: string - CopySourceVersionId: - type: string - CreateBucketConfiguration: - description: The configuration information for the bucket. properties: - LocationConstraint: - allOf: - - $ref: '#/components/schemas/BucketLocationConstraint' - - description: Specifies the Region where the bucket will be created. If - you don't specify a Region, the bucket is created in the US East (N. - Virginia) Region (us-east-1). - type: object - CreateBucketOutput: - example: - Location: /examplebucket - properties: {} - type: object - CreateBucketRequest: - properties: {} + KMSMasterKeyID: + description: |- + AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. + You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` + + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` + + Key Alias: ``alias/alias-name`` + + If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. + If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. + type: string + anyOf: + - relationshipRef: + typeName: AWS::KMS::Key + propertyPath: /properties/KeyId + - relationshipRef: + typeName: AWS::KMS::Key + propertyPath: /properties/Arn + - relationshipRef: + typeName: AWS::KMS::Alias + propertyPath: /properties/AliasName + SSEAlgorithm: + type: string + enum: + - aws:kms + - AES256 + - aws:kms:dsse + description: Server-side encryption algorithm to use for the default encryption. + additionalProperties: false required: - - Bucket - title: CreateBucketRequest + - SSEAlgorithm + CorsConfiguration: type: object - CreateMultipartUploadOutput: - example: - Bucket: examplebucket - Key: largeobject - UploadId: ibZBv_75gd9r8lH_gqXatLdxMVpAlj6ZQjEs.OwyF3953YdwbcQnMA2BLGn8Lx12fQNICtMw5KyteFeHw.Sjng-- + additionalProperties: false properties: - Key: - allOf: - - $ref: '#/components/schemas/ObjectKey' - - description: Object key for which the multipart upload was initiated. - UploadId: - allOf: - - $ref: '#/components/schemas/MultipartUploadId' - - description: ID for the initiated multipart upload. + CorsRules: + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/CorsRule' + maxLength: 100 + description: A set of origins and methods (cross-origin access that you want to allow). You can add up to 100 rules to the configuration. + required: + - CorsRules + description: Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide*. + CorsRule: type: object - CreateMultipartUploadRequest: + description: Specifies a cross-origin access rule for an Amazon S3 bucket. + additionalProperties: false properties: - x-amz-meta-: - allOf: - - $ref: '#/components/schemas/Metadata' - - description: A map of metadata to store with the object in S3. + AllowedHeaders: + description: Headers that are specified in the ``Access-Control-Request-Headers`` header. These headers are allowed in a preflight OPTIONS request. In response to any preflight OPTIONS request, Amazon S3 returns any requested headers that are allowed. + type: array + uniqueItems: true + x-insertionOrder: true + items: + type: string + AllowedMethods: + description: |- + An HTTP method that you allow the origin to run. + *Allowed values*: ``GET`` | ``PUT`` | ``HEAD`` | ``POST`` | ``DELETE`` + type: array + uniqueItems: true + x-insertionOrder: true + items: + type: string + enum: + - GET + - PUT + - HEAD + - POST + - DELETE + AllowedOrigins: + description: One or more origins you want customers to be able to access the bucket from. + type: array + uniqueItems: true + x-insertionOrder: true + items: + type: string + ExposedHeaders: + description: One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript ``XMLHttpRequest`` object). + type: array + uniqueItems: true + x-insertionOrder: true + items: + type: string + Id: + description: A unique identifier for this rule. The value must be no more than 255 characters. + type: string + maxLength: 255 + MaxAge: + description: The time in seconds that your browser is to cache the preflight response for the specified resource. + type: integer + minimum: 0 required: - - Bucket - - Key - title: CreateMultipartUploadRequest + - AllowedMethods + - AllowedOrigins + IntelligentTieringConfiguration: type: object - CreationDate: - format: date-time - type: string - Date: - format: date-time - type: string - Days: - type: integer - DaysAfterInitiation: - type: integer - DefaultRetention: - description:

The container element for specifying the default Object Lock - retention settings for new objects placed in the specified bucket.

-

  • The DefaultRetention settings require both a mode - and a period.

  • The DefaultRetention period can - be either Days or Years but you must select one. - You cannot specify Days and Years at the same time.

    -
+ additionalProperties: false properties: - Days: - allOf: - - $ref: '#/components/schemas/Days' - - description: The number of days that you want to specify for the default - retention period. Must be used with Mode. - Mode: - allOf: - - $ref: '#/components/schemas/ObjectLockRetentionMode' - - description: The default Object Lock retention mode you want to apply - to new objects placed in the specified bucket. Must be used with either - Days or Years. - Years: - allOf: - - $ref: '#/components/schemas/Years' - - description: The number of years that you want to specify for the default - retention period. Must be used with Mode. + Id: + description: The ID used to identify the S3 Intelligent-Tiering configuration. + type: string + Prefix: + description: An object key name prefix that identifies the subset of objects to which the rule applies. + type: string + Status: + description: Specifies the status of the configuration. + type: string + enum: + - Disabled + - Enabled + TagFilters: + description: A container for a key-value pair. + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/TagFilter' + Tierings: + description: |- + Specifies a list of S3 Intelligent-Tiering storage class tiers in the configuration. At least one tier must be defined in the list. At most, you can specify two tiers in the list, one for each available AccessTier: ``ARCHIVE_ACCESS`` and ``DEEP_ARCHIVE_ACCESS``. + You only need Intelligent Tiering Configuration enabled on a bucket if you want to automatically move objects stored in the Intelligent-Tiering storage class to Archive Access or Deep Archive Access tiers. + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/Tiering' + required: + - Id + - Status + - Tierings + description: |- + Specifies the S3 Intelligent-Tiering configuration for an Amazon S3 bucket. + For information about the S3 Intelligent-Tiering storage class, see [Storage class for automatically optimizing frequently and infrequently accessed objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access). + Tiering: type: object - Delete: - description: Container for the objects to delete. + additionalProperties: false properties: - Object: - allOf: - - $ref: '#/components/schemas/ObjectIdentifierList' - - description: The objects to delete. - Quiet: - allOf: - - $ref: '#/components/schemas/Quiet' - - description: Element to enable quiet mode for the request. When you add - this element, you must set its value to true. - required: - - Objects - type: object - DeleteBucketAnalyticsConfigurationRequest: - properties: {} + AccessTier: + description: S3 Intelligent-Tiering access tier. See [Storage class for automatically optimizing frequently and infrequently accessed objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access) for a list of access tiers in the S3 Intelligent-Tiering storage class. + type: string + enum: + - ARCHIVE_ACCESS + - DEEP_ARCHIVE_ACCESS + Days: + description: The number of consecutive days of no access after which an object will be eligible to be transitioned to the corresponding tier. The minimum number of days specified for Archive Access tier must be at least 90 days and Deep Archive Access tier must be at least 180 days. The maximum can be up to 2 years (730 days). + type: integer required: - - Bucket - - Id - title: DeleteBucketAnalyticsConfigurationRequest + - AccessTier + - Days + description: The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without additional operational overhead. + InventoryConfiguration: type: object - DeleteBucketCorsRequest: - properties: {} + additionalProperties: false + properties: + Destination: + $ref: '#/components/schemas/Destination' + description: Contains information about where to publish the inventory results. + Enabled: + description: Specifies whether the inventory is enabled or disabled. If set to ``True``, an inventory list is generated. If set to ``False``, no inventory list is generated. + type: boolean + Id: + description: The ID used to identify the inventory configuration. + type: string + IncludedObjectVersions: + description: Object versions to include in the inventory list. If set to ``All``, the list includes all the object versions, which adds the version-related fields ``VersionId``, ``IsLatest``, and ``DeleteMarker`` to the list. If set to ``Current``, the list does not contain these version-related fields. + type: string + enum: + - All + - Current + OptionalFields: + description: Contains the optional fields that are included in the inventory results. + type: array + uniqueItems: true + x-insertionOrder: true + items: + type: string + enum: + - Size + - LastModifiedDate + - StorageClass + - ETag + - IsMultipartUploaded + - ReplicationStatus + - EncryptionStatus + - ObjectLockRetainUntilDate + - ObjectLockMode + - ObjectLockLegalHoldStatus + - IntelligentTieringAccessTier + - BucketKeyStatus + - ChecksumAlgorithm + - ObjectAccessControlList + - ObjectOwner + Prefix: + description: Specifies the inventory filter prefix. + type: string + ScheduleFrequency: + description: Specifies the schedule for generating inventory results. + type: string + enum: + - Daily + - Weekly required: - - Bucket - title: DeleteBucketCorsRequest + - Destination + - Enabled + - Id + - IncludedObjectVersions + - ScheduleFrequency + description: Specifies the inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference*. + LifecycleConfiguration: type: object - DeleteBucketEncryptionRequest: - properties: {} + additionalProperties: false + properties: + Rules: + description: A lifecycle rule for individual objects in an Amazon S3 bucket. + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/Rule' required: - - Bucket - title: DeleteBucketEncryptionRequest + - Rules + description: Specifies the lifecycle configuration for objects in an Amazon S3 bucket. For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide*. + Rule: type: object - DeleteBucketIntelligentTieringConfigurationRequest: - properties: {} + description: |- + Specifies lifecycle rules for an Amazon S3 bucket. For more information, see [Put Bucket Lifecycle Configuration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html) in the *Amazon S3 API Reference*. + You must specify at least one of the following properties: ``AbortIncompleteMultipartUpload``, ``ExpirationDate``, ``ExpirationInDays``, ``NoncurrentVersionExpirationInDays``, ``NoncurrentVersionTransition``, ``NoncurrentVersionTransitions``, ``Transition``, or ``Transitions``. + additionalProperties: false + properties: + AbortIncompleteMultipartUpload: + $ref: '#/components/schemas/AbortIncompleteMultipartUpload' + description: Specifies a lifecycle rule that stops incomplete multipart uploads to an Amazon S3 bucket. + ExpirationDate: + $ref: '#/components/schemas/iso8601UTC' + description: Indicates when objects are deleted from Amazon S3 and Amazon S3 Glacier. The date value must be in ISO 8601 format. The time is always midnight UTC. If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time. + ExpirationInDays: + type: integer + description: Indicates the number of days after creation when objects are deleted from Amazon S3 and Amazon S3 Glacier. If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time. + ExpiredObjectDeleteMarker: + type: boolean + description: Indicates whether Amazon S3 will remove a delete marker without any noncurrent versions. If set to true, the delete marker will be removed if there are no noncurrent versions. This cannot be specified with ``ExpirationInDays``, ``ExpirationDate``, or ``TagFilters``. + Id: + type: string + maxLength: 255 + description: Unique identifier for the rule. The value can't be longer than 255 characters. + NoncurrentVersionExpirationInDays: + type: integer + description: (Deprecated.) For buckets with versioning enabled (or suspended), specifies the time, in days, between when a new version of the object is uploaded to the bucket and when old versions of the object expire. When object versions expire, Amazon S3 permanently deletes them. If you specify a transition and expiration time, the expiration time must be later than the transition time. + NoncurrentVersionExpiration: + $ref: '#/components/schemas/NoncurrentVersionExpiration' + description: Specifies when noncurrent object versions expire. Upon expiration, S3 permanently deletes the noncurrent object versions. You set this lifecycle configuration action on a bucket that has versioning enabled (or suspended) to request that S3 delete noncurrent object versions at a specific period in the object's lifetime. + NoncurrentVersionTransition: + $ref: '#/components/schemas/NoncurrentVersionTransition' + description: (Deprecated.) For buckets with versioning enabled (or suspended), specifies when non-current objects transition to a specified storage class. If you specify a transition and expiration time, the expiration time must be later than the transition time. If you specify this property, don't specify the ``NoncurrentVersionTransitions`` property. + NoncurrentVersionTransitions: + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/NoncurrentVersionTransition' + description: For buckets with versioning enabled (or suspended), one or more transition rules that specify when non-current objects transition to a specified storage class. If you specify a transition and expiration time, the expiration time must be later than the transition time. If you specify this property, don't specify the ``NoncurrentVersionTransition`` property. + Prefix: + type: string + description: |- + Object key prefix that identifies one or more objects to which this rule applies. + Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). + Status: + type: string + enum: + - Enabled + - Disabled + description: If ``Enabled``, the rule is currently being applied. If ``Disabled``, the rule is not currently being applied. + TagFilters: + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/TagFilter' + description: Tags to use to identify a subset of objects to which the lifecycle rule applies. + ObjectSizeGreaterThan: + type: string + maxLength: 20 + pattern: '[0-9]+' + description: Specifies the minimum object size in bytes for this rule to apply to. Objects must be larger than this value in bytes. For more information about size based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide*. + ObjectSizeLessThan: + type: string + maxLength: 20 + pattern: '[0-9]+' + description: Specifies the maximum object size in bytes for this rule to apply to. Objects must be smaller than this value in bytes. For more information about sized based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide*. + Transition: + $ref: '#/components/schemas/Transition' + description: (Deprecated.) Specifies when an object transitions to a specified storage class. If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time. If you specify this property, don't specify the ``Transitions`` property. + Transitions: + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/Transition' + description: One or more transition rules that specify when an object transitions to a specified storage class. If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time. If you specify this property, don't specify the ``Transition`` property. required: - - Bucket - - Id - title: DeleteBucketIntelligentTieringConfigurationRequest + - Status + AbortIncompleteMultipartUpload: + description: Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload. For more information, see [Stopping Incomplete Multipart Uploads Using a Bucket Lifecycle Policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) in the *Amazon S3 User Guide*. type: object - DeleteBucketInventoryConfigurationRequest: - properties: {} + additionalProperties: false + properties: + DaysAfterInitiation: + description: Specifies the number of days after which Amazon S3 stops an incomplete multipart upload. + type: integer + minimum: 0 required: - - Bucket - - Id - title: DeleteBucketInventoryConfigurationRequest + - DaysAfterInitiation + iso8601UTC: + description: The date value in ISO 8601 format. The timezone is always UTC. (YYYY-MM-DDThh:mm:ssZ) + type: string + pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$ + NoncurrentVersionExpiration: type: object - DeleteBucketLifecycleRequest: - properties: {} + description: >- + Specifies when noncurrent object versions expire. Upon expiration, S3 permanently deletes the noncurrent object versions. You set this lifecycle configuration action on a bucket that has versioning enabled (or suspended) to request that S3 delete noncurrent object versions at a specific period in the object's lifetime. For more information about setting a lifecycle rule configuration, see [AWS::S3::Bucket + Rule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lifecycleconfig-rule.html). + additionalProperties: false + properties: + NoncurrentDays: + description: Specifies the number of days an object is noncurrent before S3 can perform the associated action. For information about the noncurrent days calculations, see [How Amazon S3 Calculates When an Object Became Noncurrent](https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations) in the *Amazon S3 User Guide*. + type: integer + NewerNoncurrentVersions: + description: Specifies how many noncurrent versions S3 will retain. If there are this many more recent noncurrent versions, S3 will take the associated action. For more information about noncurrent versions, see [Lifecycle configuration elements](https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) in the *Amazon S3 User Guide*. + type: integer required: - - Bucket - title: DeleteBucketLifecycleRequest + - NoncurrentDays + NoncurrentVersionTransition: type: object - DeleteBucketMetricsConfigurationRequest: - properties: {} + description: >- + Container for the transition rule that describes when noncurrent objects transition to the ``STANDARD_IA``, ``ONEZONE_IA``, ``INTELLIGENT_TIERING``, ``GLACIER_IR``, ``GLACIER``, or ``DEEP_ARCHIVE`` storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to the ``STANDARD_IA``, ``ONEZONE_IA``, ``INTELLIGENT_TIERING``, ``GLACIER_IR``, ``GLACIER``, or ``DEEP_ARCHIVE`` storage + class at a specific period in the object's lifetime. If you specify this property, don't specify the ``NoncurrentVersionTransitions`` property. + additionalProperties: false + properties: + StorageClass: + description: The class of storage used to store the object. + type: string + enum: + - DEEP_ARCHIVE + - GLACIER + - Glacier + - GLACIER_IR + - INTELLIGENT_TIERING + - ONEZONE_IA + - STANDARD_IA + TransitionInDays: + description: Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see [How Amazon S3 Calculates How Long an Object Has Been Noncurrent](https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations) in the *Amazon S3 User Guide*. + type: integer + NewerNoncurrentVersions: + description: Specifies how many noncurrent versions S3 will retain. If there are this many more recent noncurrent versions, S3 will take the associated action. For more information about noncurrent versions, see [Lifecycle configuration elements](https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) in the *Amazon S3 User Guide*. + type: integer required: - - Bucket - - Id - title: DeleteBucketMetricsConfigurationRequest + - StorageClass + - TransitionInDays + Transition: + type: object + properties: + StorageClass: + type: string + enum: + - DEEP_ARCHIVE + - GLACIER + - Glacier + - GLACIER_IR + - INTELLIGENT_TIERING + - ONEZONE_IA + - STANDARD_IA + description: The storage class to which you want the object to transition. + TransitionDate: + $ref: '#/components/schemas/iso8601UTC' + description: Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC. + TransitionInDays: + type: integer + description: Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer. + additionalProperties: false + description: Specifies when an object transitions to a specified storage class. For more information about Amazon S3 lifecycle configuration rules, see [Transitioning Objects Using Amazon S3 Lifecycle](https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html) in the *Amazon S3 User Guide*. + required: + - StorageClass + LoggingConfiguration: + type: object + properties: + DestinationBucketName: + type: string + description: The name of the bucket where Amazon S3 should store server access log files. You can store log files in any bucket that you own. By default, logs are stored in the bucket where the ``LoggingConfiguration`` property is defined. + LogFilePrefix: + type: string + description: A prefix for all log object keys. If you store log files from multiple Amazon S3 buckets in a single bucket, you can use a prefix to distinguish which log files came from which bucket. + TargetObjectKeyFormat: + $ref: '#/components/schemas/TargetObjectKeyFormat' + description: Amazon S3 key format for log objects. Only one format, either PartitionedPrefix or SimplePrefix, is allowed. + additionalProperties: false + description: |- + Describes where logs are stored and the prefix that Amazon S3 assigns to all log object keys for a bucket. For examples and more information, see [PUT Bucket logging](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) in the *Amazon S3 API Reference*. + To successfully complete the ``AWS::S3::Bucket LoggingConfiguration`` request, you must have ``s3:PutObject`` and ``s3:PutObjectAcl`` in your IAM permissions. + TargetObjectKeyFormat: + type: object + description: Describes the key format for server access log file in the target bucket. You can choose between SimplePrefix and PartitionedPrefix. + oneOf: + - additionalProperties: false + properties: + SimplePrefix: + description: This format defaults the prefix to the given log file prefix for delivering server access log file. + type: object + additionalProperties: false + required: + - SimplePrefix + - additionalProperties: false + properties: + PartitionedPrefix: + $ref: '#/components/schemas/PartitionedPrefix' + required: + - PartitionedPrefix + PartitionedPrefix: + type: object + description: |- + Amazon S3 keys for log objects are partitioned in the following format: + ``[DestinationPrefix][SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]`` + PartitionedPrefix defaults to EventTime delivery when server access logs are delivered. + properties: + PartitionDateSource: + type: string + description: Specifies the partition date source for the partitioned prefix. PartitionDateSource can be EventTime or DeliveryTime. + enum: + - EventTime + - DeliveryTime + additionalProperties: false + MetricsConfiguration: type: object - DeleteBucketOwnershipControlsRequest: - properties: {} + additionalProperties: false + properties: + AccessPointArn: + type: string + description: The access point that was used while performing operations on the object. The metrics configuration only includes objects that meet the filter's criteria. + Id: + type: string + description: The ID used to identify the metrics configuration. This can be any value you choose that helps you identify your metrics configuration. + Prefix: + type: string + description: The prefix that an object must have to be included in the metrics results. + TagFilters: + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/TagFilter' + description: Specifies a list of tag filters to use as a metrics configuration filter. The metrics configuration includes only objects that meet the filter's criteria. required: - - Bucket - title: DeleteBucketOwnershipControlsRequest + - Id + description: >- + Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For examples, see + [AWS::S3::Bucket](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#aws-properties-s3-bucket--examples). For more information, see [PUT Bucket metrics](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html) in the *Amazon S3 API Reference*. + NotificationConfiguration: + description: |- + Describes the notification configuration for an Amazon S3 bucket. + If you create the target resource and related permissions in the same template, you might have a circular dependency. + For example, you might use the ``AWS::Lambda::Permission`` resource to grant the bucket permission to invoke an AWS Lambda function. However, AWS CloudFormation can't create the bucket until the bucket has permission to invoke the function (AWS CloudFormation checks whether the bucket can invoke the function). If you're using Refs to pass the bucket name, this leads to a circular dependency. + To avoid this dependency, you can create all resources without specifying the notification configuration. Then, update the stack with a notification configuration. + For more information on permissions, see [AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html) and [Granting Permissions to Publish Event Notification Messages to a Destination](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#grant-destinations-permissions-to-s3). + type: object + additionalProperties: false + properties: + EventBridgeConfiguration: + $ref: '#/components/schemas/EventBridgeConfiguration' + description: Enables delivery of events to Amazon EventBridge. + LambdaConfigurations: + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/LambdaConfiguration' + description: Describes the LAMlong functions to invoke and the events for which to invoke them. + QueueConfigurations: + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/QueueConfiguration' + description: The Amazon Simple Queue Service queues to publish messages to and the events for which to publish messages. + TopicConfigurations: + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/TopicConfiguration' + description: The topic to which notifications are sent and the events for which notifications are generated. + EventBridgeConfiguration: type: object - DeleteBucketPolicyRequest: - properties: {} + description: |- + Amazon S3 can send events to Amazon EventBridge whenever certain events happen in your bucket, see [Using EventBridge](https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventBridge.html) in the *Amazon S3 User Guide*. + Unlike other destinations, delivery of events to EventBridge can be either enabled or disabled for a bucket. If enabled, all events will be sent to EventBridge and you can use EventBridge rules to route events to additional targets. For more information, see [What Is Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is.html) in the *Amazon EventBridge User Guide* + additionalProperties: false + properties: + EventBridgeEnabled: + description: Enables delivery of events to Amazon EventBridge. + type: boolean + default: 'true' required: - - Bucket - title: DeleteBucketPolicyRequest + - EventBridgeEnabled + LambdaConfiguration: type: object - DeleteBucketReplicationRequest: - properties: {} + description: Describes the LAMlong functions to invoke and the events for which to invoke them. + additionalProperties: false + properties: + Event: + description: The Amazon S3 bucket event for which to invoke the LAMlong function. For more information, see [Supported Event Types](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the *Amazon S3 User Guide*. + type: string + Filter: + description: The filtering rules that determine which objects invoke the AWS Lambda function. For example, you can create a filter so that only image files with a ``.jpg`` extension invoke the function when they are added to the Amazon S3 bucket. + $ref: '#/components/schemas/NotificationFilter' + Function: + description: The Amazon Resource Name (ARN) of the LAMlong function that Amazon S3 invokes when the specified event type occurs. + type: string required: - - Bucket - title: DeleteBucketReplicationRequest + - Function + - Event + QueueConfiguration: type: object - DeleteBucketRequest: - properties: {} + description: Specifies the configuration for publishing messages to an Amazon Simple Queue Service (Amazon SQS) queue when Amazon S3 detects specified events. + additionalProperties: false + properties: + Event: + description: The Amazon S3 bucket event about which you want to publish messages to Amazon SQS. For more information, see [Supported Event Types](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the *Amazon S3 User Guide*. + type: string + Filter: + description: The filtering rules that determine which objects trigger notifications. For example, you can create a filter so that Amazon S3 sends notifications only when image files with a ``.jpg`` extension are added to the bucket. For more information, see [Configuring event notifications using object key name filtering](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/notification-how-to-filtering.html) in the *Amazon S3 User Guide*. + $ref: '#/components/schemas/NotificationFilter' + Queue: + description: The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3 publishes a message when it detects events of the specified type. FIFO queues are not allowed when enabling an SQS queue as the event notification destination. + type: string required: - - Bucket - title: DeleteBucketRequest + - Event + - Queue + TopicConfiguration: type: object - DeleteBucketTaggingRequest: - properties: {} + description: A container for specifying the configuration for publication of messages to an Amazon Simple Notification Service (Amazon SNS) topic when Amazon S3 detects specified events. + additionalProperties: false + properties: + Event: + description: The Amazon S3 bucket event about which to send notifications. For more information, see [Supported Event Types](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the *Amazon S3 User Guide*. + type: string + Filter: + description: The filtering rules that determine for which objects to send notifications. For example, you can create a filter so that Amazon S3 sends notifications only when image files with a ``.jpg`` extension are added to the bucket. + $ref: '#/components/schemas/NotificationFilter' + Topic: + description: The Amazon Resource Name (ARN) of the Amazon SNS topic to which Amazon S3 publishes a message when it detects events of the specified type. + type: string required: - - Bucket - title: DeleteBucketTaggingRequest + - Event + - Topic + NotificationFilter: type: object - DeleteBucketWebsiteRequest: - properties: {} + description: Specifies object key name filtering rules. For information about key name filtering, see [Configuring event notifications using object key name filtering](https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) in the *Amazon S3 User Guide*. + additionalProperties: false + properties: + S3Key: + $ref: '#/components/schemas/S3KeyFilter' + description: A container for object key name prefix and suffix filtering rules. required: - - Bucket - title: DeleteBucketWebsiteRequest + - S3Key + S3KeyFilter: type: object - DeleteMarker: - type: boolean - DeleteMarkerEntry: - description: Information about the delete marker. + description: |- + A container for object key name prefix and suffix filtering rules. For more information about object key name filtering, see [Configuring event notifications using object key name filtering](https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) in the *Amazon S3 User Guide*. + The same type of filter rule cannot be used more than once. For example, you cannot specify two prefix rules. + additionalProperties: false properties: - IsLatest: - allOf: - - $ref: '#/components/schemas/IsLatest' - - description: Specifies whether the object is (true) or is not (false) - the latest version of an object. - Key: - allOf: - - $ref: '#/components/schemas/ObjectKey' - - description: The object key. - LastModified: - allOf: - - $ref: '#/components/schemas/LastModified' - - description: Date and time the object was last modified. - Owner: - allOf: - - $ref: '#/components/schemas/Owner' - - description: The account that created the delete marker.> - VersionId: - allOf: - - $ref: '#/components/schemas/ObjectVersionId' - - description: Version ID of an object. + Rules: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/FilterRule' + description: A list of containers for the key-value pair that defines the criteria for the filter rule. + required: + - Rules + FilterRule: type: object - DeleteMarkerReplication: - description:

Specifies whether Amazon S3 replicates delete markers. If you - specify a Filter in your replication configuration, you must - also include a DeleteMarkerReplication element. If your Filter - includes a Tag element, the DeleteMarkerReplication - Status must be set to Disabled, because Amazon S3 does not support - replicating delete markers for tag-based rules. For an example configuration, - see Basic - Rule Configuration.

For more information about delete marker replication, - see Basic - Rule Configuration.

If you are using an earlier version - of the replication configuration, Amazon S3 handles replication of delete - markers differently. For more information, see Backward - Compatibility.

 + description: >- + Specifies the Amazon S3 object key name to filter on. An object key name is the name assigned to an object in your Amazon S3 bucket. You specify whether to filter on the suffix or prefix of the object key name. A prefix is a specific string of characters at the beginning of an object key name, which you can use to organize objects. For example, you can start the key names of related objects with a prefix, such as ``2023-`` or ``engineering/``. Then, you can use ``FilterRule`` to find + objects in a bucket with key names that have the same prefix. A suffix is similar to a prefix, but it is at the end of the object key name instead of at the beginning. + additionalProperties: false properties: - Status: - allOf: - - $ref: '#/components/schemas/DeleteMarkerReplicationStatus' - - description:

Indicates whether to replicate delete markers.

-

Indicates whether to replicate delete markers.

 + Name: + type: string + maxLength: 1024 + description: The object key name prefix or suffix identifying one or more objects to which the filtering rule applies. The maximum length is 1,024 characters. Overlapping prefixes and suffixes are not supported. For more information, see [Configuring Event Notifications](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the *Amazon S3 User Guide*. + Value: + type: string + description: The value that the filter searches for in object key names. + required: + - Value + - Name + ObjectLockConfiguration: type: object - DeleteMarkerReplicationStatus: - enum: - - Enabled - - Disabled - type: string - DeleteMarkerVersionId: - type: string - DeleteMarkers: - items: - $ref: '#/components/schemas/DeleteMarkerEntry' - type: array - xml: - wrapped: false - DeleteObjectOutput: - example: {} - properties: {} + additionalProperties: false + properties: + ObjectLockEnabled: + type: string + x-const: Enabled + description: Indicates whether this bucket has an Object Lock configuration enabled. Enable ``ObjectLockEnabled`` when you apply ``ObjectLockConfiguration`` to a bucket. + Rule: + $ref: '#/components/schemas/ObjectLockRule' + description: >- + Specifies the Object Lock rule for the specified object. Enable this rule when you apply ``ObjectLockConfiguration`` to a bucket. If Object Lock is turned on, bucket settings require both ``Mode`` and a period of either ``Days`` or ``Years``. You cannot specify ``Days`` and ``Years`` at the same time. For more information, see [ObjectLockRule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-objectlockrule.html) and + [DefaultRetention](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html). + description: Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + ObjectLockRule: type: object - DeleteObjectRequest: - properties: {} - required: - - Bucket - - Key - title: DeleteObjectRequest + description: Specifies the Object Lock rule for the specified object. Enable the this rule when you apply ``ObjectLockConfiguration`` to a bucket. + additionalProperties: false + properties: + DefaultRetention: + $ref: '#/components/schemas/DefaultRetention' + description: >- + The default Object Lock retention mode and period that you want to apply to new objects placed in the specified bucket. If Object Lock is turned on, bucket settings require both ``Mode`` and a period of either ``Days`` or ``Years``. You cannot specify ``Days`` and ``Years`` at the same time. For more information about allowable values for mode and period, see + [DefaultRetention](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html). + DefaultRetention: type: object - DeleteObjectTaggingOutput: - example: - VersionId: 'null' - properties: {} + description: |- + The container element for specifying the default Object Lock retention settings for new objects placed in the specified bucket. + + The ``DefaultRetention`` settings require both a mode and a period. + + The ``DefaultRetention`` period can be either ``Days`` or ``Years`` but you must select one. You cannot specify ``Days`` and ``Years`` at the same time. + additionalProperties: false + properties: + Years: + type: integer + description: The number of years that you want to specify for the default retention period. If Object Lock is turned on, you must specify ``Mode`` and specify either ``Days`` or ``Years``. + Days: + type: integer + description: The number of days that you want to specify for the default retention period. If Object Lock is turned on, you must specify ``Mode`` and specify either ``Days`` or ``Years``. + Mode: + type: string + enum: + - COMPLIANCE + - GOVERNANCE + description: The default Object Lock retention mode you want to apply to new objects placed in the specified bucket. If Object Lock is turned on, you must specify ``Mode`` and specify either ``Days`` or ``Years``. + OwnershipControls: type: object - DeleteObjectTaggingRequest: - properties: {} + additionalProperties: false + properties: + Rules: + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/OwnershipControlsRule' + description: Specifies the container element for Object Ownership rules. required: - - Bucket - - Key - title: DeleteObjectTaggingRequest + - Rules + description: |- + Specifies the container element for Object Ownership rules. + S3 Object Ownership is an Amazon S3 bucket-level setting that you can use to disable access control lists (ACLs) and take ownership of every object in your bucket, simplifying access management for data stored in Amazon S3. For more information, see [Controlling ownership of objects and disabling ACLs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide*. + OwnershipControlsRule: type: object - DeleteObjectsOutput: - example: - Deleted: - - DeleteMarker: 'true' - DeleteMarkerVersionId: A._w1z6EFiCF5uhtQMDal9JDkID9tQ7F - Key: objectkey1 - - DeleteMarker: 'true' - DeleteMarkerVersionId: iOd_ORxhkKe_e8G8_oSGxt2PjsCZKlkt - Key: objectkey2 + additionalProperties: false properties: - Deleted: - allOf: - - $ref: '#/components/schemas/DeletedObjects' - - description: Container element for a successful delete. It identifies - the object that was successfully deleted. - Error: - allOf: - - $ref: '#/components/schemas/Errors' - - description: Container for a failed delete action that describes the object - that Amazon S3 attempted to delete and the error it encountered. + ObjectOwnership: + description: Specifies an object ownership rule. + type: string + enum: + - ObjectWriter + - BucketOwnerPreferred + - BucketOwnerEnforced + description: |- + Specifies an Object Ownership rule. + S3 Object Ownership is an Amazon S3 bucket-level setting that you can use to disable access control lists (ACLs) and take ownership of every object in your bucket, simplifying access management for data stored in Amazon S3. For more information, see [Controlling ownership of objects and disabling ACLs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide*. + ReplicationConfiguration: type: object - DeleteObjectsRequest: - properties: {} + description: A container for replication rules. You can add up to 1,000 rules. The maximum size of a replication configuration is 2 MB. The latest version of the replication configuration XML is V2. For more information about XML V2 replication configurations, see [Replication configuration](https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-add-config.html) in the *Amazon S3 User Guide*. + additionalProperties: false + properties: + Role: + description: The Amazon Resource Name (ARN) of the IAMlong (IAM) role that Amazon S3 assumes when replicating objects. For more information, see [How to Set Up Replication](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-how-setup.html) in the *Amazon S3 User Guide*. + type: string + Rules: + description: A container for one or more replication rules. A replication configuration must have at least one rule and can contain a maximum of 1,000 rules. + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/ReplicationRule' + maxLength: 1000 + minLength: 1 required: - - Bucket - - Delete - title: DeleteObjectsRequest + - Role + - Rules + ReplicationRule: type: object - DeletePublicAccessBlockRequest: - properties: {} + description: Specifies which Amazon S3 objects to replicate and where to store the replicas. + additionalProperties: false + properties: + DeleteMarkerReplication: + $ref: '#/components/schemas/DeleteMarkerReplication' + description: >- + Specifies whether Amazon S3 replicates delete markers. If you specify a ``Filter`` in your replication configuration, you must also include a ``DeleteMarkerReplication`` element. If your ``Filter`` includes a ``Tag`` element, the ``DeleteMarkerReplication`` ``Status`` must be set to Disabled, because Amazon S3 does not support replicating delete markers for tag-based rules. For an example configuration, see [Basic Rule + Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config). + For more information about delete marker replication, see [Basic Rule Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html). + If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see [Backward Compatibility](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations). + Destination: + $ref: '#/components/schemas/ReplicationDestination' + description: A container for information about the replication destination and its configurations including enabling the S3 Replication Time Control (S3 RTC). + Filter: + $ref: '#/components/schemas/ReplicationRuleFilter' + description: |- + A filter that identifies the subset of objects to which the replication rule applies. A ``Filter`` must specify exactly one ``Prefix``, ``TagFilter``, or an ``And`` child element. The use of the filter field indicates that this is a V2 replication configuration. This field isn't supported in a V1 replication configuration. + V1 replication configuration only supports filtering by key prefix. To filter using a V1 replication configuration, add the ``Prefix`` directly as a child element of the ``Rule`` element. + Id: + description: A unique identifier for the rule. The maximum value is 255 characters. If you don't specify a value, AWS CloudFormation generates a random ID. When using a V2 replication configuration this property is capitalized as "ID". + type: string + maxLength: 255 + Prefix: + description: |- + An object key name prefix that identifies the object or objects to which the rule applies. The maximum prefix length is 1,024 characters. To include all objects in a bucket, specify an empty string. To filter using a V1 replication configuration, add the ``Prefix`` directly as a child element of the ``Rule`` element. + Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). + type: string + maxLength: 1024 + Priority: + type: integer + description: |- + The priority indicates which rule has precedence whenever two or more replication rules conflict. Amazon S3 will attempt to replicate objects according to all replication rules. However, if there are two or more rules with the same destination bucket, then objects will be replicated according to the rule with the highest priority. The higher the number, the higher the priority. + For more information, see [Replication](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) in the *Amazon S3 User Guide*. + SourceSelectionCriteria: + $ref: '#/components/schemas/SourceSelectionCriteria' + description: A container that describes additional filters for identifying the source objects that you want to replicate. You can choose to enable or disable the replication of these objects. + Status: + description: Specifies whether the rule is enabled. + type: string + enum: + - Disabled + - Enabled required: - - Bucket - title: DeletePublicAccessBlockRequest + - Destination + - Status + DeleteMarkerReplication: type: object - DeletedObject: - description: Information about the deleted object. + additionalProperties: false properties: - DeleteMarker: - allOf: - - $ref: '#/components/schemas/DeleteMarker' - - description: Specifies whether the versioned object that was permanently - deleted was (true) or was not (false) a delete marker. In a simple DELETE, - this header indicates whether (true) or not (false) a delete marker - was created. - DeleteMarkerVersionId: - allOf: - - $ref: '#/components/schemas/DeleteMarkerVersionId' - - description: The version ID of the delete marker created as a result of - the DELETE operation. If you delete a specific object version, the value - returned by this header is the version ID of the object version deleted. - Key: - allOf: - - $ref: '#/components/schemas/ObjectKey' - - description: The name of the deleted object. - VersionId: - allOf: - - $ref: '#/components/schemas/ObjectVersionId' - - description: The version ID of the deleted object. + Status: + type: string + enum: + - Disabled + - Enabled + description: Indicates whether to replicate delete markers. Disabled by default. + description: >- + Specifies whether Amazon S3 replicates delete markers. If you specify a ``Filter`` in your replication configuration, you must also include a ``DeleteMarkerReplication`` element. If your ``Filter`` includes a ``Tag`` element, the ``DeleteMarkerReplication`` ``Status`` must be set to Disabled, because Amazon S3 does not support replicating delete markers for tag-based rules. For an example configuration, see [Basic Rule + Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config). + For more information about delete marker replication, see [Basic Rule Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html). + If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see [Backward Compatibility](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations). + ReplicationDestination: type: object - DeletedObjects: - items: - $ref: '#/components/schemas/DeletedObject' - type: array - xml: - wrapped: false - Delimiter: - type: string - Description: - type: string - Destination: - description: Specifies information about where to publish analysis or configuration - results for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC). + description: A container for information about the replication destination and its configurations including enabling the S3 Replication Time Control (S3 RTC). + additionalProperties: false properties: AccessControlTranslation: - allOf: - - $ref: '#/components/schemas/AccessControlTranslation' - - description: Specify this only in a cross-account scenario (where source - and destination bucket owners are not the same), and you want to change - replica ownership to the Amazon Web Services account that owns the destination - bucket. If this is not specified in the replication configuration, the - replicas are owned by same Amazon Web Services account that owns the - source object. + $ref: '#/components/schemas/AccessControlTranslation' + description: Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the AWS-account that owns the destination bucket. If this is not specified in the replication configuration, the replicas are owned by same AWS-account that owns the source object. Account: - allOf: - - $ref: '#/components/schemas/AccountId' - - description: 'Destination bucket owner account ID. In a cross-account - scenario, if you direct Amazon S3 to change replica ownership to the - Amazon Web Services account that owns the destination bucket by specifying - the AccessControlTranslation property, this is the account - ID of the destination bucket owner. For more information, see Replication - Additional Configuration: Changing the Replica Owner in the Amazon - S3 User Guide.' + type: string + description: |- + Destination bucket owner account ID. In a cross-account scenario, if you direct Amazon S3 to change replica ownership to the AWS-account that owns the destination bucket by specifying the ``AccessControlTranslation`` property, this is the account ID of the destination bucket owner. For more information, see [Cross-Region Replication Additional Configuration: Change Replica Owner](https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-change-owner.html) in the *Amazon S3 User Guide*. + If you specify the ``AccessControlTranslation`` property, the ``Account`` property is required. Bucket: - allOf: - - $ref: '#/components/schemas/BucketName' - - description: ' The Amazon Resource Name (ARN) of the bucket where you - want Amazon S3 to store the results.' + type: string + description: The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to store the results. EncryptionConfiguration: - allOf: - - $ref: '#/components/schemas/EncryptionConfiguration' - - description: A container that provides information about encryption. If - SourceSelectionCriteria is specified, you must specify - this element. + $ref: '#/components/schemas/EncryptionConfiguration' + description: Specifies encryption-related information. Metrics: - allOf: - - $ref: '#/components/schemas/Metrics' - - description: ' A container specifying replication metrics-related settings - enabling replication metrics and events. ' + $ref: '#/components/schemas/Metrics' + description: A container specifying replication metrics-related settings enabling replication metrics and events. ReplicationTime: - allOf: - - $ref: '#/components/schemas/ReplicationTime' - - description: ' A container specifying S3 Replication Time Control (S3 - RTC), including whether S3 RTC is enabled and the time when all objects - and operations on objects must be replicated. Must be specified together - with a Metrics block. ' + $ref: '#/components/schemas/ReplicationTime' + description: A container specifying S3 Replication Time Control (S3 RTC), including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. Must be specified together with a ``Metrics`` block. StorageClass: - allOf: - - $ref: '#/components/schemas/StorageClass' - - description:

The storage class to use when replicating objects, such - as S3 Standard or reduced redundancy. By default, Amazon S3 uses the - storage class of the source object to create the object replica.

-

For valid values, see the StorageClass element of the - PUT - Bucket replication action in the Amazon S3 API Reference.

+ description: |- + The storage class to use when replicating objects, such as S3 Standard or reduced redundancy. By default, Amazon S3 uses the storage class of the source object to create the object replica. + For valid values, see the ``StorageClass`` element of the [PUT Bucket replication](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) action in the *Amazon S3 API Reference*. + type: string + enum: + - DEEP_ARCHIVE + - GLACIER + - GLACIER_IR + - INTELLIGENT_TIERING + - ONEZONE_IA + - REDUCED_REDUNDANCY + - STANDARD + - STANDARD_IA required: - - Bucket + - Bucket + AccessControlTranslation: type: object - DisplayName: - type: string - ETag: - type: string - EmailAddress: - type: string - EnableRequestProgress: - type: boolean - EncodingType: - description: Requests Amazon S3 to encode the object keys in the response and - specifies the encoding method to use. An object key may contain any Unicode - character; however, XML 1.0 parser cannot parse some characters, such as characters - with an ASCII value from 0 to 10. For characters that are not supported in - XML 1.0, you can add this parameter to request that Amazon S3 encode the keys - in the response. - enum: - - url - type: string - Encryption: - description: Contains the type of server-side encryption used. + description: Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the AWS-account that owns the destination bucket. If this is not specified in the replication configuration, the replicas are owned by same AWS-account that owns the source object. + additionalProperties: false properties: - EncryptionType: - allOf: - - $ref: '#/components/schemas/ServerSideEncryption' - - description: The server-side encryption algorithm used when storing job - results in Amazon S3 (for example, AES256, aws:kms). - KMSContext: - allOf: - - $ref: '#/components/schemas/KMSContext' - - description: If the encryption type is aws:kms, this optional - value can be used to specify the encryption context for the restore - results. - KMSKeyId: - allOf: - - $ref: '#/components/schemas/SSEKMSKeyId' - - description: If the encryption type is aws:kms, this optional - value specifies the ID of the symmetric customer managed key to use - for encryption of job results. Amazon S3 only supports symmetric keys. - For more information, see Using - symmetric and asymmetric keys in the Amazon Web Services Key - Management Service Developer Guide. + Owner: + type: string + x-const: Destination + description: Specifies the replica ownership. For default and valid values, see [PUT bucket replication](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) in the *Amazon S3 API Reference*. required: - - EncryptionType - type: object + - Owner EncryptionConfiguration: - description: Specifies encryption-related information for an Amazon S3 bucket - that is a destination for replicated objects. + type: object + description: Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects. + additionalProperties: false properties: ReplicaKmsKeyID: - allOf: - - $ref: '#/components/schemas/ReplicaKmsKeyID' - - description: Specifies the ID (Key ARN or Alias ARN) of the customer managed - Amazon Web Services KMS key stored in Amazon Web Services Key Management - Service (KMS) for the destination bucket. Amazon S3 uses this key to - encrypt replica objects. Amazon S3 only supports symmetric, customer - managed KMS keys. For more information, see Using - symmetric and asymmetric keys in the Amazon Web Services Key - Management Service Developer Guide. - type: object - End: - type: integer - EndEvent: - description: A message that indicates the request is complete and no more messages - will be sent. You should not assume that the request is complete until the - client receives an EndEvent. - properties: {} + description: Specifies the ID (Key ARN or Alias ARN) of the customer managed AWS KMS key stored in AWS Key Management Service (KMS) for the destination bucket. Amazon S3 uses this key to encrypt replica objects. Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. + type: string + required: + - ReplicaKmsKeyID + Metrics: type: object - Error: - description: Container for all error elements. + additionalProperties: false properties: - Code: - allOf: - - $ref: '#/components/schemas/Code' - - description: '

The error code is a string that uniquely identifies an - error condition. It is meant to be read and understood by programs that - detect and handle errors by type.

Amazon S3 - error codes

    • Code: AccessDenied -

    • Description: Access Denied

    • -

      HTTP Status Code: 403 Forbidden

    • SOAP - Fault Code Prefix: Client

    • - Code: AccountProblem

    • Description: There - is a problem with your Amazon Web Services account that prevents the - action from completing successfully. Contact Amazon Web Services Support - for further assistance.

    • HTTP Status Code: - 403 Forbidden

    • SOAP Fault Code Prefix: Client

      -

    • Code: AllAccessDisabled

      -

    • Description: All access to this Amazon S3 resource - has been disabled. Contact Amazon Web Services Support for further assistance.

      -

    • HTTP Status Code: 403 Forbidden

    • -

      SOAP Fault Code Prefix: Client

  • -

    • Code: AmbiguousGrantByEmailAddress

    • -

      Description: The email address you provided is associated - with more than one account.

    • HTTP Status Code: - 400 Bad Request

    • SOAP Fault Code Prefix: Client

      -

    • Code: AuthorizationHeaderMalformed

      -

    • Description: The authorization header you provided - is invalid.

    • HTTP Status Code: 400 Bad Request

      -

    • HTTP Status Code: N/A

  • -

    • Code: BadDigest

    • Description: - The Content-MD5 you specified did not match what we received.

      • -

    • HTTP Status Code: 400 Bad Request

    • - SOAP Fault Code Prefix: Client

    • -

    • Code: BucketAlreadyExists

    • Description: - The requested bucket name is not available. The bucket namespace is - shared by all users of the system. Please select a different name and - try again.

    • HTTP Status Code: 409 Conflict

      -

    • SOAP Fault Code Prefix: Client

    -

    • Code: BucketAlreadyOwnedByYou

      • -

    • Description: The bucket you tried to create already - exists, and you own it. Amazon S3 returns this error in all Amazon Web - Services Regions except in the North Virginia Region. For legacy compatibility, - if you re-create an existing bucket that you already own in the North - Virginia Region, Amazon S3 returns 200 OK and resets the bucket access - control lists (ACLs).

    • Code: 409 Conflict (in - all Regions except the North Virginia Region)

    • SOAP - Fault Code Prefix: Client

    • - Code: BucketNotEmpty

    • Description: The - bucket you tried to delete is not empty.

    • HTTP - Status Code: 409 Conflict

    • SOAP Fault Code - Prefix: Client

    • Code: - CredentialsNotSupported

    • Description: This - request does not support credentials.

    • HTTP Status - Code: 400 Bad Request

    • SOAP Fault Code Prefix: - Client

    • Code: CrossLocationLoggingProhibited

      -

    • Description: Cross-location logging not allowed. - Buckets in one geographic location cannot log information to a bucket - in another location.

    • HTTP Status Code: 403 - Forbidden

    • SOAP Fault Code Prefix: Client

      -

    • Code: EntityTooSmall

      -

    • Description: Your proposed upload is smaller than - the minimum allowed object size.

    • HTTP Status Code: - 400 Bad Request

    • SOAP Fault Code Prefix: Client

      -

    • Code: EntityTooLarge

      -

    • Description: Your proposed upload exceeds the - maximum allowed object size.

    • HTTP Status Code: - 400 Bad Request

    • SOAP Fault Code Prefix: Client

      -

    • Code: ExpiredToken

      • -

    • Description: The provided token has expired.

      • -

    • HTTP Status Code: 400 Bad Request

    • - SOAP Fault Code Prefix: Client

    • -

    • Code: IllegalVersioningConfigurationException

      • -

    • Description: Indicates that the versioning configuration - specified in the request is invalid.

    • HTTP Status - Code: 400 Bad Request

    • SOAP Fault Code Prefix: - Client

    • Code: IncompleteBody

      -

    • Description: You did not provide the number of - bytes specified by the Content-Length HTTP header

    • - HTTP Status Code: 400 Bad Request

    • SOAP - Fault Code Prefix: Client

    • - Code: IncorrectNumberOfFilesInPostRequest

    • - Description: POST requires exactly one file upload per request.

      -

    • HTTP Status Code: 400 Bad Request

    • -

      SOAP Fault Code Prefix: Client

  • -

    • Code: InlineDataTooLarge

    • Description: - Inline data exceeds the maximum allowed size.

    • HTTP - Status Code: 400 Bad Request

    • SOAP Fault Code - Prefix: Client

    • Code: - InternalError

    • Description: We encountered - an internal error. Please try again.

    • HTTP Status - Code: 500 Internal Server Error

    • SOAP Fault - Code Prefix: Server

    • Code: - InvalidAccessKeyId

    • Description: The Amazon - Web Services access key ID you provided does not exist in our records.

      -

    • HTTP Status Code: 403 Forbidden

    • -

      SOAP Fault Code Prefix: Client

  • -

    • Code: InvalidAddressingHeader

    • - Description: You must specify the Anonymous role.

    • -

      HTTP Status Code: N/A

    • SOAP Fault Code - Prefix: Client

    • Code: - InvalidArgument

    • Description: Invalid Argument

      -

    • HTTP Status Code: 400 Bad Request

    • -

      SOAP Fault Code Prefix: Client

  • -

    • Code: InvalidBucketName

    • Description: - The specified bucket is not valid.

    • HTTP Status - Code: 400 Bad Request

    • SOAP Fault Code Prefix: - Client

    • Code: InvalidBucketState

      -

    • Description: The request is not valid with the - current state of the bucket.

    • HTTP Status Code: - 409 Conflict

    • SOAP Fault Code Prefix: Client

      -

    • Code: InvalidDigest

      -

    • Description: The Content-MD5 you specified is - not valid.

    • HTTP Status Code: 400 Bad Request

      -

    • SOAP Fault Code Prefix: Client

    -

    • Code: InvalidEncryptionAlgorithmError

      -

    • Description: The encryption request you specified - is not valid. The valid value is AES256.

    • HTTP - Status Code: 400 Bad Request

    • SOAP Fault Code - Prefix: Client

    • Code: - InvalidLocationConstraint

    • Description: The - specified location constraint is not valid. For more information about - Regions, see How - to Select a Region for Your Buckets.

    • HTTP - Status Code: 400 Bad Request

    • SOAP Fault Code - Prefix: Client

    • Code: - InvalidObjectState

    • Description: The action - is not valid for the current state of the object.

    • - HTTP Status Code: 403 Forbidden

    • SOAP Fault - Code Prefix: Client

    • Code: - InvalidPart

    • Description: One or more of the - specified parts could not be found. The part might not have been uploaded, - or the specified entity tag might not have matched the part''s entity - tag.

    • HTTP Status Code: 400 Bad Request

      -

    • SOAP Fault Code Prefix: Client

    -

    • Code: InvalidPartOrder

    • -

      Description: The list of parts was not in ascending order. - Parts list must be specified in order by part number.

    • -

      HTTP Status Code: 400 Bad Request

    • SOAP - Fault Code Prefix: Client

    • - Code: InvalidPayer

    • Description: All - access to this object has been disabled. Please contact Amazon Web Services - Support for further assistance.

    • HTTP Status Code: - 403 Forbidden

    • SOAP Fault Code Prefix: Client

      -

    • Code: InvalidPolicyDocument

      -

    • Description: The content of the form does not - meet the conditions specified in the policy document.

    • -

      HTTP Status Code: 400 Bad Request

    • SOAP - Fault Code Prefix: Client

    • - Code: InvalidRange

    • Description: The - requested range cannot be satisfied.

    • HTTP Status - Code: 416 Requested Range Not Satisfiable

    • SOAP - Fault Code Prefix: Client

    • - Code: InvalidRequest

    • Description: Please - use AWS4-HMAC-SHA256.

    • HTTP Status - Code: 400 Bad Request

    • Code: N/A

      • -

    • Code: InvalidRequest

      • -

    • Description: SOAP requests must be made over an HTTPS - connection.

    • HTTP Status Code: 400 Bad Request

      -

    • SOAP Fault Code Prefix: Client

    -

    • Code: InvalidRequest

    • -

      Description: Amazon S3 Transfer Acceleration is not supported - for buckets with non-DNS compliant names.

    • HTTP - Status Code: 400 Bad Request

    • Code: N/A

      -

    • Code: InvalidRequest

      -

    • Description: Amazon S3 Transfer Acceleration is - not supported for buckets with periods (.) in their names.

      • -

    • HTTP Status Code: 400 Bad Request

    • - Code: N/A

    • Code: - InvalidRequest

    • Description: Amazon S3 Transfer - Accelerate endpoint only supports virtual style requests.

      • -

    • HTTP Status Code: 400 Bad Request

    • - Code: N/A

    • Code: - InvalidRequest

    • Description: Amazon S3 Transfer - Accelerate is not configured on this bucket.

    • HTTP - Status Code: 400 Bad Request

    • Code: N/A

      -

    • Code: InvalidRequest

      -

    • Description: Amazon S3 Transfer Accelerate is - disabled on this bucket.

    • HTTP Status Code: - 400 Bad Request

    • Code: N/A

    -

    • Code: InvalidRequest

    • -

      Description: Amazon S3 Transfer Acceleration is not supported - on this bucket. Contact Amazon Web Services Support for more information.

      -

    • HTTP Status Code: 400 Bad Request

    • -

      Code: N/A

    • Code: - InvalidRequest

    • Description: Amazon S3 Transfer - Acceleration cannot be enabled on this bucket. Contact Amazon Web Services - Support for more information.

    • HTTP Status Code: - 400 Bad Request

    • Code: N/A

    -

    • Code: InvalidSecurity

    • -

      Description: The provided security credentials are not valid.

      -

    • HTTP Status Code: 403 Forbidden

    • -

      SOAP Fault Code Prefix: Client

  • -

    • Code: InvalidSOAPRequest

    • Description: - The SOAP request body is invalid.

    • HTTP Status - Code: 400 Bad Request

    • SOAP Fault Code Prefix: - Client

    • Code: InvalidStorageClass

      -

    • Description: The storage class you specified is - not valid.

    • HTTP Status Code: 400 Bad Request

      -

    • SOAP Fault Code Prefix: Client

    -

    • Code: InvalidTargetBucketForLogging

      -

    • Description: The target bucket for logging does - not exist, is not owned by you, or does not have the appropriate grants - for the log-delivery group.

    • HTTP Status Code: - 400 Bad Request

    • SOAP Fault Code Prefix: Client

      -

    • Code: InvalidToken

      • -

    • Description: The provided token is malformed or otherwise - invalid.

    • HTTP Status Code: 400 Bad Request

      -

    • SOAP Fault Code Prefix: Client

    -

    • Code: InvalidURI

    • - Description: Couldn''t parse the specified URI.

    • -

      HTTP Status Code: 400 Bad Request

    • SOAP - Fault Code Prefix: Client

    • - Code: KeyTooLongError

    • Description: - Your key is too long.

    • HTTP Status Code: 400 - Bad Request

    • SOAP Fault Code Prefix: Client

      -

    • Code: MalformedACLError

      -

    • Description: The XML you provided was not well-formed - or did not validate against our published schema.

    • - HTTP Status Code: 400 Bad Request

    • SOAP - Fault Code Prefix: Client

    • - Code: MalformedPOSTRequest

    • Description: - The body of your POST request is not well-formed multipart/form-data.

      -

    • HTTP Status Code: 400 Bad Request

    • -

      SOAP Fault Code Prefix: Client

  • -

    • Code: MalformedXML

    • Description: - This happens when the user sends malformed XML (XML that doesn''t conform - to the published XSD) for the configuration. The error message is, "The - XML you provided was not well-formed or did not validate against our - published schema."

    • HTTP Status Code: 400 - Bad Request

    • SOAP Fault Code Prefix: Client

      -

    • Code: MaxMessageLengthExceeded

      -

    • Description: Your request was too big.

      • -

    • HTTP Status Code: 400 Bad Request

    • - SOAP Fault Code Prefix: Client

    • -

    • Code: MaxPostPreDataLengthExceededError

    • -

      Description: Your POST request fields preceding the upload - file were too large.

    • HTTP Status Code: 400 - Bad Request

    • SOAP Fault Code Prefix: Client

      -

    • Code: MetadataTooLarge

      -

    • Description: Your metadata headers exceed the - maximum allowed metadata size.

    • HTTP Status Code: - 400 Bad Request

    • SOAP Fault Code Prefix: Client

      -

    • Code: MethodNotAllowed

      -

    • Description: The specified method is not allowed - against this resource.

    • HTTP Status Code: 405 - Method Not Allowed

    • SOAP Fault Code Prefix: - Client

    • Code: MissingAttachment

      -

    • Description: A SOAP attachment was expected, but - none were found.

    • HTTP Status Code: N/A

      -

    • SOAP Fault Code Prefix: Client

    -

    • Code: MissingContentLength

      • -

    • Description: You must provide the Content-Length HTTP - header.

    • HTTP Status Code: 411 Length Required

      -

    • SOAP Fault Code Prefix: Client

    -

    • Code: MissingRequestBodyError

      • -

    • Description: This happens when the user sends an empty - XML document as a request. The error message is, "Request body is empty." -

    • HTTP Status Code: 400 Bad Request

      • -

    • SOAP Fault Code Prefix: Client

    • -

    • Code: MissingSecurityElement

    • -

      Description: The SOAP 1.1 request is missing a security element.

      -

    • HTTP Status Code: 400 Bad Request

    • -

      SOAP Fault Code Prefix: Client

  • -

    • Code: MissingSecurityHeader

    • - Description: Your request is missing a required header.

      • -

    • HTTP Status Code: 400 Bad Request

    • - SOAP Fault Code Prefix: Client

    • -

    • Code: NoLoggingStatusForKey

    • Description: - There is no such thing as a logging status subresource for a key.

      -

    • HTTP Status Code: 400 Bad Request

    • -

      SOAP Fault Code Prefix: Client

  • -

    • Code: NoSuchBucket

    • Description: - The specified bucket does not exist.

    • HTTP Status - Code: 404 Not Found

    • SOAP Fault Code Prefix: - Client

    • Code: NoSuchBucketPolicy

      -

    • Description: The specified bucket does not have - a bucket policy.

    • HTTP Status Code: 404 Not - Found

    • SOAP Fault Code Prefix: Client

      • -

    • Code: NoSuchKey

    • -

      Description: The specified key does not exist.

      • -

    • HTTP Status Code: 404 Not Found

    • SOAP - Fault Code Prefix: Client

    • - Code: NoSuchLifecycleConfiguration

    • Description: - The lifecycle configuration does not exist.

    • HTTP - Status Code: 404 Not Found

    • SOAP Fault Code - Prefix: Client

    • Code: - NoSuchUpload

    • Description: The specified multipart - upload does not exist. The upload ID might be invalid, or the multipart - upload might have been aborted or completed.

    • HTTP - Status Code: 404 Not Found

    • SOAP Fault Code - Prefix: Client

    • Code: - NoSuchVersion

    • Description: Indicates that - the version ID specified in the request does not match an existing version.

      -

    • HTTP Status Code: 404 Not Found

    • -

      SOAP Fault Code Prefix: Client

  • -

    • Code: NotImplemented

    • Description: - A header you provided implies functionality that is not implemented.

      -

    • HTTP Status Code: 501 Not Implemented

      • -

    • SOAP Fault Code Prefix: Server

    • -

    • Code: NotSignedUp

    • Description: - Your account is not signed up for the Amazon S3 service. You must sign - up before you can use Amazon S3. You can sign up at the following URL: - Amazon S3

    • - HTTP Status Code: 403 Forbidden

    • SOAP Fault - Code Prefix: Client

    • Code: - OperationAborted

    • Description: A conflicting - conditional action is currently in progress against this resource. Try - again.

    • HTTP Status Code: 409 Conflict

      -

    • SOAP Fault Code Prefix: Client

    -

    • Code: PermanentRedirect

    • -

      Description: The bucket you are attempting to access must - be addressed using the specified endpoint. Send all future requests - to this endpoint.

    • HTTP Status Code: 301 Moved - Permanently

    • SOAP Fault Code Prefix: Client

      -

    • Code: PreconditionFailed

      -

    • Description: At least one of the preconditions - you specified did not hold.

    • HTTP Status Code: - 412 Precondition Failed

    • SOAP Fault Code Prefix: - Client

    • Code: Redirect

      -

    • Description: Temporary redirect.

    • -

      HTTP Status Code: 307 Moved Temporarily

    • - SOAP Fault Code Prefix: Client

    • -

    • Code: RestoreAlreadyInProgress

    • Description: - Object restore is already in progress.

    • HTTP Status - Code: 409 Conflict

    • SOAP Fault Code Prefix: - Client

    • Code: RequestIsNotMultiPartContent

      -

    • Description: Bucket POST must be of the enclosure-type - multipart/form-data.

    • HTTP Status Code: 400 - Bad Request

    • SOAP Fault Code Prefix: Client

      -

    • Code: RequestTimeout

      -

    • Description: Your socket connection to the server - was not read from or written to within the timeout period.

      • -

    • HTTP Status Code: 400 Bad Request

    • - SOAP Fault Code Prefix: Client

    • -

    • Code: RequestTimeTooSkewed

    • Description: - The difference between the request time and the server''s time is too - large.

    • HTTP Status Code: 403 Forbidden

      -

    • SOAP Fault Code Prefix: Client

    -

    • Code: RequestTorrentOfBucketError

      -

    • Description: Requesting the torrent file of a - bucket is not permitted.

    • HTTP Status Code: - 400 Bad Request

    • SOAP Fault Code Prefix: Client

      -

    • Code: SignatureDoesNotMatch

      -

    • Description: The request signature we calculated - does not match the signature you provided. Check your Amazon Web Services - secret access key and signing method. For more information, see REST - Authentication and SOAP - Authentication for details.

    • HTTP Status Code: - 403 Forbidden

    • SOAP Fault Code Prefix: Client

      -

    • Code: ServiceUnavailable

      -

    • Description: Reduce your request rate.

      • -

    • HTTP Status Code: 503 Service Unavailable

      • -

    • SOAP Fault Code Prefix: Server

    • -

    • Code: SlowDown

    • Description: - Reduce your request rate.

    • HTTP Status Code: - 503 Slow Down

    • SOAP Fault Code Prefix: Server

      -

    • Code: TemporaryRedirect

      -

    • Description: You are being redirected to the bucket - while DNS updates.

    • HTTP Status Code: 307 Moved - Temporarily

    • SOAP Fault Code Prefix: Client

      -

    • Code: TokenRefreshRequired

      -

    • Description: The provided token must be refreshed.

      -

    • HTTP Status Code: 400 Bad Request

    • -

      SOAP Fault Code Prefix: Client

  • -

    • Code: TooManyBuckets

    • Description: - You have attempted to create more buckets than allowed.

    • -

      HTTP Status Code: 400 Bad Request

    • SOAP - Fault Code Prefix: Client

    • - Code: UnexpectedContent

    • Description: - This request does not support content.

    • HTTP Status - Code: 400 Bad Request

    • SOAP Fault Code Prefix: - Client

    • Code: UnresolvableGrantByEmailAddress

      -

    • Description: The email address you provided does - not match any account on record.

    • HTTP Status Code: - 400 Bad Request

    • SOAP Fault Code Prefix: Client

      -

    • Code: UserKeyMustBeSpecified

      -

    • Description: The bucket POST must contain the - specified field name. If it is specified, check the order of the fields.

      -

    • HTTP Status Code: 400 Bad Request

    • -

      SOAP Fault Code Prefix: Client

-

' - Key: - allOf: - - $ref: '#/components/schemas/ObjectKey' - - description: The error key. - Message: - allOf: - - $ref: '#/components/schemas/Message' - - description: The error message contains a generic description of the error - condition in English. It is intended for a human audience. Simple programs - display the message directly to the end user if they encounter an error - condition they don't know how or don't care to handle. Sophisticated - programs with more exhaustive error handling and proper internationalization - are more likely to ignore the error message. - VersionId: - allOf: - - $ref: '#/components/schemas/ObjectVersionId' - - description: The version ID of the error. + EventThreshold: + $ref: '#/components/schemas/ReplicationTimeValue' + description: A container specifying the time threshold for emitting the ``s3:Replication:OperationMissedThreshold`` event. + Status: + type: string + enum: + - Disabled + - Enabled + description: Specifies whether the replication metrics are enabled. + required: + - Status + description: A container specifying replication metrics-related settings enabling replication metrics and events. + ReplicationTimeValue: type: object - ErrorCode: - type: string - ErrorDocument: - description: The error information. + additionalProperties: false properties: - Key: - allOf: - - $ref: '#/components/schemas/ObjectKey' - - description:

The object key name to use when a 4XX class error occurs.

-

Replacement must be made for object keys containing special - characters (such as carriage returns) when using XML requests. For more - information, see - XML related object key constraints.

 + Minutes: + type: integer + description: |- + Contains an integer specifying time in minutes. + Valid value: 15 required: - - Key - type: object - ErrorMessage: - type: string - Errors: - items: - $ref: '#/components/schemas/Error' - type: array - xml: - wrapped: false - Event: - description: The bucket event for which to send notifications. - enum: - - s3:ReducedRedundancyLostObject - - s3:ObjectCreated:* - - s3:ObjectCreated:Put - - s3:ObjectCreated:Post - - s3:ObjectCreated:Copy - - s3:ObjectCreated:CompleteMultipartUpload - - s3:ObjectRemoved:* - - s3:ObjectRemoved:Delete - - s3:ObjectRemoved:DeleteMarkerCreated - - s3:ObjectRestore:* - - s3:ObjectRestore:Post - - s3:ObjectRestore:Completed - - s3:Replication:* - - s3:Replication:OperationFailedReplication - - s3:Replication:OperationNotTracked - - s3:Replication:OperationMissedThreshold - - s3:Replication:OperationReplicatedAfterThreshold - - s3:ObjectRestore:Delete - - s3:LifecycleTransition - - s3:IntelligentTiering - - s3:ObjectAcl:Put - - s3:LifecycleExpiration:* - - s3:LifecycleExpiration:Delete - - s3:LifecycleExpiration:DeleteMarkerCreated - - s3:ObjectTagging:* - - s3:ObjectTagging:Put - - s3:ObjectTagging:Delete - type: string - EventBridgeConfiguration: - description: A container for specifying the configuration for Amazon EventBridge. - properties: {} + - Minutes + description: A container specifying the time value for S3 Replication Time Control (S3 RTC) and replication metrics ``EventThreshold``. + ReplicationTime: type: object - EventList: - items: - $ref: '#/components/schemas/Event' - type: array - xml: - wrapped: false - ExistingObjectReplication: - description: 'Optional configuration to replicate existing source bucket objects. - For more information, see Replicating - Existing Objects in the Amazon S3 User Guide. ' + additionalProperties: false properties: Status: - allOf: - - $ref: '#/components/schemas/ExistingObjectReplicationStatus' - - description:

+ type: string + enum: + - Disabled + - Enabled + description: Specifies whether the replication time is enabled. + Time: + $ref: '#/components/schemas/ReplicationTimeValue' + description: A container specifying the time by which replication should be complete for all objects and operations on objects. required: - - Status + - Status + - Time + description: A container specifying S3 Replication Time Control (S3 RTC) related information, including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. Must be specified together with a ``Metrics`` block. + ReplicationRuleFilter: type: object - ExistingObjectReplicationStatus: - enum: - - Enabled - - Disabled - type: string - Expiration: - type: string - ExpirationStatus: - enum: - - Enabled - - Disabled - type: string - ExpiredObjectDeleteMarker: - type: boolean - Expires: - format: date-time - type: string - ExposeHeader: - type: string - ExposeHeaders: - items: - $ref: '#/components/schemas/ExposeHeader' - type: array - xml: - wrapped: false - Expression: - type: string - ExpressionType: - enum: - - SQL - type: string - FetchOwner: - type: boolean - FieldDelimiter: - type: string - FileHeaderInfo: - enum: - - USE - - IGNORE - - NONE - type: string - FilterRule: - description: Specifies the Amazon S3 object key name to filter on and whether - to filter on the suffix or prefix of the key name. + additionalProperties: false properties: - Name: - allOf: - - $ref: '#/components/schemas/FilterRuleName' - - description: The object key name prefix or suffix identifying one or more - objects to which the filtering rule applies. The maximum length is 1,024 - characters. Overlapping prefixes and suffixes are not supported. For - more information, see Configuring - Event Notifications in the Amazon S3 User Guide. - Value: - allOf: - - $ref: '#/components/schemas/FilterRuleValue' - - description: The value that the filter searches for in object key names. + And: + $ref: '#/components/schemas/ReplicationRuleAndOperator' + description: |- + A container for specifying rule filters. The filters determine the subset of objects to which the rule applies. This element is required only if you specify more than one filter. For example: + + If you specify both a ``Prefix`` and a ``TagFilter``, wrap these filters in an ``And`` tag. + + If you specify a filter based on multiple tags, wrap the ``TagFilter`` elements in an ``And`` tag. + Prefix: + type: string + description: |- + An object key name prefix that identifies the subset of objects to which the rule applies. + Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). + TagFilter: + $ref: '#/components/schemas/TagFilter' + description: |- + A container for specifying a tag key and value. + The rule applies only to objects that have the tag in their tag set. + description: A filter that identifies the subset of objects to which the replication rule applies. A ``Filter`` must specify exactly one ``Prefix``, ``TagFilter``, or an ``And`` child element. + ReplicationRuleAndOperator: type: object - FilterRuleList: - description: A list of containers for the key-value pair that defines the criteria - for the filter rule. - items: - $ref: '#/components/schemas/FilterRule' - type: array - xml: - wrapped: false - FilterRuleName: - enum: - - prefix - - suffix - type: string - FilterRuleValue: - type: string - GetBucketAccelerateConfigurationOutput: + additionalProperties: false properties: - Status: - allOf: - - $ref: '#/components/schemas/BucketAccelerateStatus' - - description: The accelerate configuration of the bucket. - type: object - GetBucketAccelerateConfigurationRequest: - properties: {} - required: - - Bucket - title: GetBucketAccelerateConfigurationRequest + Prefix: + type: string + description: An object key name prefix that identifies the subset of objects to which the rule applies. + TagFilters: + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/TagFilter' + description: An array of tags containing key and value pairs. + description: |- + A container for specifying rule filters. The filters determine the subset of objects to which the rule applies. This element is required only if you specify more than one filter. + For example: + + If you specify both a ``Prefix`` and a ``TagFilter``, wrap these filters in an ``And`` tag. + + If you specify a filter based on multiple tags, wrap the ``TagFilter`` elements in an ``And`` tag + SourceSelectionCriteria: + description: A container that describes additional filters for identifying the source objects that you want to replicate. You can choose to enable or disable the replication of these objects. type: object - GetBucketAclOutput: + additionalProperties: false properties: - AccessControlList: - allOf: - - $ref: '#/components/schemas/Grants' - - description: A list of grants. - Owner: - allOf: - - $ref: '#/components/schemas/Owner' - - description: Container for the bucket owner's display name and ID. - type: object - GetBucketAclRequest: - properties: {} - required: - - Bucket - title: GetBucketAclRequest + ReplicaModifications: + description: A filter that you can specify for selection for modifications on replicas. + $ref: '#/components/schemas/ReplicaModifications' + SseKmsEncryptedObjects: + description: A container for filter information for the selection of Amazon S3 objects encrypted with AWS KMS. + $ref: '#/components/schemas/SseKmsEncryptedObjects' + ReplicaModifications: type: object - GetBucketAnalyticsConfigurationOutput: + additionalProperties: false properties: - AnalyticsConfiguration: - allOf: - - $ref: '#/components/schemas/AnalyticsConfiguration' - - description: The configuration and any analyses for the analytics filter. - type: object - GetBucketAnalyticsConfigurationRequest: - properties: {} + Status: + description: |- + Specifies whether Amazon S3 replicates modifications on replicas. + *Allowed values*: ``Enabled`` | ``Disabled`` + type: string + enum: + - Enabled + - Disabled required: - - Bucket - - Id - title: GetBucketAnalyticsConfigurationRequest + - Status + description: A filter that you can specify for selection for modifications on replicas. + SseKmsEncryptedObjects: type: object - GetBucketCorsOutput: - example: - CORSRules: - - AllowedHeaders: - - Authorization - AllowedMethods: - - GET - AllowedOrigins: - - '*' - MaxAgeSeconds: 3000 + description: A container for filter information for the selection of S3 objects encrypted with AWS KMS. + additionalProperties: false properties: - CORSRule: - allOf: - - $ref: '#/components/schemas/CORSRules' - - description: A set of origins and methods (cross-origin access that you - want to allow). You can add up to 100 rules to the configuration. - type: object - GetBucketCorsRequest: - properties: {} + Status: + description: Specifies whether Amazon S3 replicates objects created with server-side encryption using an AWS KMS key stored in AWS Key Management Service. + type: string + enum: + - Disabled + - Enabled required: - - Bucket - title: GetBucketCorsRequest + - Status + VersioningConfiguration: + description: Describes the versioning state of an Amazon S3 bucket. For more information, see [PUT Bucket versioning](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html) in the *Amazon S3 API Reference*. type: object - GetBucketEncryptionOutput: + additionalProperties: false properties: - ServerSideEncryptionConfiguration: - $ref: '#/components/schemas/ServerSideEncryptionConfiguration' - type: object - GetBucketEncryptionRequest: - properties: {} + Status: + description: The versioning state of the bucket. + type: string + default: Suspended + enum: + - Enabled + - Suspended required: - - Bucket - title: GetBucketEncryptionRequest + - Status + WebsiteConfiguration: type: object - GetBucketIntelligentTieringConfigurationOutput: + description: Specifies website configuration parameters for an Amazon S3 bucket. + additionalProperties: false properties: - IntelligentTieringConfiguration: - allOf: - - $ref: '#/components/schemas/IntelligentTieringConfiguration' - - description: Container for S3 Intelligent-Tiering configuration. - type: object - GetBucketIntelligentTieringConfigurationRequest: - properties: {} - required: - - Bucket - - Id - title: GetBucketIntelligentTieringConfigurationRequest + ErrorDocument: + description: The name of the error document for the website. + type: string + IndexDocument: + description: The name of the index document for the website. + type: string + RoutingRules: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/RoutingRule' + description: Rules that define when a redirect is applied and the redirect behavior. + RedirectAllRequestsTo: + $ref: '#/components/schemas/RedirectAllRequestsTo' + description: |- + The redirect behavior for every request to this bucket's website endpoint. + If you specify this property, you can't specify any other property. + RoutingRule: + description: Specifies the redirect behavior and when a redirect is applied. For more information about routing rules, see [Configuring advanced conditional redirects](https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects) in the *Amazon S3 User Guide*. type: object - GetBucketInventoryConfigurationOutput: + additionalProperties: false properties: - InventoryConfiguration: - allOf: - - $ref: '#/components/schemas/InventoryConfiguration' - - description: Specifies the inventory configuration. - type: object - GetBucketInventoryConfigurationRequest: - properties: {} + RedirectRule: + description: Container for redirect information. You can redirect requests to another host, to another page, or with another protocol. In the event of an error, you can specify a different error code to return. + $ref: '#/components/schemas/RedirectRule' + RoutingRuleCondition: + $ref: '#/components/schemas/RoutingRuleCondition' + description: A container for describing a condition that must be met for the specified redirect to apply. For example, 1. If request is for pages in the ``/docs`` folder, redirect to the ``/documents`` folder. 2. If request results in HTTP error 4xx, redirect request to another host where you might process the error. required: - - Bucket - - Id - title: GetBucketInventoryConfigurationRequest + - RedirectRule + RedirectRule: type: object - GetBucketLifecycleConfigurationOutput: - example: - Rules: - - ID: Rule for TaxDocs/ - Prefix: TaxDocs - Status: Enabled - Transitions: - - Days: 365 - StorageClass: STANDARD_IA + description: Specifies how requests are redirected. In the event of an error, you can specify a different error code to return. + additionalProperties: false properties: - Rule: - allOf: - - $ref: '#/components/schemas/LifecycleRules' - - description: Container for a lifecycle rule. - type: object - GetBucketLifecycleConfigurationRequest: - properties: {} - required: - - Bucket - title: GetBucketLifecycleConfigurationRequest + HostName: + description: The host name to use in the redirect request. + type: string + HttpRedirectCode: + description: The HTTP redirect code to use on the response. Not required if one of the siblings is present. + type: string + Protocol: + description: Protocol to use when redirecting requests. The default is the protocol that is used in the original request. + enum: + - http + - https + type: string + ReplaceKeyPrefixWith: + description: |- + The object key prefix to use in the redirect request. For example, to redirect requests for all pages with prefix ``docs/`` (objects in the ``docs/`` folder) to ``documents/``, you can set a condition block with ``KeyPrefixEquals`` set to ``docs/`` and in the Redirect set ``ReplaceKeyPrefixWith`` to ``/documents``. Not required if one of the siblings is present. Can be present only if ``ReplaceKeyWith`` is not provided. + Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). + type: string + ReplaceKeyWith: + description: |- + The specific object key to use in the redirect request. For example, redirect request to ``error.html``. Not required if one of the siblings is present. Can be present only if ``ReplaceKeyPrefixWith`` is not provided. + Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). + type: string + RoutingRuleCondition: + description: A container for describing a condition that must be met for the specified redirect to apply. For example, 1. If request is for pages in the ``/docs`` folder, redirect to the ``/documents`` folder. 2. If request results in HTTP error 4xx, redirect request to another host where you might process the error. type: object - GetBucketLifecycleOutput: - example: - Rules: - - Expiration: - Days: 1 - ID: delete logs - Prefix: 123/ - Status: Enabled + additionalProperties: false properties: - Rule: - allOf: - - $ref: '#/components/schemas/Rules' - - description: Container for a lifecycle rule. - type: object - GetBucketLifecycleRequest: - properties: {} - required: - - Bucket - title: GetBucketLifecycleRequest + KeyPrefixEquals: + description: |- + The object key name prefix when the redirect is applied. For example, to redirect requests for ``ExamplePage.html``, the key prefix will be ``ExamplePage.html``. To redirect request for all pages with the prefix ``docs/``, the key prefix will be ``/docs``, which identifies all objects in the docs/ folder. + Required when the parent element ``Condition`` is specified and sibling ``HttpErrorCodeReturnedEquals`` is not specified. If both conditions are specified, both must be true for the redirect to be applied. + type: string + HttpErrorCodeReturnedEquals: + description: |- + The HTTP error code when the redirect is applied. In the event of an error, if the error code equals this value, then the specified redirect is applied. + Required when parent element ``Condition`` is specified and sibling ``KeyPrefixEquals`` is not specified. If both are specified, then both must be true for the redirect to be applied. + type: string + RedirectAllRequestsTo: + description: Specifies the redirect behavior of all requests to a website endpoint of an Amazon S3 bucket. type: object - GetBucketLocationOutput: - example: - LocationConstraint: us-west-2 + additionalProperties: false properties: - LocationConstraint: - allOf: - - $ref: '#/components/schemas/BucketLocationConstraint' - - description: Specifies the Region where the bucket resides. For a list - of all the Amazon S3 supported location constraints by Region, see Regions - and Endpoints. Buckets in Region us-east-1 have a LocationConstraint - of null. - type: object - GetBucketLocationRequest: - properties: {} + HostName: + description: Name of the host where requests are redirected. + type: string + Protocol: + description: Protocol to use when redirecting requests. The default is the protocol that is used in the original request. + type: string + enum: + - http + - https required: - - Bucket - title: GetBucketLocationRequest + - HostName + Bucket: type: object - GetBucketLoggingOutput: properties: - LoggingEnabled: - $ref: '#/components/schemas/LoggingEnabled' - type: object - GetBucketLoggingRequest: - properties: {} - required: - - Bucket - title: GetBucketLoggingRequest + AccelerateConfiguration: + $ref: '#/components/schemas/AccelerateConfiguration' + description: Configures the transfer acceleration state for an Amazon S3 bucket. For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide*. + AccessControl: + description: |- + This is a legacy property, and it is not recommended for most use cases. A majority of modern use cases in Amazon S3 no longer require the use of ACLs, and we recommend that you keep ACLs disabled. For more information, see [Controlling object ownership](https://docs.aws.amazon.com//AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide*. + A canned access control list (ACL) that grants predefined permissions to the bucket. For more information about canned ACLs, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) in the *Amazon S3 User Guide*. + S3 buckets are created with ACLs disabled by default. Therefore, unless you explicitly set the [AWS::S3::OwnershipControls](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ownershipcontrols.html) property to enable ACLs, your resource will fail to deploy with any value other than Private. Use cases requiring ACLs are uncommon. + The majority of access control configurations can be successfully and more easily achieved with bucket policies. For more information, see [AWS::S3::BucketPolicy](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html). For examples of common policy configurations, including S3 Server Access Logs buckets and more, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) in the *Amazon S3 User Guide*. + enum: + - AuthenticatedRead + - AwsExecRead + - BucketOwnerFullControl + - BucketOwnerRead + - LogDeliveryWrite + - Private + - PublicRead + - PublicReadWrite + type: string + AnalyticsConfigurations: + description: Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket. + items: + $ref: '#/components/schemas/AnalyticsConfiguration' + type: array + uniqueItems: true + x-insertionOrder: true + BucketEncryption: + $ref: '#/components/schemas/BucketEncryption' + description: Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide*. + BucketName: + description: >- + A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow [Amazon S3 bucket restrictions and limitations](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html). For more information, see [Rules for naming Amazon S3 + buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules) in the *Amazon S3 User Guide*. + If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name. + type: string + CorsConfiguration: + $ref: '#/components/schemas/CorsConfiguration' + description: Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide*. + IntelligentTieringConfigurations: + description: Defines how Amazon S3 handles Intelligent-Tiering storage. + items: + $ref: '#/components/schemas/IntelligentTieringConfiguration' + type: array + uniqueItems: true + x-insertionOrder: true + InventoryConfigurations: + description: Specifies the inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference*. + items: + $ref: '#/components/schemas/InventoryConfiguration' + type: array + uniqueItems: true + x-insertionOrder: true + LifecycleConfiguration: + $ref: '#/components/schemas/LifecycleConfiguration' + description: Specifies the lifecycle configuration for objects in an Amazon S3 bucket. For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide*. + LoggingConfiguration: + $ref: '#/components/schemas/LoggingConfiguration' + description: Settings that define where logs are stored. + MetricsConfigurations: + description: Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html). + items: + $ref: '#/components/schemas/MetricsConfiguration' + type: array + uniqueItems: true + x-insertionOrder: true + NotificationConfiguration: + $ref: '#/components/schemas/NotificationConfiguration' + description: Configuration that defines how Amazon S3 handles bucket notifications. + ObjectLockConfiguration: + $ref: '#/components/schemas/ObjectLockConfiguration' + description: |- + This operation is not supported by directory buckets. + Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + + The ``DefaultRetention`` settings require both a mode and a period. + + The ``DefaultRetention`` period can be either ``Days`` or ``Years`` but you must select one. You cannot specify ``Days`` and ``Years`` at the same time. + + You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html). + ObjectLockEnabled: + description: Indicates whether this bucket has an Object Lock configuration enabled. Enable ``ObjectLockEnabled`` when you apply ``ObjectLockConfiguration`` to a bucket. + type: boolean + OwnershipControls: + description: Configuration that defines how Amazon S3 handles Object Ownership rules. + $ref: '#/components/schemas/OwnershipControls' + PublicAccessBlockConfiguration: + $ref: '#/components/schemas/PublicAccessBlockConfiguration' + description: Configuration that defines how Amazon S3 handles public access. + ReplicationConfiguration: + $ref: '#/components/schemas/ReplicationConfiguration' + description: |- + Configuration for replicating objects in an S3 bucket. To enable replication, you must also enable versioning by using the ``VersioningConfiguration`` property. + Amazon S3 can store replicated objects in a single destination bucket or multiple destination buckets. The destination bucket or buckets must already exist. + Tags: + description: An arbitrary set of tags (key-value pairs) for this S3 bucket. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + type: array + VersioningConfiguration: + $ref: '#/components/schemas/VersioningConfiguration' + description: Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them. + WebsiteConfiguration: + $ref: '#/components/schemas/WebsiteConfiguration' + description: Information used to configure the bucket as a static website. For more information, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). + Arn: + $ref: '#/components/schemas/Arn' + description: '' + x-examples: + - arn:aws:s3:::mybucket + DomainName: + description: '' + x-examples: + - mystack-mybucket-kdwwxmddtr2g.s3.amazonaws.com + type: string + DualStackDomainName: + description: '' + x-examples: + - mystack-mybucket-kdwwxmddtr2g.s3.dualstack.us-east-2.amazonaws.com + type: string + RegionalDomainName: + description: '' + x-examples: + - mystack-mybucket-kdwwxmddtr2g.s3.us-east-2.amazonaws.com + type: string + WebsiteURL: + description: '' + x-examples: + - 'Example (IPv4): http://mystack-mybucket-kdwwxmddtr2g.s3-website-us-east-2.amazonaws.com/' + - 'Example (IPv6): http://mystack-mybucket-kdwwxmddtr2g.s3.dualstack.us-east-2.amazonaws.com/' + format: uri + type: string + x-stackql-resource-name: bucket + description: |- + The ``AWS::S3::Bucket`` resource creates an Amazon S3 bucket in the same AWS Region where you create the AWS CloudFormation stack. + To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html). + You can only delete empty buckets. Deletion fails for buckets that have contents. + x-type-name: AWS::S3::Bucket + x-stackql-primary-identifier: + - BucketName + x-create-only-properties: + - BucketName + x-write-only-properties: + - AccessControl + - LifecycleConfiguration/Rules/*/NoncurrentVersionExpirationInDays + - LifecycleConfiguration/Rules/*/NoncurrentVersionTransition + - LifecycleConfiguration/Rules/*/Transition + - ReplicationConfiguration/Rules/*/Prefix + - LifecycleConfiguration/Rules/*/ExpiredObjectDeleteMarker + x-read-only-properties: + - Arn + - DomainName + - DualStackDomainName + - RegionalDomainName + - WebsiteURL + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - s3:CreateBucket + - s3:PutBucketTagging + - s3:PutAnalyticsConfiguration + - s3:PutEncryptionConfiguration + - s3:PutBucketCORS + - s3:PutInventoryConfiguration + - s3:PutLifecycleConfiguration + - s3:PutMetricsConfiguration + - s3:PutBucketNotification + - s3:PutBucketReplication + - s3:PutBucketWebsite + - s3:PutAccelerateConfiguration + - s3:PutBucketPublicAccessBlock + - s3:PutReplicationConfiguration + - s3:PutObjectAcl + - s3:PutBucketObjectLockConfiguration + - s3:GetBucketAcl + - s3:ListBucket + - iam:PassRole + - s3:DeleteObject + - s3:PutBucketLogging + - s3:PutBucketVersioning + - s3:PutObjectLockConfiguration + - s3:PutBucketOwnershipControls + - s3:PutIntelligentTieringConfiguration + read: + - s3:GetAccelerateConfiguration + - s3:GetLifecycleConfiguration + - s3:GetBucketPublicAccessBlock + - s3:GetAnalyticsConfiguration + - s3:GetBucketCORS + - s3:GetEncryptionConfiguration + - s3:GetInventoryConfiguration + - s3:GetBucketLogging + - s3:GetMetricsConfiguration + - s3:GetBucketNotification + - s3:GetBucketVersioning + - s3:GetReplicationConfiguration + - S3:GetBucketWebsite + - s3:GetBucketPublicAccessBlock + - s3:GetBucketObjectLockConfiguration + - s3:GetBucketTagging + - s3:GetBucketOwnershipControls + - s3:GetIntelligentTieringConfiguration + - s3:ListBucket + update: + - s3:PutBucketAcl + - s3:PutBucketTagging + - s3:PutAnalyticsConfiguration + - s3:PutEncryptionConfiguration + - s3:PutBucketCORS + - s3:PutInventoryConfiguration + - s3:PutLifecycleConfiguration + - s3:PutMetricsConfiguration + - s3:PutBucketNotification + - s3:PutBucketReplication + - s3:PutBucketWebsite + - s3:PutAccelerateConfiguration + - s3:PutBucketPublicAccessBlock + - s3:PutReplicationConfiguration + - s3:PutBucketOwnershipControls + - s3:PutIntelligentTieringConfiguration + - s3:DeleteBucketWebsite + - s3:PutBucketLogging + - s3:PutBucketVersioning + - s3:PutObjectLockConfiguration + - s3:PutBucketObjectLockConfiguration + - s3:DeleteBucketAnalyticsConfiguration + - s3:DeleteBucketCors + - s3:DeleteBucketMetricsConfiguration + - s3:DeleteBucketEncryption + - s3:DeleteBucketLifecycle + - s3:DeleteBucketReplication + - iam:PassRole + - s3:ListBucket + delete: + - s3:DeleteBucket + - s3:ListBucket + list: + - s3:ListAllMyBuckets + BucketPolicy: type: object - GetBucketMetricsConfigurationOutput: properties: - MetricsConfiguration: - allOf: - - $ref: '#/components/schemas/MetricsConfiguration' - - description: Specifies the metrics configuration. - type: object - GetBucketMetricsConfigurationRequest: - properties: {} - required: - - Bucket - - Id - title: GetBucketMetricsConfigurationRequest - type: object - GetBucketNotificationConfigurationRequest: - properties: {} - required: - - Bucket - title: GetBucketNotificationConfigurationRequest + Bucket: + description: The name of the Amazon S3 bucket to which the policy applies. + type: string + PolicyDocument: + description: >- + A policy document containing permissions to add to the specified bucket. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. For more information, see the AWS::IAM::Policy [PolicyDocument](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument) resource + description in this guide and [Access Policy Language Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html) in the *Amazon S3 User Guide*. + type: object + required: + - Bucket + - PolicyDocument + x-stackql-resource-name: bucket_policy + description: |- + Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the AWS-account that owns the bucket, the calling identity must have the ``PutBucketPolicy`` permissions on the specified bucket and belong to the bucket owner's account in order to use this operation. + If you don't have ``PutBucketPolicy`` permissions, Amazon S3 returns a ``403 Access Denied`` error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a ``405 Method Not Allowed`` error. + As a security precaution, the root user of the AWS-account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action. + For more information, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html). + The following operations are related to ``PutBucketPolicy``: + + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) + + [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) + x-type-name: AWS::S3::BucketPolicy + x-stackql-primary-identifier: + - Bucket + x-create-only-properties: + - Bucket + x-required-properties: + - Bucket + - PolicyDocument + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + read: + - s3:GetBucketPolicy + create: + - s3:GetBucketPolicy + - s3:PutBucketPolicy + update: + - s3:GetBucketPolicy + - s3:PutBucketPolicy + list: + - s3:GetBucketPolicy + - s3:ListAllMyBuckets + delete: + - s3:GetBucketPolicy + - s3:DeleteBucketPolicy + Region: type: object - GetBucketOwnershipControlsOutput: properties: - OwnershipControls: - allOf: - - $ref: '#/components/schemas/OwnershipControls' - - description: The OwnershipControls (BucketOwnerEnforced, - BucketOwnerPreferred, or ObjectWriter) currently in effect for this - Amazon S3 bucket. - type: object - GetBucketOwnershipControlsRequest: - properties: {} + Bucket: + type: string + minLength: 3 + maxLength: 63 + pattern: ^[a-z0-9][a-z0-9//.//-]*[a-z0-9]$ + x-relationshipRef: + typeName: AWS::S3::Bucket + propertyPath: /properties/BucketName + BucketAccountId: + type: string + minLength: 12 + maxLength: 12 + pattern: ^[0-9]{12}$ required: - - Bucket - title: GetBucketOwnershipControlsRequest + - Bucket + additionalProperties: false + MultiRegionAccessPoint: type: object - GetBucketPolicyOutput: - example: - Policy: '{"Version":"2008-10-17","Id":"LogPolicy","Statement":[{"Sid":"Enables - the log delivery group to publish logs to your bucket ","Effect":"Allow","Principal":{"AWS":"111122223333"},"Action":["s3:GetBucketAcl","s3:GetObjectAcl","s3:PutObject"],"Resource":["arn:aws:s3:::policytest1/*","arn:aws:s3:::policytest1"]}]}' properties: - Policy: - allOf: - - $ref: '#/components/schemas/Policy' - - description: The bucket policy as a JSON document. - type: object - GetBucketPolicyRequest: - properties: {} - required: - - Bucket - title: GetBucketPolicyRequest + Name: + description: The name you want to assign to this Multi Region Access Point. + type: string + pattern: ^[a-z0-9][-a-z0-9]{1,48}[a-z0-9]$ + minLength: 3 + maxLength: 50 + Alias: + description: The alias is a unique identifier to, and is part of the public DNS name for this Multi Region Access Point + type: string + CreatedAt: + description: The timestamp of the when the Multi Region Access Point is created + type: string + PublicAccessBlockConfiguration: + description: The PublicAccessBlock configuration that you want to apply to this Multi Region Access Point. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status 'The Meaning of Public' in the Amazon Simple Storage Service Developer Guide. + $ref: '#/components/schemas/PublicAccessBlockConfiguration' + Regions: + description: The list of buckets that you want to associate this Multi Region Access Point with. + type: array + uniqueItems: true + minItems: 1 + items: + description: The name of the bucket that represents of the region belonging to this Multi Region Access Point. + $ref: '#/components/schemas/Region' + required: + - Regions + x-stackql-resource-name: multi_region_access_point + description: AWS::S3::MultiRegionAccessPoint is an Amazon S3 resource type that dynamically routes S3 requests to easily satisfy geographic compliance requirements based on customer-defined routing policies. + x-type-name: AWS::S3::MultiRegionAccessPoint + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - PublicAccessBlockConfiguration + - Regions + x-read-only-properties: + - Alias + - CreatedAt + x-required-properties: + - Regions + x-required-permissions: + create: + - s3:CreateMultiRegionAccessPoint + - s3:DescribeMultiRegionAccessPointOperation + - s3:GetMultiRegionAccessPoint + read: + - s3:GetMultiRegionAccessPoint + delete: + - s3:DeleteMultiRegionAccessPoint + - s3:DescribeMultiRegionAccessPointOperation + - s3:GetMultiRegionAccessPoint + list: + - s3:ListMultiRegionAccessPoints + MultiRegionAccessPointPolicy: type: object - GetBucketPolicyStatusOutput: properties: + MrapName: + description: The name of the Multi Region Access Point to apply policy + type: string + pattern: ^[a-z0-9][-a-z0-9]{1,48}[a-z0-9]$ + minLength: 3 + maxLength: 50 + Policy: + description: Policy document to apply to a Multi Region Access Point + type: object PolicyStatus: - allOf: - - $ref: '#/components/schemas/PolicyStatus' - - description: The policy status for the specified bucket. - type: object - GetBucketPolicyStatusRequest: - properties: {} - required: - - Bucket - title: GetBucketPolicyStatusRequest - type: object - GetBucketReplicationOutput: - example: - ReplicationConfiguration: - Role: arn:aws:iam::acct-id:role/example-role - Rules: - - Destination: - Bucket: arn:aws:s3:::destination-bucket - ID: MWIwNTkwZmItMTE3MS00ZTc3LWJkZDEtNzRmODQwYzc1OTQy - Prefix: Tax - Status: Enabled - properties: - ReplicationConfiguration: - $ref: '#/components/schemas/ReplicationConfiguration' - type: object - GetBucketReplicationRequest: - properties: {} - required: - - Bucket - title: GetBucketReplicationRequest + description: The Policy Status associated with this Multi Region Access Point + type: object + properties: + IsPublic: + type: string + description: Specifies whether the policy is public or not. + enum: + - 'true' + - 'false' + additionalProperties: false + required: + - IsPublic + required: + - Policy + - MrapName + x-stackql-resource-name: multi_region_access_point_policy + description: The policy to be attached to a Multi Region Access Point + x-type-name: AWS::S3::MultiRegionAccessPointPolicy + x-stackql-primary-identifier: + - MrapName + x-create-only-properties: + - MrapName + x-read-only-properties: + - PolicyStatus + - PolicyStatus/IsPublic + x-required-properties: + - Policy + - MrapName + x-required-permissions: + update: + - s3:PutMultiRegionAccessPointPolicy + - s3:DescribeMultiRegionAccessPointOperation + read: + - s3:GetMultiRegionAccessPointPolicy + - s3:GetMultiRegionAccessPointPolicyStatus + list: [] + delete: + - s3:GetMultiRegionAccessPointPolicy + - s3:GetMultiRegionAccessPoint + create: + - s3:PutMultiRegionAccessPointPolicy + - s3:DescribeMultiRegionAccessPointOperation + Id: + description: The ID that identifies the Amazon S3 Storage Lens configuration. + type: string + minLength: 1 + maxLength: 64 + pattern: ^[a-zA-Z0-9\-_.]+$ + BucketsAndRegions: + description: S3 buckets and Regions to include/exclude in the Amazon S3 Storage Lens configuration. type: object - GetBucketRequestPaymentOutput: - example: - Payer: BucketOwner + additionalProperties: false properties: - Payer: - allOf: - - $ref: '#/components/schemas/Payer' - - description: Specifies who pays for the download and request fees. - type: object - GetBucketRequestPaymentRequest: - properties: {} - required: - - Bucket - title: GetBucketRequestPaymentRequest + Buckets: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Arn' + Regions: + type: array + x-insertionOrder: false + uniqueItems: true + items: + type: string + description: An AWS Region. + AwsOrg: + description: The AWS Organizations ARN to use in the Amazon S3 Storage Lens configuration. type: object - GetBucketTaggingOutput: - example: - TagSet: - - Key: key1 - Value: value1 - - Key: key2 - Value: value2 + additionalProperties: false properties: - TagSet: - allOf: - - $ref: '#/components/schemas/TagSet' - - description: Contains the tag set. - required: - - TagSet - type: object - GetBucketTaggingRequest: - properties: {} + Arn: + $ref: '#/components/schemas/Arn' required: - - Bucket - title: GetBucketTaggingRequest + - Arn + ActivityMetrics: + description: Enables activity metrics. type: object - GetBucketVersioningOutput: - example: - MFADelete: Disabled - Status: Enabled + additionalProperties: false properties: - MfaDelete: - allOf: - - $ref: '#/components/schemas/MFADeleteStatus' - - description: Specifies whether MFA delete is enabled in the bucket versioning - configuration. This element is only returned if the bucket has been - configured with MFA delete. If the bucket has never been so configured, - this element is not returned. - Status: - allOf: - - $ref: '#/components/schemas/BucketVersioningStatus' - - description: The versioning state of the bucket. - type: object - GetBucketVersioningRequest: - properties: {} - required: - - Bucket - title: GetBucketVersioningRequest + IsEnabled: + description: Specifies whether activity metrics are enabled or disabled. + type: boolean + AdvancedCostOptimizationMetrics: + description: Enables advanced cost optimization metrics. type: object - GetBucketWebsiteOutput: - example: - ErrorDocument: - Key: error.html - IndexDocument: - Suffix: index.html + additionalProperties: false properties: - ErrorDocument: - allOf: - - $ref: '#/components/schemas/ErrorDocument' - - description: The object key name of the website error document to use - for 4XX class errors. - IndexDocument: - allOf: - - $ref: '#/components/schemas/IndexDocument' - - description: The name of the index document for the website (for example - index.html). - RedirectAllRequestsTo: - allOf: - - $ref: '#/components/schemas/RedirectAllRequestsTo' - - description: Specifies the redirect behavior of all requests to a website - endpoint of an Amazon S3 bucket. - RoutingRules: - allOf: - - $ref: '#/components/schemas/RoutingRules' - - description: Rules that define when a redirect is applied and the redirect - behavior. - type: object - GetBucketWebsiteRequest: - properties: {} - required: - - Bucket - title: GetBucketWebsiteRequest + IsEnabled: + description: Specifies whether advanced cost optimization metrics are enabled or disabled. + type: boolean + AdvancedDataProtectionMetrics: + description: Enables advanced data protection metrics. type: object - GetObjectAclOutput: - example: - Grants: - - Grantee: - DisplayName: owner-display-name - ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc - Type: CanonicalUser - Permission: WRITE - - Grantee: - DisplayName: owner-display-name - ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc - Type: CanonicalUser - Permission: WRITE_ACP - - Grantee: - DisplayName: owner-display-name - ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc - Type: CanonicalUser - Permission: READ - - Grantee: - DisplayName: owner-display-name - ID: 852b113eexamplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc - Type: CanonicalUser - Permission: READ_ACP - Owner: - DisplayName: owner-display-name - ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + additionalProperties: false properties: - AccessControlList: - allOf: - - $ref: '#/components/schemas/Grants' - - description: A list of grants. - Owner: - allOf: - - $ref: '#/components/schemas/Owner' - - description: ' Container for the bucket owner''s display name and ID.' - type: object - GetObjectAclRequest: - properties: {} - required: - - Bucket - - Key - title: GetObjectAclRequest + IsEnabled: + description: Specifies whether advanced data protection metrics are enabled or disabled. + type: boolean + DetailedStatusCodesMetrics: + description: Enables detailed status codes metrics. type: object - GetObjectAttributesOutput: + additionalProperties: false properties: - Checksum: - allOf: - - $ref: '#/components/schemas/Checksum' - - description: The checksum or digest of the object. - ETag: - allOf: - - $ref: '#/components/schemas/ETag' - - description: An ETag is an opaque identifier assigned by a web server - to a specific version of a resource found at a URL. - ObjectParts: - allOf: - - $ref: '#/components/schemas/GetObjectAttributesParts' - - description: A collection of parts associated with a multipart upload. - ObjectSize: - allOf: - - $ref: '#/components/schemas/ObjectSize' - - description: The size of the object in bytes. - StorageClass: - allOf: - - $ref: '#/components/schemas/StorageClass' - - description:

Provides the storage class information of the object. - Amazon S3 returns this header for all objects except for S3 Standard - storage class objects.

For more information, see Storage - Classes.

+ IsEnabled: + description: Specifies whether detailed status codes metrics are enabled or disabled. + type: boolean + SelectionCriteria: + description: Selection criteria for prefix-level metrics. type: object - GetObjectAttributesParts: - description: A collection of parts associated with a multipart upload. + additionalProperties: false properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/IsTruncated' - - description: Indicates whether the returned list of parts is truncated. - A value of true indicates that the list was truncated. - A list can be truncated if the number of parts exceeds the limit returned - in the MaxParts element. - MaxParts: - allOf: - - $ref: '#/components/schemas/MaxParts' - - description: The maximum number of parts allowed in the response. - NextPartNumberMarker: - allOf: - - $ref: '#/components/schemas/NextPartNumberMarker' - - description: When a list is truncated, this element specifies the last - part in the list, as well as the value to use for the PartNumberMarker - request parameter in a subsequent request. - Part: - allOf: - - $ref: '#/components/schemas/PartsList' - - description: A container for elements related to a particular part. A - response can contain zero or more Parts elements. - PartNumberMarker: - allOf: - - $ref: '#/components/schemas/PartNumberMarker' - - description: The marker for the current part. - PartsCount: - allOf: - - $ref: '#/components/schemas/PartsCount' - - description: The total number of parts. - type: object - GetObjectAttributesRequest: - properties: {} - required: - - Bucket - - Key - - ObjectAttributes - title: GetObjectAttributesRequest + MaxDepth: + description: Max depth of prefixes of S3 key that Amazon S3 Storage Lens will analyze. + type: integer + Delimiter: + description: Delimiter to divide S3 key into hierarchy of prefixes. + type: string + MinStorageBytesPercentage: + description: The minimum storage bytes threshold for the prefixes to be included in the analysis. + type: number + PrefixLevelStorageMetrics: type: object - GetObjectLegalHoldOutput: + additionalProperties: false properties: - LegalHold: - allOf: - - $ref: '#/components/schemas/ObjectLockLegalHold' - - description: The current legal hold status for the specified object. - type: object - GetObjectLegalHoldRequest: - properties: {} - required: - - Bucket - - Key - title: GetObjectLegalHoldRequest + IsEnabled: + description: Specifies whether prefix-level storage metrics are enabled or disabled. + type: boolean + SelectionCriteria: + $ref: '#/components/schemas/SelectionCriteria' + PrefixLevel: + description: Prefix-level metrics configurations. type: object - GetObjectLockConfigurationOutput: + additionalProperties: false properties: - ObjectLockConfiguration: - allOf: - - $ref: '#/components/schemas/ObjectLockConfiguration' - - description: The specified bucket's Object Lock configuration. - type: object - GetObjectLockConfigurationRequest: - properties: {} + StorageMetrics: + $ref: '#/components/schemas/PrefixLevelStorageMetrics' required: - - Bucket - title: GetObjectLockConfigurationRequest + - StorageMetrics + BucketLevel: + description: Bucket-level metrics configurations. type: object - GetObjectOutput: - example: - AcceptRanges: bytes - ContentLength: '10' - ContentRange: bytes 0-9/43 - ContentType: text/plain - ETag: '"0d94420ffd0bc68cd3d152506b97a9cc"' - LastModified: Thu, 09 Oct 2014 22:57:28 GMT - Metadata: {} - VersionId: 'null' + additionalProperties: false properties: - Body: - allOf: - - $ref: '#/components/schemas/Body' - - description: Object data. - x-amz-meta-: - allOf: - - $ref: '#/components/schemas/Metadata' - - description: A map of metadata to store with the object in S3. - type: object - GetObjectRequest: - properties: {} - required: - - Bucket - - Key - title: GetObjectRequest + ActivityMetrics: + $ref: '#/components/schemas/ActivityMetrics' + AdvancedCostOptimizationMetrics: + $ref: '#/components/schemas/AdvancedCostOptimizationMetrics' + AdvancedDataProtectionMetrics: + $ref: '#/components/schemas/AdvancedDataProtectionMetrics' + DetailedStatusCodesMetrics: + $ref: '#/components/schemas/DetailedStatusCodesMetrics' + PrefixLevel: + $ref: '#/components/schemas/PrefixLevel' + StorageLensGroupArn: + description: The ARN for the Amazon S3 Storage Lens Group configuration. + type: string + StorageLensGroupSelectionCriteria: + description: Selection criteria for Storage Lens Group level metrics type: object - GetObjectResponseStatusCode: - type: integer - GetObjectRetentionOutput: + additionalProperties: false properties: - Retention: - allOf: - - $ref: '#/components/schemas/ObjectLockRetention' - - description: The container element for an object's retention settings. - type: object - GetObjectRetentionRequest: - properties: {} - required: - - Bucket - - Key - title: GetObjectRetentionRequest + Include: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/StorageLensGroupArn' + Exclude: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/StorageLensGroupArn' + StorageLensGroupLevel: + description: Specifies the details of Amazon S3 Storage Lens Group configuration. + type: object + additionalProperties: false + properties: + StorageLensGroupSelectionCriteria: + $ref: '#/components/schemas/StorageLensGroupSelectionCriteria' + AccountLevel: + description: Account-level metrics configurations. + type: object + additionalProperties: false + properties: + ActivityMetrics: + $ref: '#/components/schemas/ActivityMetrics' + AdvancedCostOptimizationMetrics: + $ref: '#/components/schemas/AdvancedCostOptimizationMetrics' + AdvancedDataProtectionMetrics: + $ref: '#/components/schemas/AdvancedDataProtectionMetrics' + DetailedStatusCodesMetrics: + $ref: '#/components/schemas/DetailedStatusCodesMetrics' + BucketLevel: + $ref: '#/components/schemas/BucketLevel' + StorageLensGroupLevel: + $ref: '#/components/schemas/StorageLensGroupLevel' + required: + - BucketLevel + SSEKMS: + description: AWS KMS server-side encryption. type: object - GetObjectTaggingOutput: - example: - TagSet: - - Key: Key1 - Value: Value1 - VersionId: ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI + additionalProperties: false properties: - TagSet: - allOf: - - $ref: '#/components/schemas/TagSet' - - description: Contains the tag set. - required: - - TagSet - type: object - GetObjectTaggingRequest: - properties: {} + KeyId: + description: The ARN of the KMS key to use for encryption. + type: string required: - - Bucket - - Key - title: GetObjectTaggingRequest + - KeyId + Encryption: + description: Configures the server-side encryption for Amazon S3 Storage Lens report files with either S3-managed keys (SSE-S3) or KMS-managed keys (SSE-KMS). type: object - GetObjectTorrentOutput: - example: {} + oneOf: + - additionalProperties: false + properties: + SSES3: + description: S3 default server-side encryption. + type: object + additionalProperties: false + required: + - SSES3 + - additionalProperties: false + properties: + SSEKMS: + $ref: '#/components/schemas/SSEKMS' + required: + - SSEKMS + S3BucketDestination: + description: S3 bucket destination settings for the Amazon S3 Storage Lens metrics export. + type: object + additionalProperties: false properties: - Body: - allOf: - - $ref: '#/components/schemas/Body' - - description: A Bencoded dictionary as defined by the BitTorrent specification - type: object - GetObjectTorrentRequest: - properties: {} + OutputSchemaVersion: + description: The version of the output schema to use when exporting Amazon S3 Storage Lens metrics. + type: string + enum: + - V_1 + Format: + description: Specifies the file format to use when exporting Amazon S3 Storage Lens metrics export. + type: string + enum: + - CSV + - Parquet + AccountId: + description: The AWS account ID that owns the destination S3 bucket. + type: string + Arn: + description: The ARN of the bucket to which Amazon S3 Storage Lens exports will be placed. + type: string + x-relationshipRef: + typeName: AWS::S3::Bucket + propertyPath: /properties/Arn + Prefix: + description: The prefix to use for Amazon S3 Storage Lens export. + type: string + Encryption: + $ref: '#/components/schemas/Encryption' required: - - Bucket - - Key - title: GetObjectTorrentRequest + - OutputSchemaVersion + - Format + - AccountId + - Arn + CloudWatchMetrics: + description: CloudWatch metrics settings for the Amazon S3 Storage Lens metrics export. type: object - GetPublicAccessBlockOutput: + additionalProperties: false properties: - PublicAccessBlockConfiguration: - allOf: - - $ref: '#/components/schemas/PublicAccessBlockConfiguration' - - description: The PublicAccessBlock configuration currently - in effect for this Amazon S3 bucket. - type: object - GetPublicAccessBlockRequest: - properties: {} + IsEnabled: + description: Specifies whether CloudWatch metrics are enabled or disabled. + type: boolean required: - - Bucket - title: GetPublicAccessBlockRequest + - IsEnabled + StorageLensConfiguration: + description: Specifies the details of Amazon S3 Storage Lens configuration. type: object - GlacierJobParameters: - description: Container for S3 Glacier job parameters. + additionalProperties: false properties: - Tier: - allOf: - - $ref: '#/components/schemas/Tier' - - description: Retrieval tier at which the restore will be processed. + Id: + $ref: '#/components/schemas/Id' + Include: + $ref: '#/components/schemas/BucketsAndRegions' + Exclude: + $ref: '#/components/schemas/BucketsAndRegions' + AwsOrg: + $ref: '#/components/schemas/AwsOrg' + AccountLevel: + $ref: '#/components/schemas/AccountLevel' + DataExport: + $ref: '#/components/schemas/DataExport' + IsEnabled: + description: Specifies whether the Amazon S3 Storage Lens configuration is enabled or disabled. + type: boolean + StorageLensArn: + description: The ARN for the Amazon S3 Storage Lens configuration. + type: string required: - - Tier + - Id + - AccountLevel + - IsEnabled + StorageLens: type: object - Grant: - description: Container for grant information. properties: - Grantee: - allOf: - - $ref: '#/components/schemas/Grantee' - - description: The person being granted permissions. - Permission: - allOf: - - $ref: '#/components/schemas/Permission' - - description: Specifies the permission given to the grantee. - type: object - GrantFullControl: - type: string - GrantRead: - type: string - GrantReadACP: - type: string - GrantWrite: - type: string - GrantWriteACP: + StorageLensConfiguration: + $ref: '#/components/schemas/StorageLensConfiguration' + Tags: + description: A set of tags (key-value pairs) for this Amazon S3 Storage Lens configuration. + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + maxItems: 50 + required: + - StorageLensConfiguration + x-stackql-resource-name: storage_lens + description: The AWS::S3::StorageLens resource is an Amazon S3 resource type that you can use to create Storage Lens configurations. + x-type-name: AWS::S3::StorageLens + x-stackql-primary-identifier: + - StorageLensConfiguration/Id + x-create-only-properties: + - StorageLensConfiguration/Id + x-read-only-properties: + - StorageLensConfiguration/StorageLensArn + x-required-properties: + - StorageLensConfiguration + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - s3:PutStorageLensConfiguration + - s3:PutStorageLensConfigurationTagging + - s3:GetStorageLensConfiguration + - s3:GetStorageLensConfigurationTagging + - organizations:DescribeOrganization + - organizations:ListAccounts + - organizations:ListAWSServiceAccessForOrganization + - organizations:ListDelegatedAdministrators + - iam:CreateServiceLinkedRole + read: + - s3:GetStorageLensConfiguration + - s3:GetStorageLensConfigurationTagging + update: + - s3:PutStorageLensConfiguration + - s3:PutStorageLensConfigurationTagging + - s3:GetStorageLensConfiguration + - s3:GetStorageLensConfigurationTagging + - organizations:DescribeOrganization + - organizations:ListAccounts + - organizations:ListAWSServiceAccessForOrganization + - organizations:ListDelegatedAdministrators + - iam:CreateServiceLinkedRole + delete: + - s3:DeleteStorageLensConfiguration + - s3:DeleteStorageLensConfigurationTagging + list: + - s3:ListStorageLensConfigurations + Name: + description: The name that identifies the Amazon S3 Storage Lens Group. type: string - Grantee: - description: Container for the person being granted permissions. - properties: - DisplayName: - allOf: - - $ref: '#/components/schemas/DisplayName' - - description: Screen name of the grantee. - EmailAddress: - allOf: - - $ref: '#/components/schemas/EmailAddress' - - description: "

Email address of the grantee.

Using email\ - \ addresses to specify a grantee is only supported in the following\ - \ Amazon Web Services Regions:

  • US East (N. Virginia)

    \ - \

  • US West (N. California)

  • US West (Oregon)

    \ - \

  • Asia Pacific (Singapore)

  • Asia Pacific\ - \ (Sydney)

  • Asia Pacific (Tokyo)

  • Europe\ - \ (Ireland)

  • South America (S\xE3o Paulo)

    • \ - \

For a list of all the Amazon S3 supported Regions and endpoints,\ - \ see Regions and Endpoints in the Amazon Web Services General Reference.

\ - \ " - ID: - allOf: - - $ref: '#/components/schemas/ID' - - description: The canonical user ID of the grantee. - URI: - allOf: - - $ref: '#/components/schemas/URI' - - description: URI of the grantee group. - xsi:type: - allOf: - - $ref: '#/components/schemas/Type' - - description: Type of grantee - required: - - Type - type: object - xml: - attribute: true - namespace: http://www.w3.org/2001/XMLSchema-instance - Grants: + minLength: 1 + maxLength: 64 + pattern: ^[a-zA-Z0-9\-_]+$ + MatchAnyPrefix: + description: Filter to match any of the specified prefixes. + type: array + x-insertionOrder: false + uniqueItems: true items: - allOf: - - $ref: '#/components/schemas/Grant' - - xml: - name: Grant + type: string + maxLength: 1024 + MatchAnySuffix: + description: Filter to match any of the specified suffixes. type: array - HeadBucketRequest: - properties: {} - required: - - Bucket - title: HeadBucketRequest + x-insertionOrder: false + uniqueItems: true + items: + type: string + maxLength: 1024 + MatchAnyTag: + description: Filter to match any of the specified object tags. + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + MatchObjectAge: + description: Filter to match all of the specified values for the minimum and maximum object age. type: object - HeadObjectOutput: - example: - AcceptRanges: bytes - ContentLength: '3191' - ContentType: image/jpeg - ETag: '"6805f2cfc46c0f04559748bb039d69ae"' - LastModified: Thu, 15 Dec 2016 01:19:41 GMT - Metadata: {} - VersionId: 'null' + additionalProperties: false properties: - x-amz-meta-: - allOf: - - $ref: '#/components/schemas/Metadata' - - description: A map of metadata to store with the object in S3. + DaysGreaterThan: + description: Minimum object age to which the rule applies. + type: integer + minimum: 1 + DaysLessThan: + description: Maximum object age to which the rule applies. + type: integer + minimum: 1 + MatchObjectSize: + description: Filter to match all of the specified values for the minimum and maximum object size. type: object - HeadObjectRequest: - properties: {} - required: - - Bucket - - Key - title: HeadObjectRequest + additionalProperties: false + properties: + BytesGreaterThan: + description: Minimum object size to which the rule applies. + type: integer + format: int64 + minimum: 1 + BytesLessThan: + description: Maximum object size to which the rule applies. + type: integer + format: int64 + minimum: 1 + And: + description: The Storage Lens group will include objects that match all of the specified filter values. + type: object + uniqueItems: true + additionalProperties: false + minProperties: 2 + properties: + MatchAnyPrefix: + $ref: '#/components/schemas/MatchAnyPrefix' + MatchAnySuffix: + $ref: '#/components/schemas/MatchAnySuffix' + MatchAnyTag: + $ref: '#/components/schemas/MatchAnyTag' + MatchObjectSize: + $ref: '#/components/schemas/MatchObjectSize' + MatchObjectAge: + $ref: '#/components/schemas/MatchObjectAge' + Or: + description: The Storage Lens group will include objects that match any of the specified filter values. + type: object + uniqueItems: true + additionalProperties: false + minProperties: 2 + properties: + MatchAnyPrefix: + $ref: '#/components/schemas/MatchAnyPrefix' + MatchAnySuffix: + $ref: '#/components/schemas/MatchAnySuffix' + MatchAnyTag: + $ref: '#/components/schemas/MatchAnyTag' + MatchObjectSize: + $ref: '#/components/schemas/MatchObjectSize' + MatchObjectAge: + $ref: '#/components/schemas/MatchObjectAge' + Filter: + description: Sets the Storage Lens Group filter. + type: object + properties: + MatchAnyPrefix: + $ref: '#/components/schemas/MatchAnyPrefix' + MatchAnySuffix: + $ref: '#/components/schemas/MatchAnySuffix' + MatchAnyTag: + $ref: '#/components/schemas/MatchAnyTag' + MatchObjectSize: + $ref: '#/components/schemas/MatchObjectSize' + MatchObjectAge: + $ref: '#/components/schemas/MatchObjectAge' + And: + $ref: '#/components/schemas/And' + Or: + $ref: '#/components/schemas/Or' + additionalProperties: false + StorageLensGroup: type: object - HostName: - type: string - HttpErrorCodeReturnedEquals: - type: string - HttpRedirectCode: - type: string - ID: - type: string - IfMatch: - type: string - IfModifiedSince: - format: date-time - type: string - IfNoneMatch: - type: string - IfUnmodifiedSince: - format: date-time - type: string - IndexDocument: - description: Container for the Suffix element. - properties: - Suffix: - allOf: - - $ref: '#/components/schemas/Suffix' - - description:

A suffix that is appended to a request that is for a directory - on the website endpoint (for example,if the suffix is index.html and - you make a request to samplebucket/images/ the data that is returned - will be for the object with the key name images/index.html) The suffix - must not be empty and must not include a slash character.

-

Replacement must be made for object keys containing special characters - (such as carriage returns) when using XML requests. For more information, - see - XML related object key constraints.

 - required: - - Suffix - type: object - Initiated: - format: date-time - type: string - Initiator: - description: 'Container element that identifies who initiated the multipart - upload. ' - properties: - DisplayName: - allOf: - - $ref: '#/components/schemas/DisplayName' - - description: Name of the Principal. - ID: - allOf: - - $ref: '#/components/schemas/ID' - - description: If the principal is an Amazon Web Services account, it provides - the Canonical User ID. If the principal is an IAM User, it provides - a user ARN value. - type: object - InputSerialization: - description: Describes the serialization format of the object. - properties: - CSV: - allOf: - - $ref: '#/components/schemas/CSVInput' - - description: Describes the serialization of a CSV-encoded object. - CompressionType: - allOf: - - $ref: '#/components/schemas/CompressionType' - - description: 'Specifies object''s compression format. Valid values: NONE, - GZIP, BZIP2. Default Value: NONE.' - JSON: - allOf: - - $ref: '#/components/schemas/JSONInput' - - description: Specifies JSON as object's input serialization format. - Parquet: - allOf: - - $ref: '#/components/schemas/ParquetInput' - - description: Specifies Parquet as object's input serialization format. - type: object - IntelligentTieringAccessTier: - enum: - - ARCHIVE_ACCESS - - DEEP_ARCHIVE_ACCESS - type: string - IntelligentTieringAndOperator: - description: A container for specifying S3 Intelligent-Tiering filters. The - filters determine the subset of objects to which the rule applies. - properties: - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description: An object key name prefix that identifies the subset of objects - to which the configuration applies. - Tag: - allOf: - - $ref: '#/components/schemas/TagSet' - - description: All of these tags must exist in the object's tag set in order - for the configuration to apply. - type: object - xml: - wrapped: false - IntelligentTieringConfiguration: - description:

Specifies the S3 Intelligent-Tiering configuration for an Amazon - S3 bucket.

For information about the S3 Intelligent-Tiering storage - class, see Storage - class for automatically optimizing frequently and infrequently accessed objects.

- properties: - Filter: - allOf: - - $ref: '#/components/schemas/IntelligentTieringFilter' - - description: Specifies a bucket filter. The configuration only includes - objects that meet the filter's criteria. - Id: - allOf: - - $ref: '#/components/schemas/IntelligentTieringId' - - description: The ID used to identify the S3 Intelligent-Tiering configuration. - Status: - allOf: - - $ref: '#/components/schemas/IntelligentTieringStatus' - - description: Specifies the status of the configuration. - Tiering: - allOf: - - $ref: '#/components/schemas/TieringList' - - description: Specifies the S3 Intelligent-Tiering storage class tier of - the configuration. - required: - - Id - - Status - - Tierings - type: object - IntelligentTieringConfigurationList: - items: - $ref: '#/components/schemas/IntelligentTieringConfiguration' - type: array - xml: - wrapped: false - IntelligentTieringDays: - type: integer - IntelligentTieringFilter: - description: The Filter is used to identify objects that the S3 - Intelligent-Tiering configuration applies to. - properties: - And: - allOf: - - $ref: '#/components/schemas/IntelligentTieringAndOperator' - - description: A conjunction (logical AND) of predicates, which is used - in evaluating a metrics filter. The operator must have at least two - predicates, and an object must match all of the predicates in order - for the filter to apply. - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description:

An object key name prefix that identifies the subset of - objects to which the rule applies.

Replacement must - be made for object keys containing special characters (such as carriage - returns) when using XML requests. For more information, see - XML related object key constraints.

 - Tag: - $ref: '#/components/schemas/Tag' - type: object - IntelligentTieringId: - type: string - IntelligentTieringStatus: - enum: - - Enabled - - Disabled - type: string - InvalidObjectState: {} - InventoryConfiguration: - description: 'Specifies the inventory configuration for an Amazon S3 bucket. - For more information, see GET - Bucket inventory in the Amazon S3 API Reference. ' - properties: - Destination: - allOf: - - $ref: '#/components/schemas/InventoryDestination' - - description: Contains information about where to publish the inventory - results. - Filter: - allOf: - - $ref: '#/components/schemas/InventoryFilter' - - description: Specifies an inventory filter. The inventory only includes - objects that meet the filter's criteria. - Id: - allOf: - - $ref: '#/components/schemas/InventoryId' - - description: The ID used to identify the inventory configuration. - IncludedObjectVersions: - allOf: - - $ref: '#/components/schemas/InventoryIncludedObjectVersions' - - description: Object versions to include in the inventory list. If set - to All, the list includes all the object versions, which - adds the version-related fields VersionId, IsLatest, - and DeleteMarker to the list. If set to Current, - the list does not contain these version-related fields. - IsEnabled: - allOf: - - $ref: '#/components/schemas/IsEnabled' - - description: Specifies whether the inventory is enabled or disabled. If - set to True, an inventory list is generated. If set to - False, no inventory list is generated. - OptionalFields: - allOf: - - $ref: '#/components/schemas/InventoryOptionalFields' - - description: Contains the optional fields that are included in the inventory - results. - Schedule: - allOf: - - $ref: '#/components/schemas/InventorySchedule' - - description: Specifies the schedule for generating inventory results. - required: - - Destination - - IsEnabled - - Id - - IncludedObjectVersions - - Schedule - type: object - InventoryConfigurationList: - items: - $ref: '#/components/schemas/InventoryConfiguration' - type: array - xml: - wrapped: false - InventoryDestination: - description: Specifies the inventory configuration for an Amazon S3 bucket. - properties: - S3BucketDestination: - allOf: - - $ref: '#/components/schemas/InventoryS3BucketDestination' - - description: Contains the bucket name, file format, bucket owner (optional), - and prefix (optional) where inventory results are published. - required: - - S3BucketDestination - type: object - InventoryEncryption: - description: Contains the type of server-side encryption used to encrypt the - inventory results. - properties: - SSE-KMS: - allOf: - - $ref: '#/components/schemas/SSEKMS' - - description: Specifies the use of SSE-KMS to encrypt delivered inventory - reports. - SSE-S3: - allOf: - - $ref: '#/components/schemas/SSES3' - - description: Specifies the use of SSE-S3 to encrypt delivered inventory - reports. - type: object - InventoryFilter: - description: Specifies an inventory filter. The inventory only includes objects - that meet the filter's criteria. - properties: - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description: The prefix that an object must have to be included in the - inventory results. - required: - - Prefix - type: object - InventoryFormat: - enum: - - CSV - - ORC - - Parquet - type: string - InventoryFrequency: - enum: - - Daily - - Weekly - type: string - InventoryId: - type: string - InventoryIncludedObjectVersions: - enum: - - All - - Current - type: string - InventoryOptionalField: - enum: - - Size - - LastModifiedDate - - StorageClass - - ETag - - IsMultipartUploaded - - ReplicationStatus - - EncryptionStatus - - ObjectLockRetainUntilDate - - ObjectLockMode - - ObjectLockLegalHoldStatus - - IntelligentTieringAccessTier - - BucketKeyStatus - - ChecksumAlgorithm - type: string - InventoryOptionalFields: - items: - allOf: - - $ref: '#/components/schemas/InventoryOptionalField' - - xml: - name: Field - type: array - InventoryS3BucketDestination: - description: Contains the bucket name, file format, bucket owner (optional), - and prefix (optional) where inventory results are published. - properties: - AccountId: - allOf: - - $ref: '#/components/schemas/AccountId' - - description:

The account ID that owns the destination S3 bucket. If - no account ID is provided, the owner is not validated before exporting - data.

Although this value is optional, we strongly recommend - that you set it to help prevent problems if the destination bucket ownership - changes.

- Bucket: - allOf: - - $ref: '#/components/schemas/BucketName' - - description: The Amazon Resource Name (ARN) of the bucket where inventory - results will be published. - Encryption: - allOf: - - $ref: '#/components/schemas/InventoryEncryption' - - description: Contains the type of server-side encryption used to encrypt - the inventory results. - Format: - allOf: - - $ref: '#/components/schemas/InventoryFormat' - - description: Specifies the output format of the inventory results. - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description: The prefix that is prepended to all inventory results. - required: - - Bucket - - Format - type: object - InventorySchedule: - description: Specifies the schedule for generating inventory results. - properties: - Frequency: - allOf: - - $ref: '#/components/schemas/InventoryFrequency' - - description: Specifies how frequently inventory results are produced. - required: - - Frequency - type: object - IsEnabled: - type: boolean - IsLatest: - type: boolean - IsPublic: - type: boolean - IsTruncated: - type: boolean - JSONInput: - description: Specifies JSON as object's input serialization format. - properties: - Type: - allOf: - - $ref: '#/components/schemas/JSONType' - - description: 'The type of JSON. Valid values: Document, Lines.' - type: object - JSONOutput: - description: Specifies JSON as request's output serialization format. - properties: - RecordDelimiter: - allOf: - - $ref: '#/components/schemas/RecordDelimiter' - - description: The value used to separate individual records in the output. - If no value is specified, Amazon S3 uses a newline character ('\n'). - type: object - JSONType: - enum: - - DOCUMENT - - LINES - type: string - KMSContext: - type: string - KeyCount: - type: integer - KeyMarker: - type: string - KeyPrefixEquals: - type: string - LambdaFunctionArn: - type: string - LambdaFunctionConfiguration: - description: A container for specifying the configuration for Lambda notifications. - properties: - CloudFunction: - allOf: - - $ref: '#/components/schemas/LambdaFunctionArn' - - description: The Amazon Resource Name (ARN) of the Lambda function that - Amazon S3 invokes when the specified event type occurs. - Event: - allOf: - - $ref: '#/components/schemas/EventList' - - description: The Amazon S3 bucket event for which to invoke the Lambda - function. For more information, see Supported - Event Types in the Amazon S3 User Guide. - Filter: - $ref: '#/components/schemas/NotificationConfigurationFilter' - Id: - $ref: '#/components/schemas/NotificationId' - required: - - LambdaFunctionArn - - Events - type: object - LambdaFunctionConfigurationList: - items: - $ref: '#/components/schemas/LambdaFunctionConfiguration' - type: array - xml: - wrapped: false - LastModified: - format: date-time - type: string - LifecycleConfiguration: - description: Container for lifecycle rules. You can add as many as 1000 rules. - properties: - Rule: - allOf: - - $ref: '#/components/schemas/Rules' - - description: 'Specifies lifecycle configuration rules for an Amazon S3 - bucket. ' - required: - - Rules - type: object - LifecycleExpiration: - description: Container for the expiration for the lifecycle of the object. - properties: - Date: - allOf: - - $ref: '#/components/schemas/Date' - - description: Indicates at what date the object is to be moved or deleted. - Should be in GMT ISO 8601 Format. - Days: - allOf: - - $ref: '#/components/schemas/Days' - - description: Indicates the lifetime, in days, of the objects that are - subject to the rule. The value must be a non-zero positive integer. - ExpiredObjectDeleteMarker: - allOf: - - $ref: '#/components/schemas/ExpiredObjectDeleteMarker' - - description: Indicates whether Amazon S3 will remove a delete marker with - no noncurrent versions. If set to true, the delete marker will be expired; - if set to false the policy takes no action. This cannot be specified - with Days or Date in a Lifecycle Expiration Policy. - type: object - LifecycleRule: - description: A lifecycle rule for individual objects in an Amazon S3 bucket. - properties: - AbortIncompleteMultipartUpload: - $ref: '#/components/schemas/AbortIncompleteMultipartUpload' - Expiration: - allOf: - - $ref: '#/components/schemas/LifecycleExpiration' - - description: Specifies the expiration for the lifecycle of the object - in the form of date, days and, whether the object has a delete marker. - Filter: - allOf: - - $ref: '#/components/schemas/LifecycleRuleFilter' - - description: The Filter is used to identify objects that - a Lifecycle Rule applies to. A Filter must have exactly - one of Prefix, Tag, or And specified. - Filter is required if the LifecycleRule does - not contain a Prefix element. - ID: - allOf: - - $ref: '#/components/schemas/ID' - - description: Unique identifier for the rule. The value cannot be longer - than 255 characters. - NoncurrentVersionExpiration: - $ref: '#/components/schemas/NoncurrentVersionExpiration' - NoncurrentVersionTransition: - allOf: - - $ref: '#/components/schemas/NoncurrentVersionTransitionList' - - description: ' Specifies the transition rule for the lifecycle rule that - describes when noncurrent objects transition to a specific storage class. - If your bucket is versioning-enabled (or versioning is suspended), you - can set this action to request that Amazon S3 transition noncurrent - object versions to a specific storage class at a set period in the object''s - lifetime. ' - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - deprecated: true - description:

Prefix identifying one or more objects to which the rule - applies. This is no longer used; use Filter instead.

-

Replacement must be made for object keys containing special - characters (such as carriage returns) when using XML requests. For more - information, see - XML related object key constraints.

 - Status: - allOf: - - $ref: '#/components/schemas/ExpirationStatus' - - description: If 'Enabled', the rule is currently being applied. If 'Disabled', - the rule is not currently being applied. - Transition: - allOf: - - $ref: '#/components/schemas/TransitionList' - - description: Specifies when an Amazon S3 object transitions to a specified - storage class. - required: - - Status - type: object - LifecycleRuleAndOperator: - description: This is used in a Lifecycle Rule Filter to apply a logical AND - to two or more predicates. The Lifecycle Rule will apply to any object matching - all of the predicates configured inside the And operator. - properties: - ObjectSizeGreaterThan: - allOf: - - $ref: '#/components/schemas/ObjectSizeGreaterThanBytes' - - description: Minimum object size to which the rule applies. - ObjectSizeLessThan: - allOf: - - $ref: '#/components/schemas/ObjectSizeLessThanBytes' - - description: Maximum object size to which the rule applies. - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description: Prefix identifying one or more objects to which the rule - applies. - Tag: - allOf: - - $ref: '#/components/schemas/TagSet' - - description: All of these tags must exist in the object's tag set in order - for the rule to apply. - type: object - xml: - wrapped: false - LifecycleRuleFilter: - description: The Filter is used to identify objects that a Lifecycle - Rule applies to. A Filter must have exactly one of Prefix, - Tag, or And specified. - properties: - And: - $ref: '#/components/schemas/LifecycleRuleAndOperator' - ObjectSizeGreaterThan: - allOf: - - $ref: '#/components/schemas/ObjectSizeGreaterThanBytes' - - description: Minimum object size to which the rule applies. - ObjectSizeLessThan: - allOf: - - $ref: '#/components/schemas/ObjectSizeLessThanBytes' - - description: Maximum object size to which the rule applies. - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description:

Prefix identifying one or more objects to which the rule - applies.

Replacement must be made for object keys - containing special characters (such as carriage returns) when using - XML requests. For more information, see - XML related object key constraints.

 - Tag: - allOf: - - $ref: '#/components/schemas/Tag' - - description: This tag must exist in the object's tag set in order for - the rule to apply. - type: object - LifecycleRules: - items: - $ref: '#/components/schemas/LifecycleRule' - type: array - xml: - wrapped: false - ListBucketAnalyticsConfigurationsOutput: - properties: - AnalyticsConfiguration: - allOf: - - $ref: '#/components/schemas/AnalyticsConfigurationList' - - description: The list of analytics configurations for a bucket. - ContinuationToken: - allOf: - - $ref: '#/components/schemas/Token' - - description: The marker that is used as a starting point for this analytics - configuration list response. This value is present if it was sent in - the request. - IsTruncated: - allOf: - - $ref: '#/components/schemas/IsTruncated' - - description: Indicates whether the returned list of analytics configurations - is complete. A value of true indicates that the list is not complete - and the NextContinuationToken will be provided for a subsequent request. - NextContinuationToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: ' NextContinuationToken is sent when isTruncated - is true, which indicates that there are more analytics configurations - to list. The next request must include this NextContinuationToken. - The token is obfuscated and is not a usable value.' - type: object - ListBucketAnalyticsConfigurationsRequest: - properties: {} - required: - - Bucket - title: ListBucketAnalyticsConfigurationsRequest - type: object - ListBucketIntelligentTieringConfigurationsOutput: - properties: - ContinuationToken: - allOf: - - $ref: '#/components/schemas/Token' - - description: The ContinuationToken that represents a placeholder - from where this request should begin. - IntelligentTieringConfiguration: - allOf: - - $ref: '#/components/schemas/IntelligentTieringConfigurationList' - - description: The list of S3 Intelligent-Tiering configurations for a bucket. - IsTruncated: - allOf: - - $ref: '#/components/schemas/IsTruncated' - - description: Indicates whether the returned list of analytics configurations - is complete. A value of true indicates that the list is - not complete and the NextContinuationToken will be provided - for a subsequent request. - NextContinuationToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The marker used to continue this inventory configuration - listing. Use the NextContinuationToken from this response - to continue the listing in a subsequent request. The continuation token - is an opaque value that Amazon S3 understands. - type: object - ListBucketIntelligentTieringConfigurationsRequest: - properties: {} - required: - - Bucket - title: ListBucketIntelligentTieringConfigurationsRequest - type: object - ListBucketInventoryConfigurationsOutput: - properties: - ContinuationToken: - allOf: - - $ref: '#/components/schemas/Token' - - description: If sent in the request, the marker that is used as a starting - point for this inventory configuration list response. - InventoryConfiguration: - allOf: - - $ref: '#/components/schemas/InventoryConfigurationList' - - description: The list of inventory configurations for a bucket. - IsTruncated: - allOf: - - $ref: '#/components/schemas/IsTruncated' - - description: Tells whether the returned list of inventory configurations - is complete. A value of true indicates that the list is not complete - and the NextContinuationToken is provided for a subsequent request. - NextContinuationToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The marker used to continue this inventory configuration - listing. Use the NextContinuationToken from this response - to continue the listing in a subsequent request. The continuation token - is an opaque value that Amazon S3 understands. - type: object - ListBucketInventoryConfigurationsRequest: - properties: {} - required: - - Bucket - title: ListBucketInventoryConfigurationsRequest - type: object - ListBucketMetricsConfigurationsOutput: - properties: - ContinuationToken: - allOf: - - $ref: '#/components/schemas/Token' - - description: The marker that is used as a starting point for this metrics - configuration list response. This value is present if it was sent in - the request. - IsTruncated: - allOf: - - $ref: '#/components/schemas/IsTruncated' - - description: Indicates whether the returned list of metrics configurations - is complete. A value of true indicates that the list is not complete - and the NextContinuationToken will be provided for a subsequent request. - MetricsConfiguration: - allOf: - - $ref: '#/components/schemas/MetricsConfigurationList' - - description: The list of metrics configurations for a bucket. - NextContinuationToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: The marker used to continue a metrics configuration listing - that has been truncated. Use the NextContinuationToken - from a previously truncated list response to continue the listing. The - continuation token is an opaque value that Amazon S3 understands. - type: object - ListBucketMetricsConfigurationsRequest: - properties: {} - required: - - Bucket - title: ListBucketMetricsConfigurationsRequest - type: object - ListBucketsOutput: - example: - Buckets: - - CreationDate: '2012-02-15T21: 03: 02.000Z' - Name: examplebucket - - CreationDate: '2011-07-24T19: 33: 50.000Z' - Name: examplebucket2 - - CreationDate: '2010-12-17T00: 56: 49.000Z' - Name: examplebucket3 - Owner: - DisplayName: own-display-name - ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31 - properties: - Buckets: - allOf: - - $ref: '#/components/schemas/Buckets' - - description: The list of buckets owned by the requester. - Owner: - allOf: - - $ref: '#/components/schemas/Owner' - - description: The owner of the buckets listed. - type: object - ListMultipartUploadsOutput: - example: - Uploads: - - Initiated: '2014-05-01T05:40:58.000Z' - Initiator: - DisplayName: display-name - ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc - Key: JavaFile - Owner: - DisplayName: display-name - ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc - StorageClass: STANDARD - UploadId: examplelUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q-- - - Initiated: '2014-05-01T05:41:27.000Z' - Initiator: - DisplayName: display-name - ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc - Key: JavaFile - Owner: - DisplayName: display-name - ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc - StorageClass: STANDARD - UploadId: examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw-- - properties: - Bucket: - allOf: - - $ref: '#/components/schemas/BucketName' - - description: The name of the bucket to which the multipart upload was - initiated. Does not return the access point ARN or access point alias - if used. - CommonPrefixes: - allOf: - - $ref: '#/components/schemas/CommonPrefixList' - - description: If you specify a delimiter in the request, then the result - returns each distinct key prefix containing the delimiter in a CommonPrefixes - element. The distinct key prefixes are returned in the Prefix - child element. - Delimiter: - allOf: - - $ref: '#/components/schemas/Delimiter' - - description: Contains the delimiter you specified in the request. If you - don't specify a delimiter in your request, this element is absent from - the response. - EncodingType: - allOf: - - $ref: '#/components/schemas/EncodingType' - - description:

Encoding type used by Amazon S3 to encode object keys - in the response.

If you specify encoding-type request - parameter, Amazon S3 includes this element in the response, and returns - encoded key name values in the following response elements:

- Delimiter, KeyMarker, Prefix, - NextKeyMarker, Key.

- IsTruncated: - allOf: - - $ref: '#/components/schemas/IsTruncated' - - description: Indicates whether the returned list of multipart uploads - is truncated. A value of true indicates that the list was truncated. - The list can be truncated if the number of multipart uploads exceeds - the limit allowed or specified by max uploads. - KeyMarker: - allOf: - - $ref: '#/components/schemas/KeyMarker' - - description: The key at or after which the listing began. - MaxUploads: - allOf: - - $ref: '#/components/schemas/MaxUploads' - - description: Maximum number of multipart uploads that could have been - included in the response. - NextKeyMarker: - allOf: - - $ref: '#/components/schemas/NextKeyMarker' - - description: When a list is truncated, this element specifies the value - that should be used for the key-marker request parameter in a subsequent - request. - NextUploadIdMarker: - allOf: - - $ref: '#/components/schemas/NextUploadIdMarker' - - description: When a list is truncated, this element specifies the value - that should be used for the upload-id-marker request parameter - in a subsequent request. - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description: When a prefix is provided in the request, this field contains - the specified prefix. The result contains only keys starting with the - specified prefix. - Upload: - allOf: - - $ref: '#/components/schemas/MultipartUploadList' - - description: Container for elements related to a particular multipart - upload. A response can contain zero or more Upload elements. - UploadIdMarker: - allOf: - - $ref: '#/components/schemas/UploadIdMarker' - - description: Upload ID after which listing began. - type: object - ListMultipartUploadsRequest: - properties: {} - required: - - Bucket - title: ListMultipartUploadsRequest - type: object - ListObjectVersionsOutput: - example: - Versions: - - ETag: '"6805f2cfc46c0f04559748bb039d69ae"' - IsLatest: true - Key: HappyFace.jpg - LastModified: '2016-12-15T01:19:41.000Z' - Owner: - DisplayName: owner-display-name - ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc - Size: 3191 - StorageClass: STANDARD - VersionId: 'null' - - ETag: '"6805f2cfc46c0f04559748bb039d69ae"' - IsLatest: false - Key: HappyFace.jpg - LastModified: '2016-12-13T00:58:26.000Z' - Owner: - DisplayName: owner-display-name - ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc - Size: 3191 - StorageClass: STANDARD - VersionId: PHtexPGjH2y.zBgT8LmB7wwLI2mpbz.k - properties: - CommonPrefixes: - allOf: - - $ref: '#/components/schemas/CommonPrefixList' - - description: All of the keys rolled up into a common prefix count as a - single return when calculating the number of returns. - DeleteMarker: - allOf: - - $ref: '#/components/schemas/DeleteMarkers' - - description: Container for an object that is a delete marker. - Delimiter: - allOf: - - $ref: '#/components/schemas/Delimiter' - - description: The delimiter grouping the included keys. A delimiter is - a character that you specify to group keys. All keys that contain the - same string between the prefix and the first occurrence of the delimiter - are grouped under a single result element in CommonPrefixes. - These groups are counted as one result against the max-keys limitation. - These keys are not returned elsewhere in the response. - EncodingType: - allOf: - - $ref: '#/components/schemas/EncodingType' - - description:

Encoding type used by Amazon S3 to encode object key - names in the XML response.

If you specify encoding-type request - parameter, Amazon S3 includes this element in the response, and returns - encoded key name values in the following response elements:

- KeyMarker, NextKeyMarker, Prefix, Key, and Delimiter.

- IsTruncated: - allOf: - - $ref: '#/components/schemas/IsTruncated' - - description: A flag that indicates whether Amazon S3 returned all of the - results that satisfied the search criteria. If your results were truncated, - you can make a follow-up paginated request using the NextKeyMarker and - NextVersionIdMarker response parameters as a starting place in another - request to return the rest of the results. - KeyMarker: - allOf: - - $ref: '#/components/schemas/KeyMarker' - - description: Marks the last key returned in a truncated response. - MaxKeys: - allOf: - - $ref: '#/components/schemas/MaxKeys' - - description: Specifies the maximum number of objects to return. - Name: - allOf: - - $ref: '#/components/schemas/BucketName' - - description: The bucket name. - NextKeyMarker: - allOf: - - $ref: '#/components/schemas/NextKeyMarker' - - description: When the number of responses exceeds the value of MaxKeys, - NextKeyMarker specifies the first key not returned that - satisfies the search criteria. Use this value for the key-marker request - parameter in a subsequent request. - NextVersionIdMarker: - allOf: - - $ref: '#/components/schemas/NextVersionIdMarker' - - description: When the number of responses exceeds the value of MaxKeys, - NextVersionIdMarker specifies the first object version - not returned that satisfies the search criteria. Use this value for - the version-id-marker request parameter in a subsequent request. - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description: Selects objects that start with the value supplied by this - parameter. - Version: - allOf: - - $ref: '#/components/schemas/ObjectVersionList' - - description: Container for version information. - VersionIdMarker: - allOf: - - $ref: '#/components/schemas/VersionIdMarker' - - description: Marks the last version of the key returned in a truncated - response. - type: object - ListObjectVersionsRequest: - properties: {} - required: - - Bucket - title: ListObjectVersionsRequest - type: object - ListObjectsOutput: - example: - Contents: - - ETag: '"70ee1738b6b21e2c8a43f3a5ab0eee71"' - Key: example1.jpg - LastModified: '2014-11-21T19:40:05.000Z' - Owner: - DisplayName: myname - ID: 12345example25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc - Size: 11 - StorageClass: STANDARD - - ETag: '"9c8af9a76df052144598c115ef33e511"' - Key: example2.jpg - LastModified: '2013-11-15T01:10:49.000Z' - Owner: - DisplayName: myname - ID: 12345example25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc - Size: 713193 - StorageClass: STANDARD - NextMarker: eyJNYXJrZXIiOiBudWxsLCAiYm90b190cnVuY2F0ZV9hbW91bnQiOiAyfQ== - properties: - CommonPrefixes: - allOf: - - $ref: '#/components/schemas/CommonPrefixList' - - description:

All of the keys (up to 1,000) rolled up in a common prefix - count as a single return when calculating the number of returns.

-

A response can contain CommonPrefixes only if you specify a delimiter.

-

CommonPrefixes contains all (if there are any) keys between Prefix - and the next occurrence of the string specified by the delimiter.

-

CommonPrefixes lists keys that act like subdirectories in the directory - specified by Prefix.

For example, if the prefix is notes/ and - the delimiter is a slash (/) as in notes/summer/july, the common prefix - is notes/summer/. All of the keys that roll up into a common prefix - count as a single return when calculating the number of returns.

- Contents: - allOf: - - $ref: '#/components/schemas/ObjectList' - - description: Metadata about each object returned. - Delimiter: - allOf: - - $ref: '#/components/schemas/Delimiter' - - description: Causes keys that contain the same string between the prefix - and the first occurrence of the delimiter to be rolled up into a single - result element in the CommonPrefixes collection. These - rolled-up keys are not returned elsewhere in the response. Each rolled-up - result counts as only one return against the MaxKeys value. - EncodingType: - allOf: - - $ref: '#/components/schemas/EncodingType' - - description: Encoding type used by Amazon S3 to encode object keys in - the response. - IsTruncated: - allOf: - - $ref: '#/components/schemas/IsTruncated' - - description: A flag that indicates whether Amazon S3 returned all of the - results that satisfied the search criteria. - Marker: - allOf: - - $ref: '#/components/schemas/Marker' - - description: Indicates where in the bucket listing begins. Marker is included - in the response if it was sent with the request. - MaxKeys: - allOf: - - $ref: '#/components/schemas/MaxKeys' - - description: The maximum number of keys returned in the response body. - Name: - allOf: - - $ref: '#/components/schemas/BucketName' - - description: The bucket name. - NextMarker: - allOf: - - $ref: '#/components/schemas/NextMarker' - - description: 'When response is truncated (the IsTruncated element value - in the response is true), you can use the key name in this field as - marker in the subsequent request to get next set of objects. Amazon - S3 lists objects in alphabetical order Note: This element is returned - only if you have delimiter request parameter specified. If response - does not include the NextMarker and it is truncated, you can use the - value of the last Key in the response as the marker in the subsequent - request to get the next set of object keys.' - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description: Keys that begin with the indicated prefix. - type: object - ListObjectsRequest: - properties: {} - required: - - Bucket - title: ListObjectsRequest - type: object - ListObjectsV2Output: - example: - Contents: - - ETag: '"70ee1738b6b21e2c8a43f3a5ab0eee71"' - Key: happyface.jpg - LastModified: '2014-11-21T19:40:05.000Z' - Size: 11 - StorageClass: STANDARD - - ETag: '"becf17f89c30367a9a44495d62ed521a-1"' - Key: test.jpg - LastModified: '2014-05-02T04:51:50.000Z' - Size: 4192256 - StorageClass: STANDARD - IsTruncated: true - KeyCount: '2' - MaxKeys: '2' - Name: examplebucket - NextContinuationToken: 1w41l63U0xa8q7smH50vCxyTQqdxo69O3EmK28Bi5PcROI4wI/EyIJg== - Prefix: '' - properties: - CommonPrefixes: - allOf: - - $ref: '#/components/schemas/CommonPrefixList' - - description:

All of the keys (up to 1,000) rolled up into a common - prefix count as a single return when calculating the number of returns.

-

A response can contain CommonPrefixes only if you specify - a delimiter.

CommonPrefixes contains all (if there - are any) keys between Prefix and the next occurrence of - the string specified by a delimiter.

CommonPrefixes - lists keys that act like subdirectories in the directory specified by - Prefix.

For example, if the prefix is notes/ - and the delimiter is a slash (/) as in notes/summer/july, - the common prefix is notes/summer/. All of the keys that - roll up into a common prefix count as a single return when calculating - the number of returns.

- Contents: - allOf: - - $ref: '#/components/schemas/ObjectList' - - description: Metadata about each object returned. - ContinuationToken: - allOf: - - $ref: '#/components/schemas/Token' - - description: ' If ContinuationToken was sent with the request, it is included - in the response.' - Delimiter: - allOf: - - $ref: '#/components/schemas/Delimiter' - - description: Causes keys that contain the same string between the prefix - and the first occurrence of the delimiter to be rolled up into a single - result element in the CommonPrefixes collection. These rolled-up keys - are not returned elsewhere in the response. Each rolled-up result counts - as only one return against the MaxKeys value. - EncodingType: - allOf: - - $ref: '#/components/schemas/EncodingType' - - description:

Encoding type used by Amazon S3 to encode object key names - in the XML response.

If you specify the encoding-type request - parameter, Amazon S3 includes this element in the response, and returns - encoded key name values in the following response elements:

- Delimiter, Prefix, Key, and StartAfter.

- IsTruncated: - allOf: - - $ref: '#/components/schemas/IsTruncated' - - description: Set to false if all of the results were returned. Set to - true if more keys are available to return. If the number of results - exceeds that specified by MaxKeys, all of the results might not be returned. - KeyCount: - allOf: - - $ref: '#/components/schemas/KeyCount' - - description: 'KeyCount is the number of keys returned with this request. - KeyCount will always be less than or equals to MaxKeys field. Say you - ask for 50 keys, your result will include less than equals 50 keys ' - MaxKeys: - allOf: - - $ref: '#/components/schemas/MaxKeys' - - description: Sets the maximum number of keys returned in the response. - By default the action returns up to 1,000 key names. The response might - contain fewer keys but will never contain more. - Name: - allOf: - - $ref: '#/components/schemas/BucketName' - - description:

The bucket name.

When using this action with an - access point, you must direct requests to the access point hostname. - The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - When using this action with an access point through the Amazon Web Services - SDKs, you provide the access point ARN in place of the bucket name. - For more information about access point ARNs, see Using - access points in the Amazon S3 User Guide.

When using - this action with Amazon S3 on Outposts, you must direct requests to - the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. - When using this action with S3 on Outposts through the Amazon Web Services - SDKs, you provide the Outposts bucket ARN in place of the bucket name. - For more information about S3 on Outposts ARNs, see Using - Amazon S3 on Outposts in the Amazon S3 User Guide.

- NextContinuationToken: - allOf: - - $ref: '#/components/schemas/NextToken' - - description: ' NextContinuationToken is sent when isTruncated - is true, which means there are more keys in the bucket that can be listed. - The next list requests to Amazon S3 can be continued with this NextContinuationToken. - NextContinuationToken is obfuscated and is not a real key' - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description: ' Keys that begin with the indicated prefix.' - StartAfter: - allOf: - - $ref: '#/components/schemas/StartAfter' - - description: If StartAfter was sent with the request, it is included in - the response. - type: object - ListObjectsV2Request: - properties: {} - required: - - Bucket - title: ListObjectsV2Request - type: object - ListPartsOutput: - example: - Initiator: - DisplayName: owner-display-name - ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc - Owner: - DisplayName: owner-display-name - ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc - Parts: - - ETag: '"d8c2eafd90c266e19ab9dcacc479f8af"' - LastModified: '2016-12-16T00:11:42.000Z' - PartNumber: '1' - Size: 26246026 - - ETag: '"d8c2eafd90c266e19ab9dcacc479f8af"' - LastModified: '2016-12-16T00:15:01.000Z' - PartNumber: '2' - Size: 26246026 - StorageClass: STANDARD - properties: - Bucket: - allOf: - - $ref: '#/components/schemas/BucketName' - - description: The name of the bucket to which the multipart upload was - initiated. Does not return the access point ARN or access point alias - if used. - ChecksumAlgorithm: - allOf: - - $ref: '#/components/schemas/ChecksumAlgorithm' - - description: The algorithm that was used to create a checksum of the object. - Initiator: - allOf: - - $ref: '#/components/schemas/Initiator' - - description: Container element that identifies who initiated the multipart - upload. If the initiator is an Amazon Web Services account, this element - provides the same information as the Owner element. If - the initiator is an IAM User, this element provides the user ARN and - display name. - IsTruncated: - allOf: - - $ref: '#/components/schemas/IsTruncated' - - description: ' Indicates whether the returned list of parts is truncated. - A true value indicates that the list was truncated. A list can be truncated - if the number of parts exceeds the limit returned in the MaxParts element.' - Key: - allOf: - - $ref: '#/components/schemas/ObjectKey' - - description: Object key for which the multipart upload was initiated. - MaxParts: - allOf: - - $ref: '#/components/schemas/MaxParts' - - description: Maximum number of parts that were allowed in the response. - NextPartNumberMarker: - allOf: - - $ref: '#/components/schemas/NextPartNumberMarker' - - description: When a list is truncated, this element specifies the last - part in the list, as well as the value to use for the part-number-marker - request parameter in a subsequent request. - Owner: - allOf: - - $ref: '#/components/schemas/Owner' - - description: ' Container element that identifies the object owner, after - the object is created. If multipart upload is initiated by an IAM user, - this element provides the parent account ID and display name.' - Part: - allOf: - - $ref: '#/components/schemas/Parts' - - description: ' Container for elements related to a particular part. A - response can contain zero or more Part elements.' - PartNumberMarker: - allOf: - - $ref: '#/components/schemas/PartNumberMarker' - - description: When a list is truncated, this element specifies the last - part in the list, as well as the value to use for the part-number-marker - request parameter in a subsequent request. - StorageClass: - allOf: - - $ref: '#/components/schemas/StorageClass' - - description: Class of storage (STANDARD or REDUCED_REDUNDANCY) used to - store the uploaded object. - UploadId: - allOf: - - $ref: '#/components/schemas/MultipartUploadId' - - description: Upload ID identifying the multipart upload whose parts are - being listed. - type: object - ListPartsRequest: - properties: {} - required: - - Bucket - - Key - - UploadId - title: ListPartsRequest - type: object - Location: - type: string - LocationPrefix: - type: string - LoggingEnabled: - description: Describes where logs are stored and the prefix that Amazon S3 assigns - to all log object keys for a bucket. For more information, see PUT - Bucket logging in the Amazon S3 API Reference. - properties: - TargetBucket: - allOf: - - $ref: '#/components/schemas/TargetBucket' - - description: Specifies the bucket where you want Amazon S3 to store server - access logs. You can have your logs delivered to any bucket that you - own, including the same bucket that is being logged. You can also configure - multiple buckets to deliver their logs to the same target bucket. In - this case, you should choose a different TargetPrefix for - each source bucket so that the delivered log files can be distinguished - by key. - TargetGrants: - allOf: - - $ref: '#/components/schemas/TargetGrants' - - description:

Container for granting information.

Buckets that - use the bucket owner enforced setting for Object Ownership don't support - target grants. For more information, see Permissions - for server access log delivery in the Amazon S3 User Guide.

- TargetPrefix: - allOf: - - $ref: '#/components/schemas/TargetPrefix' - - description: A prefix for all log object keys. If you store log files - from multiple Amazon S3 buckets in a single bucket, you can use a prefix - to distinguish which log files came from which bucket. - required: - - TargetBucket - - TargetPrefix - type: object - MFA: - type: string - MFADelete: - enum: - - Enabled - - Disabled - type: string - MFADeleteStatus: - enum: - - Enabled - - Disabled - type: string - Marker: - type: string - MaxAgeSeconds: - type: integer - MaxKeys: - type: integer - MaxParts: - type: integer - MaxUploads: - type: integer - Message: - type: string - Metadata: - additionalProperties: - $ref: '#/components/schemas/MetadataValue' - type: object - MetadataDirective: - enum: - - COPY - - REPLACE - type: string - MetadataEntry: - description: A metadata key-value pair to store with an object. properties: Name: - allOf: - - $ref: '#/components/schemas/MetadataKey' - - description: Name of the Object. - Value: - allOf: - - $ref: '#/components/schemas/MetadataValue' - - description: Value of the Object. - type: object - MetadataKey: - type: string - MetadataValue: - type: string - Metrics: - description: ' A container specifying replication metrics-related settings enabling - replication metrics and events.' - properties: - EventThreshold: - allOf: - - $ref: '#/components/schemas/ReplicationTimeValue' - - description: ' A container specifying the time threshold for emitting - the s3:Replication:OperationMissedThreshold event. ' - Status: - allOf: - - $ref: '#/components/schemas/MetricsStatus' - - description: ' Specifies whether the replication metrics are enabled. ' - required: - - Status - type: object - MetricsAndOperator: - description: A conjunction (logical AND) of predicates, which is used in evaluating - a metrics filter. The operator must have at least two predicates, and an object - must match all of the predicates in order for the filter to apply. - properties: - AccessPointArn: - allOf: - - $ref: '#/components/schemas/AccessPointArn' - - description: The access point ARN used when evaluating an AND - predicate. - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description: The prefix used when evaluating an AND predicate. - Tag: - allOf: - - $ref: '#/components/schemas/TagSet' - - description: The list of tags used when evaluating an AND predicate. - type: object - xml: - wrapped: false - MetricsConfiguration: - description: Specifies a metrics configuration for the CloudWatch request metrics - (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're - updating an existing metrics configuration, note that this is a full replacement - of the existing metrics configuration. If you don't include the elements you - want to keep, they are erased. For more information, see PutBucketMetricsConfiguration. - properties: + $ref: '#/components/schemas/Name' Filter: - allOf: - - $ref: '#/components/schemas/MetricsFilter' - - description: Specifies a metrics configuration filter. The metrics configuration - will only include objects that meet the filter's criteria. A filter - must be a prefix, an object tag, an access point ARN, or a conjunction - (MetricsAndOperator). - Id: - allOf: - - $ref: '#/components/schemas/MetricsId' - - description: The ID used to identify the metrics configuration. - required: - - Id - type: object - MetricsConfigurationList: - items: - $ref: '#/components/schemas/MetricsConfiguration' - type: array - xml: - wrapped: false - MetricsFilter: - description: Specifies a metrics configuration filter. The metrics configuration - only includes objects that meet the filter's criteria. A filter must be a - prefix, an object tag, an access point ARN, or a conjunction (MetricsAndOperator). - For more information, see PutBucketMetricsConfiguration. - properties: - AccessPointArn: - allOf: - - $ref: '#/components/schemas/AccessPointArn' - - description: The access point ARN used when evaluating a metrics filter. - And: - allOf: - - $ref: '#/components/schemas/MetricsAndOperator' - - description: A conjunction (logical AND) of predicates, which is used - in evaluating a metrics filter. The operator must have at least two - predicates, and an object must match all of the predicates in order - for the filter to apply. - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description: The prefix used when evaluating a metrics filter. - Tag: - allOf: - - $ref: '#/components/schemas/Tag' - - description: The tag used when evaluating a metrics filter. - type: object - MetricsId: - type: string - MetricsStatus: - enum: - - Enabled - - Disabled - type: string - Minutes: - type: integer - MissingMeta: - type: integer - MultipartUpload: - description: Container for the MultipartUpload for the Amazon S3 - object. - properties: - ChecksumAlgorithm: - allOf: - - $ref: '#/components/schemas/ChecksumAlgorithm' - - description: The algorithm that was used to create a checksum of the object. - Initiated: - allOf: - - $ref: '#/components/schemas/Initiated' - - description: Date and time at which the multipart upload was initiated. - Initiator: - allOf: - - $ref: '#/components/schemas/Initiator' - - description: Identifies who initiated the multipart upload. - Key: - allOf: - - $ref: '#/components/schemas/ObjectKey' - - description: Key of the object for which the multipart upload was initiated. - Owner: - allOf: - - $ref: '#/components/schemas/Owner' - - description: 'Specifies the owner of the object that is part of the multipart - upload. ' - StorageClass: - allOf: - - $ref: '#/components/schemas/StorageClass' - - description: The class of storage used to store the object. - UploadId: - allOf: - - $ref: '#/components/schemas/MultipartUploadId' - - description: Upload ID that identifies the multipart upload. - type: object - MultipartUploadId: - type: string - MultipartUploadList: - items: - $ref: '#/components/schemas/MultipartUpload' - type: array - xml: - wrapped: false - NextKeyMarker: - type: string - NextMarker: - type: string - NextPartNumberMarker: - type: integer - NextToken: - type: string - NextUploadIdMarker: - type: string - NextVersionIdMarker: - type: string - NoSuchBucket: {} - NoSuchKey: {} - NoSuchUpload: {} - NoncurrentVersionExpiration: - description: Specifies when noncurrent object versions expire. Upon expiration, - Amazon S3 permanently deletes the noncurrent object versions. You set this - lifecycle configuration action on a bucket that has versioning enabled (or - suspended) to request that Amazon S3 delete noncurrent object versions at - a specific period in the object's lifetime. - properties: - NewerNoncurrentVersions: - allOf: - - $ref: '#/components/schemas/VersionCount' - - description: Specifies how many noncurrent versions Amazon S3 will retain. - If there are this many more recent noncurrent versions, Amazon S3 will - take the associated action. For more information about noncurrent versions, - see Lifecycle - configuration elements in the Amazon S3 User Guide. - NoncurrentDays: - allOf: - - $ref: '#/components/schemas/Days' - - description: Specifies the number of days an object is noncurrent before - Amazon S3 can perform the associated action. The value must be a non-zero - positive integer. For information about the noncurrent days calculations, - see How - Amazon S3 Calculates When an Object Became Noncurrent in the Amazon - S3 User Guide. - type: object - NoncurrentVersionTransition: - description: Container for the transition rule that describes when noncurrent - objects transition to the STANDARD_IA, ONEZONE_IA, - INTELLIGENT_TIERING, GLACIER_IR, GLACIER, - or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled - (or versioning is suspended), you can set this action to request that Amazon - S3 transition noncurrent object versions to the STANDARD_IA, - ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR, - GLACIER, or DEEP_ARCHIVE storage class at a specific - period in the object's lifetime. - properties: - NewerNoncurrentVersions: - allOf: - - $ref: '#/components/schemas/VersionCount' - - description: Specifies how many noncurrent versions Amazon S3 will retain. - If there are this many more recent noncurrent versions, Amazon S3 will - take the associated action. For more information about noncurrent versions, - see Lifecycle - configuration elements in the Amazon S3 User Guide. - NoncurrentDays: - allOf: - - $ref: '#/components/schemas/Days' - - description: Specifies the number of days an object is noncurrent before - Amazon S3 can perform the associated action. For information about the - noncurrent days calculations, see How - Amazon S3 Calculates How Long an Object Has Been Noncurrent in the - Amazon S3 User Guide. - StorageClass: - allOf: - - $ref: '#/components/schemas/TransitionStorageClass' - - description: The class of storage used to store the object. - type: object - NoncurrentVersionTransitionList: - items: - $ref: '#/components/schemas/NoncurrentVersionTransition' - type: array - xml: - wrapped: false - NotificationConfiguration: - description: A container for specifying the notification configuration of the - bucket. If this element is empty, notifications are turned off for the bucket. - properties: - CloudFunctionConfiguration: - allOf: - - $ref: '#/components/schemas/LambdaFunctionConfigurationList' - - description: Describes the Lambda functions to invoke and the events for - which to invoke them. - EventBridgeConfiguration: - allOf: - - $ref: '#/components/schemas/EventBridgeConfiguration' - - description: Enables delivery of events to Amazon EventBridge. - QueueConfiguration: - allOf: - - $ref: '#/components/schemas/QueueConfigurationList' - - description: The Amazon Simple Queue Service queues to publish messages - to and the events for which to publish messages. - TopicConfiguration: - allOf: - - $ref: '#/components/schemas/TopicConfigurationList' - - description: The topic to which notifications are sent and the events - for which notifications are generated. - type: object - NotificationConfigurationDeprecated: - example: - QueueConfiguration: - Event: s3:ObjectCreated:Put - Events: - - s3:ObjectCreated:Put - Id: MDQ2OGQ4NDEtOTBmNi00YTM4LTk0NzYtZDIwN2I3NWQ1NjIx - Queue: arn:aws:sqs:us-east-1:acct-id:S3ObjectCreatedEventQueue - TopicConfiguration: - Event: s3:ObjectCreated:Copy - Events: - - s3:ObjectCreated:Copy - Id: YTVkMWEzZGUtNTY1NS00ZmE2LWJjYjktMmRlY2QwODFkNTJi - Topic: arn:aws:sns:us-east-1:acct-id:S3ObjectCreatedEventTopic - properties: - CloudFunctionConfiguration: - allOf: - - $ref: '#/components/schemas/CloudFunctionConfiguration' - - description: Container for specifying the Lambda notification configuration. - QueueConfiguration: - allOf: - - $ref: '#/components/schemas/QueueConfigurationDeprecated' - - description: 'This data type is deprecated. This data type specifies the - configuration for publishing messages to an Amazon Simple Queue Service - (Amazon SQS) queue when Amazon S3 detects specified events. ' - TopicConfiguration: - allOf: - - $ref: '#/components/schemas/TopicConfigurationDeprecated' - - description: 'This data type is deprecated. A container for specifying - the configuration for publication of messages to an Amazon Simple Notification - Service (Amazon SNS) topic when Amazon S3 detects specified events. ' - type: object - NotificationConfigurationFilter: - description: Specifies object key name filtering rules. For information about - key name filtering, see Configuring - Event Notifications in the Amazon S3 User Guide. - properties: - S3Key: - $ref: '#/components/schemas/S3KeyFilter' - type: object - NotificationId: - description: An optional unique identifier for configurations in a notification - configuration. If you don't provide one, Amazon S3 will assign an ID. - type: string - Object: - description: An object consists of data and its descriptive metadata. - properties: - ChecksumAlgorithm: - allOf: - - $ref: '#/components/schemas/ChecksumAlgorithmList' - - description: The algorithm that was used to create a checksum of the object. - ETag: - allOf: - - $ref: '#/components/schemas/ETag' - - description:

The entity tag is a hash of the object. The ETag reflects - changes only to the contents of an object, not its metadata. The ETag - may or may not be an MD5 digest of the object data. Whether or not it - is depends on how the object was created and how it is encrypted as - described below:

  • Objects created by the PUT Object, - POST Object, or Copy operation, or through the Amazon Web Services Management - Console, and are encrypted by SSE-S3 or plaintext, have ETags that are - an MD5 digest of their object data.

  • Objects created - by the PUT Object, POST Object, or Copy operation, or through the Amazon - Web Services Management Console, and are encrypted by SSE-C or SSE-KMS, - have ETags that are not an MD5 digest of their object data.

    • -

  • If an object is created by either the Multipart Upload or Part - Copy operation, the ETag is not an MD5 digest, regardless of the method - of encryption. If an object is larger than 16 MB, the Amazon Web Services - Management Console will upload or copy that object as a Multipart Upload, - and therefore the ETag will not be an MD5 digest.

- Key: - allOf: - - $ref: '#/components/schemas/ObjectKey' - - description: The name that you assign to an object. You use the object - key to retrieve the object. - LastModified: - allOf: - - $ref: '#/components/schemas/LastModified' - - description: Creation date of the object. - Owner: - allOf: - - $ref: '#/components/schemas/Owner' - - description: The owner of the object - Size: - allOf: - - $ref: '#/components/schemas/Size' - - description: Size in bytes of the object - StorageClass: - allOf: - - $ref: '#/components/schemas/ObjectStorageClass' - - description: The class of storage used to store the object. - type: object - ObjectAlreadyInActiveTierError: {} - ObjectAttributes: - enum: - - ETag - - Checksum - - ObjectParts - - StorageClass - - ObjectSize - type: string - ObjectAttributesList: - items: - $ref: '#/components/schemas/ObjectAttributes' - type: array - ObjectCannedACL: - enum: - - private - - public-read - - public-read-write - - authenticated-read - - aws-exec-read - - bucket-owner-read - - bucket-owner-full-control - type: string - ObjectIdentifier: - description: Object Identifier is unique value to identify objects. - properties: - Key: - allOf: - - $ref: '#/components/schemas/ObjectKey' - - description:

Key name of the object.

Replacement - must be made for object keys containing special characters (such as - carriage returns) when using XML requests. For more information, see - - XML related object key constraints.

 - VersionId: - allOf: - - $ref: '#/components/schemas/ObjectVersionId' - - description: VersionId for the specific version of the object to delete. - required: - - Key - type: object - ObjectIdentifierList: - items: - $ref: '#/components/schemas/ObjectIdentifier' - type: array - xml: - wrapped: false - ObjectKey: - minLength: 1 - type: string - ObjectList: - items: - $ref: '#/components/schemas/Object' - type: array - xml: - wrapped: false - ObjectLockConfiguration: - description: The container element for Object Lock configuration parameters. - properties: - ObjectLockEnabled: - allOf: - - $ref: '#/components/schemas/ObjectLockEnabled' - - description: 'Indicates whether this bucket has an Object Lock configuration - enabled. Enable ObjectLockEnabled when you apply ObjectLockConfiguration - to a bucket. ' - Rule: - allOf: - - $ref: '#/components/schemas/ObjectLockRule' - - description: Specifies the Object Lock rule for the specified object. - Enable the this rule when you apply ObjectLockConfiguration - to a bucket. Bucket settings require both a mode and a period. The period - can be either Days or Years but you must select - one. You cannot specify Days and Years at - the same time. - type: object - ObjectLockEnabled: - enum: - - Enabled - type: string - ObjectLockEnabledForBucket: - type: boolean - ObjectLockLegalHold: - description: A legal hold configuration for an object. - properties: - Status: - allOf: - - $ref: '#/components/schemas/ObjectLockLegalHoldStatus' - - description: Indicates whether the specified object has a legal hold in - place. - type: object - ObjectLockLegalHoldStatus: - enum: - - 'ON' - - 'OFF' - type: string - ObjectLockMode: - enum: - - GOVERNANCE - - COMPLIANCE - type: string - ObjectLockRetainUntilDate: - format: date-time - type: string - ObjectLockRetention: - description: A Retention configuration for an object. - properties: - Mode: - allOf: - - $ref: '#/components/schemas/ObjectLockRetentionMode' - - description: Indicates the Retention mode for the specified object. - RetainUntilDate: - allOf: - - $ref: '#/components/schemas/Date' - - description: The date on which this Object Lock Retention will expire. - type: object - ObjectLockRetentionMode: - enum: - - GOVERNANCE - - COMPLIANCE - type: string - ObjectLockRule: - description: The container element for an Object Lock rule. - properties: - DefaultRetention: - allOf: - - $ref: '#/components/schemas/DefaultRetention' - - description: The default Object Lock retention mode and period that you - want to apply to new objects placed in the specified bucket. Bucket - settings require both a mode and a period. The period can be either - Days or Years but you must select one. You - cannot specify Days and Years at the same - time. - type: object - ObjectLockToken: - type: string - ObjectNotInActiveTierError: {} - ObjectOwnership: - description:

The container element for object ownership for a bucket's ownership - controls.

BucketOwnerPreferred - Objects uploaded to the bucket change - ownership to the bucket owner if the objects are uploaded with the bucket-owner-full-control - canned ACL.

ObjectWriter - The uploading account will own the object - if the object is uploaded with the bucket-owner-full-control - canned ACL.

BucketOwnerEnforced - Access control lists (ACLs) are disabled - and no longer affect permissions. The bucket owner automatically owns and - has full control over every object in the bucket. The bucket only accepts - PUT requests that don't specify an ACL or bucket owner full control ACLs, - such as the bucket-owner-full-control canned ACL or an equivalent - form of this ACL expressed in the XML format.

- enum: - - BucketOwnerPreferred - - ObjectWriter - - BucketOwnerEnforced - type: string - ObjectPart: - description: A container for elements related to an individual part. - properties: - ChecksumCRC32: - allOf: - - $ref: '#/components/schemas/ChecksumCRC32' - - description: This header can be used as a data integrity check to verify - that the data received is the same data that was originally sent. This - header specifies the base64-encoded, 32-bit CRC32 checksum of the object. - For more information, see Checking - object integrity in the Amazon S3 User Guide. - ChecksumCRC32C: - allOf: - - $ref: '#/components/schemas/ChecksumCRC32C' - - description: The base64-encoded, 32-bit CRC32C checksum of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumSHA1: - allOf: - - $ref: '#/components/schemas/ChecksumSHA1' - - description: The base64-encoded, 160-bit SHA-1 digest of the object. This - will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumSHA256: - allOf: - - $ref: '#/components/schemas/ChecksumSHA256' - - description: The base64-encoded, 256-bit SHA-256 digest of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - PartNumber: - allOf: - - $ref: '#/components/schemas/PartNumber' - - description: The part number identifying the part. This value is a positive - integer between 1 and 10,000. - Size: - allOf: - - $ref: '#/components/schemas/Size' - - description: The size of the uploaded part in bytes. - type: object - ObjectSize: - type: integer - ObjectSizeGreaterThanBytes: - type: integer - ObjectSizeLessThanBytes: - type: integer - ObjectStorageClass: - enum: - - STANDARD - - REDUCED_REDUNDANCY - - GLACIER - - STANDARD_IA - - ONEZONE_IA - - INTELLIGENT_TIERING - - DEEP_ARCHIVE - - OUTPOSTS - - GLACIER_IR - type: string - ObjectVersion: - description: The version of an object. - properties: - ChecksumAlgorithm: - allOf: - - $ref: '#/components/schemas/ChecksumAlgorithmList' - - description: The algorithm that was used to create a checksum of the object. - ETag: - allOf: - - $ref: '#/components/schemas/ETag' - - description: The entity tag is an MD5 hash of that version of the object. - IsLatest: - allOf: - - $ref: '#/components/schemas/IsLatest' - - description: Specifies whether the object is (true) or is not (false) - the latest version of an object. - Key: - allOf: - - $ref: '#/components/schemas/ObjectKey' - - description: The object key. - LastModified: - allOf: - - $ref: '#/components/schemas/LastModified' - - description: Date and time the object was last modified. - Owner: - allOf: - - $ref: '#/components/schemas/Owner' - - description: Specifies the owner of the object. - Size: - allOf: - - $ref: '#/components/schemas/Size' - - description: Size in bytes of the object. - StorageClass: - allOf: - - $ref: '#/components/schemas/ObjectVersionStorageClass' - - description: The class of storage used to store the object. - VersionId: - allOf: - - $ref: '#/components/schemas/ObjectVersionId' - - description: Version ID of an object. - type: object - ObjectVersionId: - type: string - ObjectVersionList: - items: - $ref: '#/components/schemas/ObjectVersion' - type: array - xml: - wrapped: false - ObjectVersionStorageClass: - enum: - - STANDARD - type: string - OutputLocation: - description: Describes the location where the restore job's output is stored. - properties: - S3: - allOf: - - $ref: '#/components/schemas/S3Location' - - description: Describes an S3 location that will receive the results of - the restore request. - type: object - OutputSerialization: - description: Describes how results of the Select job are serialized. - properties: - CSV: - allOf: - - $ref: '#/components/schemas/CSVOutput' - - description: Describes the serialization of CSV-encoded Select results. - JSON: - allOf: - - $ref: '#/components/schemas/JSONOutput' - - description: Specifies JSON as request's output serialization format. - type: object - Owner: - description: Container for the owner's display name and ID. - properties: - DisplayName: - allOf: - - $ref: '#/components/schemas/DisplayName' - - description: Container for the display name of the owner. - ID: - allOf: - - $ref: '#/components/schemas/ID' - - description: Container for the ID of the owner. - type: object - OwnerOverride: - enum: - - Destination - type: string - OwnershipControls: - description: The container element for a bucket's ownership controls. - properties: - Rule: - allOf: - - $ref: '#/components/schemas/OwnershipControlsRules' - - description: The container element for an ownership control rule. - required: - - Rules - type: object - OwnershipControlsRule: - description: The container element for an ownership control rule. - properties: - ObjectOwnership: - $ref: '#/components/schemas/ObjectOwnership' - required: - - ObjectOwnership - type: object - OwnershipControlsRules: - items: - $ref: '#/components/schemas/OwnershipControlsRule' - type: array - xml: - wrapped: false - ParquetInput: - description: Container for Parquet. - properties: {} - type: object - Part: - description: Container for elements related to a part. - properties: - ChecksumCRC32: - allOf: - - $ref: '#/components/schemas/ChecksumCRC32' - - description: This header can be used as a data integrity check to verify - that the data received is the same data that was originally sent. This - header specifies the base64-encoded, 32-bit CRC32 checksum of the object. - For more information, see Checking - object integrity in the Amazon S3 User Guide. - ChecksumCRC32C: - allOf: - - $ref: '#/components/schemas/ChecksumCRC32C' - - description: The base64-encoded, 32-bit CRC32C checksum of the object. - This will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumSHA1: - allOf: - - $ref: '#/components/schemas/ChecksumSHA1' - - description: The base64-encoded, 160-bit SHA-1 digest of the object. This - will only be present if it was uploaded with the object. With multipart - uploads, this may not be a checksum value of the object. For more information - about how checksums are calculated with multipart uploads, see - Checking object integrity in the Amazon S3 User Guide. - ChecksumSHA256: - allOf: - - $ref: '#/components/schemas/ChecksumSHA256' - - description: This header can be used as a data integrity check to verify - that the data received is the same data that was originally sent. This - header specifies the base64-encoded, 256-bit SHA-256 digest of the object. - For more information, see Checking - object integrity in the Amazon S3 User Guide. - ETag: - allOf: - - $ref: '#/components/schemas/ETag' - - description: Entity tag returned when the part was uploaded. - LastModified: - allOf: - - $ref: '#/components/schemas/LastModified' - - description: Date and time at which the part was uploaded. - PartNumber: - allOf: - - $ref: '#/components/schemas/PartNumber' - - description: Part number identifying the part. This is a positive integer - between 1 and 10,000. - Size: - allOf: - - $ref: '#/components/schemas/Size' - - description: Size in bytes of the uploaded part data. - type: object - PartNumber: - type: integer - PartNumberMarker: - type: integer - Parts: - items: - $ref: '#/components/schemas/Part' - type: array - xml: - wrapped: false - PartsCount: - type: integer - PartsList: - items: - $ref: '#/components/schemas/ObjectPart' - type: array - xml: - wrapped: false - Payer: - enum: - - Requester - - BucketOwner - type: string - Permission: - enum: - - FULL_CONTROL - - WRITE - - WRITE_ACP - - READ - - READ_ACP - type: string - Policy: - type: string - PolicyStatus: - description: The container element for a bucket's policy status. - properties: {} - type: object - Prefix: - type: string - Priority: - type: integer - Progress: - description: This data type contains information about progress of an operation. - properties: - BytesProcessed: - allOf: - - $ref: '#/components/schemas/BytesProcessed' - - description: The current number of uncompressed object bytes processed. - BytesReturned: - allOf: - - $ref: '#/components/schemas/BytesReturned' - - description: The current number of bytes of records payload data returned. - BytesScanned: - allOf: - - $ref: '#/components/schemas/BytesScanned' - - description: The current number of object bytes scanned. - type: object - ProgressEvent: - description: This data type contains information about the progress event of - an operation. - properties: - Details: - allOf: - - $ref: '#/components/schemas/Progress' - - description: The Progress event details. - type: object - Protocol: - enum: - - http - - https - type: string - PublicAccessBlockConfiguration: - description: 'The PublicAccessBlock configuration that you want to apply to - this Amazon S3 bucket. You can enable the configuration options in any combination. - For more information about when Amazon S3 considers a bucket or object public, - see The - Meaning of "Public" in the Amazon S3 User Guide. ' - properties: {} - type: object - PutBucketAccelerateConfigurationRequest: - properties: {} - required: - - Bucket - - AccelerateConfiguration - title: PutBucketAccelerateConfigurationRequest - type: object - PutBucketAclRequest: - properties: {} - required: - - Bucket - title: PutBucketAclRequest - type: object - PutBucketAnalyticsConfigurationRequest: - properties: {} - required: - - Bucket - - Id - - AnalyticsConfiguration - title: PutBucketAnalyticsConfigurationRequest - type: object - PutBucketCorsRequest: - properties: {} - required: - - Bucket - - CORSConfiguration - title: PutBucketCorsRequest - type: object - PutBucketEncryptionRequest: - properties: {} - required: - - Bucket - - ServerSideEncryptionConfiguration - title: PutBucketEncryptionRequest - type: object - PutBucketIntelligentTieringConfigurationRequest: - properties: {} - required: - - Bucket - - Id - - IntelligentTieringConfiguration - title: PutBucketIntelligentTieringConfigurationRequest - type: object - PutBucketInventoryConfigurationRequest: - properties: {} - required: - - Bucket - - Id - - InventoryConfiguration - title: PutBucketInventoryConfigurationRequest - type: object - PutBucketLifecycleConfigurationRequest: - properties: {} - required: - - Bucket - title: PutBucketLifecycleConfigurationRequest - type: object - PutBucketLifecycleRequest: - properties: {} - required: - - Bucket - title: PutBucketLifecycleRequest - type: object - PutBucketLoggingRequest: - properties: {} - required: - - Bucket - - BucketLoggingStatus - title: PutBucketLoggingRequest - type: object - PutBucketMetricsConfigurationRequest: - properties: {} - required: - - Bucket - - Id - - MetricsConfiguration - title: PutBucketMetricsConfigurationRequest - type: object - PutBucketNotificationConfigurationRequest: - properties: {} - required: - - Bucket - - NotificationConfiguration - title: PutBucketNotificationConfigurationRequest - type: object - PutBucketNotificationRequest: - properties: {} - required: - - Bucket - - NotificationConfiguration - title: PutBucketNotificationRequest - type: object - PutBucketOwnershipControlsRequest: - properties: {} - required: - - Bucket - - OwnershipControls - title: PutBucketOwnershipControlsRequest - type: object - PutBucketPolicyRequest: - properties: - Policy: - allOf: - - $ref: '#/components/schemas/Policy' - - description: The bucket policy as a JSON document. - required: - - Bucket - - Policy - title: PutBucketPolicyRequest - type: object - PutBucketReplicationRequest: - properties: {} - required: - - Bucket - - ReplicationConfiguration - title: PutBucketReplicationRequest - type: object - PutBucketRequestPaymentRequest: - properties: {} - required: - - Bucket - - RequestPaymentConfiguration - title: PutBucketRequestPaymentRequest - type: object - PutBucketTaggingRequest: - properties: {} - required: - - Bucket - - Tagging - title: PutBucketTaggingRequest - type: object - PutBucketVersioningRequest: - properties: {} - required: - - Bucket - - VersioningConfiguration - title: PutBucketVersioningRequest - type: object - PutBucketWebsiteRequest: - properties: {} - required: - - Bucket - - WebsiteConfiguration - title: PutBucketWebsiteRequest - type: object - PutObjectAclOutput: - example: {} - properties: {} - type: object - PutObjectAclRequest: - properties: {} - required: - - Bucket - - Key - title: PutObjectAclRequest - type: object - PutObjectLegalHoldOutput: - properties: {} - type: object - PutObjectLegalHoldRequest: - properties: {} - required: - - Bucket - - Key - title: PutObjectLegalHoldRequest - type: object - PutObjectLockConfigurationOutput: - properties: {} - type: object - PutObjectLockConfigurationRequest: - properties: {} - required: - - Bucket - title: PutObjectLockConfigurationRequest - type: object - PutObjectOutput: - example: - ETag: '"6805f2cfc46c0f04559748bb039d69ae"' - VersionId: Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr - properties: {} - type: object - PutObjectRequest: - properties: - Body: - allOf: - - $ref: '#/components/schemas/Body' - - description: Object data. - x-amz-meta-: - allOf: - - $ref: '#/components/schemas/Metadata' - - description: A map of metadata to store with the object in S3. - required: - - Bucket - - Key - title: PutObjectRequest - type: object - PutObjectRetentionOutput: - properties: {} - type: object - PutObjectRetentionRequest: - properties: {} - required: - - Bucket - - Key - title: PutObjectRetentionRequest - type: object - PutObjectTaggingOutput: - example: - VersionId: 'null' - properties: {} - type: object - PutObjectTaggingRequest: - properties: {} - required: - - Bucket - - Key - - Tagging - title: PutObjectTaggingRequest - type: object - PutPublicAccessBlockRequest: - properties: {} - required: - - Bucket - - PublicAccessBlockConfiguration - title: PutPublicAccessBlockRequest - type: object - QueueArn: - type: string - QueueConfiguration: - description: Specifies the configuration for publishing messages to an Amazon - Simple Queue Service (Amazon SQS) queue when Amazon S3 detects specified events. - properties: - Event: - allOf: - - $ref: '#/components/schemas/EventList' - - description: A collection of bucket events for which to send notifications - Filter: - $ref: '#/components/schemas/NotificationConfigurationFilter' - Id: - $ref: '#/components/schemas/NotificationId' - Queue: - allOf: - - $ref: '#/components/schemas/QueueArn' - - description: The Amazon Resource Name (ARN) of the Amazon SQS queue to - which Amazon S3 publishes a message when it detects events of the specified - type. - required: - - QueueArn - - Events - type: object - QueueConfigurationDeprecated: - description: 'This data type is deprecated. Use QueueConfiguration - for the same purposes. This data type specifies the configuration for publishing - messages to an Amazon Simple Queue Service (Amazon SQS) queue when Amazon - S3 detects specified events. ' - properties: - Event: - allOf: - - $ref: '#/components/schemas/EventList' - - description: A collection of bucket events for which to send notifications. - Id: - $ref: '#/components/schemas/NotificationId' - Queue: - allOf: - - $ref: '#/components/schemas/QueueArn' - - description: 'The Amazon Resource Name (ARN) of the Amazon SQS queue to - which Amazon S3 publishes a message when it detects events of the specified - type. ' - type: object - QueueConfigurationList: - items: - $ref: '#/components/schemas/QueueConfiguration' - type: array - xml: - wrapped: false - Quiet: - type: boolean - QuoteCharacter: - type: string - QuoteEscapeCharacter: - type: string - QuoteFields: - enum: - - ALWAYS - - ASNEEDED - type: string - Range: - type: string - RecordDelimiter: - type: string - RecordsEvent: - description: The container for the records event. - properties: - Payload: - allOf: - - $ref: '#/components/schemas/Body' - - description: The byte array of partial, one or more result records. - type: object - Redirect: - description: Specifies how requests are redirected. In the event of an error, - you can specify a different error code to return. - properties: - HostName: - allOf: - - $ref: '#/components/schemas/HostName' - - description: The host name to use in the redirect request. - HttpRedirectCode: - allOf: - - $ref: '#/components/schemas/HttpRedirectCode' - - description: The HTTP redirect code to use on the response. Not required - if one of the siblings is present. - Protocol: - allOf: - - $ref: '#/components/schemas/Protocol' - - description: Protocol to use when redirecting requests. The default is - the protocol that is used in the original request. - ReplaceKeyPrefixWith: - allOf: - - $ref: '#/components/schemas/ReplaceKeyPrefixWith' - - description:

The object key prefix to use in the redirect request. - For example, to redirect requests for all pages with prefix docs/ - (objects in the docs/ folder) to documents/, - you can set a condition block with KeyPrefixEquals set - to docs/ and in the Redirect set ReplaceKeyPrefixWith - to /documents. Not required if one of the siblings is present. - Can be present only if ReplaceKeyWith is not provided.

-

Replacement must be made for object keys containing special - characters (such as carriage returns) when using XML requests. For more - information, see - XML related object key constraints.

 - ReplaceKeyWith: - allOf: - - $ref: '#/components/schemas/ReplaceKeyWith' - - description:

The specific object key to use in the redirect request. - For example, redirect request to error.html. Not required - if one of the siblings is present. Can be present only if ReplaceKeyPrefixWith - is not provided.

Replacement must be made for object - keys containing special characters (such as carriage returns) when using - XML requests. For more information, see - XML related object key constraints.

 - type: object - RedirectAllRequestsTo: - description: Specifies the redirect behavior of all requests to a website endpoint - of an Amazon S3 bucket. - properties: - HostName: - allOf: - - $ref: '#/components/schemas/HostName' - - description: Name of the host where requests are redirected. - Protocol: - allOf: - - $ref: '#/components/schemas/Protocol' - - description: Protocol to use when redirecting requests. The default is - the protocol that is used in the original request. - required: - - HostName - type: object - ReplaceKeyPrefixWith: - type: string - ReplaceKeyWith: - type: string - ReplicaKmsKeyID: - type: string - ReplicaModifications: - description:

A filter that you can specify for selection for modifications - on replicas. Amazon S3 doesn't replicate replica modifications by default. - In the latest version of replication configuration (when Filter - is specified), you can specify this element and set the status to Enabled - to replicate modifications on replicas.

If you don't specify - the Filter element, Amazon S3 assumes that the replication configuration - is the earlier version, V1. In the earlier version, this element is not allowed.

- - properties: - Status: - allOf: - - $ref: '#/components/schemas/ReplicaModificationsStatus' - - description: Specifies whether Amazon S3 replicates modifications on replicas. - required: - - Status - type: object - ReplicaModificationsStatus: - enum: - - Enabled - - Disabled - type: string - ReplicationConfiguration: - description: A container for replication rules. You can add up to 1,000 rules. - The maximum size of a replication configuration is 2 MB. - properties: - Role: - allOf: - - $ref: '#/components/schemas/Role' - - description: The Amazon Resource Name (ARN) of the Identity and Access - Management (IAM) role that Amazon S3 assumes when replicating objects. - For more information, see How - to Set Up Replication in the Amazon S3 User Guide. - Rule: - allOf: - - $ref: '#/components/schemas/ReplicationRules' - - description: 'A container for one or more replication rules. A replication - configuration must have at least one rule and can contain a maximum - of 1,000 rules. ' - required: - - Role - - Rules - type: object - ReplicationRule: - description: Specifies which Amazon S3 objects to replicate and where to store - the replicas. - properties: - DeleteMarkerReplication: - $ref: '#/components/schemas/DeleteMarkerReplication' - Destination: - allOf: - - $ref: '#/components/schemas/Destination' - - description: A container for information about the replication destination - and its configurations including enabling the S3 Replication Time Control - (S3 RTC). - ExistingObjectReplication: - allOf: - - $ref: '#/components/schemas/ExistingObjectReplication' - - description:

- Filter: - $ref: '#/components/schemas/ReplicationRuleFilter' - ID: - allOf: - - $ref: '#/components/schemas/ID' - - description: A unique identifier for the rule. The maximum value is 255 - characters. - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - deprecated: true - description:

An object key name prefix that identifies the object or - objects to which the rule applies. The maximum prefix length is 1,024 - characters. To include all objects in a bucket, specify an empty string. -

Replacement must be made for object keys containing - special characters (such as carriage returns) when using XML requests. - For more information, see - XML related object key constraints.

 - Priority: - allOf: - - $ref: '#/components/schemas/Priority' - - description:

The priority indicates which rule has precedence whenever - two or more replication rules conflict. Amazon S3 will attempt to replicate - objects according to all replication rules. However, if there are two - or more rules with the same destination bucket, then objects will be - replicated according to the rule with the highest priority. The higher - the number, the higher the priority.

For more information, see - Replication - in the Amazon S3 User Guide.

- SourceSelectionCriteria: - allOf: - - $ref: '#/components/schemas/SourceSelectionCriteria' - - description: A container that describes additional filters for identifying - the source objects that you want to replicate. You can choose to enable - or disable the replication of these objects. Currently, Amazon S3 supports - only the filter that you can specify for objects created with server-side - encryption using a customer managed key stored in Amazon Web Services - Key Management Service (SSE-KMS). - Status: - allOf: - - $ref: '#/components/schemas/ReplicationRuleStatus' - - description: Specifies whether the rule is enabled. - required: - - Status - - Destination - type: object - ReplicationRuleAndOperator: - description:

A container for specifying rule filters. The filters determine - the subset of objects to which the rule applies. This element is required - only if you specify more than one filter.

For example:

  • -

    If you specify both a Prefix and a Tag filter, - wrap these filters in an And tag.

  • If you specify - a filter based on multiple tags, wrap the Tag elements in an - And tag.

- properties: - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description: An object key name prefix that identifies the subset of objects - to which the rule applies. - Tag: - allOf: - - $ref: '#/components/schemas/TagSet' - - description: An array of tags containing key and value pairs. - type: object - xml: - wrapped: false - ReplicationRuleFilter: - description: A filter that identifies the subset of objects to which the replication - rule applies. A Filter must specify exactly one Prefix, - Tag, or an And child element. - properties: - And: - allOf: - - $ref: '#/components/schemas/ReplicationRuleAndOperator' - - description: '

A container for specifying rule filters. The filters - determine the subset of objects to which the rule applies. This element - is required only if you specify more than one filter. For example:

-

  • If you specify both a Prefix and a Tag - filter, wrap these filters in an And tag.

  • -

    If you specify a filter based on multiple tags, wrap the Tag - elements in an And tag.

' - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description:

An object key name prefix that identifies the subset of - objects to which the rule applies.

Replacement must - be made for object keys containing special characters (such as carriage - returns) when using XML requests. For more information, see - XML related object key constraints.

 - Tag: - allOf: - - $ref: '#/components/schemas/Tag' - - description:

A container for specifying a tag key and value.

The - rule applies only to objects that have the tag in their tag set.

- type: object - ReplicationRuleStatus: - enum: - - Enabled - - Disabled - type: string - ReplicationRules: - items: - $ref: '#/components/schemas/ReplicationRule' - type: array - xml: - wrapped: false - ReplicationStatus: - enum: - - COMPLETE - - PENDING - - FAILED - - REPLICA - type: string - ReplicationTime: - description: ' A container specifying S3 Replication Time Control (S3 RTC) related - information, including whether S3 RTC is enabled and the time when all objects - and operations on objects must be replicated. Must be specified together with - a Metrics block. ' - properties: - Status: - allOf: - - $ref: '#/components/schemas/ReplicationTimeStatus' - - description: ' Specifies whether the replication time is enabled. ' - Time: - allOf: - - $ref: '#/components/schemas/ReplicationTimeValue' - - description: ' A container specifying the time by which replication should - be complete for all objects and operations on objects. ' - required: - - Status - - Time - type: object - ReplicationTimeStatus: - enum: - - Enabled - - Disabled - type: string - ReplicationTimeValue: - description: ' A container specifying the time value for S3 Replication Time - Control (S3 RTC) and replication metrics EventThreshold. ' - properties: - Minutes: - allOf: - - $ref: '#/components/schemas/Minutes' - - description: '

Contains an integer specifying time in minutes.

-

Valid value: 15

' - type: object - RequestCharged: - description: If present, indicates that the requester was successfully charged - for the request. - enum: - - requester - type: string - RequestPayer: - description: Confirms that the requester knows that they will be charged for - the request. Bucket owners need not specify this parameter in their requests. - For information about downloading objects from Requester Pays buckets, see - Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - RequestPaymentConfiguration: - description: Container for Payer. - properties: - Payer: - allOf: - - $ref: '#/components/schemas/Payer' - - description: Specifies who pays for the download and request fees. - required: - - Payer - type: object - RequestProgress: - description: Container for specifying if periodic QueryProgress - messages should be sent. - properties: - Enabled: - allOf: - - $ref: '#/components/schemas/EnableRequestProgress' - - description: 'Specifies whether periodic QueryProgress frames should be - sent. Valid values: TRUE, FALSE. Default value: FALSE.' - type: object - RequestRoute: - type: string - RequestToken: - type: string - ResponseCacheControl: - type: string - ResponseContentDisposition: - type: string - ResponseContentEncoding: - type: string - ResponseContentLanguage: - type: string - ResponseContentType: - type: string - ResponseExpires: - format: date-time - type: string - Restore: - type: string - RestoreObjectOutput: - example: {} - properties: {} - type: object - RestoreObjectRequest: - properties: {} - required: - - Bucket - - Key - title: RestoreObjectRequest - type: object - RestoreOutputPath: - type: string - RestoreRequest: - description: Container for restore job parameters. - properties: - Days: - allOf: - - $ref: '#/components/schemas/Days' - - description:

Lifetime of the active copy in days. Do not use with restores - that specify OutputLocation.

The Days element is - required for regular restores, and must not be provided for select requests.

- Description: - allOf: - - $ref: '#/components/schemas/Description' - - description: The optional description for the job. - GlacierJobParameters: - allOf: - - $ref: '#/components/schemas/GlacierJobParameters' - - description: S3 Glacier related parameters pertaining to this job. Do - not use with restores that specify OutputLocation. - OutputLocation: - allOf: - - $ref: '#/components/schemas/OutputLocation' - - description: Describes the location where the restore job's output is - stored. - SelectParameters: - allOf: - - $ref: '#/components/schemas/SelectParameters' - - description: Describes the parameters for Select job types. - Tier: - allOf: - - $ref: '#/components/schemas/Tier' - - description: Retrieval tier at which the restore will be processed. - Type: - allOf: - - $ref: '#/components/schemas/RestoreRequestType' - - description: Type of restore request. - type: object - RestoreRequestType: - enum: - - SELECT - type: string - Role: - type: string - RoutingRule: - description: Specifies the redirect behavior and when a redirect is applied. - For more information about routing rules, see Configuring - advanced conditional redirects in the Amazon S3 User Guide. - properties: - Condition: - allOf: - - $ref: '#/components/schemas/Condition' - - description: A container for describing a condition that must be met for - the specified redirect to apply. For example, 1. If request is for pages - in the /docs folder, redirect to the /documents - folder. 2. If request results in HTTP error 4xx, redirect request to - another host where you might process the error. - Redirect: - allOf: - - $ref: '#/components/schemas/Redirect' - - description: Container for redirect information. You can redirect requests - to another host, to another page, or with another protocol. In the event - of an error, you can specify a different error code to return. - required: - - Redirect - type: object - RoutingRules: - items: - allOf: - - $ref: '#/components/schemas/RoutingRule' - - xml: - name: RoutingRule - type: array - Rule: - description: Specifies lifecycle rules for an Amazon S3 bucket. For more information, - see Put - Bucket Lifecycle Configuration in the Amazon S3 API Reference. - For examples, see Put - Bucket Lifecycle Configuration Examples. - properties: - AbortIncompleteMultipartUpload: - $ref: '#/components/schemas/AbortIncompleteMultipartUpload' - Expiration: - allOf: - - $ref: '#/components/schemas/LifecycleExpiration' - - description: Specifies the expiration for the lifecycle of the object. - ID: - allOf: - - $ref: '#/components/schemas/ID' - - description: Unique identifier for the rule. The value can't be longer - than 255 characters. - NoncurrentVersionExpiration: - $ref: '#/components/schemas/NoncurrentVersionExpiration' - NoncurrentVersionTransition: - $ref: '#/components/schemas/NoncurrentVersionTransition' - Prefix: - allOf: - - $ref: '#/components/schemas/Prefix' - - description:

Object key prefix that identifies one or more objects - to which this rule applies.

Replacement must be made - for object keys containing special characters (such as carriage returns) - when using XML requests. For more information, see - XML related object key constraints.

 - Status: - allOf: - - $ref: '#/components/schemas/ExpirationStatus' - - description: If Enabled, the rule is currently being applied. - If Disabled, the rule is not currently being applied. - Transition: - allOf: - - $ref: '#/components/schemas/Transition' - - description: Specifies when an object transitions to a specified storage - class. For more information about Amazon S3 lifecycle configuration - rules, see Transitioning - Objects Using Amazon S3 Lifecycle in the Amazon S3 User Guide. - required: - - Prefix - - Status - type: object - Rules: - items: - $ref: '#/components/schemas/Rule' - type: array - xml: - wrapped: false - S3KeyFilter: - description: A container for object key name prefix and suffix filtering rules. - properties: - FilterRule: - $ref: '#/components/schemas/FilterRuleList' - type: object - S3Location: - description: Describes an Amazon S3 location that will receive the results of - the restore request. - properties: - AccessControlList: - allOf: - - $ref: '#/components/schemas/Grants' - - description: A list of grants that control access to the staged results. - BucketName: - allOf: - - $ref: '#/components/schemas/BucketName' - - description: The name of the bucket where the restore results will be - placed. - CannedACL: - allOf: - - $ref: '#/components/schemas/ObjectCannedACL' - - description: The canned ACL to apply to the restore results. - Encryption: - $ref: '#/components/schemas/Encryption' - Prefix: - allOf: - - $ref: '#/components/schemas/LocationPrefix' - - description: The prefix that is prepended to the restore results for this - request. - StorageClass: - allOf: - - $ref: '#/components/schemas/StorageClass' - - description: The class of storage used to store the restore results. - Tagging: - allOf: - - $ref: '#/components/schemas/Tagging' - - description: The tag-set that is applied to the restore results. - UserMetadata: - allOf: - - $ref: '#/components/schemas/UserMetadata' - - description: A list of metadata to store with the restore results in S3. - required: - - BucketName - - Prefix - type: object - SSECustomerAlgorithm: - type: string - SSECustomerKey: - format: password - type: string - SSECustomerKeyMD5: - type: string - SSEKMS: - description: Specifies the use of SSE-KMS to encrypt delivered inventory reports. - properties: - KeyId: - allOf: - - $ref: '#/components/schemas/SSEKMSKeyId' - - description: Specifies the ID of the Amazon Web Services Key Management - Service (Amazon Web Services KMS) symmetric customer managed key to - use for encrypting inventory reports. - required: - - KeyId - type: object - SSEKMSEncryptionContext: - format: password - type: string - SSEKMSKeyId: - format: password - type: string - SSES3: - description: Specifies the use of SSE-S3 to encrypt delivered inventory reports. - properties: {} - type: object - ScanRange: - description: Specifies the byte range of the object to get the records from. - A record is processed when its first byte is contained by the range. This - parameter is optional, but when specified, it must not be empty. See RFC 2616, - Section 14.35.1 about how to specify the start and end of the range. - properties: - End: - allOf: - - $ref: '#/components/schemas/End' - - description: 'Specifies the end of the byte range. This parameter is optional. - Valid values: non-negative integers. The default value is one less than - the size of the object being queried. If only the End parameter is supplied, - it is interpreted to mean scan the last N bytes of the file. For example, - <scanrange><end>50</end></scanrange> - means scan the last 50 bytes.' - Start: - allOf: - - $ref: '#/components/schemas/Start' - - description: 'Specifies the start of the byte range. This parameter is - optional. Valid values: non-negative integers. The default value is - 0. If only start is supplied, it means scan from that point - to the end of the file. For example, <scanrange><start>50</start></scanrange> - means scan from byte 50 until the end of the file.' - type: object - SelectObjectContentEventStream: - description: The container for selecting objects from a content event stream. - properties: - Cont: - allOf: - - $ref: '#/components/schemas/ContinuationEvent' - - description: The Continuation Event. - End: - allOf: - - $ref: '#/components/schemas/EndEvent' - - description: The End Event. - Progress: - allOf: - - $ref: '#/components/schemas/ProgressEvent' - - description: The Progress Event. - Records: - allOf: - - $ref: '#/components/schemas/RecordsEvent' - - description: The Records Event. - Stats: - allOf: - - $ref: '#/components/schemas/StatsEvent' - - description: The Stats Event. - type: object - SelectObjectContentOutput: - properties: - Payload: - allOf: - - $ref: '#/components/schemas/SelectObjectContentEventStream' - - description: The array of results. - type: object - SelectObjectContentRequest: - description: Request to filter the contents of an Amazon S3 object based on - a simple Structured Query Language (SQL) statement. In the request, along - with the SQL expression, you must specify a data serialization format (JSON - or CSV) of the object. Amazon S3 uses this to parse object data into records. - It returns only records that match the specified SQL expression. You must - also specify the data serialization format for the response. For more information, - see S3Select - API Documentation. - properties: - Expression: - allOf: - - $ref: '#/components/schemas/Expression' - - description: The expression that is used to query the object. - ExpressionType: - allOf: - - $ref: '#/components/schemas/ExpressionType' - - description: The type of the provided expression (for example, SQL). - InputSerialization: - allOf: - - $ref: '#/components/schemas/InputSerialization' - - description: Describes the format of the data in the object that is being - queried. - OutputSerialization: - allOf: - - $ref: '#/components/schemas/OutputSerialization' - - description: Describes the format of the data that you want Amazon S3 - to return in response. - RequestProgress: - allOf: - - $ref: '#/components/schemas/RequestProgress' - - description: Specifies if periodic request progress information should - be enabled. - ScanRange: - allOf: - - $ref: '#/components/schemas/ScanRange' - - description:

Specifies the byte range of the object to get the records - from. A record is processed when its first byte is contained by the - range. This parameter is optional, but when specified, it must not be - empty. See RFC 2616, Section 14.35.1 about how to specify the start - and end of the range.

ScanRangemay be used in the - following ways:

  • <scanrange><start>50</start><end>100</end></scanrange> - - process only the records starting between the bytes 50 and 100 (inclusive, - counting from zero)

  • <scanrange><start>50</start></scanrange> - - process only the records starting after the byte 50

  • -

    <scanrange><end>50</end></scanrange> - - process only the records within the last 50 bytes of the file.

    -
- required: - - Bucket - - Key - - Expression - - ExpressionType - - InputSerialization - - OutputSerialization - title: SelectObjectContentRequest - type: object - SelectParameters: - description: Describes the parameters for Select job types. - properties: - Expression: - allOf: - - $ref: '#/components/schemas/Expression' - - description: The expression that is used to query the object. - ExpressionType: - allOf: - - $ref: '#/components/schemas/ExpressionType' - - description: The type of the provided expression (for example, SQL). - InputSerialization: - allOf: - - $ref: '#/components/schemas/InputSerialization' - - description: Describes the serialization format of the object. - OutputSerialization: - allOf: - - $ref: '#/components/schemas/OutputSerialization' - - description: Describes how the results of the Select job are serialized. - required: - - InputSerialization - - ExpressionType - - Expression - - OutputSerialization - type: object - ServerSideEncryption: - enum: - - AES256 - - aws:kms - type: string - ServerSideEncryptionByDefault: - description: Describes the default server-side encryption to apply to new objects - in the bucket. If a PUT Object request doesn't specify any server-side encryption, - this default encryption will be applied. If you don't specify a customer managed - key at configuration, Amazon S3 automatically creates an Amazon Web Services - KMS key in your Amazon Web Services account the first time that you add an - object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this - KMS key for SSE-KMS. For more information, see PUT - Bucket encryption in the Amazon S3 API Reference. - properties: - KMSMasterKeyID: - allOf: - - $ref: '#/components/schemas/SSEKMSKeyId' - - description: '

Amazon Web Services Key Management Service (KMS) customer - Amazon Web Services KMS key ID to use for the default encryption. This - parameter is allowed if and only if SSEAlgorithm is set - to aws:kms.

You can specify the key ID or the Amazon - Resource Name (ARN) of the KMS key. However, if you are using encryption - with cross-account or Amazon Web Services service operations you must - use a fully qualified KMS key ARN. For more information, see Using - encryption for cross-account operations.

For example: -

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab -

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab -

Amazon S3 only supports symmetric KMS - keys and not asymmetric KMS keys. For more information, see Using - symmetric and asymmetric keys in the Amazon Web Services Key - Management Service Developer Guide.

' - SSEAlgorithm: - allOf: - - $ref: '#/components/schemas/ServerSideEncryption' - - description: Server-side encryption algorithm to use for the default encryption. - required: - - SSEAlgorithm - type: object - ServerSideEncryptionConfiguration: - description: Specifies the default server-side-encryption configuration. - properties: - Rule: - allOf: - - $ref: '#/components/schemas/ServerSideEncryptionRules' - - description: Container for information about a particular server-side - encryption configuration rule. - required: - - Rules - type: object - ServerSideEncryptionRule: - description: Specifies the default server-side encryption configuration. - properties: - ApplyServerSideEncryptionByDefault: - allOf: - - $ref: '#/components/schemas/ServerSideEncryptionByDefault' - - description: Specifies the default server-side encryption to apply to - new objects in the bucket. If a PUT Object request doesn't specify any - server-side encryption, this default encryption will be applied. - BucketKeyEnabled: - allOf: - - $ref: '#/components/schemas/BucketKeyEnabled' - - description:

Specifies whether Amazon S3 should use an S3 Bucket Key - with server-side encryption using KMS (SSE-KMS) for new objects in the - bucket. Existing objects are not affected. Setting the BucketKeyEnabled - element to true causes Amazon S3 to use an S3 Bucket Key. - By default, S3 Bucket Key is not enabled.

For more information, - see Amazon - S3 Bucket Keys in the Amazon S3 User Guide.

- type: object - ServerSideEncryptionRules: - items: - $ref: '#/components/schemas/ServerSideEncryptionRule' - type: array - xml: - wrapped: false - Setting: - type: boolean - Size: - type: integer - SkipValidation: - type: boolean - SourceSelectionCriteria: - description: A container that describes additional filters for identifying the - source objects that you want to replicate. You can choose to enable or disable - the replication of these objects. Currently, Amazon S3 supports only the filter - that you can specify for objects created with server-side encryption using - a customer managed key stored in Amazon Web Services Key Management Service - (SSE-KMS). - properties: - ReplicaModifications: - allOf: - - $ref: '#/components/schemas/ReplicaModifications' - - description:

A filter that you can specify for selections for modifications - on replicas. Amazon S3 doesn't replicate replica modifications by default. - In the latest version of replication configuration (when Filter - is specified), you can specify this element and set the status to Enabled - to replicate modifications on replicas.

If you don't - specify the Filter element, Amazon S3 assumes that the - replication configuration is the earlier version, V1. In the earlier - version, this element is not allowed

 - SseKmsEncryptedObjects: - allOf: - - $ref: '#/components/schemas/SseKmsEncryptedObjects' - - description: ' A container for filter information for the selection of - Amazon S3 objects encrypted with Amazon Web Services KMS. If you include - SourceSelectionCriteria in the replication configuration, - this element is required. ' - type: object - SseKmsEncryptedObjects: - description: A container for filter information for the selection of S3 objects - encrypted with Amazon Web Services KMS. - properties: - Status: - allOf: - - $ref: '#/components/schemas/SseKmsEncryptedObjectsStatus' - - description: Specifies whether Amazon S3 replicates objects created with - server-side encryption using an Amazon Web Services KMS key stored in - Amazon Web Services Key Management Service. - required: - - Status - type: object - SseKmsEncryptedObjectsStatus: - enum: - - Enabled - - Disabled - type: string - Start: - type: integer - StartAfter: - type: string - Stats: - description: Container for the stats details. - properties: - BytesProcessed: - allOf: - - $ref: '#/components/schemas/BytesProcessed' - - description: The total number of uncompressed object bytes processed. - BytesReturned: - allOf: - - $ref: '#/components/schemas/BytesReturned' - - description: The total number of bytes of records payload data returned. - BytesScanned: - allOf: - - $ref: '#/components/schemas/BytesScanned' - - description: The total number of object bytes scanned. - type: object - StatsEvent: - description: Container for the Stats Event. - properties: - Details: - allOf: - - $ref: '#/components/schemas/Stats' - - description: The Stats event details. - type: object - StorageClass: - enum: - - STANDARD - - REDUCED_REDUNDANCY - - STANDARD_IA - - ONEZONE_IA - - INTELLIGENT_TIERING - - GLACIER - - DEEP_ARCHIVE - - OUTPOSTS - - GLACIER_IR - type: string - StorageClassAnalysis: - description: Specifies data related to access patterns to be collected and made - available to analyze the tradeoffs between different storage classes for an - Amazon S3 bucket. - properties: - DataExport: - allOf: - - $ref: '#/components/schemas/StorageClassAnalysisDataExport' - - description: Specifies how data related to the storage class analysis - for an Amazon S3 bucket should be exported. - type: object - StorageClassAnalysisDataExport: - description: Container for data related to the storage class analysis for an - Amazon S3 bucket for export. - properties: - Destination: - allOf: - - $ref: '#/components/schemas/AnalyticsExportDestination' - - description: The place to store the data for an analysis. - OutputSchemaVersion: - allOf: - - $ref: '#/components/schemas/StorageClassAnalysisSchemaVersion' - - description: The version of the output schema to use when exporting data. - Must be V_1. - required: - - OutputSchemaVersion - - Destination - type: object - StorageClassAnalysisSchemaVersion: - enum: - - V_1 - type: string - Suffix: - type: string - Tag: - description: A container of a key value name pair. - properties: - Key: - allOf: - - $ref: '#/components/schemas/ObjectKey' - - description: Name of the object key. - Value: - allOf: - - $ref: '#/components/schemas/Value' - - description: Value of the tag. - required: - - Key - - Value - type: object - TagCount: - type: integer - TagSet: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: Tag - type: array - Tagging: - description: Container for TagSet elements. - properties: - TagSet: - allOf: - - $ref: '#/components/schemas/TagSet' - - description: A collection for a set of tags - required: - - TagSet - type: object - TaggingDirective: - enum: - - COPY - - REPLACE - type: string - TaggingHeader: - type: string - TargetBucket: - type: string - TargetGrant: - description:

Container for granting information.

Buckets that use - the bucket owner enforced setting for Object Ownership don't support target - grants. For more information, see Permissions - server access log delivery in the Amazon S3 User Guide.

- properties: - Grantee: - allOf: - - $ref: '#/components/schemas/Grantee' - - description: Container for the person being granted permissions. - Permission: - allOf: - - $ref: '#/components/schemas/BucketLogsPermission' - - description: Logging permissions assigned to the grantee for the bucket. - type: object - TargetGrants: - items: - allOf: - - $ref: '#/components/schemas/TargetGrant' - - xml: - name: Grant - type: array - TargetPrefix: - type: string - Tier: - enum: - - Standard - - Bulk - - Expedited - type: string - Tiering: - description: The S3 Intelligent-Tiering storage class is designed to optimize - storage costs by automatically moving data to the most cost-effective storage - access tier, without additional operational overhead. - properties: - AccessTier: - allOf: - - $ref: '#/components/schemas/IntelligentTieringAccessTier' - - description: S3 Intelligent-Tiering access tier. See Storage - class for automatically optimizing frequently and infrequently accessed - objects for a list of access tiers in the S3 Intelligent-Tiering - storage class. - Days: - allOf: - - $ref: '#/components/schemas/IntelligentTieringDays' - - description: The number of consecutive days of no access after which an - object will be eligible to be transitioned to the corresponding tier. - The minimum number of days specified for Archive Access tier must be - at least 90 days and Deep Archive Access tier must be at least 180 days. - The maximum can be up to 2 years (730 days). - required: - - Days - - AccessTier - type: object - TieringList: - items: - $ref: '#/components/schemas/Tiering' - type: array - xml: - wrapped: false - Token: - type: string - TopicArn: - type: string - TopicConfiguration: - description: A container for specifying the configuration for publication of - messages to an Amazon Simple Notification Service (Amazon SNS) topic when - Amazon S3 detects specified events. - properties: - Event: - allOf: - - $ref: '#/components/schemas/EventList' - - description: The Amazon S3 bucket event about which to send notifications. - For more information, see Supported - Event Types in the Amazon S3 User Guide. - Filter: - $ref: '#/components/schemas/NotificationConfigurationFilter' - Id: - $ref: '#/components/schemas/NotificationId' - Topic: - allOf: - - $ref: '#/components/schemas/TopicArn' - - description: The Amazon Resource Name (ARN) of the Amazon SNS topic to - which Amazon S3 publishes a message when it detects events of the specified - type. - required: - - TopicArn - - Events - type: object - TopicConfigurationDeprecated: - description: A container for specifying the configuration for publication of - messages to an Amazon Simple Notification Service (Amazon SNS) topic when - Amazon S3 detects specified events. This data type is deprecated. Use TopicConfiguration - instead. - properties: - Event: - allOf: - - $ref: '#/components/schemas/EventList' - - description: A collection of events related to objects - Id: - $ref: '#/components/schemas/NotificationId' - Topic: - allOf: - - $ref: '#/components/schemas/TopicArn' - - description: Amazon SNS topic to which Amazon S3 will publish a message - to report the specified events for the bucket. - type: object - TopicConfigurationList: - items: - $ref: '#/components/schemas/TopicConfiguration' - type: array - xml: - wrapped: false - Transition: - description: Specifies when an object transitions to a specified storage class. - For more information about Amazon S3 lifecycle configuration rules, see Transitioning - Objects Using Amazon S3 Lifecycle in the Amazon S3 User Guide. - properties: - Date: - allOf: - - $ref: '#/components/schemas/Date' - - description: Indicates when objects are transitioned to the specified - storage class. The date value must be in ISO 8601 format. The time is - always midnight UTC. - Days: - allOf: - - $ref: '#/components/schemas/Days' - - description: Indicates the number of days after creation when objects - are transitioned to the specified storage class. The value must be a - positive integer. - StorageClass: - allOf: - - $ref: '#/components/schemas/TransitionStorageClass' - - description: The storage class to which you want the object to transition. - type: object - TransitionList: - items: - $ref: '#/components/schemas/Transition' - type: array - xml: - wrapped: false - TransitionStorageClass: - enum: - - GLACIER - - STANDARD_IA - - ONEZONE_IA - - INTELLIGENT_TIERING - - DEEP_ARCHIVE - - GLACIER_IR - type: string - Type: - enum: - - CanonicalUser - - AmazonCustomerByEmail - - Group - type: string - URI: - type: string - UploadIdMarker: - type: string - UploadPartCopyOutput: - example: - CopyPartResult: - ETag: '"65d16d19e65a7508a51f043180edcc36"' - LastModified: '2016-12-29T21:44:28.000Z' - properties: - CopyPartResult: - allOf: - - $ref: '#/components/schemas/CopyPartResult' - - description: Container for all response elements. - type: object - UploadPartCopyRequest: - properties: {} - required: - - Bucket - - CopySource - - Key - - PartNumber - - UploadId - title: UploadPartCopyRequest - type: object - UploadPartOutput: - example: - ETag: '"d8c2eafd90c266e19ab9dcacc479f8af"' - properties: {} - type: object - UploadPartRequest: - properties: - Body: - allOf: - - $ref: '#/components/schemas/Body' - - description: Object data. - required: - - Bucket - - Key - - PartNumber - - UploadId - title: UploadPartRequest - type: object - UserMetadata: - items: - allOf: - - $ref: '#/components/schemas/MetadataEntry' - - xml: - name: MetadataEntry - type: array - Value: - type: string - VersionCount: - type: integer - VersionIdMarker: - type: string - VersioningConfiguration: - description: Describes the versioning state of an Amazon S3 bucket. For more - information, see PUT - Bucket versioning in the Amazon S3 API Reference. - properties: - MfaDelete: - allOf: - - $ref: '#/components/schemas/MFADelete' - - description: Specifies whether MFA delete is enabled in the bucket versioning - configuration. This element is only returned if the bucket has been - configured with MFA delete. If the bucket has never been so configured, - this element is not returned. - Status: - allOf: - - $ref: '#/components/schemas/BucketVersioningStatus' - - description: The versioning state of the bucket. - type: object - WebsiteConfiguration: - description: Specifies website configuration parameters for an Amazon S3 bucket. - properties: - ErrorDocument: - allOf: - - $ref: '#/components/schemas/ErrorDocument' - - description: The name of the error document for the website. - IndexDocument: - allOf: - - $ref: '#/components/schemas/IndexDocument' - - description: The name of the index document for the website. - RedirectAllRequestsTo: - allOf: - - $ref: '#/components/schemas/RedirectAllRequestsTo' - - description:

The redirect behavior for every request to this bucket's - website endpoint.

If you specify this property, you - can't specify any other property.

 - RoutingRules: - allOf: - - $ref: '#/components/schemas/RoutingRules' - - description: Rules that define when a redirect is applied and the redirect - behavior. - type: object - WebsiteRedirectLocation: - type: string - WriteGetObjectResponseRequest: - properties: - Body: - allOf: - - $ref: '#/components/schemas/Body' - - description: The object data. - x-amz-meta-: - allOf: - - $ref: '#/components/schemas/Metadata' - - description: A map of metadata to store with the object in S3. - required: - - RequestRoute - - RequestToken - title: WriteGetObjectResponseRequest - type: object - Years: - type: integer - securitySchemes: - hmac: - description: Amazon S3 signature - in: header - name: Authorization - type: apiKey - x-amazon-apigateway-authtype: awsS3 - x-stackQL-resources: - bucket_accelerate_configurations: - id: aws.s3.bucket_accelerate_configurations - methods: - bucket_accelerate_configurations_Get: - operation: - $ref: '#/paths/~1?accelerate/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_accelerate_configurations_Put: - operation: - $ref: '#/paths/~1?accelerate/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_accelerate_configurations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_accelerate_configurations/methods/bucket_accelerate_configurations_Get' - update: [] - title: bucket_accelerate_configurations - bucket_acls: - id: aws.s3.bucket_acls - methods: - bucket_acls_Get: - operation: - $ref: '#/paths/~1?acl/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_acls_Put: - operation: - $ref: '#/paths/~1?acl/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_acls - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_acls/methods/bucket_acls_Get' - update: [] - title: bucket_acls - bucket_analytics_configurations: - id: aws.s3.bucket_analytics_configurations - methods: - bucket_analytics_configurations_Delete: - operation: - $ref: '#/paths/~1?analytics#id/delete' - response: - mediaType: text/xml - openAPIDocKey: '200' - bucket_analytics_configurations_Get: - operation: - $ref: '#/paths/~1?analytics#id/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_analytics_configurations_List: - operation: - $ref: '#/paths/~1?analytics/get' - response: - mediaType: text/xml - objectKey: /*/AnalyticsConfiguration/member - openAPIDocKey: '200' - bucket_analytics_configurations_Put: - operation: - $ref: '#/paths/~1?analytics#id/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_analytics_configurations - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/bucket_analytics_configurations/methods/bucket_analytics_configurations_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_analytics_configurations/methods/bucket_analytics_configurations_Get' - - $ref: '#/components/x-stackQL-resources/bucket_analytics_configurations/methods/bucket_analytics_configurations_List' - update: [] - title: bucket_analytics_configurations - bucket_cors: - id: aws.s3.bucket_cors - methods: - bucket_cors_Delete: - operation: - $ref: '#/paths/~1?cors/delete' - response: - mediaType: text/xml - openAPIDocKey: '200' - bucket_cors_Get: - operation: - $ref: '#/paths/~1?cors/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_cors_Put: - operation: - $ref: '#/paths/~1?cors/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_cors - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/bucket_cors/methods/bucket_cors_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_cors/methods/bucket_cors_Get' - update: [] - title: bucket_cors - bucket_encryptions: - id: aws.s3.bucket_encryptions - methods: - bucket_encryptions_Delete: - operation: - $ref: '#/paths/~1?encryption/delete' - response: - mediaType: text/xml - openAPIDocKey: '200' - bucket_encryptions_Get: - operation: - $ref: '#/paths/~1?encryption/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_encryptions_Put: - operation: - $ref: '#/paths/~1?encryption/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_encryptions - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/bucket_encryptions/methods/bucket_encryptions_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_encryptions/methods/bucket_encryptions_Get' - update: [] - title: bucket_encryptions - bucket_intelligent_tiering_configurations: - id: aws.s3.bucket_intelligent_tiering_configurations - methods: - bucket_intelligent_tiering_configurations_Delete: - operation: - $ref: '#/paths/~1?intelligent-tiering#id/delete' - response: - mediaType: text/xml - openAPIDocKey: '200' - bucket_intelligent_tiering_configurations_Get: - operation: - $ref: '#/paths/~1?intelligent-tiering#id/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_intelligent_tiering_configurations_List: - operation: - $ref: '#/paths/~1?intelligent-tiering/get' - response: - mediaType: text/xml - objectKey: /*/IntelligentTieringConfiguration/member - openAPIDocKey: '200' - bucket_intelligent_tiering_configurations_Put: - operation: - $ref: '#/paths/~1?intelligent-tiering#id/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_intelligent_tiering_configurations - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/bucket_intelligent_tiering_configurations/methods/bucket_intelligent_tiering_configurations_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_intelligent_tiering_configurations/methods/bucket_intelligent_tiering_configurations_Get' - - $ref: '#/components/x-stackQL-resources/bucket_intelligent_tiering_configurations/methods/bucket_intelligent_tiering_configurations_List' - update: [] - title: bucket_intelligent_tiering_configurations - bucket_inventory_configurations: - id: aws.s3.bucket_inventory_configurations - methods: - bucket_inventory_configurations_Delete: - operation: - $ref: '#/paths/~1?inventory#id/delete' - response: - mediaType: text/xml - openAPIDocKey: '200' - bucket_inventory_configurations_Get: - operation: - $ref: '#/paths/~1?inventory#id/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_inventory_configurations_List: - operation: - $ref: '#/paths/~1?inventory/get' - response: - mediaType: text/xml - objectKey: /*/InventoryConfiguration/member - openAPIDocKey: '200' - bucket_inventory_configurations_Put: - operation: - $ref: '#/paths/~1?inventory#id/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_inventory_configurations - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/bucket_inventory_configurations/methods/bucket_inventory_configurations_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_inventory_configurations/methods/bucket_inventory_configurations_Get' - - $ref: '#/components/x-stackQL-resources/bucket_inventory_configurations/methods/bucket_inventory_configurations_List' - update: [] - title: bucket_inventory_configurations - bucket_lifecycle_configurations: - id: aws.s3.bucket_lifecycle_configurations - methods: - bucket_lifecycle_configurations_Get: - operation: - $ref: '#/paths/~1?lifecycle/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_lifecycle_configurations_Put: - operation: - $ref: '#/paths/~1?lifecycle/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_lifecycle_configurations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_lifecycle_configurations/methods/bucket_lifecycle_configurations_Get' - update: [] - title: bucket_lifecycle_configurations - bucket_lifecycles: - id: aws.s3.bucket_lifecycles - methods: - bucket_lifecycles_Delete: - operation: - $ref: '#/paths/~1?lifecycle/delete' - response: - mediaType: text/xml - openAPIDocKey: '200' - bucket_lifecycles_Get: - operation: - $ref: '#/paths/~1?lifecycle#deprecated!/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_lifecycles_Put: - operation: - $ref: '#/paths/~1?lifecycle#deprecated!/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_lifecycles - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/bucket_lifecycles/methods/bucket_lifecycles_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_lifecycles/methods/bucket_lifecycles_Get' - update: [] - title: bucket_lifecycles - bucket_locations: - id: aws.s3.bucket_locations - methods: - bucket_locations_Get: - operation: - $ref: '#/paths/~1?location/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - name: bucket_locations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_locations/methods/bucket_locations_Get' - update: [] - title: bucket_locations - bucket_loggings: - id: aws.s3.bucket_loggings - methods: - bucket_loggings_Get: - operation: - $ref: '#/paths/~1?logging/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_loggings_Put: - operation: - $ref: '#/paths/~1?logging/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_loggings - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_loggings/methods/bucket_loggings_Get' - update: [] - title: bucket_loggings - bucket_metrics_configurations: - id: aws.s3.bucket_metrics_configurations - methods: - bucket_metrics_configurations_Delete: - operation: - $ref: '#/paths/~1?metrics#id/delete' - response: - mediaType: text/xml - openAPIDocKey: '200' - bucket_metrics_configurations_Get: - operation: - $ref: '#/paths/~1?metrics#id/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_metrics_configurations_List: - operation: - $ref: '#/paths/~1?metrics/get' - response: - mediaType: text/xml - objectKey: /*/MetricsConfiguration/member - openAPIDocKey: '200' - bucket_metrics_configurations_Put: - operation: - $ref: '#/paths/~1?metrics#id/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_metrics_configurations - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/bucket_metrics_configurations/methods/bucket_metrics_configurations_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_metrics_configurations/methods/bucket_metrics_configurations_Get' - - $ref: '#/components/x-stackQL-resources/bucket_metrics_configurations/methods/bucket_metrics_configurations_List' - update: [] - title: bucket_metrics_configurations - bucket_notification_configurations: - id: aws.s3.bucket_notification_configurations - methods: - bucket_notification_configurations_Get: - operation: - $ref: '#/paths/~1?notification/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_notification_configurations_Put: - operation: - $ref: '#/paths/~1?notification/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_notification_configurations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_notification_configurations/methods/bucket_notification_configurations_Get' - update: [] - title: bucket_notification_configurations - bucket_notifications: - id: aws.s3.bucket_notifications - methods: - bucket_notifications_Get: - operation: - $ref: '#/paths/~1?notification#deprecated!/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_notifications_Put: - operation: - $ref: '#/paths/~1?notification#deprecated!/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_notifications - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_notifications/methods/bucket_notifications_Get' - update: [] - title: bucket_notifications - bucket_ownership_controls: - id: aws.s3.bucket_ownership_controls - methods: - bucket_ownership_controls_Delete: - operation: - $ref: '#/paths/~1?ownershipControls/delete' - response: - mediaType: text/xml - openAPIDocKey: '200' - bucket_ownership_controls_Get: - operation: - $ref: '#/paths/~1?ownershipControls/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_ownership_controls_Put: - operation: - $ref: '#/paths/~1?ownershipControls/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_ownership_controls - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/bucket_ownership_controls/methods/bucket_ownership_controls_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_ownership_controls/methods/bucket_ownership_controls_Get' - update: [] - title: bucket_ownership_controls - bucket_policies: - id: aws.s3.bucket_policies - methods: - bucket_policies_Delete: - operation: - $ref: '#/paths/~1?policy/delete' - response: - mediaType: text/xml - openAPIDocKey: '200' - bucket_policies_Get: - operation: - $ref: '#/paths/~1?policy/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_policies_Put: - operation: - $ref: '#/paths/~1?policy/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_policies - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/bucket_policies/methods/bucket_policies_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_policies/methods/bucket_policies_Get' - update: [] - title: bucket_policies - bucket_policy_status: - id: aws.s3.bucket_policy_status - methods: - bucket_policy_status_Get: - operation: - $ref: '#/paths/~1?policyStatus/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - name: bucket_policy_status - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_policy_status/methods/bucket_policy_status_Get' - update: [] - title: bucket_policy_status - bucket_replications: - id: aws.s3.bucket_replications - methods: - bucket_replications_Delete: - operation: - $ref: '#/paths/~1?replication/delete' - response: - mediaType: text/xml - openAPIDocKey: '200' - bucket_replications_Get: - operation: - $ref: '#/paths/~1?replication/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_replications_Put: - operation: - $ref: '#/paths/~1?replication/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_replications - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/bucket_replications/methods/bucket_replications_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_replications/methods/bucket_replications_Get' - update: [] - title: bucket_replications - bucket_request_payments: - id: aws.s3.bucket_request_payments - methods: - bucket_request_payments_Get: - operation: - $ref: '#/paths/~1?requestPayment/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_request_payments_Put: - operation: - $ref: '#/paths/~1?requestPayment/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_request_payments - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_request_payments/methods/bucket_request_payments_Get' - update: [] - title: bucket_request_payments - bucket_taggings: - id: aws.s3.bucket_taggings - methods: - bucket_taggings_Delete: - operation: - $ref: '#/paths/~1?tagging/delete' - response: - mediaType: text/xml - openAPIDocKey: '200' - bucket_taggings_Get: - operation: - $ref: '#/paths/~1?tagging/get' - response: - mediaType: text/xml - objectKey: /*/TagSet/Tag - openAPIDocKey: '200' - bucket_taggings_Put: - operation: - $ref: '#/paths/~1?tagging/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_taggings - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/bucket_taggings/methods/bucket_taggings_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_taggings/methods/bucket_taggings_Get' - update: [] - title: bucket_taggings - bucket_versionings: - id: aws.s3.bucket_versionings - methods: - bucket_versionings_Get: - operation: - $ref: '#/paths/~1?versioning/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_versionings_Put: - operation: - $ref: '#/paths/~1?versioning/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_versionings - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_versionings/methods/bucket_versionings_Get' - update: [] - title: bucket_versionings - bucket_websites: - id: aws.s3.bucket_websites - methods: - bucket_websites_Delete: - operation: - $ref: '#/paths/~1?website/delete' - response: - mediaType: text/xml - openAPIDocKey: '200' - bucket_websites_Get: - operation: - $ref: '#/paths/~1?website/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - bucket_websites_Put: - operation: - $ref: '#/paths/~1?website/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: bucket_websites - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/bucket_websites/methods/bucket_websites_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/bucket_websites/methods/bucket_websites_Get' - update: [] - title: bucket_websites - buckets: - id: aws.s3.buckets - methods: - buckets_Create: - operation: - $ref: '#/paths/~1/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - buckets_Delete: - operation: - $ref: '#/paths/~1/delete' - response: - mediaType: text/xml - openAPIDocKey: '200' - buckets_List: - operation: - $ref: '#/paths/~1/get' - response: - mediaType: text/xml - objectKey: /*/Buckets/Bucket - openAPIDocKey: '200' - name: buckets - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/buckets/methods/buckets_Delete' - insert: - - $ref: '#/components/x-stackQL-resources/buckets/methods/buckets_Create' - select: - - $ref: '#/components/x-stackQL-resources/buckets/methods/buckets_List' - update: [] - title: buckets - get_object_responses: - id: aws.s3.get_object_responses - methods: - get_object_responses_Write: - operation: - $ref: '#/paths/~1WriteGetObjectResponse#x-amz-request-route&x-amz-request-token/post' - name: get_object_responses - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: get_object_responses - multipart_uploads: - id: aws.s3.multipart_uploads - methods: - multipart_uploads_Complete: - operation: - $ref: '#/paths/~1{Key}#uploadId/post' - response: - mediaType: text/xml - openAPIDocKey: '200' - multipart_uploads_Create: - operation: - $ref: '#/paths/~1{Key}?uploads/post' - multipart_uploads_List: - operation: - $ref: '#/paths/~1?uploads/get' - response: - mediaType: text/xml - objectKey: /*/CommonPrefixes/member - openAPIDocKey: '200' - name: multipart_uploads - sqlVerbs: - delete: [] - insert: - - $ref: '#/components/x-stackQL-resources/multipart_uploads/methods/multipart_uploads_Create' - # select: - # - $ref: '#/components/x-stackQL-resources/multipart_uploads/methods/multipart_uploads_List' - update: [] - title: multipart_uploads - object_acls: - id: aws.s3.object_acls - methods: - object_acls_Get: - operation: - $ref: '#/paths/~1{Key}?acl/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - object_acls_Put: - operation: - $ref: '#/paths/~1{Key}?acl/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: object_acls - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/object_acls/methods/object_acls_Get' - update: [] - title: object_acls - object_attributes: - id: aws.s3.object_attributes - methods: - object_attributes_Get: - operation: - $ref: '#/paths/~1{Key}?attributes#x-amz-object-attributes/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - name: object_attributes - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/object_attributes/methods/object_attributes_Get' - update: [] - title: object_attributes - object_contents: - id: aws.s3.object_contents - methods: - object_contents_Select: - operation: - $ref: '#/paths/~1{Key}?select&select-type=2/post' - name: object_contents - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: object_contents - object_legal_holds: - id: aws.s3.object_legal_holds - methods: - object_legal_holds_Get: - operation: - $ref: '#/paths/~1{Key}?legal-hold/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - object_legal_holds_Put: - operation: - $ref: '#/paths/~1{Key}?legal-hold/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: object_legal_holds - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/object_legal_holds/methods/object_legal_holds_Get' - update: [] - title: object_legal_holds - object_lock_configurations: - id: aws.s3.object_lock_configurations - methods: - object_lock_configurations_Get: - operation: - $ref: '#/paths/~1?object-lock/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - object_lock_configurations_Put: - operation: - $ref: '#/paths/~1?object-lock/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: object_lock_configurations - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/object_lock_configurations/methods/object_lock_configurations_Get' - update: [] - title: object_lock_configurations - object_retentions: - id: aws.s3.object_retentions - methods: - object_retentions_Get: - operation: - $ref: '#/paths/~1{Key}?retention/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - object_retentions_Put: - operation: - $ref: '#/paths/~1{Key}?retention/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: object_retentions - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/object_retentions/methods/object_retentions_Get' - update: [] - title: object_retentions - object_taggings: - id: aws.s3.object_taggings - methods: - object_taggings_Delete: - operation: - $ref: '#/paths/~1{Key}?tagging/delete' - response: - mediaType: text/xml - openAPIDocKey: '200' - object_taggings_Get: - operation: - $ref: '#/paths/~1{Key}?tagging/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - object_taggings_Put: - operation: - $ref: '#/paths/~1{Key}?tagging/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: object_taggings - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/object_taggings/methods/object_taggings_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/object_taggings/methods/object_taggings_Get' - update: [] - title: object_taggings - object_torrents: - id: aws.s3.object_torrents - methods: - object_torrents_Get: - operation: - $ref: '#/paths/~1{Key}?torrent/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - name: object_torrents - sqlVerbs: - delete: [] - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/object_torrents/methods/object_torrents_Get' - update: [] - title: object_torrents - object_versions: - id: aws.s3.object_versions - methods: - object_versions_List: - operation: - $ref: '#/paths/~1?versions/get' - response: - mediaType: text/xml - objectKey: /*/CommonPrefixes/member - openAPIDocKey: '200' - name: object_versions - sqlVerbs: - delete: [] - insert: [] - # select: - # - $ref: '#/components/x-stackQL-resources/object_versions/methods/object_versions_List' - update: [] - title: object_versions - objects: - id: aws.s3.objects - methods: - objects_Copy: - operation: - $ref: '#/paths/~1{Key}#x-amz-copy-source/put' - objects_Delete: - operation: - $ref: '#/paths/~1?delete/post' - objects_Get: - operation: - $ref: '#/paths/~1{Key}/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - objects_List: - operation: - $ref: '#/paths/~1?max-keys=1000/get' - response: - mediaType: text/xml - objectKey: /*/Contents - openAPIDocKey: '200' - objects_Put: - operation: - $ref: '#/paths/~1{Key}/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - objects_Restore: - operation: - $ref: '#/paths/~1{Key}?restore/post' - name: objects - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/objects/methods/objects_Delete' - - $ref: '#/components/x-stackQL-resources/objects/methods/objects_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/objects/methods/objects_List' - - $ref: '#/components/x-stackQL-resources/objects/methods/objects_Get' - update: [] - title: objects - objects_v2s: - id: aws.s3.objects_v2s - methods: - objects_v2s_List: - operation: - $ref: '#/paths/~1?list-type=2/get' - response: - mediaType: text/xml - objectKey: /*/Contents/member - openAPIDocKey: '200' - name: objects_v2s - sqlVerbs: - delete: [] - insert: [] - # select: - # - $ref: '#/components/x-stackQL-resources/objects_v2s/methods/objects_v2s_List' - update: [] - title: objects_v2s - part_copies: - id: aws.s3.part_copies - methods: - part_copies_Upload: - operation: - $ref: '#/paths/~1{Key}#x-amz-copy-source&partNumber&uploadId/put' - name: part_copies - sqlVerbs: - delete: [] - insert: [] - select: [] - update: [] - title: part_copies - parts: - id: aws.s3.parts - methods: - parts_List: - operation: - $ref: '#/paths/~1{Key}#uploadId/get' - response: - mediaType: text/xml - objectKey: /*/Part/member - openAPIDocKey: '200' - parts_Upload: - operation: - $ref: '#/paths/~1{Key}#partNumber&uploadId/put' - name: parts - sqlVerbs: - delete: [] - insert: [] - # select: - # - $ref: '#/components/x-stackQL-resources/parts/methods/parts_List' - update: [] - title: parts - public_access_blocks: - id: aws.s3.public_access_blocks - methods: - public_access_blocks_Delete: - operation: - $ref: '#/paths/~1?publicAccessBlock/delete' - response: - mediaType: text/xml - openAPIDocKey: '200' - public_access_blocks_Get: - operation: - $ref: '#/paths/~1?publicAccessBlock/get' - response: - mediaType: text/xml - objectKey: /* - openAPIDocKey: '200' - public_access_blocks_Put: - operation: - $ref: '#/paths/~1?publicAccessBlock/put' - response: - mediaType: text/xml - openAPIDocKey: '200' - name: public_access_blocks - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/public_access_blocks/methods/public_access_blocks_Delete' - insert: [] - select: - - $ref: '#/components/x-stackQL-resources/public_access_blocks/methods/public_access_blocks_Get' - update: [] - title: public_access_blocks -externalDocs: - description: Amazon Web Services documentation - url: https://docs.aws.amazon.com/s3/ -info: - contact: - email: mike.ralphson@gmail.com - name: Mike Ralphson - url: https://github.com/mermade/aws2openapi - x-twitter: PermittedSoc - description:

- license: - name: Apache 2.0 License - url: http://www.apache.org/licenses/ - termsOfService: https://aws.amazon.com/service-terms/ - title: Amazon Simple Storage Service - version: '2006-03-01' - x-apiClientRegistration: - url: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct - x-apisguru-categories: - - cloud - x-logo: - backgroundColor: '#FFFFFF' - url: https://twitter.com/awscloud/profile_image?size=original - x-origin: - - contentType: application/json - converter: - url: https://github.com/mermade/aws2openapi - version: 1.0.0 - url: https://raw.githubusercontent.com/aws/aws-sdk-js/master/apis/s3-2006-03-01.normal.json - x-apisguru-driver: external - x-preferred: true - x-providerName: amazonaws.com - x-release: s3 - x-serviceName: s3 -openapi: 3.0.0 -paths: - /WriteGetObjectResponse#x-amz-request-route&x-amz-request-token: - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - post: - description: '

Passes transformed objects to a GetObject operation - when using Object Lambda access points. For information about Object Lambda - access points, see Transforming - objects with Object Lambda access points in the Amazon S3 User Guide.

-

This operation supports metadata that can be returned by GetObject, - in addition to RequestRoute, RequestToken, StatusCode, - ErrorCode, and ErrorMessage. The GetObject - response metadata is supported so that the WriteGetObjectResponse - caller, typically an Lambda function, can provide the same metadata when it - internally invokes GetObject. When WriteGetObjectResponse - is called by a customer-owned Lambda function, the metadata returned to the - end user GetObject call might differ from what Amazon S3 would - normally return.

You can include any number of metadata headers. When - including a metadata header, it should be prefaced with x-amz-meta. - For example, x-amz-meta-my-custom-header: MyCustomValue. The - primary use case for this is to forward GetObject metadata.

-

Amazon Web Services provides some prebuilt Lambda functions that you can - use with S3 Object Lambda to detect and redact personally identifiable information - (PII) and decompress S3 objects. These Lambda functions are available in the - Amazon Web Services Serverless Application Repository, and can be selected - through the Amazon Web Services Management Console when you create your Object - Lambda access point.

Example 1: PII Access Control - This Lambda function - uses Amazon Comprehend, a natural language processing (NLP) service using - machine learning to find insights and relationships in text. It automatically - detects personally identifiable information (PII) such as names, addresses, - dates, credit card numbers, and social security numbers from documents in - your Amazon S3 bucket.

Example 2: PII Redaction - This Lambda function - uses Amazon Comprehend, a natural language processing (NLP) service using - machine learning to find insights and relationships in text. It automatically - redacts personally identifiable information (PII) such as names, addresses, - dates, credit card numbers, and social security numbers from documents in - your Amazon S3 bucket.

Example 3: Decompression - The Lambda function - S3ObjectLambdaDecompression, is equipped to decompress objects stored in S3 - in one of six compressed file formats including bzip2, gzip, snappy, zlib, - zstandard and ZIP.

For information on how to view and use these functions, - see Using - Amazon Web Services built Lambda functions in the Amazon S3 User Guide.

' - operationId: WriteGetObjectResponse - parameters: - - description: Route prefix to the HTTP URL generated. - in: header - name: x-amz-request-route - required: true - schema: - type: string - - description: A single use encrypted token that maps WriteGetObjectResponse - to the end user GetObject request. - in: header - name: x-amz-request-token - required: true - schema: - type: string - - description:

The integer status code for an HTTP response of a corresponding - GetObject request.

Status Codes -

  • 200 - OK

  • 206 - - Partial Content

  • 304 - Not Modified -

  • 400 - Bad Request

  • 401 - - Unauthorized

  • 403 - Forbidden

    -

  • 404 - Not Found

  • 405 - - Method Not Allowed

  • 409 - Conflict -

  • 411 - Length Required

  • - 412 - Precondition Failed

  • 416 - Range - Not Satisfiable

  • 500 - Internal Server Error -

  • 503 - Service Unavailable

- in: header - name: x-amz-fwd-status - required: false - schema: - type: integer - - description: A string that uniquely identifies an error condition. Returned - in the <Code> tag of the error XML response for a corresponding GetObject - call. Cannot be used with a successful StatusCode header or - when the transformed object is provided in the body. All error codes from - S3 are sentence-cased. The regular expression (regex) value is "^[A-Z][a-zA-Z]+$". - in: header - name: x-amz-fwd-error-code - required: false - schema: - type: string - - description: Contains a generic description of the error condition. Returned - in the <Message> tag of the error XML response for a corresponding - GetObject call. Cannot be used with a successful StatusCode - header or when the transformed object is provided in body. - in: header - name: x-amz-fwd-error-message - required: false - schema: - type: string - - description: Indicates that a range of bytes was specified. - in: header - name: x-amz-fwd-header-accept-ranges - required: false - schema: - type: string - - description: Specifies caching behavior along the request/reply chain. - in: header - name: x-amz-fwd-header-Cache-Control - required: false - schema: - type: string - - description: Specifies presentational information for the object. - in: header - name: x-amz-fwd-header-Content-Disposition - required: false - schema: - type: string - - description: Specifies what content encodings have been applied to the object - and thus what decoding mechanisms must be applied to obtain the media-type - referenced by the Content-Type header field. - in: header - name: x-amz-fwd-header-Content-Encoding - required: false - schema: - type: string - - description: The language the content is in. - in: header - name: x-amz-fwd-header-Content-Language - required: false - schema: - type: string - - description: The size of the content body in bytes. - in: header - name: Content-Length - required: false - schema: - type: integer - - description: The portion of the object returned in the response. - in: header - name: x-amz-fwd-header-Content-Range - required: false - schema: - type: string - - description: A standard MIME type describing the format of the object data. - in: header - name: x-amz-fwd-header-Content-Type - required: false - schema: - type: string - - description:

This header can be used as a data integrity check to verify - that the data received is the same data that was originally sent. This specifies - the base64-encoded, 32-bit CRC32 checksum of the object returned by the - Object Lambda function. This may not match the checksum for the object stored - in Amazon S3. Amazon S3 will perform validation of the checksum values only - when the original GetObject request required checksum validation. - For more information about checksums, see Checking - object integrity in the Amazon S3 User Guide.

Only one - checksum header can be specified at a time. If you supply multiple checksum - headers, this request will fail.

- in: header - name: x-amz-fwd-header-x-amz-checksum-crc32 - required: false - schema: - type: string - - description:

This header can be used as a data integrity check to verify - that the data received is the same data that was originally sent. This specifies - the base64-encoded, 32-bit CRC32C checksum of the object returned by the - Object Lambda function. This may not match the checksum for the object stored - in Amazon S3. Amazon S3 will perform validation of the checksum values only - when the original GetObject request required checksum validation. - For more information about checksums, see Checking - object integrity in the Amazon S3 User Guide.

Only one - checksum header can be specified at a time. If you supply multiple checksum - headers, this request will fail.

- in: header - name: x-amz-fwd-header-x-amz-checksum-crc32c - required: false - schema: - type: string - - description:

This header can be used as a data integrity check to verify - that the data received is the same data that was originally sent. This specifies - the base64-encoded, 160-bit SHA-1 digest of the object returned by the Object - Lambda function. This may not match the checksum for the object stored in - Amazon S3. Amazon S3 will perform validation of the checksum values only - when the original GetObject request required checksum validation. - For more information about checksums, see Checking - object integrity in the Amazon S3 User Guide.

Only one - checksum header can be specified at a time. If you supply multiple checksum - headers, this request will fail.

- in: header - name: x-amz-fwd-header-x-amz-checksum-sha1 - required: false - schema: - type: string - - description:

This header can be used as a data integrity check to verify - that the data received is the same data that was originally sent. This specifies - the base64-encoded, 256-bit SHA-256 digest of the object returned by the - Object Lambda function. This may not match the checksum for the object stored - in Amazon S3. Amazon S3 will perform validation of the checksum values only - when the original GetObject request required checksum validation. - For more information about checksums, see Checking - object integrity in the Amazon S3 User Guide.

Only one - checksum header can be specified at a time. If you supply multiple checksum - headers, this request will fail.

- in: header - name: x-amz-fwd-header-x-amz-checksum-sha256 - required: false - schema: - type: string - - description: 'Specifies whether an object stored in Amazon S3 is (true) - or is not (false) a delete marker. ' - in: header - name: x-amz-fwd-header-x-amz-delete-marker - required: false - schema: - type: boolean - - description: 'An opaque identifier assigned by a web server to a specific - version of a resource found at a URL. ' - in: header - name: x-amz-fwd-header-ETag - required: false - schema: - type: string - - description: The date and time at which the object is no longer cacheable. - in: header - name: x-amz-fwd-header-Expires - required: false - schema: - format: date-time - type: string - - description: 'If the object expiration is configured (see PUT Bucket lifecycle), - the response includes this header. It includes the expiry-date - and rule-id key-value pairs that provide the object expiration - information. The value of the rule-id is URL-encoded. ' - in: header - name: x-amz-fwd-header-x-amz-expiration - required: false - schema: - type: string - - description: The date and time that the object was last modified. - in: header - name: x-amz-fwd-header-Last-Modified - required: false - schema: - format: date-time - type: string - - description: Set to the number of metadata entries not returned in x-amz-meta - headers. This can happen if you create metadata using an API like SOAP that - supports more flexible metadata than the REST API. For example, using SOAP, - you can create metadata whose values are not legal HTTP headers. - in: header - name: x-amz-fwd-header-x-amz-missing-meta - required: false - schema: - type: integer - - description: Indicates whether an object stored in Amazon S3 has Object Lock - enabled. For more information about S3 Object Lock, see Object - Lock. - in: header - name: x-amz-fwd-header-x-amz-object-lock-mode - required: false - schema: - enum: - - GOVERNANCE - - COMPLIANCE - type: string - - description: Indicates whether an object stored in Amazon S3 has an active - legal hold. - in: header - name: x-amz-fwd-header-x-amz-object-lock-legal-hold - required: false - schema: - enum: - - 'ON' - - 'OFF' - type: string - - description: The date and time when Object Lock is configured to expire. - in: header - name: x-amz-fwd-header-x-amz-object-lock-retain-until-date - required: false - schema: - format: date-time - type: string - - description: The count of parts this object has. - in: header - name: x-amz-fwd-header-x-amz-mp-parts-count - required: false - schema: - type: integer - - description: Indicates if request involves bucket that is either a source - or destination in a Replication rule. For more information about S3 Replication, - see Replication. - in: header - name: x-amz-fwd-header-x-amz-replication-status - required: false - schema: - enum: - - COMPLETE - - PENDING - - FAILED - - REPLICA - type: string - - description: '' - in: header - name: x-amz-fwd-header-x-amz-request-charged - required: false - schema: - description: If present, indicates that the requester was successfully charged - for the request. - enum: - - requester - type: string - - description: Provides information about object restoration operation and expiration - time of the restored object copy. - in: header - name: x-amz-fwd-header-x-amz-restore - required: false - schema: - type: string - - description: ' The server-side encryption algorithm used when storing requested - object in Amazon S3 (for example, AES256, aws:kms).' - in: header - name: x-amz-fwd-header-x-amz-server-side-encryption - required: false - schema: - enum: - - AES256 - - aws:kms - type: string - - description: Encryption algorithm used if server-side encryption with a customer-provided - encryption key was specified for object stored in Amazon S3. - in: header - name: x-amz-fwd-header-x-amz-server-side-encryption-customer-algorithm - required: false - schema: - type: string - - description: ' If present, specifies the ID of the Amazon Web Services Key - Management Service (Amazon Web Services KMS) symmetric customer managed - key that was used for stored in Amazon S3 object. ' - in: header - name: x-amz-fwd-header-x-amz-server-side-encryption-aws-kms-key-id - required: false - schema: - format: password - type: string - - description: ' 128-bit MD5 digest of customer-provided encryption key used - in Amazon S3 to encrypt data stored in S3. For more information, see Protecting - data using server-side encryption with customer-provided encryption keys - (SSE-C).' - in: header - name: x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5 - required: false - schema: - type: string - - description:

Provides storage class information of the object. Amazon S3 - returns this header for all objects except for S3 Standard storage class - objects.

For more information, see Storage - Classes.

- in: header - name: x-amz-fwd-header-x-amz-storage-class - required: false - schema: - enum: - - STANDARD - - REDUCED_REDUNDANCY - - STANDARD_IA - - ONEZONE_IA - - INTELLIGENT_TIERING - - GLACIER - - DEEP_ARCHIVE - - OUTPOSTS - - GLACIER_IR - type: string - - description: The number of tags, if any, on the object. - in: header - name: x-amz-fwd-header-x-amz-tagging-count - required: false - schema: - type: integer - - description: An ID used to reference a specific version of the object. - in: header - name: x-amz-fwd-header-x-amz-version-id - required: false - schema: - type: string - - description: ' Indicates whether the object stored in Amazon S3 uses an S3 - bucket key for server-side encryption with Amazon Web Services KMS (SSE-KMS).' - in: header - name: x-amz-fwd-header-x-amz-server-side-encryption-bucket-key-enabled - required: false - schema: - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - Body: - description: The object data. - type: string - x-amz-meta-: - additionalProperties: - $ref: '#/components/schemas/MetadataValue' - description: A map of metadata to store with the object in S3. - type: object - type: object - required: true - responses: - '200': - description: Success - /: - delete: - description:

Deletes the S3 bucket. All objects (including all object versions - and delete markers) in the bucket must be deleted before the bucket itself - can be deleted.

Related Resources

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETE.html - operationId: DeleteBucket - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - responses: - '204': - description: Success - get: - description: Returns a list of all buckets owned by the authenticated sender - of the request. To use this operation, you must have the s3:ListAllMyBuckets - permission. - servers: - - description: The Amazon S3 multi-region endpoint - url: https://s3.{region}.amazonaws.com - variables: - region: - default: us-east-2 - description: The AWS region - enum: - - us-east-2 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-east-1 - - ap-south-1 - - me-south-1 - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTServiceGET.html - operationId: ListBuckets - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/ListBucketsOutput' - description: Success - head: - description:

This action is useful to determine if a bucket exists and you - have permission to access it. The action returns a 200 OK if - the bucket exists and you have permission to access it.

If the bucket - does not exist or you do not have permission to access it, the HEAD - request returns a generic 404 Not Found or 403 Forbidden - code. A message body is not included, so you cannot determine the exception - beyond these error codes.

To use this operation, you must have permissions - to perform the s3:ListBucket action. The bucket owner has this - permission by default and can grant this permission to others. For more information - about permissions, see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources.

To use this API - against an access point, you must provide the alias of the access point in - place of the bucket name or specify the access point ARN. When using the access - point ARN, you must direct requests to the access point hostname. The access - point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - When using the Amazon Web Services SDKs, you provide the ARN in place of the - bucket name. For more information see, Using - access points.

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketHEAD.html - operationId: HeadBucket - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - responses: - '200': - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchBucket' - description: NoSuchBucket - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description: "

Creates a new S3 bucket. To create a bucket, you must register\ - \ with Amazon S3 and have a valid Amazon Web Services Access Key ID to authenticate\ - \ requests. Anonymous requests are never allowed to create buckets. By creating\ - \ the bucket, you become the bucket owner.

Not every string is an acceptable\ - \ bucket name. For information about bucket naming restrictions, see Bucket naming rules.

If you want to create an Amazon S3 on Outposts\ - \ bucket, see Create Bucket.

By default, the bucket is created in the US East\ - \ (N. Virginia) Region. You can optionally specify a Region in the request\ - \ body. You might choose a Region to optimize latency, minimize costs, or\ - \ address regulatory requirements. For example, if you reside in Europe, you\ - \ will probably find it advantageous to create buckets in the Europe (Ireland)\ - \ Region. For more information, see Accessing a bucket.

If you send your create bucket request\ - \ to the s3.amazonaws.com endpoint, the request goes to the us-east-1\ - \ Region. Accordingly, the signature calculations in Signature Version 4 must\ - \ use us-east-1 as the Region, even if the location constraint in the request\ - \ specifies another Region where the bucket is to be created. If you create\ - \ a bucket in a Region other than US East (N. Virginia), your application\ - \ must be able to handle 307 redirect. For more information, see Virtual\ - \ hosting of buckets.

Access control lists (ACLs)\ - \

When creating a bucket using this operation, you can optionally\ - \ configure the bucket ACL to specify the accounts or groups that should be\ - \ granted specific permissions on the bucket.

If your CreateBucket\ - \ request sets bucket owner enforced for S3 Object Ownership and specifies\ - \ a bucket ACL that provides access to an external Amazon Web Services account,\ - \ your request fails with a 400 error and returns the InvalidBucketAclWithObjectOwnership\ - \ error code. For more information, see Controlling object ownership in the Amazon S3 User Guide.

\ - \

There are two ways to grant the appropriate permissions\ - \ using the request headers.

  • Specify a canned ACL using the\ - \ x-amz-acl request header. Amazon S3 supports a set of predefined\ - \ ACLs, known as canned ACLs. Each canned ACL has a predefined set\ - \ of grantees and permissions. For more information, see Canned ACL.

  • Specify access permissions explicitly using\ - \ the x-amz-grant-read, x-amz-grant-write, x-amz-grant-read-acp,\ - \ x-amz-grant-write-acp, and x-amz-grant-full-control\ - \ headers. These headers map to the set of permissions Amazon S3 supports\ - \ in an ACL. For more information, see Access control list (ACL) overview.

    You specify each grantee as\ - \ a type=value pair, where the type is one of the following:

    • \ - \

      id \u2013 if the value specified is the canonical user\ - \ ID of an Amazon Web Services account

    • uri\ - \ \u2013 if you are granting permissions to a predefined group

    • \ - \

      emailAddress \u2013 if the value specified is the email\ - \ address of an Amazon Web Services account

      Using email addresses\ - \ to specify a grantee is only supported in the following Amazon Web Services\ - \ Regions:

      • US East (N. Virginia)

      • US West\ - \ (N. California)

      • US West (Oregon)

      • Asia\ - \ Pacific (Singapore)

      • Asia Pacific (Sydney)

      • \ - \

        Asia Pacific (Tokyo)

      • Europe (Ireland)

      • \ - \

        South America (S\xE3o Paulo)

      For a list of all the\ - \ Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

      \ - \

    For example, the following x-amz-grant-read\ - \ header grants the Amazon Web Services accounts identified by account IDs\ - \ permissions to read object data and its metadata:

    x-amz-grant-read:\ - \ id=\"11112222333\", id=\"444455556666\"

\ - \

You can use either a canned ACL or specify access permissions explicitly.\ - \ You cannot do both.

Permissions

In addition\ - \ to s3:CreateBucket, the following permissions are required\ - \ when your CreateBucket includes specific headers:

  • ACLs\ - \ - If your CreateBucket request specifies ACL permissions and\ - \ the ACL is public-read, public-read-write, authenticated-read, or if you\ - \ specify access permissions explicitly through any other ACL, both s3:CreateBucket\ - \ and s3:PutBucketAcl permissions are needed. If the ACL the\ - \ CreateBucket request is private or doesn't specify any ACLs,\ - \ only s3:CreateBucket permission is needed.

  • \ - \

    Object Lock - If ObjectLockEnabledForBucket is set\ - \ to true in your CreateBucket request, s3:PutBucketObjectLockConfiguration\ - \ and s3:PutBucketVersioning permissions are required.

    • \ - \

  • S3 Object Ownership - If your CreateBucket request includes\ - \ the the x-amz-object-ownership header, s3:PutBucketOwnershipControls\ - \ permission is required.

The following operations are\ - \ related to CreateBucket:

" - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUT.html - operationId: CreateBucket - parameters: - - description: The canned ACL to apply to the bucket. - in: header - name: x-amz-acl - required: false - schema: - enum: - - private - - public-read - - public-read-write - - authenticated-read - type: string - - description: Allows grantee the read, write, read ACP, and write ACP permissions - on the bucket. - in: header - name: x-amz-grant-full-control - required: false - schema: - type: string - - description: Allows grantee to list the objects in the bucket. - in: header - name: x-amz-grant-read - required: false - schema: - type: string - - description: Allows grantee to read the bucket ACL. - in: header - name: x-amz-grant-read-acp - required: false - schema: - type: string - - description:

Allows grantee to create new objects in the bucket.

For - the bucket and object owners of existing objects, also allows deletions - and overwrites of those objects.

- in: header - name: x-amz-grant-write - required: false - schema: - type: string - - description: Allows grantee to write the ACL for the applicable bucket. - in: header - name: x-amz-grant-write-acp - required: false - schema: - type: string - - description: Specifies whether you want S3 Object Lock to be enabled for the - new bucket. - in: header - name: x-amz-bucket-object-lock-enabled - required: false - schema: - type: boolean - - description: '' - in: header - name: x-amz-object-ownership - required: false - schema: - description:

The container element for object ownership for a bucket's - ownership controls.

BucketOwnerPreferred - Objects uploaded to - the bucket change ownership to the bucket owner if the objects are uploaded - with the bucket-owner-full-control canned ACL.

ObjectWriter - - The uploading account will own the object if the object is uploaded - with the bucket-owner-full-control canned ACL.

BucketOwnerEnforced - - Access control lists (ACLs) are disabled and no longer affect permissions. - The bucket owner automatically owns and has full control over every object - in the bucket. The bucket only accepts PUT requests that don't specify - an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control - canned ACL or an equivalent form of this ACL expressed in the XML format.

- enum: - - BucketOwnerPreferred - - ObjectWriter - - BucketOwnerEnforced - type: string - requestBody: - content: - text/xml: - schema: - properties: - CreateBucketConfiguration: - description: The configuration information for the bucket. - properties: - LocationConstraint: - allOf: - - $ref: '#/components/schemas/BucketLocationConstraint' - - description: Specifies the Region where the bucket will be - created. If you don't specify a Region, the bucket is created - in the US East (N. Virginia) Region (us-east-1). - type: object - type: object - required: true - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateBucketOutput' - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/BucketAlreadyExists' - description: BucketAlreadyExists - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/BucketAlreadyOwnedByYou' - description: BucketAlreadyOwnedByYou - /?max-keys=1000: - get: - servers: - - description: The Amazon S3 multi-region endpoint - url: https://{bucket}.s3.{region}.amazonaws.com - variables: - bucket: - default: null-bucket - description: The name of the bucket - region: - default: us-east-2 - description: The AWS region - enum: - - us-east-2 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-east-1 - - ap-south-1 - - me-south-1 - description:

Returns some or all (up to 1,000) of the objects in a bucket. - You can use the request parameters as selection criteria to return a subset - of the objects in a bucket. A 200 OK response can contain valid or invalid - XML. Be sure to design your application to parse the contents of the response - and handle it appropriately.

This action has been revised. - We recommend that you use the newer version, ListObjectsV2, - when developing applications. For backward compatibility, Amazon S3 continues - to support ListObjects.

The following operations - are related to ListObjects:

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGET.html - operationId: ListObjects - parameters: - - description: A delimiter is a character you use to group keys. - in: query - name: delimiter - required: false - schema: - type: string - - description: '' - in: query - name: encoding-type - required: false - schema: - description: Requests Amazon S3 to encode the object keys in the response - and specifies the encoding method to use. An object key may contain any - Unicode character; however, XML 1.0 parser cannot parse some characters, - such as characters with an ASCII value from 0 to 10. For characters that - are not supported in XML 1.0, you can add this parameter to request that - Amazon S3 encode the keys in the response. - enum: - - url - type: string - - description: Marker is where you want Amazon S3 to start listing from. Amazon - S3 starts listing after this specified key. Marker can be any key in the - bucket. - in: query - name: marker - required: false - schema: - type: string - - description: 'Sets the maximum number of keys returned in the response. By - default the action returns up to 1,000 key names. The response might contain - fewer keys but will never contain more. ' - in: query - name: max-keys - required: false - schema: - type: integer - default: 1000 - - description: Limits the response to keys that begin with the specified prefix. - in: query - name: prefix - required: false - schema: - type: string - - description: Confirms that the requester knows that she or he will be charged - for the list objects request. Bucket owners need not specify this parameter - in their requests. - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description: Pagination limit - in: query - name: MaxKeys - required: false - schema: - type: string - - description: Pagination token - in: query - name: Marker - required: false - schema: - type: string - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/ListObjectsOutput' - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchBucket' - description: NoSuchBucket - /{Key}: - delete: - description:

Removes the null version (if there is one) of an object and - inserts a delete marker, which becomes the latest version of the object. If - there isn't a null version, Amazon S3 does not remove any objects but will - still respond that the command was successful.

To remove a specific - version, you must be the bucket owner and you must use the version Id subresource. - Using this subresource permanently deletes the version. If the object deleted - is a delete marker, Amazon S3 sets the response header, x-amz-delete-marker, - to true.

If the object you want to delete is in a bucket where the - bucket versioning configuration is MFA Delete enabled, you must include the - x-amz-mfa request header in the DELETE versionId - request. Requests that include x-amz-mfa must use HTTPS.

-

For more information about MFA Delete, see Using - MFA Delete. To see sample requests that use versioning, see Sample - Request.

You can delete objects by explicitly calling DELETE Object - or configure its lifecycle (PutBucketLifecycle) - to enable Amazon S3 to remove them for you. If you want to block users or - accounts from removing or deleting objects from your bucket, you must deny - them the s3:DeleteObject, s3:DeleteObjectVersion, - and s3:PutLifeCycleConfiguration actions.

The following - action is related to DeleteObject:

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectDELETE.html - operationId: DeleteObject - parameters: - - description: Key name of the object to delete. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: The concatenation of the authentication device's serial number, - a space, and the value that is displayed on your authentication device. - Required to permanently delete a versioned object if versioning is configured - with MFA delete enabled. - in: header - name: x-amz-mfa - required: false - schema: - type: string - - description: VersionId used to reference a specific version of the object. - in: query - name: versionId - required: false - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: Indicates whether S3 Object Lock should bypass Governance-mode - restrictions to process this operation. To use this header, you must have - the s3:BypassGovernanceRetention permission. - in: header - name: x-amz-bypass-governance-retention - required: false - schema: - type: boolean - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - responses: - '204': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteObjectOutput' - description: Success - get: - description: "

Retrieves objects from Amazon S3. To use GET,\ - \ you must have READ access to the object. If you grant READ\ - \ access to the anonymous user, you can return the object without using an\ - \ authorization header.

An Amazon S3 bucket has no directory hierarchy\ - \ such as you would find in a typical computer file system. You can, however,\ - \ create a logical hierarchy by using object key names that imply a folder\ - \ structure. For example, instead of naming an object sample.jpg,\ - \ you can name it photos/2006/February/sample.jpg.

To\ - \ get an object from such a logical hierarchy, specify the full key name for\ - \ the object in the GET operation. For a virtual hosted-style\ - \ request example, if you have the object photos/2006/February/sample.jpg,\ - \ specify the resource as /photos/2006/February/sample.jpg. For\ - \ a path-style request example, if you have the object photos/2006/February/sample.jpg\ - \ in the bucket named examplebucket, specify the resource as\ - \ /examplebucket/photos/2006/February/sample.jpg. For more information\ - \ about request types, see HTTP Host Header Bucket Specification.

For more information about\ - \ returning the ACL of an object, see GetObjectAcl.

If the object you are retrieving is stored in the\ - \ S3 Glacier or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering\ - \ Archive or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve\ - \ the object you must first restore a copy using RestoreObject. Otherwise, this action returns an InvalidObjectStateError\ - \ error. For information about restoring archived objects, see Restoring\ - \ Archived Objects.

Encryption request headers, like x-amz-server-side-encryption,\ - \ should not be sent for GET requests if your object uses server-side encryption\ - \ with KMS keys (SSE-KMS) or server-side encryption with Amazon S3\u2013managed\ - \ encryption keys (SSE-S3). If your object does use these types of keys, you\u2019\ - ll get an HTTP 400 BadRequest error.

If you encrypt an object by using\ - \ server-side encryption with customer-provided encryption keys (SSE-C) when\ - \ you store the object in Amazon S3, then when you GET the object, you must\ - \ use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

    \ - \

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

    \ - \

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

\ - \

Assuming you have the relevant permission to read object tags, the response\ - \ also returns the x-amz-tagging-count header that provides the\ - \ count of number of tags associated with the object. You can use GetObjectTagging to retrieve the tag set associated with an object.

\ - \

Permissions

You need the relevant read object (or version)\ - \ permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not\ - \ exist, the error Amazon S3 returns depends on whether you also have the\ - \ s3:ListBucket permission.

  • If you have the\ - \ s3:ListBucket permission on the bucket, Amazon S3 will return\ - \ an HTTP status code 404 (\"no such key\") error.

  • If you\ - \ don\u2019t have the s3:ListBucket permission, Amazon S3 will\ - \ return an HTTP status code 403 (\"access denied\") error.

\ - \

Versioning

By default, the GET action returns the current\ - \ version of an object. To return a different version, use the versionId\ - \ subresource.

  • If you supply a versionId,\ - \ you need the s3:GetObjectVersion permission to access a specific\ - \ version of an object. If you request a specific version, you do not need\ - \ to have the s3:GetObject permission.

  • If\ - \ the current version of the object is a delete marker, Amazon S3 behaves\ - \ as if the object was deleted and includes x-amz-delete-marker: true\ - \ in the response.

For more information about versioning,\ - \ see PutBucketVersioning.

Overriding Response Header Values\ - \

There are times when you want to override certain response header\ - \ values in a GET response. For example, you might override the Content-Disposition\ - \ response header value in your GET request.

You can override values\ - \ for a set of response headers using the following query parameters. These\ - \ response header values are sent only on a successful request, that is, when\ - \ status code 200 OK is returned. The set of headers you can override using\ - \ these parameters is a subset of the headers that Amazon S3 accepts when\ - \ you create an object. The response headers that you can override for the\ - \ GET response are Content-Type, Content-Language,\ - \ Expires, Cache-Control, Content-Disposition,\ - \ and Content-Encoding. To override these header values in the\ - \ GET response, you use the following request parameters.

You\ - \ must sign the request, either using an Authorization header or a presigned\ - \ URL, when using these parameters. They cannot be used with an unsigned (anonymous)\ - \ request.

  • response-content-type

    \ - \

  • response-content-language

  • \ - \ response-expires

  • response-cache-control\ - \

  • response-content-disposition

    • \ - \

  • response-content-encoding

Additional\ - \ Considerations about Request Headers

If both of the If-Match\ - \ and If-Unmodified-Since headers are present in the request\ - \ as follows: If-Match condition evaluates to true,\ - \ and; If-Unmodified-Since condition evaluates to false;\ - \ then, S3 returns 200 OK and the data requested.

If both of the If-None-Match\ - \ and If-Modified-Since headers are present in the request as\ - \ follows: If-None-Match condition evaluates to false,\ - \ and; If-Modified-Since condition evaluates to true;\ - \ then, S3 returns 304 Not Modified response code.

For more information\ - \ about conditional requests, see RFC 7232.

The following operations are related to GetObject:

\ - \ " - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectGET.html - operationId: GetObject - parameters: - - description: Return the object only if its entity tag (ETag) is the same as - the one specified; otherwise, return a 412 (precondition failed) error. - in: header - name: If-Match - required: false - schema: - type: string - - description: Return the object only if it has been modified since the specified - time; otherwise, return a 304 (not modified) error. - in: header - name: If-Modified-Since - required: false - schema: - format: date-time - type: string - - description: Return the object only if its entity tag (ETag) is different - from the one specified; otherwise, return a 304 (not modified) error. - in: header - name: If-None-Match - required: false - schema: - type: string - - description: Return the object only if it has not been modified since the - specified time; otherwise, return a 412 (precondition failed) error. - in: header - name: If-Unmodified-Since - required: false - schema: - format: date-time - type: string - - description: Key of the object to get. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description:

Downloads the specified range bytes of an object. For more - information about the HTTP Range header, see https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.

-

Amazon S3 doesn't support retrieving multiple ranges of data per - GET request.

 - in: header - name: Range - required: false - schema: - type: string - - description: Sets the Cache-Control header of the response. - in: query - name: response-cache-control - required: false - schema: - type: string - - description: Sets the Content-Disposition header of the response - in: query - name: response-content-disposition - required: false - schema: - type: string - - description: Sets the Content-Encoding header of the response. - in: query - name: response-content-encoding - required: false - schema: - type: string - - description: Sets the Content-Language header of the response. - in: query - name: response-content-language - required: false - schema: - type: string - - description: Sets the Content-Type header of the response. - in: query - name: response-content-type - required: false - schema: - type: string - - description: Sets the Expires header of the response. - in: query - name: response-expires - required: false - schema: - format: date-time - type: string - - description: VersionId used to reference a specific version of the object. - in: query - name: versionId - required: false - schema: - type: string - - description: Specifies the algorithm to use to when decrypting the object - (for example, AES256). - in: header - name: x-amz-server-side-encryption-customer-algorithm - required: false - schema: - type: string - - description: Specifies the customer-provided encryption key for Amazon S3 - used to encrypt the data. This value is used to decrypt the object when - recovering it and must match the one used when storing the data. The key - must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm - header. - in: header - name: x-amz-server-side-encryption-customer-key - required: false - schema: - format: password - type: string - - description: Specifies the 128-bit MD5 digest of the encryption key according - to RFC 1321. Amazon S3 uses this header for a message integrity check to - ensure that the encryption key was transmitted without error. - in: header - name: x-amz-server-side-encryption-customer-key-MD5 - required: false - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: Part number of the object being read. This is a positive integer - between 1 and 10,000. Effectively performs a 'ranged' GET request for the - part specified. Useful for downloading just a part of an object. - in: query - name: partNumber - required: false - schema: - type: integer - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description: To retrieve the checksum, this mode must be enabled. - in: header - name: x-amz-checksum-mode - required: false - schema: - enum: - - ENABLED - type: string - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetObjectOutput' - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchKey' - description: NoSuchKey - '481': - content: - text/xml: - schema: - $ref: '#/components/schemas/InvalidObjectState' - description: InvalidObjectState - head: - description: "

The HEAD action retrieves metadata from an object without returning\ - \ the object itself. This action is useful if you're only interested in an\ - \ object's metadata. To use HEAD, you must have READ access to the object.

\ - \

A HEAD request has the same options as a GET\ - \ action on an object. The response is identical to the GET response\ - \ except that there is no response body. Because of this, if the HEAD\ - \ request generates an error, it returns a generic 404 Not Found\ - \ or 403 Forbidden code. It is not possible to retrieve the exact\ - \ exception beyond these error codes.

If you encrypt an object by using\ - \ server-side encryption with customer-provided encryption keys (SSE-C) when\ - \ you store the object in Amazon S3, then when you retrieve the metadata from\ - \ the object, you must use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

    \ - \

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

    \ - \

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

\ - \

  • Encryption request headers, like x-amz-server-side-encryption,\ - \ should not be sent for GET requests if your object uses server-side encryption\ - \ with KMS keys (SSE-KMS) or server-side encryption with Amazon S3\u2013managed\ - \ encryption keys (SSE-S3). If your object does use these types of keys, you\u2019\ - ll get an HTTP 400 BadRequest error.

  • The last modified\ - \ property in this case is the creation date of the object.

\ - \

Request headers are limited to 8 KB in size. For more information,\ - \ see Common Request Headers.

Consider the following when using request\ - \ headers:

  • Consideration 1 \u2013 If both of the If-Match\ - \ and If-Unmodified-Since headers are present in the request\ - \ as follows:

    • If-Match condition evaluates\ - \ to true, and;

    • If-Unmodified-Since\ - \ condition evaluates to false;

    Then Amazon\ - \ S3 returns 200 OK and the data requested.

  • \ - \ Consideration 2 \u2013 If both of the If-None-Match and If-Modified-Since\ - \ headers are present in the request as follows:

    • If-None-Match\ - \ condition evaluates to false, and;

    • If-Modified-Since\ - \ condition evaluates to true;

    Then Amazon\ - \ S3 returns the 304 Not Modified response code.

\ - \

For more information about conditional requests, see RFC 7232.

Permissions

You need the relevant read\ - \ object (or version) permission for this operation. For more information,\ - \ see Specifying Permissions in a Policy. If the object you request does not\ - \ exist, the error Amazon S3 returns depends on whether you also have the\ - \ s3:ListBucket permission.

  • If you have the s3:ListBucket\ - \ permission on the bucket, Amazon S3 returns an HTTP status code 404 (\"\ - no such key\") error.

  • If you don\u2019t have the s3:ListBucket\ - \ permission, Amazon S3 returns an HTTP status code 403 (\"access denied\"\ - ) error.

The following actions are related to HeadObject:

\ - \ " - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectHEAD.html - operationId: HeadObject - parameters: - - description: Return the object only if its entity tag (ETag) is the same as - the one specified; otherwise, return a 412 (precondition failed) error. - in: header - name: If-Match - required: false - schema: - type: string - - description: Return the object only if it has been modified since the specified - time; otherwise, return a 304 (not modified) error. - in: header - name: If-Modified-Since - required: false - schema: - format: date-time - type: string - - description: Return the object only if its entity tag (ETag) is different - from the one specified; otherwise, return a 304 (not modified) error. - in: header - name: If-None-Match - required: false - schema: - type: string - - description: Return the object only if it has not been modified since the - specified time; otherwise, return a 412 (precondition failed) error. - in: header - name: If-Unmodified-Since - required: false - schema: - format: date-time - type: string - - description: The object key. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: Because HeadObject returns only the metadata for - an object, this parameter has no effect. - in: header - name: Range - required: false - schema: - type: string - - description: VersionId used to reference a specific version of the object. - in: query - name: versionId - required: false - schema: - type: string - - description: Specifies the algorithm to use to when encrypting the object - (for example, AES256). - in: header - name: x-amz-server-side-encryption-customer-algorithm - required: false - schema: - type: string - - description: Specifies the customer-provided encryption key for Amazon S3 - to use in encrypting data. This value is used to store the object and then - it is discarded; Amazon S3 does not store the encryption key. The key must - be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm - header. - in: header - name: x-amz-server-side-encryption-customer-key - required: false - schema: - format: password - type: string - - description: Specifies the 128-bit MD5 digest of the encryption key according - to RFC 1321. Amazon S3 uses this header for a message integrity check to - ensure that the encryption key was transmitted without error. - in: header - name: x-amz-server-side-encryption-customer-key-MD5 - required: false - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: Part number of the object being read. This is a positive integer - between 1 and 10,000. Effectively performs a 'ranged' HEAD request for the - part specified. Useful querying about the size of the part and the number - of parts in this object. - in: query - name: partNumber - required: false - schema: - type: integer - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description:

To retrieve the checksum, this parameter must be enabled.

-

In addition, if you enable ChecksumMode and the object is - encrypted with Amazon Web Services Key Management Service (Amazon Web Services - KMS), you must have permission to use the kms:Decrypt action - for the request to succeed.

- in: header - name: x-amz-checksum-mode - required: false - schema: - enum: - - ENABLED - type: string - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/HeadObjectOutput' - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchKey' - description: NoSuchKey - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

Adds an object to a bucket. You must have WRITE permissions - on a bucket to add an object to it.

Amazon S3 never adds partial objects; - if you receive a success response, Amazon S3 added the entire object to the - bucket.

Amazon S3 is a distributed system. If it receives multiple - write requests for the same object simultaneously, it overwrites all but the - last object written. Amazon S3 does not provide object locking; if you need - this, make sure to build it into your application layer or use versioning - instead.

To ensure that data is not corrupted traversing the network, - use the Content-MD5 header. When you use this header, Amazon - S3 checks the object against the provided MD5 value and, if they do not match, - returns an error. Additionally, you can calculate the MD5 while putting an - object to Amazon S3 and compare the returned ETag to the calculated MD5 value.

-

  • To successfully complete the PutObject request, - you must have the s3:PutObject in your IAM permissions.

    • -

  • To successfully change the objects acl of your PutObject - request, you must have the s3:PutObjectAcl in your IAM permissions.

    -

  • The Content-MD5 header is required for any request - to upload an object with a retention period configured using Amazon S3 Object - Lock. For more information about Amazon S3 Object Lock, see Amazon - S3 Object Lock Overview in the Amazon S3 User Guide.

    • -

Server-side Encryption

You can optionally - request server-side encryption. With server-side encryption, Amazon S3 encrypts - your data as it writes it to disks in its data centers and decrypts the data - when you access it. You have the option to provide your own encryption key - or use Amazon Web Services managed encryption keys (SSE-S3 or SSE-KMS). For - more information, see Using - Server-Side Encryption.

If you request server-side encryption using - Amazon Web Services Key Management Service (SSE-KMS), you can enable an S3 - Bucket Key at the object-level. For more information, see Amazon - S3 Bucket Keys in the Amazon S3 User Guide.

Access Control - List (ACL)-Specific Request Headers

You can use headers to grant - ACL- based permissions. By default, all objects are private. Only the owner - has full access control. When adding a new object, you can grant permissions - to individual Amazon Web Services accounts or to predefined groups defined - by Amazon S3. These permissions are then added to the ACL on the object. For - more information, see Access - Control List (ACL) Overview and Managing - ACLs Using the REST API.

If the bucket that you're uploading objects - to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are - disabled and no longer affect permissions. Buckets that use this setting only - accept PUT requests that don't specify an ACL or PUT requests that specify - bucket owner full control ACLs, such as the bucket-owner-full-control - canned ACL or an equivalent form of this ACL expressed in the XML format. - PUT requests that contain other ACLs (for example, custom grants to certain - Amazon Web Services accounts) fail and return a 400 error with - the error code AccessControlListNotSupported.

For more - information, see - Controlling ownership of objects and disabling ACLs in the Amazon S3 - User Guide.

If your bucket uses the bucket owner enforced - setting for Object Ownership, all objects written to the bucket by any account - will be owned by the bucket owner.

Storage Class Options -

By default, Amazon S3 uses the STANDARD Storage Class to store newly - created objects. The STANDARD storage class provides high durability and high - availability. Depending on performance needs, you can specify a different - Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. - For more information, see Storage - Classes in the Amazon S3 User Guide.

Versioning -

If you enable versioning for a bucket, Amazon S3 automatically generates - a unique version ID for the object being stored. Amazon S3 returns this ID - in the response. When you enable versioning for a bucket, if Amazon S3 receives - multiple write requests for the same object simultaneously, it stores all - of the objects.

For more information about versioning, see Adding - Objects to Versioning Enabled Buckets. For information about returning - the versioning state of a bucket, see GetBucketVersioning. -

Related Resources

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectPUT.html - operationId: PutObject - parameters: - - description:

The canned ACL to apply to the object. For more information, - see Canned - ACL.

This action is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-acl - required: false - schema: - enum: - - private - - public-read - - public-read-write - - authenticated-read - - aws-exec-read - - bucket-owner-read - - bucket-owner-full-control - type: string - - description: ' Can be used to specify caching behavior along the request/reply - chain. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.' - in: header - name: Cache-Control - required: false - schema: - type: string - - description: Specifies presentational information for the object. For more - information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1. - in: header - name: Content-Disposition - required: false - schema: - type: string - - description: Specifies what content encodings have been applied to the object - and thus what decoding mechanisms must be applied to obtain the media-type - referenced by the Content-Type header field. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11. - in: header - name: Content-Encoding - required: false - schema: - type: string - - description: The language the content is in. - in: header - name: Content-Language - required: false - schema: - type: string - - description: Size of the body in bytes. This parameter is useful when the - size of the body cannot be determined automatically. For more information, - see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13. - in: header - name: Content-Length - required: false - schema: - type: integer - - description: The base64-encoded 128-bit MD5 digest of the message (without - the headers) according to RFC 1864. This header can be used as a message - integrity check to verify that the data is the same data that was originally - sent. Although it is optional, we recommend using the Content-MD5 mechanism - as an end-to-end integrity check. For more information about REST request - authentication, see REST - Authentication. - in: header - name: Content-MD5 - required: false - schema: - type: string - - description: A standard MIME type describing the format of the contents. For - more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17. - in: header - name: Content-Type - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: This header can be used as a data integrity check to verify that - the data received is the same data that was originally sent. This header - specifies the base64-encoded, 32-bit CRC32 checksum of the object. For more - information, see Checking - object integrity in the Amazon S3 User Guide. - in: header - name: x-amz-checksum-crc32 - required: false - schema: - type: string - - description: This header can be used as a data integrity check to verify that - the data received is the same data that was originally sent. This header - specifies the base64-encoded, 32-bit CRC32C checksum of the object. For - more information, see Checking - object integrity in the Amazon S3 User Guide. - in: header - name: x-amz-checksum-crc32c - required: false - schema: - type: string - - description: This header can be used as a data integrity check to verify that - the data received is the same data that was originally sent. This header - specifies the base64-encoded, 160-bit SHA-1 digest of the object. For more - information, see Checking - object integrity in the Amazon S3 User Guide. - in: header - name: x-amz-checksum-sha1 - required: false - schema: - type: string - - description: This header can be used as a data integrity check to verify that - the data received is the same data that was originally sent. This header - specifies the base64-encoded, 256-bit SHA-256 digest of the object. For - more information, see Checking - object integrity in the Amazon S3 User Guide. - in: header - name: x-amz-checksum-sha256 - required: false - schema: - type: string - - description: The date and time at which the object is no longer cacheable. - For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21. - in: header - name: Expires - required: false - schema: - format: date-time - type: string - - description:

Gives the grantee READ, READ_ACP, and WRITE_ACP permissions - on the object.

This action is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-full-control - required: false - schema: - type: string - - description:

Allows grantee to read the object data and its metadata.

-

This action is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-read - required: false - schema: - type: string - - description:

Allows grantee to read the object ACL.

This action - is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-read-acp - required: false - schema: - type: string - - description:

Allows grantee to write the ACL for the applicable object.

-

This action is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-write-acp - required: false - schema: - type: string - - description: Object key for which the PUT action was initiated. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: The server-side encryption algorithm used when storing this object - in Amazon S3 (for example, AES256, aws:kms). - in: header - name: x-amz-server-side-encryption - required: false - schema: - enum: - - AES256 - - aws:kms - type: string - - description: By default, Amazon S3 uses the STANDARD Storage Class to store - newly created objects. The STANDARD storage class provides high durability - and high availability. Depending on performance needs, you can specify a - different Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage - Class. For more information, see Storage - Classes in the Amazon S3 User Guide. - in: header - name: x-amz-storage-class - required: false - schema: - enum: - - STANDARD - - REDUCED_REDUNDANCY - - STANDARD_IA - - ONEZONE_IA - - INTELLIGENT_TIERING - - GLACIER - - DEEP_ARCHIVE - - OUTPOSTS - - GLACIER_IR - type: string - - description: '

If the bucket is configured as a website, redirects requests - for this object to another object in the same bucket or to an external URL. - Amazon S3 stores the value of this header in the object metadata. For information - about object metadata, see Object - Key and Metadata.

In the following example, the request header - sets the redirect to an object (anotherPage.html) in the same bucket:

-

x-amz-website-redirect-location: /anotherPage.html

-

In the following example, the request header sets the object redirect - to another website:

x-amz-website-redirect-location: http://www.example.com/ -

For more information about website hosting in Amazon S3, see Hosting - Websites on Amazon S3 and How - to Configure Website Page Redirects.

' - in: header - name: x-amz-website-redirect-location - required: false - schema: - type: string - - description: Specifies the algorithm to use to when encrypting the object - (for example, AES256). - in: header - name: x-amz-server-side-encryption-customer-algorithm - required: false - schema: - type: string - - description: Specifies the customer-provided encryption key for Amazon S3 - to use in encrypting data. This value is used to store the object and then - it is discarded; Amazon S3 does not store the encryption key. The key must - be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm - header. - in: header - name: x-amz-server-side-encryption-customer-key - required: false - schema: - format: password - type: string - - description: Specifies the 128-bit MD5 digest of the encryption key according - to RFC 1321. Amazon S3 uses this header for a message integrity check to - ensure that the encryption key was transmitted without error. - in: header - name: x-amz-server-side-encryption-customer-key-MD5 - required: false - schema: - type: string - - description: 'If x-amz-server-side-encryption is present and - has the value of aws:kms, this header specifies the ID of the - Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetrical - customer managed key that was used for the object. If you specify x-amz-server-side-encryption:aws:kms, - but do not provide x-amz-server-side-encryption-aws-kms-key-id, - Amazon S3 uses the Amazon Web Services managed key to protect the data. - If the KMS key does not exist in the same account issuing the command, you - must use the full ARN and not just the ID. ' - in: header - name: x-amz-server-side-encryption-aws-kms-key-id - required: false - schema: - format: password - type: string - - description: Specifies the Amazon Web Services KMS Encryption Context to use - for object encryption. The value of this header is a base64-encoded UTF-8 - string holding JSON with the encryption context key-value pairs. - in: header - name: x-amz-server-side-encryption-context - required: false - schema: - format: password - type: string - - description: "

Specifies whether Amazon S3 should use an S3 Bucket Key for\ - \ object encryption with server-side encryption using AWS KMS (SSE-KMS).\ - \ Setting this header to true causes Amazon S3 to use an S3\ - \ Bucket Key for object encryption with SSE-KMS.

Specifying this\ - \ header with a PUT action doesn\u2019t affect bucket-level settings for\ - \ S3 Bucket Key.

" - in: header - name: x-amz-server-side-encryption-bucket-key-enabled - required: false - schema: - type: boolean - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The tag-set for the object. The tag-set must be encoded as URL - Query parameters. (For example, "Key1=Value1") - in: header - name: x-amz-tagging - required: false - schema: - type: string - - description: The Object Lock mode that you want to apply to this object. - in: header - name: x-amz-object-lock-mode - required: false - schema: - enum: - - GOVERNANCE - - COMPLIANCE - type: string - - description: The date and time when you want this object's Object Lock to - expire. Must be formatted as a timestamp parameter. - in: header - name: x-amz-object-lock-retain-until-date - required: false - schema: - format: date-time - type: string - - description: Specifies whether a legal hold will be applied to this object. - For more information about S3 Object Lock, see Object - Lock. - in: header - name: x-amz-object-lock-legal-hold - required: false - schema: - enum: - - 'ON' - - 'OFF' - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - properties: - Body: - description: Object data. - type: string - x-amz-meta-: - additionalProperties: - $ref: '#/components/schemas/MetadataValue' - description: A map of metadata to store with the object in S3. - type: object - type: object - required: true - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/PutObjectOutput' - description: Success - /{Key}#partNumber&uploadId: - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description: '

Uploads a part in a multipart upload.

In this - operation, you provide part data in your request. However, you have an option - to specify your existing Amazon S3 object as a data source for the part you - are uploading. To upload a part from an existing object, you use the UploadPartCopy - operation.

You must initiate a multipart upload (see CreateMultipartUpload) - before you can upload any part. In response to your initiate request, Amazon - S3 returns an upload ID, a unique identifier, that you must include in your - upload part request.

Part numbers can be any number from 1 to 10,000, - inclusive. A part number uniquely identifies a part and also defines its position - within the object being created. If you upload a new part using the same part - number that was used with a previous part, the previously uploaded part is - overwritten.

For information about maximum and minimum part sizes and - other multipart upload specifications, see Multipart - upload limits in the Amazon S3 User Guide.

To ensure that - data is not corrupted when traversing the network, specify the Content-MD5 - header in the upload part request. Amazon S3 checks the part data against - the provided MD5 value. If they do not match, Amazon S3 returns an error. -

If the upload request is signed with Signature Version 4, then Amazon - Web Services S3 uses the x-amz-content-sha256 header as a checksum - instead of Content-MD5. For more information see Authenticating - Requests: Using the Authorization Header (Amazon Web Services Signature Version - 4).

Note: After you initiate multipart upload and upload - one or more parts, you must either complete or abort multipart upload in order - to stop getting charged for storage of the uploaded parts. Only after you - either complete or abort multipart upload, Amazon S3 frees up the parts storage - and stops charging you for the parts storage.

For more information - on multipart uploads, go to Multipart - Upload Overview in the Amazon S3 User Guide .

For information - on the permissions required to use the multipart upload API, go to Multipart - Upload and Permissions in the Amazon S3 User Guide.

You - can optionally request server-side encryption where Amazon S3 encrypts your - data as it writes it to disks in its data centers and decrypts it for you - when you access it. You have the option of providing your own encryption key, - or you can use the Amazon Web Services managed encryption keys. If you choose - to provide your own encryption key, the request headers you provide in the - request must match the headers you used in the request to initiate the upload - by using CreateMultipartUpload. - For more information, go to Using - Server-Side Encryption in the Amazon S3 User Guide.

Server-side - encryption is supported by the S3 Multipart Upload actions. Unless you are - using a customer-provided encryption key, you don''t need to specify the encryption - parameters in each UploadPart request. Instead, you only need to specify the - server-side encryption parameters in the initial Initiate Multipart request. - For more information, see CreateMultipartUpload.

-

If you requested server-side encryption using a customer-provided encryption - key in your initiate multipart upload request, you must provide identical - encryption information in each part upload using the following headers.

-

  • x-amz-server-side-encryption-customer-algorithm

  • -

    x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

    -

Special Errors

    • -

      Code: NoSuchUpload

    • Cause: The specified - multipart upload does not exist. The upload ID might be invalid, or the multipart - upload might have been aborted or completed.

    • HTTP - Status Code: 404 Not Found

    • SOAP Fault Code Prefix: - Client

Related Resources -

' - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadUploadPart.html - operationId: UploadPart - parameters: - - description: Size of the body in bytes. This parameter is useful when the - size of the body cannot be determined automatically. - in: header - name: Content-Length - required: false - schema: - type: integer - - description: The base64-encoded 128-bit MD5 digest of the part data. This - parameter is auto-populated when using the command from the CLI. This parameter - is required if object lock parameters are specified. - in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

This checksum algorithm must be the same for all parts - and it match the checksum value supplied in the CreateMultipartUpload - request.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: This header can be used as a data integrity check to verify that - the data received is the same data that was originally sent. This header - specifies the base64-encoded, 32-bit CRC32 checksum of the object. For more - information, see Checking - object integrity in the Amazon S3 User Guide. - in: header - name: x-amz-checksum-crc32 - required: false - schema: - type: string - - description: This header can be used as a data integrity check to verify that - the data received is the same data that was originally sent. This header - specifies the base64-encoded, 32-bit CRC32C checksum of the object. For - more information, see Checking - object integrity in the Amazon S3 User Guide. - in: header - name: x-amz-checksum-crc32c - required: false - schema: - type: string - - description: This header can be used as a data integrity check to verify that - the data received is the same data that was originally sent. This header - specifies the base64-encoded, 160-bit SHA-1 digest of the object. For more - information, see Checking - object integrity in the Amazon S3 User Guide. - in: header - name: x-amz-checksum-sha1 - required: false - schema: - type: string - - description: This header can be used as a data integrity check to verify that - the data received is the same data that was originally sent. This header - specifies the base64-encoded, 256-bit SHA-256 digest of the object. For - more information, see Checking - object integrity in the Amazon S3 User Guide. - in: header - name: x-amz-checksum-sha256 - required: false - schema: - type: string - - description: Object key for which the multipart upload was initiated. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: Part number of part being uploaded. This is a positive integer - between 1 and 10,000. - in: query - name: partNumber - required: true - schema: - type: integer - - description: Upload ID identifying the multipart upload whose part is being - uploaded. - in: query - name: uploadId - required: true - schema: - type: string - - description: Specifies the algorithm to use to when encrypting the object - (for example, AES256). - in: header - name: x-amz-server-side-encryption-customer-algorithm - required: false - schema: - type: string - - description: Specifies the customer-provided encryption key for Amazon S3 - to use in encrypting data. This value is used to store the object and then - it is discarded; Amazon S3 does not store the encryption key. The key must - be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm - header. This must be the same encryption key specified in the initiate - multipart upload request. - in: header - name: x-amz-server-side-encryption-customer-key - required: false - schema: - format: password - type: string - - description: Specifies the 128-bit MD5 digest of the encryption key according - to RFC 1321. Amazon S3 uses this header for a message integrity check to - ensure that the encryption key was transmitted without error. - in: header - name: x-amz-server-side-encryption-customer-key-MD5 - required: false - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - properties: - Body: - description: Object data. - type: string - type: object - required: true - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/UploadPartOutput' - description: Success - /{Key}#uploadId: - delete: - description:

This action aborts a multipart upload. After a multipart upload - is aborted, no additional parts can be uploaded using that upload ID. The - storage consumed by any previously uploaded parts will be freed. However, - if any part uploads are currently in progress, those part uploads might or - might not succeed. As a result, it might be necessary to abort a given multipart - upload multiple times in order to completely free all storage consumed by - all parts.

To verify that all parts have been removed, so you don't - get charged for the part storage, you should call the ListParts - action and ensure that the parts list is empty.

For information about - permissions required to use the multipart upload, see Multipart - Upload and Permissions.

The following operations are related to - AbortMultipartUpload:

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadAbort.html - operationId: AbortMultipartUpload - parameters: - - description: Key of the object for which the multipart upload was initiated. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: Upload ID that identifies the multipart upload. - in: query - name: uploadId - required: true - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - responses: - '204': - content: - text/xml: - schema: - $ref: '#/components/schemas/AbortMultipartUploadOutput' - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchUpload' - description: NoSuchUpload - get: - description:

Lists the parts that have been uploaded for a specific multipart - upload. This operation must include the upload ID, which you obtain by sending - the initiate multipart upload request (see CreateMultipartUpload). - This request returns a maximum of 1,000 uploaded parts. The default number - of parts returned is 1,000 parts. You can restrict the number of parts returned - by specifying the max-parts request parameter. If your multipart - upload consists of more than 1,000 parts, the response returns an IsTruncated - field with the value of true, and a NextPartNumberMarker element. - In subsequent ListParts requests you can include the part-number-marker - query string parameter and set its value to the NextPartNumberMarker - field value from the previous response.

If the upload was created using - a checksum algorithm, you will need to have permission to the kms:Decrypt - action for the request to succeed.

For more information on multipart - uploads, see Uploading - Objects Using Multipart Upload.

For information on permissions - required to use the multipart upload API, see Multipart - Upload and Permissions.

The following operations are related to - ListParts:

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadListParts.html - operationId: ListParts - parameters: - - description: Object key for which the multipart upload was initiated. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: Sets the maximum number of parts to return. - in: query - name: max-parts - required: false - schema: - type: integer - - description: Specifies the part after which listing should begin. Only parts - with higher part numbers will be listed. - in: query - name: part-number-marker - required: false - schema: - type: integer - - description: Upload ID identifying the multipart upload whose parts are being - listed. - in: query - name: uploadId - required: true - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description: The server-side encryption (SSE) algorithm used to encrypt the - object. This parameter is needed only when the object was created using - a checksum algorithm. For more information, see Protecting - data using SSE-C keys in the Amazon S3 User Guide. - in: header - name: x-amz-server-side-encryption-customer-algorithm - required: false - schema: - type: string - - description: The server-side encryption (SSE) customer managed key. This parameter - is needed only when the object was created using a checksum algorithm. For - more information, see Protecting - data using SSE-C keys in the Amazon S3 User Guide. - in: header - name: x-amz-server-side-encryption-customer-key - required: false - schema: - format: password - type: string - - description: The MD5 server-side encryption (SSE) customer managed key. This - parameter is needed only when the object was created using a checksum algorithm. - For more information, see Protecting - data using SSE-C keys in the Amazon S3 User Guide. - in: header - name: x-amz-server-side-encryption-customer-key-MD5 - required: false - schema: - type: string - - description: Pagination limit - in: query - name: MaxParts - required: false - schema: - type: string - - description: Pagination token - in: query - name: PartNumberMarker - required: false - schema: - type: string - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/ListPartsOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - post: - description: '

Completes a multipart upload by assembling previously uploaded - parts.

You first initiate the multipart upload and then upload all - parts using the UploadPart - operation. After successfully uploading all relevant parts of an upload, you - call this action to complete the upload. Upon receiving this request, Amazon - S3 concatenates all the parts in ascending order by part number to create - a new object. In the Complete Multipart Upload request, you must provide the - parts list. You must ensure that the parts list is complete. This action concatenates - the parts that you provide in the list. For each part in the list, you must - provide the part number and the ETag value, returned after that - part was uploaded.

Processing of a Complete Multipart Upload request - could take several minutes to complete. After Amazon S3 begins processing - the request, it sends an HTTP response header that specifies a 200 OK response. - While processing is in progress, Amazon S3 periodically sends white space - characters to keep the connection from timing out. Because a request could - fail after the initial 200 OK response has been sent, it is important that - you check the response body to determine whether the request succeeded.

-

Note that if CompleteMultipartUpload fails, applications should - be prepared to retry the failed requests. For more information, see Amazon - S3 Error Best Practices.

You cannot use Content-Type: - application/x-www-form-urlencoded with Complete Multipart Upload requests. - Also, if you do not provide a Content-Type header, CompleteMultipartUpload - returns a 200 OK response.

For more information about - multipart uploads, see Uploading - Objects Using Multipart Upload.

For information about permissions - required to use the multipart upload API, see Multipart - Upload and Permissions.

CompleteMultipartUpload has - the following special errors:

  • Error code: EntityTooSmall -

    • Description: Your proposed upload is smaller than the minimum - allowed object size. Each part must be at least 5 MB in size, except the last - part.

    • 400 Bad Request

  • Error - code: InvalidPart

    • Description: One or more - of the specified parts could not be found. The part might not have been uploaded, - or the specified entity tag might not have matched the part''s entity tag.

      -

    • 400 Bad Request

  • Error code: InvalidPartOrder -

    • Description: The list of parts was not in ascending order. - The parts list must be specified in order by part number.

    • 400 - Bad Request

  • Error code: NoSuchUpload -

    • Description: The specified multipart upload does not exist. - The upload ID might be invalid, or the multipart upload might have been aborted - or completed.

    • 404 Not Found

-

The following operations are related to CompleteMultipartUpload:

- ' - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadComplete.html - operationId: CompleteMultipartUpload - parameters: - - description: Object key for which the multipart upload was initiated. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: ID for the initiated multipart upload. - in: query - name: uploadId - required: true - schema: - type: string - - description: This header can be used as a data integrity check to verify that - the data received is the same data that was originally sent. This header - specifies the base64-encoded, 32-bit CRC32 checksum of the object. For more - information, see Checking - object integrity in the Amazon S3 User Guide. - in: header - name: x-amz-checksum-crc32 - required: false - schema: - type: string - - description: This header can be used as a data integrity check to verify that - the data received is the same data that was originally sent. This header - specifies the base64-encoded, 32-bit CRC32C checksum of the object. For - more information, see Checking - object integrity in the Amazon S3 User Guide. - in: header - name: x-amz-checksum-crc32c - required: false - schema: - type: string - - description: This header can be used as a data integrity check to verify that - the data received is the same data that was originally sent. This header - specifies the base64-encoded, 160-bit SHA-1 digest of the object. For more - information, see Checking - object integrity in the Amazon S3 User Guide. - in: header - name: x-amz-checksum-sha1 - required: false - schema: - type: string - - description: This header can be used as a data integrity check to verify that - the data received is the same data that was originally sent. This header - specifies the base64-encoded, 256-bit SHA-256 digest of the object. For - more information, see Checking - object integrity in the Amazon S3 User Guide. - in: header - name: x-amz-checksum-sha256 - required: false - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description: The server-side encryption (SSE) algorithm used to encrypt the - object. This parameter is needed only when the object was created using - a checksum algorithm. For more information, see Protecting - data using SSE-C keys in the Amazon S3 User Guide. - in: header - name: x-amz-server-side-encryption-customer-algorithm - required: false - schema: - type: string - - description: The server-side encryption (SSE) customer managed key. This parameter - is needed only when the object was created using a checksum algorithm. For - more information, see Protecting - data using SSE-C keys in the Amazon S3 User Guide. - in: header - name: x-amz-server-side-encryption-customer-key - required: false - schema: - format: password - type: string - - description: The MD5 server-side encryption (SSE) customer managed key. This - parameter is needed only when the object was created using a checksum algorithm. - For more information, see Protecting - data using SSE-C keys in the Amazon S3 User Guide. - in: header - name: x-amz-server-side-encryption-customer-key-MD5 - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - properties: - CompleteMultipartUpload: - description: The container for the completed multipart upload details. - properties: - Part: - allOf: - - $ref: '#/components/schemas/CompletedPartList' - - description:

Array of CompletedPart data types.

If - you do not supply a valid Part with your request, - the service sends back an HTTP 400 response.

- type: object - type: object - required: true - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/CompleteMultipartUploadOutput' - description: Success - /{Key}#x-amz-copy-source: - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

Creates a copy of an object that is already stored in Amazon - S3.

You can store individual objects of up to 5 TB in Amazon - S3. You create a copy of your object up to 5 GB in size in a single atomic - action using this API. However, to copy an object greater than 5 GB, you must - use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more - information, see Copy - Object Using the REST Multipart Upload API.

All copy requests - must be authenticated. Additionally, you must have read access to the - source object and write access to the destination bucket. For more - information, see REST - Authentication. Both the Region that you want to copy the object from - and the Region that you want to copy the object to must be enabled for your - account.

A copy request might return an error when Amazon S3 receives - the copy request or while Amazon S3 is copying the files. If the error occurs - before the copy action starts, you receive a standard Amazon S3 error. If - the error occurs during the copy operation, the error response is embedded - in the 200 OK response. This means that a 200 OK - response can contain either a success or an error. Design your application - to parse the contents of the response and handle it appropriately.

If - the copy is successful, you receive a response with information about the - copied object.

If the request is an HTTP 1.1 request, the response - is chunk encoded. If it were not, it would not contain the content-length, - and you would need to read the entire body.

The copy request - charge is based on the storage class and Region that you specify for the destination - object. For pricing information, see Amazon - S3 pricing.

Amazon S3 transfer acceleration does not - support cross-Region copies. If you request a cross-Region copy using a transfer - acceleration endpoint, you get a 400 Bad Request error. For more - information, see Transfer - Acceleration.

Metadata

When copying - an object, you can preserve all metadata (default) or specify new metadata. - However, the ACL is not preserved and is set to private for the user making - the request. To override the default ACL setting, specify a new ACL when generating - a copy request. For more information, see Using - ACLs.

To specify whether you want the object metadata copied from - the source object or replaced with metadata provided in the request, you can - optionally add the x-amz-metadata-directive header. When you - grant permissions, you can use the s3:x-amz-metadata-directive - condition key to enforce certain metadata behavior when objects are uploaded. - For more information, see Specifying - Conditions in a Policy in the Amazon S3 User Guide. For a complete - list of Amazon S3-specific condition keys, see Actions, - Resources, and Condition Keys for Amazon S3.

x-amz-copy-source-if - Headers

To only copy an object under certain conditions, such - as whether the Etag matches or whether the object was modified - before or after a specified date, use the following request parameters:

-

  • x-amz-copy-source-if-match

  • - x-amz-copy-source-if-none-match

  • x-amz-copy-source-if-unmodified-since -

  • x-amz-copy-source-if-modified-since

    -

If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since - headers are present in the request and evaluate as follows, Amazon S3 returns - 200 OK and copies the data:

  • x-amz-copy-source-if-match - condition evaluates to true

  • x-amz-copy-source-if-unmodified-since - condition evaluates to false

If both the x-amz-copy-source-if-none-match - and x-amz-copy-source-if-modified-since headers are present in - the request and evaluate as follows, Amazon S3 returns the 412 Precondition - Failed response code:

  • x-amz-copy-source-if-none-match - condition evaluates to false

  • x-amz-copy-source-if-modified-since - condition evaluates to true

All headers with the - x-amz- prefix, including x-amz-copy-source, must - be signed.

Server-side encryption

When you - perform a CopyObject operation, you can optionally use the appropriate encryption-related - headers to encrypt the object using server-side encryption with Amazon Web - Services managed encryption keys (SSE-S3 or SSE-KMS) or a customer-provided - encryption key. With server-side encryption, Amazon S3 encrypts your data - as it writes it to disks in its data centers and decrypts the data when you - access it. For more information about server-side encryption, see Using - Server-Side Encryption.

If a target object uses SSE-KMS, you can - enable an S3 Bucket Key for the object. For more information, see Amazon - S3 Bucket Keys in the Amazon S3 User Guide.

Access Control - List (ACL)-Specific Request Headers

When copying an object, you - can optionally use headers to grant ACL-based permissions. By default, all - objects are private. Only the owner has full access control. When adding a - new object, you can grant permissions to individual Amazon Web Services accounts - or to predefined groups defined by Amazon S3. These permissions are then added - to the ACL on the object. For more information, see Access - Control List (ACL) Overview and Managing - ACLs Using the REST API.

If the bucket that you're copying objects - to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are - disabled and no longer affect permissions. Buckets that use this setting only - accept PUT requests that don't specify an ACL or PUT requests that specify - bucket owner full control ACLs, such as the bucket-owner-full-control - canned ACL or an equivalent form of this ACL expressed in the XML format.

-

For more information, see - Controlling ownership of objects and disabling ACLs in the Amazon S3 - User Guide.

If your bucket uses the bucket owner enforced - setting for Object Ownership, all objects written to the bucket by any account - will be owned by the bucket owner.

Checksums

When - copying an object, if it has a checksum, that checksum will be copied to the - new object by default. When you copy the object over, you may optionally specify - a different checksum algorithm to use with the x-amz-checksum-algorithm - header.

Storage Class Options

You can use the CopyObject - action to change the storage class of an object that is already stored in - Amazon S3 using the StorageClass parameter. For more information, - see Storage - Classes in the Amazon S3 User Guide.

Versioning -

By default, x-amz-copy-source identifies the current - version of an object to copy. If the current version is a delete marker, Amazon - S3 behaves as if the object was deleted. To copy a different version, use - the versionId subresource.

If you enable versioning on - the target bucket, Amazon S3 generates a unique version ID for the object - being copied. This version ID is different from the version ID of the source - object. Amazon S3 returns the version ID of the copied object in the x-amz-version-id - response header in the response.

If you do not enable versioning or - suspend it on the target bucket, the version ID that Amazon S3 generates is - always null.

If the source object's storage class is GLACIER, you must - restore a copy of this object before you can use it as a source object for - the copy operation. For more information, see RestoreObject.

-

The following operations are related to CopyObject:

For more information, see Copying - Objects.

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectCOPY.html - operationId: CopyObject - parameters: - - description:

The canned ACL to apply to the object.

This action - is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-acl - required: false - schema: - enum: - - private - - public-read - - public-read-write - - authenticated-read - - aws-exec-read - - bucket-owner-read - - bucket-owner-full-control - type: string - - description: Specifies caching behavior along the request/reply chain. - in: header - name: Cache-Control - required: false - schema: - type: string - - description: Indicates the algorithm you want Amazon S3 to use to create the - checksum for the object. For more information, see Checking - object integrity in the Amazon S3 User Guide. - in: header - name: x-amz-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: Specifies presentational information for the object. - in: header - name: Content-Disposition - required: false - schema: - type: string - - description: Specifies what content encodings have been applied to the object - and thus what decoding mechanisms must be applied to obtain the media-type - referenced by the Content-Type header field. - in: header - name: Content-Encoding - required: false - schema: - type: string - - description: The language the content is in. - in: header - name: Content-Language - required: false - schema: - type: string - - description: A standard MIME type describing the format of the object data. - in: header - name: Content-Type - required: false - schema: - type: string - - description:

Specifies the source object for the copy operation. You specify - the value in one of two formats, depending on whether you want to access - the source object through an access - point:

  • For objects not accessed through an access point, - specify the name of the source bucket and the key of the source object, - separated by a slash (/). For example, to copy the object reports/january.pdf - from the bucket awsexamplebucket, use awsexamplebucket/reports/january.pdf. - The value must be URL-encoded.

  • For objects accessed through - access points, specify the Amazon Resource Name (ARN) of the object as accessed - through the access point, in the format arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. - For example, to copy the object reports/january.pdf through - access point my-access-point owned by account 123456789012 - in Region us-west-2, use the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf. - The value must be URL encoded.

    Amazon S3 supports copy operations - using access points only when the source and destination buckets are in - the same Amazon Web Services Region.

    Alternatively, for objects - accessed through Amazon S3 on Outposts, specify the ARN of the object as - accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>. - For example, to copy the object reports/january.pdf through - outpost my-outpost owned by account 123456789012 - in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf. - The value must be URL-encoded.

To copy a specific version - of an object, append ?versionId=<version-id> to the value - (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). - If you don't specify a version ID, Amazon S3 copies the latest version of - the source object.

- in: header - name: x-amz-copy-source - required: true - schema: - pattern: \/.+\/.+ - type: string - - description: Copies the object if its entity tag (ETag) matches the specified - tag. - in: header - name: x-amz-copy-source-if-match - required: false - schema: - type: string - - description: Copies the object if it has been modified since the specified - time. - in: header - name: x-amz-copy-source-if-modified-since - required: false - schema: - format: date-time - type: string - - description: Copies the object if its entity tag (ETag) is different than - the specified ETag. - in: header - name: x-amz-copy-source-if-none-match - required: false - schema: - type: string - - description: Copies the object if it hasn't been modified since the specified - time. - in: header - name: x-amz-copy-source-if-unmodified-since - required: false - schema: - format: date-time - type: string - - description: The date and time at which the object is no longer cacheable. - in: header - name: Expires - required: false - schema: - format: date-time - type: string - - description:

Gives the grantee READ, READ_ACP, and WRITE_ACP permissions - on the object.

This action is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-full-control - required: false - schema: - type: string - - description:

Allows grantee to read the object data and its metadata.

-

This action is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-read - required: false - schema: - type: string - - description:

Allows grantee to read the object ACL.

This action - is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-read-acp - required: false - schema: - type: string - - description:

Allows grantee to write the ACL for the applicable object.

-

This action is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-write-acp - required: false - schema: - type: string - - description: The key of the destination object. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: Specifies whether the metadata is copied from the source object - or replaced with metadata provided in the request. - in: header - name: x-amz-metadata-directive - required: false - schema: - enum: - - COPY - - REPLACE - type: string - - description: Specifies whether the object tag-set are copied from the source - object or replaced with tag-set provided in the request. - in: header - name: x-amz-tagging-directive - required: false - schema: - enum: - - COPY - - REPLACE - type: string - - description: The server-side encryption algorithm used when storing this object - in Amazon S3 (for example, AES256, aws:kms). - in: header - name: x-amz-server-side-encryption - required: false - schema: - enum: - - AES256 - - aws:kms - type: string - - description: By default, Amazon S3 uses the STANDARD Storage Class to store - newly created objects. The STANDARD storage class provides high durability - and high availability. Depending on performance needs, you can specify a - different Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage - Class. For more information, see Storage - Classes in the Amazon S3 User Guide. - in: header - name: x-amz-storage-class - required: false - schema: - enum: - - STANDARD - - REDUCED_REDUNDANCY - - STANDARD_IA - - ONEZONE_IA - - INTELLIGENT_TIERING - - GLACIER - - DEEP_ARCHIVE - - OUTPOSTS - - GLACIER_IR - type: string - - description: If the bucket is configured as a website, redirects requests - for this object to another object in the same bucket or to an external URL. - Amazon S3 stores the value of this header in the object metadata. - in: header - name: x-amz-website-redirect-location - required: false - schema: - type: string - - description: Specifies the algorithm to use to when encrypting the object - (for example, AES256). - in: header - name: x-amz-server-side-encryption-customer-algorithm - required: false - schema: - type: string - - description: Specifies the customer-provided encryption key for Amazon S3 - to use in encrypting data. This value is used to store the object and then - it is discarded; Amazon S3 does not store the encryption key. The key must - be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm - header. - in: header - name: x-amz-server-side-encryption-customer-key - required: false - schema: - format: password - type: string - - description: Specifies the 128-bit MD5 digest of the encryption key according - to RFC 1321. Amazon S3 uses this header for a message integrity check to - ensure that the encryption key was transmitted without error. - in: header - name: x-amz-server-side-encryption-customer-key-MD5 - required: false - schema: - type: string - - description: Specifies the Amazon Web Services KMS key ID to use for object - encryption. All GET and PUT requests for an object protected by Amazon Web - Services KMS will fail if not made via SSL or using SigV4. For information - about configuring using any of the officially supported Amazon Web Services - SDKs and Amazon Web Services CLI, see Specifying - the Signature Version in Request Authentication in the Amazon S3 - User Guide. - in: header - name: x-amz-server-side-encryption-aws-kms-key-id - required: false - schema: - format: password - type: string - - description: Specifies the Amazon Web Services KMS Encryption Context to use - for object encryption. The value of this header is a base64-encoded UTF-8 - string holding JSON with the encryption context key-value pairs. - in: header - name: x-amz-server-side-encryption-context - required: false - schema: - format: password - type: string - - description: "

Specifies whether Amazon S3 should use an S3 Bucket Key for\ - \ object encryption with server-side encryption using AWS KMS (SSE-KMS).\ - \ Setting this header to true causes Amazon S3 to use an S3\ - \ Bucket Key for object encryption with SSE-KMS.

Specifying this\ - \ header with a COPY action doesn\u2019t affect bucket-level settings for\ - \ S3 Bucket Key.

" - in: header - name: x-amz-server-side-encryption-bucket-key-enabled - required: false - schema: - type: boolean - - description: Specifies the algorithm to use when decrypting the source object - (for example, AES256). - in: header - name: x-amz-copy-source-server-side-encryption-customer-algorithm - required: false - schema: - type: string - - description: Specifies the customer-provided encryption key for Amazon S3 - to use to decrypt the source object. The encryption key provided in this - header must be one that was used when the source object was created. - in: header - name: x-amz-copy-source-server-side-encryption-customer-key - required: false - schema: - format: password - type: string - - description: Specifies the 128-bit MD5 digest of the encryption key according - to RFC 1321. Amazon S3 uses this header for a message integrity check to - ensure that the encryption key was transmitted without error. - in: header - name: x-amz-copy-source-server-side-encryption-customer-key-MD5 - required: false - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The tag-set for the object destination object this value must - be used in conjunction with the TaggingDirective. The tag-set - must be encoded as URL Query parameters. - in: header - name: x-amz-tagging - required: false - schema: - type: string - - description: The Object Lock mode that you want to apply to the copied object. - in: header - name: x-amz-object-lock-mode - required: false - schema: - enum: - - GOVERNANCE - - COMPLIANCE - type: string - - description: The date and time when you want the copied object's Object Lock - to expire. - in: header - name: x-amz-object-lock-retain-until-date - required: false - schema: - format: date-time - type: string - - description: Specifies whether you want to apply a legal hold to the copied - object. - in: header - name: x-amz-object-lock-legal-hold - required: false - schema: - enum: - - 'ON' - - 'OFF' - type: string - - description: The account ID of the expected destination bucket owner. If the - destination bucket is owned by a different account, the request fails with - the HTTP status code 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description: The account ID of the expected source bucket owner. If the source - bucket is owned by a different account, the request fails with the HTTP - status code 403 Forbidden (access denied). - in: header - name: x-amz-source-expected-bucket-owner - required: false - schema: - type: string - requestBody: - content: - text/xml: - schema: - properties: - x-amz-meta-: - additionalProperties: - $ref: '#/components/schemas/MetadataValue' - description: A map of metadata to store with the object in S3. - type: object - type: object - required: true - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/CopyObjectOutput' - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ObjectNotInActiveTierError' - description: ObjectNotInActiveTierError - /{Key}#x-amz-copy-source&partNumber&uploadId: - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description: '

Uploads a part by copying data from an existing object as data - source. You specify the data source by adding the request header x-amz-copy-source - in your request and a byte range by adding the request header x-amz-copy-source-range - in your request.

For information about maximum and minimum part sizes - and other multipart upload specifications, see Multipart - upload limits in the Amazon S3 User Guide.

Instead - of using an existing object as part data, you might use the UploadPart - action and provide data in your request.

You must initiate - a multipart upload before you can upload any part. In response to your initiate - request. Amazon S3 returns a unique identifier, the upload ID, that you must - include in your upload part request.

For more information about using - the UploadPartCopy operation, see the following:

  • -

    For conceptual information about multipart uploads, see Uploading - Objects Using Multipart Upload in the Amazon S3 User Guide.

    -

  • For information about permissions required to use the multipart - upload API, see Multipart - Upload and Permissions in the Amazon S3 User Guide.

  • -

    For information about copying objects using a single atomic action vs. - a multipart upload, see Operations - on Objects in the Amazon S3 User Guide.

  • For information - about using server-side encryption with customer-provided encryption keys - with the UploadPartCopy operation, see CopyObject - and UploadPart.

    -

Note the following additional considerations about the request - headers x-amz-copy-source-if-match, x-amz-copy-source-if-none-match, - x-amz-copy-source-if-unmodified-since, and x-amz-copy-source-if-modified-since:

-

  • Consideration 1 - If both of the x-amz-copy-source-if-match - and x-amz-copy-source-if-unmodified-since headers are present - in the request as follows:

    x-amz-copy-source-if-match - condition evaluates to true, and;

    x-amz-copy-source-if-unmodified-since - condition evaluates to false;

    Amazon S3 returns 200 - OK and copies the data.

  • Consideration 2 - - If both of the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since - headers are present in the request as follows:

    x-amz-copy-source-if-none-match - condition evaluates to false, and;

    x-amz-copy-source-if-modified-since - condition evaluates to true;

    Amazon S3 returns 412 - Precondition Failed response code.

Versioning -

If your bucket has versioning enabled, you could have multiple versions - of the same object. By default, x-amz-copy-source identifies - the current version of the object to copy. If the current version is a delete - marker and you don''t specify a versionId in the x-amz-copy-source, - Amazon S3 returns a 404 error, because the object does not exist. If you specify - versionId in the x-amz-copy-source and the versionId is a delete - marker, Amazon S3 returns an HTTP 400 error, because you are not allowed to - specify a delete marker as a version for the x-amz-copy-source. -

You can optionally specify a specific version of the source object - to copy by adding the versionId subresource as shown in the following - example:

x-amz-copy-source: /bucket/object?versionId=version - id

Special Errors

    • -

    • Code: NoSuchUpload

    • Cause: The specified - multipart upload does not exist. The upload ID might be invalid, or the multipart - upload might have been aborted or completed.

    • HTTP - Status Code: 404 Not Found

    • Code: - InvalidRequest

    • Cause: The specified copy source - is not supported as a byte-range copy source.

    • HTTP - Status Code: 400 Bad Request

- Related Resources

' - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadUploadPartCopy.html - operationId: UploadPartCopy - parameters: - - description:

Specifies the source object for the copy operation. You specify - the value in one of two formats, depending on whether you want to access - the source object through an access - point:

  • For objects not accessed through an access point, - specify the name of the source bucket and key of the source object, separated - by a slash (/). For example, to copy the object reports/january.pdf - from the bucket awsexamplebucket, use awsexamplebucket/reports/january.pdf. - The value must be URL-encoded.

  • For objects accessed through - access points, specify the Amazon Resource Name (ARN) of the object as accessed - through the access point, in the format arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. - For example, to copy the object reports/january.pdf through - access point my-access-point owned by account 123456789012 - in Region us-west-2, use the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf. - The value must be URL encoded.

    Amazon S3 supports copy operations - using access points only when the source and destination buckets are in - the same Amazon Web Services Region.

    Alternatively, for objects - accessed through Amazon S3 on Outposts, specify the ARN of the object as - accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>. - For example, to copy the object reports/january.pdf through - outpost my-outpost owned by account 123456789012 - in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf. - The value must be URL-encoded.

To copy a specific version - of an object, append ?versionId=<version-id> to the value - (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). - If you don't specify a version ID, Amazon S3 copies the latest version of - the source object.

- in: header - name: x-amz-copy-source - required: true - schema: - pattern: \/.+\/.+ - type: string - - description: Copies the object if its entity tag (ETag) matches the specified - tag. - in: header - name: x-amz-copy-source-if-match - required: false - schema: - type: string - - description: Copies the object if it has been modified since the specified - time. - in: header - name: x-amz-copy-source-if-modified-since - required: false - schema: - format: date-time - type: string - - description: Copies the object if its entity tag (ETag) is different than - the specified ETag. - in: header - name: x-amz-copy-source-if-none-match - required: false - schema: - type: string - - description: Copies the object if it hasn't been modified since the specified - time. - in: header - name: x-amz-copy-source-if-unmodified-since - required: false - schema: - format: date-time - type: string - - description: The range of bytes to copy from the source object. The range - value must use the form bytes=first-last, where the first and last are the - zero-based byte offsets to copy. For example, bytes=0-9 indicates that you - want to copy the first 10 bytes of the source. You can copy a range only - if the source object is greater than 5 MB. - in: header - name: x-amz-copy-source-range - required: false - schema: - type: string - - description: Object key for which the multipart upload was initiated. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: Part number of part being copied. This is a positive integer - between 1 and 10,000. - in: query - name: partNumber - required: true - schema: - type: integer - - description: Upload ID identifying the multipart upload whose part is being - copied. - in: query - name: uploadId - required: true - schema: - type: string - - description: Specifies the algorithm to use to when encrypting the object - (for example, AES256). - in: header - name: x-amz-server-side-encryption-customer-algorithm - required: false - schema: - type: string - - description: Specifies the customer-provided encryption key for Amazon S3 - to use in encrypting data. This value is used to store the object and then - it is discarded; Amazon S3 does not store the encryption key. The key must - be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm - header. This must be the same encryption key specified in the initiate multipart - upload request. - in: header - name: x-amz-server-side-encryption-customer-key - required: false - schema: - format: password - type: string - - description: Specifies the 128-bit MD5 digest of the encryption key according - to RFC 1321. Amazon S3 uses this header for a message integrity check to - ensure that the encryption key was transmitted without error. - in: header - name: x-amz-server-side-encryption-customer-key-MD5 - required: false - schema: - type: string - - description: Specifies the algorithm to use when decrypting the source object - (for example, AES256). - in: header - name: x-amz-copy-source-server-side-encryption-customer-algorithm - required: false - schema: - type: string - - description: Specifies the customer-provided encryption key for Amazon S3 - to use to decrypt the source object. The encryption key provided in this - header must be one that was used when the source object was created. - in: header - name: x-amz-copy-source-server-side-encryption-customer-key - required: false - schema: - format: password - type: string - - description: Specifies the 128-bit MD5 digest of the encryption key according - to RFC 1321. Amazon S3 uses this header for a message integrity check to - ensure that the encryption key was transmitted without error. - in: header - name: x-amz-copy-source-server-side-encryption-customer-key-MD5 - required: false - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The account ID of the expected destination bucket owner. If the - destination bucket is owned by a different account, the request fails with - the HTTP status code 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description: The account ID of the expected source bucket owner. If the source - bucket is owned by a different account, the request fails with the HTTP - status code 403 Forbidden (access denied). - in: header - name: x-amz-source-expected-bucket-owner - required: false - schema: - type: string - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/UploadPartCopyOutput' - description: Success - /{Key}?acl: - get: - description:

Returns the access control list (ACL) of an object. To use this - operation, you must have s3:GetObjectAcl permissions or READ_ACP - access to the object. For more information, see Mapping - of ACL permissions and access policy permissions in the Amazon S3 User - Guide

This action is not supported by Amazon S3 on Outposts.

-

Versioning

By default, GET returns ACL information about - the current version of an object. To return ACL information about a different - version, use the versionId subresource.

If your bucket uses - the bucket owner enforced setting for S3 Object Ownership, requests to read - ACLs are still supported and return the bucket-owner-full-control - ACL with the owner being the account that created the bucket. For more information, - see - Controlling object ownership and disabling ACLs in the Amazon S3 User - Guide.

The following operations are related to GetObjectAcl:

- - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectGETacl.html - operationId: GetObjectAcl - parameters: - - description: The key of the object for which to get the ACL information. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: VersionId used to reference a specific version of the object. - in: query - name: versionId - required: false - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: acl - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetObjectAclOutput' - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchKey' - description: NoSuchKey - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description: "

Uses the acl subresource to set the access control\ - \ list (ACL) permissions for a new or existing object in an S3 bucket. You\ - \ must have WRITE_ACP permission to set the ACL of an object.\ - \ For more information, see What permissions can I grant? in the Amazon S3 User Guide.

\ - \

This action is not supported by Amazon S3 on Outposts.

Depending\ - \ on your application needs, you can choose to set the ACL on an object using\ - \ either the request body or the headers. For example, if you have an existing\ - \ application that updates a bucket ACL using the request body, you can continue\ - \ to use that approach. For more information, see Access Control List (ACL) Overview in the Amazon S3 User Guide.

\ - \

If your bucket uses the bucket owner enforced setting for\ - \ S3 Object Ownership, ACLs are disabled and no longer affect permissions.\ - \ You must use policies to grant access to your bucket and the objects in\ - \ it. Requests to set ACLs or update ACLs fail and return the AccessControlListNotSupported\ - \ error code. Requests to read ACLs are still supported. For more information,\ - \ see Controlling object ownership in the Amazon S3 User Guide.

\ - \

Access Permissions

You can set access permissions\ - \ using one of the following methods:

  • Specify a canned ACL\ - \ with the x-amz-acl request header. Amazon S3 supports a set\ - \ of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined\ - \ set of grantees and permissions. Specify the canned ACL name as the value\ - \ of x-amz-acl. If you use this header, you cannot use other\ - \ access control-specific headers in your request. For more information, see\ - \ Canned ACL.

  • Specify access permissions explicitly with\ - \ the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp,\ - \ and x-amz-grant-full-control headers. When using these headers,\ - \ you specify explicit access permissions and grantees (Amazon Web Services\ - \ accounts or Amazon S3 groups) who will receive the permission. If you use\ - \ these ACL-specific headers, you cannot use x-amz-acl header\ - \ to set a canned ACL. These parameters map to the set of permissions that\ - \ Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.

    You specify each grantee as\ - \ a type=value pair, where the type is one of the following:

    • \ - \

      id \u2013 if the value specified is the canonical user\ - \ ID of an Amazon Web Services account

    • uri\ - \ \u2013 if you are granting permissions to a predefined group

    • \ - \

      emailAddress \u2013 if the value specified is the email\ - \ address of an Amazon Web Services account

      Using email addresses\ - \ to specify a grantee is only supported in the following Amazon Web Services\ - \ Regions:

      • US East (N. Virginia)

      • US West\ - \ (N. California)

      • US West (Oregon)

      • Asia\ - \ Pacific (Singapore)

      • Asia Pacific (Sydney)

      • \ - \

        Asia Pacific (Tokyo)

      • Europe (Ireland)

      • \ - \

        South America (S\xE3o Paulo)

      For a list of all the\ - \ Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

      \ - \

    For example, the following x-amz-grant-read\ - \ header grants list objects permission to the two Amazon Web Services accounts\ - \ identified by their email addresses.

    x-amz-grant-read: emailAddress=\"\ - xyz@amazon.com\", emailAddress=\"abc@amazon.com\"

\ - \

You can use either a canned ACL or specify access permissions explicitly.\ - \ You cannot do both.

Grantee Values

You can specify\ - \ the person (grantee) to whom you're assigning access rights (using request\ - \ elements) in the following ways:

  • By the person's ID:

    \ - \

    <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\ - \ xsi:type=\"CanonicalUser\"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName>\ - \ </Grantee>

    DisplayName is optional and ignored in the\ - \ request.

  • By URI:

    <Grantee xmlns:xsi=\"\ - http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>\ - \

  • By Email address:

    <Grantee xmlns:xsi=\"\ - http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"\ - ><EmailAddress><>Grantees@email.com<></EmailAddress>lt;/Grantee>\ - \

    The grantee is resolved to the CanonicalUser and, in a response\ - \ to a GET Object acl request, appears as the CanonicalUser.

    Using\ - \ email addresses to specify a grantee is only supported in the following\ - \ Amazon Web Services Regions:

    • US East (N. Virginia)

      \ - \

    • US West (N. California)

    • US West (Oregon)

      \ - \

    • Asia Pacific (Singapore)

    • Asia Pacific (Sydney)

      \ - \

    • Asia Pacific (Tokyo)

    • Europe (Ireland)

      \ - \

    • South America (S\xE3o Paulo)

    For a list\ - \ of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    \ - \

Versioning

The ACL of an object is\ - \ set at the object version level. By default, PUT sets the ACL of the current\ - \ version of an object. To set the ACL of a different version, use the versionId\ - \ subresource.

Related Resources

" - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectPUTacl.html - operationId: PutObjectAcl - parameters: - - description: The canned ACL to apply to the object. For more information, - see Canned - ACL. - in: header - name: x-amz-acl - required: false - schema: - enum: - - private - - public-read - - public-read-write - - authenticated-read - - aws-exec-read - - bucket-owner-read - - bucket-owner-full-control - type: string - - description:

The base64-encoded 128-bit MD5 digest of the data. This header - must be used as a message integrity check to verify that the request body - was not corrupted in transit. For more information, go to RFC - 1864.>

For requests made using the Amazon Web Services Command - Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated - automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description:

Allows grantee the read, write, read ACP, and write ACP permissions - on the bucket.

This action is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-full-control - required: false - schema: - type: string - - description:

Allows grantee to list the objects in the bucket.

This - action is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-read - required: false - schema: - type: string - - description:

Allows grantee to read the bucket ACL.

This action - is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-read-acp - required: false - schema: - type: string - - description:

Allows grantee to create new objects in the bucket.

For - the bucket and object owners of existing objects, also allows deletions - and overwrites of those objects.

- in: header - name: x-amz-grant-write - required: false - schema: - type: string - - description:

Allows grantee to write the ACL for the applicable bucket.

-

This action is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-write-acp - required: false - schema: - type: string - - description:

Key for which the PUT action was initiated.

When using - this action with an access point, you must direct requests to the access - point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - When using this action with an access point through the Amazon Web Services - SDKs, you provide the access point ARN in place of the bucket name. For - more information about access point ARNs, see Using - access points in the Amazon S3 User Guide.

When using - this action with Amazon S3 on Outposts, you must direct requests to the - S3 on Outposts hostname. The S3 on Outposts hostname takes the form - AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. - When using this action with S3 on Outposts through the Amazon Web Services - SDKs, you provide the Outposts bucket ARN in place of the bucket name. For - more information about S3 on Outposts ARNs, see Using - Amazon S3 on Outposts in the Amazon S3 User Guide.

- in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: VersionId used to reference a specific version of the object. - in: query - name: versionId - required: false - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: acl - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - AccessControlPolicy: - description: Contains the elements that set the ACL permissions - for an object per grantee. - properties: - AccessControlList: - allOf: - - $ref: '#/components/schemas/Grants' - - description: A list of grants. - Owner: - allOf: - - $ref: '#/components/schemas/Owner' - - description: Container for the bucket owner's display name - and ID. - type: object - type: object - required: true - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/PutObjectAclOutput' - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchKey' - description: NoSuchKey - /{Key}?attributes#x-amz-object-attributes: - get: - description:

Retrieves all the metadata from an object without returning - the object itself. This action is useful if you're interested only in an object's - metadata. To use GetObjectAttributes, you must have READ access - to the object.

GetObjectAttributes combines the functionality - of GetObjectAcl, GetObjectLegalHold, GetObjectLockConfiguration, - GetObjectRetention, GetObjectTagging, HeadObject, - and ListParts. All of the data returned with each of those individual - calls can be returned with a single call to GetObjectAttributes.

-

If you encrypt an object by using server-side encryption with customer-provided - encryption keys (SSE-C) when you store the object in Amazon S3, then when - you retrieve the metadata from the object, you must use the following headers:

-

  • x-amz-server-side-encryption-customer-algorithm -

  • x-amz-server-side-encryption-customer-key -

  • x-amz-server-side-encryption-customer-key-MD5 -

For more information about SSE-C, see Server-Side - Encryption (Using Customer-Provided Encryption Keys) in the Amazon - S3 User Guide.

  • Encryption request headers, such - as x-amz-server-side-encryption, should not be sent for GET requests - if your object uses server-side encryption with Amazon Web Services KMS keys - stored in Amazon Web Services Key Management Service (SSE-KMS) or server-side - encryption with Amazon S3 managed encryption keys (SSE-S3). If your object - does use these types of keys, you'll get an HTTP 400 Bad Request - error.

  • The last modified property in this case is the creation - date of the object.

Consider the following when - using request headers:

  • If both of the If-Match - and If-Unmodified-Since headers are present in the request as - follows, then Amazon S3 returns the HTTP status code 200 OK and - the data requested:

    • If-Match condition evaluates - to true.

    • If-Unmodified-Since - condition evaluates to false.

  • If - both of the If-None-Match and If-Modified-Since - headers are present in the request as follows, then Amazon S3 returns the - HTTP status code 304 Not Modified:

    • If-None-Match - condition evaluates to false.

    • If-Modified-Since - condition evaluates to true.

For - more information about conditional requests, see RFC - 7232.

Permissions

The permissions that you need - to use this operation depend on whether the bucket is versioned. If the bucket - is versioned, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes - permissions for this operation. If the bucket is not versioned, you need the - s3:GetObject and s3:GetObjectAttributes permissions. - For more information, see Specifying - Permissions in a Policy in the Amazon S3 User Guide. If the object - that you request does not exist, the error Amazon S3 returns depends on whether - you also have the s3:ListBucket permission.

  • If - you have the s3:ListBucket permission on the bucket, Amazon S3 - returns an HTTP status code 404 Not Found ("no such key") error.

    -

  • If you don't have the s3:ListBucket permission, - Amazon S3 returns an HTTP status code 403 Forbidden ("access - denied") error.

The following actions are related to GetObjectAttributes:

- - operationId: GetObjectAttributes - parameters: - - description: The object key. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: The version ID used to reference a specific version of the object. - in: query - name: versionId - required: false - schema: - type: string - - description: Sets the maximum number of parts to return. - in: header - name: x-amz-max-parts - required: false - schema: - type: integer - - description: Specifies the part after which listing should begin. Only parts - with higher part numbers will be listed. - in: header - name: x-amz-part-number-marker - required: false - schema: - type: integer - - description: Specifies the algorithm to use when encrypting the object (for - example, AES256). - in: header - name: x-amz-server-side-encryption-customer-algorithm - required: false - schema: - type: string - - description: Specifies the customer-provided encryption key for Amazon S3 - to use in encrypting data. This value is used to store the object and then - it is discarded; Amazon S3 does not store the encryption key. The key must - be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm - header. - in: header - name: x-amz-server-side-encryption-customer-key - required: false - schema: - format: password - type: string - - description: Specifies the 128-bit MD5 digest of the encryption key according - to RFC 1321. Amazon S3 uses this header for a message integrity check to - ensure that the encryption key was transmitted without error. - in: header - name: x-amz-server-side-encryption-customer-key-MD5 - required: false - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description: An XML header that specifies the fields at the root level that - you want returned in the response. Fields that you do not specify are not - returned. - in: header - name: x-amz-object-attributes - required: true - schema: - items: - $ref: '#/components/schemas/ObjectAttributes' - type: array - - allowEmptyValue: true - in: query - name: attributes - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetObjectAttributesOutput' - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchKey' - description: NoSuchKey - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - /{Key}?legal-hold: - get: - description:

Gets an object's current legal hold status. For more information, - see Locking - Objects.

This action is not supported by Amazon S3 on Outposts.

-

The following action is related to GetObjectLegalHold:

- - operationId: GetObjectLegalHold - parameters: - - description: The key name for the object whose legal hold status you want - to retrieve. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: The version ID of the object whose legal hold status you want - to retrieve. - in: query - name: versionId - required: false - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: legal-hold - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetObjectLegalHoldOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

Applies a legal hold configuration to the specified object. - For more information, see Locking - Objects.

This action is not supported by Amazon S3 on Outposts.

- operationId: PutObjectLegalHold - parameters: - - description: The key name for the object that you want to place a legal hold - on. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The version ID of the object that you want to place a legal hold - on. - in: query - name: versionId - required: false - schema: - type: string - - description:

The MD5 hash for the request body.

For requests made - using the Amazon Web Services Command Line Interface (CLI) or Amazon Web - Services SDKs, this field is calculated automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: legal-hold - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - LegalHold: - description: A legal hold configuration for an object. - properties: - Status: - allOf: - - $ref: '#/components/schemas/ObjectLockLegalHoldStatus' - - description: Indicates whether the specified object has a - legal hold in place. - type: object - type: object - required: true - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/PutObjectLegalHoldOutput' - description: Success - /{Key}?restore: - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - post: - description: "

Restores an archived copy of an object back into Amazon S3

\ - \

This action is not supported by Amazon S3 on Outposts.

This action\ - \ performs the following types of requests:

  • select\ - \ - Perform a select query on an archived object

  • restore\ - \ an archive - Restore an archived object

To use\ - \ this operation, you must have permissions to perform the s3:RestoreObject\ - \ action. The bucket owner has this permission by default and can grant this\ - \ permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon\ - \ S3 User Guide.

Querying Archives with Select Requests\ - \

You use a select type of request to perform SQL queries on archived\ - \ objects. The archived objects that are being queried by the select request\ - \ must be formatted as uncompressed comma-separated values (CSV) files. You\ - \ can run queries and custom analytics on your archived data without having\ - \ to restore your data to a hotter Amazon S3 tier. For an overview about select\ - \ requests, see Querying Archived Objects in the Amazon S3 User Guide.

When\ - \ making a select request, do the following:

  • Define an output\ - \ location for the select query's output. This must be an Amazon S3 bucket\ - \ in the same Amazon Web Services Region as the bucket that contains the archive\ - \ object that is being queried. The Amazon Web Services account that initiates\ - \ the job must have permissions to write to the S3 bucket. You can specify\ - \ the storage class and encryption for the output objects stored in the bucket.\ - \ For more information about output, see Querying Archived Objects in the Amazon S3 User Guide.

    For\ - \ more information about the S3 structure in the request body,\ - \ see the following:

  • Define the SQL expression for the\ - \ SELECT type of restoration for your query in the request body's\ - \ SelectParameters structure. You can use expressions like the\ - \ following examples.

    • The following expression returns all\ - \ records from the specified object.

      SELECT * FROM Object\ - \

    • Assuming that you are not using any headers for data\ - \ stored in the object, you can specify columns with positional headers.

      \ - \

      SELECT s._1, s._2 FROM Object s WHERE s._3 > 100

      \ - \

    • If you have headers and you set the fileHeaderInfo\ - \ in the CSV structure in the request body to USE,\ - \ you can specify headers in the query. (If you set the fileHeaderInfo\ - \ field to IGNORE, the first row is skipped for the query.) You\ - \ cannot mix ordinal positions with header column names.

      SELECT\ - \ s.Id, s.FirstName, s.SSN FROM S3Object s

\ - \

For more information about using SQL with S3 Glacier Select restore,\ - \ see SQL Reference for Amazon S3 Select and S3 Glacier Select in the Amazon\ - \ S3 User Guide.

When making a select request, you can also do\ - \ the following:

  • To expedite your queries, specify the Expedited\ - \ tier. For more information about tiers, see \"Restoring Archives,\" later\ - \ in this topic.

  • Specify details about the data serialization\ - \ format of both the input object that is being queried and the serialization\ - \ of the CSV-encoded query results.

The following are additional\ - \ important facts about the select feature:

  • The output results\ - \ are new Amazon S3 objects. Unlike archive retrievals, they are stored until\ - \ explicitly deleted-manually or through a lifecycle policy.

  • \ - \

    You can issue more than one select request on the same Amazon S3 object.\ - \ Amazon S3 doesn't deduplicate requests, so avoid issuing duplicate requests.

    \ - \

  • Amazon S3 accepts a select request even if the object has\ - \ already been restored. A select request doesn\u2019t return error response\ - \ 409.

Restoring objects

Objects\ - \ that you archive to the S3 Glacier or S3 Glacier Deep Archive storage class,\ - \ and S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive\ - \ tiers are not accessible in real time. For objects in Archive Access or\ - \ Deep Archive Access tiers you must first initiate a restore request, and\ - \ then wait until the object is moved into the Frequent Access tier. For objects\ - \ in S3 Glacier or S3 Glacier Deep Archive storage classes you must first\ - \ initiate a restore request, and then wait until a temporary copy of the\ - \ object is available. To access an archived object, you must restore the\ - \ object for the duration (number of days) that you specify.

To restore\ - \ a specific object version, you can provide a version ID. If you don't provide\ - \ a version ID, Amazon S3 restores the current version.

When restoring\ - \ an archived object (or using a select request), you can specify one of the\ - \ following data access tier options in the Tier element of the\ - \ request body:

  • Expedited - Expedited retrievals\ - \ allow you to quickly access your data stored in the S3 Glacier storage class\ - \ or S3 Intelligent-Tiering Archive tier when occasional urgent requests for\ - \ a subset of archives are required. For all but the largest archived objects\ - \ (250 MB+), data accessed using Expedited retrievals is typically made available\ - \ within 1\u20135 minutes. Provisioned capacity ensures that retrieval capacity\ - \ for Expedited retrievals is available when you need it. Expedited retrievals\ - \ and provisioned capacity are not available for objects stored in the S3\ - \ Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive\ - \ tier.

  • Standard - Standard retrievals allow\ - \ you to access any of your archived objects within several hours. This is\ - \ the default option for retrieval requests that do not specify the retrieval\ - \ option. Standard retrievals typically finish within 3\u20135 hours for objects\ - \ stored in the S3 Glacier storage class or S3 Intelligent-Tiering Archive\ - \ tier. They typically finish within 12 hours for objects stored in the S3\ - \ Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive\ - \ tier. Standard retrievals are free for objects stored in S3 Intelligent-Tiering.

    \ - \

  • Bulk - Bulk retrievals are the lowest-cost retrieval\ - \ option in S3 Glacier, enabling you to retrieve large amounts, even petabytes,\ - \ of data inexpensively. Bulk retrievals typically finish within 5\u201312\ - \ hours for objects stored in the S3 Glacier storage class or S3 Intelligent-Tiering\ - \ Archive tier. They typically finish within 48 hours for objects stored in\ - \ the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep\ - \ Archive tier. Bulk retrievals are free for objects stored in S3 Intelligent-Tiering.

    \ - \

For more information about archive retrieval options and\ - \ provisioned capacity for Expedited data access, see Restoring\ - \ Archived Objects in the Amazon S3 User Guide.

You can\ - \ use Amazon S3 restore speed upgrade to change the restore speed to a faster\ - \ speed while it is in progress. For more information, see Upgrading the speed of an in-progress restore in the Amazon S3 User\ - \ Guide.

To get the status of object restoration, you can send\ - \ a HEAD request. Operations return the x-amz-restore\ - \ header, which provides information about the restoration status, in the\ - \ response. You can use Amazon S3 event notifications to notify you when a\ - \ restore is initiated or completed. For more information, see Configuring\ - \ Amazon S3 Event Notifications in the Amazon S3 User Guide.

\ - \

After restoring an archived object, you can update the restoration period\ - \ by reissuing the request with a new period. Amazon S3 updates the restoration\ - \ period relative to the current time and charges only for the request-there\ - \ are no data transfer charges. You cannot update the restoration period when\ - \ Amazon S3 is actively processing your current restore request for the object.

\ - \

If your bucket has a lifecycle configuration with a rule that includes\ - \ an expiration action, the object expiration overrides the life span that\ - \ you specify in a restore request. For example, if you restore an object\ - \ copy for 10 days, but the object is scheduled to expire in 3 days, Amazon\ - \ S3 deletes the object in 3 days. For more information about lifecycle configuration,\ - \ see PutBucketLifecycleConfiguration and Object Lifecycle Management in Amazon S3 User Guide.

Responses\ - \

A successful action returns either the 200 OK or 202\ - \ Accepted status code.

  • If the object is not previously\ - \ restored, then Amazon S3 returns 202 Accepted in the response.\ - \

  • If the object is previously restored, Amazon S3 returns\ - \ 200 OK in the response.

Special Errors

    • Code: RestoreAlreadyInProgress\ - \

    • Cause: Object restore is already in progress. (This\ - \ error does not apply to SELECT type requests.)

    • HTTP\ - \ Status Code: 409 Conflict

    • SOAP Fault Code Prefix:\ - \ Client

    • Code: GlacierExpeditedRetrievalNotAvailable\ - \

    • Cause: expedited retrievals are currently not available.\ - \ Try again later. (Returned if there is insufficient capacity to process\ - \ the Expedited request. This error applies only to Expedited retrievals and\ - \ not to S3 Standard or Bulk retrievals.)

    • HTTP\ - \ Status Code: 503

    • SOAP Fault Code Prefix: N/A\ - \

Related Resources\ - \

" - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectRestore.html - operationId: RestoreObject - parameters: - - description: Object key for which the action was initiated. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: VersionId used to reference a specific version of the object. - in: query - name: versionId - required: false - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: restore - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - RestoreRequest: - description: Container for restore job parameters. - properties: - Days: - allOf: - - $ref: '#/components/schemas/Days' - - description:

Lifetime of the active copy in days. Do not - use with restores that specify OutputLocation.

-

The Days element is required for regular restores, and - must not be provided for select requests.

- Description: - allOf: - - $ref: '#/components/schemas/Description' - - description: The optional description for the job. - GlacierJobParameters: - allOf: - - $ref: '#/components/schemas/GlacierJobParameters' - - description: S3 Glacier related parameters pertaining to this - job. Do not use with restores that specify OutputLocation. - OutputLocation: - allOf: - - $ref: '#/components/schemas/OutputLocation' - - description: Describes the location where the restore job's - output is stored. - SelectParameters: - allOf: - - $ref: '#/components/schemas/SelectParameters' - - description: Describes the parameters for Select job types. - Tier: - allOf: - - $ref: '#/components/schemas/Tier' - - description: Retrieval tier at which the restore will be processed. - Type: - allOf: - - $ref: '#/components/schemas/RestoreRequestType' - - description: Type of restore request. - type: object - type: object - required: true - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/RestoreObjectOutput' - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/ObjectAlreadyInActiveTierError' - description: ObjectAlreadyInActiveTierError - /{Key}?retention: - get: - description:

Retrieves an object's retention settings. For more information, - see Locking - Objects.

This action is not supported by Amazon S3 on Outposts.

-

The following action is related to GetObjectRetention:

- - operationId: GetObjectRetention - parameters: - - description: The key name for the object whose retention settings you want - to retrieve. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: The version ID for the object whose retention settings you want - to retrieve. - in: query - name: versionId - required: false - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: retention - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetObjectRetentionOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

Places an Object Retention configuration on an object. For more - information, see Locking - Objects. Users or accounts require the s3:PutObjectRetention - permission in order to place an Object Retention configuration on objects. - Bypassing a Governance Retention configuration requires the s3:BypassGovernanceRetention - permission.

This action is not supported by Amazon S3 on Outposts.

- operationId: PutObjectRetention - parameters: - - description: The key name for the object that you want to apply this Object - Retention configuration to. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The version ID for the object that you want to apply this Object - Retention configuration to. - in: query - name: versionId - required: false - schema: - type: string - - description: Indicates whether this action should bypass Governance-mode restrictions. - in: header - name: x-amz-bypass-governance-retention - required: false - schema: - type: boolean - - description:

The MD5 hash for the request body.

For requests made - using the Amazon Web Services Command Line Interface (CLI) or Amazon Web - Services SDKs, this field is calculated automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: retention - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - Retention: - description: A Retention configuration for an object. - properties: - Mode: - allOf: - - $ref: '#/components/schemas/ObjectLockRetentionMode' - - description: Indicates the Retention mode for the specified - object. - RetainUntilDate: - allOf: - - $ref: '#/components/schemas/Date' - - description: The date on which this Object Lock Retention - will expire. - type: object - type: object - required: true - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/PutObjectRetentionOutput' - description: Success - /{Key}?select&select-type=2: - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - post: - description: "

This action filters the contents of an Amazon S3 object based\ - \ on a simple structured query language (SQL) statement. In the request, along\ - \ with the SQL expression, you must also specify a data serialization format\ - \ (JSON, CSV, or Apache Parquet) of the object. Amazon S3 uses this format\ - \ to parse object data into records, and returns only records that match the\ - \ specified SQL expression. You must also specify the data serialization format\ - \ for the response.

This action is not supported by Amazon S3 on Outposts.

\ - \

For more information about Amazon S3 Select, see Selecting Content from Objects and SELECT Command in the Amazon S3 User Guide.

For more information\ - \ about using SQL with Amazon S3 Select, see SQL Reference for Amazon S3 Select and S3 Glacier Select in the Amazon\ - \ S3 User Guide.

Permissions

You must have\ - \ s3:GetObject permission for this operation.\_Amazon S3 Select\ - \ does not support anonymous access. For more information about permissions,\ - \ see Specifying Permissions in a Policy in the Amazon S3 User Guide.

\ - \

Object Data Formats

You can use Amazon S3 Select\ - \ to query objects that have the following format properties:

  • \ - \

    CSV, JSON, and Parquet - Objects must be in CSV, JSON, or Parquet\ - \ format.

  • UTF-8 - UTF-8 is the only encoding type\ - \ Amazon S3 Select supports.

  • GZIP or BZIP2 - CSV\ - \ and JSON files can be compressed using GZIP or BZIP2. GZIP and BZIP2 are\ - \ the only compression formats that Amazon S3 Select supports for CSV and\ - \ JSON files. Amazon S3 Select supports columnar compression for Parquet using\ - \ GZIP or Snappy. Amazon S3 Select does not support whole-object compression\ - \ for Parquet objects.

  • Server-side encryption -\ - \ Amazon S3 Select supports querying objects that are protected with server-side\ - \ encryption.

    For objects that are encrypted with customer-provided\ - \ encryption keys (SSE-C), you must use HTTPS, and you must use the headers\ - \ that are documented in the GetObject. For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the\ - \ Amazon S3 User Guide.

    For objects that are encrypted with\ - \ Amazon S3 managed encryption keys (SSE-S3) and Amazon Web Services KMS keys\ - \ (SSE-KMS), server-side encryption is handled transparently, so you don't\ - \ need to specify anything. For more information about server-side encryption,\ - \ including SSE-S3 and SSE-KMS, see Protecting Data Using Server-Side Encryption in the Amazon S3 User\ - \ Guide.

Working with the Response Body

\ - \

Given the response size is unknown, Amazon S3 Select streams the response\ - \ as a series of messages and includes a Transfer-Encoding header\ - \ with chunked as its value in the response. For more information,\ - \ see Appendix: SelectObjectContent Response.

GetObject Support\ - \

The SelectObjectContent action does not support the\ - \ following GetObject functionality. For more information, see\ - \ GetObject.

  • Range: Although you can specify\ - \ a scan range for an Amazon S3 Select request (see SelectObjectContentRequest - ScanRange in the request parameters), you\ - \ cannot specify the range of bytes of an object to return.

  • \ - \

    GLACIER, DEEP_ARCHIVE and REDUCED_REDUNDANCY storage classes: You cannot\ - \ specify the GLACIER, DEEP_ARCHIVE, or REDUCED_REDUNDANCY storage\ - \ classes. For more information, about storage classes see Storage Classes in the Amazon S3 User Guide.

\ - \

Special Errors

For a list of special errors for this\ - \ operation, see List of SELECT Object Content Error Codes

Related\ - \ Resources

" - operationId: SelectObjectContent - parameters: - - description: The object key. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: The server-side encryption (SSE) algorithm used to encrypt the - object. This parameter is needed only when the object was created using - a checksum algorithm. For more information, see Protecting - data using SSE-C keys in the Amazon S3 User Guide. - in: header - name: x-amz-server-side-encryption-customer-algorithm - required: false - schema: - type: string - - description: The server-side encryption (SSE) customer managed key. This parameter - is needed only when the object was created using a checksum algorithm. For - more information, see Protecting - data using SSE-C keys in the Amazon S3 User Guide. - in: header - name: x-amz-server-side-encryption-customer-key - required: false - schema: - format: password - type: string - - description: The MD5 server-side encryption (SSE) customer managed key. This - parameter is needed only when the object was created using a checksum algorithm. - For more information, see Protecting - data using SSE-C keys in the Amazon S3 User Guide. - in: header - name: x-amz-server-side-encryption-customer-key-MD5 - required: false - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: select - required: true - schema: - enum: - - true - type: boolean - - in: query - name: select-type - required: true - schema: - enum: - - '2' - type: string - requestBody: - content: - text/xml: - schema: - properties: - Expression: - description: The expression that is used to query the object. - type: string - ExpressionType: - description: The type of the provided expression (for example, SQL). - enum: - - SQL - type: string - InputSerialization: - description: Describes the serialization format of the object. - properties: - CSV: - allOf: - - $ref: '#/components/schemas/CSVInput' - - description: Describes the serialization of a CSV-encoded - object. - CompressionType: - allOf: - - $ref: '#/components/schemas/CompressionType' - - description: 'Specifies object''s compression format. Valid - values: NONE, GZIP, BZIP2. Default Value: NONE.' - JSON: - allOf: - - $ref: '#/components/schemas/JSONInput' - - description: Specifies JSON as object's input serialization - format. - Parquet: - allOf: - - $ref: '#/components/schemas/ParquetInput' - - description: Specifies Parquet as object's input serialization - format. - type: object - OutputSerialization: - description: Describes how results of the Select job are serialized. - properties: - CSV: - allOf: - - $ref: '#/components/schemas/CSVOutput' - - description: Describes the serialization of CSV-encoded Select - results. - JSON: - allOf: - - $ref: '#/components/schemas/JSONOutput' - - description: Specifies JSON as request's output serialization - format. - type: object - RequestProgress: - description: Container for specifying if periodic QueryProgress - messages should be sent. - properties: - Enabled: - allOf: - - $ref: '#/components/schemas/EnableRequestProgress' - - description: 'Specifies whether periodic QueryProgress frames - should be sent. Valid values: TRUE, FALSE. Default value: - FALSE.' - type: object - ScanRange: - description: Specifies the byte range of the object to get the records - from. A record is processed when its first byte is contained by - the range. This parameter is optional, but when specified, it - must not be empty. See RFC 2616, Section 14.35.1 about how to - specify the start and end of the range. - properties: - End: - allOf: - - $ref: '#/components/schemas/End' - - description: 'Specifies the end of the byte range. This parameter - is optional. Valid values: non-negative integers. The default - value is one less than the size of the object being queried. - If only the End parameter is supplied, it is interpreted - to mean scan the last N bytes of the file. For example, - <scanrange><end>50</end></scanrange> - means scan the last 50 bytes.' - Start: - allOf: - - $ref: '#/components/schemas/Start' - - description: 'Specifies the start of the byte range. This - parameter is optional. Valid values: non-negative integers. - The default value is 0. If only start is supplied, - it means scan from that point to the end of the file. For - example, <scanrange><start>50</start></scanrange> - means scan from byte 50 until the end of the file.' - type: object - required: - - Expression - - ExpressionType - - InputSerialization - - OutputSerialization - type: object - required: true - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/SelectObjectContentOutput' - description: Success - /{Key}?tagging: - delete: - description:

Removes the entire tag set from the specified object. For more - information about managing object tags, see - Object Tagging.

To use this operation, you must have permission - to perform the s3:DeleteObjectTagging action.

To delete - tags of a specific object version, add the versionId query parameter - in the request. You will need permission for the s3:DeleteObjectVersionTagging - action.

The following operations are related to DeleteBucketMetricsConfiguration:

- - operationId: DeleteObjectTagging - parameters: - - description: The key that identifies the object in the bucket from which to - remove all tags. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: The versionId of the object that the tag-set will be removed - from. - in: query - name: versionId - required: false - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: tagging - required: true - schema: - enum: - - true - type: boolean - responses: - '204': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteObjectTaggingOutput' - description: Success - get: - description:

Returns the tag-set of an object. You send the GET request against - the tagging subresource associated with the object.

To use this operation, - you must have permission to perform the s3:GetObjectTagging action. - By default, the GET action returns information about current version of an - object. For a versioned bucket, you can have multiple versions of an object - in your bucket. To retrieve tags of any other version, use the versionId query - parameter. You also need permission for the s3:GetObjectVersionTagging - action.

By default, the bucket owner has this permission and can grant - this permission to others.

For information about the Amazon S3 object - tagging feature, see Object - Tagging.

The following actions are related to GetObjectTagging:

- - operationId: GetObjectTagging - parameters: - - description: Object key for which to get the tagging information. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: The versionId of the object for which to get the tagging information. - in: query - name: versionId - required: false - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - allowEmptyValue: true - in: query - name: tagging - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetObjectTaggingOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description: '

Sets the supplied tag-set to an object that already exists - in a bucket.

A tag is a key-value pair. You can associate tags with - an object by sending a PUT request against the tagging subresource that is - associated with the object. You can retrieve tags by sending a GET request. - For more information, see GetObjectTagging.

-

For tagging-related restrictions related to characters and encodings, see - Tag - Restrictions. Note that Amazon S3 limits the maximum number of tags to - 10 tags per object.

To use this operation, you must have permission - to perform the s3:PutObjectTagging action. By default, the bucket - owner has this permission and can grant this permission to others.

To - put tags of any other version, use the versionId query parameter. - You also need permission for the s3:PutObjectVersionTagging action.

-

For information about the Amazon S3 object tagging feature, see Object - Tagging.

Special Errors

    • -

    • Code: InvalidTagError

    • Cause: The tag - provided was not a valid tag. This error can occur if the tag did not pass - input validation. For more information, see Object - Tagging.

    • Code: MalformedXMLError -

    • Cause: The XML provided does not match the schema. -

    • Code: OperationAbortedError -

    • Cause: A conflicting conditional action is currently - in progress against this resource. Please try again.

    -

    • Code: InternalError

    • Cause: - The service was unable to apply the provided tag to the object.

      • -

Related Resources

' - operationId: PutObjectTagging - parameters: - - description: Name of the object key. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: The versionId of the object that the tag-set will be added to. - in: query - name: versionId - required: false - schema: - type: string - - description:

The MD5 hash for the request body.

For requests made - using the Amazon Web Services Command Line Interface (CLI) or Amazon Web - Services SDKs, this field is calculated automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - allowEmptyValue: true - in: query - name: tagging - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - Tagging: - description: Container for TagSet elements. - properties: - TagSet: - allOf: - - $ref: '#/components/schemas/TagSet' - - description: A collection for a set of tags - type: object - required: - - Tagging - type: object - required: true - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/PutObjectTaggingOutput' - description: Success - /{Key}?torrent: - get: - description:

Returns torrent files from a bucket. BitTorrent can save you - bandwidth when you're distributing large files. For more information about - BitTorrent, see Using - BitTorrent with Amazon S3.

You can get torrent only for - objects that are less than 5 GB in size, and that are not encrypted using - server-side encryption with a customer-provided encryption key.

 -

To use GET, you must have READ access to the object.

This action - is not supported by Amazon S3 on Outposts.

The following action is - related to GetObjectTorrent:

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectGETtorrent.html - operationId: GetObjectTorrent - parameters: - - description: The object key for which to get the information. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: torrent - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetObjectTorrentOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - /{Key}?uploads: - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - post: - description: "

This action initiates a multipart upload and returns an upload\ - \ ID. This upload ID is used to associate all of the parts in the specific\ - \ multipart upload. You specify this upload ID in each of your subsequent\ - \ upload part requests (see UploadPart). You also include this upload ID in the final request to\ - \ either complete or abort the multipart upload request.

For more information\ - \ about multipart uploads, see Multipart Upload Overview.

If you have configured a lifecycle\ - \ rule to abort incomplete multipart uploads, the upload must complete within\ - \ the number of days specified in the bucket lifecycle configuration. Otherwise,\ - \ the incomplete multipart upload becomes eligible for an abort action and\ - \ Amazon S3 aborts the multipart upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy.

\ - \

For information about the permissions required to use the multipart upload\ - \ API, see Multipart Upload and Permissions.

For request signing, multipart\ - \ upload is just a series of regular requests. You initiate a multipart upload,\ - \ send one or more requests to upload parts, and then complete the multipart\ - \ upload process. You sign each request individually. There is nothing special\ - \ about signing multipart upload requests. For more information about signing,\ - \ see Authenticating Requests (Amazon Web Services Signature Version 4).

\ - \

After you initiate a multipart upload and upload one or more\ - \ parts, to stop being charged for storing the uploaded parts, you must either\ - \ complete or abort the multipart upload. Amazon S3 frees up the space used\ - \ to store the parts and stop charging you for storing them only after you\ - \ either complete or abort a multipart upload.

You can optionally\ - \ request server-side encryption. For server-side encryption, Amazon S3 encrypts\ - \ your data as it writes it to disks in its data centers and decrypts it when\ - \ you access it. You can provide your own encryption key, or use Amazon Web\ - \ Services KMS keys or Amazon S3-managed encryption keys. If you choose to\ - \ provide your own encryption key, the request headers you provide in UploadPart\ - \ and UploadPartCopy requests must match the headers you used in the request\ - \ to initiate the upload by using CreateMultipartUpload.

\ - \

To perform a multipart upload with encryption using an Amazon Web Services\ - \ KMS key, the requester must have permission to the kms:Decrypt\ - \ and kms:GenerateDataKey* actions on the key. These permissions\ - \ are required because Amazon S3 must decrypt and read data from the encrypted\ - \ file parts before it completes the multipart upload. For more information,\ - \ see Multipart upload API and permissions in the Amazon S3 User Guide.

\ - \

If your Identity and Access Management (IAM) user or role is in the same\ - \ Amazon Web Services account as the KMS key, then you must have these permissions\ - \ on the key policy. If your IAM user or role belongs to a different account\ - \ than the key, then you must have the permissions on both the key policy\ - \ and your IAM user or role.

For more information, see Protecting Data Using Server-Side Encryption.

Access Permissions
\ - \

When copying an object, you can optionally specify the accounts\ - \ or groups that should be granted specific permissions on the new object.\ - \ There are two ways to grant the permissions using the request headers:

\ - \

  • Specify a canned ACL with the x-amz-acl request\ - \ header. For more information, see Canned ACL.

  • Specify access permissions explicitly with\ - \ the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp,\ - \ and x-amz-grant-full-control headers. These parameters map\ - \ to the set of permissions that Amazon S3 supports in an ACL. For more information,\ - \ see Access Control List (ACL) Overview.

You can use either\ - \ a canned ACL or specify access permissions explicitly. You cannot do both.

\ - \
Server-Side- Encryption-Specific Request Headers

You\ - \ can optionally tell Amazon S3 to encrypt data at rest using server-side\ - \ encryption. Server-side encryption is for data encryption at rest. Amazon\ - \ S3 encrypts your data as it writes it to disks in its data centers and decrypts\ - \ it when you access it. The option you use depends on whether you want to\ - \ use Amazon Web Services managed encryption keys or provide your own encryption\ - \ key.

  • Use encryption keys managed by Amazon S3 or customer\ - \ managed key stored in Amazon Web Services Key Management Service (Amazon\ - \ Web Services KMS) \u2013 If you want Amazon Web Services to manage the keys\ - \ used to encrypt data, specify the following headers in the request.

    \ - \

    • x-amz-server-side-encryption

    • \ - \

      x-amz-server-side-encryption-aws-kms-key-id

      • \ - \

    • x-amz-server-side-encryption-context

    \ - \

    If you specify x-amz-server-side-encryption:aws:kms,\ - \ but don't provide x-amz-server-side-encryption-aws-kms-key-id,\ - \ Amazon S3 uses the Amazon Web Services managed key in Amazon Web Services\ - \ KMS to protect the data.

    All GET and PUT requests\ - \ for an object protected by Amazon Web Services KMS fail if you don't make\ - \ them with SSL or by using SigV4.

    For more information\ - \ about server-side encryption with KMS key (SSE-KMS), see Protecting Data Using Server-Side Encryption with KMS keys.

    • \ - \

  • Use customer-provided encryption keys \u2013 If you want to manage\ - \ your own encryption keys, provide all the following headers in the request.

    \ - \

    • x-amz-server-side-encryption-customer-algorithm\ - \

    • x-amz-server-side-encryption-customer-key\ - \

    • x-amz-server-side-encryption-customer-key-MD5\ - \

    For more information about server-side encryption with\ - \ KMS keys (SSE-KMS), see Protecting Data Using Server-Side Encryption with KMS keys.

    • \ - \
Access-Control-List (ACL)-Specific Request Headers
\ - \

You also can use the following access control\u2013related headers\ - \ with this operation. By default, all objects are private. Only the owner\ - \ has full access control. When adding a new object, you can grant permissions\ - \ to individual Amazon Web Services accounts or to predefined groups defined\ - \ by Amazon S3. These permissions are then added to the access control list\ - \ (ACL) on the object. For more information, see Using ACLs. With this operation, you can grant access permissions using\ - \ one of the following two methods:

  • Specify a canned ACL\ - \ (x-amz-acl) \u2014 Amazon S3 supports a set of predefined ACLs,\ - \ known as canned ACLs. Each canned ACL has a predefined set of grantees\ - \ and permissions. For more information, see Canned ACL.

  • Specify access permissions explicitly \u2014\ - \ To explicitly grant access permissions to specific Amazon Web Services accounts\ - \ or groups, use the following headers. Each header maps to specific permissions\ - \ that Amazon S3 supports in an ACL. For more information, see Access\ - \ Control List (ACL) Overview. In the header, you specify a list of grantees\ - \ who get the specific permission. To grant permissions explicitly, use:

    \ - \

    • x-amz-grant-read

    • x-amz-grant-write\ - \

    • x-amz-grant-read-acp

    • \ - \ x-amz-grant-write-acp

    • x-amz-grant-full-control\ - \

    You specify each grantee as a type=value pair, where\ - \ the type is one of the following:

    • id \u2013\ - \ if the value specified is the canonical user ID of an Amazon Web Services\ - \ account

    • uri \u2013 if you are granting permissions\ - \ to a predefined group

    • emailAddress \u2013\ - \ if the value specified is the email address of an Amazon Web Services account

      \ - \

      Using email addresses to specify a grantee is only supported in\ - \ the following Amazon Web Services Regions:

      • US East (N.\ - \ Virginia)

      • US West (N. California)

      • US\ - \ West (Oregon)

      • Asia Pacific (Singapore)

      • \ - \

        Asia Pacific (Sydney)

      • Asia Pacific (Tokyo)

        • \ - \

      • Europe (Ireland)

      • South America (S\xE3o Paulo)

        \ - \

      For a list of all the Amazon S3 supported Regions and endpoints,\ - \ see Regions and Endpoints in the Amazon Web Services General Reference.

      \ - \

    For example, the following x-amz-grant-read\ - \ header grants the Amazon Web Services accounts identified by account IDs\ - \ permissions to read object data and its metadata:

    x-amz-grant-read:\ - \ id=\"11112222333\", id=\"444455556666\"

\ - \

The following operations are related to CreateMultipartUpload:

\ - \ " - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadInitiate.html - operationId: CreateMultipartUpload - parameters: - - description:

The canned ACL to apply to the object.

This action - is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-acl - required: false - schema: - enum: - - private - - public-read - - public-read-write - - authenticated-read - - aws-exec-read - - bucket-owner-read - - bucket-owner-full-control - type: string - - description: Specifies caching behavior along the request/reply chain. - in: header - name: Cache-Control - required: false - schema: - type: string - - description: Specifies presentational information for the object. - in: header - name: Content-Disposition - required: false - schema: - type: string - - description: Specifies what content encodings have been applied to the object - and thus what decoding mechanisms must be applied to obtain the media-type - referenced by the Content-Type header field. - in: header - name: Content-Encoding - required: false - schema: - type: string - - description: The language the content is in. - in: header - name: Content-Language - required: false - schema: - type: string - - description: A standard MIME type describing the format of the object data. - in: header - name: Content-Type - required: false - schema: - type: string - - description: The date and time at which the object is no longer cacheable. - in: header - name: Expires - required: false - schema: - format: date-time - type: string - - description:

Gives the grantee READ, READ_ACP, and WRITE_ACP permissions - on the object.

This action is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-full-control - required: false - schema: - type: string - - description:

Allows grantee to read the object data and its metadata.

-

This action is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-read - required: false - schema: - type: string - - description:

Allows grantee to read the object ACL.

This action - is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-read-acp - required: false - schema: - type: string - - description:

Allows grantee to write the ACL for the applicable object.

-

This action is not supported by Amazon S3 on Outposts.

- in: header - name: x-amz-grant-write-acp - required: false - schema: - type: string - - description: Object key for which the multipart upload is to be initiated. - in: path - name: Key - required: true - schema: - minLength: 1 - type: string - - description: The server-side encryption algorithm used when storing this object - in Amazon S3 (for example, AES256, aws:kms). - in: header - name: x-amz-server-side-encryption - required: false - schema: - enum: - - AES256 - - aws:kms - type: string - - description: By default, Amazon S3 uses the STANDARD Storage Class to store - newly created objects. The STANDARD storage class provides high durability - and high availability. Depending on performance needs, you can specify a - different Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage - Class. For more information, see Storage - Classes in the Amazon S3 User Guide. - in: header - name: x-amz-storage-class - required: false - schema: - enum: - - STANDARD - - REDUCED_REDUNDANCY - - STANDARD_IA - - ONEZONE_IA - - INTELLIGENT_TIERING - - GLACIER - - DEEP_ARCHIVE - - OUTPOSTS - - GLACIER_IR - type: string - - description: If the bucket is configured as a website, redirects requests - for this object to another object in the same bucket or to an external URL. - Amazon S3 stores the value of this header in the object metadata. - in: header - name: x-amz-website-redirect-location - required: false - schema: - type: string - - description: Specifies the algorithm to use to when encrypting the object - (for example, AES256). - in: header - name: x-amz-server-side-encryption-customer-algorithm - required: false - schema: - type: string - - description: Specifies the customer-provided encryption key for Amazon S3 - to use in encrypting data. This value is used to store the object and then - it is discarded; Amazon S3 does not store the encryption key. The key must - be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm - header. - in: header - name: x-amz-server-side-encryption-customer-key - required: false - schema: - format: password - type: string - - description: Specifies the 128-bit MD5 digest of the encryption key according - to RFC 1321. Amazon S3 uses this header for a message integrity check to - ensure that the encryption key was transmitted without error. - in: header - name: x-amz-server-side-encryption-customer-key-MD5 - required: false - schema: - type: string - - description: Specifies the ID of the symmetric customer managed key to use - for object encryption. All GET and PUT requests for an object protected - by Amazon Web Services KMS will fail if not made via SSL or using SigV4. - For information about configuring using any of the officially supported - Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying - the Signature Version in Request Authentication in the Amazon S3 - User Guide. - in: header - name: x-amz-server-side-encryption-aws-kms-key-id - required: false - schema: - format: password - type: string - - description: Specifies the Amazon Web Services KMS Encryption Context to use - for object encryption. The value of this header is a base64-encoded UTF-8 - string holding JSON with the encryption context key-value pairs. - in: header - name: x-amz-server-side-encryption-context - required: false - schema: - format: password - type: string - - description: "

Specifies whether Amazon S3 should use an S3 Bucket Key for\ - \ object encryption with server-side encryption using AWS KMS (SSE-KMS).\ - \ Setting this header to true causes Amazon S3 to use an S3\ - \ Bucket Key for object encryption with SSE-KMS.

Specifying this\ - \ header with an object action doesn\u2019t affect bucket-level settings\ - \ for S3 Bucket Key.

" - in: header - name: x-amz-server-side-encryption-bucket-key-enabled - required: false - schema: - type: boolean - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The tag-set for the object. The tag-set must be encoded as URL - Query parameters. - in: header - name: x-amz-tagging - required: false - schema: - type: string - - description: Specifies the Object Lock mode that you want to apply to the - uploaded object. - in: header - name: x-amz-object-lock-mode - required: false - schema: - enum: - - GOVERNANCE - - COMPLIANCE - type: string - - description: Specifies the date and time when you want the Object Lock to - expire. - in: header - name: x-amz-object-lock-retain-until-date - required: false - schema: - format: date-time - type: string - - description: Specifies whether you want to apply a legal hold to the uploaded - object. - in: header - name: x-amz-object-lock-legal-hold - required: false - schema: - enum: - - 'ON' - - 'OFF' - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description: Indicates the algorithm you want Amazon S3 to use to create the - checksum for the object. For more information, see Checking - object integrity in the Amazon S3 User Guide. - in: header - name: x-amz-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - allowEmptyValue: true - in: query - name: uploads - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - x-amz-meta-: - additionalProperties: - $ref: '#/components/schemas/MetadataValue' - description: A map of metadata to store with the object in S3. - type: object - type: object - required: true - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/CreateMultipartUploadOutput' - description: Success - /?accelerate: - get: - description:

This implementation of the GET action uses the accelerate - subresource to return the Transfer Acceleration state of a bucket, which is - either Enabled or Suspended. Amazon S3 Transfer - Acceleration is a bucket-level feature that enables you to perform faster - data transfers to and from Amazon S3.

To use this operation, you must - have permission to perform the s3:GetAccelerateConfiguration - action. The bucket owner has this permission by default. The bucket owner - can grant this permission to others. For more information about permissions, - see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to your Amazon S3 Resources in the Amazon S3 User - Guide.

You set the Transfer Acceleration state of an existing bucket - to Enabled or Suspended by using the PutBucketAccelerateConfiguration - operation.

A GET accelerate request does not return a - state value for a bucket that has no transfer acceleration state. A bucket - has no Transfer Acceleration state if a state has never been set on the bucket. -

For more information about transfer acceleration, see Transfer - Acceleration in the Amazon S3 User Guide.

Related - Resources

- operationId: GetBucketAccelerateConfiguration - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: accelerate - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketAccelerateConfigurationOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description: "

Sets the accelerate configuration of an existing bucket. Amazon\ - \ S3 Transfer Acceleration is a bucket-level feature that enables you to perform\ - \ faster data transfers to Amazon S3.

To use this operation, you must\ - \ have permission to perform the s3:PutAccelerateConfiguration\ - \ action. The bucket owner has this permission by default. The bucket owner\ - \ can grant this permission to others. For more information about permissions,\ - \ see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

The\ - \ Transfer Acceleration state of a bucket can be set to one of the following\ - \ two values:

  • Enabled \u2013 Enables accelerated data transfers\ - \ to the bucket.

  • Suspended \u2013 Disables accelerated\ - \ data transfers to the bucket.

The GetBucketAccelerateConfiguration action returns the transfer acceleration\ - \ state of a bucket.

After setting the Transfer Acceleration state\ - \ of a bucket to Enabled, it might take up to thirty minutes before the data\ - \ transfer rates to the bucket increase.

The name of the bucket used\ - \ for Transfer Acceleration must be DNS-compliant and must not contain periods\ - \ (\".\").

For more information about transfer acceleration, see Transfer Acceleration.

The following operations are related to\ - \ PutBucketAccelerateConfiguration:

" - operationId: PutBucketAccelerateConfiguration - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - allowEmptyValue: true - in: query - name: accelerate - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - AccelerateConfiguration: - description: Configures the transfer acceleration state for an Amazon - S3 bucket. For more information, see Amazon - S3 Transfer Acceleration in the Amazon S3 User Guide. - properties: - Status: - allOf: - - $ref: '#/components/schemas/BucketAccelerateStatus' - - description: Specifies the transfer acceleration status of - the bucket. - type: object - required: - - AccelerateConfiguration - type: object - required: true - responses: - '200': - description: Success - /?acl: - get: - description:

This implementation of the GET action uses the - acl subresource to return the access control list (ACL) of a - bucket. To use GET to return the ACL of the bucket, you must - have READ_ACP access to the bucket. If READ_ACP - permission is granted to the anonymous user, you can return the ACL of the - bucket without using an authorization header.

If your bucket - uses the bucket owner enforced setting for S3 Object Ownership, requests to - read ACLs are still supported and return the bucket-owner-full-control - ACL with the owner being the account that created the bucket. For more information, - see - Controlling object ownership and disabling ACLs in the Amazon S3 User - Guide.

Related Resources

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETacl.html - operationId: GetBucketAcl - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: acl - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketAclOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description: "

Sets the permissions on an existing bucket using access control\ - \ lists (ACL). For more information, see Using ACLs. To set the ACL of a bucket, you must have WRITE_ACP\ - \ permission.

You can use one of the following two ways to set a bucket's\ - \ permissions:

  • Specify the ACL in the request body

    • \ - \

  • Specify permissions using request headers

\ - \

You cannot specify access permission using both the body and the request\ - \ headers.

Depending on your application needs, you may choose\ - \ to set the ACL on a bucket using either the request body or the headers.\ - \ For example, if you have an existing application that updates a bucket ACL\ - \ using the request body, then you can continue to use that approach.

\ - \

If your bucket uses the bucket owner enforced setting for\ - \ S3 Object Ownership, ACLs are disabled and no longer affect permissions.\ - \ You must use policies to grant access to your bucket and the objects in\ - \ it. Requests to set ACLs or update ACLs fail and return the AccessControlListNotSupported\ - \ error code. Requests to read ACLs are still supported. For more information,\ - \ see Controlling object ownership in the Amazon S3 User Guide.

\ - \

Access Permissions

You can set access permissions\ - \ using one of the following methods:

  • Specify a canned ACL\ - \ with the x-amz-acl request header. Amazon S3 supports a set\ - \ of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined\ - \ set of grantees and permissions. Specify the canned ACL name as the value\ - \ of x-amz-acl. If you use this header, you cannot use other\ - \ access control-specific headers in your request. For more information, see\ - \ Canned ACL.

  • Specify access permissions explicitly with\ - \ the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp,\ - \ and x-amz-grant-full-control headers. When using these headers,\ - \ you specify explicit access permissions and grantees (Amazon Web Services\ - \ accounts or Amazon S3 groups) who will receive the permission. If you use\ - \ these ACL-specific headers, you cannot use the x-amz-acl header\ - \ to set a canned ACL. These parameters map to the set of permissions that\ - \ Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.

    You specify each grantee as\ - \ a type=value pair, where the type is one of the following:

    • \ - \

      id \u2013 if the value specified is the canonical user\ - \ ID of an Amazon Web Services account

    • uri\ - \ \u2013 if you are granting permissions to a predefined group

    • \ - \

      emailAddress \u2013 if the value specified is the email\ - \ address of an Amazon Web Services account

      Using email addresses\ - \ to specify a grantee is only supported in the following Amazon Web Services\ - \ Regions:

      • US East (N. Virginia)

      • US West\ - \ (N. California)

      • US West (Oregon)

      • Asia\ - \ Pacific (Singapore)

      • Asia Pacific (Sydney)

      • \ - \

        Asia Pacific (Tokyo)

      • Europe (Ireland)

      • \ - \

        South America (S\xE3o Paulo)

      For a list of all the\ - \ Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

      \ - \

    For example, the following x-amz-grant-write\ - \ header grants create, overwrite, and delete objects permission to LogDelivery\ - \ group predefined by Amazon S3 and two Amazon Web Services accounts identified\ - \ by their email addresses.

    x-amz-grant-write: uri=\"http://acs.amazonaws.com/groups/s3/LogDelivery\"\ - , id=\"111122223333\", id=\"555566667777\"

You\ - \ can use either a canned ACL or specify access permissions explicitly. You\ - \ cannot do both.

Grantee Values

You can specify the\ - \ person (grantee) to whom you're assigning access rights (using request elements)\ - \ in the following ways:

  • By the person's ID:

    <Grantee\ - \ xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"\ - ><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName>\ - \ </Grantee>

    DisplayName is optional and ignored in the\ - \ request

  • By URI:

    <Grantee xmlns:xsi=\"\ - http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>\ - \

  • By Email address:

    <Grantee xmlns:xsi=\"\ - http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"\ - ><EmailAddress><>Grantees@email.com<></EmailAddress>lt;/Grantee>\ - \

    The grantee is resolved to the CanonicalUser and, in a response\ - \ to a GET Object acl request, appears as the CanonicalUser.

    Using\ - \ email addresses to specify a grantee is only supported in the following\ - \ Amazon Web Services Regions:

    • US East (N. Virginia)

      \ - \

    • US West (N. California)

    • US West (Oregon)

      \ - \

    • Asia Pacific (Singapore)

    • Asia Pacific (Sydney)

      \ - \

    • Asia Pacific (Tokyo)

    • Europe (Ireland)

      \ - \

    • South America (S\xE3o Paulo)

    For a list\ - \ of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    \ - \

Related Resources

" - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTacl.html - operationId: PutBucketAcl - parameters: - - description: The canned ACL to apply to the bucket. - in: header - name: x-amz-acl - required: false - schema: - enum: - - private - - public-read - - public-read-write - - authenticated-read - type: string - - description:

The base64-encoded 128-bit MD5 digest of the data. This header - must be used as a message integrity check to verify that the request body - was not corrupted in transit. For more information, go to RFC - 1864.

For requests made using the Amazon Web Services Command - Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated - automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: Allows grantee the read, write, read ACP, and write ACP permissions - on the bucket. - in: header - name: x-amz-grant-full-control - required: false - schema: - type: string - - description: Allows grantee to list the objects in the bucket. - in: header - name: x-amz-grant-read - required: false - schema: - type: string - - description: Allows grantee to read the bucket ACL. - in: header - name: x-amz-grant-read-acp - required: false - schema: - type: string - - description:

Allows grantee to create new objects in the bucket.

For - the bucket and object owners of existing objects, also allows deletions - and overwrites of those objects.

- in: header - name: x-amz-grant-write - required: false - schema: - type: string - - description: Allows grantee to write the ACL for the applicable bucket. - in: header - name: x-amz-grant-write-acp - required: false - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: acl - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - AccessControlPolicy: - description: Contains the elements that set the ACL permissions - for an object per grantee. - properties: - AccessControlList: - allOf: - - $ref: '#/components/schemas/Grants' - - description: A list of grants. - Owner: - allOf: - - $ref: '#/components/schemas/Owner' - - description: Container for the bucket owner's display name - and ID. - type: object - type: object - required: true - responses: - '200': - description: Success - /?analytics: - get: - description: "

Lists the analytics configurations for the bucket. You can\ - \ have up to 1,000 analytics configurations per bucket.

This action\ - \ supports list pagination and does not return more than 100 configurations\ - \ at a time. You should always check the IsTruncated element\ - \ in the response. If there are no more configurations to list, IsTruncated\ - \ is set to false. If there are more configurations to list, IsTruncated\ - \ is set to true, and there will be a value in NextContinuationToken.\ - \ You use the NextContinuationToken value to continue the pagination\ - \ of the list by passing the value in continuation-token in the request to\ - \ GET the next page.

To use this operation, you must have\ - \ permissions to perform the s3:GetAnalyticsConfiguration action.\ - \ The bucket owner has this permission by default. The bucket owner can grant\ - \ this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

For information\ - \ about Amazon S3 analytics feature, see Amazon S3 Analytics \u2013 Storage Class Analysis.

The following\ - \ operations are related to ListBucketAnalyticsConfigurations:

\ - \ " - operationId: ListBucketAnalyticsConfigurations - parameters: - - description: The ContinuationToken that represents a placeholder from where - this request should begin. - in: query - name: continuation-token - required: false - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: analytics - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/ListBucketAnalyticsConfigurationsOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - /?analytics#id: - delete: - description: "

Deletes an analytics configuration for the bucket (specified\ - \ by the analytics configuration ID).

To use this operation, you must\ - \ have permissions to perform the s3:PutAnalyticsConfiguration\ - \ action. The bucket owner has this permission by default. The bucket owner\ - \ can grant this permission to others. For more information about permissions,\ - \ see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

For information\ - \ about the Amazon S3 analytics feature, see Amazon S3 Analytics \u2013 Storage Class Analysis.

The following\ - \ operations are related to DeleteBucketAnalyticsConfiguration:

\ - \ " - operationId: DeleteBucketAnalyticsConfiguration - parameters: - - description: The ID that identifies the analytics configuration. - in: query - name: id - required: true - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: analytics - required: true - schema: - enum: - - true - type: boolean - responses: - '204': - description: Success - get: - description: "

This implementation of the GET action returns an analytics\ - \ configuration (identified by the analytics configuration ID) from the bucket.

\ - \

To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration\ - \ action. The bucket owner has this permission by default. The bucket owner\ - \ can grant this permission to others. For more information about permissions,\ - \ see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon\ - \ S3 User Guide.

For information about Amazon S3 analytics feature,\ - \ see Amazon S3 Analytics \u2013 Storage Class Analysis in the Amazon S3\ - \ User Guide.

Related Resources

" - operationId: GetBucketAnalyticsConfiguration - parameters: - - description: The ID that identifies the analytics configuration. - in: query - name: id - required: true - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: analytics - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketAnalyticsConfigurationOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description: "

Sets an analytics configuration for the bucket (specified by\ - \ the analytics configuration ID). You can have up to 1,000 analytics configurations\ - \ per bucket.

You can choose to have storage class analysis export\ - \ analysis reports sent to a comma-separated values (CSV) flat file. See the\ - \ DataExport request element. Reports are updated daily and are\ - \ based on the object filters that you configure. When selecting data export,\ - \ you specify a destination bucket and an optional destination prefix where\ - \ the file is written. You can export the data to a destination bucket in\ - \ a different account. However, the destination bucket must be in the same\ - \ Region as the bucket that you are making the PUT analytics configuration\ - \ to. For more information, see Amazon S3 Analytics \u2013 Storage Class Analysis.

You\ - \ must create a bucket policy on the destination bucket where the exported\ - \ file is written to grant permissions to Amazon S3 to write objects to the\ - \ bucket. For an example policy, see Granting Permissions for Amazon S3 Inventory and Storage Class Analysis.

\ - \

To use this operation, you must have permissions to perform\ - \ the s3:PutAnalyticsConfiguration action. The bucket owner has\ - \ this permission by default. The bucket owner can grant this permission to\ - \ others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

Special Errors

    • HTTP Error:\ - \ HTTP 400 Bad Request

    • Code: InvalidArgument\ - \

    • Cause: Invalid argument.

    • \ - \

    • HTTP Error: HTTP 400 Bad Request

    • \ - \

      Code: TooManyConfigurations

    • Cause: You\ - \ are attempting to create a new configuration but have already reached the\ - \ 1,000-configuration limit.

    • \ - \ HTTP Error: HTTP 403 Forbidden

    • Code: AccessDenied\ - \

    • Cause: You are not the owner of the specified bucket,\ - \ or you do not have the s3:PutAnalyticsConfiguration bucket permission to\ - \ set the configuration on the bucket.

Related Resources

" - operationId: PutBucketAnalyticsConfiguration - parameters: - - description: The ID that identifies the analytics configuration. - in: query - name: id - required: true - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: analytics - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - AnalyticsConfiguration: - description: Specifies the configuration and any analyses for the - analytics filter of an Amazon S3 bucket. - properties: - Filter: - allOf: - - $ref: '#/components/schemas/AnalyticsFilter' - - description: The filter used to describe a set of objects - for analyses. A filter must have exactly one prefix, one - tag, or one conjunction (AnalyticsAndOperator). If no filter - is provided, all objects will be considered in any analysis. - Id: - allOf: - - $ref: '#/components/schemas/AnalyticsId' - - description: The ID that identifies the analytics configuration. - StorageClassAnalysis: - allOf: - - $ref: '#/components/schemas/StorageClassAnalysis' - - description: ' Contains data related to access patterns to - be collected and made available to analyze the tradeoffs - between different storage classes. ' - type: object - required: - - AnalyticsConfiguration - type: object - required: true - responses: - '200': - description: Success - /?cors: - delete: - description:

Deletes the cors configuration information set - for the bucket.

To use this operation, you must have permission to - perform the s3:PutBucketCORS action. The bucket owner has this - permission by default and can grant this permission to others.

For - information about cors, see Enabling - Cross-Origin Resource Sharing in the Amazon S3 User Guide.

-

Related Resources:

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETEcors.html - operationId: DeleteBucketCors - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: cors - required: true - schema: - enum: - - true - type: boolean - responses: - '204': - description: Success - get: - description:

Returns the Cross-Origin Resource Sharing (CORS) configuration - information set for the bucket.

To use this operation, you must have - permission to perform the s3:GetBucketCORS action. By default, - the bucket owner has this permission and can grant it to others.

For - more information about CORS, see - Enabling Cross-Origin Resource Sharing.

The following operations - are related to GetBucketCors:

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETcors.html - operationId: GetBucketCors - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: cors - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketCorsOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

Sets the cors configuration for your bucket. If - the configuration exists, Amazon S3 replaces it.

To use this operation, - you must be allowed to perform the s3:PutBucketCORS action. By - default, the bucket owner has this permission and can grant it to others.

-

You set this configuration on a bucket so that the bucket can service cross-origin - requests. For example, you might want to enable a request whose origin is - http://www.example.com to access your Amazon S3 bucket at my.example.bucket.com - by using the browser's XMLHttpRequest capability.

To enable - cross-origin resource sharing (CORS) on a bucket, you add the cors - subresource to the bucket. The cors subresource is an XML document - in which you configure rules that identify origins and the HTTP methods that - can be executed on your bucket. The document is limited to 64 KB in size. -

When Amazon S3 receives a cross-origin request (or a pre-flight OPTIONS - request) against a bucket, it evaluates the cors configuration - on the bucket and uses the first CORSRule rule that matches the - incoming browser request to enable a cross-origin request. For a rule to match, - the following conditions must be met:

  • The request's Origin - header must match AllowedOrigin elements.

  • The - request method (for example, GET, PUT, HEAD, and so on) or the Access-Control-Request-Method - header in case of a pre-flight OPTIONS request must be one of - the AllowedMethod elements.

  • Every header specified - in the Access-Control-Request-Headers request header of a pre-flight - request must match an AllowedHeader element.

-

For more information about CORS, go to Enabling - Cross-Origin Resource Sharing in the Amazon S3 User Guide.

-

Related Resources

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTcors.html - operationId: PutBucketCors - parameters: - - description:

The base64-encoded 128-bit MD5 digest of the data. This header - must be used as a message integrity check to verify that the request body - was not corrupted in transit. For more information, go to RFC - 1864.

For requests made using the Amazon Web Services Command - Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated - automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: cors - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - CORSConfiguration: - description: Describes the cross-origin access configuration for - objects in an Amazon S3 bucket. For more information, see Enabling - Cross-Origin Resource Sharing in the Amazon S3 User Guide. - properties: - CORSRule: - allOf: - - $ref: '#/components/schemas/CORSRules' - - description: A set of origins and methods (cross-origin access - that you want to allow). You can add up to 100 rules to - the configuration. - type: object - required: - - CORSConfiguration - type: object - required: true - responses: - '200': - description: Success - /?delete: - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - post: - description: '

This action enables you to delete multiple objects from a bucket - using a single HTTP request. If you know the object keys that you want to - delete, then this action provides a suitable alternative to sending individual - delete requests, reducing per-request overhead.

The request contains - a list of up to 1000 keys that you want to delete. In the XML, you provide - the object key names, and optionally, version IDs if you want to delete a - specific version of the object from a versioning-enabled bucket. For each - key, Amazon S3 performs a delete action and returns the result of that delete, - success, or failure, in the response. Note that if the object specified in - the request is not found, Amazon S3 returns the result as deleted.

- The action supports two modes for the response: verbose and quiet. By default, - the action uses verbose mode in which the response includes the result of - deletion of each key in your request. In quiet mode the response includes - only keys where the delete action encountered an error. For a successful deletion, - the action does not return any information about the delete in the response - body.

When performing this action on an MFA Delete enabled bucket, - that attempts to delete any versioned objects, you must include an MFA token. - If you do not provide one, the entire request will fail, even if there are - non-versioned objects you are trying to delete. If you provide an invalid - token, whether there are versioned keys in the request or not, the entire - Multi-Object Delete request will fail. For information about MFA Delete, see - - MFA Delete.

Finally, the Content-MD5 header is required for all - Multi-Object Delete requests. Amazon S3 uses the header value to ensure that - your request body has not been altered in transit.

The following operations - are related to DeleteObjects:

' - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/multiobjectdeleteapi.html - operationId: DeleteObjects - parameters: - - description: The concatenation of the authentication device's serial number, - a space, and the value that is displayed on your authentication device. - Required to permanently delete a versioned object if versioning is configured - with MFA delete enabled. - in: header - name: x-amz-mfa - required: false - schema: - type: string - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: Specifies whether you want to delete this object even if it has - a Governance-type Object Lock in place. To use this header, you must have - the s3:BypassGovernanceRetention permission. - in: header - name: x-amz-bypass-governance-retention - required: false - schema: - type: boolean - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

This checksum algorithm must be the same for all parts - and it match the checksum value supplied in the CreateMultipartUpload - request.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - allowEmptyValue: true - in: query - name: delete - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - Delete: - description: Container for the objects to delete. - properties: - Object: - allOf: - - $ref: '#/components/schemas/ObjectIdentifierList' - - description: The objects to delete. - Quiet: - allOf: - - $ref: '#/components/schemas/Quiet' - - description: Element to enable quiet mode for the request. - When you add this element, you must set its value to true. - type: object - required: - - Delete - type: object - required: true - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/DeleteObjectsOutput' - description: Success - /?encryption: - delete: - description:

This implementation of the DELETE action removes default encryption - from the bucket. For information about the Amazon S3 default encryption feature, - see Amazon - S3 Default Bucket Encryption in the Amazon S3 User Guide.

To - use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration - action. The bucket owner has this permission by default. The bucket owner - can grant this permission to others. For more information about permissions, - see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to your Amazon S3 Resources in the Amazon S3 User - Guide.

Related Resources

- operationId: DeleteBucketEncryption - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: encryption - required: true - schema: - enum: - - true - type: boolean - responses: - '204': - description: Success - get: - description:

Returns the default encryption configuration for an Amazon S3 - bucket. If the bucket does not have a default encryption configuration, GetBucketEncryption - returns ServerSideEncryptionConfigurationNotFoundError.

-

For information about the Amazon S3 default encryption feature, see Amazon - S3 Default Bucket Encryption.

To use this operation, you must - have permission to perform the s3:GetEncryptionConfiguration - action. The bucket owner has this permission by default. The bucket owner - can grant this permission to others. For more information about permissions, - see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources.

The following operations - are related to GetBucketEncryption:

- operationId: GetBucketEncryption - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: encryption - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketEncryptionOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

This action uses the encryption subresource to - configure default encryption and Amazon S3 Bucket Key for an existing bucket.

-

Default encryption for a bucket can use server-side encryption with Amazon - S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). If you specify - default encryption using SSE-KMS, you can also configure Amazon S3 Bucket - Key. When the default encryption is SSE-KMS, if you upload an object to the - bucket and do not specify the KMS key to use for encryption, Amazon S3 uses - the default Amazon Web Services managed KMS key for your account. For information - about default encryption, see Amazon - S3 default bucket encryption in the Amazon S3 User Guide. For more - information about S3 Bucket Keys, see Amazon - S3 Bucket Keys in the Amazon S3 User Guide.

This - action requires Amazon Web Services Signature Version 4. For more information, - see - Authenticating Requests (Amazon Web Services Signature Version 4).

-

To use this operation, you must have permissions to perform - the s3:PutEncryptionConfiguration action. The bucket owner has - this permission by default. The bucket owner can grant this permission to - others. For more information about permissions, see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide. -

Related Resources

- operationId: PutBucketEncryption - parameters: - - description:

The base64-encoded 128-bit MD5 digest of the server-side encryption - configuration.

For requests made using the Amazon Web Services Command - Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated - automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: encryption - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - ServerSideEncryptionConfiguration: - description: Specifies the default server-side-encryption configuration. - properties: - Rule: - allOf: - - $ref: '#/components/schemas/ServerSideEncryptionRules' - - description: Container for information about a particular - server-side encryption configuration rule. - type: object - required: - - ServerSideEncryptionConfiguration - type: object - required: true - responses: - '200': - description: Success - /?intelligent-tiering: - get: - description: '

Lists the S3 Intelligent-Tiering configuration from the specified - bucket.

The S3 Intelligent-Tiering storage class is designed to optimize - storage costs by automatically moving data to the most cost-effective storage - access tier, without performance impact or operational overhead. S3 Intelligent-Tiering - delivers automatic cost savings in three low latency and high throughput access - tiers. To get the lowest storage cost on data that can be accessed in minutes - to hours, you can choose to activate additional archiving capabilities.

-

The S3 Intelligent-Tiering storage class is the ideal storage class for - data with unknown, changing, or unpredictable access patterns, independent - of object size or retention period. If the size of an object is less than - 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects - can be stored, but they are always charged at the Frequent Access tier rates - in the S3 Intelligent-Tiering storage class.

For more information, - see Storage - class for automatically optimizing frequently and infrequently accessed objects.

-

Operations related to ListBucketIntelligentTieringConfigurations - include:

' - operationId: ListBucketIntelligentTieringConfigurations - parameters: - - description: The ContinuationToken that represents a placeholder - from where this request should begin. - in: query - name: continuation-token - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: intelligent-tiering - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/ListBucketIntelligentTieringConfigurationsOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - /?intelligent-tiering#id: - delete: - description: '

Deletes the S3 Intelligent-Tiering configuration from the specified - bucket.

The S3 Intelligent-Tiering storage class is designed to optimize - storage costs by automatically moving data to the most cost-effective storage - access tier, without performance impact or operational overhead. S3 Intelligent-Tiering - delivers automatic cost savings in three low latency and high throughput access - tiers. To get the lowest storage cost on data that can be accessed in minutes - to hours, you can choose to activate additional archiving capabilities.

-

The S3 Intelligent-Tiering storage class is the ideal storage class for - data with unknown, changing, or unpredictable access patterns, independent - of object size or retention period. If the size of an object is less than - 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects - can be stored, but they are always charged at the Frequent Access tier rates - in the S3 Intelligent-Tiering storage class.

For more information, - see Storage - class for automatically optimizing frequently and infrequently accessed objects.

-

Operations related to DeleteBucketIntelligentTieringConfiguration - include:

' - operationId: DeleteBucketIntelligentTieringConfiguration - parameters: - - description: The ID used to identify the S3 Intelligent-Tiering configuration. - in: query - name: id - required: true - schema: - type: string - - allowEmptyValue: true - in: query - name: intelligent-tiering - required: true - schema: - enum: - - true - type: boolean - responses: - '204': - description: Success - get: - description: '

Gets the S3 Intelligent-Tiering configuration from the specified - bucket.

The S3 Intelligent-Tiering storage class is designed to optimize - storage costs by automatically moving data to the most cost-effective storage - access tier, without performance impact or operational overhead. S3 Intelligent-Tiering - delivers automatic cost savings in three low latency and high throughput access - tiers. To get the lowest storage cost on data that can be accessed in minutes - to hours, you can choose to activate additional archiving capabilities.

-

The S3 Intelligent-Tiering storage class is the ideal storage class for - data with unknown, changing, or unpredictable access patterns, independent - of object size or retention period. If the size of an object is less than - 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects - can be stored, but they are always charged at the Frequent Access tier rates - in the S3 Intelligent-Tiering storage class.

For more information, - see Storage - class for automatically optimizing frequently and infrequently accessed objects.

-

Operations related to GetBucketIntelligentTieringConfiguration - include:

' - operationId: GetBucketIntelligentTieringConfiguration - parameters: - - description: The ID used to identify the S3 Intelligent-Tiering configuration. - in: query - name: id - required: true - schema: - type: string - - allowEmptyValue: true - in: query - name: intelligent-tiering - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketIntelligentTieringConfigurationOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description: '

Puts a S3 Intelligent-Tiering configuration to the specified - bucket. You can have up to 1,000 S3 Intelligent-Tiering configurations per - bucket.

The S3 Intelligent-Tiering storage class is designed to optimize - storage costs by automatically moving data to the most cost-effective storage - access tier, without performance impact or operational overhead. S3 Intelligent-Tiering - delivers automatic cost savings in three low latency and high throughput access - tiers. To get the lowest storage cost on data that can be accessed in minutes - to hours, you can choose to activate additional archiving capabilities.

-

The S3 Intelligent-Tiering storage class is the ideal storage class for - data with unknown, changing, or unpredictable access patterns, independent - of object size or retention period. If the size of an object is less than - 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects - can be stored, but they are always charged at the Frequent Access tier rates - in the S3 Intelligent-Tiering storage class.

For more information, - see Storage - class for automatically optimizing frequently and infrequently accessed objects.

-

Operations related to PutBucketIntelligentTieringConfiguration - include:

You only need S3 Intelligent-Tiering enabled on - a bucket if you want to automatically move objects stored in the S3 Intelligent-Tiering - storage class to the Archive Access or Deep Archive Access tier.

 -

Special Errors

  • HTTP - 400 Bad Request Error

    • Code: InvalidArgument

      -

    • Cause: Invalid Argument

  • HTTP 400 Bad Request Error

    • Code: - TooManyConfigurations

    • Cause: You are attempting - to create a new configuration but have already reached the 1,000-configuration - limit.

  • HTTP 403 Forbidden - Error

    • Code: AccessDenied

    • - Cause: You are not the owner of the specified bucket, or you do not - have the s3:PutIntelligentTieringConfiguration bucket permission - to set the configuration on the bucket.

' - operationId: PutBucketIntelligentTieringConfiguration - parameters: - - description: The ID used to identify the S3 Intelligent-Tiering configuration. - in: query - name: id - required: true - schema: + $ref: '#/components/schemas/Filter' + StorageLensGroupArn: + description: The ARN for the Amazon S3 Storage Lens Group. type: string - - allowEmptyValue: true - in: query - name: intelligent-tiering - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - IntelligentTieringConfiguration: - description:

Specifies the S3 Intelligent-Tiering configuration - for an Amazon S3 bucket.

For information about the S3 Intelligent-Tiering - storage class, see Storage - class for automatically optimizing frequently and infrequently - accessed objects.

- properties: - Filter: - allOf: - - $ref: '#/components/schemas/IntelligentTieringFilter' - - description: Specifies a bucket filter. The configuration - only includes objects that meet the filter's criteria. - Id: - allOf: - - $ref: '#/components/schemas/IntelligentTieringId' - - description: The ID used to identify the S3 Intelligent-Tiering - configuration. - Status: - allOf: - - $ref: '#/components/schemas/IntelligentTieringStatus' - - description: Specifies the status of the configuration. - Tiering: - allOf: - - $ref: '#/components/schemas/TieringList' - - description: Specifies the S3 Intelligent-Tiering storage - class tier of the configuration. - type: object - required: - - IntelligentTieringConfiguration - type: object - required: true - responses: - '200': - description: Success - /?inventory: - get: - description:

Returns a list of inventory configurations for the bucket. You - can have up to 1,000 analytics configurations per bucket.

This action - supports list pagination and does not return more than 100 configurations - at a time. Always check the IsTruncated element in the response. - If there are no more configurations to list, IsTruncated is set - to false. If there are more configurations to list, IsTruncated - is set to true, and there is a value in NextContinuationToken. - You use the NextContinuationToken value to continue the pagination - of the list by passing the value in continuation-token in the request to GET - the next page.

To use this operation, you must have permissions to - perform the s3:GetInventoryConfiguration action. The bucket owner - has this permission by default. The bucket owner can grant this permission - to others. For more information about permissions, see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources.

For information - about the Amazon S3 inventory feature, see Amazon - S3 Inventory

The following operations are related to ListBucketInventoryConfigurations:

- - operationId: ListBucketInventoryConfigurations - parameters: - - description: The marker used to continue an inventory configuration listing - that has been truncated. Use the NextContinuationToken from a previously - truncated list response to continue the listing. The continuation token - is an opaque value that Amazon S3 understands. - in: query - name: continuation-token - required: false - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: inventory - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/ListBucketInventoryConfigurationsOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - /?inventory#id: - delete: - description: '

Deletes an inventory configuration (identified by the inventory - ID) from the bucket.

To use this operation, you must have permissions - to perform the s3:PutInventoryConfiguration action. The bucket - owner has this permission by default. The bucket owner can grant this permission - to others. For more information about permissions, see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources.

For information - about the Amazon S3 inventory feature, see Amazon - S3 Inventory.

Operations related to DeleteBucketInventoryConfiguration - include:

' - operationId: DeleteBucketInventoryConfiguration - parameters: - - description: The ID used to identify the inventory configuration. - in: query - name: id - required: true - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: inventory - required: true - schema: - enum: - - true - type: boolean - responses: - '204': - description: Success - get: - description:

Returns an inventory configuration (identified by the inventory - configuration ID) from the bucket.

To use this operation, you must - have permissions to perform the s3:GetInventoryConfiguration - action. The bucket owner has this permission by default and can grant this - permission to others. For more information about permissions, see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources.

For information - about the Amazon S3 inventory feature, see Amazon - S3 Inventory.

The following operations are related to GetBucketInventoryConfiguration:

- - operationId: GetBucketInventoryConfiguration - parameters: - - description: The ID used to identify the inventory configuration. - in: query - name: id - required: true - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: inventory - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketInventoryConfigurationOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

This implementation of the PUT action adds an inventory - configuration (identified by the inventory ID) to the bucket. You can have - up to 1,000 inventory configurations per bucket.

Amazon S3 inventory - generates inventories of the objects in the bucket on a daily or weekly basis, - and the results are published to a flat file. The bucket that is inventoried - is called the source bucket, and the bucket where the inventory flat - file is stored is called the destination bucket. The destination - bucket must be in the same Amazon Web Services Region as the source - bucket.

When you configure an inventory for a source bucket, - you specify the destination bucket where you want the inventory to - be stored, and whether to generate the inventory daily or weekly. You can - also configure what object metadata to include and whether to inventory all - object versions or only current versions. For more information, see Amazon - S3 Inventory in the Amazon S3 User Guide.

You must - create a bucket policy on the destination bucket to grant permissions - to Amazon S3 to write objects to the bucket in the defined location. For an - example policy, see - Granting Permissions for Amazon S3 Inventory and Storage Class Analysis.

-

To use this operation, you must have permissions to perform - the s3:PutInventoryConfiguration action. The bucket owner has - this permission by default and can grant this permission to others. For more - information about permissions, see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

-

Special Errors

  • HTTP - 400 Bad Request Error

    • Code: InvalidArgument

      -

    • Cause: Invalid Argument

  • HTTP 400 Bad Request Error

    • Code: - TooManyConfigurations

    • Cause: You are attempting - to create a new configuration but have already reached the 1,000-configuration - limit.

  • HTTP 403 Forbidden - Error

    • Code: AccessDenied

    • - Cause: You are not the owner of the specified bucket, or you do not - have the s3:PutInventoryConfiguration bucket permission to set - the configuration on the bucket.

- Related Resources

- operationId: PutBucketInventoryConfiguration - parameters: - - description: The ID used to identify the inventory configuration. - in: query - name: id - required: true - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: inventory - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - InventoryConfiguration: - description: 'Specifies the inventory configuration for an Amazon - S3 bucket. For more information, see GET - Bucket inventory in the Amazon S3 API Reference. ' - properties: - Destination: - allOf: - - $ref: '#/components/schemas/InventoryDestination' - - description: Contains information about where to publish the - inventory results. - Filter: - allOf: - - $ref: '#/components/schemas/InventoryFilter' - - description: Specifies an inventory filter. The inventory - only includes objects that meet the filter's criteria. - Id: - allOf: - - $ref: '#/components/schemas/InventoryId' - - description: The ID used to identify the inventory configuration. - IncludedObjectVersions: - allOf: - - $ref: '#/components/schemas/InventoryIncludedObjectVersions' - - description: Object versions to include in the inventory list. - If set to All, the list includes all the object - versions, which adds the version-related fields VersionId, - IsLatest, and DeleteMarker to - the list. If set to Current, the list does - not contain these version-related fields. - IsEnabled: - allOf: - - $ref: '#/components/schemas/IsEnabled' - - description: Specifies whether the inventory is enabled or - disabled. If set to True, an inventory list - is generated. If set to False, no inventory - list is generated. - OptionalFields: - allOf: - - $ref: '#/components/schemas/InventoryOptionalFields' - - description: Contains the optional fields that are included - in the inventory results. - Schedule: - allOf: - - $ref: '#/components/schemas/InventorySchedule' - - description: Specifies the schedule for generating inventory - results. - type: object - required: - - InventoryConfiguration - type: object - required: true - responses: - '200': - description: Success - /?lifecycle: - delete: - description:

Deletes the lifecycle configuration from the specified bucket. - Amazon S3 removes all the lifecycle configuration rules in the lifecycle subresource - associated with the bucket. Your objects never expire, and Amazon S3 no longer - automatically deletes any objects on the basis of rules contained in the deleted - lifecycle configuration.

To use this operation, you must have permission - to perform the s3:PutLifecycleConfiguration action. By default, - the bucket owner has this permission and the bucket owner can grant this permission - to others.

There is usually some time lag before lifecycle configuration - deletion is fully propagated to all the Amazon S3 systems.

For more - information about the object expiration, see Elements - to Describe Lifecycle Actions.

Related actions include:

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETElifecycle.html - operationId: DeleteBucketLifecycle - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: lifecycle - required: true - schema: - enum: - - true - type: boolean - responses: - '204': - description: Success - get: - description: '

Bucket lifecycle configuration now supports specifying - a lifecycle rule using an object key name prefix, one or more object tags, - or a combination of both. Accordingly, this section describes the latest API. - The response describes the new filter element that you can use to specify - a filter to select a subset of objects to which the rule applies. If you are - using a previous version of the lifecycle configuration, it still works. For - the earlier action, see GetBucketLifecycle.

-

Returns the lifecycle configuration information set on the bucket. - For information about lifecycle configuration, see Object - Lifecycle Management.

To use this operation, you must have permission - to perform the s3:GetLifecycleConfiguration action. The bucket - owner has this permission, by default. The bucket owner can grant this permission - to others. For more information about permissions, see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources.

GetBucketLifecycleConfiguration - has the following special error:

  • Error code: NoSuchLifecycleConfiguration -

    • Description: The lifecycle configuration does not exist.

      -

    • HTTP Status Code: 404 Not Found

    • SOAP Fault - Code Prefix: Client

The following operations - are related to GetBucketLifecycleConfiguration:

' - operationId: GetBucketLifecycleConfiguration - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: lifecycle - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketLifecycleConfigurationOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

Creates a new lifecycle configuration for the bucket or replaces - an existing lifecycle configuration. Keep in mind that this will overwrite - an existing lifecycle configuration, so if you want to retain any configuration - details, they must be included in the new lifecycle configuration. For information - about lifecycle configuration, see Managing - your storage lifecycle.

Bucket lifecycle configuration now - supports specifying a lifecycle rule using an object key name prefix, one - or more object tags, or a combination of both. Accordingly, this section describes - the latest API. The previous version of the API supported filtering based - only on an object key name prefix, which is supported for backward compatibility. - For the related API description, see PutBucketLifecycle.

-

Rules

You specify the lifecycle configuration in - your request body. The lifecycle configuration is specified as XML consisting - of one or more rules. An Amazon S3 Lifecycle configuration can have up to - 1,000 rules. This limit is not adjustable. Each rule consists of the following:

-

  • Filter identifying a subset of objects to which the rule applies. - The filter can be based on a key name prefix, object tags, or a combination - of both.

  • Status whether the rule is in effect.

    • -

  • One or more lifecycle transition and expiration actions that you want - Amazon S3 to perform on the objects identified by the filter. If the state - of your bucket is versioning-enabled or versioning-suspended, you can have - many versions of the same object (one current version and zero or more noncurrent - versions). Amazon S3 provides predefined actions that you can specify for - current and noncurrent object versions.

For more information, - see Object - Lifecycle Management and Lifecycle - Configuration Elements.

Permissions

By default, - all Amazon S3 resources are private, including buckets, objects, and related - subresources (for example, lifecycle configuration and website configuration). - Only the resource owner (that is, the Amazon Web Services account that created - it) can access the resource. The resource owner can optionally grant access - permissions to others by writing an access policy. For this operation, a user - must get the s3:PutLifecycleConfiguration permission.

You - can also explicitly deny permissions. Explicit deny also supersedes any other - permissions. If you want to block users or accounts from removing or deleting - objects from your bucket, you must deny them permissions for the following - actions:

  • s3:DeleteObject

  • - s3:DeleteObjectVersion

  • s3:PutLifecycleConfiguration -

For more information about permissions, see Managing - Access Permissions to Your Amazon S3 Resources.

The following are - related to PutBucketLifecycleConfiguration:

- operationId: PutBucketLifecycleConfiguration - parameters: - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: lifecycle - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - LifecycleConfiguration: - description: Specifies the lifecycle configuration for objects in - an Amazon S3 bucket. For more information, see Object - Lifecycle Management in the Amazon S3 User Guide. - properties: - Rule: - allOf: - - $ref: '#/components/schemas/LifecycleRules' - - description: A lifecycle rule for individual objects in an - Amazon S3 bucket. - type: object - type: object - required: true - responses: - '200': - description: Success - /?lifecycle#deprecated!: - get: - deprecated: true - description: '

For an updated version of this API, see GetBucketLifecycleConfiguration. - If you configured a bucket lifecycle using the filter element, - you should see the updated version of this topic. This topic is provided for - backward compatibility.

Returns the lifecycle configuration - information set on the bucket. For information about lifecycle configuration, - see Object - Lifecycle Management.

To use this operation, you must have permission - to perform the s3:GetLifecycleConfiguration action. The bucket - owner has this permission by default. The bucket owner can grant this permission - to others. For more information about permissions, see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources.

GetBucketLifecycle - has the following special error:

  • Error code: NoSuchLifecycleConfiguration -

    • Description: The lifecycle configuration does not exist.

      -

    • HTTP Status Code: 404 Not Found

    • SOAP Fault - Code Prefix: Client

The following operations - are related to GetBucketLifecycle:

' - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETlifecycle.html - operationId: GetBucketLifecycle - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: lifecycle - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketLifecycleOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - deprecated: true - description: "

For an updated version of this API, see PutBucketLifecycleConfiguration. This version has been deprecated. Existing\ - \ lifecycle configurations will work. For new lifecycle configurations, use\ - \ the updated API.

Creates a new lifecycle configuration\ - \ for the bucket or replaces an existing lifecycle configuration. For information\ - \ about lifecycle configuration, see Object Lifecycle Management in the Amazon S3 User Guide.

\ - \

By default, all Amazon S3 resources, including buckets, objects, and\ - \ related subresources (for example, lifecycle configuration and website configuration)\ - \ are private. Only the resource owner, the Amazon Web Services account that\ - \ created the resource, can access it. The resource owner can optionally grant\ - \ access permissions to others by writing an access policy. For this operation,\ - \ users must get the s3:PutLifecycleConfiguration permission.

\ - \

You can also explicitly deny permissions. Explicit denial also supersedes\ - \ any other permissions. If you want to prevent users or accounts from removing\ - \ or deleting objects from your bucket, you must deny them permissions for\ - \ the following actions:

  • s3:DeleteObject

    \ - \

  • s3:DeleteObjectVersion

  • s3:PutLifecycleConfiguration\ - \

For more information about permissions, see Managing Access Permissions to your Amazon S3 Resources in the Amazon\ - \ S3 User Guide.

For more examples of transitioning objects to\ - \ storage classes such as STANDARD_IA or ONEZONE_IA, see Examples of Lifecycle Configuration.

Related\ - \ Resources

" - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html - operationId: PutBucketLifecycle - parameters: - - description:

For requests made using the Amazon Web Services Command - Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated - automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: lifecycle - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - LifecycleConfiguration: - description: Container for lifecycle rules. You can add as many - as 1000 rules. - properties: - Rule: - allOf: - - $ref: '#/components/schemas/Rules' - - description: 'Specifies lifecycle configuration rules for - an Amazon S3 bucket. ' - type: object - type: object - required: true - responses: - '200': - description: Success - /?list-type=2: - get: - description:

Returns some or all (up to 1,000) of the objects in a bucket - with each request. You can use the request parameters as selection criteria - to return a subset of the objects in a bucket. A 200 OK response - can contain valid or invalid XML. Make sure to design your application to - parse the contents of the response and handle it appropriately. Objects are - returned sorted in an ascending order of the respective key names in the list. - For more information about listing objects, see Listing - object keys programmatically

To use this operation, you must have - READ access to the bucket.

To use this action in an Identity and Access - Management (IAM) policy, you must have permissions to perform the s3:ListBucket - action. The bucket owner has this permission by default and can grant this - permission to others. For more information about permissions, see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources.

This - section describes the latest revision of this action. We recommend that you - use this revised API for application development. For backward compatibility, - Amazon S3 continues to support the prior version of this API, ListObjects.

-

To get a list of your buckets, see ListBuckets.

-

The following operations are related to ListObjectsV2:

- - operationId: ListObjectsV2 - parameters: - - description: A delimiter is a character you use to group keys. - in: query - name: delimiter - required: false - schema: - type: string - - description: Encoding type used by Amazon S3 to encode object keys in the - response. - in: query - name: encoding-type - required: false - schema: - description: Requests Amazon S3 to encode the object keys in the response - and specifies the encoding method to use. An object key may contain any - Unicode character; however, XML 1.0 parser cannot parse some characters, - such as characters with an ASCII value from 0 to 10. For characters that - are not supported in XML 1.0, you can add this parameter to request that - Amazon S3 encode the keys in the response. - enum: - - url - type: string - - description: Sets the maximum number of keys returned in the response. By - default the action returns up to 1,000 key names. The response might contain - fewer keys but will never contain more. - in: query - name: max-keys - required: false - schema: - type: integer - - description: Limits the response to keys that begin with the specified prefix. - in: query - name: prefix - required: false - schema: - type: string - - description: ContinuationToken indicates Amazon S3 that the list is being - continued on this bucket with a token. ContinuationToken is obfuscated and - is not a real key. - in: query - name: continuation-token - required: false - schema: - type: string - - description: The owner field is not present in listV2 by default, if you want - to return owner field with each key in the result then set the fetch owner - field to true. - in: query - name: fetch-owner - required: false - schema: - type: boolean - - description: StartAfter is where you want Amazon S3 to start listing from. - Amazon S3 starts listing after this specified key. StartAfter can be any - key in the bucket. - in: query - name: start-after - required: false - schema: - type: string - - description: Confirms that the requester knows that she or he will be charged - for the list objects request in V2 style. Bucket owners need not specify - this parameter in their requests. - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description: Pagination limit - in: query - name: MaxKeys - required: false - schema: - type: string - - description: Pagination token - in: query - name: ContinuationToken - required: false - schema: - type: string - - in: query - name: list-type - required: true - schema: - enum: - - '2' - type: string - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/ListObjectsV2Output' - description: Success - '480': - content: - text/xml: - schema: - $ref: '#/components/schemas/NoSuchBucket' - description: NoSuchBucket - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - /?location: - get: - description:

Returns the Region the bucket resides in. You set the bucket's - Region using the LocationConstraint request parameter in a CreateBucket - request. For more information, see CreateBucket.

-

To use this implementation of the operation, you must be the bucket owner.

-

To use this API against an access point, provide the alias of the access - point in place of the bucket name.

The following operations are related - to GetBucketLocation:

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETlocation.html - operationId: GetBucketLocation - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: location - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketLocationOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - /?logging: - get: - description:

Returns the logging status of a bucket and the permissions users - have to view and modify that status. To use GET, you must be the bucket owner.

-

The following operations are related to GetBucketLogging:

- - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETlogging.html - operationId: GetBucketLogging - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: logging - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketLoggingOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

Set the logging parameters for a bucket and to specify permissions - for who can view and modify the logging parameters. All logs are saved to - buckets in the same Amazon Web Services Region as the source bucket. To set - the logging status of a bucket, you must be the bucket owner.

The bucket - owner is automatically granted FULL_CONTROL to all logs. You use the Grantee - request element to grant access to other people. The Permissions - request element specifies the kind of access the grantee has to the logs.

-

If the target bucket for log delivery uses the bucket owner - enforced setting for S3 Object Ownership, you can't use the Grantee - request element to grant access to others. Permissions can only be granted - using policies. For more information, see Permissions - for server access log delivery in the Amazon S3 User Guide.

-

Grantee Values

You can specify the person - (grantee) to whom you're assigning access rights (using request elements) - in the following ways:

  • By the person's ID:

    <Grantee - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName> - </Grantee>

    DisplayName is optional and ignored in the - request.

  • By Email address:

    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:type="AmazonCustomerByEmail"><EmailAddress><>Grantees@email.com<></EmailAddress></Grantee> -

    The grantee is resolved to the CanonicalUser and, in a response to - a GET Object acl request, appears as the CanonicalUser.

  • By - URI:

    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:type="Group"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee> -

To enable logging, you use LoggingEnabled and its children - request elements. To disable logging, you use an empty BucketLoggingStatus - request element:

<BucketLoggingStatus xmlns="http://doc.s3.amazonaws.com/2006-03-01" - />

For more information about server access logging, see - Server - Access Logging in the Amazon S3 User Guide.

For more information - about creating a bucket, see CreateBucket. - For more information about returning the logging status of a bucket, see GetBucketLogging.

-

The following operations are related to PutBucketLogging:

- - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTlogging.html - operationId: PutBucketLogging - parameters: - - description:

The MD5 hash of the PutBucketLogging request - body.

For requests made using the Amazon Web Services Command Line - Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: logging - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - BucketLoggingStatus: - description: Container for logging status information. - properties: - LoggingEnabled: - $ref: '#/components/schemas/LoggingEnabled' - type: object - required: - - BucketLoggingStatus - type: object - required: true - responses: - '200': - description: Success - /?metrics: - get: - description:

Lists the metrics configurations for the bucket. The metrics - configurations are only for the request metrics of the bucket and do not provide - information on daily storage metrics. You can have up to 1,000 configurations - per bucket.

This action supports list pagination and does not return - more than 100 configurations at a time. Always check the IsTruncated - element in the response. If there are no more configurations to list, IsTruncated - is set to false. If there are more configurations to list, IsTruncated - is set to true, and there is a value in NextContinuationToken. - You use the NextContinuationToken value to continue the pagination - of the list by passing the value in continuation-token in the - request to GET the next page.

To use this operation, you - must have permissions to perform the s3:GetMetricsConfiguration - action. The bucket owner has this permission by default. The bucket owner - can grant this permission to others. For more information about permissions, - see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources.

For more information - about metrics configurations and CloudWatch request metrics, see Monitoring - Metrics with Amazon CloudWatch.

The following operations are related - to ListBucketMetricsConfigurations:

- operationId: ListBucketMetricsConfigurations - parameters: - - description: The marker that is used to continue a metrics configuration listing - that has been truncated. Use the NextContinuationToken from a previously - truncated list response to continue the listing. The continuation token - is an opaque value that Amazon S3 understands. - in: query - name: continuation-token - required: false - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: metrics - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/ListBucketMetricsConfigurationsOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - /?metrics#id: - delete: - description:

Deletes a metrics configuration for the Amazon CloudWatch request - metrics (specified by the metrics configuration ID) from the bucket. Note - that this doesn't include the daily storage metrics.

To use this operation, - you must have permissions to perform the s3:PutMetricsConfiguration - action. The bucket owner has this permission by default. The bucket owner - can grant this permission to others. For more information about permissions, - see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources.

For information - about CloudWatch request metrics for Amazon S3, see Monitoring - Metrics with Amazon CloudWatch.

The following operations are related - to DeleteBucketMetricsConfiguration:

- operationId: DeleteBucketMetricsConfiguration - parameters: - - description: The ID used to identify the metrics configuration. - in: query - name: id - required: true - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: metrics - required: true - schema: - enum: - - true - type: boolean - responses: - '204': - description: Success - get: - description:

Gets a metrics configuration (specified by the metrics configuration - ID) from the bucket. Note that this doesn't include the daily storage metrics.

-

To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration - action. The bucket owner has this permission by default. The bucket owner - can grant this permission to others. For more information about permissions, - see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources.

For information - about CloudWatch request metrics for Amazon S3, see Monitoring - Metrics with Amazon CloudWatch.

The following operations are related - to GetBucketMetricsConfiguration:

- operationId: GetBucketMetricsConfiguration - parameters: - - description: The ID used to identify the metrics configuration. - in: query - name: id - required: true - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: metrics - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketMetricsConfigurationOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description: '

Sets a metrics configuration (specified by the metrics configuration - ID) for the bucket. You can have up to 1,000 metrics configurations per bucket. - If you''re updating an existing metrics configuration, note that this is a - full replacement of the existing metrics configuration. If you don''t include - the elements you want to keep, they are erased.

To use this operation, - you must have permissions to perform the s3:PutMetricsConfiguration - action. The bucket owner has this permission by default. The bucket owner - can grant this permission to others. For more information about permissions, - see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources.

For information - about CloudWatch request metrics for Amazon S3, see Monitoring - Metrics with Amazon CloudWatch.

The following operations are related - to PutBucketMetricsConfiguration:

GetBucketLifecycle has the following special - error:

  • Error code: TooManyConfigurations

    -

    • Description: You are attempting to create a new configuration - but have already reached the 1,000-configuration limit.

    • HTTP - Status Code: HTTP 400 Bad Request

' - operationId: PutBucketMetricsConfiguration - parameters: - - description: The ID used to identify the metrics configuration. - in: query - name: id - required: true - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: metrics - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - MetricsConfiguration: - description: Specifies a metrics configuration for the CloudWatch - request metrics (specified by the metrics configuration ID) from - an Amazon S3 bucket. If you're updating an existing metrics configuration, - note that this is a full replacement of the existing metrics configuration. - If you don't include the elements you want to keep, they are erased. - For more information, see PutBucketMetricsConfiguration. - properties: - Filter: - allOf: - - $ref: '#/components/schemas/MetricsFilter' - - description: Specifies a metrics configuration filter. The - metrics configuration will only include objects that meet - the filter's criteria. A filter must be a prefix, an object - tag, an access point ARN, or a conjunction (MetricsAndOperator). - Id: - allOf: - - $ref: '#/components/schemas/MetricsId' - - description: The ID used to identify the metrics configuration. - type: object - required: - - MetricsConfiguration - type: object - required: true - responses: - '200': - description: Success - /?notification: - get: - description:

Returns the notification configuration of a bucket.

If - notifications are not enabled on the bucket, the action returns an empty NotificationConfiguration - element.

By default, you must be the bucket owner to read the notification - configuration of a bucket. However, the bucket owner can use a bucket policy - to grant permission to other users to read this configuration with the s3:GetBucketNotification - permission.

For more information about setting and reading the notification - configuration on a bucket, see Setting - Up Notification of Bucket Events. For more information about bucket policies, - see Using - Bucket Policies.

The following action is related to GetBucketNotification:

- - operationId: GetBucketNotificationConfiguration - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: notification - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/NotificationConfiguration' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

Enables notifications of specified events for a bucket. For - more information about event notifications, see Configuring - Event Notifications.

Using this API, you can replace an existing - notification configuration. The configuration is an XML file that defines - the event types that you want Amazon S3 to publish and the destination where - you want Amazon S3 to publish an event notification when it detects an event - of the specified type.

By default, your bucket has no event notifications - configured. That is, the notification configuration will be an empty NotificationConfiguration.

-

<NotificationConfiguration>

</NotificationConfiguration> -

This action replaces the existing notification configuration with - the configuration you include in the request body.

After Amazon S3 - receives this request, it first verifies that any Amazon Simple Notification - Service (Amazon SNS) or Amazon Simple Queue Service (Amazon SQS) destination - exists, and that the bucket owner has permission to publish to it by sending - a test notification. In the case of Lambda destinations, Amazon S3 verifies - that the Lambda function permissions grant Amazon S3 permission to invoke - the function from the Amazon S3 bucket. For more information, see Configuring - Notifications for Amazon S3 Events.

You can disable notifications - by adding the empty NotificationConfiguration element.

For more information - about the number of event notification configurations that you can create - per bucket, see Amazon - S3 service quotas in Amazon Web Services General Reference.

-

By default, only the bucket owner can configure notifications on a bucket. - However, bucket owners can use a bucket policy to grant permission to other - users to set this configuration with s3:PutBucketNotification - permission.

The PUT notification is an atomic operation. For - example, suppose your notification configuration includes SNS topic, SQS queue, - and Lambda function configurations. When you send a PUT request with this - configuration, Amazon S3 sends test messages to your SNS topic. If the message - fails, the entire PUT action will fail, and Amazon S3 will not add the configuration - to your bucket.

Responses

If the configuration - in the request body includes only one TopicConfiguration specifying - only the s3:ReducedRedundancyLostObject event type, the response - will also include the x-amz-sns-test-message-id header containing - the message ID of the test notification sent to the topic.

The following - action is related to PutBucketNotificationConfiguration:

- - operationId: PutBucketNotificationConfiguration - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description: Skips validation of Amazon SQS, Amazon SNS, and Lambda destinations. - True or false value. - in: header - name: x-amz-skip-destination-validation - required: false - schema: - type: boolean - - allowEmptyValue: true - in: query - name: notification - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - NotificationConfiguration: - description: A container for specifying the notification configuration - of the bucket. If this element is empty, notifications are turned - off for the bucket. - properties: - CloudFunctionConfiguration: - allOf: - - $ref: '#/components/schemas/LambdaFunctionConfigurationList' - - description: Describes the Lambda functions to invoke and - the events for which to invoke them. - EventBridgeConfiguration: - allOf: - - $ref: '#/components/schemas/EventBridgeConfiguration' - - description: Enables delivery of events to Amazon EventBridge. - QueueConfiguration: - allOf: - - $ref: '#/components/schemas/QueueConfigurationList' - - description: The Amazon Simple Queue Service queues to publish - messages to and the events for which to publish messages. - TopicConfiguration: - allOf: - - $ref: '#/components/schemas/TopicConfigurationList' - - description: The topic to which notifications are sent and - the events for which notifications are generated. - type: object - required: - - NotificationConfiguration - type: object - required: true - responses: - '200': - description: Success - /?notification#deprecated!: - get: - deprecated: true - description: ' No longer used, see GetBucketNotificationConfiguration.' - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETnotification.html - operationId: GetBucketNotification - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: notification - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/NotificationConfigurationDeprecated' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - deprecated: true - description: ' No longer used, see the PutBucketNotificationConfiguration - operation.' - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTnotification.html - operationId: PutBucketNotification - parameters: - - description:

The MD5 hash of the PutPublicAccessBlock request - body.

For requests made using the Amazon Web Services Command Line - Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: notification - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - NotificationConfiguration: - description: The container for the configuration. - example: - QueueConfiguration: - Event: s3:ObjectCreated:Put - Events: - - s3:ObjectCreated:Put - Id: MDQ2OGQ4NDEtOTBmNi00YTM4LTk0NzYtZDIwN2I3NWQ1NjIx - Queue: arn:aws:sqs:us-east-1:acct-id:S3ObjectCreatedEventQueue - TopicConfiguration: - Event: s3:ObjectCreated:Copy - Events: - - s3:ObjectCreated:Copy - Id: YTVkMWEzZGUtNTY1NS00ZmE2LWJjYjktMmRlY2QwODFkNTJi - Topic: arn:aws:sns:us-east-1:acct-id:S3ObjectCreatedEventTopic - properties: - CloudFunctionConfiguration: - allOf: - - $ref: '#/components/schemas/CloudFunctionConfiguration' - - description: Container for specifying the Lambda notification - configuration. - QueueConfiguration: - allOf: - - $ref: '#/components/schemas/QueueConfigurationDeprecated' - - description: 'This data type is deprecated. This data type - specifies the configuration for publishing messages to an - Amazon Simple Queue Service (Amazon SQS) queue when Amazon - S3 detects specified events. ' - TopicConfiguration: - allOf: - - $ref: '#/components/schemas/TopicConfigurationDeprecated' - - description: 'This data type is deprecated. A container for - specifying the configuration for publication of messages - to an Amazon Simple Notification Service (Amazon SNS) topic - when Amazon S3 detects specified events. ' - type: object - required: - - NotificationConfiguration - type: object - required: true - responses: - '200': - description: Success - /?object-lock: - get: - description:

Gets the Object Lock configuration for a bucket. The rule specified - in the Object Lock configuration will be applied by default to every new object - placed in the specified bucket. For more information, see Locking - Objects.

The following action is related to GetObjectLockConfiguration:

- - operationId: GetObjectLockConfiguration - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: object-lock - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetObjectLockConfigurationOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

Places an Object Lock configuration on the specified bucket. - The rule specified in the Object Lock configuration will be applied by default - to every new object placed in the specified bucket. For more information, - see Locking - Objects.

  • The DefaultRetention settings - require both a mode and a period.

  • The DefaultRetention - period can be either Days or Years but you must - select one. You cannot specify Days and Years at - the same time.

  • You can only enable Object Lock for new buckets. - If you want to turn on Object Lock for an existing bucket, contact Amazon - Web Services Support.

 - operationId: PutObjectLockConfiguration - parameters: - - description: '' - in: header - name: x-amz-request-payer - required: false - schema: - description: Confirms that the requester knows that they will be charged - for the request. Bucket owners need not specify this parameter in their - requests. For information about downloading objects from Requester Pays - buckets, see Downloading - Objects in Requester Pays Buckets in the Amazon S3 User Guide. - enum: - - requester - type: string - - description: A token to allow Object Lock to be enabled for an existing bucket. - in: header - name: x-amz-bucket-object-lock-token - required: false - schema: - type: string - - description:

The MD5 hash for the request body.

For requests made - using the Amazon Web Services Command Line Interface (CLI) or Amazon Web - Services SDKs, this field is calculated automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: object-lock - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - ObjectLockConfiguration: - description: The container element for Object Lock configuration - parameters. - properties: - ObjectLockEnabled: - allOf: - - $ref: '#/components/schemas/ObjectLockEnabled' - - description: 'Indicates whether this bucket has an Object - Lock configuration enabled. Enable ObjectLockEnabled - when you apply ObjectLockConfiguration to a - bucket. ' - Rule: - allOf: - - $ref: '#/components/schemas/ObjectLockRule' - - description: Specifies the Object Lock rule for the specified - object. Enable the this rule when you apply ObjectLockConfiguration - to a bucket. Bucket settings require both a mode and a period. - The period can be either Days or Years - but you must select one. You cannot specify Days - and Years at the same time. - type: object - type: object - required: true - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/PutObjectLockConfigurationOutput' - description: Success - /?ownershipControls: - delete: - description:

Removes OwnershipControls for an Amazon S3 bucket. - To use this operation, you must have the s3:PutBucketOwnershipControls - permission. For more information about Amazon S3 permissions, see Specifying - Permissions in a Policy.

For information about Amazon S3 Object - Ownership, see Using - Object Ownership.

The following operations are related to DeleteBucketOwnershipControls:

- - operationId: DeleteBucketOwnershipControls - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: ownershipControls - required: true - schema: - enum: - - true - type: boolean - responses: - '204': - description: Success - get: - description:

Retrieves OwnershipControls for an Amazon S3 bucket. - To use this operation, you must have the s3:GetBucketOwnershipControls - permission. For more information about Amazon S3 permissions, see Specifying - permissions in a policy.

For information about Amazon S3 Object - Ownership, see Using - Object Ownership.

The following operations are related to GetBucketOwnershipControls:

- - operationId: GetBucketOwnershipControls - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: ownershipControls - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketOwnershipControlsOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

Creates or modifies OwnershipControls for an Amazon - S3 bucket. To use this operation, you must have the s3:PutBucketOwnershipControls - permission. For more information about Amazon S3 permissions, see Specifying - permissions in a policy.

For information about Amazon S3 Object - Ownership, see Using - object ownership.

The following operations are related to PutBucketOwnershipControls:

- - operationId: PutBucketOwnershipControls - parameters: - - description:

The MD5 hash of the OwnershipControls request - body.

For requests made using the Amazon Web Services Command Line - Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: ownershipControls - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - OwnershipControls: - description: The container element for a bucket's ownership controls. - properties: - Rule: - allOf: - - $ref: '#/components/schemas/OwnershipControlsRules' - - description: The container element for an ownership control - rule. - type: object - required: - - OwnershipControls - type: object - required: true - responses: - '200': - description: Success - /?policy: - delete: - description:

This implementation of the DELETE action uses the policy subresource - to delete the policy of a specified bucket. If you are using an identity other - than the root user of the Amazon Web Services account that owns the bucket, - the calling identity must have the DeleteBucketPolicy permissions - on the specified bucket and belong to the bucket owner's account to use this - operation.

If you don't have DeleteBucketPolicy permissions, - Amazon S3 returns a 403 Access Denied error. If you have the - correct permissions, but you're not using an identity that belongs to the - bucket owner's account, Amazon S3 returns a 405 Method Not Allowed - error.

As a security precaution, the root user of the - Amazon Web Services account that owns a bucket can always use this operation, - even if the policy explicitly denies the root user the ability to perform - this action.

For more information about bucket policies, - see Using - Bucket Policies and UserPolicies.

The following operations are - related to DeleteBucketPolicy

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETEpolicy.html - operationId: DeleteBucketPolicy - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: policy - required: true - schema: - enum: - - true - type: boolean - responses: - '204': - description: Success - get: - description:

Returns the policy of a specified bucket. If you are using an - identity other than the root user of the Amazon Web Services account that - owns the bucket, the calling identity must have the GetBucketPolicy - permissions on the specified bucket and belong to the bucket owner's account - in order to use this operation.

If you don't have GetBucketPolicy - permissions, Amazon S3 returns a 403 Access Denied error. If - you have the correct permissions, but you're not using an identity that belongs - to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed - error.

As a security precaution, the root user of the Amazon - Web Services account that owns a bucket can always use this operation, even - if the policy explicitly denies the root user the ability to perform this - action.

For more information about bucket policies, see - Using - Bucket Policies and User Policies.

The following action is related - to GetBucketPolicy:

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETpolicy.html - operationId: GetBucketPolicy - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: policy - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketPolicyOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If - you are using an identity other than the root user of the Amazon Web Services - account that owns the bucket, the calling identity must have the PutBucketPolicy - permissions on the specified bucket and belong to the bucket owner's account - in order to use this operation.

If you don't have PutBucketPolicy - permissions, Amazon S3 returns a 403 Access Denied error. If - you have the correct permissions, but you're not using an identity that belongs - to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed - error.

As a security precaution, the root user of the - Amazon Web Services account that owns a bucket can always use this operation, - even if the policy explicitly denies the root user the ability to perform - this action.

For more information, see Bucket - policy examples.

The following operations are related to PutBucketPolicy:

- - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTpolicy.html - operationId: PutBucketPolicy - parameters: - - description:

The MD5 hash of the request body.

For requests made - using the Amazon Web Services Command Line Interface (CLI) or Amazon Web - Services SDKs, this field is calculated automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: Set this parameter to true to confirm that you want to remove - your permissions to change this bucket policy in the future. - in: header - name: x-amz-confirm-remove-self-bucket-access - required: false - schema: - type: boolean - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: policy - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - Policy: - description: The bucket policy as a JSON document. - type: string - required: - - Policy - type: object - required: true - responses: - '200': - description: Success - /?policyStatus: - get: - description:

Retrieves the policy status for an Amazon S3 bucket, indicating - whether the bucket is public. In order to use this operation, you must have - the s3:GetBucketPolicyStatus permission. For more information - about Amazon S3 permissions, see Specifying - Permissions in a Policy.

For more information about when Amazon - S3 considers a bucket public, see The - Meaning of "Public".

The following operations are related to GetBucketPolicyStatus:

- - operationId: GetBucketPolicyStatus - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: policyStatus - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketPolicyStatusOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - /?publicAccessBlock: - delete: - description:

Removes the PublicAccessBlock configuration for - an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock - permission. For more information about permissions, see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources.

The following operations - are related to DeletePublicAccessBlock:

- operationId: DeletePublicAccessBlock - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: publicAccessBlock - required: true - schema: - enum: - - true - type: boolean - responses: - '204': - description: Success - get: - description:

Retrieves the PublicAccessBlock configuration for - an Amazon S3 bucket. To use this operation, you must have the s3:GetBucketPublicAccessBlock - permission. For more information about Amazon S3 permissions, see Specifying - Permissions in a Policy.

When Amazon S3 evaluates the - PublicAccessBlock configuration for a bucket or an object, it - checks the PublicAccessBlock configuration for both the bucket - (or the bucket that contains the object) and the bucket owner's account. If - the PublicAccessBlock settings are different between the bucket - and the account, Amazon S3 uses the most restrictive combination of the bucket-level - and account-level settings.

For more information about - when Amazon S3 considers a bucket or an object public, see The - Meaning of "Public".

The following operations are related to GetPublicAccessBlock:

- - operationId: GetPublicAccessBlock - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: publicAccessBlock - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetPublicAccessBlockOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

Creates or modifies the PublicAccessBlock configuration - for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock - permission. For more information about Amazon S3 permissions, see Specifying - Permissions in a Policy.

When Amazon S3 evaluates the - PublicAccessBlock configuration for a bucket or an object, it - checks the PublicAccessBlock configuration for both the bucket - (or the bucket that contains the object) and the bucket owner's account. If - the PublicAccessBlock configurations are different between the - bucket and the account, Amazon S3 uses the most restrictive combination of - the bucket-level and account-level settings.

For more - information about when Amazon S3 considers a bucket or an object public, see - The - Meaning of "Public".

Related Resources

- - operationId: PutPublicAccessBlock - parameters: - - description:

The MD5 hash of the PutPublicAccessBlock request - body.

For requests made using the Amazon Web Services Command Line - Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: publicAccessBlock - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - PublicAccessBlockConfiguration: - description: 'The PublicAccessBlock configuration that you want - to apply to this Amazon S3 bucket. You can enable the configuration - options in any combination. For more information about when Amazon - S3 considers a bucket or object public, see The - Meaning of "Public" in the Amazon S3 User Guide. ' - properties: {} - type: object - required: - - PublicAccessBlockConfiguration - type: object - required: true - responses: - '200': - description: Success - /?replication: - delete: - description:

Deletes the replication configuration from the bucket.

-

To use this operation, you must have permissions to perform the s3:PutReplicationConfiguration - action. The bucket owner has these permissions by default and can grant it - to others. For more information about permissions, see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources.

It can - take a while for the deletion of a replication configuration to fully propagate.

-

For information about replication configuration, see Replication - in the Amazon S3 User Guide.

The following operations are related - to DeleteBucketReplication:

- operationId: DeleteBucketReplication - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: replication - required: true - schema: - enum: - - true - type: boolean - responses: - '204': - description: Success - get: - description:

Returns the replication configuration of a bucket.

-

It can take a while to propagate the put or delete a replication configuration - to all Amazon S3 systems. Therefore, a get request soon after put or delete - can return a wrong result.

For information about replication - configuration, see Replication - in the Amazon S3 User Guide.

This action requires permissions - for the s3:GetReplicationConfiguration action. For more information - about permissions, see Using - Bucket Policies and User Policies.

If you include the Filter - element in a replication configuration, you must also include the DeleteMarkerReplication - and Priority elements. The response also returns those elements.

-

For information about GetBucketReplication errors, see List - of replication-related error codes

The following operations are - related to GetBucketReplication:

- operationId: GetBucketReplication - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: replication - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketReplicationOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description: '

Creates a replication configuration or replaces an existing - one. For more information, see Replication - in the Amazon S3 User Guide.

Specify the replication configuration - in the request body. In the replication configuration, you provide the name - of the destination bucket or buckets where you want Amazon S3 to replicate - objects, the IAM role that Amazon S3 can assume to replicate objects on your - behalf, and other relevant information.

A replication configuration - must include at least one rule, and can contain a maximum of 1,000. Each rule - identifies a subset of objects to replicate by filtering the objects in the - source bucket. To choose additional subsets of objects to replicate, add a - rule for each subset.

To specify a subset of the objects in the source - bucket to apply a replication rule to, add the Filter element as a child of - the Rule element. You can filter objects based on an object key prefix, one - or more object tags, or both. When you add the Filter element in the configuration, - you must also add the following elements: DeleteMarkerReplication, - Status, and Priority.

If you are using - an earlier version of the replication configuration, Amazon S3 handles replication - of delete markers differently. For more information, see Backward - Compatibility.

For information about enabling versioning - on a bucket, see Using - Versioning.

Handling Replication of Encrypted Objects

-

By default, Amazon S3 doesn''t replicate objects that are stored at rest - using server-side encryption with KMS keys. To replicate Amazon Web Services - KMS-encrypted objects, add the following: SourceSelectionCriteria, - SseKmsEncryptedObjects, Status, EncryptionConfiguration, - and ReplicaKmsKeyID. For information about replication configuration, - see Replicating - Objects Created with SSE Using KMS keys.

For information on PutBucketReplication - errors, see List - of replication-related error codes

Permissions

To - create a PutBucketReplication request, you must have s3:PutReplicationConfiguration - permissions for the bucket.

By default, a resource owner, in this - case the Amazon Web Services account that created the bucket, can perform - this operation. The resource owner can also grant others permissions to perform - the operation. For more information about permissions, see Specifying - Permissions in a Policy and Managing - Access Permissions to Your Amazon S3 Resources.

To perform - this operation, the user or role performing the action must have the iam:PassRole - permission.

The following operations are related to PutBucketReplication:

- ' - operationId: PutBucketReplication - parameters: - - description:

The base64-encoded 128-bit MD5 digest of the data. You must - use this header as a message integrity check to verify that the request - body was not corrupted in transit. For more information, see RFC - 1864.

For requests made using the Amazon Web Services Command - Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated - automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: A token to allow Object Lock to be enabled for an existing bucket. - in: header - name: x-amz-bucket-object-lock-token - required: false - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: replication - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - ReplicationConfiguration: - description: A container for replication rules. You can add up to - 1,000 rules. The maximum size of a replication configuration is - 2 MB. - properties: - Role: - allOf: - - $ref: '#/components/schemas/Role' - - description: The Amazon Resource Name (ARN) of the Identity - and Access Management (IAM) role that Amazon S3 assumes - when replicating objects. For more information, see How - to Set Up Replication in the Amazon S3 User Guide. - Rule: - allOf: - - $ref: '#/components/schemas/ReplicationRules' - - description: 'A container for one or more replication rules. - A replication configuration must have at least one rule - and can contain a maximum of 1,000 rules. ' - type: object - required: - - ReplicationConfiguration - type: object - required: true - responses: - '200': - description: Success - /?requestPayment: - get: - description:

Returns the request payment configuration of a bucket. To use - this version of the operation, you must be the bucket owner. For more information, - see Requester - Pays Buckets.

The following operations are related to GetBucketRequestPayment:

- - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTrequestPaymentGET.html - operationId: GetBucketRequestPayment - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: requestPayment - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketRequestPaymentOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

Sets the request payment configuration for a bucket. By default, - the bucket owner pays for downloads from the bucket. This configuration parameter - enables the bucket owner (only) to specify that the person requesting the - download will be charged for the download. For more information, see Requester - Pays Buckets.

The following operations are related to PutBucketRequestPayment:

- - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTrequestPaymentPUT.html - operationId: PutBucketRequestPayment - parameters: - - description:

The base64-encoded 128-bit MD5 digest of the data. You must - use this header as a message integrity check to verify that the request - body was not corrupted in transit. For more information, see RFC - 1864.

For requests made using the Amazon Web Services Command - Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated - automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: requestPayment - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - RequestPaymentConfiguration: - description: Container for Payer. - properties: - Payer: - allOf: - - $ref: '#/components/schemas/Payer' - - description: Specifies who pays for the download and request - fees. - type: object - required: - - RequestPaymentConfiguration - type: object - required: true - responses: - '200': - description: Success - /?tagging: - delete: - description:

Deletes the tags from the bucket.

To use this operation, - you must have permission to perform the s3:PutBucketTagging action. - By default, the bucket owner has this permission and can grant this permission - to others.

The following operations are related to DeleteBucketTagging:

- - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETEtagging.html - operationId: DeleteBucketTagging - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: tagging - required: true - schema: - enum: - - true - type: boolean - responses: - '204': - description: Success - get: - description: '

Returns the tag set associated with the bucket.

To use - this operation, you must have permission to perform the s3:GetBucketTagging - action. By default, the bucket owner has this permission and can grant this - permission to others.

GetBucketTagging has the following - special error:

  • Error code: NoSuchTagSet

    -

    • Description: There is no tag set associated with the bucket.

      -

The following operations are related to GetBucketTagging:

- ' - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETtagging.html - operationId: GetBucketTagging - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: tagging - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketTaggingOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description: '

Sets the tags for a bucket.

Use tags to organize your - Amazon Web Services bill to reflect your own cost structure. To do this, sign - up to get your Amazon Web Services account bill with tag key values included. - Then, to see the cost of combined resources, organize your billing information - according to resources with the same tag key values. For example, you can - tag several resources with a specific application name, and then organize - your billing information to see the total cost of that application across - several services. For more information, see Cost - Allocation and Tagging and Using - Cost Allocation in Amazon S3 Bucket Tags.

When this operation - sets the tags for a bucket, it will overwrite any current tags the bucket - already has. You cannot use this operation to add tags to an existing list - of tags.

To use this operation, you must have permissions to - perform the s3:PutBucketTagging action. The bucket owner has - this permission by default and can grant this permission to others. For more - information about permissions, see Permissions - Related to Bucket Subresource Operations and Managing - Access Permissions to Your Amazon S3 Resources.

PutBucketTagging - has the following special errors:

  • Error code: InvalidTagError -

    -

  • Error code: MalformedXMLError

    • Description: - The XML provided does not match the schema.

  • Error - code: OperationAbortedError

    • Description: A - conflicting conditional action is currently in progress against this resource. - Please try again.

  • Error code: InternalError -

    • Description: The service was unable to apply the provided - tag to the bucket.

The following operations - are related to PutBucketTagging:

' - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTtagging.html - operationId: PutBucketTagging - parameters: - - description:

The base64-encoded 128-bit MD5 digest of the data. You must - use this header as a message integrity check to verify that the request - body was not corrupted in transit. For more information, see RFC - 1864.

For requests made using the Amazon Web Services Command - Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated - automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: tagging - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - Tagging: - description: Container for TagSet elements. - properties: - TagSet: - allOf: - - $ref: '#/components/schemas/TagSet' - - description: A collection for a set of tags - type: object - required: - - Tagging - type: object - required: true - responses: - '200': - description: Success - /?uploads: - get: - description:

This action lists in-progress multipart uploads. An in-progress - multipart upload is a multipart upload that has been initiated using the Initiate - Multipart Upload request, but has not yet been completed or aborted.

This - action returns at most 1,000 multipart uploads in the response. 1,000 multipart - uploads is the maximum number of uploads a response can include, which is - also the default value. You can further limit the number of uploads in a response - by specifying the max-uploads parameter in the response. If additional - multipart uploads satisfy the list criteria, the response will contain an - IsTruncated element with the value true. To list the additional - multipart uploads, use the key-marker and upload-id-marker - request parameters.

In the response, the uploads are sorted by key. - If your application has initiated more than one multipart upload using the - same object key, then uploads in the response are first sorted by key. Additionally, - uploads are sorted in ascending order within each key by the upload initiation - time.

For more information on multipart uploads, see Uploading - Objects Using Multipart Upload.

For information on permissions - required to use the multipart upload API, see Multipart - Upload and Permissions.

The following operations are related to - ListMultipartUploads:

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadListMPUpload.html - operationId: ListMultipartUploads - parameters: - - description:

Character you use to group keys.

All keys that contain - the same string between the prefix, if specified, and the first occurrence - of the delimiter after the prefix are grouped under a single result element, - CommonPrefixes. If you don't specify the prefix parameter, - then the substring starts at the beginning of the key. The keys that are - grouped under CommonPrefixes result element are not returned - elsewhere in the response.

- in: query - name: delimiter - required: false - schema: - type: string - - description: '' - in: query - name: encoding-type - required: false - schema: - description: Requests Amazon S3 to encode the object keys in the response - and specifies the encoding method to use. An object key may contain any - Unicode character; however, XML 1.0 parser cannot parse some characters, - such as characters with an ASCII value from 0 to 10. For characters that - are not supported in XML 1.0, you can add this parameter to request that - Amazon S3 encode the keys in the response. - enum: - - url - type: string - - description:

Together with upload-id-marker, this parameter specifies the - multipart upload after which listing should begin.

If upload-id-marker - is not specified, only the keys lexicographically greater than the specified - key-marker will be included in the list.

If upload-id-marker - is specified, any multipart uploads for a key equal to the key-marker - might also be included, provided those multipart uploads have upload IDs - lexicographically greater than the specified upload-id-marker.

- in: query - name: key-marker - required: false - schema: - type: string - - description: Sets the maximum number of multipart uploads, from 1 to 1,000, - to return in the response body. 1,000 is the maximum number of uploads that - can be returned in a response. - in: query - name: max-uploads - required: false - schema: - type: integer - - description: Lists in-progress uploads only for those keys that begin with - the specified prefix. You can use prefixes to separate a bucket into different - grouping of keys. (You can think of using prefix to make groups in the same - way you'd use a folder in a file system.) - in: query - name: prefix - required: false - schema: - type: string - - description: Together with key-marker, specifies the multipart upload after - which listing should begin. If key-marker is not specified, the upload-id-marker - parameter is ignored. Otherwise, any multipart uploads for a key equal to - the key-marker might be included in the list only if they have an upload - ID lexicographically greater than the specified upload-id-marker. - in: query - name: upload-id-marker - required: false - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description: Pagination limit - in: query - name: MaxUploads - required: false - schema: - type: string - - description: Pagination token - in: query - name: KeyMarker - required: false - schema: - type: string - - description: Pagination token - in: query - name: UploadIdMarker - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: uploads - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/ListMultipartUploadsOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - /?versioning: - get: - description:

Returns the versioning state of a bucket.

To retrieve - the versioning state of a bucket, you must be the bucket owner.

This - implementation also returns the MFA Delete status of the versioning state. - If the MFA Delete status is enabled, the bucket owner must use - an authentication device to change the versioning state of the bucket.

-

The following operations are related to GetBucketVersioning:

- - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETversioningStatus.html - operationId: GetBucketVersioning - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: versioning - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketVersioningOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description: "

Sets the versioning state of an existing bucket.

You\ - \ can set the versioning state with one of the following values:

Enabled\u2014\ - Enables versioning for the objects in the bucket. All objects added to the\ - \ bucket receive a unique version ID.

Suspended\u2014Disables\ - \ versioning for the objects in the bucket. All objects added to the bucket\ - \ receive the version ID null.

If the versioning state has never been\ - \ set on a bucket, it has no versioning state; a GetBucketVersioning request does not return a versioning state value.

\ - \

In order to enable MFA Delete, you must be the bucket owner. If you are\ - \ the bucket owner and want to enable MFA Delete in the bucket versioning\ - \ configuration, you must include the x-amz-mfa request header\ - \ and the Status and the MfaDelete request elements\ - \ in a request to set the versioning state of the bucket.

\ - \

If you have an object expiration lifecycle policy in your non-versioned\ - \ bucket and you want to maintain the same permanent delete behavior when\ - \ you enable versioning, you must add a noncurrent expiration policy. The\ - \ noncurrent expiration lifecycle policy will manage the deletes of the noncurrent\ - \ object versions in the version-enabled bucket. (A version-enabled bucket\ - \ maintains one current and zero or more noncurrent object versions.) For\ - \ more information, see Lifecycle and Versioning.

Related\ - \ Resources

" - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html - operationId: PutBucketVersioning - parameters: - - description:

>The base64-encoded 128-bit MD5 digest of the data. You - must use this header as a message integrity check to verify that the request - body was not corrupted in transit. For more information, see RFC - 1864.

For requests made using the Amazon Web Services Command - Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated - automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The concatenation of the authentication device's serial number, - a space, and the value that is displayed on your authentication device. - in: header - name: x-amz-mfa - required: false - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: versioning - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - VersioningConfiguration: - description: Describes the versioning state of an Amazon S3 bucket. - For more information, see PUT - Bucket versioning in the Amazon S3 API Reference. - properties: - MfaDelete: - allOf: - - $ref: '#/components/schemas/MFADelete' - - description: Specifies whether MFA delete is enabled in the - bucket versioning configuration. This element is only returned - if the bucket has been configured with MFA delete. If the - bucket has never been so configured, this element is not - returned. - Status: - allOf: - - $ref: '#/components/schemas/BucketVersioningStatus' - - description: The versioning state of the bucket. - type: object - required: - - VersioningConfiguration - type: object - required: true - responses: - '200': - description: Success - /?versions: - get: - description:

Returns metadata about all versions of the objects in a bucket. - You can also use request parameters as selection criteria to return metadata - about a subset of all the object versions.

To use this - operation, you must have permissions to perform the s3:ListBucketVersions - action. Be aware of the name difference.

A 200 - OK response can contain valid or invalid XML. Make sure to design your application - to parse the contents of the response and handle it appropriately.

 -

To use this operation, you must have READ access to the bucket.

This - action is not supported by Amazon S3 on Outposts.

The following operations - are related to ListObjectVersions:

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETVersion.html - operationId: ListObjectVersions - parameters: - - description: A delimiter is a character that you specify to group keys. All - keys that contain the same string between the prefix and the - first occurrence of the delimiter are grouped under a single result element - in CommonPrefixes. These groups are counted as one result against the max-keys - limitation. These keys are not returned elsewhere in the response. - in: query - name: delimiter - required: false - schema: - type: string - - description: '' - in: query - name: encoding-type - required: false - schema: - description: Requests Amazon S3 to encode the object keys in the response - and specifies the encoding method to use. An object key may contain any - Unicode character; however, XML 1.0 parser cannot parse some characters, - such as characters with an ASCII value from 0 to 10. For characters that - are not supported in XML 1.0, you can add this parameter to request that - Amazon S3 encode the keys in the response. - enum: - - url - type: string - - description: Specifies the key to start with when listing objects in a bucket. - in: query - name: key-marker - required: false - schema: - type: string - - description: Sets the maximum number of keys returned in the response. By - default the action returns up to 1,000 key names. The response might contain - fewer keys but will never contain more. If additional keys satisfy the search - criteria, but were not returned because max-keys was exceeded, the response - contains <isTruncated>true</isTruncated>. To return the additional - keys, see key-marker and version-id-marker. - in: query - name: max-keys - required: false - schema: - type: integer - - description: 'Use this parameter to select only those keys that begin with - the specified prefix. You can use prefixes to separate a bucket into different - groupings of keys. (You can think of using prefix to make groups in the - same way you''d use a folder in a file system.) You can use prefix with - delimiter to roll up numerous objects into a single result under CommonPrefixes. ' - in: query - name: prefix - required: false - schema: - type: string - - description: Specifies the object version you want to start listing from. - in: query - name: version-id-marker - required: false - schema: - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - description: Pagination limit - in: query - name: MaxKeys - required: false - schema: - type: string - - description: Pagination token - in: query - name: KeyMarker - required: false - schema: - type: string - - description: Pagination token - in: query - name: VersionIdMarker - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: versions - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/ListObjectVersionsOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - /?website: - delete: - description:

This action removes the website configuration for a bucket. - Amazon S3 returns a 200 OK response upon successfully deleting - a website configuration on the specified bucket. You will get a 200 - OK response if the website configuration you are trying to delete does - not exist on the bucket. Amazon S3 returns a 404 response if - the bucket specified in the request does not exist.

This DELETE action - requires the S3:DeleteBucketWebsite permission. By default, only - the bucket owner can delete the website configuration attached to a bucket. - However, bucket owners can grant other users permission to delete the website - configuration by writing a bucket policy granting them the S3:DeleteBucketWebsite - permission.

For more information about hosting websites, see Hosting - Websites on Amazon S3.

The following operations are related to - DeleteBucketWebsite:

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETEwebsite.html - operationId: DeleteBucketWebsite - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: website - required: true - schema: - enum: - - true - type: boolean - responses: - '204': - description: Success - get: - description:

Returns the website configuration for a bucket. To host website - on Amazon S3, you can configure a bucket as website by adding a website configuration. - For more information about hosting websites, see Hosting - Websites on Amazon S3.

This GET action requires the S3:GetBucketWebsite - permission. By default, only the bucket owner can read the bucket website - configuration. However, bucket owners can allow other users to read the website - configuration by writing a bucket policy granting them the S3:GetBucketWebsite - permission.

The following operations are related to DeleteBucketWebsite:

- - externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETwebsite.html - operationId: GetBucketWebsite - parameters: - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: website - required: true - schema: - enum: - - true - type: boolean - responses: - '200': - content: - text/xml: - schema: - $ref: '#/components/schemas/GetBucketWebsiteOutput' - description: Success - parameters: - - $ref: '#/components/parameters/x-amz-security-token' - put: - description:

Sets the configuration of the website that is specified in the - website subresource. To configure a bucket as a website, you - can add this subresource on the bucket with website configuration information - such as the file name of the index document and any redirect rules. For more - information, see Hosting - Websites on Amazon S3.

This PUT action requires the S3:PutBucketWebsite - permission. By default, only the bucket owner can configure the website attached - to a bucket; however, bucket owners can allow other users to set the website - configuration by writing a bucket policy that grants them the S3:PutBucketWebsite - permission.

To redirect all website requests sent to the bucket's website - endpoint, you add a website configuration with the following elements. Because - all requests are sent to another website, you don't need to provide index - document name for the bucket.

  • WebsiteConfiguration -

  • RedirectAllRequestsTo

  • - HostName

  • Protocol

    • -

If you want granular control over redirects, you can use the following - elements to add routing rules that describe conditions for redirecting requests - and information about the redirect destination. In this case, the website - configuration must provide an index document for the bucket, because some - requests might not be redirected.

  • WebsiteConfiguration -

  • IndexDocument

  • Suffix -

  • ErrorDocument

  • Key -

  • RoutingRules

  • RoutingRule -

  • Condition

  • HttpErrorCodeReturnedEquals -

  • KeyPrefixEquals

  • Redirect -

  • Protocol

  • HostName -

  • ReplaceKeyPrefixWith

  • - ReplaceKeyWith

  • HttpRedirectCode -

Amazon S3 has a limitation of 50 routing rules per website - configuration. If you require more than 50 routing rules, you can use object - redirect. For more information, see Configuring - an Object Redirect in the Amazon S3 User Guide.

- externalDocs: - url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTwebsite.html - operationId: PutBucketWebsite - parameters: - - description:

The base64-encoded 128-bit MD5 digest of the data. You must - use this header as a message integrity check to verify that the request - body was not corrupted in transit. For more information, see RFC - 1864.

For requests made using the Amazon Web Services Command - Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated - automatically.

- in: header - name: Content-MD5 - required: false - schema: - type: string - - description:

Indicates the algorithm used to create the checksum for the - object when using the SDK. This header will not provide any additional functionality - if not using the SDK. When sending this header, there must be a corresponding - x-amz-checksum or x-amz-trailer header sent. Otherwise, - Amazon S3 fails the request with the HTTP status code 400 Bad Request. - For more information, see Checking - object integrity in the Amazon S3 User Guide.

If you provide - an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - parameter.

- in: header - name: x-amz-sdk-checksum-algorithm - required: false - schema: - enum: - - CRC32 - - CRC32C - - SHA1 - - SHA256 - type: string - - description: The account ID of the expected bucket owner. If the bucket is - owned by a different account, the request fails with the HTTP status code - 403 Forbidden (access denied). - in: header - name: x-amz-expected-bucket-owner - required: false - schema: - type: string - - allowEmptyValue: true - in: query - name: website - required: true - schema: - enum: - - true - type: boolean - requestBody: - content: - text/xml: - schema: - properties: - WebsiteConfiguration: - description: Specifies website configuration parameters for an Amazon - S3 bucket. - properties: - ErrorDocument: - allOf: - - $ref: '#/components/schemas/ErrorDocument' - - description: The name of the error document for the website. - IndexDocument: - allOf: - - $ref: '#/components/schemas/IndexDocument' - - description: The name of the index document for the website. - RedirectAllRequestsTo: - allOf: - - $ref: '#/components/schemas/RedirectAllRequestsTo' - - description:

The redirect behavior for every request to - this bucket's website endpoint.

If you - specify this property, you can't specify any other property.

- - RoutingRules: - allOf: - - $ref: '#/components/schemas/RoutingRules' - - description: Rules that define when a redirect is applied - and the redirect behavior. - type: object - required: - - WebsiteConfiguration - type: object - required: true - responses: - '200': - description: Success -security: -- hmac: [] -servers: -- description: The Amazon S3 multi-region endpoint - url: https://{bucket}.s3.{region}.amazonaws.com - variables: + Tags: + description: A set of tags (key-value pairs) for this Amazon S3 Storage Lens Group. + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - Filter + x-stackql-resource-name: storage_lens_group + description: The AWS::S3::StorageLensGroup resource is an Amazon S3 resource type that you can use to create Storage Lens Group. + x-type-name: AWS::S3::StorageLensGroup + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - StorageLensGroupArn + x-required-properties: + - Name + - Filter + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - s3:CreateStorageLensGroup + - s3:GetStorageLensGroup + - s3:TagResource + - s3:ListTagsForResource + read: + - s3:GetStorageLensGroup + - s3:ListTagsForResource + update: + - s3:GetStorageLensGroup + - s3:UpdateStorageLensGroup + - s3:TagResource + - s3:UntagResource + - s3:ListTagsForResource + delete: + - s3:DeleteStorageLensGroup + list: + - s3:ListStorageLensGroups + x-stackQL-resources: + access_grants: + name: access_grants + id: aws.s3.access_grants + x-cfn-schema-name: AccessGrant + x-type: list + x-identifiers: + - AccessGrantId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccessGrantId') as access_grant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::AccessGrant' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccessGrantId') as access_grant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::AccessGrant' + AND region = 'us-east-1' + access_grant: + name: access_grant + id: aws.s3.access_grant + x-cfn-schema-name: AccessGrant + x-type: get + x-identifiers: + - AccessGrantId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccessGrantId') as access_grant_id, + JSON_EXTRACT(Properties, '$.AccessGrantsLocationId') as access_grants_location_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Permission') as permission, + JSON_EXTRACT(Properties, '$.ApplicationArn') as application_arn, + JSON_EXTRACT(Properties, '$.S3PrefixType') as s3_prefix_type, + JSON_EXTRACT(Properties, '$.GrantScope') as grant_scope, + JSON_EXTRACT(Properties, '$.AccessGrantArn') as access_grant_arn, + JSON_EXTRACT(Properties, '$.Grantee') as grantee, + JSON_EXTRACT(Properties, '$.AccessGrantsLocationConfiguration') as access_grants_location_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::AccessGrant' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccessGrantId') as access_grant_id, + json_extract_path_text(Properties, 'AccessGrantsLocationId') as access_grants_location_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Permission') as permission, + json_extract_path_text(Properties, 'ApplicationArn') as application_arn, + json_extract_path_text(Properties, 'S3PrefixType') as s3_prefix_type, + json_extract_path_text(Properties, 'GrantScope') as grant_scope, + json_extract_path_text(Properties, 'AccessGrantArn') as access_grant_arn, + json_extract_path_text(Properties, 'Grantee') as grantee, + json_extract_path_text(Properties, 'AccessGrantsLocationConfiguration') as access_grants_location_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::AccessGrant' + AND data__Identifier = '' + AND region = 'us-east-1' + access_grants_instances: + name: access_grants_instances + id: aws.s3.access_grants_instances + x-cfn-schema-name: AccessGrantsInstance + x-type: list + x-identifiers: + - AccessGrantsInstanceArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccessGrantsInstanceArn') as access_grants_instance_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::AccessGrantsInstance' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccessGrantsInstanceArn') as access_grants_instance_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::AccessGrantsInstance' + AND region = 'us-east-1' + access_grants_instance: + name: access_grants_instance + id: aws.s3.access_grants_instance + x-cfn-schema-name: AccessGrantsInstance + x-type: get + x-identifiers: + - AccessGrantsInstanceArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccessGrantsInstanceArn') as access_grants_instance_arn, + JSON_EXTRACT(Properties, '$.IdentityCenterArn') as identity_center_arn, + JSON_EXTRACT(Properties, '$.AccessGrantsInstanceId') as access_grants_instance_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::AccessGrantsInstance' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccessGrantsInstanceArn') as access_grants_instance_arn, + json_extract_path_text(Properties, 'IdentityCenterArn') as identity_center_arn, + json_extract_path_text(Properties, 'AccessGrantsInstanceId') as access_grants_instance_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::AccessGrantsInstance' + AND data__Identifier = '' + AND region = 'us-east-1' + access_grants_locations: + name: access_grants_locations + id: aws.s3.access_grants_locations + x-cfn-schema-name: AccessGrantsLocation + x-type: list + x-identifiers: + - AccessGrantsLocationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccessGrantsLocationId') as access_grants_location_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::AccessGrantsLocation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccessGrantsLocationId') as access_grants_location_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::AccessGrantsLocation' + AND region = 'us-east-1' + access_grants_location: + name: access_grants_location + id: aws.s3.access_grants_location + x-cfn-schema-name: AccessGrantsLocation + x-type: get + x-identifiers: + - AccessGrantsLocationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccessGrantsLocationArn') as access_grants_location_arn, + JSON_EXTRACT(Properties, '$.AccessGrantsLocationId') as access_grants_location_id, + JSON_EXTRACT(Properties, '$.IamRoleArn') as iam_role_arn, + JSON_EXTRACT(Properties, '$.LocationScope') as location_scope, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::AccessGrantsLocation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccessGrantsLocationArn') as access_grants_location_arn, + json_extract_path_text(Properties, 'AccessGrantsLocationId') as access_grants_location_id, + json_extract_path_text(Properties, 'IamRoleArn') as iam_role_arn, + json_extract_path_text(Properties, 'LocationScope') as location_scope, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::AccessGrantsLocation' + AND data__Identifier = '' + AND region = 'us-east-1' + access_points: + name: access_points + id: aws.s3.access_points + x-cfn-schema-name: AccessPoint + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::AccessPoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::AccessPoint' + AND region = 'us-east-1' + access_point: + name: access_point + id: aws.s3.access_point + x-cfn-schema-name: AccessPoint + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Alias') as alias, + JSON_EXTRACT(Properties, '$.Bucket') as bucket, + JSON_EXTRACT(Properties, '$.BucketAccountId') as bucket_account_id, + JSON_EXTRACT(Properties, '$.VpcConfiguration') as vpc_configuration, + JSON_EXTRACT(Properties, '$.PublicAccessBlockConfiguration') as public_access_block_configuration, + JSON_EXTRACT(Properties, '$.Policy') as policy, + JSON_EXTRACT(Properties, '$.NetworkOrigin') as network_origin, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::AccessPoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Alias') as alias, + json_extract_path_text(Properties, 'Bucket') as bucket, + json_extract_path_text(Properties, 'BucketAccountId') as bucket_account_id, + json_extract_path_text(Properties, 'VpcConfiguration') as vpc_configuration, + json_extract_path_text(Properties, 'PublicAccessBlockConfiguration') as public_access_block_configuration, + json_extract_path_text(Properties, 'Policy') as policy, + json_extract_path_text(Properties, 'NetworkOrigin') as network_origin, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::AccessPoint' + AND data__Identifier = '' + AND region = 'us-east-1' + buckets: + name: buckets + id: aws.s3.buckets + x-cfn-schema-name: Bucket + x-type: list + x-identifiers: + - BucketName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.BucketName') as bucket_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::Bucket' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'BucketName') as bucket_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::Bucket' + AND region = 'us-east-1' bucket: - default: rubbish-bucket - region: - default: us-east-2 - description: The AWS region - enum: - - us-east-2 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-east-1 - - ap-south-1 - - me-south-1 + name: bucket + id: aws.s3.bucket + x-cfn-schema-name: Bucket + x-type: get + x-identifiers: + - BucketName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccelerateConfiguration') as accelerate_configuration, + JSON_EXTRACT(Properties, '$.AccessControl') as access_control, + JSON_EXTRACT(Properties, '$.AnalyticsConfigurations') as analytics_configurations, + JSON_EXTRACT(Properties, '$.BucketEncryption') as bucket_encryption, + JSON_EXTRACT(Properties, '$.BucketName') as bucket_name, + JSON_EXTRACT(Properties, '$.CorsConfiguration') as cors_configuration, + JSON_EXTRACT(Properties, '$.IntelligentTieringConfigurations') as intelligent_tiering_configurations, + JSON_EXTRACT(Properties, '$.InventoryConfigurations') as inventory_configurations, + JSON_EXTRACT(Properties, '$.LifecycleConfiguration') as lifecycle_configuration, + JSON_EXTRACT(Properties, '$.LoggingConfiguration') as logging_configuration, + JSON_EXTRACT(Properties, '$.MetricsConfigurations') as metrics_configurations, + JSON_EXTRACT(Properties, '$.NotificationConfiguration') as notification_configuration, + JSON_EXTRACT(Properties, '$.ObjectLockConfiguration') as object_lock_configuration, + JSON_EXTRACT(Properties, '$.ObjectLockEnabled') as object_lock_enabled, + JSON_EXTRACT(Properties, '$.OwnershipControls') as ownership_controls, + JSON_EXTRACT(Properties, '$.PublicAccessBlockConfiguration') as public_access_block_configuration, + JSON_EXTRACT(Properties, '$.ReplicationConfiguration') as replication_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VersioningConfiguration') as versioning_configuration, + JSON_EXTRACT(Properties, '$.WebsiteConfiguration') as website_configuration, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.DualStackDomainName') as dual_stack_domain_name, + JSON_EXTRACT(Properties, '$.RegionalDomainName') as regional_domain_name, + SPLIT_PART(SPLIT_PART(JSON_EXTRACT(Properties, '$.RegionalDomainName'), '.s3.', 2), '.', 1) as bucket_location, + JSON_EXTRACT(Properties, '$.WebsiteURL') as website_url + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::Bucket' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccelerateConfiguration') as accelerate_configuration, + json_extract_path_text(Properties, 'AccessControl') as access_control, + json_extract_path_text(Properties, 'AnalyticsConfigurations') as analytics_configurations, + json_extract_path_text(Properties, 'BucketEncryption') as bucket_encryption, + json_extract_path_text(Properties, 'BucketName') as bucket_name, + json_extract_path_text(Properties, 'CorsConfiguration') as cors_configuration, + json_extract_path_text(Properties, 'IntelligentTieringConfigurations') as intelligent_tiering_configurations, + json_extract_path_text(Properties, 'InventoryConfigurations') as inventory_configurations, + json_extract_path_text(Properties, 'LifecycleConfiguration') as lifecycle_configuration, + json_extract_path_text(Properties, 'LoggingConfiguration') as logging_configuration, + json_extract_path_text(Properties, 'MetricsConfigurations') as metrics_configurations, + json_extract_path_text(Properties, 'NotificationConfiguration') as notification_configuration, + json_extract_path_text(Properties, 'ObjectLockConfiguration') as object_lock_configuration, + json_extract_path_text(Properties, 'ObjectLockEnabled') as object_lock_enabled, + json_extract_path_text(Properties, 'OwnershipControls') as ownership_controls, + json_extract_path_text(Properties, 'PublicAccessBlockConfiguration') as public_access_block_configuration, + json_extract_path_text(Properties, 'ReplicationConfiguration') as replication_configuration, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VersioningConfiguration') as versioning_configuration, + json_extract_path_text(Properties, 'WebsiteConfiguration') as website_configuration, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'DualStackDomainName') as dual_stack_domain_name, + json_extract_path_text(Properties, 'RegionalDomainName') as regional_domain_name, + SPLIT_PART(SPLIT_PART(json_extract_path_text(Properties, 'RegionalDomainName'), '.s3.', 2), '.', 1) as bucket_location, + json_extract_path_text(Properties, 'WebsiteURL') as website_url + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::Bucket' + AND data__Identifier = '' + AND region = 'us-east-1' + bucket_policies: + name: bucket_policies + id: aws.s3.bucket_policies + x-cfn-schema-name: BucketPolicy + x-type: list + x-identifiers: + - Bucket + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Bucket') as bucket + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::BucketPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Bucket') as bucket + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::BucketPolicy' + AND region = 'us-east-1' + bucket_policy: + name: bucket_policy + id: aws.s3.bucket_policy + x-cfn-schema-name: BucketPolicy + x-type: get + x-identifiers: + - Bucket + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Bucket') as bucket, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::BucketPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Bucket') as bucket, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::BucketPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + multi_region_access_points: + name: multi_region_access_points + id: aws.s3.multi_region_access_points + x-cfn-schema-name: MultiRegionAccessPoint + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::MultiRegionAccessPoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::MultiRegionAccessPoint' + AND region = 'us-east-1' + multi_region_access_point: + name: multi_region_access_point + id: aws.s3.multi_region_access_point + x-cfn-schema-name: MultiRegionAccessPoint + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Alias') as alias, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.PublicAccessBlockConfiguration') as public_access_block_configuration, + JSON_EXTRACT(Properties, '$.Regions') as regions + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::MultiRegionAccessPoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Alias') as alias, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'PublicAccessBlockConfiguration') as public_access_block_configuration, + json_extract_path_text(Properties, 'Regions') as regions + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::MultiRegionAccessPoint' + AND data__Identifier = '' + AND region = 'us-east-1' + multi_region_access_point_policies: + name: multi_region_access_point_policies + id: aws.s3.multi_region_access_point_policies + x-cfn-schema-name: MultiRegionAccessPointPolicy + x-type: list + x-identifiers: + - MrapName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.MrapName') as mrap_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::MultiRegionAccessPointPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'MrapName') as mrap_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::MultiRegionAccessPointPolicy' + AND region = 'us-east-1' + multi_region_access_point_policy: + name: multi_region_access_point_policy + id: aws.s3.multi_region_access_point_policy + x-cfn-schema-name: MultiRegionAccessPointPolicy + x-type: get + x-identifiers: + - MrapName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.MrapName') as mrap_name, + JSON_EXTRACT(Properties, '$.Policy') as policy, + JSON_EXTRACT(Properties, '$.PolicyStatus') as policy_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::MultiRegionAccessPointPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'MrapName') as mrap_name, + json_extract_path_text(Properties, 'Policy') as policy, + json_extract_path_text(Properties, 'PolicyStatus') as policy_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::MultiRegionAccessPointPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + storage_lens: + name: storage_lens + id: aws.s3.storage_lens + x-cfn-schema-name: StorageLens + x-type: get + x-identifiers: + - StorageLensConfiguration/Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.StorageLensConfiguration') as storage_lens_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::StorageLens' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'StorageLensConfiguration') as storage_lens_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::StorageLens' + AND data__Identifier = '' + AND region = 'us-east-1' + storage_lens_groups: + name: storage_lens_groups + id: aws.s3.storage_lens_groups + x-cfn-schema-name: StorageLensGroup + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::StorageLensGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3::StorageLensGroup' + AND region = 'us-east-1' + storage_lens_group: + name: storage_lens_group + id: aws.s3.storage_lens_group + x-cfn-schema-name: StorageLensGroup + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Filter') as filter, + JSON_EXTRACT(Properties, '$.StorageLensGroupArn') as storage_lens_group_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::StorageLensGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Filter') as filter, + json_extract_path_text(Properties, 'StorageLensGroupArn') as storage_lens_group_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3::StorageLensGroup' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/s3_api.yaml b/providers/src/aws/v00.00.00000/services/s3_api.yaml new file mode 100644 index 00000000..ba40b67a --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/s3_api.yaml @@ -0,0 +1,17160 @@ +components: + parameters: + x-amz-security-token: + in: header + name: x-amz-security-token + required: false + schema: + type: string + schemas: + AbortDate: + format: date-time + type: string + AbortIncompleteMultipartUpload: + description: Specifies the days since the initiation of an incomplete multipart + upload that Amazon S3 will wait before permanently removing all parts of the + upload. For more information, see + Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy + in the Amazon S3 User Guide. + properties: + DaysAfterInitiation: + allOf: + - $ref: '#/components/schemas/DaysAfterInitiation' + - description: Specifies the number of days after which Amazon S3 aborts + an incomplete multipart upload. + type: object + AbortMultipartUploadOutput: + example: {} + properties: {} + type: object + AbortMultipartUploadRequest: + properties: {} + required: + - Bucket + - Key + - UploadId + title: AbortMultipartUploadRequest + type: object + AbortRuleId: + type: string + AccelerateConfiguration: + description: Configures the transfer acceleration state for an Amazon S3 bucket. + For more information, see Amazon + S3 Transfer Acceleration in the Amazon S3 User Guide. + properties: + Status: + allOf: + - $ref: '#/components/schemas/BucketAccelerateStatus' + - description: Specifies the transfer acceleration status of the bucket. + type: object + AcceptRanges: + type: string + AccessControlPolicy: + description: Contains the elements that set the ACL permissions for an object + per grantee. + properties: + AccessControlList: + allOf: + - $ref: '#/components/schemas/Grants' + - description: A list of grants. + Owner: + allOf: + - $ref: '#/components/schemas/Owner' + - description: Container for the bucket owner's display name and ID. + type: object + AccessControlTranslation: + description: A container for information about access control for replicas. + properties: + Owner: + allOf: + - $ref: '#/components/schemas/OwnerOverride' + - description: Specifies the replica ownership. For default and valid values, + see PUT + bucket replication in the Amazon S3 API Reference. + required: + - Owner + type: object + AccessPointArn: + type: string + AccountId: + type: string + AllowQuotedRecordDelimiter: + type: boolean + AllowedHeader: + type: string + AllowedHeaders: + items: + $ref: '#/components/schemas/AllowedHeader' + type: array + xml: + wrapped: false + AllowedMethod: + type: string + AllowedMethods: + items: + $ref: '#/components/schemas/AllowedMethod' + type: array + xml: + wrapped: false + AllowedOrigin: + type: string + AllowedOrigins: + items: + $ref: '#/components/schemas/AllowedOrigin' + type: array + xml: + wrapped: false + AnalyticsAndOperator: + description: A conjunction (logical AND) of predicates, which is used in evaluating + a metrics filter. The operator must have at least two predicates in any combination, + and an object must match all of the predicates for the filter to apply. + properties: + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description: 'The prefix to use when evaluating an AND predicate: The + prefix that an object must have to be included in the metrics results.' + Tag: + allOf: + - $ref: '#/components/schemas/TagSet' + - description: The list of tags to use when evaluating an AND predicate. + type: object + xml: + wrapped: false + AnalyticsConfiguration: + description: Specifies the configuration and any analyses for the analytics + filter of an Amazon S3 bucket. + properties: + Filter: + allOf: + - $ref: '#/components/schemas/AnalyticsFilter' + - description: The filter used to describe a set of objects for analyses. + A filter must have exactly one prefix, one tag, or one conjunction (AnalyticsAndOperator). + If no filter is provided, all objects will be considered in any analysis. + Id: + allOf: + - $ref: '#/components/schemas/AnalyticsId' + - description: The ID that identifies the analytics configuration. + StorageClassAnalysis: + allOf: + - $ref: '#/components/schemas/StorageClassAnalysis' + - description: ' Contains data related to access patterns to be collected + and made available to analyze the tradeoffs between different storage + classes. ' + required: + - Id + - StorageClassAnalysis + type: object + AnalyticsConfigurationList: + items: + $ref: '#/components/schemas/AnalyticsConfiguration' + type: array + xml: + wrapped: false + AnalyticsExportDestination: + description: Where to publish the analytics results. + properties: + S3BucketDestination: + allOf: + - $ref: '#/components/schemas/AnalyticsS3BucketDestination' + - description: A destination signifying output to an S3 bucket. + required: + - S3BucketDestination + type: object + AnalyticsFilter: + description: The filter used to describe a set of objects for analyses. A filter + must have exactly one prefix, one tag, or one conjunction (AnalyticsAndOperator). + If no filter is provided, all objects will be considered in any analysis. + properties: + And: + allOf: + - $ref: '#/components/schemas/AnalyticsAndOperator' + - description: A conjunction (logical AND) of predicates, which is used + in evaluating an analytics filter. The operator must have at least two + predicates. + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description: The prefix to use when evaluating an analytics filter. + Tag: + allOf: + - $ref: '#/components/schemas/Tag' + - description: The tag to use when evaluating an analytics filter. + type: object + AnalyticsId: + type: string + AnalyticsS3BucketDestination: + description: Contains information about where to publish the analytics results. + properties: + Bucket: + allOf: + - $ref: '#/components/schemas/BucketName' + - description: The Amazon Resource Name (ARN) of the bucket to which data + is exported. + BucketAccountId: + allOf: + - $ref: '#/components/schemas/AccountId' + - description:

The account ID that owns the destination S3 bucket. If + no account ID is provided, the owner is not validated before exporting + data.

Although this value is optional, we strongly recommend + that you set it to help prevent problems if the destination bucket ownership + changes.

+ Format: + allOf: + - $ref: '#/components/schemas/AnalyticsS3ExportFileFormat' + - description: Specifies the file format used when exporting data to Amazon + S3. + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description: The prefix to use when exporting data. The prefix is prepended + to all results. + required: + - Format + - Bucket + type: object + AnalyticsS3ExportFileFormat: + enum: + - CSV + type: string + ArchiveStatus: + enum: + - ARCHIVE_ACCESS + - DEEP_ARCHIVE_ACCESS + type: string + Body: + type: string + Bucket: + description: ' In terms of implementation, a Bucket is a resource. An Amazon + S3 bucket name is globally unique, and the namespace is shared by all Amazon + Web Services accounts. ' + properties: + CreationDate: + allOf: + - $ref: '#/components/schemas/CreationDate' + - description: Date the bucket was created. This date can change when making + changes to your bucket, such as editing its bucket policy. + Name: + allOf: + - $ref: '#/components/schemas/BucketName' + - description: The name of the bucket. + type: object + BucketAccelerateStatus: + enum: + - Enabled + - Suspended + type: string + BucketAlreadyExists: {} + BucketAlreadyOwnedByYou: {} + BucketCannedACL: + enum: + - private + - public-read + - public-read-write + - authenticated-read + type: string + BucketKeyEnabled: + type: boolean + BucketLifecycleConfiguration: + description: Specifies the lifecycle configuration for objects in an Amazon + S3 bucket. For more information, see Object + Lifecycle Management in the Amazon S3 User Guide. + properties: + Rule: + allOf: + - $ref: '#/components/schemas/LifecycleRules' + - description: A lifecycle rule for individual objects in an Amazon S3 bucket. + required: + - Rules + type: object + BucketLocationConstraint: + enum: + - af-south-1 + - ap-east-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-south-1 + - ap-southeast-1 + - ap-southeast-2 + - ca-central-1 + - cn-north-1 + - cn-northwest-1 + - EU + - eu-central-1 + - eu-north-1 + - eu-south-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - me-south-1 + - sa-east-1 + - us-east-2 + - us-gov-east-1 + - us-gov-west-1 + - us-west-1 + - us-west-2 + type: string + BucketLoggingStatus: + description: Container for logging status information. + properties: + LoggingEnabled: + $ref: '#/components/schemas/LoggingEnabled' + type: object + BucketLogsPermission: + enum: + - FULL_CONTROL + - READ + - WRITE + type: string + BucketName: + type: string + BucketVersioningStatus: + enum: + - Enabled + - Suspended + type: string + Buckets: + items: + allOf: + - $ref: '#/components/schemas/Bucket' + - xml: + name: Bucket + type: array + BypassGovernanceRetention: + type: boolean + BytesProcessed: + type: integer + BytesReturned: + type: integer + BytesScanned: + type: integer + CORSConfiguration: + description: Describes the cross-origin access configuration for objects in + an Amazon S3 bucket. For more information, see Enabling + Cross-Origin Resource Sharing in the Amazon S3 User Guide. + properties: + CORSRule: + allOf: + - $ref: '#/components/schemas/CORSRules' + - description: A set of origins and methods (cross-origin access that you + want to allow). You can add up to 100 rules to the configuration. + required: + - CORSRules + type: object + CORSRule: + description: Specifies a cross-origin access rule for an Amazon S3 bucket. + properties: + AllowedHeader: + allOf: + - $ref: '#/components/schemas/AllowedHeaders' + - description: Headers that are specified in the Access-Control-Request-Headers + header. These headers are allowed in a preflight OPTIONS request. In + response to any preflight OPTIONS request, Amazon S3 returns any requested + headers that are allowed. + AllowedMethod: + allOf: + - $ref: '#/components/schemas/AllowedMethods' + - description: An HTTP method that you allow the origin to execute. Valid + values are GET, PUT, HEAD, POST, + and DELETE. + AllowedOrigin: + allOf: + - $ref: '#/components/schemas/AllowedOrigins' + - description: One or more origins you want customers to be able to access + the bucket from. + ExposeHeader: + allOf: + - $ref: '#/components/schemas/ExposeHeaders' + - description: One or more headers in the response that you want customers + to be able to access from their applications (for example, from a JavaScript + XMLHttpRequest object). + ID: + allOf: + - $ref: '#/components/schemas/ID' + - description: Unique identifier for the rule. The value cannot be longer + than 255 characters. + MaxAgeSeconds: + allOf: + - $ref: '#/components/schemas/MaxAgeSeconds' + - description: The time in seconds that your browser is to cache the preflight + response for the specified resource. + required: + - AllowedMethods + - AllowedOrigins + type: object + CORSRules: + items: + $ref: '#/components/schemas/CORSRule' + type: array + xml: + wrapped: false + CSVInput: + description: Describes how an uncompressed comma-separated values (CSV)-formatted + input object is formatted. + properties: + AllowQuotedRecordDelimiter: + allOf: + - $ref: '#/components/schemas/AllowQuotedRecordDelimiter' + - description: Specifies that CSV field values may contain quoted record + delimiters and such records should be allowed. Default value is FALSE. + Setting this value to TRUE may lower performance. + Comments: + allOf: + - $ref: '#/components/schemas/Comments' + - description: A single character used to indicate that a row should be + ignored when the character is present at the start of that row. You + can specify any character to indicate a comment line. + FieldDelimiter: + allOf: + - $ref: '#/components/schemas/FieldDelimiter' + - description: A single character used to separate individual fields in + a record. You can specify an arbitrary delimiter. + FileHeaderInfo: + allOf: + - $ref: '#/components/schemas/FileHeaderInfo' + - description: "

Describes the first line of input. Valid values are:

\ + \

  • NONE: First line is not a header.

    • \ + \

  • IGNORE: First line is a header, but you can't\ + \ use the header values to indicate the column in an expression. You\ + \ can use column position (such as _1, _2, \u2026) to indicate the column\ + \ (SELECT s._1 FROM OBJECT s).

  • Use:\ + \ First line is a header, and you can use the header value to identify\ + \ a column in an expression (SELECT \"name\" FROM OBJECT).\ + \

" + QuoteCharacter: + allOf: + - $ref: '#/components/schemas/QuoteCharacter' + - description: '

A single character used for escaping when the field delimiter + is part of the value. For example, if the value is a, b, + Amazon S3 wraps this field value in quotation marks, as follows: " + a , b ".

Type: String

Default: "

+

Ancestors: CSV

' + QuoteEscapeCharacter: + allOf: + - $ref: '#/components/schemas/QuoteEscapeCharacter' + - description: A single character used for escaping the quotation mark character + inside an already escaped value. For example, the value """ a + , b """ is parsed as " a , b ". + RecordDelimiter: + allOf: + - $ref: '#/components/schemas/RecordDelimiter' + - description: A single character used to separate individual records in + the input. Instead of the default value, you can specify an arbitrary + delimiter. + type: object + CSVOutput: + description: Describes how uncompressed comma-separated values (CSV)-formatted + results are formatted. + properties: + FieldDelimiter: + allOf: + - $ref: '#/components/schemas/FieldDelimiter' + - description: The value used to separate individual fields in a record. + You can specify an arbitrary delimiter. + QuoteCharacter: + allOf: + - $ref: '#/components/schemas/QuoteCharacter' + - description: 'A single character used for escaping when the field delimiter + is part of the value. For example, if the value is a, b, + Amazon S3 wraps this field value in quotation marks, as follows: " + a , b ".' + QuoteEscapeCharacter: + allOf: + - $ref: '#/components/schemas/QuoteEscapeCharacter' + - description: The single character used for escaping the quote character + inside an already escaped value. + QuoteFields: + allOf: + - $ref: '#/components/schemas/QuoteFields' + - description: '

Indicates whether to use quotation marks around output + fields.

  • ALWAYS: Always use quotation + marks for output fields.

  • ASNEEDED: Use + quotation marks for output fields when needed.

' + RecordDelimiter: + allOf: + - $ref: '#/components/schemas/RecordDelimiter' + - description: A single character used to separate individual records in + the output. Instead of the default value, you can specify an arbitrary + delimiter. + type: object + CacheControl: + type: string + Checksum: + description: Contains all the possible checksum or digest values for an object. + properties: + ChecksumCRC32: + allOf: + - $ref: '#/components/schemas/ChecksumCRC32' + - description: The base64-encoded, 32-bit CRC32 checksum of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumCRC32C: + allOf: + - $ref: '#/components/schemas/ChecksumCRC32C' + - description: The base64-encoded, 32-bit CRC32C checksum of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumSHA1: + allOf: + - $ref: '#/components/schemas/ChecksumSHA1' + - description: The base64-encoded, 160-bit SHA-1 digest of the object. This + will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumSHA256: + allOf: + - $ref: '#/components/schemas/ChecksumSHA256' + - description: The base64-encoded, 256-bit SHA-256 digest of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + type: object + ChecksumAlgorithm: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + ChecksumAlgorithmList: + items: + $ref: '#/components/schemas/ChecksumAlgorithm' + type: array + xml: + wrapped: false + ChecksumCRC32: + type: string + ChecksumCRC32C: + type: string + ChecksumMode: + enum: + - ENABLED + type: string + ChecksumSHA1: + type: string + ChecksumSHA256: + type: string + CloudFunction: + type: string + CloudFunctionConfiguration: + description: Container for specifying the Lambda notification configuration. + properties: + CloudFunction: + allOf: + - $ref: '#/components/schemas/CloudFunction' + - description: Lambda cloud function ARN that Amazon S3 can invoke when + it detects events of the specified type. + Event: + allOf: + - $ref: '#/components/schemas/EventList' + - description: Bucket events for which to send notifications. + Id: + $ref: '#/components/schemas/NotificationId' + InvocationRole: + allOf: + - $ref: '#/components/schemas/CloudFunctionInvocationRole' + - description: The role supporting the invocation of the Lambda function + type: object + CloudFunctionInvocationRole: + type: string + Code: + type: string + Comments: + type: string + CommonPrefix: + description: 'Container for all (if there are any) keys between Prefix and the + next occurrence of the string specified by a delimiter. CommonPrefixes lists + keys that act like subdirectories in the directory specified by Prefix. For + example, if the prefix is notes/ and the delimiter is a slash (/) as in notes/summer/july, + the common prefix is notes/summer/. ' + properties: + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description: Container for the specified common prefix. + type: object + CommonPrefixList: + items: + $ref: '#/components/schemas/CommonPrefix' + type: array + xml: + wrapped: false + CompleteMultipartUploadOutput: + example: + Bucket: acexamplebucket + ETag: '"4d9031c7644d8081c2829f4ea23c55f7-2"' + Key: bigobject + Location: https://examplebucket.s3..amazonaws.com/bigobject + properties: + Bucket: + allOf: + - $ref: '#/components/schemas/BucketName' + - description:

The name of the bucket that contains the newly created + object. Does not return the access point ARN or access point alias if + used.

When using this action with an access point, you must direct + requests to the access point hostname. The access point hostname takes + the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + When using this action with an access point through the Amazon Web Services + SDKs, you provide the access point ARN in place of the bucket name. + For more information about access point ARNs, see Using + access points in the Amazon S3 User Guide.

When using + this action with Amazon S3 on Outposts, you must direct requests to + the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + When using this action with S3 on Outposts through the Amazon Web Services + SDKs, you provide the Outposts bucket ARN in place of the bucket name. + For more information about S3 on Outposts ARNs, see Using + Amazon S3 on Outposts in the Amazon S3 User Guide.

+ ChecksumCRC32: + allOf: + - $ref: '#/components/schemas/ChecksumCRC32' + - description: The base64-encoded, 32-bit CRC32 checksum of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumCRC32C: + allOf: + - $ref: '#/components/schemas/ChecksumCRC32C' + - description: The base64-encoded, 32-bit CRC32C checksum of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumSHA1: + allOf: + - $ref: '#/components/schemas/ChecksumSHA1' + - description: The base64-encoded, 160-bit SHA-1 digest of the object. This + will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumSHA256: + allOf: + - $ref: '#/components/schemas/ChecksumSHA256' + - description: The base64-encoded, 256-bit SHA-256 digest of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ETag: + allOf: + - $ref: '#/components/schemas/ETag' + - description: Entity tag that identifies the newly created object's data. + Objects with different object data will have different entity tags. + The entity tag is an opaque string. The entity tag may or may not be + an MD5 digest of the object data. If the entity tag is not an MD5 digest + of the object data, it will contain one or more nonhexadecimal characters + and/or will consist of less than 32 or more than 32 hexadecimal digits. + For more information about how the entity tag is calculated, see Checking + object integrity in the Amazon S3 User Guide. + Key: + allOf: + - $ref: '#/components/schemas/ObjectKey' + - description: The object key of the newly created object. + Location: + allOf: + - $ref: '#/components/schemas/Location' + - description: The URI that identifies the newly created object. + type: object + CompleteMultipartUploadRequest: + properties: + CompleteMultipartUpload: + allOf: + - $ref: '#/components/schemas/CompletedMultipartUpload' + - description: The container for the multipart upload request information. + required: + - Bucket + - Key + - UploadId + title: CompleteMultipartUploadRequest + type: object + xml: + namespace: http://s3.amazonaws.com/doc/2006-03-01/ + CompletedMultipartUpload: + description: The container for the completed multipart upload details. + properties: + Part: + allOf: + - $ref: '#/components/schemas/CompletedPartList' + - description:

Array of CompletedPart data types.

If you do not + supply a valid Part with your request, the service sends + back an HTTP 400 response.

+ type: object + CompletedPart: + description: Details of the parts that were uploaded. + properties: + ChecksumCRC32: + allOf: + - $ref: '#/components/schemas/ChecksumCRC32' + - description: The base64-encoded, 32-bit CRC32 checksum of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumCRC32C: + allOf: + - $ref: '#/components/schemas/ChecksumCRC32C' + - description: The base64-encoded, 32-bit CRC32C checksum of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumSHA1: + allOf: + - $ref: '#/components/schemas/ChecksumSHA1' + - description: The base64-encoded, 160-bit SHA-1 digest of the object. This + will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumSHA256: + allOf: + - $ref: '#/components/schemas/ChecksumSHA256' + - description: The base64-encoded, 256-bit SHA-256 digest of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ETag: + allOf: + - $ref: '#/components/schemas/ETag' + - description: Entity tag returned when the part was uploaded. + PartNumber: + allOf: + - $ref: '#/components/schemas/PartNumber' + - description: Part number that identifies the part. This is a positive + integer between 1 and 10,000. + type: object + CompletedPartList: + items: + $ref: '#/components/schemas/CompletedPart' + type: array + xml: + wrapped: false + CompressionType: + enum: + - NONE + - GZIP + - BZIP2 + type: string + Condition: + description: A container for describing a condition that must be met for the + specified redirect to apply. For example, 1. If request is for pages in the + /docs folder, redirect to the /documents folder. + 2. If request results in HTTP error 4xx, redirect request to another host + where you might process the error. + properties: + HttpErrorCodeReturnedEquals: + allOf: + - $ref: '#/components/schemas/HttpErrorCodeReturnedEquals' + - description: The HTTP error code when the redirect is applied. In the + event of an error, if the error code equals this value, then the specified + redirect is applied. Required when parent element Condition + is specified and sibling KeyPrefixEquals is not specified. + If both are specified, then both must be true for the redirect to be + applied. + KeyPrefixEquals: + allOf: + - $ref: '#/components/schemas/KeyPrefixEquals' + - description:

The object key name prefix when the redirect is applied. + For example, to redirect requests for ExamplePage.html, + the key prefix will be ExamplePage.html. To redirect request + for all pages with the prefix docs/, the key prefix will + be /docs, which identifies all objects in the docs/ + folder. Required when the parent element Condition is specified + and sibling HttpErrorCodeReturnedEquals is not specified. + If both conditions are specified, both must be true for the redirect + to be applied.

Replacement must be made for object + keys containing special characters (such as carriage returns) when using + XML requests. For more information, see + XML related object key constraints.

 + type: object + ConfirmRemoveSelfBucketAccess: + type: boolean + ContentDisposition: + type: string + ContentEncoding: + type: string + ContentLanguage: + type: string + ContentLength: + type: integer + ContentMD5: + type: string + ContentRange: + type: string + ContentType: + type: string + ContinuationEvent: + description:

+ properties: {} + type: object + CopyObjectOutput: + example: + CopyObjectResult: + ETag: '"6805f2cfc46c0f04559748bb039d69ae"' + LastModified: '2016-12-15T17:38:53.000Z' + properties: + CopyObjectResult: + allOf: + - $ref: '#/components/schemas/CopyObjectResult' + - description: Container for all response elements. + type: object + CopyObjectRequest: + properties: + x-amz-meta-: + allOf: + - $ref: '#/components/schemas/Metadata' + - description: A map of metadata to store with the object in S3. + required: + - Bucket + - CopySource + - Key + title: CopyObjectRequest + type: object + CopyObjectResult: + description: Container for all response elements. + properties: + ChecksumCRC32: + allOf: + - $ref: '#/components/schemas/ChecksumCRC32' + - description: The base64-encoded, 32-bit CRC32 checksum of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumCRC32C: + allOf: + - $ref: '#/components/schemas/ChecksumCRC32C' + - description: The base64-encoded, 32-bit CRC32C checksum of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumSHA1: + allOf: + - $ref: '#/components/schemas/ChecksumSHA1' + - description: The base64-encoded, 160-bit SHA-1 digest of the object. This + will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumSHA256: + allOf: + - $ref: '#/components/schemas/ChecksumSHA256' + - description: The base64-encoded, 256-bit SHA-256 digest of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ETag: + allOf: + - $ref: '#/components/schemas/ETag' + - description: Returns the ETag of the new object. The ETag reflects only + changes to the contents of an object, not its metadata. + LastModified: + allOf: + - $ref: '#/components/schemas/LastModified' + - description: Creation date of the object. + type: object + CopyPartResult: + description: Container for all response elements. + properties: + ChecksumCRC32: + allOf: + - $ref: '#/components/schemas/ChecksumCRC32' + - description: The base64-encoded, 32-bit CRC32 checksum of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumCRC32C: + allOf: + - $ref: '#/components/schemas/ChecksumCRC32C' + - description: The base64-encoded, 32-bit CRC32C checksum of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumSHA1: + allOf: + - $ref: '#/components/schemas/ChecksumSHA1' + - description: The base64-encoded, 160-bit SHA-1 digest of the object. This + will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumSHA256: + allOf: + - $ref: '#/components/schemas/ChecksumSHA256' + - description: The base64-encoded, 256-bit SHA-256 digest of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ETag: + allOf: + - $ref: '#/components/schemas/ETag' + - description: Entity tag of the object. + LastModified: + allOf: + - $ref: '#/components/schemas/LastModified' + - description: Date and time at which the object was uploaded. + type: object + CopySource: + pattern: \/.+\/.+ + type: string + CopySourceIfMatch: + type: string + CopySourceIfModifiedSince: + format: date-time + type: string + CopySourceIfNoneMatch: + type: string + CopySourceIfUnmodifiedSince: + format: date-time + type: string + CopySourceRange: + type: string + CopySourceSSECustomerAlgorithm: + type: string + CopySourceSSECustomerKey: + format: password + type: string + CopySourceSSECustomerKeyMD5: + type: string + CopySourceVersionId: + type: string + CreateBucketConfiguration: + description: The configuration information for the bucket. + properties: + LocationConstraint: + allOf: + - $ref: '#/components/schemas/BucketLocationConstraint' + - description: Specifies the Region where the bucket will be created. If + you don't specify a Region, the bucket is created in the US East (N. + Virginia) Region (us-east-1). + type: object + CreateBucketOutput: + example: + Location: /examplebucket + properties: {} + type: object + CreateBucketRequest: + properties: {} + required: + - Bucket + title: CreateBucketRequest + type: object + CreateMultipartUploadOutput: + example: + Bucket: examplebucket + Key: largeobject + UploadId: ibZBv_75gd9r8lH_gqXatLdxMVpAlj6ZQjEs.OwyF3953YdwbcQnMA2BLGn8Lx12fQNICtMw5KyteFeHw.Sjng-- + properties: + Key: + allOf: + - $ref: '#/components/schemas/ObjectKey' + - description: Object key for which the multipart upload was initiated. + UploadId: + allOf: + - $ref: '#/components/schemas/MultipartUploadId' + - description: ID for the initiated multipart upload. + type: object + CreateMultipartUploadRequest: + properties: + x-amz-meta-: + allOf: + - $ref: '#/components/schemas/Metadata' + - description: A map of metadata to store with the object in S3. + required: + - Bucket + - Key + title: CreateMultipartUploadRequest + type: object + CreationDate: + format: date-time + type: string + Date: + format: date-time + type: string + Days: + type: integer + DaysAfterInitiation: + type: integer + DefaultRetention: + description:

The container element for specifying the default Object Lock + retention settings for new objects placed in the specified bucket.

+

  • The DefaultRetention settings require both a mode + and a period.

  • The DefaultRetention period can + be either Days or Years but you must select one. + You cannot specify Days and Years at the same time.

    +
+ properties: + Days: + allOf: + - $ref: '#/components/schemas/Days' + - description: The number of days that you want to specify for the default + retention period. Must be used with Mode. + Mode: + allOf: + - $ref: '#/components/schemas/ObjectLockRetentionMode' + - description: The default Object Lock retention mode you want to apply + to new objects placed in the specified bucket. Must be used with either + Days or Years. + Years: + allOf: + - $ref: '#/components/schemas/Years' + - description: The number of years that you want to specify for the default + retention period. Must be used with Mode. + type: object + Delete: + description: Container for the objects to delete. + properties: + Object: + allOf: + - $ref: '#/components/schemas/ObjectIdentifierList' + - description: The objects to delete. + Quiet: + allOf: + - $ref: '#/components/schemas/Quiet' + - description: Element to enable quiet mode for the request. When you add + this element, you must set its value to true. + required: + - Objects + type: object + DeleteBucketAnalyticsConfigurationRequest: + properties: {} + required: + - Bucket + - Id + title: DeleteBucketAnalyticsConfigurationRequest + type: object + DeleteBucketCorsRequest: + properties: {} + required: + - Bucket + title: DeleteBucketCorsRequest + type: object + DeleteBucketEncryptionRequest: + properties: {} + required: + - Bucket + title: DeleteBucketEncryptionRequest + type: object + DeleteBucketIntelligentTieringConfigurationRequest: + properties: {} + required: + - Bucket + - Id + title: DeleteBucketIntelligentTieringConfigurationRequest + type: object + DeleteBucketInventoryConfigurationRequest: + properties: {} + required: + - Bucket + - Id + title: DeleteBucketInventoryConfigurationRequest + type: object + DeleteBucketLifecycleRequest: + properties: {} + required: + - Bucket + title: DeleteBucketLifecycleRequest + type: object + DeleteBucketMetricsConfigurationRequest: + properties: {} + required: + - Bucket + - Id + title: DeleteBucketMetricsConfigurationRequest + type: object + DeleteBucketOwnershipControlsRequest: + properties: {} + required: + - Bucket + title: DeleteBucketOwnershipControlsRequest + type: object + DeleteBucketPolicyRequest: + properties: {} + required: + - Bucket + title: DeleteBucketPolicyRequest + type: object + DeleteBucketReplicationRequest: + properties: {} + required: + - Bucket + title: DeleteBucketReplicationRequest + type: object + DeleteBucketRequest: + properties: {} + required: + - Bucket + title: DeleteBucketRequest + type: object + DeleteBucketTaggingRequest: + properties: {} + required: + - Bucket + title: DeleteBucketTaggingRequest + type: object + DeleteBucketWebsiteRequest: + properties: {} + required: + - Bucket + title: DeleteBucketWebsiteRequest + type: object + DeleteMarker: + type: boolean + DeleteMarkerEntry: + description: Information about the delete marker. + properties: + IsLatest: + allOf: + - $ref: '#/components/schemas/IsLatest' + - description: Specifies whether the object is (true) or is not (false) + the latest version of an object. + Key: + allOf: + - $ref: '#/components/schemas/ObjectKey' + - description: The object key. + LastModified: + allOf: + - $ref: '#/components/schemas/LastModified' + - description: Date and time the object was last modified. + Owner: + allOf: + - $ref: '#/components/schemas/Owner' + - description: The account that created the delete marker.> + VersionId: + allOf: + - $ref: '#/components/schemas/ObjectVersionId' + - description: Version ID of an object. + type: object + DeleteMarkerReplication: + description:

Specifies whether Amazon S3 replicates delete markers. If you + specify a Filter in your replication configuration, you must + also include a DeleteMarkerReplication element. If your Filter + includes a Tag element, the DeleteMarkerReplication + Status must be set to Disabled, because Amazon S3 does not support + replicating delete markers for tag-based rules. For an example configuration, + see Basic + Rule Configuration.

For more information about delete marker replication, + see Basic + Rule Configuration.

If you are using an earlier version + of the replication configuration, Amazon S3 handles replication of delete + markers differently. For more information, see Backward + Compatibility.

 + properties: + Status: + allOf: + - $ref: '#/components/schemas/DeleteMarkerReplicationStatus' + - description:

Indicates whether to replicate delete markers.

+

Indicates whether to replicate delete markers.

 + type: object + DeleteMarkerReplicationStatus: + enum: + - Enabled + - Disabled + type: string + DeleteMarkerVersionId: + type: string + DeleteMarkers: + items: + $ref: '#/components/schemas/DeleteMarkerEntry' + type: array + xml: + wrapped: false + DeleteObjectOutput: + example: {} + properties: {} + type: object + DeleteObjectRequest: + properties: {} + required: + - Bucket + - Key + title: DeleteObjectRequest + type: object + DeleteObjectTaggingOutput: + example: + VersionId: 'null' + properties: {} + type: object + DeleteObjectTaggingRequest: + properties: {} + required: + - Bucket + - Key + title: DeleteObjectTaggingRequest + type: object + DeleteObjectsOutput: + example: + Deleted: + - DeleteMarker: 'true' + DeleteMarkerVersionId: A._w1z6EFiCF5uhtQMDal9JDkID9tQ7F + Key: objectkey1 + - DeleteMarker: 'true' + DeleteMarkerVersionId: iOd_ORxhkKe_e8G8_oSGxt2PjsCZKlkt + Key: objectkey2 + properties: + Deleted: + allOf: + - $ref: '#/components/schemas/DeletedObjects' + - description: Container element for a successful delete. It identifies + the object that was successfully deleted. + Error: + allOf: + - $ref: '#/components/schemas/Errors' + - description: Container for a failed delete action that describes the object + that Amazon S3 attempted to delete and the error it encountered. + type: object + DeleteObjectsRequest: + properties: {} + required: + - Bucket + - Delete + title: DeleteObjectsRequest + type: object + DeletePublicAccessBlockRequest: + properties: {} + required: + - Bucket + title: DeletePublicAccessBlockRequest + type: object + DeletedObject: + description: Information about the deleted object. + properties: + DeleteMarker: + allOf: + - $ref: '#/components/schemas/DeleteMarker' + - description: Specifies whether the versioned object that was permanently + deleted was (true) or was not (false) a delete marker. In a simple DELETE, + this header indicates whether (true) or not (false) a delete marker + was created. + DeleteMarkerVersionId: + allOf: + - $ref: '#/components/schemas/DeleteMarkerVersionId' + - description: The version ID of the delete marker created as a result of + the DELETE operation. If you delete a specific object version, the value + returned by this header is the version ID of the object version deleted. + Key: + allOf: + - $ref: '#/components/schemas/ObjectKey' + - description: The name of the deleted object. + VersionId: + allOf: + - $ref: '#/components/schemas/ObjectVersionId' + - description: The version ID of the deleted object. + type: object + DeletedObjects: + items: + $ref: '#/components/schemas/DeletedObject' + type: array + xml: + wrapped: false + Delimiter: + type: string + Description: + type: string + Destination: + description: Specifies information about where to publish analysis or configuration + results for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC). + properties: + AccessControlTranslation: + allOf: + - $ref: '#/components/schemas/AccessControlTranslation' + - description: Specify this only in a cross-account scenario (where source + and destination bucket owners are not the same), and you want to change + replica ownership to the Amazon Web Services account that owns the destination + bucket. If this is not specified in the replication configuration, the + replicas are owned by same Amazon Web Services account that owns the + source object. + Account: + allOf: + - $ref: '#/components/schemas/AccountId' + - description: 'Destination bucket owner account ID. In a cross-account + scenario, if you direct Amazon S3 to change replica ownership to the + Amazon Web Services account that owns the destination bucket by specifying + the AccessControlTranslation property, this is the account + ID of the destination bucket owner. For more information, see Replication + Additional Configuration: Changing the Replica Owner in the Amazon + S3 User Guide.' + Bucket: + allOf: + - $ref: '#/components/schemas/BucketName' + - description: ' The Amazon Resource Name (ARN) of the bucket where you + want Amazon S3 to store the results.' + EncryptionConfiguration: + allOf: + - $ref: '#/components/schemas/EncryptionConfiguration' + - description: A container that provides information about encryption. If + SourceSelectionCriteria is specified, you must specify + this element. + Metrics: + allOf: + - $ref: '#/components/schemas/Metrics' + - description: ' A container specifying replication metrics-related settings + enabling replication metrics and events. ' + ReplicationTime: + allOf: + - $ref: '#/components/schemas/ReplicationTime' + - description: ' A container specifying S3 Replication Time Control (S3 + RTC), including whether S3 RTC is enabled and the time when all objects + and operations on objects must be replicated. Must be specified together + with a Metrics block. ' + StorageClass: + allOf: + - $ref: '#/components/schemas/StorageClass' + - description:

The storage class to use when replicating objects, such + as S3 Standard or reduced redundancy. By default, Amazon S3 uses the + storage class of the source object to create the object replica.

+

For valid values, see the StorageClass element of the + PUT + Bucket replication action in the Amazon S3 API Reference.

+ required: + - Bucket + type: object + DisplayName: + type: string + ETag: + type: string + EmailAddress: + type: string + EnableRequestProgress: + type: boolean + EncodingType: + description: Requests Amazon S3 to encode the object keys in the response and + specifies the encoding method to use. An object key may contain any Unicode + character; however, XML 1.0 parser cannot parse some characters, such as characters + with an ASCII value from 0 to 10. For characters that are not supported in + XML 1.0, you can add this parameter to request that Amazon S3 encode the keys + in the response. + enum: + - url + type: string + Encryption: + description: Contains the type of server-side encryption used. + properties: + EncryptionType: + allOf: + - $ref: '#/components/schemas/ServerSideEncryption' + - description: The server-side encryption algorithm used when storing job + results in Amazon S3 (for example, AES256, aws:kms). + KMSContext: + allOf: + - $ref: '#/components/schemas/KMSContext' + - description: If the encryption type is aws:kms, this optional + value can be used to specify the encryption context for the restore + results. + KMSKeyId: + allOf: + - $ref: '#/components/schemas/SSEKMSKeyId' + - description: If the encryption type is aws:kms, this optional + value specifies the ID of the symmetric customer managed key to use + for encryption of job results. Amazon S3 only supports symmetric keys. + For more information, see Using + symmetric and asymmetric keys in the Amazon Web Services Key + Management Service Developer Guide. + required: + - EncryptionType + type: object + EncryptionConfiguration: + description: Specifies encryption-related information for an Amazon S3 bucket + that is a destination for replicated objects. + properties: + ReplicaKmsKeyID: + allOf: + - $ref: '#/components/schemas/ReplicaKmsKeyID' + - description: Specifies the ID (Key ARN or Alias ARN) of the customer managed + Amazon Web Services KMS key stored in Amazon Web Services Key Management + Service (KMS) for the destination bucket. Amazon S3 uses this key to + encrypt replica objects. Amazon S3 only supports symmetric, customer + managed KMS keys. For more information, see Using + symmetric and asymmetric keys in the Amazon Web Services Key + Management Service Developer Guide. + type: object + End: + type: integer + EndEvent: + description: A message that indicates the request is complete and no more messages + will be sent. You should not assume that the request is complete until the + client receives an EndEvent. + properties: {} + type: object + Error: + description: Container for all error elements. + properties: + Code: + allOf: + - $ref: '#/components/schemas/Code' + - description: '

The error code is a string that uniquely identifies an + error condition. It is meant to be read and understood by programs that + detect and handle errors by type.

Amazon S3 + error codes

    • Code: AccessDenied +

    • Description: Access Denied

    • +

      HTTP Status Code: 403 Forbidden

    • SOAP + Fault Code Prefix: Client

    • + Code: AccountProblem

    • Description: There + is a problem with your Amazon Web Services account that prevents the + action from completing successfully. Contact Amazon Web Services Support + for further assistance.

    • HTTP Status Code: + 403 Forbidden

    • SOAP Fault Code Prefix: Client

      +

    • Code: AllAccessDisabled

      +

    • Description: All access to this Amazon S3 resource + has been disabled. Contact Amazon Web Services Support for further assistance.

      +

    • HTTP Status Code: 403 Forbidden

    • +

      SOAP Fault Code Prefix: Client

  • +

    • Code: AmbiguousGrantByEmailAddress

    • +

      Description: The email address you provided is associated + with more than one account.

    • HTTP Status Code: + 400 Bad Request

    • SOAP Fault Code Prefix: Client

      +

    • Code: AuthorizationHeaderMalformed

      +

    • Description: The authorization header you provided + is invalid.

    • HTTP Status Code: 400 Bad Request

      +

    • HTTP Status Code: N/A

  • +

    • Code: BadDigest

    • Description: + The Content-MD5 you specified did not match what we received.

      • +

    • HTTP Status Code: 400 Bad Request

    • + SOAP Fault Code Prefix: Client

    • +

    • Code: BucketAlreadyExists

    • Description: + The requested bucket name is not available. The bucket namespace is + shared by all users of the system. Please select a different name and + try again.

    • HTTP Status Code: 409 Conflict

      +

    • SOAP Fault Code Prefix: Client

    +

    • Code: BucketAlreadyOwnedByYou

      • +

    • Description: The bucket you tried to create already + exists, and you own it. Amazon S3 returns this error in all Amazon Web + Services Regions except in the North Virginia Region. For legacy compatibility, + if you re-create an existing bucket that you already own in the North + Virginia Region, Amazon S3 returns 200 OK and resets the bucket access + control lists (ACLs).

    • Code: 409 Conflict (in + all Regions except the North Virginia Region)

    • SOAP + Fault Code Prefix: Client

    • + Code: BucketNotEmpty

    • Description: The + bucket you tried to delete is not empty.

    • HTTP + Status Code: 409 Conflict

    • SOAP Fault Code + Prefix: Client

    • Code: + CredentialsNotSupported

    • Description: This + request does not support credentials.

    • HTTP Status + Code: 400 Bad Request

    • SOAP Fault Code Prefix: + Client

    • Code: CrossLocationLoggingProhibited

      +

    • Description: Cross-location logging not allowed. + Buckets in one geographic location cannot log information to a bucket + in another location.

    • HTTP Status Code: 403 + Forbidden

    • SOAP Fault Code Prefix: Client

      +

    • Code: EntityTooSmall

      +

    • Description: Your proposed upload is smaller than + the minimum allowed object size.

    • HTTP Status Code: + 400 Bad Request

    • SOAP Fault Code Prefix: Client

      +

    • Code: EntityTooLarge

      +

    • Description: Your proposed upload exceeds the + maximum allowed object size.

    • HTTP Status Code: + 400 Bad Request

    • SOAP Fault Code Prefix: Client

      +

    • Code: ExpiredToken

      • +

    • Description: The provided token has expired.

      • +

    • HTTP Status Code: 400 Bad Request

    • + SOAP Fault Code Prefix: Client

    • +

    • Code: IllegalVersioningConfigurationException

      • +

    • Description: Indicates that the versioning configuration + specified in the request is invalid.

    • HTTP Status + Code: 400 Bad Request

    • SOAP Fault Code Prefix: + Client

    • Code: IncompleteBody

      +

    • Description: You did not provide the number of + bytes specified by the Content-Length HTTP header

    • + HTTP Status Code: 400 Bad Request

    • SOAP + Fault Code Prefix: Client

    • + Code: IncorrectNumberOfFilesInPostRequest

    • + Description: POST requires exactly one file upload per request.

      +

    • HTTP Status Code: 400 Bad Request

    • +

      SOAP Fault Code Prefix: Client

  • +

    • Code: InlineDataTooLarge

    • Description: + Inline data exceeds the maximum allowed size.

    • HTTP + Status Code: 400 Bad Request

    • SOAP Fault Code + Prefix: Client

    • Code: + InternalError

    • Description: We encountered + an internal error. Please try again.

    • HTTP Status + Code: 500 Internal Server Error

    • SOAP Fault + Code Prefix: Server

    • Code: + InvalidAccessKeyId

    • Description: The Amazon + Web Services access key ID you provided does not exist in our records.

      +

    • HTTP Status Code: 403 Forbidden

    • +

      SOAP Fault Code Prefix: Client

  • +

    • Code: InvalidAddressingHeader

    • + Description: You must specify the Anonymous role.

    • +

      HTTP Status Code: N/A

    • SOAP Fault Code + Prefix: Client

    • Code: + InvalidArgument

    • Description: Invalid Argument

      +

    • HTTP Status Code: 400 Bad Request

    • +

      SOAP Fault Code Prefix: Client

  • +

    • Code: InvalidBucketName

    • Description: + The specified bucket is not valid.

    • HTTP Status + Code: 400 Bad Request

    • SOAP Fault Code Prefix: + Client

    • Code: InvalidBucketState

      +

    • Description: The request is not valid with the + current state of the bucket.

    • HTTP Status Code: + 409 Conflict

    • SOAP Fault Code Prefix: Client

      +

    • Code: InvalidDigest

      +

    • Description: The Content-MD5 you specified is + not valid.

    • HTTP Status Code: 400 Bad Request

      +

    • SOAP Fault Code Prefix: Client

    +

    • Code: InvalidEncryptionAlgorithmError

      +

    • Description: The encryption request you specified + is not valid. The valid value is AES256.

    • HTTP + Status Code: 400 Bad Request

    • SOAP Fault Code + Prefix: Client

    • Code: + InvalidLocationConstraint

    • Description: The + specified location constraint is not valid. For more information about + Regions, see How + to Select a Region for Your Buckets.

    • HTTP + Status Code: 400 Bad Request

    • SOAP Fault Code + Prefix: Client

    • Code: + InvalidObjectState

    • Description: The action + is not valid for the current state of the object.

    • + HTTP Status Code: 403 Forbidden

    • SOAP Fault + Code Prefix: Client

    • Code: + InvalidPart

    • Description: One or more of the + specified parts could not be found. The part might not have been uploaded, + or the specified entity tag might not have matched the part''s entity + tag.

    • HTTP Status Code: 400 Bad Request

      +

    • SOAP Fault Code Prefix: Client

    +

    • Code: InvalidPartOrder

    • +

      Description: The list of parts was not in ascending order. + Parts list must be specified in order by part number.

    • +

      HTTP Status Code: 400 Bad Request

    • SOAP + Fault Code Prefix: Client

    • + Code: InvalidPayer

    • Description: All + access to this object has been disabled. Please contact Amazon Web Services + Support for further assistance.

    • HTTP Status Code: + 403 Forbidden

    • SOAP Fault Code Prefix: Client

      +

    • Code: InvalidPolicyDocument

      +

    • Description: The content of the form does not + meet the conditions specified in the policy document.

    • +

      HTTP Status Code: 400 Bad Request

    • SOAP + Fault Code Prefix: Client

    • + Code: InvalidRange

    • Description: The + requested range cannot be satisfied.

    • HTTP Status + Code: 416 Requested Range Not Satisfiable

    • SOAP + Fault Code Prefix: Client

    • + Code: InvalidRequest

    • Description: Please + use AWS4-HMAC-SHA256.

    • HTTP Status + Code: 400 Bad Request

    • Code: N/A

      • +

    • Code: InvalidRequest

      • +

    • Description: SOAP requests must be made over an HTTPS + connection.

    • HTTP Status Code: 400 Bad Request

      +

    • SOAP Fault Code Prefix: Client

    +

    • Code: InvalidRequest

    • +

      Description: Amazon S3 Transfer Acceleration is not supported + for buckets with non-DNS compliant names.

    • HTTP + Status Code: 400 Bad Request

    • Code: N/A

      +

    • Code: InvalidRequest

      +

    • Description: Amazon S3 Transfer Acceleration is + not supported for buckets with periods (.) in their names.

      • +

    • HTTP Status Code: 400 Bad Request

    • + Code: N/A

    • Code: + InvalidRequest

    • Description: Amazon S3 Transfer + Accelerate endpoint only supports virtual style requests.

      • +

    • HTTP Status Code: 400 Bad Request

    • + Code: N/A

    • Code: + InvalidRequest

    • Description: Amazon S3 Transfer + Accelerate is not configured on this bucket.

    • HTTP + Status Code: 400 Bad Request

    • Code: N/A

      +

    • Code: InvalidRequest

      +

    • Description: Amazon S3 Transfer Accelerate is + disabled on this bucket.

    • HTTP Status Code: + 400 Bad Request

    • Code: N/A

    +

    • Code: InvalidRequest

    • +

      Description: Amazon S3 Transfer Acceleration is not supported + on this bucket. Contact Amazon Web Services Support for more information.

      +

    • HTTP Status Code: 400 Bad Request

    • +

      Code: N/A

    • Code: + InvalidRequest

    • Description: Amazon S3 Transfer + Acceleration cannot be enabled on this bucket. Contact Amazon Web Services + Support for more information.

    • HTTP Status Code: + 400 Bad Request

    • Code: N/A

    +

    • Code: InvalidSecurity

    • +

      Description: The provided security credentials are not valid.

      +

    • HTTP Status Code: 403 Forbidden

    • +

      SOAP Fault Code Prefix: Client

  • +

    • Code: InvalidSOAPRequest

    • Description: + The SOAP request body is invalid.

    • HTTP Status + Code: 400 Bad Request

    • SOAP Fault Code Prefix: + Client

    • Code: InvalidStorageClass

      +

    • Description: The storage class you specified is + not valid.

    • HTTP Status Code: 400 Bad Request

      +

    • SOAP Fault Code Prefix: Client

    +

    • Code: InvalidTargetBucketForLogging

      +

    • Description: The target bucket for logging does + not exist, is not owned by you, or does not have the appropriate grants + for the log-delivery group.

    • HTTP Status Code: + 400 Bad Request

    • SOAP Fault Code Prefix: Client

      +

    • Code: InvalidToken

      • +

    • Description: The provided token is malformed or otherwise + invalid.

    • HTTP Status Code: 400 Bad Request

      +

    • SOAP Fault Code Prefix: Client

    +

    • Code: InvalidURI

    • + Description: Couldn''t parse the specified URI.

    • +

      HTTP Status Code: 400 Bad Request

    • SOAP + Fault Code Prefix: Client

    • + Code: KeyTooLongError

    • Description: + Your key is too long.

    • HTTP Status Code: 400 + Bad Request

    • SOAP Fault Code Prefix: Client

      +

    • Code: MalformedACLError

      +

    • Description: The XML you provided was not well-formed + or did not validate against our published schema.

    • + HTTP Status Code: 400 Bad Request

    • SOAP + Fault Code Prefix: Client

    • + Code: MalformedPOSTRequest

    • Description: + The body of your POST request is not well-formed multipart/form-data.

      +

    • HTTP Status Code: 400 Bad Request

    • +

      SOAP Fault Code Prefix: Client

  • +

    • Code: MalformedXML

    • Description: + This happens when the user sends malformed XML (XML that doesn''t conform + to the published XSD) for the configuration. The error message is, "The + XML you provided was not well-formed or did not validate against our + published schema."

    • HTTP Status Code: 400 + Bad Request

    • SOAP Fault Code Prefix: Client

      +

    • Code: MaxMessageLengthExceeded

      +

    • Description: Your request was too big.

      • +

    • HTTP Status Code: 400 Bad Request

    • + SOAP Fault Code Prefix: Client

    • +

    • Code: MaxPostPreDataLengthExceededError

    • +

      Description: Your POST request fields preceding the upload + file were too large.

    • HTTP Status Code: 400 + Bad Request

    • SOAP Fault Code Prefix: Client

      +

    • Code: MetadataTooLarge

      +

    • Description: Your metadata headers exceed the + maximum allowed metadata size.

    • HTTP Status Code: + 400 Bad Request

    • SOAP Fault Code Prefix: Client

      +

    • Code: MethodNotAllowed

      +

    • Description: The specified method is not allowed + against this resource.

    • HTTP Status Code: 405 + Method Not Allowed

    • SOAP Fault Code Prefix: + Client

    • Code: MissingAttachment

      +

    • Description: A SOAP attachment was expected, but + none were found.

    • HTTP Status Code: N/A

      +

    • SOAP Fault Code Prefix: Client

    +

    • Code: MissingContentLength

      • +

    • Description: You must provide the Content-Length HTTP + header.

    • HTTP Status Code: 411 Length Required

      +

    • SOAP Fault Code Prefix: Client

    +

    • Code: MissingRequestBodyError

      • +

    • Description: This happens when the user sends an empty + XML document as a request. The error message is, "Request body is empty." +

    • HTTP Status Code: 400 Bad Request

      • +

    • SOAP Fault Code Prefix: Client

    • +

    • Code: MissingSecurityElement

    • +

      Description: The SOAP 1.1 request is missing a security element.

      +

    • HTTP Status Code: 400 Bad Request

    • +

      SOAP Fault Code Prefix: Client

  • +

    • Code: MissingSecurityHeader

    • + Description: Your request is missing a required header.

      • +

    • HTTP Status Code: 400 Bad Request

    • + SOAP Fault Code Prefix: Client

    • +

    • Code: NoLoggingStatusForKey

    • Description: + There is no such thing as a logging status subresource for a key.

      +

    • HTTP Status Code: 400 Bad Request

    • +

      SOAP Fault Code Prefix: Client

  • +

    • Code: NoSuchBucket

    • Description: + The specified bucket does not exist.

    • HTTP Status + Code: 404 Not Found

    • SOAP Fault Code Prefix: + Client

    • Code: NoSuchBucketPolicy

      +

    • Description: The specified bucket does not have + a bucket policy.

    • HTTP Status Code: 404 Not + Found

    • SOAP Fault Code Prefix: Client

      • +

    • Code: NoSuchKey

    • +

      Description: The specified key does not exist.

      • +

    • HTTP Status Code: 404 Not Found

    • SOAP + Fault Code Prefix: Client

    • + Code: NoSuchLifecycleConfiguration

    • Description: + The lifecycle configuration does not exist.

    • HTTP + Status Code: 404 Not Found

    • SOAP Fault Code + Prefix: Client

    • Code: + NoSuchUpload

    • Description: The specified multipart + upload does not exist. The upload ID might be invalid, or the multipart + upload might have been aborted or completed.

    • HTTP + Status Code: 404 Not Found

    • SOAP Fault Code + Prefix: Client

    • Code: + NoSuchVersion

    • Description: Indicates that + the version ID specified in the request does not match an existing version.

      +

    • HTTP Status Code: 404 Not Found

    • +

      SOAP Fault Code Prefix: Client

  • +

    • Code: NotImplemented

    • Description: + A header you provided implies functionality that is not implemented.

      +

    • HTTP Status Code: 501 Not Implemented

      • +

    • SOAP Fault Code Prefix: Server

    • +

    • Code: NotSignedUp

    • Description: + Your account is not signed up for the Amazon S3 service. You must sign + up before you can use Amazon S3. You can sign up at the following URL: + Amazon S3

    • + HTTP Status Code: 403 Forbidden

    • SOAP Fault + Code Prefix: Client

    • Code: + OperationAborted

    • Description: A conflicting + conditional action is currently in progress against this resource. Try + again.

    • HTTP Status Code: 409 Conflict

      +

    • SOAP Fault Code Prefix: Client

    +

    • Code: PermanentRedirect

    • +

      Description: The bucket you are attempting to access must + be addressed using the specified endpoint. Send all future requests + to this endpoint.

    • HTTP Status Code: 301 Moved + Permanently

    • SOAP Fault Code Prefix: Client

      +

    • Code: PreconditionFailed

      +

    • Description: At least one of the preconditions + you specified did not hold.

    • HTTP Status Code: + 412 Precondition Failed

    • SOAP Fault Code Prefix: + Client

    • Code: Redirect

      +

    • Description: Temporary redirect.

    • +

      HTTP Status Code: 307 Moved Temporarily

    • + SOAP Fault Code Prefix: Client

    • +

    • Code: RestoreAlreadyInProgress

    • Description: + Object restore is already in progress.

    • HTTP Status + Code: 409 Conflict

    • SOAP Fault Code Prefix: + Client

    • Code: RequestIsNotMultiPartContent

      +

    • Description: Bucket POST must be of the enclosure-type + multipart/form-data.

    • HTTP Status Code: 400 + Bad Request

    • SOAP Fault Code Prefix: Client

      +

    • Code: RequestTimeout

      +

    • Description: Your socket connection to the server + was not read from or written to within the timeout period.

      • +

    • HTTP Status Code: 400 Bad Request

    • + SOAP Fault Code Prefix: Client

    • +

    • Code: RequestTimeTooSkewed

    • Description: + The difference between the request time and the server''s time is too + large.

    • HTTP Status Code: 403 Forbidden

      +

    • SOAP Fault Code Prefix: Client

    +

    • Code: RequestTorrentOfBucketError

      +

    • Description: Requesting the torrent file of a + bucket is not permitted.

    • HTTP Status Code: + 400 Bad Request

    • SOAP Fault Code Prefix: Client

      +

    • Code: SignatureDoesNotMatch

      +

    • Description: The request signature we calculated + does not match the signature you provided. Check your Amazon Web Services + secret access key and signing method. For more information, see REST + Authentication and SOAP + Authentication for details.

    • HTTP Status Code: + 403 Forbidden

    • SOAP Fault Code Prefix: Client

      +

    • Code: ServiceUnavailable

      +

    • Description: Reduce your request rate.

      • +

    • HTTP Status Code: 503 Service Unavailable

      • +

    • SOAP Fault Code Prefix: Server

    • +

    • Code: SlowDown

    • Description: + Reduce your request rate.

    • HTTP Status Code: + 503 Slow Down

    • SOAP Fault Code Prefix: Server

      +

    • Code: TemporaryRedirect

      +

    • Description: You are being redirected to the bucket + while DNS updates.

    • HTTP Status Code: 307 Moved + Temporarily

    • SOAP Fault Code Prefix: Client

      +

    • Code: TokenRefreshRequired

      +

    • Description: The provided token must be refreshed.

      +

    • HTTP Status Code: 400 Bad Request

    • +

      SOAP Fault Code Prefix: Client

  • +

    • Code: TooManyBuckets

    • Description: + You have attempted to create more buckets than allowed.

    • +

      HTTP Status Code: 400 Bad Request

    • SOAP + Fault Code Prefix: Client

    • + Code: UnexpectedContent

    • Description: + This request does not support content.

    • HTTP Status + Code: 400 Bad Request

    • SOAP Fault Code Prefix: + Client

    • Code: UnresolvableGrantByEmailAddress

      +

    • Description: The email address you provided does + not match any account on record.

    • HTTP Status Code: + 400 Bad Request

    • SOAP Fault Code Prefix: Client

      +

    • Code: UserKeyMustBeSpecified

      +

    • Description: The bucket POST must contain the + specified field name. If it is specified, check the order of the fields.

      +

    • HTTP Status Code: 400 Bad Request

    • +

      SOAP Fault Code Prefix: Client

+

' + Key: + allOf: + - $ref: '#/components/schemas/ObjectKey' + - description: The error key. + Message: + allOf: + - $ref: '#/components/schemas/Message' + - description: The error message contains a generic description of the error + condition in English. It is intended for a human audience. Simple programs + display the message directly to the end user if they encounter an error + condition they don't know how or don't care to handle. Sophisticated + programs with more exhaustive error handling and proper internationalization + are more likely to ignore the error message. + VersionId: + allOf: + - $ref: '#/components/schemas/ObjectVersionId' + - description: The version ID of the error. + type: object + ErrorCode: + type: string + ErrorDocument: + description: The error information. + properties: + Key: + allOf: + - $ref: '#/components/schemas/ObjectKey' + - description:

The object key name to use when a 4XX class error occurs.

+

Replacement must be made for object keys containing special + characters (such as carriage returns) when using XML requests. For more + information, see + XML related object key constraints.

 + required: + - Key + type: object + ErrorMessage: + type: string + Errors: + items: + $ref: '#/components/schemas/Error' + type: array + xml: + wrapped: false + Event: + description: The bucket event for which to send notifications. + enum: + - s3:ReducedRedundancyLostObject + - s3:ObjectCreated:* + - s3:ObjectCreated:Put + - s3:ObjectCreated:Post + - s3:ObjectCreated:Copy + - s3:ObjectCreated:CompleteMultipartUpload + - s3:ObjectRemoved:* + - s3:ObjectRemoved:Delete + - s3:ObjectRemoved:DeleteMarkerCreated + - s3:ObjectRestore:* + - s3:ObjectRestore:Post + - s3:ObjectRestore:Completed + - s3:Replication:* + - s3:Replication:OperationFailedReplication + - s3:Replication:OperationNotTracked + - s3:Replication:OperationMissedThreshold + - s3:Replication:OperationReplicatedAfterThreshold + - s3:ObjectRestore:Delete + - s3:LifecycleTransition + - s3:IntelligentTiering + - s3:ObjectAcl:Put + - s3:LifecycleExpiration:* + - s3:LifecycleExpiration:Delete + - s3:LifecycleExpiration:DeleteMarkerCreated + - s3:ObjectTagging:* + - s3:ObjectTagging:Put + - s3:ObjectTagging:Delete + type: string + EventBridgeConfiguration: + description: A container for specifying the configuration for Amazon EventBridge. + properties: {} + type: object + EventList: + items: + $ref: '#/components/schemas/Event' + type: array + xml: + wrapped: false + ExistingObjectReplication: + description: 'Optional configuration to replicate existing source bucket objects. + For more information, see Replicating + Existing Objects in the Amazon S3 User Guide. ' + properties: + Status: + allOf: + - $ref: '#/components/schemas/ExistingObjectReplicationStatus' + - description:

+ required: + - Status + type: object + ExistingObjectReplicationStatus: + enum: + - Enabled + - Disabled + type: string + Expiration: + type: string + ExpirationStatus: + enum: + - Enabled + - Disabled + type: string + ExpiredObjectDeleteMarker: + type: boolean + Expires: + format: date-time + type: string + ExposeHeader: + type: string + ExposeHeaders: + items: + $ref: '#/components/schemas/ExposeHeader' + type: array + xml: + wrapped: false + Expression: + type: string + ExpressionType: + enum: + - SQL + type: string + FetchOwner: + type: boolean + FieldDelimiter: + type: string + FileHeaderInfo: + enum: + - USE + - IGNORE + - NONE + type: string + FilterRule: + description: Specifies the Amazon S3 object key name to filter on and whether + to filter on the suffix or prefix of the key name. + properties: + Name: + allOf: + - $ref: '#/components/schemas/FilterRuleName' + - description: The object key name prefix or suffix identifying one or more + objects to which the filtering rule applies. The maximum length is 1,024 + characters. Overlapping prefixes and suffixes are not supported. For + more information, see Configuring + Event Notifications in the Amazon S3 User Guide. + Value: + allOf: + - $ref: '#/components/schemas/FilterRuleValue' + - description: The value that the filter searches for in object key names. + type: object + FilterRuleList: + description: A list of containers for the key-value pair that defines the criteria + for the filter rule. + items: + $ref: '#/components/schemas/FilterRule' + type: array + xml: + wrapped: false + FilterRuleName: + enum: + - prefix + - suffix + type: string + FilterRuleValue: + type: string + GetBucketAccelerateConfigurationOutput: + properties: + Status: + allOf: + - $ref: '#/components/schemas/BucketAccelerateStatus' + - description: The accelerate configuration of the bucket. + type: object + GetBucketAccelerateConfigurationRequest: + properties: {} + required: + - Bucket + title: GetBucketAccelerateConfigurationRequest + type: object + GetBucketAclOutput: + properties: + AccessControlList: + allOf: + - $ref: '#/components/schemas/Grants' + - description: A list of grants. + Owner: + allOf: + - $ref: '#/components/schemas/Owner' + - description: Container for the bucket owner's display name and ID. + type: object + GetBucketAclRequest: + properties: {} + required: + - Bucket + title: GetBucketAclRequest + type: object + GetBucketAnalyticsConfigurationOutput: + properties: + AnalyticsConfiguration: + allOf: + - $ref: '#/components/schemas/AnalyticsConfiguration' + - description: The configuration and any analyses for the analytics filter. + type: object + GetBucketAnalyticsConfigurationRequest: + properties: {} + required: + - Bucket + - Id + title: GetBucketAnalyticsConfigurationRequest + type: object + GetBucketCorsOutput: + example: + CORSRules: + - AllowedHeaders: + - Authorization + AllowedMethods: + - GET + AllowedOrigins: + - '*' + MaxAgeSeconds: 3000 + properties: + CORSRule: + allOf: + - $ref: '#/components/schemas/CORSRules' + - description: A set of origins and methods (cross-origin access that you + want to allow). You can add up to 100 rules to the configuration. + type: object + GetBucketCorsRequest: + properties: {} + required: + - Bucket + title: GetBucketCorsRequest + type: object + GetBucketEncryptionOutput: + properties: + ServerSideEncryptionConfiguration: + $ref: '#/components/schemas/ServerSideEncryptionConfiguration' + type: object + GetBucketEncryptionRequest: + properties: {} + required: + - Bucket + title: GetBucketEncryptionRequest + type: object + GetBucketIntelligentTieringConfigurationOutput: + properties: + IntelligentTieringConfiguration: + allOf: + - $ref: '#/components/schemas/IntelligentTieringConfiguration' + - description: Container for S3 Intelligent-Tiering configuration. + type: object + GetBucketIntelligentTieringConfigurationRequest: + properties: {} + required: + - Bucket + - Id + title: GetBucketIntelligentTieringConfigurationRequest + type: object + GetBucketInventoryConfigurationOutput: + properties: + InventoryConfiguration: + allOf: + - $ref: '#/components/schemas/InventoryConfiguration' + - description: Specifies the inventory configuration. + type: object + GetBucketInventoryConfigurationRequest: + properties: {} + required: + - Bucket + - Id + title: GetBucketInventoryConfigurationRequest + type: object + GetBucketLifecycleConfigurationOutput: + example: + Rules: + - ID: Rule for TaxDocs/ + Prefix: TaxDocs + Status: Enabled + Transitions: + - Days: 365 + StorageClass: STANDARD_IA + properties: + Rule: + allOf: + - $ref: '#/components/schemas/LifecycleRules' + - description: Container for a lifecycle rule. + type: object + GetBucketLifecycleConfigurationRequest: + properties: {} + required: + - Bucket + title: GetBucketLifecycleConfigurationRequest + type: object + GetBucketLifecycleOutput: + example: + Rules: + - Expiration: + Days: 1 + ID: delete logs + Prefix: 123/ + Status: Enabled + properties: + Rule: + allOf: + - $ref: '#/components/schemas/Rules' + - description: Container for a lifecycle rule. + type: object + GetBucketLifecycleRequest: + properties: {} + required: + - Bucket + title: GetBucketLifecycleRequest + type: object + GetBucketLocationOutput: + example: + LocationConstraint: us-west-2 + properties: + LocationConstraint: + allOf: + - $ref: '#/components/schemas/BucketLocationConstraint' + - description: Specifies the Region where the bucket resides. For a list + of all the Amazon S3 supported location constraints by Region, see Regions + and Endpoints. Buckets in Region us-east-1 have a LocationConstraint + of null. + type: object + GetBucketLocationRequest: + properties: {} + required: + - Bucket + title: GetBucketLocationRequest + type: object + GetBucketLoggingOutput: + properties: + LoggingEnabled: + $ref: '#/components/schemas/LoggingEnabled' + type: object + GetBucketLoggingRequest: + properties: {} + required: + - Bucket + title: GetBucketLoggingRequest + type: object + GetBucketMetricsConfigurationOutput: + properties: + MetricsConfiguration: + allOf: + - $ref: '#/components/schemas/MetricsConfiguration' + - description: Specifies the metrics configuration. + type: object + GetBucketMetricsConfigurationRequest: + properties: {} + required: + - Bucket + - Id + title: GetBucketMetricsConfigurationRequest + type: object + GetBucketNotificationConfigurationRequest: + properties: {} + required: + - Bucket + title: GetBucketNotificationConfigurationRequest + type: object + GetBucketOwnershipControlsOutput: + properties: + OwnershipControls: + allOf: + - $ref: '#/components/schemas/OwnershipControls' + - description: The OwnershipControls (BucketOwnerEnforced, + BucketOwnerPreferred, or ObjectWriter) currently in effect for this + Amazon S3 bucket. + type: object + GetBucketOwnershipControlsRequest: + properties: {} + required: + - Bucket + title: GetBucketOwnershipControlsRequest + type: object + GetBucketPolicyOutput: + example: + Policy: '{"Version":"2008-10-17","Id":"LogPolicy","Statement":[{"Sid":"Enables + the log delivery group to publish logs to your bucket ","Effect":"Allow","Principal":{"AWS":"111122223333"},"Action":["s3:GetBucketAcl","s3:GetObjectAcl","s3:PutObject"],"Resource":["arn:aws:s3:::policytest1/*","arn:aws:s3:::policytest1"]}]}' + properties: + Policy: + allOf: + - $ref: '#/components/schemas/Policy' + - description: The bucket policy as a JSON document. + type: object + GetBucketPolicyRequest: + properties: {} + required: + - Bucket + title: GetBucketPolicyRequest + type: object + GetBucketPolicyStatusOutput: + properties: + PolicyStatus: + allOf: + - $ref: '#/components/schemas/PolicyStatus' + - description: The policy status for the specified bucket. + type: object + GetBucketPolicyStatusRequest: + properties: {} + required: + - Bucket + title: GetBucketPolicyStatusRequest + type: object + GetBucketReplicationOutput: + example: + ReplicationConfiguration: + Role: arn:aws:iam::acct-id:role/example-role + Rules: + - Destination: + Bucket: arn:aws:s3:::destination-bucket + ID: MWIwNTkwZmItMTE3MS00ZTc3LWJkZDEtNzRmODQwYzc1OTQy + Prefix: Tax + Status: Enabled + properties: + ReplicationConfiguration: + $ref: '#/components/schemas/ReplicationConfiguration' + type: object + GetBucketReplicationRequest: + properties: {} + required: + - Bucket + title: GetBucketReplicationRequest + type: object + GetBucketRequestPaymentOutput: + example: + Payer: BucketOwner + properties: + Payer: + allOf: + - $ref: '#/components/schemas/Payer' + - description: Specifies who pays for the download and request fees. + type: object + GetBucketRequestPaymentRequest: + properties: {} + required: + - Bucket + title: GetBucketRequestPaymentRequest + type: object + GetBucketTaggingOutput: + example: + TagSet: + - Key: key1 + Value: value1 + - Key: key2 + Value: value2 + properties: + TagSet: + allOf: + - $ref: '#/components/schemas/TagSet' + - description: Contains the tag set. + required: + - TagSet + type: object + GetBucketTaggingRequest: + properties: {} + required: + - Bucket + title: GetBucketTaggingRequest + type: object + GetBucketVersioningOutput: + example: + MFADelete: Disabled + Status: Enabled + properties: + MfaDelete: + allOf: + - $ref: '#/components/schemas/MFADeleteStatus' + - description: Specifies whether MFA delete is enabled in the bucket versioning + configuration. This element is only returned if the bucket has been + configured with MFA delete. If the bucket has never been so configured, + this element is not returned. + Status: + allOf: + - $ref: '#/components/schemas/BucketVersioningStatus' + - description: The versioning state of the bucket. + type: object + GetBucketVersioningRequest: + properties: {} + required: + - Bucket + title: GetBucketVersioningRequest + type: object + GetBucketWebsiteOutput: + example: + ErrorDocument: + Key: error.html + IndexDocument: + Suffix: index.html + properties: + ErrorDocument: + allOf: + - $ref: '#/components/schemas/ErrorDocument' + - description: The object key name of the website error document to use + for 4XX class errors. + IndexDocument: + allOf: + - $ref: '#/components/schemas/IndexDocument' + - description: The name of the index document for the website (for example + index.html). + RedirectAllRequestsTo: + allOf: + - $ref: '#/components/schemas/RedirectAllRequestsTo' + - description: Specifies the redirect behavior of all requests to a website + endpoint of an Amazon S3 bucket. + RoutingRules: + allOf: + - $ref: '#/components/schemas/RoutingRules' + - description: Rules that define when a redirect is applied and the redirect + behavior. + type: object + GetBucketWebsiteRequest: + properties: {} + required: + - Bucket + title: GetBucketWebsiteRequest + type: object + GetObjectAclOutput: + example: + Grants: + - Grantee: + DisplayName: owner-display-name + ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + Type: CanonicalUser + Permission: WRITE + - Grantee: + DisplayName: owner-display-name + ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + Type: CanonicalUser + Permission: WRITE_ACP + - Grantee: + DisplayName: owner-display-name + ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + Type: CanonicalUser + Permission: READ + - Grantee: + DisplayName: owner-display-name + ID: 852b113eexamplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + Type: CanonicalUser + Permission: READ_ACP + Owner: + DisplayName: owner-display-name + ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + properties: + AccessControlList: + allOf: + - $ref: '#/components/schemas/Grants' + - description: A list of grants. + Owner: + allOf: + - $ref: '#/components/schemas/Owner' + - description: ' Container for the bucket owner''s display name and ID.' + type: object + GetObjectAclRequest: + properties: {} + required: + - Bucket + - Key + title: GetObjectAclRequest + type: object + GetObjectAttributesOutput: + properties: + Checksum: + allOf: + - $ref: '#/components/schemas/Checksum' + - description: The checksum or digest of the object. + ETag: + allOf: + - $ref: '#/components/schemas/ETag' + - description: An ETag is an opaque identifier assigned by a web server + to a specific version of a resource found at a URL. + ObjectParts: + allOf: + - $ref: '#/components/schemas/GetObjectAttributesParts' + - description: A collection of parts associated with a multipart upload. + ObjectSize: + allOf: + - $ref: '#/components/schemas/ObjectSize' + - description: The size of the object in bytes. + StorageClass: + allOf: + - $ref: '#/components/schemas/StorageClass' + - description:

Provides the storage class information of the object. + Amazon S3 returns this header for all objects except for S3 Standard + storage class objects.

For more information, see Storage + Classes.

+ type: object + GetObjectAttributesParts: + description: A collection of parts associated with a multipart upload. + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/IsTruncated' + - description: Indicates whether the returned list of parts is truncated. + A value of true indicates that the list was truncated. + A list can be truncated if the number of parts exceeds the limit returned + in the MaxParts element. + MaxParts: + allOf: + - $ref: '#/components/schemas/MaxParts' + - description: The maximum number of parts allowed in the response. + NextPartNumberMarker: + allOf: + - $ref: '#/components/schemas/NextPartNumberMarker' + - description: When a list is truncated, this element specifies the last + part in the list, as well as the value to use for the PartNumberMarker + request parameter in a subsequent request. + Part: + allOf: + - $ref: '#/components/schemas/PartsList' + - description: A container for elements related to a particular part. A + response can contain zero or more Parts elements. + PartNumberMarker: + allOf: + - $ref: '#/components/schemas/PartNumberMarker' + - description: The marker for the current part. + PartsCount: + allOf: + - $ref: '#/components/schemas/PartsCount' + - description: The total number of parts. + type: object + GetObjectAttributesRequest: + properties: {} + required: + - Bucket + - Key + - ObjectAttributes + title: GetObjectAttributesRequest + type: object + GetObjectLegalHoldOutput: + properties: + LegalHold: + allOf: + - $ref: '#/components/schemas/ObjectLockLegalHold' + - description: The current legal hold status for the specified object. + type: object + GetObjectLegalHoldRequest: + properties: {} + required: + - Bucket + - Key + title: GetObjectLegalHoldRequest + type: object + GetObjectLockConfigurationOutput: + properties: + ObjectLockConfiguration: + allOf: + - $ref: '#/components/schemas/ObjectLockConfiguration' + - description: The specified bucket's Object Lock configuration. + type: object + GetObjectLockConfigurationRequest: + properties: {} + required: + - Bucket + title: GetObjectLockConfigurationRequest + type: object + GetObjectOutput: + example: + AcceptRanges: bytes + ContentLength: '10' + ContentRange: bytes 0-9/43 + ContentType: text/plain + ETag: '"0d94420ffd0bc68cd3d152506b97a9cc"' + LastModified: Thu, 09 Oct 2014 22:57:28 GMT + Metadata: {} + VersionId: 'null' + properties: + Body: + allOf: + - $ref: '#/components/schemas/Body' + - description: Object data. + x-amz-meta-: + allOf: + - $ref: '#/components/schemas/Metadata' + - description: A map of metadata to store with the object in S3. + type: object + GetObjectRequest: + properties: {} + required: + - Bucket + - Key + title: GetObjectRequest + type: object + GetObjectResponseStatusCode: + type: integer + GetObjectRetentionOutput: + properties: + Retention: + allOf: + - $ref: '#/components/schemas/ObjectLockRetention' + - description: The container element for an object's retention settings. + type: object + GetObjectRetentionRequest: + properties: {} + required: + - Bucket + - Key + title: GetObjectRetentionRequest + type: object + GetObjectTaggingOutput: + example: + TagSet: + - Key: Key1 + Value: Value1 + VersionId: ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI + properties: + TagSet: + allOf: + - $ref: '#/components/schemas/TagSet' + - description: Contains the tag set. + required: + - TagSet + type: object + GetObjectTaggingRequest: + properties: {} + required: + - Bucket + - Key + title: GetObjectTaggingRequest + type: object + GetObjectTorrentOutput: + example: {} + properties: + Body: + allOf: + - $ref: '#/components/schemas/Body' + - description: A Bencoded dictionary as defined by the BitTorrent specification + type: object + GetObjectTorrentRequest: + properties: {} + required: + - Bucket + - Key + title: GetObjectTorrentRequest + type: object + GetPublicAccessBlockOutput: + properties: + PublicAccessBlockConfiguration: + allOf: + - $ref: '#/components/schemas/PublicAccessBlockConfiguration' + - description: The PublicAccessBlock configuration currently + in effect for this Amazon S3 bucket. + type: object + GetPublicAccessBlockRequest: + properties: {} + required: + - Bucket + title: GetPublicAccessBlockRequest + type: object + GlacierJobParameters: + description: Container for S3 Glacier job parameters. + properties: + Tier: + allOf: + - $ref: '#/components/schemas/Tier' + - description: Retrieval tier at which the restore will be processed. + required: + - Tier + type: object + Grant: + description: Container for grant information. + properties: + Grantee: + allOf: + - $ref: '#/components/schemas/Grantee' + - description: The person being granted permissions. + Permission: + allOf: + - $ref: '#/components/schemas/Permission' + - description: Specifies the permission given to the grantee. + type: object + GrantFullControl: + type: string + GrantRead: + type: string + GrantReadACP: + type: string + GrantWrite: + type: string + GrantWriteACP: + type: string + Grantee: + description: Container for the person being granted permissions. + properties: + DisplayName: + allOf: + - $ref: '#/components/schemas/DisplayName' + - description: Screen name of the grantee. + EmailAddress: + allOf: + - $ref: '#/components/schemas/EmailAddress' + - description: "

Email address of the grantee.

Using email\ + \ addresses to specify a grantee is only supported in the following\ + \ Amazon Web Services Regions:

  • US East (N. Virginia)

    \ + \

  • US West (N. California)

  • US West (Oregon)

    \ + \

  • Asia Pacific (Singapore)

  • Asia Pacific\ + \ (Sydney)

  • Asia Pacific (Tokyo)

  • Europe\ + \ (Ireland)

  • South America (S\xE3o Paulo)

    • \ + \

For a list of all the Amazon S3 supported Regions and endpoints,\ + \ see Regions and Endpoints in the Amazon Web Services General Reference.

\ + \ " + ID: + allOf: + - $ref: '#/components/schemas/ID' + - description: The canonical user ID of the grantee. + URI: + allOf: + - $ref: '#/components/schemas/URI' + - description: URI of the grantee group. + xsi:type: + allOf: + - $ref: '#/components/schemas/Type' + - description: Type of grantee + required: + - Type + type: object + xml: + attribute: true + namespace: http://www.w3.org/2001/XMLSchema-instance + Grants: + items: + allOf: + - $ref: '#/components/schemas/Grant' + - xml: + name: Grant + type: array + HeadBucketRequest: + properties: {} + required: + - Bucket + title: HeadBucketRequest + type: object + HeadObjectOutput: + example: + AcceptRanges: bytes + ContentLength: '3191' + ContentType: image/jpeg + ETag: '"6805f2cfc46c0f04559748bb039d69ae"' + LastModified: Thu, 15 Dec 2016 01:19:41 GMT + Metadata: {} + VersionId: 'null' + properties: + x-amz-meta-: + allOf: + - $ref: '#/components/schemas/Metadata' + - description: A map of metadata to store with the object in S3. + type: object + HeadObjectRequest: + properties: {} + required: + - Bucket + - Key + title: HeadObjectRequest + type: object + HostName: + type: string + HttpErrorCodeReturnedEquals: + type: string + HttpRedirectCode: + type: string + ID: + type: string + IfMatch: + type: string + IfModifiedSince: + format: date-time + type: string + IfNoneMatch: + type: string + IfUnmodifiedSince: + format: date-time + type: string + IndexDocument: + description: Container for the Suffix element. + properties: + Suffix: + allOf: + - $ref: '#/components/schemas/Suffix' + - description:

A suffix that is appended to a request that is for a directory + on the website endpoint (for example,if the suffix is index.html and + you make a request to samplebucket/images/ the data that is returned + will be for the object with the key name images/index.html) The suffix + must not be empty and must not include a slash character.

+

Replacement must be made for object keys containing special characters + (such as carriage returns) when using XML requests. For more information, + see + XML related object key constraints.

 + required: + - Suffix + type: object + Initiated: + format: date-time + type: string + Initiator: + description: 'Container element that identifies who initiated the multipart + upload. ' + properties: + DisplayName: + allOf: + - $ref: '#/components/schemas/DisplayName' + - description: Name of the Principal. + ID: + allOf: + - $ref: '#/components/schemas/ID' + - description: If the principal is an Amazon Web Services account, it provides + the Canonical User ID. If the principal is an IAM User, it provides + a user ARN value. + type: object + InputSerialization: + description: Describes the serialization format of the object. + properties: + CSV: + allOf: + - $ref: '#/components/schemas/CSVInput' + - description: Describes the serialization of a CSV-encoded object. + CompressionType: + allOf: + - $ref: '#/components/schemas/CompressionType' + - description: 'Specifies object''s compression format. Valid values: NONE, + GZIP, BZIP2. Default Value: NONE.' + JSON: + allOf: + - $ref: '#/components/schemas/JSONInput' + - description: Specifies JSON as object's input serialization format. + Parquet: + allOf: + - $ref: '#/components/schemas/ParquetInput' + - description: Specifies Parquet as object's input serialization format. + type: object + IntelligentTieringAccessTier: + enum: + - ARCHIVE_ACCESS + - DEEP_ARCHIVE_ACCESS + type: string + IntelligentTieringAndOperator: + description: A container for specifying S3 Intelligent-Tiering filters. The + filters determine the subset of objects to which the rule applies. + properties: + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description: An object key name prefix that identifies the subset of objects + to which the configuration applies. + Tag: + allOf: + - $ref: '#/components/schemas/TagSet' + - description: All of these tags must exist in the object's tag set in order + for the configuration to apply. + type: object + xml: + wrapped: false + IntelligentTieringConfiguration: + description:

Specifies the S3 Intelligent-Tiering configuration for an Amazon + S3 bucket.

For information about the S3 Intelligent-Tiering storage + class, see Storage + class for automatically optimizing frequently and infrequently accessed objects.

+ properties: + Filter: + allOf: + - $ref: '#/components/schemas/IntelligentTieringFilter' + - description: Specifies a bucket filter. The configuration only includes + objects that meet the filter's criteria. + Id: + allOf: + - $ref: '#/components/schemas/IntelligentTieringId' + - description: The ID used to identify the S3 Intelligent-Tiering configuration. + Status: + allOf: + - $ref: '#/components/schemas/IntelligentTieringStatus' + - description: Specifies the status of the configuration. + Tiering: + allOf: + - $ref: '#/components/schemas/TieringList' + - description: Specifies the S3 Intelligent-Tiering storage class tier of + the configuration. + required: + - Id + - Status + - Tierings + type: object + IntelligentTieringConfigurationList: + items: + $ref: '#/components/schemas/IntelligentTieringConfiguration' + type: array + xml: + wrapped: false + IntelligentTieringDays: + type: integer + IntelligentTieringFilter: + description: The Filter is used to identify objects that the S3 + Intelligent-Tiering configuration applies to. + properties: + And: + allOf: + - $ref: '#/components/schemas/IntelligentTieringAndOperator' + - description: A conjunction (logical AND) of predicates, which is used + in evaluating a metrics filter. The operator must have at least two + predicates, and an object must match all of the predicates in order + for the filter to apply. + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description:

An object key name prefix that identifies the subset of + objects to which the rule applies.

Replacement must + be made for object keys containing special characters (such as carriage + returns) when using XML requests. For more information, see + XML related object key constraints.

 + Tag: + $ref: '#/components/schemas/Tag' + type: object + IntelligentTieringId: + type: string + IntelligentTieringStatus: + enum: + - Enabled + - Disabled + type: string + InvalidObjectState: {} + InventoryConfiguration: + description: 'Specifies the inventory configuration for an Amazon S3 bucket. + For more information, see GET + Bucket inventory in the Amazon S3 API Reference. ' + properties: + Destination: + allOf: + - $ref: '#/components/schemas/InventoryDestination' + - description: Contains information about where to publish the inventory + results. + Filter: + allOf: + - $ref: '#/components/schemas/InventoryFilter' + - description: Specifies an inventory filter. The inventory only includes + objects that meet the filter's criteria. + Id: + allOf: + - $ref: '#/components/schemas/InventoryId' + - description: The ID used to identify the inventory configuration. + IncludedObjectVersions: + allOf: + - $ref: '#/components/schemas/InventoryIncludedObjectVersions' + - description: Object versions to include in the inventory list. If set + to All, the list includes all the object versions, which + adds the version-related fields VersionId, IsLatest, + and DeleteMarker to the list. If set to Current, + the list does not contain these version-related fields. + IsEnabled: + allOf: + - $ref: '#/components/schemas/IsEnabled' + - description: Specifies whether the inventory is enabled or disabled. If + set to True, an inventory list is generated. If set to + False, no inventory list is generated. + OptionalFields: + allOf: + - $ref: '#/components/schemas/InventoryOptionalFields' + - description: Contains the optional fields that are included in the inventory + results. + Schedule: + allOf: + - $ref: '#/components/schemas/InventorySchedule' + - description: Specifies the schedule for generating inventory results. + required: + - Destination + - IsEnabled + - Id + - IncludedObjectVersions + - Schedule + type: object + InventoryConfigurationList: + items: + $ref: '#/components/schemas/InventoryConfiguration' + type: array + xml: + wrapped: false + InventoryDestination: + description: Specifies the inventory configuration for an Amazon S3 bucket. + properties: + S3BucketDestination: + allOf: + - $ref: '#/components/schemas/InventoryS3BucketDestination' + - description: Contains the bucket name, file format, bucket owner (optional), + and prefix (optional) where inventory results are published. + required: + - S3BucketDestination + type: object + InventoryEncryption: + description: Contains the type of server-side encryption used to encrypt the + inventory results. + properties: + SSE-KMS: + allOf: + - $ref: '#/components/schemas/SSEKMS' + - description: Specifies the use of SSE-KMS to encrypt delivered inventory + reports. + SSE-S3: + allOf: + - $ref: '#/components/schemas/SSES3' + - description: Specifies the use of SSE-S3 to encrypt delivered inventory + reports. + type: object + InventoryFilter: + description: Specifies an inventory filter. The inventory only includes objects + that meet the filter's criteria. + properties: + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description: The prefix that an object must have to be included in the + inventory results. + required: + - Prefix + type: object + InventoryFormat: + enum: + - CSV + - ORC + - Parquet + type: string + InventoryFrequency: + enum: + - Daily + - Weekly + type: string + InventoryId: + type: string + InventoryIncludedObjectVersions: + enum: + - All + - Current + type: string + InventoryOptionalField: + enum: + - Size + - LastModifiedDate + - StorageClass + - ETag + - IsMultipartUploaded + - ReplicationStatus + - EncryptionStatus + - ObjectLockRetainUntilDate + - ObjectLockMode + - ObjectLockLegalHoldStatus + - IntelligentTieringAccessTier + - BucketKeyStatus + - ChecksumAlgorithm + type: string + InventoryOptionalFields: + items: + allOf: + - $ref: '#/components/schemas/InventoryOptionalField' + - xml: + name: Field + type: array + InventoryS3BucketDestination: + description: Contains the bucket name, file format, bucket owner (optional), + and prefix (optional) where inventory results are published. + properties: + AccountId: + allOf: + - $ref: '#/components/schemas/AccountId' + - description:

The account ID that owns the destination S3 bucket. If + no account ID is provided, the owner is not validated before exporting + data.

Although this value is optional, we strongly recommend + that you set it to help prevent problems if the destination bucket ownership + changes.

+ Bucket: + allOf: + - $ref: '#/components/schemas/BucketName' + - description: The Amazon Resource Name (ARN) of the bucket where inventory + results will be published. + Encryption: + allOf: + - $ref: '#/components/schemas/InventoryEncryption' + - description: Contains the type of server-side encryption used to encrypt + the inventory results. + Format: + allOf: + - $ref: '#/components/schemas/InventoryFormat' + - description: Specifies the output format of the inventory results. + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description: The prefix that is prepended to all inventory results. + required: + - Bucket + - Format + type: object + InventorySchedule: + description: Specifies the schedule for generating inventory results. + properties: + Frequency: + allOf: + - $ref: '#/components/schemas/InventoryFrequency' + - description: Specifies how frequently inventory results are produced. + required: + - Frequency + type: object + IsEnabled: + type: boolean + IsLatest: + type: boolean + IsPublic: + type: boolean + IsTruncated: + type: boolean + JSONInput: + description: Specifies JSON as object's input serialization format. + properties: + Type: + allOf: + - $ref: '#/components/schemas/JSONType' + - description: 'The type of JSON. Valid values: Document, Lines.' + type: object + JSONOutput: + description: Specifies JSON as request's output serialization format. + properties: + RecordDelimiter: + allOf: + - $ref: '#/components/schemas/RecordDelimiter' + - description: The value used to separate individual records in the output. + If no value is specified, Amazon S3 uses a newline character ('\n'). + type: object + JSONType: + enum: + - DOCUMENT + - LINES + type: string + KMSContext: + type: string + KeyCount: + type: integer + KeyMarker: + type: string + KeyPrefixEquals: + type: string + LambdaFunctionArn: + type: string + LambdaFunctionConfiguration: + description: A container for specifying the configuration for Lambda notifications. + properties: + CloudFunction: + allOf: + - $ref: '#/components/schemas/LambdaFunctionArn' + - description: The Amazon Resource Name (ARN) of the Lambda function that + Amazon S3 invokes when the specified event type occurs. + Event: + allOf: + - $ref: '#/components/schemas/EventList' + - description: The Amazon S3 bucket event for which to invoke the Lambda + function. For more information, see Supported + Event Types in the Amazon S3 User Guide. + Filter: + $ref: '#/components/schemas/NotificationConfigurationFilter' + Id: + $ref: '#/components/schemas/NotificationId' + required: + - LambdaFunctionArn + - Events + type: object + LambdaFunctionConfigurationList: + items: + $ref: '#/components/schemas/LambdaFunctionConfiguration' + type: array + xml: + wrapped: false + LastModified: + format: date-time + type: string + LifecycleConfiguration: + description: Container for lifecycle rules. You can add as many as 1000 rules. + properties: + Rule: + allOf: + - $ref: '#/components/schemas/Rules' + - description: 'Specifies lifecycle configuration rules for an Amazon S3 + bucket. ' + required: + - Rules + type: object + LifecycleExpiration: + description: Container for the expiration for the lifecycle of the object. + properties: + Date: + allOf: + - $ref: '#/components/schemas/Date' + - description: Indicates at what date the object is to be moved or deleted. + Should be in GMT ISO 8601 Format. + Days: + allOf: + - $ref: '#/components/schemas/Days' + - description: Indicates the lifetime, in days, of the objects that are + subject to the rule. The value must be a non-zero positive integer. + ExpiredObjectDeleteMarker: + allOf: + - $ref: '#/components/schemas/ExpiredObjectDeleteMarker' + - description: Indicates whether Amazon S3 will remove a delete marker with + no noncurrent versions. If set to true, the delete marker will be expired; + if set to false the policy takes no action. This cannot be specified + with Days or Date in a Lifecycle Expiration Policy. + type: object + LifecycleRule: + description: A lifecycle rule for individual objects in an Amazon S3 bucket. + properties: + AbortIncompleteMultipartUpload: + $ref: '#/components/schemas/AbortIncompleteMultipartUpload' + Expiration: + allOf: + - $ref: '#/components/schemas/LifecycleExpiration' + - description: Specifies the expiration for the lifecycle of the object + in the form of date, days and, whether the object has a delete marker. + Filter: + allOf: + - $ref: '#/components/schemas/LifecycleRuleFilter' + - description: The Filter is used to identify objects that + a Lifecycle Rule applies to. A Filter must have exactly + one of Prefix, Tag, or And specified. + Filter is required if the LifecycleRule does + not contain a Prefix element. + ID: + allOf: + - $ref: '#/components/schemas/ID' + - description: Unique identifier for the rule. The value cannot be longer + than 255 characters. + NoncurrentVersionExpiration: + $ref: '#/components/schemas/NoncurrentVersionExpiration' + NoncurrentVersionTransition: + allOf: + - $ref: '#/components/schemas/NoncurrentVersionTransitionList' + - description: ' Specifies the transition rule for the lifecycle rule that + describes when noncurrent objects transition to a specific storage class. + If your bucket is versioning-enabled (or versioning is suspended), you + can set this action to request that Amazon S3 transition noncurrent + object versions to a specific storage class at a set period in the object''s + lifetime. ' + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - deprecated: true + description:

Prefix identifying one or more objects to which the rule + applies. This is no longer used; use Filter instead.

+

Replacement must be made for object keys containing special + characters (such as carriage returns) when using XML requests. For more + information, see + XML related object key constraints.

 + Status: + allOf: + - $ref: '#/components/schemas/ExpirationStatus' + - description: If 'Enabled', the rule is currently being applied. If 'Disabled', + the rule is not currently being applied. + Transition: + allOf: + - $ref: '#/components/schemas/TransitionList' + - description: Specifies when an Amazon S3 object transitions to a specified + storage class. + required: + - Status + type: object + LifecycleRuleAndOperator: + description: This is used in a Lifecycle Rule Filter to apply a logical AND + to two or more predicates. The Lifecycle Rule will apply to any object matching + all of the predicates configured inside the And operator. + properties: + ObjectSizeGreaterThan: + allOf: + - $ref: '#/components/schemas/ObjectSizeGreaterThanBytes' + - description: Minimum object size to which the rule applies. + ObjectSizeLessThan: + allOf: + - $ref: '#/components/schemas/ObjectSizeLessThanBytes' + - description: Maximum object size to which the rule applies. + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description: Prefix identifying one or more objects to which the rule + applies. + Tag: + allOf: + - $ref: '#/components/schemas/TagSet' + - description: All of these tags must exist in the object's tag set in order + for the rule to apply. + type: object + xml: + wrapped: false + LifecycleRuleFilter: + description: The Filter is used to identify objects that a Lifecycle + Rule applies to. A Filter must have exactly one of Prefix, + Tag, or And specified. + properties: + And: + $ref: '#/components/schemas/LifecycleRuleAndOperator' + ObjectSizeGreaterThan: + allOf: + - $ref: '#/components/schemas/ObjectSizeGreaterThanBytes' + - description: Minimum object size to which the rule applies. + ObjectSizeLessThan: + allOf: + - $ref: '#/components/schemas/ObjectSizeLessThanBytes' + - description: Maximum object size to which the rule applies. + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description:

Prefix identifying one or more objects to which the rule + applies.

Replacement must be made for object keys + containing special characters (such as carriage returns) when using + XML requests. For more information, see + XML related object key constraints.

 + Tag: + allOf: + - $ref: '#/components/schemas/Tag' + - description: This tag must exist in the object's tag set in order for + the rule to apply. + type: object + LifecycleRules: + items: + $ref: '#/components/schemas/LifecycleRule' + type: array + xml: + wrapped: false + ListBucketAnalyticsConfigurationsOutput: + properties: + AnalyticsConfiguration: + allOf: + - $ref: '#/components/schemas/AnalyticsConfigurationList' + - description: The list of analytics configurations for a bucket. + ContinuationToken: + allOf: + - $ref: '#/components/schemas/Token' + - description: The marker that is used as a starting point for this analytics + configuration list response. This value is present if it was sent in + the request. + IsTruncated: + allOf: + - $ref: '#/components/schemas/IsTruncated' + - description: Indicates whether the returned list of analytics configurations + is complete. A value of true indicates that the list is not complete + and the NextContinuationToken will be provided for a subsequent request. + NextContinuationToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: ' NextContinuationToken is sent when isTruncated + is true, which indicates that there are more analytics configurations + to list. The next request must include this NextContinuationToken. + The token is obfuscated and is not a usable value.' + type: object + ListBucketAnalyticsConfigurationsRequest: + properties: {} + required: + - Bucket + title: ListBucketAnalyticsConfigurationsRequest + type: object + ListBucketIntelligentTieringConfigurationsOutput: + properties: + ContinuationToken: + allOf: + - $ref: '#/components/schemas/Token' + - description: The ContinuationToken that represents a placeholder + from where this request should begin. + IntelligentTieringConfiguration: + allOf: + - $ref: '#/components/schemas/IntelligentTieringConfigurationList' + - description: The list of S3 Intelligent-Tiering configurations for a bucket. + IsTruncated: + allOf: + - $ref: '#/components/schemas/IsTruncated' + - description: Indicates whether the returned list of analytics configurations + is complete. A value of true indicates that the list is + not complete and the NextContinuationToken will be provided + for a subsequent request. + NextContinuationToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The marker used to continue this inventory configuration + listing. Use the NextContinuationToken from this response + to continue the listing in a subsequent request. The continuation token + is an opaque value that Amazon S3 understands. + type: object + ListBucketIntelligentTieringConfigurationsRequest: + properties: {} + required: + - Bucket + title: ListBucketIntelligentTieringConfigurationsRequest + type: object + ListBucketInventoryConfigurationsOutput: + properties: + ContinuationToken: + allOf: + - $ref: '#/components/schemas/Token' + - description: If sent in the request, the marker that is used as a starting + point for this inventory configuration list response. + InventoryConfiguration: + allOf: + - $ref: '#/components/schemas/InventoryConfigurationList' + - description: The list of inventory configurations for a bucket. + IsTruncated: + allOf: + - $ref: '#/components/schemas/IsTruncated' + - description: Tells whether the returned list of inventory configurations + is complete. A value of true indicates that the list is not complete + and the NextContinuationToken is provided for a subsequent request. + NextContinuationToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The marker used to continue this inventory configuration + listing. Use the NextContinuationToken from this response + to continue the listing in a subsequent request. The continuation token + is an opaque value that Amazon S3 understands. + type: object + ListBucketInventoryConfigurationsRequest: + properties: {} + required: + - Bucket + title: ListBucketInventoryConfigurationsRequest + type: object + ListBucketMetricsConfigurationsOutput: + properties: + ContinuationToken: + allOf: + - $ref: '#/components/schemas/Token' + - description: The marker that is used as a starting point for this metrics + configuration list response. This value is present if it was sent in + the request. + IsTruncated: + allOf: + - $ref: '#/components/schemas/IsTruncated' + - description: Indicates whether the returned list of metrics configurations + is complete. A value of true indicates that the list is not complete + and the NextContinuationToken will be provided for a subsequent request. + MetricsConfiguration: + allOf: + - $ref: '#/components/schemas/MetricsConfigurationList' + - description: The list of metrics configurations for a bucket. + NextContinuationToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: The marker used to continue a metrics configuration listing + that has been truncated. Use the NextContinuationToken + from a previously truncated list response to continue the listing. The + continuation token is an opaque value that Amazon S3 understands. + type: object + ListBucketMetricsConfigurationsRequest: + properties: {} + required: + - Bucket + title: ListBucketMetricsConfigurationsRequest + type: object + ListBucketsOutput: + example: + Buckets: + - CreationDate: '2012-02-15T21: 03: 02.000Z' + Name: examplebucket + - CreationDate: '2011-07-24T19: 33: 50.000Z' + Name: examplebucket2 + - CreationDate: '2010-12-17T00: 56: 49.000Z' + Name: examplebucket3 + Owner: + DisplayName: own-display-name + ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31 + properties: + Buckets: + allOf: + - $ref: '#/components/schemas/Buckets' + - description: The list of buckets owned by the requester. + Owner: + allOf: + - $ref: '#/components/schemas/Owner' + - description: The owner of the buckets listed. + type: object + ListMultipartUploadsOutput: + example: + Uploads: + - Initiated: '2014-05-01T05:40:58.000Z' + Initiator: + DisplayName: display-name + ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + Key: JavaFile + Owner: + DisplayName: display-name + ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + StorageClass: STANDARD + UploadId: examplelUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q-- + - Initiated: '2014-05-01T05:41:27.000Z' + Initiator: + DisplayName: display-name + ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + Key: JavaFile + Owner: + DisplayName: display-name + ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + StorageClass: STANDARD + UploadId: examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw-- + properties: + Bucket: + allOf: + - $ref: '#/components/schemas/BucketName' + - description: The name of the bucket to which the multipart upload was + initiated. Does not return the access point ARN or access point alias + if used. + CommonPrefixes: + allOf: + - $ref: '#/components/schemas/CommonPrefixList' + - description: If you specify a delimiter in the request, then the result + returns each distinct key prefix containing the delimiter in a CommonPrefixes + element. The distinct key prefixes are returned in the Prefix + child element. + Delimiter: + allOf: + - $ref: '#/components/schemas/Delimiter' + - description: Contains the delimiter you specified in the request. If you + don't specify a delimiter in your request, this element is absent from + the response. + EncodingType: + allOf: + - $ref: '#/components/schemas/EncodingType' + - description:

Encoding type used by Amazon S3 to encode object keys + in the response.

If you specify encoding-type request + parameter, Amazon S3 includes this element in the response, and returns + encoded key name values in the following response elements:

+ Delimiter, KeyMarker, Prefix, + NextKeyMarker, Key.

+ IsTruncated: + allOf: + - $ref: '#/components/schemas/IsTruncated' + - description: Indicates whether the returned list of multipart uploads + is truncated. A value of true indicates that the list was truncated. + The list can be truncated if the number of multipart uploads exceeds + the limit allowed or specified by max uploads. + KeyMarker: + allOf: + - $ref: '#/components/schemas/KeyMarker' + - description: The key at or after which the listing began. + MaxUploads: + allOf: + - $ref: '#/components/schemas/MaxUploads' + - description: Maximum number of multipart uploads that could have been + included in the response. + NextKeyMarker: + allOf: + - $ref: '#/components/schemas/NextKeyMarker' + - description: When a list is truncated, this element specifies the value + that should be used for the key-marker request parameter in a subsequent + request. + NextUploadIdMarker: + allOf: + - $ref: '#/components/schemas/NextUploadIdMarker' + - description: When a list is truncated, this element specifies the value + that should be used for the upload-id-marker request parameter + in a subsequent request. + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description: When a prefix is provided in the request, this field contains + the specified prefix. The result contains only keys starting with the + specified prefix. + Upload: + allOf: + - $ref: '#/components/schemas/MultipartUploadList' + - description: Container for elements related to a particular multipart + upload. A response can contain zero or more Upload elements. + UploadIdMarker: + allOf: + - $ref: '#/components/schemas/UploadIdMarker' + - description: Upload ID after which listing began. + type: object + ListMultipartUploadsRequest: + properties: {} + required: + - Bucket + title: ListMultipartUploadsRequest + type: object + ListObjectVersionsOutput: + example: + Versions: + - ETag: '"6805f2cfc46c0f04559748bb039d69ae"' + IsLatest: true + Key: HappyFace.jpg + LastModified: '2016-12-15T01:19:41.000Z' + Owner: + DisplayName: owner-display-name + ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + Size: 3191 + StorageClass: STANDARD + VersionId: 'null' + - ETag: '"6805f2cfc46c0f04559748bb039d69ae"' + IsLatest: false + Key: HappyFace.jpg + LastModified: '2016-12-13T00:58:26.000Z' + Owner: + DisplayName: owner-display-name + ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + Size: 3191 + StorageClass: STANDARD + VersionId: PHtexPGjH2y.zBgT8LmB7wwLI2mpbz.k + properties: + CommonPrefixes: + allOf: + - $ref: '#/components/schemas/CommonPrefixList' + - description: All of the keys rolled up into a common prefix count as a + single return when calculating the number of returns. + DeleteMarker: + allOf: + - $ref: '#/components/schemas/DeleteMarkers' + - description: Container for an object that is a delete marker. + Delimiter: + allOf: + - $ref: '#/components/schemas/Delimiter' + - description: The delimiter grouping the included keys. A delimiter is + a character that you specify to group keys. All keys that contain the + same string between the prefix and the first occurrence of the delimiter + are grouped under a single result element in CommonPrefixes. + These groups are counted as one result against the max-keys limitation. + These keys are not returned elsewhere in the response. + EncodingType: + allOf: + - $ref: '#/components/schemas/EncodingType' + - description:

Encoding type used by Amazon S3 to encode object key + names in the XML response.

If you specify encoding-type request + parameter, Amazon S3 includes this element in the response, and returns + encoded key name values in the following response elements:

+ KeyMarker, NextKeyMarker, Prefix, Key, and Delimiter.

+ IsTruncated: + allOf: + - $ref: '#/components/schemas/IsTruncated' + - description: A flag that indicates whether Amazon S3 returned all of the + results that satisfied the search criteria. If your results were truncated, + you can make a follow-up paginated request using the NextKeyMarker and + NextVersionIdMarker response parameters as a starting place in another + request to return the rest of the results. + KeyMarker: + allOf: + - $ref: '#/components/schemas/KeyMarker' + - description: Marks the last key returned in a truncated response. + MaxKeys: + allOf: + - $ref: '#/components/schemas/MaxKeys' + - description: Specifies the maximum number of objects to return. + Name: + allOf: + - $ref: '#/components/schemas/BucketName' + - description: The bucket name. + NextKeyMarker: + allOf: + - $ref: '#/components/schemas/NextKeyMarker' + - description: When the number of responses exceeds the value of MaxKeys, + NextKeyMarker specifies the first key not returned that + satisfies the search criteria. Use this value for the key-marker request + parameter in a subsequent request. + NextVersionIdMarker: + allOf: + - $ref: '#/components/schemas/NextVersionIdMarker' + - description: When the number of responses exceeds the value of MaxKeys, + NextVersionIdMarker specifies the first object version + not returned that satisfies the search criteria. Use this value for + the version-id-marker request parameter in a subsequent request. + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description: Selects objects that start with the value supplied by this + parameter. + Version: + allOf: + - $ref: '#/components/schemas/ObjectVersionList' + - description: Container for version information. + VersionIdMarker: + allOf: + - $ref: '#/components/schemas/VersionIdMarker' + - description: Marks the last version of the key returned in a truncated + response. + type: object + ListObjectVersionsRequest: + properties: {} + required: + - Bucket + title: ListObjectVersionsRequest + type: object + ListObjectsOutput: + example: + Contents: + - ETag: '"70ee1738b6b21e2c8a43f3a5ab0eee71"' + Key: example1.jpg + LastModified: '2014-11-21T19:40:05.000Z' + Owner: + DisplayName: myname + ID: 12345example25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + Size: 11 + StorageClass: STANDARD + - ETag: '"9c8af9a76df052144598c115ef33e511"' + Key: example2.jpg + LastModified: '2013-11-15T01:10:49.000Z' + Owner: + DisplayName: myname + ID: 12345example25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + Size: 713193 + StorageClass: STANDARD + NextMarker: eyJNYXJrZXIiOiBudWxsLCAiYm90b190cnVuY2F0ZV9hbW91bnQiOiAyfQ== + properties: + CommonPrefixes: + allOf: + - $ref: '#/components/schemas/CommonPrefixList' + - description:

All of the keys (up to 1,000) rolled up in a common prefix + count as a single return when calculating the number of returns.

+

A response can contain CommonPrefixes only if you specify a delimiter.

+

CommonPrefixes contains all (if there are any) keys between Prefix + and the next occurrence of the string specified by the delimiter.

+

CommonPrefixes lists keys that act like subdirectories in the directory + specified by Prefix.

For example, if the prefix is notes/ and + the delimiter is a slash (/) as in notes/summer/july, the common prefix + is notes/summer/. All of the keys that roll up into a common prefix + count as a single return when calculating the number of returns.

+ Contents: + allOf: + - $ref: '#/components/schemas/ObjectList' + - description: Metadata about each object returned. + Delimiter: + allOf: + - $ref: '#/components/schemas/Delimiter' + - description: Causes keys that contain the same string between the prefix + and the first occurrence of the delimiter to be rolled up into a single + result element in the CommonPrefixes collection. These + rolled-up keys are not returned elsewhere in the response. Each rolled-up + result counts as only one return against the MaxKeys value. + EncodingType: + allOf: + - $ref: '#/components/schemas/EncodingType' + - description: Encoding type used by Amazon S3 to encode object keys in + the response. + IsTruncated: + allOf: + - $ref: '#/components/schemas/IsTruncated' + - description: A flag that indicates whether Amazon S3 returned all of the + results that satisfied the search criteria. + Marker: + allOf: + - $ref: '#/components/schemas/Marker' + - description: Indicates where in the bucket listing begins. Marker is included + in the response if it was sent with the request. + MaxKeys: + allOf: + - $ref: '#/components/schemas/MaxKeys' + - description: The maximum number of keys returned in the response body. + Name: + allOf: + - $ref: '#/components/schemas/BucketName' + - description: The bucket name. + NextMarker: + allOf: + - $ref: '#/components/schemas/NextMarker' + - description: 'When response is truncated (the IsTruncated element value + in the response is true), you can use the key name in this field as + marker in the subsequent request to get next set of objects. Amazon + S3 lists objects in alphabetical order Note: This element is returned + only if you have delimiter request parameter specified. If response + does not include the NextMarker and it is truncated, you can use the + value of the last Key in the response as the marker in the subsequent + request to get the next set of object keys.' + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description: Keys that begin with the indicated prefix. + type: object + ListObjectsRequest: + properties: {} + required: + - Bucket + title: ListObjectsRequest + type: object + ListObjectsV2Output: + example: + Contents: + - ETag: '"70ee1738b6b21e2c8a43f3a5ab0eee71"' + Key: happyface.jpg + LastModified: '2014-11-21T19:40:05.000Z' + Size: 11 + StorageClass: STANDARD + - ETag: '"becf17f89c30367a9a44495d62ed521a-1"' + Key: test.jpg + LastModified: '2014-05-02T04:51:50.000Z' + Size: 4192256 + StorageClass: STANDARD + IsTruncated: true + KeyCount: '2' + MaxKeys: '2' + Name: examplebucket + NextContinuationToken: 1w41l63U0xa8q7smH50vCxyTQqdxo69O3EmK28Bi5PcROI4wI/EyIJg== + Prefix: '' + properties: + CommonPrefixes: + allOf: + - $ref: '#/components/schemas/CommonPrefixList' + - description:

All of the keys (up to 1,000) rolled up into a common + prefix count as a single return when calculating the number of returns.

+

A response can contain CommonPrefixes only if you specify + a delimiter.

CommonPrefixes contains all (if there + are any) keys between Prefix and the next occurrence of + the string specified by a delimiter.

CommonPrefixes + lists keys that act like subdirectories in the directory specified by + Prefix.

For example, if the prefix is notes/ + and the delimiter is a slash (/) as in notes/summer/july, + the common prefix is notes/summer/. All of the keys that + roll up into a common prefix count as a single return when calculating + the number of returns.

+ Contents: + allOf: + - $ref: '#/components/schemas/ObjectList' + - description: Metadata about each object returned. + ContinuationToken: + allOf: + - $ref: '#/components/schemas/Token' + - description: ' If ContinuationToken was sent with the request, it is included + in the response.' + Delimiter: + allOf: + - $ref: '#/components/schemas/Delimiter' + - description: Causes keys that contain the same string between the prefix + and the first occurrence of the delimiter to be rolled up into a single + result element in the CommonPrefixes collection. These rolled-up keys + are not returned elsewhere in the response. Each rolled-up result counts + as only one return against the MaxKeys value. + EncodingType: + allOf: + - $ref: '#/components/schemas/EncodingType' + - description:

Encoding type used by Amazon S3 to encode object key names + in the XML response.

If you specify the encoding-type request + parameter, Amazon S3 includes this element in the response, and returns + encoded key name values in the following response elements:

+ Delimiter, Prefix, Key, and StartAfter.

+ IsTruncated: + allOf: + - $ref: '#/components/schemas/IsTruncated' + - description: Set to false if all of the results were returned. Set to + true if more keys are available to return. If the number of results + exceeds that specified by MaxKeys, all of the results might not be returned. + KeyCount: + allOf: + - $ref: '#/components/schemas/KeyCount' + - description: 'KeyCount is the number of keys returned with this request. + KeyCount will always be less than or equals to MaxKeys field. Say you + ask for 50 keys, your result will include less than equals 50 keys ' + MaxKeys: + allOf: + - $ref: '#/components/schemas/MaxKeys' + - description: Sets the maximum number of keys returned in the response. + By default the action returns up to 1,000 key names. The response might + contain fewer keys but will never contain more. + Name: + allOf: + - $ref: '#/components/schemas/BucketName' + - description:

The bucket name.

When using this action with an + access point, you must direct requests to the access point hostname. + The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + When using this action with an access point through the Amazon Web Services + SDKs, you provide the access point ARN in place of the bucket name. + For more information about access point ARNs, see Using + access points in the Amazon S3 User Guide.

When using + this action with Amazon S3 on Outposts, you must direct requests to + the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + When using this action with S3 on Outposts through the Amazon Web Services + SDKs, you provide the Outposts bucket ARN in place of the bucket name. + For more information about S3 on Outposts ARNs, see Using + Amazon S3 on Outposts in the Amazon S3 User Guide.

+ NextContinuationToken: + allOf: + - $ref: '#/components/schemas/NextToken' + - description: ' NextContinuationToken is sent when isTruncated + is true, which means there are more keys in the bucket that can be listed. + The next list requests to Amazon S3 can be continued with this NextContinuationToken. + NextContinuationToken is obfuscated and is not a real key' + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description: ' Keys that begin with the indicated prefix.' + StartAfter: + allOf: + - $ref: '#/components/schemas/StartAfter' + - description: If StartAfter was sent with the request, it is included in + the response. + type: object + ListObjectsV2Request: + properties: {} + required: + - Bucket + title: ListObjectsV2Request + type: object + ListPartsOutput: + example: + Initiator: + DisplayName: owner-display-name + ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + Owner: + DisplayName: owner-display-name + ID: examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc + Parts: + - ETag: '"d8c2eafd90c266e19ab9dcacc479f8af"' + LastModified: '2016-12-16T00:11:42.000Z' + PartNumber: '1' + Size: 26246026 + - ETag: '"d8c2eafd90c266e19ab9dcacc479f8af"' + LastModified: '2016-12-16T00:15:01.000Z' + PartNumber: '2' + Size: 26246026 + StorageClass: STANDARD + properties: + Bucket: + allOf: + - $ref: '#/components/schemas/BucketName' + - description: The name of the bucket to which the multipart upload was + initiated. Does not return the access point ARN or access point alias + if used. + ChecksumAlgorithm: + allOf: + - $ref: '#/components/schemas/ChecksumAlgorithm' + - description: The algorithm that was used to create a checksum of the object. + Initiator: + allOf: + - $ref: '#/components/schemas/Initiator' + - description: Container element that identifies who initiated the multipart + upload. If the initiator is an Amazon Web Services account, this element + provides the same information as the Owner element. If + the initiator is an IAM User, this element provides the user ARN and + display name. + IsTruncated: + allOf: + - $ref: '#/components/schemas/IsTruncated' + - description: ' Indicates whether the returned list of parts is truncated. + A true value indicates that the list was truncated. A list can be truncated + if the number of parts exceeds the limit returned in the MaxParts element.' + Key: + allOf: + - $ref: '#/components/schemas/ObjectKey' + - description: Object key for which the multipart upload was initiated. + MaxParts: + allOf: + - $ref: '#/components/schemas/MaxParts' + - description: Maximum number of parts that were allowed in the response. + NextPartNumberMarker: + allOf: + - $ref: '#/components/schemas/NextPartNumberMarker' + - description: When a list is truncated, this element specifies the last + part in the list, as well as the value to use for the part-number-marker + request parameter in a subsequent request. + Owner: + allOf: + - $ref: '#/components/schemas/Owner' + - description: ' Container element that identifies the object owner, after + the object is created. If multipart upload is initiated by an IAM user, + this element provides the parent account ID and display name.' + Part: + allOf: + - $ref: '#/components/schemas/Parts' + - description: ' Container for elements related to a particular part. A + response can contain zero or more Part elements.' + PartNumberMarker: + allOf: + - $ref: '#/components/schemas/PartNumberMarker' + - description: When a list is truncated, this element specifies the last + part in the list, as well as the value to use for the part-number-marker + request parameter in a subsequent request. + StorageClass: + allOf: + - $ref: '#/components/schemas/StorageClass' + - description: Class of storage (STANDARD or REDUCED_REDUNDANCY) used to + store the uploaded object. + UploadId: + allOf: + - $ref: '#/components/schemas/MultipartUploadId' + - description: Upload ID identifying the multipart upload whose parts are + being listed. + type: object + ListPartsRequest: + properties: {} + required: + - Bucket + - Key + - UploadId + title: ListPartsRequest + type: object + Location: + type: string + LocationPrefix: + type: string + LoggingEnabled: + description: Describes where logs are stored and the prefix that Amazon S3 assigns + to all log object keys for a bucket. For more information, see PUT + Bucket logging in the Amazon S3 API Reference. + properties: + TargetBucket: + allOf: + - $ref: '#/components/schemas/TargetBucket' + - description: Specifies the bucket where you want Amazon S3 to store server + access logs. You can have your logs delivered to any bucket that you + own, including the same bucket that is being logged. You can also configure + multiple buckets to deliver their logs to the same target bucket. In + this case, you should choose a different TargetPrefix for + each source bucket so that the delivered log files can be distinguished + by key. + TargetGrants: + allOf: + - $ref: '#/components/schemas/TargetGrants' + - description:

Container for granting information.

Buckets that + use the bucket owner enforced setting for Object Ownership don't support + target grants. For more information, see Permissions + for server access log delivery in the Amazon S3 User Guide.

+ TargetPrefix: + allOf: + - $ref: '#/components/schemas/TargetPrefix' + - description: A prefix for all log object keys. If you store log files + from multiple Amazon S3 buckets in a single bucket, you can use a prefix + to distinguish which log files came from which bucket. + required: + - TargetBucket + - TargetPrefix + type: object + MFA: + type: string + MFADelete: + enum: + - Enabled + - Disabled + type: string + MFADeleteStatus: + enum: + - Enabled + - Disabled + type: string + Marker: + type: string + MaxAgeSeconds: + type: integer + MaxKeys: + type: integer + MaxParts: + type: integer + MaxUploads: + type: integer + Message: + type: string + Metadata: + additionalProperties: + $ref: '#/components/schemas/MetadataValue' + type: object + MetadataDirective: + enum: + - COPY + - REPLACE + type: string + MetadataEntry: + description: A metadata key-value pair to store with an object. + properties: + Name: + allOf: + - $ref: '#/components/schemas/MetadataKey' + - description: Name of the Object. + Value: + allOf: + - $ref: '#/components/schemas/MetadataValue' + - description: Value of the Object. + type: object + MetadataKey: + type: string + MetadataValue: + type: string + Metrics: + description: ' A container specifying replication metrics-related settings enabling + replication metrics and events.' + properties: + EventThreshold: + allOf: + - $ref: '#/components/schemas/ReplicationTimeValue' + - description: ' A container specifying the time threshold for emitting + the s3:Replication:OperationMissedThreshold event. ' + Status: + allOf: + - $ref: '#/components/schemas/MetricsStatus' + - description: ' Specifies whether the replication metrics are enabled. ' + required: + - Status + type: object + MetricsAndOperator: + description: A conjunction (logical AND) of predicates, which is used in evaluating + a metrics filter. The operator must have at least two predicates, and an object + must match all of the predicates in order for the filter to apply. + properties: + AccessPointArn: + allOf: + - $ref: '#/components/schemas/AccessPointArn' + - description: The access point ARN used when evaluating an AND + predicate. + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description: The prefix used when evaluating an AND predicate. + Tag: + allOf: + - $ref: '#/components/schemas/TagSet' + - description: The list of tags used when evaluating an AND predicate. + type: object + xml: + wrapped: false + MetricsConfiguration: + description: Specifies a metrics configuration for the CloudWatch request metrics + (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're + updating an existing metrics configuration, note that this is a full replacement + of the existing metrics configuration. If you don't include the elements you + want to keep, they are erased. For more information, see PutBucketMetricsConfiguration. + properties: + Filter: + allOf: + - $ref: '#/components/schemas/MetricsFilter' + - description: Specifies a metrics configuration filter. The metrics configuration + will only include objects that meet the filter's criteria. A filter + must be a prefix, an object tag, an access point ARN, or a conjunction + (MetricsAndOperator). + Id: + allOf: + - $ref: '#/components/schemas/MetricsId' + - description: The ID used to identify the metrics configuration. + required: + - Id + type: object + MetricsConfigurationList: + items: + $ref: '#/components/schemas/MetricsConfiguration' + type: array + xml: + wrapped: false + MetricsFilter: + description: Specifies a metrics configuration filter. The metrics configuration + only includes objects that meet the filter's criteria. A filter must be a + prefix, an object tag, an access point ARN, or a conjunction (MetricsAndOperator). + For more information, see PutBucketMetricsConfiguration. + properties: + AccessPointArn: + allOf: + - $ref: '#/components/schemas/AccessPointArn' + - description: The access point ARN used when evaluating a metrics filter. + And: + allOf: + - $ref: '#/components/schemas/MetricsAndOperator' + - description: A conjunction (logical AND) of predicates, which is used + in evaluating a metrics filter. The operator must have at least two + predicates, and an object must match all of the predicates in order + for the filter to apply. + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description: The prefix used when evaluating a metrics filter. + Tag: + allOf: + - $ref: '#/components/schemas/Tag' + - description: The tag used when evaluating a metrics filter. + type: object + MetricsId: + type: string + MetricsStatus: + enum: + - Enabled + - Disabled + type: string + Minutes: + type: integer + MissingMeta: + type: integer + MultipartUpload: + description: Container for the MultipartUpload for the Amazon S3 + object. + properties: + ChecksumAlgorithm: + allOf: + - $ref: '#/components/schemas/ChecksumAlgorithm' + - description: The algorithm that was used to create a checksum of the object. + Initiated: + allOf: + - $ref: '#/components/schemas/Initiated' + - description: Date and time at which the multipart upload was initiated. + Initiator: + allOf: + - $ref: '#/components/schemas/Initiator' + - description: Identifies who initiated the multipart upload. + Key: + allOf: + - $ref: '#/components/schemas/ObjectKey' + - description: Key of the object for which the multipart upload was initiated. + Owner: + allOf: + - $ref: '#/components/schemas/Owner' + - description: 'Specifies the owner of the object that is part of the multipart + upload. ' + StorageClass: + allOf: + - $ref: '#/components/schemas/StorageClass' + - description: The class of storage used to store the object. + UploadId: + allOf: + - $ref: '#/components/schemas/MultipartUploadId' + - description: Upload ID that identifies the multipart upload. + type: object + MultipartUploadId: + type: string + MultipartUploadList: + items: + $ref: '#/components/schemas/MultipartUpload' + type: array + xml: + wrapped: false + NextKeyMarker: + type: string + NextMarker: + type: string + NextPartNumberMarker: + type: integer + NextToken: + type: string + NextUploadIdMarker: + type: string + NextVersionIdMarker: + type: string + NoSuchBucket: {} + NoSuchKey: {} + NoSuchUpload: {} + NoncurrentVersionExpiration: + description: Specifies when noncurrent object versions expire. Upon expiration, + Amazon S3 permanently deletes the noncurrent object versions. You set this + lifecycle configuration action on a bucket that has versioning enabled (or + suspended) to request that Amazon S3 delete noncurrent object versions at + a specific period in the object's lifetime. + properties: + NewerNoncurrentVersions: + allOf: + - $ref: '#/components/schemas/VersionCount' + - description: Specifies how many noncurrent versions Amazon S3 will retain. + If there are this many more recent noncurrent versions, Amazon S3 will + take the associated action. For more information about noncurrent versions, + see Lifecycle + configuration elements in the Amazon S3 User Guide. + NoncurrentDays: + allOf: + - $ref: '#/components/schemas/Days' + - description: Specifies the number of days an object is noncurrent before + Amazon S3 can perform the associated action. The value must be a non-zero + positive integer. For information about the noncurrent days calculations, + see How + Amazon S3 Calculates When an Object Became Noncurrent in the Amazon + S3 User Guide. + type: object + NoncurrentVersionTransition: + description: Container for the transition rule that describes when noncurrent + objects transition to the STANDARD_IA, ONEZONE_IA, + INTELLIGENT_TIERING, GLACIER_IR, GLACIER, + or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled + (or versioning is suspended), you can set this action to request that Amazon + S3 transition noncurrent object versions to the STANDARD_IA, + ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR, + GLACIER, or DEEP_ARCHIVE storage class at a specific + period in the object's lifetime. + properties: + NewerNoncurrentVersions: + allOf: + - $ref: '#/components/schemas/VersionCount' + - description: Specifies how many noncurrent versions Amazon S3 will retain. + If there are this many more recent noncurrent versions, Amazon S3 will + take the associated action. For more information about noncurrent versions, + see Lifecycle + configuration elements in the Amazon S3 User Guide. + NoncurrentDays: + allOf: + - $ref: '#/components/schemas/Days' + - description: Specifies the number of days an object is noncurrent before + Amazon S3 can perform the associated action. For information about the + noncurrent days calculations, see How + Amazon S3 Calculates How Long an Object Has Been Noncurrent in the + Amazon S3 User Guide. + StorageClass: + allOf: + - $ref: '#/components/schemas/TransitionStorageClass' + - description: The class of storage used to store the object. + type: object + NoncurrentVersionTransitionList: + items: + $ref: '#/components/schemas/NoncurrentVersionTransition' + type: array + xml: + wrapped: false + NotificationConfiguration: + description: A container for specifying the notification configuration of the + bucket. If this element is empty, notifications are turned off for the bucket. + properties: + CloudFunctionConfiguration: + allOf: + - $ref: '#/components/schemas/LambdaFunctionConfigurationList' + - description: Describes the Lambda functions to invoke and the events for + which to invoke them. + EventBridgeConfiguration: + allOf: + - $ref: '#/components/schemas/EventBridgeConfiguration' + - description: Enables delivery of events to Amazon EventBridge. + QueueConfiguration: + allOf: + - $ref: '#/components/schemas/QueueConfigurationList' + - description: The Amazon Simple Queue Service queues to publish messages + to and the events for which to publish messages. + TopicConfiguration: + allOf: + - $ref: '#/components/schemas/TopicConfigurationList' + - description: The topic to which notifications are sent and the events + for which notifications are generated. + type: object + NotificationConfigurationDeprecated: + example: + QueueConfiguration: + Event: s3:ObjectCreated:Put + Events: + - s3:ObjectCreated:Put + Id: MDQ2OGQ4NDEtOTBmNi00YTM4LTk0NzYtZDIwN2I3NWQ1NjIx + Queue: arn:aws:sqs:us-east-1:acct-id:S3ObjectCreatedEventQueue + TopicConfiguration: + Event: s3:ObjectCreated:Copy + Events: + - s3:ObjectCreated:Copy + Id: YTVkMWEzZGUtNTY1NS00ZmE2LWJjYjktMmRlY2QwODFkNTJi + Topic: arn:aws:sns:us-east-1:acct-id:S3ObjectCreatedEventTopic + properties: + CloudFunctionConfiguration: + allOf: + - $ref: '#/components/schemas/CloudFunctionConfiguration' + - description: Container for specifying the Lambda notification configuration. + QueueConfiguration: + allOf: + - $ref: '#/components/schemas/QueueConfigurationDeprecated' + - description: 'This data type is deprecated. This data type specifies the + configuration for publishing messages to an Amazon Simple Queue Service + (Amazon SQS) queue when Amazon S3 detects specified events. ' + TopicConfiguration: + allOf: + - $ref: '#/components/schemas/TopicConfigurationDeprecated' + - description: 'This data type is deprecated. A container for specifying + the configuration for publication of messages to an Amazon Simple Notification + Service (Amazon SNS) topic when Amazon S3 detects specified events. ' + type: object + NotificationConfigurationFilter: + description: Specifies object key name filtering rules. For information about + key name filtering, see Configuring + Event Notifications in the Amazon S3 User Guide. + properties: + S3Key: + $ref: '#/components/schemas/S3KeyFilter' + type: object + NotificationId: + description: An optional unique identifier for configurations in a notification + configuration. If you don't provide one, Amazon S3 will assign an ID. + type: string + Object: + description: An object consists of data and its descriptive metadata. + properties: + ChecksumAlgorithm: + allOf: + - $ref: '#/components/schemas/ChecksumAlgorithmList' + - description: The algorithm that was used to create a checksum of the object. + ETag: + allOf: + - $ref: '#/components/schemas/ETag' + - description:

The entity tag is a hash of the object. The ETag reflects + changes only to the contents of an object, not its metadata. The ETag + may or may not be an MD5 digest of the object data. Whether or not it + is depends on how the object was created and how it is encrypted as + described below:

  • Objects created by the PUT Object, + POST Object, or Copy operation, or through the Amazon Web Services Management + Console, and are encrypted by SSE-S3 or plaintext, have ETags that are + an MD5 digest of their object data.

  • Objects created + by the PUT Object, POST Object, or Copy operation, or through the Amazon + Web Services Management Console, and are encrypted by SSE-C or SSE-KMS, + have ETags that are not an MD5 digest of their object data.

    • +

  • If an object is created by either the Multipart Upload or Part + Copy operation, the ETag is not an MD5 digest, regardless of the method + of encryption. If an object is larger than 16 MB, the Amazon Web Services + Management Console will upload or copy that object as a Multipart Upload, + and therefore the ETag will not be an MD5 digest.

+ Key: + allOf: + - $ref: '#/components/schemas/ObjectKey' + - description: The name that you assign to an object. You use the object + key to retrieve the object. + LastModified: + allOf: + - $ref: '#/components/schemas/LastModified' + - description: Creation date of the object. + Owner: + allOf: + - $ref: '#/components/schemas/Owner' + - description: The owner of the object + Size: + allOf: + - $ref: '#/components/schemas/Size' + - description: Size in bytes of the object + StorageClass: + allOf: + - $ref: '#/components/schemas/ObjectStorageClass' + - description: The class of storage used to store the object. + type: object + ObjectAlreadyInActiveTierError: {} + ObjectAttributes: + enum: + - ETag + - Checksum + - ObjectParts + - StorageClass + - ObjectSize + type: string + ObjectAttributesList: + items: + $ref: '#/components/schemas/ObjectAttributes' + type: array + ObjectCannedACL: + enum: + - private + - public-read + - public-read-write + - authenticated-read + - aws-exec-read + - bucket-owner-read + - bucket-owner-full-control + type: string + ObjectIdentifier: + description: Object Identifier is unique value to identify objects. + properties: + Key: + allOf: + - $ref: '#/components/schemas/ObjectKey' + - description:

Key name of the object.

Replacement + must be made for object keys containing special characters (such as + carriage returns) when using XML requests. For more information, see + + XML related object key constraints.

 + VersionId: + allOf: + - $ref: '#/components/schemas/ObjectVersionId' + - description: VersionId for the specific version of the object to delete. + required: + - Key + type: object + ObjectIdentifierList: + items: + $ref: '#/components/schemas/ObjectIdentifier' + type: array + xml: + wrapped: false + ObjectKey: + minLength: 1 + type: string + ObjectList: + items: + $ref: '#/components/schemas/Object' + type: array + xml: + wrapped: false + ObjectLockConfiguration: + description: The container element for Object Lock configuration parameters. + properties: + ObjectLockEnabled: + allOf: + - $ref: '#/components/schemas/ObjectLockEnabled' + - description: 'Indicates whether this bucket has an Object Lock configuration + enabled. Enable ObjectLockEnabled when you apply ObjectLockConfiguration + to a bucket. ' + Rule: + allOf: + - $ref: '#/components/schemas/ObjectLockRule' + - description: Specifies the Object Lock rule for the specified object. + Enable the this rule when you apply ObjectLockConfiguration + to a bucket. Bucket settings require both a mode and a period. The period + can be either Days or Years but you must select + one. You cannot specify Days and Years at + the same time. + type: object + ObjectLockEnabled: + enum: + - Enabled + type: string + ObjectLockEnabledForBucket: + type: boolean + ObjectLockLegalHold: + description: A legal hold configuration for an object. + properties: + Status: + allOf: + - $ref: '#/components/schemas/ObjectLockLegalHoldStatus' + - description: Indicates whether the specified object has a legal hold in + place. + type: object + ObjectLockLegalHoldStatus: + enum: + - 'ON' + - 'OFF' + type: string + ObjectLockMode: + enum: + - GOVERNANCE + - COMPLIANCE + type: string + ObjectLockRetainUntilDate: + format: date-time + type: string + ObjectLockRetention: + description: A Retention configuration for an object. + properties: + Mode: + allOf: + - $ref: '#/components/schemas/ObjectLockRetentionMode' + - description: Indicates the Retention mode for the specified object. + RetainUntilDate: + allOf: + - $ref: '#/components/schemas/Date' + - description: The date on which this Object Lock Retention will expire. + type: object + ObjectLockRetentionMode: + enum: + - GOVERNANCE + - COMPLIANCE + type: string + ObjectLockRule: + description: The container element for an Object Lock rule. + properties: + DefaultRetention: + allOf: + - $ref: '#/components/schemas/DefaultRetention' + - description: The default Object Lock retention mode and period that you + want to apply to new objects placed in the specified bucket. Bucket + settings require both a mode and a period. The period can be either + Days or Years but you must select one. You + cannot specify Days and Years at the same + time. + type: object + ObjectLockToken: + type: string + ObjectNotInActiveTierError: {} + ObjectOwnership: + description:

The container element for object ownership for a bucket's ownership + controls.

BucketOwnerPreferred - Objects uploaded to the bucket change + ownership to the bucket owner if the objects are uploaded with the bucket-owner-full-control + canned ACL.

ObjectWriter - The uploading account will own the object + if the object is uploaded with the bucket-owner-full-control + canned ACL.

BucketOwnerEnforced - Access control lists (ACLs) are disabled + and no longer affect permissions. The bucket owner automatically owns and + has full control over every object in the bucket. The bucket only accepts + PUT requests that don't specify an ACL or bucket owner full control ACLs, + such as the bucket-owner-full-control canned ACL or an equivalent + form of this ACL expressed in the XML format.

+ enum: + - BucketOwnerPreferred + - ObjectWriter + - BucketOwnerEnforced + type: string + ObjectPart: + description: A container for elements related to an individual part. + properties: + ChecksumCRC32: + allOf: + - $ref: '#/components/schemas/ChecksumCRC32' + - description: This header can be used as a data integrity check to verify + that the data received is the same data that was originally sent. This + header specifies the base64-encoded, 32-bit CRC32 checksum of the object. + For more information, see Checking + object integrity in the Amazon S3 User Guide. + ChecksumCRC32C: + allOf: + - $ref: '#/components/schemas/ChecksumCRC32C' + - description: The base64-encoded, 32-bit CRC32C checksum of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumSHA1: + allOf: + - $ref: '#/components/schemas/ChecksumSHA1' + - description: The base64-encoded, 160-bit SHA-1 digest of the object. This + will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumSHA256: + allOf: + - $ref: '#/components/schemas/ChecksumSHA256' + - description: The base64-encoded, 256-bit SHA-256 digest of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + PartNumber: + allOf: + - $ref: '#/components/schemas/PartNumber' + - description: The part number identifying the part. This value is a positive + integer between 1 and 10,000. + Size: + allOf: + - $ref: '#/components/schemas/Size' + - description: The size of the uploaded part in bytes. + type: object + ObjectSize: + type: integer + ObjectSizeGreaterThanBytes: + type: integer + ObjectSizeLessThanBytes: + type: integer + ObjectStorageClass: + enum: + - STANDARD + - REDUCED_REDUNDANCY + - GLACIER + - STANDARD_IA + - ONEZONE_IA + - INTELLIGENT_TIERING + - DEEP_ARCHIVE + - OUTPOSTS + - GLACIER_IR + type: string + ObjectVersion: + description: The version of an object. + properties: + ChecksumAlgorithm: + allOf: + - $ref: '#/components/schemas/ChecksumAlgorithmList' + - description: The algorithm that was used to create a checksum of the object. + ETag: + allOf: + - $ref: '#/components/schemas/ETag' + - description: The entity tag is an MD5 hash of that version of the object. + IsLatest: + allOf: + - $ref: '#/components/schemas/IsLatest' + - description: Specifies whether the object is (true) or is not (false) + the latest version of an object. + Key: + allOf: + - $ref: '#/components/schemas/ObjectKey' + - description: The object key. + LastModified: + allOf: + - $ref: '#/components/schemas/LastModified' + - description: Date and time the object was last modified. + Owner: + allOf: + - $ref: '#/components/schemas/Owner' + - description: Specifies the owner of the object. + Size: + allOf: + - $ref: '#/components/schemas/Size' + - description: Size in bytes of the object. + StorageClass: + allOf: + - $ref: '#/components/schemas/ObjectVersionStorageClass' + - description: The class of storage used to store the object. + VersionId: + allOf: + - $ref: '#/components/schemas/ObjectVersionId' + - description: Version ID of an object. + type: object + ObjectVersionId: + type: string + ObjectVersionList: + items: + $ref: '#/components/schemas/ObjectVersion' + type: array + xml: + wrapped: false + ObjectVersionStorageClass: + enum: + - STANDARD + type: string + OutputLocation: + description: Describes the location where the restore job's output is stored. + properties: + S3: + allOf: + - $ref: '#/components/schemas/S3Location' + - description: Describes an S3 location that will receive the results of + the restore request. + type: object + OutputSerialization: + description: Describes how results of the Select job are serialized. + properties: + CSV: + allOf: + - $ref: '#/components/schemas/CSVOutput' + - description: Describes the serialization of CSV-encoded Select results. + JSON: + allOf: + - $ref: '#/components/schemas/JSONOutput' + - description: Specifies JSON as request's output serialization format. + type: object + Owner: + description: Container for the owner's display name and ID. + properties: + DisplayName: + allOf: + - $ref: '#/components/schemas/DisplayName' + - description: Container for the display name of the owner. + ID: + allOf: + - $ref: '#/components/schemas/ID' + - description: Container for the ID of the owner. + type: object + OwnerOverride: + enum: + - Destination + type: string + OwnershipControls: + description: The container element for a bucket's ownership controls. + properties: + Rule: + allOf: + - $ref: '#/components/schemas/OwnershipControlsRules' + - description: The container element for an ownership control rule. + required: + - Rules + type: object + OwnershipControlsRule: + description: The container element for an ownership control rule. + properties: + ObjectOwnership: + $ref: '#/components/schemas/ObjectOwnership' + required: + - ObjectOwnership + type: object + OwnershipControlsRules: + items: + $ref: '#/components/schemas/OwnershipControlsRule' + type: array + xml: + wrapped: false + ParquetInput: + description: Container for Parquet. + properties: {} + type: object + Part: + description: Container for elements related to a part. + properties: + ChecksumCRC32: + allOf: + - $ref: '#/components/schemas/ChecksumCRC32' + - description: This header can be used as a data integrity check to verify + that the data received is the same data that was originally sent. This + header specifies the base64-encoded, 32-bit CRC32 checksum of the object. + For more information, see Checking + object integrity in the Amazon S3 User Guide. + ChecksumCRC32C: + allOf: + - $ref: '#/components/schemas/ChecksumCRC32C' + - description: The base64-encoded, 32-bit CRC32C checksum of the object. + This will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumSHA1: + allOf: + - $ref: '#/components/schemas/ChecksumSHA1' + - description: The base64-encoded, 160-bit SHA-1 digest of the object. This + will only be present if it was uploaded with the object. With multipart + uploads, this may not be a checksum value of the object. For more information + about how checksums are calculated with multipart uploads, see + Checking object integrity in the Amazon S3 User Guide. + ChecksumSHA256: + allOf: + - $ref: '#/components/schemas/ChecksumSHA256' + - description: This header can be used as a data integrity check to verify + that the data received is the same data that was originally sent. This + header specifies the base64-encoded, 256-bit SHA-256 digest of the object. + For more information, see Checking + object integrity in the Amazon S3 User Guide. + ETag: + allOf: + - $ref: '#/components/schemas/ETag' + - description: Entity tag returned when the part was uploaded. + LastModified: + allOf: + - $ref: '#/components/schemas/LastModified' + - description: Date and time at which the part was uploaded. + PartNumber: + allOf: + - $ref: '#/components/schemas/PartNumber' + - description: Part number identifying the part. This is a positive integer + between 1 and 10,000. + Size: + allOf: + - $ref: '#/components/schemas/Size' + - description: Size in bytes of the uploaded part data. + type: object + PartNumber: + type: integer + PartNumberMarker: + type: integer + Parts: + items: + $ref: '#/components/schemas/Part' + type: array + xml: + wrapped: false + PartsCount: + type: integer + PartsList: + items: + $ref: '#/components/schemas/ObjectPart' + type: array + xml: + wrapped: false + Payer: + enum: + - Requester + - BucketOwner + type: string + Permission: + enum: + - FULL_CONTROL + - WRITE + - WRITE_ACP + - READ + - READ_ACP + type: string + Policy: + type: string + PolicyStatus: + description: The container element for a bucket's policy status. + properties: {} + type: object + Prefix: + type: string + Priority: + type: integer + Progress: + description: This data type contains information about progress of an operation. + properties: + BytesProcessed: + allOf: + - $ref: '#/components/schemas/BytesProcessed' + - description: The current number of uncompressed object bytes processed. + BytesReturned: + allOf: + - $ref: '#/components/schemas/BytesReturned' + - description: The current number of bytes of records payload data returned. + BytesScanned: + allOf: + - $ref: '#/components/schemas/BytesScanned' + - description: The current number of object bytes scanned. + type: object + ProgressEvent: + description: This data type contains information about the progress event of + an operation. + properties: + Details: + allOf: + - $ref: '#/components/schemas/Progress' + - description: The Progress event details. + type: object + Protocol: + enum: + - http + - https + type: string + PublicAccessBlockConfiguration: + description: 'The PublicAccessBlock configuration that you want to apply to + this Amazon S3 bucket. You can enable the configuration options in any combination. + For more information about when Amazon S3 considers a bucket or object public, + see The + Meaning of "Public" in the Amazon S3 User Guide. ' + properties: {} + type: object + PutBucketAccelerateConfigurationRequest: + properties: {} + required: + - Bucket + - AccelerateConfiguration + title: PutBucketAccelerateConfigurationRequest + type: object + PutBucketAclRequest: + properties: {} + required: + - Bucket + title: PutBucketAclRequest + type: object + PutBucketAnalyticsConfigurationRequest: + properties: {} + required: + - Bucket + - Id + - AnalyticsConfiguration + title: PutBucketAnalyticsConfigurationRequest + type: object + PutBucketCorsRequest: + properties: {} + required: + - Bucket + - CORSConfiguration + title: PutBucketCorsRequest + type: object + PutBucketEncryptionRequest: + properties: {} + required: + - Bucket + - ServerSideEncryptionConfiguration + title: PutBucketEncryptionRequest + type: object + PutBucketIntelligentTieringConfigurationRequest: + properties: {} + required: + - Bucket + - Id + - IntelligentTieringConfiguration + title: PutBucketIntelligentTieringConfigurationRequest + type: object + PutBucketInventoryConfigurationRequest: + properties: {} + required: + - Bucket + - Id + - InventoryConfiguration + title: PutBucketInventoryConfigurationRequest + type: object + PutBucketLifecycleConfigurationRequest: + properties: {} + required: + - Bucket + title: PutBucketLifecycleConfigurationRequest + type: object + PutBucketLifecycleRequest: + properties: {} + required: + - Bucket + title: PutBucketLifecycleRequest + type: object + PutBucketLoggingRequest: + properties: {} + required: + - Bucket + - BucketLoggingStatus + title: PutBucketLoggingRequest + type: object + PutBucketMetricsConfigurationRequest: + properties: {} + required: + - Bucket + - Id + - MetricsConfiguration + title: PutBucketMetricsConfigurationRequest + type: object + PutBucketNotificationConfigurationRequest: + properties: {} + required: + - Bucket + - NotificationConfiguration + title: PutBucketNotificationConfigurationRequest + type: object + PutBucketNotificationRequest: + properties: {} + required: + - Bucket + - NotificationConfiguration + title: PutBucketNotificationRequest + type: object + PutBucketOwnershipControlsRequest: + properties: {} + required: + - Bucket + - OwnershipControls + title: PutBucketOwnershipControlsRequest + type: object + PutBucketPolicyRequest: + properties: + Policy: + allOf: + - $ref: '#/components/schemas/Policy' + - description: The bucket policy as a JSON document. + required: + - Bucket + - Policy + title: PutBucketPolicyRequest + type: object + PutBucketReplicationRequest: + properties: {} + required: + - Bucket + - ReplicationConfiguration + title: PutBucketReplicationRequest + type: object + PutBucketRequestPaymentRequest: + properties: {} + required: + - Bucket + - RequestPaymentConfiguration + title: PutBucketRequestPaymentRequest + type: object + PutBucketTaggingRequest: + properties: {} + required: + - Bucket + - Tagging + title: PutBucketTaggingRequest + type: object + PutBucketVersioningRequest: + properties: {} + required: + - Bucket + - VersioningConfiguration + title: PutBucketVersioningRequest + type: object + PutBucketWebsiteRequest: + properties: {} + required: + - Bucket + - WebsiteConfiguration + title: PutBucketWebsiteRequest + type: object + PutObjectAclOutput: + example: {} + properties: {} + type: object + PutObjectAclRequest: + properties: {} + required: + - Bucket + - Key + title: PutObjectAclRequest + type: object + PutObjectLegalHoldOutput: + properties: {} + type: object + PutObjectLegalHoldRequest: + properties: {} + required: + - Bucket + - Key + title: PutObjectLegalHoldRequest + type: object + PutObjectLockConfigurationOutput: + properties: {} + type: object + PutObjectLockConfigurationRequest: + properties: {} + required: + - Bucket + title: PutObjectLockConfigurationRequest + type: object + PutObjectOutput: + example: + ETag: '"6805f2cfc46c0f04559748bb039d69ae"' + VersionId: Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr + properties: {} + type: object + PutObjectRequest: + properties: + Body: + allOf: + - $ref: '#/components/schemas/Body' + - description: Object data. + x-amz-meta-: + allOf: + - $ref: '#/components/schemas/Metadata' + - description: A map of metadata to store with the object in S3. + required: + - Bucket + - Key + title: PutObjectRequest + type: object + PutObjectRetentionOutput: + properties: {} + type: object + PutObjectRetentionRequest: + properties: {} + required: + - Bucket + - Key + title: PutObjectRetentionRequest + type: object + PutObjectTaggingOutput: + example: + VersionId: 'null' + properties: {} + type: object + PutObjectTaggingRequest: + properties: {} + required: + - Bucket + - Key + - Tagging + title: PutObjectTaggingRequest + type: object + PutPublicAccessBlockRequest: + properties: {} + required: + - Bucket + - PublicAccessBlockConfiguration + title: PutPublicAccessBlockRequest + type: object + QueueArn: + type: string + QueueConfiguration: + description: Specifies the configuration for publishing messages to an Amazon + Simple Queue Service (Amazon SQS) queue when Amazon S3 detects specified events. + properties: + Event: + allOf: + - $ref: '#/components/schemas/EventList' + - description: A collection of bucket events for which to send notifications + Filter: + $ref: '#/components/schemas/NotificationConfigurationFilter' + Id: + $ref: '#/components/schemas/NotificationId' + Queue: + allOf: + - $ref: '#/components/schemas/QueueArn' + - description: The Amazon Resource Name (ARN) of the Amazon SQS queue to + which Amazon S3 publishes a message when it detects events of the specified + type. + required: + - QueueArn + - Events + type: object + QueueConfigurationDeprecated: + description: 'This data type is deprecated. Use QueueConfiguration + for the same purposes. This data type specifies the configuration for publishing + messages to an Amazon Simple Queue Service (Amazon SQS) queue when Amazon + S3 detects specified events. ' + properties: + Event: + allOf: + - $ref: '#/components/schemas/EventList' + - description: A collection of bucket events for which to send notifications. + Id: + $ref: '#/components/schemas/NotificationId' + Queue: + allOf: + - $ref: '#/components/schemas/QueueArn' + - description: 'The Amazon Resource Name (ARN) of the Amazon SQS queue to + which Amazon S3 publishes a message when it detects events of the specified + type. ' + type: object + QueueConfigurationList: + items: + $ref: '#/components/schemas/QueueConfiguration' + type: array + xml: + wrapped: false + Quiet: + type: boolean + QuoteCharacter: + type: string + QuoteEscapeCharacter: + type: string + QuoteFields: + enum: + - ALWAYS + - ASNEEDED + type: string + Range: + type: string + RecordDelimiter: + type: string + RecordsEvent: + description: The container for the records event. + properties: + Payload: + allOf: + - $ref: '#/components/schemas/Body' + - description: The byte array of partial, one or more result records. + type: object + Redirect: + description: Specifies how requests are redirected. In the event of an error, + you can specify a different error code to return. + properties: + HostName: + allOf: + - $ref: '#/components/schemas/HostName' + - description: The host name to use in the redirect request. + HttpRedirectCode: + allOf: + - $ref: '#/components/schemas/HttpRedirectCode' + - description: The HTTP redirect code to use on the response. Not required + if one of the siblings is present. + Protocol: + allOf: + - $ref: '#/components/schemas/Protocol' + - description: Protocol to use when redirecting requests. The default is + the protocol that is used in the original request. + ReplaceKeyPrefixWith: + allOf: + - $ref: '#/components/schemas/ReplaceKeyPrefixWith' + - description:

The object key prefix to use in the redirect request. + For example, to redirect requests for all pages with prefix docs/ + (objects in the docs/ folder) to documents/, + you can set a condition block with KeyPrefixEquals set + to docs/ and in the Redirect set ReplaceKeyPrefixWith + to /documents. Not required if one of the siblings is present. + Can be present only if ReplaceKeyWith is not provided.

+

Replacement must be made for object keys containing special + characters (such as carriage returns) when using XML requests. For more + information, see + XML related object key constraints.

 + ReplaceKeyWith: + allOf: + - $ref: '#/components/schemas/ReplaceKeyWith' + - description:

The specific object key to use in the redirect request. + For example, redirect request to error.html. Not required + if one of the siblings is present. Can be present only if ReplaceKeyPrefixWith + is not provided.

Replacement must be made for object + keys containing special characters (such as carriage returns) when using + XML requests. For more information, see + XML related object key constraints.

 + type: object + RedirectAllRequestsTo: + description: Specifies the redirect behavior of all requests to a website endpoint + of an Amazon S3 bucket. + properties: + HostName: + allOf: + - $ref: '#/components/schemas/HostName' + - description: Name of the host where requests are redirected. + Protocol: + allOf: + - $ref: '#/components/schemas/Protocol' + - description: Protocol to use when redirecting requests. The default is + the protocol that is used in the original request. + required: + - HostName + type: object + ReplaceKeyPrefixWith: + type: string + ReplaceKeyWith: + type: string + ReplicaKmsKeyID: + type: string + ReplicaModifications: + description:

A filter that you can specify for selection for modifications + on replicas. Amazon S3 doesn't replicate replica modifications by default. + In the latest version of replication configuration (when Filter + is specified), you can specify this element and set the status to Enabled + to replicate modifications on replicas.

If you don't specify + the Filter element, Amazon S3 assumes that the replication configuration + is the earlier version, V1. In the earlier version, this element is not allowed.

+ + properties: + Status: + allOf: + - $ref: '#/components/schemas/ReplicaModificationsStatus' + - description: Specifies whether Amazon S3 replicates modifications on replicas. + required: + - Status + type: object + ReplicaModificationsStatus: + enum: + - Enabled + - Disabled + type: string + ReplicationConfiguration: + description: A container for replication rules. You can add up to 1,000 rules. + The maximum size of a replication configuration is 2 MB. + properties: + Role: + allOf: + - $ref: '#/components/schemas/Role' + - description: The Amazon Resource Name (ARN) of the Identity and Access + Management (IAM) role that Amazon S3 assumes when replicating objects. + For more information, see How + to Set Up Replication in the Amazon S3 User Guide. + Rule: + allOf: + - $ref: '#/components/schemas/ReplicationRules' + - description: 'A container for one or more replication rules. A replication + configuration must have at least one rule and can contain a maximum + of 1,000 rules. ' + required: + - Role + - Rules + type: object + ReplicationRule: + description: Specifies which Amazon S3 objects to replicate and where to store + the replicas. + properties: + DeleteMarkerReplication: + $ref: '#/components/schemas/DeleteMarkerReplication' + Destination: + allOf: + - $ref: '#/components/schemas/Destination' + - description: A container for information about the replication destination + and its configurations including enabling the S3 Replication Time Control + (S3 RTC). + ExistingObjectReplication: + allOf: + - $ref: '#/components/schemas/ExistingObjectReplication' + - description:

+ Filter: + $ref: '#/components/schemas/ReplicationRuleFilter' + ID: + allOf: + - $ref: '#/components/schemas/ID' + - description: A unique identifier for the rule. The maximum value is 255 + characters. + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - deprecated: true + description:

An object key name prefix that identifies the object or + objects to which the rule applies. The maximum prefix length is 1,024 + characters. To include all objects in a bucket, specify an empty string. +

Replacement must be made for object keys containing + special characters (such as carriage returns) when using XML requests. + For more information, see + XML related object key constraints.

 + Priority: + allOf: + - $ref: '#/components/schemas/Priority' + - description:

The priority indicates which rule has precedence whenever + two or more replication rules conflict. Amazon S3 will attempt to replicate + objects according to all replication rules. However, if there are two + or more rules with the same destination bucket, then objects will be + replicated according to the rule with the highest priority. The higher + the number, the higher the priority.

For more information, see + Replication + in the Amazon S3 User Guide.

+ SourceSelectionCriteria: + allOf: + - $ref: '#/components/schemas/SourceSelectionCriteria' + - description: A container that describes additional filters for identifying + the source objects that you want to replicate. You can choose to enable + or disable the replication of these objects. Currently, Amazon S3 supports + only the filter that you can specify for objects created with server-side + encryption using a customer managed key stored in Amazon Web Services + Key Management Service (SSE-KMS). + Status: + allOf: + - $ref: '#/components/schemas/ReplicationRuleStatus' + - description: Specifies whether the rule is enabled. + required: + - Status + - Destination + type: object + ReplicationRuleAndOperator: + description:

A container for specifying rule filters. The filters determine + the subset of objects to which the rule applies. This element is required + only if you specify more than one filter.

For example:

  • +

    If you specify both a Prefix and a Tag filter, + wrap these filters in an And tag.

  • If you specify + a filter based on multiple tags, wrap the Tag elements in an + And tag.

+ properties: + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description: An object key name prefix that identifies the subset of objects + to which the rule applies. + Tag: + allOf: + - $ref: '#/components/schemas/TagSet' + - description: An array of tags containing key and value pairs. + type: object + xml: + wrapped: false + ReplicationRuleFilter: + description: A filter that identifies the subset of objects to which the replication + rule applies. A Filter must specify exactly one Prefix, + Tag, or an And child element. + properties: + And: + allOf: + - $ref: '#/components/schemas/ReplicationRuleAndOperator' + - description: '

A container for specifying rule filters. The filters + determine the subset of objects to which the rule applies. This element + is required only if you specify more than one filter. For example:

+

  • If you specify both a Prefix and a Tag + filter, wrap these filters in an And tag.

  • +

    If you specify a filter based on multiple tags, wrap the Tag + elements in an And tag.

' + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description:

An object key name prefix that identifies the subset of + objects to which the rule applies.

Replacement must + be made for object keys containing special characters (such as carriage + returns) when using XML requests. For more information, see + XML related object key constraints.

 + Tag: + allOf: + - $ref: '#/components/schemas/Tag' + - description:

A container for specifying a tag key and value.

The + rule applies only to objects that have the tag in their tag set.

+ type: object + ReplicationRuleStatus: + enum: + - Enabled + - Disabled + type: string + ReplicationRules: + items: + $ref: '#/components/schemas/ReplicationRule' + type: array + xml: + wrapped: false + ReplicationStatus: + enum: + - COMPLETE + - PENDING + - FAILED + - REPLICA + type: string + ReplicationTime: + description: ' A container specifying S3 Replication Time Control (S3 RTC) related + information, including whether S3 RTC is enabled and the time when all objects + and operations on objects must be replicated. Must be specified together with + a Metrics block. ' + properties: + Status: + allOf: + - $ref: '#/components/schemas/ReplicationTimeStatus' + - description: ' Specifies whether the replication time is enabled. ' + Time: + allOf: + - $ref: '#/components/schemas/ReplicationTimeValue' + - description: ' A container specifying the time by which replication should + be complete for all objects and operations on objects. ' + required: + - Status + - Time + type: object + ReplicationTimeStatus: + enum: + - Enabled + - Disabled + type: string + ReplicationTimeValue: + description: ' A container specifying the time value for S3 Replication Time + Control (S3 RTC) and replication metrics EventThreshold. ' + properties: + Minutes: + allOf: + - $ref: '#/components/schemas/Minutes' + - description: '

Contains an integer specifying time in minutes.

+

Valid value: 15

' + type: object + RequestCharged: + description: If present, indicates that the requester was successfully charged + for the request. + enum: + - requester + type: string + RequestPayer: + description: Confirms that the requester knows that they will be charged for + the request. Bucket owners need not specify this parameter in their requests. + For information about downloading objects from Requester Pays buckets, see + Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + RequestPaymentConfiguration: + description: Container for Payer. + properties: + Payer: + allOf: + - $ref: '#/components/schemas/Payer' + - description: Specifies who pays for the download and request fees. + required: + - Payer + type: object + RequestProgress: + description: Container for specifying if periodic QueryProgress + messages should be sent. + properties: + Enabled: + allOf: + - $ref: '#/components/schemas/EnableRequestProgress' + - description: 'Specifies whether periodic QueryProgress frames should be + sent. Valid values: TRUE, FALSE. Default value: FALSE.' + type: object + RequestRoute: + type: string + RequestToken: + type: string + ResponseCacheControl: + type: string + ResponseContentDisposition: + type: string + ResponseContentEncoding: + type: string + ResponseContentLanguage: + type: string + ResponseContentType: + type: string + ResponseExpires: + format: date-time + type: string + Restore: + type: string + RestoreObjectOutput: + example: {} + properties: {} + type: object + RestoreObjectRequest: + properties: {} + required: + - Bucket + - Key + title: RestoreObjectRequest + type: object + RestoreOutputPath: + type: string + RestoreRequest: + description: Container for restore job parameters. + properties: + Days: + allOf: + - $ref: '#/components/schemas/Days' + - description:

Lifetime of the active copy in days. Do not use with restores + that specify OutputLocation.

The Days element is + required for regular restores, and must not be provided for select requests.

+ Description: + allOf: + - $ref: '#/components/schemas/Description' + - description: The optional description for the job. + GlacierJobParameters: + allOf: + - $ref: '#/components/schemas/GlacierJobParameters' + - description: S3 Glacier related parameters pertaining to this job. Do + not use with restores that specify OutputLocation. + OutputLocation: + allOf: + - $ref: '#/components/schemas/OutputLocation' + - description: Describes the location where the restore job's output is + stored. + SelectParameters: + allOf: + - $ref: '#/components/schemas/SelectParameters' + - description: Describes the parameters for Select job types. + Tier: + allOf: + - $ref: '#/components/schemas/Tier' + - description: Retrieval tier at which the restore will be processed. + Type: + allOf: + - $ref: '#/components/schemas/RestoreRequestType' + - description: Type of restore request. + type: object + RestoreRequestType: + enum: + - SELECT + type: string + Role: + type: string + RoutingRule: + description: Specifies the redirect behavior and when a redirect is applied. + For more information about routing rules, see Configuring + advanced conditional redirects in the Amazon S3 User Guide. + properties: + Condition: + allOf: + - $ref: '#/components/schemas/Condition' + - description: A container for describing a condition that must be met for + the specified redirect to apply. For example, 1. If request is for pages + in the /docs folder, redirect to the /documents + folder. 2. If request results in HTTP error 4xx, redirect request to + another host where you might process the error. + Redirect: + allOf: + - $ref: '#/components/schemas/Redirect' + - description: Container for redirect information. You can redirect requests + to another host, to another page, or with another protocol. In the event + of an error, you can specify a different error code to return. + required: + - Redirect + type: object + RoutingRules: + items: + allOf: + - $ref: '#/components/schemas/RoutingRule' + - xml: + name: RoutingRule + type: array + Rule: + description: Specifies lifecycle rules for an Amazon S3 bucket. For more information, + see Put + Bucket Lifecycle Configuration in the Amazon S3 API Reference. + For examples, see Put + Bucket Lifecycle Configuration Examples. + properties: + AbortIncompleteMultipartUpload: + $ref: '#/components/schemas/AbortIncompleteMultipartUpload' + Expiration: + allOf: + - $ref: '#/components/schemas/LifecycleExpiration' + - description: Specifies the expiration for the lifecycle of the object. + ID: + allOf: + - $ref: '#/components/schemas/ID' + - description: Unique identifier for the rule. The value can't be longer + than 255 characters. + NoncurrentVersionExpiration: + $ref: '#/components/schemas/NoncurrentVersionExpiration' + NoncurrentVersionTransition: + $ref: '#/components/schemas/NoncurrentVersionTransition' + Prefix: + allOf: + - $ref: '#/components/schemas/Prefix' + - description:

Object key prefix that identifies one or more objects + to which this rule applies.

Replacement must be made + for object keys containing special characters (such as carriage returns) + when using XML requests. For more information, see + XML related object key constraints.

 + Status: + allOf: + - $ref: '#/components/schemas/ExpirationStatus' + - description: If Enabled, the rule is currently being applied. + If Disabled, the rule is not currently being applied. + Transition: + allOf: + - $ref: '#/components/schemas/Transition' + - description: Specifies when an object transitions to a specified storage + class. For more information about Amazon S3 lifecycle configuration + rules, see Transitioning + Objects Using Amazon S3 Lifecycle in the Amazon S3 User Guide. + required: + - Prefix + - Status + type: object + Rules: + items: + $ref: '#/components/schemas/Rule' + type: array + xml: + wrapped: false + S3KeyFilter: + description: A container for object key name prefix and suffix filtering rules. + properties: + FilterRule: + $ref: '#/components/schemas/FilterRuleList' + type: object + S3Location: + description: Describes an Amazon S3 location that will receive the results of + the restore request. + properties: + AccessControlList: + allOf: + - $ref: '#/components/schemas/Grants' + - description: A list of grants that control access to the staged results. + BucketName: + allOf: + - $ref: '#/components/schemas/BucketName' + - description: The name of the bucket where the restore results will be + placed. + CannedACL: + allOf: + - $ref: '#/components/schemas/ObjectCannedACL' + - description: The canned ACL to apply to the restore results. + Encryption: + $ref: '#/components/schemas/Encryption' + Prefix: + allOf: + - $ref: '#/components/schemas/LocationPrefix' + - description: The prefix that is prepended to the restore results for this + request. + StorageClass: + allOf: + - $ref: '#/components/schemas/StorageClass' + - description: The class of storage used to store the restore results. + Tagging: + allOf: + - $ref: '#/components/schemas/Tagging' + - description: The tag-set that is applied to the restore results. + UserMetadata: + allOf: + - $ref: '#/components/schemas/UserMetadata' + - description: A list of metadata to store with the restore results in S3. + required: + - BucketName + - Prefix + type: object + SSECustomerAlgorithm: + type: string + SSECustomerKey: + format: password + type: string + SSECustomerKeyMD5: + type: string + SSEKMS: + description: Specifies the use of SSE-KMS to encrypt delivered inventory reports. + properties: + KeyId: + allOf: + - $ref: '#/components/schemas/SSEKMSKeyId' + - description: Specifies the ID of the Amazon Web Services Key Management + Service (Amazon Web Services KMS) symmetric customer managed key to + use for encrypting inventory reports. + required: + - KeyId + type: object + SSEKMSEncryptionContext: + format: password + type: string + SSEKMSKeyId: + format: password + type: string + SSES3: + description: Specifies the use of SSE-S3 to encrypt delivered inventory reports. + properties: {} + type: object + ScanRange: + description: Specifies the byte range of the object to get the records from. + A record is processed when its first byte is contained by the range. This + parameter is optional, but when specified, it must not be empty. See RFC 2616, + Section 14.35.1 about how to specify the start and end of the range. + properties: + End: + allOf: + - $ref: '#/components/schemas/End' + - description: 'Specifies the end of the byte range. This parameter is optional. + Valid values: non-negative integers. The default value is one less than + the size of the object being queried. If only the End parameter is supplied, + it is interpreted to mean scan the last N bytes of the file. For example, + <scanrange><end>50</end></scanrange> + means scan the last 50 bytes.' + Start: + allOf: + - $ref: '#/components/schemas/Start' + - description: 'Specifies the start of the byte range. This parameter is + optional. Valid values: non-negative integers. The default value is + 0. If only start is supplied, it means scan from that point + to the end of the file. For example, <scanrange><start>50</start></scanrange> + means scan from byte 50 until the end of the file.' + type: object + SelectObjectContentEventStream: + description: The container for selecting objects from a content event stream. + properties: + Cont: + allOf: + - $ref: '#/components/schemas/ContinuationEvent' + - description: The Continuation Event. + End: + allOf: + - $ref: '#/components/schemas/EndEvent' + - description: The End Event. + Progress: + allOf: + - $ref: '#/components/schemas/ProgressEvent' + - description: The Progress Event. + Records: + allOf: + - $ref: '#/components/schemas/RecordsEvent' + - description: The Records Event. + Stats: + allOf: + - $ref: '#/components/schemas/StatsEvent' + - description: The Stats Event. + type: object + SelectObjectContentOutput: + properties: + Payload: + allOf: + - $ref: '#/components/schemas/SelectObjectContentEventStream' + - description: The array of results. + type: object + SelectObjectContentRequest: + description: Request to filter the contents of an Amazon S3 object based on + a simple Structured Query Language (SQL) statement. In the request, along + with the SQL expression, you must specify a data serialization format (JSON + or CSV) of the object. Amazon S3 uses this to parse object data into records. + It returns only records that match the specified SQL expression. You must + also specify the data serialization format for the response. For more information, + see S3Select + API Documentation. + properties: + Expression: + allOf: + - $ref: '#/components/schemas/Expression' + - description: The expression that is used to query the object. + ExpressionType: + allOf: + - $ref: '#/components/schemas/ExpressionType' + - description: The type of the provided expression (for example, SQL). + InputSerialization: + allOf: + - $ref: '#/components/schemas/InputSerialization' + - description: Describes the format of the data in the object that is being + queried. + OutputSerialization: + allOf: + - $ref: '#/components/schemas/OutputSerialization' + - description: Describes the format of the data that you want Amazon S3 + to return in response. + RequestProgress: + allOf: + - $ref: '#/components/schemas/RequestProgress' + - description: Specifies if periodic request progress information should + be enabled. + ScanRange: + allOf: + - $ref: '#/components/schemas/ScanRange' + - description:

Specifies the byte range of the object to get the records + from. A record is processed when its first byte is contained by the + range. This parameter is optional, but when specified, it must not be + empty. See RFC 2616, Section 14.35.1 about how to specify the start + and end of the range.

ScanRangemay be used in the + following ways:

  • <scanrange><start>50</start><end>100</end></scanrange> + - process only the records starting between the bytes 50 and 100 (inclusive, + counting from zero)

  • <scanrange><start>50</start></scanrange> + - process only the records starting after the byte 50

  • +

    <scanrange><end>50</end></scanrange> + - process only the records within the last 50 bytes of the file.

    +
+ required: + - Bucket + - Key + - Expression + - ExpressionType + - InputSerialization + - OutputSerialization + title: SelectObjectContentRequest + type: object + SelectParameters: + description: Describes the parameters for Select job types. + properties: + Expression: + allOf: + - $ref: '#/components/schemas/Expression' + - description: The expression that is used to query the object. + ExpressionType: + allOf: + - $ref: '#/components/schemas/ExpressionType' + - description: The type of the provided expression (for example, SQL). + InputSerialization: + allOf: + - $ref: '#/components/schemas/InputSerialization' + - description: Describes the serialization format of the object. + OutputSerialization: + allOf: + - $ref: '#/components/schemas/OutputSerialization' + - description: Describes how the results of the Select job are serialized. + required: + - InputSerialization + - ExpressionType + - Expression + - OutputSerialization + type: object + ServerSideEncryption: + enum: + - AES256 + - aws:kms + type: string + ServerSideEncryptionByDefault: + description: Describes the default server-side encryption to apply to new objects + in the bucket. If a PUT Object request doesn't specify any server-side encryption, + this default encryption will be applied. If you don't specify a customer managed + key at configuration, Amazon S3 automatically creates an Amazon Web Services + KMS key in your Amazon Web Services account the first time that you add an + object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this + KMS key for SSE-KMS. For more information, see PUT + Bucket encryption in the Amazon S3 API Reference. + properties: + KMSMasterKeyID: + allOf: + - $ref: '#/components/schemas/SSEKMSKeyId' + - description: '

Amazon Web Services Key Management Service (KMS) customer + Amazon Web Services KMS key ID to use for the default encryption. This + parameter is allowed if and only if SSEAlgorithm is set + to aws:kms.

You can specify the key ID or the Amazon + Resource Name (ARN) of the KMS key. However, if you are using encryption + with cross-account or Amazon Web Services service operations you must + use a fully qualified KMS key ARN. For more information, see Using + encryption for cross-account operations.

For example: +

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab +

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab +

Amazon S3 only supports symmetric KMS + keys and not asymmetric KMS keys. For more information, see Using + symmetric and asymmetric keys in the Amazon Web Services Key + Management Service Developer Guide.

' + SSEAlgorithm: + allOf: + - $ref: '#/components/schemas/ServerSideEncryption' + - description: Server-side encryption algorithm to use for the default encryption. + required: + - SSEAlgorithm + type: object + ServerSideEncryptionConfiguration: + description: Specifies the default server-side-encryption configuration. + properties: + Rule: + allOf: + - $ref: '#/components/schemas/ServerSideEncryptionRules' + - description: Container for information about a particular server-side + encryption configuration rule. + required: + - Rules + type: object + ServerSideEncryptionRule: + description: Specifies the default server-side encryption configuration. + properties: + ApplyServerSideEncryptionByDefault: + allOf: + - $ref: '#/components/schemas/ServerSideEncryptionByDefault' + - description: Specifies the default server-side encryption to apply to + new objects in the bucket. If a PUT Object request doesn't specify any + server-side encryption, this default encryption will be applied. + BucketKeyEnabled: + allOf: + - $ref: '#/components/schemas/BucketKeyEnabled' + - description:

Specifies whether Amazon S3 should use an S3 Bucket Key + with server-side encryption using KMS (SSE-KMS) for new objects in the + bucket. Existing objects are not affected. Setting the BucketKeyEnabled + element to true causes Amazon S3 to use an S3 Bucket Key. + By default, S3 Bucket Key is not enabled.

For more information, + see Amazon + S3 Bucket Keys in the Amazon S3 User Guide.

+ type: object + ServerSideEncryptionRules: + items: + $ref: '#/components/schemas/ServerSideEncryptionRule' + type: array + xml: + wrapped: false + Setting: + type: boolean + Size: + type: integer + SkipValidation: + type: boolean + SourceSelectionCriteria: + description: A container that describes additional filters for identifying the + source objects that you want to replicate. You can choose to enable or disable + the replication of these objects. Currently, Amazon S3 supports only the filter + that you can specify for objects created with server-side encryption using + a customer managed key stored in Amazon Web Services Key Management Service + (SSE-KMS). + properties: + ReplicaModifications: + allOf: + - $ref: '#/components/schemas/ReplicaModifications' + - description:

A filter that you can specify for selections for modifications + on replicas. Amazon S3 doesn't replicate replica modifications by default. + In the latest version of replication configuration (when Filter + is specified), you can specify this element and set the status to Enabled + to replicate modifications on replicas.

If you don't + specify the Filter element, Amazon S3 assumes that the + replication configuration is the earlier version, V1. In the earlier + version, this element is not allowed

 + SseKmsEncryptedObjects: + allOf: + - $ref: '#/components/schemas/SseKmsEncryptedObjects' + - description: ' A container for filter information for the selection of + Amazon S3 objects encrypted with Amazon Web Services KMS. If you include + SourceSelectionCriteria in the replication configuration, + this element is required. ' + type: object + SseKmsEncryptedObjects: + description: A container for filter information for the selection of S3 objects + encrypted with Amazon Web Services KMS. + properties: + Status: + allOf: + - $ref: '#/components/schemas/SseKmsEncryptedObjectsStatus' + - description: Specifies whether Amazon S3 replicates objects created with + server-side encryption using an Amazon Web Services KMS key stored in + Amazon Web Services Key Management Service. + required: + - Status + type: object + SseKmsEncryptedObjectsStatus: + enum: + - Enabled + - Disabled + type: string + Start: + type: integer + StartAfter: + type: string + Stats: + description: Container for the stats details. + properties: + BytesProcessed: + allOf: + - $ref: '#/components/schemas/BytesProcessed' + - description: The total number of uncompressed object bytes processed. + BytesReturned: + allOf: + - $ref: '#/components/schemas/BytesReturned' + - description: The total number of bytes of records payload data returned. + BytesScanned: + allOf: + - $ref: '#/components/schemas/BytesScanned' + - description: The total number of object bytes scanned. + type: object + StatsEvent: + description: Container for the Stats Event. + properties: + Details: + allOf: + - $ref: '#/components/schemas/Stats' + - description: The Stats event details. + type: object + StorageClass: + enum: + - STANDARD + - REDUCED_REDUNDANCY + - STANDARD_IA + - ONEZONE_IA + - INTELLIGENT_TIERING + - GLACIER + - DEEP_ARCHIVE + - OUTPOSTS + - GLACIER_IR + type: string + StorageClassAnalysis: + description: Specifies data related to access patterns to be collected and made + available to analyze the tradeoffs between different storage classes for an + Amazon S3 bucket. + properties: + DataExport: + allOf: + - $ref: '#/components/schemas/StorageClassAnalysisDataExport' + - description: Specifies how data related to the storage class analysis + for an Amazon S3 bucket should be exported. + type: object + StorageClassAnalysisDataExport: + description: Container for data related to the storage class analysis for an + Amazon S3 bucket for export. + properties: + Destination: + allOf: + - $ref: '#/components/schemas/AnalyticsExportDestination' + - description: The place to store the data for an analysis. + OutputSchemaVersion: + allOf: + - $ref: '#/components/schemas/StorageClassAnalysisSchemaVersion' + - description: The version of the output schema to use when exporting data. + Must be V_1. + required: + - OutputSchemaVersion + - Destination + type: object + StorageClassAnalysisSchemaVersion: + enum: + - V_1 + type: string + Suffix: + type: string + Tag: + description: A container of a key value name pair. + properties: + Key: + allOf: + - $ref: '#/components/schemas/ObjectKey' + - description: Name of the object key. + Value: + allOf: + - $ref: '#/components/schemas/Value' + - description: Value of the tag. + required: + - Key + - Value + type: object + TagCount: + type: integer + TagSet: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: Tag + type: array + Tagging: + description: Container for TagSet elements. + properties: + TagSet: + allOf: + - $ref: '#/components/schemas/TagSet' + - description: A collection for a set of tags + required: + - TagSet + type: object + TaggingDirective: + enum: + - COPY + - REPLACE + type: string + TaggingHeader: + type: string + TargetBucket: + type: string + TargetGrant: + description:

Container for granting information.

Buckets that use + the bucket owner enforced setting for Object Ownership don't support target + grants. For more information, see Permissions + server access log delivery in the Amazon S3 User Guide.

+ properties: + Grantee: + allOf: + - $ref: '#/components/schemas/Grantee' + - description: Container for the person being granted permissions. + Permission: + allOf: + - $ref: '#/components/schemas/BucketLogsPermission' + - description: Logging permissions assigned to the grantee for the bucket. + type: object + TargetGrants: + items: + allOf: + - $ref: '#/components/schemas/TargetGrant' + - xml: + name: Grant + type: array + TargetPrefix: + type: string + Tier: + enum: + - Standard + - Bulk + - Expedited + type: string + Tiering: + description: The S3 Intelligent-Tiering storage class is designed to optimize + storage costs by automatically moving data to the most cost-effective storage + access tier, without additional operational overhead. + properties: + AccessTier: + allOf: + - $ref: '#/components/schemas/IntelligentTieringAccessTier' + - description: S3 Intelligent-Tiering access tier. See Storage + class for automatically optimizing frequently and infrequently accessed + objects for a list of access tiers in the S3 Intelligent-Tiering + storage class. + Days: + allOf: + - $ref: '#/components/schemas/IntelligentTieringDays' + - description: The number of consecutive days of no access after which an + object will be eligible to be transitioned to the corresponding tier. + The minimum number of days specified for Archive Access tier must be + at least 90 days and Deep Archive Access tier must be at least 180 days. + The maximum can be up to 2 years (730 days). + required: + - Days + - AccessTier + type: object + TieringList: + items: + $ref: '#/components/schemas/Tiering' + type: array + xml: + wrapped: false + Token: + type: string + TopicArn: + type: string + TopicConfiguration: + description: A container for specifying the configuration for publication of + messages to an Amazon Simple Notification Service (Amazon SNS) topic when + Amazon S3 detects specified events. + properties: + Event: + allOf: + - $ref: '#/components/schemas/EventList' + - description: The Amazon S3 bucket event about which to send notifications. + For more information, see Supported + Event Types in the Amazon S3 User Guide. + Filter: + $ref: '#/components/schemas/NotificationConfigurationFilter' + Id: + $ref: '#/components/schemas/NotificationId' + Topic: + allOf: + - $ref: '#/components/schemas/TopicArn' + - description: The Amazon Resource Name (ARN) of the Amazon SNS topic to + which Amazon S3 publishes a message when it detects events of the specified + type. + required: + - TopicArn + - Events + type: object + TopicConfigurationDeprecated: + description: A container for specifying the configuration for publication of + messages to an Amazon Simple Notification Service (Amazon SNS) topic when + Amazon S3 detects specified events. This data type is deprecated. Use TopicConfiguration + instead. + properties: + Event: + allOf: + - $ref: '#/components/schemas/EventList' + - description: A collection of events related to objects + Id: + $ref: '#/components/schemas/NotificationId' + Topic: + allOf: + - $ref: '#/components/schemas/TopicArn' + - description: Amazon SNS topic to which Amazon S3 will publish a message + to report the specified events for the bucket. + type: object + TopicConfigurationList: + items: + $ref: '#/components/schemas/TopicConfiguration' + type: array + xml: + wrapped: false + Transition: + description: Specifies when an object transitions to a specified storage class. + For more information about Amazon S3 lifecycle configuration rules, see Transitioning + Objects Using Amazon S3 Lifecycle in the Amazon S3 User Guide. + properties: + Date: + allOf: + - $ref: '#/components/schemas/Date' + - description: Indicates when objects are transitioned to the specified + storage class. The date value must be in ISO 8601 format. The time is + always midnight UTC. + Days: + allOf: + - $ref: '#/components/schemas/Days' + - description: Indicates the number of days after creation when objects + are transitioned to the specified storage class. The value must be a + positive integer. + StorageClass: + allOf: + - $ref: '#/components/schemas/TransitionStorageClass' + - description: The storage class to which you want the object to transition. + type: object + TransitionList: + items: + $ref: '#/components/schemas/Transition' + type: array + xml: + wrapped: false + TransitionStorageClass: + enum: + - GLACIER + - STANDARD_IA + - ONEZONE_IA + - INTELLIGENT_TIERING + - DEEP_ARCHIVE + - GLACIER_IR + type: string + Type: + enum: + - CanonicalUser + - AmazonCustomerByEmail + - Group + type: string + URI: + type: string + UploadIdMarker: + type: string + UploadPartCopyOutput: + example: + CopyPartResult: + ETag: '"65d16d19e65a7508a51f043180edcc36"' + LastModified: '2016-12-29T21:44:28.000Z' + properties: + CopyPartResult: + allOf: + - $ref: '#/components/schemas/CopyPartResult' + - description: Container for all response elements. + type: object + UploadPartCopyRequest: + properties: {} + required: + - Bucket + - CopySource + - Key + - PartNumber + - UploadId + title: UploadPartCopyRequest + type: object + UploadPartOutput: + example: + ETag: '"d8c2eafd90c266e19ab9dcacc479f8af"' + properties: {} + type: object + UploadPartRequest: + properties: + Body: + allOf: + - $ref: '#/components/schemas/Body' + - description: Object data. + required: + - Bucket + - Key + - PartNumber + - UploadId + title: UploadPartRequest + type: object + UserMetadata: + items: + allOf: + - $ref: '#/components/schemas/MetadataEntry' + - xml: + name: MetadataEntry + type: array + Value: + type: string + VersionCount: + type: integer + VersionIdMarker: + type: string + VersioningConfiguration: + description: Describes the versioning state of an Amazon S3 bucket. For more + information, see PUT + Bucket versioning in the Amazon S3 API Reference. + properties: + MfaDelete: + allOf: + - $ref: '#/components/schemas/MFADelete' + - description: Specifies whether MFA delete is enabled in the bucket versioning + configuration. This element is only returned if the bucket has been + configured with MFA delete. If the bucket has never been so configured, + this element is not returned. + Status: + allOf: + - $ref: '#/components/schemas/BucketVersioningStatus' + - description: The versioning state of the bucket. + type: object + WebsiteConfiguration: + description: Specifies website configuration parameters for an Amazon S3 bucket. + properties: + ErrorDocument: + allOf: + - $ref: '#/components/schemas/ErrorDocument' + - description: The name of the error document for the website. + IndexDocument: + allOf: + - $ref: '#/components/schemas/IndexDocument' + - description: The name of the index document for the website. + RedirectAllRequestsTo: + allOf: + - $ref: '#/components/schemas/RedirectAllRequestsTo' + - description:

The redirect behavior for every request to this bucket's + website endpoint.

If you specify this property, you + can't specify any other property.

 + RoutingRules: + allOf: + - $ref: '#/components/schemas/RoutingRules' + - description: Rules that define when a redirect is applied and the redirect + behavior. + type: object + WebsiteRedirectLocation: + type: string + WriteGetObjectResponseRequest: + properties: + Body: + allOf: + - $ref: '#/components/schemas/Body' + - description: The object data. + x-amz-meta-: + allOf: + - $ref: '#/components/schemas/Metadata' + - description: A map of metadata to store with the object in S3. + required: + - RequestRoute + - RequestToken + title: WriteGetObjectResponseRequest + type: object + Years: + type: integer + securitySchemes: + hmac: + description: Amazon S3 signature + in: header + name: Authorization + type: apiKey + x-amazon-apigateway-authtype: awsS3 + x-stackQL-resources: + bucket_accelerate_configurations: + id: aws.s3_api.bucket_accelerate_configurations + methods: + bucket_accelerate_configurations_Get: + operation: + $ref: '#/paths/~1?accelerate/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_accelerate_configurations_Put: + operation: + $ref: '#/paths/~1?accelerate/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_accelerate_configurations + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_accelerate_configurations/methods/bucket_accelerate_configurations_Get' + update: [] + title: bucket_accelerate_configurations + bucket_acls: + id: aws.s3_api.bucket_acls + methods: + bucket_acls_Get: + operation: + $ref: '#/paths/~1?acl/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_acls_Put: + operation: + $ref: '#/paths/~1?acl/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_acls + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_acls/methods/bucket_acls_Get' + update: [] + title: bucket_acls + bucket_analytics_configurations: + id: aws.s3_api.bucket_analytics_configurations + methods: + bucket_analytics_configurations_Delete: + operation: + $ref: '#/paths/~1?analytics#id/delete' + response: + mediaType: text/xml + openAPIDocKey: '200' + bucket_analytics_configurations_Get: + operation: + $ref: '#/paths/~1?analytics#id/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_analytics_configurations_List: + operation: + $ref: '#/paths/~1?analytics/get' + response: + mediaType: text/xml + objectKey: /*/AnalyticsConfiguration/member + openAPIDocKey: '200' + bucket_analytics_configurations_Put: + operation: + $ref: '#/paths/~1?analytics#id/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_analytics_configurations + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/bucket_analytics_configurations/methods/bucket_analytics_configurations_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_analytics_configurations/methods/bucket_analytics_configurations_Get' + - $ref: '#/components/x-stackQL-resources/bucket_analytics_configurations/methods/bucket_analytics_configurations_List' + update: [] + title: bucket_analytics_configurations + bucket_cors: + id: aws.s3_api.bucket_cors + methods: + bucket_cors_Delete: + operation: + $ref: '#/paths/~1?cors/delete' + response: + mediaType: text/xml + openAPIDocKey: '200' + bucket_cors_Get: + operation: + $ref: '#/paths/~1?cors/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_cors_Put: + operation: + $ref: '#/paths/~1?cors/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_cors + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/bucket_cors/methods/bucket_cors_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_cors/methods/bucket_cors_Get' + update: [] + title: bucket_cors + bucket_encryptions: + id: aws.s3_api.bucket_encryptions + methods: + bucket_encryptions_Delete: + operation: + $ref: '#/paths/~1?encryption/delete' + response: + mediaType: text/xml + openAPIDocKey: '200' + bucket_encryptions_Get: + operation: + $ref: '#/paths/~1?encryption/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_encryptions_Put: + operation: + $ref: '#/paths/~1?encryption/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_encryptions + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/bucket_encryptions/methods/bucket_encryptions_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_encryptions/methods/bucket_encryptions_Get' + update: [] + title: bucket_encryptions + bucket_intelligent_tiering_configurations: + id: aws.s3_api.bucket_intelligent_tiering_configurations + methods: + bucket_intelligent_tiering_configurations_Delete: + operation: + $ref: '#/paths/~1?intelligent-tiering#id/delete' + response: + mediaType: text/xml + openAPIDocKey: '200' + bucket_intelligent_tiering_configurations_Get: + operation: + $ref: '#/paths/~1?intelligent-tiering#id/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_intelligent_tiering_configurations_List: + operation: + $ref: '#/paths/~1?intelligent-tiering/get' + response: + mediaType: text/xml + objectKey: /*/IntelligentTieringConfiguration/member + openAPIDocKey: '200' + bucket_intelligent_tiering_configurations_Put: + operation: + $ref: '#/paths/~1?intelligent-tiering#id/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_intelligent_tiering_configurations + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/bucket_intelligent_tiering_configurations/methods/bucket_intelligent_tiering_configurations_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_intelligent_tiering_configurations/methods/bucket_intelligent_tiering_configurations_Get' + - $ref: '#/components/x-stackQL-resources/bucket_intelligent_tiering_configurations/methods/bucket_intelligent_tiering_configurations_List' + update: [] + title: bucket_intelligent_tiering_configurations + bucket_inventory_configurations: + id: aws.s3_api.bucket_inventory_configurations + methods: + bucket_inventory_configurations_Delete: + operation: + $ref: '#/paths/~1?inventory#id/delete' + response: + mediaType: text/xml + openAPIDocKey: '200' + bucket_inventory_configurations_Get: + operation: + $ref: '#/paths/~1?inventory#id/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_inventory_configurations_List: + operation: + $ref: '#/paths/~1?inventory/get' + response: + mediaType: text/xml + objectKey: /*/InventoryConfiguration/member + openAPIDocKey: '200' + bucket_inventory_configurations_Put: + operation: + $ref: '#/paths/~1?inventory#id/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_inventory_configurations + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/bucket_inventory_configurations/methods/bucket_inventory_configurations_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_inventory_configurations/methods/bucket_inventory_configurations_Get' + - $ref: '#/components/x-stackQL-resources/bucket_inventory_configurations/methods/bucket_inventory_configurations_List' + update: [] + title: bucket_inventory_configurations + bucket_lifecycle_configurations: + id: aws.s3_api.bucket_lifecycle_configurations + methods: + bucket_lifecycle_configurations_Get: + operation: + $ref: '#/paths/~1?lifecycle/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_lifecycle_configurations_Put: + operation: + $ref: '#/paths/~1?lifecycle/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_lifecycle_configurations + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_lifecycle_configurations/methods/bucket_lifecycle_configurations_Get' + update: [] + title: bucket_lifecycle_configurations + bucket_lifecycles: + id: aws.s3_api.bucket_lifecycles + methods: + bucket_lifecycles_Delete: + operation: + $ref: '#/paths/~1?lifecycle/delete' + response: + mediaType: text/xml + openAPIDocKey: '200' + bucket_lifecycles_Get: + operation: + $ref: '#/paths/~1?lifecycle#deprecated!/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_lifecycles_Put: + operation: + $ref: '#/paths/~1?lifecycle#deprecated!/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_lifecycles + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/bucket_lifecycles/methods/bucket_lifecycles_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_lifecycles/methods/bucket_lifecycles_Get' + update: [] + title: bucket_lifecycles + bucket_locations: + id: aws.s3_api.bucket_locations + methods: + bucket_locations_Get: + operation: + $ref: '#/paths/~1?location/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + name: bucket_locations + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_locations/methods/bucket_locations_Get' + update: [] + title: bucket_locations + bucket_loggings: + id: aws.s3_api.bucket_loggings + methods: + bucket_loggings_Get: + operation: + $ref: '#/paths/~1?logging/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_loggings_Put: + operation: + $ref: '#/paths/~1?logging/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_loggings + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_loggings/methods/bucket_loggings_Get' + update: [] + title: bucket_loggings + bucket_metrics_configurations: + id: aws.s3_api.bucket_metrics_configurations + methods: + bucket_metrics_configurations_Delete: + operation: + $ref: '#/paths/~1?metrics#id/delete' + response: + mediaType: text/xml + openAPIDocKey: '200' + bucket_metrics_configurations_Get: + operation: + $ref: '#/paths/~1?metrics#id/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_metrics_configurations_List: + operation: + $ref: '#/paths/~1?metrics/get' + response: + mediaType: text/xml + objectKey: /*/MetricsConfiguration/member + openAPIDocKey: '200' + bucket_metrics_configurations_Put: + operation: + $ref: '#/paths/~1?metrics#id/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_metrics_configurations + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/bucket_metrics_configurations/methods/bucket_metrics_configurations_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_metrics_configurations/methods/bucket_metrics_configurations_Get' + - $ref: '#/components/x-stackQL-resources/bucket_metrics_configurations/methods/bucket_metrics_configurations_List' + update: [] + title: bucket_metrics_configurations + bucket_notification_configurations: + id: aws.s3_api.bucket_notification_configurations + methods: + bucket_notification_configurations_Get: + operation: + $ref: '#/paths/~1?notification/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_notification_configurations_Put: + operation: + $ref: '#/paths/~1?notification/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_notification_configurations + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_notification_configurations/methods/bucket_notification_configurations_Get' + update: [] + title: bucket_notification_configurations + bucket_notifications: + id: aws.s3_api.bucket_notifications + methods: + bucket_notifications_Get: + operation: + $ref: '#/paths/~1?notification#deprecated!/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_notifications_Put: + operation: + $ref: '#/paths/~1?notification#deprecated!/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_notifications + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_notifications/methods/bucket_notifications_Get' + update: [] + title: bucket_notifications + bucket_ownership_controls: + id: aws.s3_api.bucket_ownership_controls + methods: + bucket_ownership_controls_Delete: + operation: + $ref: '#/paths/~1?ownershipControls/delete' + response: + mediaType: text/xml + openAPIDocKey: '200' + bucket_ownership_controls_Get: + operation: + $ref: '#/paths/~1?ownershipControls/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_ownership_controls_Put: + operation: + $ref: '#/paths/~1?ownershipControls/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_ownership_controls + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/bucket_ownership_controls/methods/bucket_ownership_controls_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_ownership_controls/methods/bucket_ownership_controls_Get' + update: [] + title: bucket_ownership_controls + bucket_policies: + id: aws.s3_api.bucket_policies + methods: + bucket_policies_Delete: + operation: + $ref: '#/paths/~1?policy/delete' + response: + mediaType: text/xml + openAPIDocKey: '200' + bucket_policies_Get: + operation: + $ref: '#/paths/~1?policy/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_policies_Put: + operation: + $ref: '#/paths/~1?policy/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_policies + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/bucket_policies/methods/bucket_policies_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_policies/methods/bucket_policies_Get' + update: [] + title: bucket_policies + bucket_policy_status: + id: aws.s3_api.bucket_policy_status + methods: + bucket_policy_status_Get: + operation: + $ref: '#/paths/~1?policyStatus/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + name: bucket_policy_status + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_policy_status/methods/bucket_policy_status_Get' + update: [] + title: bucket_policy_status + bucket_replications: + id: aws.s3_api.bucket_replications + methods: + bucket_replications_Delete: + operation: + $ref: '#/paths/~1?replication/delete' + response: + mediaType: text/xml + openAPIDocKey: '200' + bucket_replications_Get: + operation: + $ref: '#/paths/~1?replication/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_replications_Put: + operation: + $ref: '#/paths/~1?replication/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_replications + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/bucket_replications/methods/bucket_replications_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_replications/methods/bucket_replications_Get' + update: [] + title: bucket_replications + bucket_request_payments: + id: aws.s3_api.bucket_request_payments + methods: + bucket_request_payments_Get: + operation: + $ref: '#/paths/~1?requestPayment/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_request_payments_Put: + operation: + $ref: '#/paths/~1?requestPayment/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_request_payments + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_request_payments/methods/bucket_request_payments_Get' + update: [] + title: bucket_request_payments + bucket_taggings: + id: aws.s3_api.bucket_taggings + methods: + bucket_taggings_Delete: + operation: + $ref: '#/paths/~1?tagging/delete' + response: + mediaType: text/xml + openAPIDocKey: '200' + bucket_taggings_Get: + operation: + $ref: '#/paths/~1?tagging/get' + response: + mediaType: text/xml + objectKey: /*/TagSet/Tag + openAPIDocKey: '200' + bucket_taggings_Put: + operation: + $ref: '#/paths/~1?tagging/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_taggings + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/bucket_taggings/methods/bucket_taggings_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_taggings/methods/bucket_taggings_Get' + update: [] + title: bucket_taggings + bucket_versionings: + id: aws.s3_api.bucket_versionings + methods: + bucket_versionings_Get: + operation: + $ref: '#/paths/~1?versioning/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_versionings_Put: + operation: + $ref: '#/paths/~1?versioning/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_versionings + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_versionings/methods/bucket_versionings_Get' + update: [] + title: bucket_versionings + bucket_websites: + id: aws.s3_api.bucket_websites + methods: + bucket_websites_Delete: + operation: + $ref: '#/paths/~1?website/delete' + response: + mediaType: text/xml + openAPIDocKey: '200' + bucket_websites_Get: + operation: + $ref: '#/paths/~1?website/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + bucket_websites_Put: + operation: + $ref: '#/paths/~1?website/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: bucket_websites + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/bucket_websites/methods/bucket_websites_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/bucket_websites/methods/bucket_websites_Get' + update: [] + title: bucket_websites + buckets: + id: aws.s3_api.buckets + methods: + buckets_Create: + operation: + $ref: '#/paths/~1/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + buckets_Delete: + operation: + $ref: '#/paths/~1/delete' + response: + mediaType: text/xml + openAPIDocKey: '200' + buckets_List: + operation: + $ref: '#/paths/~1/get' + response: + mediaType: text/xml + objectKey: /*/Buckets/Bucket + openAPIDocKey: '200' + name: buckets + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/buckets/methods/buckets_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/buckets/methods/buckets_Create' + select: + - $ref: '#/components/x-stackQL-resources/buckets/methods/buckets_List' + update: [] + title: buckets + get_object_responses: + id: aws.s3_api.get_object_responses + methods: + get_object_responses_Write: + operation: + $ref: '#/paths/~1WriteGetObjectResponse#x-amz-request-route&x-amz-request-token/post' + name: get_object_responses + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: get_object_responses + multipart_uploads: + id: aws.s3_api.multipart_uploads + methods: + multipart_uploads_Complete: + operation: + $ref: '#/paths/~1{Key}#uploadId/post' + response: + mediaType: text/xml + openAPIDocKey: '200' + multipart_uploads_Create: + operation: + $ref: '#/paths/~1{Key}?uploads/post' + multipart_uploads_List: + operation: + $ref: '#/paths/~1?uploads/get' + response: + mediaType: text/xml + objectKey: /*/CommonPrefixes/member + openAPIDocKey: '200' + name: multipart_uploads + sqlVerbs: + delete: [] + insert: + - $ref: '#/components/x-stackQL-resources/multipart_uploads/methods/multipart_uploads_Create' + select: [] + # - $ref: '#/components/x-stackQL-resources/multipart_uploads/methods/multipart_uploads_List' + update: [] + title: multipart_uploads + object_acls: + id: aws.s3_api.object_acls + methods: + object_acls_Get: + operation: + $ref: '#/paths/~1{Key}?acl/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + object_acls_Put: + operation: + $ref: '#/paths/~1{Key}?acl/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: object_acls + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/object_acls/methods/object_acls_Get' + update: [] + title: object_acls + object_attributes: + id: aws.s3_api.object_attributes + methods: + object_attributes_Get: + operation: + $ref: '#/paths/~1{Key}?attributes#x-amz-object-attributes/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + name: object_attributes + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/object_attributes/methods/object_attributes_Get' + update: [] + title: object_attributes + object_contents: + id: aws.s3_api.object_contents + methods: + object_contents_Select: + operation: + $ref: '#/paths/~1{Key}?select&select-type=2/post' + name: object_contents + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: object_contents + object_legal_holds: + id: aws.s3_api.object_legal_holds + methods: + object_legal_holds_Get: + operation: + $ref: '#/paths/~1{Key}?legal-hold/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + object_legal_holds_Put: + operation: + $ref: '#/paths/~1{Key}?legal-hold/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: object_legal_holds + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/object_legal_holds/methods/object_legal_holds_Get' + update: [] + title: object_legal_holds + object_lock_configurations: + id: aws.s3_api.object_lock_configurations + methods: + object_lock_configurations_Get: + operation: + $ref: '#/paths/~1?object-lock/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + object_lock_configurations_Put: + operation: + $ref: '#/paths/~1?object-lock/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: object_lock_configurations + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/object_lock_configurations/methods/object_lock_configurations_Get' + update: [] + title: object_lock_configurations + object_retentions: + id: aws.s3_api.object_retentions + methods: + object_retentions_Get: + operation: + $ref: '#/paths/~1{Key}?retention/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + object_retentions_Put: + operation: + $ref: '#/paths/~1{Key}?retention/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: object_retentions + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/object_retentions/methods/object_retentions_Get' + update: [] + title: object_retentions + object_taggings: + id: aws.s3_api.object_taggings + methods: + object_taggings_Delete: + operation: + $ref: '#/paths/~1{Key}?tagging/delete' + response: + mediaType: text/xml + openAPIDocKey: '200' + object_taggings_Get: + operation: + $ref: '#/paths/~1{Key}?tagging/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + object_taggings_Put: + operation: + $ref: '#/paths/~1{Key}?tagging/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: object_taggings + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/object_taggings/methods/object_taggings_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/object_taggings/methods/object_taggings_Get' + update: [] + title: object_taggings + object_torrents: + id: aws.s3_api.object_torrents + methods: + object_torrents_Get: + operation: + $ref: '#/paths/~1{Key}?torrent/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + name: object_torrents + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/object_torrents/methods/object_torrents_Get' + update: [] + title: object_torrents + object_versions: + id: aws.s3_api.object_versions + methods: + object_versions_List: + operation: + $ref: '#/paths/~1?versions/get' + response: + mediaType: text/xml + objectKey: /*/CommonPrefixes/member + openAPIDocKey: '200' + name: object_versions + sqlVerbs: + delete: [] + insert: [] + # select: + # - $ref: '#/components/x-stackQL-resources/object_versions/methods/object_versions_List' + update: [] + title: object_versions + objects: + id: aws.s3_api.objects + methods: + objects_Copy: + operation: + $ref: '#/paths/~1{Key}#x-amz-copy-source/put' + objects_Delete: + operation: + $ref: '#/paths/~1?delete/post' + objects_Get: + operation: + $ref: '#/paths/~1{Key}/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + objects_List: + operation: + $ref: '#/paths/~1?max-keys=1000/get' + response: + mediaType: text/xml + objectKey: /*/Contents + openAPIDocKey: '200' + objects_Put: + operation: + $ref: '#/paths/~1{Key}/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + objects_Restore: + operation: + $ref: '#/paths/~1{Key}?restore/post' + name: objects + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/objects/methods/objects_Delete' + - $ref: '#/components/x-stackQL-resources/objects/methods/objects_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/objects/methods/objects_List' + - $ref: '#/components/x-stackQL-resources/objects/methods/objects_Get' + update: [] + title: objects + objects_v2s: + id: aws.s3_api.objects_v2s + methods: + objects_v2s_List: + operation: + $ref: '#/paths/~1?list-type=2/get' + response: + mediaType: text/xml + objectKey: /*/Contents/member + openAPIDocKey: '200' + name: objects_v2s + sqlVerbs: + # delete: [] + # insert: [] + # select: + # - $ref: '#/components/x-stackQL-resources/objects_v2s/methods/objects_v2s_List' + # update: [] + title: objects_v2s + part_copies: + id: aws.s3_api.part_copies + methods: + part_copies_Upload: + operation: + $ref: '#/paths/~1{Key}#x-amz-copy-source&partNumber&uploadId/put' + name: part_copies + sqlVerbs: + delete: [] + insert: [] + select: [] + update: [] + title: part_copies + parts: + id: aws.s3_api.parts + methods: + parts_List: + operation: + $ref: '#/paths/~1{Key}#uploadId/get' + response: + mediaType: text/xml + objectKey: /*/Part/member + openAPIDocKey: '200' + parts_Upload: + operation: + $ref: '#/paths/~1{Key}#partNumber&uploadId/put' + name: parts + sqlVerbs: + # delete: [] + # insert: [] + # select: + # - $ref: '#/components/x-stackQL-resources/parts/methods/parts_List' + # update: [] + title: parts + public_access_blocks: + id: aws.s3_api.public_access_blocks + methods: + public_access_blocks_Delete: + operation: + $ref: '#/paths/~1?publicAccessBlock/delete' + response: + mediaType: text/xml + openAPIDocKey: '200' + public_access_blocks_Get: + operation: + $ref: '#/paths/~1?publicAccessBlock/get' + response: + mediaType: text/xml + objectKey: /* + openAPIDocKey: '200' + public_access_blocks_Put: + operation: + $ref: '#/paths/~1?publicAccessBlock/put' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: public_access_blocks + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/public_access_blocks/methods/public_access_blocks_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/public_access_blocks/methods/public_access_blocks_Get' + update: [] + title: public_access_blocks +externalDocs: + description: Amazon Web Services documentation + url: https://docs.aws.amazon.com/s3/ +info: + contact: + email: mike.ralphson@gmail.com + name: Mike Ralphson + url: https://github.com/mermade/aws2openapi + x-twitter: PermittedSoc + description:

+ license: + name: Apache 2.0 License + url: http://www.apache.org/licenses/ + termsOfService: https://aws.amazon.com/service-terms/ + title: Amazon Simple Storage Service + version: '2006-03-01' + x-apiClientRegistration: + url: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct + x-apisguru-categories: + - cloud + x-logo: + backgroundColor: '#FFFFFF' + url: https://twitter.com/awscloud/profile_image?size=original + x-origin: + - contentType: application/json + converter: + url: https://github.com/mermade/aws2openapi + version: 1.0.0 + url: https://raw.githubusercontent.com/aws/aws-sdk-js/master/apis/s3-2006-03-01.normal.json + x-apisguru-driver: external + x-preferred: true + x-providerName: amazonaws.com + x-release: s3 + x-serviceName: s3 +openapi: 3.0.0 +paths: + /WriteGetObjectResponse#x-amz-request-route&x-amz-request-token: + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + post: + description: '

Passes transformed objects to a GetObject operation + when using Object Lambda access points. For information about Object Lambda + access points, see Transforming + objects with Object Lambda access points in the Amazon S3 User Guide.

+

This operation supports metadata that can be returned by GetObject, + in addition to RequestRoute, RequestToken, StatusCode, + ErrorCode, and ErrorMessage. The GetObject + response metadata is supported so that the WriteGetObjectResponse + caller, typically an Lambda function, can provide the same metadata when it + internally invokes GetObject. When WriteGetObjectResponse + is called by a customer-owned Lambda function, the metadata returned to the + end user GetObject call might differ from what Amazon S3 would + normally return.

You can include any number of metadata headers. When + including a metadata header, it should be prefaced with x-amz-meta. + For example, x-amz-meta-my-custom-header: MyCustomValue. The + primary use case for this is to forward GetObject metadata.

+

Amazon Web Services provides some prebuilt Lambda functions that you can + use with S3 Object Lambda to detect and redact personally identifiable information + (PII) and decompress S3 objects. These Lambda functions are available in the + Amazon Web Services Serverless Application Repository, and can be selected + through the Amazon Web Services Management Console when you create your Object + Lambda access point.

Example 1: PII Access Control - This Lambda function + uses Amazon Comprehend, a natural language processing (NLP) service using + machine learning to find insights and relationships in text. It automatically + detects personally identifiable information (PII) such as names, addresses, + dates, credit card numbers, and social security numbers from documents in + your Amazon S3 bucket.

Example 2: PII Redaction - This Lambda function + uses Amazon Comprehend, a natural language processing (NLP) service using + machine learning to find insights and relationships in text. It automatically + redacts personally identifiable information (PII) such as names, addresses, + dates, credit card numbers, and social security numbers from documents in + your Amazon S3 bucket.

Example 3: Decompression - The Lambda function + S3ObjectLambdaDecompression, is equipped to decompress objects stored in S3 + in one of six compressed file formats including bzip2, gzip, snappy, zlib, + zstandard and ZIP.

For information on how to view and use these functions, + see Using + Amazon Web Services built Lambda functions in the Amazon S3 User Guide.

' + operationId: WriteGetObjectResponse + parameters: + - description: Route prefix to the HTTP URL generated. + in: header + name: x-amz-request-route + required: true + schema: + type: string + - description: A single use encrypted token that maps WriteGetObjectResponse + to the end user GetObject request. + in: header + name: x-amz-request-token + required: true + schema: + type: string + - description:

The integer status code for an HTTP response of a corresponding + GetObject request.

Status Codes +

  • 200 - OK

  • 206 - + Partial Content

  • 304 - Not Modified +

  • 400 - Bad Request

  • 401 + - Unauthorized

  • 403 - Forbidden

    +

  • 404 - Not Found

  • 405 + - Method Not Allowed

  • 409 - Conflict +

  • 411 - Length Required

  • + 412 - Precondition Failed

  • 416 - Range + Not Satisfiable

  • 500 - Internal Server Error +

  • 503 - Service Unavailable

+ in: header + name: x-amz-fwd-status + required: false + schema: + type: integer + - description: A string that uniquely identifies an error condition. Returned + in the <Code> tag of the error XML response for a corresponding GetObject + call. Cannot be used with a successful StatusCode header or + when the transformed object is provided in the body. All error codes from + S3 are sentence-cased. The regular expression (regex) value is "^[A-Z][a-zA-Z]+$". + in: header + name: x-amz-fwd-error-code + required: false + schema: + type: string + - description: Contains a generic description of the error condition. Returned + in the <Message> tag of the error XML response for a corresponding + GetObject call. Cannot be used with a successful StatusCode + header or when the transformed object is provided in body. + in: header + name: x-amz-fwd-error-message + required: false + schema: + type: string + - description: Indicates that a range of bytes was specified. + in: header + name: x-amz-fwd-header-accept-ranges + required: false + schema: + type: string + - description: Specifies caching behavior along the request/reply chain. + in: header + name: x-amz-fwd-header-Cache-Control + required: false + schema: + type: string + - description: Specifies presentational information for the object. + in: header + name: x-amz-fwd-header-Content-Disposition + required: false + schema: + type: string + - description: Specifies what content encodings have been applied to the object + and thus what decoding mechanisms must be applied to obtain the media-type + referenced by the Content-Type header field. + in: header + name: x-amz-fwd-header-Content-Encoding + required: false + schema: + type: string + - description: The language the content is in. + in: header + name: x-amz-fwd-header-Content-Language + required: false + schema: + type: string + - description: The size of the content body in bytes. + in: header + name: Content-Length + required: false + schema: + type: integer + - description: The portion of the object returned in the response. + in: header + name: x-amz-fwd-header-Content-Range + required: false + schema: + type: string + - description: A standard MIME type describing the format of the object data. + in: header + name: x-amz-fwd-header-Content-Type + required: false + schema: + type: string + - description:

This header can be used as a data integrity check to verify + that the data received is the same data that was originally sent. This specifies + the base64-encoded, 32-bit CRC32 checksum of the object returned by the + Object Lambda function. This may not match the checksum for the object stored + in Amazon S3. Amazon S3 will perform validation of the checksum values only + when the original GetObject request required checksum validation. + For more information about checksums, see Checking + object integrity in the Amazon S3 User Guide.

Only one + checksum header can be specified at a time. If you supply multiple checksum + headers, this request will fail.

+ in: header + name: x-amz-fwd-header-x-amz-checksum-crc32 + required: false + schema: + type: string + - description:

This header can be used as a data integrity check to verify + that the data received is the same data that was originally sent. This specifies + the base64-encoded, 32-bit CRC32C checksum of the object returned by the + Object Lambda function. This may not match the checksum for the object stored + in Amazon S3. Amazon S3 will perform validation of the checksum values only + when the original GetObject request required checksum validation. + For more information about checksums, see Checking + object integrity in the Amazon S3 User Guide.

Only one + checksum header can be specified at a time. If you supply multiple checksum + headers, this request will fail.

+ in: header + name: x-amz-fwd-header-x-amz-checksum-crc32c + required: false + schema: + type: string + - description:

This header can be used as a data integrity check to verify + that the data received is the same data that was originally sent. This specifies + the base64-encoded, 160-bit SHA-1 digest of the object returned by the Object + Lambda function. This may not match the checksum for the object stored in + Amazon S3. Amazon S3 will perform validation of the checksum values only + when the original GetObject request required checksum validation. + For more information about checksums, see Checking + object integrity in the Amazon S3 User Guide.

Only one + checksum header can be specified at a time. If you supply multiple checksum + headers, this request will fail.

+ in: header + name: x-amz-fwd-header-x-amz-checksum-sha1 + required: false + schema: + type: string + - description:

This header can be used as a data integrity check to verify + that the data received is the same data that was originally sent. This specifies + the base64-encoded, 256-bit SHA-256 digest of the object returned by the + Object Lambda function. This may not match the checksum for the object stored + in Amazon S3. Amazon S3 will perform validation of the checksum values only + when the original GetObject request required checksum validation. + For more information about checksums, see Checking + object integrity in the Amazon S3 User Guide.

Only one + checksum header can be specified at a time. If you supply multiple checksum + headers, this request will fail.

+ in: header + name: x-amz-fwd-header-x-amz-checksum-sha256 + required: false + schema: + type: string + - description: 'Specifies whether an object stored in Amazon S3 is (true) + or is not (false) a delete marker. ' + in: header + name: x-amz-fwd-header-x-amz-delete-marker + required: false + schema: + type: boolean + - description: 'An opaque identifier assigned by a web server to a specific + version of a resource found at a URL. ' + in: header + name: x-amz-fwd-header-ETag + required: false + schema: + type: string + - description: The date and time at which the object is no longer cacheable. + in: header + name: x-amz-fwd-header-Expires + required: false + schema: + format: date-time + type: string + - description: 'If the object expiration is configured (see PUT Bucket lifecycle), + the response includes this header. It includes the expiry-date + and rule-id key-value pairs that provide the object expiration + information. The value of the rule-id is URL-encoded. ' + in: header + name: x-amz-fwd-header-x-amz-expiration + required: false + schema: + type: string + - description: The date and time that the object was last modified. + in: header + name: x-amz-fwd-header-Last-Modified + required: false + schema: + format: date-time + type: string + - description: Set to the number of metadata entries not returned in x-amz-meta + headers. This can happen if you create metadata using an API like SOAP that + supports more flexible metadata than the REST API. For example, using SOAP, + you can create metadata whose values are not legal HTTP headers. + in: header + name: x-amz-fwd-header-x-amz-missing-meta + required: false + schema: + type: integer + - description: Indicates whether an object stored in Amazon S3 has Object Lock + enabled. For more information about S3 Object Lock, see Object + Lock. + in: header + name: x-amz-fwd-header-x-amz-object-lock-mode + required: false + schema: + enum: + - GOVERNANCE + - COMPLIANCE + type: string + - description: Indicates whether an object stored in Amazon S3 has an active + legal hold. + in: header + name: x-amz-fwd-header-x-amz-object-lock-legal-hold + required: false + schema: + enum: + - 'ON' + - 'OFF' + type: string + - description: The date and time when Object Lock is configured to expire. + in: header + name: x-amz-fwd-header-x-amz-object-lock-retain-until-date + required: false + schema: + format: date-time + type: string + - description: The count of parts this object has. + in: header + name: x-amz-fwd-header-x-amz-mp-parts-count + required: false + schema: + type: integer + - description: Indicates if request involves bucket that is either a source + or destination in a Replication rule. For more information about S3 Replication, + see Replication. + in: header + name: x-amz-fwd-header-x-amz-replication-status + required: false + schema: + enum: + - COMPLETE + - PENDING + - FAILED + - REPLICA + type: string + - description: '' + in: header + name: x-amz-fwd-header-x-amz-request-charged + required: false + schema: + description: If present, indicates that the requester was successfully charged + for the request. + enum: + - requester + type: string + - description: Provides information about object restoration operation and expiration + time of the restored object copy. + in: header + name: x-amz-fwd-header-x-amz-restore + required: false + schema: + type: string + - description: ' The server-side encryption algorithm used when storing requested + object in Amazon S3 (for example, AES256, aws:kms).' + in: header + name: x-amz-fwd-header-x-amz-server-side-encryption + required: false + schema: + enum: + - AES256 + - aws:kms + type: string + - description: Encryption algorithm used if server-side encryption with a customer-provided + encryption key was specified for object stored in Amazon S3. + in: header + name: x-amz-fwd-header-x-amz-server-side-encryption-customer-algorithm + required: false + schema: + type: string + - description: ' If present, specifies the ID of the Amazon Web Services Key + Management Service (Amazon Web Services KMS) symmetric customer managed + key that was used for stored in Amazon S3 object. ' + in: header + name: x-amz-fwd-header-x-amz-server-side-encryption-aws-kms-key-id + required: false + schema: + format: password + type: string + - description: ' 128-bit MD5 digest of customer-provided encryption key used + in Amazon S3 to encrypt data stored in S3. For more information, see Protecting + data using server-side encryption with customer-provided encryption keys + (SSE-C).' + in: header + name: x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5 + required: false + schema: + type: string + - description:

Provides storage class information of the object. Amazon S3 + returns this header for all objects except for S3 Standard storage class + objects.

For more information, see Storage + Classes.

+ in: header + name: x-amz-fwd-header-x-amz-storage-class + required: false + schema: + enum: + - STANDARD + - REDUCED_REDUNDANCY + - STANDARD_IA + - ONEZONE_IA + - INTELLIGENT_TIERING + - GLACIER + - DEEP_ARCHIVE + - OUTPOSTS + - GLACIER_IR + type: string + - description: The number of tags, if any, on the object. + in: header + name: x-amz-fwd-header-x-amz-tagging-count + required: false + schema: + type: integer + - description: An ID used to reference a specific version of the object. + in: header + name: x-amz-fwd-header-x-amz-version-id + required: false + schema: + type: string + - description: ' Indicates whether the object stored in Amazon S3 uses an S3 + bucket key for server-side encryption with Amazon Web Services KMS (SSE-KMS).' + in: header + name: x-amz-fwd-header-x-amz-server-side-encryption-bucket-key-enabled + required: false + schema: + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + Body: + description: The object data. + type: string + x-amz-meta-: + additionalProperties: + $ref: '#/components/schemas/MetadataValue' + description: A map of metadata to store with the object in S3. + type: object + type: object + required: true + responses: + '200': + description: Success + /: + delete: + description:

Deletes the S3 bucket. All objects (including all object versions + and delete markers) in the bucket must be deleted before the bucket itself + can be deleted.

Related Resources

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETE.html + operationId: DeleteBucket + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + responses: + '204': + description: Success + get: + description: Returns a list of all buckets owned by the authenticated sender + of the request. To use this operation, you must have the s3:ListAllMyBuckets + permission. + servers: + - description: The Amazon S3 multi-region endpoint + url: https://s3.{region}.amazonaws.com + variables: + region: + default: us-east-2 + description: The AWS region + enum: + - us-east-2 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-east-1 + - ap-south-1 + - me-south-1 + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTServiceGET.html + operationId: ListBuckets + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/ListBucketsOutput' + description: Success + head: + description:

This action is useful to determine if a bucket exists and you + have permission to access it. The action returns a 200 OK if + the bucket exists and you have permission to access it.

If the bucket + does not exist or you do not have permission to access it, the HEAD + request returns a generic 404 Not Found or 403 Forbidden + code. A message body is not included, so you cannot determine the exception + beyond these error codes.

To use this operation, you must have permissions + to perform the s3:ListBucket action. The bucket owner has this + permission by default and can grant this permission to others. For more information + about permissions, see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources.

To use this API + against an access point, you must provide the alias of the access point in + place of the bucket name or specify the access point ARN. When using the access + point ARN, you must direct requests to the access point hostname. The access + point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + When using the Amazon Web Services SDKs, you provide the ARN in place of the + bucket name. For more information see, Using + access points.

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketHEAD.html + operationId: HeadBucket + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchBucket' + description: NoSuchBucket + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description: "

Creates a new S3 bucket. To create a bucket, you must register\ + \ with Amazon S3 and have a valid Amazon Web Services Access Key ID to authenticate\ + \ requests. Anonymous requests are never allowed to create buckets. By creating\ + \ the bucket, you become the bucket owner.

Not every string is an acceptable\ + \ bucket name. For information about bucket naming restrictions, see Bucket naming rules.

If you want to create an Amazon S3 on Outposts\ + \ bucket, see Create Bucket.

By default, the bucket is created in the US East\ + \ (N. Virginia) Region. You can optionally specify a Region in the request\ + \ body. You might choose a Region to optimize latency, minimize costs, or\ + \ address regulatory requirements. For example, if you reside in Europe, you\ + \ will probably find it advantageous to create buckets in the Europe (Ireland)\ + \ Region. For more information, see Accessing a bucket.

If you send your create bucket request\ + \ to the s3.amazonaws.com endpoint, the request goes to the us-east-1\ + \ Region. Accordingly, the signature calculations in Signature Version 4 must\ + \ use us-east-1 as the Region, even if the location constraint in the request\ + \ specifies another Region where the bucket is to be created. If you create\ + \ a bucket in a Region other than US East (N. Virginia), your application\ + \ must be able to handle 307 redirect. For more information, see Virtual\ + \ hosting of buckets.

Access control lists (ACLs)\ + \

When creating a bucket using this operation, you can optionally\ + \ configure the bucket ACL to specify the accounts or groups that should be\ + \ granted specific permissions on the bucket.

If your CreateBucket\ + \ request sets bucket owner enforced for S3 Object Ownership and specifies\ + \ a bucket ACL that provides access to an external Amazon Web Services account,\ + \ your request fails with a 400 error and returns the InvalidBucketAclWithObjectOwnership\ + \ error code. For more information, see Controlling object ownership in the Amazon S3 User Guide.

\ + \

There are two ways to grant the appropriate permissions\ + \ using the request headers.

  • Specify a canned ACL using the\ + \ x-amz-acl request header. Amazon S3 supports a set of predefined\ + \ ACLs, known as canned ACLs. Each canned ACL has a predefined set\ + \ of grantees and permissions. For more information, see Canned ACL.

  • Specify access permissions explicitly using\ + \ the x-amz-grant-read, x-amz-grant-write, x-amz-grant-read-acp,\ + \ x-amz-grant-write-acp, and x-amz-grant-full-control\ + \ headers. These headers map to the set of permissions Amazon S3 supports\ + \ in an ACL. For more information, see Access control list (ACL) overview.

    You specify each grantee as\ + \ a type=value pair, where the type is one of the following:

    • \ + \

      id \u2013 if the value specified is the canonical user\ + \ ID of an Amazon Web Services account

    • uri\ + \ \u2013 if you are granting permissions to a predefined group

    • \ + \

      emailAddress \u2013 if the value specified is the email\ + \ address of an Amazon Web Services account

      Using email addresses\ + \ to specify a grantee is only supported in the following Amazon Web Services\ + \ Regions:

      • US East (N. Virginia)

      • US West\ + \ (N. California)

      • US West (Oregon)

      • Asia\ + \ Pacific (Singapore)

      • Asia Pacific (Sydney)

      • \ + \

        Asia Pacific (Tokyo)

      • Europe (Ireland)

      • \ + \

        South America (S\xE3o Paulo)

      For a list of all the\ + \ Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

      \ + \

    For example, the following x-amz-grant-read\ + \ header grants the Amazon Web Services accounts identified by account IDs\ + \ permissions to read object data and its metadata:

    x-amz-grant-read:\ + \ id=\"11112222333\", id=\"444455556666\"

\ + \

You can use either a canned ACL or specify access permissions explicitly.\ + \ You cannot do both.

Permissions

In addition\ + \ to s3:CreateBucket, the following permissions are required\ + \ when your CreateBucket includes specific headers:

  • ACLs\ + \ - If your CreateBucket request specifies ACL permissions and\ + \ the ACL is public-read, public-read-write, authenticated-read, or if you\ + \ specify access permissions explicitly through any other ACL, both s3:CreateBucket\ + \ and s3:PutBucketAcl permissions are needed. If the ACL the\ + \ CreateBucket request is private or doesn't specify any ACLs,\ + \ only s3:CreateBucket permission is needed.

  • \ + \

    Object Lock - If ObjectLockEnabledForBucket is set\ + \ to true in your CreateBucket request, s3:PutBucketObjectLockConfiguration\ + \ and s3:PutBucketVersioning permissions are required.

    • \ + \

  • S3 Object Ownership - If your CreateBucket request includes\ + \ the the x-amz-object-ownership header, s3:PutBucketOwnershipControls\ + \ permission is required.

The following operations are\ + \ related to CreateBucket:

" + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUT.html + operationId: CreateBucket + parameters: + - description: The canned ACL to apply to the bucket. + in: header + name: x-amz-acl + required: false + schema: + enum: + - private + - public-read + - public-read-write + - authenticated-read + type: string + - description: Allows grantee the read, write, read ACP, and write ACP permissions + on the bucket. + in: header + name: x-amz-grant-full-control + required: false + schema: + type: string + - description: Allows grantee to list the objects in the bucket. + in: header + name: x-amz-grant-read + required: false + schema: + type: string + - description: Allows grantee to read the bucket ACL. + in: header + name: x-amz-grant-read-acp + required: false + schema: + type: string + - description:

Allows grantee to create new objects in the bucket.

For + the bucket and object owners of existing objects, also allows deletions + and overwrites of those objects.

+ in: header + name: x-amz-grant-write + required: false + schema: + type: string + - description: Allows grantee to write the ACL for the applicable bucket. + in: header + name: x-amz-grant-write-acp + required: false + schema: + type: string + - description: Specifies whether you want S3 Object Lock to be enabled for the + new bucket. + in: header + name: x-amz-bucket-object-lock-enabled + required: false + schema: + type: boolean + - description: '' + in: header + name: x-amz-object-ownership + required: false + schema: + description:

The container element for object ownership for a bucket's + ownership controls.

BucketOwnerPreferred - Objects uploaded to + the bucket change ownership to the bucket owner if the objects are uploaded + with the bucket-owner-full-control canned ACL.

ObjectWriter + - The uploading account will own the object if the object is uploaded + with the bucket-owner-full-control canned ACL.

BucketOwnerEnforced + - Access control lists (ACLs) are disabled and no longer affect permissions. + The bucket owner automatically owns and has full control over every object + in the bucket. The bucket only accepts PUT requests that don't specify + an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control + canned ACL or an equivalent form of this ACL expressed in the XML format.

+ enum: + - BucketOwnerPreferred + - ObjectWriter + - BucketOwnerEnforced + type: string + requestBody: + content: + text/xml: + schema: + properties: + CreateBucketConfiguration: + description: The configuration information for the bucket. + properties: + LocationConstraint: + allOf: + - $ref: '#/components/schemas/BucketLocationConstraint' + - description: Specifies the Region where the bucket will be + created. If you don't specify a Region, the bucket is created + in the US East (N. Virginia) Region (us-east-1). + type: object + type: object + required: true + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateBucketOutput' + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/BucketAlreadyExists' + description: BucketAlreadyExists + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/BucketAlreadyOwnedByYou' + description: BucketAlreadyOwnedByYou + /?max-keys=1000: + get: + servers: + - description: The Amazon S3 multi-region endpoint + url: https://{bucket}.s3.{region}.amazonaws.com + variables: + bucket: + default: null-bucket + description: The name of the bucket + region: + default: us-east-2 + description: The AWS region + enum: + - us-east-2 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-east-1 + - ap-south-1 + - me-south-1 + description:

Returns some or all (up to 1,000) of the objects in a bucket. + You can use the request parameters as selection criteria to return a subset + of the objects in a bucket. A 200 OK response can contain valid or invalid + XML. Be sure to design your application to parse the contents of the response + and handle it appropriately.

This action has been revised. + We recommend that you use the newer version, ListObjectsV2, + when developing applications. For backward compatibility, Amazon S3 continues + to support ListObjects.

The following operations + are related to ListObjects:

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGET.html + operationId: ListObjects + parameters: + - description: A delimiter is a character you use to group keys. + in: query + name: delimiter + required: false + schema: + type: string + - description: '' + in: query + name: encoding-type + required: false + schema: + description: Requests Amazon S3 to encode the object keys in the response + and specifies the encoding method to use. An object key may contain any + Unicode character; however, XML 1.0 parser cannot parse some characters, + such as characters with an ASCII value from 0 to 10. For characters that + are not supported in XML 1.0, you can add this parameter to request that + Amazon S3 encode the keys in the response. + enum: + - url + type: string + - description: Marker is where you want Amazon S3 to start listing from. Amazon + S3 starts listing after this specified key. Marker can be any key in the + bucket. + in: query + name: marker + required: false + schema: + type: string + - description: 'Sets the maximum number of keys returned in the response. By + default the action returns up to 1,000 key names. The response might contain + fewer keys but will never contain more. ' + in: query + name: max-keys + required: false + schema: + type: integer + default: 1000 + - description: Limits the response to keys that begin with the specified prefix. + in: query + name: prefix + required: false + schema: + type: string + - description: Confirms that the requester knows that she or he will be charged + for the list objects request. Bucket owners need not specify this parameter + in their requests. + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description: Pagination limit + in: query + name: MaxKeys + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/ListObjectsOutput' + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchBucket' + description: NoSuchBucket + /{Key}: + delete: + description:

Removes the null version (if there is one) of an object and + inserts a delete marker, which becomes the latest version of the object. If + there isn't a null version, Amazon S3 does not remove any objects but will + still respond that the command was successful.

To remove a specific + version, you must be the bucket owner and you must use the version Id subresource. + Using this subresource permanently deletes the version. If the object deleted + is a delete marker, Amazon S3 sets the response header, x-amz-delete-marker, + to true.

If the object you want to delete is in a bucket where the + bucket versioning configuration is MFA Delete enabled, you must include the + x-amz-mfa request header in the DELETE versionId + request. Requests that include x-amz-mfa must use HTTPS.

+

For more information about MFA Delete, see Using + MFA Delete. To see sample requests that use versioning, see Sample + Request.

You can delete objects by explicitly calling DELETE Object + or configure its lifecycle (PutBucketLifecycle) + to enable Amazon S3 to remove them for you. If you want to block users or + accounts from removing or deleting objects from your bucket, you must deny + them the s3:DeleteObject, s3:DeleteObjectVersion, + and s3:PutLifeCycleConfiguration actions.

The following + action is related to DeleteObject:

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectDELETE.html + operationId: DeleteObject + parameters: + - description: Key name of the object to delete. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: The concatenation of the authentication device's serial number, + a space, and the value that is displayed on your authentication device. + Required to permanently delete a versioned object if versioning is configured + with MFA delete enabled. + in: header + name: x-amz-mfa + required: false + schema: + type: string + - description: VersionId used to reference a specific version of the object. + in: query + name: versionId + required: false + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: Indicates whether S3 Object Lock should bypass Governance-mode + restrictions to process this operation. To use this header, you must have + the s3:BypassGovernanceRetention permission. + in: header + name: x-amz-bypass-governance-retention + required: false + schema: + type: boolean + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + responses: + '204': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteObjectOutput' + description: Success + get: + description: "

Retrieves objects from Amazon S3. To use GET,\ + \ you must have READ access to the object. If you grant READ\ + \ access to the anonymous user, you can return the object without using an\ + \ authorization header.

An Amazon S3 bucket has no directory hierarchy\ + \ such as you would find in a typical computer file system. You can, however,\ + \ create a logical hierarchy by using object key names that imply a folder\ + \ structure. For example, instead of naming an object sample.jpg,\ + \ you can name it photos/2006/February/sample.jpg.

To\ + \ get an object from such a logical hierarchy, specify the full key name for\ + \ the object in the GET operation. For a virtual hosted-style\ + \ request example, if you have the object photos/2006/February/sample.jpg,\ + \ specify the resource as /photos/2006/February/sample.jpg. For\ + \ a path-style request example, if you have the object photos/2006/February/sample.jpg\ + \ in the bucket named examplebucket, specify the resource as\ + \ /examplebucket/photos/2006/February/sample.jpg. For more information\ + \ about request types, see HTTP Host Header Bucket Specification.

For more information about\ + \ returning the ACL of an object, see GetObjectAcl.

If the object you are retrieving is stored in the\ + \ S3 Glacier or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering\ + \ Archive or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve\ + \ the object you must first restore a copy using RestoreObject. Otherwise, this action returns an InvalidObjectStateError\ + \ error. For information about restoring archived objects, see Restoring\ + \ Archived Objects.

Encryption request headers, like x-amz-server-side-encryption,\ + \ should not be sent for GET requests if your object uses server-side encryption\ + \ with KMS keys (SSE-KMS) or server-side encryption with Amazon S3\u2013managed\ + \ encryption keys (SSE-S3). If your object does use these types of keys, you\u2019\ + ll get an HTTP 400 BadRequest error.

If you encrypt an object by using\ + \ server-side encryption with customer-provided encryption keys (SSE-C) when\ + \ you store the object in Amazon S3, then when you GET the object, you must\ + \ use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

    \ + \

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

    \ + \

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

\ + \

Assuming you have the relevant permission to read object tags, the response\ + \ also returns the x-amz-tagging-count header that provides the\ + \ count of number of tags associated with the object. You can use GetObjectTagging to retrieve the tag set associated with an object.

\ + \

Permissions

You need the relevant read object (or version)\ + \ permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not\ + \ exist, the error Amazon S3 returns depends on whether you also have the\ + \ s3:ListBucket permission.

  • If you have the\ + \ s3:ListBucket permission on the bucket, Amazon S3 will return\ + \ an HTTP status code 404 (\"no such key\") error.

  • If you\ + \ don\u2019t have the s3:ListBucket permission, Amazon S3 will\ + \ return an HTTP status code 403 (\"access denied\") error.

\ + \

Versioning

By default, the GET action returns the current\ + \ version of an object. To return a different version, use the versionId\ + \ subresource.

  • If you supply a versionId,\ + \ you need the s3:GetObjectVersion permission to access a specific\ + \ version of an object. If you request a specific version, you do not need\ + \ to have the s3:GetObject permission.

  • If\ + \ the current version of the object is a delete marker, Amazon S3 behaves\ + \ as if the object was deleted and includes x-amz-delete-marker: true\ + \ in the response.

For more information about versioning,\ + \ see PutBucketVersioning.

Overriding Response Header Values\ + \

There are times when you want to override certain response header\ + \ values in a GET response. For example, you might override the Content-Disposition\ + \ response header value in your GET request.

You can override values\ + \ for a set of response headers using the following query parameters. These\ + \ response header values are sent only on a successful request, that is, when\ + \ status code 200 OK is returned. The set of headers you can override using\ + \ these parameters is a subset of the headers that Amazon S3 accepts when\ + \ you create an object. The response headers that you can override for the\ + \ GET response are Content-Type, Content-Language,\ + \ Expires, Cache-Control, Content-Disposition,\ + \ and Content-Encoding. To override these header values in the\ + \ GET response, you use the following request parameters.

You\ + \ must sign the request, either using an Authorization header or a presigned\ + \ URL, when using these parameters. They cannot be used with an unsigned (anonymous)\ + \ request.

  • response-content-type

    \ + \

  • response-content-language

  • \ + \ response-expires

  • response-cache-control\ + \

  • response-content-disposition

    • \ + \

  • response-content-encoding

Additional\ + \ Considerations about Request Headers

If both of the If-Match\ + \ and If-Unmodified-Since headers are present in the request\ + \ as follows: If-Match condition evaluates to true,\ + \ and; If-Unmodified-Since condition evaluates to false;\ + \ then, S3 returns 200 OK and the data requested.

If both of the If-None-Match\ + \ and If-Modified-Since headers are present in the request as\ + \ follows: If-None-Match condition evaluates to false,\ + \ and; If-Modified-Since condition evaluates to true;\ + \ then, S3 returns 304 Not Modified response code.

For more information\ + \ about conditional requests, see RFC 7232.

The following operations are related to GetObject:

\ + \ " + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectGET.html + operationId: GetObject + parameters: + - description: Return the object only if its entity tag (ETag) is the same as + the one specified; otherwise, return a 412 (precondition failed) error. + in: header + name: If-Match + required: false + schema: + type: string + - description: Return the object only if it has been modified since the specified + time; otherwise, return a 304 (not modified) error. + in: header + name: If-Modified-Since + required: false + schema: + format: date-time + type: string + - description: Return the object only if its entity tag (ETag) is different + from the one specified; otherwise, return a 304 (not modified) error. + in: header + name: If-None-Match + required: false + schema: + type: string + - description: Return the object only if it has not been modified since the + specified time; otherwise, return a 412 (precondition failed) error. + in: header + name: If-Unmodified-Since + required: false + schema: + format: date-time + type: string + - description: Key of the object to get. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description:

Downloads the specified range bytes of an object. For more + information about the HTTP Range header, see https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.

+

Amazon S3 doesn't support retrieving multiple ranges of data per + GET request.

 + in: header + name: Range + required: false + schema: + type: string + - description: Sets the Cache-Control header of the response. + in: query + name: response-cache-control + required: false + schema: + type: string + - description: Sets the Content-Disposition header of the response + in: query + name: response-content-disposition + required: false + schema: + type: string + - description: Sets the Content-Encoding header of the response. + in: query + name: response-content-encoding + required: false + schema: + type: string + - description: Sets the Content-Language header of the response. + in: query + name: response-content-language + required: false + schema: + type: string + - description: Sets the Content-Type header of the response. + in: query + name: response-content-type + required: false + schema: + type: string + - description: Sets the Expires header of the response. + in: query + name: response-expires + required: false + schema: + format: date-time + type: string + - description: VersionId used to reference a specific version of the object. + in: query + name: versionId + required: false + schema: + type: string + - description: Specifies the algorithm to use to when decrypting the object + (for example, AES256). + in: header + name: x-amz-server-side-encryption-customer-algorithm + required: false + schema: + type: string + - description: Specifies the customer-provided encryption key for Amazon S3 + used to encrypt the data. This value is used to decrypt the object when + recovering it and must match the one used when storing the data. The key + must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm + header. + in: header + name: x-amz-server-side-encryption-customer-key + required: false + schema: + format: password + type: string + - description: Specifies the 128-bit MD5 digest of the encryption key according + to RFC 1321. Amazon S3 uses this header for a message integrity check to + ensure that the encryption key was transmitted without error. + in: header + name: x-amz-server-side-encryption-customer-key-MD5 + required: false + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: Part number of the object being read. This is a positive integer + between 1 and 10,000. Effectively performs a 'ranged' GET request for the + part specified. Useful for downloading just a part of an object. + in: query + name: partNumber + required: false + schema: + type: integer + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description: To retrieve the checksum, this mode must be enabled. + in: header + name: x-amz-checksum-mode + required: false + schema: + enum: + - ENABLED + type: string + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetObjectOutput' + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchKey' + description: NoSuchKey + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidObjectState' + description: InvalidObjectState + head: + description: "

The HEAD action retrieves metadata from an object without returning\ + \ the object itself. This action is useful if you're only interested in an\ + \ object's metadata. To use HEAD, you must have READ access to the object.

\ + \

A HEAD request has the same options as a GET\ + \ action on an object. The response is identical to the GET response\ + \ except that there is no response body. Because of this, if the HEAD\ + \ request generates an error, it returns a generic 404 Not Found\ + \ or 403 Forbidden code. It is not possible to retrieve the exact\ + \ exception beyond these error codes.

If you encrypt an object by using\ + \ server-side encryption with customer-provided encryption keys (SSE-C) when\ + \ you store the object in Amazon S3, then when you retrieve the metadata from\ + \ the object, you must use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

    \ + \

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

    \ + \

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

\ + \

  • Encryption request headers, like x-amz-server-side-encryption,\ + \ should not be sent for GET requests if your object uses server-side encryption\ + \ with KMS keys (SSE-KMS) or server-side encryption with Amazon S3\u2013managed\ + \ encryption keys (SSE-S3). If your object does use these types of keys, you\u2019\ + ll get an HTTP 400 BadRequest error.

  • The last modified\ + \ property in this case is the creation date of the object.

\ + \

Request headers are limited to 8 KB in size. For more information,\ + \ see Common Request Headers.

Consider the following when using request\ + \ headers:

  • Consideration 1 \u2013 If both of the If-Match\ + \ and If-Unmodified-Since headers are present in the request\ + \ as follows:

    • If-Match condition evaluates\ + \ to true, and;

    • If-Unmodified-Since\ + \ condition evaluates to false;

    Then Amazon\ + \ S3 returns 200 OK and the data requested.

  • \ + \ Consideration 2 \u2013 If both of the If-None-Match and If-Modified-Since\ + \ headers are present in the request as follows:

    • If-None-Match\ + \ condition evaluates to false, and;

    • If-Modified-Since\ + \ condition evaluates to true;

    Then Amazon\ + \ S3 returns the 304 Not Modified response code.

\ + \

For more information about conditional requests, see RFC 7232.

Permissions

You need the relevant read\ + \ object (or version) permission for this operation. For more information,\ + \ see Specifying Permissions in a Policy. If the object you request does not\ + \ exist, the error Amazon S3 returns depends on whether you also have the\ + \ s3:ListBucket permission.

  • If you have the s3:ListBucket\ + \ permission on the bucket, Amazon S3 returns an HTTP status code 404 (\"\ + no such key\") error.

  • If you don\u2019t have the s3:ListBucket\ + \ permission, Amazon S3 returns an HTTP status code 403 (\"access denied\"\ + ) error.

The following actions are related to HeadObject:

\ + \ " + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectHEAD.html + operationId: HeadObject + parameters: + - description: Return the object only if its entity tag (ETag) is the same as + the one specified; otherwise, return a 412 (precondition failed) error. + in: header + name: If-Match + required: false + schema: + type: string + - description: Return the object only if it has been modified since the specified + time; otherwise, return a 304 (not modified) error. + in: header + name: If-Modified-Since + required: false + schema: + format: date-time + type: string + - description: Return the object only if its entity tag (ETag) is different + from the one specified; otherwise, return a 304 (not modified) error. + in: header + name: If-None-Match + required: false + schema: + type: string + - description: Return the object only if it has not been modified since the + specified time; otherwise, return a 412 (precondition failed) error. + in: header + name: If-Unmodified-Since + required: false + schema: + format: date-time + type: string + - description: The object key. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: Because HeadObject returns only the metadata for + an object, this parameter has no effect. + in: header + name: Range + required: false + schema: + type: string + - description: VersionId used to reference a specific version of the object. + in: query + name: versionId + required: false + schema: + type: string + - description: Specifies the algorithm to use to when encrypting the object + (for example, AES256). + in: header + name: x-amz-server-side-encryption-customer-algorithm + required: false + schema: + type: string + - description: Specifies the customer-provided encryption key for Amazon S3 + to use in encrypting data. This value is used to store the object and then + it is discarded; Amazon S3 does not store the encryption key. The key must + be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm + header. + in: header + name: x-amz-server-side-encryption-customer-key + required: false + schema: + format: password + type: string + - description: Specifies the 128-bit MD5 digest of the encryption key according + to RFC 1321. Amazon S3 uses this header for a message integrity check to + ensure that the encryption key was transmitted without error. + in: header + name: x-amz-server-side-encryption-customer-key-MD5 + required: false + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: Part number of the object being read. This is a positive integer + between 1 and 10,000. Effectively performs a 'ranged' HEAD request for the + part specified. Useful querying about the size of the part and the number + of parts in this object. + in: query + name: partNumber + required: false + schema: + type: integer + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description:

To retrieve the checksum, this parameter must be enabled.

+

In addition, if you enable ChecksumMode and the object is + encrypted with Amazon Web Services Key Management Service (Amazon Web Services + KMS), you must have permission to use the kms:Decrypt action + for the request to succeed.

+ in: header + name: x-amz-checksum-mode + required: false + schema: + enum: + - ENABLED + type: string + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/HeadObjectOutput' + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchKey' + description: NoSuchKey + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

Adds an object to a bucket. You must have WRITE permissions + on a bucket to add an object to it.

Amazon S3 never adds partial objects; + if you receive a success response, Amazon S3 added the entire object to the + bucket.

Amazon S3 is a distributed system. If it receives multiple + write requests for the same object simultaneously, it overwrites all but the + last object written. Amazon S3 does not provide object locking; if you need + this, make sure to build it into your application layer or use versioning + instead.

To ensure that data is not corrupted traversing the network, + use the Content-MD5 header. When you use this header, Amazon + S3 checks the object against the provided MD5 value and, if they do not match, + returns an error. Additionally, you can calculate the MD5 while putting an + object to Amazon S3 and compare the returned ETag to the calculated MD5 value.

+

  • To successfully complete the PutObject request, + you must have the s3:PutObject in your IAM permissions.

    • +

  • To successfully change the objects acl of your PutObject + request, you must have the s3:PutObjectAcl in your IAM permissions.

    +

  • The Content-MD5 header is required for any request + to upload an object with a retention period configured using Amazon S3 Object + Lock. For more information about Amazon S3 Object Lock, see Amazon + S3 Object Lock Overview in the Amazon S3 User Guide.

    • +

Server-side Encryption

You can optionally + request server-side encryption. With server-side encryption, Amazon S3 encrypts + your data as it writes it to disks in its data centers and decrypts the data + when you access it. You have the option to provide your own encryption key + or use Amazon Web Services managed encryption keys (SSE-S3 or SSE-KMS). For + more information, see Using + Server-Side Encryption.

If you request server-side encryption using + Amazon Web Services Key Management Service (SSE-KMS), you can enable an S3 + Bucket Key at the object-level. For more information, see Amazon + S3 Bucket Keys in the Amazon S3 User Guide.

Access Control + List (ACL)-Specific Request Headers

You can use headers to grant + ACL- based permissions. By default, all objects are private. Only the owner + has full access control. When adding a new object, you can grant permissions + to individual Amazon Web Services accounts or to predefined groups defined + by Amazon S3. These permissions are then added to the ACL on the object. For + more information, see Access + Control List (ACL) Overview and Managing + ACLs Using the REST API.

If the bucket that you're uploading objects + to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are + disabled and no longer affect permissions. Buckets that use this setting only + accept PUT requests that don't specify an ACL or PUT requests that specify + bucket owner full control ACLs, such as the bucket-owner-full-control + canned ACL or an equivalent form of this ACL expressed in the XML format. + PUT requests that contain other ACLs (for example, custom grants to certain + Amazon Web Services accounts) fail and return a 400 error with + the error code AccessControlListNotSupported.

For more + information, see + Controlling ownership of objects and disabling ACLs in the Amazon S3 + User Guide.

If your bucket uses the bucket owner enforced + setting for Object Ownership, all objects written to the bucket by any account + will be owned by the bucket owner.

Storage Class Options +

By default, Amazon S3 uses the STANDARD Storage Class to store newly + created objects. The STANDARD storage class provides high durability and high + availability. Depending on performance needs, you can specify a different + Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. + For more information, see Storage + Classes in the Amazon S3 User Guide.

Versioning +

If you enable versioning for a bucket, Amazon S3 automatically generates + a unique version ID for the object being stored. Amazon S3 returns this ID + in the response. When you enable versioning for a bucket, if Amazon S3 receives + multiple write requests for the same object simultaneously, it stores all + of the objects.

For more information about versioning, see Adding + Objects to Versioning Enabled Buckets. For information about returning + the versioning state of a bucket, see GetBucketVersioning. +

Related Resources

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectPUT.html + operationId: PutObject + parameters: + - description:

The canned ACL to apply to the object. For more information, + see Canned + ACL.

This action is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-acl + required: false + schema: + enum: + - private + - public-read + - public-read-write + - authenticated-read + - aws-exec-read + - bucket-owner-read + - bucket-owner-full-control + type: string + - description: ' Can be used to specify caching behavior along the request/reply + chain. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.' + in: header + name: Cache-Control + required: false + schema: + type: string + - description: Specifies presentational information for the object. For more + information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1. + in: header + name: Content-Disposition + required: false + schema: + type: string + - description: Specifies what content encodings have been applied to the object + and thus what decoding mechanisms must be applied to obtain the media-type + referenced by the Content-Type header field. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11. + in: header + name: Content-Encoding + required: false + schema: + type: string + - description: The language the content is in. + in: header + name: Content-Language + required: false + schema: + type: string + - description: Size of the body in bytes. This parameter is useful when the + size of the body cannot be determined automatically. For more information, + see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13. + in: header + name: Content-Length + required: false + schema: + type: integer + - description: The base64-encoded 128-bit MD5 digest of the message (without + the headers) according to RFC 1864. This header can be used as a message + integrity check to verify that the data is the same data that was originally + sent. Although it is optional, we recommend using the Content-MD5 mechanism + as an end-to-end integrity check. For more information about REST request + authentication, see REST + Authentication. + in: header + name: Content-MD5 + required: false + schema: + type: string + - description: A standard MIME type describing the format of the contents. For + more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17. + in: header + name: Content-Type + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: This header can be used as a data integrity check to verify that + the data received is the same data that was originally sent. This header + specifies the base64-encoded, 32-bit CRC32 checksum of the object. For more + information, see Checking + object integrity in the Amazon S3 User Guide. + in: header + name: x-amz-checksum-crc32 + required: false + schema: + type: string + - description: This header can be used as a data integrity check to verify that + the data received is the same data that was originally sent. This header + specifies the base64-encoded, 32-bit CRC32C checksum of the object. For + more information, see Checking + object integrity in the Amazon S3 User Guide. + in: header + name: x-amz-checksum-crc32c + required: false + schema: + type: string + - description: This header can be used as a data integrity check to verify that + the data received is the same data that was originally sent. This header + specifies the base64-encoded, 160-bit SHA-1 digest of the object. For more + information, see Checking + object integrity in the Amazon S3 User Guide. + in: header + name: x-amz-checksum-sha1 + required: false + schema: + type: string + - description: This header can be used as a data integrity check to verify that + the data received is the same data that was originally sent. This header + specifies the base64-encoded, 256-bit SHA-256 digest of the object. For + more information, see Checking + object integrity in the Amazon S3 User Guide. + in: header + name: x-amz-checksum-sha256 + required: false + schema: + type: string + - description: The date and time at which the object is no longer cacheable. + For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21. + in: header + name: Expires + required: false + schema: + format: date-time + type: string + - description:

Gives the grantee READ, READ_ACP, and WRITE_ACP permissions + on the object.

This action is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-full-control + required: false + schema: + type: string + - description:

Allows grantee to read the object data and its metadata.

+

This action is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-read + required: false + schema: + type: string + - description:

Allows grantee to read the object ACL.

This action + is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-read-acp + required: false + schema: + type: string + - description:

Allows grantee to write the ACL for the applicable object.

+

This action is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-write-acp + required: false + schema: + type: string + - description: Object key for which the PUT action was initiated. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: The server-side encryption algorithm used when storing this object + in Amazon S3 (for example, AES256, aws:kms). + in: header + name: x-amz-server-side-encryption + required: false + schema: + enum: + - AES256 + - aws:kms + type: string + - description: By default, Amazon S3 uses the STANDARD Storage Class to store + newly created objects. The STANDARD storage class provides high durability + and high availability. Depending on performance needs, you can specify a + different Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage + Class. For more information, see Storage + Classes in the Amazon S3 User Guide. + in: header + name: x-amz-storage-class + required: false + schema: + enum: + - STANDARD + - REDUCED_REDUNDANCY + - STANDARD_IA + - ONEZONE_IA + - INTELLIGENT_TIERING + - GLACIER + - DEEP_ARCHIVE + - OUTPOSTS + - GLACIER_IR + type: string + - description: '

If the bucket is configured as a website, redirects requests + for this object to another object in the same bucket or to an external URL. + Amazon S3 stores the value of this header in the object metadata. For information + about object metadata, see Object + Key and Metadata.

In the following example, the request header + sets the redirect to an object (anotherPage.html) in the same bucket:

+

x-amz-website-redirect-location: /anotherPage.html

+

In the following example, the request header sets the object redirect + to another website:

x-amz-website-redirect-location: http://www.example.com/ +

For more information about website hosting in Amazon S3, see Hosting + Websites on Amazon S3 and How + to Configure Website Page Redirects.

' + in: header + name: x-amz-website-redirect-location + required: false + schema: + type: string + - description: Specifies the algorithm to use to when encrypting the object + (for example, AES256). + in: header + name: x-amz-server-side-encryption-customer-algorithm + required: false + schema: + type: string + - description: Specifies the customer-provided encryption key for Amazon S3 + to use in encrypting data. This value is used to store the object and then + it is discarded; Amazon S3 does not store the encryption key. The key must + be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm + header. + in: header + name: x-amz-server-side-encryption-customer-key + required: false + schema: + format: password + type: string + - description: Specifies the 128-bit MD5 digest of the encryption key according + to RFC 1321. Amazon S3 uses this header for a message integrity check to + ensure that the encryption key was transmitted without error. + in: header + name: x-amz-server-side-encryption-customer-key-MD5 + required: false + schema: + type: string + - description: 'If x-amz-server-side-encryption is present and + has the value of aws:kms, this header specifies the ID of the + Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetrical + customer managed key that was used for the object. If you specify x-amz-server-side-encryption:aws:kms, + but do not provide x-amz-server-side-encryption-aws-kms-key-id, + Amazon S3 uses the Amazon Web Services managed key to protect the data. + If the KMS key does not exist in the same account issuing the command, you + must use the full ARN and not just the ID. ' + in: header + name: x-amz-server-side-encryption-aws-kms-key-id + required: false + schema: + format: password + type: string + - description: Specifies the Amazon Web Services KMS Encryption Context to use + for object encryption. The value of this header is a base64-encoded UTF-8 + string holding JSON with the encryption context key-value pairs. + in: header + name: x-amz-server-side-encryption-context + required: false + schema: + format: password + type: string + - description: "

Specifies whether Amazon S3 should use an S3 Bucket Key for\ + \ object encryption with server-side encryption using AWS KMS (SSE-KMS).\ + \ Setting this header to true causes Amazon S3 to use an S3\ + \ Bucket Key for object encryption with SSE-KMS.

Specifying this\ + \ header with a PUT action doesn\u2019t affect bucket-level settings for\ + \ S3 Bucket Key.

" + in: header + name: x-amz-server-side-encryption-bucket-key-enabled + required: false + schema: + type: boolean + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The tag-set for the object. The tag-set must be encoded as URL + Query parameters. (For example, "Key1=Value1") + in: header + name: x-amz-tagging + required: false + schema: + type: string + - description: The Object Lock mode that you want to apply to this object. + in: header + name: x-amz-object-lock-mode + required: false + schema: + enum: + - GOVERNANCE + - COMPLIANCE + type: string + - description: The date and time when you want this object's Object Lock to + expire. Must be formatted as a timestamp parameter. + in: header + name: x-amz-object-lock-retain-until-date + required: false + schema: + format: date-time + type: string + - description: Specifies whether a legal hold will be applied to this object. + For more information about S3 Object Lock, see Object + Lock. + in: header + name: x-amz-object-lock-legal-hold + required: false + schema: + enum: + - 'ON' + - 'OFF' + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + properties: + Body: + description: Object data. + type: string + x-amz-meta-: + additionalProperties: + $ref: '#/components/schemas/MetadataValue' + description: A map of metadata to store with the object in S3. + type: object + type: object + required: true + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/PutObjectOutput' + description: Success + /{Key}#partNumber&uploadId: + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description: '

Uploads a part in a multipart upload.

In this + operation, you provide part data in your request. However, you have an option + to specify your existing Amazon S3 object as a data source for the part you + are uploading. To upload a part from an existing object, you use the UploadPartCopy + operation.

You must initiate a multipart upload (see CreateMultipartUpload) + before you can upload any part. In response to your initiate request, Amazon + S3 returns an upload ID, a unique identifier, that you must include in your + upload part request.

Part numbers can be any number from 1 to 10,000, + inclusive. A part number uniquely identifies a part and also defines its position + within the object being created. If you upload a new part using the same part + number that was used with a previous part, the previously uploaded part is + overwritten.

For information about maximum and minimum part sizes and + other multipart upload specifications, see Multipart + upload limits in the Amazon S3 User Guide.

To ensure that + data is not corrupted when traversing the network, specify the Content-MD5 + header in the upload part request. Amazon S3 checks the part data against + the provided MD5 value. If they do not match, Amazon S3 returns an error. +

If the upload request is signed with Signature Version 4, then Amazon + Web Services S3 uses the x-amz-content-sha256 header as a checksum + instead of Content-MD5. For more information see Authenticating + Requests: Using the Authorization Header (Amazon Web Services Signature Version + 4).

Note: After you initiate multipart upload and upload + one or more parts, you must either complete or abort multipart upload in order + to stop getting charged for storage of the uploaded parts. Only after you + either complete or abort multipart upload, Amazon S3 frees up the parts storage + and stops charging you for the parts storage.

For more information + on multipart uploads, go to Multipart + Upload Overview in the Amazon S3 User Guide .

For information + on the permissions required to use the multipart upload API, go to Multipart + Upload and Permissions in the Amazon S3 User Guide.

You + can optionally request server-side encryption where Amazon S3 encrypts your + data as it writes it to disks in its data centers and decrypts it for you + when you access it. You have the option of providing your own encryption key, + or you can use the Amazon Web Services managed encryption keys. If you choose + to provide your own encryption key, the request headers you provide in the + request must match the headers you used in the request to initiate the upload + by using CreateMultipartUpload. + For more information, go to Using + Server-Side Encryption in the Amazon S3 User Guide.

Server-side + encryption is supported by the S3 Multipart Upload actions. Unless you are + using a customer-provided encryption key, you don''t need to specify the encryption + parameters in each UploadPart request. Instead, you only need to specify the + server-side encryption parameters in the initial Initiate Multipart request. + For more information, see CreateMultipartUpload.

+

If you requested server-side encryption using a customer-provided encryption + key in your initiate multipart upload request, you must provide identical + encryption information in each part upload using the following headers.

+

  • x-amz-server-side-encryption-customer-algorithm

  • +

    x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

    +

Special Errors

    • +

      Code: NoSuchUpload

    • Cause: The specified + multipart upload does not exist. The upload ID might be invalid, or the multipart + upload might have been aborted or completed.

    • HTTP + Status Code: 404 Not Found

    • SOAP Fault Code Prefix: + Client

Related Resources +

' + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadUploadPart.html + operationId: UploadPart + parameters: + - description: Size of the body in bytes. This parameter is useful when the + size of the body cannot be determined automatically. + in: header + name: Content-Length + required: false + schema: + type: integer + - description: The base64-encoded 128-bit MD5 digest of the part data. This + parameter is auto-populated when using the command from the CLI. This parameter + is required if object lock parameters are specified. + in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

This checksum algorithm must be the same for all parts + and it match the checksum value supplied in the CreateMultipartUpload + request.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: This header can be used as a data integrity check to verify that + the data received is the same data that was originally sent. This header + specifies the base64-encoded, 32-bit CRC32 checksum of the object. For more + information, see Checking + object integrity in the Amazon S3 User Guide. + in: header + name: x-amz-checksum-crc32 + required: false + schema: + type: string + - description: This header can be used as a data integrity check to verify that + the data received is the same data that was originally sent. This header + specifies the base64-encoded, 32-bit CRC32C checksum of the object. For + more information, see Checking + object integrity in the Amazon S3 User Guide. + in: header + name: x-amz-checksum-crc32c + required: false + schema: + type: string + - description: This header can be used as a data integrity check to verify that + the data received is the same data that was originally sent. This header + specifies the base64-encoded, 160-bit SHA-1 digest of the object. For more + information, see Checking + object integrity in the Amazon S3 User Guide. + in: header + name: x-amz-checksum-sha1 + required: false + schema: + type: string + - description: This header can be used as a data integrity check to verify that + the data received is the same data that was originally sent. This header + specifies the base64-encoded, 256-bit SHA-256 digest of the object. For + more information, see Checking + object integrity in the Amazon S3 User Guide. + in: header + name: x-amz-checksum-sha256 + required: false + schema: + type: string + - description: Object key for which the multipart upload was initiated. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: Part number of part being uploaded. This is a positive integer + between 1 and 10,000. + in: query + name: partNumber + required: true + schema: + type: integer + - description: Upload ID identifying the multipart upload whose part is being + uploaded. + in: query + name: uploadId + required: true + schema: + type: string + - description: Specifies the algorithm to use to when encrypting the object + (for example, AES256). + in: header + name: x-amz-server-side-encryption-customer-algorithm + required: false + schema: + type: string + - description: Specifies the customer-provided encryption key for Amazon S3 + to use in encrypting data. This value is used to store the object and then + it is discarded; Amazon S3 does not store the encryption key. The key must + be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm + header. This must be the same encryption key specified in the initiate + multipart upload request. + in: header + name: x-amz-server-side-encryption-customer-key + required: false + schema: + format: password + type: string + - description: Specifies the 128-bit MD5 digest of the encryption key according + to RFC 1321. Amazon S3 uses this header for a message integrity check to + ensure that the encryption key was transmitted without error. + in: header + name: x-amz-server-side-encryption-customer-key-MD5 + required: false + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + properties: + Body: + description: Object data. + type: string + type: object + required: true + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/UploadPartOutput' + description: Success + /{Key}#uploadId: + delete: + description:

This action aborts a multipart upload. After a multipart upload + is aborted, no additional parts can be uploaded using that upload ID. The + storage consumed by any previously uploaded parts will be freed. However, + if any part uploads are currently in progress, those part uploads might or + might not succeed. As a result, it might be necessary to abort a given multipart + upload multiple times in order to completely free all storage consumed by + all parts.

To verify that all parts have been removed, so you don't + get charged for the part storage, you should call the ListParts + action and ensure that the parts list is empty.

For information about + permissions required to use the multipart upload, see Multipart + Upload and Permissions.

The following operations are related to + AbortMultipartUpload:

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadAbort.html + operationId: AbortMultipartUpload + parameters: + - description: Key of the object for which the multipart upload was initiated. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: Upload ID that identifies the multipart upload. + in: query + name: uploadId + required: true + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + responses: + '204': + content: + text/xml: + schema: + $ref: '#/components/schemas/AbortMultipartUploadOutput' + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchUpload' + description: NoSuchUpload + get: + description:

Lists the parts that have been uploaded for a specific multipart + upload. This operation must include the upload ID, which you obtain by sending + the initiate multipart upload request (see CreateMultipartUpload). + This request returns a maximum of 1,000 uploaded parts. The default number + of parts returned is 1,000 parts. You can restrict the number of parts returned + by specifying the max-parts request parameter. If your multipart + upload consists of more than 1,000 parts, the response returns an IsTruncated + field with the value of true, and a NextPartNumberMarker element. + In subsequent ListParts requests you can include the part-number-marker + query string parameter and set its value to the NextPartNumberMarker + field value from the previous response.

If the upload was created using + a checksum algorithm, you will need to have permission to the kms:Decrypt + action for the request to succeed.

For more information on multipart + uploads, see Uploading + Objects Using Multipart Upload.

For information on permissions + required to use the multipart upload API, see Multipart + Upload and Permissions.

The following operations are related to + ListParts:

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadListParts.html + operationId: ListParts + parameters: + - description: Object key for which the multipart upload was initiated. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: Sets the maximum number of parts to return. + in: query + name: max-parts + required: false + schema: + type: integer + - description: Specifies the part after which listing should begin. Only parts + with higher part numbers will be listed. + in: query + name: part-number-marker + required: false + schema: + type: integer + - description: Upload ID identifying the multipart upload whose parts are being + listed. + in: query + name: uploadId + required: true + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description: The server-side encryption (SSE) algorithm used to encrypt the + object. This parameter is needed only when the object was created using + a checksum algorithm. For more information, see Protecting + data using SSE-C keys in the Amazon S3 User Guide. + in: header + name: x-amz-server-side-encryption-customer-algorithm + required: false + schema: + type: string + - description: The server-side encryption (SSE) customer managed key. This parameter + is needed only when the object was created using a checksum algorithm. For + more information, see Protecting + data using SSE-C keys in the Amazon S3 User Guide. + in: header + name: x-amz-server-side-encryption-customer-key + required: false + schema: + format: password + type: string + - description: The MD5 server-side encryption (SSE) customer managed key. This + parameter is needed only when the object was created using a checksum algorithm. + For more information, see Protecting + data using SSE-C keys in the Amazon S3 User Guide. + in: header + name: x-amz-server-side-encryption-customer-key-MD5 + required: false + schema: + type: string + - description: Pagination limit + in: query + name: MaxParts + required: false + schema: + type: string + - description: Pagination token + in: query + name: PartNumberMarker + required: false + schema: + type: string + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/ListPartsOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + post: + description: '

Completes a multipart upload by assembling previously uploaded + parts.

You first initiate the multipart upload and then upload all + parts using the UploadPart + operation. After successfully uploading all relevant parts of an upload, you + call this action to complete the upload. Upon receiving this request, Amazon + S3 concatenates all the parts in ascending order by part number to create + a new object. In the Complete Multipart Upload request, you must provide the + parts list. You must ensure that the parts list is complete. This action concatenates + the parts that you provide in the list. For each part in the list, you must + provide the part number and the ETag value, returned after that + part was uploaded.

Processing of a Complete Multipart Upload request + could take several minutes to complete. After Amazon S3 begins processing + the request, it sends an HTTP response header that specifies a 200 OK response. + While processing is in progress, Amazon S3 periodically sends white space + characters to keep the connection from timing out. Because a request could + fail after the initial 200 OK response has been sent, it is important that + you check the response body to determine whether the request succeeded.

+

Note that if CompleteMultipartUpload fails, applications should + be prepared to retry the failed requests. For more information, see Amazon + S3 Error Best Practices.

You cannot use Content-Type: + application/x-www-form-urlencoded with Complete Multipart Upload requests. + Also, if you do not provide a Content-Type header, CompleteMultipartUpload + returns a 200 OK response.

For more information about + multipart uploads, see Uploading + Objects Using Multipart Upload.

For information about permissions + required to use the multipart upload API, see Multipart + Upload and Permissions.

CompleteMultipartUpload has + the following special errors:

  • Error code: EntityTooSmall +

    • Description: Your proposed upload is smaller than the minimum + allowed object size. Each part must be at least 5 MB in size, except the last + part.

    • 400 Bad Request

  • Error + code: InvalidPart

    • Description: One or more + of the specified parts could not be found. The part might not have been uploaded, + or the specified entity tag might not have matched the part''s entity tag.

      +

    • 400 Bad Request

  • Error code: InvalidPartOrder +

    • Description: The list of parts was not in ascending order. + The parts list must be specified in order by part number.

    • 400 + Bad Request

  • Error code: NoSuchUpload +

    • Description: The specified multipart upload does not exist. + The upload ID might be invalid, or the multipart upload might have been aborted + or completed.

    • 404 Not Found

+

The following operations are related to CompleteMultipartUpload:

+ ' + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadComplete.html + operationId: CompleteMultipartUpload + parameters: + - description: Object key for which the multipart upload was initiated. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: ID for the initiated multipart upload. + in: query + name: uploadId + required: true + schema: + type: string + - description: This header can be used as a data integrity check to verify that + the data received is the same data that was originally sent. This header + specifies the base64-encoded, 32-bit CRC32 checksum of the object. For more + information, see Checking + object integrity in the Amazon S3 User Guide. + in: header + name: x-amz-checksum-crc32 + required: false + schema: + type: string + - description: This header can be used as a data integrity check to verify that + the data received is the same data that was originally sent. This header + specifies the base64-encoded, 32-bit CRC32C checksum of the object. For + more information, see Checking + object integrity in the Amazon S3 User Guide. + in: header + name: x-amz-checksum-crc32c + required: false + schema: + type: string + - description: This header can be used as a data integrity check to verify that + the data received is the same data that was originally sent. This header + specifies the base64-encoded, 160-bit SHA-1 digest of the object. For more + information, see Checking + object integrity in the Amazon S3 User Guide. + in: header + name: x-amz-checksum-sha1 + required: false + schema: + type: string + - description: This header can be used as a data integrity check to verify that + the data received is the same data that was originally sent. This header + specifies the base64-encoded, 256-bit SHA-256 digest of the object. For + more information, see Checking + object integrity in the Amazon S3 User Guide. + in: header + name: x-amz-checksum-sha256 + required: false + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description: The server-side encryption (SSE) algorithm used to encrypt the + object. This parameter is needed only when the object was created using + a checksum algorithm. For more information, see Protecting + data using SSE-C keys in the Amazon S3 User Guide. + in: header + name: x-amz-server-side-encryption-customer-algorithm + required: false + schema: + type: string + - description: The server-side encryption (SSE) customer managed key. This parameter + is needed only when the object was created using a checksum algorithm. For + more information, see Protecting + data using SSE-C keys in the Amazon S3 User Guide. + in: header + name: x-amz-server-side-encryption-customer-key + required: false + schema: + format: password + type: string + - description: The MD5 server-side encryption (SSE) customer managed key. This + parameter is needed only when the object was created using a checksum algorithm. + For more information, see Protecting + data using SSE-C keys in the Amazon S3 User Guide. + in: header + name: x-amz-server-side-encryption-customer-key-MD5 + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + properties: + CompleteMultipartUpload: + description: The container for the completed multipart upload details. + properties: + Part: + allOf: + - $ref: '#/components/schemas/CompletedPartList' + - description:

Array of CompletedPart data types.

If + you do not supply a valid Part with your request, + the service sends back an HTTP 400 response.

+ type: object + type: object + required: true + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/CompleteMultipartUploadOutput' + description: Success + /{Key}#x-amz-copy-source: + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

Creates a copy of an object that is already stored in Amazon + S3.

You can store individual objects of up to 5 TB in Amazon + S3. You create a copy of your object up to 5 GB in size in a single atomic + action using this API. However, to copy an object greater than 5 GB, you must + use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more + information, see Copy + Object Using the REST Multipart Upload API.

All copy requests + must be authenticated. Additionally, you must have read access to the + source object and write access to the destination bucket. For more + information, see REST + Authentication. Both the Region that you want to copy the object from + and the Region that you want to copy the object to must be enabled for your + account.

A copy request might return an error when Amazon S3 receives + the copy request or while Amazon S3 is copying the files. If the error occurs + before the copy action starts, you receive a standard Amazon S3 error. If + the error occurs during the copy operation, the error response is embedded + in the 200 OK response. This means that a 200 OK + response can contain either a success or an error. Design your application + to parse the contents of the response and handle it appropriately.

If + the copy is successful, you receive a response with information about the + copied object.

If the request is an HTTP 1.1 request, the response + is chunk encoded. If it were not, it would not contain the content-length, + and you would need to read the entire body.

The copy request + charge is based on the storage class and Region that you specify for the destination + object. For pricing information, see Amazon + S3 pricing.

Amazon S3 transfer acceleration does not + support cross-Region copies. If you request a cross-Region copy using a transfer + acceleration endpoint, you get a 400 Bad Request error. For more + information, see Transfer + Acceleration.

Metadata

When copying + an object, you can preserve all metadata (default) or specify new metadata. + However, the ACL is not preserved and is set to private for the user making + the request. To override the default ACL setting, specify a new ACL when generating + a copy request. For more information, see Using + ACLs.

To specify whether you want the object metadata copied from + the source object or replaced with metadata provided in the request, you can + optionally add the x-amz-metadata-directive header. When you + grant permissions, you can use the s3:x-amz-metadata-directive + condition key to enforce certain metadata behavior when objects are uploaded. + For more information, see Specifying + Conditions in a Policy in the Amazon S3 User Guide. For a complete + list of Amazon S3-specific condition keys, see Actions, + Resources, and Condition Keys for Amazon S3.

x-amz-copy-source-if + Headers

To only copy an object under certain conditions, such + as whether the Etag matches or whether the object was modified + before or after a specified date, use the following request parameters:

+

  • x-amz-copy-source-if-match

  • + x-amz-copy-source-if-none-match

  • x-amz-copy-source-if-unmodified-since +

  • x-amz-copy-source-if-modified-since

    +

If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + headers are present in the request and evaluate as follows, Amazon S3 returns + 200 OK and copies the data:

  • x-amz-copy-source-if-match + condition evaluates to true

  • x-amz-copy-source-if-unmodified-since + condition evaluates to false

If both the x-amz-copy-source-if-none-match + and x-amz-copy-source-if-modified-since headers are present in + the request and evaluate as follows, Amazon S3 returns the 412 Precondition + Failed response code:

  • x-amz-copy-source-if-none-match + condition evaluates to false

  • x-amz-copy-source-if-modified-since + condition evaluates to true

All headers with the + x-amz- prefix, including x-amz-copy-source, must + be signed.

Server-side encryption

When you + perform a CopyObject operation, you can optionally use the appropriate encryption-related + headers to encrypt the object using server-side encryption with Amazon Web + Services managed encryption keys (SSE-S3 or SSE-KMS) or a customer-provided + encryption key. With server-side encryption, Amazon S3 encrypts your data + as it writes it to disks in its data centers and decrypts the data when you + access it. For more information about server-side encryption, see Using + Server-Side Encryption.

If a target object uses SSE-KMS, you can + enable an S3 Bucket Key for the object. For more information, see Amazon + S3 Bucket Keys in the Amazon S3 User Guide.

Access Control + List (ACL)-Specific Request Headers

When copying an object, you + can optionally use headers to grant ACL-based permissions. By default, all + objects are private. Only the owner has full access control. When adding a + new object, you can grant permissions to individual Amazon Web Services accounts + or to predefined groups defined by Amazon S3. These permissions are then added + to the ACL on the object. For more information, see Access + Control List (ACL) Overview and Managing + ACLs Using the REST API.

If the bucket that you're copying objects + to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are + disabled and no longer affect permissions. Buckets that use this setting only + accept PUT requests that don't specify an ACL or PUT requests that specify + bucket owner full control ACLs, such as the bucket-owner-full-control + canned ACL or an equivalent form of this ACL expressed in the XML format.

+

For more information, see + Controlling ownership of objects and disabling ACLs in the Amazon S3 + User Guide.

If your bucket uses the bucket owner enforced + setting for Object Ownership, all objects written to the bucket by any account + will be owned by the bucket owner.

Checksums

When + copying an object, if it has a checksum, that checksum will be copied to the + new object by default. When you copy the object over, you may optionally specify + a different checksum algorithm to use with the x-amz-checksum-algorithm + header.

Storage Class Options

You can use the CopyObject + action to change the storage class of an object that is already stored in + Amazon S3 using the StorageClass parameter. For more information, + see Storage + Classes in the Amazon S3 User Guide.

Versioning +

By default, x-amz-copy-source identifies the current + version of an object to copy. If the current version is a delete marker, Amazon + S3 behaves as if the object was deleted. To copy a different version, use + the versionId subresource.

If you enable versioning on + the target bucket, Amazon S3 generates a unique version ID for the object + being copied. This version ID is different from the version ID of the source + object. Amazon S3 returns the version ID of the copied object in the x-amz-version-id + response header in the response.

If you do not enable versioning or + suspend it on the target bucket, the version ID that Amazon S3 generates is + always null.

If the source object's storage class is GLACIER, you must + restore a copy of this object before you can use it as a source object for + the copy operation. For more information, see RestoreObject.

+

The following operations are related to CopyObject:

For more information, see Copying + Objects.

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectCOPY.html + operationId: CopyObject + parameters: + - description:

The canned ACL to apply to the object.

This action + is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-acl + required: false + schema: + enum: + - private + - public-read + - public-read-write + - authenticated-read + - aws-exec-read + - bucket-owner-read + - bucket-owner-full-control + type: string + - description: Specifies caching behavior along the request/reply chain. + in: header + name: Cache-Control + required: false + schema: + type: string + - description: Indicates the algorithm you want Amazon S3 to use to create the + checksum for the object. For more information, see Checking + object integrity in the Amazon S3 User Guide. + in: header + name: x-amz-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: Specifies presentational information for the object. + in: header + name: Content-Disposition + required: false + schema: + type: string + - description: Specifies what content encodings have been applied to the object + and thus what decoding mechanisms must be applied to obtain the media-type + referenced by the Content-Type header field. + in: header + name: Content-Encoding + required: false + schema: + type: string + - description: The language the content is in. + in: header + name: Content-Language + required: false + schema: + type: string + - description: A standard MIME type describing the format of the object data. + in: header + name: Content-Type + required: false + schema: + type: string + - description:

Specifies the source object for the copy operation. You specify + the value in one of two formats, depending on whether you want to access + the source object through an access + point:

  • For objects not accessed through an access point, + specify the name of the source bucket and the key of the source object, + separated by a slash (/). For example, to copy the object reports/january.pdf + from the bucket awsexamplebucket, use awsexamplebucket/reports/january.pdf. + The value must be URL-encoded.

  • For objects accessed through + access points, specify the Amazon Resource Name (ARN) of the object as accessed + through the access point, in the format arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. + For example, to copy the object reports/january.pdf through + access point my-access-point owned by account 123456789012 + in Region us-west-2, use the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf. + The value must be URL encoded.

    Amazon S3 supports copy operations + using access points only when the source and destination buckets are in + the same Amazon Web Services Region.

    Alternatively, for objects + accessed through Amazon S3 on Outposts, specify the ARN of the object as + accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>. + For example, to copy the object reports/january.pdf through + outpost my-outpost owned by account 123456789012 + in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf. + The value must be URL-encoded.

To copy a specific version + of an object, append ?versionId=<version-id> to the value + (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). + If you don't specify a version ID, Amazon S3 copies the latest version of + the source object.

+ in: header + name: x-amz-copy-source + required: true + schema: + pattern: \/.+\/.+ + type: string + - description: Copies the object if its entity tag (ETag) matches the specified + tag. + in: header + name: x-amz-copy-source-if-match + required: false + schema: + type: string + - description: Copies the object if it has been modified since the specified + time. + in: header + name: x-amz-copy-source-if-modified-since + required: false + schema: + format: date-time + type: string + - description: Copies the object if its entity tag (ETag) is different than + the specified ETag. + in: header + name: x-amz-copy-source-if-none-match + required: false + schema: + type: string + - description: Copies the object if it hasn't been modified since the specified + time. + in: header + name: x-amz-copy-source-if-unmodified-since + required: false + schema: + format: date-time + type: string + - description: The date and time at which the object is no longer cacheable. + in: header + name: Expires + required: false + schema: + format: date-time + type: string + - description:

Gives the grantee READ, READ_ACP, and WRITE_ACP permissions + on the object.

This action is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-full-control + required: false + schema: + type: string + - description:

Allows grantee to read the object data and its metadata.

+

This action is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-read + required: false + schema: + type: string + - description:

Allows grantee to read the object ACL.

This action + is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-read-acp + required: false + schema: + type: string + - description:

Allows grantee to write the ACL for the applicable object.

+

This action is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-write-acp + required: false + schema: + type: string + - description: The key of the destination object. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: Specifies whether the metadata is copied from the source object + or replaced with metadata provided in the request. + in: header + name: x-amz-metadata-directive + required: false + schema: + enum: + - COPY + - REPLACE + type: string + - description: Specifies whether the object tag-set are copied from the source + object or replaced with tag-set provided in the request. + in: header + name: x-amz-tagging-directive + required: false + schema: + enum: + - COPY + - REPLACE + type: string + - description: The server-side encryption algorithm used when storing this object + in Amazon S3 (for example, AES256, aws:kms). + in: header + name: x-amz-server-side-encryption + required: false + schema: + enum: + - AES256 + - aws:kms + type: string + - description: By default, Amazon S3 uses the STANDARD Storage Class to store + newly created objects. The STANDARD storage class provides high durability + and high availability. Depending on performance needs, you can specify a + different Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage + Class. For more information, see Storage + Classes in the Amazon S3 User Guide. + in: header + name: x-amz-storage-class + required: false + schema: + enum: + - STANDARD + - REDUCED_REDUNDANCY + - STANDARD_IA + - ONEZONE_IA + - INTELLIGENT_TIERING + - GLACIER + - DEEP_ARCHIVE + - OUTPOSTS + - GLACIER_IR + type: string + - description: If the bucket is configured as a website, redirects requests + for this object to another object in the same bucket or to an external URL. + Amazon S3 stores the value of this header in the object metadata. + in: header + name: x-amz-website-redirect-location + required: false + schema: + type: string + - description: Specifies the algorithm to use to when encrypting the object + (for example, AES256). + in: header + name: x-amz-server-side-encryption-customer-algorithm + required: false + schema: + type: string + - description: Specifies the customer-provided encryption key for Amazon S3 + to use in encrypting data. This value is used to store the object and then + it is discarded; Amazon S3 does not store the encryption key. The key must + be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm + header. + in: header + name: x-amz-server-side-encryption-customer-key + required: false + schema: + format: password + type: string + - description: Specifies the 128-bit MD5 digest of the encryption key according + to RFC 1321. Amazon S3 uses this header for a message integrity check to + ensure that the encryption key was transmitted without error. + in: header + name: x-amz-server-side-encryption-customer-key-MD5 + required: false + schema: + type: string + - description: Specifies the Amazon Web Services KMS key ID to use for object + encryption. All GET and PUT requests for an object protected by Amazon Web + Services KMS will fail if not made via SSL or using SigV4. For information + about configuring using any of the officially supported Amazon Web Services + SDKs and Amazon Web Services CLI, see Specifying + the Signature Version in Request Authentication in the Amazon S3 + User Guide. + in: header + name: x-amz-server-side-encryption-aws-kms-key-id + required: false + schema: + format: password + type: string + - description: Specifies the Amazon Web Services KMS Encryption Context to use + for object encryption. The value of this header is a base64-encoded UTF-8 + string holding JSON with the encryption context key-value pairs. + in: header + name: x-amz-server-side-encryption-context + required: false + schema: + format: password + type: string + - description: "

Specifies whether Amazon S3 should use an S3 Bucket Key for\ + \ object encryption with server-side encryption using AWS KMS (SSE-KMS).\ + \ Setting this header to true causes Amazon S3 to use an S3\ + \ Bucket Key for object encryption with SSE-KMS.

Specifying this\ + \ header with a COPY action doesn\u2019t affect bucket-level settings for\ + \ S3 Bucket Key.

" + in: header + name: x-amz-server-side-encryption-bucket-key-enabled + required: false + schema: + type: boolean + - description: Specifies the algorithm to use when decrypting the source object + (for example, AES256). + in: header + name: x-amz-copy-source-server-side-encryption-customer-algorithm + required: false + schema: + type: string + - description: Specifies the customer-provided encryption key for Amazon S3 + to use to decrypt the source object. The encryption key provided in this + header must be one that was used when the source object was created. + in: header + name: x-amz-copy-source-server-side-encryption-customer-key + required: false + schema: + format: password + type: string + - description: Specifies the 128-bit MD5 digest of the encryption key according + to RFC 1321. Amazon S3 uses this header for a message integrity check to + ensure that the encryption key was transmitted without error. + in: header + name: x-amz-copy-source-server-side-encryption-customer-key-MD5 + required: false + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The tag-set for the object destination object this value must + be used in conjunction with the TaggingDirective. The tag-set + must be encoded as URL Query parameters. + in: header + name: x-amz-tagging + required: false + schema: + type: string + - description: The Object Lock mode that you want to apply to the copied object. + in: header + name: x-amz-object-lock-mode + required: false + schema: + enum: + - GOVERNANCE + - COMPLIANCE + type: string + - description: The date and time when you want the copied object's Object Lock + to expire. + in: header + name: x-amz-object-lock-retain-until-date + required: false + schema: + format: date-time + type: string + - description: Specifies whether you want to apply a legal hold to the copied + object. + in: header + name: x-amz-object-lock-legal-hold + required: false + schema: + enum: + - 'ON' + - 'OFF' + type: string + - description: The account ID of the expected destination bucket owner. If the + destination bucket is owned by a different account, the request fails with + the HTTP status code 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description: The account ID of the expected source bucket owner. If the source + bucket is owned by a different account, the request fails with the HTTP + status code 403 Forbidden (access denied). + in: header + name: x-amz-source-expected-bucket-owner + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + properties: + x-amz-meta-: + additionalProperties: + $ref: '#/components/schemas/MetadataValue' + description: A map of metadata to store with the object in S3. + type: object + type: object + required: true + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/CopyObjectOutput' + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ObjectNotInActiveTierError' + description: ObjectNotInActiveTierError + /{Key}#x-amz-copy-source&partNumber&uploadId: + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description: '

Uploads a part by copying data from an existing object as data + source. You specify the data source by adding the request header x-amz-copy-source + in your request and a byte range by adding the request header x-amz-copy-source-range + in your request.

For information about maximum and minimum part sizes + and other multipart upload specifications, see Multipart + upload limits in the Amazon S3 User Guide.

Instead + of using an existing object as part data, you might use the UploadPart + action and provide data in your request.

You must initiate + a multipart upload before you can upload any part. In response to your initiate + request. Amazon S3 returns a unique identifier, the upload ID, that you must + include in your upload part request.

For more information about using + the UploadPartCopy operation, see the following:

  • +

    For conceptual information about multipart uploads, see Uploading + Objects Using Multipart Upload in the Amazon S3 User Guide.

    +

  • For information about permissions required to use the multipart + upload API, see Multipart + Upload and Permissions in the Amazon S3 User Guide.

  • +

    For information about copying objects using a single atomic action vs. + a multipart upload, see Operations + on Objects in the Amazon S3 User Guide.

  • For information + about using server-side encryption with customer-provided encryption keys + with the UploadPartCopy operation, see CopyObject + and UploadPart.

    +

Note the following additional considerations about the request + headers x-amz-copy-source-if-match, x-amz-copy-source-if-none-match, + x-amz-copy-source-if-unmodified-since, and x-amz-copy-source-if-modified-since:

+

  • Consideration 1 - If both of the x-amz-copy-source-if-match + and x-amz-copy-source-if-unmodified-since headers are present + in the request as follows:

    x-amz-copy-source-if-match + condition evaluates to true, and;

    x-amz-copy-source-if-unmodified-since + condition evaluates to false;

    Amazon S3 returns 200 + OK and copies the data.

  • Consideration 2 + - If both of the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + headers are present in the request as follows:

    x-amz-copy-source-if-none-match + condition evaluates to false, and;

    x-amz-copy-source-if-modified-since + condition evaluates to true;

    Amazon S3 returns 412 + Precondition Failed response code.

Versioning +

If your bucket has versioning enabled, you could have multiple versions + of the same object. By default, x-amz-copy-source identifies + the current version of the object to copy. If the current version is a delete + marker and you don''t specify a versionId in the x-amz-copy-source, + Amazon S3 returns a 404 error, because the object does not exist. If you specify + versionId in the x-amz-copy-source and the versionId is a delete + marker, Amazon S3 returns an HTTP 400 error, because you are not allowed to + specify a delete marker as a version for the x-amz-copy-source. +

You can optionally specify a specific version of the source object + to copy by adding the versionId subresource as shown in the following + example:

x-amz-copy-source: /bucket/object?versionId=version + id

Special Errors

    • +

    • Code: NoSuchUpload

    • Cause: The specified + multipart upload does not exist. The upload ID might be invalid, or the multipart + upload might have been aborted or completed.

    • HTTP + Status Code: 404 Not Found

    • Code: + InvalidRequest

    • Cause: The specified copy source + is not supported as a byte-range copy source.

    • HTTP + Status Code: 400 Bad Request

+ Related Resources

' + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadUploadPartCopy.html + operationId: UploadPartCopy + parameters: + - description:

Specifies the source object for the copy operation. You specify + the value in one of two formats, depending on whether you want to access + the source object through an access + point:

  • For objects not accessed through an access point, + specify the name of the source bucket and key of the source object, separated + by a slash (/). For example, to copy the object reports/january.pdf + from the bucket awsexamplebucket, use awsexamplebucket/reports/january.pdf. + The value must be URL-encoded.

  • For objects accessed through + access points, specify the Amazon Resource Name (ARN) of the object as accessed + through the access point, in the format arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. + For example, to copy the object reports/january.pdf through + access point my-access-point owned by account 123456789012 + in Region us-west-2, use the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf. + The value must be URL encoded.

    Amazon S3 supports copy operations + using access points only when the source and destination buckets are in + the same Amazon Web Services Region.

    Alternatively, for objects + accessed through Amazon S3 on Outposts, specify the ARN of the object as + accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>. + For example, to copy the object reports/january.pdf through + outpost my-outpost owned by account 123456789012 + in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf. + The value must be URL-encoded.

To copy a specific version + of an object, append ?versionId=<version-id> to the value + (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). + If you don't specify a version ID, Amazon S3 copies the latest version of + the source object.

+ in: header + name: x-amz-copy-source + required: true + schema: + pattern: \/.+\/.+ + type: string + - description: Copies the object if its entity tag (ETag) matches the specified + tag. + in: header + name: x-amz-copy-source-if-match + required: false + schema: + type: string + - description: Copies the object if it has been modified since the specified + time. + in: header + name: x-amz-copy-source-if-modified-since + required: false + schema: + format: date-time + type: string + - description: Copies the object if its entity tag (ETag) is different than + the specified ETag. + in: header + name: x-amz-copy-source-if-none-match + required: false + schema: + type: string + - description: Copies the object if it hasn't been modified since the specified + time. + in: header + name: x-amz-copy-source-if-unmodified-since + required: false + schema: + format: date-time + type: string + - description: The range of bytes to copy from the source object. The range + value must use the form bytes=first-last, where the first and last are the + zero-based byte offsets to copy. For example, bytes=0-9 indicates that you + want to copy the first 10 bytes of the source. You can copy a range only + if the source object is greater than 5 MB. + in: header + name: x-amz-copy-source-range + required: false + schema: + type: string + - description: Object key for which the multipart upload was initiated. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: Part number of part being copied. This is a positive integer + between 1 and 10,000. + in: query + name: partNumber + required: true + schema: + type: integer + - description: Upload ID identifying the multipart upload whose part is being + copied. + in: query + name: uploadId + required: true + schema: + type: string + - description: Specifies the algorithm to use to when encrypting the object + (for example, AES256). + in: header + name: x-amz-server-side-encryption-customer-algorithm + required: false + schema: + type: string + - description: Specifies the customer-provided encryption key for Amazon S3 + to use in encrypting data. This value is used to store the object and then + it is discarded; Amazon S3 does not store the encryption key. The key must + be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm + header. This must be the same encryption key specified in the initiate multipart + upload request. + in: header + name: x-amz-server-side-encryption-customer-key + required: false + schema: + format: password + type: string + - description: Specifies the 128-bit MD5 digest of the encryption key according + to RFC 1321. Amazon S3 uses this header for a message integrity check to + ensure that the encryption key was transmitted without error. + in: header + name: x-amz-server-side-encryption-customer-key-MD5 + required: false + schema: + type: string + - description: Specifies the algorithm to use when decrypting the source object + (for example, AES256). + in: header + name: x-amz-copy-source-server-side-encryption-customer-algorithm + required: false + schema: + type: string + - description: Specifies the customer-provided encryption key for Amazon S3 + to use to decrypt the source object. The encryption key provided in this + header must be one that was used when the source object was created. + in: header + name: x-amz-copy-source-server-side-encryption-customer-key + required: false + schema: + format: password + type: string + - description: Specifies the 128-bit MD5 digest of the encryption key according + to RFC 1321. Amazon S3 uses this header for a message integrity check to + ensure that the encryption key was transmitted without error. + in: header + name: x-amz-copy-source-server-side-encryption-customer-key-MD5 + required: false + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The account ID of the expected destination bucket owner. If the + destination bucket is owned by a different account, the request fails with + the HTTP status code 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description: The account ID of the expected source bucket owner. If the source + bucket is owned by a different account, the request fails with the HTTP + status code 403 Forbidden (access denied). + in: header + name: x-amz-source-expected-bucket-owner + required: false + schema: + type: string + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/UploadPartCopyOutput' + description: Success + /{Key}?acl: + get: + description:

Returns the access control list (ACL) of an object. To use this + operation, you must have s3:GetObjectAcl permissions or READ_ACP + access to the object. For more information, see Mapping + of ACL permissions and access policy permissions in the Amazon S3 User + Guide

This action is not supported by Amazon S3 on Outposts.

+

Versioning

By default, GET returns ACL information about + the current version of an object. To return ACL information about a different + version, use the versionId subresource.

If your bucket uses + the bucket owner enforced setting for S3 Object Ownership, requests to read + ACLs are still supported and return the bucket-owner-full-control + ACL with the owner being the account that created the bucket. For more information, + see + Controlling object ownership and disabling ACLs in the Amazon S3 User + Guide.

The following operations are related to GetObjectAcl:

+ + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectGETacl.html + operationId: GetObjectAcl + parameters: + - description: The key of the object for which to get the ACL information. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: VersionId used to reference a specific version of the object. + in: query + name: versionId + required: false + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: acl + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetObjectAclOutput' + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchKey' + description: NoSuchKey + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description: "

Uses the acl subresource to set the access control\ + \ list (ACL) permissions for a new or existing object in an S3 bucket. You\ + \ must have WRITE_ACP permission to set the ACL of an object.\ + \ For more information, see What permissions can I grant? in the Amazon S3 User Guide.

\ + \

This action is not supported by Amazon S3 on Outposts.

Depending\ + \ on your application needs, you can choose to set the ACL on an object using\ + \ either the request body or the headers. For example, if you have an existing\ + \ application that updates a bucket ACL using the request body, you can continue\ + \ to use that approach. For more information, see Access Control List (ACL) Overview in the Amazon S3 User Guide.

\ + \

If your bucket uses the bucket owner enforced setting for\ + \ S3 Object Ownership, ACLs are disabled and no longer affect permissions.\ + \ You must use policies to grant access to your bucket and the objects in\ + \ it. Requests to set ACLs or update ACLs fail and return the AccessControlListNotSupported\ + \ error code. Requests to read ACLs are still supported. For more information,\ + \ see Controlling object ownership in the Amazon S3 User Guide.

\ + \

Access Permissions

You can set access permissions\ + \ using one of the following methods:

  • Specify a canned ACL\ + \ with the x-amz-acl request header. Amazon S3 supports a set\ + \ of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined\ + \ set of grantees and permissions. Specify the canned ACL name as the value\ + \ of x-amz-acl. If you use this header, you cannot use other\ + \ access control-specific headers in your request. For more information, see\ + \ Canned ACL.

  • Specify access permissions explicitly with\ + \ the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp,\ + \ and x-amz-grant-full-control headers. When using these headers,\ + \ you specify explicit access permissions and grantees (Amazon Web Services\ + \ accounts or Amazon S3 groups) who will receive the permission. If you use\ + \ these ACL-specific headers, you cannot use x-amz-acl header\ + \ to set a canned ACL. These parameters map to the set of permissions that\ + \ Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.

    You specify each grantee as\ + \ a type=value pair, where the type is one of the following:

    • \ + \

      id \u2013 if the value specified is the canonical user\ + \ ID of an Amazon Web Services account

    • uri\ + \ \u2013 if you are granting permissions to a predefined group

    • \ + \

      emailAddress \u2013 if the value specified is the email\ + \ address of an Amazon Web Services account

      Using email addresses\ + \ to specify a grantee is only supported in the following Amazon Web Services\ + \ Regions:

      • US East (N. Virginia)

      • US West\ + \ (N. California)

      • US West (Oregon)

      • Asia\ + \ Pacific (Singapore)

      • Asia Pacific (Sydney)

      • \ + \

        Asia Pacific (Tokyo)

      • Europe (Ireland)

      • \ + \

        South America (S\xE3o Paulo)

      For a list of all the\ + \ Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

      \ + \

    For example, the following x-amz-grant-read\ + \ header grants list objects permission to the two Amazon Web Services accounts\ + \ identified by their email addresses.

    x-amz-grant-read: emailAddress=\"\ + xyz@amazon.com\", emailAddress=\"abc@amazon.com\"

\ + \

You can use either a canned ACL or specify access permissions explicitly.\ + \ You cannot do both.

Grantee Values

You can specify\ + \ the person (grantee) to whom you're assigning access rights (using request\ + \ elements) in the following ways:

  • By the person's ID:

    \ + \

    <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\ + \ xsi:type=\"CanonicalUser\"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName>\ + \ </Grantee>

    DisplayName is optional and ignored in the\ + \ request.

  • By URI:

    <Grantee xmlns:xsi=\"\ + http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>\ + \

  • By Email address:

    <Grantee xmlns:xsi=\"\ + http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"\ + ><EmailAddress><>Grantees@email.com<></EmailAddress>lt;/Grantee>\ + \

    The grantee is resolved to the CanonicalUser and, in a response\ + \ to a GET Object acl request, appears as the CanonicalUser.

    Using\ + \ email addresses to specify a grantee is only supported in the following\ + \ Amazon Web Services Regions:

    • US East (N. Virginia)

      \ + \

    • US West (N. California)

    • US West (Oregon)

      \ + \

    • Asia Pacific (Singapore)

    • Asia Pacific (Sydney)

      \ + \

    • Asia Pacific (Tokyo)

    • Europe (Ireland)

      \ + \

    • South America (S\xE3o Paulo)

    For a list\ + \ of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    \ + \

Versioning

The ACL of an object is\ + \ set at the object version level. By default, PUT sets the ACL of the current\ + \ version of an object. To set the ACL of a different version, use the versionId\ + \ subresource.

Related Resources

" + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectPUTacl.html + operationId: PutObjectAcl + parameters: + - description: The canned ACL to apply to the object. For more information, + see Canned + ACL. + in: header + name: x-amz-acl + required: false + schema: + enum: + - private + - public-read + - public-read-write + - authenticated-read + - aws-exec-read + - bucket-owner-read + - bucket-owner-full-control + type: string + - description:

The base64-encoded 128-bit MD5 digest of the data. This header + must be used as a message integrity check to verify that the request body + was not corrupted in transit. For more information, go to RFC + 1864.>

For requests made using the Amazon Web Services Command + Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated + automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description:

Allows grantee the read, write, read ACP, and write ACP permissions + on the bucket.

This action is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-full-control + required: false + schema: + type: string + - description:

Allows grantee to list the objects in the bucket.

This + action is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-read + required: false + schema: + type: string + - description:

Allows grantee to read the bucket ACL.

This action + is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-read-acp + required: false + schema: + type: string + - description:

Allows grantee to create new objects in the bucket.

For + the bucket and object owners of existing objects, also allows deletions + and overwrites of those objects.

+ in: header + name: x-amz-grant-write + required: false + schema: + type: string + - description:

Allows grantee to write the ACL for the applicable bucket.

+

This action is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-write-acp + required: false + schema: + type: string + - description:

Key for which the PUT action was initiated.

When using + this action with an access point, you must direct requests to the access + point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + When using this action with an access point through the Amazon Web Services + SDKs, you provide the access point ARN in place of the bucket name. For + more information about access point ARNs, see Using + access points in the Amazon S3 User Guide.

When using + this action with Amazon S3 on Outposts, you must direct requests to the + S3 on Outposts hostname. The S3 on Outposts hostname takes the form + AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + When using this action with S3 on Outposts through the Amazon Web Services + SDKs, you provide the Outposts bucket ARN in place of the bucket name. For + more information about S3 on Outposts ARNs, see Using + Amazon S3 on Outposts in the Amazon S3 User Guide.

+ in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: VersionId used to reference a specific version of the object. + in: query + name: versionId + required: false + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: acl + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + AccessControlPolicy: + description: Contains the elements that set the ACL permissions + for an object per grantee. + properties: + AccessControlList: + allOf: + - $ref: '#/components/schemas/Grants' + - description: A list of grants. + Owner: + allOf: + - $ref: '#/components/schemas/Owner' + - description: Container for the bucket owner's display name + and ID. + type: object + type: object + required: true + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/PutObjectAclOutput' + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchKey' + description: NoSuchKey + /{Key}?attributes#x-amz-object-attributes: + get: + description:

Retrieves all the metadata from an object without returning + the object itself. This action is useful if you're interested only in an object's + metadata. To use GetObjectAttributes, you must have READ access + to the object.

GetObjectAttributes combines the functionality + of GetObjectAcl, GetObjectLegalHold, GetObjectLockConfiguration, + GetObjectRetention, GetObjectTagging, HeadObject, + and ListParts. All of the data returned with each of those individual + calls can be returned with a single call to GetObjectAttributes.

+

If you encrypt an object by using server-side encryption with customer-provided + encryption keys (SSE-C) when you store the object in Amazon S3, then when + you retrieve the metadata from the object, you must use the following headers:

+

  • x-amz-server-side-encryption-customer-algorithm +

  • x-amz-server-side-encryption-customer-key +

  • x-amz-server-side-encryption-customer-key-MD5 +

For more information about SSE-C, see Server-Side + Encryption (Using Customer-Provided Encryption Keys) in the Amazon + S3 User Guide.

  • Encryption request headers, such + as x-amz-server-side-encryption, should not be sent for GET requests + if your object uses server-side encryption with Amazon Web Services KMS keys + stored in Amazon Web Services Key Management Service (SSE-KMS) or server-side + encryption with Amazon S3 managed encryption keys (SSE-S3). If your object + does use these types of keys, you'll get an HTTP 400 Bad Request + error.

  • The last modified property in this case is the creation + date of the object.

Consider the following when + using request headers:

  • If both of the If-Match + and If-Unmodified-Since headers are present in the request as + follows, then Amazon S3 returns the HTTP status code 200 OK and + the data requested:

    • If-Match condition evaluates + to true.

    • If-Unmodified-Since + condition evaluates to false.

  • If + both of the If-None-Match and If-Modified-Since + headers are present in the request as follows, then Amazon S3 returns the + HTTP status code 304 Not Modified:

    • If-None-Match + condition evaluates to false.

    • If-Modified-Since + condition evaluates to true.

For + more information about conditional requests, see RFC + 7232.

Permissions

The permissions that you need + to use this operation depend on whether the bucket is versioned. If the bucket + is versioned, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes + permissions for this operation. If the bucket is not versioned, you need the + s3:GetObject and s3:GetObjectAttributes permissions. + For more information, see Specifying + Permissions in a Policy in the Amazon S3 User Guide. If the object + that you request does not exist, the error Amazon S3 returns depends on whether + you also have the s3:ListBucket permission.

  • If + you have the s3:ListBucket permission on the bucket, Amazon S3 + returns an HTTP status code 404 Not Found ("no such key") error.

    +

  • If you don't have the s3:ListBucket permission, + Amazon S3 returns an HTTP status code 403 Forbidden ("access + denied") error.

The following actions are related to GetObjectAttributes:

+ + operationId: GetObjectAttributes + parameters: + - description: The object key. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: The version ID used to reference a specific version of the object. + in: query + name: versionId + required: false + schema: + type: string + - description: Sets the maximum number of parts to return. + in: header + name: x-amz-max-parts + required: false + schema: + type: integer + - description: Specifies the part after which listing should begin. Only parts + with higher part numbers will be listed. + in: header + name: x-amz-part-number-marker + required: false + schema: + type: integer + - description: Specifies the algorithm to use when encrypting the object (for + example, AES256). + in: header + name: x-amz-server-side-encryption-customer-algorithm + required: false + schema: + type: string + - description: Specifies the customer-provided encryption key for Amazon S3 + to use in encrypting data. This value is used to store the object and then + it is discarded; Amazon S3 does not store the encryption key. The key must + be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm + header. + in: header + name: x-amz-server-side-encryption-customer-key + required: false + schema: + format: password + type: string + - description: Specifies the 128-bit MD5 digest of the encryption key according + to RFC 1321. Amazon S3 uses this header for a message integrity check to + ensure that the encryption key was transmitted without error. + in: header + name: x-amz-server-side-encryption-customer-key-MD5 + required: false + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description: An XML header that specifies the fields at the root level that + you want returned in the response. Fields that you do not specify are not + returned. + in: header + name: x-amz-object-attributes + required: true + schema: + items: + $ref: '#/components/schemas/ObjectAttributes' + type: array + - allowEmptyValue: true + in: query + name: attributes + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetObjectAttributesOutput' + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchKey' + description: NoSuchKey + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + /{Key}?legal-hold: + get: + description:

Gets an object's current legal hold status. For more information, + see Locking + Objects.

This action is not supported by Amazon S3 on Outposts.

+

The following action is related to GetObjectLegalHold:

+ + operationId: GetObjectLegalHold + parameters: + - description: The key name for the object whose legal hold status you want + to retrieve. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: The version ID of the object whose legal hold status you want + to retrieve. + in: query + name: versionId + required: false + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: legal-hold + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetObjectLegalHoldOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

Applies a legal hold configuration to the specified object. + For more information, see Locking + Objects.

This action is not supported by Amazon S3 on Outposts.

+ operationId: PutObjectLegalHold + parameters: + - description: The key name for the object that you want to place a legal hold + on. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The version ID of the object that you want to place a legal hold + on. + in: query + name: versionId + required: false + schema: + type: string + - description:

The MD5 hash for the request body.

For requests made + using the Amazon Web Services Command Line Interface (CLI) or Amazon Web + Services SDKs, this field is calculated automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: legal-hold + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + LegalHold: + description: A legal hold configuration for an object. + properties: + Status: + allOf: + - $ref: '#/components/schemas/ObjectLockLegalHoldStatus' + - description: Indicates whether the specified object has a + legal hold in place. + type: object + type: object + required: true + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/PutObjectLegalHoldOutput' + description: Success + /{Key}?restore: + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + post: + description: "

Restores an archived copy of an object back into Amazon S3

\ + \

This action is not supported by Amazon S3 on Outposts.

This action\ + \ performs the following types of requests:

  • select\ + \ - Perform a select query on an archived object

  • restore\ + \ an archive - Restore an archived object

To use\ + \ this operation, you must have permissions to perform the s3:RestoreObject\ + \ action. The bucket owner has this permission by default and can grant this\ + \ permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon\ + \ S3 User Guide.

Querying Archives with Select Requests\ + \

You use a select type of request to perform SQL queries on archived\ + \ objects. The archived objects that are being queried by the select request\ + \ must be formatted as uncompressed comma-separated values (CSV) files. You\ + \ can run queries and custom analytics on your archived data without having\ + \ to restore your data to a hotter Amazon S3 tier. For an overview about select\ + \ requests, see Querying Archived Objects in the Amazon S3 User Guide.

When\ + \ making a select request, do the following:

  • Define an output\ + \ location for the select query's output. This must be an Amazon S3 bucket\ + \ in the same Amazon Web Services Region as the bucket that contains the archive\ + \ object that is being queried. The Amazon Web Services account that initiates\ + \ the job must have permissions to write to the S3 bucket. You can specify\ + \ the storage class and encryption for the output objects stored in the bucket.\ + \ For more information about output, see Querying Archived Objects in the Amazon S3 User Guide.

    For\ + \ more information about the S3 structure in the request body,\ + \ see the following:

  • Define the SQL expression for the\ + \ SELECT type of restoration for your query in the request body's\ + \ SelectParameters structure. You can use expressions like the\ + \ following examples.

    • The following expression returns all\ + \ records from the specified object.

      SELECT * FROM Object\ + \

    • Assuming that you are not using any headers for data\ + \ stored in the object, you can specify columns with positional headers.

      \ + \

      SELECT s._1, s._2 FROM Object s WHERE s._3 > 100

      \ + \

    • If you have headers and you set the fileHeaderInfo\ + \ in the CSV structure in the request body to USE,\ + \ you can specify headers in the query. (If you set the fileHeaderInfo\ + \ field to IGNORE, the first row is skipped for the query.) You\ + \ cannot mix ordinal positions with header column names.

      SELECT\ + \ s.Id, s.FirstName, s.SSN FROM S3Object s

\ + \

For more information about using SQL with S3 Glacier Select restore,\ + \ see SQL Reference for Amazon S3 Select and S3 Glacier Select in the Amazon\ + \ S3 User Guide.

When making a select request, you can also do\ + \ the following:

  • To expedite your queries, specify the Expedited\ + \ tier. For more information about tiers, see \"Restoring Archives,\" later\ + \ in this topic.

  • Specify details about the data serialization\ + \ format of both the input object that is being queried and the serialization\ + \ of the CSV-encoded query results.

The following are additional\ + \ important facts about the select feature:

  • The output results\ + \ are new Amazon S3 objects. Unlike archive retrievals, they are stored until\ + \ explicitly deleted-manually or through a lifecycle policy.

  • \ + \

    You can issue more than one select request on the same Amazon S3 object.\ + \ Amazon S3 doesn't deduplicate requests, so avoid issuing duplicate requests.

    \ + \

  • Amazon S3 accepts a select request even if the object has\ + \ already been restored. A select request doesn\u2019t return error response\ + \ 409.

Restoring objects

Objects\ + \ that you archive to the S3 Glacier or S3 Glacier Deep Archive storage class,\ + \ and S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive\ + \ tiers are not accessible in real time. For objects in Archive Access or\ + \ Deep Archive Access tiers you must first initiate a restore request, and\ + \ then wait until the object is moved into the Frequent Access tier. For objects\ + \ in S3 Glacier or S3 Glacier Deep Archive storage classes you must first\ + \ initiate a restore request, and then wait until a temporary copy of the\ + \ object is available. To access an archived object, you must restore the\ + \ object for the duration (number of days) that you specify.

To restore\ + \ a specific object version, you can provide a version ID. If you don't provide\ + \ a version ID, Amazon S3 restores the current version.

When restoring\ + \ an archived object (or using a select request), you can specify one of the\ + \ following data access tier options in the Tier element of the\ + \ request body:

  • Expedited - Expedited retrievals\ + \ allow you to quickly access your data stored in the S3 Glacier storage class\ + \ or S3 Intelligent-Tiering Archive tier when occasional urgent requests for\ + \ a subset of archives are required. For all but the largest archived objects\ + \ (250 MB+), data accessed using Expedited retrievals is typically made available\ + \ within 1\u20135 minutes. Provisioned capacity ensures that retrieval capacity\ + \ for Expedited retrievals is available when you need it. Expedited retrievals\ + \ and provisioned capacity are not available for objects stored in the S3\ + \ Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive\ + \ tier.

  • Standard - Standard retrievals allow\ + \ you to access any of your archived objects within several hours. This is\ + \ the default option for retrieval requests that do not specify the retrieval\ + \ option. Standard retrievals typically finish within 3\u20135 hours for objects\ + \ stored in the S3 Glacier storage class or S3 Intelligent-Tiering Archive\ + \ tier. They typically finish within 12 hours for objects stored in the S3\ + \ Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive\ + \ tier. Standard retrievals are free for objects stored in S3 Intelligent-Tiering.

    \ + \

  • Bulk - Bulk retrievals are the lowest-cost retrieval\ + \ option in S3 Glacier, enabling you to retrieve large amounts, even petabytes,\ + \ of data inexpensively. Bulk retrievals typically finish within 5\u201312\ + \ hours for objects stored in the S3 Glacier storage class or S3 Intelligent-Tiering\ + \ Archive tier. They typically finish within 48 hours for objects stored in\ + \ the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep\ + \ Archive tier. Bulk retrievals are free for objects stored in S3 Intelligent-Tiering.

    \ + \

For more information about archive retrieval options and\ + \ provisioned capacity for Expedited data access, see Restoring\ + \ Archived Objects in the Amazon S3 User Guide.

You can\ + \ use Amazon S3 restore speed upgrade to change the restore speed to a faster\ + \ speed while it is in progress. For more information, see Upgrading the speed of an in-progress restore in the Amazon S3 User\ + \ Guide.

To get the status of object restoration, you can send\ + \ a HEAD request. Operations return the x-amz-restore\ + \ header, which provides information about the restoration status, in the\ + \ response. You can use Amazon S3 event notifications to notify you when a\ + \ restore is initiated or completed. For more information, see Configuring\ + \ Amazon S3 Event Notifications in the Amazon S3 User Guide.

\ + \

After restoring an archived object, you can update the restoration period\ + \ by reissuing the request with a new period. Amazon S3 updates the restoration\ + \ period relative to the current time and charges only for the request-there\ + \ are no data transfer charges. You cannot update the restoration period when\ + \ Amazon S3 is actively processing your current restore request for the object.

\ + \

If your bucket has a lifecycle configuration with a rule that includes\ + \ an expiration action, the object expiration overrides the life span that\ + \ you specify in a restore request. For example, if you restore an object\ + \ copy for 10 days, but the object is scheduled to expire in 3 days, Amazon\ + \ S3 deletes the object in 3 days. For more information about lifecycle configuration,\ + \ see PutBucketLifecycleConfiguration and Object Lifecycle Management in Amazon S3 User Guide.

Responses\ + \

A successful action returns either the 200 OK or 202\ + \ Accepted status code.

  • If the object is not previously\ + \ restored, then Amazon S3 returns 202 Accepted in the response.\ + \

  • If the object is previously restored, Amazon S3 returns\ + \ 200 OK in the response.

Special Errors

    • Code: RestoreAlreadyInProgress\ + \

    • Cause: Object restore is already in progress. (This\ + \ error does not apply to SELECT type requests.)

    • HTTP\ + \ Status Code: 409 Conflict

    • SOAP Fault Code Prefix:\ + \ Client

    • Code: GlacierExpeditedRetrievalNotAvailable\ + \

    • Cause: expedited retrievals are currently not available.\ + \ Try again later. (Returned if there is insufficient capacity to process\ + \ the Expedited request. This error applies only to Expedited retrievals and\ + \ not to S3 Standard or Bulk retrievals.)

    • HTTP\ + \ Status Code: 503

    • SOAP Fault Code Prefix: N/A\ + \

Related Resources\ + \

" + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectRestore.html + operationId: RestoreObject + parameters: + - description: Object key for which the action was initiated. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: VersionId used to reference a specific version of the object. + in: query + name: versionId + required: false + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: restore + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + RestoreRequest: + description: Container for restore job parameters. + properties: + Days: + allOf: + - $ref: '#/components/schemas/Days' + - description:

Lifetime of the active copy in days. Do not + use with restores that specify OutputLocation.

+

The Days element is required for regular restores, and + must not be provided for select requests.

+ Description: + allOf: + - $ref: '#/components/schemas/Description' + - description: The optional description for the job. + GlacierJobParameters: + allOf: + - $ref: '#/components/schemas/GlacierJobParameters' + - description: S3 Glacier related parameters pertaining to this + job. Do not use with restores that specify OutputLocation. + OutputLocation: + allOf: + - $ref: '#/components/schemas/OutputLocation' + - description: Describes the location where the restore job's + output is stored. + SelectParameters: + allOf: + - $ref: '#/components/schemas/SelectParameters' + - description: Describes the parameters for Select job types. + Tier: + allOf: + - $ref: '#/components/schemas/Tier' + - description: Retrieval tier at which the restore will be processed. + Type: + allOf: + - $ref: '#/components/schemas/RestoreRequestType' + - description: Type of restore request. + type: object + type: object + required: true + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/RestoreObjectOutput' + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ObjectAlreadyInActiveTierError' + description: ObjectAlreadyInActiveTierError + /{Key}?retention: + get: + description:

Retrieves an object's retention settings. For more information, + see Locking + Objects.

This action is not supported by Amazon S3 on Outposts.

+

The following action is related to GetObjectRetention:

+ + operationId: GetObjectRetention + parameters: + - description: The key name for the object whose retention settings you want + to retrieve. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: The version ID for the object whose retention settings you want + to retrieve. + in: query + name: versionId + required: false + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: retention + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetObjectRetentionOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

Places an Object Retention configuration on an object. For more + information, see Locking + Objects. Users or accounts require the s3:PutObjectRetention + permission in order to place an Object Retention configuration on objects. + Bypassing a Governance Retention configuration requires the s3:BypassGovernanceRetention + permission.

This action is not supported by Amazon S3 on Outposts.

+ operationId: PutObjectRetention + parameters: + - description: The key name for the object that you want to apply this Object + Retention configuration to. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The version ID for the object that you want to apply this Object + Retention configuration to. + in: query + name: versionId + required: false + schema: + type: string + - description: Indicates whether this action should bypass Governance-mode restrictions. + in: header + name: x-amz-bypass-governance-retention + required: false + schema: + type: boolean + - description:

The MD5 hash for the request body.

For requests made + using the Amazon Web Services Command Line Interface (CLI) or Amazon Web + Services SDKs, this field is calculated automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: retention + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + Retention: + description: A Retention configuration for an object. + properties: + Mode: + allOf: + - $ref: '#/components/schemas/ObjectLockRetentionMode' + - description: Indicates the Retention mode for the specified + object. + RetainUntilDate: + allOf: + - $ref: '#/components/schemas/Date' + - description: The date on which this Object Lock Retention + will expire. + type: object + type: object + required: true + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/PutObjectRetentionOutput' + description: Success + /{Key}?select&select-type=2: + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + post: + description: "

This action filters the contents of an Amazon S3 object based\ + \ on a simple structured query language (SQL) statement. In the request, along\ + \ with the SQL expression, you must also specify a data serialization format\ + \ (JSON, CSV, or Apache Parquet) of the object. Amazon S3 uses this format\ + \ to parse object data into records, and returns only records that match the\ + \ specified SQL expression. You must also specify the data serialization format\ + \ for the response.

This action is not supported by Amazon S3 on Outposts.

\ + \

For more information about Amazon S3 Select, see Selecting Content from Objects and SELECT Command in the Amazon S3 User Guide.

For more information\ + \ about using SQL with Amazon S3 Select, see SQL Reference for Amazon S3 Select and S3 Glacier Select in the Amazon\ + \ S3 User Guide.

Permissions

You must have\ + \ s3:GetObject permission for this operation.\_Amazon S3 Select\ + \ does not support anonymous access. For more information about permissions,\ + \ see Specifying Permissions in a Policy in the Amazon S3 User Guide.

\ + \

Object Data Formats

You can use Amazon S3 Select\ + \ to query objects that have the following format properties:

  • \ + \

    CSV, JSON, and Parquet - Objects must be in CSV, JSON, or Parquet\ + \ format.

  • UTF-8 - UTF-8 is the only encoding type\ + \ Amazon S3 Select supports.

  • GZIP or BZIP2 - CSV\ + \ and JSON files can be compressed using GZIP or BZIP2. GZIP and BZIP2 are\ + \ the only compression formats that Amazon S3 Select supports for CSV and\ + \ JSON files. Amazon S3 Select supports columnar compression for Parquet using\ + \ GZIP or Snappy. Amazon S3 Select does not support whole-object compression\ + \ for Parquet objects.

  • Server-side encryption -\ + \ Amazon S3 Select supports querying objects that are protected with server-side\ + \ encryption.

    For objects that are encrypted with customer-provided\ + \ encryption keys (SSE-C), you must use HTTPS, and you must use the headers\ + \ that are documented in the GetObject. For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the\ + \ Amazon S3 User Guide.

    For objects that are encrypted with\ + \ Amazon S3 managed encryption keys (SSE-S3) and Amazon Web Services KMS keys\ + \ (SSE-KMS), server-side encryption is handled transparently, so you don't\ + \ need to specify anything. For more information about server-side encryption,\ + \ including SSE-S3 and SSE-KMS, see Protecting Data Using Server-Side Encryption in the Amazon S3 User\ + \ Guide.

Working with the Response Body

\ + \

Given the response size is unknown, Amazon S3 Select streams the response\ + \ as a series of messages and includes a Transfer-Encoding header\ + \ with chunked as its value in the response. For more information,\ + \ see Appendix: SelectObjectContent Response.

GetObject Support\ + \

The SelectObjectContent action does not support the\ + \ following GetObject functionality. For more information, see\ + \ GetObject.

  • Range: Although you can specify\ + \ a scan range for an Amazon S3 Select request (see SelectObjectContentRequest - ScanRange in the request parameters), you\ + \ cannot specify the range of bytes of an object to return.

  • \ + \

    GLACIER, DEEP_ARCHIVE and REDUCED_REDUNDANCY storage classes: You cannot\ + \ specify the GLACIER, DEEP_ARCHIVE, or REDUCED_REDUNDANCY storage\ + \ classes. For more information, about storage classes see Storage Classes in the Amazon S3 User Guide.

\ + \

Special Errors

For a list of special errors for this\ + \ operation, see List of SELECT Object Content Error Codes

Related\ + \ Resources

" + operationId: SelectObjectContent + parameters: + - description: The object key. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: The server-side encryption (SSE) algorithm used to encrypt the + object. This parameter is needed only when the object was created using + a checksum algorithm. For more information, see Protecting + data using SSE-C keys in the Amazon S3 User Guide. + in: header + name: x-amz-server-side-encryption-customer-algorithm + required: false + schema: + type: string + - description: The server-side encryption (SSE) customer managed key. This parameter + is needed only when the object was created using a checksum algorithm. For + more information, see Protecting + data using SSE-C keys in the Amazon S3 User Guide. + in: header + name: x-amz-server-side-encryption-customer-key + required: false + schema: + format: password + type: string + - description: The MD5 server-side encryption (SSE) customer managed key. This + parameter is needed only when the object was created using a checksum algorithm. + For more information, see Protecting + data using SSE-C keys in the Amazon S3 User Guide. + in: header + name: x-amz-server-side-encryption-customer-key-MD5 + required: false + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: select + required: true + schema: + enum: + - true + type: boolean + - in: query + name: select-type + required: true + schema: + enum: + - '2' + type: string + requestBody: + content: + text/xml: + schema: + properties: + Expression: + description: The expression that is used to query the object. + type: string + ExpressionType: + description: The type of the provided expression (for example, SQL). + enum: + - SQL + type: string + InputSerialization: + description: Describes the serialization format of the object. + properties: + CSV: + allOf: + - $ref: '#/components/schemas/CSVInput' + - description: Describes the serialization of a CSV-encoded + object. + CompressionType: + allOf: + - $ref: '#/components/schemas/CompressionType' + - description: 'Specifies object''s compression format. Valid + values: NONE, GZIP, BZIP2. Default Value: NONE.' + JSON: + allOf: + - $ref: '#/components/schemas/JSONInput' + - description: Specifies JSON as object's input serialization + format. + Parquet: + allOf: + - $ref: '#/components/schemas/ParquetInput' + - description: Specifies Parquet as object's input serialization + format. + type: object + OutputSerialization: + description: Describes how results of the Select job are serialized. + properties: + CSV: + allOf: + - $ref: '#/components/schemas/CSVOutput' + - description: Describes the serialization of CSV-encoded Select + results. + JSON: + allOf: + - $ref: '#/components/schemas/JSONOutput' + - description: Specifies JSON as request's output serialization + format. + type: object + RequestProgress: + description: Container for specifying if periodic QueryProgress + messages should be sent. + properties: + Enabled: + allOf: + - $ref: '#/components/schemas/EnableRequestProgress' + - description: 'Specifies whether periodic QueryProgress frames + should be sent. Valid values: TRUE, FALSE. Default value: + FALSE.' + type: object + ScanRange: + description: Specifies the byte range of the object to get the records + from. A record is processed when its first byte is contained by + the range. This parameter is optional, but when specified, it + must not be empty. See RFC 2616, Section 14.35.1 about how to + specify the start and end of the range. + properties: + End: + allOf: + - $ref: '#/components/schemas/End' + - description: 'Specifies the end of the byte range. This parameter + is optional. Valid values: non-negative integers. The default + value is one less than the size of the object being queried. + If only the End parameter is supplied, it is interpreted + to mean scan the last N bytes of the file. For example, + <scanrange><end>50</end></scanrange> + means scan the last 50 bytes.' + Start: + allOf: + - $ref: '#/components/schemas/Start' + - description: 'Specifies the start of the byte range. This + parameter is optional. Valid values: non-negative integers. + The default value is 0. If only start is supplied, + it means scan from that point to the end of the file. For + example, <scanrange><start>50</start></scanrange> + means scan from byte 50 until the end of the file.' + type: object + required: + - Expression + - ExpressionType + - InputSerialization + - OutputSerialization + type: object + required: true + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/SelectObjectContentOutput' + description: Success + /{Key}?tagging: + delete: + description:

Removes the entire tag set from the specified object. For more + information about managing object tags, see + Object Tagging.

To use this operation, you must have permission + to perform the s3:DeleteObjectTagging action.

To delete + tags of a specific object version, add the versionId query parameter + in the request. You will need permission for the s3:DeleteObjectVersionTagging + action.

The following operations are related to DeleteBucketMetricsConfiguration:

+ + operationId: DeleteObjectTagging + parameters: + - description: The key that identifies the object in the bucket from which to + remove all tags. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: The versionId of the object that the tag-set will be removed + from. + in: query + name: versionId + required: false + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: tagging + required: true + schema: + enum: + - true + type: boolean + responses: + '204': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteObjectTaggingOutput' + description: Success + get: + description:

Returns the tag-set of an object. You send the GET request against + the tagging subresource associated with the object.

To use this operation, + you must have permission to perform the s3:GetObjectTagging action. + By default, the GET action returns information about current version of an + object. For a versioned bucket, you can have multiple versions of an object + in your bucket. To retrieve tags of any other version, use the versionId query + parameter. You also need permission for the s3:GetObjectVersionTagging + action.

By default, the bucket owner has this permission and can grant + this permission to others.

For information about the Amazon S3 object + tagging feature, see Object + Tagging.

The following actions are related to GetObjectTagging:

+ + operationId: GetObjectTagging + parameters: + - description: Object key for which to get the tagging information. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: The versionId of the object for which to get the tagging information. + in: query + name: versionId + required: false + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - allowEmptyValue: true + in: query + name: tagging + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetObjectTaggingOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description: '

Sets the supplied tag-set to an object that already exists + in a bucket.

A tag is a key-value pair. You can associate tags with + an object by sending a PUT request against the tagging subresource that is + associated with the object. You can retrieve tags by sending a GET request. + For more information, see GetObjectTagging.

+

For tagging-related restrictions related to characters and encodings, see + Tag + Restrictions. Note that Amazon S3 limits the maximum number of tags to + 10 tags per object.

To use this operation, you must have permission + to perform the s3:PutObjectTagging action. By default, the bucket + owner has this permission and can grant this permission to others.

To + put tags of any other version, use the versionId query parameter. + You also need permission for the s3:PutObjectVersionTagging action.

+

For information about the Amazon S3 object tagging feature, see Object + Tagging.

Special Errors

    • +

    • Code: InvalidTagError

    • Cause: The tag + provided was not a valid tag. This error can occur if the tag did not pass + input validation. For more information, see Object + Tagging.

    • Code: MalformedXMLError +

    • Cause: The XML provided does not match the schema. +

    • Code: OperationAbortedError +

    • Cause: A conflicting conditional action is currently + in progress against this resource. Please try again.

    +

    • Code: InternalError

    • Cause: + The service was unable to apply the provided tag to the object.

      • +

Related Resources

' + operationId: PutObjectTagging + parameters: + - description: Name of the object key. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: The versionId of the object that the tag-set will be added to. + in: query + name: versionId + required: false + schema: + type: string + - description:

The MD5 hash for the request body.

For requests made + using the Amazon Web Services Command Line Interface (CLI) or Amazon Web + Services SDKs, this field is calculated automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - allowEmptyValue: true + in: query + name: tagging + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + Tagging: + description: Container for TagSet elements. + properties: + TagSet: + allOf: + - $ref: '#/components/schemas/TagSet' + - description: A collection for a set of tags + type: object + required: + - Tagging + type: object + required: true + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/PutObjectTaggingOutput' + description: Success + /{Key}?torrent: + get: + description:

Returns torrent files from a bucket. BitTorrent can save you + bandwidth when you're distributing large files. For more information about + BitTorrent, see Using + BitTorrent with Amazon S3.

You can get torrent only for + objects that are less than 5 GB in size, and that are not encrypted using + server-side encryption with a customer-provided encryption key.

 +

To use GET, you must have READ access to the object.

This action + is not supported by Amazon S3 on Outposts.

The following action is + related to GetObjectTorrent:

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectGETtorrent.html + operationId: GetObjectTorrent + parameters: + - description: The object key for which to get the information. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: torrent + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetObjectTorrentOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + /{Key}?uploads: + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + post: + description: "

This action initiates a multipart upload and returns an upload\ + \ ID. This upload ID is used to associate all of the parts in the specific\ + \ multipart upload. You specify this upload ID in each of your subsequent\ + \ upload part requests (see UploadPart). You also include this upload ID in the final request to\ + \ either complete or abort the multipart upload request.

For more information\ + \ about multipart uploads, see Multipart Upload Overview.

If you have configured a lifecycle\ + \ rule to abort incomplete multipart uploads, the upload must complete within\ + \ the number of days specified in the bucket lifecycle configuration. Otherwise,\ + \ the incomplete multipart upload becomes eligible for an abort action and\ + \ Amazon S3 aborts the multipart upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy.

\ + \

For information about the permissions required to use the multipart upload\ + \ API, see Multipart Upload and Permissions.

For request signing, multipart\ + \ upload is just a series of regular requests. You initiate a multipart upload,\ + \ send one or more requests to upload parts, and then complete the multipart\ + \ upload process. You sign each request individually. There is nothing special\ + \ about signing multipart upload requests. For more information about signing,\ + \ see Authenticating Requests (Amazon Web Services Signature Version 4).

\ + \

After you initiate a multipart upload and upload one or more\ + \ parts, to stop being charged for storing the uploaded parts, you must either\ + \ complete or abort the multipart upload. Amazon S3 frees up the space used\ + \ to store the parts and stop charging you for storing them only after you\ + \ either complete or abort a multipart upload.

You can optionally\ + \ request server-side encryption. For server-side encryption, Amazon S3 encrypts\ + \ your data as it writes it to disks in its data centers and decrypts it when\ + \ you access it. You can provide your own encryption key, or use Amazon Web\ + \ Services KMS keys or Amazon S3-managed encryption keys. If you choose to\ + \ provide your own encryption key, the request headers you provide in UploadPart\ + \ and UploadPartCopy requests must match the headers you used in the request\ + \ to initiate the upload by using CreateMultipartUpload.

\ + \

To perform a multipart upload with encryption using an Amazon Web Services\ + \ KMS key, the requester must have permission to the kms:Decrypt\ + \ and kms:GenerateDataKey* actions on the key. These permissions\ + \ are required because Amazon S3 must decrypt and read data from the encrypted\ + \ file parts before it completes the multipart upload. For more information,\ + \ see Multipart upload API and permissions in the Amazon S3 User Guide.

\ + \

If your Identity and Access Management (IAM) user or role is in the same\ + \ Amazon Web Services account as the KMS key, then you must have these permissions\ + \ on the key policy. If your IAM user or role belongs to a different account\ + \ than the key, then you must have the permissions on both the key policy\ + \ and your IAM user or role.

For more information, see Protecting Data Using Server-Side Encryption.

Access Permissions
\ + \

When copying an object, you can optionally specify the accounts\ + \ or groups that should be granted specific permissions on the new object.\ + \ There are two ways to grant the permissions using the request headers:

\ + \

  • Specify a canned ACL with the x-amz-acl request\ + \ header. For more information, see Canned ACL.

  • Specify access permissions explicitly with\ + \ the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp,\ + \ and x-amz-grant-full-control headers. These parameters map\ + \ to the set of permissions that Amazon S3 supports in an ACL. For more information,\ + \ see Access Control List (ACL) Overview.

You can use either\ + \ a canned ACL or specify access permissions explicitly. You cannot do both.

\ + \
Server-Side- Encryption-Specific Request Headers

You\ + \ can optionally tell Amazon S3 to encrypt data at rest using server-side\ + \ encryption. Server-side encryption is for data encryption at rest. Amazon\ + \ S3 encrypts your data as it writes it to disks in its data centers and decrypts\ + \ it when you access it. The option you use depends on whether you want to\ + \ use Amazon Web Services managed encryption keys or provide your own encryption\ + \ key.

  • Use encryption keys managed by Amazon S3 or customer\ + \ managed key stored in Amazon Web Services Key Management Service (Amazon\ + \ Web Services KMS) \u2013 If you want Amazon Web Services to manage the keys\ + \ used to encrypt data, specify the following headers in the request.

    \ + \

    • x-amz-server-side-encryption

    • \ + \

      x-amz-server-side-encryption-aws-kms-key-id

      • \ + \

    • x-amz-server-side-encryption-context

    \ + \

    If you specify x-amz-server-side-encryption:aws:kms,\ + \ but don't provide x-amz-server-side-encryption-aws-kms-key-id,\ + \ Amazon S3 uses the Amazon Web Services managed key in Amazon Web Services\ + \ KMS to protect the data.

    All GET and PUT requests\ + \ for an object protected by Amazon Web Services KMS fail if you don't make\ + \ them with SSL or by using SigV4.

    For more information\ + \ about server-side encryption with KMS key (SSE-KMS), see Protecting Data Using Server-Side Encryption with KMS keys.

    • \ + \

  • Use customer-provided encryption keys \u2013 If you want to manage\ + \ your own encryption keys, provide all the following headers in the request.

    \ + \

    • x-amz-server-side-encryption-customer-algorithm\ + \

    • x-amz-server-side-encryption-customer-key\ + \

    • x-amz-server-side-encryption-customer-key-MD5\ + \

    For more information about server-side encryption with\ + \ KMS keys (SSE-KMS), see Protecting Data Using Server-Side Encryption with KMS keys.

    • \ + \
Access-Control-List (ACL)-Specific Request Headers
\ + \

You also can use the following access control\u2013related headers\ + \ with this operation. By default, all objects are private. Only the owner\ + \ has full access control. When adding a new object, you can grant permissions\ + \ to individual Amazon Web Services accounts or to predefined groups defined\ + \ by Amazon S3. These permissions are then added to the access control list\ + \ (ACL) on the object. For more information, see Using ACLs. With this operation, you can grant access permissions using\ + \ one of the following two methods:

  • Specify a canned ACL\ + \ (x-amz-acl) \u2014 Amazon S3 supports a set of predefined ACLs,\ + \ known as canned ACLs. Each canned ACL has a predefined set of grantees\ + \ and permissions. For more information, see Canned ACL.

  • Specify access permissions explicitly \u2014\ + \ To explicitly grant access permissions to specific Amazon Web Services accounts\ + \ or groups, use the following headers. Each header maps to specific permissions\ + \ that Amazon S3 supports in an ACL. For more information, see Access\ + \ Control List (ACL) Overview. In the header, you specify a list of grantees\ + \ who get the specific permission. To grant permissions explicitly, use:

    \ + \

    • x-amz-grant-read

    • x-amz-grant-write\ + \

    • x-amz-grant-read-acp

    • \ + \ x-amz-grant-write-acp

    • x-amz-grant-full-control\ + \

    You specify each grantee as a type=value pair, where\ + \ the type is one of the following:

    • id \u2013\ + \ if the value specified is the canonical user ID of an Amazon Web Services\ + \ account

    • uri \u2013 if you are granting permissions\ + \ to a predefined group

    • emailAddress \u2013\ + \ if the value specified is the email address of an Amazon Web Services account

      \ + \

      Using email addresses to specify a grantee is only supported in\ + \ the following Amazon Web Services Regions:

      • US East (N.\ + \ Virginia)

      • US West (N. California)

      • US\ + \ West (Oregon)

      • Asia Pacific (Singapore)

      • \ + \

        Asia Pacific (Sydney)

      • Asia Pacific (Tokyo)

        • \ + \

      • Europe (Ireland)

      • South America (S\xE3o Paulo)

        \ + \

      For a list of all the Amazon S3 supported Regions and endpoints,\ + \ see Regions and Endpoints in the Amazon Web Services General Reference.

      \ + \

    For example, the following x-amz-grant-read\ + \ header grants the Amazon Web Services accounts identified by account IDs\ + \ permissions to read object data and its metadata:

    x-amz-grant-read:\ + \ id=\"11112222333\", id=\"444455556666\"

\ + \

The following operations are related to CreateMultipartUpload:

\ + \ " + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadInitiate.html + operationId: CreateMultipartUpload + parameters: + - description:

The canned ACL to apply to the object.

This action + is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-acl + required: false + schema: + enum: + - private + - public-read + - public-read-write + - authenticated-read + - aws-exec-read + - bucket-owner-read + - bucket-owner-full-control + type: string + - description: Specifies caching behavior along the request/reply chain. + in: header + name: Cache-Control + required: false + schema: + type: string + - description: Specifies presentational information for the object. + in: header + name: Content-Disposition + required: false + schema: + type: string + - description: Specifies what content encodings have been applied to the object + and thus what decoding mechanisms must be applied to obtain the media-type + referenced by the Content-Type header field. + in: header + name: Content-Encoding + required: false + schema: + type: string + - description: The language the content is in. + in: header + name: Content-Language + required: false + schema: + type: string + - description: A standard MIME type describing the format of the object data. + in: header + name: Content-Type + required: false + schema: + type: string + - description: The date and time at which the object is no longer cacheable. + in: header + name: Expires + required: false + schema: + format: date-time + type: string + - description:

Gives the grantee READ, READ_ACP, and WRITE_ACP permissions + on the object.

This action is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-full-control + required: false + schema: + type: string + - description:

Allows grantee to read the object data and its metadata.

+

This action is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-read + required: false + schema: + type: string + - description:

Allows grantee to read the object ACL.

This action + is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-read-acp + required: false + schema: + type: string + - description:

Allows grantee to write the ACL for the applicable object.

+

This action is not supported by Amazon S3 on Outposts.

+ in: header + name: x-amz-grant-write-acp + required: false + schema: + type: string + - description: Object key for which the multipart upload is to be initiated. + in: path + name: Key + required: true + schema: + minLength: 1 + type: string + - description: The server-side encryption algorithm used when storing this object + in Amazon S3 (for example, AES256, aws:kms). + in: header + name: x-amz-server-side-encryption + required: false + schema: + enum: + - AES256 + - aws:kms + type: string + - description: By default, Amazon S3 uses the STANDARD Storage Class to store + newly created objects. The STANDARD storage class provides high durability + and high availability. Depending on performance needs, you can specify a + different Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage + Class. For more information, see Storage + Classes in the Amazon S3 User Guide. + in: header + name: x-amz-storage-class + required: false + schema: + enum: + - STANDARD + - REDUCED_REDUNDANCY + - STANDARD_IA + - ONEZONE_IA + - INTELLIGENT_TIERING + - GLACIER + - DEEP_ARCHIVE + - OUTPOSTS + - GLACIER_IR + type: string + - description: If the bucket is configured as a website, redirects requests + for this object to another object in the same bucket or to an external URL. + Amazon S3 stores the value of this header in the object metadata. + in: header + name: x-amz-website-redirect-location + required: false + schema: + type: string + - description: Specifies the algorithm to use to when encrypting the object + (for example, AES256). + in: header + name: x-amz-server-side-encryption-customer-algorithm + required: false + schema: + type: string + - description: Specifies the customer-provided encryption key for Amazon S3 + to use in encrypting data. This value is used to store the object and then + it is discarded; Amazon S3 does not store the encryption key. The key must + be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm + header. + in: header + name: x-amz-server-side-encryption-customer-key + required: false + schema: + format: password + type: string + - description: Specifies the 128-bit MD5 digest of the encryption key according + to RFC 1321. Amazon S3 uses this header for a message integrity check to + ensure that the encryption key was transmitted without error. + in: header + name: x-amz-server-side-encryption-customer-key-MD5 + required: false + schema: + type: string + - description: Specifies the ID of the symmetric customer managed key to use + for object encryption. All GET and PUT requests for an object protected + by Amazon Web Services KMS will fail if not made via SSL or using SigV4. + For information about configuring using any of the officially supported + Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying + the Signature Version in Request Authentication in the Amazon S3 + User Guide. + in: header + name: x-amz-server-side-encryption-aws-kms-key-id + required: false + schema: + format: password + type: string + - description: Specifies the Amazon Web Services KMS Encryption Context to use + for object encryption. The value of this header is a base64-encoded UTF-8 + string holding JSON with the encryption context key-value pairs. + in: header + name: x-amz-server-side-encryption-context + required: false + schema: + format: password + type: string + - description: "

Specifies whether Amazon S3 should use an S3 Bucket Key for\ + \ object encryption with server-side encryption using AWS KMS (SSE-KMS).\ + \ Setting this header to true causes Amazon S3 to use an S3\ + \ Bucket Key for object encryption with SSE-KMS.

Specifying this\ + \ header with an object action doesn\u2019t affect bucket-level settings\ + \ for S3 Bucket Key.

" + in: header + name: x-amz-server-side-encryption-bucket-key-enabled + required: false + schema: + type: boolean + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The tag-set for the object. The tag-set must be encoded as URL + Query parameters. + in: header + name: x-amz-tagging + required: false + schema: + type: string + - description: Specifies the Object Lock mode that you want to apply to the + uploaded object. + in: header + name: x-amz-object-lock-mode + required: false + schema: + enum: + - GOVERNANCE + - COMPLIANCE + type: string + - description: Specifies the date and time when you want the Object Lock to + expire. + in: header + name: x-amz-object-lock-retain-until-date + required: false + schema: + format: date-time + type: string + - description: Specifies whether you want to apply a legal hold to the uploaded + object. + in: header + name: x-amz-object-lock-legal-hold + required: false + schema: + enum: + - 'ON' + - 'OFF' + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description: Indicates the algorithm you want Amazon S3 to use to create the + checksum for the object. For more information, see Checking + object integrity in the Amazon S3 User Guide. + in: header + name: x-amz-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - allowEmptyValue: true + in: query + name: uploads + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + x-amz-meta-: + additionalProperties: + $ref: '#/components/schemas/MetadataValue' + description: A map of metadata to store with the object in S3. + type: object + type: object + required: true + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateMultipartUploadOutput' + description: Success + /?accelerate: + get: + description:

This implementation of the GET action uses the accelerate + subresource to return the Transfer Acceleration state of a bucket, which is + either Enabled or Suspended. Amazon S3 Transfer + Acceleration is a bucket-level feature that enables you to perform faster + data transfers to and from Amazon S3.

To use this operation, you must + have permission to perform the s3:GetAccelerateConfiguration + action. The bucket owner has this permission by default. The bucket owner + can grant this permission to others. For more information about permissions, + see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to your Amazon S3 Resources in the Amazon S3 User + Guide.

You set the Transfer Acceleration state of an existing bucket + to Enabled or Suspended by using the PutBucketAccelerateConfiguration + operation.

A GET accelerate request does not return a + state value for a bucket that has no transfer acceleration state. A bucket + has no Transfer Acceleration state if a state has never been set on the bucket. +

For more information about transfer acceleration, see Transfer + Acceleration in the Amazon S3 User Guide.

Related + Resources

+ operationId: GetBucketAccelerateConfiguration + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: accelerate + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketAccelerateConfigurationOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description: "

Sets the accelerate configuration of an existing bucket. Amazon\ + \ S3 Transfer Acceleration is a bucket-level feature that enables you to perform\ + \ faster data transfers to Amazon S3.

To use this operation, you must\ + \ have permission to perform the s3:PutAccelerateConfiguration\ + \ action. The bucket owner has this permission by default. The bucket owner\ + \ can grant this permission to others. For more information about permissions,\ + \ see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

The\ + \ Transfer Acceleration state of a bucket can be set to one of the following\ + \ two values:

  • Enabled \u2013 Enables accelerated data transfers\ + \ to the bucket.

  • Suspended \u2013 Disables accelerated\ + \ data transfers to the bucket.

The GetBucketAccelerateConfiguration action returns the transfer acceleration\ + \ state of a bucket.

After setting the Transfer Acceleration state\ + \ of a bucket to Enabled, it might take up to thirty minutes before the data\ + \ transfer rates to the bucket increase.

The name of the bucket used\ + \ for Transfer Acceleration must be DNS-compliant and must not contain periods\ + \ (\".\").

For more information about transfer acceleration, see Transfer Acceleration.

The following operations are related to\ + \ PutBucketAccelerateConfiguration:

" + operationId: PutBucketAccelerateConfiguration + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - allowEmptyValue: true + in: query + name: accelerate + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + AccelerateConfiguration: + description: Configures the transfer acceleration state for an Amazon + S3 bucket. For more information, see Amazon + S3 Transfer Acceleration in the Amazon S3 User Guide. + properties: + Status: + allOf: + - $ref: '#/components/schemas/BucketAccelerateStatus' + - description: Specifies the transfer acceleration status of + the bucket. + type: object + required: + - AccelerateConfiguration + type: object + required: true + responses: + '200': + description: Success + /?acl: + get: + description:

This implementation of the GET action uses the + acl subresource to return the access control list (ACL) of a + bucket. To use GET to return the ACL of the bucket, you must + have READ_ACP access to the bucket. If READ_ACP + permission is granted to the anonymous user, you can return the ACL of the + bucket without using an authorization header.

If your bucket + uses the bucket owner enforced setting for S3 Object Ownership, requests to + read ACLs are still supported and return the bucket-owner-full-control + ACL with the owner being the account that created the bucket. For more information, + see + Controlling object ownership and disabling ACLs in the Amazon S3 User + Guide.

Related Resources

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETacl.html + operationId: GetBucketAcl + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: acl + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketAclOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description: "

Sets the permissions on an existing bucket using access control\ + \ lists (ACL). For more information, see Using ACLs. To set the ACL of a bucket, you must have WRITE_ACP\ + \ permission.

You can use one of the following two ways to set a bucket's\ + \ permissions:

  • Specify the ACL in the request body

    • \ + \

  • Specify permissions using request headers

\ + \

You cannot specify access permission using both the body and the request\ + \ headers.

Depending on your application needs, you may choose\ + \ to set the ACL on a bucket using either the request body or the headers.\ + \ For example, if you have an existing application that updates a bucket ACL\ + \ using the request body, then you can continue to use that approach.

\ + \

If your bucket uses the bucket owner enforced setting for\ + \ S3 Object Ownership, ACLs are disabled and no longer affect permissions.\ + \ You must use policies to grant access to your bucket and the objects in\ + \ it. Requests to set ACLs or update ACLs fail and return the AccessControlListNotSupported\ + \ error code. Requests to read ACLs are still supported. For more information,\ + \ see Controlling object ownership in the Amazon S3 User Guide.

\ + \

Access Permissions

You can set access permissions\ + \ using one of the following methods:

  • Specify a canned ACL\ + \ with the x-amz-acl request header. Amazon S3 supports a set\ + \ of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined\ + \ set of grantees and permissions. Specify the canned ACL name as the value\ + \ of x-amz-acl. If you use this header, you cannot use other\ + \ access control-specific headers in your request. For more information, see\ + \ Canned ACL.

  • Specify access permissions explicitly with\ + \ the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp,\ + \ and x-amz-grant-full-control headers. When using these headers,\ + \ you specify explicit access permissions and grantees (Amazon Web Services\ + \ accounts or Amazon S3 groups) who will receive the permission. If you use\ + \ these ACL-specific headers, you cannot use the x-amz-acl header\ + \ to set a canned ACL. These parameters map to the set of permissions that\ + \ Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.

    You specify each grantee as\ + \ a type=value pair, where the type is one of the following:

    • \ + \

      id \u2013 if the value specified is the canonical user\ + \ ID of an Amazon Web Services account

    • uri\ + \ \u2013 if you are granting permissions to a predefined group

    • \ + \

      emailAddress \u2013 if the value specified is the email\ + \ address of an Amazon Web Services account

      Using email addresses\ + \ to specify a grantee is only supported in the following Amazon Web Services\ + \ Regions:

      • US East (N. Virginia)

      • US West\ + \ (N. California)

      • US West (Oregon)

      • Asia\ + \ Pacific (Singapore)

      • Asia Pacific (Sydney)

      • \ + \

        Asia Pacific (Tokyo)

      • Europe (Ireland)

      • \ + \

        South America (S\xE3o Paulo)

      For a list of all the\ + \ Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

      \ + \

    For example, the following x-amz-grant-write\ + \ header grants create, overwrite, and delete objects permission to LogDelivery\ + \ group predefined by Amazon S3 and two Amazon Web Services accounts identified\ + \ by their email addresses.

    x-amz-grant-write: uri=\"http://acs.amazonaws.com/groups/s3/LogDelivery\"\ + , id=\"111122223333\", id=\"555566667777\"

You\ + \ can use either a canned ACL or specify access permissions explicitly. You\ + \ cannot do both.

Grantee Values

You can specify the\ + \ person (grantee) to whom you're assigning access rights (using request elements)\ + \ in the following ways:

  • By the person's ID:

    <Grantee\ + \ xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"\ + ><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName>\ + \ </Grantee>

    DisplayName is optional and ignored in the\ + \ request

  • By URI:

    <Grantee xmlns:xsi=\"\ + http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>\ + \

  • By Email address:

    <Grantee xmlns:xsi=\"\ + http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"\ + ><EmailAddress><>Grantees@email.com<></EmailAddress>lt;/Grantee>\ + \

    The grantee is resolved to the CanonicalUser and, in a response\ + \ to a GET Object acl request, appears as the CanonicalUser.

    Using\ + \ email addresses to specify a grantee is only supported in the following\ + \ Amazon Web Services Regions:

    • US East (N. Virginia)

      \ + \

    • US West (N. California)

    • US West (Oregon)

      \ + \

    • Asia Pacific (Singapore)

    • Asia Pacific (Sydney)

      \ + \

    • Asia Pacific (Tokyo)

    • Europe (Ireland)

      \ + \

    • South America (S\xE3o Paulo)

    For a list\ + \ of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    \ + \

Related Resources

" + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTacl.html + operationId: PutBucketAcl + parameters: + - description: The canned ACL to apply to the bucket. + in: header + name: x-amz-acl + required: false + schema: + enum: + - private + - public-read + - public-read-write + - authenticated-read + type: string + - description:

The base64-encoded 128-bit MD5 digest of the data. This header + must be used as a message integrity check to verify that the request body + was not corrupted in transit. For more information, go to RFC + 1864.

For requests made using the Amazon Web Services Command + Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated + automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: Allows grantee the read, write, read ACP, and write ACP permissions + on the bucket. + in: header + name: x-amz-grant-full-control + required: false + schema: + type: string + - description: Allows grantee to list the objects in the bucket. + in: header + name: x-amz-grant-read + required: false + schema: + type: string + - description: Allows grantee to read the bucket ACL. + in: header + name: x-amz-grant-read-acp + required: false + schema: + type: string + - description:

Allows grantee to create new objects in the bucket.

For + the bucket and object owners of existing objects, also allows deletions + and overwrites of those objects.

+ in: header + name: x-amz-grant-write + required: false + schema: + type: string + - description: Allows grantee to write the ACL for the applicable bucket. + in: header + name: x-amz-grant-write-acp + required: false + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: acl + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + AccessControlPolicy: + description: Contains the elements that set the ACL permissions + for an object per grantee. + properties: + AccessControlList: + allOf: + - $ref: '#/components/schemas/Grants' + - description: A list of grants. + Owner: + allOf: + - $ref: '#/components/schemas/Owner' + - description: Container for the bucket owner's display name + and ID. + type: object + type: object + required: true + responses: + '200': + description: Success + /?analytics: + get: + description: "

Lists the analytics configurations for the bucket. You can\ + \ have up to 1,000 analytics configurations per bucket.

This action\ + \ supports list pagination and does not return more than 100 configurations\ + \ at a time. You should always check the IsTruncated element\ + \ in the response. If there are no more configurations to list, IsTruncated\ + \ is set to false. If there are more configurations to list, IsTruncated\ + \ is set to true, and there will be a value in NextContinuationToken.\ + \ You use the NextContinuationToken value to continue the pagination\ + \ of the list by passing the value in continuation-token in the request to\ + \ GET the next page.

To use this operation, you must have\ + \ permissions to perform the s3:GetAnalyticsConfiguration action.\ + \ The bucket owner has this permission by default. The bucket owner can grant\ + \ this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

For information\ + \ about Amazon S3 analytics feature, see Amazon S3 Analytics \u2013 Storage Class Analysis.

The following\ + \ operations are related to ListBucketAnalyticsConfigurations:

\ + \ " + operationId: ListBucketAnalyticsConfigurations + parameters: + - description: The ContinuationToken that represents a placeholder from where + this request should begin. + in: query + name: continuation-token + required: false + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: analytics + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/ListBucketAnalyticsConfigurationsOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + /?analytics#id: + delete: + description: "

Deletes an analytics configuration for the bucket (specified\ + \ by the analytics configuration ID).

To use this operation, you must\ + \ have permissions to perform the s3:PutAnalyticsConfiguration\ + \ action. The bucket owner has this permission by default. The bucket owner\ + \ can grant this permission to others. For more information about permissions,\ + \ see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

For information\ + \ about the Amazon S3 analytics feature, see Amazon S3 Analytics \u2013 Storage Class Analysis.

The following\ + \ operations are related to DeleteBucketAnalyticsConfiguration:

\ + \ " + operationId: DeleteBucketAnalyticsConfiguration + parameters: + - description: The ID that identifies the analytics configuration. + in: query + name: id + required: true + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: analytics + required: true + schema: + enum: + - true + type: boolean + responses: + '204': + description: Success + get: + description: "

This implementation of the GET action returns an analytics\ + \ configuration (identified by the analytics configuration ID) from the bucket.

\ + \

To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration\ + \ action. The bucket owner has this permission by default. The bucket owner\ + \ can grant this permission to others. For more information about permissions,\ + \ see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon\ + \ S3 User Guide.

For information about Amazon S3 analytics feature,\ + \ see Amazon S3 Analytics \u2013 Storage Class Analysis in the Amazon S3\ + \ User Guide.

Related Resources

" + operationId: GetBucketAnalyticsConfiguration + parameters: + - description: The ID that identifies the analytics configuration. + in: query + name: id + required: true + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: analytics + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketAnalyticsConfigurationOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description: "

Sets an analytics configuration for the bucket (specified by\ + \ the analytics configuration ID). You can have up to 1,000 analytics configurations\ + \ per bucket.

You can choose to have storage class analysis export\ + \ analysis reports sent to a comma-separated values (CSV) flat file. See the\ + \ DataExport request element. Reports are updated daily and are\ + \ based on the object filters that you configure. When selecting data export,\ + \ you specify a destination bucket and an optional destination prefix where\ + \ the file is written. You can export the data to a destination bucket in\ + \ a different account. However, the destination bucket must be in the same\ + \ Region as the bucket that you are making the PUT analytics configuration\ + \ to. For more information, see Amazon S3 Analytics \u2013 Storage Class Analysis.

You\ + \ must create a bucket policy on the destination bucket where the exported\ + \ file is written to grant permissions to Amazon S3 to write objects to the\ + \ bucket. For an example policy, see Granting Permissions for Amazon S3 Inventory and Storage Class Analysis.

\ + \

To use this operation, you must have permissions to perform\ + \ the s3:PutAnalyticsConfiguration action. The bucket owner has\ + \ this permission by default. The bucket owner can grant this permission to\ + \ others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

Special Errors

    • HTTP Error:\ + \ HTTP 400 Bad Request

    • Code: InvalidArgument\ + \

    • Cause: Invalid argument.

    • \ + \

    • HTTP Error: HTTP 400 Bad Request

    • \ + \

      Code: TooManyConfigurations

    • Cause: You\ + \ are attempting to create a new configuration but have already reached the\ + \ 1,000-configuration limit.

    • \ + \ HTTP Error: HTTP 403 Forbidden

    • Code: AccessDenied\ + \

    • Cause: You are not the owner of the specified bucket,\ + \ or you do not have the s3:PutAnalyticsConfiguration bucket permission to\ + \ set the configuration on the bucket.

Related Resources

" + operationId: PutBucketAnalyticsConfiguration + parameters: + - description: The ID that identifies the analytics configuration. + in: query + name: id + required: true + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: analytics + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + AnalyticsConfiguration: + description: Specifies the configuration and any analyses for the + analytics filter of an Amazon S3 bucket. + properties: + Filter: + allOf: + - $ref: '#/components/schemas/AnalyticsFilter' + - description: The filter used to describe a set of objects + for analyses. A filter must have exactly one prefix, one + tag, or one conjunction (AnalyticsAndOperator). If no filter + is provided, all objects will be considered in any analysis. + Id: + allOf: + - $ref: '#/components/schemas/AnalyticsId' + - description: The ID that identifies the analytics configuration. + StorageClassAnalysis: + allOf: + - $ref: '#/components/schemas/StorageClassAnalysis' + - description: ' Contains data related to access patterns to + be collected and made available to analyze the tradeoffs + between different storage classes. ' + type: object + required: + - AnalyticsConfiguration + type: object + required: true + responses: + '200': + description: Success + /?cors: + delete: + description:

Deletes the cors configuration information set + for the bucket.

To use this operation, you must have permission to + perform the s3:PutBucketCORS action. The bucket owner has this + permission by default and can grant this permission to others.

For + information about cors, see Enabling + Cross-Origin Resource Sharing in the Amazon S3 User Guide.

+

Related Resources:

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETEcors.html + operationId: DeleteBucketCors + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: cors + required: true + schema: + enum: + - true + type: boolean + responses: + '204': + description: Success + get: + description:

Returns the Cross-Origin Resource Sharing (CORS) configuration + information set for the bucket.

To use this operation, you must have + permission to perform the s3:GetBucketCORS action. By default, + the bucket owner has this permission and can grant it to others.

For + more information about CORS, see + Enabling Cross-Origin Resource Sharing.

The following operations + are related to GetBucketCors:

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETcors.html + operationId: GetBucketCors + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: cors + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketCorsOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

Sets the cors configuration for your bucket. If + the configuration exists, Amazon S3 replaces it.

To use this operation, + you must be allowed to perform the s3:PutBucketCORS action. By + default, the bucket owner has this permission and can grant it to others.

+

You set this configuration on a bucket so that the bucket can service cross-origin + requests. For example, you might want to enable a request whose origin is + http://www.example.com to access your Amazon S3 bucket at my.example.bucket.com + by using the browser's XMLHttpRequest capability.

To enable + cross-origin resource sharing (CORS) on a bucket, you add the cors + subresource to the bucket. The cors subresource is an XML document + in which you configure rules that identify origins and the HTTP methods that + can be executed on your bucket. The document is limited to 64 KB in size. +

When Amazon S3 receives a cross-origin request (or a pre-flight OPTIONS + request) against a bucket, it evaluates the cors configuration + on the bucket and uses the first CORSRule rule that matches the + incoming browser request to enable a cross-origin request. For a rule to match, + the following conditions must be met:

  • The request's Origin + header must match AllowedOrigin elements.

  • The + request method (for example, GET, PUT, HEAD, and so on) or the Access-Control-Request-Method + header in case of a pre-flight OPTIONS request must be one of + the AllowedMethod elements.

  • Every header specified + in the Access-Control-Request-Headers request header of a pre-flight + request must match an AllowedHeader element.

+

For more information about CORS, go to Enabling + Cross-Origin Resource Sharing in the Amazon S3 User Guide.

+

Related Resources

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTcors.html + operationId: PutBucketCors + parameters: + - description:

The base64-encoded 128-bit MD5 digest of the data. This header + must be used as a message integrity check to verify that the request body + was not corrupted in transit. For more information, go to RFC + 1864.

For requests made using the Amazon Web Services Command + Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated + automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: cors + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + CORSConfiguration: + description: Describes the cross-origin access configuration for + objects in an Amazon S3 bucket. For more information, see Enabling + Cross-Origin Resource Sharing in the Amazon S3 User Guide. + properties: + CORSRule: + allOf: + - $ref: '#/components/schemas/CORSRules' + - description: A set of origins and methods (cross-origin access + that you want to allow). You can add up to 100 rules to + the configuration. + type: object + required: + - CORSConfiguration + type: object + required: true + responses: + '200': + description: Success + /?delete: + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + post: + description: '

This action enables you to delete multiple objects from a bucket + using a single HTTP request. If you know the object keys that you want to + delete, then this action provides a suitable alternative to sending individual + delete requests, reducing per-request overhead.

The request contains + a list of up to 1000 keys that you want to delete. In the XML, you provide + the object key names, and optionally, version IDs if you want to delete a + specific version of the object from a versioning-enabled bucket. For each + key, Amazon S3 performs a delete action and returns the result of that delete, + success, or failure, in the response. Note that if the object specified in + the request is not found, Amazon S3 returns the result as deleted.

+ The action supports two modes for the response: verbose and quiet. By default, + the action uses verbose mode in which the response includes the result of + deletion of each key in your request. In quiet mode the response includes + only keys where the delete action encountered an error. For a successful deletion, + the action does not return any information about the delete in the response + body.

When performing this action on an MFA Delete enabled bucket, + that attempts to delete any versioned objects, you must include an MFA token. + If you do not provide one, the entire request will fail, even if there are + non-versioned objects you are trying to delete. If you provide an invalid + token, whether there are versioned keys in the request or not, the entire + Multi-Object Delete request will fail. For information about MFA Delete, see + + MFA Delete.

Finally, the Content-MD5 header is required for all + Multi-Object Delete requests. Amazon S3 uses the header value to ensure that + your request body has not been altered in transit.

The following operations + are related to DeleteObjects:

' + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/multiobjectdeleteapi.html + operationId: DeleteObjects + parameters: + - description: The concatenation of the authentication device's serial number, + a space, and the value that is displayed on your authentication device. + Required to permanently delete a versioned object if versioning is configured + with MFA delete enabled. + in: header + name: x-amz-mfa + required: false + schema: + type: string + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: Specifies whether you want to delete this object even if it has + a Governance-type Object Lock in place. To use this header, you must have + the s3:BypassGovernanceRetention permission. + in: header + name: x-amz-bypass-governance-retention + required: false + schema: + type: boolean + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

This checksum algorithm must be the same for all parts + and it match the checksum value supplied in the CreateMultipartUpload + request.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - allowEmptyValue: true + in: query + name: delete + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + Delete: + description: Container for the objects to delete. + properties: + Object: + allOf: + - $ref: '#/components/schemas/ObjectIdentifierList' + - description: The objects to delete. + Quiet: + allOf: + - $ref: '#/components/schemas/Quiet' + - description: Element to enable quiet mode for the request. + When you add this element, you must set its value to true. + type: object + required: + - Delete + type: object + required: true + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteObjectsOutput' + description: Success + /?encryption: + delete: + description:

This implementation of the DELETE action removes default encryption + from the bucket. For information about the Amazon S3 default encryption feature, + see Amazon + S3 Default Bucket Encryption in the Amazon S3 User Guide.

To + use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration + action. The bucket owner has this permission by default. The bucket owner + can grant this permission to others. For more information about permissions, + see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to your Amazon S3 Resources in the Amazon S3 User + Guide.

Related Resources

+ operationId: DeleteBucketEncryption + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: encryption + required: true + schema: + enum: + - true + type: boolean + responses: + '204': + description: Success + get: + description:

Returns the default encryption configuration for an Amazon S3 + bucket. If the bucket does not have a default encryption configuration, GetBucketEncryption + returns ServerSideEncryptionConfigurationNotFoundError.

+

For information about the Amazon S3 default encryption feature, see Amazon + S3 Default Bucket Encryption.

To use this operation, you must + have permission to perform the s3:GetEncryptionConfiguration + action. The bucket owner has this permission by default. The bucket owner + can grant this permission to others. For more information about permissions, + see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources.

The following operations + are related to GetBucketEncryption:

+ operationId: GetBucketEncryption + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: encryption + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketEncryptionOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

This action uses the encryption subresource to + configure default encryption and Amazon S3 Bucket Key for an existing bucket.

+

Default encryption for a bucket can use server-side encryption with Amazon + S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). If you specify + default encryption using SSE-KMS, you can also configure Amazon S3 Bucket + Key. When the default encryption is SSE-KMS, if you upload an object to the + bucket and do not specify the KMS key to use for encryption, Amazon S3 uses + the default Amazon Web Services managed KMS key for your account. For information + about default encryption, see Amazon + S3 default bucket encryption in the Amazon S3 User Guide. For more + information about S3 Bucket Keys, see Amazon + S3 Bucket Keys in the Amazon S3 User Guide.

This + action requires Amazon Web Services Signature Version 4. For more information, + see + Authenticating Requests (Amazon Web Services Signature Version 4).

+

To use this operation, you must have permissions to perform + the s3:PutEncryptionConfiguration action. The bucket owner has + this permission by default. The bucket owner can grant this permission to + others. For more information about permissions, see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide. +

Related Resources

+ operationId: PutBucketEncryption + parameters: + - description:

The base64-encoded 128-bit MD5 digest of the server-side encryption + configuration.

For requests made using the Amazon Web Services Command + Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated + automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: encryption + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + ServerSideEncryptionConfiguration: + description: Specifies the default server-side-encryption configuration. + properties: + Rule: + allOf: + - $ref: '#/components/schemas/ServerSideEncryptionRules' + - description: Container for information about a particular + server-side encryption configuration rule. + type: object + required: + - ServerSideEncryptionConfiguration + type: object + required: true + responses: + '200': + description: Success + /?intelligent-tiering: + get: + description: '

Lists the S3 Intelligent-Tiering configuration from the specified + bucket.

The S3 Intelligent-Tiering storage class is designed to optimize + storage costs by automatically moving data to the most cost-effective storage + access tier, without performance impact or operational overhead. S3 Intelligent-Tiering + delivers automatic cost savings in three low latency and high throughput access + tiers. To get the lowest storage cost on data that can be accessed in minutes + to hours, you can choose to activate additional archiving capabilities.

+

The S3 Intelligent-Tiering storage class is the ideal storage class for + data with unknown, changing, or unpredictable access patterns, independent + of object size or retention period. If the size of an object is less than + 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects + can be stored, but they are always charged at the Frequent Access tier rates + in the S3 Intelligent-Tiering storage class.

For more information, + see Storage + class for automatically optimizing frequently and infrequently accessed objects.

+

Operations related to ListBucketIntelligentTieringConfigurations + include:

' + operationId: ListBucketIntelligentTieringConfigurations + parameters: + - description: The ContinuationToken that represents a placeholder + from where this request should begin. + in: query + name: continuation-token + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: intelligent-tiering + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/ListBucketIntelligentTieringConfigurationsOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + /?intelligent-tiering#id: + delete: + description: '

Deletes the S3 Intelligent-Tiering configuration from the specified + bucket.

The S3 Intelligent-Tiering storage class is designed to optimize + storage costs by automatically moving data to the most cost-effective storage + access tier, without performance impact or operational overhead. S3 Intelligent-Tiering + delivers automatic cost savings in three low latency and high throughput access + tiers. To get the lowest storage cost on data that can be accessed in minutes + to hours, you can choose to activate additional archiving capabilities.

+

The S3 Intelligent-Tiering storage class is the ideal storage class for + data with unknown, changing, or unpredictable access patterns, independent + of object size or retention period. If the size of an object is less than + 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects + can be stored, but they are always charged at the Frequent Access tier rates + in the S3 Intelligent-Tiering storage class.

For more information, + see Storage + class for automatically optimizing frequently and infrequently accessed objects.

+

Operations related to DeleteBucketIntelligentTieringConfiguration + include:

' + operationId: DeleteBucketIntelligentTieringConfiguration + parameters: + - description: The ID used to identify the S3 Intelligent-Tiering configuration. + in: query + name: id + required: true + schema: + type: string + - allowEmptyValue: true + in: query + name: intelligent-tiering + required: true + schema: + enum: + - true + type: boolean + responses: + '204': + description: Success + get: + description: '

Gets the S3 Intelligent-Tiering configuration from the specified + bucket.

The S3 Intelligent-Tiering storage class is designed to optimize + storage costs by automatically moving data to the most cost-effective storage + access tier, without performance impact or operational overhead. S3 Intelligent-Tiering + delivers automatic cost savings in three low latency and high throughput access + tiers. To get the lowest storage cost on data that can be accessed in minutes + to hours, you can choose to activate additional archiving capabilities.

+

The S3 Intelligent-Tiering storage class is the ideal storage class for + data with unknown, changing, or unpredictable access patterns, independent + of object size or retention period. If the size of an object is less than + 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects + can be stored, but they are always charged at the Frequent Access tier rates + in the S3 Intelligent-Tiering storage class.

For more information, + see Storage + class for automatically optimizing frequently and infrequently accessed objects.

+

Operations related to GetBucketIntelligentTieringConfiguration + include:

' + operationId: GetBucketIntelligentTieringConfiguration + parameters: + - description: The ID used to identify the S3 Intelligent-Tiering configuration. + in: query + name: id + required: true + schema: + type: string + - allowEmptyValue: true + in: query + name: intelligent-tiering + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketIntelligentTieringConfigurationOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description: '

Puts a S3 Intelligent-Tiering configuration to the specified + bucket. You can have up to 1,000 S3 Intelligent-Tiering configurations per + bucket.

The S3 Intelligent-Tiering storage class is designed to optimize + storage costs by automatically moving data to the most cost-effective storage + access tier, without performance impact or operational overhead. S3 Intelligent-Tiering + delivers automatic cost savings in three low latency and high throughput access + tiers. To get the lowest storage cost on data that can be accessed in minutes + to hours, you can choose to activate additional archiving capabilities.

+

The S3 Intelligent-Tiering storage class is the ideal storage class for + data with unknown, changing, or unpredictable access patterns, independent + of object size or retention period. If the size of an object is less than + 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects + can be stored, but they are always charged at the Frequent Access tier rates + in the S3 Intelligent-Tiering storage class.

For more information, + see Storage + class for automatically optimizing frequently and infrequently accessed objects.

+

Operations related to PutBucketIntelligentTieringConfiguration + include:

You only need S3 Intelligent-Tiering enabled on + a bucket if you want to automatically move objects stored in the S3 Intelligent-Tiering + storage class to the Archive Access or Deep Archive Access tier.

 +

Special Errors

  • HTTP + 400 Bad Request Error

    • Code: InvalidArgument

      +

    • Cause: Invalid Argument

  • HTTP 400 Bad Request Error

    • Code: + TooManyConfigurations

    • Cause: You are attempting + to create a new configuration but have already reached the 1,000-configuration + limit.

  • HTTP 403 Forbidden + Error

    • Code: AccessDenied

    • + Cause: You are not the owner of the specified bucket, or you do not + have the s3:PutIntelligentTieringConfiguration bucket permission + to set the configuration on the bucket.

' + operationId: PutBucketIntelligentTieringConfiguration + parameters: + - description: The ID used to identify the S3 Intelligent-Tiering configuration. + in: query + name: id + required: true + schema: + type: string + - allowEmptyValue: true + in: query + name: intelligent-tiering + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + IntelligentTieringConfiguration: + description:

Specifies the S3 Intelligent-Tiering configuration + for an Amazon S3 bucket.

For information about the S3 Intelligent-Tiering + storage class, see Storage + class for automatically optimizing frequently and infrequently + accessed objects.

+ properties: + Filter: + allOf: + - $ref: '#/components/schemas/IntelligentTieringFilter' + - description: Specifies a bucket filter. The configuration + only includes objects that meet the filter's criteria. + Id: + allOf: + - $ref: '#/components/schemas/IntelligentTieringId' + - description: The ID used to identify the S3 Intelligent-Tiering + configuration. + Status: + allOf: + - $ref: '#/components/schemas/IntelligentTieringStatus' + - description: Specifies the status of the configuration. + Tiering: + allOf: + - $ref: '#/components/schemas/TieringList' + - description: Specifies the S3 Intelligent-Tiering storage + class tier of the configuration. + type: object + required: + - IntelligentTieringConfiguration + type: object + required: true + responses: + '200': + description: Success + /?inventory: + get: + description:

Returns a list of inventory configurations for the bucket. You + can have up to 1,000 analytics configurations per bucket.

This action + supports list pagination and does not return more than 100 configurations + at a time. Always check the IsTruncated element in the response. + If there are no more configurations to list, IsTruncated is set + to false. If there are more configurations to list, IsTruncated + is set to true, and there is a value in NextContinuationToken. + You use the NextContinuationToken value to continue the pagination + of the list by passing the value in continuation-token in the request to GET + the next page.

To use this operation, you must have permissions to + perform the s3:GetInventoryConfiguration action. The bucket owner + has this permission by default. The bucket owner can grant this permission + to others. For more information about permissions, see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources.

For information + about the Amazon S3 inventory feature, see Amazon + S3 Inventory

The following operations are related to ListBucketInventoryConfigurations:

+ + operationId: ListBucketInventoryConfigurations + parameters: + - description: The marker used to continue an inventory configuration listing + that has been truncated. Use the NextContinuationToken from a previously + truncated list response to continue the listing. The continuation token + is an opaque value that Amazon S3 understands. + in: query + name: continuation-token + required: false + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: inventory + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/ListBucketInventoryConfigurationsOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + /?inventory#id: + delete: + description: '

Deletes an inventory configuration (identified by the inventory + ID) from the bucket.

To use this operation, you must have permissions + to perform the s3:PutInventoryConfiguration action. The bucket + owner has this permission by default. The bucket owner can grant this permission + to others. For more information about permissions, see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources.

For information + about the Amazon S3 inventory feature, see Amazon + S3 Inventory.

Operations related to DeleteBucketInventoryConfiguration + include:

' + operationId: DeleteBucketInventoryConfiguration + parameters: + - description: The ID used to identify the inventory configuration. + in: query + name: id + required: true + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: inventory + required: true + schema: + enum: + - true + type: boolean + responses: + '204': + description: Success + get: + description:

Returns an inventory configuration (identified by the inventory + configuration ID) from the bucket.

To use this operation, you must + have permissions to perform the s3:GetInventoryConfiguration + action. The bucket owner has this permission by default and can grant this + permission to others. For more information about permissions, see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources.

For information + about the Amazon S3 inventory feature, see Amazon + S3 Inventory.

The following operations are related to GetBucketInventoryConfiguration:

+ + operationId: GetBucketInventoryConfiguration + parameters: + - description: The ID used to identify the inventory configuration. + in: query + name: id + required: true + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: inventory + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketInventoryConfigurationOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

This implementation of the PUT action adds an inventory + configuration (identified by the inventory ID) to the bucket. You can have + up to 1,000 inventory configurations per bucket.

Amazon S3 inventory + generates inventories of the objects in the bucket on a daily or weekly basis, + and the results are published to a flat file. The bucket that is inventoried + is called the source bucket, and the bucket where the inventory flat + file is stored is called the destination bucket. The destination + bucket must be in the same Amazon Web Services Region as the source + bucket.

When you configure an inventory for a source bucket, + you specify the destination bucket where you want the inventory to + be stored, and whether to generate the inventory daily or weekly. You can + also configure what object metadata to include and whether to inventory all + object versions or only current versions. For more information, see Amazon + S3 Inventory in the Amazon S3 User Guide.

You must + create a bucket policy on the destination bucket to grant permissions + to Amazon S3 to write objects to the bucket in the defined location. For an + example policy, see + Granting Permissions for Amazon S3 Inventory and Storage Class Analysis.

+

To use this operation, you must have permissions to perform + the s3:PutInventoryConfiguration action. The bucket owner has + this permission by default and can grant this permission to others. For more + information about permissions, see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

+

Special Errors

  • HTTP + 400 Bad Request Error

    • Code: InvalidArgument

      +

    • Cause: Invalid Argument

  • HTTP 400 Bad Request Error

    • Code: + TooManyConfigurations

    • Cause: You are attempting + to create a new configuration but have already reached the 1,000-configuration + limit.

  • HTTP 403 Forbidden + Error

    • Code: AccessDenied

    • + Cause: You are not the owner of the specified bucket, or you do not + have the s3:PutInventoryConfiguration bucket permission to set + the configuration on the bucket.

+ Related Resources

+ operationId: PutBucketInventoryConfiguration + parameters: + - description: The ID used to identify the inventory configuration. + in: query + name: id + required: true + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: inventory + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + InventoryConfiguration: + description: 'Specifies the inventory configuration for an Amazon + S3 bucket. For more information, see GET + Bucket inventory in the Amazon S3 API Reference. ' + properties: + Destination: + allOf: + - $ref: '#/components/schemas/InventoryDestination' + - description: Contains information about where to publish the + inventory results. + Filter: + allOf: + - $ref: '#/components/schemas/InventoryFilter' + - description: Specifies an inventory filter. The inventory + only includes objects that meet the filter's criteria. + Id: + allOf: + - $ref: '#/components/schemas/InventoryId' + - description: The ID used to identify the inventory configuration. + IncludedObjectVersions: + allOf: + - $ref: '#/components/schemas/InventoryIncludedObjectVersions' + - description: Object versions to include in the inventory list. + If set to All, the list includes all the object + versions, which adds the version-related fields VersionId, + IsLatest, and DeleteMarker to + the list. If set to Current, the list does + not contain these version-related fields. + IsEnabled: + allOf: + - $ref: '#/components/schemas/IsEnabled' + - description: Specifies whether the inventory is enabled or + disabled. If set to True, an inventory list + is generated. If set to False, no inventory + list is generated. + OptionalFields: + allOf: + - $ref: '#/components/schemas/InventoryOptionalFields' + - description: Contains the optional fields that are included + in the inventory results. + Schedule: + allOf: + - $ref: '#/components/schemas/InventorySchedule' + - description: Specifies the schedule for generating inventory + results. + type: object + required: + - InventoryConfiguration + type: object + required: true + responses: + '200': + description: Success + /?lifecycle: + delete: + description:

Deletes the lifecycle configuration from the specified bucket. + Amazon S3 removes all the lifecycle configuration rules in the lifecycle subresource + associated with the bucket. Your objects never expire, and Amazon S3 no longer + automatically deletes any objects on the basis of rules contained in the deleted + lifecycle configuration.

To use this operation, you must have permission + to perform the s3:PutLifecycleConfiguration action. By default, + the bucket owner has this permission and the bucket owner can grant this permission + to others.

There is usually some time lag before lifecycle configuration + deletion is fully propagated to all the Amazon S3 systems.

For more + information about the object expiration, see Elements + to Describe Lifecycle Actions.

Related actions include:

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETElifecycle.html + operationId: DeleteBucketLifecycle + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: lifecycle + required: true + schema: + enum: + - true + type: boolean + responses: + '204': + description: Success + get: + description: '

Bucket lifecycle configuration now supports specifying + a lifecycle rule using an object key name prefix, one or more object tags, + or a combination of both. Accordingly, this section describes the latest API. + The response describes the new filter element that you can use to specify + a filter to select a subset of objects to which the rule applies. If you are + using a previous version of the lifecycle configuration, it still works. For + the earlier action, see GetBucketLifecycle.

+

Returns the lifecycle configuration information set on the bucket. + For information about lifecycle configuration, see Object + Lifecycle Management.

To use this operation, you must have permission + to perform the s3:GetLifecycleConfiguration action. The bucket + owner has this permission, by default. The bucket owner can grant this permission + to others. For more information about permissions, see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources.

GetBucketLifecycleConfiguration + has the following special error:

  • Error code: NoSuchLifecycleConfiguration +

    • Description: The lifecycle configuration does not exist.

      +

    • HTTP Status Code: 404 Not Found

    • SOAP Fault + Code Prefix: Client

The following operations + are related to GetBucketLifecycleConfiguration:

' + operationId: GetBucketLifecycleConfiguration + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: lifecycle + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketLifecycleConfigurationOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

Creates a new lifecycle configuration for the bucket or replaces + an existing lifecycle configuration. Keep in mind that this will overwrite + an existing lifecycle configuration, so if you want to retain any configuration + details, they must be included in the new lifecycle configuration. For information + about lifecycle configuration, see Managing + your storage lifecycle.

Bucket lifecycle configuration now + supports specifying a lifecycle rule using an object key name prefix, one + or more object tags, or a combination of both. Accordingly, this section describes + the latest API. The previous version of the API supported filtering based + only on an object key name prefix, which is supported for backward compatibility. + For the related API description, see PutBucketLifecycle.

+

Rules

You specify the lifecycle configuration in + your request body. The lifecycle configuration is specified as XML consisting + of one or more rules. An Amazon S3 Lifecycle configuration can have up to + 1,000 rules. This limit is not adjustable. Each rule consists of the following:

+

  • Filter identifying a subset of objects to which the rule applies. + The filter can be based on a key name prefix, object tags, or a combination + of both.

  • Status whether the rule is in effect.

    • +

  • One or more lifecycle transition and expiration actions that you want + Amazon S3 to perform on the objects identified by the filter. If the state + of your bucket is versioning-enabled or versioning-suspended, you can have + many versions of the same object (one current version and zero or more noncurrent + versions). Amazon S3 provides predefined actions that you can specify for + current and noncurrent object versions.

For more information, + see Object + Lifecycle Management and Lifecycle + Configuration Elements.

Permissions

By default, + all Amazon S3 resources are private, including buckets, objects, and related + subresources (for example, lifecycle configuration and website configuration). + Only the resource owner (that is, the Amazon Web Services account that created + it) can access the resource. The resource owner can optionally grant access + permissions to others by writing an access policy. For this operation, a user + must get the s3:PutLifecycleConfiguration permission.

You + can also explicitly deny permissions. Explicit deny also supersedes any other + permissions. If you want to block users or accounts from removing or deleting + objects from your bucket, you must deny them permissions for the following + actions:

  • s3:DeleteObject

  • + s3:DeleteObjectVersion

  • s3:PutLifecycleConfiguration +

For more information about permissions, see Managing + Access Permissions to Your Amazon S3 Resources.

The following are + related to PutBucketLifecycleConfiguration:

+ operationId: PutBucketLifecycleConfiguration + parameters: + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: lifecycle + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + LifecycleConfiguration: + description: Specifies the lifecycle configuration for objects in + an Amazon S3 bucket. For more information, see Object + Lifecycle Management in the Amazon S3 User Guide. + properties: + Rule: + allOf: + - $ref: '#/components/schemas/LifecycleRules' + - description: A lifecycle rule for individual objects in an + Amazon S3 bucket. + type: object + type: object + required: true + responses: + '200': + description: Success + /?lifecycle#deprecated!: + get: + deprecated: true + description: '

For an updated version of this API, see GetBucketLifecycleConfiguration. + If you configured a bucket lifecycle using the filter element, + you should see the updated version of this topic. This topic is provided for + backward compatibility.

Returns the lifecycle configuration + information set on the bucket. For information about lifecycle configuration, + see Object + Lifecycle Management.

To use this operation, you must have permission + to perform the s3:GetLifecycleConfiguration action. The bucket + owner has this permission by default. The bucket owner can grant this permission + to others. For more information about permissions, see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources.

GetBucketLifecycle + has the following special error:

  • Error code: NoSuchLifecycleConfiguration +

    • Description: The lifecycle configuration does not exist.

      +

    • HTTP Status Code: 404 Not Found

    • SOAP Fault + Code Prefix: Client

The following operations + are related to GetBucketLifecycle:

' + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETlifecycle.html + operationId: GetBucketLifecycle + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: lifecycle + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketLifecycleOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + deprecated: true + description: "

For an updated version of this API, see PutBucketLifecycleConfiguration. This version has been deprecated. Existing\ + \ lifecycle configurations will work. For new lifecycle configurations, use\ + \ the updated API.

Creates a new lifecycle configuration\ + \ for the bucket or replaces an existing lifecycle configuration. For information\ + \ about lifecycle configuration, see Object Lifecycle Management in the Amazon S3 User Guide.

\ + \

By default, all Amazon S3 resources, including buckets, objects, and\ + \ related subresources (for example, lifecycle configuration and website configuration)\ + \ are private. Only the resource owner, the Amazon Web Services account that\ + \ created the resource, can access it. The resource owner can optionally grant\ + \ access permissions to others by writing an access policy. For this operation,\ + \ users must get the s3:PutLifecycleConfiguration permission.

\ + \

You can also explicitly deny permissions. Explicit denial also supersedes\ + \ any other permissions. If you want to prevent users or accounts from removing\ + \ or deleting objects from your bucket, you must deny them permissions for\ + \ the following actions:

  • s3:DeleteObject

    \ + \

  • s3:DeleteObjectVersion

  • s3:PutLifecycleConfiguration\ + \

For more information about permissions, see Managing Access Permissions to your Amazon S3 Resources in the Amazon\ + \ S3 User Guide.

For more examples of transitioning objects to\ + \ storage classes such as STANDARD_IA or ONEZONE_IA, see Examples of Lifecycle Configuration.

Related\ + \ Resources

" + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html + operationId: PutBucketLifecycle + parameters: + - description:

For requests made using the Amazon Web Services Command + Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated + automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: lifecycle + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + LifecycleConfiguration: + description: Container for lifecycle rules. You can add as many + as 1000 rules. + properties: + Rule: + allOf: + - $ref: '#/components/schemas/Rules' + - description: 'Specifies lifecycle configuration rules for + an Amazon S3 bucket. ' + type: object + type: object + required: true + responses: + '200': + description: Success + /?list-type=2: + get: + description:

Returns some or all (up to 1,000) of the objects in a bucket + with each request. You can use the request parameters as selection criteria + to return a subset of the objects in a bucket. A 200 OK response + can contain valid or invalid XML. Make sure to design your application to + parse the contents of the response and handle it appropriately. Objects are + returned sorted in an ascending order of the respective key names in the list. + For more information about listing objects, see Listing + object keys programmatically

To use this operation, you must have + READ access to the bucket.

To use this action in an Identity and Access + Management (IAM) policy, you must have permissions to perform the s3:ListBucket + action. The bucket owner has this permission by default and can grant this + permission to others. For more information about permissions, see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources.

This + section describes the latest revision of this action. We recommend that you + use this revised API for application development. For backward compatibility, + Amazon S3 continues to support the prior version of this API, ListObjects.

+

To get a list of your buckets, see ListBuckets.

+

The following operations are related to ListObjectsV2:

+ + operationId: ListObjectsV2 + parameters: + - description: A delimiter is a character you use to group keys. + in: query + name: delimiter + required: false + schema: + type: string + - description: Encoding type used by Amazon S3 to encode object keys in the + response. + in: query + name: encoding-type + required: false + schema: + description: Requests Amazon S3 to encode the object keys in the response + and specifies the encoding method to use. An object key may contain any + Unicode character; however, XML 1.0 parser cannot parse some characters, + such as characters with an ASCII value from 0 to 10. For characters that + are not supported in XML 1.0, you can add this parameter to request that + Amazon S3 encode the keys in the response. + enum: + - url + type: string + - description: Sets the maximum number of keys returned in the response. By + default the action returns up to 1,000 key names. The response might contain + fewer keys but will never contain more. + in: query + name: max-keys + required: false + schema: + type: integer + - description: Limits the response to keys that begin with the specified prefix. + in: query + name: prefix + required: false + schema: + type: string + - description: ContinuationToken indicates Amazon S3 that the list is being + continued on this bucket with a token. ContinuationToken is obfuscated and + is not a real key. + in: query + name: continuation-token + required: false + schema: + type: string + - description: The owner field is not present in listV2 by default, if you want + to return owner field with each key in the result then set the fetch owner + field to true. + in: query + name: fetch-owner + required: false + schema: + type: boolean + - description: StartAfter is where you want Amazon S3 to start listing from. + Amazon S3 starts listing after this specified key. StartAfter can be any + key in the bucket. + in: query + name: start-after + required: false + schema: + type: string + - description: Confirms that the requester knows that she or he will be charged + for the list objects request in V2 style. Bucket owners need not specify + this parameter in their requests. + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description: Pagination limit + in: query + name: MaxKeys + required: false + schema: + type: string + - description: Pagination token + in: query + name: ContinuationToken + required: false + schema: + type: string + - in: query + name: list-type + required: true + schema: + enum: + - '2' + type: string + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/ListObjectsV2Output' + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchBucket' + description: NoSuchBucket + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + /?location: + get: + description:

Returns the Region the bucket resides in. You set the bucket's + Region using the LocationConstraint request parameter in a CreateBucket + request. For more information, see CreateBucket.

+

To use this implementation of the operation, you must be the bucket owner.

+

To use this API against an access point, provide the alias of the access + point in place of the bucket name.

The following operations are related + to GetBucketLocation:

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETlocation.html + operationId: GetBucketLocation + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: location + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketLocationOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + /?logging: + get: + description:

Returns the logging status of a bucket and the permissions users + have to view and modify that status. To use GET, you must be the bucket owner.

+

The following operations are related to GetBucketLogging:

+ + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETlogging.html + operationId: GetBucketLogging + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: logging + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketLoggingOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

Set the logging parameters for a bucket and to specify permissions + for who can view and modify the logging parameters. All logs are saved to + buckets in the same Amazon Web Services Region as the source bucket. To set + the logging status of a bucket, you must be the bucket owner.

The bucket + owner is automatically granted FULL_CONTROL to all logs. You use the Grantee + request element to grant access to other people. The Permissions + request element specifies the kind of access the grantee has to the logs.

+

If the target bucket for log delivery uses the bucket owner + enforced setting for S3 Object Ownership, you can't use the Grantee + request element to grant access to others. Permissions can only be granted + using policies. For more information, see Permissions + for server access log delivery in the Amazon S3 User Guide.

+

Grantee Values

You can specify the person + (grantee) to whom you're assigning access rights (using request elements) + in the following ways:

  • By the person's ID:

    <Grantee + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName> + </Grantee>

    DisplayName is optional and ignored in the + request.

  • By Email address:

    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:type="AmazonCustomerByEmail"><EmailAddress><>Grantees@email.com<></EmailAddress></Grantee> +

    The grantee is resolved to the CanonicalUser and, in a response to + a GET Object acl request, appears as the CanonicalUser.

  • By + URI:

    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:type="Group"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee> +

To enable logging, you use LoggingEnabled and its children + request elements. To disable logging, you use an empty BucketLoggingStatus + request element:

<BucketLoggingStatus xmlns="http://doc.s3.amazonaws.com/2006-03-01" + />

For more information about server access logging, see + Server + Access Logging in the Amazon S3 User Guide.

For more information + about creating a bucket, see CreateBucket. + For more information about returning the logging status of a bucket, see GetBucketLogging.

+

The following operations are related to PutBucketLogging:

+ + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTlogging.html + operationId: PutBucketLogging + parameters: + - description:

The MD5 hash of the PutBucketLogging request + body.

For requests made using the Amazon Web Services Command Line + Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: logging + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + BucketLoggingStatus: + description: Container for logging status information. + properties: + LoggingEnabled: + $ref: '#/components/schemas/LoggingEnabled' + type: object + required: + - BucketLoggingStatus + type: object + required: true + responses: + '200': + description: Success + /?metrics: + get: + description:

Lists the metrics configurations for the bucket. The metrics + configurations are only for the request metrics of the bucket and do not provide + information on daily storage metrics. You can have up to 1,000 configurations + per bucket.

This action supports list pagination and does not return + more than 100 configurations at a time. Always check the IsTruncated + element in the response. If there are no more configurations to list, IsTruncated + is set to false. If there are more configurations to list, IsTruncated + is set to true, and there is a value in NextContinuationToken. + You use the NextContinuationToken value to continue the pagination + of the list by passing the value in continuation-token in the + request to GET the next page.

To use this operation, you + must have permissions to perform the s3:GetMetricsConfiguration + action. The bucket owner has this permission by default. The bucket owner + can grant this permission to others. For more information about permissions, + see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources.

For more information + about metrics configurations and CloudWatch request metrics, see Monitoring + Metrics with Amazon CloudWatch.

The following operations are related + to ListBucketMetricsConfigurations:

+ operationId: ListBucketMetricsConfigurations + parameters: + - description: The marker that is used to continue a metrics configuration listing + that has been truncated. Use the NextContinuationToken from a previously + truncated list response to continue the listing. The continuation token + is an opaque value that Amazon S3 understands. + in: query + name: continuation-token + required: false + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: metrics + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/ListBucketMetricsConfigurationsOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + /?metrics#id: + delete: + description:

Deletes a metrics configuration for the Amazon CloudWatch request + metrics (specified by the metrics configuration ID) from the bucket. Note + that this doesn't include the daily storage metrics.

To use this operation, + you must have permissions to perform the s3:PutMetricsConfiguration + action. The bucket owner has this permission by default. The bucket owner + can grant this permission to others. For more information about permissions, + see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources.

For information + about CloudWatch request metrics for Amazon S3, see Monitoring + Metrics with Amazon CloudWatch.

The following operations are related + to DeleteBucketMetricsConfiguration:

+ operationId: DeleteBucketMetricsConfiguration + parameters: + - description: The ID used to identify the metrics configuration. + in: query + name: id + required: true + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: metrics + required: true + schema: + enum: + - true + type: boolean + responses: + '204': + description: Success + get: + description:

Gets a metrics configuration (specified by the metrics configuration + ID) from the bucket. Note that this doesn't include the daily storage metrics.

+

To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration + action. The bucket owner has this permission by default. The bucket owner + can grant this permission to others. For more information about permissions, + see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources.

For information + about CloudWatch request metrics for Amazon S3, see Monitoring + Metrics with Amazon CloudWatch.

The following operations are related + to GetBucketMetricsConfiguration:

+ operationId: GetBucketMetricsConfiguration + parameters: + - description: The ID used to identify the metrics configuration. + in: query + name: id + required: true + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: metrics + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketMetricsConfigurationOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description: '

Sets a metrics configuration (specified by the metrics configuration + ID) for the bucket. You can have up to 1,000 metrics configurations per bucket. + If you''re updating an existing metrics configuration, note that this is a + full replacement of the existing metrics configuration. If you don''t include + the elements you want to keep, they are erased.

To use this operation, + you must have permissions to perform the s3:PutMetricsConfiguration + action. The bucket owner has this permission by default. The bucket owner + can grant this permission to others. For more information about permissions, + see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources.

For information + about CloudWatch request metrics for Amazon S3, see Monitoring + Metrics with Amazon CloudWatch.

The following operations are related + to PutBucketMetricsConfiguration:

GetBucketLifecycle has the following special + error:

  • Error code: TooManyConfigurations

    +

    • Description: You are attempting to create a new configuration + but have already reached the 1,000-configuration limit.

    • HTTP + Status Code: HTTP 400 Bad Request

' + operationId: PutBucketMetricsConfiguration + parameters: + - description: The ID used to identify the metrics configuration. + in: query + name: id + required: true + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: metrics + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + MetricsConfiguration: + description: Specifies a metrics configuration for the CloudWatch + request metrics (specified by the metrics configuration ID) from + an Amazon S3 bucket. If you're updating an existing metrics configuration, + note that this is a full replacement of the existing metrics configuration. + If you don't include the elements you want to keep, they are erased. + For more information, see PutBucketMetricsConfiguration. + properties: + Filter: + allOf: + - $ref: '#/components/schemas/MetricsFilter' + - description: Specifies a metrics configuration filter. The + metrics configuration will only include objects that meet + the filter's criteria. A filter must be a prefix, an object + tag, an access point ARN, or a conjunction (MetricsAndOperator). + Id: + allOf: + - $ref: '#/components/schemas/MetricsId' + - description: The ID used to identify the metrics configuration. + type: object + required: + - MetricsConfiguration + type: object + required: true + responses: + '200': + description: Success + /?notification: + get: + description:

Returns the notification configuration of a bucket.

If + notifications are not enabled on the bucket, the action returns an empty NotificationConfiguration + element.

By default, you must be the bucket owner to read the notification + configuration of a bucket. However, the bucket owner can use a bucket policy + to grant permission to other users to read this configuration with the s3:GetBucketNotification + permission.

For more information about setting and reading the notification + configuration on a bucket, see Setting + Up Notification of Bucket Events. For more information about bucket policies, + see Using + Bucket Policies.

The following action is related to GetBucketNotification:

+ + operationId: GetBucketNotificationConfiguration + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: notification + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/NotificationConfiguration' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

Enables notifications of specified events for a bucket. For + more information about event notifications, see Configuring + Event Notifications.

Using this API, you can replace an existing + notification configuration. The configuration is an XML file that defines + the event types that you want Amazon S3 to publish and the destination where + you want Amazon S3 to publish an event notification when it detects an event + of the specified type.

By default, your bucket has no event notifications + configured. That is, the notification configuration will be an empty NotificationConfiguration.

+

<NotificationConfiguration>

</NotificationConfiguration> +

This action replaces the existing notification configuration with + the configuration you include in the request body.

After Amazon S3 + receives this request, it first verifies that any Amazon Simple Notification + Service (Amazon SNS) or Amazon Simple Queue Service (Amazon SQS) destination + exists, and that the bucket owner has permission to publish to it by sending + a test notification. In the case of Lambda destinations, Amazon S3 verifies + that the Lambda function permissions grant Amazon S3 permission to invoke + the function from the Amazon S3 bucket. For more information, see Configuring + Notifications for Amazon S3 Events.

You can disable notifications + by adding the empty NotificationConfiguration element.

For more information + about the number of event notification configurations that you can create + per bucket, see Amazon + S3 service quotas in Amazon Web Services General Reference.

+

By default, only the bucket owner can configure notifications on a bucket. + However, bucket owners can use a bucket policy to grant permission to other + users to set this configuration with s3:PutBucketNotification + permission.

The PUT notification is an atomic operation. For + example, suppose your notification configuration includes SNS topic, SQS queue, + and Lambda function configurations. When you send a PUT request with this + configuration, Amazon S3 sends test messages to your SNS topic. If the message + fails, the entire PUT action will fail, and Amazon S3 will not add the configuration + to your bucket.

Responses

If the configuration + in the request body includes only one TopicConfiguration specifying + only the s3:ReducedRedundancyLostObject event type, the response + will also include the x-amz-sns-test-message-id header containing + the message ID of the test notification sent to the topic.

The following + action is related to PutBucketNotificationConfiguration:

+ + operationId: PutBucketNotificationConfiguration + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description: Skips validation of Amazon SQS, Amazon SNS, and Lambda destinations. + True or false value. + in: header + name: x-amz-skip-destination-validation + required: false + schema: + type: boolean + - allowEmptyValue: true + in: query + name: notification + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + NotificationConfiguration: + description: A container for specifying the notification configuration + of the bucket. If this element is empty, notifications are turned + off for the bucket. + properties: + CloudFunctionConfiguration: + allOf: + - $ref: '#/components/schemas/LambdaFunctionConfigurationList' + - description: Describes the Lambda functions to invoke and + the events for which to invoke them. + EventBridgeConfiguration: + allOf: + - $ref: '#/components/schemas/EventBridgeConfiguration' + - description: Enables delivery of events to Amazon EventBridge. + QueueConfiguration: + allOf: + - $ref: '#/components/schemas/QueueConfigurationList' + - description: The Amazon Simple Queue Service queues to publish + messages to and the events for which to publish messages. + TopicConfiguration: + allOf: + - $ref: '#/components/schemas/TopicConfigurationList' + - description: The topic to which notifications are sent and + the events for which notifications are generated. + type: object + required: + - NotificationConfiguration + type: object + required: true + responses: + '200': + description: Success + /?notification#deprecated!: + get: + deprecated: true + description: ' No longer used, see GetBucketNotificationConfiguration.' + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETnotification.html + operationId: GetBucketNotification + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: notification + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/NotificationConfigurationDeprecated' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + deprecated: true + description: ' No longer used, see the PutBucketNotificationConfiguration + operation.' + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTnotification.html + operationId: PutBucketNotification + parameters: + - description:

The MD5 hash of the PutPublicAccessBlock request + body.

For requests made using the Amazon Web Services Command Line + Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: notification + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + NotificationConfiguration: + description: The container for the configuration. + example: + QueueConfiguration: + Event: s3:ObjectCreated:Put + Events: + - s3:ObjectCreated:Put + Id: MDQ2OGQ4NDEtOTBmNi00YTM4LTk0NzYtZDIwN2I3NWQ1NjIx + Queue: arn:aws:sqs:us-east-1:acct-id:S3ObjectCreatedEventQueue + TopicConfiguration: + Event: s3:ObjectCreated:Copy + Events: + - s3:ObjectCreated:Copy + Id: YTVkMWEzZGUtNTY1NS00ZmE2LWJjYjktMmRlY2QwODFkNTJi + Topic: arn:aws:sns:us-east-1:acct-id:S3ObjectCreatedEventTopic + properties: + CloudFunctionConfiguration: + allOf: + - $ref: '#/components/schemas/CloudFunctionConfiguration' + - description: Container for specifying the Lambda notification + configuration. + QueueConfiguration: + allOf: + - $ref: '#/components/schemas/QueueConfigurationDeprecated' + - description: 'This data type is deprecated. This data type + specifies the configuration for publishing messages to an + Amazon Simple Queue Service (Amazon SQS) queue when Amazon + S3 detects specified events. ' + TopicConfiguration: + allOf: + - $ref: '#/components/schemas/TopicConfigurationDeprecated' + - description: 'This data type is deprecated. A container for + specifying the configuration for publication of messages + to an Amazon Simple Notification Service (Amazon SNS) topic + when Amazon S3 detects specified events. ' + type: object + required: + - NotificationConfiguration + type: object + required: true + responses: + '200': + description: Success + /?object-lock: + get: + description:

Gets the Object Lock configuration for a bucket. The rule specified + in the Object Lock configuration will be applied by default to every new object + placed in the specified bucket. For more information, see Locking + Objects.

The following action is related to GetObjectLockConfiguration:

+ + operationId: GetObjectLockConfiguration + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: object-lock + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetObjectLockConfigurationOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

Places an Object Lock configuration on the specified bucket. + The rule specified in the Object Lock configuration will be applied by default + to every new object placed in the specified bucket. For more information, + see Locking + Objects.

  • The DefaultRetention settings + require both a mode and a period.

  • The DefaultRetention + period can be either Days or Years but you must + select one. You cannot specify Days and Years at + the same time.

  • You can only enable Object Lock for new buckets. + If you want to turn on Object Lock for an existing bucket, contact Amazon + Web Services Support.

 + operationId: PutObjectLockConfiguration + parameters: + - description: '' + in: header + name: x-amz-request-payer + required: false + schema: + description: Confirms that the requester knows that they will be charged + for the request. Bucket owners need not specify this parameter in their + requests. For information about downloading objects from Requester Pays + buckets, see Downloading + Objects in Requester Pays Buckets in the Amazon S3 User Guide. + enum: + - requester + type: string + - description: A token to allow Object Lock to be enabled for an existing bucket. + in: header + name: x-amz-bucket-object-lock-token + required: false + schema: + type: string + - description:

The MD5 hash for the request body.

For requests made + using the Amazon Web Services Command Line Interface (CLI) or Amazon Web + Services SDKs, this field is calculated automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: object-lock + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + ObjectLockConfiguration: + description: The container element for Object Lock configuration + parameters. + properties: + ObjectLockEnabled: + allOf: + - $ref: '#/components/schemas/ObjectLockEnabled' + - description: 'Indicates whether this bucket has an Object + Lock configuration enabled. Enable ObjectLockEnabled + when you apply ObjectLockConfiguration to a + bucket. ' + Rule: + allOf: + - $ref: '#/components/schemas/ObjectLockRule' + - description: Specifies the Object Lock rule for the specified + object. Enable the this rule when you apply ObjectLockConfiguration + to a bucket. Bucket settings require both a mode and a period. + The period can be either Days or Years + but you must select one. You cannot specify Days + and Years at the same time. + type: object + type: object + required: true + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/PutObjectLockConfigurationOutput' + description: Success + /?ownershipControls: + delete: + description:

Removes OwnershipControls for an Amazon S3 bucket. + To use this operation, you must have the s3:PutBucketOwnershipControls + permission. For more information about Amazon S3 permissions, see Specifying + Permissions in a Policy.

For information about Amazon S3 Object + Ownership, see Using + Object Ownership.

The following operations are related to DeleteBucketOwnershipControls:

+ + operationId: DeleteBucketOwnershipControls + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: ownershipControls + required: true + schema: + enum: + - true + type: boolean + responses: + '204': + description: Success + get: + description:

Retrieves OwnershipControls for an Amazon S3 bucket. + To use this operation, you must have the s3:GetBucketOwnershipControls + permission. For more information about Amazon S3 permissions, see Specifying + permissions in a policy.

For information about Amazon S3 Object + Ownership, see Using + Object Ownership.

The following operations are related to GetBucketOwnershipControls:

+ + operationId: GetBucketOwnershipControls + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: ownershipControls + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketOwnershipControlsOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

Creates or modifies OwnershipControls for an Amazon + S3 bucket. To use this operation, you must have the s3:PutBucketOwnershipControls + permission. For more information about Amazon S3 permissions, see Specifying + permissions in a policy.

For information about Amazon S3 Object + Ownership, see Using + object ownership.

The following operations are related to PutBucketOwnershipControls:

+ + operationId: PutBucketOwnershipControls + parameters: + - description:

The MD5 hash of the OwnershipControls request + body.

For requests made using the Amazon Web Services Command Line + Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: ownershipControls + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + OwnershipControls: + description: The container element for a bucket's ownership controls. + properties: + Rule: + allOf: + - $ref: '#/components/schemas/OwnershipControlsRules' + - description: The container element for an ownership control + rule. + type: object + required: + - OwnershipControls + type: object + required: true + responses: + '200': + description: Success + /?policy: + delete: + description:

This implementation of the DELETE action uses the policy subresource + to delete the policy of a specified bucket. If you are using an identity other + than the root user of the Amazon Web Services account that owns the bucket, + the calling identity must have the DeleteBucketPolicy permissions + on the specified bucket and belong to the bucket owner's account to use this + operation.

If you don't have DeleteBucketPolicy permissions, + Amazon S3 returns a 403 Access Denied error. If you have the + correct permissions, but you're not using an identity that belongs to the + bucket owner's account, Amazon S3 returns a 405 Method Not Allowed + error.

As a security precaution, the root user of the + Amazon Web Services account that owns a bucket can always use this operation, + even if the policy explicitly denies the root user the ability to perform + this action.

For more information about bucket policies, + see Using + Bucket Policies and UserPolicies.

The following operations are + related to DeleteBucketPolicy

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETEpolicy.html + operationId: DeleteBucketPolicy + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: policy + required: true + schema: + enum: + - true + type: boolean + responses: + '204': + description: Success + get: + description:

Returns the policy of a specified bucket. If you are using an + identity other than the root user of the Amazon Web Services account that + owns the bucket, the calling identity must have the GetBucketPolicy + permissions on the specified bucket and belong to the bucket owner's account + in order to use this operation.

If you don't have GetBucketPolicy + permissions, Amazon S3 returns a 403 Access Denied error. If + you have the correct permissions, but you're not using an identity that belongs + to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed + error.

As a security precaution, the root user of the Amazon + Web Services account that owns a bucket can always use this operation, even + if the policy explicitly denies the root user the ability to perform this + action.

For more information about bucket policies, see + Using + Bucket Policies and User Policies.

The following action is related + to GetBucketPolicy:

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETpolicy.html + operationId: GetBucketPolicy + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: policy + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketPolicyOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If + you are using an identity other than the root user of the Amazon Web Services + account that owns the bucket, the calling identity must have the PutBucketPolicy + permissions on the specified bucket and belong to the bucket owner's account + in order to use this operation.

If you don't have PutBucketPolicy + permissions, Amazon S3 returns a 403 Access Denied error. If + you have the correct permissions, but you're not using an identity that belongs + to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed + error.

As a security precaution, the root user of the + Amazon Web Services account that owns a bucket can always use this operation, + even if the policy explicitly denies the root user the ability to perform + this action.

For more information, see Bucket + policy examples.

The following operations are related to PutBucketPolicy:

+ + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTpolicy.html + operationId: PutBucketPolicy + parameters: + - description:

The MD5 hash of the request body.

For requests made + using the Amazon Web Services Command Line Interface (CLI) or Amazon Web + Services SDKs, this field is calculated automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: Set this parameter to true to confirm that you want to remove + your permissions to change this bucket policy in the future. + in: header + name: x-amz-confirm-remove-self-bucket-access + required: false + schema: + type: boolean + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: policy + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + Policy: + description: The bucket policy as a JSON document. + type: string + required: + - Policy + type: object + required: true + responses: + '200': + description: Success + /?policyStatus: + get: + description:

Retrieves the policy status for an Amazon S3 bucket, indicating + whether the bucket is public. In order to use this operation, you must have + the s3:GetBucketPolicyStatus permission. For more information + about Amazon S3 permissions, see Specifying + Permissions in a Policy.

For more information about when Amazon + S3 considers a bucket public, see The + Meaning of "Public".

The following operations are related to GetBucketPolicyStatus:

+ + operationId: GetBucketPolicyStatus + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: policyStatus + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketPolicyStatusOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + /?publicAccessBlock: + delete: + description:

Removes the PublicAccessBlock configuration for + an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock + permission. For more information about permissions, see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources.

The following operations + are related to DeletePublicAccessBlock:

+ operationId: DeletePublicAccessBlock + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: publicAccessBlock + required: true + schema: + enum: + - true + type: boolean + responses: + '204': + description: Success + get: + description:

Retrieves the PublicAccessBlock configuration for + an Amazon S3 bucket. To use this operation, you must have the s3:GetBucketPublicAccessBlock + permission. For more information about Amazon S3 permissions, see Specifying + Permissions in a Policy.

When Amazon S3 evaluates the + PublicAccessBlock configuration for a bucket or an object, it + checks the PublicAccessBlock configuration for both the bucket + (or the bucket that contains the object) and the bucket owner's account. If + the PublicAccessBlock settings are different between the bucket + and the account, Amazon S3 uses the most restrictive combination of the bucket-level + and account-level settings.

For more information about + when Amazon S3 considers a bucket or an object public, see The + Meaning of "Public".

The following operations are related to GetPublicAccessBlock:

+ + operationId: GetPublicAccessBlock + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: publicAccessBlock + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetPublicAccessBlockOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

Creates or modifies the PublicAccessBlock configuration + for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock + permission. For more information about Amazon S3 permissions, see Specifying + Permissions in a Policy.

When Amazon S3 evaluates the + PublicAccessBlock configuration for a bucket or an object, it + checks the PublicAccessBlock configuration for both the bucket + (or the bucket that contains the object) and the bucket owner's account. If + the PublicAccessBlock configurations are different between the + bucket and the account, Amazon S3 uses the most restrictive combination of + the bucket-level and account-level settings.

For more + information about when Amazon S3 considers a bucket or an object public, see + The + Meaning of "Public".

Related Resources

+ + operationId: PutPublicAccessBlock + parameters: + - description:

The MD5 hash of the PutPublicAccessBlock request + body.

For requests made using the Amazon Web Services Command Line + Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: publicAccessBlock + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + PublicAccessBlockConfiguration: + description: 'The PublicAccessBlock configuration that you want + to apply to this Amazon S3 bucket. You can enable the configuration + options in any combination. For more information about when Amazon + S3 considers a bucket or object public, see The + Meaning of "Public" in the Amazon S3 User Guide. ' + properties: {} + type: object + required: + - PublicAccessBlockConfiguration + type: object + required: true + responses: + '200': + description: Success + /?replication: + delete: + description:

Deletes the replication configuration from the bucket.

+

To use this operation, you must have permissions to perform the s3:PutReplicationConfiguration + action. The bucket owner has these permissions by default and can grant it + to others. For more information about permissions, see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources.

It can + take a while for the deletion of a replication configuration to fully propagate.

+

For information about replication configuration, see Replication + in the Amazon S3 User Guide.

The following operations are related + to DeleteBucketReplication:

+ operationId: DeleteBucketReplication + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: replication + required: true + schema: + enum: + - true + type: boolean + responses: + '204': + description: Success + get: + description:

Returns the replication configuration of a bucket.

+

It can take a while to propagate the put or delete a replication configuration + to all Amazon S3 systems. Therefore, a get request soon after put or delete + can return a wrong result.

For information about replication + configuration, see Replication + in the Amazon S3 User Guide.

This action requires permissions + for the s3:GetReplicationConfiguration action. For more information + about permissions, see Using + Bucket Policies and User Policies.

If you include the Filter + element in a replication configuration, you must also include the DeleteMarkerReplication + and Priority elements. The response also returns those elements.

+

For information about GetBucketReplication errors, see List + of replication-related error codes

The following operations are + related to GetBucketReplication:

+ operationId: GetBucketReplication + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: replication + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketReplicationOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description: '

Creates a replication configuration or replaces an existing + one. For more information, see Replication + in the Amazon S3 User Guide.

Specify the replication configuration + in the request body. In the replication configuration, you provide the name + of the destination bucket or buckets where you want Amazon S3 to replicate + objects, the IAM role that Amazon S3 can assume to replicate objects on your + behalf, and other relevant information.

A replication configuration + must include at least one rule, and can contain a maximum of 1,000. Each rule + identifies a subset of objects to replicate by filtering the objects in the + source bucket. To choose additional subsets of objects to replicate, add a + rule for each subset.

To specify a subset of the objects in the source + bucket to apply a replication rule to, add the Filter element as a child of + the Rule element. You can filter objects based on an object key prefix, one + or more object tags, or both. When you add the Filter element in the configuration, + you must also add the following elements: DeleteMarkerReplication, + Status, and Priority.

If you are using + an earlier version of the replication configuration, Amazon S3 handles replication + of delete markers differently. For more information, see Backward + Compatibility.

For information about enabling versioning + on a bucket, see Using + Versioning.

Handling Replication of Encrypted Objects

+

By default, Amazon S3 doesn''t replicate objects that are stored at rest + using server-side encryption with KMS keys. To replicate Amazon Web Services + KMS-encrypted objects, add the following: SourceSelectionCriteria, + SseKmsEncryptedObjects, Status, EncryptionConfiguration, + and ReplicaKmsKeyID. For information about replication configuration, + see Replicating + Objects Created with SSE Using KMS keys.

For information on PutBucketReplication + errors, see List + of replication-related error codes

Permissions

To + create a PutBucketReplication request, you must have s3:PutReplicationConfiguration + permissions for the bucket.

By default, a resource owner, in this + case the Amazon Web Services account that created the bucket, can perform + this operation. The resource owner can also grant others permissions to perform + the operation. For more information about permissions, see Specifying + Permissions in a Policy and Managing + Access Permissions to Your Amazon S3 Resources.

To perform + this operation, the user or role performing the action must have the iam:PassRole + permission.

The following operations are related to PutBucketReplication:

+ ' + operationId: PutBucketReplication + parameters: + - description:

The base64-encoded 128-bit MD5 digest of the data. You must + use this header as a message integrity check to verify that the request + body was not corrupted in transit. For more information, see RFC + 1864.

For requests made using the Amazon Web Services Command + Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated + automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: A token to allow Object Lock to be enabled for an existing bucket. + in: header + name: x-amz-bucket-object-lock-token + required: false + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: replication + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + ReplicationConfiguration: + description: A container for replication rules. You can add up to + 1,000 rules. The maximum size of a replication configuration is + 2 MB. + properties: + Role: + allOf: + - $ref: '#/components/schemas/Role' + - description: The Amazon Resource Name (ARN) of the Identity + and Access Management (IAM) role that Amazon S3 assumes + when replicating objects. For more information, see How + to Set Up Replication in the Amazon S3 User Guide. + Rule: + allOf: + - $ref: '#/components/schemas/ReplicationRules' + - description: 'A container for one or more replication rules. + A replication configuration must have at least one rule + and can contain a maximum of 1,000 rules. ' + type: object + required: + - ReplicationConfiguration + type: object + required: true + responses: + '200': + description: Success + /?requestPayment: + get: + description:

Returns the request payment configuration of a bucket. To use + this version of the operation, you must be the bucket owner. For more information, + see Requester + Pays Buckets.

The following operations are related to GetBucketRequestPayment:

+ + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTrequestPaymentGET.html + operationId: GetBucketRequestPayment + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: requestPayment + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketRequestPaymentOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

Sets the request payment configuration for a bucket. By default, + the bucket owner pays for downloads from the bucket. This configuration parameter + enables the bucket owner (only) to specify that the person requesting the + download will be charged for the download. For more information, see Requester + Pays Buckets.

The following operations are related to PutBucketRequestPayment:

+ + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTrequestPaymentPUT.html + operationId: PutBucketRequestPayment + parameters: + - description:

The base64-encoded 128-bit MD5 digest of the data. You must + use this header as a message integrity check to verify that the request + body was not corrupted in transit. For more information, see RFC + 1864.

For requests made using the Amazon Web Services Command + Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated + automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: requestPayment + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + RequestPaymentConfiguration: + description: Container for Payer. + properties: + Payer: + allOf: + - $ref: '#/components/schemas/Payer' + - description: Specifies who pays for the download and request + fees. + type: object + required: + - RequestPaymentConfiguration + type: object + required: true + responses: + '200': + description: Success + /?tagging: + delete: + description:

Deletes the tags from the bucket.

To use this operation, + you must have permission to perform the s3:PutBucketTagging action. + By default, the bucket owner has this permission and can grant this permission + to others.

The following operations are related to DeleteBucketTagging:

+ + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETEtagging.html + operationId: DeleteBucketTagging + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: tagging + required: true + schema: + enum: + - true + type: boolean + responses: + '204': + description: Success + get: + description: '

Returns the tag set associated with the bucket.

To use + this operation, you must have permission to perform the s3:GetBucketTagging + action. By default, the bucket owner has this permission and can grant this + permission to others.

GetBucketTagging has the following + special error:

  • Error code: NoSuchTagSet

    +

    • Description: There is no tag set associated with the bucket.

      +

The following operations are related to GetBucketTagging:

+ ' + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETtagging.html + operationId: GetBucketTagging + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: tagging + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketTaggingOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description: '

Sets the tags for a bucket.

Use tags to organize your + Amazon Web Services bill to reflect your own cost structure. To do this, sign + up to get your Amazon Web Services account bill with tag key values included. + Then, to see the cost of combined resources, organize your billing information + according to resources with the same tag key values. For example, you can + tag several resources with a specific application name, and then organize + your billing information to see the total cost of that application across + several services. For more information, see Cost + Allocation and Tagging and Using + Cost Allocation in Amazon S3 Bucket Tags.

When this operation + sets the tags for a bucket, it will overwrite any current tags the bucket + already has. You cannot use this operation to add tags to an existing list + of tags.

To use this operation, you must have permissions to + perform the s3:PutBucketTagging action. The bucket owner has + this permission by default and can grant this permission to others. For more + information about permissions, see Permissions + Related to Bucket Subresource Operations and Managing + Access Permissions to Your Amazon S3 Resources.

PutBucketTagging + has the following special errors:

  • Error code: InvalidTagError +

    +

  • Error code: MalformedXMLError

    • Description: + The XML provided does not match the schema.

  • Error + code: OperationAbortedError

    • Description: A + conflicting conditional action is currently in progress against this resource. + Please try again.

  • Error code: InternalError +

    • Description: The service was unable to apply the provided + tag to the bucket.

The following operations + are related to PutBucketTagging:

' + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTtagging.html + operationId: PutBucketTagging + parameters: + - description:

The base64-encoded 128-bit MD5 digest of the data. You must + use this header as a message integrity check to verify that the request + body was not corrupted in transit. For more information, see RFC + 1864.

For requests made using the Amazon Web Services Command + Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated + automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: tagging + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + Tagging: + description: Container for TagSet elements. + properties: + TagSet: + allOf: + - $ref: '#/components/schemas/TagSet' + - description: A collection for a set of tags + type: object + required: + - Tagging + type: object + required: true + responses: + '200': + description: Success + /?uploads: + get: + description:

This action lists in-progress multipart uploads. An in-progress + multipart upload is a multipart upload that has been initiated using the Initiate + Multipart Upload request, but has not yet been completed or aborted.

This + action returns at most 1,000 multipart uploads in the response. 1,000 multipart + uploads is the maximum number of uploads a response can include, which is + also the default value. You can further limit the number of uploads in a response + by specifying the max-uploads parameter in the response. If additional + multipart uploads satisfy the list criteria, the response will contain an + IsTruncated element with the value true. To list the additional + multipart uploads, use the key-marker and upload-id-marker + request parameters.

In the response, the uploads are sorted by key. + If your application has initiated more than one multipart upload using the + same object key, then uploads in the response are first sorted by key. Additionally, + uploads are sorted in ascending order within each key by the upload initiation + time.

For more information on multipart uploads, see Uploading + Objects Using Multipart Upload.

For information on permissions + required to use the multipart upload API, see Multipart + Upload and Permissions.

The following operations are related to + ListMultipartUploads:

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadListMPUpload.html + operationId: ListMultipartUploads + parameters: + - description:

Character you use to group keys.

All keys that contain + the same string between the prefix, if specified, and the first occurrence + of the delimiter after the prefix are grouped under a single result element, + CommonPrefixes. If you don't specify the prefix parameter, + then the substring starts at the beginning of the key. The keys that are + grouped under CommonPrefixes result element are not returned + elsewhere in the response.

+ in: query + name: delimiter + required: false + schema: + type: string + - description: '' + in: query + name: encoding-type + required: false + schema: + description: Requests Amazon S3 to encode the object keys in the response + and specifies the encoding method to use. An object key may contain any + Unicode character; however, XML 1.0 parser cannot parse some characters, + such as characters with an ASCII value from 0 to 10. For characters that + are not supported in XML 1.0, you can add this parameter to request that + Amazon S3 encode the keys in the response. + enum: + - url + type: string + - description:

Together with upload-id-marker, this parameter specifies the + multipart upload after which listing should begin.

If upload-id-marker + is not specified, only the keys lexicographically greater than the specified + key-marker will be included in the list.

If upload-id-marker + is specified, any multipart uploads for a key equal to the key-marker + might also be included, provided those multipart uploads have upload IDs + lexicographically greater than the specified upload-id-marker.

+ in: query + name: key-marker + required: false + schema: + type: string + - description: Sets the maximum number of multipart uploads, from 1 to 1,000, + to return in the response body. 1,000 is the maximum number of uploads that + can be returned in a response. + in: query + name: max-uploads + required: false + schema: + type: integer + - description: Lists in-progress uploads only for those keys that begin with + the specified prefix. You can use prefixes to separate a bucket into different + grouping of keys. (You can think of using prefix to make groups in the same + way you'd use a folder in a file system.) + in: query + name: prefix + required: false + schema: + type: string + - description: Together with key-marker, specifies the multipart upload after + which listing should begin. If key-marker is not specified, the upload-id-marker + parameter is ignored. Otherwise, any multipart uploads for a key equal to + the key-marker might be included in the list only if they have an upload + ID lexicographically greater than the specified upload-id-marker. + in: query + name: upload-id-marker + required: false + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description: Pagination limit + in: query + name: MaxUploads + required: false + schema: + type: string + - description: Pagination token + in: query + name: KeyMarker + required: false + schema: + type: string + - description: Pagination token + in: query + name: UploadIdMarker + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: uploads + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/ListMultipartUploadsOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + /?versioning: + get: + description:

Returns the versioning state of a bucket.

To retrieve + the versioning state of a bucket, you must be the bucket owner.

This + implementation also returns the MFA Delete status of the versioning state. + If the MFA Delete status is enabled, the bucket owner must use + an authentication device to change the versioning state of the bucket.

+

The following operations are related to GetBucketVersioning:

+ + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETversioningStatus.html + operationId: GetBucketVersioning + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: versioning + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketVersioningOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description: "

Sets the versioning state of an existing bucket.

You\ + \ can set the versioning state with one of the following values:

Enabled\u2014\ + Enables versioning for the objects in the bucket. All objects added to the\ + \ bucket receive a unique version ID.

Suspended\u2014Disables\ + \ versioning for the objects in the bucket. All objects added to the bucket\ + \ receive the version ID null.

If the versioning state has never been\ + \ set on a bucket, it has no versioning state; a GetBucketVersioning request does not return a versioning state value.

\ + \

In order to enable MFA Delete, you must be the bucket owner. If you are\ + \ the bucket owner and want to enable MFA Delete in the bucket versioning\ + \ configuration, you must include the x-amz-mfa request header\ + \ and the Status and the MfaDelete request elements\ + \ in a request to set the versioning state of the bucket.

\ + \

If you have an object expiration lifecycle policy in your non-versioned\ + \ bucket and you want to maintain the same permanent delete behavior when\ + \ you enable versioning, you must add a noncurrent expiration policy. The\ + \ noncurrent expiration lifecycle policy will manage the deletes of the noncurrent\ + \ object versions in the version-enabled bucket. (A version-enabled bucket\ + \ maintains one current and zero or more noncurrent object versions.) For\ + \ more information, see Lifecycle and Versioning.

Related\ + \ Resources

" + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html + operationId: PutBucketVersioning + parameters: + - description:

>The base64-encoded 128-bit MD5 digest of the data. You + must use this header as a message integrity check to verify that the request + body was not corrupted in transit. For more information, see RFC + 1864.

For requests made using the Amazon Web Services Command + Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated + automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The concatenation of the authentication device's serial number, + a space, and the value that is displayed on your authentication device. + in: header + name: x-amz-mfa + required: false + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: versioning + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + VersioningConfiguration: + description: Describes the versioning state of an Amazon S3 bucket. + For more information, see PUT + Bucket versioning in the Amazon S3 API Reference. + properties: + MfaDelete: + allOf: + - $ref: '#/components/schemas/MFADelete' + - description: Specifies whether MFA delete is enabled in the + bucket versioning configuration. This element is only returned + if the bucket has been configured with MFA delete. If the + bucket has never been so configured, this element is not + returned. + Status: + allOf: + - $ref: '#/components/schemas/BucketVersioningStatus' + - description: The versioning state of the bucket. + type: object + required: + - VersioningConfiguration + type: object + required: true + responses: + '200': + description: Success + /?versions: + get: + description:

Returns metadata about all versions of the objects in a bucket. + You can also use request parameters as selection criteria to return metadata + about a subset of all the object versions.

To use this + operation, you must have permissions to perform the s3:ListBucketVersions + action. Be aware of the name difference.

A 200 + OK response can contain valid or invalid XML. Make sure to design your application + to parse the contents of the response and handle it appropriately.

 +

To use this operation, you must have READ access to the bucket.

This + action is not supported by Amazon S3 on Outposts.

The following operations + are related to ListObjectVersions:

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETVersion.html + operationId: ListObjectVersions + parameters: + - description: A delimiter is a character that you specify to group keys. All + keys that contain the same string between the prefix and the + first occurrence of the delimiter are grouped under a single result element + in CommonPrefixes. These groups are counted as one result against the max-keys + limitation. These keys are not returned elsewhere in the response. + in: query + name: delimiter + required: false + schema: + type: string + - description: '' + in: query + name: encoding-type + required: false + schema: + description: Requests Amazon S3 to encode the object keys in the response + and specifies the encoding method to use. An object key may contain any + Unicode character; however, XML 1.0 parser cannot parse some characters, + such as characters with an ASCII value from 0 to 10. For characters that + are not supported in XML 1.0, you can add this parameter to request that + Amazon S3 encode the keys in the response. + enum: + - url + type: string + - description: Specifies the key to start with when listing objects in a bucket. + in: query + name: key-marker + required: false + schema: + type: string + - description: Sets the maximum number of keys returned in the response. By + default the action returns up to 1,000 key names. The response might contain + fewer keys but will never contain more. If additional keys satisfy the search + criteria, but were not returned because max-keys was exceeded, the response + contains <isTruncated>true</isTruncated>. To return the additional + keys, see key-marker and version-id-marker. + in: query + name: max-keys + required: false + schema: + type: integer + - description: 'Use this parameter to select only those keys that begin with + the specified prefix. You can use prefixes to separate a bucket into different + groupings of keys. (You can think of using prefix to make groups in the + same way you''d use a folder in a file system.) You can use prefix with + delimiter to roll up numerous objects into a single result under CommonPrefixes. ' + in: query + name: prefix + required: false + schema: + type: string + - description: Specifies the object version you want to start listing from. + in: query + name: version-id-marker + required: false + schema: + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - description: Pagination limit + in: query + name: MaxKeys + required: false + schema: + type: string + - description: Pagination token + in: query + name: KeyMarker + required: false + schema: + type: string + - description: Pagination token + in: query + name: VersionIdMarker + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: versions + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/ListObjectVersionsOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + /?website: + delete: + description:

This action removes the website configuration for a bucket. + Amazon S3 returns a 200 OK response upon successfully deleting + a website configuration on the specified bucket. You will get a 200 + OK response if the website configuration you are trying to delete does + not exist on the bucket. Amazon S3 returns a 404 response if + the bucket specified in the request does not exist.

This DELETE action + requires the S3:DeleteBucketWebsite permission. By default, only + the bucket owner can delete the website configuration attached to a bucket. + However, bucket owners can grant other users permission to delete the website + configuration by writing a bucket policy granting them the S3:DeleteBucketWebsite + permission.

For more information about hosting websites, see Hosting + Websites on Amazon S3.

The following operations are related to + DeleteBucketWebsite:

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETEwebsite.html + operationId: DeleteBucketWebsite + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: website + required: true + schema: + enum: + - true + type: boolean + responses: + '204': + description: Success + get: + description:

Returns the website configuration for a bucket. To host website + on Amazon S3, you can configure a bucket as website by adding a website configuration. + For more information about hosting websites, see Hosting + Websites on Amazon S3.

This GET action requires the S3:GetBucketWebsite + permission. By default, only the bucket owner can read the bucket website + configuration. However, bucket owners can allow other users to read the website + configuration by writing a bucket policy granting them the S3:GetBucketWebsite + permission.

The following operations are related to DeleteBucketWebsite:

+ + externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETwebsite.html + operationId: GetBucketWebsite + parameters: + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: website + required: true + schema: + enum: + - true + type: boolean + responses: + '200': + content: + text/xml: + schema: + $ref: '#/components/schemas/GetBucketWebsiteOutput' + description: Success + parameters: + - $ref: '#/components/parameters/x-amz-security-token' + put: + description:

Sets the configuration of the website that is specified in the + website subresource. To configure a bucket as a website, you + can add this subresource on the bucket with website configuration information + such as the file name of the index document and any redirect rules. For more + information, see Hosting + Websites on Amazon S3.

This PUT action requires the S3:PutBucketWebsite + permission. By default, only the bucket owner can configure the website attached + to a bucket; however, bucket owners can allow other users to set the website + configuration by writing a bucket policy that grants them the S3:PutBucketWebsite + permission.

To redirect all website requests sent to the bucket's website + endpoint, you add a website configuration with the following elements. Because + all requests are sent to another website, you don't need to provide index + document name for the bucket.

  • WebsiteConfiguration +

  • RedirectAllRequestsTo

  • + HostName

  • Protocol

    • +

If you want granular control over redirects, you can use the following + elements to add routing rules that describe conditions for redirecting requests + and information about the redirect destination. In this case, the website + configuration must provide an index document for the bucket, because some + requests might not be redirected.

  • WebsiteConfiguration +

  • IndexDocument

  • Suffix +

  • ErrorDocument

  • Key +

  • RoutingRules

  • RoutingRule +

  • Condition

  • HttpErrorCodeReturnedEquals +

  • KeyPrefixEquals

  • Redirect +

  • Protocol

  • HostName +

  • ReplaceKeyPrefixWith

  • + ReplaceKeyWith

  • HttpRedirectCode +

Amazon S3 has a limitation of 50 routing rules per website + configuration. If you require more than 50 routing rules, you can use object + redirect. For more information, see Configuring + an Object Redirect in the Amazon S3 User Guide.

+ externalDocs: + url: http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTwebsite.html + operationId: PutBucketWebsite + parameters: + - description:

The base64-encoded 128-bit MD5 digest of the data. You must + use this header as a message integrity check to verify that the request + body was not corrupted in transit. For more information, see RFC + 1864.

For requests made using the Amazon Web Services Command + Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated + automatically.

+ in: header + name: Content-MD5 + required: false + schema: + type: string + - description:

Indicates the algorithm used to create the checksum for the + object when using the SDK. This header will not provide any additional functionality + if not using the SDK. When sending this header, there must be a corresponding + x-amz-checksum or x-amz-trailer header sent. Otherwise, + Amazon S3 fails the request with the HTTP status code 400 Bad Request. + For more information, see Checking + object integrity in the Amazon S3 User Guide.

If you provide + an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + parameter.

+ in: header + name: x-amz-sdk-checksum-algorithm + required: false + schema: + enum: + - CRC32 + - CRC32C + - SHA1 + - SHA256 + type: string + - description: The account ID of the expected bucket owner. If the bucket is + owned by a different account, the request fails with the HTTP status code + 403 Forbidden (access denied). + in: header + name: x-amz-expected-bucket-owner + required: false + schema: + type: string + - allowEmptyValue: true + in: query + name: website + required: true + schema: + enum: + - true + type: boolean + requestBody: + content: + text/xml: + schema: + properties: + WebsiteConfiguration: + description: Specifies website configuration parameters for an Amazon + S3 bucket. + properties: + ErrorDocument: + allOf: + - $ref: '#/components/schemas/ErrorDocument' + - description: The name of the error document for the website. + IndexDocument: + allOf: + - $ref: '#/components/schemas/IndexDocument' + - description: The name of the index document for the website. + RedirectAllRequestsTo: + allOf: + - $ref: '#/components/schemas/RedirectAllRequestsTo' + - description:

The redirect behavior for every request to + this bucket's website endpoint.

If you + specify this property, you can't specify any other property.

+ + RoutingRules: + allOf: + - $ref: '#/components/schemas/RoutingRules' + - description: Rules that define when a redirect is applied + and the redirect behavior. + type: object + required: + - WebsiteConfiguration + type: object + required: true + responses: + '200': + description: Success +security: +- hmac: [] +servers: +- description: The Amazon S3 multi-region endpoint + url: https://{bucket}.s3.{region}.amazonaws.com + variables: + bucket: + default: rubbish-bucket + region: + default: us-east-2 + description: The AWS region + enum: + - us-east-2 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-east-1 + - ap-south-1 + - me-south-1 \ No newline at end of file From 0e6dd719af237664b0c2d2de965ca742b9d09df7 Mon Sep 17 00:00:00 2001 From: Jeffrey Aven Date: Sat, 20 Apr 2024 09:30:46 +1000 Subject: [PATCH 2/3] ci test --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 14a6dacd..92dc0d19 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -121,6 +121,7 @@ jobs: providersdir="$(pwd)/provider-tests" git clone https://github.com/stackql/stackql-provider-tests.git cd stackql-provider-tests + tree . while IFS= read -r provider do echo "testing ${provider}..." From 37451d877ad0d55512924bd71a85e6750c4b7fd4 Mon Sep 17 00:00:00 2001 From: Jeffrey Aven Date: Sat, 20 Apr 2024 09:33:28 +1000 Subject: [PATCH 3/3] fixed aws --- .github/workflows/main.yml | 1 - .../src/aws/v00.00.00000/services/.gitignore | 10 - .../v00.00.00000/services/accessanalyzer.yaml | 223 + .../src/aws/v00.00.00000/services/acmpca.yaml | 842 ++ .../aws/v00.00.00000/services/amplify.yaml | 812 + .../services/amplifyuibuilder.yaml | 1119 ++ .../aws/v00.00.00000/services/apigateway.yaml | 2786 ++++ .../v00.00.00000/services/apigatewayv2.yaml | 1576 ++ .../aws/v00.00.00000/services/appconfig.yaml | 1026 ++ .../aws/v00.00.00000/services/appflow.yaml | 2522 ++++ .../services/appintegrations.yaml | 666 + .../services/applicationautoscaling.yaml | 567 + .../services/applicationinsights.yaml | 634 + .../aws/v00.00.00000/services/apprunner.yaml | 1079 ++ .../aws/v00.00.00000/services/appstream.yaml | 1109 ++ .../aws/v00.00.00000/services/appsync.yaml | 846 ++ .../src/aws/v00.00.00000/services/aps.yaml | 580 + .../v00.00.00000/services/arczonalshift.yaml | 171 + .../src/aws/v00.00.00000/services/athena.yaml | 932 ++ .../v00.00.00000/services/auditmanager.yaml | 355 + .../v00.00.00000/services/autoscaling.yaml | 2009 +++ .../src/aws/v00.00.00000/services/b2bi.yaml | 872 ++ .../src/aws/v00.00.00000/services/backup.yaml | 1317 ++ .../v00.00.00000/services/backupgateway.yaml | 196 + .../src/aws/v00.00.00000/services/batch.yaml | 617 + .../v00.00.00000/services/bcmdataexports.yaml | 249 + .../aws/v00.00.00000/services/bedrock.yaml | 1434 ++ .../services/billingconductor.yaml | 894 ++ .../aws/v00.00.00000/services/budgets.yaml | 258 + .../aws/v00.00.00000/services/cassandra.yaml | 572 + .../src/aws/v00.00.00000/services/ce.yaml | 496 + .../services/certificatemanager.yaml | 79 + .../aws/v00.00.00000/services/chatbot.yaml | 334 + .../aws/v00.00.00000/services/cleanrooms.yaml | 1648 ++ .../v00.00.00000/services/cleanroomsml.yaml | 261 + .../v00.00.00000/services/cloudformation.yaml | 2001 +++ .../aws/v00.00.00000/services/cloudfront.yaml | 2911 ++++ .../aws/v00.00.00000/services/cloudtrail.yaml | 862 ++ .../aws/v00.00.00000/services/cloudwatch.yaml | 829 + .../v00.00.00000/services/codeartifact.yaml | 551 + .../aws/v00.00.00000/services/codebuild.yaml | 151 + .../services/codeconnections.yaml | 169 + .../aws/v00.00.00000/services/codedeploy.yaml | 297 + .../services/codeguruprofiler.yaml | 198 + .../services/codegurureviewer.yaml | 191 + .../v00.00.00000/services/codepipeline.yaml | 252 + .../services/codestarconnections.yaml | 510 + .../services/codestarnotifications.yaml | 186 + .../aws/v00.00.00000/services/cognito.yaml | 1806 +++ .../aws/v00.00.00000/services/comprehend.yaml | 591 + .../src/aws/v00.00.00000/services/config.yaml | 1062 ++ .../aws/v00.00.00000/services/connect.yaml | 4624 ++++++ .../services/connectcampaigns.yaml | 265 + .../v00.00.00000/services/controltower.yaml | 660 + .../src/aws/v00.00.00000/services/cur.yaml | 208 + .../services/customerprofiles.yaml | 1756 +++ .../aws/v00.00.00000/services/databrew.yaml | 1815 +++ .../v00.00.00000/services/datapipeline.yaml | 262 + .../aws/v00.00.00000/services/datasync.yaml | 2899 ++++ .../aws/v00.00.00000/services/datazone.yaml | 1806 +++ .../aws/v00.00.00000/services/deadline.yaml | 1546 ++ .../aws/v00.00.00000/services/detective.yaml | 351 + .../aws/v00.00.00000/services/devopsguru.yaml | 398 + .../services/directoryservice.yaml | 204 + .../src/aws/v00.00.00000/services/dms.yaml | 867 ++ .../v00.00.00000/services/docdbelastic.yaml | 258 + .../aws/v00.00.00000/services/dynamodb.yaml | 1073 ++ .../src/aws/v00.00.00000/services/ecr.yaml | 969 ++ .../src/aws/v00.00.00000/services/ecs.yaml | 2545 ++++ .../src/aws/v00.00.00000/services/efs.yaml | 684 + .../src/aws/v00.00.00000/services/eks.yaml | 1589 ++ .../v00.00.00000/services/elasticache.yaml | 962 ++ .../services/elasticbeanstalk.yaml | 684 + .../services/elasticloadbalancingv2.yaml | 1545 ++ .../src/aws/v00.00.00000/services/emr.yaml | 635 + .../v00.00.00000/services/emrcontainers.yaml | 181 + .../v00.00.00000/services/emrserverless.yaml | 585 + .../services/entityresolution.yaml | 1116 ++ .../src/aws/v00.00.00000/services/events.yaml | 1325 ++ .../v00.00.00000/services/eventschemas.yaml | 502 + .../aws/v00.00.00000/services/evidently.yaml | 1058 ++ .../aws/v00.00.00000/services/finspace.yaml | 305 + .../src/aws/v00.00.00000/services/fis.yaml | 486 + .../src/aws/v00.00.00000/services/fms.yaml | 603 + .../aws/v00.00.00000/services/forecast.yaml | 372 + .../v00.00.00000/services/frauddetector.yaml | 1294 ++ .../src/aws/v00.00.00000/services/fsx.yaml | 258 + .../aws/v00.00.00000/services/gamelift.yaml | 2164 +++ .../services/globalaccelerator.yaml | 659 + .../src/aws/v00.00.00000/services/glue.yaml | 238 + .../aws/v00.00.00000/services/grafana.yaml | 500 + .../v00.00.00000/services/greengrassv2.yaml | 645 + .../v00.00.00000/services/groundstation.yaml | 728 + .../aws/v00.00.00000/services/guardduty.yaml | 915 ++ .../v00.00.00000/services/healthimaging.yaml | 193 + .../aws/v00.00.00000/services/healthlake.yaml | 304 + .../v00.00.00000/services/identitystore.yaml | 272 + .../v00.00.00000/services/imagebuilder.yaml | 2143 +++ .../aws/v00.00.00000/services/inspector.yaml | 287 + .../v00.00.00000/services/inspectorv2.yaml | 558 + .../services/internetmonitor.yaml | 313 + .../src/aws/v00.00.00000/services/iot.yaml | 4958 ++++++ .../v00.00.00000/services/iotanalytics.yaml | 967 ++ .../services/iotcoredeviceadvisor.yaml | 217 + .../aws/v00.00.00000/services/iotevents.yaml | 1066 ++ .../v00.00.00000/services/iotfleethub.yaml | 202 + .../v00.00.00000/services/iotfleetwise.yaml | 1584 ++ .../v00.00.00000/services/iotsitewise.yaml | 1577 ++ .../v00.00.00000/services/iottwinmaker.yaml | 1414 ++ .../v00.00.00000/services/iotwireless.yaml | 2061 +++ .../src/aws/v00.00.00000/services/ivs.yaml | 1278 ++ .../aws/v00.00.00000/services/ivschat.yaml | 420 + .../v00.00.00000/services/kafkaconnect.yaml | 821 + .../src/aws/v00.00.00000/services/kendra.yaml | 1857 +++ .../v00.00.00000/services/kendraranking.yaml | 181 + .../aws/v00.00.00000/services/kinesis.yaml | 212 + .../services/kinesisanalyticsv2.yaml | 827 + .../services/kinesisfirehose.yaml | 1129 ++ .../v00.00.00000/services/kinesisvideo.yaml | 226 + .../src/aws/v00.00.00000/services/kms.yaml | 606 + .../v00.00.00000/services/lakeformation.yaml | 727 + .../src/aws/v00.00.00000/services/lambda.yaml | 2162 +++ .../src/aws/v00.00.00000/services/lex.yaml | 2252 +++ .../v00.00.00000/services/licensemanager.yaml | 379 + .../aws/v00.00.00000/services/lightsail.yaml | 2137 +++ .../aws/v00.00.00000/services/location.yaml | 1200 ++ .../src/aws/v00.00.00000/services/logs.yaml | 1626 ++ .../services/lookoutequipment.yaml | 273 + .../v00.00.00000/services/lookoutmetrics.yaml | 633 + .../v00.00.00000/services/lookoutvision.yaml | 103 + .../src/aws/v00.00.00000/services/m2.yaml | 476 + .../src/aws/v00.00.00000/services/macie.yaml | 644 + .../services/managedblockchain.yaml | 187 + .../v00.00.00000/services/mediaconnect.yaml | 1499 ++ .../aws/v00.00.00000/services/medialive.yaml | 500 + .../v00.00.00000/services/mediapackage.yaml | 1081 ++ .../v00.00.00000/services/mediapackagev2.yaml | 977 ++ .../v00.00.00000/services/mediatailor.yaml | 1113 ++ .../aws/v00.00.00000/services/memorydb.yaml | 843 ++ .../src/aws/v00.00.00000/services/msk.yaml | 1580 ++ .../src/aws/v00.00.00000/services/mwaa.yaml | 507 + .../aws/v00.00.00000/services/neptune.yaml | 398 + .../v00.00.00000/services/neptunegraph.yaml | 393 + .../services/networkfirewall.yaml | 1344 ++ .../v00.00.00000/services/networkmanager.yaml | 2439 +++ .../v00.00.00000/services/nimblestudio.yaml | 1157 ++ .../src/aws/v00.00.00000/services/oam.yaml | 314 + .../src/aws/v00.00.00000/services/omics.yaml | 1140 ++ .../services/opensearchserverless.yaml | 926 ++ .../services/opensearchservice.yaml | 448 + .../aws/v00.00.00000/services/opsworkscm.yaml | 286 + .../v00.00.00000/services/organizations.yaml | 778 + .../src/aws/v00.00.00000/services/osis.yaml | 298 + .../aws/v00.00.00000/services/panorama.yaml | 654 + .../v00.00.00000/services/pcaconnectorad.yaml | 1307 ++ .../v00.00.00000/services/personalize.yaml | 712 + .../aws/v00.00.00000/services/pinpoint.yaml | 216 + .../src/aws/v00.00.00000/services/pipes.yaml | 1358 ++ .../src/aws/v00.00.00000/services/proton.yaml | 510 + .../src/aws/v00.00.00000/services/qldb.yaml | 184 + .../aws/v00.00.00000/services/quicksight.yaml | 12454 ++++++++++++++++ .../src/aws/v00.00.00000/services/ram.yaml | 170 + .../src/aws/v00.00.00000/services/rds.yaml | 3474 +++++ .../aws/v00.00.00000/services/redshift.yaml | 1706 +++ .../services/redshiftserverless.yaml | 632 + .../v00.00.00000/services/refactorspaces.yaml | 985 ++ .../v00.00.00000/services/rekognition.yaml | 584 + .../v00.00.00000/services/resiliencehub.yaml | 488 + .../services/resourceexplorer2.yaml | 342 + .../v00.00.00000/services/resourcegroups.yaml | 218 + .../aws/v00.00.00000/services/robomaker.yaml | 772 + .../v00.00.00000/services/rolesanywhere.yaml | 491 + .../aws/v00.00.00000/services/route53.yaml | 825 + .../services/route53recoverycontrol.yaml | 632 + .../services/route53recoveryreadiness.yaml | 592 + .../services/route53resolver.yaml | 1767 +++ .../src/aws/v00.00.00000/services/rum.yaml | 461 + .../aws/v00.00.00000/services/s3express.yaml | 223 + .../v00.00.00000/services/s3objectlambda.yaml | 319 + .../aws/v00.00.00000/services/s3outposts.yaml | 696 + .../aws/v00.00.00000/services/sagemaker.yaml | 6786 +++++++++ .../aws/v00.00.00000/services/scheduler.yaml | 694 + .../v00.00.00000/services/secretsmanager.yaml | 244 + .../v00.00.00000/services/securityhub.yaml | 2089 +++ .../v00.00.00000/services/securitylake.yaml | 551 + .../v00.00.00000/services/servicecatalog.yaml | 482 + .../services/servicecatalogappregistry.yaml | 537 + .../src/aws/v00.00.00000/services/ses.yaml | 972 ++ .../src/aws/v00.00.00000/services/shield.yaml | 660 + .../src/aws/v00.00.00000/services/signer.yaml | 285 + .../v00.00.00000/services/simspaceweaver.yaml | 157 + .../src/aws/v00.00.00000/services/sns.yaml | 350 + .../src/aws/v00.00.00000/services/sqs.yaml | 327 + .../src/aws/v00.00.00000/services/ssm.yaml | 1379 ++ .../v00.00.00000/services/ssmcontacts.yaml | 700 + .../v00.00.00000/services/ssmincidents.yaml | 575 + .../src/aws/v00.00.00000/services/sso.yaml | 590 + .../v00.00.00000/services/stepfunctions.yaml | 634 + .../aws/v00.00.00000/services/supportapp.yaml | 352 + .../aws/v00.00.00000/services/synthetics.yaml | 503 + .../services/systemsmanagersap.yaml | 197 + .../aws/v00.00.00000/services/timestream.yaml | 1178 ++ .../aws/v00.00.00000/services/transfer.yaml | 1146 ++ .../services/verifiedpermissions.yaml | 665 + .../aws/v00.00.00000/services/voiceid.yaml | 176 + .../aws/v00.00.00000/services/vpclattice.yaml | 1896 +++ .../src/aws/v00.00.00000/services/wafv2.yaml | 2373 +++ .../src/aws/v00.00.00000/services/wisdom.yaml | 505 + .../aws/v00.00.00000/services/workspaces.yaml | 133 + .../services/workspacesthinclient.yaml | 339 + .../v00.00.00000/services/workspacesweb.yaml | 1378 ++ .../src/aws/v00.00.00000/services/xray.yaml | 434 + 212 files changed, 202739 insertions(+), 11 deletions(-) delete mode 100644 providers/src/aws/v00.00.00000/services/.gitignore create mode 100644 providers/src/aws/v00.00.00000/services/accessanalyzer.yaml create mode 100644 providers/src/aws/v00.00.00000/services/acmpca.yaml create mode 100644 providers/src/aws/v00.00.00000/services/amplify.yaml create mode 100644 providers/src/aws/v00.00.00000/services/amplifyuibuilder.yaml create mode 100644 providers/src/aws/v00.00.00000/services/apigateway.yaml create mode 100644 providers/src/aws/v00.00.00000/services/apigatewayv2.yaml create mode 100644 providers/src/aws/v00.00.00000/services/appconfig.yaml create mode 100644 providers/src/aws/v00.00.00000/services/appflow.yaml create mode 100644 providers/src/aws/v00.00.00000/services/appintegrations.yaml create mode 100644 providers/src/aws/v00.00.00000/services/applicationautoscaling.yaml create mode 100644 providers/src/aws/v00.00.00000/services/applicationinsights.yaml create mode 100644 providers/src/aws/v00.00.00000/services/apprunner.yaml create mode 100644 providers/src/aws/v00.00.00000/services/appstream.yaml create mode 100644 providers/src/aws/v00.00.00000/services/appsync.yaml create mode 100644 providers/src/aws/v00.00.00000/services/aps.yaml create mode 100644 providers/src/aws/v00.00.00000/services/arczonalshift.yaml create mode 100644 providers/src/aws/v00.00.00000/services/athena.yaml create mode 100644 providers/src/aws/v00.00.00000/services/auditmanager.yaml create mode 100644 providers/src/aws/v00.00.00000/services/autoscaling.yaml create mode 100644 providers/src/aws/v00.00.00000/services/b2bi.yaml create mode 100644 providers/src/aws/v00.00.00000/services/backup.yaml create mode 100644 providers/src/aws/v00.00.00000/services/backupgateway.yaml create mode 100644 providers/src/aws/v00.00.00000/services/batch.yaml create mode 100644 providers/src/aws/v00.00.00000/services/bcmdataexports.yaml create mode 100644 providers/src/aws/v00.00.00000/services/bedrock.yaml create mode 100644 providers/src/aws/v00.00.00000/services/billingconductor.yaml create mode 100644 providers/src/aws/v00.00.00000/services/budgets.yaml create mode 100644 providers/src/aws/v00.00.00000/services/cassandra.yaml create mode 100644 providers/src/aws/v00.00.00000/services/ce.yaml create mode 100644 providers/src/aws/v00.00.00000/services/certificatemanager.yaml create mode 100644 providers/src/aws/v00.00.00000/services/chatbot.yaml create mode 100644 providers/src/aws/v00.00.00000/services/cleanrooms.yaml create mode 100644 providers/src/aws/v00.00.00000/services/cleanroomsml.yaml create mode 100644 providers/src/aws/v00.00.00000/services/cloudformation.yaml create mode 100644 providers/src/aws/v00.00.00000/services/cloudfront.yaml create mode 100644 providers/src/aws/v00.00.00000/services/cloudtrail.yaml create mode 100644 providers/src/aws/v00.00.00000/services/cloudwatch.yaml create mode 100644 providers/src/aws/v00.00.00000/services/codeartifact.yaml create mode 100644 providers/src/aws/v00.00.00000/services/codebuild.yaml create mode 100644 providers/src/aws/v00.00.00000/services/codeconnections.yaml create mode 100644 providers/src/aws/v00.00.00000/services/codedeploy.yaml create mode 100644 providers/src/aws/v00.00.00000/services/codeguruprofiler.yaml create mode 100644 providers/src/aws/v00.00.00000/services/codegurureviewer.yaml create mode 100644 providers/src/aws/v00.00.00000/services/codepipeline.yaml create mode 100644 providers/src/aws/v00.00.00000/services/codestarconnections.yaml create mode 100644 providers/src/aws/v00.00.00000/services/codestarnotifications.yaml create mode 100644 providers/src/aws/v00.00.00000/services/cognito.yaml create mode 100644 providers/src/aws/v00.00.00000/services/comprehend.yaml create mode 100644 providers/src/aws/v00.00.00000/services/config.yaml create mode 100644 providers/src/aws/v00.00.00000/services/connect.yaml create mode 100644 providers/src/aws/v00.00.00000/services/connectcampaigns.yaml create mode 100644 providers/src/aws/v00.00.00000/services/controltower.yaml create mode 100644 providers/src/aws/v00.00.00000/services/cur.yaml create mode 100644 providers/src/aws/v00.00.00000/services/customerprofiles.yaml create mode 100644 providers/src/aws/v00.00.00000/services/databrew.yaml create mode 100644 providers/src/aws/v00.00.00000/services/datapipeline.yaml create mode 100644 providers/src/aws/v00.00.00000/services/datasync.yaml create mode 100644 providers/src/aws/v00.00.00000/services/datazone.yaml create mode 100644 providers/src/aws/v00.00.00000/services/deadline.yaml create mode 100644 providers/src/aws/v00.00.00000/services/detective.yaml create mode 100644 providers/src/aws/v00.00.00000/services/devopsguru.yaml create mode 100644 providers/src/aws/v00.00.00000/services/directoryservice.yaml create mode 100644 providers/src/aws/v00.00.00000/services/dms.yaml create mode 100644 providers/src/aws/v00.00.00000/services/docdbelastic.yaml create mode 100644 providers/src/aws/v00.00.00000/services/dynamodb.yaml create mode 100644 providers/src/aws/v00.00.00000/services/ecr.yaml create mode 100644 providers/src/aws/v00.00.00000/services/ecs.yaml create mode 100644 providers/src/aws/v00.00.00000/services/efs.yaml create mode 100644 providers/src/aws/v00.00.00000/services/eks.yaml create mode 100644 providers/src/aws/v00.00.00000/services/elasticache.yaml create mode 100644 providers/src/aws/v00.00.00000/services/elasticbeanstalk.yaml create mode 100644 providers/src/aws/v00.00.00000/services/elasticloadbalancingv2.yaml create mode 100644 providers/src/aws/v00.00.00000/services/emr.yaml create mode 100644 providers/src/aws/v00.00.00000/services/emrcontainers.yaml create mode 100644 providers/src/aws/v00.00.00000/services/emrserverless.yaml create mode 100644 providers/src/aws/v00.00.00000/services/entityresolution.yaml create mode 100644 providers/src/aws/v00.00.00000/services/events.yaml create mode 100644 providers/src/aws/v00.00.00000/services/eventschemas.yaml create mode 100644 providers/src/aws/v00.00.00000/services/evidently.yaml create mode 100644 providers/src/aws/v00.00.00000/services/finspace.yaml create mode 100644 providers/src/aws/v00.00.00000/services/fis.yaml create mode 100644 providers/src/aws/v00.00.00000/services/fms.yaml create mode 100644 providers/src/aws/v00.00.00000/services/forecast.yaml create mode 100644 providers/src/aws/v00.00.00000/services/frauddetector.yaml create mode 100644 providers/src/aws/v00.00.00000/services/fsx.yaml create mode 100644 providers/src/aws/v00.00.00000/services/gamelift.yaml create mode 100644 providers/src/aws/v00.00.00000/services/globalaccelerator.yaml create mode 100644 providers/src/aws/v00.00.00000/services/glue.yaml create mode 100644 providers/src/aws/v00.00.00000/services/grafana.yaml create mode 100644 providers/src/aws/v00.00.00000/services/greengrassv2.yaml create mode 100644 providers/src/aws/v00.00.00000/services/groundstation.yaml create mode 100644 providers/src/aws/v00.00.00000/services/guardduty.yaml create mode 100644 providers/src/aws/v00.00.00000/services/healthimaging.yaml create mode 100644 providers/src/aws/v00.00.00000/services/healthlake.yaml create mode 100644 providers/src/aws/v00.00.00000/services/identitystore.yaml create mode 100644 providers/src/aws/v00.00.00000/services/imagebuilder.yaml create mode 100644 providers/src/aws/v00.00.00000/services/inspector.yaml create mode 100644 providers/src/aws/v00.00.00000/services/inspectorv2.yaml create mode 100644 providers/src/aws/v00.00.00000/services/internetmonitor.yaml create mode 100644 providers/src/aws/v00.00.00000/services/iot.yaml create mode 100644 providers/src/aws/v00.00.00000/services/iotanalytics.yaml create mode 100644 providers/src/aws/v00.00.00000/services/iotcoredeviceadvisor.yaml create mode 100644 providers/src/aws/v00.00.00000/services/iotevents.yaml create mode 100644 providers/src/aws/v00.00.00000/services/iotfleethub.yaml create mode 100644 providers/src/aws/v00.00.00000/services/iotfleetwise.yaml create mode 100644 providers/src/aws/v00.00.00000/services/iotsitewise.yaml create mode 100644 providers/src/aws/v00.00.00000/services/iottwinmaker.yaml create mode 100644 providers/src/aws/v00.00.00000/services/iotwireless.yaml create mode 100644 providers/src/aws/v00.00.00000/services/ivs.yaml create mode 100644 providers/src/aws/v00.00.00000/services/ivschat.yaml create mode 100644 providers/src/aws/v00.00.00000/services/kafkaconnect.yaml create mode 100644 providers/src/aws/v00.00.00000/services/kendra.yaml create mode 100644 providers/src/aws/v00.00.00000/services/kendraranking.yaml create mode 100644 providers/src/aws/v00.00.00000/services/kinesis.yaml create mode 100644 providers/src/aws/v00.00.00000/services/kinesisanalyticsv2.yaml create mode 100644 providers/src/aws/v00.00.00000/services/kinesisfirehose.yaml create mode 100644 providers/src/aws/v00.00.00000/services/kinesisvideo.yaml create mode 100644 providers/src/aws/v00.00.00000/services/kms.yaml create mode 100644 providers/src/aws/v00.00.00000/services/lakeformation.yaml create mode 100644 providers/src/aws/v00.00.00000/services/lambda.yaml create mode 100644 providers/src/aws/v00.00.00000/services/lex.yaml create mode 100644 providers/src/aws/v00.00.00000/services/licensemanager.yaml create mode 100644 providers/src/aws/v00.00.00000/services/lightsail.yaml create mode 100644 providers/src/aws/v00.00.00000/services/location.yaml create mode 100644 providers/src/aws/v00.00.00000/services/logs.yaml create mode 100644 providers/src/aws/v00.00.00000/services/lookoutequipment.yaml create mode 100644 providers/src/aws/v00.00.00000/services/lookoutmetrics.yaml create mode 100644 providers/src/aws/v00.00.00000/services/lookoutvision.yaml create mode 100644 providers/src/aws/v00.00.00000/services/m2.yaml create mode 100644 providers/src/aws/v00.00.00000/services/macie.yaml create mode 100644 providers/src/aws/v00.00.00000/services/managedblockchain.yaml create mode 100644 providers/src/aws/v00.00.00000/services/mediaconnect.yaml create mode 100644 providers/src/aws/v00.00.00000/services/medialive.yaml create mode 100644 providers/src/aws/v00.00.00000/services/mediapackage.yaml create mode 100644 providers/src/aws/v00.00.00000/services/mediapackagev2.yaml create mode 100644 providers/src/aws/v00.00.00000/services/mediatailor.yaml create mode 100644 providers/src/aws/v00.00.00000/services/memorydb.yaml create mode 100644 providers/src/aws/v00.00.00000/services/msk.yaml create mode 100644 providers/src/aws/v00.00.00000/services/mwaa.yaml create mode 100644 providers/src/aws/v00.00.00000/services/neptune.yaml create mode 100644 providers/src/aws/v00.00.00000/services/neptunegraph.yaml create mode 100644 providers/src/aws/v00.00.00000/services/networkfirewall.yaml create mode 100644 providers/src/aws/v00.00.00000/services/networkmanager.yaml create mode 100644 providers/src/aws/v00.00.00000/services/nimblestudio.yaml create mode 100644 providers/src/aws/v00.00.00000/services/oam.yaml create mode 100644 providers/src/aws/v00.00.00000/services/omics.yaml create mode 100644 providers/src/aws/v00.00.00000/services/opensearchserverless.yaml create mode 100644 providers/src/aws/v00.00.00000/services/opensearchservice.yaml create mode 100644 providers/src/aws/v00.00.00000/services/opsworkscm.yaml create mode 100644 providers/src/aws/v00.00.00000/services/organizations.yaml create mode 100644 providers/src/aws/v00.00.00000/services/osis.yaml create mode 100644 providers/src/aws/v00.00.00000/services/panorama.yaml create mode 100644 providers/src/aws/v00.00.00000/services/pcaconnectorad.yaml create mode 100644 providers/src/aws/v00.00.00000/services/personalize.yaml create mode 100644 providers/src/aws/v00.00.00000/services/pinpoint.yaml create mode 100644 providers/src/aws/v00.00.00000/services/pipes.yaml create mode 100644 providers/src/aws/v00.00.00000/services/proton.yaml create mode 100644 providers/src/aws/v00.00.00000/services/qldb.yaml create mode 100644 providers/src/aws/v00.00.00000/services/quicksight.yaml create mode 100644 providers/src/aws/v00.00.00000/services/ram.yaml create mode 100644 providers/src/aws/v00.00.00000/services/rds.yaml create mode 100644 providers/src/aws/v00.00.00000/services/redshift.yaml create mode 100644 providers/src/aws/v00.00.00000/services/redshiftserverless.yaml create mode 100644 providers/src/aws/v00.00.00000/services/refactorspaces.yaml create mode 100644 providers/src/aws/v00.00.00000/services/rekognition.yaml create mode 100644 providers/src/aws/v00.00.00000/services/resiliencehub.yaml create mode 100644 providers/src/aws/v00.00.00000/services/resourceexplorer2.yaml create mode 100644 providers/src/aws/v00.00.00000/services/resourcegroups.yaml create mode 100644 providers/src/aws/v00.00.00000/services/robomaker.yaml create mode 100644 providers/src/aws/v00.00.00000/services/rolesanywhere.yaml create mode 100644 providers/src/aws/v00.00.00000/services/route53.yaml create mode 100644 providers/src/aws/v00.00.00000/services/route53recoverycontrol.yaml create mode 100644 providers/src/aws/v00.00.00000/services/route53recoveryreadiness.yaml create mode 100644 providers/src/aws/v00.00.00000/services/route53resolver.yaml create mode 100644 providers/src/aws/v00.00.00000/services/rum.yaml create mode 100644 providers/src/aws/v00.00.00000/services/s3express.yaml create mode 100644 providers/src/aws/v00.00.00000/services/s3objectlambda.yaml create mode 100644 providers/src/aws/v00.00.00000/services/s3outposts.yaml create mode 100644 providers/src/aws/v00.00.00000/services/sagemaker.yaml create mode 100644 providers/src/aws/v00.00.00000/services/scheduler.yaml create mode 100644 providers/src/aws/v00.00.00000/services/secretsmanager.yaml create mode 100644 providers/src/aws/v00.00.00000/services/securityhub.yaml create mode 100644 providers/src/aws/v00.00.00000/services/securitylake.yaml create mode 100644 providers/src/aws/v00.00.00000/services/servicecatalog.yaml create mode 100644 providers/src/aws/v00.00.00000/services/servicecatalogappregistry.yaml create mode 100644 providers/src/aws/v00.00.00000/services/ses.yaml create mode 100644 providers/src/aws/v00.00.00000/services/shield.yaml create mode 100644 providers/src/aws/v00.00.00000/services/signer.yaml create mode 100644 providers/src/aws/v00.00.00000/services/simspaceweaver.yaml create mode 100644 providers/src/aws/v00.00.00000/services/sns.yaml create mode 100644 providers/src/aws/v00.00.00000/services/sqs.yaml create mode 100644 providers/src/aws/v00.00.00000/services/ssm.yaml create mode 100644 providers/src/aws/v00.00.00000/services/ssmcontacts.yaml create mode 100644 providers/src/aws/v00.00.00000/services/ssmincidents.yaml create mode 100644 providers/src/aws/v00.00.00000/services/sso.yaml create mode 100644 providers/src/aws/v00.00.00000/services/stepfunctions.yaml create mode 100644 providers/src/aws/v00.00.00000/services/supportapp.yaml create mode 100644 providers/src/aws/v00.00.00000/services/synthetics.yaml create mode 100644 providers/src/aws/v00.00.00000/services/systemsmanagersap.yaml create mode 100644 providers/src/aws/v00.00.00000/services/timestream.yaml create mode 100644 providers/src/aws/v00.00.00000/services/transfer.yaml create mode 100644 providers/src/aws/v00.00.00000/services/verifiedpermissions.yaml create mode 100644 providers/src/aws/v00.00.00000/services/voiceid.yaml create mode 100644 providers/src/aws/v00.00.00000/services/vpclattice.yaml create mode 100644 providers/src/aws/v00.00.00000/services/wafv2.yaml create mode 100644 providers/src/aws/v00.00.00000/services/wisdom.yaml create mode 100644 providers/src/aws/v00.00.00000/services/workspaces.yaml create mode 100644 providers/src/aws/v00.00.00000/services/workspacesthinclient.yaml create mode 100644 providers/src/aws/v00.00.00000/services/workspacesweb.yaml create mode 100644 providers/src/aws/v00.00.00000/services/xray.yaml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 92dc0d19..14a6dacd 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -121,7 +121,6 @@ jobs: providersdir="$(pwd)/provider-tests" git clone https://github.com/stackql/stackql-provider-tests.git cd stackql-provider-tests - tree . while IFS= read -r provider do echo "testing ${provider}..." diff --git a/providers/src/aws/v00.00.00000/services/.gitignore b/providers/src/aws/v00.00.00000/services/.gitignore deleted file mode 100644 index 9ff339d5..00000000 --- a/providers/src/aws/v00.00.00000/services/.gitignore +++ /dev/null @@ -1,10 +0,0 @@ -# Ignore everything in this directory -* -# Except this file -!.gitignore -!cloud_control.yaml -!ec2_api.yaml -!iam_api.yaml -!s3_api.yaml -!cloudwatch_api.yaml -!cloudhsm.yaml \ No newline at end of file diff --git a/providers/src/aws/v00.00.00000/services/accessanalyzer.yaml b/providers/src/aws/v00.00.00000/services/accessanalyzer.yaml new file mode 100644 index 00000000..5b43d1fd --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/accessanalyzer.yaml @@ -0,0 +1,223 @@ +openapi: 3.0.0 +info: + title: AccessAnalyzer + version: 1.0.0 +paths: {} +components: + schemas: + ArchiveRule: + description: An Access Analyzer archive rule. Archive rules automatically archive new findings that meet the criteria you define when you create the rule. + type: object + properties: + Filter: + type: array + x-insertionOrder: false + minItems: 1 + items: + $ref: '#/components/schemas/Filter' + RuleName: + type: string + description: The archive rule name + required: + - Filter + - RuleName + additionalProperties: false + Filter: + type: object + properties: + Contains: + type: array + x-insertionOrder: false + items: + type: string + Eq: + type: array + x-insertionOrder: false + items: + type: string + Exists: + type: boolean + Property: + type: string + Neq: + type: array + x-insertionOrder: false + items: + type: string + required: + - Property + additionalProperties: false + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 127 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 255 + required: + - Key + - Value + additionalProperties: false + UnusedAccessConfiguration: + description: The Configuration for Unused Access Analyzer + type: object + properties: + UnusedAccessAge: + description: The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days. + type: integer + minimum: 1 + maximum: 180 + additionalProperties: false + Analyzer: + type: object + properties: + AnalyzerName: + description: Analyzer name + type: string + minLength: 1 + maxLength: 1024 + ArchiveRules: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ArchiveRule' + Arn: + description: Amazon Resource Name (ARN) of the analyzer + type: string + minLength: 1 + maxLength: 1600 + Tags: + type: array + maxItems: 50 + x-insertionOrder: false + uniqueItems: true + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + Type: + description: The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS + type: string + minLength: 0 + maxLength: 1024 + AnalyzerConfiguration: + description: The configuration for the analyzer + type: object + properties: + UnusedAccessConfiguration: + $ref: '#/components/schemas/UnusedAccessConfiguration' + additionalProperties: false + required: + - Type + x-stackql-resource-name: analyzer + description: The AWS::AccessAnalyzer::Analyzer type specifies an analyzer of the user's account + x-type-name: AWS::AccessAnalyzer::Analyzer + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - AnalyzerName + - Type + - AnalyzerConfiguration + x-read-only-properties: + - Arn + x-required-properties: + - Type + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - access-analyzer:CreateAnalyzer + - access-analyzer:TagResource + - iam:CreateServiceLinkedRole + - organizations:ListAWSServiceAccessForOrganization + - organizations:ListDelegatedAdministrators + read: + - access-analyzer:ListAnalyzers + - access-analyzer:GetAnalyzer + - access-analyzer:ListArchiveRules + update: + - access-analyzer:CreateArchiveRule + - access-analyzer:DeleteArchiveRule + - access-analyzer:ListAnalyzers + - access-analyzer:TagResource + - access-analyzer:UntagResource + - access-analyzer:UpdateArchiveRule + delete: + - access-analyzer:DeleteAnalyzer + list: + - access-analyzer:ListAnalyzers + x-stackQL-resources: + analyzers: + name: analyzers + id: aws.accessanalyzer.analyzers + x-cfn-schema-name: Analyzer + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AccessAnalyzer::Analyzer' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AccessAnalyzer::Analyzer' + AND region = 'us-east-1' + analyzer: + name: analyzer + id: aws.accessanalyzer.analyzer + x-cfn-schema-name: Analyzer + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AnalyzerName') as analyzer_name, + JSON_EXTRACT(Properties, '$.ArchiveRules') as archive_rules, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.AnalyzerConfiguration') as analyzer_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AccessAnalyzer::Analyzer' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AnalyzerName') as analyzer_name, + json_extract_path_text(Properties, 'ArchiveRules') as archive_rules, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'AnalyzerConfiguration') as analyzer_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AccessAnalyzer::Analyzer' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/acmpca.yaml b/providers/src/aws/v00.00.00000/services/acmpca.yaml new file mode 100644 index 00000000..b306db91 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/acmpca.yaml @@ -0,0 +1,842 @@ +openapi: 3.0.0 +info: + title: ACMPCA + version: 1.0.0 +paths: {} +components: + schemas: + ApiPassthrough: + description: |- + Contains X.509 certificate information to be placed in an issued certificate. An ``APIPassthrough`` or ``APICSRPassthrough`` template variant must be selected, or else this parameter is ignored. + If conflicting or duplicate certificate information is supplied from other sources, AWS Private CA applies [order of operation rules](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations) to determine what information is used. + type: object + additionalProperties: false + properties: + Extensions: + $ref: '#/components/schemas/Extensions' + description: Specifies X.509 extension information for a certificate. + Subject: + $ref: '#/components/schemas/Subject' + description: Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. + Arn: + type: string + CertificatePolicyList: + type: array + items: + $ref: '#/components/schemas/PolicyInformation' + ExtendedKeyUsage: + description: Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the ``KeyUsage`` extension. + type: object + additionalProperties: false + properties: + ExtendedKeyUsageType: + type: string + description: Specifies a standard ``ExtendedKeyUsage`` as defined as in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). + ExtendedKeyUsageObjectIdentifier: + $ref: '#/components/schemas/CustomObjectIdentifier' + description: Specifies a custom ``ExtendedKeyUsage`` with an object identifier (OID). + ExtendedKeyUsageList: + type: array + items: + $ref: '#/components/schemas/ExtendedKeyUsage' + Extensions: + description: Contains X.509 extension information for a certificate. + type: object + additionalProperties: false + properties: + CertificatePolicies: + $ref: '#/components/schemas/CertificatePolicyList' + description: |- + Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier). + In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate. + ExtendedKeyUsage: + $ref: '#/components/schemas/ExtendedKeyUsageList' + description: Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the ``KeyUsage`` extension. + KeyUsage: + $ref: '#/components/schemas/KeyUsage' + description: Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false. + SubjectAlternativeNames: + $ref: '#/components/schemas/GeneralNameList' + description: The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate. + CustomExtensions: + $ref: '#/components/schemas/CustomExtensionList' + description: Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the [Global OID reference database.](https://docs.aws.amazon.com/https://oidref.com/2.5.29) + CustomExtensionList: + description: Array of X.509 extensions for a certificate. + type: array + items: + $ref: '#/components/schemas/CustomExtension' + CustomExtension: + description: |- + Specifies the X.509 extension information for a certificate. + Extensions present in ``CustomExtensions`` follow the ``ApiPassthrough`` [template rules](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations). + type: object + additionalProperties: false + properties: + Critical: + type: boolean + description: Specifies the critical flag of the X.509 extension. + ObjectIdentifier: + $ref: '#/components/schemas/CustomObjectIdentifier' + description: Specifies the object identifier (OID) of the X.509 extension. For more information, see the [Global OID reference database.](https://docs.aws.amazon.com/https://oidref.com/2.5.29) + Value: + type: string + description: Specifies the base64-encoded value of the X.509 extension. + required: + - ObjectIdentifier + - Value + GeneralNameList: + type: array + items: + $ref: '#/components/schemas/GeneralName' + GeneralName: + description: Structure that contains X.509 GeneralName information. Assign one and ONLY one field. + type: object + additionalProperties: false + properties: + OtherName: + $ref: '#/components/schemas/OtherName' + Rfc822Name: + $ref: '#/components/schemas/Rfc822Name' + DnsName: + $ref: '#/components/schemas/DnsName' + DirectoryName: + $ref: '#/components/schemas/Subject' + EdiPartyName: + $ref: '#/components/schemas/EdiPartyName' + UniformResourceIdentifier: + $ref: '#/components/schemas/UniformResourceIdentifier' + IpAddress: + $ref: '#/components/schemas/IpAddress' + RegisteredId: + $ref: '#/components/schemas/CustomObjectIdentifier' + KeyUsage: + description: Structure that contains X.509 KeyUsage information. + type: object + additionalProperties: false + properties: + DigitalSignature: + type: boolean + default: false + NonRepudiation: + type: boolean + default: false + KeyEncipherment: + type: boolean + default: false + DataEncipherment: + type: boolean + default: false + KeyAgreement: + type: boolean + default: false + KeyCertSign: + type: boolean + default: false + CRLSign: + type: boolean + default: false + EncipherOnly: + type: boolean + default: false + DecipherOnly: + type: boolean + default: false + PolicyInformation: + description: Defines the X.509 ``CertificatePolicies`` extension. + type: object + additionalProperties: false + properties: + CertPolicyId: + $ref: '#/components/schemas/CustomObjectIdentifier' + description: Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier). + PolicyQualifiers: + $ref: '#/components/schemas/PolicyQualifierInfoList' + description: Modifies the given ``CertPolicyId`` with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier. + required: + - CertPolicyId + PolicyQualifierInfo: + description: Modifies the ``CertPolicyId`` of a ``PolicyInformation`` object with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier. + type: object + additionalProperties: false + properties: + PolicyQualifierId: + type: string + description: Identifies the qualifier modifying a ``CertPolicyId``. + Qualifier: + $ref: '#/components/schemas/Qualifier' + description: Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field. + required: + - PolicyQualifierId + - Qualifier + PolicyQualifierInfoList: + type: array + items: + $ref: '#/components/schemas/PolicyQualifierInfo' + Qualifier: + description: Defines a ``PolicyInformation`` qualifier. AWS Private CA supports the [certification practice statement (CPS) qualifier](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4) defined in RFC 5280. + type: object + additionalProperties: false + properties: + CpsUri: + type: string + description: Contains a pointer to a certification practice statement (CPS) published by the CA. + required: + - CpsUri + Subject: + description: Structure that contains X.500 distinguished name information for your CA. + type: object + additionalProperties: false + properties: + Country: + type: string + Organization: + type: string + OrganizationalUnit: + type: string + DistinguishedNameQualifier: + type: string + State: + type: string + CommonName: + type: string + SerialNumber: + type: string + Locality: + type: string + Title: + type: string + Surname: + type: string + GivenName: + type: string + Initials: + type: string + Pseudonym: + type: string + GenerationQualifier: + type: string + CustomAttributes: + $ref: '#/components/schemas/CustomAttributeList' + CustomAttributeList: + description: Array of X.500 attribute type and value. CustomAttributes cannot be used along with pre-defined attributes. + type: array + items: + $ref: '#/components/schemas/CustomAttribute' + CustomAttribute: + description: Structure that contains X.500 attribute type and value. + type: object + additionalProperties: false + properties: + ObjectIdentifier: + $ref: '#/components/schemas/CustomObjectIdentifier' + Value: + type: string + required: + - ObjectIdentifier + - Value + Validity: + description: Length of time for which the certificate issued by your private certificate authority (CA), or by the private CA itself, is valid in days, months, or years. You can issue a certificate by calling the ``IssueCertificate`` operation. + type: object + additionalProperties: false + properties: + Value: + type: number + description: A long integer interpreted according to the value of ``Type``, below. + Type: + type: string + description: Specifies whether the ``Value`` parameter represents days, months, or years. + required: + - Value + - Type + CustomObjectIdentifier: + description: String that contains X.509 ObjectIdentifier information. + type: string + OtherName: + description: Structure that contains X.509 OtherName information. + type: object + additionalProperties: false + properties: + TypeId: + $ref: '#/components/schemas/CustomObjectIdentifier' + Value: + type: string + required: + - TypeId + - Value + Rfc822Name: + description: String that contains X.509 Rfc822Name information. + type: string + DnsName: + description: String that contains X.509 DnsName information. + type: string + EdiPartyName: + description: Structure that contains X.509 EdiPartyName information. + type: object + additionalProperties: false + properties: + PartyName: + type: string + NameAssigner: + type: string + required: + - PartyName + - NameAssigner + UniformResourceIdentifier: + description: String that contains X.509 UniformResourceIdentifier information. + type: string + IpAddress: + description: String that contains X.509 IpAddress information. + type: string + Certificate: + type: object + properties: + ApiPassthrough: + description: Specifies X.509 certificate information to be included in the issued certificate. An ``APIPassthrough`` or ``APICSRPassthrough`` template variant must be selected, or else this parameter is ignored. + $ref: '#/components/schemas/ApiPassthrough' + CertificateAuthorityArn: + description: The Amazon Resource Name (ARN) for the private CA issues the certificate. + $ref: '#/components/schemas/Arn' + CertificateSigningRequest: + description: The certificate signing request (CSR) for the certificate. + type: string + minLength: 1 + SigningAlgorithm: + description: |- + The name of the algorithm that will be used to sign the certificate to be issued. + This parameter should not be confused with the ``SigningAlgorithm`` parameter used to sign a CSR in the ``CreateCertificateAuthority`` action. + The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. + type: string + TemplateArn: + description: Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the ``EndEntityCertificate/V1`` template. For more information about PCAshort templates, see [Using Templates](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html). + $ref: '#/components/schemas/Arn' + Validity: + description: The period of time during which the certificate will be valid. + $ref: '#/components/schemas/Validity' + ValidityNotBefore: + description: |- + Information describing the start of the validity period of the certificate. This parameter sets the “Not Before" date for the certificate. + By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ``ValidityNotBefore`` parameter can be used to customize the “Not Before” value. + Unlike the ``Validity`` parameter, the ``ValidityNotBefore`` parameter is optional. + The ``ValidityNotBefore`` value is expressed as an explicit date and time, using the ``Validity`` type value ``ABSOLUTE``. + $ref: '#/components/schemas/Validity' + Certificate: + description: '' + type: string + Arn: + description: '' + $ref: '#/components/schemas/Arn' + required: + - CertificateAuthorityArn + - CertificateSigningRequest + - SigningAlgorithm + - Validity + x-stackql-resource-name: certificate + description: The ``AWS::ACMPCA::Certificate`` resource is used to issue a certificate using your private certificate authority. For more information, see the [IssueCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html) action. + x-type-name: AWS::ACMPCA::Certificate + x-stackql-primary-identifier: + - Arn + - CertificateAuthorityArn + x-create-only-properties: + - ApiPassthrough + - CertificateAuthorityArn + - CertificateSigningRequest + - SigningAlgorithm + - TemplateArn + - Validity + - ValidityNotBefore + x-write-only-properties: + - ApiPassthrough + - CertificateSigningRequest + x-read-only-properties: + - Arn + - Certificate + x-required-properties: + - CertificateAuthorityArn + - CertificateSigningRequest + - SigningAlgorithm + - Validity + x-required-permissions: + create: + - acm-pca:IssueCertificate + - acm-pca:GetCertificate + read: + - acm-pca:GetCertificate + delete: + - acm-pca:GetCertificate + update: [] + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + Value: + type: string + CrlDistributionPointExtensionConfiguration: + description: Configures the default behavior of the CRL Distribution Point extension for certificates issued by your certificate authority + type: object + additionalProperties: false + properties: + OmitExtension: + type: boolean + required: + - OmitExtension + CrlConfiguration: + description: Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked. + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + ExpirationInDays: + type: integer + CustomCname: + type: string + S3BucketName: + type: string + S3ObjectAcl: + type: string + CrlDistributionPointExtensionConfiguration: + $ref: '#/components/schemas/CrlDistributionPointExtensionConfiguration' + OcspConfiguration: + description: Helps to configure online certificate status protocol (OCSP) responder for your certificate authority + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + OcspCustomCname: + type: string + RevocationConfiguration: + description: Certificate Authority revocation information. + type: object + additionalProperties: false + properties: + CrlConfiguration: + $ref: '#/components/schemas/CrlConfiguration' + OcspConfiguration: + $ref: '#/components/schemas/OcspConfiguration' + AccessMethodType: + description: Pre-defined enum string for X.509 AccessMethod ObjectIdentifiers. + type: string + AccessMethod: + description: Structure that contains X.509 AccessMethod information. Assign one and ONLY one field. + type: object + additionalProperties: false + properties: + CustomObjectIdentifier: + $ref: '#/components/schemas/CustomObjectIdentifier' + AccessMethodType: + $ref: '#/components/schemas/AccessMethodType' + AccessDescription: + description: Structure that contains X.509 AccessDescription information. + type: object + additionalProperties: false + properties: + AccessMethod: + $ref: '#/components/schemas/AccessMethod' + AccessLocation: + $ref: '#/components/schemas/GeneralName' + required: + - AccessMethod + - AccessLocation + SubjectInformationAccess: + description: Array of X.509 AccessDescription. + type: array + items: + $ref: '#/components/schemas/AccessDescription' + CsrExtensions: + description: Structure that contains CSR pass though extensions information. + type: object + additionalProperties: false + properties: + KeyUsage: + $ref: '#/components/schemas/KeyUsage' + SubjectInformationAccess: + $ref: '#/components/schemas/SubjectInformationAccess' + CertificateAuthority: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the certificate authority. + $ref: '#/components/schemas/Arn' + Type: + description: The type of the certificate authority. + type: string + KeyAlgorithm: + description: Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. + type: string + SigningAlgorithm: + description: Algorithm your CA uses to sign certificate requests. + type: string + Subject: + description: Structure that contains X.500 distinguished name information for your CA. + $ref: '#/components/schemas/Subject' + RevocationConfiguration: + description: Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. + $ref: '#/components/schemas/RevocationConfiguration' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + CertificateSigningRequest: + description: The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate. + type: string + CsrExtensions: + description: Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action. + $ref: '#/components/schemas/CsrExtensions' + KeyStorageSecurityStandard: + description: KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys. + type: string + UsageMode: + description: Usage mode of the ceritificate authority. + type: string + required: + - Type + - KeyAlgorithm + - SigningAlgorithm + - Subject + x-stackql-resource-name: certificate_authority + description: Private certificate authority. + x-type-name: AWS::ACMPCA::CertificateAuthority + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Type + - KeyAlgorithm + - SigningAlgorithm + - Subject + - CsrExtensions + - KeyStorageSecurityStandard + - UsageMode + x-write-only-properties: + - Subject + - Subject + - CsrExtensions + - Tags + - RevocationConfiguration + - KeyStorageSecurityStandard + x-read-only-properties: + - Arn + - CertificateSigningRequest + x-required-properties: + - Type + - KeyAlgorithm + - SigningAlgorithm + - Subject + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - acm-pca:CreateCertificateAuthority + - acm-pca:DescribeCertificateAuthority + - acm-pca:GetCertificateAuthorityCsr + read: + - acm-pca:DescribeCertificateAuthority + - acm-pca:GetCertificateAuthorityCsr + - acm-pca:ListTags + update: + - acm-pca:ListTags + - acm-pca:TagCertificateAuthority + - acm-pca:UntagCertificateAuthority + - acm-pca:UpdateCertificateAuthority + delete: + - acm-pca:DeleteCertificateAuthority + - acm-pca:DescribeCertificateAuthority + list: + - acm-pca:DescribeCertificateAuthority + - acm-pca:GetCertificateAuthorityCsr + - acm-pca:ListCertificateAuthorities + - acm-pca:ListTags + CertificateAuthorityActivation: + type: object + properties: + CertificateAuthorityArn: + description: Arn of the Certificate Authority. + type: string + Certificate: + description: Certificate Authority certificate that will be installed in the Certificate Authority. + type: string + CertificateChain: + description: Certificate chain for the Certificate Authority certificate. + type: string + Status: + description: The status of the Certificate Authority. + type: string + CompleteCertificateChain: + description: The complete certificate chain, including the Certificate Authority certificate. + type: string + required: + - CertificateAuthorityArn + - Certificate + x-stackql-resource-name: certificate_authority_activation + description: Used to install the certificate authority certificate and update the certificate authority status. + x-type-name: AWS::ACMPCA::CertificateAuthorityActivation + x-stackql-primary-identifier: + - CertificateAuthorityArn + x-create-only-properties: + - CertificateAuthorityArn + x-write-only-properties: + - Certificate + - CertificateChain + x-read-only-properties: + - CompleteCertificateChain + x-required-properties: + - CertificateAuthorityArn + - Certificate + x-required-permissions: + create: + - acm-pca:ImportCertificateAuthorityCertificate + - acm-pca:UpdateCertificateAuthority + read: + - acm-pca:GetCertificateAuthorityCertificate + - acm-pca:DescribeCertificateAuthority + delete: + - acm-pca:UpdateCertificateAuthority + update: + - acm-pca:ImportCertificateAuthorityCertificate + - acm-pca:UpdateCertificateAuthority + Permission: + type: object + properties: + Actions: + description: The actions that the specified AWS service principal can use. Actions IssueCertificate, GetCertificate and ListPermissions must be provided. + type: array + x-insertionOrder: false + items: + type: string + CertificateAuthorityArn: + description: The Amazon Resource Name (ARN) of the Private Certificate Authority that grants the permission. + type: string + Principal: + description: The AWS service or identity that receives the permission. At this time, the only valid principal is acm.amazonaws.com. + type: string + SourceAccount: + description: The ID of the calling account. + type: string + required: + - Actions + - CertificateAuthorityArn + - Principal + x-stackql-resource-name: permission + description: Permission set on private certificate authority + x-type-name: AWS::ACMPCA::Permission + x-stackql-primary-identifier: + - CertificateAuthorityArn + - Principal + x-create-only-properties: + - Actions + - CertificateAuthorityArn + - Principal + - SourceAccount + x-required-properties: + - Actions + - CertificateAuthorityArn + - Principal + x-required-permissions: + create: + - acm-pca:CreatePermission + - acm-pca:ListPermissions + read: + - acm-pca:ListPermissions + delete: + - acm-pca:DeletePermission + x-stackQL-resources: + certificate: + name: certificate + id: aws.acmpca.certificate + x-cfn-schema-name: Certificate + x-type: get + x-identifiers: + - Arn + - CertificateAuthorityArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApiPassthrough') as api_passthrough, + JSON_EXTRACT(Properties, '$.CertificateAuthorityArn') as certificate_authority_arn, + JSON_EXTRACT(Properties, '$.CertificateSigningRequest') as certificate_signing_request, + JSON_EXTRACT(Properties, '$.SigningAlgorithm') as signing_algorithm, + JSON_EXTRACT(Properties, '$.TemplateArn') as template_arn, + JSON_EXTRACT(Properties, '$.Validity') as validity, + JSON_EXTRACT(Properties, '$.ValidityNotBefore') as validity_not_before, + JSON_EXTRACT(Properties, '$.Certificate') as certificate, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ACMPCA::Certificate' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApiPassthrough') as api_passthrough, + json_extract_path_text(Properties, 'CertificateAuthorityArn') as certificate_authority_arn, + json_extract_path_text(Properties, 'CertificateSigningRequest') as certificate_signing_request, + json_extract_path_text(Properties, 'SigningAlgorithm') as signing_algorithm, + json_extract_path_text(Properties, 'TemplateArn') as template_arn, + json_extract_path_text(Properties, 'Validity') as validity, + json_extract_path_text(Properties, 'ValidityNotBefore') as validity_not_before, + json_extract_path_text(Properties, 'Certificate') as certificate, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ACMPCA::Certificate' + AND data__Identifier = '|' + AND region = 'us-east-1' + certificate_authorities: + name: certificate_authorities + id: aws.acmpca.certificate_authorities + x-cfn-schema-name: CertificateAuthority + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ACMPCA::CertificateAuthority' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ACMPCA::CertificateAuthority' + AND region = 'us-east-1' + certificate_authority: + name: certificate_authority + id: aws.acmpca.certificate_authority + x-cfn-schema-name: CertificateAuthority + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.KeyAlgorithm') as key_algorithm, + JSON_EXTRACT(Properties, '$.SigningAlgorithm') as signing_algorithm, + JSON_EXTRACT(Properties, '$.Subject') as subject, + JSON_EXTRACT(Properties, '$.RevocationConfiguration') as revocation_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CertificateSigningRequest') as certificate_signing_request, + JSON_EXTRACT(Properties, '$.CsrExtensions') as csr_extensions, + JSON_EXTRACT(Properties, '$.KeyStorageSecurityStandard') as key_storage_security_standard, + JSON_EXTRACT(Properties, '$.UsageMode') as usage_mode + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ACMPCA::CertificateAuthority' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'KeyAlgorithm') as key_algorithm, + json_extract_path_text(Properties, 'SigningAlgorithm') as signing_algorithm, + json_extract_path_text(Properties, 'Subject') as subject, + json_extract_path_text(Properties, 'RevocationConfiguration') as revocation_configuration, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CertificateSigningRequest') as certificate_signing_request, + json_extract_path_text(Properties, 'CsrExtensions') as csr_extensions, + json_extract_path_text(Properties, 'KeyStorageSecurityStandard') as key_storage_security_standard, + json_extract_path_text(Properties, 'UsageMode') as usage_mode + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ACMPCA::CertificateAuthority' + AND data__Identifier = '' + AND region = 'us-east-1' + certificate_authority_activation: + name: certificate_authority_activation + id: aws.acmpca.certificate_authority_activation + x-cfn-schema-name: CertificateAuthorityActivation + x-type: get + x-identifiers: + - CertificateAuthorityArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CertificateAuthorityArn') as certificate_authority_arn, + JSON_EXTRACT(Properties, '$.Certificate') as certificate, + JSON_EXTRACT(Properties, '$.CertificateChain') as certificate_chain, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.CompleteCertificateChain') as complete_certificate_chain + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ACMPCA::CertificateAuthorityActivation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CertificateAuthorityArn') as certificate_authority_arn, + json_extract_path_text(Properties, 'Certificate') as certificate, + json_extract_path_text(Properties, 'CertificateChain') as certificate_chain, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'CompleteCertificateChain') as complete_certificate_chain + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ACMPCA::CertificateAuthorityActivation' + AND data__Identifier = '' + AND region = 'us-east-1' + permission: + name: permission + id: aws.acmpca.permission + x-cfn-schema-name: Permission + x-type: get + x-identifiers: + - CertificateAuthorityArn + - Principal + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Actions') as actions, + JSON_EXTRACT(Properties, '$.CertificateAuthorityArn') as certificate_authority_arn, + JSON_EXTRACT(Properties, '$.Principal') as principal, + JSON_EXTRACT(Properties, '$.SourceAccount') as source_account + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ACMPCA::Permission' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Actions') as actions, + json_extract_path_text(Properties, 'CertificateAuthorityArn') as certificate_authority_arn, + json_extract_path_text(Properties, 'Principal') as principal, + json_extract_path_text(Properties, 'SourceAccount') as source_account + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ACMPCA::Permission' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/amplify.yaml b/providers/src/aws/v00.00.00000/services/amplify.yaml new file mode 100644 index 00000000..63697063 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/amplify.yaml @@ -0,0 +1,812 @@ +openapi: 3.0.0 +info: + title: Amplify + version: 1.0.0 +paths: {} +components: + schemas: + AutoBranchCreationConfig: + type: object + additionalProperties: false + properties: + AutoBranchCreationPatterns: + type: array + uniqueItems: false + items: + type: string + minLength: 1 + maxLength: 2048 + BasicAuthConfig: + $ref: '#/components/schemas/BasicAuthConfig' + BuildSpec: + type: string + minLength: 1 + maxLength: 25000 + EnableAutoBranchCreation: + type: boolean + EnableAutoBuild: + type: boolean + EnablePerformanceMode: + type: boolean + EnablePullRequestPreview: + type: boolean + EnvironmentVariables: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/EnvironmentVariable' + Framework: + type: string + maxLength: 255 + pattern: (?s).* + PullRequestEnvironmentName: + type: string + maxLength: 20 + pattern: (?s).* + Stage: + type: string + enum: + - EXPERIMENTAL + - BETA + - PULL_REQUEST + - PRODUCTION + - DEVELOPMENT + BasicAuthConfig: + type: object + additionalProperties: false + properties: + EnableBasicAuth: + type: boolean + Username: + type: string + minLength: 1 + maxLength: 255 + Password: + type: string + minLength: 1 + maxLength: 255 + required: + - Username + - Password + CustomRule: + type: object + additionalProperties: false + properties: + Condition: + type: string + minLength: 0 + maxLength: 2048 + pattern: (?s).* + Status: + type: string + minLength: 3 + maxLength: 7 + pattern: .{3,7} + Target: + type: string + minLength: 1 + maxLength: 2048 + pattern: (?s).+ + Source: + type: string + minLength: 1 + maxLength: 2048 + pattern: (?s).+ + required: + - Target + - Source + EnvironmentVariable: + type: object + additionalProperties: false + properties: + Name: + type: string + maxLength: 255 + pattern: (?s).* + Value: + type: string + maxLength: 5500 + pattern: (?s).* + required: + - Name + - Value + Tag: + type: object + additionalProperties: false + x-insertionOrder: false + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + Value: + type: string + minLength: 0 + maxLength: 256 + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ + required: + - Key + - Value + App: + type: object + properties: + AccessToken: + type: string + minLength: 1 + maxLength: 255 + AppId: + type: string + minLength: 1 + maxLength: 20 + pattern: d[a-z0-9]+ + AppName: + type: string + minLength: 1 + maxLength: 255 + pattern: (?s).+ + Arn: + type: string + maxLength: 1000 + pattern: (?s).* + AutoBranchCreationConfig: + $ref: '#/components/schemas/AutoBranchCreationConfig' + BasicAuthConfig: + $ref: '#/components/schemas/BasicAuthConfig' + BuildSpec: + type: string + minLength: 1 + maxLength: 25000 + pattern: (?s).+ + CustomHeaders: + type: string + minLength: 0 + maxLength: 25000 + pattern: (?s).* + CustomRules: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/CustomRule' + DefaultDomain: + type: string + minLength: 0 + maxLength: 1000 + Description: + type: string + maxLength: 1000 + pattern: (?s).* + EnableBranchAutoDeletion: + type: boolean + EnvironmentVariables: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/EnvironmentVariable' + IAMServiceRole: + type: string + minLength: 1 + maxLength: 1000 + pattern: (?s).* + Name: + type: string + minLength: 1 + maxLength: 255 + pattern: (?s).+ + OauthToken: + type: string + maxLength: 1000 + pattern: (?s).* + Platform: + type: string + enum: + - WEB + - WEB_DYNAMIC + - WEB_COMPUTE + Repository: + type: string + pattern: (?s).* + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + x-stackql-resource-name: app + description: The AWS::Amplify::App resource creates Apps in the Amplify Console. An App is a collection of branches. + x-type-name: AWS::Amplify::App + x-stackql-primary-identifier: + - Arn + x-write-only-properties: + - AccessToken + - BasicAuthConfig + - OauthToken + - AutoBranchCreationConfig + x-read-only-properties: + - AppId + - AppName + - Arn + - DefaultDomain + x-required-properties: + - Name + x-required-permissions: + create: + - amplify:GetApp + - amplify:CreateApp + - amplify:TagResource + - codecommit:GetRepository + - codecommit:PutRepositoryTriggers + - codecommit:GetRepositoryTriggers + - sns:CreateTopic + - sns:Subscribe + - iam:PassRole + delete: + - amplify:GetApp + - amplify:DeleteApp + - codecommit:GetRepository + - codecommit:GetRepositoryTriggers + - codecommit:PutRepositoryTriggers + - sns:Unsubscribe + - iam:PassRole + list: + - amplify:GetApp + - amplify:ListApps + - amplify:ListTagsForResource + - iam:PassRole + read: + - amplify:GetApp + - amplify:ListTagsForResource + - codecommit:GetRepository + - codecommit:GetRepositoryTriggers + - iam:PassRole + update: + - amplify:GetApp + - amplify:UpdateApp + - amplify:ListTagsForResource + - amplify:TagResource + - amplify:UntagResource + - codecommit:GetRepository + - codecommit:PutRepositoryTriggers + - codecommit:GetRepositoryTriggers + - sns:CreateTopic + - sns:Subscribe + - sns:Unsubscribe + - iam:PassRole + Backend: + type: object + additionalProperties: false + properties: + StackArn: + type: string + minLength: 20 + maxLength: 2048 + Branch: + type: object + properties: + AppId: + type: string + minLength: 1 + maxLength: 20 + pattern: d[a-z0-9]+ + Arn: + type: string + maxLength: 1000 + pattern: (?s).* + BasicAuthConfig: + $ref: '#/components/schemas/BasicAuthConfig' + Backend: + $ref: '#/components/schemas/Backend' + BranchName: + type: string + minLength: 1 + maxLength: 255 + pattern: (?s).+ + BuildSpec: + type: string + minLength: 1 + maxLength: 25000 + pattern: (?s).+ + Description: + type: string + maxLength: 1000 + pattern: (?s).* + EnableAutoBuild: + type: boolean + EnablePerformanceMode: + type: boolean + EnablePullRequestPreview: + type: boolean + EnvironmentVariables: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/EnvironmentVariable' + Framework: + type: string + maxLength: 255 + pattern: (?s).* + PullRequestEnvironmentName: + type: string + maxLength: 20 + pattern: (?s).* + Stage: + type: string + enum: + - EXPERIMENTAL + - BETA + - PULL_REQUEST + - PRODUCTION + - DEVELOPMENT + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + required: + - AppId + - BranchName + x-stackql-resource-name: branch + description: The AWS::Amplify::Branch resource creates a new branch within an app. + x-type-name: AWS::Amplify::Branch + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - AppId + - BranchName + x-write-only-properties: + - BasicAuthConfig + x-read-only-properties: + - Arn + x-required-properties: + - AppId + - BranchName + x-required-permissions: + create: + - amplify:GetBranch + - amplify:CreateBranch + - amplify:TagResource + - codecommit:GetRepository + - codecommit:PutRepositoryTriggers + - codecommit:GetRepositoryTriggers + - s3:GetObject + - s3:GetObjectAcl + - s3:PutObject + - s3:PutObjectAcl + - sns:CreateTopic + - sns:Subscribe + - iam:PassRole + delete: + - amplify:GetBranch + - amplify:DeleteBranch + - codecommit:GetRepository + - codecommit:GetRepositoryTriggers + - sns:Unsubscribe + - iam:PassRole + list: + - amplify:GetBranch + - amplify:ListBranches + - amplify:ListTagsForResource + - iam:PassRole + read: + - amplify:GetBranch + - amplify:ListTagsForResource + - codecommit:GetRepository + - codecommit:GetRepositoryTriggers + - s3:GetObject + - s3:GetObjectAcl + - iam:PassRole + update: + - amplify:GetBranch + - amplify:UpdateBranch + - amplify:ListTagsForResource + - amplify:TagResource + - amplify:UntagResource + - codecommit:GetRepository + - codecommit:PutRepositoryTriggers + - codecommit:GetRepositoryTriggers + - s3:GetObject + - s3:GetObjectAcl + - s3:PutObject + - s3:PutObjectAcl + - sns:CreateTopic + - sns:Subscribe + - sns:Unsubscribe + - iam:PassRole + CertificateSettings: + type: object + additionalProperties: false + properties: + CertificateType: + type: string + enum: + - AMPLIFY_MANAGED + - CUSTOM + CustomCertificateArn: + type: string + pattern: ^arn:aws:acm:[a-z0-9-]+:\d{12}:certificate\/.+$ + Certificate: + type: object + additionalProperties: false + properties: + CertificateType: + type: string + enum: + - AMPLIFY_MANAGED + - CUSTOM + CertificateArn: + type: string + pattern: '"^arn:aws:acm:[a-z0-9-]+:\d{12}:certificate\/.+$"' + CertificateVerificationDNSRecord: + type: string + maxLength: 1000 + SubDomainSetting: + type: object + additionalProperties: false + properties: + Prefix: + type: string + maxLength: 255 + pattern: (?s).* + BranchName: + type: string + minLength: 1 + maxLength: 255 + pattern: (?s).+ + required: + - Prefix + - BranchName + Domain: + type: object + properties: + AppId: + type: string + minLength: 1 + maxLength: 20 + pattern: d[a-z0-9]+ + Arn: + type: string + maxLength: 1000 + pattern: (?s).* + AutoSubDomainCreationPatterns: + type: array + uniqueItems: false + items: + type: string + minLength: 1 + maxLength: 2048 + pattern: (?s).+ + AutoSubDomainIAMRole: + type: string + pattern: ^$|^arn:.+:iam::\d{12}:role.+ + maxLength: 1000 + CertificateRecord: + type: string + maxLength: 1000 + Certificate: + $ref: '#/components/schemas/Certificate' + CertificateSettings: + $ref: '#/components/schemas/CertificateSettings' + DomainName: + type: string + pattern: ^(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])(\.)?$ + maxLength: 255 + DomainStatus: + type: string + UpdateStatus: + type: string + EnableAutoSubDomain: + type: boolean + StatusReason: + type: string + maxLength: 1000 + SubDomainSettings: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/SubDomainSetting' + maxItems: 255 + required: + - AppId + - DomainName + - SubDomainSettings + x-stackql-resource-name: domain + description: The AWS::Amplify::Domain resource allows you to connect a custom domain to your app. + x-type-name: AWS::Amplify::Domain + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - AppId + - DomainName + x-write-only-properties: + - CertificateSettings + x-read-only-properties: + - Arn + - DomainStatus + - StatusReason + - CertificateRecord + - Certificate + - UpdateStatus + x-required-properties: + - AppId + - DomainName + - SubDomainSettings + x-required-permissions: + create: + - amplify:CreateDomainAssociation + - route53:ListHostedZones + - route53:ChangeResourceRecordSets + - iam:PassRole + - amplify:TagResource + delete: + - amplify:DeleteDomainAssociation + - iam:PassRole + - amplify:DeleteDomainAssociation + list: + - amplify:ListDomainAssociations + - iam:PassRole + - amplify:ListTagsForResource + read: + - amplify:GetDomainAssociation + - route53:ListHostedZones + - iam:PassRole + - amplify:ListTagsForResource + update: + - amplify:UpdateDomainAssociation + - route53:ListHostedZones + - route53:ChangeResourceRecordSets + - iam:PassRole + - amplify:ListTagsForResource + - amplify:TagResource + - amplify:UntagResource + x-stackQL-resources: + apps: + name: apps + id: aws.amplify.apps + x-cfn-schema-name: App + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Amplify::App' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Amplify::App' + AND region = 'us-east-1' + app: + name: app + id: aws.amplify.app + x-cfn-schema-name: App + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccessToken') as access_token, + JSON_EXTRACT(Properties, '$.AppId') as app_id, + JSON_EXTRACT(Properties, '$.AppName') as app_name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AutoBranchCreationConfig') as auto_branch_creation_config, + JSON_EXTRACT(Properties, '$.BasicAuthConfig') as basic_auth_config, + JSON_EXTRACT(Properties, '$.BuildSpec') as build_spec, + JSON_EXTRACT(Properties, '$.CustomHeaders') as custom_headers, + JSON_EXTRACT(Properties, '$.CustomRules') as custom_rules, + JSON_EXTRACT(Properties, '$.DefaultDomain') as default_domain, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EnableBranchAutoDeletion') as enable_branch_auto_deletion, + JSON_EXTRACT(Properties, '$.EnvironmentVariables') as environment_variables, + JSON_EXTRACT(Properties, '$.IAMServiceRole') as iam_service_role, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.OauthToken') as oauth_token, + JSON_EXTRACT(Properties, '$.Platform') as platform, + JSON_EXTRACT(Properties, '$.Repository') as repository, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Amplify::App' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccessToken') as access_token, + json_extract_path_text(Properties, 'AppId') as app_id, + json_extract_path_text(Properties, 'AppName') as app_name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AutoBranchCreationConfig') as auto_branch_creation_config, + json_extract_path_text(Properties, 'BasicAuthConfig') as basic_auth_config, + json_extract_path_text(Properties, 'BuildSpec') as build_spec, + json_extract_path_text(Properties, 'CustomHeaders') as custom_headers, + json_extract_path_text(Properties, 'CustomRules') as custom_rules, + json_extract_path_text(Properties, 'DefaultDomain') as default_domain, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EnableBranchAutoDeletion') as enable_branch_auto_deletion, + json_extract_path_text(Properties, 'EnvironmentVariables') as environment_variables, + json_extract_path_text(Properties, 'IAMServiceRole') as iam_service_role, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'OauthToken') as oauth_token, + json_extract_path_text(Properties, 'Platform') as platform, + json_extract_path_text(Properties, 'Repository') as repository, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Amplify::App' + AND data__Identifier = '' + AND region = 'us-east-1' + branches: + name: branches + id: aws.amplify.branches + x-cfn-schema-name: Branch + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Amplify::Branch' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Amplify::Branch' + AND region = 'us-east-1' + branch: + name: branch + id: aws.amplify.branch + x-cfn-schema-name: Branch + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AppId') as app_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.BasicAuthConfig') as basic_auth_config, + JSON_EXTRACT(Properties, '$.Backend') as backend, + JSON_EXTRACT(Properties, '$.BranchName') as branch_name, + JSON_EXTRACT(Properties, '$.BuildSpec') as build_spec, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EnableAutoBuild') as enable_auto_build, + JSON_EXTRACT(Properties, '$.EnablePerformanceMode') as enable_performance_mode, + JSON_EXTRACT(Properties, '$.EnablePullRequestPreview') as enable_pull_request_preview, + JSON_EXTRACT(Properties, '$.EnvironmentVariables') as environment_variables, + JSON_EXTRACT(Properties, '$.Framework') as framework, + JSON_EXTRACT(Properties, '$.PullRequestEnvironmentName') as pull_request_environment_name, + JSON_EXTRACT(Properties, '$.Stage') as stage, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Amplify::Branch' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AppId') as app_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'BasicAuthConfig') as basic_auth_config, + json_extract_path_text(Properties, 'Backend') as backend, + json_extract_path_text(Properties, 'BranchName') as branch_name, + json_extract_path_text(Properties, 'BuildSpec') as build_spec, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EnableAutoBuild') as enable_auto_build, + json_extract_path_text(Properties, 'EnablePerformanceMode') as enable_performance_mode, + json_extract_path_text(Properties, 'EnablePullRequestPreview') as enable_pull_request_preview, + json_extract_path_text(Properties, 'EnvironmentVariables') as environment_variables, + json_extract_path_text(Properties, 'Framework') as framework, + json_extract_path_text(Properties, 'PullRequestEnvironmentName') as pull_request_environment_name, + json_extract_path_text(Properties, 'Stage') as stage, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Amplify::Branch' + AND data__Identifier = '' + AND region = 'us-east-1' + domains: + name: domains + id: aws.amplify.domains + x-cfn-schema-name: Domain + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Amplify::Domain' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Amplify::Domain' + AND region = 'us-east-1' + domain: + name: domain + id: aws.amplify.domain + x-cfn-schema-name: Domain + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AppId') as app_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AutoSubDomainCreationPatterns') as auto_sub_domain_creation_patterns, + JSON_EXTRACT(Properties, '$.AutoSubDomainIAMRole') as auto_sub_domain_iam_role, + JSON_EXTRACT(Properties, '$.CertificateRecord') as certificate_record, + JSON_EXTRACT(Properties, '$.Certificate') as certificate, + JSON_EXTRACT(Properties, '$.CertificateSettings') as certificate_settings, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.DomainStatus') as domain_status, + JSON_EXTRACT(Properties, '$.UpdateStatus') as update_status, + JSON_EXTRACT(Properties, '$.EnableAutoSubDomain') as enable_auto_sub_domain, + JSON_EXTRACT(Properties, '$.StatusReason') as status_reason, + JSON_EXTRACT(Properties, '$.SubDomainSettings') as sub_domain_settings + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Amplify::Domain' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AppId') as app_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AutoSubDomainCreationPatterns') as auto_sub_domain_creation_patterns, + json_extract_path_text(Properties, 'AutoSubDomainIAMRole') as auto_sub_domain_iam_role, + json_extract_path_text(Properties, 'CertificateRecord') as certificate_record, + json_extract_path_text(Properties, 'Certificate') as certificate, + json_extract_path_text(Properties, 'CertificateSettings') as certificate_settings, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'DomainStatus') as domain_status, + json_extract_path_text(Properties, 'UpdateStatus') as update_status, + json_extract_path_text(Properties, 'EnableAutoSubDomain') as enable_auto_sub_domain, + json_extract_path_text(Properties, 'StatusReason') as status_reason, + json_extract_path_text(Properties, 'SubDomainSettings') as sub_domain_settings + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Amplify::Domain' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/amplifyuibuilder.yaml b/providers/src/aws/v00.00.00000/services/amplifyuibuilder.yaml new file mode 100644 index 00000000..a45cb0cd --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/amplifyuibuilder.yaml @@ -0,0 +1,1119 @@ +openapi: 3.0.0 +info: + title: AmplifyUIBuilder + version: 1.0.0 +paths: {} +components: + schemas: + ActionParameters: + type: object + properties: + Type: + $ref: '#/components/schemas/ComponentProperty' + Url: + $ref: '#/components/schemas/ComponentProperty' + Anchor: + $ref: '#/components/schemas/ComponentProperty' + Target: + $ref: '#/components/schemas/ComponentProperty' + Global: + $ref: '#/components/schemas/ComponentProperty' + Model: + type: string + Id: + $ref: '#/components/schemas/ComponentProperty' + Fields: + $ref: '#/components/schemas/ComponentProperties' + State: + $ref: '#/components/schemas/MutationActionSetStateParameter' + additionalProperties: false + ComponentBindingProperties: + type: object + x-patternProperties: + .+: + $ref: '#/components/schemas/ComponentBindingPropertiesValue' + additionalProperties: false + ComponentBindingPropertiesValue: + type: object + properties: + Type: + type: string + BindingProperties: + $ref: '#/components/schemas/ComponentBindingPropertiesValueProperties' + DefaultValue: + type: string + additionalProperties: false + ComponentBindingPropertiesValueProperties: + type: object + properties: + Model: + type: string + Field: + type: string + Predicates: + type: array + items: + $ref: '#/components/schemas/Predicate' + UserAttribute: + type: string + Bucket: + type: string + Key: + type: string + DefaultValue: + type: string + SlotName: + type: string + additionalProperties: false + ComponentChild: + type: object + properties: + ComponentType: + type: string + Name: + type: string + Properties: + $ref: '#/components/schemas/ComponentProperties' + Children: + type: array + items: + $ref: '#/components/schemas/ComponentChild' + Events: + $ref: '#/components/schemas/ComponentEvents' + SourceId: + type: string + required: + - ComponentType + - Name + - Properties + additionalProperties: false + ComponentCollectionProperties: + type: object + x-patternProperties: + .+: + $ref: '#/components/schemas/ComponentDataConfiguration' + additionalProperties: false + ComponentConditionProperty: + type: object + properties: + Property: + type: string + Field: + type: string + Operator: + type: string + Operand: + type: string + Then: + $ref: '#/components/schemas/ComponentProperty' + Else: + $ref: '#/components/schemas/ComponentProperty' + OperandType: + type: string + additionalProperties: false + ComponentDataConfiguration: + type: object + properties: + Model: + type: string + Sort: + type: array + items: + $ref: '#/components/schemas/SortProperty' + Predicate: + $ref: '#/components/schemas/Predicate' + Identifiers: + type: array + items: + type: string + required: + - Model + additionalProperties: false + ComponentEvent: + type: object + properties: + Action: + type: string + Parameters: + $ref: '#/components/schemas/ActionParameters' + BindingEvent: + type: string + additionalProperties: false + ComponentEvents: + type: object + x-patternProperties: + .+: + $ref: '#/components/schemas/ComponentEvent' + additionalProperties: false + ComponentOverrides: + type: object + x-patternProperties: + .+: + $ref: '#/components/schemas/ComponentOverridesValue' + additionalProperties: false + ComponentOverridesValue: + type: object + x-patternProperties: + .+: + type: string + additionalProperties: false + ComponentProperties: + type: object + x-patternProperties: + .+: + $ref: '#/components/schemas/ComponentProperty' + additionalProperties: false + ComponentProperty: + type: object + properties: + Value: + type: string + BindingProperties: + $ref: '#/components/schemas/ComponentPropertyBindingProperties' + CollectionBindingProperties: + $ref: '#/components/schemas/ComponentPropertyBindingProperties' + DefaultValue: + type: string + Model: + type: string + Bindings: + $ref: '#/components/schemas/FormBindings' + Event: + type: string + UserAttribute: + type: string + Concat: + type: array + items: + $ref: '#/components/schemas/ComponentProperty' + Condition: + $ref: '#/components/schemas/ComponentConditionProperty' + Configured: + type: boolean + Type: + type: string + ImportedValue: + type: string + ComponentName: + type: string + Property: + type: string + additionalProperties: false + ComponentPropertyBindingProperties: + type: object + properties: + Property: + type: string + Field: + type: string + required: + - Property + additionalProperties: false + ComponentVariant: + type: object + properties: + VariantValues: + $ref: '#/components/schemas/ComponentVariantValues' + Overrides: + $ref: '#/components/schemas/ComponentOverrides' + additionalProperties: false + ComponentVariantValues: + type: object + x-patternProperties: + .+: + type: string + additionalProperties: false + FormBindingElement: + type: object + properties: + Element: + type: string + Property: + type: string + required: + - Element + - Property + additionalProperties: false + FormBindings: + type: object + x-patternProperties: + .+: + $ref: '#/components/schemas/FormBindingElement' + additionalProperties: false + MutationActionSetStateParameter: + type: object + properties: + ComponentName: + type: string + Property: + type: string + Set: + $ref: '#/components/schemas/ComponentProperty' + required: + - ComponentName + - Property + - Set + additionalProperties: false + Predicate: + type: object + properties: + Or: + type: array + items: + $ref: '#/components/schemas/Predicate' + And: + type: array + items: + $ref: '#/components/schemas/Predicate' + Field: + type: string + Operator: + type: string + Operand: + type: string + OperandType: + type: string + pattern: ^boolean|string|number$ + additionalProperties: false + SortDirection: + type: string + enum: + - ASC + - DESC + SortProperty: + type: object + properties: + Field: + type: string + Direction: + $ref: '#/components/schemas/SortDirection' + required: + - Direction + - Field + additionalProperties: false + Tags: + type: object + x-patternProperties: + ^(?!aws:)[a-zA-Z+-=._:/]+$: + type: string + maxLength: 256 + minLength: 1 + additionalProperties: false + Component: + type: object + properties: + AppId: + type: string + BindingProperties: + $ref: '#/components/schemas/ComponentBindingProperties' + Children: + type: array + items: + $ref: '#/components/schemas/ComponentChild' + CollectionProperties: + $ref: '#/components/schemas/ComponentCollectionProperties' + ComponentType: + type: string + maxLength: 255 + minLength: 1 + CreatedAt: + type: string + format: date-time + EnvironmentName: + type: string + Events: + $ref: '#/components/schemas/ComponentEvents' + Id: + type: string + ModifiedAt: + type: string + format: date-time + Name: + type: string + maxLength: 255 + minLength: 1 + Overrides: + $ref: '#/components/schemas/ComponentOverrides' + Properties: + $ref: '#/components/schemas/ComponentProperties' + SchemaVersion: + type: string + SourceId: + type: string + Tags: + $ref: '#/components/schemas/Tags' + Variants: + type: array + items: + $ref: '#/components/schemas/ComponentVariant' + x-stackql-resource-name: component + description: Definition of AWS::AmplifyUIBuilder::Component Resource Type + x-type-name: AWS::AmplifyUIBuilder::Component + x-stackql-primary-identifier: + - AppId + - EnvironmentName + - Id + x-create-only-properties: + - AppId + - EnvironmentName + x-read-only-properties: + - CreatedAt + - Id + - ModifiedAt + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - amplify:GetApp + - amplifyuibuilder:CreateComponent + - amplifyuibuilder:GetComponent + - amplifyuibuilder:TagResource + read: + - amplify:GetApp + - amplifyuibuilder:GetComponent + update: + - amplify:GetApp + - amplifyuibuilder:GetComponent + - amplifyuibuilder:TagResource + - amplifyuibuilder:UntagResource + - amplifyuibuilder:UpdateComponent + delete: + - amplify:GetApp + - amplifyuibuilder:DeleteComponent + - amplifyuibuilder:GetComponent + - amplifyuibuilder:UntagResource + list: + - amplify:GetApp + - amplifyuibuilder:ListComponents + FieldConfig: + type: object + properties: + Label: + type: string + Position: + $ref: '#/components/schemas/FieldPosition' + Excluded: + type: boolean + InputType: + $ref: '#/components/schemas/FieldInputConfig' + Validations: + type: array + items: + $ref: '#/components/schemas/FieldValidationConfiguration' + additionalProperties: false + FieldInputConfig: + type: object + properties: + Type: + type: string + Required: + type: boolean + ReadOnly: + type: boolean + Placeholder: + type: string + DefaultValue: + type: string + DescriptiveText: + type: string + DefaultChecked: + type: boolean + DefaultCountryCode: + type: string + ValueMappings: + $ref: '#/components/schemas/ValueMappings' + Name: + type: string + MinValue: + type: number + MaxValue: + type: number + Step: + type: number + Value: + type: string + IsArray: + type: boolean + FileUploaderConfig: + $ref: '#/components/schemas/FileUploaderFieldConfig' + required: + - Type + additionalProperties: false + FieldPosition: + oneOf: + - type: object + title: Fixed + properties: + Fixed: + $ref: '#/components/schemas/FixedPosition' + required: + - Fixed + additionalProperties: false + - type: object + title: RightOf + properties: + RightOf: + type: string + required: + - RightOf + additionalProperties: false + - type: object + title: Below + properties: + Below: + type: string + required: + - Below + additionalProperties: false + FieldValidationConfiguration: + type: object + properties: + Type: + type: string + StrValues: + type: array + items: + type: string + NumValues: + type: array + items: + type: number + ValidationMessage: + type: string + required: + - Type + additionalProperties: false + FieldsMap: + type: object + x-patternProperties: + .+: + $ref: '#/components/schemas/FieldConfig' + additionalProperties: false + FileUploaderFieldConfig: + type: object + properties: + AccessLevel: + $ref: '#/components/schemas/StorageAccessLevel' + AcceptedFileTypes: + type: array + items: + type: string + ShowThumbnails: + type: boolean + IsResumable: + type: boolean + MaxFileCount: + type: number + MaxSize: + type: number + required: + - AcceptedFileTypes + - AccessLevel + additionalProperties: false + FixedPosition: + type: string + enum: + - first + FormActionType: + type: string + enum: + - create + - update + FormButton: + type: object + properties: + Excluded: + type: boolean + Children: + type: string + Position: + $ref: '#/components/schemas/FieldPosition' + additionalProperties: false + FormButtonsPosition: + type: string + enum: + - top + - bottom + - top_and_bottom + FormCTA: + type: object + properties: + Position: + $ref: '#/components/schemas/FormButtonsPosition' + Clear: + $ref: '#/components/schemas/FormButton' + Cancel: + $ref: '#/components/schemas/FormButton' + Submit: + $ref: '#/components/schemas/FormButton' + additionalProperties: false + FormDataSourceType: + type: string + enum: + - DataStore + - Custom + FormDataTypeConfig: + type: object + properties: + DataSourceType: + $ref: '#/components/schemas/FormDataSourceType' + DataTypeName: + type: string + required: + - DataSourceType + - DataTypeName + additionalProperties: false + FormInputBindingProperties: + type: object + x-patternProperties: + .+: + $ref: '#/components/schemas/FormInputBindingPropertiesValue' + additionalProperties: false + FormInputBindingPropertiesValue: + type: object + properties: + Type: + type: string + BindingProperties: + $ref: '#/components/schemas/FormInputBindingPropertiesValueProperties' + additionalProperties: false + FormInputBindingPropertiesValueProperties: + type: object + properties: + Model: + type: string + additionalProperties: false + FormInputValueProperty: + type: object + properties: + Value: + type: string + BindingProperties: + $ref: '#/components/schemas/FormInputValuePropertyBindingProperties' + Concat: + type: array + items: + $ref: '#/components/schemas/FormInputValueProperty' + additionalProperties: false + FormInputValuePropertyBindingProperties: + type: object + properties: + Property: + type: string + Field: + type: string + required: + - Property + additionalProperties: false + FormStyle: + type: object + properties: + HorizontalGap: + $ref: '#/components/schemas/FormStyleConfig' + VerticalGap: + $ref: '#/components/schemas/FormStyleConfig' + OuterPadding: + $ref: '#/components/schemas/FormStyleConfig' + additionalProperties: false + FormStyleConfig: + oneOf: + - type: object + title: TokenReference + properties: + TokenReference: + type: string + required: + - TokenReference + additionalProperties: false + - type: object + title: Value + properties: + Value: + type: string + required: + - Value + additionalProperties: false + LabelDecorator: + type: string + enum: + - required + - optional + - none + SectionalElement: + type: object + properties: + Type: + type: string + Position: + $ref: '#/components/schemas/FieldPosition' + Text: + type: string + Level: + type: number + Orientation: + type: string + Excluded: + type: boolean + required: + - Type + additionalProperties: false + SectionalElementMap: + type: object + x-patternProperties: + .+: + $ref: '#/components/schemas/SectionalElement' + additionalProperties: false + StorageAccessLevel: + type: string + enum: + - public + - protected + - private + ValueMapping: + type: object + properties: + DisplayValue: + $ref: '#/components/schemas/FormInputValueProperty' + Value: + $ref: '#/components/schemas/FormInputValueProperty' + required: + - Value + additionalProperties: false + ValueMappings: + type: object + properties: + Values: + type: array + items: + $ref: '#/components/schemas/ValueMapping' + BindingProperties: + $ref: '#/components/schemas/FormInputBindingProperties' + required: + - Values + additionalProperties: false + Form: + type: object + properties: + AppId: + type: string + Cta: + $ref: '#/components/schemas/FormCTA' + DataType: + $ref: '#/components/schemas/FormDataTypeConfig' + EnvironmentName: + type: string + Fields: + $ref: '#/components/schemas/FieldsMap' + FormActionType: + $ref: '#/components/schemas/FormActionType' + Id: + type: string + LabelDecorator: + $ref: '#/components/schemas/LabelDecorator' + Name: + type: string + maxLength: 255 + minLength: 1 + SchemaVersion: + type: string + SectionalElements: + $ref: '#/components/schemas/SectionalElementMap' + Style: + $ref: '#/components/schemas/FormStyle' + Tags: + $ref: '#/components/schemas/Tags' + x-stackql-resource-name: form + description: Definition of AWS::AmplifyUIBuilder::Form Resource Type + x-type-name: AWS::AmplifyUIBuilder::Form + x-stackql-primary-identifier: + - AppId + - EnvironmentName + - Id + x-create-only-properties: + - AppId + - EnvironmentName + x-read-only-properties: + - Id + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - amplify:GetApp + - amplifyuibuilder:CreateForm + - amplifyuibuilder:GetForm + - amplifyuibuilder:TagResource + - amplifyuibuilder:UntagResource + read: + - amplify:GetApp + - amplifyuibuilder:GetForm + - amplifyuibuilder:TagResource + update: + - amplify:GetApp + - amplifyuibuilder:GetForm + - amplifyuibuilder:TagResource + - amplifyuibuilder:UntagResource + - amplifyuibuilder:UpdateForm + delete: + - amplify:GetApp + - amplifyuibuilder:DeleteForm + - amplifyuibuilder:TagResource + - amplifyuibuilder:UntagResource + list: + - amplify:GetApp + - amplifyuibuilder:ListForms + ThemeValue: + type: object + properties: + Value: + type: string + Children: + type: array + items: + $ref: '#/components/schemas/ThemeValues' + additionalProperties: false + ThemeValues: + type: object + properties: + Key: + type: string + Value: + $ref: '#/components/schemas/ThemeValue' + additionalProperties: false + Theme: + type: object + properties: + AppId: + type: string + CreatedAt: + type: string + format: date-time + EnvironmentName: + type: string + Id: + type: string + ModifiedAt: + type: string + format: date-time + Name: + type: string + maxLength: 255 + minLength: 1 + Overrides: + type: array + items: + $ref: '#/components/schemas/ThemeValues' + Tags: + $ref: '#/components/schemas/Tags' + Values: + type: array + items: + $ref: '#/components/schemas/ThemeValues' + x-stackql-resource-name: theme + description: Definition of AWS::AmplifyUIBuilder::Theme Resource Type + x-type-name: AWS::AmplifyUIBuilder::Theme + x-stackql-primary-identifier: + - AppId + - EnvironmentName + - Id + x-create-only-properties: + - AppId + - EnvironmentName + x-read-only-properties: + - CreatedAt + - Id + - ModifiedAt + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - amplify:GetApp + - amplifyuibuilder:CreateTheme + - amplifyuibuilder:GetTheme + - amplifyuibuilder:TagResource + read: + - amplify:GetApp + - amplifyuibuilder:GetTheme + update: + - amplify:GetApp + - amplifyuibuilder:GetTheme + - amplifyuibuilder:TagResource + - amplifyuibuilder:UntagResource + - amplifyuibuilder:UpdateTheme + delete: + - amplify:GetApp + - amplifyuibuilder:DeleteTheme + - amplifyuibuilder:UntagResource + list: + - amplify:GetApp + - amplifyuibuilder:ListThemes + x-stackQL-resources: + components: + name: components + id: aws.amplifyuibuilder.components + x-cfn-schema-name: Component + x-type: list + x-identifiers: + - AppId + - EnvironmentName + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AppId') as app_id, + JSON_EXTRACT(Properties, '$.EnvironmentName') as environment_name, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AmplifyUIBuilder::Component' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AppId') as app_id, + json_extract_path_text(Properties, 'EnvironmentName') as environment_name, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AmplifyUIBuilder::Component' + AND region = 'us-east-1' + component: + name: component + id: aws.amplifyuibuilder.component + x-cfn-schema-name: Component + x-type: get + x-identifiers: + - AppId + - EnvironmentName + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AppId') as app_id, + JSON_EXTRACT(Properties, '$.BindingProperties') as binding_properties, + JSON_EXTRACT(Properties, '$.Children') as children, + JSON_EXTRACT(Properties, '$.CollectionProperties') as collection_properties, + JSON_EXTRACT(Properties, '$.ComponentType') as component_type, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.EnvironmentName') as environment_name, + JSON_EXTRACT(Properties, '$.Events') as events, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Overrides') as overrides, + JSON_EXTRACT(Properties, '$.Properties') as properties, + JSON_EXTRACT(Properties, '$.SchemaVersion') as schema_version, + JSON_EXTRACT(Properties, '$.SourceId') as source_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Variants') as variants + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AmplifyUIBuilder::Component' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AppId') as app_id, + json_extract_path_text(Properties, 'BindingProperties') as binding_properties, + json_extract_path_text(Properties, 'Children') as children, + json_extract_path_text(Properties, 'CollectionProperties') as collection_properties, + json_extract_path_text(Properties, 'ComponentType') as component_type, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'EnvironmentName') as environment_name, + json_extract_path_text(Properties, 'Events') as events, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Overrides') as overrides, + json_extract_path_text(Properties, 'Properties') as properties, + json_extract_path_text(Properties, 'SchemaVersion') as schema_version, + json_extract_path_text(Properties, 'SourceId') as source_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Variants') as variants + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AmplifyUIBuilder::Component' + AND data__Identifier = '||' + AND region = 'us-east-1' + forms: + name: forms + id: aws.amplifyuibuilder.forms + x-cfn-schema-name: Form + x-type: list + x-identifiers: + - AppId + - EnvironmentName + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AppId') as app_id, + JSON_EXTRACT(Properties, '$.EnvironmentName') as environment_name, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AmplifyUIBuilder::Form' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AppId') as app_id, + json_extract_path_text(Properties, 'EnvironmentName') as environment_name, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AmplifyUIBuilder::Form' + AND region = 'us-east-1' + form: + name: form + id: aws.amplifyuibuilder.form + x-cfn-schema-name: Form + x-type: get + x-identifiers: + - AppId + - EnvironmentName + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AppId') as app_id, + JSON_EXTRACT(Properties, '$.Cta') as cta, + JSON_EXTRACT(Properties, '$.DataType') as data_type, + JSON_EXTRACT(Properties, '$.EnvironmentName') as environment_name, + JSON_EXTRACT(Properties, '$.Fields') as fields, + JSON_EXTRACT(Properties, '$.FormActionType') as form_action_type, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.LabelDecorator') as label_decorator, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.SchemaVersion') as schema_version, + JSON_EXTRACT(Properties, '$.SectionalElements') as sectional_elements, + JSON_EXTRACT(Properties, '$.Style') as style, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AmplifyUIBuilder::Form' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AppId') as app_id, + json_extract_path_text(Properties, 'Cta') as cta, + json_extract_path_text(Properties, 'DataType') as data_type, + json_extract_path_text(Properties, 'EnvironmentName') as environment_name, + json_extract_path_text(Properties, 'Fields') as fields, + json_extract_path_text(Properties, 'FormActionType') as form_action_type, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'LabelDecorator') as label_decorator, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'SchemaVersion') as schema_version, + json_extract_path_text(Properties, 'SectionalElements') as sectional_elements, + json_extract_path_text(Properties, 'Style') as style, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AmplifyUIBuilder::Form' + AND data__Identifier = '||' + AND region = 'us-east-1' + themes: + name: themes + id: aws.amplifyuibuilder.themes + x-cfn-schema-name: Theme + x-type: list + x-identifiers: + - AppId + - EnvironmentName + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AppId') as app_id, + JSON_EXTRACT(Properties, '$.EnvironmentName') as environment_name, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AmplifyUIBuilder::Theme' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AppId') as app_id, + json_extract_path_text(Properties, 'EnvironmentName') as environment_name, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AmplifyUIBuilder::Theme' + AND region = 'us-east-1' + theme: + name: theme + id: aws.amplifyuibuilder.theme + x-cfn-schema-name: Theme + x-type: get + x-identifiers: + - AppId + - EnvironmentName + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AppId') as app_id, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.EnvironmentName') as environment_name, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Overrides') as overrides, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Values') as _values + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AmplifyUIBuilder::Theme' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AppId') as app_id, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'EnvironmentName') as environment_name, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Overrides') as overrides, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Values') as _values + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AmplifyUIBuilder::Theme' + AND data__Identifier = '||' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/apigateway.yaml b/providers/src/aws/v00.00.00000/services/apigateway.yaml new file mode 100644 index 00000000..872b0f8b --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/apigateway.yaml @@ -0,0 +1,2786 @@ +openapi: 3.0.0 +info: + title: ApiGateway + version: 1.0.0 +paths: {} +components: + schemas: + Account: + type: object + properties: + Id: + description: '' + type: string + CloudWatchRoleArn: + description: The ARN of an Amazon CloudWatch role for the current Account. + type: string + x-stackql-resource-name: account + description: The ``AWS::ApiGateway::Account`` resource specifies the IAM role that Amazon API Gateway uses to write API logs to Amazon CloudWatch Logs. To avoid overwriting other roles, you should only have one ``AWS::ApiGateway::Account`` resource per region per account. + x-type-name: AWS::ApiGateway::Account + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + x-required-permissions: + create: + - apigateway:PATCH + - iam:GetRole + - iam:PassRole + read: + - apigateway:GET + update: + - apigateway:PATCH + - iam:GetRole + - iam:PassRole + delete: [] + StageKey: + type: object + additionalProperties: false + properties: + RestApiId: + description: The string identifier of the associated RestApi. + type: string + StageName: + description: The stage name associated with the stage key. + type: string + description: '``StageKey`` is a property of the [AWS::ApiGateway::ApiKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-apikey.html) resource that specifies the stage to associate with the API key. This association allows only clients with the key to make requests to methods in that stage.' + Tag: + type: object + additionalProperties: false + properties: + Value: + type: string + Key: + type: string + required: + - Value + - Key + ApiKey: + type: object + properties: + APIKeyId: + description: '' + type: string + CustomerId: + description: An MKT customer identifier, when integrating with the AWS SaaS Marketplace. + type: string + Description: + description: The description of the ApiKey. + type: string + Enabled: + description: Specifies whether the ApiKey can be used by callers. + default: false + type: boolean + GenerateDistinctId: + description: Specifies whether (``true``) or not (``false``) the key identifier is distinct from the created API key value. This parameter is deprecated and should not be used. + type: boolean + Name: + description: |- + A name for the API key. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the API key name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). + If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + type: string + StageKeys: + description: DEPRECATED FOR USAGE PLANS - Specifies stages associated with the API key. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/StageKey' + Tags: + description: The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with ``aws:``. The tag value can be up to 256 characters. + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + Value: + description: Specifies a value of the API key. + type: string + x-stackql-resource-name: api_key + description: The ``AWS::ApiGateway::ApiKey`` resource creates a unique key that you can distribute to clients who are executing API Gateway ``Method`` resources that require an API key. To specify which API key clients must use, map the API key with the ``RestApi`` and ``Stage`` resources that include the methods that require a key. + x-type-name: AWS::ApiGateway::ApiKey + x-stackql-primary-identifier: + - APIKeyId + x-create-only-properties: + - GenerateDistinctId + - Name + - Value + x-write-only-properties: + - GenerateDistinctId + x-read-only-properties: + - APIKeyId + x-required-permissions: + create: + - apigateway:POST + - apigateway:GET + - apigateway:PUT + read: + - apigateway:GET + update: + - apigateway:GET + - apigateway:PATCH + - apigateway:PUT + - apigateway:DELETE + delete: + - apigateway:DELETE + - apigateway:GET + list: + - apigateway:GET + Authorizer: + type: object + properties: + RestApiId: + description: The string identifier of the associated RestApi. + type: string + AuthorizerId: + type: string + description: '' + AuthType: + description: Optional customer-defined field, used in OpenAPI imports and exports without functional impact. + type: string + AuthorizerCredentials: + description: Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null. + type: string + AuthorizerResultTtlInSeconds: + description: The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour. + type: integer + AuthorizerUri: + description: >- + Specifies the authorizer's Uniform Resource Identifier (URI). For ``TOKEN`` or ``REQUEST`` authorizers, this must be a well-formed Lambda function URI, for example, ``arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations``. In general, the URI has this form ``arn:aws:apigateway:{region}:lambda:path/{service_api}``, where ``{region}`` is the same as the region hosting the Lambda function, + ``path`` indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial ``/``. For Lambda functions, this is usually of the form ``/2015-03-31/functions/[FunctionARN]/invocations``. + type: string + IdentitySource: + description: >- + The identity source for which authorization is requested. For a ``TOKEN`` or ``COGNITO_USER_POOLS`` authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is ``Auth``, the header mapping expression is ``method.request.header.Auth``. For the ``REQUEST`` authorizer, this is required when authorization caching is enabled. The value is a + comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an ``Auth`` header, a ``Name`` query string parameter are defined as identity sources, this value is ``method.request.header.Auth, method.request.querystring.Name``. These parameters will be used to derive the authorization caching key and to perform runtime validation of the ``REQUEST`` authorizer by verifying all of the identity-related request parameters are present, not + null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional. + type: string + IdentityValidationExpression: + description: >- + A validation expression for the incoming identity token. For ``TOKEN`` authorizers, this value is a regular expression. For ``COGNITO_USER_POOLS`` authorizers, API Gateway will match the ``aud`` field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to + the ``REQUEST`` authorizer. + type: string + Name: + description: The name of the authorizer. + type: string + ProviderARNs: + description: 'A list of the Amazon Cognito user pool ARNs for the ``COGNITO_USER_POOLS`` authorizer. Each element is of this format: ``arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}``. For a ``TOKEN`` or ``REQUEST`` authorizer, this is not defined.' + type: array + uniqueItems: true + items: + type: string + x-insertionOrder: false + Type: + description: The authorizer type. Valid values are ``TOKEN`` for a Lambda function using a single authorization token submitted in a custom header, ``REQUEST`` for a Lambda function using incoming request parameters, and ``COGNITO_USER_POOLS`` for using an Amazon Cognito user pool. + type: string + required: + - RestApiId + - Type + - Name + x-stackql-resource-name: authorizer + description: The ``AWS::ApiGateway::Authorizer`` resource creates an authorization layer that API Gateway activates for methods that have authorization enabled. API Gateway activates the authorizer when a client calls those methods. + x-type-name: AWS::ApiGateway::Authorizer + x-stackql-primary-identifier: + - RestApiId + - AuthorizerId + x-create-only-properties: + - RestApiId + x-read-only-properties: + - AuthorizerId + x-required-properties: + - RestApiId + - Type + - Name + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - apigateway:POST + - iam:PassRole + read: + - apigateway:GET + update: + - apigateway:GET + - apigateway:PATCH + - iam:PassRole + delete: + - apigateway:DELETE + list: + - apigateway:GET + BasePathMapping: + type: object + properties: + BasePath: + type: string + description: The base path name that callers of the API must provide as part of the URL after the domain name. + DomainName: + type: string + description: The domain name of the BasePathMapping resource to be described. + RestApiId: + type: string + description: The string identifier of the associated RestApi. + Stage: + type: string + description: The name of the associated stage. + required: + - DomainName + x-stackql-resource-name: base_path_mapping + description: The ``AWS::ApiGateway::BasePathMapping`` resource creates a base path that clients who call your API must use in the invocation URL. + x-type-name: AWS::ApiGateway::BasePathMapping + x-stackql-primary-identifier: + - DomainName + - BasePath + x-create-only-properties: + - DomainName + - BasePath + x-required-properties: + - DomainName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - apigateway:POST + - apigateway:GET + read: + - apigateway:GET + update: + - apigateway:GET + - apigateway:DELETE + - apigateway:PATCH + delete: + - apigateway:DELETE + list: + - apigateway:GET + ClientCertificate: + type: object + properties: + ClientCertificateId: + description: '' + type: string + Description: + description: The description of the client certificate. + type: string + Tags: + description: The collection of tags. Each tag element is associated with a given resource. + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: client_certificate + description: The ``AWS::ApiGateway::ClientCertificate`` resource creates a client certificate that API Gateway uses to configure client-side SSL authentication for sending requests to the integration endpoint. + x-type-name: AWS::ApiGateway::ClientCertificate + x-stackql-primary-identifier: + - ClientCertificateId + x-read-only-properties: + - ClientCertificateId + x-required-permissions: + create: + - apigateway:POST + - apigateway:GET + - apigateway:PUT + read: + - apigateway:GET + update: + - apigateway:GET + - apigateway:PATCH + - apigateway:PUT + - apigateway:DELETE + delete: + - apigateway:DELETE + list: + - apigateway:GET + StageDescription: + type: object + additionalProperties: false + properties: + AccessLogSetting: + description: Specifies settings for logging access in this stage. + $ref: '#/components/schemas/AccessLogSetting' + CacheClusterEnabled: + description: Specifies whether a cache cluster is enabled for the stage. + type: boolean + CacheClusterSize: + description: The size of the stage's cache cluster. For more information, see [cacheClusterSize](https://docs.aws.amazon.com/apigateway/latest/api/API_CreateStage.html#apigw-CreateStage-request-cacheClusterSize) in the *API Gateway API Reference*. + type: string + CacheDataEncrypted: + description: Indicates whether the cached responses are encrypted. + type: boolean + CacheTtlInSeconds: + description: The time-to-live (TTL) period, in seconds, that specifies how long API Gateway caches responses. + type: integer + CachingEnabled: + description: Indicates whether responses are cached and returned for requests. You must enable a cache cluster on the stage to cache responses. For more information, see [Enable API Gateway Caching in a Stage to Enhance API Performance](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html) in the *API Gateway Developer Guide*. + type: boolean + CanarySetting: + description: Specifies settings for the canary deployment in this stage. + $ref: '#/components/schemas/CanarySetting' + ClientCertificateId: + description: The identifier of the client certificate that API Gateway uses to call your integration endpoints in the stage. + type: string + DataTraceEnabled: + description: Indicates whether data trace logging is enabled for methods in the stage. API Gateway pushes these logs to Amazon CloudWatch Logs. + type: boolean + Description: + description: A description of the purpose of the stage. + type: string + DocumentationVersion: + description: The version identifier of the API documentation snapshot. + type: string + LoggingLevel: + description: The logging level for this method. For valid values, see the ``loggingLevel`` property of the [MethodSetting](https://docs.aws.amazon.com/apigateway/latest/api/API_MethodSetting.html) resource in the *Amazon API Gateway API Reference*. + type: string + MethodSettings: + description: Configures settings for all of the stage's methods. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/MethodSetting' + MetricsEnabled: + description: Indicates whether Amazon CloudWatch metrics are enabled for methods in the stage. + type: boolean + Tags: + description: An array of arbitrary tags (key-value pairs) to associate with the stage. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + ThrottlingBurstLimit: + description: The target request burst rate limit. This allows more requests through for a period of time than the target rate limit. For more information, see [Manage API Request Throttling](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-request-throttling.html) in the *API Gateway Developer Guide*. + type: integer + ThrottlingRateLimit: + description: The target request steady-state rate limit. For more information, see [Manage API Request Throttling](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-request-throttling.html) in the *API Gateway Developer Guide*. + type: number + TracingEnabled: + description: |- + Specifies whether active tracing with X-ray is enabled for this stage. + For more information, see [Trace API Gateway API Execution with X-Ray](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-xray.html) in the *API Gateway Developer Guide*. + type: boolean + Variables: + description: 'A map that defines the stage variables. Variable names must consist of alphanumeric characters, and the values must match the following regular expression: ``[A-Za-z0-9-._~:/?#&=,]+``.' + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + description: '``StageDescription`` is a property of the [AWS::ApiGateway::Deployment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-deployment.html) resource that configures a deployment stage.' + DeploymentCanarySettings: + type: object + additionalProperties: false + properties: + PercentTraffic: + description: The percentage (0.0-100.0) of traffic routed to the canary deployment. + type: number + StageVariableOverrides: + description: A stage variable overrides used for the canary release deployment. They can override existing stage variables or add new stage variables for the canary release deployment. These stage variables are represented as a string-to-string map between stage variable names and their values. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + UseStageCache: + description: A Boolean flag to indicate whether the canary release deployment uses the stage cache or not. + type: boolean + description: The ``DeploymentCanarySettings`` property type specifies settings for the canary deployment. + AccessLogSetting: + description: |- + The ``AccessLogSetting`` property type specifies settings for logging access in this stage. + ``AccessLogSetting`` is a property of the [AWS::ApiGateway::Stage](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html) resource. + type: object + additionalProperties: false + properties: + DestinationArn: + description: The Amazon Resource Name (ARN) of the CloudWatch Logs log group or Kinesis Data Firehose delivery stream to receive access logs. If you specify a Kinesis Data Firehose delivery stream, the stream name must begin with ``amazon-apigateway-``. This parameter is required to enable access logging. + type: string + Format: + description: A single line format of the access logs of data, as specified by selected [$context variables](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html#context-variable-reference). The format must include at least ``$context.requestId``. This parameter is required to enable access logging. + type: string + CanarySetting: + description: Configuration settings of a canary deployment. + type: object + additionalProperties: false + properties: + DeploymentId: + description: The ID of the canary deployment. + type: string + PercentTraffic: + description: The percent (0-100) of traffic diverted to a canary deployment. + type: number + minimum: 0 + maximum: 100 + StageVariableOverrides: + description: Stage variables overridden for a canary release deployment, including new stage variables introduced in the canary. These stage variables are represented as a string-to-string map between stage variable names and their values. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + UseStageCache: + description: A Boolean flag to indicate whether the canary deployment uses the stage cache or not. + type: boolean + MethodSetting: + description: |- + The ``MethodSetting`` property type configures settings for all methods in a stage. + The ``MethodSettings`` property of the ``AWS::ApiGateway::Stage`` resource contains a list of ``MethodSetting`` property types. + type: object + additionalProperties: false + properties: + CacheDataEncrypted: + description: Specifies whether the cached responses are encrypted. + type: boolean + CacheTtlInSeconds: + description: Specifies the time to live (TTL), in seconds, for cached responses. The higher the TTL, the longer the response will be cached. + type: integer + CachingEnabled: + description: Specifies whether responses should be cached and returned for requests. A cache cluster must be enabled on the stage for responses to be cached. + type: boolean + DataTraceEnabled: + description: Specifies whether data trace logging is enabled for this method, which affects the log entries pushed to Amazon CloudWatch Logs. This can be useful to troubleshoot APIs, but can result in logging sensitive data. We recommend that you don't enable this option for production APIs. + type: boolean + HttpMethod: + description: The HTTP method. To apply settings to multiple resources and methods, specify an asterisk (``*``) for the ``HttpMethod`` and ``/*`` for the ``ResourcePath``. This parameter is required when you specify a ``MethodSetting``. + type: string + LoggingLevel: + description: Specifies the logging level for this method, which affects the log entries pushed to Amazon CloudWatch Logs. Valid values are ``OFF``, ``ERROR``, and ``INFO``. Choose ``ERROR`` to write only error-level entries to CloudWatch Logs, or choose ``INFO`` to include all ``ERROR`` events as well as extra informational events. + type: string + MetricsEnabled: + description: Specifies whether Amazon CloudWatch metrics are enabled for this method. + type: boolean + ResourcePath: + description: >- + The resource path for this method. Forward slashes (``/``) are encoded as ``~1`` and the initial slash must include a forward slash. For example, the path value ``/resource/subresource`` must be encoded as ``/~1resource~1subresource``. To specify the root path, use only a slash (``/``). To apply settings to multiple resources and methods, specify an asterisk (``*``) for the ``HttpMethod`` and ``/*`` for the ``ResourcePath``. This parameter is required when you specify a + ``MethodSetting``. + type: string + ThrottlingBurstLimit: + description: Specifies the throttling burst limit. + type: integer + minimum: 0 + ThrottlingRateLimit: + description: Specifies the throttling rate limit. + type: number + minimum: 0 + Deployment: + type: object + properties: + DeploymentId: + type: string + description: '' + DeploymentCanarySettings: + $ref: '#/components/schemas/DeploymentCanarySettings' + description: The input configuration for a canary deployment. + Description: + type: string + description: The description for the Deployment resource to create. + RestApiId: + type: string + description: The string identifier of the associated RestApi. + StageDescription: + $ref: '#/components/schemas/StageDescription' + description: The description of the Stage resource for the Deployment resource to create. To specify a stage description, you must also provide a stage name. + StageName: + type: string + description: The name of the Stage resource for the Deployment resource to create. + required: + - RestApiId + x-stackql-resource-name: deployment + description: The ``AWS::ApiGateway::Deployment`` resource deploys an API Gateway ``RestApi`` resource to a stage so that clients can call the API over the internet. The stage acts as an environment. + x-type-name: AWS::ApiGateway::Deployment + x-stackql-primary-identifier: + - DeploymentId + - RestApiId + x-create-only-properties: + - DeploymentCanarySettings + - RestApiId + x-write-only-properties: + - StageName + - StageDescription + - DeploymentCanarySettings + x-read-only-properties: + - DeploymentId + x-required-properties: + - RestApiId + x-taggable: true + x-required-permissions: + create: + - apigateway:POST + - apigateway:PATCH + - apigateway:PUT + - apigateway:GET + read: + - apigateway:GET + update: + - apigateway:PATCH + - apigateway:GET + - apigateway:PUT + - apigateway:DELETE + delete: + - apigateway:GET + - apigateway:DELETE + list: + - apigateway:GET + Location: + type: object + additionalProperties: false + properties: + Method: + description: >- + The HTTP verb of a method. It is a valid field for the API entity types of ``METHOD``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY``, ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. The default value is ``*`` for any method. When an applicable child entity inherits the content of an entity of the same type with more general specifications of the other ``location`` attributes, the child entity's ``method`` attribute must match that of the + parent entity exactly. + type: string + Name: + description: The name of the targeted API entity. It is a valid and required field for the API entity types of ``AUTHORIZER``, ``MODEL``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY`` and ``RESPONSE_HEADER``. It is an invalid field for any other entity type. + type: string + Path: + description: >- + The URL path of the target. It is a valid field for the API entity types of ``RESOURCE``, ``METHOD``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY``, ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. The default value is ``/`` for the root resource. When an applicable child entity inherits the content of another entity of the same type with more general specifications of the other ``location`` attributes, the child entity's ``path`` attribute + must match that of the parent entity as a prefix. + type: string + StatusCode: + description: The HTTP status code of a response. It is a valid field for the API entity types of ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. The default value is ``*`` for any status code. When an applicable child entity inherits the content of an entity of the same type with more general specifications of the other ``location`` attributes, the child entity's ``statusCode`` attribute must match that of the parent entity exactly. + type: string + Type: + description: The type of API entity to which the documentation content applies. Valid values are ``API``, ``AUTHORIZER``, ``MODEL``, ``RESOURCE``, ``METHOD``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY``, ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. Content inheritance does not apply to any entity of the ``API``, ``AUTHORIZER``, ``METHOD``, ``MODEL``, ``REQUEST_BODY``, or ``RESOURCE`` type. + type: string + enum: + - API + - AUTHORIZER + - MODEL + - RESOURCE + - METHOD + - PATH_PARAMETER + - QUERY_PARAMETER + - REQUEST_HEADER + - REQUEST_BODY + - RESPONSE + - RESPONSE_HEADER + - RESPONSE_BODY + description: |- + The ``Location`` property specifies the location of the Amazon API Gateway API entity that the documentation applies to. ``Location`` is a property of the [AWS::ApiGateway::DocumentationPart](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-documentationpart.html) resource. + For more information about each property, including constraints and valid values, see [DocumentationPart](https://docs.aws.amazon.com/apigateway/latest/api/API_DocumentationPartLocation.html) in the *Amazon API Gateway REST API Reference*. + DocumentationPart: + type: object + properties: + DocumentationPartId: + description: '' + type: string + Location: + description: The location of the targeted API entity of the to-be-created documentation part. + $ref: '#/components/schemas/Location' + Properties: + description: The new documentation content map of the targeted API entity. Enclosed key-value pairs are API-specific, but only OpenAPI-compliant key-value pairs can be exported and, hence, published. + type: string + RestApiId: + description: The string identifier of the associated RestApi. + type: string + required: + - Location + - Properties + - RestApiId + x-stackql-resource-name: documentation_part + description: The ``AWS::ApiGateway::DocumentationPart`` resource creates a documentation part for an API. For more information, see [Representation of API Documentation in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-documenting-api-content-representation.html) in the *API Gateway Developer Guide*. + x-type-name: AWS::ApiGateway::DocumentationPart + x-stackql-primary-identifier: + - DocumentationPartId + - RestApiId + x-create-only-properties: + - Location + - RestApiId + x-read-only-properties: + - DocumentationPartId + x-required-properties: + - Location + - Properties + - RestApiId + x-required-permissions: + create: + - apigateway:GET + - apigateway:POST + read: + - apigateway:GET + update: + - apigateway:GET + - apigateway:PATCH + delete: + - apigateway:DELETE + list: + - apigateway:GET + DocumentationVersion: + type: object + properties: + Description: + description: A description about the new documentation snapshot. + type: string + DocumentationVersion: + description: The version identifier of the to-be-updated documentation version. + type: string + minLength: 1 + RestApiId: + description: The string identifier of the associated RestApi. + type: string + minLength: 1 + required: + - DocumentationVersion + - RestApiId + x-stackql-resource-name: documentation_version + description: The ``AWS::ApiGateway::DocumentationVersion`` resource creates a snapshot of the documentation for an API. For more information, see [Representation of API Documentation in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-documenting-api-content-representation.html) in the *API Gateway Developer Guide*. + x-type-name: AWS::ApiGateway::DocumentationVersion + x-stackql-primary-identifier: + - DocumentationVersion + - RestApiId + x-create-only-properties: + - DocumentationVersion + - RestApiId + x-required-properties: + - DocumentationVersion + - RestApiId + x-required-permissions: + create: + - apigateway:GET + - apigateway:POST + read: + - apigateway:GET + update: + - apigateway:GET + - apigateway:PATCH + delete: + - apigateway:DELETE + list: + - apigateway:GET + EndpointConfiguration: + type: object + additionalProperties: false + properties: + Types: + type: array + uniqueItems: true + items: + type: string + description: A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is ``"EDGE"``. For a regional API and its custom domain name, the endpoint type is ``REGIONAL``. For a private API, the endpoint type is ``PRIVATE``. + VpcEndpointIds: + type: array + uniqueItems: true + items: + type: string + description: A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for ``PRIVATE`` endpoint type. + description: |- + The ``EndpointConfiguration`` property type specifies the endpoint types of a REST API. + ``EndpointConfiguration`` is a property of the [AWS::ApiGateway::RestApi](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html) resource. + MutualTlsAuthentication: + type: object + properties: + TruststoreUri: + type: string + TruststoreVersion: + type: string + additionalProperties: false + DomainName: + type: object + properties: + DomainName: + type: string + DistributionDomainName: + type: string + DistributionHostedZoneId: + type: string + EndpointConfiguration: + $ref: '#/components/schemas/EndpointConfiguration' + MutualTlsAuthentication: + $ref: '#/components/schemas/MutualTlsAuthentication' + RegionalDomainName: + type: string + RegionalHostedZoneId: + type: string + CertificateArn: + type: string + RegionalCertificateArn: + type: string + OwnershipVerificationCertificateArn: + type: string + SecurityPolicy: + type: string + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: domain_name + description: Resource Type definition for AWS::ApiGateway::DomainName. + x-type-name: AWS::ApiGateway::DomainName + x-stackql-primary-identifier: + - DomainName + x-create-only-properties: + - DomainName + x-read-only-properties: + - RegionalHostedZoneId + - DistributionDomainName + - RegionalDomainName + - DistributionHostedZoneId + x-required-permissions: + create: + - apigateway:* + read: + - apigateway:* + update: + - apigateway:* + delete: + - apigateway:* + list: + - apigateway:* + Integration: + type: object + additionalProperties: false + properties: + CacheKeyParameters: + description: A list of request parameters whose values API Gateway caches. To be valid values for ``cacheKeyParameters``, these parameters must also be specified for Method ``requestParameters``. + type: array + uniqueItems: true + items: + type: string + CacheNamespace: + description: Specifies a group of related cached parameters. By default, API Gateway uses the resource ID as the ``cacheNamespace``. You can specify the same ``cacheNamespace`` across resources to return the same cached data for requests to different resources. + type: string + ConnectionId: + description: The ID of the VpcLink used for the integration when ``connectionType=VPC_LINK`` and undefined, otherwise. + type: string + ConnectionType: + description: The type of the network connection to the integration endpoint. The valid value is ``INTERNET`` for connections through the public routable internet or ``VPC_LINK`` for private connections between API Gateway and a network load balancer in a VPC. The default value is ``INTERNET``. + type: string + enum: + - INTERNET + - VPC_LINK + ContentHandling: + description: |- + Specifies how to handle request payload content type conversions. Supported values are ``CONVERT_TO_BINARY`` and ``CONVERT_TO_TEXT``, with the following behaviors: + If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the ``passthroughBehavior`` is configured to support payload pass-through. + type: string + enum: + - CONVERT_TO_BINARY + - CONVERT_TO_TEXT + Credentials: + description: Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string ``arn:aws:iam::\*:user/\*``. To use resource-based permissions on supported AWS services, specify null. + type: string + IntegrationHttpMethod: + description: Specifies the integration's HTTP method type. For the Type property, if you specify ``MOCK``, this property is optional. For Lambda integrations, you must set the integration method to ``POST``. For all other types, you must specify this property. + type: string + IntegrationResponses: + description: Specifies the integration's responses. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/IntegrationResponse' + PassthroughBehavior: + description: >- + Specifies how the method request body of an unmapped content type will be passed through the integration request to the back end without transformation. A content type is unmapped if no mapping template is defined in the integration or the content type does not match any of the mapped content types, as specified in ``requestTemplates``. The valid value is one of the following: ``WHEN_NO_MATCH``: passes the method request body through the integration request to the back end without + transformation when the method request content type does not match any content type associated with the mapping templates defined in the integration request. ``WHEN_NO_TEMPLATES``: passes the method request body through the integration request to the back end without transformation when no mapping template is defined in the integration request. If a template is defined when this option is selected, the method request of an unmapped content-type will be rejected with an HTTP 415 + Unsupported Media Type response. ``NEVER``: rejects the method request with an HTTP 415 Unsupported Media Type response when either the method request content type does not match any content type associated with the mapping templates defined in the integration request or no mapping template is defined in the integration request. + type: string + enum: + - WHEN_NO_MATCH + - WHEN_NO_TEMPLATES + - NEVER + RequestParameters: + description: >- + A key-value map specifying request parameters that are passed from the method request to the back end. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the back end. The method request parameter value must match the pattern of ``method.request.{location}.{name}``, where ``location`` is ``querystring``, ``path``, or ``header`` and + ``name`` must be a valid and unique method request parameter name. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + RequestTemplates: + description: Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + TimeoutInMillis: + description: Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds or 29 seconds. + type: integer + minimum: 50 + Type: + description: |- + Specifies an API method integration type. The valid value is one of the following: + For the HTTP and HTTP proxy integrations, each integration can specify a protocol (``http/https``), port and path. Standard 80 and 443 ports are supported as well as custom ports above 1024. An HTTP or HTTP proxy integration with a ``connectionType`` of ``VPC_LINK`` is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC. + type: string + enum: + - AWS + - AWS_PROXY + - HTTP + - HTTP_PROXY + - MOCK + Uri: + description: |- + Specifies Uniform Resource Identifier (URI) of the integration endpoint. + For ``HTTP`` or ``HTTP_PROXY`` integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification for standard integrations. If ``connectionType`` is ``VPC_LINK`` specify the Network Load Balancer DNS name. For ``AWS`` or ``AWS_PROXY`` integrations, the URI is of the form ``arn:aws:apigateway:{region}:{subdomain.service|service}:path|action/{service_api}``. Here, {Region} is the API Gateway region (e.g., us-east-1); {service} is the name of the integrated AWS service (e.g., s3); and {subdomain} is a designated subdomain supported by certain AWS service for fast host-name lookup. action can be used for an AWS service action-based API, using an Action={name}&{p1}={v1}&p2={v2}... query string. The ensuing {service_api} refers to a supported action {name} plus any required input parameters. Alternatively, path can be used for an AWS service path-based API. The ensuing service_api refers to the path to an AWS service resource, including the region of the integrated AWS service, if applicable. For example, for integration with the S3 API of GetObject, the uri can be either ``arn:aws:apigateway:us-west-2:s3:action/GetObject&Bucket={bucket}&Key={key}`` or ``arn:aws:apigateway:us-west-2:s3:path/{bucket}/{key}`` + type: string + required: + - Type + description: '``Integration`` is a property of the [AWS::ApiGateway::Method](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html) resource that specifies information about the target backend that a method calls.' + MethodResponse: + type: object + additionalProperties: false + properties: + ResponseModels: + description: Specifies the Model resources used for the response's content-type. Response models are represented as a key/value map, with a content-type as the key and a Model name as the value. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + ResponseParameters: + description: >- + A key-value map specifying required or optional response parameters that API Gateway can send back to the caller. A key defines a method response header and the value specifies whether the associated method response header is required or not. The expression of the key must match the pattern ``method.response.header.{name}``, where ``name`` is a valid and unique header name. API Gateway passes certain integration response data to the method response headers specified here according to + the mapping you prescribe in the API's IntegrationResponse. The integration response data that can be mapped include an integration response header expressed in ``integration.response.header.{name}``, a static value enclosed within a pair of single quotes (e.g., ``'application/json'``), or a JSON expression from the back-end response payload in the form of ``integration.response.body.{JSON-expression}``, where ``JSON-expression`` is a valid JSON expression without the ``$`` prefix.) + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: boolean + StatusCode: + description: The method response's status code. + type: string + required: + - StatusCode + description: Represents a method response of a given HTTP status code returned to the client. The method response is passed from the back end through the associated integration response that can be transformed using a mapping template. + IntegrationResponse: + type: object + additionalProperties: false + properties: + ContentHandling: + description: |- + Specifies how to handle response payload content type conversions. Supported values are ``CONVERT_TO_BINARY`` and ``CONVERT_TO_TEXT``, with the following behaviors: + If this property is not defined, the response payload will be passed through from the integration response to the method response without modification. + type: string + enum: + - CONVERT_TO_BINARY + - CONVERT_TO_TEXT + ResponseParameters: + description: >- + A key-value map specifying response parameters that are passed to the method response from the back end. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of ``method.response.header.{name}``, where ``name`` is a valid and unique header name. The mapped non-static value + must match the pattern of ``integration.response.header.{name}`` or ``integration.response.body.{JSON-expression}``, where ``name`` is a valid and unique response header name and ``JSON-expression`` is a valid JSON expression without the ``$`` prefix. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + ResponseTemplates: + description: Specifies the templates used to transform the integration response body. Response templates are represented as a key/value map, with a content-type as the key and a template as the value. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + SelectionPattern: + description: >- + Specifies the regular expression (regex) pattern used to choose an integration response based on the response from the back end. For example, if the success response returns nothing and the error response returns some string, you could use the ``.+`` regex to match error response. However, make sure that the error response does not contain any newline (``\n``) character in such cases. If the back end is an LAMlong function, the LAMlong function error header is matched. For all other + HTTP and AWS back ends, the HTTP status code is matched. + type: string + StatusCode: + description: Specifies the status code that is used to map the integration response to an existing MethodResponse. + type: string + required: + - StatusCode + description: '``IntegrationResponse`` is a property of the [Amazon API Gateway Method Integration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apitgateway-method-integration.html) property type that specifies the response that API Gateway sends after a method''s backend finishes processing a request.' + Method: + type: object + properties: + ApiKeyRequired: + description: A boolean flag specifying whether a valid ApiKey is required to invoke this method. + type: boolean + AuthorizationScopes: + description: >- + A list of authorization scopes configured on the method. The scopes are used with a ``COGNITO_USER_POOLS`` authorizer to authorize the method invocation. The authorization works by matching the method scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any method scopes matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the method scope is configured, the client must provide + an access token instead of an identity token for authorization purposes. + type: array + items: + type: string + AuthorizationType: + description: |- + The method's authorization type. This parameter is required. For valid values, see [Method](https://docs.aws.amazon.com/apigateway/latest/api/API_Method.html) in the *API Gateway API Reference*. + If you specify the ``AuthorizerId`` property, specify ``CUSTOM`` or ``COGNITO_USER_POOLS`` for this property. + type: string + enum: + - NONE + - AWS_IAM + - CUSTOM + - COGNITO_USER_POOLS + AuthorizerId: + description: The identifier of an authorizer to use on this method. The method's authorization type must be ``CUSTOM`` or ``COGNITO_USER_POOLS``. + type: string + HttpMethod: + description: The method's HTTP verb. + type: string + Integration: + description: Represents an ``HTTP``, ``HTTP_PROXY``, ``AWS``, ``AWS_PROXY``, or Mock integration. + $ref: '#/components/schemas/Integration' + MethodResponses: + description: Gets a method response associated with a given HTTP status code. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/MethodResponse' + OperationName: + description: A human-friendly operation identifier for the method. For example, you can assign the ``operationName`` of ``ListPets`` for the ``GET /pets`` method in the ``PetStore`` example. + type: string + RequestModels: + description: A key-value map specifying data schemas, represented by Model resources, (as the mapped value) of the request payloads of given content types (as the mapping key). + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + RequestParameters: + description: >- + A key-value map defining required or optional method request parameters that can be accepted by API Gateway. A key is a method request parameter name matching the pattern of ``method.request.{location}.{name}``, where ``location`` is ``querystring``, ``path``, or ``header`` and ``name`` is a valid and unique parameter name. The value associated with the key is a Boolean flag indicating whether the parameter is required (``true``) or optional (``false``). The method request parameter + names defined here are available in Integration to be mapped to integration request parameters or templates. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: boolean + RequestValidatorId: + description: The identifier of a RequestValidator for request validation. + type: string + ResourceId: + description: The Resource identifier for the MethodResponse resource. + type: string + RestApiId: + description: The string identifier of the associated RestApi. + type: string + required: + - RestApiId + - ResourceId + - HttpMethod + x-stackql-resource-name: method + description: The ``AWS::ApiGateway::Method`` resource creates API Gateway methods that define the parameters and body that clients must send in their requests. + x-type-name: AWS::ApiGateway::Method + x-stackql-primary-identifier: + - RestApiId + - ResourceId + - HttpMethod + x-create-only-properties: + - RestApiId + - ResourceId + - HttpMethod + x-required-properties: + - RestApiId + - ResourceId + - HttpMethod + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - apigateway:PUT + - apigateway:GET + - iam:PassRole + read: + - apigateway:GET + update: + - apigateway:GET + - apigateway:DELETE + - apigateway:PUT + - iam:PassRole + delete: + - apigateway:DELETE + Model: + type: object + properties: + ContentType: + type: string + description: The content-type for the model. + Description: + type: string + description: The description of the model. + Name: + type: string + description: |- + A name for the model. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the model name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). + If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + RestApiId: + type: string + description: The string identifier of the associated RestApi. + Schema: + description: The schema for the model. For ``application/json`` models, this should be JSON schema draft 4 model. Do not include "\*/" characters in the description of any properties because such "\*/" characters may be interpreted as the closing marker for comments in some languages, such as Java or JavaScript, causing the installation of your API's SDK generated by API Gateway to fail. + type: object + required: + - RestApiId + x-stackql-resource-name: model + description: The ``AWS::ApiGateway::Model`` resource defines the structure of a request or response payload for an API method. + x-type-name: AWS::ApiGateway::Model + x-stackql-primary-identifier: + - RestApiId + - Name + x-create-only-properties: + - ContentType + - Name + - RestApiId + x-required-properties: + - RestApiId + x-required-permissions: + create: + - apigateway:POST + - apigateway:GET + read: + - apigateway:GET + update: + - apigateway:PATCH + - apigateway:GET + delete: + - apigateway:GET + - apigateway:DELETE + list: + - apigateway:GET + RequestValidator: + type: object + properties: + RequestValidatorId: + description: '' + type: string + Name: + description: The name of this RequestValidator + type: string + RestApiId: + description: The string identifier of the associated RestApi. + type: string + ValidateRequestBody: + description: A Boolean flag to indicate whether to validate a request body according to the configured Model schema. + type: boolean + ValidateRequestParameters: + description: A Boolean flag to indicate whether to validate request parameters (``true``) or not (``false``). + type: boolean + required: + - RestApiId + x-stackql-resource-name: request_validator + description: The ``AWS::ApiGateway::RequestValidator`` resource sets up basic validation rules for incoming requests to your API. For more information, see [Enable Basic Request Validation for an API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-method-request-validation.html) in the *API Gateway Developer Guide*. + x-type-name: AWS::ApiGateway::RequestValidator + x-stackql-primary-identifier: + - RestApiId + - RequestValidatorId + x-create-only-properties: + - Name + - RestApiId + x-read-only-properties: + - RequestValidatorId + x-required-properties: + - RestApiId + x-required-permissions: + create: + - apigateway:POST + - apigateway:GET + update: + - apigateway:PATCH + - apigateway:GET + delete: + - apigateway:DELETE + read: + - apigateway:GET + list: + - apigateway:GET + Resource: + type: object + properties: + ResourceId: + description: '' + type: string + RestApiId: + description: The string identifier of the associated RestApi. + type: string + ParentId: + description: The parent resource's identifier. + type: string + PathPart: + description: The last path segment for this resource. + type: string + required: + - ParentId + - PathPart + - RestApiId + x-stackql-resource-name: resource + description: The ``AWS::ApiGateway::Resource`` resource creates a resource in an API. + x-type-name: AWS::ApiGateway::Resource + x-stackql-primary-identifier: + - RestApiId + - ResourceId + x-create-only-properties: + - PathPart + - ParentId + - RestApiId + x-read-only-properties: + - ResourceId + x-required-properties: + - ParentId + - PathPart + - RestApiId + x-required-permissions: + read: + - apigateway:GET + create: + - apigateway:POST + update: + - apigateway:GET + - apigateway:PATCH + delete: + - apigateway:DELETE + list: + - apigateway:GET + S3Location: + type: object + additionalProperties: false + properties: + Bucket: + type: string + description: The name of the S3 bucket where the OpenAPI file is stored. + ETag: + type: string + description: The Amazon S3 ETag (a file checksum) of the OpenAPI file. If you don't specify a value, API Gateway skips ETag validation of your OpenAPI file. + Version: + type: string + description: For versioning-enabled buckets, a specific version of the OpenAPI file. + Key: + type: string + description: The file name of the OpenAPI file (Amazon S3 object name). + description: |- + ``S3Location`` is a property of the [AWS::ApiGateway::RestApi](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html) resource that specifies the Amazon S3 location of a OpenAPI (formerly Swagger) file that defines a set of RESTful APIs in JSON or YAML. + On January 1, 2016, the Swagger Specification was donated to the [OpenAPI initiative](https://docs.aws.amazon.com/https://www.openapis.org/), becoming the foundation of the OpenAPI Specification. + RestApi: + type: object + properties: + RestApiId: + type: string + description: '' + RootResourceId: + type: string + description: '' + ApiKeySourceType: + type: string + description: 'The source of the API key for metering requests according to a usage plan. Valid values are: ``HEADER`` to read the API key from the ``X-API-Key`` header of a request. ``AUTHORIZER`` to read the API key from the ``UsageIdentifierKey`` from a custom authorizer.' + BinaryMediaTypes: + type: array + uniqueItems: true + items: + type: string + description: The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads. + Body: + type: object + description: An OpenAPI specification that defines a set of RESTful APIs in JSON format. For YAML templates, you can also provide the specification in YAML format. + BodyS3Location: + $ref: '#/components/schemas/S3Location' + description: The Amazon Simple Storage Service (Amazon S3) location that points to an OpenAPI file, which defines a set of RESTful APIs in JSON or YAML format. + CloneFrom: + type: string + description: The ID of the RestApi that you want to clone from. + EndpointConfiguration: + $ref: '#/components/schemas/EndpointConfiguration' + description: A list of the endpoint types of the API. Use this property when creating an API. When importing an existing API, specify the endpoint configuration types using the ``Parameters`` property. + Description: + type: string + description: The description of the RestApi. + DisableExecuteApiEndpoint: + type: boolean + description: Specifies whether clients can invoke your API by using the default ``execute-api`` endpoint. By default, clients can invoke your API with the default ``https://{api_id}.execute-api.{region}.amazonaws.com`` endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint + FailOnWarnings: + type: boolean + description: A query parameter to indicate whether to rollback the API update (``true``) or not (``false``) when a warning is encountered. The default value is ``false``. + Name: + type: string + description: The name of the RestApi. A name is required if the REST API is not based on an OpenAPI specification. + MinimumCompressionSize: + type: integer + description: A nullable integer that is used to enable compression (with non-negative between 0 and 10485760 (10M) bytes, inclusive) or disable compression (with a null value) on an API. When compression is enabled, compression or decompression is not applied on the payload if the payload size is smaller than this value. Setting it to zero allows compression for any payload size. + Mode: + type: string + description: |- + This property applies only when you use OpenAPI to define your REST API. The ``Mode`` determines how API Gateway handles resource updates. + Valid values are ``overwrite`` or ``merge``. + For ``overwrite``, the new API definition replaces the existing one. The existing API identifier remains unchanged. + For ``merge``, the new API definition is merged with the existing API. + If you don't specify this property, a default value is chosen. For REST APIs created before March 29, 2021, the default is ``overwrite``. For REST APIs created after March 29, 2021, the new API definition takes precedence, but any container types such as endpoint configurations and binary media types are merged with the existing API. + Use the default mode to define top-level ``RestApi`` properties in addition to using OpenAPI. Generally, it's preferred to use API Gateway's OpenAPI extensions to model these properties. + Policy: + type: object + description: A policy document that contains the permissions for the ``RestApi`` resource. To set the ARN for the policy, use the ``!Join`` intrinsic function with ``""`` as delimiter and values of ``"execute-api:/"`` and ``"*"``. + Parameters: + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + description: Custom header parameters as part of the request. For example, to exclude DocumentationParts from an imported API, set ``ignore=documentation`` as a ``parameters`` value, as in the AWS CLI command of ``aws apigateway import-rest-api --parameters ignore=documentation --body 'file:///path/to/imported-api-body.json'``. + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + description: The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with ``aws:``. The tag value can be up to 256 characters. + x-stackql-resource-name: rest_api + description: |- + The ``AWS::ApiGateway::RestApi`` resource creates a REST API. For more information, see [restapi:create](https://docs.aws.amazon.com/apigateway/latest/api/API_CreateRestApi.html) in the *Amazon API Gateway REST API Reference*. + On January 1, 2016, the Swagger Specification was donated to the [OpenAPI initiative](https://docs.aws.amazon.com/https://www.openapis.org/), becoming the foundation of the OpenAPI Specification. + x-type-name: AWS::ApiGateway::RestApi + x-stackql-primary-identifier: + - RestApiId + x-write-only-properties: + - Body + - BodyS3Location + - CloneFrom + - FailOnWarnings + - Mode + - Parameters + x-read-only-properties: + - RestApiId + - RootResourceId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - apigateway:GET + - apigateway:POST + - apigateway:PUT + - apigateway:PATCH + - apigateway:UpdateRestApiPolicy + - s3:GetObject + - iam:PassRole + read: + - apigateway:GET + update: + - apigateway:GET + - apigateway:DELETE + - apigateway:PATCH + - apigateway:PUT + - apigateway:UpdateRestApiPolicy + - s3:GetObject + - iam:PassRole + delete: + - apigateway:DELETE + list: + - apigateway:GET + Stage: + type: object + properties: + AccessLogSetting: + description: Access log settings, including the access log format and access log destination ARN. + $ref: '#/components/schemas/AccessLogSetting' + CacheClusterEnabled: + description: Specifies whether a cache cluster is enabled for the stage. + type: boolean + CacheClusterSize: + description: The stage's cache capacity in GB. For more information about choosing a cache size, see [Enabling API caching to enhance responsiveness](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html). + type: string + CanarySetting: + description: Settings for the canary deployment in this stage. + $ref: '#/components/schemas/CanarySetting' + ClientCertificateId: + description: The identifier of a client certificate for an API stage. + type: string + DeploymentId: + description: The identifier of the Deployment that the stage points to. + type: string + Description: + description: The stage's description. + type: string + DocumentationVersion: + description: The version of the associated API documentation. + type: string + MethodSettings: + description: A map that defines the method settings for a Stage resource. Keys (designated as ``/{method_setting_key`` below) are method paths defined as ``{resource_path}/{http_method}`` for an individual method override, or ``/\*/\*`` for overriding all methods in the stage. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/MethodSetting' + RestApiId: + description: The string identifier of the associated RestApi. + type: string + StageName: + description: The name of the stage is the first path segment in the Uniform Resource Identifier (URI) of a call to API Gateway. Stage names can only contain alphanumeric characters, hyphens, and underscores. Maximum length is 128 characters. + type: string + Tags: + description: The collection of tags. Each tag element is associated with a given resource. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + TracingEnabled: + description: Specifies whether active tracing with X-ray is enabled for the Stage. + type: boolean + Variables: + description: 'A map (string-to-string map) that defines the stage variables, where the variable name is the key and the variable value is the value. Variable names are limited to alphanumeric characters. Values must match the following regular expression: ``[A-Za-z0-9-._~:/?#&=,]+``.' + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + required: + - RestApiId + x-stackql-resource-name: stage + description: The ``AWS::ApiGateway::Stage`` resource creates a stage for a deployment. + x-type-name: AWS::ApiGateway::Stage + x-stackql-primary-identifier: + - RestApiId + - StageName + x-create-only-properties: + - RestApiId + - StageName + x-required-properties: + - RestApiId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - apigateway:POST + - apigateway:PATCH + - apigateway:GET + - apigateway:PUT + read: + - apigateway:GET + update: + - apigateway:GET + - apigateway:PATCH + - apigateway:PUT + - apigateway:DELETE + delete: + - apigateway:DELETE + list: + - apigateway:GET + ApiStage: + type: object + additionalProperties: false + properties: + ApiId: + type: string + description: API Id of the associated API stage in a usage plan. + Stage: + type: string + description: API stage name of the associated API stage in a usage plan. + Throttle: + type: object + description: Map containing method level throttling information for API stage in a usage plan. + additionalProperties: false + x-patternProperties: + .*: + $ref: '#/components/schemas/ThrottleSettings' + description: API stage name of the associated API stage in a usage plan. + ThrottleSettings: + type: object + additionalProperties: false + properties: + BurstLimit: + type: integer + minimum: 0 + description: The API target request burst rate limit. This allows more requests through for a period of time than the target rate limit. + RateLimit: + type: number + minimum: 0 + description: The API target request rate limit. + description: '``ThrottleSettings`` is a property of the [AWS::ApiGateway::UsagePlan](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html) resource that specifies the overall request rate (average requests per second) and burst capacity when users call your REST APIs.' + QuotaSettings: + type: object + additionalProperties: false + properties: + Limit: + type: integer + minimum: 0 + description: The target maximum number of requests that can be made in a given time period. + Offset: + type: integer + minimum: 0 + description: The number of requests subtracted from the given limit in the initial time period. + Period: + type: string + description: The time period in which the limit applies. Valid values are "DAY", "WEEK" or "MONTH". + description: |- + ``QuotaSettings`` is a property of the [AWS::ApiGateway::UsagePlan](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html) resource that specifies a target for the maximum number of requests users can make to your REST APIs. + In some cases clients can exceed the targets that you set. Don’t rely on usage plans to control costs. Consider using [](https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-managing-costs.html) to monitor costs and [](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) to manage API requests. + UsagePlan: + type: object + properties: + Id: + type: string + description: '' + ApiStages: + type: array + description: The associated API stages of a usage plan. + uniqueItems: true + items: + $ref: '#/components/schemas/ApiStage' + Description: + type: string + description: The description of a usage plan. + Quota: + $ref: '#/components/schemas/QuotaSettings' + description: The target maximum number of permitted requests per a given unit time interval. + Tags: + type: array + description: The collection of tags. Each tag element is associated with a given resource. + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + Throttle: + $ref: '#/components/schemas/ThrottleSettings' + description: A map containing method level throttling information for API stage in a usage plan. + UsagePlanName: + type: string + description: The name of a usage plan. + x-stackql-resource-name: usage_plan + description: |- + The ``AWS::ApiGateway::UsagePlan`` resource creates a usage plan for deployed APIs. A usage plan sets a target for the throttling and quota limits on individual client API keys. For more information, see [Creating and Using API Usage Plans in Amazon API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html) in the *API Gateway Developer Guide*. + In some cases clients can exceed the targets that you set. Don’t rely on usage plans to control costs. Consider using [](https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-managing-costs.html) to monitor costs and [](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) to manage API requests. + x-type-name: AWS::ApiGateway::UsagePlan + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - apigateway:POST + - apigateway:GET + - apigateway:PUT + read: + - apigateway:GET + update: + - apigateway:GET + - apigateway:DELETE + - apigateway:PATCH + - apigateway:PUT + delete: + - apigateway:DELETE + - apigateway:GET + - apigateway:PATCH + list: + - apigateway:GET + UsagePlanKey: + type: object + properties: + KeyId: + description: The Id of the UsagePlanKey resource. + type: string + KeyType: + description: The type of a UsagePlanKey resource for a plan customer. + type: string + enum: + - API_KEY + UsagePlanId: + description: The Id of the UsagePlan resource representing the usage plan containing the UsagePlanKey resource representing a plan customer. + type: string + Id: + description: '' + type: string + required: + - KeyType + - UsagePlanId + - KeyId + x-stackql-resource-name: usage_plan_key + description: The ``AWS::ApiGateway::UsagePlanKey`` resource associates an API key with a usage plan. This association determines which users the usage plan is applied to. + x-type-name: AWS::ApiGateway::UsagePlanKey + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - KeyId + - UsagePlanId + - KeyType + x-read-only-properties: + - Id + x-required-properties: + - KeyType + - UsagePlanId + - KeyId + x-required-permissions: + create: + - apigateway:POST + - apigateway:GET + read: + - apigateway:GET + delete: + - apigateway:DELETE + - apigateway:GET + list: + - apigateway:GET + VpcLink: + type: object + properties: + Name: + description: A name for the VPC link. + type: string + Description: + description: A description of the VPC link. + type: string + Tags: + description: An array of arbitrary tags (key-value pairs) to associate with the stage. + x-insertionOrder: false + uniqueItems: true + type: array + items: + $ref: '#/components/schemas/Tag' + TargetArns: + description: The ARN of network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner. + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + VpcLinkId: + description: The ID of the instance that backs VPC link. + type: string + required: + - Name + - TargetArns + x-stackql-resource-name: vpc_link + description: Schema for AWS ApiGateway VpcLink + x-type-name: AWS::ApiGateway::VpcLink + x-stackql-primary-identifier: + - VpcLinkId + x-create-only-properties: + - TargetArns + x-read-only-properties: + - VpcLinkId + x-required-properties: + - Name + - TargetArns + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - apigateway:POST + - apigateway:PUT + - apigateway:GET + - ec2:CreateVpcEndpointServiceConfiguration + - ec2:DeleteVpcEndpointServiceConfigurations + - ec2:DescribeVpcEndpointServiceConfigurations + - ec2:ModifyVpcEndpointServicePermissions + update: + - apigateway:PATCH + - apigateway:GET + - apigateway:PUT + - ec2:CreateVpcEndpointServiceConfiguration + - ec2:DeleteVpcEndpointServiceConfigurations + - ec2:DescribeVpcEndpointServiceConfigurations + - ec2:ModifyVpcEndpointServicePermissions + read: + - apigateway:GET + - ec2:CreateVpcEndpointServiceConfiguration + - ec2:DeleteVpcEndpointServiceConfigurations + - ec2:DescribeVpcEndpointServiceConfigurations + - ec2:ModifyVpcEndpointServicePermissions + list: + - apigateway:GET + - ec2:CreateVpcEndpointServiceConfiguration + - ec2:DeleteVpcEndpointServiceConfigurations + - ec2:DescribeVpcEndpointServiceConfigurations + - ec2:ModifyVpcEndpointServicePermissions + delete: + - apigateway:GET + - apigateway:DELETE + - apigateway:PUT + - ec2:CreateVpcEndpointServiceConfiguration + - ec2:DeleteVpcEndpointServiceConfigurations + - ec2:DescribeVpcEndpointServiceConfigurations + - ec2:ModifyVpcEndpointServicePermissions + x-stackQL-resources: + account: + name: account + id: aws.apigateway.account + x-cfn-schema-name: Account + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.CloudWatchRoleArn') as cloud_watch_role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::Account' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'CloudWatchRoleArn') as cloud_watch_role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::Account' + AND data__Identifier = '' + AND region = 'us-east-1' + api_keys: + name: api_keys + id: aws.apigateway.api_keys + x-cfn-schema-name: ApiKey + x-type: list + x-identifiers: + - APIKeyId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.APIKeyId') as api_key_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::ApiKey' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'APIKeyId') as api_key_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::ApiKey' + AND region = 'us-east-1' + api_key: + name: api_key + id: aws.apigateway.api_key + x-cfn-schema-name: ApiKey + x-type: get + x-identifiers: + - APIKeyId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.APIKeyId') as api_key_id, + JSON_EXTRACT(Properties, '$.CustomerId') as customer_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Enabled') as enabled, + JSON_EXTRACT(Properties, '$.GenerateDistinctId') as generate_distinct_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.StageKeys') as stage_keys, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Value') as value + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::ApiKey' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'APIKeyId') as api_key_id, + json_extract_path_text(Properties, 'CustomerId') as customer_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Enabled') as enabled, + json_extract_path_text(Properties, 'GenerateDistinctId') as generate_distinct_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'StageKeys') as stage_keys, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Value') as value + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::ApiKey' + AND data__Identifier = '' + AND region = 'us-east-1' + authorizers: + name: authorizers + id: aws.apigateway.authorizers + x-cfn-schema-name: Authorizer + x-type: list + x-identifiers: + - RestApiId + - AuthorizerId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id, + JSON_EXTRACT(Properties, '$.AuthorizerId') as authorizer_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::Authorizer' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id, + json_extract_path_text(Properties, 'AuthorizerId') as authorizer_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::Authorizer' + AND region = 'us-east-1' + authorizer: + name: authorizer + id: aws.apigateway.authorizer + x-cfn-schema-name: Authorizer + x-type: get + x-identifiers: + - RestApiId + - AuthorizerId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id, + JSON_EXTRACT(Properties, '$.AuthorizerId') as authorizer_id, + JSON_EXTRACT(Properties, '$.AuthType') as auth_type, + JSON_EXTRACT(Properties, '$.AuthorizerCredentials') as authorizer_credentials, + JSON_EXTRACT(Properties, '$.AuthorizerResultTtlInSeconds') as authorizer_result_ttl_in_seconds, + JSON_EXTRACT(Properties, '$.AuthorizerUri') as authorizer_uri, + JSON_EXTRACT(Properties, '$.IdentitySource') as identity_source, + JSON_EXTRACT(Properties, '$.IdentityValidationExpression') as identity_validation_expression, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ProviderARNs') as provider_arns, + JSON_EXTRACT(Properties, '$.Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::Authorizer' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id, + json_extract_path_text(Properties, 'AuthorizerId') as authorizer_id, + json_extract_path_text(Properties, 'AuthType') as auth_type, + json_extract_path_text(Properties, 'AuthorizerCredentials') as authorizer_credentials, + json_extract_path_text(Properties, 'AuthorizerResultTtlInSeconds') as authorizer_result_ttl_in_seconds, + json_extract_path_text(Properties, 'AuthorizerUri') as authorizer_uri, + json_extract_path_text(Properties, 'IdentitySource') as identity_source, + json_extract_path_text(Properties, 'IdentityValidationExpression') as identity_validation_expression, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ProviderARNs') as provider_arns, + json_extract_path_text(Properties, 'Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::Authorizer' + AND data__Identifier = '|' + AND region = 'us-east-1' + base_path_mappings: + name: base_path_mappings + id: aws.apigateway.base_path_mappings + x-cfn-schema-name: BasePathMapping + x-type: list + x-identifiers: + - DomainName + - BasePath + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.BasePath') as base_path + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::BasePathMapping' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'BasePath') as base_path + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::BasePathMapping' + AND region = 'us-east-1' + base_path_mapping: + name: base_path_mapping + id: aws.apigateway.base_path_mapping + x-cfn-schema-name: BasePathMapping + x-type: get + x-identifiers: + - DomainName + - BasePath + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.BasePath') as base_path, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id, + JSON_EXTRACT(Properties, '$.Stage') as stage + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::BasePathMapping' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'BasePath') as base_path, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id, + json_extract_path_text(Properties, 'Stage') as stage + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::BasePathMapping' + AND data__Identifier = '|' + AND region = 'us-east-1' + client_certificates: + name: client_certificates + id: aws.apigateway.client_certificates + x-cfn-schema-name: ClientCertificate + x-type: list + x-identifiers: + - ClientCertificateId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ClientCertificateId') as client_certificate_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::ClientCertificate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ClientCertificateId') as client_certificate_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::ClientCertificate' + AND region = 'us-east-1' + client_certificate: + name: client_certificate + id: aws.apigateway.client_certificate + x-cfn-schema-name: ClientCertificate + x-type: get + x-identifiers: + - ClientCertificateId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ClientCertificateId') as client_certificate_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::ClientCertificate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ClientCertificateId') as client_certificate_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::ClientCertificate' + AND data__Identifier = '' + AND region = 'us-east-1' + deployments: + name: deployments + id: aws.apigateway.deployments + x-cfn-schema-name: Deployment + x-type: list + x-identifiers: + - DeploymentId + - RestApiId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DeploymentId') as deployment_id, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::Deployment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DeploymentId') as deployment_id, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::Deployment' + AND region = 'us-east-1' + deployment: + name: deployment + id: aws.apigateway.deployment + x-cfn-schema-name: Deployment + x-type: get + x-identifiers: + - DeploymentId + - RestApiId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DeploymentId') as deployment_id, + JSON_EXTRACT(Properties, '$.DeploymentCanarySettings') as deployment_canary_settings, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id, + JSON_EXTRACT(Properties, '$.StageDescription') as stage_description, + JSON_EXTRACT(Properties, '$.StageName') as stage_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::Deployment' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DeploymentId') as deployment_id, + json_extract_path_text(Properties, 'DeploymentCanarySettings') as deployment_canary_settings, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id, + json_extract_path_text(Properties, 'StageDescription') as stage_description, + json_extract_path_text(Properties, 'StageName') as stage_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::Deployment' + AND data__Identifier = '|' + AND region = 'us-east-1' + documentation_parts: + name: documentation_parts + id: aws.apigateway.documentation_parts + x-cfn-schema-name: DocumentationPart + x-type: list + x-identifiers: + - DocumentationPartId + - RestApiId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DocumentationPartId') as documentation_part_id, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DocumentationPart' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DocumentationPartId') as documentation_part_id, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DocumentationPart' + AND region = 'us-east-1' + documentation_part: + name: documentation_part + id: aws.apigateway.documentation_part + x-cfn-schema-name: DocumentationPart + x-type: get + x-identifiers: + - DocumentationPartId + - RestApiId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DocumentationPartId') as documentation_part_id, + JSON_EXTRACT(Properties, '$.Location') as location, + JSON_EXTRACT(Properties, '$.Properties') as properties, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::DocumentationPart' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DocumentationPartId') as documentation_part_id, + json_extract_path_text(Properties, 'Location') as location, + json_extract_path_text(Properties, 'Properties') as properties, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::DocumentationPart' + AND data__Identifier = '|' + AND region = 'us-east-1' + documentation_versions: + name: documentation_versions + id: aws.apigateway.documentation_versions + x-cfn-schema-name: DocumentationVersion + x-type: list + x-identifiers: + - DocumentationVersion + - RestApiId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DocumentationVersion') as documentation_version, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DocumentationVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DocumentationVersion') as documentation_version, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DocumentationVersion' + AND region = 'us-east-1' + documentation_version: + name: documentation_version + id: aws.apigateway.documentation_version + x-cfn-schema-name: DocumentationVersion + x-type: get + x-identifiers: + - DocumentationVersion + - RestApiId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DocumentationVersion') as documentation_version, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::DocumentationVersion' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DocumentationVersion') as documentation_version, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::DocumentationVersion' + AND data__Identifier = '|' + AND region = 'us-east-1' + domain_names: + name: domain_names + id: aws.apigateway.domain_names + x-cfn-schema-name: DomainName + x-type: list + x-identifiers: + - DomainName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DomainName' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainName') as domain_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DomainName' + AND region = 'us-east-1' + domain_name: + name: domain_name + id: aws.apigateway.domain_name + x-cfn-schema-name: DomainName + x-type: get + x-identifiers: + - DomainName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.DistributionDomainName') as distribution_domain_name, + JSON_EXTRACT(Properties, '$.DistributionHostedZoneId') as distribution_hosted_zone_id, + JSON_EXTRACT(Properties, '$.EndpointConfiguration') as endpoint_configuration, + JSON_EXTRACT(Properties, '$.MutualTlsAuthentication') as mutual_tls_authentication, + JSON_EXTRACT(Properties, '$.RegionalDomainName') as regional_domain_name, + JSON_EXTRACT(Properties, '$.RegionalHostedZoneId') as regional_hosted_zone_id, + JSON_EXTRACT(Properties, '$.CertificateArn') as certificate_arn, + JSON_EXTRACT(Properties, '$.RegionalCertificateArn') as regional_certificate_arn, + JSON_EXTRACT(Properties, '$.OwnershipVerificationCertificateArn') as ownership_verification_certificate_arn, + JSON_EXTRACT(Properties, '$.SecurityPolicy') as security_policy, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::DomainName' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'DistributionDomainName') as distribution_domain_name, + json_extract_path_text(Properties, 'DistributionHostedZoneId') as distribution_hosted_zone_id, + json_extract_path_text(Properties, 'EndpointConfiguration') as endpoint_configuration, + json_extract_path_text(Properties, 'MutualTlsAuthentication') as mutual_tls_authentication, + json_extract_path_text(Properties, 'RegionalDomainName') as regional_domain_name, + json_extract_path_text(Properties, 'RegionalHostedZoneId') as regional_hosted_zone_id, + json_extract_path_text(Properties, 'CertificateArn') as certificate_arn, + json_extract_path_text(Properties, 'RegionalCertificateArn') as regional_certificate_arn, + json_extract_path_text(Properties, 'OwnershipVerificationCertificateArn') as ownership_verification_certificate_arn, + json_extract_path_text(Properties, 'SecurityPolicy') as security_policy, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::DomainName' + AND data__Identifier = '' + AND region = 'us-east-1' + method: + name: method + id: aws.apigateway.method + x-cfn-schema-name: Method + x-type: get + x-identifiers: + - RestApiId + - ResourceId + - HttpMethod + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApiKeyRequired') as api_key_required, + JSON_EXTRACT(Properties, '$.AuthorizationScopes') as authorization_scopes, + JSON_EXTRACT(Properties, '$.AuthorizationType') as authorization_type, + JSON_EXTRACT(Properties, '$.AuthorizerId') as authorizer_id, + JSON_EXTRACT(Properties, '$.HttpMethod') as http_method, + JSON_EXTRACT(Properties, '$.Integration') as integration, + JSON_EXTRACT(Properties, '$.MethodResponses') as method_responses, + JSON_EXTRACT(Properties, '$.OperationName') as operation_name, + JSON_EXTRACT(Properties, '$.RequestModels') as request_models, + JSON_EXTRACT(Properties, '$.RequestParameters') as request_parameters, + JSON_EXTRACT(Properties, '$.RequestValidatorId') as request_validator_id, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::Method' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApiKeyRequired') as api_key_required, + json_extract_path_text(Properties, 'AuthorizationScopes') as authorization_scopes, + json_extract_path_text(Properties, 'AuthorizationType') as authorization_type, + json_extract_path_text(Properties, 'AuthorizerId') as authorizer_id, + json_extract_path_text(Properties, 'HttpMethod') as http_method, + json_extract_path_text(Properties, 'Integration') as integration, + json_extract_path_text(Properties, 'MethodResponses') as method_responses, + json_extract_path_text(Properties, 'OperationName') as operation_name, + json_extract_path_text(Properties, 'RequestModels') as request_models, + json_extract_path_text(Properties, 'RequestParameters') as request_parameters, + json_extract_path_text(Properties, 'RequestValidatorId') as request_validator_id, + json_extract_path_text(Properties, 'ResourceId') as resource_id, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::Method' + AND data__Identifier = '||' + AND region = 'us-east-1' + models: + name: models + id: aws.apigateway.models + x-cfn-schema-name: Model + x-type: list + x-identifiers: + - RestApiId + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::Model' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::Model' + AND region = 'us-east-1' + model: + name: model + id: aws.apigateway.model + x-cfn-schema-name: Model + x-type: get + x-identifiers: + - RestApiId + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ContentType') as content_type, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id, + JSON_EXTRACT(Properties, '$.Schema') as _schema + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::Model' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ContentType') as content_type, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id, + json_extract_path_text(Properties, 'Schema') as _schema + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::Model' + AND data__Identifier = '|' + AND region = 'us-east-1' + request_validators: + name: request_validators + id: aws.apigateway.request_validators + x-cfn-schema-name: RequestValidator + x-type: list + x-identifiers: + - RestApiId + - RequestValidatorId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id, + JSON_EXTRACT(Properties, '$.RequestValidatorId') as request_validator_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::RequestValidator' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id, + json_extract_path_text(Properties, 'RequestValidatorId') as request_validator_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::RequestValidator' + AND region = 'us-east-1' + request_validator: + name: request_validator + id: aws.apigateway.request_validator + x-cfn-schema-name: RequestValidator + x-type: get + x-identifiers: + - RestApiId + - RequestValidatorId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RequestValidatorId') as request_validator_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id, + JSON_EXTRACT(Properties, '$.ValidateRequestBody') as validate_request_body, + JSON_EXTRACT(Properties, '$.ValidateRequestParameters') as validate_request_parameters + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::RequestValidator' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RequestValidatorId') as request_validator_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id, + json_extract_path_text(Properties, 'ValidateRequestBody') as validate_request_body, + json_extract_path_text(Properties, 'ValidateRequestParameters') as validate_request_parameters + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::RequestValidator' + AND data__Identifier = '|' + AND region = 'us-east-1' + resources: + name: resources + id: aws.apigateway.resources + x-cfn-schema-name: Resource + x-type: list + x-identifiers: + - RestApiId + - ResourceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::Resource' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id, + json_extract_path_text(Properties, 'ResourceId') as resource_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::Resource' + AND region = 'us-east-1' + resource: + name: resource + id: aws.apigateway.resource + x-cfn-schema-name: Resource + x-type: get + x-identifiers: + - RestApiId + - ResourceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id, + JSON_EXTRACT(Properties, '$.ParentId') as parent_id, + JSON_EXTRACT(Properties, '$.PathPart') as path_part + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::Resource' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ResourceId') as resource_id, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id, + json_extract_path_text(Properties, 'ParentId') as parent_id, + json_extract_path_text(Properties, 'PathPart') as path_part + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::Resource' + AND data__Identifier = '|' + AND region = 'us-east-1' + rest_apis: + name: rest_apis + id: aws.apigateway.rest_apis + x-cfn-schema-name: RestApi + x-type: list + x-identifiers: + - RestApiId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::RestApi' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::RestApi' + AND region = 'us-east-1' + rest_api: + name: rest_api + id: aws.apigateway.rest_api + x-cfn-schema-name: RestApi + x-type: get + x-identifiers: + - RestApiId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id, + JSON_EXTRACT(Properties, '$.RootResourceId') as root_resource_id, + JSON_EXTRACT(Properties, '$.ApiKeySourceType') as api_key_source_type, + JSON_EXTRACT(Properties, '$.BinaryMediaTypes') as binary_media_types, + JSON_EXTRACT(Properties, '$.Body') as body, + JSON_EXTRACT(Properties, '$.BodyS3Location') as body_s3_location, + JSON_EXTRACT(Properties, '$.CloneFrom') as clone_from, + JSON_EXTRACT(Properties, '$.EndpointConfiguration') as endpoint_configuration, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DisableExecuteApiEndpoint') as disable_execute_api_endpoint, + JSON_EXTRACT(Properties, '$.FailOnWarnings') as fail_on_warnings, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.MinimumCompressionSize') as minimum_compression_size, + JSON_EXTRACT(Properties, '$.Mode') as mode, + JSON_EXTRACT(Properties, '$.Policy') as policy, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::RestApi' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id, + json_extract_path_text(Properties, 'RootResourceId') as root_resource_id, + json_extract_path_text(Properties, 'ApiKeySourceType') as api_key_source_type, + json_extract_path_text(Properties, 'BinaryMediaTypes') as binary_media_types, + json_extract_path_text(Properties, 'Body') as body, + json_extract_path_text(Properties, 'BodyS3Location') as body_s3_location, + json_extract_path_text(Properties, 'CloneFrom') as clone_from, + json_extract_path_text(Properties, 'EndpointConfiguration') as endpoint_configuration, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DisableExecuteApiEndpoint') as disable_execute_api_endpoint, + json_extract_path_text(Properties, 'FailOnWarnings') as fail_on_warnings, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'MinimumCompressionSize') as minimum_compression_size, + json_extract_path_text(Properties, 'Mode') as mode, + json_extract_path_text(Properties, 'Policy') as policy, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::RestApi' + AND data__Identifier = '' + AND region = 'us-east-1' + stages: + name: stages + id: aws.apigateway.stages + x-cfn-schema-name: Stage + x-type: list + x-identifiers: + - RestApiId + - StageName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id, + JSON_EXTRACT(Properties, '$.StageName') as stage_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::Stage' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id, + json_extract_path_text(Properties, 'StageName') as stage_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::Stage' + AND region = 'us-east-1' + stage: + name: stage + id: aws.apigateway.stage + x-cfn-schema-name: Stage + x-type: get + x-identifiers: + - RestApiId + - StageName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccessLogSetting') as access_log_setting, + JSON_EXTRACT(Properties, '$.CacheClusterEnabled') as cache_cluster_enabled, + JSON_EXTRACT(Properties, '$.CacheClusterSize') as cache_cluster_size, + JSON_EXTRACT(Properties, '$.CanarySetting') as canary_setting, + JSON_EXTRACT(Properties, '$.ClientCertificateId') as client_certificate_id, + JSON_EXTRACT(Properties, '$.DeploymentId') as deployment_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DocumentationVersion') as documentation_version, + JSON_EXTRACT(Properties, '$.MethodSettings') as method_settings, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id, + JSON_EXTRACT(Properties, '$.StageName') as stage_name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TracingEnabled') as tracing_enabled, + JSON_EXTRACT(Properties, '$.Variables') as variables + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::Stage' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccessLogSetting') as access_log_setting, + json_extract_path_text(Properties, 'CacheClusterEnabled') as cache_cluster_enabled, + json_extract_path_text(Properties, 'CacheClusterSize') as cache_cluster_size, + json_extract_path_text(Properties, 'CanarySetting') as canary_setting, + json_extract_path_text(Properties, 'ClientCertificateId') as client_certificate_id, + json_extract_path_text(Properties, 'DeploymentId') as deployment_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DocumentationVersion') as documentation_version, + json_extract_path_text(Properties, 'MethodSettings') as method_settings, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id, + json_extract_path_text(Properties, 'StageName') as stage_name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TracingEnabled') as tracing_enabled, + json_extract_path_text(Properties, 'Variables') as variables + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::Stage' + AND data__Identifier = '|' + AND region = 'us-east-1' + usage_plans: + name: usage_plans + id: aws.apigateway.usage_plans + x-cfn-schema-name: UsagePlan + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::UsagePlan' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::UsagePlan' + AND region = 'us-east-1' + usage_plan: + name: usage_plan + id: aws.apigateway.usage_plan + x-cfn-schema-name: UsagePlan + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ApiStages') as api_stages, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Quota') as quota, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Throttle') as throttle, + JSON_EXTRACT(Properties, '$.UsagePlanName') as usage_plan_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::UsagePlan' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ApiStages') as api_stages, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Quota') as quota, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Throttle') as throttle, + json_extract_path_text(Properties, 'UsagePlanName') as usage_plan_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::UsagePlan' + AND data__Identifier = '' + AND region = 'us-east-1' + usage_plan_keys: + name: usage_plan_keys + id: aws.apigateway.usage_plan_keys + x-cfn-schema-name: UsagePlanKey + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::UsagePlanKey' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::UsagePlanKey' + AND region = 'us-east-1' + usage_plan_key: + name: usage_plan_key + id: aws.apigateway.usage_plan_key + x-cfn-schema-name: UsagePlanKey + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.KeyId') as key_id, + JSON_EXTRACT(Properties, '$.KeyType') as key_type, + JSON_EXTRACT(Properties, '$.UsagePlanId') as usage_plan_id, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::UsagePlanKey' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'KeyId') as key_id, + json_extract_path_text(Properties, 'KeyType') as key_type, + json_extract_path_text(Properties, 'UsagePlanId') as usage_plan_id, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::UsagePlanKey' + AND data__Identifier = '' + AND region = 'us-east-1' + vpc_links: + name: vpc_links + id: aws.apigateway.vpc_links + x-cfn-schema-name: VpcLink + x-type: list + x-identifiers: + - VpcLinkId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.VpcLinkId') as vpc_link_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::VpcLink' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'VpcLinkId') as vpc_link_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::VpcLink' + AND region = 'us-east-1' + vpc_link: + name: vpc_link + id: aws.apigateway.vpc_link + x-cfn-schema-name: VpcLink + x-type: get + x-identifiers: + - VpcLinkId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TargetArns') as target_arns, + JSON_EXTRACT(Properties, '$.VpcLinkId') as vpc_link_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::VpcLink' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TargetArns') as target_arns, + json_extract_path_text(Properties, 'VpcLinkId') as vpc_link_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::VpcLink' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/apigatewayv2.yaml b/providers/src/aws/v00.00.00000/services/apigatewayv2.yaml new file mode 100644 index 00000000..c56c473a --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/apigatewayv2.yaml @@ -0,0 +1,1576 @@ +openapi: 3.0.0 +info: + title: ApiGatewayV2 + version: 1.0.0 +paths: {} +components: + schemas: + BodyS3Location: + type: object + additionalProperties: false + properties: + Etag: + type: string + description: The Etag of the S3 object. + Bucket: + type: string + description: The S3 bucket that contains the OpenAPI definition to import. Required if you specify a ``BodyS3Location`` for an API. + Version: + type: string + description: The version of the S3 object. + Key: + type: string + description: The key of the S3 object. Required if you specify a ``BodyS3Location`` for an API. + description: The ``BodyS3Location`` property specifies an S3 location from which to import an OpenAPI definition. Supported only for HTTP APIs. + Cors: + type: object + additionalProperties: false + properties: + AllowOrigins: + type: array + uniqueItems: false + items: + type: string + description: Represents a collection of allowed origins. Supported only for HTTP APIs. + AllowCredentials: + type: boolean + description: Specifies whether credentials are included in the CORS request. Supported only for HTTP APIs. + ExposeHeaders: + type: array + uniqueItems: false + items: + type: string + description: Represents a collection of exposed headers. Supported only for HTTP APIs. + AllowHeaders: + type: array + uniqueItems: false + items: + type: string + description: Represents a collection of allowed headers. Supported only for HTTP APIs. + MaxAge: + type: integer + description: The number of seconds that the browser should cache preflight request results. Supported only for HTTP APIs. + AllowMethods: + type: array + uniqueItems: false + items: + type: string + description: Represents a collection of allowed HTTP methods. Supported only for HTTP APIs. + description: The ``Cors`` property specifies a CORS configuration for an API. Supported only for HTTP APIs. See [Configuring CORS](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-cors.html) for more information. + Api: + type: object + properties: + RouteSelectionExpression: + type: string + description: The route selection expression for the API. For HTTP APIs, the ``routeSelectionExpression`` must be ``${request.method} ${request.path}``. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs. + BodyS3Location: + $ref: '#/components/schemas/BodyS3Location' + description: The S3 location of an OpenAPI definition. Supported only for HTTP APIs. To import an HTTP API, you must specify a ``Body`` or ``BodyS3Location``. If you specify a ``Body`` or ``BodyS3Location``, don't specify CloudFormation resources such as ``AWS::ApiGatewayV2::Authorizer`` or ``AWS::ApiGatewayV2::Route``. API Gateway doesn't support the combination of OpenAPI and CloudFormation resources. + Description: + type: string + description: The description of the API. + ApiEndpoint: + type: string + description: '' + BasePath: + type: string + description: Specifies how to interpret the base path of the API during import. Valid values are ``ignore``, ``prepend``, and ``split``. The default value is ``ignore``. To learn more, see [Set the OpenAPI basePath Property](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-import-api-basePath.html). Supported only for HTTP APIs. + FailOnWarnings: + type: boolean + description: Specifies whether to rollback the API creation when a warning is encountered. By default, API creation continues if a warning is encountered. + DisableExecuteApiEndpoint: + type: boolean + description: Specifies whether clients can invoke your API by using the default ``execute-api`` endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint. + DisableSchemaValidation: + type: boolean + description: Avoid validating models when creating a deployment. Supported only for WebSocket APIs. + Name: + type: string + description: The name of the API. Required unless you specify an OpenAPI definition for ``Body`` or ``S3BodyLocation``. + Target: + type: string + description: This property is part of quick create. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP_PROXY or AWS_PROXY, respectively. Supported only for HTTP APIs. + CredentialsArn: + type: string + description: >- + This property is part of quick create. It specifies the credentials required for the integration, if any. For a Lambda integration, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify ``arn:aws:iam::*:user/*``. To use resource-based permissions on supported AWS services, specify ``null``. Currently, this property is not used for HTTP + integrations. Supported only for HTTP APIs. + CorsConfiguration: + $ref: '#/components/schemas/Cors' + description: A CORS configuration. Supported only for HTTP APIs. See [Configuring CORS](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-cors.html) for more information. + Version: + type: string + description: A version identifier for the API. + ProtocolType: + type: string + description: The API protocol. Valid values are ``WEBSOCKET`` or ``HTTP``. Required unless you specify an OpenAPI definition for ``Body`` or ``S3BodyLocation``. + RouteKey: + type: string + description: This property is part of quick create. If you don't specify a ``routeKey``, a default route of ``$default`` is created. The ``$default`` route acts as a catch-all for any request made to your API, for a particular stage. The ``$default`` route key can't be modified. You can add routes after creating the API, and you can update the route keys of additional routes. Supported only for HTTP APIs. + ApiId: + type: string + description: '' + Body: + type: object + description: The OpenAPI definition. Supported only for HTTP APIs. To import an HTTP API, you must specify a ``Body`` or ``BodyS3Location``. If you specify a ``Body`` or ``BodyS3Location``, don't specify CloudFormation resources such as ``AWS::ApiGatewayV2::Authorizer`` or ``AWS::ApiGatewayV2::Route``. API Gateway doesn't support the combination of OpenAPI and CloudFormation resources. + Tags: + type: object + description: The collection of tags. Each tag element is associated with a given resource. + additionalProperties: false + x-patternProperties: + .*: + type: string + ApiKeySelectionExpression: + type: string + description: An API key selection expression. Supported only for WebSocket APIs. See [API Key Selection Expressions](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-apikey-selection-expressions). + x-stackql-resource-name: api + description: The ``AWS::ApiGatewayV2::Api`` resource creates an API. WebSocket APIs and HTTP APIs are supported. For more information about WebSocket APIs, see [About WebSocket APIs in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-overview.html) in the *API Gateway Developer Guide*. For more information about HTTP APIs, see [HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api.html) in the *API Gateway Developer Guide.* + x-type-name: AWS::ApiGatewayV2::Api + x-stackql-primary-identifier: + - ApiId + x-create-only-properties: + - ProtocolType + x-write-only-properties: + - BasePath + - Body + - BodyS3Location + - BodyS3Location/Etag + - BodyS3Location/Bucket + - BodyS3Location/Version + - BodyS3Location/Key + - CredentialsArn + - FailOnWarnings + - RouteKey + - Target + - DisableSchemaValidation + x-read-only-properties: + - ApiId + - ApiEndpoint + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - apigateway:POST + - apigateway:PUT + - s3:getObject + update: + - apigateway:PATCH + - apigateway:GET + - apigateway:PUT + - apigateway:POST + - s3:getObject + read: + - apigateway:GET + - s3:getObject + delete: + - apigateway:GET + - apigateway:DELETE + - s3:getObject + list: + - apigateway:GET + - s3:getObject + ApiMapping: + type: object + properties: + ApiMappingId: + description: '' + type: string + DomainName: + description: The domain name. + type: string + Stage: + description: The API stage. + type: string + ApiMappingKey: + description: The API mapping key. + type: string + ApiId: + description: The identifier of the API. + type: string + required: + - DomainName + - Stage + - ApiId + x-stackql-resource-name: api_mapping + description: >- + The ``AWS::ApiGatewayV2::ApiMapping`` resource contains an API mapping. An API mapping relates a path of your custom domain name to a stage of your API. A custom domain name can have multiple API mappings, but the paths can't overlap. A custom domain can map only to APIs of the same protocol type. For more information, see [CreateApiMapping](https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/domainnames-domainname-apimappings.html#CreateApiMapping) in the *Amazon API Gateway + V2 API Reference*. + x-type-name: AWS::ApiGatewayV2::ApiMapping + x-stackql-primary-identifier: + - ApiMappingId + - DomainName + x-create-only-properties: + - DomainName + x-read-only-properties: + - ApiMappingId + x-required-properties: + - DomainName + - Stage + - ApiId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - apigateway:POST + update: + - apigateway:PATCH + - apigateway:GET + - apigateway:PUT + read: + - apigateway:GET + delete: + - apigateway:DELETE + list: + - apigateway:GET + JWTConfiguration: + type: object + additionalProperties: false + properties: + Issuer: + type: string + description: 'The base domain of the identity provider that issues JSON Web Tokens. For example, an Amazon Cognito user pool has the following format: ``https://cognito-idp.{region}.amazonaws.com/{userPoolId}``. Required for the ``JWT`` authorizer type. Supported only for HTTP APIs.' + Audience: + type: array + uniqueItems: false + items: + type: string + description: A list of the intended recipients of the JWT. A valid JWT must provide an ``aud`` that matches at least one entry in this list. See [RFC 7519](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc7519#section-4.1.3). Required for the ``JWT`` authorizer type. Supported only for HTTP APIs. + description: The ``JWTConfiguration`` property specifies the configuration of a JWT authorizer. Required for the ``JWT`` authorizer type. Supported only for HTTP APIs. + Authorizer: + type: object + properties: + IdentityValidationExpression: + type: string + description: This parameter is not used. + AuthorizerUri: + type: string + description: >- + The authorizer's Uniform Resource Identifier (URI). For ``REQUEST`` authorizers, this must be a well-formed Lambda function URI, for example, ``arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations``. In general, the URI has this form: ``arn:aws:apigateway:{region}:lambda:path/{service_api}``, where *{region}* is the same as the region hosting the Lambda function, path indicates that the + remaining substring in the URI should be treated as the path to the resource, including the initial ``/``. For Lambda functions, this is usually of the form ``/2015-03-31/functions/[FunctionARN]/invocations``. + AuthorizerCredentialsArn: + type: string + description: Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null. Supported only for ``REQUEST`` authorizers. + AuthorizerType: + type: string + description: The authorizer type. Specify ``REQUEST`` for a Lambda function using incoming request parameters. Specify ``JWT`` to use JSON Web Tokens (supported only for HTTP APIs). + JwtConfiguration: + $ref: '#/components/schemas/JWTConfiguration' + description: The ``JWTConfiguration`` property specifies the configuration of a JWT authorizer. Required for the ``JWT`` authorizer type. Supported only for HTTP APIs. + AuthorizerResultTtlInSeconds: + type: integer + description: The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers. + IdentitySource: + type: array + uniqueItems: false + items: + type: string + description: |- + The identity source for which authorization is requested. + For a ``REQUEST`` authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with ``$``, for example, ``$request.header.Auth``, ``$request.querystring.Name``. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see [Working with Lambda authorizers for HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html). + For ``JWT``, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example ``$request.header.Authorization``. + AuthorizerPayloadFormatVersion: + type: string + description: Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are ``1.0`` and ``2.0``. To learn more, see [Working with Lambda authorizers for HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html). + ApiId: + type: string + description: The API identifier. + EnableSimpleResponses: + type: boolean + description: Specifies whether a Lambda authorizer returns a response in a simple format. By default, a Lambda authorizer must return an IAM policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see [Working with Lambda authorizers for HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html). + AuthorizerId: + type: string + description: '' + Name: + type: string + description: The name of the authorizer. + required: + - AuthorizerType + - ApiId + - Name + x-stackql-resource-name: authorizer + description: >- + The ``AWS::ApiGatewayV2::Authorizer`` resource creates an authorizer for a WebSocket API or an HTTP API. To learn more, see [Controlling and managing access to a WebSocket API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-control-access.html) and [Controlling and managing access to an HTTP API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-access-control.html) in the *API Gateway Developer + Guide*. + x-type-name: AWS::ApiGatewayV2::Authorizer + x-stackql-primary-identifier: + - AuthorizerId + - ApiId + x-create-only-properties: + - ApiId + x-read-only-properties: + - AuthorizerId + x-required-properties: + - AuthorizerType + - ApiId + - Name + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - apigateway:POST + - iam:PassRole + update: + - apigateway:PATCH + - apigateway:GET + - apigateway:PUT + - iam:PassRole + read: + - apigateway:GET + delete: + - apigateway:GET + - apigateway:DELETE + list: + - apigateway:GET + Deployment: + type: object + properties: + DeploymentId: + type: string + description: '' + Description: + type: string + description: The description for the deployment resource. + StageName: + type: string + description: The name of an existing stage to associate with the deployment. + ApiId: + type: string + description: The API identifier. + required: + - ApiId + x-stackql-resource-name: deployment + description: The ``AWS::ApiGatewayV2::Deployment`` resource creates a deployment for an API. + x-type-name: AWS::ApiGatewayV2::Deployment + x-stackql-primary-identifier: + - ApiId + - DeploymentId + x-create-only-properties: + - ApiId + x-write-only-properties: + - StageName + x-read-only-properties: + - DeploymentId + x-required-properties: + - ApiId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - apigateway:POST + update: + - apigateway:PATCH + - apigateway:GET + - apigateway:PUT + read: + - apigateway:GET + delete: + - apigateway:GET + - apigateway:DELETE + list: + - apigateway:GET + MutualTlsAuthentication: + type: object + additionalProperties: false + properties: + TruststoreVersion: + type: string + description: The version of the S3 object that contains your truststore. To specify a version, you must have versioning enabled for the S3 bucket. + TruststoreUri: + type: string + description: An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, ``s3://bucket-name/key-name``. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. To update the truststore, you must have permissions to access the S3 object. + description: If specified, API Gateway performs two-way authentication between the client and the server. Clients must present a trusted certificate to access your API. + DomainNameConfiguration: + type: object + additionalProperties: false + properties: + OwnershipVerificationCertificateArn: + type: string + description: The Amazon resource name (ARN) for the public certificate issued by ACMlong. This ARN is used to validate custom domain ownership. It's required only if you configure mutual TLS and use either an ACM-imported or a private CA certificate ARN as the regionalCertificateArn. + EndpointType: + type: string + description: The endpoint type. + CertificateName: + type: string + description: The user-friendly name of the certificate that will be used by the edge-optimized endpoint for this domain name. + SecurityPolicy: + type: string + description: The Transport Layer Security (TLS) version of the security policy for this domain name. The valid values are ``TLS_1_0`` and ``TLS_1_2``. + CertificateArn: + type: string + description: An AWS-managed certificate that will be used by the edge-optimized endpoint for this domain name. AWS Certificate Manager is the only supported source. + description: |- + The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name. + ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. + DomainName: + type: object + properties: + MutualTlsAuthentication: + description: The mutual TLS authentication configuration for a custom domain name. + $ref: '#/components/schemas/MutualTlsAuthentication' + RegionalHostedZoneId: + description: '' + type: string + RegionalDomainName: + description: '' + type: string + DomainName: + description: The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + type: string + DomainNameConfigurations: + description: The domain name configurations. + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/DomainNameConfiguration' + Tags: + type: object + description: The collection of tags associated with a domain name. + additionalProperties: false + x-patternProperties: + .*: + type: string + required: + - DomainName + x-stackql-resource-name: domain_name + description: |- + The ``AWS::ApiGatewayV2::DomainName`` resource specifies a custom domain name for your API in Amazon API Gateway (API Gateway). + You can use a custom domain name to provide a URL that's more intuitive and easier to recall. For more information about using custom domain names, see [Set up Custom Domain Name for an API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html) in the *API Gateway Developer Guide*. + x-type-name: AWS::ApiGatewayV2::DomainName + x-stackql-primary-identifier: + - DomainName + x-create-only-properties: + - DomainName + x-read-only-properties: + - RegionalDomainName + - RegionalHostedZoneId + x-required-properties: + - DomainName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - apigateway:POST + - apigateway:GET + - apigateway:PUT + update: + - apigateway:PATCH + - apigateway:GET + - apigateway:PUT + read: + - apigateway:GET + delete: + - apigateway:GET + - apigateway:DELETE + list: + - apigateway:GET + IntegrationResponse: + type: object + properties: + IntegrationResponseId: + description: '' + type: string + ResponseTemplates: + description: The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value. + type: object + TemplateSelectionExpression: + description: The template selection expression for the integration response. Supported only for WebSocket APIs. + type: string + ResponseParameters: + description: >- + A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of ``method.response.header.{name}``, where name is a valid and unique header name. The mapped non-static value must + match the pattern of ``integration.response.header.{name}`` or ``integration.response.body.{JSON-expression}``, where ``{name}`` is a valid and unique response header name and ``{JSON-expression}`` is a valid JSON expression without the ``$`` prefix. + type: object + ContentHandlingStrategy: + description: |- + Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are ``CONVERT_TO_BINARY`` and ``CONVERT_TO_TEXT``, with the following behaviors: + ``CONVERT_TO_BINARY``: Converts a response payload from a Base64-encoded string to the corresponding binary blob. + ``CONVERT_TO_TEXT``: Converts a response payload from a binary blob to a Base64-encoded string. + If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification. + type: string + IntegrationId: + description: The integration ID. + type: string + IntegrationResponseKey: + description: The integration response key. + type: string + ApiId: + description: The API identifier. + type: string + required: + - ApiId + - IntegrationId + - IntegrationResponseKey + x-stackql-resource-name: integration_response + description: The ``AWS::ApiGatewayV2::IntegrationResponse`` resource updates an integration response for an WebSocket API. For more information, see [Set up WebSocket API Integration Responses in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-integration-responses.html) in the *API Gateway Developer Guide*. + x-type-name: AWS::ApiGatewayV2::IntegrationResponse + x-stackql-primary-identifier: + - ApiId + - IntegrationId + - IntegrationResponseId + x-create-only-properties: + - ApiId + - IntegrationId + x-read-only-properties: + - IntegrationResponseId + x-required-properties: + - ApiId + - IntegrationId + - IntegrationResponseKey + x-tagging: + taggable: false + x-required-permissions: + create: + - apigateway:POST + read: + - apigateway:GET + update: + - apigateway:PATCH + - apigateway:PUT + - apigateway:GET + delete: + - apigateway:GET + - apigateway:DELETE + list: + - apigateway:GET + Model: + type: object + properties: + ModelId: + type: string + description: '' + Description: + type: string + description: The description of the model. + ContentType: + type: string + description: The content-type for the model, for example, "application/json". + Schema: + type: object + description: The schema for the model. For application/json models, this should be JSON schema draft 4 model. + ApiId: + type: string + description: The API identifier. + Name: + type: string + description: The name of the model. + required: + - ApiId + - Schema + - Name + x-stackql-resource-name: model + description: The ``AWS::ApiGatewayV2::Model`` resource updates data model for a WebSocket API. For more information, see [Model Selection Expressions](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-model-selection-expressions) in the *API Gateway Developer Guide*. + x-type-name: AWS::ApiGatewayV2::Model + x-stackql-primary-identifier: + - ApiId + - ModelId + x-create-only-properties: + - ApiId + x-read-only-properties: + - ModelId + x-required-properties: + - ApiId + - Schema + - Name + x-tagging: + taggable: false + x-required-permissions: + create: + - apigateway:POST + update: + - apigateway:PATCH + - apigateway:GET + - apigateway:PUT + read: + - apigateway:GET + delete: + - apigateway:GET + - apigateway:DELETE + list: + - apigateway:GET + ParameterConstraints: + type: object + properties: + Required: + type: boolean + description: Specifies whether the parameter is required. + required: + - Required + additionalProperties: false + description: Specifies whether the parameter is required. + Route: + type: object + properties: + RouteId: + type: string + description: '' + RouteResponseSelectionExpression: + type: string + description: The route response selection expression for the route. Supported only for WebSocket APIs. + RequestModels: + type: object + description: The request models for the route. Supported only for WebSocket APIs. + OperationName: + type: string + description: The operation name for the route. + AuthorizationScopes: + type: array + uniqueItems: false + items: + type: string + description: The authorization scopes supported by this route. + ApiKeyRequired: + type: boolean + description: Specifies whether an API key is required for the route. Supported only for WebSocket APIs. + RouteKey: + type: string + description: The route key for the route. For HTTP APIs, the route key can be either ``$default``, or a combination of an HTTP method and resource path, for example, ``GET /pets``. + AuthorizationType: + type: string + description: The authorization type for the route. For WebSocket APIs, valid values are ``NONE`` for open access, ``AWS_IAM`` for using AWS IAM permissions, and ``CUSTOM`` for using a Lambda authorizer. For HTTP APIs, valid values are ``NONE`` for open access, ``JWT`` for using JSON Web Tokens, ``AWS_IAM`` for using AWS IAM permissions, and ``CUSTOM`` for using a Lambda authorizer. + ModelSelectionExpression: + type: string + description: The model selection expression for the route. Supported only for WebSocket APIs. + ApiId: + type: string + description: The API identifier. + RequestParameters: + type: object + items: + $ref: '#/components/schemas/ParameterConstraints' + description: The request parameters for the route. Supported only for WebSocket APIs. + Target: + type: string + description: The target for the route. + AuthorizerId: + type: string + description: The identifier of the ``Authorizer`` resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer. + required: + - RouteKey + - ApiId + x-stackql-resource-name: route + description: The ``AWS::ApiGatewayV2::Route`` resource creates a route for an API. + x-type-name: AWS::ApiGatewayV2::Route + x-stackql-primary-identifier: + - ApiId + - RouteId + x-create-only-properties: + - ApiId + x-write-only-properties: + - AuthorizerId + - RequestParameters + x-read-only-properties: + - RouteId + x-required-properties: + - RouteKey + - ApiId + x-tagging: + taggable: false + x-required-permissions: + create: + - apigateway:POST + update: + - apigateway:PATCH + - apigateway:GET + - apigateway:PUT + read: + - apigateway:GET + delete: + - apigateway:GET + - apigateway:DELETE + list: + - apigateway:GET + RouteParameters: + x-patternProperties: + ^.+$: + $ref: '#/components/schemas/ParameterConstraints' + additionalProperties: false + RouteResponse: + type: object + properties: + RouteResponseKey: + type: string + description: The route response key. + ResponseParameters: + $ref: '#/components/schemas/RouteParameters' + description: The route response parameters. + RouteId: + type: string + description: The route ID. + ModelSelectionExpression: + type: string + description: The model selection expression for the route response. Supported only for WebSocket APIs. + ApiId: + type: string + description: The API identifier. + ResponseModels: + type: object + description: The response models for the route response. + RouteResponseId: + type: string + description: '' + required: + - RouteResponseKey + - RouteId + - ApiId + x-stackql-resource-name: route_response + description: The ``AWS::ApiGatewayV2::RouteResponse`` resource creates a route response for a WebSocket API. For more information, see [Set up Route Responses for a WebSocket API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-route-response.html) in the *API Gateway Developer Guide*. + x-type-name: AWS::ApiGatewayV2::RouteResponse + x-stackql-primary-identifier: + - ApiId + - RouteId + - RouteResponseId + x-create-only-properties: + - ApiId + - RouteId + x-read-only-properties: + - RouteResponseId + x-required-properties: + - RouteResponseKey + - RouteId + - ApiId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - apigateway:POST + update: + - apigateway:PATCH + - apigateway:GET + - apigateway:PUT + read: + - apigateway:GET + delete: + - apigateway:GET + - apigateway:DELETE + list: + - apigateway:GET + VpcLink: + type: object + properties: + VpcLinkId: + type: string + description: '' + SubnetIds: + type: array + uniqueItems: false + items: + type: string + description: A list of subnet IDs to include in the VPC link. + SecurityGroupIds: + type: array + uniqueItems: false + items: + type: string + description: A list of security group IDs for the VPC link. + Tags: + type: object + description: The collection of tags. Each tag element is associated with a given resource. + additionalProperties: false + x-patternProperties: + .*: + type: string + Name: + type: string + description: The name of the VPC link. + required: + - SubnetIds + - Name + x-stackql-resource-name: vpc_link + description: The ``AWS::ApiGatewayV2::VpcLink`` resource creates a VPC link. Supported only for HTTP APIs. The VPC link status must transition from ``PENDING`` to ``AVAILABLE`` to successfully create a VPC link, which can take up to 10 minutes. To learn more, see [Working with VPC Links for HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-vpc-links.html) in the *API Gateway Developer Guide*. + x-type-name: AWS::ApiGatewayV2::VpcLink + x-stackql-primary-identifier: + - VpcLinkId + x-create-only-properties: + - SecurityGroupIds + - SubnetIds + x-read-only-properties: + - VpcLinkId + x-required-properties: + - SubnetIds + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - apigateway:POST + - apigateway:GET + - apigateway:TagResource + - iam:CreateServiceLinkedRole + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + update: + - apigateway:PATCH + - apigateway:GET + - apigateway:TagResource + - apigateway:unTagResource + - iam:CreateServiceLinkedRole + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + read: + - apigateway:GET + - iam:CreateServiceLinkedRole + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + delete: + - apigateway:GET + - apigateway:DELETE + - iam:CreateServiceLinkedRole + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + list: + - apigateway:GET + - iam:CreateServiceLinkedRole + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + x-stackQL-resources: + apis: + name: apis + id: aws.apigatewayv2.apis + x-cfn-schema-name: Api + x-type: list + x-identifiers: + - ApiId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApiId') as api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::Api' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApiId') as api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::Api' + AND region = 'us-east-1' + api: + name: api + id: aws.apigatewayv2.api + x-cfn-schema-name: Api + x-type: get + x-identifiers: + - ApiId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RouteSelectionExpression') as route_selection_expression, + JSON_EXTRACT(Properties, '$.BodyS3Location') as body_s3_location, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ApiEndpoint') as api_endpoint, + JSON_EXTRACT(Properties, '$.BasePath') as base_path, + JSON_EXTRACT(Properties, '$.FailOnWarnings') as fail_on_warnings, + JSON_EXTRACT(Properties, '$.DisableExecuteApiEndpoint') as disable_execute_api_endpoint, + JSON_EXTRACT(Properties, '$.DisableSchemaValidation') as disable_schema_validation, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Target') as target, + JSON_EXTRACT(Properties, '$.CredentialsArn') as credentials_arn, + JSON_EXTRACT(Properties, '$.CorsConfiguration') as cors_configuration, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.ProtocolType') as protocol_type, + JSON_EXTRACT(Properties, '$.RouteKey') as route_key, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.Body') as body, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ApiKeySelectionExpression') as api_key_selection_expression + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::Api' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RouteSelectionExpression') as route_selection_expression, + json_extract_path_text(Properties, 'BodyS3Location') as body_s3_location, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ApiEndpoint') as api_endpoint, + json_extract_path_text(Properties, 'BasePath') as base_path, + json_extract_path_text(Properties, 'FailOnWarnings') as fail_on_warnings, + json_extract_path_text(Properties, 'DisableExecuteApiEndpoint') as disable_execute_api_endpoint, + json_extract_path_text(Properties, 'DisableSchemaValidation') as disable_schema_validation, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Target') as target, + json_extract_path_text(Properties, 'CredentialsArn') as credentials_arn, + json_extract_path_text(Properties, 'CorsConfiguration') as cors_configuration, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'ProtocolType') as protocol_type, + json_extract_path_text(Properties, 'RouteKey') as route_key, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'Body') as body, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ApiKeySelectionExpression') as api_key_selection_expression + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::Api' + AND data__Identifier = '' + AND region = 'us-east-1' + api_mappings: + name: api_mappings + id: aws.apigatewayv2.api_mappings + x-cfn-schema-name: ApiMapping + x-type: list + x-identifiers: + - ApiMappingId + - DomainName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApiMappingId') as api_mapping_id, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::ApiMapping' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApiMappingId') as api_mapping_id, + json_extract_path_text(Properties, 'DomainName') as domain_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::ApiMapping' + AND region = 'us-east-1' + api_mapping: + name: api_mapping + id: aws.apigatewayv2.api_mapping + x-cfn-schema-name: ApiMapping + x-type: get + x-identifiers: + - ApiMappingId + - DomainName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApiMappingId') as api_mapping_id, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.Stage') as stage, + JSON_EXTRACT(Properties, '$.ApiMappingKey') as api_mapping_key, + JSON_EXTRACT(Properties, '$.ApiId') as api_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::ApiMapping' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApiMappingId') as api_mapping_id, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'Stage') as stage, + json_extract_path_text(Properties, 'ApiMappingKey') as api_mapping_key, + json_extract_path_text(Properties, 'ApiId') as api_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::ApiMapping' + AND data__Identifier = '|' + AND region = 'us-east-1' + authorizers: + name: authorizers + id: aws.apigatewayv2.authorizers + x-cfn-schema-name: Authorizer + x-type: list + x-identifiers: + - AuthorizerId + - ApiId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AuthorizerId') as authorizer_id, + JSON_EXTRACT(Properties, '$.ApiId') as api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::Authorizer' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AuthorizerId') as authorizer_id, + json_extract_path_text(Properties, 'ApiId') as api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::Authorizer' + AND region = 'us-east-1' + authorizer: + name: authorizer + id: aws.apigatewayv2.authorizer + x-cfn-schema-name: Authorizer + x-type: get + x-identifiers: + - AuthorizerId + - ApiId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IdentityValidationExpression') as identity_validation_expression, + JSON_EXTRACT(Properties, '$.AuthorizerUri') as authorizer_uri, + JSON_EXTRACT(Properties, '$.AuthorizerCredentialsArn') as authorizer_credentials_arn, + JSON_EXTRACT(Properties, '$.AuthorizerType') as authorizer_type, + JSON_EXTRACT(Properties, '$.JwtConfiguration') as jwt_configuration, + JSON_EXTRACT(Properties, '$.AuthorizerResultTtlInSeconds') as authorizer_result_ttl_in_seconds, + JSON_EXTRACT(Properties, '$.IdentitySource') as identity_source, + JSON_EXTRACT(Properties, '$.AuthorizerPayloadFormatVersion') as authorizer_payload_format_version, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.EnableSimpleResponses') as enable_simple_responses, + JSON_EXTRACT(Properties, '$.AuthorizerId') as authorizer_id, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::Authorizer' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IdentityValidationExpression') as identity_validation_expression, + json_extract_path_text(Properties, 'AuthorizerUri') as authorizer_uri, + json_extract_path_text(Properties, 'AuthorizerCredentialsArn') as authorizer_credentials_arn, + json_extract_path_text(Properties, 'AuthorizerType') as authorizer_type, + json_extract_path_text(Properties, 'JwtConfiguration') as jwt_configuration, + json_extract_path_text(Properties, 'AuthorizerResultTtlInSeconds') as authorizer_result_ttl_in_seconds, + json_extract_path_text(Properties, 'IdentitySource') as identity_source, + json_extract_path_text(Properties, 'AuthorizerPayloadFormatVersion') as authorizer_payload_format_version, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'EnableSimpleResponses') as enable_simple_responses, + json_extract_path_text(Properties, 'AuthorizerId') as authorizer_id, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::Authorizer' + AND data__Identifier = '|' + AND region = 'us-east-1' + deployments: + name: deployments + id: aws.apigatewayv2.deployments + x-cfn-schema-name: Deployment + x-type: list + x-identifiers: + - ApiId + - DeploymentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.DeploymentId') as deployment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::Deployment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'DeploymentId') as deployment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::Deployment' + AND region = 'us-east-1' + deployment: + name: deployment + id: aws.apigatewayv2.deployment + x-cfn-schema-name: Deployment + x-type: get + x-identifiers: + - ApiId + - DeploymentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DeploymentId') as deployment_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.StageName') as stage_name, + JSON_EXTRACT(Properties, '$.ApiId') as api_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::Deployment' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DeploymentId') as deployment_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'StageName') as stage_name, + json_extract_path_text(Properties, 'ApiId') as api_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::Deployment' + AND data__Identifier = '|' + AND region = 'us-east-1' + domain_names: + name: domain_names + id: aws.apigatewayv2.domain_names + x-cfn-schema-name: DomainName + x-type: list + x-identifiers: + - DomainName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::DomainName' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainName') as domain_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::DomainName' + AND region = 'us-east-1' + domain_name: + name: domain_name + id: aws.apigatewayv2.domain_name + x-cfn-schema-name: DomainName + x-type: get + x-identifiers: + - DomainName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.MutualTlsAuthentication') as mutual_tls_authentication, + JSON_EXTRACT(Properties, '$.RegionalHostedZoneId') as regional_hosted_zone_id, + JSON_EXTRACT(Properties, '$.RegionalDomainName') as regional_domain_name, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.DomainNameConfigurations') as domain_name_configurations, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::DomainName' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'MutualTlsAuthentication') as mutual_tls_authentication, + json_extract_path_text(Properties, 'RegionalHostedZoneId') as regional_hosted_zone_id, + json_extract_path_text(Properties, 'RegionalDomainName') as regional_domain_name, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'DomainNameConfigurations') as domain_name_configurations, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::DomainName' + AND data__Identifier = '' + AND region = 'us-east-1' + integration_responses: + name: integration_responses + id: aws.apigatewayv2.integration_responses + x-cfn-schema-name: IntegrationResponse + x-type: list + x-identifiers: + - ApiId + - IntegrationId + - IntegrationResponseId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.IntegrationId') as integration_id, + JSON_EXTRACT(Properties, '$.IntegrationResponseId') as integration_response_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::IntegrationResponse' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'IntegrationId') as integration_id, + json_extract_path_text(Properties, 'IntegrationResponseId') as integration_response_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::IntegrationResponse' + AND region = 'us-east-1' + integration_response: + name: integration_response + id: aws.apigatewayv2.integration_response + x-cfn-schema-name: IntegrationResponse + x-type: get + x-identifiers: + - ApiId + - IntegrationId + - IntegrationResponseId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IntegrationResponseId') as integration_response_id, + JSON_EXTRACT(Properties, '$.ResponseTemplates') as response_templates, + JSON_EXTRACT(Properties, '$.TemplateSelectionExpression') as template_selection_expression, + JSON_EXTRACT(Properties, '$.ResponseParameters') as response_parameters, + JSON_EXTRACT(Properties, '$.ContentHandlingStrategy') as content_handling_strategy, + JSON_EXTRACT(Properties, '$.IntegrationId') as integration_id, + JSON_EXTRACT(Properties, '$.IntegrationResponseKey') as integration_response_key, + JSON_EXTRACT(Properties, '$.ApiId') as api_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::IntegrationResponse' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IntegrationResponseId') as integration_response_id, + json_extract_path_text(Properties, 'ResponseTemplates') as response_templates, + json_extract_path_text(Properties, 'TemplateSelectionExpression') as template_selection_expression, + json_extract_path_text(Properties, 'ResponseParameters') as response_parameters, + json_extract_path_text(Properties, 'ContentHandlingStrategy') as content_handling_strategy, + json_extract_path_text(Properties, 'IntegrationId') as integration_id, + json_extract_path_text(Properties, 'IntegrationResponseKey') as integration_response_key, + json_extract_path_text(Properties, 'ApiId') as api_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::IntegrationResponse' + AND data__Identifier = '||' + AND region = 'us-east-1' + models: + name: models + id: aws.apigatewayv2.models + x-cfn-schema-name: Model + x-type: list + x-identifiers: + - ApiId + - ModelId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.ModelId') as model_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::Model' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'ModelId') as model_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::Model' + AND region = 'us-east-1' + model: + name: model + id: aws.apigatewayv2.model + x-cfn-schema-name: Model + x-type: get + x-identifiers: + - ApiId + - ModelId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ModelId') as model_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ContentType') as content_type, + JSON_EXTRACT(Properties, '$.Schema') as _schema, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::Model' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ModelId') as model_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ContentType') as content_type, + json_extract_path_text(Properties, 'Schema') as _schema, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::Model' + AND data__Identifier = '|' + AND region = 'us-east-1' + routes: + name: routes + id: aws.apigatewayv2.routes + x-cfn-schema-name: Route + x-type: list + x-identifiers: + - ApiId + - RouteId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.RouteId') as route_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::Route' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'RouteId') as route_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::Route' + AND region = 'us-east-1' + route: + name: route + id: aws.apigatewayv2.route + x-cfn-schema-name: Route + x-type: get + x-identifiers: + - ApiId + - RouteId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RouteId') as route_id, + JSON_EXTRACT(Properties, '$.RouteResponseSelectionExpression') as route_response_selection_expression, + JSON_EXTRACT(Properties, '$.RequestModels') as request_models, + JSON_EXTRACT(Properties, '$.OperationName') as operation_name, + JSON_EXTRACT(Properties, '$.AuthorizationScopes') as authorization_scopes, + JSON_EXTRACT(Properties, '$.ApiKeyRequired') as api_key_required, + JSON_EXTRACT(Properties, '$.RouteKey') as route_key, + JSON_EXTRACT(Properties, '$.AuthorizationType') as authorization_type, + JSON_EXTRACT(Properties, '$.ModelSelectionExpression') as model_selection_expression, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.RequestParameters') as request_parameters, + JSON_EXTRACT(Properties, '$.Target') as target, + JSON_EXTRACT(Properties, '$.AuthorizerId') as authorizer_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::Route' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RouteId') as route_id, + json_extract_path_text(Properties, 'RouteResponseSelectionExpression') as route_response_selection_expression, + json_extract_path_text(Properties, 'RequestModels') as request_models, + json_extract_path_text(Properties, 'OperationName') as operation_name, + json_extract_path_text(Properties, 'AuthorizationScopes') as authorization_scopes, + json_extract_path_text(Properties, 'ApiKeyRequired') as api_key_required, + json_extract_path_text(Properties, 'RouteKey') as route_key, + json_extract_path_text(Properties, 'AuthorizationType') as authorization_type, + json_extract_path_text(Properties, 'ModelSelectionExpression') as model_selection_expression, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'RequestParameters') as request_parameters, + json_extract_path_text(Properties, 'Target') as target, + json_extract_path_text(Properties, 'AuthorizerId') as authorizer_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::Route' + AND data__Identifier = '|' + AND region = 'us-east-1' + route_responses: + name: route_responses + id: aws.apigatewayv2.route_responses + x-cfn-schema-name: RouteResponse + x-type: list + x-identifiers: + - ApiId + - RouteId + - RouteResponseId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.RouteId') as route_id, + JSON_EXTRACT(Properties, '$.RouteResponseId') as route_response_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::RouteResponse' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'RouteId') as route_id, + json_extract_path_text(Properties, 'RouteResponseId') as route_response_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::RouteResponse' + AND region = 'us-east-1' + route_response: + name: route_response + id: aws.apigatewayv2.route_response + x-cfn-schema-name: RouteResponse + x-type: get + x-identifiers: + - ApiId + - RouteId + - RouteResponseId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RouteResponseKey') as route_response_key, + JSON_EXTRACT(Properties, '$.ResponseParameters') as response_parameters, + JSON_EXTRACT(Properties, '$.RouteId') as route_id, + JSON_EXTRACT(Properties, '$.ModelSelectionExpression') as model_selection_expression, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.ResponseModels') as response_models, + JSON_EXTRACT(Properties, '$.RouteResponseId') as route_response_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::RouteResponse' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RouteResponseKey') as route_response_key, + json_extract_path_text(Properties, 'ResponseParameters') as response_parameters, + json_extract_path_text(Properties, 'RouteId') as route_id, + json_extract_path_text(Properties, 'ModelSelectionExpression') as model_selection_expression, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'ResponseModels') as response_models, + json_extract_path_text(Properties, 'RouteResponseId') as route_response_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::RouteResponse' + AND data__Identifier = '||' + AND region = 'us-east-1' + vpc_links: + name: vpc_links + id: aws.apigatewayv2.vpc_links + x-cfn-schema-name: VpcLink + x-type: list + x-identifiers: + - VpcLinkId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.VpcLinkId') as vpc_link_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::VpcLink' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'VpcLinkId') as vpc_link_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::VpcLink' + AND region = 'us-east-1' + vpc_link: + name: vpc_link + id: aws.apigatewayv2.vpc_link + x-cfn-schema-name: VpcLink + x-type: get + x-identifiers: + - VpcLinkId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.VpcLinkId') as vpc_link_id, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::VpcLink' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'VpcLinkId') as vpc_link_id, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::VpcLink' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/appconfig.yaml b/providers/src/aws/v00.00.00000/services/appconfig.yaml new file mode 100644 index 00000000..52830953 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/appconfig.yaml @@ -0,0 +1,1026 @@ +openapi: 3.0.0 +info: + title: AppConfig + version: 1.0.0 +paths: {} +components: + schemas: + Tags: + description: Metadata to assign to the configuration profile. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define. + additionalProperties: false + type: object + properties: + Value: + minLength: 0 + description: The tag value can be up to 256 characters. + type: string + maxLength: 256 + Key: + minLength: 1 + pattern: ^(?!aws:.)[a-zA-Z0-9 +=._:/-]*$ + description: The key-value string map. The tag key can be up to 128 characters and must not start with aws:. + type: string + maxLength: 128 + Application: + type: object + properties: + Description: + type: string + description: A description of the application. + ApplicationId: + type: string + description: The application Id + Tags: + type: array + description: Metadata to assign to the application. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define. + uniqueItems: true + items: + $ref: '#/components/schemas/Tags' + x-insertionOrder: false + Name: + type: string + description: A name for the application. + required: + - Name + x-stackql-resource-name: application + description: Resource Type definition for AWS::AppConfig::Application + x-type-name: AWS::AppConfig::Application + x-stackql-primary-identifier: + - ApplicationId + x-read-only-properties: + - ApplicationId + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - appconfig:CreateApplication + - appconfig:GetApplication + - appconfig:ListTagsForResource + - appconfig:TagResource + read: + - appconfig:GetApplication + - appconfig:ListTagsForResource + update: + - appconfig:UpdateApplication + - appconfig:TagResource + - appconfig:UntagResource + delete: + - appconfig:GetApplication + - appconfig:DeleteApplication + list: + - appconfig:ListApplications + Validators: + description: A list of methods for validating the configuration. + additionalProperties: false + type: object + properties: + Type: + description: AWS AppConfig supports validators of type JSON_SCHEMA and LAMBDA. + type: string + Content: + minLength: 0 + description: Either the JSON Schema content or the Amazon Resource Name (ARN) of an Lambda function. + type: string + maxLength: 32768 + ConfigurationProfile: + type: object + properties: + ConfigurationProfileId: + description: The configuration profile ID + type: string + LocationUri: + minLength: 1 + description: A URI to locate the configuration. You can specify the AWS AppConfig hosted configuration store, Systems Manager (SSM) document, an SSM Parameter Store parameter, or an Amazon S3 object. + type: string + maxLength: 2048 + Type: + pattern: ^[a-zA-Z\.]+ + description: 'The type of configurations contained in the profile. When calling this API, enter one of the following values for Type: AWS.AppConfig.FeatureFlags, AWS.Freeform' + type: string + KmsKeyIdentifier: + pattern: ^[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12}|alias/[a-zA-Z0-9/_-]{1,250}|arn:aws[a-zA-Z-]*:kms:[a-z]{2}(-gov|-iso(b?))?-[a-z]+-\d{1}:\d{12}:(key/[0-9a-f-]{36}|alias/[a-zA-Z0-9/_-]{1,250})$ + description: The AWS Key Management Service key identifier (key ID, key alias, or key ARN) provided when the resource was created or updated. + type: string + Description: + minLength: 0 + description: A description of the configuration profile. + type: string + maxLength: 1024 + KmsKeyArn: + minLength: 20 + pattern: arn:(aws[a-zA-Z-]*)?:[a-z]+:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:[a-zA-Z0-9-_/:.]+ + description: The Amazon Resource Name of the AWS Key Management Service key to encrypt new configuration data versions in the AWS AppConfig hosted configuration store. This attribute is only used for hosted configuration types. To encrypt data managed in other configuration stores, see the documentation for how to specify an AWS KMS key for that particular service. + type: string + maxLength: 2048 + Validators: + maxItems: 2 + uniqueItems: false + description: A list of methods for validating the configuration. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Validators' + RetrievalRoleArn: + minLength: 20 + pattern: ^((arn):(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):(iam)::\d{12}:role[/].*)$ + description: The ARN of an IAM role with permission to access the configuration at the specified LocationUri. + type: string + maxLength: 2048 + ApplicationId: + pattern: '[a-z0-9]{4,7}' + description: The application ID. + type: string + Tags: + uniqueItems: false + description: Metadata to assign to the configuration profile. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tags' + Name: + minLength: 1 + description: A name for the configuration profile. + type: string + maxLength: 128 + required: + - LocationUri + - ApplicationId + - Name + x-stackql-resource-name: configuration_profile + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::AppConfig::ConfigurationProfile + x-stackql-primary-identifier: + - ApplicationId + - ConfigurationProfileId + x-create-only-properties: + - LocationUri + - Type + - ApplicationId + x-read-only-properties: + - ConfigurationProfileId + - KmsKeyArn + x-required-properties: + - LocationUri + - ApplicationId + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: true + x-required-permissions: + read: + - appconfig:GetConfigurationProfile + - appconfig:ListTagsForResource + create: + - appconfig:CreateConfigurationProfile + - appconfig:GetConfigurationProfile + - appconfig:TagResource + - appconfig:ListTagsForResource + - iam:PassRole + update: + - appconfig:UpdateConfigurationProfile + - appconfig:TagResource + - appconfig:UntagResource + - iam:PassRole + list: + - appconfig:ListConfigurationProfiles + delete: + - appconfig:DeleteConfigurationProfile + Monitor: + description: Amazon CloudWatch alarm to monitor during the deployment process. + additionalProperties: false + type: object + properties: + AlarmArn: + x-relationshipRef: + typeName: AWS::CloudWatch::Alarm + propertyPath: /properties/Arn + minLength: 1 + description: Amazon Resource Name (ARN) of the Amazon CloudWatch alarm. + type: string + maxLength: 2048 + AlarmRoleArn: + x-relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn + minLength: 20 + pattern: ^((arn):(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):(iam)::\d{12}:role[/].*)$ + description: ARN of an AWS Identity and Access Management (IAM) role for AWS AppConfig to monitor AlarmArn. + type: string + maxLength: 2048 + required: + - AlarmArn + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Environment: + type: object + properties: + EnvironmentId: + pattern: '[a-z0-9]{4,7}' + description: The environment ID. + type: string + Description: + minLength: 0 + description: A description of the environment. + type: string + maxLength: 1024 + Monitors: + minItems: 0 + maxItems: 5 + description: Amazon CloudWatch alarms to monitor during the deployment process. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Monitor' + ApplicationId: + pattern: '[a-z0-9]{4,7}' + description: The application ID. + type: string + Tags: + uniqueItems: true + description: Metadata to assign to the environment. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + Name: + minLength: 1 + description: A name for the environment. + type: string + maxLength: 64 + required: + - Name + - ApplicationId + x-stackql-resource-name: environment + description: Resource Type definition for AWS::AppConfig::Environment + x-type-name: AWS::AppConfig::Environment + x-stackql-primary-identifier: + - ApplicationId + - EnvironmentId + x-create-only-properties: + - ApplicationId + x-read-only-properties: + - EnvironmentId + x-required-properties: + - Name + - ApplicationId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: true + x-required-permissions: + read: + - appconfig:GetEnvironment + - appconfig:ListTagsForResource + create: + - appconfig:CreateEnvironment + - appconfig:GetEnvironment + - appconfig:ListTagsForResource + - appconfig:TagResource + - iam:PassRole + update: + - appconfig:UpdateEnvironment + - appconfig:TagResource + - appconfig:UntagResource + - iam:PassRole + list: + - appconfig:ListEnvironments + delete: + - appconfig:GetEnvironment + - appconfig:DeleteEnvironment + Actions: + description: A list of actions for an extension to take at a specific action point. + uniqueItems: true + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Action' + Action: + description: An action for an extension to take at a specific action point. + type: object + properties: + Name: + type: string + description: The name of the extension action. + minLength: 1 + maxLength: 128 + Description: + type: string + description: The description of the extension Action. + minLength: 0 + maxLength: 1024 + Uri: + type: string + description: The URI of the extension action. + minLength: 1 + maxLength: 2048 + RoleArn: + type: string + description: The ARN of the role for invoking the extension action. + minLength: 20 + maxLength: 2048 + required: + - Name + - Uri + additionalProperties: false + Parameter: + description: A parameter for the extension to send to a specific action. + type: object + properties: + Description: + type: string + description: The description of the extension Parameter. + minLength: 0 + maxLength: 1024 + Dynamic: + type: boolean + Required: + type: boolean + required: + - Required + additionalProperties: false + Extension: + type: object + properties: + Id: + type: string + Arn: + type: string + VersionNumber: + type: integer + Name: + description: Name of the extension. + type: string + Description: + description: Description of the extension. + type: string + Actions: + type: object + x-patternProperties: + ^.+$: + $ref: '#/components/schemas/Actions' + additionalProperties: false + Parameters: + type: object + x-patternProperties: + ^.+$: + $ref: '#/components/schemas/Parameter' + additionalProperties: false + LatestVersionNumber: + type: integer + Tags: + description: An array of key-value tags to apply to this resource. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - Actions + x-stackql-resource-name: extension + description: Resource Type definition for AWS::AppConfig::Extension + x-type-name: AWS::AppConfig::Extension + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Name + - Tags + - Tags/*/Key + - Tags/*/Value + x-write-only-properties: + - LatestVersionNumber + - Tags + - Tags/*/Key + - Tags/*/Value + x-read-only-properties: + - Id + - Arn + - VersionNumber + x-required-properties: + - Name + - Actions + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - appconfig:CreateExtension + - appconfig:TagResource + - iam:PassRole + read: + - appconfig:GetExtension + update: + - appconfig:UpdateExtension + - appconfig:TagResource + - appconfig:UntagResource + delete: + - appconfig:DeleteExtension + - appconfig:UntagResource + list: + - appconfig:ListExtensions + ExtensionAssociation: + type: object + properties: + Id: + type: string + Arn: + type: string + ExtensionArn: + type: string + ResourceArn: + type: string + ExtensionIdentifier: + type: string + ResourceIdentifier: + type: string + ExtensionVersionNumber: + type: integer + Parameters: + type: object + x-patternProperties: + ^.+$: + type: string + additionalProperties: false + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: extension_association + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::AppConfig::ExtensionAssociation + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - ExtensionIdentifier + - ResourceIdentifier + - ExtensionVersionNumber + - Tags + - Tags/*/Key + - Tags/*/Value + x-write-only-properties: + - ExtensionIdentifier + - ResourceIdentifier + - Tags + - Tags/*/Key + - Tags/*/Value + x-read-only-properties: + - Id + - Arn + - ResourceArn + - ExtensionArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - appconfig:CreateExtensionAssociation + - appconfig:TagResource + read: + - appconfig:GetExtensionAssociation + update: + - appconfig:UpdateExtensionAssociation + - appconfig:TagResource + - appconfig:UntagResource + delete: + - appconfig:DeleteExtensionAssociation + - appconfig:UntagResource + list: + - appconfig:ListExtensionAssociations + HostedConfigurationVersion: + type: object + properties: + ConfigurationProfileId: + pattern: '[a-z0-9]{4,7}' + description: The configuration profile ID. + type: string + Description: + minLength: 0 + description: A description of the hosted configuration version. + type: string + maxLength: 1024 + ContentType: + minLength: 1 + description: A standard MIME type describing the format of the configuration content. + type: string + maxLength: 255 + LatestVersionNumber: + description: An optional locking token used to prevent race conditions from overwriting configuration updates when creating a new version. To ensure your data is not overwritten when creating multiple hosted configuration versions in rapid succession, specify the version number of the latest hosted configuration version. + type: integer + Content: + description: The content of the configuration or the configuration data. + type: string + VersionLabel: + minLength: 0 + pattern: ^$|.*[^0-9].* + description: A user-defined label for an AWS AppConfig hosted configuration version. + type: string + maxLength: 64 + ApplicationId: + pattern: '[a-z0-9]{4,7}' + description: The application ID. + type: string + VersionNumber: + description: Current version number of hosted configuration version. + type: string + required: + - ApplicationId + - ConfigurationProfileId + - Content + - ContentType + x-stackql-resource-name: hosted_configuration_version + description: Resource Type definition for AWS::AppConfig::HostedConfigurationVersion + x-type-name: AWS::AppConfig::HostedConfigurationVersion + x-stackql-primary-identifier: + - ApplicationId + - ConfigurationProfileId + - VersionNumber + x-create-only-properties: + - ApplicationId + - ConfigurationProfileId + - Description + - Content + - ContentType + - LatestVersionNumber + - VersionLabel + x-write-only-properties: + - LatestVersionNumber + x-read-only-properties: + - VersionNumber + x-required-properties: + - ApplicationId + - ConfigurationProfileId + - Content + - ContentType + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + read: + - appconfig:GetHostedConfigurationVersion + create: + - appconfig:CreateHostedConfigurationVersion + list: + - appconfig:ListHostedConfigurationVersions + delete: + - appconfig:DeleteHostedConfigurationVersion + x-stackQL-resources: + applications: + name: applications + id: aws.appconfig.applications + x-cfn-schema-name: Application + x-type: list + x-identifiers: + - ApplicationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::Application' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationId') as application_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::Application' + AND region = 'us-east-1' + application: + name: application + id: aws.appconfig.application + x-cfn-schema-name: Application + x-type: get + x-identifiers: + - ApplicationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + configuration_profiles: + name: configuration_profiles + id: aws.appconfig.configuration_profiles + x-cfn-schema-name: ConfigurationProfile + x-type: list + x-identifiers: + - ApplicationId + - ConfigurationProfileId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.ConfigurationProfileId') as configuration_profile_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'ConfigurationProfileId') as configuration_profile_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND region = 'us-east-1' + configuration_profile: + name: configuration_profile + id: aws.appconfig.configuration_profile + x-cfn-schema-name: ConfigurationProfile + x-type: get + x-identifiers: + - ApplicationId + - ConfigurationProfileId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ConfigurationProfileId') as configuration_profile_id, + JSON_EXTRACT(Properties, '$.LocationUri') as location_uri, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.KmsKeyIdentifier') as kms_key_identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.Validators') as validators, + JSON_EXTRACT(Properties, '$.RetrievalRoleArn') as retrieval_role_arn, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ConfigurationProfileId') as configuration_profile_id, + json_extract_path_text(Properties, 'LocationUri') as location_uri, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'KmsKeyIdentifier') as kms_key_identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'Validators') as validators, + json_extract_path_text(Properties, 'RetrievalRoleArn') as retrieval_role_arn, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' + environments: + name: environments + id: aws.appconfig.environments + x-cfn-schema-name: Environment + x-type: list + x-identifiers: + - ApplicationId + - EnvironmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.EnvironmentId') as environment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::Environment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'EnvironmentId') as environment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::Environment' + AND region = 'us-east-1' + environment: + name: environment + id: aws.appconfig.environment + x-cfn-schema-name: Environment + x-type: get + x-identifiers: + - ApplicationId + - EnvironmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Monitors') as monitors, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::Environment' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Monitors') as monitors, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::Environment' + AND data__Identifier = '|' + AND region = 'us-east-1' + extensions: + name: extensions + id: aws.appconfig.extensions + x-cfn-schema-name: Extension + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::Extension' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::Extension' + AND region = 'us-east-1' + extension: + name: extension + id: aws.appconfig.extension + x-cfn-schema-name: Extension + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.VersionNumber') as version_number, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Actions') as actions, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.LatestVersionNumber') as latest_version_number, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::Extension' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'VersionNumber') as version_number, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Actions') as actions, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'LatestVersionNumber') as latest_version_number, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::Extension' + AND data__Identifier = '' + AND region = 'us-east-1' + extension_associations: + name: extension_associations + id: aws.appconfig.extension_associations + x-cfn-schema-name: ExtensionAssociation + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::ExtensionAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::ExtensionAssociation' + AND region = 'us-east-1' + extension_association: + name: extension_association + id: aws.appconfig.extension_association + x-cfn-schema-name: ExtensionAssociation + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ExtensionArn') as extension_arn, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.ExtensionIdentifier') as extension_identifier, + JSON_EXTRACT(Properties, '$.ResourceIdentifier') as resource_identifier, + JSON_EXTRACT(Properties, '$.ExtensionVersionNumber') as extension_version_number, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::ExtensionAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ExtensionArn') as extension_arn, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'ExtensionIdentifier') as extension_identifier, + json_extract_path_text(Properties, 'ResourceIdentifier') as resource_identifier, + json_extract_path_text(Properties, 'ExtensionVersionNumber') as extension_version_number, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::ExtensionAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + hosted_configuration_versions: + name: hosted_configuration_versions + id: aws.appconfig.hosted_configuration_versions + x-cfn-schema-name: HostedConfigurationVersion + x-type: list + x-identifiers: + - ApplicationId + - ConfigurationProfileId + - VersionNumber + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.ConfigurationProfileId') as configuration_profile_id, + JSON_EXTRACT(Properties, '$.VersionNumber') as version_number + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::HostedConfigurationVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'ConfigurationProfileId') as configuration_profile_id, + json_extract_path_text(Properties, 'VersionNumber') as version_number + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::HostedConfigurationVersion' + AND region = 'us-east-1' + hosted_configuration_version: + name: hosted_configuration_version + id: aws.appconfig.hosted_configuration_version + x-cfn-schema-name: HostedConfigurationVersion + x-type: get + x-identifiers: + - ApplicationId + - ConfigurationProfileId + - VersionNumber + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ConfigurationProfileId') as configuration_profile_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ContentType') as content_type, + JSON_EXTRACT(Properties, '$.LatestVersionNumber') as latest_version_number, + JSON_EXTRACT(Properties, '$.Content') as content, + JSON_EXTRACT(Properties, '$.VersionLabel') as version_label, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.VersionNumber') as version_number + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::HostedConfigurationVersion' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ConfigurationProfileId') as configuration_profile_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ContentType') as content_type, + json_extract_path_text(Properties, 'LatestVersionNumber') as latest_version_number, + json_extract_path_text(Properties, 'Content') as content, + json_extract_path_text(Properties, 'VersionLabel') as version_label, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'VersionNumber') as version_number + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::HostedConfigurationVersion' + AND data__Identifier = '||' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/appflow.yaml b/providers/src/aws/v00.00.00000/services/appflow.yaml new file mode 100644 index 00000000..0a56614a --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/appflow.yaml @@ -0,0 +1,2522 @@ +openapi: 3.0.0 +info: + title: AppFlow + version: 1.0.0 +paths: {} +components: + schemas: + ConnectorProvisioningConfig: + description: Contains information about the configuration of the connector being registered. + type: object + properties: + Lambda: + description: Contains information about the configuration of the lambda which is being registered as the connector. + $ref: '#/components/schemas/LambdaConnectorProvisioningConfig' + additionalProperties: false + LambdaConnectorProvisioningConfig: + description: Contains information about the configuration of the lambda which is being registered as the connector. + type: object + properties: + LambdaArn: + description: Lambda ARN of the connector being registered. + type: string + pattern: arn:*:.*:.*:[0-9]+:.* + maxLength: 512 + required: + - LambdaArn + additionalProperties: false + Connector: + type: object + properties: + ConnectorLabel: + description: ' The name of the connector. The name is unique for each ConnectorRegistration in your AWS account.' + type: string + pattern: '[a-zA-Z0-9][\w!@#.-]+' + maxLength: 512 + ConnectorArn: + description: ' The arn of the connector. The arn is unique for each ConnectorRegistration in your AWS account.' + type: string + pattern: arn:*:appflow:.*:[0-9]+:.* + maxLength: 512 + ConnectorProvisioningType: + description: 'The provisioning type of the connector. Currently the only supported value is LAMBDA. ' + type: string + pattern: '[a-zA-Z0-9][\w!@#.-]+' + maxLength: 256 + minLength: 1 + ConnectorProvisioningConfig: + description: Contains information about the configuration of the connector being registered. + $ref: '#/components/schemas/ConnectorProvisioningConfig' + Description: + description: A description about the connector that's being registered. + type: string + pattern: '[\s\w/!@#+=.-]*' + maxLength: 2048 + required: + - ConnectorProvisioningType + - ConnectorProvisioningConfig + x-stackql-resource-name: connector + description: Resource schema for AWS::AppFlow::Connector + x-type-name: AWS::AppFlow::Connector + x-stackql-primary-identifier: + - ConnectorLabel + x-create-only-properties: + - ConnectorLabel + x-read-only-properties: + - ConnectorArn + x-required-properties: + - ConnectorProvisioningType + - ConnectorProvisioningConfig + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - appflow:RegisterConnector + - lambda:InvokeFunction + read: + - appflow:DescribeConnector + delete: + - appflow:UnRegisterConnector + list: + - appflow:ListConnectors + update: + - appflow:UpdateConnectorRegistration + - lambda:InvokeFunction + ConnectorType: + type: string + enum: + - SAPOData + - Salesforce + - Pardot + - Singular + - Slack + - Redshift + - S3 + - Marketo + - Googleanalytics + - Zendesk + - Servicenow + - Datadog + - Trendmicro + - Snowflake + - Dynatrace + - Infornexus + - Amplitude + - Veeva + - CustomConnector + - EventBridge + - Upsolver + - LookoutMetrics + ConnectorProfileConfig: + description: Connector specific configurations needed to create connector profile + type: object + properties: + ConnectorProfileProperties: + $ref: '#/components/schemas/ConnectorProfileProperties' + ConnectorProfileCredentials: + $ref: '#/components/schemas/ConnectorProfileCredentials' + ConnectorProfileProperties: + description: Connector specific properties needed to create connector profile - currently not needed for Amplitude, Trendmicro, Googleanalytics and Singular + type: object + properties: + Datadog: + $ref: '#/components/schemas/DatadogConnectorProfileProperties' + Dynatrace: + $ref: '#/components/schemas/DynatraceConnectorProfileProperties' + InforNexus: + $ref: '#/components/schemas/InforNexusConnectorProfileProperties' + Marketo: + $ref: '#/components/schemas/MarketoConnectorProfileProperties' + Redshift: + $ref: '#/components/schemas/RedshiftConnectorProfileProperties' + SAPOData: + $ref: '#/components/schemas/SAPODataConnectorProfileProperties' + Salesforce: + $ref: '#/components/schemas/SalesforceConnectorProfileProperties' + Pardot: + $ref: '#/components/schemas/PardotConnectorProfileProperties' + ServiceNow: + $ref: '#/components/schemas/ServiceNowConnectorProfileProperties' + Slack: + $ref: '#/components/schemas/SlackConnectorProfileProperties' + Snowflake: + $ref: '#/components/schemas/SnowflakeConnectorProfileProperties' + Veeva: + $ref: '#/components/schemas/VeevaConnectorProfileProperties' + Zendesk: + $ref: '#/components/schemas/ZendeskConnectorProfileProperties' + CustomConnector: + $ref: '#/components/schemas/CustomConnectorProfileProperties' + ConnectorProfileCredentials: + description: Connector specific configuration needed to create connector profile based on Authentication mechanism + type: object + properties: + Amplitude: + $ref: '#/components/schemas/AmplitudeConnectorProfileCredentials' + Datadog: + $ref: '#/components/schemas/DatadogConnectorProfileCredentials' + Dynatrace: + $ref: '#/components/schemas/DynatraceConnectorProfileCredentials' + GoogleAnalytics: + $ref: '#/components/schemas/GoogleAnalyticsConnectorProfileCredentials' + InforNexus: + $ref: '#/components/schemas/InforNexusConnectorProfileCredentials' + Marketo: + $ref: '#/components/schemas/MarketoConnectorProfileCredentials' + Redshift: + $ref: '#/components/schemas/RedshiftConnectorProfileCredentials' + SAPOData: + $ref: '#/components/schemas/SAPODataConnectorProfileCredentials' + Salesforce: + $ref: '#/components/schemas/SalesforceConnectorProfileCredentials' + Pardot: + $ref: '#/components/schemas/PardotConnectorProfileCredentials' + ServiceNow: + $ref: '#/components/schemas/ServiceNowConnectorProfileCredentials' + Singular: + $ref: '#/components/schemas/SingularConnectorProfileCredentials' + Slack: + $ref: '#/components/schemas/SlackConnectorProfileCredentials' + Snowflake: + $ref: '#/components/schemas/SnowflakeConnectorProfileCredentials' + Trendmicro: + $ref: '#/components/schemas/TrendmicroConnectorProfileCredentials' + Veeva: + $ref: '#/components/schemas/VeevaConnectorProfileCredentials' + Zendesk: + $ref: '#/components/schemas/ZendeskConnectorProfileCredentials' + CustomConnector: + $ref: '#/components/schemas/CustomConnectorProfileCredentials' + AmplitudeConnectorProfileCredentials: + type: object + required: + - ApiKey + - SecretKey + properties: + ApiKey: + description: A unique alphanumeric identifier used to authenticate a user, developer, or calling program to your API. + $ref: '#/components/schemas/ApiKey' + SecretKey: + $ref: '#/components/schemas/SecretKey' + DatadogConnectorProfileCredentials: + type: object + required: + - ApiKey + - ApplicationKey + properties: + ApiKey: + description: A unique alphanumeric identifier used to authenticate a user, developer, or calling program to your API. + $ref: '#/components/schemas/ApiKey' + ApplicationKey: + description: Application keys, in conjunction with your API key, give you full access to Datadog’s programmatic API. Application keys are associated with the user account that created them. The application key is used to log all requests made to the API. + $ref: '#/components/schemas/ApplicationKey' + DatadogConnectorProfileProperties: + type: object + required: + - InstanceUrl + properties: + InstanceUrl: + description: The location of the Datadog resource + $ref: '#/components/schemas/InstanceUrl' + DynatraceConnectorProfileCredentials: + type: object + required: + - ApiToken + properties: + ApiToken: + description: The API tokens used by Dynatrace API to authenticate various API calls. + $ref: '#/components/schemas/ApiToken' + DynatraceConnectorProfileProperties: + type: object + required: + - InstanceUrl + properties: + InstanceUrl: + description: The location of the Dynatrace resource + $ref: '#/components/schemas/InstanceUrl' + GoogleAnalyticsConnectorProfileCredentials: + type: object + required: + - ClientId + - ClientSecret + properties: + ClientId: + description: The identifier for the desired client. + $ref: '#/components/schemas/ClientId' + ClientSecret: + description: The client secret used by the oauth client to authenticate to the authorization server. + $ref: '#/components/schemas/ClientSecret' + AccessToken: + description: The credentials used to access protected resources. + $ref: '#/components/schemas/AccessToken' + RefreshToken: + description: The credentials used to acquire new access tokens. + $ref: '#/components/schemas/RefreshToken' + ConnectorOAuthRequest: + description: The oauth needed to request security tokens from the connector endpoint. + $ref: '#/components/schemas/ConnectorOAuthRequest' + InforNexusConnectorProfileCredentials: + type: object + required: + - AccessKeyId + - UserId + - SecretAccessKey + - Datakey + properties: + AccessKeyId: + description: The Access Key portion of the credentials. + $ref: '#/components/schemas/AccessKeyId' + UserId: + description: The identifier for the user. + $ref: '#/components/schemas/Username' + SecretAccessKey: + description: The secret key used to sign requests. + $ref: '#/components/schemas/Key' + Datakey: + description: The encryption keys used to encrypt data. + $ref: '#/components/schemas/Key' + InforNexusConnectorProfileProperties: + type: object + required: + - InstanceUrl + properties: + InstanceUrl: + description: The location of the InforNexus resource + $ref: '#/components/schemas/InstanceUrl' + MarketoConnectorProfileCredentials: + type: object + required: + - ClientId + - ClientSecret + properties: + ClientId: + description: The identifier for the desired client. + $ref: '#/components/schemas/ClientId' + ClientSecret: + description: The client secret used by the oauth client to authenticate to the authorization server. + $ref: '#/components/schemas/ClientSecret' + AccessToken: + description: The credentials used to access protected resources. + $ref: '#/components/schemas/AccessToken' + ConnectorOAuthRequest: + description: The oauth needed to request security tokens from the connector endpoint. + $ref: '#/components/schemas/ConnectorOAuthRequest' + MarketoConnectorProfileProperties: + type: object + required: + - InstanceUrl + properties: + InstanceUrl: + description: The location of the Marketo resource + $ref: '#/components/schemas/InstanceUrl' + RedshiftConnectorProfileCredentials: + type: object + properties: + Username: + description: The name of the user. + $ref: '#/components/schemas/Username' + Password: + description: The password that corresponds to the username. + $ref: '#/components/schemas/Password' + RedshiftConnectorProfileProperties: + type: object + required: + - BucketName + - RoleArn + properties: + DatabaseUrl: + description: The JDBC URL of the Amazon Redshift cluster. + $ref: '#/components/schemas/DatabaseUrl' + BucketName: + description: The name of the Amazon S3 bucket associated with Redshift. + $ref: '#/components/schemas/BucketName' + BucketPrefix: + description: The object key for the destination bucket in which Amazon AppFlow will place the files. + $ref: '#/components/schemas/BucketPrefix' + RoleArn: + description: The Amazon Resource Name (ARN) of the IAM role. + $ref: '#/components/schemas/RoleArn' + IsRedshiftServerless: + description: If Amazon AppFlow will connect to Amazon Redshift Serverless or Amazon Redshift cluster. + type: boolean + DataApiRoleArn: + description: The Amazon Resource Name (ARN) of the IAM role that grants Amazon AppFlow access to the data through the Amazon Redshift Data API. + $ref: '#/components/schemas/DataApiRoleArn' + ClusterIdentifier: + description: The unique identifier of the Amazon Redshift cluster. + $ref: '#/components/schemas/ClusterIdentifier' + WorkgroupName: + description: The name of the Amazon Redshift serverless workgroup + $ref: '#/components/schemas/WorkgroupName' + DatabaseName: + description: The name of the Amazon Redshift database that will store the transferred data. + $ref: '#/components/schemas/DatabaseName' + SAPODataConnectorProfileCredentials: + type: object + properties: + BasicAuthCredentials: + $ref: '#/components/schemas/BasicAuthCredentials' + OAuthCredentials: + type: object + properties: + AccessToken: + $ref: '#/components/schemas/AccessToken' + RefreshToken: + $ref: '#/components/schemas/RefreshToken' + ConnectorOAuthRequest: + $ref: '#/components/schemas/ConnectorOAuthRequest' + ClientId: + $ref: '#/components/schemas/ClientId' + ClientSecret: + $ref: '#/components/schemas/ClientSecret' + SAPODataConnectorProfileProperties: + type: object + properties: + ApplicationHostUrl: + $ref: '#/components/schemas/ApplicationHostUrl' + ApplicationServicePath: + $ref: '#/components/schemas/ApplicationServicePath' + PortNumber: + $ref: '#/components/schemas/PortNumber' + ClientNumber: + $ref: '#/components/schemas/ClientNumber' + LogonLanguage: + $ref: '#/components/schemas/LogonLanguage' + PrivateLinkServiceName: + $ref: '#/components/schemas/PrivateLinkServiceName' + OAuthProperties: + $ref: '#/components/schemas/OAuthProperties' + DisableSSO: + description: If you set this parameter to true, Amazon AppFlow bypasses the single sign-on (SSO) settings in your SAP account when it accesses your SAP OData instance. + type: boolean + SalesforceConnectorProfileCredentials: + type: object + properties: + AccessToken: + description: The credentials used to access protected resources. + $ref: '#/components/schemas/AccessToken' + RefreshToken: + description: The credentials used to acquire new access tokens. + $ref: '#/components/schemas/RefreshToken' + ConnectorOAuthRequest: + description: The oauth needed to request security tokens from the connector endpoint. + $ref: '#/components/schemas/ConnectorOAuthRequest' + ClientCredentialsArn: + description: The client credentials to fetch access token and refresh token. + $ref: '#/components/schemas/ClientCredentialsArn' + OAuth2GrantType: + description: The grant types to fetch an access token + $ref: '#/components/schemas/OAuth2GrantType' + JwtToken: + description: The credentials used to access your Salesforce records + $ref: '#/components/schemas/JwtToken' + SalesforceConnectorProfileProperties: + type: object + properties: + InstanceUrl: + description: The location of the Salesforce resource + $ref: '#/components/schemas/InstanceUrl' + isSandboxEnvironment: + description: Indicates whether the connector profile applies to a sandbox or production environment + type: boolean + usePrivateLinkForMetadataAndAuthorization: + description: Indicates whether to make Metadata And Authorization calls over Pivate Network + type: boolean + PardotConnectorProfileProperties: + type: object + required: + - BusinessUnitId + properties: + InstanceUrl: + description: The location of the Salesforce Pardot resource + $ref: '#/components/schemas/InstanceUrl' + IsSandboxEnvironment: + description: Indicates whether the connector profile applies to a demo or production environment + type: boolean + BusinessUnitId: + description: The Business unit id of Salesforce Pardot instance to be connected + $ref: '#/components/schemas/BusinessUnitId' + PardotConnectorProfileCredentials: + type: object + properties: + AccessToken: + description: The credentials used to access protected resources. + $ref: '#/components/schemas/AccessToken' + RefreshToken: + description: The credentials used to acquire new access tokens. + $ref: '#/components/schemas/RefreshToken' + ConnectorOAuthRequest: + description: The oauth needed to request security tokens from the connector endpoint. + $ref: '#/components/schemas/ConnectorOAuthRequest' + ClientCredentialsArn: + description: The client credentials to fetch access token and refresh token. + $ref: '#/components/schemas/ClientCredentialsArn' + ServiceNowConnectorProfileCredentials: + type: object + properties: + Username: + description: The name of the user. + $ref: '#/components/schemas/Username' + Password: + description: The password that corresponds to the username. + $ref: '#/components/schemas/Password' + OAuth2Credentials: + description: The OAuth 2.0 credentials required to authenticate the user. + $ref: '#/components/schemas/OAuth2Credentials' + ServiceNowConnectorProfileProperties: + type: object + required: + - InstanceUrl + properties: + InstanceUrl: + description: The location of the ServiceNow resource + $ref: '#/components/schemas/InstanceUrl' + SingularConnectorProfileCredentials: + type: object + required: + - ApiKey + properties: + ApiKey: + description: A unique alphanumeric identifier used to authenticate a user, developer, or calling program to your API. + $ref: '#/components/schemas/ApiKey' + SlackConnectorProfileCredentials: + type: object + required: + - ClientId + - ClientSecret + properties: + ClientId: + description: The identifier for the desired client. + $ref: '#/components/schemas/ClientId' + ClientSecret: + description: The client secret used by the oauth client to authenticate to the authorization server. + $ref: '#/components/schemas/ClientSecret' + AccessToken: + description: The credentials used to access protected resources. + $ref: '#/components/schemas/AccessToken' + ConnectorOAuthRequest: + description: The oauth needed to request security tokens from the connector endpoint. + $ref: '#/components/schemas/ConnectorOAuthRequest' + SlackConnectorProfileProperties: + type: object + required: + - InstanceUrl + properties: + InstanceUrl: + description: The location of the Slack resource + $ref: '#/components/schemas/InstanceUrl' + SnowflakeConnectorProfileCredentials: + type: object + required: + - Username + - Password + properties: + Username: + description: The name of the user. + $ref: '#/components/schemas/Username' + Password: + description: The password that corresponds to the username. + $ref: '#/components/schemas/Password' + SnowflakeConnectorProfileProperties: + type: object + required: + - Warehouse + - Stage + - BucketName + properties: + Warehouse: + description: The name of the Snowflake warehouse. + $ref: '#/components/schemas/Warehouse' + Stage: + description: |- + The name of the Amazon S3 stage that was created while setting up an Amazon S3 stage in the + Snowflake account. This is written in the following format: < Database>< Schema>. + $ref: '#/components/schemas/Stage' + BucketName: + description: The name of the Amazon S3 bucket associated with Snowflake. + $ref: '#/components/schemas/BucketName' + BucketPrefix: + description: The bucket prefix that refers to the Amazon S3 bucket associated with Snowflake. + $ref: '#/components/schemas/BucketPrefix' + PrivateLinkServiceName: + description: The Snowflake Private Link service name to be used for private data transfers. + $ref: '#/components/schemas/PrivateLinkServiceName' + AccountName: + description: The name of the account. + $ref: '#/components/schemas/AccountName' + Region: + description: The region of the Snowflake account. + $ref: '#/components/schemas/Region' + TrendmicroConnectorProfileCredentials: + type: object + required: + - ApiSecretKey + properties: + ApiSecretKey: + description: The Secret Access Key portion of the credentials. + $ref: '#/components/schemas/ApiSecretKey' + VeevaConnectorProfileCredentials: + type: object + required: + - Username + - Password + properties: + Username: + description: The name of the user. + $ref: '#/components/schemas/Username' + Password: + description: The password that corresponds to the username. + $ref: '#/components/schemas/Password' + VeevaConnectorProfileProperties: + type: object + required: + - InstanceUrl + properties: + InstanceUrl: + description: The location of the Veeva resource + $ref: '#/components/schemas/InstanceUrl' + ZendeskConnectorProfileCredentials: + type: object + required: + - ClientId + - ClientSecret + properties: + ClientId: + description: The identifier for the desired client. + $ref: '#/components/schemas/ClientId' + ClientSecret: + description: The client secret used by the oauth client to authenticate to the authorization server. + $ref: '#/components/schemas/ClientSecret' + AccessToken: + description: The credentials used to access protected resources. + $ref: '#/components/schemas/AccessToken' + ConnectorOAuthRequest: + description: The oauth needed to request security tokens from the connector endpoint. + $ref: '#/components/schemas/ConnectorOAuthRequest' + ZendeskConnectorProfileProperties: + type: object + required: + - InstanceUrl + properties: + InstanceUrl: + description: The location of the Zendesk resource + $ref: '#/components/schemas/InstanceUrl' + CustomConnectorProfileCredentials: + type: object + required: + - AuthenticationType + properties: + AuthenticationType: + $ref: '#/components/schemas/AuthenticationType' + Basic: + $ref: '#/components/schemas/BasicAuthCredentials' + Oauth2: + $ref: '#/components/schemas/OAuth2Credentials' + ApiKey: + $ref: '#/components/schemas/ApiKeyCredentials' + Custom: + $ref: '#/components/schemas/CustomAuthCredentials' + additionalProperties: false + CustomConnectorProfileProperties: + type: object + properties: + ProfileProperties: + $ref: '#/components/schemas/ProfileProperties' + OAuth2Properties: + $ref: '#/components/schemas/OAuth2Properties' + additionalProperties: false + ApiKeyCredentials: + type: object + required: + - ApiKey + properties: + ApiKey: + $ref: '#/components/schemas/ApiKey' + ApiSecretKey: + $ref: '#/components/schemas/ApiSecretKey' + additionalProperties: false + CustomAuthCredentials: + type: object + required: + - CustomAuthenticationType + properties: + CustomAuthenticationType: + $ref: '#/components/schemas/CustomAuthenticationType' + CredentialsMap: + $ref: '#/components/schemas/CredentialsMap' + additionalProperties: false + CredentialsMap: + description: A map for properties for custom authentication. + type: object + x-patternProperties: + ^[\w]{1,128}$: + description: A string containing the value for the property + type: string + minLength: 1 + maxLength: 2048 + pattern: \S+ + required: [] + additionalProperties: false + OAuth2Credentials: + type: object + properties: + ClientId: + $ref: '#/components/schemas/ClientId' + ClientSecret: + $ref: '#/components/schemas/ClientSecret' + AccessToken: + $ref: '#/components/schemas/AccessToken' + RefreshToken: + $ref: '#/components/schemas/RefreshToken' + OAuthRequest: + $ref: '#/components/schemas/ConnectorOAuthRequest' + additionalProperties: false + BasicAuthCredentials: + type: object + required: + - Username + - Password + properties: + Username: + $ref: '#/components/schemas/Username' + Password: + $ref: '#/components/schemas/Password' + additionalProperties: false + AuthenticationType: + type: string + enum: + - OAUTH2 + - APIKEY + - BASIC + - CUSTOM + OAuth2Properties: + type: object + properties: + TokenUrl: + type: string + minLength: 0 + maxLength: 256 + pattern: ^(https?)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|] + OAuth2GrantType: + $ref: '#/components/schemas/OAuth2GrantType' + TokenUrlCustomProperties: + $ref: '#/components/schemas/TokenUrlCustomProperties' + additionalProperties: false + ProfileProperties: + description: A map for properties for custom connector. + type: object + x-patternProperties: + ^[\w]{1,256}$: + description: A string containing the value for the property + type: string + minLength: 1 + maxLength: 2048 + pattern: \S+ + required: [] + additionalProperties: false + OAuth2GrantType: + type: string + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - JWT_BEARER + TokenUrlCustomProperties: + description: A map for properties for custom connector Token Url. + type: object + x-patternProperties: + ^[\w]{1,128}$: + description: A string containing the value for the property + type: string + minLength: 1 + maxLength: 2048 + pattern: \S+ + required: [] + additionalProperties: false + CustomAuthenticationType: + type: string + pattern: \S+ + maxLength: 256 + ClientId: + type: string + pattern: \S+ + maxLength: 512 + ClientSecret: + type: string + pattern: \S+ + maxLength: 512 + InstanceUrl: + type: string + pattern: \S+ + maxLength: 256 + AccessToken: + type: string + pattern: \S+ + maxLength: 4096 + ApiKey: + type: string + pattern: \S+ + maxLength: 256 + ApiSecretKey: + type: string + pattern: \S+ + maxLength: 256 + ApiToken: + type: string + pattern: \S+ + maxLength: 256 + ApplicationKey: + type: string + pattern: \S+ + maxLength: 512 + AuthCode: + type: string + pattern: \S+ + maxLength: 4096 + BucketName: + type: string + minLength: 3 + maxLength: 63 + pattern: \S+ + BucketPrefix: + type: string + maxLength: 512 + Key: + type: string + pattern: \S+ + maxLength: 512 + DatabaseUrl: + type: string + pattern: \S+ + maxLength: 512 + RoleArn: + type: string + pattern: arn:aws:iam:.*:[0-9]+:.* + maxLength: 512 + DataApiRoleArn: + type: string + pattern: arn:aws:iam:.*:[0-9]+:.* + maxLength: 512 + ClusterIdentifier: + type: string + pattern: \S+ + maxLength: 512 + WorkgroupName: + type: string + pattern: \S+ + maxLength: 512 + DatabaseName: + type: string + pattern: \S+ + maxLength: 512 + Warehouse: + type: string + pattern: '[\s\w/!@#+=.-]*' + maxLength: 512 + Stage: + type: string + pattern: \S+ + maxLength: 512 + PrivateLinkServiceName: + type: string + pattern: \S+ + maxLength: 512 + AccountName: + type: string + pattern: \S+ + maxLength: 512 + JwtToken: + type: string + pattern: ^[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.[A-Za-z0-9-_.+/=]*$ + maxLength: 8000 + RefreshToken: + type: string + pattern: \S+ + maxLength: 4096 + Region: + type: string + pattern: \S+ + maxLength: 64 + SecretKey: + type: string + pattern: \S+ + maxLength: 256 + AccessKeyId: + type: string + pattern: \S+ + maxLength: 256 + Username: + type: string + pattern: \S+ + maxLength: 512 + Password: + type: string + pattern: \S+ + maxLength: 512 + BusinessUnitId: + type: string + pattern: \S+ + maxLength: 18 + ConnectorOAuthRequest: + type: object + properties: + AuthCode: + description: The code provided by the connector when it has been authenticated via the connected app. + type: string + RedirectUri: + description: |- + The URL to which the authentication server redirects the browser after authorization has been + granted. + type: string + ClientCredentialsArn: + type: string + pattern: arn:aws:secretsmanager:.*:[0-9]+:.* + maxLength: 2048 + ApplicationHostUrl: + type: string + maxLength: 256 + pattern: ^(https?)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|] + ApplicationServicePath: + type: string + pattern: \S+ + maxLength: 512 + ClientNumber: + type: string + pattern: ^\d{3}$ + minLength: 3 + maxLength: 3 + LogonLanguage: + type: string + pattern: ^[a-zA-Z0-9_]*$ + maxLength: 2 + PortNumber: + type: integer + minimum: 1 + maximum: 65535 + OAuthProperties: + type: object + properties: + AuthCodeUrl: + type: string + maxLength: 256 + pattern: ^(https?)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|] + TokenUrl: + type: string + maxLength: 256 + pattern: ^(https?)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|] + OAuthScopes: + type: array + uniqueItems: true + items: + type: string + maxLength: 128 + pattern: '[/\w]*' + ConnectorProfile: + type: object + properties: + ConnectorProfileArn: + description: Unique identifier for connector profile resources + type: string + pattern: arn:aws:appflow:.*:[0-9]+:.* + maxLength: 512 + ConnectorLabel: + description: The label of the connector. The label is unique for each ConnectorRegistration in your AWS account. Only needed if calling for CUSTOMCONNECTOR connector type/. + type: string + pattern: '[\w!@#.-]+' + maxLength: 256 + ConnectorProfileName: + description: The maximum number of items to retrieve in a single batch. + type: string + pattern: '[\w/!@#+=.-]+' + maxLength: 256 + KMSArn: + description: The ARN of the AWS Key Management Service (AWS KMS) key that's used to encrypt your function's environment variables. If it's not provided, AWS Lambda uses a default service key. + type: string + pattern: arn:aws:kms:.*:[0-9]+:.* + maxLength: 2048 + minLength: 20 + ConnectorType: + description: List of Saas providers that need connector profile to be created + $ref: '#/components/schemas/ConnectorType' + ConnectionMode: + description: Mode in which data transfer should be enabled. Private connection mode is currently enabled for Salesforce, Snowflake, Trendmicro and Singular + type: string + enum: + - Public + - Private + ConnectorProfileConfig: + description: Connector specific configurations needed to create connector profile + $ref: '#/components/schemas/ConnectorProfileConfig' + CredentialsArn: + description: A unique Arn for Connector-Profile resource + type: string + pattern: arn:aws:.*:.*:[0-9]+:.* + maxLength: 512 + required: + - ConnectorProfileName + - ConnectionMode + - ConnectorType + x-stackql-resource-name: connector_profile + description: Resource Type definition for AWS::AppFlow::ConnectorProfile + x-type-name: AWS::AppFlow::ConnectorProfile + x-stackql-primary-identifier: + - ConnectorProfileName + x-create-only-properties: + - ConnectorProfileName + - ConnectorType + - ConnectorLabel + x-write-only-properties: + - ConnectorProfileConfig + - KMSArn + x-read-only-properties: + - ConnectorProfileArn + - CredentialsArn + x-required-properties: + - ConnectorProfileName + - ConnectionMode + - ConnectorType + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - appflow:CreateConnectorProfile + - kms:ListKeys + - kms:DescribeKey + - kms:ListAliases + - kms:CreateGrant + - kms:ListGrants + - iam:PassRole + - secretsmanager:CreateSecret + - secretsmanager:GetSecretValue + - secretsmanager:PutResourcePolicy + delete: + - appflow:DeleteConnectorProfile + list: + - appflow:DescribeConnectorProfiles + read: + - appflow:DescribeConnectorProfiles + update: + - appflow:UpdateConnectorProfile + - kms:ListKeys + - kms:DescribeKey + - kms:ListAliases + - kms:CreateGrant + - kms:ListGrants + - iam:PassRole + - secretsmanager:CreateSecret + - secretsmanager:GetSecretValue + - secretsmanager:PutResourcePolicy + TriggerConfig: + description: Trigger settings of the flow. + type: object + properties: + TriggerType: + description: Trigger type of the flow + $ref: '#/components/schemas/TriggerType' + TriggerProperties: + description: Details required based on the type of trigger + $ref: '#/components/schemas/ScheduledTriggerProperties' + required: + - TriggerType + additionalProperties: false + SourceFlowConfig: + description: Configurations of Source connector of the flow. + type: object + properties: + ConnectorType: + description: Type of source connector + $ref: '#/components/schemas/ConnectorType' + ApiVersion: + description: The API version that the destination connector uses. + $ref: '#/components/schemas/ApiVersion' + ConnectorProfileName: + description: Name of source connector profile + $ref: '#/components/schemas/ConnectorProfileName' + SourceConnectorProperties: + description: Source connector details required to query a connector + $ref: '#/components/schemas/SourceConnectorProperties' + IncrementalPullConfig: + description: Configuration for scheduled incremental data pull + $ref: '#/components/schemas/IncrementalPullConfig' + required: + - ConnectorType + - SourceConnectorProperties + additionalProperties: false + DestinationFlowConfig: + description: Configurations of destination connector. + type: object + properties: + ConnectorType: + description: Destination connector type + $ref: '#/components/schemas/ConnectorType' + ApiVersion: + description: The API version that the destination connector uses. + $ref: '#/components/schemas/ApiVersion' + ConnectorProfileName: + description: Name of destination connector profile + $ref: '#/components/schemas/ConnectorProfileName' + DestinationConnectorProperties: + description: Destination connector details + $ref: '#/components/schemas/DestinationConnectorProperties' + required: + - ConnectorType + - DestinationConnectorProperties + additionalProperties: false + Task: + type: object + properties: + SourceFields: + description: Source fields on which particular task will be applied + type: array + items: + type: string + ConnectorOperator: + description: Operation to be performed on provided source fields + $ref: '#/components/schemas/ConnectorOperator' + DestinationField: + description: A field value on which source field should be validated + type: string + maxLength: 256 + TaskType: + description: Type of task + $ref: '#/components/schemas/TaskType' + TaskProperties: + description: A Map used to store task related info + type: array + items: + $ref: '#/components/schemas/TaskPropertiesObject' + required: + - SourceFields + - TaskType + additionalProperties: false + Tag: + description: A label for tagging AppFlow resources + type: object + properties: + Key: + description: A string used to identify this tag + type: string + minLength: 1 + maxLength: 128 + Value: + description: A string containing the value for the tag + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + MetadataCatalogConfig: + description: Configurations of metadata catalog of the flow. + type: object + properties: + GlueDataCatalog: + description: Configurations of glue data catalog of the flow. + $ref: '#/components/schemas/GlueDataCatalog' + additionalProperties: false + GlueDataCatalog: + description: Trigger settings of the flow. + type: object + properties: + RoleArn: + description: A string containing the value for the tag + type: string + minLength: 0 + maxLength: 512 + pattern: arn:aws:iam:.*:[0-9]+:.* + DatabaseName: + description: A string containing the value for the tag + type: string + minLength: 0 + maxLength: 255 + pattern: '[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\t]*' + TablePrefix: + description: A string containing the value for the tag + type: string + minLength: 0 + maxLength: 128 + pattern: '[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\t]*' + required: + - RoleArn + - DatabaseName + - TablePrefix + additionalProperties: false + DestinationConnectorProperties: + description: Destination connector details + type: object + properties: + Redshift: + $ref: '#/components/schemas/RedshiftDestinationProperties' + S3: + $ref: '#/components/schemas/S3DestinationProperties' + Salesforce: + $ref: '#/components/schemas/SalesforceDestinationProperties' + Snowflake: + $ref: '#/components/schemas/SnowflakeDestinationProperties' + EventBridge: + $ref: '#/components/schemas/EventBridgeDestinationProperties' + Upsolver: + $ref: '#/components/schemas/UpsolverDestinationProperties' + LookoutMetrics: + $ref: '#/components/schemas/LookoutMetricsDestinationProperties' + Marketo: + $ref: '#/components/schemas/MarketoDestinationProperties' + Zendesk: + $ref: '#/components/schemas/ZendeskDestinationProperties' + CustomConnector: + $ref: '#/components/schemas/CustomConnectorDestinationProperties' + SAPOData: + $ref: '#/components/schemas/SAPODataDestinationProperties' + IncrementalPullConfig: + description: Configuration for scheduled incremental data pull + type: object + properties: + DatetimeTypeFieldName: + $ref: '#/components/schemas/DatetimeTypeFieldName' + SourceConnectorProperties: + description: Source connector details required to query a connector + type: object + properties: + Amplitude: + $ref: '#/components/schemas/AmplitudeSourceProperties' + Datadog: + $ref: '#/components/schemas/DatadogSourceProperties' + Dynatrace: + $ref: '#/components/schemas/DynatraceSourceProperties' + GoogleAnalytics: + $ref: '#/components/schemas/GoogleAnalyticsSourceProperties' + InforNexus: + $ref: '#/components/schemas/InforNexusSourceProperties' + Marketo: + $ref: '#/components/schemas/MarketoSourceProperties' + S3: + $ref: '#/components/schemas/S3SourceProperties' + SAPOData: + $ref: '#/components/schemas/SAPODataSourceProperties' + Salesforce: + $ref: '#/components/schemas/SalesforceSourceProperties' + Pardot: + $ref: '#/components/schemas/PardotSourceProperties' + ServiceNow: + $ref: '#/components/schemas/ServiceNowSourceProperties' + Singular: + $ref: '#/components/schemas/SingularSourceProperties' + Slack: + $ref: '#/components/schemas/SlackSourceProperties' + Trendmicro: + $ref: '#/components/schemas/TrendmicroSourceProperties' + Veeva: + $ref: '#/components/schemas/VeevaSourceProperties' + Zendesk: + $ref: '#/components/schemas/ZendeskSourceProperties' + CustomConnector: + $ref: '#/components/schemas/CustomConnectorSourceProperties' + ConnectorOperator: + description: Operation to be performed on provided source fields + type: object + properties: + Amplitude: + $ref: '#/components/schemas/AmplitudeConnectorOperator' + Datadog: + $ref: '#/components/schemas/DatadogConnectorOperator' + Dynatrace: + $ref: '#/components/schemas/DynatraceConnectorOperator' + GoogleAnalytics: + $ref: '#/components/schemas/GoogleAnalyticsConnectorOperator' + InforNexus: + $ref: '#/components/schemas/InforNexusConnectorOperator' + Marketo: + $ref: '#/components/schemas/MarketoConnectorOperator' + S3: + $ref: '#/components/schemas/S3ConnectorOperator' + SAPOData: + $ref: '#/components/schemas/SAPODataConnectorOperator' + Salesforce: + $ref: '#/components/schemas/SalesforceConnectorOperator' + Pardot: + $ref: '#/components/schemas/PardotConnectorOperator' + ServiceNow: + $ref: '#/components/schemas/ServiceNowConnectorOperator' + Singular: + $ref: '#/components/schemas/SingularConnectorOperator' + Slack: + $ref: '#/components/schemas/SlackConnectorOperator' + Trendmicro: + $ref: '#/components/schemas/TrendmicroConnectorOperator' + Veeva: + $ref: '#/components/schemas/VeevaConnectorOperator' + Zendesk: + $ref: '#/components/schemas/ZendeskConnectorOperator' + CustomConnector: + $ref: '#/components/schemas/Operator' + ScheduledTriggerProperties: + description: Details required for scheduled trigger type + type: object + properties: + ScheduleExpression: + type: string + minLength: 1 + maxLength: 256 + DataPullMode: + type: string + enum: + - Incremental + - Complete + ScheduleStartTime: + type: number + ScheduleEndTime: + type: number + FirstExecutionFrom: + type: number + TimeZone: + type: string + maxLength: 256 + ScheduleOffset: + type: number + minimum: 0 + maximum: 36000 + FlowErrorDeactivationThreshold: + type: integer + minimum: 1 + maximum: 100 + required: + - ScheduleExpression + additionalProperties: false + CustomProperties: + description: A map for properties for custom connector. + type: object + x-patternProperties: + ^[\w]{1,2048}$: + description: A string containing the value for the property + type: string + minLength: 1 + maxLength: 2048 + pattern: \S+ + required: [] + additionalProperties: false + TriggerType: + type: string + enum: + - Scheduled + - Event + - OnDemand + Object: + type: string + maxLength: 512 + pattern: \S+ + EntityName: + type: string + maxLength: 1024 + pattern: \S+ + EnableDynamicFieldUpdate: + type: boolean + IncludeDeletedRecords: + type: boolean + IncludeAllVersions: + type: boolean + IncludeRenditions: + type: boolean + IncludeSourceFiles: + type: boolean + DocumentType: + type: string + maxLength: 512 + pattern: '[\s\w_-]+' + UpsolverBucketName: + type: string + minLength: 16 + maxLength: 63 + pattern: ^(upsolver-appflow)\S* + S3InputFormatConfig: + type: object + properties: + S3InputFileType: + type: string + enum: + - CSV + - JSON + ErrorHandlingConfig: + type: object + properties: + FailOnFirstError: + type: boolean + BucketPrefix: + $ref: '#/components/schemas/BucketPrefix' + BucketName: + $ref: '#/components/schemas/BucketName' + additionalProperties: false + SuccessResponseHandlingConfig: + type: object + properties: + BucketPrefix: + $ref: '#/components/schemas/BucketPrefix' + BucketName: + $ref: '#/components/schemas/BucketName' + additionalProperties: false + Name: + type: string + maxLength: 128 + pattern: \S+ + WriteOperationType: + type: string + enum: + - INSERT + - UPSERT + - UPDATE + - DELETE + FileType: + type: string + enum: + - CSV + - JSON + - PARQUET + AggregationType: + type: string + enum: + - None + - SingleFile + TargetFileSize: + type: integer + PreserveSourceDataTyping: + type: boolean + PrefixType: + type: string + enum: + - FILENAME + - PATH + - PATH_AND_FILENAME + PrefixFormat: + type: string + enum: + - YEAR + - MONTH + - DAY + - HOUR + - MINUTE + PathPrefixHierarchy: + type: array + items: + $ref: '#/components/schemas/PathPrefix' + PathPrefix: + type: string + enum: + - EXECUTION_ID + - SCHEMA_VERSION + PrefixConfig: + type: object + properties: + PrefixType: + $ref: '#/components/schemas/PrefixType' + PrefixFormat: + $ref: '#/components/schemas/PrefixFormat' + PathPrefixHierarchy: + $ref: '#/components/schemas/PathPrefixHierarchy' + additionalProperties: false + AggregationConfig: + type: object + properties: + AggregationType: + $ref: '#/components/schemas/AggregationType' + TargetFileSize: + $ref: '#/components/schemas/TargetFileSize' + S3OutputFormatConfig: + type: object + properties: + FileType: + $ref: '#/components/schemas/FileType' + PrefixConfig: + $ref: '#/components/schemas/PrefixConfig' + AggregationConfig: + $ref: '#/components/schemas/AggregationConfig' + PreserveSourceDataTyping: + $ref: '#/components/schemas/PreserveSourceDataTyping' + additionalProperties: false + UpsolverS3OutputFormatConfig: + type: object + properties: + FileType: + $ref: '#/components/schemas/FileType' + PrefixConfig: + $ref: '#/components/schemas/PrefixConfig' + AggregationConfig: + $ref: '#/components/schemas/AggregationConfig' + required: + - PrefixConfig + additionalProperties: false + ApiVersion: + description: The API version that the connector will use. + type: string + pattern: \S+ + maxLength: 256 + ConnectorProfileName: + description: Name of connector profile + type: string + pattern: '[\w/!@#+=.-]+' + maxLength: 256 + AmplitudeSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + required: + - Object + additionalProperties: false + DatadogSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + required: + - Object + additionalProperties: false + DynatraceSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + required: + - Object + additionalProperties: false + GoogleAnalyticsSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + required: + - Object + additionalProperties: false + InforNexusSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + required: + - Object + additionalProperties: false + MarketoSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + required: + - Object + additionalProperties: false + S3SourceProperties: + type: object + properties: + BucketName: + $ref: '#/components/schemas/BucketName' + BucketPrefix: + $ref: '#/components/schemas/BucketPrefix' + S3InputFormatConfig: + $ref: '#/components/schemas/S3InputFormatConfig' + required: + - BucketName + - BucketPrefix + additionalProperties: false + SAPODataSourceProperties: + type: object + properties: + ObjectPath: + $ref: '#/components/schemas/Object' + parallelismConfig: + $ref: '#/components/schemas/SAPODataParallelismConfig' + paginationConfig: + $ref: '#/components/schemas/SAPODataPaginationConfig' + required: + - ObjectPath + additionalProperties: false + SalesforceSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + EnableDynamicFieldUpdate: + $ref: '#/components/schemas/EnableDynamicFieldUpdate' + IncludeDeletedRecords: + $ref: '#/components/schemas/IncludeDeletedRecords' + DataTransferApi: + $ref: '#/components/schemas/DataTransferApi' + required: + - Object + additionalProperties: false + PardotSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + required: + - Object + additionalProperties: false + ServiceNowSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + required: + - Object + additionalProperties: false + SingularSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + required: + - Object + additionalProperties: false + SlackSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + required: + - Object + additionalProperties: false + TrendmicroSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + required: + - Object + additionalProperties: false + VeevaSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + DocumentType: + $ref: '#/components/schemas/DocumentType' + IncludeSourceFiles: + $ref: '#/components/schemas/IncludeSourceFiles' + IncludeRenditions: + $ref: '#/components/schemas/IncludeRenditions' + IncludeAllVersions: + $ref: '#/components/schemas/IncludeAllVersions' + required: + - Object + additionalProperties: false + ZendeskSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + required: + - Object + additionalProperties: false + CustomConnectorSourceProperties: + type: object + properties: + EntityName: + $ref: '#/components/schemas/EntityName' + CustomProperties: + $ref: '#/components/schemas/CustomProperties' + DataTransferApi: + type: object + properties: + Name: + type: string + maxLength: 64 + pattern: '[\w/-]+' + Type: + type: string + enum: + - SYNC + - ASYNC + - AUTOMATIC + required: + - Name + - Type + additionalProperties: false + required: + - EntityName + additionalProperties: false + CustomConnectorDestinationProperties: + type: object + properties: + EntityName: + $ref: '#/components/schemas/EntityName' + ErrorHandlingConfig: + $ref: '#/components/schemas/ErrorHandlingConfig' + WriteOperationType: + $ref: '#/components/schemas/WriteOperationType' + IdFieldNames: + description: List of fields used as ID when performing a write operation. + type: array + items: + type: string + CustomProperties: + $ref: '#/components/schemas/CustomProperties' + required: + - EntityName + additionalProperties: false + ZendeskDestinationProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + ErrorHandlingConfig: + $ref: '#/components/schemas/ErrorHandlingConfig' + IdFieldNames: + description: List of fields used as ID when performing a write operation. + type: array + items: + type: string + WriteOperationType: + $ref: '#/components/schemas/WriteOperationType' + required: + - Object + additionalProperties: false + RedshiftDestinationProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + IntermediateBucketName: + $ref: '#/components/schemas/BucketName' + BucketPrefix: + $ref: '#/components/schemas/BucketPrefix' + ErrorHandlingConfig: + $ref: '#/components/schemas/ErrorHandlingConfig' + required: + - Object + - IntermediateBucketName + additionalProperties: false + S3DestinationProperties: + type: object + properties: + BucketName: + $ref: '#/components/schemas/BucketName' + BucketPrefix: + $ref: '#/components/schemas/BucketPrefix' + S3OutputFormatConfig: + $ref: '#/components/schemas/S3OutputFormatConfig' + required: + - BucketName + additionalProperties: false + SAPODataDestinationProperties: + type: object + properties: + ObjectPath: + $ref: '#/components/schemas/Object' + ErrorHandlingConfig: + $ref: '#/components/schemas/ErrorHandlingConfig' + SuccessResponseHandlingConfig: + $ref: '#/components/schemas/SuccessResponseHandlingConfig' + IdFieldNames: + description: List of fields used as ID when performing a write operation. + type: array + items: + type: string + WriteOperationType: + $ref: '#/components/schemas/WriteOperationType' + required: + - ObjectPath + additionalProperties: false + SalesforceDestinationProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + ErrorHandlingConfig: + $ref: '#/components/schemas/ErrorHandlingConfig' + IdFieldNames: + description: List of fields used as ID when performing a write operation. + type: array + items: + type: string + WriteOperationType: + $ref: '#/components/schemas/WriteOperationType' + DataTransferApi: + $ref: '#/components/schemas/DataTransferApi' + required: + - Object + additionalProperties: false + SnowflakeDestinationProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + IntermediateBucketName: + $ref: '#/components/schemas/BucketName' + BucketPrefix: + $ref: '#/components/schemas/BucketPrefix' + ErrorHandlingConfig: + $ref: '#/components/schemas/ErrorHandlingConfig' + required: + - Object + - IntermediateBucketName + additionalProperties: false + EventBridgeDestinationProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + ErrorHandlingConfig: + $ref: '#/components/schemas/ErrorHandlingConfig' + required: + - Object + additionalProperties: false + UpsolverDestinationProperties: + type: object + properties: + BucketName: + $ref: '#/components/schemas/UpsolverBucketName' + BucketPrefix: + $ref: '#/components/schemas/BucketPrefix' + S3OutputFormatConfig: + $ref: '#/components/schemas/UpsolverS3OutputFormatConfig' + required: + - BucketName + - S3OutputFormatConfig + additionalProperties: false + LookoutMetricsDestinationProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + additionalProperties: false + MarketoDestinationProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + ErrorHandlingConfig: + $ref: '#/components/schemas/ErrorHandlingConfig' + required: + - Object + additionalProperties: false + DatetimeTypeFieldName: + description: Name of the datetime/timestamp data type field to be used for importing incremental records from the source + type: string + maxLength: 256 + TaskType: + type: string + enum: + - Arithmetic + - Filter + - Map + - Map_all + - Mask + - Merge + - Passthrough + - Truncate + - Validate + - Partition + OperatorPropertiesKeys: + type: string + enum: + - VALUE + - VALUES + - DATA_TYPE + - UPPER_BOUND + - LOWER_BOUND + - SOURCE_DATA_TYPE + - DESTINATION_DATA_TYPE + - VALIDATION_ACTION + - MASK_VALUE + - MASK_LENGTH + - TRUNCATE_LENGTH + - MATH_OPERATION_FIELDS_ORDER + - CONCAT_FORMAT + - SUBFIELD_CATEGORY_MAP + - EXCLUDE_SOURCE_FIELDS_LIST + - INCLUDE_NEW_FIELDS + - ORDERED_PARTITION_KEYS_LIST + TaskPropertiesObject: + description: An object used to store task related info + type: object + properties: + Key: + $ref: '#/components/schemas/OperatorPropertiesKeys' + Value: + type: string + maxLength: 2048 + pattern: .+ + required: + - Key + - Value + additionalProperties: false + AmplitudeConnectorOperator: + type: string + enum: + - BETWEEN + DatadogConnectorOperator: + type: string + enum: + - PROJECTION + - BETWEEN + - EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + DynatraceConnectorOperator: + type: string + enum: + - PROJECTION + - BETWEEN + - EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + GoogleAnalyticsConnectorOperator: + type: string + enum: + - PROJECTION + - BETWEEN + InforNexusConnectorOperator: + type: string + enum: + - PROJECTION + - BETWEEN + - EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + MarketoConnectorOperator: + type: string + enum: + - PROJECTION + - LESS_THAN + - GREATER_THAN + - BETWEEN + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + S3ConnectorOperator: + type: string + enum: + - PROJECTION + - LESS_THAN + - GREATER_THAN + - BETWEEN + - LESS_THAN_OR_EQUAL_TO + - GREATER_THAN_OR_EQUAL_TO + - EQUAL_TO + - NOT_EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + SAPODataConnectorOperator: + type: string + enum: + - PROJECTION + - LESS_THAN + - CONTAINS + - GREATER_THAN + - BETWEEN + - LESS_THAN_OR_EQUAL_TO + - GREATER_THAN_OR_EQUAL_TO + - EQUAL_TO + - NOT_EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + SalesforceConnectorOperator: + type: string + enum: + - PROJECTION + - LESS_THAN + - CONTAINS + - GREATER_THAN + - BETWEEN + - LESS_THAN_OR_EQUAL_TO + - GREATER_THAN_OR_EQUAL_TO + - EQUAL_TO + - NOT_EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + PardotConnectorOperator: + type: string + enum: + - PROJECTION + - EQUAL_TO + - NO_OP + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + ServiceNowConnectorOperator: + type: string + enum: + - PROJECTION + - LESS_THAN + - CONTAINS + - GREATER_THAN + - BETWEEN + - LESS_THAN_OR_EQUAL_TO + - GREATER_THAN_OR_EQUAL_TO + - EQUAL_TO + - NOT_EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + SingularConnectorOperator: + type: string + enum: + - PROJECTION + - EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + SlackConnectorOperator: + type: string + enum: + - PROJECTION + - BETWEEN + - EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + TrendmicroConnectorOperator: + type: string + enum: + - PROJECTION + - EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + VeevaConnectorOperator: + type: string + enum: + - PROJECTION + - LESS_THAN + - GREATER_THAN + - BETWEEN + - LESS_THAN_OR_EQUAL_TO + - GREATER_THAN_OR_EQUAL_TO + - EQUAL_TO + - NOT_EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + ZendeskConnectorOperator: + type: string + enum: + - PROJECTION + - GREATER_THAN + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + Operator: + type: string + enum: + - PROJECTION + - LESS_THAN + - GREATER_THAN + - CONTAINS + - BETWEEN + - LESS_THAN_OR_EQUAL_TO + - GREATER_THAN_OR_EQUAL_TO + - EQUAL_TO + - NOT_EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + Status: + type: string + enum: + - Active + - Draft + - Errored + - Suspended + DataTransferApi: + type: string + enum: + - AUTOMATIC + - BULKV2 + - REST_SYNC + SAPODataParallelismConfig: + description: SAP Source connector parallelism factor + type: object + properties: + maxParallelism: + $ref: '#/components/schemas/SAPODataMaxParallelism' + required: + - maxParallelism + additionalProperties: false + SAPODataPaginationConfig: + description: SAP Source connector page size + type: object + properties: + maxPageSize: + $ref: '#/components/schemas/SAPODataMaxPageSize' + required: + - maxPageSize + additionalProperties: false + SAPODataMaxParallelism: + type: integer + minimum: 1 + maximum: 10 + SAPODataMaxPageSize: + type: integer + minimum: 1 + maximum: 10000 + Flow: + type: object + properties: + FlowArn: + description: ARN identifier of the flow. + type: string + pattern: arn:aws:appflow:.*:[0-9]+:.* + maxLength: 512 + FlowName: + description: Name of the flow. + type: string + pattern: '[a-zA-Z0-9][\w!@#.-]+' + maxLength: 256 + minLength: 1 + Description: + description: Description of the flow. + type: string + pattern: '[\w!@#\-.?,\s]*' + maxLength: 2048 + KMSArn: + description: The ARN of the AWS Key Management Service (AWS KMS) key that's used to encrypt your function's environment variables. If it's not provided, AWS Lambda uses a default service key. + type: string + pattern: arn:aws:kms:.*:[0-9]+:.* + maxLength: 2048 + minLength: 20 + TriggerConfig: + description: Trigger settings of the flow. + $ref: '#/components/schemas/TriggerConfig' + FlowStatus: + description: Flow activation status for Scheduled- and Event-triggered flows + type: string + enum: + - Active + - Suspended + - Draft + SourceFlowConfig: + description: Configurations of Source connector of the flow. + $ref: '#/components/schemas/SourceFlowConfig' + DestinationFlowConfigList: + description: List of Destination connectors of the flow. + type: array + items: + $ref: '#/components/schemas/DestinationFlowConfig' + Tasks: + description: List of tasks for the flow. + type: array + items: + $ref: '#/components/schemas/Task' + Tags: + description: List of Tags. + type: array + items: + $ref: '#/components/schemas/Tag' + MetadataCatalogConfig: + description: Configurations of metadata catalog of the flow. + $ref: '#/components/schemas/MetadataCatalogConfig' + required: + - FlowName + - Tasks + - SourceFlowConfig + - DestinationFlowConfigList + - TriggerConfig + x-stackql-resource-name: flow + description: Resource schema for AWS::AppFlow::Flow. + x-type-name: AWS::AppFlow::Flow + x-stackql-primary-identifier: + - FlowName + x-create-only-properties: + - FlowName + - KMSArn + x-read-only-properties: + - FlowArn + x-required-properties: + - FlowName + - Tasks + - SourceFlowConfig + - DestinationFlowConfigList + - TriggerConfig + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - appflow:CreateFlow + - appflow:StartFlow + - appflow:TagResource + - appflow:ListTagsForResource + - appflow:UseConnectorProfile + - iam:PassRole + - s3:ListAllMyBuckets + - s3:GetBucketLocation + - s3:GetBucketPolicy + - kms:ListGrants + - kms:ListKeys + - kms:DescribeKey + - kms:ListAliases + - kms:CreateGrant + - secretsmanager:CreateSecret + - secretsmanager:PutResourcePolicy + read: + - appflow:DescribeFlow + - appflow:ListTagsForResource + update: + - appflow:UpdateFlow + - appflow:StartFlow + - appflow:StopFlow + - appflow:TagResource + - appflow:UntagResource + - appflow:ListTagsForResource + - appflow:UseConnectorProfile + - iam:PassRole + - s3:ListAllMyBuckets + - s3:GetBucketLocation + - s3:GetBucketPolicy + - kms:ListGrants + - secretsmanager:CreateSecret + - secretsmanager:PutResourcePolicy + delete: + - appflow:DeleteFlow + list: + - appflow:ListFlows + x-stackQL-resources: + connectors: + name: connectors + id: aws.appflow.connectors + x-cfn-schema-name: Connector + x-type: list + x-identifiers: + - ConnectorLabel + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConnectorLabel') as connector_label + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppFlow::Connector' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConnectorLabel') as connector_label + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppFlow::Connector' + AND region = 'us-east-1' + connector: + name: connector + id: aws.appflow.connector + x-cfn-schema-name: Connector + x-type: get + x-identifiers: + - ConnectorLabel + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ConnectorLabel') as connector_label, + JSON_EXTRACT(Properties, '$.ConnectorArn') as connector_arn, + JSON_EXTRACT(Properties, '$.ConnectorProvisioningType') as connector_provisioning_type, + JSON_EXTRACT(Properties, '$.ConnectorProvisioningConfig') as connector_provisioning_config, + JSON_EXTRACT(Properties, '$.Description') as description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppFlow::Connector' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ConnectorLabel') as connector_label, + json_extract_path_text(Properties, 'ConnectorArn') as connector_arn, + json_extract_path_text(Properties, 'ConnectorProvisioningType') as connector_provisioning_type, + json_extract_path_text(Properties, 'ConnectorProvisioningConfig') as connector_provisioning_config, + json_extract_path_text(Properties, 'Description') as description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppFlow::Connector' + AND data__Identifier = '' + AND region = 'us-east-1' + connector_profiles: + name: connector_profiles + id: aws.appflow.connector_profiles + x-cfn-schema-name: ConnectorProfile + x-type: list + x-identifiers: + - ConnectorProfileName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConnectorProfileName') as connector_profile_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppFlow::ConnectorProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConnectorProfileName') as connector_profile_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppFlow::ConnectorProfile' + AND region = 'us-east-1' + connector_profile: + name: connector_profile + id: aws.appflow.connector_profile + x-cfn-schema-name: ConnectorProfile + x-type: get + x-identifiers: + - ConnectorProfileName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ConnectorProfileArn') as connector_profile_arn, + JSON_EXTRACT(Properties, '$.ConnectorLabel') as connector_label, + JSON_EXTRACT(Properties, '$.ConnectorProfileName') as connector_profile_name, + JSON_EXTRACT(Properties, '$.KMSArn') as kms_arn, + JSON_EXTRACT(Properties, '$.ConnectorType') as connector_type, + JSON_EXTRACT(Properties, '$.ConnectionMode') as connection_mode, + JSON_EXTRACT(Properties, '$.ConnectorProfileConfig') as connector_profile_config, + JSON_EXTRACT(Properties, '$.CredentialsArn') as credentials_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppFlow::ConnectorProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ConnectorProfileArn') as connector_profile_arn, + json_extract_path_text(Properties, 'ConnectorLabel') as connector_label, + json_extract_path_text(Properties, 'ConnectorProfileName') as connector_profile_name, + json_extract_path_text(Properties, 'KMSArn') as kms_arn, + json_extract_path_text(Properties, 'ConnectorType') as connector_type, + json_extract_path_text(Properties, 'ConnectionMode') as connection_mode, + json_extract_path_text(Properties, 'ConnectorProfileConfig') as connector_profile_config, + json_extract_path_text(Properties, 'CredentialsArn') as credentials_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppFlow::ConnectorProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + flows: + name: flows + id: aws.appflow.flows + x-cfn-schema-name: Flow + x-type: list + x-identifiers: + - FlowName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FlowName') as flow_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppFlow::Flow' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FlowName') as flow_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppFlow::Flow' + AND region = 'us-east-1' + flow: + name: flow + id: aws.appflow.flow + x-cfn-schema-name: Flow + x-type: get + x-identifiers: + - FlowName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FlowArn') as flow_arn, + JSON_EXTRACT(Properties, '$.FlowName') as flow_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.KMSArn') as kms_arn, + JSON_EXTRACT(Properties, '$.TriggerConfig') as trigger_config, + JSON_EXTRACT(Properties, '$.FlowStatus') as flow_status, + JSON_EXTRACT(Properties, '$.SourceFlowConfig') as source_flow_config, + JSON_EXTRACT(Properties, '$.DestinationFlowConfigList') as destination_flow_config_list, + JSON_EXTRACT(Properties, '$.Tasks') as tasks, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.MetadataCatalogConfig') as metadata_catalog_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppFlow::Flow' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FlowArn') as flow_arn, + json_extract_path_text(Properties, 'FlowName') as flow_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'KMSArn') as kms_arn, + json_extract_path_text(Properties, 'TriggerConfig') as trigger_config, + json_extract_path_text(Properties, 'FlowStatus') as flow_status, + json_extract_path_text(Properties, 'SourceFlowConfig') as source_flow_config, + json_extract_path_text(Properties, 'DestinationFlowConfigList') as destination_flow_config_list, + json_extract_path_text(Properties, 'Tasks') as tasks, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'MetadataCatalogConfig') as metadata_catalog_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppFlow::Flow' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/appintegrations.yaml b/providers/src/aws/v00.00.00000/services/appintegrations.yaml new file mode 100644 index 00000000..22e5b4b2 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/appintegrations.yaml @@ -0,0 +1,666 @@ +openapi: 3.0.0 +info: + title: AppIntegrations + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + properties: + Key: + description: A key to identify the tag. + type: string + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + minLength: 1 + maxLength: 128 + Value: + description: Corresponding tag value for the key. + type: string + minLength: 0 + maxLength: 256 + additionalProperties: false + required: + - Key + - Value + ExternalUrlConfig: + type: object + additionalProperties: false + required: + - AccessUrl + - ApprovedOrigins + properties: + AccessUrl: + type: string + pattern: ^\w+\:\/\/.*$ + minLength: 1 + maxLength: 1000 + ApprovedOrigins: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ApprovedOrigins' + minItems: 0 + maxItems: 50 + ApprovedOrigins: + type: string + pattern: ^\w+\:\/\/.*$ + minLength: 1 + maxLength: 1000 + Permissions: + type: string + pattern: ^[a-zA-Z0-9\/\._\-\*]+$ + minLength: 1 + maxLength: 255 + Application: + type: object + properties: + Name: + description: The name of the application. + type: string + pattern: ^[a-zA-Z0-9/\._\-]+$ + minLength: 1 + maxLength: 255 + Id: + description: The id of the application. + type: string + pattern: ^[a-zA-Z0-9/\._\-]+$ + minLength: 1 + maxLength: 255 + Namespace: + description: The namespace of the application. + type: string + pattern: ^[a-zA-Z0-9/\._\-]+$ + minLength: 1 + maxLength: 255 + Description: + description: The application description. + type: string + minLength: 1 + maxLength: 1000 + ApplicationArn: + description: The Amazon Resource Name (ARN) of the application. + pattern: ^arn:aws[-a-z0-9]*:app-integrations:[-a-z0-9]*:[0-9]{12}:application/[-a-zA-Z0-9]* + type: string + minLength: 1 + maxLength: 2048 + ApplicationSourceConfig: + description: Application source config + type: object + additionalProperties: false + properties: + ExternalUrlConfig: + $ref: '#/components/schemas/ExternalUrlConfig' + required: + - ExternalUrlConfig + Permissions: + description: The configuration of events or requests that the application has access to. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Permissions' + minItems: 0 + maxItems: 150 + Tags: + description: The tags (keys and values) associated with the application. + type: array + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 200 + required: + - Name + - Description + - ApplicationSourceConfig + x-stackql-resource-name: application + description: Resource Type definition for AWS:AppIntegrations::Application + x-type-name: AWS::AppIntegrations::Application + x-stackql-primary-identifier: + - ApplicationArn + x-read-only-properties: + - ApplicationArn + - Id + x-required-properties: + - Name + - Description + - ApplicationSourceConfig + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - app-integrations:CreateApplication + - app-integrations:TagResource + read: + - app-integrations:GetApplication + list: + - app-integrations:ListApplications + - app-integrations:ListTagsForResource + update: + - app-integrations:GetApplication + - app-integrations:UpdateApplication + - app-integrations:TagResource + - app-integrations:UntagResource + delete: + - app-integrations:DeleteApplication + ScheduleConfig: + type: object + properties: + FirstExecutionFrom: + description: The start date for objects to import in the first flow run. Epoch or ISO timestamp format is supported. + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 255 + Object: + description: The name of the object to pull from the data source. + type: string + pattern: ^[a-zA-Z0-9/\._\-]+$ + minLength: 1 + maxLength: 255 + ScheduleExpression: + description: How often the data should be pulled from data source. + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 255 + additionalProperties: false + required: + - ScheduleExpression + FileConfiguration: + description: The configuration for what files should be pulled from the source. + type: object + properties: + Folders: + description: Identifiers for the source folders to pull all files from recursively. + type: array + minItems: 1 + maxItems: 10 + items: + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 200 + Filters: + description: Restrictions for what files should be pulled from the source. + type: object + x-patternProperties: + ^[A-Za-z]: + type: array + minItems: 1 + maxItems: 2048 + items: + type: string + maxLength: 255 + minLength: 1 + additionalProperties: false + additionalProperties: false + required: + - Folders + ObjectConfiguration: + description: The configuration for what data should be pulled from the source. + type: object + x-patternProperties: + ^.+$: + type: object + patternProperties: + ^[A-Za-z]: + type: array + minItems: 1 + maxItems: 2048 + items: + type: string + maxLength: 255 + minLength: 1 + additionalProperties: false + additionalProperties: false + DataIntegration: + type: object + properties: + Description: + description: The data integration description. + type: string + minLength: 1 + maxLength: 1000 + Id: + description: The unique identifer of the data integration. + type: string + pattern: '[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}' + minLength: 1 + maxLength: 255 + DataIntegrationArn: + description: The Amazon Resource Name (ARN) of the data integration. + type: string + pattern: ^arn:aws[-a-z]*:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ + minLength: 1 + maxLength: 2048 + Name: + description: The name of the data integration. + type: string + pattern: ^[a-zA-Z0-9/\._\-]+$ + minLength: 1 + maxLength: 255 + KmsKey: + description: The KMS key of the data integration. + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 255 + ScheduleConfig: + description: The name of the data and how often it should be pulled from the source. + $ref: '#/components/schemas/ScheduleConfig' + SourceURI: + description: The URI of the data source. + type: string + pattern: ^(\w+\:\/\/[\w.-]+[\w/!@#+=.-]+$)|(\w+\:\/\/[\w.-]+[\w/!@#+=.-]+[\w/!@#+=.-]+[\w/!@#+=.,-]+$) + minLength: 1 + maxLength: 1000 + Tags: + description: The tags (keys and values) associated with the data integration. + type: array + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 200 + FileConfiguration: + description: The configuration for what files should be pulled from the source. + $ref: '#/components/schemas/FileConfiguration' + ObjectConfiguration: + description: The configuration for what data should be pulled from the source. + $ref: '#/components/schemas/ObjectConfiguration' + required: + - Name + - KmsKey + - SourceURI + x-stackql-resource-name: data_integration + description: Resource Type definition for AWS::AppIntegrations::DataIntegration + x-type-name: AWS::AppIntegrations::DataIntegration + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - KmsKey + - ScheduleConfig + - SourceURI + x-read-only-properties: + - Id + - DataIntegrationArn + x-required-properties: + - Name + - KmsKey + - SourceURI + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - app-integrations:CreateDataIntegration + - app-integrations:TagResource + - appflow:DescribeConnectorProfiles + - appflow:CreateFlow + - appflow:DeleteFlow + - appflow:DescribeConnectorEntity + - appflow:UseConnectorProfile + - appflow:TagResource + - appflow:UntagResource + - kms:CreateGrant + - kms:DescribeKey + - kms:ListAliases + - kms:ListGrants + - kms:ListKeys + - s3:GetBucketNotification + - s3:PutBucketNotification + - s3:GetEncryptionConfiguration + read: + - app-integrations:GetDataIntegration + - app-integrations:ListTagsForResource + list: + - app-integrations:ListDataIntegrations + update: + - app-integrations:GetDataIntegration + - app-integrations:UpdateDataIntegration + - app-integrations:TagResource + - app-integrations:UntagResource + - appflow:DescribeConnectorProfiles + - appflow:DeleteFlow + - appflow:DescribeConnectorEntity + - appflow:UseConnectorProfile + - appflow:TagResource + - appflow:UntagResource + - kms:CreateGrant + - kms:DescribeKey + - kms:ListAliases + - kms:ListGrants + - kms:ListKeys + delete: + - app-integrations:DeleteDataIntegration + - app-integrations:UntagResource + - appflow:CreateFlow + - appflow:DeleteFlow + - appflow:DescribeConnectorEntity + - appflow:UseConnectorProfile + - appflow:TagResource + - appflow:UntagResource + - kms:CreateGrant + - kms:DescribeKey + - kms:ListAliases + - kms:ListGrants + - kms:ListKeys + EventFilter: + type: object + properties: + Source: + description: The source of the events. + type: string + pattern: ^aws\.partner\/.*$ + minLength: 1 + maxLength: 256 + additionalProperties: false + required: + - Source + Metadata: + type: object + properties: + Key: + description: A key to identify the metadata. + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 255 + Value: + description: Corresponding metadata value for the key. + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 255 + additionalProperties: false + required: + - Key + - Value + EventIntegration: + type: object + properties: + Description: + description: The event integration description. + type: string + minLength: 1 + maxLength: 1000 + EventIntegrationArn: + description: The Amazon Resource Name (ARN) of the event integration. + type: string + pattern: ^arn:aws[-a-z]*:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ + minLength: 1 + maxLength: 2048 + Name: + description: The name of the event integration. + type: string + pattern: ^[a-zA-Z0-9/\._\-]+$ + minLength: 1 + maxLength: 255 + EventBridgeBus: + description: The Amazon Eventbridge bus for the event integration. + type: string + pattern: ^[a-zA-Z0-9/\._\-]+$ + minLength: 1 + maxLength: 255 + EventFilter: + description: The EventFilter (source) associated with the event integration. + $ref: '#/components/schemas/EventFilter' + Tags: + description: The tags (keys and values) associated with the event integration. + type: array + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 200 + required: + - Name + - EventBridgeBus + - EventFilter + x-stackql-resource-name: event_integration + description: Resource Type definition for AWS::AppIntegrations::EventIntegration + x-type-name: AWS::AppIntegrations::EventIntegration + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - EventBridgeBus + - EventFilter + x-read-only-properties: + - EventIntegrationArn + x-required-properties: + - Name + - EventBridgeBus + - EventFilter + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - app-integrations:CreateEventIntegration + - app-integrations:TagResource + read: + - app-integrations:GetEventIntegration + - app-integrations:ListTagsForResource + list: + - app-integrations:ListEventIntegrations + update: + - app-integrations:GetEventIntegration + - app-integrations:UpdateEventIntegration + - app-integrations:TagResource + - app-integrations:UntagResource + delete: + - app-integrations:DeleteEventIntegration + x-stackQL-resources: + applications: + name: applications + id: aws.appintegrations.applications + x-cfn-schema-name: Application + x-type: list + x-identifiers: + - ApplicationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationArn') as application_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppIntegrations::Application' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationArn') as application_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppIntegrations::Application' + AND region = 'us-east-1' + application: + name: application + id: aws.appintegrations.application + x-cfn-schema-name: Application + x-type: get + x-identifiers: + - ApplicationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Namespace') as namespace, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ApplicationArn') as application_arn, + JSON_EXTRACT(Properties, '$.ApplicationSourceConfig') as application_source_config, + JSON_EXTRACT(Properties, '$.Permissions') as permissions, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppIntegrations::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Namespace') as namespace, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ApplicationArn') as application_arn, + json_extract_path_text(Properties, 'ApplicationSourceConfig') as application_source_config, + json_extract_path_text(Properties, 'Permissions') as permissions, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppIntegrations::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + data_integrations: + name: data_integrations + id: aws.appintegrations.data_integrations + x-cfn-schema-name: DataIntegration + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppIntegrations::DataIntegration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppIntegrations::DataIntegration' + AND region = 'us-east-1' + data_integration: + name: data_integration + id: aws.appintegrations.data_integration + x-cfn-schema-name: DataIntegration + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.DataIntegrationArn') as data_integration_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.KmsKey') as kms_key, + JSON_EXTRACT(Properties, '$.ScheduleConfig') as schedule_config, + JSON_EXTRACT(Properties, '$.SourceURI') as source_uri, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.FileConfiguration') as file_configuration, + JSON_EXTRACT(Properties, '$.ObjectConfiguration') as object_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppIntegrations::DataIntegration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'DataIntegrationArn') as data_integration_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'KmsKey') as kms_key, + json_extract_path_text(Properties, 'ScheduleConfig') as schedule_config, + json_extract_path_text(Properties, 'SourceURI') as source_uri, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'FileConfiguration') as file_configuration, + json_extract_path_text(Properties, 'ObjectConfiguration') as object_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppIntegrations::DataIntegration' + AND data__Identifier = '' + AND region = 'us-east-1' + event_integrations: + name: event_integrations + id: aws.appintegrations.event_integrations + x-cfn-schema-name: EventIntegration + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppIntegrations::EventIntegration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppIntegrations::EventIntegration' + AND region = 'us-east-1' + event_integration: + name: event_integration + id: aws.appintegrations.event_integration + x-cfn-schema-name: EventIntegration + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EventIntegrationArn') as event_integration_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.EventBridgeBus') as event_bridge_bus, + JSON_EXTRACT(Properties, '$.EventFilter') as event_filter, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppIntegrations::EventIntegration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EventIntegrationArn') as event_integration_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'EventBridgeBus') as event_bridge_bus, + json_extract_path_text(Properties, 'EventFilter') as event_filter, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppIntegrations::EventIntegration' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/applicationautoscaling.yaml b/providers/src/aws/v00.00.00000/services/applicationautoscaling.yaml new file mode 100644 index 00000000..e035fad8 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/applicationautoscaling.yaml @@ -0,0 +1,567 @@ +openapi: 3.0.0 +info: + title: ApplicationAutoScaling + version: 1.0.0 +paths: {} +components: + schemas: + SuspendedState: + type: object + additionalProperties: false + description: specifies whether the scaling activities for a scalable target are in a suspended state + properties: + ScheduledScalingSuspended: + type: boolean + DynamicScalingOutSuspended: + type: boolean + DynamicScalingInSuspended: + type: boolean + ScheduledAction: + type: object + additionalProperties: false + description: specifies a scheduled action for a scalable target + properties: + Timezone: + type: string + ScheduledActionName: + type: string + EndTime: + type: string + Schedule: + type: string + StartTime: + type: string + ScalableTargetAction: + $ref: '#/components/schemas/ScalableTargetAction' + required: + - ScheduledActionName + - Schedule + ScalableTargetAction: + type: object + additionalProperties: false + description: specifies the minimum and maximum capacity + properties: + MinCapacity: + type: integer + MaxCapacity: + type: integer + ScalableTarget: + type: object + properties: + Id: + description: This value can be returned by using the Ref function. Ref returns the Cloudformation generated ID of the resource in format - ResourceId|ScalableDimension|ServiceNamespace + type: string + MaxCapacity: + description: The maximum value that you plan to scale in to. When a scaling policy is in effect, Application Auto Scaling can scale in (contract) as needed to the minimum capacity limit in response to changing demand + type: integer + MinCapacity: + description: The minimum value that you plan to scale in to. When a scaling policy is in effect, Application Auto Scaling can scale in (contract) as needed to the minimum capacity limit in response to changing demand + type: integer + ResourceId: + description: The identifier of the resource associated with the scalable target + type: string + RoleARN: + description: 'Specify the Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that allows Application Auto Scaling to modify the scalable target on your behalf. ' + type: string + ScalableDimension: + description: The scalable dimension associated with the scalable target. This string consists of the service namespace, resource type, and scaling property + type: string + ScheduledActions: + description: The scheduled actions for the scalable target. Duplicates aren't allowed. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/ScheduledAction' + ServiceNamespace: + description: The namespace of the AWS service that provides the resource, or a custom-resource + type: string + SuspendedState: + description: An embedded object that contains attributes and attribute values that are used to suspend and resume automatic scaling. Setting the value of an attribute to true suspends the specified scaling activities. Setting it to false (default) resumes the specified scaling activities. + $ref: '#/components/schemas/SuspendedState' + required: + - ResourceId + - ServiceNamespace + - ScalableDimension + - MinCapacity + - MaxCapacity + x-stackql-resource-name: scalable_target + description: Resource Type definition for AWS::ApplicationAutoScaling::ScalableTarget + x-type-name: AWS::ApplicationAutoScaling::ScalableTarget + x-stackql-primary-identifier: + - ResourceId + - ScalableDimension + - ServiceNamespace + x-create-only-properties: + - ResourceId + - ScalableDimension + - ServiceNamespace + x-write-only-properties: + - RoleARN + x-read-only-properties: + - Id + x-required-properties: + - ResourceId + - ServiceNamespace + - ScalableDimension + - MinCapacity + - MaxCapacity + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - application-autoscaling:DescribeScalableTargets + - application-autoscaling:RegisterScalableTarget + - application-autoscaling:DescribeScheduledActions + - application-autoscaling:PutScheduledAction + - iam:PassRole + - iam:CreateServiceLinkedRole + - cloudwatch:PutMetricAlarm + - cloudwatch:DeleteAlarms + - cloudwatch:DescribeAlarms + - lambda:GetProvisionedConcurrencyConfig + - lambda:PutProvisionedConcurrencyConfig + - lambda:DeleteProvisionedConcurrencyConfig + read: + - application-autoscaling:DescribeScalableTargets + - application-autoscaling:DescribeScheduledActions + list: + - application-autoscaling:DescribeScalableTargets + update: + - application-autoscaling:RegisterScalableTarget + - application-autoscaling:DescribeScalableTargets + - application-autoscaling:DescribeScheduledActions + - application-autoscaling:DeleteScheduledAction + - application-autoscaling:PutScheduledAction + - cloudwatch:PutMetricAlarm + - cloudwatch:DeleteAlarms + - cloudwatch:DescribeAlarms + - lambda:GetProvisionedConcurrencyConfig + - lambda:PutProvisionedConcurrencyConfig + - lambda:DeleteProvisionedConcurrencyConfig + delete: + - application-autoscaling:DeregisterScalableTarget + StepScalingPolicyConfiguration: + description: A step scaling policy. + type: object + additionalProperties: false + properties: + AdjustmentType: + description: Specifies how the ScalingAdjustment value in a StepAdjustment is interpreted. + type: string + Cooldown: + description: The amount of time, in seconds, to wait for a previous scaling activity to take effect. + type: integer + MetricAggregationType: + description: The aggregation type for the CloudWatch metrics. Valid values are Minimum, Maximum, and Average. If the aggregation type is null, the value is treated as Average + type: string + MinAdjustmentMagnitude: + description: The minimum value to scale by when the adjustment type is PercentChangeInCapacity. + type: integer + StepAdjustments: + description: A set of adjustments that enable you to scale based on the size of the alarm breach. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/StepAdjustment' + TargetTrackingScalingPolicyConfiguration: + description: A target tracking scaling policy. + type: object + additionalProperties: false + properties: + CustomizedMetricSpecification: + description: A customized metric. You can specify either a predefined metric or a customized metric. + $ref: '#/components/schemas/CustomizedMetricSpecification' + DisableScaleIn: + description: Indicates whether scale in by the target tracking scaling policy is disabled. If the value is true, scale in is disabled and the target tracking scaling policy won't remove capacity from the scalable target. Otherwise, scale in is enabled and the target tracking scaling policy can remove capacity from the scalable target. The default value is false. + type: boolean + PredefinedMetricSpecification: + description: A predefined metric. You can specify either a predefined metric or a customized metric. + $ref: '#/components/schemas/PredefinedMetricSpecification' + ScaleInCooldown: + description: The amount of time, in seconds, after a scale-in activity completes before another scale-in activity can start. + type: integer + ScaleOutCooldown: + description: The amount of time, in seconds, to wait for a previous scale-out activity to take effect. + type: integer + TargetValue: + description: The target value for the metric. Although this property accepts numbers of type Double, it won't accept values that are either too small or too large. Values must be in the range of -2^360 to 2^360. The value must be a valid number based on the choice of metric. For example, if the metric is CPU utilization, then the target value is a percent value that represents how much of the CPU can be used before scaling out. + type: number + required: + - TargetValue + PredefinedMetricSpecification: + description: Represents a predefined metric for a target tracking scaling policy to use with Application Auto Scaling. + type: object + additionalProperties: false + properties: + PredefinedMetricType: + description: The metric type. The ALBRequestCountPerTarget metric type applies only to Spot Fleets and ECS services. + type: string + ResourceLabel: + description: Identifies the resource associated with the metric type. You can't specify a resource label unless the metric type is ALBRequestCountPerTarget and there is a target group attached to the Spot Fleet or ECS service. + type: string + required: + - PredefinedMetricType + CustomizedMetricSpecification: + description: Represents a CloudWatch metric of your choosing for a target tracking scaling policy to use with Application Auto Scaling. + type: object + additionalProperties: false + properties: + Dimensions: + description: The dimensions of the metric. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/MetricDimension' + MetricName: + description: The name of the metric. To get the exact metric name, namespace, and dimensions, inspect the Metric object that is returned by a call to ListMetrics. + type: string + Namespace: + description: The namespace of the metric. + type: string + Statistic: + description: The statistic of the metric. + type: string + Unit: + description: The unit of the metric. For a complete list of the units that CloudWatch supports, see the MetricDatum data type in the Amazon CloudWatch API Reference. + type: string + Metrics: + description: The metrics to include in the target tracking scaling policy, as a metric data query. This can include both raw metric and metric math expressions. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/TargetTrackingMetricDataQuery' + TargetTrackingMetricDataQuery: + description: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp. + type: object + additionalProperties: false + properties: + Expression: + description: The math expression to perform on the returned data, if this object is performing a math expression. + type: string + Id: + description: A short name that identifies the object's results in the response. + type: string + Label: + description: A human-readable label for this metric or expression. This is especially useful if this is a math expression, so that you know what the value represents. + type: string + ReturnData: + description: Indicates whether to return the timestamps and raw data values of this metric. + type: boolean + MetricStat: + description: Information about the metric data to return. + $ref: '#/components/schemas/TargetTrackingMetricStat' + TargetTrackingMetricStat: + description: This structure defines the CloudWatch metric to return, along with the statistic, period, and unit. + type: object + additionalProperties: false + properties: + Metric: + description: 'The CloudWatch metric to return, including the metric name, namespace, and dimensions. ' + $ref: '#/components/schemas/TargetTrackingMetric' + Stat: + description: The statistic to return. It can include any CloudWatch statistic or extended statistic. + type: string + Unit: + description: The unit to use for the returned data points. + type: string + TargetTrackingMetric: + description: Represents a specific metric. + type: object + additionalProperties: false + properties: + Dimensions: + description: The dimensions for the metric. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/TargetTrackingMetricDimension' + MetricName: + description: The name of the metric. + type: string + Namespace: + description: The namespace of the metric. + type: string + TargetTrackingMetricDimension: + description: Describes the dimension of a metric. + type: object + additionalProperties: false + properties: + Name: + description: The name of the dimension. + type: string + Value: + description: The value of the dimension. + type: string + StepAdjustment: + description: Represents a step adjustment for a StepScalingPolicyConfiguration. Describes an adjustment based on the difference between the value of the aggregated CloudWatch metric and the breach threshold that you've defined for the alarm. + type: object + additionalProperties: false + properties: + MetricIntervalLowerBound: + description: The lower bound for the difference between the alarm threshold and the CloudWatch metric. If the metric value is above the breach threshold, the lower bound is inclusive (the metric must be greater than or equal to the threshold plus the lower bound). Otherwise, it is exclusive (the metric must be greater than the threshold plus the lower bound). A null value indicates negative infinity. + type: number + MetricIntervalUpperBound: + description: The upper bound for the difference between the alarm threshold and the CloudWatch metric. If the metric value is above the breach threshold, the upper bound is exclusive (the metric must be less than the threshold plus the upper bound). Otherwise, it is inclusive (the metric must be less than or equal to the threshold plus the upper bound). A null value indicates positive infinity. + type: number + ScalingAdjustment: + description: The amount by which to scale, based on the specified adjustment type. A positive value adds to the current capacity while a negative number removes from the current capacity. For exact capacity, you must specify a positive value. + type: integer + required: + - ScalingAdjustment + MetricDimension: + description: Describes the dimension names and values associated with a metric. + type: object + additionalProperties: false + properties: + Name: + description: The name of the dimension. + type: string + Value: + description: The value of the dimension. + type: string + required: + - Value + - Name + ScalingPolicy: + type: object + properties: + PolicyName: + description: |- + The name of the scaling policy. + + Updates to the name of a target tracking scaling policy are not supported, unless you also update the metric used for scaling. To change only a target tracking scaling policy's name, first delete the policy by removing the existing AWS::ApplicationAutoScaling::ScalingPolicy resource from the template and updating the stack. Then, recreate the resource with the same settings and a different name. + type: string + PolicyType: + description: |- + The scaling policy type. + + The following policy types are supported: + + TargetTrackingScaling Not supported for Amazon EMR + + StepScaling Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or Neptune. + type: string + ResourceId: + description: The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier. + type: string + ScalableDimension: + description: The scalable dimension. This string consists of the service namespace, resource type, and scaling property. + type: string + ScalingTargetId: + description: The CloudFormation-generated ID of an Application Auto Scaling scalable target. For more information about the ID, see the Return Value section of the AWS::ApplicationAutoScaling::ScalableTarget resource. + type: string + ServiceNamespace: + description: The namespace of the AWS service that provides the resource, or a custom-resource. + type: string + StepScalingPolicyConfiguration: + description: A step scaling policy. + $ref: '#/components/schemas/StepScalingPolicyConfiguration' + TargetTrackingScalingPolicyConfiguration: + description: A target tracking scaling policy. + $ref: '#/components/schemas/TargetTrackingScalingPolicyConfiguration' + Arn: + description: ARN is a read only property for the resource. + type: string + required: + - PolicyName + - PolicyType + x-stackql-resource-name: scaling_policy + description: Resource Type definition for AWS::ApplicationAutoScaling::ScalingPolicy + x-type-name: AWS::ApplicationAutoScaling::ScalingPolicy + x-stackql-primary-identifier: + - Arn + - ScalableDimension + x-create-only-properties: + - PolicyName + - ServiceNamespace + - ResourceId + - ScalableDimension + - ScalingTargetId + x-write-only-properties: + - TargetTrackingScalingPolicyConfiguration/PredefinedMetricSpecification/ResourceLabel + - ScalingTargetId + x-read-only-properties: + - Arn + x-required-properties: + - PolicyName + - PolicyType + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - application-autoscaling:DescribeScalingPolicies + - application-autoscaling:PutScalingPolicy + read: + - application-autoscaling:DescribeScalingPolicies + update: + - application-autoscaling:DescribeScalingPolicies + - application-autoscaling:PutScalingPolicy + delete: + - application-autoscaling:DescribeScalingPolicies + - application-autoscaling:DeleteScalingPolicy + list: + - application-autoscaling:DescribeScalingPolicies + x-stackQL-resources: + scalable_targets: + name: scalable_targets + id: aws.applicationautoscaling.scalable_targets + x-cfn-schema-name: ScalableTarget + x-type: list + x-identifiers: + - ResourceId + - ScalableDimension + - ServiceNamespace + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, + JSON_EXTRACT(Properties, '$.ScalableDimension') as scalable_dimension, + JSON_EXTRACT(Properties, '$.ServiceNamespace') as service_namespace + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApplicationAutoScaling::ScalableTarget' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ResourceId') as resource_id, + json_extract_path_text(Properties, 'ScalableDimension') as scalable_dimension, + json_extract_path_text(Properties, 'ServiceNamespace') as service_namespace + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApplicationAutoScaling::ScalableTarget' + AND region = 'us-east-1' + scalable_target: + name: scalable_target + id: aws.applicationautoscaling.scalable_target + x-cfn-schema-name: ScalableTarget + x-type: get + x-identifiers: + - ResourceId + - ScalableDimension + - ServiceNamespace + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.MaxCapacity') as max_capacity, + JSON_EXTRACT(Properties, '$.MinCapacity') as min_capacity, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, + JSON_EXTRACT(Properties, '$.RoleARN') as role_arn, + JSON_EXTRACT(Properties, '$.ScalableDimension') as scalable_dimension, + JSON_EXTRACT(Properties, '$.ScheduledActions') as scheduled_actions, + JSON_EXTRACT(Properties, '$.ServiceNamespace') as service_namespace, + JSON_EXTRACT(Properties, '$.SuspendedState') as suspended_state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApplicationAutoScaling::ScalableTarget' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'MaxCapacity') as max_capacity, + json_extract_path_text(Properties, 'MinCapacity') as min_capacity, + json_extract_path_text(Properties, 'ResourceId') as resource_id, + json_extract_path_text(Properties, 'RoleARN') as role_arn, + json_extract_path_text(Properties, 'ScalableDimension') as scalable_dimension, + json_extract_path_text(Properties, 'ScheduledActions') as scheduled_actions, + json_extract_path_text(Properties, 'ServiceNamespace') as service_namespace, + json_extract_path_text(Properties, 'SuspendedState') as suspended_state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApplicationAutoScaling::ScalableTarget' + AND data__Identifier = '||' + AND region = 'us-east-1' + scaling_policies: + name: scaling_policies + id: aws.applicationautoscaling.scaling_policies + x-cfn-schema-name: ScalingPolicy + x-type: list + x-identifiers: + - Arn + - ScalableDimension + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ScalableDimension') as scalable_dimension + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApplicationAutoScaling::ScalingPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ScalableDimension') as scalable_dimension + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApplicationAutoScaling::ScalingPolicy' + AND region = 'us-east-1' + scaling_policy: + name: scaling_policy + id: aws.applicationautoscaling.scaling_policy + x-cfn-schema-name: ScalingPolicy + x-type: get + x-identifiers: + - Arn + - ScalableDimension + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, + JSON_EXTRACT(Properties, '$.PolicyType') as policy_type, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, + JSON_EXTRACT(Properties, '$.ScalableDimension') as scalable_dimension, + JSON_EXTRACT(Properties, '$.ScalingTargetId') as scaling_target_id, + JSON_EXTRACT(Properties, '$.ServiceNamespace') as service_namespace, + JSON_EXTRACT(Properties, '$.StepScalingPolicyConfiguration') as step_scaling_policy_configuration, + JSON_EXTRACT(Properties, '$.TargetTrackingScalingPolicyConfiguration') as target_tracking_scaling_policy_configuration, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApplicationAutoScaling::ScalingPolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PolicyName') as policy_name, + json_extract_path_text(Properties, 'PolicyType') as policy_type, + json_extract_path_text(Properties, 'ResourceId') as resource_id, + json_extract_path_text(Properties, 'ScalableDimension') as scalable_dimension, + json_extract_path_text(Properties, 'ScalingTargetId') as scaling_target_id, + json_extract_path_text(Properties, 'ServiceNamespace') as service_namespace, + json_extract_path_text(Properties, 'StepScalingPolicyConfiguration') as step_scaling_policy_configuration, + json_extract_path_text(Properties, 'TargetTrackingScalingPolicyConfiguration') as target_tracking_scaling_policy_configuration, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApplicationAutoScaling::ScalingPolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/applicationinsights.yaml b/providers/src/aws/v00.00.00000/services/applicationinsights.yaml new file mode 100644 index 00000000..38e74e6f --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/applicationinsights.yaml @@ -0,0 +1,634 @@ +openapi: 3.0.0 +info: + title: ApplicationInsights + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + type: string + minLength: 1 + maxLength: 128 + Value: + description: 'The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + CustomComponent: + description: The custom grouped component. + type: object + properties: + ComponentName: + description: The name of the component. + type: string + minLength: 1 + maxLength: 128 + pattern: ^[\d\w\-_.+]*$ + ResourceList: + description: The list of resource ARNs that belong to the component. + type: array + items: + type: string + minLength: 20 + maxLength: 300 + pattern: ^arn:aws(-[\w]+)*:[\w\d-]+:([\w\d-]*)?:[\w\d_-]*([:/].+)*$ + minItems: 1 + x-insertionOrder: true + required: + - ComponentName + - ResourceList + additionalProperties: false + LogPatternSet: + description: The log pattern set. + type: object + properties: + PatternSetName: + description: The name of the log pattern set. + type: string + minLength: 1 + maxLength: 30 + pattern: '[a-zA-Z0-9.-_]*' + LogPatterns: + description: The log patterns of a set. + type: array + items: + $ref: '#/components/schemas/LogPattern' + minItems: 1 + x-insertionOrder: true + required: + - PatternSetName + - LogPatterns + additionalProperties: false + LogPattern: + description: The log pattern. + type: object + properties: + PatternName: + description: The name of the log pattern. + type: string + minLength: 1 + maxLength: 50 + pattern: '[a-zA-Z0-9.-_]*' + Pattern: + description: The log pattern. + type: string + minLength: 1 + maxLength: 50 + Rank: + description: Rank of the log pattern. + type: integer + required: + - PatternName + - Pattern + - Rank + additionalProperties: false + ComponentMonitoringSetting: + description: The monitoring setting of the component. + type: object + properties: + ComponentName: + description: The name of the component. + type: string + minLength: 1 + maxLength: 128 + pattern: ^[\d\w\-_.+]*$ + ComponentARN: + description: The ARN of the compnonent. + type: string + minLength: 20 + maxLength: 300 + pattern: ^arn:aws(-[\w]+)*:[\w\d-]+:([\w\d-]*)?:[\w\d_-]*([:/].+)*$ + Tier: + description: The tier of the application component. + type: string + pattern: ^[A-Z][[A-Z]_]*$ + ComponentConfigurationMode: + description: The component monitoring configuration mode. + type: string + enum: + - DEFAULT + - DEFAULT_WITH_OVERWRITE + - CUSTOM + DefaultOverwriteComponentConfiguration: + description: The overwritten settings on default component monitoring configuration. + $ref: '#/components/schemas/ComponentConfiguration' + CustomComponentConfiguration: + description: The monitoring configuration of the component. + $ref: '#/components/schemas/ComponentConfiguration' + required: + - Tier + - ComponentConfigurationMode + oneOf: + - required: + - ComponentName + - required: + - ComponentARN + additionalProperties: false + ComponentConfiguration: + description: The configuration settings of the component. + type: object + properties: + ConfigurationDetails: + description: The configuration settings + $ref: '#/components/schemas/ConfigurationDetails' + SubComponentTypeConfigurations: + description: Sub component configurations of the component. + type: array + items: + $ref: '#/components/schemas/SubComponentTypeConfiguration' + minItems: 1 + x-insertionOrder: true + additionalProperties: false + ConfigurationDetails: + description: The configuration settings. + type: object + properties: + AlarmMetrics: + description: A list of metrics to monitor for the component. + type: array + items: + $ref: '#/components/schemas/AlarmMetric' + x-insertionOrder: true + Logs: + description: A list of logs to monitor for the component. + type: array + items: + $ref: '#/components/schemas/Log' + x-insertionOrder: true + WindowsEvents: + description: A list of Windows Events to log. + type: array + items: + $ref: '#/components/schemas/WindowsEvent' + x-insertionOrder: true + Processes: + description: A list of processes to monitor for the component. Only Windows EC2 instances can have a processes section. + type: array + items: + $ref: '#/components/schemas/Process' + x-insertionOrder: true + Alarms: + description: A list of alarms to monitor for the component. + type: array + items: + $ref: '#/components/schemas/Alarm' + x-insertionOrder: true + JMXPrometheusExporter: + description: The JMX Prometheus Exporter settings. + $ref: '#/components/schemas/JMXPrometheusExporter' + HANAPrometheusExporter: + description: The HANA DB Prometheus Exporter settings. + $ref: '#/components/schemas/HANAPrometheusExporter' + HAClusterPrometheusExporter: + description: The HA cluster Prometheus Exporter settings. + $ref: '#/components/schemas/HAClusterPrometheusExporter' + NetWeaverPrometheusExporter: + description: The NetWeaver Prometheus Exporter settings. + $ref: '#/components/schemas/NetWeaverPrometheusExporter' + SQLServerPrometheusExporter: + description: The SQL Prometheus Exporter settings. + $ref: '#/components/schemas/SQLServerPrometheusExporter' + additionalProperties: false + SubComponentConfigurationDetails: + description: The configuration settings of sub components. + type: object + properties: + AlarmMetrics: + description: A list of metrics to monitor for the component. + type: array + items: + $ref: '#/components/schemas/AlarmMetric' + x-insertionOrder: true + Logs: + description: A list of logs to monitor for the component. + type: array + items: + $ref: '#/components/schemas/Log' + x-insertionOrder: true + WindowsEvents: + description: A list of Windows Events to log. + type: array + items: + $ref: '#/components/schemas/WindowsEvent' + x-insertionOrder: true + Processes: + description: A list of processes to monitor for the component. Only Windows EC2 instances can have a processes section. + type: array + items: + $ref: '#/components/schemas/Process' + x-insertionOrder: true + additionalProperties: false + JMXPrometheusExporter: + description: The JMX Prometheus Exporter settings. + type: object + properties: + JMXURL: + description: JMX service URL. + type: string + HostPort: + description: Java agent host port + type: string + PrometheusPort: + description: Prometheus exporter port. + type: string + additionalProperties: false + HANAPrometheusExporter: + description: The HANA DB Prometheus Exporter settings. + type: object + properties: + HANASID: + description: HANA DB SID. + type: string + HANAPort: + description: The HANA DB port. + type: string + HANASecretName: + description: |- + The secret name which manages the HANA DB credentials e.g. { + "username": "<>", + "password": "<>" + }. + type: string + AgreeToInstallHANADBClient: + description: A flag which indicates agreeing to install SAP HANA DB client. + type: boolean + PrometheusPort: + description: Prometheus exporter port. + type: string + required: + - HANASID + - HANAPort + - HANASecretName + - AgreeToInstallHANADBClient + additionalProperties: false + HAClusterPrometheusExporter: + description: The HA cluster Prometheus Exporter settings. + type: object + properties: + PrometheusPort: + description: Prometheus exporter port. + type: string + additionalProperties: false + NetWeaverPrometheusExporter: + description: The NetWeaver Prometheus Exporter Settings. + type: object + properties: + SAPSID: + description: SAP NetWeaver SID. + type: string + InstanceNumbers: + description: SAP instance numbers for ASCS, ERS, and App Servers. + type: array + items: + type: string + minLength: 1 + maxLength: 2 + pattern: \b([0-9]|[0-9][0-9])\b + PrometheusPort: + description: Prometheus exporter port. + type: string + required: + - SAPSID + - InstanceNumbers + additionalProperties: false + SQLServerPrometheusExporter: + description: The SQL prometheus exporter settings. + type: object + properties: + PrometheusPort: + description: Prometheus exporter port. + type: string + SQLSecretName: + description: 'Secret name which managers SQL exporter connection. e.g. {"data_source_name": "sqlserver://:@localhost:1433"}' + type: string + required: + - PrometheusPort + - SQLSecretName + additionalProperties: false + AlarmMetric: + description: A metric to be monitored for the component. + type: object + properties: + AlarmMetricName: + description: The name of the metric to be monitored for the component. + type: string + required: + - AlarmMetricName + additionalProperties: false + Log: + description: A log to be monitored for the component. + type: object + properties: + LogGroupName: + description: The CloudWatch log group name to be associated to the monitored log. + type: string + minLength: 1 + maxLength: 512 + pattern: '[\.\-_/#A-Za-z0-9]+' + LogPath: + description: The path of the logs to be monitored. + type: string + minLength: 1 + maxLength: 260 + pattern: ^([a-zA-Z]:\\[\\\S|*\S]?.*|/[^"']*)$ + LogType: + description: The log type decides the log patterns against which Application Insights analyzes the log. + type: string + pattern: ^[A-Z][[A-Z]_]*$ + Encoding: + description: The type of encoding of the logs to be monitored. + type: string + enum: + - utf-8 + - utf-16 + - ascii + PatternSet: + description: The name of the log pattern set. + type: string + minLength: 1 + maxLength: 30 + pattern: '[a-zA-Z0-9.-_]*' + required: + - LogType + additionalProperties: false + WindowsEvent: + description: A Windows Event to be monitored for the component. + type: object + properties: + LogGroupName: + description: The CloudWatch log group name to be associated to the monitored log. + type: string + minLength: 1 + maxLength: 512 + pattern: '[\.\-_/#A-Za-z0-9]+' + EventName: + description: The type of Windows Events to log. + type: string + minLength: 1 + maxLength: 260 + pattern: ^[a-zA-Z0-9_ \\/-]+$ + EventLevels: + description: 'The levels of event to log. ' + type: array + items: + $ref: '#/components/schemas/EventLevel' + minItems: 1 + x-insertionOrder: true + PatternSet: + description: The name of the log pattern set. + type: string + minLength: 1 + maxLength: 30 + pattern: '[a-zA-Z0-9.-_]*' + required: + - LogGroupName + - EventName + - EventLevels + additionalProperties: false + Process: + description: A process to be monitored for the component. + type: object + properties: + ProcessName: + description: The name of the process to be monitored for the component. + type: string + minLength: 1 + maxLength: 256 + pattern: ^[a-zA-Z0-9_,-]+$ + AlarmMetrics: + description: A list of metrics to monitor for the component. + type: array + items: + $ref: '#/components/schemas/AlarmMetric' + x-insertionOrder: true + required: + - ProcessName + - AlarmMetrics + additionalProperties: false + EventLevel: + description: The level of event to log. + type: string + enum: + - INFORMATION + - WARNING + - ERROR + - CRITICAL + - VERBOSE + Alarm: + description: A CloudWatch alarm to be monitored for the component. + type: object + properties: + AlarmName: + description: The name of the CloudWatch alarm to be monitored for the component. + type: string + minLength: 1 + maxLength: 255 + Severity: + description: Indicates the degree of outage when the alarm goes off. + type: string + enum: + - HIGH + - MEDIUM + - LOW + required: + - AlarmName + additionalProperties: false + SubComponentTypeConfiguration: + description: One type sub component configurations for the component. + type: object + properties: + SubComponentType: + description: The sub component type. + type: string + enum: + - AWS::EC2::Instance + - AWS::EC2::Volume + SubComponentConfigurationDetails: + description: The configuration settings of sub components. + $ref: '#/components/schemas/SubComponentConfigurationDetails' + required: + - SubComponentType + - SubComponentConfigurationDetails + additionalProperties: false + Application: + type: object + properties: + ResourceGroupName: + description: The name of the resource group. + type: string + minLength: 1 + maxLength: 256 + pattern: '[a-zA-Z0-9.-_]*' + ApplicationARN: + description: The ARN of the ApplicationInsights application. + type: string + CWEMonitorEnabled: + description: Indicates whether Application Insights can listen to CloudWatch events for the application resources. + type: boolean + OpsCenterEnabled: + description: When set to true, creates opsItems for any problems detected on an application. + type: boolean + OpsItemSNSTopicArn: + description: The SNS topic provided to Application Insights that is associated to the created opsItem. + type: string + minLength: 20 + maxLength: 300 + pattern: ^arn:aws(-[\w]+)*:[\w\d-]+:([\w\d-]*)?:[\w\d_-]*([:/].+)*$ + Tags: + description: The tags of Application Insights application. + type: array + items: + $ref: '#/components/schemas/Tag' + minItems: 1 + x-insertionOrder: true + CustomComponents: + description: The custom grouped components. + type: array + items: + $ref: '#/components/schemas/CustomComponent' + minItems: 1 + x-insertionOrder: true + LogPatternSets: + description: The log pattern sets. + type: array + items: + $ref: '#/components/schemas/LogPatternSet' + minItems: 1 + x-insertionOrder: true + AutoConfigurationEnabled: + description: If set to true, application will be configured with recommended monitoring configuration. + type: boolean + ComponentMonitoringSettings: + description: The monitoring settings of the components. + type: array + items: + $ref: '#/components/schemas/ComponentMonitoringSetting' + minItems: 1 + x-insertionOrder: true + GroupingType: + description: The grouping type of the application + type: string + enum: + - ACCOUNT_BASED + AttachMissingPermission: + description: If set to true, the managed policies for SSM and CW will be attached to the instance roles if they are missing + type: boolean + required: + - ResourceGroupName + x-stackql-resource-name: application + description: Resource schema for AWS::ApplicationInsights::Application + x-type-name: AWS::ApplicationInsights::Application + x-stackql-primary-identifier: + - ApplicationARN + x-create-only-properties: + - ResourceGroupName + - GroupingType + x-write-only-properties: + - ComponentMonitoringSettings + - LogPatternSets + - CustomComponents + - GroupingType + - OpsItemSNSTopicArn + - AttachMissingPermission + x-read-only-properties: + - ApplicationARN + x-required-properties: + - ResourceGroupName + x-taggable: true + x-required-permissions: + create: + - '*' + read: + - '*' + update: + - '*' + delete: + - '*' + list: + - '*' + x-stackQL-resources: + applications: + name: applications + id: aws.applicationinsights.applications + x-cfn-schema-name: Application + x-type: list + x-identifiers: + - ApplicationARN + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationARN') as application_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApplicationInsights::Application' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationARN') as application_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApplicationInsights::Application' + AND region = 'us-east-1' + application: + name: application + id: aws.applicationinsights.application + x-cfn-schema-name: Application + x-type: get + x-identifiers: + - ApplicationARN + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ResourceGroupName') as resource_group_name, + JSON_EXTRACT(Properties, '$.ApplicationARN') as application_arn, + JSON_EXTRACT(Properties, '$.CWEMonitorEnabled') as cwe_monitor_enabled, + JSON_EXTRACT(Properties, '$.OpsCenterEnabled') as ops_center_enabled, + JSON_EXTRACT(Properties, '$.OpsItemSNSTopicArn') as ops_item_sns_topic_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CustomComponents') as custom_components, + JSON_EXTRACT(Properties, '$.LogPatternSets') as log_pattern_sets, + JSON_EXTRACT(Properties, '$.AutoConfigurationEnabled') as auto_configuration_enabled, + JSON_EXTRACT(Properties, '$.ComponentMonitoringSettings') as component_monitoring_settings, + JSON_EXTRACT(Properties, '$.GroupingType') as grouping_type, + JSON_EXTRACT(Properties, '$.AttachMissingPermission') as attach_missing_permission + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApplicationInsights::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ResourceGroupName') as resource_group_name, + json_extract_path_text(Properties, 'ApplicationARN') as application_arn, + json_extract_path_text(Properties, 'CWEMonitorEnabled') as cwe_monitor_enabled, + json_extract_path_text(Properties, 'OpsCenterEnabled') as ops_center_enabled, + json_extract_path_text(Properties, 'OpsItemSNSTopicArn') as ops_item_sns_topic_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CustomComponents') as custom_components, + json_extract_path_text(Properties, 'LogPatternSets') as log_pattern_sets, + json_extract_path_text(Properties, 'AutoConfigurationEnabled') as auto_configuration_enabled, + json_extract_path_text(Properties, 'ComponentMonitoringSettings') as component_monitoring_settings, + json_extract_path_text(Properties, 'GroupingType') as grouping_type, + json_extract_path_text(Properties, 'AttachMissingPermission') as attach_missing_permission + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApplicationInsights::Application' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/apprunner.yaml b/providers/src/aws/v00.00.00000/services/apprunner.yaml new file mode 100644 index 00000000..0d53a6d3 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/apprunner.yaml @@ -0,0 +1,1079 @@ +openapi: 3.0.0 +info: + title: AppRunner + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + properties: + Key: + type: string + Value: + type: string + additionalProperties: false + AutoScalingConfiguration: + type: object + properties: + AutoScalingConfigurationArn: + description: The Amazon Resource Name (ARN) of this auto scaling configuration. + type: string + minLength: 1 + maxLength: 1011 + pattern: arn:aws(-[\w]+)*:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[0-9]{12}:(\w|/|-){1,1011} + AutoScalingConfigurationName: + description: The customer-provided auto scaling configuration name. When you use it for the first time in an AWS Region, App Runner creates revision number 1 of this name. When you use the same name in subsequent calls, App Runner creates incremental revisions of the configuration. The auto scaling configuration name can be used in multiple revisions of a configuration. + type: string + minLength: 4 + maxLength: 32 + pattern: '[A-Za-z0-9][A-Za-z0-9\-_]{3,31}' + AutoScalingConfigurationRevision: + description: 'The revision of this auto scaling configuration. It''s unique among all the active configurations ("Status": "ACTIVE") that share the same AutoScalingConfigurationName.' + type: integer + MaxConcurrency: + description: The maximum number of concurrent requests that an instance processes. If the number of concurrent requests exceeds this limit, App Runner scales the service up to use more instances to process the requests. + type: integer + MaxSize: + description: The maximum number of instances that an App Runner service scales up to. At most MaxSize instances actively serve traffic for your service. + type: integer + MinSize: + description: The minimum number of instances that App Runner provisions for a service. The service always has at least MinSize provisioned instances. Some of them actively serve traffic. The rest of them (provisioned and inactive instances) are a cost-effective compute capacity reserve and are ready to be quickly activated. You pay for memory usage of all the provisioned instances. You pay for CPU usage of only the active subset. + type: integer + Latest: + description: It's set to true for the configuration with the highest Revision among all configurations that share the same AutoScalingConfigurationName. It's set to false otherwise. App Runner temporarily doubles the number of provisioned instances during deployments, to maintain the same capacity for both old and new code. + type: boolean + Tags: + description: A list of metadata items that you can associate with your auto scaling configuration resource. A tag is a key-value pair. + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + x-stackql-resource-name: auto_scaling_configuration + description: Describes an AWS App Runner automatic configuration resource that enables automatic scaling of instances used to process web requests. You can share an auto scaling configuration across multiple services. + x-type-name: AWS::AppRunner::AutoScalingConfiguration + x-stackql-primary-identifier: + - AutoScalingConfigurationArn + x-create-only-properties: + - AutoScalingConfigurationName + - MaxConcurrency + - MaxSize + - MinSize + - Tags + x-write-only-properties: + - Tags + x-read-only-properties: + - AutoScalingConfigurationArn + - AutoScalingConfigurationRevision + - Latest + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - apprunner:CreateAutoScalingConfiguration + - apprunner:DescribeAutoScalingConfiguration + - apprunner:TagResource + read: + - apprunner:DescribeAutoScalingConfiguration + delete: + - apprunner:DeleteAutoScalingConfiguration + list: + - apprunner:ListAutoScalingConfiguration + TraceConfiguration: + description: Describes the configuration of the tracing feature within an AWS App Runner observability configuration. + type: object + properties: + Vendor: + description: The implementation provider chosen for tracing App Runner services. + type: string + enum: + - AWSXRAY + required: + - Vendor + additionalProperties: false + ObservabilityConfiguration: + type: object + properties: + ObservabilityConfigurationArn: + description: The Amazon Resource Name (ARN) of this ObservabilityConfiguration + type: string + minLength: 1 + maxLength: 1011 + pattern: arn:aws(-[\w]+)*:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[0-9]{12}:(\w|/|-){1,1011} + ObservabilityConfigurationName: + description: A name for the observability configuration. When you use it for the first time in an AWS Region, App Runner creates revision number 1 of this name. When you use the same name in subsequent calls, App Runner creates incremental revisions of the configuration. + type: string + minLength: 4 + maxLength: 32 + pattern: '[A-Za-z0-9][A-Za-z0-9\-_]{3,31}' + ObservabilityConfigurationRevision: + description: 'The revision of this observability configuration. It''s unique among all the active configurations (''Status'': ''ACTIVE'') that share the same ObservabilityConfigurationName.' + type: integer + Latest: + description: It's set to true for the configuration with the highest Revision among all configurations that share the same Name. It's set to false otherwise. + type: boolean + TraceConfiguration: + description: The configuration of the tracing feature within this observability configuration. If you don't specify it, App Runner doesn't enable tracing. + $ref: '#/components/schemas/TraceConfiguration' + Tags: + description: A list of metadata items that you can associate with your observability configuration resource. A tag is a key-value pair. + type: array + items: + $ref: '#/components/schemas/Tag' + required: [] + x-stackql-resource-name: observability_configuration + description: The AWS::AppRunner::ObservabilityConfiguration resource is an AWS App Runner resource type that specifies an App Runner observability configuration + x-type-name: AWS::AppRunner::ObservabilityConfiguration + x-stackql-primary-identifier: + - ObservabilityConfigurationArn + x-create-only-properties: + - ObservabilityConfigurationName + - TraceConfiguration + - Tags + x-write-only-properties: + - Tags + x-read-only-properties: + - ObservabilityConfigurationArn + - ObservabilityConfigurationRevision + - Latest + x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - apprunner:CreateObservabilityConfiguration + - apprunner:DescribeObservabilityConfiguration + - apprunner:TagResource + read: + - apprunner:DescribeObservabilityConfiguration + delete: + - apprunner:DeleteObservabilityConfiguration + list: + - apprunner:ListObservabilityConfigurations + SourceConfiguration: + description: Source Code configuration + type: object + properties: + CodeRepository: + $ref: '#/components/schemas/CodeRepository' + ImageRepository: + $ref: '#/components/schemas/ImageRepository' + AutoDeploymentsEnabled: + description: Auto Deployment enabled + type: boolean + AuthenticationConfiguration: + $ref: '#/components/schemas/AuthenticationConfiguration' + additionalProperties: false + CodeRepository: + description: Source Code Repository + type: object + properties: + RepositoryUrl: + type: string + description: Repository Url + SourceCodeVersion: + $ref: '#/components/schemas/SourceCodeVersion' + CodeConfiguration: + $ref: '#/components/schemas/CodeConfiguration' + SourceDirectory: + type: string + description: Source Directory + minLength: 1 + maxLength: 4096 + pattern: '[^\x00]+' + required: + - RepositoryUrl + - SourceCodeVersion + additionalProperties: false + SourceCodeVersion: + description: Source Code Version + type: object + properties: + Type: + type: string + description: Source Code Version Type + enum: + - BRANCH + Value: + type: string + description: Source Code Version Value + required: + - Type + - Value + additionalProperties: false + CodeConfiguration: + description: Code Configuration + type: object + properties: + ConfigurationSource: + type: string + description: Configuration Source + enum: + - REPOSITORY + - API + CodeConfigurationValues: + $ref: '#/components/schemas/CodeConfigurationValues' + required: + - ConfigurationSource + additionalProperties: false + CodeConfigurationValues: + description: Code Configuration Values + type: object + properties: + Runtime: + type: string + description: Runtime + enum: + - PYTHON_3 + - NODEJS_12 + - NODEJS_14 + - CORRETTO_8 + - CORRETTO_11 + - NODEJS_16 + - GO_1 + - DOTNET_6 + - PHP_81 + - RUBY_31 + - PYTHON_311 + - NODEJS_18 + BuildCommand: + type: string + description: Build Command + StartCommand: + type: string + description: Start Command + Port: + type: string + description: Port + RuntimeEnvironmentVariables: + type: array + items: + $ref: '#/components/schemas/KeyValuePair' + RuntimeEnvironmentSecrets: + type: array + items: + $ref: '#/components/schemas/KeyValuePair' + description: The secrets and parameters that get referenced by your service as environment variables + required: + - Runtime + additionalProperties: false + ImageRepository: + description: Image Repository + type: object + properties: + ImageIdentifier: + type: string + description: Image Identifier + minLength: 1 + maxLength: 1024 + pattern: ([0-9]{12}.dkr.ecr.[a-z\-]+-[0-9]{1}.amazonaws.com\/.*)|(^public\.ecr\.aws\/.+\/.+) + ImageConfiguration: + $ref: '#/components/schemas/ImageConfiguration' + ImageRepositoryType: + type: string + description: Image Repository Type + enum: + - ECR + - ECR_PUBLIC + required: + - ImageIdentifier + - ImageRepositoryType + additionalProperties: false + ImageConfiguration: + description: Image Configuration + type: object + properties: + StartCommand: + type: string + description: Start Command + Port: + type: string + description: Port + RuntimeEnvironmentVariables: + type: array + items: + $ref: '#/components/schemas/KeyValuePair' + RuntimeEnvironmentSecrets: + type: array + items: + $ref: '#/components/schemas/KeyValuePair' + description: The secrets and parameters that get referenced by your service as environment variables + additionalProperties: false + AuthenticationConfiguration: + description: Authentication Configuration + type: object + properties: + ConnectionArn: + type: string + description: Connection Arn + minLength: 1 + maxLength: 1011 + pattern: arn:aws(-[\w]+)*:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[0-9]{12}:(\w|\/|-){1,1011} + AccessRoleArn: + description: Access Role Arn + $ref: '#/components/schemas/RoleArn' + additionalProperties: false + InstanceConfiguration: + description: Instance Configuration + type: object + properties: + Cpu: + type: string + description: CPU + minLength: 3 + maxLength: 9 + pattern: 256|512|1024|2048|4096|(0.25|0.5|1|2|4) vCPU + Memory: + type: string + description: Memory + minLength: 3 + maxLength: 6 + pattern: 512|1024|2048|3072|4096|6144|8192|10240|12288|(0.5|1|2|3|4|6|8|10|12) GB + InstanceRoleArn: + description: Instance Role Arn + $ref: '#/components/schemas/RoleArn' + additionalProperties: false + RoleArn: + type: string + minLength: 29 + maxLength: 1024 + pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):iam::[0-9]{12}:role/[\w+=,.@-]{1,64} + EncryptionConfiguration: + description: Encryption configuration (KMS key) + type: object + properties: + KmsKey: + type: string + description: The KMS Key + minLength: 0 + maxLength: 256 + pattern: arn:aws(-[\w]+)*:kms:[a-z\-]+-[0-9]{1}:[0-9]{12}:key\/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} + required: + - KmsKey + additionalProperties: false + HealthCheckConfiguration: + description: Health check configuration + type: object + properties: + Protocol: + type: string + description: Health Check Protocol + enum: + - TCP + - HTTP + Path: + type: string + description: Health check Path + Interval: + type: integer + description: Health check Interval + Timeout: + type: integer + description: Health check Timeout + minimum: 1 + maximum: 20 + HealthyThreshold: + type: integer + description: Health check Healthy Threshold + minimum: 1 + maximum: 20 + UnhealthyThreshold: + type: integer + description: Health check Unhealthy Threshold + minimum: 1 + maximum: 20 + additionalProperties: false + EgressConfiguration: + description: Network egress configuration + type: object + properties: + EgressType: + description: Network egress type. + type: string + enum: + - DEFAULT + - VPC + VpcConnectorArn: + description: The Amazon Resource Name (ARN) of the App Runner VpcConnector. + type: string + minLength: 44 + maxLength: 1011 + pattern: arn:aws(-[\w]+)*:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[0-9]{12}:(\w|\/|-){1,1011} + required: + - EgressType + additionalProperties: false + IngressConfiguration: + description: Network ingress configuration + type: object + properties: + IsPubliclyAccessible: + description: It's set to true if the Apprunner service is publicly accessible. It's set to false otherwise. + type: boolean + required: + - IsPubliclyAccessible + additionalProperties: false + NetworkConfiguration: + description: Network configuration + type: object + properties: + EgressConfiguration: + $ref: '#/components/schemas/EgressConfiguration' + IngressConfiguration: + $ref: '#/components/schemas/IngressConfiguration' + IpAddressType: + description: App Runner service endpoint IP address type + type: string + enum: + - IPV4 + - DUAL_STACK + additionalProperties: false + ServiceObservabilityConfiguration: + description: Service observability configuration + type: object + properties: + ObservabilityEnabled: + description: Observability enabled + type: boolean + ObservabilityConfigurationArn: + description: The Amazon Resource Name (ARN) of the App Runner ObservabilityConfiguration. + type: string + minLength: 1 + maxLength: 1011 + pattern: arn:aws(-[\w]+)*:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[0-9]{12}:(\w|/|-){1,1011} + required: + - ObservabilityEnabled + additionalProperties: false + KeyValuePair: + type: object + properties: + Name: + type: string + Value: + type: string + additionalProperties: false + Service: + type: object + properties: + ServiceName: + description: The AppRunner Service Name. + type: string + minLength: 4 + maxLength: 40 + pattern: '[A-Za-z0-9][A-Za-z0-9-_]{3,39}' + ServiceId: + description: The AppRunner Service Id + type: string + minLength: 32 + maxLength: 32 + ServiceArn: + description: The Amazon Resource Name (ARN) of the AppRunner Service. + type: string + minLength: 1 + maxLength: 1011 + pattern: arn:aws(-[\w]+)*:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[0-9]{12}:(\w|\/|-){1,1011} + ServiceUrl: + description: The Service Url of the AppRunner Service. + type: string + Status: + description: AppRunner Service status. + type: string + SourceConfiguration: + $ref: '#/components/schemas/SourceConfiguration' + InstanceConfiguration: + $ref: '#/components/schemas/InstanceConfiguration' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + EncryptionConfiguration: + $ref: '#/components/schemas/EncryptionConfiguration' + HealthCheckConfiguration: + $ref: '#/components/schemas/HealthCheckConfiguration' + ObservabilityConfiguration: + $ref: '#/components/schemas/ServiceObservabilityConfiguration' + AutoScalingConfigurationArn: + description: Autoscaling configuration ARN + type: string + minLength: 1 + maxLength: 1011 + pattern: arn:aws(-[\w]+)*:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[0-9]{12}:(\w|\/|-){1,1011} + NetworkConfiguration: + $ref: '#/components/schemas/NetworkConfiguration' + required: + - SourceConfiguration + x-stackql-resource-name: service + description: The AWS::AppRunner::Service resource specifies an AppRunner Service. + x-type-name: AWS::AppRunner::Service + x-stackql-primary-identifier: + - ServiceArn + x-create-only-properties: + - ServiceName + - EncryptionConfiguration + - Tags + x-write-only-properties: + - Tags + - AutoScalingConfigurationArn + x-read-only-properties: + - ServiceArn + - ServiceId + - ServiceUrl + - Status + x-required-properties: + - SourceConfiguration + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - apprunner:CreateService + - apprunner:TagResource + - iam:PassRole + - iam:CreateServiceLinkedRole + - logs:CreateLogGroup + - logs:PutRetentionPolicy + - logs:CreateLogStream + - logs:PutLogEvents + - logs:DescribeLogStreams + - events:PutRule + - events:PutTargets + read: + - apprunner:DescribeService + update: + - apprunner:UpdateService + - iam:PassRole + delete: + - apprunner:DeleteService + list: + - apprunner:ListServices + - iam:PassRole + VpcConnector: + type: object + properties: + VpcConnectorName: + description: A name for the VPC connector. If you don't specify a name, AWS CloudFormation generates a name for your VPC connector. + type: string + minLength: 4 + maxLength: 40 + pattern: ^[A-Za-z0-9][A-Za-z0-9-\\_]{3,39}$ + VpcConnectorArn: + description: The Amazon Resource Name (ARN) of this VPC connector. + type: string + minLength: 44 + maxLength: 1011 + pattern: arn:aws(-[\w]+)*:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[0-9]{12}:(\w|\/|-){1,1011} + VpcConnectorRevision: + description: 'The revision of this VPC connector. It''s unique among all the active connectors ("Status": "ACTIVE") that share the same Name.' + type: integer + Subnets: + description: A list of IDs of subnets that App Runner should use when it associates your service with a custom Amazon VPC. Specify IDs of subnets of a single Amazon VPC. App Runner determines the Amazon VPC from the subnets you specify. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + items: + type: string + SecurityGroups: + description: A list of IDs of security groups that App Runner should use for access to AWS resources under the specified subnets. If not specified, App Runner uses the default security group of the Amazon VPC. The default security group allows all outbound traffic. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Tags: + description: A list of metadata items that you can associate with your VPC connector resource. A tag is a key-value pair. + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - Subnets + x-stackql-resource-name: vpc_connector + description: The AWS::AppRunner::VpcConnector resource specifies an App Runner VpcConnector. + x-type-name: AWS::AppRunner::VpcConnector + x-stackql-primary-identifier: + - VpcConnectorArn + x-create-only-properties: + - VpcConnectorName + - Subnets + - SecurityGroups + - Tags + x-write-only-properties: + - Tags + x-read-only-properties: + - VpcConnectorArn + - VpcConnectorRevision + x-required-properties: + - Subnets + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:CreateServiceLinkedRole + - apprunner:CreateVpcConnector + - apprunner:DescribeVpcConnector + - apprunner:TagResource + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + read: + - apprunner:DescribeVpcConnector + delete: + - apprunner:DeleteVpcConnector + list: + - apprunner:ListVpcConnectors + IngressVpcConfiguration: + description: The configuration of customer’s VPC and related VPC endpoint + type: object + properties: + VpcId: + description: The ID of the VPC that the VPC endpoint is used in. + type: string + VpcEndpointId: + description: The ID of the VPC endpoint that your App Runner service connects to. + type: string + required: + - VpcId + - VpcEndpointId + additionalProperties: false + VpcIngressConnection: + type: object + properties: + VpcIngressConnectionArn: + description: The Amazon Resource Name (ARN) of the VpcIngressConnection. + type: string + minLength: 1 + maxLength: 1011 + pattern: arn:aws(-[\w]+)*:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[0-9]{12}:(\w|/|-){1,1011} + VpcIngressConnectionName: + description: The customer-provided Vpc Ingress Connection name. + type: string + minLength: 4 + maxLength: 40 + pattern: '[A-Za-z0-9][A-Za-z0-9\-_]{3,39}' + ServiceArn: + description: The Amazon Resource Name (ARN) of the service. + type: string + minLength: 1 + maxLength: 1011 + pattern: arn:aws(-[\w]+)*:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[0-9]{12}:(\w|/|-){1,1011} + Status: + description: The current status of the VpcIngressConnection. + type: string + enum: + - AVAILABLE + - PENDING_CREATION + - PENDING_UPDATE + - PENDING_DELETION + - FAILED_CREATION + - FAILED_UPDATE + - FAILED_DELETION + - DELETED + DomainName: + description: The Domain name associated with the VPC Ingress Connection. + type: string + minLength: 1 + maxLength: 255 + pattern: '[A-Za-z0-9*.-]{1,255}' + IngressVpcConfiguration: + $ref: '#/components/schemas/IngressVpcConfiguration' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - ServiceArn + - IngressVpcConfiguration + x-stackql-resource-name: vpc_ingress_connection + description: The AWS::AppRunner::VpcIngressConnection resource is an App Runner resource that specifies an App Runner VpcIngressConnection. + x-type-name: AWS::AppRunner::VpcIngressConnection + x-stackql-primary-identifier: + - VpcIngressConnectionArn + x-create-only-properties: + - VpcIngressConnectionName + - ServiceArn + - Tags + x-write-only-properties: + - Tags + x-read-only-properties: + - VpcIngressConnectionArn + - DomainName + - Status + x-required-properties: + - ServiceArn + - IngressVpcConfiguration + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - apprunner:CreateVpcIngressConnection + - apprunner:DescribeVpcIngressConnection + - ec2:DescribeVpcs + - ec2:DescribeVpcEndpoints + - ec2:DescribeSubnets + - apprunner:TagResource + read: + - apprunner:DescribeVpcIngressConnection + update: + - apprunner:UpdateVpcIngressConnection + delete: + - apprunner:DeleteVpcIngressConnection + list: + - apprunner:ListVpcIngressConnections + x-stackQL-resources: + auto_scaling_configurations: + name: auto_scaling_configurations + id: aws.apprunner.auto_scaling_configurations + x-cfn-schema-name: AutoScalingConfiguration + x-type: list + x-identifiers: + - AutoScalingConfigurationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AutoScalingConfigurationArn') as auto_scaling_configuration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppRunner::AutoScalingConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AutoScalingConfigurationArn') as auto_scaling_configuration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppRunner::AutoScalingConfiguration' + AND region = 'us-east-1' + auto_scaling_configuration: + name: auto_scaling_configuration + id: aws.apprunner.auto_scaling_configuration + x-cfn-schema-name: AutoScalingConfiguration + x-type: get + x-identifiers: + - AutoScalingConfigurationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AutoScalingConfigurationArn') as auto_scaling_configuration_arn, + JSON_EXTRACT(Properties, '$.AutoScalingConfigurationName') as auto_scaling_configuration_name, + JSON_EXTRACT(Properties, '$.AutoScalingConfigurationRevision') as auto_scaling_configuration_revision, + JSON_EXTRACT(Properties, '$.MaxConcurrency') as max_concurrency, + JSON_EXTRACT(Properties, '$.MaxSize') as max_size, + JSON_EXTRACT(Properties, '$.MinSize') as min_size, + JSON_EXTRACT(Properties, '$.Latest') as latest, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppRunner::AutoScalingConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AutoScalingConfigurationArn') as auto_scaling_configuration_arn, + json_extract_path_text(Properties, 'AutoScalingConfigurationName') as auto_scaling_configuration_name, + json_extract_path_text(Properties, 'AutoScalingConfigurationRevision') as auto_scaling_configuration_revision, + json_extract_path_text(Properties, 'MaxConcurrency') as max_concurrency, + json_extract_path_text(Properties, 'MaxSize') as max_size, + json_extract_path_text(Properties, 'MinSize') as min_size, + json_extract_path_text(Properties, 'Latest') as latest, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppRunner::AutoScalingConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + observability_configurations: + name: observability_configurations + id: aws.apprunner.observability_configurations + x-cfn-schema-name: ObservabilityConfiguration + x-type: list + x-identifiers: + - ObservabilityConfigurationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ObservabilityConfigurationArn') as observability_configuration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppRunner::ObservabilityConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ObservabilityConfigurationArn') as observability_configuration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppRunner::ObservabilityConfiguration' + AND region = 'us-east-1' + observability_configuration: + name: observability_configuration + id: aws.apprunner.observability_configuration + x-cfn-schema-name: ObservabilityConfiguration + x-type: get + x-identifiers: + - ObservabilityConfigurationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ObservabilityConfigurationArn') as observability_configuration_arn, + JSON_EXTRACT(Properties, '$.ObservabilityConfigurationName') as observability_configuration_name, + JSON_EXTRACT(Properties, '$.ObservabilityConfigurationRevision') as observability_configuration_revision, + JSON_EXTRACT(Properties, '$.Latest') as latest, + JSON_EXTRACT(Properties, '$.TraceConfiguration') as trace_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppRunner::ObservabilityConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ObservabilityConfigurationArn') as observability_configuration_arn, + json_extract_path_text(Properties, 'ObservabilityConfigurationName') as observability_configuration_name, + json_extract_path_text(Properties, 'ObservabilityConfigurationRevision') as observability_configuration_revision, + json_extract_path_text(Properties, 'Latest') as latest, + json_extract_path_text(Properties, 'TraceConfiguration') as trace_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppRunner::ObservabilityConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + services: + name: services + id: aws.apprunner.services + x-cfn-schema-name: Service + x-type: list + x-identifiers: + - ServiceArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ServiceArn') as service_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppRunner::Service' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ServiceArn') as service_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppRunner::Service' + AND region = 'us-east-1' + service: + name: service + id: aws.apprunner.service + x-cfn-schema-name: Service + x-type: get + x-identifiers: + - ServiceArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ServiceName') as service_name, + JSON_EXTRACT(Properties, '$.ServiceId') as service_id, + JSON_EXTRACT(Properties, '$.ServiceArn') as service_arn, + JSON_EXTRACT(Properties, '$.ServiceUrl') as service_url, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.SourceConfiguration') as source_configuration, + JSON_EXTRACT(Properties, '$.InstanceConfiguration') as instance_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.EncryptionConfiguration') as encryption_configuration, + JSON_EXTRACT(Properties, '$.HealthCheckConfiguration') as health_check_configuration, + JSON_EXTRACT(Properties, '$.ObservabilityConfiguration') as observability_configuration, + JSON_EXTRACT(Properties, '$.AutoScalingConfigurationArn') as auto_scaling_configuration_arn, + JSON_EXTRACT(Properties, '$.NetworkConfiguration') as network_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppRunner::Service' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ServiceName') as service_name, + json_extract_path_text(Properties, 'ServiceId') as service_id, + json_extract_path_text(Properties, 'ServiceArn') as service_arn, + json_extract_path_text(Properties, 'ServiceUrl') as service_url, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'SourceConfiguration') as source_configuration, + json_extract_path_text(Properties, 'InstanceConfiguration') as instance_configuration, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'EncryptionConfiguration') as encryption_configuration, + json_extract_path_text(Properties, 'HealthCheckConfiguration') as health_check_configuration, + json_extract_path_text(Properties, 'ObservabilityConfiguration') as observability_configuration, + json_extract_path_text(Properties, 'AutoScalingConfigurationArn') as auto_scaling_configuration_arn, + json_extract_path_text(Properties, 'NetworkConfiguration') as network_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppRunner::Service' + AND data__Identifier = '' + AND region = 'us-east-1' + vpc_connectors: + name: vpc_connectors + id: aws.apprunner.vpc_connectors + x-cfn-schema-name: VpcConnector + x-type: list + x-identifiers: + - VpcConnectorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.VpcConnectorArn') as vpc_connector_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppRunner::VpcConnector' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'VpcConnectorArn') as vpc_connector_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppRunner::VpcConnector' + AND region = 'us-east-1' + vpc_connector: + name: vpc_connector + id: aws.apprunner.vpc_connector + x-cfn-schema-name: VpcConnector + x-type: get + x-identifiers: + - VpcConnectorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.VpcConnectorName') as vpc_connector_name, + JSON_EXTRACT(Properties, '$.VpcConnectorArn') as vpc_connector_arn, + JSON_EXTRACT(Properties, '$.VpcConnectorRevision') as vpc_connector_revision, + JSON_EXTRACT(Properties, '$.Subnets') as subnets, + JSON_EXTRACT(Properties, '$.SecurityGroups') as security_groups, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppRunner::VpcConnector' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'VpcConnectorName') as vpc_connector_name, + json_extract_path_text(Properties, 'VpcConnectorArn') as vpc_connector_arn, + json_extract_path_text(Properties, 'VpcConnectorRevision') as vpc_connector_revision, + json_extract_path_text(Properties, 'Subnets') as subnets, + json_extract_path_text(Properties, 'SecurityGroups') as security_groups, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppRunner::VpcConnector' + AND data__Identifier = '' + AND region = 'us-east-1' + vpc_ingress_connections: + name: vpc_ingress_connections + id: aws.apprunner.vpc_ingress_connections + x-cfn-schema-name: VpcIngressConnection + x-type: list + x-identifiers: + - VpcIngressConnectionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.VpcIngressConnectionArn') as vpc_ingress_connection_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppRunner::VpcIngressConnection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'VpcIngressConnectionArn') as vpc_ingress_connection_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppRunner::VpcIngressConnection' + AND region = 'us-east-1' + vpc_ingress_connection: + name: vpc_ingress_connection + id: aws.apprunner.vpc_ingress_connection + x-cfn-schema-name: VpcIngressConnection + x-type: get + x-identifiers: + - VpcIngressConnectionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.VpcIngressConnectionArn') as vpc_ingress_connection_arn, + JSON_EXTRACT(Properties, '$.VpcIngressConnectionName') as vpc_ingress_connection_name, + JSON_EXTRACT(Properties, '$.ServiceArn') as service_arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.IngressVpcConfiguration') as ingress_vpc_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppRunner::VpcIngressConnection' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'VpcIngressConnectionArn') as vpc_ingress_connection_arn, + json_extract_path_text(Properties, 'VpcIngressConnectionName') as vpc_ingress_connection_name, + json_extract_path_text(Properties, 'ServiceArn') as service_arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'IngressVpcConfiguration') as ingress_vpc_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppRunner::VpcIngressConnection' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/appstream.yaml b/providers/src/aws/v00.00.00000/services/appstream.yaml new file mode 100644 index 00000000..6618ba29 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/appstream.yaml @@ -0,0 +1,1109 @@ +openapi: 3.0.0 +info: + title: AppStream + version: 1.0.0 +paths: {} +components: + schemas: + S3Location: + type: object + properties: + S3Bucket: + type: string + S3Key: + type: string + additionalProperties: false + required: + - S3Bucket + - S3Key + ScriptDetails: + type: object + properties: + ScriptS3Location: + $ref: '#/components/schemas/S3Location' + ExecutablePath: + type: string + ExecutableParameters: + type: string + TimeoutInSeconds: + type: integer + additionalProperties: false + required: + - ScriptS3Location + - ExecutablePath + - TimeoutInSeconds + Arn: + type: string + Tag: + type: object + additionalProperties: false + properties: + Value: + type: string + Key: + type: string + required: + - Value + - Key + PackagingType: + type: string + AppBlock: + type: object + properties: + Name: + type: string + Arn: + $ref: '#/components/schemas/Arn' + Description: + type: string + DisplayName: + type: string + SourceS3Location: + $ref: '#/components/schemas/S3Location' + SetupScriptDetails: + $ref: '#/components/schemas/ScriptDetails' + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + CreatedTime: + type: string + PackagingType: + $ref: '#/components/schemas/PackagingType' + PostSetupScriptDetails: + $ref: '#/components/schemas/ScriptDetails' + required: + - Name + - SourceS3Location + x-stackql-resource-name: app_block + description: Resource Type definition for AWS::AppStream::AppBlock + x-type-name: AWS::AppStream::AppBlock + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - DisplayName + - Description + - SourceS3Location + - SetupScriptDetails + - PackagingType + - PostSetupScriptDetails + x-write-only-properties: + - Tags + x-read-only-properties: + - Arn + - CreatedTime + x-required-properties: + - Name + - SourceS3Location + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - appstream:CreateAppBlock + - appstream:TagResource + - s3:GetObject + - s3:ListBucket + - s3:GetBucketOwnershipControls + read: + - appstream:DescribeAppBlocks + delete: + - appstream:DeleteAppBlock + PlatformType: + type: string + AccessEndpoint: + type: object + additionalProperties: false + properties: + EndpointType: + type: string + VpceId: + type: string + required: + - EndpointType + - VpceId + VpcConfig: + type: object + additionalProperties: false + properties: + SecurityGroupIds: + type: array + uniqueItems: false + items: + type: string + SubnetIds: + type: array + uniqueItems: false + items: + type: string + AppBlockBuilder: + type: object + properties: + Name: + type: string + Arn: + $ref: '#/components/schemas/Arn' + Description: + type: string + DisplayName: + type: string + Platform: + $ref: '#/components/schemas/PlatformType' + AccessEndpoints: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/AccessEndpoint' + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + VpcConfig: + $ref: '#/components/schemas/VpcConfig' + EnableDefaultInternetAccess: + type: boolean + IamRoleArn: + type: string + CreatedTime: + type: string + InstanceType: + type: string + AppBlockArns: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Arn' + required: + - Name + - Platform + - InstanceType + - VpcConfig + x-stackql-resource-name: app_block_builder + description: Resource Type definition for AWS::AppStream::AppBlockBuilder. + x-type-name: AWS::AppStream::AppBlockBuilder + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-write-only-properties: + - Tags + - AppBlockArns + x-read-only-properties: + - Arn + - CreatedTime + x-required-properties: + - Name + - Platform + - InstanceType + - VpcConfig + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - appstream:CreateAppBlockBuilder + - appstream:DescribeAppBlockBuilders + - appstream:StartAppBlockBuilder + - appstream:AssociateAppBlockBuilderAppBlock + - appstream:DescribeAppBlockBuilderAppBlockAssociations + - appstream:TagResource + - iam:PassRole + read: + - appstream:DescribeAppBlockBuilders + update: + - appstream:UpdateAppBlockBuilder + - appstream:DescribeAppBlockBuilders + - appstream:StartAppBlockBuilder + - appstream:StopAppBlockBuilder + - appstream:AssociateAppBlockBuilderAppBlock + - appstream:DisassociateAppBlockBuilderAppBlock + - appstream:DescribeAppBlockBuilderAppBlockAssociations + - appstream:ListTagsForResource + - appstream:TagResource + - appstream:UntagResource + - iam:PassRole + delete: + - appstream:DescribeAppBlockBuilders + - appstream:DeleteAppBlockBuilder + - appstream:DisassociateAppBlockBuilderAppBlock + - appstream:DescribeAppBlockBuilderAppBlockAssociations + list: + - appstream:DescribeAppBlockBuilders + ApplicationAttribute: + type: string + Application: + type: object + properties: + Name: + type: string + DisplayName: + type: string + Description: + type: string + LaunchPath: + type: string + LaunchParameters: + type: string + WorkingDirectory: + type: string + InstanceFamilies: + type: array + uniqueItems: true + items: + type: string + x-insertionOrder: false + IconS3Location: + $ref: '#/components/schemas/S3Location' + Arn: + $ref: '#/components/schemas/Arn' + AppBlockArn: + $ref: '#/components/schemas/Arn' + Platforms: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/PlatformType' + x-insertionOrder: false + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + AttributesToDelete: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/ApplicationAttribute' + x-insertionOrder: false + CreatedTime: + type: string + required: + - Name + - IconS3Location + - LaunchPath + - Platforms + - InstanceFamilies + - AppBlockArn + x-stackql-resource-name: application + description: Resource Type definition for AWS::AppStream::Application + x-type-name: AWS::AppStream::Application + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - InstanceFamilies + - Platforms + x-write-only-properties: + - Tags + - AttributesToDelete + x-read-only-properties: + - Arn + - CreatedTime + x-required-properties: + - Name + - IconS3Location + - LaunchPath + - Platforms + - InstanceFamilies + - AppBlockArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - s3:GetObject + - appstream:CreateApplication + - appstream:TagResource + read: + - appstream:DescribeApplications + update: + - appstream:UpdateApplication + - s3:GetObject + delete: + - appstream:DeleteApplication + ApplicationEntitlementAssociation: + type: object + properties: + StackName: + type: string + EntitlementName: + type: string + ApplicationIdentifier: + type: string + required: + - StackName + - EntitlementName + - ApplicationIdentifier + x-stackql-resource-name: application_entitlement_association + description: Resource Type definition for AWS::AppStream::ApplicationEntitlementAssociation + x-type-name: AWS::AppStream::ApplicationEntitlementAssociation + x-stackql-primary-identifier: + - StackName + - EntitlementName + - ApplicationIdentifier + x-create-only-properties: + - StackName + - EntitlementName + - ApplicationIdentifier + x-required-properties: + - StackName + - EntitlementName + - ApplicationIdentifier + x-tagging: + taggable: false + x-required-permissions: + create: + - appstream:AssociateApplicationToEntitlement + - appstream:ListEntitledApplications + read: + - appstream:ListEntitledApplications + delete: + - appstream:DisassociateApplicationFromEntitlement + - appstream:ListEntitledApplications + ApplicationFleetAssociation: + type: object + properties: + FleetName: + type: string + ApplicationArn: + $ref: '#/components/schemas/Arn' + required: + - FleetName + - ApplicationArn + x-stackql-resource-name: application_fleet_association + description: Resource Type definition for AWS::AppStream::ApplicationFleetAssociation + x-type-name: AWS::AppStream::ApplicationFleetAssociation + x-stackql-primary-identifier: + - FleetName + - ApplicationArn + x-create-only-properties: + - FleetName + - ApplicationArn + x-required-properties: + - FleetName + - ApplicationArn + x-tagging: + taggable: false + x-required-permissions: + create: + - appstream:AssociateApplicationFleet + - appstream:DescribeApplicationFleetAssociations + read: + - appstream:DescribeApplicationFleetAssociations + delete: + - appstream:DisassociateApplicationFleet + - appstream:DescribeApplicationFleetAssociations + ServiceAccountCredentials: + type: object + additionalProperties: false + properties: + AccountName: + type: string + AccountPassword: + type: string + required: + - AccountName + - AccountPassword + CertificateBasedAuthProperties: + type: object + additionalProperties: false + properties: + Status: + type: string + CertificateAuthorityArn: + type: string + DirectoryConfig: + type: object + properties: + OrganizationalUnitDistinguishedNames: + type: array + uniqueItems: false + items: + type: string + ServiceAccountCredentials: + $ref: '#/components/schemas/ServiceAccountCredentials' + DirectoryName: + type: string + CertificateBasedAuthProperties: + $ref: '#/components/schemas/CertificateBasedAuthProperties' + required: + - DirectoryName + - OrganizationalUnitDistinguishedNames + - ServiceAccountCredentials + x-stackql-resource-name: directory_config + description: Resource Type definition for AWS::AppStream::DirectoryConfig + x-type-name: AWS::AppStream::DirectoryConfig + x-stackql-primary-identifier: + - DirectoryName + x-create-only-properties: + - DirectoryName + x-write-only-properties: + - ServiceAccountCredentials/AccountPassword + x-required-properties: + - DirectoryName + - OrganizationalUnitDistinguishedNames + - ServiceAccountCredentials + x-tagging: + taggable: false + x-required-permissions: + create: + - appstream:CreateDirectoryConfig + - appstream:DeleteDirectoryConfig + - appstream:DescribeDirectoryConfigs + - appstream:UpdateDirectoryConfig + - iam:CreateServiceLinkedRole + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + update: + - appstream:CreateDirectoryConfig + - appstream:DeleteDirectoryConfig + - appstream:DescribeDirectoryConfigs + - appstream:UpdateDirectoryConfig + - iam:CreateServiceLinkedRole + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + read: + - appstream:CreateDirectoryConfig + - appstream:DeleteDirectoryConfig + - appstream:DescribeDirectoryConfigs + - appstream:UpdateDirectoryConfig + - iam:CreateServiceLinkedRole + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + delete: + - appstream:CreateDirectoryConfig + - appstream:DeleteDirectoryConfig + - appstream:DescribeDirectoryConfigs + - appstream:UpdateDirectoryConfig + - iam:CreateServiceLinkedRole + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + list: + - appstream:CreateDirectoryConfig + - appstream:DeleteDirectoryConfig + - appstream:DescribeDirectoryConfigs + - appstream:UpdateDirectoryConfig + - iam:CreateServiceLinkedRole + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + Attribute: + type: object + properties: + Name: + type: string + Value: + type: string + required: + - Name + - Value + additionalProperties: false + Entitlement: + type: object + properties: + Name: + type: string + StackName: + type: string + Description: + type: string + AppVisibility: + type: string + Attributes: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Attribute' + CreatedTime: + type: string + LastModifiedTime: + type: string + required: + - Name + - StackName + - AppVisibility + - Attributes + x-stackql-resource-name: entitlement + description: Resource Type definition for AWS::AppStream::Entitlement + x-type-name: AWS::AppStream::Entitlement + x-stackql-primary-identifier: + - StackName + - Name + x-create-only-properties: + - Name + - StackName + x-read-only-properties: + - CreatedTime + - LastModifiedTime + x-required-properties: + - Name + - StackName + - AppVisibility + - Attributes + x-tagging: + taggable: false + x-required-permissions: + create: + - appstream:CreateEntitlement + read: + - appstream:DescribeEntitlements + update: + - appstream:UpdateEntitlement + delete: + - appstream:DeleteEntitlement + DomainJoinInfo: + type: object + additionalProperties: false + properties: + OrganizationalUnitDistinguishedName: + type: string + DirectoryName: + type: string + ImageBuilder: + type: object + properties: + Description: + type: string + VpcConfig: + $ref: '#/components/schemas/VpcConfig' + EnableDefaultInternetAccess: + type: boolean + DomainJoinInfo: + $ref: '#/components/schemas/DomainJoinInfo' + AppstreamAgentVersion: + type: string + Name: + type: string + ImageName: + type: string + DisplayName: + type: string + IamRoleArn: + type: string + InstanceType: + type: string + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + StreamingUrl: + type: string + ImageArn: + type: string + AccessEndpoints: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/AccessEndpoint' + required: + - InstanceType + - Name + x-stackql-resource-name: image_builder + description: Resource Type definition for AWS::AppStream::ImageBuilder + x-type-name: AWS::AppStream::ImageBuilder + x-stackql-primary-identifier: + - Name + x-read-only-properties: + - StreamingUrl + x-required-properties: + - InstanceType + - Name + x-tagging: + taggable: false + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - appstream:CreateImageBuilder + - appstream:CreateImageBuilderStreamingURL + - appstream:CreateStreamingURL + - appstream:DeleteImageBuilder + - appstream:DescribeImageBuilders + - appstream:StartImageBuilder + - appstream:StopImageBuilder + - iam:CreateServiceLinkedRole + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + read: + - appstream:CreateImageBuilder + - appstream:CreateImageBuilderStreamingURL + - appstream:CreateStreamingURL + - appstream:DeleteImageBuilder + - appstream:DescribeImageBuilders + - appstream:StartImageBuilder + - appstream:StopImageBuilder + - iam:CreateServiceLinkedRole + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + delete: + - appstream:CreateImageBuilder + - appstream:CreateImageBuilderStreamingURL + - appstream:CreateStreamingURL + - appstream:DeleteImageBuilder + - appstream:DescribeImageBuilders + - appstream:StartImageBuilder + - appstream:StopImageBuilder + - iam:CreateServiceLinkedRole + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + list: + - appstream:CreateImageBuilder + - appstream:CreateImageBuilderStreamingURL + - appstream:CreateStreamingURL + - appstream:DeleteImageBuilder + - appstream:DescribeImageBuilders + - appstream:StartImageBuilder + - appstream:StopImageBuilder + - iam:CreateServiceLinkedRole + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + x-stackQL-resources: + app_block: + name: app_block + id: aws.appstream.app_block + x-cfn-schema-name: AppBlock + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.SourceS3Location') as source_s3_location, + JSON_EXTRACT(Properties, '$.SetupScriptDetails') as setup_script_details, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.PackagingType') as packaging_type, + JSON_EXTRACT(Properties, '$.PostSetupScriptDetails') as post_setup_script_details + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::AppBlock' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'SourceS3Location') as source_s3_location, + json_extract_path_text(Properties, 'SetupScriptDetails') as setup_script_details, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'PackagingType') as packaging_type, + json_extract_path_text(Properties, 'PostSetupScriptDetails') as post_setup_script_details + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::AppBlock' + AND data__Identifier = '' + AND region = 'us-east-1' + app_block_builders: + name: app_block_builders + id: aws.appstream.app_block_builders + x-cfn-schema-name: AppBlockBuilder + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppStream::AppBlockBuilder' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppStream::AppBlockBuilder' + AND region = 'us-east-1' + app_block_builder: + name: app_block_builder + id: aws.appstream.app_block_builder + x-cfn-schema-name: AppBlockBuilder + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.Platform') as platform, + JSON_EXTRACT(Properties, '$.AccessEndpoints') as access_endpoints, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VpcConfig') as vpc_config, + JSON_EXTRACT(Properties, '$.EnableDefaultInternetAccess') as enable_default_internet_access, + JSON_EXTRACT(Properties, '$.IamRoleArn') as iam_role_arn, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.InstanceType') as instance_type, + JSON_EXTRACT(Properties, '$.AppBlockArns') as app_block_arns + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::AppBlockBuilder' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'Platform') as platform, + json_extract_path_text(Properties, 'AccessEndpoints') as access_endpoints, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VpcConfig') as vpc_config, + json_extract_path_text(Properties, 'EnableDefaultInternetAccess') as enable_default_internet_access, + json_extract_path_text(Properties, 'IamRoleArn') as iam_role_arn, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'InstanceType') as instance_type, + json_extract_path_text(Properties, 'AppBlockArns') as app_block_arns + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::AppBlockBuilder' + AND data__Identifier = '' + AND region = 'us-east-1' + application: + name: application + id: aws.appstream.application + x-cfn-schema-name: Application + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.LaunchPath') as launch_path, + JSON_EXTRACT(Properties, '$.LaunchParameters') as launch_parameters, + JSON_EXTRACT(Properties, '$.WorkingDirectory') as working_directory, + JSON_EXTRACT(Properties, '$.InstanceFamilies') as instance_families, + JSON_EXTRACT(Properties, '$.IconS3Location') as icon_s3_location, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AppBlockArn') as app_block_arn, + JSON_EXTRACT(Properties, '$.Platforms') as platforms, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AttributesToDelete') as attributes_to_delete, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'LaunchPath') as launch_path, + json_extract_path_text(Properties, 'LaunchParameters') as launch_parameters, + json_extract_path_text(Properties, 'WorkingDirectory') as working_directory, + json_extract_path_text(Properties, 'InstanceFamilies') as instance_families, + json_extract_path_text(Properties, 'IconS3Location') as icon_s3_location, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AppBlockArn') as app_block_arn, + json_extract_path_text(Properties, 'Platforms') as platforms, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AttributesToDelete') as attributes_to_delete, + json_extract_path_text(Properties, 'CreatedTime') as created_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + application_entitlement_association: + name: application_entitlement_association + id: aws.appstream.application_entitlement_association + x-cfn-schema-name: ApplicationEntitlementAssociation + x-type: get + x-identifiers: + - StackName + - EntitlementName + - ApplicationIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.StackName') as stack_name, + JSON_EXTRACT(Properties, '$.EntitlementName') as entitlement_name, + JSON_EXTRACT(Properties, '$.ApplicationIdentifier') as application_identifier + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::ApplicationEntitlementAssociation' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'StackName') as stack_name, + json_extract_path_text(Properties, 'EntitlementName') as entitlement_name, + json_extract_path_text(Properties, 'ApplicationIdentifier') as application_identifier + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::ApplicationEntitlementAssociation' + AND data__Identifier = '||' + AND region = 'us-east-1' + application_fleet_association: + name: application_fleet_association + id: aws.appstream.application_fleet_association + x-cfn-schema-name: ApplicationFleetAssociation + x-type: get + x-identifiers: + - FleetName + - ApplicationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FleetName') as fleet_name, + JSON_EXTRACT(Properties, '$.ApplicationArn') as application_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::ApplicationFleetAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FleetName') as fleet_name, + json_extract_path_text(Properties, 'ApplicationArn') as application_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::ApplicationFleetAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + directory_configs: + name: directory_configs + id: aws.appstream.directory_configs + x-cfn-schema-name: DirectoryConfig + x-type: list + x-identifiers: + - DirectoryName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DirectoryName') as directory_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppStream::DirectoryConfig' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DirectoryName') as directory_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppStream::DirectoryConfig' + AND region = 'us-east-1' + directory_config: + name: directory_config + id: aws.appstream.directory_config + x-cfn-schema-name: DirectoryConfig + x-type: get + x-identifiers: + - DirectoryName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.OrganizationalUnitDistinguishedNames') as organizational_unit_distinguished_names, + JSON_EXTRACT(Properties, '$.ServiceAccountCredentials') as service_account_credentials, + JSON_EXTRACT(Properties, '$.DirectoryName') as directory_name, + JSON_EXTRACT(Properties, '$.CertificateBasedAuthProperties') as certificate_based_auth_properties + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::DirectoryConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'OrganizationalUnitDistinguishedNames') as organizational_unit_distinguished_names, + json_extract_path_text(Properties, 'ServiceAccountCredentials') as service_account_credentials, + json_extract_path_text(Properties, 'DirectoryName') as directory_name, + json_extract_path_text(Properties, 'CertificateBasedAuthProperties') as certificate_based_auth_properties + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::DirectoryConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + entitlement: + name: entitlement + id: aws.appstream.entitlement + x-cfn-schema-name: Entitlement + x-type: get + x-identifiers: + - StackName + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.StackName') as stack_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.AppVisibility') as app_visibility, + JSON_EXTRACT(Properties, '$.Attributes') as attributes, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::Entitlement' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'StackName') as stack_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'AppVisibility') as app_visibility, + json_extract_path_text(Properties, 'Attributes') as attributes, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::Entitlement' + AND data__Identifier = '|' + AND region = 'us-east-1' + image_builders: + name: image_builders + id: aws.appstream.image_builders + x-cfn-schema-name: ImageBuilder + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppStream::ImageBuilder' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppStream::ImageBuilder' + AND region = 'us-east-1' + image_builder: + name: image_builder + id: aws.appstream.image_builder + x-cfn-schema-name: ImageBuilder + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.VpcConfig') as vpc_config, + JSON_EXTRACT(Properties, '$.EnableDefaultInternetAccess') as enable_default_internet_access, + JSON_EXTRACT(Properties, '$.DomainJoinInfo') as domain_join_info, + JSON_EXTRACT(Properties, '$.AppstreamAgentVersion') as appstream_agent_version, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ImageName') as image_name, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.IamRoleArn') as iam_role_arn, + JSON_EXTRACT(Properties, '$.InstanceType') as instance_type, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.StreamingUrl') as streaming_url, + JSON_EXTRACT(Properties, '$.ImageArn') as image_arn, + JSON_EXTRACT(Properties, '$.AccessEndpoints') as access_endpoints + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::ImageBuilder' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'VpcConfig') as vpc_config, + json_extract_path_text(Properties, 'EnableDefaultInternetAccess') as enable_default_internet_access, + json_extract_path_text(Properties, 'DomainJoinInfo') as domain_join_info, + json_extract_path_text(Properties, 'AppstreamAgentVersion') as appstream_agent_version, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ImageName') as image_name, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'IamRoleArn') as iam_role_arn, + json_extract_path_text(Properties, 'InstanceType') as instance_type, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'StreamingUrl') as streaming_url, + json_extract_path_text(Properties, 'ImageArn') as image_arn, + json_extract_path_text(Properties, 'AccessEndpoints') as access_endpoints + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppStream::ImageBuilder' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/appsync.yaml b/providers/src/aws/v00.00.00000/services/appsync.yaml new file mode 100644 index 00000000..000d2561 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/appsync.yaml @@ -0,0 +1,846 @@ +openapi: 3.0.0 +info: + title: AppSync + version: 1.0.0 +paths: {} +components: + schemas: + DomainName: + type: object + properties: + DomainName: + type: string + minLength: 1 + maxLength: 253 + pattern: ^(\*[a-z\d-]*\.)?([a-z\d-]+\.)+[a-z\d-]+$ + Description: + type: string + minLength: 0 + maxLength: 255 + CertificateArn: + type: string + minLength: 3 + maxLength: 2048 + pattern: ^arn:[a-z-]*:acm:[a-z0-9-]*:\d{12}:certificate/[0-9A-Za-z_/-]*$ + AppSyncDomainName: + type: string + HostedZoneId: + type: string + required: + - DomainName + - CertificateArn + x-stackql-resource-name: domain_name + description: Resource Type definition for AWS::AppSync::DomainName + x-type-name: AWS::AppSync::DomainName + x-stackql-primary-identifier: + - DomainName + x-create-only-properties: + - DomainName + - CertificateArn + x-read-only-properties: + - AppSyncDomainName + - HostedZoneId + x-required-properties: + - DomainName + - CertificateArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - appsync:CreateDomainName + - appsync:GetDomainName + - acm:DescribeCertificate + - cloudfront:UpdateDistribution + delete: + - appsync:GetDomainName + - appsync:DeleteDomainName + update: + - appsync:UpdateDomainName + read: + - appsync:GetDomainName + list: + - appsync:ListDomainNames + DomainNameApiAssociation: + type: object + properties: + DomainName: + type: string + minLength: 1 + maxLength: 253 + pattern: ^(\*[a-z\d-]*\.)?([a-z\d-]+\.)+[a-z\d-]+$ + ApiId: + type: string + ApiAssociationIdentifier: + type: string + required: + - DomainName + - ApiId + x-stackql-resource-name: domain_name_api_association + description: Resource Type definition for AWS::AppSync::DomainNameApiAssociation + x-type-name: AWS::AppSync::DomainNameApiAssociation + x-stackql-primary-identifier: + - ApiAssociationIdentifier + x-create-only-properties: + - DomainName + x-read-only-properties: + - ApiAssociationIdentifier + x-required-properties: + - DomainName + - ApiId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - appsync:AssociateApi + - appsync:GetApiAssociation + delete: + - appsync:DisassociateApi + - appsync:GetApiAssociation + update: + - appsync:AssociateApi + - appsync:GetApiAssociation + read: + - appsync:GetApiAssociation + AppSyncRuntime: + type: object + additionalProperties: false + properties: + RuntimeVersion: + type: string + description: The ``version`` of the runtime to use. Currently, the only allowed version is ``1.0.0``. + Name: + type: string + description: The ``name`` of the runtime to use. Currently, the only allowed value is ``APPSYNC_JS``. + required: + - RuntimeVersion + - Name + description: Describes a runtime used by an APSYlong resolver or APSYlong function. Specifies the name and version of the runtime to use. Note that if a runtime is specified, code must also be specified. + SyncConfig: + type: object + additionalProperties: false + properties: + ConflictHandler: + type: string + description: |- + The Conflict Resolution strategy to perform in the event of a conflict. + + *OPTIMISTIC_CONCURRENCY*: Resolve conflicts by rejecting mutations when versions don't match the latest version at the server. + + *AUTOMERGE*: Resolve conflicts with the Automerge conflict resolution strategy. + + *LAMBDA*: Resolve conflicts with an LAMlong function supplied in the ``LambdaConflictHandlerConfig``. + ConflictDetection: + type: string + description: |- + The Conflict Detection strategy to use. + + *VERSION*: Detect conflicts based on object versions for this resolver. + + *NONE*: Do not detect conflicts when invoking this resolver. + LambdaConflictHandlerConfig: + $ref: '#/components/schemas/LambdaConflictHandlerConfig' + description: The ``LambdaConflictHandlerConfig`` when configuring ``LAMBDA`` as the Conflict Handler. + required: + - ConflictDetection + description: |- + Describes a Sync configuration for a resolver. + Specifies which Conflict Detection strategy and Resolution strategy to use when the resolver is invoked. + LambdaConflictHandlerConfig: + type: object + description: The ``LambdaConflictHandlerConfig`` when configuring LAMBDA as the Conflict Handler. + additionalProperties: false + properties: + LambdaConflictHandlerArn: + type: string + description: The Amazon Resource Name (ARN) for the Lambda function to use as the Conflict Handler. + FunctionConfiguration: + type: object + properties: + FunctionId: + description: The unique identifier for the function generated by the service + type: string + FunctionArn: + description: The ARN for the function generated by the service + type: string + ApiId: + description: The AWS AppSync GraphQL API that you want to attach using this function. + type: string + Code: + description: The resolver code that contains the request and response functions. When code is used, the runtime is required. The runtime value must be APPSYNC_JS. + type: string + CodeS3Location: + description: The Amazon S3 endpoint (where the code is located??). + type: string + DataSourceName: + description: The name of data source this function will attach. + type: string + Description: + description: The function description. + type: string + FunctionVersion: + description: The version of the request mapping template. Currently, only the 2018-05-29 version of the template is supported. + type: string + MaxBatchSize: + description: The maximum number of resolver request inputs that will be sent to a single AWS Lambda function in a BatchInvoke operation. + type: integer + Name: + description: The name of the function. + type: string + RequestMappingTemplate: + description: The Function request mapping template. Functions support only the 2018-05-29 version of the request mapping template. + type: string + RequestMappingTemplateS3Location: + description: Describes a Sync configuration for a resolver. Contains information on which Conflict Detection, as well as Resolution strategy, should be performed when the resolver is invoked. + type: string + ResponseMappingTemplate: + description: The Function response mapping template. + type: string + ResponseMappingTemplateS3Location: + description: The location of a response mapping template in an Amazon S3 bucket. Use this if you want to provision with a template file in Amazon S3 rather than embedding it in your CloudFormation template. + type: string + Runtime: + description: Describes a runtime used by an AWS AppSync pipeline resolver or AWS AppSync function. Specifies the name and version of the runtime to use. Note that if a runtime is specified, code must also be specified. + $ref: '#/components/schemas/AppSyncRuntime' + SyncConfig: + description: Describes a Sync configuration for a resolver. Specifies which Conflict Detection strategy and Resolution strategy to use when the resolver is invoked. + $ref: '#/components/schemas/SyncConfig' + required: + - ApiId + - DataSourceName + - Name + x-stackql-resource-name: function_configuration + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::AppSync::FunctionConfiguration + x-stackql-primary-identifier: + - FunctionArn + x-create-only-properties: + - ApiId + x-write-only-properties: + - CodeS3Location + - ResponseMappingTemplateS3Location + - RequestMappingTemplateS3Location + x-read-only-properties: + - FunctionArn + - FunctionId + x-required-properties: + - ApiId + - DataSourceName + - Name + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - s3:GetObject + - appsync:CreateFunction + read: + - appsync:GetFunction + update: + - s3:GetObject + - appsync:UpdateFunction + delete: + - appsync:DeleteFunction + list: + - appsync:ListFunctions + PipelineConfig: + type: object + additionalProperties: false + properties: + Functions: + type: array + description: A list of ``Function`` objects. + uniqueItems: false + x-insertionOrder: false + items: + type: string + description: |- + Use the ``PipelineConfig`` property type to specify ``PipelineConfig`` for an APSYlong resolver. + ``PipelineConfig`` is a property of the [AWS::AppSync::Resolver](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html) resource. + CachingConfig: + type: object + additionalProperties: false + properties: + CachingKeys: + type: array + description: |- + The caching keys for a resolver that has caching activated. + Valid values are entries from the ``$context.arguments``, ``$context.source``, and ``$context.identity`` maps. + uniqueItems: false + x-insertionOrder: false + items: + type: string + Ttl: + type: number + description: |- + The TTL in seconds for a resolver that has caching activated. + Valid values are 1–3,600 seconds. + required: + - Ttl + description: The caching configuration for a resolver that has caching activated. + Resolver: + type: object + properties: + ApiId: + type: string + description: The APSYlong GraphQL API to which you want to attach this resolver. + CachingConfig: + $ref: '#/components/schemas/CachingConfig' + description: The caching configuration for the resolver. + Code: + type: string + description: The ``resolver`` code that contains the request and response functions. When code is used, the ``runtime`` is required. The runtime value must be ``APPSYNC_JS``. + CodeS3Location: + type: string + description: The Amazon S3 endpoint. + DataSourceName: + type: string + description: The resolver data source name. + FieldName: + type: string + description: The GraphQL field on a type that invokes the resolver. + Kind: + type: string + description: |- + The resolver type. + + *UNIT*: A UNIT resolver type. A UNIT resolver is the default resolver type. You can use a UNIT resolver to run a GraphQL query against a single data source. + + *PIPELINE*: A PIPELINE resolver type. You can use a PIPELINE resolver to invoke a series of ``Function`` objects in a serial manner. You can use a pipeline resolver to run a GraphQL query against multiple data sources. + MaxBatchSize: + type: integer + description: The maximum number of resolver request inputs that will be sent to a single LAMlong function in a ``BatchInvoke`` operation. + PipelineConfig: + $ref: '#/components/schemas/PipelineConfig' + description: Functions linked with the pipeline resolver. + RequestMappingTemplate: + type: string + description: |- + The request mapping template. + Request mapping templates are optional when using a Lambda data source. For all other data sources, a request mapping template is required. + RequestMappingTemplateS3Location: + type: string + description: The location of a request mapping template in an S3 bucket. Use this if you want to provision with a template file in S3 rather than embedding it in your CFNshort template. + ResolverArn: + type: string + description: '' + ResponseMappingTemplate: + type: string + description: The response mapping template. + ResponseMappingTemplateS3Location: + type: string + description: The location of a response mapping template in an S3 bucket. Use this if you want to provision with a template file in S3 rather than embedding it in your CFNshort template. + Runtime: + $ref: '#/components/schemas/AppSyncRuntime' + description: Describes a runtime used by an APSYlong resolver or APSYlong function. Specifies the name and version of the runtime to use. Note that if a runtime is specified, code must also be specified. + SyncConfig: + $ref: '#/components/schemas/SyncConfig' + description: The ``SyncConfig`` for a resolver attached to a versioned data source. + TypeName: + type: string + description: The GraphQL type that invokes this resolver. + MetricsConfig: + type: string + description: Enables or disables enhanced resolver metrics for specified resolvers. Note that ``MetricsConfig`` won't be used unless the ``resolverLevelMetricsBehavior`` value is set to ``PER_RESOLVER_METRICS``. If the ``resolverLevelMetricsBehavior`` is set to ``FULL_REQUEST_RESOLVER_METRICS`` instead, ``MetricsConfig`` will be ignored. However, you can still set its value. + enum: + - ENABLED + - DISABLED + required: + - TypeName + - ApiId + - FieldName + x-stackql-resource-name: resolver + description: |- + The ``AWS::AppSync::Resolver`` resource defines the logical GraphQL resolver that you attach to fields in a schema. Request and response templates for resolvers are written in Apache Velocity Template Language (VTL) format. For more information about resolvers, see [Resolver Mapping Template Reference](https://docs.aws.amazon.com/appsync/latest/devguide/resolver-mapping-template-reference.html). + When you submit an update, CFNLong updates resources based on differences between what you submit and the stack's current template. To cause this resource to be updated you must change a property value for this resource in the CFNshort template. Changing the S3 file content without changing a property value will not result in an update operation. + See [Update Behaviors of Stack Resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html) in the *User Guide*. + x-type-name: AWS::AppSync::Resolver + x-stackql-primary-identifier: + - ResolverArn + x-create-only-properties: + - ApiId + - FieldName + - TypeName + x-write-only-properties: + - RequestMappingTemplateS3Location + - ResponseMappingTemplateS3Location + - CodeS3Location + x-read-only-properties: + - ResolverArn + x-required-properties: + - TypeName + - ApiId + - FieldName + x-tagging: + taggable: false + x-required-permissions: + create: + - s3:GetObject + - appsync:CreateResolver + - appsync:GetResolver + read: + - appsync:GetResolver + update: + - s3:GetObject + - appsync:UpdateResolver + delete: + - appsync:DeleteResolver + list: + - appsync:ListResolvers + SourceApiAssociationConfig: + properties: + MergeType: + description: Configuration of the merged behavior for the association. For example when it could be auto or has to be manual. + type: string + enum: + - AUTO_MERGE + - MANUAL_MERGE + additionalProperties: false + SourceApiAssociation: + type: object + properties: + SourceApiIdentifier: + description: Identifier of the Source GraphQLApi to associate. It could be either GraphQLApi ApiId or ARN + type: string + MergedApiIdentifier: + description: Identifier of the Merged GraphQLApi to associate. It could be either GraphQLApi ApiId or ARN + type: string + Description: + description: Description of the SourceApiAssociation. + type: string + SourceApiAssociationConfig: + description: Customized configuration for SourceApiAssociation. + $ref: '#/components/schemas/SourceApiAssociationConfig' + AssociationId: + description: Id of the SourceApiAssociation. + type: string + AssociationArn: + description: ARN of the SourceApiAssociation. + type: string + SourceApiId: + description: GraphQLApiId of the source API in the association. + type: string + SourceApiArn: + description: ARN of the source API in the association. + type: string + pattern: ^arn:aws(-(cn|us-gov))?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ + MergedApiId: + description: GraphQLApiId of the Merged API in the association. + type: string + MergedApiArn: + description: ARN of the Merged API in the association. + type: string + pattern: ^arn:aws(-(cn|us-gov))?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ + SourceApiAssociationStatus: + description: Current status of SourceApiAssociation. + type: string + enum: + - MERGE_SCHEDULED + - MERGE_FAILED + - MERGE_SUCCESS + - MERGE_IN_PROGRESS + - AUTO_MERGE_SCHEDULE_FAILED + - DELETION_SCHEDULED + - DELETION_IN_PROGRESS + - DELETION_FAILED + SourceApiAssociationStatusDetail: + description: Current SourceApiAssociation status details. + type: string + LastSuccessfulMergeDate: + description: Date of last schema successful merge. + type: string + format: date-time + x-stackql-resource-name: source_api_association + description: Resource Type definition for AWS::AppSync::SourceApiAssociation + x-type-name: AWS::AppSync::SourceApiAssociation + x-stackql-primary-identifier: + - AssociationArn + x-stackql-additional-identifiers: + - - SourceApiIdentifier + - MergedApiIdentifier + x-create-only-properties: + - SourceApiIdentifier + - MergedApiIdentifier + x-write-only-properties: + - SourceApiIdentifier + - MergedApiIdentifier + x-read-only-properties: + - AssociationId + - AssociationArn + - SourceApiId + - SourceApiArn + - MergedApiId + - MergedApiArn + - SourceApiAssociationStatus + - SourceApiAssociationStatusDetail + - LastSuccessfulMergeDate + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - appsync:AssociateSourceGraphqlApi + - appsync:AssociateMergedGraphqlApi + - appsync:GetSourceApiAssociation + read: + - appsync:GetSourceApiAssociation + - appsync:ListSourceApiAssociations + update: + - appsync:GetSourceApiAssociation + - appsync:UpdateSourceApiAssociation + - appsync:GetSourceApiAssociation + delete: + - appsync:GetSourceApiAssociation + - appsync:DisassociateSourceGraphqlApi + - appsync:DisassociateMergedGraphqlApi + - appsync:ListSourceApiAssociations + list: + - appsync:ListSourceApiAssociations + x-stackQL-resources: + domain_names: + name: domain_names + id: aws.appsync.domain_names + x-cfn-schema-name: DomainName + x-type: list + x-identifiers: + - DomainName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::DomainName' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainName') as domain_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::DomainName' + AND region = 'us-east-1' + domain_name: + name: domain_name + id: aws.appsync.domain_name + x-cfn-schema-name: DomainName + x-type: get + x-identifiers: + - DomainName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.CertificateArn') as certificate_arn, + JSON_EXTRACT(Properties, '$.AppSyncDomainName') as app_sync_domain_name, + JSON_EXTRACT(Properties, '$.HostedZoneId') as hosted_zone_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::DomainName' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'CertificateArn') as certificate_arn, + json_extract_path_text(Properties, 'AppSyncDomainName') as app_sync_domain_name, + json_extract_path_text(Properties, 'HostedZoneId') as hosted_zone_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::DomainName' + AND data__Identifier = '' + AND region = 'us-east-1' + domain_name_api_association: + name: domain_name_api_association + id: aws.appsync.domain_name_api_association + x-cfn-schema-name: DomainNameApiAssociation + x-type: get + x-identifiers: + - ApiAssociationIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.ApiAssociationIdentifier') as api_association_identifier + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::DomainNameApiAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'ApiAssociationIdentifier') as api_association_identifier + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::DomainNameApiAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + function_configurations: + name: function_configurations + id: aws.appsync.function_configurations + x-cfn-schema-name: FunctionConfiguration + x-type: list + x-identifiers: + - FunctionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FunctionArn') as function_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::FunctionConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FunctionArn') as function_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::FunctionConfiguration' + AND region = 'us-east-1' + function_configuration: + name: function_configuration + id: aws.appsync.function_configuration + x-cfn-schema-name: FunctionConfiguration + x-type: get + x-identifiers: + - FunctionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FunctionId') as function_id, + JSON_EXTRACT(Properties, '$.FunctionArn') as function_arn, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.Code') as code, + JSON_EXTRACT(Properties, '$.CodeS3Location') as code_s3_location, + JSON_EXTRACT(Properties, '$.DataSourceName') as data_source_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.FunctionVersion') as function_version, + JSON_EXTRACT(Properties, '$.MaxBatchSize') as max_batch_size, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RequestMappingTemplate') as request_mapping_template, + JSON_EXTRACT(Properties, '$.RequestMappingTemplateS3Location') as request_mapping_template_s3_location, + JSON_EXTRACT(Properties, '$.ResponseMappingTemplate') as response_mapping_template, + JSON_EXTRACT(Properties, '$.ResponseMappingTemplateS3Location') as response_mapping_template_s3_location, + JSON_EXTRACT(Properties, '$.Runtime') as runtime, + JSON_EXTRACT(Properties, '$.SyncConfig') as sync_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::FunctionConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FunctionId') as function_id, + json_extract_path_text(Properties, 'FunctionArn') as function_arn, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'Code') as code, + json_extract_path_text(Properties, 'CodeS3Location') as code_s3_location, + json_extract_path_text(Properties, 'DataSourceName') as data_source_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'FunctionVersion') as function_version, + json_extract_path_text(Properties, 'MaxBatchSize') as max_batch_size, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RequestMappingTemplate') as request_mapping_template, + json_extract_path_text(Properties, 'RequestMappingTemplateS3Location') as request_mapping_template_s3_location, + json_extract_path_text(Properties, 'ResponseMappingTemplate') as response_mapping_template, + json_extract_path_text(Properties, 'ResponseMappingTemplateS3Location') as response_mapping_template_s3_location, + json_extract_path_text(Properties, 'Runtime') as runtime, + json_extract_path_text(Properties, 'SyncConfig') as sync_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::FunctionConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + resolvers: + name: resolvers + id: aws.appsync.resolvers + x-cfn-schema-name: Resolver + x-type: list + x-identifiers: + - ResolverArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ResolverArn') as resolver_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::Resolver' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ResolverArn') as resolver_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::Resolver' + AND region = 'us-east-1' + resolver: + name: resolver + id: aws.appsync.resolver + x-cfn-schema-name: Resolver + x-type: get + x-identifiers: + - ResolverArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.CachingConfig') as caching_config, + JSON_EXTRACT(Properties, '$.Code') as code, + JSON_EXTRACT(Properties, '$.CodeS3Location') as code_s3_location, + JSON_EXTRACT(Properties, '$.DataSourceName') as data_source_name, + JSON_EXTRACT(Properties, '$.FieldName') as field_name, + JSON_EXTRACT(Properties, '$.Kind') as kind, + JSON_EXTRACT(Properties, '$.MaxBatchSize') as max_batch_size, + JSON_EXTRACT(Properties, '$.PipelineConfig') as pipeline_config, + JSON_EXTRACT(Properties, '$.RequestMappingTemplate') as request_mapping_template, + JSON_EXTRACT(Properties, '$.RequestMappingTemplateS3Location') as request_mapping_template_s3_location, + JSON_EXTRACT(Properties, '$.ResolverArn') as resolver_arn, + JSON_EXTRACT(Properties, '$.ResponseMappingTemplate') as response_mapping_template, + JSON_EXTRACT(Properties, '$.ResponseMappingTemplateS3Location') as response_mapping_template_s3_location, + JSON_EXTRACT(Properties, '$.Runtime') as runtime, + JSON_EXTRACT(Properties, '$.SyncConfig') as sync_config, + JSON_EXTRACT(Properties, '$.TypeName') as type_name, + JSON_EXTRACT(Properties, '$.MetricsConfig') as metrics_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::Resolver' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'CachingConfig') as caching_config, + json_extract_path_text(Properties, 'Code') as code, + json_extract_path_text(Properties, 'CodeS3Location') as code_s3_location, + json_extract_path_text(Properties, 'DataSourceName') as data_source_name, + json_extract_path_text(Properties, 'FieldName') as field_name, + json_extract_path_text(Properties, 'Kind') as kind, + json_extract_path_text(Properties, 'MaxBatchSize') as max_batch_size, + json_extract_path_text(Properties, 'PipelineConfig') as pipeline_config, + json_extract_path_text(Properties, 'RequestMappingTemplate') as request_mapping_template, + json_extract_path_text(Properties, 'RequestMappingTemplateS3Location') as request_mapping_template_s3_location, + json_extract_path_text(Properties, 'ResolverArn') as resolver_arn, + json_extract_path_text(Properties, 'ResponseMappingTemplate') as response_mapping_template, + json_extract_path_text(Properties, 'ResponseMappingTemplateS3Location') as response_mapping_template_s3_location, + json_extract_path_text(Properties, 'Runtime') as runtime, + json_extract_path_text(Properties, 'SyncConfig') as sync_config, + json_extract_path_text(Properties, 'TypeName') as type_name, + json_extract_path_text(Properties, 'MetricsConfig') as metrics_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::Resolver' + AND data__Identifier = '' + AND region = 'us-east-1' + source_api_associations: + name: source_api_associations + id: aws.appsync.source_api_associations + x-cfn-schema-name: SourceApiAssociation + x-type: list + x-identifiers: + - AssociationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssociationArn') as association_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::SourceApiAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssociationArn') as association_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::SourceApiAssociation' + AND region = 'us-east-1' + source_api_association: + name: source_api_association + id: aws.appsync.source_api_association + x-cfn-schema-name: SourceApiAssociation + x-type: get + x-identifiers: + - AssociationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SourceApiIdentifier') as source_api_identifier, + JSON_EXTRACT(Properties, '$.MergedApiIdentifier') as merged_api_identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.SourceApiAssociationConfig') as source_api_association_config, + JSON_EXTRACT(Properties, '$.AssociationId') as association_id, + JSON_EXTRACT(Properties, '$.AssociationArn') as association_arn, + JSON_EXTRACT(Properties, '$.SourceApiId') as source_api_id, + JSON_EXTRACT(Properties, '$.SourceApiArn') as source_api_arn, + JSON_EXTRACT(Properties, '$.MergedApiId') as merged_api_id, + JSON_EXTRACT(Properties, '$.MergedApiArn') as merged_api_arn, + JSON_EXTRACT(Properties, '$.SourceApiAssociationStatus') as source_api_association_status, + JSON_EXTRACT(Properties, '$.SourceApiAssociationStatusDetail') as source_api_association_status_detail, + JSON_EXTRACT(Properties, '$.LastSuccessfulMergeDate') as last_successful_merge_date + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::SourceApiAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SourceApiIdentifier') as source_api_identifier, + json_extract_path_text(Properties, 'MergedApiIdentifier') as merged_api_identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'SourceApiAssociationConfig') as source_api_association_config, + json_extract_path_text(Properties, 'AssociationId') as association_id, + json_extract_path_text(Properties, 'AssociationArn') as association_arn, + json_extract_path_text(Properties, 'SourceApiId') as source_api_id, + json_extract_path_text(Properties, 'SourceApiArn') as source_api_arn, + json_extract_path_text(Properties, 'MergedApiId') as merged_api_id, + json_extract_path_text(Properties, 'MergedApiArn') as merged_api_arn, + json_extract_path_text(Properties, 'SourceApiAssociationStatus') as source_api_association_status, + json_extract_path_text(Properties, 'SourceApiAssociationStatusDetail') as source_api_association_status_detail, + json_extract_path_text(Properties, 'LastSuccessfulMergeDate') as last_successful_merge_date + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::SourceApiAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/aps.yaml b/providers/src/aws/v00.00.00000/services/aps.yaml new file mode 100644 index 00000000..c76f77e1 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/aps.yaml @@ -0,0 +1,580 @@ +openapi: 3.0.0 +info: + title: APS + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + RuleGroupsNamespace: + type: object + properties: + Workspace: + description: Required to identify a specific APS Workspace associated with this RuleGroupsNamespace. + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):aps:[a-z0-9-]+:[0-9]+:workspace/[a-zA-Z0-9-]+$ + Name: + description: The RuleGroupsNamespace name. + type: string + minLength: 1 + maxLength: 64 + Data: + description: The RuleGroupsNamespace data. + type: string + Arn: + description: The RuleGroupsNamespace ARN. + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):aps:[a-z0-9-]+:[0-9]+:rulegroupsnamespace/[a-zA-Z0-9-]+/[0-9A-Za-z][-.0-9A-Z_a-z]*$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Workspace + - Data + - Name + x-stackql-resource-name: rule_groups_namespace + description: RuleGroupsNamespace schema for cloudformation. + x-type-name: AWS::APS::RuleGroupsNamespace + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - Workspace + x-read-only-properties: + - Arn + x-required-properties: + - Workspace + - Data + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - aps:CreateRuleGroupsNamespace + - aps:DescribeRuleGroupsNamespace + - aps:TagResource + read: + - aps:DescribeRuleGroupsNamespace + - aps:ListTagsForResource + update: + - aps:PutRuleGroupsNamespace + - aps:DescribeRuleGroupsNamespace + - aps:TagResource + - aps:UntagResource + - aps:ListTagsForResource + delete: + - aps:DeleteRuleGroupsNamespace + - aps:DescribeRuleGroupsNamespace + list: + - aps:ListRuleGroupsNamespaces + - aps:ListTagsForResource + ScrapeConfiguration: + description: Scraper configuration + type: object + properties: + ConfigurationBlob: + description: Prometheus compatible scrape configuration in base64 encoded blob format + type: string + oneOf: + - required: + - ConfigurationBlob + additionalProperties: false + Source: + description: Scraper metrics source + type: object + properties: + EksConfiguration: + description: Configuration for EKS metrics source + type: object + properties: + ClusterArn: + description: ARN of an EKS cluster + type: string + pattern: ^arn:aws[-a-z]*:eks:[-a-z0-9]+:[0-9]{12}:cluster/.+$ + SecurityGroupIds: + description: List of security group IDs + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/SecurityGroupId' + SubnetIds: + description: List of subnet IDs + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/SubnetId' + required: + - ClusterArn + - SubnetIds + additionalProperties: false + oneOf: + - required: + - EksConfiguration + additionalProperties: false + Destination: + description: Scraper metrics destination + type: object + properties: + AmpConfiguration: + description: Configuration for Amazon Managed Prometheus metrics destination + type: object + properties: + WorkspaceArn: + description: ARN of an Amazon Managed Prometheus workspace + type: string + pattern: ^arn:aws[-a-z]*:aps:[-a-z0-9]+:[0-9]{12}:workspace/.+$ + required: + - WorkspaceArn + additionalProperties: false + oneOf: + - required: + - AmpConfiguration + additionalProperties: false + SecurityGroupId: + description: ID of a security group + type: string + pattern: ^sg-[0-9a-z]+$ + SubnetId: + description: ID of a subnet + type: string + pattern: ^subnet-[0-9a-z]+$ + Scraper: + type: object + properties: + ScraperId: + description: Required to identify a specific scraper. + type: string + pattern: ^s-[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}$ + minLength: 1 + maxLength: 64 + Alias: + description: Scraper alias. + type: string + pattern: ^[0-9A-Za-z][-.0-9A-Z_a-z]*$ + minLength: 1 + maxLength: 100 + Arn: + description: Scraper ARN. + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):aps:(af|ap|ca|eu|me|sa|us)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-[0-9]+:[0-9]+:scraper/s-[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}$ + RoleArn: + description: IAM role ARN for the scraper. + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):iam::[0-9]{12}:role/[a-zA-Z0-9-]+$ + minLength: 20 + maxLength: 2048 + ScrapeConfiguration: + $ref: '#/components/schemas/ScrapeConfiguration' + Source: + $ref: '#/components/schemas/Source' + Destination: + $ref: '#/components/schemas/Destination' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - ScrapeConfiguration + - Source + - Destination + x-stackql-resource-name: scraper + description: Resource Type definition for AWS::APS::Scraper + x-type-name: AWS::APS::Scraper + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - ScrapeConfiguration + - Source + - Destination + - Alias + x-read-only-properties: + - ScraperId + - Arn + - RoleArn + x-required-properties: + - ScrapeConfiguration + - Source + - Destination + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - aps:CreateScraper + - aps:DescribeScraper + - aps:DescribeWorkspace + - aps:TagResource + - eks:CreateAccessEntry + - eks:AssociateAccessPolicy + - eks:DescribeCluster + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - iam:CreateServiceLinkedRole + read: + - aps:DescribeScraper + - aps:ListTagsForResource + update: + - aps:DescribeScraper + - aps:TagResource + - aps:UntagResource + - aps:ListTagsForResource + delete: + - aps:DeleteScraper + - aps:DescribeScraper + - aps:DescribeWorkspace + - eks:AssociateAccessPolicy + - eks:DescribeCluster + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - iam:DeleteServiceLinkedRole + list: + - aps:ListScrapers + - aps:ListTagsForResource + LoggingConfiguration: + description: Logging configuration + type: object + properties: + LogGroupArn: + description: CloudWatch log group ARN + type: string + minLength: 0 + maxLength: 512 + additionalProperties: false + Workspace: + type: object + properties: + WorkspaceId: + description: Required to identify a specific APS Workspace. + type: string + pattern: ^[a-zA-Z0-9][a-zA-Z0-9_-]{1,99}$ + minLength: 1 + maxLength: 100 + Alias: + description: AMP Workspace alias. + type: string + minLength: 0 + maxLength: 100 + Arn: + description: Workspace arn. + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):aps:[a-z0-9-]+:[0-9]+:workspace/[a-zA-Z0-9-]+$ + minLength: 1 + maxLength: 128 + AlertManagerDefinition: + description: The AMP Workspace alert manager definition data + type: string + PrometheusEndpoint: + description: AMP Workspace prometheus endpoint + type: string + LoggingConfiguration: + $ref: '#/components/schemas/LoggingConfiguration' + KmsKeyArn: + description: KMS Key ARN used to encrypt and decrypt AMP workspace data. + type: string + pattern: ^arn:aws[-a-z]*:kms:[-a-z0-9]+:[0-9]{12}:key/.+$ + minLength: 20 + maxLength: 2048 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: [] + x-stackql-resource-name: workspace + description: Resource Type definition for AWS::APS::Workspace + x-type-name: AWS::APS::Workspace + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - KmsKeyArn + x-read-only-properties: + - WorkspaceId + - Arn + - PrometheusEndpoint + x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - aps:CreateWorkspace + - aps:DescribeWorkspace + - aps:TagResource + - aps:CreateAlertManagerDefinition + - aps:DescribeAlertManagerDefinition + - aps:CreateLoggingConfiguration + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:ListLogDeliveries + - logs:PutResourcePolicy + - kms:CreateGrant + - kms:Decrypt + - kms:GenerateDataKey + read: + - aps:DescribeWorkspace + - aps:ListTagsForResource + - aps:DescribeAlertManagerDefinition + - aps:DescribeLoggingConfiguration + update: + - aps:UpdateWorkspaceAlias + - aps:DescribeWorkspace + - aps:TagResource + - aps:UntagResource + - aps:ListTagsForResource + - aps:CreateAlertManagerDefinition + - aps:PutAlertManagerDefinition + - aps:DeleteAlertManagerDefinition + - aps:CreateLoggingConfiguration + - aps:DescribeLoggingConfiguration + - aps:UpdateLoggingConfiguration + - aps:DeleteLoggingConfiguration + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:ListLogDeliveries + - logs:DeleteLogDelivery + - logs:PutResourcePolicy + delete: + - aps:DeleteWorkspace + - aps:DescribeWorkspace + - aps:DeleteAlertManagerDefinition + - aps:DeleteLoggingConfiguration + - logs:DeleteLogDelivery + list: + - aps:ListWorkspaces + - aps:ListTagsForResource + x-stackQL-resources: + rule_groups_namespaces: + name: rule_groups_namespaces + id: aws.aps.rule_groups_namespaces + x-cfn-schema-name: RuleGroupsNamespace + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::APS::RuleGroupsNamespace' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::APS::RuleGroupsNamespace' + AND region = 'us-east-1' + rule_groups_namespace: + name: rule_groups_namespace + id: aws.aps.rule_groups_namespace + x-cfn-schema-name: RuleGroupsNamespace + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Workspace') as workspace, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Data') as data, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::APS::RuleGroupsNamespace' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Workspace') as workspace, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Data') as data, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::APS::RuleGroupsNamespace' + AND data__Identifier = '' + AND region = 'us-east-1' + scrapers: + name: scrapers + id: aws.aps.scrapers + x-cfn-schema-name: Scraper + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::APS::Scraper' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::APS::Scraper' + AND region = 'us-east-1' + scraper: + name: scraper + id: aws.aps.scraper + x-cfn-schema-name: Scraper + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ScraperId') as scraper_id, + JSON_EXTRACT(Properties, '$.Alias') as alias, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.ScrapeConfiguration') as scrape_configuration, + JSON_EXTRACT(Properties, '$.Source') as source, + JSON_EXTRACT(Properties, '$.Destination') as destination, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::APS::Scraper' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ScraperId') as scraper_id, + json_extract_path_text(Properties, 'Alias') as alias, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'ScrapeConfiguration') as scrape_configuration, + json_extract_path_text(Properties, 'Source') as source, + json_extract_path_text(Properties, 'Destination') as destination, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::APS::Scraper' + AND data__Identifier = '' + AND region = 'us-east-1' + workspaces: + name: workspaces + id: aws.aps.workspaces + x-cfn-schema-name: Workspace + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::APS::Workspace' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::APS::Workspace' + AND region = 'us-east-1' + workspace: + name: workspace + id: aws.aps.workspace + x-cfn-schema-name: Workspace + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.WorkspaceId') as workspace_id, + JSON_EXTRACT(Properties, '$.Alias') as alias, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AlertManagerDefinition') as alert_manager_definition, + JSON_EXTRACT(Properties, '$.PrometheusEndpoint') as prometheus_endpoint, + JSON_EXTRACT(Properties, '$.LoggingConfiguration') as logging_configuration, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::APS::Workspace' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'WorkspaceId') as workspace_id, + json_extract_path_text(Properties, 'Alias') as alias, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AlertManagerDefinition') as alert_manager_definition, + json_extract_path_text(Properties, 'PrometheusEndpoint') as prometheus_endpoint, + json_extract_path_text(Properties, 'LoggingConfiguration') as logging_configuration, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::APS::Workspace' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/arczonalshift.yaml b/providers/src/aws/v00.00.00000/services/arczonalshift.yaml new file mode 100644 index 00000000..088f7372 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/arczonalshift.yaml @@ -0,0 +1,171 @@ +openapi: 3.0.0 +info: + title: ARCZonalShift + version: 1.0.0 +paths: {} +components: + schemas: + ZonalAutoshiftStatus: + type: string + enum: + - ENABLED + ControlCondition: + type: object + properties: + Type: + $ref: '#/components/schemas/ControlConditionType' + AlarmIdentifier: + type: string + maxLength: 1024 + minLength: 8 + pattern: ^arn:.*$ + required: + - AlarmIdentifier + - Type + additionalProperties: false + ControlConditionType: + type: string + enum: + - CLOUDWATCH + PracticeRunConfiguration: + type: object + properties: + BlockingAlarms: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ControlCondition' + maxItems: 1 + minItems: 1 + OutcomeAlarms: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ControlCondition' + maxItems: 1 + minItems: 1 + BlockedDates: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 10 + minLength: 10 + pattern: ^[0-9]{4}-[0-9]{2}-[0-9]{2}$ + maxItems: 15 + minItems: 0 + BlockedWindows: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 19 + minLength: 19 + pattern: ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun):[0-9]{2}:[0-9]{2}-(Mon|Tue|Wed|Thu|Fri|Sat|Sun):[0-9]{2}:[0-9]{2}$ + maxItems: 15 + minItems: 0 + required: + - OutcomeAlarms + additionalProperties: false + ZonalAutoshiftConfiguration: + type: object + properties: + ZonalAutoshiftStatus: + $ref: '#/components/schemas/ZonalAutoshiftStatus' + x-dependencies: + ZonalAutoshiftStatus: + - PracticeRunConfiguration + PracticeRunConfiguration: + $ref: '#/components/schemas/PracticeRunConfiguration' + ResourceIdentifier: + type: string + maxLength: 1024 + minLength: 8 + x-stackql-resource-name: zonal_autoshift_configuration + description: Definition of AWS::ARCZonalShift::ZonalAutoshiftConfiguration Resource Type + x-type-name: AWS::ARCZonalShift::ZonalAutoshiftConfiguration + x-stackql-primary-identifier: + - ResourceIdentifier + x-create-only-properties: + - ResourceIdentifier + x-tagging: + taggable: false + x-required-permissions: + create: + - arc-zonal-shift:CreatePracticeRunConfiguration + - arc-zonal-shift:GetManagedResource + - arc-zonal-shift:UpdateZonalAutoshiftConfiguration + - cloudwatch:DescribeAlarms + - iam:CreateServiceLinkedRole + read: + - arc-zonal-shift:GetManagedResource + update: + - arc-zonal-shift:GetManagedResource + - arc-zonal-shift:UpdatePracticeRunConfiguration + - arc-zonal-shift:UpdateZonalAutoshiftConfiguration + - cloudwatch:DescribeAlarms + delete: + - arc-zonal-shift:DeletePracticeRunConfiguration + - arc-zonal-shift:GetManagedResource + - arc-zonal-shift:UpdateZonalAutoshiftConfiguration + list: + - arc-zonal-shift:ListManagedResources + x-stackQL-resources: + zonal_autoshift_configurations: + name: zonal_autoshift_configurations + id: aws.arczonalshift.zonal_autoshift_configurations + x-cfn-schema-name: ZonalAutoshiftConfiguration + x-type: list + x-identifiers: + - ResourceIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ResourceIdentifier') as resource_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ARCZonalShift::ZonalAutoshiftConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ResourceIdentifier') as resource_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ARCZonalShift::ZonalAutoshiftConfiguration' + AND region = 'us-east-1' + zonal_autoshift_configuration: + name: zonal_autoshift_configuration + id: aws.arczonalshift.zonal_autoshift_configuration + x-cfn-schema-name: ZonalAutoshiftConfiguration + x-type: get + x-identifiers: + - ResourceIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ZonalAutoshiftStatus') as zonal_autoshift_status, + JSON_EXTRACT(Properties, '$.PracticeRunConfiguration') as practice_run_configuration, + JSON_EXTRACT(Properties, '$.ResourceIdentifier') as resource_identifier + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ARCZonalShift::ZonalAutoshiftConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ZonalAutoshiftStatus') as zonal_autoshift_status, + json_extract_path_text(Properties, 'PracticeRunConfiguration') as practice_run_configuration, + json_extract_path_text(Properties, 'ResourceIdentifier') as resource_identifier + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ARCZonalShift::ZonalAutoshiftConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/athena.yaml b/providers/src/aws/v00.00.00000/services/athena.yaml new file mode 100644 index 00000000..38907304 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/athena.yaml @@ -0,0 +1,932 @@ +openapi: 3.0.0 +info: + title: Athena + version: 1.0.0 +paths: {} +components: + schemas: + Arn: + description: The Amazon Resource Name (ARN) of the specified capacity reservation + type: string + Tag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + WorkgroupName: + pattern: '[a-zA-Z0-9._-]{1,128}' + type: string + WorkgroupNames: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/WorkgroupName' + CapacityAssignment: + type: object + properties: + WorkgroupNames: + $ref: '#/components/schemas/WorkgroupNames' + required: + - WorkgroupNames + additionalProperties: false + CapacityAssignments: + description: List of capacity assignments + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/CapacityAssignment' + CapacityAssignmentConfiguration: + description: Assignment configuration to assign workgroups to a reservation + type: object + properties: + CapacityAssignments: + $ref: '#/components/schemas/CapacityAssignments' + required: + - CapacityAssignments + additionalProperties: false + CapacityReservationStatus: + type: string + enum: + - PENDING + - ACTIVE + - CANCELLING + - CANCELLED + - FAILED + - UPDATE_PENDING + CapacityReservation: + type: object + properties: + Arn: + $ref: '#/components/schemas/Arn' + Name: + description: The reservation name. + pattern: '[a-zA-Z0-9._-]{1,128}' + type: string + Status: + description: The status of the reservation. + $ref: '#/components/schemas/CapacityReservationStatus' + TargetDpus: + description: The number of DPUs to request to be allocated to the reservation. + type: integer + format: int64 + minimum: 1 + AllocatedDpus: + description: The number of DPUs Athena has provisioned and allocated for the reservation + type: integer + format: int64 + minimum: 0 + CapacityAssignmentConfiguration: + $ref: '#/components/schemas/CapacityAssignmentConfiguration' + CreationTime: + description: The date and time the reservation was created. + type: string + LastSuccessfulAllocationTime: + description: The timestamp when the last successful allocated was made + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - TargetDpus + x-stackql-resource-name: capacity_reservation + description: Resource schema for AWS::Athena::CapacityReservation + x-type-name: AWS::Athena::CapacityReservation + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + - Status + - AllocatedDpus + - CreationTime + - LastSuccessfulAllocationTime + x-required-properties: + - Name + - TargetDpus + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - athena:CreateCapacityReservation + - athena:PutCapacityAssignmentConfiguration + - athena:GetCapacityReservation + - athena:TagResource + read: + - athena:GetCapacityReservation + - athena:GetCapacityAssignmentConfiguration + - athena:ListTagsForResource + update: + - athena:UpdateCapacityReservation + - athena:PutCapacityAssignmentConfiguration + - athena:GetCapacityReservation + - athena:TagResource + - athena:UntagResource + delete: + - athena:CancelCapacityReservation + - athena:GetCapacityReservation + - athena:DeleteCapacityReservation + list: + - athena:ListCapacityReservations + - athena:GetCapacityReservation + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + DataCatalog: + type: object + properties: + Name: + description: 'The name of the data catalog to create. The catalog name must be unique for the AWS account and can use a maximum of 128 alphanumeric, underscore, at sign, or hyphen characters. ' + type: string + minLength: 1 + maxLength: 256 + Description: + description: 'A description of the data catalog to be created. ' + type: string + minLength: 1 + maxLength: 1024 + Parameters: + description: 'Specifies the Lambda function or functions to use for creating the data catalog. This is a mapping whose values depend on the catalog type. ' + type: object + x-patternProperties: + .*: + type: string + maxLength: 51200 + additionalProperties: false + Tags: + description: 'A list of comma separated tags to add to the data catalog that is created. ' + $ref: '#/components/schemas/Tags' + Type: + description: 'The type of data catalog to create: LAMBDA for a federated catalog, GLUE for AWS Glue Catalog, or HIVE for an external hive metastore. ' + type: string + enum: + - LAMBDA + - GLUE + - HIVE + required: + - Name + - Type + x-stackql-resource-name: data_catalog + description: Resource schema for AWS::Athena::DataCatalog + x-type-name: AWS::Athena::DataCatalog + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-required-properties: + - Name + - Type + x-taggable: true + x-required-permissions: + create: + - athena:CreateDataCatalog + - athena:TagResource + read: + - athena:GetDataCatalog + - athena:ListTagsForResource + update: + - athena:UpdateDataCatalog + - athena:TagResource + - athena:GetDataCatalog + - athena:UntagResource + - athena:ListTagsForResource + delete: + - athena:DeleteDataCatalog + list: + - athena:ListDataCatalog + NamedQuery: + type: object + properties: + Name: + description: The query name. + type: string + minLength: 1 + maxLength: 128 + Database: + description: The database to which the query belongs. + type: string + minLength: 1 + maxLength: 255 + Description: + description: The query description. + type: string + minLength: 1 + maxLength: 1024 + QueryString: + description: The contents of the query with all query statements. + type: string + minLength: 1 + maxLength: 262144 + WorkGroup: + description: The name of the workgroup that contains the named query. + type: string + minLength: 1 + maxLength: 128 + NamedQueryId: + description: The unique ID of the query. + type: string + required: + - Database + - QueryString + x-stackql-resource-name: named_query + description: Resource schema for AWS::Athena::NamedQuery + x-type-name: AWS::Athena::NamedQuery + x-stackql-primary-identifier: + - NamedQueryId + x-create-only-properties: + - Name + - Database + - Description + - QueryString + - WorkGroup + x-read-only-properties: + - NamedQueryId + x-required-properties: + - Database + - QueryString + x-required-permissions: + create: + - athena:CreateNamedQuery + read: + - athena:GetNamedQuery + list: + - athena:ListNamedQueries + delete: + - athena:DeleteNamedQuery + PreparedStatement: + type: object + properties: + StatementName: + description: The name of the prepared statement. + type: string + minLength: 1 + maxLength: 256 + WorkGroup: + description: The name of the workgroup to which the prepared statement belongs. + type: string + minLength: 1 + maxLength: 128 + Description: + description: The description of the prepared statement. + type: string + minLength: 1 + maxLength: 1024 + QueryStatement: + description: The query string for the prepared statement. + type: string + minLength: 1 + maxLength: 262144 + required: + - StatementName + - WorkGroup + - QueryStatement + x-stackql-resource-name: prepared_statement + description: Resource schema for AWS::Athena::PreparedStatement + x-type-name: AWS::Athena::PreparedStatement + x-stackql-primary-identifier: + - StatementName + - WorkGroup + x-create-only-properties: + - StatementName + - WorkGroup + x-required-properties: + - StatementName + - WorkGroup + - QueryStatement + x-required-permissions: + create: + - athena:CreatePreparedStatement + - athena:GetPreparedStatement + read: + - athena:GetPreparedStatement + update: + - athena:UpdatePreparedStatement + delete: + - athena:DeletePreparedStatement + - athena:GetPreparedStatement + list: + - athena:ListPreparedStatements + SelectedEngineVersion: + description: The engine version requested by the user. Possible values are determined by the output of ListEngineVersions, including Auto. The default is Auto. + type: string + EffectiveEngineVersion: + description: Read only. The engine version on which the query runs. If the user requests a valid engine version other than Auto, the effective engine version is the same as the engine version that the user requested. If the user requests Auto, the effective engine version is chosen by Athena. When a request to update the engine version is made by a CreateWorkGroup or UpdateWorkGroup operation, the EffectiveEngineVersion field is ignored. + type: string + EngineVersion: + description: The Athena engine version for running queries. + type: object + properties: + SelectedEngineVersion: + $ref: '#/components/schemas/SelectedEngineVersion' + EffectiveEngineVersion: + $ref: '#/components/schemas/EffectiveEngineVersion' + additionalProperties: false + BytesScannedCutoffPerQuery: + description: The upper data usage limit (cutoff) for the amount of bytes a single query in a workgroup is allowed to scan. + type: integer + format: int64 + minimum: 10000000 + EnforceWorkGroupConfiguration: + description: If set to "true", the settings for the workgroup override client-side settings. If set to "false", client-side settings are used + type: boolean + PublishCloudWatchMetricsEnabled: + description: Indicates that the Amazon CloudWatch metrics are enabled for the workgroup. + type: boolean + RequesterPaysEnabled: + description: 'If set to true, allows members assigned to a workgroup to reference Amazon S3 Requester Pays buckets in queries. If set to false, workgroup members cannot query data from Requester Pays buckets, and queries that retrieve data from Requester Pays buckets cause an error. ' + type: boolean + OutputLocation: + description: 'The location in Amazon S3 where your query results are stored, such as s3://path/to/query/bucket/. To run the query, you must specify the query results location using one of the ways: either for individual queries using either this setting (client-side), or in the workgroup, using WorkGroupConfiguration' + type: string + KmsKey: + description: 'For SSE-KMS and CSE-KMS, this is the KMS key ARN or ID. ' + type: string + EncryptionOption: + description: Indicates whether Amazon S3 server-side encryption with Amazon S3-managed keys (SSE-S3), server-side encryption with KMS-managed keys (SSE-KMS), or client-side encryption with KMS-managed keys (CSE-KMS) is used. + type: string + enum: + - SSE_S3 + - SSE_KMS + - CSE_KMS + RemoveBytesScannedCutoffPerQuery: + description: Indicates that the data usage control limit per query is removed. + type: boolean + EncryptionConfiguration: + description: If query results are encrypted in Amazon S3, indicates the encryption option used (for example, SSE-KMS or CSE-KMS) and key information. + type: object + properties: + EncryptionOption: + $ref: '#/components/schemas/EncryptionOption' + KmsKey: + $ref: '#/components/schemas/KmsKey' + required: + - EncryptionOption + additionalProperties: false + RemoveEncryptionConfiguration: + type: boolean + AdditionalConfiguration: + description: Additional Configuration that are passed to Athena Spark Calculations running in this workgroup + type: string + ExecutionRole: + description: Execution Role ARN required to run Athena Spark Calculations + type: string + RemoveOutputLocation: + type: boolean + ExpectedBucketOwner: + description: The AWS account ID of the owner of S3 bucket where query results are stored + type: string + RemoveExpectedBucketOwner: + type: boolean + S3AclOption: + description: The Amazon S3 canned ACL that Athena should specify when storing query results. Currently the only supported canned ACL is BUCKET_OWNER_FULL_CONTROL + type: string + enum: + - BUCKET_OWNER_FULL_CONTROL + AclConfiguration: + description: Indicates that an Amazon S3 canned ACL should be set to control ownership of stored query results + type: object + properties: + S3AclOption: + $ref: '#/components/schemas/S3AclOption' + required: + - S3AclOption + additionalProperties: false + RemoveAclConfiguration: + type: boolean + CustomerContentEncryptionConfiguration: + description: Indicates the KMS key for encrypting notebook content. + type: object + properties: + KmsKey: + $ref: '#/components/schemas/KmsKey' + required: + - KmsKey + additionalProperties: false + RemoveCustomerContentEncryptionConfiguration: + type: boolean + ResultConfiguration: + description: | + The location in Amazon S3 where query results are stored and the encryption option, if any, used for query results. These are known as "client-side settings". If workgroup settings override client-side settings, then the query uses the workgroup settings. + type: object + properties: + EncryptionConfiguration: + $ref: '#/components/schemas/EncryptionConfiguration' + OutputLocation: + $ref: '#/components/schemas/OutputLocation' + ExpectedBucketOwner: + $ref: '#/components/schemas/ExpectedBucketOwner' + AclConfiguration: + $ref: '#/components/schemas/AclConfiguration' + additionalProperties: false + ResultConfigurationUpdates: + description: 'The result configuration information about the queries in this workgroup that will be updated. Includes the updated results location and an updated option for encrypting query results. ' + type: object + properties: + EncryptionConfiguration: + $ref: '#/components/schemas/EncryptionConfiguration' + OutputLocation: + $ref: '#/components/schemas/OutputLocation' + ExpectedBucketOwner: + $ref: '#/components/schemas/ExpectedBucketOwner' + AclConfiguration: + $ref: '#/components/schemas/AclConfiguration' + RemoveEncryptionConfiguration: + $ref: '#/components/schemas/RemoveEncryptionConfiguration' + RemoveOutputLocation: + $ref: '#/components/schemas/RemoveOutputLocation' + RemoveExpectedBucketOwner: + $ref: '#/components/schemas/RemoveExpectedBucketOwner' + RemoveAclConfiguration: + $ref: '#/components/schemas/RemoveAclConfiguration' + additionalProperties: false + WorkGroupConfiguration: + type: object + properties: + BytesScannedCutoffPerQuery: + $ref: '#/components/schemas/BytesScannedCutoffPerQuery' + EnforceWorkGroupConfiguration: + $ref: '#/components/schemas/EnforceWorkGroupConfiguration' + PublishCloudWatchMetricsEnabled: + $ref: '#/components/schemas/PublishCloudWatchMetricsEnabled' + RequesterPaysEnabled: + $ref: '#/components/schemas/RequesterPaysEnabled' + ResultConfiguration: + $ref: '#/components/schemas/ResultConfiguration' + EngineVersion: + $ref: '#/components/schemas/EngineVersion' + AdditionalConfiguration: + $ref: '#/components/schemas/AdditionalConfiguration' + ExecutionRole: + $ref: '#/components/schemas/ExecutionRole' + CustomerContentEncryptionConfiguration: + $ref: '#/components/schemas/CustomerContentEncryptionConfiguration' + additionalProperties: false + WorkGroupConfigurationUpdates: + type: object + description: 'The configuration information that will be updated for this workgroup, which includes the location in Amazon S3 where query results are stored, the encryption option, if any, used for query results, whether the Amazon CloudWatch Metrics are enabled for the workgroup, whether the workgroup settings override the client-side settings, and the data usage limit for the amount of bytes scanned per query, if it is specified. ' + properties: + BytesScannedCutoffPerQuery: + $ref: '#/components/schemas/BytesScannedCutoffPerQuery' + EnforceWorkGroupConfiguration: + $ref: '#/components/schemas/EnforceWorkGroupConfiguration' + PublishCloudWatchMetricsEnabled: + $ref: '#/components/schemas/PublishCloudWatchMetricsEnabled' + RequesterPaysEnabled: + $ref: '#/components/schemas/RequesterPaysEnabled' + ResultConfigurationUpdates: + $ref: '#/components/schemas/ResultConfigurationUpdates' + RemoveBytesScannedCutoffPerQuery: + $ref: '#/components/schemas/RemoveBytesScannedCutoffPerQuery' + EngineVersion: + $ref: '#/components/schemas/EngineVersion' + AdditionalConfiguration: + $ref: '#/components/schemas/AdditionalConfiguration' + ExecutionRole: + $ref: '#/components/schemas/ExecutionRole' + CustomerContentEncryptionConfiguration: + $ref: '#/components/schemas/CustomerContentEncryptionConfiguration' + RemoveCustomerContentEncryptionConfiguration: + $ref: '#/components/schemas/RemoveCustomerContentEncryptionConfiguration' + additionalProperties: false + WorkGroup: + type: object + properties: + Name: + description: The workGroup name. + pattern: '[a-zA-Z0-9._-]{1,128}' + type: string + Description: + description: The workgroup description. + type: string + minLength: 0 + maxLength: 1024 + Tags: + description: One or more tags, separated by commas, that you want to attach to the workgroup as you create it + $ref: '#/components/schemas/Tags' + WorkGroupConfiguration: + description: The workgroup configuration + $ref: '#/components/schemas/WorkGroupConfiguration' + WorkGroupConfigurationUpdates: + description: The workgroup configuration update object + $ref: '#/components/schemas/WorkGroupConfigurationUpdates' + CreationTime: + description: The date and time the workgroup was created. + type: string + State: + description: 'The state of the workgroup: ENABLED or DISABLED.' + type: string + enum: + - ENABLED + - DISABLED + RecursiveDeleteOption: + description: The option to delete the workgroup and its contents even if the workgroup contains any named queries. + type: boolean + required: + - Name + x-stackql-resource-name: work_group + description: Resource schema for AWS::Athena::WorkGroup + x-type-name: AWS::Athena::WorkGroup + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-write-only-properties: + - WorkGroupConfigurationUpdates + - RecursiveDeleteOption + - WorkGroupConfiguration/AdditionalConfiguration + x-read-only-properties: + - CreationTime + - WorkGroupConfiguration/EngineVersion/EffectiveEngineVersion + - WorkGroupConfigurationUpdates/EngineVersion/EffectiveEngineVersion + x-required-properties: + - Name + x-taggable: true + x-required-permissions: + create: + - athena:CreateWorkGroup + - athena:TagResource + - iam:PassRole + - s3:GetBucketLocation + - s3:GetObject + - s3:ListBucket + - s3:ListBucketMultipartUploads + - s3:AbortMultipartUpload + - s3:PutObject + - s3:ListMultipartUploadParts + - kms:Decrypt + - kms:GenerateDataKey + read: + - athena:GetWorkGroup + - athena:ListTagsForResource + list: + - athena:ListWorkGroups + delete: + - athena:DeleteWorkGroup + - athena:GetWorkGroup + - athena:UntagResource + update: + - athena:UpdateWorkGroup + - athena:TagResource + - athena:UntagResource + - iam:PassRole + - s3:GetBucketLocation + - s3:GetObject + - s3:ListBucket + - s3:ListBucketMultipartUploads + - s3:AbortMultipartUpload + - s3:PutObject + - s3:ListMultipartUploadParts + - kms:Decrypt + - kms:GenerateDataKey + x-stackQL-resources: + capacity_reservations: + name: capacity_reservations + id: aws.athena.capacity_reservations + x-cfn-schema-name: CapacityReservation + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Athena::CapacityReservation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Athena::CapacityReservation' + AND region = 'us-east-1' + capacity_reservation: + name: capacity_reservation + id: aws.athena.capacity_reservation + x-cfn-schema-name: CapacityReservation + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.TargetDpus') as target_dpus, + JSON_EXTRACT(Properties, '$.AllocatedDpus') as allocated_dpus, + JSON_EXTRACT(Properties, '$.CapacityAssignmentConfiguration') as capacity_assignment_configuration, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.LastSuccessfulAllocationTime') as last_successful_allocation_time, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Athena::CapacityReservation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'TargetDpus') as target_dpus, + json_extract_path_text(Properties, 'AllocatedDpus') as allocated_dpus, + json_extract_path_text(Properties, 'CapacityAssignmentConfiguration') as capacity_assignment_configuration, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'LastSuccessfulAllocationTime') as last_successful_allocation_time, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Athena::CapacityReservation' + AND data__Identifier = '' + AND region = 'us-east-1' + data_catalogs: + name: data_catalogs + id: aws.athena.data_catalogs + x-cfn-schema-name: DataCatalog + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Athena::DataCatalog' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Athena::DataCatalog' + AND region = 'us-east-1' + data_catalog: + name: data_catalog + id: aws.athena.data_catalog + x-cfn-schema-name: DataCatalog + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Athena::DataCatalog' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Athena::DataCatalog' + AND data__Identifier = '' + AND region = 'us-east-1' + named_queries: + name: named_queries + id: aws.athena.named_queries + x-cfn-schema-name: NamedQuery + x-type: list + x-identifiers: + - NamedQueryId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.NamedQueryId') as named_query_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Athena::NamedQuery' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'NamedQueryId') as named_query_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Athena::NamedQuery' + AND region = 'us-east-1' + named_query: + name: named_query + id: aws.athena.named_query + x-cfn-schema-name: NamedQuery + x-type: get + x-identifiers: + - NamedQueryId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Database') as _database, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.QueryString') as query_string, + JSON_EXTRACT(Properties, '$.WorkGroup') as work_group, + JSON_EXTRACT(Properties, '$.NamedQueryId') as named_query_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Athena::NamedQuery' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Database') as _database, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'QueryString') as query_string, + json_extract_path_text(Properties, 'WorkGroup') as work_group, + json_extract_path_text(Properties, 'NamedQueryId') as named_query_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Athena::NamedQuery' + AND data__Identifier = '' + AND region = 'us-east-1' + prepared_statements: + name: prepared_statements + id: aws.athena.prepared_statements + x-cfn-schema-name: PreparedStatement + x-type: list + x-identifiers: + - StatementName + - WorkGroup + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.StatementName') as statement_name, + JSON_EXTRACT(Properties, '$.WorkGroup') as work_group + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Athena::PreparedStatement' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'StatementName') as statement_name, + json_extract_path_text(Properties, 'WorkGroup') as work_group + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Athena::PreparedStatement' + AND region = 'us-east-1' + prepared_statement: + name: prepared_statement + id: aws.athena.prepared_statement + x-cfn-schema-name: PreparedStatement + x-type: get + x-identifiers: + - StatementName + - WorkGroup + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.StatementName') as statement_name, + JSON_EXTRACT(Properties, '$.WorkGroup') as work_group, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.QueryStatement') as query_statement + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Athena::PreparedStatement' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'StatementName') as statement_name, + json_extract_path_text(Properties, 'WorkGroup') as work_group, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'QueryStatement') as query_statement + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Athena::PreparedStatement' + AND data__Identifier = '|' + AND region = 'us-east-1' + work_groups: + name: work_groups + id: aws.athena.work_groups + x-cfn-schema-name: WorkGroup + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Athena::WorkGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Athena::WorkGroup' + AND region = 'us-east-1' + work_group: + name: work_group + id: aws.athena.work_group + x-cfn-schema-name: WorkGroup + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.WorkGroupConfiguration') as work_group_configuration, + JSON_EXTRACT(Properties, '$.WorkGroupConfigurationUpdates') as work_group_configuration_updates, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.RecursiveDeleteOption') as recursive_delete_option + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Athena::WorkGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'WorkGroupConfiguration') as work_group_configuration, + json_extract_path_text(Properties, 'WorkGroupConfigurationUpdates') as work_group_configuration_updates, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'RecursiveDeleteOption') as recursive_delete_option + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Athena::WorkGroup' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/auditmanager.yaml b/providers/src/aws/v00.00.00000/services/auditmanager.yaml new file mode 100644 index 00000000..0609f936 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/auditmanager.yaml @@ -0,0 +1,355 @@ +openapi: 3.0.0 +info: + title: AuditManager + version: 1.0.0 +paths: {} +components: + schemas: + FrameworkId: + description: The identifier for the specified framework. + type: string + maxLength: 36 + minLength: 32 + pattern: ^([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|.*\S.*)$ + UUID: + type: string + maxLength: 36 + minLength: 36 + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + AccountId: + description: The identifier for the specified AWS account. + type: string + maxLength: 12 + minLength: 12 + pattern: ^[0-9]{12}$ + EmailAddress: + description: The unique identifier for the email account. + type: string + maxLength: 320 + minLength: 1 + pattern: ^.*@.*$ + AccountName: + description: The name of the specified AWS account. + type: string + maxLength: 50 + minLength: 1 + pattern: ^[\u0020-\u007E]+$ + AWSAccount: + description: The AWS account associated with the assessment. + type: object + additionalProperties: false + properties: + Id: + $ref: '#/components/schemas/AccountId' + EmailAddress: + $ref: '#/components/schemas/EmailAddress' + Name: + $ref: '#/components/schemas/AccountName' + AssessmentArn: + description: The Amazon Resource Name (ARN) of the assessment. + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:.*:auditmanager:.* + Timestamp: + description: The sequence of characters that identifies when the event occurred. + type: number + ControlSetId: + description: The identifier for the specified control set. + type: string + maxLength: 300 + minLength: 1 + pattern: ^[\w\W\s\S]*$ + CreatedBy: + description: The IAM user or role that performed the action. + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:.*:*:.* + IamArn: + description: The Amazon Resource Name (ARN) of the IAM user or role. + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:.*:iam:.* + AssessmentName: + description: The name of the related assessment. + type: string + maxLength: 127 + minLength: 1 + pattern: ^[a-zA-Z0-9-_\.]+$ + DelegationComment: + description: The comment related to the delegation. + type: string + maxLength: 350 + pattern: ^[\w\W\s\S]*$ + RoleType: + description: ' The IAM role type.' + type: string + enum: + - PROCESS_OWNER + - RESOURCE_OWNER + DelegationStatus: + description: The status of the delegation. + type: string + enum: + - IN_PROGRESS + - UNDER_REVIEW + - COMPLETE + Delegation: + description: The assignment of a control set to a delegate for review. + type: object + additionalProperties: false + properties: + LastUpdated: + $ref: '#/components/schemas/Timestamp' + ControlSetId: + $ref: '#/components/schemas/ControlSetId' + CreationTime: + $ref: '#/components/schemas/Timestamp' + CreatedBy: + $ref: '#/components/schemas/CreatedBy' + RoleArn: + $ref: '#/components/schemas/IamArn' + AssessmentName: + $ref: '#/components/schemas/AssessmentName' + Comment: + $ref: '#/components/schemas/DelegationComment' + Id: + $ref: '#/components/schemas/UUID' + RoleType: + $ref: '#/components/schemas/RoleType' + AssessmentId: + $ref: '#/components/schemas/UUID' + Status: + $ref: '#/components/schemas/DelegationStatus' + Role: + description: The wrapper that contains AWS Audit Manager role information, such as the role type and IAM ARN. + type: object + additionalProperties: false + properties: + RoleArn: + $ref: '#/components/schemas/IamArn' + RoleType: + $ref: '#/components/schemas/RoleType' + AWSServiceName: + description: The name of the AWS service. + type: string + AWSService: + description: An AWS service such as Amazon S3, AWS CloudTrail, and so on. + type: object + additionalProperties: false + properties: + ServiceName: + $ref: '#/components/schemas/AWSServiceName' + Scope: + description: The wrapper that contains the AWS accounts and AWS services in scope for the assessment. + type: object + additionalProperties: false + properties: + AwsAccounts: + description: The AWS accounts included in scope. + type: array + items: + $ref: '#/components/schemas/AWSAccount' + AwsServices: + description: The AWS services included in scope. + type: array + items: + $ref: '#/components/schemas/AWSService' + S3Url: + description: The URL of the specified Amazon S3 bucket. + type: string + AssessmentReportDestinationType: + description: The destination type, such as Amazon S3. + type: string + enum: + - S3 + AssessmentReportsDestination: + description: The destination in which evidence reports are stored for the specified assessment. + type: object + additionalProperties: false + properties: + Destination: + $ref: '#/components/schemas/S3Url' + DestinationType: + $ref: '#/components/schemas/AssessmentReportDestinationType' + AssessmentStatus: + description: 'The status of the specified assessment. ' + type: string + enum: + - ACTIVE + - INACTIVE + AssessmentDescription: + description: The description of the specified assessment. + type: string + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + Assessment: + type: object + properties: + FrameworkId: + $ref: '#/components/schemas/FrameworkId' + AssessmentId: + $ref: '#/components/schemas/UUID' + AwsAccount: + $ref: '#/components/schemas/AWSAccount' + Arn: + $ref: '#/components/schemas/AssessmentArn' + Tags: + description: The tags associated with the assessment. + type: array + items: + $ref: '#/components/schemas/Tag' + Delegations: + description: The list of delegations. + type: array + items: + $ref: '#/components/schemas/Delegation' + Roles: + description: The list of roles for the specified assessment. + type: array + items: + $ref: '#/components/schemas/Role' + Scope: + $ref: '#/components/schemas/Scope' + AssessmentReportsDestination: + $ref: '#/components/schemas/AssessmentReportsDestination' + Status: + $ref: '#/components/schemas/AssessmentStatus' + CreationTime: + $ref: '#/components/schemas/Timestamp' + Name: + $ref: '#/components/schemas/AssessmentName' + Description: + $ref: '#/components/schemas/AssessmentDescription' + required: [] + x-stackql-resource-name: assessment + description: An entity that defines the scope of audit evidence collected by AWS Audit Manager. + x-type-name: AWS::AuditManager::Assessment + x-stackql-primary-identifier: + - AssessmentId + x-create-only-properties: + - FrameworkId + - AwsAccount + x-write-only-properties: + - Name + - Description + x-read-only-properties: + - AssessmentId + - Arn + - CreationTime + x-required-properties: [] + x-required-permissions: + create: + - auditmanager:CreateAssessment + - auditmanager:TagResource + - auditmanager:ListTagsForResource + - auditmanager:BatchCreateDelegationByAssessment + - iam:PassRole + read: + - auditmanager:GetAssessment + update: + - auditmanager:UpdateAssessment + - auditmanager:UpdateAssessmentStatus + - auditmanager:BatchCreateDelegationByAssessment + - auditmanager:BatchDeleteDelegationByAssessment + delete: + - auditmanager:DeleteAssessment + list: + - auditmanager:ListAssessments + x-stackQL-resources: + assessments: + name: assessments + id: aws.auditmanager.assessments + x-cfn-schema-name: Assessment + x-type: list + x-identifiers: + - AssessmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssessmentId') as assessment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AuditManager::Assessment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssessmentId') as assessment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AuditManager::Assessment' + AND region = 'us-east-1' + assessment: + name: assessment + id: aws.auditmanager.assessment + x-cfn-schema-name: Assessment + x-type: get + x-identifiers: + - AssessmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FrameworkId') as framework_id, + JSON_EXTRACT(Properties, '$.AssessmentId') as assessment_id, + JSON_EXTRACT(Properties, '$.AwsAccount') as aws_account, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Delegations') as delegations, + JSON_EXTRACT(Properties, '$.Roles') as roles, + JSON_EXTRACT(Properties, '$.Scope') as scope, + JSON_EXTRACT(Properties, '$.AssessmentReportsDestination') as assessment_reports_destination, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AuditManager::Assessment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FrameworkId') as framework_id, + json_extract_path_text(Properties, 'AssessmentId') as assessment_id, + json_extract_path_text(Properties, 'AwsAccount') as aws_account, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Delegations') as delegations, + json_extract_path_text(Properties, 'Roles') as roles, + json_extract_path_text(Properties, 'Scope') as scope, + json_extract_path_text(Properties, 'AssessmentReportsDestination') as assessment_reports_destination, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AuditManager::Assessment' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/autoscaling.yaml b/providers/src/aws/v00.00.00000/services/autoscaling.yaml new file mode 100644 index 00000000..902b7c0a --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/autoscaling.yaml @@ -0,0 +1,2009 @@ +openapi: 3.0.0 +info: + title: AutoScaling + version: 1.0.0 +paths: {} +components: + schemas: + TagProperty: + description: |- + A structure that specifies a tag for the ``Tags`` property of [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource. + For more information, see [Tag Auto Scaling groups and instances](https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-tagging.html) in the *Amazon EC2 Auto Scaling User Guide*. You can find a sample template snippet in the [Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html#aws-resource-autoscaling-autoscalinggroup--examples) section of the ``AWS::AutoScaling::AutoScalingGroup`` resource. + CloudFormation adds the following tags to all Auto Scaling groups and associated instances: + + aws:cloudformation:stack-name + + aws:cloudformation:stack-id + + aws:cloudformation:logical-id + additionalProperties: false + type: object + properties: + Value: + description: The tag value. + type: string + Key: + description: The tag key. + type: string + PropagateAtLaunch: + description: Set to ``true`` if you want CloudFormation to copy the tag to EC2 instances that are launched as part of the Auto Scaling group. Set to ``false`` if you want the tag attached only to the Auto Scaling group and not copied to any instances launched as part of the Auto Scaling group. + type: boolean + required: + - Value + - Key + - PropagateAtLaunch + LaunchTemplateSpecification: + description: |- + Specifies a launch template to use when provisioning EC2 instances for an Auto Scaling group. + You must specify the following: + + The ID or the name of the launch template, but not both. + + The version of the launch template. + + ``LaunchTemplateSpecification`` is property of the [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource. It is also a property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplate.html) and [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property types. + For information about creating a launch template, see [AWS::EC2::LaunchTemplate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html) and [Create a launch template for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-launch-template.html) in the *Amazon EC2 Auto Scaling User Guide*. + For examples of launch templates, see [Auto scaling template snippets](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-autoscaling.html) and the [Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#aws-resource-ec2-launchtemplate--examples) section in the ``AWS::EC2::LaunchTemplate`` resource. + additionalProperties: false + type: object + properties: + LaunchTemplateName: + description: |- + The name of the launch template. + You must specify the ``LaunchTemplateName`` or the ``LaunchTemplateID``, but not both. + type: string + Version: + description: |- + The version number of the launch template. + Specifying ``$Latest`` or ``$Default`` for the template version number is not supported. However, you can specify ``LatestVersionNumber`` or ``DefaultVersionNumber`` using the ``Fn::GetAtt`` intrinsic function. For more information, see [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html). + For an example of using the ``Fn::GetAtt`` function, see the [Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html#aws-resource-autoscaling-autoscalinggroup--examples) section of the ``AWS::AutoScaling::AutoScalingGroup`` resource. + type: string + LaunchTemplateId: + description: |- + The ID of the launch template. + You must specify the ``LaunchTemplateID`` or the ``LaunchTemplateName``, but not both. + type: string + required: + - Version + InstancesDistribution: + description: |- + Use this structure to specify the distribution of On-Demand Instances and Spot Instances and the allocation strategies used to fulfill On-Demand and Spot capacities for a mixed instances policy. + For more information, see [Auto Scaling groups with multiple instance types and purchase options](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html) in the *Amazon EC2 Auto Scaling User Guide*. + ``InstancesDistribution`` is a property of the [AWS::AutoScaling::AutoScalingGroup MixedInstancesPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-mixedinstancespolicy.html) property type. + additionalProperties: false + type: object + properties: + OnDemandAllocationStrategy: + description: |- + The allocation strategy to apply to your On-Demand Instances when they are launched. Possible instance types are determined by the launch template overrides that you specify. + The following lists the valid values: + + lowest-price Uses price to determine which instance types are the highest priority, launching the lowest priced instance types within an Availability Zone first. This is the default value for Auto Scaling groups that specify InstanceRequirements. + prioritized You set the order of instance types for the launch template overrides from highest to lowest priority (from first to last in the list). Amazon EC2 Auto Scaling launches your highest priority instance types first. If all your On-Demand capacity cannot be fulfilled using your highest priority instance type, then Amazon EC2 Auto Scaling launches the remaining capacity using the second priority instance type, and so on. This is the default value for Auto Scaling groups that don't specify InstanceRequirements and cannot be used for groups that do. + type: string + OnDemandBaseCapacity: + description: |- + The minimum amount of the Auto Scaling group's capacity that must be fulfilled by On-Demand Instances. This base portion is launched first as your group scales. + This number has the same unit of measurement as the group's desired capacity. If you change the default unit of measurement (number of instances) by specifying weighted capacity values in your launch template overrides list, or by changing the default desired capacity type setting of the group, you must specify this number using the same unit of measurement. + Default: 0 + An update to this setting means a gradual replacement of instances to adjust the current On-Demand Instance levels. When replacing instances, Amazon EC2 Auto Scaling launches new instances before terminating the previous ones. + type: integer + OnDemandPercentageAboveBaseCapacity: + description: |- + Controls the percentages of On-Demand Instances and Spot Instances for your additional capacity beyond ``OnDemandBaseCapacity``. Expressed as a number (for example, 20 specifies 20% On-Demand Instances, 80% Spot Instances). If set to 100, only On-Demand Instances are used. + Default: 100 + An update to this setting means a gradual replacement of instances to adjust the current On-Demand and Spot Instance levels for your additional capacity higher than the base capacity. When replacing instances, Amazon EC2 Auto Scaling launches new instances before terminating the previous ones. + type: integer + SpotInstancePools: + description: |- + The number of Spot Instance pools across which to allocate your Spot Instances. The Spot pools are determined from the different instance types in the overrides. Valid only when the ``SpotAllocationStrategy`` is ``lowest-price``. Value must be in the range of 1–20. + Default: 2 + type: integer + SpotAllocationStrategy: + description: |- + The allocation strategy to apply to your Spot Instances when they are launched. Possible instance types are determined by the launch template overrides that you specify. + The following lists the valid values: + + capacity-optimized Requests Spot Instances using pools that are optimally chosen based on the available Spot capacity. This strategy has the lowest risk of interruption. To give certain instance types a higher chance of launching first, use capacity-optimized-prioritized. + capacity-optimized-prioritized You set the order of instance types for the launch template overrides from highest to lowest priority (from first to last in the list). Amazon EC2 Auto Scaling honors the instance type priorities on a best effort basis but optimizes for capacity first. Note that if the On-Demand allocation strategy is set to prioritized, the same priority is applied when fulfilling On-Demand capacity. This is not a valid value for Auto Scaling groups that specify InstanceRequirements. + lowest-price Requests Spot Instances using the lowest priced pools within an Availability Zone, across the number of Spot pools that you specify for the SpotInstancePools property. To ensure that your desired capacity is met, you might receive Spot Instances from several pools. This is the default value, but it might lead to high interruption rates because this strategy only considers instance price and not available capacity. + price-capacity-optimized (recommended) The price and capacity optimized allocation strategy looks at both price and capacity to select the Spot Instance pools that are the least likely to be interrupted and have the lowest possible price. + type: string + SpotMaxPrice: + description: |- + The maximum price per unit hour that you are willing to pay for a Spot Instance. If your maximum price is lower than the Spot price for the instance types that you selected, your Spot Instances are not launched. We do not recommend specifying a maximum price because it can lead to increased interruptions. When Spot Instances launch, you pay the current Spot price. To remove a maximum price that you previously set, include the property but specify an empty string ("") for the value. + If you specify a maximum price, your instances will be interrupted more frequently than if you do not specify one. + Valid Range: Minimum value of 0.001 + type: string + AcceleratorCountRequest: + description: '``AcceleratorCountRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum number of accelerators for an instance type.' + additionalProperties: false + type: object + properties: + Min: + description: The minimum value. + type: integer + Max: + description: The maximum value. + type: integer + LifecycleHookSpecification: + description: |- + ``LifecycleHookSpecification`` specifies a lifecycle hook for the ``LifecycleHookSpecificationList`` property of the [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource. A lifecycle hook specifies actions to perform when Amazon EC2 Auto Scaling launches or terminates instances. + For more information, see [Amazon EC2 Auto Scaling lifecycle hooks](https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html) in the *Amazon EC2 Auto Scaling User Guide*. You can find a sample template snippet in the [Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-as-lifecyclehook.html#aws-resource-as-lifecyclehook--examples) section of the ``AWS::AutoScaling::LifecycleHook`` resource. + additionalProperties: false + type: object + properties: + LifecycleHookName: + description: The name of the lifecycle hook. + type: string + LifecycleTransition: + description: |- + The lifecycle transition. For Auto Scaling groups, there are two major lifecycle transitions. + + To create a lifecycle hook for scale-out events, specify ``autoscaling:EC2_INSTANCE_LAUNCHING``. + + To create a lifecycle hook for scale-in events, specify ``autoscaling:EC2_INSTANCE_TERMINATING``. + type: string + HeartbeatTimeout: + description: The maximum time, in seconds, that can elapse before the lifecycle hook times out. The range is from ``30`` to ``7200`` seconds. The default value is ``3600`` seconds (1 hour). + type: integer + NotificationMetadata: + description: Additional information that you want to include any time Amazon EC2 Auto Scaling sends a message to the notification target. + type: string + DefaultResult: + description: |- + The action the Auto Scaling group takes when the lifecycle hook timeout elapses or if an unexpected failure occurs. The default value is ``ABANDON``. + Valid values: ``CONTINUE`` | ``ABANDON`` + type: string + NotificationTargetARN: + description: The Amazon Resource Name (ARN) of the notification target that Amazon EC2 Auto Scaling sends notifications to when an instance is in a wait state for the lifecycle hook. You can specify an Amazon SNS topic or an Amazon SQS queue. + type: string + RoleARN: + description: |- + The ARN of the IAM role that allows the Auto Scaling group to publish to the specified notification target. For information about creating this role, see [Configure a notification target for a lifecycle hook](https://docs.aws.amazon.com/autoscaling/ec2/userguide/prepare-for-lifecycle-notifications.html#lifecycle-hook-notification-target) in the *Amazon EC2 Auto Scaling User Guide*. + Valid only if the notification target is an Amazon SNS topic or an Amazon SQS queue. + type: string + required: + - LifecycleHookName + - LifecycleTransition + MemoryGiBPerVCpuRequest: + description: '``MemoryGiBPerVCpuRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum amount of memory per vCPU for an instance type, in GiB.' + additionalProperties: false + type: object + properties: + Min: + description: The memory minimum in GiB. + type: number + Max: + description: The memory maximum in GiB. + type: number + NotificationConfiguration: + description: |- + A structure that specifies an Amazon SNS notification configuration for the ``NotificationConfigurations`` property of the [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource. + For an example template snippet, see [Auto scaling template snippets](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-autoscaling.html). + For more information, see [Get Amazon SNS notifications when your Auto Scaling group scales](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ASGettingNotifications.html) in the *Amazon EC2 Auto Scaling User Guide*. + additionalProperties: false + type: object + properties: + TopicARN: + description: The Amazon Resource Name (ARN) of the Amazon SNS topic. + type: array + items: + type: string + NotificationTypes: + uniqueItems: false + description: |- + A list of event types that send a notification. Event types can include any of the following types. + *Allowed values*: + + ``autoscaling:EC2_INSTANCE_LAUNCH`` + + ``autoscaling:EC2_INSTANCE_LAUNCH_ERROR`` + + ``autoscaling:EC2_INSTANCE_TERMINATE`` + + ``autoscaling:EC2_INSTANCE_TERMINATE_ERROR`` + + ``autoscaling:TEST_NOTIFICATION`` + x-insertionOrder: false + type: array + items: + type: string + required: + - TopicARN + MetricsCollection: + description: |- + ``MetricsCollection`` is a property of the [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource that describes the group metrics that an Amazon EC2 Auto Scaling group sends to Amazon CloudWatch. These metrics describe the group rather than any of its instances. + For more information, see [Monitor CloudWatch metrics for your Auto Scaling groups and instances](https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-monitoring.html) in the *Amazon EC2 Auto Scaling User Guide*. You can find a sample template snippet in the [Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html#aws-resource-autoscaling-autoscalinggroup--examples) section of the ``AWS::AutoScaling::AutoScalingGroup`` resource. + additionalProperties: false + type: object + properties: + Metrics: + uniqueItems: false + description: |- + Identifies the metrics to enable. + You can specify one or more of the following metrics: + + ``GroupMinSize`` + + ``GroupMaxSize`` + + ``GroupDesiredCapacity`` + + ``GroupInServiceInstances`` + + ``GroupPendingInstances`` + + ``GroupStandbyInstances`` + + ``GroupTerminatingInstances`` + + ``GroupTotalInstances`` + + ``GroupInServiceCapacity`` + + ``GroupPendingCapacity`` + + ``GroupStandbyCapacity`` + + ``GroupTerminatingCapacity`` + + ``GroupTotalCapacity`` + + ``WarmPoolDesiredCapacity`` + + ``WarmPoolWarmedCapacity`` + + ``WarmPoolPendingCapacity`` + + ``WarmPoolTerminatingCapacity`` + + ``WarmPoolTotalCapacity`` + + ``GroupAndWarmPoolDesiredCapacity`` + + ``GroupAndWarmPoolTotalCapacity`` + + If you specify ``Granularity`` and don't specify any metrics, all metrics are enabled. + For more information, see [Auto Scaling group metrics](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-cloudwatch-monitoring.html#as-group-metrics) in the *Amazon EC2 Auto Scaling User Guide*. + x-insertionOrder: false + type: array + items: + type: string + Granularity: + description: The frequency at which Amazon EC2 Auto Scaling sends aggregated data to CloudWatch. The only valid value is ``1Minute``. + type: string + required: + - Granularity + TotalLocalStorageGBRequest: + description: '``TotalLocalStorageGBRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum total local storage size for an instance type, in GB.' + additionalProperties: false + type: object + properties: + Min: + description: The storage minimum in GB. + type: number + Max: + description: The storage maximum in GB. + type: number + MemoryMiBRequest: + description: '``MemoryMiBRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum instance memory size for an instance type, in MiB.' + additionalProperties: false + type: object + properties: + Min: + description: The memory minimum in MiB. + type: integer + Max: + description: The memory maximum in MiB. + type: integer + InstanceMaintenancePolicy: + description: |- + ``InstanceMaintenancePolicy`` is a property of the [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource. + For more information, see [Instance maintenance policies](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-maintenance-policy.html) in the *Amazon EC2 Auto Scaling User Guide*. + additionalProperties: false + type: object + properties: + MaxHealthyPercentage: + description: |- + Specifies the upper threshold as a percentage of the desired capacity of the Auto Scaling group. It represents the maximum percentage of the group that can be in service and healthy, or pending, to support your workload when replacing instances. Value range is 100 to 200. To clear a previously set value, specify a value of ``-1``. + Both ``MinHealthyPercentage`` and ``MaxHealthyPercentage`` must be specified, and the difference between them cannot be greater than 100. A large range increases the number of instances that can be replaced at the same time. + type: integer + MinHealthyPercentage: + description: Specifies the lower threshold as a percentage of the desired capacity of the Auto Scaling group. It represents the minimum percentage of the group to keep in service, healthy, and ready to use to support your workload when replacing instances. Value range is 0 to 100. To clear a previously set value, specify a value of ``-1``. + type: integer + x-dependencies: + MaxHealthyPercentage: + - MinHealthyPercentage + MinHealthyPercentage: + - MaxHealthyPercentage + NetworkBandwidthGbpsRequest: + description: |- + ``NetworkBandwidthGbpsRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum network bandwidth for an instance type, in Gbps. + Setting the minimum bandwidth does not guarantee that your instance will achieve the minimum bandwidth. Amazon EC2 will identify instance types that support the specified minimum bandwidth, but the actual bandwidth of your instance might go below the specified minimum at times. For more information, see [Available instance bandwidth](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-network-bandwidth.html#available-instance-bandwidth) in the *Amazon EC2 User Guide for Linux Instances*. + additionalProperties: false + type: object + properties: + Min: + description: The minimum amount of network bandwidth, in gigabits per second (Gbps). + type: number + Max: + description: The maximum amount of network bandwidth, in gigabits per second (Gbps). + type: number + BaselineEbsBandwidthMbpsRequest: + description: '``BaselineEbsBandwidthMbpsRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum baseline bandwidth performance for an instance type, in Mbps.' + additionalProperties: false + type: object + properties: + Min: + description: The minimum value in Mbps. + type: integer + Max: + description: The maximum value in Mbps. + type: integer + NetworkInterfaceCountRequest: + description: '``NetworkInterfaceCountRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum number of network interfaces for an instance type.' + additionalProperties: false + type: object + properties: + Min: + description: The minimum number of network interfaces. + type: integer + Max: + description: The maximum number of network interfaces. + type: integer + VCpuCountRequest: + description: '``VCpuCountRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum number of vCPUs for an instance type.' + additionalProperties: false + type: object + properties: + Min: + description: The minimum number of vCPUs. + type: integer + Max: + description: The maximum number of vCPUs. + type: integer + LaunchTemplate: + description: |- + Use this structure to specify the launch templates and instance types (overrides) for a mixed instances policy. + ``LaunchTemplate`` is a property of the [AWS::AutoScaling::AutoScalingGroup MixedInstancesPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-mixedinstancespolicy.html) property type. + additionalProperties: false + type: object + properties: + LaunchTemplateSpecification: + description: The launch template. + $ref: '#/components/schemas/LaunchTemplateSpecification' + Overrides: + uniqueItems: false + description: Any properties that you specify override the same properties in the launch template. + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/LaunchTemplateOverrides' + required: + - LaunchTemplateSpecification + LaunchTemplateOverrides: + description: |- + Use this structure to let Amazon EC2 Auto Scaling do the following when the Auto Scaling group has a mixed instances policy: + + Override the instance type that is specified in the launch template. + + Use multiple instance types. + + Specify the instance types that you want, or define your instance requirements instead and let Amazon EC2 Auto Scaling provision the available instance types that meet your requirements. This can provide Amazon EC2 Auto Scaling with a larger selection of instance types to choose from when fulfilling Spot and On-Demand capacities. You can view which instance types are matched before you apply the instance requirements to your Auto Scaling group. + After you define your instance requirements, you don't have to keep updating these settings to get new EC2 instance types automatically. Amazon EC2 Auto Scaling uses the instance requirements of the Auto Scaling group to determine whether a new EC2 instance type can be used. + ``LaunchTemplateOverrides`` is a property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplate.html) property type. + additionalProperties: false + type: object + properties: + LaunchTemplateSpecification: + description: >- + Provides a launch template for the specified instance type or set of instance requirements. For example, some instance types might require a launch template with a different AMI. If not provided, Amazon EC2 Auto Scaling uses the launch template that's specified in the ``LaunchTemplate`` definition. For more information, see [Specifying a different launch template for an instance + type](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups-launch-template-overrides.html) in the *Amazon EC2 Auto Scaling User Guide*. + You can specify up to 20 launch templates per Auto Scaling group. The launch templates specified in the overrides and in the ``LaunchTemplate`` definition count towards this limit. + $ref: '#/components/schemas/LaunchTemplateSpecification' + WeightedCapacity: + description: >- + If you provide a list of instance types to use, you can specify the number of capacity units provided by each instance type in terms of virtual CPUs, memory, storage, throughput, or other relative performance characteristic. When a Spot or On-Demand Instance is launched, the capacity units count toward the desired capacity. Amazon EC2 Auto Scaling launches instances until the desired capacity is totally fulfilled, even if this results in an overage. For example, if there are two + units remaining to fulfill capacity, and Amazon EC2 Auto Scaling can only launch an instance with a ``WeightedCapacity`` of five units, the instance is launched, and the desired capacity is exceeded by three units. For more information, see [Configure instance weighting for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups-instance-weighting.html) in the *Amazon EC2 Auto Scaling User Guide*. Value must be in the + range of 1-999. + If you specify a value for ``WeightedCapacity`` for one instance type, you must specify a value for ``WeightedCapacity`` for all of them. + Every Auto Scaling group has three size parameters (``DesiredCapacity``, ``MaxSize``, and ``MinSize``). Usually, you set these sizes based on a specific number of instances. However, if you configure a mixed instances policy that defines weights for the instance types, you must specify these sizes with the same units that you use for weighting instances. + type: string + InstanceRequirements: + description: |- + The instance requirements. Amazon EC2 Auto Scaling uses your specified requirements to identify instance types. Then, it uses your On-Demand and Spot allocation strategies to launch instances from these instance types. + You can specify up to four separate sets of instance requirements per Auto Scaling group. This is useful for provisioning instances from different Amazon Machine Images (AMIs) in the same Auto Scaling group. To do this, create the AMIs and create a new launch template for each AMI. Then, create a compatible set of instance requirements for each launch template. + If you specify ``InstanceRequirements``, you can't specify ``InstanceType``. + $ref: '#/components/schemas/InstanceRequirements' + InstanceType: + description: |- + The instance type, such as ``m3.xlarge``. You must specify an instance type that is supported in your requested Region and Availability Zones. For more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon Elastic Compute Cloud User Guide*. + You can specify up to 40 instance types per Auto Scaling group. + type: string + AcceleratorTotalMemoryMiBRequest: + description: '``AcceleratorTotalMemoryMiBRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum total memory size for the accelerators for an instance type, in MiB.' + additionalProperties: false + type: object + properties: + Min: + description: The memory minimum in MiB. + type: integer + Max: + description: The memory maximum in MiB. + type: integer + MixedInstancesPolicy: + description: |- + Use this structure to launch multiple instance types and On-Demand Instances and Spot Instances within a single Auto Scaling group. + A mixed instances policy contains information that Amazon EC2 Auto Scaling can use to launch instances and help optimize your costs. For more information, see [Auto Scaling groups with multiple instance types and purchase options](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html) in the *Amazon EC2 Auto Scaling User Guide*. + You can create a mixed instances policy for new and existing Auto Scaling groups. You must use a launch template to configure the policy. You cannot use a launch configuration. + There are key differences between Spot Instances and On-Demand Instances: + + The price for Spot Instances varies based on demand + + Amazon EC2 can terminate an individual Spot Instance as the availability of, or price for, Spot Instances changes + + When a Spot Instance is terminated, Amazon EC2 Auto Scaling group attempts to launch a replacement instance to maintain the desired capacity for the group. + ``MixedInstancesPolicy`` is a property of the [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource. + additionalProperties: false + type: object + properties: + InstancesDistribution: + description: The instances distribution. + $ref: '#/components/schemas/InstancesDistribution' + LaunchTemplate: + description: One or more launch templates and the instance types (overrides) that are used to launch EC2 instances to fulfill On-Demand and Spot capacities. + $ref: '#/components/schemas/LaunchTemplate' + required: + - LaunchTemplate + InstanceRequirements: + description: |- + The attributes for the instance types for a mixed instances policy. Amazon EC2 Auto Scaling uses your specified requirements to identify instance types. Then, it uses your On-Demand and Spot allocation strategies to launch instances from these instance types. + When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values. + To limit the list of instance types from which Amazon EC2 Auto Scaling can identify matching instance types, you can use one of the following parameters, but not both in the same request: + + ``AllowedInstanceTypes`` - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes. + + ``ExcludedInstanceTypes`` - The instance types to exclude from the list, even if they match your specified attributes. + + You must specify ``VCpuCount`` and ``MemoryMiB``. All other attributes are optional. Any unspecified optional attribute is set to its default. + For an example template, see [Auto scaling template snippets](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-autoscaling.html). + For more information, see [Creating an Auto Scaling group using attribute-based instance type selection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-instance-type-requirements.html) in the *Amazon EC2 Auto Scaling User Guide*. For help determining which instance types match your attributes before you apply them to your Auto Scaling group, see [Preview instance types with specified attributes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html#ec2fleet-get-instance-types-from-instance-requirements) in the *Amazon EC2 User Guide for Linux Instances*. + ``InstanceRequirements`` is a property of the ``LaunchTemplateOverrides`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplate.html) property type. + additionalProperties: false + type: object + properties: + LocalStorageTypes: + uniqueItems: true + description: |- + Indicates the type of local storage that is required. + + For instance types with hard disk drive (HDD) storage, specify ``hdd``. + + For instance types with solid state drive (SSD) storage, specify ``ssd``. + + Default: Any local storage type + x-insertionOrder: false + type: array + items: + type: string + InstanceGenerations: + uniqueItems: true + description: |- + Indicates whether current or previous generation instance types are included. + + For current generation instance types, specify ``current``. The current generation includes EC2 instance types currently recommended for use. This typically includes the latest two to three generations in each instance family. For more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon EC2 User Guide for Linux Instances*. + + For previous generation instance types, specify ``previous``. + + Default: Any current or previous generation + x-insertionOrder: false + type: array + items: + type: string + NetworkInterfaceCount: + description: |- + The minimum and maximum number of network interfaces for an instance type. + Default: No minimum or maximum limits + $ref: '#/components/schemas/NetworkInterfaceCountRequest' + AcceleratorTypes: + uniqueItems: true + description: |- + Lists the accelerator types that must be on an instance type. + + For instance types with GPU accelerators, specify ``gpu``. + + For instance types with FPGA accelerators, specify ``fpga``. + + For instance types with inference accelerators, specify ``inference``. + + Default: Any accelerator type + x-insertionOrder: false + type: array + items: + type: string + MemoryGiBPerVCpu: + description: |- + The minimum and maximum amount of memory per vCPU for an instance type, in GiB. + Default: No minimum or maximum limits + $ref: '#/components/schemas/MemoryGiBPerVCpuRequest' + AcceleratorManufacturers: + uniqueItems: true + description: |- + Indicates whether instance types must have accelerators by specific manufacturers. + + For instance types with NVIDIA devices, specify ``nvidia``. + + For instance types with AMD devices, specify ``amd``. + + For instance types with AWS devices, specify ``amazon-web-services``. + + For instance types with Xilinx devices, specify ``xilinx``. + + Default: Any manufacturer + x-insertionOrder: false + type: array + items: + type: string + ExcludedInstanceTypes: + uniqueItems: true + description: |- + The instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (``*``), to exclude an instance family, type, size, or generation. The following are examples: ``m5.8xlarge``, ``c5*.*``, ``m5a.*``, ``r*``, ``*3*``. + For example, if you specify ``c5*``, you are excluding the entire C5 instance family, which includes all C5a and C5n instance types. If you specify ``m5a.*``, Amazon EC2 Auto Scaling will exclude all the M5a instance types, but not the M5n instance types. + If you specify ``ExcludedInstanceTypes``, you can't specify ``AllowedInstanceTypes``. + Default: No excluded instance types + x-insertionOrder: true + type: array + items: + type: string + VCpuCount: + description: The minimum and maximum number of vCPUs for an instance type. + $ref: '#/components/schemas/VCpuCountRequest' + AllowedInstanceTypes: + uniqueItems: true + description: |- + The instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes. + You can use strings with one or more wild cards, represented by an asterisk (``*``), to allow an instance type, size, or generation. The following are examples: ``m5.8xlarge``, ``c5*.*``, ``m5a.*``, ``r*``, ``*3*``. + For example, if you specify ``c5*``, Amazon EC2 Auto Scaling will allow the entire C5 instance family, which includes all C5a and C5n instance types. If you specify ``m5a.*``, Amazon EC2 Auto Scaling will allow all the M5a instance types, but not the M5n instance types. + If you specify ``AllowedInstanceTypes``, you can't specify ``ExcludedInstanceTypes``. + Default: All instance types + x-insertionOrder: true + type: array + items: + type: string + LocalStorage: + description: |- + Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, see [Amazon EC2 instance store](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html) in the *Amazon EC2 User Guide for Linux Instances*. + Default: ``included`` + type: string + CpuManufacturers: + uniqueItems: true + description: |- + Lists which specific CPU manufacturers to include. + + For instance types with Intel CPUs, specify ``intel``. + + For instance types with AMD CPUs, specify ``amd``. + + For instance types with AWS CPUs, specify ``amazon-web-services``. + + Don't confuse the CPU hardware manufacturer with the CPU hardware architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. + Default: Any manufacturer + x-insertionOrder: false + type: array + items: + type: string + AcceleratorCount: + description: |- + The minimum and maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips) for an instance type. + To exclude accelerator-enabled instance types, set ``Max`` to ``0``. + Default: No minimum or maximum limits + $ref: '#/components/schemas/AcceleratorCountRequest' + NetworkBandwidthGbps: + description: |- + The minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). + Default: No minimum or maximum limits + $ref: '#/components/schemas/NetworkBandwidthGbpsRequest' + BareMetal: + description: |- + Indicates whether bare metal instance types are included, excluded, or required. + Default: ``excluded`` + type: string + RequireHibernateSupport: + description: |- + Indicates whether instance types must provide On-Demand Instance hibernation support. + Default: ``false`` + type: boolean + MaxSpotPriceAsPercentageOfOptimalOnDemandPrice: + description: >- + [Price protection] The price protection threshold for Spot Instances, as a percentage of an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from either the lowest priced current generation instance types or, failing that, the lowest priced previous generation + instance types that match your attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price exceeds your specified threshold. + The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. + To indicate no price protection threshold, specify a high value, such as ``999999``. + If you set ``DesiredCapacityType`` to ``vcpu`` or ``memory-mib``, the price protection threshold is based on the per-vCPU or per-memory price instead of the per instance price. + Only one of ``SpotMaxPricePercentageOverLowestPrice`` or ``MaxSpotPriceAsPercentageOfOptimalOnDemandPrice`` can be specified. If you don't specify either, then ``SpotMaxPricePercentageOverLowestPrice`` is used and the value for that parameter defaults to ``100``. + type: integer + BaselineEbsBandwidthMbps: + description: |- + The minimum and maximum baseline bandwidth performance for an instance type, in Mbps. For more information, see [Amazon EBS–optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide for Linux Instances*. + Default: No minimum or maximum limits + $ref: '#/components/schemas/BaselineEbsBandwidthMbpsRequest' + SpotMaxPricePercentageOverLowestPrice: + description: >- + [Price protection] The price protection threshold for Spot Instances, as a percentage higher than an identified Spot price. The identified Spot price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from either the lowest priced current generation instance types or, failing that, the lowest priced previous generation + instance types that match your attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price exceeds your specified threshold. + The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. + To turn off price protection, specify a high value, such as ``999999``. + If you set ``DesiredCapacityType`` to ``vcpu`` or ``memory-mib``, the price protection threshold is based on the per-vCPU or per-memory price instead of the per instance price. + Only one of ``SpotMaxPricePercentageOverLowestPrice`` or ``MaxSpotPriceAsPercentageOfOptimalOnDemandPrice`` can be specified. + Default: ``100`` + type: integer + AcceleratorNames: + uniqueItems: true + description: |- + Lists the accelerators that must be on an instance type. + + For instance types with NVIDIA A100 GPUs, specify ``a100``. + + For instance types with NVIDIA V100 GPUs, specify ``v100``. + + For instance types with NVIDIA K80 GPUs, specify ``k80``. + + For instance types with NVIDIA T4 GPUs, specify ``t4``. + + For instance types with NVIDIA M60 GPUs, specify ``m60``. + + For instance types with AMD Radeon Pro V520 GPUs, specify ``radeon-pro-v520``. + + For instance types with Xilinx VU9P FPGAs, specify ``vu9p``. + + Default: Any accelerator + x-insertionOrder: false + type: array + items: + type: string + AcceleratorTotalMemoryMiB: + description: |- + The minimum and maximum total memory size for the accelerators on an instance type, in MiB. + Default: No minimum or maximum limits + $ref: '#/components/schemas/AcceleratorTotalMemoryMiBRequest' + OnDemandMaxPricePercentageOverLowestPrice: + description: >- + [Price protection] The price protection threshold for On-Demand Instances, as a percentage higher than an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from either the lowest priced current generation instance types or, failing that, the lowest priced previous + generation instance types that match your attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price exceeds your specified threshold. + The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. + To turn off price protection, specify a high value, such as ``999999``. + If you set ``DesiredCapacityType`` to ``vcpu`` or ``memory-mib``, the price protection threshold is applied based on the per-vCPU or per-memory price instead of the per instance price. + Default: ``20`` + type: integer + BurstablePerformance: + description: |- + Indicates whether burstable performance instance types are included, excluded, or required. For more information, see [Burstable performance instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) in the *Amazon EC2 User Guide for Linux Instances*. + Default: ``excluded`` + type: string + MemoryMiB: + description: The minimum and maximum instance memory size for an instance type, in MiB. + $ref: '#/components/schemas/MemoryMiBRequest' + TotalLocalStorageGB: + description: |- + The minimum and maximum total local storage size for an instance type, in GB. + Default: No minimum or maximum limits + $ref: '#/components/schemas/TotalLocalStorageGBRequest' + required: + - MemoryMiB + - VCpuCount + AutoScalingGroup: + type: object + properties: + LifecycleHookSpecificationList: + uniqueItems: false + description: One or more lifecycle hooks to add to the Auto Scaling group before instances are launched. + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/LifecycleHookSpecification' + LoadBalancerNames: + uniqueItems: false + description: A list of Classic Load Balancers associated with this Auto Scaling group. For Application Load Balancers, Network Load Balancers, and Gateway Load Balancers, specify the ``TargetGroupARNs`` property instead. + x-insertionOrder: true + type: array + items: + type: string + LaunchConfigurationName: + description: |- + The name of the launch configuration to use to launch instances. + Required only if you don't specify ``LaunchTemplate``, ``MixedInstancesPolicy``, or ``InstanceId``. + type: string + ServiceLinkedRoleARN: + description: The Amazon Resource Name (ARN) of the service-linked role that the Auto Scaling group uses to call other AWS service on your behalf. By default, Amazon EC2 Auto Scaling uses a service-linked role named ``AWSServiceRoleForAutoScaling``, which it creates if it does not exist. For more information, see [Service-linked roles](https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-service-linked-role.html) in the *Amazon EC2 Auto Scaling User Guide*. + type: string + TargetGroupARNs: + uniqueItems: false + description: >- + The Amazon Resource Names (ARN) of the Elastic Load Balancing target groups to associate with the Auto Scaling group. Instances are registered as targets with the target groups. The target groups receive incoming traffic and route requests to one or more registered targets. For more information, see [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html) in + the *Amazon EC2 Auto Scaling User Guide*. + x-insertionOrder: false + type: array + items: + type: string + Cooldown: + description: |- + *Only needed if you use simple scaling policies.* + The amount of time, in seconds, between one scaling activity ending and another one starting due to simple scaling policies. For more information, see [Scaling cooldowns for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/Cooldown.html) in the *Amazon EC2 Auto Scaling User Guide*. + Default: ``300`` seconds + type: string + NotificationConfigurations: + uniqueItems: false + description: Configures an Auto Scaling group to send notifications when specified events take place. + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/NotificationConfiguration' + DesiredCapacity: + pattern: ^[0-9]+$ + description: |- + The desired capacity is the initial capacity of the Auto Scaling group at the time of its creation and the capacity it attempts to maintain. It can scale beyond this capacity if you configure automatic scaling. + The number must be greater than or equal to the minimum size of the group and less than or equal to the maximum size of the group. If you do not specify a desired capacity when creating the stack, the default is the minimum size of the group. + CloudFormation marks the Auto Scaling group as successful (by setting its status to CREATE_COMPLETE) when the desired capacity is reached. However, if a maximum Spot price is set in the launch template or launch configuration that you specified, then desired capacity is not used as a criteria for success. Whether your request is fulfilled depends on Spot Instance capacity and your maximum price. + type: string + HealthCheckGracePeriod: + description: >- + The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before checking the health status of an EC2 instance that has come into service and marking it unhealthy due to a failed health check. This is useful if your instances do not immediately pass their health checks after they enter the ``InService`` state. For more information, see [Set the health check grace period for an Auto Scaling + group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/health-check-grace-period.html) in the *Amazon EC2 Auto Scaling User Guide*. + Default: ``0`` seconds + type: integer + DefaultInstanceWarmup: + description: |- + The amount of time, in seconds, until a new instance is considered to have finished initializing and resource consumption to become stable after it enters the ``InService`` state. + During an instance refresh, Amazon EC2 Auto Scaling waits for the warm-up period after it replaces an instance before it moves on to replacing the next instance. Amazon EC2 Auto Scaling also waits for the warm-up period before aggregating the metrics for new instances with existing instances in the Amazon CloudWatch metrics that are used for scaling, resulting in more reliable usage data. For more information, see [Set the default instance warmup for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-default-instance-warmup.html) in the *Amazon EC2 Auto Scaling User Guide*. + To manage various warm-up settings at the group level, we recommend that you set the default instance warmup, *even if it is set to 0 seconds*. To remove a value that you previously set, include the property but specify ``-1`` for the value. However, we strongly recommend keeping the default instance warmup enabled by specifying a value of ``0`` or other nominal value. + Default: None + type: integer + NewInstancesProtectedFromScaleIn: + description: Indicates whether newly launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. For more information about preventing instances from terminating on scale in, see [Using instance scale-in protection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html) in the *Amazon EC2 Auto Scaling User Guide*. + type: boolean + LaunchTemplate: + description: |- + Information used to specify the launch template and version to use to launch instances. You can alternatively associate a launch template to the Auto Scaling group by specifying a ``MixedInstancesPolicy``. For more information about creating launch templates, see [Create a launch template for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-launch-template.html) in the *Amazon EC2 Auto Scaling User Guide*. + If you omit this property, you must specify ``MixedInstancesPolicy``, ``LaunchConfigurationName``, or ``InstanceId``. + $ref: '#/components/schemas/LaunchTemplateSpecification' + MixedInstancesPolicy: + description: |- + An embedded object that specifies a mixed instances policy. + The policy includes properties that not only define the distribution of On-Demand Instances and Spot Instances, the maximum price to pay for Spot Instances (optional), and how the Auto Scaling group allocates instance types to fulfill On-Demand and Spot capacities, but also the properties that specify the instance configuration information—the launch template and instance types. The policy can also include a weight for each instance type and different launch templates for individual instance types. + For more information, see [Auto Scaling groups with multiple instance types and purchase options](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html) in the *Amazon EC2 Auto Scaling User Guide*. + $ref: '#/components/schemas/MixedInstancesPolicy' + VPCZoneIdentifier: + uniqueItems: false + description: |- + A list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created. + If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html). + When you update ``VPCZoneIdentifier``, this retains the same Auto Scaling group and replaces old instances with new ones, according to the specified subnets. You can optionally specify how CloudFormation handles these updates by using an [UpdatePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html). + Required to launch instances into a nondefault VPC. If you specify ``VPCZoneIdentifier`` with ``AvailabilityZones``, the subnets that you specify for this property must reside in those Availability Zones. + x-insertionOrder: false + type: array + items: + type: string + Tags: + description: >- + One or more tags. You can tag your Auto Scaling group and propagate the tags to the Amazon EC2 instances it launches. Tags are not propagated to Amazon EBS volumes. To add tags to Amazon EBS volumes, specify the tags in a launch template but use caution. If the launch template specifies an instance tag with a key that is also specified for the Auto Scaling group, Amazon EC2 Auto Scaling overrides the value of that instance tag with the value specified by the Auto Scaling group. For + more information, see [Tag Auto Scaling groups and instances](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-tagging.html) in the *Amazon EC2 Auto Scaling User Guide*. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/TagProperty' + Context: + description: Reserved. + type: string + CapacityRebalance: + description: >- + Indicates whether Capacity Rebalancing is enabled. Otherwise, Capacity Rebalancing is disabled. When you turn on Capacity Rebalancing, Amazon EC2 Auto Scaling attempts to launch a Spot Instance whenever Amazon EC2 notifies that a Spot Instance is at an elevated risk of interruption. After launching a new instance, it then terminates an old instance. For more information, see [Use Capacity Rebalancing to handle Amazon EC2 Spot + Interruptions](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-capacity-rebalancing.html) in the in the *Amazon EC2 Auto Scaling User Guide*. + type: boolean + InstanceId: + description: |- + The ID of the instance used to base the launch configuration on. For more information, see [Create an Auto Scaling group using an EC2 instance](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-from-instance.html) in the *Amazon EC2 Auto Scaling User Guide*. + If you specify ``LaunchTemplate``, ``MixedInstancesPolicy``, or ``LaunchConfigurationName``, don't specify ``InstanceId``. + type: string + AvailabilityZones: + uniqueItems: false + description: A list of Availability Zones where instances in the Auto Scaling group can be created. Used for launching into the default VPC subnet in each Availability Zone when not using the ``VPCZoneIdentifier`` property, or for attaching a network interface when an existing network interface ID is specified in a launch template. + x-insertionOrder: false + type: array + items: + type: string + NotificationConfiguration: + description: '' + $ref: '#/components/schemas/NotificationConfiguration' + MetricsCollection: + uniqueItems: false + description: Enables the monitoring of group metrics of an Auto Scaling group. By default, these metrics are disabled. + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/MetricsCollection' + InstanceMaintenancePolicy: + description: An instance maintenance policy. For more information, see [Set instance maintenance policy](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-maintenance-policy.html) in the *Amazon EC2 Auto Scaling User Guide*. + $ref: '#/components/schemas/InstanceMaintenancePolicy' + MaxSize: + pattern: ^[0-9]+$ + description: |- + The maximum size of the group. + With a mixed instances policy that uses instance weighting, Amazon EC2 Auto Scaling may need to go above ``MaxSize`` to meet your capacity requirements. In this event, Amazon EC2 Auto Scaling will never go above ``MaxSize`` by more than your largest instance weight (weights that define how many units each instance contributes to the desired capacity of the group). + type: string + MinSize: + pattern: ^[0-9]+$ + description: The minimum size of the group. + type: string + TerminationPolicies: + uniqueItems: false + description: |- + A policy or a list of policies that are used to select the instance to terminate. These policies are executed in the order that you list them. For more information, see [Work with Amazon EC2 Auto Scaling termination policies](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html) in the *Amazon EC2 Auto Scaling User Guide*. + Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias`` + x-insertionOrder: true + type: array + items: + type: string + AutoScalingGroupName: + description: |- + The name of the Auto Scaling group. This name must be unique per Region per account. + The name can contain any ASCII character 33 to 126 including most punctuation characters, digits, and upper and lowercased letters. + You cannot use a colon (:) in the name. + type: string + DesiredCapacityType: + description: |- + The unit of measurement for the value specified for desired capacity. Amazon EC2 Auto Scaling supports ``DesiredCapacityType`` for attribute-based instance type selection only. For more information, see [Creating an Auto Scaling group using attribute-based instance type selection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-instance-type-requirements.html) in the *Amazon EC2 Auto Scaling User Guide*. + By default, Amazon EC2 Auto Scaling specifies ``units``, which translates into number of instances. + Valid values: ``units`` | ``vcpu`` | ``memory-mib`` + type: string + PlacementGroup: + description: |- + The name of the placement group into which to launch your instances. For more information, see [Placement groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in the *Amazon EC2 User Guide for Linux Instances*. + A *cluster* placement group is a logical grouping of instances within a single Availability Zone. You cannot specify multiple Availability Zones and a cluster placement group. + type: string + HealthCheckType: + description: |- + A comma-separated value string of one or more health check types. + The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for Auto Scaling instances](https://docs.aws.amazon.com/autoscaling/ec2/userguide/healthcheck.html) in the *Amazon EC2 Auto Scaling User Guide*. + Only specify ``EC2`` if you must clear a value that was previously set. + type: string + MaxInstanceLifetime: + description: The maximum amount of time, in seconds, that an instance can be in service. The default is null. If specified, the value must be either 0 or a number equal to or greater than 86,400 seconds (1 day). For more information, see [Replacing Auto Scaling instances based on maximum instance lifetime](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html) in the *Amazon EC2 Auto Scaling User Guide*. + type: integer + required: + - MinSize + - MaxSize + x-stackql-resource-name: auto_scaling_group + description: |- + The ``AWS::AutoScaling::AutoScalingGroup`` resource defines an Amazon EC2 Auto Scaling group, which is a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. + For more information about Amazon EC2 Auto Scaling, see the [Amazon EC2 Auto Scaling User Guide](https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html). + Amazon EC2 Auto Scaling configures instances launched as part of an Auto Scaling group using either a [launch template](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html) or a launch configuration. We strongly recommend that you do not use launch configurations. They do not provide full functionality for Amazon EC2 Auto Scaling or Amazon EC2. For more information, see [Launch configurations](https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-configurations.html) and [Migrate CloudFormation stacks from launch configurations to launch templates](https://docs.aws.amazon.com/autoscaling/ec2/userguide/migrate-launch-configurations-with-cloudformation.html) in the *Amazon EC2 Auto Scaling User Guide*. + x-type-name: AWS::AutoScaling::AutoScalingGroup + x-stackql-primary-identifier: + - AutoScalingGroupName + x-create-only-properties: + - InstanceId + - AutoScalingGroupName + x-conditional-create-only-properties: + - LaunchConfigurationName + - VPCZoneIdentifier + - PlacementGroup + - LaunchTemplate + - MixedInstancesPolicy + x-write-only-properties: + - InstanceId + x-required-properties: + - MinSize + - MaxSize + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: true + x-required-permissions: + read: + - autoscaling:Describe* + - managed-fleets:Get* + create: + - autoscaling:CreateAutoScalingGroup + - autoscaling:UpdateAutoScalingGroup + - autoscaling:CreateOrUpdateTags + - autoscaling:Describe* + - autoscaling:EnableMetricsCollection + - autoscaling:PutNotificationConfiguration + - cloudwatch:PutMetricAlarm + - ec2:Describe* + - ec2:Get* + - ec2:RunInstances + - elasticloadbalancing:Describe* + - iam:CreateServiceLinkedRole + - iam:PassRole + - managed-fleets:Get* + - managed-fleets:CreateAutoScalingGroup + - managed-fleets:UpdateAutoScalingGroup + - ssm:Get* + update: + - autoscaling:UpdateAutoScalingGroup + - autoscaling:CreateOrUpdateTags + - autoscaling:DeleteTags + - autoscaling:Describe* + - autoscaling:EnableMetricsCollection + - autoscaling:DisableMetricsCollection + - autoscaling:PutNotificationConfiguration + - autoscaling:DeleteNotificationConfiguration + - autoscaling:DetachLoadBalancerTargetGroups + - autoscaling:AttachLoadBalancerTargetGroups + - autoscaling:AttachLoadBalancers + - autoscaling:DetachLoadBalancers + - autoscaling:AttachTrafficSources + - autoscaling:DetachTrafficSources + - autoscaling:DeleteLifecycleHook + - autoscaling:PutLifecycleHook + - cloudwatch:PutMetricAlarm + - ec2:Describe* + - ec2:Get* + - ec2:RunInstances + - elasticloadbalancing:Describe* + - iam:CreateServiceLinkedRole + - iam:PassRole + - managed-fleets:Get* + - managed-fleets:RegisterAutoScalingGroup + - managed-fleets:DeregisterAutoScalingGroup + - managed-fleets:UpdateAutoScalingGroup + - ssm:Get* + list: + - autoscaling:Describe* + delete: + - autoscaling:DeleteAutoScalingGroup + - autoscaling:UpdateAutoScalingGroup + - autoscaling:Describe* + - managed-fleets:Get* + - managed-fleets:DeleteAutoScalingGroup + MetadataOptions: + description: MetadataOptions is a property of AWS::AutoScaling::LaunchConfiguration that describes metadata options for the instances. + type: object + additionalProperties: false + properties: + HttpPutResponseHopLimit: + description: The desired HTTP PUT response hop limit for instance metadata requests. + type: integer + HttpTokens: + description: The state of token usage for your instance metadata requests. + type: string + HttpEndpoint: + description: This parameter enables or disables the HTTP metadata endpoint on your instances. + type: string + BlockDeviceMapping: + description: BlockDeviceMapping is a property of AWS::AutoScaling::LaunchConfiguration that describes a block device mapping for an Auto Scaling group. + type: object + additionalProperties: false + properties: + NoDevice: + description: Setting this value to true suppresses the specified device included in the block device mapping of the AMI. + type: boolean + VirtualName: + description: The name of the virtual device. + type: string + Ebs: + description: Parameters used to automatically set up EBS volumes when an instance is launched. + $ref: '#/components/schemas/BlockDevice' + DeviceName: + description: 'The device name exposed to the EC2 instance (for example, /dev/sdh or xvdh). ' + type: string + required: + - DeviceName + BlockDevice: + description: BlockDevice is a subproperty of BlockDeviceMapping that describes an Amazon EBS volume. + type: object + additionalProperties: false + properties: + SnapshotId: + description: The snapshot ID of the volume to use. + type: string + VolumeType: + description: The volume type. + type: string + Encrypted: + description: 'Specifies whether the volume should be encrypted. ' + type: boolean + Iops: + description: 'The number of input/output (I/O) operations per second (IOPS) to provision for the volume. ' + type: integer + VolumeSize: + description: The volume size, in GiBs. + type: integer + DeleteOnTermination: + description: 'Indicates whether the volume is deleted on instance termination. ' + type: boolean + Throughput: + description: The throughput (MiBps) to provision for a gp3 volume. + type: integer + LaunchConfiguration: + type: object + properties: + AssociatePublicIpAddress: + description: For Auto Scaling groups that are running in a virtual private cloud (VPC), specifies whether to assign a public IP address to the group's instances. + type: boolean + BlockDeviceMappings: + description: Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/BlockDeviceMapping' + ClassicLinkVPCId: + description: The ID of a ClassicLink-enabled VPC to link your EC2-Classic instances to. + type: string + ClassicLinkVPCSecurityGroups: + description: The IDs of one or more security groups for the VPC that you specified in the ClassicLinkVPCId property. + type: array + x-insertionOrder: false + items: + type: string + EbsOptimized: + description: Specifies whether the launch configuration is optimized for EBS I/O (true) or not (false). + type: boolean + IamInstanceProfile: + description: Provides the name or the Amazon Resource Name (ARN) of the instance profile associated with the IAM role for the instance. The instance profile contains the IAM role. + type: string + ImageId: + description: Provides the unique ID of the Amazon Machine Image (AMI) that was assigned during registration. + type: string + InstanceId: + description: The ID of the Amazon EC2 instance you want to use to create the launch configuration. + type: string + InstanceMonitoring: + description: Controls whether instances in this group are launched with detailed (true) or basic (false) monitoring. + type: boolean + InstanceType: + description: Specifies the instance type of the EC2 instance. + type: string + KernelId: + description: Provides the ID of the kernel associated with the EC2 AMI. + type: string + KeyName: + description: Provides the name of the EC2 key pair. + type: string + LaunchConfigurationName: + description: The name of the launch configuration. This name must be unique per Region per account. + type: string + minLength: 1 + maxLength: 255 + MetadataOptions: + description: The metadata options for the instances. + $ref: '#/components/schemas/MetadataOptions' + PlacementTenancy: + description: The tenancy of the instance, either default or dedicated. + type: string + RamDiskId: + description: The ID of the RAM disk to select. + type: string + SecurityGroups: + description: A list that contains the security groups to assign to the instances in the Auto Scaling group. + type: array + x-insertionOrder: false + items: + type: string + SpotPrice: + description: The maximum hourly price you are willing to pay for any Spot Instances launched to fulfill the request. + type: string + UserData: + description: The Base64-encoded user data to make available to the launched EC2 instances. + type: string + maxLength: 21847 + required: + - ImageId + - InstanceType + x-stackql-resource-name: launch_configuration + description: The AWS::AutoScaling::LaunchConfiguration resource specifies the launch configuration that can be used by an Auto Scaling group to configure Amazon EC2 instances. + x-type-name: AWS::AutoScaling::LaunchConfiguration + x-stackql-primary-identifier: + - LaunchConfigurationName + x-create-only-properties: + - AssociatePublicIpAddress + - BlockDeviceMappings + - ClassicLinkVPCId + - ClassicLinkVPCSecurityGroups + - EbsOptimized + - IamInstanceProfile + - ImageId + - InstanceId + - InstanceMonitoring + - InstanceType + - KernelId + - KeyName + - LaunchConfigurationName + - MetadataOptions + - PlacementTenancy + - RamDiskId + - SecurityGroups + - SpotPrice + - UserData + x-write-only-properties: + - InstanceId + x-required-properties: + - ImageId + - InstanceType + x-tagging: + taggable: false + x-required-permissions: + create: + - autoscaling:CreateLaunchConfiguration + - autoscaling:DescribeLaunchConfigurations + - iam:PassRole + read: + - autoscaling:DescribeLaunchConfigurations + delete: + - autoscaling:DeleteLaunchConfiguration + - autoscaling:DescribeLaunchConfigurations + list: + - autoscaling:DescribeLaunchConfigurations + LifecycleHook: + type: object + properties: + AutoScalingGroupName: + description: The name of the Auto Scaling group for the lifecycle hook. + type: string + DefaultResult: + description: The action the Auto Scaling group takes when the lifecycle hook timeout elapses or if an unexpected failure occurs. The valid values are CONTINUE and ABANDON (default). + type: string + HeartbeatTimeout: + description: The maximum time, in seconds, that can elapse before the lifecycle hook times out. The range is from 30 to 7200 seconds. The default value is 3600 seconds (1 hour). If the lifecycle hook times out, Amazon EC2 Auto Scaling performs the action that you specified in the DefaultResult property. + type: integer + LifecycleHookName: + description: The name of the lifecycle hook. + type: string + minLength: 1 + maxLength: 255 + LifecycleTransition: + description: The instance state to which you want to attach the lifecycle hook. + type: string + NotificationMetadata: + description: Additional information that is included any time Amazon EC2 Auto Scaling sends a message to the notification target. + type: string + minLength: 1 + maxLength: 1023 + NotificationTargetARN: + description: 'The Amazon Resource Name (ARN) of the notification target that Amazon EC2 Auto Scaling uses to notify you when an instance is in the transition state for the lifecycle hook. You can specify an Amazon SQS queue or an Amazon SNS topic. The notification message includes the following information: lifecycle action token, user account ID, Auto Scaling group name, lifecycle hook name, instance ID, lifecycle transition, and notification metadata.' + type: string + RoleARN: + description: The ARN of the IAM role that allows the Auto Scaling group to publish to the specified notification target, for example, an Amazon SNS topic or an Amazon SQS queue. + type: string + required: + - LifecycleTransition + - AutoScalingGroupName + x-stackql-resource-name: lifecycle_hook + description: Resource Type definition for AWS::AutoScaling::LifecycleHook + x-type-name: AWS::AutoScaling::LifecycleHook + x-stackql-primary-identifier: + - AutoScalingGroupName + - LifecycleHookName + x-create-only-properties: + - AutoScalingGroupName + - LifecycleHookName + x-required-properties: + - LifecycleTransition + - AutoScalingGroupName + x-tagging: + taggable: false + x-required-permissions: + create: + - autoscaling:PutLifecycleHook + - autoscaling:DescribeLifecycleHooks + - iam:PassRole + read: + - autoscaling:DescribeLifecycleHooks + update: + - autoscaling:PutLifecycleHook + - autoscaling:DescribeLifecycleHooks + - iam:PassRole + delete: + - autoscaling:DeleteLifecycleHook + - autoscaling:DescribeLifecycleHooks + list: + - autoscaling:DescribeLifecycleHooks + PredictiveScalingMetricSpecification: + type: object + additionalProperties: false + properties: + CustomizedCapacityMetricSpecification: + $ref: '#/components/schemas/PredictiveScalingCustomizedCapacityMetric' + CustomizedLoadMetricSpecification: + $ref: '#/components/schemas/PredictiveScalingCustomizedLoadMetric' + CustomizedScalingMetricSpecification: + $ref: '#/components/schemas/PredictiveScalingCustomizedScalingMetric' + PredefinedLoadMetricSpecification: + $ref: '#/components/schemas/PredictiveScalingPredefinedLoadMetric' + TargetValue: + type: number + PredefinedScalingMetricSpecification: + $ref: '#/components/schemas/PredictiveScalingPredefinedScalingMetric' + PredefinedMetricPairSpecification: + $ref: '#/components/schemas/PredictiveScalingPredefinedMetricPair' + required: + - TargetValue + PredictiveScalingConfiguration: + type: object + additionalProperties: false + properties: + MetricSpecifications: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/PredictiveScalingMetricSpecification' + MaxCapacityBreachBehavior: + type: string + MaxCapacityBuffer: + type: integer + SchedulingBufferTime: + type: integer + Mode: + type: string + required: + - MetricSpecifications + CustomizedMetricSpecification: + type: object + additionalProperties: false + properties: + MetricName: + type: string + Dimensions: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/MetricDimension' + Statistic: + type: string + Unit: + type: string + Namespace: + type: string + required: + - MetricName + - Statistic + - Namespace + TargetTrackingConfiguration: + type: object + additionalProperties: false + properties: + CustomizedMetricSpecification: + $ref: '#/components/schemas/CustomizedMetricSpecification' + TargetValue: + type: number + DisableScaleIn: + type: boolean + PredefinedMetricSpecification: + $ref: '#/components/schemas/PredefinedMetricSpecification' + required: + - TargetValue + PredictiveScalingPredefinedLoadMetric: + type: object + additionalProperties: false + properties: + ResourceLabel: + type: string + PredefinedMetricType: + type: string + required: + - PredefinedMetricType + StepAdjustment: + type: object + additionalProperties: false + x-insertionOrder: false + properties: + MetricIntervalUpperBound: + type: number + MetricIntervalLowerBound: + type: number + ScalingAdjustment: + type: integer + required: + - ScalingAdjustment + PredictiveScalingPredefinedMetricPair: + type: object + additionalProperties: false + properties: + ResourceLabel: + type: string + PredefinedMetricType: + type: string + required: + - PredefinedMetricType + PredefinedMetricSpecification: + type: object + additionalProperties: false + properties: + ResourceLabel: + type: string + PredefinedMetricType: + type: string + required: + - PredefinedMetricType + MetricDimension: + type: object + additionalProperties: false + properties: + Value: + type: string + Name: + type: string + required: + - Value + - Name + PredictiveScalingPredefinedScalingMetric: + type: object + additionalProperties: false + properties: + ResourceLabel: + type: string + PredefinedMetricType: + type: string + required: + - PredefinedMetricType + PredictiveScalingCustomizedLoadMetric: + type: object + additionalProperties: false + properties: + MetricDataQueries: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/MetricDataQuery' + required: + - MetricDataQueries + PredictiveScalingCustomizedCapacityMetric: + type: object + additionalProperties: false + properties: + MetricDataQueries: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/MetricDataQuery' + required: + - MetricDataQueries + PredictiveScalingCustomizedScalingMetric: + type: object + additionalProperties: false + properties: + MetricDataQueries: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/MetricDataQuery' + required: + - MetricDataQueries + Metric: + type: object + additionalProperties: false + properties: + MetricName: + type: string + Dimensions: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/MetricDimension' + Namespace: + type: string + required: + - MetricName + - Namespace + MetricStat: + type: object + additionalProperties: false + properties: + Metric: + $ref: '#/components/schemas/Metric' + Stat: + type: string + Unit: + type: string + required: + - Stat + - Metric + MetricDataQuery: + type: object + additionalProperties: false + properties: + Label: + type: string + MetricStat: + $ref: '#/components/schemas/MetricStat' + Id: + type: string + ReturnData: + type: boolean + Expression: + type: string + required: + - Id + ScalingPolicy: + type: object + properties: + MetricAggregationType: + description: The aggregation type for the CloudWatch metrics. The valid values are Minimum, Maximum, and Average. If the aggregation type is null, the value is treated as Average. Valid only if the policy type is StepScaling. + type: string + PolicyName: + type: string + PolicyType: + description: 'One of the following policy types: TargetTrackingScaling, StepScaling, SimpleScaling (default), PredictiveScaling' + type: string + PredictiveScalingConfiguration: + description: A predictive scaling policy. Includes support for predefined metrics only. + $ref: '#/components/schemas/PredictiveScalingConfiguration' + ScalingAdjustment: + description: The amount by which to scale, based on the specified adjustment type. A positive value adds to the current capacity while a negative number removes from the current capacity. For exact capacity, you must specify a positive value. Required if the policy type is SimpleScaling. (Not used with any other policy type.) + type: integer + Cooldown: + description: The duration of the policy's cooldown period, in seconds. When a cooldown period is specified here, it overrides the default cooldown period defined for the Auto Scaling group. + type: string + StepAdjustments: + description: A set of adjustments that enable you to scale based on the size of the alarm breach. Required if the policy type is StepScaling. (Not used with any other policy type.) + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/StepAdjustment' + AutoScalingGroupName: + description: The name of the Auto Scaling group. + type: string + MinAdjustmentMagnitude: + description: The minimum value to scale by when the adjustment type is PercentChangeInCapacity. For example, suppose that you create a step scaling policy to scale out an Auto Scaling group by 25 percent and you specify a MinAdjustmentMagnitude of 2. If the group has 4 instances and the scaling policy is performed, 25 percent of 4 is 1. However, because you specified a MinAdjustmentMagnitude of 2, Amazon EC2 Auto Scaling scales out the group by 2 instances. + type: integer + TargetTrackingConfiguration: + description: A target tracking scaling policy. Includes support for predefined or customized metrics. + $ref: '#/components/schemas/TargetTrackingConfiguration' + EstimatedInstanceWarmup: + description: The estimated time, in seconds, until a newly launched instance can contribute to the CloudWatch metrics. If not provided, the default is to use the value from the default cooldown period for the Auto Scaling group. Valid only if the policy type is TargetTrackingScaling or StepScaling. + type: integer + AdjustmentType: + description: Specifies how the scaling adjustment is interpreted. The valid values are ChangeInCapacity, ExactCapacity, and PercentChangeInCapacity. + type: string + Arn: + description: The ARN of the AutoScaling scaling policy + type: string + required: + - AutoScalingGroupName + x-stackql-resource-name: scaling_policy + description: The AWS::AutoScaling::ScalingPolicy resource specifies an Amazon EC2 Auto Scaling scaling policy so that the Auto Scaling group can scale the number of instances available for your application. + x-type-name: AWS::AutoScaling::ScalingPolicy + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - AutoScalingGroupName + x-read-only-properties: + - PolicyName + - Arn + x-required-properties: + - AutoScalingGroupName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - autoscaling:DescribePolicies + - autoscaling:PutScalingPolicy + - cloudwatch:GetMetricData + read: + - autoscaling:DescribePolicies + update: + - autoscaling:DescribePolicies + - autoscaling:PutScalingPolicy + - cloudwatch:GetMetricData + delete: + - autoscaling:DeletePolicy + - autoscaling:DescribePolicies + list: + - autoscaling:DescribePolicies + ScheduledAction: + type: object + properties: + ScheduledActionName: + description: Auto-generated unique identifier + type: string + MinSize: + description: The minimum size of the Auto Scaling group. + type: integer + Recurrence: + description: The recurring schedule for the action, in Unix cron syntax format. When StartTime and EndTime are specified with Recurrence , they form the boundaries of when the recurring action starts and stops. + type: string + TimeZone: + description: The time zone for the cron expression. + type: string + EndTime: + description: The latest scheduled start time to return. If scheduled action names are provided, this parameter is ignored. + type: string + AutoScalingGroupName: + description: The name of the Auto Scaling group. + type: string + StartTime: + description: The earliest scheduled start time to return. If scheduled action names are provided, this parameter is ignored. + type: string + DesiredCapacity: + description: The desired capacity is the initial capacity of the Auto Scaling group after the scheduled action runs and the capacity it attempts to maintain. + type: integer + MaxSize: + description: The minimum size of the Auto Scaling group. + type: integer + required: + - AutoScalingGroupName + x-stackql-resource-name: scheduled_action + description: The AWS::AutoScaling::ScheduledAction resource specifies an Amazon EC2 Auto Scaling scheduled action so that the Auto Scaling group can change the number of instances available for your application in response to predictable load changes. + x-type-name: AWS::AutoScaling::ScheduledAction + x-stackql-primary-identifier: + - ScheduledActionName + - AutoScalingGroupName + x-create-only-properties: + - AutoScalingGroupName + x-read-only-properties: + - ScheduledActionName + x-required-properties: + - AutoScalingGroupName + x-tagging: + taggable: false + x-required-permissions: + create: + - autoscaling:PutScheduledUpdateGroupAction + - autoscaling:DescribeScheduledActions + read: + - autoscaling:DescribeScheduledActions + update: + - autoscaling:PutScheduledUpdateGroupAction + delete: + - autoscaling:DeleteScheduledAction + - autoscaling:DescribeScheduledActions + list: + - autoscaling:DescribeScheduledActions + InstanceReusePolicy: + type: object + additionalProperties: false + properties: + ReuseOnScaleIn: + type: boolean + WarmPool: + type: object + properties: + AutoScalingGroupName: + type: string + MaxGroupPreparedCapacity: + type: integer + MinSize: + type: integer + PoolState: + type: string + InstanceReusePolicy: + $ref: '#/components/schemas/InstanceReusePolicy' + required: + - AutoScalingGroupName + x-stackql-resource-name: warm_pool + description: Resource schema for AWS::AutoScaling::WarmPool. + x-type-name: AWS::AutoScaling::WarmPool + x-stackql-primary-identifier: + - AutoScalingGroupName + x-create-only-properties: + - AutoScalingGroupName + x-required-properties: + - AutoScalingGroupName + x-required-permissions: + create: + - autoscaling:PutWarmPool + - autoscaling:DescribeWarmPool + - autoscaling:DescribeAutoScalingGroups + delete: + - autoscaling:DeleteWarmPool + - autoscaling:DescribeWarmPool + read: + - autoscaling:DescribeWarmPool + update: + - autoscaling:PutWarmPool + - autoscaling:DescribeWarmPool + - autoscaling:DescribeAutoScalingGroups + x-stackQL-resources: + auto_scaling_groups: + name: auto_scaling_groups + id: aws.autoscaling.auto_scaling_groups + x-cfn-schema-name: AutoScalingGroup + x-type: list + x-identifiers: + - AutoScalingGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AutoScalingGroupName') as auto_scaling_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AutoScaling::AutoScalingGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AutoScalingGroupName') as auto_scaling_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AutoScaling::AutoScalingGroup' + AND region = 'us-east-1' + auto_scaling_group: + name: auto_scaling_group + id: aws.autoscaling.auto_scaling_group + x-cfn-schema-name: AutoScalingGroup + x-type: get + x-identifiers: + - AutoScalingGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LifecycleHookSpecificationList') as lifecycle_hook_specification_list, + JSON_EXTRACT(Properties, '$.LoadBalancerNames') as load_balancer_names, + JSON_EXTRACT(Properties, '$.LaunchConfigurationName') as launch_configuration_name, + JSON_EXTRACT(Properties, '$.ServiceLinkedRoleARN') as service_linked_role_arn, + JSON_EXTRACT(Properties, '$.TargetGroupARNs') as target_group_arns, + JSON_EXTRACT(Properties, '$.Cooldown') as cooldown, + JSON_EXTRACT(Properties, '$.NotificationConfigurations') as notification_configurations, + JSON_EXTRACT(Properties, '$.DesiredCapacity') as desired_capacity, + JSON_EXTRACT(Properties, '$.HealthCheckGracePeriod') as health_check_grace_period, + JSON_EXTRACT(Properties, '$.DefaultInstanceWarmup') as default_instance_warmup, + JSON_EXTRACT(Properties, '$.NewInstancesProtectedFromScaleIn') as new_instances_protected_from_scale_in, + JSON_EXTRACT(Properties, '$.LaunchTemplate') as launch_template, + JSON_EXTRACT(Properties, '$.MixedInstancesPolicy') as mixed_instances_policy, + JSON_EXTRACT(Properties, '$.VPCZoneIdentifier') as vpc_zone_identifier, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Context') as context, + JSON_EXTRACT(Properties, '$.CapacityRebalance') as capacity_rebalance, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(Properties, '$.AvailabilityZones') as availability_zones, + JSON_EXTRACT(Properties, '$.NotificationConfiguration') as notification_configuration, + JSON_EXTRACT(Properties, '$.MetricsCollection') as metrics_collection, + JSON_EXTRACT(Properties, '$.InstanceMaintenancePolicy') as instance_maintenance_policy, + JSON_EXTRACT(Properties, '$.MaxSize') as max_size, + JSON_EXTRACT(Properties, '$.MinSize') as min_size, + JSON_EXTRACT(Properties, '$.TerminationPolicies') as termination_policies, + JSON_EXTRACT(Properties, '$.AutoScalingGroupName') as auto_scaling_group_name, + JSON_EXTRACT(Properties, '$.DesiredCapacityType') as desired_capacity_type, + JSON_EXTRACT(Properties, '$.PlacementGroup') as placement_group, + JSON_EXTRACT(Properties, '$.HealthCheckType') as health_check_type, + JSON_EXTRACT(Properties, '$.MaxInstanceLifetime') as max_instance_lifetime + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AutoScaling::AutoScalingGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LifecycleHookSpecificationList') as lifecycle_hook_specification_list, + json_extract_path_text(Properties, 'LoadBalancerNames') as load_balancer_names, + json_extract_path_text(Properties, 'LaunchConfigurationName') as launch_configuration_name, + json_extract_path_text(Properties, 'ServiceLinkedRoleARN') as service_linked_role_arn, + json_extract_path_text(Properties, 'TargetGroupARNs') as target_group_arns, + json_extract_path_text(Properties, 'Cooldown') as cooldown, + json_extract_path_text(Properties, 'NotificationConfigurations') as notification_configurations, + json_extract_path_text(Properties, 'DesiredCapacity') as desired_capacity, + json_extract_path_text(Properties, 'HealthCheckGracePeriod') as health_check_grace_period, + json_extract_path_text(Properties, 'DefaultInstanceWarmup') as default_instance_warmup, + json_extract_path_text(Properties, 'NewInstancesProtectedFromScaleIn') as new_instances_protected_from_scale_in, + json_extract_path_text(Properties, 'LaunchTemplate') as launch_template, + json_extract_path_text(Properties, 'MixedInstancesPolicy') as mixed_instances_policy, + json_extract_path_text(Properties, 'VPCZoneIdentifier') as vpc_zone_identifier, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Context') as context, + json_extract_path_text(Properties, 'CapacityRebalance') as capacity_rebalance, + json_extract_path_text(Properties, 'InstanceId') as instance_id, + json_extract_path_text(Properties, 'AvailabilityZones') as availability_zones, + json_extract_path_text(Properties, 'NotificationConfiguration') as notification_configuration, + json_extract_path_text(Properties, 'MetricsCollection') as metrics_collection, + json_extract_path_text(Properties, 'InstanceMaintenancePolicy') as instance_maintenance_policy, + json_extract_path_text(Properties, 'MaxSize') as max_size, + json_extract_path_text(Properties, 'MinSize') as min_size, + json_extract_path_text(Properties, 'TerminationPolicies') as termination_policies, + json_extract_path_text(Properties, 'AutoScalingGroupName') as auto_scaling_group_name, + json_extract_path_text(Properties, 'DesiredCapacityType') as desired_capacity_type, + json_extract_path_text(Properties, 'PlacementGroup') as placement_group, + json_extract_path_text(Properties, 'HealthCheckType') as health_check_type, + json_extract_path_text(Properties, 'MaxInstanceLifetime') as max_instance_lifetime + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AutoScaling::AutoScalingGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + launch_configurations: + name: launch_configurations + id: aws.autoscaling.launch_configurations + x-cfn-schema-name: LaunchConfiguration + x-type: list + x-identifiers: + - LaunchConfigurationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LaunchConfigurationName') as launch_configuration_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AutoScaling::LaunchConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LaunchConfigurationName') as launch_configuration_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AutoScaling::LaunchConfiguration' + AND region = 'us-east-1' + launch_configuration: + name: launch_configuration + id: aws.autoscaling.launch_configuration + x-cfn-schema-name: LaunchConfiguration + x-type: get + x-identifiers: + - LaunchConfigurationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AssociatePublicIpAddress') as associate_public_ip_address, + JSON_EXTRACT(Properties, '$.BlockDeviceMappings') as block_device_mappings, + JSON_EXTRACT(Properties, '$.ClassicLinkVPCId') as classic_link_vpc_id, + JSON_EXTRACT(Properties, '$.ClassicLinkVPCSecurityGroups') as classic_link_vpc_security_groups, + JSON_EXTRACT(Properties, '$.EbsOptimized') as ebs_optimized, + JSON_EXTRACT(Properties, '$.IamInstanceProfile') as iam_instance_profile, + JSON_EXTRACT(Properties, '$.ImageId') as image_id, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(Properties, '$.InstanceMonitoring') as instance_monitoring, + JSON_EXTRACT(Properties, '$.InstanceType') as instance_type, + JSON_EXTRACT(Properties, '$.KernelId') as kernel_id, + JSON_EXTRACT(Properties, '$.KeyName') as key_name, + JSON_EXTRACT(Properties, '$.LaunchConfigurationName') as launch_configuration_name, + JSON_EXTRACT(Properties, '$.MetadataOptions') as metadata_options, + JSON_EXTRACT(Properties, '$.PlacementTenancy') as placement_tenancy, + JSON_EXTRACT(Properties, '$.RamDiskId') as ram_disk_id, + JSON_EXTRACT(Properties, '$.SecurityGroups') as security_groups, + JSON_EXTRACT(Properties, '$.SpotPrice') as spot_price, + JSON_EXTRACT(Properties, '$.UserData') as user_data + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AutoScaling::LaunchConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AssociatePublicIpAddress') as associate_public_ip_address, + json_extract_path_text(Properties, 'BlockDeviceMappings') as block_device_mappings, + json_extract_path_text(Properties, 'ClassicLinkVPCId') as classic_link_vpc_id, + json_extract_path_text(Properties, 'ClassicLinkVPCSecurityGroups') as classic_link_vpc_security_groups, + json_extract_path_text(Properties, 'EbsOptimized') as ebs_optimized, + json_extract_path_text(Properties, 'IamInstanceProfile') as iam_instance_profile, + json_extract_path_text(Properties, 'ImageId') as image_id, + json_extract_path_text(Properties, 'InstanceId') as instance_id, + json_extract_path_text(Properties, 'InstanceMonitoring') as instance_monitoring, + json_extract_path_text(Properties, 'InstanceType') as instance_type, + json_extract_path_text(Properties, 'KernelId') as kernel_id, + json_extract_path_text(Properties, 'KeyName') as key_name, + json_extract_path_text(Properties, 'LaunchConfigurationName') as launch_configuration_name, + json_extract_path_text(Properties, 'MetadataOptions') as metadata_options, + json_extract_path_text(Properties, 'PlacementTenancy') as placement_tenancy, + json_extract_path_text(Properties, 'RamDiskId') as ram_disk_id, + json_extract_path_text(Properties, 'SecurityGroups') as security_groups, + json_extract_path_text(Properties, 'SpotPrice') as spot_price, + json_extract_path_text(Properties, 'UserData') as user_data + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AutoScaling::LaunchConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + lifecycle_hooks: + name: lifecycle_hooks + id: aws.autoscaling.lifecycle_hooks + x-cfn-schema-name: LifecycleHook + x-type: list + x-identifiers: + - AutoScalingGroupName + - LifecycleHookName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AutoScalingGroupName') as auto_scaling_group_name, + JSON_EXTRACT(Properties, '$.LifecycleHookName') as lifecycle_hook_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AutoScaling::LifecycleHook' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AutoScalingGroupName') as auto_scaling_group_name, + json_extract_path_text(Properties, 'LifecycleHookName') as lifecycle_hook_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AutoScaling::LifecycleHook' + AND region = 'us-east-1' + lifecycle_hook: + name: lifecycle_hook + id: aws.autoscaling.lifecycle_hook + x-cfn-schema-name: LifecycleHook + x-type: get + x-identifiers: + - AutoScalingGroupName + - LifecycleHookName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AutoScalingGroupName') as auto_scaling_group_name, + JSON_EXTRACT(Properties, '$.DefaultResult') as default_result, + JSON_EXTRACT(Properties, '$.HeartbeatTimeout') as heartbeat_timeout, + JSON_EXTRACT(Properties, '$.LifecycleHookName') as lifecycle_hook_name, + JSON_EXTRACT(Properties, '$.LifecycleTransition') as lifecycle_transition, + JSON_EXTRACT(Properties, '$.NotificationMetadata') as notification_metadata, + JSON_EXTRACT(Properties, '$.NotificationTargetARN') as notification_target_arn, + JSON_EXTRACT(Properties, '$.RoleARN') as role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AutoScaling::LifecycleHook' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AutoScalingGroupName') as auto_scaling_group_name, + json_extract_path_text(Properties, 'DefaultResult') as default_result, + json_extract_path_text(Properties, 'HeartbeatTimeout') as heartbeat_timeout, + json_extract_path_text(Properties, 'LifecycleHookName') as lifecycle_hook_name, + json_extract_path_text(Properties, 'LifecycleTransition') as lifecycle_transition, + json_extract_path_text(Properties, 'NotificationMetadata') as notification_metadata, + json_extract_path_text(Properties, 'NotificationTargetARN') as notification_target_arn, + json_extract_path_text(Properties, 'RoleARN') as role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AutoScaling::LifecycleHook' + AND data__Identifier = '|' + AND region = 'us-east-1' + scaling_policies: + name: scaling_policies + id: aws.autoscaling.scaling_policies + x-cfn-schema-name: ScalingPolicy + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AutoScaling::ScalingPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AutoScaling::ScalingPolicy' + AND region = 'us-east-1' + scaling_policy: + name: scaling_policy + id: aws.autoscaling.scaling_policy + x-cfn-schema-name: ScalingPolicy + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.MetricAggregationType') as metric_aggregation_type, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, + JSON_EXTRACT(Properties, '$.PolicyType') as policy_type, + JSON_EXTRACT(Properties, '$.PredictiveScalingConfiguration') as predictive_scaling_configuration, + JSON_EXTRACT(Properties, '$.ScalingAdjustment') as scaling_adjustment, + JSON_EXTRACT(Properties, '$.Cooldown') as cooldown, + JSON_EXTRACT(Properties, '$.StepAdjustments') as step_adjustments, + JSON_EXTRACT(Properties, '$.AutoScalingGroupName') as auto_scaling_group_name, + JSON_EXTRACT(Properties, '$.MinAdjustmentMagnitude') as min_adjustment_magnitude, + JSON_EXTRACT(Properties, '$.TargetTrackingConfiguration') as target_tracking_configuration, + JSON_EXTRACT(Properties, '$.EstimatedInstanceWarmup') as estimated_instance_warmup, + JSON_EXTRACT(Properties, '$.AdjustmentType') as adjustment_type, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AutoScaling::ScalingPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'MetricAggregationType') as metric_aggregation_type, + json_extract_path_text(Properties, 'PolicyName') as policy_name, + json_extract_path_text(Properties, 'PolicyType') as policy_type, + json_extract_path_text(Properties, 'PredictiveScalingConfiguration') as predictive_scaling_configuration, + json_extract_path_text(Properties, 'ScalingAdjustment') as scaling_adjustment, + json_extract_path_text(Properties, 'Cooldown') as cooldown, + json_extract_path_text(Properties, 'StepAdjustments') as step_adjustments, + json_extract_path_text(Properties, 'AutoScalingGroupName') as auto_scaling_group_name, + json_extract_path_text(Properties, 'MinAdjustmentMagnitude') as min_adjustment_magnitude, + json_extract_path_text(Properties, 'TargetTrackingConfiguration') as target_tracking_configuration, + json_extract_path_text(Properties, 'EstimatedInstanceWarmup') as estimated_instance_warmup, + json_extract_path_text(Properties, 'AdjustmentType') as adjustment_type, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AutoScaling::ScalingPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + scheduled_actions: + name: scheduled_actions + id: aws.autoscaling.scheduled_actions + x-cfn-schema-name: ScheduledAction + x-type: list + x-identifiers: + - ScheduledActionName + - AutoScalingGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ScheduledActionName') as scheduled_action_name, + JSON_EXTRACT(Properties, '$.AutoScalingGroupName') as auto_scaling_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AutoScaling::ScheduledAction' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ScheduledActionName') as scheduled_action_name, + json_extract_path_text(Properties, 'AutoScalingGroupName') as auto_scaling_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AutoScaling::ScheduledAction' + AND region = 'us-east-1' + scheduled_action: + name: scheduled_action + id: aws.autoscaling.scheduled_action + x-cfn-schema-name: ScheduledAction + x-type: get + x-identifiers: + - ScheduledActionName + - AutoScalingGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ScheduledActionName') as scheduled_action_name, + JSON_EXTRACT(Properties, '$.MinSize') as min_size, + JSON_EXTRACT(Properties, '$.Recurrence') as recurrence, + JSON_EXTRACT(Properties, '$.TimeZone') as time_zone, + JSON_EXTRACT(Properties, '$.EndTime') as end_time, + JSON_EXTRACT(Properties, '$.AutoScalingGroupName') as auto_scaling_group_name, + JSON_EXTRACT(Properties, '$.StartTime') as start_time, + JSON_EXTRACT(Properties, '$.DesiredCapacity') as desired_capacity, + JSON_EXTRACT(Properties, '$.MaxSize') as max_size + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AutoScaling::ScheduledAction' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ScheduledActionName') as scheduled_action_name, + json_extract_path_text(Properties, 'MinSize') as min_size, + json_extract_path_text(Properties, 'Recurrence') as recurrence, + json_extract_path_text(Properties, 'TimeZone') as time_zone, + json_extract_path_text(Properties, 'EndTime') as end_time, + json_extract_path_text(Properties, 'AutoScalingGroupName') as auto_scaling_group_name, + json_extract_path_text(Properties, 'StartTime') as start_time, + json_extract_path_text(Properties, 'DesiredCapacity') as desired_capacity, + json_extract_path_text(Properties, 'MaxSize') as max_size + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AutoScaling::ScheduledAction' + AND data__Identifier = '|' + AND region = 'us-east-1' + warm_pool: + name: warm_pool + id: aws.autoscaling.warm_pool + x-cfn-schema-name: WarmPool + x-type: get + x-identifiers: + - AutoScalingGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AutoScalingGroupName') as auto_scaling_group_name, + JSON_EXTRACT(Properties, '$.MaxGroupPreparedCapacity') as max_group_prepared_capacity, + JSON_EXTRACT(Properties, '$.MinSize') as min_size, + JSON_EXTRACT(Properties, '$.PoolState') as pool_state, + JSON_EXTRACT(Properties, '$.InstanceReusePolicy') as instance_reuse_policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AutoScaling::WarmPool' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AutoScalingGroupName') as auto_scaling_group_name, + json_extract_path_text(Properties, 'MaxGroupPreparedCapacity') as max_group_prepared_capacity, + json_extract_path_text(Properties, 'MinSize') as min_size, + json_extract_path_text(Properties, 'PoolState') as pool_state, + json_extract_path_text(Properties, 'InstanceReusePolicy') as instance_reuse_policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AutoScaling::WarmPool' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/b2bi.yaml b/providers/src/aws/v00.00.00000/services/b2bi.yaml new file mode 100644 index 00000000..33038815 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/b2bi.yaml @@ -0,0 +1,872 @@ +openapi: 3.0.0 +info: + title: B2BI + version: 1.0.0 +paths: {} +components: + schemas: + CapabilityConfiguration: + oneOf: + - type: object + title: Edi + properties: + Edi: + $ref: '#/components/schemas/EdiConfiguration' + required: + - Edi + additionalProperties: false + CapabilityType: + type: string + enum: + - edi + EdiConfiguration: + type: object + properties: + Type: + $ref: '#/components/schemas/EdiType' + InputLocation: + $ref: '#/components/schemas/S3Location' + OutputLocation: + $ref: '#/components/schemas/S3Location' + TransformerId: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + required: + - InputLocation + - OutputLocation + - TransformerId + - Type + additionalProperties: false + EdiType: + oneOf: + - type: object + title: X12Details + properties: + X12Details: + $ref: '#/components/schemas/X12Details' + required: + - X12Details + additionalProperties: false + S3Location: + type: object + properties: + BucketName: + type: string + maxLength: 63 + minLength: 3 + Key: + type: string + maxLength: 1024 + minLength: 0 + additionalProperties: false + Tag: + type: object + properties: + Key: + type: string + maxLength: 128 + minLength: 1 + Value: + type: string + maxLength: 256 + minLength: 0 + required: + - Key + - Value + additionalProperties: false + X12Details: + type: object + properties: + TransactionSet: + $ref: '#/components/schemas/X12TransactionSet' + Version: + $ref: '#/components/schemas/X12Version' + additionalProperties: false + X12TransactionSet: + type: string + enum: + - X12_110 + - X12_180 + - X12_204 + - X12_210 + - X12_211 + - X12_214 + - X12_215 + - X12_259 + - X12_260 + - X12_266 + - X12_269 + - X12_270 + - X12_271 + - X12_274 + - X12_275 + - X12_276 + - X12_277 + - X12_278 + - X12_310 + - X12_315 + - X12_322 + - X12_404 + - X12_410 + - X12_417 + - X12_421 + - X12_426 + - X12_810 + - X12_820 + - X12_824 + - X12_830 + - X12_832 + - X12_834 + - X12_835 + - X12_837 + - X12_844 + - X12_846 + - X12_849 + - X12_850 + - X12_852 + - X12_855 + - X12_856 + - X12_860 + - X12_861 + - X12_864 + - X12_865 + - X12_869 + - X12_870 + - X12_940 + - X12_945 + - X12_990 + - X12_997 + - X12_999 + - X12_270_X279 + - X12_271_X279 + - X12_275_X210 + - X12_275_X211 + - X12_276_X212 + - X12_277_X212 + - X12_277_X214 + - X12_277_X364 + - X12_278_X217 + - X12_820_X218 + - X12_820_X306 + - X12_824_X186 + - X12_834_X220 + - X12_834_X307 + - X12_834_X318 + - X12_835_X221 + - X12_837_X222 + - X12_837_X223 + - X12_837_X224 + - X12_837_X291 + - X12_837_X292 + - X12_837_X298 + - X12_999_X231 + X12Version: + type: string + enum: + - VERSION_4010 + - VERSION_4030 + - VERSION_5010 + - VERSION_5010_HIPAA + Capability: + type: object + properties: + CapabilityArn: + type: string + maxLength: 255 + minLength: 1 + CapabilityId: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + Configuration: + $ref: '#/components/schemas/CapabilityConfiguration' + CreatedAt: + type: string + format: date-time + InstructionsDocuments: + type: array + items: + $ref: '#/components/schemas/S3Location' + maxItems: 5 + minItems: 0 + ModifiedAt: + type: string + format: date-time + Name: + type: string + maxLength: 254 + minLength: 1 + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + Type: + $ref: '#/components/schemas/CapabilityType' + required: + - Configuration + - Name + - Type + x-stackql-resource-name: capability + description: Definition of AWS::B2BI::Capability Resource Type + x-type-name: AWS::B2BI::Capability + x-stackql-primary-identifier: + - CapabilityId + x-create-only-properties: + - Type + x-read-only-properties: + - CapabilityArn + - CapabilityId + - CreatedAt + - ModifiedAt + x-required-properties: + - Configuration + - Name + - Type + x-tagging: + cloudFormationSystemTags: true + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - b2bi:CreateCapability + - b2bi:TagResource + - events:ListRules + - events:PutRule + - events:PutTargets + - logs:CreateLogDelivery + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:DescribeLogGroups + - logs:DescribeLogStreams + - logs:DescribeResourcePolicies + - logs:ListLogDeliveries + - logs:PutLogEvents + - logs:PutResourcePolicy + - s3:GetObject + - s3:ListBucket + read: + - b2bi:GetCapability + - b2bi:ListTagsForResource + update: + - b2bi:TagResource + - b2bi:UntagResource + - b2bi:UpdateCapability + delete: + - b2bi:DeleteCapability + list: + - b2bi:ListCapabilities + Partnership: + type: object + properties: + Capabilities: + type: array + items: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + CreatedAt: + type: string + format: date-time + Email: + type: string + maxLength: 254 + minLength: 5 + pattern: ^[\w\.\-]+@[\w\.\-]+$ + ModifiedAt: + type: string + format: date-time + Name: + type: string + maxLength: 254 + minLength: 1 + PartnershipArn: + type: string + maxLength: 255 + minLength: 1 + PartnershipId: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + Phone: + type: string + maxLength: 22 + minLength: 7 + pattern: ^\+?([0-9 \t\-()\/]{7,})(?:\s*(?:#|x\.?|ext\.?|extension) \t*(\d+))?$ + ProfileId: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + TradingPartnerId: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + required: + - Email + - Name + - ProfileId + x-stackql-resource-name: partnership + description: Definition of AWS::B2BI::Partnership Resource Type + x-type-name: AWS::B2BI::Partnership + x-stackql-primary-identifier: + - PartnershipId + x-create-only-properties: + - Email + - Phone + - ProfileId + x-read-only-properties: + - CreatedAt + - ModifiedAt + - PartnershipArn + - PartnershipId + - TradingPartnerId + x-required-properties: + - Email + - Name + - ProfileId + x-tagging: + cloudFormationSystemTags: true + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - b2bi:CreatePartnership + - b2bi:TagResource + - s3:PutObject + read: + - b2bi:GetPartnership + - b2bi:ListTagsForResource + update: + - b2bi:TagResource + - b2bi:UntagResource + - b2bi:UpdatePartnership + delete: + - b2bi:DeletePartnership + list: + - b2bi:ListPartnerships + Logging: + type: string + enum: + - ENABLED + - DISABLED + Profile: + type: object + properties: + BusinessName: + type: string + maxLength: 254 + minLength: 1 + CreatedAt: + type: string + format: date-time + Email: + type: string + maxLength: 254 + minLength: 5 + pattern: ^[\w\.\-]+@[\w\.\-]+$ + LogGroupName: + type: string + maxLength: 512 + minLength: 1 + Logging: + $ref: '#/components/schemas/Logging' + ModifiedAt: + type: string + format: date-time + Name: + type: string + maxLength: 254 + minLength: 1 + Phone: + type: string + maxLength: 22 + minLength: 7 + pattern: ^\+?([0-9 \t\-()\/]{7,})(?:\s*(?:#|x\.?|ext\.?|extension) \t*(\d+))?$ + ProfileArn: + type: string + maxLength: 255 + minLength: 1 + ProfileId: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + required: + - BusinessName + - Logging + - Name + - Phone + x-stackql-resource-name: profile + description: Definition of AWS::B2BI::Profile Resource Type + x-type-name: AWS::B2BI::Profile + x-stackql-primary-identifier: + - ProfileId + x-create-only-properties: + - Logging + x-read-only-properties: + - CreatedAt + - LogGroupName + - ModifiedAt + - ProfileArn + - ProfileId + x-required-properties: + - BusinessName + - Logging + - Name + - Phone + x-tagging: + cloudFormationSystemTags: true + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - b2bi:CreateProfile + - b2bi:TagResource + - logs:CreateLogDelivery + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:DescribeLogGroups + - logs:DescribeLogStreams + - logs:DescribeResourcePolicies + - logs:ListLogDeliveries + - logs:PutLogEvents + - logs:PutResourcePolicy + read: + - b2bi:GetProfile + - b2bi:ListTagsForResource + update: + - b2bi:TagResource + - b2bi:UntagResource + - b2bi:UpdateProfile + delete: + - b2bi:DeleteProfile + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + list: + - b2bi:ListProfiles + FileFormat: + type: string + enum: + - XML + - JSON + TransformerStatus: + type: string + enum: + - active + - inactive + Transformer: + type: object + properties: + CreatedAt: + type: string + format: date-time + EdiType: + $ref: '#/components/schemas/EdiType' + FileFormat: + $ref: '#/components/schemas/FileFormat' + MappingTemplate: + type: string + maxLength: 350000 + minLength: 0 + ModifiedAt: + type: string + format: date-time + Name: + type: string + maxLength: 254 + minLength: 1 + SampleDocument: + type: string + maxLength: 1024 + minLength: 0 + Status: + $ref: '#/components/schemas/TransformerStatus' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + TransformerArn: + type: string + maxLength: 255 + minLength: 1 + TransformerId: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + required: + - EdiType + - FileFormat + - MappingTemplate + - Name + - Status + x-stackql-resource-name: transformer + description: Definition of AWS::B2BI::Transformer Resource Type + x-type-name: AWS::B2BI::Transformer + x-stackql-primary-identifier: + - TransformerId + x-read-only-properties: + - CreatedAt + - ModifiedAt + - TransformerArn + - TransformerId + x-required-properties: + - EdiType + - FileFormat + - MappingTemplate + - Name + - Status + x-tagging: + cloudFormationSystemTags: true + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - b2bi:CreateTransformer + - b2bi:TagResource + - b2bi:UpdateTransformer + - logs:CreateLogDelivery + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:DescribeLogGroups + - logs:DescribeLogStreams + - logs:DescribeResourcePolicies + - logs:ListLogDeliveries + - logs:PutLogEvents + - logs:PutResourcePolicy + read: + - b2bi:GetTransformer + - b2bi:ListTagsForResource + update: + - b2bi:TagResource + - b2bi:UntagResource + - b2bi:UpdateTransformer + delete: + - b2bi:DeleteTransformer + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + list: + - b2bi:ListTransformers + x-stackQL-resources: + capabilities: + name: capabilities + id: aws.b2bi.capabilities + x-cfn-schema-name: Capability + x-type: list + x-identifiers: + - CapabilityId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CapabilityId') as capability_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::B2BI::Capability' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CapabilityId') as capability_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::B2BI::Capability' + AND region = 'us-east-1' + capability: + name: capability + id: aws.b2bi.capability + x-cfn-schema-name: Capability + x-type: get + x-identifiers: + - CapabilityId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CapabilityArn') as capability_arn, + JSON_EXTRACT(Properties, '$.CapabilityId') as capability_id, + JSON_EXTRACT(Properties, '$.Configuration') as configuration, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.InstructionsDocuments') as instructions_documents, + JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::B2BI::Capability' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CapabilityArn') as capability_arn, + json_extract_path_text(Properties, 'CapabilityId') as capability_id, + json_extract_path_text(Properties, 'Configuration') as configuration, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'InstructionsDocuments') as instructions_documents, + json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::B2BI::Capability' + AND data__Identifier = '' + AND region = 'us-east-1' + partnerships: + name: partnerships + id: aws.b2bi.partnerships + x-cfn-schema-name: Partnership + x-type: list + x-identifiers: + - PartnershipId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PartnershipId') as partnership_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::B2BI::Partnership' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PartnershipId') as partnership_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::B2BI::Partnership' + AND region = 'us-east-1' + partnership: + name: partnership + id: aws.b2bi.partnership + x-cfn-schema-name: Partnership + x-type: get + x-identifiers: + - PartnershipId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Capabilities') as capabilities, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Email') as email, + JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.PartnershipArn') as partnership_arn, + JSON_EXTRACT(Properties, '$.PartnershipId') as partnership_id, + JSON_EXTRACT(Properties, '$.Phone') as phone, + JSON_EXTRACT(Properties, '$.ProfileId') as profile_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TradingPartnerId') as trading_partner_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::B2BI::Partnership' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Capabilities') as capabilities, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Email') as email, + json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'PartnershipArn') as partnership_arn, + json_extract_path_text(Properties, 'PartnershipId') as partnership_id, + json_extract_path_text(Properties, 'Phone') as phone, + json_extract_path_text(Properties, 'ProfileId') as profile_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TradingPartnerId') as trading_partner_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::B2BI::Partnership' + AND data__Identifier = '' + AND region = 'us-east-1' + profiles: + name: profiles + id: aws.b2bi.profiles + x-cfn-schema-name: Profile + x-type: list + x-identifiers: + - ProfileId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ProfileId') as profile_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::B2BI::Profile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ProfileId') as profile_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::B2BI::Profile' + AND region = 'us-east-1' + profile: + name: profile + id: aws.b2bi.profile + x-cfn-schema-name: Profile + x-type: get + x-identifiers: + - ProfileId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.BusinessName') as business_name, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Email') as email, + JSON_EXTRACT(Properties, '$.LogGroupName') as log_group_name, + JSON_EXTRACT(Properties, '$.Logging') as logging, + JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Phone') as phone, + JSON_EXTRACT(Properties, '$.ProfileArn') as profile_arn, + JSON_EXTRACT(Properties, '$.ProfileId') as profile_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::B2BI::Profile' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'BusinessName') as business_name, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Email') as email, + json_extract_path_text(Properties, 'LogGroupName') as log_group_name, + json_extract_path_text(Properties, 'Logging') as logging, + json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Phone') as phone, + json_extract_path_text(Properties, 'ProfileArn') as profile_arn, + json_extract_path_text(Properties, 'ProfileId') as profile_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::B2BI::Profile' + AND data__Identifier = '' + AND region = 'us-east-1' + transformers: + name: transformers + id: aws.b2bi.transformers + x-cfn-schema-name: Transformer + x-type: list + x-identifiers: + - TransformerId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TransformerId') as transformer_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::B2BI::Transformer' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TransformerId') as transformer_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::B2BI::Transformer' + AND region = 'us-east-1' + transformer: + name: transformer + id: aws.b2bi.transformer + x-cfn-schema-name: Transformer + x-type: get + x-identifiers: + - TransformerId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.EdiType') as edi_type, + JSON_EXTRACT(Properties, '$.FileFormat') as file_format, + JSON_EXTRACT(Properties, '$.MappingTemplate') as mapping_template, + JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.SampleDocument') as sample_document, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TransformerArn') as transformer_arn, + JSON_EXTRACT(Properties, '$.TransformerId') as transformer_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::B2BI::Transformer' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'EdiType') as edi_type, + json_extract_path_text(Properties, 'FileFormat') as file_format, + json_extract_path_text(Properties, 'MappingTemplate') as mapping_template, + json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'SampleDocument') as sample_document, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TransformerArn') as transformer_arn, + json_extract_path_text(Properties, 'TransformerId') as transformer_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::B2BI::Transformer' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/backup.yaml b/providers/src/aws/v00.00.00000/services/backup.yaml new file mode 100644 index 00000000..88f34b03 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/backup.yaml @@ -0,0 +1,1317 @@ +openapi: 3.0.0 +info: + title: Backup + version: 1.0.0 +paths: {} +components: + schemas: + BackupPlanResourceType: + type: object + additionalProperties: false + properties: + BackupPlanName: + type: string + AdvancedBackupSettings: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/AdvancedBackupSettingResourceType' + BackupPlanRule: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/BackupRuleResourceType' + required: + - BackupPlanName + - BackupPlanRule + BackupRuleResourceType: + type: object + additionalProperties: false + properties: + RuleName: + type: string + TargetBackupVault: + type: string + StartWindowMinutes: + type: number + CompletionWindowMinutes: + type: number + ScheduleExpression: + type: string + ScheduleExpressionTimezone: + type: string + RecoveryPointTags: + type: object + additionalProperties: false + x-patternProperties: + ^.{1,128}$: + type: string + CopyActions: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/CopyActionResourceType' + Lifecycle: + $ref: '#/components/schemas/LifecycleResourceType' + EnableContinuousBackup: + type: boolean + required: + - TargetBackupVault + - RuleName + AdvancedBackupSettingResourceType: + type: object + additionalProperties: false + properties: + BackupOptions: + type: object + ResourceType: + type: string + required: + - BackupOptions + - ResourceType + CopyActionResourceType: + type: object + additionalProperties: false + properties: + Lifecycle: + $ref: '#/components/schemas/LifecycleResourceType' + DestinationBackupVaultArn: + type: string + required: + - DestinationBackupVaultArn + LifecycleResourceType: + type: object + additionalProperties: false + properties: + MoveToColdStorageAfterDays: + type: number + DeleteAfterDays: + type: number + OptInToArchiveForSupportedResources: + type: boolean + BackupPlan: + type: object + properties: + BackupPlan: + $ref: '#/components/schemas/BackupPlanResourceType' + BackupPlanTags: + type: object + additionalProperties: false + x-patternProperties: + ^.{1,128}$: + type: string + BackupPlanArn: + type: string + BackupPlanId: + type: string + VersionId: + type: string + required: + - BackupPlan + x-stackql-resource-name: backup_plan + description: Resource Type definition for AWS::Backup::BackupPlan + x-type-name: AWS::Backup::BackupPlan + x-stackql-primary-identifier: + - BackupPlanId + x-read-only-properties: + - BackupPlanId + - VersionId + - BackupPlanArn + x-required-properties: + - BackupPlan + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/BackupPlanTags + x-required-permissions: + read: + - backup:GetBackupPlan + - backup:ListTags + create: + - backup:GetBackupPlan + - backup:TagResource + - backup:CreateBackupPlan + delete: + - backup:GetBackupPlan + - backup:DeleteBackupPlan + update: + - backup:UpdateBackupPlan + - backup:ListTags + - backup:TagResource + - backup:UntagResource + list: + - backup:ListBackupPlans + BackupSelectionResourceType: + type: object + additionalProperties: false + properties: + IamRoleArn: + type: string + ListOfTags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/ConditionResourceType' + Resources: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + SelectionName: + type: string + NotResources: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + Conditions: + type: object + additionalProperties: false + properties: + StringEquals: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/ConditionParameter' + StringNotEquals: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/ConditionParameter' + StringLike: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/ConditionParameter' + StringNotLike: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/ConditionParameter' + required: + - SelectionName + - IamRoleArn + ConditionParameter: + type: object + additionalProperties: false + properties: + ConditionKey: + type: string + ConditionValue: + type: string + ConditionResourceType: + type: object + additionalProperties: false + properties: + ConditionKey: + type: string + ConditionValue: + type: string + ConditionType: + type: string + required: + - ConditionValue + - ConditionKey + - ConditionType + BackupSelection: + type: object + properties: + Id: + type: string + BackupPlanId: + type: string + BackupSelection: + $ref: '#/components/schemas/BackupSelectionResourceType' + SelectionId: + type: string + required: + - BackupSelection + - BackupPlanId + x-stackql-resource-name: backup_selection + description: Resource Type definition for AWS::Backup::BackupSelection + x-type-name: AWS::Backup::BackupSelection + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - BackupSelection + - BackupPlanId + x-read-only-properties: + - SelectionId + - Id + x-required-properties: + - BackupSelection + - BackupPlanId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + delete: + - backup:GetBackupSelection + - backup:DeleteBackupSelection + read: + - backup:GetBackupSelection + create: + - backup:CreateBackupSelection + - iam:GetRole + - iam:PassRole + - iam:CreateServiceLinkedRole + list: + - backup:ListBackupSelections + NotificationObjectType: + type: object + additionalProperties: false + properties: + BackupVaultEvents: + type: array + x-insertionOrder: false + uniqueItems: false + items: + type: string + SNSTopicArn: + type: string + required: + - SNSTopicArn + - BackupVaultEvents + LockConfigurationType: + type: object + additionalProperties: false + properties: + MinRetentionDays: + type: integer + MaxRetentionDays: + type: integer + ChangeableForDays: + type: integer + required: + - MinRetentionDays + BackupVaultNamePattern: + type: string + pattern: ^[a-zA-Z0-9\-\_]{2,50}$ + BackupVault: + type: object + properties: + AccessPolicy: + type: object + BackupVaultName: + $ref: '#/components/schemas/BackupVaultNamePattern' + BackupVaultTags: + type: object + additionalProperties: false + x-patternProperties: + ^.{1,128}$: + type: string + EncryptionKeyArn: + type: string + Notifications: + $ref: '#/components/schemas/NotificationObjectType' + LockConfiguration: + $ref: '#/components/schemas/LockConfigurationType' + BackupVaultArn: + type: string + required: + - BackupVaultName + x-stackql-resource-name: backup_vault + description: Resource Type definition for AWS::Backup::BackupVault + x-type-name: AWS::Backup::BackupVault + x-stackql-primary-identifier: + - BackupVaultName + x-create-only-properties: + - BackupVaultName + - EncryptionKeyArn + x-write-only-properties: + - LockConfiguration/ChangeableForDays + x-read-only-properties: + - BackupVaultArn + x-required-properties: + - BackupVaultName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/BackupVaultTags + x-required-permissions: + create: + - backup:TagResource + - backup:CreateBackupVault + - backup:PutBackupVaultAccessPolicy + - backup:PutBackupVaultNotifications + - backup:PutBackupVaultLockConfiguration + - backup-storage:Mount + - backup-storage:MountCapsule + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + - kms:RetireGrant + - kms:DescribeKey + read: + - backup:DescribeBackupVault + - backup:GetBackupVaultNotifications + - backup:GetBackupVaultAccessPolicy + - backup:ListTags + update: + - backup:DescribeBackupVault + - backup:DeleteBackupVaultAccessPolicy + - backup:DeleteBackupVaultNotifications + - backup:DeleteBackupVaultLockConfiguration + - backup:ListTags + - backup:TagResource + - backup:UntagResource + - backup:PutBackupVaultAccessPolicy + - backup:PutBackupVaultNotifications + - backup:PutBackupVaultLockConfiguration + delete: + - backup:DeleteBackupVault + list: + - backup:ListBackupVaults + FrameworkControl: + type: object + additionalProperties: false + properties: + ControlName: + description: The name of a control. This name is between 1 and 256 characters. + type: string + ControlInputParameters: + type: array + description: A list of ParameterName and ParameterValue pairs. + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/ControlInputParameter' + ControlScope: + type: object + description: 'The scope of a control. The control scope defines what the control will evaluate. Three examples of control scopes are: a specific backup plan, all backup plans with a specific tag, or all backup plans.' + additionalProperties: false + properties: + ComplianceResourceIds: + description: The ID of the only AWS resource that you want your control scope to contain. + type: array + x-insertionOrder: false + items: + type: string + ComplianceResourceTypes: + type: array + description: Describes whether the control scope includes one or more types of resources, such as `EFS` or `RDS`. + x-insertionOrder: false + items: + type: string + Tags: + type: array + description: Describes whether the control scope includes resources with one or more tags. Each tag is a key-value pair. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - ControlName + ControlInputParameter: + type: object + additionalProperties: false + properties: + ParameterName: + type: string + ParameterValue: + type: string + required: + - ParameterName + - ParameterValue + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + Framework: + type: object + properties: + FrameworkName: + description: The unique name of a framework. This name is between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_). + type: string + pattern: '[a-zA-Z][_a-zA-Z0-9]*' + minLength: 1 + maxLength: 256 + FrameworkDescription: + description: An optional description of the framework with a maximum 1,024 characters. + type: string + minLength: 0 + maxLength: 1024 + FrameworkArn: + description: An Amazon Resource Name (ARN) that uniquely identifies Framework as a resource + type: string + DeploymentStatus: + description: 'The deployment status of a framework. The statuses are: `CREATE_IN_PROGRESS | UPDATE_IN_PROGRESS | DELETE_IN_PROGRESS | COMPLETED | FAILED`' + type: string + CreationTime: + description: The date and time that a framework is created, in ISO 8601 representation. The value of CreationTime is accurate to milliseconds. For example, 2020-07-10T15:00:00.000-08:00 represents the 10th of July 2020 at 3:00 PM 8 hours behind UTC. + type: string + FrameworkControls: + description: Contains detailed information about all of the controls of a framework. Each framework must contain at least one control. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/FrameworkControl' + FrameworkStatus: + type: string + description: |- + A framework consists of one or more controls. Each control governs a resource, such as backup plans, backup selections, backup vaults, or recovery points. You can also turn AWS Config recording on or off for each resource. The statuses are: + + `ACTIVE` when recording is turned on for all resources governed by the framework. + + `PARTIALLY_ACTIVE` when recording is turned off for at least one resource governed by the framework. + + `INACTIVE` when recording is turned off for all resources governed by the framework. + + `UNAVAILABLE` when AWS Backup is unable to validate recording status at this time. + FrameworkTags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + description: Metadata that you can assign to help organize the frameworks that you create. Each tag is a key-value pair. + required: + - FrameworkControls + x-stackql-resource-name: framework + description: Contains detailed information about a framework. Frameworks contain controls, which evaluate and report on your backup events and resources. Frameworks generate daily compliance results. + x-type-name: AWS::Backup::Framework + x-stackql-primary-identifier: + - FrameworkArn + x-create-only-properties: + - FrameworkName + x-read-only-properties: + - FrameworkArn + - CreationTime + - FrameworkStatus + - DeploymentStatus + x-required-properties: + - FrameworkControls + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/FrameworkTags + x-required-permissions: + create: + - backup:CreateFramework + - backup:DescribeFramework + - backup:ListTags + - backup:TagResource + - iam:CreateServiceLinkedRole + read: + - backup:DescribeFramework + - backup:ListTags + update: + - backup:DescribeFramework + - backup:UpdateFramework + - backup:ListTags + - backup:TagResource + - backup:UntagResource + delete: + - backup:DeleteFramework + - backup:DescribeFramework + list: + - backup:ListFrameworks + ReportPlan: + type: object + properties: + ReportPlanName: + type: string + description: The unique name of the report plan. The name must be between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_). + minLength: 1 + maxLength: 256 + pattern: '[a-zA-Z][_a-zA-Z0-9]*' + ReportPlanArn: + type: string + description: An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type. + ReportPlanDescription: + type: string + description: An optional description of the report plan with a maximum of 1,024 characters. + minLength: 0 + maxLength: 1024 + pattern: .*\S.* + ReportPlanTags: + description: Metadata that you can assign to help organize the report plans that you create. Each tag is a key-value pair. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + ReportDeliveryChannel: + type: object + description: A structure that contains information about where and how to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports. + properties: + Formats: + type: array + description: 'A list of the format of your reports: CSV, JSON, or both. If not specified, the default format is CSV.' + uniqueItems: true + x-insertionOrder: false + items: + type: string + S3BucketName: + type: string + description: The unique name of the S3 bucket that receives your reports. + S3KeyPrefix: + type: string + description: 'The prefix for where AWS Backup Audit Manager delivers your reports to Amazon S3. The prefix is this part of the following path: s3://your-bucket-name/prefix/Backup/us-west-2/year/month/day/report-name. If not specified, there is no prefix.' + additionalProperties: false + required: + - S3BucketName + ReportSetting: + type: object + description: Identifies the report template for the report. Reports are built using a report template. + properties: + ReportTemplate: + type: string + description: 'Identifies the report template for the report. Reports are built using a report template. The report templates are: `BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT`' + FrameworkArns: + type: array + description: The Amazon Resource Names (ARNs) of the frameworks a report covers. + x-insertionOrder: false + uniqueItems: true + items: + type: string + Accounts: + type: array + description: The list of AWS accounts that a report covers. + x-insertionOrder: false + uniqueItems: true + items: + type: string + OrganizationUnits: + type: array + description: The list of AWS organization units that a report covers. + x-insertionOrder: false + uniqueItems: true + items: + type: string + Regions: + type: array + description: The list of AWS regions that a report covers. + x-insertionOrder: false + uniqueItems: true + items: + type: string + additionalProperties: false + required: + - ReportTemplate + required: + - ReportDeliveryChannel + - ReportSetting + x-stackql-resource-name: report_plan + description: Contains detailed information about a report plan in AWS Backup Audit Manager. + x-type-name: AWS::Backup::ReportPlan + x-stackql-primary-identifier: + - ReportPlanArn + x-create-only-properties: + - ReportPlanName + x-read-only-properties: + - ReportPlanArn + x-required-properties: + - ReportDeliveryChannel + - ReportSetting + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/ReportPlanTags + x-required-permissions: + create: + - backup:CreateReportPlan + - backup:DescribeReportPlan + - backup:ListTags + - backup:TagResource + - iam:CreateServiceLinkedRole + read: + - backup:DescribeReportPlan + - backup:ListTags + update: + - backup:DescribeReportPlan + - backup:UpdateReportPlan + - backup:ListTags + - backup:UntagResource + - backup:TagResource + delete: + - backup:DeleteReportPlan + - backup:DescribeReportPlan + list: + - backup:ListReportPlans + RestoreTestingRecoveryPointSelection: + type: object + additionalProperties: false + properties: + Algorithm: + $ref: '#/components/schemas/RestoreTestingRecoveryPointSelectionAlgorithm' + SelectionWindowDays: + type: integer + RecoveryPointTypes: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/RestoreTestingRecoveryPointType' + IncludeVaults: + type: array + x-insertionOrder: false + items: + type: string + ExcludeVaults: + type: array + x-insertionOrder: false + items: + type: string + required: + - Algorithm + - RecoveryPointTypes + - IncludeVaults + RestoreTestingRecoveryPointSelectionAlgorithm: + type: string + enum: + - LATEST_WITHIN_WINDOW + - RANDOM_WITHIN_WINDOW + RestoreTestingRecoveryPointType: + type: string + enum: + - SNAPSHOT + - CONTINUOUS + RestoreTestingPlan: + type: object + properties: + RecoveryPointSelection: + $ref: '#/components/schemas/RestoreTestingRecoveryPointSelection' + RestoreTestingPlanArn: + type: string + RestoreTestingPlanName: + type: string + ScheduleExpression: + type: string + ScheduleExpressionTimezone: + type: string + StartWindowHours: + type: integer + Tags: + items: + $ref: '#/components/schemas/Tag' + type: array + x-insertionOrder: false + uniqueItems: true + required: + - RecoveryPointSelection + - ScheduleExpression + - RestoreTestingPlanName + x-stackql-resource-name: restore_testing_plan + description: Definition of AWS::Backup::RestoreTestingPlan Resource Type + x-type-name: AWS::Backup::RestoreTestingPlan + x-stackql-primary-identifier: + - RestoreTestingPlanName + x-create-only-properties: + - RestoreTestingPlanName + x-read-only-properties: + - RestoreTestingPlanArn + x-required-properties: + - RecoveryPointSelection + - ScheduleExpression + - RestoreTestingPlanName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - backup:CreateRestoreTestingPlan + - backup:TagResource + - backup:GetRestoreTestingPlan + - backup:ListTags + read: + - backup:GetRestoreTestingPlan + - backup:ListTags + update: + - backup:UpdateRestoreTestingPlan + - backup:TagResource + - backup:UntagResource + - backup:GetRestoreTestingPlan + - backup:ListTags + delete: + - backup:DeleteRestoreTestingPlan + - backup:GetRestoreTestingPlan + list: + - backup:ListRestoreTestingPlans + KeyValue: + additionalProperties: false + properties: + Key: + type: string + Value: + type: string + required: + - Key + - Value + type: object + ProtectedResourceConditions: + additionalProperties: false + properties: + StringEquals: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/KeyValue' + StringNotEquals: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/KeyValue' + type: object + SensitiveStringMap: + additionalProperties: false + x-patternProperties: + .+: + type: string + type: object + RestoreTestingSelection: + type: object + properties: + IamRoleArn: + type: string + ProtectedResourceArns: + type: array + x-insertionOrder: false + items: + type: string + ProtectedResourceConditions: + $ref: '#/components/schemas/ProtectedResourceConditions' + ProtectedResourceType: + type: string + RestoreMetadataOverrides: + $ref: '#/components/schemas/SensitiveStringMap' + RestoreTestingPlanName: + type: string + RestoreTestingSelectionName: + type: string + ValidationWindowHours: + type: integer + required: + - IamRoleArn + - ProtectedResourceType + - RestoreTestingPlanName + - RestoreTestingSelectionName + x-stackql-resource-name: restore_testing_selection + description: Resource Type definition for AWS::Backup::RestoreTestingSelection + x-type-name: AWS::Backup::RestoreTestingSelection + x-stackql-primary-identifier: + - RestoreTestingPlanName + - RestoreTestingSelectionName + x-create-only-properties: + - ProtectedResourceType + - RestoreTestingPlanName + - RestoreTestingSelectionName + x-required-properties: + - IamRoleArn + - ProtectedResourceType + - RestoreTestingPlanName + - RestoreTestingSelectionName + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - backup:CreateRestoreTestingSelection + - backup:GetRestoreTestingSelection + - iam:PassRole + read: + - backup:GetRestoreTestingSelection + update: + - backup:UpdateRestoreTestingSelection + - backup:GetRestoreTestingSelection + - iam:PassRole + delete: + - backup:DeleteRestoreTestingSelection + - backup:GetRestoreTestingSelection + list: + - backup:ListRestoreTestingSelections + x-stackQL-resources: + backup_plans: + name: backup_plans + id: aws.backup.backup_plans + x-cfn-schema-name: BackupPlan + x-type: list + x-identifiers: + - BackupPlanId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.BackupPlanId') as backup_plan_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::BackupPlan' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'BackupPlanId') as backup_plan_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::BackupPlan' + AND region = 'us-east-1' + backup_plan: + name: backup_plan + id: aws.backup.backup_plan + x-cfn-schema-name: BackupPlan + x-type: get + x-identifiers: + - BackupPlanId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.BackupPlan') as backup_plan, + JSON_EXTRACT(Properties, '$.BackupPlanTags') as backup_plan_tags, + JSON_EXTRACT(Properties, '$.BackupPlanArn') as backup_plan_arn, + JSON_EXTRACT(Properties, '$.BackupPlanId') as backup_plan_id, + JSON_EXTRACT(Properties, '$.VersionId') as version_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::BackupPlan' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'BackupPlan') as backup_plan, + json_extract_path_text(Properties, 'BackupPlanTags') as backup_plan_tags, + json_extract_path_text(Properties, 'BackupPlanArn') as backup_plan_arn, + json_extract_path_text(Properties, 'BackupPlanId') as backup_plan_id, + json_extract_path_text(Properties, 'VersionId') as version_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::BackupPlan' + AND data__Identifier = '' + AND region = 'us-east-1' + backup_selections: + name: backup_selections + id: aws.backup.backup_selections + x-cfn-schema-name: BackupSelection + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::BackupSelection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::BackupSelection' + AND region = 'us-east-1' + backup_selection: + name: backup_selection + id: aws.backup.backup_selection + x-cfn-schema-name: BackupSelection + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.BackupPlanId') as backup_plan_id, + JSON_EXTRACT(Properties, '$.BackupSelection') as backup_selection, + JSON_EXTRACT(Properties, '$.SelectionId') as selection_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::BackupSelection' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'BackupPlanId') as backup_plan_id, + json_extract_path_text(Properties, 'BackupSelection') as backup_selection, + json_extract_path_text(Properties, 'SelectionId') as selection_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::BackupSelection' + AND data__Identifier = '' + AND region = 'us-east-1' + backup_vaults: + name: backup_vaults + id: aws.backup.backup_vaults + x-cfn-schema-name: BackupVault + x-type: list + x-identifiers: + - BackupVaultName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.BackupVaultName') as backup_vault_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::BackupVault' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'BackupVaultName') as backup_vault_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::BackupVault' + AND region = 'us-east-1' + backup_vault: + name: backup_vault + id: aws.backup.backup_vault + x-cfn-schema-name: BackupVault + x-type: get + x-identifiers: + - BackupVaultName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccessPolicy') as access_policy, + JSON_EXTRACT(Properties, '$.BackupVaultName') as backup_vault_name, + JSON_EXTRACT(Properties, '$.BackupVaultTags') as backup_vault_tags, + JSON_EXTRACT(Properties, '$.EncryptionKeyArn') as encryption_key_arn, + JSON_EXTRACT(Properties, '$.Notifications') as notifications, + JSON_EXTRACT(Properties, '$.LockConfiguration') as lock_configuration, + JSON_EXTRACT(Properties, '$.BackupVaultArn') as backup_vault_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::BackupVault' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccessPolicy') as access_policy, + json_extract_path_text(Properties, 'BackupVaultName') as backup_vault_name, + json_extract_path_text(Properties, 'BackupVaultTags') as backup_vault_tags, + json_extract_path_text(Properties, 'EncryptionKeyArn') as encryption_key_arn, + json_extract_path_text(Properties, 'Notifications') as notifications, + json_extract_path_text(Properties, 'LockConfiguration') as lock_configuration, + json_extract_path_text(Properties, 'BackupVaultArn') as backup_vault_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::BackupVault' + AND data__Identifier = '' + AND region = 'us-east-1' + frameworks: + name: frameworks + id: aws.backup.frameworks + x-cfn-schema-name: Framework + x-type: list + x-identifiers: + - FrameworkArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FrameworkArn') as framework_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::Framework' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FrameworkArn') as framework_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::Framework' + AND region = 'us-east-1' + framework: + name: framework + id: aws.backup.framework + x-cfn-schema-name: Framework + x-type: get + x-identifiers: + - FrameworkArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FrameworkName') as framework_name, + JSON_EXTRACT(Properties, '$.FrameworkDescription') as framework_description, + JSON_EXTRACT(Properties, '$.FrameworkArn') as framework_arn, + JSON_EXTRACT(Properties, '$.DeploymentStatus') as deployment_status, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.FrameworkControls') as framework_controls, + JSON_EXTRACT(Properties, '$.FrameworkStatus') as framework_status, + JSON_EXTRACT(Properties, '$.FrameworkTags') as framework_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::Framework' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FrameworkName') as framework_name, + json_extract_path_text(Properties, 'FrameworkDescription') as framework_description, + json_extract_path_text(Properties, 'FrameworkArn') as framework_arn, + json_extract_path_text(Properties, 'DeploymentStatus') as deployment_status, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'FrameworkControls') as framework_controls, + json_extract_path_text(Properties, 'FrameworkStatus') as framework_status, + json_extract_path_text(Properties, 'FrameworkTags') as framework_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::Framework' + AND data__Identifier = '' + AND region = 'us-east-1' + report_plans: + name: report_plans + id: aws.backup.report_plans + x-cfn-schema-name: ReportPlan + x-type: list + x-identifiers: + - ReportPlanArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ReportPlanArn') as report_plan_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::ReportPlan' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ReportPlanArn') as report_plan_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::ReportPlan' + AND region = 'us-east-1' + report_plan: + name: report_plan + id: aws.backup.report_plan + x-cfn-schema-name: ReportPlan + x-type: get + x-identifiers: + - ReportPlanArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ReportPlanName') as report_plan_name, + JSON_EXTRACT(Properties, '$.ReportPlanArn') as report_plan_arn, + JSON_EXTRACT(Properties, '$.ReportPlanDescription') as report_plan_description, + JSON_EXTRACT(Properties, '$.ReportPlanTags') as report_plan_tags, + JSON_EXTRACT(Properties, '$.ReportDeliveryChannel') as report_delivery_channel, + JSON_EXTRACT(Properties, '$.ReportSetting') as report_setting + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::ReportPlan' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ReportPlanName') as report_plan_name, + json_extract_path_text(Properties, 'ReportPlanArn') as report_plan_arn, + json_extract_path_text(Properties, 'ReportPlanDescription') as report_plan_description, + json_extract_path_text(Properties, 'ReportPlanTags') as report_plan_tags, + json_extract_path_text(Properties, 'ReportDeliveryChannel') as report_delivery_channel, + json_extract_path_text(Properties, 'ReportSetting') as report_setting + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::ReportPlan' + AND data__Identifier = '' + AND region = 'us-east-1' + restore_testing_plans: + name: restore_testing_plans + id: aws.backup.restore_testing_plans + x-cfn-schema-name: RestoreTestingPlan + x-type: list + x-identifiers: + - RestoreTestingPlanName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RestoreTestingPlanName') as restore_testing_plan_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::RestoreTestingPlan' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RestoreTestingPlanName') as restore_testing_plan_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::RestoreTestingPlan' + AND region = 'us-east-1' + restore_testing_plan: + name: restore_testing_plan + id: aws.backup.restore_testing_plan + x-cfn-schema-name: RestoreTestingPlan + x-type: get + x-identifiers: + - RestoreTestingPlanName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RecoveryPointSelection') as recovery_point_selection, + JSON_EXTRACT(Properties, '$.RestoreTestingPlanArn') as restore_testing_plan_arn, + JSON_EXTRACT(Properties, '$.RestoreTestingPlanName') as restore_testing_plan_name, + JSON_EXTRACT(Properties, '$.ScheduleExpression') as schedule_expression, + JSON_EXTRACT(Properties, '$.ScheduleExpressionTimezone') as schedule_expression_timezone, + JSON_EXTRACT(Properties, '$.StartWindowHours') as start_window_hours, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::RestoreTestingPlan' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RecoveryPointSelection') as recovery_point_selection, + json_extract_path_text(Properties, 'RestoreTestingPlanArn') as restore_testing_plan_arn, + json_extract_path_text(Properties, 'RestoreTestingPlanName') as restore_testing_plan_name, + json_extract_path_text(Properties, 'ScheduleExpression') as schedule_expression, + json_extract_path_text(Properties, 'ScheduleExpressionTimezone') as schedule_expression_timezone, + json_extract_path_text(Properties, 'StartWindowHours') as start_window_hours, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::RestoreTestingPlan' + AND data__Identifier = '' + AND region = 'us-east-1' + restore_testing_selections: + name: restore_testing_selections + id: aws.backup.restore_testing_selections + x-cfn-schema-name: RestoreTestingSelection + x-type: list + x-identifiers: + - RestoreTestingPlanName + - RestoreTestingSelectionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RestoreTestingPlanName') as restore_testing_plan_name, + JSON_EXTRACT(Properties, '$.RestoreTestingSelectionName') as restore_testing_selection_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::RestoreTestingSelection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RestoreTestingPlanName') as restore_testing_plan_name, + json_extract_path_text(Properties, 'RestoreTestingSelectionName') as restore_testing_selection_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::RestoreTestingSelection' + AND region = 'us-east-1' + restore_testing_selection: + name: restore_testing_selection + id: aws.backup.restore_testing_selection + x-cfn-schema-name: RestoreTestingSelection + x-type: get + x-identifiers: + - RestoreTestingPlanName + - RestoreTestingSelectionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IamRoleArn') as iam_role_arn, + JSON_EXTRACT(Properties, '$.ProtectedResourceArns') as protected_resource_arns, + JSON_EXTRACT(Properties, '$.ProtectedResourceConditions') as protected_resource_conditions, + JSON_EXTRACT(Properties, '$.ProtectedResourceType') as protected_resource_type, + JSON_EXTRACT(Properties, '$.RestoreMetadataOverrides') as restore_metadata_overrides, + JSON_EXTRACT(Properties, '$.RestoreTestingPlanName') as restore_testing_plan_name, + JSON_EXTRACT(Properties, '$.RestoreTestingSelectionName') as restore_testing_selection_name, + JSON_EXTRACT(Properties, '$.ValidationWindowHours') as validation_window_hours + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::RestoreTestingSelection' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IamRoleArn') as iam_role_arn, + json_extract_path_text(Properties, 'ProtectedResourceArns') as protected_resource_arns, + json_extract_path_text(Properties, 'ProtectedResourceConditions') as protected_resource_conditions, + json_extract_path_text(Properties, 'ProtectedResourceType') as protected_resource_type, + json_extract_path_text(Properties, 'RestoreMetadataOverrides') as restore_metadata_overrides, + json_extract_path_text(Properties, 'RestoreTestingPlanName') as restore_testing_plan_name, + json_extract_path_text(Properties, 'RestoreTestingSelectionName') as restore_testing_selection_name, + json_extract_path_text(Properties, 'ValidationWindowHours') as validation_window_hours + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::RestoreTestingSelection' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/backupgateway.yaml b/providers/src/aws/v00.00.00000/services/backupgateway.yaml new file mode 100644 index 00000000..e0875214 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/backupgateway.yaml @@ -0,0 +1,196 @@ +openapi: 3.0.0 +info: + title: BackupGateway + version: 1.0.0 +paths: {} +components: + schemas: + HypervisorState: + type: string + enum: + - PENDING + - ONLINE + - OFFLINE + - ERROR + SyncMetadataStatus: + type: string + enum: + - PENDING + - IN_PROGRESS + - FAILED + - SUCCEEDED + Tag: + type: object + properties: + Key: + type: string + maxLength: 128 + minLength: 1 + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ + Value: + type: string + maxLength: 256 + minLength: 0 + pattern: ^[^\x00]*$ + required: + - Key + - Value + additionalProperties: false + Hypervisor: + type: object + properties: + Host: + type: string + maxLength: 128 + minLength: 3 + pattern: ^.+$ + HypervisorArn: + type: string + maxLength: 500 + minLength: 50 + pattern: ^arn:(aws|aws-cn|aws-us-gov):backup-gateway(:[a-zA-Z-0-9]+){3}\/[a-zA-Z-0-9]+$ + KmsKeyArn: + type: string + maxLength: 500 + minLength: 50 + pattern: ^(^arn:(aws|aws-cn|aws-us-gov):kms:([a-zA-Z0-9-]+):([0-9]+):(key|alias)/(\S+)$)|(^alias/(\S+)$)$ + LogGroupArn: + type: string + maxLength: 2048 + minLength: 0 + pattern: ^$|^arn:(aws|aws-cn|aws-us-gov):logs:([a-zA-Z0-9-]+):([0-9]+):log-group:[a-zA-Z0-9_\-\/\.]+:\*$ + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z0-9-]*$ + Password: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[ -~]+$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + Username: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[ -\.0-\[\]-~]*[!-\.0-\[\]-~][ -\.0-\[\]-~]*$ + x-stackql-resource-name: hypervisor + description: Definition of AWS::BackupGateway::Hypervisor Resource Type + x-type-name: AWS::BackupGateway::Hypervisor + x-stackql-primary-identifier: + - HypervisorArn + x-create-only-properties: + - KmsKeyArn + - Tags + x-write-only-properties: + - KmsKeyArn + - LogGroupArn + - Name + - Password + - Tags + - Username + x-read-only-properties: + - HypervisorArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - backup-gateway:ImportHypervisorConfiguration + - backup-gateway:GetHypervisor + - backup-gateway:ListHypervisors + - backup-gateway:TagResource + - kms:CreateGrant + - kms:Encrypt + - kms:Decrypt + read: + - backup-gateway:GetHypervisor + - backup-gateway:ListHypervisors + update: + - backup-gateway:UpdateHypervisor + - backup-gateway:GetHypervisor + - backup-gateway:ListHypervisors + - backup-gateway:ImportHypervisorConfiguration + - backup-gateway:DeleteHypervisor + delete: + - backup-gateway:DeleteHypervisor + - backup-gateway:GetHypervisor + - backup-gateway:ListHypervisors + list: + - backup-gateway:ListHypervisors + x-stackQL-resources: + hypervisors: + name: hypervisors + id: aws.backupgateway.hypervisors + x-cfn-schema-name: Hypervisor + x-type: list + x-identifiers: + - HypervisorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.HypervisorArn') as hypervisor_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::BackupGateway::Hypervisor' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'HypervisorArn') as hypervisor_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::BackupGateway::Hypervisor' + AND region = 'us-east-1' + hypervisor: + name: hypervisor + id: aws.backupgateway.hypervisor + x-cfn-schema-name: Hypervisor + x-type: get + x-identifiers: + - HypervisorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Host') as host, + JSON_EXTRACT(Properties, '$.HypervisorArn') as hypervisor_arn, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.LogGroupArn') as log_group_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Password') as password, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Username') as username + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::BackupGateway::Hypervisor' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Host') as host, + json_extract_path_text(Properties, 'HypervisorArn') as hypervisor_arn, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'LogGroupArn') as log_group_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Password') as password, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Username') as username + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::BackupGateway::Hypervisor' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/batch.yaml b/providers/src/aws/v00.00.00000/services/batch.yaml new file mode 100644 index 00000000..8442294f --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/batch.yaml @@ -0,0 +1,617 @@ +openapi: 3.0.0 +info: + title: Batch + version: 1.0.0 +paths: {} +components: + schemas: + ComputeResources: + type: object + additionalProperties: false + properties: + AllocationStrategy: + type: string + BidPercentage: + type: integer + DesiredvCpus: + type: integer + Ec2Configuration: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Ec2ConfigurationObject' + Ec2KeyPair: + type: string + ImageId: + type: string + InstanceRole: + type: string + InstanceTypes: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + LaunchTemplate: + $ref: '#/components/schemas/LaunchTemplateSpecification' + MaxvCpus: + type: integer + MinvCpus: + type: integer + PlacementGroup: + type: string + SecurityGroupIds: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + SpotIamFleetRole: + type: string + Subnets: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + Tags: + type: object + description: A key-value pair to associate with a resource. + x-patternProperties: + .*: + type: string + additionalProperties: false + Type: + type: string + UpdateToLatestImageVersion: + type: boolean + default: false + required: + - Subnets + - Type + - MaxvCpus + Ec2ConfigurationObject: + type: object + additionalProperties: false + properties: + ImageIdOverride: + type: string + ImageType: + type: string + ImageKubernetesVersion: + type: string + required: + - ImageType + LaunchTemplateSpecification: + type: object + additionalProperties: false + properties: + LaunchTemplateId: + type: string + LaunchTemplateName: + type: string + Version: + type: string + UpdatePolicy: + type: object + additionalProperties: false + properties: + TerminateJobsOnUpdate: + type: boolean + default: false + JobExecutionTimeoutMinutes: + type: integer + default: 30 + EksConfiguration: + type: object + additionalProperties: false + properties: + EksClusterArn: + type: string + default: false + KubernetesNamespace: + type: string + default: false + required: + - EksClusterArn + - KubernetesNamespace + ComputeEnvironment: + type: object + properties: + ComputeEnvironmentArn: + type: string + ComputeEnvironmentName: + type: string + ComputeResources: + $ref: '#/components/schemas/ComputeResources' + ReplaceComputeEnvironment: + type: boolean + default: true + ServiceRole: + type: string + State: + type: string + Tags: + type: object + description: A key-value pair to associate with a resource. + x-patternProperties: + .*: + type: string + additionalProperties: false + Type: + type: string + UpdatePolicy: + $ref: '#/components/schemas/UpdatePolicy' + UnmanagedvCpus: + type: integer + EksConfiguration: + $ref: '#/components/schemas/EksConfiguration' + required: + - Type + x-stackql-resource-name: compute_environment + description: Resource Type definition for AWS::Batch::ComputeEnvironment + x-type-name: AWS::Batch::ComputeEnvironment + x-stackql-primary-identifier: + - ComputeEnvironmentArn + x-stackql-additional-identifiers: + - - ComputeEnvironmentName + x-create-only-properties: + - ComputeResources/SpotIamFleetRole + - ComputeEnvironmentName + - Tags + - Type + - EksConfiguration + x-conditional-create-only-properties: + - ComputeResources/AllocationStrategy + - ComputeResources/BidPercentage + - ComputeResources/Ec2Configuration + - ComputeResources/Ec2KeyPair + - ComputeResources/ImageId + - ComputeResources/InstanceRole + - ComputeResources/InstanceTypes + - ComputeResources/LaunchTemplate + - ComputeResources/PlacementGroup + - ComputeResources/SecurityGroupIds + - ComputeResources/Subnets + - ComputeResources/Tags + - ComputeResources/Type + x-write-only-properties: + - ComputeResources/UpdateToLatestImageVersion + - ReplaceComputeEnvironment + - UpdatePolicy + x-read-only-properties: + - ComputeEnvironmentArn + x-required-properties: + - Type + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - Batch:CreateComputeEnvironment + - Batch:TagResource + - Batch:DescribeComputeEnvironments + - iam:CreateServiceLinkedRole + - Iam:PassRole + - Eks:DescribeCluster + read: + - Batch:DescribeComputeEnvironments + update: + - Batch:UpdateComputeEnvironment + - Batch:DescribeComputeEnvironments + - Batch:TagResource + - Batch:UnTagResource + - Iam:PassRole + - Eks:DescribeCluster + delete: + - Batch:DeleteComputeEnvironment + - Batch:DescribeComputeEnvironments + - Batch:UpdateComputeEnvironment + - Iam:PassRole + - Eks:DescribeCluster + list: + - Batch:DescribeComputeEnvironments + ResourceArn: + description: ARN of the Scheduling Policy. + type: string + ComputeEnvironmentOrder: + type: object + additionalProperties: false + properties: + ComputeEnvironment: + type: string + Order: + type: integer + required: + - ComputeEnvironment + - Order + JobStateTimeLimitAction: + type: object + additionalProperties: false + properties: + Action: + type: string + enum: + - CANCEL + MaxTimeSeconds: + type: integer + minimum: 600 + maximum: 86400 + Reason: + type: string + State: + type: string + enum: + - RUNNABLE + required: + - Action + - MaxTimeSeconds + - Reason + - State + JobQueue: + type: object + properties: + JobQueueName: + type: string + minLength: 1 + maxLength: 128 + JobQueueArn: + $ref: '#/components/schemas/ResourceArn' + ComputeEnvironmentOrder: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/ComputeEnvironmentOrder' + JobStateTimeLimitActions: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/JobStateTimeLimitAction' + Priority: + type: integer + minimum: 0 + maximum: 1000 + State: + type: string + enum: + - DISABLED + - ENABLED + SchedulingPolicyArn: + $ref: '#/components/schemas/ResourceArn' + Tags: + type: object + description: A key-value pair to associate with a resource. + x-patternProperties: + .*: + type: string + additionalProperties: false + required: + - ComputeEnvironmentOrder + - Priority + x-stackql-resource-name: job_queue + description: Resource Type definition for AWS::Batch::JobQueue + x-type-name: AWS::Batch::JobQueue + x-stackql-primary-identifier: + - JobQueueArn + x-create-only-properties: + - Tags + - JobQueueName + x-read-only-properties: + - JobQueueArn + x-required-properties: + - ComputeEnvironmentOrder + - Priority + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - Batch:CreateJobQueue + - Batch:TagResource + - Batch:DescribeJobQueues + read: + - Batch:DescribeJobQueues + update: + - Batch:DescribeJobQueues + - Batch:UpdateJobQueue + - Batch:TagResource + - Batch:UnTagResource + delete: + - Batch:UpdateJobQueue + - Batch:DescribeJobQueues + - Batch:DeleteJobQueue + list: + - Batch:DescribeJobQueues + FairsharePolicy: + description: Fair Share Policy for the Job Queue. + type: object + properties: + ShareDecaySeconds: + type: number + minimum: 0 + maximum: 604800 + ComputeReservation: + type: number + minimum: 0 + maximum: 99 + ShareDistribution: + description: List of Share Attributes + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ShareAttributes' + required: [] + additionalProperties: false + ShareAttributes: + type: object + properties: + ShareIdentifier: + type: string + WeightFactor: + type: number + minimum: 0 + maximum: 1000 + required: [] + additionalProperties: false + SchedulingPolicy: + type: object + properties: + Name: + description: Name of Scheduling Policy. + type: string + pattern: '' + Arn: + $ref: '#/components/schemas/ResourceArn' + FairsharePolicy: + $ref: '#/components/schemas/FairsharePolicy' + Tags: + type: object + description: A key-value pair to associate with a resource. + x-patternProperties: + .*: + type: string + additionalProperties: false + x-stackql-resource-name: scheduling_policy + description: Resource Type schema for AWS::Batch::SchedulingPolicy + x-type-name: AWS::Batch::SchedulingPolicy + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - Tags + x-read-only-properties: + - Arn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - Batch:CreateSchedulingPolicy + - Batch:TagResource + read: + - Batch:DescribeSchedulingPolicies + update: + - Batch:UpdateSchedulingPolicy + - Batch:TagResource + - Batch:UnTagResource + delete: + - Batch:DescribeSchedulingPolicies + - Batch:DeleteSchedulingPolicy + list: + - Batch:ListSchedulingPolicies + - Batch:DescribeSchedulingPolicies + x-stackQL-resources: + compute_environments: + name: compute_environments + id: aws.batch.compute_environments + x-cfn-schema-name: ComputeEnvironment + x-type: list + x-identifiers: + - ComputeEnvironmentArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ComputeEnvironmentArn') as compute_environment_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Batch::ComputeEnvironment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ComputeEnvironmentArn') as compute_environment_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Batch::ComputeEnvironment' + AND region = 'us-east-1' + compute_environment: + name: compute_environment + id: aws.batch.compute_environment + x-cfn-schema-name: ComputeEnvironment + x-type: get + x-identifiers: + - ComputeEnvironmentArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ComputeEnvironmentArn') as compute_environment_arn, + JSON_EXTRACT(Properties, '$.ComputeEnvironmentName') as compute_environment_name, + JSON_EXTRACT(Properties, '$.ComputeResources') as compute_resources, + JSON_EXTRACT(Properties, '$.ReplaceComputeEnvironment') as replace_compute_environment, + JSON_EXTRACT(Properties, '$.ServiceRole') as service_role, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.UpdatePolicy') as update_policy, + JSON_EXTRACT(Properties, '$.UnmanagedvCpus') as unmanagedv_cpus, + JSON_EXTRACT(Properties, '$.EksConfiguration') as eks_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Batch::ComputeEnvironment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ComputeEnvironmentArn') as compute_environment_arn, + json_extract_path_text(Properties, 'ComputeEnvironmentName') as compute_environment_name, + json_extract_path_text(Properties, 'ComputeResources') as compute_resources, + json_extract_path_text(Properties, 'ReplaceComputeEnvironment') as replace_compute_environment, + json_extract_path_text(Properties, 'ServiceRole') as service_role, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'UpdatePolicy') as update_policy, + json_extract_path_text(Properties, 'UnmanagedvCpus') as unmanagedv_cpus, + json_extract_path_text(Properties, 'EksConfiguration') as eks_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Batch::ComputeEnvironment' + AND data__Identifier = '' + AND region = 'us-east-1' + job_queues: + name: job_queues + id: aws.batch.job_queues + x-cfn-schema-name: JobQueue + x-type: list + x-identifiers: + - JobQueueArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.JobQueueArn') as job_queue_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Batch::JobQueue' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'JobQueueArn') as job_queue_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Batch::JobQueue' + AND region = 'us-east-1' + job_queue: + name: job_queue + id: aws.batch.job_queue + x-cfn-schema-name: JobQueue + x-type: get + x-identifiers: + - JobQueueArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.JobQueueName') as job_queue_name, + JSON_EXTRACT(Properties, '$.JobQueueArn') as job_queue_arn, + JSON_EXTRACT(Properties, '$.ComputeEnvironmentOrder') as compute_environment_order, + JSON_EXTRACT(Properties, '$.JobStateTimeLimitActions') as job_state_time_limit_actions, + JSON_EXTRACT(Properties, '$.Priority') as priority, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.SchedulingPolicyArn') as scheduling_policy_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Batch::JobQueue' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'JobQueueName') as job_queue_name, + json_extract_path_text(Properties, 'JobQueueArn') as job_queue_arn, + json_extract_path_text(Properties, 'ComputeEnvironmentOrder') as compute_environment_order, + json_extract_path_text(Properties, 'JobStateTimeLimitActions') as job_state_time_limit_actions, + json_extract_path_text(Properties, 'Priority') as priority, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'SchedulingPolicyArn') as scheduling_policy_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Batch::JobQueue' + AND data__Identifier = '' + AND region = 'us-east-1' + scheduling_policies: + name: scheduling_policies + id: aws.batch.scheduling_policies + x-cfn-schema-name: SchedulingPolicy + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Batch::SchedulingPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Batch::SchedulingPolicy' + AND region = 'us-east-1' + scheduling_policy: + name: scheduling_policy + id: aws.batch.scheduling_policy + x-cfn-schema-name: SchedulingPolicy + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.FairsharePolicy') as fairshare_policy, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Batch::SchedulingPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'FairsharePolicy') as fairshare_policy, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Batch::SchedulingPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/bcmdataexports.yaml b/providers/src/aws/v00.00.00000/services/bcmdataexports.yaml new file mode 100644 index 00000000..4fb7df0f --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/bcmdataexports.yaml @@ -0,0 +1,249 @@ +openapi: 3.0.0 +info: + title: BCMDataExports + version: 1.0.0 +paths: {} +components: + schemas: + CompressionOption: + type: string + enum: + - GZIP + - PARQUET + DataQuery: + type: object + properties: + QueryStatement: + type: string + maxLength: 36000 + minLength: 1 + pattern: ^[\S\s]*$ + TableConfigurations: + $ref: '#/components/schemas/TableConfigurations' + required: + - QueryStatement + additionalProperties: false + DestinationConfigurations: + type: object + properties: + S3Destination: + $ref: '#/components/schemas/S3Destination' + required: + - S3Destination + additionalProperties: false + Export: + type: object + properties: + Export: + $ref: '#/components/schemas/Export' + ExportArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:aws[-a-z0-9]*:[-a-z0-9]+:[-a-z0-9]*:[0-9]{12}:[-a-zA-Z0-9/:_]+$ + Tags: + type: array + items: + $ref: '#/components/schemas/ResourceTag' + maxItems: 200 + minItems: 0 + required: + - Export + x-stackql-resource-name: export + description: Definition of AWS::BCMDataExports::Export Resource Type + x-type-name: AWS::BCMDataExports::Export + x-documentation-url: https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_DataExports_CreateExport.html#API_DataExports_CreateExport_RequestSyntax + x-stackql-primary-identifier: + - ExportArn + x-create-only-properties: + - Export/Name + - Export/DataQuery/TableConfigurations + - Export/RefreshCadence + x-read-only-properties: + - ExportArn + x-required-properties: + - Export + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - bcm-data-exports:CreateExport + - bcm-data-exports:GetExport + - bcm-data-exports:ListTagsForResource + - bcm-data-exports:TagResource + - cur:PutReportDefinition + read: + - bcm-data-exports:GetExport + - bcm-data-exports:ListTagsForResource + update: + - bcm-data-exports:UpdateExport + - bcm-data-exports:TagResource + - bcm-data-exports:UntagResource + - bcm-data-exports:GetExport + - bcm-data-exports:ListTagsForResource + delete: + - bcm-data-exports:DeleteExport + list: + - bcm-data-exports:ListExports + FormatOption: + type: string + enum: + - TEXT_OR_CSV + - PARQUET + FrequencyOption: + type: string + enum: + - SYNCHRONOUS + OverwriteOption: + type: string + enum: + - CREATE_NEW_REPORT + - OVERWRITE_REPORT + RefreshCadence: + type: object + properties: + Frequency: + $ref: '#/components/schemas/FrequencyOption' + required: + - Frequency + additionalProperties: false + ResourceTag: + type: object + properties: + Key: + type: string + maxLength: 128 + minLength: 1 + Value: + type: string + maxLength: 256 + minLength: 0 + required: + - Key + - Value + additionalProperties: false + S3Destination: + type: object + properties: + S3Bucket: + type: string + maxLength: 1024 + minLength: 0 + pattern: ^[\S\s]*$ + S3Prefix: + type: string + maxLength: 1024 + minLength: 0 + pattern: ^[\S\s]*$ + S3Region: + type: string + maxLength: 1024 + minLength: 0 + pattern: ^[\S\s]*$ + S3OutputConfigurations: + $ref: '#/components/schemas/S3OutputConfigurations' + required: + - S3Bucket + - S3OutputConfigurations + - S3Prefix + - S3Region + additionalProperties: false + S3OutputConfigurations: + type: object + properties: + OutputType: + $ref: '#/components/schemas/S3OutputType' + Format: + $ref: '#/components/schemas/FormatOption' + Compression: + $ref: '#/components/schemas/CompressionOption' + Overwrite: + $ref: '#/components/schemas/OverwriteOption' + required: + - Compression + - Format + - OutputType + - Overwrite + additionalProperties: false + S3OutputType: + type: string + enum: + - CUSTOM + TableConfigurations: + type: object + x-patternProperties: + ^[\S\s]*$: + $ref: '#/components/schemas/TableProperties' + additionalProperties: false + TableProperties: + type: object + x-patternProperties: + ^[\S\s]*$: + type: string + maxLength: 1024 + minLength: 0 + pattern: ^[\S\s]*$ + additionalProperties: false + x-stackQL-resources: + exports: + name: exports + id: aws.bcmdataexports.exports + x-cfn-schema-name: Export + x-type: list + x-identifiers: + - ExportArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ExportArn') as export_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::BCMDataExports::Export' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ExportArn') as export_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::BCMDataExports::Export' + AND region = 'us-east-1' + export: + name: export + id: aws.bcmdataexports.export + x-cfn-schema-name: Export + x-type: get + x-identifiers: + - ExportArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Export') as export, + JSON_EXTRACT(Properties, '$.ExportArn') as export_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::BCMDataExports::Export' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Export') as export, + json_extract_path_text(Properties, 'ExportArn') as export_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::BCMDataExports::Export' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/bedrock.yaml b/providers/src/aws/v00.00.00000/services/bedrock.yaml new file mode 100644 index 00000000..56b0c56d --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/bedrock.yaml @@ -0,0 +1,1434 @@ +openapi: 3.0.0 +info: + title: Bedrock + version: 1.0.0 +paths: {} +components: + schemas: + APISchema: + description: Contains information about the API Schema for the Action Group + oneOf: + - type: object + title: S3 + properties: + S3: + $ref: '#/components/schemas/S3Identifier' + required: + - S3 + additionalProperties: false + - type: object + title: Payload + properties: + Payload: + type: string + description: String OpenAPI Payload + required: + - Payload + additionalProperties: false + ActionGroupExecutor: + type: object + x-title: Lambda + properties: + Lambda: + type: string + maxLength: 2048 + pattern: ^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}(-gov)?-[a-z]+-\d{1}:\d{12}:function:[a-zA-Z0-9-_\.]+(:(\$LATEST|[a-zA-Z0-9-_]+))?$ + description: ARN of a Lambda. + required: + - Lambda + additionalProperties: false + ActionGroupSignature: + type: string + description: Action Group Signature for a BuiltIn Action + enum: + - AMAZON.UserInput + ActionGroupState: + type: string + description: State of the action group + enum: + - ENABLED + - DISABLED + AgentActionGroup: + type: object + description: Contains the information of an Agent Action Group + properties: + ActionGroupName: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name of the action group + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of action group + ParentActionGroupSignature: + $ref: '#/components/schemas/ActionGroupSignature' + ActionGroupExecutor: + $ref: '#/components/schemas/ActionGroupExecutor' + ApiSchema: + $ref: '#/components/schemas/APISchema' + ActionGroupState: + $ref: '#/components/schemas/ActionGroupState' + SkipResourceInUseCheckOnDelete: + description: Specifies whether to allow deleting action group while it is in use. + type: boolean + default: false + required: + - ActionGroupName + additionalProperties: false + AgentKnowledgeBase: + type: object + description: Agent Knowledge Base + properties: + KnowledgeBaseId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a resource. + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the Resource. + KnowledgeBaseState: + $ref: '#/components/schemas/KnowledgeBaseState' + required: + - KnowledgeBaseId + - Description + additionalProperties: false + AgentStatus: + type: string + description: Schema Type for Action APIs. + enum: + - CREATING + - PREPARING + - PREPARED + - NOT_PREPARED + - DELETING + - FAILED + - VERSIONING + - UPDATING + CreationMode: + type: string + description: Creation Mode for Prompt Configuration. + enum: + - DEFAULT + - OVERRIDDEN + InferenceConfiguration: + type: object + description: Configuration for inference in prompt configuration + properties: + Temperature: + type: number + maximum: 1 + minimum: 0 + description: Controls randomness, higher values increase diversity + TopP: + type: number + maximum: 1 + minimum: 0 + description: Cumulative probability cutoff for token selection + TopK: + type: number + maximum: 500 + minimum: 0 + description: Sample from the k most likely next tokens + MaximumLength: + type: number + maximum: 4096 + minimum: 0 + description: Maximum length of output + StopSequences: + type: array + items: + type: string + maxItems: 4 + minItems: 0 + description: List of stop sequences + x-insertionOrder: false + additionalProperties: false + KnowledgeBaseState: + type: string + description: State of the knowledge base; whether it is enabled or disabled + enum: + - ENABLED + - DISABLED + PromptConfiguration: + type: object + description: BasePromptConfiguration per Prompt Type. + properties: + PromptType: + $ref: '#/components/schemas/PromptType' + PromptCreationMode: + $ref: '#/components/schemas/CreationMode' + PromptState: + $ref: '#/components/schemas/PromptState' + BasePromptTemplate: + type: string + maxLength: 100000 + minLength: 1 + description: Base Prompt Template. + InferenceConfiguration: + $ref: '#/components/schemas/InferenceConfiguration' + ParserMode: + $ref: '#/components/schemas/CreationMode' + additionalProperties: false + PromptOverrideConfiguration: + type: object + description: Configuration for prompt override. + properties: + PromptConfigurations: + type: array + items: + $ref: '#/components/schemas/PromptConfiguration' + maxItems: 10 + description: List of BasePromptConfiguration + x-insertionOrder: false + OverrideLambda: + type: string + maxLength: 2048 + pattern: ^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}(-gov)?-[a-z]+-\d{1}:\d{12}:function:[a-zA-Z0-9-_\.]+(:(\$LATEST|[a-zA-Z0-9-_]+))?$ + description: ARN of a Lambda. + required: + - PromptConfigurations + additionalProperties: false + PromptState: + type: string + description: Prompt State. + enum: + - ENABLED + - DISABLED + PromptType: + type: string + description: Prompt Type. + enum: + - PRE_PROCESSING + - ORCHESTRATION + - POST_PROCESSING + - KNOWLEDGE_BASE_RESPONSE_GENERATION + S3Identifier: + type: object + description: The identifier for the S3 resource. + properties: + S3BucketName: + type: string + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9][\.\-a-z0-9]{1,61}[a-z0-9]$ + description: A bucket in S3. + S3ObjectKey: + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[\.\-\!\*\_\'\(\)a-zA-Z0-9][\.\-\!\*\_\'\(\)\/a-zA-Z0-9]*$ + description: A object key in S3. + additionalProperties: false + TagsMap: + type: object + description: A map of tag keys and values + x-patternProperties: + ^[a-zA-Z0-9\s._:/=+@-]*$: + type: string + maxLength: 256 + minLength: 0 + pattern: ^[a-zA-Z0-9\s._:/=+@-]*$ + description: Value of a tag + additionalProperties: false + Agent: + type: object + properties: + ActionGroups: + type: array + items: + $ref: '#/components/schemas/AgentActionGroup' + description: List of ActionGroups + x-insertionOrder: false + AgentArn: + type: string + maxLength: 2048 + pattern: ^arn:aws(|-cn|-us-gov):bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent/[0-9a-zA-Z]{10}$ + description: Arn representation of the Agent. + AgentId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a resource. + AgentName: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for a resource. + AgentResourceRoleArn: + type: string + maxLength: 2048 + pattern: ^arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/(service-role/)?AmazonBedrockExecutionRoleForAgents.+$ + description: ARN of a IAM role. + AgentStatus: + $ref: '#/components/schemas/AgentStatus' + AgentVersion: + type: string + maxLength: 5 + minLength: 5 + pattern: ^DRAFT$ + description: Draft Agent Version. + AutoPrepare: + description: Specifies whether to automatically prepare after creating or updating the agent. + type: boolean + default: false + CreatedAt: + type: string + description: Time Stamp. + format: date-time + CustomerEncryptionKeyArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ + description: A KMS key ARN + SkipResourceInUseCheckOnDelete: + description: Specifies whether to allow deleting agent while it is in use. + type: boolean + default: false + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the Resource. + FailureReasons: + type: array + items: + type: string + maxLength: 2048 + description: Failure Reason for Error. + maxItems: 2048 + description: Failure Reasons for Error. + x-insertionOrder: false + FoundationModel: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})))|(([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|(([0-9a-zA-Z][_-]?)+)$ + description: ARN or name of a Bedrock model. + IdleSessionTTLInSeconds: + type: number + maximum: 3600 + minimum: 60 + description: Max Session Time. + Instruction: + type: string + maxLength: 1200 + minLength: 40 + description: Instruction for the agent. + KnowledgeBases: + type: array + items: + $ref: '#/components/schemas/AgentKnowledgeBase' + description: List of Agent Knowledge Bases + x-insertionOrder: false + PreparedAt: + type: string + description: Time Stamp. + format: date-time + PromptOverrideConfiguration: + $ref: '#/components/schemas/PromptOverrideConfiguration' + RecommendedActions: + type: array + items: + type: string + maxLength: 2048 + description: The recommended action users can take to resolve an error in failureReasons. + maxItems: 2048 + description: The recommended actions users can take to resolve an error in failureReasons. + x-insertionOrder: false + Tags: + $ref: '#/components/schemas/TagsMap' + UpdatedAt: + type: string + description: Time Stamp. + format: date-time + required: + - AgentName + x-stackql-resource-name: agent + description: Definition of AWS::Bedrock::Agent Resource Type + x-type-name: AWS::Bedrock::Agent + x-stackql-primary-identifier: + - AgentId + x-write-only-properties: + - AutoPrepare + - SkipResourceInUseCheckOnDelete + - ActionGroups/*/SkipResourceInUseCheckOnDelete + x-read-only-properties: + - AgentArn + - AgentId + - AgentStatus + - AgentVersion + - CreatedAt + - FailureReasons + - PreparedAt + - RecommendedActions + - UpdatedAt + x-required-properties: + - AgentName + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - bedrock:CreateAgent + - bedrock:GetAgent + - bedrock:PrepareAgent + - bedrock:GetAgentKnowledgeBase + - bedrock:AssociateAgentKnowledgeBase + - bedrock:ListAgentKnowledgeBases + - bedrock:CreateAgentActionGroup + - bedrock:GetAgentActionGroup + - bedrock:ListAgentActionGroups + - bedrock:TagResource + - bedrock:ListTagsForResource + - iam:PassRole + read: + - bedrock:GetAgent + - bedrock:GetAgentActionGroup + - bedrock:ListAgentActionGroups + - bedrock:GetAgentKnowledgeBase + - bedrock:ListAgentKnowledgeBases + - bedrock:ListTagsForResource + update: + - bedrock:GetAgent + - bedrock:UpdateAgent + - bedrock:PrepareAgent + - bedrock:GetAgentKnowledgeBase + - bedrock:UpdateAgentKnowledgeBase + - bedrock:AssociateAgentKnowledgeBase + - bedrock:DisassociateAgentKnowledgeBase + - bedrock:ListAgentKnowledgeBases + - bedrock:CreateAgentActionGroup + - bedrock:GetAgentActionGroup + - bedrock:UpdateAgentActionGroup + - bedrock:DeleteAgentActionGroup + - bedrock:ListAgentActionGroups + - bedrock:TagResource + - bedrock:UntagResource + - bedrock:ListTagsForResource + - iam:PassRole + delete: + - bedrock:GetAgent + - bedrock:DeleteAgent + list: + - bedrock:ListAgents + AgentAliasHistoryEvent: + type: object + description: History event for an alias for an Agent. + properties: + RoutingConfiguration: + type: array + items: + $ref: '#/components/schemas/AgentAliasRoutingConfigurationListItem' + maxItems: 1 + description: Routing configuration for an Agent alias. + x-insertionOrder: false + EndDate: + type: string + description: Time Stamp. + StartDate: + type: string + description: Time Stamp. + additionalProperties: false + AgentAliasRoutingConfigurationListItem: + type: object + description: Details about the routing configuration for an Agent alias. + properties: + AgentVersion: + type: string + maxLength: 5 + minLength: 1 + pattern: ^(DRAFT|[0-9]{0,4}[1-9][0-9]{0,4})$ + description: Agent Version. + required: + - AgentVersion + additionalProperties: false + AgentAliasStatus: + type: string + description: The statuses an Agent Alias can be in. + enum: + - CREATING + - PREPARED + - FAILED + - UPDATING + - DELETING + AgentAlias: + type: object + properties: + AgentAliasArn: + type: string + maxLength: 2048 + pattern: ^arn:aws(|-cn|-us-gov):bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent-alias/[0-9a-zA-Z]{10}/[0-9a-zA-Z]{10}$ + description: Arn representation of the Agent Alias. + AgentAliasHistoryEvents: + type: array + items: + $ref: '#/components/schemas/AgentAliasHistoryEvent' + maxItems: 10 + description: The list of history events for an alias for an Agent. + x-insertionOrder: false + AgentAliasId: + type: string + maxLength: 10 + minLength: 10 + pattern: ^(\bTSTALIASID\b|[0-9a-zA-Z]+)$ + description: Id for an Agent Alias generated at the server side. + AgentAliasName: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for a resource. + AgentAliasStatus: + $ref: '#/components/schemas/AgentAliasStatus' + AgentId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a resource. + CreatedAt: + type: string + description: Time Stamp. + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the Resource. + RoutingConfiguration: + type: array + items: + $ref: '#/components/schemas/AgentAliasRoutingConfigurationListItem' + maxItems: 1 + description: Routing configuration for an Agent alias. + x-insertionOrder: false + Tags: + $ref: '#/components/schemas/TagsMap' + UpdatedAt: + type: string + description: Time Stamp. + required: + - AgentAliasName + - AgentId + x-stackql-resource-name: agent_alias + description: Definition of AWS::Bedrock::AgentAlias Resource Type + x-type-name: AWS::Bedrock::AgentAlias + x-stackql-primary-identifier: + - AgentId + - AgentAliasId + x-stackql-additional-identifiers: + - - AgentAliasArn + x-create-only-properties: + - AgentId + x-read-only-properties: + - AgentAliasArn + - AgentAliasHistoryEvents + - AgentAliasId + - AgentAliasStatus + - CreatedAt + - UpdatedAt + x-required-properties: + - AgentAliasName + - AgentId + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - bedrock:PrepareAgent + - bedrock:GetAgent + - bedrock:CreateAgentAlias + - bedrock:TagResource + - bedrock:GetAgentAlias + - bedrock:ListTagsForResource + read: + - bedrock:GetAgentAlias + - bedrock:ListTagsForResource + update: + - bedrock:PrepareAgent + - bedrock:GetAgent + - bedrock:UpdateAgentAlias + - bedrock:TagResource + - bedrock:UntagResource + - bedrock:GetAgentAlias + - bedrock:ListTagsForResource + delete: + - bedrock:DeleteAgentAlias + list: + - bedrock:ListAgentAliases + ChunkingConfiguration: + type: object + description: Details about how to chunk the documents in the data source. A chunk refers to an excerpt from a data source that is returned when the knowledge base that it belongs to is queried. + properties: + ChunkingStrategy: + $ref: '#/components/schemas/ChunkingStrategy' + FixedSizeChunkingConfiguration: + $ref: '#/components/schemas/FixedSizeChunkingConfiguration' + required: + - ChunkingStrategy + additionalProperties: false + ChunkingStrategy: + type: string + description: Knowledge base can split your source data into chunks. A chunk refers to an excerpt from a data source that is returned when the knowledge base that it belongs to is queried. You have the following options for chunking your data. If you opt for NONE, then you may want to pre-process your files by splitting them up such that each file corresponds to a chunk. + enum: + - FIXED_SIZE + - NONE + DataSourceConfiguration: + type: object + description: Specifies a raw data source location to ingest. + properties: + Type: + $ref: '#/components/schemas/DataSourceType' + S3Configuration: + $ref: '#/components/schemas/S3DataSourceConfiguration' + required: + - Type + - S3Configuration + additionalProperties: false + DataSourceStatus: + type: string + description: The status of a data source. + enum: + - AVAILABLE + - DELETING + DataSourceType: + type: string + description: The type of the data source location. + enum: + - S3 + FixedSizeChunkingConfiguration: + type: object + description: Configurations for when you choose fixed-size chunking. If you set the chunkingStrategy as NONE, exclude this field. + properties: + MaxTokens: + type: integer + minimum: 1 + description: The maximum number of tokens to include in a chunk. + OverlapPercentage: + type: integer + maximum: 99 + minimum: 1 + description: The percentage of overlap between adjacent chunks of a data source. + required: + - MaxTokens + - OverlapPercentage + additionalProperties: false + S3DataSourceConfiguration: + type: object + description: Contains information about the S3 configuration of the data source. + properties: + BucketArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(|-cn|-us-gov):s3:::[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ + description: The ARN of the bucket that contains the data source. + InclusionPrefixes: + type: array + items: + type: string + maxLength: 300 + minLength: 1 + description: Prefix for s3 object. + maxItems: 1 + minItems: 1 + description: A list of S3 prefixes that define the object containing the data sources. + x-insertionOrder: false + required: + - BucketArn + additionalProperties: false + ServerSideEncryptionConfiguration: + type: object + description: Contains details about the server-side encryption for the data source. + properties: + KmsKeyArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ + description: The ARN of the AWS KMS key used to encrypt the resource. + additionalProperties: false + VectorIngestionConfiguration: + type: object + description: Details about how to chunk the documents in the data source. A chunk refers to an excerpt from a data source that is returned when the knowledge base that it belongs to is queried. + properties: + ChunkingConfiguration: + $ref: '#/components/schemas/ChunkingConfiguration' + additionalProperties: false + DataSource: + type: object + properties: + DataSourceConfiguration: + $ref: '#/components/schemas/DataSourceConfiguration' + DataSourceId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a resource. + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the Resource. + KnowledgeBaseId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: The unique identifier of the knowledge base to which to add the data source. + DataSourceStatus: + $ref: '#/components/schemas/DataSourceStatus' + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: The name of the data source. + ServerSideEncryptionConfiguration: + $ref: '#/components/schemas/ServerSideEncryptionConfiguration' + VectorIngestionConfiguration: + $ref: '#/components/schemas/VectorIngestionConfiguration' + CreatedAt: + type: string + description: The time at which the data source was created. + UpdatedAt: + type: string + description: The time at which the knowledge base was last updated. + required: + - DataSourceConfiguration + - Name + - KnowledgeBaseId + x-stackql-resource-name: data_source + description: Definition of AWS::Bedrock::DataSource Resource Type + x-type-name: AWS::Bedrock::DataSource + x-stackql-primary-identifier: + - KnowledgeBaseId + - DataSourceId + x-create-only-properties: + - KnowledgeBaseId + - VectorIngestionConfiguration + x-read-only-properties: + - DataSourceId + - DataSourceStatus + - CreatedAt + - UpdatedAt + x-required-properties: + - DataSourceConfiguration + - Name + - KnowledgeBaseId + x-tagging: + taggable: false + cloudFormationSystemTags: true + x-required-permissions: + create: + - bedrock:CreateDataSource + - bedrock:GetDataSource + - bedrock:GetKnowledgeBase + read: + - bedrock:GetDataSource + update: + - bedrock:GetDataSource + - bedrock:UpdateDataSource + delete: + - bedrock:GetDataSource + - bedrock:DeleteDataSource + list: + - bedrock:ListDataSources + KnowledgeBaseConfiguration: + type: object + description: Contains details about the embeddings model used for the knowledge base. + properties: + Type: + $ref: '#/components/schemas/KnowledgeBaseType' + VectorKnowledgeBaseConfiguration: + $ref: '#/components/schemas/VectorKnowledgeBaseConfiguration' + required: + - Type + - VectorKnowledgeBaseConfiguration + additionalProperties: false + KnowledgeBaseStatus: + type: string + description: The status of a knowledge base. + enum: + - CREATING + - ACTIVE + - DELETING + - UPDATING + - FAILED + KnowledgeBaseStorageType: + type: string + description: The storage type of a knowledge base. + enum: + - OPENSEARCH_SERVERLESS + - PINECONE + - RDS + KnowledgeBaseType: + type: string + description: The type of a knowledge base. + enum: + - VECTOR + OpenSearchServerlessConfiguration: + type: object + description: Contains the storage configuration of the knowledge base in Amazon OpenSearch Service. + properties: + CollectionArn: + type: string + maxLength: 2048 + pattern: ^arn:aws:aoss:[a-z]{2}(-gov)?-[a-z]+-\d{1}:\d{12}:collection/[a-z0-9-]{3,32}$ + description: The ARN of the OpenSearch Service vector store. + VectorIndexName: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the vector store. + FieldMapping: + $ref: '#/components/schemas/OpenSearchServerlessFieldMapping' + required: + - CollectionArn + - FieldMapping + - VectorIndexName + additionalProperties: false + OpenSearchServerlessFieldMapping: + type: object + description: A mapping of Bedrock Knowledge Base fields to OpenSearch Serverless field names + properties: + VectorField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. + TextField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. + MetadataField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores metadata about the vector store. + required: + - MetadataField + - TextField + - VectorField + additionalProperties: false + PineconeConfiguration: + type: object + description: Contains the storage configuration of the knowledge base in Pinecone. + properties: + ConnectionString: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The endpoint URL for your index management page. + CredentialsSecretArn: + type: string + pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$ + description: The ARN of the secret that you created in AWS Secrets Manager that is linked to your Pinecone API key. + Namespace: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The namespace to be used to write new data to your database. + FieldMapping: + $ref: '#/components/schemas/PineconeFieldMapping' + required: + - ConnectionString + - CredentialsSecretArn + - FieldMapping + additionalProperties: false + PineconeFieldMapping: + type: object + description: Contains the names of the fields to which to map information about the vector store. + properties: + TextField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. + MetadataField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores metadata about the vector store. + required: + - MetadataField + - TextField + additionalProperties: false + RdsConfiguration: + type: object + description: Contains details about the storage configuration of the knowledge base in Amazon RDS. For more information, see Create a vector index in Amazon RDS. + properties: + ResourceArn: + type: string + pattern: ^arn:aws(|-cn|-us-gov):rds:[a-zA-Z0-9-]*:[0-9]{12}:cluster:[a-zA-Z0-9-]{1,63}$ + description: The ARN of the vector store. + CredentialsSecretArn: + type: string + pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$ + description: The ARN of the secret that you created in AWS Secrets Manager that is linked to your Amazon RDS database. + DatabaseName: + type: string + maxLength: 63 + pattern: ^[a-zA-Z0-9_\-]+$ + description: The name of your Amazon RDS database. + TableName: + type: string + maxLength: 63 + pattern: ^[a-zA-Z0-9_\.\-]+$ + description: The name of the table in the database. + FieldMapping: + $ref: '#/components/schemas/RdsFieldMapping' + required: + - CredentialsSecretArn + - DatabaseName + - FieldMapping + - ResourceArn + - TableName + additionalProperties: false + RdsFieldMapping: + type: object + description: Contains the names of the fields to which to map information about the vector store. + properties: + PrimaryKeyField: + type: string + maxLength: 63 + pattern: ^[a-zA-Z0-9_\-]+$ + description: The name of the field in which Amazon Bedrock stores the ID for each entry. + VectorField: + type: string + maxLength: 63 + pattern: ^[a-zA-Z0-9_\-]+$ + description: The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. + TextField: + type: string + maxLength: 63 + pattern: ^[a-zA-Z0-9_\-]+$ + description: The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. + MetadataField: + type: string + maxLength: 63 + pattern: ^[a-zA-Z0-9_\-]+$ + description: The name of the field in which Amazon Bedrock stores metadata about the vector store. + required: + - MetadataField + - PrimaryKeyField + - TextField + - VectorField + additionalProperties: false + RedisEnterpriseCloudConfiguration: + type: object + description: Contains the storage configuration of the knowledge base in Redis Enterprise Cloud. + properties: + Endpoint: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The endpoint URL of the Redis Enterprise Cloud database. + VectorIndexName: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the vector index. + CredentialsSecretArn: + type: string + pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$ + description: The ARN of the secret that you created in AWS Secrets Manager that is linked to your Redis Enterprise Cloud database. + FieldMapping: + $ref: '#/components/schemas/RedisEnterpriseCloudFieldMapping' + required: + - CredentialsSecretArn + - Endpoint + - FieldMapping + - VectorIndexName + additionalProperties: false + RedisEnterpriseCloudFieldMapping: + type: object + description: Contains the names of the fields to which to map information about the vector store. + properties: + VectorField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. + TextField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. + MetadataField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores metadata about the vector store. + required: + - MetadataField + - TextField + - VectorField + additionalProperties: false + StorageConfiguration: + type: object + description: The vector store service in which the knowledge base is stored. + properties: + Type: + $ref: '#/components/schemas/KnowledgeBaseStorageType' + OpensearchServerlessConfiguration: + $ref: '#/components/schemas/OpenSearchServerlessConfiguration' + PineconeConfiguration: + $ref: '#/components/schemas/PineconeConfiguration' + RdsConfiguration: + $ref: '#/components/schemas/RdsConfiguration' + required: + - Type + oneOf: + - required: + - OpensearchServerlessConfiguration + - required: + - PineconeConfiguration + - required: + - RdsConfiguration + additionalProperties: false + VectorKnowledgeBaseConfiguration: + type: object + description: Contains details about the model used to create vector embeddings for the knowledge base. + properties: + EmbeddingModelArn: + type: string + maxLength: 1011 + minLength: 20 + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}))$ + description: The ARN of the model used to create vector embeddings for the knowledge base. + required: + - EmbeddingModelArn + additionalProperties: false + KnowledgeBase: + type: object + properties: + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the Resource. + KnowledgeBaseConfiguration: + $ref: '#/components/schemas/KnowledgeBaseConfiguration' + KnowledgeBaseId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: The unique identifier of the knowledge base. + KnowledgeBaseArn: + type: string + maxLength: 128 + minLength: 0 + pattern: ^arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:[0-9]{12}:knowledge-base/[0-9a-zA-Z]+$ + description: The ARN of the knowledge base. + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: The name of the knowledge base. + Status: + $ref: '#/components/schemas/KnowledgeBaseStatus' + RoleArn: + type: string + maxLength: 2048 + pattern: ^arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/.+$ + description: The ARN of the IAM role with permissions to invoke API operations on the knowledge base. The ARN must begin with AmazonBedrockExecutionRoleForKnowledgeBase_ + CreatedAt: + type: string + description: The time at which the knowledge base was created. + FailureReasons: + type: array + items: + type: string + maxLength: 2048 + description: Failure Reason for Error. + maxItems: 2048 + description: A list of reasons that the API operation on the knowledge base failed. + x-insertionOrder: false + UpdatedAt: + type: string + description: The time at which the knowledge base was last updated. + StorageConfiguration: + $ref: '#/components/schemas/StorageConfiguration' + Tags: + $ref: '#/components/schemas/TagsMap' + required: + - KnowledgeBaseConfiguration + - Name + - RoleArn + - StorageConfiguration + x-stackql-resource-name: knowledge_base + description: Definition of AWS::Bedrock::KnowledgeBase Resource Type + x-type-name: AWS::Bedrock::KnowledgeBase + x-stackql-primary-identifier: + - KnowledgeBaseId + x-create-only-properties: + - StorageConfiguration + - KnowledgeBaseConfiguration + x-read-only-properties: + - KnowledgeBaseId + - KnowledgeBaseArn + - CreatedAt + - UpdatedAt + - FailureReasons + - Status + x-required-properties: + - KnowledgeBaseConfiguration + - Name + - RoleArn + - StorageConfiguration + x-tagging: + cloudFormationSystemTags: true + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - bedrock:CreateKnowledgeBase + - bedrock:GetKnowledgeBase + - bedrock:TagResource + - bedrock:ListTagsForResource + - bedrock:AssociateThirdPartyKnowledgeBase + - iam:PassRole + read: + - bedrock:GetKnowledgeBase + - bedrock:ListTagsForResource + update: + - bedrock:GetKnowledgeBase + - bedrock:UpdateKnowledgeBase + - bedrock:TagResource + - bedrock:UntagResource + - bedrock:ListTagsForResource + - bedrock:AssociateThirdPartyKnowledgeBase + - iam:PassRole + delete: + - bedrock:GetKnowledgeBase + - bedrock:DeleteKnowledgeBase + - bedrock:ListDataSources + list: + - bedrock:ListKnowledgeBases + x-stackQL-resources: + agents: + name: agents + id: aws.bedrock.agents + x-cfn-schema-name: Agent + x-type: list + x-identifiers: + - AgentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AgentId') as agent_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::Agent' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AgentId') as agent_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::Agent' + AND region = 'us-east-1' + agent: + name: agent + id: aws.bedrock.agent + x-cfn-schema-name: Agent + x-type: get + x-identifiers: + - AgentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ActionGroups') as action_groups, + JSON_EXTRACT(Properties, '$.AgentArn') as agent_arn, + JSON_EXTRACT(Properties, '$.AgentId') as agent_id, + JSON_EXTRACT(Properties, '$.AgentName') as agent_name, + JSON_EXTRACT(Properties, '$.AgentResourceRoleArn') as agent_resource_role_arn, + JSON_EXTRACT(Properties, '$.AgentStatus') as agent_status, + JSON_EXTRACT(Properties, '$.AgentVersion') as agent_version, + JSON_EXTRACT(Properties, '$.AutoPrepare') as auto_prepare, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, + JSON_EXTRACT(Properties, '$.SkipResourceInUseCheckOnDelete') as skip_resource_in_use_check_on_delete, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.FailureReasons') as failure_reasons, + JSON_EXTRACT(Properties, '$.FoundationModel') as foundation_model, + JSON_EXTRACT(Properties, '$.IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, + JSON_EXTRACT(Properties, '$.Instruction') as instruction, + JSON_EXTRACT(Properties, '$.KnowledgeBases') as knowledge_bases, + JSON_EXTRACT(Properties, '$.PreparedAt') as prepared_at, + JSON_EXTRACT(Properties, '$.PromptOverrideConfiguration') as prompt_override_configuration, + JSON_EXTRACT(Properties, '$.RecommendedActions') as recommended_actions, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::Agent' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ActionGroups') as action_groups, + json_extract_path_text(Properties, 'AgentArn') as agent_arn, + json_extract_path_text(Properties, 'AgentId') as agent_id, + json_extract_path_text(Properties, 'AgentName') as agent_name, + json_extract_path_text(Properties, 'AgentResourceRoleArn') as agent_resource_role_arn, + json_extract_path_text(Properties, 'AgentStatus') as agent_status, + json_extract_path_text(Properties, 'AgentVersion') as agent_version, + json_extract_path_text(Properties, 'AutoPrepare') as auto_prepare, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, + json_extract_path_text(Properties, 'SkipResourceInUseCheckOnDelete') as skip_resource_in_use_check_on_delete, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'FailureReasons') as failure_reasons, + json_extract_path_text(Properties, 'FoundationModel') as foundation_model, + json_extract_path_text(Properties, 'IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, + json_extract_path_text(Properties, 'Instruction') as instruction, + json_extract_path_text(Properties, 'KnowledgeBases') as knowledge_bases, + json_extract_path_text(Properties, 'PreparedAt') as prepared_at, + json_extract_path_text(Properties, 'PromptOverrideConfiguration') as prompt_override_configuration, + json_extract_path_text(Properties, 'RecommendedActions') as recommended_actions, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::Agent' + AND data__Identifier = '' + AND region = 'us-east-1' + agent_aliases: + name: agent_aliases + id: aws.bedrock.agent_aliases + x-cfn-schema-name: AgentAlias + x-type: list + x-identifiers: + - AgentId + - AgentAliasId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AgentId') as agent_id, + JSON_EXTRACT(Properties, '$.AgentAliasId') as agent_alias_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::AgentAlias' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AgentId') as agent_id, + json_extract_path_text(Properties, 'AgentAliasId') as agent_alias_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::AgentAlias' + AND region = 'us-east-1' + agent_alias: + name: agent_alias + id: aws.bedrock.agent_alias + x-cfn-schema-name: AgentAlias + x-type: get + x-identifiers: + - AgentId + - AgentAliasId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AgentAliasArn') as agent_alias_arn, + JSON_EXTRACT(Properties, '$.AgentAliasHistoryEvents') as agent_alias_history_events, + JSON_EXTRACT(Properties, '$.AgentAliasId') as agent_alias_id, + JSON_EXTRACT(Properties, '$.AgentAliasName') as agent_alias_name, + JSON_EXTRACT(Properties, '$.AgentAliasStatus') as agent_alias_status, + JSON_EXTRACT(Properties, '$.AgentId') as agent_id, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.RoutingConfiguration') as routing_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::AgentAlias' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AgentAliasArn') as agent_alias_arn, + json_extract_path_text(Properties, 'AgentAliasHistoryEvents') as agent_alias_history_events, + json_extract_path_text(Properties, 'AgentAliasId') as agent_alias_id, + json_extract_path_text(Properties, 'AgentAliasName') as agent_alias_name, + json_extract_path_text(Properties, 'AgentAliasStatus') as agent_alias_status, + json_extract_path_text(Properties, 'AgentId') as agent_id, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'RoutingConfiguration') as routing_configuration, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::AgentAlias' + AND data__Identifier = '|' + AND region = 'us-east-1' + data_sources: + name: data_sources + id: aws.bedrock.data_sources + x-cfn-schema-name: DataSource + x-type: list + x-identifiers: + - KnowledgeBaseId + - DataSourceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id, + JSON_EXTRACT(Properties, '$.DataSourceId') as data_source_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::DataSource' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id, + json_extract_path_text(Properties, 'DataSourceId') as data_source_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::DataSource' + AND region = 'us-east-1' + data_source: + name: data_source + id: aws.bedrock.data_source + x-cfn-schema-name: DataSource + x-type: get + x-identifiers: + - KnowledgeBaseId + - DataSourceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DataSourceConfiguration') as data_source_configuration, + JSON_EXTRACT(Properties, '$.DataSourceId') as data_source_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id, + JSON_EXTRACT(Properties, '$.DataSourceStatus') as data_source_status, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + JSON_EXTRACT(Properties, '$.VectorIngestionConfiguration') as vector_ingestion_configuration, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::DataSource' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DataSourceConfiguration') as data_source_configuration, + json_extract_path_text(Properties, 'DataSourceId') as data_source_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id, + json_extract_path_text(Properties, 'DataSourceStatus') as data_source_status, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + json_extract_path_text(Properties, 'VectorIngestionConfiguration') as vector_ingestion_configuration, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::DataSource' + AND data__Identifier = '|' + AND region = 'us-east-1' + knowledge_bases: + name: knowledge_bases + id: aws.bedrock.knowledge_bases + x-cfn-schema-name: KnowledgeBase + x-type: list + x-identifiers: + - KnowledgeBaseId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::KnowledgeBase' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::KnowledgeBase' + AND region = 'us-east-1' + knowledge_base: + name: knowledge_base + id: aws.bedrock.knowledge_base + x-cfn-schema-name: KnowledgeBase + x-type: get + x-identifiers: + - KnowledgeBaseId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.KnowledgeBaseConfiguration') as knowledge_base_configuration, + JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id, + JSON_EXTRACT(Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.FailureReasons') as failure_reasons, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.StorageConfiguration') as storage_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::KnowledgeBase' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'KnowledgeBaseConfiguration') as knowledge_base_configuration, + json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id, + json_extract_path_text(Properties, 'KnowledgeBaseArn') as knowledge_base_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'FailureReasons') as failure_reasons, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'StorageConfiguration') as storage_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::KnowledgeBase' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/billingconductor.yaml b/providers/src/aws/v00.00.00000/services/billingconductor.yaml new file mode 100644 index 00000000..13cb3be0 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/billingconductor.yaml @@ -0,0 +1,894 @@ +openapi: 3.0.0 +info: + title: BillingConductor + version: 1.0.0 +paths: {} +components: + schemas: + BillingGroupStatus: + type: string + enum: + - ACTIVE + - PRIMARY_ACCOUNT_MISSING + ComputationPreference: + type: object + additionalProperties: false + properties: + PricingPlanArn: + description: ARN of the attached pricing plan + type: string + pattern: arn:aws(-cn)?:billingconductor::[0-9]{12}:pricingplan/[a-zA-Z0-9]{10} + required: + - PricingPlanArn + AccountGrouping: + type: object + additionalProperties: false + properties: + LinkedAccountIds: + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + pattern: '[0-9]{12}' + minItems: 1 + AutoAssociate: + type: boolean + required: + - LinkedAccountIds + Tag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 1 + maxLength: 256 + additionalProperties: false + required: + - Key + - Value + BillingGroup: + type: object + properties: + Arn: + description: Billing Group ARN + type: string + pattern: arn:aws(-cn)?:billingconductor::[0-9]{12}:billinggroup/?[0-9]{12} + Name: + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z0-9_\+=\.\-@]+' + Description: + type: string + maxLength: 1024 + PrimaryAccountId: + description: This account will act as a virtual payer account of the billing group + type: string + pattern: '[0-9]{12}' + ComputationPreference: + $ref: '#/components/schemas/ComputationPreference' + AccountGrouping: + $ref: '#/components/schemas/AccountGrouping' + Size: + description: Number of accounts in the billing group + type: integer + Status: + $ref: '#/components/schemas/BillingGroupStatus' + StatusReason: + type: string + CreationTime: + description: Creation timestamp in UNIX epoch time format + type: integer + LastModifiedTime: + description: Latest modified timestamp in UNIX epoch time format + type: integer + Tags: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - AccountGrouping + - PrimaryAccountId + - ComputationPreference + x-stackql-resource-name: billing_group + description: A billing group is a set of linked account which belong to the same end customer. It can be seen as a virtual consolidated billing family. + x-type-name: AWS::BillingConductor::BillingGroup + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - PrimaryAccountId + x-read-only-properties: + - Arn + - Size + - Status + - StatusReason + - CreationTime + - LastModifiedTime + x-required-properties: + - Name + - AccountGrouping + - PrimaryAccountId + - ComputationPreference + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - billingconductor:CreateBillingGroup + - billingconductor:AssociateAccounts + - billingconductor:ListBillingGroups + - billingconductor:TagResource + - billingconductor:ListTagsForResource + read: + - billingconductor:ListBillingGroups + - billingconductor:ListAccountAssociations + - organizations:ListAccounts + - billingconductor:ListTagsForResource + list: + - billingconductor:ListBillingGroups + - billingconductor:ListAccountAssociations + - organizations:ListAccounts + - billingconductor:ListTagsForResource + update: + - billingconductor:UpdateBillingGroup + - billingconductor:ListAccountAssociations + - organizations:ListAccounts + - billingconductor:AssociateAccounts + - billingconductor:DisassociateAccounts + - billingconductor:ListBillingGroups + - billingconductor:TagResource + - billingconductor:UntagResource + delete: + - billingconductor:DeleteBillingGroup + - billingconductor:ListBillingGroups + - billingconductor:UntagResource + - billingconductor:UpdateBillingGroup + Type: + type: string + enum: + - FEE + - CREDIT + CustomLineItemPercentageChargeDetails: + type: object + additionalProperties: false + properties: + ChildAssociatedResources: + type: array + x-insertionOrder: false + uniqueItems: true + items: + type: string + pattern: (arn:aws(-cn)?:billingconductor::[0-9]{12}:(customlineitem|billinggroup)/)?[a-zA-Z0-9]{10,12} + PercentageValue: + type: number + minimum: 0 + maximum: 10000 + required: + - PercentageValue + CustomLineItemFlatChargeDetails: + type: object + additionalProperties: false + properties: + ChargeValue: + type: number + minimum: 0 + maximum: 1000000 + required: + - ChargeValue + LineItemFilters: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/LineItemFilter' + LineItemFilter: + type: object + additionalProperties: false + properties: + Attribute: + type: string + enum: + - LINE_ITEM_TYPE + MatchOption: + type: string + enum: + - NOT_EQUAL + Values: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/LineItemFilterValue' + required: + - Attribute + - MatchOption + - Values + LineItemFilterValue: + type: string + enum: + - SAVINGS_PLAN_NEGATION + CustomLineItemChargeDetails: + type: object + additionalProperties: false + properties: + Flat: + $ref: '#/components/schemas/CustomLineItemFlatChargeDetails' + Percentage: + $ref: '#/components/schemas/CustomLineItemPercentageChargeDetails' + Type: + $ref: '#/components/schemas/Type' + LineItemFilters: + $ref: '#/components/schemas/LineItemFilters' + required: + - Type + InclusiveStartBillingPeriod: + type: string + pattern: \d{4}-(0?[1-9]|1[012]) + ExclusiveEndBillingPeriod: + type: string + pattern: \d{4}-(0?[1-9]|1[012]) + BillingPeriodRange: + type: object + additionalProperties: false + properties: + InclusiveStartBillingPeriod: + $ref: '#/components/schemas/InclusiveStartBillingPeriod' + ExclusiveEndBillingPeriod: + $ref: '#/components/schemas/ExclusiveEndBillingPeriod' + CustomLineItem: + type: object + properties: + Name: + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z0-9_\+=\.\-@]+' + Description: + type: string + maxLength: 255 + CustomLineItemChargeDetails: + $ref: '#/components/schemas/CustomLineItemChargeDetails' + BillingGroupArn: + description: Billing Group ARN + type: string + pattern: arn:aws(-cn)?:billingconductor::[0-9]{12}:billinggroup/?[0-9]{12} + BillingPeriodRange: + $ref: '#/components/schemas/BillingPeriodRange' + Arn: + description: ARN + type: string + pattern: (arn:aws(-cn)?:billingconductor::[0-9]{12}:customlineitem/)?[a-zA-Z0-9]{10} + CreationTime: + description: Creation timestamp in UNIX epoch time format + type: integer + LastModifiedTime: + description: Latest modified timestamp in UNIX epoch time format + type: integer + AssociationSize: + description: Number of source values associated to this custom line item + type: integer + ProductCode: + type: string + minLength: 1 + maxLength: 29 + CurrencyCode: + type: string + enum: + - USD + - CNY + AccountId: + type: string + description: The account which this custom line item will be charged to + pattern: '[0-9]{12}' + Tags: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - BillingGroupArn + x-stackql-resource-name: custom_line_item + description: A custom line item is an one time charge that is applied to a specific billing group's bill. + x-type-name: AWS::BillingConductor::CustomLineItem + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - BillingGroupArn + - AccountId + - BillingPeriodRange/InclusiveStartBillingPeriod + - BillingPeriodRange/ExclusiveEndBillingPeriod + - CustomLineItemChargeDetails/Type + x-read-only-properties: + - Arn + - CreationTime + - LastModifiedTime + - AssociationSize + - CurrencyCode + - ProductCode + x-required-properties: + - Name + - BillingGroupArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - billingconductor:CreateCustomLineItem + - billingconductor:BatchAssociateResourcesToCustomLineItem + - billingconductor:ListCustomLineItems + - billingconductor:TagResource + - billingconductor:ListTagsForResource + read: + - billingconductor:ListCustomLineItems + - billingconductor:ListCustomLineItemVersions + - billingconductor:ListResourcesAssociatedToCustomLineItem + - billingconductor:ListTagsForResource + list: + - billingconductor:ListCustomLineItems + - billingconductor:ListResourcesAssociatedToCustomLineItem + - billingconductor:ListTagsForResource + update: + - billingconductor:UpdateCustomLineItem + - billingconductor:ListCustomLineItems + - billingconductor:ListResourcesAssociatedToCustomLineItem + - billingconductor:BatchAssociateResourcesToCustomLineItem + - billingconductor:BatchDisassociateResourcesFromCustomLineItem + - billingconductor:TagResource + - billingconductor:UntagResource + delete: + - billingconductor:DeleteCustomLineItem + - billingconductor:ListCustomLineItems + - billingconductor:BatchDisassociateResourcesFromCustomLineItem + - billingconductor:ListResourcesAssociatedToCustomLineItem + - billingconductor:UntagResource + PricingRuleArn: + description: Pricing Rule ARN + type: string + pattern: arn:aws(-cn)?:billingconductor::[0-9]{12}:pricingrule/[a-zA-Z0-9]{10} + PricingPlan: + type: object + properties: + Arn: + description: Pricing Plan ARN + type: string + pattern: arn:aws(-cn)?:billingconductor::[0-9]{12}:pricingplan/[a-zA-Z0-9]{10} + Name: + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z0-9_\+=\.\-@]+' + PricingRuleArns: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/PricingRuleArn' + Size: + type: integer + description: Number of associated pricing rules + Description: + type: string + maxLength: 1024 + CreationTime: + description: Creation timestamp in UNIX epoch time format + type: integer + LastModifiedTime: + description: Latest modified timestamp in UNIX epoch time format + type: integer + Tags: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + x-stackql-resource-name: pricing_plan + description: Pricing Plan enables you to customize your billing details consistent with the usage that accrues in each of your billing groups. + x-type-name: AWS::BillingConductor::PricingPlan + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + - Size + - CreationTime + - LastModifiedTime + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - billingconductor:CreatePricingPlan + - billingconductor:AssociatePricingRules + - billingconductor:ListPricingPlans + - billingconductor:TagResource + - billingconductor:ListTagsForResource + read: + - billingconductor:ListPricingPlans + - billingconductor:ListPricingRulesAssociatedToPricingPlan + - billingconductor:ListTagsForResource + list: + - billingconductor:ListPricingPlans + - billingconductor:ListPricingRulesAssociatedToPricingPlan + - billingconductor:ListTagsForResource + update: + - billingconductor:ListPricingPlans + - billingconductor:UpdatePricingPlan + - billingconductor:ListPricingRulesAssociatedToPricingPlan + - billingconductor:AssociatePricingRules + - billingconductor:DisassociatePricingRules + - billingconductor:TagResource + - billingconductor:UntagResource + delete: + - billingconductor:ListPricingPlans + - billingconductor:DeletePricingPlan + - billingconductor:UntagResource + FreeTier: + description: The possible customizable free tier configurations. + type: object + additionalProperties: false + properties: + Activated: + type: boolean + required: + - Activated + PricingRule: + type: object + properties: + Arn: + description: Pricing rule ARN + type: string + pattern: arn:aws(-cn)?:billingconductor::[0-9]{12}:pricingrule/[a-zA-Z0-9]{10} + Name: + description: Pricing rule name + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z0-9_\+=\.\-@]+' + Description: + description: Pricing rule description + type: string + maxLength: 1024 + Scope: + description: A term used to categorize the granularity of a Pricing Rule. + type: string + enum: + - GLOBAL + - SERVICE + - BILLING_ENTITY + - SKU + Type: + description: One of MARKUP, DISCOUNT or TIERING that describes the behaviour of the pricing rule. + type: string + enum: + - MARKUP + - DISCOUNT + - TIERING + ModifierPercentage: + description: Pricing rule modifier percentage + type: number + minimum: 0 + Service: + description: The service which a pricing rule is applied on + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z0-9\.\-]+' + BillingEntity: + description: The seller of services provided by AWS, their affiliates, or third-party providers selling services via AWS Marketplaces. Supported billing entities are AWS, AWS Marketplace, and AISPL. + type: string + enum: + - AWS + - AWS Marketplace + - AISPL + Tiering: + description: The set of tiering configurations for the pricing rule. + type: object + additionalProperties: false + properties: + FreeTier: + $ref: '#/components/schemas/FreeTier' + UsageType: + description: The UsageType which a SKU pricing rule is modifying + type: string + minLength: 1 + maxLength: 256 + pattern: ^\S+$ + Operation: + description: The Operation which a SKU pricing rule is modifying + type: string + minLength: 1 + maxLength: 256 + pattern: ^\S+$ + AssociatedPricingPlanCount: + description: The number of pricing plans associated with pricing rule + type: integer + minimum: 0 + CreationTime: + description: Creation timestamp in UNIX epoch time format + type: integer + LastModifiedTime: + description: Latest modified timestamp in UNIX epoch time format + type: integer + Tags: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - Scope + - Type + x-stackql-resource-name: pricing_rule + description: A markup/discount that is defined for a specific set of services that can later be associated with a pricing plan. + x-type-name: AWS::BillingConductor::PricingRule + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Scope + - Service + - BillingEntity + - UsageType + - Operation + x-read-only-properties: + - Arn + - AssociatedPricingPlanCount + - CreationTime + - LastModifiedTime + x-required-properties: + - Name + - Scope + - Type + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - billingconductor:CreatePricingRule + - billingconductor:ListPricingRules + - billingconductor:TagResource + - billingconductor:ListTagsForResource + read: + - billingconductor:ListPricingRules + - billingconductor:ListTagsForResource + update: + - billingconductor:UpdatePricingRule + - billingconductor:ListPricingRules + - billingconductor:TagResource + - billingconductor:UntagResource + delete: + - billingconductor:DeletePricingRule + - billingconductor:ListPricingRules + - billingconductor:UntagResource + list: + - billingconductor:ListPricingRules + - billingconductor:ListTagsForResource + x-stackQL-resources: + billing_groups: + name: billing_groups + id: aws.billingconductor.billing_groups + x-cfn-schema-name: BillingGroup + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::BillingConductor::BillingGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::BillingConductor::BillingGroup' + AND region = 'us-east-1' + billing_group: + name: billing_group + id: aws.billingconductor.billing_group + x-cfn-schema-name: BillingGroup + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.PrimaryAccountId') as primary_account_id, + JSON_EXTRACT(Properties, '$.ComputationPreference') as computation_preference, + JSON_EXTRACT(Properties, '$.AccountGrouping') as account_grouping, + JSON_EXTRACT(Properties, '$.Size') as size, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusReason') as status_reason, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::BillingConductor::BillingGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'PrimaryAccountId') as primary_account_id, + json_extract_path_text(Properties, 'ComputationPreference') as computation_preference, + json_extract_path_text(Properties, 'AccountGrouping') as account_grouping, + json_extract_path_text(Properties, 'Size') as size, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusReason') as status_reason, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::BillingConductor::BillingGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + custom_line_items: + name: custom_line_items + id: aws.billingconductor.custom_line_items + x-cfn-schema-name: CustomLineItem + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::BillingConductor::CustomLineItem' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::BillingConductor::CustomLineItem' + AND region = 'us-east-1' + custom_line_item: + name: custom_line_item + id: aws.billingconductor.custom_line_item + x-cfn-schema-name: CustomLineItem + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.CustomLineItemChargeDetails') as custom_line_item_charge_details, + JSON_EXTRACT(Properties, '$.BillingGroupArn') as billing_group_arn, + JSON_EXTRACT(Properties, '$.BillingPeriodRange') as billing_period_range, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time, + JSON_EXTRACT(Properties, '$.AssociationSize') as association_size, + JSON_EXTRACT(Properties, '$.ProductCode') as product_code, + JSON_EXTRACT(Properties, '$.CurrencyCode') as currency_code, + JSON_EXTRACT(Properties, '$.AccountId') as account_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::BillingConductor::CustomLineItem' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'CustomLineItemChargeDetails') as custom_line_item_charge_details, + json_extract_path_text(Properties, 'BillingGroupArn') as billing_group_arn, + json_extract_path_text(Properties, 'BillingPeriodRange') as billing_period_range, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time, + json_extract_path_text(Properties, 'AssociationSize') as association_size, + json_extract_path_text(Properties, 'ProductCode') as product_code, + json_extract_path_text(Properties, 'CurrencyCode') as currency_code, + json_extract_path_text(Properties, 'AccountId') as account_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::BillingConductor::CustomLineItem' + AND data__Identifier = '' + AND region = 'us-east-1' + pricing_plans: + name: pricing_plans + id: aws.billingconductor.pricing_plans + x-cfn-schema-name: PricingPlan + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::BillingConductor::PricingPlan' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::BillingConductor::PricingPlan' + AND region = 'us-east-1' + pricing_plan: + name: pricing_plan + id: aws.billingconductor.pricing_plan + x-cfn-schema-name: PricingPlan + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.PricingRuleArns') as pricing_rule_arns, + JSON_EXTRACT(Properties, '$.Size') as size, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::BillingConductor::PricingPlan' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'PricingRuleArns') as pricing_rule_arns, + json_extract_path_text(Properties, 'Size') as size, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::BillingConductor::PricingPlan' + AND data__Identifier = '' + AND region = 'us-east-1' + pricing_rules: + name: pricing_rules + id: aws.billingconductor.pricing_rules + x-cfn-schema-name: PricingRule + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::BillingConductor::PricingRule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::BillingConductor::PricingRule' + AND region = 'us-east-1' + pricing_rule: + name: pricing_rule + id: aws.billingconductor.pricing_rule + x-cfn-schema-name: PricingRule + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Scope') as scope, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.ModifierPercentage') as modifier_percentage, + JSON_EXTRACT(Properties, '$.Service') as service, + JSON_EXTRACT(Properties, '$.BillingEntity') as billing_entity, + JSON_EXTRACT(Properties, '$.Tiering') as tiering, + JSON_EXTRACT(Properties, '$.UsageType') as usage_type, + JSON_EXTRACT(Properties, '$.Operation') as operation, + JSON_EXTRACT(Properties, '$.AssociatedPricingPlanCount') as associated_pricing_plan_count, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::BillingConductor::PricingRule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Scope') as scope, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'ModifierPercentage') as modifier_percentage, + json_extract_path_text(Properties, 'Service') as service, + json_extract_path_text(Properties, 'BillingEntity') as billing_entity, + json_extract_path_text(Properties, 'Tiering') as tiering, + json_extract_path_text(Properties, 'UsageType') as usage_type, + json_extract_path_text(Properties, 'Operation') as operation, + json_extract_path_text(Properties, 'AssociatedPricingPlanCount') as associated_pricing_plan_count, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::BillingConductor::PricingRule' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/budgets.yaml b/providers/src/aws/v00.00.00000/services/budgets.yaml new file mode 100644 index 00000000..a816aed3 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/budgets.yaml @@ -0,0 +1,258 @@ +openapi: 3.0.0 +info: + title: Budgets + version: 1.0.0 +paths: {} +components: + schemas: + Subscriber: + type: object + properties: + Type: + type: string + enum: + - SNS + - EMAIL + Address: + type: string + required: + - Type + - Address + additionalProperties: false + ActionThreshold: + type: object + properties: + Value: + type: number + Type: + type: string + enum: + - PERCENTAGE + - ABSOLUTE_VALUE + required: + - Value + - Type + additionalProperties: false + IamActionDefinition: + type: object + properties: + PolicyArn: + type: string + Roles: + type: array + items: + type: string + minItems: 1 + maxItems: 100 + Groups: + type: array + items: + type: string + minItems: 1 + maxItems: 100 + Users: + type: array + items: + type: string + minItems: 1 + maxItems: 100 + required: + - PolicyArn + additionalProperties: false + ScpActionDefinition: + type: object + properties: + PolicyId: + type: string + TargetIds: + type: array + items: + type: string + minItems: 1 + maxItems: 100 + required: + - PolicyId + - TargetIds + additionalProperties: false + SsmActionDefinition: + type: object + properties: + Subtype: + type: string + enum: + - STOP_EC2_INSTANCES + - STOP_RDS_INSTANCES + Region: + type: string + InstanceIds: + type: array + items: + type: string + minItems: 1 + maxItems: 100 + required: + - Subtype + - Region + - InstanceIds + additionalProperties: false + Definition: + type: object + properties: + IamActionDefinition: + $ref: '#/components/schemas/IamActionDefinition' + ScpActionDefinition: + $ref: '#/components/schemas/ScpActionDefinition' + SsmActionDefinition: + $ref: '#/components/schemas/SsmActionDefinition' + additionalProperties: false + BudgetsAction: + type: object + properties: + ActionId: + type: string + BudgetName: + type: string + NotificationType: + type: string + enum: + - ACTUAL + - FORECASTED + ActionType: + type: string + enum: + - APPLY_IAM_POLICY + - APPLY_SCP_POLICY + - RUN_SSM_DOCUMENTS + ActionThreshold: + $ref: '#/components/schemas/ActionThreshold' + ExecutionRoleArn: + type: string + ApprovalModel: + type: string + enum: + - AUTOMATIC + - MANUAL + Subscribers: + type: array + items: + $ref: '#/components/schemas/Subscriber' + maxItems: 11 + minItems: 1 + Definition: + $ref: '#/components/schemas/Definition' + required: + - BudgetName + - NotificationType + - ActionType + - ActionThreshold + - ExecutionRoleArn + - Definition + - Subscribers + x-stackql-resource-name: budgets_action + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::Budgets::BudgetsAction + x-stackql-primary-identifier: + - ActionId + - BudgetName + x-create-only-properties: + - ActionType + - BudgetName + x-read-only-properties: + - ActionId + x-required-properties: + - BudgetName + - NotificationType + - ActionType + - ActionThreshold + - ExecutionRoleArn + - Definition + - Subscribers + x-required-permissions: + create: + - budgets:CreateBudgetAction + - iam:PassRole + read: + - budgets:DescribeBudgetAction + update: + - budgets:UpdateBudgetAction + - iam:PassRole + delete: + - budgets:DeleteBudgetAction + list: + - budgets:DescribeBudgetActionsForAccount + - budgets:DescribeBudgetActionsForBudget + x-stackQL-resources: + budgets_actions: + name: budgets_actions + id: aws.budgets.budgets_actions + x-cfn-schema-name: BudgetsAction + x-type: list + x-identifiers: + - ActionId + - BudgetName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ActionId') as action_id, + JSON_EXTRACT(Properties, '$.BudgetName') as budget_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Budgets::BudgetsAction' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ActionId') as action_id, + json_extract_path_text(Properties, 'BudgetName') as budget_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Budgets::BudgetsAction' + AND region = 'us-east-1' + budgets_action: + name: budgets_action + id: aws.budgets.budgets_action + x-cfn-schema-name: BudgetsAction + x-type: get + x-identifiers: + - ActionId + - BudgetName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ActionId') as action_id, + JSON_EXTRACT(Properties, '$.BudgetName') as budget_name, + JSON_EXTRACT(Properties, '$.NotificationType') as notification_type, + JSON_EXTRACT(Properties, '$.ActionType') as action_type, + JSON_EXTRACT(Properties, '$.ActionThreshold') as action_threshold, + JSON_EXTRACT(Properties, '$.ExecutionRoleArn') as execution_role_arn, + JSON_EXTRACT(Properties, '$.ApprovalModel') as approval_model, + JSON_EXTRACT(Properties, '$.Subscribers') as subscribers, + JSON_EXTRACT(Properties, '$.Definition') as definition + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Budgets::BudgetsAction' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ActionId') as action_id, + json_extract_path_text(Properties, 'BudgetName') as budget_name, + json_extract_path_text(Properties, 'NotificationType') as notification_type, + json_extract_path_text(Properties, 'ActionType') as action_type, + json_extract_path_text(Properties, 'ActionThreshold') as action_threshold, + json_extract_path_text(Properties, 'ExecutionRoleArn') as execution_role_arn, + json_extract_path_text(Properties, 'ApprovalModel') as approval_model, + json_extract_path_text(Properties, 'Subscribers') as subscribers, + json_extract_path_text(Properties, 'Definition') as definition + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Budgets::BudgetsAction' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/cassandra.yaml b/providers/src/aws/v00.00.00000/services/cassandra.yaml new file mode 100644 index 00000000..1620ac6d --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/cassandra.yaml @@ -0,0 +1,572 @@ +openapi: 3.0.0 +info: + title: Cassandra + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to apply to the resource + type: object + additionalProperties: false + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 1 + maxLength: 256 + required: + - Value + - Key + ReplicationSpecification: + type: object + additionalProperties: false + properties: + ReplicationStrategy: + type: string + enum: + - SINGLE_REGION + - MULTI_REGION + RegionList: + $ref: '#/components/schemas/RegionList' + default: + properties: + ReplicationStrategy: + type: string + x-const: SINGLE_REGION + x-dependencies: + RegionList: + - ReplicationStrategy + RegionList: + type: array + items: + type: string + enum: + - ap-northeast-1 + - ap-northeast-2 + - ap-south-1 + - ap-southeast-1 + - ap-southeast-2 + - ca-central-1 + - eu-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - sa-east-1 + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + uniqueItems: true + x-insertionOrder: false + minItems: 2 + maxItems: 6 + Keyspace: + type: object + properties: + KeyspaceName: + description: Name for Cassandra keyspace + type: string + pattern: ^[a-zA-Z0-9][a-zA-Z0-9_]{1,47}$ + Tags: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + ReplicationSpecification: + $ref: '#/components/schemas/ReplicationSpecification' + required: [] + x-stackql-resource-name: keyspace + description: Resource schema for AWS::Cassandra::Keyspace + x-type-name: AWS::Cassandra::Keyspace + x-stackql-primary-identifier: + - KeyspaceName + x-create-only-properties: + - ReplicationSpecification + - KeyspaceName + x-required-properties: [] + x-required-permissions: + create: + - cassandra:Create + - cassandra:CreateMultiRegionResource + - cassandra:Select + - cassandra:SelectMultiRegionResource + - cassandra:TagResource + - cassandra:TagMultiRegionResource + - iam:CreateServiceLinkedRole + read: + - cassandra:Select + - cassandra:SelectMultiRegionResource + update: + - cassandra:Alter + - cassandra:AlterMultiRegionResource + - cassandra:Select + - cassandra:SelectMultiRegionResource + - cassandra:TagResource + - cassandra:TagMultiRegionResource + - cassandra:UntagResource + - cassandra:UntagMultiRegionResource + delete: + - cassandra:Drop + - cassandra:DropMultiRegionResource + - cassandra:Select + - cassandra:SelectMultiRegionResource + list: + - cassandra:Select + - cassandra:SelectMultiRegionResource + Column: + type: object + properties: + ColumnName: + type: string + pattern: ^[a-zA-Z0-9][a-zA-Z0-9_]{1,47}$ + ColumnType: + type: string + required: + - ColumnName + - ColumnType + additionalProperties: false + ClusteringKeyColumn: + type: object + properties: + Column: + $ref: '#/components/schemas/Column' + OrderBy: + type: string + enum: + - ASC + - DESC + default: ASC + additionalProperties: false + required: + - Column + ProvisionedThroughput: + description: Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits + type: object + properties: + ReadCapacityUnits: + type: integer + minimum: 1 + WriteCapacityUnits: + type: integer + minimum: 1 + additionalProperties: false + required: + - ReadCapacityUnits + - WriteCapacityUnits + Mode: + description: Capacity mode for the specified table + type: string + enum: + - PROVISIONED + - ON_DEMAND + default: ON_DEMAND + BillingMode: + type: object + properties: + Mode: + $ref: '#/components/schemas/Mode' + ProvisionedThroughput: + $ref: '#/components/schemas/ProvisionedThroughput' + required: + - Mode + additionalProperties: false + EncryptionSpecification: + description: Represents the settings used to enable server-side encryption + type: object + properties: + EncryptionType: + $ref: '#/components/schemas/EncryptionType' + KmsKeyIdentifier: + $ref: '#/components/schemas/KmsKeyIdentifier' + required: + - EncryptionType + additionalProperties: false + EncryptionType: + description: Server-side encryption type + type: string + enum: + - AWS_OWNED_KMS_KEY + - CUSTOMER_MANAGED_KMS_KEY + default: AWS_OWNED_KMS_KEY + KmsKeyIdentifier: + description: 'The AWS KMS customer master key (CMK) that should be used for the AWS KMS encryption. To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. ' + type: string + AutoScalingSpecification: + description: Represents the read and write settings used for AutoScaling. + type: object + properties: + WriteCapacityAutoScaling: + $ref: '#/components/schemas/AutoScalingSetting' + ReadCapacityAutoScaling: + $ref: '#/components/schemas/AutoScalingSetting' + additionalProperties: false + AutoScalingSetting: + description: Represents configuration for auto scaling. + type: object + properties: + AutoScalingDisabled: + type: boolean + default: false + MinimumUnits: + type: integer + minimum: 1 + MaximumUnits: + type: integer + minimum: 1 + ScalingPolicy: + $ref: '#/components/schemas/ScalingPolicy' + additionalProperties: false + ScalingPolicy: + description: Represents scaling policy. + type: object + properties: + TargetTrackingScalingPolicyConfiguration: + $ref: '#/components/schemas/TargetTrackingScalingPolicyConfiguration' + additionalProperties: false + TargetTrackingScalingPolicyConfiguration: + description: Represents configuration for target tracking scaling policy. + type: object + properties: + DisableScaleIn: + type: boolean + default: 'false' + ScaleInCooldown: + type: integer + default: 0 + ScaleOutCooldown: + type: integer + default: 0 + TargetValue: + type: integer + required: + - TargetValue + additionalProperties: false + ReplicaSpecification: + description: Represents replica specifications. + type: object + properties: + Region: + type: string + minLength: 2 + maxLength: 25 + ReadCapacityUnits: + type: integer + ReadCapacityAutoScaling: + $ref: '#/components/schemas/AutoScalingSetting' + required: + - Region + additionalProperties: false + Table: + type: object + properties: + KeyspaceName: + description: Name for Cassandra keyspace + type: string + pattern: ^[a-zA-Z0-9][a-zA-Z0-9_]{1,47}$ + TableName: + description: Name for Cassandra table + type: string + pattern: ^[a-zA-Z0-9][a-zA-Z0-9_]{1,47}$ + RegularColumns: + description: Non-key columns of the table + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Column' + PartitionKeyColumns: + description: Partition key columns of the table + type: array + minItems: 1 + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/Column' + ClusteringKeyColumns: + description: Clustering key columns of the table + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/ClusteringKeyColumn' + BillingMode: + $ref: '#/components/schemas/BillingMode' + PointInTimeRecoveryEnabled: + description: Indicates whether point in time recovery is enabled (true) or disabled (false) on the table + type: boolean + ClientSideTimestampsEnabled: + description: Indicates whether client side timestamps are enabled (true) or disabled (false) on the table. False by default, once it is enabled it cannot be disabled again. + type: boolean + Tags: + description: An array of key-value pairs to apply to this resource + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + DefaultTimeToLive: + description: Default TTL (Time To Live) in seconds, where zero is disabled. If the value is greater than zero, TTL is enabled for the entire table and an expiration timestamp is added to each column. + type: integer + minimum: 0 + EncryptionSpecification: + $ref: '#/components/schemas/EncryptionSpecification' + AutoScalingSpecifications: + $ref: '#/components/schemas/AutoScalingSpecification' + ReplicaSpecifications: + type: array + minItems: 1 + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/ReplicaSpecification' + required: + - KeyspaceName + - PartitionKeyColumns + x-stackql-resource-name: table + description: Resource schema for AWS::Cassandra::Table + x-type-name: AWS::Cassandra::Table + x-stackql-primary-identifier: + - KeyspaceName + - TableName + x-create-only-properties: + - KeyspaceName + - TableName + - PartitionKeyColumns + - ClusteringKeyColumns + - ClientSideTimestampsEnabled + x-write-only-properties: + - AutoScalingSpecifications + - ReplicaSpecifications + x-required-properties: + - KeyspaceName + - PartitionKeyColumns + x-required-permissions: + create: + - cassandra:Create + - cassandra:CreateMultiRegionResource + - cassandra:Select + - cassandra:SelectMultiRegionResource + - cassandra:TagResource + - cassandra:TagMultiRegionResource + - kms:CreateGrant + - kms:DescribeKey + - kms:Encrypt + - kms:Decrypt + - application-autoscaling:DescribeScalableTargets + - application-autoscaling:DescribeScalingPolicies + - application-autoscaling:DeregisterScalableTarget + - application-autoscaling:RegisterScalableTarget + - application-autoscaling:PutScalingPolicy + - cloudwatch:DeleteAlarms + - cloudwatch:DescribeAlarms + - cloudwatch:GetMetricData + - cloudwatch:PutMetricAlarm + read: + - cassandra:Select + - cassandra:SelectMultiRegionResource + - application-autoscaling:DescribeScalableTargets + - application-autoscaling:DescribeScalingPolicies + - application-autoscaling:DeregisterScalableTarget + - application-autoscaling:RegisterScalableTarget + - application-autoscaling:PutScalingPolicy + - cloudwatch:DeleteAlarms + - cloudwatch:DescribeAlarms + - cloudwatch:GetMetricData + - cloudwatch:PutMetricAlarm + update: + - cassandra:Alter + - cassandra:AlterMultiRegionResource + - cassandra:Select + - cassandra:SelectMultiRegionResource + - cassandra:TagResource + - cassandra:TagMultiRegionResource + - cassandra:UntagResource + - cassandra:UntagMultiRegionResource + - kms:CreateGrant + - kms:DescribeKey + - kms:Encrypt + - kms:Decrypt + - application-autoscaling:DescribeScalableTargets + - application-autoscaling:DescribeScalingPolicies + - application-autoscaling:DeregisterScalableTarget + - application-autoscaling:RegisterScalableTarget + - application-autoscaling:PutScalingPolicy + - cloudwatch:DeleteAlarms + - cloudwatch:DescribeAlarms + - cloudwatch:GetMetricData + - cloudwatch:PutMetricAlarm + delete: + - cassandra:Drop + - cassandra:DropMultiRegionResource + - cassandra:Select + - cassandra:SelectMultiRegionResource + - application-autoscaling:DescribeScalableTargets + - application-autoscaling:DescribeScalingPolicies + - application-autoscaling:DeregisterScalableTarget + - application-autoscaling:RegisterScalableTarget + - application-autoscaling:PutScalingPolicy + - cloudwatch:DeleteAlarms + - cloudwatch:DescribeAlarms + - cloudwatch:GetMetricData + - cloudwatch:PutMetricAlarm + list: + - cassandra:Select + - cassandra:SelectMultiRegionResource + - application-autoscaling:DescribeScalableTargets + - application-autoscaling:DescribeScalingPolicies + - application-autoscaling:DeregisterScalableTarget + - application-autoscaling:RegisterScalableTarget + - application-autoscaling:PutScalingPolicy + - cloudwatch:DeleteAlarms + - cloudwatch:DescribeAlarms + - cloudwatch:GetMetricData + - cloudwatch:PutMetricAlarm + x-stackQL-resources: + keyspaces: + name: keyspaces + id: aws.cassandra.keyspaces + x-cfn-schema-name: Keyspace + x-type: list + x-identifiers: + - KeyspaceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.KeyspaceName') as keyspace_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cassandra::Keyspace' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'KeyspaceName') as keyspace_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cassandra::Keyspace' + AND region = 'us-east-1' + keyspace: + name: keyspace + id: aws.cassandra.keyspace + x-cfn-schema-name: Keyspace + x-type: get + x-identifiers: + - KeyspaceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.KeyspaceName') as keyspace_name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ReplicationSpecification') as replication_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cassandra::Keyspace' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'KeyspaceName') as keyspace_name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ReplicationSpecification') as replication_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cassandra::Keyspace' + AND data__Identifier = '' + AND region = 'us-east-1' + tables: + name: tables + id: aws.cassandra.tables + x-cfn-schema-name: Table + x-type: list + x-identifiers: + - KeyspaceName + - TableName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.KeyspaceName') as keyspace_name, + JSON_EXTRACT(Properties, '$.TableName') as table_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cassandra::Table' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'KeyspaceName') as keyspace_name, + json_extract_path_text(Properties, 'TableName') as table_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cassandra::Table' + AND region = 'us-east-1' + table: + name: table + id: aws.cassandra.table + x-cfn-schema-name: Table + x-type: get + x-identifiers: + - KeyspaceName + - TableName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.KeyspaceName') as keyspace_name, + JSON_EXTRACT(Properties, '$.TableName') as table_name, + JSON_EXTRACT(Properties, '$.RegularColumns') as regular_columns, + JSON_EXTRACT(Properties, '$.PartitionKeyColumns') as partition_key_columns, + JSON_EXTRACT(Properties, '$.ClusteringKeyColumns') as clustering_key_columns, + JSON_EXTRACT(Properties, '$.BillingMode') as billing_mode, + JSON_EXTRACT(Properties, '$.PointInTimeRecoveryEnabled') as point_in_time_recovery_enabled, + JSON_EXTRACT(Properties, '$.ClientSideTimestampsEnabled') as client_side_timestamps_enabled, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.DefaultTimeToLive') as default_time_to_live, + JSON_EXTRACT(Properties, '$.EncryptionSpecification') as encryption_specification, + JSON_EXTRACT(Properties, '$.AutoScalingSpecifications') as auto_scaling_specifications, + JSON_EXTRACT(Properties, '$.ReplicaSpecifications') as replica_specifications + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cassandra::Table' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'KeyspaceName') as keyspace_name, + json_extract_path_text(Properties, 'TableName') as table_name, + json_extract_path_text(Properties, 'RegularColumns') as regular_columns, + json_extract_path_text(Properties, 'PartitionKeyColumns') as partition_key_columns, + json_extract_path_text(Properties, 'ClusteringKeyColumns') as clustering_key_columns, + json_extract_path_text(Properties, 'BillingMode') as billing_mode, + json_extract_path_text(Properties, 'PointInTimeRecoveryEnabled') as point_in_time_recovery_enabled, + json_extract_path_text(Properties, 'ClientSideTimestampsEnabled') as client_side_timestamps_enabled, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'DefaultTimeToLive') as default_time_to_live, + json_extract_path_text(Properties, 'EncryptionSpecification') as encryption_specification, + json_extract_path_text(Properties, 'AutoScalingSpecifications') as auto_scaling_specifications, + json_extract_path_text(Properties, 'ReplicaSpecifications') as replica_specifications + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cassandra::Table' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/ce.yaml b/providers/src/aws/v00.00.00000/services/ce.yaml new file mode 100644 index 00000000..93c8f07a --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/ce.yaml @@ -0,0 +1,496 @@ +openapi: 3.0.0 +info: + title: CE + version: 1.0.0 +paths: {} +components: + schemas: + Arn: + description: Subscription ARN + type: string + pattern: ^arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:[-a-zA-Z0-9/:_]+$ + ResourceTag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + type: string + description: The key name for the tag. + pattern: ^(?!aws:).*$ + minLength: 1 + maxLength: 128 + Value: + type: string + description: The value for the tag. + minLength: 0 + maxLength: 256 + required: + - Key + - Value + AnomalyMonitor: + type: object + properties: + MonitorArn: + $ref: '#/components/schemas/Arn' + MonitorType: + type: string + enum: + - DIMENSIONAL + - CUSTOM + MonitorName: + description: The name of the monitor. + type: string + pattern: '[\S\s]*' + minLength: 0 + maxLength: 1024 + CreationDate: + description: 'The date when the monitor was created. ' + type: string + minLength: 0 + maxLength: 40 + pattern: (\d{4}-\d{2}-\d{2})(T\d{2}:\d{2}:\d{2}Z)? + LastEvaluatedDate: + description: The date when the monitor last evaluated for anomalies. + type: string + minLength: 0 + maxLength: 40 + pattern: (\d{4}-\d{2}-\d{2})(T\d{2}:\d{2}:\d{2}Z)?|(NOT_EVALUATED_YET) + LastUpdatedDate: + description: The date when the monitor was last updated. + type: string + minLength: 0 + maxLength: 40 + pattern: (\d{4}-\d{2}-\d{2})(T\d{2}:\d{2}:\d{2}Z)? + MonitorDimension: + description: The dimensions to evaluate + type: string + enum: + - SERVICE + MonitorSpecification: + type: string + DimensionalValueCount: + description: The value for evaluated dimensions. + type: integer + minimum: 0 + ResourceTags: + type: array + description: Tags to assign to monitor. + items: + $ref: '#/components/schemas/ResourceTag' + minItems: 0 + maxItems: 200 + x-insertionOrder: false + required: + - MonitorName + - MonitorType + x-stackql-resource-name: anomaly_monitor + description: AWS Cost Anomaly Detection leverages advanced Machine Learning technologies to identify anomalous spend and root causes, so you can quickly take action. You can use Cost Anomaly Detection by creating monitor. + x-type-name: AWS::CE::AnomalyMonitor + x-stackql-primary-identifier: + - MonitorArn + x-create-only-properties: + - MonitorType + - MonitorDimension + - MonitorSpecification + - ResourceTags + x-write-only-properties: + - ResourceTags + x-read-only-properties: + - MonitorArn + - CreationDate + - LastEvaluatedDate + - LastUpdatedDate + - DimensionalValueCount + x-required-properties: + - MonitorName + - MonitorType + x-required-permissions: + create: + - ce:CreateAnomalyMonitor + - ce:TagResource + read: + - ce:GetAnomalyMonitors + update: + - ce:UpdateAnomalyMonitor + delete: + - ce:DeleteAnomalyMonitor + list: + - ce:GetAnomalyMonitors + Subscriber: + type: object + properties: + Address: + type: string + pattern: (^[a-zA-Z0-9.!#$%&'*+=?^_‘{|}~-]+@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+$)|(^arn:(aws[a-zA-Z-]*):sns:[a-zA-Z0-9-]+:[0-9]{12}:[a-zA-Z0-9_-]+(\.fifo)?$) + Status: + type: string + enum: + - CONFIRMED + - DECLINED + Type: + type: string + enum: + - EMAIL + - SNS + required: + - Address + - Type + additionalProperties: false + AnomalySubscription: + type: object + properties: + SubscriptionArn: + $ref: '#/components/schemas/Arn' + SubscriptionName: + description: The name of the subscription. + type: string + pattern: '[\S\s]*' + minLength: 0 + maxLength: 1024 + AccountId: + description: The accountId + type: string + minLength: 0 + maxLength: 1024 + MonitorArnList: + description: A list of cost anomaly monitors. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Arn' + Subscribers: + description: A list of subscriber + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Subscriber' + Threshold: + description: 'The dollar value that triggers a notification if the threshold is exceeded. ' + type: number + minimum: 0 + ThresholdExpression: + description: An Expression object in JSON String format used to specify the anomalies that you want to generate alerts for. + type: string + Frequency: + description: 'The frequency at which anomaly reports are sent over email. ' + type: string + enum: + - DAILY + - IMMEDIATE + - WEEKLY + ResourceTags: + type: array + description: Tags to assign to subscription. + items: + $ref: '#/components/schemas/ResourceTag' + minItems: 0 + maxItems: 200 + x-insertionOrder: false + required: + - MonitorArnList + - Subscribers + - Frequency + - SubscriptionName + x-stackql-resource-name: anomaly_subscription + description: AWS Cost Anomaly Detection leverages advanced Machine Learning technologies to identify anomalous spend and root causes, so you can quickly take action. Create subscription to be notified + x-type-name: AWS::CE::AnomalySubscription + x-stackql-primary-identifier: + - SubscriptionArn + x-create-only-properties: + - ResourceTags + x-write-only-properties: + - ResourceTags + x-read-only-properties: + - SubscriptionArn + - AccountId + - Subscribers/*/Status + x-required-properties: + - MonitorArnList + - Subscribers + - Frequency + - SubscriptionName + x-required-permissions: + create: + - ce:CreateAnomalySubscription + - ce:TagResource + read: + - ce:GetAnomalySubscriptions + update: + - ce:UpdateAnomalySubscription + delete: + - ce:DeleteAnomalySubscription + list: + - ce:GetAnomalySubscriptions + ZonedDateTime: + description: ISO 8601 date time with offset format + type: string + pattern: ^\d{4}-\d\d-\d\dT\d\d:\d\d:\d\d(([+-]\d\d:\d\d)|Z)$ + minLength: 20 + maxLength: 25 + CostCategory: + type: object + properties: + Arn: + description: Cost category ARN + type: string + pattern: ^arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:[-a-zA-Z0-9/:_]+$ + EffectiveStart: + $ref: '#/components/schemas/ZonedDateTime' + Name: + type: string + minLength: 1 + maxLength: 50 + RuleVersion: + type: string + enum: + - CostCategoryExpression.v1 + Rules: + type: string + description: JSON array format of Expression in Billing and Cost Management API + SplitChargeRules: + type: string + description: Json array format of CostCategorySplitChargeRule in Billing and Cost Management API + DefaultValue: + type: string + description: The default value for the cost category + minLength: 1 + maxLength: 50 + required: + - Name + - RuleVersion + - Rules + x-stackql-resource-name: cost_category + description: Cost Category enables you to map your cost and usage into meaningful categories. You can use Cost Category to organize your costs using a rule-based engine. + x-type-name: AWS::CE::CostCategory + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + - EffectiveStart + x-required-properties: + - Name + - RuleVersion + - Rules + x-required-permissions: + create: + - ce:CreateCostCategoryDefinition + read: + - ce:DescribeCostCategoryDefinition + update: + - ce:UpdateCostCategoryDefinition + delete: + - ce:DeleteCostCategoryDefinition + list: + - ce:ListCostCategoryDefinitions + x-stackQL-resources: + anomaly_monitors: + name: anomaly_monitors + id: aws.ce.anomaly_monitors + x-cfn-schema-name: AnomalyMonitor + x-type: list + x-identifiers: + - MonitorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.MonitorArn') as monitor_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CE::AnomalyMonitor' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'MonitorArn') as monitor_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CE::AnomalyMonitor' + AND region = 'us-east-1' + anomaly_monitor: + name: anomaly_monitor + id: aws.ce.anomaly_monitor + x-cfn-schema-name: AnomalyMonitor + x-type: get + x-identifiers: + - MonitorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.MonitorArn') as monitor_arn, + JSON_EXTRACT(Properties, '$.MonitorType') as monitor_type, + JSON_EXTRACT(Properties, '$.MonitorName') as monitor_name, + JSON_EXTRACT(Properties, '$.CreationDate') as creation_date, + JSON_EXTRACT(Properties, '$.LastEvaluatedDate') as last_evaluated_date, + JSON_EXTRACT(Properties, '$.LastUpdatedDate') as last_updated_date, + JSON_EXTRACT(Properties, '$.MonitorDimension') as monitor_dimension, + JSON_EXTRACT(Properties, '$.MonitorSpecification') as monitor_specification, + JSON_EXTRACT(Properties, '$.DimensionalValueCount') as dimensional_value_count, + JSON_EXTRACT(Properties, '$.ResourceTags') as resource_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CE::AnomalyMonitor' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'MonitorArn') as monitor_arn, + json_extract_path_text(Properties, 'MonitorType') as monitor_type, + json_extract_path_text(Properties, 'MonitorName') as monitor_name, + json_extract_path_text(Properties, 'CreationDate') as creation_date, + json_extract_path_text(Properties, 'LastEvaluatedDate') as last_evaluated_date, + json_extract_path_text(Properties, 'LastUpdatedDate') as last_updated_date, + json_extract_path_text(Properties, 'MonitorDimension') as monitor_dimension, + json_extract_path_text(Properties, 'MonitorSpecification') as monitor_specification, + json_extract_path_text(Properties, 'DimensionalValueCount') as dimensional_value_count, + json_extract_path_text(Properties, 'ResourceTags') as resource_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CE::AnomalyMonitor' + AND data__Identifier = '' + AND region = 'us-east-1' + anomaly_subscriptions: + name: anomaly_subscriptions + id: aws.ce.anomaly_subscriptions + x-cfn-schema-name: AnomalySubscription + x-type: list + x-identifiers: + - SubscriptionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SubscriptionArn') as subscription_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CE::AnomalySubscription' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SubscriptionArn') as subscription_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CE::AnomalySubscription' + AND region = 'us-east-1' + anomaly_subscription: + name: anomaly_subscription + id: aws.ce.anomaly_subscription + x-cfn-schema-name: AnomalySubscription + x-type: get + x-identifiers: + - SubscriptionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SubscriptionArn') as subscription_arn, + JSON_EXTRACT(Properties, '$.SubscriptionName') as subscription_name, + JSON_EXTRACT(Properties, '$.AccountId') as account_id, + JSON_EXTRACT(Properties, '$.MonitorArnList') as monitor_arn_list, + JSON_EXTRACT(Properties, '$.Subscribers') as subscribers, + JSON_EXTRACT(Properties, '$.Threshold') as threshold, + JSON_EXTRACT(Properties, '$.ThresholdExpression') as threshold_expression, + JSON_EXTRACT(Properties, '$.Frequency') as frequency, + JSON_EXTRACT(Properties, '$.ResourceTags') as resource_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CE::AnomalySubscription' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SubscriptionArn') as subscription_arn, + json_extract_path_text(Properties, 'SubscriptionName') as subscription_name, + json_extract_path_text(Properties, 'AccountId') as account_id, + json_extract_path_text(Properties, 'MonitorArnList') as monitor_arn_list, + json_extract_path_text(Properties, 'Subscribers') as subscribers, + json_extract_path_text(Properties, 'Threshold') as threshold, + json_extract_path_text(Properties, 'ThresholdExpression') as threshold_expression, + json_extract_path_text(Properties, 'Frequency') as frequency, + json_extract_path_text(Properties, 'ResourceTags') as resource_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CE::AnomalySubscription' + AND data__Identifier = '' + AND region = 'us-east-1' + cost_categories: + name: cost_categories + id: aws.ce.cost_categories + x-cfn-schema-name: CostCategory + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CE::CostCategory' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CE::CostCategory' + AND region = 'us-east-1' + cost_category: + name: cost_category + id: aws.ce.cost_category + x-cfn-schema-name: CostCategory + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.EffectiveStart') as effective_start, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RuleVersion') as rule_version, + JSON_EXTRACT(Properties, '$.Rules') as rules, + JSON_EXTRACT(Properties, '$.SplitChargeRules') as split_charge_rules, + JSON_EXTRACT(Properties, '$.DefaultValue') as default_value + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CE::CostCategory' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'EffectiveStart') as effective_start, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RuleVersion') as rule_version, + json_extract_path_text(Properties, 'Rules') as rules, + json_extract_path_text(Properties, 'SplitChargeRules') as split_charge_rules, + json_extract_path_text(Properties, 'DefaultValue') as default_value + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CE::CostCategory' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/certificatemanager.yaml b/providers/src/aws/v00.00.00000/services/certificatemanager.yaml new file mode 100644 index 00000000..5c52453c --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/certificatemanager.yaml @@ -0,0 +1,79 @@ +openapi: 3.0.0 +info: + title: CertificateManager + version: 1.0.0 +paths: {} +components: + schemas: + ExpiryEventsConfiguration: + type: object + additionalProperties: false + properties: + DaysBeforeExpiry: + type: integer + minimum: 1 + maximum: 45 + AccountId: + type: string + Account: + type: object + properties: + ExpiryEventsConfiguration: + $ref: '#/components/schemas/ExpiryEventsConfiguration' + AccountId: + $ref: '#/components/schemas/AccountId' + required: + - ExpiryEventsConfiguration + x-stackql-resource-name: account + description: Resource schema for AWS::CertificateManager::Account. + x-type-name: AWS::CertificateManager::Account + x-stackql-primary-identifier: + - AccountId + x-read-only-properties: + - AccountId + x-required-properties: + - ExpiryEventsConfiguration + x-required-permissions: + create: + - acm:GetAccountConfiguration + - acm:PutAccountConfiguration + read: + - acm:GetAccountConfiguration + update: + - acm:GetAccountConfiguration + - acm:PutAccountConfiguration + delete: + - acm:GetAccountConfiguration + - acm:PutAccountConfiguration + x-stackQL-resources: + account: + name: account + id: aws.certificatemanager.account + x-cfn-schema-name: Account + x-type: get + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ExpiryEventsConfiguration') as expiry_events_configuration, + JSON_EXTRACT(Properties, '$.AccountId') as account_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CertificateManager::Account' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ExpiryEventsConfiguration') as expiry_events_configuration, + json_extract_path_text(Properties, 'AccountId') as account_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CertificateManager::Account' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/chatbot.yaml b/providers/src/aws/v00.00.00000/services/chatbot.yaml new file mode 100644 index 00000000..87814eb5 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/chatbot.yaml @@ -0,0 +1,334 @@ +openapi: 3.0.0 +info: + title: Chatbot + version: 1.0.0 +paths: {} +components: + schemas: + MicrosoftTeamsChannelConfiguration: + type: object + properties: + TeamId: + description: The id of the Microsoft Teams team + type: string + pattern: ^[0-9A-Fa-f]{8}(?:-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12}$ + minLength: 36 + maxLength: 36 + TeamsChannelId: + description: The id of the Microsoft Teams channel + type: string + pattern: ^([a-zA-Z0-9-_=+/.,])*%3[aA]([a-zA-Z0-9-_=+/.,])*%40([a-zA-Z0-9-_=+/.,])*$ + minLength: 1 + maxLength: 256 + TeamsTenantId: + description: The id of the Microsoft Teams tenant + type: string + pattern: ^[0-9A-Fa-f]{8}(?:-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12}$ + minLength: 36 + maxLength: 36 + ConfigurationName: + description: The name of the configuration + type: string + pattern: ^[A-Za-z0-9-_]+$ + minLength: 1 + maxLength: 128 + IamRoleArn: + description: The ARN of the IAM role that defines the permissions for AWS Chatbot + type: string + pattern: ^arn:(aws[a-zA-Z-]*)?:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ + SnsTopicArns: + description: ARNs of SNS topics which delivers notifications to AWS Chatbot, for example CloudWatch alarm notifications. + type: array + x-insertionOrder: false + items: + type: string + pattern: ^arn:(aws[a-zA-Z-]*)?:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ + LoggingLevel: + description: Specifies the logging level for this configuration:ERROR,INFO or NONE. This property affects the log entries pushed to Amazon CloudWatch logs + type: string + pattern: ^(ERROR|INFO|NONE)$ + default: NONE + Arn: + description: Amazon Resource Name (ARN) of the configuration + type: string + pattern: ^arn:(aws[a-zA-Z-]*)?:chatbot:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ + GuardrailPolicies: + description: The list of IAM policy ARNs that are applied as channel guardrails. The AWS managed 'AdministratorAccess' policy is applied as a default if this is not set. + type: array + x-insertionOrder: false + items: + type: string + pattern: ^(^$|arn:aws:iam:[A-Za-z0-9_\/.-]{0,63}:[A-Za-z0-9_\/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_\/+=,@.-]{0,1023})$ + UserRoleRequired: + description: Enables use of a user role requirement in your chat configuration + type: boolean + default: false + required: + - TeamId + - TeamsChannelId + - TeamsTenantId + - ConfigurationName + - IamRoleArn + x-stackql-resource-name: microsoft_teams_channel_configuration + description: Resource schema for AWS::Chatbot::MicrosoftTeamsChannelConfiguration. + x-type-name: AWS::Chatbot::MicrosoftTeamsChannelConfiguration + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - TeamId + - TeamsTenantId + - ConfigurationName + x-read-only-properties: + - Arn + x-required-properties: + - TeamId + - TeamsChannelId + - TeamsTenantId + - ConfigurationName + - IamRoleArn + x-tagging: + taggable: false + x-required-permissions: + create: + - chatbot:CreateMicrosoftTeamsChannelConfiguration + - iam:PassRole + - iam:CreateServiceLinkedRole + read: + - chatbot:GetMicrosoftTeamsChannelConfiguration + update: + - chatbot:UpdateMicrosoftTeamsChannelConfiguration + - iam:PassRole + delete: + - chatbot:GetMicrosoftTeamsChannelConfiguration + - chatbot:DeleteMicrosoftTeamsChannelConfiguration + list: + - chatbot:ListMicrosoftTeamsChannelConfigurations + SlackChannelConfiguration: + type: object + properties: + SlackWorkspaceId: + description: The id of the Slack workspace + type: string + pattern: ^[0-9A-Z]{1,255}$ + minLength: 1 + maxLength: 256 + SlackChannelId: + description: The id of the Slack channel + type: string + pattern: ^[A-Za-z0-9]+$ + minLength: 1 + maxLength: 256 + ConfigurationName: + description: The name of the configuration + type: string + pattern: ^[A-Za-z0-9-_]+$ + minLength: 1 + maxLength: 128 + IamRoleArn: + description: The ARN of the IAM role that defines the permissions for AWS Chatbot + type: string + pattern: ^arn:(aws[a-zA-Z-]*)?:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ + SnsTopicArns: + description: ARNs of SNS topics which delivers notifications to AWS Chatbot, for example CloudWatch alarm notifications. + type: array + x-insertionOrder: false + items: + type: string + pattern: ^arn:(aws[a-zA-Z-]*)?:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ + LoggingLevel: + description: Specifies the logging level for this configuration:ERROR,INFO or NONE. This property affects the log entries pushed to Amazon CloudWatch logs + type: string + pattern: ^(ERROR|INFO|NONE)$ + default: NONE + Arn: + description: Amazon Resource Name (ARN) of the configuration + type: string + pattern: ^arn:(aws[a-zA-Z-]*)?:chatbot:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ + GuardrailPolicies: + description: The list of IAM policy ARNs that are applied as channel guardrails. The AWS managed 'AdministratorAccess' policy is applied as a default if this is not set. + type: array + x-insertionOrder: false + items: + type: string + pattern: ^(^$|arn:aws:iam:[A-Za-z0-9_\/.-]{0,63}:[A-Za-z0-9_\/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_\/+=,@.-]{0,1023})$ + UserRoleRequired: + description: Enables use of a user role requirement in your chat configuration + type: boolean + default: false + required: + - SlackWorkspaceId + - SlackChannelId + - ConfigurationName + - IamRoleArn + x-stackql-resource-name: slack_channel_configuration + description: Resource schema for AWS::Chatbot::SlackChannelConfiguration. + x-type-name: AWS::Chatbot::SlackChannelConfiguration + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - SlackWorkspaceId + - ConfigurationName + x-read-only-properties: + - Arn + x-required-properties: + - SlackWorkspaceId + - SlackChannelId + - ConfigurationName + - IamRoleArn + x-required-permissions: + create: + - chatbot:CreateSlackChannelConfiguration + - iam:PassRole + - iam:CreateServiceLinkedRole + read: + - chatbot:DescribeSlackChannelConfigurations + update: + - chatbot:UpdateSlackChannelConfiguration + - iam:PassRole + delete: + - chatbot:DeleteSlackChannelConfiguration + list: + - chatbot:DescribeSlackChannelConfigurations + x-stackQL-resources: + microsoft_teams_channel_configurations: + name: microsoft_teams_channel_configurations + id: aws.chatbot.microsoft_teams_channel_configurations + x-cfn-schema-name: MicrosoftTeamsChannelConfiguration + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Chatbot::MicrosoftTeamsChannelConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Chatbot::MicrosoftTeamsChannelConfiguration' + AND region = 'us-east-1' + microsoft_teams_channel_configuration: + name: microsoft_teams_channel_configuration + id: aws.chatbot.microsoft_teams_channel_configuration + x-cfn-schema-name: MicrosoftTeamsChannelConfiguration + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TeamId') as team_id, + JSON_EXTRACT(Properties, '$.TeamsChannelId') as teams_channel_id, + JSON_EXTRACT(Properties, '$.TeamsTenantId') as teams_tenant_id, + JSON_EXTRACT(Properties, '$.ConfigurationName') as configuration_name, + JSON_EXTRACT(Properties, '$.IamRoleArn') as iam_role_arn, + JSON_EXTRACT(Properties, '$.SnsTopicArns') as sns_topic_arns, + JSON_EXTRACT(Properties, '$.LoggingLevel') as logging_level, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.GuardrailPolicies') as guardrail_policies, + JSON_EXTRACT(Properties, '$.UserRoleRequired') as user_role_required + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Chatbot::MicrosoftTeamsChannelConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TeamId') as team_id, + json_extract_path_text(Properties, 'TeamsChannelId') as teams_channel_id, + json_extract_path_text(Properties, 'TeamsTenantId') as teams_tenant_id, + json_extract_path_text(Properties, 'ConfigurationName') as configuration_name, + json_extract_path_text(Properties, 'IamRoleArn') as iam_role_arn, + json_extract_path_text(Properties, 'SnsTopicArns') as sns_topic_arns, + json_extract_path_text(Properties, 'LoggingLevel') as logging_level, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'GuardrailPolicies') as guardrail_policies, + json_extract_path_text(Properties, 'UserRoleRequired') as user_role_required + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Chatbot::MicrosoftTeamsChannelConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + slack_channel_configurations: + name: slack_channel_configurations + id: aws.chatbot.slack_channel_configurations + x-cfn-schema-name: SlackChannelConfiguration + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Chatbot::SlackChannelConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Chatbot::SlackChannelConfiguration' + AND region = 'us-east-1' + slack_channel_configuration: + name: slack_channel_configuration + id: aws.chatbot.slack_channel_configuration + x-cfn-schema-name: SlackChannelConfiguration + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SlackWorkspaceId') as slack_workspace_id, + JSON_EXTRACT(Properties, '$.SlackChannelId') as slack_channel_id, + JSON_EXTRACT(Properties, '$.ConfigurationName') as configuration_name, + JSON_EXTRACT(Properties, '$.IamRoleArn') as iam_role_arn, + JSON_EXTRACT(Properties, '$.SnsTopicArns') as sns_topic_arns, + JSON_EXTRACT(Properties, '$.LoggingLevel') as logging_level, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.GuardrailPolicies') as guardrail_policies, + JSON_EXTRACT(Properties, '$.UserRoleRequired') as user_role_required + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Chatbot::SlackChannelConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SlackWorkspaceId') as slack_workspace_id, + json_extract_path_text(Properties, 'SlackChannelId') as slack_channel_id, + json_extract_path_text(Properties, 'ConfigurationName') as configuration_name, + json_extract_path_text(Properties, 'IamRoleArn') as iam_role_arn, + json_extract_path_text(Properties, 'SnsTopicArns') as sns_topic_arns, + json_extract_path_text(Properties, 'LoggingLevel') as logging_level, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'GuardrailPolicies') as guardrail_policies, + json_extract_path_text(Properties, 'UserRoleRequired') as user_role_required + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Chatbot::SlackChannelConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/cleanrooms.yaml b/providers/src/aws/v00.00.00000/services/cleanrooms.yaml new file mode 100644 index 00000000..406209c8 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/cleanrooms.yaml @@ -0,0 +1,1648 @@ +openapi: 3.0.0 +info: + title: CleanRooms + version: 1.0.0 +paths: {} +components: + schemas: + AnalysisParameter: + type: object + additionalProperties: false + properties: + DefaultValue: + type: string + minLength: 0 + maxLength: 250 + Name: + type: string + minLength: 1 + maxLength: 100 + pattern: '[0-9a-zA-Z_]+' + Type: + type: string + enum: + - SMALLINT + - INTEGER + - BIGINT + - DECIMAL + - REAL + - DOUBLE_PRECISION + - BOOLEAN + - CHAR + - VARCHAR + - DATE + - TIMESTAMP + - TIMESTAMPTZ + - TIME + - TIMETZ + - VARBYTE + required: + - Name + - Type + TableName: + type: string + maxLength: 128 + pattern: ^[a-zA-Z0-9_](([a-zA-Z0-9_ ]+-)*([a-zA-Z0-9_ ]+))?$ + ReferencedTables: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/TableName' + minItems: 0 + AnalysisSchema: + type: object + additionalProperties: false + properties: + ReferencedTables: + $ref: '#/components/schemas/ReferencedTables' + required: + - ReferencedTables + AnalysisSource: + type: object + additionalProperties: false + properties: + Text: + type: string + minLength: 0 + maxLength: 15000 + required: + - Text + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 1 + maxLength: 256 + required: + - Value + - Key + AnalysisTemplate: + type: object + properties: + Arn: + type: string + maxLength: 200 + CollaborationArn: + type: string + maxLength: 100 + CollaborationIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + Tags: + description: An arbitrary set of tags (key-value pairs) for this cleanrooms analysis template. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + type: array + AnalysisParameters: + description: The member who can query can provide this placeholder for a literal data value in an analysis template + x-insertionOrder: false + items: + $ref: '#/components/schemas/AnalysisParameter' + type: array + minItems: 0 + maxItems: 10 + AnalysisTemplateIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + Description: + type: string + maxLength: 255 + pattern: ^[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ + MembershipArn: + type: string + maxLength: 100 + MembershipIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + Name: + type: string + maxLength: 128 + pattern: ^[a-zA-Z0-9_](([a-zA-Z0-9_ ]+-)*([a-zA-Z0-9_ ]+))?$ + Schema: + $ref: '#/components/schemas/AnalysisSchema' + Source: + $ref: '#/components/schemas/AnalysisSource' + Format: + type: string + enum: + - SQL + required: + - Source + - Format + - Name + - MembershipIdentifier + x-stackql-resource-name: analysis_template + description: Represents a stored analysis within a collaboration + x-type-name: AWS::CleanRooms::AnalysisTemplate + x-stackql-primary-identifier: + - AnalysisTemplateIdentifier + - MembershipIdentifier + x-create-only-properties: + - Name + - MembershipIdentifier + - Source + - Source/Text + - Format + - AnalysisParameters + - AnalysisParameters/Name + - AnalysisParameters/Type + - AnalysisParameters/DefaultValue + x-read-only-properties: + - CollaborationArn + - CollaborationIdentifier + - AnalysisTemplateIdentifier + - Schema + - Arn + - MembershipArn + x-required-properties: + - Source + - Format + - Name + - MembershipIdentifier + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - cleanrooms:CreateAnalysisTemplate + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:GetAnalysisTemplate + - cleanrooms:ListAnalysisTemplates + read: + - cleanrooms:GetAnalysisTemplate + - cleanrooms:ListTagsForResource + update: + - cleanrooms:UpdateAnalysisTemplate + - cleanrooms:GetAnalysisTemplate + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:UntagResource + delete: + - cleanrooms:DeleteAnalysisTemplate + - cleanrooms:GetAnalysisTemplate + - cleanrooms:ListAnalysisTemplates + - cleanrooms:ListTagsForResource + - cleanrooms:UntagResource + list: + - cleanrooms:ListAnalysisTemplates + CollaborationQueryLogStatus: + type: string + enum: + - ENABLED + - DISABLED + DataEncryptionMetadata: + type: object + properties: + AllowCleartext: + type: boolean + AllowDuplicates: + type: boolean + AllowJoinsOnColumnsWithDifferentNames: + type: boolean + PreserveNulls: + type: boolean + required: + - AllowCleartext + - AllowDuplicates + - AllowJoinsOnColumnsWithDifferentNames + - PreserveNulls + additionalProperties: false + MemberAbility: + type: string + enum: + - CAN_QUERY + - CAN_RECEIVE_RESULTS + MemberAbilities: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/MemberAbility' + uniqueItems: true + MemberSpecification: + type: object + properties: + AccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^\d+$ + MemberAbilities: + $ref: '#/components/schemas/MemberAbilities' + DisplayName: + $ref: '#/components/schemas/Name' + PaymentConfiguration: + $ref: '#/components/schemas/PaymentConfiguration' + required: + - AccountId + - DisplayName + - MemberAbilities + additionalProperties: false + MemberStatus: + type: string + enum: + - INVITED + - ACTIVE + - LEFT + - REMOVED + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^(?!\s*$)[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t]*$ + PaymentConfiguration: + type: object + additionalProperties: false + properties: + QueryCompute: + $ref: '#/components/schemas/QueryComputePaymentConfig' + required: + - QueryCompute + QueryComputePaymentConfig: + type: object + additionalProperties: false + properties: + IsResponsible: + type: boolean + required: + - IsResponsible + Collaboration: + type: object + properties: + Arn: + type: string + maxLength: 100 + Tags: + description: An arbitrary set of tags (key-value pairs) for this cleanrooms collaboration. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + uniqueItems: true + type: array + CollaborationIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + CreatorDisplayName: + $ref: '#/components/schemas/Name' + CreatorMemberAbilities: + $ref: '#/components/schemas/MemberAbilities' + DataEncryptionMetadata: + $ref: '#/components/schemas/DataEncryptionMetadata' + Description: + type: string + maxLength: 255 + minLength: 1 + pattern: ^(?!\s*$)[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ + Members: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/MemberSpecification' + maxItems: 9 + minItems: 0 + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^(?!\s*$)[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t]*$ + QueryLogStatus: + $ref: '#/components/schemas/CollaborationQueryLogStatus' + CreatorPaymentConfiguration: + $ref: '#/components/schemas/PaymentConfiguration' + required: + - CreatorDisplayName + - CreatorMemberAbilities + - Members + - Name + - Description + - QueryLogStatus + x-stackql-resource-name: collaboration + description: Represents a collaboration between AWS accounts that allows for secure data collaboration + x-type-name: AWS::CleanRooms::Collaboration + x-documentation-url: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cleanrooms-collaboration.html + x-stackql-primary-identifier: + - CollaborationIdentifier + x-create-only-properties: + - CreatorDisplayName + - CreatorMemberAbilities + - DataEncryptionMetadata + - QueryLogStatus + - Members + - CreatorPaymentConfiguration + x-read-only-properties: + - Arn + - CollaborationIdentifier + x-required-properties: + - CreatorDisplayName + - CreatorMemberAbilities + - Members + - Name + - Description + - QueryLogStatus + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - cleanrooms:CreateCollaboration + - cleanrooms:GetCollaboration + - cleanrooms:ListMembers + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:GetCollaboration + - cleanrooms:ListCollaborations + read: + - cleanrooms:GetCollaboration + - cleanrooms:ListMembers + - cleanrooms:ListTagsForResource + update: + - cleanrooms:UpdateCollaboration + - cleanrooms:GetCollaboration + - cleanrooms:ListMembers + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:UntagResource + delete: + - cleanrooms:DeleteCollaboration + - cleanrooms:GetCollaboration + - cleanrooms:ListTagsForResource + - cleanrooms:UntagResource + - cleanrooms:ListMembers + - cleanrooms:ListCollaborations + list: + - cleanrooms:ListCollaborations + AnalysisRuleColumnName: + type: string + maxLength: 127 + minLength: 1 + pattern: ^[a-z0-9_](([a-z0-9_ ]+-)*([a-z0-9_ ]+))?$ + AggregateColumn: + type: object + properties: + ColumnNames: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AnalysisRuleColumnName' + minItems: 1 + Function: + $ref: '#/components/schemas/AggregateFunctionName' + required: + - ColumnNames + - Function + additionalProperties: false + AggregateFunctionName: + type: string + enum: + - SUM + - SUM_DISTINCT + - COUNT + - COUNT_DISTINCT + - AVG + AggregationConstraint: + type: object + properties: + ColumnName: + $ref: '#/components/schemas/AnalysisRuleColumnName' + Minimum: + type: number + minimum: 2 + maximum: 100000 + Type: + $ref: '#/components/schemas/AggregationType' + required: + - ColumnName + - Minimum + - Type + additionalProperties: false + AggregationType: + type: string + enum: + - COUNT_DISTINCT + JoinOperator: + type: string + enum: + - OR + - AND + AnalysisMethod: + type: string + enum: + - DIRECT_QUERY + JoinRequiredOption: + type: string + enum: + - QUERY_RUNNER + ScalarFunctions: + type: string + enum: + - TRUNC + - ABS + - CEILING + - FLOOR + - LN + - LOG + - ROUND + - SQRT + - CAST + - LOWER + - RTRIM + - UPPER + - COALESCE + - CONVERT + - CURRENT_DATE + - DATEADD + - EXTRACT + - GETDATE + - SUBSTRING + - TO_CHAR + - TO_DATE + - TO_NUMBER + - TO_TIMESTAMP + - TRIM + AnalysisRuleAggregation: + type: object + properties: + AggregateColumns: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AggregateColumn' + minItems: 1 + JoinColumns: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AnalysisRuleColumnName' + AllowedJoinOperators: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/JoinOperator' + maxItems: 2 + JoinRequired: + $ref: '#/components/schemas/JoinRequiredOption' + DimensionColumns: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AnalysisRuleColumnName' + ScalarFunctions: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ScalarFunctions' + OutputConstraints: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AggregationConstraint' + minItems: 1 + required: + - AggregateColumns + - JoinColumns + - DimensionColumns + - ScalarFunctions + - OutputConstraints + additionalProperties: false + AnalysisRuleList: + type: object + properties: + JoinColumns: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AnalysisRuleColumnName' + minItems: 1 + AllowedJoinOperators: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/JoinOperator' + maxItems: 2 + ListColumns: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AnalysisRuleColumnName' + required: + - JoinColumns + - ListColumns + additionalProperties: false + AllowedAnalysis: + type: string + minLength: 0 + maxLength: 200 + pattern: (ANY_QUERY|arn:[\w]{3}:cleanrooms:[\w]{2}-[\w]{4,9}-[\d]:[\d]{12}:membership/[\d\w-]+/analysistemplate/[\d\w-]+) + AllowedAnalyses: + type: array + x-insertionOrder: false + minItems: 0 + items: + $ref: '#/components/schemas/AllowedAnalysis' + AllowedAnalysisProvider: + type: string + minLength: 12 + maxLength: 12 + pattern: \d+ + AllowedAnalysisProviders: + type: array + x-insertionOrder: false + minItems: 0 + items: + $ref: '#/components/schemas/AllowedAnalysisProvider' + DifferentialPrivacyColumn: + type: object + properties: + Name: + type: string + required: + - Name + additionalProperties: false + DifferentialPrivacy: + type: object + properties: + Columns: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/DifferentialPrivacyColumn' + minItems: 1 + required: + - Columns + additionalProperties: false + AnalysisRuleCustom: + type: object + properties: + AllowedAnalyses: + $ref: '#/components/schemas/AllowedAnalyses' + AllowedAnalysisProviders: + $ref: '#/components/schemas/AllowedAnalysisProviders' + DifferentialPrivacy: + $ref: '#/components/schemas/DifferentialPrivacy' + required: + - AllowedAnalyses + additionalProperties: false + ConfiguredTableAnalysisRulePolicy: + type: object + x-title: V1 + properties: + V1: + $ref: '#/components/schemas/ConfiguredTableAnalysisRulePolicyV1' + required: + - V1 + additionalProperties: false + ConfiguredTableAnalysisRulePolicyV1: + oneOf: + - type: object + title: List + properties: + List: + $ref: '#/components/schemas/AnalysisRuleList' + required: + - List + additionalProperties: false + - type: object + title: Aggregation + properties: + Aggregation: + $ref: '#/components/schemas/AnalysisRuleAggregation' + required: + - Aggregation + additionalProperties: false + - type: object + title: Custom + properties: + Custom: + $ref: '#/components/schemas/AnalysisRuleCustom' + required: + - Custom + additionalProperties: false + ConfiguredTableAnalysisRuleType: + type: string + enum: + - AGGREGATION + - LIST + - CUSTOM + GlueTableReference: + type: object + properties: + TableName: + type: string + maxLength: 128 + pattern: ^[a-zA-Z0-9_](([a-zA-Z0-9_ ]+-)*([a-zA-Z0-9_ ]+))?$ + DatabaseName: + type: string + maxLength: 128 + pattern: ^[a-zA-Z0-9_](([a-zA-Z0-9_ ]+-)*([a-zA-Z0-9_ ]+))?$ + required: + - DatabaseName + - TableName + additionalProperties: false + AnalysisRule: + type: object + properties: + Type: + $ref: '#/components/schemas/ConfiguredTableAnalysisRuleType' + Policy: + $ref: '#/components/schemas/ConfiguredTableAnalysisRulePolicy' + required: + - Type + - Policy + additionalProperties: false + TableReference: + type: object + x-title: Glue + properties: + Glue: + $ref: '#/components/schemas/GlueTableReference' + required: + - Glue + additionalProperties: false + ConfiguredTable: + type: object + properties: + Arn: + type: string + maxLength: 100 + Tags: + description: An arbitrary set of tags (key-value pairs) for this cleanrooms collaboration. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + uniqueItems: true + type: array + AllowedColumns: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 128 + pattern: ^[a-z0-9_](([a-z0-9_ ]+-)*([a-z0-9_ ]+))?$ + maxItems: 100 + minItems: 1 + AnalysisMethod: + $ref: '#/components/schemas/AnalysisMethod' + ConfiguredTableIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + Description: + type: string + maxLength: 255 + pattern: ^[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^(?!\s*$)[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t]*$ + AnalysisRules: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AnalysisRule' + maxItems: 1 + minItems: 1 + TableReference: + $ref: '#/components/schemas/TableReference' + required: + - AllowedColumns + - AnalysisMethod + - Name + - TableReference + x-stackql-resource-name: configured_table + description: Represents a table that can be associated with collaborations + x-type-name: AWS::CleanRooms::ConfiguredTable + x-stackql-primary-identifier: + - ConfiguredTableIdentifier + x-create-only-properties: + - AllowedColumns + - AnalysisMethod + - TableReference + x-read-only-properties: + - Arn + - ConfiguredTableIdentifier + x-required-properties: + - AllowedColumns + - AnalysisMethod + - Name + - TableReference + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - cleanrooms:CreateConfiguredTable + - cleanrooms:DeleteConfiguredTable + - cleanrooms:DeleteConfiguredTableAnalysisRule + - cleanrooms:CreateConfiguredTableAnalysisRule + - cleanrooms:GetConfiguredTable + - cleanrooms:GetConfiguredTableAnalysisRule + - glue:GetDatabase + - glue:GetDatabases + - glue:GetTable + - glue:GetTables + - glue:GetPartition + - glue:GetPartitions + - glue:BatchGetPartition + - glue:GetSchemaVersion + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:ListConfiguredTables + read: + - cleanrooms:GetConfiguredTable + - cleanrooms:GetConfiguredTableAnalysisRule + - cleanrooms:ListTagsForResource + update: + - cleanrooms:UpdateConfiguredTable + - cleanrooms:GetConfiguredTable + - cleanrooms:CreateConfiguredTableAnalysisRule + - cleanrooms:UpdateConfiguredTableAnalysisRule + - cleanrooms:GetConfiguredTableAnalysisRule + - cleanrooms:DeleteConfiguredTableAnalysisRule + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:UntagResource + - glue:GetDatabase + - glue:GetDatabases + - glue:GetTable + - glue:GetTables + - glue:GetPartition + - glue:GetPartitions + - glue:BatchGetPartition + - glue:GetSchemaVersion + delete: + - cleanrooms:DeleteConfiguredTable + - cleanrooms:GetConfiguredTable + - cleanrooms:ListConfiguredTables + - cleanrooms:GetConfiguredTableAnalysisRule + - cleanrooms:DeleteConfiguredTableAnalysisRule + - cleanrooms:ListTagsForResource + - cleanrooms:UntagResource + - glue:GetDatabase + - glue:GetDatabases + - glue:GetTable + - glue:GetTables + - glue:GetPartition + - glue:GetPartitions + - glue:BatchGetPartition + - glue:GetSchemaVersion + list: + - cleanrooms:ListConfiguredTables + ConfiguredTableAssociation: + type: object + properties: + Arn: + type: string + maxLength: 100 + Tags: + description: An arbitrary set of tags (key-value pairs) for this cleanrooms collaboration. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + type: array + ConfiguredTableAssociationIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + ConfiguredTableIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + Description: + type: string + maxLength: 255 + pattern: ^[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ + MembershipIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + Name: + type: string + maxLength: 128 + pattern: ^[a-zA-Z0-9_](([a-zA-Z0-9_ ]+-)*([a-zA-Z0-9_ ]+))?$ + RoleArn: + type: string + maxLength: 512 + minLength: 32 + required: + - ConfiguredTableIdentifier + - Name + - RoleArn + - MembershipIdentifier + x-stackql-resource-name: configured_table_association + description: Represents a table that can be queried within a collaboration + x-type-name: AWS::CleanRooms::ConfiguredTableAssociation + x-stackql-primary-identifier: + - ConfiguredTableAssociationIdentifier + - MembershipIdentifier + x-create-only-properties: + - ConfiguredTableIdentifier + - Name + - MembershipIdentifier + x-read-only-properties: + - ConfiguredTableAssociationIdentifier + - Arn + x-required-properties: + - ConfiguredTableIdentifier + - Name + - RoleArn + - MembershipIdentifier + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - cleanrooms:CreateConfiguredTableAssociation + - iam:PassRole + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:GetConfiguredTableAssociation + - cleanrooms:ListConfiguredTableAssociations + read: + - cleanrooms:GetConfiguredTableAssociation + - cleanrooms:ListTagsForResource + update: + - cleanrooms:UpdateConfiguredTableAssociation + - cleanrooms:GetConfiguredTableAssociation + - iam:PassRole + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:UntagResource + delete: + - cleanrooms:DeleteConfiguredTableAssociation + - cleanrooms:GetConfiguredTableAssociation + - cleanrooms:ListConfiguredTableAssociations + - cleanrooms:ListTagsForResource + - cleanrooms:UntagResource + list: + - cleanrooms:ListConfiguredTableAssociations + MembershipQueryLogStatus: + type: string + enum: + - ENABLED + - DISABLED + MembershipStatus: + type: string + enum: + - ACTIVE + - REMOVED + - COLLABORATION_DELETED + ResultFormat: + type: string + enum: + - CSV + - PARQUET + ProtectedQueryS3OutputConfiguration: + type: object + additionalProperties: false + properties: + ResultFormat: + $ref: '#/components/schemas/ResultFormat' + Bucket: + type: string + minLength: 3 + maxLength: 63 + KeyPrefix: + type: string + required: + - ResultFormat + - Bucket + MembershipProtectedQueryOutputConfiguration: + type: object + additionalProperties: false + properties: + S3: + $ref: '#/components/schemas/ProtectedQueryS3OutputConfiguration' + required: + - S3 + MembershipProtectedQueryResultConfiguration: + type: object + additionalProperties: false + properties: + OutputConfiguration: + $ref: '#/components/schemas/MembershipProtectedQueryOutputConfiguration' + RoleArn: + type: string + minLength: 32 + maxLength: 512 + required: + - OutputConfiguration + MembershipPaymentConfiguration: + type: object + additionalProperties: false + properties: + QueryCompute: + $ref: '#/components/schemas/MembershipQueryComputePaymentConfig' + required: + - QueryCompute + MembershipQueryComputePaymentConfig: + type: object + additionalProperties: false + properties: + IsResponsible: + type: boolean + required: + - IsResponsible + Membership: + type: object + properties: + Arn: + type: string + maxLength: 100 + Tags: + description: An arbitrary set of tags (key-value pairs) for this cleanrooms membership. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + uniqueItems: true + type: array + CollaborationArn: + type: string + maxLength: 100 + CollaborationCreatorAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^\d+$ + CollaborationIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + MembershipIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + QueryLogStatus: + $ref: '#/components/schemas/MembershipQueryLogStatus' + DefaultResultConfiguration: + $ref: '#/components/schemas/MembershipProtectedQueryResultConfiguration' + PaymentConfiguration: + $ref: '#/components/schemas/MembershipPaymentConfiguration' + required: + - CollaborationIdentifier + - QueryLogStatus + x-stackql-resource-name: membership + description: Represents an AWS account that is a part of a collaboration + x-type-name: AWS::CleanRooms::Membership + x-stackql-primary-identifier: + - MembershipIdentifier + x-create-only-properties: + - CollaborationIdentifier + x-read-only-properties: + - Arn + - CollaborationArn + - CollaborationCreatorAccountId + - MembershipIdentifier + x-required-properties: + - CollaborationIdentifier + - QueryLogStatus + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - cleanrooms:CreateMembership + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - logs:DescribeLogGroups + - logs:DescribeResourcePolicies + - logs:PutResourcePolicy + - logs:CreateLogGroup + - cleanrooms:GetMembership + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:ListMemberships + - iam:PassRole + read: + - cleanrooms:GetMembership + - cleanrooms:ListTagsForResource + - logs:ListLogDeliveries + - logs:DescribeLogGroups + - logs:DescribeResourcePolicies + - logs:GetLogDelivery + update: + - cleanrooms:UpdateMembership + - cleanrooms:GetMembership + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - logs:DescribeLogGroups + - logs:DescribeResourcePolicies + - logs:PutResourcePolicy + - logs:CreateLogGroup + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:UntagResource + - iam:PassRole + delete: + - cleanrooms:DeleteMembership + - cleanrooms:GetMembership + - cleanrooms:ListMemberships + - cleanrooms:ListTagsForResource + - logs:ListLogDeliveries + - logs:DescribeLogGroups + - logs:DescribeResourcePolicies + - logs:GetLogDelivery + list: + - cleanrooms:ListMemberships + PrivacyBudgetTemplate: + type: object + properties: + Arn: + type: string + maxLength: 200 + CollaborationArn: + type: string + maxLength: 100 + CollaborationIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + PrivacyBudgetTemplateIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + Tags: + description: An arbitrary set of tags (key-value pairs) for this cleanrooms privacy budget template. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + type: array + AutoRefresh: + type: string + enum: + - CALENDAR_MONTH + - NONE + PrivacyBudgetType: + type: string + enum: + - DIFFERENTIAL_PRIVACY + Parameters: + type: object + additionalProperties: false + properties: + Epsilon: + type: integer + minimum: 1 + maximum: 20 + UsersNoisePerQuery: + type: integer + minimum: 10 + maximum: 100 + required: + - Epsilon + - UsersNoisePerQuery + MembershipArn: + type: string + maxLength: 100 + MembershipIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + required: + - AutoRefresh + - PrivacyBudgetType + - Parameters + - MembershipIdentifier + x-stackql-resource-name: privacy_budget_template + description: Represents a privacy budget within a collaboration + x-type-name: AWS::CleanRooms::PrivacyBudgetTemplate + x-stackql-primary-identifier: + - PrivacyBudgetTemplateIdentifier + - MembershipIdentifier + x-create-only-properties: + - MembershipIdentifier + - PrivacyBudgetType + - AutoRefresh + x-read-only-properties: + - CollaborationArn + - CollaborationIdentifier + - PrivacyBudgetTemplateIdentifier + - Arn + - MembershipArn + x-required-properties: + - AutoRefresh + - PrivacyBudgetType + - Parameters + - MembershipIdentifier + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - cleanrooms:CreatePrivacyBudgetTemplate + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:GetPrivacyBudgetTemplate + - cleanrooms:ListPrivacyBudgetTemplates + read: + - cleanrooms:GetPrivacyBudgetTemplate + - cleanrooms:ListTagsForResource + update: + - cleanrooms:UpdatePrivacyBudgetTemplate + - cleanrooms:GetPrivacyBudgetTemplate + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:UntagResource + delete: + - cleanrooms:DeletePrivacyBudgetTemplate + - cleanrooms:GetPrivacyBudgetTemplate + - cleanrooms:ListPrivacyBudgetTemplates + - cleanrooms:ListTagsForResource + - cleanrooms:UntagResource + list: + - cleanrooms:ListPrivacyBudgetTemplates + x-stackQL-resources: + analysis_templates: + name: analysis_templates + id: aws.cleanrooms.analysis_templates + x-cfn-schema-name: AnalysisTemplate + x-type: list + x-identifiers: + - AnalysisTemplateIdentifier + - MembershipIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AnalysisTemplateIdentifier') as analysis_template_identifier, + JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AnalysisTemplateIdentifier') as analysis_template_identifier, + json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND region = 'us-east-1' + analysis_template: + name: analysis_template + id: aws.cleanrooms.analysis_template + x-cfn-schema-name: AnalysisTemplate + x-type: get + x-identifiers: + - AnalysisTemplateIdentifier + - MembershipIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CollaborationArn') as collaboration_arn, + JSON_EXTRACT(Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AnalysisParameters') as analysis_parameters, + JSON_EXTRACT(Properties, '$.AnalysisTemplateIdentifier') as analysis_template_identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.MembershipArn') as membership_arn, + JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Schema') as _schema, + JSON_EXTRACT(Properties, '$.Source') as source, + JSON_EXTRACT(Properties, '$.Format') as _format + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CollaborationArn') as collaboration_arn, + json_extract_path_text(Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AnalysisParameters') as analysis_parameters, + json_extract_path_text(Properties, 'AnalysisTemplateIdentifier') as analysis_template_identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'MembershipArn') as membership_arn, + json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Schema') as _schema, + json_extract_path_text(Properties, 'Source') as source, + json_extract_path_text(Properties, 'Format') as _format + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND data__Identifier = '|' + AND region = 'us-east-1' + collaborations: + name: collaborations + id: aws.cleanrooms.collaborations + x-cfn-schema-name: Collaboration + x-type: list + x-identifiers: + - CollaborationIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CollaborationIdentifier') as collaboration_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::Collaboration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CollaborationIdentifier') as collaboration_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::Collaboration' + AND region = 'us-east-1' + collaboration: + name: collaboration + id: aws.cleanrooms.collaboration + x-cfn-schema-name: Collaboration + x-type: get + x-identifiers: + - CollaborationIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(Properties, '$.CreatorDisplayName') as creator_display_name, + JSON_EXTRACT(Properties, '$.CreatorMemberAbilities') as creator_member_abilities, + JSON_EXTRACT(Properties, '$.DataEncryptionMetadata') as data_encryption_metadata, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Members') as members, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.QueryLogStatus') as query_log_status, + JSON_EXTRACT(Properties, '$.CreatorPaymentConfiguration') as creator_payment_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::Collaboration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(Properties, 'CreatorDisplayName') as creator_display_name, + json_extract_path_text(Properties, 'CreatorMemberAbilities') as creator_member_abilities, + json_extract_path_text(Properties, 'DataEncryptionMetadata') as data_encryption_metadata, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Members') as members, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'QueryLogStatus') as query_log_status, + json_extract_path_text(Properties, 'CreatorPaymentConfiguration') as creator_payment_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::Collaboration' + AND data__Identifier = '' + AND region = 'us-east-1' + configured_tables: + name: configured_tables + id: aws.cleanrooms.configured_tables + x-cfn-schema-name: ConfiguredTable + x-type: list + x-identifiers: + - ConfiguredTableIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConfiguredTableIdentifier') as configured_table_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + AND region = 'us-east-1' + configured_table: + name: configured_table + id: aws.cleanrooms.configured_table + x-cfn-schema-name: ConfiguredTable + x-type: get + x-identifiers: + - ConfiguredTableIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AllowedColumns') as allowed_columns, + JSON_EXTRACT(Properties, '$.AnalysisMethod') as analysis_method, + JSON_EXTRACT(Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.AnalysisRules') as analysis_rules, + JSON_EXTRACT(Properties, '$.TableReference') as table_reference + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AllowedColumns') as allowed_columns, + json_extract_path_text(Properties, 'AnalysisMethod') as analysis_method, + json_extract_path_text(Properties, 'ConfiguredTableIdentifier') as configured_table_identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'AnalysisRules') as analysis_rules, + json_extract_path_text(Properties, 'TableReference') as table_reference + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + AND data__Identifier = '' + AND region = 'us-east-1' + configured_table_associations: + name: configured_table_associations + id: aws.cleanrooms.configured_table_associations + x-cfn-schema-name: ConfiguredTableAssociation + x-type: list + x-identifiers: + - ConfiguredTableAssociationIdentifier + - MembershipIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, + JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, + json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + AND region = 'us-east-1' + configured_table_association: + name: configured_table_association + id: aws.cleanrooms.configured_table_association + x-cfn-schema-name: ConfiguredTableAssociation + x-type: get + x-identifiers: + - ConfiguredTableAssociationIdentifier + - MembershipIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, + JSON_EXTRACT(Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, + json_extract_path_text(Properties, 'ConfiguredTableIdentifier') as configured_table_identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RoleArn') as role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + memberships: + name: memberships + id: aws.cleanrooms.memberships + x-cfn-schema-name: Membership + x-type: list + x-identifiers: + - MembershipIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::Membership' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::Membership' + AND region = 'us-east-1' + membership: + name: membership + id: aws.cleanrooms.membership + x-cfn-schema-name: Membership + x-type: get + x-identifiers: + - MembershipIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CollaborationArn') as collaboration_arn, + JSON_EXTRACT(Properties, '$.CollaborationCreatorAccountId') as collaboration_creator_account_id, + JSON_EXTRACT(Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier, + JSON_EXTRACT(Properties, '$.QueryLogStatus') as query_log_status, + JSON_EXTRACT(Properties, '$.DefaultResultConfiguration') as default_result_configuration, + JSON_EXTRACT(Properties, '$.PaymentConfiguration') as payment_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::Membership' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CollaborationArn') as collaboration_arn, + json_extract_path_text(Properties, 'CollaborationCreatorAccountId') as collaboration_creator_account_id, + json_extract_path_text(Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier, + json_extract_path_text(Properties, 'QueryLogStatus') as query_log_status, + json_extract_path_text(Properties, 'DefaultResultConfiguration') as default_result_configuration, + json_extract_path_text(Properties, 'PaymentConfiguration') as payment_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::Membership' + AND data__Identifier = '' + AND region = 'us-east-1' + privacy_budget_templates: + name: privacy_budget_templates + id: aws.cleanrooms.privacy_budget_templates + x-cfn-schema-name: PrivacyBudgetTemplate + x-type: list + x-identifiers: + - PrivacyBudgetTemplateIdentifier + - MembershipIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PrivacyBudgetTemplateIdentifier') as privacy_budget_template_identifier, + JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::PrivacyBudgetTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PrivacyBudgetTemplateIdentifier') as privacy_budget_template_identifier, + json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::PrivacyBudgetTemplate' + AND region = 'us-east-1' + privacy_budget_template: + name: privacy_budget_template + id: aws.cleanrooms.privacy_budget_template + x-cfn-schema-name: PrivacyBudgetTemplate + x-type: get + x-identifiers: + - PrivacyBudgetTemplateIdentifier + - MembershipIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CollaborationArn') as collaboration_arn, + JSON_EXTRACT(Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(Properties, '$.PrivacyBudgetTemplateIdentifier') as privacy_budget_template_identifier, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AutoRefresh') as auto_refresh, + JSON_EXTRACT(Properties, '$.PrivacyBudgetType') as privacy_budget_type, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.MembershipArn') as membership_arn, + JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::PrivacyBudgetTemplate' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CollaborationArn') as collaboration_arn, + json_extract_path_text(Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(Properties, 'PrivacyBudgetTemplateIdentifier') as privacy_budget_template_identifier, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AutoRefresh') as auto_refresh, + json_extract_path_text(Properties, 'PrivacyBudgetType') as privacy_budget_type, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'MembershipArn') as membership_arn, + json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::PrivacyBudgetTemplate' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/cleanroomsml.yaml b/providers/src/aws/v00.00.00000/services/cleanroomsml.yaml new file mode 100644 index 00000000..682cd879 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/cleanroomsml.yaml @@ -0,0 +1,261 @@ +openapi: 3.0.0 +info: + title: CleanRoomsML + version: 1.0.0 +paths: {} +components: + schemas: + ColumnSchema: + type: object + properties: + ColumnName: + type: string + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9_](([a-zA-Z0-9_ ]+-)*([a-zA-Z0-9_ ]+))?$ + ColumnTypes: + type: array + items: + $ref: '#/components/schemas/ColumnType' + maxItems: 1 + minItems: 1 + required: + - ColumnName + - ColumnTypes + additionalProperties: false + ColumnType: + type: string + enum: + - USER_ID + - ITEM_ID + - TIMESTAMP + - CATEGORICAL_FEATURE + - NUMERICAL_FEATURE + DataSource: + type: object + properties: + GlueDataSource: + $ref: '#/components/schemas/GlueDataSource' + required: + - GlueDataSource + additionalProperties: false + Dataset: + type: object + properties: + Type: + $ref: '#/components/schemas/DatasetType' + InputConfig: + $ref: '#/components/schemas/DatasetInputConfig' + required: + - InputConfig + - Type + additionalProperties: false + DatasetInputConfig: + type: object + properties: + Schema: + type: array + items: + $ref: '#/components/schemas/ColumnSchema' + maxItems: 100 + minItems: 1 + DataSource: + $ref: '#/components/schemas/DataSource' + required: + - DataSource + - Schema + additionalProperties: false + DatasetType: + type: string + enum: + - INTERACTIONS + GlueDataSource: + type: object + properties: + TableName: + type: string + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9_](([a-zA-Z0-9_ ]+-)*([a-zA-Z0-9_ ]+))?$ + DatabaseName: + type: string + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9_](([a-zA-Z0-9_]+-)*([a-zA-Z0-9_]+))?$ + CatalogId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^[0-9]{12}$ + required: + - DatabaseName + - TableName + additionalProperties: false + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 1 + maxLength: 256 + required: + - Value + - Key + TrainingDatasetStatus: + type: string + enum: + - ACTIVE + Unit: + type: object + additionalProperties: false + TrainingDataset: + type: object + properties: + Description: + type: string + maxLength: 255 + pattern: ^[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ + Name: + type: string + maxLength: 63 + minLength: 1 + pattern: ^(?!\s*$)[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t]*$ + RoleArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:aws[-a-z]*:iam::[0-9]{12}:role/.+$ + Tags: + description: An arbitrary set of tags (key-value pairs) for this cleanrooms-ml training dataset. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + uniqueItems: true + type: array + TrainingData: + type: array + items: + $ref: '#/components/schemas/Dataset' + maxItems: 1 + minItems: 1 + TrainingDatasetArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:aws[-a-z]*:cleanrooms-ml:[-a-z0-9]+:[0-9]{12}:training-dataset/[-a-zA-Z0-9_/.]+$ + Status: + $ref: '#/components/schemas/TrainingDatasetStatus' + required: + - Name + - RoleArn + - TrainingData + x-stackql-resource-name: training_dataset + description: Definition of AWS::CleanRoomsML::TrainingDataset Resource Type + x-type-name: AWS::CleanRoomsML::TrainingDataset + x-stackql-primary-identifier: + - TrainingDatasetArn + x-create-only-properties: + - Description + - Name + - RoleArn + - TrainingData + x-read-only-properties: + - Status + - TrainingDatasetArn + x-required-properties: + - Name + - RoleArn + - TrainingData + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - cleanrooms-ml:CreateTrainingDataset + - cleanrooms-ml:GetTrainingDataset + - cleanrooms-ml:TagResource + - iam:PassRole + read: + - cleanrooms-ml:GetTrainingDataset + delete: + - cleanrooms-ml:DeleteTrainingDataset + list: + - cleanrooms-ml:ListTrainingDatasets + update: + - cleanrooms-ml:TagResource + - cleanrooms-ml:UntagResource + x-stackQL-resources: + training_datasets: + name: training_datasets + id: aws.cleanroomsml.training_datasets + x-cfn-schema-name: TrainingDataset + x-type: list + x-identifiers: + - TrainingDatasetArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TrainingDatasetArn') as training_dataset_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRoomsML::TrainingDataset' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TrainingDatasetArn') as training_dataset_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRoomsML::TrainingDataset' + AND region = 'us-east-1' + training_dataset: + name: training_dataset + id: aws.cleanroomsml.training_dataset + x-cfn-schema-name: TrainingDataset + x-type: get + x-identifiers: + - TrainingDatasetArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TrainingData') as training_data, + JSON_EXTRACT(Properties, '$.TrainingDatasetArn') as training_dataset_arn, + JSON_EXTRACT(Properties, '$.Status') as status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRoomsML::TrainingDataset' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TrainingData') as training_data, + json_extract_path_text(Properties, 'TrainingDatasetArn') as training_dataset_arn, + json_extract_path_text(Properties, 'Status') as status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRoomsML::TrainingDataset' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/cloudformation.yaml b/providers/src/aws/v00.00.00000/services/cloudformation.yaml new file mode 100644 index 00000000..d76656fe --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/cloudformation.yaml @@ -0,0 +1,2001 @@ +openapi: 3.0.0 +info: + title: CloudFormation + version: 1.0.0 +paths: {} +components: + schemas: + HookDefaultVersion: + type: object + properties: + TypeVersionArn: + description: The Amazon Resource Name (ARN) of the type version. + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/hook/.+$ + type: string + TypeName: + description: |- + The name of the type being registered. + + We recommend that type names adhere to the following pattern: company_or_organization::service::type. + pattern: ^[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}$ + type: string + Arn: + description: The Amazon Resource Name (ARN) of the type. This is used to uniquely identify a HookDefaultVersion + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/hook/.+$ + type: string + VersionId: + description: The ID of an existing version of the hook to set as the default. + pattern: ^[A-Za-z0-9-]{1,128}$ + type: string + x-stackql-resource-name: hook_default_version + description: Set a version as default version for a hook in CloudFormation Registry. + x-type-name: AWS::CloudFormation::HookDefaultVersion + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cloudformation:SetTypeDefaultVersion + read: + - cloudformation:DescribeType + update: + - cloudformation:SetTypeDefaultVersion + delete: [] + list: + - cloudformation:ListTypes + HookTypeConfig: + type: object + properties: + TypeArn: + description: The Amazon Resource Name (ARN) of the type without version number. + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/hook/.+$ + type: string + TypeName: + description: |- + The name of the type being registered. + + We recommend that type names adhere to the following pattern: company_or_organization::service::type. + pattern: ^[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}$ + type: string + ConfigurationArn: + description: The Amazon Resource Name (ARN) for the configuration data, in this account and region. + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type(-configuration)?/hook/.+$ + type: string + Configuration: + description: The configuration data for the extension, in this account and region. + pattern: '[\s\S]+' + type: string + ConfigurationAlias: + description: An alias by which to refer to this extension configuration data. + pattern: ^[a-zA-Z0-9]{1,256}$ + default: default + enum: + - default + type: string + x-stackql-resource-name: hook_type_config + description: Specifies the configuration data for a registered hook in CloudFormation Registry. + x-type-name: AWS::CloudFormation::HookTypeConfig + x-stackql-primary-identifier: + - ConfigurationArn + x-create-only-properties: + - ConfigurationAlias + x-read-only-properties: + - ConfigurationArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cloudformation:SetTypeConfiguration + read: + - cloudformation:BatchDescribeTypeConfigurations + update: + - cloudformation:SetTypeConfiguration + delete: + - cloudformation:SetTypeConfiguration + list: + - cloudformation:ListTypes + - cloudformation:BatchDescribeTypeConfigurations + LoggingConfig: + type: object + properties: + LogGroupName: + description: The Amazon CloudWatch log group to which CloudFormation sends error logging information when invoking the type's handlers. + type: string + pattern: ^[\.\-_/#A-Za-z0-9]+$ + minLength: 1 + maxLength: 512 + LogRoleArn: + description: The ARN of the role that CloudFormation should assume when sending log entries to CloudWatch logs. + type: string + minLength: 1 + maxLength: 256 + additionalProperties: false + HookVersion: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the type, here the HookVersion. This is used to uniquely identify a HookVersion resource + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/hook/.+$ + type: string + TypeArn: + description: The Amazon Resource Name (ARN) of the type without the versionID. + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/hook/.+$ + type: string + ExecutionRoleArn: + description: The Amazon Resource Name (ARN) of the IAM execution role to use to register the type. If your resource type calls AWS APIs in any of its handlers, you must create an IAM execution role that includes the necessary permissions to call those AWS APIs, and provision that execution role in your account. CloudFormation then assumes that execution role to provide your resource type with the appropriate credentials. + pattern: arn:.+:iam::[0-9]{12}:role/.+ + maxLength: 256 + type: string + IsDefaultVersion: + description: Indicates if this type version is the current default version + type: boolean + LoggingConfig: + $ref: '#/components/schemas/LoggingConfig' + description: Specifies logging configuration information for a type. + SchemaHandlerPackage: + description: |- + A url to the S3 bucket containing the schema handler package that contains the schema, event handlers, and associated files for the type you want to register. + + For information on generating a schema handler package for the type you want to register, see submit in the CloudFormation CLI User Guide. + maxLength: 4096 + type: string + TypeName: + description: |- + The name of the type being registered. + + We recommend that type names adhere to the following pattern: company_or_organization::service::type. + pattern: ^[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}$ + type: string + VersionId: + description: The ID of the version of the type represented by this hook instance. + pattern: ^[A-Za-z0-9-]{1,128}$ + type: string + Visibility: + description: |- + The scope at which the type is visible and usable in CloudFormation operations. + + Valid values include: + + PRIVATE: The type is only visible and usable within the account in which it is registered. Currently, AWS CloudFormation marks any types you register as PRIVATE. + + PUBLIC: The type is publically visible and usable within any Amazon account. + enum: + - PUBLIC + - PRIVATE + type: string + required: + - SchemaHandlerPackage + - TypeName + x-stackql-resource-name: hook_version + description: Publishes new or first hook version to AWS CloudFormation Registry. + x-type-name: AWS::CloudFormation::HookVersion + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - ExecutionRoleArn + - LoggingConfig + - SchemaHandlerPackage + - TypeName + x-write-only-properties: + - SchemaHandlerPackage + x-read-only-properties: + - Arn + - IsDefaultVersion + - Visibility + - VersionId + - TypeArn + x-required-properties: + - SchemaHandlerPackage + - TypeName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cloudformation:DescribeType + - cloudformation:DescribeTypeRegistration + - cloudformation:RegisterType + - iam:PassRole + - s3:GetObject + - s3:ListBucket + - kms:Decrypt + read: + - cloudformation:DescribeType + delete: + - cloudformation:DeregisterType + - cloudformation:DescribeType + list: + - cloudformation:ListTypes + - cloudformation:ListTypeVersions + ModuleDefaultVersion: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the module version to set as the default version. + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/module/.+/[0-9]{8}$ + type: string + ModuleName: + description: The name of a module existing in the registry. + pattern: ^[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::MODULE + type: string + VersionId: + description: The ID of an existing version of the named module to set as the default. + pattern: ^[0-9]{8}$ + type: string + x-stackql-resource-name: module_default_version + description: A module that has been registered in the CloudFormation registry as the default version + x-type-name: AWS::CloudFormation::ModuleDefaultVersion + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - ModuleName + x-create-only-properties: + - Arn + - ModuleName + - VersionId + x-write-only-properties: + - ModuleName + - VersionId + x-required-permissions: + create: + - cloudformation:DescribeType + - cloudformation:SetTypeDefaultVersion + delete: [] + read: + - cloudformation:DescribeType + list: + - cloudformation:ListTypes + ModuleVersion: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the module. + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/module/.+$ + type: string + Description: + description: The description of the registered module. + maxLength: 1024 + minLength: 1 + type: string + DocumentationUrl: + description: The URL of a page providing detailed documentation for this module. + maxLength: 4096 + type: string + ModuleName: + description: |- + The name of the module being registered. + + Recommended module naming pattern: company_or_organization::service::type::MODULE. + pattern: ^[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::MODULE + type: string + ModulePackage: + description: The url to the S3 bucket containing the schema and template fragment for the module you want to register. + type: string + IsDefaultVersion: + description: Indicator of whether this module version is the current default version + type: boolean + Schema: + description: The schema defining input parameters to and resources generated by the module. + maxLength: 16777216 + minLength: 1 + type: string + TimeCreated: + description: The time that the specified module version was registered. + type: string + VersionId: + description: The version ID of the module represented by this module instance. + pattern: ^[0-9]{8}$ + type: string + Visibility: + description: |- + The scope at which the type is visible and usable in CloudFormation operations. + + The only allowed value at present is: + + PRIVATE: The type is only visible and usable within the account in which it is registered. Currently, AWS CloudFormation marks any types you register as PRIVATE. + enum: + - PRIVATE + type: string + required: + - ModuleName + - ModulePackage + x-stackql-resource-name: module_version + description: A module that has been registered in the CloudFormation registry. + x-type-name: AWS::CloudFormation::ModuleVersion + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - ModuleName + - ModulePackage + x-write-only-properties: + - ModulePackage + x-read-only-properties: + - Arn + - Description + - DocumentationUrl + - IsDefaultVersion + - Schema + - TimeCreated + - VersionId + - Visibility + x-required-properties: + - ModuleName + - ModulePackage + x-required-permissions: + create: + - cloudformation:DescribeType + - cloudformation:DescribeTypeRegistration + - cloudformation:ListTypeVersions + - cloudformation:RegisterType + - s3:GetObject + - s3:ListBucket + read: + - cloudformation:DescribeType + delete: + - cloudformation:DeregisterType + - cloudformation:DescribeType + PublicTypeVersion: + type: object + properties: + Arn: + description: The Amazon Resource Number (ARN) of the extension. + pattern: arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:[0-9]{12}:type/.+ + type: string + TypeVersionArn: + description: The Amazon Resource Number (ARN) of the extension with the versionId. + pattern: arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:[0-9]{12}:type/.+ + type: string + PublicVersionNumber: + description: The version number of a public third-party extension + type: string + minLength: 5 + maxLength: 64 + PublisherId: + description: The publisher id assigned by CloudFormation for publishing in this region. + pattern: '[0-9a-zA-Z]{40}' + type: string + minLength: 1 + maxLength: 40 + PublicTypeArn: + description: The Amazon Resource Number (ARN) assigned to the public extension upon publication + pattern: arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/.+ + type: string + maxLength: 1024 + TypeName: + description: |- + The name of the type being registered. + + We recommend that type names adhere to the following pattern: company_or_organization::service::type. + pattern: '[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}(::MODULE){0,1}' + type: string + LogDeliveryBucket: + description: A url to the S3 bucket where logs for the testType run will be available + type: string + Type: + description: The kind of extension + enum: + - RESOURCE + - MODULE + - HOOK + type: string + x-stackql-resource-name: public_type_version + description: Test and Publish a resource that has been registered in the CloudFormation Registry. + x-type-name: AWS::CloudFormation::PublicTypeVersion + x-stackql-primary-identifier: + - PublicTypeArn + x-create-only-properties: + - LogDeliveryBucket + - PublicVersionNumber + - TypeName + - Type + - Arn + x-write-only-properties: + - Arn + x-read-only-properties: + - PublicTypeArn + - TypeVersionArn + - PublisherId + x-required-permissions: + create: + - cloudformation:TestType + - cloudformation:DescribeType + - cloudformation:PublishType + - cloudformation:DescribePublisher + - s3:GetObject + - s3:PutObject + delete: [] + read: + - cloudformation:DescribeType + - cloudformation:DescribePublisher + list: + - cloudformation:ListTypes + Publisher: + type: object + properties: + AcceptTermsAndConditions: + description: Whether you accept the terms and conditions for publishing extensions in the CloudFormation registry. You must accept the terms and conditions in order to publish public extensions to the CloudFormation registry. The terms and conditions can be found at https://cloudformation-registry-documents.s3.amazonaws.com/Terms_and_Conditions_for_AWS_CloudFormation_Registry_Publishers.pdf + type: boolean + PublisherId: + description: The publisher id assigned by CloudFormation for publishing in this region. + pattern: '[0-9a-zA-Z]{40}' + type: string + minLength: 1 + maxLength: 40 + ConnectionArn: + description: If you are using a Bitbucket or GitHub account for identity verification, the Amazon Resource Name (ARN) for your connection to that account. + type: string + pattern: arn:aws(-[w]+)*:.+:.+:[0-9]{12}:.+ + PublisherStatus: + description: Whether the publisher is verified. + type: string + enum: + - VERIFIED + - UNVERIFIED + PublisherProfile: + description: The URL to the publisher's profile with the identity provider. + pattern: (http:|https:)+[^s]+[w] + type: string + maxLength: 1024 + IdentityProvider: + description: The type of account used as the identity provider when registering this publisher with CloudFormation. + type: string + enum: + - AWS_Marketplace + - GitHub + - Bitbucket + required: + - AcceptTermsAndConditions + x-stackql-resource-name: publisher + description: Register as a publisher in the CloudFormation Registry. + x-type-name: AWS::CloudFormation::Publisher + x-stackql-primary-identifier: + - PublisherId + x-create-only-properties: + - AcceptTermsAndConditions + - ConnectionArn + x-write-only-properties: + - ConnectionArn + x-read-only-properties: + - PublisherId + - PublisherStatus + - PublisherProfile + - IdentityProvider + x-required-properties: + - AcceptTermsAndConditions + x-required-permissions: + create: + - cloudformation:RegisterPublisher + - cloudformation:DescribePublisher + - codestar-connections:GetConnection + - codestar-connections:UseConnection + read: + - cloudformation:DescribePublisher + delete: [] + list: + - cloudformation:DescribePublisher + ResourceDefaultVersion: + type: object + properties: + VersionId: + pattern: ^[A-Za-z0-9-]{1,128}$ + description: The ID of an existing version of the resource to set as the default. + type: string + TypeName: + pattern: ^[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}$ + description: |- + The name of the type being registered. + + We recommend that type names adhere to the following pattern: company_or_organization::service::type. + type: string + Arn: + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/resource/.+$ + description: The Amazon Resource Name (ARN) of the type. This is used to uniquely identify a ResourceDefaultVersion + type: string + TypeVersionArn: + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/resource/.+$ + description: The Amazon Resource Name (ARN) of the type version. + type: string + x-stackql-resource-name: resource_default_version + description: The default version of a resource that has been registered in the CloudFormation Registry. + x-type-name: AWS::CloudFormation::ResourceDefaultVersion + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - TypeName + x-read-only-properties: + - Arn + x-required-permissions: + read: + - cloudformation:DescribeType + create: + - cloudformation:SetTypeDefaultVersion + update: + - cloudformation:SetTypeDefaultVersion + list: + - cloudformation:ListTypeVersions + delete: + - '' + ResourceVersion: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the type, here the ResourceVersion. This is used to uniquely identify a ResourceVersion resource + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/resource/.+$ + type: string + TypeArn: + description: The Amazon Resource Name (ARN) of the type without the versionID. + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/resource/.+$ + type: string + ExecutionRoleArn: + description: The Amazon Resource Name (ARN) of the IAM execution role to use to register the type. If your resource type calls AWS APIs in any of its handlers, you must create an IAM execution role that includes the necessary permissions to call those AWS APIs, and provision that execution role in your account. CloudFormation then assumes that execution role to provide your resource type with the appropriate credentials. + type: string + IsDefaultVersion: + description: Indicates if this type version is the current default version + type: boolean + LoggingConfig: + $ref: '#/components/schemas/LoggingConfig' + description: Specifies logging configuration information for a type. + ProvisioningType: + description: The provisioning behavior of the type. AWS CloudFormation determines the provisioning type during registration, based on the types of handlers in the schema handler package submitted. + enum: + - NON_PROVISIONABLE + - IMMUTABLE + - FULLY_MUTABLE + type: string + SchemaHandlerPackage: + description: |- + A url to the S3 bucket containing the schema handler package that contains the schema, event handlers, and associated files for the type you want to register. + + For information on generating a schema handler package for the type you want to register, see submit in the CloudFormation CLI User Guide. + type: string + TypeName: + description: |- + The name of the type being registered. + + We recommend that type names adhere to the following pattern: company_or_organization::service::type. + pattern: ^[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}$ + type: string + VersionId: + description: The ID of the version of the type represented by this resource instance. + pattern: ^[A-Za-z0-9-]{1,128}$ + type: string + Visibility: + description: |- + The scope at which the type is visible and usable in CloudFormation operations. + + Valid values include: + + PRIVATE: The type is only visible and usable within the account in which it is registered. Currently, AWS CloudFormation marks any types you register as PRIVATE. + + PUBLIC: The type is publically visible and usable within any Amazon account. + enum: + - PUBLIC + - PRIVATE + type: string + required: + - SchemaHandlerPackage + - TypeName + x-stackql-resource-name: resource_version + description: A resource that has been registered in the CloudFormation Registry. + x-type-name: AWS::CloudFormation::ResourceVersion + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - ExecutionRoleArn + - LoggingConfig + - SchemaHandlerPackage + - TypeName + x-write-only-properties: + - SchemaHandlerPackage + x-read-only-properties: + - Arn + - IsDefaultVersion + - ProvisioningType + - Visibility + - VersionId + - TypeArn + x-required-properties: + - SchemaHandlerPackage + - TypeName + x-required-permissions: + create: + - cloudformation:DescribeTypeRegistration + - cloudformation:RegisterType + - iam:PassRole + - s3:GetObject + - s3:ListBucket + - kms:Decrypt + - cloudformation:ListTypeVersions + - cloudformation:DeregisterType + - cloudformation:DescribeType + read: + - cloudformation:DescribeType + delete: + - cloudformation:DeregisterType + - cloudformation:DescribeType + list: + - cloudformation:ListTypes + Tag: + description: Tag type enables you to specify a key-value pair that can be used to store information about an AWS CloudFormation StackSet. + type: object + properties: + Key: + description: A string used to identify this tag. You can specify a maximum of 127 characters for a tag key. + type: string + minLength: 1 + maxLength: 128 + pattern: ^(?!aws:.*)[a-zA-Z0-9\s\:\_\.\/\=\+\-]+$ + Value: + description: A string containing the value for this tag. You can specify a maximum of 256 characters for a tag value. + type: string + minLength: 1 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Output: + type: object + additionalProperties: false + properties: + Description: + type: string + ExportName: + type: string + OutputKey: + type: string + OutputValue: + type: string + Stack: + type: object + properties: + Capabilities: + type: array + uniqueItems: false + items: + type: string + enum: + - CAPABILITY_IAM + - CAPABILITY_NAMED_IAM + - CAPABILITY_AUTO_EXPAND + RoleARN: + type: string + Outputs: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Output' + Description: + type: string + minLength: 1 + maxLength: 1024 + DisableRollback: + type: boolean + EnableTerminationProtection: + type: boolean + NotificationARNs: + type: array + uniqueItems: false + items: + type: string + maxItems: 5 + Parameters: + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + ParentId: + type: string + RootId: + type: string + ChangeSetId: + type: string + StackName: + type: string + StackId: + type: string + StackPolicyBody: + type: object + StackPolicyURL: + type: string + StackStatus: + type: string + enum: + - CREATE_IN_PROGRESS + - CREATE_FAILED + - CREATE_COMPLETE + - ROLLBACK_IN_PROGRESS + - ROLLBACK_FAILED + - ROLLBACK_COMPLETE + - DELETE_IN_PROGRESS + - DELETE_FAILED + - DELETE_COMPLETE + - UPDATE_IN_PROGRESS + - UPDATE_COMPLETE_CLEANUP_IN_PROGRESS + - UPDATE_COMPLETE + - UPDATE_FAILED + - UPDATE_ROLLBACK_IN_PROGRESS + - UPDATE_ROLLBACK_FAILED + - UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS + - UPDATE_ROLLBACK_COMPLETE + - REVIEW_IN_PROGRESS + - IMPORT_IN_PROGRESS + - IMPORT_COMPLETE + - IMPORT_ROLLBACK_IN_PROGRESS + - IMPORT_ROLLBACK_FAILED + - IMPORT_ROLLBACK_COMPLETE + StackStatusReason: + type: string + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + maxItems: 50 + TemplateBody: + type: object + TemplateURL: + type: string + minLength: 1 + maxLength: 1024 + TimeoutInMinutes: + type: integer + minimum: 1 + LastUpdateTime: + type: string + CreationTime: + type: string + required: + - StackName + x-stackql-resource-name: stack + description: The AWS::CloudFormation::Stack resource nests a stack as a resource in a top-level template. + x-type-name: AWS::CloudFormation::Stack + x-stackql-primary-identifier: + - StackId + x-stackql-additional-identifiers: + - - StackName + x-create-only-properties: + - StackName + x-write-only-properties: + - TemplateURL + - StackPolicyURL + x-read-only-properties: + - StackId + - StackStatus + - CreationTime + - RootId + - ParentId + - ChangeSetId + - Outputs + - LastUpdateTime + x-required-properties: + - StackName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - cloudformation:DescribeStacks + - cloudformation:CreateStack + - iam:PassRole + update: + - cloudformation:DescribeStacks + - cloudformation:UpdateStack + - cloudformation:UpdateTerminationProtection + - cloudformation:SetStackPolicy + - iam:PassRole + delete: + - cloudformation:DescribeStacks + - cloudformation:DeleteStack + read: + - cloudformation:DescribeStacks + - cloudformation:GetStackPolicy + - cloudformation:GetTemplate + list: + - cloudformation:ListStacks + AutoDeployment: + type: object + properties: + Enabled: + description: If set to true, StackSets automatically deploys additional stack instances to AWS Organizations accounts that are added to a target organization or organizational unit (OU) in the specified Regions. If an account is removed from a target organization or OU, StackSets deletes stack instances from the account in the specified Regions. + type: boolean + RetainStacksOnAccountRemoval: + description: If set to true, stack resources are retained when an account is removed from a target organization or OU. If set to false, stack resources are deleted. Specify only if Enabled is set to True. + type: boolean + additionalProperties: false + Account: + description: AWS account that you want to create stack instances in the specified Region(s) for. + type: string + pattern: ^[0-9]{12}$ + Region: + type: string + pattern: ^[a-zA-Z0-9-]{1,128}$ + OrganizationalUnitId: + type: string + pattern: ^(ou-[a-z0-9]{4,32}-[a-z0-9]{8,32}|r-[a-z0-9]{4,32})$ + Capability: + type: string + enum: + - CAPABILITY_IAM + - CAPABILITY_NAMED_IAM + - CAPABILITY_AUTO_EXPAND + RegionConcurrencyType: + description: The concurrency type of deploying StackSets operations in regions, could be in parallel or one region at a time + type: string + enum: + - SEQUENTIAL + - PARALLEL + Active: + description: When true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. + type: boolean + OperationPreferences: + description: The user-specified preferences for how AWS CloudFormation performs a stack set operation. + type: object + properties: + FailureToleranceCount: + type: integer + minimum: 0 + FailureTolerancePercentage: + type: integer + minimum: 0 + maximum: 100 + MaxConcurrentCount: + type: integer + minimum: 1 + MaxConcurrentPercentage: + type: integer + minimum: 0 + maximum: 100 + RegionOrder: + type: array + items: + $ref: '#/components/schemas/Region' + RegionConcurrencyType: + $ref: '#/components/schemas/RegionConcurrencyType' + additionalProperties: false + Parameter: + type: object + properties: + ParameterKey: + description: The key associated with the parameter. If you don't specify a key and value for a particular parameter, AWS CloudFormation uses the default value that is specified in your template. + type: string + ParameterValue: + description: The input value associated with the parameter. + type: string + required: + - ParameterKey + - ParameterValue + additionalProperties: false + DeploymentTargets: + description: ' The AWS OrganizationalUnitIds or Accounts for which to create stack instances in the specified Regions.' + type: object + properties: + Accounts: + description: AWS accounts that you want to create stack instances in the specified Region(s) for. + type: array + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Account' + AccountsUrl: + description: Returns the value of the AccountsUrl property. + type: string + minLength: 1 + maxLength: 5120 + pattern: (s3://|http(s?)://).+ + OrganizationalUnitIds: + description: The organization root ID or organizational unit (OU) IDs to which StackSets deploys. + type: array + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/OrganizationalUnitId' + AccountFilterType: + description: The filter type you want to apply on organizational units and accounts. + type: string + enum: + - NONE + - UNION + - INTERSECTION + - DIFFERENCE + additionalProperties: false + StackInstances: + description: Stack instances in some specific accounts and Regions. + type: object + properties: + DeploymentTargets: + $ref: '#/components/schemas/DeploymentTargets' + Regions: + description: The names of one or more Regions where you want to create stack instances using the specified AWS account(s). + type: array + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Region' + ParameterOverrides: + description: A list of stack set parameters whose values you want to override in the selected stack instances. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Parameter' + required: + - DeploymentTargets + - Regions + additionalProperties: false + StackSet: + type: object + properties: + StackSetName: + description: The name to associate with the stack set. The name must be unique in the Region where you create your stack set. + type: string + pattern: ^[a-zA-Z][a-zA-Z0-9\-]{0,127}$ + maxLength: 128 + StackSetId: + description: The ID of the stack set that you're creating. + type: string + AdministrationRoleARN: + description: The Amazon Resource Number (ARN) of the IAM role to use to create this stack set. Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. + type: string + minLength: 20 + maxLength: 2048 + AutoDeployment: + description: Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to the target organization or organizational unit (OU). Specify only if PermissionModel is SERVICE_MANAGED. + $ref: '#/components/schemas/AutoDeployment' + Capabilities: + description: In some cases, you must explicitly acknowledge that your stack set template contains certain capabilities in order for AWS CloudFormation to create the stack set and related stack instances. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Capability' + Description: + description: A description of the stack set. You can use the description to identify the stack set's purpose or other important information. + type: string + minLength: 1 + maxLength: 1024 + ExecutionRoleName: + description: The name of the IAM execution role to use to create the stack set. If you do not specify an execution role, AWS CloudFormation uses the AWSCloudFormationStackSetExecutionRole role for the stack set operation. + type: string + minLength: 1 + maxLength: 64 + OperationPreferences: + $ref: '#/components/schemas/OperationPreferences' + StackInstancesGroup: + description: A group of stack instances with parameters in some specific accounts and regions. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/StackInstances' + Parameters: + description: The input parameters for the stack set template. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Parameter' + PermissionModel: + description: Describes how the IAM roles required for stack set operations are created. By default, SELF-MANAGED is specified. + type: string + enum: + - SERVICE_MANAGED + - SELF_MANAGED + Tags: + description: The key-value pairs to associate with this stack set and the stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the stacks. A maximum number of 50 tags can be specified. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + TemplateBody: + description: The structure that contains the template body, with a minimum length of 1 byte and a maximum length of 51,200 bytes. + type: string + minLength: 1 + maxLength: 51200 + TemplateURL: + description: 'Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that is located in an Amazon S3 bucket.' + type: string + minLength: 1 + maxLength: 5120 + CallAs: + description: Specifies the AWS account that you are acting from. By default, SELF is specified. For self-managed permissions, specify SELF; for service-managed permissions, if you are signed in to the organization's management account, specify SELF. If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN. + type: string + enum: + - SELF + - DELEGATED_ADMIN + ManagedExecution: + description: Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations. + type: object + properties: + Active: + $ref: '#/components/schemas/Active' + additionalProperties: false + required: + - StackSetName + - PermissionModel + x-stackql-resource-name: stack_set + description: StackSet as a resource provides one-click experience for provisioning a StackSet and StackInstances + x-type-name: AWS::CloudFormation::StackSet + x-stackql-primary-identifier: + - StackSetId + x-stackql-additional-identifiers: + - - StackSetName + x-create-only-properties: + - PermissionModel + - StackSetName + x-write-only-properties: + - TemplateURL + - OperationPreferences + - StackInstancesGroup + - CallAs + x-read-only-properties: + - StackSetId + x-required-properties: + - StackSetName + - PermissionModel + x-required-permissions: + create: + - cloudformation:GetTemplateSummary + - cloudformation:CreateStackSet + - cloudformation:CreateStackInstances + - cloudformation:DescribeStackSetOperation + - cloudformation:ListStackSetOperationResults + - cloudformation:TagResource + - iam:PassRole + read: + - cloudformation:DescribeStackSet + - cloudformation:ListStackInstances + - cloudformation:DescribeStackInstance + update: + - cloudformation:GetTemplateSummary + - cloudformation:UpdateStackSet + - cloudformation:CreateStackInstances + - cloudformation:DeleteStackInstances + - cloudformation:UpdateStackInstances + - cloudformation:DescribeStackSet + - cloudformation:DescribeStackSetOperation + - cloudformation:ListStackSetOperationResults + - cloudformation:TagResource + - cloudformation:UntagResource + - iam:PassRole + delete: + - cloudformation:DeleteStackSet + - cloudformation:DeleteStackInstances + - cloudformation:DescribeStackSet + - cloudformation:DescribeStackSetOperation + - cloudformation:ListStackSetOperationResults + - cloudformation:UntagResource + list: + - cloudformation:ListStackSets + - cloudformation:DescribeStackSet + - cloudformation:ListStackInstances + - cloudformation:DescribeStackInstance + TypeActivation: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the extension. + pattern: arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/.+ + type: string + ExecutionRoleArn: + description: The Amazon Resource Name (ARN) of the IAM execution role to use to register the type. If your resource type calls AWS APIs in any of its handlers, you must create an IAM execution role that includes the necessary permissions to call those AWS APIs, and provision that execution role in your account. CloudFormation then assumes that execution role to provide your resource type with the appropriate credentials. + type: string + PublisherId: + description: The publisher id assigned by CloudFormation for publishing in this region. + pattern: '[0-9a-zA-Z]{40}' + type: string + minLength: 1 + maxLength: 40 + LoggingConfig: + $ref: '#/components/schemas/LoggingConfig' + description: Specifies logging configuration information for a type. + PublicTypeArn: + description: The Amazon Resource Number (ARN) assigned to the public extension upon publication + pattern: arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/.+ + type: string + maxLength: 1024 + AutoUpdate: + description: Whether to automatically update the extension in this account and region when a new minor version is published by the extension publisher. Major versions released by the publisher must be manually updated. + type: boolean + TypeNameAlias: + description: An alias to assign to the public extension in this account and region. If you specify an alias for the extension, you must then use the alias to refer to the extension in your templates. + pattern: '[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}(::MODULE){0,1}' + type: string + minLength: 10 + maxLength: 204 + VersionBump: + description: Manually updates a previously-enabled type to a new major or minor version, if available. You can also use this parameter to update the value of AutoUpdateEnabled + type: string + enum: + - MAJOR + - MINOR + MajorVersion: + description: The Major Version of the type you want to enable + type: string + minLength: 1 + maxLength: 100000 + TypeName: + description: |- + The name of the type being registered. + + We recommend that type names adhere to the following pattern: company_or_organization::service::type. + pattern: '[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}(::MODULE){0,1}' + type: string + Type: + description: The kind of extension + enum: + - RESOURCE + - MODULE + - HOOK + type: string + x-stackql-resource-name: type_activation + description: Enable a resource that has been published in the CloudFormation Registry. + x-type-name: AWS::CloudFormation::TypeActivation + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - LoggingConfig + x-write-only-properties: + - ExecutionRoleArn + - Type + - LoggingConfig + - VersionBump + - AutoUpdate + - MajorVersion + x-read-only-properties: + - Arn + x-required-permissions: + create: + - cloudformation:ActivateType + - cloudformation:DescribeType + - iam:PassRole + update: + - cloudformation:ActivateType + - cloudformation:DescribeType + - iam:PassRole + read: + - cloudformation:DescribeType + delete: + - cloudformation:DeactivateType + - cloudformation:DescribeType + list: + - cloudformation:ListTypes + x-stackQL-resources: + hook_default_versions: + name: hook_default_versions + id: aws.cloudformation.hook_default_versions + x-cfn-schema-name: HookDefaultVersion + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::HookDefaultVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::HookDefaultVersion' + AND region = 'us-east-1' + hook_default_version: + name: hook_default_version + id: aws.cloudformation.hook_default_version + x-cfn-schema-name: HookDefaultVersion + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TypeVersionArn') as type_version_arn, + JSON_EXTRACT(Properties, '$.TypeName') as type_name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.VersionId') as version_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::HookDefaultVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TypeVersionArn') as type_version_arn, + json_extract_path_text(Properties, 'TypeName') as type_name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'VersionId') as version_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::HookDefaultVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + hook_type_configs: + name: hook_type_configs + id: aws.cloudformation.hook_type_configs + x-cfn-schema-name: HookTypeConfig + x-type: list + x-identifiers: + - ConfigurationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConfigurationArn') as configuration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::HookTypeConfig' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConfigurationArn') as configuration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::HookTypeConfig' + AND region = 'us-east-1' + hook_type_config: + name: hook_type_config + id: aws.cloudformation.hook_type_config + x-cfn-schema-name: HookTypeConfig + x-type: get + x-identifiers: + - ConfigurationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TypeArn') as type_arn, + JSON_EXTRACT(Properties, '$.TypeName') as type_name, + JSON_EXTRACT(Properties, '$.ConfigurationArn') as configuration_arn, + JSON_EXTRACT(Properties, '$.Configuration') as configuration, + JSON_EXTRACT(Properties, '$.ConfigurationAlias') as configuration_alias + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::HookTypeConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TypeArn') as type_arn, + json_extract_path_text(Properties, 'TypeName') as type_name, + json_extract_path_text(Properties, 'ConfigurationArn') as configuration_arn, + json_extract_path_text(Properties, 'Configuration') as configuration, + json_extract_path_text(Properties, 'ConfigurationAlias') as configuration_alias + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::HookTypeConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + hook_versions: + name: hook_versions + id: aws.cloudformation.hook_versions + x-cfn-schema-name: HookVersion + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::HookVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::HookVersion' + AND region = 'us-east-1' + hook_version: + name: hook_version + id: aws.cloudformation.hook_version + x-cfn-schema-name: HookVersion + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.TypeArn') as type_arn, + JSON_EXTRACT(Properties, '$.ExecutionRoleArn') as execution_role_arn, + JSON_EXTRACT(Properties, '$.IsDefaultVersion') as is_default_version, + JSON_EXTRACT(Properties, '$.LoggingConfig') as logging_config, + JSON_EXTRACT(Properties, '$.SchemaHandlerPackage') as schema_handler_package, + JSON_EXTRACT(Properties, '$.TypeName') as type_name, + JSON_EXTRACT(Properties, '$.VersionId') as version_id, + JSON_EXTRACT(Properties, '$.Visibility') as visibility + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::HookVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'TypeArn') as type_arn, + json_extract_path_text(Properties, 'ExecutionRoleArn') as execution_role_arn, + json_extract_path_text(Properties, 'IsDefaultVersion') as is_default_version, + json_extract_path_text(Properties, 'LoggingConfig') as logging_config, + json_extract_path_text(Properties, 'SchemaHandlerPackage') as schema_handler_package, + json_extract_path_text(Properties, 'TypeName') as type_name, + json_extract_path_text(Properties, 'VersionId') as version_id, + json_extract_path_text(Properties, 'Visibility') as visibility + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::HookVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + module_default_versions: + name: module_default_versions + id: aws.cloudformation.module_default_versions + x-cfn-schema-name: ModuleDefaultVersion + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::ModuleDefaultVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::ModuleDefaultVersion' + AND region = 'us-east-1' + module_default_version: + name: module_default_version + id: aws.cloudformation.module_default_version + x-cfn-schema-name: ModuleDefaultVersion + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ModuleName') as module_name, + JSON_EXTRACT(Properties, '$.VersionId') as version_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::ModuleDefaultVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ModuleName') as module_name, + json_extract_path_text(Properties, 'VersionId') as version_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::ModuleDefaultVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + module_version: + name: module_version + id: aws.cloudformation.module_version + x-cfn-schema-name: ModuleVersion + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DocumentationUrl') as documentation_url, + JSON_EXTRACT(Properties, '$.ModuleName') as module_name, + JSON_EXTRACT(Properties, '$.ModulePackage') as module_package, + JSON_EXTRACT(Properties, '$.IsDefaultVersion') as is_default_version, + JSON_EXTRACT(Properties, '$.Schema') as _schema, + JSON_EXTRACT(Properties, '$.TimeCreated') as time_created, + JSON_EXTRACT(Properties, '$.VersionId') as version_id, + JSON_EXTRACT(Properties, '$.Visibility') as visibility + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::ModuleVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DocumentationUrl') as documentation_url, + json_extract_path_text(Properties, 'ModuleName') as module_name, + json_extract_path_text(Properties, 'ModulePackage') as module_package, + json_extract_path_text(Properties, 'IsDefaultVersion') as is_default_version, + json_extract_path_text(Properties, 'Schema') as _schema, + json_extract_path_text(Properties, 'TimeCreated') as time_created, + json_extract_path_text(Properties, 'VersionId') as version_id, + json_extract_path_text(Properties, 'Visibility') as visibility + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::ModuleVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + public_type_versions: + name: public_type_versions + id: aws.cloudformation.public_type_versions + x-cfn-schema-name: PublicTypeVersion + x-type: list + x-identifiers: + - PublicTypeArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PublicTypeArn') as public_type_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::PublicTypeVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PublicTypeArn') as public_type_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::PublicTypeVersion' + AND region = 'us-east-1' + public_type_version: + name: public_type_version + id: aws.cloudformation.public_type_version + x-cfn-schema-name: PublicTypeVersion + x-type: get + x-identifiers: + - PublicTypeArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.TypeVersionArn') as type_version_arn, + JSON_EXTRACT(Properties, '$.PublicVersionNumber') as public_version_number, + JSON_EXTRACT(Properties, '$.PublisherId') as publisher_id, + JSON_EXTRACT(Properties, '$.PublicTypeArn') as public_type_arn, + JSON_EXTRACT(Properties, '$.TypeName') as type_name, + JSON_EXTRACT(Properties, '$.LogDeliveryBucket') as log_delivery_bucket, + JSON_EXTRACT(Properties, '$.Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::PublicTypeVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'TypeVersionArn') as type_version_arn, + json_extract_path_text(Properties, 'PublicVersionNumber') as public_version_number, + json_extract_path_text(Properties, 'PublisherId') as publisher_id, + json_extract_path_text(Properties, 'PublicTypeArn') as public_type_arn, + json_extract_path_text(Properties, 'TypeName') as type_name, + json_extract_path_text(Properties, 'LogDeliveryBucket') as log_delivery_bucket, + json_extract_path_text(Properties, 'Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::PublicTypeVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + publishers: + name: publishers + id: aws.cloudformation.publishers + x-cfn-schema-name: Publisher + x-type: list + x-identifiers: + - PublisherId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PublisherId') as publisher_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::Publisher' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PublisherId') as publisher_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::Publisher' + AND region = 'us-east-1' + publisher: + name: publisher + id: aws.cloudformation.publisher + x-cfn-schema-name: Publisher + x-type: get + x-identifiers: + - PublisherId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AcceptTermsAndConditions') as accept_terms_and_conditions, + JSON_EXTRACT(Properties, '$.PublisherId') as publisher_id, + JSON_EXTRACT(Properties, '$.ConnectionArn') as connection_arn, + JSON_EXTRACT(Properties, '$.PublisherStatus') as publisher_status, + JSON_EXTRACT(Properties, '$.PublisherProfile') as publisher_profile, + JSON_EXTRACT(Properties, '$.IdentityProvider') as identity_provider + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::Publisher' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AcceptTermsAndConditions') as accept_terms_and_conditions, + json_extract_path_text(Properties, 'PublisherId') as publisher_id, + json_extract_path_text(Properties, 'ConnectionArn') as connection_arn, + json_extract_path_text(Properties, 'PublisherStatus') as publisher_status, + json_extract_path_text(Properties, 'PublisherProfile') as publisher_profile, + json_extract_path_text(Properties, 'IdentityProvider') as identity_provider + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::Publisher' + AND data__Identifier = '' + AND region = 'us-east-1' + resource_default_versions: + name: resource_default_versions + id: aws.cloudformation.resource_default_versions + x-cfn-schema-name: ResourceDefaultVersion + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::ResourceDefaultVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::ResourceDefaultVersion' + AND region = 'us-east-1' + resource_default_version: + name: resource_default_version + id: aws.cloudformation.resource_default_version + x-cfn-schema-name: ResourceDefaultVersion + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.VersionId') as version_id, + JSON_EXTRACT(Properties, '$.TypeName') as type_name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.TypeVersionArn') as type_version_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::ResourceDefaultVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'VersionId') as version_id, + json_extract_path_text(Properties, 'TypeName') as type_name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'TypeVersionArn') as type_version_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::ResourceDefaultVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + resource_versions: + name: resource_versions + id: aws.cloudformation.resource_versions + x-cfn-schema-name: ResourceVersion + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::ResourceVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::ResourceVersion' + AND region = 'us-east-1' + resource_version: + name: resource_version + id: aws.cloudformation.resource_version + x-cfn-schema-name: ResourceVersion + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.TypeArn') as type_arn, + JSON_EXTRACT(Properties, '$.ExecutionRoleArn') as execution_role_arn, + JSON_EXTRACT(Properties, '$.IsDefaultVersion') as is_default_version, + JSON_EXTRACT(Properties, '$.LoggingConfig') as logging_config, + JSON_EXTRACT(Properties, '$.ProvisioningType') as provisioning_type, + JSON_EXTRACT(Properties, '$.SchemaHandlerPackage') as schema_handler_package, + JSON_EXTRACT(Properties, '$.TypeName') as type_name, + JSON_EXTRACT(Properties, '$.VersionId') as version_id, + JSON_EXTRACT(Properties, '$.Visibility') as visibility + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::ResourceVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'TypeArn') as type_arn, + json_extract_path_text(Properties, 'ExecutionRoleArn') as execution_role_arn, + json_extract_path_text(Properties, 'IsDefaultVersion') as is_default_version, + json_extract_path_text(Properties, 'LoggingConfig') as logging_config, + json_extract_path_text(Properties, 'ProvisioningType') as provisioning_type, + json_extract_path_text(Properties, 'SchemaHandlerPackage') as schema_handler_package, + json_extract_path_text(Properties, 'TypeName') as type_name, + json_extract_path_text(Properties, 'VersionId') as version_id, + json_extract_path_text(Properties, 'Visibility') as visibility + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::ResourceVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + stacks: + name: stacks + id: aws.cloudformation.stacks + x-cfn-schema-name: Stack + x-type: list + x-identifiers: + - StackId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.StackId') as stack_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::Stack' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'StackId') as stack_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::Stack' + AND region = 'us-east-1' + stack: + name: stack + id: aws.cloudformation.stack + x-cfn-schema-name: Stack + x-type: get + x-identifiers: + - StackId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Capabilities') as capabilities, + JSON_EXTRACT(Properties, '$.RoleARN') as role_arn, + JSON_EXTRACT(Properties, '$.Outputs') as outputs, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DisableRollback') as disable_rollback, + JSON_EXTRACT(Properties, '$.EnableTerminationProtection') as enable_termination_protection, + JSON_EXTRACT(Properties, '$.NotificationARNs') as notification_arns, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.ParentId') as parent_id, + JSON_EXTRACT(Properties, '$.RootId') as root_id, + JSON_EXTRACT(Properties, '$.ChangeSetId') as change_set_id, + JSON_EXTRACT(Properties, '$.StackName') as stack_name, + JSON_EXTRACT(Properties, '$.StackId') as stack_id, + JSON_EXTRACT(Properties, '$.StackPolicyBody') as stack_policy_body, + JSON_EXTRACT(Properties, '$.StackPolicyURL') as stack_policy_url, + JSON_EXTRACT(Properties, '$.StackStatus') as stack_status, + JSON_EXTRACT(Properties, '$.StackStatusReason') as stack_status_reason, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TemplateBody') as template_body, + JSON_EXTRACT(Properties, '$.TemplateURL') as template_url, + JSON_EXTRACT(Properties, '$.TimeoutInMinutes') as timeout_in_minutes, + JSON_EXTRACT(Properties, '$.LastUpdateTime') as last_update_time, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::Stack' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Capabilities') as capabilities, + json_extract_path_text(Properties, 'RoleARN') as role_arn, + json_extract_path_text(Properties, 'Outputs') as outputs, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DisableRollback') as disable_rollback, + json_extract_path_text(Properties, 'EnableTerminationProtection') as enable_termination_protection, + json_extract_path_text(Properties, 'NotificationARNs') as notification_arns, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'ParentId') as parent_id, + json_extract_path_text(Properties, 'RootId') as root_id, + json_extract_path_text(Properties, 'ChangeSetId') as change_set_id, + json_extract_path_text(Properties, 'StackName') as stack_name, + json_extract_path_text(Properties, 'StackId') as stack_id, + json_extract_path_text(Properties, 'StackPolicyBody') as stack_policy_body, + json_extract_path_text(Properties, 'StackPolicyURL') as stack_policy_url, + json_extract_path_text(Properties, 'StackStatus') as stack_status, + json_extract_path_text(Properties, 'StackStatusReason') as stack_status_reason, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TemplateBody') as template_body, + json_extract_path_text(Properties, 'TemplateURL') as template_url, + json_extract_path_text(Properties, 'TimeoutInMinutes') as timeout_in_minutes, + json_extract_path_text(Properties, 'LastUpdateTime') as last_update_time, + json_extract_path_text(Properties, 'CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::Stack' + AND data__Identifier = '' + AND region = 'us-east-1' + stack_sets: + name: stack_sets + id: aws.cloudformation.stack_sets + x-cfn-schema-name: StackSet + x-type: list + x-identifiers: + - StackSetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.StackSetId') as stack_set_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::StackSet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'StackSetId') as stack_set_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::StackSet' + AND region = 'us-east-1' + stack_set: + name: stack_set + id: aws.cloudformation.stack_set + x-cfn-schema-name: StackSet + x-type: get + x-identifiers: + - StackSetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.StackSetName') as stack_set_name, + JSON_EXTRACT(Properties, '$.StackSetId') as stack_set_id, + JSON_EXTRACT(Properties, '$.AdministrationRoleARN') as administration_role_arn, + JSON_EXTRACT(Properties, '$.AutoDeployment') as auto_deployment, + JSON_EXTRACT(Properties, '$.Capabilities') as capabilities, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ExecutionRoleName') as execution_role_name, + JSON_EXTRACT(Properties, '$.OperationPreferences') as operation_preferences, + JSON_EXTRACT(Properties, '$.StackInstancesGroup') as stack_instances_group, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.PermissionModel') as permission_model, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TemplateBody') as template_body, + JSON_EXTRACT(Properties, '$.TemplateURL') as template_url, + JSON_EXTRACT(Properties, '$.CallAs') as call_as, + JSON_EXTRACT(Properties, '$.ManagedExecution') as managed_execution + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::StackSet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'StackSetName') as stack_set_name, + json_extract_path_text(Properties, 'StackSetId') as stack_set_id, + json_extract_path_text(Properties, 'AdministrationRoleARN') as administration_role_arn, + json_extract_path_text(Properties, 'AutoDeployment') as auto_deployment, + json_extract_path_text(Properties, 'Capabilities') as capabilities, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ExecutionRoleName') as execution_role_name, + json_extract_path_text(Properties, 'OperationPreferences') as operation_preferences, + json_extract_path_text(Properties, 'StackInstancesGroup') as stack_instances_group, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'PermissionModel') as permission_model, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TemplateBody') as template_body, + json_extract_path_text(Properties, 'TemplateURL') as template_url, + json_extract_path_text(Properties, 'CallAs') as call_as, + json_extract_path_text(Properties, 'ManagedExecution') as managed_execution + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::StackSet' + AND data__Identifier = '' + AND region = 'us-east-1' + type_activations: + name: type_activations + id: aws.cloudformation.type_activations + x-cfn-schema-name: TypeActivation + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::TypeActivation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::TypeActivation' + AND region = 'us-east-1' + type_activation: + name: type_activation + id: aws.cloudformation.type_activation + x-cfn-schema-name: TypeActivation + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ExecutionRoleArn') as execution_role_arn, + JSON_EXTRACT(Properties, '$.PublisherId') as publisher_id, + JSON_EXTRACT(Properties, '$.LoggingConfig') as logging_config, + JSON_EXTRACT(Properties, '$.PublicTypeArn') as public_type_arn, + JSON_EXTRACT(Properties, '$.AutoUpdate') as auto_update, + JSON_EXTRACT(Properties, '$.TypeNameAlias') as type_name_alias, + JSON_EXTRACT(Properties, '$.VersionBump') as version_bump, + JSON_EXTRACT(Properties, '$.MajorVersion') as major_version, + JSON_EXTRACT(Properties, '$.TypeName') as type_name, + JSON_EXTRACT(Properties, '$.Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::TypeActivation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ExecutionRoleArn') as execution_role_arn, + json_extract_path_text(Properties, 'PublisherId') as publisher_id, + json_extract_path_text(Properties, 'LoggingConfig') as logging_config, + json_extract_path_text(Properties, 'PublicTypeArn') as public_type_arn, + json_extract_path_text(Properties, 'AutoUpdate') as auto_update, + json_extract_path_text(Properties, 'TypeNameAlias') as type_name_alias, + json_extract_path_text(Properties, 'VersionBump') as version_bump, + json_extract_path_text(Properties, 'MajorVersion') as major_version, + json_extract_path_text(Properties, 'TypeName') as type_name, + json_extract_path_text(Properties, 'Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::TypeActivation' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/cloudfront.yaml b/providers/src/aws/v00.00.00000/services/cloudfront.yaml new file mode 100644 index 00000000..23d110fa --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/cloudfront.yaml @@ -0,0 +1,2911 @@ +openapi: 3.0.0 +info: + title: CloudFront + version: 1.0.0 +paths: {} +components: + schemas: + CachePolicyConfig: + additionalProperties: false + properties: + Comment: + type: string + DefaultTTL: + minimum: 0 + multipleOf: 1 + type: number + MaxTTL: + minimum: 0 + multipleOf: 1 + type: number + MinTTL: + minimum: 0 + multipleOf: 1 + type: number + Name: + type: string + ParametersInCacheKeyAndForwardedToOrigin: + $ref: '#/components/schemas/ParametersInCacheKeyAndForwardedToOrigin' + required: + - Name + - MinTTL + - MaxTTL + - DefaultTTL + - ParametersInCacheKeyAndForwardedToOrigin + type: object + CookiesConfig: + additionalProperties: false + properties: + CookieBehavior: + pattern: ^(none|whitelist|all|allExcept)$ + type: string + Cookies: + items: + type: string + type: array + uniqueItems: false + required: + - CookieBehavior + type: object + HeadersConfig: + additionalProperties: false + properties: + HeaderBehavior: + pattern: ^(none|whitelist|allViewer|allViewerAndWhitelistCloudFront|allExcept)$ + type: string + Headers: + items: + type: string + type: array + uniqueItems: false + required: + - HeaderBehavior + type: object + ParametersInCacheKeyAndForwardedToOrigin: + additionalProperties: false + properties: + CookiesConfig: + $ref: '#/components/schemas/CookiesConfig' + EnableAcceptEncodingBrotli: + type: boolean + EnableAcceptEncodingGzip: + type: boolean + HeadersConfig: + $ref: '#/components/schemas/HeadersConfig' + QueryStringsConfig: + $ref: '#/components/schemas/QueryStringsConfig' + required: + - EnableAcceptEncodingGzip + - HeadersConfig + - CookiesConfig + - QueryStringsConfig + type: object + QueryStringsConfig: + additionalProperties: false + properties: + QueryStringBehavior: + pattern: ^(none|whitelist|all|allExcept)$ + type: string + QueryStrings: + items: + type: string + type: array + uniqueItems: false + required: + - QueryStringBehavior + type: object + CachePolicy: + type: object + properties: + CachePolicyConfig: + $ref: '#/components/schemas/CachePolicyConfig' + Id: + type: string + LastModifiedTime: + type: string + required: + - CachePolicyConfig + x-stackql-resource-name: cache_policy + description: Resource Type definition for AWS::CloudFront::CachePolicy + x-type-name: AWS::CloudFront::CachePolicy + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - LastModifiedTime + x-required-properties: + - CachePolicyConfig + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - cloudfront:CreateCachePolicy + delete: + - cloudfront:DeleteCachePolicy + - cloudfront:GetCachePolicy + list: + - cloudfront:ListCachePolicies + read: + - cloudfront:GetCachePolicy + update: + - cloudfront:UpdateCachePolicy + - cloudfront:GetCachePolicy + CloudFrontOriginAccessIdentityConfig: + additionalProperties: false + properties: + Comment: + type: string + required: + - Comment + type: object + CloudFrontOriginAccessIdentity: + type: object + properties: + CloudFrontOriginAccessIdentityConfig: + $ref: '#/components/schemas/CloudFrontOriginAccessIdentityConfig' + Id: + type: string + S3CanonicalUserId: + type: string + required: + - CloudFrontOriginAccessIdentityConfig + x-stackql-resource-name: cloud_front_origin_access_identity + description: Resource Type definition for AWS::CloudFront::CloudFrontOriginAccessIdentity + x-type-name: AWS::CloudFront::CloudFrontOriginAccessIdentity + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - S3CanonicalUserId + x-required-properties: + - CloudFrontOriginAccessIdentityConfig + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - cloudfront:CreateCloudFrontOriginAccessIdentity + delete: + - cloudfront:DeleteCloudFrontOriginAccessIdentity + - cloudfront:GetCloudFrontOriginAccessIdentity + list: + - cloudfront:ListCloudFrontOriginAccessIdentities + read: + - cloudfront:GetCloudFrontOriginAccessIdentity + update: + - cloudfront:UpdateCloudFrontOriginAccessIdentity + - cloudfront:GetCloudFrontOriginAccessIdentity + ContinuousDeploymentPolicyConfig: + additionalProperties: false + properties: + Enabled: + type: boolean + SingleHeaderPolicyConfig: + additionalProperties: false + properties: + Header: + maxLength: 256 + minLength: 1 + type: string + Value: + maxLength: 1783 + minLength: 1 + type: string + required: + - Header + - Value + type: object + SingleWeightPolicyConfig: + additionalProperties: false + properties: + SessionStickinessConfig: + $ref: '#/components/schemas/SessionStickinessConfig' + Weight: + maximum: 1 + minimum: 0 + multipleOf: 0.01 + type: number + required: + - Weight + type: object + StagingDistributionDnsNames: + x-insertionOrder: true + items: + type: string + minItems: 1 + type: array + uniqueItems: true + TrafficConfig: + $ref: '#/components/schemas/TrafficConfig' + Type: + enum: + - SingleWeight + - SingleHeader + type: string + required: + - Enabled + - StagingDistributionDnsNames + type: object + SessionStickinessConfig: + additionalProperties: false + properties: + IdleTTL: + maximum: 3600 + minimum: 300 + multipleOf: 1 + type: integer + MaximumTTL: + maximum: 3600 + minimum: 300 + multipleOf: 1 + type: integer + required: + - IdleTTL + - MaximumTTL + type: object + SingleHeaderConfig: + additionalProperties: false + properties: + Header: + maxLength: 256 + minLength: 1 + type: string + Value: + maxLength: 1783 + minLength: 1 + type: string + required: + - Header + - Value + type: object + SingleWeightConfig: + additionalProperties: false + properties: + SessionStickinessConfig: + $ref: '#/components/schemas/SessionStickinessConfig' + Weight: + maximum: 1 + minimum: 0 + multipleOf: 0.01 + type: number + required: + - Weight + type: object + TrafficConfig: + additionalProperties: false + properties: + SingleHeaderConfig: + $ref: '#/components/schemas/SingleHeaderConfig' + SingleWeightConfig: + $ref: '#/components/schemas/SingleWeightConfig' + Type: + enum: + - SingleWeight + - SingleHeader + type: string + required: + - Type + type: object + ContinuousDeploymentPolicy: + type: object + properties: + ContinuousDeploymentPolicyConfig: + $ref: '#/components/schemas/ContinuousDeploymentPolicyConfig' + Id: + type: string + LastModifiedTime: + type: string + required: + - ContinuousDeploymentPolicyConfig + x-stackql-resource-name: continuous_deployment_policy + description: Resource Type definition for AWS::CloudFront::ContinuousDeploymentPolicy + x-type-name: AWS::CloudFront::ContinuousDeploymentPolicy + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - LastModifiedTime + x-required-properties: + - ContinuousDeploymentPolicyConfig + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - cloudfront:CreateContinuousDeploymentPolicy + delete: + - cloudfront:DeleteContinuousDeploymentPolicy + - cloudfront:GetContinuousDeploymentPolicy + list: + - cloudfront:ListContinuousDeploymentPolicies + read: + - cloudfront:GetContinuousDeploymentPolicy + update: + - cloudfront:UpdateContinuousDeploymentPolicy + - cloudfront:GetContinuousDeploymentPolicy + CacheBehavior: + additionalProperties: false + properties: + AllowedMethods: + default: + - GET + - HEAD + items: + type: string + type: array + uniqueItems: false + description: |- + A complex type that controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. There are three choices: + + CloudFront forwards only ``GET`` and ``HEAD`` requests. + + CloudFront forwards only ``GET``, ``HEAD``, and ``OPTIONS`` requests. + + CloudFront forwards ``GET, HEAD, OPTIONS, PUT, PATCH, POST``, and ``DELETE`` requests. + + If you pick the third choice, you may need to restrict access to your Amazon S3 bucket or to your custom origin so users can't perform operations that you don't want them to. For example, you might not want users to have permissions to delete objects from your origin. + CachePolicyId: + type: string + description: |- + The unique identifier of the cache policy that is attached to this cache behavior. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*. + A ``CacheBehavior`` must include either a ``CachePolicyId`` or ``ForwardedValues``. We recommend that you use a ``CachePolicyId``. + CachedMethods: + default: + - GET + - HEAD + items: + type: string + type: array + uniqueItems: false + description: |- + A complex type that controls whether CloudFront caches the response to requests using the specified HTTP methods. There are two choices: + + CloudFront caches responses to ``GET`` and ``HEAD`` requests. + + CloudFront caches responses to ``GET``, ``HEAD``, and ``OPTIONS`` requests. + + If you pick the second choice for your Amazon S3 Origin, you may need to forward Access-Control-Request-Method, Access-Control-Request-Headers, and Origin headers for the responses to be cached correctly. + Compress: + default: false + type: boolean + description: Whether you want CloudFront to automatically compress certain files for this cache behavior. If so, specify true; if not, specify false. For more information, see [Serving Compressed Files](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html) in the *Amazon CloudFront Developer Guide*. + DefaultTTL: + default: 86400 + type: number + description: |- + This field is deprecated. We recommend that you use the ``DefaultTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*. + The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as ``Cache-Control max-age``, ``Cache-Control s-maxage``, and ``Expires`` to objects. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*. + FieldLevelEncryptionId: + default: '' + type: string + description: The value of ``ID`` for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for this cache behavior. + ForwardedValues: + $ref: '#/components/schemas/ForwardedValues' + description: |- + This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. For more information, see [Working with policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/working-with-policies.html) in the *Amazon CloudFront Developer Guide*. + If you want to include values in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*. + If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) or [Using the managed origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html) in the *Amazon CloudFront Developer Guide*. + A ``CacheBehavior`` must include either a ``CachePolicyId`` or ``ForwardedValues``. We recommend that you use a ``CachePolicyId``. + A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers. + FunctionAssociations: + items: + $ref: '#/components/schemas/FunctionAssociation' + type: array + uniqueItems: false + description: A list of CloudFront functions that are associated with this cache behavior. CloudFront functions must be published to the ``LIVE`` stage to associate them with a cache behavior. + LambdaFunctionAssociations: + items: + $ref: '#/components/schemas/LambdaFunctionAssociation' + type: array + uniqueItems: false + description: A complex type that contains zero or more Lambda@Edge function associations for a cache behavior. + MaxTTL: + default: 31536000 + type: number + description: |- + This field is deprecated. We recommend that you use the ``MaxTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*. + The maximum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin adds HTTP headers such as ``Cache-Control max-age``, ``Cache-Control s-maxage``, and ``Expires`` to objects. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*. + MinTTL: + default: 0 + type: number + description: |- + This field is deprecated. We recommend that you use the ``MinTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*. + The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*. + You must specify ``0`` for ``MinTTL`` if you configure CloudFront to forward all headers to your origin (under ``Headers``, if you specify ``1`` for ``Quantity`` and ``*`` for ``Name``). + OriginRequestPolicyId: + type: string + description: >- + The unique identifier of the origin request policy that is attached to this cache behavior. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) or [Using the managed origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html) in the *Amazon CloudFront + Developer Guide*. + PathPattern: + type: string + description: |- + The pattern (for example, ``images/*.jpg``) that specifies which requests to apply the behavior to. When CloudFront receives a viewer request, the requested path is compared with path patterns in the order in which cache behaviors are listed in the distribution. + You can optionally include a slash (``/``) at the beginning of the path pattern. For example, ``/images/*.jpg``. CloudFront behavior is the same with or without the leading ``/``. + The path pattern for the default cache behavior is ``*`` and cannot be changed. If the request for an object does not match the path pattern for any cache behaviors, CloudFront applies the behavior in the default cache behavior. + For more information, see [Path Pattern](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesPathPattern) in the *Amazon CloudFront Developer Guide*. + RealtimeLogConfigArn: + type: string + description: The Amazon Resource Name (ARN) of the real-time log configuration that is attached to this cache behavior. For more information, see [Real-time logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html) in the *Amazon CloudFront Developer Guide*. + ResponseHeadersPolicyId: + type: string + description: The identifier for a response headers policy. + SmoothStreaming: + default: false + type: boolean + description: Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify ``true``; if not, specify ``false``. If you specify ``true`` for ``SmoothStreaming``, you can still distribute other content using this cache behavior if the content matches the value of ``PathPattern``. + TargetOriginId: + type: string + description: The value of ``ID`` for the origin that you want CloudFront to route requests to when they match this cache behavior. + TrustedKeyGroups: + items: + type: string + type: array + uniqueItems: false + description: |- + A list of key groups that CloudFront can use to validate signed URLs or signed cookies. + When a cache behavior contains trusted key groups, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with a private key whose corresponding public key is in the key group. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see [Serving private content](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide*. + TrustedSigners: + items: + type: string + type: array + uniqueItems: false + description: |- + We recommend using ``TrustedKeyGroups`` instead of ``TrustedSigners``. + A list of AWS-account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies. + When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in the trusted signer's AWS-account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see [Serving private content](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide*. + ViewerProtocolPolicy: + type: string + description: |- + The protocol that viewers can use to access the files in the origin specified by ``TargetOriginId`` when a request matches the path pattern in ``PathPattern``. You can specify the following options: + + ``allow-all``: Viewers can use HTTP or HTTPS. + + ``redirect-to-https``: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL. + + ``https-only``: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden). + + For more information about requiring the HTTPS protocol, see [Requiring HTTPS Between Viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html) in the *Amazon CloudFront Developer Guide*. + The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects' cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see [Managing Cache Expiration](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*. + required: + - PathPattern + - TargetOriginId + - ViewerProtocolPolicy + type: object + description: |- + A complex type that describes how CloudFront processes requests. + You must create at least as many cache behaviors (including the default cache behavior) as you have origins if you want CloudFront to serve objects from all of the origins. Each cache behavior specifies the one origin from which you want CloudFront to get objects. If you have two origins and only the default cache behavior, the default cache behavior will cause CloudFront to get objects from one of the origins, but the other origin is never used. + For the current quota (formerly known as limit) on the number of cache behaviors that you can add to a distribution, see [Quotas](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) in the *Amazon CloudFront Developer Guide*. + If you don't want to specify any cache behaviors, include only an empty ``CacheBehaviors`` element. Don't include an empty ``CacheBehavior`` element because this is invalid. + To delete all cache behaviors in an existing distribution, update the distribution configuration and include only an empty ``CacheBehaviors`` element. + To add, change, or remove one or more cache behaviors, update the distribution configuration and specify all of the cache behaviors that you want to include in the updated distribution. + For more information about cache behaviors, see [Cache Behavior Settings](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesCacheBehavior) in the *Amazon CloudFront Developer Guide*. + Cookies: + additionalProperties: false + properties: + Forward: + type: string + description: |- + This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. + If you want to include cookies in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide*. + If you want to send cookies to the origin but not include them in the cache key, use origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide*. + Specifies which cookies to forward to the origin for this cache behavior: all, none, or the list of cookies specified in the ``WhitelistedNames`` complex type. + Amazon S3 doesn't process cookies. When the cache behavior is forwarding requests to an Amazon S3 origin, specify none for the ``Forward`` element. + WhitelistedNames: + items: + type: string + type: array + uniqueItems: false + description: |- + This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. + If you want to include cookies in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide*. + If you want to send cookies to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide*. + Required if you specify ``whitelist`` for the value of ``Forward``. A complex type that specifies how many different cookies you want CloudFront to forward to the origin for this cache behavior and, if you want to forward selected cookies, the names of those cookies. + If you specify ``all`` or ``none`` for the value of ``Forward``, omit ``WhitelistedNames``. If you change the value of ``Forward`` from ``whitelist`` to ``all`` or ``none`` and you don't delete the ``WhitelistedNames`` element and its child elements, CloudFront deletes them automatically. + For the current limit on the number of cookie names that you can whitelist for each cache behavior, see [CloudFront Limits](https://docs.aws.amazon.com/general/latest/gr/xrefaws_service_limits.html#limits_cloudfront) in the *General Reference*. + required: + - Forward + type: object + description: |- + This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. + If you want to include cookies in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide*. + If you want to send cookies to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide*. + A complex type that specifies whether you want CloudFront to forward cookies to the origin and, if so, which ones. For more information about forwarding cookies to the origin, see [How CloudFront Forwards, Caches, and Logs Cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html) in the *Amazon CloudFront Developer Guide*. + CustomErrorResponse: + additionalProperties: false + properties: + ErrorCachingMinTTL: + default: 300 + type: number + description: |- + The minimum amount of time, in seconds, that you want CloudFront to cache the HTTP status code specified in ``ErrorCode``. When this time period has elapsed, CloudFront queries your origin to see whether the problem that caused the error has been resolved and the requested object is now available. + For more information, see [Customizing Error Responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-error-pages.html) in the *Amazon CloudFront Developer Guide*. + ErrorCode: + type: integer + description: The HTTP status code for which you want to specify a custom error page and/or a caching duration. + ResponseCode: + type: integer + description: |- + The HTTP status code that you want CloudFront to return to the viewer along with the custom error page. There are a variety of reasons that you might want CloudFront to return a status code different from the status code that your origin returned to CloudFront, for example: + + Some Internet devices (some firewalls and corporate proxies, for example) intercept HTTP 4xx and 5xx and prevent the response from being returned to the viewer. If you substitute ``200``, the response typically won't be intercepted. + + If you don't care about distinguishing among different client errors or server errors, you can specify ``400`` or ``500`` as the ``ResponseCode`` for all 4xx or 5xx errors. + + You might want to return a ``200`` status code (OK) and static website so your customers don't know that your website is down. + + If you specify a value for ``ResponseCode``, you must also specify a value for ``ResponsePagePath``. + ResponsePagePath: + type: string + description: |- + The path to the custom error page that you want CloudFront to return to a viewer when your origin returns the HTTP status code specified by ``ErrorCode``, for example, ``/4xx-errors/403-forbidden.html``. If you want to store your objects and your custom error pages in different locations, your distribution must include a cache behavior for which the following is true: + + The value of ``PathPattern`` matches the path to your custom error messages. For example, suppose you saved custom error pages for 4xx errors in an Amazon S3 bucket in a directory named ``/4xx-errors``. Your distribution must include a cache behavior for which the path pattern routes requests for your custom error pages to that location, for example, ``/4xx-errors/*``. + + The value of ``TargetOriginId`` specifies the value of the ``ID`` element for the origin that contains your custom error pages. + + If you specify a value for ``ResponsePagePath``, you must also specify a value for ``ResponseCode``. + We recommend that you store custom error pages in an Amazon S3 bucket. If you store custom error pages on an HTTP server and the server starts to return 5xx errors, CloudFront can't get the files that you want to return to viewers because the origin server is unavailable. + required: + - ErrorCode + type: object + description: |- + A complex type that controls: + + Whether CloudFront replaces HTTP status codes in the 4xx and 5xx range with custom error messages before returning the response to the viewer. + + How long CloudFront caches HTTP status codes in the 4xx and 5xx range. + + For more information about custom error pages, see [Customizing Error Responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-error-pages.html) in the *Amazon CloudFront Developer Guide*. + CustomOriginConfig: + additionalProperties: false + properties: + HTTPPort: + default: 80 + type: integer + description: The HTTP port that CloudFront uses to connect to the origin. Specify the HTTP port that the origin listens on. + HTTPSPort: + default: 443 + type: integer + description: The HTTPS port that CloudFront uses to connect to the origin. Specify the HTTPS port that the origin listens on. + OriginKeepaliveTimeout: + default: 5 + type: integer + description: |- + Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 5 seconds. + For more information, see [Origin Keep-alive Timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginKeepaliveTimeout) in the *Amazon CloudFront Developer Guide*. + OriginProtocolPolicy: + type: string + description: |- + Specifies the protocol (HTTP or HTTPS) that CloudFront uses to connect to the origin. Valid values are: + + ``http-only`` – CloudFront always uses HTTP to connect to the origin. + + ``match-viewer`` – CloudFront connects to the origin using the same protocol that the viewer used to connect to CloudFront. + + ``https-only`` – CloudFront always uses HTTPS to connect to the origin. + OriginReadTimeout: + default: 30 + type: integer + description: |- + Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the *origin response timeout*. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 30 seconds. + For more information, see [Origin Response Timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginResponseTimeout) in the *Amazon CloudFront Developer Guide*. + OriginSSLProtocols: + default: + - TLSv1 + - SSLv3 + items: + type: string + type: array + uniqueItems: false + description: |- + Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to your origin over HTTPS. Valid values include ``SSLv3``, ``TLSv1``, ``TLSv1.1``, and ``TLSv1.2``. + For more information, see [Minimum Origin SSL Protocol](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginSSLProtocols) in the *Amazon CloudFront Developer Guide*. + required: + - OriginProtocolPolicy + type: object + description: A custom origin. A custom origin is any origin that is *not* an Amazon S3 bucket, with one exception. An Amazon S3 bucket that is [configured with static website hosting](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) *is* a custom origin. + DefaultCacheBehavior: + additionalProperties: false + properties: + AllowedMethods: + default: + - GET + - HEAD + items: + type: string + type: array + uniqueItems: false + description: |- + A complex type that controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. There are three choices: + + CloudFront forwards only ``GET`` and ``HEAD`` requests. + + CloudFront forwards only ``GET``, ``HEAD``, and ``OPTIONS`` requests. + + CloudFront forwards ``GET, HEAD, OPTIONS, PUT, PATCH, POST``, and ``DELETE`` requests. + + If you pick the third choice, you may need to restrict access to your Amazon S3 bucket or to your custom origin so users can't perform operations that you don't want them to. For example, you might not want users to have permissions to delete objects from your origin. + CachePolicyId: + default: '' + type: string + description: |- + The unique identifier of the cache policy that is attached to the default cache behavior. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*. + A ``DefaultCacheBehavior`` must include either a ``CachePolicyId`` or ``ForwardedValues``. We recommend that you use a ``CachePolicyId``. + CachedMethods: + default: + - GET + - HEAD + items: + type: string + type: array + uniqueItems: false + description: |- + A complex type that controls whether CloudFront caches the response to requests using the specified HTTP methods. There are two choices: + + CloudFront caches responses to ``GET`` and ``HEAD`` requests. + + CloudFront caches responses to ``GET``, ``HEAD``, and ``OPTIONS`` requests. + + If you pick the second choice for your Amazon S3 Origin, you may need to forward Access-Control-Request-Method, Access-Control-Request-Headers, and Origin headers for the responses to be cached correctly. + Compress: + default: false + type: boolean + description: Whether you want CloudFront to automatically compress certain files for this cache behavior. If so, specify ``true``; if not, specify ``false``. For more information, see [Serving Compressed Files](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html) in the *Amazon CloudFront Developer Guide*. + DefaultTTL: + default: 86400 + type: number + description: |- + This field is deprecated. We recommend that you use the ``DefaultTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*. + The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as ``Cache-Control max-age``, ``Cache-Control s-maxage``, and ``Expires`` to objects. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*. + FieldLevelEncryptionId: + default: '' + type: string + description: The value of ``ID`` for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for the default cache behavior. + ForwardedValues: + $ref: '#/components/schemas/ForwardedValues' + description: |- + This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. For more information, see [Working with policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/working-with-policies.html) in the *Amazon CloudFront Developer Guide*. + If you want to include values in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*. + If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) or [Using the managed origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html) in the *Amazon CloudFront Developer Guide*. + A ``DefaultCacheBehavior`` must include either a ``CachePolicyId`` or ``ForwardedValues``. We recommend that you use a ``CachePolicyId``. + A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers. + FunctionAssociations: + items: + $ref: '#/components/schemas/FunctionAssociation' + type: array + uniqueItems: false + description: A list of CloudFront functions that are associated with this cache behavior. CloudFront functions must be published to the ``LIVE`` stage to associate them with a cache behavior. + LambdaFunctionAssociations: + items: + $ref: '#/components/schemas/LambdaFunctionAssociation' + type: array + uniqueItems: false + description: A complex type that contains zero or more Lambda@Edge function associations for a cache behavior. + MaxTTL: + default: 31536000 + type: number + description: |- + This field is deprecated. We recommend that you use the ``MaxTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*. + The maximum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin adds HTTP headers such as ``Cache-Control max-age``, ``Cache-Control s-maxage``, and ``Expires`` to objects. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*. + MinTTL: + default: 0 + type: number + description: |- + This field is deprecated. We recommend that you use the ``MinTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*. + The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*. + You must specify ``0`` for ``MinTTL`` if you configure CloudFront to forward all headers to your origin (under ``Headers``, if you specify ``1`` for ``Quantity`` and ``*`` for ``Name``). + OriginRequestPolicyId: + default: '' + type: string + description: >- + The unique identifier of the origin request policy that is attached to the default cache behavior. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) or [Using the managed origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html) in the *Amazon CloudFront + Developer Guide*. + RealtimeLogConfigArn: + default: '' + type: string + description: The Amazon Resource Name (ARN) of the real-time log configuration that is attached to this cache behavior. For more information, see [Real-time logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html) in the *Amazon CloudFront Developer Guide*. + ResponseHeadersPolicyId: + default: '' + type: string + description: The identifier for a response headers policy. + SmoothStreaming: + default: false + type: boolean + description: Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify ``true``; if not, specify ``false``. If you specify ``true`` for ``SmoothStreaming``, you can still distribute other content using this cache behavior if the content matches the value of ``PathPattern``. + TargetOriginId: + type: string + description: The value of ``ID`` for the origin that you want CloudFront to route requests to when they use the default cache behavior. + TrustedKeyGroups: + items: + type: string + type: array + uniqueItems: false + description: |- + A list of key groups that CloudFront can use to validate signed URLs or signed cookies. + When a cache behavior contains trusted key groups, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with a private key whose corresponding public key is in the key group. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see [Serving private content](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide*. + TrustedSigners: + items: + type: string + type: array + uniqueItems: false + description: |- + We recommend using ``TrustedKeyGroups`` instead of ``TrustedSigners``. + A list of AWS-account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies. + When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in a trusted signer's AWS-account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see [Serving private content](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide*. + ViewerProtocolPolicy: + type: string + description: |- + The protocol that viewers can use to access the files in the origin specified by ``TargetOriginId`` when a request matches the path pattern in ``PathPattern``. You can specify the following options: + + ``allow-all``: Viewers can use HTTP or HTTPS. + + ``redirect-to-https``: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL. + + ``https-only``: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden). + + For more information about requiring the HTTPS protocol, see [Requiring HTTPS Between Viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html) in the *Amazon CloudFront Developer Guide*. + The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects' cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see [Managing Cache Expiration](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*. + required: + - TargetOriginId + - ViewerProtocolPolicy + type: object + description: A complex type that describes the default cache behavior if you don't specify a ``CacheBehavior`` element or if request URLs don't match any of the values of ``PathPattern`` in ``CacheBehavior`` elements. You must create exactly one default cache behavior. + DistributionConfig: + additionalProperties: false + properties: + Aliases: + items: + type: string + type: array + uniqueItems: false + description: A complex type that contains information about CNAMEs (alternate domain names), if any, for this distribution. + CNAMEs: + items: + type: string + type: array + uniqueItems: false + description: '' + CacheBehaviors: + items: + $ref: '#/components/schemas/CacheBehavior' + type: array + uniqueItems: false + description: A complex type that contains zero or more ``CacheBehavior`` elements. + Comment: + default: '' + type: string + description: A comment to describe the distribution. The comment cannot be longer than 128 characters. + ContinuousDeploymentPolicyId: + type: string + description: The identifier of a continuous deployment policy. For more information, see ``CreateContinuousDeploymentPolicy``. + CustomErrorResponses: + items: + $ref: '#/components/schemas/CustomErrorResponse' + type: array + uniqueItems: false + description: |- + A complex type that controls the following: + + Whether CloudFront replaces HTTP status codes in the 4xx and 5xx range with custom error messages before returning the response to the viewer. + + How long CloudFront caches HTTP status codes in the 4xx and 5xx range. + + For more information about custom error pages, see [Customizing Error Responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-error-pages.html) in the *Amazon CloudFront Developer Guide*. + CustomOrigin: + $ref: '#/components/schemas/LegacyCustomOrigin' + description: '' + DefaultCacheBehavior: + $ref: '#/components/schemas/DefaultCacheBehavior' + description: A complex type that describes the default cache behavior if you don't specify a ``CacheBehavior`` element or if files don't match any of the values of ``PathPattern`` in ``CacheBehavior`` elements. You must create exactly one default cache behavior. + DefaultRootObject: + default: '' + type: string + description: |- + The object that you want CloudFront to request from your origin (for example, ``index.html``) when a viewer requests the root URL for your distribution (``https://www.example.com``) instead of an object in your distribution (``https://www.example.com/product-description.html``). Specifying a default root object avoids exposing the contents of your distribution. + Specify only the object name, for example, ``index.html``. Don't add a ``/`` before the object name. + If you don't want to specify a default root object when you create a distribution, include an empty ``DefaultRootObject`` element. + To delete the default root object from an existing distribution, update the distribution configuration and include an empty ``DefaultRootObject`` element. + To replace the default root object, update the distribution configuration and specify the new object. + For more information about the default root object, see [Creating a Default Root Object](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html) in the *Amazon CloudFront Developer Guide*. + Enabled: + type: boolean + description: From this field, you can enable or disable the selected distribution. + HttpVersion: + default: http1.1 + type: string + description: |- + (Optional) Specify the maximum HTTP version(s) that you want viewers to use to communicate with CF. The default value for new distributions is ``http1.1``. + For viewers and CF to use HTTP/2, viewers must support TLSv1.2 or later, and must support Server Name Indication (SNI). + For viewers and CF to use HTTP/3, viewers must support TLSv1.3 and Server Name Indication (SNI). CF supports HTTP/3 connection migration to allow the viewer to switch networks without losing connection. For more information about connection migration, see [Connection Migration](https://docs.aws.amazon.com/https://www.rfc-editor.org/rfc/rfc9000.html#name-connection-migration) at RFC 9000. For more information about supported TLSv1.3 ciphers, see [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html). + IPV6Enabled: + type: boolean + description: |- + If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify ``true``. If you specify ``false``, CloudFront responds to IPv6 DNS requests with the DNS response code ``NOERROR`` and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution. + In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the ``IpAddress`` parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see [Creating a Signed URL Using a Custom Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html) in the *Amazon CloudFront Developer Guide*. + If you're using an R53AWSIntlong alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true: + + You enable IPv6 for the distribution + + You're using alternate domain names in the URLs for your objects + + For more information, see [Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html) in the *Developer Guide*. + If you created a CNAME resource record set, either with R53AWSIntlong or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request. + Logging: + $ref: '#/components/schemas/Logging' + description: |- + A complex type that controls whether access logs are written for the distribution. + For more information about logging, see [Access Logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html) in the *Amazon CloudFront Developer Guide*. + OriginGroups: + $ref: '#/components/schemas/OriginGroups' + description: A complex type that contains information about origin groups for this distribution. + Origins: + items: + $ref: '#/components/schemas/Origin' + type: array + x-insertionOrder: false + uniqueItems: false + description: A complex type that contains information about origins for this distribution. + PriceClass: + default: PriceClass_All + type: string + description: |- + The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify ``PriceClass_All``, CloudFront responds to requests for your objects from all CloudFront edge locations. + If you specify a price class other than ``PriceClass_All``, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class. Viewers who are in or near regions that are excluded from your specified price class may encounter slower performance. + For more information about price classes, see [Choosing the Price Class for a CloudFront Distribution](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PriceClass.html) in the *Amazon CloudFront Developer Guide*. For information about CloudFront pricing, including how price classes (such as Price Class 100) map to CloudFront regions, see [Amazon CloudFront Pricing](https://docs.aws.amazon.com/cloudfront/pricing/). + Restrictions: + $ref: '#/components/schemas/Restrictions' + default: + GeoRestriction: + RestrictionType: none + description: A complex type that identifies ways in which you want to restrict distribution of your content. + S3Origin: + $ref: '#/components/schemas/LegacyS3Origin' + description: '' + Staging: + type: boolean + description: A Boolean that indicates whether this is a staging distribution. When this value is ``true``, this is a staging distribution. When this value is ``false``, this is not a staging distribution. + ViewerCertificate: + $ref: '#/components/schemas/ViewerCertificate' + default: + CloudFrontDefaultCertificate: true + description: A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers. + WebACLId: + default: '' + type: string + description: |- + A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example ``arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a``. To specify a web ACL created using WAF Classic, use the ACL ID, for example ``473e64fd-f30b-4765-81a0-62ad96dd167a``. + WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the [Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html). + required: + - Enabled + - DefaultCacheBehavior + type: object + description: A distribution configuration. + ForwardedValues: + additionalProperties: false + properties: + Cookies: + $ref: '#/components/schemas/Cookies' + default: + Forward: none + description: |- + This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. + If you want to include cookies in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide*. + If you want to send cookies to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide*. + A complex type that specifies whether you want CloudFront to forward cookies to the origin and, if so, which ones. For more information about forwarding cookies to the origin, see [How CloudFront Forwards, Caches, and Logs Cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html) in the *Amazon CloudFront Developer Guide*. + Headers: + items: + type: string + type: array + uniqueItems: false + description: |- + This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. + If you want to include headers in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide*. + If you want to send headers to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide*. + A complex type that specifies the ``Headers``, if any, that you want CloudFront to forward to the origin for this cache behavior (whitelisted headers). For the headers that you specify, CloudFront also caches separate versions of a specified object that is based on the header values in viewer requests. + For more information, see [Caching Content Based on Request Headers](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html) in the *Amazon CloudFront Developer Guide*. + QueryString: + type: boolean + description: |- + This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. + If you want to include query strings in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide*. + If you want to send query strings to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide*. + Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior and cache based on the query string parameters. CloudFront behavior depends on the value of ``QueryString`` and on the values that you specify for ``QueryStringCacheKeys``, if any: + If you specify true for ``QueryString`` and you don't specify any values for ``QueryStringCacheKeys``, CloudFront forwards all query string parameters to the origin and caches based on all query string parameters. Depending on how many query string parameters and values you have, this can adversely affect performance because CloudFront must forward more requests to the origin. + If you specify true for ``QueryString`` and you specify one or more values for ``QueryStringCacheKeys``, CloudFront forwards all query string parameters to the origin, but it only caches based on the query string parameters that you specify. + If you specify false for ``QueryString``, CloudFront doesn't forward any query string parameters to the origin, and doesn't cache based on query string parameters. + For more information, see [Configuring CloudFront to Cache Based on Query String Parameters](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/QueryStringParameters.html) in the *Amazon CloudFront Developer Guide*. + QueryStringCacheKeys: + items: + type: string + type: array + uniqueItems: false + description: |- + This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. + If you want to include query strings in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide*. + If you want to send query strings to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide*. + A complex type that contains information about the query string parameters that you want CloudFront to use for caching for this cache behavior. + required: + - QueryString + type: object + description: |- + This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. + If you want to include values in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide*. + If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide*. + A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers. + FunctionAssociation: + additionalProperties: false + properties: + EventType: + type: string + description: The event type of the function, either ``viewer-request`` or ``viewer-response``. You cannot use origin-facing event types (``origin-request`` and ``origin-response``) with a CloudFront function. + FunctionARN: + type: string + description: The Amazon Resource Name (ARN) of the function. + type: object + description: A CloudFront function that is associated with a cache behavior in a CloudFront distribution. + GeoRestriction: + additionalProperties: false + properties: + Locations: + items: + type: string + type: array + uniqueItems: false + description: |- + A complex type that contains a ``Location`` element for each country in which you want CloudFront either to distribute your content (``whitelist``) or not distribute your content (``blacklist``). + The ``Location`` element is a two-letter, uppercase country code for a country that you want to include in your ``blacklist`` or ``whitelist``. Include one ``Location`` element for each country. + CloudFront and ``MaxMind`` both use ``ISO 3166`` country codes. For the current list of countries and the corresponding codes, see ``ISO 3166-1-alpha-2`` code on the *International Organization for Standardization* website. You can also refer to the country list on the CloudFront console, which includes both country names and codes. + RestrictionType: + type: string + description: |- + The method that you want to use to restrict distribution of your content by country: + + ``none``: No geo restriction is enabled, meaning access to content is not restricted by client geo location. + + ``blacklist``: The ``Location`` elements specify the countries in which you don't want CloudFront to distribute your content. + + ``whitelist``: The ``Location`` elements specify the countries in which you want CloudFront to distribute your content. + required: + - RestrictionType + type: object + description: A complex type that controls the countries in which your content is distributed. CF determines the location of your users using ``MaxMind`` GeoIP databases. To disable geo restriction, remove the [Restrictions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-restrictions) property from your stack template. + LambdaFunctionAssociation: + additionalProperties: false + properties: + EventType: + type: string + description: |- + Specifies the event type that triggers a Lambda@Edge function invocation. You can specify the following values: + + ``viewer-request``: The function executes when CloudFront receives a request from a viewer and before it checks to see whether the requested object is in the edge cache. + + ``origin-request``: The function executes only when CloudFront sends a request to your origin. When the requested object is in the edge cache, the function doesn't execute. + + ``origin-response``: The function executes after CloudFront receives a response from the origin and before it caches the object in the response. When the requested object is in the edge cache, the function doesn't execute. + + ``viewer-response``: The function executes before CloudFront returns the requested object to the viewer. The function executes regardless of whether the object was already in the edge cache. + If the origin returns an HTTP status code other than HTTP 200 (OK), the function doesn't execute. + IncludeBody: + type: boolean + description: A flag that allows a Lambda@Edge function to have read access to the body content. For more information, see [Accessing the Request Body by Choosing the Include Body Option](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.html) in the Amazon CloudFront Developer Guide. + LambdaFunctionARN: + type: string + description: The ARN of the Lambda@Edge function. You must specify the ARN of a function version; you can't specify an alias or $LATEST. + type: object + description: A complex type that contains a Lambda@Edge function association. + LegacyCustomOrigin: + additionalProperties: false + properties: + DNSName: + type: string + description: '' + HTTPPort: + default: 80 + type: integer + description: '' + HTTPSPort: + default: 443 + type: integer + description: '' + OriginProtocolPolicy: + type: string + description: '' + OriginSSLProtocols: + items: + type: string + type: array + uniqueItems: false + description: '' + required: + - DNSName + - OriginProtocolPolicy + - OriginSSLProtocols + type: object + description: '' + LegacyS3Origin: + additionalProperties: false + properties: + DNSName: + type: string + description: '' + OriginAccessIdentity: + default: '' + type: string + description: '' + required: + - DNSName + type: object + description: '' + Logging: + additionalProperties: false + properties: + Bucket: + type: string + description: The Amazon S3 bucket to store the access logs in, for example, ``myawslogbucket.s3.amazonaws.com``. + IncludeCookies: + default: false + type: boolean + description: Specifies whether you want CloudFront to include cookies in access logs, specify ``true`` for ``IncludeCookies``. If you choose to include cookies in logs, CloudFront logs all cookies regardless of how you configure the cache behaviors for this distribution. If you don't want to include cookies when you create a distribution or if you want to disable include cookies for an existing distribution, specify ``false`` for ``IncludeCookies``. + Prefix: + default: '' + type: string + description: An optional string that you want CloudFront to prefix to the access log ``filenames`` for this distribution, for example, ``myprefix/``. If you want to enable logging, but you don't want to specify a prefix, you still must include an empty ``Prefix`` element in the ``Logging`` element. + required: + - Bucket + type: object + description: A complex type that controls whether access logs are written for the distribution. + Origin: + additionalProperties: false + properties: + ConnectionAttempts: + type: integer + description: |- + The number of times that CloudFront attempts to connect to the origin. The minimum number is 1, the maximum is 3, and the default (if you don't specify otherwise) is 3. + For a custom origin (including an Amazon S3 bucket that's configured with static website hosting), this value also specifies the number of times that CloudFront attempts to get a response from the origin, in the case of an [Origin Response Timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginResponseTimeout). + For more information, see [Origin Connection Attempts](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#origin-connection-attempts) in the *Amazon CloudFront Developer Guide*. + ConnectionTimeout: + type: integer + description: |- + The number of seconds that CloudFront waits when trying to establish a connection to the origin. The minimum timeout is 1 second, the maximum is 10 seconds, and the default (if you don't specify otherwise) is 10 seconds. + For more information, see [Origin Connection Timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#origin-connection-timeout) in the *Amazon CloudFront Developer Guide*. + CustomOriginConfig: + $ref: '#/components/schemas/CustomOriginConfig' + description: Use this type to specify an origin that is not an Amazon S3 bucket, with one exception. If the Amazon S3 bucket is configured with static website hosting, use this type. If the Amazon S3 bucket is not configured with static website hosting, use the ``S3OriginConfig`` type instead. + DomainName: + type: string + description: |- + The domain name for the origin. + For more information, see [Origin Domain Name](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesDomainName) in the *Amazon CloudFront Developer Guide*. + Id: + type: string + description: |- + A unique identifier for the origin. This value must be unique within the distribution. + Use this value to specify the ``TargetOriginId`` in a ``CacheBehavior`` or ``DefaultCacheBehavior``. + OriginAccessControlId: + type: string + description: |- + The unique identifier of an origin access control for this origin. + For more information, see [Restricting access to an Amazon S3 origin](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html) in the *Amazon CloudFront Developer Guide*. + OriginCustomHeaders: + items: + $ref: '#/components/schemas/OriginCustomHeader' + type: array + uniqueItems: false + description: |- + A list of HTTP header names and values that CloudFront adds to the requests that it sends to the origin. + For more information, see [Adding Custom Headers to Origin Requests](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/add-origin-custom-headers.html) in the *Amazon CloudFront Developer Guide*. + OriginPath: + default: '' + type: string + description: |- + An optional path that CloudFront appends to the origin domain name when CloudFront requests content from the origin. + For more information, see [Origin Path](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginPath) in the *Amazon CloudFront Developer Guide*. + OriginShield: + $ref: '#/components/schemas/OriginShield' + description: |- + CloudFront Origin Shield. Using Origin Shield can help reduce the load on your origin. + For more information, see [Using Origin Shield](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html) in the *Amazon CloudFront Developer Guide*. + S3OriginConfig: + $ref: '#/components/schemas/S3OriginConfig' + description: Use this type to specify an origin that is an Amazon S3 bucket that is not configured with static website hosting. To specify any other type of origin, including an Amazon S3 bucket that is configured with static website hosting, use the ``CustomOriginConfig`` type instead. + required: + - DomainName + - Id + type: object + description: |- + An origin. + An origin is the location where content is stored, and from which CloudFront gets content to serve to viewers. To specify an origin: + + Use ``S3OriginConfig`` to specify an Amazon S3 bucket that is not configured with static website hosting. + + Use ``CustomOriginConfig`` to specify all other kinds of origins, including: + + An Amazon S3 bucket that is configured with static website hosting + + An Elastic Load Balancing load balancer + + An EMPlong endpoint + + An EMSlong container + + Any other HTTP server, running on an Amazon EC2 instance or any other kind of host + + + For the current maximum number of origins that you can specify per distribution, see [General Quotas on Web Distributions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html#limits-web-distributions) in the *Amazon CloudFront Developer Guide* (quotas were formerly referred to as limits). + OriginCustomHeader: + additionalProperties: false + properties: + HeaderName: + type: string + description: The name of a header that you want CloudFront to send to your origin. For more information, see [Adding Custom Headers to Origin Requests](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/forward-custom-headers.html) in the *Amazon CloudFront Developer Guide*. + HeaderValue: + type: string + description: The value for the header that you specified in the ``HeaderName`` field. + required: + - HeaderValue + - HeaderName + type: object + description: A complex type that contains ``HeaderName`` and ``HeaderValue`` elements, if any, for this distribution. + OriginGroup: + additionalProperties: false + properties: + FailoverCriteria: + $ref: '#/components/schemas/OriginGroupFailoverCriteria' + description: A complex type that contains information about the failover criteria for an origin group. + Id: + type: string + description: The origin group's ID. + Members: + $ref: '#/components/schemas/OriginGroupMembers' + description: A complex type that contains information about the origins in an origin group. + required: + - Id + - FailoverCriteria + - Members + type: object + description: An origin group includes two origins (a primary origin and a second origin to failover to) and a failover criteria that you specify. You create an origin group to support origin failover in CloudFront. When you create or update a distribution, you can specify the origin group instead of a single origin, and CloudFront will failover from the primary origin to the second origin under the failover conditions that you've chosen. + OriginGroupFailoverCriteria: + additionalProperties: false + properties: + StatusCodes: + $ref: '#/components/schemas/StatusCodes' + description: The status codes that, when returned from the primary origin, will trigger CloudFront to failover to the second origin. + required: + - StatusCodes + type: object + description: A complex data type that includes information about the failover criteria for an origin group, including the status codes for which CloudFront will failover from the primary origin to the second origin. + OriginGroupMember: + additionalProperties: false + properties: + OriginId: + type: string + description: The ID for an origin in an origin group. + required: + - OriginId + type: object + description: An origin in an origin group. + OriginGroupMembers: + additionalProperties: false + properties: + Items: + items: + $ref: '#/components/schemas/OriginGroupMember' + type: array + uniqueItems: false + description: Items (origins) in an origin group. + Quantity: + type: integer + description: The number of origins in an origin group. + required: + - Quantity + - Items + type: object + description: A complex data type for the origins included in an origin group. + OriginGroups: + additionalProperties: false + properties: + Items: + items: + $ref: '#/components/schemas/OriginGroup' + type: array + uniqueItems: false + description: The items (origin groups) in a distribution. + Quantity: + type: integer + description: The number of origin groups. + required: + - Quantity + type: object + description: A complex data type for the origin groups specified for a distribution. + OriginShield: + additionalProperties: false + properties: + Enabled: + type: boolean + description: |- + A flag that specifies whether Origin Shield is enabled. + When it's enabled, CloudFront routes all requests through Origin Shield, which can help protect your origin. When it's disabled, CloudFront might send requests directly to your origin from multiple edge locations or regional edge caches. + OriginShieldRegion: + type: string + description: |- + The AWS-Region for Origin Shield. + Specify the AWS-Region that has the lowest latency to your origin. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as ``us-east-2``. + When you enable CloudFront Origin Shield, you must specify the AWS-Region for Origin Shield. For the list of AWS-Regions that you can specify, and for help choosing the best Region for your origin, see [Choosing the for Origin Shield](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html#choose-origin-shield-region) in the *Amazon CloudFront Developer Guide*. + type: object + description: |- + CloudFront Origin Shield. + Using Origin Shield can help reduce the load on your origin. For more information, see [Using Origin Shield](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html) in the *Amazon CloudFront Developer Guide*. + Restrictions: + additionalProperties: false + properties: + GeoRestriction: + $ref: '#/components/schemas/GeoRestriction' + description: A complex type that controls the countries in which your content is distributed. CF determines the location of your users using ``MaxMind`` GeoIP databases. To disable geo restriction, remove the [Restrictions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-restrictions) property from your stack template. + required: + - GeoRestriction + type: object + description: A complex type that identifies ways in which you want to restrict distribution of your content. + S3OriginConfig: + additionalProperties: false + properties: + OriginAccessIdentity: + default: '' + type: string + description: |- + The CloudFront origin access identity to associate with the origin. Use an origin access identity to configure the origin so that viewers can *only* access objects in an Amazon S3 bucket through CloudFront. The format of the value is: + origin-access-identity/cloudfront/*ID-of-origin-access-identity* + where ``ID-of-origin-access-identity`` is the value that CloudFront returned in the ``ID`` element when you created the origin access identity. + If you want viewers to be able to access objects using either the CloudFront URL or the Amazon S3 URL, specify an empty ``OriginAccessIdentity`` element. + To delete the origin access identity from an existing distribution, update the distribution configuration and include an empty ``OriginAccessIdentity`` element. + To replace the origin access identity, update the distribution configuration and specify the new origin access identity. + For more information about the origin access identity, see [Serving Private Content through CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide*. + type: object + description: A complex type that contains information about the Amazon S3 origin. If the origin is a custom origin or an S3 bucket that is configured as a website endpoint, use the ``CustomOriginConfig`` element instead. + StatusCodes: + additionalProperties: false + properties: + Items: + items: + type: integer + type: array + uniqueItems: false + description: The items (status codes) for an origin group. + Quantity: + type: integer + description: The number of status codes. + required: + - Quantity + - Items + type: object + description: A complex data type for the status codes that you specify that, when returned by a primary origin, trigger CloudFront to failover to a second origin. + Tag: + additionalProperties: false + properties: + Key: + type: string + description: |- + A string that contains ``Tag`` key. + The string length should be between 1 and 128 characters. Valid characters include ``a-z``, ``A-Z``, ``0-9``, space, and the special characters ``_ - . : / = + @``. + Value: + type: string + description: |- + A string that contains an optional ``Tag`` value. + The string length should be between 0 and 256 characters. Valid characters include ``a-z``, ``A-Z``, ``0-9``, space, and the special characters ``_ - . : / = + @``. + required: + - Value + - Key + type: object + description: A complex type that contains ``Tag`` key and ``Tag`` value. + ViewerCertificate: + additionalProperties: false + properties: + AcmCertificateArn: + type: string + description: |- + In CloudFormation, this field name is ``AcmCertificateArn``. Note the different capitalization. + If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [(ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html), provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region (``us-east-1``). + If you specify an ACM certificate ARN, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod``. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.) + CloudFrontDefaultCertificate: + type: boolean + description: |- + If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``, set this field to ``true``. + If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), omit this field and specify values for the following fields: + + ``AcmCertificateArn`` or ``IamCertificateId`` (specify a value for one, not both) + + ``MinimumProtocolVersion`` + + ``SslSupportMethod`` + IamCertificateId: + type: string + description: |- + In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization. + If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [(IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html), provide the ID of the IAM certificate. + If you specify an IAM certificate ID, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod``. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.) + MinimumProtocolVersion: + type: string + description: |- + If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), specify the security policy that you want CloudFront to use for HTTPS connections with viewers. The security policy determines two settings: + + The minimum SSL/TLS protocol that CloudFront can use to communicate with viewers. + + The ciphers that CloudFront can use to encrypt the content that it returns to viewers. + + For more information, see [Security Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) and [Supported Protocols and Ciphers Between Viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers) in the *Amazon CloudFront Developer Guide*. + On the CloudFront console, this setting is called *Security Policy*. + When you're using SNI only (you set ``SSLSupportMethod`` to ``sni-only``), you must specify ``TLSv1`` or higher. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.) + If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net`` (you set ``CloudFrontDefaultCertificate`` to ``true``), CloudFront automatically sets the security policy to ``TLSv1`` regardless of the value that you set here. + SslSupportMethod: + type: string + description: |- + In CloudFormation, this field name is ``SslSupportMethod``. Note the different capitalization. + If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from. + + ``sni-only`` – The distribution accepts HTTPS connections from only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication). This is recommended. Most browsers and clients support SNI. + + ``vip`` – The distribution accepts HTTPS connections from all viewers including those that don't support SNI. This is not recommended, and results in additional monthly charges from CloudFront. + + ``static-ip`` - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the [Center](https://docs.aws.amazon.com/support/home). + + If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``, don't set a value for this field. + type: object + description: |- + A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers. + If the distribution doesn't use ``Aliases`` (also known as alternate domain names or CNAMEs)—that is, if the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``—set ``CloudFrontDefaultCertificate`` to ``true`` and leave all other fields empty. + If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), use the fields in this type to specify the following settings: + + Which viewers the distribution accepts HTTPS connections from: only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication) (recommended), or all viewers including those that don't support SNI. + + To accept HTTPS connections from only viewers that support SNI, set ``SSLSupportMethod`` to ``sni-only``. This is recommended. Most browsers and clients support SNI. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.) + + To accept HTTPS connections from all viewers, including those that don't support SNI, set ``SSLSupportMethod`` to ``vip``. This is not recommended, and results in additional monthly charges from CloudFront. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.) + + + The minimum SSL/TLS protocol version that the distribution can use to communicate with viewers. To specify a minimum version, choose a value for ``MinimumProtocolVersion``. For more information, see [Security Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) in the *Amazon CloudFront Developer Guide*. + + The location of the SSL/TLS certificate, [(ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) (recommended) or [(IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html). You specify the location by setting a value in one of the following fields (not both): + + ``ACMCertificateArn`` (In CloudFormation, this field name is ``AcmCertificateArn``. Note the different capitalization.) + + ``IAMCertificateId`` (In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization.) + + + All distributions support HTTPS connections from viewers. To require viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use ``ViewerProtocolPolicy`` in the ``CacheBehavior`` or ``DefaultCacheBehavior``. To specify how CloudFront should use SSL/TLS to communicate with your custom origin, use ``CustomOriginConfig``. + For more information, see [Using HTTPS with CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html) and [Using Alternate Domain Names and HTTPS](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html) in the *Amazon CloudFront Developer Guide*. + Distribution: + type: object + properties: + DistributionConfig: + $ref: '#/components/schemas/DistributionConfig' + description: The distribution's configuration. + DomainName: + type: string + description: '' + Id: + type: string + description: '' + Tags: + items: + $ref: '#/components/schemas/Tag' + type: array + uniqueItems: false + description: A complex type that contains zero or more ``Tag`` elements. + required: + - DistributionConfig + x-stackql-resource-name: distribution + description: A distribution tells CloudFront where you want content to be delivered from, and the details about how to track and manage content delivery. + x-type-name: AWS::CloudFront::Distribution + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - DomainName + x-required-properties: + - DistributionConfig + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - cloudfront:CreateDistribution + - cloudfront:CreateDistributionWithTags + - cloudfront:GetDistribution + - cloudfront:GetDistributionConfig + - cloudfront:TagResource + delete: + - cloudfront:DeleteDistribution + - cloudfront:GetDistribution + - cloudfront:GetDistributionConfig + list: + - cloudfront:ListDistributions + read: + - cloudfront:GetDistribution + - cloudfront:GetDistributionConfig + update: + - cloudfront:GetDistribution + - cloudfront:GetDistributionConfig + - cloudfront:UpdateDistribution + - cloudfront:UpdateDistributionWithStagingConfig + - cloudfront:ListTagsForResource + - cloudfront:TagResource + - cloudfront:UntagResource + FunctionConfig: + additionalProperties: false + properties: + Comment: + type: string + Runtime: + type: string + KeyValueStoreAssociations: + items: + $ref: '#/components/schemas/KeyValueStoreAssociation' + type: array + uniqueItems: true + required: + - Comment + - Runtime + type: object + FunctionMetadata: + additionalProperties: false + properties: + FunctionARN: + type: string + type: object + KeyValueStoreAssociation: + additionalProperties: false + properties: + KeyValueStoreARN: + type: string + required: + - KeyValueStoreARN + type: object + Function: + type: object + properties: + AutoPublish: + type: boolean + FunctionARN: + type: string + FunctionCode: + type: string + FunctionConfig: + $ref: '#/components/schemas/FunctionConfig' + FunctionMetadata: + $ref: '#/components/schemas/FunctionMetadata' + Name: + type: string + Stage: + type: string + required: + - Name + - FunctionConfig + - FunctionCode + x-stackql-resource-name: function + description: Resource Type definition for AWS::CloudFront::Function + x-type-name: AWS::CloudFront::Function + x-stackql-primary-identifier: + - FunctionARN + x-write-only-properties: + - AutoPublish + x-read-only-properties: + - FunctionARN + - FunctionMetadata/FunctionARN + - Stage + x-required-properties: + - Name + - FunctionConfig + - FunctionCode + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - cloudfront:CreateFunction + - cloudfront:PublishFunction + - cloudfront:DescribeFunction + delete: + - cloudfront:DeleteFunction + - cloudfront:DescribeFunction + list: + - cloudfront:ListFunctions + read: + - cloudfront:DescribeFunction + - cloudfront:GetFunction + update: + - cloudfront:UpdateFunction + - cloudfront:PublishFunction + - cloudfront:DescribeFunction + KeyGroupConfig: + additionalProperties: false + properties: + Comment: + type: string + Items: + items: + type: string + type: array + uniqueItems: false + Name: + type: string + required: + - Name + - Items + type: object + KeyGroup: + type: object + properties: + Id: + type: string + KeyGroupConfig: + $ref: '#/components/schemas/KeyGroupConfig' + LastModifiedTime: + type: string + required: + - KeyGroupConfig + x-stackql-resource-name: key_group + description: Resource Type definition for AWS::CloudFront::KeyGroup + x-type-name: AWS::CloudFront::KeyGroup + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - LastModifiedTime + x-required-properties: + - KeyGroupConfig + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - cloudfront:CreateKeyGroup + delete: + - cloudfront:DeleteKeyGroup + - cloudfront:GetKeyGroup + list: + - cloudfront:ListKeyGroups + read: + - cloudfront:GetKeyGroup + update: + - cloudfront:UpdateKeyGroup + - cloudfront:GetKeyGroup + ImportSource: + additionalProperties: false + properties: + SourceType: + type: string + SourceArn: + type: string + required: + - SourceType + - SourceArn + type: object + KeyValueStore: + type: object + properties: + Arn: + type: string + Id: + type: string + Status: + type: string + Name: + type: string + Comment: + type: string + ImportSource: + $ref: '#/components/schemas/ImportSource' + required: + - Name + x-stackql-resource-name: key_value_store + description: Resource Type definition for AWS::CloudFront::KeyValueStore + x-type-name: AWS::CloudFront::KeyValueStore + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-write-only-properties: + - ImportSource + x-read-only-properties: + - Arn + - Id + - Status + x-required-properties: + - Name + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - cloudfront:CreateKeyValueStore + - cloudfront:DescribeKeyValueStore + - s3:GetObject + - s3:HeadObject + - s3:GetBucketLocation + delete: + - cloudfront:DeleteKeyValueStore + - cloudfront:DescribeKeyValueStore + list: + - cloudfront:ListKeyValueStores + read: + - cloudfront:DescribeKeyValueStore + update: + - cloudfront:UpdateKeyValueStore + - cloudfront:DescribeKeyValueStore + MonitoringSubscription: + type: object + properties: + DistributionId: + type: string + MonitoringSubscription: + $ref: '#/components/schemas/MonitoringSubscription' + required: + - DistributionId + - MonitoringSubscription + x-stackql-resource-name: monitoring_subscription + description: Resource Type definition for AWS::CloudFront::MonitoringSubscription + x-type-name: AWS::CloudFront::MonitoringSubscription + x-stackql-primary-identifier: + - DistributionId + x-create-only-properties: + - DistributionId + x-required-properties: + - DistributionId + - MonitoringSubscription + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - cloudfront:CreateMonitoringSubscription + delete: + - cloudfront:DeleteMonitoringSubscription + read: + - cloudfront:GetMonitoringSubscription + RealtimeMetricsSubscriptionConfig: + additionalProperties: false + properties: + RealtimeMetricsSubscriptionStatus: + enum: + - Enabled + - Disabled + type: string + required: + - RealtimeMetricsSubscriptionStatus + type: object + OriginAccessControlConfig: + additionalProperties: false + properties: + Description: + type: string + Name: + type: string + OriginAccessControlOriginType: + pattern: ^(s3|mediastore|lambda|mediapackagev2)$ + type: string + SigningBehavior: + pattern: ^(never|no-override|always)$ + type: string + SigningProtocol: + pattern: ^(sigv4)$ + type: string + required: + - Name + - SigningProtocol + - SigningBehavior + - OriginAccessControlOriginType + type: object + OriginAccessControl: + type: object + properties: + Id: + type: string + OriginAccessControlConfig: + $ref: '#/components/schemas/OriginAccessControlConfig' + required: + - OriginAccessControlConfig + x-stackql-resource-name: origin_access_control + description: Resource Type definition for AWS::CloudFront::OriginAccessControl + x-type-name: AWS::CloudFront::OriginAccessControl + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + x-required-properties: + - OriginAccessControlConfig + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - cloudfront:CreateOriginAccessControl + delete: + - cloudfront:DeleteOriginAccessControl + - cloudfront:GetOriginAccessControl + list: + - cloudfront:ListOriginAccessControls + read: + - cloudfront:GetOriginAccessControl + update: + - cloudfront:UpdateOriginAccessControl + - cloudfront:GetOriginAccessControl + OriginRequestPolicyConfig: + additionalProperties: false + properties: + Comment: + type: string + CookiesConfig: + $ref: '#/components/schemas/CookiesConfig' + HeadersConfig: + $ref: '#/components/schemas/HeadersConfig' + Name: + type: string + QueryStringsConfig: + $ref: '#/components/schemas/QueryStringsConfig' + required: + - Name + - HeadersConfig + - CookiesConfig + - QueryStringsConfig + type: object + OriginRequestPolicy: + type: object + properties: + Id: + type: string + LastModifiedTime: + type: string + OriginRequestPolicyConfig: + $ref: '#/components/schemas/OriginRequestPolicyConfig' + required: + - OriginRequestPolicyConfig + x-stackql-resource-name: origin_request_policy + description: Resource Type definition for AWS::CloudFront::OriginRequestPolicy + x-type-name: AWS::CloudFront::OriginRequestPolicy + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - LastModifiedTime + x-required-properties: + - OriginRequestPolicyConfig + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - cloudfront:CreateOriginRequestPolicy + delete: + - cloudfront:DeleteOriginRequestPolicy + - cloudfront:GetOriginRequestPolicy + list: + - cloudfront:ListOriginRequestPolicies + read: + - cloudfront:GetOriginRequestPolicy + update: + - cloudfront:UpdateOriginRequestPolicy + - cloudfront:GetOriginRequestPolicy + PublicKeyConfig: + additionalProperties: false + properties: + CallerReference: + type: string + Comment: + type: string + EncodedKey: + type: string + Name: + type: string + required: + - CallerReference + - Name + - EncodedKey + type: object + PublicKey: + type: object + properties: + CreatedTime: + type: string + Id: + type: string + PublicKeyConfig: + $ref: '#/components/schemas/PublicKeyConfig' + required: + - PublicKeyConfig + x-stackql-resource-name: public_key + description: Resource Type definition for AWS::CloudFront::PublicKey + x-type-name: AWS::CloudFront::PublicKey + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - CreatedTime + x-required-properties: + - PublicKeyConfig + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - cloudfront:CreatePublicKey + delete: + - cloudfront:DeletePublicKey + - cloudfront:GetPublicKey + list: + - cloudfront:ListPublicKeys + read: + - cloudfront:GetPublicKey + update: + - cloudfront:UpdatePublicKey + - cloudfront:GetPublicKey + EndPoint: + additionalProperties: false + properties: + KinesisStreamConfig: + $ref: '#/components/schemas/KinesisStreamConfig' + StreamType: + type: string + required: + - KinesisStreamConfig + - StreamType + type: object + KinesisStreamConfig: + additionalProperties: false + properties: + RoleArn: + type: string + StreamArn: + type: string + required: + - RoleArn + - StreamArn + type: object + RealtimeLogConfig: + type: object + properties: + Arn: + type: string + EndPoints: + items: + $ref: '#/components/schemas/EndPoint' + minItems: 1 + type: array + uniqueItems: false + Fields: + items: + type: string + minItems: 1 + type: array + uniqueItems: false + Name: + type: string + SamplingRate: + maximum: 100 + minimum: 1 + multipleOf: 1 + type: number + required: + - Name + - EndPoints + - Fields + - SamplingRate + x-stackql-resource-name: realtime_log_config + description: Resource Type definition for AWS::CloudFront::RealtimeLogConfig + x-type-name: AWS::CloudFront::RealtimeLogConfig + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - Name + - EndPoints + - Fields + - SamplingRate + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - cloudfront:CreateRealtimeLogConfig + - iam:PassRole + delete: + - cloudfront:DeleteRealtimeLogConfig + - cloudfront:GetRealtimeLogConfig + list: + - cloudfront:ListRealtimeLogConfigs + read: + - cloudfront:GetRealtimeLogConfig + update: + - cloudfront:UpdateRealtimeLogConfig + - cloudfront:GetRealtimeLogConfig + - iam:PassRole + AccessControlAllowHeaders: + additionalProperties: false + properties: + Items: + x-insertionOrder: false + items: + type: string + type: array + required: + - Items + type: object + AccessControlAllowMethods: + additionalProperties: false + properties: + Items: + x-insertionOrder: false + items: + type: string + type: array + required: + - Items + type: object + AccessControlAllowOrigins: + additionalProperties: false + properties: + Items: + x-insertionOrder: false + items: + type: string + type: array + required: + - Items + type: object + AccessControlExposeHeaders: + additionalProperties: false + properties: + Items: + x-insertionOrder: false + items: + type: string + type: array + required: + - Items + type: object + ContentSecurityPolicy: + additionalProperties: false + properties: + ContentSecurityPolicy: + type: string + Override: + type: boolean + required: + - Override + - ContentSecurityPolicy + type: object + ContentTypeOptions: + additionalProperties: false + properties: + Override: + type: boolean + required: + - Override + type: object + CorsConfig: + additionalProperties: false + properties: + AccessControlAllowCredentials: + type: boolean + AccessControlAllowHeaders: + $ref: '#/components/schemas/AccessControlAllowHeaders' + AccessControlAllowMethods: + $ref: '#/components/schemas/AccessControlAllowMethods' + AccessControlAllowOrigins: + $ref: '#/components/schemas/AccessControlAllowOrigins' + AccessControlExposeHeaders: + $ref: '#/components/schemas/AccessControlExposeHeaders' + AccessControlMaxAgeSec: + type: integer + OriginOverride: + type: boolean + required: + - AccessControlAllowOrigins + - AccessControlAllowHeaders + - AccessControlAllowMethods + - AccessControlAllowCredentials + - OriginOverride + type: object + CustomHeader: + additionalProperties: false + properties: + Header: + type: string + Override: + type: boolean + Value: + type: string + required: + - Header + - Value + - Override + type: object + CustomHeadersConfig: + additionalProperties: false + properties: + Items: + x-insertionOrder: false + items: + $ref: '#/components/schemas/CustomHeader' + type: array + uniqueItems: false + required: + - Items + type: object + FrameOptions: + additionalProperties: false + properties: + FrameOption: + pattern: ^(DENY|SAMEORIGIN)$ + type: string + Override: + type: boolean + required: + - Override + - FrameOption + type: object + ReferrerPolicy: + additionalProperties: false + properties: + Override: + type: boolean + ReferrerPolicy: + pattern: ^(no-referrer|no-referrer-when-downgrade|origin|origin-when-cross-origin|same-origin|strict-origin|strict-origin-when-cross-origin|unsafe-url)$ + type: string + required: + - Override + - ReferrerPolicy + type: object + RemoveHeader: + additionalProperties: false + properties: + Header: + type: string + required: + - Header + type: object + RemoveHeadersConfig: + additionalProperties: false + properties: + Items: + x-insertionOrder: false + items: + $ref: '#/components/schemas/RemoveHeader' + type: array + uniqueItems: true + required: + - Items + type: object + ResponseHeadersPolicyConfig: + additionalProperties: false + properties: + Comment: + type: string + CorsConfig: + $ref: '#/components/schemas/CorsConfig' + CustomHeadersConfig: + $ref: '#/components/schemas/CustomHeadersConfig' + Name: + type: string + RemoveHeadersConfig: + $ref: '#/components/schemas/RemoveHeadersConfig' + SecurityHeadersConfig: + $ref: '#/components/schemas/SecurityHeadersConfig' + ServerTimingHeadersConfig: + $ref: '#/components/schemas/ServerTimingHeadersConfig' + required: + - Name + type: object + SecurityHeadersConfig: + additionalProperties: false + properties: + ContentSecurityPolicy: + $ref: '#/components/schemas/ContentSecurityPolicy' + ContentTypeOptions: + $ref: '#/components/schemas/ContentTypeOptions' + FrameOptions: + $ref: '#/components/schemas/FrameOptions' + ReferrerPolicy: + $ref: '#/components/schemas/ReferrerPolicy' + StrictTransportSecurity: + $ref: '#/components/schemas/StrictTransportSecurity' + XSSProtection: + $ref: '#/components/schemas/XSSProtection' + required: [] + type: object + ServerTimingHeadersConfig: + additionalProperties: false + properties: + Enabled: + type: boolean + SamplingRate: + maximum: 100 + minimum: 0 + multipleOf: 0.0001 + type: number + required: + - Enabled + type: object + StrictTransportSecurity: + additionalProperties: false + properties: + AccessControlMaxAgeSec: + type: integer + IncludeSubdomains: + type: boolean + Override: + type: boolean + Preload: + type: boolean + required: + - Override + - AccessControlMaxAgeSec + type: object + XSSProtection: + additionalProperties: false + properties: + ModeBlock: + type: boolean + Override: + type: boolean + Protection: + type: boolean + ReportUri: + type: string + required: + - Override + - Protection + type: object + ResponseHeadersPolicy: + type: object + properties: + Id: + type: string + LastModifiedTime: + type: string + ResponseHeadersPolicyConfig: + $ref: '#/components/schemas/ResponseHeadersPolicyConfig' + required: + - ResponseHeadersPolicyConfig + x-stackql-resource-name: response_headers_policy + description: Resource Type definition for AWS::CloudFront::ResponseHeadersPolicy + x-type-name: AWS::CloudFront::ResponseHeadersPolicy + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - LastModifiedTime + x-required-properties: + - ResponseHeadersPolicyConfig + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - cloudfront:CreateResponseHeadersPolicy + delete: + - cloudfront:DeleteResponseHeadersPolicy + - cloudfront:GetResponseHeadersPolicy + list: + - cloudfront:ListResponseHeadersPolicies + read: + - cloudfront:GetResponseHeadersPolicy + update: + - cloudfront:UpdateResponseHeadersPolicy + - cloudfront:GetResponseHeadersPolicy + x-stackQL-resources: + cache_policies: + name: cache_policies + id: aws.cloudfront.cache_policies + x-cfn-schema-name: CachePolicy + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::CachePolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::CachePolicy' + AND region = 'us-east-1' + cache_policy: + name: cache_policy + id: aws.cloudfront.cache_policy + x-cfn-schema-name: CachePolicy + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CachePolicyConfig') as cache_policy_config, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::CachePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CachePolicyConfig') as cache_policy_config, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::CachePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + cloud_front_origin_access_identities: + name: cloud_front_origin_access_identities + id: aws.cloudfront.cloud_front_origin_access_identities + x-cfn-schema-name: CloudFrontOriginAccessIdentity + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::CloudFrontOriginAccessIdentity' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::CloudFrontOriginAccessIdentity' + AND region = 'us-east-1' + cloud_front_origin_access_identity: + name: cloud_front_origin_access_identity + id: aws.cloudfront.cloud_front_origin_access_identity + x-cfn-schema-name: CloudFrontOriginAccessIdentity + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CloudFrontOriginAccessIdentityConfig') as cloud_front_origin_access_identity_config, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.S3CanonicalUserId') as s3_canonical_user_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::CloudFrontOriginAccessIdentity' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CloudFrontOriginAccessIdentityConfig') as cloud_front_origin_access_identity_config, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'S3CanonicalUserId') as s3_canonical_user_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::CloudFrontOriginAccessIdentity' + AND data__Identifier = '' + AND region = 'us-east-1' + continuous_deployment_policies: + name: continuous_deployment_policies + id: aws.cloudfront.continuous_deployment_policies + x-cfn-schema-name: ContinuousDeploymentPolicy + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::ContinuousDeploymentPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::ContinuousDeploymentPolicy' + AND region = 'us-east-1' + continuous_deployment_policy: + name: continuous_deployment_policy + id: aws.cloudfront.continuous_deployment_policy + x-cfn-schema-name: ContinuousDeploymentPolicy + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ContinuousDeploymentPolicyConfig') as continuous_deployment_policy_config, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::ContinuousDeploymentPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ContinuousDeploymentPolicyConfig') as continuous_deployment_policy_config, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::ContinuousDeploymentPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + distributions: + name: distributions + id: aws.cloudfront.distributions + x-cfn-schema-name: Distribution + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::Distribution' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::Distribution' + AND region = 'us-east-1' + distribution: + name: distribution + id: aws.cloudfront.distribution + x-cfn-schema-name: Distribution + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DistributionConfig') as distribution_config, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::Distribution' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DistributionConfig') as distribution_config, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::Distribution' + AND data__Identifier = '' + AND region = 'us-east-1' + functions: + name: functions + id: aws.cloudfront.functions + x-cfn-schema-name: Function + x-type: list + x-identifiers: + - FunctionARN + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FunctionARN') as function_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::Function' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FunctionARN') as function_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::Function' + AND region = 'us-east-1' + function: + name: function + id: aws.cloudfront.function + x-cfn-schema-name: Function + x-type: get + x-identifiers: + - FunctionARN + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AutoPublish') as auto_publish, + JSON_EXTRACT(Properties, '$.FunctionARN') as function_arn, + JSON_EXTRACT(Properties, '$.FunctionCode') as function_code, + JSON_EXTRACT(Properties, '$.FunctionConfig') as function_config, + JSON_EXTRACT(Properties, '$.FunctionMetadata') as function_metadata, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Stage') as stage + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::Function' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AutoPublish') as auto_publish, + json_extract_path_text(Properties, 'FunctionARN') as function_arn, + json_extract_path_text(Properties, 'FunctionCode') as function_code, + json_extract_path_text(Properties, 'FunctionConfig') as function_config, + json_extract_path_text(Properties, 'FunctionMetadata') as function_metadata, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Stage') as stage + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::Function' + AND data__Identifier = '' + AND region = 'us-east-1' + key_groups: + name: key_groups + id: aws.cloudfront.key_groups + x-cfn-schema-name: KeyGroup + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::KeyGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::KeyGroup' + AND region = 'us-east-1' + key_group: + name: key_group + id: aws.cloudfront.key_group + x-cfn-schema-name: KeyGroup + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.KeyGroupConfig') as key_group_config, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::KeyGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'KeyGroupConfig') as key_group_config, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::KeyGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + key_value_stores: + name: key_value_stores + id: aws.cloudfront.key_value_stores + x-cfn-schema-name: KeyValueStore + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::KeyValueStore' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::KeyValueStore' + AND region = 'us-east-1' + key_value_store: + name: key_value_store + id: aws.cloudfront.key_value_store + x-cfn-schema-name: KeyValueStore + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Comment') as comment, + JSON_EXTRACT(Properties, '$.ImportSource') as import_source + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::KeyValueStore' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Comment') as comment, + json_extract_path_text(Properties, 'ImportSource') as import_source + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::KeyValueStore' + AND data__Identifier = '' + AND region = 'us-east-1' + monitoring_subscription: + name: monitoring_subscription + id: aws.cloudfront.monitoring_subscription + x-cfn-schema-name: MonitoringSubscription + x-type: get + x-identifiers: + - DistributionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DistributionId') as distribution_id, + JSON_EXTRACT(Properties, '$.MonitoringSubscription') as monitoring_subscription + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::MonitoringSubscription' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DistributionId') as distribution_id, + json_extract_path_text(Properties, 'MonitoringSubscription') as monitoring_subscription + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::MonitoringSubscription' + AND data__Identifier = '' + AND region = 'us-east-1' + origin_access_controls: + name: origin_access_controls + id: aws.cloudfront.origin_access_controls + x-cfn-schema-name: OriginAccessControl + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::OriginAccessControl' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::OriginAccessControl' + AND region = 'us-east-1' + origin_access_control: + name: origin_access_control + id: aws.cloudfront.origin_access_control + x-cfn-schema-name: OriginAccessControl + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.OriginAccessControlConfig') as origin_access_control_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::OriginAccessControl' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'OriginAccessControlConfig') as origin_access_control_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::OriginAccessControl' + AND data__Identifier = '' + AND region = 'us-east-1' + origin_request_policies: + name: origin_request_policies + id: aws.cloudfront.origin_request_policies + x-cfn-schema-name: OriginRequestPolicy + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::OriginRequestPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::OriginRequestPolicy' + AND region = 'us-east-1' + origin_request_policy: + name: origin_request_policy + id: aws.cloudfront.origin_request_policy + x-cfn-schema-name: OriginRequestPolicy + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time, + JSON_EXTRACT(Properties, '$.OriginRequestPolicyConfig') as origin_request_policy_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::OriginRequestPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time, + json_extract_path_text(Properties, 'OriginRequestPolicyConfig') as origin_request_policy_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::OriginRequestPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + public_keys: + name: public_keys + id: aws.cloudfront.public_keys + x-cfn-schema-name: PublicKey + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::PublicKey' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::PublicKey' + AND region = 'us-east-1' + public_key: + name: public_key + id: aws.cloudfront.public_key + x-cfn-schema-name: PublicKey + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.PublicKeyConfig') as public_key_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::PublicKey' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'PublicKeyConfig') as public_key_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::PublicKey' + AND data__Identifier = '' + AND region = 'us-east-1' + realtime_log_configs: + name: realtime_log_configs + id: aws.cloudfront.realtime_log_configs + x-cfn-schema-name: RealtimeLogConfig + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::RealtimeLogConfig' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::RealtimeLogConfig' + AND region = 'us-east-1' + realtime_log_config: + name: realtime_log_config + id: aws.cloudfront.realtime_log_config + x-cfn-schema-name: RealtimeLogConfig + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.EndPoints') as end_points, + JSON_EXTRACT(Properties, '$.Fields') as fields, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.SamplingRate') as sampling_rate + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::RealtimeLogConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'EndPoints') as end_points, + json_extract_path_text(Properties, 'Fields') as fields, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'SamplingRate') as sampling_rate + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::RealtimeLogConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + response_headers_policies: + name: response_headers_policies + id: aws.cloudfront.response_headers_policies + x-cfn-schema-name: ResponseHeadersPolicy + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::ResponseHeadersPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::ResponseHeadersPolicy' + AND region = 'us-east-1' + response_headers_policy: + name: response_headers_policy + id: aws.cloudfront.response_headers_policy + x-cfn-schema-name: ResponseHeadersPolicy + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time, + JSON_EXTRACT(Properties, '$.ResponseHeadersPolicyConfig') as response_headers_policy_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::ResponseHeadersPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time, + json_extract_path_text(Properties, 'ResponseHeadersPolicyConfig') as response_headers_policy_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::ResponseHeadersPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/cloudtrail.yaml b/providers/src/aws/v00.00.00000/services/cloudtrail.yaml new file mode 100644 index 00000000..d5c0f1aa --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/cloudtrail.yaml @@ -0,0 +1,862 @@ +openapi: 3.0.0 +info: + title: CloudTrail + version: 1.0.0 +paths: {} +components: + schemas: + Destination: + description: The resource that receives events arriving from a channel. + type: object + properties: + Type: + description: The type of destination for events arriving from a channel. + type: string + enum: + - EVENT_DATA_STORE + Location: + description: The ARN of a resource that receives events from a channel. + type: string + minLength: 3 + maxLength: 1024 + pattern: (^[a-zA-Z0-9._/\-:]+$) + required: + - Type + - Location + additionalProperties: false + UUID: + type: string + minLength: 36 + maxLength: 36 + pattern: (^[a-f0-9\-]+$) + Timestamp: + type: string + ChannelArn: + description: The Amazon Resource Name (ARN) of a channel. + type: string + minLength: 3 + maxLength: 256 + pattern: (^[a-zA-Z0-9._/\-:]+$) + ChannelName: + description: The name of the channel. + type: string + minLength: 3 + maxLength: 128 + pattern: (^[a-zA-Z0-9._\-]+$) + Tag: + description: An arbitrary set of tags (key-value pairs) for this trail. + type: object + additionalProperties: false + properties: + Key: + description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + Value: + description: 'The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + required: + - Value + - Key + Channel: + type: object + properties: + Name: + $ref: '#/components/schemas/ChannelName' + Source: + description: The ARN of an on-premises storage solution or application, or a partner event source. + type: string + minLength: 1 + maxLength: 256 + pattern: (.*) + Destinations: + description: One or more resources to which events arriving through a channel are logged and stored. + type: array + items: + $ref: '#/components/schemas/Destination' + maxItems: 10 + uniqueItems: true + x-insertionOrder: false + ChannelArn: + $ref: '#/components/schemas/ChannelArn' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: [] + x-stackql-resource-name: channel + description: A channel receives events from a specific source (such as an on-premises storage solution or application, or a partner event data source), and delivers the events to one or more event data stores. You use channels to ingest events into CloudTrail from sources outside AWS. + x-type-name: AWS::CloudTrail::Channel + x-stackql-primary-identifier: + - ChannelArn + x-create-only-properties: + - Source + x-write-only-properties: + - Tags + x-read-only-properties: + - ChannelArn + x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - CloudTrail:CreateChannel + - CloudTrail:AddTags + read: + - CloudTrail:GetChannel + - CloudTrail:ListChannels + update: + - CloudTrail:UpdateChannel + - CloudTrail:GetChannel + - CloudTrail:AddTags + - CloudTrail:RemoveTags + delete: + - CloudTrail:DeleteChannel + list: + - CloudTrail:ListChannels + AdvancedFieldSelector: + description: A single selector statement in an advanced event selector. + type: object + additionalProperties: false + properties: + Field: + description: A field in an event record on which to filter events to be logged. Supported fields include readOnly, eventCategory, eventSource (for management events), eventName, resources.type, and resources.ARN. + type: string + pattern: ([\w|\d|\.|_]+) + minLength: 1 + maxLength: 1000 + Equals: + description: An operator that includes events that match the exact value of the event record field specified as the value of Field. This is the only valid operator that you can use with the readOnly, eventCategory, and resources.type fields. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + items: + type: string + pattern: (.+) + minLength: 1 + maxLength: 2048 + StartsWith: + description: An operator that includes events that match the first few characters of the event record field specified as the value of Field. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + items: + type: string + pattern: (.+) + minLength: 1 + maxLength: 2048 + EndsWith: + description: An operator that includes events that match the last few characters of the event record field specified as the value of Field. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + items: + type: string + pattern: (.+) + minLength: 1 + maxLength: 2048 + NotEquals: + description: An operator that excludes events that match the exact value of the event record field specified as the value of Field. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + items: + type: string + pattern: (.+) + minLength: 1 + maxLength: 2048 + NotStartsWith: + description: An operator that excludes events that match the first few characters of the event record field specified as the value of Field. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + items: + type: string + pattern: (.+) + minLength: 1 + maxLength: 2048 + NotEndsWith: + description: An operator that excludes events that match the last few characters of the event record field specified as the value of Field. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + items: + type: string + pattern: (.+) + minLength: 1 + maxLength: 2048 + required: + - Field + AdvancedEventSelector: + description: Advanced event selectors let you create fine-grained selectors for the following AWS CloudTrail event record fields. They help you control costs by logging only those events that are important to you. + type: object + additionalProperties: false + properties: + Name: + description: An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets". + type: string + minLength: 1 + maxLength: 1000 + FieldSelectors: + description: Contains all selector statements in an advanced event selector. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + items: + $ref: '#/components/schemas/AdvancedFieldSelector' + required: + - FieldSelectors + InsightSelector: + description: A string that contains insight types that are logged on a trail. + type: object + additionalProperties: false + properties: + InsightType: + description: The type of insight to log on a trail. + type: string + EventDataStore: + type: object + properties: + AdvancedEventSelectors: + description: The advanced event selectors that were used to select events for the data store. + type: array + items: + $ref: '#/components/schemas/AdvancedEventSelector' + uniqueItems: true + x-insertionOrder: false + CreatedTimestamp: + description: The timestamp of the event data store's creation. + $ref: '#/components/schemas/Timestamp' + EventDataStoreArn: + description: The ARN of the event data store. + type: string + FederationEnabled: + description: Indicates whether federation is enabled on an event data store. + type: boolean + FederationRoleArn: + description: The ARN of the role used for event data store federation. + type: string + MultiRegionEnabled: + description: Indicates whether the event data store includes events from all regions, or only from the region in which it was created. + type: boolean + Name: + description: The name of the event data store. + type: string + OrganizationEnabled: + description: Indicates that an event data store is collecting logged events for an organization. + type: boolean + BillingMode: + description: The mode that the event data store will use to charge for event storage. + type: string + RetentionPeriod: + description: The retention period, in days. + type: integer + Status: + description: The status of an event data store. Values are STARTING_INGESTION, ENABLED, STOPPING_INGESTION, STOPPED_INGESTION and PENDING_DELETION. + type: string + TerminationProtectionEnabled: + description: Indicates whether the event data store is protected from termination. + type: boolean + UpdatedTimestamp: + description: The timestamp showing when an event data store was updated, if applicable. UpdatedTimestamp is always either the same or newer than the time shown in CreatedTimestamp. + $ref: '#/components/schemas/Timestamp' + KmsKeyId: + description: Specifies the KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by 'alias/', a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier. + type: string + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + InsightSelectors: + description: Lets you enable Insights event logging by specifying the Insights selectors that you want to enable on an existing event data store. Both InsightSelectors and InsightsDestination need to have a value in order to enable Insights events on an event data store. + type: array + items: + $ref: '#/components/schemas/InsightSelector' + uniqueItems: true + x-insertionOrder: false + InsightsDestination: + description: Specifies the ARN of the event data store that will collect Insights events. Both InsightSelectors and InsightsDestination need to have a value in order to enable Insights events on an event data store + type: string + IngestionEnabled: + description: Indicates whether the event data store is ingesting events. + type: boolean + required: [] + x-stackql-resource-name: event_data_store + description: A storage lake of event data against which you can run complex SQL-based queries. An event data store can include events that you have logged on your account from the last 7 to 2557 or 3653 days (about seven or ten years) depending on the selected BillingMode. + x-type-name: AWS::CloudTrail::EventDataStore + x-stackql-primary-identifier: + - EventDataStoreArn + x-read-only-properties: + - EventDataStoreArn + - CreatedTimestamp + - UpdatedTimestamp + - Status + - FederationStatus + x-required-properties: [] + x-required-permissions: + create: + - CloudTrail:CreateEventDataStore + - CloudTrail:AddTags + - CloudTrail:PutInsightSelectors + - CloudTrail:EnableFederation + - CloudTrail:GetEventDataStore + - iam:PassRole + - iam:GetRole + - iam:CreateServiceLinkedRole + - organizations:DescribeOrganization + - organizations:ListAWSServiceAccessForOrganization + - kms:GenerateDataKey + - kms:Decrypt + - glue:CreateDatabase + - glue:CreateTable + - glue:PassConnection + - lakeformation:RegisterResource + read: + - CloudTrail:GetEventDataStore + - CloudTrail:ListEventDataStores + - CloudTrail:GetInsightSelectors + - CloudTrail:ListTags + update: + - CloudTrail:UpdateEventDataStore + - CloudTrail:RestoreEventDataStore + - CloudTrail:AddTags + - CloudTrail:RemoveTags + - CloudTrail:StartEventDataStoreIngestion + - CloudTrail:StopEventDataStoreIngestion + - CloudTrail:GetEventDataStore + - CloudTrail:PutInsightSelectors + - CloudTrail:GetInsightSelectors + - CloudTrail:EnableFederation + - CloudTrail:DisableFederation + - iam:PassRole + - iam:GetRole + - iam:CreateServiceLinkedRole + - organizations:DescribeOrganization + - organizations:ListAWSServiceAccessForOrganization + - glue:CreateDatabase + - glue:CreateTable + - glue:PassConnection + - lakeformation:RegisterResource + - glue:DeleteTable + - lakeformation:DeregisterResource + - kms:DescribeKey + delete: + - CloudTrail:DeleteEventDataStore + - CloudTrail:GetEventDataStore + - CloudTrail:DisableFederation + - glue:DeleteTable + - lakeformation:DeregisterResource + list: + - CloudTrail:ListEventDataStores + - CloudTrail:GetEventDataStore + - CloudTrail:GetInsightSelectors + - CloudTrail:ListTags + ResourcePolicy: + type: object + properties: + ResourceArn: + description: The ARN of the AWS CloudTrail resource to which the policy applies. + type: string + ResourcePolicy: + description: A policy document containing permissions to add to the specified resource. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. + type: object + required: + - ResourceArn + - ResourcePolicy + x-stackql-resource-name: resource_policy + description: Resource Type definition for AWS::CloudTrail::ResourcePolicy + x-type-name: AWS::CloudTrail::ResourcePolicy + x-stackql-primary-identifier: + - ResourceArn + x-create-only-properties: + - ResourceArn + x-required-properties: + - ResourceArn + - ResourcePolicy + x-tagging: + taggable: false + x-required-permissions: + create: + - CloudTrail:PutResourcePolicy + - CloudTrail:GetResourcePolicy + read: + - CloudTrail:GetResourcePolicy + update: + - CloudTrail:PutResourcePolicy + - CloudTrail:GetResourcePolicy + delete: + - CloudTrail:DeleteResourcePolicy + DataResource: + description: CloudTrail supports data event logging for Amazon S3 objects and AWS Lambda functions. You can specify up to 250 resources for an individual event selector, but the total number of data resources cannot exceed 250 across all event selectors in a trail. This limit does not apply if you configure resource logging for all data events. + type: object + additionalProperties: false + properties: + Type: + description: The resource type in which you want to log data events. You can specify AWS::S3::Object or AWS::Lambda::Function resources. + type: string + Values: + description: An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified objects. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + required: + - Type + EventSelector: + description: The type of email sending events to publish to the event destination. + type: object + additionalProperties: false + properties: + DataResources: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/DataResource' + IncludeManagementEvents: + description: Specify if you want your event selector to include management events for your trail. + type: boolean + ReadWriteType: + description: Specify if you want your trail to log read-only events, write-only events, or all. For example, the EC2 GetConsoleOutput is a read-only API operation and RunInstances is a write-only API operation. + type: string + enum: + - All + - ReadOnly + - WriteOnly + ExcludeManagementEventSources: + description: An optional list of service event sources from which you do not want management events to be logged on your trail. In this release, the list can be empty (disables the filter), or it can filter out AWS Key Management Service events by containing "kms.amazonaws.com". By default, ExcludeManagementEventSources is empty, and AWS KMS events are included in events that are logged to your trail. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Trail: + type: object + properties: + CloudWatchLogsLogGroupArn: + description: Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. Not required unless you specify CloudWatchLogsRoleArn. + type: string + CloudWatchLogsRoleArn: + description: Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. + type: string + EnableLogFileValidation: + description: Specifies whether log file validation is enabled. The default is false. + type: boolean + AdvancedEventSelectors: + description: The advanced event selectors that were used to select events for the data store. + type: array + items: + $ref: '#/components/schemas/AdvancedEventSelector' + uniqueItems: true + x-insertionOrder: false + EventSelectors: + description: >- + Use event selectors to further specify the management and data event settings for your trail. By default, trails created without specific event selectors will be configured to log all read and write management events, and no data events. When an event occurs in your account, CloudTrail evaluates the event selector for all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If the event doesn't match any event selector, the trail + doesn't log the event. You can configure up to five event selectors for a trail. + type: array + items: + $ref: '#/components/schemas/EventSelector' + maxItems: 5 + uniqueItems: true + x-insertionOrder: false + IncludeGlobalServiceEvents: + description: Specifies whether the trail is publishing events from global services such as IAM to the log files. + type: boolean + IsLogging: + description: Whether the CloudTrail is currently logging AWS API calls. + type: boolean + IsMultiRegionTrail: + description: >- + Specifies whether the trail applies only to the current region or to all regions. The default is false. If the trail exists only in the current region and this value is set to true, shadow trails (replications of the trail) will be created in the other regions. If the trail exists in all regions and this value is set to false, the trail will remain in the region where it was created, and its shadow trails in other regions will be deleted. As a best practice, consider using trails + that log events in all regions. + type: boolean + IsOrganizationTrail: + description: Specifies whether the trail is created for all accounts in an organization in AWS Organizations, or only for the current AWS account. The default is false, and cannot be true unless the call is made on behalf of an AWS account that is the master account for an organization in AWS Organizations. + type: boolean + KMSKeyId: + description: Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by 'alias/', a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier. + type: string + S3BucketName: + description: Specifies the name of the Amazon S3 bucket designated for publishing log files. See Amazon S3 Bucket Naming Requirements. + type: string + S3KeyPrefix: + description: Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your CloudTrail Log Files. The maximum length is 200 characters. + type: string + maxLength: 200 + SnsTopicName: + description: Specifies the name of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters. + type: string + maxLength: 256 + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + TrailName: + type: string + pattern: (^[a-zA-Z0-9]$)|(^[a-zA-Z0-9]([a-zA-Z0-9\._-])*[a-zA-Z0-9]$) + minLength: 3 + maxLength: 128 + Arn: + type: string + SnsTopicArn: + type: string + InsightSelectors: + description: Lets you enable Insights event logging by specifying the Insights selectors that you want to enable on an existing trail. + type: array + items: + $ref: '#/components/schemas/InsightSelector' + uniqueItems: true + x-insertionOrder: false + required: + - S3BucketName + - IsLogging + x-stackql-resource-name: trail + description: Creates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket. A maximum of five trails can exist in a region, irrespective of the region in which they were created. + x-type-name: AWS::CloudTrail::Trail + x-stackql-primary-identifier: + - TrailName + x-create-only-properties: + - TrailName + x-read-only-properties: + - Arn + - SnsTopicArn + x-required-properties: + - S3BucketName + - IsLogging + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - CloudTrail:CreateTrail + - CloudTrail:StartLogging + - CloudTrail:AddTags + - CloudTrail:PutEventSelectors + - CloudTrail:PutInsightSelectors + - iam:GetRole + - iam:PassRole + - iam:CreateServiceLinkedRole + - organizations:DescribeOrganization + - organizations:ListAWSServiceAccessForOrganization + read: + - CloudTrail:GetTrail + - CloudTrail:GetTrailStatus + - CloudTrail:ListTags + - CloudTrail:GetEventSelectors + - CloudTrail:GetInsightSelectors + - CloudTrail:DescribeTrails + update: + - CloudTrail:UpdateTrail + - CloudTrail:StartLogging + - CloudTrail:StopLogging + - CloudTrail:AddTags + - CloudTrail:RemoveTags + - CloudTrail:PutEventSelectors + - CloudTrail:PutInsightSelectors + - iam:GetRole + - iam:PassRole + - iam:CreateServiceLinkedRole + - organizations:DescribeOrganization + - organizations:ListAWSServiceAccessForOrganization + - CloudTrail:GetTrail + - CloudTrail:DescribeTrails + delete: + - CloudTrail:DeleteTrail + list: + - CloudTrail:ListTrails + - CloudTrail:GetTrail + - CloudTrail:GetTrailStatus + - CloudTrail:ListTags + - CloudTrail:GetEventSelectors + - CloudTrail:GetInsightSelectors + - CloudTrail:DescribeTrails + x-stackQL-resources: + channels: + name: channels + id: aws.cloudtrail.channels + x-cfn-schema-name: Channel + x-type: list + x-identifiers: + - ChannelArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ChannelArn') as channel_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudTrail::Channel' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ChannelArn') as channel_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudTrail::Channel' + AND region = 'us-east-1' + channel: + name: channel + id: aws.cloudtrail.channel + x-cfn-schema-name: Channel + x-type: get + x-identifiers: + - ChannelArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Source') as source, + JSON_EXTRACT(Properties, '$.Destinations') as destinations, + JSON_EXTRACT(Properties, '$.ChannelArn') as channel_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::Channel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Source') as source, + json_extract_path_text(Properties, 'Destinations') as destinations, + json_extract_path_text(Properties, 'ChannelArn') as channel_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::Channel' + AND data__Identifier = '' + AND region = 'us-east-1' + event_data_stores: + name: event_data_stores + id: aws.cloudtrail.event_data_stores + x-cfn-schema-name: EventDataStore + x-type: list + x-identifiers: + - EventDataStoreArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EventDataStoreArn') as event_data_store_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudTrail::EventDataStore' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EventDataStoreArn') as event_data_store_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudTrail::EventDataStore' + AND region = 'us-east-1' + event_data_store: + name: event_data_store + id: aws.cloudtrail.event_data_store + x-cfn-schema-name: EventDataStore + x-type: get + x-identifiers: + - EventDataStoreArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AdvancedEventSelectors') as advanced_event_selectors, + JSON_EXTRACT(Properties, '$.CreatedTimestamp') as created_timestamp, + JSON_EXTRACT(Properties, '$.EventDataStoreArn') as event_data_store_arn, + JSON_EXTRACT(Properties, '$.FederationEnabled') as federation_enabled, + JSON_EXTRACT(Properties, '$.FederationRoleArn') as federation_role_arn, + JSON_EXTRACT(Properties, '$.MultiRegionEnabled') as multi_region_enabled, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.OrganizationEnabled') as organization_enabled, + JSON_EXTRACT(Properties, '$.BillingMode') as billing_mode, + JSON_EXTRACT(Properties, '$.RetentionPeriod') as retention_period, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.TerminationProtectionEnabled') as termination_protection_enabled, + JSON_EXTRACT(Properties, '$.UpdatedTimestamp') as updated_timestamp, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.InsightSelectors') as insight_selectors, + JSON_EXTRACT(Properties, '$.InsightsDestination') as insights_destination, + JSON_EXTRACT(Properties, '$.IngestionEnabled') as ingestion_enabled + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::EventDataStore' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AdvancedEventSelectors') as advanced_event_selectors, + json_extract_path_text(Properties, 'CreatedTimestamp') as created_timestamp, + json_extract_path_text(Properties, 'EventDataStoreArn') as event_data_store_arn, + json_extract_path_text(Properties, 'FederationEnabled') as federation_enabled, + json_extract_path_text(Properties, 'FederationRoleArn') as federation_role_arn, + json_extract_path_text(Properties, 'MultiRegionEnabled') as multi_region_enabled, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'OrganizationEnabled') as organization_enabled, + json_extract_path_text(Properties, 'BillingMode') as billing_mode, + json_extract_path_text(Properties, 'RetentionPeriod') as retention_period, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'TerminationProtectionEnabled') as termination_protection_enabled, + json_extract_path_text(Properties, 'UpdatedTimestamp') as updated_timestamp, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'InsightSelectors') as insight_selectors, + json_extract_path_text(Properties, 'InsightsDestination') as insights_destination, + json_extract_path_text(Properties, 'IngestionEnabled') as ingestion_enabled + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::EventDataStore' + AND data__Identifier = '' + AND region = 'us-east-1' + resource_policy: + name: resource_policy + id: aws.cloudtrail.resource_policy + x-cfn-schema-name: ResourcePolicy + x-type: get + x-identifiers: + - ResourceArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.ResourcePolicy') as resource_policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'ResourcePolicy') as resource_policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + trails: + name: trails + id: aws.cloudtrail.trails + x-cfn-schema-name: Trail + x-type: list + x-identifiers: + - TrailName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TrailName') as trail_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudTrail::Trail' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TrailName') as trail_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudTrail::Trail' + AND region = 'us-east-1' + trail: + name: trail + id: aws.cloudtrail.trail + x-cfn-schema-name: Trail + x-type: get + x-identifiers: + - TrailName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CloudWatchLogsLogGroupArn') as cloud_watch_logs_log_group_arn, + JSON_EXTRACT(Properties, '$.CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn, + JSON_EXTRACT(Properties, '$.EnableLogFileValidation') as enable_log_file_validation, + JSON_EXTRACT(Properties, '$.AdvancedEventSelectors') as advanced_event_selectors, + JSON_EXTRACT(Properties, '$.EventSelectors') as event_selectors, + JSON_EXTRACT(Properties, '$.IncludeGlobalServiceEvents') as include_global_service_events, + JSON_EXTRACT(Properties, '$.IsLogging') as is_logging, + JSON_EXTRACT(Properties, '$.IsMultiRegionTrail') as is_multi_region_trail, + JSON_EXTRACT(Properties, '$.IsOrganizationTrail') as is_organization_trail, + JSON_EXTRACT(Properties, '$.KMSKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.S3BucketName') as s3_bucket_name, + JSON_EXTRACT(Properties, '$.S3KeyPrefix') as s3_key_prefix, + JSON_EXTRACT(Properties, '$.SnsTopicName') as sns_topic_name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TrailName') as trail_name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.SnsTopicArn') as sns_topic_arn, + JSON_EXTRACT(Properties, '$.InsightSelectors') as insight_selectors + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::Trail' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CloudWatchLogsLogGroupArn') as cloud_watch_logs_log_group_arn, + json_extract_path_text(Properties, 'CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn, + json_extract_path_text(Properties, 'EnableLogFileValidation') as enable_log_file_validation, + json_extract_path_text(Properties, 'AdvancedEventSelectors') as advanced_event_selectors, + json_extract_path_text(Properties, 'EventSelectors') as event_selectors, + json_extract_path_text(Properties, 'IncludeGlobalServiceEvents') as include_global_service_events, + json_extract_path_text(Properties, 'IsLogging') as is_logging, + json_extract_path_text(Properties, 'IsMultiRegionTrail') as is_multi_region_trail, + json_extract_path_text(Properties, 'IsOrganizationTrail') as is_organization_trail, + json_extract_path_text(Properties, 'KMSKeyId') as kms_key_id, + json_extract_path_text(Properties, 'S3BucketName') as s3_bucket_name, + json_extract_path_text(Properties, 'S3KeyPrefix') as s3_key_prefix, + json_extract_path_text(Properties, 'SnsTopicName') as sns_topic_name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TrailName') as trail_name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'SnsTopicArn') as sns_topic_arn, + json_extract_path_text(Properties, 'InsightSelectors') as insight_selectors + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::Trail' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/cloudwatch.yaml b/providers/src/aws/v00.00.00000/services/cloudwatch.yaml new file mode 100644 index 00000000..ab132a62 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/cloudwatch.yaml @@ -0,0 +1,829 @@ +openapi: 3.0.0 +info: + title: CloudWatch + version: 1.0.0 +paths: {} +components: + schemas: + MetricStat: + description: |- + This structure defines the metric to be returned, along with the statistics, period, and units. + ``MetricStat`` is a property of the [MetricDataQuery](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudwatch-alarm-metricdataquery.html) property type. + type: object + additionalProperties: false + properties: + Period: + description: |- + The granularity, in seconds, of the returned data points. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a ``PutMetricData`` call that includes a ``StorageResolution`` of 1 second. + If the ``StartTime`` parameter specifies a time stamp that is greater than 3 hours ago, you must specify the period as follows or no data points in that time range is returned: + + Start time between 3 hours and 15 days ago - Use a multiple of 60 seconds (1 minute). + + Start time between 15 and 63 days ago - Use a multiple of 300 seconds (5 minutes). + + Start time greater than 63 days ago - Use a multiple of 3600 seconds (1 hour). + type: integer + Metric: + description: The metric to return, including the metric name, namespace, and dimensions. + $ref: '#/components/schemas/Metric' + Stat: + description: The statistic to return. It can include any CW statistic or extended statistic. For a list of valid values, see the table in [Statistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic) in the *User Guide*. + type: string + Unit: + description: |- + The unit to use for the returned data points. + Valid values are: Seconds, Microseconds, Milliseconds, Bytes, Kilobytes, Megabytes, Gigabytes, Terabytes, Bits, Kilobits, Megabits, Gigabits, Terabits, Percent, Count, Bytes/Second, Kilobytes/Second, Megabytes/Second, Gigabytes/Second, Terabytes/Second, Bits/Second, Kilobits/Second, Megabits/Second, Gigabits/Second, Terabits/Second, Count/Second, or None. + type: string + required: + - Stat + - Period + - Metric + Metric: + description: The ``Metric`` property type represents a specific metric. ``Metric`` is a property of the [MetricStat](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudwatch-alarm-metricstat.html) property type. + type: object + additionalProperties: false + properties: + MetricName: + description: The name of the metric that you want the alarm to watch. This is a required field. + type: string + Dimensions: + description: The metric dimensions that you want to be used for the metric that the alarm will watch. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Dimension' + Namespace: + description: The namespace of the metric that the alarm will watch. + type: string + Dimension: + description: Dimension is an embedded property of the ``AWS::CloudWatch::Alarm`` type. Dimensions are name/value pairs that can be associated with a CW metric. You can specify a maximum of 10 dimensions for a given metric. + type: object + additionalProperties: false + properties: + Value: + description: The value for the dimension, from 1–255 characters in length. + type: string + Name: + description: The name of the dimension, from 1–255 characters in length. This dimension name must have been included when the metric was published. + type: string + required: + - Value + - Name + MetricDataQuery: + description: |- + The ``MetricDataQuery`` property type specifies the metric data to return, and whether this call is just retrieving a batch set of data for one metric, or is performing a math expression on metric data. + Any expression used must return a single time series. For more information, see [Metric Math Syntax and Functions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-metric-math.html#metric-math-syntax) in the *User Guide*. + type: object + additionalProperties: false + properties: + Label: + description: A human-readable label for this metric or expression. This is especially useful if this is an expression, so that you know what the value represents. If the metric or expression is shown in a CW dashboard widget, the label is shown. If ``Label`` is omitted, CW generates a default. + type: string + MetricStat: + description: |- + The metric to be returned, along with statistics, period, and units. Use this parameter only if this object is retrieving a metric and not performing a math expression on returned data. + Within one MetricDataQuery object, you must specify either ``Expression`` or ``MetricStat`` but not both. + $ref: '#/components/schemas/MetricStat' + Id: + description: A short name used to tie this object to the results in the response. This name must be unique within a single call to ``GetMetricData``. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the mathematical expression. The valid characters are letters, numbers, and underscore. The first character must be a lowercase letter. + type: string + ReturnData: + description: |- + This option indicates whether to return the timestamps and raw data values of this metric. + When you create an alarm based on a metric math expression, specify ``True`` for this value for only the one math expression that the alarm is based on. You must specify ``False`` for ``ReturnData`` for all the other metrics and expressions used in the alarm. + This field is required. + type: boolean + Expression: + description: >- + The math expression to be performed on the returned data, if this object is performing a math expression. This expression can use the ``Id`` of the other metrics to refer to those metrics, and can also use the ``Id`` of other expressions to use the result of those expressions. For more information about metric math expressions, see [Metric Math Syntax and Functions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-metric-math.html#metric-math-syntax) in the *User + Guide*. + Within each MetricDataQuery object, you must specify either ``Expression`` or ``MetricStat`` but not both. + type: string + Period: + description: The granularity, in seconds, of the returned data points. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a ``PutMetricData`` operation that includes a ``StorageResolution of 1 second``. + type: integer + AccountId: + description: The ID of the account where the metrics are located, if this is a cross-account alarm. + type: string + required: + - Id + Tag: + description: Metadata that you can assign to a Metric Stream, consisting of a key-value pair. + type: object + additionalProperties: false + properties: + Key: + description: A unique identifier for the tag. + type: string + minLength: 1 + maxLength: 128 + Value: + description: String which you can use to describe or define the tag. + type: string + minLength: 1 + maxLength: 256 + required: + - Key + - Value + Alarm: + type: object + properties: + ThresholdMetricId: + description: In an alarm based on an anomaly detection model, this is the ID of the ``ANOMALY_DETECTION_BAND`` function used as the threshold for the alarm. + type: string + EvaluateLowSampleCountPercentile: + description: Used only for alarms based on percentiles. If ``ignore``, the alarm state does not change during periods with too few data points to be statistically significant. If ``evaluate`` or this parameter is not used, the alarm is always evaluated and possibly changes state no matter how many data points are available. + type: string + ExtendedStatistic: + description: |- + The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. + For an alarm based on a metric, you must specify either ``Statistic`` or ``ExtendedStatistic`` but not both. + For an alarm based on a math expression, you can't specify ``ExtendedStatistic``. Instead, you use ``Metrics``. + type: string + ComparisonOperator: + description: The arithmetic operation to use when comparing the specified statistic and threshold. The specified statistic value is used as the first operand. + type: string + TreatMissingData: + description: |- + Sets how this alarm is to handle missing data points. Valid values are ``breaching``, ``notBreaching``, ``ignore``, and ``missing``. For more information, see [Configuring How Alarms Treat Missing Data](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarms-and-missing-data) in the *Amazon User Guide*. + If you omit this parameter, the default behavior of ``missing`` is used. + type: string + Dimensions: + description: The dimensions for the metric associated with the alarm. For an alarm based on a math expression, you can't specify ``Dimensions``. Instead, you use ``Metrics``. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Dimension' + Period: + description: |- + The period, in seconds, over which the statistic is applied. This is required for an alarm based on a metric. Valid values are 10, 30, 60, and any multiple of 60. + For an alarm based on a math expression, you can't specify ``Period``, and instead you use the ``Metrics`` parameter. + *Minimum:* 10 + type: integer + EvaluationPeriods: + description: |- + The number of periods over which data is compared to the specified threshold. If you are setting an alarm that requires that a number of consecutive data points be breaching to trigger the alarm, this value specifies that number. If you are setting an "M out of N" alarm, this value is the N, and ``DatapointsToAlarm`` is the M. + For more information, see [Evaluating an Alarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarm-evaluation) in the *User Guide*. + type: integer + Unit: + description: |- + The unit of the metric associated with the alarm. Specify this only if you are creating an alarm based on a single metric. Do not specify this if you are specifying a ``Metrics`` array. + You can specify the following values: Seconds, Microseconds, Milliseconds, Bytes, Kilobytes, Megabytes, Gigabytes, Terabytes, Bits, Kilobits, Megabits, Gigabits, Terabits, Percent, Count, Bytes/Second, Kilobytes/Second, Megabytes/Second, Gigabytes/Second, Terabytes/Second, Bits/Second, Kilobits/Second, Megabits/Second, Gigabits/Second, Terabits/Second, Count/Second, or None. + type: string + Namespace: + description: |- + The namespace of the metric associated with the alarm. This is required for an alarm based on a metric. For an alarm based on a math expression, you can't specify ``Namespace`` and you use ``Metrics`` instead. + For a list of namespaces for metrics from AWS services, see [Services That Publish Metrics.](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) + type: string + OKActions: + description: The actions to execute when this alarm transitions to the ``OK`` state from any other state. Each action is specified as an Amazon Resource Name (ARN). + type: array + uniqueItems: false + items: + type: string + AlarmActions: + description: The list of actions to execute when this alarm transitions into an ALARM state from any other state. Specify each action as an Amazon Resource Name (ARN). For more information about creating alarms and the actions that you can specify, see [PutMetricAlarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricAlarm.html) in the *API Reference*. + type: array + uniqueItems: false + items: + type: string + MetricName: + description: The name of the metric associated with the alarm. This is required for an alarm based on a metric. For an alarm based on a math expression, you use ``Metrics`` instead and you can't specify ``MetricName``. + type: string + ActionsEnabled: + description: Indicates whether actions should be executed during any changes to the alarm state. The default is TRUE. + type: boolean + default: true + Metrics: + description: |- + An array that enables you to create an alarm based on the result of a metric math expression. Each item in the array either retrieves a metric or performs a math expression. + If you specify the ``Metrics`` parameter, you cannot specify ``MetricName``, ``Dimensions``, ``Period``, ``Namespace``, ``Statistic``, ``ExtendedStatistic``, or ``Unit``. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/MetricDataQuery' + AlarmDescription: + description: The description of the alarm. + type: string + AlarmName: + description: |- + The name of the alarm. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the alarm name. + If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + type: string + Statistic: + description: |- + The statistic for the metric associated with the alarm, other than percentile. For percentile statistics, use ``ExtendedStatistic``. + For an alarm based on a metric, you must specify either ``Statistic`` or ``ExtendedStatistic`` but not both. + For an alarm based on a math expression, you can't specify ``Statistic``. Instead, you use ``Metrics``. + type: string + InsufficientDataActions: + description: The actions to execute when this alarm transitions to the ``INSUFFICIENT_DATA`` state from any other state. Each action is specified as an Amazon Resource Name (ARN). + type: array + uniqueItems: false + items: + type: string + Arn: + description: '' + type: string + DatapointsToAlarm: + description: |- + The number of datapoints that must be breaching to trigger the alarm. This is used only if you are setting an "M out of N" alarm. In that case, this value is the M, and the value that you set for ``EvaluationPeriods`` is the N value. For more information, see [Evaluating an Alarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarm-evaluation) in the *User Guide*. + If you omit this parameter, CW uses the same value here that you set for ``EvaluationPeriods``, and the alarm goes to alarm state if that many consecutive periods are breaching. + type: integer + Threshold: + description: The value to compare with the specified statistic. + type: number + Tags: + description: '' + type: array + maxItems: 50 + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + required: + - ComparisonOperator + - EvaluationPeriods + x-stackql-resource-name: alarm + description: |- + The ``AWS::CloudWatch::Alarm`` type specifies an alarm and associates it with the specified metric or metric math expression. + When this operation creates an alarm, the alarm state is immediately set to ``INSUFFICIENT_DATA``. The alarm is then evaluated and its state is set appropriately. Any actions associated with the new state are then executed. + When you update an existing alarm, its state is left unchanged, but the update completely overwrites the previous configuration of the alarm. + x-type-name: AWS::CloudWatch::Alarm + x-stackql-primary-identifier: + - AlarmName + x-create-only-properties: + - AlarmName + x-read-only-properties: + - Arn + x-required-properties: + - ComparisonOperator + - EvaluationPeriods + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - cloudwatch:PutMetricAlarm + - cloudwatch:DescribeAlarms + - cloudwatch:TagResource + update: + - cloudwatch:PutMetricAlarm + - cloudwatch:DescribeAlarms + - cloudwatch:TagResource + - cloudwatch:UntagResource + delete: + - cloudwatch:DeleteAlarms + - cloudwatch:DescribeAlarms + list: + - cloudwatch:DescribeAlarms + read: + - cloudwatch:DescribeAlarms + - cloudwatch:ListTagsForResource + AlarmActionARN: + type: string + description: Amazon Resource Name (ARN) of the action + minLength: 1 + maxLength: 1024 + CompositeAlarm: + type: object + properties: + Arn: + type: string + description: Amazon Resource Name (ARN) of the alarm + minLength: 1 + maxLength: 1600 + AlarmName: + description: The name of the Composite Alarm + type: string + minLength: 1 + maxLength: 255 + AlarmRule: + type: string + description: Expression which aggregates the state of other Alarms (Metric or Composite Alarms) + minLength: 1 + maxLength: 10240 + AlarmDescription: + type: string + description: The description of the alarm + minLength: 0 + maxLength: 1024 + ActionsEnabled: + description: Indicates whether actions should be executed during any changes to the alarm state. The default is TRUE. + type: boolean + OKActions: + type: array + items: + type: string + description: Amazon Resource Name (ARN) of the action + minLength: 1 + maxLength: 1024 + description: The actions to execute when this alarm transitions to the OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). + maxItems: 5 + AlarmActions: + type: array + items: + type: string + description: Amazon Resource Name (ARN) of the action + minLength: 1 + maxLength: 1024 + description: The list of actions to execute when this alarm transitions into an ALARM state from any other state. Specify each action as an Amazon Resource Name (ARN). + maxItems: 5 + InsufficientDataActions: + type: array + items: + type: string + description: Amazon Resource Name (ARN) of the action + minLength: 1 + maxLength: 1024 + description: The actions to execute when this alarm transitions to the INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). + maxItems: 5 + ActionsSuppressor: + description: 'Actions will be suppressed if the suppressor alarm is in the ALARM state. ActionsSuppressor can be an AlarmName or an Amazon Resource Name (ARN) from an existing alarm. ' + type: string + minLength: 1 + maxLength: 1600 + ActionsSuppressorWaitPeriod: + description: Actions will be suppressed if ExtensionPeriod is active. The length of time that actions are suppressed is in seconds. + type: integer + minimum: 0 + ActionsSuppressorExtensionPeriod: + description: Actions will be suppressed if WaitPeriod is active. The length of time that actions are suppressed is in seconds. + type: integer + minimum: 0 + Tags: + description: A list of key-value pairs to associate with the composite alarm. You can associate as many as 50 tags with an alarm. + type: array + maxItems: 50 + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + required: + - AlarmRule + x-stackql-resource-name: composite_alarm + description: The AWS::CloudWatch::CompositeAlarm type specifies an alarm which aggregates the states of other Alarms (Metric or Composite Alarms) as defined by the AlarmRule expression + x-type-name: AWS::CloudWatch::CompositeAlarm + x-stackql-primary-identifier: + - AlarmName + x-create-only-properties: + - AlarmName + x-read-only-properties: + - Arn + x-required-properties: + - AlarmRule + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - cloudwatch:DescribeAlarms + - cloudwatch:PutCompositeAlarm + - cloudwatch:TagResource + read: + - cloudwatch:DescribeAlarms + - cloudwatch:ListTagsForResource + update: + - cloudwatch:DescribeAlarms + - cloudwatch:PutCompositeAlarm + - cloudwatch:TagResource + - cloudwatch:UntagResource + delete: + - cloudwatch:DescribeAlarms + - cloudwatch:DeleteAlarms + list: + - cloudwatch:DescribeAlarms + MetricStreamFilter: + description: This structure defines the metrics that will be streamed. + type: object + additionalProperties: false + properties: + Namespace: + description: Only metrics with Namespace matching this value will be streamed. + type: string + minLength: 1 + maxLength: 255 + MetricNames: + description: Only metrics with MetricNames matching these values will be streamed. Must be set together with Namespace. + type: array + maxItems: 999 + items: + type: string + minLength: 1 + maxLength: 255 + required: + - Namespace + MetricStreamStatisticsConfiguration: + description: This structure specifies a list of additional statistics to stream, and the metrics to stream those additional statistics for. All metrics that match the combination of metric name and namespace will be streamed with the extended statistics, no matter their dimensions. + type: object + additionalProperties: false + properties: + AdditionalStatistics: + description: The additional statistics to stream for the metrics listed in IncludeMetrics. + type: array + maxItems: 20 + uniqueItems: true + items: + type: string + IncludeMetrics: + description: An array that defines the metrics that are to have additional statistics streamed. + type: array + maxItems: 100 + uniqueItems: true + items: + $ref: '#/components/schemas/MetricStreamStatisticsMetric' + required: + - AdditionalStatistics + - IncludeMetrics + MetricStreamStatisticsMetric: + description: A structure that specifies the metric name and namespace for one metric that is going to have additional statistics included in the stream. + type: object + additionalProperties: false + properties: + MetricName: + description: The name of the metric. + type: string + minLength: 1 + maxLength: 255 + Namespace: + description: The namespace of the metric. + type: string + minLength: 1 + maxLength: 255 + required: + - MetricName + - Namespace + MetricStream: + type: object + properties: + Arn: + description: Amazon Resource Name of the metric stream. + type: string + minLength: 20 + maxLength: 2048 + CreationDate: + description: The date of creation of the metric stream. + type: string + anyOf: + - format: date-time + - format: timestamp + ExcludeFilters: + description: Define which metrics will be not streamed. Metrics matched by multiple instances of MetricStreamFilter are joined with an OR operation by default. If both IncludeFilters and ExcludeFilters are omitted, all metrics in the account will be streamed. IncludeFilters and ExcludeFilters are mutually exclusive. Default to null. + type: array + maxItems: 1000 + uniqueItems: true + items: + $ref: '#/components/schemas/MetricStreamFilter' + FirehoseArn: + description: The ARN of the Kinesis Firehose where to stream the data. + type: string + minLength: 20 + maxLength: 2048 + IncludeFilters: + description: Define which metrics will be streamed. Metrics matched by multiple instances of MetricStreamFilter are joined with an OR operation by default. If both IncludeFilters and ExcludeFilters are omitted, all metrics in the account will be streamed. IncludeFilters and ExcludeFilters are mutually exclusive. Default to null. + type: array + maxItems: 1000 + uniqueItems: true + items: + $ref: '#/components/schemas/MetricStreamFilter' + LastUpdateDate: + description: The date of the last update of the metric stream. + type: string + anyOf: + - format: date-time + - format: timestamp + Name: + description: Name of the metric stream. + type: string + minLength: 1 + maxLength: 255 + RoleArn: + description: The ARN of the role that provides access to the Kinesis Firehose. + type: string + minLength: 20 + maxLength: 2048 + State: + description: Displays the state of the Metric Stream. + type: string + minLength: 1 + maxLength: 255 + OutputFormat: + description: The output format of the data streamed to the Kinesis Firehose. + type: string + minLength: 1 + maxLength: 255 + StatisticsConfigurations: + description: By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT statistics for each metric that is streamed. You can use this parameter to have the metric stream also send additional statistics in the stream. This array can have up to 100 members. + type: array + maxItems: 100 + uniqueItems: true + items: + $ref: '#/components/schemas/MetricStreamStatisticsConfiguration' + Tags: + description: A set of tags to assign to the delivery stream. + type: array + maxItems: 50 + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + IncludeLinkedAccountsMetrics: + description: If you are creating a metric stream in a monitoring account, specify true to include metrics from source accounts that are linked to this monitoring account, in the metric stream. The default is false. + type: boolean + required: + - FirehoseArn + - RoleArn + - OutputFormat + x-stackql-resource-name: metric_stream + description: Resource Type definition for Metric Stream + x-type-name: AWS::CloudWatch::MetricStream + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-write-only-properties: + - Tags + x-read-only-properties: + - Arn + - CreationDate + - LastUpdateDate + - State + x-required-properties: + - FirehoseArn + - RoleArn + - OutputFormat + x-taggable: true + x-required-permissions: + create: + - cloudwatch:PutMetricStream + - cloudwatch:GetMetricStream + - cloudwatch:TagResource + - iam:PassRole + update: + - cloudwatch:PutMetricStream + - cloudwatch:GetMetricStream + - cloudwatch:TagResource + - cloudwatch:UntagResource + - iam:PassRole + delete: + - cloudwatch:DeleteMetricStream + - cloudwatch:GetMetricStream + list: + - cloudwatch:ListMetricStreams + read: + - cloudwatch:GetMetricStream + x-stackQL-resources: + alarms: + name: alarms + id: aws.cloudwatch.alarms + x-cfn-schema-name: Alarm + x-type: list + x-identifiers: + - AlarmName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AlarmName') as alarm_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudWatch::Alarm' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AlarmName') as alarm_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudWatch::Alarm' + AND region = 'us-east-1' + alarm: + name: alarm + id: aws.cloudwatch.alarm + x-cfn-schema-name: Alarm + x-type: get + x-identifiers: + - AlarmName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ThresholdMetricId') as threshold_metric_id, + JSON_EXTRACT(Properties, '$.EvaluateLowSampleCountPercentile') as evaluate_low_sample_count_percentile, + JSON_EXTRACT(Properties, '$.ExtendedStatistic') as extended_statistic, + JSON_EXTRACT(Properties, '$.ComparisonOperator') as comparison_operator, + JSON_EXTRACT(Properties, '$.TreatMissingData') as treat_missing_data, + JSON_EXTRACT(Properties, '$.Dimensions') as dimensions, + JSON_EXTRACT(Properties, '$.Period') as period, + JSON_EXTRACT(Properties, '$.EvaluationPeriods') as evaluation_periods, + JSON_EXTRACT(Properties, '$.Unit') as unit, + JSON_EXTRACT(Properties, '$.Namespace') as namespace, + JSON_EXTRACT(Properties, '$.OKActions') as ok_actions, + JSON_EXTRACT(Properties, '$.AlarmActions') as alarm_actions, + JSON_EXTRACT(Properties, '$.MetricName') as metric_name, + JSON_EXTRACT(Properties, '$.ActionsEnabled') as actions_enabled, + JSON_EXTRACT(Properties, '$.Metrics') as metrics, + JSON_EXTRACT(Properties, '$.AlarmDescription') as alarm_description, + JSON_EXTRACT(Properties, '$.AlarmName') as alarm_name, + JSON_EXTRACT(Properties, '$.Statistic') as statistic, + JSON_EXTRACT(Properties, '$.InsufficientDataActions') as insufficient_data_actions, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DatapointsToAlarm') as datapoints_to_alarm, + JSON_EXTRACT(Properties, '$.Threshold') as threshold, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudWatch::Alarm' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ThresholdMetricId') as threshold_metric_id, + json_extract_path_text(Properties, 'EvaluateLowSampleCountPercentile') as evaluate_low_sample_count_percentile, + json_extract_path_text(Properties, 'ExtendedStatistic') as extended_statistic, + json_extract_path_text(Properties, 'ComparisonOperator') as comparison_operator, + json_extract_path_text(Properties, 'TreatMissingData') as treat_missing_data, + json_extract_path_text(Properties, 'Dimensions') as dimensions, + json_extract_path_text(Properties, 'Period') as period, + json_extract_path_text(Properties, 'EvaluationPeriods') as evaluation_periods, + json_extract_path_text(Properties, 'Unit') as unit, + json_extract_path_text(Properties, 'Namespace') as namespace, + json_extract_path_text(Properties, 'OKActions') as ok_actions, + json_extract_path_text(Properties, 'AlarmActions') as alarm_actions, + json_extract_path_text(Properties, 'MetricName') as metric_name, + json_extract_path_text(Properties, 'ActionsEnabled') as actions_enabled, + json_extract_path_text(Properties, 'Metrics') as metrics, + json_extract_path_text(Properties, 'AlarmDescription') as alarm_description, + json_extract_path_text(Properties, 'AlarmName') as alarm_name, + json_extract_path_text(Properties, 'Statistic') as statistic, + json_extract_path_text(Properties, 'InsufficientDataActions') as insufficient_data_actions, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DatapointsToAlarm') as datapoints_to_alarm, + json_extract_path_text(Properties, 'Threshold') as threshold, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudWatch::Alarm' + AND data__Identifier = '' + AND region = 'us-east-1' + composite_alarms: + name: composite_alarms + id: aws.cloudwatch.composite_alarms + x-cfn-schema-name: CompositeAlarm + x-type: list + x-identifiers: + - AlarmName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AlarmName') as alarm_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudWatch::CompositeAlarm' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AlarmName') as alarm_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudWatch::CompositeAlarm' + AND region = 'us-east-1' + composite_alarm: + name: composite_alarm + id: aws.cloudwatch.composite_alarm + x-cfn-schema-name: CompositeAlarm + x-type: get + x-identifiers: + - AlarmName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AlarmName') as alarm_name, + JSON_EXTRACT(Properties, '$.AlarmRule') as alarm_rule, + JSON_EXTRACT(Properties, '$.AlarmDescription') as alarm_description, + JSON_EXTRACT(Properties, '$.ActionsEnabled') as actions_enabled, + JSON_EXTRACT(Properties, '$.OKActions') as ok_actions, + JSON_EXTRACT(Properties, '$.AlarmActions') as alarm_actions, + JSON_EXTRACT(Properties, '$.InsufficientDataActions') as insufficient_data_actions, + JSON_EXTRACT(Properties, '$.ActionsSuppressor') as actions_suppressor, + JSON_EXTRACT(Properties, '$.ActionsSuppressorWaitPeriod') as actions_suppressor_wait_period, + JSON_EXTRACT(Properties, '$.ActionsSuppressorExtensionPeriod') as actions_suppressor_extension_period, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudWatch::CompositeAlarm' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AlarmName') as alarm_name, + json_extract_path_text(Properties, 'AlarmRule') as alarm_rule, + json_extract_path_text(Properties, 'AlarmDescription') as alarm_description, + json_extract_path_text(Properties, 'ActionsEnabled') as actions_enabled, + json_extract_path_text(Properties, 'OKActions') as ok_actions, + json_extract_path_text(Properties, 'AlarmActions') as alarm_actions, + json_extract_path_text(Properties, 'InsufficientDataActions') as insufficient_data_actions, + json_extract_path_text(Properties, 'ActionsSuppressor') as actions_suppressor, + json_extract_path_text(Properties, 'ActionsSuppressorWaitPeriod') as actions_suppressor_wait_period, + json_extract_path_text(Properties, 'ActionsSuppressorExtensionPeriod') as actions_suppressor_extension_period, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudWatch::CompositeAlarm' + AND data__Identifier = '' + AND region = 'us-east-1' + metric_streams: + name: metric_streams + id: aws.cloudwatch.metric_streams + x-cfn-schema-name: MetricStream + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudWatch::MetricStream' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudWatch::MetricStream' + AND region = 'us-east-1' + metric_stream: + name: metric_stream + id: aws.cloudwatch.metric_stream + x-cfn-schema-name: MetricStream + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationDate') as creation_date, + JSON_EXTRACT(Properties, '$.ExcludeFilters') as exclude_filters, + JSON_EXTRACT(Properties, '$.FirehoseArn') as firehose_arn, + JSON_EXTRACT(Properties, '$.IncludeFilters') as include_filters, + JSON_EXTRACT(Properties, '$.LastUpdateDate') as last_update_date, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.OutputFormat') as output_format, + JSON_EXTRACT(Properties, '$.StatisticsConfigurations') as statistics_configurations, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.IncludeLinkedAccountsMetrics') as include_linked_accounts_metrics + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudWatch::MetricStream' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationDate') as creation_date, + json_extract_path_text(Properties, 'ExcludeFilters') as exclude_filters, + json_extract_path_text(Properties, 'FirehoseArn') as firehose_arn, + json_extract_path_text(Properties, 'IncludeFilters') as include_filters, + json_extract_path_text(Properties, 'LastUpdateDate') as last_update_date, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'OutputFormat') as output_format, + json_extract_path_text(Properties, 'StatisticsConfigurations') as statistics_configurations, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'IncludeLinkedAccountsMetrics') as include_linked_accounts_metrics + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudWatch::MetricStream' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/codeartifact.yaml b/providers/src/aws/v00.00.00000/services/codeartifact.yaml new file mode 100644 index 00000000..3a7d878c --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/codeartifact.yaml @@ -0,0 +1,551 @@ +openapi: 3.0.0 +info: + title: CodeArtifact + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 1 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 256 + required: + - Value + - Key + additionalProperties: false + Domain: + type: object + properties: + DomainName: + description: The name of the domain. + type: string + pattern: ^([a-z][a-z0-9\-]{0,48}[a-z0-9])$ + minLength: 2 + maxLength: 50 + Name: + description: The name of the domain. This field is used for GetAtt + type: string + pattern: ^([a-z][a-z0-9\-]{0,48}[a-z0-9])$ + minLength: 2 + maxLength: 50 + Owner: + description: The 12-digit account ID of the AWS account that owns the domain. This field is used for GetAtt + pattern: '[0-9]{12}' + type: string + EncryptionKey: + description: The ARN of an AWS Key Management Service (AWS KMS) key associated with a domain. + type: string + PermissionsPolicyDocument: + description: The access control resource policy on the provided domain. + type: object + minLength: 2 + maxLength: 5120 + Tags: + type: array + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + Arn: + description: The ARN of the domain. + type: string + minLength: 1 + maxLength: 2048 + required: + - DomainName + x-stackql-resource-name: domain + description: The resource schema to create a CodeArtifact domain. + x-type-name: AWS::CodeArtifact::Domain + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - DomainName + - EncryptionKey + x-read-only-properties: + - Owner + - Name + - EncryptionKey + - Arn + x-required-properties: + - DomainName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - codeartifact:CreateDomain + - codeartifact:DescribeDomain + - codeartifact:PutDomainPermissionsPolicy + - codeartifact:GetDomainPermissionsPolicy + - codeartifact:TagResource + read: + - codeartifact:DescribeDomain + - codeartifact:GetDomainPermissionsPolicy + - codeartifact:ListTagsForResource + update: + - codeartifact:PutDomainPermissionsPolicy + - codeartifact:DeleteDomainPermissionsPolicy + - codeartifact:GetDomainPermissionsPolicy + - codeartifact:TagResource + - codeartifact:UntagResource + delete: + - codeartifact:DeleteDomain + - codeartifact:DescribeDomain + list: + - codeartifact:ListDomains + OriginConfiguration: + type: object + properties: + Restrictions: + description: The origin configuration that is applied to the package group. + type: object + $ref: '#/components/schemas/Restrictions' + required: + - Restrictions + additionalProperties: false + Restrictions: + type: object + properties: + Publish: + type: object + description: The publish restriction determines if new package versions can be published. + $ref: '#/components/schemas/RestrictionType' + ExternalUpstream: + type: object + description: The external upstream restriction determines if new package versions can be ingested or retained from external connections. + $ref: '#/components/schemas/RestrictionType' + InternalUpstream: + type: object + description: The internal upstream restriction determines if new package versions can be ingested or retained from upstream repositories. + $ref: '#/components/schemas/RestrictionType' + additionalProperties: false + RestrictionType: + type: object + properties: + RestrictionMode: + type: string + enum: + - ALLOW + - BLOCK + - ALLOW_SPECIFIC_REPOSITORIES + - INHERIT + Repositories: + type: array + items: + type: string + required: + - RestrictionMode + additionalProperties: false + PackageGroup: + type: object + properties: + DomainName: + description: The name of the domain that contains the package group. + type: string + pattern: ^([a-z][a-z0-9\-]{0,48}[a-z0-9])$ + minLength: 2 + maxLength: 50 + DomainOwner: + description: The 12-digit account ID of the AWS account that owns the domain. + pattern: '[0-9]{12}' + type: string + Pattern: + description: The package group pattern that is used to gather packages. + type: string + minLength: 2 + maxLength: 520 + ContactInfo: + description: The contact info of the package group. + type: string + maxLength: 1000 + Description: + description: The text description of the package group. + type: string + maxLength: 1000 + OriginConfiguration: + description: The package origin configuration of the package group. + type: object + $ref: '#/components/schemas/OriginConfiguration' + Tags: + type: array + description: An array of key-value pairs to apply to the package group. + items: + $ref: '#/components/schemas/Tag' + Arn: + description: The ARN of the package group. + type: string + minLength: 1 + maxLength: 2048 + required: + - Pattern + - DomainName + x-stackql-resource-name: package_group + description: The resource schema to create a CodeArtifact package group. + x-type-name: AWS::CodeArtifact::PackageGroup + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - DomainName + - Pattern + x-read-only-properties: + - Arn + x-required-properties: + - Pattern + - DomainName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - codeartifact:CreatePackageGroup + - codeartifact:DescribePackageGroup + - codeartifact:UpdatePackageGroup + - codeartifact:UpdatePackageGroupOriginConfiguration + - codeartifact:ListAllowedRepositoriesForGroup + - codeartifact:ListTagsForResource + - codeartifact:TagResource + read: + - codeartifact:DescribePackageGroup + - codeartifact:ListAllowedRepositoriesForGroup + - codeartifact:ListTagsForResource + update: + - codeartifact:UpdatePackageGroup + - codeartifact:UpdatePackageGroupOriginConfiguration + - codeartifact:DescribePackageGroup + - codeartifact:ListAllowedRepositoriesForGroup + - codeartifact:ListTagsForResource + - codeartifact:TagResource + - codeartifact:UntagResource + delete: + - codeartifact:DeletePackageGroup + - codeartifact:DescribePackageGroup + list: + - codeartifact:ListPackageGroups + Repository: + type: object + properties: + RepositoryName: + description: The name of the repository. + type: string + pattern: ^([A-Za-z0-9][A-Za-z0-9._\-]{1,99})$ + minLength: 2 + maxLength: 100 + Name: + description: The name of the repository. This is used for GetAtt + type: string + pattern: ^([A-Za-z0-9][A-Za-z0-9._\-]{1,99})$ + minLength: 2 + maxLength: 100 + DomainName: + description: The name of the domain that contains the repository. + type: string + pattern: ^([a-z][a-z0-9\-]{0,48}[a-z0-9])$ + minLength: 2 + maxLength: 50 + DomainOwner: + description: The 12-digit account ID of the AWS account that owns the domain. + pattern: '[0-9]{12}' + type: string + Description: + description: A text description of the repository. + type: string + maxLength: 1000 + Arn: + description: The ARN of the repository. + type: string + minLength: 1 + maxLength: 2048 + ExternalConnections: + description: A list of external connections associated with the repository. + type: array + items: + type: string + Upstreams: + description: A list of upstream repositories associated with the repository. + type: array + items: + type: string + PermissionsPolicyDocument: + description: The access control resource policy on the provided repository. + type: object + minLength: 2 + maxLength: 5120 + Tags: + type: array + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + required: + - RepositoryName + - DomainName + x-stackql-resource-name: repository + description: The resource schema to create a CodeArtifact repository. + x-type-name: AWS::CodeArtifact::Repository + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - RepositoryName + - DomainName + - DomainOwner + x-read-only-properties: + - Name + - DomainOwner + - Arn + x-required-properties: + - RepositoryName + - DomainName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - codeartifact:CreateRepository + - codeartifact:DescribeRepository + - codeartifact:PutRepositoryPermissionsPolicy + - codeartifact:AssociateExternalConnection + - codeartifact:AssociateWithDownstreamRepository + - codeartifact:TagResource + read: + - codeartifact:DescribeRepository + - codeartifact:GetRepositoryPermissionsPolicy + - codeartifact:ListTagsForResource + update: + - codeartifact:PutRepositoryPermissionsPolicy + - codeartifact:DeleteRepositoryPermissionsPolicy + - codeartifact:AssociateExternalConnection + - codeartifact:DisassociateExternalConnection + - codeartifact:UpdateRepository + - codeartifact:DescribeRepository + - codeartifact:AssociateWithDownstreamRepository + - codeartifact:TagResource + - codeartifact:UntagResource + delete: + - codeartifact:DeleteRepository + - codeartifact:DescribeRepository + list: + - codeartifact:ListRepositories + x-stackQL-resources: + domains: + name: domains + id: aws.codeartifact.domains + x-cfn-schema-name: Domain + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeArtifact::Domain' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeArtifact::Domain' + AND region = 'us-east-1' + domain: + name: domain + id: aws.codeartifact.domain + x-cfn-schema-name: Domain + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Owner') as owner, + JSON_EXTRACT(Properties, '$.EncryptionKey') as encryption_key, + JSON_EXTRACT(Properties, '$.PermissionsPolicyDocument') as permissions_policy_document, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeArtifact::Domain' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Owner') as owner, + json_extract_path_text(Properties, 'EncryptionKey') as encryption_key, + json_extract_path_text(Properties, 'PermissionsPolicyDocument') as permissions_policy_document, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeArtifact::Domain' + AND data__Identifier = '' + AND region = 'us-east-1' + package_groups: + name: package_groups + id: aws.codeartifact.package_groups + x-cfn-schema-name: PackageGroup + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeArtifact::PackageGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeArtifact::PackageGroup' + AND region = 'us-east-1' + package_group: + name: package_group + id: aws.codeartifact.package_group + x-cfn-schema-name: PackageGroup + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.DomainOwner') as domain_owner, + JSON_EXTRACT(Properties, '$.Pattern') as pattern, + JSON_EXTRACT(Properties, '$.ContactInfo') as contact_info, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.OriginConfiguration') as origin_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeArtifact::PackageGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'DomainOwner') as domain_owner, + json_extract_path_text(Properties, 'Pattern') as pattern, + json_extract_path_text(Properties, 'ContactInfo') as contact_info, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'OriginConfiguration') as origin_configuration, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeArtifact::PackageGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + repositories: + name: repositories + id: aws.codeartifact.repositories + x-cfn-schema-name: Repository + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeArtifact::Repository' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeArtifact::Repository' + AND region = 'us-east-1' + repository: + name: repository + id: aws.codeartifact.repository + x-cfn-schema-name: Repository + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RepositoryName') as repository_name, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.DomainOwner') as domain_owner, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ExternalConnections') as external_connections, + JSON_EXTRACT(Properties, '$.Upstreams') as upstreams, + JSON_EXTRACT(Properties, '$.PermissionsPolicyDocument') as permissions_policy_document, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeArtifact::Repository' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RepositoryName') as repository_name, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'DomainOwner') as domain_owner, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ExternalConnections') as external_connections, + json_extract_path_text(Properties, 'Upstreams') as upstreams, + json_extract_path_text(Properties, 'PermissionsPolicyDocument') as permissions_policy_document, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeArtifact::Repository' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/codebuild.yaml b/providers/src/aws/v00.00.00000/services/codebuild.yaml new file mode 100644 index 00000000..2c0711df --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/codebuild.yaml @@ -0,0 +1,151 @@ +openapi: 3.0.0 +info: + title: CodeBuild + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 128 + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 0 + maxLength: 256 + pattern: '[a-zA-Z+-=._:/]+$' + required: + - Value + - Key + Fleet: + type: object + properties: + Name: + type: string + minLength: 2 + maxLength: 128 + BaseCapacity: + type: integer + minimum: 1 + EnvironmentType: + type: string + enum: + - WINDOWS_SERVER_2019_CONTAINER + - WINDOWS_SERVER_2022_CONTAINER + - LINUX_CONTAINER + - LINUX_GPU_CONTAINER + - ARM_CONTAINER + ComputeType: + type: string + enum: + - BUILD_GENERAL1_SMALL + - BUILD_GENERAL1_MEDIUM + - BUILD_GENERAL1_LARGE + - BUILD_GENERAL1_2XLARGE + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Arn: + type: string + minLength: 1 + x-stackql-resource-name: fleet + description: Resource Type definition for AWS::CodeBuild::Fleet + x-type-name: AWS::CodeBuild::Fleet + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - codebuild:BatchGetFleets + - codebuild:CreateFleet + delete: + - codebuild:BatchGetFleets + - codebuild:DeleteFleet + read: + - codebuild:BatchGetFleets + list: + - codebuild:ListFleets + update: + - codebuild:BatchGetFleets + - codebuild:UpdateFleet + x-stackQL-resources: + fleets: + name: fleets + id: aws.codebuild.fleets + x-cfn-schema-name: Fleet + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeBuild::Fleet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeBuild::Fleet' + AND region = 'us-east-1' + fleet: + name: fleet + id: aws.codebuild.fleet + x-cfn-schema-name: Fleet + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.BaseCapacity') as base_capacity, + JSON_EXTRACT(Properties, '$.EnvironmentType') as environment_type, + JSON_EXTRACT(Properties, '$.ComputeType') as compute_type, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeBuild::Fleet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'BaseCapacity') as base_capacity, + json_extract_path_text(Properties, 'EnvironmentType') as environment_type, + json_extract_path_text(Properties, 'ComputeType') as compute_type, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeBuild::Fleet' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/codeconnections.yaml b/providers/src/aws/v00.00.00000/services/codeconnections.yaml new file mode 100644 index 00000000..9af9da6c --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/codeconnections.yaml @@ -0,0 +1,169 @@ +openapi: 3.0.0 +info: + title: CodeConnections + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 0 + maxLength: 256 + required: + - Value + - Key + additionalProperties: false + Connection: + type: object + properties: + ConnectionArn: + description: The Amazon Resource Name (ARN) of the connection. The ARN is used as the connection reference when the connection is shared between AWS services. + type: string + minLength: 0 + maxLength: 256 + pattern: arn:aws(-[\w]+)*:.+:.+:[0-9]{12}:.+ + ConnectionName: + description: The name of the connection. Connection names must be unique in an AWS user account. + type: string + minLength: 1 + maxLength: 32 + ConnectionStatus: + description: The current status of the connection. + type: string + OwnerAccountId: + description: The name of the external provider where your third-party code repository is configured. For Bitbucket, this is the account ID of the owner of the Bitbucket repository. + type: string + minLength: 12 + maxLength: 12 + pattern: '[0-9]{12}' + ProviderType: + description: The name of the external provider where your third-party code repository is configured. You must specify either a ProviderType or a HostArn. + type: string + HostArn: + description: The host arn configured to represent the infrastructure where your third-party provider is installed. You must specify either a ProviderType or a HostArn. + type: string + minLength: 0 + maxLength: 256 + pattern: arn:aws(-[\w]+)*:.+:.+:[0-9]{12}:.+ + Tags: + description: Specifies the tags applied to a connection. + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + required: + - ConnectionName + x-stackql-resource-name: connection + description: Schema for AWS::CodeConnections::Connection resource which can be used to connect external source providers with other AWS services (i.e. AWS CodePipeline) + x-type-name: AWS::CodeConnections::Connection + x-stackql-primary-identifier: + - ConnectionArn + x-create-only-properties: + - ConnectionName + - ProviderType + - HostArn + x-read-only-properties: + - ConnectionArn + - ConnectionStatus + - OwnerAccountId + x-required-properties: + - ConnectionName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - codeconnections:CreateConnection + - codeconnections:TagResource + read: + - codeconnections:GetConnection + - codeconnections:ListTagsForResource + update: + - codeconnections:ListTagsForResource + - codeconnections:TagResource + - codeconnections:UntagResource + delete: + - codeconnections:DeleteConnection + list: + - codeconnections:ListConnections + - codeconnections:ListTagsForResource + x-stackQL-resources: + connections: + name: connections + id: aws.codeconnections.connections + x-cfn-schema-name: Connection + x-type: list + x-identifiers: + - ConnectionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConnectionArn') as connection_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeConnections::Connection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConnectionArn') as connection_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeConnections::Connection' + AND region = 'us-east-1' + connection: + name: connection + id: aws.codeconnections.connection + x-cfn-schema-name: Connection + x-type: get + x-identifiers: + - ConnectionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ConnectionArn') as connection_arn, + JSON_EXTRACT(Properties, '$.ConnectionName') as connection_name, + JSON_EXTRACT(Properties, '$.ConnectionStatus') as connection_status, + JSON_EXTRACT(Properties, '$.OwnerAccountId') as owner_account_id, + JSON_EXTRACT(Properties, '$.ProviderType') as provider_type, + JSON_EXTRACT(Properties, '$.HostArn') as host_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeConnections::Connection' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ConnectionArn') as connection_arn, + json_extract_path_text(Properties, 'ConnectionName') as connection_name, + json_extract_path_text(Properties, 'ConnectionStatus') as connection_status, + json_extract_path_text(Properties, 'OwnerAccountId') as owner_account_id, + json_extract_path_text(Properties, 'ProviderType') as provider_type, + json_extract_path_text(Properties, 'HostArn') as host_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeConnections::Connection' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/codedeploy.yaml b/providers/src/aws/v00.00.00000/services/codedeploy.yaml new file mode 100644 index 00000000..65dddf29 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/codedeploy.yaml @@ -0,0 +1,297 @@ +openapi: 3.0.0 +info: + title: CodeDeploy + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + additionalProperties: false + properties: + Value: + type: string + Key: + type: string + required: + - Value + - Key + Application: + type: object + properties: + ApplicationName: + description: A name for the application. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the application name. + type: string + ComputePlatform: + description: The compute platform that CodeDeploy deploys the application to. + type: string + Tags: + description: 'The metadata that you apply to CodeDeploy applications to help you organize and categorize them. Each tag consists of a key and an optional value, both of which you define. ' + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: false + x-stackql-resource-name: application + description: The AWS::CodeDeploy::Application resource creates an AWS CodeDeploy application + x-type-name: AWS::CodeDeploy::Application + x-stackql-primary-identifier: + - ApplicationName + x-create-only-properties: + - ApplicationName + - ComputePlatform + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - codedeploy:CreateApplication + - codedeploy:TagResource + read: + - codedeploy:GetApplication + - codedeploy:ListTagsForResource + delete: + - codedeploy:GetApplication + - codedeploy:DeleteApplication + update: + - codedeploy:TagResource + - codedeploy:UntagResource + list: + - codedeploy:ListApplications + TimeBasedLinear: + type: object + additionalProperties: false + properties: + LinearInterval: + type: integer + LinearPercentage: + type: integer + required: + - LinearInterval + - LinearPercentage + TimeBasedCanary: + type: object + additionalProperties: false + properties: + CanaryPercentage: + type: integer + CanaryInterval: + type: integer + required: + - CanaryPercentage + - CanaryInterval + TrafficRoutingConfig: + type: object + additionalProperties: false + properties: + Type: + type: string + TimeBasedLinear: + $ref: '#/components/schemas/TimeBasedLinear' + TimeBasedCanary: + $ref: '#/components/schemas/TimeBasedCanary' + required: + - Type + MinimumHealthyHostsPerZone: + type: object + additionalProperties: false + properties: + Value: + type: integer + Type: + type: string + required: + - Type + - Value + ZonalConfig: + type: object + additionalProperties: false + properties: + FirstZoneMonitorDurationInSeconds: + type: integer + format: int64 + MonitorDurationInSeconds: + type: integer + format: int64 + MinimumHealthyHostsPerZone: + $ref: '#/components/schemas/MinimumHealthyHostsPerZone' + required: [] + MinimumHealthyHosts: + type: object + additionalProperties: false + properties: + Value: + type: integer + Type: + type: string + required: + - Type + - Value + DeploymentConfig: + type: object + properties: + ComputePlatform: + description: The destination platform type for the deployment (Lambda, Server, or ECS). + type: string + DeploymentConfigName: + description: A name for the deployment configuration. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the deployment configuration name. For more information, see Name Type. + type: string + MinimumHealthyHosts: + description: 'The minimum number of healthy instances that should be available at any time during the deployment. There are two parameters expected in the input: type and value.' + $ref: '#/components/schemas/MinimumHealthyHosts' + ZonalConfig: + description: The zonal deployment config that specifies how the zonal deployment behaves + $ref: '#/components/schemas/ZonalConfig' + TrafficRoutingConfig: + description: The configuration that specifies how the deployment traffic is routed. + $ref: '#/components/schemas/TrafficRoutingConfig' + x-stackql-resource-name: deployment_config + description: Resource Type definition for AWS::CodeDeploy::DeploymentConfig + x-type-name: AWS::CodeDeploy::DeploymentConfig + x-stackql-primary-identifier: + - DeploymentConfigName + x-create-only-properties: + - DeploymentConfigName + - MinimumHealthyHosts + - ComputePlatform + - ZonalConfig + - TrafficRoutingConfig + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - codedeploy:CreateDeploymentConfig + read: + - codedeploy:GetDeploymentConfig + delete: + - codedeploy:GetDeploymentConfig + - codedeploy:DeleteDeploymentConfig + list: + - codedeploy:ListDeploymentConfigs + x-stackQL-resources: + applications: + name: applications + id: aws.codedeploy.applications + x-cfn-schema-name: Application + x-type: list + x-identifiers: + - ApplicationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationName') as application_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeDeploy::Application' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationName') as application_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeDeploy::Application' + AND region = 'us-east-1' + application: + name: application + id: aws.codedeploy.application + x-cfn-schema-name: Application + x-type: get + x-identifiers: + - ApplicationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApplicationName') as application_name, + JSON_EXTRACT(Properties, '$.ComputePlatform') as compute_platform, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeDeploy::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApplicationName') as application_name, + json_extract_path_text(Properties, 'ComputePlatform') as compute_platform, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeDeploy::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + deployment_configs: + name: deployment_configs + id: aws.codedeploy.deployment_configs + x-cfn-schema-name: DeploymentConfig + x-type: list + x-identifiers: + - DeploymentConfigName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DeploymentConfigName') as deployment_config_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeDeploy::DeploymentConfig' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DeploymentConfigName') as deployment_config_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeDeploy::DeploymentConfig' + AND region = 'us-east-1' + deployment_config: + name: deployment_config + id: aws.codedeploy.deployment_config + x-cfn-schema-name: DeploymentConfig + x-type: get + x-identifiers: + - DeploymentConfigName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ComputePlatform') as compute_platform, + JSON_EXTRACT(Properties, '$.DeploymentConfigName') as deployment_config_name, + JSON_EXTRACT(Properties, '$.MinimumHealthyHosts') as minimum_healthy_hosts, + JSON_EXTRACT(Properties, '$.ZonalConfig') as zonal_config, + JSON_EXTRACT(Properties, '$.TrafficRoutingConfig') as traffic_routing_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeDeploy::DeploymentConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ComputePlatform') as compute_platform, + json_extract_path_text(Properties, 'DeploymentConfigName') as deployment_config_name, + json_extract_path_text(Properties, 'MinimumHealthyHosts') as minimum_healthy_hosts, + json_extract_path_text(Properties, 'ZonalConfig') as zonal_config, + json_extract_path_text(Properties, 'TrafficRoutingConfig') as traffic_routing_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeDeploy::DeploymentConfig' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/codeguruprofiler.yaml b/providers/src/aws/v00.00.00000/services/codeguruprofiler.yaml new file mode 100644 index 00000000..af4dc5b4 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/codeguruprofiler.yaml @@ -0,0 +1,198 @@ +openapi: 3.0.0 +info: + title: CodeGuruProfiler + version: 1.0.0 +paths: {} +components: + schemas: + ProfilingGroupArn: + type: string + pattern: ^arn:aws([-\w]*):codeguru-profiler:(([a-z]+-)+[0-9]+):([0-9]{12}):profilingGroup/[^.]+$ + IamArn: + type: string + pattern: ^arn:aws([-\w]*):iam::([0-9]{12}):[\S]+$ + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. The allowed characters across services are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.' + type: string + minLength: 1 + maxLength: 128 + Value: + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length. The allowed characters across services are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.' + type: string + minLength: 0 + maxLength: 256 + required: + - Value + - Key + ChannelId: + description: Unique identifier for each Channel in the notification configuration of a Profiling Group + type: string + pattern: '[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}' + ChannelUri: + description: Unique arn of the resource to be used for notifications. We support a valid SNS topic arn as a channel uri. + type: string + pattern: ^arn:aws([-\w]*):[a-z-]+:(([a-z]+-)+[0-9]+)?:([0-9]{12}):[^.]+$ + Channel: + description: Notification medium for users to get alerted for events that occur in application profile. We support SNS topic as a notification channel. + type: object + required: + - channelUri + properties: + channelId: + $ref: '#/components/schemas/ChannelId' + channelUri: + $ref: '#/components/schemas/ChannelUri' + ProfilingGroup: + type: object + properties: + ProfilingGroupName: + description: The name of the profiling group. + type: string + minLength: 1 + maxLength: 255 + pattern: ^[\w-]+$ + ComputePlatform: + description: The compute platform of the profiling group. + type: string + enum: + - Default + - AWSLambda + AgentPermissions: + description: The agent permissions attached to this profiling group. + type: object + additionalProperties: false + required: + - Principals + properties: + Principals: + description: The principals for the agent permissions. + type: array + items: + $ref: '#/components/schemas/IamArn' + AnomalyDetectionNotificationConfiguration: + description: Configuration for Notification Channels for Anomaly Detection feature in CodeGuru Profiler which enables customers to detect anomalies in the application profile for those methods that represent the highest proportion of CPU time or latency + type: array + items: + $ref: '#/components/schemas/Channel' + Arn: + description: The Amazon Resource Name (ARN) of the specified profiling group. + $ref: '#/components/schemas/ProfilingGroupArn' + x-examples: + - arn:aws:codeguru-profiler:us-east-1:000000000000:profilingGroup/My-example-profiling-group + Tags: + description: The tags associated with a profiling group. + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 50 + uniqueItems: true + required: + - ProfilingGroupName + x-stackql-resource-name: profiling_group + description: This resource schema represents the Profiling Group resource in the Amazon CodeGuru Profiler service. + x-type-name: AWS::CodeGuruProfiler::ProfilingGroup + x-stackql-primary-identifier: + - ProfilingGroupName + x-create-only-properties: + - ProfilingGroupName + - ComputePlatform + x-read-only-properties: + - Arn + x-required-properties: + - ProfilingGroupName + x-required-permissions: + create: + - sns:Publish + - codeguru-profiler:AddNotificationChannels + - codeguru-profiler:CreateProfilingGroup + - codeguru-profiler:PutPermission + - codeguru-profiler:TagResource + read: + - codeguru-profiler:DescribeProfilingGroup + - codeguru-profiler:ListTagsForResource + update: + - sns:Publish + - codeguru-profiler:AddNotificationChannels + - codeguru-profiler:GetNotificationConfiguration + - codeguru-profiler:RemoveNotificationChannel + - codeguru-profiler:PutPermission + - codeguru-profiler:RemovePermission + - codeguru-profiler:GetPolicy + - codeguru-profiler:TagResource + - codeguru-profiler:UntagResource + - codeguru-profiler:ListTagsForResource + delete: + - codeguru-profiler:DeleteProfilingGroup + list: + - codeguru-profiler:ListProfilingGroups + - codeguru-profiler:ListTagsForResource + x-stackQL-resources: + profiling_groups: + name: profiling_groups + id: aws.codeguruprofiler.profiling_groups + x-cfn-schema-name: ProfilingGroup + x-type: list + x-identifiers: + - ProfilingGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ProfilingGroupName') as profiling_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeGuruProfiler::ProfilingGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ProfilingGroupName') as profiling_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeGuruProfiler::ProfilingGroup' + AND region = 'us-east-1' + profiling_group: + name: profiling_group + id: aws.codeguruprofiler.profiling_group + x-cfn-schema-name: ProfilingGroup + x-type: get + x-identifiers: + - ProfilingGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ProfilingGroupName') as profiling_group_name, + JSON_EXTRACT(Properties, '$.ComputePlatform') as compute_platform, + JSON_EXTRACT(Properties, '$.AgentPermissions') as agent_permissions, + JSON_EXTRACT(Properties, '$.AnomalyDetectionNotificationConfiguration') as anomaly_detection_notification_configuration, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeGuruProfiler::ProfilingGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ProfilingGroupName') as profiling_group_name, + json_extract_path_text(Properties, 'ComputePlatform') as compute_platform, + json_extract_path_text(Properties, 'AgentPermissions') as agent_permissions, + json_extract_path_text(Properties, 'AnomalyDetectionNotificationConfiguration') as anomaly_detection_notification_configuration, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeGuruProfiler::ProfilingGroup' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/codegurureviewer.yaml b/providers/src/aws/v00.00.00000/services/codegurureviewer.yaml new file mode 100644 index 00000000..07e90eff --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/codegurureviewer.yaml @@ -0,0 +1,191 @@ +openapi: 3.0.0 +info: + title: CodeGuruReviewer + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. The allowed characters across services are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.' + type: string + minLength: 1 + maxLength: 128 + Value: + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length. The allowed characters across services are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.' + type: string + minLength: 0 + maxLength: 256 + required: + - Value + - Key + RepositoryAssociation: + type: object + properties: + Name: + description: Name of the repository to be associated. + type: string + minLength: 1 + maxLength: 100 + pattern: ^\S[\w.-]*$ + Type: + description: The type of repository to be associated. + type: string + enum: + - CodeCommit + - Bitbucket + - GitHubEnterpriseServer + - S3Bucket + Owner: + description: The owner of the repository. For a Bitbucket repository, this is the username for the account that owns the repository. + type: string + minLength: 1 + maxLength: 100 + pattern: ^\S(.*\S)?$ + BucketName: + description: The name of the S3 bucket associated with an associated S3 repository. It must start with `codeguru-reviewer-`. + type: string + minLength: 3 + maxLength: 63 + pattern: ^\S(.*\S)?$ + ConnectionArn: + description: The Amazon Resource Name (ARN) of an AWS CodeStar Connections connection. + type: string + minLength: 0 + maxLength: 256 + pattern: arn:aws(-[\w]+)*:.+:.+:[0-9]{12}:.+ + AssociationArn: + description: The Amazon Resource Name (ARN) of the repository association. + type: string + minLength: 0 + maxLength: 256 + pattern: arn:aws(-[\w]+)*:.+:.+:[0-9]{12}:.+ + Tags: + description: The tags associated with a repository association. + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 50 + uniqueItems: false + required: + - Name + - Type + x-stackql-resource-name: repository_association + description: This resource schema represents the RepositoryAssociation resource in the Amazon CodeGuru Reviewer service. + x-type-name: AWS::CodeGuruReviewer::RepositoryAssociation + x-stackql-primary-identifier: + - AssociationArn + x-create-only-properties: + - Name + - Type + - Tags + - BucketName + - Owner + - ConnectionArn + x-read-only-properties: + - AssociationArn + x-required-properties: + - Name + - Type + x-required-permissions: + create: + - codeguru-reviewer:DescribeRepositoryAssociation + - codeguru-reviewer:AssociateRepository + - codeguru-reviewer:TagResource + - iam:CreateServiceLinkedRole + - codecommit:TagResource + - codecommit:GitPull + - codecommit:TagResource + - events:PutRule + - events:PutTargets + - codestar-connections:ListBranches + - codestar-connections:ListRepositories + - codestar-connections:ListTagsForResource + - codestar-connections:PassConnection + - codestar-connections:TagResource + - codestar-connections:UseConnection + - s3:ListBucket + read: + - codeguru-reviewer:DescribeRepositoryAssociation + - codeguru-reviewer:ListTagsForResource + delete: + - codeguru-reviewer:DescribeRepositoryAssociation + - codeguru-reviewer:DisassociateRepository + - codecommit:UntagResource + - events:DeleteRule + - events:RemoveTargets + - codestar-connections:UntagResource + - codestar-connections:ListTagsForResource + list: + - codeguru-reviewer:ListRepositoryAssociations + x-stackQL-resources: + repository_associations: + name: repository_associations + id: aws.codegurureviewer.repository_associations + x-cfn-schema-name: RepositoryAssociation + x-type: list + x-identifiers: + - AssociationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssociationArn') as association_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeGuruReviewer::RepositoryAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssociationArn') as association_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeGuruReviewer::RepositoryAssociation' + AND region = 'us-east-1' + repository_association: + name: repository_association + id: aws.codegurureviewer.repository_association + x-cfn-schema-name: RepositoryAssociation + x-type: get + x-identifiers: + - AssociationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Owner') as owner, + JSON_EXTRACT(Properties, '$.BucketName') as bucket_name, + JSON_EXTRACT(Properties, '$.ConnectionArn') as connection_arn, + JSON_EXTRACT(Properties, '$.AssociationArn') as association_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeGuruReviewer::RepositoryAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Owner') as owner, + json_extract_path_text(Properties, 'BucketName') as bucket_name, + json_extract_path_text(Properties, 'ConnectionArn') as connection_arn, + json_extract_path_text(Properties, 'AssociationArn') as association_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeGuruReviewer::RepositoryAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/codepipeline.yaml b/providers/src/aws/v00.00.00000/services/codepipeline.yaml new file mode 100644 index 00000000..eb04b645 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/codepipeline.yaml @@ -0,0 +1,252 @@ +openapi: 3.0.0 +info: + title: CodePipeline + version: 1.0.0 +paths: {} +components: + schemas: + ConfigurationProperties: + additionalProperties: false + description: The configuration properties for the custom action. + type: object + properties: + Description: + description: 'The description of the action configuration property that is displayed to users. ' + type: string + Key: + description: Whether the configuration property is a key. + type: boolean + Name: + description: The name of the action configuration property. + type: string + Queryable: + description: >- + Indicates that the property is used with PollForJobs. When creating a custom action, an action can have up to one queryable property. If it has one, that property must be both required and not secret.If you create a pipeline with a custom action type, and that custom action contains a queryable property, the value for that configuration property is subject to other restrictions. The value must be less than or equal to twenty (20) characters. The value can contain only alphanumeric + characters, underscores, and hyphens. + type: boolean + Required: + description: Whether the configuration property is a required value. + type: boolean + Secret: + description: Whether the configuration property is secret. Secrets are hidden from all calls except for GetJobDetails, GetThirdPartyJobDetails, PollForJobs, and PollForThirdPartyJobs. + type: boolean + Type: + description: The type of the configuration property. + type: string + required: + - Key + - Name + - Required + - Secret + ArtifactDetails: + additionalProperties: false + description: Returns information about the details of an artifact. + type: object + properties: + MaximumCount: + description: The maximum number of artifacts allowed for the action type. + type: integer + MinimumCount: + description: The minimum number of artifacts allowed for the action type. + type: integer + required: + - MaximumCount + - MinimumCount + Settings: + additionalProperties: false + description: 'Settings is a property of the AWS::CodePipeline::CustomActionType resource that provides URLs that users can access to view information about the CodePipeline custom action. ' + type: object + properties: + EntityUrlTemplate: + description: 'The URL returned to the AWS CodePipeline console that provides a deep link to the resources of the external system, such as the configuration page for an AWS CodeDeploy deployment group. This link is provided as part of the action display in the pipeline. ' + type: string + ExecutionUrlTemplate: + description: 'The URL returned to the AWS CodePipeline console that contains a link to the top-level landing page for the external system, such as the console page for AWS CodeDeploy. This link is shown on the pipeline view page in the AWS CodePipeline console and provides a link to the execution entity of the external action. ' + type: string + RevisionUrlTemplate: + description: 'The URL returned to the AWS CodePipeline console that contains a link to the page where customers can update or change the configuration of the external action. ' + type: string + ThirdPartyConfigurationUrl: + description: The URL of a sign-up page where users can sign up for an external service and perform initial configuration of the action provided by that service. + type: string + Tag: + type: object + additionalProperties: false + properties: + Value: + type: string + Key: + type: string + required: + - Value + - Key + CustomActionType: + type: object + properties: + Category: + description: The category of the custom action, such as a build action or a test action. + type: string + ConfigurationProperties: + description: The configuration properties for the custom action. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/ConfigurationProperties' + InputArtifactDetails: + description: The details of the input artifact for the action, such as its commit ID. + $ref: '#/components/schemas/ArtifactDetails' + OutputArtifactDetails: + description: The details of the output artifact of the action, such as its commit ID. + $ref: '#/components/schemas/ArtifactDetails' + Provider: + description: The provider of the service used in the custom action, such as AWS CodeDeploy. + type: string + Settings: + description: URLs that provide users information about this custom action. + $ref: '#/components/schemas/Settings' + Tags: + description: Any tags assigned to the custom action. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Version: + description: The version identifier of the custom action. + type: string + Id: + type: string + required: + - Category + - InputArtifactDetails + - OutputArtifactDetails + - Provider + - Version + x-stackql-resource-name: custom_action_type + description: The AWS::CodePipeline::CustomActionType resource creates a custom action for activities that aren't included in the CodePipeline default actions, such as running an internally developed build process or a test suite. You can use these custom actions in the stage of a pipeline. + x-type-name: AWS::CodePipeline::CustomActionType + x-stackql-primary-identifier: + - Category + - Provider + - Version + x-create-only-properties: + - Category + - ConfigurationProperties + - InputArtifactDetails + - OutputArtifactDetails + - Provider + - Settings + - Version + x-write-only-properties: + - ConfigurationProperties/*/Type + x-read-only-properties: + - Id + x-required-properties: + - Category + - InputArtifactDetails + - OutputArtifactDetails + - Provider + - Version + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - codepipeline:CreateCustomActionType + - codepipeline:TagResource + - codepipeline:ListActionTypes + read: + - codepipeline:ListActionTypes + - codepipeline:ListTagsForResource + update: + - codepipeline:ListActionTypes + - codepipeline:TagResource + - codepipeline:UntagResource + delete: + - codepipeline:DeleteCustomActionType + - codepipeline:ListActionTypes + list: + - codepipeline:ListActionTypes + x-stackQL-resources: + custom_action_types: + name: custom_action_types + id: aws.codepipeline.custom_action_types + x-cfn-schema-name: CustomActionType + x-type: list + x-identifiers: + - Category + - Provider + - Version + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Category') as category, + JSON_EXTRACT(Properties, '$.Provider') as provider, + JSON_EXTRACT(Properties, '$.Version') as version + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodePipeline::CustomActionType' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Category') as category, + json_extract_path_text(Properties, 'Provider') as provider, + json_extract_path_text(Properties, 'Version') as version + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodePipeline::CustomActionType' + AND region = 'us-east-1' + custom_action_type: + name: custom_action_type + id: aws.codepipeline.custom_action_type + x-cfn-schema-name: CustomActionType + x-type: get + x-identifiers: + - Category + - Provider + - Version + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Category') as category, + JSON_EXTRACT(Properties, '$.ConfigurationProperties') as configuration_properties, + JSON_EXTRACT(Properties, '$.InputArtifactDetails') as input_artifact_details, + JSON_EXTRACT(Properties, '$.OutputArtifactDetails') as output_artifact_details, + JSON_EXTRACT(Properties, '$.Provider') as provider, + JSON_EXTRACT(Properties, '$.Settings') as settings, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodePipeline::CustomActionType' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Category') as category, + json_extract_path_text(Properties, 'ConfigurationProperties') as configuration_properties, + json_extract_path_text(Properties, 'InputArtifactDetails') as input_artifact_details, + json_extract_path_text(Properties, 'OutputArtifactDetails') as output_artifact_details, + json_extract_path_text(Properties, 'Provider') as provider, + json_extract_path_text(Properties, 'Settings') as settings, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodePipeline::CustomActionType' + AND data__Identifier = '||' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/codestarconnections.yaml b/providers/src/aws/v00.00.00000/services/codestarconnections.yaml new file mode 100644 index 00000000..dfa86fda --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/codestarconnections.yaml @@ -0,0 +1,510 @@ +openapi: 3.0.0 +info: + title: CodeStarConnections + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, , ., /, =, +, and -. ' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, , ., /, =, +, and -. ' + minLength: 0 + maxLength: 256 + required: + - Value + - Key + additionalProperties: false + Connection: + type: object + properties: + ConnectionArn: + description: The Amazon Resource Name (ARN) of the connection. The ARN is used as the connection reference when the connection is shared between AWS services. + type: string + minLength: 0 + maxLength: 256 + pattern: arn:aws(-[\w]+)*:.+:.+:[0-9]{12}:.+ + ConnectionName: + description: The name of the connection. Connection names must be unique in an AWS user account. + type: string + minLength: 1 + maxLength: 32 + ConnectionStatus: + description: The current status of the connection. + type: string + OwnerAccountId: + description: The name of the external provider where your third-party code repository is configured. For Bitbucket, this is the account ID of the owner of the Bitbucket repository. + type: string + minLength: 12 + maxLength: 12 + pattern: '[0-9]{12}' + ProviderType: + description: The name of the external provider where your third-party code repository is configured. You must specify either a ProviderType or a HostArn. + type: string + HostArn: + description: The host arn configured to represent the infrastructure where your third-party provider is installed. You must specify either a ProviderType or a HostArn. + type: string + minLength: 0 + maxLength: 256 + pattern: arn:aws(-[\w]+)*:.+:.+:[0-9]{12}:.+ + Tags: + description: Specifies the tags applied to a connection. + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + required: + - ConnectionName + x-stackql-resource-name: connection + description: Schema for AWS::CodeStarConnections::Connection resource which can be used to connect external source providers with AWS CodePipeline + x-type-name: AWS::CodeStarConnections::Connection + x-stackql-primary-identifier: + - ConnectionArn + x-create-only-properties: + - ConnectionName + - ProviderType + - HostArn + x-read-only-properties: + - ConnectionArn + - ConnectionStatus + - OwnerAccountId + x-required-properties: + - ConnectionName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - codestar-connections:CreateConnection + - codestar-connections:TagResource + read: + - codestar-connections:GetConnection + - codestar-connections:ListTagsForResource + update: + - codestar-connections:ListTagsForResource + - codestar-connections:TagResource + - codestar-connections:UntagResource + delete: + - codestar-connections:DeleteConnection + list: + - codestar-connections:ListConnections + - codestar-connections:ListTagsForResource + RepositoryLink: + type: object + properties: + ConnectionArn: + description: The Amazon Resource Name (ARN) of the CodeStarConnection. The ARN is used as the connection reference when the connection is shared between AWS services. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn):.+:.+:[0-9]{12}:.+ + ProviderType: + description: The name of the external provider where your third-party code repository is configured. + type: string + enum: + - GitHub + - Bitbucket + - GitHubEnterprise + - GitLab + - GitLabSelfManaged + OwnerId: + description: the ID of the entity that owns the repository. + type: string + pattern: '[a-za-z0-9_\.-]+' + RepositoryName: + description: The repository for which the link is being created. + type: string + pattern: '[a-za-z0-9_\.-]+' + EncryptionKeyArn: + description: The ARN of the KMS key that the customer can optionally specify to use to encrypt RepositoryLink properties. If not specified, a default key will be used. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn):.+:.+:[0-9]{12}:.+ + RepositoryLinkId: + description: A UUID that uniquely identifies the RepositoryLink. + type: string + pattern: '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}' + RepositoryLinkArn: + description: A unique Amazon Resource Name (ARN) to designate the repository link. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn):.+:.+:[0-9]{12}:.+ + Tags: + description: Specifies the tags applied to a RepositoryLink. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - RepositoryName + - ConnectionArn + - OwnerId + x-stackql-resource-name: repository_link + description: Schema for AWS::CodeStarConnections::RepositoryLink resource which is used to aggregate repository metadata relevant to synchronizing source provider content to AWS Resources. + x-type-name: AWS::CodeStarConnections::RepositoryLink + x-stackql-primary-identifier: + - RepositoryLinkArn + x-stackql-additional-identifiers: + - - RepositoryLinkId + x-create-only-properties: + - RepositoryName + - OwnerId + x-read-only-properties: + - RepositoryLinkArn + - RepositoryLinkId + - ProviderType + x-required-properties: + - RepositoryName + - ConnectionArn + - OwnerId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + update: + - codestar-connections:GetConnection + - codestar-connections:ListTagsForResource + - codestar-connections:PassConnection + - codestar-connections:UseConnection + - codestar-connections:TagResource + - codestar-connections:UntagResource + - codestar-connections:UpdateRepositoryLink + create: + - codestar-connections:CreateRepositoryLink + - codestar-connections:TagResource + - codestar-connections:UseConnection + - codestar-connections:PassConnection + - codestar-connections:GetConnection + - iam:CreateServiceLinkedRole + read: + - codestar-connections:GetRepositoryLink + - codestar-connections:ListTagsForResource + - codestar-connections:GetConnection + delete: + - codestar-connections:GetRepositoryLink + - codestar-connections:DeleteRepositoryLink + - codestar-connections:GetConnection + list: + - codestar-connections:ListRepositoryLinks + - codestar-connections:ListTagsForResource + SyncConfiguration: + type: object + properties: + OwnerId: + description: the ID of the entity that owns the repository. + type: string + pattern: '[a-za-z0-9_\.-]+' + ResourceName: + description: The name of the resource that is being synchronized to the repository. + type: string + pattern: '[a-za-z0-9_\.-]+' + RepositoryName: + description: The name of the repository that is being synced to. + type: string + pattern: '[a-za-z0-9_\.-]+' + ProviderType: + description: The name of the external provider where your third-party code repository is configured. + type: string + enum: + - GitHub + - Bitbucket + - GitHubEnterprise + - GitLab + - GitLabSelfManaged + Branch: + description: The name of the branch of the repository from which resources are to be synchronized, + type: string + ConfigFile: + description: The source provider repository path of the sync configuration file of the respective SyncType. + type: string + SyncType: + description: The type of resource synchronization service that is to be configured, for example, CFN_STACK_SYNC. + type: string + RoleArn: + description: The IAM Role that allows AWS to update CloudFormation stacks based on content in the specified repository. + type: string + PublishDeploymentStatus: + description: Whether to enable or disable publishing of deployment status to source providers. + type: string + enum: + - ENABLED + - DISABLED + TriggerResourceUpdateOn: + description: When to trigger Git sync to begin the stack update. + type: string + enum: + - ANY_CHANGE + - FILE_CHANGE + RepositoryLinkId: + description: A UUID that uniquely identifies the RepositoryLink that the SyncConfig is associated with. + type: string + pattern: '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}' + required: + - Branch + - ConfigFile + - RepositoryLinkId + - ResourceName + - SyncType + - RoleArn + x-stackql-resource-name: sync_configuration + description: Schema for AWS::CodeStarConnections::SyncConfiguration resource which is used to enables an AWS resource to be synchronized from a source-provider. + x-type-name: AWS::CodeStarConnections::SyncConfiguration + x-stackql-primary-identifier: + - ResourceName + - SyncType + x-create-only-properties: + - SyncType + - ResourceName + x-read-only-properties: + - ProviderType + - OwnerId + - RepositoryName + x-required-properties: + - Branch + - ConfigFile + - RepositoryLinkId + - ResourceName + - SyncType + - RoleArn + x-tagging: + taggable: false + x-required-permissions: + create: + - codestar-connections:CreateSyncConfiguration + - codestar-connections:PassRepository + - iam:PassRole + read: + - codestar-connections:GetSyncConfiguration + update: + - codestar-connections:UpdateSyncConfiguration + - codestar-connections:PassRepository + - iam:PassRole + delete: + - codestar-connections:DeleteSyncConfiguration + - codestar-connections:GetSyncConfiguration + list: + - codestar-connections:ListSyncConfigurations + - codestar-connections:ListRepositoryLinks + x-stackQL-resources: + connections: + name: connections + id: aws.codestarconnections.connections + x-cfn-schema-name: Connection + x-type: list + x-identifiers: + - ConnectionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConnectionArn') as connection_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeStarConnections::Connection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConnectionArn') as connection_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeStarConnections::Connection' + AND region = 'us-east-1' + connection: + name: connection + id: aws.codestarconnections.connection + x-cfn-schema-name: Connection + x-type: get + x-identifiers: + - ConnectionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ConnectionArn') as connection_arn, + JSON_EXTRACT(Properties, '$.ConnectionName') as connection_name, + JSON_EXTRACT(Properties, '$.ConnectionStatus') as connection_status, + JSON_EXTRACT(Properties, '$.OwnerAccountId') as owner_account_id, + JSON_EXTRACT(Properties, '$.ProviderType') as provider_type, + JSON_EXTRACT(Properties, '$.HostArn') as host_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeStarConnections::Connection' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ConnectionArn') as connection_arn, + json_extract_path_text(Properties, 'ConnectionName') as connection_name, + json_extract_path_text(Properties, 'ConnectionStatus') as connection_status, + json_extract_path_text(Properties, 'OwnerAccountId') as owner_account_id, + json_extract_path_text(Properties, 'ProviderType') as provider_type, + json_extract_path_text(Properties, 'HostArn') as host_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeStarConnections::Connection' + AND data__Identifier = '' + AND region = 'us-east-1' + repository_links: + name: repository_links + id: aws.codestarconnections.repository_links + x-cfn-schema-name: RepositoryLink + x-type: list + x-identifiers: + - RepositoryLinkArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RepositoryLinkArn') as repository_link_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeStarConnections::RepositoryLink' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RepositoryLinkArn') as repository_link_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeStarConnections::RepositoryLink' + AND region = 'us-east-1' + repository_link: + name: repository_link + id: aws.codestarconnections.repository_link + x-cfn-schema-name: RepositoryLink + x-type: get + x-identifiers: + - RepositoryLinkArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ConnectionArn') as connection_arn, + JSON_EXTRACT(Properties, '$.ProviderType') as provider_type, + JSON_EXTRACT(Properties, '$.OwnerId') as owner_id, + JSON_EXTRACT(Properties, '$.RepositoryName') as repository_name, + JSON_EXTRACT(Properties, '$.EncryptionKeyArn') as encryption_key_arn, + JSON_EXTRACT(Properties, '$.RepositoryLinkId') as repository_link_id, + JSON_EXTRACT(Properties, '$.RepositoryLinkArn') as repository_link_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeStarConnections::RepositoryLink' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ConnectionArn') as connection_arn, + json_extract_path_text(Properties, 'ProviderType') as provider_type, + json_extract_path_text(Properties, 'OwnerId') as owner_id, + json_extract_path_text(Properties, 'RepositoryName') as repository_name, + json_extract_path_text(Properties, 'EncryptionKeyArn') as encryption_key_arn, + json_extract_path_text(Properties, 'RepositoryLinkId') as repository_link_id, + json_extract_path_text(Properties, 'RepositoryLinkArn') as repository_link_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeStarConnections::RepositoryLink' + AND data__Identifier = '' + AND region = 'us-east-1' + sync_configurations: + name: sync_configurations + id: aws.codestarconnections.sync_configurations + x-cfn-schema-name: SyncConfiguration + x-type: list + x-identifiers: + - ResourceName + - SyncType + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ResourceName') as resource_name, + JSON_EXTRACT(Properties, '$.SyncType') as sync_type + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeStarConnections::SyncConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ResourceName') as resource_name, + json_extract_path_text(Properties, 'SyncType') as sync_type + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeStarConnections::SyncConfiguration' + AND region = 'us-east-1' + sync_configuration: + name: sync_configuration + id: aws.codestarconnections.sync_configuration + x-cfn-schema-name: SyncConfiguration + x-type: get + x-identifiers: + - ResourceName + - SyncType + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.OwnerId') as owner_id, + JSON_EXTRACT(Properties, '$.ResourceName') as resource_name, + JSON_EXTRACT(Properties, '$.RepositoryName') as repository_name, + JSON_EXTRACT(Properties, '$.ProviderType') as provider_type, + JSON_EXTRACT(Properties, '$.Branch') as branch, + JSON_EXTRACT(Properties, '$.ConfigFile') as config_file, + JSON_EXTRACT(Properties, '$.SyncType') as sync_type, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.PublishDeploymentStatus') as publish_deployment_status, + JSON_EXTRACT(Properties, '$.TriggerResourceUpdateOn') as trigger_resource_update_on, + JSON_EXTRACT(Properties, '$.RepositoryLinkId') as repository_link_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeStarConnections::SyncConfiguration' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'OwnerId') as owner_id, + json_extract_path_text(Properties, 'ResourceName') as resource_name, + json_extract_path_text(Properties, 'RepositoryName') as repository_name, + json_extract_path_text(Properties, 'ProviderType') as provider_type, + json_extract_path_text(Properties, 'Branch') as branch, + json_extract_path_text(Properties, 'ConfigFile') as config_file, + json_extract_path_text(Properties, 'SyncType') as sync_type, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'PublishDeploymentStatus') as publish_deployment_status, + json_extract_path_text(Properties, 'TriggerResourceUpdateOn') as trigger_resource_update_on, + json_extract_path_text(Properties, 'RepositoryLinkId') as repository_link_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeStarConnections::SyncConfiguration' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/codestarnotifications.yaml b/providers/src/aws/v00.00.00000/services/codestarnotifications.yaml new file mode 100644 index 00000000..7249dc47 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/codestarnotifications.yaml @@ -0,0 +1,186 @@ +openapi: 3.0.0 +info: + title: CodeStarNotifications + version: 1.0.0 +paths: {} +components: + schemas: + Target: + type: object + additionalProperties: false + properties: + TargetType: + type: string + TargetAddress: + type: string + required: + - TargetType + - TargetAddress + NotificationRule: + type: object + properties: + EventTypeId: + type: string + minLength: 1 + maxLength: 2048 + CreatedBy: + type: string + minLength: 1 + maxLength: 2048 + TargetAddress: + type: string + minLength: 1 + maxLength: 2048 + EventTypeIds: + type: array + uniqueItems: false + items: + type: string + minLength: 1 + maxLength: 200 + Status: + type: string + enum: + - ENABLED + - DISABLED + DetailType: + type: string + enum: + - BASIC + - FULL + Resource: + type: string + pattern: ^arn:aws[^:\s]*:[^:\s]*:[^:\s]*:[0-9]{12}:[^\s]+$ + Targets: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Target' + maxItems: 10 + Tags: + type: object + additionalProperties: false + x-patternProperties: + .*: + type: string + Name: + type: string + pattern: '[A-Za-z0-9\-_ ]+$' + minLength: 1 + maxLength: 64 + Arn: + type: string + pattern: ^arn:aws[^:\s]*:codestar-notifications:[^:\s]+:\d{12}:notificationrule\/(.*\S)?$ + required: + - EventTypeIds + - Resource + - DetailType + - Targets + - Name + x-stackql-resource-name: notification_rule + description: Resource Type definition for AWS::CodeStarNotifications::NotificationRule + x-type-name: AWS::CodeStarNotifications::NotificationRule + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Resource + x-write-only-properties: + - EventTypeId + - TargetAddress + x-read-only-properties: + - Arn + x-required-properties: + - EventTypeIds + - Resource + - DetailType + - Targets + - Name + x-required-permissions: + create: + - codestar-notifications:createNotificationRule + list: + - codestar-notifications:listNotificationRules + read: + - codestar-notifications:describeNotificationRule + delete: + - codestar-notifications:deleteNotificationRule + - codestar-notifications:describeNotificationRule + update: + - codestar-notifications:updateNotificationRule + - codestar-notifications:TagResource + - codestar-notifications:UntagResource + x-stackQL-resources: + notification_rules: + name: notification_rules + id: aws.codestarnotifications.notification_rules + x-cfn-schema-name: NotificationRule + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeStarNotifications::NotificationRule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodeStarNotifications::NotificationRule' + AND region = 'us-east-1' + notification_rule: + name: notification_rule + id: aws.codestarnotifications.notification_rule + x-cfn-schema-name: NotificationRule + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.EventTypeId') as event_type_id, + JSON_EXTRACT(Properties, '$.CreatedBy') as created_by, + JSON_EXTRACT(Properties, '$.TargetAddress') as target_address, + JSON_EXTRACT(Properties, '$.EventTypeIds') as event_type_ids, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.DetailType') as detail_type, + JSON_EXTRACT(Properties, '$.Resource') as resource, + JSON_EXTRACT(Properties, '$.Targets') as targets, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeStarNotifications::NotificationRule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'EventTypeId') as event_type_id, + json_extract_path_text(Properties, 'CreatedBy') as created_by, + json_extract_path_text(Properties, 'TargetAddress') as target_address, + json_extract_path_text(Properties, 'EventTypeIds') as event_type_ids, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'DetailType') as detail_type, + json_extract_path_text(Properties, 'Resource') as resource, + json_extract_path_text(Properties, 'Targets') as targets, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeStarNotifications::NotificationRule' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/cognito.yaml b/providers/src/aws/v00.00.00000/services/cognito.yaml new file mode 100644 index 00000000..799709b3 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/cognito.yaml @@ -0,0 +1,1806 @@ +openapi: 3.0.0 +info: + title: Cognito + version: 1.0.0 +paths: {} +components: + schemas: + PushSync: + type: object + additionalProperties: false + properties: + ApplicationArns: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + RoleArn: + type: string + CognitoIdentityProvider: + type: object + additionalProperties: false + properties: + ServerSideTokenCheck: + type: boolean + ProviderName: + type: string + ClientId: + type: string + required: + - ProviderName + - ClientId + CognitoStreams: + type: object + additionalProperties: false + properties: + StreamingStatus: + type: string + StreamName: + type: string + RoleArn: + type: string + IdentityPool: + type: object + properties: + PushSync: + $ref: '#/components/schemas/PushSync' + CognitoIdentityProviders: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/CognitoIdentityProvider' + DeveloperProviderName: + type: string + CognitoStreams: + $ref: '#/components/schemas/CognitoStreams' + SupportedLoginProviders: + type: object + Name: + type: string + CognitoEvents: + type: object + Id: + type: string + IdentityPoolName: + type: string + AllowUnauthenticatedIdentities: + type: boolean + SamlProviderARNs: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + OpenIdConnectProviderARNs: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + AllowClassicFlow: + type: boolean + required: + - AllowUnauthenticatedIdentities + x-stackql-resource-name: identity_pool + description: Resource Type definition for AWS::Cognito::IdentityPool + x-type-name: AWS::Cognito::IdentityPool + x-stackql-primary-identifier: + - Id + x-write-only-properties: + - PushSync + - CognitoStreams + - CognitoEvents + x-read-only-properties: + - Id + - Name + x-required-properties: + - AllowUnauthenticatedIdentities + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cognito-identity:CreateIdentityPool + - cognito-sync:SetIdentityPoolConfiguration + - cognito-sync:SetCognitoEvents + - iam:PassRole + read: + - cognito-identity:DescribeIdentityPool + update: + - cognito-identity:UpdateIdentityPool + - cognito-identity:DescribeIdentityPool + - cognito-sync:SetIdentityPoolConfiguration + - cognito-sync:SetCognitoEvents + - iam:PassRole + delete: + - cognito-identity:DeleteIdentityPool + list: + - cognito-identity:ListIdentityPools + IdentityPoolPrincipalTag: + type: object + properties: + IdentityPoolId: + type: string + IdentityProviderName: + type: string + UseDefaults: + type: boolean + PrincipalTags: + type: object + required: + - IdentityPoolId + - IdentityProviderName + x-stackql-resource-name: identity_pool_principal_tag + description: Resource Type definition for AWS::Cognito::IdentityPoolPrincipalTag + x-type-name: AWS::Cognito::IdentityPoolPrincipalTag + x-stackql-primary-identifier: + - IdentityPoolId + - IdentityProviderName + x-create-only-properties: + - IdentityPoolId + - IdentityProviderName + x-required-properties: + - IdentityPoolId + - IdentityProviderName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cognito-identity:GetPrincipalTagAttributeMap + - cognito-identity:SetPrincipalTagAttributeMap + read: + - cognito-identity:GetPrincipalTagAttributeMap + update: + - cognito-identity:GetPrincipalTagAttributeMap + - cognito-identity:SetPrincipalTagAttributeMap + delete: + - cognito-identity:GetPrincipalTagAttributeMap + - cognito-identity:SetPrincipalTagAttributeMap + list: + - cognito-identity:GetPrincipalTagAttributeMap + MappingRule: + type: object + additionalProperties: false + properties: + Claim: + type: string + MatchType: + type: string + RoleARN: + type: string + Value: + type: string + required: + - Claim + - MatchType + - RoleARN + - Value + RulesConfigurationType: + type: object + additionalProperties: false + properties: + Rules: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/MappingRule' + required: + - Rules + RoleMapping: + type: object + additionalProperties: false + properties: + Type: + type: string + AmbiguousRoleResolution: + type: string + RulesConfiguration: + $ref: '#/components/schemas/RulesConfigurationType' + IdentityProvider: + type: string + required: + - Type + IdentityPoolRoleAttachment: + type: object + properties: + IdentityPoolId: + type: string + Roles: + x-patternProperties: + ^.+$: + type: string + additionalProperties: false + Id: + type: string + RoleMappings: + x-patternProperties: + ^.+$: + $ref: '#/components/schemas/RoleMapping' + additionalProperties: false + required: + - IdentityPoolId + x-stackql-resource-name: identity_pool_role_attachment + description: Resource Type definition for AWS::Cognito::IdentityPoolRoleAttachment + x-type-name: AWS::Cognito::IdentityPoolRoleAttachment + x-stackql-primary-identifier: + - Id + x-stackql-additional-identifiers: + - - IdentityPoolId + x-create-only-properties: + - IdentityPoolId + x-read-only-properties: + - Id + x-required-properties: + - IdentityPoolId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cognito-identity:GetIdentityPoolRoles + - cognito-identity:SetIdentityPoolRoles + - iam:PassRole + read: + - cognito-identity:GetIdentityPoolRoles + update: + - cognito-identity:GetIdentityPoolRoles + - cognito-identity:SetIdentityPoolRoles + - iam:PassRole + delete: + - cognito-identity:GetIdentityPoolRoles + - cognito-identity:SetIdentityPoolRoles + list: + - cognito-identity:GetIdentityPoolRoles + CloudWatchLogsConfiguration: + type: object + properties: + LogGroupArn: + type: string + additionalProperties: false + LogConfiguration: + type: object + properties: + LogLevel: + type: string + EventSource: + type: string + CloudWatchLogsConfiguration: + $ref: '#/components/schemas/CloudWatchLogsConfiguration' + additionalProperties: false + LogConfigurations: + type: array + items: + $ref: '#/components/schemas/LogConfiguration' + LogDeliveryConfiguration: + type: object + properties: + Id: + type: string + UserPoolId: + type: string + LogConfigurations: + $ref: '#/components/schemas/LogConfigurations' + required: + - UserPoolId + x-stackql-resource-name: log_delivery_configuration + description: Resource Type definition for AWS::Cognito::LogDeliveryConfiguration + x-type-name: AWS::Cognito::LogDeliveryConfiguration + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - UserPoolId + x-read-only-properties: + - Id + x-required-properties: + - UserPoolId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cognito-idp:GetLogDeliveryConfiguration + - cognito-idp:SetLogDeliveryConfiguration + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + read: + - cognito-idp:GetLogDeliveryConfiguration + update: + - cognito-idp:GetLogDeliveryConfiguration + - cognito-idp:SetLogDeliveryConfiguration + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + delete: + - cognito-idp:GetLogDeliveryConfiguration + - cognito-idp:SetLogDeliveryConfiguration + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + PasswordPolicy: + type: object + properties: + MinimumLength: + type: integer + RequireLowercase: + type: boolean + RequireNumbers: + type: boolean + RequireSymbols: + type: boolean + RequireUppercase: + type: boolean + TemporaryPasswordValidityDays: + type: integer + additionalProperties: false + Policies: + type: object + properties: + PasswordPolicy: + $ref: '#/components/schemas/PasswordPolicy' + additionalProperties: false + InviteMessageTemplate: + type: object + properties: + EmailMessage: + type: string + EmailSubject: + type: string + SMSMessage: + type: string + additionalProperties: false + RecoveryOption: + type: object + properties: + Name: + type: string + Priority: + type: integer + additionalProperties: false + AccountRecoverySetting: + type: object + properties: + RecoveryMechanisms: + type: array + items: + $ref: '#/components/schemas/RecoveryOption' + additionalProperties: false + AdminCreateUserConfig: + type: object + properties: + AllowAdminCreateUserOnly: + type: boolean + InviteMessageTemplate: + $ref: '#/components/schemas/InviteMessageTemplate' + UnusedAccountValidityDays: + type: integer + additionalProperties: false + DeviceConfiguration: + type: object + properties: + ChallengeRequiredOnNewDevice: + type: boolean + DeviceOnlyRememberedOnUserPrompt: + type: boolean + additionalProperties: false + EmailConfiguration: + type: object + properties: + ReplyToEmailAddress: + type: string + SourceArn: + type: string + From: + type: string + ConfigurationSet: + type: string + EmailSendingAccount: + type: string + additionalProperties: false + CustomEmailSender: + type: object + properties: + LambdaVersion: + type: string + LambdaArn: + type: string + additionalProperties: false + CustomSMSSender: + type: object + properties: + LambdaVersion: + type: string + LambdaArn: + type: string + additionalProperties: false + PreTokenGenerationConfig: + type: object + properties: + LambdaVersion: + type: string + LambdaArn: + type: string + additionalProperties: false + LambdaConfig: + type: object + properties: + CreateAuthChallenge: + type: string + CustomMessage: + type: string + DefineAuthChallenge: + type: string + PostAuthentication: + type: string + PostConfirmation: + type: string + PreAuthentication: + type: string + PreSignUp: + type: string + VerifyAuthChallengeResponse: + type: string + UserMigration: + type: string + PreTokenGeneration: + type: string + CustomEmailSender: + $ref: '#/components/schemas/CustomEmailSender' + CustomSMSSender: + $ref: '#/components/schemas/CustomSMSSender' + KMSKeyID: + type: string + PreTokenGenerationConfig: + $ref: '#/components/schemas/PreTokenGenerationConfig' + additionalProperties: false + SmsConfiguration: + type: object + properties: + ExternalId: + type: string + SnsCallerArn: + type: string + SnsRegion: + type: string + additionalProperties: false + StringAttributeConstraints: + type: object + properties: + MaxLength: + type: string + MinLength: + type: string + additionalProperties: false + NumberAttributeConstraints: + type: object + properties: + MaxValue: + type: string + MinValue: + type: string + additionalProperties: false + SchemaAttribute: + type: object + properties: + AttributeDataType: + type: string + DeveloperOnlyAttribute: + type: boolean + Mutable: + type: boolean + Name: + type: string + NumberAttributeConstraints: + $ref: '#/components/schemas/NumberAttributeConstraints' + StringAttributeConstraints: + $ref: '#/components/schemas/StringAttributeConstraints' + Required: + type: boolean + additionalProperties: false + UsernameConfiguration: + type: object + properties: + CaseSensitive: + type: boolean + additionalProperties: false + UserAttributeUpdateSettings: + type: object + properties: + AttributesRequireVerificationBeforeUpdate: + type: array + items: + type: string + required: + - AttributesRequireVerificationBeforeUpdate + additionalProperties: false + VerificationMessageTemplate: + type: object + properties: + DefaultEmailOption: + type: string + EmailMessage: + type: string + EmailMessageByLink: + type: string + EmailSubject: + type: string + EmailSubjectByLink: + type: string + SmsMessage: + type: string + additionalProperties: false + UserPoolAddOns: + type: object + properties: + AdvancedSecurityMode: + type: string + additionalProperties: false + UserPool: + type: object + properties: + UserPoolName: + type: string + minLength: 1 + maxLength: 128 + Policies: + $ref: '#/components/schemas/Policies' + AccountRecoverySetting: + $ref: '#/components/schemas/AccountRecoverySetting' + AdminCreateUserConfig: + $ref: '#/components/schemas/AdminCreateUserConfig' + AliasAttributes: + type: array + items: + type: string + UsernameAttributes: + type: array + items: + type: string + AutoVerifiedAttributes: + type: array + items: + type: string + DeviceConfiguration: + $ref: '#/components/schemas/DeviceConfiguration' + EmailConfiguration: + $ref: '#/components/schemas/EmailConfiguration' + EmailVerificationMessage: + type: string + minLength: 6 + maxLength: 20000 + EmailVerificationSubject: + type: string + minLength: 1 + maxLength: 140 + DeletionProtection: + type: string + LambdaConfig: + $ref: '#/components/schemas/LambdaConfig' + MfaConfiguration: + type: string + EnabledMfas: + type: array + items: + type: string + SmsAuthenticationMessage: + type: string + minLength: 6 + maxLength: 140 + SmsConfiguration: + $ref: '#/components/schemas/SmsConfiguration' + SmsVerificationMessage: + type: string + minLength: 6 + maxLength: 140 + Schema: + type: array + items: + $ref: '#/components/schemas/SchemaAttribute' + UsernameConfiguration: + $ref: '#/components/schemas/UsernameConfiguration' + UserAttributeUpdateSettings: + $ref: '#/components/schemas/UserAttributeUpdateSettings' + UserPoolTags: + type: object + x-patternProperties: + ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$: + type: string + additionalProperties: false + VerificationMessageTemplate: + $ref: '#/components/schemas/VerificationMessageTemplate' + UserPoolAddOns: + $ref: '#/components/schemas/UserPoolAddOns' + ProviderName: + type: string + ProviderURL: + type: string + Arn: + type: string + UserPoolId: + type: string + x-stackql-resource-name: user_pool + description: Resource Type definition for AWS::Cognito::UserPool + x-type-name: AWS::Cognito::UserPool + x-stackql-primary-identifier: + - UserPoolId + x-write-only-properties: + - EnabledMfas + x-read-only-properties: + - ProviderName + - UserPoolId + - ProviderURL + - Arn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/UserPoolTags + x-required-permissions: + create: + - cognito-idp:CreateUserPool + - iam:PassRole + - cognito-idp:SetUserPoolMfaConfig + - cognito-idp:DescribeUserPool + - kms:CreateGrant + - iam:CreateServiceLinkedRole + read: + - cognito-idp:DescribeUserPool + update: + - cognito-idp:UpdateUserPool + - cognito-idp:ListTagsForResource + - cognito-idp:UntagResource + - cognito-idp:TagResource + - cognito-idp:SetUserPoolMfaConfig + - cognito-idp:AddCustomAttributes + - cognito-idp:DescribeUserPool + - iam:PassRole + delete: + - cognito-idp:DeleteUserPool + list: + - cognito-idp:ListUserPools + AnalyticsConfiguration: + type: object + properties: + ApplicationArn: + type: string + ApplicationId: + type: string + ExternalId: + type: string + RoleArn: + type: string + UserDataShared: + type: boolean + additionalProperties: false + TokenValidityUnits: + type: object + properties: + AccessToken: + type: string + IdToken: + type: string + RefreshToken: + type: string + additionalProperties: false + UserPoolClient: + type: object + properties: + ClientName: + type: string + minLength: 1 + maxLength: 128 + ExplicitAuthFlows: + type: array + items: + type: string + GenerateSecret: + type: boolean + ReadAttributes: + type: array + items: + type: string + AuthSessionValidity: + type: integer + minimum: 3 + maximum: 15 + RefreshTokenValidity: + type: integer + minimum: 1 + maximum: 315360000 + AccessTokenValidity: + type: integer + minimum: 1 + maximum: 86400 + IdTokenValidity: + type: integer + minimum: 1 + maximum: 86400 + TokenValidityUnits: + $ref: '#/components/schemas/TokenValidityUnits' + UserPoolId: + type: string + WriteAttributes: + type: array + items: + type: string + AllowedOAuthFlows: + type: array + items: + type: string + AllowedOAuthFlowsUserPoolClient: + type: boolean + AllowedOAuthScopes: + type: array + items: + type: string + CallbackURLs: + type: array + items: + type: string + DefaultRedirectURI: + type: string + LogoutURLs: + type: array + items: + type: string + SupportedIdentityProviders: + type: array + items: + type: string + AnalyticsConfiguration: + $ref: '#/components/schemas/AnalyticsConfiguration' + PreventUserExistenceErrors: + type: string + EnableTokenRevocation: + type: boolean + EnablePropagateAdditionalUserContextData: + type: boolean + Name: + type: string + ClientSecret: + type: string + ClientId: + type: string + required: + - UserPoolId + x-stackql-resource-name: user_pool_client + description: Resource Type definition for AWS::Cognito::UserPoolClient + x-type-name: AWS::Cognito::UserPoolClient + x-stackql-primary-identifier: + - UserPoolId + - ClientId + x-create-only-properties: + - GenerateSecret + - UserPoolId + x-read-only-properties: + - ClientSecret + - Name + - ClientId + x-required-properties: + - UserPoolId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cognito-idp:CreateUserPoolClient + - iam:PassRole + - iam:PutRolePolicy + - iam:CreateServiceLinkedRole + read: + - cognito-idp:DescribeUserPoolClient + update: + - cognito-idp:UpdateUserPoolClient + - iam:PassRole + - iam:PutRolePolicy + delete: + - cognito-idp:DeleteUserPoolClient + - iam:PutRolePolicy + - iam:DeleteRolePolicy + list: + - cognito-idp:ListUserPoolClients + UserPoolGroup: + type: object + properties: + Description: + type: string + maxLength: 2048 + GroupName: + type: string + Precedence: + type: integer + minimum: 0 + RoleArn: + type: string + UserPoolId: + type: string + required: + - UserPoolId + x-stackql-resource-name: user_pool_group + description: Resource Type definition for AWS::Cognito::UserPoolGroup + x-type-name: AWS::Cognito::UserPoolGroup + x-stackql-primary-identifier: + - UserPoolId + - GroupName + x-create-only-properties: + - UserPoolId + - GroupName + x-required-properties: + - UserPoolId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cognito-idp:CreateGroup + - iam:PassRole + - iam:PutRolePolicy + - cognito-idp:GetGroup + read: + - cognito-idp:GetGroup + update: + - cognito-idp:UpdateGroup + - iam:PassRole + - iam:PutRolePolicy + delete: + - cognito-idp:DeleteGroup + - cognito-idp:GetGroup + - iam:PutRolePolicy + list: + - cognito-idp:ListGroups + RiskExceptionConfigurationType: + type: object + properties: + BlockedIPRangeList: + type: array + uniqueItems: true + items: + type: string + SkippedIPRangeList: + type: array + uniqueItems: true + items: + type: string + additionalProperties: false + CompromisedCredentialsActionsType: + type: object + properties: + EventAction: + type: string + required: + - EventAction + additionalProperties: false + CompromisedCredentialsRiskConfigurationType: + type: object + properties: + Actions: + $ref: '#/components/schemas/CompromisedCredentialsActionsType' + EventFilter: + type: array + uniqueItems: true + items: + type: string + required: + - Actions + additionalProperties: false + AccountTakeoverActionType: + type: object + properties: + EventAction: + type: string + Notify: + type: boolean + required: + - EventAction + - Notify + additionalProperties: false + AccountTakeoverActionsType: + type: object + properties: + HighAction: + $ref: '#/components/schemas/AccountTakeoverActionType' + LowAction: + $ref: '#/components/schemas/AccountTakeoverActionType' + MediumAction: + $ref: '#/components/schemas/AccountTakeoverActionType' + additionalProperties: false + NotifyEmailType: + type: object + properties: + HtmlBody: + type: string + Subject: + type: string + TextBody: + type: string + required: + - Subject + additionalProperties: false + NotifyConfigurationType: + type: object + properties: + BlockEmail: + $ref: '#/components/schemas/NotifyEmailType' + MfaEmail: + $ref: '#/components/schemas/NotifyEmailType' + NoActionEmail: + $ref: '#/components/schemas/NotifyEmailType' + From: + type: string + ReplyTo: + type: string + SourceArn: + type: string + required: + - SourceArn + additionalProperties: false + AccountTakeoverRiskConfigurationType: + type: object + properties: + Actions: + $ref: '#/components/schemas/AccountTakeoverActionsType' + NotifyConfiguration: + $ref: '#/components/schemas/NotifyConfigurationType' + required: + - Actions + additionalProperties: false + UserPoolRiskConfigurationAttachment: + type: object + properties: + UserPoolId: + type: string + ClientId: + type: string + RiskExceptionConfiguration: + $ref: '#/components/schemas/RiskExceptionConfigurationType' + CompromisedCredentialsRiskConfiguration: + $ref: '#/components/schemas/CompromisedCredentialsRiskConfigurationType' + AccountTakeoverRiskConfiguration: + $ref: '#/components/schemas/AccountTakeoverRiskConfigurationType' + required: + - UserPoolId + - ClientId + x-stackql-resource-name: user_pool_risk_configuration_attachment + description: Resource Type definition for AWS::Cognito::UserPoolRiskConfigurationAttachment + x-type-name: AWS::Cognito::UserPoolRiskConfigurationAttachment + x-stackql-primary-identifier: + - UserPoolId + - ClientId + x-create-only-properties: + - UserPoolId + - ClientId + x-required-properties: + - UserPoolId + - ClientId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cognito-idp:SetRiskConfiguration + - cognito-idp:DescribeRiskConfiguration + - iam:PassRole + read: + - cognito-idp:DescribeRiskConfiguration + update: + - cognito-idp:SetRiskConfiguration + - cognito-idp:DescribeRiskConfiguration + - iam:PassRole + delete: + - cognito-idp:SetRiskConfiguration + - cognito-idp:DescribeRiskConfiguration + AttributeType: + type: object + properties: + Name: + type: string + Value: + type: string + additionalProperties: false + UserPoolUser: + type: object + properties: + DesiredDeliveryMediums: + type: array + items: + type: string + ForceAliasCreation: + type: boolean + UserAttributes: + type: array + items: + $ref: '#/components/schemas/AttributeType' + MessageAction: + type: string + Username: + type: string + UserPoolId: + type: string + ValidationData: + type: array + items: + $ref: '#/components/schemas/AttributeType' + ClientMetadata: + type: object + x-patternProperties: + ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$: + type: string + additionalProperties: false + required: + - UserPoolId + x-stackql-resource-name: user_pool_user + description: Resource Type definition for AWS::Cognito::UserPoolUser + x-type-name: AWS::Cognito::UserPoolUser + x-stackql-primary-identifier: + - UserPoolId + - Username + x-create-only-properties: + - DesiredDeliveryMediums + - ForceAliasCreation + - UserAttributes + - Username + - UserPoolId + - ValidationData + - ClientMetadata + - MessageAction + x-write-only-properties: + - DesiredDeliveryMediums + - ForceAliasCreation + - ValidationData + - ClientMetadata + - MessageAction + x-required-properties: + - UserPoolId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cognito-idp:AdminCreateUser + - cognito-idp:AdminGetUser + - iam:PassRole + read: + - cognito-idp:AdminGetUser + delete: + - cognito-idp:AdminDeleteUser + list: + - cognito-idp:ListUsers + UserPoolUserToGroupAttachment: + type: object + properties: + UserPoolId: + type: string + Username: + type: string + GroupName: + type: string + required: + - UserPoolId + - Username + - GroupName + x-stackql-resource-name: user_pool_user_to_group_attachment + description: Resource Type definition for AWS::Cognito::UserPoolUserToGroupAttachment + x-type-name: AWS::Cognito::UserPoolUserToGroupAttachment + x-stackql-primary-identifier: + - UserPoolId + - GroupName + - Username + x-create-only-properties: + - UserPoolId + - GroupName + - Username + x-required-properties: + - UserPoolId + - Username + - GroupName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cognito-idp:AdminAddUserToGroup + - cognito-idp:AdminListGroupsForUser + delete: + - cognito-idp:AdminRemoveUserFromGroup + - cognito-idp:AdminListGroupsForUser + read: + - cognito-idp:AdminListGroupsForUser + x-stackQL-resources: + identity_pools: + name: identity_pools + id: aws.cognito.identity_pools + x-cfn-schema-name: IdentityPool + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::IdentityPool' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::IdentityPool' + AND region = 'us-east-1' + identity_pool: + name: identity_pool + id: aws.cognito.identity_pool + x-cfn-schema-name: IdentityPool + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PushSync') as push_sync, + JSON_EXTRACT(Properties, '$.CognitoIdentityProviders') as cognito_identity_providers, + JSON_EXTRACT(Properties, '$.DeveloperProviderName') as developer_provider_name, + JSON_EXTRACT(Properties, '$.CognitoStreams') as cognito_streams, + JSON_EXTRACT(Properties, '$.SupportedLoginProviders') as supported_login_providers, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.CognitoEvents') as cognito_events, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.IdentityPoolName') as identity_pool_name, + JSON_EXTRACT(Properties, '$.AllowUnauthenticatedIdentities') as allow_unauthenticated_identities, + JSON_EXTRACT(Properties, '$.SamlProviderARNs') as saml_provider_arns, + JSON_EXTRACT(Properties, '$.OpenIdConnectProviderARNs') as open_id_connect_provider_arns, + JSON_EXTRACT(Properties, '$.AllowClassicFlow') as allow_classic_flow + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::IdentityPool' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PushSync') as push_sync, + json_extract_path_text(Properties, 'CognitoIdentityProviders') as cognito_identity_providers, + json_extract_path_text(Properties, 'DeveloperProviderName') as developer_provider_name, + json_extract_path_text(Properties, 'CognitoStreams') as cognito_streams, + json_extract_path_text(Properties, 'SupportedLoginProviders') as supported_login_providers, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'CognitoEvents') as cognito_events, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'IdentityPoolName') as identity_pool_name, + json_extract_path_text(Properties, 'AllowUnauthenticatedIdentities') as allow_unauthenticated_identities, + json_extract_path_text(Properties, 'SamlProviderARNs') as saml_provider_arns, + json_extract_path_text(Properties, 'OpenIdConnectProviderARNs') as open_id_connect_provider_arns, + json_extract_path_text(Properties, 'AllowClassicFlow') as allow_classic_flow + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::IdentityPool' + AND data__Identifier = '' + AND region = 'us-east-1' + identity_pool_principal_tags: + name: identity_pool_principal_tags + id: aws.cognito.identity_pool_principal_tags + x-cfn-schema-name: IdentityPoolPrincipalTag + x-type: list + x-identifiers: + - IdentityPoolId + - IdentityProviderName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.IdentityPoolId') as identity_pool_id, + JSON_EXTRACT(Properties, '$.IdentityProviderName') as identity_provider_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::IdentityPoolPrincipalTag' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'IdentityPoolId') as identity_pool_id, + json_extract_path_text(Properties, 'IdentityProviderName') as identity_provider_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::IdentityPoolPrincipalTag' + AND region = 'us-east-1' + identity_pool_principal_tag: + name: identity_pool_principal_tag + id: aws.cognito.identity_pool_principal_tag + x-cfn-schema-name: IdentityPoolPrincipalTag + x-type: get + x-identifiers: + - IdentityPoolId + - IdentityProviderName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IdentityPoolId') as identity_pool_id, + JSON_EXTRACT(Properties, '$.IdentityProviderName') as identity_provider_name, + JSON_EXTRACT(Properties, '$.UseDefaults') as use_defaults, + JSON_EXTRACT(Properties, '$.PrincipalTags') as principal_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::IdentityPoolPrincipalTag' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IdentityPoolId') as identity_pool_id, + json_extract_path_text(Properties, 'IdentityProviderName') as identity_provider_name, + json_extract_path_text(Properties, 'UseDefaults') as use_defaults, + json_extract_path_text(Properties, 'PrincipalTags') as principal_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::IdentityPoolPrincipalTag' + AND data__Identifier = '|' + AND region = 'us-east-1' + identity_pool_role_attachments: + name: identity_pool_role_attachments + id: aws.cognito.identity_pool_role_attachments + x-cfn-schema-name: IdentityPoolRoleAttachment + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::IdentityPoolRoleAttachment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::IdentityPoolRoleAttachment' + AND region = 'us-east-1' + identity_pool_role_attachment: + name: identity_pool_role_attachment + id: aws.cognito.identity_pool_role_attachment + x-cfn-schema-name: IdentityPoolRoleAttachment + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IdentityPoolId') as identity_pool_id, + JSON_EXTRACT(Properties, '$.Roles') as roles, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.RoleMappings') as role_mappings + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::IdentityPoolRoleAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IdentityPoolId') as identity_pool_id, + json_extract_path_text(Properties, 'Roles') as roles, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'RoleMappings') as role_mappings + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::IdentityPoolRoleAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + log_delivery_configuration: + name: log_delivery_configuration + id: aws.cognito.log_delivery_configuration + x-cfn-schema-name: LogDeliveryConfiguration + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(Properties, '$.LogConfigurations') as log_configurations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::LogDeliveryConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(Properties, 'LogConfigurations') as log_configurations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::LogDeliveryConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + user_pools: + name: user_pools + id: aws.cognito.user_pools + x-cfn-schema-name: UserPool + x-type: list + x-identifiers: + - UserPoolId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::UserPool' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::UserPool' + AND region = 'us-east-1' + user_pool: + name: user_pool + id: aws.cognito.user_pool + x-cfn-schema-name: UserPool + x-type: get + x-identifiers: + - UserPoolId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.UserPoolName') as user_pool_name, + JSON_EXTRACT(Properties, '$.Policies') as policies, + JSON_EXTRACT(Properties, '$.AccountRecoverySetting') as account_recovery_setting, + JSON_EXTRACT(Properties, '$.AdminCreateUserConfig') as admin_create_user_config, + JSON_EXTRACT(Properties, '$.AliasAttributes') as alias_attributes, + JSON_EXTRACT(Properties, '$.UsernameAttributes') as username_attributes, + JSON_EXTRACT(Properties, '$.AutoVerifiedAttributes') as auto_verified_attributes, + JSON_EXTRACT(Properties, '$.DeviceConfiguration') as device_configuration, + JSON_EXTRACT(Properties, '$.EmailConfiguration') as email_configuration, + JSON_EXTRACT(Properties, '$.EmailVerificationMessage') as email_verification_message, + JSON_EXTRACT(Properties, '$.EmailVerificationSubject') as email_verification_subject, + JSON_EXTRACT(Properties, '$.DeletionProtection') as deletion_protection, + JSON_EXTRACT(Properties, '$.LambdaConfig') as lambda_config, + JSON_EXTRACT(Properties, '$.MfaConfiguration') as mfa_configuration, + JSON_EXTRACT(Properties, '$.EnabledMfas') as enabled_mfas, + JSON_EXTRACT(Properties, '$.SmsAuthenticationMessage') as sms_authentication_message, + JSON_EXTRACT(Properties, '$.SmsConfiguration') as sms_configuration, + JSON_EXTRACT(Properties, '$.SmsVerificationMessage') as sms_verification_message, + JSON_EXTRACT(Properties, '$.Schema') as _schema, + JSON_EXTRACT(Properties, '$.UsernameConfiguration') as username_configuration, + JSON_EXTRACT(Properties, '$.UserAttributeUpdateSettings') as user_attribute_update_settings, + JSON_EXTRACT(Properties, '$.UserPoolTags') as user_pool_tags, + JSON_EXTRACT(Properties, '$.VerificationMessageTemplate') as verification_message_template, + JSON_EXTRACT(Properties, '$.UserPoolAddOns') as user_pool_add_ons, + JSON_EXTRACT(Properties, '$.ProviderName') as provider_name, + JSON_EXTRACT(Properties, '$.ProviderURL') as provider_url, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPool' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'UserPoolName') as user_pool_name, + json_extract_path_text(Properties, 'Policies') as policies, + json_extract_path_text(Properties, 'AccountRecoverySetting') as account_recovery_setting, + json_extract_path_text(Properties, 'AdminCreateUserConfig') as admin_create_user_config, + json_extract_path_text(Properties, 'AliasAttributes') as alias_attributes, + json_extract_path_text(Properties, 'UsernameAttributes') as username_attributes, + json_extract_path_text(Properties, 'AutoVerifiedAttributes') as auto_verified_attributes, + json_extract_path_text(Properties, 'DeviceConfiguration') as device_configuration, + json_extract_path_text(Properties, 'EmailConfiguration') as email_configuration, + json_extract_path_text(Properties, 'EmailVerificationMessage') as email_verification_message, + json_extract_path_text(Properties, 'EmailVerificationSubject') as email_verification_subject, + json_extract_path_text(Properties, 'DeletionProtection') as deletion_protection, + json_extract_path_text(Properties, 'LambdaConfig') as lambda_config, + json_extract_path_text(Properties, 'MfaConfiguration') as mfa_configuration, + json_extract_path_text(Properties, 'EnabledMfas') as enabled_mfas, + json_extract_path_text(Properties, 'SmsAuthenticationMessage') as sms_authentication_message, + json_extract_path_text(Properties, 'SmsConfiguration') as sms_configuration, + json_extract_path_text(Properties, 'SmsVerificationMessage') as sms_verification_message, + json_extract_path_text(Properties, 'Schema') as _schema, + json_extract_path_text(Properties, 'UsernameConfiguration') as username_configuration, + json_extract_path_text(Properties, 'UserAttributeUpdateSettings') as user_attribute_update_settings, + json_extract_path_text(Properties, 'UserPoolTags') as user_pool_tags, + json_extract_path_text(Properties, 'VerificationMessageTemplate') as verification_message_template, + json_extract_path_text(Properties, 'UserPoolAddOns') as user_pool_add_ons, + json_extract_path_text(Properties, 'ProviderName') as provider_name, + json_extract_path_text(Properties, 'ProviderURL') as provider_url, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPool' + AND data__Identifier = '' + AND region = 'us-east-1' + user_pool_clients: + name: user_pool_clients + id: aws.cognito.user_pool_clients + x-cfn-schema-name: UserPoolClient + x-type: list + x-identifiers: + - UserPoolId + - ClientId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(Properties, '$.ClientId') as client_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::UserPoolClient' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(Properties, 'ClientId') as client_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::UserPoolClient' + AND region = 'us-east-1' + user_pool_client: + name: user_pool_client + id: aws.cognito.user_pool_client + x-cfn-schema-name: UserPoolClient + x-type: get + x-identifiers: + - UserPoolId + - ClientId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ClientName') as client_name, + JSON_EXTRACT(Properties, '$.ExplicitAuthFlows') as explicit_auth_flows, + JSON_EXTRACT(Properties, '$.GenerateSecret') as generate_secret, + JSON_EXTRACT(Properties, '$.ReadAttributes') as read_attributes, + JSON_EXTRACT(Properties, '$.AuthSessionValidity') as auth_session_validity, + JSON_EXTRACT(Properties, '$.RefreshTokenValidity') as refresh_token_validity, + JSON_EXTRACT(Properties, '$.AccessTokenValidity') as access_token_validity, + JSON_EXTRACT(Properties, '$.IdTokenValidity') as id_token_validity, + JSON_EXTRACT(Properties, '$.TokenValidityUnits') as token_validity_units, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(Properties, '$.WriteAttributes') as write_attributes, + JSON_EXTRACT(Properties, '$.AllowedOAuthFlows') as allowed_oauth_flows, + JSON_EXTRACT(Properties, '$.AllowedOAuthFlowsUserPoolClient') as allowed_oauth_flows_user_pool_client, + JSON_EXTRACT(Properties, '$.AllowedOAuthScopes') as allowed_oauth_scopes, + JSON_EXTRACT(Properties, '$.CallbackURLs') as callback_urls, + JSON_EXTRACT(Properties, '$.DefaultRedirectURI') as default_redirect_uri, + JSON_EXTRACT(Properties, '$.LogoutURLs') as logout_urls, + JSON_EXTRACT(Properties, '$.SupportedIdentityProviders') as supported_identity_providers, + JSON_EXTRACT(Properties, '$.AnalyticsConfiguration') as analytics_configuration, + JSON_EXTRACT(Properties, '$.PreventUserExistenceErrors') as prevent_user_existence_errors, + JSON_EXTRACT(Properties, '$.EnableTokenRevocation') as enable_token_revocation, + JSON_EXTRACT(Properties, '$.EnablePropagateAdditionalUserContextData') as enable_propagate_additional_user_context_data, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ClientSecret') as client_secret, + JSON_EXTRACT(Properties, '$.ClientId') as client_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolClient' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ClientName') as client_name, + json_extract_path_text(Properties, 'ExplicitAuthFlows') as explicit_auth_flows, + json_extract_path_text(Properties, 'GenerateSecret') as generate_secret, + json_extract_path_text(Properties, 'ReadAttributes') as read_attributes, + json_extract_path_text(Properties, 'AuthSessionValidity') as auth_session_validity, + json_extract_path_text(Properties, 'RefreshTokenValidity') as refresh_token_validity, + json_extract_path_text(Properties, 'AccessTokenValidity') as access_token_validity, + json_extract_path_text(Properties, 'IdTokenValidity') as id_token_validity, + json_extract_path_text(Properties, 'TokenValidityUnits') as token_validity_units, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(Properties, 'WriteAttributes') as write_attributes, + json_extract_path_text(Properties, 'AllowedOAuthFlows') as allowed_oauth_flows, + json_extract_path_text(Properties, 'AllowedOAuthFlowsUserPoolClient') as allowed_oauth_flows_user_pool_client, + json_extract_path_text(Properties, 'AllowedOAuthScopes') as allowed_oauth_scopes, + json_extract_path_text(Properties, 'CallbackURLs') as callback_urls, + json_extract_path_text(Properties, 'DefaultRedirectURI') as default_redirect_uri, + json_extract_path_text(Properties, 'LogoutURLs') as logout_urls, + json_extract_path_text(Properties, 'SupportedIdentityProviders') as supported_identity_providers, + json_extract_path_text(Properties, 'AnalyticsConfiguration') as analytics_configuration, + json_extract_path_text(Properties, 'PreventUserExistenceErrors') as prevent_user_existence_errors, + json_extract_path_text(Properties, 'EnableTokenRevocation') as enable_token_revocation, + json_extract_path_text(Properties, 'EnablePropagateAdditionalUserContextData') as enable_propagate_additional_user_context_data, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ClientSecret') as client_secret, + json_extract_path_text(Properties, 'ClientId') as client_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolClient' + AND data__Identifier = '|' + AND region = 'us-east-1' + user_pool_groups: + name: user_pool_groups + id: aws.cognito.user_pool_groups + x-cfn-schema-name: UserPoolGroup + x-type: list + x-identifiers: + - UserPoolId + - GroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(Properties, '$.GroupName') as group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::UserPoolGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(Properties, 'GroupName') as group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::UserPoolGroup' + AND region = 'us-east-1' + user_pool_group: + name: user_pool_group + id: aws.cognito.user_pool_group + x-cfn-schema-name: UserPoolGroup + x-type: get + x-identifiers: + - UserPoolId + - GroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.GroupName') as group_name, + JSON_EXTRACT(Properties, '$.Precedence') as precedence, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolGroup' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'GroupName') as group_name, + json_extract_path_text(Properties, 'Precedence') as precedence, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolGroup' + AND data__Identifier = '|' + AND region = 'us-east-1' + user_pool_risk_configuration_attachment: + name: user_pool_risk_configuration_attachment + id: aws.cognito.user_pool_risk_configuration_attachment + x-cfn-schema-name: UserPoolRiskConfigurationAttachment + x-type: get + x-identifiers: + - UserPoolId + - ClientId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(Properties, '$.ClientId') as client_id, + JSON_EXTRACT(Properties, '$.RiskExceptionConfiguration') as risk_exception_configuration, + JSON_EXTRACT(Properties, '$.CompromisedCredentialsRiskConfiguration') as compromised_credentials_risk_configuration, + JSON_EXTRACT(Properties, '$.AccountTakeoverRiskConfiguration') as account_takeover_risk_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolRiskConfigurationAttachment' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(Properties, 'ClientId') as client_id, + json_extract_path_text(Properties, 'RiskExceptionConfiguration') as risk_exception_configuration, + json_extract_path_text(Properties, 'CompromisedCredentialsRiskConfiguration') as compromised_credentials_risk_configuration, + json_extract_path_text(Properties, 'AccountTakeoverRiskConfiguration') as account_takeover_risk_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolRiskConfigurationAttachment' + AND data__Identifier = '|' + AND region = 'us-east-1' + user_pool_users: + name: user_pool_users + id: aws.cognito.user_pool_users + x-cfn-schema-name: UserPoolUser + x-type: list + x-identifiers: + - UserPoolId + - Username + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(Properties, '$.Username') as username + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::UserPoolUser' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(Properties, 'Username') as username + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::UserPoolUser' + AND region = 'us-east-1' + user_pool_user: + name: user_pool_user + id: aws.cognito.user_pool_user + x-cfn-schema-name: UserPoolUser + x-type: get + x-identifiers: + - UserPoolId + - Username + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DesiredDeliveryMediums') as desired_delivery_mediums, + JSON_EXTRACT(Properties, '$.ForceAliasCreation') as force_alias_creation, + JSON_EXTRACT(Properties, '$.UserAttributes') as user_attributes, + JSON_EXTRACT(Properties, '$.MessageAction') as message_action, + JSON_EXTRACT(Properties, '$.Username') as username, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(Properties, '$.ValidationData') as validation_data, + JSON_EXTRACT(Properties, '$.ClientMetadata') as client_metadata + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolUser' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DesiredDeliveryMediums') as desired_delivery_mediums, + json_extract_path_text(Properties, 'ForceAliasCreation') as force_alias_creation, + json_extract_path_text(Properties, 'UserAttributes') as user_attributes, + json_extract_path_text(Properties, 'MessageAction') as message_action, + json_extract_path_text(Properties, 'Username') as username, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(Properties, 'ValidationData') as validation_data, + json_extract_path_text(Properties, 'ClientMetadata') as client_metadata + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolUser' + AND data__Identifier = '|' + AND region = 'us-east-1' + user_pool_user_to_group_attachment: + name: user_pool_user_to_group_attachment + id: aws.cognito.user_pool_user_to_group_attachment + x-cfn-schema-name: UserPoolUserToGroupAttachment + x-type: get + x-identifiers: + - UserPoolId + - GroupName + - Username + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(Properties, '$.Username') as username, + JSON_EXTRACT(Properties, '$.GroupName') as group_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolUserToGroupAttachment' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(Properties, 'Username') as username, + json_extract_path_text(Properties, 'GroupName') as group_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolUserToGroupAttachment' + AND data__Identifier = '||' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/comprehend.yaml b/providers/src/aws/v00.00.00000/services/comprehend.yaml new file mode 100644 index 00000000..ec57bda8 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/comprehend.yaml @@ -0,0 +1,591 @@ +openapi: 3.0.0 +info: + title: Comprehend + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 0 + maxLength: 256 + additionalProperties: false + required: + - Key + - Value + DocumentClassifierInputDataConfig: + type: object + properties: + AugmentedManifests: + type: array + items: + $ref: '#/components/schemas/AugmentedManifestsListItem' + x-insertionOrder: false + uniqueItems: true + DataFormat: + type: string + enum: + - COMPREHEND_CSV + - AUGMENTED_MANIFEST + LabelDelimiter: + type: string + pattern: ^[ ~!@#$%^*\-_+=|\\:;\t>?/]$ + minLength: 1 + maxLength: 1 + DocumentType: + type: string + enum: + - PLAIN_TEXT_DOCUMENT + - SEMI_STRUCTURED_DOCUMENT + Documents: + $ref: '#/components/schemas/DocumentClassifierDocuments' + DocumentReaderConfig: + $ref: '#/components/schemas/DocumentReaderConfig' + S3Uri: + $ref: '#/components/schemas/S3Uri' + TestS3Uri: + $ref: '#/components/schemas/S3Uri' + required: [] + additionalProperties: false + AugmentedManifestsListItem: + type: object + properties: + AttributeNames: + type: array + items: + type: string + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])* + x-insertionOrder: false + uniqueItems: true + minItems: 1 + maxItems: 63 + S3Uri: + $ref: '#/components/schemas/S3Uri' + Split: + type: string + enum: + - TRAIN + - TEST + required: + - AttributeNames + - S3Uri + additionalProperties: false + DocumentClassifierDocuments: + type: object + properties: + S3Uri: + $ref: '#/components/schemas/S3Uri' + TestS3Uri: + $ref: '#/components/schemas/S3Uri' + required: + - S3Uri + additionalProperties: false + DocumentReaderConfig: + type: object + properties: + DocumentReadAction: + type: string + enum: + - TEXTRACT_DETECT_DOCUMENT_TEXT + - TEXTRACT_ANALYZE_DOCUMENT + DocumentReadMode: + type: string + enum: + - SERVICE_DEFAULT + - FORCE_DOCUMENT_READ_ACTION + FeatureTypes: + type: array + items: + type: string + enum: + - TABLES + - FORMS + x-insertionOrder: false + uniqueItems: true + minItems: 1 + maxItems: 2 + required: + - DocumentReadAction + additionalProperties: false + DocumentClassifierOutputDataConfig: + type: object + properties: + KmsKeyId: + $ref: '#/components/schemas/KmsKeyId' + S3Uri: + $ref: '#/components/schemas/S3Uri' + required: [] + additionalProperties: false + VpcConfig: + type: object + properties: + SecurityGroupIds: + type: array + items: + type: string + pattern: '[-0-9a-zA-Z]+' + minLength: 1 + maxLength: 32 + x-insertionOrder: false + uniqueItems: true + minItems: 1 + maxItems: 5 + Subnets: + type: array + items: + type: string + pattern: '[-0-9a-zA-Z]+' + minLength: 1 + maxLength: 32 + x-insertionOrder: false + uniqueItems: true + minItems: 1 + maxItems: 16 + required: + - SecurityGroupIds + - Subnets + additionalProperties: false + S3Uri: + type: string + pattern: s3://[a-z0-9][\.\-a-z0-9]{1,61}[a-z0-9](/.*)? + maxLength: 1024 + KmsKeyId: + type: string + minLength: 1 + maxLength: 2048 + DocumentClassifier: + type: object + properties: + DataAccessRoleArn: + type: string + pattern: arn:aws(-[^:]+)?:iam::[0-9]{12}:role/.+ + minLength: 20 + maxLength: 2048 + InputDataConfig: + $ref: '#/components/schemas/DocumentClassifierInputDataConfig' + OutputDataConfig: + $ref: '#/components/schemas/DocumentClassifierOutputDataConfig' + LanguageCode: + type: string + enum: + - en + - es + - fr + - it + - de + - pt + ModelKmsKeyId: + $ref: '#/components/schemas/KmsKeyId' + ModelPolicy: + type: string + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + minLength: 1 + maxLength: 20000 + DocumentClassifierName: + type: string + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])*$ + minLength: 1 + maxLength: 63 + Mode: + type: string + enum: + - MULTI_CLASS + - MULTI_LABEL + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true + VersionName: + type: string + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])*$ + minLength: 1 + maxLength: 63 + VolumeKmsKeyId: + $ref: '#/components/schemas/KmsKeyId' + VpcConfig: + $ref: '#/components/schemas/VpcConfig' + Arn: + type: string + pattern: arn:aws(-[^:]+)?:comprehend:[a-zA-Z0-9-]*:[0-9]{12}:document-classifier/[a-zA-Z0-9](-*[a-zA-Z0-9])*(/version/[a-zA-Z0-9](-*[a-zA-Z0-9])*)? + minLength: 1 + maxLength: 256 + required: + - DocumentClassifierName + - DataAccessRoleArn + - InputDataConfig + - LanguageCode + x-stackql-resource-name: document_classifier + description: Document Classifier enables training document classifier models. + x-type-name: AWS::Comprehend::DocumentClassifier + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - DataAccessRoleArn + - InputDataConfig + - OutputDataConfig + - LanguageCode + - ModelKmsKeyId + - DocumentClassifierName + - VersionName + - Mode + - VolumeKmsKeyId + - VpcConfig + x-read-only-properties: + - Arn + x-required-properties: + - DocumentClassifierName + - DataAccessRoleArn + - InputDataConfig + - LanguageCode + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:PassRole + - comprehend:CreateDocumentClassifier + - comprehend:DescribeDocumentClassifier + - comprehend:DescribeResourcePolicy + - comprehend:ListTagsForResource + - textract:DetectDocumentText + read: + - comprehend:DescribeDocumentClassifier + - comprehend:DescribeResourcePolicy + - comprehend:ListTagsForResource + update: + - iam:PassRole + - comprehend:PutResourcePolicy + - comprehend:DeleteResourcePolicy + - comprehend:DescribeResourcePolicy + - comprehend:DescribeDocumentClassifier + - comprehend:ListTagsForResource + - comprehend:TagResource + - comprehend:UntagResource + delete: + - comprehend:DescribeDocumentClassifier + - comprehend:DeleteDocumentClassifier + list: + - comprehend:ListDocumentClassifiers + TaskConfig: + type: object + properties: + LanguageCode: + type: string + enum: + - en + - es + - fr + - it + - de + - pt + DocumentClassificationConfig: + $ref: '#/components/schemas/DocumentClassificationConfig' + EntityRecognitionConfig: + $ref: '#/components/schemas/EntityRecognitionConfig' + required: + - LanguageCode + additionalProperties: false + DataSecurityConfig: + type: object + properties: + ModelKmsKeyId: + $ref: '#/components/schemas/KmsKeyId' + VolumeKmsKeyId: + $ref: '#/components/schemas/KmsKeyId' + DataLakeKmsKeyId: + $ref: '#/components/schemas/KmsKeyId' + VpcConfig: + $ref: '#/components/schemas/VpcConfig' + required: [] + additionalProperties: false + EntityTypesListItem: + type: object + properties: + Type: + type: string + pattern: ^(?![^\n\r\t,]*\\n|\\r|\\t)[^\n\r\t,]+$ + minLength: 1 + maxLength: 64 + additionalProperties: false + required: + - Type + EntityRecognitionConfig: + type: object + properties: + EntityTypes: + type: array + items: + $ref: '#/components/schemas/EntityTypesListItem' + x-insertionOrder: false + uniqueItems: true + minItems: 1 + maxItems: 25 + additionalProperties: false + DocumentClassificationConfig: + type: object + properties: + Mode: + type: string + enum: + - MULTI_CLASS + - MULTI_LABEL + Labels: + type: array + items: + type: string + maxLength: 5000 + x-insertionOrder: false + uniqueItems: true + maxItems: 1000 + additionalProperties: false + required: + - Mode + Flywheel: + type: object + properties: + ActiveModelArn: + type: string + pattern: arn:aws(-[^:]+)?:comprehend:[a-zA-Z0-9-]*:[0-9]{12}:(document-classifier|entity-recognizer)/[a-zA-Z0-9](-*[a-zA-Z0-9])*(/version/[a-zA-Z0-9](-*[a-zA-Z0-9])*)? + maxLength: 256 + DataAccessRoleArn: + type: string + pattern: arn:aws(-[^:]+)?:iam::[0-9]{12}:role/.+ + minLength: 20 + maxLength: 2048 + DataLakeS3Uri: + type: string + pattern: s3://[a-z0-9][\.\-a-z0-9]{1,61}[a-z0-9](/.*)? + maxLength: 512 + DataSecurityConfig: + $ref: '#/components/schemas/DataSecurityConfig' + FlywheelName: + type: string + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])*$ + minLength: 1 + maxLength: 63 + ModelType: + type: string + enum: + - DOCUMENT_CLASSIFIER + - ENTITY_RECOGNIZER + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true + TaskConfig: + $ref: '#/components/schemas/TaskConfig' + Arn: + type: string + pattern: arn:aws(-[^:]+)?:comprehend:[a-zA-Z0-9-]*:[0-9]{12}:flywheel/[a-zA-Z0-9](-*[a-zA-Z0-9])* + minLength: 1 + maxLength: 256 + required: + - FlywheelName + - DataAccessRoleArn + - DataLakeS3Uri + x-stackql-resource-name: flywheel + description: The AWS::Comprehend::Flywheel resource creates an Amazon Comprehend Flywheel that enables customer to train their model. + x-type-name: AWS::Comprehend::Flywheel + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - FlywheelName + - ModelType + - DataLakeS3Uri + - TaskConfig + x-read-only-properties: + - Arn + x-required-properties: + - FlywheelName + - DataAccessRoleArn + - DataLakeS3Uri + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:PassRole + - comprehend:CreateFlywheel + - comprehend:DescribeFlywheel + - comprehend:ListTagsForResource + read: + - comprehend:DescribeFlywheel + - comprehend:ListTagsForResource + update: + - iam:PassRole + - comprehend:DescribeFlywheel + - comprehend:UpdateFlywheel + - comprehend:ListTagsForResource + - comprehend:TagResource + - comprehend:UntagResource + delete: + - comprehend:DeleteFlywheel + - comprehend:DescribeFlywheel + list: + - comprehend:ListFlywheels + x-stackQL-resources: + document_classifiers: + name: document_classifiers + id: aws.comprehend.document_classifiers + x-cfn-schema-name: DocumentClassifier + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Comprehend::DocumentClassifier' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Comprehend::DocumentClassifier' + AND region = 'us-east-1' + document_classifier: + name: document_classifier + id: aws.comprehend.document_classifier + x-cfn-schema-name: DocumentClassifier + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DataAccessRoleArn') as data_access_role_arn, + JSON_EXTRACT(Properties, '$.InputDataConfig') as input_data_config, + JSON_EXTRACT(Properties, '$.OutputDataConfig') as output_data_config, + JSON_EXTRACT(Properties, '$.LanguageCode') as language_code, + JSON_EXTRACT(Properties, '$.ModelKmsKeyId') as model_kms_key_id, + JSON_EXTRACT(Properties, '$.ModelPolicy') as model_policy, + JSON_EXTRACT(Properties, '$.DocumentClassifierName') as document_classifier_name, + JSON_EXTRACT(Properties, '$.Mode') as mode, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VersionName') as version_name, + JSON_EXTRACT(Properties, '$.VolumeKmsKeyId') as volume_kms_key_id, + JSON_EXTRACT(Properties, '$.VpcConfig') as vpc_config, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Comprehend::DocumentClassifier' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DataAccessRoleArn') as data_access_role_arn, + json_extract_path_text(Properties, 'InputDataConfig') as input_data_config, + json_extract_path_text(Properties, 'OutputDataConfig') as output_data_config, + json_extract_path_text(Properties, 'LanguageCode') as language_code, + json_extract_path_text(Properties, 'ModelKmsKeyId') as model_kms_key_id, + json_extract_path_text(Properties, 'ModelPolicy') as model_policy, + json_extract_path_text(Properties, 'DocumentClassifierName') as document_classifier_name, + json_extract_path_text(Properties, 'Mode') as mode, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VersionName') as version_name, + json_extract_path_text(Properties, 'VolumeKmsKeyId') as volume_kms_key_id, + json_extract_path_text(Properties, 'VpcConfig') as vpc_config, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Comprehend::DocumentClassifier' + AND data__Identifier = '' + AND region = 'us-east-1' + flywheels: + name: flywheels + id: aws.comprehend.flywheels + x-cfn-schema-name: Flywheel + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Comprehend::Flywheel' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Comprehend::Flywheel' + AND region = 'us-east-1' + flywheel: + name: flywheel + id: aws.comprehend.flywheel + x-cfn-schema-name: Flywheel + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ActiveModelArn') as active_model_arn, + JSON_EXTRACT(Properties, '$.DataAccessRoleArn') as data_access_role_arn, + JSON_EXTRACT(Properties, '$.DataLakeS3Uri') as data_lake_s3_uri, + JSON_EXTRACT(Properties, '$.DataSecurityConfig') as data_security_config, + JSON_EXTRACT(Properties, '$.FlywheelName') as flywheel_name, + JSON_EXTRACT(Properties, '$.ModelType') as model_type, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TaskConfig') as task_config, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Comprehend::Flywheel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ActiveModelArn') as active_model_arn, + json_extract_path_text(Properties, 'DataAccessRoleArn') as data_access_role_arn, + json_extract_path_text(Properties, 'DataLakeS3Uri') as data_lake_s3_uri, + json_extract_path_text(Properties, 'DataSecurityConfig') as data_security_config, + json_extract_path_text(Properties, 'FlywheelName') as flywheel_name, + json_extract_path_text(Properties, 'ModelType') as model_type, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TaskConfig') as task_config, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Comprehend::Flywheel' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/config.yaml b/providers/src/aws/v00.00.00000/services/config.yaml new file mode 100644 index 00000000..b1d3967c --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/config.yaml @@ -0,0 +1,1062 @@ +openapi: 3.0.0 +info: + title: Config + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 0 + maxLength: 256 + additionalProperties: false + required: + - Value + - Key + AggregationAuthorization: + type: object + properties: + AuthorizedAccountId: + description: The 12-digit account ID of the account authorized to aggregate data. + type: string + pattern: ^\d{12}$ + AuthorizedAwsRegion: + description: The region authorized to collect aggregated data. + type: string + minLength: 1 + maxLength: 64 + AggregationAuthorizationArn: + description: The ARN of the AggregationAuthorization. + type: string + Tags: + description: The tags for the AggregationAuthorization. + type: array + maxItems: 50 + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + required: + - AuthorizedAccountId + - AuthorizedAwsRegion + x-stackql-resource-name: aggregation_authorization + description: Resource Type definition for AWS::Config::AggregationAuthorization + x-type-name: AWS::Config::AggregationAuthorization + x-stackql-primary-identifier: + - AuthorizedAccountId + - AuthorizedAwsRegion + x-create-only-properties: + - AuthorizedAccountId + - AuthorizedAwsRegion + x-read-only-properties: + - AggregationAuthorizationArn + x-required-properties: + - AuthorizedAccountId + - AuthorizedAwsRegion + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - config:DescribeAggregationAuthorizations + - config:PutAggregationAuthorization + - config:TagResource + update: + - config:DescribeAggregationAuthorizations + - config:TagResource + - config:UntagResource + - config:ListTagsForResource + read: + - config:DescribeAggregationAuthorizations + - config:ListTagsForResource + delete: + - config:DescribeAggregationAuthorizations + - config:DeleteAggregationAuthorization + - config:UntagResource + list: + - config:DescribeAggregationAuthorizations + Scope: + type: object + description: Defines which resources trigger an evaluation for an CC rule. The scope can include one or more resource types, a combination of a tag key and value, or a combination of one resource type and one resource ID. Specify a scope to constrain which resources trigger an evaluation for a rule. Otherwise, evaluations for the rule are triggered when any resource in your recording group changes in configuration. + additionalProperties: false + properties: + TagKey: + type: string + description: The tag key that is applied to only those AWS resources that you want to trigger an evaluation for the rule. + ComplianceResourceTypes: + type: array + description: The resource types of only those AWS resources that you want to trigger an evaluation for the rule. You can only specify one type if you also specify a resource ID for ``ComplianceResourceId``. + uniqueItems: true + items: + type: string + TagValue: + type: string + description: The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule. If you specify a value for ``TagValue``, you must also specify a value for ``TagKey``. + ComplianceResourceId: + type: string + description: The ID of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for ``ComplianceResourceTypes``. + CustomPolicyDetails: + type: object + description: Provides the CustomPolicyDetails, the rule owner (```` for managed rules, ``CUSTOM_POLICY`` for Custom Policy rules, and ``CUSTOM_LAMBDA`` for Custom Lambda rules), the rule identifier, and the events that cause the evaluation of your AWS resources. + additionalProperties: false + properties: + EnableDebugLogDelivery: + type: boolean + description: The boolean expression for enabling debug logging for your CC Custom Policy rule. The default value is ``false``. + PolicyText: + type: string + description: The policy definition containing the logic for your CC Custom Policy rule. + PolicyRuntime: + type: string + description: The runtime system for your CC Custom Policy rule. Guard is a policy-as-code language that allows you to write policies that are enforced by CC Custom Policy rules. For more information about Guard, see the [Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard). + SourceDetail: + type: object + description: Provides the source and the message types that trigger CC to evaluate your AWS resources against a rule. It also provides the frequency with which you want CC to run evaluations for the rule if the trigger type is periodic. You can specify the parameter values for ``SourceDetail`` only for custom rules. + additionalProperties: false + properties: + EventSource: + type: string + description: The source of the event, such as an AWS service, that triggers CC to evaluate your AWS resources. + MaximumExecutionFrequency: + type: string + description: |- + The frequency at which you want CC to run evaluations for a custom rule with a periodic trigger. If you specify a value for ``MaximumExecutionFrequency``, then ``MessageType`` must use the ``ScheduledNotification`` value. + By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the ``MaximumExecutionFrequency`` parameter. + Based on the valid value you choose, CC runs evaluations once for each valid value. For example, if you choose ``Three_Hours``, CC runs evaluations once every three hours. In this case, ``Three_Hours`` is the frequency of this rule. + MessageType: + type: string + description: |- + The type of notification that triggers CC to run an evaluation for a rule. You can specify the following notification types: + + ``ConfigurationItemChangeNotification`` - Triggers an evaluation when CC delivers a configuration item as a result of a resource change. + + ``OversizedConfigurationItemChangeNotification`` - Triggers an evaluation when CC delivers an oversized configuration item. CC may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS. + + ``ScheduledNotification`` - Triggers a periodic evaluation at the frequency specified for ``MaximumExecutionFrequency``. + + ``ConfigurationSnapshotDeliveryCompleted`` - Triggers a periodic evaluation when CC delivers a configuration snapshot. + + If you want your custom rule to be triggered by configuration changes, specify two SourceDetail objects, one for ``ConfigurationItemChangeNotification`` and one for ``OversizedConfigurationItemChangeNotification``. + required: + - EventSource + - MessageType + Source: + type: object + description: Provides the CustomPolicyDetails, the rule owner (```` for managed rules, ``CUSTOM_POLICY`` for Custom Policy rules, and ``CUSTOM_LAMBDA`` for Custom Lambda rules), the rule identifier, and the events that cause the evaluation of your AWS resources. + additionalProperties: false + properties: + CustomPolicyDetails: + description: Provides the runtime system, policy definition, and whether debug logging is enabled. Required when owner is set to ``CUSTOM_POLICY``. + $ref: '#/components/schemas/CustomPolicyDetails' + SourceIdentifier: + type: string + description: |- + For CC Managed rules, a predefined identifier from a list. For example, ``IAM_PASSWORD_POLICY`` is a managed rule. To reference a managed rule, see [List of Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html). + For CC Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's LAMlong function, such as ``arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name``. + For CC Custom Policy rules, this field will be ignored. + Owner: + type: string + description: |- + Indicates whether AWS or the customer owns and manages the CC rule. + CC Managed Rules are predefined rules owned by AWS. For more information, see [Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) in the *developer guide*. + CC Custom Rules are rules that you can develop either with Guard (``CUSTOM_POLICY``) or LAMlong (``CUSTOM_LAMBDA``). For more information, see [Custom Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html) in the *developer guide*. + SourceDetails: + type: array + description: |- + Provides the source and the message types that cause CC to evaluate your AWS resources against a rule. It also provides the frequency with which you want CC to run evaluations for the rule if the trigger type is periodic. + If the owner is set to ``CUSTOM_POLICY``, the only acceptable values for the CC rule trigger message type are ``ConfigurationItemChangeNotification`` and ``OversizedConfigurationItemChangeNotification``. + uniqueItems: true + items: + description: Source and message type that can trigger the rule + $ref: '#/components/schemas/SourceDetail' + required: + - Owner + EvaluationModeConfiguration: + type: object + description: The configuration object for CC rule evaluation mode. The supported valid values are Detective or Proactive. + additionalProperties: false + properties: + Mode: + type: string + description: The mode of an evaluation. The valid values are Detective or Proactive. + ConfigRule: + type: object + properties: + ConfigRuleId: + type: string + description: '' + Description: + type: string + description: The description that you provide for the CC rule. + Scope: + description: |- + Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. + The scope can be empty. + $ref: '#/components/schemas/Scope' + ConfigRuleName: + type: string + description: A name for the CC rule. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the rule name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). + Arn: + type: string + description: '' + Compliance: + type: object + description: Indicates whether an AWS resource or CC rule is compliant and provides the number of contributors that affect the compliance. + additionalProperties: false + properties: + Type: + type: string + description: Compliance type determined by the Config rule + MaximumExecutionFrequency: + type: string + description: |- + The maximum frequency with which CC runs evaluations for a rule. You can specify a value for ``MaximumExecutionFrequency`` when: + + You are using an AWS managed rule that is triggered at a periodic frequency. + + Your custom rule is triggered when CC delivers the configuration snapshot. For more information, see [ConfigSnapshotDeliveryProperties](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html). + + By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the ``MaximumExecutionFrequency`` parameter. + Source: + description: Provides the rule owner (```` for managed rules, ``CUSTOM_POLICY`` for Custom Policy rules, and ``CUSTOM_LAMBDA`` for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources. + $ref: '#/components/schemas/Source' + InputParameters: + type: object + description: A string, in JSON format, that is passed to the CC rule Lambda function. + EvaluationModes: + type: array + description: The modes the CC rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only. + uniqueItems: false + items: + description: Mode of evaluation of AWS Config rule + $ref: '#/components/schemas/EvaluationModeConfiguration' + required: + - Source + x-stackql-resource-name: config_rule + description: |- + You must first create and start the CC configuration recorder in order to create CC managed rules with CFNlong. For more information, see [Managing the Configuration Recorder](https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html). + Adds or updates an CC rule to evaluate if your AWS resources comply with your desired configurations. For information on how many CC rules you can have per account, see [Service Limits](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) in the *Developer Guide*. + There are two types of rules: *Managed Rules* and *Custom Rules*. You can use the ``ConfigRule`` resource to create both CC Managed Rules and CC Custom Rules. + CC Managed Rules are predefined, customizable rules created by CC. For a list of managed rules, see [List of Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html). If you are adding an CC managed rule, you must specify the rule's identifier for the ``SourceIdentifier`` key. + CC Custom Rules are rules that you create from scratch. There are two ways to create CC custom rules: with Lambda functions ([Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/gettingstarted-concepts.html#gettingstarted-concepts-function)) and with CFNGUARDshort ([Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard)), a policy-as-code language. CC custom rules created with LAMlong are called *Custom Lambda Rules* and CC custom rules created with CFNGUARDshort are called *Custom Policy Rules*. + If you are adding a new CC Custom LAM rule, you first need to create an LAMlong function that the rule invokes to evaluate your resources. When you use the ``ConfigRule`` resource to add a Custom LAM rule to CC, you must specify the Amazon Resource Name (ARN) that LAMlong assigns to the function. You specify the ARN in the ``SourceIdentifier`` key. This key is part of the ``Source`` object, which is part of the ``ConfigRule`` object. + For any new CC rule that you add, specify the ``ConfigRuleName`` in the ``ConfigRule`` object. Do not specify the ``ConfigRuleArn`` or the ``ConfigRuleId``. These values are generated by CC for new rules. + If you are updating a rule that you added previously, you can specify the rule by ``ConfigRuleName``, ``ConfigRuleId``, or ``ConfigRuleArn`` in the ``ConfigRule`` data type that you use in this request. + For more information about developing and using CC rules, see [Evaluating Resources with Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) in the *Developer Guide*. + x-type-name: AWS::Config::ConfigRule + x-stackql-primary-identifier: + - ConfigRuleName + x-create-only-properties: + - ConfigRuleName + x-write-only-properties: + - Source/CustomPolicyDetails/PolicyText + x-read-only-properties: + - ConfigRuleId + - Compliance/Type + - Arn + x-required-properties: + - Source + x-tagging: + taggable: false + x-required-permissions: + create: + - config:PutConfigRule + - config:DescribeConfigRules + read: + - config:DescribeConfigRules + - config:DescribeComplianceByConfigRule + delete: + - config:DeleteConfigRule + - config:DescribeConfigRules + list: + - config:DescribeConfigRules + update: + - config:PutConfigRule + - config:DescribeConfigRules + AccountAggregationSource: + type: object + additionalProperties: false + properties: + AllAwsRegions: + type: boolean + AwsRegions: + type: array + uniqueItems: false + items: + type: string + AccountIds: + type: array + uniqueItems: false + items: + type: string + required: + - AccountIds + OrganizationAggregationSource: + type: object + additionalProperties: false + properties: + AllAwsRegions: + type: boolean + AwsRegions: + type: array + uniqueItems: false + items: + type: string + RoleArn: + type: string + required: + - RoleArn + ConfigurationAggregator: + type: object + properties: + AccountAggregationSources: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/AccountAggregationSource' + ConfigurationAggregatorName: + description: The name of the aggregator. + type: string + pattern: '[\w\-]+' + minLength: 1 + maxLength: 256 + ConfigurationAggregatorArn: + description: The Amazon Resource Name (ARN) of the aggregator. + type: string + OrganizationAggregationSource: + $ref: '#/components/schemas/OrganizationAggregationSource' + Tags: + description: The tags for the configuration aggregator. + type: array + maxItems: 50 + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: configuration_aggregator + description: Resource Type definition for AWS::Config::ConfigurationAggregator + x-type-name: AWS::Config::ConfigurationAggregator + x-stackql-primary-identifier: + - ConfigurationAggregatorName + x-create-only-properties: + - ConfigurationAggregatorName + x-read-only-properties: + - ConfigurationAggregatorArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - config:PutConfigurationAggregator + - config:DescribeConfigurationAggregators + - config:TagResource + - iam:PassRole + - organizations:EnableAWSServiceAccess + - organizations:ListDelegatedAdministrators + read: + - config:DescribeConfigurationAggregators + - config:ListTagsForResource + update: + - config:PutConfigurationAggregator + - config:DescribeConfigurationAggregators + - config:TagResource + - config:UntagResource + - config:ListTagsForResource + - iam:PassRole + - organizations:EnableAWSServiceAccess + - organizations:ListDelegatedAdministrators + delete: + - config:DeleteConfigurationAggregator + - config:UntagResource + list: + - config:DescribeConfigurationAggregators + ParameterName: + type: string + minLength: 0 + maxLength: 255 + ParameterValue: + type: string + minLength: 0 + maxLength: 4096 + ConformancePackInputParameter: + description: Input parameters in the form of key-value pairs for the conformance pack. + type: object + properties: + ParameterName: + $ref: '#/components/schemas/ParameterName' + ParameterValue: + $ref: '#/components/schemas/ParameterValue' + required: + - ParameterName + - ParameterValue + ConformancePack: + type: object + properties: + ConformancePackName: + description: Name of the conformance pack which will be assigned as the unique identifier. + type: string + pattern: '[a-zA-Z][-a-zA-Z0-9]*' + minLength: 1 + maxLength: 256 + DeliveryS3Bucket: + description: AWS Config stores intermediate files while processing conformance pack template. + type: string + minLength: 0 + maxLength: 63 + DeliveryS3KeyPrefix: + description: The prefix for delivery S3 bucket. + type: string + minLength: 0 + maxLength: 1024 + TemplateBody: + description: A string containing full conformance pack template body. You can only specify one of the template body or template S3Uri fields. + type: string + minLength: 1 + maxLength: 51200 + TemplateS3Uri: + description: Location of file containing the template body which points to the conformance pack template that is located in an Amazon S3 bucket. You can only specify one of the template body or template S3Uri fields. + type: string + pattern: s3://.* + minLength: 1 + maxLength: 1024 + TemplateSSMDocumentDetails: + description: The TemplateSSMDocumentDetails object contains the name of the SSM document and the version of the SSM document. + type: object + additionalProperties: false + properties: + DocumentName: + type: string + minLength: 3 + maxLength: 128 + DocumentVersion: + type: string + minLength: 1 + maxLength: 128 + ConformancePackInputParameters: + description: A list of ConformancePackInputParameter objects. + type: array + items: + $ref: '#/components/schemas/ConformancePackInputParameter' + minItems: 0 + maxItems: 60 + required: + - ConformancePackName + x-stackql-resource-name: conformance_pack + description: A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account and a region or across an entire AWS Organization. + x-type-name: AWS::Config::ConformancePack + x-documentation-url: https://docs.aws.amazon.com/config/latest/developerguide/conformance-packs.html + x-stackql-primary-identifier: + - ConformancePackName + x-create-only-properties: + - ConformancePackName + x-write-only-properties: + - TemplateBody + - TemplateS3Uri + - TemplateSSMDocumentDetails + x-required-properties: + - ConformancePackName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - config:PutConformancePack + - config:DescribeConformancePackStatus + - config:DescribeConformancePacks + - s3:GetObject + - s3:GetBucketAcl + - iam:CreateServiceLinkedRole + - iam:PassRole + read: + - config:DescribeConformancePacks + update: + - config:PutConformancePack + - config:DescribeConformancePackStatus + - s3:GetObject + - s3:GetBucketAcl + - iam:CreateServiceLinkedRole + - iam:PassRole + delete: + - config:DeleteConformancePack + - config:DescribeConformancePackStatus + list: + - config:DescribeConformancePacks + AccountId: + type: string + OrganizationConformancePack: + type: object + properties: + OrganizationConformancePackName: + description: The name of the organization conformance pack. + type: string + pattern: '[a-zA-Z][-a-zA-Z0-9]*' + minLength: 1 + maxLength: 128 + TemplateS3Uri: + description: Location of file containing the template body. + type: string + pattern: s3://.* + minLength: 1 + maxLength: 1024 + TemplateBody: + description: A string containing full conformance pack template body. + type: string + minLength: 1 + maxLength: 51200 + DeliveryS3Bucket: + description: AWS Config stores intermediate files while processing conformance pack template. + type: string + minLength: 0 + maxLength: 63 + DeliveryS3KeyPrefix: + description: The prefix for the delivery S3 bucket. + type: string + minLength: 0 + maxLength: 1024 + ConformancePackInputParameters: + description: A list of ConformancePackInputParameter objects. + type: array + items: + $ref: '#/components/schemas/ConformancePackInputParameter' + minItems: 0 + maxItems: 60 + ExcludedAccounts: + description: A list of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. + type: array + items: + $ref: '#/components/schemas/AccountId' + minItems: 0 + maxItems: 1000 + required: + - OrganizationConformancePackName + x-stackql-resource-name: organization_conformance_pack + description: Resource schema for AWS::Config::OrganizationConformancePack. + x-type-name: AWS::Config::OrganizationConformancePack + x-documentation-url: https://docs.aws.amazon.com/config/latest/developerguide/conformance-pack-organization-apis.html + x-stackql-primary-identifier: + - OrganizationConformancePackName + x-create-only-properties: + - OrganizationConformancePackName + x-write-only-properties: + - TemplateBody + - TemplateS3Uri + x-required-properties: + - OrganizationConformancePackName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - config:PutOrganizationConformancePack + - config:DescribeOrganizationConformancePackStatuses + - config:GetOrganizationConformancePackDetailedStatus + - config:DescribeOrganizationConformancePacks + - s3:GetObject + - s3:GetBucketAcl + - iam:CreateServiceLinkedRole + - iam:PassRole + - organizations:ListDelegatedAdministrators + - organizations:EnableAWSServiceAccess + read: + - config:DescribeOrganizationConformancePacks + delete: + - config:DeleteOrganizationConformancePack + - config:DescribeOrganizationConformancePackStatuses + - config:GetOrganizationConformancePackDetailedStatus + - organizations:ListDelegatedAdministrators + update: + - config:PutOrganizationConformancePack + - config:DescribeOrganizationConformancePackStatuses + - config:GetOrganizationConformancePackDetailedStatus + - s3:GetObject + - s3:GetBucketAcl + - iam:CreateServiceLinkedRole + - iam:PassRole + - organizations:ListDelegatedAdministrators + - organizations:EnableAWSServiceAccess + list: + - config:DescribeOrganizationConformancePacks + StoredQuery: + type: object + properties: + QueryArn: + type: string + minLength: 1 + maxLength: 500 + QueryId: + type: string + minLength: 1 + maxLength: 36 + pattern: ^\S+$ + QueryName: + type: string + minLength: 1 + maxLength: 64 + pattern: ^[a-zA-Z0-9-_]+$ + QueryDescription: + type: string + minLength: 0 + maxLength: 256 + pattern: '[\s\S]*' + QueryExpression: + type: string + minLength: 1 + maxLength: 4096 + pattern: '[\s\S]*' + Tags: + description: The tags for the stored query. + type: array + maxItems: 50 + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + required: + - QueryName + - QueryExpression + x-stackql-resource-name: stored_query + description: Resource Type definition for AWS::Config::StoredQuery + x-type-name: AWS::Config::StoredQuery + x-stackql-primary-identifier: + - QueryName + x-create-only-properties: + - QueryName + x-read-only-properties: + - QueryId + - QueryArn + x-required-properties: + - QueryName + - QueryExpression + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - config:PutStoredQuery + - config:GetStoredQuery + - config:TagResource + read: + - config:GetStoredQuery + - config:ListTagsForResource + update: + - config:PutStoredQuery + - config:GetStoredQuery + - config:TagResource + - config:UntagResource + - config:ListTagsForResource + delete: + - config:DeleteStoredQuery + - config:UntagResource + list: + - config:ListStoredQueries + x-stackQL-resources: + aggregation_authorizations: + name: aggregation_authorizations + id: aws.config.aggregation_authorizations + x-cfn-schema-name: AggregationAuthorization + x-type: list + x-identifiers: + - AuthorizedAccountId + - AuthorizedAwsRegion + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AuthorizedAccountId') as authorized_account_id, + JSON_EXTRACT(Properties, '$.AuthorizedAwsRegion') as authorized_aws_region + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Config::AggregationAuthorization' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AuthorizedAccountId') as authorized_account_id, + json_extract_path_text(Properties, 'AuthorizedAwsRegion') as authorized_aws_region + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Config::AggregationAuthorization' + AND region = 'us-east-1' + aggregation_authorization: + name: aggregation_authorization + id: aws.config.aggregation_authorization + x-cfn-schema-name: AggregationAuthorization + x-type: get + x-identifiers: + - AuthorizedAccountId + - AuthorizedAwsRegion + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AuthorizedAccountId') as authorized_account_id, + JSON_EXTRACT(Properties, '$.AuthorizedAwsRegion') as authorized_aws_region, + JSON_EXTRACT(Properties, '$.AggregationAuthorizationArn') as aggregation_authorization_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Config::AggregationAuthorization' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AuthorizedAccountId') as authorized_account_id, + json_extract_path_text(Properties, 'AuthorizedAwsRegion') as authorized_aws_region, + json_extract_path_text(Properties, 'AggregationAuthorizationArn') as aggregation_authorization_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Config::AggregationAuthorization' + AND data__Identifier = '|' + AND region = 'us-east-1' + config_rules: + name: config_rules + id: aws.config.config_rules + x-cfn-schema-name: ConfigRule + x-type: list + x-identifiers: + - ConfigRuleName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConfigRuleName') as config_rule_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Config::ConfigRule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConfigRuleName') as config_rule_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Config::ConfigRule' + AND region = 'us-east-1' + config_rule: + name: config_rule + id: aws.config.config_rule + x-cfn-schema-name: ConfigRule + x-type: get + x-identifiers: + - ConfigRuleName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ConfigRuleId') as config_rule_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Scope') as scope, + JSON_EXTRACT(Properties, '$.ConfigRuleName') as config_rule_name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Compliance') as compliance, + JSON_EXTRACT(Properties, '$.MaximumExecutionFrequency') as maximum_execution_frequency, + JSON_EXTRACT(Properties, '$.Source') as source, + JSON_EXTRACT(Properties, '$.InputParameters') as input_parameters, + JSON_EXTRACT(Properties, '$.EvaluationModes') as evaluation_modes + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Config::ConfigRule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ConfigRuleId') as config_rule_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Scope') as scope, + json_extract_path_text(Properties, 'ConfigRuleName') as config_rule_name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Compliance') as compliance, + json_extract_path_text(Properties, 'MaximumExecutionFrequency') as maximum_execution_frequency, + json_extract_path_text(Properties, 'Source') as source, + json_extract_path_text(Properties, 'InputParameters') as input_parameters, + json_extract_path_text(Properties, 'EvaluationModes') as evaluation_modes + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Config::ConfigRule' + AND data__Identifier = '' + AND region = 'us-east-1' + configuration_aggregators: + name: configuration_aggregators + id: aws.config.configuration_aggregators + x-cfn-schema-name: ConfigurationAggregator + x-type: list + x-identifiers: + - ConfigurationAggregatorName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConfigurationAggregatorName') as configuration_aggregator_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Config::ConfigurationAggregator' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConfigurationAggregatorName') as configuration_aggregator_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Config::ConfigurationAggregator' + AND region = 'us-east-1' + configuration_aggregator: + name: configuration_aggregator + id: aws.config.configuration_aggregator + x-cfn-schema-name: ConfigurationAggregator + x-type: get + x-identifiers: + - ConfigurationAggregatorName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccountAggregationSources') as account_aggregation_sources, + JSON_EXTRACT(Properties, '$.ConfigurationAggregatorName') as configuration_aggregator_name, + JSON_EXTRACT(Properties, '$.ConfigurationAggregatorArn') as configuration_aggregator_arn, + JSON_EXTRACT(Properties, '$.OrganizationAggregationSource') as organization_aggregation_source, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Config::ConfigurationAggregator' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccountAggregationSources') as account_aggregation_sources, + json_extract_path_text(Properties, 'ConfigurationAggregatorName') as configuration_aggregator_name, + json_extract_path_text(Properties, 'ConfigurationAggregatorArn') as configuration_aggregator_arn, + json_extract_path_text(Properties, 'OrganizationAggregationSource') as organization_aggregation_source, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Config::ConfigurationAggregator' + AND data__Identifier = '' + AND region = 'us-east-1' + conformance_packs: + name: conformance_packs + id: aws.config.conformance_packs + x-cfn-schema-name: ConformancePack + x-type: list + x-identifiers: + - ConformancePackName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConformancePackName') as conformance_pack_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Config::ConformancePack' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConformancePackName') as conformance_pack_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Config::ConformancePack' + AND region = 'us-east-1' + conformance_pack: + name: conformance_pack + id: aws.config.conformance_pack + x-cfn-schema-name: ConformancePack + x-type: get + x-identifiers: + - ConformancePackName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ConformancePackName') as conformance_pack_name, + JSON_EXTRACT(Properties, '$.DeliveryS3Bucket') as delivery_s3_bucket, + JSON_EXTRACT(Properties, '$.DeliveryS3KeyPrefix') as delivery_s3_key_prefix, + JSON_EXTRACT(Properties, '$.TemplateBody') as template_body, + JSON_EXTRACT(Properties, '$.TemplateS3Uri') as template_s3_uri, + JSON_EXTRACT(Properties, '$.TemplateSSMDocumentDetails') as template_ssm_document_details, + JSON_EXTRACT(Properties, '$.ConformancePackInputParameters') as conformance_pack_input_parameters + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Config::ConformancePack' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ConformancePackName') as conformance_pack_name, + json_extract_path_text(Properties, 'DeliveryS3Bucket') as delivery_s3_bucket, + json_extract_path_text(Properties, 'DeliveryS3KeyPrefix') as delivery_s3_key_prefix, + json_extract_path_text(Properties, 'TemplateBody') as template_body, + json_extract_path_text(Properties, 'TemplateS3Uri') as template_s3_uri, + json_extract_path_text(Properties, 'TemplateSSMDocumentDetails') as template_ssm_document_details, + json_extract_path_text(Properties, 'ConformancePackInputParameters') as conformance_pack_input_parameters + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Config::ConformancePack' + AND data__Identifier = '' + AND region = 'us-east-1' + organization_conformance_packs: + name: organization_conformance_packs + id: aws.config.organization_conformance_packs + x-cfn-schema-name: OrganizationConformancePack + x-type: list + x-identifiers: + - OrganizationConformancePackName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.OrganizationConformancePackName') as organization_conformance_pack_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Config::OrganizationConformancePack' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'OrganizationConformancePackName') as organization_conformance_pack_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Config::OrganizationConformancePack' + AND region = 'us-east-1' + organization_conformance_pack: + name: organization_conformance_pack + id: aws.config.organization_conformance_pack + x-cfn-schema-name: OrganizationConformancePack + x-type: get + x-identifiers: + - OrganizationConformancePackName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.OrganizationConformancePackName') as organization_conformance_pack_name, + JSON_EXTRACT(Properties, '$.TemplateS3Uri') as template_s3_uri, + JSON_EXTRACT(Properties, '$.TemplateBody') as template_body, + JSON_EXTRACT(Properties, '$.DeliveryS3Bucket') as delivery_s3_bucket, + JSON_EXTRACT(Properties, '$.DeliveryS3KeyPrefix') as delivery_s3_key_prefix, + JSON_EXTRACT(Properties, '$.ConformancePackInputParameters') as conformance_pack_input_parameters, + JSON_EXTRACT(Properties, '$.ExcludedAccounts') as excluded_accounts + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Config::OrganizationConformancePack' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'OrganizationConformancePackName') as organization_conformance_pack_name, + json_extract_path_text(Properties, 'TemplateS3Uri') as template_s3_uri, + json_extract_path_text(Properties, 'TemplateBody') as template_body, + json_extract_path_text(Properties, 'DeliveryS3Bucket') as delivery_s3_bucket, + json_extract_path_text(Properties, 'DeliveryS3KeyPrefix') as delivery_s3_key_prefix, + json_extract_path_text(Properties, 'ConformancePackInputParameters') as conformance_pack_input_parameters, + json_extract_path_text(Properties, 'ExcludedAccounts') as excluded_accounts + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Config::OrganizationConformancePack' + AND data__Identifier = '' + AND region = 'us-east-1' + stored_queries: + name: stored_queries + id: aws.config.stored_queries + x-cfn-schema-name: StoredQuery + x-type: list + x-identifiers: + - QueryName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.QueryName') as query_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Config::StoredQuery' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'QueryName') as query_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Config::StoredQuery' + AND region = 'us-east-1' + stored_query: + name: stored_query + id: aws.config.stored_query + x-cfn-schema-name: StoredQuery + x-type: get + x-identifiers: + - QueryName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.QueryArn') as query_arn, + JSON_EXTRACT(Properties, '$.QueryId') as query_id, + JSON_EXTRACT(Properties, '$.QueryName') as query_name, + JSON_EXTRACT(Properties, '$.QueryDescription') as query_description, + JSON_EXTRACT(Properties, '$.QueryExpression') as query_expression, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Config::StoredQuery' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'QueryArn') as query_arn, + json_extract_path_text(Properties, 'QueryId') as query_id, + json_extract_path_text(Properties, 'QueryName') as query_name, + json_extract_path_text(Properties, 'QueryDescription') as query_description, + json_extract_path_text(Properties, 'QueryExpression') as query_expression, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Config::StoredQuery' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/connect.yaml b/providers/src/aws/v00.00.00000/services/connect.yaml new file mode 100644 index 00000000..1268e068 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/connect.yaml @@ -0,0 +1,4624 @@ +openapi: 3.0.0 +info: + title: Connect + version: 1.0.0 +paths: {} +components: + schemas: + Origin: + description: Domain name to be added to the allowlist of instance + type: string + maxLength: 267 + InstanceId: + description: Amazon Connect instance identifier + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + minLength: 1 + maxLength: 100 + ApprovedOrigin: + type: object + properties: + Origin: + $ref: '#/components/schemas/Origin' + InstanceId: + $ref: '#/components/schemas/InstanceId' + required: + - Origin + - InstanceId + x-stackql-resource-name: approved_origin + description: Resource Type definition for AWS::Connect::ApprovedOrigin + x-type-name: AWS::Connect::ApprovedOrigin + x-stackql-primary-identifier: + - InstanceId + - Origin + x-create-only-properties: + - InstanceId + - Origin + x-required-properties: + - Origin + - InstanceId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - connect:AssociateApprovedOrigin + - connect:ListApprovedOrigins + read: + - connect:ListApprovedOrigins + update: [] + delete: + - connect:DisassociateApprovedOrigin + - connect:ListApprovedOrigins + list: + - connect:ListApprovedOrigins + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + type: string + description: The key name of the tag. You can specify a value that is 1 to 128 Unicode characters + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + minLength: 1 + maxLength: 128 + Value: + type: string + description: The value for the tag. . You can specify a value that is maximum of 256 Unicode characters + maxLength: 256 + required: + - Key + - Value + ContactFlow: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance (ARN). + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + minLength: 1 + maxLength: 256 + ContactFlowArn: + description: The identifier of the contact flow (ARN). + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/contact-flow/[-a-zA-Z0-9]*$ + minLength: 1 + maxLength: 500 + Name: + description: The name of the contact flow. + type: string + minLength: 1 + maxLength: 127 + Content: + description: The content of the contact flow in JSON format. + type: string + minLength: 1 + maxLength: 256000 + Description: + description: The description of the contact flow. + type: string + maxLength: 500 + State: + type: string + description: The state of the contact flow. + enum: + - ACTIVE + - ARCHIVED + Type: + description: The type of the contact flow. + type: string + enum: + - CONTACT_FLOW + - CUSTOMER_QUEUE + - CUSTOMER_HOLD + - CUSTOMER_WHISPER + - AGENT_HOLD + - AGENT_WHISPER + - OUTBOUND_WHISPER + - AGENT_TRANSFER + - QUEUE_TRANSFER + Tags: + description: One or more tags. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - InstanceArn + - Content + - Name + - Type + x-stackql-resource-name: contact_flow + description: Resource Type definition for AWS::Connect::ContactFlow + x-type-name: AWS::Connect::ContactFlow + x-stackql-primary-identifier: + - ContactFlowArn + x-create-only-properties: + - Type + x-read-only-properties: + - ContactFlowArn + x-required-properties: + - InstanceArn + - Content + - Name + - Type + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateContactFlow + - connect:TagResource + read: + - connect:DescribeContactFlow + delete: + - connect:DeleteContactFlow + - connect:UntagResource + update: + - connect:UpdateContactFlowMetadata + - connect:UpdateContactFlowContent + - connect:TagResource + - connect:UntagResource + list: + - connect:ListContactFlows + ContactFlowModule: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance (ARN). + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + minLength: 1 + maxLength: 256 + ContactFlowModuleArn: + description: The identifier of the contact flow module (ARN). + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/flow-module/[-a-zA-Z0-9]*$ + minLength: 1 + maxLength: 256 + Name: + description: The name of the contact flow module. + type: string + minLength: 1 + maxLength: 127 + pattern: .*\S.* + Content: + description: The content of the contact flow module in JSON format. + type: string + minLength: 1 + maxLength: 256000 + Description: + description: The description of the contact flow module. + type: string + maxLength: 500 + pattern: .*\S.* + State: + type: string + description: The state of the contact flow module. + maxLength: 500 + Status: + type: string + description: The status of the contact flow module. + maxLength: 500 + Tags: + description: One or more tags. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - InstanceArn + - Name + - Content + x-stackql-resource-name: contact_flow_module + description: Resource Type definition for AWS::Connect::ContactFlowModule. + x-type-name: AWS::Connect::ContactFlowModule + x-stackql-primary-identifier: + - ContactFlowModuleArn + x-read-only-properties: + - ContactFlowModuleArn + - Status + x-required-properties: + - InstanceArn + - Name + - Content + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateContactFlowModule + - connect:TagResource + read: + - connect:DescribeContactFlowModule + delete: + - connect:DeleteContactFlowModule + - connect:UntagResource + update: + - connect:UpdateContactFlowModuleMetadata + - connect:UpdateContactFlowModuleContent + - connect:TagResource + - connect:UntagResource + list: + - connect:ListContactFlowModules + RefId: + description: The identifier to reference the item. + type: string + pattern: ^[a-zA-Z0-9._-]{1,40}$ + Weight: + description: The item weight used for scoring. + type: number + minimum: 0 + maximum: 100 + Score: + description: The score of an answer option. + type: integer + minimum: 0 + maximum: 10 + EvaluationFormBaseItem: + description: The evaluation form base item. + type: object + additionalProperties: false + properties: + Section: + description: The evaluation form section item + $ref: '#/components/schemas/EvaluationFormSection' + required: + - Section + EvaluationFormItem: + description: The evaluation form item. + type: object + additionalProperties: false + properties: + Section: + description: The evaluation form section item + $ref: '#/components/schemas/EvaluationFormSection' + Question: + description: The evaluation form question item + $ref: '#/components/schemas/EvaluationFormQuestion' + EvaluationFormSection: + description: The evaluation form section. + type: object + additionalProperties: false + properties: + Title: + description: The title of the section. + type: string + minLength: 1 + maxLength: 128 + Instructions: + description: The instructions for the section. + type: string + maxLength: 1024 + RefId: + description: The identifier to reference the section. + $ref: '#/components/schemas/RefId' + Items: + description: The list of section items. + type: array + x-insertionOrder: true + minItems: 1 + maxItems: 200 + items: + $ref: '#/components/schemas/EvaluationFormItem' + Weight: + description: The item weight used for scoring. + $ref: '#/components/schemas/Weight' + required: + - RefId + - Title + EvaluationFormNumericQuestionOption: + description: The option ranges used for scoring in numeric questions. + type: object + additionalProperties: false + properties: + MinValue: + description: The minimum value of the option range. + type: integer + MaxValue: + description: The maximum value of the option range. + type: integer + Score: + description: The score of the option range. + $ref: '#/components/schemas/Score' + AutomaticFail: + description: The flag to mark the option as automatic fail. + type: boolean + required: + - MinValue + - MaxValue + NumericQuestionPropertyValueAutomation: + description: The automation property name of the question. + type: object + additionalProperties: false + properties: + Label: + description: The automation property label. + type: string + enum: + - OVERALL_CUSTOMER_SENTIMENT_SCORE + - OVERALL_AGENT_SENTIMENT_SCORE + - NON_TALK_TIME + - NON_TALK_TIME_PERCENTAGE + - NUMBER_OF_INTERRUPTIONS + - CONTACT_DURATION + - AGENT_INTERACTION_DURATION + - CUSTOMER_HOLD_TIME + required: + - Label + EvaluationFormNumericQuestionAutomation: + description: The automation properties for the numeric question. + type: object + additionalProperties: false + properties: + PropertyValue: + description: The automation property name of the question. + $ref: '#/components/schemas/NumericQuestionPropertyValueAutomation' + required: + - PropertyValue + EvaluationFormNumericQuestionProperties: + description: The properties of the numeric question. + type: object + additionalProperties: false + properties: + MinValue: + description: The minimum value for answers of the question. + type: integer + MaxValue: + description: The maximum value for answers of the question. + type: integer + Options: + description: The list of option ranges used for scoring. + type: array + x-insertionOrder: true + minItems: 1 + maxItems: 10 + items: + $ref: '#/components/schemas/EvaluationFormNumericQuestionOption' + Automation: + description: The automation properties for the numeric question. + $ref: '#/components/schemas/EvaluationFormNumericQuestionAutomation' + required: + - MinValue + - MaxValue + EvaluationFormSingleSelectQuestionAutomationOption: + description: The automation option for the single-select question. + type: object + additionalProperties: false + properties: + RuleCategory: + description: The automation option based on Rules categories. + $ref: '#/components/schemas/SingleSelectQuestionRuleCategoryAutomation' + required: + - RuleCategory + SingleSelectQuestionRuleCategoryAutomation: + description: The automation option based on Rules categories. + type: object + additionalProperties: false + properties: + Category: + description: The category name as defined in Rules. + type: string + minLength: 1 + maxLength: 50 + Condition: + description: The automation condition applied on contact categories. + type: string + enum: + - PRESENT + - NOT_PRESENT + OptionRefId: + description: The option identifier referencing the option to be selected when the automation option is triggered. + $ref: '#/components/schemas/RefId' + required: + - Category + - Condition + - OptionRefId + EvaluationFormSingleSelectQuestionAutomation: + description: The automation properties for the single-select question. + type: object + additionalProperties: false + properties: + Options: + description: The answer options for the automation. + type: array + x-insertionOrder: true + minItems: 1 + maxItems: 20 + items: + $ref: '#/components/schemas/EvaluationFormSingleSelectQuestionAutomationOption' + DefaultOptionRefId: + description: The option reference identifier of the default answer. + $ref: '#/components/schemas/RefId' + required: + - Options + EvaluationFormSingleSelectQuestionOption: + description: The option for a question. + type: object + additionalProperties: false + properties: + RefId: + description: The identifier used to reference the option. + $ref: '#/components/schemas/RefId' + Text: + description: The title of the option. + type: string + minLength: 1 + maxLength: 128 + Score: + description: The score of the option. + $ref: '#/components/schemas/Score' + AutomaticFail: + description: The flag to mark the option as automatic fail. + type: boolean + required: + - RefId + - Text + EvaluationFormSingleSelectQuestionProperties: + description: The properties of the single-select question. + type: object + additionalProperties: false + properties: + Options: + description: The list of options for the question. + type: array + x-insertionOrder: true + minItems: 2 + maxItems: 256 + items: + $ref: '#/components/schemas/EvaluationFormSingleSelectQuestionOption' + DisplayAs: + description: The display mode of the single-select question. + type: string + enum: + - DROPDOWN + - RADIO + Automation: + description: The automation properties for the single-select question. + $ref: '#/components/schemas/EvaluationFormSingleSelectQuestionAutomation' + required: + - Options + EvaluationFormQuestionTypeProperties: + description: The properties of the question. + type: object + additionalProperties: false + properties: + Numeric: + description: The properties of the numeric question. + $ref: '#/components/schemas/EvaluationFormNumericQuestionProperties' + SingleSelect: + description: The properties of the single-select question. + $ref: '#/components/schemas/EvaluationFormSingleSelectQuestionProperties' + EvaluationFormQuestion: + description: The evaluation form question. + type: object + additionalProperties: false + properties: + Title: + description: The title of the question. + type: string + minLength: 1 + maxLength: 350 + Instructions: + description: The instructions for the question. + type: string + maxLength: 1024 + RefId: + description: The identifier used to reference the question. + $ref: '#/components/schemas/RefId' + NotApplicableEnabled: + description: The flag to enable not applicable answers to the question. + type: boolean + QuestionType: + description: The type of the question. + type: string + enum: + - NUMERIC + - SINGLESELECT + - TEXT + QuestionTypeProperties: + description: The properties of the question + $ref: '#/components/schemas/EvaluationFormQuestionTypeProperties' + Weight: + description: The question weight used for scoring. + $ref: '#/components/schemas/Weight' + required: + - RefId + - Title + - QuestionType + ScoringStrategy: + description: The scoring strategy. + type: object + additionalProperties: false + properties: + Mode: + description: The scoring mode. + type: string + enum: + - QUESTION_ONLY + - SECTION_ONLY + Status: + description: The scoring status. + type: string + enum: + - ENABLED + - DISABLED + required: + - Mode + - Status + EvaluationForm: + type: object + properties: + Title: + description: The title of the evaluation form. + type: string + minLength: 1 + maxLength: 128 + Description: + description: The description of the evaluation form. + type: string + maxLength: 1024 + EvaluationFormArn: + description: The Amazon Resource Name (ARN) for the evaluation form. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/evaluation-form/[-a-zA-Z0-9]*$ + InstanceArn: + description: The Amazon Resource Name (ARN) of the instance. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + Items: + description: The list of evaluation form items. + type: array + x-insertionOrder: true + minItems: 1 + maxItems: 200 + items: + $ref: '#/components/schemas/EvaluationFormBaseItem' + ScoringStrategy: + description: The scoring strategy. + $ref: '#/components/schemas/ScoringStrategy' + Status: + description: The status of the evaluation form. + type: string + default: DRAFT + enum: + - DRAFT + - ACTIVE + Tags: + description: One or more tags. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Title + - InstanceArn + - Items + - Status + x-stackql-resource-name: evaluation_form + description: Resource Type definition for AWS::Connect::EvaluationForm + x-type-name: AWS::Connect::EvaluationForm + x-stackql-primary-identifier: + - EvaluationFormArn + x-read-only-properties: + - EvaluationFormArn + x-required-properties: + - Title + - InstanceArn + - Items + - Status + x-tagging: + taggable: true + tagOnCreate: false + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateEvaluationForm + - connect:ActivateEvaluationForm + - connect:TagResource + read: + - connect:DescribeEvaluationForm + - connect:ListEvaluationFormVersions + list: + - connect:ListEvaluationForms + update: + - connect:UpdateEvaluationForm + - connect:ListEvaluationFormVersions + - connect:ActivateEvaluationForm + - connect:DeactivateEvaluationForm + - connect:TagResource + - connect:UntagResource + delete: + - connect:DeleteEvaluationForm + - connect:UntagResource + HoursOfOperationTimeSlice: + description: The start time or end time for an hours of operation. + type: object + additionalProperties: false + properties: + Hours: + type: integer + description: The hours. + minimum: 0 + maximum: 23 + Minutes: + type: integer + description: The minutes. + minimum: 0 + maximum: 59 + required: + - Hours + - Minutes + HoursOfOperationConfig: + description: Contains information about the hours of operation. + type: object + additionalProperties: false + properties: + Day: + type: string + description: The day that the hours of operation applies to. + enum: + - SUNDAY + - MONDAY + - TUESDAY + - WEDNESDAY + - THURSDAY + - FRIDAY + - SATURDAY + StartTime: + description: The start time that your contact center opens. + $ref: '#/components/schemas/HoursOfOperationTimeSlice' + EndTime: + description: The end time that your contact center closes. + $ref: '#/components/schemas/HoursOfOperationTimeSlice' + required: + - Day + - StartTime + - EndTime + HoursOfOperation: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + Name: + description: The name of the hours of operation. + type: string + minLength: 1 + maxLength: 127 + Description: + description: The description of the hours of operation. + type: string + minLength: 1 + maxLength: 250 + TimeZone: + description: The time zone of the hours of operation. + type: string + Config: + description: 'Configuration information for the hours of operation: day, start time, and end time.' + type: array + maxItems: 100 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/HoursOfOperationConfig' + HoursOfOperationArn: + description: The Amazon Resource Name (ARN) for the hours of operation. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/operating-hours/[-a-zA-Z0-9]*$ + Tags: + description: One or more tags. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - InstanceArn + - Name + - TimeZone + - Config + x-stackql-resource-name: hours_of_operation + description: Resource Type definition for AWS::Connect::HoursOfOperation + x-type-name: AWS::Connect::HoursOfOperation + x-stackql-primary-identifier: + - HoursOfOperationArn + x-read-only-properties: + - HoursOfOperationArn + x-required-properties: + - InstanceArn + - Name + - TimeZone + - Config + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateHoursOfOperation + - connect:TagResource + read: + - connect:DescribeHoursOfOperation + delete: + - connect:DeleteHoursOfOperation + - connect:UntagResource + update: + - connect:UpdateHoursOfOperation + - connect:TagResource + - connect:UntagResource + list: + - connect:ListHoursOfOperations + InboundCalls: + description: Mandatory element which enables inbound calls on new instance. + type: boolean + OutboundCalls: + description: Mandatory element which enables outbound calls on new instance. + type: boolean + ContactflowLogs: + description: Boolean flag which enables CONTACTFLOW_LOGS on an instance. + type: boolean + ContactLens: + description: Boolean flag which enables CONTACT_LENS on an instance. + type: boolean + AutoResolveBestVoices: + description: Boolean flag which enables AUTO_RESOLVE_BEST_VOICES on an instance. + type: boolean + UseCustomTTSVoices: + description: Boolean flag which enables USE_CUSTOM_TTS_VOICES on an instance. + type: boolean + EarlyMedia: + description: Boolean flag which enables EARLY_MEDIA on an instance. + type: boolean + Attributes: + type: object + additionalProperties: false + properties: + InboundCalls: + $ref: '#/components/schemas/InboundCalls' + OutboundCalls: + $ref: '#/components/schemas/OutboundCalls' + ContactflowLogs: + $ref: '#/components/schemas/ContactflowLogs' + ContactLens: + $ref: '#/components/schemas/ContactLens' + AutoResolveBestVoices: + $ref: '#/components/schemas/AutoResolveBestVoices' + UseCustomTTSVoices: + $ref: '#/components/schemas/UseCustomTTSVoices' + EarlyMedia: + $ref: '#/components/schemas/EarlyMedia' + required: + - InboundCalls + - OutboundCalls + Instance: + type: object + properties: + Id: + description: An instanceId is automatically generated on creation and assigned as the unique identifier. + type: string + Arn: + description: An instanceArn is automatically generated on creation based on instanceId. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + IdentityManagementType: + description: Specifies the type of directory integration for new instance. + type: string + enum: + - SAML + - CONNECT_MANAGED + - EXISTING_DIRECTORY + InstanceAlias: + description: Alias of the new directory created as part of new instance creation. + type: string + pattern: ^(?!d-)([\da-zA-Z]+)([-]*[\da-zA-Z])*$ + minLength: 1 + maxLength: 62 + CreatedTime: + description: Timestamp of instance creation logged as part of instance creation. + type: string + format: date-time + ServiceRole: + description: Service linked role created as part of instance creation. + type: string + InstanceStatus: + description: Specifies the creation status of new instance. + type: string + enum: + - CREATION_IN_PROGRESS + - CREATION_FAILED + - ACTIVE + DirectoryId: + description: Existing directoryId user wants to map to the new Connect instance. + type: string + pattern: ^d-[0-9a-f]{10}$ + minLength: 12 + maxLength: 12 + Attributes: + description: The attributes for the instance. + $ref: '#/components/schemas/Attributes' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - IdentityManagementType + - Attributes + x-stackql-resource-name: instance + description: Resource Type definition for AWS::Connect::Instance + x-type-name: AWS::Connect::Instance + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - DirectoryId + - InstanceAlias + - IdentityManagementType + x-write-only-properties: + - DirectoryId + x-read-only-properties: + - Id + - Arn + - ServiceRole + - CreatedTime + - InstanceStatus + x-required-properties: + - IdentityManagementType + - Attributes + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateInstance + - connect:DescribeInstance + - connect:UpdateInstanceAttribute + - connect:TagResource + - ds:CheckAlias + - ds:CreateAlias + - ds:AuthorizeApplication + - ds:UnauthorizeApplication + - ds:CreateIdentityPoolDirectory + - ds:CreateDirectory + - ds:DescribeDirectories + - iam:CreateServiceLinkedRole + - iam:PutRolePolicy + - logs:CreateLogGroup + read: + - connect:DescribeInstance + - connect:ListInstanceAttributes + - ds:DescribeDirectories + update: + - connect:ListInstanceAttributes + - connect:UpdateInstanceAttribute + - iam:CreateServiceLinkedRole + - iam:PutRolePolicy + - connect:TagResource + - connect:UntagResource + delete: + - connect:DeleteInstance + - connect:DescribeInstance + - connect:UntagResource + - ds:DeleteDirectory + - ds:UnauthorizeApplication + - ds:DescribeDirectories + list: + - connect:ListInstances + - connect:ListInstanceAttributes + - ds:DescribeDirectories + KinesisStreamArn: + description: An ARN is a unique AWS resource identifier. + type: string + pattern: ^arn:aws[-a-z0-9]*:kinesis:[-a-z0-9]*:[0-9]{12}:stream/[-a-zA-Z0-9_.]*$ + FirehoseDeliveryStreamArn: + description: An ARN is a unique AWS resource identifier. + type: string + pattern: ^arn:aws[-a-z0-9]*:firehose:[-a-z0-9]*:[0-9]{12}:deliverystream/[-a-zA-Z0-9_.]*$ + AssociationId: + description: An associationID is automatically generated when a storage config is associated with an instance + type: string + pattern: ^[-a-z0-9]*$ + minLength: 1 + maxLength: 100 + InstanceStorageResourceType: + description: Specifies the type of storage resource available for the instance + type: string + enum: + - CHAT_TRANSCRIPTS + - CALL_RECORDINGS + - SCHEDULED_REPORTS + - MEDIA_STREAMS + - CONTACT_TRACE_RECORDS + - AGENT_EVENTS + StorageType: + description: Specifies the storage type to be associated with the instance + type: string + enum: + - S3 + - KINESIS_VIDEO_STREAM + - KINESIS_STREAM + - KINESIS_FIREHOSE + BucketName: + description: A name for the S3 Bucket + type: string + minLength: 1 + maxLength: 128 + Hours: + description: Number of hours + type: number + Prefix: + description: Prefixes are used to infer logical hierarchy + type: string + minLength: 1 + maxLength: 128 + EncryptionType: + description: Specifies default encryption using AWS KMS-Managed Keys + type: string + enum: + - KMS + KeyId: + description: Specifies the encryption key id + type: string + minLength: 1 + maxLength: 128 + EncryptionConfig: + type: object + additionalProperties: false + properties: + EncryptionType: + $ref: '#/components/schemas/EncryptionType' + KeyId: + $ref: '#/components/schemas/KeyId' + required: + - EncryptionType + - KeyId + S3Config: + type: object + additionalProperties: false + properties: + BucketName: + $ref: '#/components/schemas/BucketName' + BucketPrefix: + $ref: '#/components/schemas/Prefix' + EncryptionConfig: + $ref: '#/components/schemas/EncryptionConfig' + required: + - BucketName + - BucketPrefix + KinesisVideoStreamConfig: + type: object + additionalProperties: false + properties: + Prefix: + $ref: '#/components/schemas/Prefix' + RetentionPeriodHours: + $ref: '#/components/schemas/Hours' + EncryptionConfig: + $ref: '#/components/schemas/EncryptionConfig' + required: + - Prefix + - RetentionPeriodHours + - EncryptionConfig + KinesisStreamConfig: + type: object + additionalProperties: false + properties: + StreamArn: + $ref: '#/components/schemas/KinesisStreamArn' + required: + - StreamArn + KinesisFirehoseConfig: + type: object + additionalProperties: false + properties: + FirehoseArn: + $ref: '#/components/schemas/FirehoseDeliveryStreamArn' + required: + - FirehoseArn + InstanceStorageConfig: + type: object + properties: + InstanceArn: + description: Connect Instance ID with which the storage config will be associated + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + ResourceType: + $ref: '#/components/schemas/InstanceStorageResourceType' + AssociationId: + $ref: '#/components/schemas/AssociationId' + StorageType: + $ref: '#/components/schemas/StorageType' + S3Config: + $ref: '#/components/schemas/S3Config' + KinesisVideoStreamConfig: + $ref: '#/components/schemas/KinesisVideoStreamConfig' + KinesisStreamConfig: + $ref: '#/components/schemas/KinesisStreamConfig' + KinesisFirehoseConfig: + $ref: '#/components/schemas/KinesisFirehoseConfig' + required: + - InstanceArn + - ResourceType + - StorageType + x-stackql-resource-name: instance_storage_config + description: Resource Type definition for AWS::Connect::InstanceStorageConfig + x-type-name: AWS::Connect::InstanceStorageConfig + x-stackql-primary-identifier: + - InstanceArn + - AssociationId + - ResourceType + x-create-only-properties: + - InstanceArn + - ResourceType + x-read-only-properties: + - AssociationId + x-required-properties: + - InstanceArn + - ResourceType + - StorageType + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - connect:AssociateInstanceStorageConfig + - connect:DescribeInstance + - ds:DescribeDirectories + - s3:GetBucketAcl + - s3:GetBucketLocation + - iam:PutRolePolicy + - kinesis:DescribeStream + - kms:DescribeKey + - kms:CreateGrant + - firehose:DescribeDeliveryStream + read: + - connect:DescribeInstanceStorageConfig + - connect:ListInstanceStorageConfigs + - connect:DescribeInstance + - ds:DescribeDirectories + - s3:GetBucketAcl + - s3:GetBucketLocation + update: + - connect:UpdateInstanceStorageConfig + - ds:DescribeDirectories + - s3:GetBucketAcl + - s3:GetBucketLocation + - kinesis:DescribeStream + - iam:PutRolePolicy + - kms:DescribeKey + - kms:CreateGrant + - kms:RetireGrant + - firehose:DescribeDeliveryStream + delete: + - connect:DisassociateInstanceStorageConfig + - connect:DescribeInstance + - s3:GetBucketAcl + - s3:GetBucketLocation + - kms:RetireGrant + list: + - connect:DescribeInstance + - connect:ListInstanceStorageConfigs + - ds:DescribeDirectories + IntegrationArn: + description: ARN of Integration being associated with the instance + type: string + minLength: 1 + maxLength: 140 + IntegrationType: + description: Specifies the integration type to be associated with the instance + type: string + enum: + - LEX_BOT + - LAMBDA_FUNCTION + - APPLICATION + IntegrationAssociationId: + description: Identifier of the association with Connect Instance + type: string + pattern: ^[a-zA-Z]{1}(?:-?[a-zA-Z0-9])*$ + IntegrationAssociation: + type: object + properties: + IntegrationAssociationId: + $ref: '#/components/schemas/IntegrationAssociationId' + InstanceId: + $ref: '#/components/schemas/InstanceId' + IntegrationArn: + $ref: '#/components/schemas/IntegrationArn' + IntegrationType: + $ref: '#/components/schemas/IntegrationType' + required: + - InstanceId + - IntegrationType + - IntegrationArn + x-stackql-resource-name: integration_association + description: Resource Type definition for AWS::Connect::IntegrationAssociation + x-type-name: AWS::Connect::IntegrationAssociation + x-stackql-primary-identifier: + - InstanceId + - IntegrationType + - IntegrationArn + x-create-only-properties: + - InstanceId + - IntegrationArn + - IntegrationType + x-read-only-properties: + - IntegrationAssociationId + x-required-properties: + - InstanceId + - IntegrationType + - IntegrationArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - connect:DescribeInstance + - ds:DescribeDirectories + - app-integrations:CreateEventIntegrationAssociation + - mobiletargeting:GetApp + - cases:GetDomain + - wisdom:GetAssistant + - wisdom:GetKnowledgeBase + - wisdom:TagResource + - voiceid:DescribeDomain + - events:PutTargets + - events:PutRule + - connect:AssociateBot + - connect:AssociateLambdaFunction + - connect:CreateIntegrationAssociation + - connect:ListBots + - connect:ListLambdaFunctions + - connect:ListIntegrationAssociations + - lambda:addPermission + - lex:GetBot + - lex:DescribeBotAlias + - lex:CreateResourcePolicy + - lex:UpdateResourcePolicy + - lex:CreateResourcePolicyStatement + - lambda:AddPermission + - app-integrations:GetApplication + - app-integrations:CreateApplicationAssociation + - iam:AttachRolePolicy + - iam:CreateServiceLinkedRole + - iam:GetRolePolicy + - iam:PutRolePolicy + read: + - connect:ListBots + - connect:ListLambdaFunctions + - connect:ListIntegrationAssociations + update: [] + delete: + - connect:DescribeInstance + - ds:DescribeDirectories + - app-integrations:DeleteEventIntegrationAssociation + - app-integrations:DeleteApplicationAssociation + - events:ListTargetsByRule + - events:RemoveTargets + - events:DeleteRule + - connect:DisassociateBot + - connect:DisassociateLambdaFunction + - connect:DeleteIntegrationAssociation + - connect:ListBots + - connect:ListLambdaFunctions + - connect:ListIntegrationAssociations + - lex:DeleteResourcePolicy + - lex:DeleteResourcePolicyStatement + - lambda:RemovePermission + - iam:GetRolePolicy + - iam:DeleteRolePolicy + - iam:PutRolePolicy + list: + - connect:ListBots + - connect:ListLambdaFunctions + - connect:ListIntegrationAssociations + PhoneNumber: + description: The phone number in E.164 format. + type: string + pattern: ^\+[1-9]\d{1,14}$ + StringList: + description: Predefined attribute values of type string list. + type: array + minItems: 1 + maxItems: 128 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Value' + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + PredefinedAttribute: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + Name: + description: The name of the predefined attribute. + type: string + minLength: 1 + maxLength: 64 + Values: + description: The values of a predefined attribute. + type: object + properties: + StringList: + $ref: '#/components/schemas/StringList' + additionalProperties: false + LastModifiedRegion: + description: Last modified region. + type: string + pattern: '[a-z]{2}(-[a-z]+){1,2}(-[0-9])?' + LastModifiedTime: + description: Last modified time. + type: number + required: + - InstanceArn + - Name + - Values + x-stackql-resource-name: predefined_attribute + description: Resource Type definition for AWS::Connect::PredefinedAttribute + x-type-name: AWS::Connect::PredefinedAttribute + x-stackql-primary-identifier: + - InstanceArn + - Name + x-create-only-properties: + - InstanceArn + - Name + x-read-only-properties: + - LastModifiedRegion + - LastModifiedTime + x-required-properties: + - InstanceArn + - Name + - Values + x-tagging: + taggable: false + x-required-permissions: + create: + - connect:CreatePredefinedAttribute + read: + - connect:DescribePredefinedAttribute + delete: + - connect:DeletePredefinedAttribute + update: + - connect:UpdatePredefinedAttribute + list: + - connect:ListPredefinedAttributes + Prompt: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + Name: + description: The name of the prompt. + type: string + minLength: 1 + maxLength: 127 + Description: + description: The description of the prompt. + type: string + minLength: 1 + maxLength: 250 + S3Uri: + description: S3 URI of the customer's audio file for creating prompts resource.. + type: string + minLength: 1 + maxLength: 2000 + pattern: s3://\S+/.+|https://\S+\.s3(\.\S+)?\.amazonaws\.com/\S+ + PromptArn: + description: The Amazon Resource Name (ARN) for the prompt. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/prompt/[-a-zA-Z0-9]*$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - InstanceArn + - Name + x-stackql-resource-name: prompt + description: Resource Type definition for AWS::Connect::Prompt + x-type-name: AWS::Connect::Prompt + x-stackql-primary-identifier: + - PromptArn + x-write-only-properties: + - S3Uri + x-read-only-properties: + - PromptArn + x-required-properties: + - InstanceArn + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreatePrompt + - connect:TagResource + - s3:GetObject + - kms:Decrypt + - s3:GetObjectAcl + read: + - connect:DescribePrompt + update: + - connect:UpdatePrompt + - connect:TagResource + - connect:UntagResource + delete: + - connect:DeletePrompt + list: + - connect:ListPrompts + OutboundCallerIdName: + description: The caller ID name. + type: string + minLength: 1 + maxLength: 255 + OutboundCallerIdNumberArn: + description: The caller ID number. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:phone-number/[-a-zA-Z0-9]*$ + OutboundFlowArn: + description: The outbound whisper flow to be used during an outbound call. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/contact-flow/[-a-zA-Z0-9]*$ + minLength: 1 + maxLength: 500 + Key: + description: A valid security key in PEM format. + type: string + minLength: 1 + maxLength: 1024 + OutboundCallerConfig: + description: The outbound caller ID name, number, and outbound whisper flow. + type: object + additionalProperties: false + properties: + OutboundCallerIdName: + $ref: '#/components/schemas/OutboundCallerIdName' + OutboundCallerIdNumberArn: + $ref: '#/components/schemas/OutboundCallerIdNumberArn' + OutboundFlowArn: + $ref: '#/components/schemas/OutboundFlowArn' + QuickConnectArn: + description: The Amazon Resource Name (ARN) for the quick connect. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/transfer-destination/[-a-zA-Z0-9]*$ + Queue: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + Description: + description: The description of the queue. + type: string + minLength: 1 + maxLength: 250 + HoursOfOperationArn: + description: The identifier for the hours of operation. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/operating-hours/[-a-zA-Z0-9]*$ + MaxContacts: + description: The maximum number of contacts that can be in the queue before it is considered full. + type: integer + minimum: 0 + Name: + description: The name of the queue. + type: string + minLength: 1 + maxLength: 127 + OutboundCallerConfig: + description: The outbound caller ID name, number, and outbound whisper flow. + $ref: '#/components/schemas/OutboundCallerConfig' + QueueArn: + description: The Amazon Resource Name (ARN) for the queue. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/queue/[-a-zA-Z0-9]*$ + Status: + description: The status of the queue. + type: string + enum: + - ENABLED + - DISABLED + QuickConnectArns: + description: The quick connects available to agents who are working the queue. + type: array + minItems: 1 + maxItems: 50 + x-insertionOrder: false + items: + $ref: '#/components/schemas/QuickConnectArn' + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + Type: + type: string + description: The type of queue. + enum: + - STANDARD + - AGENT + required: + - InstanceArn + - HoursOfOperationArn + - Name + x-stackql-resource-name: queue + description: Resource Type definition for AWS::Connect::Queue + x-type-name: AWS::Connect::Queue + x-stackql-primary-identifier: + - QueueArn + x-read-only-properties: + - QueueArn + - Type + x-required-properties: + - InstanceArn + - HoursOfOperationArn + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateQueue + - connect:TagResource + read: + - connect:DescribeQueue + - connect:ListQueueQuickConnects + delete: + - connect:DeleteQueue + - connect:UntagResource + update: + - connect:UpdateQueueHoursOfOperation + - connect:UpdateQueueMaxContacts + - connect:UpdateQueueName + - connect:UpdateQueueOutboundCallerConfig + - connect:UpdateQueueStatus + - connect:AssociateQueueQuickConnects + - connect:DisassociateQueueQuickConnects + - connect:TagResource + - connect:UntagResource + list: + - connect:ListQueues + - connect:ListQueueQuickConnects + ContactFlowArn: + description: The identifier of the contact flow. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/contact-flow/[-a-zA-Z0-9]*$ + QueueArn: + description: The Amazon Resource Name (ARN) for the queue. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/queue/[-a-zA-Z0-9]*$ + UserArn: + description: The Amazon Resource Name (ARN) of the user. + type: string + pattern: ^$|arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/agent/[-a-zA-Z0-9]*$ + PhoneNumberQuickConnectConfig: + description: The phone configuration. This is required only if QuickConnectType is PHONE_NUMBER. + type: object + additionalProperties: false + properties: + PhoneNumber: + $ref: '#/components/schemas/PhoneNumber' + required: + - PhoneNumber + QueueQuickConnectConfig: + description: The queue configuration. This is required only if QuickConnectType is QUEUE. + type: object + additionalProperties: false + properties: + ContactFlowArn: + $ref: '#/components/schemas/ContactFlowArn' + QueueArn: + $ref: '#/components/schemas/QueueArn' + required: + - ContactFlowArn + - QueueArn + UserQuickConnectConfig: + description: The user configuration. This is required only if QuickConnectType is USER. + type: object + additionalProperties: false + properties: + ContactFlowArn: + $ref: '#/components/schemas/ContactFlowArn' + UserArn: + $ref: '#/components/schemas/UserArn' + required: + - ContactFlowArn + - UserArn + QuickConnectConfig: + description: Configuration settings for the quick connect. + type: object + additionalProperties: false + properties: + QuickConnectType: + $ref: '#/components/schemas/QuickConnectType' + PhoneConfig: + $ref: '#/components/schemas/PhoneNumberQuickConnectConfig' + QueueConfig: + $ref: '#/components/schemas/QueueQuickConnectConfig' + UserConfig: + $ref: '#/components/schemas/UserQuickConnectConfig' + required: + - QuickConnectType + QuickConnectType: + description: 'The type of quick connect. In the Amazon Connect console, when you create a quick connect, you are prompted to assign one of the following types: Agent (USER), External (PHONE_NUMBER), or Queue (QUEUE).' + type: string + enum: + - PHONE_NUMBER + - QUEUE + - USER + QuickConnect: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + Name: + description: The name of the quick connect. + type: string + minLength: 1 + maxLength: 127 + Description: + description: The description of the quick connect. + type: string + minLength: 1 + maxLength: 250 + QuickConnectConfig: + description: Configuration settings for the quick connect. + $ref: '#/components/schemas/QuickConnectConfig' + QuickConnectArn: + description: The Amazon Resource Name (ARN) for the quick connect. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/transfer-destination/[-a-zA-Z0-9]*$ + Tags: + type: array + maxItems: 200 + uniqueItems: true + x-insertionOrder: false + description: One or more tags. + items: + $ref: '#/components/schemas/Tag' + QuickConnectType: + description: 'The type of quick connect. In the Amazon Connect console, when you create a quick connect, you are prompted to assign one of the following types: Agent (USER), External (PHONE_NUMBER), or Queue (QUEUE).' + type: string + enum: + - PHONE_NUMBER + - QUEUE + - USER + required: + - Name + - InstanceArn + - QuickConnectConfig + x-stackql-resource-name: quick_connect + description: Resource Type definition for AWS::Connect::QuickConnect + x-type-name: AWS::Connect::QuickConnect + x-stackql-primary-identifier: + - QuickConnectArn + x-read-only-properties: + - QuickConnectArn + - QuickConnectType + x-required-properties: + - Name + - InstanceArn + - QuickConnectConfig + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateQuickConnect + - connect:TagResource + read: + - connect:DescribeQuickConnect + delete: + - connect:DeleteQuickConnect + - connect:UntagResource + update: + - connect:UpdateQuickConnectName + - connect:UpdateQuickConnectConfig + - connect:TagResource + - connect:UntagResource + list: + - connect:ListQuickConnects + Channel: + description: The channels that agents can handle in the Contact Control Panel (CCP). + type: string + enum: + - VOICE + - CHAT + - TASK + Concurrency: + description: The number of contacts an agent can have on a channel simultaneously. + type: integer + minimum: 1 + maximum: 10 + BehaviorType: + description: Specifies the other channels that can be routed to an agent handling their current channel. + type: string + enum: + - ROUTE_CURRENT_CHANNEL_ONLY + - ROUTE_ANY_CHANNEL + CrossChannelBehavior: + description: Defines the cross-channel routing behavior that allows an agent working on a contact in one channel to be offered a contact from a different channel. + type: object + additionalProperties: false + properties: + BehaviorType: + $ref: '#/components/schemas/BehaviorType' + required: + - BehaviorType + MediaConcurrency: + description: Contains information about which channels are supported, and how many contacts an agent can have on a channel simultaneously. + type: object + additionalProperties: false + properties: + Channel: + $ref: '#/components/schemas/Channel' + Concurrency: + $ref: '#/components/schemas/Concurrency' + CrossChannelBehavior: + $ref: '#/components/schemas/CrossChannelBehavior' + required: + - Channel + - Concurrency + Delay: + description: The delay, in seconds, a contact should wait in the queue before they are routed to an available agent. + type: integer + minimum: 0 + maximum: 9999 + Priority: + description: The order in which contacts are to be handled for the queue. + type: integer + minimum: 1 + maximum: 99 + RoutingProfileQueueReference: + description: Contains the channel and queue identifier for a routing profile. + type: object + additionalProperties: false + properties: + Channel: + $ref: '#/components/schemas/Channel' + QueueArn: + $ref: '#/components/schemas/QueueArn' + required: + - Channel + - QueueArn + RoutingProfileQueueConfig: + description: Contains information about the queue and channel for which priority and delay can be set. + type: object + additionalProperties: false + properties: + Delay: + $ref: '#/components/schemas/Delay' + Priority: + $ref: '#/components/schemas/Priority' + QueueReference: + $ref: '#/components/schemas/RoutingProfileQueueReference' + required: + - Delay + - Priority + - QueueReference + RoutingProfile: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + Name: + description: The name of the routing profile. + type: string + minLength: 1 + maxLength: 127 + Description: + description: The description of the routing profile. + type: string + minLength: 1 + maxLength: 250 + MediaConcurrencies: + description: The channels agents can handle in the Contact Control Panel (CCP) for this routing profile. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/MediaConcurrency' + DefaultOutboundQueueArn: + description: The identifier of the default outbound queue for this routing profile. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/queue/[-a-zA-Z0-9]*$ + RoutingProfileArn: + description: The Amazon Resource Name (ARN) of the routing profile. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/routing-profile/[-a-zA-Z0-9]*$ + QueueConfigs: + description: The queues to associate with this routing profile. + type: array + minItems: 1 + maxItems: 10 + x-insertionOrder: false + items: + $ref: '#/components/schemas/RoutingProfileQueueConfig' + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + AgentAvailabilityTimer: + type: string + description: Whether agents with this routing profile will have their routing order calculated based on longest idle time or time since their last inbound contact. + enum: + - TIME_SINCE_LAST_ACTIVITY + - TIME_SINCE_LAST_INBOUND + required: + - InstanceArn + - Name + - Description + - MediaConcurrencies + - DefaultOutboundQueueArn + x-stackql-resource-name: routing_profile + description: Resource Type definition for AWS::Connect::RoutingProfile + x-type-name: AWS::Connect::RoutingProfile + x-stackql-primary-identifier: + - RoutingProfileArn + x-read-only-properties: + - RoutingProfileArn + x-required-properties: + - InstanceArn + - Name + - Description + - MediaConcurrencies + - DefaultOutboundQueueArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateRoutingProfile + - connect:TagResource + read: + - connect:DescribeRoutingProfile + - connect:ListRoutingProfileQueues + delete: + - connect:DeleteRoutingProfile + - connect:UntagResource + update: + - connect:AssociateRoutingProfileQueues + - connect:DisassociateRoutingProfileQueues + - connect:UpdateRoutingProfileConcurrency + - connect:UpdateRoutingProfileName + - connect:UpdateRoutingProfileDefaultOutboundQueue + - connect:UpdateRoutingProfileQueues + - connect:TagResource + - connect:UntagResource + - connect:ListRoutingProfileQueues + - connect:UpdateRoutingProfileAgentAvailabilityTimer + list: + - connect:ListRoutingProfiles + - connect:ListRoutingProfileQueues + FieldValue: + description: the default value for the task template's field + type: string + minLength: 1 + maxLength: 4096 + Field: + description: A task template field object. + type: object + properties: + Id: + $ref: '#/components/schemas/FieldIdentifier' + Description: + description: The description of the task template's field + type: string + minLength: 0 + maxLength: 255 + Type: + $ref: '#/components/schemas/FieldType' + SingleSelectOptions: + description: list of field options to be used with single select + type: array + maxItems: 50 + items: + $ref: '#/components/schemas/FieldOption' + additionalProperties: false + required: + - Id + - Type + Fields: + description: An array of case fields + type: array + x-insertionOrder: true + uniqueItems: true + items: + $ref: '#/components/schemas/Field' + minItems: 1 + maxItems: 100 + NotificationRecipientType: + description: The type of notification recipient. + type: object + properties: + UserTags: + description: The collection of recipients who are identified by user tags + x-patternProperties: + ^(?=.{1,128}$).+$: + type: string + additionalProperties: false + UserArns: + description: The list of recipients by user arns. + type: array + minItems: 1 + maxItems: 5 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/UserArn' + additionalProperties: false + Reference: + description: A contact reference. + type: object + properties: + Value: + type: string + pattern: ^(/|https:) + Type: + type: string + enum: + - URL + - ATTACHMENT + - NUMBER + - STRING + - DATE + - EMAIL + required: + - Value + - Type + additionalProperties: false + TaskAction: + description: The definition of task action. + type: object + properties: + Name: + description: The name which appears in the agent's Contact Control Panel (CCP). + type: string + minLength: 1 + maxLength: 512 + Description: + description: The description which appears in the agent's Contact Control Panel (CCP). + type: string + minLength: 0 + maxLength: 4096 + ContactFlowArn: + description: The Amazon Resource Name (ARN) of the contact flow. + type: string + pattern: ^$|arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/contact-flow/[-a-zA-Z0-9]*$ + References: + description: A formatted URL that is shown to an agent in the Contact Control Panel (CCP). + x-patternProperties: + ^(?=.{1,4096}$).+$: + $ref: '#/components/schemas/Reference' + additionalProperties: false + required: + - Name + - ContactFlowArn + additionalProperties: false + EventBridgeAction: + description: The definition for event bridge action. + type: object + properties: + Name: + description: The name of the event bridge action. + type: string + pattern: ^[a-zA-Z0-9._-]{1,100}$ + required: + - Name + additionalProperties: false + AssignContactCategoryAction: + description: The definition for assigning contact category action. + type: object + SendNotificationAction: + description: The definition for sending notification action. + type: object + properties: + DeliveryMethod: + description: The means of delivery. + type: string + enum: + - EMAIL + Subject: + description: The subject of notification. + type: string + minLength: 1 + maxLength: 200 + Content: + description: The content of notification. + type: string + minLength: 1 + maxLength: 1024 + ContentType: + description: The type of content. + type: string + enum: + - PLAIN_TEXT + Recipient: + $ref: '#/components/schemas/NotificationRecipientType' + required: + - DeliveryMethod + - Content + - Recipient + - ContentType + additionalProperties: false + CreateCaseAction: + description: The definition for create case action. + type: object + properties: + Fields: + $ref: '#/components/schemas/Fields' + TemplateId: + description: The Id of template. + type: string + minLength: 1 + maxLength: 500 + required: + - Fields + - TemplateId + additionalProperties: false + UpdateCaseAction: + description: The definition for update case action. + type: object + properties: + Fields: + $ref: '#/components/schemas/Fields' + required: + - Fields + additionalProperties: false + EndAssociatedTasksAction: + description: The definition for ending associated task action. + type: object + AssignContactCategoryActions: + description: This action will assign contact category when a rule is triggered. + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/AssignContactCategoryAction' + minItems: 1 + maxItems: 1 + EventBridgeActions: + description: This action will send event bridge notification when a rule is triggered. + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/EventBridgeAction' + minItems: 1 + maxItems: 1 + RuleTriggerEventSource: + description: The event source that will trigger the rule. + type: object + properties: + EventSourceName: + description: The name of event source. + type: string + enum: + - OnContactEvaluationSubmit + - OnPostCallAnalysisAvailable + - OnRealTimeCallAnalysisAvailable + - OnRealTimeChatAnalysisAvailable + - OnPostChatAnalysisAvailable + - OnZendeskTicketCreate + - OnZendeskTicketStatusUpdate + - OnSalesforceCaseCreate + - OnMetricDataUpdate + - OnCaseCreate + - OnCaseUpdate + IntegrationAssociationArn: + description: The Amazon Resource Name (ARN) for the AppIntegration association. + type: string + pattern: ^$|arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/integration-association/[-a-zA-Z0-9]*$ + required: + - EventSourceName + additionalProperties: false + TaskActions: + description: This action will generate a task when a rule is triggered. + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/TaskAction' + minItems: 1 + maxItems: 1 + SendNotificationActions: + description: The action will send notification when a rule is triggered. + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/SendNotificationAction' + minItems: 1 + maxItems: 1 + CreateCaseActions: + description: This action will create a case when a rule is triggered. + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/CreateCaseAction' + minItems: 1 + maxItems: 1 + UpdateCaseActions: + description: This action will update a case when a rule is triggered. + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/UpdateCaseAction' + minItems: 1 + maxItems: 1 + EndAssociatedTasksActions: + description: This action will end associated tasks when a rule is triggered. + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/EndAssociatedTasksAction' + minItems: 1 + maxItems: 1 + Actions: + description: The list of actions that will be executed when a rule is triggered. + type: object + properties: + AssignContactCategoryActions: + $ref: '#/components/schemas/AssignContactCategoryActions' + EventBridgeActions: + $ref: '#/components/schemas/EventBridgeActions' + TaskActions: + $ref: '#/components/schemas/TaskActions' + SendNotificationActions: + $ref: '#/components/schemas/SendNotificationActions' + CreateCaseActions: + $ref: '#/components/schemas/CreateCaseActions' + UpdateCaseActions: + $ref: '#/components/schemas/UpdateCaseActions' + EndAssociatedTasksActions: + $ref: '#/components/schemas/EndAssociatedTasksActions' + additionalProperties: false + Rule: + type: object + properties: + Name: + description: The name of the rule. + type: string + pattern: ^[a-zA-Z0-9._-]{1,200}$ + RuleArn: + description: The Amazon Resource Name (ARN) of the rule. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/rule/[-a-zA-Z0-9]*$ + InstanceArn: + description: The Amazon Resource Name (ARN) of the instance. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + TriggerEventSource: + description: The event source that triggers the rule. + $ref: '#/components/schemas/RuleTriggerEventSource' + Function: + description: The conditions of a rule. + type: string + Actions: + description: The list of actions that will be executed when a rule is triggered. + $ref: '#/components/schemas/Actions' + PublishStatus: + description: The publish status of a rule, either draft or published. + type: string + enum: + - DRAFT + - PUBLISHED + Tags: + description: One or more tags. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - InstanceArn + - TriggerEventSource + - Function + - Actions + - PublishStatus + x-stackql-resource-name: rule + description: Resource Type definition for AWS:Connect::Rule + x-type-name: AWS::Connect::Rule + x-stackql-primary-identifier: + - RuleArn + x-create-only-properties: + - TriggerEventSource + - InstanceArn + x-read-only-properties: + - RuleArn + x-required-properties: + - Name + - InstanceArn + - TriggerEventSource + - Function + - Actions + - PublishStatus + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: false + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateRule + - cases:GetTemplate + - cases:ListFields + - cases:ListFieldOptions + read: + - connect:DescribeRule + delete: + - connect:DeleteRule + - connect:UntagResource + update: + - connect:UpdateRule + - cases:GetTemplate + - cases:ListFields + - cases:ListFieldOptions + - connect:TagResource + - connect:UntagResource + SecurityKey: + type: object + properties: + Key: + $ref: '#/components/schemas/Key' + InstanceId: + $ref: '#/components/schemas/InstanceId' + AssociationId: + $ref: '#/components/schemas/AssociationId' + required: + - Key + - InstanceId + x-stackql-resource-name: security_key + description: Resource Type definition for AWS::Connect::SecurityKey + x-type-name: AWS::Connect::SecurityKey + x-stackql-primary-identifier: + - InstanceId + - AssociationId + x-create-only-properties: + - InstanceId + - Key + x-read-only-properties: + - AssociationId + x-required-properties: + - Key + - InstanceId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - connect:AssociateSecurityKey + read: + - connect:ListSecurityKeys + update: [] + delete: + - connect:DisassociateSecurityKey + list: + - connect:ListSecurityKeys + Permission: + description: A permission associated with the security profile. + type: string + minLength: 1 + maxLength: 128 + ResourceName: + description: A resource that a security profile applies tag or hierarchy restrictions to in Amazon Connect. + type: string + minLength: 1 + maxLength: 128 + ApplicationPermission: + description: The permissions that the agent is granted on the application. + type: string + minLength: 1 + maxLength: 128 + Application: + description: A third-party application's metadata. + type: object + properties: + ApplicationPermissions: + type: array + maxItems: 10 + uniqueItems: true + x-insertionOrder: false + description: The permissions that the agent is granted on the application + items: + $ref: '#/components/schemas/ApplicationPermission' + Namespace: + type: string + description: Namespace of the application that you want to give access to. + minLength: 1 + maxLength: 128 + required: + - ApplicationPermissions + - Namespace + additionalProperties: false + SecurityProfile: + type: object + properties: + AllowedAccessControlTags: + type: array + maxItems: 2 + uniqueItems: true + x-insertionOrder: false + description: The list of tags that a security profile uses to restrict access to resources in Amazon Connect. + items: + $ref: '#/components/schemas/Tag' + Description: + type: string + minLength: 0 + maxLength: 250 + description: The description of the security profile. + InstanceArn: + type: string + description: The identifier of the Amazon Connect instance. + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + Permissions: + type: array + maxItems: 500 + uniqueItems: true + x-insertionOrder: false + description: Permissions assigned to the security profile. + items: + $ref: '#/components/schemas/Permission' + SecurityProfileArn: + type: string + description: The Amazon Resource Name (ARN) for the security profile. + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/security-profile/[-a-zA-Z0-9]*$ + SecurityProfileName: + type: string + pattern: ^[ a-zA-Z0-9_@-]+$ + minLength: 1 + maxLength: 127 + description: The name of the security profile. + TagRestrictedResources: + type: array + maxItems: 10 + uniqueItems: true + x-insertionOrder: false + description: The list of resources that a security profile applies tag restrictions to in Amazon Connect. + items: + $ref: '#/components/schemas/ResourceName' + HierarchyRestrictedResources: + type: array + maxItems: 10 + uniqueItems: true + x-insertionOrder: false + description: The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. + items: + $ref: '#/components/schemas/ResourceName' + AllowedAccessControlHierarchyGroupId: + type: string + pattern: ^[a-zA-Z0-9-]+$ + minLength: 0 + maxLength: 127 + description: The identifier of the hierarchy group that a security profile uses to restrict access to resources in Amazon Connect. + Applications: + type: array + maxItems: 10 + uniqueItems: true + x-insertionOrder: false + description: A list of third-party applications that the security profile will give access to. + items: + $ref: '#/components/schemas/Application' + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: The tags used to organize, track, or control access for this resource. + items: + $ref: '#/components/schemas/Tag' + LastModifiedRegion: + type: string + pattern: '[a-z]{2}(-[a-z]+){1,2}(-[0-9])?' + description: The AWS Region where this resource was last modified. + LastModifiedTime: + type: number + description: The timestamp when this resource was last modified. + required: + - InstanceArn + - SecurityProfileName + x-stackql-resource-name: security_profile + description: Resource Type definition for AWS::Connect::SecurityProfile + x-type-name: AWS::Connect::SecurityProfile + x-stackql-primary-identifier: + - SecurityProfileArn + x-create-only-properties: + - SecurityProfileName + - InstanceArn + x-read-only-properties: + - SecurityProfileArn + - LastModifiedRegion + - LastModifiedTime + x-required-properties: + - InstanceArn + - SecurityProfileName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateSecurityProfile + - connect:TagResource + read: + - connect:DescribeSecurityProfile + - connect:ListSecurityProfileApplications + - connect:ListSecurityProfilePermissions + update: + - connect:TagResource + - connect:UpdateSecurityProfile + - connect:UntagResource + delete: + - connect:DeleteSecurityProfile + - connect:UntagResource + list: + - connect:ListSecurityProfiles + Status: + description: The status of the task template + type: string + enum: + - ACTIVE + - INACTIVE + FieldType: + description: The type of the task template's field + type: string + enum: + - NAME + - DESCRIPTION + - SCHEDULED_TIME + - QUICK_CONNECT + - URL + - NUMBER + - TEXT + - TEXT_AREA + - DATE_TIME + - BOOLEAN + - SINGLE_SELECT + - EMAIL + FieldIdentifier: + description: the identifier (name) for the task template field + type: object + properties: + Name: + description: The name of the task template field + type: string + minLength: 1 + maxLength: 100 + additionalProperties: false + required: + - Name + FieldOption: + description: Single select field identifier + type: string + pattern: ^[A-Za-z0-9](?:[A-Za-z0-9_.,\s-]*[A-Za-z0-9_.,-])?$ + minLength: 1 + maxLength: 100 + InvisibleFieldInfo: + description: Invisible field info + type: object + properties: + Id: + $ref: '#/components/schemas/FieldIdentifier' + additionalProperties: false + required: + - Id + InvisibleTaskTemplateFields: + description: The list of the task template's invisible fields + type: array + maxItems: 50 + items: + $ref: '#/components/schemas/InvisibleFieldInfo' + ReadOnlyFieldInfo: + description: ReadOnly field info + type: object + properties: + Id: + $ref: '#/components/schemas/FieldIdentifier' + additionalProperties: false + required: + - Id + ReadOnlyTaskTemplateFields: + description: The list of the task template's read only fields + type: array + maxItems: 50 + items: + $ref: '#/components/schemas/ReadOnlyFieldInfo' + RequiredFieldInfo: + description: Required field info + type: object + properties: + Id: + $ref: '#/components/schemas/FieldIdentifier' + additionalProperties: false + required: + - Id + RequiredTaskTemplateFields: + description: The list of the task template's required fields + type: array + maxItems: 50 + items: + $ref: '#/components/schemas/RequiredFieldInfo' + DefaultFieldValue: + description: the default value for the task template's field + type: object + properties: + Id: + $ref: '#/components/schemas/FieldIdentifier' + DefaultValue: + $ref: '#/components/schemas/FieldValue' + additionalProperties: false + required: + - Id + - DefaultValue + ClientToken: + description: the client token string in uuid format + type: string + pattern: ^$|[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$ + TaskTemplate: + type: object + properties: + Arn: + description: The identifier (arn) of the task template. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/task-template/[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89aAbB][a-f0-9]{3}-[a-f0-9]{12}$ + InstanceArn: + description: The identifier (arn) of the instance. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + Name: + description: The name of the task template. + type: string + minLength: 1 + maxLength: 100 + Description: + description: The description of the task template. + type: string + minLength: 0 + maxLength: 255 + ContactFlowArn: + description: The identifier of the contact flow. + type: string + pattern: ^$|arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/contact-flow/[-a-zA-Z0-9]*$ + Constraints: + description: The constraints for the task template + type: object + additionalProperties: false + properties: + InvisibleFields: + $ref: '#/components/schemas/InvisibleTaskTemplateFields' + RequiredFields: + $ref: '#/components/schemas/RequiredTaskTemplateFields' + ReadOnlyFields: + $ref: '#/components/schemas/ReadOnlyTaskTemplateFields' + Defaults: + description: '' + type: array + maxItems: 50 + items: + $ref: '#/components/schemas/DefaultFieldValue' + Fields: + description: The list of task template's fields + type: array + maxItems: 50 + items: + $ref: '#/components/schemas/Field' + Status: + $ref: '#/components/schemas/Status' + ClientToken: + $ref: '#/components/schemas/ClientToken' + Tags: + description: One or more tags. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - InstanceArn + x-stackql-resource-name: task_template + description: Resource Type definition for AWS::Connect::TaskTemplate. + x-type-name: AWS::Connect::TaskTemplate + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + x-required-properties: + - InstanceArn + x-tagging: + taggable: true + tagOnCreate: false + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateTaskTemplate + - connect:TagResource + read: + - connect:GetTaskTemplate + list: + - connect:ListTaskTemplates + update: + - connect:UpdateTaskTemplate + - connect:TagResource + - connect:UntagResource + delete: + - connect:DeleteTaskTemplate + - connect:UntagResource + - connect:GetTaskTemplate + TrafficDistributionGroup: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance that has been replicated. + type: string + pattern: ^arn:(aws|aws-us-gov):connect:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{1,20}:instance/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + minLength: 1 + maxLength: 250 + TrafficDistributionGroupArn: + description: The identifier of the traffic distribution group. + type: string + pattern: ^arn:(aws|aws-us-gov):connect:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{1,20}:traffic-distribution-group/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + Description: + description: A description for the traffic distribution group. + type: string + pattern: (^[\S].*[\S]$)|(^[\S]$) + minLength: 1 + maxLength: 250 + Name: + description: The name for the traffic distribution group. + type: string + pattern: (^[\S].*[\S]$)|(^[\S]$) + minLength: 1 + maxLength: 128 + Status: + description: The status of the traffic distribution group. + type: string + enum: + - CREATION_IN_PROGRESS + - ACTIVE + - CREATION_FAILED + - PENDING_DELETION + - DELETION_FAILED + - UPDATE_IN_PROGRESS + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: One or more tags. + items: + $ref: '#/components/schemas/Tag' + IsDefault: + description: If this is the default traffic distribution group. + type: boolean + required: + - InstanceArn + - Name + x-stackql-resource-name: traffic_distribution_group + description: Resource Type definition for AWS::Connect::TrafficDistributionGroup + x-type-name: AWS::Connect::TrafficDistributionGroup + x-stackql-primary-identifier: + - TrafficDistributionGroupArn + x-create-only-properties: + - Description + - Name + x-read-only-properties: + - TrafficDistributionGroupArn + - Status + - IsDefault + x-required-properties: + - InstanceArn + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateTrafficDistributionGroup + - connect:DescribeTrafficDistributionGroup + - connect:TagResource + read: + - connect:DescribeTrafficDistributionGroup + update: + - connect:TagResource + - connect:UntagResource + delete: + - connect:DeleteTrafficDistributionGroup + - connect:DescribeTrafficDistributionGroup + - connect:UntagResource + list: + - connect:ListTrafficDistributionGroups + FirstName: + description: The first name. This is required if you are using Amazon Connect or SAML for identity management. + type: string + LastName: + description: The last name. This is required if you are using Amazon Connect or SAML for identity management. + type: string + Email: + description: The email address. If you are using SAML for identity management and include this parameter, an error is returned. + type: string + SecondaryEmail: + description: The secondary email address. If you provide a secondary email, the user receives email notifications -- other than password reset notifications -- to this email address instead of to their primary email address. + type: string + pattern: (?=^.{0,265}$)[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,63} + Mobile: + description: The mobile phone number. + type: string + pattern: ^\+[1-9]\d{1,14}$ + SecurityProfileArn: + description: The identifier of the security profile for the user. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/security-profile/[-a-zA-Z0-9]*$ + AfterContactWorkTimeLimit: + description: The After Call Work (ACW) timeout setting, in seconds. + type: integer + minimum: 0 + AutoAccept: + description: The Auto accept setting. + type: boolean + DeskPhoneNumber: + description: The phone number for the user's desk phone. + type: string + PhoneType: + description: The phone type. + type: string + enum: + - SOFT_PHONE + - DESK_PHONE + UserIdentityInfo: + description: Contains information about the identity of a user. + type: object + additionalProperties: false + properties: + FirstName: + $ref: '#/components/schemas/FirstName' + LastName: + $ref: '#/components/schemas/LastName' + Email: + $ref: '#/components/schemas/Email' + SecondaryEmail: + $ref: '#/components/schemas/SecondaryEmail' + Mobile: + $ref: '#/components/schemas/Mobile' + UserPhoneConfig: + description: Contains information about the phone configuration settings for a user. + type: object + additionalProperties: false + properties: + AfterContactWorkTimeLimit: + $ref: '#/components/schemas/AfterContactWorkTimeLimit' + AutoAccept: + $ref: '#/components/schemas/AutoAccept' + DeskPhoneNumber: + $ref: '#/components/schemas/DeskPhoneNumber' + PhoneType: + $ref: '#/components/schemas/PhoneType' + required: + - PhoneType + UserProficiency: + description: Proficiency of a user. + type: object + additionalProperties: false + properties: + AttributeName: + $ref: '#/components/schemas/AttributeName' + AttributeValue: + $ref: '#/components/schemas/AttributeValue' + Level: + $ref: '#/components/schemas/Level' + required: + - AttributeName + - AttributeValue + - Level + AttributeName: + description: The name of user's proficiency. You must use name of predefined attribute present in the Amazon Connect instance. + type: string + minLength: 1 + maxLength: 64 + AttributeValue: + description: The value of user's proficiency. You must use value of predefined attribute present in the Amazon Connect instance. + type: string + minLength: 1 + maxLength: 64 + Level: + description: The level of the proficiency. The valid values are 1, 2, 3, 4 and 5. + type: number + minimum: 1 + maximum: 5 + User: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + DirectoryUserId: + description: The identifier of the user account in the directory used for identity management. + type: string + HierarchyGroupArn: + description: The identifier of the hierarchy group for the user. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/agent-group/[-a-zA-Z0-9]*$ + Username: + description: The user name for the account. + type: string + minLength: 1 + maxLength: 64 + pattern: '[a-zA-Z0-9\_\-\.\@]+' + Password: + description: The password for the user account. A password is required if you are using Amazon Connect for identity management. Otherwise, it is an error to include a password. + type: string + pattern: ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d\S]{8,64}$ + RoutingProfileArn: + description: The identifier of the routing profile for the user. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/routing-profile/[-a-zA-Z0-9]*$ + IdentityInfo: + description: The information about the identity of the user. + $ref: '#/components/schemas/UserIdentityInfo' + PhoneConfig: + description: The phone settings for the user. + $ref: '#/components/schemas/UserPhoneConfig' + SecurityProfileArns: + type: array + minItems: 1 + maxItems: 10 + uniqueItems: true + x-insertionOrder: false + description: One or more security profile arns for the user + items: + $ref: '#/components/schemas/SecurityProfileArn' + UserArn: + description: The Amazon Resource Name (ARN) for the user. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/agent/[-a-zA-Z0-9]*$ + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: One or more tags. + items: + $ref: '#/components/schemas/Tag' + UserProficiencies: + description: One or more predefined attributes assigned to a user, with a level that indicates how skilled they are. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/UserProficiency' + required: + - InstanceArn + - PhoneConfig + - RoutingProfileArn + - SecurityProfileArns + - Username + x-stackql-resource-name: user + description: Resource Type definition for AWS::Connect::User + x-type-name: AWS::Connect::User + x-stackql-primary-identifier: + - UserArn + x-write-only-properties: + - Password + x-read-only-properties: + - UserArn + x-required-properties: + - InstanceArn + - PhoneConfig + - RoutingProfileArn + - SecurityProfileArns + - Username + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateUser + - connect:TagResource + - connect:AssociateUserProficiencies + read: + - connect:DescribeUser + - connect:ListUserProficiencies + delete: + - connect:DeleteUser + - connect:UntagResource + update: + - connect:UpdateUserIdentityInfo + - connect:UpdateUserPhoneConfig + - connect:UpdateUserRoutingProfile + - connect:UpdateUserSecurityProfiles + - connect:UpdateUserHierarchy + - connect:TagResource + - connect:UntagResource + - connect:AssociateUserProficiencies + - connect:DisassociateUserProficiencies + - connect:UpdateUserProficiencies + list: + - connect:ListUsers + UserHierarchyGroupArn: + description: The Amazon Resource Name (ARN) for the user hierarchy group. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/agent-group/[-a-zA-Z0-9]*$ + UserHierarchyGroup: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + UserHierarchyGroupArn: + description: The Amazon Resource Name (ARN) for the user hierarchy group. + $ref: '#/components/schemas/UserHierarchyGroupArn' + ParentGroupArn: + description: The Amazon Resource Name (ARN) for the parent user hierarchy group. + $ref: '#/components/schemas/UserHierarchyGroupArn' + Name: + description: The name of the user hierarchy group. + type: string + minLength: 1 + maxLength: 100 + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: One or more tags. + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - InstanceArn + x-stackql-resource-name: user_hierarchy_group + description: Resource Type definition for AWS::Connect::UserHierarchyGroup + x-type-name: AWS::Connect::UserHierarchyGroup + x-stackql-primary-identifier: + - UserHierarchyGroupArn + x-create-only-properties: + - ParentGroupArn + x-read-only-properties: + - UserHierarchyGroupArn + x-required-properties: + - Name + - InstanceArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateUserHierarchyGroup + - connect:TagResource + read: + - connect:DescribeUserHierarchyGroup + delete: + - connect:DeleteUserHierarchyGroup + - connect:UntagResource + update: + - connect:UpdateUserHierarchyGroupName + - connect:TagResource + - connect:UntagResource + list: + - connect:ListUserHierarchyGroups + View: + type: object + properties: + InstanceArn: + description: The Amazon Resource Name (ARN) of the instance. + type: string + minLength: 1 + maxLength: 100 + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + ViewArn: + description: The Amazon Resource Name (ARN) of the view. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/view/[-:$a-zA-Z0-9]*$ + minLength: 1 + maxLength: 255 + ViewId: + description: The view id of the view. + type: string + minLength: 1 + maxLength: 500 + pattern: ^[a-zA-Z0-9\_\-:\/$]+$ + Name: + description: The name of the view. + type: string + minLength: 1 + maxLength: 512 + pattern: ^([\p{L}\p{N}_.:\/=+\-@]+[\p{L}\p{Z}\p{N}_.:\/=+\-@]*)$ + Description: + description: The description of the view. + type: string + minLength: 0 + maxLength: 4096 + pattern: ^([\p{L}\p{N}_.:\/=+\-@,]+[\p{L}\p{Z}\p{N}_.:\/=+\-@,]*)$ + Template: + description: The template of the view as JSON. + type: object + Actions: + description: The actions of the view in an array. + type: array + x-insertionOrder: false + maxItems: 1000 + items: + type: string + minLength: 1 + maxLength: 255 + pattern: ^([\p{L}\p{N}_.:\/=+\-@]+[\p{L}\p{Z}\p{N}_.:\/=+\-@]*)$ + ViewContentSha256: + description: The view content hash. + type: string + pattern: ^[a-zA-Z0-9]{64}$ + Tags: + description: One or more tags. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - InstanceArn + - Template + - Actions + - Name + x-stackql-resource-name: view + description: Resource Type definition for AWS::Connect::View + x-type-name: AWS::Connect::View + x-stackql-primary-identifier: + - ViewArn + x-read-only-properties: + - ViewArn + - ViewId + - ViewContentSha256 + x-required-properties: + - InstanceArn + - Template + - Actions + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateView + - connect:TagResource + read: + - connect:DescribeView + delete: + - connect:DeleteView + - connect:UntagResource + list: + - connect:ListViews + update: + - connect:UpdateViewMetadata + - connect:UpdateViewContent + - connect:TagResource + - connect:UntagResource + ViewVersion: + type: object + properties: + ViewArn: + description: The Amazon Resource Name (ARN) of the view for which a version is being created. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/view/[-:a-zA-Z0-9]*$ + minLength: 1 + maxLength: 255 + ViewVersionArn: + description: The Amazon Resource Name (ARN) of the created view version. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/view/[-:a-zA-Z0-9]*$ + minLength: 1 + maxLength: 255 + VersionDescription: + description: The description for the view version. + type: string + minLength: 1 + maxLength: 4096 + pattern: ^([\p{L}\p{N}_.:\/=+\-@,]+[\p{L}\p{Z}\p{N}_.:\/=+\-@,]*)$ + ViewContentSha256: + description: The view content hash to be checked. + type: string + minLength: 1 + maxLength: 64 + pattern: ^[a-zA-Z0-9]{64}$ + Version: + description: The version of the view. + type: integer + required: + - ViewArn + x-stackql-resource-name: view_version + description: Resource Type definition for AWS::Connect::ViewVersion + x-type-name: AWS::Connect::ViewVersion + x-stackql-primary-identifier: + - ViewVersionArn + x-create-only-properties: + - ViewArn + - VersionDescription + - ViewContentSha256 + x-read-only-properties: + - ViewVersionArn + - Version + x-required-properties: + - ViewArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - connect:CreateViewVersion + read: + - connect:DescribeView + list: + - connect:ListViewVersions + update: [] + delete: + - connect:DeleteViewVersion + x-stackQL-resources: + approved_origins: + name: approved_origins + id: aws.connect.approved_origins + x-cfn-schema-name: ApprovedOrigin + x-type: list + x-identifiers: + - InstanceId + - Origin + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(Properties, '$.Origin') as origin + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::ApprovedOrigin' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InstanceId') as instance_id, + json_extract_path_text(Properties, 'Origin') as origin + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::ApprovedOrigin' + AND region = 'us-east-1' + approved_origin: + name: approved_origin + id: aws.connect.approved_origin + x-cfn-schema-name: ApprovedOrigin + x-type: get + x-identifiers: + - InstanceId + - Origin + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Origin') as origin, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ApprovedOrigin' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Origin') as origin, + json_extract_path_text(Properties, 'InstanceId') as instance_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ApprovedOrigin' + AND data__Identifier = '|' + AND region = 'us-east-1' + contact_flows: + name: contact_flows + id: aws.connect.contact_flows + x-cfn-schema-name: ContactFlow + x-type: list + x-identifiers: + - ContactFlowArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ContactFlowArn') as contact_flow_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::ContactFlow' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ContactFlowArn') as contact_flow_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::ContactFlow' + AND region = 'us-east-1' + contact_flow: + name: contact_flow + id: aws.connect.contact_flow + x-cfn-schema-name: ContactFlow + x-type: get + x-identifiers: + - ContactFlowArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.ContactFlowArn') as contact_flow_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Content') as content, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ContactFlow' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'ContactFlowArn') as contact_flow_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Content') as content, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ContactFlow' + AND data__Identifier = '' + AND region = 'us-east-1' + contact_flow_modules: + name: contact_flow_modules + id: aws.connect.contact_flow_modules + x-cfn-schema-name: ContactFlowModule + x-type: list + x-identifiers: + - ContactFlowModuleArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ContactFlowModuleArn') as contact_flow_module_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::ContactFlowModule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ContactFlowModuleArn') as contact_flow_module_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::ContactFlowModule' + AND region = 'us-east-1' + contact_flow_module: + name: contact_flow_module + id: aws.connect.contact_flow_module + x-cfn-schema-name: ContactFlowModule + x-type: get + x-identifiers: + - ContactFlowModuleArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.ContactFlowModuleArn') as contact_flow_module_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Content') as content, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ContactFlowModule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'ContactFlowModuleArn') as contact_flow_module_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Content') as content, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ContactFlowModule' + AND data__Identifier = '' + AND region = 'us-east-1' + evaluation_forms: + name: evaluation_forms + id: aws.connect.evaluation_forms + x-cfn-schema-name: EvaluationForm + x-type: list + x-identifiers: + - EvaluationFormArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EvaluationFormArn') as evaluation_form_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::EvaluationForm' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EvaluationFormArn') as evaluation_form_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::EvaluationForm' + AND region = 'us-east-1' + evaluation_form: + name: evaluation_form + id: aws.connect.evaluation_form + x-cfn-schema-name: EvaluationForm + x-type: get + x-identifiers: + - EvaluationFormArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Title') as title, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EvaluationFormArn') as evaluation_form_arn, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.Items') as items, + JSON_EXTRACT(Properties, '$.ScoringStrategy') as scoring_strategy, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::EvaluationForm' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Title') as title, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EvaluationFormArn') as evaluation_form_arn, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'Items') as items, + json_extract_path_text(Properties, 'ScoringStrategy') as scoring_strategy, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::EvaluationForm' + AND data__Identifier = '' + AND region = 'us-east-1' + hours_of_operations: + name: hours_of_operations + id: aws.connect.hours_of_operations + x-cfn-schema-name: HoursOfOperation + x-type: list + x-identifiers: + - HoursOfOperationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.HoursOfOperationArn') as hours_of_operation_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::HoursOfOperation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'HoursOfOperationArn') as hours_of_operation_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::HoursOfOperation' + AND region = 'us-east-1' + hours_of_operation: + name: hours_of_operation + id: aws.connect.hours_of_operation + x-cfn-schema-name: HoursOfOperation + x-type: get + x-identifiers: + - HoursOfOperationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.TimeZone') as time_zone, + JSON_EXTRACT(Properties, '$.Config') as config, + JSON_EXTRACT(Properties, '$.HoursOfOperationArn') as hours_of_operation_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::HoursOfOperation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'TimeZone') as time_zone, + json_extract_path_text(Properties, 'Config') as config, + json_extract_path_text(Properties, 'HoursOfOperationArn') as hours_of_operation_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::HoursOfOperation' + AND data__Identifier = '' + AND region = 'us-east-1' + instances: + name: instances + id: aws.connect.instances + x-cfn-schema-name: Instance + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::Instance' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::Instance' + AND region = 'us-east-1' + instance: + name: instance + id: aws.connect.instance + x-cfn-schema-name: Instance + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.IdentityManagementType') as identity_management_type, + JSON_EXTRACT(Properties, '$.InstanceAlias') as instance_alias, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.ServiceRole') as service_role, + JSON_EXTRACT(Properties, '$.InstanceStatus') as instance_status, + JSON_EXTRACT(Properties, '$.DirectoryId') as directory_id, + JSON_EXTRACT(Properties, '$.Attributes') as attributes, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::Instance' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'IdentityManagementType') as identity_management_type, + json_extract_path_text(Properties, 'InstanceAlias') as instance_alias, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'ServiceRole') as service_role, + json_extract_path_text(Properties, 'InstanceStatus') as instance_status, + json_extract_path_text(Properties, 'DirectoryId') as directory_id, + json_extract_path_text(Properties, 'Attributes') as attributes, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::Instance' + AND data__Identifier = '' + AND region = 'us-east-1' + instance_storage_configs: + name: instance_storage_configs + id: aws.connect.instance_storage_configs + x-cfn-schema-name: InstanceStorageConfig + x-type: list + x-identifiers: + - InstanceArn + - AssociationId + - ResourceType + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.AssociationId') as association_id, + JSON_EXTRACT(Properties, '$.ResourceType') as resource_type + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::InstanceStorageConfig' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'AssociationId') as association_id, + json_extract_path_text(Properties, 'ResourceType') as resource_type + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::InstanceStorageConfig' + AND region = 'us-east-1' + instance_storage_config: + name: instance_storage_config + id: aws.connect.instance_storage_config + x-cfn-schema-name: InstanceStorageConfig + x-type: get + x-identifiers: + - InstanceArn + - AssociationId + - ResourceType + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.ResourceType') as resource_type, + JSON_EXTRACT(Properties, '$.AssociationId') as association_id, + JSON_EXTRACT(Properties, '$.StorageType') as storage_type, + JSON_EXTRACT(Properties, '$.S3Config') as s3_config, + JSON_EXTRACT(Properties, '$.KinesisVideoStreamConfig') as kinesis_video_stream_config, + JSON_EXTRACT(Properties, '$.KinesisStreamConfig') as kinesis_stream_config, + JSON_EXTRACT(Properties, '$.KinesisFirehoseConfig') as kinesis_firehose_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::InstanceStorageConfig' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'ResourceType') as resource_type, + json_extract_path_text(Properties, 'AssociationId') as association_id, + json_extract_path_text(Properties, 'StorageType') as storage_type, + json_extract_path_text(Properties, 'S3Config') as s3_config, + json_extract_path_text(Properties, 'KinesisVideoStreamConfig') as kinesis_video_stream_config, + json_extract_path_text(Properties, 'KinesisStreamConfig') as kinesis_stream_config, + json_extract_path_text(Properties, 'KinesisFirehoseConfig') as kinesis_firehose_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::InstanceStorageConfig' + AND data__Identifier = '||' + AND region = 'us-east-1' + integration_associations: + name: integration_associations + id: aws.connect.integration_associations + x-cfn-schema-name: IntegrationAssociation + x-type: list + x-identifiers: + - InstanceId + - IntegrationType + - IntegrationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(Properties, '$.IntegrationType') as integration_type, + JSON_EXTRACT(Properties, '$.IntegrationArn') as integration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::IntegrationAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InstanceId') as instance_id, + json_extract_path_text(Properties, 'IntegrationType') as integration_type, + json_extract_path_text(Properties, 'IntegrationArn') as integration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::IntegrationAssociation' + AND region = 'us-east-1' + integration_association: + name: integration_association + id: aws.connect.integration_association + x-cfn-schema-name: IntegrationAssociation + x-type: get + x-identifiers: + - InstanceId + - IntegrationType + - IntegrationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IntegrationAssociationId') as integration_association_id, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(Properties, '$.IntegrationArn') as integration_arn, + JSON_EXTRACT(Properties, '$.IntegrationType') as integration_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::IntegrationAssociation' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IntegrationAssociationId') as integration_association_id, + json_extract_path_text(Properties, 'InstanceId') as instance_id, + json_extract_path_text(Properties, 'IntegrationArn') as integration_arn, + json_extract_path_text(Properties, 'IntegrationType') as integration_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::IntegrationAssociation' + AND data__Identifier = '||' + AND region = 'us-east-1' + predefined_attributes: + name: predefined_attributes + id: aws.connect.predefined_attributes + x-cfn-schema-name: PredefinedAttribute + x-type: list + x-identifiers: + - InstanceArn + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::PredefinedAttribute' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::PredefinedAttribute' + AND region = 'us-east-1' + predefined_attribute: + name: predefined_attribute + id: aws.connect.predefined_attribute + x-cfn-schema-name: PredefinedAttribute + x-type: get + x-identifiers: + - InstanceArn + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Values') as _values, + JSON_EXTRACT(Properties, '$.LastModifiedRegion') as last_modified_region, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::PredefinedAttribute' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Values') as _values, + json_extract_path_text(Properties, 'LastModifiedRegion') as last_modified_region, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::PredefinedAttribute' + AND data__Identifier = '|' + AND region = 'us-east-1' + prompts: + name: prompts + id: aws.connect.prompts + x-cfn-schema-name: Prompt + x-type: list + x-identifiers: + - PromptArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PromptArn') as prompt_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::Prompt' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PromptArn') as prompt_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::Prompt' + AND region = 'us-east-1' + prompt: + name: prompt + id: aws.connect.prompt + x-cfn-schema-name: Prompt + x-type: get + x-identifiers: + - PromptArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.S3Uri') as s3_uri, + JSON_EXTRACT(Properties, '$.PromptArn') as prompt_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::Prompt' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'S3Uri') as s3_uri, + json_extract_path_text(Properties, 'PromptArn') as prompt_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::Prompt' + AND data__Identifier = '' + AND region = 'us-east-1' + queues: + name: queues + id: aws.connect.queues + x-cfn-schema-name: Queue + x-type: list + x-identifiers: + - QueueArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.QueueArn') as queue_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::Queue' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'QueueArn') as queue_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::Queue' + AND region = 'us-east-1' + queue: + name: queue + id: aws.connect.queue + x-cfn-schema-name: Queue + x-type: get + x-identifiers: + - QueueArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.HoursOfOperationArn') as hours_of_operation_arn, + JSON_EXTRACT(Properties, '$.MaxContacts') as max_contacts, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.OutboundCallerConfig') as outbound_caller_config, + JSON_EXTRACT(Properties, '$.QueueArn') as queue_arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.QuickConnectArns') as quick_connect_arns, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::Queue' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'HoursOfOperationArn') as hours_of_operation_arn, + json_extract_path_text(Properties, 'MaxContacts') as max_contacts, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'OutboundCallerConfig') as outbound_caller_config, + json_extract_path_text(Properties, 'QueueArn') as queue_arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'QuickConnectArns') as quick_connect_arns, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::Queue' + AND data__Identifier = '' + AND region = 'us-east-1' + quick_connects: + name: quick_connects + id: aws.connect.quick_connects + x-cfn-schema-name: QuickConnect + x-type: list + x-identifiers: + - QuickConnectArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.QuickConnectArn') as quick_connect_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::QuickConnect' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'QuickConnectArn') as quick_connect_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::QuickConnect' + AND region = 'us-east-1' + quick_connect: + name: quick_connect + id: aws.connect.quick_connect + x-cfn-schema-name: QuickConnect + x-type: get + x-identifiers: + - QuickConnectArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.QuickConnectConfig') as quick_connect_config, + JSON_EXTRACT(Properties, '$.QuickConnectArn') as quick_connect_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.QuickConnectType') as quick_connect_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::QuickConnect' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'QuickConnectConfig') as quick_connect_config, + json_extract_path_text(Properties, 'QuickConnectArn') as quick_connect_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'QuickConnectType') as quick_connect_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::QuickConnect' + AND data__Identifier = '' + AND region = 'us-east-1' + routing_profiles: + name: routing_profiles + id: aws.connect.routing_profiles + x-cfn-schema-name: RoutingProfile + x-type: list + x-identifiers: + - RoutingProfileArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RoutingProfileArn') as routing_profile_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::RoutingProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RoutingProfileArn') as routing_profile_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::RoutingProfile' + AND region = 'us-east-1' + routing_profile: + name: routing_profile + id: aws.connect.routing_profile + x-cfn-schema-name: RoutingProfile + x-type: get + x-identifiers: + - RoutingProfileArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.MediaConcurrencies') as media_concurrencies, + JSON_EXTRACT(Properties, '$.DefaultOutboundQueueArn') as default_outbound_queue_arn, + JSON_EXTRACT(Properties, '$.RoutingProfileArn') as routing_profile_arn, + JSON_EXTRACT(Properties, '$.QueueConfigs') as queue_configs, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AgentAvailabilityTimer') as agent_availability_timer + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::RoutingProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'MediaConcurrencies') as media_concurrencies, + json_extract_path_text(Properties, 'DefaultOutboundQueueArn') as default_outbound_queue_arn, + json_extract_path_text(Properties, 'RoutingProfileArn') as routing_profile_arn, + json_extract_path_text(Properties, 'QueueConfigs') as queue_configs, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AgentAvailabilityTimer') as agent_availability_timer + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::RoutingProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + rule: + name: rule + id: aws.connect.rule + x-cfn-schema-name: Rule + x-type: get + x-identifiers: + - RuleArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RuleArn') as rule_arn, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.TriggerEventSource') as trigger_event_source, + JSON_EXTRACT(Properties, '$.Function') as function, + JSON_EXTRACT(Properties, '$.Actions') as actions, + JSON_EXTRACT(Properties, '$.PublishStatus') as publish_status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::Rule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RuleArn') as rule_arn, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'TriggerEventSource') as trigger_event_source, + json_extract_path_text(Properties, 'Function') as function, + json_extract_path_text(Properties, 'Actions') as actions, + json_extract_path_text(Properties, 'PublishStatus') as publish_status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::Rule' + AND data__Identifier = '' + AND region = 'us-east-1' + security_keys: + name: security_keys + id: aws.connect.security_keys + x-cfn-schema-name: SecurityKey + x-type: list + x-identifiers: + - InstanceId + - AssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(Properties, '$.AssociationId') as association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::SecurityKey' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InstanceId') as instance_id, + json_extract_path_text(Properties, 'AssociationId') as association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::SecurityKey' + AND region = 'us-east-1' + security_key: + name: security_key + id: aws.connect.security_key + x-cfn-schema-name: SecurityKey + x-type: get + x-identifiers: + - InstanceId + - AssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Key') as key, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(Properties, '$.AssociationId') as association_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::SecurityKey' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Key') as key, + json_extract_path_text(Properties, 'InstanceId') as instance_id, + json_extract_path_text(Properties, 'AssociationId') as association_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::SecurityKey' + AND data__Identifier = '|' + AND region = 'us-east-1' + security_profiles: + name: security_profiles + id: aws.connect.security_profiles + x-cfn-schema-name: SecurityProfile + x-type: list + x-identifiers: + - SecurityProfileArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SecurityProfileArn') as security_profile_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::SecurityProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SecurityProfileArn') as security_profile_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::SecurityProfile' + AND region = 'us-east-1' + security_profile: + name: security_profile + id: aws.connect.security_profile + x-cfn-schema-name: SecurityProfile + x-type: get + x-identifiers: + - SecurityProfileArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AllowedAccessControlTags') as allowed_access_control_tags, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.Permissions') as permissions, + JSON_EXTRACT(Properties, '$.SecurityProfileArn') as security_profile_arn, + JSON_EXTRACT(Properties, '$.SecurityProfileName') as security_profile_name, + JSON_EXTRACT(Properties, '$.TagRestrictedResources') as tag_restricted_resources, + JSON_EXTRACT(Properties, '$.HierarchyRestrictedResources') as hierarchy_restricted_resources, + JSON_EXTRACT(Properties, '$.AllowedAccessControlHierarchyGroupId') as allowed_access_control_hierarchy_group_id, + JSON_EXTRACT(Properties, '$.Applications') as applications, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LastModifiedRegion') as last_modified_region, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::SecurityProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AllowedAccessControlTags') as allowed_access_control_tags, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'Permissions') as permissions, + json_extract_path_text(Properties, 'SecurityProfileArn') as security_profile_arn, + json_extract_path_text(Properties, 'SecurityProfileName') as security_profile_name, + json_extract_path_text(Properties, 'TagRestrictedResources') as tag_restricted_resources, + json_extract_path_text(Properties, 'HierarchyRestrictedResources') as hierarchy_restricted_resources, + json_extract_path_text(Properties, 'AllowedAccessControlHierarchyGroupId') as allowed_access_control_hierarchy_group_id, + json_extract_path_text(Properties, 'Applications') as applications, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LastModifiedRegion') as last_modified_region, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::SecurityProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + task_templates: + name: task_templates + id: aws.connect.task_templates + x-cfn-schema-name: TaskTemplate + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::TaskTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::TaskTemplate' + AND region = 'us-east-1' + task_template: + name: task_template + id: aws.connect.task_template + x-cfn-schema-name: TaskTemplate + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ContactFlowArn') as contact_flow_arn, + JSON_EXTRACT(Properties, '$.Constraints') as constraints, + JSON_EXTRACT(Properties, '$.Defaults') as defaults, + JSON_EXTRACT(Properties, '$.Fields') as fields, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.ClientToken') as client_token, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::TaskTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ContactFlowArn') as contact_flow_arn, + json_extract_path_text(Properties, 'Constraints') as constraints, + json_extract_path_text(Properties, 'Defaults') as defaults, + json_extract_path_text(Properties, 'Fields') as fields, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'ClientToken') as client_token, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::TaskTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + traffic_distribution_groups: + name: traffic_distribution_groups + id: aws.connect.traffic_distribution_groups + x-cfn-schema-name: TrafficDistributionGroup + x-type: list + x-identifiers: + - TrafficDistributionGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TrafficDistributionGroupArn') as traffic_distribution_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::TrafficDistributionGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TrafficDistributionGroupArn') as traffic_distribution_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::TrafficDistributionGroup' + AND region = 'us-east-1' + traffic_distribution_group: + name: traffic_distribution_group + id: aws.connect.traffic_distribution_group + x-cfn-schema-name: TrafficDistributionGroup + x-type: get + x-identifiers: + - TrafficDistributionGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.TrafficDistributionGroupArn') as traffic_distribution_group_arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.IsDefault') as is_default + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::TrafficDistributionGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'TrafficDistributionGroupArn') as traffic_distribution_group_arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'IsDefault') as is_default + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::TrafficDistributionGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + users: + name: users + id: aws.connect.users + x-cfn-schema-name: User + x-type: list + x-identifiers: + - UserArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.UserArn') as user_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::User' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'UserArn') as user_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::User' + AND region = 'us-east-1' + user: + name: user + id: aws.connect.user + x-cfn-schema-name: User + x-type: get + x-identifiers: + - UserArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.DirectoryUserId') as directory_user_id, + JSON_EXTRACT(Properties, '$.HierarchyGroupArn') as hierarchy_group_arn, + JSON_EXTRACT(Properties, '$.Username') as username, + JSON_EXTRACT(Properties, '$.Password') as password, + JSON_EXTRACT(Properties, '$.RoutingProfileArn') as routing_profile_arn, + JSON_EXTRACT(Properties, '$.IdentityInfo') as identity_info, + JSON_EXTRACT(Properties, '$.PhoneConfig') as phone_config, + JSON_EXTRACT(Properties, '$.SecurityProfileArns') as security_profile_arns, + JSON_EXTRACT(Properties, '$.UserArn') as user_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UserProficiencies') as user_proficiencies + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::User' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'DirectoryUserId') as directory_user_id, + json_extract_path_text(Properties, 'HierarchyGroupArn') as hierarchy_group_arn, + json_extract_path_text(Properties, 'Username') as username, + json_extract_path_text(Properties, 'Password') as password, + json_extract_path_text(Properties, 'RoutingProfileArn') as routing_profile_arn, + json_extract_path_text(Properties, 'IdentityInfo') as identity_info, + json_extract_path_text(Properties, 'PhoneConfig') as phone_config, + json_extract_path_text(Properties, 'SecurityProfileArns') as security_profile_arns, + json_extract_path_text(Properties, 'UserArn') as user_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UserProficiencies') as user_proficiencies + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::User' + AND data__Identifier = '' + AND region = 'us-east-1' + user_hierarchy_groups: + name: user_hierarchy_groups + id: aws.connect.user_hierarchy_groups + x-cfn-schema-name: UserHierarchyGroup + x-type: list + x-identifiers: + - UserHierarchyGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.UserHierarchyGroupArn') as user_hierarchy_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::UserHierarchyGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'UserHierarchyGroupArn') as user_hierarchy_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::UserHierarchyGroup' + AND region = 'us-east-1' + user_hierarchy_group: + name: user_hierarchy_group + id: aws.connect.user_hierarchy_group + x-cfn-schema-name: UserHierarchyGroup + x-type: get + x-identifiers: + - UserHierarchyGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.UserHierarchyGroupArn') as user_hierarchy_group_arn, + JSON_EXTRACT(Properties, '$.ParentGroupArn') as parent_group_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::UserHierarchyGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'UserHierarchyGroupArn') as user_hierarchy_group_arn, + json_extract_path_text(Properties, 'ParentGroupArn') as parent_group_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::UserHierarchyGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + views: + name: views + id: aws.connect.views + x-cfn-schema-name: View + x-type: list + x-identifiers: + - ViewArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ViewArn') as view_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::View' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ViewArn') as view_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::View' + AND region = 'us-east-1' + view: + name: view + id: aws.connect.view + x-cfn-schema-name: View + x-type: get + x-identifiers: + - ViewArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.ViewArn') as view_arn, + JSON_EXTRACT(Properties, '$.ViewId') as view_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Template') as template, + JSON_EXTRACT(Properties, '$.Actions') as actions, + JSON_EXTRACT(Properties, '$.ViewContentSha256') as view_content_sha256, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::View' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'ViewArn') as view_arn, + json_extract_path_text(Properties, 'ViewId') as view_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Template') as template, + json_extract_path_text(Properties, 'Actions') as actions, + json_extract_path_text(Properties, 'ViewContentSha256') as view_content_sha256, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::View' + AND data__Identifier = '' + AND region = 'us-east-1' + view_versions: + name: view_versions + id: aws.connect.view_versions + x-cfn-schema-name: ViewVersion + x-type: list + x-identifiers: + - ViewVersionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ViewVersionArn') as view_version_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::ViewVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ViewVersionArn') as view_version_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::ViewVersion' + AND region = 'us-east-1' + view_version: + name: view_version + id: aws.connect.view_version + x-cfn-schema-name: ViewVersion + x-type: get + x-identifiers: + - ViewVersionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ViewArn') as view_arn, + JSON_EXTRACT(Properties, '$.ViewVersionArn') as view_version_arn, + JSON_EXTRACT(Properties, '$.VersionDescription') as version_description, + JSON_EXTRACT(Properties, '$.ViewContentSha256') as view_content_sha256, + JSON_EXTRACT(Properties, '$.Version') as version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ViewVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ViewArn') as view_arn, + json_extract_path_text(Properties, 'ViewVersionArn') as view_version_arn, + json_extract_path_text(Properties, 'VersionDescription') as version_description, + json_extract_path_text(Properties, 'ViewContentSha256') as view_content_sha256, + json_extract_path_text(Properties, 'Version') as version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ViewVersion' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/connectcampaigns.yaml b/providers/src/aws/v00.00.00000/services/connectcampaigns.yaml new file mode 100644 index 00000000..2fd10628 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/connectcampaigns.yaml @@ -0,0 +1,265 @@ +openapi: 3.0.0 +info: + title: ConnectCampaigns + version: 1.0.0 +paths: {} +components: + schemas: + DialerConfig: + type: object + description: The possible types of dialer config parameters + properties: + ProgressiveDialerConfig: + $ref: '#/components/schemas/ProgressiveDialerConfig' + PredictiveDialerConfig: + $ref: '#/components/schemas/PredictiveDialerConfig' + AgentlessDialerConfig: + $ref: '#/components/schemas/AgentlessDialerConfig' + additionalProperties: false + oneOf: + - required: + - ProgressiveDialerConfig + - required: + - PredictiveDialerConfig + - required: + - AgentlessDialerConfig + OutboundCallConfig: + type: object + description: The configuration used for outbound calls. + properties: + ConnectContactFlowArn: + type: string + maxLength: 500 + description: The identifier of the contact flow for the outbound call. + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/contact-flow/[-a-zA-Z0-9]*$ + ConnectSourcePhoneNumber: + type: string + maxLength: 100 + description: The phone number associated with the Amazon Connect instance, in E.164 format. If you do not specify a source phone number, you must specify a queue. + ConnectQueueArn: + type: string + maxLength: 500 + description: The queue for the call. If you specify a queue, the phone displayed for caller ID is the phone number specified in the queue. If you do not specify a queue, the queue defined in the contact flow is used. If you do not specify a queue, you must specify a source phone number. + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/queue/[-a-zA-Z0-9]*$ + AnswerMachineDetectionConfig: + $ref: '#/components/schemas/AnswerMachineDetectionConfig' + required: + - ConnectContactFlowArn + additionalProperties: false + PredictiveDialerConfig: + type: object + description: Predictive Dialer config + properties: + BandwidthAllocation: + type: number + maximum: 1 + minimum: 0 + description: The bandwidth allocation of a queue resource. + DialingCapacity: + type: number + maximum: 1 + minimum: 0.01 + description: Allocates dialing capacity for this campaign between multiple active campaigns. + required: + - BandwidthAllocation + additionalProperties: false + ProgressiveDialerConfig: + type: object + description: Progressive Dialer config + properties: + BandwidthAllocation: + type: number + maximum: 1 + minimum: 0 + description: The bandwidth allocation of a queue resource. + DialingCapacity: + type: number + maximum: 1 + minimum: 0.01 + description: Allocates dialing capacity for this campaign between multiple active campaigns. + required: + - BandwidthAllocation + additionalProperties: false + AgentlessDialerConfig: + type: object + description: Agentless Dialer config + properties: + DialingCapacity: + type: number + maximum: 1 + minimum: 0.01 + description: Allocates dialing capacity for this campaign between multiple active campaigns. + required: [] + additionalProperties: false + AnswerMachineDetectionConfig: + type: object + description: The configuration used for answering machine detection during outbound calls + properties: + EnableAnswerMachineDetection: + type: boolean + description: Flag to decided whether outbound calls should have answering machine detection enabled or not + required: + - EnableAnswerMachineDetection + additionalProperties: false + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 128 + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + Value: + type: string + description: The value for the tag. You can specify a value that's 1 to 256 characters in length. + minLength: 1 + maxLength: 256 + required: + - Key + - Value + Campaign: + type: object + properties: + ConnectInstanceArn: + type: string + maxLength: 256 + minLength: 0 + description: Amazon Connect Instance Arn + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + DialerConfig: + $ref: '#/components/schemas/DialerConfig' + Arn: + type: string + maxLength: 256 + minLength: 0 + description: Amazon Connect Campaign Arn + pattern: ^arn:aws[-a-z0-9]*:connect-campaigns:[-a-z0-9]*:[0-9]{12}:campaign/[-a-zA-Z0-9]*$ + Name: + type: string + maxLength: 127 + minLength: 1 + description: Amazon Connect Campaign Name + OutboundCallConfig: + $ref: '#/components/schemas/OutboundCallConfig' + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: One or more tags. + items: + $ref: '#/components/schemas/Tag' + required: + - ConnectInstanceArn + - DialerConfig + - Name + - OutboundCallConfig + x-stackql-resource-name: campaign + description: Definition of AWS::ConnectCampaigns::Campaign Resource Type + x-type-name: AWS::ConnectCampaigns::Campaign + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - ConnectInstanceArn + x-read-only-properties: + - Arn + x-required-properties: + - ConnectInstanceArn + - DialerConfig + - Name + - OutboundCallConfig + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect-campaigns:CreateCampaign + - connect-campaigns:DescribeCampaign + - connect-campaigns:TagResource + - connect:DescribeContactFlow + - connect:DescribeInstance + - connect:DescribeQueue + read: + - connect-campaigns:DescribeCampaign + delete: + - connect-campaigns:DeleteCampaign + list: + - connect-campaigns:ListCampaigns + update: + - connect-campaigns:UpdateCampaignDialerConfig + - connect-campaigns:UpdateCampaignName + - connect-campaigns:UpdateCampaignOutboundCallConfig + - connect-campaigns:TagResource + - connect-campaigns:UntagResource + - connect-campaigns:DescribeCampaign + x-stackQL-resources: + campaigns: + name: campaigns + id: aws.connectcampaigns.campaigns + x-cfn-schema-name: Campaign + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ConnectCampaigns::Campaign' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ConnectCampaigns::Campaign' + AND region = 'us-east-1' + campaign: + name: campaign + id: aws.connectcampaigns.campaign + x-cfn-schema-name: Campaign + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ConnectInstanceArn') as connect_instance_arn, + JSON_EXTRACT(Properties, '$.DialerConfig') as dialer_config, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.OutboundCallConfig') as outbound_call_config, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ConnectCampaigns::Campaign' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ConnectInstanceArn') as connect_instance_arn, + json_extract_path_text(Properties, 'DialerConfig') as dialer_config, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'OutboundCallConfig') as outbound_call_config, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ConnectCampaigns::Campaign' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/controltower.yaml b/providers/src/aws/v00.00.00000/services/controltower.yaml new file mode 100644 index 00000000..265981f8 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/controltower.yaml @@ -0,0 +1,660 @@ +openapi: 3.0.0 +info: + title: ControlTower + version: 1.0.0 +paths: {} +components: + schemas: + Parameter: + type: object + properties: + Key: + type: string + maxLength: 256 + minLength: 1 + Value: + $ref: '#/components/schemas/AnyType' + additionalProperties: false + Tag: + type: object + properties: + Key: + type: string + maxLength: 256 + minLength: 1 + Value: + type: string + maxLength: 256 + minLength: 0 + additionalProperties: false + AnyType: + anyOf: + - type: string + - type: object + - type: number + - type: array + items: + anyOf: + - type: boolean + - type: number + - type: object + - type: string + insertionOrder: false + - type: boolean + EnabledBaseline: + type: object + properties: + BaselineIdentifier: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:aws[0-9a-zA-Z_\-:\/]+$ + BaselineVersion: + type: string + pattern: ^\d+(?:\.\d+){0,2}$ + EnabledBaselineIdentifier: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:aws[0-9a-zA-Z_\-:\/]+$ + TargetIdentifier: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:aws[0-9a-zA-Z_\-:\/]+$ + Parameters: + type: array + items: + $ref: '#/components/schemas/Parameter' + x-insertionOrder: false + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + required: + - BaselineIdentifier + - TargetIdentifier + - BaselineVersion + x-stackql-resource-name: enabled_baseline + description: Definition of AWS::ControlTower::EnabledBaseline Resource Type + x-type-name: AWS::ControlTower::EnabledBaseline + x-stackql-primary-identifier: + - EnabledBaselineIdentifier + x-create-only-properties: + - TargetIdentifier + - BaselineIdentifier + x-read-only-properties: + - EnabledBaselineIdentifier + x-required-properties: + - BaselineIdentifier + - TargetIdentifier + - BaselineVersion + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - controltower:EnableBaseline + - controltower:TagResource + - controltower:GetBaselineOperation + - controltower:GetEnabledBaseline + - controltower:ListTagsForResource + - organizations:CreateOrganizationalUnit + - organizations:CreateOrganization + - organizations:UpdatePolicy + - organizations:CreatePolicy + - organizations:AttachPolicy + - organizations:DetachPolicy + - organizations:DeletePolicy + - organizations:EnablePolicyType + - organizations:EnableAWSServiceAccess + - organizations:ListRoots + - servicecatalog:AssociatePrincipalWithPortfolio + - servicecatalog:AssociateProductWithPortfolio + - servicecatalog:CreatePortfolio + - servicecatalog:CreateProduct + - servicecatalog:CreateProvisioningArtifact + - servicecatalog:ListPortfolios + - servicecatalog:ListProvisioningArtifacts + - servicecatalog:SearchProductsAsAdmin + - servicecatalog:UpdatePortfolio + - servicecatalog:UpdateProvisioningArtifact + - servicecatalog:ListPrincipalsForPortfolio + - servicecatalog:DeleteProvisioningArtifact + read: + - controltower:GetEnabledBaseline + - controltower:ListEnabledBaselines + - controltower:ListTagsForResource + update: + - controltower:UpdateEnabledBaseline + - controltower:GetBaselineOperation + - organizations:CreateOrganizationalUnit + - organizations:CreateOrganization + - organizations:UpdatePolicy + - organizations:CreatePolicy + - organizations:AttachPolicy + - organizations:DetachPolicy + - organizations:DeletePolicy + - organizations:EnablePolicyType + - organizations:EnableAWSServiceAccess + - organizations:ListRoots + - servicecatalog:AssociatePrincipalWithPortfolio + - servicecatalog:AssociateProductWithPortfolio + - servicecatalog:CreatePortfolio + - servicecatalog:CreateProduct + - servicecatalog:CreateProvisioningArtifact + - servicecatalog:ListPortfolios + - servicecatalog:ListProvisioningArtifacts + - servicecatalog:SearchProductsAsAdmin + - servicecatalog:UpdatePortfolio + - servicecatalog:UpdateProvisioningArtifact + - servicecatalog:ListPrincipalsForPortfolio + - servicecatalog:DeleteProvisioningArtifact + - controltower:TagResource + - controltower:ListTagsForResource + - controltower:GetEnabledBaseline + delete: + - controltower:DisableBaseline + - controltower:GetBaselineOperation + - organizations:CreateOrganizationalUnit + - organizations:CreateOrganization + - organizations:UpdatePolicy + - organizations:CreatePolicy + - organizations:AttachPolicy + - organizations:DetachPolicy + - organizations:DeletePolicy + - organizations:EnablePolicyType + - organizations:EnableAWSServiceAccess + - organizations:ListRoots + - servicecatalog:AssociatePrincipalWithPortfolio + - servicecatalog:AssociateProductWithPortfolio + - servicecatalog:CreatePortfolio + - servicecatalog:CreateProduct + - servicecatalog:CreateProvisioningArtifact + - servicecatalog:ListPortfolios + - servicecatalog:ListProvisioningArtifacts + - servicecatalog:SearchProductsAsAdmin + - servicecatalog:UpdatePortfolio + - servicecatalog:UpdateProvisioningArtifact + - servicecatalog:ListPrincipalsForPortfolio + - servicecatalog:DeleteProvisioningArtifact + list: + - controltower:ListEnabledBaselines + EnabledControlParameter: + type: object + properties: + Value: + anyOf: + - type: array + items: + anyOf: + - type: string + - type: number + - type: object + - type: boolean + minItems: 1 + insertionOrder: false + - type: string + - type: number + - type: object + - type: boolean + Key: + type: string + required: + - Value + - Key + additionalProperties: false + EnabledControl: + type: object + properties: + ControlIdentifier: + description: Arn of the control. + type: string + pattern: ^arn:aws[0-9a-zA-Z_\-:\/]+$ + minLength: 20 + maxLength: 2048 + TargetIdentifier: + description: Arn for Organizational unit to which the control needs to be applied + type: string + pattern: ^arn:aws[0-9a-zA-Z_\-:\/]+$ + minLength: 20 + maxLength: 2048 + Parameters: + description: Parameters to configure the enabled control behavior. + type: array + items: + $ref: '#/components/schemas/EnabledControlParameter' + minItems: 1 + x-insertionOrder: false + Tags: + description: A set of tags to assign to the enabled control. + type: array + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + minItems: 1 + x-insertionOrder: false + required: + - TargetIdentifier + - ControlIdentifier + x-stackql-resource-name: enabled_control + description: Enables a control on a specified target. + x-type-name: AWS::ControlTower::EnabledControl + x-stackql-primary-identifier: + - TargetIdentifier + - ControlIdentifier + x-create-only-properties: + - TargetIdentifier + - ControlIdentifier + x-required-properties: + - TargetIdentifier + - ControlIdentifier + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - controltower:ListEnabledControls + - controltower:GetEnabledControl + - controltower:GetControlOperation + - controltower:EnableControl + - controltower:TagResource + - organizations:UpdatePolicy + - organizations:CreatePolicy + - organizations:AttachPolicy + - organizations:DetachPolicy + - organizations:ListPoliciesForTarget + - organizations:ListTargetsForPolicy + - organizations:DescribePolicy + update: + - controltower:ListEnabledControls + - controltower:GetEnabledControl + - controltower:GetControlOperation + - controltower:UpdateEnabledControl + - controltower:UntagResource + - controltower:TagResource + - organizations:UpdatePolicy + - organizations:CreatePolicy + - organizations:AttachPolicy + - organizations:DetachPolicy + - organizations:ListPoliciesForTarget + - organizations:ListTargetsForPolicy + - organizations:DescribePolicy + delete: + - controltower:GetControlOperation + - controltower:DisableControl + - organizations:UpdatePolicy + - organizations:DeletePolicy + - organizations:CreatePolicy + - organizations:AttachPolicy + - organizations:DetachPolicy + - organizations:ListPoliciesForTarget + - organizations:ListTargetsForPolicy + - organizations:DescribePolicy + read: + - controltower:ListEnabledControls + - controltower:GetEnabledControl + - controltower:ListTagsForResource + list: + - controltower:ListEnabledControls + LandingZoneDriftStatus: + type: string + enum: + - DRIFTED + - IN_SYNC + LandingZoneStatus: + type: string + enum: + - ACTIVE + - PROCESSING + - FAILED + LandingZone: + type: object + properties: + LandingZoneIdentifier: + type: string + Arn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:aws[0-9a-zA-Z_\-:\/]+$ + Status: + $ref: '#/components/schemas/LandingZoneStatus' + LatestAvailableVersion: + type: string + maxLength: 10 + minLength: 3 + pattern: \d+.\d+ + DriftStatus: + $ref: '#/components/schemas/LandingZoneDriftStatus' + Manifest: {} + Version: + type: string + maxLength: 10 + minLength: 3 + pattern: \d+.\d+ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - Manifest + - Version + x-stackql-resource-name: landing_zone + description: Definition of AWS::ControlTower::LandingZone Resource Type + x-type-name: AWS::ControlTower::LandingZone + x-stackql-primary-identifier: + - LandingZoneIdentifier + x-read-only-properties: + - LandingZoneIdentifier + - Arn + - Status + - LatestAvailableVersion + - DriftStatus + x-required-properties: + - Manifest + - Version + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - controltower:CreateLandingZone + - controltower:GetLandingZoneOperation + - controltower:ListTagsForResource + - controltower:TagResource + - controltower:GetLandingZone + - cloudformation:DescribeOrganizationsAccess + - servicecatalog:AssociatePrincipalWithPortfolio + - servicecatalog:AssociateProductWithPortfolio + - servicecatalog:CreatePortfolio + - servicecatalog:CreateProduct + - servicecatalog:CreateProvisioningArtifact + - servicecatalog:ListPortfolios + - servicecatalog:ListProvisioningArtifacts + - servicecatalog:SearchProductsAsAdmin + - servicecatalog:UpdatePortfolio + - servicecatalog:UpdateProvisioningArtifact + - servicecatalog:ListPrincipalsForPortfolio + - organizations:CreateOrganizationalUnit + - organizations:CreateOrganization + - organizations:UpdatePolicy + - organizations:CreatePolicy + - organizations:AttachPolicy + - organizations:DetachPolicy + - organizations:DeletePolicy + - organizations:EnablePolicyType + - organizations:EnableAWSServiceAccess + - organizations:ListRoots + - sso:GetPeregrineStatus + - sso:ListDirectoryAssociations + - sso:StartPeregrine + - sso:RegisterRegion + read: + - controltower:GetLandingZone + - controltower:ListTagsForResource + update: + - controltower:UpdateLandingZone + - controltower:GetLandingZoneOperation + - controltower:ListTagsForResource + - controltower:TagResource + - controltower:GetLandingZone + - controltower:UntagResource + - cloudformation:DescribeOrganizationsAccess + - servicecatalog:AssociatePrincipalWithPortfolio + - servicecatalog:AssociateProductWithPortfolio + - servicecatalog:CreatePortfolio + - servicecatalog:CreateProduct + - servicecatalog:CreateProvisioningArtifact + - servicecatalog:ListPortfolios + - servicecatalog:ListProvisioningArtifacts + - servicecatalog:SearchProductsAsAdmin + - servicecatalog:UpdatePortfolio + - servicecatalog:UpdateProvisioningArtifact + - servicecatalog:ListPrincipalsForPortfolio + - organizations:CreateOrganizationalUnit + - organizations:CreateOrganization + - organizations:UpdatePolicy + - organizations:CreatePolicy + - organizations:AttachPolicy + - organizations:DetachPolicy + - organizations:DeletePolicy + - organizations:EnablePolicyType + - organizations:EnableAWSServiceAccess + - organizations:ListRoots + - sso:GetPeregrineStatus + - sso:ListDirectoryAssociations + - sso:StartPeregrine + - sso:RegisterRegion + delete: + - controltower:DeleteLandingZone + - controltower:GetLandingZone + - controltower:GetLandingZoneOperation + - cloudformation:DescribeOrganizationsAccess + - servicecatalog:ListPortfolios + - servicecatalog:ListProvisioningArtifacts + - servicecatalog:SearchProductsAsAdmin + - servicecatalog:DeleteProvisioningArtifact + - servicecatalog:ListPrincipalsForPortfolio + - servicecatalog:DeleteProduct + - servicecatalog:DisassociatePrincipalFromPortfolio + - servicecatalog:DisassociateProductFromPortfolio + - servicecatalog:DeletePortfolio + - organizations:AttachPolicy + - organizations:DetachPolicy + - organizations:DeletePolicy + - organizations:ListRoots + - sso:GetPeregrineStatus + - sso:ListDirectoryAssociations + - iam:DeleteRolePolicy + - iam:DetachRolePolicy + - iam:DeleteRole + list: + - controltower:ListLandingZones + x-stackQL-resources: + enabled_baselines: + name: enabled_baselines + id: aws.controltower.enabled_baselines + x-cfn-schema-name: EnabledBaseline + x-type: list + x-identifiers: + - EnabledBaselineIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EnabledBaselineIdentifier') as enabled_baseline_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ControlTower::EnabledBaseline' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EnabledBaselineIdentifier') as enabled_baseline_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ControlTower::EnabledBaseline' + AND region = 'us-east-1' + enabled_baseline: + name: enabled_baseline + id: aws.controltower.enabled_baseline + x-cfn-schema-name: EnabledBaseline + x-type: get + x-identifiers: + - EnabledBaselineIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.BaselineIdentifier') as baseline_identifier, + JSON_EXTRACT(Properties, '$.BaselineVersion') as baseline_version, + JSON_EXTRACT(Properties, '$.EnabledBaselineIdentifier') as enabled_baseline_identifier, + JSON_EXTRACT(Properties, '$.TargetIdentifier') as target_identifier, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ControlTower::EnabledBaseline' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'BaselineIdentifier') as baseline_identifier, + json_extract_path_text(Properties, 'BaselineVersion') as baseline_version, + json_extract_path_text(Properties, 'EnabledBaselineIdentifier') as enabled_baseline_identifier, + json_extract_path_text(Properties, 'TargetIdentifier') as target_identifier, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ControlTower::EnabledBaseline' + AND data__Identifier = '' + AND region = 'us-east-1' + enabled_controls: + name: enabled_controls + id: aws.controltower.enabled_controls + x-cfn-schema-name: EnabledControl + x-type: list + x-identifiers: + - TargetIdentifier + - ControlIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TargetIdentifier') as target_identifier, + JSON_EXTRACT(Properties, '$.ControlIdentifier') as control_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ControlTower::EnabledControl' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TargetIdentifier') as target_identifier, + json_extract_path_text(Properties, 'ControlIdentifier') as control_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ControlTower::EnabledControl' + AND region = 'us-east-1' + enabled_control: + name: enabled_control + id: aws.controltower.enabled_control + x-cfn-schema-name: EnabledControl + x-type: get + x-identifiers: + - TargetIdentifier + - ControlIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ControlIdentifier') as control_identifier, + JSON_EXTRACT(Properties, '$.TargetIdentifier') as target_identifier, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ControlTower::EnabledControl' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ControlIdentifier') as control_identifier, + json_extract_path_text(Properties, 'TargetIdentifier') as target_identifier, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ControlTower::EnabledControl' + AND data__Identifier = '|' + AND region = 'us-east-1' + landing_zones: + name: landing_zones + id: aws.controltower.landing_zones + x-cfn-schema-name: LandingZone + x-type: list + x-identifiers: + - LandingZoneIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LandingZoneIdentifier') as landing_zone_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ControlTower::LandingZone' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LandingZoneIdentifier') as landing_zone_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ControlTower::LandingZone' + AND region = 'us-east-1' + landing_zone: + name: landing_zone + id: aws.controltower.landing_zone + x-cfn-schema-name: LandingZone + x-type: get + x-identifiers: + - LandingZoneIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LandingZoneIdentifier') as landing_zone_identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.LatestAvailableVersion') as latest_available_version, + JSON_EXTRACT(Properties, '$.DriftStatus') as drift_status, + JSON_EXTRACT(Properties, '$.Manifest') as manifest, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ControlTower::LandingZone' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LandingZoneIdentifier') as landing_zone_identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'LatestAvailableVersion') as latest_available_version, + json_extract_path_text(Properties, 'DriftStatus') as drift_status, + json_extract_path_text(Properties, 'Manifest') as manifest, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ControlTower::LandingZone' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/cur.yaml b/providers/src/aws/v00.00.00000/services/cur.yaml new file mode 100644 index 00000000..19edeea6 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/cur.yaml @@ -0,0 +1,208 @@ +openapi: 3.0.0 +info: + title: CUR + version: 1.0.0 +paths: {} +components: + schemas: + ReportDefinition: + type: object + properties: + ReportName: + description: The name of the report that you want to create. The name must be unique, is case sensitive, and can't include spaces. + type: string + minLength: 1 + maxLength: 256 + pattern: '[0-9A-Za-z!\-_.*\''()]+' + TimeUnit: + description: The granularity of the line items in the report. + type: string + enum: + - HOURLY + - DAILY + - MONTHLY + Format: + description: The format that AWS saves the report in. + type: string + enum: + - textORcsv + - Parquet + Compression: + description: The compression format that AWS uses for the report. + type: string + enum: + - ZIP + - GZIP + - Parquet + AdditionalSchemaElements: + description: A list of strings that indicate additional content that Amazon Web Services includes in the report, such as individual resource IDs. + type: array + default: [] + items: + description: Whether or not AWS includes resource IDs in the report. + type: string + enum: + - RESOURCES + S3Bucket: + description: The S3 bucket where AWS delivers the report. + type: string + minLength: 1 + maxLength: 256 + pattern: '[A-Za-z0-9_\.\-]+' + S3Prefix: + description: The prefix that AWS adds to the report name when AWS delivers the report. Your prefix can't include spaces. + type: string + minLength: 1 + maxLength: 256 + pattern: '[0-9A-Za-z!\-_.*\''()/]*' + S3Region: + description: The region of the S3 bucket that AWS delivers the report into. + type: string + AdditionalArtifacts: + description: A list of manifests that you want Amazon Web Services to create for this report. + type: array + default: [] + items: + description: The types of manifest that you want AWS to create for this report. + type: string + enum: + - REDSHIFT + - QUICKSIGHT + - ATHENA + RefreshClosedReports: + description: Whether you want Amazon Web Services to update your reports after they have been finalized if Amazon Web Services detects charges related to previous months. These charges can include refunds, credits, or support fees. + type: boolean + ReportVersioning: + description: Whether you want Amazon Web Services to overwrite the previous version of each report or to deliver the report in addition to the previous versions. + type: string + enum: + - CREATE_NEW_REPORT + - OVERWRITE_REPORT + BillingViewArn: + description: The Amazon resource name of the billing view. You can get this value by using the billing view service public APIs. + type: string + default: null + pattern: (arn:aws(-cn)?:billing::[0-9]{12}:billingview/)?[a-zA-Z0-9_\+=\.\-@].{1,30} + minLength: 1 + maxLength: 128 + required: + - ReportName + - TimeUnit + - Format + - Compression + - S3Bucket + - S3Prefix + - S3Region + - RefreshClosedReports + - ReportVersioning + x-stackql-resource-name: report_definition + description: The AWS::CUR::ReportDefinition resource creates a Cost & Usage Report with user-defined settings. You can use this resource to define settings like time granularity (hourly, daily, monthly), file format (Parquet, CSV), and S3 bucket for delivery of these reports. + x-type-name: AWS::CUR::ReportDefinition + x-stackql-primary-identifier: + - ReportName + x-create-only-properties: + - ReportName + - AdditionalSchemaElements + - TimeUnit + - ReportVersioning + - BillingViewArn + x-required-properties: + - ReportName + - TimeUnit + - Format + - Compression + - S3Bucket + - S3Prefix + - S3Region + - RefreshClosedReports + - ReportVersioning + x-required-permissions: + create: + - cur:PutReportDefinition + read: + - cur:DescribeReportDefinitions + update: + - cur:DescribeReportDefinitions + - cur:ModifyReportDefinition + delete: + - cur:DescribeReportDefinitions + - cur:DeleteReportDefinition + list: + - cur:DescribeReportDefinitions + x-stackQL-resources: + report_definitions: + name: report_definitions + id: aws.cur.report_definitions + x-cfn-schema-name: ReportDefinition + x-type: list + x-identifiers: + - ReportName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ReportName') as report_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CUR::ReportDefinition' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ReportName') as report_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CUR::ReportDefinition' + AND region = 'us-east-1' + report_definition: + name: report_definition + id: aws.cur.report_definition + x-cfn-schema-name: ReportDefinition + x-type: get + x-identifiers: + - ReportName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ReportName') as report_name, + JSON_EXTRACT(Properties, '$.TimeUnit') as time_unit, + JSON_EXTRACT(Properties, '$.Format') as _format, + JSON_EXTRACT(Properties, '$.Compression') as compression, + JSON_EXTRACT(Properties, '$.AdditionalSchemaElements') as additional_schema_elements, + JSON_EXTRACT(Properties, '$.S3Bucket') as s3_bucket, + JSON_EXTRACT(Properties, '$.S3Prefix') as s3_prefix, + JSON_EXTRACT(Properties, '$.S3Region') as s3_region, + JSON_EXTRACT(Properties, '$.AdditionalArtifacts') as additional_artifacts, + JSON_EXTRACT(Properties, '$.RefreshClosedReports') as refresh_closed_reports, + JSON_EXTRACT(Properties, '$.ReportVersioning') as report_versioning, + JSON_EXTRACT(Properties, '$.BillingViewArn') as billing_view_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CUR::ReportDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ReportName') as report_name, + json_extract_path_text(Properties, 'TimeUnit') as time_unit, + json_extract_path_text(Properties, 'Format') as _format, + json_extract_path_text(Properties, 'Compression') as compression, + json_extract_path_text(Properties, 'AdditionalSchemaElements') as additional_schema_elements, + json_extract_path_text(Properties, 'S3Bucket') as s3_bucket, + json_extract_path_text(Properties, 'S3Prefix') as s3_prefix, + json_extract_path_text(Properties, 'S3Region') as s3_region, + json_extract_path_text(Properties, 'AdditionalArtifacts') as additional_artifacts, + json_extract_path_text(Properties, 'RefreshClosedReports') as refresh_closed_reports, + json_extract_path_text(Properties, 'ReportVersioning') as report_versioning, + json_extract_path_text(Properties, 'BillingViewArn') as billing_view_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CUR::ReportDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/customerprofiles.yaml b/providers/src/aws/v00.00.00000/services/customerprofiles.yaml new file mode 100644 index 00000000..96671366 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/customerprofiles.yaml @@ -0,0 +1,1756 @@ +openapi: 3.0.0 +info: + title: CustomerProfiles + version: 1.0.0 +paths: {} +components: + schemas: + DomainName: + description: The unique name of the domain. + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + CalculatedAttributeName: + description: The unique name of the calculated attribute. + type: string + pattern: ^[a-zA-Z_][a-zA-Z_0-9-]*$ + minLength: 1 + maxLength: 255 + DisplayName: + description: The display name of the calculated attribute. + type: string + pattern: ^[a-zA-Z_][a-zA-Z_0-9-\s]*$ + minLength: 1 + maxLength: 255 + Description: + description: The description of the calculated attribute. + type: string + minLength: 1 + maxLength: 1000 + AttributeName: + description: The name of an attribute defined in a profile object type. + type: string + pattern: ^[a-zA-Z0-9_.-]+$ + minLength: 1 + maxLength: 64 + AttributeItem: + description: The details of a single attribute item specified in the mathematical expression. + type: object + properties: + Name: + $ref: '#/components/schemas/AttributeName' + required: + - Name + additionalProperties: false + AttributeList: + description: A list of attribute items specified in the mathematical expression. + type: array + items: + $ref: '#/components/schemas/AttributeItem' + x-insertionOrder: false + uniqueItems: true + minItems: 1 + maxItems: 2 + Expression: + description: Mathematical expression that is performed on attribute items provided in the attribute list. Each element in the expression should follow the structure of "{ObjectTypeName.AttributeName}". + type: string + minLength: 1 + maxLength: 255 + AttributeDetails: + description: Mathematical expression and a list of attribute items specified in that expression. + type: object + properties: + Attributes: + $ref: '#/components/schemas/AttributeList' + Expression: + $ref: '#/components/schemas/Expression' + required: + - Attributes + - Expression + additionalProperties: false + RangeUnit: + description: The unit of time. + type: string + enum: + - DAYS + RangeValue: + description: The amount of time of the specified unit. + type: integer + minimum: 1 + maximum: 366 + Range: + description: The relative time period over which data is included in the aggregation. + type: object + properties: + Value: + $ref: '#/components/schemas/RangeValue' + Unit: + $ref: '#/components/schemas/RangeUnit' + required: + - Value + - Unit + additionalProperties: false + ObjectCount: + description: The number of profile objects used for the calculated attribute. + type: integer + minimum: 1 + maximum: 100 + ThresholdValue: + description: The value of the threshold. + type: string + minLength: 1 + maxLength: 255 + ThresholdOperator: + description: The operator of the threshold. + type: string + enum: + - EQUAL_TO + - GREATER_THAN + - LESS_THAN + - NOT_EQUAL_TO + Threshold: + description: The threshold for the calculated attribute. + type: object + properties: + Value: + $ref: '#/components/schemas/ThresholdValue' + Operator: + $ref: '#/components/schemas/ThresholdOperator' + required: + - Value + - Operator + additionalProperties: false + Conditions: + description: The conditions including range, object count, and threshold for the calculated attribute. + type: object + properties: + Range: + $ref: '#/components/schemas/Range' + ObjectCount: + $ref: '#/components/schemas/ObjectCount' + Threshold: + $ref: '#/components/schemas/Threshold' + additionalProperties: false + Statistic: + description: The aggregation operation to perform for the calculated attribute. + type: string + enum: + - FIRST_OCCURRENCE + - LAST_OCCURRENCE + - COUNT + - SUM + - MINIMUM + - MAXIMUM + - AVERAGE + - MAX_OCCURRENCE + Tag: + type: object + properties: + Key: + type: string + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 0 + maxLength: 256 + additionalProperties: false + required: + - Key + - Value + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + CalculatedAttributeDefinition: + type: object + properties: + DomainName: + $ref: '#/components/schemas/DomainName' + CalculatedAttributeName: + $ref: '#/components/schemas/CalculatedAttributeName' + DisplayName: + $ref: '#/components/schemas/DisplayName' + Description: + $ref: '#/components/schemas/Description' + AttributeDetails: + $ref: '#/components/schemas/AttributeDetails' + Conditions: + $ref: '#/components/schemas/Conditions' + Statistic: + $ref: '#/components/schemas/Statistic' + CreatedAt: + description: The timestamp of when the calculated attribute definition was created. + type: string + LastUpdatedAt: + description: The timestamp of when the calculated attribute definition was most recently edited. + type: string + Tags: + $ref: '#/components/schemas/Tags' + required: + - DomainName + - CalculatedAttributeName + - AttributeDetails + - Statistic + x-stackql-resource-name: calculated_attribute_definition + description: A calculated attribute definition for Customer Profiles + x-type-name: AWS::CustomerProfiles::CalculatedAttributeDefinition + x-stackql-primary-identifier: + - DomainName + - CalculatedAttributeName + x-create-only-properties: + - DomainName + - CalculatedAttributeName + x-read-only-properties: + - CreatedAt + - LastUpdatedAt + x-required-properties: + - DomainName + - CalculatedAttributeName + - AttributeDetails + - Statistic + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - profile:CreateCalculatedAttributeDefinition + - profile:TagResource + read: + - profile:GetCalculatedAttributeDefinition + update: + - profile:GetCalculatedAttributeDefinition + - profile:UpdateCalculatedAttributeDefinition + - profile:UntagResource + - profile:TagResource + delete: + - profile:DeleteCalculatedAttributeDefinition + list: + - profile:ListCalculatedAttributeDefinitions + DomainStats: + type: object + description: Usage-specific statistics about the domain. + properties: + MeteringProfileCount: + description: The number of profiles that you are currently paying for in the domain. If you have more than 100 objects associated with a single profile, that profile counts as two profiles. If you have more than 200 objects, that profile counts as three, and so on. + type: number + ObjectCount: + description: The total number of objects in domain. + type: number + ProfileCount: + description: The total number of profiles currently in the domain. + type: number + TotalSize: + description: The total size, in bytes, of all objects in the domain. + type: number + additionalProperties: false + S3ExportingConfig: + type: object + description: The S3 location where Identity Resolution Jobs write result files. + properties: + S3BucketName: + description: The name of the S3 bucket where Identity Resolution Jobs write result files. + type: string + minLength: 3 + maxLength: 63 + pattern: ^[a-z0-9.-]+$ + S3KeyName: + description: The S3 key name of the location where Identity Resolution Jobs write result files. + type: string + minLength: 1 + maxLength: 800 + pattern: .* + required: + - S3BucketName + additionalProperties: false + ExportingConfig: + type: object + description: Configuration information for exporting Identity Resolution results, for example, to an S3 bucket. + properties: + S3Exporting: + $ref: '#/components/schemas/S3ExportingConfig' + additionalProperties: false + JobSchedule: + type: object + description: The day and time when do you want to start the Identity Resolution Job every week. + properties: + DayOfTheWeek: + description: The day when the Identity Resolution Job should run every week. + type: string + enum: + - SUNDAY + - MONDAY + - TUESDAY + - WEDNESDAY + - THURSDAY + - FRIDAY + - SATURDAY + Time: + description: The time when the Identity Resolution Job should run every week. + type: string + minLength: 3 + maxLength: 5 + pattern: ^([0-9]|0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$ + required: + - DayOfTheWeek + - Time + additionalProperties: false + ConflictResolution: + type: object + description: 'How the auto-merging process should resolve conflicts between different profiles. For example, if Profile A and Profile B have the same FirstName and LastName (and that is the matching criteria), which EmailAddress should be used? ' + properties: + ConflictResolvingModel: + description: How the auto-merging process should resolve conflicts between different profiles. + type: string + enum: + - RECENCY + - SOURCE + SourceName: + description: The ObjectType name that is used to resolve profile merging conflicts when choosing SOURCE as the ConflictResolvingModel. + type: string + minLength: 1 + maxLength: 255 + required: + - ConflictResolvingModel + additionalProperties: false + MatchingAttributes: + type: array + minItems: 1 + maxItems: 20 + items: + type: string + minLength: 1 + maxLength: 255 + Consolidation: + description: A list of matching attributes that represent matching criteria. If two profiles meet at least one of the requirements in the matching attributes list, they will be merged. + type: object + properties: + MatchingAttributesList: + description: A list of matching criteria. + type: array + minItems: 1 + maxItems: 10 + items: + $ref: '#/components/schemas/MatchingAttributes' + required: + - MatchingAttributesList + additionalProperties: false + AutoMerging: + type: object + description: Configuration information about the auto-merging process. + properties: + Enabled: + description: The flag that enables the auto-merging of duplicate profiles. + type: boolean + ConflictResolution: + $ref: '#/components/schemas/ConflictResolution' + Consolidation: + $ref: '#/components/schemas/Consolidation' + MinAllowedConfidenceScoreForMerging: + description: A number between 0 and 1 that represents the minimum confidence score required for profiles within a matching group to be merged during the auto-merge process. A higher score means higher similarity required to merge profiles. + type: number + minimum: 0 + maximum: 1 + required: + - Enabled + additionalProperties: false + MatchingRuleAttributeList: + description: A single rule level of the MatchRules. Configures how the rule-based matching process should match profiles. + type: array + minItems: 1 + maxItems: 15 + items: + type: string + minLength: 1 + maxLength: 255 + MatchingRule: + description: Specifies how does the rule-based matching process should match profiles. + type: object + properties: + Rule: + $ref: '#/components/schemas/MatchingRuleAttributeList' + required: + - Rule + additionalProperties: false + AttributeTypesSelector: + description: Configures information about the AttributeTypesSelector where the rule-based identity resolution uses to match profiles. + type: object + properties: + AttributeMatchingModel: + description: Configures the AttributeMatchingModel, you can either choose ONE_TO_ONE or MANY_TO_MANY. + type: string + enum: + - ONE_TO_ONE + - MANY_TO_MANY + Address: + description: The Address type. You can choose from Address, BusinessAddress, MaillingAddress, and ShippingAddress. You only can use the Address type in the MatchingRule. For example, if you want to match profile based on BusinessAddress.City or MaillingAddress.City, you need to choose the BusinessAddress and the MaillingAddress to represent the Address type and specify the Address.City on the matching rule. + type: array + minItems: 1 + maxItems: 4 + items: + type: string + minLength: 1 + maxLength: 255 + EmailAddress: + description: The Email type. You can choose from EmailAddress, BusinessEmailAddress and PersonalEmailAddress. You only can use the EmailAddress type in the MatchingRule. For example, if you want to match profile based on PersonalEmailAddress or BusinessEmailAddress, you need to choose the PersonalEmailAddress and the BusinessEmailAddress to represent the EmailAddress type and only specify the EmailAddress on the matching rule. + type: array + minItems: 1 + maxItems: 3 + items: + type: string + minLength: 1 + maxLength: 255 + PhoneNumber: + description: The PhoneNumber type. You can choose from PhoneNumber, HomePhoneNumber, and MobilePhoneNumber. You only can use the PhoneNumber type in the MatchingRule. For example, if you want to match a profile based on Phone or HomePhone, you need to choose the Phone and the HomePhone to represent the PhoneNumber type and only specify the PhoneNumber on the matching rule. + type: array + minItems: 1 + maxItems: 4 + items: + type: string + minLength: 1 + maxLength: 255 + required: + - AttributeMatchingModel + additionalProperties: false + Matching: + description: >- + The process of matching duplicate profiles. If Matching = true, Amazon Connect Customer Profiles starts a weekly batch process called Identity Resolution Job. If you do not specify a date and time for Identity Resolution Job to run, by default it runs every Saturday at 12AM UTC to detect duplicate profiles in your domains. After the Identity Resolution Job completes, use the GetMatches API to return and review the results. Or, if you have configured ExportingConfig in the + MatchingRequest, you can download the results from S3. + type: object + properties: + Enabled: + description: The flag that enables the matching process of duplicate profiles. + type: boolean + AutoMerging: + $ref: '#/components/schemas/AutoMerging' + ExportingConfig: + $ref: '#/components/schemas/ExportingConfig' + JobSchedule: + $ref: '#/components/schemas/JobSchedule' + required: + - Enabled + additionalProperties: false + RuleBasedMatching: + description: The process of matching duplicate profiles using the Rule-Based matching. If RuleBasedMatching = true, Amazon Connect Customer Profiles will start to match and merge your profiles according to your configuration in the RuleBasedMatchingRequest. You can use the ListRuleBasedMatches and GetSimilarProfiles API to return and review the results. Also, if you have configured ExportingConfig in the RuleBasedMatchingRequest, you can download the results from S3. + type: object + properties: + Enabled: + description: The flag that enables the rule-based matching process of duplicate profiles. + type: boolean + AttributeTypesSelector: + $ref: '#/components/schemas/AttributeTypesSelector' + ConflictResolution: + $ref: '#/components/schemas/ConflictResolution' + ExportingConfig: + $ref: '#/components/schemas/ExportingConfig' + MatchingRules: + description: Configures how the rule-based matching process should match profiles. You can have up to 15 MatchingRule in the MatchingRules. + type: array + minItems: 1 + maxItems: 15 + items: + $ref: '#/components/schemas/MatchingRule' + MaxAllowedRuleLevelForMatching: + description: Indicates the maximum allowed rule level for matching. + type: integer + minimum: 1 + maximum: 15 + MaxAllowedRuleLevelForMerging: + description: Indicates the maximum allowed rule level for merging. + type: integer + minimum: 1 + maximum: 15 + Status: + type: string + enum: + - PENDING + - IN_PROGRESS + - ACTIVE + required: + - Enabled + additionalProperties: false + Domain: + type: object + properties: + DomainName: + description: The unique name of the domain. + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + DeadLetterQueueUrl: + description: The URL of the SQS dead letter queue + type: string + minLength: 0 + maxLength: 255 + DefaultEncryptionKey: + description: The default encryption key + type: string + minLength: 0 + maxLength: 255 + DefaultExpirationDays: + description: The default number of days until the data within the domain expires. + type: integer + minimum: 1 + maximum: 1098 + Matching: + $ref: '#/components/schemas/Matching' + RuleBasedMatching: + $ref: '#/components/schemas/RuleBasedMatching' + Stats: + $ref: '#/components/schemas/DomainStats' + Tags: + description: The tags (keys and values) associated with the domain + type: array + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + CreatedAt: + description: The time of this integration got created + type: string + LastUpdatedAt: + description: The time of this integration got last updated at + type: string + required: + - DomainName + - DefaultExpirationDays + x-stackql-resource-name: domain + description: A domain defined for 3rd party data source in Profile Service + x-type-name: AWS::CustomerProfiles::Domain + x-stackql-primary-identifier: + - DomainName + x-create-only-properties: + - DomainName + x-read-only-properties: + - LastUpdatedAt + - CreatedAt + - RuleBasedMatching/Status + - Stats + x-required-properties: + - DomainName + - DefaultExpirationDays + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - profile:CreateDomain + - profile:TagResource + read: + - profile:GetDomain + update: + - profile:GetDomain + - profile:UpdateDomain + - profile:UntagResource + - profile:TagResource + delete: + - profile:DeleteDomain + list: + - profile:ListDomains + Uri: + description: The StreamARN of the destination to deliver profile events to. For example, arn:aws:kinesis:region:account-id:stream/stream-name + type: string + minLength: 1 + maxLength: 255 + Status: + description: The status of enabling the Kinesis stream as a destination for export. + type: string + enum: + - HEALTHY + - UNHEALTHY + EventStream: + type: object + properties: + DomainName: + description: The unique name of the domain. + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + EventStreamName: + description: The name of the event stream. + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 255 + Uri: + $ref: '#/components/schemas/Uri' + EventStreamArn: + description: A unique identifier for the event stream. + type: string + minLength: 1 + maxLength: 255 + Tags: + description: The tags used to organize, track, or control access for this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + CreatedAt: + description: The timestamp of when the export was created. + type: string + State: + description: The operational state of destination stream for export. + type: string + enum: + - RUNNING + - STOPPED + DestinationDetails: + description: Details regarding the Kinesis stream. + type: object + properties: + Uri: + $ref: '#/components/schemas/Uri' + Status: + $ref: '#/components/schemas/Status' + required: + - Uri + - Status + additionalProperties: false + required: + - DomainName + - EventStreamName + - Uri + x-stackql-resource-name: event_stream + description: An Event Stream resource of Amazon Connect Customer Profiles + x-type-name: AWS::CustomerProfiles::EventStream + x-stackql-primary-identifier: + - DomainName + - EventStreamName + x-create-only-properties: + - DomainName + - EventStreamName + - Uri + x-read-only-properties: + - DestinationDetails + - CreatedAt + - State + - EventStreamArn + x-required-properties: + - DomainName + - EventStreamName + - Uri + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - profile:CreateEventStream + - iam:PutRolePolicy + - kinesis:DescribeStreamSummary + - profile:TagResource + read: + - profile:GetEventStream + - kinesis:DescribeStreamSummary + update: + - kinesis:DescribeStreamSummary + - profile:GetEventStream + - profile:UntagResource + - profile:TagResource + delete: + - profile:DeleteEventStream + - iam:DeleteRolePolicy + list: + - profile:ListEventStreams + Object: + type: string + maxLength: 512 + pattern: \S+ + additionalProperties: false + MarketoSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + required: + - Object + additionalProperties: false + S3SourceProperties: + type: object + properties: + BucketName: + type: string + minLength: 3 + maxLength: 63 + pattern: \S+ + BucketPrefix: + type: string + maxLength: 512 + pattern: .* + required: + - BucketName + additionalProperties: false + SalesforceSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + EnableDynamicFieldUpdate: + type: boolean + IncludeDeletedRecords: + type: boolean + required: + - Object + additionalProperties: false + ServiceNowSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + required: + - Object + additionalProperties: false + ZendeskSourceProperties: + type: object + properties: + Object: + $ref: '#/components/schemas/Object' + required: + - Object + additionalProperties: false + SourceConnectorProperties: + type: object + properties: + Marketo: + $ref: '#/components/schemas/MarketoSourceProperties' + S3: + $ref: '#/components/schemas/S3SourceProperties' + Salesforce: + $ref: '#/components/schemas/SalesforceSourceProperties' + ServiceNow: + $ref: '#/components/schemas/ServiceNowSourceProperties' + Zendesk: + $ref: '#/components/schemas/ZendeskSourceProperties' + additionalProperties: false + ConnectorType: + type: string + enum: + - Salesforce + - Marketo + - ServiceNow + - Zendesk + - S3 + IncrementalPullConfig: + type: object + properties: + DatetimeTypeFieldName: + type: string + maxLength: 256 + additionalProperties: false + SourceFlowConfig: + type: object + properties: + ConnectorType: + $ref: '#/components/schemas/ConnectorType' + ConnectorProfileName: + type: string + maxLength: 256 + pattern: '[\w/!@#+=.-]+' + IncrementalPullConfig: + $ref: '#/components/schemas/IncrementalPullConfig' + SourceConnectorProperties: + $ref: '#/components/schemas/SourceConnectorProperties' + required: + - ConnectorType + - SourceConnectorProperties + additionalProperties: false + ConnectorOperator: + type: object + properties: + Marketo: + $ref: '#/components/schemas/MarketoConnectorOperator' + S3: + $ref: '#/components/schemas/S3ConnectorOperator' + Salesforce: + $ref: '#/components/schemas/SalesforceConnectorOperator' + ServiceNow: + $ref: '#/components/schemas/ServiceNowConnectorOperator' + Zendesk: + $ref: '#/components/schemas/ZendeskConnectorOperator' + additionalProperties: false + Operator: + type: string + enum: + - PROJECTION + - LESS_THAN + - GREATER_THAN + - CONTAINS + - BETWEEN + - LESS_THAN_OR_EQUAL_TO + - GREATER_THAN_OR_EQUAL_TO + - EQUAL_TO + - NOT_EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + MarketoConnectorOperator: + type: string + enum: + - PROJECTION + - LESS_THAN + - GREATER_THAN + - BETWEEN + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + S3ConnectorOperator: + type: string + enum: + - PROJECTION + - LESS_THAN + - GREATER_THAN + - BETWEEN + - LESS_THAN_OR_EQUAL_TO + - GREATER_THAN_OR_EQUAL_TO + - EQUAL_TO + - NOT_EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + SalesforceConnectorOperator: + type: string + enum: + - PROJECTION + - LESS_THAN + - GREATER_THAN + - CONTAINS + - BETWEEN + - LESS_THAN_OR_EQUAL_TO + - GREATER_THAN_OR_EQUAL_TO + - EQUAL_TO + - NOT_EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + ServiceNowConnectorOperator: + type: string + enum: + - PROJECTION + - LESS_THAN + - GREATER_THAN + - CONTAINS + - BETWEEN + - LESS_THAN_OR_EQUAL_TO + - GREATER_THAN_OR_EQUAL_TO + - EQUAL_TO + - NOT_EQUAL_TO + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + ZendeskConnectorOperator: + type: string + enum: + - PROJECTION + - GREATER_THAN + - ADDITION + - MULTIPLICATION + - DIVISION + - SUBTRACTION + - MASK_ALL + - MASK_FIRST_N + - MASK_LAST_N + - VALIDATE_NON_NULL + - VALIDATE_NON_ZERO + - VALIDATE_NON_NEGATIVE + - VALIDATE_NUMERIC + - NO_OP + OperatorPropertiesKeys: + type: string + enum: + - VALUE + - VALUES + - DATA_TYPE + - UPPER_BOUND + - LOWER_BOUND + - SOURCE_DATA_TYPE + - DESTINATION_DATA_TYPE + - VALIDATION_ACTION + - MASK_VALUE + - MASK_LENGTH + - TRUNCATE_LENGTH + - MATH_OPERATION_FIELDS_ORDER + - CONCAT_FORMAT + - SUBFIELD_CATEGORY_MAP + DestinationField: + type: string + maxLength: 256 + pattern: .* + TaskType: + type: string + enum: + - Arithmetic + - Filter + - Map + - Mask + - Merge + - Truncate + - Validate + TaskPropertiesMap: + type: object + properties: + OperatorPropertyKey: + $ref: '#/components/schemas/OperatorPropertiesKeys' + Property: + type: string + maxLength: 2048 + pattern: .+ + required: + - OperatorPropertyKey + - Property + additionalProperties: false + Task: + type: object + properties: + ConnectorOperator: + $ref: '#/components/schemas/ConnectorOperator' + SourceFields: + type: array + items: + type: string + maxLength: 2048 + pattern: .* + DestinationField: + $ref: '#/components/schemas/DestinationField' + TaskType: + $ref: '#/components/schemas/TaskType' + TaskProperties: + type: array + items: + $ref: '#/components/schemas/TaskPropertiesMap' + required: + - SourceFields + - TaskType + additionalProperties: false + TriggerType: + type: string + enum: + - Scheduled + - Event + - OnDemand + Date: + type: number + ScheduledTriggerProperties: + type: object + properties: + ScheduleExpression: + type: string + maxLength: 256 + pattern: .* + DataPullMode: + type: string + enum: + - Incremental + - Complete + ScheduleStartTime: + $ref: '#/components/schemas/Date' + ScheduleEndTime: + $ref: '#/components/schemas/Date' + Timezone: + type: string + maxLength: 256 + pattern: .* + ScheduleOffset: + type: integer + minimum: 0 + maximum: 36000 + FirstExecutionFrom: + $ref: '#/components/schemas/Date' + required: + - ScheduleExpression + additionalProperties: false + TriggerProperties: + type: object + properties: + Scheduled: + $ref: '#/components/schemas/ScheduledTriggerProperties' + additionalProperties: false + TriggerConfig: + type: object + properties: + TriggerType: + $ref: '#/components/schemas/TriggerType' + TriggerProperties: + $ref: '#/components/schemas/TriggerProperties' + required: + - TriggerType + additionalProperties: false + FlowDefinition: + type: object + properties: + FlowName: + type: string + pattern: '[a-zA-Z0-9][\w!@#.-]+' + maxLength: 256 + Description: + type: string + pattern: '[\w!@#\-.?,\s]*' + maxLength: 2048 + KmsArn: + type: string + pattern: arn:aws:kms:.*:[0-9]+:.* + minLength: 20 + maxLength: 2048 + Tasks: + type: array + items: + $ref: '#/components/schemas/Task' + TriggerConfig: + $ref: '#/components/schemas/TriggerConfig' + SourceFlowConfig: + $ref: '#/components/schemas/SourceFlowConfig' + required: + - FlowName + - KmsArn + - Tasks + - TriggerConfig + - SourceFlowConfig + additionalProperties: false + ObjectTypeMapping: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 255 + Value: + type: string + pattern: ^[a-zA-Z_][a-zA-Z_0-9-]*$ + minLength: 1 + maxLength: 255 + additionalProperties: false + required: + - Key + - Value + Integration: + type: object + properties: + DomainName: + description: The unique name of the domain. + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + Uri: + description: The URI of the S3 bucket or any other type of data source. + type: string + minLength: 1 + maxLength: 255 + FlowDefinition: + $ref: '#/components/schemas/FlowDefinition' + ObjectTypeName: + description: The name of the ObjectType defined for the 3rd party data in Profile Service + type: string + pattern: ^[a-zA-Z_][a-zA-Z_0-9-]*$ + minLength: 1 + maxLength: 255 + CreatedAt: + description: The time of this integration got created + type: string + LastUpdatedAt: + description: The time of this integration got last updated at + type: string + Tags: + description: The tags (keys and values) associated with the integration + type: array + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + ObjectTypeNames: + description: The mapping between 3rd party event types and ObjectType names + type: array + items: + $ref: '#/components/schemas/ObjectTypeMapping' + required: + - DomainName + x-stackql-resource-name: integration + description: The resource schema for creating an Amazon Connect Customer Profiles Integration. + x-type-name: AWS::CustomerProfiles::Integration + x-stackql-primary-identifier: + - DomainName + - Uri + x-create-only-properties: + - DomainName + - Uri + x-write-only-properties: + - FlowDefinition + x-read-only-properties: + - LastUpdatedAt + - CreatedAt + x-required-properties: + - DomainName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - profile:GetIntegration + - profile:PutIntegration + - appflow:CreateFlow + - app-integrations:CreateEventIntegrationAssociation + - app-integrations:GetEventIntegration + - events:ListTargetsByRule + - events:PutRule + - events:PutTargets + - events:PutEvents + - profile:TagResource + read: + - profile:GetIntegration + delete: + - profile:DeleteIntegration + - appflow:DeleteFlow + - app-integrations:ListEventIntegrationAssociations + - app-integrations:DeleteEventIntegrationAssociation + - events:RemoveTargets + - events:ListTargetsByRule + - events:DeleteRule + update: + - profile:PutIntegration + - profile:GetIntegration + - appflow:CreateFlow + - app-integrations:GetEventIntegration + - app-integrations:CreateEventIntegrationAssociation + - app-integrations:ListEventIntegrationAssociations + - app-integrations:DeleteEventIntegrationAssociation + - events:ListTargetsByRule + - events:RemoveTargets + - events:DeleteRule + - events:PutRule + - events:PutTargets + - events:PutEvents + - profile:UntagResource + - profile:TagResource + list: + - profile:ListIntegrations + FieldMap: + type: object + properties: + Name: + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + ObjectTypeField: + $ref: '#/components/schemas/ObjectTypeField' + additionalProperties: false + ObjectTypeField: + description: Represents a field in a ProfileObjectType. + type: object + properties: + Source: + description: 'A field of a ProfileObject. For example: _source.FirstName, where "_source" is a ProfileObjectType of a Zendesk user and "FirstName" is a field in that ObjectType.' + type: string + minLength: 1 + maxLength: 1000 + Target: + description: 'The location of the data in the standard ProfileObject model. For example: _profile.Address.PostalCode.' + type: string + minLength: 1 + maxLength: 1000 + ContentType: + description: The content type of the field. Used for determining equality when searching. + type: string + enum: + - STRING + - NUMBER + - PHONE_NUMBER + - EMAIL_ADDRESS + - NAME + additionalProperties: false + KeyMap: + type: object + properties: + Name: + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + ObjectTypeKeyList: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ObjectTypeKey' + additionalProperties: false + ObjectTypeKey: + description: An object that defines the Key element of a ProfileObject. A Key is a special element that can be used to search for a customer profile. + type: object + properties: + FieldNames: + description: 'The reference for the key name of the fields map. ' + type: array + items: + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + StandardIdentifiers: + description: >- + The types of keys that a ProfileObject can have. Each ProfileObject can have only 1 UNIQUE key but multiple PROFILE keys. PROFILE means that this key can be used to tie an object to a PROFILE. UNIQUE means that it can be used to uniquely identify an object. If a key a is marked as SECONDARY, it will be used to search for profiles after all other PROFILE keys have been searched. A LOOKUP_ONLY key is only used to match a profile but is not persisted to be used for searching of the + profile. A NEW_ONLY key is only used if the profile does not already exist before the object is ingested, otherwise it is only used for matching objects to profiles. + type: array + items: + type: string + enum: + - PROFILE + - UNIQUE + - SECONDARY + - LOOKUP_ONLY + - NEW_ONLY + - ASSET + - CASE + - ORDER + additionalProperties: false + ObjectType: + type: object + properties: + DomainName: + description: The unique name of the domain. + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + ObjectTypeName: + description: The name of the profile object type. + type: string + pattern: ^[a-zA-Z_][a-zA-Z_0-9-]*$ + minLength: 1 + maxLength: 255 + AllowProfileCreation: + description: Indicates whether a profile should be created when data is received. + type: boolean + Description: + description: Description of the profile object type. + type: string + minLength: 1 + maxLength: 1000 + EncryptionKey: + description: The default encryption key + type: string + minLength: 0 + maxLength: 255 + ExpirationDays: + description: The default number of days until the data within the domain expires. + type: integer + minimum: 1 + maximum: 1098 + Fields: + description: A list of the name and ObjectType field. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/FieldMap' + Keys: + description: A list of unique keys that can be used to map data to the profile. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/KeyMap' + CreatedAt: + description: The time of this integration got created. + type: string + LastUpdatedAt: + description: The time of this integration got last updated at. + type: string + SourceLastUpdatedTimestampFormat: + description: The format of your sourceLastUpdatedTimestamp that was previously set up. + type: string + minLength: 1 + maxLength: 255 + Tags: + description: The tags (keys and values) associated with the integration. + type: array + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + TemplateId: + description: A unique identifier for the object template. + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + required: + - DomainName + - ObjectTypeName + - Description + x-stackql-resource-name: object_type + description: An ObjectType resource of Amazon Connect Customer Profiles + x-type-name: AWS::CustomerProfiles::ObjectType + x-stackql-primary-identifier: + - DomainName + - ObjectTypeName + x-create-only-properties: + - DomainName + - ObjectTypeName + x-read-only-properties: + - LastUpdatedAt + - CreatedAt + x-required-properties: + - DomainName + - ObjectTypeName + - Description + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - profile:GetProfileObjectType + - profile:PutProfileObjectType + - profile:TagResource + read: + - profile:GetProfileObjectType + update: + - profile:GetProfileObjectType + - profile:PutProfileObjectType + - profile:UntagResource + - profile:TagResource + delete: + - profile:DeleteProfileObjectType + list: + - profile:ListProfileObjectTypes + x-stackQL-resources: + calculated_attribute_definitions: + name: calculated_attribute_definitions + id: aws.customerprofiles.calculated_attribute_definitions + x-cfn-schema-name: CalculatedAttributeDefinition + x-type: list + x-identifiers: + - DomainName + - CalculatedAttributeName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.CalculatedAttributeName') as calculated_attribute_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CustomerProfiles::CalculatedAttributeDefinition' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'CalculatedAttributeName') as calculated_attribute_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CustomerProfiles::CalculatedAttributeDefinition' + AND region = 'us-east-1' + calculated_attribute_definition: + name: calculated_attribute_definition + id: aws.customerprofiles.calculated_attribute_definition + x-cfn-schema-name: CalculatedAttributeDefinition + x-type: get + x-identifiers: + - DomainName + - CalculatedAttributeName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.CalculatedAttributeName') as calculated_attribute_name, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.AttributeDetails') as attribute_details, + JSON_EXTRACT(Properties, '$.Conditions') as conditions, + JSON_EXTRACT(Properties, '$.Statistic') as statistic, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::CalculatedAttributeDefinition' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'CalculatedAttributeName') as calculated_attribute_name, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'AttributeDetails') as attribute_details, + json_extract_path_text(Properties, 'Conditions') as conditions, + json_extract_path_text(Properties, 'Statistic') as statistic, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::CalculatedAttributeDefinition' + AND data__Identifier = '|' + AND region = 'us-east-1' + domains: + name: domains + id: aws.customerprofiles.domains + x-cfn-schema-name: Domain + x-type: list + x-identifiers: + - DomainName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CustomerProfiles::Domain' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainName') as domain_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CustomerProfiles::Domain' + AND region = 'us-east-1' + domain: + name: domain + id: aws.customerprofiles.domain + x-cfn-schema-name: Domain + x-type: get + x-identifiers: + - DomainName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.DeadLetterQueueUrl') as dead_letter_queue_url, + JSON_EXTRACT(Properties, '$.DefaultEncryptionKey') as default_encryption_key, + JSON_EXTRACT(Properties, '$.DefaultExpirationDays') as default_expiration_days, + JSON_EXTRACT(Properties, '$.Matching') as matching, + JSON_EXTRACT(Properties, '$.RuleBasedMatching') as rule_based_matching, + JSON_EXTRACT(Properties, '$.Stats') as stats, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.LastUpdatedAt') as last_updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::Domain' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'DeadLetterQueueUrl') as dead_letter_queue_url, + json_extract_path_text(Properties, 'DefaultEncryptionKey') as default_encryption_key, + json_extract_path_text(Properties, 'DefaultExpirationDays') as default_expiration_days, + json_extract_path_text(Properties, 'Matching') as matching, + json_extract_path_text(Properties, 'RuleBasedMatching') as rule_based_matching, + json_extract_path_text(Properties, 'Stats') as stats, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'LastUpdatedAt') as last_updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::Domain' + AND data__Identifier = '' + AND region = 'us-east-1' + event_streams: + name: event_streams + id: aws.customerprofiles.event_streams + x-cfn-schema-name: EventStream + x-type: list + x-identifiers: + - DomainName + - EventStreamName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.EventStreamName') as event_stream_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CustomerProfiles::EventStream' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'EventStreamName') as event_stream_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CustomerProfiles::EventStream' + AND region = 'us-east-1' + event_stream: + name: event_stream + id: aws.customerprofiles.event_stream + x-cfn-schema-name: EventStream + x-type: get + x-identifiers: + - DomainName + - EventStreamName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.EventStreamName') as event_stream_name, + JSON_EXTRACT(Properties, '$.Uri') as uri, + JSON_EXTRACT(Properties, '$.EventStreamArn') as event_stream_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.DestinationDetails') as destination_details + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::EventStream' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'EventStreamName') as event_stream_name, + json_extract_path_text(Properties, 'Uri') as uri, + json_extract_path_text(Properties, 'EventStreamArn') as event_stream_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'DestinationDetails') as destination_details + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::EventStream' + AND data__Identifier = '|' + AND region = 'us-east-1' + integrations: + name: integrations + id: aws.customerprofiles.integrations + x-cfn-schema-name: Integration + x-type: list + x-identifiers: + - DomainName + - Uri + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.Uri') as uri + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CustomerProfiles::Integration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'Uri') as uri + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CustomerProfiles::Integration' + AND region = 'us-east-1' + integration: + name: integration + id: aws.customerprofiles.integration + x-cfn-schema-name: Integration + x-type: get + x-identifiers: + - DomainName + - Uri + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.Uri') as uri, + JSON_EXTRACT(Properties, '$.FlowDefinition') as flow_definition, + JSON_EXTRACT(Properties, '$.ObjectTypeName') as object_type_name, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ObjectTypeNames') as object_type_names + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::Integration' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'Uri') as uri, + json_extract_path_text(Properties, 'FlowDefinition') as flow_definition, + json_extract_path_text(Properties, 'ObjectTypeName') as object_type_name, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ObjectTypeNames') as object_type_names + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::Integration' + AND data__Identifier = '|' + AND region = 'us-east-1' + object_types: + name: object_types + id: aws.customerprofiles.object_types + x-cfn-schema-name: ObjectType + x-type: list + x-identifiers: + - DomainName + - ObjectTypeName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.ObjectTypeName') as object_type_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CustomerProfiles::ObjectType' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'ObjectTypeName') as object_type_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CustomerProfiles::ObjectType' + AND region = 'us-east-1' + object_type: + name: object_type + id: aws.customerprofiles.object_type + x-cfn-schema-name: ObjectType + x-type: get + x-identifiers: + - DomainName + - ObjectTypeName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.ObjectTypeName') as object_type_name, + JSON_EXTRACT(Properties, '$.AllowProfileCreation') as allow_profile_creation, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EncryptionKey') as encryption_key, + JSON_EXTRACT(Properties, '$.ExpirationDays') as expiration_days, + JSON_EXTRACT(Properties, '$.Fields') as fields, + JSON_EXTRACT(Properties, '$.Keys') as keys, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(Properties, '$.SourceLastUpdatedTimestampFormat') as source_last_updated_timestamp_format, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TemplateId') as template_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::ObjectType' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'ObjectTypeName') as object_type_name, + json_extract_path_text(Properties, 'AllowProfileCreation') as allow_profile_creation, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EncryptionKey') as encryption_key, + json_extract_path_text(Properties, 'ExpirationDays') as expiration_days, + json_extract_path_text(Properties, 'Fields') as fields, + json_extract_path_text(Properties, 'Keys') as keys, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(Properties, 'SourceLastUpdatedTimestampFormat') as source_last_updated_timestamp_format, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TemplateId') as template_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::ObjectType' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/databrew.yaml b/providers/src/aws/v00.00.00000/services/databrew.yaml new file mode 100644 index 00000000..492d272d --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/databrew.yaml @@ -0,0 +1,1815 @@ +openapi: 3.0.0 +info: + title: DataBrew + version: 1.0.0 +paths: {} +components: + schemas: + JsonOptions: + description: Json options + type: object + properties: + MultiLine: + type: boolean + additionalProperties: false + ExcelOptions: + type: object + properties: + SheetNames: + type: array + x-insertionOrder: true + items: + type: string + minItems: 1 + maxItems: 1 + SheetIndexes: + type: array + x-insertionOrder: true + items: + type: integer + minItems: 1 + maxItems: 1 + HeaderRow: + type: boolean + oneOf: + - required: + - SheetNames + - required: + - SheetIndexes + additionalProperties: false + CsvOptions: + description: Csv options + type: object + properties: + Delimiter: + type: string + minLength: 1 + maxLength: 1 + HeaderRow: + type: boolean + additionalProperties: false + FormatOptions: + description: Format options for dataset + type: object + properties: + Json: + $ref: '#/components/schemas/JsonOptions' + Excel: + $ref: '#/components/schemas/ExcelOptions' + Csv: + $ref: '#/components/schemas/CsvOptions' + additionalProperties: false + Input: + description: Input + type: object + properties: + S3InputDefinition: + $ref: '#/components/schemas/S3Location' + DataCatalogInputDefinition: + $ref: '#/components/schemas/DataCatalogInputDefinition' + DatabaseInputDefinition: + $ref: '#/components/schemas/DatabaseInputDefinition' + Metadata: + $ref: '#/components/schemas/Metadata' + additionalProperties: false + S3Location: + description: Input location + type: object + properties: + Bucket: + type: string + Key: + type: string + additionalProperties: false + required: + - Bucket + DataCatalogInputDefinition: + type: object + properties: + CatalogId: + description: Catalog id + type: string + DatabaseName: + description: Database name + type: string + TableName: + description: Table name + type: string + TempDirectory: + $ref: '#/components/schemas/S3Location' + additionalProperties: false + DatabaseInputDefinition: + type: object + properties: + GlueConnectionName: + description: Glue connection name + type: string + DatabaseTableName: + description: Database table name + type: string + TempDirectory: + $ref: '#/components/schemas/S3Location' + QueryString: + description: Custom SQL to run against the provided AWS Glue connection. This SQL will be used as the input for DataBrew projects and jobs. + type: string + additionalProperties: false + required: + - GlueConnectionName + Metadata: + type: object + properties: + SourceArn: + description: 'Arn of the source of the dataset. For e.g.: AppFlow Flow ARN.' + type: string + additionalProperties: false + PathOptions: + description: Path options for dataset + type: object + properties: + FilesLimit: + $ref: '#/components/schemas/FilesLimit' + LastModifiedDateCondition: + $ref: '#/components/schemas/FilterExpression' + Parameters: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/PathParameter' + additionalProperties: false + FilesLimit: + type: object + properties: + MaxFiles: + description: Maximum number of files + type: integer + OrderedBy: + description: Ordered by + enum: + - LAST_MODIFIED_DATE + type: string + Order: + description: Order + enum: + - ASCENDING + - DESCENDING + type: string + additionalProperties: false + required: + - MaxFiles + PathParameter: + description: A key-value pair to associate dataset parameter name with its definition. + type: object + properties: + PathParameterName: + $ref: '#/components/schemas/PathParameterName' + DatasetParameter: + $ref: '#/components/schemas/DatasetParameter' + additionalProperties: false + required: + - PathParameterName + - DatasetParameter + PathParameterName: + description: Parameter name + type: string + minLength: 1 + maxLength: 255 + DatasetParameter: + type: object + properties: + Name: + $ref: '#/components/schemas/PathParameterName' + Type: + description: Parameter type + enum: + - String + - Number + - Datetime + type: string + DatetimeOptions: + $ref: '#/components/schemas/DatetimeOptions' + CreateColumn: + description: Add the value of this parameter as a column in a dataset. + type: boolean + Filter: + $ref: '#/components/schemas/FilterExpression' + additionalProperties: false + required: + - Name + - Type + DatetimeOptions: + type: object + properties: + Format: + description: Date/time format of a date parameter + type: string + minLength: 2 + maxLength: 100 + TimezoneOffset: + description: Timezone offset + type: string + minLength: 1 + maxLength: 6 + pattern: ^(Z|[-+](\d|\d{2}|\d{2}:?\d{2}))$ + LocaleCode: + description: Locale code for a date parameter + type: string + minLength: 2 + maxLength: 100 + pattern: ^[A-Za-z0-9_\.#@\-]+$ + additionalProperties: false + required: + - Format + FilterExpression: + type: object + properties: + Expression: + description: Filtering expression for a parameter + type: string + minLength: 4 + maxLength: 1024 + pattern: ^[><0-9A-Za-z_.,:)(!= ]+$ + ValuesMap: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/FilterValue' + additionalProperties: false + required: + - Expression + - ValuesMap + FilterValue: + description: A key-value pair to associate expression variable names with their values + type: object + properties: + ValueReference: + description: Variable name + type: string + minLength: 2 + maxLength: 128 + pattern: ^:[A-Za-z0-9_]+$ + Value: + type: string + minLength: 0 + maxLength: 1024 + additionalProperties: false + required: + - ValueReference + - Value + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 0 + maxLength: 256 + additionalProperties: false + required: + - Value + - Key + Dataset: + type: object + properties: + Name: + description: Dataset name + type: string + minLength: 1 + maxLength: 255 + Format: + description: Dataset format + enum: + - CSV + - JSON + - PARQUET + - EXCEL + - ORC + type: string + FormatOptions: + description: Format options for dataset + $ref: '#/components/schemas/FormatOptions' + Input: + description: Input + $ref: '#/components/schemas/Input' + PathOptions: + description: PathOptions + $ref: '#/components/schemas/PathOptions' + Tags: + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - Input + x-stackql-resource-name: dataset + description: Resource schema for AWS::DataBrew::Dataset. + x-type-name: AWS::DataBrew::Dataset + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - Tags + x-required-properties: + - Name + - Input + x-taggable: true + x-required-permissions: + create: + - databrew:CreateDataset + - databrew:TagResource + - databrew:UntagResource + - glue:GetConnection + - glue:GetTable + - iam:PassRole + read: + - databrew:DescribeDataset + - databrew:ListTagsForResource + - iam:ListRoles + update: + - databrew:UpdateDataset + - glue:GetConnection + - glue:GetTable + delete: + - databrew:DeleteDataset + list: + - databrew:ListDatasets + - databrew:ListTagsForResource + - iam:ListRoles + CsvOutputOptions: + description: Output Csv options + type: object + properties: + Delimiter: + type: string + minLength: 1 + maxLength: 1 + additionalProperties: false + OutputFormatOptions: + description: Format options for job Output + type: object + properties: + Csv: + $ref: '#/components/schemas/CsvOutputOptions' + additionalProperties: false + OutputLocation: + description: Output location + type: object + properties: + Bucket: + type: string + Key: + type: string + BucketOwner: + type: string + minLength: 12 + maxLength: 12 + additionalProperties: false + required: + - Bucket + Output: + type: object + properties: + CompressionFormat: + enum: + - GZIP + - LZ4 + - SNAPPY + - BZIP2 + - DEFLATE + - LZO + - BROTLI + - ZSTD + - ZLIB + type: string + Format: + enum: + - CSV + - JSON + - PARQUET + - GLUEPARQUET + - AVRO + - ORC + - XML + - TABLEAUHYPER + type: string + FormatOptions: + $ref: '#/components/schemas/OutputFormatOptions' + PartitionColumns: + type: array + x-insertionOrder: true + uniqueItems: true + items: + type: string + Location: + $ref: '#/components/schemas/S3Location' + Overwrite: + type: boolean + MaxOutputFiles: + type: integer + minimum: 1 + maximum: 999 + additionalProperties: false + required: + - Location + DataCatalogOutput: + type: object + properties: + CatalogId: + type: string + minLength: 1 + maxLength: 255 + DatabaseName: + type: string + minLength: 1 + maxLength: 255 + TableName: + type: string + minLength: 1 + maxLength: 255 + S3Options: + $ref: '#/components/schemas/S3TableOutputOptions' + DatabaseOptions: + $ref: '#/components/schemas/DatabaseTableOutputOptions' + Overwrite: + type: boolean + additionalProperties: false + required: + - DatabaseName + - TableName + S3TableOutputOptions: + type: object + properties: + Location: + $ref: '#/components/schemas/S3Location' + additionalProperties: false + required: + - Location + DatabaseTableOutputOptions: + type: object + properties: + TempDirectory: + $ref: '#/components/schemas/S3Location' + TableName: + type: string + minLength: 1 + maxLength: 255 + additionalProperties: false + required: + - TableName + DatabaseOutput: + type: object + properties: + GlueConnectionName: + description: Glue connection name + type: string + DatabaseOutputMode: + description: Database table name + enum: + - NEW_TABLE + type: string + DatabaseOptions: + $ref: '#/components/schemas/DatabaseTableOutputOptions' + additionalProperties: false + required: + - GlueConnectionName + - DatabaseOptions + Recipe: + type: object + properties: + Description: + description: Description of the recipe + minLength: 0 + maxLength: 1024 + type: string + Name: + description: Recipe name + type: string + minLength: 1 + maxLength: 255 + Steps: + type: array + x-insertionOrder: true + items: + type: object + $ref: '#/components/schemas/RecipeStep' + Tags: + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - Steps + x-stackql-resource-name: recipe + description: Resource schema for AWS::DataBrew::Recipe. + x-type-name: AWS::DataBrew::Recipe + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - Tags + x-required-properties: + - Name + - Steps + x-taggable: true + x-required-permissions: + create: + - databrew:CreateRecipe + - databrew:TagResource + - databrew:UntagResource + - iam:PassRole + read: + - databrew:DescribeRecipe + - databrew:ListTagsForResource + - iam:ListRoles + delete: + - databrew:DeleteRecipeVersion + list: + - databrew:ListRecipes + - databrew:ListTagsForResource + - iam:ListRoles + update: + - databrew:UpdateRecipe + SampleMode: + description: Sample configuration mode for profile jobs. + enum: + - FULL_DATASET + - CUSTOM_ROWS + type: string + JobSize: + description: Sample configuration size for profile jobs. + format: int64 + type: integer + JobSample: + description: Job Sample + type: object + properties: + Mode: + $ref: '#/components/schemas/SampleMode' + Size: + $ref: '#/components/schemas/JobSize' + additionalProperties: false + ProfileConfiguration: + type: object + properties: + DatasetStatisticsConfiguration: + $ref: '#/components/schemas/StatisticsConfiguration' + ProfileColumns: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/ColumnSelector' + minItems: 1 + ColumnStatisticsConfigurations: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/ColumnStatisticsConfiguration' + minItems: 1 + EntityDetectorConfiguration: + $ref: '#/components/schemas/EntityDetectorConfiguration' + additionalProperties: false + EntityDetectorConfiguration: + type: object + additionalProperties: false + required: + - EntityTypes + properties: + EntityTypes: + type: array + x-insertionOrder: true + minItems: 1 + items: + type: string + minLength: 1 + maxLength: 128 + pattern: ^[A-Z_][A-Z\\d_]*$ + AllowedStatistics: + $ref: '#/components/schemas/AllowedStatistics' + AllowedStatistics: + type: object + additionalProperties: false + required: + - Statistics + properties: + Statistics: + type: array + x-insertionOrder: true + minItems: 1 + items: + $ref: '#/components/schemas/Statistic' + ColumnStatisticsConfiguration: + type: object + properties: + Selectors: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/ColumnSelector' + minItems: 1 + Statistics: + $ref: '#/components/schemas/StatisticsConfiguration' + required: + - Statistics + additionalProperties: false + StatisticsConfiguration: + type: object + properties: + IncludedStatistics: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/Statistic' + minItems: 1 + Overrides: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/StatisticOverride' + minItems: 1 + additionalProperties: false + ColumnSelector: + description: Selector of a column from a dataset for profile job configuration. One selector includes either a column name or a regular expression + type: object + properties: + Regex: + description: A regular expression for selecting a column from a dataset + type: string + minLength: 1 + maxLength: 255 + Name: + description: The name of a column from a dataset + type: string + minLength: 1 + maxLength: 255 + additionalProperties: false + Statistic: + type: string + minLength: 1 + maxLength: 128 + pattern: ^[A-Z\_]+$ + StatisticOverride: + type: object + properties: + Statistic: + $ref: '#/components/schemas/Statistic' + Parameters: + $ref: '#/components/schemas/ParameterMap' + required: + - Statistic + - Parameters + additionalProperties: false + ParameterMap: + type: object + additionalProperties: false + x-patternProperties: + ^[A-Za-z0-9]{1,128}$: + type: string + ValidationMode: + type: string + enum: + - CHECK_ALL + ValidationConfiguration: + description: Configuration to attach Rulesets to the job + type: object + additionalProperties: false + properties: + RulesetArn: + description: Arn of the Ruleset + type: string + minLength: 20 + maxLength: 2048 + ValidationMode: + $ref: '#/components/schemas/ValidationMode' + required: + - RulesetArn + Job: + type: object + properties: + DatasetName: + description: Dataset name + type: string + minLength: 1 + maxLength: 255 + EncryptionKeyArn: + description: Encryption Key Arn + type: string + minLength: 20 + maxLength: 2048 + EncryptionMode: + description: Encryption mode + enum: + - SSE-KMS + - SSE-S3 + type: string + Name: + description: Job name + type: string + minLength: 1 + maxLength: 255 + Type: + description: Job type + enum: + - PROFILE + - RECIPE + type: string + LogSubscription: + description: Log subscription + enum: + - ENABLE + - DISABLE + type: string + MaxCapacity: + description: Max capacity + type: integer + MaxRetries: + description: Max retries + type: integer + Outputs: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/Output' + DataCatalogOutputs: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/DataCatalogOutput' + DatabaseOutputs: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/DatabaseOutput' + OutputLocation: + description: Output location + $ref: '#/components/schemas/OutputLocation' + ProjectName: + description: Project name + type: string + minLength: 1 + maxLength: 255 + Recipe: + $ref: '#/components/schemas/Recipe' + RoleArn: + description: Role arn + type: string + Tags: + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + Timeout: + description: Timeout + type: integer + JobSample: + description: Job Sample + $ref: '#/components/schemas/JobSample' + ProfileConfiguration: + description: Profile Job configuration + $ref: '#/components/schemas/ProfileConfiguration' + ValidationConfigurations: + description: Data quality rules configuration + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/ValidationConfiguration' + required: + - Name + - RoleArn + - Type + x-stackql-resource-name: job + description: Resource schema for AWS::DataBrew::Job. + x-type-name: AWS::DataBrew::Job + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - Type + - Tags + x-required-properties: + - Name + - RoleArn + - Type + x-taggable: true + x-required-permissions: + create: + - databrew:CreateProfileJob + - databrew:CreateRecipeJob + - databrew:TagResource + - databrew:UntagResource + - iam:PassRole + read: + - databrew:DescribeJob + - databrew:ListTagsForResource + - iam:ListRoles + update: + - databrew:UpdateProfileJob + - databrew:UpdateRecipeJob + - iam:PassRole + delete: + - databrew:DeleteJob + list: + - databrew:ListJobs + - databrew:ListTagsForResource + - iam:ListRoles + Sample: + type: object + properties: + Size: + description: Sample size + minimum: 1 + type: integer + Type: + description: Sample type + enum: + - FIRST_N + - LAST_N + - RANDOM + type: string + additionalProperties: false + required: + - Type + Project: + type: object + properties: + DatasetName: + description: Dataset name + type: string + minLength: 1 + maxLength: 255 + Name: + description: Project name + type: string + minLength: 1 + maxLength: 255 + RecipeName: + description: Recipe name + type: string + minLength: 1 + maxLength: 255 + RoleArn: + description: Role arn + type: string + Sample: + description: Sample + $ref: '#/components/schemas/Sample' + Tags: + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + required: + - DatasetName + - Name + - RecipeName + - RoleArn + x-stackql-resource-name: project + description: Resource schema for AWS::DataBrew::Project. + x-type-name: AWS::DataBrew::Project + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - Tags + x-required-properties: + - DatasetName + - Name + - RecipeName + - RoleArn + x-taggable: true + x-required-permissions: + create: + - databrew:CreateProject + - databrew:TagResource + - databrew:UntagResource + - iam:PassRole + read: + - databrew:DescribeProject + - databrew:ListTagsForResource + - iam:ListRoles + update: + - databrew:UpdateProject + - iam:PassRole + delete: + - databrew:DeleteProject + list: + - databrew:ListProjects + - databrew:ListTagsForResource + - iam:ListRoles + SecondaryInput: + description: Secondary input + type: object + properties: + S3InputDefinition: + $ref: '#/components/schemas/S3Location' + DataCatalogInputDefinition: + $ref: '#/components/schemas/DataCatalogInputDefinition' + oneOf: + - required: + - S3InputDefinition + - required: + - DataCatalogInputDefinition + additionalProperties: false + RecipeStep: + type: object + properties: + Action: + $ref: '#/components/schemas/Action' + ConditionExpressions: + description: Condition expressions applied to the step action + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/ConditionExpression' + additionalProperties: false + required: + - Action + Action: + type: object + properties: + Operation: + description: Step action operation + type: string + Parameters: + anyOf: + - $ref: '#/components/schemas/RecipeParameters' + - $ref: '#/components/schemas/ParameterMap' + additionalProperties: false + required: + - Operation + ConditionExpression: + description: Condition expressions applied to the step action + type: object + properties: + Condition: + description: Input condition to be applied to the target column + type: string + Value: + description: Value of the condition + type: string + TargetColumn: + description: Name of the target column + type: string + additionalProperties: false + required: + - Condition + - TargetColumn + RecipeParameters: + additionalProperties: false + properties: + AggregateFunction: + type: string + Base: + type: string + CaseStatement: + type: string + CategoryMap: + type: string + CharsToRemove: + type: string + CollapseConsecutiveWhitespace: + type: string + ColumnDataType: + type: string + ColumnRange: + type: string + Count: + type: string + CustomCharacters: + type: string + CustomStopWords: + type: string + CustomValue: + type: string + DatasetsColumns: + type: string + DateAddValue: + type: string + DateTimeFormat: + type: string + DateTimeParameters: + type: string + DeleteOtherRows: + type: string + Delimiter: + type: string + EndPattern: + type: string + EndPosition: + type: string + EndValue: + type: string + ExpandContractions: + type: string + Exponent: + type: string + FalseString: + type: string + GroupByAggFunctionOptions: + type: string + GroupByColumns: + type: string + HiddenColumns: + type: string + IgnoreCase: + type: string + IncludeInSplit: + type: string + Interval: + type: string + IsText: + type: string + JoinKeys: + type: string + JoinType: + type: string + LeftColumns: + type: string + Limit: + type: string + LowerBound: + type: string + MapType: + type: string + ModeType: + type: string + MultiLine: + type: boolean + NumRows: + type: string + NumRowsAfter: + type: string + NumRowsBefore: + type: string + OrderByColumn: + type: string + OrderByColumns: + type: string + Other: + type: string + Pattern: + type: string + PatternOption1: + type: string + PatternOption2: + type: string + PatternOptions: + type: string + Period: + type: string + Position: + type: string + RemoveAllPunctuation: + type: string + RemoveAllQuotes: + type: string + RemoveAllWhitespace: + type: string + RemoveCustomCharacters: + type: string + RemoveCustomValue: + type: string + RemoveLeadingAndTrailingPunctuation: + type: string + RemoveLeadingAndTrailingQuotes: + type: string + RemoveLeadingAndTrailingWhitespace: + type: string + RemoveLetters: + type: string + RemoveNumbers: + type: string + RemoveSourceColumn: + type: string + RemoveSpecialCharacters: + type: string + RightColumns: + type: string + SampleSize: + type: string + SampleType: + type: string + SecondInput: + type: string + SecondaryInputs: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/SecondaryInput' + SourceColumn: + type: string + SourceColumn1: + type: string + SourceColumn2: + type: string + SourceColumns: + type: string + StartColumnIndex: + type: string + StartPattern: + type: string + StartPosition: + type: string + StartValue: + type: string + StemmingMode: + type: string + StepCount: + type: string + StepIndex: + type: string + StopWordsMode: + type: string + Strategy: + type: string + SheetNames: + type: array + x-insertionOrder: true + items: + type: string + minItems: 1 + maxItems: 1 + SheetIndexes: + type: array + x-insertionOrder: true + items: + type: integer + minItems: 1 + maxItems: 1 + TargetColumn: + type: string + TargetColumnNames: + type: string + TargetDateFormat: + type: string + TargetIndex: + type: string + TimeZone: + type: string + TokenizerPattern: + type: string + TrueString: + type: string + UdfLang: + type: string + Units: + type: string + UnpivotColumn: + type: string + UpperBound: + type: string + UseNewDataFrame: + type: string + Value: + type: string + Value1: + type: string + Value2: + type: string + ValueColumn: + type: string + ViewFrame: + type: string + Input: + description: Input + type: object + properties: + S3InputDefinition: + $ref: '#/components/schemas/S3Location' + DataCatalogInputDefinition: + $ref: '#/components/schemas/DataCatalogInputDefinition' + oneOf: + - required: + - S3InputDefinition + - required: + - DataCatalogInputDefinition + additionalProperties: false + Expression: + description: Expression with rule conditions + type: string + minLength: 4 + maxLength: 1024 + pattern: ^[><0-9A-Za-z_.,:)(!= ]+$ + SubstitutionValue: + description: A key-value pair to associate expression's substitution variable names with their values + type: object + properties: + ValueReference: + description: Variable name + type: string + minLength: 2 + maxLength: 128 + pattern: ^:[A-Za-z0-9_]+$ + Value: + description: Value or column name + type: string + minLength: 0 + maxLength: 1024 + additionalProperties: false + required: + - ValueReference + - Value + ValuesMap: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/SubstitutionValue' + ThresholdValue: + description: Threshold value for a rule + type: number + ThresholdType: + description: Threshold type for a rule + enum: + - GREATER_THAN_OR_EQUAL + - LESS_THAN_OR_EQUAL + - GREATER_THAN + - LESS_THAN + type: string + ThresholdUnit: + description: Threshold unit for a rule + enum: + - COUNT + - PERCENTAGE + type: string + Threshold: + type: object + properties: + Value: + $ref: '#/components/schemas/ThresholdValue' + Type: + $ref: '#/components/schemas/ThresholdType' + Unit: + $ref: '#/components/schemas/ThresholdUnit' + required: + - Value + additionalProperties: false + Disabled: + description: Boolean value to disable/enable a rule + type: boolean + Rule: + description: Data quality rule for a target resource (dataset) + type: object + properties: + Name: + description: Name of the rule + type: string + minLength: 1 + maxLength: 128 + Disabled: + $ref: '#/components/schemas/Disabled' + CheckExpression: + $ref: '#/components/schemas/Expression' + SubstitutionMap: + $ref: '#/components/schemas/ValuesMap' + Threshold: + $ref: '#/components/schemas/Threshold' + ColumnSelectors: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/ColumnSelector' + minItems: 1 + required: + - Name + - CheckExpression + additionalProperties: false + Ruleset: + type: object + properties: + Name: + description: Name of the Ruleset + type: string + minLength: 1 + maxLength: 255 + Description: + description: Description of the Ruleset + type: string + maxLength: 1024 + TargetArn: + description: Arn of the target resource (dataset) to apply the ruleset to + type: string + minLength: 20 + maxLength: 2048 + Rules: + description: List of the data quality rules in the ruleset + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/Rule' + minItems: 1 + Tags: + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - TargetArn + - Rules + x-stackql-resource-name: ruleset + description: Resource schema for AWS::DataBrew::Ruleset. + x-type-name: AWS::DataBrew::Ruleset + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - TargetArn + x-required-properties: + - Name + - TargetArn + - Rules + x-taggable: true + x-required-permissions: + create: + - databrew:CreateRuleset + - databrew:TagResource + - databrew:UntagResource + - iam:PassRole + read: + - databrew:DescribeRuleset + - databrew:ListTagsForResource + - iam:ListRoles + update: + - databrew:UpdateRuleset + delete: + - databrew:DeleteRuleset + list: + - databrew:ListRulesets + - databrew:ListTagsForResource + - iam:ListRoles + JobName: + description: Job name + type: string + minLength: 1 + maxLength: 255 + Schedule: + type: object + properties: + JobNames: + type: array + x-insertionOrder: true + uniqueItems: true + items: + $ref: '#/components/schemas/JobName' + CronExpression: + description: Schedule cron + type: string + minLength: 1 + maxLength: 512 + Name: + description: Schedule Name + type: string + minLength: 1 + maxLength: 255 + Tags: + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - CronExpression + x-stackql-resource-name: schedule + description: Resource schema for AWS::DataBrew::Schedule. + x-type-name: AWS::DataBrew::Schedule + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - Tags + x-required-properties: + - Name + - CronExpression + x-taggable: true + x-required-permissions: + create: + - databrew:CreateSchedule + - databrew:TagResource + - databrew:UntagResource + - iam:PassRole + read: + - databrew:DescribeSchedule + - databrew:ListTagsForResource + - iam:ListRoles + update: + - databrew:UpdateSchedule + delete: + - databrew:DeleteSchedule + list: + - databrew:ListSchedules + - databrew:ListTagsForResource + - iam:ListRoles + x-stackQL-resources: + datasets: + name: datasets + id: aws.databrew.datasets + x-cfn-schema-name: Dataset + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataBrew::Dataset' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataBrew::Dataset' + AND region = 'us-east-1' + dataset: + name: dataset + id: aws.databrew.dataset + x-cfn-schema-name: Dataset + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Format') as _format, + JSON_EXTRACT(Properties, '$.FormatOptions') as format_options, + JSON_EXTRACT(Properties, '$.Input') as input, + JSON_EXTRACT(Properties, '$.PathOptions') as path_options, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataBrew::Dataset' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Format') as _format, + json_extract_path_text(Properties, 'FormatOptions') as format_options, + json_extract_path_text(Properties, 'Input') as input, + json_extract_path_text(Properties, 'PathOptions') as path_options, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataBrew::Dataset' + AND data__Identifier = '' + AND region = 'us-east-1' + recipes: + name: recipes + id: aws.databrew.recipes + x-cfn-schema-name: Recipe + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataBrew::Recipe' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataBrew::Recipe' + AND region = 'us-east-1' + recipe: + name: recipe + id: aws.databrew.recipe + x-cfn-schema-name: Recipe + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Steps') as steps, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataBrew::Recipe' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Steps') as steps, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataBrew::Recipe' + AND data__Identifier = '' + AND region = 'us-east-1' + jobs: + name: jobs + id: aws.databrew.jobs + x-cfn-schema-name: Job + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataBrew::Job' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataBrew::Job' + AND region = 'us-east-1' + job: + name: job + id: aws.databrew.job + x-cfn-schema-name: Job + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DatasetName') as dataset_name, + JSON_EXTRACT(Properties, '$.EncryptionKeyArn') as encryption_key_arn, + JSON_EXTRACT(Properties, '$.EncryptionMode') as encryption_mode, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.LogSubscription') as log_subscription, + JSON_EXTRACT(Properties, '$.MaxCapacity') as max_capacity, + JSON_EXTRACT(Properties, '$.MaxRetries') as max_retries, + JSON_EXTRACT(Properties, '$.Outputs') as outputs, + JSON_EXTRACT(Properties, '$.DataCatalogOutputs') as data_catalog_outputs, + JSON_EXTRACT(Properties, '$.DatabaseOutputs') as database_outputs, + JSON_EXTRACT(Properties, '$.OutputLocation') as output_location, + JSON_EXTRACT(Properties, '$.ProjectName') as project_name, + JSON_EXTRACT(Properties, '$.Recipe') as recipe, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Timeout') as timeout, + JSON_EXTRACT(Properties, '$.JobSample') as job_sample, + JSON_EXTRACT(Properties, '$.ProfileConfiguration') as profile_configuration, + JSON_EXTRACT(Properties, '$.ValidationConfigurations') as validation_configurations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataBrew::Job' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DatasetName') as dataset_name, + json_extract_path_text(Properties, 'EncryptionKeyArn') as encryption_key_arn, + json_extract_path_text(Properties, 'EncryptionMode') as encryption_mode, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'LogSubscription') as log_subscription, + json_extract_path_text(Properties, 'MaxCapacity') as max_capacity, + json_extract_path_text(Properties, 'MaxRetries') as max_retries, + json_extract_path_text(Properties, 'Outputs') as outputs, + json_extract_path_text(Properties, 'DataCatalogOutputs') as data_catalog_outputs, + json_extract_path_text(Properties, 'DatabaseOutputs') as database_outputs, + json_extract_path_text(Properties, 'OutputLocation') as output_location, + json_extract_path_text(Properties, 'ProjectName') as project_name, + json_extract_path_text(Properties, 'Recipe') as recipe, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Timeout') as timeout, + json_extract_path_text(Properties, 'JobSample') as job_sample, + json_extract_path_text(Properties, 'ProfileConfiguration') as profile_configuration, + json_extract_path_text(Properties, 'ValidationConfigurations') as validation_configurations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataBrew::Job' + AND data__Identifier = '' + AND region = 'us-east-1' + projects: + name: projects + id: aws.databrew.projects + x-cfn-schema-name: Project + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataBrew::Project' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataBrew::Project' + AND region = 'us-east-1' + project: + name: project + id: aws.databrew.project + x-cfn-schema-name: Project + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DatasetName') as dataset_name, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RecipeName') as recipe_name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Sample') as sample, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataBrew::Project' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DatasetName') as dataset_name, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RecipeName') as recipe_name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Sample') as sample, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataBrew::Project' + AND data__Identifier = '' + AND region = 'us-east-1' + rulesets: + name: rulesets + id: aws.databrew.rulesets + x-cfn-schema-name: Ruleset + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataBrew::Ruleset' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataBrew::Ruleset' + AND region = 'us-east-1' + ruleset: + name: ruleset + id: aws.databrew.ruleset + x-cfn-schema-name: Ruleset + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.TargetArn') as target_arn, + JSON_EXTRACT(Properties, '$.Rules') as rules, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataBrew::Ruleset' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'TargetArn') as target_arn, + json_extract_path_text(Properties, 'Rules') as rules, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataBrew::Ruleset' + AND data__Identifier = '' + AND region = 'us-east-1' + schedules: + name: schedules + id: aws.databrew.schedules + x-cfn-schema-name: Schedule + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataBrew::Schedule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataBrew::Schedule' + AND region = 'us-east-1' + schedule: + name: schedule + id: aws.databrew.schedule + x-cfn-schema-name: Schedule + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.JobNames') as job_names, + JSON_EXTRACT(Properties, '$.CronExpression') as cron_expression, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataBrew::Schedule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'JobNames') as job_names, + json_extract_path_text(Properties, 'CronExpression') as cron_expression, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataBrew::Schedule' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/datapipeline.yaml b/providers/src/aws/v00.00.00000/services/datapipeline.yaml new file mode 100644 index 00000000..1ceea983 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/datapipeline.yaml @@ -0,0 +1,262 @@ +openapi: 3.0.0 +info: + title: DataPipeline + version: 1.0.0 +paths: {} +components: + schemas: + ParameterObject: + type: object + properties: + Attributes: + description: The attributes of the parameter object. + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ParameterAttribute' + Id: + description: The ID of the parameter object. + type: string + required: + - Attributes + - Id + additionalProperties: false + ParameterAttribute: + type: object + properties: + Key: + description: The field identifier. + type: string + StringValue: + description: The field value, expressed as a String. + type: string + required: + - Key + - StringValue + additionalProperties: false + ParameterValue: + type: object + properties: + Id: + description: The ID of the parameter value. + type: string + StringValue: + description: The field value, expressed as a String. + type: string + required: + - Id + - StringValue + additionalProperties: false + Field: + type: object + additionalProperties: false + properties: + Key: + description: Specifies the name of a field for a particular object. To view valid values for a particular field, see Pipeline Object Reference in the AWS Data Pipeline Developer Guide. + type: string + RefValue: + description: A field value that you specify as an identifier of another object in the same pipeline definition. + type: string + StringValue: + description: A field value that you specify as a string. To view valid values for a particular field, see Pipeline Object Reference in the AWS Data Pipeline Developer Guide. + type: string + required: + - Key + PipelineObject: + type: object + additionalProperties: false + properties: + Fields: + description: Key-value pairs that define the properties of the object. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Field' + Id: + description: The ID of the object. + type: string + Name: + description: The name of the object. + type: string + required: + - Fields + - Id + - Name + PipelineTag: + type: object + additionalProperties: false + properties: + Key: + description: The key name of a tag. + type: string + Value: + description: The value to associate with the key name. + type: string + required: + - Key + - Value + Pipeline: + type: object + properties: + Activate: + description: Indicates whether to validate and start the pipeline or stop an active pipeline. By default, the value is set to true. + type: boolean + Description: + description: A description of the pipeline. + type: string + Name: + description: The name of the pipeline. + type: string + ParameterObjects: + description: The parameter objects used with the pipeline. + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ParameterObject' + ParameterValues: + description: The parameter values used with the pipeline. + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ParameterValue' + PipelineObjects: + description: The objects that define the pipeline. These objects overwrite the existing pipeline definition. Not all objects, fields, and values can be updated. For information about restrictions, see Editing Your Pipeline in the AWS Data Pipeline Developer Guide. + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/PipelineObject' + PipelineTags: + description: A list of arbitrary tags (key-value pairs) to associate with the pipeline, which you can use to control permissions. For more information, see Controlling Access to Pipelines and Resources in the AWS Data Pipeline Developer Guide. + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/PipelineTag' + PipelineId: + type: string + required: + - Name + x-stackql-resource-name: pipeline + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::DataPipeline::Pipeline + x-stackql-primary-identifier: + - PipelineId + x-create-only-properties: + - Description + - Name + x-read-only-properties: + - PipelineId + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/PipelineTags + x-required-permissions: + create: + - datapipeline:CreatePipeline + - datapipeline:PutPipelineDefinition + - datapipeline:GetPipelineDefinition + - datapipeline:DescribePipelines + - datapipeline:ValidatePipelineDefinition + - datapipeline:ActivatePipeline + - datapipeline:AddTags + - iam:PassRole + read: + - datapipeline:GetPipelineDefinition + - datapipeline:DescribePipelines + update: + - datapipeline:PutPipelineDefinition + - datapipeline:AddTags + - datapipeline:RemoveTags + - datapipeline:DeactivatePipeline + - datapipeline:GetPipelineDefinition + - datapipeline:ActivatePipeline + - datapipeline:ValidatePipelineDefinition + - datapipeline:DescribePipelines + - datapipeline:AddTags + - datapipeline:RemoveTags + - iam:PassRole + delete: + - datapipeline:DeletePipeline + - datapipeline:DescribePipelines + - datapipeline:GetPipelineDefinition + - datapipeline:RemoveTags + list: + - datapipeline:ListPipelines + x-stackQL-resources: + pipelines: + name: pipelines + id: aws.datapipeline.pipelines + x-cfn-schema-name: Pipeline + x-type: list + x-identifiers: + - PipelineId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PipelineId') as pipeline_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataPipeline::Pipeline' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PipelineId') as pipeline_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataPipeline::Pipeline' + AND region = 'us-east-1' + pipeline: + name: pipeline + id: aws.datapipeline.pipeline + x-cfn-schema-name: Pipeline + x-type: get + x-identifiers: + - PipelineId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Activate') as activate, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ParameterObjects') as parameter_objects, + JSON_EXTRACT(Properties, '$.ParameterValues') as parameter_values, + JSON_EXTRACT(Properties, '$.PipelineObjects') as pipeline_objects, + JSON_EXTRACT(Properties, '$.PipelineTags') as pipeline_tags, + JSON_EXTRACT(Properties, '$.PipelineId') as pipeline_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataPipeline::Pipeline' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Activate') as activate, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ParameterObjects') as parameter_objects, + json_extract_path_text(Properties, 'ParameterValues') as parameter_values, + json_extract_path_text(Properties, 'PipelineObjects') as pipeline_objects, + json_extract_path_text(Properties, 'PipelineTags') as pipeline_tags, + json_extract_path_text(Properties, 'PipelineId') as pipeline_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataPipeline::Pipeline' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/datasync.yaml b/providers/src/aws/v00.00.00000/services/datasync.yaml new file mode 100644 index 00000000..493878ac --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/datasync.yaml @@ -0,0 +1,2899 @@ +openapi: 3.0.0 +info: + title: DataSync + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + additionalProperties: false + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: The key for an AWS resource tag. + pattern: ^[a-zA-Z0-9\s+=._:/-]+$ + maxLength: 256 + minLength: 1 + Value: + type: string + description: The value for an AWS resource tag. + pattern: ^[a-zA-Z0-9\s+=._:@/-]+$ + maxLength: 256 + minLength: 1 + required: + - Key + - Value + Agent: + type: object + properties: + AgentName: + description: The name configured for the agent. Text reference used to identify the agent in the console. + type: string + pattern: ^[a-zA-Z0-9\s+=._:@/-]+$ + maxLength: 256 + minLength: 1 + ActivationKey: + description: Activation key of the Agent. + type: string + pattern: '[A-Z0-9]{5}(-[A-Z0-9]{5}){4}' + maxLength: 29 + SecurityGroupArns: + description: The ARNs of the security group used to protect your data transfer task subnets. + type: array + x-insertionOrder: false + items: + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):ec2:[a-z\-0-9]*:[0-9]{12}:security-group/.*$ + maxLength: 128 + SubnetArns: + description: The ARNs of the subnets in which DataSync will create elastic network interfaces for each data transfer task. + type: array + x-insertionOrder: false + items: + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):ec2:[a-z\-0-9]*:[0-9]{12}:subnet/.*$ + maxLength: 128 + VpcEndpointId: + description: The ID of the VPC endpoint that the agent has access to. + type: string + pattern: ^vpce-[0-9a-f]{17}$ + EndpointType: + description: The service endpoints that the agent will connect to. + type: string + enum: + - FIPS + - PUBLIC + - PRIVATE_LINK + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + AgentArn: + description: The DataSync Agent ARN. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:agent/agent-[0-9a-z]{17}$ + maxLength: 128 + required: [] + x-stackql-resource-name: agent + description: Resource schema for AWS::DataSync::Agent. + x-type-name: AWS::DataSync::Agent + x-stackql-primary-identifier: + - AgentArn + x-create-only-properties: + - ActivationKey + - SecurityGroupArns + - SubnetArns + - VpcEndpointId + x-write-only-properties: + - ActivationKey + x-read-only-properties: + - AgentArn + - EndpointType + x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - datasync:CreateAgent + - datasync:TagResource + - datasync:DescribeAgent + - datasync:ListTagsForResource + - ec2:DescribeNetworkInterfaces + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcEndpoints + read: + - datasync:DescribeAgent + - datasync:ListTagsForResource + update: + - datasync:UpdateAgent + - datasync:DescribeAgent + - datasync:ListTagsForResource + - datasync:TagResource + - datasync:UntagResource + delete: + - datasync:DeleteAgent + list: + - datasync:ListAgents + AzureBlobSasConfiguration: + additionalProperties: false + description: Specifies the shared access signature (SAS) that DataSync uses to access your Azure Blob Storage container. + type: object + properties: + AzureBlobSasToken: + description: Specifies the shared access signature (SAS) token, which indicates the permissions DataSync needs to access your Azure Blob Storage container. + type: string + pattern: (^.+$) + minLength: 1 + maxLength: 255 + required: + - AzureBlobSasToken + LocationAzureBlob: + type: object + properties: + AgentArns: + description: The Amazon Resource Names (ARNs) of agents to use for an Azure Blob Location. + type: array + items: + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:agent/agent-[0-9a-z]{17}$ + maxLength: 128 + minItems: 1 + maxItems: 4 + x-insertionOrder: false + AzureBlobAuthenticationType: + description: The specific authentication type that you want DataSync to use to access your Azure Blob Container. + type: string + enum: + - SAS + default: SAS + AzureBlobSasConfiguration: + $ref: '#/components/schemas/AzureBlobSasConfiguration' + AzureBlobContainerUrl: + description: The URL of the Azure Blob container that was described. + type: string + pattern: ^https://[A-Za-z0-9]((.|-+)?[A-Za-z0-9]){0,252}/[a-z0-9](-?[a-z0-9]){2,62}$ + maxLength: 325 + AzureBlobType: + description: Specifies a blob type for the objects you're transferring into your Azure Blob Storage container. + type: string + enum: + - BLOCK + default: BLOCK + AzureAccessTier: + description: Specifies an access tier for the objects you're transferring into your Azure Blob Storage container. + type: string + enum: + - HOT + - COOL + - ARCHIVE + default: HOT + Subdirectory: + description: The subdirectory in the Azure Blob Container that is used to read data from the Azure Blob Source Location. + type: string + maxLength: 1024 + pattern: ^[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}\p{C}]*$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + LocationArn: + description: The Amazon Resource Name (ARN) of the Azure Blob Location that is created. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$ + maxLength: 128 + LocationUri: + description: The URL of the Azure Blob Location that was described. + type: string + pattern: ^(azure-blob)://[a-zA-Z0-9./\-]+$ + maxLength: 4356 + required: + - AzureBlobAuthenticationType + - AgentArns + x-stackql-resource-name: location_azure_blob + description: Resource schema for AWS::DataSync::LocationAzureBlob. + x-type-name: AWS::DataSync::LocationAzureBlob + x-stackql-primary-identifier: + - LocationArn + x-create-only-properties: + - AzureBlobContainerUrl + x-write-only-properties: + - Subdirectory + - AzureBlobSasConfiguration + - AzureBlobContainerUrl + x-read-only-properties: + - LocationArn + - LocationUri + x-required-properties: + - AzureBlobAuthenticationType + - AgentArns + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - datasync:CreateLocationAzureBlob + - datasync:DescribeLocationAzureBlob + - datasync:TagResource + - datasync:ListTagsForResource + read: + - datasync:DescribeLocationAzureBlob + - datasync:ListTagsForResource + update: + - datasync:DescribeLocationAzureBlob + - datasync:ListTagsForResource + - datasync:TagResource + - datasync:UntagResource + - datasync:UpdateLocationAzureBlob + delete: + - datasync:DeleteLocation + list: + - datasync:ListLocations + Ec2Config: + additionalProperties: false + description: The subnet and security group that DataSync uses to access target EFS file system. + type: object + properties: + SecurityGroupArns: + description: The Amazon Resource Names (ARNs) of the security groups that are configured for the Amazon EC2 resource. + type: array + items: + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):ec2:[a-z\-0-9]*:[0-9]{12}:security-group/.*$ + maxLength: 128 + minItems: 1 + maxItems: 5 + x-insertionOrder: false + SubnetArn: + description: The ARN of the subnet that DataSync uses to access the target EFS file system. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):ec2:[a-z\-0-9]*:[0-9]{12}:subnet/.*$ + maxLength: 128 + required: + - SecurityGroupArns + - SubnetArn + LocationEFS: + type: object + properties: + Ec2Config: + $ref: '#/components/schemas/Ec2Config' + EfsFilesystemArn: + description: The Amazon Resource Name (ARN) for the Amazon EFS file system. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):elasticfilesystem:[a-z\-0-9]*:[0-9]{12}:file-system/fs-.*$ + maxLength: 128 + AccessPointArn: + description: The Amazon Resource Name (ARN) for the Amazon EFS Access point that DataSync uses when accessing the EFS file system. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):elasticfilesystem:[a-z\-0-9]+:[0-9]{12}:access-point/fsap-[0-9a-f]{8,40}$ + maxLength: 128 + FileSystemAccessRoleArn: + description: The Amazon Resource Name (ARN) of the AWS IAM role that the DataSync will assume when mounting the EFS file system. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$ + maxLength: 128 + InTransitEncryption: + description: Protocol that is used for encrypting the traffic exchanged between the DataSync Agent and the EFS file system. + type: string + enum: + - NONE + - TLS1_2 + Subdirectory: + description: A subdirectory in the location's path. This subdirectory in the EFS file system is used to read data from the EFS source location or write data to the EFS destination. + type: string + maxLength: 4096 + pattern: ^[a-zA-Z0-9_\-\+\./\(\)\$\p{Zs}]+$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + LocationArn: + description: The Amazon Resource Name (ARN) of the Amazon EFS file system location that is created. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$ + maxLength: 128 + LocationUri: + description: The URL of the EFS location that was described. + type: string + pattern: ^(efs|nfs|s3|smb|fsxw)://[a-zA-Z0-9.\-/]+$ + maxLength: 4356 + required: + - Ec2Config + x-stackql-resource-name: location_efs + description: Resource schema for AWS::DataSync::LocationEFS. + x-type-name: AWS::DataSync::LocationEFS + x-stackql-primary-identifier: + - LocationArn + x-create-only-properties: + - Ec2Config + - EfsFilesystemArn + - Subdirectory + - FileSystemAccessRoleArn + - InTransitEncryption + - AccessPointArn + x-write-only-properties: + - EfsFilesystemArn + - Subdirectory + x-read-only-properties: + - LocationArn + - LocationUri + x-required-properties: + - Ec2Config + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - datasync:CreateLocationEfs + - datasync:DescribeLocationEfs + - datasync:ListTagsForResource + - datasync:TagResource + - elasticfilesystem:DescribeFileSystems + - elasticfilesystem:DescribeMountTargets + - elasticfilesystem:DescribeAccessPoints + - iam:PassRole + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + read: + - datasync:DescribeLocationEfs + - datasync:ListTagsForResource + update: + - datasync:DescribeLocationEfs + - datasync:ListTagsForResource + - datasync:TagResource + - datasync:UntagResource + delete: + - datasync:DeleteLocation + list: + - datasync:ListLocations + LocationFSxLustre: + type: object + properties: + FsxFilesystemArn: + description: The Amazon Resource Name (ARN) for the FSx for Lustre file system. + type: string + maxLength: 128 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):fsx:[a-z\-0-9]+:[0-9]{12}:file-system/fs-[0-9a-f]+$ + SecurityGroupArns: + description: The ARNs of the security groups that are to use to configure the FSx for Lustre file system. + type: array + items: + type: string + maxLength: 128 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):ec2:[a-z\-0-9]*:[0-9]{12}:security-group/sg-[a-f0-9]+$ + maxItems: 5 + minItems: 1 + x-insertionOrder: false + Subdirectory: + description: A subdirectory in the location's path. + type: string + maxLength: 4096 + pattern: ^[a-zA-Z0-9_\-\+\./\(\)\$\p{Zs}]+$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + minItems: 0 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + LocationArn: + description: The Amazon Resource Name (ARN) of the Amazon FSx for Lustre file system location that is created. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$ + maxLength: 128 + LocationUri: + description: The URL of the FSx for Lustre location that was described. + type: string + pattern: ^(efs|nfs|s3|smb|fsxw|hdfs|fsxl)://[a-zA-Z0-9.:/\-]+$ + maxLength: 4356 + required: + - SecurityGroupArns + x-stackql-resource-name: locationf_sx_lustre + description: Resource schema for AWS::DataSync::LocationFSxLustre. + x-type-name: AWS::DataSync::LocationFSxLustre + x-stackql-primary-identifier: + - LocationArn + x-create-only-properties: + - FsxFilesystemArn + - SecurityGroupArns + - Subdirectory + x-write-only-properties: + - Subdirectory + - FsxFilesystemArn + x-read-only-properties: + - LocationArn + - LocationUri + x-required-properties: + - SecurityGroupArns + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - datasync:CreateLocationFsxLustre + - datasync:DescribeLocationFsxLustre + - datasync:ListTagsForResource + - datasync:TagResource + - fsx:DescribeFileSystems + - ec2:DescribeNetworkInterfaces + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + read: + - datasync:DescribeLocationFsxLustre + - datasync:ListTagsForResource + update: + - datasync:DescribeLocationFsxLustre + - datasync:ListTagsForResource + - datasync:TagResource + - datasync:UntagResource + delete: + - datasync:DeleteLocation + list: + - datasync:ListLocations + Protocol: + additionalProperties: false + description: Configuration settings for an NFS or SMB protocol, currently only support NFS + type: object + properties: + NFS: + $ref: '#/components/schemas/NFS' + NFS: + additionalProperties: false + description: FSx OpenZFS file system NFS protocol information + type: object + properties: + MountOptions: + $ref: '#/components/schemas/MountOptions' + required: + - MountOptions + SMB: + additionalProperties: false + description: SMB protocol configuration for FSx ONTAP file system. + type: object + properties: + MountOptions: + $ref: '#/components/schemas/SmbMountOptions' + Domain: + description: The name of the Windows domain that the SMB server belongs to. + type: string + maxLength: 253 + pattern: ^([A-Za-z0-9]+[A-Za-z0-9-.]*)*[A-Za-z0-9-]*[A-Za-z0-9]$ + Password: + description: The password of the user who can mount the share and has the permissions to access files and folders in the SMB share. + type: string + maxLength: 104 + pattern: ^.{0,104}$ + User: + description: The user who can mount the share, has the permissions to access files and folders in the SMB share. + type: string + maxLength: 104 + pattern: ^[^\x5B\x5D\\/:;|=,+*?]{1,104}$ + required: + - User + - Password + - MountOptions + NfsMountOptions: + additionalProperties: false + description: The NFS mount options that DataSync can use to mount your NFS share. + type: object + properties: + Version: + description: The specific NFS version that you want DataSync to use to mount your NFS share. + type: string + enum: + - AUTOMATIC + - NFS3 + - NFS4_0 + - NFS4_1 + SmbMountOptions: + additionalProperties: false + description: The mount options used by DataSync to access the SMB server. + type: object + properties: + Version: + description: The specific SMB version that you want DataSync to use to mount your SMB share. + type: string + enum: + - AUTOMATIC + - SMB2 + - SMB3 + LocationFSxONTAP: + type: object + properties: + StorageVirtualMachineArn: + description: The Amazon Resource Name (ARN) for the FSx ONTAP SVM. + type: string + maxLength: 162 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):fsx:[a-z\-0-9]+:[0-9]{12}:storage-virtual-machine/fs-[0-9a-f]+/svm-[0-9a-f]{17,}$ + FsxFilesystemArn: + description: The Amazon Resource Name (ARN) for the FSx ONAP file system. + type: string + maxLength: 128 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):fsx:[a-z\-0-9]+:[0-9]{12}:file-system/fs-[0-9a-f]+$ + SecurityGroupArns: + description: The ARNs of the security groups that are to use to configure the FSx ONTAP file system. + type: array + items: + type: string + maxLength: 128 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):ec2:[a-z\-0-9]*:[0-9]{12}:security-group/sg-[a-f0-9]+$ + maxItems: 5 + minItems: 1 + x-insertionOrder: false + Protocol: + $ref: '#/components/schemas/Protocol' + Subdirectory: + description: A subdirectory in the location's path. + type: string + maxLength: 4096 + pattern: ^[a-zA-Z0-9_\-\+\./\(\)\$\p{Zs}]+$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + minItems: 0 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + LocationArn: + description: The Amazon Resource Name (ARN) of the Amazon FSx ONTAP file system location that is created. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$ + maxLength: 128 + LocationUri: + description: The URL of the FSx ONTAP file system that was described. + type: string + pattern: ^(efs|nfs|s3|smb|hdfs|fsx[a-z0-9-]+)://[a-zA-Z0-9.:/\-]+$ + maxLength: 4360 + required: + - SecurityGroupArns + - StorageVirtualMachineArn + x-stackql-resource-name: locationf_sx_ontap + description: Resource schema for AWS::DataSync::LocationFSxONTAP. + x-type-name: AWS::DataSync::LocationFSxONTAP + x-stackql-primary-identifier: + - LocationArn + x-create-only-properties: + - StorageVirtualMachineArn + - SecurityGroupArns + - Protocol + - Subdirectory + x-write-only-properties: + - Protocol + - Subdirectory + x-read-only-properties: + - LocationArn + - LocationUri + - FsxFilesystemArn + x-required-properties: + - SecurityGroupArns + - StorageVirtualMachineArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - datasync:CreateLocationFsxOntap + - datasync:DescribeLocationFsxOntap + - datasync:ListTagsForResource + - datasync:TagResource + - fsx:DescribeStorageVirtualMachines + - fsx:DescribeFileSystems + - ec2:DescribeNetworkInterfaces + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + read: + - datasync:DescribeLocationFsxOntap + - datasync:ListTagsForResource + update: + - datasync:DescribeLocationFsxOntap + - datasync:ListTagsForResource + - datasync:TagResource + - datasync:UntagResource + delete: + - datasync:DeleteLocation + list: + - datasync:ListLocations + MountOptions: + additionalProperties: false + description: The mount options used by DataSync to access the SMB server. + type: object + properties: + Version: + description: The specific SMB version that you want DataSync to use to mount your SMB share. + type: string + enum: + - AUTOMATIC + - SMB1 + - SMB2_0 + - SMB2 + - SMB3 + LocationFSxOpenZFS: + type: object + properties: + FsxFilesystemArn: + description: The Amazon Resource Name (ARN) for the FSx OpenZFS file system. + type: string + maxLength: 128 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):fsx:[a-z\-0-9]+:[0-9]{12}:file-system/fs-[0-9a-f]+$ + SecurityGroupArns: + description: The ARNs of the security groups that are to use to configure the FSx OpenZFS file system. + type: array + items: + type: string + maxLength: 128 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):ec2:[a-z\-0-9]*:[0-9]{12}:security-group/sg-[a-f0-9]+$ + maxItems: 5 + minItems: 1 + x-insertionOrder: false + Protocol: + $ref: '#/components/schemas/Protocol' + Subdirectory: + description: A subdirectory in the location's path. + type: string + maxLength: 4096 + pattern: ^[a-zA-Z0-9_\-\+\./\(\)\$\p{Zs}]+$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + minItems: 0 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + LocationArn: + description: The Amazon Resource Name (ARN) of the Amazon FSx OpenZFS file system location that is created. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$ + maxLength: 128 + LocationUri: + description: The URL of the FSx OpenZFS that was described. + type: string + pattern: ^(efs|nfs|s3|smb|fsxw|hdfs|fsxl|fsxz)://[a-zA-Z0-9.:/\-]+$ + maxLength: 4356 + required: + - SecurityGroupArns + - Protocol + x-stackql-resource-name: locationf_sx_open_zfs + description: Resource schema for AWS::DataSync::LocationFSxOpenZFS. + x-type-name: AWS::DataSync::LocationFSxOpenZFS + x-stackql-primary-identifier: + - LocationArn + x-create-only-properties: + - FsxFilesystemArn + - SecurityGroupArns + - Protocol + - Subdirectory + x-write-only-properties: + - Subdirectory + - FsxFilesystemArn + x-read-only-properties: + - LocationArn + - LocationUri + x-required-properties: + - SecurityGroupArns + - Protocol + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - datasync:CreateLocationFsxOpenZfs + - datasync:DescribeLocationFsxOpenZfs + - datasync:ListTagsForResource + - datasync:TagResource + - fsx:DescribeFileSystems + - ec2:DescribeNetworkInterfaces + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + read: + - datasync:DescribeLocationFsxOpenZfs + - datasync:ListTagsForResource + update: + - datasync:DescribeLocationFsxOpenZfs + - datasync:ListTagsForResource + - datasync:TagResource + - datasync:UntagResource + delete: + - datasync:DeleteLocation + list: + - datasync:ListLocations + LocationFSxWindows: + type: object + properties: + Domain: + description: The name of the Windows domain that the FSx for Windows server belongs to. + type: string + maxLength: 253 + pattern: ^([A-Za-z0-9]+[A-Za-z0-9-.]*)*[A-Za-z0-9-]*[A-Za-z0-9]$ + FsxFilesystemArn: + description: The Amazon Resource Name (ARN) for the FSx for Windows file system. + type: string + maxLength: 128 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):fsx:[a-z\-0-9]*:[0-9]{12}:file-system/fs-.*$ + Password: + description: The password of the user who has the permissions to access files and folders in the FSx for Windows file system. + type: string + maxLength: 104 + pattern: ^.{0,104}$ + SecurityGroupArns: + description: The ARNs of the security groups that are to use to configure the FSx for Windows file system. + type: array + items: + type: string + maxLength: 128 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):ec2:[a-z\-0-9]*:[0-9]{12}:security-group/.*$ + x-insertionOrder: false + Subdirectory: + description: A subdirectory in the location's path. + type: string + maxLength: 4096 + pattern: ^[a-zA-Z0-9_\-\+\./\(\)\$\p{Zs}]+$ + User: + description: The user who has the permissions to access files and folders in the FSx for Windows file system. + type: string + maxLength: 104 + pattern: ^[^\x5B\x5D\\/:;|=,+*?]{1,104}$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + LocationArn: + description: The Amazon Resource Name (ARN) of the Amazon FSx for Windows file system location that is created. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$ + maxLength: 128 + LocationUri: + description: The URL of the FSx for Windows location that was described. + type: string + pattern: ^(efs|nfs|s3|smb|fsxw)://[a-zA-Z0-9./\-]+$ + maxLength: 4356 + required: + - User + - SecurityGroupArns + x-stackql-resource-name: locationf_sx_windows + description: Resource schema for AWS::DataSync::LocationFSxWindows. + x-type-name: AWS::DataSync::LocationFSxWindows + x-stackql-primary-identifier: + - LocationArn + x-create-only-properties: + - Domain + - FsxFilesystemArn + - Password + - SecurityGroupArns + - Subdirectory + - User + x-write-only-properties: + - Password + - Subdirectory + - FsxFilesystemArn + x-read-only-properties: + - LocationArn + - LocationUri + x-required-properties: + - User + - SecurityGroupArns + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - datasync:CreateLocationFsxWindows + - datasync:DescribeLocationFsxWindows + - datasync:ListTagsForResource + - datasync:TagResource + - fsx:DescribeFileSystems + - ec2:DescribeNetworkInterfaces + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + read: + - datasync:DescribeLocationFsxWindows + - datasync:ListTagsForResource + update: + - datasync:DescribeLocationFsxWindows + - datasync:ListTagsForResource + - datasync:TagResource + - datasync:UntagResource + delete: + - datasync:DeleteLocation + list: + - datasync:ListLocations + NameNode: + additionalProperties: false + description: HDFS Name Node IP and port information. + type: object + properties: + Hostname: + description: The DNS name or IP address of the Name Node in the customer's on premises HDFS cluster. + type: string + pattern: ^(([a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9\-]*[A-Za-z0-9])$ + maxLength: 255 + Port: + description: The port on which the Name Node is listening on for client requests. + type: integer + minimum: 1 + maximum: 65536 + required: + - Hostname + - Port + QopConfiguration: + additionalProperties: false + description: Configuration information for RPC Protection and Data Transfer Protection. These parameters can be set to AUTHENTICATION, INTEGRITY, or PRIVACY. The default value is PRIVACY. + type: object + properties: + RpcProtection: + type: string + description: Configuration for RPC Protection. + enum: + - AUTHENTICATION + - INTEGRITY + - PRIVACY + - DISABLED + default: PRIVACY + DataTransferProtection: + type: string + description: Configuration for Data Transfer Protection. + enum: + - AUTHENTICATION + - INTEGRITY + - PRIVACY + - DISABLED + default: PRIVACY + LocationHDFS: + type: object + properties: + NameNodes: + description: An array of Name Node(s) of the HDFS location. + type: array + items: + $ref: '#/components/schemas/NameNode' + minItems: 1 + x-insertionOrder: false + BlockSize: + description: Size of chunks (blocks) in bytes that the data is divided into when stored in the HDFS cluster. + type: integer + format: int64 + minimum: 1048576 + maximum: 1073741824 + ReplicationFactor: + description: Number of copies of each block that exists inside the HDFS cluster. + type: integer + format: int64 + default: 3 + minimum: 1 + maximum: 512 + KmsKeyProviderUri: + description: The identifier for the Key Management Server where the encryption keys that encrypt data inside HDFS clusters are stored. + type: string + minLength: 1 + maxLength: 255 + pattern: ^kms:\/\/http[s]?@(([a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9\-]*[A-Za-z0-9])(;(([a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9\-]*[A-Za-z0-9]))*:[0-9]{1,5}\/kms$ + QopConfiguration: + $ref: '#/components/schemas/QopConfiguration' + AuthenticationType: + description: The authentication mode used to determine identity of user. + type: string + enum: + - SIMPLE + - KERBEROS + SimpleUser: + description: The user name that has read and write permissions on the specified HDFS cluster. + type: string + pattern: ^[_.A-Za-z0-9][-_.A-Za-z0-9]*$ + minLength: 1 + maxLength: 256 + KerberosPrincipal: + description: The unique identity, or principal, to which Kerberos can assign tickets. + type: string + pattern: ^.+$ + minLength: 1 + maxLength: 256 + KerberosKeytab: + description: The Base64 string representation of the Keytab file. + type: string + maxLength: 87384 + KerberosKrb5Conf: + description: The string representation of the Krb5Conf file, or the presigned URL to access the Krb5.conf file within an S3 bucket. + type: string + maxLength: 174764 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + AgentArns: + description: ARN(s) of the agent(s) to use for an HDFS location. + type: array + items: + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:agent/agent-[0-9a-z]{17}$ + maxLength: 128 + minItems: 1 + maxItems: 4 + x-insertionOrder: false + Subdirectory: + description: The subdirectory in HDFS that is used to read data from the HDFS source location or write data to the HDFS destination. + type: string + maxLength: 4096 + pattern: ^[a-zA-Z0-9_\-\+\./\(\)\$\p{Zs}]+$ + LocationArn: + description: The Amazon Resource Name (ARN) of the HDFS location. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$ + maxLength: 128 + LocationUri: + description: The URL of the HDFS location that was described. + type: string + pattern: ^(efs|nfs|s3|smb|fsxw|hdfs)://[a-zA-Z0-9.:/\-]+$ + maxLength: 4356 + required: + - NameNodes + - AuthenticationType + - AgentArns + x-stackql-resource-name: location_hdfs + description: Resource schema for AWS::DataSync::LocationHDFS. + x-type-name: AWS::DataSync::LocationHDFS + x-stackql-primary-identifier: + - LocationArn + x-write-only-properties: + - Subdirectory + - KerberosKeytab + - KerberosKrb5Conf + x-read-only-properties: + - LocationArn + - LocationUri + x-required-properties: + - NameNodes + - AuthenticationType + - AgentArns + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - datasync:CreateLocationHdfs + - datasync:DescribeLocationHdfs + - datasync:TagResource + - datasync:ListTagsForResource + read: + - datasync:DescribeLocationHdfs + - datasync:ListTagsForResource + update: + - datasync:UpdateLocationHdfs + - datasync:DescribeLocationHdfs + - datasync:ListTagsForResource + - datasync:TagResource + - datasync:UntagResource + delete: + - datasync:DeleteLocation + list: + - datasync:ListLocations + OnPremConfig: + additionalProperties: false + description: Contains a list of Amazon Resource Names (ARNs) of agents that are used to connect an NFS server. + type: object + properties: + AgentArns: + description: ARN(s) of the agent(s) to use for an NFS location. + type: array + items: + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:agent/agent-[0-9a-z]{17}$ + maxLength: 128 + minItems: 1 + maxItems: 4 + x-insertionOrder: false + required: + - AgentArns + LocationNFS: + type: object + properties: + MountOptions: + $ref: '#/components/schemas/MountOptions' + default: + Version: AUTOMATIC + OnPremConfig: + $ref: '#/components/schemas/OnPremConfig' + ServerHostname: + description: The name of the NFS server. This value is the IP address or DNS name of the NFS server. + type: string + pattern: ^(([a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9\-]*[A-Za-z0-9])$ + maxLength: 255 + Subdirectory: + description: The subdirectory in the NFS file system that is used to read data from the NFS source location or write data to the NFS destination. + type: string + maxLength: 4096 + pattern: ^[a-zA-Z0-9_\-\+\./\(\)\$\p{Zs}]+$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + LocationArn: + description: The Amazon Resource Name (ARN) of the NFS location. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$ + maxLength: 128 + LocationUri: + description: The URL of the NFS location that was described. + type: string + pattern: ^(efs|nfs|s3|smb|fsxw)://[a-zA-Z0-9./\-]+$ + maxLength: 4356 + required: + - OnPremConfig + x-stackql-resource-name: location_nfs + description: Resource schema for AWS::DataSync::LocationNFS + x-type-name: AWS::DataSync::LocationNFS + x-stackql-primary-identifier: + - LocationArn + x-create-only-properties: + - ServerHostname + x-write-only-properties: + - ServerHostname + - Subdirectory + x-read-only-properties: + - LocationArn + - LocationUri + x-required-properties: + - OnPremConfig + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - datasync:CreateLocationNfs + - datasync:DescribeLocationNfs + - datasync:ListTagsForResource + - datasync:TagResource + read: + - datasync:DescribeLocationNfs + - datasync:ListTagsForResource + update: + - datasync:DescribeLocationNfs + - datasync:ListTagsForResource + - datasync:TagResource + - datasync:UntagResource + - datasync:UpdateLocationNfs + delete: + - datasync:DeleteLocation + list: + - datasync:ListLocations + LocationObjectStorage: + type: object + properties: + AccessKey: + description: Optional. The access key is used if credentials are required to access the self-managed object storage server. + type: string + minLength: 1 + maxLength: 200 + pattern: ^.+$ + AgentArns: + description: The Amazon Resource Name (ARN) of the agents associated with the self-managed object storage server location. + type: array + items: + type: string + maxLength: 128 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:agent/agent-[0-9a-z]{17}$ + minItems: 1 + maxItems: 4 + x-insertionOrder: false + BucketName: + description: The name of the bucket on the self-managed object storage server. + type: string + maxLength: 63 + minLength: 3 + pattern: ^[a-zA-Z0-9_\-\+\./\(\)\$\p{Zs}]+$ + SecretKey: + description: Optional. The secret key is used if credentials are required to access the self-managed object storage server. + type: string + minLength: 8 + maxLength: 200 + pattern: ^.+$ + ServerCertificate: + description: X.509 PEM content containing a certificate authority or chain to trust. + type: string + maxLength: 32768 + ServerHostname: + description: The name of the self-managed object storage server. This value is the IP address or Domain Name Service (DNS) name of the object storage server. + type: string + maxLength: 255 + pattern: ^(([a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9\-]*[A-Za-z0-9])$ + ServerPort: + description: The port that your self-managed server accepts inbound network traffic on. + type: integer + minimum: 1 + maximum: 65536 + ServerProtocol: + description: The protocol that the object storage server uses to communicate. + type: string + enum: + - HTTPS + - HTTP + Subdirectory: + description: The subdirectory in the self-managed object storage server that is used to read data from. + type: string + maxLength: 4096 + pattern: ^[a-zA-Z0-9_\-\+\./\(\)\p{Zs}]*$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + LocationArn: + description: The Amazon Resource Name (ARN) of the location that is created. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$ + maxLength: 128 + LocationUri: + description: The URL of the object storage location that was described. + type: string + pattern: ^(efs|nfs|s3|smb|fsxw|object-storage)://[a-zA-Z0-9./\-]+$ + maxLength: 4356 + required: + - AgentArns + x-stackql-resource-name: location_object_storage + description: Resource schema for AWS::DataSync::LocationObjectStorage. + x-type-name: AWS::DataSync::LocationObjectStorage + x-stackql-primary-identifier: + - LocationArn + x-create-only-properties: + - BucketName + - ServerHostname + x-write-only-properties: + - SecretKey + - BucketName + - ServerHostname + - Subdirectory + x-read-only-properties: + - LocationArn + - LocationUri + x-required-properties: + - AgentArns + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - datasync:CreateLocationObjectStorage + - datasync:DescribeLocationObjectStorage + - datasync:ListTagsForResource + - datasync:TagResource + read: + - datasync:DescribeLocationObjectStorage + - datasync:ListTagsForResource + update: + - datasync:DescribeLocationObjectStorage + - datasync:ListTagsForResource + - datasync:TagResource + - datasync:UntagResource + - datasync:UpdateLocationObjectStorage + delete: + - datasync:DeleteLocation + list: + - datasync:ListLocations + S3Config: + additionalProperties: false + description: The Amazon Resource Name (ARN) of the AWS IAM role that is used to access an Amazon S3 bucket. + type: object + properties: + BucketAccessRoleArn: + description: The ARN of the IAM role of the Amazon S3 bucket. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$ + maxLength: 2048 + required: + - BucketAccessRoleArn + LocationS3: + type: object + properties: + S3Config: + $ref: '#/components/schemas/S3Config' + S3BucketArn: + description: The Amazon Resource Name (ARN) of the Amazon S3 bucket. + type: string + maxLength: 156 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):s3:[a-z\-0-9]*:[0-9]*:.*$ + Subdirectory: + description: A subdirectory in the Amazon S3 bucket. This subdirectory in Amazon S3 is used to read data from the S3 source location or write data to the S3 destination. + type: string + maxLength: 1024 + pattern: ^[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}\p{C}]*$ + S3StorageClass: + description: The Amazon S3 storage class you want to store your files in when this location is used as a task destination. + type: string + enum: + - STANDARD + - STANDARD_IA + - ONEZONE_IA + - INTELLIGENT_TIERING + - GLACIER + - GLACIER_INSTANT_RETRIEVAL + - DEEP_ARCHIVE + default: STANDARD + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + LocationArn: + description: The Amazon Resource Name (ARN) of the Amazon S3 bucket location. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$ + maxLength: 128 + LocationUri: + description: The URL of the S3 location that was described. + type: string + pattern: ^(efs|nfs|s3|smb|fsxw)://[a-zA-Z0-9.\-/]+$ + maxLength: 4356 + required: + - S3Config + x-stackql-resource-name: location_s3 + description: Resource schema for AWS::DataSync::LocationS3 + x-type-name: AWS::DataSync::LocationS3 + x-stackql-primary-identifier: + - LocationArn + x-create-only-properties: + - S3Config + - S3StorageClass + - Subdirectory + - S3BucketArn + x-write-only-properties: + - Subdirectory + - S3BucketArn + x-read-only-properties: + - LocationArn + - LocationUri + x-required-properties: + - S3Config + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - datasync:CreateLocationS3 + - datasync:DescribeLocationS3 + - datasync:ListTagsForResource + - datasync:TagResource + - s3:ListAllMyBuckets + - s3:ListBucket + - iam:GetRole + - iam:PassRole + read: + - datasync:DescribeLocationS3 + - datasync:ListTagsForResource + update: + - datasync:DescribeLocationS3 + - datasync:ListTagsForResource + - datasync:TagResource + - datasync:UntagResource + delete: + - datasync:DeleteLocation + list: + - datasync:ListLocations + LocationSMB: + type: object + properties: + AgentArns: + description: The Amazon Resource Names (ARNs) of agents to use for a Simple Message Block (SMB) location. + type: array + items: + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:agent/agent-[0-9a-z]{17}$ + maxLength: 128 + minItems: 1 + maxItems: 4 + x-insertionOrder: false + Domain: + description: The name of the Windows domain that the SMB server belongs to. + type: string + maxLength: 253 + pattern: ^([A-Za-z0-9]+[A-Za-z0-9-.]*)*[A-Za-z0-9-]*[A-Za-z0-9]$ + MountOptions: + $ref: '#/components/schemas/MountOptions' + default: + Version: AUTOMATIC + Password: + description: The password of the user who can mount the share and has the permissions to access files and folders in the SMB share. + type: string + maxLength: 104 + pattern: ^.{0,104}$ + ServerHostname: + description: The name of the SMB server. This value is the IP address or Domain Name Service (DNS) name of the SMB server. + type: string + maxLength: 255 + pattern: ^(([a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9\-]*[A-Za-z0-9])$ + Subdirectory: + description: The subdirectory in the SMB file system that is used to read data from the SMB source location or write data to the SMB destination + type: string + maxLength: 4096 + pattern: ^[a-zA-Z0-9_\-\+\./\(\)\$\p{Zs}]+$ + User: + description: The user who can mount the share, has the permissions to access files and folders in the SMB share. + type: string + maxLength: 104 + pattern: ^[^\x5B\x5D\\/:;|=,+*?]{1,104}$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + LocationArn: + description: The Amazon Resource Name (ARN) of the SMB location that is created. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$ + maxLength: 128 + LocationUri: + description: The URL of the SMB location that was described. + type: string + pattern: ^(efs|nfs|s3|smb|fsxw)://[a-zA-Z0-9./\-]+$ + maxLength: 4356 + required: + - User + - AgentArns + x-stackql-resource-name: location_smb + description: Resource schema for AWS::DataSync::LocationSMB. + x-type-name: AWS::DataSync::LocationSMB + x-stackql-primary-identifier: + - LocationArn + x-create-only-properties: + - ServerHostname + x-write-only-properties: + - Password + - Subdirectory + - ServerHostname + x-read-only-properties: + - LocationArn + - LocationUri + x-required-properties: + - User + - AgentArns + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - datasync:CreateLocationSmb + - datasync:DescribeLocationSmb + - datasync:ListTagsForResource + - datasync:TagResource + read: + - datasync:DescribeLocationSmb + - datasync:ListTagsForResource + update: + - datasync:DescribeLocationSmb + - datasync:ListTagsForResource + - datasync:TagResource + - datasync:UntagResource + - datasync:UpdateLocationSmb + delete: + - datasync:DeleteLocation + list: + - datasync:ListLocations + ServerConfiguration: + additionalProperties: false + description: The server name and network port required to connect with the management interface of the on-premises storage system. + type: object + properties: + ServerHostname: + type: string + description: The domain name or IP address of the storage system's management interface. + pattern: ^(([a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9\-]*[A-Za-z0-9])$ + maxLength: 255 + ServerPort: + type: integer + description: The network port needed to access the system's management interface + minimum: 1 + maximum: 65535 + required: + - ServerHostname + ServerCredentials: + additionalProperties: false + description: The username and password for accessing your on-premises storage system's management interface. + type: object + properties: + Username: + type: string + description: The username for your storage system's management interface. + maxLength: 1024 + Password: + type: string + description: The password for your storage system's management interface + maxLength: 1024 + required: + - Username + - Password + StorageSystem: + type: object + properties: + ServerConfiguration: + $ref: '#/components/schemas/ServerConfiguration' + ServerCredentials: + $ref: '#/components/schemas/ServerCredentials' + SecretsManagerArn: + description: The ARN of a secret stored by AWS Secrets Manager. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):secretsmanager:[a-z\-0-9]+:[0-9]{12}:secret:.* + maxLength: 2048 + SystemType: + description: The type of on-premises storage system that DataSync Discovery will analyze. + type: string + enum: + - NetAppONTAP + AgentArns: + description: The ARN of the DataSync agent that connects to and reads from the on-premises storage system's management interface. + type: array + items: + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:agent/agent-[0-9a-z]{17}$ + maxLength: 128 + minItems: 1 + maxItems: 1 + x-insertionOrder: false + CloudWatchLogGroupArn: + description: The ARN of the Amazon CloudWatch log group used to monitor and log discovery job events. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):logs:[a-z\-0-9]+:[0-9]{12}:log-group:([^:\*]*)(:\*)?$ + maxLength: 562 + Name: + description: A familiar name for the on-premises storage system. + type: string + pattern: ^[a-zA-Z0-9\s+=._:@/-]+$ + minLength: 1 + maxLength: 256 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + StorageSystemArn: + description: The ARN of the on-premises storage system added to DataSync Discovery. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:system/storage-system-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + maxLength: 128 + ConnectivityStatus: + description: Indicates whether the DataSync agent can access the on-premises storage system. + type: string + enum: + - PASS + - FAIL + - UNKNOWN + required: + - ServerConfiguration + - SystemType + - AgentArns + x-stackql-resource-name: storage_system + description: Resource schema for AWS::DataSync::StorageSystem. + x-type-name: AWS::DataSync::StorageSystem + x-stackql-primary-identifier: + - StorageSystemArn + x-write-only-properties: + - ServerCredentials + x-read-only-properties: + - StorageSystemArn + - ConnectivityStatus + - SecretsManagerArn + x-required-properties: + - ServerConfiguration + - SystemType + - AgentArns + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - datasync:AddStorageSystem + - datasync:DescribeStorageSystem + - datasync:ListTagsForResource + - datasync:TagResource + - secretsmanager:CreateSecret + - secretsmanager:DescribeSecret + - iam:CreateServiceLinkedRole + read: + - datasync:DescribeStorageSystem + - datasync:ListTagsForResource + - secretsmanager:DescribeSecret + update: + - datasync:UpdateStorageSystem + - datasync:DescribeStorageSystem + - datasync:ListTagsForResource + - datasync:TagResource + - datasync:UntagResource + - secretsmanager:DescribeSecret + - secretsmanager:PutSecretValue + delete: + - datasync:DescribeStorageSystem + - datasync:RemoveStorageSystem + - secretsmanager:DescribeSecret + - secretsmanager:DeleteSecret + list: + - datasync:ListStorageSystems + FilterRule: + additionalProperties: false + description: Specifies which files folders and objects to include or exclude when transferring files from source to destination. + type: object + properties: + FilterType: + description: The type of filter rule to apply. AWS DataSync only supports the SIMPLE_PATTERN rule type. + type: string + enum: + - SIMPLE_PATTERN + pattern: ^[A-Z0-9_]+$ + maxLength: 128 + Value: + description: A single filter string that consists of the patterns to include or exclude. The patterns are delimited by "|". + type: string + pattern: ^[^\x00]+$ + maxLength: 409600 + TaskReportConfig: + additionalProperties: false + description: Specifies how you want to configure a task report, which provides detailed information about for your Datasync transfer. + type: object + properties: + Destination: + additionalProperties: false + description: Specifies where DataSync uploads your task report. + type: object + properties: + S3: + $ref: '#/components/schemas/TaskReportConfigDestinationS3' + OutputType: + description: Specifies the type of task report that you want. + type: string + enum: + - SUMMARY_ONLY + - STANDARD + ReportLevel: + description: Specifies whether you want your task report to include only what went wrong with your transfer or a list of what succeeded and didn't. + type: string + enum: + - ERRORS_ONLY + - SUCCESSES_AND_ERRORS + ObjectVersionIds: + description: Specifies whether your task report includes the new version of each object transferred into an S3 bucket, this only applies if you enable versioning on your bucket. + type: string + enum: + - INCLUDE + - NONE + Overrides: + additionalProperties: false + description: Customizes the reporting level for aspects of your task report. For example, your report might generally only include errors, but you could specify that you want a list of successes and errors just for the files that Datasync attempted to delete in your destination location. + type: object + properties: + Transferred: + additionalProperties: false + description: Specifies the level of reporting for the files, objects, and directories that Datasync attempted to transfer. + type: object + properties: + ReportLevel: + description: Specifies whether you want your task report to include only what went wrong with your transfer or a list of what succeeded and didn't. + type: string + enum: + - ERRORS_ONLY + - SUCCESSES_AND_ERRORS + Verified: + additionalProperties: false + description: Specifies the level of reporting for the files, objects, and directories that Datasync attempted to verify at the end of your transfer. This only applies if you configure your task to verify data during and after the transfer (which Datasync does by default) + type: object + properties: + ReportLevel: + description: Specifies whether you want your task report to include only what went wrong with your transfer or a list of what succeeded and didn't. + type: string + enum: + - ERRORS_ONLY + - SUCCESSES_AND_ERRORS + Deleted: + additionalProperties: false + description: Specifies the level of reporting for the files, objects, and directories that Datasync attempted to delete in your destination location. This only applies if you configure your task to delete data in the destination that isn't in the source. + type: object + properties: + ReportLevel: + description: Specifies whether you want your task report to include only what went wrong with your transfer or a list of what succeeded and didn't. + type: string + enum: + - ERRORS_ONLY + - SUCCESSES_AND_ERRORS + Skipped: + additionalProperties: false + description: Specifies the level of reporting for the files, objects, and directories that Datasync attempted to skip during your transfer. + type: object + properties: + ReportLevel: + description: Specifies whether you want your task report to include only what went wrong with your transfer or a list of what succeeded and didn't. + type: string + enum: + - ERRORS_ONLY + - SUCCESSES_AND_ERRORS + required: + - Destination + - OutputType + TaskReportConfigDestinationS3: + additionalProperties: false + description: Specifies the Amazon S3 bucket where DataSync uploads your task report. + type: object + properties: + Subdirectory: + description: Specifies a bucket prefix for your report. + type: string + maxLength: 4096 + pattern: ^[a-zA-Z0-9_\-\+\./\(\)\p{Zs}]*$ + BucketAccessRoleArn: + description: Specifies the Amazon Resource Name (ARN) of the IAM policy that allows Datasync to upload a task report to your S3 bucket. + type: string + maxLength: 2048 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$ + S3BucketArn: + description: Specifies the ARN of the S3 bucket where Datasync uploads your report. + type: string + maxLength: 156 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):(s3|s3-outposts):[a-z\-0-9]*:[0-9]*:.*$ + ManifestConfig: + additionalProperties: false + description: Configures a manifest, which is a list of files or objects that you want DataSync to transfer. + type: object + properties: + Action: + description: Specifies what DataSync uses the manifest for. + type: string + enum: + - TRANSFER + Format: + description: Specifies the file format of your manifest. + type: string + enum: + - CSV + Source: + additionalProperties: false + description: Specifies the manifest that you want DataSync to use and where it's hosted. + type: object + properties: + S3: + $ref: '#/components/schemas/ManifestConfigSourceS3' + required: + - Source + ManifestConfigSourceS3: + additionalProperties: false + description: Specifies the S3 bucket where you're hosting the manifest that you want AWS DataSync to use. + type: object + properties: + ManifestObjectPath: + description: Specifies the Amazon S3 object key of your manifest. + type: string + maxLength: 1024 + pattern: ^[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}\p{C}]*$ + BucketAccessRoleArn: + description: Specifies the AWS Identity and Access Management (IAM) role that allows DataSync to access your manifest. + type: string + maxLength: 2048 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$ + S3BucketArn: + description: Specifies the Amazon Resource Name (ARN) of the S3 bucket where you're hosting your manifest. + type: string + maxLength: 156 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):(s3|s3-outposts):[a-z\-0-9]*:[0-9]*:.*$ + ManifestObjectVersionId: + description: Specifies the object version ID of the manifest that you want DataSync to use. + type: string + maxLength: 100 + pattern: ^.+$ + TaskSchedule: + additionalProperties: false + description: Specifies the schedule you want your task to use for repeated executions. + type: object + properties: + ScheduleExpression: + description: A cron expression that specifies when AWS DataSync initiates a scheduled transfer from a source to a destination location + type: string + maxLength: 256 + pattern: ^[a-zA-Z0-9\ \_\*\?\,\|\^\-\/\#\s\(\)\+]*$ + required: + - ScheduleExpression + Options: + additionalProperties: false + description: Represents the options that are available to control the behavior of a StartTaskExecution operation. + type: object + properties: + Atime: + description: A file metadata value that shows the last time a file was accessed (that is, when the file was read or written to). + type: string + enum: + - NONE + - BEST_EFFORT + BytesPerSecond: + description: A value that limits the bandwidth used by AWS DataSync. + type: integer + format: int64 + minimum: -1 + Gid: + description: The group ID (GID) of the file's owners. + type: string + enum: + - NONE + - INT_VALUE + - NAME + - BOTH + LogLevel: + description: A value that determines the types of logs that DataSync publishes to a log stream in the Amazon CloudWatch log group that you provide. + type: string + enum: + - 'OFF' + - BASIC + - TRANSFER + Mtime: + description: A value that indicates the last time that a file was modified (that is, a file was written to) before the PREPARING phase. + type: string + enum: + - NONE + - PRESERVE + OverwriteMode: + description: A value that determines whether files at the destination should be overwritten or preserved when copying files. + type: string + enum: + - ALWAYS + - NEVER + PosixPermissions: + description: A value that determines which users or groups can access a file for a specific purpose such as reading, writing, or execution of the file. + type: string + enum: + - NONE + - PRESERVE + PreserveDeletedFiles: + description: A value that specifies whether files in the destination that don't exist in the source file system should be preserved. + type: string + enum: + - PRESERVE + - REMOVE + PreserveDevices: + description: A value that determines whether AWS DataSync should preserve the metadata of block and character devices in the source file system, and recreate the files with that device name and metadata on the destination. + type: string + enum: + - NONE + - PRESERVE + SecurityDescriptorCopyFlags: + description: A value that determines which components of the SMB security descriptor are copied during transfer. + type: string + enum: + - NONE + - OWNER_DACL + - OWNER_DACL_SACL + TaskQueueing: + description: A value that determines whether tasks should be queued before executing the tasks. + type: string + enum: + - ENABLED + - DISABLED + TransferMode: + description: A value that determines whether DataSync transfers only the data and metadata that differ between the source and the destination location, or whether DataSync transfers all the content from the source, without comparing to the destination location. + type: string + enum: + - CHANGED + - ALL + Uid: + description: The user ID (UID) of the file's owner. + type: string + enum: + - NONE + - INT_VALUE + - NAME + - BOTH + VerifyMode: + description: A value that determines whether a data integrity verification should be performed at the end of a task execution after all data and metadata have been transferred. + type: string + enum: + - POINT_IN_TIME_CONSISTENT + - ONLY_FILES_TRANSFERRED + - NONE + ObjectTags: + description: A value that determines whether object tags should be read from the source object store and written to the destination object store. + type: string + enum: + - PRESERVE + - NONE + SourceNetworkInterfaceArns: + description: The Amazon Resource Names (ARNs) of the source ENIs (Elastic Network Interfaces) that were created for your subnet. + type: array + items: + type: string + pattern: ^arn:aws[\-a-z]{0,}:ec2:[a-z\-0-9]*:[0-9]{12}:network-interface/eni-[0-9a-f]+$ + maxItems: 128 + x-insertionOrder: false + DestinationNetworkInterfaceArns: + description: The Amazon Resource Names (ARNs) of the destination ENIs (Elastic Network Interfaces) that were created for your subnet. + type: array + items: + type: string + pattern: ^arn:aws[\-a-z]{0,}:ec2:[a-z\-0-9]*:[0-9]{12}:network-interface/eni-[0-9a-f]+$ + maxItems: 128 + x-insertionOrder: false + Task: + type: object + properties: + Excludes: + type: array + minItems: 0 + maxItems: 1 + items: + $ref: '#/components/schemas/FilterRule' + x-insertionOrder: false + Includes: + type: array + minItems: 0 + maxItems: 1 + items: + $ref: '#/components/schemas/FilterRule' + x-insertionOrder: false + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + CloudWatchLogGroupArn: + description: The ARN of the Amazon CloudWatch log group that is used to monitor and log events in the task. + type: string + maxLength: 562 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):logs:[a-z\-0-9]*:[0-9]{12}:log-group:([^:\*]*)(:\*)?$ + DestinationLocationArn: + description: The ARN of an AWS storage resource's location. + type: string + maxLength: 128 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$ + Name: + description: The name of a task. This value is a text reference that is used to identify the task in the console. + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9\s+=._:@/-]+$ + Options: + $ref: '#/components/schemas/Options' + TaskReportConfig: + $ref: '#/components/schemas/TaskReportConfig' + ManifestConfig: + $ref: '#/components/schemas/ManifestConfig' + Schedule: + $ref: '#/components/schemas/TaskSchedule' + SourceLocationArn: + description: The ARN of the source location for the task. + type: string + maxLength: 128 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$ + TaskArn: + description: The ARN of the task. + type: string + maxLength: 128 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]*:[0-9]{12}:task/task-[0-9a-f]{17}$ + Status: + description: The status of the task that was described. + type: string + enum: + - AVAILABLE + - CREATING + - QUEUED + - RUNNING + - UNAVAILABLE + SourceNetworkInterfaceArns: + $ref: '#/components/schemas/SourceNetworkInterfaceArns' + DestinationNetworkInterfaceArns: + $ref: '#/components/schemas/DestinationNetworkInterfaceArns' + required: + - DestinationLocationArn + - SourceLocationArn + x-stackql-resource-name: task + description: Resource schema for AWS::DataSync::Task. + x-type-name: AWS::DataSync::Task + x-stackql-primary-identifier: + - TaskArn + x-create-only-properties: + - DestinationLocationArn + - SourceLocationArn + x-read-only-properties: + - TaskArn + - Status + - SourceNetworkInterfaceArns + - DestinationNetworkInterfaceArns + x-required-properties: + - DestinationLocationArn + - SourceLocationArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - datasync:CreateTask + - datasync:DescribeTask + - datasync:ListTagsForResource + - datasync:TagResource + - s3:ListAllMyBuckets + - s3:ListBucket + - s3:GetObject + - s3:GetObjectVersion + - ec2:DescribeNetworkInterfaces + - ec2:CreateNetworkInterface + - ec2:DeleteNetworkInterface + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:CreateNetworkInterfacePermission + - fsx:DescribeFileSystems + - elasticfilesystem:DescribeFileSystems + - elasticfilesystem:DescribeMountTargets + - logs:DescribeLogGroups + - iam:GetRole + - iam:PassRole + - iam:AssumeRole + read: + - datasync:DescribeTask + - datasync:ListTagsForResource + update: + - datasync:UpdateTask + - datasync:DescribeTask + - datasync:ListTagsForResource + - datasync:TagResource + - datasync:UntagResource + - logs:DescribeLogGroups + - iam:PassRole + delete: + - datasync:DeleteTask + - ec2:DescribeNetworkInterfaces + - ec2:DeleteNetworkInterface + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - fsx:DescribeFileSystems + - elasticfilesystem:DescribeFileSystems + - elasticfilesystem:DescribeMountTargets + - iam:GetRole + list: + - datasync:ListTasks + x-stackQL-resources: + agents: + name: agents + id: aws.datasync.agents + x-cfn-schema-name: Agent + x-type: list + x-identifiers: + - AgentArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AgentArn') as agent_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::Agent' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AgentArn') as agent_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::Agent' + AND region = 'us-east-1' + agent: + name: agent + id: aws.datasync.agent + x-cfn-schema-name: Agent + x-type: get + x-identifiers: + - AgentArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AgentName') as agent_name, + JSON_EXTRACT(Properties, '$.ActivationKey') as activation_key, + JSON_EXTRACT(Properties, '$.SecurityGroupArns') as security_group_arns, + JSON_EXTRACT(Properties, '$.SubnetArns') as subnet_arns, + JSON_EXTRACT(Properties, '$.VpcEndpointId') as vpc_endpoint_id, + JSON_EXTRACT(Properties, '$.EndpointType') as endpoint_type, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AgentArn') as agent_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::Agent' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AgentName') as agent_name, + json_extract_path_text(Properties, 'ActivationKey') as activation_key, + json_extract_path_text(Properties, 'SecurityGroupArns') as security_group_arns, + json_extract_path_text(Properties, 'SubnetArns') as subnet_arns, + json_extract_path_text(Properties, 'VpcEndpointId') as vpc_endpoint_id, + json_extract_path_text(Properties, 'EndpointType') as endpoint_type, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AgentArn') as agent_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::Agent' + AND data__Identifier = '' + AND region = 'us-east-1' + location_azure_blobs: + name: location_azure_blobs + id: aws.datasync.location_azure_blobs + x-cfn-schema-name: LocationAzureBlob + x-type: list + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::LocationAzureBlob' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LocationArn') as location_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::LocationAzureBlob' + AND region = 'us-east-1' + location_azure_blob: + name: location_azure_blob + id: aws.datasync.location_azure_blob + x-cfn-schema-name: LocationAzureBlob + x-type: get + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AgentArns') as agent_arns, + JSON_EXTRACT(Properties, '$.AzureBlobAuthenticationType') as azure_blob_authentication_type, + JSON_EXTRACT(Properties, '$.AzureBlobSasConfiguration') as azure_blob_sas_configuration, + JSON_EXTRACT(Properties, '$.AzureBlobContainerUrl') as azure_blob_container_url, + JSON_EXTRACT(Properties, '$.AzureBlobType') as azure_blob_type, + JSON_EXTRACT(Properties, '$.AzureAccessTier') as azure_access_tier, + JSON_EXTRACT(Properties, '$.Subdirectory') as subdirectory, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(Properties, '$.LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationAzureBlob' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AgentArns') as agent_arns, + json_extract_path_text(Properties, 'AzureBlobAuthenticationType') as azure_blob_authentication_type, + json_extract_path_text(Properties, 'AzureBlobSasConfiguration') as azure_blob_sas_configuration, + json_extract_path_text(Properties, 'AzureBlobContainerUrl') as azure_blob_container_url, + json_extract_path_text(Properties, 'AzureBlobType') as azure_blob_type, + json_extract_path_text(Properties, 'AzureAccessTier') as azure_access_tier, + json_extract_path_text(Properties, 'Subdirectory') as subdirectory, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LocationArn') as location_arn, + json_extract_path_text(Properties, 'LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationAzureBlob' + AND data__Identifier = '' + AND region = 'us-east-1' + location_efs: + name: location_efs + id: aws.datasync.location_efs + x-cfn-schema-name: LocationEFS + x-type: get + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Ec2Config') as ec2_config, + JSON_EXTRACT(Properties, '$.EfsFilesystemArn') as efs_filesystem_arn, + JSON_EXTRACT(Properties, '$.AccessPointArn') as access_point_arn, + JSON_EXTRACT(Properties, '$.FileSystemAccessRoleArn') as file_system_access_role_arn, + JSON_EXTRACT(Properties, '$.InTransitEncryption') as in_transit_encryption, + JSON_EXTRACT(Properties, '$.Subdirectory') as subdirectory, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(Properties, '$.LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationEFS' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Ec2Config') as ec2_config, + json_extract_path_text(Properties, 'EfsFilesystemArn') as efs_filesystem_arn, + json_extract_path_text(Properties, 'AccessPointArn') as access_point_arn, + json_extract_path_text(Properties, 'FileSystemAccessRoleArn') as file_system_access_role_arn, + json_extract_path_text(Properties, 'InTransitEncryption') as in_transit_encryption, + json_extract_path_text(Properties, 'Subdirectory') as subdirectory, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LocationArn') as location_arn, + json_extract_path_text(Properties, 'LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationEFS' + AND data__Identifier = '' + AND region = 'us-east-1' + locationf_sx_lustres: + name: locationf_sx_lustres + id: aws.datasync.locationf_sx_lustres + x-cfn-schema-name: LocationFSxLustre + x-type: list + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::LocationFSxLustre' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LocationArn') as location_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::LocationFSxLustre' + AND region = 'us-east-1' + locationf_sx_lustre: + name: locationf_sx_lustre + id: aws.datasync.locationf_sx_lustre + x-cfn-schema-name: LocationFSxLustre + x-type: get + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FsxFilesystemArn') as fsx_filesystem_arn, + JSON_EXTRACT(Properties, '$.SecurityGroupArns') as security_group_arns, + JSON_EXTRACT(Properties, '$.Subdirectory') as subdirectory, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(Properties, '$.LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationFSxLustre' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FsxFilesystemArn') as fsx_filesystem_arn, + json_extract_path_text(Properties, 'SecurityGroupArns') as security_group_arns, + json_extract_path_text(Properties, 'Subdirectory') as subdirectory, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LocationArn') as location_arn, + json_extract_path_text(Properties, 'LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationFSxLustre' + AND data__Identifier = '' + AND region = 'us-east-1' + locationf_sx_ontaps: + name: locationf_sx_ontaps + id: aws.datasync.locationf_sx_ontaps + x-cfn-schema-name: LocationFSxONTAP + x-type: list + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::LocationFSxONTAP' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LocationArn') as location_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::LocationFSxONTAP' + AND region = 'us-east-1' + locationf_sx_ontap: + name: locationf_sx_ontap + id: aws.datasync.locationf_sx_ontap + x-cfn-schema-name: LocationFSxONTAP + x-type: get + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.StorageVirtualMachineArn') as storage_virtual_machine_arn, + JSON_EXTRACT(Properties, '$.FsxFilesystemArn') as fsx_filesystem_arn, + JSON_EXTRACT(Properties, '$.SecurityGroupArns') as security_group_arns, + JSON_EXTRACT(Properties, '$.Protocol') as protocol, + JSON_EXTRACT(Properties, '$.Subdirectory') as subdirectory, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(Properties, '$.LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationFSxONTAP' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'StorageVirtualMachineArn') as storage_virtual_machine_arn, + json_extract_path_text(Properties, 'FsxFilesystemArn') as fsx_filesystem_arn, + json_extract_path_text(Properties, 'SecurityGroupArns') as security_group_arns, + json_extract_path_text(Properties, 'Protocol') as protocol, + json_extract_path_text(Properties, 'Subdirectory') as subdirectory, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LocationArn') as location_arn, + json_extract_path_text(Properties, 'LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationFSxONTAP' + AND data__Identifier = '' + AND region = 'us-east-1' + locationf_sx_open_zfs: + name: locationf_sx_open_zfs + id: aws.datasync.locationf_sx_open_zfs + x-cfn-schema-name: LocationFSxOpenZFS + x-type: get + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FsxFilesystemArn') as fsx_filesystem_arn, + JSON_EXTRACT(Properties, '$.SecurityGroupArns') as security_group_arns, + JSON_EXTRACT(Properties, '$.Protocol') as protocol, + JSON_EXTRACT(Properties, '$.Subdirectory') as subdirectory, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(Properties, '$.LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationFSxOpenZFS' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FsxFilesystemArn') as fsx_filesystem_arn, + json_extract_path_text(Properties, 'SecurityGroupArns') as security_group_arns, + json_extract_path_text(Properties, 'Protocol') as protocol, + json_extract_path_text(Properties, 'Subdirectory') as subdirectory, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LocationArn') as location_arn, + json_extract_path_text(Properties, 'LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationFSxOpenZFS' + AND data__Identifier = '' + AND region = 'us-east-1' + locationf_sx_windows: + name: locationf_sx_windows + id: aws.datasync.locationf_sx_windows + x-cfn-schema-name: LocationFSxWindows + x-type: get + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Domain') as domain, + JSON_EXTRACT(Properties, '$.FsxFilesystemArn') as fsx_filesystem_arn, + JSON_EXTRACT(Properties, '$.Password') as password, + JSON_EXTRACT(Properties, '$.SecurityGroupArns') as security_group_arns, + JSON_EXTRACT(Properties, '$.Subdirectory') as subdirectory, + JSON_EXTRACT(Properties, '$.User') as user, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(Properties, '$.LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationFSxWindows' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Domain') as domain, + json_extract_path_text(Properties, 'FsxFilesystemArn') as fsx_filesystem_arn, + json_extract_path_text(Properties, 'Password') as password, + json_extract_path_text(Properties, 'SecurityGroupArns') as security_group_arns, + json_extract_path_text(Properties, 'Subdirectory') as subdirectory, + json_extract_path_text(Properties, 'User') as user, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LocationArn') as location_arn, + json_extract_path_text(Properties, 'LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationFSxWindows' + AND data__Identifier = '' + AND region = 'us-east-1' + location_hdfs: + name: location_hdfs + id: aws.datasync.location_hdfs + x-cfn-schema-name: LocationHDFS + x-type: get + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.NameNodes') as name_nodes, + JSON_EXTRACT(Properties, '$.BlockSize') as block_size, + JSON_EXTRACT(Properties, '$.ReplicationFactor') as replication_factor, + JSON_EXTRACT(Properties, '$.KmsKeyProviderUri') as kms_key_provider_uri, + JSON_EXTRACT(Properties, '$.QopConfiguration') as qop_configuration, + JSON_EXTRACT(Properties, '$.AuthenticationType') as authentication_type, + JSON_EXTRACT(Properties, '$.SimpleUser') as simple_user, + JSON_EXTRACT(Properties, '$.KerberosPrincipal') as kerberos_principal, + JSON_EXTRACT(Properties, '$.KerberosKeytab') as kerberos_keytab, + JSON_EXTRACT(Properties, '$.KerberosKrb5Conf') as kerberos_krb5_conf, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AgentArns') as agent_arns, + JSON_EXTRACT(Properties, '$.Subdirectory') as subdirectory, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(Properties, '$.LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationHDFS' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'NameNodes') as name_nodes, + json_extract_path_text(Properties, 'BlockSize') as block_size, + json_extract_path_text(Properties, 'ReplicationFactor') as replication_factor, + json_extract_path_text(Properties, 'KmsKeyProviderUri') as kms_key_provider_uri, + json_extract_path_text(Properties, 'QopConfiguration') as qop_configuration, + json_extract_path_text(Properties, 'AuthenticationType') as authentication_type, + json_extract_path_text(Properties, 'SimpleUser') as simple_user, + json_extract_path_text(Properties, 'KerberosPrincipal') as kerberos_principal, + json_extract_path_text(Properties, 'KerberosKeytab') as kerberos_keytab, + json_extract_path_text(Properties, 'KerberosKrb5Conf') as kerberos_krb5_conf, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AgentArns') as agent_arns, + json_extract_path_text(Properties, 'Subdirectory') as subdirectory, + json_extract_path_text(Properties, 'LocationArn') as location_arn, + json_extract_path_text(Properties, 'LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationHDFS' + AND data__Identifier = '' + AND region = 'us-east-1' + location_nfs: + name: location_nfs + id: aws.datasync.location_nfs + x-cfn-schema-name: LocationNFS + x-type: get + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.MountOptions') as mount_options, + JSON_EXTRACT(Properties, '$.OnPremConfig') as on_prem_config, + JSON_EXTRACT(Properties, '$.ServerHostname') as server_hostname, + JSON_EXTRACT(Properties, '$.Subdirectory') as subdirectory, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(Properties, '$.LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationNFS' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'MountOptions') as mount_options, + json_extract_path_text(Properties, 'OnPremConfig') as on_prem_config, + json_extract_path_text(Properties, 'ServerHostname') as server_hostname, + json_extract_path_text(Properties, 'Subdirectory') as subdirectory, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LocationArn') as location_arn, + json_extract_path_text(Properties, 'LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationNFS' + AND data__Identifier = '' + AND region = 'us-east-1' + location_object_storages: + name: location_object_storages + id: aws.datasync.location_object_storages + x-cfn-schema-name: LocationObjectStorage + x-type: list + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::LocationObjectStorage' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LocationArn') as location_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::LocationObjectStorage' + AND region = 'us-east-1' + location_object_storage: + name: location_object_storage + id: aws.datasync.location_object_storage + x-cfn-schema-name: LocationObjectStorage + x-type: get + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccessKey') as access_key, + JSON_EXTRACT(Properties, '$.AgentArns') as agent_arns, + JSON_EXTRACT(Properties, '$.BucketName') as bucket_name, + JSON_EXTRACT(Properties, '$.SecretKey') as secret_key, + JSON_EXTRACT(Properties, '$.ServerCertificate') as server_certificate, + JSON_EXTRACT(Properties, '$.ServerHostname') as server_hostname, + JSON_EXTRACT(Properties, '$.ServerPort') as server_port, + JSON_EXTRACT(Properties, '$.ServerProtocol') as server_protocol, + JSON_EXTRACT(Properties, '$.Subdirectory') as subdirectory, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(Properties, '$.LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationObjectStorage' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccessKey') as access_key, + json_extract_path_text(Properties, 'AgentArns') as agent_arns, + json_extract_path_text(Properties, 'BucketName') as bucket_name, + json_extract_path_text(Properties, 'SecretKey') as secret_key, + json_extract_path_text(Properties, 'ServerCertificate') as server_certificate, + json_extract_path_text(Properties, 'ServerHostname') as server_hostname, + json_extract_path_text(Properties, 'ServerPort') as server_port, + json_extract_path_text(Properties, 'ServerProtocol') as server_protocol, + json_extract_path_text(Properties, 'Subdirectory') as subdirectory, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LocationArn') as location_arn, + json_extract_path_text(Properties, 'LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationObjectStorage' + AND data__Identifier = '' + AND region = 'us-east-1' + location_s3s: + name: location_s3s + id: aws.datasync.location_s3s + x-cfn-schema-name: LocationS3 + x-type: list + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::LocationS3' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LocationArn') as location_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::LocationS3' + AND region = 'us-east-1' + location_s3: + name: location_s3 + id: aws.datasync.location_s3 + x-cfn-schema-name: LocationS3 + x-type: get + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.S3Config') as s3_config, + JSON_EXTRACT(Properties, '$.S3BucketArn') as s3_bucket_arn, + JSON_EXTRACT(Properties, '$.Subdirectory') as subdirectory, + JSON_EXTRACT(Properties, '$.S3StorageClass') as s3_storage_class, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(Properties, '$.LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationS3' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'S3Config') as s3_config, + json_extract_path_text(Properties, 'S3BucketArn') as s3_bucket_arn, + json_extract_path_text(Properties, 'Subdirectory') as subdirectory, + json_extract_path_text(Properties, 'S3StorageClass') as s3_storage_class, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LocationArn') as location_arn, + json_extract_path_text(Properties, 'LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationS3' + AND data__Identifier = '' + AND region = 'us-east-1' + location_smbs: + name: location_smbs + id: aws.datasync.location_smbs + x-cfn-schema-name: LocationSMB + x-type: list + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::LocationSMB' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LocationArn') as location_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::LocationSMB' + AND region = 'us-east-1' + location_smb: + name: location_smb + id: aws.datasync.location_smb + x-cfn-schema-name: LocationSMB + x-type: get + x-identifiers: + - LocationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AgentArns') as agent_arns, + JSON_EXTRACT(Properties, '$.Domain') as domain, + JSON_EXTRACT(Properties, '$.MountOptions') as mount_options, + JSON_EXTRACT(Properties, '$.Password') as password, + JSON_EXTRACT(Properties, '$.ServerHostname') as server_hostname, + JSON_EXTRACT(Properties, '$.Subdirectory') as subdirectory, + JSON_EXTRACT(Properties, '$.User') as user, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(Properties, '$.LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationSMB' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AgentArns') as agent_arns, + json_extract_path_text(Properties, 'Domain') as domain, + json_extract_path_text(Properties, 'MountOptions') as mount_options, + json_extract_path_text(Properties, 'Password') as password, + json_extract_path_text(Properties, 'ServerHostname') as server_hostname, + json_extract_path_text(Properties, 'Subdirectory') as subdirectory, + json_extract_path_text(Properties, 'User') as user, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LocationArn') as location_arn, + json_extract_path_text(Properties, 'LocationUri') as location_uri + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::LocationSMB' + AND data__Identifier = '' + AND region = 'us-east-1' + storage_systems: + name: storage_systems + id: aws.datasync.storage_systems + x-cfn-schema-name: StorageSystem + x-type: list + x-identifiers: + - StorageSystemArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.StorageSystemArn') as storage_system_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::StorageSystem' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'StorageSystemArn') as storage_system_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::StorageSystem' + AND region = 'us-east-1' + storage_system: + name: storage_system + id: aws.datasync.storage_system + x-cfn-schema-name: StorageSystem + x-type: get + x-identifiers: + - StorageSystemArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ServerConfiguration') as server_configuration, + JSON_EXTRACT(Properties, '$.ServerCredentials') as server_credentials, + JSON_EXTRACT(Properties, '$.SecretsManagerArn') as secrets_manager_arn, + JSON_EXTRACT(Properties, '$.SystemType') as system_type, + JSON_EXTRACT(Properties, '$.AgentArns') as agent_arns, + JSON_EXTRACT(Properties, '$.CloudWatchLogGroupArn') as cloud_watch_log_group_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.StorageSystemArn') as storage_system_arn, + JSON_EXTRACT(Properties, '$.ConnectivityStatus') as connectivity_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::StorageSystem' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ServerConfiguration') as server_configuration, + json_extract_path_text(Properties, 'ServerCredentials') as server_credentials, + json_extract_path_text(Properties, 'SecretsManagerArn') as secrets_manager_arn, + json_extract_path_text(Properties, 'SystemType') as system_type, + json_extract_path_text(Properties, 'AgentArns') as agent_arns, + json_extract_path_text(Properties, 'CloudWatchLogGroupArn') as cloud_watch_log_group_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'StorageSystemArn') as storage_system_arn, + json_extract_path_text(Properties, 'ConnectivityStatus') as connectivity_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::StorageSystem' + AND data__Identifier = '' + AND region = 'us-east-1' + tasks: + name: tasks + id: aws.datasync.tasks + x-cfn-schema-name: Task + x-type: list + x-identifiers: + - TaskArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TaskArn') as task_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::Task' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TaskArn') as task_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataSync::Task' + AND region = 'us-east-1' + task: + name: task + id: aws.datasync.task + x-cfn-schema-name: Task + x-type: get + x-identifiers: + - TaskArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Excludes') as excludes, + JSON_EXTRACT(Properties, '$.Includes') as includes, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CloudWatchLogGroupArn') as cloud_watch_log_group_arn, + JSON_EXTRACT(Properties, '$.DestinationLocationArn') as destination_location_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Options') as options, + JSON_EXTRACT(Properties, '$.TaskReportConfig') as task_report_config, + JSON_EXTRACT(Properties, '$.ManifestConfig') as manifest_config, + JSON_EXTRACT(Properties, '$.Schedule') as schedule, + JSON_EXTRACT(Properties, '$.SourceLocationArn') as source_location_arn, + JSON_EXTRACT(Properties, '$.TaskArn') as task_arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.SourceNetworkInterfaceArns') as source_network_interface_arns, + JSON_EXTRACT(Properties, '$.DestinationNetworkInterfaceArns') as destination_network_interface_arns + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::Task' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Excludes') as excludes, + json_extract_path_text(Properties, 'Includes') as includes, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CloudWatchLogGroupArn') as cloud_watch_log_group_arn, + json_extract_path_text(Properties, 'DestinationLocationArn') as destination_location_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Options') as options, + json_extract_path_text(Properties, 'TaskReportConfig') as task_report_config, + json_extract_path_text(Properties, 'ManifestConfig') as manifest_config, + json_extract_path_text(Properties, 'Schedule') as schedule, + json_extract_path_text(Properties, 'SourceLocationArn') as source_location_arn, + json_extract_path_text(Properties, 'TaskArn') as task_arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'SourceNetworkInterfaceArns') as source_network_interface_arns, + json_extract_path_text(Properties, 'DestinationNetworkInterfaceArns') as destination_network_interface_arns + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataSync::Task' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/datazone.yaml b/providers/src/aws/v00.00.00000/services/datazone.yaml new file mode 100644 index 00000000..083747da --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/datazone.yaml @@ -0,0 +1,1806 @@ +openapi: 3.0.0 +info: + title: DataZone + version: 1.0.0 +paths: {} +components: + schemas: + AccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^\d{12}$ + DataAccessRole: + type: string + description: The data access role included in the configuration details of the AWS Glue data source. + pattern: ^arn:aws[^:]*:iam::\d{12}:(role|role/service-role)/[\w+=,.@-]{1,128}$ + DataSourceConfigurationInput: + description: Specifies the configuration of the data source. It can be set to either glueRunConfiguration or redshiftRunConfiguration. + oneOf: + - type: object + title: GlueRunConfiguration + properties: + GlueRunConfiguration: + $ref: '#/components/schemas/GlueRunConfigurationInput' + additionalProperties: false + - type: object + title: RedshiftRunConfiguration + properties: + RedshiftRunConfiguration: + $ref: '#/components/schemas/RedshiftRunConfigurationInput' + additionalProperties: false + DataSourceStatus: + type: string + description: The status of the data source. + enum: + - CREATING + - FAILED_CREATION + - READY + - UPDATING + - FAILED_UPDATE + - RUNNING + - DELETING + - FAILED_DELETION + EnableSetting: + type: string + description: Specifies whether the data source is enabled. + enum: + - ENABLED + - DISABLED + FilterExpression: + type: object + description: The search filter expression. + properties: + Type: + $ref: '#/components/schemas/FilterExpressionType' + Expression: + type: string + maxLength: 2048 + minLength: 1 + required: + - Expression + - Type + additionalProperties: false + FilterExpressionType: + type: string + description: The search filter expression type. + enum: + - INCLUDE + - EXCLUDE + FormName: + type: string + description: The name of the metadata form. + maxLength: 128 + minLength: 1 + pattern: ^(?![0-9_])\w+$|^_\w*[a-zA-Z0-9]\w*$ + FormInput: + type: object + description: The details of a metadata form. + properties: + FormName: + description: The name of the metadata form. + $ref: '#/components/schemas/FormName' + TypeIdentifier: + type: string + description: The ID of the metadata form type. + maxLength: 385 + minLength: 1 + pattern: ^(?!\.)[\w\.]*\w$ + TypeRevision: + description: The revision of the metadata form type. + $ref: '#/components/schemas/TypeRevision' + Content: + type: string + description: The content of the metadata form. + maxLength: 75000 + required: + - FormName + additionalProperties: false + GlueRunConfigurationInput: + type: object + properties: + DataAccessRole: + description: The data access role included in the configuration details of the AWS Glue data source. + $ref: '#/components/schemas/DataAccessRole' + RelationalFilterConfigurations: + type: array + description: The relational filter configurations included in the configuration details of the AWS Glue data source. + items: + $ref: '#/components/schemas/RelationalFilterConfiguration' + x-insertionOrder: false + required: + - RelationalFilterConfigurations + additionalProperties: false + RecommendationConfiguration: + type: object + description: The recommendation to be updated as part of the UpdateDataSource action. + properties: + EnableBusinessNameGeneration: + type: boolean + description: Specifies whether automatic business name generation is to be enabled or not as part of the recommendation configuration. + additionalProperties: false + RedshiftClusterStorage: + type: object + description: The name of an Amazon Redshift cluster. + properties: + ClusterName: + type: string + description: The name of an Amazon Redshift cluster. + maxLength: 63 + minLength: 1 + pattern: ^[0-9a-z].[a-z0-9\-]*$ + required: + - ClusterName + additionalProperties: false + RedshiftCredentialConfiguration: + type: object + description: The ARN of a secret manager for an Amazon Redshift cluster. + properties: + SecretManagerArn: + type: string + description: The ARN of a secret manager for an Amazon Redshift cluster. + maxLength: 256 + pattern: ^arn:aws[^:]*:secretsmanager:[a-z]{2}-?(iso|gov)?-{1}[a-z]*-{1}[0-9]:\d{12}:secret:.*$ + required: + - SecretManagerArn + additionalProperties: false + RedshiftRunConfigurationInput: + type: object + description: The configuration details of the Amazon Redshift data source. + properties: + DataAccessRole: + description: The data access role included in the configuration details of the Amazon Redshift data source. + $ref: '#/components/schemas/DataAccessRole' + RelationalFilterConfigurations: + $ref: '#/components/schemas/RelationalFilterConfigurations' + RedshiftCredentialConfiguration: + description: The details of the credentials required to access an Amazon Redshift cluster. + $ref: '#/components/schemas/RedshiftCredentialConfiguration' + RedshiftStorage: + description: The details of the Amazon Redshift storage as part of the configuration of an Amazon Redshift data source run. + $ref: '#/components/schemas/RedshiftStorage' + required: + - RedshiftCredentialConfiguration + - RedshiftStorage + - RelationalFilterConfigurations + additionalProperties: false + RedshiftServerlessStorage: + type: object + description: The details of the Amazon Redshift Serverless workgroup storage. + properties: + WorkgroupName: + type: string + description: The name of the Amazon Redshift Serverless workgroup. + maxLength: 64 + minLength: 3 + pattern: ^[a-z0-9-]+$ + required: + - WorkgroupName + additionalProperties: false + RedshiftStorage: + description: The details of the Amazon Redshift storage as part of the configuration of an Amazon Redshift data source run. + oneOf: + - type: object + title: RedshiftClusterSource + description: The details of the Amazon Redshift cluster source. + properties: + RedshiftClusterSource: + $ref: '#/components/schemas/RedshiftClusterStorage' + required: + - RedshiftClusterSource + additionalProperties: false + - type: object + title: RedshiftServerlessSource + description: The details of the Amazon Redshift Serverless workgroup source. + properties: + RedshiftServerlessSource: + $ref: '#/components/schemas/RedshiftServerlessStorage' + required: + - RedshiftServerlessSource + additionalProperties: false + Region: + type: string + maxLength: 16 + minLength: 4 + pattern: '[a-z]{2}-?(iso|gov)?-{1}[a-z]*-{1}[0-9]' + RelationalFilterConfiguration: + type: object + description: The relational filter configuration for the data source. + properties: + DatabaseName: + type: string + description: The database name specified in the relational filter configuration for the data source. + maxLength: 128 + minLength: 1 + SchemaName: + type: string + description: The schema name specified in the relational filter configuration for the data source. + maxLength: 128 + minLength: 1 + FilterExpressions: + type: array + description: The filter expressions specified in the relational filter configuration for the data source. + items: + $ref: '#/components/schemas/FilterExpression' + x-insertionOrder: false + required: + - DatabaseName + additionalProperties: false + RelationalFilterConfigurations: + type: array + description: The relational filter configurations included in the configuration details of the Amazon Redshift data source. + items: + $ref: '#/components/schemas/RelationalFilterConfiguration' + x-insertionOrder: false + ScheduleConfiguration: + type: object + description: The schedule of the data source runs. + properties: + Timezone: + description: The timezone of the data source run. + $ref: '#/components/schemas/Timezone' + Schedule: + type: string + description: The schedule of the data source runs. + maxLength: 256 + minLength: 1 + pattern: cron\((\b[0-5]?[0-9]\b) (\b2[0-3]\b|\b[0-1]?[0-9]\b) (.*){1,5} (.*){1,5} (.*){1,5} (.*){1,5}\) + additionalProperties: false + Timezone: + type: string + TypeRevision: + type: string + description: The revision of the metadata form type. + maxLength: 64 + minLength: 1 + DataSource: + type: object + properties: + AssetFormsInput: + type: array + description: The metadata forms that are to be attached to the assets that this data source works with. + items: + $ref: '#/components/schemas/FormInput' + maxItems: 10 + minItems: 0 + x-insertionOrder: false + CreatedAt: + type: string + description: The timestamp of when the data source was created. + format: date-time + Description: + type: string + description: The description of the data source. + maxLength: 2048 + DomainId: + type: string + description: The ID of the Amazon DataZone domain where the data source is created. + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + DomainIdentifier: + type: string + description: The ID of the Amazon DataZone domain where the data source is created. + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + EnableSetting: + description: Specifies whether the data source is enabled. + $ref: '#/components/schemas/EnableSetting' + EnvironmentId: + type: string + description: The unique identifier of the Amazon DataZone environment to which the data source publishes assets. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + EnvironmentIdentifier: + description: The unique identifier of the Amazon DataZone environment to which the data source publishes assets. + type: string + Id: + type: string + description: The unique identifier of the data source. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + Configuration: + description: Configuration of the data source. It can be set to either glueRunConfiguration or redshiftRunConfiguration. + $ref: '#/components/schemas/DataSourceConfigurationInput' + LastRunAssetCount: + description: The number of assets created by the data source during its last run. + type: number + LastRunAt: + type: string + description: The timestamp that specifies when the data source was last run. + LastRunStatus: + description: The status of the last run of this data source. + type: string + Name: + type: string + description: The name of the data source. + maxLength: 256 + minLength: 1 + ProjectId: + type: string + description: The ID of the Amazon DataZone project to which the data source is added. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + ProjectIdentifier: + type: string + description: The identifier of the Amazon DataZone project in which you want to add the data source. + PublishOnImport: + type: boolean + description: Specifies whether the assets that this data source creates in the inventory are to be also automatically published to the catalog. + Recommendation: + $ref: '#/components/schemas/RecommendationConfiguration' + description: Specifies whether the business name generation is to be enabled for this data source. + Schedule: + description: The schedule of the data source runs. + $ref: '#/components/schemas/ScheduleConfiguration' + Status: + description: The status of the data source. + $ref: '#/components/schemas/DataSourceStatus' + Type: + type: string + description: The type of the data source. + maxLength: 256 + minLength: 1 + UpdatedAt: + type: string + description: The timestamp of when this data source was updated. + format: date-time + required: + - Name + - DomainIdentifier + - ProjectIdentifier + - EnvironmentIdentifier + - Type + x-stackql-resource-name: data_source + description: Definition of AWS::DataZone::DataSource Resource Type + x-type-name: AWS::DataZone::DataSource + x-stackql-primary-identifier: + - DomainId + - Id + x-create-only-properties: + - EnvironmentIdentifier + - DomainIdentifier + - ProjectIdentifier + - Type + x-write-only-properties: + - AssetFormsInput + - EnvironmentIdentifier + - DomainIdentifier + - Configuration + - ProjectIdentifier + x-read-only-properties: + - CreatedAt + - DomainId + - EnvironmentId + - Id + - LastRunAssetCount + - LastRunAt + - LastRunStatus + - ProjectId + - Status + - UpdatedAt + x-required-properties: + - Name + - DomainIdentifier + - ProjectIdentifier + - EnvironmentIdentifier + - Type + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - datazone:CreateDataSource + - iam:PassRole + - datazone:GetDataSource + - datazone:DeleteDataSource + read: + - datazone:GetDataSource + update: + - datazone:UpdateDataSource + - datazone:GetDataSource + - datazone:DeleteDataSource + delete: + - datazone:DeleteDataSource + - datazone:GetDataSource + list: + - datazone:ListDataSources + AuthType: + type: string + description: The type of single sign-on in Amazon DataZone. + enum: + - IAM_IDC + - DISABLED + DomainStatus: + type: string + description: The status of the Amazon DataZone domain. + enum: + - CREATING + - AVAILABLE + - CREATION_FAILED + - DELETING + - DELETED + - DELETION_FAILED + SingleSignOn: + type: object + description: The single-sign on configuration of the Amazon DataZone domain. + properties: + Type: + $ref: '#/components/schemas/AuthType' + UserAssignment: + $ref: '#/components/schemas/UserAssignment' + additionalProperties: false + Tag: + description: A key-value pair to associate with the domain. + type: object + properties: + Key: + type: string + description: The key name of the tag. + minLength: 1 + maxLength: 128 + Value: + type: string + description: The value for the tag. + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + UserAssignment: + type: string + description: The single sign-on user assignment in Amazon DataZone. + enum: + - AUTOMATIC + - MANUAL + Domain: + type: object + properties: + Arn: + type: string + description: The ARN of the Amazon DataZone domain. + pattern: ^arn:aws(|-cn|-us-gov):datazone:\w+(?:-\w+)+:\d{12}:domain/dzd[-_][a-zA-Z0-9_-]{1,36}$ + CreatedAt: + type: string + description: The timestamp of when the Amazon DataZone domain was last updated. + format: date-time + Description: + type: string + description: The description of the Amazon DataZone domain. + DomainExecutionRole: + type: string + description: The domain execution role that is created when an Amazon DataZone domain is created. The domain execution role is created in the AWS account that houses the Amazon DataZone domain. + pattern: ^arn:aws[^:]*:iam::\d{12}:(role|role/service-role)/[\w+=,.@-]*$ + Id: + type: string + description: The id of the Amazon DataZone domain. + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + KmsKeyIdentifier: + type: string + maxLength: 1024 + description: The identifier of the AWS Key Management Service (KMS) key that is used to encrypt the Amazon DataZone domain, metadata, and reporting data. + minLength: 1 + pattern: ^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ + LastUpdatedAt: + type: string + description: The timestamp of when the Amazon DataZone domain was last updated. + format: date-time + ManagedAccountId: + type: string + description: The identifier of the AWS account that manages the domain. + Name: + type: string + description: The name of the Amazon DataZone domain. + PortalUrl: + type: string + description: The URL of the data portal for this Amazon DataZone domain. + SingleSignOn: + $ref: '#/components/schemas/SingleSignOn' + description: The single-sign on configuration of the Amazon DataZone domain. + Status: + $ref: '#/components/schemas/DomainStatus' + description: The status of the Amazon DataZone domain. + Tags: + type: array + description: The tags specified for the Amazon DataZone domain. + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - DomainExecutionRole + - Name + x-stackql-resource-name: domain + description: A domain is an organizing entity for connecting together assets, users, and their projects + x-type-name: AWS::DataZone::Domain + x-stackql-primary-identifier: + - Id + x-stackql-additional-identifiers: + - - Name + x-create-only-properties: + - KmsKeyIdentifier + x-read-only-properties: + - Arn + - CreatedAt + - Id + - LastUpdatedAt + - ManagedAccountId + - PortalUrl + - Status + x-required-properties: + - DomainExecutionRole + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - datazone:CreateDomain + - datazone:UpdateDomain + - datazone:GetDomain + - datazone:TagResource + - sso:CreateManagedApplicationInstance + - sso:DeleteManagedApplicationInstance + - sso:PutApplicationAssignmentConfiguration + read: + - datazone:GetDomain + update: + - datazone:UpdateDomain + - datazone:GetDomain + - datazone:TagResource + - datazone:UntagResource + - sso:CreateManagedApplicationInstance + - sso:DeleteManagedApplicationInstance + - sso:PutApplicationAssignmentConfiguration + delete: + - datazone:DeleteDomain + - datazone:GetDomain + list: + - datazone:ListDomains + EnvironmentParameter: + type: object + description: The parameter details of an environment profile. + properties: + Name: + type: string + description: The name of an environment profile parameter. + Value: + type: string + description: The value of an environment profile parameter. + additionalProperties: false + EnvironmentStatus: + type: string + description: The status of the Amazon DataZone environment. + enum: + - ACTIVE + - CREATING + - UPDATING + - DELETING + - CREATE_FAILED + - UPDATE_FAILED + - DELETE_FAILED + - VALIDATION_FAILED + - SUSPENDED + - DISABLED + - EXPIRED + - DELETED + - INACCESSIBLE + Environment: + type: object + properties: + AwsAccountId: + type: string + description: The AWS account in which the Amazon DataZone environment is created. + pattern: ^\d{12}$ + AwsAccountRegion: + type: string + description: The AWS region in which the Amazon DataZone environment is created. + pattern: ^[a-z]{2}-[a-z]{4,10}-\d$ + CreatedAt: + type: string + description: The timestamp of when the environment was created. + format: date-time + CreatedBy: + type: string + description: The Amazon DataZone user who created the environment. + Description: + type: string + description: The description of the Amazon DataZone environment. + maxLength: 2048 + DomainId: + type: string + description: The identifier of the Amazon DataZone domain in which the environment is created. + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + DomainIdentifier: + type: string + description: The identifier of the Amazon DataZone domain in which the environment would be created. + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + EnvironmentBlueprintId: + type: string + description: The ID of the blueprint with which the Amazon DataZone environment was created. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + EnvironmentProfileId: + type: string + description: The ID of the environment profile with which the Amazon DataZone environment was created. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + EnvironmentProfileIdentifier: + type: string + description: The ID of the environment profile with which the Amazon DataZone environment would be created. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + GlossaryTerms: + type: array + x-insertionOrder: false + description: The glossary terms that can be used in the Amazon DataZone environment. + items: + type: string + pattern: ^[a-zA-Z0-9_-]{1,36}$ + maxItems: 20 + minItems: 1 + Id: + type: string + description: The ID of the Amazon DataZone environment. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + Name: + type: string + description: The name of the environment. + maxLength: 64 + minLength: 1 + pattern: ^[\w -]+$ + ProjectId: + type: string + description: The ID of the Amazon DataZone project in which the environment is created. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + ProjectIdentifier: + type: string + description: The ID of the Amazon DataZone project in which the environment would be created. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + Provider: + type: string + description: The provider of the Amazon DataZone environment. + Status: + $ref: '#/components/schemas/EnvironmentStatus' + description: The status of the Amazon DataZone environment. + UpdatedAt: + type: string + description: The timestamp of when the environment was updated. + format: date-time + UserParameters: + type: array + x-insertionOrder: false + description: The user parameters of the Amazon DataZone environment. + items: + $ref: '#/components/schemas/EnvironmentParameter' + required: + - EnvironmentProfileIdentifier + - Name + - ProjectIdentifier + - DomainIdentifier + x-stackql-resource-name: environment + description: Definition of AWS::DataZone::Environment Resource Type + x-type-name: AWS::DataZone::Environment + x-stackql-primary-identifier: + - DomainId + - Id + x-stackql-additional-identifiers: + - - DomainIdentifier + x-create-only-properties: + - DomainIdentifier + - EnvironmentProfileIdentifier + - ProjectIdentifier + - UserParameters + x-write-only-properties: + - EnvironmentProfileIdentifier + - ProjectIdentifier + - DomainIdentifier + x-read-only-properties: + - AwsAccountId + - AwsAccountRegion + - CreatedAt + - CreatedBy + - DomainId + - EnvironmentBlueprintId + - EnvironmentProfileId + - Id + - ProjectId + - Provider + - Status + - UpdatedAt + x-required-properties: + - EnvironmentProfileIdentifier + - Name + - ProjectIdentifier + - DomainIdentifier + x-tagging: + taggable: false + x-required-permissions: + create: + - datazone:CreateEnvironment + - datazone:GetEnvironment + - datazone:DeleteEnvironment + read: + - datazone:GetEnvironment + update: + - datazone:UpdateEnvironment + - datazone:GetEnvironment + - datazone:DeleteEnvironment + delete: + - datazone:DeleteEnvironment + - datazone:GetEnvironment + list: + - datazone:ListEnvironments + RegionalParameter: + additionalProperties: false + type: object + properties: + Parameters: + $ref: '#/components/schemas/Parameter' + Region: + pattern: ^[a-z]{2}-?(iso|gov)?-{1}[a-z]*-{1}[0-9]$ + type: string + Parameter: + x-patternProperties: + .+: + type: string + additionalProperties: false + type: object + EnvironmentBlueprintConfiguration: + type: object + properties: + RegionalParameters: + uniqueItems: true + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/RegionalParameter' + ProvisioningRoleArn: + pattern: ^arn:aws[^:]*:iam::\d{12}:(role|role/service-role)/[\w+=,.@-]*$ + type: string + DomainId: + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + type: string + CreatedAt: + format: date-time + type: string + EnabledRegions: + minItems: 0 + x-insertionOrder: false + type: array + items: + minLength: 4 + pattern: ^[a-z]{2}-?(iso|gov)?-{1}[a-z]*-{1}[0-9]$ + type: string + maxLength: 16 + EnvironmentBlueprintIdentifier: + pattern: ^[a-zA-Z0-9_-]{1,36}$ + type: string + EnvironmentBlueprintId: + pattern: ^[a-zA-Z0-9_-]{1,36}$ + type: string + UpdatedAt: + format: date-time + type: string + DomainIdentifier: + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + type: string + ManageAccessRoleArn: + pattern: ^arn:aws[^:]*:iam::\d{12}:(role|role/service-role)/[\w+=,.@-]*$ + type: string + required: + - DomainIdentifier + - EnvironmentBlueprintIdentifier + - EnabledRegions + x-stackql-resource-name: environment_blueprint_configuration + description: Definition of AWS::DataZone::EnvironmentBlueprintConfiguration Resource Type + x-type-name: AWS::DataZone::EnvironmentBlueprintConfiguration + x-stackql-primary-identifier: + - DomainId + - EnvironmentBlueprintId + x-stackql-additional-identifiers: + - - DomainIdentifier + - EnvironmentBlueprintIdentifier + x-create-only-properties: + - DomainIdentifier + - EnvironmentBlueprintIdentifier + x-write-only-properties: + - DomainIdentifier + - EnvironmentBlueprintIdentifier + x-read-only-properties: + - CreatedAt + - DomainId + - EnvironmentBlueprintId + - UpdatedAt + x-required-properties: + - DomainIdentifier + - EnvironmentBlueprintIdentifier + - EnabledRegions + x-tagging: + taggable: false + x-required-permissions: + read: + - datazone:GetEnvironmentBlueprintConfiguration + create: + - datazone:ListEnvironmentBlueprints + - iam:PassRole + - datazone:GetEnvironmentBlueprintConfiguration + - datazone:PutEnvironmentBlueprintConfiguration + update: + - datazone:DeleteEnvironmentBlueprintConfiguration + - iam:PassRole + - datazone:GetEnvironmentBlueprintConfiguration + - datazone:PutEnvironmentBlueprintConfiguration + list: + - datazone:ListEnvironmentBlueprintConfigurations + delete: + - datazone:GetEnvironmentBlueprintConfiguration + - datazone:DeleteEnvironmentBlueprintConfiguration + EnvironmentProfile: + type: object + properties: + AwsAccountId: + description: The AWS account in which the Amazon DataZone environment is created. + type: string + pattern: ^\d{12}$ + AwsAccountRegion: + description: The AWS region in which this environment profile is created. + type: string + pattern: ^[a-z]{2}-[a-z]{4,10}-\d$ + CreatedAt: + description: The timestamp of when this environment profile was created. + type: string + format: date-time + CreatedBy: + description: The Amazon DataZone user who created this environment profile. + type: string + Description: + description: The description of this Amazon DataZone environment profile. + type: string + maxLength: 2048 + DomainId: + description: The ID of the Amazon DataZone domain in which this environment profile is created. + type: string + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + DomainIdentifier: + description: The ID of the Amazon DataZone domain in which this environment profile is created. + type: string + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + EnvironmentBlueprintId: + description: The ID of the blueprint with which this environment profile is created. + type: string + pattern: ^[a-zA-Z0-9_-]{1,36}$ + EnvironmentBlueprintIdentifier: + description: The ID of the blueprint with which this environment profile is created. + type: string + pattern: ^[a-zA-Z0-9_-]{1,36}$ + Id: + description: The ID of this Amazon DataZone environment profile. + type: string + pattern: ^[a-zA-Z0-9_-]{1,36}$ + Name: + description: The name of this Amazon DataZone environment profile. + type: string + maxLength: 64 + minLength: 1 + pattern: ^[\w -]+$ + ProjectId: + description: The identifier of the project in which to create the environment profile. + type: string + pattern: ^[a-zA-Z0-9_-]{1,36}$ + ProjectIdentifier: + description: The identifier of the project in which to create the environment profile. + type: string + pattern: ^[a-zA-Z0-9_-]{1,36}$ + UpdatedAt: + description: The timestamp of when this environment profile was updated. + type: string + format: date-time + UserParameters: + description: The user parameters of this Amazon DataZone environment profile. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/EnvironmentParameter' + required: + - EnvironmentBlueprintIdentifier + - ProjectIdentifier + - DomainIdentifier + - AwsAccountId + - AwsAccountRegion + - Name + x-stackql-resource-name: environment_profile + description: AWS Datazone Environment Profile is pre-configured set of resources and blueprints that provide reusable templates for creating environments. + x-type-name: AWS::DataZone::EnvironmentProfile + x-stackql-primary-identifier: + - DomainId + - Id + x-stackql-additional-identifiers: + - - DomainIdentifier + x-create-only-properties: + - DomainIdentifier + - EnvironmentBlueprintIdentifier + - ProjectIdentifier + x-write-only-properties: + - EnvironmentBlueprintIdentifier + - ProjectIdentifier + - DomainIdentifier + x-read-only-properties: + - CreatedAt + - CreatedBy + - DomainId + - EnvironmentBlueprintId + - Id + - ProjectId + - UpdatedAt + x-required-properties: + - EnvironmentBlueprintIdentifier + - ProjectIdentifier + - DomainIdentifier + - AwsAccountId + - AwsAccountRegion + - Name + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - datazone:CreateEnvironmentProfile + - datazone:GetEnvironmentProfile + read: + - datazone:GetEnvironmentProfile + update: + - datazone:UpdateEnvironmentProfile + - datazone:GetEnvironmentProfile + delete: + - datazone:DeleteEnvironmentProfile + - datazone:GetEnvironmentProfile + list: + - datazone:ListEnvironmentProfiles + Project: + type: object + properties: + CreatedAt: + description: The timestamp of when the project was created. + type: string + format: date-time + CreatedBy: + description: The Amazon DataZone user who created the project. + type: string + Description: + description: The description of the Amazon DataZone project. + type: string + maxLength: 2048 + DomainId: + description: The identifier of the Amazon DataZone domain in which the project was created. + type: string + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + DomainIdentifier: + description: The ID of the Amazon DataZone domain in which this project is created. + type: string + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + GlossaryTerms: + description: The glossary terms that can be used in this Amazon DataZone project. + type: array + x-insertionOrder: false + items: + type: string + pattern: ^[a-zA-Z0-9_-]{1,36}$ + maxItems: 20 + minItems: 1 + Id: + description: The ID of the Amazon DataZone project. + type: string + pattern: ^[a-zA-Z0-9_-]{1,36}$ + LastUpdatedAt: + description: The timestamp of when the project was last updated. + type: string + format: date-time + Name: + description: The name of the Amazon DataZone project. + type: string + maxLength: 64 + minLength: 1 + pattern: ^[\w -]+$ + required: + - DomainIdentifier + - Name + x-stackql-resource-name: project + description: Amazon DataZone projects are business use case–based groupings of people, assets (data), and tools used to simplify access to the AWS analytics. + x-type-name: AWS::DataZone::Project + x-stackql-primary-identifier: + - DomainId + - Id + x-stackql-additional-identifiers: + - - DomainIdentifier + x-create-only-properties: + - DomainIdentifier + x-write-only-properties: + - DomainIdentifier + x-read-only-properties: + - Id + - CreatedAt + - CreatedBy + - DomainId + - LastUpdatedAt + x-required-properties: + - DomainIdentifier + - Name + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - datazone:CreateProject + - datazone:GetProject + read: + - datazone:GetProject + update: + - datazone:UpdateProject + - datazone:GetProject + delete: + - datazone:DeleteProject + - datazone:GetProject + list: + - datazone:ListProjects + SubscriptionTargetForm: + type: object + description: The details of the subscription target configuration. + properties: + FormName: + type: string + description: The form name included in the subscription target configuration. + maxLength: 128 + minLength: 1 + pattern: ^(?![0-9_])\w+$|^_\w*[a-zA-Z0-9]\w*$ + Content: + type: string + description: The content of the subscription target configuration. + required: + - Content + - FormName + additionalProperties: false + SubscriptionTarget: + type: object + properties: + ApplicableAssetTypes: + type: array + description: The asset types that can be included in the subscription target. + x-insertionOrder: false + items: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[^\.]* + AuthorizedPrincipals: + type: array + description: The authorized principals of the subscription target. + x-insertionOrder: false + items: + type: string + pattern: ^[a-zA-Z0-9:/_-]*$ + maxItems: 10 + minItems: 1 + CreatedAt: + type: string + description: The timestamp of when the subscription target was created. + format: date-time + CreatedBy: + type: string + description: The Amazon DataZone user who created the subscription target. + DomainId: + type: string + description: The ID of the Amazon DataZone domain in which subscription target is created. + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + DomainIdentifier: + type: string + description: The ID of the Amazon DataZone domain in which subscription target would be created. + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + EnvironmentId: + type: string + description: The ID of the environment in which subscription target is created. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + EnvironmentIdentifier: + type: string + description: The ID of the environment in which subscription target would be created. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + Id: + type: string + description: The ID of the subscription target. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + ManageAccessRole: + type: string + description: The manage access role that is used to create the subscription target. + Name: + type: string + description: The name of the subscription target. + maxLength: 256 + minLength: 1 + ProjectId: + type: string + description: The identifier of the project specified in the subscription target. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + Provider: + type: string + description: The provider of the subscription target. + SubscriptionTargetConfig: + type: array + description: The configuration of the subscription target. + x-insertionOrder: false + items: + $ref: '#/components/schemas/SubscriptionTargetForm' + Type: + type: string + description: The type of the subscription target. + UpdatedAt: + type: string + description: The timestamp of when the subscription target was updated. + format: date-time + UpdatedBy: + type: string + description: The Amazon DataZone user who updated the subscription target. + required: + - ApplicableAssetTypes + - AuthorizedPrincipals + - DomainIdentifier + - EnvironmentIdentifier + - ManageAccessRole + - Name + - SubscriptionTargetConfig + - Type + x-stackql-resource-name: subscription_target + description: Subscription targets enables one to access the data to which you have subscribed in your projects. + x-type-name: AWS::DataZone::SubscriptionTarget + x-stackql-primary-identifier: + - DomainId + - EnvironmentId + - Id + x-create-only-properties: + - Type + - DomainIdentifier + - EnvironmentIdentifier + x-write-only-properties: + - DomainIdentifier + - EnvironmentIdentifier + x-read-only-properties: + - CreatedAt + - CreatedBy + - DomainId + - EnvironmentId + - Id + - ProjectId + - UpdatedAt + - UpdatedBy + x-required-properties: + - ApplicableAssetTypes + - AuthorizedPrincipals + - DomainIdentifier + - EnvironmentIdentifier + - ManageAccessRole + - Name + - SubscriptionTargetConfig + - Type + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - datazone:CreateSubscriptionTarget + - datazone:GetSubscriptionTarget + - iam:PassRole + read: + - datazone:GetSubscriptionTarget + update: + - datazone:UpdateSubscriptionTarget + - datazone:GetSubscriptionTarget + - iam:PassRole + delete: + - datazone:DeleteSubscriptionTarget + list: + - datazone:ListSubscriptionTargets + x-stackQL-resources: + data_sources: + name: data_sources + id: aws.datazone.data_sources + x-cfn-schema-name: DataSource + x-type: list + x-identifiers: + - DomainId + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::DataSource' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::DataSource' + AND region = 'us-east-1' + data_source: + name: data_source + id: aws.datazone.data_source + x-cfn-schema-name: DataSource + x-type: get + x-identifiers: + - DomainId + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AssetFormsInput') as asset_forms_input, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.DomainIdentifier') as domain_identifier, + JSON_EXTRACT(Properties, '$.EnableSetting') as enable_setting, + JSON_EXTRACT(Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(Properties, '$.EnvironmentIdentifier') as environment_identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Configuration') as configuration, + JSON_EXTRACT(Properties, '$.LastRunAssetCount') as last_run_asset_count, + JSON_EXTRACT(Properties, '$.LastRunAt') as last_run_at, + JSON_EXTRACT(Properties, '$.LastRunStatus') as last_run_status, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ProjectId') as project_id, + JSON_EXTRACT(Properties, '$.ProjectIdentifier') as project_identifier, + JSON_EXTRACT(Properties, '$.PublishOnImport') as publish_on_import, + JSON_EXTRACT(Properties, '$.Recommendation') as recommendation, + JSON_EXTRACT(Properties, '$.Schedule') as schedule, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::DataSource' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AssetFormsInput') as asset_forms_input, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'DomainIdentifier') as domain_identifier, + json_extract_path_text(Properties, 'EnableSetting') as enable_setting, + json_extract_path_text(Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(Properties, 'EnvironmentIdentifier') as environment_identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Configuration') as configuration, + json_extract_path_text(Properties, 'LastRunAssetCount') as last_run_asset_count, + json_extract_path_text(Properties, 'LastRunAt') as last_run_at, + json_extract_path_text(Properties, 'LastRunStatus') as last_run_status, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ProjectId') as project_id, + json_extract_path_text(Properties, 'ProjectIdentifier') as project_identifier, + json_extract_path_text(Properties, 'PublishOnImport') as publish_on_import, + json_extract_path_text(Properties, 'Recommendation') as recommendation, + json_extract_path_text(Properties, 'Schedule') as schedule, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::DataSource' + AND data__Identifier = '|' + AND region = 'us-east-1' + domains: + name: domains + id: aws.datazone.domains + x-cfn-schema-name: Domain + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::Domain' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::Domain' + AND region = 'us-east-1' + domain: + name: domain + id: aws.datazone.domain + x-cfn-schema-name: Domain + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DomainExecutionRole') as domain_execution_role, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.KmsKeyIdentifier') as kms_key_identifier, + JSON_EXTRACT(Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(Properties, '$.ManagedAccountId') as managed_account_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.PortalUrl') as portal_url, + JSON_EXTRACT(Properties, '$.SingleSignOn') as single_sign_on, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::Domain' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DomainExecutionRole') as domain_execution_role, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'KmsKeyIdentifier') as kms_key_identifier, + json_extract_path_text(Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(Properties, 'ManagedAccountId') as managed_account_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'PortalUrl') as portal_url, + json_extract_path_text(Properties, 'SingleSignOn') as single_sign_on, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::Domain' + AND data__Identifier = '' + AND region = 'us-east-1' + environments: + name: environments + id: aws.datazone.environments + x-cfn-schema-name: Environment + x-type: list + x-identifiers: + - DomainId + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::Environment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::Environment' + AND region = 'us-east-1' + environment: + name: environment + id: aws.datazone.environment + x-cfn-schema-name: Environment + x-type: get + x-identifiers: + - DomainId + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.AwsAccountRegion') as aws_account_region, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.CreatedBy') as created_by, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.DomainIdentifier') as domain_identifier, + JSON_EXTRACT(Properties, '$.EnvironmentBlueprintId') as environment_blueprint_id, + JSON_EXTRACT(Properties, '$.EnvironmentProfileId') as environment_profile_id, + JSON_EXTRACT(Properties, '$.EnvironmentProfileIdentifier') as environment_profile_identifier, + JSON_EXTRACT(Properties, '$.GlossaryTerms') as glossary_terms, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ProjectId') as project_id, + JSON_EXTRACT(Properties, '$.ProjectIdentifier') as project_identifier, + JSON_EXTRACT(Properties, '$.Provider') as provider, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.UserParameters') as user_parameters + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::Environment' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'AwsAccountRegion') as aws_account_region, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'CreatedBy') as created_by, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'DomainIdentifier') as domain_identifier, + json_extract_path_text(Properties, 'EnvironmentBlueprintId') as environment_blueprint_id, + json_extract_path_text(Properties, 'EnvironmentProfileId') as environment_profile_id, + json_extract_path_text(Properties, 'EnvironmentProfileIdentifier') as environment_profile_identifier, + json_extract_path_text(Properties, 'GlossaryTerms') as glossary_terms, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ProjectId') as project_id, + json_extract_path_text(Properties, 'ProjectIdentifier') as project_identifier, + json_extract_path_text(Properties, 'Provider') as provider, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'UserParameters') as user_parameters + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::Environment' + AND data__Identifier = '|' + AND region = 'us-east-1' + environment_blueprint_configurations: + name: environment_blueprint_configurations + id: aws.datazone.environment_blueprint_configurations + x-cfn-schema-name: EnvironmentBlueprintConfiguration + x-type: list + x-identifiers: + - DomainId + - EnvironmentBlueprintId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.EnvironmentBlueprintId') as environment_blueprint_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::EnvironmentBlueprintConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'EnvironmentBlueprintId') as environment_blueprint_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::EnvironmentBlueprintConfiguration' + AND region = 'us-east-1' + environment_blueprint_configuration: + name: environment_blueprint_configuration + id: aws.datazone.environment_blueprint_configuration + x-cfn-schema-name: EnvironmentBlueprintConfiguration + x-type: get + x-identifiers: + - DomainId + - EnvironmentBlueprintId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RegionalParameters') as regional_parameters, + JSON_EXTRACT(Properties, '$.ProvisioningRoleArn') as provisioning_role_arn, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.EnabledRegions') as enabled_regions, + JSON_EXTRACT(Properties, '$.EnvironmentBlueprintIdentifier') as environment_blueprint_identifier, + JSON_EXTRACT(Properties, '$.EnvironmentBlueprintId') as environment_blueprint_id, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.DomainIdentifier') as domain_identifier, + JSON_EXTRACT(Properties, '$.ManageAccessRoleArn') as manage_access_role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::EnvironmentBlueprintConfiguration' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RegionalParameters') as regional_parameters, + json_extract_path_text(Properties, 'ProvisioningRoleArn') as provisioning_role_arn, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'EnabledRegions') as enabled_regions, + json_extract_path_text(Properties, 'EnvironmentBlueprintIdentifier') as environment_blueprint_identifier, + json_extract_path_text(Properties, 'EnvironmentBlueprintId') as environment_blueprint_id, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'DomainIdentifier') as domain_identifier, + json_extract_path_text(Properties, 'ManageAccessRoleArn') as manage_access_role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::EnvironmentBlueprintConfiguration' + AND data__Identifier = '|' + AND region = 'us-east-1' + environment_profiles: + name: environment_profiles + id: aws.datazone.environment_profiles + x-cfn-schema-name: EnvironmentProfile + x-type: list + x-identifiers: + - DomainId + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::EnvironmentProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::EnvironmentProfile' + AND region = 'us-east-1' + environment_profile: + name: environment_profile + id: aws.datazone.environment_profile + x-cfn-schema-name: EnvironmentProfile + x-type: get + x-identifiers: + - DomainId + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.AwsAccountRegion') as aws_account_region, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.CreatedBy') as created_by, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.DomainIdentifier') as domain_identifier, + JSON_EXTRACT(Properties, '$.EnvironmentBlueprintId') as environment_blueprint_id, + JSON_EXTRACT(Properties, '$.EnvironmentBlueprintIdentifier') as environment_blueprint_identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ProjectId') as project_id, + JSON_EXTRACT(Properties, '$.ProjectIdentifier') as project_identifier, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.UserParameters') as user_parameters + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::EnvironmentProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'AwsAccountRegion') as aws_account_region, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'CreatedBy') as created_by, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'DomainIdentifier') as domain_identifier, + json_extract_path_text(Properties, 'EnvironmentBlueprintId') as environment_blueprint_id, + json_extract_path_text(Properties, 'EnvironmentBlueprintIdentifier') as environment_blueprint_identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ProjectId') as project_id, + json_extract_path_text(Properties, 'ProjectIdentifier') as project_identifier, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'UserParameters') as user_parameters + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::EnvironmentProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' + projects: + name: projects + id: aws.datazone.projects + x-cfn-schema-name: Project + x-type: list + x-identifiers: + - DomainId + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::Project' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::Project' + AND region = 'us-east-1' + project: + name: project + id: aws.datazone.project + x-cfn-schema-name: Project + x-type: get + x-identifiers: + - DomainId + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.CreatedBy') as created_by, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.DomainIdentifier') as domain_identifier, + JSON_EXTRACT(Properties, '$.GlossaryTerms') as glossary_terms, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::Project' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'CreatedBy') as created_by, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'DomainIdentifier') as domain_identifier, + json_extract_path_text(Properties, 'GlossaryTerms') as glossary_terms, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::Project' + AND data__Identifier = '|' + AND region = 'us-east-1' + subscription_targets: + name: subscription_targets + id: aws.datazone.subscription_targets + x-cfn-schema-name: SubscriptionTarget + x-type: list + x-identifiers: + - DomainId + - EnvironmentId + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::SubscriptionTarget' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::SubscriptionTarget' + AND region = 'us-east-1' + subscription_target: + name: subscription_target + id: aws.datazone.subscription_target + x-cfn-schema-name: SubscriptionTarget + x-type: get + x-identifiers: + - DomainId + - EnvironmentId + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApplicableAssetTypes') as applicable_asset_types, + JSON_EXTRACT(Properties, '$.AuthorizedPrincipals') as authorized_principals, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.CreatedBy') as created_by, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.DomainIdentifier') as domain_identifier, + JSON_EXTRACT(Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(Properties, '$.EnvironmentIdentifier') as environment_identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ManageAccessRole') as manage_access_role, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ProjectId') as project_id, + JSON_EXTRACT(Properties, '$.Provider') as provider, + JSON_EXTRACT(Properties, '$.SubscriptionTargetConfig') as subscription_target_config, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.UpdatedBy') as updated_by + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::SubscriptionTarget' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApplicableAssetTypes') as applicable_asset_types, + json_extract_path_text(Properties, 'AuthorizedPrincipals') as authorized_principals, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'CreatedBy') as created_by, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'DomainIdentifier') as domain_identifier, + json_extract_path_text(Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(Properties, 'EnvironmentIdentifier') as environment_identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ManageAccessRole') as manage_access_role, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ProjectId') as project_id, + json_extract_path_text(Properties, 'Provider') as provider, + json_extract_path_text(Properties, 'SubscriptionTargetConfig') as subscription_target_config, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'UpdatedBy') as updated_by + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::SubscriptionTarget' + AND data__Identifier = '||' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/deadline.yaml b/providers/src/aws/v00.00.00000/services/deadline.yaml new file mode 100644 index 00000000..53ce3435 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/deadline.yaml @@ -0,0 +1,1546 @@ +openapi: 3.0.0 +info: + title: Deadline + version: 1.0.0 +paths: {} +components: + schemas: + Farm: + type: object + properties: + Description: + type: string + default: '' + maxLength: 100 + minLength: 0 + DisplayName: + type: string + maxLength: 100 + minLength: 1 + FarmId: + type: string + pattern: ^farm-[0-9a-f]{32}$ + KmsKeyArn: + type: string + pattern: ^arn:aws[-a-z]*:kms:.*:key/.* + Arn: + type: string + pattern: ^arn:(aws[a-zA-Z-]*):deadline:[a-z0-9-]+:[0-9]+:farm/.+? + required: + - DisplayName + x-stackql-resource-name: farm + description: Definition of AWS::Deadline::Farm Resource Type + x-type-name: AWS::Deadline::Farm + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - KmsKeyArn + x-read-only-properties: + - FarmId + - Arn + x-required-properties: + - DisplayName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - deadline:CreateFarm + - deadline:GetFarm + - kms:Encrypt + - kms:Decrypt + - kms:CreateGrant + - kms:GenerateDataKey + read: + - deadline:GetFarm + - identitystore:ListGroupMembershipsForMember + - kms:Encrypt + - kms:Decrypt + - kms:CreateGrant + - kms:GenerateDataKey + update: + - deadline:UpdateFarm + - deadline:GetFarm + - identitystore:ListGroupMembershipsForMember + - kms:Encrypt + - kms:Decrypt + - kms:CreateGrant + - kms:GenerateDataKey + delete: + - deadline:DeleteFarm + - deadline:GetFarm + - identitystore:ListGroupMembershipsForMember + - kms:Encrypt + - kms:Decrypt + - kms:CreateGrant + - kms:GenerateDataKey + list: + - deadline:ListFarms + - identitystore:ListGroupMembershipsForMember + AcceleratorCountRange: + type: object + properties: + Min: + type: integer + maximum: 2147483647 + minimum: 0 + Max: + type: integer + maximum: 2147483647 + minimum: 0 + required: + - Min + additionalProperties: false + AcceleratorTotalMemoryMiBRange: + type: object + properties: + Min: + type: integer + maximum: 2147483647 + minimum: 0 + Max: + type: integer + maximum: 2147483647 + minimum: 0 + required: + - Min + additionalProperties: false + AcceleratorType: + type: string + enum: + - gpu + AutoScalingMode: + type: string + enum: + - NO_SCALING + - EVENT_BASED_AUTO_SCALING + CpuArchitectureType: + type: string + enum: + - x86_64 + - arm64 + CustomerManagedFleetConfiguration: + type: object + properties: + Mode: + $ref: '#/components/schemas/AutoScalingMode' + WorkerCapabilities: + $ref: '#/components/schemas/CustomerManagedWorkerCapabilities' + StorageProfileId: + type: string + pattern: ^sp-[0-9a-f]{32}$ + required: + - Mode + - WorkerCapabilities + additionalProperties: false + CustomerManagedFleetOperatingSystemFamily: + type: string + enum: + - WINDOWS + - LINUX + - MACOS + CustomerManagedWorkerCapabilities: + type: object + properties: + VCpuCount: + $ref: '#/components/schemas/VCpuCountRange' + MemoryMiB: + $ref: '#/components/schemas/MemoryMiBRange' + AcceleratorTypes: + type: array + items: + $ref: '#/components/schemas/AcceleratorType' + AcceleratorCount: + $ref: '#/components/schemas/AcceleratorCountRange' + AcceleratorTotalMemoryMiB: + $ref: '#/components/schemas/AcceleratorTotalMemoryMiBRange' + OsFamily: + $ref: '#/components/schemas/CustomerManagedFleetOperatingSystemFamily' + CpuArchitectureType: + $ref: '#/components/schemas/CpuArchitectureType' + CustomAmounts: + type: array + items: + $ref: '#/components/schemas/FleetAmountCapability' + maxItems: 15 + minItems: 1 + CustomAttributes: + type: array + items: + $ref: '#/components/schemas/FleetAttributeCapability' + maxItems: 15 + minItems: 1 + required: + - CpuArchitectureType + - MemoryMiB + - OsFamily + - VCpuCount + additionalProperties: false + Ec2EbsVolume: + type: object + properties: + SizeGiB: + type: integer + default: 250 + Iops: + type: integer + default: 3000 + maximum: 16000 + minimum: 3000 + ThroughputMiB: + type: integer + default: 125 + maximum: 1000 + minimum: 125 + additionalProperties: false + Ec2MarketType: + type: string + enum: + - on-demand + - spot + FleetAmountCapability: + type: object + properties: + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^([a-zA-Z][a-zA-Z0-9]{0,63}:)?amount(\.[a-zA-Z][a-zA-Z0-9]{0,63})+$ + Min: + type: number + Max: + type: number + required: + - Min + - Name + additionalProperties: false + FleetAttributeCapability: + type: object + properties: + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^([a-zA-Z][a-zA-Z0-9]{0,63}:)?attr(\.[a-zA-Z][a-zA-Z0-9]{0,63})+$ + Values: + type: array + items: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z_]([a-zA-Z0-9_\-]{0,99})$ + maxItems: 10 + minItems: 1 + required: + - Name + - Values + additionalProperties: false + FleetCapabilities: + type: object + properties: + Amounts: + type: array + items: + $ref: '#/components/schemas/FleetAmountCapability' + maxItems: 15 + minItems: 1 + Attributes: + type: array + items: + $ref: '#/components/schemas/FleetAttributeCapability' + maxItems: 15 + minItems: 1 + additionalProperties: false + FleetConfiguration: + oneOf: + - type: object + title: CustomerManaged + properties: + CustomerManaged: + $ref: '#/components/schemas/CustomerManagedFleetConfiguration' + required: + - CustomerManaged + additionalProperties: false + - type: object + title: ServiceManagedEc2 + properties: + ServiceManagedEc2: + $ref: '#/components/schemas/ServiceManagedEc2FleetConfiguration' + required: + - ServiceManagedEc2 + additionalProperties: false + FleetStatus: + type: string + enum: + - ACTIVE + - CREATE_IN_PROGRESS + - UPDATE_IN_PROGRESS + - CREATE_FAILED + - UPDATE_FAILED + MemoryMiBRange: + type: object + properties: + Min: + type: integer + maximum: 2147483647 + minimum: 512 + Max: + type: integer + maximum: 2147483647 + minimum: 512 + required: + - Min + additionalProperties: false + ServiceManagedEc2FleetConfiguration: + type: object + properties: + InstanceCapabilities: + $ref: '#/components/schemas/ServiceManagedEc2InstanceCapabilities' + InstanceMarketOptions: + $ref: '#/components/schemas/ServiceManagedEc2InstanceMarketOptions' + required: + - InstanceCapabilities + - InstanceMarketOptions + additionalProperties: false + ServiceManagedEc2InstanceMarketOptions: + type: object + properties: + Type: + $ref: '#/components/schemas/Ec2MarketType' + required: + - Type + additionalProperties: false + ServiceManagedEc2InstanceCapabilities: + type: object + properties: + VCpuCount: + $ref: '#/components/schemas/VCpuCountRange' + MemoryMiB: + $ref: '#/components/schemas/MemoryMiBRange' + OsFamily: + $ref: '#/components/schemas/ServiceManagedFleetOperatingSystemFamily' + CpuArchitectureType: + $ref: '#/components/schemas/CpuArchitectureType' + RootEbsVolume: + $ref: '#/components/schemas/Ec2EbsVolume' + AllowedInstanceTypes: + type: array + items: + type: string + pattern: ^[a-zA-Z0-9]+\.[a-zA-Z0-9]+$ + maxItems: 100 + minItems: 1 + ExcludedInstanceTypes: + type: array + items: + type: string + pattern: ^[a-zA-Z0-9]+\.[a-zA-Z0-9]+$ + maxItems: 100 + minItems: 1 + CustomAmounts: + type: array + items: + $ref: '#/components/schemas/FleetAmountCapability' + maxItems: 15 + minItems: 1 + CustomAttributes: + type: array + items: + $ref: '#/components/schemas/FleetAttributeCapability' + maxItems: 15 + minItems: 1 + required: + - CpuArchitectureType + - MemoryMiB + - OsFamily + - VCpuCount + additionalProperties: false + ServiceManagedFleetOperatingSystemFamily: + type: string + enum: + - WINDOWS + - LINUX + VCpuCountRange: + type: object + properties: + Min: + type: integer + maximum: 10000 + minimum: 1 + Max: + type: integer + maximum: 10000 + minimum: 1 + required: + - Min + additionalProperties: false + Fleet: + type: object + properties: + Capabilities: + $ref: '#/components/schemas/FleetCapabilities' + Configuration: + $ref: '#/components/schemas/FleetConfiguration' + Description: + type: string + default: '' + maxLength: 100 + minLength: 0 + DisplayName: + type: string + maxLength: 100 + minLength: 1 + FarmId: + type: string + pattern: ^farm-[0-9a-f]{32}$ + FleetId: + type: string + pattern: ^fleet-[0-9a-f]{32}$ + MaxWorkerCount: + type: integer + maximum: 2147483647 + minimum: 0 + MinWorkerCount: + type: integer + default: 0 + maximum: 2147483647 + minimum: 0 + RoleArn: + type: string + pattern: ^arn:(aws[a-zA-Z-]*):iam::\d{12}:role(/[!-.0-~]+)*/[\w+=,.@-]+$ + Status: + $ref: '#/components/schemas/FleetStatus' + WorkerCount: + type: integer + Arn: + type: string + pattern: ^arn:(aws[a-zA-Z-]*):deadline:[a-z0-9-]+:[0-9]+:farm/farm-[0-9a-z]{32}/fleet/fleet-[0-9a-z]{32} + required: + - Configuration + - DisplayName + - MaxWorkerCount + - RoleArn + x-stackql-resource-name: fleet + description: Definition of AWS::Deadline::Fleet Resource Type + x-type-name: AWS::Deadline::Fleet + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - FarmId + x-read-only-properties: + - Capabilities + - FleetId + - Status + - WorkerCount + - Arn + x-required-properties: + - Configuration + - DisplayName + - MaxWorkerCount + - RoleArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - deadline:CreateFleet + - deadline:GetFleet + - iam:PassRole + - identitystore:ListGroupMembershipsForMember + - logs:CreateLogGroup + read: + - deadline:GetFleet + - identitystore:ListGroupMembershipsForMember + update: + - deadline:UpdateFleet + - deadline:GetFleet + - iam:PassRole + - identitystore:ListGroupMembershipsForMember + delete: + - deadline:DeleteFleet + - deadline:GetFleet + - identitystore:ListGroupMembershipsForMember + list: + - deadline:ListFleets + - identitystore:DescribeGroup + - identitystore:DescribeUser + - identitystore:ListGroupMembershipsForMember + LicenseEndpointStatus: + type: string + enum: + - CREATE_IN_PROGRESS + - DELETE_IN_PROGRESS + - READY + - NOT_READY + LicenseEndpoint: + type: object + properties: + DnsName: + type: string + LicenseEndpointId: + type: string + pattern: ^le-[0-9a-f]{32}$ + SecurityGroupIds: + type: array + items: + type: string + maxItems: 10 + minItems: 1 + Status: + $ref: '#/components/schemas/LicenseEndpointStatus' + StatusMessage: + type: string + maxLength: 1024 + minLength: 0 + SubnetIds: + type: array + items: + type: string + maxLength: 32 + minLength: 1 + maxItems: 10 + minItems: 1 + VpcId: + type: string + maxLength: 32 + minLength: 1 + Arn: + type: string + pattern: ^arn:(aws[a-zA-Z-]*):deadline:[a-z0-9-]+:[0-9]{12}:license-endpoint/le-[0-9a-z]{32} + required: + - SecurityGroupIds + - SubnetIds + - VpcId + x-stackql-resource-name: license_endpoint + description: Definition of AWS::Deadline::LicenseEndpoint Resource Type + x-type-name: AWS::Deadline::LicenseEndpoint + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - SecurityGroupIds + - SubnetIds + - VpcId + x-read-only-properties: + - DnsName + - LicenseEndpointId + - Status + - StatusMessage + - Arn + x-required-properties: + - SecurityGroupIds + - SubnetIds + - VpcId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - deadline:CreateLicenseEndpoint + - deadline:GetLicenseEndpoint + - ec2:CreateTags + - ec2:CreateVpcEndpoint + - ec2:DescribeVpcEndpoints + read: + - deadline:GetLicenseEndpoint + delete: + - deadline:GetLicenseEndpoint + - deadline:DeleteLicenseEndpoint + - ec2:DeleteVpcEndpoints + - ec2:DescribeVpcEndpoints + list: + - deadline:ListLicenseEndpoints + MeteredProduct: + type: object + properties: + LicenseEndpointId: + type: string + pattern: ^le-[0-9a-f]{32}$ + ProductId: + type: string + pattern: ^[0-9a-z]{1,32}-[.0-9a-z]{1,32}$ + Port: + type: integer + minimum: 1024 + maximum: 65535 + Family: + type: string + minLength: 1 + maxLength: 64 + Vendor: + type: string + minLength: 1 + maxLength: 64 + Arn: + type: string + pattern: ^arn:(aws[a-zA-Z-]*):deadline:[a-z0-9-]+:[0-9]{12}:license-endpoint/le-[0-9a-z]{32}/metered-product/[0-9a-z]{1,32}-[.0-9a-z]{1,32} + x-stackql-resource-name: metered_product + description: Definition of AWS::Deadline::MeteredProduct Resource Type + x-type-name: AWS::Deadline::MeteredProduct + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - LicenseEndpointId + - ProductId + x-read-only-properties: + - Arn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - deadline:PutMeteredProduct + - deadline:ListMeteredProducts + read: + - deadline:GetMeteredProduct + - deadline:ListMeteredProducts + delete: + - deadline:DeleteMeteredProduct + - deadline:ListMeteredProducts + list: + - deadline:ListMeteredProducts + DefaultQueueBudgetAction: + type: string + default: NONE + enum: + - NONE + - STOP_SCHEDULING_AND_COMPLETE_TASKS + - STOP_SCHEDULING_AND_CANCEL_TASKS + JobAttachmentSettings: + type: object + properties: + S3BucketName: + type: string + maxLength: 63 + minLength: 3 + pattern: (?!^(\d+\.)+\d+$)(^(([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])$) + RootPrefix: + type: string + maxLength: 63 + minLength: 1 + required: + - RootPrefix + - S3BucketName + additionalProperties: false + JobRunAsUser: + type: object + properties: + Posix: + $ref: '#/components/schemas/PosixUser' + Windows: + $ref: '#/components/schemas/WindowsUser' + RunAs: + $ref: '#/components/schemas/RunAs' + required: + - RunAs + additionalProperties: false + PosixUser: + type: object + properties: + User: + type: string + maxLength: 31 + minLength: 0 + pattern: ^(?:[a-z][a-z0-9-]{0,30})?$ + Group: + type: string + maxLength: 31 + minLength: 0 + pattern: ^(?:[a-z][a-z0-9-]{0,30})?$ + required: + - Group + - User + additionalProperties: false + RunAs: + type: string + enum: + - QUEUE_CONFIGURED_USER + - WORKER_AGENT_USER + WindowsUser: + type: object + properties: + User: + type: string + maxLength: 111 + minLength: 0 + pattern: ^[^"'/\[\]:;|=,+*?<>\s]*$ + PasswordArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:(aws[a-zA-Z-]*):secretsmanager:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:\d{12}:secret:[a-zA-Z0-9-/_+=.@]{1,2028}$ + required: + - PasswordArn + - User + additionalProperties: false + Queue: + type: object + properties: + AllowedStorageProfileIds: + type: array + items: + type: string + pattern: ^sp-[0-9a-f]{32}$ + maxItems: 20 + minItems: 0 + uniqueItems: true + DefaultBudgetAction: + $ref: '#/components/schemas/DefaultQueueBudgetAction' + Description: + type: string + default: '' + maxLength: 100 + minLength: 0 + DisplayName: + type: string + maxLength: 100 + minLength: 1 + FarmId: + type: string + pattern: ^farm-[0-9a-f]{32}$ + JobAttachmentSettings: + $ref: '#/components/schemas/JobAttachmentSettings' + JobRunAsUser: + $ref: '#/components/schemas/JobRunAsUser' + QueueId: + type: string + pattern: ^queue-[0-9a-f]{32}$ + RequiredFileSystemLocationNames: + type: array + items: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[0-9A-Za-z ]*$ + maxItems: 20 + minItems: 0 + uniqueItems: true + RoleArn: + type: string + pattern: ^arn:(aws[a-zA-Z-]*):iam::\d{12}:role(/[!-.0-~]+)*/[\w+=,.@-]+$ + Arn: + type: string + pattern: ^arn:* + required: + - DisplayName + x-stackql-resource-name: queue + description: Definition of AWS::Deadline::Queue Resource Type + x-type-name: AWS::Deadline::Queue + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - FarmId + x-read-only-properties: + - QueueId + - Arn + x-required-properties: + - DisplayName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - deadline:CreateQueue + - deadline:GetQueue + - iam:PassRole + - identitystore:ListGroupMembershipsForMember + - logs:CreateLogGroup + - s3:ListBucket + read: + - deadline:GetQueue + - identitystore:ListGroupMembershipsForMember + update: + - deadline:UpdateQueue + - deadline:GetQueue + - iam:PassRole + - identitystore:ListGroupMembershipsForMember + - logs:CreateLogGroup + - s3:ListBucket + delete: + - deadline:DeleteQueue + - deadline:GetQueue + - identitystore:ListGroupMembershipsForMember + list: + - deadline:ListQueues + - identitystore:DescribeGroup + - identitystore:DescribeUser + - identitystore:ListGroupMembershipsForMember + EnvironmentTemplateType: + type: string + enum: + - JSON + - YAML + QueueEnvironment: + type: object + properties: + FarmId: + type: string + pattern: ^farm-[0-9a-f]{32}$ + Name: + type: string + Priority: + type: integer + maximum: 10000 + minimum: 0 + QueueEnvironmentId: + type: string + pattern: ^queueenv-[0-9a-f]{32}$ + QueueId: + type: string + pattern: ^queue-[0-9a-f]{32}$ + Template: + type: string + maxLength: 15000 + minLength: 1 + TemplateType: + $ref: '#/components/schemas/EnvironmentTemplateType' + required: + - FarmId + - QueueId + - Priority + - Template + - TemplateType + x-stackql-resource-name: queue_environment + description: Definition of AWS::Deadline::QueueEnvironment Resource Type + x-type-name: AWS::Deadline::QueueEnvironment + x-stackql-primary-identifier: + - FarmId + - QueueId + - QueueEnvironmentId + x-create-only-properties: + - FarmId + - QueueId + x-read-only-properties: + - Name + - QueueEnvironmentId + x-required-properties: + - FarmId + - QueueId + - Priority + - Template + - TemplateType + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - deadline:CreateQueueEnvironment + - identitystore:ListGroupMembershipsForMember + read: + - deadline:GetQueueEnvironment + - identitystore:ListGroupMembershipsForMember + update: + - deadline:UpdateQueueEnvironment + - identitystore:ListGroupMembershipsForMember + delete: + - deadline:DeleteQueueEnvironment + - deadline:GetQueueEnvironment + - identitystore:ListGroupMembershipsForMember + list: + - deadline:ListQueueEnvironments + - identitystore:ListGroupMembershipsForMember + QueueFleetAssociation: + type: object + properties: + FarmId: + type: string + pattern: ^farm-[0-9a-f]{32}$ + FleetId: + type: string + pattern: ^fleet-[0-9a-f]{32}$ + QueueId: + type: string + pattern: ^queue-[0-9a-f]{32}$ + required: + - FarmId + - FleetId + - QueueId + x-stackql-resource-name: queue_fleet_association + description: Definition of AWS::Deadline::QueueFleetAssociation Resource Type + x-type-name: AWS::Deadline::QueueFleetAssociation + x-stackql-primary-identifier: + - FarmId + - FleetId + - QueueId + x-create-only-properties: + - FarmId + - FleetId + - QueueId + x-required-properties: + - FarmId + - FleetId + - QueueId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - deadline:CreateQueueFleetAssociation + - deadline:GetQueueFleetAssociation + - identitystore:ListGroupMembershipsForMember + read: + - deadline:GetQueueFleetAssociation + - identitystore:ListGroupMembershipsForMember + delete: + - deadline:DeleteQueueFleetAssociation + - deadline:GetQueueFleetAssociation + - deadline:UpdateQueueFleetAssociation + - identitystore:ListGroupMembershipsForMember + list: + - deadline:ListQueueFleetAssociations + - identitystore:ListGroupMembershipsForMember + FileSystemLocation: + type: object + properties: + Name: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[0-9A-Za-z ]*$ + Path: + type: string + maxLength: 1024 + minLength: 0 + Type: + $ref: '#/components/schemas/FileSystemLocationType' + required: + - Name + - Path + - Type + additionalProperties: false + FileSystemLocationType: + type: string + enum: + - SHARED + - LOCAL + StorageProfileOperatingSystemFamily: + type: string + enum: + - WINDOWS + - LINUX + - MACOS + StorageProfile: + type: object + properties: + DisplayName: + type: string + maxLength: 100 + minLength: 1 + FarmId: + type: string + pattern: ^farm-[0-9a-f]{32}$ + FileSystemLocations: + type: array + items: + $ref: '#/components/schemas/FileSystemLocation' + maxItems: 20 + minItems: 0 + OsFamily: + $ref: '#/components/schemas/StorageProfileOperatingSystemFamily' + StorageProfileId: + type: string + pattern: ^sp-[0-9a-f]{32}$ + required: + - DisplayName + - OsFamily + x-stackql-resource-name: storage_profile + description: Definition of AWS::Deadline::StorageProfile Resource Type + x-type-name: AWS::Deadline::StorageProfile + x-stackql-primary-identifier: + - FarmId + - StorageProfileId + x-create-only-properties: + - FarmId + x-read-only-properties: + - StorageProfileId + x-required-properties: + - DisplayName + - OsFamily + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - deadline:CreateStorageProfile + - deadline:GetStorageProfile + - identitystore:ListGroupMembershipsForMember + read: + - deadline:GetStorageProfile + - identitystore:ListGroupMembershipsForMember + update: + - deadline:UpdateStorageProfile + - deadline:GetStorageProfile + - identitystore:ListGroupMembershipsForMember + delete: + - deadline:DeleteStorageProfile + - deadline:GetStorageProfile + - identitystore:ListGroupMembershipsForMember + list: + - deadline:ListStorageProfiles + - identitystore:ListGroupMembershipsForMember + x-stackQL-resources: + farms: + name: farms + id: aws.deadline.farms + x-cfn-schema-name: Farm + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::Farm' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::Farm' + AND region = 'us-east-1' + farm: + name: farm + id: aws.deadline.farm + x-cfn-schema-name: Farm + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.FarmId') as farm_id, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::Farm' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'FarmId') as farm_id, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::Farm' + AND data__Identifier = '' + AND region = 'us-east-1' + fleets: + name: fleets + id: aws.deadline.fleets + x-cfn-schema-name: Fleet + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::Fleet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::Fleet' + AND region = 'us-east-1' + fleet: + name: fleet + id: aws.deadline.fleet + x-cfn-schema-name: Fleet + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Capabilities') as capabilities, + JSON_EXTRACT(Properties, '$.Configuration') as configuration, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.FarmId') as farm_id, + JSON_EXTRACT(Properties, '$.FleetId') as fleet_id, + JSON_EXTRACT(Properties, '$.MaxWorkerCount') as max_worker_count, + JSON_EXTRACT(Properties, '$.MinWorkerCount') as min_worker_count, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.WorkerCount') as worker_count, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::Fleet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Capabilities') as capabilities, + json_extract_path_text(Properties, 'Configuration') as configuration, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'FarmId') as farm_id, + json_extract_path_text(Properties, 'FleetId') as fleet_id, + json_extract_path_text(Properties, 'MaxWorkerCount') as max_worker_count, + json_extract_path_text(Properties, 'MinWorkerCount') as min_worker_count, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'WorkerCount') as worker_count, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::Fleet' + AND data__Identifier = '' + AND region = 'us-east-1' + license_endpoints: + name: license_endpoints + id: aws.deadline.license_endpoints + x-cfn-schema-name: LicenseEndpoint + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::LicenseEndpoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::LicenseEndpoint' + AND region = 'us-east-1' + license_endpoint: + name: license_endpoint + id: aws.deadline.license_endpoint + x-cfn-schema-name: LicenseEndpoint + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DnsName') as dns_name, + JSON_EXTRACT(Properties, '$.LicenseEndpointId') as license_endpoint_id, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusMessage') as status_message, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::LicenseEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DnsName') as dns_name, + json_extract_path_text(Properties, 'LicenseEndpointId') as license_endpoint_id, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusMessage') as status_message, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::LicenseEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + metered_products: + name: metered_products + id: aws.deadline.metered_products + x-cfn-schema-name: MeteredProduct + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::MeteredProduct' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::MeteredProduct' + AND region = 'us-east-1' + metered_product: + name: metered_product + id: aws.deadline.metered_product + x-cfn-schema-name: MeteredProduct + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LicenseEndpointId') as license_endpoint_id, + JSON_EXTRACT(Properties, '$.ProductId') as product_id, + JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.Family') as family, + JSON_EXTRACT(Properties, '$.Vendor') as vendor, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::MeteredProduct' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LicenseEndpointId') as license_endpoint_id, + json_extract_path_text(Properties, 'ProductId') as product_id, + json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'Family') as family, + json_extract_path_text(Properties, 'Vendor') as vendor, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::MeteredProduct' + AND data__Identifier = '' + AND region = 'us-east-1' + queues: + name: queues + id: aws.deadline.queues + x-cfn-schema-name: Queue + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::Queue' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::Queue' + AND region = 'us-east-1' + queue: + name: queue + id: aws.deadline.queue + x-cfn-schema-name: Queue + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AllowedStorageProfileIds') as allowed_storage_profile_ids, + JSON_EXTRACT(Properties, '$.DefaultBudgetAction') as default_budget_action, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.FarmId') as farm_id, + JSON_EXTRACT(Properties, '$.JobAttachmentSettings') as job_attachment_settings, + JSON_EXTRACT(Properties, '$.JobRunAsUser') as job_run_as_user, + JSON_EXTRACT(Properties, '$.QueueId') as queue_id, + JSON_EXTRACT(Properties, '$.RequiredFileSystemLocationNames') as required_file_system_location_names, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::Queue' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AllowedStorageProfileIds') as allowed_storage_profile_ids, + json_extract_path_text(Properties, 'DefaultBudgetAction') as default_budget_action, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'FarmId') as farm_id, + json_extract_path_text(Properties, 'JobAttachmentSettings') as job_attachment_settings, + json_extract_path_text(Properties, 'JobRunAsUser') as job_run_as_user, + json_extract_path_text(Properties, 'QueueId') as queue_id, + json_extract_path_text(Properties, 'RequiredFileSystemLocationNames') as required_file_system_location_names, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::Queue' + AND data__Identifier = '' + AND region = 'us-east-1' + queue_environments: + name: queue_environments + id: aws.deadline.queue_environments + x-cfn-schema-name: QueueEnvironment + x-type: list + x-identifiers: + - FarmId + - QueueId + - QueueEnvironmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FarmId') as farm_id, + JSON_EXTRACT(Properties, '$.QueueId') as queue_id, + JSON_EXTRACT(Properties, '$.QueueEnvironmentId') as queue_environment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::QueueEnvironment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FarmId') as farm_id, + json_extract_path_text(Properties, 'QueueId') as queue_id, + json_extract_path_text(Properties, 'QueueEnvironmentId') as queue_environment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::QueueEnvironment' + AND region = 'us-east-1' + queue_environment: + name: queue_environment + id: aws.deadline.queue_environment + x-cfn-schema-name: QueueEnvironment + x-type: get + x-identifiers: + - FarmId + - QueueId + - QueueEnvironmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FarmId') as farm_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Priority') as priority, + JSON_EXTRACT(Properties, '$.QueueEnvironmentId') as queue_environment_id, + JSON_EXTRACT(Properties, '$.QueueId') as queue_id, + JSON_EXTRACT(Properties, '$.Template') as template, + JSON_EXTRACT(Properties, '$.TemplateType') as template_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::QueueEnvironment' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FarmId') as farm_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Priority') as priority, + json_extract_path_text(Properties, 'QueueEnvironmentId') as queue_environment_id, + json_extract_path_text(Properties, 'QueueId') as queue_id, + json_extract_path_text(Properties, 'Template') as template, + json_extract_path_text(Properties, 'TemplateType') as template_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::QueueEnvironment' + AND data__Identifier = '||' + AND region = 'us-east-1' + queue_fleet_associations: + name: queue_fleet_associations + id: aws.deadline.queue_fleet_associations + x-cfn-schema-name: QueueFleetAssociation + x-type: list + x-identifiers: + - FarmId + - FleetId + - QueueId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FarmId') as farm_id, + JSON_EXTRACT(Properties, '$.FleetId') as fleet_id, + JSON_EXTRACT(Properties, '$.QueueId') as queue_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::QueueFleetAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FarmId') as farm_id, + json_extract_path_text(Properties, 'FleetId') as fleet_id, + json_extract_path_text(Properties, 'QueueId') as queue_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::QueueFleetAssociation' + AND region = 'us-east-1' + queue_fleet_association: + name: queue_fleet_association + id: aws.deadline.queue_fleet_association + x-cfn-schema-name: QueueFleetAssociation + x-type: get + x-identifiers: + - FarmId + - FleetId + - QueueId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FarmId') as farm_id, + JSON_EXTRACT(Properties, '$.FleetId') as fleet_id, + JSON_EXTRACT(Properties, '$.QueueId') as queue_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::QueueFleetAssociation' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FarmId') as farm_id, + json_extract_path_text(Properties, 'FleetId') as fleet_id, + json_extract_path_text(Properties, 'QueueId') as queue_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::QueueFleetAssociation' + AND data__Identifier = '||' + AND region = 'us-east-1' + storage_profiles: + name: storage_profiles + id: aws.deadline.storage_profiles + x-cfn-schema-name: StorageProfile + x-type: list + x-identifiers: + - FarmId + - StorageProfileId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FarmId') as farm_id, + JSON_EXTRACT(Properties, '$.StorageProfileId') as storage_profile_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::StorageProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FarmId') as farm_id, + json_extract_path_text(Properties, 'StorageProfileId') as storage_profile_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::StorageProfile' + AND region = 'us-east-1' + storage_profile: + name: storage_profile + id: aws.deadline.storage_profile + x-cfn-schema-name: StorageProfile + x-type: get + x-identifiers: + - FarmId + - StorageProfileId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.FarmId') as farm_id, + JSON_EXTRACT(Properties, '$.FileSystemLocations') as file_system_locations, + JSON_EXTRACT(Properties, '$.OsFamily') as os_family, + JSON_EXTRACT(Properties, '$.StorageProfileId') as storage_profile_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::StorageProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'FarmId') as farm_id, + json_extract_path_text(Properties, 'FileSystemLocations') as file_system_locations, + json_extract_path_text(Properties, 'OsFamily') as os_family, + json_extract_path_text(Properties, 'StorageProfileId') as storage_profile_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::StorageProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/detective.yaml b/providers/src/aws/v00.00.00000/services/detective.yaml new file mode 100644 index 00000000..d038ad95 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/detective.yaml @@ -0,0 +1,351 @@ +openapi: 3.0.0 +info: + title: Detective + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. Valid characters are Unicode letters, digits, white space, and any of the following symbols: _ . : / = + - @ ' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. Valid characters are Unicode letters, digits, white space, and any of the following symbols: _ . : / = + - @ ' + minLength: 0 + maxLength: 256 + additionalProperties: false + Graph: + type: object + properties: + Arn: + type: string + description: The Detective graph ARN + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + AutoEnableMembers: + type: boolean + default: false + description: Indicates whether to automatically enable new organization accounts as member accounts in the organization behavior graph. + x-stackql-resource-name: graph + description: Resource schema for AWS::Detective::Graph + x-type-name: AWS::Detective::Graph + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + x-required-permissions: + create: + - detective:CreateGraph + - detective:UpdateOrganizationConfiguration + - organizations:DescribeOrganization + update: + - detective:UntagResource + - detective:TagResource + - detective:ListTagsForResource + - detective:UpdateOrganizationConfiguration + - organizations:DescribeOrganization + read: + - detective:ListGraphs + - detective:ListTagsForResource + - detective:DescribeOrganizationConfiguration + - organizations:DescribeOrganization + delete: + - detective:DeleteGraph + list: + - detective:ListGraphs + - detective:ListTagsForResource + - detective:DescribeOrganizationConfiguration + - organizations:DescribeOrganization + MemberInvitation: + type: object + properties: + GraphArn: + description: The ARN of the graph to which the member account will be invited + type: string + pattern: arn:aws(-[\w]+)*:detective:(([a-z]+-)+[0-9]+):[0-9]{12}:graph:[0-9a-f]{32} + MemberId: + description: The AWS account ID to be invited to join the graph as a member + type: string + pattern: '[0-9]{12}' + MemberEmailAddress: + description: The root email address for the account to be invited, for validation. Updating this field has no effect. + type: string + pattern: .*@.* + DisableEmailNotification: + description: When set to true, invitation emails are not sent to the member accounts. Member accounts must still accept the invitation before they are added to the behavior graph. Updating this field has no effect. + type: boolean + default: false + Message: + description: A message to be included in the email invitation sent to the invited account. Updating this field has no effect. + type: string + minLength: 1 + maxLength: 1000 + required: + - GraphArn + - MemberId + - MemberEmailAddress + x-stackql-resource-name: member_invitation + description: Resource schema for AWS::Detective::MemberInvitation + x-type-name: AWS::Detective::MemberInvitation + x-stackql-primary-identifier: + - GraphArn + - MemberId + x-create-only-properties: + - GraphArn + - MemberId + x-write-only-properties: + - Message + - DisableEmailNotification + x-required-properties: + - GraphArn + - MemberId + - MemberEmailAddress + x-required-permissions: + create: + - detective:CreateMembers + - detective:GetMembers + read: + - detective:GetMembers + update: [] + delete: + - detective:DeleteMembers + list: + - detective:ListGraphs + - detective:ListMembers + OrganizationAdmin: + type: object + properties: + AccountId: + description: The account ID of the account that should be registered as your Organization's delegated administrator for Detective + type: string + pattern: '[0-9]{12}' + GraphArn: + type: string + description: The Detective graph ARN + required: + - AccountId + x-stackql-resource-name: organization_admin + description: Resource schema for AWS::Detective::OrganizationAdmin + x-type-name: AWS::Detective::OrganizationAdmin + x-stackql-primary-identifier: + - AccountId + x-create-only-properties: + - AccountId + x-read-only-properties: + - GraphArn + x-required-properties: + - AccountId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - detective:EnableOrganizationAdminAccount + - detective:ListOrganizationAdminAccount + - iam:CreateServiceLinkedRole + - organizations:RegisterDelegatedAdministrator + - organizations:DescribeOrganization + - organizations:EnableAWSServiceAccess + - organizations:ListAccounts + read: + - detective:ListOrganizationAdminAccount + - organizations:DescribeOrganization + update: [] + delete: + - detective:DisableOrganizationAdminAccount + - detective:ListOrganizationAdminAccount + - organizations:DescribeOrganization + list: + - detective:ListOrganizationAdminAccount + - organizations:DescribeOrganization + x-stackQL-resources: + graphs: + name: graphs + id: aws.detective.graphs + x-cfn-schema-name: Graph + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Detective::Graph' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Detective::Graph' + AND region = 'us-east-1' + graph: + name: graph + id: aws.detective.graph + x-cfn-schema-name: Graph + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AutoEnableMembers') as auto_enable_members + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Detective::Graph' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AutoEnableMembers') as auto_enable_members + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Detective::Graph' + AND data__Identifier = '' + AND region = 'us-east-1' + member_invitations: + name: member_invitations + id: aws.detective.member_invitations + x-cfn-schema-name: MemberInvitation + x-type: list + x-identifiers: + - GraphArn + - MemberId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GraphArn') as graph_arn, + JSON_EXTRACT(Properties, '$.MemberId') as member_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Detective::MemberInvitation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GraphArn') as graph_arn, + json_extract_path_text(Properties, 'MemberId') as member_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Detective::MemberInvitation' + AND region = 'us-east-1' + member_invitation: + name: member_invitation + id: aws.detective.member_invitation + x-cfn-schema-name: MemberInvitation + x-type: get + x-identifiers: + - GraphArn + - MemberId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.GraphArn') as graph_arn, + JSON_EXTRACT(Properties, '$.MemberId') as member_id, + JSON_EXTRACT(Properties, '$.MemberEmailAddress') as member_email_address, + JSON_EXTRACT(Properties, '$.DisableEmailNotification') as disable_email_notification, + JSON_EXTRACT(Properties, '$.Message') as message + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Detective::MemberInvitation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'GraphArn') as graph_arn, + json_extract_path_text(Properties, 'MemberId') as member_id, + json_extract_path_text(Properties, 'MemberEmailAddress') as member_email_address, + json_extract_path_text(Properties, 'DisableEmailNotification') as disable_email_notification, + json_extract_path_text(Properties, 'Message') as message + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Detective::MemberInvitation' + AND data__Identifier = '|' + AND region = 'us-east-1' + organization_admins: + name: organization_admins + id: aws.detective.organization_admins + x-cfn-schema-name: OrganizationAdmin + x-type: list + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Detective::OrganizationAdmin' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Detective::OrganizationAdmin' + AND region = 'us-east-1' + organization_admin: + name: organization_admin + id: aws.detective.organization_admin + x-cfn-schema-name: OrganizationAdmin + x-type: get + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccountId') as account_id, + JSON_EXTRACT(Properties, '$.GraphArn') as graph_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Detective::OrganizationAdmin' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccountId') as account_id, + json_extract_path_text(Properties, 'GraphArn') as graph_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Detective::OrganizationAdmin' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/devopsguru.yaml b/providers/src/aws/v00.00.00000/services/devopsguru.yaml new file mode 100644 index 00000000..23aadfc4 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/devopsguru.yaml @@ -0,0 +1,398 @@ +openapi: 3.0.0 +info: + title: DevOpsGuru + version: 1.0.0 +paths: {} +components: + schemas: + AccountId: + description: User account id, used as the primary identifier for the resource + type: string + pattern: ^\d{12}$ + LogAnomalyDetectionIntegration: + type: object + properties: + AccountId: + $ref: '#/components/schemas/AccountId' + x-stackql-resource-name: log_anomaly_detection_integration + description: This resource schema represents the LogAnomalyDetectionIntegration resource in the Amazon DevOps Guru. + x-type-name: AWS::DevOpsGuru::LogAnomalyDetectionIntegration + x-stackql-primary-identifier: + - AccountId + x-read-only-properties: + - AccountId + x-tagging: + taggable: false + x-required-permissions: + create: + - devops-guru:DescribeServiceIntegration + - devops-guru:UpdateServiceIntegration + - logs:TagLogGroup + - logs:UntagLogGroup + read: + - devops-guru:DescribeServiceIntegration + update: + - devops-guru:UpdateServiceIntegration + - logs:TagLogGroup + - logs:UntagLogGroup + delete: + - devops-guru:DescribeServiceIntegration + - devops-guru:UpdateServiceIntegration + - logs:TagLogGroup + - logs:UntagLogGroup + list: + - devops-guru:DescribeServiceIntegration + NotificationChannelConfig: + description: Information about notification channels you have configured with DevOps Guru. + type: object + properties: + Sns: + $ref: '#/components/schemas/SnsChannelConfig' + Filters: + $ref: '#/components/schemas/NotificationFilterConfig' + additionalProperties: false + SnsChannelConfig: + description: Information about a notification channel configured in DevOps Guru to send notifications when insights are created. + type: object + properties: + TopicArn: + type: string + minLength: 36 + maxLength: 1024 + pattern: ^arn:aws[a-z0-9-]*:sns:[a-z0-9-]+:\d{12}:[^:]+$ + additionalProperties: false + NotificationFilterConfig: + description: Information about filters of a notification channel configured in DevOpsGuru to filter for insights. + type: object + properties: + Severities: + $ref: '#/components/schemas/InsightSeveritiesFilterList' + MessageTypes: + $ref: '#/components/schemas/NotificationMessageTypesFilterList' + additionalProperties: false + InsightSeverity: + description: DevOps Guru Insight Severity Enum + type: string + enum: + - LOW + - MEDIUM + - HIGH + NotificationMessageType: + description: DevOps Guru NotificationMessageType Enum + type: string + enum: + - NEW_INSIGHT + - CLOSED_INSIGHT + - NEW_ASSOCIATION + - SEVERITY_UPGRADED + - NEW_RECOMMENDATION + InsightSeveritiesFilterList: + description: DevOps Guru insight severities to filter for + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/InsightSeverity' + maxItems: 3 + minItems: 1 + NotificationMessageTypesFilterList: + description: DevOps Guru message types to filter for + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/NotificationMessageType' + maxItems: 5 + minItems: 1 + NotificationChannel: + type: object + properties: + Config: + $ref: '#/components/schemas/NotificationChannelConfig' + Id: + description: The ID of a notification channel. + type: string + minLength: 36 + maxLength: 36 + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + required: + - Config + x-stackql-resource-name: notification_channel + description: This resource schema represents the NotificationChannel resource in the Amazon DevOps Guru. + x-type-name: AWS::DevOpsGuru::NotificationChannel + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Config + x-read-only-properties: + - Id + x-required-properties: + - Config + x-required-permissions: + create: + - devops-guru:AddNotificationChannel + - devops-guru:ListNotificationChannels + - sns:Publish + - sns:GetTopicAttributes + - sns:SetTopicAttributes + list: + - devops-guru:ListNotificationChannels + delete: + - devops-guru:RemoveNotificationChannel + - devops-guru:ListNotificationChannels + read: + - devops-guru:ListNotificationChannels + ResourceCollectionFilter: + description: Information about a filter used to specify which AWS resources are analyzed for anomalous behavior by DevOps Guru. + type: object + properties: + CloudFormation: + $ref: '#/components/schemas/CloudFormationCollectionFilter' + Tags: + $ref: '#/components/schemas/TagCollections' + additionalProperties: false + CloudFormationCollectionFilter: + description: CloudFormation resource for DevOps Guru to monitor + type: object + properties: + StackNames: + description: An array of CloudFormation stack names. + type: array + items: + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z*]+[a-zA-Z0-9-]*$ + minItems: 1 + maxItems: 1000 + x-insertionOrder: false + additionalProperties: false + TagCollections: + description: Tagged resources for DevOps Guru to monitor + type: array + items: + $ref: '#/components/schemas/TagCollection' + x-insertionOrder: false + TagCollection: + description: Tagged resource for DevOps Guru to monitor + type: object + properties: + AppBoundaryKey: + description: A Tag key for DevOps Guru app boundary. + type: string + minLength: 1 + maxLength: 128 + TagValues: + description: Tag values of DevOps Guru app boundary. + type: array + items: + type: string + minLength: 1 + maxLength: 256 + minItems: 1 + maxItems: 1000 + x-insertionOrder: false + additionalProperties: false + ResourceCollection: + type: object + properties: + ResourceCollectionFilter: + $ref: '#/components/schemas/ResourceCollectionFilter' + ResourceCollectionType: + description: The type of ResourceCollection + type: string + enum: + - AWS_CLOUD_FORMATION + - AWS_TAGS + required: + - ResourceCollectionFilter + x-stackql-resource-name: resource_collection + description: This resource schema represents the ResourceCollection resource in the Amazon DevOps Guru. + x-type-name: AWS::DevOpsGuru::ResourceCollection + x-stackql-primary-identifier: + - ResourceCollectionType + x-read-only-properties: + - ResourceCollectionType + x-required-properties: + - ResourceCollectionFilter + x-tagging: + taggable: false + x-required-permissions: + create: + - devops-guru:UpdateResourceCollection + - devops-guru:GetResourceCollection + read: + - devops-guru:GetResourceCollection + delete: + - devops-guru:UpdateResourceCollection + - devops-guru:GetResourceCollection + list: + - devops-guru:GetResourceCollection + update: + - devops-guru:UpdateResourceCollection + - devops-guru:GetResourceCollection + x-stackQL-resources: + log_anomaly_detection_integrations: + name: log_anomaly_detection_integrations + id: aws.devopsguru.log_anomaly_detection_integrations + x-cfn-schema-name: LogAnomalyDetectionIntegration + x-type: list + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DevOpsGuru::LogAnomalyDetectionIntegration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DevOpsGuru::LogAnomalyDetectionIntegration' + AND region = 'us-east-1' + log_anomaly_detection_integration: + name: log_anomaly_detection_integration + id: aws.devopsguru.log_anomaly_detection_integration + x-cfn-schema-name: LogAnomalyDetectionIntegration + x-type: get + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccountId') as account_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DevOpsGuru::LogAnomalyDetectionIntegration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccountId') as account_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DevOpsGuru::LogAnomalyDetectionIntegration' + AND data__Identifier = '' + AND region = 'us-east-1' + notification_channels: + name: notification_channels + id: aws.devopsguru.notification_channels + x-cfn-schema-name: NotificationChannel + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DevOpsGuru::NotificationChannel' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DevOpsGuru::NotificationChannel' + AND region = 'us-east-1' + notification_channel: + name: notification_channel + id: aws.devopsguru.notification_channel + x-cfn-schema-name: NotificationChannel + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Config') as config, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DevOpsGuru::NotificationChannel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Config') as config, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DevOpsGuru::NotificationChannel' + AND data__Identifier = '' + AND region = 'us-east-1' + resource_collections: + name: resource_collections + id: aws.devopsguru.resource_collections + x-cfn-schema-name: ResourceCollection + x-type: list + x-identifiers: + - ResourceCollectionType + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ResourceCollectionType') as resource_collection_type + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DevOpsGuru::ResourceCollection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ResourceCollectionType') as resource_collection_type + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DevOpsGuru::ResourceCollection' + AND region = 'us-east-1' + resource_collection: + name: resource_collection + id: aws.devopsguru.resource_collection + x-cfn-schema-name: ResourceCollection + x-type: get + x-identifiers: + - ResourceCollectionType + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ResourceCollectionFilter') as resource_collection_filter, + JSON_EXTRACT(Properties, '$.ResourceCollectionType') as resource_collection_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DevOpsGuru::ResourceCollection' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ResourceCollectionFilter') as resource_collection_filter, + json_extract_path_text(Properties, 'ResourceCollectionType') as resource_collection_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DevOpsGuru::ResourceCollection' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/directoryservice.yaml b/providers/src/aws/v00.00.00000/services/directoryservice.yaml new file mode 100644 index 00000000..7c58921c --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/directoryservice.yaml @@ -0,0 +1,204 @@ +openapi: 3.0.0 +info: + title: DirectoryService + version: 1.0.0 +paths: {} +components: + schemas: + VpcSettings: + x-$comment: Contains VPC information + type: object + additionalProperties: false + properties: + SubnetIds: + description: The identifiers of the subnets for the directory servers. The two subnets must be in different Availability Zones. AWS Directory Service specifies a directory server and a DNS server in each of these subnets. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + VpcId: + description: The identifier of the VPC in which to create the directory. + type: string + required: + - VpcId + - SubnetIds + SimpleAD: + type: object + properties: + DirectoryId: + description: The unique identifier for a directory. + type: string + Alias: + description: The alias for a directory. + type: string + DnsIpAddresses: + description: The IP addresses of the DNS servers for the directory, such as [ "172.31.3.154", "172.31.63.203" ]. + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + CreateAlias: + description: The name of the configuration set. + type: boolean + Description: + description: Description for the directory. + type: string + EnableSso: + description: Whether to enable single sign-on for a Simple Active Directory in AWS. + type: boolean + Name: + description: The fully qualified domain name for the AWS Managed Simple AD directory. + type: string + Password: + description: The password for the default administrative user named Admin. + type: string + ShortName: + description: The NetBIOS name for your domain. + type: string + Size: + description: The size of the directory. + type: string + VpcSettings: + description: VPC settings of the Simple AD directory server in AWS. + $ref: '#/components/schemas/VpcSettings' + required: + - VpcSettings + - Size + - Name + x-stackql-resource-name: simple_ad + description: Resource Type definition for AWS::DirectoryService::SimpleAD + x-type-name: AWS::DirectoryService::SimpleAD + x-documentation-url: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-directoryservice-simplead.html + x-stackql-primary-identifier: + - DirectoryId + x-create-only-properties: + - Size + - VpcSettings + - Name + - Password + - ShortName + - Description + - CreateAlias + x-write-only-properties: + - Password + x-read-only-properties: + - Alias + - DnsIpAddresses + - DirectoryId + x-required-properties: + - VpcSettings + - Size + - Name + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ds:CreateDirectory + - ds:CreateAlias + - ds:EnableSso + - ds:DescribeDirectories + - ec2:DescribeSubnets + - ec2:DescribeVpcs + - ec2:CreateSecurityGroup + - ec2:CreateNetworkInterface + - ec2:DescribeNetworkInterfaces + - ec2:AuthorizeSecurityGroupIngress + - ec2:AuthorizeSecurityGroupEgress + - ec2:CreateTags + read: + - ds:DescribeDirectories + update: + - ds:EnableSso + - ds:DisableSso + - ds:DescribeDirectories + delete: + - ds:DeleteDirectory + - ds:DescribeDirectories + - ec2:DescribeNetworkInterfaces + - ec2:DeleteSecurityGroup + - ec2:DeleteNetworkInterface + - ec2:RevokeSecurityGroupIngress + - ec2:RevokeSecurityGroupEgress + - ec2:DeleteTags + list: + - ds:DescribeDirectories + x-stackQL-resources: + simple_ads: + name: simple_ads + id: aws.directoryservice.simple_ads + x-cfn-schema-name: SimpleAD + x-type: list + x-identifiers: + - DirectoryId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DirectoryId') as directory_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DirectoryService::SimpleAD' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DirectoryId') as directory_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DirectoryService::SimpleAD' + AND region = 'us-east-1' + simple_ad: + name: simple_ad + id: aws.directoryservice.simple_ad + x-cfn-schema-name: SimpleAD + x-type: get + x-identifiers: + - DirectoryId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DirectoryId') as directory_id, + JSON_EXTRACT(Properties, '$.Alias') as alias, + JSON_EXTRACT(Properties, '$.DnsIpAddresses') as dns_ip_addresses, + JSON_EXTRACT(Properties, '$.CreateAlias') as create_alias, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EnableSso') as enable_sso, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Password') as password, + JSON_EXTRACT(Properties, '$.ShortName') as short_name, + JSON_EXTRACT(Properties, '$.Size') as size, + JSON_EXTRACT(Properties, '$.VpcSettings') as vpc_settings + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DirectoryService::SimpleAD' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DirectoryId') as directory_id, + json_extract_path_text(Properties, 'Alias') as alias, + json_extract_path_text(Properties, 'DnsIpAddresses') as dns_ip_addresses, + json_extract_path_text(Properties, 'CreateAlias') as create_alias, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EnableSso') as enable_sso, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Password') as password, + json_extract_path_text(Properties, 'ShortName') as short_name, + json_extract_path_text(Properties, 'Size') as size, + json_extract_path_text(Properties, 'VpcSettings') as vpc_settings + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DirectoryService::SimpleAD' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/dms.yaml b/providers/src/aws/v00.00.00000/services/dms.yaml new file mode 100644 index 00000000..0f7504e1 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/dms.yaml @@ -0,0 +1,867 @@ +openapi: 3.0.0 +info: + title: DMS + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + description: |- +

The key or keys of the key-value pairs for the resource tag or tags assigned to the + resource.

+ properties: + Key: + type: string + maxLength: 128 + minLength: 1 + description:

Tag key.

+ Value: + type: string + maxLength: 256 + minLength: 1 + description:

Tag value.

+ required: + - Key + - Value + additionalProperties: false + DmsSslModeValue: + type: string + enum: + - none + - require + - verify_ca + - verify_full + DataProvider: + type: object + properties: + DataProviderName: + description: The property describes a name to identify the data provider. + type: string + minLength: 1 + maxLength: 255 + DataProviderIdentifier: + description: The property describes an identifier for the data provider. It is used for describing/deleting/modifying can be name/arn + type: string + minLength: 1 + maxLength: 255 + DataProviderArn: + description: The data provider ARN. + type: string + minLength: 1 + maxLength: 255 + DataProviderCreationTime: + description: The data provider creation time. + type: string + minLength: 1 + maxLength: 40 + Description: + description: The optional description of the data provider. + type: string + minLength: 1 + maxLength: 255 + Engine: + description: The property describes a data engine for the data provider. + type: string + enum: + - postgres + - mysql + - oracle + - sqlserver + - aurora + - aurora_postgresql + ExactSettings: + description: The property describes the exact settings which can be modified + type: boolean + default: false + Settings: + description: The property identifies the exact type of settings for the data provider. + type: object + anyOf: + - description: PostgreSqlSettings property identifier. + type: object + additionalProperties: false + properties: + PostgreSqlSettings: + type: object + additionalProperties: false + properties: + ServerName: + type: string + Port: + type: integer + DatabaseName: + type: string + SslMode: + type: object + $ref: '#/components/schemas/DmsSslModeValue' + CertificateArn: + type: string + - description: MySqlSettings property identifier. + type: object + additionalProperties: false + properties: + MySqlSettings: + type: object + additionalProperties: false + properties: + ServerName: + type: string + Port: + type: integer + SslMode: + type: object + $ref: '#/components/schemas/DmsSslModeValue' + CertificateArn: + type: string + - description: OracleSettings property identifier. + type: object + additionalProperties: false + properties: + OracleSettings: + type: object + additionalProperties: false + properties: + ServerName: + type: string + Port: + type: integer + DatabaseName: + type: string + SslMode: + type: object + $ref: '#/components/schemas/DmsSslModeValue' + CertificateArn: + type: string + AsmServer: + type: string + SecretsManagerOracleAsmSecretId: + type: string + SecretsManagerOracleAsmAccessRoleArn: + type: string + SecretsManagerSecurityDbEncryptionSecretId: + type: string + SecretsManagerSecurityDbEncryptionAccessRoleArn: + type: string + - description: MicrosoftSqlServerSettings property identifier. + type: object + additionalProperties: false + properties: + MicrosoftSqlServerSettings: + type: object + additionalProperties: false + properties: + ServerName: + type: string + Port: + type: integer + DatabaseName: + type: string + SslMode: + type: object + $ref: '#/components/schemas/DmsSslModeValue' + CertificateArn: + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Engine + x-stackql-resource-name: data_provider + description: Resource schema for AWS::DMS::DataProvider + x-type-name: AWS::DMS::DataProvider + x-stackql-primary-identifier: + - DataProviderArn + x-stackql-additional-identifiers: + - - DataProviderName + x-write-only-properties: + - DataProviderIdentifier + - ExactSettings + x-read-only-properties: + - DataProviderArn + - DataProviderCreationTime + x-required-properties: + - Engine + x-tagging: + taggable: true + x-required-permissions: + create: + - dms:CreateDataProvider + - dms:ListDataProviders + - dms:DescribeDataProviders + - dms:AddTagsToResource + - dms:ListTagsForResource + read: + - dms:ListDataProviders + - dms:DescribeDataProviders + - dms:ListTagsForResource + update: + - dms:UpdateDataProvider + - dms:ModifyDataProvider + - dms:AddTagsToResource + - dms:RemoveTagsToResource + - dms:ListTagsForResource + delete: + - dms:DeleteDataProvider + list: + - dms:ListDataProviders + - dms:DescribeDataProviders + - dms:ListTagsForResource + InstanceProfile: + type: object + properties: + InstanceProfileArn: + description: The property describes an ARN of the instance profile. + type: string + minLength: 1 + maxLength: 255 + InstanceProfileIdentifier: + description: The property describes an identifier for the instance profile. It is used for describing/deleting/modifying. Can be name/arn + type: string + minLength: 1 + maxLength: 255 + AvailabilityZone: + description: The property describes an availability zone of the instance profile. + type: string + minLength: 1 + maxLength: 255 + Description: + description: The optional description of the instance profile. + type: string + minLength: 1 + maxLength: 255 + KmsKeyArn: + description: The property describes kms key arn for the instance profile. + type: string + minLength: 1 + maxLength: 255 + PubliclyAccessible: + description: The property describes the publicly accessible of the instance profile + type: boolean + default: false + NetworkType: + description: The property describes a network type for the instance profile. + type: string + enum: + - IPV4 + - IPV6 + - DUAL + InstanceProfileName: + description: The property describes a name for the instance profile. + type: string + minLength: 1 + maxLength: 255 + InstanceProfileCreationTime: + description: The property describes a creating time of the instance profile. + type: string + minLength: 1 + maxLength: 40 + SubnetGroupIdentifier: + description: The property describes a subnet group identifier for the instance profile. + type: string + minLength: 1 + maxLength: 255 + VpcSecurityGroups: + description: The property describes vps security groups for the instance profile. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: instance_profile + description: Resource schema for AWS::DMS::InstanceProfile. + x-type-name: AWS::DMS::InstanceProfile + x-stackql-primary-identifier: + - InstanceProfileArn + x-stackql-additional-identifiers: + - - InstanceProfileName + x-write-only-properties: + - InstanceProfileIdentifier + x-read-only-properties: + - InstanceProfileArn + - InstanceProfileCreationTime + x-tagging: + taggable: true + x-required-permissions: + create: + - dms:CreateInstanceProfile + - dms:ListInstanceProfiles + - dms:DescribeInstanceProfiles + - dms:AddTagsToResource + - dms:ListTagsForResource + read: + - dms:ListInstanceProfiles + - dms:DescribeInstanceProfiles + - dms:ListTagsForResource + update: + - dms:UpdateInstanceProfile + - dms:ModifyInstanceProfile + - dms:AddTagsToResource + - dms:RemoveTagsToResource + - dms:ListTagsForResource + delete: + - dms:DeleteInstanceProfile + list: + - dms:ListInstanceProfiles + - dms:DescribeInstanceProfiles + - dms:ListTagsForResource + DataProviderDescriptor: + type: object + description: It is an object that describes Source and Target DataProviders and credentials for connecting to databases that are used in MigrationProject + additionalProperties: false + properties: + DataProviderIdentifier: + type: string + DataProviderName: + type: string + DataProviderArn: + type: string + SecretsManagerSecretId: + type: string + SecretsManagerAccessRoleArn: + type: string + MigrationProject: + type: object + properties: + MigrationProjectName: + description: The property describes a name to identify the migration project. + type: string + minLength: 1 + maxLength: 255 + MigrationProjectIdentifier: + description: The property describes an identifier for the migration project. It is used for describing/deleting/modifying can be name/arn + type: string + minLength: 1 + maxLength: 255 + MigrationProjectArn: + description: The property describes an ARN of the migration project. + type: string + minLength: 1 + maxLength: 255 + MigrationProjectCreationTime: + description: The property describes a creating time of the migration project. + type: string + minLength: 1 + maxLength: 40 + InstanceProfileIdentifier: + description: The property describes an instance profile identifier for the migration project. For create + type: string + minLength: 1 + maxLength: 255 + InstanceProfileName: + description: The property describes an instance profile name for the migration project. For read + type: string + minLength: 1 + maxLength: 255 + InstanceProfileArn: + description: The property describes an instance profile arn for the migration project. For read + type: string + minLength: 1 + maxLength: 255 + TransformationRules: + description: The property describes transformation rules for the migration project. + type: string + Description: + description: The optional description of the migration project. + type: string + minLength: 1 + maxLength: 255 + SchemaConversionApplicationAttributes: + description: The property describes schema conversion application attributes for the migration project. + type: object + additionalProperties: false + properties: + S3BucketPath: + type: string + S3BucketRoleArn: + type: string + SourceDataProviderDescriptors: + description: The property describes source data provider descriptors for the migration project. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/DataProviderDescriptor' + TargetDataProviderDescriptors: + description: The property describes target data provider descriptors for the migration project. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/DataProviderDescriptor' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: migration_project + description: Resource schema for AWS::DMS::MigrationProject + x-type-name: AWS::DMS::MigrationProject + x-stackql-primary-identifier: + - MigrationProjectArn + x-stackql-additional-identifiers: + - - MigrationProjectName + x-write-only-properties: + - MigrationProjectIdentifier + - InstanceProfileIdentifier + - SourceDataProviderDescriptors/*/DataProviderIdentifier + - TargetDataProviderDescriptors/*/DataProviderIdentifier + x-read-only-properties: + - MigrationProjectArn + x-tagging: + taggable: true + x-required-permissions: + create: + - dms:CreateMigrationProject + - dms:ListMigrationProjects + - dms:DescribeMigrationProjects + - dms:AddTagsToResource + - dms:ListTagsForResource + - iam:PassRole + read: + - dms:DescribeMigrationProjects + - dms:ListMigrationProjects + - dms:ListTagsForResource + update: + - dms:UpdateMigrationProject + - dms:ModifyMigrationProject + - dms:AddTagsToResource + - dms:RemoveTagsToResource + - dms:ListTagsForResource + - iam:PassRole + delete: + - dms:DeleteMigrationProject + list: + - dms:ListMigrationProjects + - dms:DescribeMigrationProjects + - dms:ListTagsForResource + ComputeConfig: + description: Configuration parameters for provisioning a AWS DMS Serverless replication + type: object + properties: + AvailabilityZone: + type: string + DnsNameServers: + type: string + KmsKeyId: + type: string + MaxCapacityUnits: + type: integer + MinCapacityUnits: + type: integer + MultiAZ: + type: boolean + PreferredMaintenanceWindow: + type: string + ReplicationSubnetGroupId: + type: string + VpcSecurityGroupIds: + type: array + items: + type: string + required: + - MaxCapacityUnits + additionalProperties: false + ReplicationConfig: + type: object + properties: + ReplicationConfigIdentifier: + description: A unique identifier of replication configuration + type: string + ReplicationConfigArn: + description: The Amazon Resource Name (ARN) of the Replication Config + type: string + SourceEndpointArn: + description: The Amazon Resource Name (ARN) of the source endpoint for this AWS DMS Serverless replication configuration + type: string + TargetEndpointArn: + description: The Amazon Resource Name (ARN) of the target endpoint for this AWS DMS Serverless replication configuration + type: string + ReplicationType: + description: The type of AWS DMS Serverless replication to provision using this replication configuration + type: string + enum: + - full-load + - full-load-and-cdc + - cdc + ComputeConfig: + $ref: '#/components/schemas/ComputeConfig' + ReplicationSettings: + description: JSON settings for Servereless replications that are provisioned using this replication configuration + type: object + SupplementalSettings: + description: JSON settings for specifying supplemental data + type: object + ResourceIdentifier: + description: A unique value or name that you get set for a given resource that can be used to construct an Amazon Resource Name (ARN) for that resource + type: string + TableMappings: + description: JSON table mappings for AWS DMS Serverless replications that are provisioned using this replication configuration + type: object + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 1 + description:

Contains a map of the key-value pairs for the resource tag or tags assigned to the dataset.

+ x-stackql-resource-name: replication_config + description: A replication configuration that you later provide to configure and start a AWS DMS Serverless replication + x-type-name: AWS::DMS::ReplicationConfig + x-stackql-primary-identifier: + - ReplicationConfigArn + x-stackql-additional-identifiers: + - - ReplicationConfigIdentifier + x-create-only-properties: + - ResourceIdentifier + x-read-only-properties: + - /Properties/ReplicationConfigArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - dms:CreateReplicationConfig + - dms:AddTagsToResource + - dms:ListTagsForResource + - iam:CreateServiceLinkedRole + - iam:AttachRolePolicy + - iam:PutRolePolicy + - iam:UpdateRoleDescription + read: + - dms:DescribeReplicationConfigs + - dms:ListTagsForResource + update: + - dms:ModifyReplicationConfig + - dms:AddTagsToResource + - dms:RemoveTagsToResource + - dms:ListTagsForResource + - iam:CreateServiceLinkedRole + - iam:AttachRolePolicy + - iam:PutRolePolicy + - iam:UpdateRoleDescription + list: + - dms:DescribeReplicationConfigs + - dms:ListTagsForResource + delete: + - dms:DescribeReplicationConfigs + - dms:DeleteReplicationConfig + - dms:ListTagsForResource + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + x-stackQL-resources: + data_providers: + name: data_providers + id: aws.dms.data_providers + x-cfn-schema-name: DataProvider + x-type: list + x-identifiers: + - DataProviderArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DataProviderArn') as data_provider_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DMS::DataProvider' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DataProviderArn') as data_provider_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DMS::DataProvider' + AND region = 'us-east-1' + data_provider: + name: data_provider + id: aws.dms.data_provider + x-cfn-schema-name: DataProvider + x-type: get + x-identifiers: + - DataProviderArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DataProviderName') as data_provider_name, + JSON_EXTRACT(Properties, '$.DataProviderIdentifier') as data_provider_identifier, + JSON_EXTRACT(Properties, '$.DataProviderArn') as data_provider_arn, + JSON_EXTRACT(Properties, '$.DataProviderCreationTime') as data_provider_creation_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Engine') as engine, + JSON_EXTRACT(Properties, '$.ExactSettings') as exact_settings, + JSON_EXTRACT(Properties, '$.Settings') as settings, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DMS::DataProvider' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DataProviderName') as data_provider_name, + json_extract_path_text(Properties, 'DataProviderIdentifier') as data_provider_identifier, + json_extract_path_text(Properties, 'DataProviderArn') as data_provider_arn, + json_extract_path_text(Properties, 'DataProviderCreationTime') as data_provider_creation_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Engine') as engine, + json_extract_path_text(Properties, 'ExactSettings') as exact_settings, + json_extract_path_text(Properties, 'Settings') as settings, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DMS::DataProvider' + AND data__Identifier = '' + AND region = 'us-east-1' + instance_profiles: + name: instance_profiles + id: aws.dms.instance_profiles + x-cfn-schema-name: InstanceProfile + x-type: list + x-identifiers: + - InstanceProfileArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InstanceProfileArn') as instance_profile_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DMS::InstanceProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InstanceProfileArn') as instance_profile_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DMS::InstanceProfile' + AND region = 'us-east-1' + instance_profile: + name: instance_profile + id: aws.dms.instance_profile + x-cfn-schema-name: InstanceProfile + x-type: get + x-identifiers: + - InstanceProfileArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceProfileArn') as instance_profile_arn, + JSON_EXTRACT(Properties, '$.InstanceProfileIdentifier') as instance_profile_identifier, + JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(Properties, '$.NetworkType') as network_type, + JSON_EXTRACT(Properties, '$.InstanceProfileName') as instance_profile_name, + JSON_EXTRACT(Properties, '$.InstanceProfileCreationTime') as instance_profile_creation_time, + JSON_EXTRACT(Properties, '$.SubnetGroupIdentifier') as subnet_group_identifier, + JSON_EXTRACT(Properties, '$.VpcSecurityGroups') as vpc_security_groups, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DMS::InstanceProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceProfileArn') as instance_profile_arn, + json_extract_path_text(Properties, 'InstanceProfileIdentifier') as instance_profile_identifier, + json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(Properties, 'NetworkType') as network_type, + json_extract_path_text(Properties, 'InstanceProfileName') as instance_profile_name, + json_extract_path_text(Properties, 'InstanceProfileCreationTime') as instance_profile_creation_time, + json_extract_path_text(Properties, 'SubnetGroupIdentifier') as subnet_group_identifier, + json_extract_path_text(Properties, 'VpcSecurityGroups') as vpc_security_groups, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DMS::InstanceProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + migration_projects: + name: migration_projects + id: aws.dms.migration_projects + x-cfn-schema-name: MigrationProject + x-type: list + x-identifiers: + - MigrationProjectArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.MigrationProjectArn') as migration_project_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DMS::MigrationProject' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'MigrationProjectArn') as migration_project_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DMS::MigrationProject' + AND region = 'us-east-1' + migration_project: + name: migration_project + id: aws.dms.migration_project + x-cfn-schema-name: MigrationProject + x-type: get + x-identifiers: + - MigrationProjectArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.MigrationProjectName') as migration_project_name, + JSON_EXTRACT(Properties, '$.MigrationProjectIdentifier') as migration_project_identifier, + JSON_EXTRACT(Properties, '$.MigrationProjectArn') as migration_project_arn, + JSON_EXTRACT(Properties, '$.MigrationProjectCreationTime') as migration_project_creation_time, + JSON_EXTRACT(Properties, '$.InstanceProfileIdentifier') as instance_profile_identifier, + JSON_EXTRACT(Properties, '$.InstanceProfileName') as instance_profile_name, + JSON_EXTRACT(Properties, '$.InstanceProfileArn') as instance_profile_arn, + JSON_EXTRACT(Properties, '$.TransformationRules') as transformation_rules, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.SchemaConversionApplicationAttributes') as schema_conversion_application_attributes, + JSON_EXTRACT(Properties, '$.SourceDataProviderDescriptors') as source_data_provider_descriptors, + JSON_EXTRACT(Properties, '$.TargetDataProviderDescriptors') as target_data_provider_descriptors, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DMS::MigrationProject' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'MigrationProjectName') as migration_project_name, + json_extract_path_text(Properties, 'MigrationProjectIdentifier') as migration_project_identifier, + json_extract_path_text(Properties, 'MigrationProjectArn') as migration_project_arn, + json_extract_path_text(Properties, 'MigrationProjectCreationTime') as migration_project_creation_time, + json_extract_path_text(Properties, 'InstanceProfileIdentifier') as instance_profile_identifier, + json_extract_path_text(Properties, 'InstanceProfileName') as instance_profile_name, + json_extract_path_text(Properties, 'InstanceProfileArn') as instance_profile_arn, + json_extract_path_text(Properties, 'TransformationRules') as transformation_rules, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'SchemaConversionApplicationAttributes') as schema_conversion_application_attributes, + json_extract_path_text(Properties, 'SourceDataProviderDescriptors') as source_data_provider_descriptors, + json_extract_path_text(Properties, 'TargetDataProviderDescriptors') as target_data_provider_descriptors, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DMS::MigrationProject' + AND data__Identifier = '' + AND region = 'us-east-1' + replication_configs: + name: replication_configs + id: aws.dms.replication_configs + x-cfn-schema-name: ReplicationConfig + x-type: list + x-identifiers: + - ReplicationConfigArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ReplicationConfigArn') as replication_config_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DMS::ReplicationConfig' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ReplicationConfigArn') as replication_config_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DMS::ReplicationConfig' + AND region = 'us-east-1' + replication_config: + name: replication_config + id: aws.dms.replication_config + x-cfn-schema-name: ReplicationConfig + x-type: get + x-identifiers: + - ReplicationConfigArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ReplicationConfigIdentifier') as replication_config_identifier, + JSON_EXTRACT(Properties, '$.ReplicationConfigArn') as replication_config_arn, + JSON_EXTRACT(Properties, '$.SourceEndpointArn') as source_endpoint_arn, + JSON_EXTRACT(Properties, '$.TargetEndpointArn') as target_endpoint_arn, + JSON_EXTRACT(Properties, '$.ReplicationType') as replication_type, + JSON_EXTRACT(Properties, '$.ComputeConfig') as compute_config, + JSON_EXTRACT(Properties, '$.ReplicationSettings') as replication_settings, + JSON_EXTRACT(Properties, '$.SupplementalSettings') as supplemental_settings, + JSON_EXTRACT(Properties, '$.ResourceIdentifier') as resource_identifier, + JSON_EXTRACT(Properties, '$.TableMappings') as table_mappings, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DMS::ReplicationConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ReplicationConfigIdentifier') as replication_config_identifier, + json_extract_path_text(Properties, 'ReplicationConfigArn') as replication_config_arn, + json_extract_path_text(Properties, 'SourceEndpointArn') as source_endpoint_arn, + json_extract_path_text(Properties, 'TargetEndpointArn') as target_endpoint_arn, + json_extract_path_text(Properties, 'ReplicationType') as replication_type, + json_extract_path_text(Properties, 'ComputeConfig') as compute_config, + json_extract_path_text(Properties, 'ReplicationSettings') as replication_settings, + json_extract_path_text(Properties, 'SupplementalSettings') as supplemental_settings, + json_extract_path_text(Properties, 'ResourceIdentifier') as resource_identifier, + json_extract_path_text(Properties, 'TableMappings') as table_mappings, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DMS::ReplicationConfig' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/docdbelastic.yaml b/providers/src/aws/v00.00.00000/services/docdbelastic.yaml new file mode 100644 index 00000000..f5abc447 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/docdbelastic.yaml @@ -0,0 +1,258 @@ +openapi: 3.0.0 +info: + title: DocDBElastic + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + properties: + Key: + type: string + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + maxLength: 128 + minLength: 1 + Value: + type: string + maxLength: 256 + minLength: 0 + required: + - Key + - Value + additionalProperties: false + Cluster: + type: object + properties: + ClusterName: + type: string + pattern: '[a-zA-z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*' + maxLength: 50 + minLength: 1 + ClusterArn: + type: string + ClusterEndpoint: + type: string + AdminUserName: + type: string + AdminUserPassword: + type: string + ShardCapacity: + type: integer + ShardCount: + type: integer + VpcSecurityGroupIds: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + SubnetIds: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + PreferredMaintenanceWindow: + type: string + PreferredBackupWindow: + type: string + BackupRetentionPeriod: + type: integer + ShardInstanceCount: + type: integer + KmsKeyId: + type: string + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true + maxItems: 50 + minItems: 0 + AuthType: + type: string + required: + - ClusterName + - AdminUserName + - ShardCapacity + - ShardCount + - AuthType + x-stackql-resource-name: cluster + description: The AWS::DocDBElastic::Cluster Amazon DocumentDB (with MongoDB compatibility) Elastic Scale resource describes a Cluster + x-type-name: AWS::DocDBElastic::Cluster + x-stackql-primary-identifier: + - ClusterArn + x-create-only-properties: + - AdminUserName + - AuthType + - ClusterName + - KmsKeyId + x-write-only-properties: + - AdminUserPassword + x-read-only-properties: + - ClusterArn + - ClusterEndpoint + x-required-properties: + - ClusterName + - AdminUserName + - ShardCapacity + - ShardCount + - AuthType + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - docdb-elastic:CreateCluster + - docdb-elastic:TagResource + - docdb-elastic:GetCluster + - docdb-elastic:ListTagsForResource + - ec2:CreateVpcEndpoint + - ec2:DescribeVpcEndpoints + - ec2:DeleteVpcEndpoints + - ec2:ModifyVpcEndpoint + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcAttribute + - ec2:DescribeVpcs + - ec2:DescribeAvailabilityZones + - secretsmanager:ListSecrets + - secretsmanager:ListSecretVersionIds + - secretsmanager:DescribeSecret + - secretsmanager:GetSecretValue + - secretsmanager:GetResourcePolicy + - kms:DescribeKey + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + - iam:CreateServiceLinkedRole + read: + - docdb-elastic:GetCluster + - docdb-elastic:ListTagsForResource + update: + - docdb-elastic:UpdateCluster + - docdb-elastic:TagResource + - docdb-elastic:UntagResource + - docdb-elastic:GetCluster + - docdb-elastic:ListTagsForResource + - ec2:CreateVpcEndpoint + - ec2:DescribeVpcEndpoints + - ec2:DeleteVpcEndpoints + - ec2:ModifyVpcEndpoint + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcAttribute + - ec2:DescribeVpcs + - ec2:DescribeAvailabilityZones + - secretsmanager:ListSecrets + - secretsmanager:ListSecretVersionIds + - secretsmanager:DescribeSecret + - secretsmanager:GetSecretValue + - secretsmanager:GetResourcePolicy + - kms:DescribeKey + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + delete: + - docdb-elastic:DeleteCluster + - docdb-elastic:GetCluster + - ec2:DescribeVpcEndpoints + - ec2:DeleteVpcEndpoints + - ec2:ModifyVpcEndpoint + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcAttribute + - ec2:DescribeVpcs + - ec2:DescribeAvailabilityZones + list: + - docdb-elastic:ListClusters + x-stackQL-resources: + clusters: + name: clusters + id: aws.docdbelastic.clusters + x-cfn-schema-name: Cluster + x-type: list + x-identifiers: + - ClusterArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ClusterArn') as cluster_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DocDBElastic::Cluster' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ClusterArn') as cluster_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DocDBElastic::Cluster' + AND region = 'us-east-1' + cluster: + name: cluster + id: aws.docdbelastic.cluster + x-cfn-schema-name: Cluster + x-type: get + x-identifiers: + - ClusterArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(Properties, '$.ClusterArn') as cluster_arn, + JSON_EXTRACT(Properties, '$.ClusterEndpoint') as cluster_endpoint, + JSON_EXTRACT(Properties, '$.AdminUserName') as admin_user_name, + JSON_EXTRACT(Properties, '$.AdminUserPassword') as admin_user_password, + JSON_EXTRACT(Properties, '$.ShardCapacity') as shard_capacity, + JSON_EXTRACT(Properties, '$.ShardCount') as shard_count, + JSON_EXTRACT(Properties, '$.VpcSecurityGroupIds') as vpc_security_group_ids, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, + JSON_EXTRACT(Properties, '$.PreferredBackupWindow') as preferred_backup_window, + JSON_EXTRACT(Properties, '$.BackupRetentionPeriod') as backup_retention_period, + JSON_EXTRACT(Properties, '$.ShardInstanceCount') as shard_instance_count, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AuthType') as auth_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DocDBElastic::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ClusterName') as cluster_name, + json_extract_path_text(Properties, 'ClusterArn') as cluster_arn, + json_extract_path_text(Properties, 'ClusterEndpoint') as cluster_endpoint, + json_extract_path_text(Properties, 'AdminUserName') as admin_user_name, + json_extract_path_text(Properties, 'AdminUserPassword') as admin_user_password, + json_extract_path_text(Properties, 'ShardCapacity') as shard_capacity, + json_extract_path_text(Properties, 'ShardCount') as shard_count, + json_extract_path_text(Properties, 'VpcSecurityGroupIds') as vpc_security_group_ids, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, + json_extract_path_text(Properties, 'PreferredBackupWindow') as preferred_backup_window, + json_extract_path_text(Properties, 'BackupRetentionPeriod') as backup_retention_period, + json_extract_path_text(Properties, 'ShardInstanceCount') as shard_instance_count, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AuthType') as auth_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DocDBElastic::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/dynamodb.yaml b/providers/src/aws/v00.00.00000/services/dynamodb.yaml new file mode 100644 index 00000000..0c39c2b7 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/dynamodb.yaml @@ -0,0 +1,1073 @@ +openapi: 3.0.0 +info: + title: DynamoDB + version: 1.0.0 +paths: {} +components: + schemas: + LocalSecondaryIndex: + description: Represents the properties of a local secondary index. A local secondary index can only be created when its parent table is created. + additionalProperties: false + type: object + properties: + IndexName: + description: The name of the local secondary index. The name must be unique among all other indexes on this table. + type: string + Projection: + description: Represents attributes that are copied (projected) from the table into the local secondary index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. + $ref: '#/components/schemas/Projection' + KeySchema: + uniqueItems: true + description: |- + The complete key schema for the local secondary index, consisting of one or more pairs of attribute names and key types: + + ``HASH`` - partition key + + ``RANGE`` - sort key + + The partition key of an item is also known as its *hash attribute*. The term "hash attribute" derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. + The sort key of an item is also known as its *range attribute*. The term "range attribute" derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. + type: array + items: + $ref: '#/components/schemas/KeySchema' + required: + - IndexName + - Projection + - KeySchema + SSESpecification: + description: Represents the settings used to enable server-side encryption. + additionalProperties: false + type: object + properties: + SSEEnabled: + description: Indicates whether server-side encryption is done using an AWS managed key or an AWS owned key. If enabled (true), server-side encryption type is set to ``KMS`` and an AWS managed key is used (KMS charges apply). If disabled (false) or not specified, server-side encryption is set to AWS owned key. + type: boolean + SSEType: + description: |- + Server-side encryption type. The only supported value is: + + ``KMS`` - Server-side encryption that uses KMSlong. The key is stored in your account and is managed by KMS (KMS charges apply). + type: string + KMSMasterKeyId: + anyOf: + - relationshipRef: + typeName: AWS::KMS::Key + propertyPath: /properties/Arn + - relationshipRef: + typeName: AWS::KMS::Key + propertyPath: /properties/KeyId + - relationshipRef: + typeName: AWS::KMS::Alias + propertyPath: /properties/AliasName + description: The KMS key that should be used for the KMS encryption. To specify a key, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. Note that you should only provide this parameter if the key is different from the default DynamoDB key ``alias/aws/dynamodb``. + type: string + required: + - SSEEnabled + KinesisStreamSpecification: + description: The Kinesis Data Streams configuration for the specified table. + additionalProperties: false + type: object + properties: + ApproximateCreationDateTimePrecision: + description: The precision for the time and date that the stream was created. + type: string + enum: + - MICROSECOND + - MILLISECOND + StreamArn: + x-relationshipRef: + typeName: AWS::Kinesis::Stream + propertyPath: /properties/Arn + description: |- + The ARN for a specific Kinesis data stream. + Length Constraints: Minimum length of 37. Maximum length of 1024. + type: string + required: + - StreamArn + StreamSpecification: + description: Represents the DynamoDB Streams configuration for a table in DynamoDB. + additionalProperties: false + type: object + properties: + StreamViewType: + description: |- + When an item in the table is modified, ``StreamViewType`` determines what information is written to the stream for this table. Valid values for ``StreamViewType`` are: + + ``KEYS_ONLY`` - Only the key attributes of the modified item are written to the stream. + + ``NEW_IMAGE`` - The entire item, as it appears after it was modified, is written to the stream. + + ``OLD_IMAGE`` - The entire item, as it appeared before it was modified, is written to the stream. + + ``NEW_AND_OLD_IMAGES`` - Both the new and the old item images of the item are written to the stream. + type: string + ResourcePolicy: + description: |- + Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table's streams. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. + In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see [Using resource-based policies for](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html) and [Resource-based policy examples](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html). + $ref: '#/components/schemas/ResourcePolicy' + required: + - StreamViewType + ContributorInsightsSpecification: + description: The settings used to enable or disable CloudWatch Contributor Insights. + additionalProperties: false + type: object + properties: + Enabled: + description: Indicates whether CloudWatch Contributor Insights are to be enabled (true) or disabled (false). + type: boolean + required: + - Enabled + ReplicaSpecification: + additionalProperties: false + type: object + properties: + SSESpecification: + $ref: '#/components/schemas/ReplicaSSESpecification' + KinesisStreamSpecification: + $ref: '#/components/schemas/KinesisStreamSpecification' + ContributorInsightsSpecification: + $ref: '#/components/schemas/ContributorInsightsSpecification' + PointInTimeRecoverySpecification: + $ref: '#/components/schemas/PointInTimeRecoverySpecification' + ReplicaStreamSpecification: + $ref: '#/components/schemas/ReplicaStreamSpecification' + GlobalSecondaryIndexes: + uniqueItems: true + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ReplicaGlobalSecondaryIndexSpecification' + Region: + type: string + ResourcePolicy: + $ref: '#/components/schemas/ResourcePolicy' + ReadProvisionedThroughputSettings: + $ref: '#/components/schemas/ReadProvisionedThroughputSettings' + TableClass: + type: string + DeletionProtectionEnabled: + type: boolean + Tags: + uniqueItems: true + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - Region + CapacityAutoScalingSettings: + additionalProperties: false + type: object + properties: + MinCapacity: + type: integer + minimum: 1 + SeedCapacity: + type: integer + minimum: 1 + TargetTrackingScalingPolicyConfiguration: + $ref: '#/components/schemas/TargetTrackingScalingPolicyConfiguration' + MaxCapacity: + type: integer + minimum: 1 + required: + - MinCapacity + - MaxCapacity + - TargetTrackingScalingPolicyConfiguration + AttributeDefinition: + description: Represents an attribute for describing the schema for the table and indexes. + additionalProperties: false + type: object + properties: + AttributeType: + description: |- + The data type for the attribute, where: + + ``S`` - the attribute is of type String + + ``N`` - the attribute is of type Number + + ``B`` - the attribute is of type Binary + type: string + AttributeName: + description: A name for the attribute. + type: string + required: + - AttributeName + - AttributeType + Projection: + description: Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. + additionalProperties: false + type: object + properties: + NonKeyAttributes: + uniqueItems: false + description: |- + Represents the non-key attribute names which will be projected into the index. + For local secondary indexes, the total count of ``NonKeyAttributes`` summed across all of the local secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total. + type: array + items: + type: string + ProjectionType: + description: |- + The set of attributes that are projected into the index: + + ``KEYS_ONLY`` - Only the index and primary keys are projected into the index. + + ``INCLUDE`` - In addition to the attributes described in ``KEYS_ONLY``, the secondary index will include other non-key attributes that you specify. + + ``ALL`` - All of the table attributes are projected into the index. + + When using the DynamoDB console, ``ALL`` is selected by default. + type: string + PointInTimeRecoverySpecification: + description: The settings used to enable point in time recovery. + additionalProperties: false + type: object + properties: + PointInTimeRecoveryEnabled: + description: Indicates whether point in time recovery is enabled (true) or disabled (false) on the table. + type: boolean + ReplicaGlobalSecondaryIndexSpecification: + additionalProperties: false + type: object + properties: + IndexName: + minLength: 3 + type: string + maxLength: 255 + ContributorInsightsSpecification: + $ref: '#/components/schemas/ContributorInsightsSpecification' + ReadProvisionedThroughputSettings: + $ref: '#/components/schemas/ReadProvisionedThroughputSettings' + required: + - IndexName + TargetTrackingScalingPolicyConfiguration: + additionalProperties: false + type: object + properties: + ScaleOutCooldown: + type: integer + minimum: 0 + TargetValue: + format: double + type: number + DisableScaleIn: + type: boolean + ScaleInCooldown: + type: integer + minimum: 0 + required: + - TargetValue + GlobalSecondaryIndex: + description: Represents the properties of a global secondary index. + additionalProperties: false + type: object + properties: + IndexName: + description: The name of the global secondary index. The name must be unique among all other indexes on this table. + type: string + ContributorInsightsSpecification: + description: The settings used to enable or disable CloudWatch Contributor Insights for the specified global secondary index. + $ref: '#/components/schemas/ContributorInsightsSpecification' + Projection: + description: Represents attributes that are copied (projected) from the table into the global secondary index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. + $ref: '#/components/schemas/Projection' + ProvisionedThroughput: + description: |- + Represents the provisioned throughput settings for the specified global secondary index. + For current minimum and maximum provisioned throughput values, see [Service, Account, and Table Quotas](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html) in the *Amazon DynamoDB Developer Guide*. + $ref: '#/components/schemas/ProvisionedThroughput' + KeySchema: + uniqueItems: true + description: |- + The complete key schema for a global secondary index, which consists of one or more pairs of attribute names and key types: + + ``HASH`` - partition key + + ``RANGE`` - sort key + + The partition key of an item is also known as its *hash attribute*. The term "hash attribute" derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. + The sort key of an item is also known as its *range attribute*. The term "range attribute" derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. + type: array + items: + $ref: '#/components/schemas/KeySchema' + required: + - IndexName + - Projection + - KeySchema + WriteProvisionedThroughputSettings: + additionalProperties: false + type: object + properties: + WriteCapacityAutoScalingSettings: + $ref: '#/components/schemas/CapacityAutoScalingSettings' + ReplicaStreamSpecification: + additionalProperties: false + type: object + properties: + ResourcePolicy: + $ref: '#/components/schemas/ResourcePolicy' + required: + - ResourcePolicy + ReplicaSSESpecification: + additionalProperties: false + type: object + properties: + KMSMasterKeyId: + anyOf: + - relationshipRef: + typeName: AWS::KMS::Key + propertyPath: /properties/Arn + - relationshipRef: + typeName: AWS::KMS::Key + propertyPath: /properties/KeyId + - relationshipRef: + typeName: AWS::KMS::Alias + propertyPath: /properties/AliasName + type: string + required: + - KMSMasterKeyId + ResourcePolicy: + description: |- + Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. + In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see [Using resource-based policies for](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html) and [Resource-based policy examples](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html). + While defining resource-based policies in your CFNshort templates, the following considerations apply: + + The maximum size supported for a resource-based policy document in JSON format is 20 KB. DDB counts whitespaces when calculating the size of a policy against this limit. + + Resource-based policies don't support [drift detection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html#). If you update a policy outside of the CFNshort stack template, you'll need to update the CFNshort stack with the changes. + + Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CFNshort template, the change won't be overwritten if there are no changes to the policy within the template. + For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DDB won’t be synced with the policy in the template. + Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DDB will be updated to match the one defined in the template. + + For a full list of all considerations, see [Resource-based policy considerations](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html). + additionalProperties: false + type: object + properties: + PolicyDocument: + description: >- + A resource-based policy document that contains permissions to add to the specified DDB table, index, or both. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see [Using resource-based policies for](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html) and [Resource-based policy + examples](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html). + type: object + required: + - PolicyDocument + KeySchema: + description: |- + Represents *a single element* of a key schema. A key schema specifies the attributes that make up the primary key of a table, or the key attributes of an index. + A ``KeySchemaElement`` represents exactly one attribute of the primary key. For example, a simple primary key would be represented by one ``KeySchemaElement`` (for the partition key). A composite primary key would require one ``KeySchemaElement`` for the partition key, and another ``KeySchemaElement`` for the sort key. + A ``KeySchemaElement`` must be a scalar, top-level attribute (not a nested attribute). The data type must be one of String, Number, or Binary. The attribute cannot be nested within a List or a Map. + additionalProperties: false + type: object + properties: + KeyType: + description: |- + The role that this key attribute will assume: + + ``HASH`` - partition key + + ``RANGE`` - sort key + + The partition key of an item is also known as its *hash attribute*. The term "hash attribute" derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. + The sort key of an item is also known as its *range attribute*. The term "range attribute" derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. + type: string + AttributeName: + description: The name of a key attribute. + type: string + required: + - KeyType + - AttributeName + Tag: + description: |- + Describes a tag. A tag is a key-value pair. You can add up to 50 tags to a single DynamoDB table. + AWS-assigned tag names and values are automatically assigned the ``aws:`` prefix, which the user cannot assign. AWS-assigned tag names do not count towards the tag limit of 50. User-assigned tag names have the prefix ``user:`` in the Cost Allocation Report. You cannot backdate the application of a tag. + For an overview on tagging DynamoDB resources, see [Tagging for DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tagging.html) in the *Amazon DynamoDB Developer Guide*. + additionalProperties: false + type: object + properties: + Value: + description: The value of the tag. Tag values are case-sensitive and can be null. + type: string + Key: + description: The key of the tag. Tag keys are case sensitive. Each DynamoDB table can only have up to one tag with the same key. If you try to add an existing tag (same key), the existing tag value will be updated to the new value. + type: string + required: + - Value + - Key + ReadProvisionedThroughputSettings: + additionalProperties: false + type: object + properties: + ReadCapacityUnits: + type: integer + minimum: 1 + ReadCapacityAutoScalingSettings: + $ref: '#/components/schemas/CapacityAutoScalingSettings' + TimeToLiveSpecification: + description: Represents the settings used to enable or disable Time to Live (TTL) for the specified table. + additionalProperties: false + type: object + properties: + Enabled: + description: Indicates whether TTL is to be enabled (true) or disabled (false) on the table. + type: boolean + AttributeName: + description: |- + The name of the TTL attribute used to store the expiration time for items in the table. + + The ``AttributeName`` property is required when enabling the TTL, or when TTL is already enabled. + + To update this property, you must first disable TTL and then enable TTL with the new attribute name. + type: string + required: + - Enabled + GlobalTable: + type: object + properties: + TableId: + type: string + SSESpecification: + $ref: '#/components/schemas/SSESpecification' + StreamSpecification: + $ref: '#/components/schemas/StreamSpecification' + Replicas: + minItems: 1 + uniqueItems: true + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ReplicaSpecification' + WriteProvisionedThroughputSettings: + $ref: '#/components/schemas/WriteProvisionedThroughputSettings' + TableName: + type: string + AttributeDefinitions: + minItems: 1 + uniqueItems: true + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/AttributeDefinition' + BillingMode: + type: string + GlobalSecondaryIndexes: + uniqueItems: true + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/GlobalSecondaryIndex' + KeySchema: + minItems: 1 + maxItems: 2 + uniqueItems: true + type: array + items: + $ref: '#/components/schemas/KeySchema' + LocalSecondaryIndexes: + uniqueItems: true + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/LocalSecondaryIndex' + Arn: + type: string + StreamArn: + type: string + TimeToLiveSpecification: + $ref: '#/components/schemas/TimeToLiveSpecification' + required: + - KeySchema + - AttributeDefinitions + - Replicas + x-stackql-resource-name: global_table + description: 'Version: None. Resource Type definition for AWS::DynamoDB::GlobalTable' + x-type-name: AWS::DynamoDB::GlobalTable + x-stackql-primary-identifier: + - TableName + x-stackql-additional-identifiers: + - - Arn + - - StreamArn + x-create-only-properties: + - LocalSecondaryIndexes + - TableName + - KeySchema + x-write-only-properties: + - Replicas/*/ReadProvisionedThroughputSettings/ReadCapacityAutoScalingSettings/SeedCapacity + - Replicas/*/GlobalSecondaryIndexes/*/ReadProvisionedThroughputSettings/ReadCapacityAutoScalingSettings/SeedCapacity + - WriteProvisionedThroughputSettings/WriteCapacityAutoScalingSettings/SeedCapacity + - GlobalSecondaryIndexes/*/WriteProvisionedThroughputSettings/WriteCapacityAutoScalingSettings/SeedCapacity + x-read-only-properties: + - Arn + - StreamArn + - TableId + x-required-properties: + - KeySchema + - AttributeDefinitions + - Replicas + x-required-permissions: + read: + - dynamodb:Describe* + - dynamodb:GetResourcePolicy + - application-autoscaling:Describe* + - cloudwatch:PutMetricData + - dynamodb:ListTagsOfResource + - kms:DescribeKey + create: + - dynamodb:CreateTable + - dynamodb:CreateTableReplica + - dynamodb:Describe* + - dynamodb:UpdateTimeToLive + - dynamodb:UpdateContributorInsights + - dynamodb:UpdateContinuousBackups + - dynamodb:ListTagsOfResource + - dynamodb:Query + - dynamodb:Scan + - dynamodb:UpdateItem + - dynamodb:PutItem + - dynamodb:GetItem + - dynamodb:DeleteItem + - dynamodb:BatchWriteItem + - dynamodb:TagResource + - dynamodb:EnableKinesisStreamingDestination + - dynamodb:DisableKinesisStreamingDestination + - dynamodb:UpdateTableReplicaAutoScaling + - dynamodb:TagResource + - dynamodb:GetResourcePolicy + - dynamodb:PutResourcePolicy + - application-autoscaling:DeleteScalingPolicy + - application-autoscaling:DeleteScheduledAction + - application-autoscaling:DeregisterScalableTarget + - application-autoscaling:Describe* + - application-autoscaling:PutScalingPolicy + - application-autoscaling:PutScheduledAction + - application-autoscaling:RegisterScalableTarget + - kinesis:ListStreams + - kinesis:DescribeStream + - kinesis:PutRecords + - kms:CreateGrant + - kms:DescribeKey + - kms:ListAliases + - kms:Decrypt + - kms:RevokeGrant + - cloudwatch:PutMetricData + - iam:CreateServiceLinkedRole + update: + - dynamodb:Describe* + - dynamodb:CreateTableReplica + - dynamodb:UpdateTable + - dynamodb:UpdateTimeToLive + - dynamodb:UpdateContinuousBackups + - dynamodb:UpdateContributorInsights + - dynamodb:ListTagsOfResource + - dynamodb:Query + - dynamodb:Scan + - dynamodb:UpdateItem + - dynamodb:PutItem + - dynamodb:GetItem + - dynamodb:DeleteItem + - dynamodb:BatchWriteItem + - dynamodb:DeleteTable + - dynamodb:DeleteTableReplica + - dynamodb:UpdateItem + - dynamodb:TagResource + - dynamodb:UntagResource + - dynamodb:EnableKinesisStreamingDestination + - dynamodb:DisableKinesisStreamingDestination + - dynamodb:UpdateTableReplicaAutoScaling + - dynamodb:UpdateKinesisStreamingDestination + - dynamodb:GetResourcePolicy + - dynamodb:PutResourcePolicy + - dynamodb:DeleteResourcePolicy + - application-autoscaling:DeleteScalingPolicy + - application-autoscaling:DeleteScheduledAction + - application-autoscaling:DeregisterScalableTarget + - application-autoscaling:Describe* + - application-autoscaling:PutScalingPolicy + - application-autoscaling:PutScheduledAction + - application-autoscaling:RegisterScalableTarget + - kinesis:ListStreams + - kinesis:DescribeStream + - kinesis:PutRecords + - kms:CreateGrant + - kms:DescribeKey + - kms:ListAliases + - kms:RevokeGrant + - cloudwatch:PutMetricData + list: + - dynamodb:ListTables + - cloudwatch:PutMetricData + delete: + - dynamodb:Describe* + - dynamodb:DeleteTable + - application-autoscaling:DeleteScalingPolicy + - application-autoscaling:DeleteScheduledAction + - application-autoscaling:DeregisterScalableTarget + - application-autoscaling:Describe* + - application-autoscaling:PutScalingPolicy + - application-autoscaling:PutScheduledAction + - application-autoscaling:RegisterScalableTarget + InputFormatOptions: + description: The format options for the data that was imported into the target table. There is one value, CsvOption. + additionalProperties: false + type: object + properties: + Csv: + description: The options for imported source files in CSV format. The values are Delimiter and HeaderList. + $ref: '#/components/schemas/Csv' + Csv: + description: The options for imported source files in CSV format. The values are Delimiter and HeaderList. + additionalProperties: false + type: object + properties: + Delimiter: + description: The delimiter used for separating items in the CSV file being imported. + type: string + HeaderList: + uniqueItems: true + description: List of the headers used to specify a common header for all source CSV files being imported. If this field is specified then the first line of each CSV file is treated as data instead of the header. If this field is not specified the the first line of each CSV file is treated as the header. + type: array + items: + type: string + ImportSourceSpecification: + description: Specifies the properties of data being imported from the S3 bucket source to the table. + additionalProperties: false + type: object + properties: + S3BucketSource: + description: The S3 bucket that provides the source for the import. + $ref: '#/components/schemas/S3BucketSource' + InputFormat: + description: The format of the source data. Valid values for ``ImportFormat`` are ``CSV``, ``DYNAMODB_JSON`` or ``ION``. + type: string + InputFormatOptions: + description: Additional properties that specify how the input is formatted, + $ref: '#/components/schemas/InputFormatOptions' + InputCompressionType: + description: Type of compression to be used on the input coming from the imported table. + type: string + required: + - S3BucketSource + - InputFormat + ProvisionedThroughput: + description: Throughput for the specified table, which consists of values for ``ReadCapacityUnits`` and ``WriteCapacityUnits``. For more information about the contents of a provisioned throughput structure, see [Table ProvisionedThroughput](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ProvisionedThroughput.html). + additionalProperties: false + type: object + properties: + WriteCapacityUnits: + description: |- + The maximum number of writes consumed per second before DynamoDB returns a ``ThrottlingException``. For more information, see [Specifying Read and Write Requirements](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughput.html) in the *Amazon DynamoDB Developer Guide*. + If read/write capacity mode is ``PAY_PER_REQUEST`` the value is set to 0. + type: integer + ReadCapacityUnits: + description: |- + The maximum number of strongly consistent reads consumed per second before DynamoDB returns a ``ThrottlingException``. For more information, see [Specifying Read and Write Requirements](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughput.html) in the *Amazon DynamoDB Developer Guide*. + If read/write capacity mode is ``PAY_PER_REQUEST`` the value is set to 0. + type: integer + required: + - WriteCapacityUnits + - ReadCapacityUnits + S3BucketSource: + description: The S3 bucket that is being imported from. + additionalProperties: false + type: object + properties: + S3Bucket: + x-relationshipRef: + typeName: AWS::S3::Bucket + propertyPath: /properties/BucketName + description: The S3 bucket that is being imported from. + type: string + S3KeyPrefix: + description: The key prefix shared by all S3 Objects that are being imported. + type: string + S3BucketOwner: + description: The account number of the S3 bucket that is being imported from. If the bucket is owned by the requester this is optional. + type: string + required: + - S3Bucket + DeprecatedKeySchema: + description: '' + additionalProperties: false + type: object + properties: + HashKeyElement: + $ref: '#/components/schemas/DeprecatedHashKeyElement' + required: + - HashKeyElement + DeprecatedHashKeyElement: + description: '' + additionalProperties: false + type: object + properties: + AttributeType: + type: string + AttributeName: + type: string + required: + - AttributeType + - AttributeName + Table: + type: object + properties: + SSESpecification: + description: Specifies the settings to enable server-side encryption. + $ref: '#/components/schemas/SSESpecification' + KinesisStreamSpecification: + description: The Kinesis Data Streams configuration for the specified table. + $ref: '#/components/schemas/KinesisStreamSpecification' + StreamSpecification: + description: The settings for the DDB table stream, which capture changes to items stored in the table. + $ref: '#/components/schemas/StreamSpecification' + ContributorInsightsSpecification: + description: The settings used to enable or disable CloudWatch Contributor Insights for the specified table. + $ref: '#/components/schemas/ContributorInsightsSpecification' + ImportSourceSpecification: + description: |- + Specifies the properties of data being imported from the S3 bucket source to the table. + If you specify the ``ImportSourceSpecification`` property, and also specify either the ``StreamSpecification``, the ``TableClass`` property, or the ``DeletionProtectionEnabled`` property, the IAM entity creating/updating stack must have ``UpdateTable`` permission. + $ref: '#/components/schemas/ImportSourceSpecification' + PointInTimeRecoverySpecification: + description: The settings used to enable point in time recovery. + $ref: '#/components/schemas/PointInTimeRecoverySpecification' + ProvisionedThroughput: + description: |- + Throughput for the specified table, which consists of values for ``ReadCapacityUnits`` and ``WriteCapacityUnits``. For more information about the contents of a provisioned throughput structure, see [Amazon DynamoDB Table ProvisionedThroughput](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ProvisionedThroughput.html). + If you set ``BillingMode`` as ``PROVISIONED``, you must specify this property. If you set ``BillingMode`` as ``PAY_PER_REQUEST``, you cannot specify this property. + $ref: '#/components/schemas/ProvisionedThroughput' + TableName: + description: |- + A name for the table. If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the table name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). + If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + type: string + AttributeDefinitions: + uniqueItems: true + description: |- + A list of attributes that describe the key schema for the table and indexes. + This property is required to create a DDB table. + Update requires: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt). Replacement if you edit an existing AttributeDefinition. + type: array + items: + $ref: '#/components/schemas/AttributeDefinition' + BillingMode: + description: |- + Specify how you are charged for read and write throughput and how you manage capacity. + Valid values include: + + ``PROVISIONED`` - We recommend using ``PROVISIONED`` for predictable workloads. ``PROVISIONED`` sets the billing mode to [Provisioned Mode](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html#HowItWorks.ProvisionedThroughput.Manual). + + ``PAY_PER_REQUEST`` - We recommend using ``PAY_PER_REQUEST`` for unpredictable workloads. ``PAY_PER_REQUEST`` sets the billing mode to [On-Demand Mode](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html#HowItWorks.OnDemand). + + If not specified, the default is ``PROVISIONED``. + type: string + GlobalSecondaryIndexes: + uniqueItems: false + description: |- + Global secondary indexes to be created on the table. You can create up to 20 global secondary indexes. + If you update a table to include a new global secondary index, CFNlong initiates the index creation and then proceeds with the stack update. CFNlong doesn't wait for the index to complete creation because the backfilling phase can take a long time, depending on the size of the table. You can't use the index or update the table until the index's status is ``ACTIVE``. You can track its status by using the DynamoDB [DescribeTable](https://docs.aws.amazon.com/cli/latest/reference/dynamodb/describe-table.html) command. + If you add or delete an index during an update, we recommend that you don't update any other resources. If your stack fails to update and is rolled back while adding a new index, you must manually delete the index. + Updates are not supported. The following are exceptions: + + If you update either the contributor insights specification or the provisioned throughput values of global secondary indexes, you can update the table without interruption. + + You can delete or add one global secondary index without interruption. If you do both in the same update (for example, by changing the index's logical ID), the update fails. + type: array + items: + $ref: '#/components/schemas/GlobalSecondaryIndex' + ResourcePolicy: + description: >- + A resource-based policy document that contains permissions to add to the specified table. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see [Using resource-based policies for](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html) and [Resource-based policy + examples](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html). + When you attach a resource-based policy while creating a table, the policy creation is *strongly consistent*. For information about the considerations that you should keep in mind while attaching a resource-based policy, see [Resource-based policy considerations](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html). + $ref: '#/components/schemas/ResourcePolicy' + KeySchema: + oneOf: + - uniqueItems: true + type: array + items: + $ref: '#/components/schemas/KeySchema' + - type: object + description: Specifies the attributes that make up the primary key for the table. The attributes in the ``KeySchema`` property must also be defined in the ``AttributeDefinitions`` property. + LocalSecondaryIndexes: + uniqueItems: false + description: Local secondary indexes to be created on the table. You can create up to 5 local secondary indexes. Each index is scoped to a given hash key value. The size of each hash key can be up to 10 gigabytes. + type: array + items: + $ref: '#/components/schemas/LocalSecondaryIndex' + Arn: + description: '' + type: string + StreamArn: + description: '' + type: string + DeletionProtectionEnabled: + description: Determines if a table is protected from deletion. When enabled, the table cannot be deleted by any user or process. This setting is disabled by default. For more information, see [Using deletion protection](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.Basics.html#WorkingWithTables.Basics.DeletionProtection) in the *Developer Guide*. + type: boolean + TableClass: + description: The table class of the new table. Valid values are ``STANDARD`` and ``STANDARD_INFREQUENT_ACCESS``. + type: string + Tags: + uniqueItems: false + description: |- + An array of key-value pairs to apply to this resource. + For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). + type: array + items: + $ref: '#/components/schemas/Tag' + TimeToLiveSpecification: + description: |- + Specifies the Time to Live (TTL) settings for the table. + For detailed information about the limits in DynamoDB, see [Limits in Amazon DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html) in the Amazon DynamoDB Developer Guide. + $ref: '#/components/schemas/TimeToLiveSpecification' + required: + - KeySchema + x-stackql-resource-name: table + description: |- + The ``AWS::DynamoDB::Table`` resource creates a DDB table. For more information, see [CreateTable](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_CreateTable.html) in the *API Reference*. + You should be aware of the following behaviors when working with DDB tables: + + CFNlong typically creates DDB tables in parallel. However, if your template includes multiple DDB tables with indexes, you must declare dependencies so that the tables are created sequentially. DDBlong limits the number of tables with secondary indexes that are in the creating state. If you create multiple tables with indexes at the same time, DDB returns an error and the stack operation fails. For an example, see [DynamoDB Table with a DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html#aws-resource-dynamodb-table--examples--DynamoDB_Table_with_a_DependsOn_Attribute). + + Our guidance is to use the latest schema documented here for your CFNlong templates. This schema supports the provisioning of all table settings below. When using this schema in your CFNlong templates, please ensure that your Identity and Access Management (IAM) policies are updated with appropriate permissions to allow for the authorization of these setting changes. + x-type-name: AWS::DynamoDB::Table + x-stackql-primary-identifier: + - TableName + x-create-only-properties: + - TableName + - ImportSourceSpecification + x-write-only-properties: + - ImportSourceSpecification + x-read-only-properties: + - Arn + - StreamArn + x-required-properties: + - KeySchema + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + x-required-permissions: + read: + - dynamodb:DescribeTable + - dynamodb:DescribeContinuousBackups + - dynamodb:DescribeContributorInsights + - dynamodb:DescribeKinesisStreamingDestination + - dynamodb:ListTagsOfResource + - dynamodb:GetResourcePolicy + create: + - dynamodb:CreateTable + - dynamodb:DescribeImport + - dynamodb:DescribeTable + - dynamodb:DescribeTimeToLive + - dynamodb:UpdateTimeToLive + - dynamodb:UpdateContributorInsights + - dynamodb:UpdateContinuousBackups + - dynamodb:DescribeContinuousBackups + - dynamodb:DescribeContributorInsights + - dynamodb:EnableKinesisStreamingDestination + - dynamodb:DisableKinesisStreamingDestination + - dynamodb:DescribeKinesisStreamingDestination + - dynamodb:ImportTable + - dynamodb:ListTagsOfResource + - dynamodb:TagResource + - dynamodb:UpdateTable + - dynamodb:GetResourcePolicy + - dynamodb:PutResourcePolicy + - kinesis:DescribeStream + - kinesis:PutRecords + - iam:CreateServiceLinkedRole + - kms:CreateGrant + - kms:Decrypt + - kms:DescribeKey + - kms:ListAliases + - kms:Encrypt + - kms:RevokeGrant + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:DescribeLogGroups + - logs:DescribeLogStreams + - logs:PutLogEvents + - logs:PutRetentionPolicy + - s3:GetObject + - s3:GetObjectMetadata + - s3:ListBucket + update: + - dynamodb:UpdateTable + - dynamodb:DescribeTable + - dynamodb:DescribeTimeToLive + - dynamodb:UpdateTimeToLive + - dynamodb:UpdateContinuousBackups + - dynamodb:UpdateContributorInsights + - dynamodb:UpdateKinesisStreamingDestination + - dynamodb:DescribeContinuousBackups + - dynamodb:DescribeKinesisStreamingDestination + - dynamodb:ListTagsOfResource + - dynamodb:TagResource + - dynamodb:UntagResource + - dynamodb:DescribeContributorInsights + - dynamodb:EnableKinesisStreamingDestination + - dynamodb:DisableKinesisStreamingDestination + - dynamodb:GetResourcePolicy + - dynamodb:PutResourcePolicy + - dynamodb:DeleteResourcePolicy + - kinesis:DescribeStream + - kinesis:PutRecords + - iam:CreateServiceLinkedRole + - kms:CreateGrant + - kms:DescribeKey + - kms:ListAliases + - kms:RevokeGrant + list: + - dynamodb:ListTables + delete: + - dynamodb:DeleteTable + - dynamodb:DescribeTable + x-stackQL-resources: + global_tables: + name: global_tables + id: aws.dynamodb.global_tables + x-cfn-schema-name: GlobalTable + x-type: list + x-identifiers: + - TableName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TableName') as table_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DynamoDB::GlobalTable' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TableName') as table_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DynamoDB::GlobalTable' + AND region = 'us-east-1' + global_table: + name: global_table + id: aws.dynamodb.global_table + x-cfn-schema-name: GlobalTable + x-type: get + x-identifiers: + - TableName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TableId') as table_id, + JSON_EXTRACT(Properties, '$.SSESpecification') as sse_specification, + JSON_EXTRACT(Properties, '$.StreamSpecification') as stream_specification, + JSON_EXTRACT(Properties, '$.Replicas') as replicas, + JSON_EXTRACT(Properties, '$.WriteProvisionedThroughputSettings') as write_provisioned_throughput_settings, + JSON_EXTRACT(Properties, '$.TableName') as table_name, + JSON_EXTRACT(Properties, '$.AttributeDefinitions') as attribute_definitions, + JSON_EXTRACT(Properties, '$.BillingMode') as billing_mode, + JSON_EXTRACT(Properties, '$.GlobalSecondaryIndexes') as global_secondary_indexes, + JSON_EXTRACT(Properties, '$.KeySchema') as key_schema, + JSON_EXTRACT(Properties, '$.LocalSecondaryIndexes') as local_secondary_indexes, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.StreamArn') as stream_arn, + JSON_EXTRACT(Properties, '$.TimeToLiveSpecification') as time_to_live_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DynamoDB::GlobalTable' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TableId') as table_id, + json_extract_path_text(Properties, 'SSESpecification') as sse_specification, + json_extract_path_text(Properties, 'StreamSpecification') as stream_specification, + json_extract_path_text(Properties, 'Replicas') as replicas, + json_extract_path_text(Properties, 'WriteProvisionedThroughputSettings') as write_provisioned_throughput_settings, + json_extract_path_text(Properties, 'TableName') as table_name, + json_extract_path_text(Properties, 'AttributeDefinitions') as attribute_definitions, + json_extract_path_text(Properties, 'BillingMode') as billing_mode, + json_extract_path_text(Properties, 'GlobalSecondaryIndexes') as global_secondary_indexes, + json_extract_path_text(Properties, 'KeySchema') as key_schema, + json_extract_path_text(Properties, 'LocalSecondaryIndexes') as local_secondary_indexes, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'StreamArn') as stream_arn, + json_extract_path_text(Properties, 'TimeToLiveSpecification') as time_to_live_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DynamoDB::GlobalTable' + AND data__Identifier = '' + AND region = 'us-east-1' + tables: + name: tables + id: aws.dynamodb.tables + x-cfn-schema-name: Table + x-type: list + x-identifiers: + - TableName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TableName') as table_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DynamoDB::Table' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TableName') as table_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DynamoDB::Table' + AND region = 'us-east-1' + table: + name: table + id: aws.dynamodb.table + x-cfn-schema-name: Table + x-type: get + x-identifiers: + - TableName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SSESpecification') as sse_specification, + JSON_EXTRACT(Properties, '$.KinesisStreamSpecification') as kinesis_stream_specification, + JSON_EXTRACT(Properties, '$.StreamSpecification') as stream_specification, + JSON_EXTRACT(Properties, '$.ContributorInsightsSpecification') as contributor_insights_specification, + JSON_EXTRACT(Properties, '$.ImportSourceSpecification') as import_source_specification, + JSON_EXTRACT(Properties, '$.PointInTimeRecoverySpecification') as point_in_time_recovery_specification, + JSON_EXTRACT(Properties, '$.ProvisionedThroughput') as provisioned_throughput, + JSON_EXTRACT(Properties, '$.TableName') as table_name, + JSON_EXTRACT(Properties, '$.AttributeDefinitions') as attribute_definitions, + JSON_EXTRACT(Properties, '$.BillingMode') as billing_mode, + JSON_EXTRACT(Properties, '$.GlobalSecondaryIndexes') as global_secondary_indexes, + JSON_EXTRACT(Properties, '$.ResourcePolicy') as resource_policy, + JSON_EXTRACT(Properties, '$.KeySchema') as key_schema, + JSON_EXTRACT(Properties, '$.LocalSecondaryIndexes') as local_secondary_indexes, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.StreamArn') as stream_arn, + JSON_EXTRACT(Properties, '$.DeletionProtectionEnabled') as deletion_protection_enabled, + JSON_EXTRACT(Properties, '$.TableClass') as table_class, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TimeToLiveSpecification') as time_to_live_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DynamoDB::Table' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SSESpecification') as sse_specification, + json_extract_path_text(Properties, 'KinesisStreamSpecification') as kinesis_stream_specification, + json_extract_path_text(Properties, 'StreamSpecification') as stream_specification, + json_extract_path_text(Properties, 'ContributorInsightsSpecification') as contributor_insights_specification, + json_extract_path_text(Properties, 'ImportSourceSpecification') as import_source_specification, + json_extract_path_text(Properties, 'PointInTimeRecoverySpecification') as point_in_time_recovery_specification, + json_extract_path_text(Properties, 'ProvisionedThroughput') as provisioned_throughput, + json_extract_path_text(Properties, 'TableName') as table_name, + json_extract_path_text(Properties, 'AttributeDefinitions') as attribute_definitions, + json_extract_path_text(Properties, 'BillingMode') as billing_mode, + json_extract_path_text(Properties, 'GlobalSecondaryIndexes') as global_secondary_indexes, + json_extract_path_text(Properties, 'ResourcePolicy') as resource_policy, + json_extract_path_text(Properties, 'KeySchema') as key_schema, + json_extract_path_text(Properties, 'LocalSecondaryIndexes') as local_secondary_indexes, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'StreamArn') as stream_arn, + json_extract_path_text(Properties, 'DeletionProtectionEnabled') as deletion_protection_enabled, + json_extract_path_text(Properties, 'TableClass') as table_class, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TimeToLiveSpecification') as time_to_live_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DynamoDB::Table' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/ecr.yaml b/providers/src/aws/v00.00.00000/services/ecr.yaml new file mode 100644 index 00000000..ec42e1e3 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/ecr.yaml @@ -0,0 +1,969 @@ +openapi: 3.0.0 +info: + title: ECR + version: 1.0.0 +paths: {} +components: + schemas: + RegistryId: + type: string + description: 'The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed. ' + minLength: 12 + maxLength: 12 + pattern: ^[0-9]{12}$ + RepositoryDescription: + type: string + description: The description of the public repository. + maxLength: 1024 + OperatingSystemList: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: Select the operating systems that the images in your repository are compatible with. + items: + $ref: '#/components/schemas/OperatingSystem' + OperatingSystem: + type: string + description: The name of the operating system. + maxLength: 50 + minLength: 1 + ArchitectureList: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: Select the system architectures that the images in your repository are compatible with. + items: + $ref: '#/components/schemas/Architecture' + Architecture: + type: string + description: The name of the architecture. + maxLength: 50 + minLength: 1 + UsageText: + type: string + description: Provide detailed information about how to use the images in the repository. This provides context, support information, and additional usage details for users of the repository. + maxLength: 10240 + AboutText: + type: string + description: Provide a detailed description of the repository. Identify what is included in the repository, any licensing details, or other relevant information. + maxLength: 10240 + Tag: + description: An array of key-value pairs to apply to this resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + PublicRepository: + type: object + properties: + RepositoryName: + type: string + description: The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the repository name. For more information, see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html. + minLength: 2 + maxLength: 256 + pattern: ^(?=.{2,256}$)((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*)$ + RepositoryPolicyText: + type: object + description: 'The JSON repository policy text to apply to the repository. For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html in the Amazon Elastic Container Registry User Guide. ' + Arn: + type: string + RepositoryCatalogData: + type: object + description: The CatalogData property type specifies Catalog data for ECR Public Repository. For information about Catalog Data, see + properties: + RepositoryDescription: + $ref: '#/components/schemas/RepositoryDescription' + Architectures: + $ref: '#/components/schemas/ArchitectureList' + OperatingSystems: + $ref: '#/components/schemas/OperatingSystemList' + AboutText: + $ref: '#/components/schemas/AboutText' + UsageText: + $ref: '#/components/schemas/UsageText' + additionalProperties: false + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: public_repository + description: The AWS::ECR::PublicRepository resource specifies an Amazon Elastic Container Public Registry (Amazon Public ECR) repository, where users can push and pull Docker images. For more information, see https://docs.aws.amazon.com/AmazonECR + x-type-name: AWS::ECR::PublicRepository + x-stackql-primary-identifier: + - RepositoryName + x-create-only-properties: + - RepositoryName + x-read-only-properties: + - Arn + x-required-permissions: + create: + - ecr-public:CreateRepository + - ecr-public:SetRepositoryPolicy + - ecr-public:PutRepositoryCatalogData + - ecr-public:TagResource + read: + - ecr-public:DescribeRepositories + - ecr-public:GetRepositoryPolicy + - ecr-public:GetRepositoryCatalogData + - ecr-public:ListTagsForResource + update: + - ecr-public:SetRepositoryPolicy + - ecr-public:DeleteRepositoryPolicy + - ecr-public:PutRepositoryCatalogData + - ecr-public:TagResource + - ecr-public:UntagResource + delete: + - ecr-public:DeleteRepository + list: + - ecr-public:DescribeRepositories + PullThroughCacheRule: + type: object + properties: + EcrRepositoryPrefix: + type: string + description: The ECRRepositoryPrefix is a custom alias for upstream registry url. + minLength: 2 + maxLength: 30 + pattern: (?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)* + UpstreamRegistryUrl: + type: string + description: The upstreamRegistryUrl is the endpoint of upstream registry url of the public repository to be cached + CredentialArn: + type: string + description: The Amazon Resource Name (ARN) of the AWS Secrets Manager secret that identifies the credentials to authenticate to the upstream registry. + minLength: 50 + maxLength: 612 + pattern: ^arn:aws:secretsmanager:[a-zA-Z0-9-:]+:secret:ecr\-pullthroughcache\/[a-zA-Z0-9\/_+=.@-]+$ + UpstreamRegistry: + type: string + description: The name of the upstream registry. + x-stackql-resource-name: pull_through_cache_rule + description: The AWS::ECR::PullThroughCacheRule resource configures the upstream registry configuration details for an Amazon Elastic Container Registry (Amazon Private ECR) pull-through cache. + x-type-name: AWS::ECR::PullThroughCacheRule + x-stackql-primary-identifier: + - EcrRepositoryPrefix + x-create-only-properties: + - EcrRepositoryPrefix + - UpstreamRegistryUrl + - CredentialArn + - UpstreamRegistry + x-write-only-properties: + - CredentialArn + - UpstreamRegistry + x-tagging: + taggable: false + x-required-permissions: + create: + - ecr:DescribePullThroughCacheRules + - ecr:CreatePullThroughCacheRule + - ecr:DeletePullThroughCacheRule + - iam:CreateServiceLinkedRole + - secretsmanager:GetSecretValue + read: + - ecr:DescribePullThroughCacheRules + update: + - ecr:DescribePullThroughCacheRules + - ecr:CreatePullThroughCacheRule + - ecr:DeletePullThroughCacheRule + - iam:CreateServiceLinkedRole + - secretsmanager:GetSecretValue + delete: + - ecr:DescribePullThroughCacheRules + - ecr:DeletePullThroughCacheRule + list: + - ecr:DescribePullThroughCacheRules + EcrRepositoryPrefix: + type: string + description: The ECRRepositoryPrefix is a custom alias for upstream registry url. + minLength: 2 + maxLength: 30 + pattern: (?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)* + UpstreamRegistryUrl: + type: string + description: The upstreamRegistryUrl is the endpoint of upstream registry url of the public repository to be cached + CredentialArn: + type: string + description: The Amazon Resource Name (ARN) of the AWS Secrets Manager secret that identifies the credentials to authenticate to the upstream registry. + minLength: 50 + maxLength: 612 + pattern: ^arn:aws:secretsmanager:[a-zA-Z0-9-:]+:secret:ecr\-pullthroughcache\/[a-zA-Z0-9\/_+=.@-]+$ + UpstreamRegistry: + type: string + description: The name of the upstream registry. + RegistryPolicy: + type: object + properties: + RegistryId: + $ref: '#/components/schemas/RegistryId' + description: '' + PolicyText: + type: object + description: The JSON policy text for your registry. + required: + - PolicyText + x-stackql-resource-name: registry_policy + description: |- + The ``AWS::ECR::RegistryPolicy`` resource creates or updates the permissions policy for a private registry. + A private registry policy is used to specify permissions for another AWS-account and is used when configuring cross-account replication. For more information, see [Registry permissions](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry-permissions.html) in the *Amazon Elastic Container Registry User Guide*. + x-type-name: AWS::ECR::RegistryPolicy + x-stackql-primary-identifier: + - RegistryId + x-read-only-properties: + - RegistryId + x-required-properties: + - PolicyText + x-tagging: + taggable: false + x-required-permissions: + create: + - ecr:GetRegistryPolicy + - ecr:PutRegistryPolicy + read: + - ecr:GetRegistryPolicy + list: + - ecr:GetRegistryPolicy + update: + - ecr:GetRegistryPolicy + - ecr:PutRegistryPolicy + delete: + - ecr:DeleteRegistryPolicy + ReplicationConfiguration: + type: object + properties: + ReplicationConfiguration: + $ref: '#/components/schemas/ReplicationConfiguration' + RegistryId: + type: string + description: The RegistryId associated with the aws account. + required: + - ReplicationConfiguration + x-stackql-resource-name: replication_configuration + description: The AWS::ECR::ReplicationConfiguration resource configures the replication destinations for an Amazon Elastic Container Registry (Amazon Private ECR). For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/replication.html + x-type-name: AWS::ECR::ReplicationConfiguration + x-stackql-primary-identifier: + - RegistryId + x-read-only-properties: + - RegistryId + x-required-properties: + - ReplicationConfiguration + x-tagging: + taggable: false + x-required-permissions: + create: + - ecr:DescribeRegistry + - ecr:PutReplicationConfiguration + - iam:CreateServiceLinkedRole + read: + - ecr:DescribeRegistry + update: + - ecr:DescribeRegistry + - ecr:PutReplicationConfiguration + - iam:CreateServiceLinkedRole + delete: + - ecr:DescribeRegistry + - ecr:PutReplicationConfiguration + - iam:CreateServiceLinkedRole + list: + - ecr:DescribeRegistry + ReplicationRule: + type: object + properties: + RepositoryFilters: + type: array + minItems: 0 + maxItems: 100 + items: + $ref: '#/components/schemas/RepositoryFilter' + description: An array of objects representing the details of a repository filter. + Destinations: + type: array + minItems: 1 + maxItems: 25 + items: + $ref: '#/components/schemas/ReplicationDestination' + description: An array of objects representing the details of a replication destination. + description: An array of objects representing the details of a replication destination. + required: + - Destinations + additionalProperties: false + RepositoryFilter: + type: object + properties: + Filter: + $ref: '#/components/schemas/Filter' + FilterType: + $ref: '#/components/schemas/FilterType' + description: An array of objects representing the details of a repository filter. + required: + - Filter + - FilterType + additionalProperties: false + Filter: + type: string + description: The repository filter to be applied for replication. + pattern: ^(?:[a-z0-9]+(?:[._-][a-z0-9]*)*/)*[a-z0-9]*(?:[._-][a-z0-9]*)*$ + FilterType: + description: Type of repository filter + type: string + enum: + - PREFIX_MATCH + ReplicationDestination: + type: object + properties: + Region: + $ref: '#/components/schemas/Region' + RegistryId: + $ref: '#/components/schemas/RegistryId' + description: An array of objects representing the details of a replication destination. + required: + - Region + - RegistryId + additionalProperties: false + Region: + description: A Region to replicate to. + type: string + pattern: '[0-9a-z-]{2,25}' + LifecyclePolicy: + type: object + description: The ``LifecyclePolicy`` property type specifies a lifecycle policy. For information about lifecycle policy syntax, see [Lifecycle policy template](https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html) in the *Amazon ECR User Guide*. + properties: + LifecyclePolicyText: + $ref: '#/components/schemas/LifecyclePolicyText' + description: The JSON repository policy text to apply to the repository. + RegistryId: + $ref: '#/components/schemas/RegistryId' + description: "The AWS account ID associated with the registry that contains the repository. If you do\L not specify a registry, the default registry is assumed." + additionalProperties: false + LifecyclePolicyText: + type: string + description: The JSON repository policy text to apply to the repository. + minLength: 100 + maxLength: 30720 + ImageScanningConfiguration: + type: object + description: The image scanning configuration for a repository. + properties: + ScanOnPush: + $ref: '#/components/schemas/ScanOnPush' + description: The setting that determines whether images are scanned after being pushed to a repository. If set to ``true``, images will be scanned after being pushed. If this parameter is not specified, it will default to ``false`` and images will not be scanned unless a scan is manually started. + additionalProperties: false + ScanOnPush: + type: boolean + description: The setting that determines whether images are scanned after being pushed to a repository. + EncryptionConfiguration: + type: object + description: |- + The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part. + + For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html + properties: + EncryptionType: + $ref: '#/components/schemas/EncryptionType' + KmsKey: + $ref: '#/components/schemas/KmsKey' + required: + - EncryptionType + additionalProperties: false + EncryptionType: + type: string + description: The encryption type to use. + enum: + - AES256 + - KMS + KmsKey: + type: string + description: If you use the KMS encryption type, specify the CMK to use for encryption. The alias, key ID, or full ARN of the CMK can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed CMK for Amazon ECR will be used. + minLength: 1 + maxLength: 2048 + EmptyOnDelete: + type: boolean + description: If true, deleting the repository force deletes the contents of the repository. Without a force delete, you can only delete empty repositories. + Repository: + type: object + properties: + EmptyOnDelete: + $ref: '#/components/schemas/EmptyOnDelete' + description: If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it. + LifecyclePolicy: + $ref: '#/components/schemas/LifecyclePolicy' + description: Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see [Lifecycle policy template](https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html). + RepositoryName: + type: string + description: |- + The name to use for the repository. The repository name may be specified on its own (such as ``nginx-web-app``) or it can be prepended with a namespace to group the repository into a category (such as ``project-a/nginx-web-app``). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). + The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. + If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + minLength: 2 + maxLength: 256 + pattern: ^(?=.{2,256}$)((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*)$ + RepositoryPolicyText: + type: object + description: The JSON repository policy text to apply to the repository. For more information, see [Amazon ECR repository policies](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html) in the *Amazon Elastic Container Registry User Guide*. + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + Arn: + type: string + description: '' + RepositoryUri: + type: string + description: '' + ImageTagMutability: + type: string + description: The tag mutability setting for the repository. If this parameter is omitted, the default setting of ``MUTABLE`` will be used which will allow image tags to be overwritten. If ``IMMUTABLE`` is specified, all image tags within the repository will be immutable which will prevent them from being overwritten. + enum: + - MUTABLE + - IMMUTABLE + ImageScanningConfiguration: + $ref: '#/components/schemas/ImageScanningConfiguration' + description: The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository. + EncryptionConfiguration: + $ref: '#/components/schemas/EncryptionConfiguration' + description: The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. + x-stackql-resource-name: repository + description: The ``AWS::ECR::Repository`` resource specifies an Amazon Elastic Container Registry (Amazon ECR) repository, where users can push and pull Docker images, Open Container Initiative (OCI) images, and OCI compatible artifacts. For more information, see [Amazon ECR private repositories](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Repositories.html) in the *Amazon ECR User Guide*. + x-type-name: AWS::ECR::Repository + x-stackql-primary-identifier: + - RepositoryName + x-create-only-properties: + - RepositoryName + - EncryptionConfiguration + - EncryptionConfiguration/EncryptionType + - EncryptionConfiguration/KmsKey + x-write-only-properties: + - EmptyOnDelete + x-read-only-properties: + - Arn + - RepositoryUri + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ecr:CreateRepository + - ecr:PutLifecyclePolicy + - ecr:SetRepositoryPolicy + - ecr:TagResource + - kms:DescribeKey + - kms:CreateGrant + - kms:RetireGrant + read: + - ecr:DescribeRepositories + - ecr:GetLifecyclePolicy + - ecr:GetRepositoryPolicy + - ecr:ListTagsForResource + update: + - ecr:DescribeRepositories + - ecr:PutLifecyclePolicy + - ecr:SetRepositoryPolicy + - ecr:ListTagsForResource + - ecr:TagResource + - ecr:UntagResource + - ecr:DeleteLifecyclePolicy + - ecr:DeleteRepositoryPolicy + - ecr:PutImageScanningConfiguration + - ecr:PutImageTagMutability + - kms:DescribeKey + - kms:CreateGrant + - kms:RetireGrant + delete: + - ecr:DeleteRepository + - kms:RetireGrant + list: + - ecr:DescribeRepositories + AppliedForItem: + type: string + description: Enumerable Strings representing the repository creation scenarios that the template will apply towards. + enum: + - REPLICATION + - PULL_THROUGH_CACHE + RepositoryCreationTemplate: + type: object + properties: + Prefix: + description: The prefix use to match the repository name and apply the template. + type: string + pattern: ^((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*/?|ROOT)$ + minLength: 1 + maxLength: 256 + Description: + description: The description of the template. + type: string + minLength: 0 + maxLength: 256 + ImageTagMutability: + type: string + description: The image tag mutability setting for the repository. + enum: + - MUTABLE + - IMMUTABLE + RepositoryPolicy: + type: string + description: The JSON repository policy text to apply to the repository. For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html + LifecyclePolicy: + type: string + description: The JSON lifecycle policy text to apply to the repository. For information about lifecycle policy syntax, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html + minLength: 100 + maxLength: 30720 + EncryptionConfiguration: + $ref: '#/components/schemas/EncryptionConfiguration' + ResourceTags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + AppliedFor: + type: array + uniqueItems: true + x-insertionOrder: false + description: A list of enumerable Strings representing the repository creation scenarios that the template will apply towards. + items: + $ref: '#/components/schemas/AppliedForItem' + CreatedAt: + description: Create timestamp of the template. + type: string + UpdatedAt: + description: Update timestamp of the template. + type: string + required: + - Prefix + - AppliedFor + x-stackql-resource-name: repository_creation_template + description: AWS::ECR::RepositoryCreationTemplate is used to create repository with configuration from a pre-defined template. + x-type-name: AWS::ECR::RepositoryCreationTemplate + x-stackql-primary-identifier: + - Prefix + x-create-only-properties: + - Prefix + x-read-only-properties: + - CreatedAt + - UpdatedAt + x-required-properties: + - Prefix + - AppliedFor + x-tagging: + taggable: false + x-required-permissions: + create: + - ecr:CreateRepositoryCreationTemplate + - ecr:PutLifecyclePolicy + - ecr:SetRepositoryPolicy + read: + - ecr:DescribeRepositoryCreationTemplates + update: + - ecr:DescribeRepositoryCreationTemplates + - ecr:UpdateRepositoryCreationTemplate + - ecr:PutLifecyclePolicy + - ecr:SetRepositoryPolicy + delete: + - ecr:DeleteRepositoryCreationTemplate + list: + - ecr:DescribeRepositoryCreationTemplates + x-stackQL-resources: + public_repositories: + name: public_repositories + id: aws.ecr.public_repositories + x-cfn-schema-name: PublicRepository + x-type: list + x-identifiers: + - RepositoryName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RepositoryName') as repository_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECR::PublicRepository' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RepositoryName') as repository_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECR::PublicRepository' + AND region = 'us-east-1' + public_repository: + name: public_repository + id: aws.ecr.public_repository + x-cfn-schema-name: PublicRepository + x-type: get + x-identifiers: + - RepositoryName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RepositoryName') as repository_name, + JSON_EXTRACT(Properties, '$.RepositoryPolicyText') as repository_policy_text, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.RepositoryCatalogData') as repository_catalog_data, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECR::PublicRepository' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RepositoryName') as repository_name, + json_extract_path_text(Properties, 'RepositoryPolicyText') as repository_policy_text, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'RepositoryCatalogData') as repository_catalog_data, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECR::PublicRepository' + AND data__Identifier = '' + AND region = 'us-east-1' + pull_through_cache_rules: + name: pull_through_cache_rules + id: aws.ecr.pull_through_cache_rules + x-cfn-schema-name: PullThroughCacheRule + x-type: list + x-identifiers: + - EcrRepositoryPrefix + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EcrRepositoryPrefix') as ecr_repository_prefix + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECR::PullThroughCacheRule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EcrRepositoryPrefix') as ecr_repository_prefix + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECR::PullThroughCacheRule' + AND region = 'us-east-1' + pull_through_cache_rule: + name: pull_through_cache_rule + id: aws.ecr.pull_through_cache_rule + x-cfn-schema-name: PullThroughCacheRule + x-type: get + x-identifiers: + - EcrRepositoryPrefix + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.EcrRepositoryPrefix') as ecr_repository_prefix, + JSON_EXTRACT(Properties, '$.UpstreamRegistryUrl') as upstream_registry_url, + JSON_EXTRACT(Properties, '$.CredentialArn') as credential_arn, + JSON_EXTRACT(Properties, '$.UpstreamRegistry') as upstream_registry + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECR::PullThroughCacheRule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'EcrRepositoryPrefix') as ecr_repository_prefix, + json_extract_path_text(Properties, 'UpstreamRegistryUrl') as upstream_registry_url, + json_extract_path_text(Properties, 'CredentialArn') as credential_arn, + json_extract_path_text(Properties, 'UpstreamRegistry') as upstream_registry + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECR::PullThroughCacheRule' + AND data__Identifier = '' + AND region = 'us-east-1' + registry_policies: + name: registry_policies + id: aws.ecr.registry_policies + x-cfn-schema-name: RegistryPolicy + x-type: list + x-identifiers: + - RegistryId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RegistryId') as registry_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECR::RegistryPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RegistryId') as registry_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECR::RegistryPolicy' + AND region = 'us-east-1' + registry_policy: + name: registry_policy + id: aws.ecr.registry_policy + x-cfn-schema-name: RegistryPolicy + x-type: get + x-identifiers: + - RegistryId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RegistryId') as registry_id, + JSON_EXTRACT(Properties, '$.PolicyText') as policy_text + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECR::RegistryPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RegistryId') as registry_id, + json_extract_path_text(Properties, 'PolicyText') as policy_text + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECR::RegistryPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + replication_configurations: + name: replication_configurations + id: aws.ecr.replication_configurations + x-cfn-schema-name: ReplicationConfiguration + x-type: list + x-identifiers: + - RegistryId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RegistryId') as registry_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECR::ReplicationConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RegistryId') as registry_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECR::ReplicationConfiguration' + AND region = 'us-east-1' + replication_configuration: + name: replication_configuration + id: aws.ecr.replication_configuration + x-cfn-schema-name: ReplicationConfiguration + x-type: get + x-identifiers: + - RegistryId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ReplicationConfiguration') as replication_configuration, + JSON_EXTRACT(Properties, '$.RegistryId') as registry_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECR::ReplicationConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ReplicationConfiguration') as replication_configuration, + json_extract_path_text(Properties, 'RegistryId') as registry_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECR::ReplicationConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + repositories: + name: repositories + id: aws.ecr.repositories + x-cfn-schema-name: Repository + x-type: list + x-identifiers: + - RepositoryName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RepositoryName') as repository_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECR::Repository' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RepositoryName') as repository_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECR::Repository' + AND region = 'us-east-1' + repository: + name: repository + id: aws.ecr.repository + x-cfn-schema-name: Repository + x-type: get + x-identifiers: + - RepositoryName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.EmptyOnDelete') as empty_on_delete, + JSON_EXTRACT(Properties, '$.LifecyclePolicy') as lifecycle_policy, + JSON_EXTRACT(Properties, '$.RepositoryName') as repository_name, + JSON_EXTRACT(Properties, '$.RepositoryPolicyText') as repository_policy_text, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.RepositoryUri') as repository_uri, + JSON_EXTRACT(Properties, '$.ImageTagMutability') as image_tag_mutability, + JSON_EXTRACT(Properties, '$.ImageScanningConfiguration') as image_scanning_configuration, + JSON_EXTRACT(Properties, '$.EncryptionConfiguration') as encryption_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECR::Repository' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'EmptyOnDelete') as empty_on_delete, + json_extract_path_text(Properties, 'LifecyclePolicy') as lifecycle_policy, + json_extract_path_text(Properties, 'RepositoryName') as repository_name, + json_extract_path_text(Properties, 'RepositoryPolicyText') as repository_policy_text, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'RepositoryUri') as repository_uri, + json_extract_path_text(Properties, 'ImageTagMutability') as image_tag_mutability, + json_extract_path_text(Properties, 'ImageScanningConfiguration') as image_scanning_configuration, + json_extract_path_text(Properties, 'EncryptionConfiguration') as encryption_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECR::Repository' + AND data__Identifier = '' + AND region = 'us-east-1' + repository_creation_templates: + name: repository_creation_templates + id: aws.ecr.repository_creation_templates + x-cfn-schema-name: RepositoryCreationTemplate + x-type: list + x-identifiers: + - Prefix + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Prefix') as prefix + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECR::RepositoryCreationTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Prefix') as prefix + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECR::RepositoryCreationTemplate' + AND region = 'us-east-1' + repository_creation_template: + name: repository_creation_template + id: aws.ecr.repository_creation_template + x-cfn-schema-name: RepositoryCreationTemplate + x-type: get + x-identifiers: + - Prefix + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Prefix') as prefix, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ImageTagMutability') as image_tag_mutability, + JSON_EXTRACT(Properties, '$.RepositoryPolicy') as repository_policy, + JSON_EXTRACT(Properties, '$.LifecyclePolicy') as lifecycle_policy, + JSON_EXTRACT(Properties, '$.EncryptionConfiguration') as encryption_configuration, + JSON_EXTRACT(Properties, '$.ResourceTags') as resource_tags, + JSON_EXTRACT(Properties, '$.AppliedFor') as applied_for, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECR::RepositoryCreationTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Prefix') as prefix, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ImageTagMutability') as image_tag_mutability, + json_extract_path_text(Properties, 'RepositoryPolicy') as repository_policy, + json_extract_path_text(Properties, 'LifecyclePolicy') as lifecycle_policy, + json_extract_path_text(Properties, 'EncryptionConfiguration') as encryption_configuration, + json_extract_path_text(Properties, 'ResourceTags') as resource_tags, + json_extract_path_text(Properties, 'AppliedFor') as applied_for, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECR::RepositoryCreationTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/ecs.yaml b/providers/src/aws/v00.00.00000/services/ecs.yaml new file mode 100644 index 00000000..b13d27d1 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/ecs.yaml @@ -0,0 +1,2545 @@ +openapi: 3.0.0 +info: + title: ECS + version: 1.0.0 +paths: {} +components: + schemas: + ManagedScaling: + description: The managed scaling settings for the Auto Scaling group capacity provider. + type: object + properties: + MinimumScalingStepSize: + type: integer + MaximumScalingStepSize: + type: integer + Status: + type: string + enum: + - DISABLED + - ENABLED + TargetCapacity: + type: integer + InstanceWarmupPeriod: + type: integer + additionalProperties: false + AutoScalingGroupProvider: + type: object + properties: + AutoScalingGroupArn: + type: string + ManagedScaling: + $ref: '#/components/schemas/ManagedScaling' + ManagedTerminationProtection: + type: string + enum: + - DISABLED + - ENABLED + ManagedDraining: + type: string + enum: + - DISABLED + - ENABLED + required: + - AutoScalingGroupArn + additionalProperties: false + Tag: + type: object + properties: + Key: + type: string + Value: + type: string + additionalProperties: false + CapacityProvider: + description: If using ec2 auto-scaling, the name of the associated capacity provider. Otherwise FARGATE, FARGATE_SPOT. + type: string + anyOf: + - type: string + enum: + - FARGATE + - FARGATE_SPOT + - type: string + minLength: 1 + maxLength: 2048 + CapacityProviderStrategyItem: + type: object + properties: + Base: + type: integer + description: The *base* value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a *base* defined. If no value is specified, the default value of ``0`` is used. + CapacityProvider: + type: string + description: The short name of the capacity provider. + Weight: + type: integer + description: |- + The *weight* value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The ``weight`` value is taken into consideration after the ``base`` value, if defined, is satisfied. + If no ``weight`` value is specified, the default value of ``0`` is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of ``0`` can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of ``0``, any ``RunTask`` or ``CreateService`` actions using the capacity provider strategy will fail. + An example scenario for using weights is defining a strategy that contains two capacity providers and both have a weight of ``1``, then when the ``base`` is satisfied, the tasks will be split evenly across the two capacity providers. Using that same logic, if you specify a weight of ``1`` for *capacityProviderA* and a weight of ``4`` for *capacityProviderB*, then for every one task that's run using *capacityProviderA*, four tasks would use *capacityProviderB*. + additionalProperties: false + description: |- + The details of a capacity provider strategy. A capacity provider strategy can be set when using the ``RunTask`` or ``CreateService`` APIs or as the default capacity provider strategy for a cluster with the ``CreateCluster`` API. + Only capacity providers that are already associated with a cluster and have an ``ACTIVE`` or ``UPDATING`` status can be used in a capacity provider strategy. The ``PutClusterCapacityProviders`` API is used to associate a capacity provider with a cluster. + If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must already be created. New Auto Scaling group capacity providers can be created with the ``CreateCapacityProvider`` API operation. + To use an FARGATElong capacity provider, specify either the ``FARGATE`` or ``FARGATE_SPOT`` capacity providers. The FARGATElong capacity providers are available to all accounts and only need to be associated with a cluster to be used in a capacity provider strategy. + ExecuteCommandLogConfiguration: + description: The log configuration for the results of the execute command actions. The logs can be sent to CloudWatch Logs or an Amazon S3 bucket. + additionalProperties: false + type: object + properties: + S3EncryptionEnabled: + description: Determines whether to use encryption on the S3 logs. If not specified, encryption is not used. + type: boolean + CloudWatchEncryptionEnabled: + description: Determines whether to use encryption on the CloudWatch logs. If not specified, encryption will be off. + type: boolean + CloudWatchLogGroupName: + x-relationshipRef: + typeName: AWS::Logs::LogGroup + propertyPath: /properties/LogGroupName + description: |- + The name of the CloudWatch log group to send logs to. + The CloudWatch log group must already be created. + type: string + S3KeyPrefix: + description: An optional folder in the S3 bucket to place logs in. + type: string + S3BucketName: + description: |- + The name of the S3 bucket to send logs to. + The S3 bucket must already be created. + type: string + ClusterSettings: + description: The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights for a cluster. + additionalProperties: false + type: object + properties: + Value: + description: |- + The value to set for the cluster setting. The supported values are ``enabled`` and ``disabled``. + If you set ``name`` to ``containerInsights`` and ``value`` to ``enabled``, CloudWatch Container Insights will be on for the cluster, otherwise it will be off unless the ``containerInsights`` account setting is turned on. If a cluster value is specified, it will override the ``containerInsights`` value set with [PutAccountSetting](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSetting.html) or [PutAccountSettingDefault](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSettingDefault.html). + type: string + Name: + description: The name of the cluster setting. The value is ``containerInsights`` . + type: string + ServiceConnectDefaults: + description: >- + Use this parameter to set a default Service Connect namespace. After you set a default Service Connect namespace, any new services with Service Connect turned on that are created in the cluster are added as client services in the namespace. This setting only applies to new services that set the ``enabled`` parameter to ``true`` in the ``ServiceConnectConfiguration``. You can set the namespace of each service individually in the ``ServiceConnectConfiguration`` to override this default + parameter. + Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. + additionalProperties: false + type: object + properties: + Namespace: + description: |- + The namespace name or full Amazon Resource Name (ARN) of the CMAPlong namespace that's used when you create a service and don't specify a Service Connect configuration. The namespace name can include up to 1024 characters. The name is case-sensitive. The name can't include hyphens (-), tilde (~), greater than (>), less than (<), or slash (/). + If you enter an existing namespace name or ARN, then that namespace will be used. Any namespace type is supported. The namespace must be in this account and this AWS Region. + If you enter a new name, a CMAPlong namespace will be created. Amazon ECS creates a CMAP namespace with the "API calls" method of instance discovery only. This instance discovery method is the "HTTP" namespace type in the CLIlong. Other types of instance discovery aren't used by Service Connect. + If you update the cluster with an empty string ``""`` for the namespace name, the cluster configuration for Service Connect is removed. Note that the namespace will remain in CMAP and must be deleted separately. + For more information about CMAPlong, see [Working with Services](https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html) in the *Developer Guide*. + type: string + ClusterConfiguration: + description: The execute command configuration for the cluster. + additionalProperties: false + type: object + properties: + ExecuteCommandConfiguration: + description: The details of the execute command configuration. + $ref: '#/components/schemas/ExecuteCommandConfiguration' + ExecuteCommandConfiguration: + description: The details of the execute command configuration. + additionalProperties: false + type: object + properties: + Logging: + description: |- + The log setting to use for redirecting logs for your execute command results. The following log settings are available. + + ``NONE``: The execute command session is not logged. + + ``DEFAULT``: The ``awslogs`` configuration in the task definition is used. If no logging parameter is specified, it defaults to this value. If no ``awslogs`` log driver is configured in the task definition, the output won't be logged. + + ``OVERRIDE``: Specify the logging details as a part of ``logConfiguration``. If the ``OVERRIDE`` logging option is specified, the ``logConfiguration`` is required. + type: string + KmsKeyId: + x-relationshipRef: + typeName: AWS::KMS::Key + propertyPath: /properties/Arn + description: Specify an KMSlong key ID to encrypt the data between the local client and the container. + type: string + LogConfiguration: + description: The log configuration for the results of the execute command actions. The logs can be sent to CloudWatch Logs or an Amazon S3 bucket. When ``logging=OVERRIDE`` is specified, a ``logConfiguration`` must be provided. + $ref: '#/components/schemas/ExecuteCommandLogConfiguration' + Cluster: + description: The name of the cluster + type: string + minLength: 1 + maxLength: 2048 + CapacityProviders: + description: List of capacity providers to associate with the cluster + type: array + items: + $ref: '#/components/schemas/CapacityProvider' + uniqueItems: true + DefaultCapacityProviderStrategy: + description: List of capacity providers to associate with the cluster + type: array + items: + $ref: '#/components/schemas/CapacityProviderStrategy' + CapacityProviderStrategy: + type: object + properties: + Base: + type: integer + minimum: 0 + maximum: 100000 + Weight: + type: integer + minimum: 0 + maximum: 1000 + CapacityProvider: + $ref: '#/components/schemas/CapacityProvider' + required: + - CapacityProvider + additionalProperties: false + ClusterCapacityProviderAssociations: + type: object + properties: + CapacityProviders: + $ref: '#/components/schemas/CapacityProviders' + Cluster: + $ref: '#/components/schemas/Cluster' + DefaultCapacityProviderStrategy: + $ref: '#/components/schemas/DefaultCapacityProviderStrategy' + required: + - CapacityProviders + - Cluster + - DefaultCapacityProviderStrategy + x-stackql-resource-name: cluster_capacity_provider_associations + description: Associate a set of ECS Capacity Providers with a specified ECS Cluster + x-type-name: AWS::ECS::ClusterCapacityProviderAssociations + x-stackql-primary-identifier: + - Cluster + x-create-only-properties: + - Cluster + x-required-properties: + - CapacityProviders + - Cluster + - DefaultCapacityProviderStrategy + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - ecs:DescribeClusters + - ecs:PutClusterCapacityProviders + read: + - ecs:DescribeClusters + update: + - ecs:DescribeClusters + - ecs:PutClusterCapacityProviders + delete: + - ecs:PutClusterCapacityProviders + - ecs:DescribeClusters + list: + - ecs:DescribeClusters + - ecs:ListClusters + PrimaryTaskSet: + type: object + properties: + Cluster: + description: The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in. + type: string + TaskSetId: + description: The ID or full Amazon Resource Name (ARN) of the task set. + type: string + Service: + description: The short name or full Amazon Resource Name (ARN) of the service to create the task set in. + type: string + required: + - Cluster + - Service + - TaskSetId + x-stackql-resource-name: primary_task_set + description: A pseudo-resource that manages which of your ECS task sets is primary. + x-type-name: AWS::ECS::PrimaryTaskSet + x-stackql-primary-identifier: + - Cluster + - Service + x-create-only-properties: + - Cluster + - Service + x-required-properties: + - Cluster + - Service + - TaskSetId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ecs:DescribeTaskSets + - ecs:UpdateServicePrimaryTaskSet + read: [] + update: + - ecs:DescribeTaskSets + - ecs:UpdateServicePrimaryTaskSet + delete: [] + AwsVpcConfiguration: + description: The VPC subnets and security groups associated with a task. All specified subnets and security groups must be from the same VPC. + type: object + properties: + AssignPublicIp: + description: Whether the task's elastic network interface receives a public IP address. The default value is DISABLED. + type: string + enum: + - DISABLED + - ENABLED + SecurityGroups: + description: The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. There is a limit of 5 security groups that can be specified per AwsVpcConfiguration. + type: array + items: + type: string + maxItems: 5 + Subnets: + description: The subnets associated with the task or service. There is a limit of 16 subnets that can be specified per AwsVpcConfiguration. + type: array + items: + type: string + maxItems: 16 + required: + - Subnets + additionalProperties: false + DeploymentAlarms: + type: object + properties: + AlarmNames: + type: array + items: + type: string + description: One or more CloudWatch alarm names. Use a "," to separate the alarms. + Rollback: + type: boolean + description: Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is used, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. + Enable: + type: boolean + description: Determines whether to use the CloudWatch alarm option in the service deployment process. + required: + - AlarmNames + - Rollback + - Enable + additionalProperties: false + description: |- + One of the methods which provide a way for you to quickly identify when a deployment has failed, and then to optionally roll back the failure to the last working deployment. + When the alarms are generated, Amazon ECS sets the service deployment to failed. Set the rollback parameter to have Amazon ECS to roll back your service to the last completed deployment after a failure. + You can only use the ``DeploymentAlarms`` method to detect failures when the ``DeploymentController`` is set to ``ECS`` (rolling update). + For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the *Amazon Elastic Container Service Developer Guide*. + DeploymentCircuitBreaker: + type: object + properties: + Enable: + type: boolean + description: Determines whether to use the deployment circuit breaker logic for the service. + Rollback: + type: boolean + description: Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is on, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. + required: + - Enable + - Rollback + additionalProperties: false + description: |- + The deployment circuit breaker can only be used for services using the rolling update (``ECS``) deployment type. + The *deployment circuit breaker* determines whether a service deployment will fail if the service can't reach a steady state. If it is turned on, a service deployment will transition to a failed state and stop launching new tasks. You can also configure Amazon ECS to roll back your service to the last completed deployment after a failure. For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the *Amazon Elastic Container Service Developer Guide*. + For more information about API failure reasons, see [API failure reasons](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/api_failures_messages.html) in the *Amazon Elastic Container Service Developer Guide*. + DeploymentConfiguration: + type: object + properties: + DeploymentCircuitBreaker: + $ref: '#/components/schemas/DeploymentCircuitBreaker' + description: |- + The deployment circuit breaker can only be used for services using the rolling update (``ECS``) deployment type. + The *deployment circuit breaker* determines whether a service deployment will fail if the service can't reach a steady state. If you use the deployment circuit breaker, a service deployment will transition to a failed state and stop launching new tasks. If you use the rollback option, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the *Amazon Elastic Container Service Developer Guide* + MaximumPercent: + type: integer + description: >- + If a service is using the rolling update (``ECS``) deployment type, the ``maximumPercent`` parameter represents an upper limit on the number of your service's tasks that are allowed in the ``RUNNING`` or ``PENDING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the ``REPLICA`` service scheduler and has a ``desiredCount`` of + four tasks and a ``maximumPercent`` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default ``maximumPercent`` value for a service using the ``REPLICA`` service scheduler is 200%. + If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and tasks that use the EC2 launch type, the *maximum percent* value is set to the default value and is used to define the upper limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state. If the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service. + MinimumHealthyPercent: + type: integer + description: >- + If a service is using the rolling update (``ECS``) deployment type, the ``minimumHealthyPercent`` represents a lower limit on the number of your service's tasks that must remain in the ``RUNNING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a ``desiredCount`` of four tasks and a ``minimumHealthyPercent`` of 50%, + the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks. + For services that *do not* use a load balancer, the following should be noted: + + A service is considered healthy if all essential containers within the tasks in the service pass their health checks. + + If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a ``RUNNING`` state before the task is counted towards the minimum healthy percent total. + + If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings. + + For services that *do* use a load balancer, the following should be noted: + + If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total. + + If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total. + + If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value and is used to define the lower limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state. If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service. + Alarms: + $ref: '#/components/schemas/DeploymentAlarms' + description: Information about the CloudWatch alarms. + additionalProperties: false + description: The ``DeploymentConfiguration`` property specifies optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks. + DeploymentController: + type: object + properties: + Type: + type: string + enum: + - CODE_DEPLOY + - ECS + - EXTERNAL + description: |- + The deployment controller type to use. There are three deployment controller types available: + + ECS The rolling update (ECS) deployment type involves replacing the current running version of the container with the latest version. The number of containers Amazon ECS adds or removes from the service during a rolling update is controlled by adjusting the minimum and maximum number of healthy tasks allowed during a service deployment, as specified in the DeploymentConfiguration. + CODE_DEPLOY The blue/green (CODE_DEPLOY) deployment type uses the blue/green deployment model powered by , which allows you to verify a new deployment of a service before sending production traffic to it. + EXTERNAL The external (EXTERNAL) deployment type enables you to use any third-party deployment controller for full control over the deployment process for an Amazon ECS service. + additionalProperties: false + description: The deployment controller to use for the service. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide*. + EBSTagSpecification: + type: object + required: + - ResourceType + properties: + ResourceType: + type: string + description: The type of volume resource. + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + description: The tags applied to this Amazon EBS volume. ``AmazonECSCreated`` and ``AmazonECSManaged`` are reserved tags that can't be used. + PropagateTags: + type: string + enum: + - SERVICE + - TASK_DEFINITION + description: "Determines whether to propagate the tags from the task definition to \Lthe Amazon EBS volume. Tags can only propagate to a ``SERVICE`` specified in \L``ServiceVolumeConfiguration``. If no value is specified, the tags aren't \Lpropagated." + description: The tag specifications of an Amazon EBS volume. + LoadBalancer: + description: 'A load balancer object representing the load balancer to use with the task set. The supported load balancer types are either an Application Load Balancer or a Network Load Balancer. ' + type: object + properties: + ContainerName: + description: The name of the container (as it appears in a container definition) to associate with the load balancer. + type: string + ContainerPort: + description: The port on the container to associate with the load balancer. This port must correspond to a containerPort in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they are launched on must allow ingress traffic on the hostPort of the port mapping. + type: integer + TargetGroupArn: + description: >- + The full Amazon Resource Name (ARN) of the Elastic Load Balancing target group or groups associated with a service or task set. A target group ARN is only specified when using an Application Load Balancer or Network Load Balancer. If you are using a Classic Load Balancer this should be omitted. For services using the ECS deployment controller, you can specify one or multiple target groups. For more information, see + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html in the Amazon Elastic Container Service Developer Guide. For services using the CODE_DEPLOY deployment controller, you are required to define two target groups for the load balancer. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-bluegreen.html in the Amazon Elastic Container Service Developer Guide. If your service's task definition + uses the awsvpc network mode (which is required for the Fargate launch type), you must choose ip as the target type, not instance, when creating your target groups because tasks that use the awsvpc network mode are associated with an elastic network interface, not an Amazon EC2 instance. + type: string + additionalProperties: false + LogConfiguration: + type: object + required: + - LogDriver + properties: + LogDriver: + type: string + description: |- + The log driver to use for the container. + For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``. + For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``logentries``,``syslog``, ``splunk``, and ``awsfirelens``. + For more information about using the ``awslogs`` log driver, see [Using the awslogs log driver](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the *Amazon Elastic Container Service Developer Guide*. + For more information about using the ``awsfirelens`` log driver, see [Custom log routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the *Amazon Elastic Container Service Developer Guide*. + If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software. + Options: + type: object + x-patternProperties: + .{1,}: + type: string + additionalProperties: false + description: 'The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format ''{{.Server.APIVersion}}''``' + SecretOptions: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Secret' + description: The secrets to pass to the log configuration. For more information, see [Specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide*. + additionalProperties: false + description: The ``LogConfiguration`` property specifies log configuration options to send to a custom log driver for the container. + NetworkConfiguration: + description: An object representing the network configuration for a task or service. + type: object + properties: + AwsVpcConfiguration: + $ref: '#/components/schemas/AwsVpcConfiguration' + additionalProperties: false + PlacementConstraint: + type: object + properties: + Expression: + type: string + description: A cluster query language expression to apply to the constraint. The expression can have a maximum length of 2000 characters. You can't specify an expression if the constraint type is ``distinctInstance``. For more information, see [Cluster query language](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html) in the *Amazon Elastic Container Service Developer Guide*. + Type: + type: string + enum: + - distinctInstance + - memberOf + description: The type of constraint. Use ``distinctInstance`` to ensure that each task in a particular group is running on a different container instance. Use ``memberOf`` to restrict the selection to a group of valid candidates. + required: + - Type + additionalProperties: false + description: The ``PlacementConstraint`` property specifies an object representing a constraint on task placement in the task definition. For more information, see [Task Placement Constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html) in the *Amazon Elastic Container Service Developer Guide*. + PlacementStrategy: + type: object + properties: + Field: + type: string + description: The field to apply the placement strategy against. For the ``spread`` placement strategy, valid values are ``instanceId`` (or ``host``, which has the same effect), or any platform or custom attribute that is applied to a container instance, such as ``attribute:ecs.availability-zone``. For the ``binpack`` placement strategy, valid values are ``CPU`` and ``MEMORY``. For the ``random`` placement strategy, this field is not used. + Type: + type: string + enum: + - binpack + - random + - spread + description: >- + The type of placement strategy. The ``random`` placement strategy randomly places tasks on available candidates. The ``spread`` placement strategy spreads placement across available candidates evenly based on the ``field`` parameter. The ``binpack`` strategy places tasks on available candidates that have the least available amount of the resource that's specified with the ``field`` parameter. For example, if you binpack on memory, a task is placed on the instance with the least + amount of remaining memory but still enough to run the task. + required: + - Type + additionalProperties: false + description: The ``PlacementStrategy`` property specifies the task placement strategy for a task or service. For more information, see [Task Placement Strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html) in the *Amazon Elastic Container Service Developer Guide*. + Secret: + type: object + required: + - Name + - ValueFrom + properties: + Name: + type: string + description: The name of the secret. + ValueFrom: + type: string + description: |- + The secret to expose to the container. The supported values are either the full ARN of the ASMlong secret or the full ARN of the parameter in the SSM Parameter Store. + For information about the require IAMlong permissions, see [Required IAM permissions for Amazon ECS secrets](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html#secrets-iam) (for Secrets Manager) or [Required IAM permissions for Amazon ECS secrets](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-parameters.html) (for Systems Manager Parameter store) in the *Amazon Elastic Container Service Developer Guide*. + If the SSM Parameter Store parameter exists in the same Region as the task you're launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified. + additionalProperties: false + description: |- + An object representing the secret to expose to your container. Secrets can be exposed to a container in the following ways: + + To inject sensitive data into your containers as environment variables, use the ``secrets`` container definition parameter. + + To reference sensitive information in the log configuration of a container, use the ``secretOptions`` container definition parameter. + + For more information, see [Specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide*. + ServiceConnectClientAlias: + type: object + properties: + Port: + type: integer + description: |- + The listening port number for the Service Connect proxy. This port is available inside of all of the tasks within the same namespace. + To avoid changing your applications in client Amazon ECS services, set this to the same port that the client application uses by default. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. + DnsName: + type: string + description: |- + The ``dnsName`` is the name that you use in the applications of client tasks to connect to this service. The name must be a valid DNS name but doesn't need to be fully-qualified. The name can include up to 127 characters. The name can include lowercase letters, numbers, underscores (_), hyphens (-), and periods (.). The name can't start with a hyphen. + If this parameter isn't specified, the default value of ``discoveryName.namespace`` is used. If the ``discoveryName`` isn't specified, the port mapping name from the task definition is used in ``portName.namespace``. + To avoid changing your applications in client Amazon ECS services, set this to the same name that the client application uses by default. For example, a few common names are ``database``, ``db``, or the lowercase name of a database, such as ``mysql`` or ``redis``. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. + required: + - Port + additionalProperties: false + description: |- + Each alias ("endpoint") is a fully-qualified name and port number that other tasks ("clients") can use to connect to this service. + Each name and port mapping must be unique within the namespace. + Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. + ServiceConnectConfiguration: + type: object + properties: + Enabled: + type: boolean + description: Specifies whether to use Service Connect with this service. + Namespace: + type: string + description: The namespace name or full Amazon Resource Name (ARN) of the CMAPlong namespace for use with Service Connect. The namespace must be in the same AWS Region as the Amazon ECS service and cluster. The type of namespace doesn't affect Service Connect. For more information about CMAPlong, see [Working with Services](https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html) in the *Developer Guide*. + Services: + type: array + items: + $ref: '#/components/schemas/ServiceConnectService' + description: |- + The list of Service Connect service objects. These are names and aliases (also known as endpoints) that are used by other Amazon ECS services to connect to this service. + This field is not required for a "client" Amazon ECS service that's a member of a namespace only to connect to other services within the namespace. An example of this would be a frontend application that accepts incoming requests from either a load balancer that's attached to the service or by other means. + An object selects a port from the task definition, assigns a name for the CMAPlong service, and a list of aliases (endpoints) and ports for client applications to refer to this service. + LogConfiguration: + $ref: '#/components/schemas/LogConfiguration' + description: |- + The log configuration for the container. This parameter maps to ``LogConfig`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--log-driver`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/run/). + By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. For more information about the options for different supported log drivers, see [Configure logging drivers](https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/) in the Docker documentation. + Understand the following when specifying a log configuration for your containers. + + Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent. + For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``. + For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``logentries``,``syslog``, ``splunk``, and ``awsfirelens``. + + This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. + + For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*. + + For tasks that are on FARGATElong, because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to. + required: + - Enabled + additionalProperties: false + description: |- + The Service Connect configuration of your Amazon ECS service. The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace. + Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. + ServiceConnectService: + type: object + properties: + PortName: + type: string + description: The ``portName`` must match the name of one of the ``portMappings`` from all the containers in the task definition of this Amazon ECS service. + DiscoveryName: + type: string + description: |- + The ``discoveryName`` is the name of the new CMAP service that Amazon ECS creates for this Amazon ECS service. This must be unique within the CMAP namespace. The name can contain up to 64 characters. The name can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen. + If the ``discoveryName`` isn't specified, the port mapping name from the task definition is used in ``portName.namespace``. + ClientAliases: + type: array + items: + $ref: '#/components/schemas/ServiceConnectClientAlias' + description: |- + The list of client aliases for this Service Connect service. You use these to assign names that can be used by client applications. The maximum number of client aliases that you can have in this list is 1. + Each alias ("endpoint") is a fully-qualified name and port number that other Amazon ECS tasks ("clients") can use to connect to this service. + Each name and port mapping must be unique within the namespace. + For each ``ServiceConnectService``, you must provide at least one ``clientAlias`` with one ``port``. + IngressPortOverride: + type: integer + description: |- + The port number for the Service Connect proxy to listen on. + Use the value of this field to bypass the proxy for traffic on the port number specified in the named ``portMapping`` in the task definition of this application, and then use it in your VPC security groups to allow traffic into the proxy for this Amazon ECS service. + In ``awsvpc`` mode and Fargate, the default value is the container port number. The container port number is in the ``portMapping`` in the task definition. In bridge mode, the default value is the ephemeral port of the Service Connect proxy. + Tls: + $ref: '#/components/schemas/ServiceConnectTlsConfiguration' + description: A reference to an object that represents a Transport Layer Security (TLS) configuration. + Timeout: + $ref: '#/components/schemas/TimeoutConfiguration' + description: A reference to an object that represents the configured timeouts for Service Connect. + required: + - PortName + additionalProperties: false + description: The Service Connect service object configuration. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. + ServiceConnectTlsConfiguration: + type: object + properties: + IssuerCertificateAuthority: + $ref: '#/components/schemas/ServiceConnectTlsCertificateAuthority' + description: The signer certificate authority. + KmsKey: + type: string + description: The AWS Key Management Service key. + RoleArn: + type: string + description: The Amazon Resource Name (ARN) of the IAM role that's associated with the Service Connect TLS. + required: + - IssuerCertificateAuthority + additionalProperties: false + description: An object that represents the configuration for Service Connect TLS. + ServiceConnectTlsCertificateAuthority: + type: object + properties: + AwsPcaAuthorityArn: + type: string + description: The ARN of the AWS Private Certificate Authority certificate. + additionalProperties: false + description: An object that represents the AWS Private Certificate Authority certificate. + ServiceManagedEBSVolumeConfiguration: + type: object + required: + - RoleArn + properties: + Encrypted: + type: boolean + description: Indicates whether the volume should be encrypted. If no value is specified, encryption is turned on by default. This parameter maps 1:1 with the ``Encrypted`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. + KmsKeyId: + type: string + description: |- + The Amazon Resource Name (ARN) identifier of the AWS Key Management Service key to use for Amazon EBS encryption. When encryption is turned on and no AWS Key Management Service key is specified, the default AWS managed key for Amazon EBS volumes is used. This parameter maps 1:1 with the ``KmsKeyId`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. + AWS authenticates the AWS Key Management Service key asynchronously. Therefore, if you specify an ID, alias, or ARN that is invalid, the action can appear to complete, but eventually fails. + VolumeType: + type: string + description: |- + The volume type. This parameter maps 1:1 with the ``VolumeType`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html) in the *Amazon EC2 User Guide*. + The following are the supported volume types. + + General Purpose SSD: ``gp2``|``gp3`` + + Provisioned IOPS SSD: ``io1``|``io2`` + + Throughput Optimized HDD: ``st1`` + + Cold HDD: ``sc1`` + + Magnetic: ``standard`` + The magnetic volume type is not supported on Fargate. + SizeInGiB: + type: integer + description: |- + The size of the volume in GiB. You must specify either a volume size or a snapshot ID. If you specify a snapshot ID, the snapshot size is used for the volume size by default. You can optionally specify a volume size greater than or equal to the snapshot size. This parameter maps 1:1 with the ``Size`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. + The following are the supported volume size values for each volume type. + + ``gp2`` and ``gp3``: 1-16,384 + + ``io1`` and ``io2``: 4-16,384 + + ``st1`` and ``sc1``: 125-16,384 + + ``standard``: 1-1,024 + SnapshotId: + type: string + description: The snapshot that Amazon ECS uses to create the volume. You must specify either a snapshot ID or a volume size. This parameter maps 1:1 with the ``SnapshotId`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. + Iops: + type: integer + description: |- + The number of I/O operations per second (IOPS). For ``gp3``, ``io1``, and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. + The following are the supported values for each volume type. + + ``gp3``: 3,000 - 16,000 IOPS + + ``io1``: 100 - 64,000 IOPS + + ``io2``: 100 - 256,000 IOPS + + This parameter is required for ``io1`` and ``io2`` volume types. The default for ``gp3`` volumes is ``3,000 IOPS``. This parameter is not supported for ``st1``, ``sc1``, or ``standard`` volume types. + This parameter maps 1:1 with the ``Iops`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. + Throughput: + type: integer + description: |- + The throughput to provision for a volume, in MiB/s, with a maximum of 1,000 MiB/s. This parameter maps 1:1 with the ``Throughput`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. + This parameter is only supported for the ``gp3`` volume type. + TagSpecifications: + type: array + items: + $ref: '#/components/schemas/EBSTagSpecification' + description: The tags to apply to the volume. Amazon ECS applies service-managed tags by default. This parameter maps 1:1 with the ``TagSpecifications.N`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. + RoleArn: + type: string + description: The ARN of the IAM role to associate with this volume. This is the Amazon ECS infrastructure IAM role that is used to manage your AWS infrastructure. We recommend using the Amazon ECS-managed ``AmazonECSInfrastructureRolePolicyForVolumes`` IAM policy with this role. For more information, see [Amazon ECS infrastructure IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/infrastructure_IAM_role.html) in the *Amazon ECS Developer Guide*. + FilesystemType: + type: string + description: "The Linux filesystem type for the volume. For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the task will fail to start.\n The available filesystem types are\L ``ext3``, ``ext4``, and ``xfs``. If no value is specified, the ``xfs`` filesystem type is used by default." + description: |- + The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf. These settings are used to create each Amazon EBS volume, with one volume created for each task in the service. + Many of these parameters map 1:1 with the Amazon EBS ``CreateVolume`` API request parameters. + TimeoutConfiguration: + type: object + properties: + IdleTimeoutSeconds: + type: integer + description: |- + The amount of time in seconds a connection will stay active while idle. A value of ``0`` can be set to disable ``idleTimeout``. + The ``idleTimeout`` default for ``HTTP``/``HTTP2``/``GRPC`` is 5 minutes. + The ``idleTimeout`` default for ``TCP`` is 1 hour. + PerRequestTimeoutSeconds: + type: integer + description: The amount of time waiting for the upstream to respond with a complete response per request. A value of ``0`` can be set to disable ``perRequestTimeout``. ``perRequestTimeout`` can only be set if Service Connect ``appProtocol`` isn't ``TCP``. Only ``idleTimeout`` is allowed for ``TCP`` ``appProtocol``. + additionalProperties: false + description: |- + An object that represents the timeout configurations for Service Connect. + If ``idleTimeout`` is set to a time that is less than ``perRequestTimeout``, the connection will close when the ``idleTimeout`` is reached and not the ``perRequestTimeout``. + ServiceRegistry: + type: object + properties: + ContainerName: + description: >- + The container name value, already specified in the task definition, to be used for your service discovery service. If the task definition that your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition that your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination + or a port value, but not both. + type: string + ContainerPort: + description: >- + The port value, already specified in the task definition, to be used for your service discovery service. If the task definition your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination or a port value, but + not both. + type: integer + Port: + description: The port value used if your service discovery service specified an SRV record. This field may be used if both the awsvpc network mode and SRV records are used. + type: integer + RegistryArn: + description: The Amazon Resource Name (ARN) of the service registry. The currently supported service registry is AWS Cloud Map. For more information, see https://docs.aws.amazon.com/cloud-map/latest/api/API_CreateService.html + type: string + additionalProperties: false + ServiceVolumeConfiguration: + type: object + required: + - Name + properties: + Name: + type: string + description: The name of the volume. This value must match the volume name from the ``Volume`` object in the task definition. + ManagedEBSVolume: + $ref: '#/components/schemas/ServiceManagedEBSVolumeConfiguration' + description: The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf. These settings are used to create each Amazon EBS volume, with one volume created for each task in the service. The Amazon EBS volumes are visible in your account in the Amazon EC2 console once they are created. + description: The configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. + Service: + type: object + properties: + ServiceArn: + type: string + description: '' + CapacityProviderStrategy: + type: array + items: + $ref: '#/components/schemas/CapacityProviderStrategyItem' + description: |- + The capacity provider strategy to use for the service. + If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. + A capacity provider strategy may contain a maximum of 6 capacity providers. + Cluster: + type: string + description: The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed. + DeploymentConfiguration: + $ref: '#/components/schemas/DeploymentConfiguration' + description: Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks. + DeploymentController: + $ref: '#/components/schemas/DeploymentController' + description: The deployment controller to use for the service. If no deployment controller is specified, the default value of ``ECS`` is used. + DesiredCount: + type: integer + description: |- + The number of instantiations of the specified task definition to place and keep running in your service. + For new services, if a desired count is not specified, a default value of ``1`` is used. When using the ``DAEMON`` scheduling strategy, the desired count is not required. + For existing services, if a desired count is not specified, it is omitted from the operation. + EnableECSManagedTags: + type: boolean + description: |- + Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see [Tagging your Amazon ECS resources](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) in the *Amazon Elastic Container Service Developer Guide*. + When you use Amazon ECS managed tags, you need to set the ``propagateTags`` request parameter. + EnableExecuteCommand: + type: boolean + description: Determines whether the execute command functionality is turned on for the service. If ``true``, the execute command functionality is turned on for all containers in tasks as part of the service. + HealthCheckGracePeriodSeconds: + type: integer + description: |- + The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. This is only used when your service is configured to use a load balancer. If your service has a load balancer defined and you don't specify a health check grace period value, the default value of ``0`` is used. + If you do not use an Elastic Load Balancing, we recommend that you use the ``startPeriod`` in the task definition health check parameters. For more information, see [Health check](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_HealthCheck.html). + If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up. + LaunchType: + type: string + enum: + - EC2 + - FARGATE + - EXTERNAL + description: The launch type on which to run your service. For more information, see [Amazon ECS Launch Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide*. + LoadBalancers: + type: array + items: + $ref: '#/components/schemas/LoadBalancer' + description: A list of load balancer objects to associate with the service. If you specify the ``Role`` property, ``LoadBalancers`` must be specified as well. For information about the number of load balancers that you can specify per service, see [Service Load Balancing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html) in the *Amazon Elastic Container Service Developer Guide*. + Name: + type: string + description: '' + NetworkConfiguration: + $ref: '#/components/schemas/NetworkConfiguration' + description: The network configuration for the service. This parameter is required for task definitions that use the ``awsvpc`` network mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*. + PlacementConstraints: + type: array + items: + $ref: '#/components/schemas/PlacementConstraint' + description: An array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime. + PlacementStrategies: + type: array + items: + $ref: '#/components/schemas/PlacementStrategy' + description: The placement strategy objects to use for tasks in your service. You can specify a maximum of 5 strategy rules for each service. + PlatformVersion: + type: string + default: LATEST + description: The platform version that your tasks in the service are running on. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the ``LATEST`` platform version is used. For more information, see [platform versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html) in the *Amazon Elastic Container Service Developer Guide*. + PropagateTags: + type: string + enum: + - SERVICE + - TASK_DEFINITION + description: |- + Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the [TagResource](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) API action. + The default is ``NONE``. + Role: + type: string + description: |- + The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is only permitted if you are using a load balancer with your service and your task definition doesn't use the ``awsvpc`` network mode. If you specify the ``role`` parameter, you must also specify a load balancer object with the ``loadBalancers`` parameter. + If your account has already created the Amazon ECS service-linked role, that role is used for your service unless you specify a role here. The service-linked role is required if your task definition uses the ``awsvpc`` network mode or if the service is configured to use service discovery, an external deployment controller, multiple target groups, or Elastic Inference accelerators in which case you don't specify a role here. For more information, see [Using service-linked roles for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) in the *Amazon Elastic Container Service Developer Guide*. + If your specified role has a path other than ``/``, then you must either specify the full role ARN (this is recommended) or prefix the role name with the path. For example, if a role with the name ``bar`` has a path of ``/foo/`` then you would specify ``/foo/bar`` as the role name. For more information, see [Friendly names and paths](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) in the *IAM User Guide*. + SchedulingStrategy: + type: string + enum: + - DAEMON + - REPLICA + description: |- + The scheduling strategy to use for the service. For more information, see [Services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html). + There are two service scheduler strategies available: + + ``REPLICA``-The replica scheduling strategy places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. This scheduler strategy is required if the service uses the ``CODE_DEPLOY`` or ``EXTERNAL`` deployment controller types. + + ``DAEMON``-The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks and will stop tasks that don't meet the placement constraints. When you're using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies. + Tasks using the Fargate launch type or the ``CODE_DEPLOY`` or ``EXTERNAL`` deployment controller types don't support the ``DAEMON`` scheduling strategy. + ServiceConnectConfiguration: + $ref: '#/components/schemas/ServiceConnectConfiguration' + description: |- + The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace. + Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. + ServiceName: + type: string + description: |- + The name of your service. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. Service names must be unique within a cluster, but you can have similarly named services in multiple clusters within a Region or across multiple Regions. + The stack update fails if you change any properties that require replacement and the ``ServiceName`` is configured. This is because AWS CloudFormation creates the replacement service first, but each ``ServiceName`` must be unique in the cluster. + ServiceRegistries: + type: array + items: + $ref: '#/components/schemas/ServiceRegistry' + description: |- + The details of the service discovery registry to associate with this service. For more information, see [Service discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html). + Each service may be associated with one service registry. Multiple service registries for each service isn't supported. + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + description: |- + The metadata that you apply to the service to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. When a service is deleted, the tags are deleted as well. + The following basic restrictions apply to tags: + + Maximum number of tags per resource - 50 + + For each resource, each tag key must be unique, and each tag key can have only one value. + + Maximum key length - 128 Unicode characters in UTF-8 + + Maximum value length - 256 Unicode characters in UTF-8 + + If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. + + Tag keys and values are case-sensitive. + + Do not use ``aws:``, ``AWS:``, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit. + TaskDefinition: + type: string + description: |- + The ``family`` and ``revision`` (``family:revision``) or full ARN of the task definition to run in your service. If a ``revision`` isn't specified, the latest ``ACTIVE`` revision is used. + A task definition must be specified if the service uses either the ``ECS`` or ``CODE_DEPLOY`` deployment controllers. + For more information about deployment types, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html). + VolumeConfigurations: + type: array + items: + $ref: '#/components/schemas/ServiceVolumeConfiguration' + description: The configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. + x-stackql-resource-name: service + description: |- + The ``AWS::ECS::Service`` resource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers. + The stack update fails if you change any properties that require replacement and at least one Amazon ECS Service Connect ``ServiceConnectService`` is configured. This is because AWS CloudFormation creates the replacement service first, but each ``ServiceConnectService`` must have a name that is unique in the namespace. + Starting April 15, 2023, AWS; will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, ECS, or EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service. + x-type-name: AWS::ECS::Service + x-stackql-primary-identifier: + - ServiceArn + - Cluster + x-create-only-properties: + - Cluster + - DeploymentController + - LaunchType + - Role + - SchedulingStrategy + - ServiceName + x-write-only-properties: + - ServiceConnectConfiguration + - VolumeConfigurations + x-read-only-properties: + - ServiceArn + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ecs:CreateService + - ecs:DescribeServices + - iam:PassRole + - ecs:TagResource + read: + - ecs:DescribeServices + update: + - ecs:DescribeServices + - ecs:ListTagsForResource + - ecs:TagResource + - ecs:UntagResource + - ecs:UpdateService + delete: + - ecs:DeleteService + - ecs:DescribeServices + list: + - ecs:DescribeServices + - ecs:ListClusters + - ecs:ListServices + ContainerDefinition: + description: The ``ContainerDefinition`` property specifies a container definition. Container definitions are used in task definitions to describe the different containers that are launched as part of a task. + type: object + required: + - Name + - Image + properties: + Command: + type: array + x-insertionOrder: true + items: + type: string + description: >- + The command that's passed to the container. This parameter maps to ``Cmd`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``COMMAND`` parameter to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). For more information, see + [https://docs.docker.com/engine/reference/builder/#cmd](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/builder/#cmd). If there are multiple arguments, each argument is a separated string in the array. + Cpu: + type: integer + description: |- + The number of ``cpu`` units reserved for the container. This parameter maps to ``CpuShares`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--cpu-shares`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level ``cpu`` value. + You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the [Amazon EC2 Instances](https://docs.aws.amazon.com/ec2/instance-types/) detail page by 1,024. + Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units. + On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. For more information, see [CPU share constraint](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#cpu-share-constraint) in the Docker documentation. The minimum valid CPU share value that the Linux kernel allows is 2. However, the CPU parameter isn't required, and you can use CPU values below 2 in your container definitions. For CPU values below 2 (including null), the behavior varies based on your Amazon ECS container agent version: + + *Agent versions less than or equal to 1.1.0:* Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares. + + *Agent versions greater than or equal to 1.2.0:* Null, zero, and CPU values of 1 are passed to Docker as 2. + + On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as ``0``, which Windows interprets as 1% of one CPU. + CredentialSpecs: + type: array + x-insertionOrder: false + items: + type: string + description: |- + A list of ARNs in SSM or Amazon S3 to a credential spec (``CredSpec``) file that configures the container for Active Directory authentication. We recommend that you use this parameter instead of the ``dockerSecurityOptions``. The maximum number of ARNs is 1. + There are two formats for each ARN. + + credentialspecdomainless:MyARN You use credentialspecdomainless:MyARN to provide a CredSpec with an additional section for a secret in . You provide the login credentials to the domain in the secret. Each task that runs on any container instance can join different domains. You can use this format without joining the container instance to a domain. + credentialspec:MyARN You use credentialspec:MyARN to provide a CredSpec for a single domain. You must join the container instance to the domain before you start any tasks that use this task definition. + In both formats, replace ``MyARN`` with the ARN in SSM or Amazon S3. + If you provide a ``credentialspecdomainless:MyARN``, the ``credspec`` must provide a ARN in ASMlong for a secret containing the username, password, and the domain to connect to. For better security, the instance isn't joined to the domain for domainless authentication. Other applications on the instance can't use the domainless credentials. You can use this parameter to run tasks on the same instance, even it the tasks need to join different domains. For more information, see [Using gMSAs for Windows Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html) and [Using gMSAs for Linux Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html). + DependsOn: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ContainerDependency' + description: |- + The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed. + For tasks using the EC2 launch type, the container instances require at least version 1.26.0 of the container agent to turn on container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. + For tasks using the Fargate launch type, the task or service requires the following platforms: + + Linux platform version ``1.3.0`` or later. + + Windows platform version ``1.0.0`` or later. + + If the task definition is used in a blue/green deployment that uses [AWS::CodeDeploy::DeploymentGroup BlueGreenDeploymentConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-bluegreendeploymentconfiguration.html), the ``dependsOn`` parameter is not supported. For more information see [Issue #680](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/680) on the on the GitHub website. + DisableNetworking: + type: boolean + description: |- + When this parameter is true, networking is off within the container. This parameter maps to ``NetworkDisabled`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/). + This parameter is not supported for Windows containers. + DnsSearchDomains: + type: array + x-insertionOrder: false + items: + type: string + description: |- + A list of DNS search domains that are presented to the container. This parameter maps to ``DnsSearch`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--dns-search`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + This parameter is not supported for Windows containers. + DnsServers: + type: array + x-insertionOrder: false + items: + type: string + description: |- + A list of DNS servers that are presented to the container. This parameter maps to ``Dns`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--dns`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + This parameter is not supported for Windows containers. + DockerLabels: + type: object + x-patternProperties: + .{1,}: + type: string + additionalProperties: false + description: >- + A key/value map of labels to add to the container. This parameter maps to ``Labels`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--label`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). This parameter requires + version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + DockerSecurityOptions: + type: array + x-insertionOrder: false + items: + type: string + description: |- + A list of strings to provide custom configuration for multiple security systems. For more information about valid values, see [Docker Run Security Configuration](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). This field isn't valid for containers in tasks using the Fargate launch type. + For Linux tasks on EC2, this parameter can be used to reference custom labels for SELinux and AppArmor multi-level security systems. + For any tasks on EC2, this parameter can be used to reference a credential spec file that configures a container for Active Directory authentication. For more information, see [Using gMSAs for Windows Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html) and [Using gMSAs for Linux Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html) in the *Amazon Elastic Container Service Developer Guide*. + This parameter maps to ``SecurityOpt`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--security-opt`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + The Amazon ECS container agent running on a container instance must register with the ``ECS_SELINUX_CAPABLE=true`` or ``ECS_APPARMOR_CAPABLE=true`` environment variables before containers placed on that instance can use these security options. For more information, see [Amazon ECS Container Agent Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*. + For more information about valid values, see [Docker Run Security Configuration](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + Valid values: "no-new-privileges" | "apparmor:PROFILE" | "label:value" | "credentialspec:CredentialSpecFilePath" + EntryPoint: + type: array + x-insertionOrder: true + items: + type: string + description: |- + Early versions of the Amazon ECS container agent don't properly handle ``entryPoint`` parameters. If you have problems using ``entryPoint``, update your container agent or enter your commands and arguments as ``command`` array items instead. + The entry point that's passed to the container. This parameter maps to ``Entrypoint`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--entrypoint`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). For more information, see [https://docs.docker.com/engine/reference/builder/#entrypoint](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/builder/#entrypoint). + Environment: + description: |- + The environment variables to pass to a container. This parameter maps to ``Env`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--env`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + We don't recommend that you use plaintext environment variables for sensitive information, such as credential data. + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/KeyValuePair' + EnvironmentFiles: + description: |- + A list of files containing the environment variables to pass to a container. This parameter maps to the ``--env-file`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + You can specify up to ten environment files. The file must have a ``.env`` file extension. Each line in an environment file contains an environment variable in ``VARIABLE=VALUE`` format. Lines beginning with ``#`` are treated as comments and are ignored. For more information about the environment variable file syntax, see [Declare default environment variables in file](https://docs.aws.amazon.com/https://docs.docker.com/compose/env-file/). + If there are environment variables specified using the ``environment`` parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see [Specifying Environment Variables](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html) in the *Amazon Elastic Container Service Developer Guide*. + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/EnvironmentFile' + Essential: + type: boolean + description: |- + If the ``essential`` parameter of a container is marked as ``true``, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the ``essential`` parameter of a container is marked as ``false``, its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential. + All tasks must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see [Application Architecture](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/application_architecture.html) in the *Amazon Elastic Container Service Developer Guide*. + ExtraHosts: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/HostEntry' + description: >- + A list of hostnames and IP address mappings to append to the ``/etc/hosts`` file on the container. This parameter maps to ``ExtraHosts`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--add-host`` option to [docker + run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + This parameter isn't supported for Windows containers or tasks that use the ``awsvpc`` network mode. + FirelensConfiguration: + $ref: '#/components/schemas/FirelensConfiguration' + description: The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see [Custom Log Routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the *Amazon Elastic Container Service Developer Guide*. + HealthCheck: + $ref: '#/components/schemas/HealthCheck' + description: >- + The container health check command and associated configuration parameters for the container. This parameter maps to ``HealthCheck`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``HEALTHCHECK`` parameter of [docker + run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + Hostname: + type: string + description: |- + The hostname to use for your container. This parameter maps to ``Hostname`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--hostname`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + The ``hostname`` parameter is not supported if you're using the ``awsvpc`` network mode. + Image: + description: >- + The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either ``repository-url/image:tag`` or ``repository-url/image@digest``. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to ``Image`` in the [Create a + container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``IMAGE`` parameter of [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + + When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image aren't propagated to already running tasks. + + Images in Amazon ECR repositories can be specified by either using the full ``registry/repository:tag`` or ``registry/repository@digest``. For example, ``012345678910.dkr.ecr..amazonaws.com/:latest`` or ``012345678910.dkr.ecr..amazonaws.com/@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE``. + + Images in official repositories on Docker Hub use a single name (for example, ``ubuntu`` or ``mongo``). + + Images in other repositories on Docker Hub are qualified with an organization name (for example, ``amazon/amazon-ecs-agent``). + + Images in other online repositories are qualified further by a domain name (for example, ``quay.io/assemblyline/ubuntu``). + type: string + Links: + type: array + x-insertionOrder: false + uniqueItems: true + items: + type: string + description: >- + The ``links`` parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is ``bridge``. The ``name:internalName`` construct is analogous to ``name:alias`` in Docker links. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. For more information about linking Docker containers, go to [Legacy container + links](https://docs.aws.amazon.com/https://docs.docker.com/network/links/) in the Docker documentation. This parameter maps to ``Links`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--link`` option to [docker + run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + This parameter is not supported for Windows containers. + Containers that are collocated on a single container instance may be able to communicate with each other without requiring links or host port mappings. Network isolation is achieved on the container instance using security groups and VPC settings. + LinuxParameters: + $ref: '#/components/schemas/LinuxParameters' + description: |- + Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more information see [KernelCapabilities](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KernelCapabilities.html). + This parameter is not supported for Windows containers. + LogConfiguration: + $ref: '#/components/schemas/LogConfiguration' + description: |- + The log configuration specification for the container. + This parameter maps to ``LogConfig`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--log-driver`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/). By default, containers use the same logging driver that the Docker daemon uses. However, the container may use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information on the options for different supported log drivers, see [Configure logging drivers](https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/) in the Docker documentation. + Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the [LogConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html) data type). Additional log drivers may be available in future releases of the Amazon ECS container agent. + This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS Container Agent Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*. + Memory: + description: >- + The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed. The total amount of memory reserved for all containers within a task must be lower than the task ``memory`` value, if one is specified. This parameter maps to ``Memory`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote + API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--memory`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + If using the Fargate launch type, this parameter is optional. + If using the EC2 launch type, you must specify either a task-level memory value or a container-level memory value. If you specify both a container-level ``memory`` and ``memoryReservation`` value, ``memory`` must be greater than ``memoryReservation``. If you specify ``memoryReservation``, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of ``memory`` is used. + The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container, so you should not specify fewer than 6 MiB of memory for your containers. + The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container, so you should not specify fewer than 4 MiB of memory for your containers. + type: integer + MemoryReservation: + type: integer + description: >- + The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the ``memory`` parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to ``MemoryReservation`` in the [Create a + container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--memory-reservation`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + If a task-level memory value is not specified, you must specify a non-zero integer for one or both of ``memory`` or ``memoryReservation`` in a container definition. If you specify both, ``memory`` must be greater than ``memoryReservation``. If you specify ``memoryReservation``, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of ``memory`` is used. + For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a ``memoryReservation`` of 128 MiB, and a ``memory`` hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed. + The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers. + The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don't specify less than 4 MiB of memory for your containers. + MountPoints: + type: array + x-insertionOrder: true + uniqueItems: true + items: + $ref: '#/components/schemas/MountPoint' + description: |- + The mount points for data volumes in your container. + This parameter maps to ``Volumes`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--volume`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + Windows containers can mount whole directories on the same drive as ``$env:ProgramData``. Windows containers can't mount directories on a different drive, and mount point can't be across drives. + Name: + description: >- + The name of a container. If you're linking multiple containers together in a task definition, the ``name`` of one container can be entered in the ``links`` of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to ``name`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote + API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--name`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + type: string + PortMappings: + description: |- + The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic. + For task definitions that use the ``awsvpc`` network mode, you should only specify the ``containerPort``. The ``hostPort`` can be left blank or it must be the same value as the ``containerPort``. + Port mappings on Windows use the ``NetNAT`` gateway address rather than ``localhost``. There is no loopback for port mappings on Windows, so you cannot access a container's mapped port from the host itself. + This parameter maps to ``PortBindings`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--publish`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/). If the network mode of a task definition is set to ``none``, then you can't specify port mappings. If the network mode of a task definition is set to ``host``, then host ports must either be undefined or they must match the container port in the port mapping. + After a task reaches the ``RUNNING`` status, manual and automatic host and container port assignments are visible in the *Network Bindings* section of a container description for a selected task in the Amazon ECS console. The assignments are also visible in the ``networkBindings`` section [DescribeTasks](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html) responses. + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/PortMapping' + Privileged: + type: boolean + description: >- + When this parameter is true, the container is given elevated privileges on the host container instance (similar to the ``root`` user). This parameter maps to ``Privileged`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--privileged`` option to [docker + run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + This parameter is not supported for Windows containers or tasks run on FARGATElong. + ReadonlyRootFilesystem: + type: boolean + description: >- + When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ``ReadonlyRootfs`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--read-only`` option to [docker + run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + This parameter is not supported for Windows containers. + RepositoryCredentials: + $ref: '#/components/schemas/RepositoryCredentials' + description: The private repository authentication credentials to use. + ResourceRequirements: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ResourceRequirement' + description: The type and amount of a resource to assign to a container. The only supported resource is a GPU. + Secrets: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Secret' + description: The secrets to pass to the container. For more information, see [Specifying Sensitive Data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide*. + StartTimeout: + type: integer + description: |- + Time duration (in seconds) to wait before giving up on resolving dependencies for a container. For example, you specify two containers in a task definition with containerA having a dependency on containerB reaching a ``COMPLETE``, ``SUCCESS``, or ``HEALTHY`` status. If a ``startTimeout`` value is specified for containerB and it doesn't reach the desired status within that time then containerA gives up and not start. This results in the task transitioning to a ``STOPPED`` state. + When the ``ECS_CONTAINER_START_TIMEOUT`` container agent configuration variable is used, it's enforced independently from this start timeout value. + For tasks using the Fargate launch type, the task or service requires the following platforms: + + Linux platform version ``1.3.0`` or later. + + Windows platform version ``1.0.0`` or later. + + For tasks using the EC2 launch type, your container instances require at least version ``1.26.0`` of the container agent to use a container start timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version ``1.26.0-1`` of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. + The valid values are 2-120 seconds. + StopTimeout: + type: integer + description: |- + Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. + For tasks using the Fargate launch type, the task or service requires the following platforms: + + Linux platform version ``1.3.0`` or later. + + Windows platform version ``1.0.0`` or later. + + The max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used. + For tasks that use the EC2 launch type, if the ``stopTimeout`` parameter isn't specified, the value set for the Amazon ECS container agent configuration variable ``ECS_CONTAINER_STOP_TIMEOUT`` is used. If neither the ``stopTimeout`` parameter or the ``ECS_CONTAINER_STOP_TIMEOUT`` agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to use a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. + The valid values are 2-120 seconds. + Ulimits: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Ulimit' + description: >- + A list of ``ulimits`` to set in the container. This parameter maps to ``Ulimits`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--ulimit`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/). Valid naming values are displayed in the + [Ulimit](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_Ulimit.html) data type. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + This parameter is not supported for Windows containers. + User: + type: string + description: |- + The user to use inside the container. This parameter maps to ``User`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--user`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + When running tasks using the ``host`` network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security. + You can specify the ``user`` using the following formats. If specifying a UID or GID, you must specify it as a positive integer. + + ``user`` + + ``user:group`` + + ``uid`` + + ``uid:gid`` + + ``user:gid`` + + ``uid:group`` + + This parameter is not supported for Windows containers. + VolumesFrom: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/VolumeFrom' + description: Data volumes to mount from another container. This parameter maps to ``VolumesFrom`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--volumes-from`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + WorkingDirectory: + type: string + description: The working directory to run commands inside the container in. This parameter maps to ``WorkingDir`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--workdir`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + Interactive: + type: boolean + description: >- + When this parameter is ``true``, you can deploy containerized applications that require ``stdin`` or a ``tty`` to be allocated. This parameter maps to ``OpenStdin`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--interactive`` option to [docker + run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + PseudoTerminal: + type: boolean + description: When this parameter is ``true``, a TTY is allocated. This parameter maps to ``Tty`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--tty`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + SystemControls: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/SystemControl' + description: >- + A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--sysctl`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). For example, + you can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections. + additionalProperties: false + SystemControl: + type: object + properties: + Namespace: + type: string + description: The namespaced kernel parameter to set a ``value`` for. + Value: + type: string + description: |- + The namespaced kernel parameter to set a ``value`` for. + Valid IPC namespace values: ``"kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni" | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" | "kernel.shmmni" | "kernel.shm_rmid_forced"``, and ``Sysctls`` that start with ``"fs.mqueue.*"`` + Valid network namespace values: ``Sysctls`` that start with ``"net.*"`` + All of these values are supported by Fargate. + additionalProperties: false + description: >- + A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--sysctl`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). For example, you + can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections. + We don't recommend that you specify network-related ``systemControls`` parameters for multiple containers in a single task that also uses either the ``awsvpc`` or ``host`` network mode. Doing this has the following disadvantages: + + For tasks that use the ``awsvpc`` network mode including Fargate, if you set ``systemControls`` for any container, it applies to all containers in the task. If you set different ``systemControls`` for multiple containers in a single task, the container that's started last determines which ``systemControls`` take effect. + + For tasks that use the ``host`` network mode, the network namespace ``systemControls`` aren't supported. + + If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see [IPC mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_ipcmode). + + For tasks that use the ``host`` IPC mode, IPC namespace ``systemControls`` aren't supported. + + For tasks that use the ``task`` IPC mode, IPC namespace ``systemControls`` values apply to all containers within a task. + + This parameter is not supported for Windows containers. + This parameter is only supported for tasks that are hosted on FARGATElong if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate. + ContainerDependency: + type: object + properties: + ContainerName: + type: string + description: The name of a container. + Condition: + type: string + description: |- + The dependency condition of the container. The following are the available conditions and their behavior: + + ``START`` - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start. + + ``COMPLETE`` - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. This condition can't be set on an essential container. + + ``SUCCESS`` - This condition is the same as ``COMPLETE``, but it also requires that the container exits with a ``zero`` status. This condition can't be set on an essential container. + + ``HEALTHY`` - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup. + additionalProperties: false + description: |- + The ``ContainerDependency`` property specifies the dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed. + Your Amazon ECS container instances require at least version 1.26.0 of the container agent to enable container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you are using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. + For tasks using the Fargate launch type, this parameter requires that the task or service uses platform version 1.3.0 or later. + Device: + type: object + properties: + ContainerPath: + type: string + description: The path inside the container at which to expose the host device. + HostPath: + type: string + description: The path for the device on the host container instance. + Permissions: + type: array + x-insertionOrder: false + uniqueItems: true + items: + type: string + description: The explicit permissions to provide to the container for the device. By default, the container has permissions for ``read``, ``write``, and ``mknod`` for the device. + additionalProperties: false + description: The ``Device`` property specifies an object representing a container instance host device. + DockerVolumeConfiguration: + type: object + properties: + Autoprovision: + type: boolean + description: |- + If this value is ``true``, the Docker volume is created if it doesn't already exist. + This field is only used if the ``scope`` is ``shared``. + Driver: + type: string + description: >- + The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use ``docker plugin ls`` to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name. For more information, see [Docker plugin + discovery](https://docs.aws.amazon.com/https://docs.docker.com/engine/extend/plugin_api/#plugin-discovery). This parameter maps to ``Driver`` in the [Create a volume](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/VolumeCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``xxdriver`` option to [docker volume + create](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/volume_create/). + DriverOpts: + type: object + x-patternProperties: + .{1,}: + type: string + additionalProperties: false + description: A map of Docker driver-specific options passed through. This parameter maps to ``DriverOpts`` in the [Create a volume](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/VolumeCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``xxopt`` option to [docker volume create](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/volume_create/). + Labels: + type: object + x-patternProperties: + .{1,}: + type: string + additionalProperties: false + description: Custom metadata to add to your Docker volume. This parameter maps to ``Labels`` in the [Create a volume](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/VolumeCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``xxlabel`` option to [docker volume create](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/volume_create/). + Scope: + type: string + description: The scope for the Docker volume that determines its lifecycle. Docker volumes that are scoped to a ``task`` are automatically provisioned when the task starts and destroyed when the task stops. Docker volumes that are scoped as ``shared`` persist after the task stops. + additionalProperties: false + description: The ``DockerVolumeConfiguration`` property specifies a Docker volume configuration and is used when you use Docker volumes. Docker volumes are only supported when you are using the EC2 launch type. Windows containers only support the use of the ``local`` driver. To use bind mounts, specify a ``host`` instead. + AuthorizationConfig: + type: object + properties: + IAM: + type: string + enum: + - ENABLED + - DISABLED + description: >- + Determines whether to use the Amazon ECS task role defined in a task definition when mounting the Amazon EFS file system. If it is turned on, transit encryption must be turned on in the ``EFSVolumeConfiguration``. If this parameter is omitted, the default value of ``DISABLED`` is used. For more information, see [Using Amazon EFS access points](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html#efs-volume-accesspoints) in the *Amazon Elastic Container Service + Developer Guide*. + AccessPointId: + type: string + description: >- + The Amazon EFS access point ID to use. If an access point is specified, the root directory value specified in the ``EFSVolumeConfiguration`` must either be omitted or set to ``/`` which will enforce the path set on the EFS access point. If an access point is used, transit encryption must be on in the ``EFSVolumeConfiguration``. For more information, see [Working with Amazon EFS access points](https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html) in the *Amazon Elastic + File System User Guide*. + additionalProperties: false + description: The authorization configuration details for the Amazon EFS file system. + EFSVolumeConfiguration: + type: object + required: + - FilesystemId + properties: + FilesystemId: + type: string + description: The Amazon EFS file system ID to use. + RootDirectory: + type: string + description: |- + The directory within the Amazon EFS file system to mount as the root directory inside the host. If this parameter is omitted, the root of the Amazon EFS volume will be used. Specifying ``/`` will have the same effect as omitting this parameter. + If an EFS access point is specified in the ``authorizationConfig``, the root directory parameter must either be omitted or set to ``/`` which will enforce the path set on the EFS access point. + TransitEncryption: + type: string + enum: + - ENABLED + - DISABLED + description: Determines whether to use encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be turned on if Amazon EFS IAM authorization is used. If this parameter is omitted, the default value of ``DISABLED`` is used. For more information, see [Encrypting data in transit](https://docs.aws.amazon.com/efs/latest/ug/encryption-in-transit.html) in the *Amazon Elastic File System User Guide*. + TransitEncryptionPort: + type: integer + description: The port to use when sending encrypted data between the Amazon ECS host and the Amazon EFS server. If you do not specify a transit encryption port, it will use the port selection strategy that the Amazon EFS mount helper uses. For more information, see [EFS mount helper](https://docs.aws.amazon.com/efs/latest/ug/efs-mount-helper.html) in the *Amazon Elastic File System User Guide*. + AuthorizationConfig: + $ref: '#/components/schemas/AuthorizationConfig' + description: The authorization configuration details for the Amazon EFS file system. + additionalProperties: false + description: This parameter is specified when you're using an Amazon Elastic File System file system for task storage. For more information, see [Amazon EFS volumes](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html) in the *Amazon Elastic Container Service Developer Guide*. + EnvironmentFile: + type: object + properties: + Value: + type: string + description: The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file. + Type: + type: string + description: The file type to use. Environment files are objects in Amazon S3. The only supported value is ``s3``. + additionalProperties: false + description: |- + A list of files containing the environment variables to pass to a container. You can specify up to ten environment files. The file must have a ``.env`` file extension. Each line in an environment file should contain an environment variable in ``VARIABLE=VALUE`` format. Lines beginning with ``#`` are treated as comments and are ignored. + If there are environment variables specified using the ``environment`` parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see [Use a file to pass environment variables to a container](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/use-environment-file.html) in the *Amazon Elastic Container Service Developer Guide*. + Environment variable files are objects in Amazon S3 and all Amazon S3 security considerations apply. + You must use the following platforms for the Fargate launch type: + + Linux platform version ``1.4.0`` or later. + + Windows platform version ``1.0.0`` or later. + + Consider the following when using the Fargate launch type: + + The file is handled like a native Docker env-file. + + There is no support for shell escape handling. + + The container entry point interperts the ``VARIABLE`` values. + EphemeralStorage: + type: object + properties: + SizeInGiB: + type: integer + description: The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is ``20`` GiB and the maximum supported value is ``200`` GiB. + additionalProperties: false + description: |- + The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on FARGATElong. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) in the *Amazon ECS Developer Guide;*. + For tasks using the Fargate launch type, the task requires the following platforms: + + Linux platform version ``1.4.0`` or later. + + Windows platform version ``1.0.0`` or later. + FSxAuthorizationConfig: + type: object + required: + - CredentialsParameter + - Domain + properties: + CredentialsParameter: + type: string + Domain: + type: string + additionalProperties: false + description: '' + FSxWindowsFileServerVolumeConfiguration: + type: object + required: + - FileSystemId + - RootDirectory + properties: + FileSystemId: + type: string + RootDirectory: + type: string + AuthorizationConfig: + $ref: '#/components/schemas/FSxAuthorizationConfig' + additionalProperties: false + description: '' + FirelensConfiguration: + type: object + properties: + Type: + type: string + description: The log router to use. The valid values are ``fluentd`` or ``fluentbit``. + Options: + type: object + x-patternProperties: + .{1,}: + type: string + additionalProperties: false + description: |- + The options to use when configuring the log router. This field is optional and can be used to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event. + If specified, valid option keys are: + + ``enable-ecs-log-metadata``, which can be ``true`` or ``false`` + + ``config-file-type``, which can be ``s3`` or ``file`` + + ``config-file-value``, which is either an S3 ARN or a file path + additionalProperties: false + description: The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see [Custom log routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the *Amazon Elastic Container Service Developer Guide*. + HealthCheck: + description: |- + The ``HealthCheck`` property specifies an object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile). This configuration maps to the ``HEALTHCHECK`` parameter of [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/). + The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image. + If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it. + The following are notes about container health check support: + + Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html). + + Container health checks are supported for Fargate tasks if you are using platform version 1.1.0 or greater. For more information, see [Platform Versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html). + + Container health checks are not supported for tasks that are part of a service that is configured to use a Classic Load Balancer. + type: object + properties: + Command: + description: |- + A string array representing the command that the container runs to determine if it is healthy. The string array must start with ``CMD`` to run the command arguments directly, or ``CMD-SHELL`` to run the command with the container's default shell. + When you use the AWS Management Console JSON panel, the CLIlong, or the APIs, enclose the list of commands in double quotes and brackets. + ``[ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ]`` + You don't include the double quotes and brackets when you use the AWS Management Console. + ``CMD-SHELL, curl -f http://localhost/ || exit 1`` + An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/). + type: array + x-insertionOrder: true + items: + type: string + Interval: + description: The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds. + type: integer + Timeout: + description: The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5. + type: integer + Retries: + description: The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3. + type: integer + StartPeriod: + description: |- + The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the ``startPeriod`` is off. + If a health check succeeds within the ``startPeriod``, then the container is considered healthy and any subsequent failures count toward the maximum number of retries. + type: integer + additionalProperties: false + HostEntry: + type: object + properties: + Hostname: + type: string + description: The hostname to use in the ``/etc/hosts`` entry. + IpAddress: + type: string + description: The IP address to use in the ``/etc/hosts`` entry. + additionalProperties: false + description: The ``HostEntry`` property specifies a hostname and an IP address that are added to the ``/etc/hosts`` file of a container through the ``extraHosts`` parameter of its ``ContainerDefinition`` resource. + HostVolumeProperties: + type: object + properties: + SourcePath: + type: string + description: >- + When the ``host`` parameter is used, specify a ``sourcePath`` to declare the path on the host container instance that's presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the ``host`` parameter contains a ``sourcePath`` file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the ``sourcePath`` value doesn't exist on the host container + instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported. + If you're using the Fargate launch type, the ``sourcePath`` parameter is not supported. + additionalProperties: false + description: The ``HostVolumeProperties`` property specifies details on a container instance bind mount host volume. + InferenceAccelerator: + type: object + properties: + DeviceName: + type: string + description: The Elastic Inference accelerator device name. The ``deviceName`` must also be referenced in a container definition as a [ResourceRequirement](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ResourceRequirement.html). + DeviceType: + type: string + description: The Elastic Inference accelerator type to use. + additionalProperties: false + description: Details on an Elastic Inference accelerator. For more information, see [Working with Amazon Elastic Inference on Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-inference.html) in the *Amazon Elastic Container Service Developer Guide*. + KernelCapabilities: + type: object + properties: + Add: + type: array + x-insertionOrder: false + items: + type: string + description: >- + The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to ``CapAdd`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--cap-add`` option to [docker + run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + Tasks launched on FARGATElong only support adding the ``SYS_PTRACE`` kernel capability. + Valid values: ``"ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"`` + Drop: + type: array + x-insertionOrder: false + items: + type: string + description: >- + The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to ``CapDrop`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--cap-drop`` option to [docker + run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + Valid values: ``"ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"`` + additionalProperties: false + description: >- + The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more information about the default capabilities and the non-default available capabilities, see [Runtime privilege and Linux capabilities](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities) in the *Docker run reference*. For more detailed information about these Linux capabilities, see the + [capabilities(7)](https://docs.aws.amazon.com/http://man7.org/linux/man-pages/man7/capabilities.7.html) Linux manual page. + KeyValuePair: + type: object + properties: + Name: + type: string + description: The name of the key-value pair. For environment variables, this is the name of the environment variable. + Value: + type: string + description: The value of the key-value pair. For environment variables, this is the value of the environment variable. + additionalProperties: false + description: A key-value pair object. + LinuxParameters: + type: object + properties: + Capabilities: + $ref: '#/components/schemas/KernelCapabilities' + description: |- + The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker. + For tasks that use the Fargate launch type, ``capabilities`` is supported for all platform versions but the ``add`` parameter is only supported if using platform version 1.4.0 or later. + Devices: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Device' + description: |- + Any host devices to expose to the container. This parameter maps to ``Devices`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--device`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + If you're using tasks that use the Fargate launch type, the ``devices`` parameter isn't supported. + InitProcessEnabled: + type: boolean + description: >- + Run an ``init`` process inside the container that forwards signals and reaps processes. This parameter maps to the ``--init`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo + docker version --format '{{.Server.APIVersion}}'`` + MaxSwap: + type: integer + description: |- + The total amount of swap memory (in MiB) a container can use. This parameter will be translated to the ``--memory-swap`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) where the value would be the sum of the container memory plus the ``maxSwap`` value. + If a ``maxSwap`` value of ``0`` is specified, the container will not use swap. Accepted values are ``0`` or any positive integer. If the ``maxSwap`` parameter is omitted, the container will use the swap configuration for the container instance it is running on. A ``maxSwap`` value must be set for the ``swappiness`` parameter to be used. + If you're using tasks that use the Fargate launch type, the ``maxSwap`` parameter isn't supported. + If you're using tasks on Amazon Linux 2023 the ``swappiness`` parameter isn't supported. + SharedMemorySize: + type: integer + description: |- + The value for the size (in MiB) of the ``/dev/shm`` volume. This parameter maps to the ``--shm-size`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + If you are using tasks that use the Fargate launch type, the ``sharedMemorySize`` parameter is not supported. + Swappiness: + type: integer + description: >- + This allows you to tune a container's memory swappiness behavior. A ``swappiness`` value of ``0`` will cause swapping to not happen unless absolutely necessary. A ``swappiness`` value of ``100`` will cause pages to be swapped very aggressively. Accepted values are whole numbers between ``0`` and ``100``. If the ``swappiness`` parameter is not specified, a default value of ``60`` is used. If a value is not specified for ``maxSwap`` then this parameter is ignored. This parameter maps + to the ``--memory-swappiness`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + If you're using tasks that use the Fargate launch type, the ``swappiness`` parameter isn't supported. + If you're using tasks on Amazon Linux 2023 the ``swappiness`` parameter isn't supported. + Tmpfs: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tmpfs' + description: |- + The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the ``--tmpfs`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + If you're using tasks that use the Fargate launch type, the ``tmpfs`` parameter isn't supported. + additionalProperties: false + description: The Linux-specific options that are applied to the container, such as Linux [KernelCapabilities](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KernelCapabilities.html). + PortMapping: + type: object + properties: + Name: + type: string + description: |- + The name that's used for the port mapping. This parameter only applies to Service Connect. This parameter is the name that you use in the ``serviceConnectConfiguration`` of a service. The name can include up to 64 characters. The characters can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen. + For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. + ContainerPort: + type: integer + description: |- + The port number on the container that's bound to the user-specified or automatically assigned host port. + If you use containers in a task with the ``awsvpc`` or ``host`` network mode, specify the exposed ports using ``containerPort``. + If you use containers in a task with the ``bridge`` network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range. For more information, see ``hostPort``. Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance. + ContainerPortRange: + type: string + description: |- + The port number range on the container that's bound to the dynamically mapped host port range. + The following rules apply when you specify a ``containerPortRange``: + + You must use either the ``bridge`` network mode or the ``awsvpc`` network mode. + + This parameter is available for both the EC2 and FARGATElong launch types. + + This parameter is available for both the Linux and Windows operating systems. + + The container instance must have at least version 1.67.0 of the container agent and at least version 1.67.0-1 of the ``ecs-init`` package + + You can specify a maximum of 100 port ranges per container. + + You do not specify a ``hostPortRange``. The value of the ``hostPortRange`` is set as follows: + + For containers in a task with the ``awsvpc`` network mode, the ``hostPortRange`` is set to the same value as the ``containerPortRange``. This is a static mapping strategy. + + For containers in a task with the ``bridge`` network mode, the Amazon ECS agent finds open host ports from the default ephemeral range and passes it to docker to bind them to the container ports. + + + The ``containerPortRange`` valid values are between 1 and 65535. + + A port can only be included in one port mapping per container. + + You cannot specify overlapping port ranges. + + The first port in the range must be less than last port in the range. + + Docker recommends that you turn off the docker-proxy in the Docker daemon config file when you have a large number of ports. + For more information, see [Issue #11185](https://docs.aws.amazon.com/https://github.com/moby/moby/issues/11185) on the Github website. + For information about how to turn off the docker-proxy in the Docker daemon config file, see [Docker daemon](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/bootstrap_container_instance.html#bootstrap_docker_daemon) in the *Amazon ECS Developer Guide*. + + You can call [DescribeTasks](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html) to view the ``hostPortRange`` which are the host ports that are bound to the container ports. + HostPort: + type: integer + description: |- + The port number on the container instance to reserve for your container. + If you specify a ``containerPortRange``, leave this field empty and the value of the ``hostPort`` is set as follows: + + For containers in a task with the ``awsvpc`` network mode, the ``hostPort`` is set to the same value as the ``containerPort``. This is a static mapping strategy. + + For containers in a task with the ``bridge`` network mode, the Amazon ECS agent finds open ports on the host and automatically binds them to the container ports. This is a dynamic mapping strategy. + + If you use containers in a task with the ``awsvpc`` or ``host`` network mode, the ``hostPort`` can either be left blank or set to the same value as the ``containerPort``. + If you use containers in a task with the ``bridge`` network mode, you can specify a non-reserved host port for your container port mapping, or you can omit the ``hostPort`` (or set it to ``0``) while specifying a ``containerPort`` and your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version. + The default ephemeral port range for Docker version 1.6.0 and later is listed on the instance under ``/proc/sys/net/ipv4/ip_local_port_range``. If this kernel parameter is unavailable, the default ephemeral port range from 49153 through 65535 (Linux) or 49152 through 65535 (Windows) is used. Do not attempt to specify a host port in the ephemeral port range as these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range. + The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678-51680. Any host port that was previously specified in a running task is also reserved while the task is running. That is, after a task stops, the host port is released. The current reserved ports are displayed in the ``remainingResources`` of [DescribeContainerInstances](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeContainerInstances.html) output. A container instance can have up to 100 reserved ports at a time. This number includes the default reserved ports. Automatically assigned ports aren't included in the 100 reserved ports quota. + Protocol: + type: string + description: The protocol used for the port mapping. Valid values are ``tcp`` and ``udp``. The default is ``tcp``. ``protocol`` is immutable in a Service Connect service. Updating this field requires a service deletion and redeployment. + AppProtocol: + type: string + enum: + - http + - http2 + - grpc + description: |- + The application protocol that's used for the port mapping. This parameter only applies to Service Connect. We recommend that you set this parameter to be consistent with the protocol that your application uses. If you set this parameter, Amazon ECS adds protocol-specific connection handling to the Service Connect proxy. If you set this parameter, Amazon ECS adds protocol-specific telemetry in the Amazon ECS console and CloudWatch. + If you don't set a value for this parameter, then TCP is used. However, Amazon ECS doesn't add protocol-specific telemetry for TCP. + ``appProtocol`` is immutable in a Service Connect service. Updating this field requires a service deletion and redeployment. + Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. + additionalProperties: false + description: |- + The ``PortMapping`` property specifies a port mapping. Port mappings allow containers to access ports on the host container instance to send or receive traffic. Port mappings are specified as part of the container definition. + If you are using containers in a task with the ``awsvpc`` or ``host`` network mode, exposed ports should be specified using ``containerPort``. The ``hostPort`` can be left blank or it must be the same value as the ``containerPort``. + After a task reaches the ``RUNNING`` status, manual and automatic host and container port assignments are visible in the ``networkBindings`` section of [DescribeTasks](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html) API responses. + MountPoint: + type: object + properties: + ContainerPath: + type: string + description: The path on the container to mount the host volume at. + ReadOnly: + type: boolean + description: If this value is ``true``, the container has read-only access to the volume. If this value is ``false``, then the container can write to the volume. The default value is ``false``. + SourceVolume: + type: string + description: The name of the volume to mount. Must be a volume name referenced in the ``name`` parameter of task definition ``volume``. + additionalProperties: false + description: The details for a volume mount point that's used in a container definition. + ProxyConfiguration: + type: object + required: + - ContainerName + properties: + ContainerName: + type: string + description: The name of the container that will serve as the App Mesh proxy. + ProxyConfigurationProperties: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/KeyValuePair' + description: |- + The set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified as key-value pairs. + + ``IgnoredUID`` - (Required) The user ID (UID) of the proxy container as defined by the ``user`` parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If ``IgnoredGID`` is specified, this field can be empty. + + ``IgnoredGID`` - (Required) The group ID (GID) of the proxy container as defined by the ``user`` parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If ``IgnoredUID`` is specified, this field can be empty. + + ``AppPorts`` - (Required) The list of ports that the application uses. Network traffic to these ports is forwarded to the ``ProxyIngressPort`` and ``ProxyEgressPort``. + + ``ProxyIngressPort`` - (Required) Specifies the port that incoming traffic to the ``AppPorts`` is directed to. + + ``ProxyEgressPort`` - (Required) Specifies the port that outgoing traffic from the ``AppPorts`` is directed to. + + ``EgressIgnoredPorts`` - (Required) The egress traffic going to the specified ports is ignored and not redirected to the ``ProxyEgressPort``. It can be an empty list. + + ``EgressIgnoredIPs`` - (Required) The egress traffic going to the specified IP addresses is ignored and not redirected to the ``ProxyEgressPort``. It can be an empty list. + Type: + type: string + description: The proxy type. The only supported value is ``APPMESH``. + additionalProperties: false + description: |- + The configuration details for the App Mesh proxy. + For tasks that use the EC2 launch type, the container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ``ecs-init`` package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) + RepositoryCredentials: + type: object + properties: + CredentialsParameter: + type: string + description: |- + The Amazon Resource Name (ARN) of the secret containing the private repository credentials. + When you use the Amazon ECS API, CLI, or AWS SDK, if the secret exists in the same Region as the task that you're launching then you can use either the full ARN or the name of the secret. When you use the AWS Management Console, you must specify the full ARN of the secret. + additionalProperties: false + description: The repository credentials for private registry authentication. + ResourceRequirement: + type: object + required: + - Type + - Value + properties: + Type: + type: string + description: The type of resource to assign to a container. The supported values are ``GPU`` or ``InferenceAccelerator``. + Value: + type: string + description: |- + The value for the specified resource type. + If the ``GPU`` type is used, the value is the number of physical ``GPUs`` the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on. + If the ``InferenceAccelerator`` type is used, the ``value`` matches the ``deviceName`` for an [InferenceAccelerator](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_InferenceAccelerator.html) specified in a task definition. + additionalProperties: false + description: The type and amount of a resource to assign to a container. The supported resource types are GPUs and Elastic Inference accelerators. For more information, see [Working with GPUs on Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-gpu.html) or [Working with Amazon Elastic Inference on Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-inference.html) in the *Amazon Elastic Container Service Developer Guide* + RuntimePlatform: + type: object + properties: + CpuArchitecture: + type: string + description: |- + The CPU architecture. + You can run your Linux tasks on an ARM-based platform by setting the value to ``ARM64``. This option is available for tasks that run on Linux Amazon EC2 instance or Linux containers on Fargate. + OperatingSystemFamily: + type: string + description: The operating system. + additionalProperties: false + description: |- + Information about the platform for the Amazon ECS service or task. + For more information about ``RuntimePlatform``, see [RuntimePlatform](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#runtime-platform) in the *Amazon Elastic Container Service Developer Guide*. + TaskDefinitionPlacementConstraint: + type: object + required: + - Type + properties: + Type: + type: string + description: The type of constraint. The ``MemberOf`` constraint restricts selection to be from a group of valid candidates. + Expression: + type: string + description: A cluster query language expression to apply to the constraint. For more information, see [Cluster query language](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html) in the *Amazon Elastic Container Service Developer Guide*. + additionalProperties: false + description: |- + The constraint on task placement in the task definition. For more information, see [Task placement constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html) in the *Amazon Elastic Container Service Developer Guide*. + Task placement constraints aren't supported for tasks run on FARGATElong. + Tmpfs: + type: object + required: + - Size + properties: + ContainerPath: + type: string + description: The absolute file path where the tmpfs volume is to be mounted. + MountOptions: + type: array + x-insertionOrder: false + items: + type: string + description: |- + The list of tmpfs volume mount options. + Valid values: ``"defaults" | "ro" | "rw" | "suid" | "nosuid" | "dev" | "nodev" | "exec" | "noexec" | "sync" | "async" | "dirsync" | "remount" | "mand" | "nomand" | "atime" | "noatime" | "diratime" | "nodiratime" | "bind" | "rbind" | "unbindable" | "runbindable" | "private" | "rprivate" | "shared" | "rshared" | "slave" | "rslave" | "relatime" | "norelatime" | "strictatime" | "nostrictatime" | "mode" | "uid" | "gid" | "nr_inodes" | "nr_blocks" | "mpol"`` + Size: + type: integer + description: The maximum size (in MiB) of the tmpfs volume. + additionalProperties: false + description: The container path, mount options, and size of the tmpfs mount. + Ulimit: + type: object + required: + - HardLimit + - Name + - SoftLimit + properties: + HardLimit: + type: integer + description: The hard limit for the ``ulimit`` type. + Name: + type: string + description: The ``type`` of the ``ulimit``. + SoftLimit: + type: integer + description: The soft limit for the ``ulimit`` type. + additionalProperties: false + description: |- + The ``ulimit`` settings to pass to the container. + Amazon ECS tasks hosted on FARGATElong use the default resource limit values set by the operating system with the exception of the ``nofile`` resource limit parameter which FARGATElong overrides. The ``nofile`` resource limit sets a restriction on the number of open files that a container can use. The default ``nofile`` soft limit is ``1024`` and the default hard limit is ``65535``. + You can specify the ``ulimit`` settings for a container in a task definition. + Volume: + type: object + properties: + ConfiguredAtLaunch: + type: boolean + description: |- + Indicates whether the volume should be configured at launch time. This is used to create Amazon EBS volumes for standalone tasks or tasks created as part of a service. Each task definition revision may only have one volume configured at launch in the volume configuration. + To configure a volume at launch time, use this task definition revision and specify a ``volumeConfigurations`` object when calling the ``CreateService``, ``UpdateService``, ``RunTask`` or ``StartTask`` APIs. + DockerVolumeConfiguration: + $ref: '#/components/schemas/DockerVolumeConfiguration' + description: |- + This parameter is specified when you use Docker volumes. + Windows containers only support the use of the ``local`` driver. To use bind mounts, specify the ``host`` parameter instead. + Docker volumes aren't supported by tasks run on FARGATElong. + EFSVolumeConfiguration: + $ref: '#/components/schemas/EFSVolumeConfiguration' + description: This parameter is specified when you use an Amazon Elastic File System file system for task storage. + FSxWindowsFileServerVolumeConfiguration: + $ref: '#/components/schemas/FSxWindowsFileServerVolumeConfiguration' + description: '' + Host: + $ref: '#/components/schemas/HostVolumeProperties' + description: |- + This parameter is specified when you use bind mount host volumes. The contents of the ``host`` parameter determine whether your bind mount host volume persists on the host container instance and where it's stored. If the ``host`` parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. + Windows containers can mount whole directories on the same drive as ``$env:ProgramData``. Windows containers can't mount directories on a different drive, and mount point can't be across drives. For example, you can mount ``C:\my\path:C:\my\path`` and ``D:\:D:\``, but not ``D:\my\path:C:\my\path`` or ``D:\:C:\my\path``. + Name: + type: string + description: |- + The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. + When using a volume configured at launch, the ``name`` is required and must also be specified as the volume name in the ``ServiceVolumeConfiguration`` or ``TaskVolumeConfiguration`` parameter when creating your service or standalone task. + For all other types of volumes, this name is referenced in the ``sourceVolume`` parameter of the ``mountPoints`` object in the container definition. + When a volume is using the ``efsVolumeConfiguration``, the name is required. + additionalProperties: false + description: >- + The data volume configuration for tasks launched using this task definition. Specifying a volume configuration in a task definition is optional. The volume configuration may contain multiple volumes but only one volume configured at launch is supported. Each volume defined in the volume configuration may only specify a ``name`` and one of either ``configuredAtLaunch``, ``dockerVolumeConfiguration``, ``efsVolumeConfiguration``, ``fsxWindowsFileServerVolumeConfiguration``, or ``host``. If + an empty volume configuration is specified, by default Amazon ECS uses a host volume. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html). + VolumeFrom: + type: object + properties: + ReadOnly: + type: boolean + description: If this value is ``true``, the container has read-only access to the volume. If this value is ``false``, then the container can write to the volume. The default value is ``false``. + SourceContainer: + type: string + description: The name of another container within the same task definition to mount volumes from. + additionalProperties: false + description: Details on a data volume from another container in the same task definition. + TaskDefinition: + type: object + properties: + TaskDefinitionArn: + description: '' + type: string + Family: + type: string + description: |- + The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. + A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add. + To use revision numbers when you update a task definition, specify this property. If you don't specify a value, CFNlong generates a new task definition each time that you update it. + ContainerDefinitions: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/ContainerDefinition' + description: A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide*. + Cpu: + type: string + description: |- + The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter. + The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate. + + 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) + + 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) + + 1024 (1 vCPU) - Available ``memory`` values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) + + 2048 (2 vCPU) - Available ``memory`` values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) + + 4096 (4 vCPU) - Available ``memory`` values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) + + 8192 (8 vCPU) - Available ``memory`` values: 16 GB and 60 GB in 4 GB increments + This option requires Linux platform ``1.4.0`` or later. + + 16384 (16vCPU) - Available ``memory`` values: 32GB and 120 GB in 8 GB increments + This option requires Linux platform ``1.4.0`` or later. + ExecutionRoleArn: + type: string + description: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. The task execution IAM role is required depending on the requirements of your task. For more information, see [Amazon ECS task execution IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html) in the *Amazon Elastic Container Service Developer Guide*. + EphemeralStorage: + $ref: '#/components/schemas/EphemeralStorage' + description: The ephemeral storage settings to use for tasks run with the task definition. + InferenceAccelerators: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/InferenceAccelerator' + description: The Elastic Inference accelerators to use for the containers in the task. + Memory: + type: string + description: |- + The amount (in MiB) of memory used by the task. + If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see [ContainerDefinition](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html). + If your tasks runs on FARGATElong, this field is required. You must use one of the following values. The value you choose determines your range of valid values for the ``cpu`` parameter. + + 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available ``cpu`` values: 256 (.25 vCPU) + + 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available ``cpu`` values: 512 (.5 vCPU) + + 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available ``cpu`` values: 1024 (1 vCPU) + + Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available ``cpu`` values: 2048 (2 vCPU) + + Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available ``cpu`` values: 4096 (4 vCPU) + + Between 16 GB and 60 GB in 4 GB increments - Available ``cpu`` values: 8192 (8 vCPU) + This option requires Linux platform ``1.4.0`` or later. + + Between 32GB and 120 GB in 8 GB increments - Available ``cpu`` values: 16384 (16 vCPU) + This option requires Linux platform ``1.4.0`` or later. + NetworkMode: + type: string + description: |- + The Docker networking mode to use for the containers in the task. The valid values are ``none``, ``bridge``, ``awsvpc``, and ``host``. If no network mode is specified, the default is ``bridge``. + For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ```` or ``awsvpc`` can be used. If the network mode is set to ``none``, you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode. + With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. + When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. + If the network mode is ``awsvpc``, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration value when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*. + If the network mode is ``host``, you cannot run multiple instantiations of the same task on a single container instance when port mappings are used. + For more information, see [Network settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings) in the *Docker run reference*. + PlacementConstraints: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/TaskDefinitionPlacementConstraint' + description: |- + An array of placement constraint objects to use for tasks. + This parameter isn't supported for tasks run on FARGATElong. + ProxyConfiguration: + $ref: '#/components/schemas/ProxyConfiguration' + description: |- + The configuration details for the App Mesh proxy. + Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ``ecs-init`` package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version ``20190301`` or later, they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. + RequiresCompatibilities: + type: array + x-insertionOrder: false + uniqueItems: true + items: + type: string + description: The task launch types the task definition was validated against. The valid values are ``EC2``, ``FARGATE``, and ``EXTERNAL``. For more information, see [Amazon ECS launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide*. + TaskRoleArn: + type: string + description: |- + The short name or full Amazon Resource Name (ARN) of the IAMlong role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see [Amazon ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*. + IAM roles for tasks on Windows require that the ``-EnableTaskIAMRole`` option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see [Windows IAM roles for tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html) in the *Amazon Elastic Container Service Developer Guide*. + Volumes: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Volume' + description: |- + The list of data volume definitions for the task. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) in the *Amazon Elastic Container Service Developer Guide*. + The ``host`` and ``sourcePath`` parameters aren't supported for tasks run on FARGATElong. + PidMode: + type: string + description: |- + The process namespace to use for the containers in the task. The valid values are ``host`` or ``task``. On Fargate for Linux containers, the only valid value is ``task``. For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task. + If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. + If ``task`` is specified, all containers within the specified task share the same process namespace. + If no value is specified, the default is a private namespace for each container. For more information, see [PID settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid) in the *Docker run reference*. + If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/). + This parameter is not supported for Windows containers. + This parameter is only supported for tasks that are hosted on FARGATElong if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate. + RuntimePlatform: + $ref: '#/components/schemas/RuntimePlatform' + description: |- + The operating system that your tasks definitions run on. A platform family is specified only for tasks using the Fargate launch type. + When you specify a task definition in a service, this value must match the ``runtimePlatform`` value of the service. + IpcMode: + type: string + description: >- + The IPC resource namespace to use for the containers in the task. The valid values are ``host``, ``task``, or ``none``. If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task + are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see [IPC settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc) in the *Docker run reference*. + If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/). + If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see [System Controls](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) in the *Amazon Elastic Container Service Developer Guide*. + + For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. + + For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. + + This parameter is not supported for Windows containers or tasks run on FARGATElong. + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + description: |- + The metadata that you apply to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value. You define both of them. + The following basic restrictions apply to tags: + + Maximum number of tags per resource - 50 + + For each resource, each tag key must be unique, and each tag key can have only one value. + + Maximum key length - 128 Unicode characters in UTF-8 + + Maximum value length - 256 Unicode characters in UTF-8 + + If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. + + Tag keys and values are case-sensitive. + + Do not use ``aws:``, ``AWS:``, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit. + x-stackql-resource-name: task_definition + description: |- + Registers a new task definition from the supplied ``family`` and ``containerDefinitions``. Optionally, you can add data volumes to your containers with the ``volumes`` parameter. For more information about task definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide*. + You can specify a role for your task with the ``taskRoleArn`` parameter. When you specify a role for a task, its containers can then use the latest versions of the CLI or SDKs to make API requests to the AWS services that are specified in the policy that's associated with the role. For more information, see [IAM Roles for Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*. + You can specify a Docker networking mode for the containers in your task definition with the ``networkMode`` parameter. The available network modes correspond to those described in [Network settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#/network-settings) in the Docker run reference. If you specify the ``awsvpc`` network mode, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*. + In the following example or examples, the Authorization header contents (``AUTHPARAMS``) must be replaced with an AWS Signature Version 4 signature. For more information, see [Signature Version 4 Signing Process](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) in the *General Reference*. + You only need to learn how to sign HTTP requests if you intend to create them manually. When you use the [](https://docs.aws.amazon.com/cli/) or one of the [SDKs](https://docs.aws.amazon.com/tools/) to make requests to AWS, these tools automatically sign the requests for you, with the access key that you specify when you configure the tools. When you use these tools, you don't have to sign requests yourself. + x-type-name: AWS::ECS::TaskDefinition + x-stackql-primary-identifier: + - TaskDefinitionArn + x-create-only-properties: + - Family + - ContainerDefinitions + - Cpu + - ExecutionRoleArn + - InferenceAccelerators + - Memory + - NetworkMode + - PlacementConstraints + - ProxyConfiguration + - RequiresCompatibilities + - RuntimePlatform + - TaskRoleArn + - Volumes + - PidMode + - IpcMode + - EphemeralStorage + x-read-only-properties: + - TaskDefinitionArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ecs:RegisterTaskDefinition + - ecs:DescribeTaskDefinition + - ecs:TagResource + - iam:GetRole + - iam:PassRole + read: + - ecs:DescribeTaskDefinition + update: + - ecs:TagResource + - ecs:UntagResource + - ecs:ListTagsForResource + - ecs:DescribeTaskDefinition + - iam:GetRole + - iam:PassRole + delete: + - ecs:DeregisterTaskDefinition + - ecs:DescribeTaskDefinition + - iam:GetRole + - iam:PassRole + list: + - ecs:ListTaskDefinitions + - ecs:DescribeTaskDefinition + Scale: + type: object + properties: + Unit: + description: The unit of measure for the scale value. + type: string + enum: + - PERCENT + Value: + description: The value, specified as a percent total of a service's desiredCount, to scale the task set. Accepted values are numbers between 0 and 100. + type: number + minimum: 0 + maximum: 100 + additionalProperties: false + TaskSet: + type: object + properties: + Cluster: + description: The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in. + type: string + ExternalId: + description: 'An optional non-unique tag that identifies this task set in external systems. If the task set is associated with a service discovery registry, the tasks in this task set will have the ECS_TASK_SET_EXTERNAL_ID AWS Cloud Map attribute set to the provided value. ' + type: string + Id: + description: The ID of the task set. + type: string + LaunchType: + description: 'The launch type that new tasks in the task set will use. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html in the Amazon Elastic Container Service Developer Guide. ' + type: string + enum: + - EC2 + - FARGATE + LoadBalancers: + type: array + items: + $ref: '#/components/schemas/LoadBalancer' + NetworkConfiguration: + $ref: '#/components/schemas/NetworkConfiguration' + PlatformVersion: + description: The platform version that the tasks in the task set should use. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the LATEST platform version is used by default. + type: string + Scale: + description: A floating-point percentage of the desired number of tasks to place and keep running in the task set. + $ref: '#/components/schemas/Scale' + Service: + description: The short name or full Amazon Resource Name (ARN) of the service to create the task set in. + type: string + ServiceRegistries: + description: The details of the service discovery registries to assign to this task set. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html. + type: array + items: + $ref: '#/components/schemas/ServiceRegistry' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + TaskDefinition: + description: The short name or full Amazon Resource Name (ARN) of the task definition for the tasks in the task set to use. + type: string + required: + - Cluster + - Service + - TaskDefinition + x-stackql-resource-name: task_set + description: Create a task set in the specified cluster and service. This is used when a service uses the EXTERNAL deployment controller type. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.htmlin the Amazon Elastic Container Service Developer Guide. + x-type-name: AWS::ECS::TaskSet + x-stackql-primary-identifier: + - Cluster + - Service + - Id + x-create-only-properties: + - Cluster + - ExternalId + - LaunchType + - LoadBalancers + - NetworkConfiguration + - PlatformVersion + - Service + - ServiceRegistries + - TaskDefinition + x-read-only-properties: + - Id + x-required-properties: + - Cluster + - Service + - TaskDefinition + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - ecs:CreateTaskSet + - ecs:DescribeTaskSets + - ecs:TagResource + read: + - ecs:DescribeTaskSets + update: + - ecs:DescribeTaskSets + - ecs:TagResource + - ecs:UntagResource + - ecs:UpdateTaskSet + delete: + - ecs:DeleteTaskSet + - ecs:DescribeTaskSets + x-stackQL-resources: + cluster_capacity_provider_associations: + name: cluster_capacity_provider_associations + id: aws.ecs.cluster_capacity_provider_associations + x-cfn-schema-name: ClusterCapacityProviderAssociations + x-type: get + x-identifiers: + - Cluster + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CapacityProviders') as capacity_providers, + JSON_EXTRACT(Properties, '$.Cluster') as cluster, + JSON_EXTRACT(Properties, '$.DefaultCapacityProviderStrategy') as default_capacity_provider_strategy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::ClusterCapacityProviderAssociations' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CapacityProviders') as capacity_providers, + json_extract_path_text(Properties, 'Cluster') as cluster, + json_extract_path_text(Properties, 'DefaultCapacityProviderStrategy') as default_capacity_provider_strategy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::ClusterCapacityProviderAssociations' + AND data__Identifier = '' + AND region = 'us-east-1' + primary_task_set: + name: primary_task_set + id: aws.ecs.primary_task_set + x-cfn-schema-name: PrimaryTaskSet + x-type: get + x-identifiers: + - Cluster + - Service + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Cluster') as cluster, + JSON_EXTRACT(Properties, '$.TaskSetId') as task_set_id, + JSON_EXTRACT(Properties, '$.Service') as service + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::PrimaryTaskSet' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Cluster') as cluster, + json_extract_path_text(Properties, 'TaskSetId') as task_set_id, + json_extract_path_text(Properties, 'Service') as service + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::PrimaryTaskSet' + AND data__Identifier = '|' + AND region = 'us-east-1' + services: + name: services + id: aws.ecs.services + x-cfn-schema-name: Service + x-type: list + x-identifiers: + - ServiceArn + - Cluster + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ServiceArn') as service_arn, + JSON_EXTRACT(Properties, '$.Cluster') as cluster + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECS::Service' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ServiceArn') as service_arn, + json_extract_path_text(Properties, 'Cluster') as cluster + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECS::Service' + AND region = 'us-east-1' + service: + name: service + id: aws.ecs.service + x-cfn-schema-name: Service + x-type: get + x-identifiers: + - ServiceArn + - Cluster + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ServiceArn') as service_arn, + JSON_EXTRACT(Properties, '$.CapacityProviderStrategy') as capacity_provider_strategy, + JSON_EXTRACT(Properties, '$.Cluster') as cluster, + JSON_EXTRACT(Properties, '$.DeploymentConfiguration') as deployment_configuration, + JSON_EXTRACT(Properties, '$.DeploymentController') as deployment_controller, + JSON_EXTRACT(Properties, '$.DesiredCount') as desired_count, + JSON_EXTRACT(Properties, '$.EnableECSManagedTags') as enable_ecs_managed_tags, + JSON_EXTRACT(Properties, '$.EnableExecuteCommand') as enable_execute_command, + JSON_EXTRACT(Properties, '$.HealthCheckGracePeriodSeconds') as health_check_grace_period_seconds, + JSON_EXTRACT(Properties, '$.LaunchType') as launch_type, + JSON_EXTRACT(Properties, '$.LoadBalancers') as load_balancers, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.NetworkConfiguration') as network_configuration, + JSON_EXTRACT(Properties, '$.PlacementConstraints') as placement_constraints, + JSON_EXTRACT(Properties, '$.PlacementStrategies') as placement_strategies, + JSON_EXTRACT(Properties, '$.PlatformVersion') as platform_version, + JSON_EXTRACT(Properties, '$.PropagateTags') as propagate_tags, + JSON_EXTRACT(Properties, '$.Role') as role, + JSON_EXTRACT(Properties, '$.SchedulingStrategy') as scheduling_strategy, + JSON_EXTRACT(Properties, '$.ServiceConnectConfiguration') as service_connect_configuration, + JSON_EXTRACT(Properties, '$.ServiceName') as service_name, + JSON_EXTRACT(Properties, '$.ServiceRegistries') as service_registries, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TaskDefinition') as task_definition, + JSON_EXTRACT(Properties, '$.VolumeConfigurations') as volume_configurations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::Service' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ServiceArn') as service_arn, + json_extract_path_text(Properties, 'CapacityProviderStrategy') as capacity_provider_strategy, + json_extract_path_text(Properties, 'Cluster') as cluster, + json_extract_path_text(Properties, 'DeploymentConfiguration') as deployment_configuration, + json_extract_path_text(Properties, 'DeploymentController') as deployment_controller, + json_extract_path_text(Properties, 'DesiredCount') as desired_count, + json_extract_path_text(Properties, 'EnableECSManagedTags') as enable_ecs_managed_tags, + json_extract_path_text(Properties, 'EnableExecuteCommand') as enable_execute_command, + json_extract_path_text(Properties, 'HealthCheckGracePeriodSeconds') as health_check_grace_period_seconds, + json_extract_path_text(Properties, 'LaunchType') as launch_type, + json_extract_path_text(Properties, 'LoadBalancers') as load_balancers, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'NetworkConfiguration') as network_configuration, + json_extract_path_text(Properties, 'PlacementConstraints') as placement_constraints, + json_extract_path_text(Properties, 'PlacementStrategies') as placement_strategies, + json_extract_path_text(Properties, 'PlatformVersion') as platform_version, + json_extract_path_text(Properties, 'PropagateTags') as propagate_tags, + json_extract_path_text(Properties, 'Role') as role, + json_extract_path_text(Properties, 'SchedulingStrategy') as scheduling_strategy, + json_extract_path_text(Properties, 'ServiceConnectConfiguration') as service_connect_configuration, + json_extract_path_text(Properties, 'ServiceName') as service_name, + json_extract_path_text(Properties, 'ServiceRegistries') as service_registries, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TaskDefinition') as task_definition, + json_extract_path_text(Properties, 'VolumeConfigurations') as volume_configurations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::Service' + AND data__Identifier = '|' + AND region = 'us-east-1' + task_definitions: + name: task_definitions + id: aws.ecs.task_definitions + x-cfn-schema-name: TaskDefinition + x-type: list + x-identifiers: + - TaskDefinitionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TaskDefinitionArn') as task_definition_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECS::TaskDefinition' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TaskDefinitionArn') as task_definition_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ECS::TaskDefinition' + AND region = 'us-east-1' + task_definition: + name: task_definition + id: aws.ecs.task_definition + x-cfn-schema-name: TaskDefinition + x-type: get + x-identifiers: + - TaskDefinitionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TaskDefinitionArn') as task_definition_arn, + JSON_EXTRACT(Properties, '$.Family') as family, + JSON_EXTRACT(Properties, '$.ContainerDefinitions') as container_definitions, + JSON_EXTRACT(Properties, '$.Cpu') as cpu, + JSON_EXTRACT(Properties, '$.ExecutionRoleArn') as execution_role_arn, + JSON_EXTRACT(Properties, '$.EphemeralStorage') as ephemeral_storage, + JSON_EXTRACT(Properties, '$.InferenceAccelerators') as inference_accelerators, + JSON_EXTRACT(Properties, '$.Memory') as memory, + JSON_EXTRACT(Properties, '$.NetworkMode') as network_mode, + JSON_EXTRACT(Properties, '$.PlacementConstraints') as placement_constraints, + JSON_EXTRACT(Properties, '$.ProxyConfiguration') as proxy_configuration, + JSON_EXTRACT(Properties, '$.RequiresCompatibilities') as requires_compatibilities, + JSON_EXTRACT(Properties, '$.TaskRoleArn') as task_role_arn, + JSON_EXTRACT(Properties, '$.Volumes') as volumes, + JSON_EXTRACT(Properties, '$.PidMode') as pid_mode, + JSON_EXTRACT(Properties, '$.RuntimePlatform') as runtime_platform, + JSON_EXTRACT(Properties, '$.IpcMode') as ipc_mode, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::TaskDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TaskDefinitionArn') as task_definition_arn, + json_extract_path_text(Properties, 'Family') as family, + json_extract_path_text(Properties, 'ContainerDefinitions') as container_definitions, + json_extract_path_text(Properties, 'Cpu') as cpu, + json_extract_path_text(Properties, 'ExecutionRoleArn') as execution_role_arn, + json_extract_path_text(Properties, 'EphemeralStorage') as ephemeral_storage, + json_extract_path_text(Properties, 'InferenceAccelerators') as inference_accelerators, + json_extract_path_text(Properties, 'Memory') as memory, + json_extract_path_text(Properties, 'NetworkMode') as network_mode, + json_extract_path_text(Properties, 'PlacementConstraints') as placement_constraints, + json_extract_path_text(Properties, 'ProxyConfiguration') as proxy_configuration, + json_extract_path_text(Properties, 'RequiresCompatibilities') as requires_compatibilities, + json_extract_path_text(Properties, 'TaskRoleArn') as task_role_arn, + json_extract_path_text(Properties, 'Volumes') as volumes, + json_extract_path_text(Properties, 'PidMode') as pid_mode, + json_extract_path_text(Properties, 'RuntimePlatform') as runtime_platform, + json_extract_path_text(Properties, 'IpcMode') as ipc_mode, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::TaskDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + task_set: + name: task_set + id: aws.ecs.task_set + x-cfn-schema-name: TaskSet + x-type: get + x-identifiers: + - Cluster + - Service + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Cluster') as cluster, + JSON_EXTRACT(Properties, '$.ExternalId') as external_id, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.LaunchType') as launch_type, + JSON_EXTRACT(Properties, '$.LoadBalancers') as load_balancers, + JSON_EXTRACT(Properties, '$.NetworkConfiguration') as network_configuration, + JSON_EXTRACT(Properties, '$.PlatformVersion') as platform_version, + JSON_EXTRACT(Properties, '$.Scale') as scale, + JSON_EXTRACT(Properties, '$.Service') as service, + JSON_EXTRACT(Properties, '$.ServiceRegistries') as service_registries, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TaskDefinition') as task_definition + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::TaskSet' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Cluster') as cluster, + json_extract_path_text(Properties, 'ExternalId') as external_id, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'LaunchType') as launch_type, + json_extract_path_text(Properties, 'LoadBalancers') as load_balancers, + json_extract_path_text(Properties, 'NetworkConfiguration') as network_configuration, + json_extract_path_text(Properties, 'PlatformVersion') as platform_version, + json_extract_path_text(Properties, 'Scale') as scale, + json_extract_path_text(Properties, 'Service') as service, + json_extract_path_text(Properties, 'ServiceRegistries') as service_registries, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TaskDefinition') as task_definition + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::TaskSet' + AND data__Identifier = '||' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/efs.yaml b/providers/src/aws/v00.00.00000/services/efs.yaml new file mode 100644 index 00000000..cd73669d --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/efs.yaml @@ -0,0 +1,684 @@ +openapi: 3.0.0 +info: + title: EFS + version: 1.0.0 +paths: {} +components: + schemas: + AccessPointTag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + description: The tag key (String). The key can't start with ``aws:``. + Value: + type: string + minLength: 1 + maxLength: 256 + description: The value of the tag key. + additionalProperties: false + description: 'A tag is a key-value pair attached to a file system. Allowed characters in the ``Key`` and ``Value`` properties are letters, white space, and numbers that can be represented in UTF-8, and the following characters:``+ - = . _ : /``' + CreationInfo: + type: object + properties: + OwnerUid: + type: string + description: Specifies the POSIX user ID to apply to the ``RootDirectory``. Accepts values from 0 to 2^32 (4294967295). + OwnerGid: + type: string + description: Specifies the POSIX group ID to apply to the ``RootDirectory``. Accepts values from 0 to 2^32 (4294967295). + Permissions: + type: string + description: Specifies the POSIX permissions to apply to the ``RootDirectory``, in the format of an octal number representing the file's mode bits. + pattern: ^[0-7]{3,4}$ + required: + - OwnerUid + - OwnerGid + - Permissions + additionalProperties: false + description: |- + Required if the ``RootDirectory`` > ``Path`` specified does not exist. Specifies the POSIX IDs and permissions to apply to the access point's ``RootDirectory`` > ``Path``. If the access point root directory does not exist, EFS creates it with these settings when a client connects to the access point. When specifying ``CreationInfo``, you must include values for all properties. + Amazon EFS creates a root directory only if you have provided the CreationInfo: OwnUid, OwnGID, and permissions for the directory. If you do not provide this information, Amazon EFS does not create the root directory. If the root directory does not exist, attempts to mount using the access point will fail. + If you do not provide ``CreationInfo`` and the specified ``RootDirectory`` does not exist, attempts to mount the file system using the access point will fail. + RootDirectory: + type: object + properties: + Path: + type: string + description: Specifies the path on the EFS file system to expose as the root directory to NFS clients using the access point to access the EFS file system. A path can have up to four subdirectories. If the specified path does not exist, you are required to provide the ``CreationInfo``. + minLength: 1 + maxLength: 100 + CreationInfo: + description: |- + (Optional) Specifies the POSIX IDs and permissions to apply to the access point's ``RootDirectory``. If the ``RootDirectory`` > ``Path`` specified does not exist, EFS creates the root directory using the ``CreationInfo`` settings when a client connects to an access point. When specifying the ``CreationInfo``, you must provide values for all properties. + If you do not provide ``CreationInfo`` and the specified ``RootDirectory`` > ``Path`` does not exist, attempts to mount the file system using the access point will fail. + $ref: '#/components/schemas/CreationInfo' + additionalProperties: false + description: Specifies the directory on the Amazon EFS file system that the access point provides access to. The access point exposes the specified file system path as the root directory of your file system to applications using the access point. NFS clients using the access point can only access data in the access point's ``RootDirectory`` and its subdirectories. + PosixUser: + type: object + properties: + Uid: + type: string + description: The POSIX user ID used for all file system operations using this access point. + Gid: + type: string + description: The POSIX group ID used for all file system operations using this access point. + SecondaryGids: + type: array + description: Secondary POSIX group IDs used for all file system operations using this access point. + items: + type: string + required: + - Uid + - Gid + additionalProperties: false + description: The full POSIX identity, including the user ID, group ID, and any secondary group IDs, on the access point that is used for all file system operations performed by NFS clients using the access point. + AccessPoint: + type: object + properties: + AccessPointId: + type: string + description: '' + Arn: + type: string + description: '' + ClientToken: + description: The opaque string specified in the request to ensure idempotent creation. + type: string + AccessPointTags: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/AccessPointTag' + description: |- + An array of key-value pairs to apply to this resource. + For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). + FileSystemId: + description: The ID of the EFS file system that the access point applies to. Accepts only the ID format for input when specifying a file system, for example ``fs-0123456789abcedf2``. + type: string + PosixUser: + description: The full POSIX identity, including the user ID, group ID, and secondary group IDs on the access point that is used for all file operations by NFS clients using the access point. + $ref: '#/components/schemas/PosixUser' + RootDirectory: + description: The directory on the EFS file system that the access point exposes as the root directory to NFS clients using the access point. + $ref: '#/components/schemas/RootDirectory' + required: + - FileSystemId + x-stackql-resource-name: access_point + description: >- + The ``AWS::EFS::AccessPoint`` resource creates an EFS access point. An access point is an application-specific view into an EFS file system that applies an operating system user and group, and a file system path, to any file system request made through the access point. The operating system user and group override any identity information provided by the NFS client. The file system path is exposed as the access point's root directory. Applications using the access point can only access + data in its own directory and below. To learn more, see [Mounting a file system using EFS access points](https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html). + This operation requires permissions for the ``elasticfilesystem:CreateAccessPoint`` action. + x-type-name: AWS::EFS::AccessPoint + x-stackql-primary-identifier: + - AccessPointId + x-create-only-properties: + - FileSystemId + - ClientToken + - CreationInfo + - CreationInfo/OwnerUid + - CreationInfo/OwnerGid + - CreationInfo/Permissions + - PosixUser + - PosixUser/Uid + - PosixUser/Gid + - PosixUser/SecondaryGids + - RootDirectory + - RootDirectory/Path + - RootDirectory/CreationInfo + x-read-only-properties: + - AccessPointId + - Arn + x-required-properties: + - FileSystemId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/AccessPointTags + x-required-permissions: + create: + - elasticfilesystem:CreateAccessPoint + - elasticfilesystem:TagResource + - elasticfilesystem:DescribeAccessPoints + read: + - elasticfilesystem:DescribeAccessPoints + delete: + - elasticfilesystem:DeleteAccessPoint + - elasticfilesystem:DescribeAccessPoints + list: + - elasticfilesystem:DescribeAccessPoints + update: + - elasticfilesystem:DescribeAccessPoints + - elasticfilesystem:ListTagsForResource + - elasticfilesystem:TagResource + - elasticfilesystem:UntagResource + Arn: + type: string + ElasticFileSystemTag: + type: object + additionalProperties: false + properties: + Key: + type: string + description: The tag key (String). The key can't start with ``aws:``. + Value: + type: string + description: The value of the tag key. + required: + - Value + - Key + description: 'A tag is a key-value pair attached to a file system. Allowed characters in the ``Key`` and ``Value`` properties are letters, white space, and numbers that can be represented in UTF-8, and the following characters:``+ - = . _ : /``' + LifecyclePolicy: + type: object + additionalProperties: false + properties: + TransitionToIA: + type: string + description: The number of days after files were last accessed in primary storage (the Standard storage class) at which to move them to Infrequent Access (IA) storage. Metadata operations such as listing the contents of a directory don't count as file access events. + TransitionToPrimaryStorageClass: + type: string + description: Whether to move files back to primary (Standard) storage after they are accessed in IA or Archive storage. Metadata operations such as listing the contents of a directory don't count as file access events. + TransitionToArchive: + type: string + description: The number of days after files were last accessed in primary storage (the Standard storage class) at which to move them to Archive storage. Metadata operations such as listing the contents of a directory don't count as file access events. + description: |- + Describes a policy used by Lifecycle management that specifies when to transition files into and out of the EFS storage classes. For more information, see [Managing file system storage](https://docs.aws.amazon.com/efs/latest/ug/lifecycle-management-efs.html). + + Each ``LifecyclePolicy`` object can have only a single transition. This means that in a request body, ``LifecyclePolicies`` must be structured as an array of ``LifecyclePolicy`` objects, one object for each transition, ``TransitionToIA``, ``TransitionToArchive``, ``TransitionToPrimaryStorageClass``. + + See the AWS::EFS::FileSystem examples for the correct ``LifecyclePolicy`` structure. Do not use the syntax shown on this page. + BackupPolicy: + type: object + additionalProperties: false + properties: + Status: + type: string + enum: + - DISABLED + - ENABLED + description: |- + Set the backup policy status for the file system. + + *ENABLED* - Turns automatic backups on for the file system. + + *DISABLED* - Turns automatic backups off for the file system. + required: + - Status + description: The backup policy turns automatic backups for the file system on or off. + FileSystemProtection: + type: object + additionalProperties: false + properties: + ReplicationOverwriteProtection: + type: string + enum: + - DISABLED + - ENABLED + description: |- + The status of the file system's replication overwrite protection. + + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. + + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. + + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + + If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. + description: Describes the protection on the file system. + ReplicationDestination: + type: object + additionalProperties: false + properties: + FileSystemId: + type: string + description: The ID of the destination Amazon EFS file system. + Region: + type: string + description: |- + The AWS-Region in which the destination file system is located. + For One Zone file systems, the replication configuration must specify the AWS-Region in which the destination file system is located. + AvailabilityZoneName: + type: string + description: |- + The AWS For One Zone file systems, the replication configuration must specify the Availability Zone in which the destination file system is located. + Use the format ``us-east-1a`` to specify the Availability Zone. For more information about One Zone file systems, see [EFS file system types](https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html) in the *Amazon EFS User Guide*. + One Zone file system type is not available in all Availability Zones in AWS-Regions where Amazon EFS is available. + KmsKeyId: + type: string + description: The ID of an kms-key-long used to protect the encrypted file system. + description: Describes the destination file system in the replication configuration. + ReplicationConfiguration: + type: object + additionalProperties: false + properties: + Destinations: + type: array + uniqueItems: true + minItems: 1 + maxItems: 1 + items: + $ref: '#/components/schemas/ReplicationDestination' + description: An array of destination objects. Only one destination object is supported. + description: Describes the replication configuration for a specific file system. + FileSystem: + type: object + properties: + FileSystemId: + type: string + description: '' + Arn: + $ref: '#/components/schemas/Arn' + description: '' + Encrypted: + type: boolean + description: A Boolean value that, if true, creates an encrypted file system. When creating an encrypted file system, you have the option of specifying a KmsKeyId for an existing kms-key-long. If you don't specify a kms-key, then the default kms-key for EFS, ``/aws/elasticfilesystem``, is used to protect the encrypted file system. + FileSystemTags: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/ElasticFileSystemTag' + description: Use to create one or more tags associated with the file system. Each tag is a user-defined key-value pair. Name your file system on creation by including a ``"Key":"Name","Value":"{value}"`` key-value pair. Each key must be unique. For more information, see [Tagging resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *General Reference Guide*. + KmsKeyId: + type: string + description: |- + The ID of the kms-key-long to be used to protect the encrypted file system. This parameter is only required if you want to use a nondefault kms-key. If this parameter is not specified, the default kms-key for EFS is used. This ID can be in one of the following formats: + + Key ID - A unique identifier of the key, for example ``1234abcd-12ab-34cd-56ef-1234567890ab``. + + ARN - An Amazon Resource Name (ARN) for the key, for example ``arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab``. + + Key alias - A previously created display name for a key, for example ``alias/projectKey1``. + + Key alias ARN - An ARN for a key alias, for example ``arn:aws:kms:us-west-2:444455556666:alias/projectKey1``. + + If ``KmsKeyId`` is specified, the ``Encrypted`` parameter must be set to true. + LifecyclePolicies: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/LifecyclePolicy' + description: |- + An array of ``LifecyclePolicy`` objects that define the file system's ``LifecycleConfiguration`` object. A ``LifecycleConfiguration`` object informs Lifecycle management of the following: + + When to move files in the file system from primary storage to IA storage. + + When to move files in the file system from primary storage or IA storage to Archive storage. + + When to move files that are in IA or Archive storage to primary storage. + + EFS requires that each ``LifecyclePolicy`` object have only a single transition. This means that in a request body, ``LifecyclePolicies`` needs to be structured as an array of ``LifecyclePolicy`` objects, one object for each transition, ``TransitionToIA``, ``TransitionToArchive`` ``TransitionToPrimaryStorageClass``. See the example requests in the following section for more information. + FileSystemProtection: + $ref: '#/components/schemas/FileSystemProtection' + description: Describes the protection on the file system. + PerformanceMode: + type: string + description: |- + The Performance mode of the file system. We recommend ``generalPurpose`` performance mode for all file systems. File systems using the ``maxIO`` performance mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff of slightly higher latencies for most file operations. The performance mode can't be changed after the file system has been created. The ``maxIO`` mode is not supported on One Zone file systems. + Due to the higher per-operation latencies with Max I/O, we recommend using General Purpose performance mode for all file systems. + Default is ``generalPurpose``. + ProvisionedThroughputInMibps: + type: number + description: The throughput, measured in mebibytes per second (MiBps), that you want to provision for a file system that you're creating. Required if ``ThroughputMode`` is set to ``provisioned``. Valid values are 1-3414 MiBps, with the upper limit depending on Region. To increase this limit, contact SUP. For more information, see [Amazon EFS quotas that you can increase](https://docs.aws.amazon.com/efs/latest/ug/limits.html#soft-limits) in the *Amazon EFS User Guide*. + ThroughputMode: + type: string + description: >- + Specifies the throughput mode for the file system. The mode can be ``bursting``, ``provisioned``, or ``elastic``. If you set ``ThroughputMode`` to ``provisioned``, you must also set a value for ``ProvisionedThroughputInMibps``. After you create the file system, you can decrease your file system's Provisioned throughput or change between the throughput modes, with certain time restrictions. For more information, see [Specifying throughput with provisioned + mode](https://docs.aws.amazon.com/efs/latest/ug/performance.html#provisioned-throughput) in the *Amazon EFS User Guide*. + Default is ``bursting``. + FileSystemPolicy: + type: object + description: The ``FileSystemPolicy`` for the EFS file system. A file system policy is an IAM resource policy used to control NFS access to an EFS file system. For more information, see [Using to control NFS access to Amazon EFS](https://docs.aws.amazon.com/efs/latest/ug/iam-access-control-nfs-efs.html) in the *Amazon EFS User Guide*. + BypassPolicyLockoutSafetyCheck: + description: >- + (Optional) A boolean that specifies whether or not to bypass the ``FileSystemPolicy`` lockout safety check. The lockout safety check determines whether the policy in the request will lock out, or prevent, the IAM principal that is making the request from making future ``PutFileSystemPolicy`` requests on this file system. Set ``BypassPolicyLockoutSafetyCheck`` to ``True`` only when you intend to prevent the IAM principal that is making the request from making subsequent + ``PutFileSystemPolicy`` requests on this file system. The default value is ``False``. + type: boolean + BackupPolicy: + $ref: '#/components/schemas/BackupPolicy' + description: Use the ``BackupPolicy`` to turn automatic backups on or off for the file system. + AvailabilityZoneName: + type: string + description: |- + For One Zone file systems, specify the AWS Availability Zone in which to create the file system. Use the format ``us-east-1a`` to specify the Availability Zone. For more information about One Zone file systems, see [EFS file system types](https://docs.aws.amazon.com/efs/latest/ug/availability-durability.html#file-system-type) in the *Amazon EFS User Guide*. + One Zone file systems are not available in all Availability Zones in AWS-Regions where Amazon EFS is available. + ReplicationConfiguration: + $ref: '#/components/schemas/ReplicationConfiguration' + description: Describes the replication configuration for a specific file system. + x-stackql-resource-name: file_system + description: The ``AWS::EFS::FileSystem`` resource creates a new, empty file system in EFSlong (EFS). You must create a mount target ([AWS::EFS::MountTarget](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html)) to mount your EFS file system on an EC2 or other AWS cloud compute resource. + x-type-name: AWS::EFS::FileSystem + x-stackql-primary-identifier: + - FileSystemId + x-create-only-properties: + - AvailabilityZoneName + - Encrypted + - KmsKeyId + - PerformanceMode + x-write-only-properties: + - BypassPolicyLockoutSafetyCheck + - ReplicationConfiguration/Destinations/0/AvailabilityZoneName + - ReplicationConfiguration/Destinations/0/KmsKeyId + x-read-only-properties: + - Arn + - FileSystemId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/FileSystemTags + x-required-permissions: + create: + - elasticfilesystem:CreateFileSystem + - elasticfilesystem:DescribeReplicationConfigurations + - elasticfilesystem:TagResource + - elasticfilesystem:CreateReplicationConfiguration + - elasticfilesystem:DescribeFileSystems + - elasticfilesystem:PutBackupPolicy + - elasticfilesystem:PutFileSystemPolicy + - elasticfilesystem:PutLifecycleConfiguration + - elasticfilesystem:UpdateFileSystemProtection + - kms:DescribeKey + - kms:GenerateDataKeyWithoutPlaintext + - kms:CreateGrant + read: + - elasticfilesystem:DescribeBackupPolicy + - elasticfilesystem:DescribeFileSystemPolicy + - elasticfilesystem:DescribeFileSystems + - elasticfilesystem:DescribeLifecycleConfiguration + - elasticfilesystem:DescribeReplicationConfigurations + update: + - elasticfilesystem:CreateReplicationConfiguration + - elasticfilesystem:DeleteFileSystemPolicy + - elasticfilesystem:DescribeBackupPolicy + - elasticfilesystem:DescribeFileSystemPolicy + - elasticfilesystem:DescribeFileSystems + - elasticfilesystem:DescribeLifecycleConfiguration + - elasticfilesystem:DescribeReplicationConfigurations + - elasticfilesystem:DeleteTags + - elasticfilesystem:DeleteReplicationConfiguration + - elasticfilesystem:ListTagsForResource + - elasticfilesystem:PutBackupPolicy + - elasticfilesystem:PutFileSystemPolicy + - elasticfilesystem:PutLifecycleConfiguration + - elasticfilesystem:TagResource + - elasticfilesystem:UntagResource + - elasticfilesystem:UpdateFileSystem + - elasticfilesystem:UpdateFileSystemProtection + - kms:DescribeKey + - kms:GenerateDataKeyWithoutPlaintext + - kms:CreateGrant + delete: + - elasticfilesystem:DescribeFileSystems + - elasticfilesystem:DeleteFileSystem + - elasticfilesystem:DeleteReplicationConfiguration + - elasticfilesystem:DescribeReplicationConfigurations + list: + - elasticfilesystem:DescribeBackupPolicy + - elasticfilesystem:DescribeFileSystemPolicy + - elasticfilesystem:DescribeFileSystems + - elasticfilesystem:DescribeLifecycleConfiguration + - elasticfilesystem:DescribeReplicationConfigurations + MountTarget: + type: object + properties: + Id: + type: string + description: '' + IpAddress: + type: string + description: Valid IPv4 address within the address range of the specified subnet. + FileSystemId: + type: string + description: The ID of the file system for which to create the mount target. + SecurityGroups: + type: array + x-insertionOrder: false + uniqueItems: true + items: + type: string + description: Up to five VPC security group IDs, of the form ``sg-xxxxxxxx``. These must be for the same VPC as subnet specified. + SubnetId: + type: string + description: The ID of the subnet to add the mount target in. For One Zone file systems, use the subnet that is associated with the file system's Availability Zone. + required: + - FileSystemId + - SecurityGroups + - SubnetId + x-stackql-resource-name: mount_target + description: The ``AWS::EFS::MountTarget`` resource is an Amazon EFS resource that creates a mount target for an EFS file system. You can then mount the file system on Amazon EC2 instances or other resources by using the mount target. + x-type-name: AWS::EFS::MountTarget + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - IpAddress + - SubnetId + - FileSystemId + x-read-only-properties: + - Id + x-required-properties: + - FileSystemId + - SecurityGroups + - SubnetId + x-tagging: + taggable: false + x-required-permissions: + create: + - elasticfilesystem:CreateMountTarget + - elasticfilesystem:DescribeMountTargets + read: + - elasticfilesystem:DescribeMountTargets + - elasticfilesystem:DescribeMountTargetSecurityGroups + update: + - elasticfilesystem:DescribeMountTargets + - elasticfilesystem:DescribeMountTargetSecurityGroups + - elasticfilesystem:ModifyMountTargetSecurityGroups + delete: + - elasticfilesystem:DescribeMountTargets + - elasticfilesystem:DeleteMountTarget + list: + - elasticfilesystem:DescribeMountTargets + - elasticfilesystem:DescribeMountTargetSecurityGroups + x-stackQL-resources: + access_points: + name: access_points + id: aws.efs.access_points + x-cfn-schema-name: AccessPoint + x-type: list + x-identifiers: + - AccessPointId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccessPointId') as access_point_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EFS::AccessPoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccessPointId') as access_point_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EFS::AccessPoint' + AND region = 'us-east-1' + access_point: + name: access_point + id: aws.efs.access_point + x-cfn-schema-name: AccessPoint + x-type: get + x-identifiers: + - AccessPointId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccessPointId') as access_point_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ClientToken') as client_token, + JSON_EXTRACT(Properties, '$.AccessPointTags') as access_point_tags, + JSON_EXTRACT(Properties, '$.FileSystemId') as file_system_id, + JSON_EXTRACT(Properties, '$.PosixUser') as posix_user, + JSON_EXTRACT(Properties, '$.RootDirectory') as root_directory + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EFS::AccessPoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccessPointId') as access_point_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ClientToken') as client_token, + json_extract_path_text(Properties, 'AccessPointTags') as access_point_tags, + json_extract_path_text(Properties, 'FileSystemId') as file_system_id, + json_extract_path_text(Properties, 'PosixUser') as posix_user, + json_extract_path_text(Properties, 'RootDirectory') as root_directory + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EFS::AccessPoint' + AND data__Identifier = '' + AND region = 'us-east-1' + file_systems: + name: file_systems + id: aws.efs.file_systems + x-cfn-schema-name: FileSystem + x-type: list + x-identifiers: + - FileSystemId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FileSystemId') as file_system_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EFS::FileSystem' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FileSystemId') as file_system_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EFS::FileSystem' + AND region = 'us-east-1' + file_system: + name: file_system + id: aws.efs.file_system + x-cfn-schema-name: FileSystem + x-type: get + x-identifiers: + - FileSystemId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FileSystemId') as file_system_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Encrypted') as encrypted, + JSON_EXTRACT(Properties, '$.FileSystemTags') as file_system_tags, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.LifecyclePolicies') as lifecycle_policies, + JSON_EXTRACT(Properties, '$.FileSystemProtection') as file_system_protection, + JSON_EXTRACT(Properties, '$.PerformanceMode') as performance_mode, + JSON_EXTRACT(Properties, '$.ProvisionedThroughputInMibps') as provisioned_throughput_in_mibps, + JSON_EXTRACT(Properties, '$.ThroughputMode') as throughput_mode, + JSON_EXTRACT(Properties, '$.FileSystemPolicy') as file_system_policy, + JSON_EXTRACT(Properties, '$.BypassPolicyLockoutSafetyCheck') as bypass_policy_lockout_safety_check, + JSON_EXTRACT(Properties, '$.BackupPolicy') as backup_policy, + JSON_EXTRACT(Properties, '$.AvailabilityZoneName') as availability_zone_name, + JSON_EXTRACT(Properties, '$.ReplicationConfiguration') as replication_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EFS::FileSystem' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FileSystemId') as file_system_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Encrypted') as encrypted, + json_extract_path_text(Properties, 'FileSystemTags') as file_system_tags, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'LifecyclePolicies') as lifecycle_policies, + json_extract_path_text(Properties, 'FileSystemProtection') as file_system_protection, + json_extract_path_text(Properties, 'PerformanceMode') as performance_mode, + json_extract_path_text(Properties, 'ProvisionedThroughputInMibps') as provisioned_throughput_in_mibps, + json_extract_path_text(Properties, 'ThroughputMode') as throughput_mode, + json_extract_path_text(Properties, 'FileSystemPolicy') as file_system_policy, + json_extract_path_text(Properties, 'BypassPolicyLockoutSafetyCheck') as bypass_policy_lockout_safety_check, + json_extract_path_text(Properties, 'BackupPolicy') as backup_policy, + json_extract_path_text(Properties, 'AvailabilityZoneName') as availability_zone_name, + json_extract_path_text(Properties, 'ReplicationConfiguration') as replication_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EFS::FileSystem' + AND data__Identifier = '' + AND region = 'us-east-1' + mount_targets: + name: mount_targets + id: aws.efs.mount_targets + x-cfn-schema-name: MountTarget + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EFS::MountTarget' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EFS::MountTarget' + AND region = 'us-east-1' + mount_target: + name: mount_target + id: aws.efs.mount_target + x-cfn-schema-name: MountTarget + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.IpAddress') as ip_address, + JSON_EXTRACT(Properties, '$.FileSystemId') as file_system_id, + JSON_EXTRACT(Properties, '$.SecurityGroups') as security_groups, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EFS::MountTarget' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'IpAddress') as ip_address, + json_extract_path_text(Properties, 'FileSystemId') as file_system_id, + json_extract_path_text(Properties, 'SecurityGroups') as security_groups, + json_extract_path_text(Properties, 'SubnetId') as subnet_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EFS::MountTarget' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/eks.yaml b/providers/src/aws/v00.00.00000/services/eks.yaml new file mode 100644 index 00000000..21aeb8a2 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/eks.yaml @@ -0,0 +1,1589 @@ +openapi: 3.0.0 +info: + title: EKS + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + AccessPolicy: + description: An access policy to associate with the current access entry. + type: object + additionalProperties: false + properties: + PolicyArn: + type: string + description: The ARN of the access policy to add to the access entry. + AccessScope: + $ref: '#/components/schemas/AccessScope' + required: + - PolicyArn + - AccessScope + AccessScope: + description: The access scope of the access policy. + type: object + additionalProperties: false + properties: + Type: + description: The type of the access scope. + type: string + enum: + - namespace + - cluster + Namespaces: + description: The namespaces to associate with the access scope. Only specify if Type is set to 'namespace'. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + required: + - Type + AccessEntry: + type: object + properties: + ClusterName: + description: The cluster that the access entry is created for. + type: string + minLength: 1 + PrincipalArn: + description: The principal ARN that the access entry is created for. + type: string + minLength: 1 + Username: + description: The Kubernetes user that the access entry is associated with. + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + AccessEntryArn: + description: The ARN of the access entry. + type: string + KubernetesGroups: + description: The Kubernetes groups that the access entry is associated with. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + AccessPolicies: + description: An array of access policies that are associated with the access entry. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/AccessPolicy' + maxItems: 20 + Type: + description: The node type to associate with the access entry. + type: string + required: + - PrincipalArn + - ClusterName + x-stackql-resource-name: access_entry + description: An object representing an Amazon EKS AccessEntry. + x-type-name: AWS::EKS::AccessEntry + x-stackql-primary-identifier: + - PrincipalArn + - ClusterName + x-create-only-properties: + - PrincipalArn + - ClusterName + - Type + x-read-only-properties: + - AccessEntryArn + x-required-properties: + - PrincipalArn + - ClusterName + x-replacement-strategy: create_then_delete + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - eks:CreateAccessEntry + - eks:DescribeAccessEntry + - eks:AssociateAccessPolicy + - eks:TagResource + - eks:ListAssociatedAccessPolicies + read: + - eks:DescribeAccessEntry + - eks:ListAssociatedAccessPolicies + update: + - eks:DescribeAccessEntry + - eks:ListAssociatedAccessPolicies + - eks:UpdateAccessEntry + - eks:AssociateAccessPolicy + - eks:DisassociateAccessPolicy + - eks:TagResource + - eks:UntagResource + delete: + - eks:DeleteAccessEntry + - eks:DescribeAccessEntry + list: + - eks:ListAccessEntries + Addon: + type: object + properties: + ClusterName: + description: Name of Cluster + type: string + minLength: 1 + AddonName: + description: Name of Addon + type: string + minLength: 1 + AddonVersion: + description: Version of Addon + type: string + minLength: 1 + PreserveOnDelete: + description: PreserveOnDelete parameter value + type: boolean + ResolveConflicts: + description: Resolve parameter value conflicts + type: string + minLength: 1 + enum: + - NONE + - OVERWRITE + - PRESERVE + ServiceAccountRoleArn: + description: IAM role to bind to the add-on's service account + type: string + minLength: 1 + ConfigurationValues: + description: The configuration values to use with the add-on + type: string + minLength: 1 + Arn: + description: Amazon Resource Name (ARN) of the add-on + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - ClusterName + - AddonName + x-stackql-resource-name: addon + description: Resource Schema for AWS::EKS::Addon + x-type-name: AWS::EKS::Addon + x-stackql-primary-identifier: + - ClusterName + - AddonName + x-create-only-properties: + - ClusterName + - AddonName + x-write-only-properties: + - ResolveConflicts + - PreserveOnDelete + x-read-only-properties: + - Arn + x-required-properties: + - ClusterName + - AddonName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - eks:CreateAddon + - eks:DescribeAddon + - eks:TagResource + - iam:PassRole + read: + - eks:DescribeAddon + delete: + - eks:DeleteAddon + - eks:DescribeAddon + list: + - eks:ListAddons + update: + - iam:PassRole + - eks:UpdateAddon + - eks:DescribeAddon + - eks:DescribeUpdate + - eks:ListTagsForResource + - eks:TagResource + - eks:UntagResource + Provider: + type: object + additionalProperties: false + properties: + KeyArn: + description: Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric, created in the same region as the cluster, and if the KMS key was created in a different account, the user must have access to the KMS key. + type: string + EncryptionConfig: + description: The encryption configuration for the cluster + type: object + properties: + Provider: + description: The encryption provider for the cluster. + $ref: '#/components/schemas/Provider' + Resources: + description: Specifies the resources to be encrypted. The only supported value is "secrets". + type: array + x-insertionOrder: false + items: + type: string + additionalProperties: false + ResourcesVpcConfig: + description: An object representing the VPC configuration to use for an Amazon EKS cluster. + type: object + additionalProperties: false + properties: + EndpointPrivateAccess: + description: >- + Set this value to true to enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is false, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for + communication with the nodes or Fargate pods. + type: boolean + EndpointPublicAccess: + description: Set this value to false to disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is true, which enables public access for your Kubernetes API server. + type: boolean + PublicAccessCidrs: + description: The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0. If you've disabled private endpoint access and you have nodes or AWS Fargate pods in the cluster, then ensure that you specify the necessary CIDR blocks. + type: array + x-insertionOrder: false + items: + type: string + minItems: 1 + SecurityGroupIds: + description: Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane. If you don't specify a security group, the default security group for your VPC is used. + type: array + x-insertionOrder: false + items: + type: string + minItems: 1 + SubnetIds: + description: Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane. + type: array + x-insertionOrder: false + items: + type: string + minItems: 1 + required: + - SubnetIds + LoggingTypeConfig: + description: Enabled Logging Type + type: object + properties: + Type: + description: name of the log type + type: string + enum: + - api + - audit + - authenticator + - controllerManager + - scheduler + additionalProperties: false + EnabledTypes: + description: Enable control plane logs for your cluster, all log types will be disabled if the array is empty + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/LoggingTypeConfig' + ClusterLogging: + description: 'The cluster control plane logging configuration for your cluster. ' + type: object + additionalProperties: false + properties: + EnabledTypes: + $ref: '#/components/schemas/EnabledTypes' + Logging: + description: Enable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs based on log types. By default, cluster control plane logs aren't exported to CloudWatch Logs. + type: object + additionalProperties: false + properties: + ClusterLogging: + description: 'The cluster control plane logging configuration for your cluster. ' + $ref: '#/components/schemas/ClusterLogging' + KubernetesNetworkConfig: + description: The Kubernetes network configuration for the cluster. + additionalProperties: false + type: object + properties: + ServiceIpv4Cidr: + description: 'The CIDR block to assign Kubernetes service IP addresses from. If you don''t specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. ' + type: string + ServiceIpv6Cidr: + description: The CIDR block to assign Kubernetes service IP addresses from. + type: string + IpFamily: + description: Ipv4 or Ipv6. You can only specify ipv6 for 1.21 and later clusters that use version 1.10.1 or later of the Amazon VPC CNI add-on + type: string + enum: + - ipv4 + - ipv6 + ControlPlanePlacement: + description: Specify the placement group of the control plane machines for your cluster. + type: object + additionalProperties: false + properties: + GroupName: + description: Specify the placement group name of the control place machines for your cluster. + type: string + OutpostConfig: + description: An object representing the Outpost configuration to use for AWS EKS outpost cluster. + additionalProperties: false + type: object + properties: + OutpostArns: + description: Specify one or more Arn(s) of Outpost(s) on which you would like to create your cluster. + type: array + x-insertionOrder: false + items: + type: string + minItems: 1 + ControlPlaneInstanceType: + description: Specify the Instance type of the machines that should be used to create your cluster. + type: string + ControlPlanePlacement: + description: Specify the placement group of the control plane machines for your cluster. + $ref: '#/components/schemas/ControlPlanePlacement' + required: + - OutpostArns + - ControlPlaneInstanceType + AccessConfig: + description: An object representing the Access Config to use for the cluster. + additionalProperties: false + type: object + properties: + BootstrapClusterCreatorAdminPermissions: + description: Set this value to false to avoid creating a default cluster admin Access Entry using the IAM principal used to create the cluster. + type: boolean + AuthenticationMode: + description: Specify the authentication mode that should be used to create your cluster. + type: string + enum: + - CONFIG_MAP + - API_AND_CONFIG_MAP + - API + Cluster: + type: object + properties: + EncryptionConfig: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/EncryptionConfig' + maxItems: 1 + KubernetesNetworkConfig: + $ref: '#/components/schemas/KubernetesNetworkConfig' + Logging: + $ref: '#/components/schemas/Logging' + Name: + description: The unique name to give to your cluster. + type: string + pattern: ^[0-9A-Za-z][A-Za-z0-9\-_]* + minLength: 1 + maxLength: 100 + Id: + description: The unique ID given to your cluster. + type: string + ResourcesVpcConfig: + $ref: '#/components/schemas/ResourcesVpcConfig' + OutpostConfig: + $ref: '#/components/schemas/OutpostConfig' + AccessConfig: + $ref: '#/components/schemas/AccessConfig' + RoleArn: + description: The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. + type: string + Version: + description: The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used. + type: string + pattern: 1\.\d\d + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Arn: + description: The ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:cluster/prod. + type: string + Endpoint: + description: The endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com. + type: string + CertificateAuthorityData: + description: The certificate-authority-data for your cluster. + type: string + ClusterSecurityGroupId: + description: The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication. + type: string + EncryptionConfigKeyArn: + description: Amazon Resource Name (ARN) or alias of the customer master key (CMK). + type: string + OpenIdConnectIssuerUrl: + description: The issuer URL for the cluster's OIDC identity provider, such as https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E. If you need to remove https:// from this output value, you can include the following code in your template. + type: string + required: + - RoleArn + - ResourcesVpcConfig + x-stackql-resource-name: cluster + description: An object representing an Amazon EKS cluster. + x-type-name: AWS::EKS::Cluster + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - OutpostConfig + - EncryptionConfig + - KubernetesNetworkConfig + - AccessConfig/BootstrapClusterCreatorAdminPermissions + - Name + - RoleArn + x-write-only-properties: + - AccessConfig/BootstrapClusterCreatorAdminPermissions + x-read-only-properties: + - Id + - Arn + - Endpoint + - CertificateAuthorityData + - ClusterSecurityGroupId + - EncryptionConfigKeyArn + - OpenIdConnectIssuerUrl + - KubernetesNetworkConfig/ServiceIpv6Cidr + x-required-properties: + - RoleArn + - ResourcesVpcConfig + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - eks:CreateCluster + - eks:DescribeCluster + - eks:TagResource + - iam:PassRole + - iam:GetRole + - iam:ListAttachedRolePolicies + - iam:CreateServiceLinkedRole + - iam:CreateInstanceProfile + - iam:TagInstanceProfile + - iam:AddRoleToInstanceProfile + - iam:GetInstanceProfile + - iam:DeleteInstanceProfile + - iam:RemoveRoleFromInstanceProfile + - ec2:DescribeSubnets + - ec2:DescribeVpcs + - kms:DescribeKey + - kms:CreateGrant + read: + - eks:DescribeCluster + update: + - iam:PassRole + - eks:UpdateClusterConfig + - eks:UpdateClusterVersion + - eks:DescribeCluster + - eks:DescribeUpdate + - eks:TagResource + - eks:UntagResource + delete: + - eks:DeleteCluster + - eks:DescribeCluster + list: + - eks:ListClusters + Selector: + type: object + additionalProperties: false + properties: + Namespace: + type: string + minLength: 1 + Labels: + type: array + items: + $ref: '#/components/schemas/Label' + required: + - Namespace + Label: + description: A key-value pair to associate with a pod. + type: object + additionalProperties: false + properties: + Key: + type: string + description: The key name of the label. + minLength: 1 + maxLength: 127 + Value: + type: string + description: 'The value for the label. ' + minLength: 1 + maxLength: 255 + required: + - Key + - Value + FargateProfile: + type: object + properties: + ClusterName: + description: Name of the Cluster + type: string + minLength: 1 + FargateProfileName: + description: Name of FargateProfile + type: string + minLength: 1 + PodExecutionRoleArn: + description: The IAM policy arn for pods + type: string + minLength: 1 + Arn: + type: string + Subnets: + type: array + items: + type: string + Selectors: + type: array + items: + $ref: '#/components/schemas/Selector' + minItems: 1 + Tags: + type: array + uniqueItems: true + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + required: + - ClusterName + - PodExecutionRoleArn + - Selectors + x-stackql-resource-name: fargate_profile + description: Resource Schema for AWS::EKS::FargateProfile + x-type-name: AWS::EKS::FargateProfile + x-stackql-primary-identifier: + - ClusterName + - FargateProfileName + x-create-only-properties: + - ClusterName + - FargateProfileName + - PodExecutionRoleArn + - Subnets + - Selectors + x-read-only-properties: + - Arn + x-required-properties: + - ClusterName + - PodExecutionRoleArn + - Selectors + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - eks:CreateFargateProfile + - eks:DescribeFargateProfile + - iam:GetRole + - iam:PassRole + - iam:CreateServiceLinkedRole + - eks:TagResource + read: + - eks:DescribeFargateProfile + delete: + - eks:DeleteFargateProfile + - eks:DescribeFargateProfile + list: + - eks:ListFargateProfiles + update: + - eks:DescribeFargateProfile + - eks:ListTagsForResource + - eks:TagResource + - eks:UntagResource + RequiredClaim: + description: The key value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value. + type: object + additionalProperties: false + properties: + Key: + type: string + description: The key of the requiredClaims. + minLength: 1 + maxLength: 63 + Value: + type: string + description: The value for the requiredClaims. + minLength: 1 + maxLength: 253 + required: + - Key + - Value + OidcIdentityProviderConfig: + description: An object representing an OpenID Connect (OIDC) configuration. + type: object + additionalProperties: false + properties: + ClientId: + description: This is also known as audience. The ID for the client application that makes authentication requests to the OpenID identity provider. + type: string + GroupsClaim: + description: The JWT claim that the provider uses to return your groups. + type: string + GroupsPrefix: + description: 'The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups).' + type: string + IssuerUrl: + description: The URL of the OpenID identity provider that allows the API server to discover public signing keys for verifying tokens. + type: string + RequiredClaims: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/RequiredClaim' + UsernameClaim: + description: The JSON Web Token (JWT) claim to use as the username. The default is sub, which is expected to be a unique identifier of the end user. You can choose other claims, such as email or name, depending on the OpenID identity provider. Claims other than email are prefixed with the issuer URL to prevent naming clashes with other plug-ins. + type: string + UsernamePrefix: + description: The prefix that is prepended to username claims to prevent clashes with existing names. If you do not provide this field, and username is a value other than email, the prefix defaults to issuerurl#. You can use the value - to disable all prefixing. + type: string + required: + - ClientId + - IssuerUrl + IdentityProviderConfig: + type: object + properties: + ClusterName: + description: The name of the identity provider configuration. + type: string + Type: + description: The type of the identity provider configuration. + type: string + enum: + - oidc + IdentityProviderConfigName: + description: The name of the OIDC provider configuration. + type: string + Oidc: + $ref: '#/components/schemas/OidcIdentityProviderConfig' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + IdentityProviderConfigArn: + description: The ARN of the configuration. + type: string + required: + - Type + - ClusterName + x-stackql-resource-name: identity_provider_config + description: An object representing an Amazon EKS IdentityProviderConfig. + x-type-name: AWS::EKS::IdentityProviderConfig + x-stackql-primary-identifier: + - IdentityProviderConfigName + - ClusterName + - Type + x-create-only-properties: + - Oidc + - Type + - IdentityProviderConfigName + - ClusterName + x-read-only-properties: + - IdentityProviderConfigArn + x-required-properties: + - Type + - ClusterName + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - eks:DescribeUpdate + - eks:AssociateIdentityProviderConfig + - eks:DescribeIdentityProviderConfig + - eks:TagResource + read: + - eks:DescribeIdentityProviderConfig + update: + - eks:DescribeIdentityProviderConfig + - eks:TagResource + - eks:UntagResource + delete: + - eks:DisassociateIdentityProviderConfig + - eks:DescribeIdentityProviderConfig + list: + - eks:ListIdentityProviderConfigs + LaunchTemplateSpecification: + description: An object representing a launch template specification for AWS EKS Nodegroup. + type: object + additionalProperties: false + properties: + Id: + type: string + minLength: 1 + Version: + type: string + minLength: 1 + Name: + type: string + minLength: 1 + Taint: + description: An object representing a Taint specification for AWS EKS Nodegroup. + type: object + additionalProperties: false + properties: + Key: + type: string + minLength: 1 + Value: + type: string + minLength: 0 + Effect: + type: string + minLength: 1 + ScalingConfig: + description: An object representing a auto scaling group specification for AWS EKS Nodegroup. + type: object + additionalProperties: false + properties: + MinSize: + type: integer + minimum: 0 + DesiredSize: + type: integer + minimum: 0 + MaxSize: + type: integer + minimum: 1 + RemoteAccess: + description: An object representing a remote access configuration specification for AWS EKS Nodegroup. + type: object + additionalProperties: false + properties: + SourceSecurityGroups: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + Ec2SshKey: + type: string + required: + - Ec2SshKey + UpdateConfig: + description: The node group update configuration. + type: object + additionalProperties: false + properties: + MaxUnavailable: + description: 'The maximum number of nodes unavailable at once during a version update. Nodes will be updated in parallel. This value or maxUnavailablePercentage is required to have a value.The maximum number is 100. ' + type: number + minimum: 1 + MaxUnavailablePercentage: + description: The maximum percentage of nodes unavailable during a version update. This percentage of nodes will be updated in parallel, up to 100 nodes at once. This value or maxUnavailable is required to have a value. + type: number + minimum: 1 + maximum: 100 + Nodegroup: + type: object + properties: + AmiType: + description: The AMI type for your node group. + type: string + CapacityType: + description: The capacity type of your managed node group. + type: string + ClusterName: + description: Name of the cluster to create the node group in. + type: string + minLength: 1 + DiskSize: + description: The root device disk size (in GiB) for your node group instances. + type: integer + ForceUpdateEnabled: + description: Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. + type: boolean + default: false + InstanceTypes: + description: Specify the instance types for a node group. + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + Labels: + description: The Kubernetes labels to be applied to the nodes in the node group when they are created. + type: object + x-patternProperties: + ^.+$: + type: string + additionalProperties: false + LaunchTemplate: + description: An object representing a node group's launch template specification. + $ref: '#/components/schemas/LaunchTemplateSpecification' + NodegroupName: + description: The unique name to give your node group. + type: string + minLength: 1 + NodeRole: + description: The Amazon Resource Name (ARN) of the IAM role to associate with your node group. + type: string + ReleaseVersion: + description: The AMI version of the Amazon EKS-optimized AMI to use with your node group. + type: string + RemoteAccess: + description: The remote access (SSH) configuration to use with your node group. + $ref: '#/components/schemas/RemoteAccess' + ScalingConfig: + description: The scaling configuration details for the Auto Scaling group that is created for your node group. + $ref: '#/components/schemas/ScalingConfig' + Subnets: + description: The subnets to use for the Auto Scaling group that is created for your node group. + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + Tags: + description: The metadata, as key-value pairs, to apply to the node group to assist with categorization and organization. Follows same schema as Labels for consistency. + type: object + x-patternProperties: + ^.+$: + type: string + additionalProperties: false + Taints: + description: The Kubernetes taints to be applied to the nodes in the node group when they are created. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Taint' + UpdateConfig: + description: The node group update configuration. + $ref: '#/components/schemas/UpdateConfig' + Version: + description: The Kubernetes version to use for your managed nodes. + type: string + Id: + type: string + Arn: + type: string + required: + - ClusterName + - NodeRole + - Subnets + x-stackql-resource-name: nodegroup + description: Resource schema for AWS::EKS::Nodegroup + x-type-name: AWS::EKS::Nodegroup + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - CapacityType + - NodegroupName + - RemoteAccess + - NodeRole + - ClusterName + - InstanceTypes + - DiskSize + - AmiType + - Subnets + x-write-only-properties: + - ForceUpdateEnabled + x-read-only-properties: + - Id + - Arn + x-required-properties: + - ClusterName + - NodeRole + - Subnets + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - eks:CreateNodegroup + - eks:DescribeNodegroup + - eks:TagResource + - ec2:DescribeSubnets + - ec2:DescribeVpcs + - ec2:DescribeSecurityGroups + - ec2:DescribeKeyPairs + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeRouteTables + - ec2:DescribeLaunchTemplates + - ec2:DescribeLaunchTemplateVersions + - ec2:RunInstances + - iam:CreateServiceLinkedRole + - iam:GetRole + - iam:PassRole + - iam:ListAttachedRolePolicies + read: + - eks:DescribeNodegroup + delete: + - eks:DeleteNodegroup + - eks:DescribeNodegroup + list: + - eks:ListNodegroups + update: + - iam:GetRole + - iam:PassRole + - eks:DescribeNodegroup + - eks:DescribeUpdate + - eks:ListUpdates + - eks:TagResource + - eks:UntagResource + - eks:UpdateNodegroupConfig + - eks:UpdateNodegroupVersion + PodIdentityAssociation: + type: object + properties: + ClusterName: + description: The cluster that the pod identity association is created for. + type: string + minLength: 1 + RoleArn: + description: The IAM role ARN that the pod identity association is created for. + type: string + Namespace: + description: The Kubernetes namespace that the pod identity association is created for. + type: string + ServiceAccount: + description: The Kubernetes service account that the pod identity association is created for. + type: string + AssociationArn: + description: The ARN of the pod identity association. + type: string + AssociationId: + description: The ID of the pod identity association. + type: string + minLength: 1 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - ClusterName + - RoleArn + - Namespace + - ServiceAccount + x-stackql-resource-name: pod_identity_association + description: An object representing an Amazon EKS PodIdentityAssociation. + x-type-name: AWS::EKS::PodIdentityAssociation + x-stackql-primary-identifier: + - AssociationArn + x-create-only-properties: + - ClusterName + - Namespace + - ServiceAccount + x-read-only-properties: + - AssociationArn + - AssociationId + x-required-properties: + - ClusterName + - RoleArn + - Namespace + - ServiceAccount + x-replacement-strategy: create_then_delete + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - eks:CreatePodIdentityAssociation + - eks:DescribePodIdentityAssociation + - eks:TagResource + - iam:PassRole + - iam:GetRole + read: + - eks:DescribePodIdentityAssociation + update: + - eks:DescribePodIdentityAssociation + - eks:UpdatePodIdentityAssociation + - eks:TagResource + - eks:UntagResource + - iam:PassRole + - iam:GetRole + delete: + - eks:DeletePodIdentityAssociation + - eks:DescribePodIdentityAssociation + list: + - eks:ListPodIdentityAssociations + x-stackQL-resources: + access_entries: + name: access_entries + id: aws.eks.access_entries + x-cfn-schema-name: AccessEntry + x-type: list + x-identifiers: + - PrincipalArn + - ClusterName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PrincipalArn') as principal_arn, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EKS::AccessEntry' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PrincipalArn') as principal_arn, + json_extract_path_text(Properties, 'ClusterName') as cluster_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EKS::AccessEntry' + AND region = 'us-east-1' + access_entry: + name: access_entry + id: aws.eks.access_entry + x-cfn-schema-name: AccessEntry + x-type: get + x-identifiers: + - PrincipalArn + - ClusterName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(Properties, '$.PrincipalArn') as principal_arn, + JSON_EXTRACT(Properties, '$.Username') as username, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AccessEntryArn') as access_entry_arn, + JSON_EXTRACT(Properties, '$.KubernetesGroups') as kubernetes_groups, + JSON_EXTRACT(Properties, '$.AccessPolicies') as access_policies, + JSON_EXTRACT(Properties, '$.Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::AccessEntry' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ClusterName') as cluster_name, + json_extract_path_text(Properties, 'PrincipalArn') as principal_arn, + json_extract_path_text(Properties, 'Username') as username, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AccessEntryArn') as access_entry_arn, + json_extract_path_text(Properties, 'KubernetesGroups') as kubernetes_groups, + json_extract_path_text(Properties, 'AccessPolicies') as access_policies, + json_extract_path_text(Properties, 'Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::AccessEntry' + AND data__Identifier = '|' + AND region = 'us-east-1' + addons: + name: addons + id: aws.eks.addons + x-cfn-schema-name: Addon + x-type: list + x-identifiers: + - ClusterName + - AddonName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(Properties, '$.AddonName') as addon_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EKS::Addon' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ClusterName') as cluster_name, + json_extract_path_text(Properties, 'AddonName') as addon_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EKS::Addon' + AND region = 'us-east-1' + addon: + name: addon + id: aws.eks.addon + x-cfn-schema-name: Addon + x-type: get + x-identifiers: + - ClusterName + - AddonName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(Properties, '$.AddonName') as addon_name, + JSON_EXTRACT(Properties, '$.AddonVersion') as addon_version, + JSON_EXTRACT(Properties, '$.PreserveOnDelete') as preserve_on_delete, + JSON_EXTRACT(Properties, '$.ResolveConflicts') as resolve_conflicts, + JSON_EXTRACT(Properties, '$.ServiceAccountRoleArn') as service_account_role_arn, + JSON_EXTRACT(Properties, '$.ConfigurationValues') as configuration_values, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::Addon' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ClusterName') as cluster_name, + json_extract_path_text(Properties, 'AddonName') as addon_name, + json_extract_path_text(Properties, 'AddonVersion') as addon_version, + json_extract_path_text(Properties, 'PreserveOnDelete') as preserve_on_delete, + json_extract_path_text(Properties, 'ResolveConflicts') as resolve_conflicts, + json_extract_path_text(Properties, 'ServiceAccountRoleArn') as service_account_role_arn, + json_extract_path_text(Properties, 'ConfigurationValues') as configuration_values, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::Addon' + AND data__Identifier = '|' + AND region = 'us-east-1' + clusters: + name: clusters + id: aws.eks.clusters + x-cfn-schema-name: Cluster + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EKS::Cluster' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EKS::Cluster' + AND region = 'us-east-1' + cluster: + name: cluster + id: aws.eks.cluster + x-cfn-schema-name: Cluster + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.EncryptionConfig') as encryption_config, + JSON_EXTRACT(Properties, '$.KubernetesNetworkConfig') as kubernetes_network_config, + JSON_EXTRACT(Properties, '$.Logging') as logging, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ResourcesVpcConfig') as resources_vpc_config, + JSON_EXTRACT(Properties, '$.OutpostConfig') as outpost_config, + JSON_EXTRACT(Properties, '$.AccessConfig') as access_config, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.CertificateAuthorityData') as certificate_authority_data, + JSON_EXTRACT(Properties, '$.ClusterSecurityGroupId') as cluster_security_group_id, + JSON_EXTRACT(Properties, '$.EncryptionConfigKeyArn') as encryption_config_key_arn, + JSON_EXTRACT(Properties, '$.OpenIdConnectIssuerUrl') as open_id_connect_issuer_url + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'EncryptionConfig') as encryption_config, + json_extract_path_text(Properties, 'KubernetesNetworkConfig') as kubernetes_network_config, + json_extract_path_text(Properties, 'Logging') as logging, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ResourcesVpcConfig') as resources_vpc_config, + json_extract_path_text(Properties, 'OutpostConfig') as outpost_config, + json_extract_path_text(Properties, 'AccessConfig') as access_config, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'CertificateAuthorityData') as certificate_authority_data, + json_extract_path_text(Properties, 'ClusterSecurityGroupId') as cluster_security_group_id, + json_extract_path_text(Properties, 'EncryptionConfigKeyArn') as encryption_config_key_arn, + json_extract_path_text(Properties, 'OpenIdConnectIssuerUrl') as open_id_connect_issuer_url + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fargate_profiles: + name: fargate_profiles + id: aws.eks.fargate_profiles + x-cfn-schema-name: FargateProfile + x-type: list + x-identifiers: + - ClusterName + - FargateProfileName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(Properties, '$.FargateProfileName') as fargate_profile_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EKS::FargateProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ClusterName') as cluster_name, + json_extract_path_text(Properties, 'FargateProfileName') as fargate_profile_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EKS::FargateProfile' + AND region = 'us-east-1' + fargate_profile: + name: fargate_profile + id: aws.eks.fargate_profile + x-cfn-schema-name: FargateProfile + x-type: get + x-identifiers: + - ClusterName + - FargateProfileName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(Properties, '$.FargateProfileName') as fargate_profile_name, + JSON_EXTRACT(Properties, '$.PodExecutionRoleArn') as pod_execution_role_arn, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Subnets') as subnets, + JSON_EXTRACT(Properties, '$.Selectors') as selectors, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::FargateProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ClusterName') as cluster_name, + json_extract_path_text(Properties, 'FargateProfileName') as fargate_profile_name, + json_extract_path_text(Properties, 'PodExecutionRoleArn') as pod_execution_role_arn, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Subnets') as subnets, + json_extract_path_text(Properties, 'Selectors') as selectors, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::FargateProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' + identity_provider_configs: + name: identity_provider_configs + id: aws.eks.identity_provider_configs + x-cfn-schema-name: IdentityProviderConfig + x-type: list + x-identifiers: + - IdentityProviderConfigName + - ClusterName + - Type + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.IdentityProviderConfigName') as identity_provider_config_name, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(Properties, '$.Type') as type + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EKS::IdentityProviderConfig' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'IdentityProviderConfigName') as identity_provider_config_name, + json_extract_path_text(Properties, 'ClusterName') as cluster_name, + json_extract_path_text(Properties, 'Type') as type + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EKS::IdentityProviderConfig' + AND region = 'us-east-1' + identity_provider_config: + name: identity_provider_config + id: aws.eks.identity_provider_config + x-cfn-schema-name: IdentityProviderConfig + x-type: get + x-identifiers: + - IdentityProviderConfigName + - ClusterName + - Type + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.IdentityProviderConfigName') as identity_provider_config_name, + JSON_EXTRACT(Properties, '$.Oidc') as oidc, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.IdentityProviderConfigArn') as identity_provider_config_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::IdentityProviderConfig' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ClusterName') as cluster_name, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'IdentityProviderConfigName') as identity_provider_config_name, + json_extract_path_text(Properties, 'Oidc') as oidc, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'IdentityProviderConfigArn') as identity_provider_config_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::IdentityProviderConfig' + AND data__Identifier = '||' + AND region = 'us-east-1' + nodegroups: + name: nodegroups + id: aws.eks.nodegroups + x-cfn-schema-name: Nodegroup + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EKS::Nodegroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EKS::Nodegroup' + AND region = 'us-east-1' + nodegroup: + name: nodegroup + id: aws.eks.nodegroup + x-cfn-schema-name: Nodegroup + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AmiType') as ami_type, + JSON_EXTRACT(Properties, '$.CapacityType') as capacity_type, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(Properties, '$.DiskSize') as disk_size, + JSON_EXTRACT(Properties, '$.ForceUpdateEnabled') as force_update_enabled, + JSON_EXTRACT(Properties, '$.InstanceTypes') as instance_types, + JSON_EXTRACT(Properties, '$.Labels') as labels, + JSON_EXTRACT(Properties, '$.LaunchTemplate') as launch_template, + JSON_EXTRACT(Properties, '$.NodegroupName') as nodegroup_name, + JSON_EXTRACT(Properties, '$.NodeRole') as node_role, + JSON_EXTRACT(Properties, '$.ReleaseVersion') as release_version, + JSON_EXTRACT(Properties, '$.RemoteAccess') as remote_access, + JSON_EXTRACT(Properties, '$.ScalingConfig') as scaling_config, + JSON_EXTRACT(Properties, '$.Subnets') as subnets, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Taints') as taints, + JSON_EXTRACT(Properties, '$.UpdateConfig') as update_config, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::Nodegroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AmiType') as ami_type, + json_extract_path_text(Properties, 'CapacityType') as capacity_type, + json_extract_path_text(Properties, 'ClusterName') as cluster_name, + json_extract_path_text(Properties, 'DiskSize') as disk_size, + json_extract_path_text(Properties, 'ForceUpdateEnabled') as force_update_enabled, + json_extract_path_text(Properties, 'InstanceTypes') as instance_types, + json_extract_path_text(Properties, 'Labels') as labels, + json_extract_path_text(Properties, 'LaunchTemplate') as launch_template, + json_extract_path_text(Properties, 'NodegroupName') as nodegroup_name, + json_extract_path_text(Properties, 'NodeRole') as node_role, + json_extract_path_text(Properties, 'ReleaseVersion') as release_version, + json_extract_path_text(Properties, 'RemoteAccess') as remote_access, + json_extract_path_text(Properties, 'ScalingConfig') as scaling_config, + json_extract_path_text(Properties, 'Subnets') as subnets, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Taints') as taints, + json_extract_path_text(Properties, 'UpdateConfig') as update_config, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::Nodegroup' + AND data__Identifier = '' + AND region = 'us-east-1' + pod_identity_associations: + name: pod_identity_associations + id: aws.eks.pod_identity_associations + x-cfn-schema-name: PodIdentityAssociation + x-type: list + x-identifiers: + - AssociationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssociationArn') as association_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EKS::PodIdentityAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssociationArn') as association_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EKS::PodIdentityAssociation' + AND region = 'us-east-1' + pod_identity_association: + name: pod_identity_association + id: aws.eks.pod_identity_association + x-cfn-schema-name: PodIdentityAssociation + x-type: get + x-identifiers: + - AssociationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Namespace') as namespace, + JSON_EXTRACT(Properties, '$.ServiceAccount') as service_account, + JSON_EXTRACT(Properties, '$.AssociationArn') as association_arn, + JSON_EXTRACT(Properties, '$.AssociationId') as association_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::PodIdentityAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ClusterName') as cluster_name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Namespace') as namespace, + json_extract_path_text(Properties, 'ServiceAccount') as service_account, + json_extract_path_text(Properties, 'AssociationArn') as association_arn, + json_extract_path_text(Properties, 'AssociationId') as association_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::PodIdentityAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/elasticache.yaml b/providers/src/aws/v00.00.00000/services/elasticache.yaml new file mode 100644 index 00000000..aed48e21 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/elasticache.yaml @@ -0,0 +1,962 @@ +openapi: 3.0.0 +info: + title: ElastiCache + version: 1.0.0 +paths: {} +components: + schemas: + GlobalReplicationGroupMember: + type: object + additionalProperties: false + properties: + ReplicationGroupId: + description: Regionally unique identifier for the member i.e. ReplicationGroupId. + type: string + ReplicationGroupRegion: + description: The AWS region of the Global Datastore member. + type: string + Role: + description: Indicates the role of the member, primary or secondary. + type: string + enum: + - PRIMARY + - SECONDARY + ReshardingConfiguration: + type: object + additionalProperties: false + properties: + NodeGroupId: + description: Unique identifier for the Node Group. This is either auto-generated by ElastiCache (4-digit id) or a user supplied id. + type: string + PreferredAvailabilityZones: + description: A list of preferred availability zones for the nodes of new node groups. + type: array + uniqueItems: false + items: + type: string + RegionalConfiguration: + type: object + additionalProperties: false + properties: + ReplicationGroupId: + description: The replication group id of the Global Datastore member. + type: string + ReplicationGroupRegion: + description: The AWS region of the Global Datastore member. + type: string + ReshardingConfigurations: + description: 'A list of PreferredAvailabilityZones objects that specifies the configuration of a node group in the resharded cluster. ' + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/ReshardingConfiguration' + GlobalReplicationGroup: + type: object + properties: + GlobalReplicationGroupIdSuffix: + description: 'The suffix name of a Global Datastore. Amazon ElastiCache automatically applies a prefix to the Global Datastore ID when it is created. Each AWS Region has its own prefix. ' + type: string + AutomaticFailoverEnabled: + description: AutomaticFailoverEnabled + type: boolean + CacheNodeType: + description: The cache node type of the Global Datastore + type: string + EngineVersion: + description: The engine version of the Global Datastore. + type: string + CacheParameterGroupName: + description: Cache parameter group name to use for the new engine version. This parameter cannot be modified independently. + type: string + GlobalNodeGroupCount: + description: Indicates the number of node groups in the Global Datastore. + type: integer + GlobalReplicationGroupDescription: + description: The optional description of the Global Datastore + type: string + GlobalReplicationGroupId: + description: The name of the Global Datastore, it is generated by ElastiCache adding a prefix to GlobalReplicationGroupIdSuffix. + type: string + Members: + description: The replication groups that comprise the Global Datastore. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/GlobalReplicationGroupMember' + minItems: 1 + Status: + description: The status of the Global Datastore + type: string + RegionalConfigurations: + description: 'Describes the replication group IDs, the AWS regions where they are stored and the shard configuration for each that comprise the Global Datastore ' + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/RegionalConfiguration' + required: + - Members + x-stackql-resource-name: global_replication_group + description: The AWS::ElastiCache::GlobalReplicationGroup resource creates an Amazon ElastiCache Global Replication Group. + x-type-name: AWS::ElastiCache::GlobalReplicationGroup + x-stackql-primary-identifier: + - GlobalReplicationGroupId + x-write-only-properties: + - GlobalReplicationGroupIdSuffix + - AutomaticFailoverEnabled + - CacheNodeType + - EngineVersion + - GlobalNodeGroupCount + - RegionalConfigurations + x-read-only-properties: + - GlobalReplicationGroupId + - Status + x-required-properties: + - Members + x-required-permissions: + create: + - elasticache:CreateGlobalReplicationGroup + - elasticache:DescribeGlobalReplicationGroups + read: + - elasticache:DescribeGlobalReplicationGroups + update: + - elasticache:ModifyGlobalReplicationGroup + - elasticache:FailoverGlobalReplicationGroup + - elasticache:DescribeGlobalReplicationGroups + - elasticache:IncreaseNodeGroupsInGlobalReplicationGroup + - elasticache:DecreaseNodeGroupsInGlobalReplicationGroup + - elasticache:DisassociateGlobalReplicationGroup + - elasticache:RebalanceSlotsInGlobalReplicationGroup + delete: + - elasticache:DeleteGlobalReplicationGroup + - elasticache:DisassociateGlobalReplicationGroup + - elasticache:DescribeGlobalReplicationGroups + list: + - elasticache:DescribeGlobalReplicationGroups + CacheUsageLimits: + description: The cache capacity limit of the Serverless Cache. + type: object + properties: + DataStorage: + $ref: '#/components/schemas/DataStorage' + ECPUPerSecond: + $ref: '#/components/schemas/ECPUPerSecond' + additionalProperties: false + DataStorage: + description: The cached data capacity of the Serverless Cache. + type: object + properties: + Minimum: + description: The minimum cached data capacity of the Serverless Cache. + type: integer + Maximum: + description: The maximum cached data capacity of the Serverless Cache. + type: integer + Unit: + description: The unit of cached data capacity of the Serverless Cache. + type: string + enum: + - GB + additionalProperties: false + required: + - Unit + ECPUPerSecond: + description: The ECPU per second of the Serverless Cache. + type: object + properties: + Minimum: + description: The minimum ECPU per second of the Serverless Cache. + type: integer + Maximum: + description: The maximum ECPU per second of the Serverless Cache. + type: integer + additionalProperties: false + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with ''aws:''. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + pattern: ^(?!aws:)[a-zA-Z0-9 _\.\/=+:\-@]*$ + minLength: 1 + maxLength: 128 + Value: + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + pattern: ^[a-zA-Z0-9 _\.\/=+:\-@]*$ + minLength: 0 + maxLength: 256 + required: + - Key + Endpoint: + description: The address and the port. + type: object + properties: + Address: + description: Endpoint address. + type: string + Port: + description: Endpoint port. + type: string + additionalProperties: false + ServerlessCache: + type: object + properties: + ServerlessCacheName: + description: The name of the Serverless Cache. This value must be unique. + type: string + Description: + description: The description of the Serverless Cache. + type: string + Engine: + description: The engine name of the Serverless Cache. + type: string + MajorEngineVersion: + description: The major engine version of the Serverless Cache. + type: string + FullEngineVersion: + description: The full engine version of the Serverless Cache. + type: string + CacheUsageLimits: + $ref: '#/components/schemas/CacheUsageLimits' + KmsKeyId: + description: The ID of the KMS key used to encrypt the cluster. + type: string + SecurityGroupIds: + description: One or more Amazon VPC security groups associated with this Serverless Cache. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + SnapshotArnsToRestore: + description: The ARN's of snapshot to restore Serverless Cache. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Tags: + description: An array of key-value pairs to apply to this Serverless Cache. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + UserGroupId: + description: The ID of the user group. + type: string + SubnetIds: + description: The subnet id's of the Serverless Cache. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + SnapshotRetentionLimit: + description: The snapshot retention limit of the Serverless Cache. + type: integer + DailySnapshotTime: + description: The daily time range (in UTC) during which the service takes automatic snapshot of the Serverless Cache. + type: string + CreateTime: + description: The creation time of the Serverless Cache. + type: string + Status: + description: The status of the Serverless Cache. + type: string + Endpoint: + $ref: '#/components/schemas/Endpoint' + ReaderEndpoint: + $ref: '#/components/schemas/Endpoint' + ARN: + description: The ARN of the Serverless Cache. + type: string + FinalSnapshotName: + description: The final snapshot name which is taken before Serverless Cache is deleted. + type: string + required: + - ServerlessCacheName + - Engine + x-stackql-resource-name: serverless_cache + description: The AWS::ElastiCache::ServerlessCache resource creates an Amazon ElastiCache Serverless Cache. + x-type-name: AWS::ElastiCache::ServerlessCache + x-stackql-primary-identifier: + - ServerlessCacheName + x-create-only-properties: + - ServerlessCacheName + - Engine + - MajorEngineVersion + - KmsKeyId + - SnapshotArnsToRestore + - SubnetIds + x-write-only-properties: + - SnapshotArnsToRestore + - FinalSnapshotName + x-read-only-properties: + - FullEngineVersion + - CreateTime + - Status + - Endpoint/Address + - Endpoint/Port + - ReaderEndpoint/Address + - ReaderEndpoint/Port + - ARN + x-required-properties: + - ServerlessCacheName + - Engine + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - elasticache:CreateServerlessCache + - elasticache:DescribeServerlessCaches + - elasticache:AddTagsToResource + - elasticache:ListTagsForResource + - ec2:CreateTags + - ec2:CreateVpcEndpoint + - kms:CreateGrant + - kms:DescribeKey + read: + - elasticache:DescribeServerlessCaches + - elasticache:ListTagsForResource + update: + - elasticache:ModifyServerlessCache + - elasticache:DescribeServerlessCaches + - elasticache:AddTagsToResource + - elasticache:ListTagsForResource + - elasticache:RemoveTagsFromResource + delete: + - elasticache:DeleteServerlessCache + - elasticache:DescribeServerlessCaches + - elasticache:ListTagsForResource + list: + - elasticache:DescribeServerlessCaches + - elasticache:ListTagsForResource + SubnetGroup: + type: object + properties: + Description: + type: string + description: The description for the cache subnet group. + SubnetIds: + description: The EC2 subnet IDs for the cache subnet group. + type: array + items: + type: string + x-insertionOrder: false + uniqueItems: false + CacheSubnetGroupName: + type: string + description: The name for the cache subnet group. This value is stored as a lowercase string. + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Description + - SubnetIds + x-stackql-resource-name: subnet_group + description: Resource Type definition for AWS::ElastiCache::SubnetGroup + x-type-name: AWS::ElastiCache::SubnetGroup + x-stackql-primary-identifier: + - CacheSubnetGroupName + x-create-only-properties: + - CacheSubnetGroupName + x-required-properties: + - Description + - SubnetIds + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - elasticache:CreateCacheSubnetGroup + - elasticache:AddTagsToResource + - elasticache:DescribeCacheSubnetGroups + - elasticache:ListTagsForResource + read: + - elasticache:DescribeCacheSubnetGroups + - elasticache:ListTagsForResource + delete: + - elasticache:DeleteCacheSubnetGroup + - elasticache:DescribeCacheSubnetGroups + - elasticache:ListTagsForResource + list: + - elasticache:DescribeCacheSubnetGroups + update: + - elasticache:ModifyCacheSubnetGroup + - elasticache:DescribeCacheSubnetGroups + - elasticache:AddTagsToResource + - elasticache:RemoveTagsFromResource + User: + type: object + properties: + Status: + description: Indicates the user status. Can be "active", "modifying" or "deleting". + type: string + UserId: + description: The ID of the user. + pattern: '[a-z][a-z0-9\\-]*' + type: string + UserName: + description: The username of the user. + type: string + Engine: + description: Must be redis. + type: string + enum: + - redis + AccessString: + description: Access permissions string used for this user account. + type: string + NoPasswordRequired: + description: Indicates a password is not required for this user account. + type: boolean + Passwords: + type: array + x-$comment: List of passwords. + uniqueItems: true + x-insertionOrder: true + items: + type: string + description: Passwords used for this user account. You can create up to two passwords for each user. + Arn: + description: The Amazon Resource Name (ARN) of the user account. + type: string + AuthenticationMode: + type: object + additionalProperties: false + properties: + Type: + description: Authentication Type + type: string + enum: + - password + - no-password-required + - iam + Passwords: + type: array + x-$comment: List of passwords. + uniqueItems: true + x-insertionOrder: true + items: + type: string + description: Passwords used for this user account. You can create up to two passwords for each user. + required: + - Type + Tags: + description: An array of key-value pairs to apply to this user. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - UserId + - UserName + - Engine + x-stackql-resource-name: user + description: Resource Type definition for AWS::ElastiCache::User + x-type-name: AWS::ElastiCache::User + x-stackql-primary-identifier: + - UserId + x-create-only-properties: + - UserId + - UserName + - Engine + x-write-only-properties: + - Passwords + - NoPasswordRequired + - AccessString + - AuthenticationMode + x-read-only-properties: + - Status + - Arn + x-required-properties: + - UserId + - UserName + - Engine + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - elasticache:CreateUser + - elasticache:DescribeUsers + - elasticache:ListTagsForResource + - elasticache:AddTagsToResource + read: + - elasticache:DescribeUsers + - elasticache:ListTagsForResource + update: + - elasticache:ModifyUser + - elasticache:DescribeUsers + - elasticache:ListTagsForResource + - elasticache:AddTagsToResource + - elasticache:RemoveTagsFromResource + delete: + - elasticache:DeleteUser + - elasticache:DescribeUsers + list: + - elasticache:DescribeUsers + - elasticache:ListTagsForResource + UserGroup: + type: object + properties: + Status: + description: Indicates user group status. Can be "creating", "active", "modifying", "deleting". + type: string + UserGroupId: + description: The ID of the user group. + pattern: '[a-z][a-z0-9\\-]*' + type: string + Engine: + description: Must be redis. + type: string + enum: + - redis + UserIds: + type: array + x-$comment: List of users. + uniqueItems: true + x-insertionOrder: false + items: + type: string + description: List of users associated to this user group. + Arn: + description: The Amazon Resource Name (ARN) of the user account. + type: string + Tags: + description: An array of key-value pairs to apply to this user. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - UserGroupId + - Engine + - UserIds + x-stackql-resource-name: user_group + description: Resource Type definition for AWS::ElastiCache::UserGroup + x-type-name: AWS::ElastiCache::UserGroup + x-stackql-primary-identifier: + - UserGroupId + x-create-only-properties: + - UserGroupId + - Engine + x-read-only-properties: + - Status + - Arn + x-required-properties: + - UserGroupId + - Engine + - UserIds + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - elasticache:CreateUserGroup + - elasticache:DescribeUserGroups + - elasticache:ListTagsForResource + - elasticache:AddTagsToResource + read: + - elasticache:DescribeUserGroups + - elasticache:ListTagsForResource + update: + - elasticache:ModifyUserGroup + - elasticache:DescribeUserGroups + - elasticache:ListTagsForResource + - elasticache:AddTagsToResource + - elasticache:RemoveTagsFromResource + delete: + - elasticache:ModifyReplicationGroup + - elasticache:DeleteUserGroup + - elasticache:DescribeUserGroups + - elasticache:ListTagsForResource + list: + - elasticache:DescribeUserGroups + - elasticache:ListTagsForResource + x-stackQL-resources: + global_replication_groups: + name: global_replication_groups + id: aws.elasticache.global_replication_groups + x-cfn-schema-name: GlobalReplicationGroup + x-type: list + x-identifiers: + - GlobalReplicationGroupId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GlobalReplicationGroupId') as global_replication_group_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElastiCache::GlobalReplicationGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GlobalReplicationGroupId') as global_replication_group_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElastiCache::GlobalReplicationGroup' + AND region = 'us-east-1' + global_replication_group: + name: global_replication_group + id: aws.elasticache.global_replication_group + x-cfn-schema-name: GlobalReplicationGroup + x-type: get + x-identifiers: + - GlobalReplicationGroupId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.GlobalReplicationGroupIdSuffix') as global_replication_group_id_suffix, + JSON_EXTRACT(Properties, '$.AutomaticFailoverEnabled') as automatic_failover_enabled, + JSON_EXTRACT(Properties, '$.CacheNodeType') as cache_node_type, + JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(Properties, '$.CacheParameterGroupName') as cache_parameter_group_name, + JSON_EXTRACT(Properties, '$.GlobalNodeGroupCount') as global_node_group_count, + JSON_EXTRACT(Properties, '$.GlobalReplicationGroupDescription') as global_replication_group_description, + JSON_EXTRACT(Properties, '$.GlobalReplicationGroupId') as global_replication_group_id, + JSON_EXTRACT(Properties, '$.Members') as members, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.RegionalConfigurations') as regional_configurations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElastiCache::GlobalReplicationGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'GlobalReplicationGroupIdSuffix') as global_replication_group_id_suffix, + json_extract_path_text(Properties, 'AutomaticFailoverEnabled') as automatic_failover_enabled, + json_extract_path_text(Properties, 'CacheNodeType') as cache_node_type, + json_extract_path_text(Properties, 'EngineVersion') as engine_version, + json_extract_path_text(Properties, 'CacheParameterGroupName') as cache_parameter_group_name, + json_extract_path_text(Properties, 'GlobalNodeGroupCount') as global_node_group_count, + json_extract_path_text(Properties, 'GlobalReplicationGroupDescription') as global_replication_group_description, + json_extract_path_text(Properties, 'GlobalReplicationGroupId') as global_replication_group_id, + json_extract_path_text(Properties, 'Members') as members, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'RegionalConfigurations') as regional_configurations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElastiCache::GlobalReplicationGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + serverless_caches: + name: serverless_caches + id: aws.elasticache.serverless_caches + x-cfn-schema-name: ServerlessCache + x-type: list + x-identifiers: + - ServerlessCacheName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ServerlessCacheName') as serverless_cache_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElastiCache::ServerlessCache' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ServerlessCacheName') as serverless_cache_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElastiCache::ServerlessCache' + AND region = 'us-east-1' + serverless_cache: + name: serverless_cache + id: aws.elasticache.serverless_cache + x-cfn-schema-name: ServerlessCache + x-type: get + x-identifiers: + - ServerlessCacheName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ServerlessCacheName') as serverless_cache_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Engine') as engine, + JSON_EXTRACT(Properties, '$.MajorEngineVersion') as major_engine_version, + JSON_EXTRACT(Properties, '$.FullEngineVersion') as full_engine_version, + JSON_EXTRACT(Properties, '$.CacheUsageLimits') as cache_usage_limits, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.SnapshotArnsToRestore') as snapshot_arns_to_restore, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UserGroupId') as user_group_id, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.SnapshotRetentionLimit') as snapshot_retention_limit, + JSON_EXTRACT(Properties, '$.DailySnapshotTime') as daily_snapshot_time, + JSON_EXTRACT(Properties, '$.CreateTime') as create_time, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.ReaderEndpoint') as reader_endpoint, + JSON_EXTRACT(Properties, '$.ARN') as arn, + JSON_EXTRACT(Properties, '$.FinalSnapshotName') as final_snapshot_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElastiCache::ServerlessCache' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ServerlessCacheName') as serverless_cache_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Engine') as engine, + json_extract_path_text(Properties, 'MajorEngineVersion') as major_engine_version, + json_extract_path_text(Properties, 'FullEngineVersion') as full_engine_version, + json_extract_path_text(Properties, 'CacheUsageLimits') as cache_usage_limits, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'SnapshotArnsToRestore') as snapshot_arns_to_restore, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UserGroupId') as user_group_id, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'SnapshotRetentionLimit') as snapshot_retention_limit, + json_extract_path_text(Properties, 'DailySnapshotTime') as daily_snapshot_time, + json_extract_path_text(Properties, 'CreateTime') as create_time, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'ReaderEndpoint') as reader_endpoint, + json_extract_path_text(Properties, 'ARN') as arn, + json_extract_path_text(Properties, 'FinalSnapshotName') as final_snapshot_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElastiCache::ServerlessCache' + AND data__Identifier = '' + AND region = 'us-east-1' + subnet_groups: + name: subnet_groups + id: aws.elasticache.subnet_groups + x-cfn-schema-name: SubnetGroup + x-type: list + x-identifiers: + - CacheSubnetGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CacheSubnetGroupName') as cache_subnet_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElastiCache::SubnetGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CacheSubnetGroupName') as cache_subnet_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElastiCache::SubnetGroup' + AND region = 'us-east-1' + subnet_group: + name: subnet_group + id: aws.elasticache.subnet_group + x-cfn-schema-name: SubnetGroup + x-type: get + x-identifiers: + - CacheSubnetGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.CacheSubnetGroupName') as cache_subnet_group_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElastiCache::SubnetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'CacheSubnetGroupName') as cache_subnet_group_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElastiCache::SubnetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + users: + name: users + id: aws.elasticache.users + x-cfn-schema-name: User + x-type: list + x-identifiers: + - UserId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.UserId') as user_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElastiCache::User' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'UserId') as user_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElastiCache::User' + AND region = 'us-east-1' + user: + name: user + id: aws.elasticache.user + x-cfn-schema-name: User + x-type: get + x-identifiers: + - UserId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.UserId') as user_id, + JSON_EXTRACT(Properties, '$.UserName') as user_name, + JSON_EXTRACT(Properties, '$.Engine') as engine, + JSON_EXTRACT(Properties, '$.AccessString') as access_string, + JSON_EXTRACT(Properties, '$.NoPasswordRequired') as no_password_required, + JSON_EXTRACT(Properties, '$.Passwords') as passwords, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AuthenticationMode') as authentication_mode, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElastiCache::User' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'UserId') as user_id, + json_extract_path_text(Properties, 'UserName') as user_name, + json_extract_path_text(Properties, 'Engine') as engine, + json_extract_path_text(Properties, 'AccessString') as access_string, + json_extract_path_text(Properties, 'NoPasswordRequired') as no_password_required, + json_extract_path_text(Properties, 'Passwords') as passwords, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AuthenticationMode') as authentication_mode, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElastiCache::User' + AND data__Identifier = '' + AND region = 'us-east-1' + user_groups: + name: user_groups + id: aws.elasticache.user_groups + x-cfn-schema-name: UserGroup + x-type: list + x-identifiers: + - UserGroupId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.UserGroupId') as user_group_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElastiCache::UserGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'UserGroupId') as user_group_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElastiCache::UserGroup' + AND region = 'us-east-1' + user_group: + name: user_group + id: aws.elasticache.user_group + x-cfn-schema-name: UserGroup + x-type: get + x-identifiers: + - UserGroupId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.UserGroupId') as user_group_id, + JSON_EXTRACT(Properties, '$.Engine') as engine, + JSON_EXTRACT(Properties, '$.UserIds') as user_ids, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElastiCache::UserGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'UserGroupId') as user_group_id, + json_extract_path_text(Properties, 'Engine') as engine, + json_extract_path_text(Properties, 'UserIds') as user_ids, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElastiCache::UserGroup' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/elasticbeanstalk.yaml b/providers/src/aws/v00.00.00000/services/elasticbeanstalk.yaml new file mode 100644 index 00000000..09282ef5 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/elasticbeanstalk.yaml @@ -0,0 +1,684 @@ +openapi: 3.0.0 +info: + title: ElasticBeanstalk + version: 1.0.0 +paths: {} +components: + schemas: + ApplicationResourceLifecycleConfig: + type: object + additionalProperties: false + properties: + ServiceRole: + description: The ARN of an IAM service role that Elastic Beanstalk has permission to assume. The ServiceRole property is required the first time that you provide a ResourceLifecycleConfig for the application. After you provide it once, Elastic Beanstalk persists the Service Role with the application, and you don't need to specify it again. You can, however, specify it in subsequent updates to change the Service Role to another value. + type: string + VersionLifecycleConfig: + description: Defines lifecycle settings for application versions. + $ref: '#/components/schemas/ApplicationVersionLifecycleConfig' + ApplicationVersionLifecycleConfig: + type: object + additionalProperties: false + properties: + MaxAgeRule: + description: Specify a max age rule to restrict the length of time that application versions are retained for an application. + $ref: '#/components/schemas/MaxAgeRule' + MaxCountRule: + description: Specify a max count rule to restrict the number of application versions that are retained for an application. + $ref: '#/components/schemas/MaxCountRule' + MaxAgeRule: + type: object + additionalProperties: false + properties: + DeleteSourceFromS3: + description: Set to true to delete a version's source bundle from Amazon S3 when Elastic Beanstalk deletes the application version. + type: boolean + Enabled: + description: Specify true to apply the rule, or false to disable it. + type: boolean + MaxAgeInDays: + description: Specify the number of days to retain an application versions. + type: integer + MaxCountRule: + type: object + additionalProperties: false + properties: + DeleteSourceFromS3: + description: Set to true to delete a version's source bundle from Amazon S3 when Elastic Beanstalk deletes the application version. + type: boolean + Enabled: + description: Specify true to apply the rule, or false to disable it. + type: boolean + MaxCount: + description: Specify the maximum number of application versions to retain. + type: integer + Application: + type: object + properties: + ApplicationName: + description: A name for the Elastic Beanstalk application. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the application name. + type: string + Description: + description: Your description of the application. + type: string + ResourceLifecycleConfig: + description: Specifies an application resource lifecycle configuration to prevent your application from accumulating too many versions. + $ref: '#/components/schemas/ApplicationResourceLifecycleConfig' + x-stackql-resource-name: application + description: The AWS::ElasticBeanstalk::Application resource specifies an Elastic Beanstalk application. + x-type-name: AWS::ElasticBeanstalk::Application + x-stackql-primary-identifier: + - ApplicationName + x-create-only-properties: + - ApplicationName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - elasticbeanstalk:CreateApplication + read: + - elasticbeanstalk:DescribeApplications + update: + - elasticbeanstalk:UpdateApplication + - elasticbeanstalk:UpdateApplicationResourceLifecycle + delete: + - elasticbeanstalk:DeleteApplication + list: + - elasticbeanstalk:DescribeApplications + SourceBundle: + type: object + additionalProperties: false + properties: + S3Bucket: + description: The Amazon S3 bucket where the data is located. + type: string + S3Key: + description: The Amazon S3 key where the data is located. + type: string + required: + - S3Bucket + - S3Key + ApplicationVersion: + type: object + properties: + Id: + type: string + ApplicationName: + description: 'The name of the Elastic Beanstalk application that is associated with this application version. ' + type: string + Description: + description: A description of this application version. + type: string + SourceBundle: + description: 'The Amazon S3 bucket and key that identify the location of the source bundle for this version. ' + $ref: '#/components/schemas/SourceBundle' + required: + - ApplicationName + - SourceBundle + x-stackql-resource-name: application_version + description: Resource Type definition for AWS::ElasticBeanstalk::ApplicationVersion + x-type-name: AWS::ElasticBeanstalk::ApplicationVersion + x-stackql-primary-identifier: + - ApplicationName + - Id + x-create-only-properties: + - SourceBundle + - ApplicationName + x-read-only-properties: + - Id + x-required-properties: + - ApplicationName + - SourceBundle + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - elasticbeanstalk:CreateApplicationVersion + - elasticbeanstalk:DescribeApplicationVersions + - s3:GetObject + - s3:PutObject + read: + - elasticbeanstalk:DescribeApplicationVersions + update: + - elasticbeanstalk:UpdateApplicationVersion + delete: + - elasticbeanstalk:DeleteApplicationVersion + list: + - elasticbeanstalk:DescribeApplicationVersions + SourceConfiguration: + type: object + additionalProperties: false + properties: + ApplicationName: + description: The name of the application associated with the configuration. + type: string + TemplateName: + description: The name of the configuration template. + type: string + required: + - TemplateName + - ApplicationName + ConfigurationOptionSetting: + type: object + additionalProperties: false + properties: + Namespace: + description: A unique namespace that identifies the option's associated AWS resource. + type: string + OptionName: + description: The name of the configuration option. + type: string + ResourceName: + description: 'A unique resource name for the option setting. Use it for a time–based scaling configuration option. ' + type: string + Value: + description: The current value for the configuration option. + type: string + required: + - Namespace + - OptionName + ConfigurationTemplate: + type: object + properties: + ApplicationName: + description: 'The name of the Elastic Beanstalk application to associate with this configuration template. ' + type: string + Description: + description: An optional description for this configuration. + type: string + EnvironmentId: + description: 'The ID of an environment whose settings you want to use to create the configuration template. You must specify EnvironmentId if you don''t specify PlatformArn, SolutionStackName, or SourceConfiguration. ' + type: string + OptionSettings: + description: 'Option values for the Elastic Beanstalk configuration, such as the instance type. If specified, these values override the values obtained from the solution stack or the source configuration template. For a complete list of Elastic Beanstalk configuration options, see [Option Values](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options.html) in the AWS Elastic Beanstalk Developer Guide. ' + type: array + x-arrayType: AttributeList + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/ConfigurationOptionSetting' + PlatformArn: + description: 'The Amazon Resource Name (ARN) of the custom platform. For more information, see [Custom Platforms](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/custom-platforms.html) in the AWS Elastic Beanstalk Developer Guide. ' + type: string + SolutionStackName: + description: >- + The name of an Elastic Beanstalk solution stack (platform version) that this configuration uses. For example, 64bit Amazon Linux 2013.09 running Tomcat 7 Java 7. A solution stack specifies the operating system, runtime, and application server for a configuration template. It also determines the set of configuration options as well as the possible and default values. For more information, see [Supported + Platforms](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html) in the AWS Elastic Beanstalk Developer Guide. + + You must specify SolutionStackName if you don't specify PlatformArn, EnvironmentId, or SourceConfiguration. + + Use the ListAvailableSolutionStacks API to obtain a list of available solution stacks. + type: string + SourceConfiguration: + description: |- + An Elastic Beanstalk configuration template to base this one on. If specified, Elastic Beanstalk uses the configuration values from the specified configuration template to create a new configuration. + + Values specified in OptionSettings override any values obtained from the SourceConfiguration. + + You must specify SourceConfiguration if you don't specify PlatformArn, EnvironmentId, or SolutionStackName. + + Constraint: If both solution stack name and source configuration are specified, the solution stack of the source configuration template must match the specified solution stack name. + $ref: '#/components/schemas/SourceConfiguration' + TemplateName: + description: The name of the configuration template + type: string + required: + - ApplicationName + x-stackql-resource-name: configuration_template + description: Resource Type definition for AWS::ElasticBeanstalk::ConfigurationTemplate + x-type-name: AWS::ElasticBeanstalk::ConfigurationTemplate + x-stackql-primary-identifier: + - ApplicationName + - TemplateName + x-create-only-properties: + - ApplicationName + - EnvironmentId + - PlatformArn + - SolutionStackName + - SourceConfiguration + x-write-only-properties: + - EnvironmentId + - SourceConfiguration/ApplicationName + - SourceConfiguration/TemplateName + x-read-only-properties: + - TemplateName + x-required-properties: + - ApplicationName + x-tagging: + taggable: false + x-required-permissions: + create: + - elasticbeanstalk:CreateConfigurationTemplate + read: + - elasticbeanstalk:DescribeConfigurationSettings + update: + - elasticbeanstalk:UpdateConfigurationTemplate + delete: + - elasticbeanstalk:DeleteConfigurationTemplate + - elasticbeanstalk:DescribeConfigurationSettings + list: + - elasticbeanstalk:DescribeApplications + Tier: + additionalProperties: false + type: object + properties: + Type: + description: The type of this environment tier. + type: string + Version: + description: The version of this environment tier. When you don't set a value to it, Elastic Beanstalk uses the latest compatible worker tier version. + type: string + Name: + description: The name of this environment tier. + type: string + OptionSetting: + additionalProperties: false + type: object + properties: + ResourceName: + description: A unique resource name for the option setting. Use it for a time–based scaling configuration option. + type: string + Value: + description: The current value for the configuration option. + type: string + Namespace: + description: A unique namespace that identifies the option's associated AWS resource. + type: string + OptionName: + description: The name of the configuration option. + type: string + required: + - Namespace + - OptionName + Tag: + additionalProperties: false + type: object + properties: + Value: + description: The value for the tag. + type: string + Key: + description: The key name of the tag. + type: string + required: + - Value + - Key + Environment: + type: object + properties: + PlatformArn: + description: The Amazon Resource Name (ARN) of the custom platform to use with the environment. + type: string + ApplicationName: + description: The name of the application that is associated with this environment. + type: string + Description: + description: Your description for this environment. + type: string + EnvironmentName: + description: A unique name for the environment. + type: string + OperationsRole: + description: The Amazon Resource Name (ARN) of an existing IAM role to be used as the environment's operations role. + type: string + Tier: + description: Specifies the tier to use in creating this environment. The environment tier that you choose determines whether Elastic Beanstalk provisions resources to support a web application that handles HTTP(S) requests or a web application that handles background-processing tasks. + $ref: '#/components/schemas/Tier' + VersionLabel: + description: The name of the application version to deploy. + type: string + EndpointURL: + type: string + OptionSettings: + uniqueItems: false + description: Key-value pairs defining configuration options for this environment, such as the instance type. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/OptionSetting' + TemplateName: + description: The name of the Elastic Beanstalk configuration template to use with the environment. + type: string + SolutionStackName: + description: The name of an Elastic Beanstalk solution stack (platform version) to use with the environment. + type: string + CNAMEPrefix: + description: If specified, the environment attempts to use this value as the prefix for the CNAME in your Elastic Beanstalk environment URL. If not specified, the CNAME is generated automatically by appending a random alphanumeric string to the environment name. + type: string + Tags: + uniqueItems: false + description: Specifies the tags applied to resources in the environment. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - ApplicationName + x-stackql-resource-name: environment + description: Resource Type definition for AWS::ElasticBeanstalk::Environment + x-type-name: AWS::ElasticBeanstalk::Environment + x-stackql-primary-identifier: + - EnvironmentName + x-create-only-properties: + - CNAMEPrefix + - EnvironmentName + - ApplicationName + - SolutionStackName + - Tier/Name + - Tier/Type + x-write-only-properties: + - TemplateName + - OptionSettings + - OptionSettings/*/OptionName + - OptionSettings/*/ResourceName + - OptionSettings/*/Namespace + - OptionSettings/*/Value + x-read-only-properties: + - EndpointURL + x-required-properties: + - ApplicationName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + x-required-permissions: + read: + - elasticbeanstalk:DescribeEnvironments + - elasticbeanstalk:DescribeConfigurationSettings + - elasticbeanstalk:ListTagsForResource + create: + - elasticbeanstalk:DescribeEnvironments + - elasticbeanstalk:CreateEnvironment + - iam:PassRole + update: + - elasticbeanstalk:DescribeEnvironments + - elasticbeanstalk:UpdateEnvironment + - elasticbeanstalk:UpdateTagsForResource + - elasticbeanstalk:AssociateEnvironmentOperationsRole + - elasticbeanstalk:DisassociateEnvironmentOperationsRole + - iam:PassRole + list: + - elasticbeanstalk:DescribeEnvironments + delete: + - elasticbeanstalk:DescribeEnvironments + - elasticbeanstalk:TerminateEnvironment + x-stackQL-resources: + applications: + name: applications + id: aws.elasticbeanstalk.applications + x-cfn-schema-name: Application + x-type: list + x-identifiers: + - ApplicationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationName') as application_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticBeanstalk::Application' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationName') as application_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticBeanstalk::Application' + AND region = 'us-east-1' + application: + name: application + id: aws.elasticbeanstalk.application + x-cfn-schema-name: Application + x-type: get + x-identifiers: + - ApplicationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApplicationName') as application_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ResourceLifecycleConfig') as resource_lifecycle_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticBeanstalk::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApplicationName') as application_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ResourceLifecycleConfig') as resource_lifecycle_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticBeanstalk::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + application_versions: + name: application_versions + id: aws.elasticbeanstalk.application_versions + x-cfn-schema-name: ApplicationVersion + x-type: list + x-identifiers: + - ApplicationName + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationName') as application_name, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticBeanstalk::ApplicationVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationName') as application_name, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticBeanstalk::ApplicationVersion' + AND region = 'us-east-1' + application_version: + name: application_version + id: aws.elasticbeanstalk.application_version + x-cfn-schema-name: ApplicationVersion + x-type: get + x-identifiers: + - ApplicationName + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ApplicationName') as application_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.SourceBundle') as source_bundle + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticBeanstalk::ApplicationVersion' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ApplicationName') as application_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'SourceBundle') as source_bundle + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticBeanstalk::ApplicationVersion' + AND data__Identifier = '|' + AND region = 'us-east-1' + configuration_templates: + name: configuration_templates + id: aws.elasticbeanstalk.configuration_templates + x-cfn-schema-name: ConfigurationTemplate + x-type: list + x-identifiers: + - ApplicationName + - TemplateName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationName') as application_name, + JSON_EXTRACT(Properties, '$.TemplateName') as template_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticBeanstalk::ConfigurationTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationName') as application_name, + json_extract_path_text(Properties, 'TemplateName') as template_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticBeanstalk::ConfigurationTemplate' + AND region = 'us-east-1' + configuration_template: + name: configuration_template + id: aws.elasticbeanstalk.configuration_template + x-cfn-schema-name: ConfigurationTemplate + x-type: get + x-identifiers: + - ApplicationName + - TemplateName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApplicationName') as application_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(Properties, '$.OptionSettings') as option_settings, + JSON_EXTRACT(Properties, '$.PlatformArn') as platform_arn, + JSON_EXTRACT(Properties, '$.SolutionStackName') as solution_stack_name, + JSON_EXTRACT(Properties, '$.SourceConfiguration') as source_configuration, + JSON_EXTRACT(Properties, '$.TemplateName') as template_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticBeanstalk::ConfigurationTemplate' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApplicationName') as application_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(Properties, 'OptionSettings') as option_settings, + json_extract_path_text(Properties, 'PlatformArn') as platform_arn, + json_extract_path_text(Properties, 'SolutionStackName') as solution_stack_name, + json_extract_path_text(Properties, 'SourceConfiguration') as source_configuration, + json_extract_path_text(Properties, 'TemplateName') as template_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticBeanstalk::ConfigurationTemplate' + AND data__Identifier = '|' + AND region = 'us-east-1' + environments: + name: environments + id: aws.elasticbeanstalk.environments + x-cfn-schema-name: Environment + x-type: list + x-identifiers: + - EnvironmentName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EnvironmentName') as environment_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticBeanstalk::Environment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EnvironmentName') as environment_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticBeanstalk::Environment' + AND region = 'us-east-1' + environment: + name: environment + id: aws.elasticbeanstalk.environment + x-cfn-schema-name: Environment + x-type: get + x-identifiers: + - EnvironmentName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PlatformArn') as platform_arn, + JSON_EXTRACT(Properties, '$.ApplicationName') as application_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EnvironmentName') as environment_name, + JSON_EXTRACT(Properties, '$.OperationsRole') as operations_role, + JSON_EXTRACT(Properties, '$.Tier') as tier, + JSON_EXTRACT(Properties, '$.VersionLabel') as version_label, + JSON_EXTRACT(Properties, '$.EndpointURL') as endpoint_url, + JSON_EXTRACT(Properties, '$.OptionSettings') as option_settings, + JSON_EXTRACT(Properties, '$.TemplateName') as template_name, + JSON_EXTRACT(Properties, '$.SolutionStackName') as solution_stack_name, + JSON_EXTRACT(Properties, '$.CNAMEPrefix') as cname_prefix, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticBeanstalk::Environment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PlatformArn') as platform_arn, + json_extract_path_text(Properties, 'ApplicationName') as application_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EnvironmentName') as environment_name, + json_extract_path_text(Properties, 'OperationsRole') as operations_role, + json_extract_path_text(Properties, 'Tier') as tier, + json_extract_path_text(Properties, 'VersionLabel') as version_label, + json_extract_path_text(Properties, 'EndpointURL') as endpoint_url, + json_extract_path_text(Properties, 'OptionSettings') as option_settings, + json_extract_path_text(Properties, 'TemplateName') as template_name, + json_extract_path_text(Properties, 'SolutionStackName') as solution_stack_name, + json_extract_path_text(Properties, 'CNAMEPrefix') as cname_prefix, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticBeanstalk::Environment' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/elasticloadbalancingv2.yaml b/providers/src/aws/v00.00.00000/services/elasticloadbalancingv2.yaml new file mode 100644 index 00000000..c8a6baf6 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/elasticloadbalancingv2.yaml @@ -0,0 +1,1545 @@ +openapi: 3.0.0 +info: + title: ElasticLoadBalancingV2 + version: 1.0.0 +paths: {} +components: + schemas: + MutualAuthentication: + type: object + additionalProperties: false + properties: + Mode: + type: string + description: The client certificate handling method. Options are ``off``, ``passthrough`` or ``verify``. The default value is ``off``. + TrustStoreArn: + type: string + description: The Amazon Resource Name (ARN) of the trust store. + IgnoreClientCertificateExpiry: + type: boolean + description: Indicates whether expired client certificates are ignored. + description: Specifies the configuration information for mutual authentication. + FixedResponseConfig: + type: object + additionalProperties: false + properties: + ContentType: + type: string + description: |- + The content type. + Valid Values: text/plain | text/css | text/html | application/javascript | application/json + StatusCode: + type: string + description: The HTTP response code (2XX, 4XX, or 5XX). + MessageBody: + type: string + description: The message. + required: + - StatusCode + description: Specifies information required when returning a custom HTTP response. + TargetGroupTuple: + type: object + additionalProperties: false + properties: + TargetGroupArn: + type: string + description: The Amazon Resource Name (ARN) of the target group. + Weight: + type: integer + description: The weight. The range is 0 to 999. + description: Information about how traffic will be distributed between multiple target groups in a forward rule. + Action: + type: object + additionalProperties: false + properties: + Order: + type: integer + description: The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. + TargetGroupArn: + type: string + description: The Amazon Resource Name (ARN) of the target group. Specify only when ``Type`` is ``forward`` and you want to route to a single target group. To route to one or more target groups, use ``ForwardConfig`` instead. + FixedResponseConfig: + $ref: '#/components/schemas/FixedResponseConfig' + description: '[Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when ``Type`` is ``fixed-response``.' + AuthenticateCognitoConfig: + $ref: '#/components/schemas/AuthenticateCognitoConfig' + description: '[HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when ``Type`` is ``authenticate-cognito``.' + Type: + type: string + description: The type of action. + RedirectConfig: + $ref: '#/components/schemas/RedirectConfig' + description: '[Application Load Balancer] Information for creating a redirect action. Specify only when ``Type`` is ``redirect``.' + ForwardConfig: + $ref: '#/components/schemas/ForwardConfig' + description: Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when ``Type`` is ``forward``. If you specify both ``ForwardConfig`` and ``TargetGroupArn``, you can specify only one target group using ``ForwardConfig`` and it must be the same target group specified in ``TargetGroupArn``. + AuthenticateOidcConfig: + $ref: '#/components/schemas/AuthenticateOidcConfig' + description: '[HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when ``Type`` is ``authenticate-oidc``.' + required: + - Type + description: Specifies an action for a listener rule. + AuthenticateCognitoConfig: + type: object + additionalProperties: false + properties: + OnUnauthenticatedRequest: + type: string + description: |- + The behavior if the user is not authenticated. The following are possible values: + + deny```` - Return an HTTP 401 Unauthorized error. + + allow```` - Allow the request to be forwarded to the target. + + authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value. + UserPoolClientId: + type: string + description: The ID of the Amazon Cognito user pool client. + UserPoolDomain: + type: string + description: The domain prefix or fully-qualified domain name of the Amazon Cognito user pool. + SessionTimeout: + type: integer + description: The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days). + Scope: + type: string + description: |- + The set of user claims to be requested from the IdP. The default is ``openid``. + To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. + SessionCookieName: + type: string + description: The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie. + UserPoolArn: + type: string + description: The Amazon Resource Name (ARN) of the Amazon Cognito user pool. + AuthenticationRequestExtraParams: + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + description: The query parameters (up to 10) to include in the redirect request to the authorization endpoint. + required: + - UserPoolClientId + - UserPoolDomain + - UserPoolArn + description: Specifies information required when integrating with Amazon Cognito to authenticate users. + RedirectConfig: + type: object + additionalProperties: false + properties: + Path: + type: string + description: 'The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.' + Query: + type: string + description: The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords. + Port: + type: string + description: 'The port. You can specify a value from 1 to 65535 or #{port}.' + Host: + type: string + description: 'The hostname. This component is not percent-encoded. The hostname can contain #{host}.' + Protocol: + type: string + description: 'The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.' + StatusCode: + type: string + description: The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302). + required: + - StatusCode + description: |- + Information about a redirect action. + A URI consists of the following components: protocol://hostname:port/path?query. You must modify at least one of the following components to avoid a redirect loop: protocol, hostname, port, or path. Any components that you do not modify retain their original values. + You can reuse URI components using the following reserved keywords: + + #{protocol} + + #{host} + + #{port} + + #{path} (the leading "/" is removed) + + #{query} + + For example, you can change the path to "/new/#{path}", the hostname to "example.#{host}", or the query to "#{query}&value=xyz". + TargetGroupStickinessConfig: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + description: Indicates whether target group stickiness is enabled. + DurationSeconds: + type: integer + description: The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). + description: Information about the target group stickiness for a rule. + ForwardConfig: + type: object + additionalProperties: false + properties: + TargetGroupStickinessConfig: + $ref: '#/components/schemas/TargetGroupStickinessConfig' + description: Information about the target group stickiness for a rule. + TargetGroups: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/TargetGroupTuple' + description: Information about how traffic will be distributed between multiple target groups in a forward rule. + description: Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when ``Type`` is ``forward``. If you specify both ``ForwardConfig`` and ``TargetGroupArn``, you can specify only one target group using ``ForwardConfig`` and it must be the same target group specified in ``TargetGroupArn``. + AuthenticateOidcConfig: + type: object + additionalProperties: false + properties: + OnUnauthenticatedRequest: + type: string + description: |- + The behavior if the user is not authenticated. The following are possible values: + + deny```` - Return an HTTP 401 Unauthorized error. + + allow```` - Allow the request to be forwarded to the target. + + authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value. + TokenEndpoint: + type: string + description: The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. + SessionTimeout: + type: integer + description: The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days). + Scope: + type: string + description: |- + The set of user claims to be requested from the IdP. The default is ``openid``. + To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. + Issuer: + type: string + description: The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. + ClientSecret: + type: string + description: The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set ``UseExistingClientSecret`` to true. + UserInfoEndpoint: + type: string + description: The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. + ClientId: + type: string + description: The OAuth 2.0 client identifier. + AuthorizationEndpoint: + type: string + description: The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. + SessionCookieName: + type: string + description: The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie. + UseExistingClientSecret: + type: boolean + description: Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false. + AuthenticationRequestExtraParams: + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + description: The query parameters (up to 10) to include in the redirect request to the authorization endpoint. + required: + - TokenEndpoint + - Issuer + - UserInfoEndpoint + - ClientId + - AuthorizationEndpoint + description: Specifies information required using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users. + Certificate: + type: object + additionalProperties: false + properties: + CertificateArn: + type: string + description: The Amazon Resource Name (ARN) of the certificate. + description: Specifies an SSL server certificate to use as the default certificate for a secure listener. + Listener: + type: object + properties: + SslPolicy: + type: string + description: |- + [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. + Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. + For more information, see [Security policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies) in the *Application Load Balancers Guide* and [Security policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies) in the *Network Load Balancers Guide*. + LoadBalancerArn: + type: string + description: The Amazon Resource Name (ARN) of the load balancer. + DefaultActions: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Action' + description: |- + The actions for the default rule. You cannot define a condition for a default rule. + To create additional rules for an Application Load Balancer, use [AWS::ElasticLoadBalancingV2::ListenerRule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html). + Port: + type: integer + description: The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer. + Certificates: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Certificate' + description: |- + The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. + To create a certificate list for a secure listener, use [AWS::ElasticLoadBalancingV2::ListenerCertificate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html). + Protocol: + type: string + description: The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer. + ListenerArn: + type: string + description: '' + AlpnPolicy: + type: array + items: + type: string + description: '[TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.' + MutualAuthentication: + $ref: '#/components/schemas/MutualAuthentication' + description: The mutual authentication configuration information. + required: + - LoadBalancerArn + - DefaultActions + x-stackql-resource-name: listener + description: Specifies a listener for an Application Load Balancer, Network Load Balancer, or Gateway Load Balancer. + x-type-name: AWS::ElasticLoadBalancingV2::Listener + x-stackql-primary-identifier: + - ListenerArn + x-create-only-properties: + - LoadBalancerArn + x-write-only-properties: + - DefaultActions/*/AuthenticateOidcConfig/ClientSecret + x-read-only-properties: + - ListenerArn + x-required-properties: + - LoadBalancerArn + - DefaultActions + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - elasticloadbalancing:CreateListener + - elasticloadbalancing:DescribeListeners + - cognito-idp:DescribeUserPoolClient + delete: + - elasticloadbalancing:DeleteListener + - elasticloadbalancing:DescribeListeners + list: + - elasticloadbalancing:DescribeListeners + read: + - elasticloadbalancing:DescribeListeners + update: + - elasticloadbalancing:ModifyListener + - elasticloadbalancing:DescribeListeners + - cognito-idp:DescribeUserPoolClient + RuleCondition: + type: object + additionalProperties: false + properties: + Field: + type: string + description: |- + The field in the HTTP request. The following are the possible values: + + ``http-header`` + + ``http-request-method`` + + ``host-header`` + + ``path-pattern`` + + ``query-string`` + + ``source-ip`` + Values: + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + description: |- + The condition value. Specify only when ``Field`` is ``host-header`` or ``path-pattern``. Alternatively, to specify multiple host names or multiple path patterns, use ``HostHeaderConfig`` or ``PathPatternConfig``. + If ``Field`` is ``host-header`` and you're not using ``HostHeaderConfig``, you can specify a single host name (for example, my.example.com). A host name is case insensitive, can be up to 128 characters in length, and can contain any of the following characters. + + A-Z, a-z, 0-9 + + - . + + * (matches 0 or more characters) + + ? (matches exactly 1 character) + + If ``Field`` is ``path-pattern`` and you're not using ``PathPatternConfig``, you can specify a single path pattern (for example, /img/*). A path pattern is case-sensitive, can be up to 128 characters in length, and can contain any of the following characters. + + A-Z, a-z, 0-9 + + _ - . $ / ~ " ' @ : + + + & (using &) + + * (matches 0 or more characters) + + ? (matches exactly 1 character) + HttpRequestMethodConfig: + $ref: '#/components/schemas/HttpRequestMethodConfig' + description: Information for an HTTP method condition. Specify only when ``Field`` is ``http-request-method``. + PathPatternConfig: + $ref: '#/components/schemas/PathPatternConfig' + description: Information for a path pattern condition. Specify only when ``Field`` is ``path-pattern``. + HttpHeaderConfig: + $ref: '#/components/schemas/HttpHeaderConfig' + description: Information for an HTTP header condition. Specify only when ``Field`` is ``http-header``. + SourceIpConfig: + $ref: '#/components/schemas/SourceIpConfig' + description: Information for a source IP condition. Specify only when ``Field`` is ``source-ip``. + HostHeaderConfig: + $ref: '#/components/schemas/HostHeaderConfig' + description: Information for a host header condition. Specify only when ``Field`` is ``host-header``. + QueryStringConfig: + $ref: '#/components/schemas/QueryStringConfig' + description: Information for a query string condition. Specify only when ``Field`` is ``query-string``. + description: Specifies a condition for a listener rule. + QueryStringConfig: + type: object + additionalProperties: false + properties: + Values: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/QueryStringKeyValue' + description: |- + The key/value pairs or values to find in the query string. The maximum size of each string is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). To search for a literal '*' or '?' character in a query string, you must escape these characters in ``Values`` using a '\' character. + If you specify multiple key/value pairs or values, the condition is satisfied if one of them is found in the query string. + description: |- + Information about a query string condition. + The query string component of a URI starts after the first '?' character and is terminated by either a '#' character or the end of the URI. A typical query string contains key/value pairs separated by '&' characters. The allowed characters are specified by RFC 3986. Any character can be percentage encoded. + PathPatternConfig: + type: object + additionalProperties: false + properties: + Values: + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + description: |- + The path patterns to compare against the request URL. The maximum size of each string is 128 characters. The comparison is case sensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). + If you specify multiple strings, the condition is satisfied if one of them matches the request URL. The path pattern is compared only to the path of the URL, not to its query string. + description: Information about a path pattern condition. + HttpHeaderConfig: + type: object + additionalProperties: false + properties: + Values: + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + description: |- + The strings to compare against the value of the HTTP header. The maximum size of each string is 128 characters. The comparison strings are case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). + If the same header appears multiple times in the request, we search them in order until a match is found. + If you specify multiple strings, the condition is satisfied if one of the strings matches the value of the HTTP header. To require that all of the strings are a match, create one condition per string. + HttpHeaderName: + type: string + description: The name of the HTTP header field. The maximum size is 40 characters. The header name is case insensitive. The allowed characters are specified by RFC 7230. Wildcards are not supported. + description: |- + Information about an HTTP header condition. + There is a set of standard HTTP header fields. You can also define custom HTTP header fields. + QueryStringKeyValue: + type: object + additionalProperties: false + properties: + Value: + type: string + description: The value. + Key: + type: string + description: The key. You can omit the key. + description: Information about a key/value pair. + HostHeaderConfig: + type: object + additionalProperties: false + properties: + Values: + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + description: |- + The host names. The maximum size of each name is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). + If you specify multiple strings, the condition is satisfied if one of the strings matches the host name. + description: Information about a host header condition. + HttpRequestMethodConfig: + type: object + additionalProperties: false + properties: + Values: + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + description: |- + The name of the request method. The maximum size is 40 characters. The allowed characters are A-Z, hyphen (-), and underscore (_). The comparison is case sensitive. Wildcards are not supported; therefore, the method name must be an exact match. + If you specify multiple strings, the condition is satisfied if one of the strings matches the HTTP request method. We recommend that you route GET and HEAD requests in the same way, because the response to a HEAD request may be cached. + description: |- + Information about an HTTP method condition. + HTTP defines a set of request methods, also referred to as HTTP verbs. For more information, see the [HTTP Method Registry](https://docs.aws.amazon.com/https://www.iana.org/assignments/http-methods/http-methods.xhtml). You can also define custom HTTP methods. + SourceIpConfig: + type: object + additionalProperties: false + properties: + Values: + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + description: |- + The source IP addresses, in CIDR format. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. + If you specify multiple addresses, the condition is satisfied if the source IP address of the request matches one of the CIDR blocks. This condition is not satisfied by the addresses in the X-Forwarded-For header. + description: |- + Information about a source IP condition. + You can use this condition to route based on the IP address of the source that connects to the load balancer. If a client is behind a proxy, this is the IP address of the proxy not the IP address of the client. + ListenerRule: + type: object + properties: + ListenerArn: + type: string + description: The Amazon Resource Name (ARN) of the listener. + RuleArn: + type: string + description: '' + Actions: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Action' + description: |- + The actions. + The rule must include exactly one of the following types of actions: ``forward``, ``fixed-response``, or ``redirect``, and it must be the last action to be performed. If the rule is for an HTTPS listener, it can also optionally include an authentication action. + Priority: + type: integer + description: |- + The rule priority. A listener can't have multiple rules with the same priority. + If you try to reorder rules by updating their priorities, do not specify a new priority if an existing rule already uses this priority, as this can cause an error. If you need to reuse a priority with a different rule, you must remove it as a priority first, and then specify it in a subsequent update. + Conditions: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/RuleCondition' + description: |- + The conditions. + The rule can optionally include up to one of each of the following conditions: ``http-request-method``, ``host-header``, ``path-pattern``, and ``source-ip``. A rule can also optionally include one or more of each of the following conditions: ``http-header`` and ``query-string``. + IsDefault: + type: boolean + description: '' + required: + - Actions + - Priority + - Conditions + x-stackql-resource-name: listener_rule + description: |- + Specifies a listener rule. The listener must be associated with an Application Load Balancer. Each rule consists of a priority, one or more actions, and one or more conditions. + For more information, see [Quotas for your Application Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html) in the *User Guide for Application Load Balancers*. + x-type-name: AWS::ElasticLoadBalancingV2::ListenerRule + x-stackql-primary-identifier: + - RuleArn + x-create-only-properties: + - ListenerArn + x-write-only-properties: + - Actions/*/AuthenticateOidcConfig/ClientSecret + - ListenerArn + x-read-only-properties: + - RuleArn + - IsDefault + x-required-properties: + - Actions + - Priority + - Conditions + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - elasticloadbalancing:CreateRule + - elasticloadbalancing:DescribeRules + - cognito-idp:DescribeUserPoolClient + delete: + - elasticloadbalancing:DeleteRule + - elasticloadbalancing:DescribeRules + list: + - elasticloadbalancing:DescribeRules + read: + - elasticloadbalancing:DescribeRules + update: + - elasticloadbalancing:ModifyRule + - elasticloadbalancing:SetRulePriorities + - elasticloadbalancing:DescribeRules + SubnetMapping: + type: object + additionalProperties: false + properties: + SubnetId: + type: string + description: The ID of the subnet. + AllocationId: + type: string + description: '[Network Load Balancers] The allocation ID of the Elastic IP address for an internet-facing load balancer.' + PrivateIPv4Address: + type: string + description: '[Network Load Balancers] The private IPv4 address for an internal load balancer.' + IPv6Address: + type: string + description: '[Network Load Balancers] The IPv6 address.' + required: + - SubnetId + description: Specifies a subnet for a load balancer. + LoadBalancerAttribute: + type: object + additionalProperties: false + properties: + Value: + type: string + description: The value of the attribute. + Key: + type: string + description: |- + The name of the attribute. + The following attributes are supported by all load balancers: + + ``deletion_protection.enabled`` - Indicates whether deletion protection is enabled. The value is ``true`` or ``false``. The default is ``false``. + + ``load_balancing.cross_zone.enabled`` - Indicates whether cross-zone load balancing is enabled. The possible values are ``true`` and ``false``. The default for Network Load Balancers and Gateway Load Balancers is ``false``. The default for Application Load Balancers is ``true``, and cannot be changed. + + The following attributes are supported by both Application Load Balancers and Network Load Balancers: + + ``access_logs.s3.enabled`` - Indicates whether access logs are enabled. The value is ``true`` or ``false``. The default is ``false``. + + ``access_logs.s3.bucket`` - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket. + + ``access_logs.s3.prefix`` - The prefix for the location in the S3 bucket for the access logs. + + ``ipv6.deny_all_igw_traffic`` - Blocks internet gateway (IGW) access to the load balancer. It is set to ``false`` for internet-facing load balancers and ``true`` for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway. + + The following attributes are supported by only Application Load Balancers: + + ``idle_timeout.timeout_seconds`` - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds. + + ``client_keep_alive.seconds`` - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds. + + ``connection_logs.s3.enabled`` - Indicates whether connection logs are enabled. The value is ``true`` or ``false``. The default is ``false``. + + ``connection_logs.s3.bucket`` - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket. + + ``connection_logs.s3.prefix`` - The prefix for the location in the S3 bucket for the connection logs. + + ``routing.http.desync_mitigation_mode`` - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are ``monitor``, ``defensive``, and ``strictest``. The default is ``defensive``. + + ``routing.http.drop_invalid_header_fields.enabled`` - Indicates whether HTTP headers with invalid header fields are removed by the load balancer (``true``) or routed to targets (``false``). The default is ``false``. + + ``routing.http.preserve_host_header.enabled`` - Indicates whether the Application Load Balancer should preserve the ``Host`` header in the HTTP request and send it to the target without any change. The possible values are ``true`` and ``false``. The default is ``false``. + + ``routing.http.x_amzn_tls_version_and_cipher_suite.enabled`` - Indicates whether the two headers (``x-amzn-tls-version`` and ``x-amzn-tls-cipher-suite``), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The ``x-amzn-tls-version`` header has information about the TLS protocol version negotiated with the client, and the ``x-amzn-tls-cipher-suite`` header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are ``true`` and ``false``. The default is ``false``. + + ``routing.http.xff_client_port.enabled`` - Indicates whether the ``X-Forwarded-For`` header should preserve the source port that the client used to connect to the load balancer. The possible values are ``true`` and ``false``. The default is ``false``. + + ``routing.http.xff_header_processing.mode`` - Enables you to modify, preserve, or remove the ``X-Forwarded-For`` header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are ``append``, ``preserve``, and ``remove``. The default is ``append``. + + If the value is ``append``, the Application Load Balancer adds the client IP address (of the last hop) to the ``X-Forwarded-For`` header in the HTTP request before it sends it to targets. + + If the value is ``preserve`` the Application Load Balancer preserves the ``X-Forwarded-For`` header in the HTTP request, and sends it to targets without any change. + + If the value is ``remove``, the Application Load Balancer removes the ``X-Forwarded-For`` header in the HTTP request before it sends it to targets. + + + ``routing.http2.enabled`` - Indicates whether HTTP/2 is enabled. The possible values are ``true`` and ``false``. The default is ``true``. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. + + ``waf.fail_open.enabled`` - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. The possible values are ``true`` and ``false``. The default is ``false``. + + The following attributes are supported by only Network Load Balancers: + + ``dns_record.client_routing_policy`` - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are ``availability_zone_affinity`` with 100 percent zonal affinity, ``partial_availability_zone_affinity`` with 85 percent zonal affinity, and ``any_availability_zone`` with 0 percent zonal affinity. + description: Specifies an attribute for an Application Load Balancer, a Network Load Balancer, or a Gateway Load Balancer. + Tag: + type: object + additionalProperties: false + properties: + Value: + type: string + Key: + type: string + required: + - Value + - Key + LoadBalancer: + type: object + properties: + IpAddressType: + type: string + description: The IP address type. The possible values are ``ipv4`` (for IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses). You can’t specify ``dualstack`` for a load balancer with a UDP or TCP_UDP listener. + SecurityGroups: + type: array + description: '[Application Load Balancers and Network Load Balancers] The IDs of the security groups for the load balancer.' + uniqueItems: true + x-insertionOrder: false + items: + type: string + LoadBalancerAttributes: + type: array + description: The load balancer attributes. + uniqueItems: true + x-insertionOrder: false + x-arrayType: AttributeList + items: + $ref: '#/components/schemas/LoadBalancerAttribute' + Scheme: + type: string + description: |- + The nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet. + The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer. + The default is an Internet-facing load balancer. + You cannot specify a scheme for a Gateway Load Balancer. + DNSName: + type: string + description: '' + Name: + type: string + description: |- + The name of the load balancer. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with "internal-". + If you don't specify a name, AWS CloudFormation generates a unique physical ID for the load balancer. If you specify a name, you cannot perform updates that require replacement of this resource, but you can perform other updates. To replace the resource, specify a new name. + LoadBalancerName: + type: string + description: '' + LoadBalancerFullName: + type: string + description: '' + Subnets: + type: array + description: |- + The IDs of the subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both. To specify an Elastic IP address, specify subnet mappings instead of subnets. + [Application Load Balancers] You must specify subnets from at least two Availability Zones. + [Application Load Balancers on Outposts] You must specify one Outpost subnet. + [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones. + [Network Load Balancers] You can specify subnets from one or more Availability Zones. + [Gateway Load Balancers] You can specify subnets from one or more Availability Zones. + uniqueItems: true + x-insertionOrder: false + items: + type: string + Type: + type: string + description: The type of load balancer. The default is ``application``. + CanonicalHostedZoneID: + type: string + description: '' + Tags: + type: array + description: The tags to assign to the load balancer. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + LoadBalancerArn: + type: string + description: '' + SubnetMappings: + type: array + description: |- + The IDs of the subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both. + [Application Load Balancers] You must specify subnets from at least two Availability Zones. You cannot specify Elastic IP addresses for your subnets. + [Application Load Balancers on Outposts] You must specify one Outpost subnet. + [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones. + [Network Load Balancers] You can specify subnets from one or more Availability Zones. You can specify one Elastic IP address per subnet if you need static IP addresses for your internet-facing load balancer. For internal load balancers, you can specify one private IP address per subnet from the IPv4 range of the subnet. For internet-facing load balancer, you can specify one IPv6 address per subnet. + [Gateway Load Balancers] You can specify subnets from one or more Availability Zones. You cannot specify Elastic IP addresses for your subnets. + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/SubnetMapping' + EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic: + type: string + description: Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through privatelink. + x-stackql-resource-name: load_balancer + description: Specifies an Application Load Balancer, a Network Load Balancer, or a Gateway Load Balancer. + x-type-name: AWS::ElasticLoadBalancingV2::LoadBalancer + x-documentation-url: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html + x-stackql-primary-identifier: + - LoadBalancerArn + x-create-only-properties: + - Name + - Type + - Scheme + x-read-only-properties: + - LoadBalancerName + - LoadBalancerFullName + - CanonicalHostedZoneID + - LoadBalancerArn + - DNSName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - elasticloadbalancing:CreateLoadBalancer + - elasticloadbalancing:DescribeLoadBalancers + - elasticloadbalancing:ModifyLoadBalancerAttributes + - elasticloadbalancing:AddTags + delete: + - elasticloadbalancing:DescribeLoadBalancers + - elasticloadbalancing:DeleteLoadBalancer + list: + - elasticloadbalancing:DescribeLoadBalancers + read: + - elasticloadbalancing:DescribeLoadBalancers + - elasticloadbalancing:DescribeLoadBalancerAttributes + - elasticloadbalancing:DescribeTags + update: + - elasticloadbalancing:ModifyLoadBalancerAttributes + - elasticloadbalancing:SetSubnets + - elasticloadbalancing:SetIpAddressType + - elasticloadbalancing:SetSecurityGroups + - elasticloadbalancing:AddTags + - elasticloadbalancing:RemoveTags + Matcher: + type: object + additionalProperties: false + properties: + GrpcCode: + type: string + description: You can specify values between 0 and 99. You can specify multiple values, or a range of values. The default value is 12. + HttpCode: + type: string + description: 'For Application Load Balancers, you can specify values between 200 and 499, and the default value is 200. You can specify multiple values or a range of values. ' + TargetDescription: + type: object + additionalProperties: false + properties: + AvailabilityZone: + type: string + description: An Availability Zone or all. This determines whether the target receives traffic from the load balancer nodes in the specified Availability Zone or from all enabled Availability Zones for the load balancer. + Id: + type: string + description: 'The ID of the target. If the target type of the target group is instance, specify an instance ID. If the target type is ip, specify an IP address. If the target type is lambda, specify the ARN of the Lambda function. If the target type is alb, specify the ARN of the Application Load Balancer target. ' + Port: + type: integer + description: The port on which the target is listening. If the target group protocol is GENEVE, the supported port is 6081. If the target type is alb, the targeted Application Load Balancer must have at least one listener whose port matches the target group port. Not used if the target is a Lambda function. + required: + - Id + TargetGroupAttribute: + type: object + additionalProperties: false + properties: + Value: + type: string + description: The name of the attribute. + Key: + type: string + description: The value of the attribute. + TargetGroup: + type: object + properties: + IpAddressType: + type: string + description: 'The type of IP address used for this target group. The possible values are ipv4 and ipv6. ' + HealthCheckIntervalSeconds: + type: integer + description: The approximate amount of time, in seconds, between health checks of an individual target. + LoadBalancerArns: + type: array + x-insertionOrder: false + description: The Amazon Resource Names (ARNs) of the load balancers that route traffic to this target group. + uniqueItems: false + items: + type: string + Matcher: + $ref: '#/components/schemas/Matcher' + description: '[HTTP/HTTPS health checks] The HTTP or gRPC codes to use when checking for a successful response from a target.' + HealthCheckPath: + type: string + description: '[HTTP/HTTPS health checks] The destination for health checks on the targets. [HTTP1 or HTTP2 protocol version] The ping path. The default is /. [GRPC protocol version] The path of a custom health check method with the format /package.service/method. The default is /AWS.ALB/healthcheck.' + Port: + type: integer + description: The port on which the targets receive traffic. This port is used unless you specify a port override when registering the target. If the target is a Lambda function, this parameter does not apply. If the protocol is GENEVE, the supported port is 6081. + Targets: + type: array + description: The targets. + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/TargetDescription' + HealthCheckEnabled: + type: boolean + description: Indicates whether health checks are enabled. If the target type is lambda, health checks are disabled by default but can be enabled. If the target type is instance, ip, or alb, health checks are always enabled and cannot be disabled. + ProtocolVersion: + type: string + description: '[HTTP/HTTPS protocol] The protocol version. The possible values are GRPC, HTTP1, and HTTP2.' + UnhealthyThresholdCount: + type: integer + description: The number of consecutive health check failures required before considering a target unhealthy. + HealthCheckTimeoutSeconds: + type: integer + description: The amount of time, in seconds, during which no response from a target means a failed health check. + Name: + type: string + description: The name of the target group. + VpcId: + type: string + description: The identifier of the virtual private cloud (VPC). If the target is a Lambda function, this parameter does not apply. + TargetGroupFullName: + type: string + description: The full name of the target group. + HealthyThresholdCount: + type: integer + description: 'The number of consecutive health checks successes required before considering an unhealthy target healthy. ' + HealthCheckProtocol: + type: string + description: 'The protocol the load balancer uses when performing health checks on targets. ' + TargetGroupAttributes: + type: array + x-arrayType: AttributeList + description: The attributes. + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/TargetGroupAttribute' + TargetType: + type: string + description: The type of target that you must specify when registering targets with this target group. You can't specify targets for a target group using more than one target type. + HealthCheckPort: + type: string + description: 'The port the load balancer uses when performing health checks on targets. ' + TargetGroupArn: + type: string + description: The ARN of the Target Group + Protocol: + type: string + description: The protocol to use for routing traffic to the targets. + TargetGroupName: + type: string + description: The name of the target group. + Tags: + type: array + description: The tags. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: target_group + description: Resource Type definition for AWS::ElasticLoadBalancingV2::TargetGroup + x-type-name: AWS::ElasticLoadBalancingV2::TargetGroup + x-stackql-primary-identifier: + - TargetGroupArn + x-create-only-properties: + - TargetType + - ProtocolVersion + - Port + - Name + - VpcId + - Protocol + - IpAddressType + x-read-only-properties: + - LoadBalancerArns + - TargetGroupArn + - TargetGroupName + - TargetGroupFullName + x-tagging: + taggable: true + tagOnCreate: false + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - elasticloadbalancing:CreateTargetGroup + - elasticloadbalancing:DescribeTargetGroups + - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:ModifyTargetGroupAttributes + - elasticloadbalancing:DescribeTargetHealth + - elasticloadbalancing:AddTags + delete: + - elasticloadbalancing:DeleteTargetGroup + - elasticloadbalancing:DescribeTargetGroups + list: + - elasticloadbalancing:DescribeTargetGroups + read: + - elasticloadbalancing:DescribeTargetGroups + - elasticloadbalancing:DescribeTargetGroupAttributes + - elasticloadbalancing:DescribeTargetHealth + - elasticloadbalancing:DescribeTags + update: + - elasticloadbalancing:DescribeTargetGroups + - elasticloadbalancing:ModifyTargetGroup + - elasticloadbalancing:ModifyTargetGroupAttributes + - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DescribeTargetHealth + - elasticloadbalancing:DeregisterTargets + - elasticloadbalancing:AddTags + - elasticloadbalancing:RemoveTags + TrustStore: + type: object + properties: + Name: + type: string + description: The name of the trust store. + CaCertificatesBundleS3Bucket: + type: string + description: The name of the S3 bucket to fetch the CA certificate bundle from. + CaCertificatesBundleS3Key: + type: string + description: The name of the S3 object to fetch the CA certificate bundle from. + CaCertificatesBundleS3ObjectVersion: + type: string + description: The version of the S3 bucket that contains the CA certificate bundle. + Status: + type: string + description: The status of the trust store, could be either of ACTIVE or CREATING. + NumberOfCaCertificates: + type: integer + description: The number of certificates associated with the trust store. + Tags: + type: array + description: The tags to assign to the trust store. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + TrustStoreArn: + type: string + description: The Amazon Resource Name (ARN) of the trust store. + x-stackql-resource-name: trust_store + description: Resource Type definition for AWS::ElasticLoadBalancingV2::TrustStore + x-type-name: AWS::ElasticLoadBalancingV2::TrustStore + x-documentation-url: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-truststore.html + x-stackql-primary-identifier: + - TrustStoreArn + x-create-only-properties: + - Name + x-write-only-properties: + - CaCertificatesBundleS3Bucket + - CaCertificatesBundleS3Key + - CaCertificatesBundleS3ObjectVersion + x-read-only-properties: + - TrustStoreArn + - Status + - NumberOfCaCertificates + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - elasticloadbalancing:CreateTrustStore + - elasticloadbalancing:DescribeTrustStores + - elasticloadbalancing:AddTags + - s3:GetObject + - s3:GetObjectVersion + delete: + - elasticloadbalancing:DescribeTrustStores + - elasticloadbalancing:DeleteTrustStore + list: + - elasticloadbalancing:DescribeTrustStores + - s3:GetObject + - s3:GetObjectVersion + read: + - elasticloadbalancing:DescribeTrustStores + - elasticloadbalancing:DescribeTags + update: + - elasticloadbalancing:ModifyTrustStore + - elasticloadbalancing:AddTags + - elasticloadbalancing:RemoveTags + - s3:GetObject + - s3:GetObjectVersion + RevocationId: + type: string + RevocationContent: + type: object + additionalProperties: false + properties: + S3Bucket: + type: string + S3Key: + type: string + S3ObjectVersion: + type: string + RevocationType: + type: string + TrustStoreRevocation: + type: object + properties: + RevocationContents: + type: array + description: The attributes required to create a trust store revocation. + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/RevocationContent' + TrustStoreArn: + type: string + description: The Amazon Resource Name (ARN) of the trust store. + RevocationId: + type: integer + format: int64 + description: The ID associated with the revocation. + TrustStoreRevocations: + type: array + description: The data associated with a trust store revocation + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/TrustStoreRevocation' + x-stackql-resource-name: trust_store_revocation + description: Resource Type definition for AWS::ElasticLoadBalancingV2::TrustStoreRevocation + x-type-name: AWS::ElasticLoadBalancingV2::TrustStoreRevocation + x-documentation-url: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-truststorerevocation.html + x-stackql-primary-identifier: + - RevocationId + - TrustStoreArn + x-create-only-properties: + - TrustStoreArn + - RevocationContents + x-write-only-properties: + - RevocationContents + x-read-only-properties: + - RevocationId + - TrustStoreRevocations + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - elasticloadbalancing:AddTrustStoreRevocations + - elasticloadbalancing:DescribeTrustStoreRevocations + - s3:GetObject + - s3:GetObjectVersion + delete: + - elasticloadbalancing:DescribeTrustStoreRevocations + - elasticloadbalancing:RemoveTrustStoreRevocations + list: + - elasticloadbalancing:DescribeTrustStoreRevocations + read: + - elasticloadbalancing:DescribeTrustStoreRevocations + x-stackQL-resources: + listeners: + name: listeners + id: aws.elasticloadbalancingv2.listeners + x-cfn-schema-name: Listener + x-type: list + x-identifiers: + - ListenerArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ListenerArn') as listener_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::Listener' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ListenerArn') as listener_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::Listener' + AND region = 'us-east-1' + listener: + name: listener + id: aws.elasticloadbalancingv2.listener + x-cfn-schema-name: Listener + x-type: get + x-identifiers: + - ListenerArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SslPolicy') as ssl_policy, + JSON_EXTRACT(Properties, '$.LoadBalancerArn') as load_balancer_arn, + JSON_EXTRACT(Properties, '$.DefaultActions') as default_actions, + JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.Certificates') as certificates, + JSON_EXTRACT(Properties, '$.Protocol') as protocol, + JSON_EXTRACT(Properties, '$.ListenerArn') as listener_arn, + JSON_EXTRACT(Properties, '$.AlpnPolicy') as alpn_policy, + JSON_EXTRACT(Properties, '$.MutualAuthentication') as mutual_authentication + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::Listener' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SslPolicy') as ssl_policy, + json_extract_path_text(Properties, 'LoadBalancerArn') as load_balancer_arn, + json_extract_path_text(Properties, 'DefaultActions') as default_actions, + json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'Certificates') as certificates, + json_extract_path_text(Properties, 'Protocol') as protocol, + json_extract_path_text(Properties, 'ListenerArn') as listener_arn, + json_extract_path_text(Properties, 'AlpnPolicy') as alpn_policy, + json_extract_path_text(Properties, 'MutualAuthentication') as mutual_authentication + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::Listener' + AND data__Identifier = '' + AND region = 'us-east-1' + listener_rules: + name: listener_rules + id: aws.elasticloadbalancingv2.listener_rules + x-cfn-schema-name: ListenerRule + x-type: list + x-identifiers: + - RuleArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RuleArn') as rule_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::ListenerRule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RuleArn') as rule_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::ListenerRule' + AND region = 'us-east-1' + listener_rule: + name: listener_rule + id: aws.elasticloadbalancingv2.listener_rule + x-cfn-schema-name: ListenerRule + x-type: get + x-identifiers: + - RuleArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ListenerArn') as listener_arn, + JSON_EXTRACT(Properties, '$.RuleArn') as rule_arn, + JSON_EXTRACT(Properties, '$.Actions') as actions, + JSON_EXTRACT(Properties, '$.Priority') as priority, + JSON_EXTRACT(Properties, '$.Conditions') as conditions, + JSON_EXTRACT(Properties, '$.IsDefault') as is_default + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::ListenerRule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ListenerArn') as listener_arn, + json_extract_path_text(Properties, 'RuleArn') as rule_arn, + json_extract_path_text(Properties, 'Actions') as actions, + json_extract_path_text(Properties, 'Priority') as priority, + json_extract_path_text(Properties, 'Conditions') as conditions, + json_extract_path_text(Properties, 'IsDefault') as is_default + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::ListenerRule' + AND data__Identifier = '' + AND region = 'us-east-1' + load_balancers: + name: load_balancers + id: aws.elasticloadbalancingv2.load_balancers + x-cfn-schema-name: LoadBalancer + x-type: list + x-identifiers: + - LoadBalancerArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LoadBalancerArn') as load_balancer_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::LoadBalancer' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LoadBalancerArn') as load_balancer_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::LoadBalancer' + AND region = 'us-east-1' + load_balancer: + name: load_balancer + id: aws.elasticloadbalancingv2.load_balancer + x-cfn-schema-name: LoadBalancer + x-type: get + x-identifiers: + - LoadBalancerArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IpAddressType') as ip_address_type, + JSON_EXTRACT(Properties, '$.SecurityGroups') as security_groups, + JSON_EXTRACT(Properties, '$.LoadBalancerAttributes') as load_balancer_attributes, + JSON_EXTRACT(Properties, '$.Scheme') as scheme, + JSON_EXTRACT(Properties, '$.DNSName') as dns_name, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.LoadBalancerName') as load_balancer_name, + JSON_EXTRACT(Properties, '$.LoadBalancerFullName') as load_balancer_full_name, + JSON_EXTRACT(Properties, '$.Subnets') as subnets, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.CanonicalHostedZoneID') as canonical_hosted_zone_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LoadBalancerArn') as load_balancer_arn, + JSON_EXTRACT(Properties, '$.SubnetMappings') as subnet_mappings, + JSON_EXTRACT(Properties, '$.EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic') as enforce_security_group_inbound_rules_on_private_link_traffic + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::LoadBalancer' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IpAddressType') as ip_address_type, + json_extract_path_text(Properties, 'SecurityGroups') as security_groups, + json_extract_path_text(Properties, 'LoadBalancerAttributes') as load_balancer_attributes, + json_extract_path_text(Properties, 'Scheme') as scheme, + json_extract_path_text(Properties, 'DNSName') as dns_name, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'LoadBalancerName') as load_balancer_name, + json_extract_path_text(Properties, 'LoadBalancerFullName') as load_balancer_full_name, + json_extract_path_text(Properties, 'Subnets') as subnets, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'CanonicalHostedZoneID') as canonical_hosted_zone_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LoadBalancerArn') as load_balancer_arn, + json_extract_path_text(Properties, 'SubnetMappings') as subnet_mappings, + json_extract_path_text(Properties, 'EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic') as enforce_security_group_inbound_rules_on_private_link_traffic + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::LoadBalancer' + AND data__Identifier = '' + AND region = 'us-east-1' + target_groups: + name: target_groups + id: aws.elasticloadbalancingv2.target_groups + x-cfn-schema-name: TargetGroup + x-type: list + x-identifiers: + - TargetGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TargetGroupArn') as target_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::TargetGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TargetGroupArn') as target_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::TargetGroup' + AND region = 'us-east-1' + target_group: + name: target_group + id: aws.elasticloadbalancingv2.target_group + x-cfn-schema-name: TargetGroup + x-type: get + x-identifiers: + - TargetGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IpAddressType') as ip_address_type, + JSON_EXTRACT(Properties, '$.HealthCheckIntervalSeconds') as health_check_interval_seconds, + JSON_EXTRACT(Properties, '$.LoadBalancerArns') as load_balancer_arns, + JSON_EXTRACT(Properties, '$.Matcher') as matcher, + JSON_EXTRACT(Properties, '$.HealthCheckPath') as health_check_path, + JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.Targets') as targets, + JSON_EXTRACT(Properties, '$.HealthCheckEnabled') as health_check_enabled, + JSON_EXTRACT(Properties, '$.ProtocolVersion') as protocol_version, + JSON_EXTRACT(Properties, '$.UnhealthyThresholdCount') as unhealthy_threshold_count, + JSON_EXTRACT(Properties, '$.HealthCheckTimeoutSeconds') as health_check_timeout_seconds, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.TargetGroupFullName') as target_group_full_name, + JSON_EXTRACT(Properties, '$.HealthyThresholdCount') as healthy_threshold_count, + JSON_EXTRACT(Properties, '$.HealthCheckProtocol') as health_check_protocol, + JSON_EXTRACT(Properties, '$.TargetGroupAttributes') as target_group_attributes, + JSON_EXTRACT(Properties, '$.TargetType') as target_type, + JSON_EXTRACT(Properties, '$.HealthCheckPort') as health_check_port, + JSON_EXTRACT(Properties, '$.TargetGroupArn') as target_group_arn, + JSON_EXTRACT(Properties, '$.Protocol') as protocol, + JSON_EXTRACT(Properties, '$.TargetGroupName') as target_group_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::TargetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IpAddressType') as ip_address_type, + json_extract_path_text(Properties, 'HealthCheckIntervalSeconds') as health_check_interval_seconds, + json_extract_path_text(Properties, 'LoadBalancerArns') as load_balancer_arns, + json_extract_path_text(Properties, 'Matcher') as matcher, + json_extract_path_text(Properties, 'HealthCheckPath') as health_check_path, + json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'Targets') as targets, + json_extract_path_text(Properties, 'HealthCheckEnabled') as health_check_enabled, + json_extract_path_text(Properties, 'ProtocolVersion') as protocol_version, + json_extract_path_text(Properties, 'UnhealthyThresholdCount') as unhealthy_threshold_count, + json_extract_path_text(Properties, 'HealthCheckTimeoutSeconds') as health_check_timeout_seconds, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'TargetGroupFullName') as target_group_full_name, + json_extract_path_text(Properties, 'HealthyThresholdCount') as healthy_threshold_count, + json_extract_path_text(Properties, 'HealthCheckProtocol') as health_check_protocol, + json_extract_path_text(Properties, 'TargetGroupAttributes') as target_group_attributes, + json_extract_path_text(Properties, 'TargetType') as target_type, + json_extract_path_text(Properties, 'HealthCheckPort') as health_check_port, + json_extract_path_text(Properties, 'TargetGroupArn') as target_group_arn, + json_extract_path_text(Properties, 'Protocol') as protocol, + json_extract_path_text(Properties, 'TargetGroupName') as target_group_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::TargetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + trust_stores: + name: trust_stores + id: aws.elasticloadbalancingv2.trust_stores + x-cfn-schema-name: TrustStore + x-type: list + x-identifiers: + - TrustStoreArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TrustStoreArn') as trust_store_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::TrustStore' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TrustStoreArn') as trust_store_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::TrustStore' + AND region = 'us-east-1' + trust_store: + name: trust_store + id: aws.elasticloadbalancingv2.trust_store + x-cfn-schema-name: TrustStore + x-type: get + x-identifiers: + - TrustStoreArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.CaCertificatesBundleS3Bucket') as ca_certificates_bundle_s3_bucket, + JSON_EXTRACT(Properties, '$.CaCertificatesBundleS3Key') as ca_certificates_bundle_s3_key, + JSON_EXTRACT(Properties, '$.CaCertificatesBundleS3ObjectVersion') as ca_certificates_bundle_s3_object_version, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.NumberOfCaCertificates') as number_of_ca_certificates, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TrustStoreArn') as trust_store_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::TrustStore' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'CaCertificatesBundleS3Bucket') as ca_certificates_bundle_s3_bucket, + json_extract_path_text(Properties, 'CaCertificatesBundleS3Key') as ca_certificates_bundle_s3_key, + json_extract_path_text(Properties, 'CaCertificatesBundleS3ObjectVersion') as ca_certificates_bundle_s3_object_version, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'NumberOfCaCertificates') as number_of_ca_certificates, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TrustStoreArn') as trust_store_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::TrustStore' + AND data__Identifier = '' + AND region = 'us-east-1' + trust_store_revocations: + name: trust_store_revocations + id: aws.elasticloadbalancingv2.trust_store_revocations + x-cfn-schema-name: TrustStoreRevocation + x-type: list + x-identifiers: + - RevocationId + - TrustStoreArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RevocationId') as revocation_id, + JSON_EXTRACT(Properties, '$.TrustStoreArn') as trust_store_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::TrustStoreRevocation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RevocationId') as revocation_id, + json_extract_path_text(Properties, 'TrustStoreArn') as trust_store_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::TrustStoreRevocation' + AND region = 'us-east-1' + trust_store_revocation: + name: trust_store_revocation + id: aws.elasticloadbalancingv2.trust_store_revocation + x-cfn-schema-name: TrustStoreRevocation + x-type: get + x-identifiers: + - RevocationId + - TrustStoreArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RevocationContents') as revocation_contents, + JSON_EXTRACT(Properties, '$.TrustStoreArn') as trust_store_arn, + JSON_EXTRACT(Properties, '$.RevocationId') as revocation_id, + JSON_EXTRACT(Properties, '$.TrustStoreRevocations') as trust_store_revocations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::TrustStoreRevocation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RevocationContents') as revocation_contents, + json_extract_path_text(Properties, 'TrustStoreArn') as trust_store_arn, + json_extract_path_text(Properties, 'RevocationId') as revocation_id, + json_extract_path_text(Properties, 'TrustStoreRevocations') as trust_store_revocations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ElasticLoadBalancingV2::TrustStoreRevocation' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/emr.yaml b/providers/src/aws/v00.00.00000/services/emr.yaml new file mode 100644 index 00000000..7853c4b5 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/emr.yaml @@ -0,0 +1,635 @@ +openapi: 3.0.0 +info: + title: EMR + version: 1.0.0 +paths: {} +components: + schemas: + SecurityConfiguration: + type: object + properties: + Name: + description: The name of the security configuration. + type: string + SecurityConfiguration: + description: The security configuration details in JSON format. + type: object + required: + - SecurityConfiguration + x-stackql-resource-name: security_configuration + description: Use a SecurityConfiguration resource to configure data encryption, Kerberos authentication, and Amazon S3 authorization for EMRFS. + x-type-name: AWS::EMR::SecurityConfiguration + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - SecurityConfiguration + x-required-properties: + - SecurityConfiguration + x-tagging: + taggable: false + x-required-permissions: + create: + - elasticmapreduce:CreateSecurityConfiguration + - elasticmapreduce:DescribeSecurityConfiguration + read: + - elasticmapreduce:DescribeSecurityConfiguration + delete: + - elasticmapreduce:DeleteSecurityConfiguration + list: + - elasticmapreduce:ListSecurityConfigurations + SubnetId: + description: Identifier of a subnet + type: string + pattern: ^(subnet-[a-f0-9]{13})|(subnet-[a-f0-9]{8})\Z + Arn: + type: string + pattern: ^arn:aws(-(cn|us-gov))?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Studio: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the EMR Studio. + $ref: '#/components/schemas/Arn' + AuthMode: + type: string + description: Specifies whether the Studio authenticates users using single sign-on (SSO) or IAM. Amazon EMR Studio currently only supports SSO authentication. + enum: + - SSO + - IAM + DefaultS3Location: + description: The default Amazon S3 location to back up EMR Studio Workspaces and notebook files. A Studio user can select an alternative Amazon S3 location when creating a Workspace. + type: string + minLength: 6 + maxLength: 10280 + pattern: ^s3://.* + Description: + description: A detailed description of the Studio. + type: string + minLength: 0 + maxLength: 256 + EngineSecurityGroupId: + description: The ID of the Amazon EMR Studio Engine security group. The Engine security group allows inbound network traffic from the Workspace security group, and it must be in the same VPC specified by VpcId. + type: string + minLength: 4 + maxLength: 256 + pattern: ^sg-[a-zA-Z0-9\-._]+$ + Name: + description: A descriptive name for the Amazon EMR Studio. + type: string + minLength: 1 + maxLength: 256 + pattern: '[a-zA-Z0-9_-]+' + ServiceRole: + description: The IAM role that will be assumed by the Amazon EMR Studio. The service role provides a way for Amazon EMR Studio to interoperate with other AWS services. + $ref: '#/components/schemas/Arn' + StudioId: + description: The ID of the EMR Studio. + type: string + pattern: ^es-[0-9A-Z]+ + minLength: 4 + maxLength: 256 + SubnetIds: + description: A list of up to 5 subnet IDs to associate with the Studio. The subnets must belong to the VPC specified by VpcId. Studio users can create a Workspace in any of the specified subnets. + type: array + minItems: 1 + items: + $ref: '#/components/schemas/SubnetId' + Tags: + description: A list of tags to associate with the Studio. Tags are user-defined key-value pairs that consist of a required key string with a maximum of 128 characters, and an optional value string with a maximum of 256 characters. + $ref: '#/components/schemas/Tags' + Url: + description: The unique Studio access URL. + type: string + pattern: ^https://[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])(:[0-9]*)*([?/#].*)?$ + maxLength: 4096 + UserRole: + description: The IAM user role that will be assumed by users and groups logged in to a Studio. The permissions attached to this IAM role can be scoped down for each user or group using session policies. + $ref: '#/components/schemas/Arn' + VpcId: + description: The ID of the Amazon Virtual Private Cloud (Amazon VPC) to associate with the Studio. + type: string + pattern: ^(vpc-[0-9a-f]{8}|vpc-[0-9a-f]{17})$ + WorkspaceSecurityGroupId: + description: The ID of the Amazon EMR Studio Workspace security group. The Workspace security group allows outbound network traffic to resources in the Engine security group, and it must be in the same VPC specified by VpcId. + type: string + pattern: ^sg-[a-zA-Z0-9\-._]+$ + IdpAuthUrl: + description: Your identity provider's authentication endpoint. Amazon EMR Studio redirects federated users to this endpoint for authentication when logging in to a Studio with the Studio URL. + type: string + pattern: ^https://[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])(:[0-9]*)*([?/#].*)?$ + maxLength: 4096 + IdpRelayStateParameterName: + description: The name of relay state parameter for external Identity Provider. + type: string + minLength: 0 + maxLength: 256 + TrustedIdentityPropagationEnabled: + description: A Boolean indicating whether to enable Trusted identity propagation for the Studio. The default value is false. + type: boolean + IdcUserAssignment: + description: Specifies whether IAM Identity Center user assignment is REQUIRED or OPTIONAL. If the value is set to REQUIRED, users must be explicitly assigned to the Studio application to access the Studio. + type: string + enum: + - REQUIRED + - OPTIONAL + IdcInstanceArn: + description: The ARN of the IAM Identity Center instance to create the Studio application. + type: string + minLength: 20 + maxLength: 2048 + EncryptionKeyArn: + description: The AWS KMS key identifier (ARN) used to encrypt AWS EMR Studio workspace and notebook files when backed up to AWS S3. + $ref: '#/components/schemas/Arn' + required: + - AuthMode + - EngineSecurityGroupId + - Name + - ServiceRole + - SubnetIds + - VpcId + - WorkspaceSecurityGroupId + - DefaultS3Location + x-stackql-resource-name: studio + description: Resource schema for AWS::EMR::Studio + x-type-name: AWS::EMR::Studio + x-documentation-url: https://docs.aws.amazon.com/emr/latest/APIReference/API_CreateStudio.html + x-stackql-primary-identifier: + - StudioId + x-create-only-properties: + - AuthMode + - EngineSecurityGroupId + - ServiceRole + - UserRole + - VpcId + - WorkspaceSecurityGroupId + - TrustedIdentityPropagationEnabled + - IdcUserAssignment + - IdcInstanceArn + - EncryptionKeyArn + x-read-only-properties: + - StudioId + - Arn + - Url + x-required-properties: + - AuthMode + - EngineSecurityGroupId + - Name + - ServiceRole + - SubnetIds + - VpcId + - WorkspaceSecurityGroupId + - DefaultS3Location + x-required-permissions: + create: + - elasticmapreduce:CreateStudio + - elasticmapreduce:DescribeStudio + - elasticmapreduce:AddTags + - sso:CreateManagedApplicationInstance + - sso:DeleteManagedApplicationInstance + - iam:PassRole + read: + - elasticmapreduce:DescribeStudio + - sso:GetManagedApplicationInstance + update: + - elasticmapreduce:UpdateStudio + - elasticmapreduce:DescribeStudio + - elasticmapreduce:AddTags + - elasticmapreduce:RemoveTags + delete: + - elasticmapreduce:DeleteStudio + - elasticmapreduce:DescribeStudio + - sso:DeleteManagedApplicationInstance + list: + - elasticmapreduce:ListStudios + IamPolicyArn: + type: string + pattern: ^arn:aws(-(cn|us-gov))?:iam::([0-9]{12})?:policy\/[^.]+$ + StudioSessionMapping: + type: object + properties: + IdentityName: + type: string + description: The name of the user or group. For more information, see UserName and DisplayName in the AWS SSO Identity Store API Reference. Either IdentityName or IdentityId must be specified. + IdentityType: + type: string + description: Specifies whether the identity to map to the Studio is a user or a group. + enum: + - USER + - GROUP + SessionPolicyArn: + description: The Amazon Resource Name (ARN) for the session policy that will be applied to the user or group. Session policies refine Studio user permissions without the need to use multiple IAM user roles. + $ref: '#/components/schemas/IamPolicyArn' + StudioId: + description: The ID of the Amazon EMR Studio to which the user or group will be mapped. + type: string + pattern: ^es-[0-9A-Z]+ + minLength: 4 + maxLength: 256 + required: + - StudioId + - IdentityName + - IdentityType + - SessionPolicyArn + x-stackql-resource-name: studio_session_mapping + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::EMR::StudioSessionMapping + x-documentation-url: https://docs.aws.amazon.com/cli/latest/reference/emr/create-studio-session-mapping.html + x-stackql-primary-identifier: + - StudioId + - IdentityType + - IdentityName + x-create-only-properties: + - StudioId + - IdentityType + - IdentityName + x-required-properties: + - StudioId + - IdentityName + - IdentityType + - SessionPolicyArn + x-required-permissions: + create: + - elasticmapreduce:CreateStudioSessionMapping + - sso-directory:SearchUsers + - sso-directory:SearchGroups + - sso-directory:DescribeUser + - sso-directory:DescribeGroup + - sso:GetManagedApplicationInstance + - sso:ListDirectoryAssociations + - sso:GetProfile + - sso:ListProfiles + - sso:AssociateProfile + read: + - elasticmapreduce:GetStudioSessionMapping + - sso-directory:SearchUsers + - sso-directory:SearchGroups + - sso-directory:DescribeUser + - sso-directory:DescribeGroup + - sso:GetManagedApplicationInstance + - sso:DescribeInstance + update: + - elasticmapreduce:GetStudioSessionMapping + - elasticmapreduce:UpdateStudioSessionMapping + - sso-directory:SearchUsers + - sso-directory:SearchGroups + - sso-directory:DescribeUser + - sso-directory:DescribeGroup + - sso:GetManagedApplicationInstance + - sso:DescribeInstance + delete: + - elasticmapreduce:GetStudioSessionMapping + - elasticmapreduce:DeleteStudioSessionMapping + - sso-directory:SearchUsers + - sso-directory:SearchGroups + - sso-directory:DescribeUser + - sso-directory:DescribeGroup + - sso:GetManagedApplicationInstance + - sso:DescribeInstance + - sso:ListDirectoryAssociations + - sso:GetProfile + - sso:ListProfiles + - sso:DisassociateProfile + list: + - elasticmapreduce:ListStudioSessionMappings + WALWorkspace: + type: object + properties: + WALWorkspaceName: + description: The name of the emrwal container + type: string + minLength: 1 + maxLength: 32 + pattern: ^[a-zA-Z0-9]+$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: wal_workspace + description: Resource schema for AWS::EMR::WALWorkspace Type + x-type-name: AWS::EMR::WALWorkspace + x-stackql-primary-identifier: + - WALWorkspaceName + x-create-only-properties: + - WALWorkspaceName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - emrwal:CreateWorkspace + - emrwal:TagResource + - iam:CreateServiceLinkedRole + read: + - emrwal:ListTagsForResource + delete: + - emrwal:DeleteWorkspace + list: + - emrwal:ListWorkspaces + update: + - emrwal:TagResource + - emrwal:UntagResource + - emrwal:ListTagsForResource + x-stackQL-resources: + security_configurations: + name: security_configurations + id: aws.emr.security_configurations + x-cfn-schema-name: SecurityConfiguration + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EMR::SecurityConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EMR::SecurityConfiguration' + AND region = 'us-east-1' + security_configuration: + name: security_configuration + id: aws.emr.security_configuration + x-cfn-schema-name: SecurityConfiguration + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.SecurityConfiguration') as security_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EMR::SecurityConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'SecurityConfiguration') as security_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EMR::SecurityConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + studios: + name: studios + id: aws.emr.studios + x-cfn-schema-name: Studio + x-type: list + x-identifiers: + - StudioId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.StudioId') as studio_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EMR::Studio' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'StudioId') as studio_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EMR::Studio' + AND region = 'us-east-1' + studio: + name: studio + id: aws.emr.studio + x-cfn-schema-name: Studio + x-type: get + x-identifiers: + - StudioId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AuthMode') as auth_mode, + JSON_EXTRACT(Properties, '$.DefaultS3Location') as default_s3_location, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EngineSecurityGroupId') as engine_security_group_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ServiceRole') as service_role, + JSON_EXTRACT(Properties, '$.StudioId') as studio_id, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Url') as url, + JSON_EXTRACT(Properties, '$.UserRole') as user_role, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.WorkspaceSecurityGroupId') as workspace_security_group_id, + JSON_EXTRACT(Properties, '$.IdpAuthUrl') as idp_auth_url, + JSON_EXTRACT(Properties, '$.IdpRelayStateParameterName') as idp_relay_state_parameter_name, + JSON_EXTRACT(Properties, '$.TrustedIdentityPropagationEnabled') as trusted_identity_propagation_enabled, + JSON_EXTRACT(Properties, '$.IdcUserAssignment') as idc_user_assignment, + JSON_EXTRACT(Properties, '$.IdcInstanceArn') as idc_instance_arn, + JSON_EXTRACT(Properties, '$.EncryptionKeyArn') as encryption_key_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EMR::Studio' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AuthMode') as auth_mode, + json_extract_path_text(Properties, 'DefaultS3Location') as default_s3_location, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EngineSecurityGroupId') as engine_security_group_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ServiceRole') as service_role, + json_extract_path_text(Properties, 'StudioId') as studio_id, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Url') as url, + json_extract_path_text(Properties, 'UserRole') as user_role, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'WorkspaceSecurityGroupId') as workspace_security_group_id, + json_extract_path_text(Properties, 'IdpAuthUrl') as idp_auth_url, + json_extract_path_text(Properties, 'IdpRelayStateParameterName') as idp_relay_state_parameter_name, + json_extract_path_text(Properties, 'TrustedIdentityPropagationEnabled') as trusted_identity_propagation_enabled, + json_extract_path_text(Properties, 'IdcUserAssignment') as idc_user_assignment, + json_extract_path_text(Properties, 'IdcInstanceArn') as idc_instance_arn, + json_extract_path_text(Properties, 'EncryptionKeyArn') as encryption_key_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EMR::Studio' + AND data__Identifier = '' + AND region = 'us-east-1' + studio_session_mappings: + name: studio_session_mappings + id: aws.emr.studio_session_mappings + x-cfn-schema-name: StudioSessionMapping + x-type: list + x-identifiers: + - StudioId + - IdentityType + - IdentityName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.StudioId') as studio_id, + JSON_EXTRACT(Properties, '$.IdentityType') as identity_type, + JSON_EXTRACT(Properties, '$.IdentityName') as identity_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EMR::StudioSessionMapping' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'StudioId') as studio_id, + json_extract_path_text(Properties, 'IdentityType') as identity_type, + json_extract_path_text(Properties, 'IdentityName') as identity_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EMR::StudioSessionMapping' + AND region = 'us-east-1' + studio_session_mapping: + name: studio_session_mapping + id: aws.emr.studio_session_mapping + x-cfn-schema-name: StudioSessionMapping + x-type: get + x-identifiers: + - StudioId + - IdentityType + - IdentityName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IdentityName') as identity_name, + JSON_EXTRACT(Properties, '$.IdentityType') as identity_type, + JSON_EXTRACT(Properties, '$.SessionPolicyArn') as session_policy_arn, + JSON_EXTRACT(Properties, '$.StudioId') as studio_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EMR::StudioSessionMapping' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IdentityName') as identity_name, + json_extract_path_text(Properties, 'IdentityType') as identity_type, + json_extract_path_text(Properties, 'SessionPolicyArn') as session_policy_arn, + json_extract_path_text(Properties, 'StudioId') as studio_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EMR::StudioSessionMapping' + AND data__Identifier = '||' + AND region = 'us-east-1' + wal_workspaces: + name: wal_workspaces + id: aws.emr.wal_workspaces + x-cfn-schema-name: WALWorkspace + x-type: list + x-identifiers: + - WALWorkspaceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.WALWorkspaceName') as wal_workspace_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EMR::WALWorkspace' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'WALWorkspaceName') as wal_workspace_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EMR::WALWorkspace' + AND region = 'us-east-1' + wal_workspace: + name: wal_workspace + id: aws.emr.wal_workspace + x-cfn-schema-name: WALWorkspace + x-type: get + x-identifiers: + - WALWorkspaceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.WALWorkspaceName') as wal_workspace_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EMR::WALWorkspace' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'WALWorkspaceName') as wal_workspace_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EMR::WALWorkspace' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/emrcontainers.yaml b/providers/src/aws/v00.00.00000/services/emrcontainers.yaml new file mode 100644 index 00000000..b479ab4c --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/emrcontainers.yaml @@ -0,0 +1,181 @@ +openapi: 3.0.0 +info: + title: EMRContainers + version: 1.0.0 +paths: {} +components: + schemas: + ContainerProvider: + type: object + additionalProperties: false + properties: + Type: + description: The type of the container provider + type: string + Id: + description: The ID of the container cluster + type: string + minLength: 1 + maxLength: 100 + pattern: ^[0-9A-Za-z][A-Za-z0-9\-_]* + Info: + $ref: '#/components/schemas/ContainerInfo' + required: + - Type + - Id + - Info + ContainerInfo: + type: object + additionalProperties: false + properties: + EksInfo: + $ref: '#/components/schemas/EksInfo' + required: + - EksInfo + EksInfo: + type: object + additionalProperties: false + properties: + Namespace: + type: string + minLength: 1 + maxLength: 63 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + required: + - Namespace + Tag: + description: An arbitrary set of tags (key-value pairs) for this virtual cluster. + type: object + additionalProperties: false + properties: + Key: + description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + Value: + description: 'The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + required: + - Value + - Key + VirtualCluster: + type: object + properties: + Arn: + type: string + ContainerProvider: + description: Container provider of the virtual cluster. + $ref: '#/components/schemas/ContainerProvider' + Id: + description: Id of the virtual cluster. + type: string + minLength: 1 + maxLength: 64 + Name: + description: Name of the virtual cluster. + type: string + minLength: 1 + maxLength: 64 + pattern: '[\.\-_/#A-Za-z0-9]+' + Tags: + description: An array of key-value pairs to apply to this virtual cluster. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - ContainerProvider + x-stackql-resource-name: virtual_cluster + description: Resource Schema of AWS::EMRContainers::VirtualCluster Type + x-type-name: AWS::EMRContainers::VirtualCluster + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - ContainerProvider + - Name + x-read-only-properties: + - Arn + - Id + x-required-properties: + - Name + - ContainerProvider + x-required-permissions: + create: + - emr-containers:CreateVirtualCluster + - emr-containers:TagResource + - iam:CreateServiceLinkedRole + read: + - emr-containers:DescribeVirtualCluster + delete: + - emr-containers:DeleteVirtualCluster + list: + - emr-containers:ListVirtualClusters + update: + - emr-containers:DescribeVirtualCluster + - emr-containers:ListTagsForResource + - emr-containers:TagResource + - emr-containers:UntagResource + x-stackQL-resources: + virtual_clusters: + name: virtual_clusters + id: aws.emrcontainers.virtual_clusters + x-cfn-schema-name: VirtualCluster + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EMRContainers::VirtualCluster' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EMRContainers::VirtualCluster' + AND region = 'us-east-1' + virtual_cluster: + name: virtual_cluster + id: aws.emrcontainers.virtual_cluster + x-cfn-schema-name: VirtualCluster + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ContainerProvider') as container_provider, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EMRContainers::VirtualCluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ContainerProvider') as container_provider, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EMRContainers::VirtualCluster' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/emrserverless.yaml b/providers/src/aws/v00.00.00000/services/emrserverless.yaml new file mode 100644 index 00000000..8f4ce970 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/emrserverless.yaml @@ -0,0 +1,585 @@ +openapi: 3.0.0 +info: + title: EMRServerless + version: 1.0.0 +paths: {} +components: + schemas: + Architecture: + description: The cpu architecture of an application. + enum: + - ARM64 + - X86_64 + type: string + ImageConfigurationInput: + type: object + description: The image configuration. + properties: + ImageUri: + type: string + maxLength: 1024 + minLength: 1 + pattern: ^([a-z0-9]+[a-z0-9-.]*)\/((?:[a-z0-9]+(?:[._-][a-z0-9]+)*\/)*[a-z0-9]+(?:[._-][a-z0-9]+)*)(?:\:([a-zA-Z0-9_][a-zA-Z0-9-._]{0,299})|@(sha256:[0-9a-f]{64}))$ + description: The URI of an image in the Amazon ECR registry. This field is required when you create a new application. If you leave this field blank in an update, Amazon EMR will remove the image configuration. + additionalProperties: false + ConfigurationList: + type: array + description: Runtime configuration for batch and interactive JobRun. + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/ConfigurationObject' + MonitoringConfiguration: + type: object + description: Monitoring configuration for batch and interactive JobRun. + additionalProperties: false + properties: + S3MonitoringConfiguration: + description: S3 monitoring configurations for a JobRun. + $ref: '#/components/schemas/S3MonitoringConfiguration' + ManagedPersistenceMonitoringConfiguration: + description: Managed log persistence configurations for a JobRun. + $ref: '#/components/schemas/ManagedPersistenceMonitoringConfiguration' + CloudWatchLoggingConfiguration: + description: CloudWatch logging configurations for a JobRun. + $ref: '#/components/schemas/CloudWatchLoggingConfiguration' + S3MonitoringConfiguration: + additionalProperties: false + properties: + LogUri: + $ref: '#/components/schemas/UriString' + EncryptionKeyArn: + description: KMS key ARN to encrypt the logs stored in given s3 + $ref: '#/components/schemas/EncryptionKeyArn' + ManagedPersistenceMonitoringConfiguration: + additionalProperties: false + properties: + Enabled: + description: If set to false, managed logging will be turned off. Defaults to true. + type: boolean + default: true + EncryptionKeyArn: + description: KMS key ARN to encrypt the logs stored in managed persistence + $ref: '#/components/schemas/EncryptionKeyArn' + CloudWatchLoggingConfiguration: + additionalProperties: false + properties: + Enabled: + description: If set to false, CloudWatch logging will be turned off. Defaults to false. + type: boolean + default: false + LogGroupName: + description: Log-group name to produce log-streams on CloudWatch. If undefined, logs will be produced in a default log-group /aws/emr-serverless + $ref: '#/components/schemas/LogGroupName' + LogStreamNamePrefix: + description: Log-stream name prefix by which log-stream names will start in the CloudWatch Log-group. + $ref: '#/components/schemas/LogStreamNamePrefix' + EncryptionKeyArn: + description: KMS key ARN to encrypt the logs stored in given CloudWatch log-group. + $ref: '#/components/schemas/EncryptionKeyArn' + LogTypeMap: + description: The specific log-streams which need to be uploaded to CloudWatch. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/LogTypeMapKeyValuePair' + LogTypeMapKeyValuePair: + type: object + additionalProperties: false + properties: + Key: + $ref: '#/components/schemas/WorkerTypeString' + Value: + $ref: '#/components/schemas/LogTypeList' + required: + - Key + - Value + LogTypeList: + description: 'List of Applicable values: [STDOUT, STDERR, HIVE_LOG, TEZ_AM, SYSTEM_LOGS]' + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 1 + maxItems: 5 + items: + $ref: '#/components/schemas/LogTypeString' + InitialCapacityConfigMap: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/InitialCapacityConfigKeyValuePair' + InitialCapacityConfigKeyValuePair: + type: object + additionalProperties: false + properties: + Key: + description: Worker type for an analytics framework. + type: string + minLength: 1 + maxLength: 50 + pattern: ^[a-zA-Z]+[-_]*[a-zA-Z]+$ + Value: + $ref: '#/components/schemas/InitialCapacityConfig' + required: + - Key + - Value + InitialCapacityConfig: + type: object + additionalProperties: false + properties: + WorkerCount: + description: Initial count of workers to be initialized when an Application is started. This count will be continued to be maintained until the Application is stopped + type: integer + format: int64 + minimum: 1 + maximum: 1000000 + WorkerConfiguration: + $ref: '#/components/schemas/WorkerConfiguration' + required: + - WorkerCount + - WorkerConfiguration + WorkerConfiguration: + type: object + additionalProperties: false + properties: + Cpu: + description: Per worker CPU resource. vCPU is the only supported unit and specifying vCPU is optional. + $ref: '#/components/schemas/CpuSize' + Memory: + description: Per worker memory resource. GB is the only supported unit and specifying GB is optional. + $ref: '#/components/schemas/MemorySize' + Disk: + description: Per worker Disk resource. GB is the only supported unit and specifying GB is optional + $ref: '#/components/schemas/DiskSize' + required: + - Cpu + - Memory + MaximumAllowedResources: + type: object + additionalProperties: false + properties: + Cpu: + description: Per worker CPU resource. vCPU is the only supported unit and specifying vCPU is optional. + $ref: '#/components/schemas/CpuSize' + Memory: + description: Per worker memory resource. GB is the only supported unit and specifying GB is optional. + $ref: '#/components/schemas/MemorySize' + Disk: + description: Per worker Disk resource. GB is the only supported unit and specifying GB is optional + $ref: '#/components/schemas/DiskSize' + required: + - Cpu + - Memory + AutoStartConfiguration: + description: Configuration for Auto Start of Application + type: object + additionalProperties: false + properties: + Enabled: + description: If set to true, the Application will automatically start. Defaults to true. + type: boolean + default: true + required: [] + AutoStopConfiguration: + description: Configuration for Auto Stop of Application + type: object + additionalProperties: false + properties: + Enabled: + description: If set to true, the Application will automatically stop after being idle. Defaults to true. + type: boolean + default: true + IdleTimeoutMinutes: + type: integer + description: The amount of time [in minutes] to wait before auto stopping the Application when idle. Defaults to 15 minutes. + required: [] + NetworkConfiguration: + type: object + additionalProperties: false + properties: + SubnetIds: + description: The ID of the subnets in the VPC to which you want to connect your job or application. + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 1 + maxItems: 16 + items: + $ref: '#/components/schemas/SubnetId' + SecurityGroupIds: + description: The ID of the security groups in the VPC to which you want to connect your job or application. + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 1 + maxItems: 5 + items: + $ref: '#/components/schemas/SecurityGroupId' + required: [] + SubnetId: + description: Identifier of a subnet + type: string + minLength: 1 + maxLength: 32 + pattern: ^[-0-9a-zA-Z]+ + SecurityGroupId: + description: Identifier of a security group + type: string + minLength: 1 + maxLength: 32 + pattern: ^[-0-9a-zA-Z]+ + UriString: + type: string + maxLength: 10280 + minLength: 1 + pattern: '[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\r\n\t]*' + EncryptionKeyArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:(aws[a-zA-Z0-9-]*):kms:[a-zA-Z0-9\-]*:(\d{12})?:key\/[a-zA-Z0-9-]+$ + Classification: + type: string + maxLength: 1024 + minLength: 1 + pattern: .*\S.* + LogGroupName: + type: string + maxLength: 512 + minLength: 1 + pattern: ^[\.\-_/#A-Za-z0-9]+$ + LogStreamNamePrefix: + type: string + maxLength: 512 + minLength: 1 + pattern: ^[^:*]*$ + LogTypeString: + type: string + maxLength: 50 + minLength: 1 + pattern: ^[a-zA-Z]+[-_]*[a-zA-Z]+$ + WorkerTypeString: + type: string + maxLength: 50 + minLength: 1 + pattern: ^[a-zA-Z]+[-_]*[a-zA-Z]+$ + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + type: string + description: 'The value for the tag. You can specify a value that is 1 to 128 Unicode characters in length. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 128 + pattern: ^[A-Za-z0-9 /_.:=+@-]+$ + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 0 + maxLength: 256 + pattern: ^[A-Za-z0-9 /_.:=+@-]*$ + required: + - Key + - Value + ConfigurationObject: + type: object + description: Configuration for a JobRun. + additionalProperties: false + properties: + Classification: + description: String with a maximum length of 1024. + $ref: '#/components/schemas/Classification' + Properties: + type: object + additionalProperties: false + x-patternProperties: + ^[a-zA-Z]+[-a-zA-Z0-9_.]*$: + $ref: '#/components/schemas/SensitivePropertiesMap' + Configurations: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/ConfigurationObject' + required: + - Classification + SensitivePropertiesMap: + type: string + minLength: 1 + maxLength: 1024 + pattern: .*\S.* + SensitivePropertiesKeyValuePair: + type: string + minLength: 1 + maxLength: 1024 + pattern: .*\S.* + CpuSize: + description: Per worker CPU resource. vCPU is the only supported unit and specifying vCPU is optional. + type: string + minLength: 1 + maxLength: 15 + pattern: ^[1-9][0-9]*(\s)?(vCPU|vcpu|VCPU)?$ + MemorySize: + description: Per worker memory resource. GB is the only supported unit and specifying GB is optional. + type: string + minLength: 1 + maxLength: 15 + pattern: ^[1-9][0-9]*(\s)?(GB|gb|gB|Gb)?$ + DiskSize: + description: Per worker Disk resource. GB is the only supported unit and specifying GB is optional + type: string + minLength: 1 + maxLength: 15 + pattern: ^[1-9][0-9]*(\s)?(GB|gb|gB|Gb)$ + WorkerTypeSpecificationInput: + type: object + description: The specifications for a worker type. + properties: + ImageConfiguration: + $ref: '#/components/schemas/ImageConfigurationInput' + additionalProperties: false + WorkerTypeSpecificationInputMap: + type: object + x-patternProperties: + ^[a-zA-Z]+[-_]*[a-zA-Z]+$: + $ref: '#/components/schemas/WorkerTypeSpecificationInput' + additionalProperties: false + Application: + type: object + properties: + Architecture: + $ref: '#/components/schemas/Architecture' + Name: + description: User friendly Application name. + type: string + minLength: 1 + maxLength: 64 + pattern: ^[A-Za-z0-9._\/#-]+$ + ReleaseLabel: + description: EMR release label. + type: string + minLength: 1 + maxLength: 64 + pattern: ^[A-Za-z0-9._/-]+$ + Type: + description: The type of the application + type: string + InitialCapacity: + description: Initial capacity initialized when an Application is started. + $ref: '#/components/schemas/InitialCapacityConfigMap' + MaximumCapacity: + description: Maximum allowed cumulative resources for an Application. No new resources will be created once the limit is hit. + $ref: '#/components/schemas/MaximumAllowedResources' + Tags: + description: Tag map with key and value + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + AutoStartConfiguration: + description: Configuration for Auto Start of Application. + $ref: '#/components/schemas/AutoStartConfiguration' + AutoStopConfiguration: + description: Configuration for Auto Stop of Application. + $ref: '#/components/schemas/AutoStopConfiguration' + ImageConfiguration: + $ref: '#/components/schemas/ImageConfigurationInput' + MonitoringConfiguration: + $ref: '#/components/schemas/MonitoringConfiguration' + RuntimeConfiguration: + $ref: '#/components/schemas/ConfigurationList' + NetworkConfiguration: + description: Network Configuration for customer VPC connectivity. + $ref: '#/components/schemas/NetworkConfiguration' + Arn: + description: The Amazon Resource Name (ARN) of the EMR Serverless Application. + type: string + ApplicationId: + description: The ID of the EMR Serverless Application. + type: string + minLength: 1 + maxLength: 64 + WorkerTypeSpecifications: + description: The key-value pairs that specify worker type to WorkerTypeSpecificationInput. This parameter must contain all valid worker types for a Spark or Hive application. Valid worker types include Driver and Executor for Spark applications and HiveDriver and TezTask for Hive applications. You can either set image details in this parameter for each worker type, or in imageConfiguration for all worker types. + $ref: '#/components/schemas/WorkerTypeSpecificationInputMap' + required: + - ReleaseLabel + - Type + x-stackql-resource-name: application + description: Resource schema for AWS::EMRServerless::Application Type + x-type-name: AWS::EMRServerless::Application + x-stackql-primary-identifier: + - ApplicationId + x-create-only-properties: + - Name + - Type + x-conditional-create-only-properties: + - Architecture + - ReleaseLabel + - WorkerTypeSpecifications + - MaximumCapacity + - InitialCapacity + - AutoStartConfiguration + - AutoStopConfiguration + - NetworkConfiguration + - ImageConfiguration + - MonitoringConfiguration + - RuntimeConfiguration + x-read-only-properties: + - Arn + - ApplicationId + x-required-properties: + - ReleaseLabel + - Type + x-tagging: + taggable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - kms:Create* + - kms:Describe* + - kms:Enable* + - kms:List* + - kms:Put* + - kms:Update* + - kms:Revoke* + - kms:Disable* + - kms:Get* + - kms:Delete* + - kms:ScheduleKeyDeletion + - kms:CancelKeyDeletion + - kms:GenerateDataKey + - kms:TagResource + - kms:UntagResource + - kms:Decrypt + - emr-serverless:CreateApplication + - emr-serverless:TagResource + - emr-serverless:GetApplication + - iam:CreateServiceLinkedRole + - ec2:CreateNetworkInterface + - ecr:BatchGetImage + - ecr:DescribeImages + - ecr:GetDownloadUrlForLayer + read: + - emr-serverless:GetApplication + update: + - emr-serverless:UpdateApplication + - emr-serverless:TagResource + - emr-serverless:UntagResource + - emr-serverless:GetApplication + - ec2:CreateNetworkInterface + - ecr:BatchGetImage + - ecr:DescribeImages + - ecr:GetDownloadUrlForLayer + - kms:Create* + - kms:Describe* + - kms:Enable* + - kms:List* + - kms:Put* + - kms:Update* + - kms:Revoke* + - kms:Disable* + - kms:Get* + - kms:Delete* + - kms:ScheduleKeyDeletion + - kms:CancelKeyDeletion + - kms:GenerateDataKey + - kms:TagResource + - kms:UntagResource + - kms:Decrypt + delete: + - emr-serverless:DeleteApplication + - emr-serverless:GetApplication + list: + - emr-serverless:ListApplications + x-stackQL-resources: + applications: + name: applications + id: aws.emrserverless.applications + x-cfn-schema-name: Application + x-type: list + x-identifiers: + - ApplicationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EMRServerless::Application' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationId') as application_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EMRServerless::Application' + AND region = 'us-east-1' + application: + name: application + id: aws.emrserverless.application + x-cfn-schema-name: Application + x-type: get + x-identifiers: + - ApplicationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Architecture') as architecture, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ReleaseLabel') as release_label, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.InitialCapacity') as initial_capacity, + JSON_EXTRACT(Properties, '$.MaximumCapacity') as maximum_capacity, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AutoStartConfiguration') as auto_start_configuration, + JSON_EXTRACT(Properties, '$.AutoStopConfiguration') as auto_stop_configuration, + JSON_EXTRACT(Properties, '$.ImageConfiguration') as image_configuration, + JSON_EXTRACT(Properties, '$.MonitoringConfiguration') as monitoring_configuration, + JSON_EXTRACT(Properties, '$.RuntimeConfiguration') as runtime_configuration, + JSON_EXTRACT(Properties, '$.NetworkConfiguration') as network_configuration, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.WorkerTypeSpecifications') as worker_type_specifications + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EMRServerless::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Architecture') as architecture, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ReleaseLabel') as release_label, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'InitialCapacity') as initial_capacity, + json_extract_path_text(Properties, 'MaximumCapacity') as maximum_capacity, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AutoStartConfiguration') as auto_start_configuration, + json_extract_path_text(Properties, 'AutoStopConfiguration') as auto_stop_configuration, + json_extract_path_text(Properties, 'ImageConfiguration') as image_configuration, + json_extract_path_text(Properties, 'MonitoringConfiguration') as monitoring_configuration, + json_extract_path_text(Properties, 'RuntimeConfiguration') as runtime_configuration, + json_extract_path_text(Properties, 'NetworkConfiguration') as network_configuration, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'WorkerTypeSpecifications') as worker_type_specifications + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EMRServerless::Application' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/entityresolution.yaml b/providers/src/aws/v00.00.00000/services/entityresolution.yaml new file mode 100644 index 00000000..52dda318 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/entityresolution.yaml @@ -0,0 +1,1116 @@ +openapi: 3.0.0 +info: + title: EntityResolution + version: 1.0.0 +paths: {} +components: + schemas: + EntityName: + type: string + pattern: ^[a-zA-Z_0-9-]*$ + minLength: 0 + maxLength: 255 + Description: + type: string + minLength: 0 + maxLength: 255 + AttributeName: + type: string + pattern: ^[a-zA-Z_0-9- \t]*$ + minLength: 0 + maxLength: 255 + SchemaMappingArn: + description: The SchemaMapping arn associated with the Schema + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):entityresolution:.*:[0-9]+:(schemamapping/.*)$ + KMSArn: + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):kms:.*:[0-9]+:.*$ + IdMappingWorkflowArn: + description: The default IdMappingWorkflow arn + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):entityresolution:.*:[0-9]+:(idmappingworkflow/.*)$ + CreatedAt: + description: The time of this SchemaMapping got created + type: string + UpdatedAt: + description: The time of this SchemaMapping got last updated at + type: string + IdMappingWorkflowInputSource: + type: object + properties: + InputSourceARN: + description: An Glue table ARN for the input source table or IdNamespace ARN + type: string + pattern: arn:(aws|aws-us-gov|aws-cn):.*:.*:[0-9]+:.*$ + SchemaArn: + type: string + $ref: '#/components/schemas/SchemaMappingArn' + Type: + type: string + enum: + - SOURCE + - TARGET + required: + - InputSourceARN + additionalProperties: false + IdMappingWorkflowOutputSource: + type: object + properties: + OutputS3Path: + description: The S3 path to which Entity Resolution will write the output table + type: string + pattern: ^s3://([^/]+)/?(.*?([^/]+)/?)$ + KMSArn: + $ref: '#/components/schemas/KMSArn' + required: + - OutputS3Path + additionalProperties: false + IdMappingTechniques: + type: object + properties: + IdMappingType: + type: string + enum: + - PROVIDER + ProviderProperties: + $ref: '#/components/schemas/ProviderProperties' + additionalProperties: false + ProviderProperties: + type: object + properties: + ProviderServiceArn: + type: string + description: Arn of the Provider service being used. + ProviderConfiguration: + type: object + additionalProperties: false + x-patternProperties: + ^.+$: + type: string + description: Additional Provider configuration that would be required for the provider service. The Configuration must be in JSON string format + IntermediateSourceConfiguration: + $ref: '#/components/schemas/IntermediateSourceConfiguration' + required: + - ProviderServiceArn + additionalProperties: false + IntermediateSourceConfiguration: + type: object + properties: + IntermediateS3Path: + type: string + description: The s3 path that would be used to stage the intermediate data being generated during workflow execution. + required: + - IntermediateS3Path + additionalProperties: false + Tag: + description: A key-value pair to associate with a resource + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + IdMappingWorkflow: + type: object + properties: + WorkflowName: + description: The name of the IdMappingWorkflow + $ref: '#/components/schemas/EntityName' + Description: + description: The description of the IdMappingWorkflow + $ref: '#/components/schemas/Description' + InputSourceConfig: + type: array + x-insertionOrder: false + minItems: 1 + maxItems: 20 + items: + $ref: '#/components/schemas/IdMappingWorkflowInputSource' + OutputSourceConfig: + type: array + x-insertionOrder: false + minItems: 1 + maxItems: 1 + items: + $ref: '#/components/schemas/IdMappingWorkflowOutputSource' + IdMappingTechniques: + $ref: '#/components/schemas/IdMappingTechniques' + RoleArn: + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + Tags: + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + WorkflowArn: + $ref: '#/components/schemas/IdMappingWorkflowArn' + CreatedAt: + $ref: '#/components/schemas/CreatedAt' + UpdatedAt: + $ref: '#/components/schemas/UpdatedAt' + required: + - WorkflowName + - InputSourceConfig + - IdMappingTechniques + - RoleArn + x-stackql-resource-name: id_mapping_workflow + description: IdMappingWorkflow defined in AWS Entity Resolution service + x-type-name: AWS::EntityResolution::IdMappingWorkflow + x-stackql-primary-identifier: + - WorkflowName + x-create-only-properties: + - WorkflowName + x-read-only-properties: + - WorkflowArn + - UpdatedAt + - CreatedAt + x-required-properties: + - WorkflowName + - InputSourceConfig + - IdMappingTechniques + - RoleArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - entityresolution:CreateIdMappingWorkflow + - entityresolution:GetIdMappingWorkflow + - entityresolution:TagResource + - kms:CreateGrant + - kms:DescribeKey + - iam:PassRole + update: + - entityresolution:GetIdMappingWorkflow + - entityresolution:UpdateIdMappingWorkflow + - entityresolution:ListTagsForResource + - entityresolution:TagResource + - entityresolution:UntagResource + - iam:PassRole + - kms:CreateGrant + - kms:DescribeKey + read: + - entityresolution:GetIdMappingWorkflow + - entityresolution:ListTagsForResource + delete: + - entityresolution:DeleteIdMappingWorkflow + - entityresolution:GetIdMappingWorkflow + - entityresolution:UntagResource + list: + - entityresolution:ListIdMappingWorkflows + IdNamespaceInputSource: + type: object + properties: + InputSourceARN: + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(idnamespace/[a-zA-Z_0-9-]{1,255})$|^arn:(aws|aws-us-gov|aws-cn):glue:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(table/[a-zA-Z_0-9-]{1,255}/[a-zA-Z_0-9-]{1,255})$ + SchemaName: + $ref: '#/components/schemas/EntityName' + required: + - InputSourceARN + additionalProperties: false + IdNamespaceIdMappingWorkflowProperties: + type: object + properties: + IdMappingType: + type: string + enum: + - PROVIDER + ProviderProperties: + $ref: '#/components/schemas/NamespaceProviderProperties' + required: + - IdMappingType + additionalProperties: false + NamespaceProviderProperties: + type: object + properties: + ProviderServiceArn: + $ref: '#/components/schemas/ProviderServiceArn' + ProviderConfiguration: + type: object + description: Additional Provider configuration that would be required for the provider service. The Configuration must be in JSON string format. + x-patternProperties: + ^.+$: + type: string + additionalProperties: false + required: + - ProviderServiceArn + additionalProperties: false + ProviderServiceArn: + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):(entityresolution):([a-z]{2}-[a-z]{1,10}-[0-9])::providerservice/([a-zA-Z0-9_-]{1,255})/([a-zA-Z0-9_-]{1,255})$ + minLength: 20 + maxLength: 255 + IdNamespace: + type: object + properties: + IdNamespaceName: + $ref: '#/components/schemas/EntityName' + Description: + type: string + minLength: 0 + maxLength: 255 + InputSourceConfig: + type: array + x-insertionOrder: false + minItems: 0 + maxItems: 20 + items: + $ref: '#/components/schemas/IdNamespaceInputSource' + IdMappingWorkflowProperties: + type: array + x-insertionOrder: false + minItems: 1 + maxItems: 1 + items: + $ref: '#/components/schemas/IdNamespaceIdMappingWorkflowProperties' + Type: + type: string + enum: + - SOURCE + - TARGET + RoleArn: + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + minLength: 32 + maxLength: 512 + IdNamespaceArn: + description: The arn associated with the IdNamespace + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(idnamespace/[a-zA-Z_0-9-]{1,255})$ + CreatedAt: + description: The date and time when the IdNamespace was created + type: string + UpdatedAt: + description: The date and time when the IdNamespace was updated + type: string + Tags: + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + required: + - IdNamespaceName + - Type + x-stackql-resource-name: id_namespace + description: IdNamespace defined in AWS Entity Resolution service + x-type-name: AWS::EntityResolution::IdNamespace + x-stackql-primary-identifier: + - IdNamespaceName + x-create-only-properties: + - IdNamespaceName + x-read-only-properties: + - IdNamespaceArn + - CreatedAt + - UpdatedAt + x-required-properties: + - IdNamespaceName + - Type + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - entityresolution:CreateIdNamespace + - entityresolution:TagResource + - iam:PassRole + read: + - entityresolution:GetIdNamespace + - entityresolution:ListTagsForResource + update: + - entityresolution:UpdateIdNamespace + - entityresolution:ListTagsForResource + - entityresolution:TagResource + - entityresolution:UntagResource + - iam:PassRole + delete: + - entityresolution:DeleteIdNamespace + - entityresolution:GetIdNamespace + - entityresolution:UntagResource + list: + - entityresolution:ListIdNamespaces + MatchingWorkflowArn: + description: The default MatchingWorkflow arn + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):entityresolution:.*:[0-9]+:(matchingworkflow/.*)$ + InputSource: + type: object + properties: + InputSourceARN: + description: An Glue table ARN for the input source table + type: string + pattern: arn:(aws|aws-us-gov|aws-cn):.*:.*:[0-9]+:.*$ + SchemaArn: + type: string + $ref: '#/components/schemas/SchemaMappingArn' + ApplyNormalization: + type: boolean + required: + - InputSourceARN + - SchemaArn + additionalProperties: false + OutputSource: + type: object + properties: + OutputS3Path: + description: The S3 path to which Entity Resolution will write the output table + type: string + pattern: ^s3://([^/]+)/?(.*?([^/]+)/?)$ + Output: + type: array + x-insertionOrder: false + minItems: 0 + maxItems: 750 + items: + $ref: '#/components/schemas/OutputAttribute' + KMSArn: + $ref: '#/components/schemas/KMSArn' + ApplyNormalization: + type: boolean + required: + - Output + - OutputS3Path + additionalProperties: false + OutputAttribute: + type: object + properties: + Name: + $ref: '#/components/schemas/AttributeName' + Hashed: + type: boolean + required: + - Name + additionalProperties: false + ResolutionTechniques: + type: object + properties: + ResolutionType: + type: string + enum: + - RULE_MATCHING + - ML_MATCHING + - PROVIDER + RuleBasedProperties: + $ref: '#/components/schemas/RuleBasedProperties' + ProviderProperties: + $ref: '#/components/schemas/ProviderProperties' + additionalProperties: false + RuleBasedProperties: + type: object + properties: + Rules: + type: array + x-insertionOrder: false + minItems: 1 + maxItems: 15 + items: + $ref: '#/components/schemas/Rule' + AttributeMatchingModel: + type: string + enum: + - ONE_TO_ONE + - MANY_TO_MANY + required: + - AttributeMatchingModel + - Rules + additionalProperties: false + Rule: + type: object + properties: + RuleName: + type: string + pattern: ^[a-zA-Z_0-9- \t]*$ + minLength: 0 + maxLength: 255 + MatchingKeys: + type: array + x-insertionOrder: false + minItems: 1 + maxItems: 15 + items: + $ref: '#/components/schemas/AttributeName' + required: + - RuleName + - MatchingKeys + additionalProperties: false + MatchingWorkflow: + type: object + properties: + WorkflowName: + description: The name of the MatchingWorkflow + $ref: '#/components/schemas/EntityName' + Description: + description: The description of the MatchingWorkflow + $ref: '#/components/schemas/Description' + InputSourceConfig: + type: array + x-insertionOrder: false + minItems: 1 + maxItems: 20 + items: + $ref: '#/components/schemas/InputSource' + OutputSourceConfig: + type: array + x-insertionOrder: false + minItems: 1 + maxItems: 1 + items: + $ref: '#/components/schemas/OutputSource' + ResolutionTechniques: + $ref: '#/components/schemas/ResolutionTechniques' + RoleArn: + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + Tags: + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + WorkflowArn: + $ref: '#/components/schemas/MatchingWorkflowArn' + CreatedAt: + $ref: '#/components/schemas/CreatedAt' + UpdatedAt: + $ref: '#/components/schemas/UpdatedAt' + required: + - WorkflowName + - InputSourceConfig + - OutputSourceConfig + - ResolutionTechniques + - RoleArn + x-stackql-resource-name: matching_workflow + description: MatchingWorkflow defined in AWS Entity Resolution service + x-type-name: AWS::EntityResolution::MatchingWorkflow + x-stackql-primary-identifier: + - WorkflowName + x-create-only-properties: + - WorkflowName + x-read-only-properties: + - WorkflowArn + - UpdatedAt + - CreatedAt + x-required-properties: + - WorkflowName + - InputSourceConfig + - OutputSourceConfig + - ResolutionTechniques + - RoleArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - entityresolution:CreateMatchingWorkflow + - entityresolution:GetMatchingWorkflow + - entityresolution:TagResource + - kms:CreateGrant + - kms:DescribeKey + - iam:PassRole + read: + - entityresolution:GetMatchingWorkflow + - entityresolution:ListTagsForResource + delete: + - entityresolution:DeleteMatchingWorkflow + - entityresolution:GetMatchingWorkflow + - entityresolution:UntagResource + list: + - entityresolution:ListMatchingWorkflows + update: + - entityresolution:GetMatchingWorkflow + - entityresolution:UpdateMatchingWorkflow + - entityresolution:ListTagsForResource + - entityresolution:TagResource + - entityresolution:UntagResource + - iam:PassRole + - kms:CreateGrant + - kms:DescribeKey + VeniceGlobalArn: + description: Arn of the resource to which the policy statement is being attached. + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:((schemamapping|matchingworkflow|idmappingworkflow|idnamespace)/[a-zA-Z_0-9-]{1,255})$ + StatementId: + description: The Statement Id of the policy statement that is being attached. + type: string + pattern: ^[0-9A-Za-z]+$ + minLength: 1 + maxLength: 64 + StatementEffect: + type: string + enum: + - Allow + - Deny + StatementAction: + type: string + pattern: ^(entityresolution:[a-zA-Z0-9]+)$ + minLength: 3 + maxLength: 64 + StatementActionList: + type: array + items: + $ref: '#/components/schemas/StatementAction' + StatementPrincipal: + type: string + pattern: ^(\\d{12})|([a-z0-9\\.]+)$ + minLength: 12 + maxLength: 64 + StatementPrincipalList: + type: array + items: + $ref: '#/components/schemas/StatementPrincipal' + StatementCondition: + type: string + minLength: 1 + maxLength: 40960 + PolicyStatement: + type: object + properties: + Arn: + $ref: '#/components/schemas/VeniceGlobalArn' + StatementId: + $ref: '#/components/schemas/StatementId' + Effect: + $ref: '#/components/schemas/StatementEffect' + Action: + $ref: '#/components/schemas/StatementActionList' + Principal: + $ref: '#/components/schemas/StatementPrincipalList' + Condition: + $ref: '#/components/schemas/StatementCondition' + required: + - Arn + - StatementId + x-stackql-resource-name: policy_statement + description: Policy Statement defined in AWS Entity Resolution Service + x-type-name: AWS::EntityResolution::PolicyStatement + x-stackql-primary-identifier: + - Arn + - StatementId + x-create-only-properties: + - StatementId + - Arn + x-required-properties: + - Arn + - StatementId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - entityresolution:AddPolicyStatement + read: + - entityresolution:GetPolicy + update: + - entityresolution:AddPolicyStatement + - entityresolution:DeletePolicyStatement + delete: + - entityresolution:DeletePolicyStatement + - entityresolution:GetPolicy + list: + - entityresolution:GetPolicy + SchemaAttributeType: + type: string + enum: + - NAME + - NAME_FIRST + - NAME_MIDDLE + - NAME_LAST + - ADDRESS + - ADDRESS_STREET1 + - ADDRESS_STREET2 + - ADDRESS_STREET3 + - ADDRESS_CITY + - ADDRESS_STATE + - ADDRESS_COUNTRY + - ADDRESS_POSTALCODE + - PHONE + - PHONE_NUMBER + - PHONE_COUNTRYCODE + - EMAIL_ADDRESS + - UNIQUE_ID + - DATE + - STRING + - PROVIDER_ID + MappedInputFields: + type: array + items: + $ref: '#/components/schemas/SchemaInputAttribute' + minItems: 2 + maxItems: 25 + x-insertionOrder: false + SchemaInputAttribute: + type: object + properties: + FieldName: + $ref: '#/components/schemas/AttributeName' + Type: + $ref: '#/components/schemas/SchemaAttributeType' + SubType: + type: string + description: The subtype of the Attribute. Would be required only when type is PROVIDER_ID + GroupName: + $ref: '#/components/schemas/AttributeName' + MatchKey: + $ref: '#/components/schemas/AttributeName' + required: + - FieldName + - Type + additionalProperties: false + HasWorkflows: + description: The boolean value that indicates whether or not a SchemaMapping has MatchingWorkflows that are associated with + type: boolean + SchemaMapping: + type: object + properties: + SchemaName: + description: The name of the SchemaMapping + $ref: '#/components/schemas/EntityName' + Description: + description: The description of the SchemaMapping + $ref: '#/components/schemas/Description' + MappedInputFields: + description: The SchemaMapping attributes input + $ref: '#/components/schemas/MappedInputFields' + Tags: + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + SchemaArn: + $ref: '#/components/schemas/SchemaMappingArn' + CreatedAt: + $ref: '#/components/schemas/CreatedAt' + UpdatedAt: + $ref: '#/components/schemas/UpdatedAt' + HasWorkflows: + $ref: '#/components/schemas/HasWorkflows' + required: + - SchemaName + - MappedInputFields + x-stackql-resource-name: schema_mapping + description: SchemaMapping defined in AWS Entity Resolution service + x-type-name: AWS::EntityResolution::SchemaMapping + x-stackql-primary-identifier: + - SchemaName + x-create-only-properties: + - SchemaName + x-read-only-properties: + - SchemaArn + - CreatedAt + - UpdatedAt + - HasWorkflows + x-required-properties: + - SchemaName + - MappedInputFields + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - entityresolution:CreateSchemaMapping + - entityresolution:GetSchemaMapping + - entityresolution:TagResource + read: + - entityresolution:GetSchemaMapping + - entityresolution:ListTagsForResource + delete: + - entityresolution:DeleteSchemaMapping + - entityresolution:GetSchemaMapping + update: + - entityresolution:GetSchemaMapping + - entityresolution:UpdateSchemaMapping + - entityresolution:ListTagsForResource + - entityresolution:TagResource + - entityresolution:UntagResource + list: + - entityresolution:ListSchemaMappings + x-stackQL-resources: + id_mapping_workflows: + name: id_mapping_workflows + id: aws.entityresolution.id_mapping_workflows + x-cfn-schema-name: IdMappingWorkflow + x-type: list + x-identifiers: + - WorkflowName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.WorkflowName') as workflow_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EntityResolution::IdMappingWorkflow' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'WorkflowName') as workflow_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EntityResolution::IdMappingWorkflow' + AND region = 'us-east-1' + id_mapping_workflow: + name: id_mapping_workflow + id: aws.entityresolution.id_mapping_workflow + x-cfn-schema-name: IdMappingWorkflow + x-type: get + x-identifiers: + - WorkflowName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.WorkflowName') as workflow_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.InputSourceConfig') as input_source_config, + JSON_EXTRACT(Properties, '$.OutputSourceConfig') as output_source_config, + JSON_EXTRACT(Properties, '$.IdMappingTechniques') as id_mapping_techniques, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.WorkflowArn') as workflow_arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EntityResolution::IdMappingWorkflow' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'WorkflowName') as workflow_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'InputSourceConfig') as input_source_config, + json_extract_path_text(Properties, 'OutputSourceConfig') as output_source_config, + json_extract_path_text(Properties, 'IdMappingTechniques') as id_mapping_techniques, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'WorkflowArn') as workflow_arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EntityResolution::IdMappingWorkflow' + AND data__Identifier = '' + AND region = 'us-east-1' + id_namespaces: + name: id_namespaces + id: aws.entityresolution.id_namespaces + x-cfn-schema-name: IdNamespace + x-type: list + x-identifiers: + - IdNamespaceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.IdNamespaceName') as id_namespace_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EntityResolution::IdNamespace' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'IdNamespaceName') as id_namespace_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EntityResolution::IdNamespace' + AND region = 'us-east-1' + id_namespace: + name: id_namespace + id: aws.entityresolution.id_namespace + x-cfn-schema-name: IdNamespace + x-type: get + x-identifiers: + - IdNamespaceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IdNamespaceName') as id_namespace_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.InputSourceConfig') as input_source_config, + JSON_EXTRACT(Properties, '$.IdMappingWorkflowProperties') as id_mapping_workflow_properties, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.IdNamespaceArn') as id_namespace_arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EntityResolution::IdNamespace' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IdNamespaceName') as id_namespace_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'InputSourceConfig') as input_source_config, + json_extract_path_text(Properties, 'IdMappingWorkflowProperties') as id_mapping_workflow_properties, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'IdNamespaceArn') as id_namespace_arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EntityResolution::IdNamespace' + AND data__Identifier = '' + AND region = 'us-east-1' + matching_workflows: + name: matching_workflows + id: aws.entityresolution.matching_workflows + x-cfn-schema-name: MatchingWorkflow + x-type: list + x-identifiers: + - WorkflowName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.WorkflowName') as workflow_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EntityResolution::MatchingWorkflow' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'WorkflowName') as workflow_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EntityResolution::MatchingWorkflow' + AND region = 'us-east-1' + matching_workflow: + name: matching_workflow + id: aws.entityresolution.matching_workflow + x-cfn-schema-name: MatchingWorkflow + x-type: get + x-identifiers: + - WorkflowName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.WorkflowName') as workflow_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.InputSourceConfig') as input_source_config, + JSON_EXTRACT(Properties, '$.OutputSourceConfig') as output_source_config, + JSON_EXTRACT(Properties, '$.ResolutionTechniques') as resolution_techniques, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.WorkflowArn') as workflow_arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EntityResolution::MatchingWorkflow' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'WorkflowName') as workflow_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'InputSourceConfig') as input_source_config, + json_extract_path_text(Properties, 'OutputSourceConfig') as output_source_config, + json_extract_path_text(Properties, 'ResolutionTechniques') as resolution_techniques, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'WorkflowArn') as workflow_arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EntityResolution::MatchingWorkflow' + AND data__Identifier = '' + AND region = 'us-east-1' + policy_statements: + name: policy_statements + id: aws.entityresolution.policy_statements + x-cfn-schema-name: PolicyStatement + x-type: list + x-identifiers: + - Arn + - StatementId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.StatementId') as statement_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EntityResolution::PolicyStatement' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'StatementId') as statement_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EntityResolution::PolicyStatement' + AND region = 'us-east-1' + policy_statement: + name: policy_statement + id: aws.entityresolution.policy_statement + x-cfn-schema-name: PolicyStatement + x-type: get + x-identifiers: + - Arn + - StatementId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.StatementId') as statement_id, + JSON_EXTRACT(Properties, '$.Effect') as effect, + JSON_EXTRACT(Properties, '$.Action') as action, + JSON_EXTRACT(Properties, '$.Principal') as principal, + JSON_EXTRACT(Properties, '$.Condition') as condition + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EntityResolution::PolicyStatement' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'StatementId') as statement_id, + json_extract_path_text(Properties, 'Effect') as effect, + json_extract_path_text(Properties, 'Action') as action, + json_extract_path_text(Properties, 'Principal') as principal, + json_extract_path_text(Properties, 'Condition') as condition + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EntityResolution::PolicyStatement' + AND data__Identifier = '|' + AND region = 'us-east-1' + schema_mappings: + name: schema_mappings + id: aws.entityresolution.schema_mappings + x-cfn-schema-name: SchemaMapping + x-type: list + x-identifiers: + - SchemaName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SchemaName') as schema_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EntityResolution::SchemaMapping' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SchemaName') as schema_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EntityResolution::SchemaMapping' + AND region = 'us-east-1' + schema_mapping: + name: schema_mapping + id: aws.entityresolution.schema_mapping + x-cfn-schema-name: SchemaMapping + x-type: get + x-identifiers: + - SchemaName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SchemaName') as schema_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.MappedInputFields') as mapped_input_fields, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.SchemaArn') as schema_arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.HasWorkflows') as has_workflows + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EntityResolution::SchemaMapping' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SchemaName') as schema_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'MappedInputFields') as mapped_input_fields, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'SchemaArn') as schema_arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'HasWorkflows') as has_workflows + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EntityResolution::SchemaMapping' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/events.yaml b/providers/src/aws/v00.00.00000/services/events.yaml new file mode 100644 index 00000000..9bbb70c8 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/events.yaml @@ -0,0 +1,1325 @@ +openapi: 3.0.0 +info: + title: Events + version: 1.0.0 +paths: {} +components: + schemas: + ApiDestination: + type: object + properties: + Name: + description: Name of the apiDestination. + type: string + minLength: 1 + maxLength: 64 + Description: + type: string + maxLength: 512 + ConnectionArn: + description: The arn of the connection. + type: string + Arn: + description: The arn of the api destination. + type: string + InvocationRateLimitPerSecond: + type: integer + minimum: 1 + InvocationEndpoint: + description: Url endpoint to invoke. + type: string + HttpMethod: + type: string + enum: + - GET + - HEAD + - POST + - OPTIONS + - PUT + - DELETE + - PATCH + required: + - ConnectionArn + - InvocationEndpoint + - HttpMethod + x-stackql-resource-name: api_destination + description: Resource Type definition for AWS::Events::ApiDestination. + x-type-name: AWS::Events::ApiDestination + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - ConnectionArn + - InvocationEndpoint + - HttpMethod + x-tagging: + taggable: false + x-required-permissions: + create: + - events:CreateApiDestination + - events:DescribeApiDestination + read: + - events:DescribeApiDestination + update: + - events:UpdateApiDestination + - events:DescribeApiDestination + delete: + - events:DeleteApiDestination + - events:DescribeApiDestination + list: + - events:ListApiDestinations + Archive: + type: object + properties: + ArchiveName: + type: string + minLength: 1 + maxLength: 48 + SourceArn: + type: string + Description: + type: string + EventPattern: + type: object + Arn: + type: string + RetentionDays: + type: integer + required: + - SourceArn + x-stackql-resource-name: archive + description: Resource Type definition for AWS::Events::Archive + x-type-name: AWS::Events::Archive + x-stackql-primary-identifier: + - ArchiveName + x-create-only-properties: + - ArchiveName + - SourceArn + x-read-only-properties: + - Arn + x-required-properties: + - SourceArn + x-required-permissions: + create: + - events:DescribeArchive + - events:CreateArchive + delete: + - events:DescribeArchive + - events:DeleteArchive + list: + - events:ListArchives + update: + - events:DescribeArchive + - events:UpdateArchive + read: + - events:DescribeArchive + AuthParameters: + type: object + minProperties: 1 + maxProperties: 2 + properties: + ApiKeyAuthParameters: + $ref: '#/components/schemas/ApiKeyAuthParameters' + BasicAuthParameters: + $ref: '#/components/schemas/BasicAuthParameters' + OAuthParameters: + $ref: '#/components/schemas/OAuthParameters' + InvocationHttpParameters: + $ref: '#/components/schemas/ConnectionHttpParameters' + oneOf: + - required: + - BasicAuthParameters + - required: + - OAuthParameters + - required: + - ApiKeyAuthParameters + additionalProperties: false + BasicAuthParameters: + type: object + properties: + Username: + type: string + Password: + type: string + required: + - Username + - Password + additionalProperties: false + OAuthParameters: + type: object + properties: + ClientParameters: + $ref: '#/components/schemas/ClientParameters' + AuthorizationEndpoint: + type: string + minLength: 1 + maxLength: 2048 + HttpMethod: + type: string + enum: + - GET + - POST + - PUT + OAuthHttpParameters: + $ref: '#/components/schemas/ConnectionHttpParameters' + required: + - ClientParameters + - AuthorizationEndpoint + - HttpMethod + additionalProperties: false + ApiKeyAuthParameters: + type: object + properties: + ApiKeyName: + type: string + ApiKeyValue: + type: string + required: + - ApiKeyName + - ApiKeyValue + additionalProperties: false + ClientParameters: + type: object + properties: + ClientID: + type: string + ClientSecret: + type: string + required: + - ClientID + - ClientSecret + additionalProperties: false + ConnectionHttpParameters: + type: object + properties: + HeaderParameters: + type: array + items: + $ref: '#/components/schemas/Parameter' + QueryStringParameters: + type: array + items: + $ref: '#/components/schemas/Parameter' + BodyParameters: + type: array + items: + $ref: '#/components/schemas/Parameter' + additionalProperties: false + Parameter: + type: object + properties: + Key: + type: string + Value: + type: string + IsValueSecret: + type: boolean + default: true + required: + - Key + - Value + additionalProperties: false + Connection: + type: object + properties: + Name: + description: Name of the connection. + type: string + minLength: 1 + maxLength: 64 + Arn: + description: The arn of the connection resource. + type: string + SecretArn: + description: The arn of the secrets manager secret created in the customer account. + type: string + Description: + description: Description of the connection. + type: string + maxLength: 512 + AuthorizationType: + type: string + enum: + - API_KEY + - BASIC + - OAUTH_CLIENT_CREDENTIALS + AuthParameters: + $ref: '#/components/schemas/AuthParameters' + x-stackql-resource-name: connection + description: Resource Type definition for AWS::Events::Connection. + x-type-name: AWS::Events::Connection + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-write-only-properties: + - AuthParameters + x-read-only-properties: + - Arn + - SecretArn + x-tagging: + taggable: false + x-required-permissions: + create: + - events:CreateConnection + - events:DescribeConnection + - secretsmanager:CreateSecret + - secretsmanager:GetSecretValue + - secretsmanager:PutSecretValue + - iam:CreateServiceLinkedRole + read: + - events:DescribeConnection + update: + - events:UpdateConnection + - events:DescribeConnection + - secretsmanager:CreateSecret + - secretsmanager:UpdateSecret + - secretsmanager:GetSecretValue + - secretsmanager:PutSecretValue + delete: + - events:DeleteConnection + - events:DescribeConnection + list: + - events:ListConnections + HealthCheck: + type: string + minLength: 1 + maxLength: 1600 + pattern: ^arn:aws([a-z]|\-)*:route53:::healthcheck/[\-a-z0-9]+$ + Primary: + type: object + additionalProperties: false + properties: + HealthCheck: + $ref: '#/components/schemas/HealthCheck' + required: + - HealthCheck + Route: + type: string + minLength: 9 + maxLength: 20 + pattern: ^[\-a-z0-9]+$ + Secondary: + type: object + additionalProperties: false + properties: + Route: + $ref: '#/components/schemas/Route' + required: + - Route + FailoverConfig: + type: object + additionalProperties: false + properties: + Primary: + $ref: '#/components/schemas/Primary' + Secondary: + $ref: '#/components/schemas/Secondary' + required: + - Primary + - Secondary + RoutingConfig: + type: object + additionalProperties: false + properties: + FailoverConfig: + $ref: '#/components/schemas/FailoverConfig' + required: + - FailoverConfig + EventBusArn: + type: string + minLength: 1 + maxLength: 512 + pattern: ^arn:aws[a-z-]*:events:[a-z]{2}-[a-z-]+-\d+:\d{12}:event-bus/[\w.-]+$ + EndpointEventBus: + type: object + additionalProperties: false + properties: + EventBusArn: + $ref: '#/components/schemas/EventBusArn' + required: + - EventBusArn + EventBuses: + type: array + x-insertionOrder: false + minItems: 2 + maxItems: 2 + items: + $ref: '#/components/schemas/EndpointEventBus' + ReplicationState: + type: string + enum: + - ENABLED + - DISABLED + ReplicationConfig: + type: object + additionalProperties: false + properties: + State: + $ref: '#/components/schemas/ReplicationState' + required: + - State + Endpoint: + type: object + properties: + Name: + type: string + minLength: 1 + maxLength: 64 + pattern: ^[\.\-_A-Za-z0-9]+$ + Arn: + type: string + minLength: 1 + maxLength: 1600 + pattern: ^arn:aws([a-z]|\-)*:events:([a-z]|\d|\-)*:([0-9]{12})?:endpoint\/[/\.\-_A-Za-z0-9]+$ + RoleArn: + type: string + minLength: 1 + maxLength: 256 + pattern: ^arn:aws[a-z-]*:iam::\d{12}:role\/[\w+=,.@/-]+$ + Description: + type: string + maxLength: 512 + pattern: .* + RoutingConfig: + $ref: '#/components/schemas/RoutingConfig' + ReplicationConfig: + $ref: '#/components/schemas/ReplicationConfig' + EventBuses: + $ref: '#/components/schemas/EventBuses' + EndpointId: + type: string + minLength: 1 + maxLength: 50 + pattern: ^[A-Za-z0-9\-]+[\.][A-Za-z0-9\-]+$ + EndpointUrl: + type: string + minLength: 1 + maxLength: 256 + pattern: ^(https://)?[\.\-a-z0-9]+$ + State: + type: string + enum: + - ACTIVE + - CREATING + - UPDATING + - DELETING + - CREATE_FAILED + - UPDATE_FAILED + StateReason: + type: string + minLength: 1 + maxLength: 512 + pattern: ^.*$ + required: + - RoutingConfig + - EventBuses + x-stackql-resource-name: endpoint + description: Resource Type definition for AWS::Events::Endpoint. + x-type-name: AWS::Events::Endpoint + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + - EndpointId + - EndpointUrl + - State + - StateReason + x-required-properties: + - RoutingConfig + - EventBuses + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - events:CreateEndpoint + - events:DescribeEndpoint + - route53:GetHealthCheck + - iam:PassRole + read: + - events:DescribeEndpoint + update: + - events:DescribeEndpoint + - events:UpdateEndpoint + - route53:GetHealthCheck + - iam:PassRole + delete: + - events:DeleteEndpoint + - events:DescribeEndpoint + list: + - events:ListEndpoints + Tag: + additionalProperties: false + type: object + properties: + Value: + type: string + Key: + type: string + EventBus: + type: object + properties: + EventSourceName: + description: If you are creating a partner event bus, this specifies the partner event source that the new event bus will be matched with. + type: string + Name: + description: The name of the event bus. + type: string + Tags: + description: Any tags assigned to the event bus. + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + Policy: + description: A JSON string that describes the permission policy statement for the event bus. + type: object + Arn: + description: The Amazon Resource Name (ARN) for the event bus. + type: string + required: + - Name + x-stackql-resource-name: event_bus + description: Resource type definition for AWS::Events::EventBus + x-type-name: AWS::Events::EventBus + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-write-only-properties: + - EventSourceName + x-read-only-properties: + - Arn + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - events:CreateEventBus + - events:DescribeEventBus + - events:PutPermission + - events:ListTagsForResource + - events:TagResource + read: + - events:DescribeEventBus + - events:ListTagsForResource + update: + - events:TagResource + - events:UntagResource + - events:PutPermission + - events:DescribeEventBus + delete: + - events:DescribeEventBus + - events:DeleteEventBus + list: + - events:ListEventBuses + - events:ListTagsForResource + CapacityProviderStrategyItem: + additionalProperties: false + type: object + properties: + CapacityProvider: + type: string + Base: + type: integer + Weight: + type: integer + required: + - CapacityProvider + HttpParameters: + additionalProperties: false + type: object + properties: + PathParameterValues: + uniqueItems: true + x-insertionOrder: true + type: array + items: + type: string + HeaderParameters: + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + additionalProperties: false + type: object + QueryStringParameters: + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + additionalProperties: false + type: object + DeadLetterConfig: + additionalProperties: false + type: object + properties: + Arn: + type: string + RunCommandParameters: + additionalProperties: false + type: object + properties: + RunCommandTargets: + uniqueItems: true + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/RunCommandTarget' + required: + - RunCommandTargets + PlacementStrategy: + additionalProperties: false + type: object + properties: + Field: + type: string + Type: + type: string + InputTransformer: + additionalProperties: false + type: object + properties: + InputPathsMap: + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + additionalProperties: false + type: object + InputTemplate: + type: string + required: + - InputTemplate + KinesisParameters: + additionalProperties: false + type: object + properties: + PartitionKeyPath: + type: string + required: + - PartitionKeyPath + BatchRetryStrategy: + additionalProperties: false + type: object + properties: + Attempts: + type: integer + RedshiftDataParameters: + additionalProperties: false + type: object + properties: + StatementName: + type: string + Sqls: + uniqueItems: false + x-insertionOrder: true + type: array + items: + type: string + Database: + type: string + SecretManagerArn: + type: string + DbUser: + type: string + Sql: + type: string + WithEvent: + type: boolean + required: + - Database + AppSyncParameters: + additionalProperties: false + type: object + properties: + GraphQLOperation: + type: string + required: + - GraphQLOperation + Target: + additionalProperties: false + type: object + properties: + InputPath: + type: string + HttpParameters: + $ref: '#/components/schemas/HttpParameters' + DeadLetterConfig: + $ref: '#/components/schemas/DeadLetterConfig' + RunCommandParameters: + $ref: '#/components/schemas/RunCommandParameters' + InputTransformer: + $ref: '#/components/schemas/InputTransformer' + KinesisParameters: + $ref: '#/components/schemas/KinesisParameters' + RoleArn: + type: string + RedshiftDataParameters: + $ref: '#/components/schemas/RedshiftDataParameters' + AppSyncParameters: + $ref: '#/components/schemas/AppSyncParameters' + Input: + type: string + SqsParameters: + $ref: '#/components/schemas/SqsParameters' + EcsParameters: + $ref: '#/components/schemas/EcsParameters' + BatchParameters: + $ref: '#/components/schemas/BatchParameters' + Id: + type: string + Arn: + type: string + SageMakerPipelineParameters: + $ref: '#/components/schemas/SageMakerPipelineParameters' + RetryPolicy: + $ref: '#/components/schemas/RetryPolicy' + required: + - Id + - Arn + PlacementConstraint: + additionalProperties: false + type: object + properties: + Type: + type: string + Expression: + type: string + AwsVpcConfiguration: + additionalProperties: false + type: object + properties: + SecurityGroups: + uniqueItems: true + x-insertionOrder: true + type: array + items: + type: string + Subnets: + uniqueItems: false + x-insertionOrder: true + type: array + items: + type: string + AssignPublicIp: + type: string + required: + - Subnets + SqsParameters: + additionalProperties: false + type: object + properties: + MessageGroupId: + type: string + required: + - MessageGroupId + RunCommandTarget: + additionalProperties: false + type: object + properties: + Values: + uniqueItems: true + x-insertionOrder: true + type: array + items: + type: string + Key: + type: string + required: + - Values + - Key + EcsParameters: + additionalProperties: false + type: object + properties: + PlatformVersion: + type: string + Group: + type: string + EnableECSManagedTags: + type: boolean + EnableExecuteCommand: + type: boolean + PlacementConstraints: + uniqueItems: true + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/PlacementConstraint' + PropagateTags: + type: string + TaskCount: + type: integer + PlacementStrategies: + uniqueItems: true + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/PlacementStrategy' + CapacityProviderStrategy: + uniqueItems: true + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/CapacityProviderStrategyItem' + LaunchType: + type: string + ReferenceId: + type: string + TagList: + uniqueItems: true + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/Tag' + NetworkConfiguration: + $ref: '#/components/schemas/NetworkConfiguration' + TaskDefinitionArn: + type: string + required: + - TaskDefinitionArn + BatchParameters: + additionalProperties: false + type: object + properties: + ArrayProperties: + $ref: '#/components/schemas/BatchArrayProperties' + JobName: + type: string + RetryStrategy: + $ref: '#/components/schemas/BatchRetryStrategy' + JobDefinition: + type: string + required: + - JobName + - JobDefinition + NetworkConfiguration: + additionalProperties: false + type: object + properties: + AwsVpcConfiguration: + $ref: '#/components/schemas/AwsVpcConfiguration' + SageMakerPipelineParameters: + additionalProperties: false + type: object + properties: + PipelineParameterList: + uniqueItems: true + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/SageMakerPipelineParameter' + RetryPolicy: + additionalProperties: false + type: object + properties: + MaximumRetryAttempts: + type: integer + MaximumEventAgeInSeconds: + type: integer + BatchArrayProperties: + additionalProperties: false + type: object + properties: + Size: + type: integer + SageMakerPipelineParameter: + additionalProperties: false + type: object + properties: + Value: + type: string + Name: + type: string + required: + - Value + - Name + Rule: + type: object + properties: + EventBusName: + description: The name or ARN of the event bus associated with the rule. If you omit this, the default event bus is used. + type: string + EventPattern: + description: The event pattern of the rule. For more information, see Events and Event Patterns in the Amazon EventBridge User Guide. + type: object + ScheduleExpression: + description: The scheduling expression. For example, "cron(0 20 * * ? *)", "rate(5 minutes)". For more information, see Creating an Amazon EventBridge rule that runs on a schedule. + type: string + Description: + description: The description of the rule. + type: string + State: + description: The state of the rule. + type: string + enum: + - DISABLED + - ENABLED + - ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS + Targets: + uniqueItems: true + description: |- + Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule. + Targets are the resources that are invoked when a rule is triggered. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Target' + Arn: + description: The ARN of the rule, such as arn:aws:events:us-east-2:123456789012:rule/example. + type: string + RoleArn: + description: The Amazon Resource Name (ARN) of the role that is used for target invocation. + type: string + Name: + description: The name of the rule. + type: string + x-stackql-resource-name: rule + description: Resource Type definition for AWS::Events::Rule + x-type-name: AWS::Events::Rule + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-conditional-create-only-properties: + - EventBusName + x-read-only-properties: + - Arn + x-tagging: + taggable: false + x-required-permissions: + read: + - iam:PassRole + - events:DescribeRule + - events:ListTargetsByRule + create: + - iam:PassRole + - events:DescribeRule + - events:PutRule + - events:PutTargets + update: + - iam:PassRole + - events:DescribeRule + - events:PutRule + - events:RemoveTargets + - events:PutTargets + list: + - events:ListRules + delete: + - iam:PassRole + - events:DescribeRule + - events:DeleteRule + - events:RemoveTargets + - events:ListTargetsByRule + x-stackQL-resources: + api_destinations: + name: api_destinations + id: aws.events.api_destinations + x-cfn-schema-name: ApiDestination + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Events::ApiDestination' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Events::ApiDestination' + AND region = 'us-east-1' + api_destination: + name: api_destination + id: aws.events.api_destination + x-cfn-schema-name: ApiDestination + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ConnectionArn') as connection_arn, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.InvocationRateLimitPerSecond') as invocation_rate_limit_per_second, + JSON_EXTRACT(Properties, '$.InvocationEndpoint') as invocation_endpoint, + JSON_EXTRACT(Properties, '$.HttpMethod') as http_method + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Events::ApiDestination' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ConnectionArn') as connection_arn, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'InvocationRateLimitPerSecond') as invocation_rate_limit_per_second, + json_extract_path_text(Properties, 'InvocationEndpoint') as invocation_endpoint, + json_extract_path_text(Properties, 'HttpMethod') as http_method + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Events::ApiDestination' + AND data__Identifier = '' + AND region = 'us-east-1' + archives: + name: archives + id: aws.events.archives + x-cfn-schema-name: Archive + x-type: list + x-identifiers: + - ArchiveName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ArchiveName') as archive_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Events::Archive' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ArchiveName') as archive_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Events::Archive' + AND region = 'us-east-1' + archive: + name: archive + id: aws.events.archive + x-cfn-schema-name: Archive + x-type: get + x-identifiers: + - ArchiveName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ArchiveName') as archive_name, + JSON_EXTRACT(Properties, '$.SourceArn') as source_arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EventPattern') as event_pattern, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.RetentionDays') as retention_days + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Events::Archive' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ArchiveName') as archive_name, + json_extract_path_text(Properties, 'SourceArn') as source_arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EventPattern') as event_pattern, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'RetentionDays') as retention_days + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Events::Archive' + AND data__Identifier = '' + AND region = 'us-east-1' + connections: + name: connections + id: aws.events.connections + x-cfn-schema-name: Connection + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Events::Connection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Events::Connection' + AND region = 'us-east-1' + connection: + name: connection + id: aws.events.connection + x-cfn-schema-name: Connection + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.SecretArn') as secret_arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.AuthorizationType') as authorization_type, + JSON_EXTRACT(Properties, '$.AuthParameters') as auth_parameters + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Events::Connection' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'SecretArn') as secret_arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'AuthorizationType') as authorization_type, + json_extract_path_text(Properties, 'AuthParameters') as auth_parameters + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Events::Connection' + AND data__Identifier = '' + AND region = 'us-east-1' + endpoints: + name: endpoints + id: aws.events.endpoints + x-cfn-schema-name: Endpoint + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Events::Endpoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Events::Endpoint' + AND region = 'us-east-1' + endpoint: + name: endpoint + id: aws.events.endpoint + x-cfn-schema-name: Endpoint + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.RoutingConfig') as routing_config, + JSON_EXTRACT(Properties, '$.ReplicationConfig') as replication_config, + JSON_EXTRACT(Properties, '$.EventBuses') as event_buses, + JSON_EXTRACT(Properties, '$.EndpointId') as endpoint_id, + JSON_EXTRACT(Properties, '$.EndpointUrl') as endpoint_url, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.StateReason') as state_reason + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Events::Endpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'RoutingConfig') as routing_config, + json_extract_path_text(Properties, 'ReplicationConfig') as replication_config, + json_extract_path_text(Properties, 'EventBuses') as event_buses, + json_extract_path_text(Properties, 'EndpointId') as endpoint_id, + json_extract_path_text(Properties, 'EndpointUrl') as endpoint_url, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'StateReason') as state_reason + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Events::Endpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + event_buses: + name: event_buses + id: aws.events.event_buses + x-cfn-schema-name: EventBus + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Events::EventBus' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Events::EventBus' + AND region = 'us-east-1' + event_bus: + name: event_bus + id: aws.events.event_bus + x-cfn-schema-name: EventBus + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.EventSourceName') as event_source_name, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Policy') as policy, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Events::EventBus' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'EventSourceName') as event_source_name, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Policy') as policy, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Events::EventBus' + AND data__Identifier = '' + AND region = 'us-east-1' + rules: + name: rules + id: aws.events.rules + x-cfn-schema-name: Rule + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Events::Rule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Events::Rule' + AND region = 'us-east-1' + rule: + name: rule + id: aws.events.rule + x-cfn-schema-name: Rule + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.EventBusName') as event_bus_name, + JSON_EXTRACT(Properties, '$.EventPattern') as event_pattern, + JSON_EXTRACT(Properties, '$.ScheduleExpression') as schedule_expression, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Targets') as targets, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Events::Rule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'EventBusName') as event_bus_name, + json_extract_path_text(Properties, 'EventPattern') as event_pattern, + json_extract_path_text(Properties, 'ScheduleExpression') as schedule_expression, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Targets') as targets, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Events::Rule' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/eventschemas.yaml b/providers/src/aws/v00.00.00000/services/eventschemas.yaml new file mode 100644 index 00000000..0fd73328 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/eventschemas.yaml @@ -0,0 +1,502 @@ +openapi: 3.0.0 +info: + title: EventSchemas + version: 1.0.0 +paths: {} +components: + schemas: + TagsEntry: + type: object + additionalProperties: false + properties: + Value: + type: string + Key: + type: string + required: + - Value + - Key + Discoverer: + type: object + properties: + DiscovererArn: + type: string + description: The ARN of the discoverer. + DiscovererId: + type: string + description: The Id of the discoverer. + Description: + type: string + description: A description for the discoverer. + SourceArn: + type: string + description: The ARN of the event bus. + CrossAccount: + type: boolean + default: true + description: Defines whether event schemas from other accounts are discovered. Default is True. + State: + type: string + description: Defines the current state of the discoverer. + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/TagsEntry' + description: Tags associated with the resource. + required: + - SourceArn + x-stackql-resource-name: discoverer + description: Resource Type definition for AWS::EventSchemas::Discoverer + x-type-name: AWS::EventSchemas::Discoverer + x-stackql-primary-identifier: + - DiscovererArn + x-create-only-properties: + - SourceArn + x-read-only-properties: + - DiscovererArn + - DiscovererId + - State + x-required-properties: + - SourceArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - schemas:CreateDiscoverer + - schemas:DescribeDiscoverer + - schemas:TagResource + - events:PutRule + - events:PutTargets + - events:EnableRule + - events:ListTargetsByRule + - iam:CreateServiceLinkedRole + read: + - schemas:DescribeDiscoverer + update: + - schemas:DescribeDiscoverer + - schemas:UpdateDiscoverer + - schemas:TagResource + - schemas:UntagResource + - schemas:ListTagsForResource + - events:PutTargets + - events:PutRule + delete: + - schemas:DescribeDiscoverer + - schemas:DeleteDiscoverer + - events:DeleteRule + - events:DisableRule + - events:RemoveTargets + list: + - schemas:ListDiscoverers + Registry: + type: object + properties: + RegistryName: + type: string + description: The name of the schema registry. + Description: + type: string + description: A description of the registry to be created. + RegistryArn: + type: string + description: The ARN of the registry. + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/TagsEntry' + description: Tags associated with the resource. + x-stackql-resource-name: registry + description: Resource Type definition for AWS::EventSchemas::Registry + x-type-name: AWS::EventSchemas::Registry + x-stackql-primary-identifier: + - RegistryArn + x-create-only-properties: + - RegistryName + x-read-only-properties: + - RegistryArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - schemas:DescribeRegistry + - schemas:CreateRegistry + - schemas:TagResource + read: + - schemas:DescribeRegistry + update: + - schemas:DescribeRegistry + - schemas:UpdateRegistry + - schemas:TagResource + - schemas:UntagResource + - schemas:ListTagsForResource + delete: + - schemas:DescribeRegistry + - schemas:DeleteRegistry + list: + - schemas:ListRegistries + RegistryPolicy: + type: object + properties: + Id: + type: string + Policy: + type: object + RegistryName: + type: string + RevisionId: + type: string + required: + - RegistryName + - Policy + x-stackql-resource-name: registry_policy + description: Resource Type definition for AWS::EventSchemas::RegistryPolicy + x-type-name: AWS::EventSchemas::RegistryPolicy + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + x-required-properties: + - RegistryName + - Policy + x-tagging: + taggable: false + x-required-permissions: + create: + - schemas:PutResourcePolicy + - schemas:GetResourcePolicy + - schemas:DescribeRegistry + delete: + - schemas:DeleteResourcePolicy + - schemas:GetResourcePolicy + update: + - schemas:PutResourcePolicy + - schemas:GetResourcePolicy + read: + - schemas:GetResourcePolicy + Schema: + type: object + properties: + Type: + type: string + description: The type of schema. Valid types include OpenApi3 and JSONSchemaDraft4. + Description: + type: string + description: A description of the schema. + SchemaVersion: + type: string + description: The version number of the schema. + Content: + type: string + description: The source of the schema definition. + RegistryName: + type: string + description: The name of the schema registry. + SchemaArn: + type: string + description: The ARN of the schema. + SchemaName: + type: string + description: The name of the schema. + LastModified: + type: string + description: The last modified time of the schema. + VersionCreatedDate: + type: string + description: The date the schema version was created. + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/TagsEntry' + description: Tags associated with the resource. + required: + - Type + - Content + - RegistryName + x-stackql-resource-name: schema + description: Resource Type definition for AWS::EventSchemas::Schema + x-type-name: AWS::EventSchemas::Schema + x-stackql-primary-identifier: + - SchemaArn + x-create-only-properties: + - SchemaName + - RegistryName + x-read-only-properties: + - SchemaArn + - LastModified + - VersionCreatedDate + - SchemaVersion + x-required-properties: + - Type + - Content + - RegistryName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - schemas:DescribeSchema + - schemas:CreateSchema + - schemas:TagResource + read: + - schemas:DescribeSchema + update: + - schemas:DescribeSchema + - schemas:UpdateSchema + - schemas:TagResource + - schemas:UntagResource + - schemas:ListTagsForResource + delete: + - schemas:DescribeSchema + - schemas:DeleteSchema + - schemas:DeleteSchemaVersion + list: + - schemas:ListSchemas + - schemas:ListSchemaVersions + x-stackQL-resources: + discoverers: + name: discoverers + id: aws.eventschemas.discoverers + x-cfn-schema-name: Discoverer + x-type: list + x-identifiers: + - DiscovererArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DiscovererArn') as discoverer_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EventSchemas::Discoverer' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DiscovererArn') as discoverer_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EventSchemas::Discoverer' + AND region = 'us-east-1' + discoverer: + name: discoverer + id: aws.eventschemas.discoverer + x-cfn-schema-name: Discoverer + x-type: get + x-identifiers: + - DiscovererArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DiscovererArn') as discoverer_arn, + JSON_EXTRACT(Properties, '$.DiscovererId') as discoverer_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.SourceArn') as source_arn, + JSON_EXTRACT(Properties, '$.CrossAccount') as cross_account, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EventSchemas::Discoverer' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DiscovererArn') as discoverer_arn, + json_extract_path_text(Properties, 'DiscovererId') as discoverer_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'SourceArn') as source_arn, + json_extract_path_text(Properties, 'CrossAccount') as cross_account, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EventSchemas::Discoverer' + AND data__Identifier = '' + AND region = 'us-east-1' + registries: + name: registries + id: aws.eventschemas.registries + x-cfn-schema-name: Registry + x-type: list + x-identifiers: + - RegistryArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RegistryArn') as registry_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EventSchemas::Registry' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RegistryArn') as registry_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EventSchemas::Registry' + AND region = 'us-east-1' + eventschemas_registry: + name: eventschemas_registry + id: aws.eventschemas.eventschemas_registry + x-cfn-schema-name: Registry + x-type: get + x-identifiers: + - RegistryArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RegistryName') as registry_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.RegistryArn') as registry_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EventSchemas::Registry' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RegistryName') as registry_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'RegistryArn') as registry_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EventSchemas::Registry' + AND data__Identifier = '' + AND region = 'us-east-1' + registry_policy: + name: registry_policy + id: aws.eventschemas.registry_policy + x-cfn-schema-name: RegistryPolicy + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Policy') as policy, + JSON_EXTRACT(Properties, '$.RegistryName') as registry_name, + JSON_EXTRACT(Properties, '$.RevisionId') as revision_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EventSchemas::RegistryPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Policy') as policy, + json_extract_path_text(Properties, 'RegistryName') as registry_name, + json_extract_path_text(Properties, 'RevisionId') as revision_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EventSchemas::RegistryPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + schemata: + name: schemata + id: aws.eventschemas.schemata + x-cfn-schema-name: Schema + x-type: list + x-identifiers: + - SchemaArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SchemaArn') as schema_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EventSchemas::Schema' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SchemaArn') as schema_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EventSchemas::Schema' + AND region = 'us-east-1' + schema: + name: schema + id: aws.eventschemas.schema + x-cfn-schema-name: Schema + x-type: get + x-identifiers: + - SchemaArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.SchemaVersion') as schema_version, + JSON_EXTRACT(Properties, '$.Content') as content, + JSON_EXTRACT(Properties, '$.RegistryName') as registry_name, + JSON_EXTRACT(Properties, '$.SchemaArn') as schema_arn, + JSON_EXTRACT(Properties, '$.SchemaName') as schema_name, + JSON_EXTRACT(Properties, '$.LastModified') as last_modified, + JSON_EXTRACT(Properties, '$.VersionCreatedDate') as version_created_date, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EventSchemas::Schema' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'SchemaVersion') as schema_version, + json_extract_path_text(Properties, 'Content') as content, + json_extract_path_text(Properties, 'RegistryName') as registry_name, + json_extract_path_text(Properties, 'SchemaArn') as schema_arn, + json_extract_path_text(Properties, 'SchemaName') as schema_name, + json_extract_path_text(Properties, 'LastModified') as last_modified, + json_extract_path_text(Properties, 'VersionCreatedDate') as version_created_date, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EventSchemas::Schema' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/evidently.yaml b/providers/src/aws/v00.00.00000/services/evidently.yaml new file mode 100644 index 00000000..341d3064 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/evidently.yaml @@ -0,0 +1,1058 @@ +openapi: 3.0.0 +info: + title: Evidently + version: 1.0.0 +paths: {} +components: + schemas: + RunningStatusObject: + type: object + additionalProperties: false + properties: + Status: + description: Provide START or STOP action to apply on an experiment + type: string + AnalysisCompleteTime: + description: Provide the analysis Completion time for an experiment + type: string + Reason: + description: Reason is a required input for stopping the experiment + type: string + DesiredState: + description: Provide CANCELLED or COMPLETED desired state when stopping an experiment + type: string + pattern: ^(CANCELLED|COMPLETED) + oneOf: + - required: + - Status + - AnalysisCompleteTime + - required: + - Status + - Reason + - DesiredState + TreatmentObject: + type: object + properties: + TreatmentName: + type: string + pattern: '[-a-zA-Z0-9._]*' + minLength: 1 + maxLength: 127 + Description: + type: string + Feature: + type: string + pattern: ([-a-zA-Z0-9._]*)|(arn:[^:]*:[^:]*:[^:]*:[^:]*:.*) + Variation: + type: string + pattern: '[-a-zA-Z0-9._]*' + minLength: 1 + maxLength: 255 + required: + - TreatmentName + - Feature + - Variation + additionalProperties: false + MetricGoalObject: + type: object + properties: + MetricName: + type: string + minLength: 1 + maxLength: 255 + pattern: ^[\S]+$ + EntityIdKey: + description: The JSON path to reference the entity id in the event. + type: string + ValueKey: + description: The JSON path to reference the numerical metric value in the event. + type: string + EventPattern: + description: Event patterns have the same structure as the events they match. Rules use event patterns to select events. An event pattern either matches an event or it doesn't. + type: string + UnitLabel: + type: string + minLength: 1 + maxLength: 256 + pattern: .* + DesiredChange: + type: string + enum: + - INCREASE + - DECREASE + required: + - MetricName + - EntityIdKey + - ValueKey + - DesiredChange + additionalProperties: false + OnlineAbConfigObject: + type: object + properties: + ControlTreatmentName: + type: string + pattern: '[-a-zA-Z0-9._]*' + minLength: 1 + maxLength: 127 + TreatmentWeights: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/TreatmentToWeight' + additionalProperties: false + TreatmentToWeight: + type: object + properties: + Treatment: + type: string + pattern: '[-a-zA-Z0-9._]*' + minLength: 1 + maxLength: 127 + SplitWeight: + type: integer + minimum: 0 + maximum: 100000 + required: + - Treatment + - SplitWeight + additionalProperties: false + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Experiment: + type: object + properties: + Arn: + type: string + pattern: arn:[^:]*:[^:]*:[^:]*:[^:]*:project/[-a-zA-Z0-9._]*/experiment/[-a-zA-Z0-9._]* + Name: + type: string + pattern: '[-a-zA-Z0-9._]*' + minLength: 1 + maxLength: 127 + Project: + type: string + pattern: ([-a-zA-Z0-9._]*)|(arn:[^:]*:[^:]*:[^:]*:[^:]*:project/[-a-zA-Z0-9._]*) + minLength: 0 + maxLength: 2048 + Description: + type: string + minLength: 0 + maxLength: 160 + RunningStatus: + description: Start Experiment. Default is False + $ref: '#/components/schemas/RunningStatusObject' + RandomizationSalt: + type: string + minLength: 0 + maxLength: 127 + pattern: .* + Treatments: + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/TreatmentObject' + minItems: 2 + maxItems: 5 + MetricGoals: + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/MetricGoalObject' + minItems: 1 + maxItems: 3 + SamplingRate: + type: integer + minimum: 0 + maximum: 100000 + OnlineAbConfig: + $ref: '#/components/schemas/OnlineAbConfigObject' + Segment: + type: string + minLength: 0 + maxLength: 2048 + pattern: ([-a-zA-Z0-9._]*)|(arn:[^:]*:[^:]*:[^:]*:[^:]*:segment/[-a-zA-Z0-9._]*) + RemoveSegment: + type: boolean + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - Project + - Treatments + - MetricGoals + - OnlineAbConfig + x-stackql-resource-name: experiment + description: Resource Type definition for AWS::Evidently::Experiment. + x-type-name: AWS::Evidently::Experiment + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - Project + x-read-only-properties: + - Arn + x-required-properties: + - Name + - Project + - Treatments + - MetricGoals + - OnlineAbConfig + x-taggable: true + x-required-permissions: + create: + - evidently:CreateExperiment + - evidently:TagResource + - evidently:GetExperiment + - evidently:StartExperiment + read: + - evidently:GetExperiment + - evidently:ListTagsForResource + update: + - evidently:UpdateExperiment + - evidently:TagResource + - evidently:UntagResource + - evidently:GetExperiment + - evidently:StartExperiment + - evidently:StopExperiment + delete: + - evidently:DeleteExperiment + - evidently:UntagResource + - evidently:GetExperiment + VariationObject: + type: object + properties: + VariationName: + type: string + pattern: '[-a-zA-Z0-9._]*' + minLength: 1 + maxLength: 127 + BooleanValue: + type: boolean + StringValue: + type: string + minLength: 0 + maxLength: 512 + LongValue: + type: number + DoubleValue: + type: number + oneOf: + - required: + - VariationName + - StringValue + - required: + - VariationName + - BooleanValue + - required: + - VariationName + - LongValue + - required: + - VariationName + - DoubleValue + additionalProperties: false + EntityOverride: + type: object + properties: + EntityId: + type: string + Variation: + type: string + pattern: '[-a-zA-Z0-9._]*' + minLength: 1 + maxLength: 127 + additionalProperties: false + Feature: + type: object + properties: + Arn: + type: string + pattern: arn:[^:]*:[^:]*:[^:]*:[^:]*:project/[-a-zA-Z0-9._]*/feature/[-a-zA-Z0-9._]* + minLength: 0 + maxLength: 2048 + Project: + type: string + pattern: ([-a-zA-Z0-9._]*)|(arn:[^:]*:[^:]*:[^:]*:[^:]*:project/[-a-zA-Z0-9._]*) + minLength: 0 + maxLength: 2048 + Name: + type: string + pattern: '[-a-zA-Z0-9._]*' + minLength: 1 + maxLength: 127 + Description: + type: string + minLength: 0 + maxLength: 160 + EvaluationStrategy: + type: string + enum: + - ALL_RULES + - DEFAULT_VARIATION + Variations: + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/VariationObject' + minItems: 1 + maxItems: 5 + DefaultVariation: + type: string + pattern: '[-a-zA-Z0-9._]*' + minLength: 1 + maxLength: 127 + EntityOverrides: + type: array + items: + $ref: '#/components/schemas/EntityOverride' + x-insertionOrder: false + uniqueItems: true + minItems: 0 + maxItems: 2500 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - Project + - Variations + x-stackql-resource-name: feature + description: Resource Type definition for AWS::Evidently::Feature. + x-type-name: AWS::Evidently::Feature + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - Project + x-read-only-properties: + - Arn + x-required-properties: + - Name + - Project + - Variations + x-taggable: true + x-required-permissions: + create: + - evidently:CreateFeature + - evidently:TagResource + - evidently:GetFeature + read: + - evidently:GetFeature + - evidently:ListTagsForResource + update: + - evidently:UpdateFeature + - evidently:ListTagsForResource + - evidently:TagResource + - evidently:UntagResource + - evidently:GetFeature + delete: + - evidently:DeleteFeature + - evidently:UntagResource + - evidently:GetFeature + ExecutionStatusObject: + type: object + additionalProperties: false + properties: + Status: + description: Provide START or STOP action to apply on a launch + type: string + DesiredState: + description: Provide CANCELLED or COMPLETED as the launch desired state. Defaults to Completed if not provided. + type: string + Reason: + description: Provide a reason for stopping the launch. Defaults to empty if not provided. + type: string + required: + - Status + LaunchGroupObject: + type: object + properties: + GroupName: + type: string + pattern: '[-a-zA-Z0-9._]*' + minLength: 1 + maxLength: 127 + Description: + type: string + minLength: 0 + maxLength: 160 + Feature: + type: string + Variation: + type: string + required: + - GroupName + - Feature + - Variation + additionalProperties: false + GroupToWeight: + type: object + properties: + GroupName: + type: string + pattern: '[-a-zA-Z0-9._]*' + minLength: 1 + maxLength: 127 + SplitWeight: + type: integer + additionalProperties: false + required: + - GroupName + - SplitWeight + SegmentOverride: + type: object + properties: + Segment: + type: string + minLength: 1 + maxLength: 2048 + pattern: ([-a-zA-Z0-9._]*)|(arn:[^:]*:[^:]*:[^:]*:[^:]*:segment/[-a-zA-Z0-9._]*) + EvaluationOrder: + type: integer + Weights: + type: array + items: + $ref: '#/components/schemas/GroupToWeight' + uniqueItems: true + x-insertionOrder: false + additionalProperties: false + required: + - Segment + - EvaluationOrder + - Weights + StepConfig: + type: object + properties: + StartTime: + type: string + GroupWeights: + type: array + items: + $ref: '#/components/schemas/GroupToWeight' + uniqueItems: true + x-insertionOrder: false + SegmentOverrides: + type: array + items: + $ref: '#/components/schemas/SegmentOverride' + uniqueItems: true + x-insertionOrder: false + required: + - StartTime + - GroupWeights + additionalProperties: false + MetricDefinitionObject: + type: object + properties: + MetricName: + type: string + minLength: 1 + maxLength: 255 + pattern: ^[\S]+$ + EntityIdKey: + description: The JSON path to reference the entity id in the event. + type: string + ValueKey: + description: The JSON path to reference the numerical metric value in the event. + type: string + EventPattern: + description: Event patterns have the same structure as the events they match. Rules use event patterns to select events. An event pattern either matches an event or it doesn't. + type: string + UnitLabel: + type: string + minLength: 1 + maxLength: 256 + pattern: .* + required: + - MetricName + - EntityIdKey + - ValueKey + additionalProperties: false + Launch: + type: object + properties: + Arn: + type: string + pattern: arn:[^:]*:[^:]*:[^:]*:[^:]*:project/[-a-zA-Z0-9._]*/launch/[-a-zA-Z0-9._]* + Name: + type: string + pattern: '[-a-zA-Z0-9._]*' + minLength: 1 + maxLength: 127 + Project: + type: string + pattern: ([-a-zA-Z0-9._]*)|(arn:[^:]*:[^:]*:[^:]*:[^:]*:project/[-a-zA-Z0-9._]*) + minLength: 0 + maxLength: 2048 + Description: + type: string + minLength: 0 + maxLength: 160 + RandomizationSalt: + type: string + minLength: 0 + maxLength: 127 + pattern: .* + ScheduledSplitsConfig: + type: array + items: + $ref: '#/components/schemas/StepConfig' + uniqueItems: true + x-insertionOrder: true + minItems: 1 + maxItems: 6 + Groups: + type: array + items: + $ref: '#/components/schemas/LaunchGroupObject' + uniqueItems: true + x-insertionOrder: true + minItems: 1 + maxItems: 5 + MetricMonitors: + type: array + items: + $ref: '#/components/schemas/MetricDefinitionObject' + uniqueItems: true + x-insertionOrder: true + minItems: 0 + maxItems: 3 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + ExecutionStatus: + description: Start or Stop Launch Launch. Default is not started. + $ref: '#/components/schemas/ExecutionStatusObject' + required: + - Name + - Project + - Groups + - ScheduledSplitsConfig + x-stackql-resource-name: launch + description: Resource Type definition for AWS::Evidently::Launch. + x-type-name: AWS::Evidently::Launch + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - Project + x-read-only-properties: + - Arn + x-required-properties: + - Name + - Project + - Groups + - ScheduledSplitsConfig + x-taggable: true + x-required-permissions: + create: + - evidently:CreateLaunch + - evidently:TagResource + - evidently:GetLaunch + - evidently:StartLaunch + read: + - evidently:GetLaunch + - evidently:ListTagsForResource + update: + - evidently:UpdateLaunch + - evidently:ListTagsForResource + - evidently:TagResource + - evidently:UntagResource + - evidently:GetLaunch + - evidently:StartLaunch + - evidently:StopLaunch + delete: + - evidently:DeleteLaunch + - evidently:UntagResource + - evidently:GetLaunch + DataDeliveryObject: + type: object + description: Destinations for data. + properties: + S3: + $ref: '#/components/schemas/S3Destination' + LogGroup: + type: string + pattern: ^[-a-zA-Z0-9._/]+$ + minLength: 1 + maxLength: 512 + oneOf: + - required: + - S3 + - required: + - LogGroup + additionalProperties: false + S3Destination: + type: object + properties: + BucketName: + type: string + pattern: ^[a-z0-9][-a-z0-9]*[a-z0-9]$ + minLength: 3 + maxLength: 63 + Prefix: + type: string + pattern: ^[-a-zA-Z0-9!_.*'()/]*$ + minLength: 1 + maxLength: 1024 + required: + - BucketName + additionalProperties: false + AppConfigResourceObject: + type: object + properties: + ApplicationId: + type: string + pattern: '[a-z0-9]{4,7}' + EnvironmentId: + type: string + pattern: '[a-z0-9]{4,7}' + required: + - ApplicationId + - EnvironmentId + additionalProperties: false + Project: + type: object + properties: + Arn: + type: string + pattern: arn:[^:]*:[^:]*:[^:]*:[^:]*:project/[-a-zA-Z0-9._]* + minLength: 0 + maxLength: 2048 + Name: + type: string + pattern: '[-a-zA-Z0-9._]*' + minLength: 1 + maxLength: 127 + Description: + type: string + minLength: 0 + maxLength: 160 + DataDelivery: + $ref: '#/components/schemas/DataDeliveryObject' + AppConfigResource: + $ref: '#/components/schemas/AppConfigResourceObject' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + x-stackql-resource-name: project + description: Resource Type definition for AWS::Evidently::Project + x-type-name: AWS::Evidently::Project + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - Name + x-taggable: true + x-required-permissions: + create: + - evidently:CreateProject + - evidently:GetProject + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:ListLogDeliveries + - s3:PutBucketPolicy + - s3:GetBucketPolicy + - evidently:TagResource + - evidently:ExportProjectAsConfiguration + - appconfig:GetEnvironment + - appconfig:CreateConfigurationProfile + - appconfig:CreateHostedConfigurationVersion + - appconfig:CreateExtensionAssociation + - appconfig:TagResource + - iam:GetRole + - iam:CreateServiceLinkedRole + read: + - evidently:GetProject + - logs:GetLogDelivery + - logs:ListLogDeliveries + - s3:GetBucketPolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - evidently:ListTagsForResource + update: + - evidently:UpdateProject + - evidently:UpdateProjectDataDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:ListLogDeliveries + - s3:PutBucketPolicy + - s3:GetBucketPolicy + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - evidently:TagResource + - evidently:UntagResource + - evidently:ListTagsForResource + - evidently:GetProject + - evidently:ExportProjectAsConfiguration + - appconfig:GetEnvironment + - appconfig:CreateConfigurationProfile + - appconfig:CreateHostedConfigurationVersion + - appconfig:CreateExtensionAssociation + - appconfig:TagResource + - iam:GetRole + - iam:CreateServiceLinkedRole + delete: + - evidently:DeleteProject + - evidently:GetProject + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - s3:GetBucketPolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - evidently:UntagResource + - appconfig:DeleteHostedConfigurationVersion + - appconfig:DeleteExtensionAssociation + - appconfig:DeleteConfigurationProfile + Segment: + type: object + properties: + Arn: + type: string + pattern: arn:[^:]*:[^:]*:[^:]*:[^:]*:segment/[-a-zA-Z0-9._]* + minLength: 0 + maxLength: 2048 + Name: + type: string + pattern: '[-a-zA-Z0-9._]*' + minLength: 1 + maxLength: 127 + Description: + type: string + minLength: 0 + maxLength: 160 + Pattern: + type: string + minLength: 1 + maxLength: 1024 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + x-stackql-resource-name: segment + description: Resource Type definition for AWS::Evidently::Segment + x-type-name: AWS::Evidently::Segment + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - evidently:CreateSegment + - evidently:GetSegment + - evidently:TagResource + read: + - evidently:GetSegment + - evidently:ListTagsForResource + delete: + - evidently:DeleteSegment + - evidently:GetSegment + - evidently:UntagResource + list: + - evidently:ListSegment + - evidently:ListTagsForResource + x-stackQL-resources: + experiment: + name: experiment + id: aws.evidently.experiment + x-cfn-schema-name: Experiment + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Project') as project, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.RunningStatus') as running_status, + JSON_EXTRACT(Properties, '$.RandomizationSalt') as randomization_salt, + JSON_EXTRACT(Properties, '$.Treatments') as treatments, + JSON_EXTRACT(Properties, '$.MetricGoals') as metric_goals, + JSON_EXTRACT(Properties, '$.SamplingRate') as sampling_rate, + JSON_EXTRACT(Properties, '$.OnlineAbConfig') as online_ab_config, + JSON_EXTRACT(Properties, '$.Segment') as segment, + JSON_EXTRACT(Properties, '$.RemoveSegment') as remove_segment, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Evidently::Experiment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Project') as project, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'RunningStatus') as running_status, + json_extract_path_text(Properties, 'RandomizationSalt') as randomization_salt, + json_extract_path_text(Properties, 'Treatments') as treatments, + json_extract_path_text(Properties, 'MetricGoals') as metric_goals, + json_extract_path_text(Properties, 'SamplingRate') as sampling_rate, + json_extract_path_text(Properties, 'OnlineAbConfig') as online_ab_config, + json_extract_path_text(Properties, 'Segment') as segment, + json_extract_path_text(Properties, 'RemoveSegment') as remove_segment, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Evidently::Experiment' + AND data__Identifier = '' + AND region = 'us-east-1' + feature: + name: feature + id: aws.evidently.feature + x-cfn-schema-name: Feature + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Project') as project, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EvaluationStrategy') as evaluation_strategy, + JSON_EXTRACT(Properties, '$.Variations') as variations, + JSON_EXTRACT(Properties, '$.DefaultVariation') as default_variation, + JSON_EXTRACT(Properties, '$.EntityOverrides') as entity_overrides, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Evidently::Feature' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Project') as project, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EvaluationStrategy') as evaluation_strategy, + json_extract_path_text(Properties, 'Variations') as variations, + json_extract_path_text(Properties, 'DefaultVariation') as default_variation, + json_extract_path_text(Properties, 'EntityOverrides') as entity_overrides, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Evidently::Feature' + AND data__Identifier = '' + AND region = 'us-east-1' + launch: + name: launch + id: aws.evidently.launch + x-cfn-schema-name: Launch + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Project') as project, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.RandomizationSalt') as randomization_salt, + JSON_EXTRACT(Properties, '$.ScheduledSplitsConfig') as scheduled_splits_config, + JSON_EXTRACT(Properties, '$.Groups') as groups, + JSON_EXTRACT(Properties, '$.MetricMonitors') as metric_monitors, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ExecutionStatus') as execution_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Evidently::Launch' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Project') as project, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'RandomizationSalt') as randomization_salt, + json_extract_path_text(Properties, 'ScheduledSplitsConfig') as scheduled_splits_config, + json_extract_path_text(Properties, 'Groups') as groups, + json_extract_path_text(Properties, 'MetricMonitors') as metric_monitors, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ExecutionStatus') as execution_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Evidently::Launch' + AND data__Identifier = '' + AND region = 'us-east-1' + project: + name: project + id: aws.evidently.project + x-cfn-schema-name: Project + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DataDelivery') as data_delivery, + JSON_EXTRACT(Properties, '$.AppConfigResource') as app_config_resource, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Evidently::Project' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DataDelivery') as data_delivery, + json_extract_path_text(Properties, 'AppConfigResource') as app_config_resource, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Evidently::Project' + AND data__Identifier = '' + AND region = 'us-east-1' + segments: + name: segments + id: aws.evidently.segments + x-cfn-schema-name: Segment + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Evidently::Segment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Evidently::Segment' + AND region = 'us-east-1' + segment: + name: segment + id: aws.evidently.segment + x-cfn-schema-name: Segment + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Pattern') as pattern, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Evidently::Segment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Pattern') as pattern, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Evidently::Segment' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/finspace.yaml b/providers/src/aws/v00.00.00000/services/finspace.yaml new file mode 100644 index 00000000..dae403ac --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/finspace.yaml @@ -0,0 +1,305 @@ +openapi: 3.0.0 +info: + title: FinSpace + version: 1.0.0 +paths: {} +components: + schemas: + FederationParameters: + description: Additional parameters to identify Federation mode + type: object + properties: + SamlMetadataURL: + description: SAML metadata URL to link with the Environment + type: string + pattern: ^https?://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]{1,1000} + FederationProviderName: + description: Federation provider name to link with the Environment + type: string + pattern: '[^_\p{Z}][\p{L}\p{M}\p{S}\p{N}\p{P}][^_\p{Z}]+' + minLength: 1 + maxLength: 32 + SamlMetadataDocument: + description: SAML metadata document to link the federation provider to the Environment + type: string + pattern: .* + minLength: 1000 + maxLength: 10000000 + ApplicationCallBackURL: + description: SAML metadata URL to link with the Environment + type: string + pattern: ^https?://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]{1,1000} + FederationURN: + description: SAML metadata URL to link with the Environment + type: string + AttributeMap: + description: Attribute map for SAML configuration + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + additionalProperties: false + additionalProperties: false + SuperuserParameters: + description: Parameters of the first Superuser for the FinSpace Environment + type: object + properties: + FirstName: + description: First name + type: string + pattern: ^[a-zA-Z0-9]{1,50}$ + minLength: 1 + maxLength: 50 + LastName: + description: Last name + type: string + pattern: ^[a-zA-Z0-9]{1,50}$ + minLength: 1 + maxLength: 50 + EmailAddress: + description: Email address + type: string + pattern: '[A-Z0-9a-z._%+-]+@[A-Za-z0-9.-]+[.]+[A-Za-z]+' + minLength: 1 + maxLength: 128 + additionalProperties: false + DataBundleArn: + type: string + pattern: ^arn:aws:finspace:[A-Za-z0-9_/.-]{0,63}:\d*:data-bundle/[0-9A-Za-z_-]{1,128}$ + Tag: + description: A list of all tags for a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Environment: + type: object + properties: + EnvironmentId: + description: Unique identifier for representing FinSpace Environment + type: string + pattern: ^[a-zA-Z0-9]{1,26}$ + Name: + description: Name of the Environment + type: string + pattern: ^[a-zA-Z0-9]+[a-zA-Z0-9-]*[a-zA-Z0-9]{1,255}$ + AwsAccountId: + description: AWS account ID associated with the Environment + type: string + pattern: ^[a-zA-Z0-9]{1,26}$ + Description: + description: Description of the Environment + type: string + pattern: ^[a-zA-Z0-9. ]{1,1000}$ + Status: + description: State of the Environment + type: string + enum: + - CREATE_REQUESTED + - CREATING + - CREATED + - DELETE_REQUESTED + - DELETING + - DELETED + - FAILED_CREATION + - FAILED_DELETION + - RETRY_DELETION + - SUSPENDED + EnvironmentUrl: + description: URL used to login to the Environment + type: string + pattern: ^[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]{1,1000} + EnvironmentArn: + description: ARN of the Environment + type: string + pattern: ^arn:aws:finspace:[A-Za-z0-9_/.-]{0,63}:\d+:environment/[0-9A-Za-z_-]{1,128}$ + SageMakerStudioDomainUrl: + description: SageMaker Studio Domain URL associated with the Environment + type: string + pattern: ^[a-zA-Z-0-9-:\/.]*{1,1000}$ + KmsKeyId: + description: KMS key used to encrypt customer data within FinSpace Environment infrastructure + type: string + pattern: ^[a-zA-Z-0-9-:\/]*{1,1000}$ + DedicatedServiceAccountId: + description: ID for FinSpace created account used to store Environment artifacts + type: string + pattern: ^[a-zA-Z0-9]{1,26}$ + FederationMode: + description: Federation mode used with the Environment + type: string + enum: + - LOCAL + - FEDERATED + FederationParameters: + $ref: '#/components/schemas/FederationParameters' + SuperuserParameters: + $ref: '#/components/schemas/SuperuserParameters' + DataBundles: + description: ARNs of FinSpace Data Bundles to install + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/DataBundleArn' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + x-stackql-resource-name: environment + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::FinSpace::Environment + x-stackql-primary-identifier: + - EnvironmentId + x-create-only-properties: + - KmsKeyId + - SuperuserParameters + - FederationParameters + - DataBundles + - Tags + x-write-only-properties: + - SuperuserParameters + - FederationParameters/AttributeMap + - Tags + x-read-only-properties: + - EnvironmentId + - Status + - SageMakerStudioDomainUrl + - EnvironmentArn + - EnvironmentUrl + - AwsAccountId + - DedicatedServiceAccountId + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - finspace:CreateEnvironment + - finspace:GetEnvironment + - finspace:ListEnvironments + - sts:AssumeRole + read: + - finspace:GetEnvironment + update: + - finspace:UpdateEnvironment + delete: + - finspace:DeleteEnvironment + - finspace:GetEnvironment + list: + - finspace:ListEnvironments + x-stackQL-resources: + environments: + name: environments + id: aws.finspace.environments + x-cfn-schema-name: Environment + x-type: list + x-identifiers: + - EnvironmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EnvironmentId') as environment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FinSpace::Environment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EnvironmentId') as environment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FinSpace::Environment' + AND region = 'us-east-1' + environment: + name: environment + id: aws.finspace.environment + x-cfn-schema-name: Environment + x-type: get + x-identifiers: + - EnvironmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.EnvironmentUrl') as environment_url, + JSON_EXTRACT(Properties, '$.EnvironmentArn') as environment_arn, + JSON_EXTRACT(Properties, '$.SageMakerStudioDomainUrl') as sage_maker_studio_domain_url, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.DedicatedServiceAccountId') as dedicated_service_account_id, + JSON_EXTRACT(Properties, '$.FederationMode') as federation_mode, + JSON_EXTRACT(Properties, '$.FederationParameters') as federation_parameters, + JSON_EXTRACT(Properties, '$.SuperuserParameters') as superuser_parameters, + JSON_EXTRACT(Properties, '$.DataBundles') as data_bundles, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FinSpace::Environment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'EnvironmentUrl') as environment_url, + json_extract_path_text(Properties, 'EnvironmentArn') as environment_arn, + json_extract_path_text(Properties, 'SageMakerStudioDomainUrl') as sage_maker_studio_domain_url, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'DedicatedServiceAccountId') as dedicated_service_account_id, + json_extract_path_text(Properties, 'FederationMode') as federation_mode, + json_extract_path_text(Properties, 'FederationParameters') as federation_parameters, + json_extract_path_text(Properties, 'SuperuserParameters') as superuser_parameters, + json_extract_path_text(Properties, 'DataBundles') as data_bundles, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FinSpace::Environment' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/fis.yaml b/providers/src/aws/v00.00.00000/services/fis.yaml new file mode 100644 index 00000000..384d8fbb --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/fis.yaml @@ -0,0 +1,486 @@ +openapi: 3.0.0 +info: + title: FIS + version: 1.0.0 +paths: {} +components: + schemas: + ExperimentTemplateId: + type: string + ExperimentTemplateDescription: + type: string + description: A description for the experiment template. + maxLength: 512 + StopConditionSource: + type: string + maxLength: 64 + StopConditionValue: + type: string + minLength: 20 + maxLength: 2048 + ExperimentTemplateStopCondition: + type: object + additionalProperties: false + properties: + Source: + $ref: '#/components/schemas/StopConditionSource' + Value: + $ref: '#/components/schemas/StopConditionValue' + required: + - Source + ExperimentTemplateStopConditionList: + type: array + description: One or more stop conditions. + items: + $ref: '#/components/schemas/ExperimentTemplateStopCondition' + ResourceType: + type: string + description: The AWS resource type. The resource type must be supported for the specified action. + maxLength: 64 + ResourceArn: + type: string + minLength: 20 + maxLength: 2048 + ResourceArnList: + type: array + description: The Amazon Resource Names (ARNs) of the target resources. + items: + $ref: '#/components/schemas/ResourceArn' + ExperimentTemplateTargetSelectionMode: + type: string + description: Scopes the identified resources to a specific number of the resources at random, or a percentage of the resources. + maxLength: 64 + ExperimentTemplateTargetFilterPath: + type: string + description: The attribute path for the filter. + maxLength: 256 + ExperimentTemplateTargetFilterValue: + type: string + maxLength: 128 + ExperimentTemplateTargetFilterValues: + type: array + description: The attribute values for the filter. + items: + $ref: '#/components/schemas/ExperimentTemplateTargetFilterValue' + ExperimentTemplateTargetFilter: + type: object + description: Describes a filter used for the target resource input in an experiment template. + additionalProperties: false + properties: + Path: + $ref: '#/components/schemas/ExperimentTemplateTargetFilterPath' + Values: + $ref: '#/components/schemas/ExperimentTemplateTargetFilterValues' + required: + - Path + - Values + ExperimentTemplateTargetFilterList: + type: array + items: + $ref: '#/components/schemas/ExperimentTemplateTargetFilter' + ExperimentTemplateTarget: + type: object + description: Specifies a target for an experiment. + additionalProperties: false + properties: + ResourceType: + $ref: '#/components/schemas/ResourceType' + ResourceArns: + $ref: '#/components/schemas/ResourceArnList' + ResourceTags: + type: object + x-patternProperties: + .{1,128}: + type: string + maxLength: 256 + additionalProperties: false + Parameters: + type: object + x-patternProperties: + .{1,64}: + type: string + maxLength: 1024 + additionalProperties: false + Filters: + $ref: '#/components/schemas/ExperimentTemplateTargetFilterList' + SelectionMode: + $ref: '#/components/schemas/ExperimentTemplateTargetSelectionMode' + required: + - ResourceType + - SelectionMode + ExperimentTemplateTargetMap: + type: object + description: The targets for the experiment. + x-patternProperties: + .{1,64}: + $ref: '#/components/schemas/ExperimentTemplateTarget' + additionalProperties: false + ActionId: + type: string + description: The ID of the action. + maxLength: 64 + ExperimentTemplateActionItemDescription: + type: string + description: A description for the action. + maxLength: 512 + ExperimentTemplateActionItemParameter: + type: string + maxLength: 1024 + ExperimentTemplateActionItemTarget: + type: string + maxLength: 64 + ExperimentTemplateActionItemStartAfter: + type: string + maxLength: 64 + ExperimentTemplateActionItemStartAfterList: + type: array + description: The names of the actions that must be completed before the current action starts. + items: + $ref: '#/components/schemas/ExperimentTemplateActionItemStartAfter' + ExperimentTemplateAction: + type: object + description: Specifies an action for the experiment template. + additionalProperties: false + properties: + ActionId: + $ref: '#/components/schemas/ActionId' + Description: + $ref: '#/components/schemas/ExperimentTemplateActionItemDescription' + Parameters: + type: object + description: The parameters for the action, if applicable. + x-patternProperties: + .{1,64}: + $ref: '#/components/schemas/ExperimentTemplateActionItemParameter' + additionalProperties: false + Targets: + type: object + description: One or more targets for the action. + x-patternProperties: + .{1,64}: + $ref: '#/components/schemas/ExperimentTemplateActionItemTarget' + additionalProperties: false + StartAfter: + $ref: '#/components/schemas/ExperimentTemplateActionItemStartAfterList' + required: + - ActionId + ExperimentTemplateActionMap: + type: object + description: The actions for the experiment. + x-patternProperties: + '[\S]{1,64}': + $ref: '#/components/schemas/ExperimentTemplateAction' + additionalProperties: false + ExperimentTemplateLogConfiguration: + type: object + additionalProperties: false + properties: + CloudWatchLogsConfiguration: + type: object + additionalProperties: false + properties: + LogGroupArn: + type: string + minLength: 20 + maxLength: 2048 + required: + - LogGroupArn + S3Configuration: + type: object + additionalProperties: false + properties: + BucketName: + type: string + minLength: 3 + maxLength: 63 + Prefix: + type: string + minLength: 1 + maxLength: 1024 + required: + - BucketName + LogSchemaVersion: + type: integer + minimum: 1 + required: + - LogSchemaVersion + ExperimentTemplateExperimentOptions: + type: object + additionalProperties: false + properties: + AccountTargeting: + type: string + description: The account targeting setting for the experiment template. + enum: + - multi-account + - single-account + EmptyTargetResolutionMode: + type: string + description: The target resolution failure mode for the experiment template. + enum: + - fail + - skip + RoleArn: + type: string + description: The Amazon Resource Name (ARN) of an IAM role that grants the AWS FIS service permission to perform service actions on your behalf. + maxLength: 1224 + ExperimentTemplate: + type: object + properties: + Id: + $ref: '#/components/schemas/ExperimentTemplateId' + Description: + $ref: '#/components/schemas/ExperimentTemplateDescription' + Targets: + $ref: '#/components/schemas/ExperimentTemplateTargetMap' + Actions: + $ref: '#/components/schemas/ExperimentTemplateActionMap' + StopConditions: + $ref: '#/components/schemas/ExperimentTemplateStopConditionList' + LogConfiguration: + $ref: '#/components/schemas/ExperimentTemplateLogConfiguration' + RoleArn: + $ref: '#/components/schemas/RoleArn' + Tags: + type: object + x-patternProperties: + .{1,128}: + type: string + maxLength: 256 + additionalProperties: false + ExperimentOptions: + $ref: '#/components/schemas/ExperimentTemplateExperimentOptions' + required: + - Description + - StopConditions + - Targets + - RoleArn + - Tags + x-stackql-resource-name: experiment_template + description: Resource schema for AWS::FIS::ExperimentTemplate + x-type-name: AWS::FIS::ExperimentTemplate + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Tags + - ExperimentOptions/AccountTargeting + x-read-only-properties: + - Id + x-required-properties: + - Description + - StopConditions + - Targets + - RoleArn + - Tags + x-required-permissions: + create: + - fis:CreateExperimentTemplate + - fis:TagResource + - iam:PassRole + read: + - fis:GetExperimentTemplate + - fis:ListTagsForResource + update: + - fis:UpdateExperimentTemplate + - fis:TagResource + - fis:UntagResource + - iam:PassRole + delete: + - fis:DeleteExperimentTemplate + list: + - fis:ListExperimentTemplates + - fis:ListTagsForResource + TargetExperimentTemplateId: + type: string + description: The ID of the experiment template. + TargetAccountId: + type: string + description: The AWS account ID of the target account. + maxLength: 512 + TargetAccountRoleArn: + type: string + description: The Amazon Resource Name (ARN) of an IAM role for the target account. + maxLength: 1224 + TargetAccountConfigurationDescription: + type: string + description: The description of the target account. + maxLength: 512 + TargetAccountConfiguration: + type: object + properties: + ExperimentTemplateId: + $ref: '#/components/schemas/TargetExperimentTemplateId' + AccountId: + $ref: '#/components/schemas/TargetAccountId' + RoleArn: + $ref: '#/components/schemas/TargetAccountRoleArn' + Description: + $ref: '#/components/schemas/TargetAccountConfigurationDescription' + required: + - ExperimentTemplateId + - AccountId + - RoleArn + x-stackql-resource-name: target_account_configuration + description: Resource schema for AWS::FIS::TargetAccountConfiguration + x-type-name: AWS::FIS::TargetAccountConfiguration + x-stackql-primary-identifier: + - ExperimentTemplateId + - AccountId + x-create-only-properties: + - ExperimentTemplateId + - AccountId + x-required-properties: + - ExperimentTemplateId + - AccountId + - RoleArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - fis:CreateTargetAccountConfiguration + read: + - fis:GetTargetAccountConfiguration + update: + - fis:UpdateTargetAccountConfiguration + delete: + - fis:DeleteTargetAccountConfiguration + list: + - fis:ListTargetAccountConfigurations + x-stackQL-resources: + experiment_templates: + name: experiment_templates + id: aws.fis.experiment_templates + x-cfn-schema-name: ExperimentTemplate + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FIS::ExperimentTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FIS::ExperimentTemplate' + AND region = 'us-east-1' + experiment_template: + name: experiment_template + id: aws.fis.experiment_template + x-cfn-schema-name: ExperimentTemplate + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Targets') as targets, + JSON_EXTRACT(Properties, '$.Actions') as actions, + JSON_EXTRACT(Properties, '$.StopConditions') as stop_conditions, + JSON_EXTRACT(Properties, '$.LogConfiguration') as log_configuration, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ExperimentOptions') as experiment_options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FIS::ExperimentTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Targets') as targets, + json_extract_path_text(Properties, 'Actions') as actions, + json_extract_path_text(Properties, 'StopConditions') as stop_conditions, + json_extract_path_text(Properties, 'LogConfiguration') as log_configuration, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ExperimentOptions') as experiment_options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FIS::ExperimentTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + target_account_configurations: + name: target_account_configurations + id: aws.fis.target_account_configurations + x-cfn-schema-name: TargetAccountConfiguration + x-type: list + x-identifiers: + - ExperimentTemplateId + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ExperimentTemplateId') as experiment_template_id, + JSON_EXTRACT(Properties, '$.AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FIS::TargetAccountConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ExperimentTemplateId') as experiment_template_id, + json_extract_path_text(Properties, 'AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FIS::TargetAccountConfiguration' + AND region = 'us-east-1' + target_account_configuration: + name: target_account_configuration + id: aws.fis.target_account_configuration + x-cfn-schema-name: TargetAccountConfiguration + x-type: get + x-identifiers: + - ExperimentTemplateId + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ExperimentTemplateId') as experiment_template_id, + JSON_EXTRACT(Properties, '$.AccountId') as account_id, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Description') as description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FIS::TargetAccountConfiguration' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ExperimentTemplateId') as experiment_template_id, + json_extract_path_text(Properties, 'AccountId') as account_id, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Description') as description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FIS::TargetAccountConfiguration' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/fms.yaml b/providers/src/aws/v00.00.00000/services/fms.yaml new file mode 100644 index 00000000..5ba4ccb4 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/fms.yaml @@ -0,0 +1,603 @@ +openapi: 3.0.0 +info: + title: FMS + version: 1.0.0 +paths: {} +components: + schemas: + ResourceArn: + description: A resource ARN. + type: string + pattern: ^([^\s]*)$ + minLength: 1 + maxLength: 1024 + NotificationChannel: + type: object + properties: + SnsRoleName: + $ref: '#/components/schemas/ResourceArn' + SnsTopicArn: + $ref: '#/components/schemas/ResourceArn' + required: + - SnsRoleName + - SnsTopicArn + x-stackql-resource-name: notification_channel + description: Designates the IAM role and Amazon Simple Notification Service (SNS) topic that AWS Firewall Manager uses to record SNS logs. + x-type-name: AWS::FMS::NotificationChannel + x-stackql-primary-identifier: + - SnsTopicArn + x-required-properties: + - SnsRoleName + - SnsTopicArn + x-required-permissions: + create: + - fms:PutNotificationChannel + - iam:PassRole + update: + - fms:PutNotificationChannel + - iam:PassRole + read: + - fms:GetNotificationChannel + delete: + - fms:DeleteNotificationChannel + list: + - fms:GetNotificationChannel + AccountId: + description: An AWS account ID. + type: string + pattern: ^([0-9]*)$ + minLength: 12 + maxLength: 12 + Base62Id: + description: A Base62 ID + type: string + pattern: ^([a-z0-9A-Z]*)$ + minLength: 22 + maxLength: 22 + OrganizationalUnitId: + description: An Organizational Unit ID. + type: string + pattern: ^(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$ + minLength: 16 + maxLength: 68 + IEMap: + description: An FMS includeMap or excludeMap. + type: object + properties: + ACCOUNT: + type: array + items: + $ref: '#/components/schemas/AccountId' + x-insertionOrder: true + ORGUNIT: + type: array + items: + $ref: '#/components/schemas/OrganizationalUnitId' + x-insertionOrder: true + additionalProperties: false + PolicyTag: + description: A policy tag. + type: object + properties: + Key: + type: string + pattern: ^([^\s]*)$ + minLength: 1 + maxLength: 128 + Value: + type: string + pattern: ^([^\s]*)$ + maxLength: 256 + additionalProperties: false + required: + - Key + - Value + ResourceTag: + description: A resource tag. + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + maxLength: 256 + additionalProperties: false + required: + - Key + ResourceType: + description: An AWS resource type + type: string + pattern: ^([^\s]*)$ + minLength: 1 + maxLength: 128 + SecurityServicePolicyData: + description: Firewall security service policy data. + type: object + properties: + ManagedServiceData: + $ref: '#/components/schemas/ManagedServiceData' + Type: + $ref: '#/components/schemas/PolicyType' + PolicyOption: + $ref: '#/components/schemas/PolicyOption' + additionalProperties: false + required: + - Type + FirewallDeploymentModel: + description: Firewall deployment mode. + type: string + enum: + - DISTRIBUTED + - CENTRALIZED + ManagedServiceData: + description: Firewall managed service data. + type: string + minLength: 1 + maxLength: 8192 + PolicyType: + description: Firewall policy type. + type: string + enum: + - WAF + - WAFV2 + - SHIELD_ADVANCED + - SECURITY_GROUPS_COMMON + - SECURITY_GROUPS_CONTENT_AUDIT + - SECURITY_GROUPS_USAGE_AUDIT + - NETWORK_FIREWALL + - THIRD_PARTY_FIREWALL + - DNS_FIREWALL + - IMPORT_NETWORK_FIREWALL + NetworkFirewallPolicy: + description: Network firewall policy. + type: object + properties: + FirewallDeploymentModel: + $ref: '#/components/schemas/FirewallDeploymentModel' + additionalProperties: false + required: + - FirewallDeploymentModel + ThirdPartyFirewallPolicy: + description: Third party firewall policy. + type: object + properties: + FirewallDeploymentModel: + $ref: '#/components/schemas/FirewallDeploymentModel' + additionalProperties: false + required: + - FirewallDeploymentModel + PolicyOption: + description: Firewall policy option. + type: object + properties: + NetworkFirewallPolicy: + $ref: '#/components/schemas/NetworkFirewallPolicy' + ThirdPartyFirewallPolicy: + $ref: '#/components/schemas/ThirdPartyFirewallPolicy' + additionalProperties: false + oneOf: + - required: + - NetworkFirewallPolicy + - required: + - ThirdPartyFirewallPolicy + Policy: + type: object + properties: + ExcludeMap: + $ref: '#/components/schemas/IEMap' + ExcludeResourceTags: + type: boolean + IncludeMap: + $ref: '#/components/schemas/IEMap' + Id: + type: string + pattern: ^[a-z0-9A-Z-]{36}$ + minLength: 36 + maxLength: 36 + PolicyName: + type: string + pattern: ^([a-zA-Z0-9_.:/=+\-@\s]+)$ + minLength: 1 + maxLength: 1024 + PolicyDescription: + type: string + pattern: ^([a-zA-Z0-9_.:/=+\-@\s]+)$ + maxLength: 256 + RemediationEnabled: + type: boolean + ResourceTags: + type: array + items: + $ref: '#/components/schemas/ResourceTag' + maxItems: 8 + x-insertionOrder: true + ResourceType: + $ref: '#/components/schemas/ResourceType' + ResourceTypeList: + type: array + items: + $ref: '#/components/schemas/ResourceType' + x-insertionOrder: true + ResourceSetIds: + type: array + items: + $ref: '#/components/schemas/Base62Id' + x-insertionOrder: true + uniqueItems: true + SecurityServicePolicyData: + $ref: '#/components/schemas/SecurityServicePolicyData' + Arn: + $ref: '#/components/schemas/ResourceArn' + DeleteAllPolicyResources: + type: boolean + ResourcesCleanUp: + type: boolean + Tags: + type: array + items: + $ref: '#/components/schemas/PolicyTag' + x-insertionOrder: true + required: + - ExcludeResourceTags + - PolicyName + - RemediationEnabled + - SecurityServicePolicyData + x-stackql-resource-name: policy + description: Creates an AWS Firewall Manager policy. + x-type-name: AWS::FMS::Policy + x-stackql-primary-identifier: + - Id + x-write-only-properties: + - DeleteAllPolicyResources + x-read-only-properties: + - Arn + - Id + x-required-properties: + - ExcludeResourceTags + - PolicyName + - RemediationEnabled + - SecurityServicePolicyData + x-required-permissions: + create: + - fms:PutPolicy + - fms:TagResource + - waf-regional:ListRuleGroups + - wafv2:CheckCapacity + - wafv2:ListRuleGroups + - wafv2:ListAvailableManagedRuleGroups + - wafv2:ListAvailableManagedRuleGroupVersions + - network-firewall:DescribeRuleGroup + - network-firewall:DescribeRuleGroupMetadata + - route53resolver:ListFirewallRuleGroups + - ec2:DescribeAvailabilityZones + - s3:PutBucketPolicy + - s3:GetBucketPolicy + update: + - fms:PutPolicy + - fms:GetPolicy + - fms:TagResource + - fms:UntagResource + - fms:ListTagsForResource + - waf-regional:ListRuleGroups + - wafv2:CheckCapacity + - wafv2:ListRuleGroups + - wafv2:ListAvailableManagedRuleGroups + - wafv2:ListAvailableManagedRuleGroupVersions + - network-firewall:DescribeRuleGroup + - network-firewall:DescribeRuleGroupMetadata + - route53resolver:ListFirewallRuleGroups + - ec2:DescribeAvailabilityZones + - s3:PutBucketPolicy + - s3:GetBucketPolicy + read: + - fms:GetPolicy + - fms:ListTagsForResource + delete: + - fms:DeletePolicy + list: + - fms:ListPolicies + - fms:ListTagsForResource + Tag: + description: A tag. + type: object + properties: + Key: + type: string + pattern: ^([^\s]*)$ + minLength: 1 + maxLength: 128 + Value: + type: string + pattern: ^([^\s]*)$ + maxLength: 256 + additionalProperties: false + required: + - Key + - Value + Resource: + description: A resource ARN or URI. + type: string + pattern: ^([^\s]*)$ + minLength: 1 + maxLength: 1024 + ResourceSet: + type: object + properties: + Id: + $ref: '#/components/schemas/Base62Id' + Name: + type: string + pattern: ^([a-zA-Z0-9_.:/=+\-@\s]+)$ + minLength: 1 + maxLength: 128 + Description: + type: string + pattern: ^([a-zA-Z0-9_.:/=+\-@\s]*)$ + maxLength: 256 + ResourceTypeList: + type: array + items: + $ref: '#/components/schemas/ResourceType' + x-insertionOrder: true + uniqueItems: true + Resources: + type: array + items: + $ref: '#/components/schemas/Resource' + x-insertionOrder: false + uniqueItems: true + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: true + uniqueItems: true + required: + - Name + - ResourceTypeList + x-stackql-resource-name: resource_set + description: Creates an AWS Firewall Manager resource set. + x-type-name: AWS::FMS::ResourceSet + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + x-required-properties: + - Name + - ResourceTypeList + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - fms:PutResourceSet + - fms:BatchAssociateResource + - fms:ListResourceSetResources + - fms:TagResource + update: + - fms:PutResourceSet + - fms:BatchAssociateResource + - fms:BatchDisassociateResource + - fms:GetResourceSet + - fms:ListResourceSetResources + - fms:TagResource + - fms:UntagResource + - fms:ListTagsForResource + read: + - fms:GetResourceSet + - fms:ListResourceSetResources + - fms:ListTagsForResource + delete: + - fms:DeleteResourceSet + list: + - fms:ListResourceSets + x-stackQL-resources: + notification_channels: + name: notification_channels + id: aws.fms.notification_channels + x-cfn-schema-name: NotificationChannel + x-type: list + x-identifiers: + - SnsTopicArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SnsTopicArn') as sns_topic_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FMS::NotificationChannel' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SnsTopicArn') as sns_topic_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FMS::NotificationChannel' + AND region = 'us-east-1' + notification_channel: + name: notification_channel + id: aws.fms.notification_channel + x-cfn-schema-name: NotificationChannel + x-type: get + x-identifiers: + - SnsTopicArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SnsRoleName') as sns_role_name, + JSON_EXTRACT(Properties, '$.SnsTopicArn') as sns_topic_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FMS::NotificationChannel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SnsRoleName') as sns_role_name, + json_extract_path_text(Properties, 'SnsTopicArn') as sns_topic_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FMS::NotificationChannel' + AND data__Identifier = '' + AND region = 'us-east-1' + policies: + name: policies + id: aws.fms.policies + x-cfn-schema-name: Policy + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FMS::Policy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FMS::Policy' + AND region = 'us-east-1' + policy: + name: policy + id: aws.fms.policy + x-cfn-schema-name: Policy + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ExcludeMap') as exclude_map, + JSON_EXTRACT(Properties, '$.ExcludeResourceTags') as exclude_resource_tags, + JSON_EXTRACT(Properties, '$.IncludeMap') as include_map, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, + JSON_EXTRACT(Properties, '$.PolicyDescription') as policy_description, + JSON_EXTRACT(Properties, '$.RemediationEnabled') as remediation_enabled, + JSON_EXTRACT(Properties, '$.ResourceTags') as resource_tags, + JSON_EXTRACT(Properties, '$.ResourceType') as resource_type, + JSON_EXTRACT(Properties, '$.ResourceTypeList') as resource_type_list, + JSON_EXTRACT(Properties, '$.ResourceSetIds') as resource_set_ids, + JSON_EXTRACT(Properties, '$.SecurityServicePolicyData') as security_service_policy_data, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DeleteAllPolicyResources') as delete_all_policy_resources, + JSON_EXTRACT(Properties, '$.ResourcesCleanUp') as resources_clean_up, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FMS::Policy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ExcludeMap') as exclude_map, + json_extract_path_text(Properties, 'ExcludeResourceTags') as exclude_resource_tags, + json_extract_path_text(Properties, 'IncludeMap') as include_map, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'PolicyName') as policy_name, + json_extract_path_text(Properties, 'PolicyDescription') as policy_description, + json_extract_path_text(Properties, 'RemediationEnabled') as remediation_enabled, + json_extract_path_text(Properties, 'ResourceTags') as resource_tags, + json_extract_path_text(Properties, 'ResourceType') as resource_type, + json_extract_path_text(Properties, 'ResourceTypeList') as resource_type_list, + json_extract_path_text(Properties, 'ResourceSetIds') as resource_set_ids, + json_extract_path_text(Properties, 'SecurityServicePolicyData') as security_service_policy_data, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DeleteAllPolicyResources') as delete_all_policy_resources, + json_extract_path_text(Properties, 'ResourcesCleanUp') as resources_clean_up, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FMS::Policy' + AND data__Identifier = '' + AND region = 'us-east-1' + resource_sets: + name: resource_sets + id: aws.fms.resource_sets + x-cfn-schema-name: ResourceSet + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FMS::ResourceSet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FMS::ResourceSet' + AND region = 'us-east-1' + resource_set: + name: resource_set + id: aws.fms.resource_set + x-cfn-schema-name: ResourceSet + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ResourceTypeList') as resource_type_list, + JSON_EXTRACT(Properties, '$.Resources') as resources, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FMS::ResourceSet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ResourceTypeList') as resource_type_list, + json_extract_path_text(Properties, 'Resources') as resources, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FMS::ResourceSet' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/forecast.yaml b/providers/src/aws/v00.00.00000/services/forecast.yaml new file mode 100644 index 00000000..55ca7761 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/forecast.yaml @@ -0,0 +1,372 @@ +openapi: 3.0.0 +info: + title: Forecast + version: 1.0.0 +paths: {} +components: + schemas: + Attributes: + type: array + x-insertionOrder: true + items: + type: object + additionalProperties: false + properties: + AttributeName: + description: Name of the dataset field + type: string + pattern: ^[a-zA-Z][a-zA-Z0-9_]* + AttributeType: + description: Data type of the field + type: string + enum: + - string + - integer + - float + - timestamp + - geolocation + minItems: 1 + maxItems: 100 + KmsKeyArn: + description: KMS key used to encrypt the Dataset data + type: string + maxLength: 256 + pattern: arn:aws[-a-z]*:kms:.*:key/.* + RoleArn: + description: The ARN of the IAM role that Amazon Forecast can assume to access the AWS KMS key. + type: string + maxLength: 256 + pattern: ^[a-zA-Z0-9\-\_\.\/\:]+$ + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + Dataset: + type: object + properties: + Arn: + type: string + maxLength: 256 + pattern: ^[a-zA-Z0-9\-\_\.\/\:]+$ + DatasetName: + description: A name for the dataset + type: string + minLength: 1 + maxLength: 63 + pattern: ^[a-zA-Z][a-zA-Z0-9_]* + DatasetType: + description: The dataset type + type: string + enum: + - TARGET_TIME_SERIES + - RELATED_TIME_SERIES + - ITEM_METADATA + DataFrequency: + description: Frequency of data collection. This parameter is required for RELATED_TIME_SERIES + type: string + pattern: ^Y|M|W|D|H|30min|15min|10min|5min|1min$ + Domain: + description: The domain associated with the dataset + type: string + enum: + - RETAIL + - CUSTOM + - INVENTORY_PLANNING + - EC2_CAPACITY + - WORK_FORCE + - WEB_TRAFFIC + - METRICS + EncryptionConfig: + type: object + additionalProperties: false + properties: + KmsKeyArn: + $ref: '#/components/schemas/KmsKeyArn' + RoleArn: + $ref: '#/components/schemas/RoleArn' + Schema: + type: object + additionalProperties: false + properties: + Attributes: + $ref: '#/components/schemas/Attributes' + Tags: + type: array + x-insertionOrder: true + items: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + $ref: '#/components/schemas/Key' + Value: + $ref: '#/components/schemas/Value' + required: + - Key + - Value + additionalProperties: false + minItems: 0 + maxItems: 200 + required: + - DatasetName + - DatasetType + - Domain + - Schema + x-stackql-resource-name: dataset + description: Resource Type Definition for AWS::Forecast::Dataset + x-type-name: AWS::Forecast::Dataset + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - DatasetName + x-read-only-properties: + - Arn + x-required-properties: + - DatasetName + - DatasetType + - Domain + - Schema + x-required-permissions: + create: + - forecast:CreateDataset + read: + - forecast:DescribeDataset + delete: + - forecast:DeleteDataset + list: + - forecast:ListDatasets + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Arn: + type: string + maxLength: 256 + pattern: ^[a-zA-Z0-9\-\_\.\/\:]+$ + MaxResults: + description: The number of items to return in the response. + type: integer + minimum: 1 + maximum: 100 + NextToken: + description: If the result of the previous request was truncated, the response includes a NextToken. To retrieve the next set of results, use the token in the next request. Tokens expire after 24 hours. + type: string + minLength: 1 + maxLength: 3000 + DatasetGroup: + type: object + properties: + DatasetArns: + description: An array of Amazon Resource Names (ARNs) of the datasets that you want to include in the dataset group. + type: array + items: + $ref: '#/components/schemas/Arn' + x-insertionOrder: true + DatasetGroupName: + description: A name for the dataset group. + type: string + pattern: ^[a-zA-Z][a-zA-Z0-9_]* + minLength: 1 + maxLength: 63 + Domain: + description: The domain associated with the dataset group. When you add a dataset to a dataset group, this value and the value specified for the Domain parameter of the CreateDataset operation must match. + type: string + enum: + - RETAIL + - CUSTOM + - INVENTORY_PLANNING + - EC2_CAPACITY + - WORK_FORCE + - WEB_TRAFFIC + - METRICS + Tags: + description: The tags of Application Insights application. + type: array + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 200 + x-insertionOrder: true + DatasetGroupArn: + description: The Amazon Resource Name (ARN) of the dataset group to delete. + type: string + maxLength: 256 + pattern: ^[a-zA-Z0-9\-\_\.\/\:]+$ + required: + - DatasetGroupName + - Domain + x-stackql-resource-name: dataset_group + description: Represents a dataset group that holds a collection of related datasets + x-type-name: AWS::Forecast::DatasetGroup + x-stackql-primary-identifier: + - DatasetGroupArn + x-create-only-properties: + - DatasetGroupName + x-read-only-properties: + - DatasetGroupArn + x-required-properties: + - DatasetGroupName + - Domain + x-taggable: true + x-required-permissions: + create: + - forecast:CreateDatasetGroup + read: + - forecast:DescribeDatasetGroup + update: + - forecast:UpdateDatasetGroup + delete: + - forecast:DeleteDatasetGroup + list: + - forecast:ListDatasetGroups + x-stackQL-resources: + datasets: + name: datasets + id: aws.forecast.datasets + x-cfn-schema-name: Dataset + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Forecast::Dataset' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Forecast::Dataset' + AND region = 'us-east-1' + dataset: + name: dataset + id: aws.forecast.dataset + x-cfn-schema-name: Dataset + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DatasetName') as dataset_name, + JSON_EXTRACT(Properties, '$.DatasetType') as dataset_type, + JSON_EXTRACT(Properties, '$.DataFrequency') as data_frequency, + JSON_EXTRACT(Properties, '$.Domain') as domain, + JSON_EXTRACT(Properties, '$.EncryptionConfig') as encryption_config, + JSON_EXTRACT(Properties, '$.Schema') as _schema, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Forecast::Dataset' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DatasetName') as dataset_name, + json_extract_path_text(Properties, 'DatasetType') as dataset_type, + json_extract_path_text(Properties, 'DataFrequency') as data_frequency, + json_extract_path_text(Properties, 'Domain') as domain, + json_extract_path_text(Properties, 'EncryptionConfig') as encryption_config, + json_extract_path_text(Properties, 'Schema') as _schema, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Forecast::Dataset' + AND data__Identifier = '' + AND region = 'us-east-1' + dataset_groups: + name: dataset_groups + id: aws.forecast.dataset_groups + x-cfn-schema-name: DatasetGroup + x-type: list + x-identifiers: + - DatasetGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DatasetGroupArn') as dataset_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Forecast::DatasetGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DatasetGroupArn') as dataset_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Forecast::DatasetGroup' + AND region = 'us-east-1' + dataset_group: + name: dataset_group + id: aws.forecast.dataset_group + x-cfn-schema-name: DatasetGroup + x-type: get + x-identifiers: + - DatasetGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DatasetArns') as dataset_arns, + JSON_EXTRACT(Properties, '$.DatasetGroupName') as dataset_group_name, + JSON_EXTRACT(Properties, '$.Domain') as domain, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.DatasetGroupArn') as dataset_group_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Forecast::DatasetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DatasetArns') as dataset_arns, + json_extract_path_text(Properties, 'DatasetGroupName') as dataset_group_name, + json_extract_path_text(Properties, 'Domain') as domain, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'DatasetGroupArn') as dataset_group_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Forecast::DatasetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/frauddetector.yaml b/providers/src/aws/v00.00.00000/services/frauddetector.yaml new file mode 100644 index 00000000..2e96422a --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/frauddetector.yaml @@ -0,0 +1,1294 @@ +openapi: 3.0.0 +info: + title: FraudDetector + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + EventVariable: + type: object + properties: + Arn: + type: string + Inline: + type: boolean + Name: + type: string + DataSource: + type: string + enum: + - EVENT + DataType: + type: string + enum: + - STRING + - INTEGER + - FLOAT + - BOOLEAN + DefaultValue: + type: string + VariableType: + type: string + enum: + - AUTH_CODE + - AVS + - BILLING_ADDRESS_L1 + - BILLING_ADDRESS_L2 + - BILLING_CITY + - BILLING_COUNTRY + - BILLING_NAME + - BILLING_PHONE + - BILLING_STATE + - BILLING_ZIP + - CARD_BIN + - CATEGORICAL + - CURRENCY_CODE + - EMAIL_ADDRESS + - FINGERPRINT + - FRAUD_LABEL + - FREE_FORM_TEXT + - IP_ADDRESS + - NUMERIC + - ORDER_ID + - PAYMENT_TYPE + - PHONE_NUMBER + - PRICE + - PRODUCT_CATEGORY + - SHIPPING_ADDRESS_L1 + - SHIPPING_ADDRESS_L2 + - SHIPPING_CITY + - SHIPPING_COUNTRY + - SHIPPING_NAME + - SHIPPING_PHONE + - SHIPPING_STATE + - SHIPPING_ZIP + - USERAGENT + Description: + description: The description. + type: string + minLength: 1 + maxLength: 256 + Tags: + description: Tags associated with this event type. + type: array + uniqueItems: false + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + CreatedTime: + description: The time when the event type was created. + type: string + LastUpdatedTime: + description: The time when the event type was last updated. + type: string + additionalProperties: false + Label: + type: object + properties: + Name: + description: The name of the label. + type: string + pattern: ^[0-9a-z_-]+$ + minLength: 1 + maxLength: 64 + Tags: + description: Tags associated with this label. + type: array + uniqueItems: false + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + Description: + description: The label description. + type: string + minLength: 1 + maxLength: 128 + Arn: + description: The label ARN. + type: string + CreatedTime: + description: The timestamp when the label was created. + type: string + LastUpdatedTime: + description: The timestamp when the label was last updated. + type: string + required: + - Name + x-stackql-resource-name: label + description: An label for fraud detector. + x-type-name: AWS::FraudDetector::Label + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + - CreatedTime + - LastUpdatedTime + x-required-properties: + - Name + x-required-permissions: + create: + - frauddetector:GetLabels + - frauddetector:PutLabel + - frauddetector:ListTagsForResource + - frauddetector:TagResource + read: + - frauddetector:GetLabels + - frauddetector:ListTagsForResource + update: + - frauddetector:GetLabels + - frauddetector:PutLabel + - frauddetector:ListTagsForResource + - frauddetector:TagResource + - frauddetector:UntagResource + delete: + - frauddetector:GetLabels + - frauddetector:DeleteLabel + list: + - frauddetector:GetLabels + - frauddetector:ListTagsForResource + Outcome: + type: object + properties: + Name: + description: The name of the outcome. + type: string + pattern: ^[0-9a-z_-]+$ + minLength: 1 + maxLength: 64 + Tags: + description: Tags associated with this outcome. + type: array + uniqueItems: false + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + Description: + description: The outcome description. + type: string + minLength: 1 + maxLength: 128 + Arn: + description: The outcome ARN. + type: string + CreatedTime: + description: The timestamp when the outcome was created. + type: string + LastUpdatedTime: + description: The timestamp when the outcome was last updated. + type: string + required: + - Name + x-stackql-resource-name: outcome + description: An outcome for rule evaluation. + x-type-name: AWS::FraudDetector::Outcome + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + - CreatedTime + - LastUpdatedTime + x-required-properties: + - Name + x-required-permissions: + create: + - frauddetector:GetOutcomes + - frauddetector:PutOutcome + - frauddetector:ListTagsForResource + - frauddetector:TagResource + read: + - frauddetector:GetOutcomes + - frauddetector:ListTagsForResource + update: + - frauddetector:GetOutcomes + - frauddetector:PutOutcome + - frauddetector:ListTagsForResource + - frauddetector:TagResource + - frauddetector:UntagResource + delete: + - frauddetector:GetOutcomes + - frauddetector:DeleteOutcome + list: + - frauddetector:GetOutcomes + - frauddetector:ListTagsForResource + Rule: + type: object + properties: + RuleId: + type: string + RuleVersion: + type: string + DetectorId: + type: string + Expression: + type: string + Language: + type: string + enum: + - DETECTORPL + Outcomes: + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 1 + items: + $ref: '#/components/schemas/Outcome' + Arn: + type: string + Description: + description: The description. + type: string + minLength: 1 + maxLength: 256 + Tags: + description: Tags associated with this event type. + type: array + uniqueItems: false + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + CreatedTime: + description: The time when the event type was created. + type: string + LastUpdatedTime: + description: The time when the event type was last updated. + type: string + additionalProperties: false + EntityType: + type: object + properties: + Arn: + type: string + Inline: + type: boolean + Name: + type: string + Description: + description: The description. + type: string + minLength: 1 + maxLength: 256 + Tags: + description: Tags associated with this event type. + type: array + uniqueItems: false + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + CreatedTime: + description: The time when the event type was created. + type: string + LastUpdatedTime: + description: The time when the event type was last updated. + type: string + additionalProperties: false + EventType: + type: object + properties: + Name: + description: The name for the event type + type: string + pattern: ^[0-9a-z_-]+$ + minLength: 1 + maxLength: 64 + Tags: + description: Tags associated with this event type. + type: array + uniqueItems: false + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + Description: + description: The description of the event type. + type: string + minLength: 1 + maxLength: 128 + EventVariables: + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 1 + items: + $ref: '#/components/schemas/EventVariable' + Labels: + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 2 + items: + $ref: '#/components/schemas/Label' + EntityTypes: + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 1 + items: + $ref: '#/components/schemas/EntityType' + Arn: + description: The ARN of the event type. + type: string + CreatedTime: + description: The time when the event type was created. + type: string + LastUpdatedTime: + description: The time when the event type was last updated. + type: string + required: + - EntityTypes + - EventVariables + - Labels + - Name + x-stackql-resource-name: event_type + description: A resource schema for an EventType in Amazon Fraud Detector. + x-type-name: AWS::FraudDetector::EventType + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + - CreatedTime + - LastUpdatedTime + - EventVariables/*/Arn + - EventVariables/*/CreatedTime + - EventVariables/*/LastUpdatedTime + - Labels/*/Arn + - Labels/*/CreatedTime + - Labels/*/LastUpdatedTime + - EntityTypes/*/Arn + - EntityTypes/*/CreatedTime + - EntityTypes/*/LastUpdatedTime + x-required-properties: + - EntityTypes + - EventVariables + - Labels + - Name + x-required-permissions: + create: + - frauddetector:BatchCreateVariable + - frauddetector:BatchGetVariable + - frauddetector:CreateVariable + - frauddetector:GetVariables + - frauddetector:PutLabel + - frauddetector:PutEntityType + - frauddetector:PutEventType + - frauddetector:GetEventTypes + - frauddetector:GetLabels + - frauddetector:GetEntityTypes + - frauddetector:ListTagsForResource + - frauddetector:TagResource + update: + - frauddetector:BatchCreateVariable + - frauddetector:BatchGetVariable + - frauddetector:CreateVariable + - frauddetector:UpdateVariable + - frauddetector:GetVariables + - frauddetector:PutLabel + - frauddetector:PutEntityType + - frauddetector:PutEventType + - frauddetector:GetEventTypes + - frauddetector:GetLabels + - frauddetector:GetEntityTypes + - frauddetector:DeleteEventType + - frauddetector:DeleteVariable + - frauddetector:DeleteLabel + - frauddetector:DeleteEntityType + - frauddetector:ListTagsForResource + - frauddetector:TagResource + - frauddetector:UntagResource + delete: + - frauddetector:BatchGetVariable + - frauddetector:GetVariables + - frauddetector:GetEventTypes + - frauddetector:GetLabels + - frauddetector:GetEntityTypes + - frauddetector:DeleteEventType + - frauddetector:DeleteVariable + - frauddetector:DeleteLabel + - frauddetector:DeleteEntityType + - frauddetector:ListTagsForResource + read: + - frauddetector:BatchGetVariable + - frauddetector:GetVariables + - frauddetector:GetEventTypes + - frauddetector:GetLabels + - frauddetector:GetEntityTypes + - frauddetector:ListTagsForResource + list: + - frauddetector:BatchGetVariable + - frauddetector:GetVariables + - frauddetector:GetEventTypes + - frauddetector:GetLabels + - frauddetector:GetEntityTypes + - frauddetector:ListTagsForResource + Model: + description: A model to associate with a detector. + type: object + properties: + Arn: + type: string + additionalProperties: false + Detector: + type: object + properties: + DetectorId: + description: The ID of the detector + type: string + pattern: ^[0-9a-z_-]+$ + minLength: 1 + maxLength: 64 + DetectorVersionStatus: + description: The desired detector version status for the detector + type: string + enum: + - DRAFT + - ACTIVE + DetectorVersionId: + description: The active version ID of the detector + type: string + RuleExecutionMode: + type: string + enum: + - FIRST_MATCHED + - ALL_MATCHED + Tags: + description: Tags associated with this detector. + type: array + uniqueItems: false + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + Description: + description: The description of the detector. + type: string + minLength: 1 + maxLength: 128 + Rules: + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 1 + items: + $ref: '#/components/schemas/Rule' + EventType: + description: The event type to associate this detector with. + $ref: '#/components/schemas/EventType' + Arn: + description: The ARN of the detector. + type: string + CreatedTime: + description: The time when the detector was created. + type: string + LastUpdatedTime: + description: The time when the detector was last updated. + type: string + AssociatedModels: + description: The models to associate with this detector. + type: array + uniqueItems: false + x-insertionOrder: false + maxItems: 10 + items: + $ref: '#/components/schemas/Model' + required: + - DetectorId + - EventType + - Rules + x-stackql-resource-name: detector + description: A resource schema for a Detector in Amazon Fraud Detector. + x-type-name: AWS::FraudDetector::Detector + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - DetectorId + x-read-only-properties: + - Arn + - DetectorVersionId + - CreatedTime + - LastUpdatedTime + - Rules/*/RuleVersion + - Rules/*/Arn + - Rules/*/CreatedTime + - Rules/*/LastUpdatedTime + - Rules/*/Outcomes/*/Arn + - Rules/*/Outcomes/*/CreatedTime + - Rules/*/Outcomes/*/LastUpdatedTime + - EventType/Arn + - EventType/CreatedTime + - EventType/LastUpdatedTime + - EventType/EventVariables/*/Arn + - EventType/EventVariables/*/CreatedTime + - EventType/EventVariables/*/LastUpdatedTime + - EventType/Labels/*/Arn + - EventType/Labels/*/CreatedTime + - EventType/Labels/*/LastUpdatedTime + - EventType/EntityTypes/*/Arn + - EventType/EntityTypes/*/CreatedTime + - EventType/EntityTypes/*/LastUpdatedTime + - AssociatedModels/*/Arn + x-required-properties: + - DetectorId + - EventType + - Rules + x-required-permissions: + create: + - frauddetector:PutDetector + - frauddetector:CreateDetectorVersion + - frauddetector:UpdateDetectorVersionStatus + - frauddetector:CreateRule + - frauddetector:CreateVariable + - frauddetector:PutLabel + - frauddetector:PutOutcome + - frauddetector:PutEntityType + - frauddetector:PutEventType + - frauddetector:DescribeDetector + - frauddetector:GetDetectors + - frauddetector:GetDetectorVersion + - frauddetector:GetRules + - frauddetector:GetVariables + - frauddetector:GetEventTypes + - frauddetector:GetExternalModels + - frauddetector:GetModelVersion + - frauddetector:GetLabels + - frauddetector:GetOutcomes + - frauddetector:GetEntityTypes + - frauddetector:ListTagsForResource + update: + - frauddetector:GetDetectors + - frauddetector:GetDetectorVersion + - frauddetector:PutDetector + - frauddetector:UpdateDetectorVersion + - frauddetector:UpdateDetectorVersionStatus + - frauddetector:UpdateDetectorVersionMetadata + - frauddetector:UpdateRuleVersion + - frauddetector:UpdateRuleMetadata + - frauddetector:CreateRule + - frauddetector:CreateVariable + - frauddetector:UpdateVariable + - frauddetector:GetVariables + - frauddetector:PutLabel + - frauddetector:PutOutcome + - frauddetector:PutEntityType + - frauddetector:PutEventType + - frauddetector:GetRules + - frauddetector:GetEventTypes + - frauddetector:GetLabels + - frauddetector:GetOutcomes + - frauddetector:GetEntityTypes + - frauddetector:GetExternalModels + - frauddetector:GetModelVersion + - frauddetector:DeleteEventType + - frauddetector:DeleteVariable + - frauddetector:DeleteLabel + - frauddetector:DeleteEntityType + - frauddetector:ListTagsForResource + - frauddetector:TagResource + - frauddetector:UntagResource + delete: + - frauddetector:GetDetectors + - frauddetector:GetDetectorVersion + - frauddetector:DescribeDetector + - frauddetector:GetRules + - frauddetector:GetVariables + - frauddetector:GetEventTypes + - frauddetector:GetLabels + - frauddetector:GetOutcomes + - frauddetector:GetEntityTypes + - frauddetector:DeleteDetector + - frauddetector:DeleteDetectorVersion + - frauddetector:DeleteRule + - frauddetector:DeleteEventType + - frauddetector:DeleteVariable + - frauddetector:DeleteLabel + - frauddetector:DeleteOutcome + - frauddetector:DeleteEntityType + - frauddetector:ListTagsForResource + read: + - frauddetector:GetDetectors + - frauddetector:GetDetectorVersion + - frauddetector:DescribeDetector + - frauddetector:GetRules + - frauddetector:GetVariables + - frauddetector:GetEventTypes + - frauddetector:GetExternalModels + - frauddetector:GetModelVersion + - frauddetector:GetLabels + - frauddetector:GetOutcomes + - frauddetector:GetEntityTypes + - frauddetector:ListTagsForResource + list: + - frauddetector:GetDetectors + - frauddetector:GetDetectorVersion + - frauddetector:DescribeDetector + - frauddetector:GetRules + - frauddetector:GetVariables + - frauddetector:GetEventTypes + - frauddetector:GetExternalModels + - frauddetector:GetModelVersion + - frauddetector:GetLabels + - frauddetector:GetOutcomes + - frauddetector:GetEntityTypes + - frauddetector:ListTagsForResource + Element: + description: An element in a list. + type: string + pattern: ^\S+( +\S+)*$ + minLength: 1 + maxLength: 64 + List: + type: object + properties: + Arn: + description: The list ARN. + type: string + Name: + description: The name of the list. + type: string + pattern: ^[0-9a-z_]+$ + minLength: 1 + maxLength: 64 + Description: + description: The description of the list. + type: string + minLength: 1 + maxLength: 128 + VariableType: + description: The variable type of the list. + type: string + pattern: ^[A-Z_]{1,64}$ + minLength: 1 + maxLength: 64 + CreatedTime: + description: The time when the list was created. + type: string + LastUpdatedTime: + description: The time when the list was last updated. + type: string + Tags: + description: Tags associated with this list. + type: array + uniqueItems: false + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + Elements: + description: The elements in this list. + type: array + x-insertionOrder: false + minItems: 0 + maxItems: 100000 + items: + $ref: '#/components/schemas/Element' + required: + - Name + x-stackql-resource-name: list + description: A resource schema for a List in Amazon Fraud Detector. + x-type-name: AWS::FraudDetector::List + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + - CreatedTime + - LastUpdatedTime + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - frauddetector:CreateList + - frauddetector:GetListElements + - frauddetector:GetListsMetadata + - frauddetector:ListTagsForResource + - frauddetector:TagResource + - frauddetector:UpdateList + read: + - frauddetector:GetListElements + - frauddetector:GetListsMetadata + - frauddetector:ListTagsForResource + update: + - frauddetector:GetListElements + - frauddetector:GetListsMetadata + - frauddetector:ListTagsForResource + - frauddetector:UntagResource + - frauddetector:UpdateList + - frauddetector:TagResource + delete: + - frauddetector:DeleteList + - frauddetector:GetListsMetadata + list: + - frauddetector:GetListElements + - frauddetector:GetListsMetadata + - frauddetector:ListTagsForResource + Variable: + type: object + properties: + Name: + description: The name of the variable. + type: string + pattern: ^[a-z_][a-z0-9_]{0,99}?$ + DataSource: + description: The source of the data. + type: string + enum: + - EVENT + - EXTERNAL_MODEL_SCORE + DataType: + description: The data type. + type: string + enum: + - STRING + - INTEGER + - FLOAT + - BOOLEAN + DefaultValue: + description: The default value for the variable when no value is received. + type: string + Description: + description: The description. + type: string + minLength: 1 + maxLength: 256 + Tags: + description: Tags associated with this variable. + type: array + uniqueItems: false + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + VariableType: + description: The variable type. For more information see https://docs.aws.amazon.com/frauddetector/latest/ug/create-a-variable.html#variable-types + type: string + enum: + - AUTH_CODE + - AVS + - BILLING_ADDRESS_L1 + - BILLING_ADDRESS_L2 + - BILLING_CITY + - BILLING_COUNTRY + - BILLING_NAME + - BILLING_PHONE + - BILLING_STATE + - BILLING_ZIP + - CARD_BIN + - CATEGORICAL + - CURRENCY_CODE + - EMAIL_ADDRESS + - FINGERPRINT + - FRAUD_LABEL + - FREE_FORM_TEXT + - IP_ADDRESS + - NUMERIC + - ORDER_ID + - PAYMENT_TYPE + - PHONE_NUMBER + - PRICE + - PRODUCT_CATEGORY + - SHIPPING_ADDRESS_L1 + - SHIPPING_ADDRESS_L2 + - SHIPPING_CITY + - SHIPPING_COUNTRY + - SHIPPING_NAME + - SHIPPING_PHONE + - SHIPPING_STATE + - SHIPPING_ZIP + - USERAGENT + Arn: + description: The ARN of the variable. + type: string + CreatedTime: + description: The time when the variable was created. + type: string + LastUpdatedTime: + description: The time when the variable was last updated. + type: string + required: + - DataType + - DataSource + - DefaultValue + - Name + x-stackql-resource-name: variable + description: A resource schema for a Variable in Amazon Fraud Detector. + x-type-name: AWS::FraudDetector::Variable + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + - CreatedTime + - LastUpdatedTime + x-required-properties: + - DataType + - DataSource + - DefaultValue + - Name + x-required-permissions: + create: + - frauddetector:GetVariables + - frauddetector:CreateVariable + - frauddetector:ListTagsForResource + - frauddetector:TagResource + read: + - frauddetector:GetVariables + - frauddetector:ListTagsForResource + update: + - frauddetector:GetVariables + - frauddetector:UpdateVariable + - frauddetector:ListTagsForResource + - frauddetector:TagResource + - frauddetector:UntagResource + delete: + - frauddetector:GetVariables + - frauddetector:DeleteVariable + list: + - frauddetector:GetVariables + - frauddetector:ListTagsForResource + x-stackQL-resources: + labels: + name: labels + id: aws.frauddetector.labels + x-cfn-schema-name: Label + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FraudDetector::Label' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FraudDetector::Label' + AND region = 'us-east-1' + label: + name: label + id: aws.frauddetector.label + x-cfn-schema-name: Label + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FraudDetector::Label' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FraudDetector::Label' + AND data__Identifier = '' + AND region = 'us-east-1' + outcomes: + name: outcomes + id: aws.frauddetector.outcomes + x-cfn-schema-name: Outcome + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FraudDetector::Outcome' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FraudDetector::Outcome' + AND region = 'us-east-1' + outcome: + name: outcome + id: aws.frauddetector.outcome + x-cfn-schema-name: Outcome + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FraudDetector::Outcome' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FraudDetector::Outcome' + AND data__Identifier = '' + AND region = 'us-east-1' + event_types: + name: event_types + id: aws.frauddetector.event_types + x-cfn-schema-name: EventType + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FraudDetector::EventType' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FraudDetector::EventType' + AND region = 'us-east-1' + event_type: + name: event_type + id: aws.frauddetector.event_type + x-cfn-schema-name: EventType + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EventVariables') as event_variables, + JSON_EXTRACT(Properties, '$.Labels') as labels, + JSON_EXTRACT(Properties, '$.EntityTypes') as entity_types, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FraudDetector::EventType' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EventVariables') as event_variables, + json_extract_path_text(Properties, 'Labels') as labels, + json_extract_path_text(Properties, 'EntityTypes') as entity_types, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FraudDetector::EventType' + AND data__Identifier = '' + AND region = 'us-east-1' + detectors: + name: detectors + id: aws.frauddetector.detectors + x-cfn-schema-name: Detector + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FraudDetector::Detector' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FraudDetector::Detector' + AND region = 'us-east-1' + detector: + name: detector + id: aws.frauddetector.detector + x-cfn-schema-name: Detector + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DetectorId') as detector_id, + JSON_EXTRACT(Properties, '$.DetectorVersionStatus') as detector_version_status, + JSON_EXTRACT(Properties, '$.DetectorVersionId') as detector_version_id, + JSON_EXTRACT(Properties, '$.RuleExecutionMode') as rule_execution_mode, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Rules') as rules, + JSON_EXTRACT(Properties, '$.EventType') as event_type, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.AssociatedModels') as associated_models + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FraudDetector::Detector' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DetectorId') as detector_id, + json_extract_path_text(Properties, 'DetectorVersionStatus') as detector_version_status, + json_extract_path_text(Properties, 'DetectorVersionId') as detector_version_id, + json_extract_path_text(Properties, 'RuleExecutionMode') as rule_execution_mode, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Rules') as rules, + json_extract_path_text(Properties, 'EventType') as event_type, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'AssociatedModels') as associated_models + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FraudDetector::Detector' + AND data__Identifier = '' + AND region = 'us-east-1' + lists: + name: lists + id: aws.frauddetector.lists + x-cfn-schema-name: List + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FraudDetector::List' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FraudDetector::List' + AND region = 'us-east-1' + frauddetector_list: + name: frauddetector_list + id: aws.frauddetector.frauddetector_list + x-cfn-schema-name: List + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.VariableType') as variable_type, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Elements') as elements + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FraudDetector::List' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'VariableType') as variable_type, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Elements') as elements + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FraudDetector::List' + AND data__Identifier = '' + AND region = 'us-east-1' + variables: + name: variables + id: aws.frauddetector.variables + x-cfn-schema-name: Variable + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FraudDetector::Variable' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FraudDetector::Variable' + AND region = 'us-east-1' + variable: + name: variable + id: aws.frauddetector.variable + x-cfn-schema-name: Variable + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.DataSource') as data_source, + JSON_EXTRACT(Properties, '$.DataType') as data_type, + JSON_EXTRACT(Properties, '$.DefaultValue') as default_value, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VariableType') as variable_type, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FraudDetector::Variable' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'DataSource') as data_source, + json_extract_path_text(Properties, 'DataType') as data_type, + json_extract_path_text(Properties, 'DefaultValue') as default_value, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VariableType') as variable_type, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FraudDetector::Variable' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/fsx.yaml b/providers/src/aws/v00.00.00000/services/fsx.yaml new file mode 100644 index 00000000..95ae2b3f --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/fsx.yaml @@ -0,0 +1,258 @@ +openapi: 3.0.0 +info: + title: FSx + version: 1.0.0 +paths: {} +components: + schemas: + EventType: + type: string + enum: + - NEW + - CHANGED + - DELETED + EventTypes: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/EventType' + maxItems: 3 + AutoImportPolicy: + description: |- + Describes the data repository association's automatic import policy. The AutoImportPolicy defines how Amazon FSx keeps your file metadata and directory listings up to date by importing changes to your Amazon FSx for Lustre file system as you modify objects in a linked S3 bucket. + The ``AutoImportPolicy`` is only supported on Amazon FSx for Lustre file systems with a data repository association. + type: object + additionalProperties: false + properties: + Events: + $ref: '#/components/schemas/EventTypes' + description: |- + The ``AutoImportPolicy`` can have the following event values: + + ``NEW`` - Amazon FSx automatically imports metadata of files added to the linked S3 bucket that do not currently exist in the FSx file system. + + ``CHANGED`` - Amazon FSx automatically updates file metadata and invalidates existing file content on the file system as files change in the data repository. + + ``DELETED`` - Amazon FSx automatically deletes files on the file system as corresponding files are deleted in the data repository. + + You can define any combination of event types for your ``AutoImportPolicy``. + required: + - Events + AutoExportPolicy: + description: |- + Describes a data repository association's automatic export policy. The ``AutoExportPolicy`` defines the types of updated objects on the file system that will be automatically exported to the data repository. As you create, modify, or delete files, Amazon FSx for Lustre automatically exports the defined changes asynchronously once your application finishes modifying the file. + The ``AutoExportPolicy`` is only supported on Amazon FSx for Lustre file systems with a data repository association. + type: object + additionalProperties: false + properties: + Events: + $ref: '#/components/schemas/EventTypes' + description: |- + The ``AutoExportPolicy`` can have the following event values: + + ``NEW`` - New files and directories are automatically exported to the data repository as they are added to the file system. + + ``CHANGED`` - Changes to files and directories on the file system are automatically exported to the data repository. + + ``DELETED`` - Files and directories are automatically deleted on the data repository when they are deleted on the file system. + + You can define any combination of event types for your ``AutoExportPolicy``. + required: + - Events + Tag: + description: Specifies a key-value pair for a resource tag. + type: object + additionalProperties: false + properties: + Key: + type: string + description: A value that specifies the ``TagKey``, the name of the tag. Tag keys must be unique for the resource to which they are attached. + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'A value that specifies the ``TagValue``, the value assigned to the corresponding tag key. Tag values can be null and don''t have to be unique in a tag set. For example, you can have a key-value pair in a tag set of ``finances : April`` and also of ``payroll : April``.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + S3: + description: The configuration for an Amazon S3 data repository linked to an Amazon FSx Lustre file system with a data repository association. The configuration defines which file events (new, changed, or deleted files or directories) are automatically imported from the linked data repository to the file system or automatically exported from the file system to the data repository. + type: object + additionalProperties: false + properties: + AutoImportPolicy: + $ref: '#/components/schemas/AutoImportPolicy' + description: |- + Describes the data repository association's automatic import policy. The AutoImportPolicy defines how Amazon FSx keeps your file metadata and directory listings up to date by importing changes to your Amazon FSx for Lustre file system as you modify objects in a linked S3 bucket. + The ``AutoImportPolicy`` is only supported on Amazon FSx for Lustre file systems with a data repository association. + AutoExportPolicy: + $ref: '#/components/schemas/AutoExportPolicy' + description: |- + Describes a data repository association's automatic export policy. The ``AutoExportPolicy`` defines the types of updated objects on the file system that will be automatically exported to the data repository. As you create, modify, or delete files, Amazon FSx for Lustre automatically exports the defined changes asynchronously once your application finishes modifying the file. + The ``AutoExportPolicy`` is only supported on Amazon FSx for Lustre file systems with a data repository association. + DataRepositoryAssociation: + type: object + properties: + AssociationId: + type: string + description: '' + ResourceARN: + type: string + description: '' + FileSystemId: + type: string + description: The ID of the file system on which the data repository association is configured. + FileSystemPath: + type: string + description: >- + A path on the Amazon FSx for Lustre file system that points to a high-level directory (such as ``/ns1/``) or subdirectory (such as ``/ns1/subdir/``) that will be mapped 1-1 with ``DataRepositoryPath``. The leading forward slash in the name is required. Two data repository associations cannot have overlapping file system paths. For example, if a data repository is associated with file system path ``/ns1/``, then you cannot link another data repository with file system path + ``/ns1/ns2``. + This path specifies where in your file system files will be exported from or imported to. This file system directory can be linked to only one Amazon S3 bucket, and no other S3 bucket can be linked to the directory. + If you specify only a forward slash (``/``) as the file system path, you can link only one data repository to the file system. You can only specify "/" as the file system path for the first data repository associated with a file system. + DataRepositoryPath: + type: string + description: The path to the Amazon S3 data repository that will be linked to the file system. The path can be an S3 bucket or prefix in the format ``s3://myBucket/myPrefix/``. This path specifies where in the S3 data repository files will be imported from or exported to. + BatchImportMetaDataOnCreate: + type: boolean + description: A boolean flag indicating whether an import data repository task to import metadata should run after the data repository association is created. The task runs if this flag is set to ``true``. + ImportedFileChunkSize: + type: integer + description: |- + For files imported from a data repository, this value determines the stripe count and maximum amount of data per file (in MiB) stored on a single physical disk. The maximum number of disks that a single file can be striped across is limited by the total number of disks that make up the file system or cache. + The default chunk size is 1,024 MiB (1 GiB) and can go as high as 512,000 MiB (500 GiB). Amazon S3 objects have a maximum size of 5 TB. + S3: + description: The configuration for an Amazon S3 data repository linked to an Amazon FSx Lustre file system with a data repository association. The configuration defines which file events (new, changed, or deleted files or directories) are automatically imported from the linked data repository to the file system or automatically exported from the file system to the data repository. + $ref: '#/components/schemas/S3' + Tags: + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + description: |- + An array of key-value pairs to apply to this resource. + For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). + required: + - FileSystemId + - FileSystemPath + - DataRepositoryPath + x-stackql-resource-name: data_repository_association + description: |- + Creates an Amazon FSx for Lustre data repository association (DRA). A data repository association is a link between a directory on the file system and an Amazon S3 bucket or prefix. You can have a maximum of 8 data repository associations on a file system. Data repository associations are supported on all FSx for Lustre 2.12 and newer file systems, excluding ``scratch_1`` deployment type. + Each data repository association must have a unique Amazon FSx file system directory and a unique S3 bucket or prefix associated with it. You can configure a data repository association for automatic import only, for automatic export only, or for both. To learn more about linking a data repository to your file system, see [Linking your file system to an S3 bucket](https://docs.aws.amazon.com/fsx/latest/LustreGuide/create-dra-linked-data-repo.html). + x-type-name: AWS::FSx::DataRepositoryAssociation + x-stackql-primary-identifier: + - AssociationId + x-create-only-properties: + - FileSystemId + - FileSystemPath + - DataRepositoryPath + - BatchImportMetaDataOnCreate + x-read-only-properties: + - AssociationId + - ResourceARN + x-required-properties: + - FileSystemId + - FileSystemPath + - DataRepositoryPath + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - fsx:CreateDataRepositoryAssociation + - fsx:DescribeDataRepositoryAssociations + - fsx:TagResource + - s3:ListBucket + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - iam:CreateServiceLinkedRole + - iam:PutRolePolicy + read: + - fsx:DescribeDataRepositoryAssociations + update: + - fsx:DescribeDataRepositoryAssociations + - fsx:UpdateDataRepositoryAssociation + - fsx:TagResource + - fsx:UntagResource + - s3:ListBucket + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - iam:CreateServiceLinkedRole + - iam:PutRolePolicy + delete: + - fsx:DescribeDataRepositoryAssociations + - fsx:DeleteDataRepositoryAssociation + list: + - fsx:DescribeDataRepositoryAssociations + x-stackQL-resources: + data_repository_associations: + name: data_repository_associations + id: aws.fsx.data_repository_associations + x-cfn-schema-name: DataRepositoryAssociation + x-type: list + x-identifiers: + - AssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssociationId') as association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FSx::DataRepositoryAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssociationId') as association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::FSx::DataRepositoryAssociation' + AND region = 'us-east-1' + data_repository_association: + name: data_repository_association + id: aws.fsx.data_repository_association + x-cfn-schema-name: DataRepositoryAssociation + x-type: get + x-identifiers: + - AssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AssociationId') as association_id, + JSON_EXTRACT(Properties, '$.ResourceARN') as resource_arn, + JSON_EXTRACT(Properties, '$.FileSystemId') as file_system_id, + JSON_EXTRACT(Properties, '$.FileSystemPath') as file_system_path, + JSON_EXTRACT(Properties, '$.DataRepositoryPath') as data_repository_path, + JSON_EXTRACT(Properties, '$.BatchImportMetaDataOnCreate') as batch_import_meta_data_on_create, + JSON_EXTRACT(Properties, '$.ImportedFileChunkSize') as imported_file_chunk_size, + JSON_EXTRACT(Properties, '$.S3') as s3, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FSx::DataRepositoryAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AssociationId') as association_id, + json_extract_path_text(Properties, 'ResourceARN') as resource_arn, + json_extract_path_text(Properties, 'FileSystemId') as file_system_id, + json_extract_path_text(Properties, 'FileSystemPath') as file_system_path, + json_extract_path_text(Properties, 'DataRepositoryPath') as data_repository_path, + json_extract_path_text(Properties, 'BatchImportMetaDataOnCreate') as batch_import_meta_data_on_create, + json_extract_path_text(Properties, 'ImportedFileChunkSize') as imported_file_chunk_size, + json_extract_path_text(Properties, 'S3') as s3, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FSx::DataRepositoryAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/gamelift.yaml b/providers/src/aws/v00.00.00000/services/gamelift.yaml new file mode 100644 index 00000000..5861cfd7 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/gamelift.yaml @@ -0,0 +1,2164 @@ +openapi: 3.0.0 +info: + title: GameLift + version: 1.0.0 +paths: {} +components: + schemas: + RoutingStrategy: + type: object + properties: + Message: + description: The message text to be used with a terminal routing strategy. If you specify TERMINAL for the Type property, you must specify this property. + type: string + FleetId: + description: A unique identifier for a fleet that the alias points to. If you specify SIMPLE for the Type property, you must specify this property. + type: string + pattern: ^fleet-\S+ + Type: + description: Simple routing strategy. The alias resolves to one specific fleet. Use this type when routing to active fleets. + type: string + enum: + - SIMPLE + - TERMINAL + additionalProperties: false + required: + - Type + anyOf: + - required: + - FleetId + - required: + - Message + Alias: + type: object + properties: + Description: + description: A human-readable description of the alias. + type: string + minLength: 1 + maxLength: 1024 + Name: + description: A descriptive label that is associated with an alias. Alias names do not need to be unique. + type: string + minLength: 1 + maxLength: 1024 + pattern: .*\S.* + RoutingStrategy: + description: A routing configuration that specifies where traffic is directed for this alias, such as to a fleet or to a message. + $ref: '#/components/schemas/RoutingStrategy' + AliasId: + description: Unique alias ID + type: string + required: + - Name + - RoutingStrategy + x-stackql-resource-name: alias + description: The AWS::GameLift::Alias resource creates an alias for an Amazon GameLift (GameLift) fleet destination. + x-type-name: AWS::GameLift::Alias + x-stackql-primary-identifier: + - AliasId + x-read-only-properties: + - AliasId + x-required-properties: + - Name + - RoutingStrategy + x-taggable: true + x-required-permissions: + create: + - gamelift:CreateAlias + read: + - gamelift:DescribeAlias + update: + - gamelift:UpdateAlias + delete: + - gamelift:DeleteAlias + list: + - gamelift:ListAliases + StorageLocation: + x-$comment: Contains object details present in the S3 Bucket + type: object + additionalProperties: false + properties: + Bucket: + description: An Amazon S3 bucket identifier. This is the name of the S3 bucket. + type: string + Key: + description: The name of the zip file that contains the build files or script files. + type: string + ObjectVersion: + description: The version of the file, if object versioning is turned on for the bucket. Amazon GameLift uses this information when retrieving files from your S3 bucket. To retrieve a specific version of the file, provide an object version. To retrieve the latest version of the file, do not set this parameter. + type: string + RoleArn: + description: The Amazon Resource Name (ARN) for an IAM role that allows Amazon GameLift to access the S3 bucket. + type: string + required: + - Bucket + - Key + - RoleArn + Build: + type: object + properties: + BuildId: + description: A unique identifier for a build to be deployed on the new fleet. If you are deploying the fleet with a custom game build, you must specify this property. The build must have been successfully uploaded to Amazon GameLift and be in a READY status. This fleet setting cannot be changed once the fleet is created. + type: string + Name: + description: A descriptive label that is associated with a build. Build names do not need to be unique. + type: string + OperatingSystem: + description: The operating system that the game server binaries are built to run on. This value determines the type of fleet resources that you can use for this build. If your game build contains multiple executables, they all must run on the same operating system. If an operating system is not specified when creating a build, Amazon GameLift uses the default value (WINDOWS_2012). This value cannot be changed later. + type: string + enum: + - AMAZON_LINUX + - AMAZON_LINUX_2 + - AMAZON_LINUX_2023 + - WINDOWS_2012 + - WINDOWS_2016 + StorageLocation: + description: Information indicating where your game build files are stored. Use this parameter only when creating a build with files stored in an Amazon S3 bucket that you own. The storage location must specify an Amazon S3 bucket name and key. The location must also specify a role ARN that you set up to allow Amazon GameLift to access your Amazon S3 bucket. The S3 bucket and your new build must be in the same Region. + $ref: '#/components/schemas/StorageLocation' + Version: + description: Version information that is associated with this build. Version strings do not need to be unique. + type: string + ServerSdkVersion: + description: A server SDK version you used when integrating your game server build with Amazon GameLift. By default Amazon GameLift sets this value to 4.0.2. + type: string + required: [] + x-stackql-resource-name: build + description: Resource Type definition for AWS::GameLift::Build + x-type-name: AWS::GameLift::Build + x-stackql-primary-identifier: + - BuildId + x-create-only-properties: + - StorageLocation + - OperatingSystem + - ServerSdkVersion + x-write-only-properties: + - StorageLocation + - ServerSdkVersion + x-read-only-properties: + - BuildId + x-required-properties: [] + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - gamelift:DescribeBuild + - gamelift:CreateBuild + read: + - gamelift:DescribeBuild + update: + - gamelift:UpdateBuild + delete: + - gamelift:DescribeBuild + - gamelift:DeleteBuild + list: + - gamelift:ListBuilds + ScalingPolicy: + description: Rule that controls how a fleet is scaled. Scaling policies are uniquely identified by the combination of name and fleet ID. + additionalProperties: false + type: object + properties: + Status: + description: Current status of the scaling policy. The scaling policy can be in force only when in an ACTIVE status. Scaling policies can be suspended for individual fleets. If the policy is suspended for a fleet, the policy status does not change. + type: string + enum: + - ACTIVE + - UPDATE_REQUESTED + - UPDATING + - DELETE_REQUESTED + - DELETING + - DELETED + - ERROR + MetricName: + description: Name of the Amazon GameLift-defined metric that is used to trigger a scaling adjustment. + type: string + enum: + - ActivatingGameSessions + - ActiveGameSessions + - ActiveInstances + - AvailableGameSessions + - AvailablePlayerSessions + - CurrentPlayerSessions + - IdleInstances + - PercentAvailableGameSessions + - PercentIdleInstances + - QueueDepth + - WaitTime + - ConcurrentActivatableGameSessions + PolicyType: + description: 'The type of scaling policy to create. For a target-based policy, set the parameter MetricName to ''PercentAvailableGameSessions'' and specify a TargetConfiguration. For a rule-based policy set the following parameters: MetricName, ComparisonOperator, Threshold, EvaluationPeriods, ScalingAdjustmentType, and ScalingAdjustment.' + type: string + enum: + - RuleBased + - TargetBased + ComparisonOperator: + description: Comparison operator to use when measuring a metric against the threshold value. + type: string + enum: + - GreaterThanOrEqualToThreshold + - GreaterThanThreshold + - LessThanThreshold + - LessThanOrEqualToThreshold + TargetConfiguration: + description: An object that contains settings for a target-based scaling policy. + $ref: '#/components/schemas/TargetConfiguration' + UpdateStatus: + description: The current status of the fleet's scaling policies in a requested fleet location. The status PENDING_UPDATE indicates that an update was requested for the fleet but has not yet been completed for the location. + type: string + enum: + - PENDING_UPDATE + ScalingAdjustment: + description: Amount of adjustment to make, based on the scaling adjustment type. + type: integer + EvaluationPeriods: + description: Length of time (in minutes) the metric must be at or beyond the threshold before a scaling event is triggered. + type: integer + minimum: 1 + Location: + $ref: '#/components/schemas/Location' + Name: + minLength: 1 + description: A descriptive label that is associated with a fleet's scaling policy. Policy names do not need to be unique. + type: string + maxLength: 1024 + ScalingAdjustmentType: + description: The type of adjustment to make to a fleet's instance count. + type: string + enum: + - ChangeInCapacity + - ExactCapacity + - PercentChangeInCapacity + Threshold: + description: Metric value used to trigger a scaling event. + type: number + required: + - MetricName + - Name + ServerProcess: + description: A set of instructions for launching server processes on each instance in a fleet. Each instruction set identifies the location of the server executable, optional launch parameters, and the number of server processes with this configuration to maintain concurrently on the instance. Server process configurations make up a fleet's RuntimeConfiguration. + additionalProperties: false + type: object + properties: + ConcurrentExecutions: + description: The number of server processes that use this configuration to run concurrently on an instance. + type: integer + minimum: 1 + Parameters: + minLength: 1 + description: An optional list of parameters to pass to the server executable or Realtime script on launch. + type: string + maxLength: 1024 + LaunchPath: + minLength: 1 + pattern: ^([Cc]:\\game\S+|/local/game/\S+) + description: |- + The location of the server executable in a custom game build or the name of the Realtime script file that contains the Init() function. Game builds and Realtime scripts are installed on instances at the root: + + Windows (for custom game builds only): C:\game. Example: "C:\game\MyGame\server.exe" + + Linux: /local/game. Examples: "/local/game/MyGame/server.exe" or "/local/game/MyRealtimeScript.js" + type: string + maxLength: 1024 + required: + - ConcurrentExecutions + - LaunchPath + TargetConfiguration: + description: Settings for a target-based scaling policy. A target-based policy tracks a particular fleet metric specifies a target value for the metric. As player usage changes, the policy triggers Amazon GameLift to adjust capacity so that the metric returns to the target value. The target configuration specifies settings as needed for the target based policy, including the target value. + additionalProperties: false + type: object + properties: + TargetValue: + description: Desired value to use with a target-based scaling policy. The value must be relevant for whatever metric the scaling policy is using. For example, in a policy using the metric PercentAvailableGameSessions, the target value should be the preferred size of the fleet's buffer (the percent of capacity that should be idle and ready for new game sessions). + type: number + required: + - TargetValue + RuntimeConfiguration: + description: >- + A collection of server process configurations that describe the processes to run on each instance in a fleet. All fleets must have a runtime configuration. Each instance in the fleet maintains server processes as specified in the runtime configuration, launching new ones as existing processes end. Each instance regularly checks for an updated runtime configuration makes adjustments as called for. + + + The runtime configuration enables the instances in a fleet to run multiple processes simultaneously. Potential scenarios are as follows: (1) Run multiple processes of a single game server executable to maximize usage of your hosting resources. (2) Run one or more processes of different executables, such as your game server and a metrics tracking program. (3) Run multiple processes of a single game server but with different launch parameters, for example to run one process on each + instance in debug mode. + + + An Amazon GameLift instance is limited to 50 processes running simultaneously. A runtime configuration must specify fewer than this limit. To calculate the total number of processes specified in a runtime configuration, add the values of the ConcurrentExecutions parameter for each ServerProcess object in the runtime configuration. + additionalProperties: false + type: object + properties: + ServerProcesses: + maxItems: 50 + description: A collection of server process configurations that describe which server processes to run on each instance in a fleet. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ServerProcess' + MaxConcurrentGameSessionActivations: + description: The maximum number of game sessions with status ACTIVATING to allow on an instance simultaneously. This setting limits the amount of instance resources that can be used for new game activations at any one time. + maximum: 2147483647 + type: integer + minimum: 1 + GameSessionActivationTimeoutSeconds: + description: The maximum amount of time (in seconds) that a game session can remain in status ACTIVATING. If the game session is not active before the timeout, activation is terminated and the game session status is changed to TERMINATED. + maximum: 600 + type: integer + minimum: 1 + LocationConfiguration: + description: A remote location where a multi-location fleet can deploy EC2 instances for game hosting. + additionalProperties: false + type: object + properties: + LocationCapacity: + $ref: '#/components/schemas/LocationCapacity' + Location: + $ref: '#/components/schemas/Location' + required: + - Location + AnywhereConfiguration: + description: Configuration for Anywhere fleet. + additionalProperties: false + properties: + Cost: + minLength: 1 + pattern: ^\d{1,5}(?:\.\d{1,5})?$ + description: Cost of compute can be specified on Anywhere Fleets to prioritize placement across Queue destinations based on Cost. + type: string + maxLength: 11 + required: + - Cost + ResourceCreationLimitPolicy: + description: |- + A policy that limits the number of game sessions a player can create on the same fleet. This optional policy gives game owners control over how players can consume available game server resources. A resource creation policy makes the following statement: "An individual player can create a maximum number of new game sessions within a specified time period". + + The policy is evaluated when a player tries to create a new game session. For example, assume you have a policy of 10 new game sessions and a time period of 60 minutes. On receiving a CreateGameSession request, Amazon GameLift checks that the player (identified by CreatorId) has created fewer than 10 game sessions in the past 60 minutes. + additionalProperties: false + type: object + properties: + PolicyPeriodInMinutes: + description: The time span used in evaluating the resource creation limit policy. + type: integer + minimum: 0 + NewGameSessionsPerCreator: + description: The maximum number of game sessions that an individual can create during the policy period. + type: integer + minimum: 0 + LocationCapacity: + description: Current resource capacity settings in a specified fleet or location. The location value might refer to a fleet's remote location or its home Region. + additionalProperties: false + type: object + properties: + MinSize: + description: The minimum value allowed for the fleet's instance count for a location. When creating a new fleet, GameLift automatically sets this value to "0". After the fleet is active, you can change this value. + type: integer + minimum: 0 + DesiredEC2Instances: + description: The number of EC2 instances you want to maintain in the specified fleet location. This value must fall between the minimum and maximum size limits. + type: integer + minimum: 0 + MaxSize: + description: The maximum value that is allowed for the fleet's instance count for a location. When creating a new fleet, GameLift automatically sets this value to "1". Once the fleet is active, you can change this value. + type: integer + minimum: 0 + required: + - DesiredEC2Instances + - MinSize + - MaxSize + CertificateConfiguration: + description: Information about the use of a TLS/SSL certificate for a fleet. TLS certificate generation is enabled at the fleet level, with one certificate generated for the fleet. When this feature is enabled, the certificate can be retrieved using the GameLift Server SDK call GetInstanceCertificate. All instances in a fleet share the same certificate. + additionalProperties: false + type: object + properties: + CertificateType: + type: string + enum: + - DISABLED + - GENERATED + required: + - CertificateType + IpPermission: + description: >- + A range of IP addresses and port settings that allow inbound traffic to connect to server processes on an Amazon GameLift hosting resource. New game sessions that are started on the fleet are assigned an IP address/port number combination, which must fall into the fleet's allowed ranges. For fleets created with a custom game server, the ranges reflect the server's game session assignments. For Realtime Servers fleets, Amazon GameLift automatically opens two port ranges, one for TCP + messaging and one for UDP, for use by the Realtime servers. + additionalProperties: false + type: object + properties: + IpRange: + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$) + description: 'A range of allowed IP addresses. This value must be expressed in CIDR notation. Example: "000.000.000.000/[subnet mask]" or optionally the shortened version "0.0.0.0/[subnet mask]".' + type: string + FromPort: + description: A starting value for a range of allowed port numbers. + maximum: 60000 + type: integer + minimum: 1 + ToPort: + description: An ending value for a range of allowed port numbers. Port numbers are end-inclusive. This value must be higher than FromPort. + maximum: 60000 + type: integer + minimum: 1 + Protocol: + description: The network communication protocol used by the fleet. + type: string + enum: + - TCP + - UDP + required: + - FromPort + - IpRange + - Protocol + - ToPort + Location: + type: object + properties: + LocationName: + type: string + minLength: 8 + maxLength: 64 + pattern: ^custom-[A-Za-z0-9\-]+ + LocationArn: + type: string + pattern: ^arn:.*:location/custom-\S+ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + required: + - LocationName + x-stackql-resource-name: location + description: The AWS::GameLift::Location resource creates an Amazon GameLift (GameLift) custom location. + x-type-name: AWS::GameLift::Location + x-stackql-primary-identifier: + - LocationName + x-create-only-properties: + - LocationName + x-read-only-properties: + - LocationArn + x-required-properties: + - LocationName + x-tagging: + taggable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - gamelift:CreateLocation + - gamelift:ListLocations + - gamelift:ListTagsForResource + - gamelift:TagResource + read: + - gamelift:ListLocations + - gamelift:ListTagsForResource + delete: + - gamelift:DeleteLocation + list: + - gamelift:ListLocations + update: + - gamelift:ListLocations + - gamelift:ListTagsForResource + - gamelift:TagResource + - gamelift:UntagResource + Fleet: + type: object + properties: + ScalingPolicies: + maxItems: 50 + description: A list of rules that control how a fleet is scaled. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ScalingPolicy' + Description: + minLength: 1 + description: A human-readable description of a fleet. + type: string + maxLength: 1024 + PeerVpcId: + minLength: 1 + pattern: ^vpc-\S+ + description: A unique identifier for a VPC with resources to be accessed by your Amazon GameLift fleet. The VPC must be in the same Region as your fleet. To look up a VPC ID, use the VPC Dashboard in the AWS Management Console. + type: string + maxLength: 1024 + ApplyCapacity: + description: Determines whether to apply fleet or location capacities on fleet creation. + type: string + enum: + - ON_UPDATE + - ON_CREATE_AND_UPDATE + EC2InboundPermissions: + maxItems: 50 + description: A range of IP addresses and port settings that allow inbound traffic to connect to server processes on an Amazon GameLift server. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/IpPermission' + ComputeType: + description: ComputeType to differentiate EC2 hardware managed by GameLift and Anywhere hardware managed by the customer. + type: string + enum: + - EC2 + - ANYWHERE + Name: + minLength: 1 + description: A descriptive label that is associated with a fleet. Fleet names do not need to be unique. + type: string + maxLength: 1024 + AnywhereConfiguration: + description: Configuration for Anywhere fleet. + $ref: '#/components/schemas/AnywhereConfiguration' + InstanceRoleARN: + minLength: 1 + pattern: ^arn:aws(-.*)?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ + description: A unique identifier for an AWS IAM role that manages access to your AWS services. With an instance role ARN set, any application that runs on an instance in this fleet can assume the role, including install scripts, server processes, and daemons (background processes). Create a role or look up a role's ARN from the IAM dashboard in the AWS Management Console. + type: string + FleetId: + pattern: ^fleet-\S+ + description: Unique fleet ID + type: string + CertificateConfiguration: + description: Indicates whether to generate a TLS/SSL certificate for the new fleet. TLS certificates are used for encrypting traffic between game clients and game servers running on GameLift. If this parameter is not set, certificate generation is disabled. This fleet setting cannot be changed once the fleet is created. + $ref: '#/components/schemas/CertificateConfiguration' + InstanceRoleCredentialsProvider: + description: Credentials provider implementation that loads credentials from the Amazon EC2 Instance Metadata Service. + type: string + enum: + - SHARED_CREDENTIAL_FILE + DesiredEC2Instances: + description: '[DEPRECATED] The number of EC2 instances that you want this fleet to host. When creating a new fleet, GameLift automatically sets this value to "1" and initiates a single instance. Once the fleet is active, update this value to trigger GameLift to add or remove instances from the fleet.' + type: integer + minimum: 0 + ServerLaunchParameters: + minLength: 1 + description: This parameter is no longer used but is retained for backward compatibility. Instead, specify server launch parameters in the RuntimeConfiguration parameter. A request must specify either a runtime configuration or values for both ServerLaunchParameters and ServerLaunchPath. + type: string + maxLength: 1024 + FleetType: + description: Indicates whether to use On-Demand instances or Spot instances for this fleet. If empty, the default is ON_DEMAND. Both categories of instances use identical hardware and configurations based on the instance type selected for this fleet. + type: string + enum: + - ON_DEMAND + - SPOT + Locations: + minItems: 1 + maxItems: 100 + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/LocationConfiguration' + NewGameSessionProtectionPolicy: + description: A game session protection policy to apply to all game sessions hosted on instances in this fleet. When protected, active game sessions cannot be terminated during a scale-down event. If this parameter is not set, instances in this fleet default to no protection. You can change a fleet's protection policy to affect future game sessions on the fleet. You can also set protection for individual game sessions. + type: string + enum: + - FullProtection + - NoProtection + ScriptId: + pattern: ^script-\S+|^arn:.*:script/script-\S+ + description: |- + A unique identifier for a Realtime script to be deployed on a new Realtime Servers fleet. The script must have been successfully uploaded to Amazon GameLift. This fleet setting cannot be changed once the fleet is created. + + Note: It is not currently possible to use the !Ref command to reference a script created with a CloudFormation template for the fleet property ScriptId. Instead, use Fn::GetAtt Script.Arn or Fn::GetAtt Script.Id to retrieve either of these properties as input for ScriptId. Alternatively, enter a ScriptId string manually. + type: string + MaxSize: + description: '[DEPRECATED] The maximum value that is allowed for the fleet''s instance count. When creating a new fleet, GameLift automatically sets this value to "1". Once the fleet is active, you can change this value.' + type: integer + minimum: 0 + RuntimeConfiguration: + description: |- + Instructions for launching server processes on each instance in the fleet. Server processes run either a custom game build executable or a Realtime script. The runtime configuration defines the server executables or launch script file, launch parameters, and the number of processes to run concurrently on each instance. When creating a fleet, the runtime configuration must have at least one server process configuration; otherwise the request fails with an invalid request exception. + + This parameter is required unless the parameters ServerLaunchPath and ServerLaunchParameters are defined. Runtime configuration has replaced these parameters, but fleets that use them will continue to work. + $ref: '#/components/schemas/RuntimeConfiguration' + LogPaths: + description: This parameter is no longer used. When hosting a custom game build, specify where Amazon GameLift should store log files using the Amazon GameLift server API call ProcessReady() + x-insertionOrder: false + type: array + items: + type: string + ServerLaunchPath: + minLength: 1 + description: This parameter is no longer used. Instead, specify a server launch path using the RuntimeConfiguration parameter. Requests that specify a server launch path and launch parameters instead of a runtime configuration will continue to work. + type: string + maxLength: 1024 + MinSize: + description: '[DEPRECATED] The minimum value allowed for the fleet''s instance count. When creating a new fleet, GameLift automatically sets this value to "0". After the fleet is active, you can change this value.' + type: integer + minimum: 0 + PeerVpcAwsAccountId: + minLength: 1 + pattern: ^[0-9]{12}$ + description: A unique identifier for the AWS account with the VPC that you want to peer your Amazon GameLift fleet with. You can find your account ID in the AWS Management Console under account settings. + type: string + maxLength: 1024 + MetricGroups: + maxItems: 1 + description: The name of an Amazon CloudWatch metric group. A metric group aggregates the metrics for all fleets in the group. Specify a string containing the metric group name. You can use an existing name or use a new name to create a new metric group. Currently, this parameter can have only one string. + x-insertionOrder: false + type: array + items: + type: string + BuildId: + pattern: ^build-\S+|^arn:.*:build/build-\S+ + description: A unique identifier for a build to be deployed on the new fleet. If you are deploying the fleet with a custom game build, you must specify this property. The build must have been successfully uploaded to Amazon GameLift and be in a READY status. This fleet setting cannot be changed once the fleet is created. + type: string + ResourceCreationLimitPolicy: + description: A policy that limits the number of game sessions an individual player can create over a span of time for this fleet. + $ref: '#/components/schemas/ResourceCreationLimitPolicy' + EC2InstanceType: + pattern: ^.*..*$ + description: The name of an EC2 instance type that is supported in Amazon GameLift. A fleet instance type determines the computing resources of each instance in the fleet, including CPU, memory, storage, and networking capacity. Amazon GameLift supports the following EC2 instance types. See Amazon EC2 Instance Types for detailed descriptions. + type: string + required: + - Name + x-stackql-resource-name: fleet + description: The AWS::GameLift::Fleet resource creates an Amazon GameLift (GameLift) fleet to host game servers. A fleet is a set of EC2 or Anywhere instances, each of which can host multiple game sessions. + x-type-name: AWS::GameLift::Fleet + x-stackql-primary-identifier: + - FleetId + x-create-only-properties: + - ApplyCapacity + - BuildId + - CertificateConfiguration + - EC2InstanceType + - FleetType + - InstanceRoleARN + - InstanceRoleCredentialsProvider + - LogPaths + - PeerVpcAwsAccountId + - PeerVpcId + - ScriptId + - ServerLaunchParameters + - ServerLaunchPath + - ComputeType + x-write-only-properties: + - ApplyCapacity + x-read-only-properties: + - FleetId + x-required-properties: + - Name + x-taggable: true + x-required-permissions: + read: + - gamelift:DescribeFleetAttributes + - gamelift:DescribeFleetLocationAttributes + - gamelift:DescribeFleetCapacity + - gamelift:DescribeFleetPortSettings + - gamelift:DescribeFleetUtilization + - gamelift:DescribeRuntimeConfiguration + - gamelift:DescribeEC2InstanceLimits + - gamelift:DescribeFleetEvents + - gamelift:DescribeScalingPolicies + create: + - gamelift:CreateFleet + - gamelift:DescribeFleetAttributes + - gamelift:DescribeFleetLocationAttributes + - gamelift:UpdateFleetCapacity + - gamelift:DescribeFleetLocationCapacity + - gamelift:PutScalingPolicy + - gamelift:DescribeScalingPolicies + update: + - gamelift:UpdateFleetAttributes + - gamelift:CreateFleetLocations + - gamelift:DeleteFleetLocations + - gamelift:UpdateFleetCapacity + - gamelift:UpdateFleetPortSettings + - gamelift:UpdateRuntimeConfiguration + - gamelift:DescribeFleetLocationCapacity + - gamelift:DescribeFleetPortSettings + - gamelift:DescribeFleetLocationAttributes + - gamelift:PutScalingPolicy + - gamelift:DescribeScalingPolicies + - gamelift:DeleteScalingPolicy + list: + - gamelift:ListFleets + delete: + - gamelift:DeleteFleet + - gamelift:DescribeFleetLocationCapacity + - gamelift:DescribeScalingPolicies + - gamelift:DeleteScalingPolicy + AutoScalingPolicy: + type: object + description: Configuration settings to define a scaling policy for the Auto Scaling group that is optimized for game hosting. Updating this game server group property will not take effect for the created EC2 Auto Scaling group, please update the EC2 Auto Scaling group directly after creating the resource. + properties: + EstimatedInstanceWarmup: + $ref: '#/components/schemas/EstimatedInstanceWarmup' + TargetTrackingConfiguration: + $ref: '#/components/schemas/TargetTrackingConfiguration' + required: + - TargetTrackingConfiguration + additionalProperties: false + EstimatedInstanceWarmup: + type: number + description: Length of time, in seconds, it takes for a new instance to start new game server processes and register with GameLift FleetIQ. + TargetTrackingConfiguration: + type: object + description: Settings for a target-based scaling policy applied to Auto Scaling group. + properties: + TargetValue: + $ref: '#/components/schemas/TargetValue' + required: + - TargetValue + additionalProperties: false + TargetValue: + type: number + description: Desired value to use with a game server group target-based scaling policy. + BalancingStrategy: + type: string + description: The fallback balancing method to use for the game server group when Spot Instances in a Region become unavailable or are not viable for game hosting. + enum: + - SPOT_ONLY + - SPOT_PREFERRED + - ON_DEMAND_ONLY + DeleteOption: + description: The type of delete to perform. + type: string + enum: + - SAFE_DELETE + - FORCE_DELETE + - RETAIN + GameServerGroupName: + type: string + description: An identifier for the new game server group. + pattern: '[a-zA-Z0-9-\.]+' + minLength: 1 + maxLength: 128 + GameServerProtectionPolicy: + type: string + description: A flag that indicates whether instances in the game server group are protected from early termination. + enum: + - NO_PROTECTION + - FULL_PROTECTION + GameServerGroupArn: + description: A generated unique ID for the game server group. + type: string + pattern: ^arn:.*:gameservergroup\/[a-zA-Z0-9-\.]* + minLength: 1 + maxLength: 256 + InstanceDefinitions: + type: array + description: A set of EC2 instance types to use when creating instances in the group. + items: + $ref: '#/components/schemas/InstanceDefinition' + maxItems: 20 + minItems: 2 + x-insertionOrder: false + InstanceDefinition: + type: object + description: An allowed instance type for your game server group. + properties: + InstanceType: + $ref: '#/components/schemas/InstanceType' + WeightedCapacity: + $ref: '#/components/schemas/WeightedCapacity' + required: + - InstanceType + additionalProperties: false + InstanceType: + type: string + description: An EC2 instance type designation. + WeightedCapacity: + type: string + description: Instance weighting that indicates how much this instance type contributes to the total capacity of a game server group. + pattern: ^[\u0031-\u0039][\u0030-\u0039]{0,2}$ + LaunchTemplate: + type: object + description: The EC2 launch template that contains configuration settings and game server code to be deployed to all instances in the game server group. Updating this game server group property will not take effect for the created EC2 Auto Scaling group, please update the EC2 Auto Scaling group directly after creating the resource. + properties: + LaunchTemplateId: + $ref: '#/components/schemas/LaunchTemplateId' + LaunchTemplateName: + $ref: '#/components/schemas/LaunchTemplateName' + Version: + $ref: '#/components/schemas/Version' + additionalProperties: false + LaunchTemplateId: + type: string + description: A unique identifier for an existing EC2 launch template. + LaunchTemplateName: + type: string + description: A readable identifier for an existing EC2 launch template. + Version: + type: string + description: The version of the EC2 launch template to use. + MaxSize: + type: number + description: The maximum number of instances allowed in the EC2 Auto Scaling group. Updating this game server group property will not take effect for the created EC2 Auto Scaling group, please update the EC2 Auto Scaling group directly after creating the resource. + minimum: 1 + MinSize: + type: number + description: The minimum number of instances allowed in the EC2 Auto Scaling group. Updating this game server group property will not take effect for the created EC2 Auto Scaling group, please update the EC2 Auto Scaling group directly after creating the resource. + minimum: 0 + RoleArn: + type: string + description: The Amazon Resource Name (ARN) for an IAM role that allows Amazon GameLift to access your EC2 Auto Scaling groups. + pattern: ^arn:.*:role\/[\w+=,.@-]+ + minLength: 1 + maxLength: 256 + Tags: + type: array + description: A list of labels to assign to the new game server group resource. Updating game server group tags with CloudFormation will not take effect. Please update this property using AWS GameLift APIs instead. + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 200 + x-insertionOrder: false + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length. + minLength: 1 + maxLength: 128 + Value: + type: string + description: The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length. + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + VpcSubnets: + type: array + description: A list of virtual private cloud (VPC) subnets to use with instances in the game server group. Updating this game server group property will not take effect for the created EC2 Auto Scaling group, please update the EC2 Auto Scaling group directly after creating the resource. + items: + type: string + pattern: ^subnet-[0-9a-z]+$ + minLength: 15 + maxLength: 24 + minItems: 1 + maxItems: 20 + x-insertionOrder: false + GameServerGroup: + type: object + properties: + AutoScalingGroupArn: + description: A generated unique ID for the EC2 Auto Scaling group that is associated with this game server group. + $ref: '#/components/schemas/AutoScalingGroupArn' + AutoScalingPolicy: + description: Configuration settings to define a scaling policy for the Auto Scaling group that is optimized for game hosting. Updating this game server group property will not take effect for the created EC2 Auto Scaling group, please update the EC2 Auto Scaling group directly after creating the resource. + $ref: '#/components/schemas/AutoScalingPolicy' + BalancingStrategy: + description: The fallback balancing method to use for the game server group when Spot Instances in a Region become unavailable or are not viable for game hosting. + $ref: '#/components/schemas/BalancingStrategy' + DeleteOption: + description: The type of delete to perform. + $ref: '#/components/schemas/DeleteOption' + GameServerGroupArn: + description: A generated unique ID for the game server group. + $ref: '#/components/schemas/GameServerGroupArn' + GameServerGroupName: + description: An identifier for the new game server group. + $ref: '#/components/schemas/GameServerGroupName' + GameServerProtectionPolicy: + description: A flag that indicates whether instances in the game server group are protected from early termination. + $ref: '#/components/schemas/GameServerProtectionPolicy' + InstanceDefinitions: + description: A set of EC2 instance types to use when creating instances in the group. + $ref: '#/components/schemas/InstanceDefinitions' + LaunchTemplate: + description: The EC2 launch template that contains configuration settings and game server code to be deployed to all instances in the game server group. Updating this game server group property will not take effect for the created EC2 Auto Scaling group, please update the EC2 Auto Scaling group directly after creating the resource. + $ref: '#/components/schemas/LaunchTemplate' + MaxSize: + description: The maximum number of instances allowed in the EC2 Auto Scaling group. Updating this game server group property will not take effect for the created EC2 Auto Scaling group, please update the EC2 Auto Scaling group directly after creating the resource. + $ref: '#/components/schemas/MaxSize' + MinSize: + description: The minimum number of instances allowed in the EC2 Auto Scaling group. Updating this game server group property will not take effect for the created EC2 Auto Scaling group, please update the EC2 Auto Scaling group directly after creating the resource. + $ref: '#/components/schemas/MinSize' + RoleArn: + description: The Amazon Resource Name (ARN) for an IAM role that allows Amazon GameLift to access your EC2 Auto Scaling groups. + $ref: '#/components/schemas/RoleArn' + Tags: + description: A list of labels to assign to the new game server group resource. Updating game server group tags with CloudFormation will not take effect. Please update this property using AWS GameLift APIs instead. + $ref: '#/components/schemas/Tags' + VpcSubnets: + description: A list of virtual private cloud (VPC) subnets to use with instances in the game server group. Updating this game server group property will not take effect for the created EC2 Auto Scaling group, please update the EC2 Auto Scaling group directly after creating the resource. + $ref: '#/components/schemas/VpcSubnets' + required: + - GameServerGroupName + - InstanceDefinitions + - RoleArn + x-stackql-resource-name: game_server_group + description: The AWS::GameLift::GameServerGroup resource creates an Amazon GameLift (GameLift) GameServerGroup. + x-type-name: AWS::GameLift::GameServerGroup + x-stackql-primary-identifier: + - GameServerGroupArn + x-write-only-properties: + - DeleteOption + - LaunchTemplate + - MinSize + - MaxSize + - AutoScalingPolicy + - VpcSubnets + - Tags + x-read-only-properties: + - GameServerGroupArn + - AutoScalingGroupArn + x-required-properties: + - GameServerGroupName + - InstanceDefinitions + - RoleArn + x-taggable: true + x-required-permissions: + create: + - gamelift:CreateGameServerGroup + - gamelift:TagResource + - gamelift:DescribeGameServerGroup + - iam:assumeRole + - iam:PassRole + - iam:CreateServiceLinkedRole + - ec2:DescribeAvailabilityZones + - ec2:DescribeSubnets + - ec2:RunInstances + - ec2:CreateTags + - ec2:DescribeLaunchTemplateVersions + - autoscaling:CreateAutoScalingGroup + - autoscaling:DescribeLifecycleHooks + - autoscaling:DescribeNotificationConfigurations + - autoscaling:CreateAutoScalingGroup + - autoscaling:CreateOrUpdateTags + - autoscaling:DescribeAutoScalingGroups + - autoscaling:ExitStandby + - autoscaling:PutLifecycleHook + - autoscaling:PutScalingPolicy + - autoscaling:ResumeProcesses + - autoscaling:SetInstanceProtection + - autoscaling:UpdateAutoScalingGroup + - events:PutRule + - events:PutTargets + read: + - gamelift:DescribeGameServerGroup + update: + - gamelift:UpdateGameServerGroup + - iam:assumeRole + - iam:PassRole + - autoscaling:DescribeAutoScalingGroups + - autoscaling:UpdateAutoScalingGroup + - autoscaling:SetInstanceProtection + delete: + - gamelift:DeleteGameServerGroup + - gamelift:DescribeGameServerGroup + - iam:assumeRole + - iam:PassRole + - iam:CreateServiceLinkedRole + - ec2:DescribeAvailabilityZones + - ec2:DescribeSubnets + - ec2:DescribeLaunchTemplateVersions + - autoscaling:CreateAutoScalingGroup + - autoscaling:DescribeLifecycleHooks + - autoscaling:DescribeNotificationConfigurations + - autoscaling:DescribeAutoScalingGroups + - autoscaling:ExitStandby + - autoscaling:PutLifecycleHook + - autoscaling:PutScalingPolicy + - autoscaling:ResumeProcesses + - autoscaling:SetInstanceProtection + - autoscaling:UpdateAutoScalingGroup + - autoscaling:DeleteAutoScalingGroup + - events:PutRule + - events:PutTargets + list: + - gamelift:ListGameServerGroups + AutoScalingGroupArn: + type: string + description: A generated unique ID for the EC2 Auto Scaling group that is associated with this game server group. + minLength: 0 + maxLength: 256 + pattern: "[ -퟿-�𐀀-􏿿\r\n\t]*" + CreationTime: + type: string + description: A timestamp that indicates when this data object was created. + LastUpdatedTime: + type: string + description: A timestamp that indicates when this game server group was last updated. + Status: + type: string + description: The current status of the game server group. + enum: + - NEW + - ACTIVATING + - ACTIVE + - DELETE_SCHEDULED + - DELETING + - DELETED + - ERROR + StatusReason: + type: string + description: Additional information about the current game server group status. + minLength: 1 + maxLength: 1024 + SuspendedActions: + type: array + items: + type: string + enum: + - REPLACE_INSTANCE_TYPES + GameSessionQueueDestination: + type: object + description: A fleet or alias designated in a game session queue. + properties: + DestinationArn: + type: string + minLength: 1 + maxLength: 256 + pattern: '[a-zA-Z0-9:/-]+' + additionalProperties: false + PlayerLatencyPolicy: + type: object + description: Sets a latency cap for individual players when placing a game session. + properties: + MaximumIndividualPlayerLatencyMilliseconds: + type: integer + description: The maximum latency value that is allowed for any player, in milliseconds. All policies must have a value set for this property. + minimum: 0 + PolicyDurationSeconds: + type: integer + description: The length of time, in seconds, that the policy is enforced while placing a new game session. + minimum: 0 + additionalProperties: false + AllowedLocations: + type: array + x-insertionOrder: false + description: A list of locations to allow game session placement in, in the form of AWS Region codes such as us-west-2. + minItems: 1 + maxItems: 100 + items: + type: string + minLength: 1 + maxLength: 64 + pattern: ^[a-z]+(-([a-z]+|\d))* + FilterConfiguration: + type: object + properties: + AllowedLocations: + $ref: '#/components/schemas/AllowedLocations' + additionalProperties: false + LocationOrder: + description: The prioritization order to use for fleet locations, when the PriorityOrder property includes LOCATION. + type: array + x-insertionOrder: true + minItems: 1 + maxItems: 100 + items: + type: string + minLength: 1 + maxLength: 64 + pattern: ^[A-Za-z0-9\-]+ + PriorityOrder: + description: The recommended sequence to use when prioritizing where to place new game sessions. + type: array + x-insertionOrder: true + minItems: 1 + maxItems: 4 + items: + type: string + enum: + - LATENCY + - COST + - DESTINATION + - LOCATION + PriorityConfiguration: + type: object + properties: + LocationOrder: + $ref: '#/components/schemas/LocationOrder' + PriorityOrder: + $ref: '#/components/schemas/PriorityOrder' + additionalProperties: false + GameSessionQueue: + type: object + properties: + Name: + description: A descriptive label that is associated with game session queue. Queue names must be unique within each Region. + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z0-9-]+' + TimeoutInSeconds: + description: The maximum time, in seconds, that a new game session placement request remains in the queue. + type: integer + minimum: 0 + Destinations: + description: A list of fleets and/or fleet aliases that can be used to fulfill game session placement requests in the queue. + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/GameSessionQueueDestination' + PlayerLatencyPolicies: + description: A set of policies that act as a sliding cap on player latency. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/PlayerLatencyPolicy' + CustomEventData: + description: Information that is added to all events that are related to this game session queue. + type: string + minLength: 1 + maxLength: 256 + pattern: '[\s\S]*' + NotificationTarget: + description: An SNS topic ARN that is set up to receive game session placement notifications. + type: string + minLength: 1 + maxLength: 300 + pattern: '[a-zA-Z0-9:_-]*(\.fifo)?' + FilterConfiguration: + description: A list of locations where a queue is allowed to place new game sessions. + type: object + $ref: '#/components/schemas/FilterConfiguration' + PriorityConfiguration: + description: Custom settings to use when prioritizing destinations and locations for game session placements. + type: object + $ref: '#/components/schemas/PriorityConfiguration' + Arn: + description: The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift game session queue resource and uniquely identifies it. + type: string + minLength: 1 + maxLength: 256 + pattern: ^arn:.*:gamesessionqueue\/[a-zA-Z0-9-]+ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + required: + - Name + x-stackql-resource-name: game_session_queue + description: The AWS::GameLift::GameSessionQueue resource creates an Amazon GameLift (GameLift) game session queue. + x-type-name: AWS::GameLift::GameSessionQueue + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - Name + x-tagging: + taggable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - gamelift:CreateGameSessionQueue + - gamelift:ListTagsForResource + - gamelift:TagResource + read: + - gamelift:DescribeGameSessionQueues + - gamelift:ListTagsForResource + delete: + - gamelift:DescribeGameSessionQueues + - gamelift:DeleteGameSessionQueue + update: + - gamelift:UpdateGameSessionQueue + - gamelift:ListTagsForResource + - gamelift:TagResource + - gamelift:UntagResource + list: + - gamelift:DescribeGameSessionQueues + GameProperty: + description: A key-value pair that contains information about a game session. + type: object + properties: + Key: + type: string + description: The game property identifier. + maxLength: 32 + Value: + type: string + description: The game property value. + maxLength: 96 + required: + - Key + - Value + additionalProperties: false + MatchmakingConfiguration: + type: object + properties: + AcceptanceRequired: + description: A flag that indicates whether a match that was created with this configuration must be accepted by the matched players + type: boolean + AcceptanceTimeoutSeconds: + description: The length of time (in seconds) to wait for players to accept a proposed match, if acceptance is required. + type: integer + minimum: 1 + maximum: 600 + AdditionalPlayerCount: + description: The number of player slots in a match to keep open for future players. + type: integer + minimum: 0 + BackfillMode: + description: The method used to backfill game sessions created with this matchmaking configuration. + type: string + enum: + - AUTOMATIC + - MANUAL + Arn: + description: The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift matchmaking configuration resource and uniquely identifies it. + type: string + pattern: ^arn:.*:matchmakingconfiguration\/[a-zA-Z0-9-\.]* + CreationTime: + description: A time stamp indicating when this data object was created. + type: string + CustomEventData: + description: Information to attach to all events related to the matchmaking configuration. + type: string + minLength: 0 + maxLength: 256 + Description: + description: A descriptive label that is associated with matchmaking configuration. + type: string + minLength: 1 + maxLength: 1024 + FlexMatchMode: + description: Indicates whether this matchmaking configuration is being used with Amazon GameLift hosting or as a standalone matchmaking solution. + type: string + enum: + - STANDALONE + - WITH_QUEUE + GameProperties: + description: A set of custom properties for a game session, formatted as key:value pairs. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 16 + items: + $ref: '#/components/schemas/GameProperty' + GameSessionData: + description: A set of custom game session properties, formatted as a single string value. + type: string + minLength: 1 + maxLength: 4096 + GameSessionQueueArns: + description: The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift game session queue resource and uniquely identifies it. + type: array + x-insertionOrder: false + items: + type: string + pattern: '[a-zA-Z0-9:/-]+' + minLength: 1 + maxLength: 256 + Name: + description: A unique identifier for the matchmaking configuration. + type: string + pattern: '[a-zA-Z0-9-\.]*' + maxLength: 128 + NotificationTarget: + description: An SNS topic ARN that is set up to receive matchmaking notifications. + type: string + pattern: '[a-zA-Z0-9:_/-]*(.fifo)?' + minLength: 0 + maxLength: 300 + RequestTimeoutSeconds: + description: The maximum duration, in seconds, that a matchmaking ticket can remain in process before timing out. + type: integer + minimum: 1 + maximum: 43200 + RuleSetArn: + description: The Amazon Resource Name (ARN) associated with the GameLift matchmaking rule set resource that this configuration uses. + type: string + pattern: ^arn:.*:matchmakingruleset\/[a-zA-Z0-9-\.]* + RuleSetName: + description: A unique identifier for the matchmaking rule set to use with this configuration. + type: string + pattern: '[a-zA-Z0-9-\.]*' + maxLength: 128 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + required: + - AcceptanceRequired + - Name + - RequestTimeoutSeconds + - RuleSetName + x-stackql-resource-name: matchmaking_configuration + description: The AWS::GameLift::MatchmakingConfiguration resource creates an Amazon GameLift (GameLift) matchmaking configuration. + x-type-name: AWS::GameLift::MatchmakingConfiguration + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - AcceptanceRequired + - Name + - RequestTimeoutSeconds + - RuleSetName + x-tagging: + taggable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - gamelift:CreateMatchmakingConfiguration + - gamelift:ListTagsForResource + - gamelift:TagResource + - gamelift:DescribeMatchmakingConfigurations + read: + - gamelift:DescribeMatchmakingConfigurations + - gamelift:ListTagsForResource + delete: + - gamelift:DescribeMatchmakingConfigurations + - gamelift:DeleteMatchmakingConfiguration + list: + - gamelift:DescribeMatchmakingConfigurations + update: + - gamelift:DescribeMatchmakingConfigurations + - gamelift:UpdateMatchmakingConfiguration + - gamelift:ListTagsForResource + - gamelift:TagResource + - gamelift:UntagResource + MatchmakingRuleSet: + type: object + properties: + Name: + description: A unique identifier for the matchmaking rule set. + type: string + maxLength: 128 + pattern: '[a-zA-Z0-9-\.]*' + RuleSetBody: + description: A collection of matchmaking rules, formatted as a JSON string. + type: string + minLength: 1 + maxLength: 65535 + CreationTime: + description: A time stamp indicating when this data object was created. Format is a number expressed in Unix time as milliseconds. + type: string + Arn: + description: The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift matchmaking rule set resource and uniquely identifies it. + type: string + pattern: ^arn:.*:matchmakingruleset\/[a-zA-Z0-9-\.]* + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - RuleSetBody + x-stackql-resource-name: matchmaking_rule_set + description: The AWS::GameLift::MatchmakingRuleSet resource creates an Amazon GameLift (GameLift) matchmaking rule set. + x-type-name: AWS::GameLift::MatchmakingRuleSet + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - RuleSetBody + x-read-only-properties: + - Arn + - CreationTime + x-required-properties: + - Name + - RuleSetBody + x-tagging: + taggable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - gamelift:CreateMatchmakingRuleSet + - gamelift:DescribeMatchmakingRuleSets + - gamelift:ValidateMatchmakingRuleSet + - gamelift:ListTagsForResource + - gamelift:TagResource + read: + - gamelift:DescribeMatchmakingRuleSets + - gamelift:ValidateMatchmakingRuleSet + - gamelift:ListTagsForResource + delete: + - gamelift:DeleteMatchmakingRuleSet + update: + - gamelift:DescribeMatchmakingRuleSets + - gamelift:ListTagsForResource + - gamelift:TagResource + - gamelift:UntagResource + list: + - gamelift:DescribeMatchmakingRuleSets + S3Location: + x-$comment: Contains object details present in the S3 Bucket + type: object + additionalProperties: false + properties: + Bucket: + description: An Amazon S3 bucket identifier. This is the name of the S3 bucket. + type: string + minLength: 1 + Key: + description: The name of the zip file that contains the script files. + type: string + minLength: 1 + ObjectVersion: + description: The version of the file, if object versioning is turned on for the bucket. Amazon GameLift uses this information when retrieving files from your S3 bucket. To retrieve a specific version of the file, provide an object version. To retrieve the latest version of the file, do not set this parameter. + type: string + minLength: 1 + RoleArn: + description: The Amazon Resource Name (ARN) for an IAM role that allows Amazon GameLift to access the S3 bucket. + type: string + minLength: 1 + required: + - Bucket + - Key + - RoleArn + Script: + type: object + properties: + Name: + type: string + description: A descriptive label that is associated with a script. Script names do not need to be unique. + minLength: 1 + maxLength: 1024 + StorageLocation: + type: object + description: >- + The location of the Amazon S3 bucket where a zipped file containing your Realtime scripts is stored. The storage location must specify the Amazon S3 bucket name, the zip file name (the "key"), and a role ARN that allows Amazon GameLift to access the Amazon S3 storage location. The S3 bucket must be in the same Region where you want to create a new script. By default, Amazon GameLift uploads the latest version of the zip file; if you have S3 object versioning turned on, you can use + the ObjectVersion parameter to specify an earlier version. + $ref: '#/components/schemas/S3Location' + Version: + description: The version that is associated with a script. Version strings do not need to be unique. + type: string + minLength: 1 + maxLength: 1024 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + CreationTime: + description: A time stamp indicating when this data object was created. Format is a number expressed in Unix time as milliseconds (for example "1469498468.057"). + type: string + Arn: + description: The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift script resource and uniquely identifies it. ARNs are unique across all Regions. In a GameLift script ARN, the resource ID matches the Id value. + pattern: ^arn:.*:script\/script-\S+ + type: string + Id: + description: A unique identifier for the Realtime script + pattern: ^script-\S+ + type: string + SizeOnDisk: + description: The file size of the uploaded Realtime script, expressed in bytes. When files are uploaded from an S3 location, this value remains at "0". + type: integer + minimum: 1 + required: + - StorageLocation + x-stackql-resource-name: script + description: The AWS::GameLift::Script resource creates a new script record for your Realtime Servers script. Realtime scripts are JavaScript that provide configuration settings and optional custom game logic for your game. The script is deployed when you create a Realtime Servers fleet to host your game sessions. Script logic is executed during an active game session. + x-type-name: AWS::GameLift::Script + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - CreationTime + - Arn + - SizeOnDisk + x-required-properties: + - StorageLocation + x-tagging: + taggable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - gamelift:CreateScript + - gamelift:ListTagsForResource + - gamelift:TagResource + - gamelift:DescribeScript + - iam:PassRole + read: + - gamelift:DescribeScript + - gamelift:ListScripts + - gamelift:ListTagsForResource + delete: + - gamelift:DeleteScript + list: + - gamelift:ListScripts + - gamelift:DescribeScript + update: + - gamelift:DescribeScript + - gamelift:UpdateScript + - gamelift:ListTagsForResource + - gamelift:TagResource + - gamelift:UntagResource + - iam:PassRole + x-stackQL-resources: + aliases: + name: aliases + id: aws.gamelift.aliases + x-cfn-schema-name: Alias + x-type: list + x-identifiers: + - AliasId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AliasId') as alias_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::Alias' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AliasId') as alias_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::Alias' + AND region = 'us-east-1' + alias: + name: alias + id: aws.gamelift.alias + x-cfn-schema-name: Alias + x-type: get + x-identifiers: + - AliasId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RoutingStrategy') as routing_strategy, + JSON_EXTRACT(Properties, '$.AliasId') as alias_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::Alias' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RoutingStrategy') as routing_strategy, + json_extract_path_text(Properties, 'AliasId') as alias_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::Alias' + AND data__Identifier = '' + AND region = 'us-east-1' + builds: + name: builds + id: aws.gamelift.builds + x-cfn-schema-name: Build + x-type: list + x-identifiers: + - BuildId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.BuildId') as build_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::Build' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'BuildId') as build_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::Build' + AND region = 'us-east-1' + build: + name: build + id: aws.gamelift.build + x-cfn-schema-name: Build + x-type: get + x-identifiers: + - BuildId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.BuildId') as build_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.OperatingSystem') as operating_system, + JSON_EXTRACT(Properties, '$.StorageLocation') as storage_location, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.ServerSdkVersion') as server_sdk_version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::Build' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'BuildId') as build_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'OperatingSystem') as operating_system, + json_extract_path_text(Properties, 'StorageLocation') as storage_location, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'ServerSdkVersion') as server_sdk_version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::Build' + AND data__Identifier = '' + AND region = 'us-east-1' + locations: + name: locations + id: aws.gamelift.locations + x-cfn-schema-name: Location + x-type: list + x-identifiers: + - LocationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LocationName') as location_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::Location' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LocationName') as location_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::Location' + AND region = 'us-east-1' + location: + name: location + id: aws.gamelift.location + x-cfn-schema-name: Location + x-type: get + x-identifiers: + - LocationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LocationName') as location_name, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::Location' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LocationName') as location_name, + json_extract_path_text(Properties, 'LocationArn') as location_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::Location' + AND data__Identifier = '' + AND region = 'us-east-1' + fleets: + name: fleets + id: aws.gamelift.fleets + x-cfn-schema-name: Fleet + x-type: list + x-identifiers: + - FleetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FleetId') as fleet_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::Fleet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FleetId') as fleet_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::Fleet' + AND region = 'us-east-1' + fleet: + name: fleet + id: aws.gamelift.fleet + x-cfn-schema-name: Fleet + x-type: get + x-identifiers: + - FleetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ScalingPolicies') as scaling_policies, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.PeerVpcId') as peer_vpc_id, + JSON_EXTRACT(Properties, '$.ApplyCapacity') as apply_capacity, + JSON_EXTRACT(Properties, '$.EC2InboundPermissions') as e_c2_inbound_permissions, + JSON_EXTRACT(Properties, '$.ComputeType') as compute_type, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.AnywhereConfiguration') as anywhere_configuration, + JSON_EXTRACT(Properties, '$.InstanceRoleARN') as instance_role_arn, + JSON_EXTRACT(Properties, '$.FleetId') as fleet_id, + JSON_EXTRACT(Properties, '$.CertificateConfiguration') as certificate_configuration, + JSON_EXTRACT(Properties, '$.InstanceRoleCredentialsProvider') as instance_role_credentials_provider, + JSON_EXTRACT(Properties, '$.DesiredEC2Instances') as desired_ec2_instances, + JSON_EXTRACT(Properties, '$.ServerLaunchParameters') as server_launch_parameters, + JSON_EXTRACT(Properties, '$.FleetType') as fleet_type, + JSON_EXTRACT(Properties, '$.Locations') as locations, + JSON_EXTRACT(Properties, '$.NewGameSessionProtectionPolicy') as new_game_session_protection_policy, + JSON_EXTRACT(Properties, '$.ScriptId') as script_id, + JSON_EXTRACT(Properties, '$.MaxSize') as max_size, + JSON_EXTRACT(Properties, '$.RuntimeConfiguration') as runtime_configuration, + JSON_EXTRACT(Properties, '$.LogPaths') as log_paths, + JSON_EXTRACT(Properties, '$.ServerLaunchPath') as server_launch_path, + JSON_EXTRACT(Properties, '$.MinSize') as min_size, + JSON_EXTRACT(Properties, '$.PeerVpcAwsAccountId') as peer_vpc_aws_account_id, + JSON_EXTRACT(Properties, '$.MetricGroups') as metric_groups, + JSON_EXTRACT(Properties, '$.BuildId') as build_id, + JSON_EXTRACT(Properties, '$.ResourceCreationLimitPolicy') as resource_creation_limit_policy, + JSON_EXTRACT(Properties, '$.EC2InstanceType') as e_c2_instance_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::Fleet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ScalingPolicies') as scaling_policies, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'PeerVpcId') as peer_vpc_id, + json_extract_path_text(Properties, 'ApplyCapacity') as apply_capacity, + json_extract_path_text(Properties, 'EC2InboundPermissions') as e_c2_inbound_permissions, + json_extract_path_text(Properties, 'ComputeType') as compute_type, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'AnywhereConfiguration') as anywhere_configuration, + json_extract_path_text(Properties, 'InstanceRoleARN') as instance_role_arn, + json_extract_path_text(Properties, 'FleetId') as fleet_id, + json_extract_path_text(Properties, 'CertificateConfiguration') as certificate_configuration, + json_extract_path_text(Properties, 'InstanceRoleCredentialsProvider') as instance_role_credentials_provider, + json_extract_path_text(Properties, 'DesiredEC2Instances') as desired_ec2_instances, + json_extract_path_text(Properties, 'ServerLaunchParameters') as server_launch_parameters, + json_extract_path_text(Properties, 'FleetType') as fleet_type, + json_extract_path_text(Properties, 'Locations') as locations, + json_extract_path_text(Properties, 'NewGameSessionProtectionPolicy') as new_game_session_protection_policy, + json_extract_path_text(Properties, 'ScriptId') as script_id, + json_extract_path_text(Properties, 'MaxSize') as max_size, + json_extract_path_text(Properties, 'RuntimeConfiguration') as runtime_configuration, + json_extract_path_text(Properties, 'LogPaths') as log_paths, + json_extract_path_text(Properties, 'ServerLaunchPath') as server_launch_path, + json_extract_path_text(Properties, 'MinSize') as min_size, + json_extract_path_text(Properties, 'PeerVpcAwsAccountId') as peer_vpc_aws_account_id, + json_extract_path_text(Properties, 'MetricGroups') as metric_groups, + json_extract_path_text(Properties, 'BuildId') as build_id, + json_extract_path_text(Properties, 'ResourceCreationLimitPolicy') as resource_creation_limit_policy, + json_extract_path_text(Properties, 'EC2InstanceType') as e_c2_instance_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::Fleet' + AND data__Identifier = '' + AND region = 'us-east-1' + game_server_groups: + name: game_server_groups + id: aws.gamelift.game_server_groups + x-cfn-schema-name: GameServerGroup + x-type: list + x-identifiers: + - GameServerGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GameServerGroupArn') as game_server_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::GameServerGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GameServerGroupArn') as game_server_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::GameServerGroup' + AND region = 'us-east-1' + game_server_group: + name: game_server_group + id: aws.gamelift.game_server_group + x-cfn-schema-name: GameServerGroup + x-type: get + x-identifiers: + - GameServerGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AutoScalingGroupArn') as auto_scaling_group_arn, + JSON_EXTRACT(Properties, '$.AutoScalingPolicy') as auto_scaling_policy, + JSON_EXTRACT(Properties, '$.BalancingStrategy') as balancing_strategy, + JSON_EXTRACT(Properties, '$.DeleteOption') as delete_option, + JSON_EXTRACT(Properties, '$.GameServerGroupArn') as game_server_group_arn, + JSON_EXTRACT(Properties, '$.GameServerGroupName') as game_server_group_name, + JSON_EXTRACT(Properties, '$.GameServerProtectionPolicy') as game_server_protection_policy, + JSON_EXTRACT(Properties, '$.InstanceDefinitions') as instance_definitions, + JSON_EXTRACT(Properties, '$.LaunchTemplate') as launch_template, + JSON_EXTRACT(Properties, '$.MaxSize') as max_size, + JSON_EXTRACT(Properties, '$.MinSize') as min_size, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VpcSubnets') as vpc_subnets + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::GameServerGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AutoScalingGroupArn') as auto_scaling_group_arn, + json_extract_path_text(Properties, 'AutoScalingPolicy') as auto_scaling_policy, + json_extract_path_text(Properties, 'BalancingStrategy') as balancing_strategy, + json_extract_path_text(Properties, 'DeleteOption') as delete_option, + json_extract_path_text(Properties, 'GameServerGroupArn') as game_server_group_arn, + json_extract_path_text(Properties, 'GameServerGroupName') as game_server_group_name, + json_extract_path_text(Properties, 'GameServerProtectionPolicy') as game_server_protection_policy, + json_extract_path_text(Properties, 'InstanceDefinitions') as instance_definitions, + json_extract_path_text(Properties, 'LaunchTemplate') as launch_template, + json_extract_path_text(Properties, 'MaxSize') as max_size, + json_extract_path_text(Properties, 'MinSize') as min_size, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VpcSubnets') as vpc_subnets + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::GameServerGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + game_session_queues: + name: game_session_queues + id: aws.gamelift.game_session_queues + x-cfn-schema-name: GameSessionQueue + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::GameSessionQueue' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::GameSessionQueue' + AND region = 'us-east-1' + game_session_queue: + name: game_session_queue + id: aws.gamelift.game_session_queue + x-cfn-schema-name: GameSessionQueue + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.TimeoutInSeconds') as timeout_in_seconds, + JSON_EXTRACT(Properties, '$.Destinations') as destinations, + JSON_EXTRACT(Properties, '$.PlayerLatencyPolicies') as player_latency_policies, + JSON_EXTRACT(Properties, '$.CustomEventData') as custom_event_data, + JSON_EXTRACT(Properties, '$.NotificationTarget') as notification_target, + JSON_EXTRACT(Properties, '$.FilterConfiguration') as filter_configuration, + JSON_EXTRACT(Properties, '$.PriorityConfiguration') as priority_configuration, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::GameSessionQueue' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'TimeoutInSeconds') as timeout_in_seconds, + json_extract_path_text(Properties, 'Destinations') as destinations, + json_extract_path_text(Properties, 'PlayerLatencyPolicies') as player_latency_policies, + json_extract_path_text(Properties, 'CustomEventData') as custom_event_data, + json_extract_path_text(Properties, 'NotificationTarget') as notification_target, + json_extract_path_text(Properties, 'FilterConfiguration') as filter_configuration, + json_extract_path_text(Properties, 'PriorityConfiguration') as priority_configuration, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::GameSessionQueue' + AND data__Identifier = '' + AND region = 'us-east-1' + matchmaking_configurations: + name: matchmaking_configurations + id: aws.gamelift.matchmaking_configurations + x-cfn-schema-name: MatchmakingConfiguration + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::MatchmakingConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::MatchmakingConfiguration' + AND region = 'us-east-1' + matchmaking_configuration: + name: matchmaking_configuration + id: aws.gamelift.matchmaking_configuration + x-cfn-schema-name: MatchmakingConfiguration + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AcceptanceRequired') as acceptance_required, + JSON_EXTRACT(Properties, '$.AcceptanceTimeoutSeconds') as acceptance_timeout_seconds, + JSON_EXTRACT(Properties, '$.AdditionalPlayerCount') as additional_player_count, + JSON_EXTRACT(Properties, '$.BackfillMode') as backfill_mode, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.CustomEventData') as custom_event_data, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.FlexMatchMode') as flex_match_mode, + JSON_EXTRACT(Properties, '$.GameProperties') as game_properties, + JSON_EXTRACT(Properties, '$.GameSessionData') as game_session_data, + JSON_EXTRACT(Properties, '$.GameSessionQueueArns') as game_session_queue_arns, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.NotificationTarget') as notification_target, + JSON_EXTRACT(Properties, '$.RequestTimeoutSeconds') as request_timeout_seconds, + JSON_EXTRACT(Properties, '$.RuleSetArn') as rule_set_arn, + JSON_EXTRACT(Properties, '$.RuleSetName') as rule_set_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::MatchmakingConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AcceptanceRequired') as acceptance_required, + json_extract_path_text(Properties, 'AcceptanceTimeoutSeconds') as acceptance_timeout_seconds, + json_extract_path_text(Properties, 'AdditionalPlayerCount') as additional_player_count, + json_extract_path_text(Properties, 'BackfillMode') as backfill_mode, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'CustomEventData') as custom_event_data, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'FlexMatchMode') as flex_match_mode, + json_extract_path_text(Properties, 'GameProperties') as game_properties, + json_extract_path_text(Properties, 'GameSessionData') as game_session_data, + json_extract_path_text(Properties, 'GameSessionQueueArns') as game_session_queue_arns, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'NotificationTarget') as notification_target, + json_extract_path_text(Properties, 'RequestTimeoutSeconds') as request_timeout_seconds, + json_extract_path_text(Properties, 'RuleSetArn') as rule_set_arn, + json_extract_path_text(Properties, 'RuleSetName') as rule_set_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::MatchmakingConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + matchmaking_rule_sets: + name: matchmaking_rule_sets + id: aws.gamelift.matchmaking_rule_sets + x-cfn-schema-name: MatchmakingRuleSet + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::MatchmakingRuleSet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::MatchmakingRuleSet' + AND region = 'us-east-1' + matchmaking_rule_set: + name: matchmaking_rule_set + id: aws.gamelift.matchmaking_rule_set + x-cfn-schema-name: MatchmakingRuleSet + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RuleSetBody') as rule_set_body, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::MatchmakingRuleSet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RuleSetBody') as rule_set_body, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::MatchmakingRuleSet' + AND data__Identifier = '' + AND region = 'us-east-1' + scripts: + name: scripts + id: aws.gamelift.scripts + x-cfn-schema-name: Script + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::Script' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::Script' + AND region = 'us-east-1' + script: + name: script + id: aws.gamelift.script + x-cfn-schema-name: Script + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.StorageLocation') as storage_location, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.SizeOnDisk') as size_on_disk + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::Script' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'StorageLocation') as storage_location, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'SizeOnDisk') as size_on_disk + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::Script' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/globalaccelerator.yaml b/providers/src/aws/v00.00.00000/services/globalaccelerator.yaml new file mode 100644 index 00000000..319f8479 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/globalaccelerator.yaml @@ -0,0 +1,659 @@ +openapi: 3.0.0 +info: + title: GlobalAccelerator + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: Tag is a key-value pair associated with Cross Account Attachment. + type: object + properties: + Key: + description: Key of the tag. Value can be 1 to 127 characters. + type: string + minLength: 1 + maxLength: 127 + Value: + description: Value for the tag. Value can be 1 to 255 characters. + type: string + minLength: 1 + maxLength: 255 + required: + - Value + - Key + additionalProperties: false + IpAddress: + pattern: ^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$ + description: An IPV4 address + type: string + Accelerator: + type: object + properties: + Name: + description: Name of accelerator. + type: string + pattern: ^[a-zA-Z0-9_-]{0,64}$ + minLength: 1 + maxLength: 64 + IpAddressType: + description: IP Address type. + type: string + default: IPV4 + enum: + - IPV4 + - DUAL_STACK + IpAddresses: + description: The IP addresses from BYOIP Prefix pool. + default: null + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/IpAddress' + Enabled: + description: Indicates whether an accelerator is enabled. The value is true or false. + default: true + type: boolean + DnsName: + description: The Domain Name System (DNS) name that Global Accelerator creates that points to your accelerator's static IPv4 addresses. + type: string + Ipv4Addresses: + description: The IPv4 addresses assigned to the accelerator. + x-insertionOrder: true + type: array + items: + type: string + Ipv6Addresses: + description: The IPv6 addresses assigned if the accelerator is dualstack + default: null + x-insertionOrder: true + type: array + items: + type: string + DualStackDnsName: + description: The Domain Name System (DNS) name that Global Accelerator creates that points to your accelerator's static IPv4 and IPv6 addresses. + type: string + AcceleratorArn: + description: The Amazon Resource Name (ARN) of the accelerator. + type: string + Tags: + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - Name + x-stackql-resource-name: accelerator + description: Resource Type definition for AWS::GlobalAccelerator::Accelerator + x-type-name: AWS::GlobalAccelerator::Accelerator + x-stackql-primary-identifier: + - AcceleratorArn + x-read-only-properties: + - AcceleratorArn + - DnsName + - Ipv4Addresses + - Ipv6Addresses + - DualStackDnsName + x-required-properties: + - Name + x-required-permissions: + create: + - globalaccelerator:CreateAccelerator + - globalaccelerator:DescribeAccelerator + - globalaccelerator:TagResource + read: + - globalaccelerator:DescribeAccelerator + update: + - globalaccelerator:UpdateAccelerator + - globalaccelerator:TagResource + - globalaccelerator:UntagResource + - globalaccelerator:DescribeAccelerator + delete: + - globalaccelerator:UpdateAccelerator + - globalaccelerator:DeleteAccelerator + - globalaccelerator:DescribeAccelerator + list: + - globalaccelerator:ListAccelerators + Resource: + description: ARN of resource to share. + type: object + properties: + EndpointId: + type: string + Region: + type: string + required: + - EndpointId + additionalProperties: false + CrossAccountAttachment: + type: object + properties: + Name: + description: The Friendly identifier of the attachment. + type: string + pattern: ^[a-zA-Z0-9_-]{0,64}$ + minLength: 1 + maxLength: 64 + AttachmentArn: + description: The Amazon Resource Name (ARN) of the attachment. + type: string + Principals: + description: Principals to share the resources with. + type: array + items: + type: string + Resources: + description: Resources shared using the attachment. + type: array + items: + $ref: '#/components/schemas/Resource' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - Name + x-stackql-resource-name: cross_account_attachment + description: Resource Type definition for AWS::GlobalAccelerator::CrossAccountAttachment + x-type-name: AWS::GlobalAccelerator::CrossAccountAttachment + x-stackql-primary-identifier: + - AttachmentArn + x-write-only-properties: + - Resources/*/Region + x-read-only-properties: + - AttachmentArn + x-required-properties: + - Name + x-required-permissions: + create: + - globalaccelerator:DescribeCrossAccountAttachment + - globalaccelerator:CreateCrossAccountAttachment + - globalaccelerator:TagResource + read: + - globalaccelerator:DescribeCrossAccountAttachment + update: + - globalaccelerator:UpdateCrossAccountAttachment + - globalaccelerator:DescribeCrossAccountAttachment + - globalaccelerator:TagResource + - globalaccelerator:UntagResource + delete: + - globalaccelerator:DescribeCrossAccountAttachment + - globalaccelerator:DeleteCrossAccountAttachment + list: + - globalaccelerator:ListCrossAccountAttachments + EndpointConfiguration: + description: The configuration for a given endpoint + type: object + properties: + EndpointId: + description: Id of the endpoint. For Network/Application Load Balancer this value is the ARN. For EIP, this value is the allocation ID. For EC2 instances, this is the EC2 instance ID + type: string + AttachmentArn: + description: Attachment ARN that provides access control to the cross account endpoint. Not required for resources hosted in the same account as the endpoint group. + type: string + Weight: + description: The weight for the endpoint. + type: integer + minimum: 0 + maximum: 255 + default: 100 + ClientIPPreservationEnabled: + description: true if client ip should be preserved + type: boolean + default: true + required: + - EndpointId + additionalProperties: false + Port: + description: A network port number + type: integer + minimum: 0 + maximum: 65535 + PortOverride: + description: listener to endpoint port mapping. + type: object + properties: + ListenerPort: + $ref: '#/components/schemas/Port' + EndpointPort: + $ref: '#/components/schemas/Port' + required: + - ListenerPort + - EndpointPort + additionalProperties: false + EndpointGroup: + type: object + properties: + ListenerArn: + description: The Amazon Resource Name (ARN) of the listener + type: string + EndpointGroupRegion: + description: The name of the AWS Region where the endpoint group is located + type: string + EndpointConfigurations: + description: The list of endpoint objects. + type: array + items: + $ref: '#/components/schemas/EndpointConfiguration' + TrafficDialPercentage: + description: The percentage of traffic to sent to an AWS Region + type: number + minimum: 0 + maximum: 100 + default: 100 + HealthCheckPort: + description: The port that AWS Global Accelerator uses to check the health of endpoints in this endpoint group. + type: integer + minimum: -1 + maximum: 65535 + default: -1 + HealthCheckProtocol: + description: The protocol that AWS Global Accelerator uses to check the health of endpoints in this endpoint group. + type: string + default: TCP + enum: + - TCP + - HTTP + - HTTPS + HealthCheckPath: + description: '' + type: string + default: / + HealthCheckIntervalSeconds: + description: The time in seconds between each health check for an endpoint. Must be a value of 10 or 30 + type: integer + default: 30 + ThresholdCount: + description: The number of consecutive health checks required to set the state of the endpoint to unhealthy. + type: integer + default: 3 + EndpointGroupArn: + description: The Amazon Resource Name (ARN) of the endpoint group + type: string + PortOverrides: + type: array + items: + $ref: '#/components/schemas/PortOverride' + required: + - ListenerArn + - EndpointGroupRegion + x-stackql-resource-name: endpoint_group + description: Resource Type definition for AWS::GlobalAccelerator::EndpointGroup + x-type-name: AWS::GlobalAccelerator::EndpointGroup + x-stackql-primary-identifier: + - EndpointGroupArn + x-create-only-properties: + - EndpointGroupRegion + - ListenerArn + x-write-only-properties: + - EndpointConfigurations/*/AttachmentArn + x-read-only-properties: + - EndpointGroupArn + x-required-properties: + - ListenerArn + - EndpointGroupRegion + x-required-permissions: + create: + - globalaccelerator:CreateEndpointGroup + - globalaccelerator:DescribeEndpointGroup + - globalaccelerator:DescribeAccelerator + - globalaccelerator:DescribeListener + - globalaccelerator:ListAccelerators + - globalaccelerator:ListListeners + read: + - globalaccelerator:DescribeEndpointGroup + update: + - globalaccelerator:UpdateEndpointGroup + - globalaccelerator:DescribeEndpointGroup + - globalaccelerator:DescribeListener + - globalaccelerator:DescribeAccelerator + delete: + - globalaccelerator:DeleteEndpointGroup + - globalaccelerator:DescribeEndpointGroup + - globalaccelerator:DescribeAccelerator + list: + - globalaccelerator:ListEndpointGroups + PortRange: + description: A port range to support for connections from clients to your accelerator. + type: object + properties: + FromPort: + $ref: '#/components/schemas/Port' + ToPort: + $ref: '#/components/schemas/Port' + required: + - FromPort + - ToPort + additionalProperties: false + Listener: + type: object + properties: + ListenerArn: + description: The Amazon Resource Name (ARN) of the listener. + type: string + AcceleratorArn: + description: The Amazon Resource Name (ARN) of the accelerator. + type: string + PortRanges: + type: array + items: + $ref: '#/components/schemas/PortRange' + Protocol: + description: The protocol for the listener. + type: string + default: TCP + enum: + - TCP + - UDP + ClientAffinity: + description: Client affinity lets you direct all requests from a user to the same endpoint. + type: string + default: NONE + enum: + - NONE + - SOURCE_IP + required: + - AcceleratorArn + - PortRanges + - Protocol + x-stackql-resource-name: listener + description: Resource Type definition for AWS::GlobalAccelerator::Listener + x-type-name: AWS::GlobalAccelerator::Listener + x-stackql-primary-identifier: + - ListenerArn + x-create-only-properties: + - AcceleratorArn + x-read-only-properties: + - ListenerArn + x-required-properties: + - AcceleratorArn + - PortRanges + - Protocol + x-required-permissions: + create: + - globalaccelerator:CreateListener + - globalaccelerator:DescribeListener + - globalaccelerator:DescribeAccelerator + read: + - globalaccelerator:DescribeListener + update: + - globalaccelerator:UpdateListener + - globalaccelerator:DescribeListener + - globalaccelerator:DescribeAccelerator + delete: + - globalaccelerator:DescribeListener + - globalaccelerator:DeleteListener + - globalaccelerator:DescribeAccelerator + list: + - globalaccelerator:ListListeners + x-stackQL-resources: + accelerators: + name: accelerators + id: aws.globalaccelerator.accelerators + x-cfn-schema-name: Accelerator + x-type: list + x-identifiers: + - AcceleratorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AcceleratorArn') as accelerator_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GlobalAccelerator::Accelerator' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AcceleratorArn') as accelerator_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GlobalAccelerator::Accelerator' + AND region = 'us-east-1' + accelerator: + name: accelerator + id: aws.globalaccelerator.accelerator + x-cfn-schema-name: Accelerator + x-type: get + x-identifiers: + - AcceleratorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.IpAddressType') as ip_address_type, + JSON_EXTRACT(Properties, '$.IpAddresses') as ip_addresses, + JSON_EXTRACT(Properties, '$.Enabled') as enabled, + JSON_EXTRACT(Properties, '$.DnsName') as dns_name, + JSON_EXTRACT(Properties, '$.Ipv4Addresses') as ipv4_addresses, + JSON_EXTRACT(Properties, '$.Ipv6Addresses') as ipv6_addresses, + JSON_EXTRACT(Properties, '$.DualStackDnsName') as dual_stack_dns_name, + JSON_EXTRACT(Properties, '$.AcceleratorArn') as accelerator_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GlobalAccelerator::Accelerator' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'IpAddressType') as ip_address_type, + json_extract_path_text(Properties, 'IpAddresses') as ip_addresses, + json_extract_path_text(Properties, 'Enabled') as enabled, + json_extract_path_text(Properties, 'DnsName') as dns_name, + json_extract_path_text(Properties, 'Ipv4Addresses') as ipv4_addresses, + json_extract_path_text(Properties, 'Ipv6Addresses') as ipv6_addresses, + json_extract_path_text(Properties, 'DualStackDnsName') as dual_stack_dns_name, + json_extract_path_text(Properties, 'AcceleratorArn') as accelerator_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GlobalAccelerator::Accelerator' + AND data__Identifier = '' + AND region = 'us-east-1' + cross_account_attachments: + name: cross_account_attachments + id: aws.globalaccelerator.cross_account_attachments + x-cfn-schema-name: CrossAccountAttachment + x-type: list + x-identifiers: + - AttachmentArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AttachmentArn') as attachment_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GlobalAccelerator::CrossAccountAttachment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AttachmentArn') as attachment_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GlobalAccelerator::CrossAccountAttachment' + AND region = 'us-east-1' + cross_account_attachment: + name: cross_account_attachment + id: aws.globalaccelerator.cross_account_attachment + x-cfn-schema-name: CrossAccountAttachment + x-type: get + x-identifiers: + - AttachmentArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.AttachmentArn') as attachment_arn, + JSON_EXTRACT(Properties, '$.Principals') as principals, + JSON_EXTRACT(Properties, '$.Resources') as resources, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GlobalAccelerator::CrossAccountAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'AttachmentArn') as attachment_arn, + json_extract_path_text(Properties, 'Principals') as principals, + json_extract_path_text(Properties, 'Resources') as resources, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GlobalAccelerator::CrossAccountAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + endpoint_groups: + name: endpoint_groups + id: aws.globalaccelerator.endpoint_groups + x-cfn-schema-name: EndpointGroup + x-type: list + x-identifiers: + - EndpointGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EndpointGroupArn') as endpoint_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GlobalAccelerator::EndpointGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EndpointGroupArn') as endpoint_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GlobalAccelerator::EndpointGroup' + AND region = 'us-east-1' + endpoint_group: + name: endpoint_group + id: aws.globalaccelerator.endpoint_group + x-cfn-schema-name: EndpointGroup + x-type: get + x-identifiers: + - EndpointGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ListenerArn') as listener_arn, + JSON_EXTRACT(Properties, '$.EndpointGroupRegion') as endpoint_group_region, + JSON_EXTRACT(Properties, '$.EndpointConfigurations') as endpoint_configurations, + JSON_EXTRACT(Properties, '$.TrafficDialPercentage') as traffic_dial_percentage, + JSON_EXTRACT(Properties, '$.HealthCheckPort') as health_check_port, + JSON_EXTRACT(Properties, '$.HealthCheckProtocol') as health_check_protocol, + JSON_EXTRACT(Properties, '$.HealthCheckPath') as health_check_path, + JSON_EXTRACT(Properties, '$.HealthCheckIntervalSeconds') as health_check_interval_seconds, + JSON_EXTRACT(Properties, '$.ThresholdCount') as threshold_count, + JSON_EXTRACT(Properties, '$.EndpointGroupArn') as endpoint_group_arn, + JSON_EXTRACT(Properties, '$.PortOverrides') as port_overrides + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GlobalAccelerator::EndpointGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ListenerArn') as listener_arn, + json_extract_path_text(Properties, 'EndpointGroupRegion') as endpoint_group_region, + json_extract_path_text(Properties, 'EndpointConfigurations') as endpoint_configurations, + json_extract_path_text(Properties, 'TrafficDialPercentage') as traffic_dial_percentage, + json_extract_path_text(Properties, 'HealthCheckPort') as health_check_port, + json_extract_path_text(Properties, 'HealthCheckProtocol') as health_check_protocol, + json_extract_path_text(Properties, 'HealthCheckPath') as health_check_path, + json_extract_path_text(Properties, 'HealthCheckIntervalSeconds') as health_check_interval_seconds, + json_extract_path_text(Properties, 'ThresholdCount') as threshold_count, + json_extract_path_text(Properties, 'EndpointGroupArn') as endpoint_group_arn, + json_extract_path_text(Properties, 'PortOverrides') as port_overrides + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GlobalAccelerator::EndpointGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + listeners: + name: listeners + id: aws.globalaccelerator.listeners + x-cfn-schema-name: Listener + x-type: list + x-identifiers: + - ListenerArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ListenerArn') as listener_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GlobalAccelerator::Listener' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ListenerArn') as listener_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GlobalAccelerator::Listener' + AND region = 'us-east-1' + listener: + name: listener + id: aws.globalaccelerator.listener + x-cfn-schema-name: Listener + x-type: get + x-identifiers: + - ListenerArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ListenerArn') as listener_arn, + JSON_EXTRACT(Properties, '$.AcceleratorArn') as accelerator_arn, + JSON_EXTRACT(Properties, '$.PortRanges') as port_ranges, + JSON_EXTRACT(Properties, '$.Protocol') as protocol, + JSON_EXTRACT(Properties, '$.ClientAffinity') as client_affinity + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GlobalAccelerator::Listener' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ListenerArn') as listener_arn, + json_extract_path_text(Properties, 'AcceleratorArn') as accelerator_arn, + json_extract_path_text(Properties, 'PortRanges') as port_ranges, + json_extract_path_text(Properties, 'Protocol') as protocol, + json_extract_path_text(Properties, 'ClientAffinity') as client_affinity + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GlobalAccelerator::Listener' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/glue.yaml b/providers/src/aws/v00.00.00000/services/glue.yaml new file mode 100644 index 00000000..1c8415ac --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/glue.yaml @@ -0,0 +1,238 @@ +openapi: 3.0.0 +info: + title: Glue + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + properties: + Key: + description: A key to identify the tag. + type: string + minLength: 1 + maxLength: 128 + Value: + description: Corresponding tag value for the key. + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Registry: + type: object + description: Identifier for the registry which the schema is part of. + properties: + Name: + description: Name of the registry in which the schema will be created. + type: string + maxLength: 255 + minLength: 1 + Arn: + description: Amazon Resource Name for the Registry. + type: string + pattern: arn:aws(-(cn|us-gov|iso(-[bef])?))?:glue:.* + additionalProperties: false + SchemaVersion: + type: object + properties: + Schema: + $ref: '#/components/schemas/Schema' + SchemaDefinition: + type: string + description: Complete definition of the schema in plain-text. + minLength: 1 + maxLength: 170000 + VersionId: + type: string + description: Represents the version ID associated with the schema version. + pattern: '[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}' + required: + - Schema + - SchemaDefinition + x-stackql-resource-name: schema_version + description: This resource represents an individual schema version of a schema defined in Glue Schema Registry. + x-type-name: AWS::Glue::SchemaVersion + x-stackql-primary-identifier: + - VersionId + x-create-only-properties: + - Schema + - SchemaDefinition + x-read-only-properties: + - VersionId + x-required-properties: + - Schema + - SchemaDefinition + x-required-permissions: + create: + - glue:RegisterSchemaVersion + - glue:GetSchemaVersion + - glue:GetSchemaByDefinition + read: + - glue:GetSchemaVersion + delete: + - glue:DeleteSchemaVersions + - glue:GetSchemaVersion + list: + - glue:ListSchemaVersions + Schema: + description: Identifier for the schema where the schema version will be created. + type: object + properties: + SchemaArn: + description: Amazon Resource Name for the Schema. This attribute can be used to uniquely represent the Schema. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn):glue:.* + SchemaName: + description: Name of the schema. This parameter requires RegistryName to be provided. + type: string + minLength: 1 + maxLength: 255 + RegistryName: + description: Name of the registry to identify where the Schema is located. + type: string + maxLength: 255 + minLength: 1 + additionalProperties: false + SchemaVersionMetadata: + type: object + properties: + SchemaVersionId: + type: string + description: Represents the version ID associated with the schema version. + pattern: '[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}' + Key: + type: string + description: Metadata key + minLength: 1 + maxLength: 128 + Value: + type: string + description: Metadata value + minLength: 1 + maxLength: 256 + required: + - SchemaVersionId + - Key + - Value + x-stackql-resource-name: schema_version_metadata + description: This resource adds Key-Value metadata to a Schema version of Glue Schema Registry. + x-type-name: AWS::Glue::SchemaVersionMetadata + x-stackql-primary-identifier: + - SchemaVersionId + - Key + - Value + x-create-only-properties: + - SchemaVersionId + - Key + - Value + x-required-properties: + - SchemaVersionId + - Key + - Value + x-required-permissions: + create: + - glue:putSchemaVersionMetadata + read: + - glue:querySchemaVersionMetadata + delete: + - glue:removeSchemaVersionMetadata + list: + - glue:querySchemaVersionMetadata + x-stackQL-resources: + schema_versions: + name: schema_versions + id: aws.glue.schema_versions + x-cfn-schema-name: SchemaVersion + x-type: list + x-identifiers: + - VersionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.VersionId') as version_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::SchemaVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'VersionId') as version_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::SchemaVersion' + AND region = 'us-east-1' + schema_version: + name: schema_version + id: aws.glue.schema_version + x-cfn-schema-name: SchemaVersion + x-type: get + x-identifiers: + - VersionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Schema') as _schema, + JSON_EXTRACT(Properties, '$.SchemaDefinition') as schema_definition, + JSON_EXTRACT(Properties, '$.VersionId') as version_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::SchemaVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Schema') as _schema, + json_extract_path_text(Properties, 'SchemaDefinition') as schema_definition, + json_extract_path_text(Properties, 'VersionId') as version_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::SchemaVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + schema_version_metadata: + name: schema_version_metadata + id: aws.glue.schema_version_metadata + x-cfn-schema-name: SchemaVersionMetadata + x-type: get + x-identifiers: + - SchemaVersionId + - Key + - Value + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SchemaVersionId') as schema_version_id, + JSON_EXTRACT(Properties, '$.Key') as key, + JSON_EXTRACT(Properties, '$.Value') as value + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::SchemaVersionMetadata' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SchemaVersionId') as schema_version_id, + json_extract_path_text(Properties, 'Key') as key, + json_extract_path_text(Properties, 'Value') as value + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::SchemaVersionMetadata' + AND data__Identifier = '||' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/grafana.yaml b/providers/src/aws/v00.00.00000/services/grafana.yaml new file mode 100644 index 00000000..00c94af4 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/grafana.yaml @@ -0,0 +1,500 @@ +openapi: 3.0.0 +info: + title: Grafana + version: 1.0.0 +paths: {} +components: + schemas: + AssertionAttributes: + type: object + description: Maps Grafana friendly names to the IdPs SAML attributes. + properties: + Name: + type: string + maxLength: 256 + minLength: 1 + description: Name of the attribute within the SAML assert to use as the users name in Grafana. + Login: + type: string + maxLength: 256 + minLength: 1 + description: Name of the attribute within the SAML assert to use as the users login handle in Grafana. + Email: + type: string + maxLength: 256 + minLength: 1 + description: Name of the attribute within the SAML assert to use as the users email in Grafana. + Groups: + type: string + maxLength: 256 + minLength: 1 + description: Name of the attribute within the SAML assert to use as the users groups in Grafana. + Role: + type: string + maxLength: 256 + minLength: 1 + description: Name of the attribute within the SAML assert to use as the users roles in Grafana. + Org: + type: string + maxLength: 256 + minLength: 1 + description: Name of the attribute within the SAML assert to use as the users organizations in Grafana. + additionalProperties: false + IdpMetadata: + type: object + description: IdP Metadata used to configure SAML authentication in Grafana. + properties: + Url: + type: string + maxLength: 2048 + minLength: 1 + description: URL that vends the IdPs metadata. + Xml: + type: string + description: XML blob of the IdPs metadata. + additionalProperties: false + RoleValues: + type: object + description: Maps SAML roles to the Grafana Editor and Admin roles. + properties: + Editor: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 256 + minLength: 1 + description: A single SAML role. + description: List of SAML roles which will be mapped into the Grafana Editor role. + Admin: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 256 + minLength: 1 + description: A single SAML role. + description: List of SAML roles which will be mapped into the Grafana Admin role. + additionalProperties: false + SamlConfiguration: + type: object + description: SAML configuration data associated with an AMG workspace. + properties: + IdpMetadata: + $ref: '#/components/schemas/IdpMetadata' + AssertionAttributes: + $ref: '#/components/schemas/AssertionAttributes' + RoleValues: + $ref: '#/components/schemas/RoleValues' + AllowedOrganizations: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 256 + minLength: 1 + description: A single SAML organization. + description: List of SAML organizations allowed to access Grafana. + LoginValidityDuration: + type: number + description: The maximum lifetime an authenticated user can be logged in (in minutes) before being required to re-authenticate. + required: + - IdpMetadata + additionalProperties: false + NetworkAccessControl: + type: object + description: The configuration settings for Network Access Control. + properties: + PrefixListIds: + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 0 + maxItems: 5 + items: + type: string + minLength: 1 + description: Prefix List Ids + description: The list of prefix list IDs. A prefix list is a list of CIDR ranges of IP addresses. The IP addresses specified are allowed to access your workspace. If the list is not included in the configuration then no IP addresses will be allowed to access the workspace. + VpceIds: + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 0 + maxItems: 5 + items: + type: string + minLength: 1 + description: VPCE Ids + description: The list of Amazon VPC endpoint IDs for the workspace. If a NetworkAccessConfiguration is specified then only VPC endpoints specified here will be allowed to access the workspace. + additionalProperties: false + VpcConfiguration: + type: object + description: The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to. + properties: + SecurityGroupIds: + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 1 + maxItems: 5 + items: + type: string + minLength: 1 + maxLength: 255 + description: VPC Security Group Id + description: The list of Amazon EC2 security group IDs attached to the Amazon VPC for your Grafana workspace to connect. + SubnetIds: + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 2 + maxItems: 6 + items: + type: string + minLength: 1 + maxLength: 255 + description: VPC Subnet Id + description: The list of Amazon EC2 subnet IDs created in the Amazon VPC for your Grafana workspace to connect. + required: + - SecurityGroupIds + - SubnetIds + additionalProperties: false + AccountAccessType: + type: string + description: These enums represent valid account access types. Specifically these enums determine whether the workspace can access AWS resources in the AWS account only, or whether it can also access resources in other accounts in the same organization. If the value CURRENT_ACCOUNT is used, a workspace role ARN must be provided. If the value is ORGANIZATION, a list of organizational units must be provided. + enum: + - CURRENT_ACCOUNT + - ORGANIZATION + AuthenticationProviderTypes: + type: string + description: Valid workspace authentication providers. + enum: + - AWS_SSO + - SAML + DataSourceType: + type: string + description: These enums represent valid AWS data sources that can be queried via the Grafana workspace. These data sources are primarily used to help customers visualize which data sources have been added to a service managed workspace IAM role. + enum: + - AMAZON_OPENSEARCH_SERVICE + - CLOUDWATCH + - PROMETHEUS + - XRAY + - TIMESTREAM + - SITEWISE + - ATHENA + - REDSHIFT + NotificationDestinationType: + type: string + description: These enums represent valid AWS notification destinations that the Grafana workspace has permission to use. These notification destinations are primarily used to help customers visualize which destinations have been added to a service managed IAM role. + enum: + - SNS + PermissionType: + type: string + description: These enums represent valid permission types to use when creating or configuring a Grafana workspace. The SERVICE_MANAGED permission type means the Managed Grafana service will create a workspace IAM role on your behalf. The CUSTOMER_MANAGED permission type means that the customer is expected to provide an IAM role that the Grafana workspace can use to query data sources. + enum: + - CUSTOMER_MANAGED + - SERVICE_MANAGED + WorkspaceStatus: + type: string + description: These enums represent the status of a workspace. + enum: + - ACTIVE + - CREATING + - DELETING + - FAILED + - UPDATING + - UPGRADING + - VERSION_UPDATING + - DELETION_FAILED + - CREATION_FAILED + - UPDATE_FAILED + - UPGRADE_FAILED + - LICENSE_REMOVAL_FAILED + - VERSION_UPDATE_FAILED + SamlConfigurationStatus: + type: string + description: Valid SAML configuration statuses. + enum: + - CONFIGURED + - NOT_CONFIGURED + Workspace: + type: object + properties: + AuthenticationProviders: + type: array + x-insertionOrder: false + minItems: 1 + uniqueItems: true + items: + $ref: '#/components/schemas/AuthenticationProviderTypes' + description: List of authentication providers to enable. + SsoClientId: + type: string + description: The client ID of the AWS SSO Managed Application. + SamlConfiguration: + $ref: '#/components/schemas/SamlConfiguration' + NetworkAccessControl: + $ref: '#/components/schemas/NetworkAccessControl' + VpcConfiguration: + $ref: '#/components/schemas/VpcConfiguration' + SamlConfigurationStatus: + $ref: '#/components/schemas/SamlConfigurationStatus' + ClientToken: + type: string + pattern: ^[!-~]{1,64}$ + description: A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request. + Status: + $ref: '#/components/schemas/WorkspaceStatus' + CreationTimestamp: + type: string + description: Timestamp when the workspace was created. + format: date-time + ModificationTimestamp: + type: string + description: Timestamp when the workspace was last modified + format: date-time + GrafanaVersion: + type: string + maxLength: 255 + minLength: 1 + description: The version of Grafana to support in your workspace. + Endpoint: + type: string + maxLength: 2048 + minLength: 1 + description: Endpoint for the Grafana workspace. + AccountAccessType: + $ref: '#/components/schemas/AccountAccessType' + OrganizationRoleName: + type: string + maxLength: 2048 + minLength: 1 + description: The name of an IAM role that already exists to use with AWS Organizations to access AWS data sources and notification channels in other accounts in an organization. + PermissionType: + $ref: '#/components/schemas/PermissionType' + StackSetName: + type: string + description: The name of the AWS CloudFormation stack set to use to generate IAM roles to be used for this workspace. + DataSources: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/DataSourceType' + description: List of data sources on the service managed IAM role. + Description: + type: string + maxLength: 2048 + minLength: 0 + description: Description of a workspace. + Id: + type: string + pattern: ^g-[0-9a-f]{10}$ + description: The id that uniquely identifies a Grafana workspace. + Name: + type: string + pattern: ^[a-zA-Z0-9-._~]{1,255}$ + description: The user friendly name of a workspace. + NotificationDestinations: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/NotificationDestinationType' + description: List of notification destinations on the customers service managed IAM role that the Grafana workspace can query. + OrganizationalUnits: + type: array + x-insertionOrder: false + items: + type: string + description: Id of an organizational unit. + description: List of Organizational Units containing AWS accounts the Grafana workspace can pull data from. + RoleArn: + type: string + maxLength: 2048 + minLength: 1 + description: IAM Role that will be used to grant the Grafana workspace access to a customers AWS resources. + PluginAdminEnabled: + type: boolean + description: Allow workspace admins to install plugins + required: + - AuthenticationProviders + - PermissionType + - AccountAccessType + x-stackql-resource-name: workspace + description: Definition of AWS::Grafana::Workspace Resource Type + x-type-name: AWS::Grafana::Workspace + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - ClientToken + x-write-only-properties: + - ClientToken + x-read-only-properties: + - Id + - SsoClientId + - SamlConfigurationStatus + - Endpoint + - Status + - CreationTimestamp + - ModificationTimestamp + x-required-properties: + - AuthenticationProviders + - PermissionType + - AccountAccessType + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - grafana:CreateWorkspace + - grafana:DescribeWorkspace + - grafana:DescribeWorkspaceAuthentication + - grafana:DescribeWorkspaceConfiguration + - grafana:UpdateWorkspaceAuthentication + - sso:DescribeRegisteredRegions + - sso:CreateManagedApplicationInstance + - organizations:DescribeOrganization + - sso:GetSharedSsoConfiguration + - iam:PassRole + - ec2:GetManagedPrefixListEntries + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcs + - iam:CreateServiceLinkedRole + - sso:ListApplicationInstances + - sso:GetApplicationInstance + read: + - grafana:DescribeWorkspace + - grafana:DescribeWorkspaceAuthentication + - grafana:DescribeWorkspaceConfiguration + update: + - grafana:DescribeWorkspace + - grafana:DescribeWorkspaceAuthentication + - grafana:DescribeWorkspaceConfiguration + - grafana:UpdateWorkspace + - grafana:UpdateWorkspaceAuthentication + - grafana:UpdateWorkspaceConfiguration + - sso:DescribeRegisteredRegions + - sso:CreateManagedApplicationInstance + - ec2:GetManagedPrefixListEntries + - iam:PassRole + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcs + - iam:CreateServiceLinkedRole + - sso:ListApplicationInstances + - sso:GetApplicationInstance + delete: + - grafana:DeleteWorkspace + - grafana:DescribeWorkspace + - grafana:DescribeWorkspaceAuthentication + - grafana:DescribeWorkspaceConfiguration + - sso:DeleteManagedApplicationInstance + - sso:DescribeRegisteredRegions + list: + - grafana:ListWorkspaces + - grafana:DescribeWorkspaceAuthentication + - grafana:DescribeWorkspaceConfiguration + x-stackQL-resources: + workspaces: + name: workspaces + id: aws.grafana.workspaces + x-cfn-schema-name: Workspace + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Grafana::Workspace' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Grafana::Workspace' + AND region = 'us-east-1' + workspace: + name: workspace + id: aws.grafana.workspace + x-cfn-schema-name: Workspace + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AuthenticationProviders') as authentication_providers, + JSON_EXTRACT(Properties, '$.SsoClientId') as sso_client_id, + JSON_EXTRACT(Properties, '$.SamlConfiguration') as saml_configuration, + JSON_EXTRACT(Properties, '$.NetworkAccessControl') as network_access_control, + JSON_EXTRACT(Properties, '$.VpcConfiguration') as vpc_configuration, + JSON_EXTRACT(Properties, '$.SamlConfigurationStatus') as saml_configuration_status, + JSON_EXTRACT(Properties, '$.ClientToken') as client_token, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.CreationTimestamp') as creation_timestamp, + JSON_EXTRACT(Properties, '$.ModificationTimestamp') as modification_timestamp, + JSON_EXTRACT(Properties, '$.GrafanaVersion') as grafana_version, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.AccountAccessType') as account_access_type, + JSON_EXTRACT(Properties, '$.OrganizationRoleName') as organization_role_name, + JSON_EXTRACT(Properties, '$.PermissionType') as permission_type, + JSON_EXTRACT(Properties, '$.StackSetName') as stack_set_name, + JSON_EXTRACT(Properties, '$.DataSources') as data_sources, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.NotificationDestinations') as notification_destinations, + JSON_EXTRACT(Properties, '$.OrganizationalUnits') as organizational_units, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.PluginAdminEnabled') as plugin_admin_enabled + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Grafana::Workspace' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AuthenticationProviders') as authentication_providers, + json_extract_path_text(Properties, 'SsoClientId') as sso_client_id, + json_extract_path_text(Properties, 'SamlConfiguration') as saml_configuration, + json_extract_path_text(Properties, 'NetworkAccessControl') as network_access_control, + json_extract_path_text(Properties, 'VpcConfiguration') as vpc_configuration, + json_extract_path_text(Properties, 'SamlConfigurationStatus') as saml_configuration_status, + json_extract_path_text(Properties, 'ClientToken') as client_token, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'CreationTimestamp') as creation_timestamp, + json_extract_path_text(Properties, 'ModificationTimestamp') as modification_timestamp, + json_extract_path_text(Properties, 'GrafanaVersion') as grafana_version, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'AccountAccessType') as account_access_type, + json_extract_path_text(Properties, 'OrganizationRoleName') as organization_role_name, + json_extract_path_text(Properties, 'PermissionType') as permission_type, + json_extract_path_text(Properties, 'StackSetName') as stack_set_name, + json_extract_path_text(Properties, 'DataSources') as data_sources, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'NotificationDestinations') as notification_destinations, + json_extract_path_text(Properties, 'OrganizationalUnits') as organizational_units, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'PluginAdminEnabled') as plugin_admin_enabled + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Grafana::Workspace' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/greengrassv2.yaml b/providers/src/aws/v00.00.00000/services/greengrassv2.yaml new file mode 100644 index 00000000..b4d7dd2d --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/greengrassv2.yaml @@ -0,0 +1,645 @@ +openapi: 3.0.0 +info: + title: GreengrassV2 + version: 1.0.0 +paths: {} +components: + schemas: + LambdaFunctionRecipeSource: + type: object + properties: + LambdaArn: + type: string + pattern: ^arn:[^:]*:lambda:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ + ComponentName: + type: string + ComponentVersion: + type: string + ComponentPlatforms: + type: array + items: + $ref: '#/components/schemas/ComponentPlatform' + x-insertionOrder: false + ComponentDependencies: + type: object + x-patternProperties: + .*: + $ref: '#/components/schemas/ComponentDependencyRequirement' + additionalProperties: false + ComponentLambdaParameters: + $ref: '#/components/schemas/LambdaExecutionParameters' + additionalProperties: false + ComponentPlatform: + type: object + properties: + Name: + type: string + Attributes: + type: object + x-patternProperties: + .+: + type: string + additionalProperties: false + additionalProperties: false + ComponentDependencyRequirement: + type: object + properties: + VersionRequirement: + type: string + DependencyType: + type: string + enum: + - SOFT + - HARD + additionalProperties: false + LambdaExecutionParameters: + type: object + properties: + EventSources: + type: array + items: + $ref: '#/components/schemas/LambdaEventSource' + x-insertionOrder: false + MaxQueueSize: + type: integer + MaxInstancesCount: + type: integer + MaxIdleTimeInSeconds: + type: integer + TimeoutInSeconds: + type: integer + StatusTimeoutInSeconds: + type: integer + Pinned: + type: boolean + InputPayloadEncodingType: + type: string + enum: + - json + - binary + ExecArgs: + type: array + items: + type: string + x-insertionOrder: true + EnvironmentVariables: + type: object + x-patternProperties: + .+: + type: string + additionalProperties: false + LinuxProcessParams: + $ref: '#/components/schemas/LambdaLinuxProcessParams' + additionalProperties: false + LambdaEventSource: + type: object + properties: + Topic: + type: string + Type: + type: string + enum: + - PUB_SUB + - IOT_CORE + additionalProperties: false + LambdaLinuxProcessParams: + type: object + properties: + IsolationMode: + type: string + enum: + - GreengrassContainer + - NoContainer + ContainerParams: + $ref: '#/components/schemas/LambdaContainerParams' + additionalProperties: false + LambdaContainerParams: + type: object + properties: + MemorySizeInKB: + type: integer + MountROSysfs: + type: boolean + Volumes: + type: array + items: + $ref: '#/components/schemas/LambdaVolumeMount' + x-insertionOrder: false + Devices: + type: array + items: + $ref: '#/components/schemas/LambdaDeviceMount' + x-insertionOrder: false + additionalProperties: false + LambdaVolumeMount: + type: object + properties: + SourcePath: + $ref: '#/components/schemas/FilesystemPath' + DestinationPath: + $ref: '#/components/schemas/FilesystemPath' + Permission: + $ref: '#/components/schemas/LambdaFilesystemPermission' + AddGroupOwner: + $ref: '#/components/schemas/LambdaAddGroupOwnerBoolean' + additionalProperties: false + LambdaDeviceMount: + type: object + properties: + Path: + $ref: '#/components/schemas/FilesystemPath' + Permission: + $ref: '#/components/schemas/LambdaFilesystemPermission' + AddGroupOwner: + $ref: '#/components/schemas/LambdaAddGroupOwnerBoolean' + additionalProperties: false + FilesystemPath: + type: string + LambdaFilesystemPermission: + type: string + enum: + - ro + - rw + LambdaAddGroupOwnerBoolean: + type: boolean + ComponentVersion: + type: object + properties: + Arn: + type: string + ComponentName: + type: string + ComponentVersion: + type: string + InlineRecipe: + type: string + LambdaFunction: + $ref: '#/components/schemas/LambdaFunctionRecipeSource' + Tags: + type: object + x-patternProperties: + ^(?!aws:)[a-zA-Z+-=._:/]{1,128}$: + type: string + maxLength: 256 + maxProperties: 50 + additionalProperties: false + x-stackql-resource-name: component_version + description: Resource for Greengrass component version. + x-type-name: AWS::GreengrassV2::ComponentVersion + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - ComponentName + - ComponentVersion + x-create-only-properties: + - LambdaFunction + - InlineRecipe + x-write-only-properties: + - LambdaFunction + - InlineRecipe + x-read-only-properties: + - Arn + - ComponentName + - ComponentVersion + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - greengrass:CreateComponentVersion + - greengrass:DescribeComponent + - greengrass:ListTagsForResource + - greengrass:TagResource + - lambda:GetFunction + - s3:GetObject + read: + - greengrass:DescribeComponent + - greengrass:ListTagsForResource + update: + - greengrass:DescribeComponent + - greengrass:ListTagsForResource + - greengrass:TagResource + - greengrass:UntagResource + delete: + - greengrass:DeleteComponent + list: + - greengrass:ListComponentVersions + ComponentDeploymentSpecification: + type: object + properties: + ComponentVersion: + type: string + minLength: 1 + maxLength: 64 + ConfigurationUpdate: + $ref: '#/components/schemas/ComponentConfigurationUpdate' + RunWith: + $ref: '#/components/schemas/ComponentRunWith' + additionalProperties: false + SystemResourceLimits: + type: object + properties: + Memory: + type: integer + format: int64 + minimum: 0 + maximum: 9223372036854772000 + Cpus: + type: number + minimum: 0 + additionalProperties: false + ComponentRunWith: + type: object + properties: + PosixUser: + type: string + minLength: 1 + SystemResourceLimits: + $ref: '#/components/schemas/SystemResourceLimits' + WindowsUser: + type: string + minLength: 1 + additionalProperties: false + ComponentConfigurationUpdate: + type: object + properties: + Merge: + type: string + minLength: 1 + maxLength: 10485760 + Reset: + type: array + items: + type: string + minLength: 0 + maxLength: 256 + x-insertionOrder: false + additionalProperties: false + DeploymentIoTJobConfiguration: + type: object + properties: + JobExecutionsRolloutConfig: + $ref: '#/components/schemas/IoTJobExecutionsRolloutConfig' + AbortConfig: + $ref: '#/components/schemas/IoTJobAbortConfig' + TimeoutConfig: + $ref: '#/components/schemas/IoTJobTimeoutConfig' + additionalProperties: false + IoTJobExecutionsRolloutConfig: + type: object + properties: + ExponentialRate: + $ref: '#/components/schemas/IoTJobExponentialRolloutRate' + MaximumPerMinute: + type: integer + minimum: 1 + maximum: 1000 + additionalProperties: false + IoTJobAbortConfig: + type: object + properties: + CriteriaList: + type: array + items: + $ref: '#/components/schemas/IoTJobAbortCriteria' + minItems: 1 + x-insertionOrder: false + required: + - CriteriaList + additionalProperties: false + IoTJobAbortCriteria: + type: object + properties: + FailureType: + type: string + enum: + - FAILED + - REJECTED + - TIMED_OUT + - ALL + Action: + type: string + enum: + - CANCEL + ThresholdPercentage: + type: number + minimum: 0 + maximum: 100 + MinNumberOfExecutedThings: + type: integer + minimum: 1 + maximum: 2147483647 + required: + - FailureType + - Action + - ThresholdPercentage + - MinNumberOfExecutedThings + additionalProperties: false + IoTJobTimeoutConfig: + type: object + properties: + InProgressTimeoutInMinutes: + type: integer + minimum: 0 + maximum: 2147483647 + additionalProperties: false + IoTJobExponentialRolloutRate: + type: object + properties: + BaseRatePerMinute: + type: integer + minimum: 1 + maximum: 1000 + IncrementFactor: + type: number + minimum: 1 + maximum: 5 + RateIncreaseCriteria: + $ref: '#/components/schemas/IoTJobRateIncreaseCriteria' + required: + - BaseRatePerMinute + - IncrementFactor + - RateIncreaseCriteria + additionalProperties: false + IoTJobRateIncreaseCriteria: + type: object + oneOf: + - type: object + additionalProperties: false + properties: + NumberOfNotifiedThings: + $ref: '#/components/schemas/NumberOfThings' + - type: object + additionalProperties: false + properties: + NumberOfSucceededThings: + $ref: '#/components/schemas/NumberOfThings' + NumberOfThings: + type: integer + minimum: 1 + maximum: 2147483647 + DeploymentPolicies: + type: object + properties: + FailureHandlingPolicy: + type: string + enum: + - ROLLBACK + - DO_NOTHING + ComponentUpdatePolicy: + $ref: '#/components/schemas/DeploymentComponentUpdatePolicy' + ConfigurationValidationPolicy: + $ref: '#/components/schemas/DeploymentConfigurationValidationPolicy' + additionalProperties: false + DeploymentComponentUpdatePolicy: + type: object + properties: + TimeoutInSeconds: + type: integer + minimum: 1 + maximum: 2147483647 + Action: + type: string + enum: + - NOTIFY_COMPONENTS + - SKIP_NOTIFY_COMPONENTS + additionalProperties: false + DeploymentConfigurationValidationPolicy: + type: object + properties: + TimeoutInSeconds: + type: integer + minimum: 1 + maximum: 2147483647 + additionalProperties: false + Deployment: + type: object + properties: + TargetArn: + type: string + pattern: arn:[^:]*:iot:[^:]*:[0-9]+:(thing|thinggroup)/.+ + ParentTargetArn: + type: string + pattern: arn:[^:]*:iot:[^:]*:[0-9]+:thinggroup/.+ + DeploymentId: + type: string + pattern: .+ + DeploymentName: + type: string + minLength: 1 + maxLength: 256 + Components: + type: object + x-patternProperties: + .+: + $ref: '#/components/schemas/ComponentDeploymentSpecification' + additionalProperties: false + IotJobConfiguration: + $ref: '#/components/schemas/DeploymentIoTJobConfiguration' + DeploymentPolicies: + $ref: '#/components/schemas/DeploymentPolicies' + Tags: + type: object + x-patternProperties: + .*: + type: string + maxLength: 256 + maxProperties: 200 + additionalProperties: false + required: + - TargetArn + x-stackql-resource-name: deployment + description: Resource for Greengrass V2 deployment. + x-type-name: AWS::GreengrassV2::Deployment + x-stackql-primary-identifier: + - DeploymentId + x-create-only-properties: + - TargetArn + - ParentTargetArn + - DeploymentName + - Components + - IotJobConfiguration + - DeploymentPolicies + x-read-only-properties: + - DeploymentId + x-required-properties: + - TargetArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - greengrass:CreateDeployment + - greengrass:GetDeployment + - greengrass:TagResource + - iot:CancelJob + - iot:CreateJob + - iot:DeleteThingShadow + - iot:DescribeJob + - iot:DescribeThing + - iot:DescribeThingGroup + - iot:GetThingShadow + - iot:UpdateJob + - iot:UpdateThingShadow + read: + - greengrass:GetDeployment + - iot:DescribeJob + - iot:DescribeThing + - iot:DescribeThingGroup + - iot:GetThingShadow + update: + - greengrass:GetDeployment + - greengrass:TagResource + - greengrass:UntagResource + - iot:DescribeJob + delete: + - greengrass:DeleteDeployment + - greengrass:CancelDeployment + - iot:CancelJob + - iot:DeleteJob + - iot:DescribeJob + list: + - greengrass:ListDeployments + - iot:DescribeJob + - iot:DescribeThing + - iot:DescribeThingGroup + - iot:GetThingShadow + x-stackQL-resources: + component_versions: + name: component_versions + id: aws.greengrassv2.component_versions + x-cfn-schema-name: ComponentVersion + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GreengrassV2::ComponentVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GreengrassV2::ComponentVersion' + AND region = 'us-east-1' + component_version: + name: component_version + id: aws.greengrassv2.component_version + x-cfn-schema-name: ComponentVersion + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ComponentName') as component_name, + JSON_EXTRACT(Properties, '$.ComponentVersion') as component_version, + JSON_EXTRACT(Properties, '$.InlineRecipe') as inline_recipe, + JSON_EXTRACT(Properties, '$.LambdaFunction') as lambda_function, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GreengrassV2::ComponentVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ComponentName') as component_name, + json_extract_path_text(Properties, 'ComponentVersion') as component_version, + json_extract_path_text(Properties, 'InlineRecipe') as inline_recipe, + json_extract_path_text(Properties, 'LambdaFunction') as lambda_function, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GreengrassV2::ComponentVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + deployments: + name: deployments + id: aws.greengrassv2.deployments + x-cfn-schema-name: Deployment + x-type: list + x-identifiers: + - DeploymentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DeploymentId') as deployment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GreengrassV2::Deployment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DeploymentId') as deployment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GreengrassV2::Deployment' + AND region = 'us-east-1' + deployment: + name: deployment + id: aws.greengrassv2.deployment + x-cfn-schema-name: Deployment + x-type: get + x-identifiers: + - DeploymentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TargetArn') as target_arn, + JSON_EXTRACT(Properties, '$.ParentTargetArn') as parent_target_arn, + JSON_EXTRACT(Properties, '$.DeploymentId') as deployment_id, + JSON_EXTRACT(Properties, '$.DeploymentName') as deployment_name, + JSON_EXTRACT(Properties, '$.Components') as components, + JSON_EXTRACT(Properties, '$.IotJobConfiguration') as iot_job_configuration, + JSON_EXTRACT(Properties, '$.DeploymentPolicies') as deployment_policies, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GreengrassV2::Deployment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TargetArn') as target_arn, + json_extract_path_text(Properties, 'ParentTargetArn') as parent_target_arn, + json_extract_path_text(Properties, 'DeploymentId') as deployment_id, + json_extract_path_text(Properties, 'DeploymentName') as deployment_name, + json_extract_path_text(Properties, 'Components') as components, + json_extract_path_text(Properties, 'IotJobConfiguration') as iot_job_configuration, + json_extract_path_text(Properties, 'DeploymentPolicies') as deployment_policies, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GreengrassV2::Deployment' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/groundstation.yaml b/providers/src/aws/v00.00.00000/services/groundstation.yaml new file mode 100644 index 00000000..6021ff38 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/groundstation.yaml @@ -0,0 +1,728 @@ +openapi: 3.0.0 +info: + title: GroundStation + version: 1.0.0 +paths: {} +components: + schemas: + JsonString: + type: string + pattern: ^[{}\[\]:.,"0-9A-z\-_\s]{1,8192}$ + ConfigData: + type: object + minProperties: 1 + maxProperties: 1 + properties: + AntennaDownlinkConfig: + $ref: '#/components/schemas/AntennaDownlinkConfig' + TrackingConfig: + $ref: '#/components/schemas/TrackingConfig' + DataflowEndpointConfig: + $ref: '#/components/schemas/DataflowEndpointConfig' + AntennaDownlinkDemodDecodeConfig: + $ref: '#/components/schemas/AntennaDownlinkDemodDecodeConfig' + AntennaUplinkConfig: + $ref: '#/components/schemas/AntennaUplinkConfig' + UplinkEchoConfig: + $ref: '#/components/schemas/UplinkEchoConfig' + S3RecordingConfig: + $ref: '#/components/schemas/S3RecordingConfig' + additionalProperties: false + EirpUnits: + type: string + enum: + - dBW + Eirp: + type: object + properties: + Value: + type: number + Units: + $ref: '#/components/schemas/EirpUnits' + additionalProperties: false + FrequencyUnits: + type: string + enum: + - GHz + - MHz + - kHz + BandwidthUnits: + type: string + enum: + - GHz + - MHz + - kHz + FrequencyBandwidth: + type: object + properties: + Value: + type: number + Units: + $ref: '#/components/schemas/BandwidthUnits' + additionalProperties: false + Frequency: + type: object + properties: + Value: + type: number + Units: + $ref: '#/components/schemas/FrequencyUnits' + additionalProperties: false + Polarization: + type: string + enum: + - LEFT_HAND + - RIGHT_HAND + - NONE + S3KeyPrefix: + type: string + pattern: ^([a-zA-Z0-9_\-=/]|\{satellite_id\}|\{config\-name}|\{s3\-config-id}|\{year\}|\{month\}|\{day\}){1,900}$ + BucketArn: + type: string + RoleArn: + type: string + UplinkSpectrumConfig: + type: object + properties: + CenterFrequency: + $ref: '#/components/schemas/Frequency' + Polarization: + $ref: '#/components/schemas/Polarization' + additionalProperties: false + SpectrumConfig: + type: object + properties: + CenterFrequency: + $ref: '#/components/schemas/Frequency' + Bandwidth: + $ref: '#/components/schemas/FrequencyBandwidth' + Polarization: + $ref: '#/components/schemas/Polarization' + additionalProperties: false + AntennaDownlinkConfig: + type: object + properties: + SpectrumConfig: + $ref: '#/components/schemas/SpectrumConfig' + additionalProperties: false + TrackingConfig: + type: object + properties: + Autotrack: + type: string + enum: + - REQUIRED + - PREFERRED + - REMOVED + additionalProperties: false + DataflowEndpointConfig: + type: object + properties: + DataflowEndpointName: + type: string + DataflowEndpointRegion: + type: string + additionalProperties: false + DemodulationConfig: + type: object + properties: + UnvalidatedJSON: + $ref: '#/components/schemas/JsonString' + additionalProperties: false + DecodeConfig: + type: object + properties: + UnvalidatedJSON: + $ref: '#/components/schemas/JsonString' + additionalProperties: false + AntennaDownlinkDemodDecodeConfig: + type: object + properties: + SpectrumConfig: + $ref: '#/components/schemas/SpectrumConfig' + DemodulationConfig: + $ref: '#/components/schemas/DemodulationConfig' + DecodeConfig: + $ref: '#/components/schemas/DecodeConfig' + additionalProperties: false + AntennaUplinkConfig: + type: object + properties: + SpectrumConfig: + $ref: '#/components/schemas/UplinkSpectrumConfig' + TargetEirp: + $ref: '#/components/schemas/Eirp' + TransmitDisabled: + type: boolean + additionalProperties: false + UplinkEchoConfig: + type: object + properties: + Enabled: + type: boolean + AntennaUplinkConfigArn: + type: string + additionalProperties: false + S3RecordingConfig: + type: object + properties: + BucketArn: + $ref: '#/components/schemas/BucketArn' + RoleArn: + $ref: '#/components/schemas/RoleArn' + Prefix: + $ref: '#/components/schemas/S3KeyPrefix' + additionalProperties: false + Tag: + type: object + properties: + Key: + type: string + pattern: ^[ a-zA-Z0-9\+\-=._:/@]{1,128}$ + Value: + type: string + pattern: ^[ a-zA-Z0-9\+\-=._:/@]{1,256}$ + additionalProperties: false + required: + - Key + - Value + Config: + type: object + properties: + Name: + type: string + pattern: ^[ a-zA-Z0-9_:-]{1,256}$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + Type: + type: string + ConfigData: + $ref: '#/components/schemas/ConfigData' + Arn: + type: string + Id: + type: string + required: + - Name + - ConfigData + x-stackql-resource-name: config + description: AWS Ground Station config resource type for CloudFormation. + x-type-name: AWS::GroundStation::Config + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + - Id + - Type + x-required-properties: + - Name + - ConfigData + x-required-permissions: + create: + - groundstation:CreateConfig + - groundstation:TagResource + - iam:PassRole + read: + - groundstation:GetConfig + - groundstation:ListTagsForResource + update: + - groundstation:UpdateConfig + - groundstation:ListTagsForResource + - groundstation:TagResource + - groundstation:UntagResource + - iam:PassRole + delete: + - groundstation:DeleteConfig + list: + - groundstation:ListConfigs + SocketAddress: + type: object + properties: + Name: + type: string + Port: + type: integer + additionalProperties: false + AgentStatus: + description: The status of AgentEndpoint. + type: string + enum: + - SUCCESS + - FAILED + - ACTIVE + - INACTIVE + AuditResults: + description: The results of the audit. + type: string + enum: + - HEALTHY + - UNHEALTHY + IntegerRange: + description: An integer range that has a minimum and maximum value. + type: object + properties: + Minimum: + description: A minimum value. + type: integer + Maximum: + description: A maximum value. + type: integer + additionalProperties: false + RangedSocketAddress: + description: A socket address with a port range. + type: object + properties: + Name: + description: IPv4 socket address. + type: string + PortRange: + description: Port range of a socket address. + $ref: '#/components/schemas/IntegerRange' + additionalProperties: false + ConnectionDetails: + description: Egress address of AgentEndpoint with an optional mtu. + type: object + properties: + SocketAddress: + $ref: '#/components/schemas/SocketAddress' + Mtu: + description: Maximum transmission unit (MTU) size in bytes of a dataflow endpoint. + type: integer + additionalProperties: false + RangedConnectionDetails: + description: Ingress address of AgentEndpoint with a port range and an optional mtu. + type: object + properties: + SocketAddress: + $ref: '#/components/schemas/RangedSocketAddress' + Mtu: + description: Maximum transmission unit (MTU) size in bytes of a dataflow endpoint. + type: integer + additionalProperties: false + AwsGroundStationAgentEndpoint: + description: Information about AwsGroundStationAgentEndpoint. + type: object + properties: + Name: + type: string + pattern: ^[ a-zA-Z0-9_:-]{1,256}$ + EgressAddress: + $ref: '#/components/schemas/ConnectionDetails' + IngressAddress: + $ref: '#/components/schemas/RangedConnectionDetails' + AgentStatus: + $ref: '#/components/schemas/AgentStatus' + AuditResults: + $ref: '#/components/schemas/AuditResults' + additionalProperties: false + DataflowEndpoint: + type: object + properties: + Name: + type: string + pattern: ^[ a-zA-Z0-9_:-]{1,256}$ + Address: + $ref: '#/components/schemas/SocketAddress' + Mtu: + type: integer + additionalProperties: false + SecurityDetails: + type: object + properties: + SubnetIds: + type: array + items: + type: string + SecurityGroupIds: + type: array + items: + type: string + RoleArn: + type: string + additionalProperties: false + EndpointDetails: + type: object + properties: + SecurityDetails: + $ref: '#/components/schemas/SecurityDetails' + Endpoint: + $ref: '#/components/schemas/DataflowEndpoint' + AwsGroundStationAgentEndpoint: + $ref: '#/components/schemas/AwsGroundStationAgentEndpoint' + oneOf: + - required: + - Endpoint + - SecurityDetails + - required: + - AwsGroundStationAgentEndpoint + additionalProperties: false + DataflowEndpointGroup: + type: object + properties: + Id: + type: string + Arn: + type: string + EndpointDetails: + type: array + minItems: 1 + items: + $ref: '#/components/schemas/EndpointDetails' + ContactPrePassDurationSeconds: + type: integer + description: Amount of time, in seconds, before a contact starts that the Ground Station Dataflow Endpoint Group will be in a PREPASS state. A Ground Station Dataflow Endpoint Group State Change event will be emitted when the Dataflow Endpoint Group enters and exits the PREPASS state. + ContactPostPassDurationSeconds: + type: integer + description: Amount of time, in seconds, after a contact ends that the Ground Station Dataflow Endpoint Group will be in a POSTPASS state. A Ground Station Dataflow Endpoint Group State Change event will be emitted when the Dataflow Endpoint Group enters and exits the POSTPASS state. + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - EndpointDetails + x-stackql-resource-name: dataflow_endpoint_group + description: AWS Ground Station DataflowEndpointGroup schema for CloudFormation + x-type-name: AWS::GroundStation::DataflowEndpointGroup + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - Arn + x-required-properties: + - EndpointDetails + x-required-permissions: + create: + - groundstation:CreateDataflowEndpointGroup + - groundstation:GetDataflowEndpointGroup + - groundstation:TagResource + - iam:PassRole + - ec2:describeAddresses + - ec2:describeNetworkInterfaces + - iam:createServiceLinkedRole + read: + - groundstation:GetDataflowEndpointGroup + - groundstation:ListTagsForResource + delete: + - groundstation:DeleteDataflowEndpointGroup + - groundstation:GetDataflowEndpointGroup + list: + - groundstation:ListDataflowEndpointGroups + DataflowEdge: + type: object + properties: + Source: + type: string + Destination: + type: string + additionalProperties: false + StreamsKmsKey: + type: object + properties: + KmsKeyArn: + type: string + KmsAliasArn: + type: string + oneOf: + - required: + - KmsKeyArn + - required: + - KmsAliasArn + additionalProperties: false + MissionProfile: + type: object + properties: + Name: + description: A name used to identify a mission profile. + type: string + pattern: ^[ a-zA-Z0-9_:-]{1,256}$ + ContactPrePassDurationSeconds: + description: Pre-pass time needed before the contact. + type: integer + ContactPostPassDurationSeconds: + description: Post-pass time needed after the contact. + type: integer + MinimumViableContactDurationSeconds: + description: Visibilities with shorter duration than the specified minimum viable contact duration will be ignored when searching for available contacts. + type: integer + StreamsKmsKey: + description: The ARN of a KMS Key used for encrypting data during transmission from the source to destination locations. + $ref: '#/components/schemas/StreamsKmsKey' + StreamsKmsRole: + description: The ARN of the KMS Key or Alias Key role used to define permissions on KMS Key usage. + type: string + DataflowEdges: + description: '' + type: array + minItems: 1 + items: + $ref: '#/components/schemas/DataflowEdge' + TrackingConfigArn: + type: string + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + Id: + type: string + Arn: + type: string + Region: + type: string + required: + - Name + - MinimumViableContactDurationSeconds + - DataflowEdges + - TrackingConfigArn + x-stackql-resource-name: mission_profile + description: AWS Ground Station Mission Profile resource type for CloudFormation. + x-type-name: AWS::GroundStation::MissionProfile + x-stackql-primary-identifier: + - Id + - Arn + x-read-only-properties: + - Id + - Arn + - Region + x-required-properties: + - Name + - MinimumViableContactDurationSeconds + - DataflowEdges + - TrackingConfigArn + x-required-permissions: + create: + - groundstation:CreateMissionProfile + - groundstation:GetMissionProfile + - groundstation:TagResource + - iam:PassRole + - kms:DescribeKey + - kms:CreateGrant + read: + - groundstation:GetMissionProfile + - groundstation:ListTagsForResource + - kms:DescribeKey + - kms:CreateGrant + update: + - groundstation:UpdateMissionProfile + - groundstation:GetMissionProfile + - groundstation:ListTagsForResource + - groundstation:TagResource + - groundstation:UntagResource + - iam:PassRole + - kms:DescribeKey + - kms:CreateGrant + delete: + - groundstation:DeleteMissionProfile + - groundstation:GetMissionProfile + list: + - groundstation:ListMissionProfiles + x-stackQL-resources: + configs: + name: configs + id: aws.groundstation.configs + x-cfn-schema-name: Config + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GroundStation::Config' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GroundStation::Config' + AND region = 'us-east-1' + config: + name: config + id: aws.groundstation.config + x-cfn-schema-name: Config + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.ConfigData') as config_data, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GroundStation::Config' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'ConfigData') as config_data, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GroundStation::Config' + AND data__Identifier = '' + AND region = 'us-east-1' + dataflow_endpoint_groups: + name: dataflow_endpoint_groups + id: aws.groundstation.dataflow_endpoint_groups + x-cfn-schema-name: DataflowEndpointGroup + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GroundStation::DataflowEndpointGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GroundStation::DataflowEndpointGroup' + AND region = 'us-east-1' + dataflow_endpoint_group: + name: dataflow_endpoint_group + id: aws.groundstation.dataflow_endpoint_group + x-cfn-schema-name: DataflowEndpointGroup + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.EndpointDetails') as endpoint_details, + JSON_EXTRACT(Properties, '$.ContactPrePassDurationSeconds') as contact_pre_pass_duration_seconds, + JSON_EXTRACT(Properties, '$.ContactPostPassDurationSeconds') as contact_post_pass_duration_seconds, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GroundStation::DataflowEndpointGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'EndpointDetails') as endpoint_details, + json_extract_path_text(Properties, 'ContactPrePassDurationSeconds') as contact_pre_pass_duration_seconds, + json_extract_path_text(Properties, 'ContactPostPassDurationSeconds') as contact_post_pass_duration_seconds, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GroundStation::DataflowEndpointGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + mission_profiles: + name: mission_profiles + id: aws.groundstation.mission_profiles + x-cfn-schema-name: MissionProfile + x-type: list + x-identifiers: + - Id + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GroundStation::MissionProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GroundStation::MissionProfile' + AND region = 'us-east-1' + mission_profile: + name: mission_profile + id: aws.groundstation.mission_profile + x-cfn-schema-name: MissionProfile + x-type: get + x-identifiers: + - Id + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ContactPrePassDurationSeconds') as contact_pre_pass_duration_seconds, + JSON_EXTRACT(Properties, '$.ContactPostPassDurationSeconds') as contact_post_pass_duration_seconds, + JSON_EXTRACT(Properties, '$.MinimumViableContactDurationSeconds') as minimum_viable_contact_duration_seconds, + JSON_EXTRACT(Properties, '$.StreamsKmsKey') as streams_kms_key, + JSON_EXTRACT(Properties, '$.StreamsKmsRole') as streams_kms_role, + JSON_EXTRACT(Properties, '$.DataflowEdges') as dataflow_edges, + JSON_EXTRACT(Properties, '$.TrackingConfigArn') as tracking_config_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Region') as region + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GroundStation::MissionProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ContactPrePassDurationSeconds') as contact_pre_pass_duration_seconds, + json_extract_path_text(Properties, 'ContactPostPassDurationSeconds') as contact_post_pass_duration_seconds, + json_extract_path_text(Properties, 'MinimumViableContactDurationSeconds') as minimum_viable_contact_duration_seconds, + json_extract_path_text(Properties, 'StreamsKmsKey') as streams_kms_key, + json_extract_path_text(Properties, 'StreamsKmsRole') as streams_kms_role, + json_extract_path_text(Properties, 'DataflowEdges') as dataflow_edges, + json_extract_path_text(Properties, 'TrackingConfigArn') as tracking_config_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Region') as region + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GroundStation::MissionProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/guardduty.yaml b/providers/src/aws/v00.00.00000/services/guardduty.yaml new file mode 100644 index 00000000..a738a3dc --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/guardduty.yaml @@ -0,0 +1,915 @@ +openapi: 3.0.0 +info: + title: GuardDuty + version: 1.0.0 +paths: {} +components: + schemas: + TagItem: + type: object + additionalProperties: false + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + CFNS3LogsConfiguration: + type: object + additionalProperties: false + properties: + Enable: + type: boolean + required: + - Enable + CFNKubernetesAuditLogsConfiguration: + type: object + additionalProperties: false + properties: + Enable: + type: boolean + required: + - Enable + CFNKubernetesConfiguration: + type: object + additionalProperties: false + properties: + AuditLogs: + $ref: '#/components/schemas/CFNKubernetesAuditLogsConfiguration' + required: + - AuditLogs + CFNDataSourceConfigurations: + type: object + additionalProperties: false + properties: + S3Logs: + $ref: '#/components/schemas/CFNS3LogsConfiguration' + Kubernetes: + $ref: '#/components/schemas/CFNKubernetesConfiguration' + MalwareProtection: + $ref: '#/components/schemas/CFNMalwareProtectionConfiguration' + CFNMalwareProtectionConfiguration: + type: object + additionalProperties: false + properties: + ScanEc2InstanceWithFindings: + $ref: '#/components/schemas/CFNScanEc2InstanceWithFindingsConfiguration' + CFNScanEc2InstanceWithFindingsConfiguration: + type: object + additionalProperties: false + properties: + EbsVolumes: + type: boolean + CFNFeatureConfiguration: + type: object + additionalProperties: false + properties: + Name: + type: string + maxLength: 128 + Status: + type: string + enum: + - ENABLED + - DISABLED + AdditionalConfiguration: + type: array + items: + $ref: '#/components/schemas/CFNFeatureAdditionalConfiguration' + required: + - Name + - Status + CFNFeatureAdditionalConfiguration: + type: object + additionalProperties: false + properties: + Name: + type: string + minLength: 1 + maxLength: 256 + Status: + type: string + minLength: 1 + maxLength: 128 + Detector: + type: object + properties: + FindingPublishingFrequency: + type: string + Enable: + type: boolean + DataSources: + $ref: '#/components/schemas/CFNDataSourceConfigurations' + Features: + type: array + items: + $ref: '#/components/schemas/CFNFeatureConfiguration' + Id: + type: string + Tags: + type: array + items: + $ref: '#/components/schemas/TagItem' + required: + - Enable + x-stackql-resource-name: detector + description: Resource Type definition for AWS::GuardDuty::Detector + x-type-name: AWS::GuardDuty::Detector + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + x-required-properties: + - Enable + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - guardduty:CreateDetector + - guardduty:GetDetector + - guardduty:TagResource + - iam:CreateServiceLinkedRole + - iam:GetRole + read: + - guardduty:GetDetector + delete: + - guardduty:ListDetectors + - guardduty:DeleteDetector + - guardduty:GetDetector + update: + - guardduty:UpdateDetector + - guardduty:GetDetector + - guardduty:ListDetectors + - iam:CreateServiceLinkedRole + - iam:GetRole + list: + - guardduty:ListDetectors + Condition: + type: object + additionalProperties: false + properties: + Lt: + type: integer + Gt: + type: integer + Gte: + type: integer + Neq: + type: array + uniqueItems: false + items: + type: string + Eq: + type: array + uniqueItems: false + items: + type: string + Lte: + type: integer + Equals: + type: array + uniqueItems: false + items: + type: string + GreaterThan: + type: integer + format: int64 + GreaterThanOrEqual: + type: integer + format: int64 + LessThan: + type: integer + format: int64 + LessThanOrEqual: + type: integer + format: int64 + NotEquals: + type: array + uniqueItems: false + items: + type: string + FindingCriteria: + type: object + additionalProperties: false + properties: + Criterion: + type: object + x-patternProperties: + ^.+$: + $ref: '#/components/schemas/Condition' + additionalProperties: false + Filter: + type: object + properties: + Action: + type: string + Description: + type: string + DetectorId: + type: string + minLength: 1 + maxLength: 300 + FindingCriteria: + $ref: '#/components/schemas/FindingCriteria' + Rank: + type: integer + minimum: 1 + maximum: 100 + Name: + type: string + minLength: 1 + maxLength: 64 + Tags: + type: array + items: + $ref: '#/components/schemas/TagItem' + required: + - FindingCriteria + x-stackql-resource-name: filter + description: Resource Type definition for AWS::GuardDuty::Filter + x-type-name: AWS::GuardDuty::Filter + x-stackql-primary-identifier: + - DetectorId + - Name + x-create-only-properties: + - DetectorId + - Name + x-required-properties: + - FindingCriteria + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - guardduty:CreateFilter + - guardduty:GetFilter + - guardduty:TagResource + read: + - guardduty:GetFilter + delete: + - guardduty:ListDetectors + - guardduty:ListFilters + - guardduty:GetFilter + - guardduty:DeleteFilter + update: + - guardduty:UpdateFilter + - guardduty:GetFilter + - guardduty:ListFilters + list: + - guardduty:ListFilters + IPSet: + type: object + properties: + Id: + type: string + Format: + type: string + Activate: + type: boolean + DetectorId: + type: string + minLength: 1 + maxLength: 300 + Name: + type: string + minLength: 1 + maxLength: 300 + Location: + type: string + minLength: 1 + maxLength: 300 + Tags: + type: array + items: + $ref: '#/components/schemas/TagItem' + required: + - Format + - Location + x-stackql-resource-name: ip_set + description: Resource Type definition for AWS::GuardDuty::IPSet + x-type-name: AWS::GuardDuty::IPSet + x-stackql-primary-identifier: + - Id + - DetectorId + x-create-only-properties: + - Format + - DetectorId + x-write-only-properties: + - Activate + x-read-only-properties: + - Id + x-required-properties: + - Format + - Location + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - guardduty:CreateIPSet + - guardduty:GetIPSet + - guardduty:TagResource + - iam:PutRolePolicy + read: + - guardduty:GetIPSet + delete: + - guardduty:GetDetector + - guardduty:ListDetectors + - guardduty:ListIPSets + - guardduty:GetIPSet + - guardduty:DeleteIPSet + - iam:DeleteRolePolicy + update: + - guardduty:UpdateIPSet + - guardduty:GetIPSet + - guardduty:ListIPSets + - iam:PutRolePolicy + list: + - guardduty:ListIPSets + Master: + type: object + properties: + MasterId: + description: ID of the account used as the master account. + type: string + InvitationId: + description: Value used to validate the master account to the member account. + type: string + DetectorId: + description: Unique ID of the detector of the GuardDuty member account. + type: string + required: + - MasterId + - DetectorId + x-stackql-resource-name: master + description: GuardDuty Master resource schema + x-type-name: AWS::GuardDuty::Master + x-stackql-primary-identifier: + - DetectorId + - MasterId + x-create-only-properties: + - MasterId + - InvitationId + - DetectorId + x-required-properties: + - MasterId + - DetectorId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - guardduty:ListInvitations + - guardduty:AcceptInvitation + - guardduty:GetMasterAccount + read: + - guardduty:GetMasterAccount + delete: + - guardduty:DisassociateFromMasterAccount + list: + - guardduty:GetMasterAccount + Member: + type: object + properties: + Status: + type: string + MemberId: + type: string + Email: + type: string + Message: + type: string + DisableEmailNotification: + type: boolean + DetectorId: + type: string + required: + - Email + x-stackql-resource-name: member + description: Resource Type definition for AWS::GuardDuty::Member + x-type-name: AWS::GuardDuty::Member + x-stackql-primary-identifier: + - DetectorId + - MemberId + x-create-only-properties: + - DetectorId + - MemberId + x-write-only-properties: + - DisableEmailNotification + - Message + x-required-properties: + - Email + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - guardduty:CreateMembers + - guardduty:GetMembers + read: + - guardduty:GetMembers + delete: + - guardduty:GetMembers + - guardduty:DisassociateMembers + - guardduty:DeleteMembers + update: + - guardduty:GetMembers + - guardduty:CreateMembers + - guardduty:DisassociateMembers + - guardduty:StartMonitoringMembers + - guardduty:StopMonitoringMembers + - guardduty:InviteMembers + list: + - guardduty:ListMembers + ThreatIntelSet: + type: object + properties: + Id: + type: string + Format: + type: string + minLength: 1 + maxLength: 300 + Activate: + type: boolean + DetectorId: + type: string + minLength: 1 + maxLength: 32 + Name: + type: string + Location: + type: string + minLength: 1 + maxLength: 300 + Tags: + type: array + items: + $ref: '#/components/schemas/TagItem' + required: + - Format + - Location + x-stackql-resource-name: threat_intel_set + description: Resource Type definition for AWS::GuardDuty::ThreatIntelSet + x-type-name: AWS::GuardDuty::ThreatIntelSet + x-stackql-primary-identifier: + - Id + - DetectorId + x-create-only-properties: + - Format + - DetectorId + x-write-only-properties: + - Activate + x-read-only-properties: + - Id + x-required-properties: + - Format + - Location + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - guardduty:CreateThreatIntelSet + - guardduty:GetThreatIntelSet + - guardduty:TagResource + - iam:PutRolePolicy + read: + - guardduty:GetThreatIntelSet + delete: + - guardduty:ListDetectors + - guardduty:ListThreatIntelSets + - guardduty:DeleteThreatIntelSet + - guardduty:GetThreatIntelSet + - iam:DeleteRolePolicy + update: + - guardduty:UpdateThreatIntelSet + - guardduty:GetThreatIntelSet + - guardduty:ListThreatIntelSets + - iam:PutRolePolicy + list: + - guardduty:ListThreatIntelSets + x-stackQL-resources: + detectors: + name: detectors + id: aws.guardduty.detectors + x-cfn-schema-name: Detector + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GuardDuty::Detector' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GuardDuty::Detector' + AND region = 'us-east-1' + detector: + name: detector + id: aws.guardduty.detector + x-cfn-schema-name: Detector + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FindingPublishingFrequency') as finding_publishing_frequency, + JSON_EXTRACT(Properties, '$.Enable') as enable, + JSON_EXTRACT(Properties, '$.DataSources') as data_sources, + JSON_EXTRACT(Properties, '$.Features') as features, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GuardDuty::Detector' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FindingPublishingFrequency') as finding_publishing_frequency, + json_extract_path_text(Properties, 'Enable') as enable, + json_extract_path_text(Properties, 'DataSources') as data_sources, + json_extract_path_text(Properties, 'Features') as features, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GuardDuty::Detector' + AND data__Identifier = '' + AND region = 'us-east-1' + filters: + name: filters + id: aws.guardduty.filters + x-cfn-schema-name: Filter + x-type: list + x-identifiers: + - DetectorId + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DetectorId') as detector_id, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GuardDuty::Filter' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DetectorId') as detector_id, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GuardDuty::Filter' + AND region = 'us-east-1' + filter: + name: filter + id: aws.guardduty.filter + x-cfn-schema-name: Filter + x-type: get + x-identifiers: + - DetectorId + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Action') as action, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DetectorId') as detector_id, + JSON_EXTRACT(Properties, '$.FindingCriteria') as finding_criteria, + JSON_EXTRACT(Properties, '$.Rank') as rank, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GuardDuty::Filter' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Action') as action, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DetectorId') as detector_id, + json_extract_path_text(Properties, 'FindingCriteria') as finding_criteria, + json_extract_path_text(Properties, 'Rank') as rank, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GuardDuty::Filter' + AND data__Identifier = '|' + AND region = 'us-east-1' + ip_sets: + name: ip_sets + id: aws.guardduty.ip_sets + x-cfn-schema-name: IPSet + x-type: list + x-identifiers: + - Id + - DetectorId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.DetectorId') as detector_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GuardDuty::IPSet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'DetectorId') as detector_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GuardDuty::IPSet' + AND region = 'us-east-1' + ip_set: + name: ip_set + id: aws.guardduty.ip_set + x-cfn-schema-name: IPSet + x-type: get + x-identifiers: + - Id + - DetectorId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Format') as _format, + JSON_EXTRACT(Properties, '$.Activate') as activate, + JSON_EXTRACT(Properties, '$.DetectorId') as detector_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Location') as location, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GuardDuty::IPSet' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Format') as _format, + json_extract_path_text(Properties, 'Activate') as activate, + json_extract_path_text(Properties, 'DetectorId') as detector_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Location') as location, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GuardDuty::IPSet' + AND data__Identifier = '|' + AND region = 'us-east-1' + masters: + name: masters + id: aws.guardduty.masters + x-cfn-schema-name: Master + x-type: list + x-identifiers: + - DetectorId + - MasterId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DetectorId') as detector_id, + JSON_EXTRACT(Properties, '$.MasterId') as master_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GuardDuty::Master' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DetectorId') as detector_id, + json_extract_path_text(Properties, 'MasterId') as master_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GuardDuty::Master' + AND region = 'us-east-1' + master: + name: master + id: aws.guardduty.master + x-cfn-schema-name: Master + x-type: get + x-identifiers: + - DetectorId + - MasterId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.MasterId') as master_id, + JSON_EXTRACT(Properties, '$.InvitationId') as invitation_id, + JSON_EXTRACT(Properties, '$.DetectorId') as detector_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GuardDuty::Master' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'MasterId') as master_id, + json_extract_path_text(Properties, 'InvitationId') as invitation_id, + json_extract_path_text(Properties, 'DetectorId') as detector_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GuardDuty::Master' + AND data__Identifier = '|' + AND region = 'us-east-1' + members: + name: members + id: aws.guardduty.members + x-cfn-schema-name: Member + x-type: list + x-identifiers: + - DetectorId + - MemberId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DetectorId') as detector_id, + JSON_EXTRACT(Properties, '$.MemberId') as member_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GuardDuty::Member' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DetectorId') as detector_id, + json_extract_path_text(Properties, 'MemberId') as member_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GuardDuty::Member' + AND region = 'us-east-1' + member: + name: member + id: aws.guardduty.member + x-cfn-schema-name: Member + x-type: get + x-identifiers: + - DetectorId + - MemberId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.MemberId') as member_id, + JSON_EXTRACT(Properties, '$.Email') as email, + JSON_EXTRACT(Properties, '$.Message') as message, + JSON_EXTRACT(Properties, '$.DisableEmailNotification') as disable_email_notification, + JSON_EXTRACT(Properties, '$.DetectorId') as detector_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GuardDuty::Member' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'MemberId') as member_id, + json_extract_path_text(Properties, 'Email') as email, + json_extract_path_text(Properties, 'Message') as message, + json_extract_path_text(Properties, 'DisableEmailNotification') as disable_email_notification, + json_extract_path_text(Properties, 'DetectorId') as detector_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GuardDuty::Member' + AND data__Identifier = '|' + AND region = 'us-east-1' + threat_intel_sets: + name: threat_intel_sets + id: aws.guardduty.threat_intel_sets + x-cfn-schema-name: ThreatIntelSet + x-type: list + x-identifiers: + - Id + - DetectorId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.DetectorId') as detector_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GuardDuty::ThreatIntelSet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'DetectorId') as detector_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GuardDuty::ThreatIntelSet' + AND region = 'us-east-1' + threat_intel_set: + name: threat_intel_set + id: aws.guardduty.threat_intel_set + x-cfn-schema-name: ThreatIntelSet + x-type: get + x-identifiers: + - Id + - DetectorId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Format') as _format, + JSON_EXTRACT(Properties, '$.Activate') as activate, + JSON_EXTRACT(Properties, '$.DetectorId') as detector_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Location') as location, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GuardDuty::ThreatIntelSet' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Format') as _format, + json_extract_path_text(Properties, 'Activate') as activate, + json_extract_path_text(Properties, 'DetectorId') as detector_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Location') as location, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GuardDuty::ThreatIntelSet' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/healthimaging.yaml b/providers/src/aws/v00.00.00000/services/healthimaging.yaml new file mode 100644 index 00000000..aab8d2f9 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/healthimaging.yaml @@ -0,0 +1,193 @@ +openapi: 3.0.0 +info: + title: HealthImaging + version: 1.0.0 +paths: {} +components: + schemas: + DatastoreArn: + type: string + maxLength: 127 + minLength: 1 + pattern: ^arn:aws((-us-gov)|(-iso)|(-iso-b)|(-cn))?:medical-imaging:[a-z0-9-]+:[0-9]{12}:datastore/[0-9a-z]{32}(/imageset/[0-9a-z]{32})?$ + description: The Datastore's ARN. + DatastoreName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9._/#-]+$ + description: User friendly name for Datastore. + DatastoreId: + type: string + maxLength: 32 + minLength: 0 + pattern: ^[0-9a-z]{32}$ + DatastoreStatus: + type: string + maxLength: 127 + minLength: 1 + description: A string to denote the Datastore's state. + enum: + - CREATING + - CREATE_FAILED + - ACTIVE + - DELETING + - DELETED + KmsKeyArn: + type: string + maxLength: 512 + minLength: 1 + description: ARN referencing a KMS key or KMS key alias. + CreatedAt: + type: string + description: The timestamp when the data store was created. + UpdatedAt: + type: string + description: The timestamp when the data store was created. + Tags: + type: object + description: A Map of key value pairs for Tags. + x-patternProperties: + ^.+$: + type: string + description: The string value for the tag. + maxLength: 256 + minLength: 0 + additionalProperties: false + Datastore: + type: object + properties: + DatastoreArn: + $ref: '#/components/schemas/DatastoreArn' + DatastoreName: + $ref: '#/components/schemas/DatastoreName' + DatastoreId: + $ref: '#/components/schemas/DatastoreId' + DatastoreStatus: + $ref: '#/components/schemas/DatastoreStatus' + KmsKeyArn: + $ref: '#/components/schemas/KmsKeyArn' + CreatedAt: + $ref: '#/components/schemas/CreatedAt' + UpdatedAt: + $ref: '#/components/schemas/UpdatedAt' + Tags: + $ref: '#/components/schemas/Tags' + required: [] + x-stackql-resource-name: datastore + description: Definition of AWS::HealthImaging::Datastore Resource Type + x-type-name: AWS::HealthImaging::Datastore + x-stackql-primary-identifier: + - DatastoreId + x-create-only-properties: + - DatastoreName + - Tags + - KmsKeyArn + x-read-only-properties: + - DatastoreArn + - CreatedAt + - UpdatedAt + - DatastoreId + - DatastoreStatus + x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - medical-imaging:CreateDatastore + - medical-imaging:GetDatastore + - kms:DescribeKey + - kms:CreateGrant + - kms:RetireGrant + - kms:GenerateDataKey + - kms:Decrypt + - lambda:InvokeFunction + - medical-imaging:TagResource + - medical-imaging:UntagResource + - medical-imaging:ListTagsForResource + read: + - medical-imaging:GetDatastore + - medical-imaging:ListTagsForResource + delete: + - medical-imaging:DeleteDatastore + - medical-imaging:GetDatastore + - medical-imaging:UntagResource + - kms:DescribeKey + - kms:RetireGrant + - kms:GenerateDataKey + - kms:Decrypt + list: + - medical-imaging:ListDatastores + x-stackQL-resources: + datastores: + name: datastores + id: aws.healthimaging.datastores + x-cfn-schema-name: Datastore + x-type: list + x-identifiers: + - DatastoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DatastoreId') as datastore_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::HealthImaging::Datastore' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DatastoreId') as datastore_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::HealthImaging::Datastore' + AND region = 'us-east-1' + datastore: + name: datastore + id: aws.healthimaging.datastore + x-cfn-schema-name: Datastore + x-type: get + x-identifiers: + - DatastoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DatastoreArn') as datastore_arn, + JSON_EXTRACT(Properties, '$.DatastoreName') as datastore_name, + JSON_EXTRACT(Properties, '$.DatastoreId') as datastore_id, + JSON_EXTRACT(Properties, '$.DatastoreStatus') as datastore_status, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::HealthImaging::Datastore' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DatastoreArn') as datastore_arn, + json_extract_path_text(Properties, 'DatastoreName') as datastore_name, + json_extract_path_text(Properties, 'DatastoreId') as datastore_id, + json_extract_path_text(Properties, 'DatastoreStatus') as datastore_status, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::HealthImaging::Datastore' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/healthlake.yaml b/providers/src/aws/v00.00.00000/services/healthlake.yaml new file mode 100644 index 00000000..8bc68553 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/healthlake.yaml @@ -0,0 +1,304 @@ +openapi: 3.0.0 +info: + title: HealthLake + version: 1.0.0 +paths: {} +components: + schemas: + CreatedAt: + description: The time that a Data Store was created. + type: object + properties: + Seconds: + description: Seconds since epoch. + type: string + Nanos: + description: Nanoseconds. + type: integer + required: + - Seconds + - Nanos + additionalProperties: false + DatastoreArn: + description: The Amazon Resource Name used in the creation of the Data Store. + type: string + pattern: ^arn:aws((-us-gov)|(-iso)|(-iso-b)|(-cn))?:healthlake:[a-zA-Z0-9-]+:[0-9]{12}:datastore/.+? + DatastoreEndpoint: + description: The AWS endpoint for the Data Store. Each Data Store will have it's own endpoint with Data Store ID in the endpoint URL. + type: string + maxLength: 10000 + DatastoreId: + description: The AWS-generated ID number for the Data Store. + type: string + minLength: 1 + maxLength: 32 + DatastoreName: + description: The user-generated name for the Data Store. + type: string + minLength: 1 + maxLength: 256 + DatastoreStatus: + description: The status of the Data Store. Possible statuses are 'CREATING', 'ACTIVE', 'DELETING', or 'DELETED'. + type: string + enum: + - CREATING + - ACTIVE + - DELETING + - DELETED + DatastoreTypeVersion: + description: The FHIR version. Only R4 version data is supported. + type: string + enum: + - R4 + PreloadDataConfig: + description: The preloaded data configuration for the Data Store. Only data preloaded from Synthea is supported. + type: object + properties: + PreloadDataType: + description: The type of preloaded data. Only Synthea preloaded data is supported. + type: string + enum: + - SYNTHEA + required: + - PreloadDataType + additionalProperties: false + SseConfiguration: + description: The server-side encryption key configuration for a customer provided encryption key. + type: object + properties: + KmsEncryptionConfig: + $ref: '#/components/schemas/KmsEncryptionConfig' + required: + - KmsEncryptionConfig + additionalProperties: false + KmsEncryptionConfig: + description: The customer-managed-key (CMK) used when creating a Data Store. If a customer owned key is not specified, an AWS owned key will be used for encryption. + type: object + properties: + CmkType: + description: The type of customer-managed-key (CMK) used for encryption. The two types of supported CMKs are customer owned CMKs and AWS owned CMKs. + type: string + enum: + - CUSTOMER_MANAGED_KMS_KEY + - AWS_OWNED_KMS_KEY + KmsKeyId: + description: The KMS encryption key id/alias used to encrypt the Data Store contents at rest. + type: string + minLength: 1 + maxLength: 400 + pattern: (arn:aws((-us-gov)|(-iso)|(-iso-b)|(-cn))?:kms:)?([a-z]{2}-[a-z]+(-[a-z]+)?-\d:)?(\d{12}:)?(((key/)?[a-zA-Z0-9-_]+)|(alias/[a-zA-Z0-9:/_-]+)) + required: + - CmkType + additionalProperties: false + IdentityProviderConfiguration: + description: The identity provider configuration for the datastore + type: object + properties: + AuthorizationStrategy: + description: Type of Authorization Strategy. The two types of supported Authorization strategies are SMART_ON_FHIR_V1 and AWS_AUTH. + type: string + enum: + - SMART_ON_FHIR_V1 + - AWS_AUTH + FineGrainedAuthorizationEnabled: + description: Flag to indicate if fine-grained authorization will be enabled for the datastore + type: boolean + Metadata: + description: The JSON metadata elements for identity provider configuration. + type: string + IdpLambdaArn: + description: The Amazon Resource Name (ARN) of the Lambda function that will be used to decode the access token created by the authorization server. + type: string + minLength: 49 + maxLength: 256 + pattern: arn:aws[-a-z]*:lambda:[a-z]{2}-[a-z]+-\d{1}:\d{12}:function:[a-zA-Z0-9\-_\.]+(:(\$LATEST|[a-zA-Z0-9\-_]+))? + required: + - AuthorizationStrategy + additionalProperties: false + Tag: + description: A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty (null) strings. + type: object + properties: + Key: + description: The key of the tag. + type: string + minLength: 1 + maxLength: 128 + Value: + description: The value of the tag. + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + FHIRDatastore: + type: object + properties: + CreatedAt: + $ref: '#/components/schemas/CreatedAt' + DatastoreArn: + $ref: '#/components/schemas/DatastoreArn' + DatastoreEndpoint: + $ref: '#/components/schemas/DatastoreEndpoint' + DatastoreId: + $ref: '#/components/schemas/DatastoreId' + DatastoreName: + $ref: '#/components/schemas/DatastoreName' + DatastoreStatus: + $ref: '#/components/schemas/DatastoreStatus' + DatastoreTypeVersion: + $ref: '#/components/schemas/DatastoreTypeVersion' + PreloadDataConfig: + $ref: '#/components/schemas/PreloadDataConfig' + SseConfiguration: + $ref: '#/components/schemas/SseConfiguration' + IdentityProviderConfiguration: + $ref: '#/components/schemas/IdentityProviderConfiguration' + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - DatastoreTypeVersion + x-stackql-resource-name: fhir_datastore + description: HealthLake FHIR Datastore + x-type-name: AWS::HealthLake::FHIRDatastore + x-documentation-url: https://docs.aws.amazon.com/healthlake/latest/devguide/working-with-FHIR-healthlake.html + x-stackql-primary-identifier: + - DatastoreId + x-create-only-properties: + - DatastoreName + - DatastoreTypeVersion + - PreloadDataConfig + - SseConfiguration + - KmsEncryptionConfig + - IdentityProviderConfiguration + x-read-only-properties: + - CreatedAt + - DatastoreArn + - DatastoreEndpoint + - DatastoreId + - DatastoreStatus + x-required-properties: + - DatastoreTypeVersion + x-taggable: true + x-required-permissions: + create: + - healthlake:CreateFHIRDatastore + - healthlake:DescribeFHIRDatastore + - iam:PassRole + - kms:DescribeKey + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + - iam:GetRole + - iam:CreateServiceLinkedRole + - ram:GetResourceShareInvitations + - ram:AcceptResourceShareInvitation + - glue:CreateDatabase + - glue:DeleteDatabase + - lambda:InvokeFunction + - healthlake:TagResource + - healthlake:UntagResource + - healthlake:ListTagsForResource + read: + - healthlake:DescribeFHIRDatastore + - healthlake:ListTagsForResource + update: + - healthlake:TagResource + - healthlake:UntagResource + - healthlake:ListTagsForResource + - healthlake:DescribeFHIRDatastore + - iam:PassRole + - iam:GetRole + - iam:CreateServiceLinkedRole + delete: + - healthlake:DeleteFHIRDatastore + - healthlake:DescribeFHIRDatastore + - iam:PassRole + - iam:GetRole + - iam:CreateServiceLinkedRole + - ram:GetResourceShareInvitations + - ram:AcceptResourceShareInvitation + - glue:CreateDatabase + - glue:DeleteDatabase + list: + - healthlake:ListFHIRDatastores + x-stackQL-resources: + fhir_datastores: + name: fhir_datastores + id: aws.healthlake.fhir_datastores + x-cfn-schema-name: FHIRDatastore + x-type: list + x-identifiers: + - DatastoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DatastoreId') as datastore_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::HealthLake::FHIRDatastore' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DatastoreId') as datastore_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::HealthLake::FHIRDatastore' + AND region = 'us-east-1' + fhir_datastore: + name: fhir_datastore + id: aws.healthlake.fhir_datastore + x-cfn-schema-name: FHIRDatastore + x-type: get + x-identifiers: + - DatastoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.DatastoreArn') as datastore_arn, + JSON_EXTRACT(Properties, '$.DatastoreEndpoint') as datastore_endpoint, + JSON_EXTRACT(Properties, '$.DatastoreId') as datastore_id, + JSON_EXTRACT(Properties, '$.DatastoreName') as datastore_name, + JSON_EXTRACT(Properties, '$.DatastoreStatus') as datastore_status, + JSON_EXTRACT(Properties, '$.DatastoreTypeVersion') as datastore_type_version, + JSON_EXTRACT(Properties, '$.PreloadDataConfig') as preload_data_config, + JSON_EXTRACT(Properties, '$.SseConfiguration') as sse_configuration, + JSON_EXTRACT(Properties, '$.IdentityProviderConfiguration') as identity_provider_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::HealthLake::FHIRDatastore' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'DatastoreArn') as datastore_arn, + json_extract_path_text(Properties, 'DatastoreEndpoint') as datastore_endpoint, + json_extract_path_text(Properties, 'DatastoreId') as datastore_id, + json_extract_path_text(Properties, 'DatastoreName') as datastore_name, + json_extract_path_text(Properties, 'DatastoreStatus') as datastore_status, + json_extract_path_text(Properties, 'DatastoreTypeVersion') as datastore_type_version, + json_extract_path_text(Properties, 'PreloadDataConfig') as preload_data_config, + json_extract_path_text(Properties, 'SseConfiguration') as sse_configuration, + json_extract_path_text(Properties, 'IdentityProviderConfiguration') as identity_provider_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::HealthLake::FHIRDatastore' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/identitystore.yaml b/providers/src/aws/v00.00.00000/services/identitystore.yaml new file mode 100644 index 00000000..cc90817d --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/identitystore.yaml @@ -0,0 +1,272 @@ +openapi: 3.0.0 +info: + title: IdentityStore + version: 1.0.0 +paths: {} +components: + schemas: + Group: + type: object + properties: + Description: + description: A string containing the description of the group. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  ]+$ + DisplayName: + description: A string containing the name of the group. This value is commonly displayed when the group is referenced. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r ]+$ + GroupId: + description: The unique identifier for a group in the identity store. + type: string + maxLength: 47 + minLength: 1 + pattern: ^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$ + IdentityStoreId: + description: The globally unique identifier for the identity store. + type: string + maxLength: 36 + minLength: 1 + pattern: ^d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + required: + - IdentityStoreId + - DisplayName + x-stackql-resource-name: group + description: Resource Type definition for AWS::IdentityStore::Group + x-type-name: AWS::IdentityStore::Group + x-stackql-primary-identifier: + - GroupId + - IdentityStoreId + x-create-only-properties: + - IdentityStoreId + x-read-only-properties: + - GroupId + x-required-properties: + - IdentityStoreId + - DisplayName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - identitystore:CreateGroup + - identitystore:DescribeGroup + read: + - identitystore:DescribeGroup + update: + - identitystore:DescribeGroup + - identitystore:UpdateGroup + delete: + - identitystore:DescribeGroup + - identitystore:DeleteGroup + list: + - identitystore:ListGroups + MemberId: + description: An object containing the identifier of a group member. + type: object + x-title: UserId + properties: + UserId: + description: The identifier for a user in the identity store. + type: string + maxLength: 47 + minLength: 1 + pattern: ^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$ + required: + - UserId + additionalProperties: false + GroupMembership: + type: object + properties: + GroupId: + description: The unique identifier for a group in the identity store. + type: string + maxLength: 47 + minLength: 1 + pattern: ^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$ + IdentityStoreId: + description: The globally unique identifier for the identity store. + type: string + maxLength: 36 + minLength: 1 + pattern: ^d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + MemberId: + description: An object containing the identifier of a group member. + $ref: '#/components/schemas/MemberId' + MembershipId: + description: The identifier for a GroupMembership in the identity store. + type: string + maxLength: 47 + minLength: 1 + pattern: ^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$ + required: + - IdentityStoreId + - GroupId + - MemberId + x-stackql-resource-name: group_membership + description: Resource Type Definition for AWS:IdentityStore::GroupMembership + x-type-name: AWS::IdentityStore::GroupMembership + x-stackql-primary-identifier: + - MembershipId + - IdentityStoreId + x-create-only-properties: + - IdentityStoreId + - GroupId + - MemberId + x-read-only-properties: + - MembershipId + x-required-properties: + - IdentityStoreId + - GroupId + - MemberId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - identitystore:CreateGroupMembership + - identitystore:DescribeGroupMembership + read: + - identitystore:DescribeGroupMembership + delete: + - identitystore:DeleteGroupMembership + - identitystore:DescribeGroupMembership + list: + - identitystore:ListGroupMemberships + x-stackQL-resources: + groups: + name: groups + id: aws.identitystore.groups + x-cfn-schema-name: Group + x-type: list + x-identifiers: + - GroupId + - IdentityStoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GroupId') as group_id, + JSON_EXTRACT(Properties, '$.IdentityStoreId') as identity_store_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IdentityStore::Group' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GroupId') as group_id, + json_extract_path_text(Properties, 'IdentityStoreId') as identity_store_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IdentityStore::Group' + AND region = 'us-east-1' + group: + name: group + id: aws.identitystore.group + x-cfn-schema-name: Group + x-type: get + x-identifiers: + - GroupId + - IdentityStoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.GroupId') as group_id, + JSON_EXTRACT(Properties, '$.IdentityStoreId') as identity_store_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IdentityStore::Group' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'GroupId') as group_id, + json_extract_path_text(Properties, 'IdentityStoreId') as identity_store_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IdentityStore::Group' + AND data__Identifier = '|' + AND region = 'us-east-1' + group_memberships: + name: group_memberships + id: aws.identitystore.group_memberships + x-cfn-schema-name: GroupMembership + x-type: list + x-identifiers: + - MembershipId + - IdentityStoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.MembershipId') as membership_id, + JSON_EXTRACT(Properties, '$.IdentityStoreId') as identity_store_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IdentityStore::GroupMembership' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'MembershipId') as membership_id, + json_extract_path_text(Properties, 'IdentityStoreId') as identity_store_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IdentityStore::GroupMembership' + AND region = 'us-east-1' + group_membership: + name: group_membership + id: aws.identitystore.group_membership + x-cfn-schema-name: GroupMembership + x-type: get + x-identifiers: + - MembershipId + - IdentityStoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.GroupId') as group_id, + JSON_EXTRACT(Properties, '$.IdentityStoreId') as identity_store_id, + JSON_EXTRACT(Properties, '$.MemberId') as member_id, + JSON_EXTRACT(Properties, '$.MembershipId') as membership_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IdentityStore::GroupMembership' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'GroupId') as group_id, + json_extract_path_text(Properties, 'IdentityStoreId') as identity_store_id, + json_extract_path_text(Properties, 'MemberId') as member_id, + json_extract_path_text(Properties, 'MembershipId') as membership_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IdentityStore::GroupMembership' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/imagebuilder.yaml b/providers/src/aws/v00.00.00000/services/imagebuilder.yaml new file mode 100644 index 00000000..70354fa3 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/imagebuilder.yaml @@ -0,0 +1,2143 @@ +openapi: 3.0.0 +info: + title: ImageBuilder + version: 1.0.0 +paths: {} +components: + schemas: + Component: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the component. + type: string + Name: + description: The name of the component. + type: string + Version: + description: The version of the component. + type: string + Description: + description: The description of the component. + type: string + ChangeDescription: + description: The change description of the component. + type: string + Type: + description: 'The type of the component denotes whether the component is used to build the image or only to test it. ' + type: string + enum: + - BUILD + - TEST + Platform: + description: The platform of the component. + type: string + enum: + - Windows + - Linux + Data: + description: The data of the component. + type: string + minLength: 1 + maxLength: 16000 + KmsKeyId: + description: The KMS key identifier used to encrypt the component. + type: string + Encrypted: + description: The encryption status of the component. + type: boolean + Tags: + description: The tags associated with the component. + type: object + additionalProperties: false + x-patternProperties: + .{1,}: + type: string + Uri: + description: The uri of the component. + type: string + SupportedOsVersions: + description: The operating system (OS) version supported by the component. + type: array + x-insertionOrder: false + items: + type: string + required: + - Name + - Platform + - Version + x-stackql-resource-name: component + description: Resource schema for AWS::ImageBuilder::Component + x-type-name: AWS::ImageBuilder::Component + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - Version + - ChangeDescription + - Description + - Platform + - Data + - Uri + - KmsKeyId + - SupportedOsVersions + - Tags + x-write-only-properties: + - Data + - Uri + - Platform + x-read-only-properties: + - Arn + - Type + - Encrypted + x-required-properties: + - Name + - Platform + - Version + x-tagging: + taggable: false + x-required-permissions: + create: + - iam:CreateServiceLinkedRole + - iam:GetRole + - kms:GenerateDataKey* + - kms:Encrypt + - kms:Decrypt + - s3:GetObject + - s3:HeadBucket + - s3:GetBucketLocation + - imagebuilder:TagResource + - imagebuilder:GetComponent + - imagebuilder:CreateComponent + read: + - imagebuilder:GetComponent + delete: + - imagebuilder:GetComponent + - imagebuilder:UnTagResource + - imagebuilder:DeleteComponent + list: + - imagebuilder:ListComponents + ComponentConfiguration: + description: Configuration details of the component. + type: object + additionalProperties: false + properties: + ComponentArn: + description: The Amazon Resource Name (ARN) of the component. + type: string + Parameters: + description: A group of parameter settings that are used to configure the component for a specific recipe. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ComponentParameter' + InstanceConfiguration: + description: A group of options that can be used to configure an instance for building and testing container images. + type: object + additionalProperties: false + properties: + Image: + description: The AMI ID to use as the base image for a container build and test instance. If not specified, Image Builder will use the appropriate ECS-optimized AMI as a base image. + type: string + BlockDeviceMappings: + description: Defines the block devices to attach for building an instance from this Image Builder AMI. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/InstanceBlockDeviceMapping' + InstanceBlockDeviceMapping: + description: 'Defines block device mappings for the instance used to configure your image. ' + type: object + additionalProperties: false + properties: + DeviceName: + description: The device to which these mappings apply. + type: string + VirtualName: + description: Use to manage instance ephemeral devices. + type: string + NoDevice: + description: Use to remove a mapping from the parent image. + type: string + Ebs: + description: Use to manage Amazon EBS-specific configuration for this mapping. + $ref: '#/components/schemas/EbsInstanceBlockDeviceSpecification' + EbsInstanceBlockDeviceSpecification: + description: 'Amazon EBS-specific block device mapping specifications. ' + type: object + additionalProperties: false + properties: + Encrypted: + description: Use to configure device encryption. + type: boolean + DeleteOnTermination: + description: Use to configure delete on termination of the associated device. + type: boolean + Iops: + description: Use to configure device IOPS. + type: integer + KmsKeyId: + description: Use to configure the KMS key to use when encrypting the device. + type: string + SnapshotId: + description: The snapshot that defines the device contents. + type: string + Throughput: + description: For GP3 volumes only - The throughput in MiB/s that the volume supports. + type: integer + VolumeSize: + description: Use to override the device's volume size. + type: integer + VolumeType: + description: Use to override the device's volume type. + type: string + enum: + - standard + - io1 + - io2 + - gp2 + - gp3 + - sc1 + - st1 + TargetContainerRepository: + description: The destination repository for the container image. + type: object + additionalProperties: false + properties: + Service: + description: The service of target container repository. + type: string + enum: + - ECR + RepositoryName: + description: The repository name of target container repository. + type: string + ComponentParameter: + additionalProperties: false + description: Contains a key/value pair that sets the named component parameter. + type: object + properties: + Name: + description: The name of the component parameter to set. + type: string + Value: + description: Sets the value for the named component parameter. + type: array + x-insertionOrder: true + items: + type: string + required: + - Name + - Value + ContainerRecipe: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the container recipe. + type: string + Name: + description: The name of the container recipe. + type: string + Description: + description: The description of the container recipe. + type: string + Version: + description: The semantic version of the container recipe (..). + type: string + Components: + description: Components for build and test that are included in the container recipe. + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/ComponentConfiguration' + InstanceConfiguration: + additionalProperties: false + description: A group of options that can be used to configure an instance for building and testing container images. + $ref: '#/components/schemas/InstanceConfiguration' + DockerfileTemplateData: + description: Dockerfiles are text documents that are used to build Docker containers, and ensure that they contain all of the elements required by the application running inside. The template data consists of contextual variables where Image Builder places build information or scripts, based on your container image recipe. + type: string + DockerfileTemplateUri: + description: The S3 URI for the Dockerfile that will be used to build your container image. + type: string + PlatformOverride: + description: Specifies the operating system platform when you use a custom source image. + type: string + enum: + - Windows + - Linux + ContainerType: + description: Specifies the type of container, such as Docker. + type: string + enum: + - DOCKER + ImageOsVersionOverride: + description: Specifies the operating system version for the source image. + type: string + TargetRepository: + description: The destination repository for the container image. + $ref: '#/components/schemas/TargetContainerRepository' + KmsKeyId: + description: Identifies which KMS key is used to encrypt the container image. + type: string + ParentImage: + description: The source image for the container recipe. + type: string + WorkingDirectory: + description: The working directory to be used during build and test workflows. + type: string + Tags: + description: Tags that are attached to the container recipe. + type: object + additionalProperties: false + x-patternProperties: + .{1,}: + type: string + x-stackql-resource-name: container_recipe + description: Resource schema for AWS::ImageBuilder::ContainerRecipe + x-type-name: AWS::ImageBuilder::ContainerRecipe + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - Version + - ContainerType + - TargetRepository + - InstanceConfiguration + - ParentImage + - Description + - DockerfileTemplateUri + - DockerfileTemplateData + - ImageOsVersionOverride + - KmsKeyId + - PlatformOverride + - WorkingDirectory + - Components + - Tags + x-write-only-properties: + - DockerfileTemplateData + - DockerfileTemplateUri + - ImageOsVersionOverride + - PlatformOverride + x-read-only-properties: + - Arn + x-tagging: + taggable: false + x-required-permissions: + create: + - iam:GetRole + - iam:CreateServiceLinkedRole + - imagebuilder:GetComponent + - imagebuilder:TagResource + - imagebuilder:GetContainerRecipe + - imagebuilder:CreateContainerRecipe + - imagebuilder:GetImage + - kms:Encrypt + - kms:Decrypt + - kms:ReEncryptFrom + - kms:ReEncryptTo + - kms:GenerateDataKey* + - s3:GetObject + - s3:ListBucket + - ecr:DescribeRepositories + - ec2:DescribeImages + read: + - imagebuilder:GetContainerRecipe + delete: + - imagebuilder:UnTagResource + - imagebuilder:GetContainerRecipe + - imagebuilder:DeleteContainerRecipe + list: + - imagebuilder:ListContainerRecipes + Distribution: + description: The distributions of the distribution configuration. + type: object + additionalProperties: false + properties: + Region: + description: region + type: string + AmiDistributionConfiguration: + $ref: '#/components/schemas/AmiDistributionConfiguration' + ContainerDistributionConfiguration: + $ref: '#/components/schemas/ContainerDistributionConfiguration' + LicenseConfigurationArns: + description: The License Manager Configuration to associate with the AMI in the specified Region. + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/LicenseConfigurationArn' + LaunchTemplateConfigurations: + description: A group of launchTemplateConfiguration settings that apply to image distribution. + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/LaunchTemplateConfiguration' + FastLaunchConfigurations: + description: The Windows faster-launching configurations to use for AMI distribution. + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/FastLaunchConfiguration' + required: + - Region + AmiDistributionConfiguration: + description: The specific AMI settings (for example, launch permissions, AMI tags). + type: object + additionalProperties: false + properties: + Name: + description: The name of the AMI distribution configuration. + type: string + KmsKeyId: + description: The KMS key identifier used to encrypt the distributed image. + type: string + Description: + description: The description of the AMI distribution configuration. + type: string + AmiTags: + description: The tags to apply to AMIs distributed to this Region. + type: object + additionalProperties: false + x-patternProperties: + .{1,}: + type: string + TargetAccountIds: + description: The ID of accounts to which you want to distribute an image. + type: array + x-insertionOrder: true + items: + type: string + LaunchPermissionConfiguration: + $ref: '#/components/schemas/LaunchPermissionConfiguration' + ContainerDistributionConfiguration: + description: Container distribution settings for encryption, licensing, and sharing in a specific Region. + type: object + additionalProperties: false + properties: + Description: + description: The description of the container distribution configuration. + type: string + ContainerTags: + description: Tags that are attached to the container distribution configuration. + type: array + x-insertionOrder: true + items: + type: string + TargetRepository: + description: The destination repository for the container distribution configuration. + $ref: '#/components/schemas/TargetContainerRepository' + LaunchTemplateConfiguration: + description: launchTemplateConfiguration settings that apply to image distribution. + type: object + additionalProperties: false + properties: + LaunchTemplateId: + description: Identifies the EC2 launch template to use. + type: string + AccountId: + description: The account ID that this configuration applies to. + type: string + SetDefaultVersion: + description: Set the specified EC2 launch template as the default launch template for the specified account. + type: boolean + FastLaunchConfiguration: + description: The Windows faster-launching configuration to use for AMI distribution. + type: object + additionalProperties: false + properties: + AccountId: + description: The owner account ID for the fast-launch enabled Windows AMI. + type: string + Enabled: + description: A Boolean that represents the current state of faster launching for the Windows AMI. Set to true to start using Windows faster launching, or false to stop using it. + type: boolean + LaunchTemplate: + description: The launch template that the fast-launch enabled Windows AMI uses when it launches Windows instances to create pre-provisioned snapshots. + $ref: '#/components/schemas/FastLaunchLaunchTemplateSpecification' + MaxParallelLaunches: + description: The maximum number of parallel instances that are launched for creating resources. + type: integer + SnapshotConfiguration: + description: Configuration settings for managing the number of snapshots that are created from pre-provisioned instances for the Windows AMI when faster launching is enabled. + $ref: '#/components/schemas/FastLaunchSnapshotConfiguration' + LaunchPermissionConfiguration: + description: Launch permissions can be used to configure which AWS accounts can use the AMI to launch instances. + type: object + additionalProperties: false + properties: + UserIds: + description: The AWS account ID. + type: array + x-insertionOrder: false + items: + type: string + UserGroups: + description: The name of the group. + type: array + x-insertionOrder: false + items: + type: string + OrganizationArns: + description: The ARN for an Amazon Web Services Organization that you want to share your AMI with. + type: array + x-insertionOrder: false + items: + type: string + OrganizationalUnitArns: + description: The ARN for an Organizations organizational unit (OU) that you want to share your AMI with. + type: array + x-insertionOrder: false + items: + type: string + LicenseConfigurationArn: + description: The Amazon Resource Name (ARN) of the License Manager configuration. + type: string + FastLaunchLaunchTemplateSpecification: + description: The launch template that the fast-launch enabled Windows AMI uses when it launches Windows instances to create pre-provisioned snapshots. + type: object + additionalProperties: false + properties: + LaunchTemplateId: + description: The ID of the launch template to use for faster launching for a Windows AMI. + type: string + LaunchTemplateName: + description: The name of the launch template to use for faster launching for a Windows AMI. + type: string + LaunchTemplateVersion: + description: The version of the launch template to use for faster launching for a Windows AMI. + type: string + FastLaunchSnapshotConfiguration: + description: Configuration settings for managing the number of snapshots that are created from pre-provisioned instances for the Windows AMI when faster launching is enabled. + type: object + additionalProperties: false + properties: + TargetResourceCount: + description: The number of pre-provisioned snapshots to keep on hand for a fast-launch enabled Windows AMI. + type: integer + DistributionConfiguration: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the distribution configuration. + type: string + Name: + description: The name of the distribution configuration. + type: string + Description: + description: The description of the distribution configuration. + type: string + Distributions: + description: The distributions of the distribution configuration. + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/Distribution' + Tags: + description: The tags associated with the component. + type: object + additionalProperties: false + x-patternProperties: + .{1,}: + type: string + required: + - Name + - Distributions + x-stackql-resource-name: distribution_configuration + description: Resource schema for AWS::ImageBuilder::DistributionConfiguration + x-type-name: AWS::ImageBuilder::DistributionConfiguration + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - Name + - Distributions + x-tagging: + taggable: false + x-required-permissions: + create: + - iam:GetRole + - iam:CreateServiceLinkedRole + - ec2:DescribeLaunchTemplates + - ec2:CreateLaunchTemplateVersion + - ec2:ModifyLaunchTemplate + - imagebuilder:TagResource + - imagebuilder:GetDistributionConfiguration + - imagebuilder:CreateDistributionConfiguration + update: + - ec2:DescribeLaunchTemplates + - ec2:CreateLaunchTemplateVersion + - ec2:ModifyLaunchTemplate + - imagebuilder:GetDistributionConfiguration + - imagebuilder:UpdateDistributionConfiguration + read: + - imagebuilder:GetDistributionConfiguration + delete: + - imagebuilder:GetDistributionConfiguration + - imagebuilder:UnTagResource + - imagebuilder:DeleteDistributionConfiguration + list: + - imagebuilder:ListDistributionConfigurations + ImageTestsConfiguration: + description: Image tests configuration. + type: object + additionalProperties: false + properties: + ImageTestsEnabled: + description: Defines if tests should be executed when building this image. + type: boolean + TimeoutMinutes: + description: The maximum time in minutes that tests are permitted to run. + type: integer + minimum: 60 + maximum: 1440 + ImageScanningConfiguration: + description: Determines if tests should run after building the image. Image Builder defaults to enable tests to run following the image build, before image distribution. + type: object + additionalProperties: false + properties: + EcrConfiguration: + description: Contains ECR settings for vulnerability scans. + $ref: '#/components/schemas/EcrConfiguration' + ImageScanningEnabled: + description: This sets whether Image Builder keeps a snapshot of the vulnerability scans that Amazon Inspector runs against the build instance when you create a new image. + type: boolean + EcrConfiguration: + description: Settings for Image Builder to configure the ECR repository and output container images that are scanned. + type: object + additionalProperties: false + properties: + ContainerTags: + description: Tags for Image Builder to apply the output container image that is scanned. Tags can help you identify and manage your scanned images. + type: array + x-insertionOrder: true + items: + type: string + RepositoryName: + description: The name of the container repository that Amazon Inspector scans to identify findings for your container images. The name includes the path for the repository location. If you don't provide this information, Image Builder creates a repository in your account named image-builder-image-scanning-repository to use for vulnerability scans for your output container images. + type: string + WorkflowConfiguration: + description: The workflow configuration of the image + type: object + additionalProperties: false + properties: + WorkflowArn: + description: The Amazon Resource Name (ARN) of the workflow + type: string + Parameters: + description: The parameters associated with the workflow + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/WorkflowParameter' + ParallelGroup: + description: The parallel group name + type: string + OnFailure: + description: Define execution decision in case of workflow failure + type: string + enum: + - CONTINUE + - ABORT + WorkflowParameter: + description: A parameter associated with the workflow + type: object + additionalProperties: false + properties: + Name: + type: string + Value: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/WorkflowParameterValue' + WorkflowParameterValue: + description: The value associated with the workflow parameter + type: string + Image: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the image. + type: string + Name: + description: The name of the image. + type: string + ImageTestsConfiguration: + description: The image tests configuration used when creating this image. + $ref: '#/components/schemas/ImageTestsConfiguration' + ImageRecipeArn: + description: The Amazon Resource Name (ARN) of the image recipe that defines how images are configured, tested, and assessed. + type: string + ContainerRecipeArn: + description: The Amazon Resource Name (ARN) of the container recipe that defines how images are configured and tested. + type: string + DistributionConfigurationArn: + description: The Amazon Resource Name (ARN) of the distribution configuration. + type: string + InfrastructureConfigurationArn: + description: The Amazon Resource Name (ARN) of the infrastructure configuration. + type: string + Workflows: + description: Workflows to define the image build process + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/WorkflowConfiguration' + ImageId: + description: The AMI ID of the EC2 AMI in current region. + type: string + ImageUri: + description: URI for containers created in current Region with default ECR image tag + type: string + EnhancedImageMetadataEnabled: + description: Collects additional information about the image being created, including the operating system (OS) version and package list. + type: boolean + ImageScanningConfiguration: + description: Contains settings for vulnerability scans. + $ref: '#/components/schemas/ImageScanningConfiguration' + ExecutionRole: + description: The execution role name/ARN for the image build, if provided + type: string + Tags: + description: The tags associated with the image. + type: object + additionalProperties: false + x-patternProperties: + .{1,}: + type: string + x-stackql-resource-name: image + description: Resource schema for AWS::ImageBuilder::Image + x-type-name: AWS::ImageBuilder::Image + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - ImageRecipeArn + - ContainerRecipeArn + - InfrastructureConfigurationArn + - Workflows + - DistributionConfigurationArn + - ImageTestsConfiguration + - ImageScanningConfiguration + - EnhancedImageMetadataEnabled + - Tags + x-read-only-properties: + - Arn + - Name + - ImageId + - ImageUri + x-tagging: + taggable: false + x-required-permissions: + create: + - ecr:BatchGetRepositoryScanningConfiguration + - iam:GetRole + - iam:PassRole + - iam:CreateServiceLinkedRole + - imagebuilder:GetImageRecipe + - imagebuilder:GetInfrastructureConfiguration + - imagebuilder:GetDistributionConfiguration + - imagebuilder:GetWorkflow + - imagebuilder:GetImage + - imagebuilder:CreateImage + - imagebuilder:TagResource + - inspector2:BatchGetAccountStatus + read: + - imagebuilder:GetImage + delete: + - imagebuilder:GetImage + - imagebuilder:DeleteImage + - imagebuilder:UnTagResource + - imagebuilder:CancelImageCreation + list: + - imagebuilder:ListImages + Schedule: + description: The schedule of the image pipeline. + type: object + additionalProperties: false + properties: + ScheduleExpression: + description: The expression determines how often EC2 Image Builder evaluates your pipelineExecutionStartCondition. + type: string + PipelineExecutionStartCondition: + description: The condition configures when the pipeline should trigger a new image build. + type: string + enum: + - EXPRESSION_MATCH_ONLY + - EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE + ImagePipeline: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the image pipeline. + type: string + Name: + description: The name of the image pipeline. + type: string + Description: + description: The description of the image pipeline. + type: string + ImageTestsConfiguration: + description: The image tests configuration of the image pipeline. + $ref: '#/components/schemas/ImageTestsConfiguration' + Status: + description: The status of the image pipeline. + type: string + enum: + - DISABLED + - ENABLED + Schedule: + description: The schedule of the image pipeline. + $ref: '#/components/schemas/Schedule' + ImageRecipeArn: + description: The Amazon Resource Name (ARN) of the image recipe that defines how images are configured, tested, and assessed. + type: string + ContainerRecipeArn: + description: The Amazon Resource Name (ARN) of the container recipe that defines how images are configured and tested. + type: string + DistributionConfigurationArn: + description: The Amazon Resource Name (ARN) of the distribution configuration associated with this image pipeline. + type: string + InfrastructureConfigurationArn: + description: The Amazon Resource Name (ARN) of the infrastructure configuration associated with this image pipeline. + type: string + Workflows: + description: Workflows to define the image build process + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/WorkflowConfiguration' + EnhancedImageMetadataEnabled: + description: Collects additional information about the image being created, including the operating system (OS) version and package list. + type: boolean + ImageScanningConfiguration: + description: Contains settings for vulnerability scans. + $ref: '#/components/schemas/ImageScanningConfiguration' + ExecutionRole: + description: The execution role name/ARN for the image build, if provided + type: string + Tags: + description: The tags of this image pipeline. + type: object + additionalProperties: false + x-patternProperties: + .{1,}: + type: string + x-stackql-resource-name: image_pipeline + description: Resource schema for AWS::ImageBuilder::ImagePipeline + x-type-name: AWS::ImageBuilder::ImagePipeline + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-tagging: + taggable: false + x-required-permissions: + create: + - ecr:BatchGetRepositoryScanningConfiguration + - iam:GetRole + - iam:PassRole + - iam:CreateServiceLinkedRole + - imagebuilder:TagResource + - imagebuilder:GetImagePipeline + - imagebuilder:GetImageRecipe + - imagebuilder:GetInfrastructureConfiguration + - imagebuilder:GetDistributionConfiguration + - imagebuilder:CreateImagePipeline + - imagebuilder:GetWorkflow + - inspector2:BatchGetAccountStatus + update: + - iam:PassRole + - imagebuilder:GetImagePipeline + - imagebuilder:UpdateImagePipeline + - imagebuilder:GetWorkflow + read: + - imagebuilder:GetImagePipeline + delete: + - imagebuilder:UnTagResource + - imagebuilder:GetImagePipeline + - imagebuilder:DeleteImagePipeline + list: + - imagebuilder:ListImagePipelines + AdditionalInstanceConfiguration: + additionalProperties: false + description: Specify additional settings and launch scripts for your build instances. + type: object + properties: + SystemsManagerAgent: + description: Contains settings for the SSM agent on your build instance. + $ref: '#/components/schemas/SystemsManagerAgent' + UserDataOverride: + description: Use this property to provide commands or a command script to run when you launch your build instance. + type: string + SystemsManagerAgent: + additionalProperties: false + description: Contains settings for the SSM agent on your build instance. + type: object + properties: + UninstallAfterBuild: + description: Controls whether the SSM agent is removed from your final build image, prior to creating the new AMI. If this is set to true, then the agent is removed from the final image. If it's set to false, then the agent is left in, so that it is included in the new AMI. The default value is false. + type: boolean + ImageRecipe: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the image recipe. + type: string + Name: + description: The name of the image recipe. + type: string + Description: + description: The description of the image recipe. + type: string + Version: + description: The version of the image recipe. + type: string + Components: + description: The components of the image recipe. + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/ComponentConfiguration' + BlockDeviceMappings: + description: The block device mappings to apply when creating images from this recipe. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/InstanceBlockDeviceMapping' + ParentImage: + description: The parent image of the image recipe. + type: string + WorkingDirectory: + description: The working directory to be used during build and test workflows. + type: string + AdditionalInstanceConfiguration: + description: Specify additional settings and launch scripts for your build instances. + $ref: '#/components/schemas/AdditionalInstanceConfiguration' + Tags: + description: The tags of the image recipe. + type: object + additionalProperties: false + x-patternProperties: + .{1,}: + type: string + required: + - Name + - Version + - Components + - ParentImage + x-stackql-resource-name: image_recipe + description: Resource schema for AWS::ImageBuilder::ImageRecipe + x-type-name: AWS::ImageBuilder::ImageRecipe + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - Version + - Components + - ParentImage + - Description + - BlockDeviceMappings + - WorkingDirectory + - Tags + x-read-only-properties: + - Arn + x-required-properties: + - Name + - Version + - Components + - ParentImage + x-tagging: + taggable: false + x-required-permissions: + create: + - iam:GetRole + - iam:CreateServiceLinkedRole + - imagebuilder:GetComponent + - imagebuilder:GetImage + - imagebuilder:TagResource + - imagebuilder:GetImageRecipe + - imagebuilder:CreateImageRecipe + - ec2:DescribeImages + read: + - imagebuilder:GetImageRecipe + delete: + - imagebuilder:UnTagResource + - imagebuilder:GetImageRecipe + - imagebuilder:DeleteImageRecipe + list: + - imagebuilder:ListImageRecipes + TagMap: + description: TagMap + type: object + additionalProperties: false + properties: + TagKey: + description: TagKey + type: string + minLength: 1 + maxLength: 128 + TagValue: + description: TagValue + type: string + minLength: 1 + maxLength: 256 + Logging: + description: The logging configuration of the infrastructure configuration. + type: object + additionalProperties: false + properties: + S3Logs: + $ref: '#/components/schemas/S3Logs' + InstanceMetadataOptions: + description: The instance metadata option settings for the infrastructure configuration. + type: object + additionalProperties: false + properties: + HttpPutResponseHopLimit: + description: Limit the number of hops that an instance metadata request can traverse to reach its destination. + type: integer + HttpTokens: + description: 'Indicates whether a signed token header is required for instance metadata retrieval requests. The values affect the response as follows: ' + type: string + enum: + - required + - optional + S3Logs: + description: The S3 path in which to store the logs. + type: object + additionalProperties: false + properties: + S3BucketName: + description: S3BucketName + type: string + S3KeyPrefix: + description: S3KeyPrefix + type: string + InfrastructureConfiguration: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the infrastructure configuration. + type: string + Name: + description: The name of the infrastructure configuration. + type: string + Description: + description: The description of the infrastructure configuration. + type: string + InstanceTypes: + description: The instance types of the infrastructure configuration. + type: array + x-insertionOrder: true + items: + type: string + SecurityGroupIds: + description: The security group IDs of the infrastructure configuration. + type: array + x-insertionOrder: false + items: + type: string + Logging: + description: The logging configuration of the infrastructure configuration. + $ref: '#/components/schemas/Logging' + SubnetId: + description: The subnet ID of the infrastructure configuration. + type: string + KeyPair: + description: The EC2 key pair of the infrastructure configuration.. + type: string + TerminateInstanceOnFailure: + description: The terminate instance on failure configuration of the infrastructure configuration. + type: boolean + InstanceProfileName: + description: The instance profile of the infrastructure configuration. + type: string + InstanceMetadataOptions: + description: The instance metadata option settings for the infrastructure configuration. + $ref: '#/components/schemas/InstanceMetadataOptions' + SnsTopicArn: + description: The SNS Topic Amazon Resource Name (ARN) of the infrastructure configuration. + type: string + ResourceTags: + description: The tags attached to the resource created by Image Builder. + type: object + additionalProperties: false + x-patternProperties: + .{1,}: + type: string + Tags: + description: The tags associated with the component. + type: object + additionalProperties: false + x-patternProperties: + .{1,}: + type: string + required: + - Name + - InstanceProfileName + x-stackql-resource-name: infrastructure_configuration + description: Resource schema for AWS::ImageBuilder::InfrastructureConfiguration + x-type-name: AWS::ImageBuilder::InfrastructureConfiguration + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - Name + - InstanceProfileName + x-tagging: + taggable: false + x-required-permissions: + create: + - iam:PassRole + - iam:GetRole + - iam:GetInstanceProfile + - iam:CreateServiceLinkedRole + - sns:Publish + - imagebuilder:TagResource + - imagebuilder:GetInfrastructureConfiguration + - imagebuilder:CreateInfrastructureConfiguration + update: + - iam:PassRole + - sns:Publish + - imagebuilder:GetInfrastructureConfiguration + - imagebuilder:UpdateInfrastructureConfiguration + read: + - imagebuilder:GetInfrastructureConfiguration + delete: + - imagebuilder:UnTagResource + - imagebuilder:GetInfrastructureConfiguration + - imagebuilder:DeleteInfrastructureConfiguration + list: + - imagebuilder:ListInfrastructureConfigurations + PolicyDetail: + description: The policy detail of the lifecycle policy. + type: object + additionalProperties: false + properties: + Action: + $ref: '#/components/schemas/Action' + Filter: + $ref: '#/components/schemas/Filter' + ExclusionRules: + $ref: '#/components/schemas/ExclusionRules' + required: + - Action + - Filter + Action: + description: The action of the policy detail. + type: object + additionalProperties: false + properties: + Type: + description: The action type of the policy detail. + type: string + enum: + - DELETE + - DEPRECATE + - DISABLE + IncludeResources: + $ref: '#/components/schemas/IncludeResources' + required: + - Type + Filter: + description: The filters to apply of the policy detail. + type: object + additionalProperties: false + properties: + Type: + description: The filter type. + type: string + enum: + - AGE + - COUNT + Value: + description: The filter value. + type: integer + Unit: + description: The value's time unit. + $ref: '#/components/schemas/TimeUnit' + RetainAtLeast: + description: The minimum number of Image Builder resources to retain. + type: integer + required: + - Type + - Value + ExclusionRules: + description: The exclusion rules to apply of the policy detail. + type: object + additionalProperties: false + properties: + TagMap: + description: The Image Builder tags to filter on. + type: object + additionalProperties: false + x-patternProperties: + .{1,}: + type: string + Amis: + $ref: '#/components/schemas/AmiExclusionRules' + TimeUnit: + description: A time unit. + type: string + enum: + - DAYS + - WEEKS + - MONTHS + - YEARS + IncludeResources: + description: The included resources of the policy detail. + type: object + additionalProperties: false + properties: + Amis: + description: Use to configure lifecycle actions on AMIs. + type: boolean + Containers: + description: Use to configure lifecycle actions on containers. + type: boolean + Snapshots: + description: Use to configure lifecycle actions on snapshots. + type: boolean + AmiExclusionRules: + description: The AMI exclusion rules for the policy detail. + type: object + additionalProperties: false + properties: + IsPublic: + description: Use to apply lifecycle policy actions on whether the AMI is public. + type: boolean + Regions: + description: Use to apply lifecycle policy actions on AMIs distributed to a set of regions. + type: array + x-insertionOrder: false + items: + type: string + SharedAccounts: + description: Use to apply lifecycle policy actions on AMIs shared with a set of regions. + type: array + x-insertionOrder: false + items: + type: string + LastLaunched: + description: Use to apply lifecycle policy actions on AMIs launched before a certain time. + $ref: '#/components/schemas/LastLaunched' + TagMap: + description: The AMIs to select by tag. + type: object + additionalProperties: false + x-patternProperties: + .{1,}: + type: string + LastLaunched: + description: The last launched time of a resource. + type: object + additionalProperties: false + properties: + Value: + description: The last launched value. + type: integer + Unit: + description: The value's time unit. + $ref: '#/components/schemas/TimeUnit' + required: + - Value + - Unit + ResourceSelection: + description: The resource selection for the lifecycle policy. + type: object + additionalProperties: false + properties: + Recipes: + description: The recipes to select. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/RecipeSelection' + TagMap: + description: The Image Builder resources to select by tag. + type: object + additionalProperties: false + x-patternProperties: + .{1,}: + type: string + RecipeSelection: + description: The recipe to apply the lifecycle policy for. + type: object + additionalProperties: false + properties: + Name: + description: The recipe name. + type: string + SemanticVersion: + description: The recipe version. + type: string + required: + - Name + - SemanticVersion + LifecyclePolicy: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the lifecycle policy. + type: string + Name: + description: The name of the lifecycle policy. + type: string + Description: + description: The description of the lifecycle policy. + type: string + Status: + description: The status of the lifecycle policy. + type: string + enum: + - DISABLED + - ENABLED + ExecutionRole: + description: The execution role of the lifecycle policy. + type: string + ResourceType: + description: The resource type of the lifecycle policy. + type: string + enum: + - AMI_IMAGE + - CONTAINER_IMAGE + PolicyDetails: + description: The policy details of the lifecycle policy. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/PolicyDetail' + ResourceSelection: + description: The resource selection of the lifecycle policy. + $ref: '#/components/schemas/ResourceSelection' + Tags: + description: The tags associated with the lifecycle policy. + type: object + additionalProperties: false + x-patternProperties: + .{1,}: + type: string + required: + - Name + - ExecutionRole + - ResourceType + - PolicyDetails + - ResourceSelection + x-stackql-resource-name: lifecycle_policy + description: Resource schema for AWS::ImageBuilder::LifecyclePolicy + x-type-name: AWS::ImageBuilder::LifecyclePolicy + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - Name + - ExecutionRole + - ResourceType + - PolicyDetails + - ResourceSelection + x-tagging: + taggable: false + x-required-permissions: + create: + - iam:PassRole + - imagebuilder:CreateLifecyclePolicy + - imagebuilder:GetLifecyclePolicy + - imagebuilder:TagResource + update: + - iam:PassRole + - imagebuilder:GetLifecyclePolicy + - imagebuilder:UpdateLifecyclePolicy + read: + - imagebuilder:GetLifecyclePolicy + delete: + - imagebuilder:GetLifecyclePolicy + - imagebuilder:DeleteLifecyclePolicy + - imagebuilder:UnTagResource + list: + - imagebuilder:ListLifecyclePolicies + Workflow: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the workflow. + type: string + Name: + description: The name of the workflow. + type: string + Version: + description: The version of the workflow. + type: string + Description: + description: The description of the workflow. + type: string + ChangeDescription: + description: The change description of the workflow. + type: string + Type: + description: The type of the workflow denotes whether the workflow is used to build, test, or distribute. + type: string + enum: + - BUILD + - TEST + - DISTRIBUTION + Data: + description: The data of the workflow. + type: string + minLength: 1 + maxLength: 16000 + Uri: + description: The uri of the workflow. + type: string + KmsKeyId: + description: The KMS key identifier used to encrypt the workflow. + type: string + Tags: + description: The tags associated with the workflow. + type: object + additionalProperties: false + x-patternProperties: + .{1,}: + type: string + required: + - Name + - Type + - Version + x-stackql-resource-name: workflow + description: Resource schema for AWS::ImageBuilder::Workflow + x-type-name: AWS::ImageBuilder::Workflow + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - Version + - ChangeDescription + - Description + - Data + - Uri + - Type + - KmsKeyId + - Tags + x-write-only-properties: + - Data + - Uri + x-read-only-properties: + - Arn + x-required-properties: + - Name + - Type + - Version + x-tagging: + taggable: false + x-required-permissions: + create: + - iam:GetRole + - kms:GenerateDataKey* + - kms:Encrypt + - kms:Decrypt + - s3:GetObject + - s3:HeadBucket + - s3:GetBucketLocation + - imagebuilder:TagResource + - imagebuilder:GetWorkflow + - imagebuilder:CreateWorkflow + read: + - imagebuilder:GetWorkflow + delete: + - imagebuilder:GetWorkflow + - imagebuilder:UnTagResource + - imagebuilder:DeleteWorkflow + list: + - imagebuilder:ListWorkflows + x-stackQL-resources: + components: + name: components + id: aws.imagebuilder.components + x-cfn-schema-name: Component + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::Component' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::Component' + AND region = 'us-east-1' + component: + name: component + id: aws.imagebuilder.component + x-cfn-schema-name: Component + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ChangeDescription') as change_description, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Platform') as platform, + JSON_EXTRACT(Properties, '$.Data') as data, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.Encrypted') as encrypted, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Uri') as uri, + JSON_EXTRACT(Properties, '$.SupportedOsVersions') as supported_os_versions + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::Component' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ChangeDescription') as change_description, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Platform') as platform, + json_extract_path_text(Properties, 'Data') as data, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'Encrypted') as encrypted, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Uri') as uri, + json_extract_path_text(Properties, 'SupportedOsVersions') as supported_os_versions + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::Component' + AND data__Identifier = '' + AND region = 'us-east-1' + container_recipes: + name: container_recipes + id: aws.imagebuilder.container_recipes + x-cfn-schema-name: ContainerRecipe + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::ContainerRecipe' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::ContainerRecipe' + AND region = 'us-east-1' + container_recipe: + name: container_recipe + id: aws.imagebuilder.container_recipe + x-cfn-schema-name: ContainerRecipe + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.Components') as components, + JSON_EXTRACT(Properties, '$.InstanceConfiguration') as instance_configuration, + JSON_EXTRACT(Properties, '$.DockerfileTemplateData') as dockerfile_template_data, + JSON_EXTRACT(Properties, '$.DockerfileTemplateUri') as dockerfile_template_uri, + JSON_EXTRACT(Properties, '$.PlatformOverride') as platform_override, + JSON_EXTRACT(Properties, '$.ContainerType') as container_type, + JSON_EXTRACT(Properties, '$.ImageOsVersionOverride') as image_os_version_override, + JSON_EXTRACT(Properties, '$.TargetRepository') as target_repository, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.ParentImage') as parent_image, + JSON_EXTRACT(Properties, '$.WorkingDirectory') as working_directory, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::ContainerRecipe' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'Components') as components, + json_extract_path_text(Properties, 'InstanceConfiguration') as instance_configuration, + json_extract_path_text(Properties, 'DockerfileTemplateData') as dockerfile_template_data, + json_extract_path_text(Properties, 'DockerfileTemplateUri') as dockerfile_template_uri, + json_extract_path_text(Properties, 'PlatformOverride') as platform_override, + json_extract_path_text(Properties, 'ContainerType') as container_type, + json_extract_path_text(Properties, 'ImageOsVersionOverride') as image_os_version_override, + json_extract_path_text(Properties, 'TargetRepository') as target_repository, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'ParentImage') as parent_image, + json_extract_path_text(Properties, 'WorkingDirectory') as working_directory, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::ContainerRecipe' + AND data__Identifier = '' + AND region = 'us-east-1' + distribution_configurations: + name: distribution_configurations + id: aws.imagebuilder.distribution_configurations + x-cfn-schema-name: DistributionConfiguration + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::DistributionConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::DistributionConfiguration' + AND region = 'us-east-1' + distribution_configuration: + name: distribution_configuration + id: aws.imagebuilder.distribution_configuration + x-cfn-schema-name: DistributionConfiguration + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Distributions') as distributions, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::DistributionConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Distributions') as distributions, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::DistributionConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + images: + name: images + id: aws.imagebuilder.images + x-cfn-schema-name: Image + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::Image' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::Image' + AND region = 'us-east-1' + image: + name: image + id: aws.imagebuilder.image + x-cfn-schema-name: Image + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ImageTestsConfiguration') as image_tests_configuration, + JSON_EXTRACT(Properties, '$.ImageRecipeArn') as image_recipe_arn, + JSON_EXTRACT(Properties, '$.ContainerRecipeArn') as container_recipe_arn, + JSON_EXTRACT(Properties, '$.DistributionConfigurationArn') as distribution_configuration_arn, + JSON_EXTRACT(Properties, '$.InfrastructureConfigurationArn') as infrastructure_configuration_arn, + JSON_EXTRACT(Properties, '$.Workflows') as workflows, + JSON_EXTRACT(Properties, '$.ImageId') as image_id, + JSON_EXTRACT(Properties, '$.ImageUri') as image_uri, + JSON_EXTRACT(Properties, '$.EnhancedImageMetadataEnabled') as enhanced_image_metadata_enabled, + JSON_EXTRACT(Properties, '$.ImageScanningConfiguration') as image_scanning_configuration, + JSON_EXTRACT(Properties, '$.ExecutionRole') as execution_role, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::Image' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ImageTestsConfiguration') as image_tests_configuration, + json_extract_path_text(Properties, 'ImageRecipeArn') as image_recipe_arn, + json_extract_path_text(Properties, 'ContainerRecipeArn') as container_recipe_arn, + json_extract_path_text(Properties, 'DistributionConfigurationArn') as distribution_configuration_arn, + json_extract_path_text(Properties, 'InfrastructureConfigurationArn') as infrastructure_configuration_arn, + json_extract_path_text(Properties, 'Workflows') as workflows, + json_extract_path_text(Properties, 'ImageId') as image_id, + json_extract_path_text(Properties, 'ImageUri') as image_uri, + json_extract_path_text(Properties, 'EnhancedImageMetadataEnabled') as enhanced_image_metadata_enabled, + json_extract_path_text(Properties, 'ImageScanningConfiguration') as image_scanning_configuration, + json_extract_path_text(Properties, 'ExecutionRole') as execution_role, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::Image' + AND data__Identifier = '' + AND region = 'us-east-1' + image_pipelines: + name: image_pipelines + id: aws.imagebuilder.image_pipelines + x-cfn-schema-name: ImagePipeline + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::ImagePipeline' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::ImagePipeline' + AND region = 'us-east-1' + image_pipeline: + name: image_pipeline + id: aws.imagebuilder.image_pipeline + x-cfn-schema-name: ImagePipeline + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ImageTestsConfiguration') as image_tests_configuration, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Schedule') as schedule, + JSON_EXTRACT(Properties, '$.ImageRecipeArn') as image_recipe_arn, + JSON_EXTRACT(Properties, '$.ContainerRecipeArn') as container_recipe_arn, + JSON_EXTRACT(Properties, '$.DistributionConfigurationArn') as distribution_configuration_arn, + JSON_EXTRACT(Properties, '$.InfrastructureConfigurationArn') as infrastructure_configuration_arn, + JSON_EXTRACT(Properties, '$.Workflows') as workflows, + JSON_EXTRACT(Properties, '$.EnhancedImageMetadataEnabled') as enhanced_image_metadata_enabled, + JSON_EXTRACT(Properties, '$.ImageScanningConfiguration') as image_scanning_configuration, + JSON_EXTRACT(Properties, '$.ExecutionRole') as execution_role, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::ImagePipeline' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ImageTestsConfiguration') as image_tests_configuration, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Schedule') as schedule, + json_extract_path_text(Properties, 'ImageRecipeArn') as image_recipe_arn, + json_extract_path_text(Properties, 'ContainerRecipeArn') as container_recipe_arn, + json_extract_path_text(Properties, 'DistributionConfigurationArn') as distribution_configuration_arn, + json_extract_path_text(Properties, 'InfrastructureConfigurationArn') as infrastructure_configuration_arn, + json_extract_path_text(Properties, 'Workflows') as workflows, + json_extract_path_text(Properties, 'EnhancedImageMetadataEnabled') as enhanced_image_metadata_enabled, + json_extract_path_text(Properties, 'ImageScanningConfiguration') as image_scanning_configuration, + json_extract_path_text(Properties, 'ExecutionRole') as execution_role, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::ImagePipeline' + AND data__Identifier = '' + AND region = 'us-east-1' + image_recipes: + name: image_recipes + id: aws.imagebuilder.image_recipes + x-cfn-schema-name: ImageRecipe + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::ImageRecipe' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::ImageRecipe' + AND region = 'us-east-1' + image_recipe: + name: image_recipe + id: aws.imagebuilder.image_recipe + x-cfn-schema-name: ImageRecipe + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.Components') as components, + JSON_EXTRACT(Properties, '$.BlockDeviceMappings') as block_device_mappings, + JSON_EXTRACT(Properties, '$.ParentImage') as parent_image, + JSON_EXTRACT(Properties, '$.WorkingDirectory') as working_directory, + JSON_EXTRACT(Properties, '$.AdditionalInstanceConfiguration') as additional_instance_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::ImageRecipe' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'Components') as components, + json_extract_path_text(Properties, 'BlockDeviceMappings') as block_device_mappings, + json_extract_path_text(Properties, 'ParentImage') as parent_image, + json_extract_path_text(Properties, 'WorkingDirectory') as working_directory, + json_extract_path_text(Properties, 'AdditionalInstanceConfiguration') as additional_instance_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::ImageRecipe' + AND data__Identifier = '' + AND region = 'us-east-1' + infrastructure_configurations: + name: infrastructure_configurations + id: aws.imagebuilder.infrastructure_configurations + x-cfn-schema-name: InfrastructureConfiguration + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::InfrastructureConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::InfrastructureConfiguration' + AND region = 'us-east-1' + infrastructure_configuration: + name: infrastructure_configuration + id: aws.imagebuilder.infrastructure_configuration + x-cfn-schema-name: InfrastructureConfiguration + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.InstanceTypes') as instance_types, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.Logging') as logging, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(Properties, '$.KeyPair') as key_pair, + JSON_EXTRACT(Properties, '$.TerminateInstanceOnFailure') as terminate_instance_on_failure, + JSON_EXTRACT(Properties, '$.InstanceProfileName') as instance_profile_name, + JSON_EXTRACT(Properties, '$.InstanceMetadataOptions') as instance_metadata_options, + JSON_EXTRACT(Properties, '$.SnsTopicArn') as sns_topic_arn, + JSON_EXTRACT(Properties, '$.ResourceTags') as resource_tags, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::InfrastructureConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'InstanceTypes') as instance_types, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'Logging') as logging, + json_extract_path_text(Properties, 'SubnetId') as subnet_id, + json_extract_path_text(Properties, 'KeyPair') as key_pair, + json_extract_path_text(Properties, 'TerminateInstanceOnFailure') as terminate_instance_on_failure, + json_extract_path_text(Properties, 'InstanceProfileName') as instance_profile_name, + json_extract_path_text(Properties, 'InstanceMetadataOptions') as instance_metadata_options, + json_extract_path_text(Properties, 'SnsTopicArn') as sns_topic_arn, + json_extract_path_text(Properties, 'ResourceTags') as resource_tags, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::InfrastructureConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + lifecycle_policies: + name: lifecycle_policies + id: aws.imagebuilder.lifecycle_policies + x-cfn-schema-name: LifecyclePolicy + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::LifecyclePolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::LifecyclePolicy' + AND region = 'us-east-1' + lifecycle_policy: + name: lifecycle_policy + id: aws.imagebuilder.lifecycle_policy + x-cfn-schema-name: LifecyclePolicy + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.ExecutionRole') as execution_role, + JSON_EXTRACT(Properties, '$.ResourceType') as resource_type, + JSON_EXTRACT(Properties, '$.PolicyDetails') as policy_details, + JSON_EXTRACT(Properties, '$.ResourceSelection') as resource_selection, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::LifecyclePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'ExecutionRole') as execution_role, + json_extract_path_text(Properties, 'ResourceType') as resource_type, + json_extract_path_text(Properties, 'PolicyDetails') as policy_details, + json_extract_path_text(Properties, 'ResourceSelection') as resource_selection, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::LifecyclePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + workflows: + name: workflows + id: aws.imagebuilder.workflows + x-cfn-schema-name: Workflow + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::Workflow' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ImageBuilder::Workflow' + AND region = 'us-east-1' + workflow: + name: workflow + id: aws.imagebuilder.workflow + x-cfn-schema-name: Workflow + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ChangeDescription') as change_description, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Data') as data, + JSON_EXTRACT(Properties, '$.Uri') as uri, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::Workflow' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ChangeDescription') as change_description, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Data') as data, + json_extract_path_text(Properties, 'Uri') as uri, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::Workflow' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/inspector.yaml b/providers/src/aws/v00.00.00000/services/inspector.yaml new file mode 100644 index 00000000..8cfd8ef5 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/inspector.yaml @@ -0,0 +1,287 @@ +openapi: 3.0.0 +info: + title: Inspector + version: 1.0.0 +paths: {} +components: + schemas: + AssessmentTarget: + type: object + properties: + Arn: + type: string + AssessmentTargetName: + type: string + ResourceGroupArn: + type: string + x-stackql-resource-name: assessment_target + description: Resource Type definition for AWS::Inspector::AssessmentTarget + x-type-name: AWS::Inspector::AssessmentTarget + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - AssessmentTargetName + x-read-only-properties: + - Arn + x-required-permissions: + create: + - inspector:CreateAssessmentTarget + - inspector:ListAssessmentTargets + - inspector:DescribeAssessmentTargets + update: + - inspector:DescribeAssessmentTargets + - inspector:UpdateAssessmentTarget + read: + - inspector:DescribeAssessmentTargets + delete: + - inspector:DeleteAssessmentTarget + list: + - inspector:ListAssessmentTargets + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + Value: + type: string + required: + - Value + - Key + AssessmentTemplate: + type: object + properties: + Arn: + type: string + AssessmentTargetArn: + type: string + DurationInSeconds: + type: integer + AssessmentTemplateName: + type: string + RulesPackageArns: + type: array + uniqueItems: false + items: + type: string + UserAttributesForFindings: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + required: + - AssessmentTargetArn + - DurationInSeconds + - RulesPackageArns + x-stackql-resource-name: assessment_template + description: Resource Type definition for AWS::Inspector::AssessmentTemplate + x-type-name: AWS::Inspector::AssessmentTemplate + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - DurationInSeconds + - AssessmentTemplateName + - UserAttributesForFindings + - AssessmentTargetArn + - RulesPackageArns + x-read-only-properties: + - Arn + x-required-properties: + - AssessmentTargetArn + - DurationInSeconds + - RulesPackageArns + x-required-permissions: + create: + - inspector:CreateAssessmentTemplate + - inspector:ListAssessmentTemplates + - inspector:DescribeAssessmentTemplates + read: + - inspector:DescribeAssessmentTemplates + delete: + - inspector:DeleteAssessmentTemplate + list: + - inspector:ListAssessmentTemplates + ResourceGroup: + type: object + properties: + Arn: + type: string + ResourceGroupTags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + required: + - ResourceGroupTags + x-stackql-resource-name: resource_group + description: Resource Type definition for AWS::Inspector::ResourceGroup + x-type-name: AWS::Inspector::ResourceGroup + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - ResourceGroupTags + x-read-only-properties: + - Arn + x-required-properties: + - ResourceGroupTags + x-required-permissions: + create: + - inspector:CreateResourceGroup + read: + - inspector:CreateResourceGroup + delete: + - inspector:CreateResourceGroup + x-stackQL-resources: + assessment_targets: + name: assessment_targets + id: aws.inspector.assessment_targets + x-cfn-schema-name: AssessmentTarget + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Inspector::AssessmentTarget' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Inspector::AssessmentTarget' + AND region = 'us-east-1' + assessment_target: + name: assessment_target + id: aws.inspector.assessment_target + x-cfn-schema-name: AssessmentTarget + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AssessmentTargetName') as assessment_target_name, + JSON_EXTRACT(Properties, '$.ResourceGroupArn') as resource_group_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Inspector::AssessmentTarget' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AssessmentTargetName') as assessment_target_name, + json_extract_path_text(Properties, 'ResourceGroupArn') as resource_group_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Inspector::AssessmentTarget' + AND data__Identifier = '' + AND region = 'us-east-1' + assessment_templates: + name: assessment_templates + id: aws.inspector.assessment_templates + x-cfn-schema-name: AssessmentTemplate + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Inspector::AssessmentTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Inspector::AssessmentTemplate' + AND region = 'us-east-1' + assessment_template: + name: assessment_template + id: aws.inspector.assessment_template + x-cfn-schema-name: AssessmentTemplate + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AssessmentTargetArn') as assessment_target_arn, + JSON_EXTRACT(Properties, '$.DurationInSeconds') as duration_in_seconds, + JSON_EXTRACT(Properties, '$.AssessmentTemplateName') as assessment_template_name, + JSON_EXTRACT(Properties, '$.RulesPackageArns') as rules_package_arns, + JSON_EXTRACT(Properties, '$.UserAttributesForFindings') as user_attributes_for_findings + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Inspector::AssessmentTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AssessmentTargetArn') as assessment_target_arn, + json_extract_path_text(Properties, 'DurationInSeconds') as duration_in_seconds, + json_extract_path_text(Properties, 'AssessmentTemplateName') as assessment_template_name, + json_extract_path_text(Properties, 'RulesPackageArns') as rules_package_arns, + json_extract_path_text(Properties, 'UserAttributesForFindings') as user_attributes_for_findings + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Inspector::AssessmentTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + resource_group: + name: resource_group + id: aws.inspector.resource_group + x-cfn-schema-name: ResourceGroup + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ResourceGroupTags') as resource_group_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Inspector::ResourceGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ResourceGroupTags') as resource_group_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Inspector::ResourceGroup' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/inspectorv2.yaml b/providers/src/aws/v00.00.00000/services/inspectorv2.yaml new file mode 100644 index 00000000..b6d792a8 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/inspectorv2.yaml @@ -0,0 +1,558 @@ +openapi: 3.0.0 +info: + title: InspectorV2 + version: 1.0.0 +paths: {} +components: + schemas: + CisSecurityLevel: + type: string + enum: + - LEVEL_1 + - LEVEL_2 + Schedule: + description: Choose a Schedule cadence + properties: + OneTime: + $ref: '#/components/schemas/OneTimeSchedule' + Daily: + $ref: '#/components/schemas/DailySchedule' + Weekly: + $ref: '#/components/schemas/WeeklySchedule' + Monthly: + $ref: '#/components/schemas/MonthlySchedule' + OneTimeSchedule: + type: object + DailySchedule: + type: object + properties: + StartTime: + $ref: '#/components/schemas/Time' + required: + - StartTime + additionalProperties: false + WeeklySchedule: + type: object + properties: + StartTime: + $ref: '#/components/schemas/Time' + Days: + $ref: '#/components/schemas/DaysList' + required: + - StartTime + - Days + additionalProperties: false + MonthlySchedule: + type: object + properties: + StartTime: + $ref: '#/components/schemas/Time' + Day: + $ref: '#/components/schemas/Day' + required: + - StartTime + - Day + additionalProperties: false + Time: + type: object + properties: + TimeOfDay: + type: string + pattern: ^([0-1]?[0-9]|2[0-3]):[0-5][0-9]$ + TimeZone: + type: string + required: + - TimeOfDay + - TimeZone + additionalProperties: false + DaysList: + type: array + minItems: 1 + maxItems: 7 + items: + $ref: '#/components/schemas/Day' + uniqueItems: true + Day: + type: string + enum: + - MON + - TUE + - WED + - THU + - FRI + - SAT + - SUN + CisTargets: + properties: + AccountIds: + type: array + minItems: 1 + maxItems: 10000 + items: + type: string + pattern: ^\d{12}|ALL_MEMBERS|SELF$ + uniqueItems: true + TargetResourceTags: + $ref: '#/components/schemas/TargetResourceTags' + additionalProperties: false + required: + - AccountIds + TargetResourceTags: + x-patternProperties: + ^.+$: + $ref: '#/components/schemas/TagValueList' + maxProperties: 5 + additionalProperties: false + TagValueList: + type: array + minItems: 1 + maxItems: 5 + items: + type: string + uniqueItems: true + CisTagMap: + type: object + x-patternProperties: + ^.{2,127}$: + type: string + pattern: ^.{1,255}$ + additionalProperties: false + CisScanConfiguration: + type: object + properties: + ScanName: + description: Name of the scan + type: string + minLength: 1 + SecurityLevel: + $ref: '#/components/schemas/CisSecurityLevel' + Schedule: + $ref: '#/components/schemas/Schedule' + Targets: + $ref: '#/components/schemas/CisTargets' + Arn: + type: string + description: CIS Scan configuration unique identifier + Tags: + $ref: '#/components/schemas/CisTagMap' + x-stackql-resource-name: cis_scan_configuration + description: CIS Scan Configuration resource schema + x-type-name: AWS::InspectorV2::CisScanConfiguration + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - inspector2:CreateCisScanConfiguration + - inspector2:ListCisScanConfigurations + - inspector2:TagResource + read: + - inspector2:ListCisScanConfigurations + - inspector2:ListTagsForResource + update: + - inspector2:ListCisScanConfigurations + - inspector2:UpdateCisScanConfiguration + - inspector2:TagResource + - inspector2:UntagResource + - inspector2:ListTagsForResource + delete: + - inspector2:ListCisScanConfigurations + - inspector2:DeleteCisScanConfiguration + - inspector2:UntagResource + list: + - inspector2:ListCisScanConfigurations + - inspector2:ListTagsForResource + StringComparison: + type: string + enum: + - EQUALS + - PREFIX + - NOT_EQUALS + StringInput: + type: string + maxLength: 1024 + minLength: 1 + StringFilter: + type: object + required: + - Comparison + - Value + properties: + Comparison: + $ref: '#/components/schemas/StringComparison' + Value: + $ref: '#/components/schemas/StringInput' + additionalProperties: false + StringFilterList: + type: array + items: + $ref: '#/components/schemas/StringFilter' + x-insertionOrder: false + maxItems: 10 + minItems: 1 + Timestamp: + type: integer + format: int64 + DateFilter: + type: object + properties: + EndInclusive: + $ref: '#/components/schemas/Timestamp' + StartInclusive: + $ref: '#/components/schemas/Timestamp' + additionalProperties: false + DateFilterList: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/DateFilter' + maxItems: 10 + minItems: 1 + Port: + type: integer + maximum: 65535 + minimum: 0 + PortRangeFilter: + type: object + properties: + BeginInclusive: + $ref: '#/components/schemas/Port' + EndInclusive: + $ref: '#/components/schemas/Port' + additionalProperties: false + PortRangeFilterList: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/PortRangeFilter' + maxItems: 10 + minItems: 1 + NumberFilter: + type: object + properties: + LowerInclusive: + type: number + UpperInclusive: + type: number + additionalProperties: false + NumberFilterList: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/NumberFilter' + maxItems: 10 + minItems: 1 + MapComparison: + type: string + enum: + - EQUALS + MapFilter: + type: object + required: + - Comparison + properties: + Comparison: + $ref: '#/components/schemas/MapComparison' + Key: + $ref: '#/components/schemas/MapKey' + Value: + $ref: '#/components/schemas/MapValue' + additionalProperties: false + MapFilterList: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/MapFilter' + maxItems: 10 + minItems: 1 + PackageFilter: + type: object + additionalProperties: false + properties: + Architecture: + $ref: '#/components/schemas/StringFilter' + Epoch: + $ref: '#/components/schemas/NumberFilter' + Name: + $ref: '#/components/schemas/StringFilter' + Release: + $ref: '#/components/schemas/StringFilter' + SourceLayerHash: + $ref: '#/components/schemas/StringFilter' + Version: + $ref: '#/components/schemas/StringFilter' + PackageFilterList: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/PackageFilter' + maxItems: 10 + minItems: 1 + FilterCriteria: + type: object + additionalProperties: false + properties: + AwsAccountId: + $ref: '#/components/schemas/StringFilterList' + ComponentId: + $ref: '#/components/schemas/StringFilterList' + ComponentType: + $ref: '#/components/schemas/StringFilterList' + Ec2InstanceImageId: + $ref: '#/components/schemas/StringFilterList' + Ec2InstanceSubnetId: + $ref: '#/components/schemas/StringFilterList' + Ec2InstanceVpcId: + $ref: '#/components/schemas/StringFilterList' + EcrImageArchitecture: + $ref: '#/components/schemas/StringFilterList' + EcrImageHash: + $ref: '#/components/schemas/StringFilterList' + EcrImageTags: + $ref: '#/components/schemas/StringFilterList' + EcrImagePushedAt: + $ref: '#/components/schemas/DateFilterList' + EcrImageRegistry: + $ref: '#/components/schemas/StringFilterList' + EcrImageRepositoryName: + $ref: '#/components/schemas/StringFilterList' + FindingArn: + $ref: '#/components/schemas/StringFilterList' + FindingStatus: + $ref: '#/components/schemas/StringFilterList' + FindingType: + $ref: '#/components/schemas/StringFilterList' + FirstObservedAt: + $ref: '#/components/schemas/DateFilterList' + InspectorScore: + $ref: '#/components/schemas/NumberFilterList' + LastObservedAt: + $ref: '#/components/schemas/DateFilterList' + NetworkProtocol: + $ref: '#/components/schemas/StringFilterList' + PortRange: + $ref: '#/components/schemas/PortRangeFilterList' + RelatedVulnerabilities: + $ref: '#/components/schemas/StringFilterList' + ResourceId: + $ref: '#/components/schemas/StringFilterList' + ResourceTags: + $ref: '#/components/schemas/MapFilterList' + ResourceType: + $ref: '#/components/schemas/StringFilterList' + Severity: + $ref: '#/components/schemas/StringFilterList' + Title: + $ref: '#/components/schemas/StringFilterList' + UpdatedAt: + $ref: '#/components/schemas/DateFilterList' + VendorSeverity: + $ref: '#/components/schemas/StringFilterList' + VulnerabilityId: + $ref: '#/components/schemas/StringFilterList' + VulnerabilitySource: + $ref: '#/components/schemas/StringFilterList' + VulnerablePackages: + $ref: '#/components/schemas/PackageFilterList' + FilterAction: + type: string + enum: + - NONE + - SUPPRESS + MapKey: + type: string + maxLength: 128 + minLength: 1 + MapValue: + type: string + maxLength: 256 + minLength: 0 + Filter: + type: object + properties: + Name: + description: Findings filter name. + type: string + maxLength: 128 + minLength: 1 + Description: + description: Findings filter description. + type: string + maxLength: 512 + minLength: 1 + FilterCriteria: + description: Findings filter criteria. + $ref: '#/components/schemas/FilterCriteria' + FilterAction: + description: Findings filter action. + $ref: '#/components/schemas/FilterAction' + Arn: + description: Findings filter ARN. + type: string + maxLength: 128 + minLength: 1 + required: + - Name + - FilterCriteria + - FilterAction + x-stackql-resource-name: filter + description: Inspector Filter resource schema + x-type-name: AWS::InspectorV2::Filter + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + x-required-properties: + - Name + - FilterCriteria + - FilterAction + x-tagging: + taggable: false + x-required-permissions: + create: + - inspector2:CreateFilter + - inspector2:ListFilters + read: + - inspector2:ListFilters + update: + - inspector2:ListFilters + - inspector2:UpdateFilter + delete: + - inspector2:DeleteFilter + - inspector2:ListFilters + list: + - inspector2:ListFilters + x-stackQL-resources: + cis_scan_configurations: + name: cis_scan_configurations + id: aws.inspectorv2.cis_scan_configurations + x-cfn-schema-name: CisScanConfiguration + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::InspectorV2::CisScanConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::InspectorV2::CisScanConfiguration' + AND region = 'us-east-1' + cis_scan_configuration: + name: cis_scan_configuration + id: aws.inspectorv2.cis_scan_configuration + x-cfn-schema-name: CisScanConfiguration + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ScanName') as scan_name, + JSON_EXTRACT(Properties, '$.SecurityLevel') as security_level, + JSON_EXTRACT(Properties, '$.Schedule') as schedule, + JSON_EXTRACT(Properties, '$.Targets') as targets, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::InspectorV2::CisScanConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ScanName') as scan_name, + json_extract_path_text(Properties, 'SecurityLevel') as security_level, + json_extract_path_text(Properties, 'Schedule') as schedule, + json_extract_path_text(Properties, 'Targets') as targets, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::InspectorV2::CisScanConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + filters: + name: filters + id: aws.inspectorv2.filters + x-cfn-schema-name: Filter + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::InspectorV2::Filter' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::InspectorV2::Filter' + AND region = 'us-east-1' + filter: + name: filter + id: aws.inspectorv2.filter + x-cfn-schema-name: Filter + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.FilterCriteria') as filter_criteria, + JSON_EXTRACT(Properties, '$.FilterAction') as filter_action, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::InspectorV2::Filter' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'FilterCriteria') as filter_criteria, + json_extract_path_text(Properties, 'FilterAction') as filter_action, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::InspectorV2::Filter' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/internetmonitor.yaml b/providers/src/aws/v00.00.00000/services/internetmonitor.yaml new file mode 100644 index 00000000..7767e000 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/internetmonitor.yaml @@ -0,0 +1,313 @@ +openapi: 3.0.0 +info: + title: InternetMonitor + version: 1.0.0 +paths: {} +components: + schemas: + MonitorConfigState: + type: string + enum: + - PENDING + - ACTIVE + - INACTIVE + - ERROR + MonitorProcessingStatusCode: + type: string + enum: + - OK + - INACTIVE + - COLLECTING_DATA + - INSUFFICIENT_DATA + - FAULT_SERVICE + - FAULT_ACCESS_CLOUDWATCH + Tag: + description: The metadata that you apply to the cluster to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. + type: object + properties: + Key: + type: string + Value: + type: string + additionalProperties: false + iso8601UTC: + description: The date value in ISO 8601 format. The timezone is always UTC. (YYYY-MM-DDThh:mm:ssZ) + type: string + pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$ + InternetMeasurementsLogDelivery: + type: object + properties: + S3Config: + $ref: '#/components/schemas/S3Config' + additionalProperties: false + S3Config: + type: object + properties: + BucketName: + type: string + minLength: 3 + BucketPrefix: + type: string + LogDeliveryStatus: + type: string + enum: + - ENABLED + - DISABLED + additionalProperties: false + HealthEventsConfig: + type: object + properties: + AvailabilityScoreThreshold: + type: number + minimum: 0 + maximum: 100 + PerformanceScoreThreshold: + type: number + minimum: 0 + maximum: 100 + AvailabilityLocalHealthEventsConfig: + $ref: '#/components/schemas/LocalHealthEventsConfig' + PerformanceLocalHealthEventsConfig: + $ref: '#/components/schemas/LocalHealthEventsConfig' + additionalProperties: false + LocalHealthEventsConfig: + type: object + properties: + Status: + type: string + enum: + - ENABLED + - DISABLED + HealthScoreThreshold: + type: number + minimum: 0 + maximum: 100 + MinTrafficImpact: + type: number + minimum: 0 + maximum: 100 + additionalProperties: false + Monitor: + type: object + properties: + CreatedAt: + $ref: '#/components/schemas/iso8601UTC' + ModifiedAt: + $ref: '#/components/schemas/iso8601UTC' + MonitorArn: + type: string + maxLength: 512 + minLength: 20 + pattern: ^arn:.* + MonitorName: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9_.-]+$ + LinkedAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^(\d{12})$ + IncludeLinkedAccounts: + type: boolean + ProcessingStatus: + $ref: '#/components/schemas/MonitorProcessingStatusCode' + ProcessingStatusInfo: + type: string + Resources: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:.* + ResourcesToAdd: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 2048 + minLength: 20 + ResourcesToRemove: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 2048 + minLength: 20 + Status: + $ref: '#/components/schemas/MonitorConfigState' + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + MaxCityNetworksToMonitor: + type: integer + minimum: 1 + maximum: 500000 + TrafficPercentageToMonitor: + type: integer + minimum: 1 + maximum: 100 + InternetMeasurementsLogDelivery: + $ref: '#/components/schemas/InternetMeasurementsLogDelivery' + HealthEventsConfig: + $ref: '#/components/schemas/HealthEventsConfig' + required: + - MonitorName + x-stackql-resource-name: monitor + description: Represents a monitor, which defines the monitoring boundaries for measurements that Internet Monitor publishes information about for an application + x-type-name: AWS::InternetMonitor::Monitor + x-stackql-primary-identifier: + - MonitorName + x-create-only-properties: + - MonitorName + x-write-only-properties: + - ResourcesToAdd + - ResourcesToRemove + - LinkedAccountId + - IncludeLinkedAccounts + x-read-only-properties: + - CreatedAt + - ModifiedAt + - MonitorArn + - ProcessingStatus + - ProcessingStatusInfo + x-required-properties: + - MonitorName + x-tagging: + taggable: true + tagOnCreate: false + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - internetmonitor:CreateMonitor + - internetmonitor:GetMonitor + - internetmonitor:TagResource + - internetmonitor:UntagResource + - logs:CreateLogDelivery + - logs:GetLogDelivery + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - s3:ListBucket + - iam:PassRole + read: + - internetmonitor:GetMonitor + - internetmonitor:ListTagsForResource + - logs:GetLogDelivery + update: + - internetmonitor:CreateMonitor + - internetmonitor:GetMonitor + - internetmonitor:UpdateMonitor + - internetmonitor:TagResource + - internetmonitor:UntagResource + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - s3:ListBucket + - iam:PassRole + delete: + - internetmonitor:UpdateMonitor + - internetmonitor:DeleteMonitor + - internetmonitor:GetMonitor + - logs:DeleteLogDelivery + list: + - internetmonitor:ListMonitors + - internetmonitor:GetMonitor + - logs:GetLogDelivery + x-stackQL-resources: + monitors: + name: monitors + id: aws.internetmonitor.monitors + x-cfn-schema-name: Monitor + x-type: list + x-identifiers: + - MonitorName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.MonitorName') as monitor_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::InternetMonitor::Monitor' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'MonitorName') as monitor_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::InternetMonitor::Monitor' + AND region = 'us-east-1' + monitor: + name: monitor + id: aws.internetmonitor.monitor + x-cfn-schema-name: Monitor + x-type: get + x-identifiers: + - MonitorName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.MonitorArn') as monitor_arn, + JSON_EXTRACT(Properties, '$.MonitorName') as monitor_name, + JSON_EXTRACT(Properties, '$.LinkedAccountId') as linked_account_id, + JSON_EXTRACT(Properties, '$.IncludeLinkedAccounts') as include_linked_accounts, + JSON_EXTRACT(Properties, '$.ProcessingStatus') as processing_status, + JSON_EXTRACT(Properties, '$.ProcessingStatusInfo') as processing_status_info, + JSON_EXTRACT(Properties, '$.Resources') as resources, + JSON_EXTRACT(Properties, '$.ResourcesToAdd') as resources_to_add, + JSON_EXTRACT(Properties, '$.ResourcesToRemove') as resources_to_remove, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.MaxCityNetworksToMonitor') as max_city_networks_to_monitor, + JSON_EXTRACT(Properties, '$.TrafficPercentageToMonitor') as traffic_percentage_to_monitor, + JSON_EXTRACT(Properties, '$.InternetMeasurementsLogDelivery') as internet_measurements_log_delivery, + JSON_EXTRACT(Properties, '$.HealthEventsConfig') as health_events_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::InternetMonitor::Monitor' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'MonitorArn') as monitor_arn, + json_extract_path_text(Properties, 'MonitorName') as monitor_name, + json_extract_path_text(Properties, 'LinkedAccountId') as linked_account_id, + json_extract_path_text(Properties, 'IncludeLinkedAccounts') as include_linked_accounts, + json_extract_path_text(Properties, 'ProcessingStatus') as processing_status, + json_extract_path_text(Properties, 'ProcessingStatusInfo') as processing_status_info, + json_extract_path_text(Properties, 'Resources') as resources, + json_extract_path_text(Properties, 'ResourcesToAdd') as resources_to_add, + json_extract_path_text(Properties, 'ResourcesToRemove') as resources_to_remove, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'MaxCityNetworksToMonitor') as max_city_networks_to_monitor, + json_extract_path_text(Properties, 'TrafficPercentageToMonitor') as traffic_percentage_to_monitor, + json_extract_path_text(Properties, 'InternetMeasurementsLogDelivery') as internet_measurements_log_delivery, + json_extract_path_text(Properties, 'HealthEventsConfig') as health_events_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::InternetMonitor::Monitor' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/iot.yaml b/providers/src/aws/v00.00.00000/services/iot.yaml new file mode 100644 index 00000000..4a89106c --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/iot.yaml @@ -0,0 +1,4958 @@ +openapi: 3.0.0 +info: + title: IoT + version: 1.0.0 +paths: {} +components: + schemas: + AuditCheckConfigurations: + description: Specifies which audit checks are enabled and disabled for this account. + type: object + properties: + AuthenticatedCognitoRoleOverlyPermissiveCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + CaCertificateExpiringCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + CaCertificateKeyQualityCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + ConflictingClientIdsCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + DeviceCertificateExpiringCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + DeviceCertificateKeyQualityCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + DeviceCertificateSharedCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + IotPolicyOverlyPermissiveCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + IotRoleAliasAllowsAccessToUnusedServicesCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + IotRoleAliasOverlyPermissiveCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + LoggingDisabledCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + RevokedCaCertificateStillActiveCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + RevokedDeviceCertificateStillActiveCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + UnauthenticatedCognitoRoleOverlyPermissiveCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + IntermediateCaRevokedForActiveDeviceCertificatesCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + IoTPolicyPotentialMisConfigurationCheck: + $ref: '#/components/schemas/AuditCheckConfiguration' + additionalProperties: false + AuditNotificationTargetConfigurations: + description: Information about the targets to which audit notifications are sent. + type: object + properties: + Sns: + $ref: '#/components/schemas/AuditNotificationTarget' + additionalProperties: false + AuditCheckConfiguration: + description: The configuration for a specific audit check. + type: object + properties: + Enabled: + description: True if the check is enabled. + type: boolean + additionalProperties: false + AuditNotificationTarget: + type: object + properties: + TargetArn: + description: The ARN of the target (SNS topic) to which audit notifications are sent. + type: string + maxLength: 2048 + RoleArn: + description: The ARN of the role that grants permission to send notifications to the target. + type: string + minLength: 20 + maxLength: 2048 + Enabled: + description: True if notifications to the target are enabled. + type: boolean + additionalProperties: false + AccountAuditConfiguration: + type: object + properties: + AccountId: + description: Your 12-digit account ID (used as the primary identifier for the CloudFormation resource). + type: string + minLength: 12 + maxLength: 12 + AuditCheckConfigurations: + $ref: '#/components/schemas/AuditCheckConfigurations' + AuditNotificationTargetConfigurations: + $ref: '#/components/schemas/AuditNotificationTargetConfigurations' + RoleArn: + description: The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as required when performing an audit. + type: string + minLength: 20 + maxLength: 2048 + required: + - AccountId + - AuditCheckConfigurations + - RoleArn + x-stackql-resource-name: account_audit_configuration + description: Configures the Device Defender audit settings for this account. Settings include how audit notifications are sent and which audit checks are enabled or disabled. + x-type-name: AWS::IoT::AccountAuditConfiguration + x-stackql-primary-identifier: + - AccountId + x-create-only-properties: + - AccountId + x-required-properties: + - AccountId + - AuditCheckConfigurations + - RoleArn + x-tagging: + taggable: false + x-required-permissions: + create: + - iot:UpdateAccountAuditConfiguration + - iot:DescribeAccountAuditConfiguration + - iam:PassRole + read: + - iot:DescribeAccountAuditConfiguration + update: + - iot:UpdateAccountAuditConfiguration + - iot:DescribeAccountAuditConfiguration + - iam:PassRole + delete: + - iot:DescribeAccountAuditConfiguration + - iot:DeleteAccountAuditConfiguration + list: + - iot:DescribeAccountAuditConfiguration + Tag: + type: object + properties: + Key: + type: string + Value: + type: string + additionalProperties: false + required: + - Key + - Value + Authorizer: + type: object + properties: + AuthorizerFunctionArn: + type: string + Arn: + type: string + AuthorizerName: + type: string + pattern: '[\w=,@-]+' + minLength: 1 + maxLength: 128 + SigningDisabled: + type: boolean + Status: + type: string + enum: + - ACTIVE + - INACTIVE + TokenKeyName: + type: string + TokenSigningPublicKeys: + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9:_-]+': + type: string + maxLength: 5120 + EnableCachingForHttp: + type: boolean + Tags: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/Tag' + required: + - AuthorizerFunctionArn + x-stackql-resource-name: authorizer + description: Creates an authorizer. + x-type-name: AWS::IoT::Authorizer + x-stackql-primary-identifier: + - AuthorizerName + x-create-only-properties: + - SigningDisabled + - AuthorizerName + x-read-only-properties: + - Arn + x-required-properties: + - AuthorizerFunctionArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iot:CreateAuthorizer + - iot:DescribeAuthorizer + - iot:TagResource + - iot:ListTagsForResource + read: + - iot:DescribeAuthorizer + - iot:ListTagsForResource + update: + - iot:UpdateAuthorizer + - iot:DescribeAuthorizer + - iot:TagResource + - iot:UntagResource + - iot:ListTagsForResource + delete: + - iot:UpdateAuthorizer + - iot:DeleteAuthorizer + - iot:DescribeAuthorizer + list: + - iot:ListAuthorizers + BillingGroup: + type: object + properties: + Id: + type: string + Arn: + type: string + BillingGroupName: + type: string + pattern: '[a-zA-Z0-9:_-]+' + minLength: 1 + maxLength: 128 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + BillingGroupProperties: + type: object + additionalProperties: false + properties: + BillingGroupDescription: + type: string + maxLength: 2028 + pattern: '[\p{Graph}\x20]*' + x-stackql-resource-name: billing_group + description: Resource Type definition for AWS::IoT::BillingGroup + x-type-name: AWS::IoT::BillingGroup + x-stackql-primary-identifier: + - BillingGroupName + x-create-only-properties: + - BillingGroupName + x-read-only-properties: + - Arn + - Id + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iot:DescribeBillingGroup + - iot:ListTagsForResource + - iot:CreateBillingGroup + - iot:TagResource + delete: + - iot:DescribeBillingGroup + - iot:DeleteBillingGroup + list: + - iot:ListBillingGroups + - iot:ListTagsForResource + read: + - iot:DescribeBillingGroup + - iot:ListTagsForResource + update: + - iot:DescribeBillingGroup + - iot:UpdateBillingGroup + - iot:ListTagsForResource + - iot:TagResource + - iot:UntagResource + RegistrationConfig: + type: object + additionalProperties: false + properties: + TemplateBody: + type: string + pattern: '[\s\S]*' + minLength: 0 + maxLength: 10240 + RoleArn: + type: string + pattern: arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+ + minLength: 20 + maxLength: 2048 + TemplateName: + type: string + pattern: ^[0-9A-Za-z_-]+$ + minLength: 1 + maxLength: 36 + CACertificate: + type: object + properties: + CACertificatePem: + type: string + pattern: '[\s\S]*' + minLength: 1 + maxLength: 65536 + VerificationCertificatePem: + type: string + description: The private key verification certificate. + pattern: '[\s\S]*' + minLength: 1 + maxLength: 65536 + Status: + type: string + enum: + - ACTIVE + - INACTIVE + CertificateMode: + type: string + enum: + - DEFAULT + - SNI_ONLY + AutoRegistrationStatus: + type: string + enum: + - ENABLE + - DISABLE + RemoveAutoRegistration: + type: boolean + RegistrationConfig: + $ref: '#/components/schemas/RegistrationConfig' + Id: + type: string + Arn: + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - CACertificatePem + - Status + x-stackql-resource-name: ca_certificate + description: Registers a CA Certificate in IoT. + x-type-name: AWS::IoT::CACertificate + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - VerificationCertificatePem + - CertificateMode + - CACertificatePem + x-write-only-properties: + - VerificationCertificatePem + - RemoveAutoRegistration + x-read-only-properties: + - Arn + - Id + x-required-properties: + - CACertificatePem + - Status + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:GetRole + - iam:PassRole + - iot:RegisterCACertificate + - iot:DescribeCACertificate + - iot:TagResource + - iot:ListTagsForResource + read: + - iot:DescribeCACertificate + - iot:ListTagsForResource + update: + - iam:GetRole + - iam:PassRole + - iot:UpdateCACertificate + - iot:DescribeCACertificate + - iot:TagResource + - iot:UntagResource + - iot:ListTagsForResource + delete: + - iot:UpdateCACertificate + - iot:DeleteCACertificate + - iot:DescribeCACertificate + list: + - iot:ListCACertificates + Certificate: + type: object + properties: + CACertificatePem: + type: string + minLength: 1 + maxLength: 65536 + CertificatePem: + type: string + minLength: 1 + maxLength: 65536 + CertificateSigningRequest: + type: string + CertificateMode: + type: string + enum: + - DEFAULT + - SNI_ONLY + Status: + type: string + enum: + - ACTIVE + - INACTIVE + - REVOKED + - PENDING_TRANSFER + - PENDING_ACTIVATION + Id: + type: string + Arn: + type: string + required: + - Status + x-stackql-resource-name: certificate + description: Use the AWS::IoT::Certificate resource to declare an AWS IoT X.509 certificate. + x-type-name: AWS::IoT::Certificate + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - CertificateSigningRequest + - CACertificatePem + - CertificatePem + - CertificateMode + x-write-only-properties: + - CertificateSigningRequest + - CACertificatePem + x-read-only-properties: + - Arn + - Id + x-required-properties: + - Status + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - iot:CreateCertificateFromCsr + - iot:RegisterCertificate + - iot:RegisterCertificateWithoutCA + - iot:DescribeCertificate + read: + - iot:DescribeCertificate + update: + - iot:UpdateCertificate + - iot:DescribeCertificate + delete: + - iot:DeleteCertificate + - iot:UpdateCertificate + - iot:DescribeCertificate + list: + - iot:ListCertificates + CertificateProviderOperation: + type: string + enum: + - CreateCertificateFromCsr + CertificateProvider: + type: object + properties: + CertificateProviderName: + type: string + pattern: '[\w=,@-]+' + minLength: 1 + maxLength: 128 + LambdaFunctionArn: + type: string + minLength: 1 + maxLength: 170 + AccountDefaultForOperations: + type: array + minItems: 1 + maxItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/CertificateProviderOperation' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + x-insertionOrder: true + items: + $ref: '#/components/schemas/Tag' + Arn: + type: string + required: + - LambdaFunctionArn + - AccountDefaultForOperations + x-stackql-resource-name: certificate_provider + description: Use the AWS::IoT::CertificateProvider resource to declare an AWS IoT Certificate Provider. + x-type-name: AWS::IoT::CertificateProvider + x-stackql-primary-identifier: + - CertificateProviderName + x-create-only-properties: + - CertificateProviderName + x-read-only-properties: + - Arn + x-required-properties: + - LambdaFunctionArn + - AccountDefaultForOperations + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iot:CreateCertificateProvider + - iot:DescribeCertificateProvider + - iot:TagResource + - iot:ListTagsForResource + read: + - iot:DescribeCertificateProvider + - iot:ListTagsForResource + update: + - iot:UpdateCertificateProvider + - iot:DescribeCertificateProvider + - iot:TagResource + - iot:UntagResource + - iot:ListTagsForResource + delete: + - iot:DeleteCertificateProvider + - iot:DescribeCertificateProvider + list: + - iot:ListCertificateProviders + CustomMetric: + type: object + properties: + MetricName: + description: 'The name of the custom metric. This will be used in the metric report submitted from the device/thing. Shouldn''t begin with aws: . Cannot be updated once defined.' + type: string + pattern: '[a-zA-Z0-9:_-]+' + minLength: 1 + maxLength: 128 + DisplayName: + description: Field represents a friendly name in the console for the custom metric; it doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. Can be updated once defined. + type: string + maxLength: 128 + MetricType: + description: The type of the custom metric. Types include string-list, ip-address-list, number-list, and number. + type: string + enum: + - string-list + - ip-address-list + - number-list + - number + MetricArn: + description: The Amazon Resource Number (ARN) of the custom metric. + type: string + minLength: 20 + maxLength: 2048 + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + required: + - MetricType + x-stackql-resource-name: custom_metric + description: A custom metric published by your devices to Device Defender. + x-type-name: AWS::IoT::CustomMetric + x-stackql-primary-identifier: + - MetricName + x-create-only-properties: + - MetricName + - MetricType + x-read-only-properties: + - MetricArn + x-required-properties: + - MetricType + x-required-permissions: + create: + - iot:CreateCustomMetric + - iot:TagResource + read: + - iot:DescribeCustomMetric + - iot:ListTagsForResource + update: + - iot:UpdateCustomMetric + - iot:ListTagsForResource + - iot:UntagResource + - iot:TagResource + delete: + - iot:DescribeCustomMetric + - iot:DeleteCustomMetric + list: + - iot:ListCustomMetrics + Dimension: + type: object + properties: + Name: + description: A unique identifier for the dimension. + type: string + pattern: '[a-zA-Z0-9:_-]+' + minLength: 1 + maxLength: 128 + Type: + description: Specifies the type of the dimension. + type: string + enum: + - TOPIC_FILTER + StringValues: + description: Specifies the value or list of values for the dimension. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + minLength: 1 + maxLength: 256 + minItems: 1 + maxItems: 5 + Tags: + description: Metadata that can be used to manage the dimension. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Arn: + description: The ARN (Amazon resource name) of the created dimension. + type: string + required: + - Type + - StringValues + x-stackql-resource-name: dimension + description: A dimension can be used to limit the scope of a metric used in a security profile for AWS IoT Device Defender. + x-type-name: AWS::IoT::Dimension + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - Type + x-read-only-properties: + - Arn + x-required-properties: + - Type + - StringValues + x-required-permissions: + create: + - iot:CreateDimension + - iot:TagResource + read: + - iot:DescribeDimension + - iot:ListTagsForResource + update: + - iot:UpdateDimension + - iot:ListTagsForResource + - iot:UntagResource + - iot:TagResource + delete: + - iot:DescribeDimension + - iot:DeleteDimension + list: + - iot:ListDimensions + AuthorizerConfig: + type: object + properties: + AllowAuthorizerOverride: + type: boolean + DefaultAuthorizerName: + type: string + minLength: 1 + maxLength: 128 + pattern: ^[\w=,@-]+$ + additionalProperties: false + ServerCertificateConfig: + type: object + properties: + EnableOCSPCheck: + type: boolean + additionalProperties: false + ServerCertificateSummary: + type: object + properties: + ServerCertificateArn: + type: string + pattern: ^arn:aws(-cn|-us-gov|-iso-b|-iso)?:acm:[a-z]{2}-(gov-|iso-|isob-)?[a-z]{4,9}-\d{1}:\d{12}:certificate/[a-zA-Z0-9/-]+$ + minLength: 1 + maxLength: 2048 + ServerCertificateStatus: + type: string + enum: + - INVALID + - VALID + ServerCertificateStatusDetail: + type: string + additionalProperties: false + TlsConfig: + type: object + properties: + SecurityPolicy: + type: string + maxLength: 128 + additionalProperties: false + DomainConfiguration: + type: object + properties: + DomainConfigurationName: + type: string + minLength: 1 + maxLength: 128 + pattern: ^[\w.-]+$ + AuthorizerConfig: + $ref: '#/components/schemas/AuthorizerConfig' + DomainName: + type: string + minLength: 1 + maxLength: 253 + ServerCertificateArns: + type: array + minItems: 0 + maxItems: 1 + x-insertionOrder: true + items: + type: string + pattern: ^arn:aws(-cn|-us-gov|-iso-b|-iso)?:acm:[a-z]{2}-(gov-|iso-|isob-)?[a-z]{4,9}-\d{1}:\d{12}:certificate/[a-zA-Z0-9/-]+$ + minLength: 1 + maxLength: 2048 + ServiceType: + type: string + enum: + - DATA + - CREDENTIAL_PROVIDER + - JOBS + ValidationCertificateArn: + type: string + pattern: ^arn:aws(-cn|-us-gov|-iso-b|-iso)?:acm:[a-z]{2}-(gov-|iso-|isob-)?[a-z]{4,9}-\d{1}:\d{12}:certificate/[a-zA-Z0-9/-]+$ + Arn: + type: string + DomainConfigurationStatus: + type: string + enum: + - ENABLED + - DISABLED + DomainType: + type: string + enum: + - ENDPOINT + - AWS_MANAGED + - CUSTOMER_MANAGED + ServerCertificateConfig: + $ref: '#/components/schemas/ServerCertificateConfig' + ServerCertificates: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/ServerCertificateSummary' + TlsConfig: + $ref: '#/components/schemas/TlsConfig' + Tags: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/Tag' + required: [] + x-stackql-resource-name: domain_configuration + description: Create and manage a Domain Configuration + x-type-name: AWS::IoT::DomainConfiguration + x-stackql-primary-identifier: + - DomainConfigurationName + x-create-only-properties: + - DomainConfigurationName + - DomainName + - ServiceType + - ValidationCertificateArn + - ServerCertificateArns + x-write-only-properties: + - ValidationCertificateArn + - ServerCertificateArns + x-read-only-properties: + - Arn + - DomainType + - ServerCertificates + x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iot:CreateDomainConfiguration + - iot:UpdateDomainConfiguration + - iot:DescribeDomainConfiguration + - iot:TagResource + - iot:ListTagsForResource + - acm:GetCertificate + read: + - iot:DescribeDomainConfiguration + - iot:ListTagsForResource + update: + - iot:UpdateDomainConfiguration + - iot:DescribeDomainConfiguration + - iot:ListTagsForResource + - iot:TagResource + - iot:UntagResource + delete: + - iot:DescribeDomainConfiguration + - iot:DeleteDomainConfiguration + - iot:UpdateDomainConfiguration + list: + - iot:ListDomainConfigurations + AggregationType: + description: Aggregation types supported by Fleet Indexing + type: object + properties: + Name: + description: Fleet Indexing aggregation type names such as Statistics, Percentiles and Cardinality + type: string + Values: + description: Fleet Indexing aggregation type values + type: array + x-insertionOrder: false + items: + type: string + required: + - Name + - Values + additionalProperties: false + iso8601UTC: + description: The datetime value in ISO 8601 format. The timezone is always UTC. (YYYY-MM-DDThh:mm:ss.sssZ) + type: string + pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$ + FleetMetric: + type: object + properties: + MetricName: + description: The name of the fleet metric + type: string + Description: + description: The description of a fleet metric + type: string + QueryString: + description: The Fleet Indexing query used by a fleet metric + type: string + Period: + description: The period of metric emission in seconds + type: integer + AggregationField: + description: The aggregation field to perform aggregation and metric emission + type: string + QueryVersion: + description: The version of a Fleet Indexing query used by a fleet metric + type: string + IndexName: + description: The index name of a fleet metric + type: string + Unit: + description: The unit of data points emitted by a fleet metric + type: string + AggregationType: + $ref: '#/components/schemas/AggregationType' + MetricArn: + description: The Amazon Resource Number (ARN) of a fleet metric metric + type: string + CreationDate: + description: The creation date of a fleet metric + $ref: '#/components/schemas/iso8601UTC' + LastModifiedDate: + description: The last modified date of a fleet metric + $ref: '#/components/schemas/iso8601UTC' + Version: + description: The version of a fleet metric + type: number + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource + items: + $ref: '#/components/schemas/Tag' + required: + - MetricName + x-stackql-resource-name: fleet_metric + description: An aggregated metric of certain devices in your fleet + x-type-name: AWS::IoT::FleetMetric + x-stackql-primary-identifier: + - MetricName + x-create-only-properties: + - MetricName + x-read-only-properties: + - MetricArn + - CreationDate + - LastModifiedDate + - Version + x-required-properties: + - MetricName + x-taggable: true + x-required-permissions: + create: + - iot:CreateFleetMetric + - iot:DescribeFleetMetric + - iot:TagResource + read: + - iot:DescribeFleetMetric + - iot:ListTagsForResource + update: + - iot:UpdateFleetMetric + - iot:DescribeFleetMetric + - iot:ListTagsForResource + - iot:UntagResource + - iot:TagResource + delete: + - iot:DeleteFleetMetric + - iot:DescribeFleetMetric + list: + - iot:ListFleetMetrics + ExponentialRolloutRate: + description: Allows you to create an exponential rate of rollout for a job. + type: object + properties: + BaseRatePerMinute: + description: The minimum number of things that will be notified of a pending job, per minute at the start of job rollout. This parameter allows you to define the initial rate of rollout. + $ref: '#/components/schemas/BaseRatePerMinute' + IncrementFactor: + description: The exponential factor to increase the rate of rollout for a job. + $ref: '#/components/schemas/IncrementFactor' + RateIncreaseCriteria: + description: The criteria to initiate the increase in rate of rollout for a job. + type: object + $ref: '#/components/schemas/RateIncreaseCriteria' + additionalProperties: false + required: + - BaseRatePerMinute + - IncrementFactor + - RateIncreaseCriteria + BaseRatePerMinute: + type: integer + minimum: 1 + IncrementFactor: + type: number + minimum: 1 + maximum: 5 + RateIncreaseCriteria: + type: object + properties: + NumberOfNotifiedThings: + $ref: '#/components/schemas/NumberOfNotifiedThings' + NumberOfSucceededThings: + $ref: '#/components/schemas/NumberOfSucceededThings' + additionalProperties: false + NumberOfNotifiedThings: + type: integer + minimum: 1 + NumberOfSucceededThings: + type: integer + minimum: 1 + MaximumPerMinute: + type: integer + minimum: 1 + AbortCriteria: + description: The criteria that determine when and how a job abort takes place. + type: object + properties: + Action: + description: The type of job action to take to initiate the job abort. + $ref: '#/components/schemas/Action' + FailureType: + description: The type of job execution failures that can initiate a job abort. + $ref: '#/components/schemas/FailureType' + MinNumberOfExecutedThings: + description: The minimum number of things which must receive job execution notifications before the job can be aborted. + $ref: '#/components/schemas/MinNumberOfExecutedThings' + ThresholdPercentage: + description: The minimum percentage of job execution failures that must occur to initiate the job abort. + $ref: '#/components/schemas/ThresholdPercentage' + additionalProperties: false + required: + - Action + - FailureType + - MinNumberOfExecutedThings + - ThresholdPercentage + Action: + type: object + additionalProperties: false + properties: + CloudwatchAlarm: + $ref: '#/components/schemas/CloudwatchAlarmAction' + CloudwatchLogs: + $ref: '#/components/schemas/CloudwatchLogsAction' + CloudwatchMetric: + $ref: '#/components/schemas/CloudwatchMetricAction' + DynamoDB: + $ref: '#/components/schemas/DynamoDBAction' + DynamoDBv2: + $ref: '#/components/schemas/DynamoDBv2Action' + Elasticsearch: + $ref: '#/components/schemas/ElasticsearchAction' + Firehose: + $ref: '#/components/schemas/FirehoseAction' + Http: + $ref: '#/components/schemas/HttpAction' + IotAnalytics: + $ref: '#/components/schemas/IotAnalyticsAction' + IotEvents: + $ref: '#/components/schemas/IotEventsAction' + IotSiteWise: + $ref: '#/components/schemas/IotSiteWiseAction' + Kafka: + $ref: '#/components/schemas/KafkaAction' + Kinesis: + $ref: '#/components/schemas/KinesisAction' + Lambda: + $ref: '#/components/schemas/LambdaAction' + Location: + $ref: '#/components/schemas/LocationAction' + OpenSearch: + $ref: '#/components/schemas/OpenSearchAction' + Republish: + $ref: '#/components/schemas/RepublishAction' + S3: + $ref: '#/components/schemas/S3Action' + Sns: + $ref: '#/components/schemas/SnsAction' + Sqs: + $ref: '#/components/schemas/SqsAction' + StepFunctions: + $ref: '#/components/schemas/StepFunctionsAction' + Timestream: + $ref: '#/components/schemas/TimestreamAction' + FailureType: + type: string + enum: + - FAILED + - REJECTED + - TIMED_OUT + - ALL + MinNumberOfExecutedThings: + type: integer + minimum: 1 + ThresholdPercentage: + type: number + maximum: 100 + InProgressTimeoutInMinutes: + description: Specifies the amount of time, in minutes, this device has to finish execution of this job. + type: integer + minimum: 1 + maximum: 10080 + RoleArn: + type: string + ExpiresInSec: + description: How number (in seconds) pre-signed URLs are valid. + type: integer + minimum: 60 + maximum: 3600 + RetryCriteria: + description: Specifies how many times a failure type should be retried. + type: object + properties: + NumberOfRetries: + type: integer + minimum: 0 + maximum: 10 + FailureType: + $ref: '#/components/schemas/JobRetryFailureType' + additionalProperties: false + JobRetryFailureType: + type: string + enum: + - FAILED + - TIMED_OUT + - ALL + MaintenanceWindow: + description: Specifies a start time and duration for a scheduled Job. + type: object + properties: + StartTime: + type: string + minLength: 1 + maxLength: 256 + DurationInMinutes: + type: integer + minimum: 1 + maximum: 1430 + additionalProperties: false + DestinationPackageVersion: + description: Specifies target package version ARNs for a software update job. + type: string + minLength: 1 + maxLength: 1600 + JobTemplate: + type: object + properties: + Arn: + type: string + JobArn: + description: Optional for copying a JobTemplate from a pre-existing Job configuration. + type: string + JobTemplateId: + type: string + pattern: '[a-zA-Z0-9_-]+' + minLength: 1 + maxLength: 64 + Description: + description: A description of the Job Template. + type: string + pattern: '[^\p{C}]+' + maxLength: 2028 + Document: + description: The job document. Required if you don't specify a value for documentSource. + type: string + maxLength: 32768 + DocumentSource: + description: An S3 link to the job document to use in the template. Required if you don't specify a value for document. + type: string + minLength: 1 + maxLength: 1350 + TimeoutConfig: + description: Specifies the amount of time each device has to finish its execution of the job. + type: object + properties: + InProgressTimeoutInMinutes: + $ref: '#/components/schemas/InProgressTimeoutInMinutes' + required: + - InProgressTimeoutInMinutes + additionalProperties: false + JobExecutionsRolloutConfig: + description: Allows you to create a staged rollout of a job. + type: object + properties: + ExponentialRolloutRate: + description: The rate of increase for a job rollout. This parameter allows you to define an exponential rate for a job rollout. + $ref: '#/components/schemas/ExponentialRolloutRate' + MaximumPerMinute: + description: The maximum number of things that will be notified of a pending job, per minute. This parameter allows you to create a staged rollout. + $ref: '#/components/schemas/MaximumPerMinute' + additionalProperties: false + AbortConfig: + description: The criteria that determine when and how a job abort takes place. + type: object + properties: + CriteriaList: + type: array + x-insertionOrder: false + minItems: 1 + items: + $ref: '#/components/schemas/AbortCriteria' + required: + - CriteriaList + additionalProperties: false + PresignedUrlConfig: + type: object + description: Configuration for pre-signed S3 URLs. + properties: + RoleArn: + $ref: '#/components/schemas/RoleArn' + ExpiresInSec: + $ref: '#/components/schemas/ExpiresInSec' + required: + - RoleArn + additionalProperties: false + JobExecutionsRetryConfig: + type: object + properties: + RetryCriteriaList: + type: array + x-insertionOrder: false + minItems: 1 + maxItems: 2 + items: + $ref: '#/components/schemas/RetryCriteria' + additionalProperties: false + MaintenanceWindows: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/MaintenanceWindow' + DestinationPackageVersions: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/DestinationPackageVersion' + Tags: + description: Metadata that can be used to manage the JobTemplate. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - JobTemplateId + - Description + x-stackql-resource-name: job_template + description: Job templates enable you to preconfigure jobs so that you can deploy them to multiple sets of target devices. + x-type-name: AWS::IoT::JobTemplate + x-documentation-url: https://docs.aws.amazon.com/iot/latest/developerguide/job-templates.html + x-stackql-primary-identifier: + - JobTemplateId + x-create-only-properties: + - JobTemplateId + - JobArn + - Description + - Document + - DocumentSource + - TimeoutConfig + - JobExecutionsRolloutConfig + - AbortConfig + - PresignedUrlConfig + - Tags + - DestinationPackageVersions + - JobExecutionsRetryConfig + - MaintenanceWindows + x-write-only-properties: + - JobArn + - Tags + - Document + - DocumentSource + - TimeoutConfig + - JobExecutionsRolloutConfig + - AbortConfig + - PresignedUrlConfig + - DestinationPackageVersions + - JobExecutionsRetryConfig + - MaintenanceWindows + x-read-only-properties: + - Arn + x-required-properties: + - JobTemplateId + - Description + x-taggable: true + x-required-permissions: + create: + - iot:CreateJobTemplate + - iam:PassRole + - s3:GetObject + - iot:TagResource + read: + - iot:DescribeJobTemplate + delete: + - iot:DeleteJobTemplate + list: + - iot:ListJobTemplates + Logging: + type: object + properties: + AccountId: + description: Your 12-digit account ID (used as the primary identifier for the CloudFormation resource). + type: string + minLength: 12 + maxLength: 12 + pattern: ^[0-9]{12}$ + RoleArn: + description: The ARN of the role that allows IoT to write to Cloudwatch logs. + type: string + minLength: 20 + maxLength: 2048 + DefaultLogLevel: + description: 'The log level to use. Valid values are: ERROR, WARN, INFO, DEBUG, or DISABLED.' + type: string + enum: + - ERROR + - WARN + - INFO + - DEBUG + - DISABLED + required: + - AccountId + - RoleArn + - DefaultLogLevel + x-stackql-resource-name: logging + description: Logging Options enable you to configure your IoT V2 logging role and default logging level so that you can monitor progress events logs as it passes from your devices through Iot core service. + x-type-name: AWS::IoT::Logging + x-documentation-url: https://docs.aws.amazon.com/iot/latest/developerguide/configure-logging.html + x-stackql-primary-identifier: + - AccountId + x-create-only-properties: + - AccountId + x-required-properties: + - AccountId + - RoleArn + - DefaultLogLevel + x-required-permissions: + create: + - iot:SetV2LoggingOptions + - iot:GetV2LoggingOptions + - iam:PassRole + read: + - iot:GetV2LoggingOptions + update: + - iot:SetV2LoggingOptions + - iot:GetV2LoggingOptions + - iam:PassRole + delete: + - iot:SetV2LoggingOptions + - iot:GetV2LoggingOptions + list: + - iot:GetV2LoggingOptions + ActionParams: + type: object + description: The set of parameters for this mitigation action. You can specify only one type of parameter (in other words, you can apply only one action for each defined mitigation action). + properties: + AddThingsToThingGroupParams: + $ref: '#/components/schemas/AddThingsToThingGroupParams' + EnableIoTLoggingParams: + $ref: '#/components/schemas/EnableIoTLoggingParams' + PublishFindingToSnsParams: + $ref: '#/components/schemas/PublishFindingToSnsParams' + ReplaceDefaultPolicyVersionParams: + $ref: '#/components/schemas/ReplaceDefaultPolicyVersionParams' + UpdateCACertificateParams: + $ref: '#/components/schemas/UpdateCACertificateParams' + UpdateDeviceCertificateParams: + $ref: '#/components/schemas/UpdateDeviceCertificateParams' + additionalProperties: false + AddThingsToThingGroupParams: + description: Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine. + type: object + properties: + OverrideDynamicGroups: + type: boolean + description: Specifies if this mitigation action can move the things that triggered the mitigation action out of one or more dynamic thing groups. + ThingGroupNames: + description: The list of groups to which you want to add the things that triggered the mitigation action. + type: array + uniqueItems: true + items: + type: string + minLength: 1 + maxLength: 128 + minItems: 1 + maxItems: 10 + x-insertionOrder: false + required: + - ThingGroupNames + additionalProperties: false + EnableIoTLoggingParams: + description: Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail. + type: object + properties: + LogLevel: + type: string + enum: + - DEBUG + - INFO + - ERROR + - WARN + - UNSET_VALUE + description: ' Specifies which types of information are logged.' + RoleArnForLogging: + description: ' The ARN of the IAM role used for logging.' + type: string + minLength: 20 + maxLength: 2048 + required: + - LogLevel + - RoleArnForLogging + additionalProperties: false + PublishFindingToSnsParams: + type: object + description: Parameters, to define a mitigation action that publishes findings to Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages. + properties: + TopicArn: + type: string + description: The ARN of the topic to which you want to publish the findings. + minLength: 20 + maxLength: 2048 + required: + - TopicArn + additionalProperties: false + ReplaceDefaultPolicyVersionParams: + type: object + description: Parameters to define a mitigation action that adds a blank policy to restrict permissions. + properties: + TemplateName: + type: string + enum: + - BLANK_POLICY + - UNSET_VALUE + required: + - TemplateName + additionalProperties: false + UpdateCACertificateParams: + type: object + description: Parameters to define a mitigation action that changes the state of the CA certificate to inactive. + properties: + Action: + type: string + enum: + - DEACTIVATE + - UNSET_VALUE + required: + - Action + additionalProperties: false + UpdateDeviceCertificateParams: + type: object + description: Parameters to define a mitigation action that changes the state of the device certificate to inactive. + properties: + Action: + type: string + enum: + - DEACTIVATE + - UNSET_VALUE + required: + - Action + additionalProperties: false + MitigationAction: + type: object + properties: + ActionName: + description: A unique identifier for the mitigation action. + type: string + pattern: '[a-zA-Z0-9:_-]+' + minLength: 1 + maxLength: 128 + RoleArn: + type: string + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + ActionParams: + $ref: '#/components/schemas/ActionParams' + MitigationActionArn: + type: string + MitigationActionId: + type: string + required: + - RoleArn + - ActionParams + x-stackql-resource-name: mitigation_action + description: Mitigation actions can be used to take actions to mitigate issues that were found in an Audit finding or Detect violation. + x-type-name: AWS::IoT::MitigationAction + x-stackql-primary-identifier: + - ActionName + x-create-only-properties: + - ActionName + x-read-only-properties: + - MitigationActionArn + - MitigationActionId + x-required-properties: + - RoleArn + - ActionParams + x-required-permissions: + create: + - iot:CreateMitigationAction + - iot:DescribeMitigationAction + - iot:TagResource + - iam:PassRole + read: + - iot:DescribeMitigationAction + - iot:ListTagsForResource + update: + - iot:UpdateMitigationAction + - iot:ListTagsForResource + - iot:UntagResource + - iot:TagResource + - iam:PassRole + delete: + - iot:DescribeMitigationAction + - iot:DeleteMitigationAction + list: + - iot:ListMitigationActions + Policy: + type: object + properties: + Id: + type: string + Arn: + type: string + PolicyDocument: + type: object + minLength: 1 + maxLength: 404600 + PolicyName: + type: string + Tags: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/Tag' + required: + - PolicyDocument + x-stackql-resource-name: policy + description: Resource Type definition for AWS::IoT::Policy + x-type-name: AWS::IoT::Policy + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - PolicyName + x-read-only-properties: + - Arn + - Id + x-required-properties: + - PolicyDocument + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iot:CreatePolicy + - iot:GetPolicy + - iot:TagResource + - iot:ListTagsForResource + read: + - iot:GetPolicy + - iot:ListTagsForResource + delete: + - iot:DeletePolicy + - iot:GetPolicy + - iot:ListPolicyVersions + - iot:DeletePolicyVersion + update: + - iot:GetPolicy + - iot:ListPolicyVersions + - iot:CreatePolicyVersion + - iot:DeletePolicyVersion + - iot:SetDefaultPolicyVersion + - iot:TagResource + - iot:UntagResource + - iot:ListTagsForResource + list: + - iot:ListPolicies + ProvisioningHook: + type: object + properties: + TargetArn: + type: string + PayloadVersion: + type: string + ProvisioningTemplate: + type: object + properties: + TemplateArn: + type: string + TemplateName: + type: string + pattern: ^[0-9A-Za-z_-]+$ + minLength: 1 + maxLength: 36 + Description: + type: string + maxLength: 500 + Enabled: + type: boolean + ProvisioningRoleArn: + type: string + TemplateBody: + type: string + TemplateType: + type: string + enum: + - FLEET_PROVISIONING + - JITP + PreProvisioningHook: + $ref: '#/components/schemas/ProvisioningHook' + Tags: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/Tag' + required: + - ProvisioningRoleArn + - TemplateBody + x-stackql-resource-name: provisioning_template + description: Creates a fleet provisioning template. + x-type-name: AWS::IoT::ProvisioningTemplate + x-stackql-primary-identifier: + - TemplateName + x-create-only-properties: + - TemplateName + - TemplateType + x-read-only-properties: + - TemplateArn + x-required-properties: + - ProvisioningRoleArn + - TemplateBody + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:GetRole + - iam:PassRole + - iot:CreateProvisioningTemplate + - iot:DescribeProvisioningTemplate + - iot:TagResource + - iot:ListTagsForResource + read: + - iot:DescribeProvisioningTemplate + - iot:ListTagsForResource + update: + - iam:GetRole + - iam:PassRole + - iot:UpdateProvisioningTemplate + - iot:CreateProvisioningTemplateVersion + - iot:ListProvisioningTemplateVersions + - iot:DeleteProvisioningTemplateVersion + - iot:DescribeProvisioningTemplate + - iot:TagResource + - iot:UntagResource + - iot:ListTagsForResource + delete: + - iot:DeleteProvisioningTemplate + - iot:DescribeProvisioningTemplate + list: + - iot:ListProvisioningTemplates + ResourceSpecificLogging: + type: object + properties: + TargetType: + description: The target type. Value must be THING_GROUP, CLIENT_ID, SOURCE_IP, PRINCIPAL_ID, or EVENT_TYPE. + type: string + enum: + - THING_GROUP + - CLIENT_ID + - SOURCE_IP + - PRINCIPAL_ID + - EVENT_TYPE + TargetName: + description: The target name. + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z0-9.:\s_\-]+' + LogLevel: + description: 'The log level for a specific target. Valid values are: ERROR, WARN, INFO, DEBUG, or DISABLED.' + type: string + enum: + - ERROR + - WARN + - INFO + - DEBUG + - DISABLED + TargetId: + description: Unique Id for a Target (TargetType:TargetName), this will be internally built to serve as primary identifier for a log target. + type: string + minLength: 13 + maxLength: 140 + pattern: '[a-zA-Z0-9.:\s_\-]+' + required: + - TargetName + - TargetType + - LogLevel + x-stackql-resource-name: resource_specific_logging + description: Resource-specific logging allows you to specify a logging level for a specific thing group. + x-type-name: AWS::IoT::ResourceSpecificLogging + x-documentation-url: https://docs.aws.amazon.com/iot/latest/developerguide/configure-logging.html + x-stackql-primary-identifier: + - TargetId + x-create-only-properties: + - TargetName + - TargetType + x-read-only-properties: + - TargetId + x-required-properties: + - TargetName + - TargetType + - LogLevel + x-required-permissions: + create: + - iot:ListV2LoggingLevels + - iot:SetV2LoggingLevel + read: + - iot:ListV2LoggingLevels + update: + - iot:ListV2LoggingLevels + - iot:SetV2LoggingLevel + delete: + - iot:ListV2LoggingLevels + - iot:DeleteV2LoggingLevel + list: + - iot:ListV2LoggingLevels + RoleAlias: + type: object + properties: + RoleAlias: + type: string + pattern: '[\w=,@-]+' + minLength: 1 + maxLength: 128 + RoleAliasArn: + type: string + pattern: '[\w=,@-]+' + minLength: 1 + maxLength: 128 + RoleArn: + type: string + pattern: arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+ + minLength: 20 + maxLength: 2048 + CredentialDurationSeconds: + type: integer + minimum: 900 + maximum: 43200 + default: 3600 + Tags: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/Tag' + required: + - RoleArn + x-stackql-resource-name: role_alias + description: Use the AWS::IoT::RoleAlias resource to declare an AWS IoT RoleAlias. + x-type-name: AWS::IoT::RoleAlias + x-stackql-primary-identifier: + - RoleAlias + x-create-only-properties: + - RoleAlias + x-read-only-properties: + - RoleAliasArn + x-required-properties: + - RoleArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:GetRole + - iam:PassRole + - iot:CreateRoleAlias + - iot:DescribeRoleAlias + - iot:TagResource + - iot:ListTagsForResource + read: + - iam:GetRole + - iam:PassRole + - iot:DescribeRoleAlias + - iot:ListTagsForResource + update: + - iam:GetRole + - iam:PassRole + - iot:UpdateRoleAlias + - iot:DescribeRoleAlias + - iot:TagResource + - iot:UntagResource + - iot:ListTagsForResource + delete: + - iot:DeleteRoleAlias + - iot:DescribeRoleAlias + list: + - iot:ListRoleAliases + ScheduledAudit: + type: object + properties: + ScheduledAuditName: + description: The name you want to give to the scheduled audit. + type: string + pattern: '[a-zA-Z0-9:_-]+' + minLength: 1 + maxLength: 128 + Frequency: + description: How often the scheduled audit takes place. Can be one of DAILY, WEEKLY, BIWEEKLY, or MONTHLY. + type: string + enum: + - DAILY + - WEEKLY + - BIWEEKLY + - MONTHLY + DayOfMonth: + description: The day of the month on which the scheduled audit takes place. Can be 1 through 31 or LAST. This field is required if the frequency parameter is set to MONTHLY. + type: string + pattern: ^([1-9]|[12][0-9]|3[01])$|^LAST$|^UNSET_VALUE$ + DayOfWeek: + description: The day of the week on which the scheduled audit takes place. Can be one of SUN, MON, TUE,WED, THU, FRI, or SAT. This field is required if the frequency parameter is set to WEEKLY or BIWEEKLY. + type: string + enum: + - SUN + - MON + - TUE + - WED + - THU + - FRI + - SAT + - UNSET_VALUE + TargetCheckNames: + description: Which checks are performed during the scheduled audit. Checks must be enabled for your account. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + ScheduledAuditArn: + description: The ARN (Amazon resource name) of the scheduled audit. + type: string + minLength: 20 + maxLength: 2048 + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + required: + - Frequency + - TargetCheckNames + x-stackql-resource-name: scheduled_audit + description: Scheduled audits can be used to specify the checks you want to perform during an audit and how often the audit should be run. + x-type-name: AWS::IoT::ScheduledAudit + x-stackql-primary-identifier: + - ScheduledAuditName + x-create-only-properties: + - ScheduledAuditName + x-read-only-properties: + - ScheduledAuditArn + x-required-properties: + - Frequency + - TargetCheckNames + x-required-permissions: + create: + - iot:CreateScheduledAudit + - iot:DescribeScheduledAudit + - iot:TagResource + read: + - iot:DescribeScheduledAudit + - iot:ListTagsForResource + update: + - iot:UpdateScheduledAudit + - iot:ListTagsForResource + - iot:UntagResource + - iot:TagResource + delete: + - iot:DescribeScheduledAudit + - iot:DeleteScheduledAudit + list: + - iot:ListScheduledAudits + Behavior: + description: A security profile behavior. + type: object + properties: + Name: + description: The name for the behavior. + type: string + pattern: '[a-zA-Z0-9:_-]+' + minLength: 1 + maxLength: 128 + Metric: + description: What is measured by the behavior. + type: string + pattern: '[a-zA-Z0-9:_-]+' + minLength: 1 + maxLength: 128 + MetricDimension: + $ref: '#/components/schemas/MetricDimension' + Criteria: + $ref: '#/components/schemas/BehaviorCriteria' + SuppressAlerts: + description: Manage Detect alarm SNS notifications by setting behavior notification to on or suppressed. Detect will continue to performing device behavior evaluations. However, suppressed alarms wouldn't be forwarded for SNS notification. + type: boolean + ExportMetric: + $ref: '#/components/schemas/ExportMetric' + required: + - Name + additionalProperties: false + ExportMetric: + description: Flag to enable/disable metrics export for metric to be retained. + type: boolean + MetricDimension: + description: The dimension of a metric. + type: object + properties: + DimensionName: + description: A unique identifier for the dimension. + type: string + pattern: '[a-zA-Z0-9:_-]+' + minLength: 1 + maxLength: 128 + Operator: + description: Defines how the dimensionValues of a dimension are interpreted. + type: string + enum: + - IN + - NOT_IN + required: + - DimensionName + additionalProperties: false + BehaviorCriteria: + description: The criteria by which the behavior is determined to be normal. + type: object + properties: + ComparisonOperator: + description: The operator that relates the thing measured (metric) to the criteria (containing a value or statisticalThreshold). + type: string + enum: + - less-than + - less-than-equals + - greater-than + - greater-than-equals + - in-cidr-set + - not-in-cidr-set + - in-port-set + - not-in-port-set + - in-set + - not-in-set + Value: + $ref: '#/components/schemas/MetricValue' + DurationSeconds: + type: integer + description: Use this to specify the time duration over which the behavior is evaluated. + ConsecutiveDatapointsToAlarm: + description: If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1. + type: integer + minimum: 1 + maximum: 10 + ConsecutiveDatapointsToClear: + description: If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1. + type: integer + minimum: 1 + maximum: 10 + StatisticalThreshold: + $ref: '#/components/schemas/StatisticalThreshold' + MlDetectionConfig: + $ref: '#/components/schemas/MachineLearningDetectionConfig' + additionalProperties: false + MetricValue: + description: The value to be compared with the metric. + type: object + properties: + Count: + description: If the ComparisonOperator calls for a numeric value, use this to specify that (integer) numeric value to be compared with the metric. + type: string + minimum: 0 + Cidrs: + description: If the ComparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Ports: + description: If the ComparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: integer + minimum: 0 + maximum: 65535 + Number: + description: The numeral value of a metric. + type: number + Numbers: + description: The numeral values of a metric. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: number + Strings: + description: The string values of a metric. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + additionalProperties: false + StatisticalThreshold: + description: A statistical ranking (percentile) which indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior. + type: object + properties: + Statistic: + description: The percentile which resolves to a threshold value by which compliance with a behavior is determined + type: string + enum: + - Average + - p0 + - p0.1 + - p0.01 + - p1 + - p10 + - p50 + - p90 + - p99 + - p99.9 + - p99.99 + - p100 + additionalProperties: false + MachineLearningDetectionConfig: + description: The configuration of an ML Detect Security Profile. + type: object + properties: + ConfidenceLevel: + description: The sensitivity of anomalous behavior evaluation. Can be Low, Medium, or High. + type: string + enum: + - LOW + - MEDIUM + - HIGH + additionalProperties: false + AlertTarget: + description: A structure containing the alert target ARN and the role ARN. + type: object + properties: + AlertTargetArn: + description: The ARN of the notification target to which alerts are sent. + type: string + maxLength: 2048 + RoleArn: + description: The ARN of the role that grants permission to send alerts to the notification target. + type: string + minLength: 20 + maxLength: 2048 + required: + - AlertTargetArn + - RoleArn + additionalProperties: false + MetricToRetain: + description: The metric you want to retain. Dimensions are optional. + type: object + properties: + Metric: + description: What is measured by the behavior. + type: string + pattern: '[a-zA-Z0-9:_-]+' + minLength: 1 + maxLength: 128 + MetricDimension: + $ref: '#/components/schemas/MetricDimension' + ExportMetric: + $ref: '#/components/schemas/ExportMetric' + required: + - Metric + additionalProperties: false + SecurityProfile: + type: object + properties: + SecurityProfileName: + description: A unique identifier for the security profile. + type: string + pattern: '[a-zA-Z0-9:_-]+' + minLength: 1 + maxLength: 128 + SecurityProfileDescription: + description: A description of the security profile. + type: string + maxLength: 1000 + Behaviors: + description: Specifies the behaviors that, when violated by a device (thing), cause an alert. + type: array + maxLength: 100 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Behavior' + AlertTargets: + description: Specifies the destinations to which alerts are sent. + type: object + x-patternProperties: + '[a-zA-Z0-9:_-]+': + $ref: '#/components/schemas/AlertTarget' + additionalProperties: false + AdditionalMetricsToRetainV2: + description: A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors, but it is also retained for any metric specified here. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/MetricToRetain' + MetricsExportConfig: + description: A structure containing the mqtt topic for metrics export. + type: object + properties: + MqttTopic: + description: The topic for metrics export. + type: string + minLength: 1 + maxLength: 512 + RoleArn: + description: The ARN of the role that grants permission to publish to mqtt topic. + type: string + minLength: 20 + maxLength: 2048 + required: + - MqttTopic + - RoleArn + additionalProperties: false + Tags: + description: Metadata that can be used to manage the security profile. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + TargetArns: + description: A set of target ARNs that the security profile is attached to. + type: array + uniqueItems: true + x-insertionOrder: false + items: + description: The ARN of the target to which the security profile is attached. + type: string + maxLength: 2048 + SecurityProfileArn: + description: The ARN (Amazon resource name) of the created security profile. + type: string + required: [] + x-stackql-resource-name: security_profile + description: A security profile defines a set of expected behaviors for devices in your account. + x-type-name: AWS::IoT::SecurityProfile + x-stackql-primary-identifier: + - SecurityProfileName + x-create-only-properties: + - SecurityProfileName + x-read-only-properties: + - SecurityProfileArn + x-required-properties: [] + x-required-permissions: + create: + - iot:CreateSecurityProfile + - iot:AttachSecurityProfile + - iot:DescribeSecurityProfile + - iot:TagResource + - iam:PassRole + read: + - iot:DescribeSecurityProfile + - iot:ListTagsForResource + - iot:ListTargetsForSecurityProfile + update: + - iot:UpdateSecurityProfile + - iot:ListTargetsForSecurityProfile + - iot:AttachSecurityProfile + - iot:DetachSecurityProfile + - iot:ListTagsForResource + - iot:UntagResource + - iot:TagResource + - iam:PassRole + delete: + - iot:DescribeSecurityProfile + - iot:DeleteSecurityProfile + list: + - iot:ListSecurityProfiles + SoftwarePackage: + type: object + properties: + Description: + type: string + maxLength: 1024 + minLength: 0 + pattern: ^[^\p{C}]+$ + PackageArn: + type: string + PackageName: + type: string + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-_.]+$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: software_package + description: resource definition + x-type-name: AWS::IoT::SoftwarePackage + x-stackql-primary-identifier: + - PackageName + x-create-only-properties: + - PackageName + x-read-only-properties: + - PackageArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iot:CreatePackage + - iot:GetPackage + - iot:TagResource + - iot:GetIndexingConfiguration + read: + - iot:GetPackage + - iot:ListTagsForResource + update: + - iot:CreatePackage + - iot:UpdatePackage + - iot:GetPackage + - iot:ListTagsForResource + - iot:TagResource + - iot:UntagResource + - iot:GetIndexingConfiguration + delete: + - iot:DeletePackage + - iot:DeletePackageVersion + - iot:GetPackage + - iot:GetPackageVersion + - iot:UpdatePackage + - iot:UpdatePackageVersion + - iot:GetIndexingConfiguration + - iot:ListPackageVersions + list: + - iot:ListPackages + PackageVersionStatus: + type: string + enum: + - DRAFT + - PUBLISHED + - DEPRECATED + ResourceAttributes: + type: object + x-patternProperties: + ^[a-zA-Z0-9:_-]+$: + type: string + minLength: 1 + pattern: ^[^\p{C}]+$ + additionalProperties: false + SoftwarePackageVersion: + type: object + properties: + Attributes: + $ref: '#/components/schemas/ResourceAttributes' + Description: + type: string + maxLength: 1024 + minLength: 0 + pattern: ^[^\p{C}]+$ + ErrorReason: + type: string + PackageName: + type: string + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-_.]+$ + PackageVersionArn: + type: string + Status: + $ref: '#/components/schemas/PackageVersionStatus' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + VersionName: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9-_.]+$ + required: + - PackageName + x-stackql-resource-name: software_package_version + description: resource definition + x-type-name: AWS::IoT::SoftwarePackageVersion + x-stackql-primary-identifier: + - PackageName + - VersionName + x-create-only-properties: + - PackageName + - VersionName + x-read-only-properties: + - ErrorReason + - PackageVersionArn + - Status + x-required-properties: + - PackageName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iot:CreatePackageVersion + - iot:GetPackageVersion + - iot:TagResource + - iot:GetIndexingConfiguration + read: + - iot:GetPackageVersion + - iot:ListTagsForResource + update: + - iot:UpdatePackageVersion + - iot:GetPackageVersion + - iot:ListTagsForResource + - iot:TagResource + - iot:UntagResource + - iot:GetIndexingConfiguration + delete: + - iot:DeletePackageVersion + - iot:UpdatePackageVersion + - iot:GetPackageVersion + - iot:GetIndexingConfiguration + list: + - iot:ListPackageVersions + AttributePayload: + type: object + additionalProperties: false + properties: + Attributes: + type: object + x-patternProperties: + '[a-zA-Z0-9_.,@/:#-]+': + type: string + additionalProperties: false + Thing: + type: object + properties: + Id: + type: string + Arn: + type: string + AttributePayload: + $ref: '#/components/schemas/AttributePayload' + ThingName: + type: string + pattern: '[a-zA-Z0-9:_-]+' + minLength: 1 + maxLength: 128 + x-stackql-resource-name: thing + description: Resource Type definition for AWS::IoT::Thing + x-type-name: AWS::IoT::Thing + x-stackql-primary-identifier: + - ThingName + x-create-only-properties: + - ThingName + x-read-only-properties: + - Id + - Arn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: true + x-required-permissions: + create: + - iot:CreateThing + - iot:DescribeThing + delete: + - iot:DeleteThing + - iot:DescribeThing + list: + - iot:ListThings + read: + - iot:DescribeThing + update: + - iot:UpdateThing + - iot:DescribeThing + ThingGroup: + type: object + properties: + Id: + type: string + Arn: + type: string + ThingGroupName: + type: string + pattern: '[a-zA-Z0-9:_-]+' + minLength: 1 + maxLength: 128 + ParentGroupName: + type: string + pattern: '[a-zA-Z0-9:_-]+' + minLength: 1 + maxLength: 128 + QueryString: + type: string + minLength: 1 + maxLength: 1000 + ThingGroupProperties: + type: object + additionalProperties: false + properties: + AttributePayload: + $ref: '#/components/schemas/AttributePayload' + ThingGroupDescription: + type: string + pattern: '[\p{Graph}\x20]*' + maxLength: 2028 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: thing_group + description: Resource Type definition for AWS::IoT::ThingGroup + x-type-name: AWS::IoT::ThingGroup + x-stackql-primary-identifier: + - ThingGroupName + x-create-only-properties: + - ThingGroupName + - ParentGroupName + x-read-only-properties: + - Arn + - Id + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iot:DescribeThingGroup + - iot:ListTagsForResource + - iot:CreateThingGroup + - iot:CreateDynamicThingGroup + - iot:TagResource + delete: + - iot:DescribeThingGroup + - iot:DeleteThingGroup + - iot:DeleteDynamicThingGroup + list: + - iot:ListThingGroups + - iot:ListTagsForResource + read: + - iot:DescribeThingGroup + - iot:ListTagsForResource + update: + - iot:ListTagsForResource + - iot:DescribeThingGroup + - iot:UpdateThingGroup + - iot:UpdateDynamicThingGroup + - iot:TagResource + - iot:UntagResource + ThingType: + type: object + properties: + Id: + type: string + Arn: + type: string + ThingTypeName: + type: string + pattern: '[a-zA-Z0-9:_-]+' + minLength: 1 + maxLength: 128 + DeprecateThingType: + type: boolean + ThingTypeProperties: + type: object + additionalProperties: false + properties: + SearchableAttributes: + type: array + maxItems: 3 + uniqueItems: true + x-insertionOrder: true + items: + type: string + pattern: '[a-zA-Z0-9_.,@/:#-]+' + maxLength: 128 + ThingTypeDescription: + pattern: '[\p{Graph}\x20]*' + type: string + maxLength: 2028 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: thing_type + description: Resource Type definition for AWS::IoT::ThingType + x-type-name: AWS::IoT::ThingType + x-stackql-primary-identifier: + - ThingTypeName + x-create-only-properties: + - ThingTypeName + - ThingTypeProperties + x-read-only-properties: + - Arn + - Id + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iot:DescribeThingType + - iot:ListTagsForResource + - iot:CreateThingType + - iot:DeprecateThingType + - iot:TagResource + delete: + - iot:DescribeThingType + - iot:DeleteThingType + - iot:DeprecateThingType + list: + - iot:ListThingTypes + - iot:ListTagsForResource + read: + - iot:DescribeThingType + - iot:ListTagsForResource + update: + - iot:DescribeThingType + - iot:UpdateThingType + - iot:ListTagsForResource + - iot:TagResource + - iot:UntagResource + - iot:DeprecateThingType + TopicRulePayload: + type: object + additionalProperties: false + properties: + RuleDisabled: + type: boolean + ErrorAction: + $ref: '#/components/schemas/Action' + Description: + type: string + AwsIotSqlVersion: + type: string + Actions: + type: array + items: + $ref: '#/components/schemas/Action' + Sql: + type: string + required: + - Actions + - Sql + CloudwatchAlarmAction: + type: object + additionalProperties: false + properties: + StateValue: + type: string + AlarmName: + type: string + StateReason: + type: string + RoleArn: + type: string + required: + - AlarmName + - StateReason + - StateValue + - RoleArn + CloudwatchLogsAction: + type: object + additionalProperties: false + properties: + LogGroupName: + type: string + RoleArn: + type: string + BatchMode: + type: boolean + required: + - LogGroupName + - RoleArn + CloudwatchMetricAction: + type: object + additionalProperties: false + properties: + MetricName: + type: string + MetricValue: + type: string + MetricNamespace: + type: string + MetricUnit: + type: string + RoleArn: + type: string + MetricTimestamp: + type: string + required: + - MetricName + - MetricValue + - MetricNamespace + - MetricUnit + - RoleArn + DynamoDBAction: + type: object + additionalProperties: false + properties: + TableName: + type: string + PayloadField: + type: string + RangeKeyField: + type: string + HashKeyField: + type: string + RangeKeyValue: + type: string + RangeKeyType: + type: string + HashKeyType: + type: string + HashKeyValue: + type: string + RoleArn: + type: string + required: + - TableName + - HashKeyField + - HashKeyValue + - RoleArn + DynamoDBv2Action: + type: object + additionalProperties: false + properties: + PutItem: + $ref: '#/components/schemas/PutItemInput' + RoleArn: + type: string + PutItemInput: + type: object + additionalProperties: false + properties: + TableName: + type: string + required: + - TableName + ElasticsearchAction: + type: object + additionalProperties: false + properties: + Type: + type: string + Index: + type: string + Id: + type: string + Endpoint: + type: string + RoleArn: + type: string + required: + - Type + - Endpoint + - Index + - Id + - RoleArn + FirehoseAction: + type: object + additionalProperties: false + properties: + DeliveryStreamName: + type: string + RoleArn: + type: string + Separator: + type: string + BatchMode: + type: boolean + required: + - DeliveryStreamName + - RoleArn + HttpAction: + type: object + additionalProperties: false + properties: + ConfirmationUrl: + type: string + Headers: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/HttpActionHeader' + Url: + type: string + Auth: + $ref: '#/components/schemas/HttpAuthorization' + required: + - Url + HttpActionHeader: + type: object + additionalProperties: false + properties: + Value: + type: string + Key: + type: string + required: + - Value + - Key + HttpAuthorization: + type: object + additionalProperties: false + properties: + Sigv4: + $ref: '#/components/schemas/SigV4Authorization' + SigV4Authorization: + type: object + additionalProperties: false + properties: + ServiceName: + type: string + SigningRegion: + type: string + RoleArn: + type: string + required: + - ServiceName + - SigningRegion + - RoleArn + IotAnalyticsAction: + type: object + additionalProperties: false + properties: + RoleArn: + type: string + ChannelName: + type: string + BatchMode: + type: boolean + required: + - ChannelName + - RoleArn + IotEventsAction: + type: object + additionalProperties: false + properties: + InputName: + type: string + RoleArn: + type: string + MessageId: + type: string + BatchMode: + type: boolean + required: + - InputName + - RoleArn + IotSiteWiseAction: + type: object + additionalProperties: false + properties: + RoleArn: + type: string + PutAssetPropertyValueEntries: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/PutAssetPropertyValueEntry' + required: + - PutAssetPropertyValueEntries + - RoleArn + PutAssetPropertyValueEntry: + type: object + additionalProperties: false + properties: + PropertyAlias: + type: string + PropertyValues: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/AssetPropertyValue' + AssetId: + type: string + EntryId: + type: string + PropertyId: + type: string + required: + - PropertyValues + AssetPropertyValue: + type: object + additionalProperties: false + properties: + Value: + $ref: '#/components/schemas/AssetPropertyVariant' + Timestamp: + $ref: '#/components/schemas/AssetPropertyTimestamp' + Quality: + type: string + required: + - Value + - Timestamp + AssetPropertyVariant: + type: object + additionalProperties: false + properties: + StringValue: + type: string + DoubleValue: + type: string + BooleanValue: + type: string + IntegerValue: + type: string + AssetPropertyTimestamp: + type: object + additionalProperties: false + properties: + TimeInSeconds: + type: string + OffsetInNanos: + type: string + required: + - TimeInSeconds + KafkaAction: + type: object + additionalProperties: false + properties: + DestinationArn: + type: string + Topic: + type: string + Key: + type: string + Partition: + type: string + ClientProperties: + type: object + additionalProperties: false + x-patternProperties: + .*: + type: string + minProperties: 1 + Headers: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/KafkaActionHeader' + required: + - DestinationArn + - Topic + - ClientProperties + KafkaActionHeader: + type: object + additionalProperties: false + properties: + Value: + type: string + Key: + type: string + required: + - Value + - Key + KinesisAction: + type: object + additionalProperties: false + properties: + PartitionKey: + type: string + StreamName: + type: string + RoleArn: + type: string + required: + - StreamName + - RoleArn + LambdaAction: + type: object + additionalProperties: false + properties: + FunctionArn: + type: string + LocationAction: + type: object + additionalProperties: false + properties: + RoleArn: + type: string + TrackerName: + type: string + DeviceId: + type: string + Latitude: + type: string + Longitude: + type: string + Timestamp: + $ref: '#/components/schemas/Timestamp' + required: + - RoleArn + - TrackerName + - DeviceId + - Latitude + - Longitude + Timestamp: + type: object + properties: + Value: + type: string + Unit: + type: string + additionalProperties: false + required: + - Value + OpenSearchAction: + type: object + additionalProperties: false + properties: + Type: + type: string + Index: + type: string + Id: + type: string + Endpoint: + type: string + RoleArn: + type: string + required: + - Type + - Endpoint + - Index + - Id + - RoleArn + RepublishAction: + type: object + additionalProperties: false + properties: + Qos: + type: integer + Topic: + type: string + RoleArn: + type: string + Headers: + $ref: '#/components/schemas/RepublishActionHeaders' + required: + - Topic + - RoleArn + RepublishActionHeaders: + type: object + additionalProperties: false + properties: + PayloadFormatIndicator: + type: string + minLength: 0 + maxLength: 1024 + ContentType: + type: string + minLength: 0 + maxLength: 1024 + ResponseTopic: + type: string + minLength: 0 + maxLength: 1024 + CorrelationData: + type: string + minLength: 0 + maxLength: 1024 + MessageExpiry: + type: string + minLength: 0 + maxLength: 1024 + UserProperties: + $ref: '#/components/schemas/UserProperties' + UserProperties: + type: array + minItems: 1 + maxItems: 100 + items: + $ref: '#/components/schemas/UserProperty' + UserProperty: + type: object + additionalProperties: false + required: + - Key + - Value + properties: + Key: + type: string + minLength: 0 + maxLength: 1024 + Value: + type: string + minLength: 0 + maxLength: 1024 + S3Action: + type: object + additionalProperties: false + properties: + BucketName: + type: string + Key: + type: string + RoleArn: + type: string + CannedAcl: + $ref: '#/components/schemas/CannedAccessControlList' + required: + - BucketName + - Key + - RoleArn + CannedAccessControlList: + type: string + enum: + - private + - public-read + - public-read-write + - aws-exec-read + - authenticated-read + - bucket-owner-read + - bucket-owner-full-control + - log-delivery-write + SnsAction: + type: object + additionalProperties: false + properties: + TargetArn: + type: string + MessageFormat: + type: string + RoleArn: + type: string + required: + - TargetArn + - RoleArn + StepFunctionsAction: + type: object + additionalProperties: false + properties: + ExecutionNamePrefix: + type: string + StateMachineName: + type: string + RoleArn: + type: string + required: + - StateMachineName + - RoleArn + SqsAction: + type: object + additionalProperties: false + properties: + RoleArn: + type: string + UseBase64: + type: boolean + QueueUrl: + type: string + required: + - RoleArn + - QueueUrl + TimestreamAction: + type: object + additionalProperties: false + properties: + RoleArn: + type: string + DatabaseName: + type: string + TableName: + type: string + Dimensions: + $ref: '#/components/schemas/TimestreamDimensionsList' + Timestamp: + $ref: '#/components/schemas/TimestreamTimestamp' + required: + - RoleArn + - DatabaseName + - TableName + - Dimensions + TimestreamDimensionsList: + type: array + minItems: 1 + maxItems: 128 + items: + $ref: '#/components/schemas/TimestreamDimension' + TimestreamDimension: + type: object + properties: + Name: + type: string + Value: + type: string + additionalProperties: false + required: + - Name + - Value + TimestreamTimestamp: + type: object + properties: + Value: + type: string + Unit: + type: string + additionalProperties: false + required: + - Value + - Unit + TopicRule: + type: object + properties: + Arn: + type: string + RuleName: + type: string + TopicRulePayload: + $ref: '#/components/schemas/TopicRulePayload' + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - TopicRulePayload + x-stackql-resource-name: topic_rule + description: Resource Type definition for AWS::IoT::TopicRule + x-type-name: AWS::IoT::TopicRule + x-stackql-primary-identifier: + - RuleName + x-create-only-properties: + - RuleName + x-read-only-properties: + - Arn + x-required-properties: + - TopicRulePayload + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:PassRole + - iot:CreateTopicRule + - iot:GetTopicRule + - iot:TagResource + - iot:ListTagsForResource + read: + - iot:GetTopicRule + - iot:ListTagsForResource + update: + - iam:PassRole + - iot:GetTopicRule + - iot:ListTagsForResource + - iot:ReplaceTopicRule + - iot:TagResource + - iot:UntagResource + delete: + - iot:GetTopicRule + - iot:DeleteTopicRule + list: + - iot:ListTopicRules + TopicRuleDestinationStatus: + type: string + enum: + - ENABLED + - IN_PROGRESS + - DISABLED + HttpUrlDestinationSummary: + type: object + additionalProperties: false + properties: + ConfirmationUrl: + type: string + VpcDestinationProperties: + type: object + additionalProperties: false + properties: + SubnetIds: + type: array + uniqueItems: true + items: + type: string + SecurityGroups: + type: array + uniqueItems: true + items: + type: string + VpcId: + type: string + RoleArn: + type: string + TopicRuleDestination: + type: object + properties: + Arn: + description: Amazon Resource Name (ARN). + type: string + Status: + description: The status of the TopicRuleDestination. + $ref: '#/components/schemas/TopicRuleDestinationStatus' + HttpUrlProperties: + description: HTTP URL destination properties. + $ref: '#/components/schemas/HttpUrlDestinationSummary' + StatusReason: + description: The reasoning for the current status of the TopicRuleDestination. + type: string + VpcProperties: + description: VPC destination properties. + $ref: '#/components/schemas/VpcDestinationProperties' + x-stackql-resource-name: topic_rule_destination + description: Resource Type definition for AWS::IoT::TopicRuleDestination + x-type-name: AWS::IoT::TopicRuleDestination + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - HttpUrlProperties + - VpcProperties + x-read-only-properties: + - Arn + - StatusReason + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: true + x-required-permissions: + create: + - iam:PassRole + - iot:CreateTopicRuleDestination + - iot:GetTopicRuleDestination + - iot:UpdateTopicRuleDestination + read: + - iot:GetTopicRuleDestination + update: + - iam:PassRole + - iot:GetTopicRuleDestination + - iot:UpdateTopicRuleDestination + delete: + - iot:GetTopicRuleDestination + - iot:DeleteTopicRuleDestination + list: + - iot:ListTopicRuleDestinations + x-stackQL-resources: + account_audit_configurations: + name: account_audit_configurations + id: aws.iot.account_audit_configurations + x-cfn-schema-name: AccountAuditConfiguration + x-type: list + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::AccountAuditConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::AccountAuditConfiguration' + AND region = 'us-east-1' + account_audit_configuration: + name: account_audit_configuration + id: aws.iot.account_audit_configuration + x-cfn-schema-name: AccountAuditConfiguration + x-type: get + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccountId') as account_id, + JSON_EXTRACT(Properties, '$.AuditCheckConfigurations') as audit_check_configurations, + JSON_EXTRACT(Properties, '$.AuditNotificationTargetConfigurations') as audit_notification_target_configurations, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::AccountAuditConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccountId') as account_id, + json_extract_path_text(Properties, 'AuditCheckConfigurations') as audit_check_configurations, + json_extract_path_text(Properties, 'AuditNotificationTargetConfigurations') as audit_notification_target_configurations, + json_extract_path_text(Properties, 'RoleArn') as role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::AccountAuditConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + authorizers: + name: authorizers + id: aws.iot.authorizers + x-cfn-schema-name: Authorizer + x-type: list + x-identifiers: + - AuthorizerName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AuthorizerName') as authorizer_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::Authorizer' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AuthorizerName') as authorizer_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::Authorizer' + AND region = 'us-east-1' + authorizer: + name: authorizer + id: aws.iot.authorizer + x-cfn-schema-name: Authorizer + x-type: get + x-identifiers: + - AuthorizerName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AuthorizerFunctionArn') as authorizer_function_arn, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AuthorizerName') as authorizer_name, + JSON_EXTRACT(Properties, '$.SigningDisabled') as signing_disabled, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.TokenKeyName') as token_key_name, + JSON_EXTRACT(Properties, '$.TokenSigningPublicKeys') as token_signing_public_keys, + JSON_EXTRACT(Properties, '$.EnableCachingForHttp') as enable_caching_for_http, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::Authorizer' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AuthorizerFunctionArn') as authorizer_function_arn, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AuthorizerName') as authorizer_name, + json_extract_path_text(Properties, 'SigningDisabled') as signing_disabled, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'TokenKeyName') as token_key_name, + json_extract_path_text(Properties, 'TokenSigningPublicKeys') as token_signing_public_keys, + json_extract_path_text(Properties, 'EnableCachingForHttp') as enable_caching_for_http, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::Authorizer' + AND data__Identifier = '' + AND region = 'us-east-1' + billing_groups: + name: billing_groups + id: aws.iot.billing_groups + x-cfn-schema-name: BillingGroup + x-type: list + x-identifiers: + - BillingGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.BillingGroupName') as billing_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::BillingGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'BillingGroupName') as billing_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::BillingGroup' + AND region = 'us-east-1' + billing_group: + name: billing_group + id: aws.iot.billing_group + x-cfn-schema-name: BillingGroup + x-type: get + x-identifiers: + - BillingGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.BillingGroupName') as billing_group_name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.BillingGroupProperties') as billing_group_properties + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::BillingGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'BillingGroupName') as billing_group_name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'BillingGroupProperties') as billing_group_properties + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::BillingGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + ca_certificates: + name: ca_certificates + id: aws.iot.ca_certificates + x-cfn-schema-name: CACertificate + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::CACertificate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::CACertificate' + AND region = 'us-east-1' + ca_certificate: + name: ca_certificate + id: aws.iot.ca_certificate + x-cfn-schema-name: CACertificate + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CACertificatePem') as ca_certificate_pem, + JSON_EXTRACT(Properties, '$.VerificationCertificatePem') as verification_certificate_pem, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.CertificateMode') as certificate_mode, + JSON_EXTRACT(Properties, '$.AutoRegistrationStatus') as auto_registration_status, + JSON_EXTRACT(Properties, '$.RemoveAutoRegistration') as remove_auto_registration, + JSON_EXTRACT(Properties, '$.RegistrationConfig') as registration_config, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::CACertificate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CACertificatePem') as ca_certificate_pem, + json_extract_path_text(Properties, 'VerificationCertificatePem') as verification_certificate_pem, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'CertificateMode') as certificate_mode, + json_extract_path_text(Properties, 'AutoRegistrationStatus') as auto_registration_status, + json_extract_path_text(Properties, 'RemoveAutoRegistration') as remove_auto_registration, + json_extract_path_text(Properties, 'RegistrationConfig') as registration_config, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::CACertificate' + AND data__Identifier = '' + AND region = 'us-east-1' + certificates: + name: certificates + id: aws.iot.certificates + x-cfn-schema-name: Certificate + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::Certificate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::Certificate' + AND region = 'us-east-1' + certificate: + name: certificate + id: aws.iot.certificate + x-cfn-schema-name: Certificate + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CACertificatePem') as ca_certificate_pem, + JSON_EXTRACT(Properties, '$.CertificatePem') as certificate_pem, + JSON_EXTRACT(Properties, '$.CertificateSigningRequest') as certificate_signing_request, + JSON_EXTRACT(Properties, '$.CertificateMode') as certificate_mode, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::Certificate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CACertificatePem') as ca_certificate_pem, + json_extract_path_text(Properties, 'CertificatePem') as certificate_pem, + json_extract_path_text(Properties, 'CertificateSigningRequest') as certificate_signing_request, + json_extract_path_text(Properties, 'CertificateMode') as certificate_mode, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::Certificate' + AND data__Identifier = '' + AND region = 'us-east-1' + certificate_providers: + name: certificate_providers + id: aws.iot.certificate_providers + x-cfn-schema-name: CertificateProvider + x-type: list + x-identifiers: + - CertificateProviderName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CertificateProviderName') as certificate_provider_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::CertificateProvider' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CertificateProviderName') as certificate_provider_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::CertificateProvider' + AND region = 'us-east-1' + certificate_provider: + name: certificate_provider + id: aws.iot.certificate_provider + x-cfn-schema-name: CertificateProvider + x-type: get + x-identifiers: + - CertificateProviderName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CertificateProviderName') as certificate_provider_name, + JSON_EXTRACT(Properties, '$.LambdaFunctionArn') as lambda_function_arn, + JSON_EXTRACT(Properties, '$.AccountDefaultForOperations') as account_default_for_operations, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::CertificateProvider' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CertificateProviderName') as certificate_provider_name, + json_extract_path_text(Properties, 'LambdaFunctionArn') as lambda_function_arn, + json_extract_path_text(Properties, 'AccountDefaultForOperations') as account_default_for_operations, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::CertificateProvider' + AND data__Identifier = '' + AND region = 'us-east-1' + custom_metrics: + name: custom_metrics + id: aws.iot.custom_metrics + x-cfn-schema-name: CustomMetric + x-type: list + x-identifiers: + - MetricName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.MetricName') as metric_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::CustomMetric' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'MetricName') as metric_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::CustomMetric' + AND region = 'us-east-1' + custom_metric: + name: custom_metric + id: aws.iot.custom_metric + x-cfn-schema-name: CustomMetric + x-type: get + x-identifiers: + - MetricName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.MetricName') as metric_name, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.MetricType') as metric_type, + JSON_EXTRACT(Properties, '$.MetricArn') as metric_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::CustomMetric' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'MetricName') as metric_name, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'MetricType') as metric_type, + json_extract_path_text(Properties, 'MetricArn') as metric_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::CustomMetric' + AND data__Identifier = '' + AND region = 'us-east-1' + dimensions: + name: dimensions + id: aws.iot.dimensions + x-cfn-schema-name: Dimension + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::Dimension' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::Dimension' + AND region = 'us-east-1' + dimension: + name: dimension + id: aws.iot.dimension + x-cfn-schema-name: Dimension + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.StringValues') as string_values, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::Dimension' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'StringValues') as string_values, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::Dimension' + AND data__Identifier = '' + AND region = 'us-east-1' + domain_configurations: + name: domain_configurations + id: aws.iot.domain_configurations + x-cfn-schema-name: DomainConfiguration + x-type: list + x-identifiers: + - DomainConfigurationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainConfigurationName') as domain_configuration_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::DomainConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainConfigurationName') as domain_configuration_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::DomainConfiguration' + AND region = 'us-east-1' + domain_configuration: + name: domain_configuration + id: aws.iot.domain_configuration + x-cfn-schema-name: DomainConfiguration + x-type: get + x-identifiers: + - DomainConfigurationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DomainConfigurationName') as domain_configuration_name, + JSON_EXTRACT(Properties, '$.AuthorizerConfig') as authorizer_config, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.ServerCertificateArns') as server_certificate_arns, + JSON_EXTRACT(Properties, '$.ServiceType') as service_type, + JSON_EXTRACT(Properties, '$.ValidationCertificateArn') as validation_certificate_arn, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DomainConfigurationStatus') as domain_configuration_status, + JSON_EXTRACT(Properties, '$.DomainType') as domain_type, + JSON_EXTRACT(Properties, '$.ServerCertificateConfig') as server_certificate_config, + JSON_EXTRACT(Properties, '$.ServerCertificates') as server_certificates, + JSON_EXTRACT(Properties, '$.TlsConfig') as tls_config, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::DomainConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DomainConfigurationName') as domain_configuration_name, + json_extract_path_text(Properties, 'AuthorizerConfig') as authorizer_config, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'ServerCertificateArns') as server_certificate_arns, + json_extract_path_text(Properties, 'ServiceType') as service_type, + json_extract_path_text(Properties, 'ValidationCertificateArn') as validation_certificate_arn, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DomainConfigurationStatus') as domain_configuration_status, + json_extract_path_text(Properties, 'DomainType') as domain_type, + json_extract_path_text(Properties, 'ServerCertificateConfig') as server_certificate_config, + json_extract_path_text(Properties, 'ServerCertificates') as server_certificates, + json_extract_path_text(Properties, 'TlsConfig') as tls_config, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::DomainConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fleet_metrics: + name: fleet_metrics + id: aws.iot.fleet_metrics + x-cfn-schema-name: FleetMetric + x-type: list + x-identifiers: + - MetricName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.MetricName') as metric_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::FleetMetric' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'MetricName') as metric_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::FleetMetric' + AND region = 'us-east-1' + fleet_metric: + name: fleet_metric + id: aws.iot.fleet_metric + x-cfn-schema-name: FleetMetric + x-type: get + x-identifiers: + - MetricName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.MetricName') as metric_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.QueryString') as query_string, + JSON_EXTRACT(Properties, '$.Period') as period, + JSON_EXTRACT(Properties, '$.AggregationField') as aggregation_field, + JSON_EXTRACT(Properties, '$.QueryVersion') as query_version, + JSON_EXTRACT(Properties, '$.IndexName') as index_name, + JSON_EXTRACT(Properties, '$.Unit') as unit, + JSON_EXTRACT(Properties, '$.AggregationType') as aggregation_type, + JSON_EXTRACT(Properties, '$.MetricArn') as metric_arn, + JSON_EXTRACT(Properties, '$.CreationDate') as creation_date, + JSON_EXTRACT(Properties, '$.LastModifiedDate') as last_modified_date, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::FleetMetric' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'MetricName') as metric_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'QueryString') as query_string, + json_extract_path_text(Properties, 'Period') as period, + json_extract_path_text(Properties, 'AggregationField') as aggregation_field, + json_extract_path_text(Properties, 'QueryVersion') as query_version, + json_extract_path_text(Properties, 'IndexName') as index_name, + json_extract_path_text(Properties, 'Unit') as unit, + json_extract_path_text(Properties, 'AggregationType') as aggregation_type, + json_extract_path_text(Properties, 'MetricArn') as metric_arn, + json_extract_path_text(Properties, 'CreationDate') as creation_date, + json_extract_path_text(Properties, 'LastModifiedDate') as last_modified_date, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::FleetMetric' + AND data__Identifier = '' + AND region = 'us-east-1' + job_templates: + name: job_templates + id: aws.iot.job_templates + x-cfn-schema-name: JobTemplate + x-type: list + x-identifiers: + - JobTemplateId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.JobTemplateId') as job_template_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::JobTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'JobTemplateId') as job_template_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::JobTemplate' + AND region = 'us-east-1' + job_template: + name: job_template + id: aws.iot.job_template + x-cfn-schema-name: JobTemplate + x-type: get + x-identifiers: + - JobTemplateId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.JobArn') as job_arn, + JSON_EXTRACT(Properties, '$.JobTemplateId') as job_template_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Document') as document, + JSON_EXTRACT(Properties, '$.DocumentSource') as document_source, + JSON_EXTRACT(Properties, '$.TimeoutConfig') as timeout_config, + JSON_EXTRACT(Properties, '$.JobExecutionsRolloutConfig') as job_executions_rollout_config, + JSON_EXTRACT(Properties, '$.AbortConfig') as abort_config, + JSON_EXTRACT(Properties, '$.PresignedUrlConfig') as presigned_url_config, + JSON_EXTRACT(Properties, '$.JobExecutionsRetryConfig') as job_executions_retry_config, + JSON_EXTRACT(Properties, '$.MaintenanceWindows') as maintenance_windows, + JSON_EXTRACT(Properties, '$.DestinationPackageVersions') as destination_package_versions, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::JobTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'JobArn') as job_arn, + json_extract_path_text(Properties, 'JobTemplateId') as job_template_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Document') as document, + json_extract_path_text(Properties, 'DocumentSource') as document_source, + json_extract_path_text(Properties, 'TimeoutConfig') as timeout_config, + json_extract_path_text(Properties, 'JobExecutionsRolloutConfig') as job_executions_rollout_config, + json_extract_path_text(Properties, 'AbortConfig') as abort_config, + json_extract_path_text(Properties, 'PresignedUrlConfig') as presigned_url_config, + json_extract_path_text(Properties, 'JobExecutionsRetryConfig') as job_executions_retry_config, + json_extract_path_text(Properties, 'MaintenanceWindows') as maintenance_windows, + json_extract_path_text(Properties, 'DestinationPackageVersions') as destination_package_versions, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::JobTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + loggings: + name: loggings + id: aws.iot.loggings + x-cfn-schema-name: Logging + x-type: list + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::Logging' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::Logging' + AND region = 'us-east-1' + logging: + name: logging + id: aws.iot.logging + x-cfn-schema-name: Logging + x-type: get + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccountId') as account_id, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.DefaultLogLevel') as default_log_level + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::Logging' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccountId') as account_id, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'DefaultLogLevel') as default_log_level + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::Logging' + AND data__Identifier = '' + AND region = 'us-east-1' + mitigation_actions: + name: mitigation_actions + id: aws.iot.mitigation_actions + x-cfn-schema-name: MitigationAction + x-type: list + x-identifiers: + - ActionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ActionName') as action_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::MitigationAction' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ActionName') as action_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::MitigationAction' + AND region = 'us-east-1' + mitigation_action: + name: mitigation_action + id: aws.iot.mitigation_action + x-cfn-schema-name: MitigationAction + x-type: get + x-identifiers: + - ActionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ActionName') as action_name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ActionParams') as action_params, + JSON_EXTRACT(Properties, '$.MitigationActionArn') as mitigation_action_arn, + JSON_EXTRACT(Properties, '$.MitigationActionId') as mitigation_action_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::MitigationAction' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ActionName') as action_name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ActionParams') as action_params, + json_extract_path_text(Properties, 'MitigationActionArn') as mitigation_action_arn, + json_extract_path_text(Properties, 'MitigationActionId') as mitigation_action_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::MitigationAction' + AND data__Identifier = '' + AND region = 'us-east-1' + policies: + name: policies + id: aws.iot.policies + x-cfn-schema-name: Policy + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::Policy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::Policy' + AND region = 'us-east-1' + policy: + name: policy + id: aws.iot.policy + x-cfn-schema-name: Policy + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::Policy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'PolicyName') as policy_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::Policy' + AND data__Identifier = '' + AND region = 'us-east-1' + provisioning_templates: + name: provisioning_templates + id: aws.iot.provisioning_templates + x-cfn-schema-name: ProvisioningTemplate + x-type: list + x-identifiers: + - TemplateName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TemplateName') as template_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::ProvisioningTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TemplateName') as template_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::ProvisioningTemplate' + AND region = 'us-east-1' + provisioning_template: + name: provisioning_template + id: aws.iot.provisioning_template + x-cfn-schema-name: ProvisioningTemplate + x-type: get + x-identifiers: + - TemplateName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TemplateArn') as template_arn, + JSON_EXTRACT(Properties, '$.TemplateName') as template_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Enabled') as enabled, + JSON_EXTRACT(Properties, '$.ProvisioningRoleArn') as provisioning_role_arn, + JSON_EXTRACT(Properties, '$.TemplateBody') as template_body, + JSON_EXTRACT(Properties, '$.TemplateType') as template_type, + JSON_EXTRACT(Properties, '$.PreProvisioningHook') as pre_provisioning_hook, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::ProvisioningTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TemplateArn') as template_arn, + json_extract_path_text(Properties, 'TemplateName') as template_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Enabled') as enabled, + json_extract_path_text(Properties, 'ProvisioningRoleArn') as provisioning_role_arn, + json_extract_path_text(Properties, 'TemplateBody') as template_body, + json_extract_path_text(Properties, 'TemplateType') as template_type, + json_extract_path_text(Properties, 'PreProvisioningHook') as pre_provisioning_hook, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::ProvisioningTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + resource_specific_loggings: + name: resource_specific_loggings + id: aws.iot.resource_specific_loggings + x-cfn-schema-name: ResourceSpecificLogging + x-type: list + x-identifiers: + - TargetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TargetId') as target_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::ResourceSpecificLogging' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TargetId') as target_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::ResourceSpecificLogging' + AND region = 'us-east-1' + resource_specific_logging: + name: resource_specific_logging + id: aws.iot.resource_specific_logging + x-cfn-schema-name: ResourceSpecificLogging + x-type: get + x-identifiers: + - TargetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TargetType') as target_type, + JSON_EXTRACT(Properties, '$.TargetName') as target_name, + JSON_EXTRACT(Properties, '$.LogLevel') as log_level, + JSON_EXTRACT(Properties, '$.TargetId') as target_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::ResourceSpecificLogging' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TargetType') as target_type, + json_extract_path_text(Properties, 'TargetName') as target_name, + json_extract_path_text(Properties, 'LogLevel') as log_level, + json_extract_path_text(Properties, 'TargetId') as target_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::ResourceSpecificLogging' + AND data__Identifier = '' + AND region = 'us-east-1' + role_aliases: + name: role_aliases + id: aws.iot.role_aliases + x-cfn-schema-name: RoleAlias + x-type: list + x-identifiers: + - RoleAlias + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RoleAlias') as role_alias + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::RoleAlias' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RoleAlias') as role_alias + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::RoleAlias' + AND region = 'us-east-1' + role_alias: + name: role_alias + id: aws.iot.role_alias + x-cfn-schema-name: RoleAlias + x-type: get + x-identifiers: + - RoleAlias + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RoleAlias') as role_alias, + JSON_EXTRACT(Properties, '$.RoleAliasArn') as role_alias_arn, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.CredentialDurationSeconds') as credential_duration_seconds, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::RoleAlias' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RoleAlias') as role_alias, + json_extract_path_text(Properties, 'RoleAliasArn') as role_alias_arn, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'CredentialDurationSeconds') as credential_duration_seconds, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::RoleAlias' + AND data__Identifier = '' + AND region = 'us-east-1' + scheduled_audits: + name: scheduled_audits + id: aws.iot.scheduled_audits + x-cfn-schema-name: ScheduledAudit + x-type: list + x-identifiers: + - ScheduledAuditName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ScheduledAuditName') as scheduled_audit_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::ScheduledAudit' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ScheduledAuditName') as scheduled_audit_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::ScheduledAudit' + AND region = 'us-east-1' + scheduled_audit: + name: scheduled_audit + id: aws.iot.scheduled_audit + x-cfn-schema-name: ScheduledAudit + x-type: get + x-identifiers: + - ScheduledAuditName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ScheduledAuditName') as scheduled_audit_name, + JSON_EXTRACT(Properties, '$.Frequency') as frequency, + JSON_EXTRACT(Properties, '$.DayOfMonth') as day_of_month, + JSON_EXTRACT(Properties, '$.DayOfWeek') as day_of_week, + JSON_EXTRACT(Properties, '$.TargetCheckNames') as target_check_names, + JSON_EXTRACT(Properties, '$.ScheduledAuditArn') as scheduled_audit_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::ScheduledAudit' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ScheduledAuditName') as scheduled_audit_name, + json_extract_path_text(Properties, 'Frequency') as frequency, + json_extract_path_text(Properties, 'DayOfMonth') as day_of_month, + json_extract_path_text(Properties, 'DayOfWeek') as day_of_week, + json_extract_path_text(Properties, 'TargetCheckNames') as target_check_names, + json_extract_path_text(Properties, 'ScheduledAuditArn') as scheduled_audit_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::ScheduledAudit' + AND data__Identifier = '' + AND region = 'us-east-1' + security_profiles: + name: security_profiles + id: aws.iot.security_profiles + x-cfn-schema-name: SecurityProfile + x-type: list + x-identifiers: + - SecurityProfileName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SecurityProfileName') as security_profile_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::SecurityProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SecurityProfileName') as security_profile_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::SecurityProfile' + AND region = 'us-east-1' + security_profile: + name: security_profile + id: aws.iot.security_profile + x-cfn-schema-name: SecurityProfile + x-type: get + x-identifiers: + - SecurityProfileName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SecurityProfileName') as security_profile_name, + JSON_EXTRACT(Properties, '$.SecurityProfileDescription') as security_profile_description, + JSON_EXTRACT(Properties, '$.Behaviors') as behaviors, + JSON_EXTRACT(Properties, '$.AlertTargets') as alert_targets, + JSON_EXTRACT(Properties, '$.AdditionalMetricsToRetainV2') as additional_metrics_to_retain_v2, + JSON_EXTRACT(Properties, '$.MetricsExportConfig') as metrics_export_config, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TargetArns') as target_arns, + JSON_EXTRACT(Properties, '$.SecurityProfileArn') as security_profile_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::SecurityProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SecurityProfileName') as security_profile_name, + json_extract_path_text(Properties, 'SecurityProfileDescription') as security_profile_description, + json_extract_path_text(Properties, 'Behaviors') as behaviors, + json_extract_path_text(Properties, 'AlertTargets') as alert_targets, + json_extract_path_text(Properties, 'AdditionalMetricsToRetainV2') as additional_metrics_to_retain_v2, + json_extract_path_text(Properties, 'MetricsExportConfig') as metrics_export_config, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TargetArns') as target_arns, + json_extract_path_text(Properties, 'SecurityProfileArn') as security_profile_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::SecurityProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + software_packages: + name: software_packages + id: aws.iot.software_packages + x-cfn-schema-name: SoftwarePackage + x-type: list + x-identifiers: + - PackageName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PackageName') as package_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::SoftwarePackage' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PackageName') as package_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::SoftwarePackage' + AND region = 'us-east-1' + software_package: + name: software_package + id: aws.iot.software_package + x-cfn-schema-name: SoftwarePackage + x-type: get + x-identifiers: + - PackageName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.PackageArn') as package_arn, + JSON_EXTRACT(Properties, '$.PackageName') as package_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::SoftwarePackage' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'PackageArn') as package_arn, + json_extract_path_text(Properties, 'PackageName') as package_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::SoftwarePackage' + AND data__Identifier = '' + AND region = 'us-east-1' + software_package_versions: + name: software_package_versions + id: aws.iot.software_package_versions + x-cfn-schema-name: SoftwarePackageVersion + x-type: list + x-identifiers: + - PackageName + - VersionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PackageName') as package_name, + JSON_EXTRACT(Properties, '$.VersionName') as version_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::SoftwarePackageVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PackageName') as package_name, + json_extract_path_text(Properties, 'VersionName') as version_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::SoftwarePackageVersion' + AND region = 'us-east-1' + software_package_version: + name: software_package_version + id: aws.iot.software_package_version + x-cfn-schema-name: SoftwarePackageVersion + x-type: get + x-identifiers: + - PackageName + - VersionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Attributes') as attributes, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ErrorReason') as error_reason, + JSON_EXTRACT(Properties, '$.PackageName') as package_name, + JSON_EXTRACT(Properties, '$.PackageVersionArn') as package_version_arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VersionName') as version_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::SoftwarePackageVersion' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Attributes') as attributes, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ErrorReason') as error_reason, + json_extract_path_text(Properties, 'PackageName') as package_name, + json_extract_path_text(Properties, 'PackageVersionArn') as package_version_arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VersionName') as version_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::SoftwarePackageVersion' + AND data__Identifier = '|' + AND region = 'us-east-1' + things: + name: things + id: aws.iot.things + x-cfn-schema-name: Thing + x-type: list + x-identifiers: + - ThingName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ThingName') as thing_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::Thing' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ThingName') as thing_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::Thing' + AND region = 'us-east-1' + thing: + name: thing + id: aws.iot.thing + x-cfn-schema-name: Thing + x-type: get + x-identifiers: + - ThingName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AttributePayload') as attribute_payload, + JSON_EXTRACT(Properties, '$.ThingName') as thing_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::Thing' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AttributePayload') as attribute_payload, + json_extract_path_text(Properties, 'ThingName') as thing_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::Thing' + AND data__Identifier = '' + AND region = 'us-east-1' + thing_groups: + name: thing_groups + id: aws.iot.thing_groups + x-cfn-schema-name: ThingGroup + x-type: list + x-identifiers: + - ThingGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ThingGroupName') as thing_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::ThingGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ThingGroupName') as thing_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::ThingGroup' + AND region = 'us-east-1' + thing_group: + name: thing_group + id: aws.iot.thing_group + x-cfn-schema-name: ThingGroup + x-type: get + x-identifiers: + - ThingGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ThingGroupName') as thing_group_name, + JSON_EXTRACT(Properties, '$.ParentGroupName') as parent_group_name, + JSON_EXTRACT(Properties, '$.QueryString') as query_string, + JSON_EXTRACT(Properties, '$.ThingGroupProperties') as thing_group_properties, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::ThingGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ThingGroupName') as thing_group_name, + json_extract_path_text(Properties, 'ParentGroupName') as parent_group_name, + json_extract_path_text(Properties, 'QueryString') as query_string, + json_extract_path_text(Properties, 'ThingGroupProperties') as thing_group_properties, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::ThingGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + thing_types: + name: thing_types + id: aws.iot.thing_types + x-cfn-schema-name: ThingType + x-type: list + x-identifiers: + - ThingTypeName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ThingTypeName') as thing_type_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::ThingType' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ThingTypeName') as thing_type_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::ThingType' + AND region = 'us-east-1' + thing_type: + name: thing_type + id: aws.iot.thing_type + x-cfn-schema-name: ThingType + x-type: get + x-identifiers: + - ThingTypeName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ThingTypeName') as thing_type_name, + JSON_EXTRACT(Properties, '$.DeprecateThingType') as deprecate_thing_type, + JSON_EXTRACT(Properties, '$.ThingTypeProperties') as thing_type_properties, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::ThingType' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ThingTypeName') as thing_type_name, + json_extract_path_text(Properties, 'DeprecateThingType') as deprecate_thing_type, + json_extract_path_text(Properties, 'ThingTypeProperties') as thing_type_properties, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::ThingType' + AND data__Identifier = '' + AND region = 'us-east-1' + topic_rules: + name: topic_rules + id: aws.iot.topic_rules + x-cfn-schema-name: TopicRule + x-type: list + x-identifiers: + - RuleName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RuleName') as rule_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::TopicRule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RuleName') as rule_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::TopicRule' + AND region = 'us-east-1' + topic_rule: + name: topic_rule + id: aws.iot.topic_rule + x-cfn-schema-name: TopicRule + x-type: get + x-identifiers: + - RuleName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.RuleName') as rule_name, + JSON_EXTRACT(Properties, '$.TopicRulePayload') as topic_rule_payload, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::TopicRule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'RuleName') as rule_name, + json_extract_path_text(Properties, 'TopicRulePayload') as topic_rule_payload, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::TopicRule' + AND data__Identifier = '' + AND region = 'us-east-1' + topic_rule_destinations: + name: topic_rule_destinations + id: aws.iot.topic_rule_destinations + x-cfn-schema-name: TopicRuleDestination + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::TopicRuleDestination' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::TopicRuleDestination' + AND region = 'us-east-1' + topic_rule_destination: + name: topic_rule_destination + id: aws.iot.topic_rule_destination + x-cfn-schema-name: TopicRuleDestination + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.HttpUrlProperties') as http_url_properties, + JSON_EXTRACT(Properties, '$.StatusReason') as status_reason, + JSON_EXTRACT(Properties, '$.VpcProperties') as vpc_properties + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::TopicRuleDestination' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'HttpUrlProperties') as http_url_properties, + json_extract_path_text(Properties, 'StatusReason') as status_reason, + json_extract_path_text(Properties, 'VpcProperties') as vpc_properties + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::TopicRuleDestination' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/iotanalytics.yaml b/providers/src/aws/v00.00.00000/services/iotanalytics.yaml new file mode 100644 index 00000000..a32f2484 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/iotanalytics.yaml @@ -0,0 +1,967 @@ +openapi: 3.0.0 +info: + title: IoTAnalytics + version: 1.0.0 +paths: {} +components: + schemas: + CustomerManagedS3: + type: object + additionalProperties: false + properties: + Bucket: + type: string + pattern: '[a-zA-Z0-9.\-_]*' + minLength: 3 + maxLength: 255 + RoleArn: + type: string + minLength: 20 + maxLength: 2048 + KeyPrefix: + type: string + pattern: '[a-zA-Z0-9!_.*''()/{}:-]*/' + minLength: 1 + maxLength: 255 + required: + - Bucket + - RoleArn + ServiceManagedS3: + type: object + additionalProperties: false + ChannelStorage: + type: object + additionalProperties: false + properties: + ServiceManagedS3: + $ref: '#/components/schemas/ServiceManagedS3' + CustomerManagedS3: + $ref: '#/components/schemas/CustomerManagedS3' + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 1 + maxLength: 256 + required: + - Value + - Key + RetentionPeriod: + type: object + additionalProperties: false + properties: + NumberOfDays: + type: integer + minimum: 1 + maximum: 2147483647 + Unlimited: + type: boolean + Channel: + type: object + additionalProperties: false + properties: + ChannelName: + type: string + pattern: '[a-zA-Z0-9_]+' + minLength: 1 + maxLength: 128 + Next: + type: string + minLength: 1 + maxLength: 128 + Name: + type: string + minLength: 1 + maxLength: 128 + required: + - ChannelName + - Name + DatasetContentVersionValue: + type: object + additionalProperties: false + properties: + DatasetName: + type: string + pattern: (^(?!_{2}))(^[a-zA-Z0-9_]+$) + minLength: 1 + maxLength: 128 + required: + - DatasetName + GlueConfiguration: + type: object + additionalProperties: false + properties: + DatabaseName: + type: string + minLength: 1 + maxLength: 150 + TableName: + type: string + minLength: 1 + maxLength: 150 + required: + - TableName + - DatabaseName + Action: + type: object + additionalProperties: false + properties: + ActionName: + type: string + pattern: ^[a-zA-Z0-9_]+$ + minLength: 1 + maxLength: 128 + ContainerAction: + $ref: '#/components/schemas/ContainerAction' + QueryAction: + $ref: '#/components/schemas/QueryAction' + required: + - ActionName + Variable: + type: object + additionalProperties: false + properties: + VariableName: + type: string + minLength: 1 + maxLength: 256 + DatasetContentVersionValue: + $ref: '#/components/schemas/DatasetContentVersionValue' + StringValue: + type: string + minLength: 0 + maxLength: 1024 + DoubleValue: + type: number + OutputFileUriValue: + $ref: '#/components/schemas/OutputFileUriValue' + required: + - VariableName + IotEventsDestinationConfiguration: + type: object + additionalProperties: false + properties: + InputName: + type: string + pattern: ^[a-zA-Z][a-zA-Z0-9_]*$ + minLength: 1 + maxLength: 128 + RoleArn: + type: string + minLength: 20 + maxLength: 2048 + required: + - InputName + - RoleArn + LateDataRule: + type: object + additionalProperties: false + properties: + RuleConfiguration: + $ref: '#/components/schemas/LateDataRuleConfiguration' + RuleName: + type: string + pattern: ^[a-zA-Z0-9_]+$ + minLength: 1 + maxLength: 128 + required: + - RuleConfiguration + DeltaTimeSessionWindowConfiguration: + type: object + additionalProperties: false + properties: + TimeoutInMinutes: + type: integer + minimum: 1 + maximum: 60 + required: + - TimeoutInMinutes + QueryAction: + type: object + additionalProperties: false + properties: + Filters: + type: array + minItems: 0 + maxItems: 1 + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Filter' + SqlQuery: + type: string + required: + - SqlQuery + VersioningConfiguration: + type: object + additionalProperties: false + properties: + Unlimited: + type: boolean + MaxVersions: + type: integer + minimum: 1 + maximum: 1000 + ResourceConfiguration: + type: object + additionalProperties: false + properties: + VolumeSizeInGB: + type: integer + minimum: 1 + maximum: 50 + ComputeType: + type: string + enum: + - ACU_1 + - ACU_2 + required: + - VolumeSizeInGB + - ComputeType + DatasetContentDeliveryRule: + type: object + additionalProperties: false + properties: + Destination: + $ref: '#/components/schemas/DatasetContentDeliveryRuleDestination' + EntryName: + type: string + required: + - Destination + Trigger: + type: object + additionalProperties: false + properties: + TriggeringDataset: + $ref: '#/components/schemas/TriggeringDataset' + Schedule: + $ref: '#/components/schemas/Schedule' + DeltaTime: + type: object + additionalProperties: false + properties: + OffsetSeconds: + type: integer + TimeExpression: + type: string + required: + - TimeExpression + - OffsetSeconds + ContainerAction: + type: object + additionalProperties: false + properties: + Variables: + type: array + minItems: 0 + maxItems: 50 + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Variable' + ExecutionRoleArn: + type: string + minLength: 20 + maxLength: 2048 + Image: + type: string + maxLength: 255 + ResourceConfiguration: + $ref: '#/components/schemas/ResourceConfiguration' + required: + - ExecutionRoleArn + - Image + - ResourceConfiguration + Filter: + type: object + additionalProperties: false + properties: + Filter: + type: string + minLength: 1 + maxLength: 256 + Next: + type: string + minLength: 1 + maxLength: 128 + Name: + type: string + minLength: 1 + maxLength: 128 + required: + - Filter + - Name + OutputFileUriValue: + type: object + additionalProperties: false + properties: + FileName: + type: string + pattern: ^[\w\.-]{1,255}$ + required: + - FileName + Schedule: + type: object + additionalProperties: false + properties: + ScheduleExpression: + type: string + required: + - ScheduleExpression + S3DestinationConfiguration: + type: object + additionalProperties: false + properties: + GlueConfiguration: + $ref: '#/components/schemas/GlueConfiguration' + Bucket: + type: string + pattern: ^[a-zA-Z0-9.\-_]*$ + minLength: 3 + maxLength: 255 + Key: + type: string + pattern: ^[a-zA-Z0-9!_.*'()/{}:-]*$ + minLength: 1 + maxLength: 255 + RoleArn: + type: string + minLength: 20 + maxLength: 2048 + required: + - Bucket + - Key + - RoleArn + LateDataRuleConfiguration: + type: object + additionalProperties: false + properties: + DeltaTimeSessionWindowConfiguration: + $ref: '#/components/schemas/DeltaTimeSessionWindowConfiguration' + DatasetContentDeliveryRuleDestination: + type: object + additionalProperties: false + properties: + IotEventsDestinationConfiguration: + $ref: '#/components/schemas/IotEventsDestinationConfiguration' + S3DestinationConfiguration: + $ref: '#/components/schemas/S3DestinationConfiguration' + TriggeringDataset: + type: object + additionalProperties: false + properties: + DatasetName: + type: string + pattern: (^(?!_{2}))(^[a-zA-Z0-9_]+$) + minLength: 1 + maxLength: 128 + required: + - DatasetName + Dataset: + type: object + properties: + Actions: + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 1 + maxItems: 1 + items: + $ref: '#/components/schemas/Action' + LateDataRules: + type: array + minItems: 1 + maxItems: 1 + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/LateDataRule' + DatasetName: + type: string + pattern: (^(?!_{2}))(^[a-zA-Z0-9_]+$) + minLength: 1 + maxLength: 128 + ContentDeliveryRules: + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 0 + maxItems: 20 + items: + $ref: '#/components/schemas/DatasetContentDeliveryRule' + Triggers: + type: array + minItems: 0 + maxItems: 5 + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Trigger' + VersioningConfiguration: + $ref: '#/components/schemas/VersioningConfiguration' + Id: + type: string + RetentionPeriod: + $ref: '#/components/schemas/RetentionPeriod' + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 1 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + required: + - Actions + x-stackql-resource-name: dataset + description: Resource Type definition for AWS::IoTAnalytics::Dataset + x-type-name: AWS::IoTAnalytics::Dataset + x-stackql-primary-identifier: + - DatasetName + x-create-only-properties: + - DatasetName + x-read-only-properties: + - Id + x-required-properties: + - Actions + x-taggable: true + x-required-permissions: + create: + - iotanalytics:CreateDataset + read: + - iotanalytics:DescribeDataset + - iotanalytics:ListTagsForResource + update: + - iotanalytics:UpdateDataset + - iotanalytics:TagResource + - iotanalytics:UntagResource + delete: + - iotanalytics:DeleteDataset + list: + - iotanalytics:ListDatasets + DatastoreStorage: + type: object + additionalProperties: false + properties: + ServiceManagedS3: + $ref: '#/components/schemas/ServiceManagedS3' + CustomerManagedS3: + $ref: '#/components/schemas/CustomerManagedS3' + IotSiteWiseMultiLayerStorage: + $ref: '#/components/schemas/IotSiteWiseMultiLayerStorage' + SchemaDefinition: + type: object + additionalProperties: false + properties: + Columns: + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 1 + maxItems: 100 + items: + $ref: '#/components/schemas/Column' + JsonConfiguration: + type: object + additionalProperties: false + ParquetConfiguration: + type: object + additionalProperties: false + properties: + SchemaDefinition: + $ref: '#/components/schemas/SchemaDefinition' + FileFormatConfiguration: + type: object + additionalProperties: false + properties: + JsonConfiguration: + $ref: '#/components/schemas/JsonConfiguration' + ParquetConfiguration: + $ref: '#/components/schemas/ParquetConfiguration' + Column: + type: object + additionalProperties: false + properties: + Type: + type: string + Name: + type: string + required: + - Type + - Name + IotSiteWiseMultiLayerStorage: + type: object + additionalProperties: false + properties: + CustomerManagedS3Storage: + $ref: '#/components/schemas/CustomerManagedS3Storage' + CustomerManagedS3Storage: + type: object + additionalProperties: false + properties: + Bucket: + type: string + pattern: '[a-zA-Z0-9.\-_]*' + minLength: 3 + maxLength: 255 + KeyPrefix: + type: string + pattern: '[a-zA-Z0-9!_.*''()/{}:-]*/' + minLength: 1 + maxLength: 255 + required: + - Bucket + DatastorePartitions: + type: object + additionalProperties: false + properties: + Partitions: + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 0 + maxItems: 25 + items: + $ref: '#/components/schemas/DatastorePartition' + DatastorePartition: + type: object + additionalProperties: false + properties: + Partition: + $ref: '#/components/schemas/Partition' + TimestampPartition: + $ref: '#/components/schemas/TimestampPartition' + Partition: + type: object + additionalProperties: false + properties: + AttributeName: + type: string + pattern: '[a-zA-Z0-9_]+' + required: + - AttributeName + TimestampPartition: + type: object + additionalProperties: false + properties: + AttributeName: + type: string + pattern: '[a-zA-Z0-9_]+' + TimestampFormat: + type: string + pattern: '[a-zA-Z0-9\s\[\]_,.''/:-]*' + required: + - AttributeName + Datastore: + type: object + additionalProperties: false + properties: + DatastoreName: + type: string + pattern: '[a-zA-Z0-9_]+' + minLength: 1 + maxLength: 128 + Name: + type: string + minLength: 1 + maxLength: 128 + required: + - DatastoreName + - Name + Activity: + type: object + additionalProperties: false + properties: + SelectAttributes: + $ref: '#/components/schemas/SelectAttributes' + Datastore: + $ref: '#/components/schemas/Datastore' + Filter: + $ref: '#/components/schemas/Filter' + AddAttributes: + $ref: '#/components/schemas/AddAttributes' + Channel: + $ref: '#/components/schemas/Channel' + DeviceShadowEnrich: + $ref: '#/components/schemas/DeviceShadowEnrich' + Math: + $ref: '#/components/schemas/Math' + Lambda: + $ref: '#/components/schemas/Lambda' + DeviceRegistryEnrich: + $ref: '#/components/schemas/DeviceRegistryEnrich' + RemoveAttributes: + $ref: '#/components/schemas/RemoveAttributes' + DeviceShadowEnrich: + type: object + additionalProperties: false + properties: + Attribute: + type: string + minLength: 1 + maxLength: 256 + Next: + type: string + minLength: 1 + maxLength: 128 + ThingName: + type: string + minLength: 1 + maxLength: 256 + RoleArn: + type: string + minLength: 20 + maxLength: 2048 + Name: + type: string + minLength: 1 + maxLength: 128 + required: + - Attribute + - ThingName + - RoleArn + - Name + RemoveAttributes: + type: object + additionalProperties: false + properties: + Next: + type: string + minLength: 1 + maxLength: 128 + Attributes: + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 1 + maxItems: 50 + items: + type: string + minLength: 1 + maxLength: 256 + Name: + type: string + minLength: 1 + maxLength: 128 + required: + - Attributes + - Name + SelectAttributes: + type: object + additionalProperties: false + properties: + Next: + type: string + minLength: 1 + maxLength: 128 + Attributes: + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 1 + maxItems: 50 + items: + type: string + minLength: 1 + maxLength: 256 + Name: + type: string + minLength: 1 + maxLength: 128 + required: + - Name + - Attributes + Lambda: + type: object + additionalProperties: false + properties: + BatchSize: + type: integer + minimum: 1 + maximum: 1000 + Next: + type: string + minLength: 1 + maxLength: 128 + LambdaName: + type: string + pattern: '[a-zA-Z0-9_-]+' + minLength: 1 + maxLength: 64 + Name: + type: string + minLength: 1 + maxLength: 128 + required: + - LambdaName + - Name + - BatchSize + DeviceRegistryEnrich: + type: object + additionalProperties: false + properties: + Attribute: + type: string + minLength: 1 + maxLength: 256 + Next: + type: string + minLength: 1 + maxLength: 128 + ThingName: + type: string + minLength: 1 + maxLength: 256 + RoleArn: + type: string + minLength: 20 + maxLength: 2048 + Name: + type: string + minLength: 1 + maxLength: 128 + required: + - Attribute + - ThingName + - RoleArn + - Name + AddAttributes: + type: object + additionalProperties: false + properties: + Next: + type: string + minLength: 1 + maxLength: 128 + Attributes: + type: object + minProperties: 1 + maxProperties: 50 + x-patternProperties: + ^.*$: + type: string + minLength: 1 + maxLength: 256 + additionalProperties: false + Name: + type: string + minLength: 1 + maxLength: 128 + required: + - Attributes + - Name + Math: + type: object + additionalProperties: false + properties: + Attribute: + type: string + minLength: 1 + maxLength: 256 + Next: + type: string + minLength: 1 + maxLength: 128 + Math: + type: string + minLength: 1 + maxLength: 256 + Name: + type: string + minLength: 1 + maxLength: 128 + required: + - Attribute + - Math + - Name + Pipeline: + type: object + properties: + Id: + type: string + PipelineName: + type: string + pattern: '[a-zA-Z0-9_]+' + minLength: 1 + maxLength: 128 + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 1 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + PipelineActivities: + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 1 + maxItems: 25 + items: + $ref: '#/components/schemas/Activity' + required: + - PipelineActivities + x-stackql-resource-name: pipeline + description: Resource Type definition for AWS::IoTAnalytics::Pipeline + x-type-name: AWS::IoTAnalytics::Pipeline + x-stackql-primary-identifier: + - PipelineName + x-create-only-properties: + - PipelineName + x-read-only-properties: + - Id + x-required-properties: + - PipelineActivities + x-taggable: true + x-required-permissions: + create: + - iotanalytics:CreatePipeline + read: + - iotanalytics:DescribePipeline + - iotanalytics:ListTagsForResource + update: + - iotanalytics:UpdatePipeline + - iotanalytics:TagResource + - iotanalytics:UntagResource + delete: + - iotanalytics:DeletePipeline + list: + - iotanalytics:ListPipelines + x-stackQL-resources: + datasets: + name: datasets + id: aws.iotanalytics.datasets + x-cfn-schema-name: Dataset + x-type: list + x-identifiers: + - DatasetName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DatasetName') as dataset_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTAnalytics::Dataset' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DatasetName') as dataset_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTAnalytics::Dataset' + AND region = 'us-east-1' + dataset: + name: dataset + id: aws.iotanalytics.dataset + x-cfn-schema-name: Dataset + x-type: get + x-identifiers: + - DatasetName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Actions') as actions, + JSON_EXTRACT(Properties, '$.LateDataRules') as late_data_rules, + JSON_EXTRACT(Properties, '$.DatasetName') as dataset_name, + JSON_EXTRACT(Properties, '$.ContentDeliveryRules') as content_delivery_rules, + JSON_EXTRACT(Properties, '$.Triggers') as triggers, + JSON_EXTRACT(Properties, '$.VersioningConfiguration') as versioning_configuration, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.RetentionPeriod') as retention_period, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTAnalytics::Dataset' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Actions') as actions, + json_extract_path_text(Properties, 'LateDataRules') as late_data_rules, + json_extract_path_text(Properties, 'DatasetName') as dataset_name, + json_extract_path_text(Properties, 'ContentDeliveryRules') as content_delivery_rules, + json_extract_path_text(Properties, 'Triggers') as triggers, + json_extract_path_text(Properties, 'VersioningConfiguration') as versioning_configuration, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'RetentionPeriod') as retention_period, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTAnalytics::Dataset' + AND data__Identifier = '' + AND region = 'us-east-1' + pipelines: + name: pipelines + id: aws.iotanalytics.pipelines + x-cfn-schema-name: Pipeline + x-type: list + x-identifiers: + - PipelineName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PipelineName') as pipeline_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTAnalytics::Pipeline' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PipelineName') as pipeline_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTAnalytics::Pipeline' + AND region = 'us-east-1' + pipeline: + name: pipeline + id: aws.iotanalytics.pipeline + x-cfn-schema-name: Pipeline + x-type: get + x-identifiers: + - PipelineName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.PipelineName') as pipeline_name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.PipelineActivities') as pipeline_activities + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTAnalytics::Pipeline' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'PipelineName') as pipeline_name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'PipelineActivities') as pipeline_activities + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTAnalytics::Pipeline' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/iotcoredeviceadvisor.yaml b/providers/src/aws/v00.00.00000/services/iotcoredeviceadvisor.yaml new file mode 100644 index 00000000..1b4fde55 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/iotcoredeviceadvisor.yaml @@ -0,0 +1,217 @@ +openapi: 3.0.0 +info: + title: IoTCoreDeviceAdvisor + version: 1.0.0 +paths: {} +components: + schemas: + DeviceUnderTest: + type: object + properties: + CertificateArn: + type: string + minLength: 20 + maxLength: 2048 + ThingArn: + type: string + minLength: 20 + maxLength: 2048 + additionalProperties: false + SuiteDefinitionName: + type: string + description: The Name of the suite definition. + minLength: 1 + maxLength: 256 + RootGroup: + type: string + description: The root group of the test suite. + minLength: 1 + maxLength: 2048 + Devices: + type: array + description: The devices being tested in the test suite + minItems: 0 + maxItems: 2 + items: + $ref: '#/components/schemas/DeviceUnderTest' + DevicePermissionRoleArn: + type: string + description: The device permission role arn of the test suite. + minLength: 20 + maxLength: 2048 + IntendedForQualification: + description: Whether the tests are intended for qualification in a suite. + type: boolean + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + SuiteDefinition: + type: object + properties: + SuiteDefinitionConfiguration: + type: object + properties: + DevicePermissionRoleArn: + $ref: '#/components/schemas/DevicePermissionRoleArn' + Devices: + $ref: '#/components/schemas/Devices' + IntendedForQualification: + $ref: '#/components/schemas/IntendedForQualification' + RootGroup: + $ref: '#/components/schemas/RootGroup' + SuiteDefinitionName: + $ref: '#/components/schemas/SuiteDefinitionName' + required: + - DevicePermissionRoleArn + - RootGroup + additionalProperties: false + SuiteDefinitionId: + type: string + maxLength: 36 + minLength: 12 + description: The unique identifier for the suite definition. + SuiteDefinitionArn: + type: string + maxLength: 2048 + minLength: 20 + description: The Amazon Resource name for the suite definition. + SuiteDefinitionVersion: + type: string + maxLength: 255 + minLength: 2 + description: The suite definition version of a test suite. + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - SuiteDefinitionConfiguration + x-stackql-resource-name: suite_definition + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::IoTCoreDeviceAdvisor::SuiteDefinition + x-stackql-primary-identifier: + - SuiteDefinitionId + x-read-only-properties: + - SuiteDefinitionId + - SuiteDefinitionArn + - SuiteDefinitionVersion + x-required-properties: + - SuiteDefinitionConfiguration + x-required-permissions: + create: + - iot:DescribeCertificate + - iot:DescribeThing + - iot:GetPolicy + - iot:ListAttachedPolicies + - iot:ListCertificates + - iot:ListPrincipalPolicies + - iot:ListTagsForResource + - iot:ListThingPrincipals + - iot:ListThings + - iotdeviceadvisor:CreateSuiteDefinition + - iotdeviceadvisor:TagResource + - iam:PassRole + read: + - iotdeviceadvisor:GetSuiteDefinition + - iotdeviceadvisor:TagResource + update: + - iot:DescribeCertificate + - iot:DescribeThing + - iot:GetPolicy + - iot:ListAttachedPolicies + - iot:ListCertificates + - iot:ListPrincipalPolicies + - iot:ListTagsForResource + - iot:ListThingPrincipals + - iot:ListThings + - iotdeviceadvisor:UpdateSuiteDefinition + - iotdeviceadvisor:GetSuiteDefinition + - iotdeviceadvisor:UntagResource + - iotdeviceadvisor:TagResource + - iam:PassRole + delete: + - iotdeviceadvisor:GetSuiteDefinition + - iotdeviceadvisor:DeleteSuiteDefinition + list: + - iotdeviceadvisor:ListSuiteDefinitions + x-stackQL-resources: + suite_definitions: + name: suite_definitions + id: aws.iotcoredeviceadvisor.suite_definitions + x-cfn-schema-name: SuiteDefinition + x-type: list + x-identifiers: + - SuiteDefinitionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SuiteDefinitionId') as suite_definition_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTCoreDeviceAdvisor::SuiteDefinition' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SuiteDefinitionId') as suite_definition_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTCoreDeviceAdvisor::SuiteDefinition' + AND region = 'us-east-1' + suite_definition: + name: suite_definition + id: aws.iotcoredeviceadvisor.suite_definition + x-cfn-schema-name: SuiteDefinition + x-type: get + x-identifiers: + - SuiteDefinitionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SuiteDefinitionConfiguration') as suite_definition_configuration, + JSON_EXTRACT(Properties, '$.SuiteDefinitionId') as suite_definition_id, + JSON_EXTRACT(Properties, '$.SuiteDefinitionArn') as suite_definition_arn, + JSON_EXTRACT(Properties, '$.SuiteDefinitionVersion') as suite_definition_version, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTCoreDeviceAdvisor::SuiteDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SuiteDefinitionConfiguration') as suite_definition_configuration, + json_extract_path_text(Properties, 'SuiteDefinitionId') as suite_definition_id, + json_extract_path_text(Properties, 'SuiteDefinitionArn') as suite_definition_arn, + json_extract_path_text(Properties, 'SuiteDefinitionVersion') as suite_definition_version, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTCoreDeviceAdvisor::SuiteDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/iotevents.yaml b/providers/src/aws/v00.00.00000/services/iotevents.yaml new file mode 100644 index 00000000..8255f90b --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/iotevents.yaml @@ -0,0 +1,1066 @@ +openapi: 3.0.0 +info: + title: IoTEvents + version: 1.0.0 +paths: {} +components: + schemas: + AlarmRule: + type: object + description: Defines when your alarm is invoked. + additionalProperties: false + properties: + SimpleRule: + $ref: '#/components/schemas/SimpleRule' + SimpleRule: + type: object + additionalProperties: false + description: A rule that compares an input property value to a threshold value with a comparison operator. + properties: + InputProperty: + type: string + minLength: 1 + maxLength: 512 + description: The value on the left side of the comparison operator. You can specify an AWS IoT Events input attribute as an input property. + ComparisonOperator: + type: string + enum: + - GREATER + - GREATER_OR_EQUAL + - LESS + - LESS_OR_EQUAL + - EQUAL + - NOT_EQUAL + description: The comparison operator. + Threshold: + type: string + minLength: 1 + maxLength: 512 + description: The value on the right side of the comparison operator. You can enter a number or specify an AWS IoT Events input attribute. + required: + - InputProperty + - ComparisonOperator + - Threshold + AlarmEventActions: + type: object + additionalProperties: false + description: Contains information about one or more alarm actions. + properties: + AlarmActions: + $ref: '#/components/schemas/AlarmActions' + AlarmCapabilities: + type: object + description: Contains the configuration information of alarm state changes + additionalProperties: false + properties: + InitializationConfiguration: + $ref: '#/components/schemas/InitializationConfiguration' + AcknowledgeFlow: + $ref: '#/components/schemas/AcknowledgeFlow' + AlarmActions: + type: array + description: Specifies one or more supported actions to receive notifications when the alarm state changes. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/AlarmAction' + AlarmAction: + type: object + additionalProperties: false + description: The actions to be performed. + properties: + DynamoDB: + $ref: '#/components/schemas/DynamoDB' + DynamoDBv2: + $ref: '#/components/schemas/DynamoDBv2' + Firehose: + $ref: '#/components/schemas/Firehose' + IotEvents: + $ref: '#/components/schemas/IotEvents' + IotSiteWise: + $ref: '#/components/schemas/IotSiteWise' + IotTopicPublish: + $ref: '#/components/schemas/IotTopicPublish' + Lambda: + $ref: '#/components/schemas/Lambda' + Sns: + $ref: '#/components/schemas/Sns' + Sqs: + $ref: '#/components/schemas/Sqs' + DynamoDB: + type: object + additionalProperties: false + description: >- + Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can also customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify. For more information, see + [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *AWS IoT Events Developer Guide*. + properties: + HashKeyField: + type: string + description: The name of the hash key (also called the partition key). + HashKeyType: + type: string + description: |- + The data type for the hash key (also called the partition key). You can specify the following values: + + * `STRING` - The hash key is a string. + + * `NUMBER` - The hash key is a number. + + If you don't specify `hashKeyType`, the default value is `STRING`. + HashKeyValue: + type: string + description: The value of the hash key (also called the partition key). + Operation: + type: string + description: |- + The type of operation to perform. You can specify the following values: + + * `INSERT` - Insert data as a new item into the DynamoDB table. This item uses the specified hash key as a partition key. If you specified a range key, the item uses the range key as a sort key. + + * `UPDATE` - Update an existing item of the DynamoDB table with new data. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key. + + * `DELETE` - Delete an existing item of the DynamoDB table. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key. + + If you don't specify this parameter, AWS IoT Events triggers the `INSERT` operation. + Payload: + $ref: '#/components/schemas/Payload' + PayloadField: + type: string + description: |- + The name of the DynamoDB column that receives the action payload. + + If you don't specify this parameter, the name of the DynamoDB column is `payload`. + RangeKeyField: + type: string + description: The name of the range key (also called the sort key). + RangeKeyType: + type: string + description: |- + The data type for the range key (also called the sort key), You can specify the following values: + + * `STRING` - The range key is a string. + + * `NUMBER` - The range key is number. + + If you don't specify `rangeKeyField`, the default value is `STRING`. + RangeKeyValue: + type: string + description: The value of the range key (also called the sort key). + TableName: + type: string + description: The name of the DynamoDB table. + required: + - HashKeyField + - HashKeyValue + - TableName + DynamoDBv2: + type: object + additionalProperties: false + description: |- + Defines an action to write to the Amazon DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can also customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify. + + You can use expressions for parameters that are strings. For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *AWS IoT Events Developer Guide*. + properties: + Payload: + $ref: '#/components/schemas/Payload' + TableName: + type: string + description: The name of the DynamoDB table. + required: + - TableName + Firehose: + type: object + additionalProperties: false + description: Sends information about the detector model instance and the event that triggered the action to an Amazon Kinesis Data Firehose delivery stream. + properties: + DeliveryStreamName: + type: string + description: The name of the Kinesis Data Firehose delivery stream where the data is written. + Payload: + $ref: '#/components/schemas/Payload' + Separator: + type: string + description: 'A character separator that is used to separate records written to the Kinesis Data Firehose delivery stream. Valid values are: ''\n'' (newline), ''\t'' (tab), ''\r\n'' (Windows newline), '','' (comma).' + pattern: ([\n\t])|(\r\n)|(,) + required: + - DeliveryStreamName + IotEvents: + type: object + additionalProperties: false + description: Sends an AWS IoT Events input, passing in information about the detector model instance and the event that triggered the action. + properties: + InputName: + type: string + description: The name of the AWS IoT Events input where the data is sent. + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z][a-zA-Z0-9_]*$ + Payload: + $ref: '#/components/schemas/Payload' + required: + - InputName + IotSiteWise: + type: object + additionalProperties: false + description: Sends information about the detector model instance and the event that triggered the action to a specified asset property in AWS IoT SiteWise. + properties: + AssetId: + type: string + description: The ID of the asset that has the specified property. You can specify an expression. + EntryId: + type: string + description: A unique identifier for this entry. You can use the entry ID to track which data entry causes an error in case of failure. The default is a new unique identifier. You can also specify an expression. + PropertyAlias: + type: string + description: The alias of the asset property. You can also specify an expression. + PropertyId: + type: string + description: The ID of the asset property. You can specify an expression. + PropertyValue: + $ref: '#/components/schemas/AssetPropertyValue' + required: + - PropertyValue + IotTopicPublish: + type: object + additionalProperties: false + description: Information required to publish the MQTT message through the AWS IoT message broker. + properties: + MqttTopic: + type: string + description: The MQTT topic of the message. You can use a string expression that includes variables (`$variable.`) and input values (`$input..`) as the topic string. + minLength: 1 + maxLength: 128 + Payload: + $ref: '#/components/schemas/Payload' + required: + - MqttTopic + Lambda: + type: object + additionalProperties: false + properties: + FunctionArn: + type: string + description: The ARN of the Lambda function that is executed. + minLength: 1 + maxLength: 2048 + Payload: + $ref: '#/components/schemas/Payload' + required: + - FunctionArn + Sns: + type: object + additionalProperties: false + description: Information required to publish the Amazon SNS message. + properties: + Payload: + $ref: '#/components/schemas/Payload' + TargetArn: + type: string + description: The ARN of the Amazon SNS target where the message is sent. + minLength: 1 + maxLength: 2048 + required: + - TargetArn + Sqs: + type: object + additionalProperties: false + properties: + Payload: + $ref: '#/components/schemas/Payload' + QueueUrl: + type: string + description: The URL of the SQS queue where the data is written. + UseBase64: + type: boolean + description: Set this to `TRUE` if you want the data to be base-64 encoded before it is written to the queue. Otherwise, set this to `FALSE`. + required: + - QueueUrl + Payload: + type: object + additionalProperties: false + description: |- + Information needed to configure the payload. + + By default, AWS IoT Events generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use `contentExpression`. + properties: + ContentExpression: + type: string + description: The content of the payload. You can use a string expression that includes quoted strings (`''`), variables (`$variable.`), input values (`$input..`), string concatenations, and quoted strings that contain `${}` as the content. The recommended maximum size of a content expression is 1 KB. + minLength: 1 + Type: + type: string + description: The value of the payload type can be either `STRING` or `JSON`. + required: + - ContentExpression + - Type + InitializationConfiguration: + type: object + description: Specifies the default alarm state. The configuration applies to all alarms that were created based on this alarm model. + additionalProperties: false + properties: + DisabledOnInitialization: + type: boolean + description: The value must be TRUE or FALSE. If FALSE, all alarm instances created based on the alarm model are activated. The default value is TRUE. + default: 'true' + required: + - DisabledOnInitialization + AcknowledgeFlow: + type: object + description: Specifies whether to get notified for alarm state changes. + additionalProperties: false + properties: + Enabled: + type: boolean + description: The value must be TRUE or FALSE. If TRUE, you receive a notification when the alarm state changes. You must choose to acknowledge the notification before the alarm state can return to NORMAL. If FALSE, you won't receive notifications. The alarm automatically changes to the NORMAL state when the input property value returns to the specified range. + default: 'true' + AssetPropertyValue: + type: object + additionalProperties: false + description: A structure that contains value information. For more information, see [AssetPropertyValue](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetPropertyValue.html) in the *AWS IoT SiteWise API Reference*. + properties: + Quality: + type: string + description: The quality of the asset property value. The value must be `GOOD`, `BAD`, or `UNCERTAIN`. You can also specify an expression. + Timestamp: + $ref: '#/components/schemas/AssetPropertyTimestamp' + Value: + $ref: '#/components/schemas/AssetPropertyVariant' + required: + - Value + AssetPropertyTimestamp: + type: object + additionalProperties: false + description: A structure that contains timestamp information. For more information, see [TimeInNanos](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_TimeInNanos.html) in the *AWS IoT SiteWise API Reference*. + properties: + OffsetInNanos: + type: string + description: The timestamp, in seconds, in the Unix epoch format. The valid range is between `1-31556889864403199`. You can also specify an expression. + TimeInSeconds: + type: string + description: The nanosecond offset converted from `timeInSeconds`. The valid range is between `0-999999999`. You can also specify an expression. + required: + - TimeInSeconds + AssetPropertyVariant: + type: object + additionalProperties: false + description: A structure that contains an asset property value. For more information, see [Variant](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_Variant.html) in the *AWS IoT SiteWise API Reference*. + properties: + BooleanValue: + type: string + description: The asset property value is a Boolean value that must be `TRUE` or `FALSE`. You can also specify an expression. If you use an expression, the evaluated result should be a Boolean value. + DoubleValue: + type: string + description: The asset property value is a double. You can also specify an expression. If you use an expression, the evaluated result should be a double. + IntegerValue: + type: string + description: The asset property value is an integer. You can also specify an expression. If you use an expression, the evaluated result should be an integer. + StringValue: + type: string + description: The asset property value is a string. You can also specify an expression. If you use an expression, the evaluated result should be a string. + Tag: + type: object + additionalProperties: false + description: Tags to be applied to Input. + properties: + Key: + description: Key of the Tag. + type: string + Value: + description: Value of the Tag. + type: string + required: + - Value + - Key + AlarmModel: + type: object + properties: + AlarmModelName: + type: string + description: The name of the alarm model. + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9_-]+$ + AlarmModelDescription: + type: string + description: A brief description of the alarm model. + maxLength: 1024 + RoleArn: + type: string + description: The ARN of the role that grants permission to AWS IoT Events to perform its operations. + minLength: 1 + maxLength: 2048 + Key: + type: string + description: |- + The value used to identify a alarm instance. When a device or system sends input, a new alarm instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding alarm instance based on this identifying information. + + This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct alarm instance, the device must send a message payload that contains the same attribute-value. + minLength: 1 + maxLength: 128 + pattern: ^((`[\w\- ]+`)|([\w\-]+))(\.((`[\w\- ]+`)|([\w\-]+)))*$ + Severity: + type: integer + description: |+ + A non-negative integer that reflects the severity level of the alarm. + + minimum: 0 + maximum: 2147483647 + AlarmRule: + $ref: '#/components/schemas/AlarmRule' + AlarmEventActions: + $ref: '#/components/schemas/AlarmEventActions' + AlarmCapabilities: + $ref: '#/components/schemas/AlarmCapabilities' + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + description: |- + An array of key-value pairs to apply to this resource. + + For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). + items: + $ref: '#/components/schemas/Tag' + required: + - RoleArn + - AlarmRule + x-stackql-resource-name: alarm_model + description: |- + The AWS::IoTEvents::AlarmModel resource creates a alarm model. AWS IoT Events alarms help you monitor your data for changes. The data can be metrics that you measure for your equipment and processes. You can create alarms that send notifications when a threshold is breached. Alarms help you detect issues, streamline maintenance, and optimize performance of your equipment and processes. + + Alarms are instances of alarm models. The alarm model specifies what to detect, when to send notifications, who gets notified, and more. You can also specify one or more supported actions that occur when the alarm state changes. AWS IoT Events routes input attributes derived from your data to the appropriate alarms. If the data that you're monitoring is outside the specified range, the alarm is invoked. You can also acknowledge the alarms or set them to the snooze mode. + x-type-name: AWS::IoTEvents::AlarmModel + x-stackql-primary-identifier: + - AlarmModelName + x-create-only-properties: + - AlarmModelName + - Key + x-required-properties: + - RoleArn + - AlarmRule + x-required-permissions: + create: + - iotevents:CreateAlarmModel + - iotevents:UpdateInputRouting + - iotevents:DescribeAlarmModel + - iotevents:ListTagsForResource + - iotevents:TagResource + - iam:PassRole + read: + - iotevents:DescribeAlarmModel + - iotevents:ListTagsForResource + update: + - iotevents:UpdateAlarmModel + - iotevents:UpdateInputRouting + - iotevents:DescribeAlarmModel + - iotevents:ListTagsForResource + - iotevents:UntagResource + - iotevents:TagResource + - iam:PassRole + delete: + - iotevents:DeleteAlarmModel + - iotevents:DescribeAlarmModel + list: + - iotevents:ListAlarmModels + DetectorModelDefinition: + type: object + additionalProperties: false + description: Information that defines how a detector operates. + properties: + InitialStateName: + type: string + description: The state that is entered at the creation of each detector (instance). + minLength: 1 + maxLength: 128 + States: + type: array + uniqueItems: false + x-insertionOrder: false + description: Information about the states of the detector. + minItems: 1 + items: + $ref: '#/components/schemas/State' + required: + - States + - InitialStateName + State: + type: object + additionalProperties: false + description: Information that defines a state of a detector. + properties: + OnEnter: + $ref: '#/components/schemas/OnEnter' + OnExit: + $ref: '#/components/schemas/OnExit' + OnInput: + $ref: '#/components/schemas/OnInput' + StateName: + type: string + minLength: 1 + maxLength: 128 + description: The name of the state. + required: + - StateName + OnEnter: + type: object + additionalProperties: false + description: When entering this state, perform these `actions` if the `condition` is `TRUE`. + properties: + Events: + type: array + uniqueItems: false + x-insertionOrder: false + description: Specifies the `actions` that are performed when the state is entered and the `condition` is `TRUE`. + items: + $ref: '#/components/schemas/Event' + OnExit: + type: object + additionalProperties: false + description: When exiting this state, perform these `actions` if the specified `condition` is `TRUE`. + properties: + Events: + type: array + uniqueItems: false + x-insertionOrder: false + description: Specifies the `actions` that are performed when the state is exited and the `condition` is `TRUE`. + items: + $ref: '#/components/schemas/Event' + OnInput: + type: object + additionalProperties: false + description: When an input is received and the `condition` is `TRUE`, perform the specified `actions`. + properties: + Events: + type: array + uniqueItems: false + x-insertionOrder: false + description: Specifies the `actions` performed when the `condition` evaluates to `TRUE`. + items: + $ref: '#/components/schemas/Event' + TransitionEvents: + type: array + uniqueItems: false + x-insertionOrder: true + description: Specifies the `actions` performed, and the next `state` entered, when a `condition` evaluates to `TRUE`. + items: + $ref: '#/components/schemas/TransitionEvent' + Event: + type: object + additionalProperties: false + description: Specifies the `actions` to be performed when the `condition` evaluates to `TRUE`. + properties: + Actions: + type: array + uniqueItems: false + x-insertionOrder: false + description: The actions to be performed. + items: + $ref: '#/components/schemas/Action' + Condition: + type: string + description: The Boolean expression that, when `TRUE`, causes the `actions` to be performed. If not present, the `actions` are performed (=`TRUE`). If the expression result is not a `Boolean` value, the `actions` are not performed (=`FALSE`). + maxLength: 512 + EventName: + type: string + description: The name of the event. + maxLength: 128 + required: + - EventName + TransitionEvent: + type: object + additionalProperties: false + description: Specifies the `actions `performed and the next `state` entered when a `condition` evaluates to `TRUE`. + properties: + Actions: + type: array + description: The actions to be performed. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Action' + Condition: + type: string + description: A Boolean expression that when `TRUE` causes the `actions` to be performed and the `nextState` to be entered. + maxLength: 512 + EventName: + type: string + description: The name of the event. + minLength: 1 + maxLength: 128 + NextState: + type: string + description: The next state to enter. + minLength: 1 + maxLength: 128 + required: + - Condition + - EventName + - NextState + Action: + type: object + additionalProperties: false + description: The actions to be performed. + properties: + ClearTimer: + $ref: '#/components/schemas/ClearTimer' + DynamoDB: + $ref: '#/components/schemas/DynamoDB' + DynamoDBv2: + $ref: '#/components/schemas/DynamoDBv2' + Firehose: + $ref: '#/components/schemas/Firehose' + IotEvents: + $ref: '#/components/schemas/IotEvents' + IotSiteWise: + $ref: '#/components/schemas/IotSiteWise' + IotTopicPublish: + $ref: '#/components/schemas/IotTopicPublish' + Lambda: + $ref: '#/components/schemas/Lambda' + ResetTimer: + $ref: '#/components/schemas/ResetTimer' + SetTimer: + $ref: '#/components/schemas/SetTimer' + SetVariable: + $ref: '#/components/schemas/SetVariable' + Sns: + $ref: '#/components/schemas/Sns' + Sqs: + $ref: '#/components/schemas/Sqs' + ClearTimer: + type: object + additionalProperties: false + description: Information needed to clear the timer. + properties: + TimerName: + type: string + minLength: 1 + maxLength: 128 + required: + - TimerName + ResetTimer: + type: object + additionalProperties: false + description: Information required to reset the timer. The timer is reset to the previously evaluated result of the duration. The duration expression isn't reevaluated when you reset the timer. + properties: + TimerName: + type: string + description: The name of the timer to reset. + minLength: 1 + maxLength: 128 + required: + - TimerName + SetTimer: + type: object + additionalProperties: false + description: Information needed to set the timer. + properties: + DurationExpression: + type: string + description: The duration of the timer, in seconds. You can use a string expression that includes numbers, variables (`$variable.`), and input values (`$input..`) as the duration. The range of the duration is `1-31622400` seconds. To ensure accuracy, the minimum duration is `60` seconds. The evaluated result of the duration is rounded down to the nearest whole number. + minLength: 1 + maxLength: 1024 + Seconds: + type: integer + description: The number of seconds until the timer expires. The minimum value is `60` seconds to ensure accuracy. The maximum value is `31622400` seconds. + minimum: 60 + maximum: 31622400 + TimerName: + type: string + description: The name of the timer. + minLength: 1 + maxLength: 128 + required: + - TimerName + SetVariable: + type: object + additionalProperties: false + description: Information about the variable and its new value. + properties: + Value: + type: string + description: The new value of the variable. + minLength: 1 + maxLength: 1024 + VariableName: + type: string + description: The name of the variable. + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z][a-zA-Z0-9_]*$ + required: + - Value + - VariableName + DetectorModel: + type: object + properties: + DetectorModelDefinition: + $ref: '#/components/schemas/DetectorModelDefinition' + DetectorModelDescription: + type: string + description: A brief description of the detector model. + maxLength: 1024 + DetectorModelName: + type: string + description: The name of the detector model. + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9_-]+$ + EvaluationMethod: + type: string + description: Information about the order in which events are evaluated and how actions are executed. + enum: + - BATCH + - SERIAL + Key: + type: string + description: |- + The value used to identify a detector instance. When a device or system sends input, a new detector instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding detector instance based on this identifying information. + + This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct detector instance, the device must send a message payload that contains the same attribute-value. + minLength: 1 + maxLength: 128 + pattern: ^((`[\w\- ]+`)|([\w\-]+))(\.((`[\w\- ]+`)|([\w\-]+)))*$ + RoleArn: + type: string + description: The ARN of the role that grants permission to AWS IoT Events to perform its operations. + minLength: 1 + maxLength: 2048 + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + description: |- + An array of key-value pairs to apply to this resource. + + For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). + items: + $ref: '#/components/schemas/Tag' + required: + - DetectorModelDefinition + - RoleArn + x-stackql-resource-name: detector_model + description: >- + The AWS::IoTEvents::DetectorModel resource creates a detector model. You create a *detector model* (a model of your equipment or process) using *states*. For each state, you define conditional (Boolean) logic that evaluates the incoming inputs to detect significant events. When an event is detected, it can change the state or trigger custom-built or predefined actions using other AWS services. You can define additional events that trigger actions when entering or exiting a state and, + optionally, when a condition is met. For more information, see [How to Use AWS IoT Events](https://docs.aws.amazon.com/iotevents/latest/developerguide/how-to-use-iotevents.html) in the *AWS IoT Events Developer Guide*. + x-type-name: AWS::IoTEvents::DetectorModel + x-stackql-primary-identifier: + - DetectorModelName + x-create-only-properties: + - DetectorModelName + - Key + x-required-properties: + - DetectorModelDefinition + - RoleArn + x-taggable: true + x-required-permissions: + create: + - iotevents:CreateDetectorModel + - iotevents:UpdateInputRouting + - iotevents:DescribeDetectorModel + - iotevents:ListTagsForResource + - iotevents:TagResource + - iam:PassRole + read: + - iotevents:DescribeDetectorModel + - iotevents:ListTagsForResource + update: + - iotevents:UpdateDetectorModel + - iotevents:UpdateInputRouting + - iotevents:DescribeDetectorModel + - iotevents:ListTagsForResource + - iotevents:UntagResource + - iotevents:TagResource + - iam:PassRole + delete: + - iotevents:DeleteDetectorModel + - iotevents:DescribeDetectorModel + list: + - iotevents:ListDetectorModels + InputDefinition: + type: object + additionalProperties: false + description: The definition of the input. + properties: + Attributes: + type: array + uniqueItems: true + x-insertionOrder: false + description: The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the AWS IoT Events system using `BatchPutMessage`. Each such message contains a JSON payload, and those attributes (and their paired values) specified here are available for use in the `condition` expressions used by detectors that monitor this input. + minItems: 1 + maxItems: 200 + items: + $ref: '#/components/schemas/Attribute' + required: + - Attributes + Attribute: + type: object + additionalProperties: false + description: The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the AWS IoT Events system using `BatchPutMessage`. Each such message contains a JSON payload, and those attributes (and their paired values) specified here are available for use in the `condition` expressions used by detectors that monitor this input. + properties: + JsonPath: + description: |- + An expression that specifies an attribute-value pair in a JSON structure. Use this to specify an attribute from the JSON payload that is made available by the input. Inputs are derived from messages sent to AWS IoT Events (`BatchPutMessage`). Each such message contains a JSON payload. The attribute (and its paired value) specified here are available for use in the `condition` expressions used by detectors. + + _Syntax_: `....` + minLength: 1 + maxLength: 128 + pattern: ^((`[a-zA-Z0-9_\- ]+`)|([a-zA-Z0-9_\-]+))(\.((`[a-zA-Z0-9_\- ]+`)|([a-zA-Z0-9_\-]+)))*$ + type: string + required: + - JsonPath + Input: + type: object + properties: + InputDefinition: + $ref: '#/components/schemas/InputDefinition' + InputDescription: + description: A brief description of the input. + minLength: 1 + maxLength: 1024 + type: string + InputName: + description: The name of the input. + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z][a-zA-Z0-9_]*$ + type: string + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + description: |- + An array of key-value pairs to apply to this resource. + + For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). + items: + $ref: '#/components/schemas/Tag' + required: + - InputDefinition + x-stackql-resource-name: input + description: The AWS::IoTEvents::Input resource creates an input. To monitor your devices and processes, they must have a way to get telemetry data into AWS IoT Events. This is done by sending messages as *inputs* to AWS IoT Events. For more information, see [How to Use AWS IoT Events](https://docs.aws.amazon.com/iotevents/latest/developerguide/how-to-use-iotevents.html) in the *AWS IoT Events Developer Guide*. + x-type-name: AWS::IoTEvents::Input + x-stackql-primary-identifier: + - InputName + x-create-only-properties: + - InputName + x-required-properties: + - InputDefinition + x-taggable: true + x-required-permissions: + create: + - iotevents:CreateInput + - iotevents:TagResource + - iotevents:DescribeInput + - iotevents:ListTagsForResource + read: + - iotevents:DescribeInput + - iotevents:ListTagsForResource + update: + - iotevents:UpdateInput + - iotevents:DescribeInput + - iotevents:ListTagsForResource + - iotevents:UntagResource + - iotevents:TagResource + delete: + - iotevents:DeleteInput + - iotevents:DescribeInput + list: + - iotevents:ListInputs + x-stackQL-resources: + alarm_models: + name: alarm_models + id: aws.iotevents.alarm_models + x-cfn-schema-name: AlarmModel + x-type: list + x-identifiers: + - AlarmModelName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AlarmModelName') as alarm_model_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTEvents::AlarmModel' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AlarmModelName') as alarm_model_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTEvents::AlarmModel' + AND region = 'us-east-1' + alarm_model: + name: alarm_model + id: aws.iotevents.alarm_model + x-cfn-schema-name: AlarmModel + x-type: get + x-identifiers: + - AlarmModelName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AlarmModelName') as alarm_model_name, + JSON_EXTRACT(Properties, '$.AlarmModelDescription') as alarm_model_description, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Key') as key, + JSON_EXTRACT(Properties, '$.Severity') as severity, + JSON_EXTRACT(Properties, '$.AlarmRule') as alarm_rule, + JSON_EXTRACT(Properties, '$.AlarmEventActions') as alarm_event_actions, + JSON_EXTRACT(Properties, '$.AlarmCapabilities') as alarm_capabilities, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTEvents::AlarmModel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AlarmModelName') as alarm_model_name, + json_extract_path_text(Properties, 'AlarmModelDescription') as alarm_model_description, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Key') as key, + json_extract_path_text(Properties, 'Severity') as severity, + json_extract_path_text(Properties, 'AlarmRule') as alarm_rule, + json_extract_path_text(Properties, 'AlarmEventActions') as alarm_event_actions, + json_extract_path_text(Properties, 'AlarmCapabilities') as alarm_capabilities, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTEvents::AlarmModel' + AND data__Identifier = '' + AND region = 'us-east-1' + detector_models: + name: detector_models + id: aws.iotevents.detector_models + x-cfn-schema-name: DetectorModel + x-type: list + x-identifiers: + - DetectorModelName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DetectorModelName') as detector_model_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTEvents::DetectorModel' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DetectorModelName') as detector_model_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTEvents::DetectorModel' + AND region = 'us-east-1' + detector_model: + name: detector_model + id: aws.iotevents.detector_model + x-cfn-schema-name: DetectorModel + x-type: get + x-identifiers: + - DetectorModelName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DetectorModelDefinition') as detector_model_definition, + JSON_EXTRACT(Properties, '$.DetectorModelDescription') as detector_model_description, + JSON_EXTRACT(Properties, '$.DetectorModelName') as detector_model_name, + JSON_EXTRACT(Properties, '$.EvaluationMethod') as evaluation_method, + JSON_EXTRACT(Properties, '$.Key') as key, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTEvents::DetectorModel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DetectorModelDefinition') as detector_model_definition, + json_extract_path_text(Properties, 'DetectorModelDescription') as detector_model_description, + json_extract_path_text(Properties, 'DetectorModelName') as detector_model_name, + json_extract_path_text(Properties, 'EvaluationMethod') as evaluation_method, + json_extract_path_text(Properties, 'Key') as key, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTEvents::DetectorModel' + AND data__Identifier = '' + AND region = 'us-east-1' + inputs: + name: inputs + id: aws.iotevents.inputs + x-cfn-schema-name: Input + x-type: list + x-identifiers: + - InputName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InputName') as input_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTEvents::Input' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InputName') as input_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTEvents::Input' + AND region = 'us-east-1' + input: + name: input + id: aws.iotevents.input + x-cfn-schema-name: Input + x-type: get + x-identifiers: + - InputName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InputDefinition') as input_definition, + JSON_EXTRACT(Properties, '$.InputDescription') as input_description, + JSON_EXTRACT(Properties, '$.InputName') as input_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTEvents::Input' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InputDefinition') as input_definition, + json_extract_path_text(Properties, 'InputDescription') as input_description, + json_extract_path_text(Properties, 'InputName') as input_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTEvents::Input' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/iotfleethub.yaml b/providers/src/aws/v00.00.00000/services/iotfleethub.yaml new file mode 100644 index 00000000..36d22868 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/iotfleethub.yaml @@ -0,0 +1,202 @@ +openapi: 3.0.0 +info: + title: IoTFleetHub + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: To add or update tag, provide both key and value. To delete tag, provide only tag key to be deleted. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 1 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Application: + type: object + properties: + ApplicationId: + description: The ID of the application. + type: string + pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + minLength: 36 + maxLength: 36 + ApplicationArn: + description: The ARN of the application. + type: string + pattern: ^arn:[!-~]+$ + minLength: 1 + maxLength: 1600 + ApplicationName: + description: Application Name, should be between 1 and 256 characters. + type: string + pattern: ^[ -~]*$ + minLength: 1 + maxLength: 256 + ApplicationDescription: + description: Application Description, should be between 1 and 2048 characters. + type: string + pattern: ^[ -~]*$ + minLength: 1 + maxLength: 2048 + ApplicationUrl: + description: The URL of the application. + type: string + ApplicationState: + description: The current state of the application. + type: string + ApplicationCreationDate: + description: When the Application was created + type: integer + ApplicationLastUpdateDate: + description: When the Application was last updated + type: integer + RoleArn: + description: The ARN of the role that the web application assumes when it interacts with AWS IoT Core. For more info on configuring this attribute, see https://docs.aws.amazon.com/iot/latest/apireference/API_iotfleethub_CreateApplication.html#API_iotfleethub_CreateApplication_RequestSyntax + type: string + pattern: ^arn:[!-~]+$ + minLength: 1 + maxLength: 1600 + SsoClientId: + description: The AWS SSO application generated client ID (used with AWS SSO APIs). + type: string + ErrorMessage: + description: A message indicating why Create or Delete Application failed. + type: string + Tags: + description: A list of key-value pairs that contain metadata for the application. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + required: + - ApplicationName + - RoleArn + x-stackql-resource-name: application + description: Resource schema for AWS::IoTFleetHub::Application + x-type-name: AWS::IoTFleetHub::Application + x-stackql-primary-identifier: + - ApplicationId + x-read-only-properties: + - ApplicationArn + - ApplicationId + - ApplicationUrl + - ApplicationState + - ApplicationCreationDate + - ApplicationLastUpdateDate + - SsoClientId + - ErrorMessage + x-required-properties: + - ApplicationName + - RoleArn + x-required-permissions: + create: + - iotfleethub:CreateApplication + - iotfleethub:TagResource + - iam:PassRole + - sso:CreateManagedApplicationInstance + - sso:DescribeRegisteredRegions + read: + - iotfleethub:DescribeApplication + update: + - iotfleethub:UpdateApplication + - iotfleethub:DescribeApplication + - iotfleethub:TagResource + - iotfleethub:UntagResource + delete: + - iotfleethub:DeleteApplication + - iotfleethub:DescribeApplication + - sso:DeleteManagedApplicationInstance + list: + - iotfleethub:ListApplications + x-stackQL-resources: + applications: + name: applications + id: aws.iotfleethub.applications + x-cfn-schema-name: Application + x-type: list + x-identifiers: + - ApplicationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetHub::Application' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationId') as application_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetHub::Application' + AND region = 'us-east-1' + application: + name: application + id: aws.iotfleethub.application + x-cfn-schema-name: Application + x-type: get + x-identifiers: + - ApplicationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.ApplicationArn') as application_arn, + JSON_EXTRACT(Properties, '$.ApplicationName') as application_name, + JSON_EXTRACT(Properties, '$.ApplicationDescription') as application_description, + JSON_EXTRACT(Properties, '$.ApplicationUrl') as application_url, + JSON_EXTRACT(Properties, '$.ApplicationState') as application_state, + JSON_EXTRACT(Properties, '$.ApplicationCreationDate') as application_creation_date, + JSON_EXTRACT(Properties, '$.ApplicationLastUpdateDate') as application_last_update_date, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.SsoClientId') as sso_client_id, + JSON_EXTRACT(Properties, '$.ErrorMessage') as error_message, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetHub::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'ApplicationArn') as application_arn, + json_extract_path_text(Properties, 'ApplicationName') as application_name, + json_extract_path_text(Properties, 'ApplicationDescription') as application_description, + json_extract_path_text(Properties, 'ApplicationUrl') as application_url, + json_extract_path_text(Properties, 'ApplicationState') as application_state, + json_extract_path_text(Properties, 'ApplicationCreationDate') as application_creation_date, + json_extract_path_text(Properties, 'ApplicationLastUpdateDate') as application_last_update_date, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'SsoClientId') as sso_client_id, + json_extract_path_text(Properties, 'ErrorMessage') as error_message, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetHub::Application' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/iotfleetwise.yaml b/providers/src/aws/v00.00.00000/services/iotfleetwise.yaml new file mode 100644 index 00000000..6403e9e7 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/iotfleetwise.yaml @@ -0,0 +1,1584 @@ +openapi: 3.0.0 +info: + title: IoTFleetWise + version: 1.0.0 +paths: {} +components: + schemas: + Compression: + type: string + enum: + - 'OFF' + - SNAPPY + default: 'OFF' + DataDestinationConfig: + oneOf: + - additionalProperties: false + type: object + title: S3Config + properties: + S3Config: + $ref: '#/components/schemas/S3Config' + required: + - S3Config + - additionalProperties: false + type: object + title: TimestreamConfig + properties: + TimestreamConfig: + $ref: '#/components/schemas/TimestreamConfig' + required: + - TimestreamConfig + S3Config: + additionalProperties: false + type: object + properties: + BucketArn: + maxLength: 100 + type: string + pattern: ^arn:(aws[a-zA-Z0-9-]*):s3:::.+$ + minLength: 16 + DataFormat: + $ref: '#/components/schemas/DataFormat' + StorageCompressionFormat: + $ref: '#/components/schemas/StorageCompressionFormat' + Prefix: + maxLength: 512 + type: string + pattern: ^[a-zA-Z0-9-_:./!*'()]+$ + minLength: 1 + required: + - BucketArn + TimestreamConfig: + additionalProperties: false + type: object + properties: + TimestreamTableArn: + maxLength: 2048 + type: string + pattern: ^arn:(aws[a-zA-Z0-9-]*):timestream:[a-zA-Z0-9-]+:[0-9]{12}:database\/[a-zA-Z0-9_.-]+\/table\/[a-zA-Z0-9_.-]+$ + minLength: 20 + ExecutionRoleArn: + maxLength: 2048 + type: string + pattern: ^arn:(aws[a-zA-Z0-9-]*):iam::(\d{12})?:(role((\u002F)|(\u002F[\u0021-\u007F]+\u002F))[\w+=,.@-]+)$ + minLength: 20 + required: + - TimestreamTableArn + - ExecutionRoleArn + UpdateCampaignAction: + type: string + enum: + - APPROVE + - SUSPEND + - RESUME + - UPDATE + CampaignStatus: + type: string + enum: + - CREATING + - WAITING_FOR_APPROVAL + - RUNNING + - SUSPENDED + DiagnosticsMode: + type: string + enum: + - 'OFF' + - SEND_ACTIVE_DTCS + default: 'OFF' + SignalInformation: + additionalProperties: false + type: object + properties: + MaxSampleCount: + maximum: 4294967295 + type: number + minimum: 1 + Name: + minLength: 1 + pattern: ^[\w|*|-]+(\.[\w|*|-]+)*$ + type: string + maxLength: 150 + MinimumSamplingIntervalMs: + maximum: 4294967295 + type: number + minimum: 0 + required: + - Name + TimeBasedCollectionScheme: + additionalProperties: false + type: object + properties: + PeriodMs: + maximum: 60000 + type: number + minimum: 10000 + required: + - PeriodMs + SpoolingMode: + type: string + enum: + - 'OFF' + - TO_DISK + default: 'OFF' + TriggerMode: + type: string + enum: + - ALWAYS + - RISING_EDGE + DataFormat: + type: string + enum: + - JSON + - PARQUET + StorageCompressionFormat: + type: string + enum: + - NONE + - GZIP + CollectionScheme: + oneOf: + - additionalProperties: false + type: object + title: TimeBasedCollectionScheme + properties: + TimeBasedCollectionScheme: + $ref: '#/components/schemas/TimeBasedCollectionScheme' + required: + - TimeBasedCollectionScheme + - additionalProperties: false + type: object + title: ConditionBasedCollectionScheme + properties: + ConditionBasedCollectionScheme: + $ref: '#/components/schemas/ConditionBasedCollectionScheme' + required: + - ConditionBasedCollectionScheme + ConditionBasedCollectionScheme: + additionalProperties: false + type: object + properties: + MinimumTriggerIntervalMs: + maximum: 4294967295 + type: number + minimum: 0 + Expression: + minLength: 1 + type: string + maxLength: 2048 + TriggerMode: + $ref: '#/components/schemas/TriggerMode' + ConditionLanguageVersion: + type: integer + minimum: 1 + required: + - Expression + Tag: + type: object + properties: + Key: + type: string + maxLength: 128 + minLength: 1 + Value: + type: string + maxLength: 256 + minLength: 0 + required: + - Key + - Value + additionalProperties: false + Campaign: + type: object + properties: + Status: + $ref: '#/components/schemas/CampaignStatus' + Action: + $ref: '#/components/schemas/UpdateCampaignAction' + CreationTime: + type: string + format: date-time + Compression: + $ref: '#/components/schemas/Compression' + Description: + minLength: 1 + pattern: ^[^\u0000-\u001F\u007F]+$ + type: string + maxLength: 2048 + Priority: + type: integer + minimum: 0 + default: 0 + SignalsToCollect: + minItems: 0 + maxItems: 1000 + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/SignalInformation' + DataDestinationConfigs: + minItems: 1 + maxItems: 1 + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/DataDestinationConfig' + StartTime: + format: date-time + type: string + default: '0' + Name: + minLength: 1 + pattern: ^[a-zA-Z\d\-_:]+$ + type: string + maxLength: 100 + ExpiryTime: + format: date-time + type: string + default: '253402214400' + LastModificationTime: + type: string + format: date-time + SpoolingMode: + $ref: '#/components/schemas/SpoolingMode' + SignalCatalogArn: + type: string + PostTriggerCollectionDuration: + maximum: 4294967295 + type: number + minimum: 0 + default: 0 + DataExtraDimensions: + minItems: 0 + maxItems: 5 + x-insertionOrder: false + type: array + items: + minLength: 1 + pattern: ^[a-zA-Z0-9_.]+$ + type: string + maxLength: 150 + DiagnosticsMode: + $ref: '#/components/schemas/DiagnosticsMode' + TargetArn: + type: string + Arn: + type: string + CollectionScheme: + $ref: '#/components/schemas/CollectionScheme' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true + maxItems: 50 + minItems: 0 + required: + - Name + - Action + - CollectionScheme + - SignalCatalogArn + - TargetArn + x-stackql-resource-name: campaign + description: Definition of AWS::IoTFleetWise::Campaign Resource Type + x-type-name: AWS::IoTFleetWise::Campaign + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - TargetArn + - SignalCatalogArn + - PostTriggerCollectionDuration + - DiagnosticsMode + - SpoolingMode + - CollectionScheme + - Priority + - Compression + - StartTime + - ExpiryTime + x-write-only-properties: + - Action + x-read-only-properties: + - Arn + - Status + - CreationTime + - LastModificationTime + x-required-properties: + - Name + - Action + - CollectionScheme + - SignalCatalogArn + - TargetArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + read: + - iotfleetwise:GetCampaign + - iotfleetwise:ListTagsForResource + create: + - iotfleetwise:CreateCampaign + - iotfleetwise:GetCampaign + - iotfleetwise:ListTagsForResource + - iotfleetwise:TagResource + - iam:PassRole + - timestream:DescribeEndpoints + - timestream:DescribeTable + update: + - iotfleetwise:GetCampaign + - iotfleetwise:ListTagsForResource + - iotfleetwise:UpdateCampaign + - iotfleetwise:TagResource + - iotfleetwise:UntagResource + list: + - iotfleetwise:ListCampaigns + - iotfleetwise:GetCampaign + delete: + - iotfleetwise:DeleteCampaign + - iotfleetwise:GetCampaign + CanInterface: + type: object + properties: + Name: + type: string + maxLength: 100 + minLength: 1 + ProtocolName: + type: string + maxLength: 50 + minLength: 1 + ProtocolVersion: + type: string + maxLength: 50 + minLength: 1 + required: + - Name + additionalProperties: false + CanSignal: + type: object + properties: + MessageId: + type: integer + IsBigEndian: + type: boolean + IsSigned: + type: boolean + StartBit: + type: integer + Offset: + type: number + Factor: + type: number + Length: + type: integer + Name: + type: string + maxLength: 100 + minLength: 1 + required: + - Factor + - IsBigEndian + - IsSigned + - Length + - MessageId + - Offset + - StartBit + additionalProperties: false + ManifestStatus: + type: string + enum: + - ACTIVE + - DRAFT + default: DRAFT + CanNetworkInterface: + type: object + properties: + InterfaceId: + type: string + maxLength: 50 + minLength: 1 + Type: + type: string + enum: + - CAN_INTERFACE + CanInterface: + $ref: '#/components/schemas/CanInterface' + required: + - InterfaceId + - Type + - CanInterface + additionalProperties: false + ObdNetworkInterface: + type: object + properties: + InterfaceId: + type: string + maxLength: 50 + minLength: 1 + Type: + type: string + enum: + - OBD_INTERFACE + ObdInterface: + $ref: '#/components/schemas/ObdInterface' + required: + - InterfaceId + - Type + - ObdInterface + additionalProperties: false + ObdInterface: + type: object + properties: + Name: + type: string + maxLength: 100 + minLength: 1 + RequestMessageId: + type: integer + ObdStandard: + type: string + maxLength: 50 + minLength: 1 + PidRequestIntervalSeconds: + type: integer + DtcRequestIntervalSeconds: + type: integer + UseExtendedIds: + type: boolean + HasTransmissionEcu: + type: boolean + required: + - Name + - RequestMessageId + additionalProperties: false + ObdSignal: + type: object + properties: + PidResponseLength: + type: integer + ServiceMode: + type: integer + Pid: + type: integer + Scaling: + type: number + Offset: + type: number + StartByte: + type: integer + ByteLength: + type: integer + BitRightShift: + type: integer + BitMaskLength: + type: integer + required: + - ByteLength + - Offset + - Pid + - PidResponseLength + - Scaling + - ServiceMode + - StartByte + additionalProperties: false + CanSignalDecoder: + type: object + properties: + FullyQualifiedName: + type: string + maxLength: 150 + minLength: 1 + Type: + type: string + enum: + - CAN_SIGNAL + InterfaceId: + type: string + maxLength: 50 + minLength: 1 + CanSignal: + $ref: '#/components/schemas/CanSignal' + required: + - FullyQualifiedName + - InterfaceId + - Type + - CanSignal + additionalProperties: false + ObdSignalDecoder: + type: object + properties: + FullyQualifiedName: + type: string + maxLength: 150 + minLength: 1 + Type: + type: string + enum: + - OBD_SIGNAL + InterfaceId: + type: string + maxLength: 50 + minLength: 1 + ObdSignal: + $ref: '#/components/schemas/ObdSignal' + required: + - FullyQualifiedName + - InterfaceId + - Type + - ObdSignal + additionalProperties: false + DecoderManifest: + type: object + properties: + Arn: + type: string + CreationTime: + type: string + format: date-time + Description: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[^\u0000-\u001F\u007F]+$ + LastModificationTime: + type: string + format: date-time + ModelManifestArn: + type: string + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z\d\-_:]+$ + NetworkInterfaces: + x-insertionOrder: false + type: array + items: + oneOf: + - $ref: '#/components/schemas/CanNetworkInterface' + - $ref: '#/components/schemas/ObdNetworkInterface' + maxItems: 500 + minItems: 1 + SignalDecoders: + x-insertionOrder: false + type: array + items: + oneOf: + - $ref: '#/components/schemas/CanSignalDecoder' + - $ref: '#/components/schemas/ObdSignalDecoder' + maxItems: 500 + minItems: 1 + Status: + $ref: '#/components/schemas/ManifestStatus' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 50 + minItems: 0 + x-insertionOrder: false + uniqueItems: true + required: + - Name + - ModelManifestArn + x-stackql-resource-name: decoder_manifest + description: Definition of AWS::IoTFleetWise::DecoderManifest Resource Type + x-type-name: AWS::IoTFleetWise::DecoderManifest + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - ModelManifestArn + x-read-only-properties: + - Arn + - CreationTime + - LastModificationTime + x-required-properties: + - Name + - ModelManifestArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iotfleetwise:CreateDecoderManifest + - iotfleetwise:GetDecoderManifest + - iotfleetwise:UpdateDecoderManifest + - iotfleetwise:ListDecoderManifestSignals + - iotfleetwise:ListDecoderManifestNetworkInterfaces + - iotfleetwise:ListTagsForResource + - iotfleetwise:TagResource + read: + - iotfleetwise:GetDecoderManifest + - iotfleetwise:ListDecoderManifestSignals + - iotfleetwise:ListDecoderManifestNetworkInterfaces + - iotfleetwise:ListTagsForResource + update: + - iotfleetwise:UpdateDecoderManifest + - iotfleetwise:GetDecoderManifest + - iotfleetwise:ListDecoderManifestSignals + - iotfleetwise:ListDecoderManifestNetworkInterfaces + - iotfleetwise:ListTagsForResource + - iotfleetwise:TagResource + - iotfleetwise:UntagResource + delete: + - iotfleetwise:DeleteDecoderManifest + - iotfleetwise:GetDecoderManifest + list: + - iotfleetwise:ListDecoderManifests + Fleet: + type: object + properties: + Arn: + type: string + CreationTime: + type: string + format: date-time + Description: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[^\u0000-\u001F\u007F]+$ + Id: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z0-9:_-]+$ + LastModificationTime: + type: string + format: date-time + SignalCatalogArn: + type: string + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true + maxItems: 50 + minItems: 0 + required: + - Id + - SignalCatalogArn + x-stackql-resource-name: fleet + description: Definition of AWS::IoTFleetWise::Fleet Resource Type + x-type-name: AWS::IoTFleetWise::Fleet + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Id + - SignalCatalogArn + x-read-only-properties: + - Arn + - CreationTime + - LastModificationTime + x-required-properties: + - Id + - SignalCatalogArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iotfleetwise:GetFleet + - iotfleetwise:CreateFleet + - iotfleetwise:ListTagsForResource + - iotfleetwise:ListVehiclesInFleet + - iotfleetwise:TagResource + read: + - iotfleetwise:GetFleet + - iotfleetwise:ListTagsForResource + update: + - iotfleetwise:GetFleet + - iotfleetwise:UpdateFleet + - iotfleetwise:ListTagsForResource + - iotfleetwise:TagResource + - iotfleetwise:UntagResource + delete: + - iotfleetwise:GetFleet + - iotfleetwise:DeleteFleet + list: + - iotfleetwise:ListFleets + ModelManifest: + type: object + properties: + Arn: + type: string + CreationTime: + type: string + format: date-time + Description: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[^\u0000-\u001F\u007F]+$ + LastModificationTime: + type: string + format: date-time + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z\d\-_:]+$ + Nodes: + x-insertionOrder: false + uniqueItems: true + minItems: 1 + type: array + items: + type: string + SignalCatalogArn: + type: string + Status: + $ref: '#/components/schemas/ManifestStatus' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true + maxItems: 50 + minItems: 0 + required: + - SignalCatalogArn + - Name + x-stackql-resource-name: model_manifest + description: Definition of AWS::IoTFleetWise::ModelManifest Resource Type + x-type-name: AWS::IoTFleetWise::ModelManifest + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + - CreationTime + - LastModificationTime + x-required-properties: + - SignalCatalogArn + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iotfleetwise:CreateModelManifest + - iotfleetwise:GetModelManifest + - iotfleetwise:UpdateModelManifest + - iotfleetwise:ListModelManifestNodes + - iotfleetwise:ListTagsForResource + - iotfleetwise:TagResource + read: + - iotfleetwise:GetModelManifest + - iotfleetwise:ListModelManifestNodes + - iotfleetwise:ListTagsForResource + update: + - iotfleetwise:UpdateModelManifest + - iotfleetwise:GetModelManifest + - iotfleetwise:ListModelManifestNodes + - iotfleetwise:ListTagsForResource + - iotfleetwise:TagResource + - iotfleetwise:UntagResource + delete: + - iotfleetwise:DeleteModelManifest + - iotfleetwise:GetModelManifest + list: + - iotfleetwise:ListModelManifests + Actuator: + type: object + properties: + FullyQualifiedName: + type: string + DataType: + $ref: '#/components/schemas/NodeDataType' + Description: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[^\u0000-\u001F\u007F]+$ + Unit: + type: string + AllowedValues: + $ref: '#/components/schemas/AllowedValues' + Min: + type: number + Max: + type: number + AssignedValue: + type: string + required: + - DataType + - FullyQualifiedName + additionalProperties: false + AllowedValues: + type: array + x-insertionOrder: false + items: + type: string + minItems: 1 + Attribute: + type: object + properties: + FullyQualifiedName: + type: string + DataType: + $ref: '#/components/schemas/NodeDataType' + Description: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[^\u0000-\u001F\u007F]+$ + Unit: + type: string + AllowedValues: + $ref: '#/components/schemas/AllowedValues' + Min: + type: number + Max: + type: number + AssignedValue: + type: string + DefaultValue: + type: string + required: + - DataType + - FullyQualifiedName + additionalProperties: false + Branch: + type: object + properties: + FullyQualifiedName: + type: string + Description: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[^\u0000-\u001F\u007F]+$ + required: + - FullyQualifiedName + additionalProperties: false + Node: + oneOf: + - type: object + title: Branch + properties: + Branch: + $ref: '#/components/schemas/Branch' + additionalProperties: false + - type: object + title: Sensor + properties: + Sensor: + $ref: '#/components/schemas/Sensor' + additionalProperties: false + - type: object + title: Actuator + properties: + Actuator: + $ref: '#/components/schemas/Actuator' + additionalProperties: false + - type: object + title: Attribute + properties: + Attribute: + $ref: '#/components/schemas/Attribute' + additionalProperties: false + NodeCounts: + type: object + properties: + TotalNodes: + type: number + TotalBranches: + type: number + TotalSensors: + type: number + TotalAttributes: + type: number + TotalActuators: + type: number + additionalProperties: false + NodeDataType: + type: string + enum: + - INT8 + - UINT8 + - INT16 + - UINT16 + - INT32 + - UINT32 + - INT64 + - UINT64 + - BOOLEAN + - FLOAT + - DOUBLE + - STRING + - UNIX_TIMESTAMP + - INT8_ARRAY + - UINT8_ARRAY + - INT16_ARRAY + - UINT16_ARRAY + - INT32_ARRAY + - UINT32_ARRAY + - INT64_ARRAY + - UINT64_ARRAY + - BOOLEAN_ARRAY + - FLOAT_ARRAY + - DOUBLE_ARRAY + - STRING_ARRAY + - UNIX_TIMESTAMP_ARRAY + - UNKNOWN + Sensor: + type: object + properties: + FullyQualifiedName: + type: string + DataType: + $ref: '#/components/schemas/NodeDataType' + Description: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[^\u0000-\u001F\u007F]+$ + Unit: + type: string + AllowedValues: + $ref: '#/components/schemas/AllowedValues' + Min: + type: number + Max: + type: number + required: + - DataType + - FullyQualifiedName + additionalProperties: false + SignalCatalog: + type: object + properties: + Arn: + type: string + CreationTime: + format: date-time + type: string + Description: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[^\u0000-\u001F\u007F]+$ + LastModificationTime: + format: date-time + type: string + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z\d\-_:]+$ + NodeCounts: + $ref: '#/components/schemas/NodeCounts' + Nodes: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Node' + maxItems: 500 + minItems: 1 + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true + maxItems: 50 + minItems: 0 + x-stackql-resource-name: signal_catalog + description: Definition of AWS::IoTFleetWise::SignalCatalog Resource Type + x-type-name: AWS::IoTFleetWise::SignalCatalog + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + - CreationTime + - LastModificationTime + - NodeCounts/TotalNodes + - NodeCounts/TotalBranches + - NodeCounts/TotalSensors + - NodeCounts/TotalAttributes + - NodeCounts/TotalActuators + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iotfleetwise:GetSignalCatalog + - iotfleetwise:CreateSignalCatalog + - iotfleetwise:ListSignalCatalogNodes + - iotfleetwise:ListTagsForResource + - iotfleetwise:TagResource + read: + - iotfleetwise:GetSignalCatalog + - iotfleetwise:ListSignalCatalogNodes + - iotfleetwise:ListTagsForResource + update: + - iotfleetwise:GetSignalCatalog + - iotfleetwise:UpdateSignalCatalog + - iotfleetwise:ListSignalCatalogNodes + - iotfleetwise:ListTagsForResource + - iotfleetwise:TagResource + - iotfleetwise:UntagResource + delete: + - iotfleetwise:GetSignalCatalog + - iotfleetwise:DeleteSignalCatalog + list: + - iotfleetwise:ListSignalCatalogs + VehicleAssociationBehavior: + type: string + enum: + - CreateIotThing + - ValidateIotThingExists + attributesMap: + type: object + x-patternProperties: + ^[a-zA-Z0-9_.-]+$: + type: string + minProperties: 1 + additionalProperties: false + Vehicle: + type: object + properties: + Arn: + type: string + AssociationBehavior: + $ref: '#/components/schemas/VehicleAssociationBehavior' + Attributes: + $ref: '#/components/schemas/attributesMap' + CreationTime: + type: string + format: date-time + DecoderManifestArn: + type: string + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z\d\-_:]+$ + LastModificationTime: + type: string + format: date-time + ModelManifestArn: + type: string + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true + maxItems: 50 + minItems: 0 + required: + - Name + - DecoderManifestArn + - ModelManifestArn + x-stackql-resource-name: vehicle + description: Definition of AWS::IoTFleetWise::Vehicle Resource Type + x-type-name: AWS::IoTFleetWise::Vehicle + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-write-only-properties: + - AssociationBehavior + x-read-only-properties: + - Arn + - CreationTime + - LastModificationTime + x-required-properties: + - Name + - DecoderManifestArn + - ModelManifestArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iotfleetwise:GetVehicle + - iotfleetwise:CreateVehicle + - iot:CreateThing + - iot:DescribeThing + - iotfleetwise:ListTagsForResource + - iotfleetwise:ListVehicles + - iotfleetwise:TagResource + read: + - iotfleetwise:GetVehicle + - iotfleetwise:ListTagsForResource + update: + - iotfleetwise:GetVehicle + - iotfleetwise:UpdateVehicle + - iotfleetwise:ListTagsForResource + - iotfleetwise:TagResource + - iotfleetwise:UntagResource + delete: + - iotfleetwise:GetVehicle + - iotfleetwise:DeleteVehicle + list: + - iotfleetwise:ListVehicles + x-stackQL-resources: + campaigns: + name: campaigns + id: aws.iotfleetwise.campaigns + x-cfn-schema-name: Campaign + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetWise::Campaign' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetWise::Campaign' + AND region = 'us-east-1' + campaign: + name: campaign + id: aws.iotfleetwise.campaign + x-cfn-schema-name: Campaign + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Action') as action, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Compression') as compression, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Priority') as priority, + JSON_EXTRACT(Properties, '$.SignalsToCollect') as signals_to_collect, + JSON_EXTRACT(Properties, '$.DataDestinationConfigs') as data_destination_configs, + JSON_EXTRACT(Properties, '$.StartTime') as start_time, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ExpiryTime') as expiry_time, + JSON_EXTRACT(Properties, '$.LastModificationTime') as last_modification_time, + JSON_EXTRACT(Properties, '$.SpoolingMode') as spooling_mode, + JSON_EXTRACT(Properties, '$.SignalCatalogArn') as signal_catalog_arn, + JSON_EXTRACT(Properties, '$.PostTriggerCollectionDuration') as post_trigger_collection_duration, + JSON_EXTRACT(Properties, '$.DataExtraDimensions') as data_extra_dimensions, + JSON_EXTRACT(Properties, '$.DiagnosticsMode') as diagnostics_mode, + JSON_EXTRACT(Properties, '$.TargetArn') as target_arn, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CollectionScheme') as collection_scheme, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::Campaign' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Action') as action, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Compression') as compression, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Priority') as priority, + json_extract_path_text(Properties, 'SignalsToCollect') as signals_to_collect, + json_extract_path_text(Properties, 'DataDestinationConfigs') as data_destination_configs, + json_extract_path_text(Properties, 'StartTime') as start_time, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ExpiryTime') as expiry_time, + json_extract_path_text(Properties, 'LastModificationTime') as last_modification_time, + json_extract_path_text(Properties, 'SpoolingMode') as spooling_mode, + json_extract_path_text(Properties, 'SignalCatalogArn') as signal_catalog_arn, + json_extract_path_text(Properties, 'PostTriggerCollectionDuration') as post_trigger_collection_duration, + json_extract_path_text(Properties, 'DataExtraDimensions') as data_extra_dimensions, + json_extract_path_text(Properties, 'DiagnosticsMode') as diagnostics_mode, + json_extract_path_text(Properties, 'TargetArn') as target_arn, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CollectionScheme') as collection_scheme, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::Campaign' + AND data__Identifier = '' + AND region = 'us-east-1' + decoder_manifests: + name: decoder_manifests + id: aws.iotfleetwise.decoder_manifests + x-cfn-schema-name: DecoderManifest + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetWise::DecoderManifest' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetWise::DecoderManifest' + AND region = 'us-east-1' + decoder_manifest: + name: decoder_manifest + id: aws.iotfleetwise.decoder_manifest + x-cfn-schema-name: DecoderManifest + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.LastModificationTime') as last_modification_time, + JSON_EXTRACT(Properties, '$.ModelManifestArn') as model_manifest_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.NetworkInterfaces') as network_interfaces, + JSON_EXTRACT(Properties, '$.SignalDecoders') as signal_decoders, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::DecoderManifest' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'LastModificationTime') as last_modification_time, + json_extract_path_text(Properties, 'ModelManifestArn') as model_manifest_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'NetworkInterfaces') as network_interfaces, + json_extract_path_text(Properties, 'SignalDecoders') as signal_decoders, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::DecoderManifest' + AND data__Identifier = '' + AND region = 'us-east-1' + fleets: + name: fleets + id: aws.iotfleetwise.fleets + x-cfn-schema-name: Fleet + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetWise::Fleet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetWise::Fleet' + AND region = 'us-east-1' + fleet: + name: fleet + id: aws.iotfleetwise.fleet + x-cfn-schema-name: Fleet + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.LastModificationTime') as last_modification_time, + JSON_EXTRACT(Properties, '$.SignalCatalogArn') as signal_catalog_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::Fleet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'LastModificationTime') as last_modification_time, + json_extract_path_text(Properties, 'SignalCatalogArn') as signal_catalog_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::Fleet' + AND data__Identifier = '' + AND region = 'us-east-1' + model_manifests: + name: model_manifests + id: aws.iotfleetwise.model_manifests + x-cfn-schema-name: ModelManifest + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetWise::ModelManifest' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetWise::ModelManifest' + AND region = 'us-east-1' + model_manifest: + name: model_manifest + id: aws.iotfleetwise.model_manifest + x-cfn-schema-name: ModelManifest + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.LastModificationTime') as last_modification_time, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Nodes') as nodes, + JSON_EXTRACT(Properties, '$.SignalCatalogArn') as signal_catalog_arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::ModelManifest' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'LastModificationTime') as last_modification_time, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Nodes') as nodes, + json_extract_path_text(Properties, 'SignalCatalogArn') as signal_catalog_arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::ModelManifest' + AND data__Identifier = '' + AND region = 'us-east-1' + signal_catalogs: + name: signal_catalogs + id: aws.iotfleetwise.signal_catalogs + x-cfn-schema-name: SignalCatalog + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetWise::SignalCatalog' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetWise::SignalCatalog' + AND region = 'us-east-1' + signal_catalog: + name: signal_catalog + id: aws.iotfleetwise.signal_catalog + x-cfn-schema-name: SignalCatalog + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.LastModificationTime') as last_modification_time, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.NodeCounts') as node_counts, + JSON_EXTRACT(Properties, '$.Nodes') as nodes, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::SignalCatalog' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'LastModificationTime') as last_modification_time, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'NodeCounts') as node_counts, + json_extract_path_text(Properties, 'Nodes') as nodes, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::SignalCatalog' + AND data__Identifier = '' + AND region = 'us-east-1' + vehicles: + name: vehicles + id: aws.iotfleetwise.vehicles + x-cfn-schema-name: Vehicle + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetWise::Vehicle' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetWise::Vehicle' + AND region = 'us-east-1' + vehicle: + name: vehicle + id: aws.iotfleetwise.vehicle + x-cfn-schema-name: Vehicle + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AssociationBehavior') as association_behavior, + JSON_EXTRACT(Properties, '$.Attributes') as attributes, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.DecoderManifestArn') as decoder_manifest_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.LastModificationTime') as last_modification_time, + JSON_EXTRACT(Properties, '$.ModelManifestArn') as model_manifest_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::Vehicle' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AssociationBehavior') as association_behavior, + json_extract_path_text(Properties, 'Attributes') as attributes, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'DecoderManifestArn') as decoder_manifest_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'LastModificationTime') as last_modification_time, + json_extract_path_text(Properties, 'ModelManifestArn') as model_manifest_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::Vehicle' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/iotsitewise.yaml b/providers/src/aws/v00.00.00000/services/iotsitewise.yaml new file mode 100644 index 00000000..47440ba8 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/iotsitewise.yaml @@ -0,0 +1,1577 @@ +openapi: 3.0.0 +info: + title: IoTSiteWise + version: 1.0.0 +paths: {} +components: + schemas: + User: + description: Contains information for a user identity in an access policy. + type: object + additionalProperties: false + properties: + id: + description: The AWS SSO ID of the user. + type: string + IamUser: + description: Contains information for an IAM user identity in an access policy. + type: object + additionalProperties: false + properties: + arn: + description: The ARN of the IAM user. + type: string + IamRole: + description: Contains information for an IAM role identity in an access policy. + type: object + additionalProperties: false + properties: + arn: + description: The ARN of the IAM role. + type: string + Portal: + type: object + properties: + PortalAuthMode: + description: The service to use to authenticate users to the portal. Choose from SSO or IAM. You can't change this value after you create a portal. + type: string + PortalArn: + description: The ARN of the portal, which has the following format. + type: string + PortalClientId: + description: The AWS SSO application generated client ID (used with AWS SSO APIs). + type: string + PortalContactEmail: + description: The AWS administrator's contact email address. + type: string + PortalDescription: + description: A description for the portal. + type: string + PortalId: + description: The ID of the portal. + type: string + PortalName: + description: A friendly name for the portal. + type: string + PortalStartUrl: + description: The public root URL for the AWS IoT AWS IoT SiteWise Monitor application portal. + type: string + RoleArn: + description: The ARN of a service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. + type: string + NotificationSenderEmail: + description: The email address that sends alarm notifications. + type: string + Alarms: + type: object + description: Contains the configuration information of an alarm created in an AWS IoT SiteWise Monitor portal. You can use the alarm to monitor an asset property and get notified when the asset property value is outside a specified range. + additionalProperties: false + properties: + AlarmRoleArn: + type: string + description: The ARN of the IAM role that allows the alarm to perform actions and access AWS resources and services, such as AWS IoT Events. + NotificationLambdaArn: + type: string + description: The ARN of the AWS Lambda function that manages alarm notifications. For more information, see Managing alarm notifications in the AWS IoT Events Developer Guide. + Tags: + description: A list of key-value pairs that contain metadata for the portal. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - PortalContactEmail + - PortalName + - RoleArn + x-stackql-resource-name: portal + description: Resource schema for AWS::IoTSiteWise::Portal + x-type-name: AWS::IoTSiteWise::Portal + x-stackql-primary-identifier: + - PortalId + x-stackql-additional-identifiers: + - - PortalArn + x-create-only-properties: + - PortalAuthMode + x-write-only-properties: + - Tags + x-read-only-properties: + - PortalArn + - PortalClientId + - PortalId + - PortalStartUrl + x-required-properties: + - PortalContactEmail + - PortalName + - RoleArn + x-taggable: true + x-required-permissions: + create: + - iotsitewise:CreatePortal + - iotsitewise:DescribePortal + - iotsitewise:ListTagsForResource + - iotsitewise:TagResource + - iam:PassRole + - sso:CreateManagedApplicationInstance + - sso:DescribeRegisteredRegions + read: + - iotsitewise:DescribePortal + - iotsitewise:ListTagsForResource + update: + - iotsitewise:DescribePortal + - iotsitewise:ListTagsForResource + - iotsitewise:TagResource + - iotsitewise:UpdatePortal + - iotsitewise:UntagResource + - iam:PassRole + - sso:GetManagedApplicationInstance + - sso:UpdateApplicationInstanceDisplayData + delete: + - iotsitewise:DescribePortal + - iotsitewise:DeletePortal + - sso:DeleteManagedApplicationInstance + list: + - iotsitewise:ListPortals + Project: + type: object + properties: + PortalId: + description: The ID of the portal in which to create the project. + type: string + ProjectId: + description: The ID of the project. + type: string + ProjectName: + description: A friendly name for the project. + type: string + ProjectDescription: + description: A description for the project. + type: string + ProjectArn: + description: The ARN of the project. + type: string + AssetIds: + description: The IDs of the assets to be associated to the project. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/AssetId' + Tags: + description: A list of key-value pairs that contain metadata for the project. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - PortalId + - ProjectName + x-stackql-resource-name: project + description: Resource schema for AWS::IoTSiteWise::Project + x-type-name: AWS::IoTSiteWise::Project + x-stackql-primary-identifier: + - ProjectId + x-create-only-properties: + - PortalId + x-read-only-properties: + - ProjectId + - ProjectArn + x-required-properties: + - PortalId + - ProjectName + x-taggable: true + x-required-permissions: + create: + - iotsitewise:CreateProject + - iotsitewise:DescribeProject + - iotsitewise:ListProjectAssets + - iotsitewise:ListTagsForResource + - iotsitewise:TagResource + - iotsitewise:BatchAssociateProjectAssets + read: + - iotsitewise:DescribeProject + - iotsitewise:ListTagsForResource + - iotsitewise:ListProjectAssets + update: + - iotsitewise:DescribeProject + - iotsitewise:UpdateProject + - iotsitewise:BatchAssociateProjectAssets + - iotsitewise:BatchDisAssociateProjectAssets + - iotsitewise:ListProjectAssets + - iotsitewise:TagResource + - iotsitewise:UntagResource + - iotsitewise:ListTagsForResource + delete: + - iotsitewise:DescribeProject + - iotsitewise:DeleteProject + list: + - iotsitewise:ListProjects + AccessPolicyIdentity: + description: The identity for this access policy. Choose either an SSO user or group or an IAM user or role. + type: object + additionalProperties: false + properties: + User: + $ref: '#/components/schemas/User' + IamUser: + $ref: '#/components/schemas/IamUser' + IamRole: + $ref: '#/components/schemas/IamRole' + AccessPolicyResource: + description: The AWS IoT SiteWise Monitor resource for this access policy. Choose either portal or project but not both. + type: object + additionalProperties: false + properties: + Portal: + $ref: '#/components/schemas/Portal' + Project: + $ref: '#/components/schemas/Project' + AccessPolicy: + type: object + properties: + AccessPolicyId: + description: The ID of the access policy. + type: string + AccessPolicyArn: + description: The ARN of the access policy. + type: string + AccessPolicyIdentity: + description: The identity for this access policy. Choose either a user or a group but not both. + $ref: '#/components/schemas/AccessPolicyIdentity' + AccessPolicyPermission: + description: The permission level for this access policy. Valid values are ADMINISTRATOR or VIEWER. + type: string + AccessPolicyResource: + description: The AWS IoT SiteWise Monitor resource for this access policy. Choose either portal or project but not both. + $ref: '#/components/schemas/AccessPolicyResource' + required: + - AccessPolicyIdentity + - AccessPolicyPermission + - AccessPolicyResource + x-stackql-resource-name: access_policy + description: Resource schema for AWS::IoTSiteWise::AccessPolicy + x-type-name: AWS::IoTSiteWise::AccessPolicy + x-stackql-primary-identifier: + - AccessPolicyId + x-read-only-properties: + - AccessPolicyArn + - AccessPolicyId + x-required-properties: + - AccessPolicyIdentity + - AccessPolicyPermission + - AccessPolicyResource + x-required-permissions: + create: + - iotsitewise:CreateAccessPolicy + read: + - iotsitewise:DescribeAccessPolicy + update: + - iotsitewise:DescribeAccessPolicy + - iotsitewise:UpdateAccessPolicy + delete: + - iotsitewise:DescribeAccessPolicy + - iotsitewise:DeleteAccessPolicy + list: + - iotsitewise:ListAccessPolicies + AssetProperty: + description: The asset property's definition, alias, unit, and notification state. + type: object + additionalProperties: false + properties: + Id: + description: Customer provided actual UUID for property + type: string + minLength: 36 + maxLength: 36 + pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + ExternalId: + description: String-friendly customer provided external ID + type: string + minLength: 2 + maxLength: 128 + pattern: '[a-zA-Z0-9_][a-zA-Z_\-0-9.:]*[a-zA-Z0-9_]+' + LogicalId: + description: Customer provided ID for property. + type: string + minLength: 1 + maxLength: 256 + pattern: '[^\u0000-\u001F\u007F]+' + Alias: + description: The property alias that identifies the property. + type: string + NotificationState: + description: The MQTT notification state (ENABLED or DISABLED) for this asset property. + type: string + enum: + - ENABLED + - DISABLED + Unit: + description: The unit of measure (such as Newtons or RPM) of the asset property. If you don't specify a value for this parameter, the service uses the value of the assetModelProperty in the asset model. + type: string + AssetHierarchy: + description: A hierarchy specifies allowed parent/child asset relationships. + type: object + additionalProperties: false + required: + - ChildAssetId + properties: + Id: + description: Customer provided actual UUID for property + type: string + minLength: 36 + maxLength: 36 + pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + ExternalId: + description: String-friendly customer provided external ID + type: string + minLength: 2 + maxLength: 128 + pattern: '[a-zA-Z0-9_][a-zA-Z_\-0-9.:]*[a-zA-Z0-9_]+' + LogicalId: + description: The LogicalID of a hierarchy in the parent asset's model. + type: string + minLength: 1 + maxLength: 256 + pattern: '[^\u0000-\u001F\u007F]+' + ChildAssetId: + description: The ID of the child asset to be associated. + type: string + Tag: + description: To add or update tag, provide both key and value. To delete tag, provide only tag key to be deleted + type: object + additionalProperties: false + properties: + Key: + type: string + Value: + type: string + required: + - Key + - Value + Asset: + type: object + properties: + AssetId: + description: The ID of the asset + type: string + minLength: 36 + maxLength: 36 + pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + AssetExternalId: + description: The External ID of the asset + type: string + minLength: 2 + maxLength: 128 + pattern: '[a-zA-Z0-9_][a-zA-Z_\-0-9.:]*[a-zA-Z0-9_]+' + AssetModelId: + description: The ID of the asset model from which to create the asset. + type: string + AssetArn: + description: The ARN of the asset + type: string + AssetName: + description: A unique, friendly name for the asset. + type: string + AssetDescription: + description: A description for the asset + type: string + AssetProperties: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AssetProperty' + AssetHierarchies: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AssetHierarchy' + Tags: + description: A list of key-value pairs that contain metadata for the asset. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - AssetName + - AssetModelId + x-stackql-resource-name: asset + description: Resource schema for AWS::IoTSiteWise::Asset + x-type-name: AWS::IoTSiteWise::Asset + x-stackql-primary-identifier: + - AssetId + x-read-only-properties: + - AssetArn + - AssetId + - AssetProperties/*/Id + - AssetHierarchies/*/Id + x-required-properties: + - AssetName + - AssetModelId + x-taggable: true + x-required-permissions: + create: + - iotsitewise:AssociateAssets + - iotsitewise:CreateAsset + - iotsitewise:DescribeAsset + - iotsitewise:DescribeAssetModel + - iotsitewise:ListAssociatedAssets + - iotsitewise:ListTagsForResource + - iotsitewise:TagResource + - iotsitewise:ListAssetModelProperties + - iotsitewise:ListAssetProperties + - iotsitewise:ListAssetModelCompositeModels + - iotsitewise:UpdateAssetProperty + read: + - iotsitewise:DescribeAsset + - iotsitewise:DescribeAssetModel + - iotsitewise:ListAssociatedAssets + - iotsitewise:ListAssetModelProperties + - iotsitewise:ListAssetModelCompositeModels + - iotsitewise:ListAssetProperties + - iotsitewise:ListTagsForResource + update: + - iotsitewise:AssociateAssets + - iotsitewise:DescribeAsset + - iotsitewise:DescribeAssetModel + - iotsitewise:DisassociateAssets + - iotsitewise:ListAssociatedAssets + - iotsitewise:ListTagsForResource + - iotsitewise:TagResource + - iotsitewise:UpdateAsset + - iotsitewise:UpdateAssetProperty + - iotsitewise:ListAssetModelProperties + - iotsitewise:ListAssetProperties + - iotsitewise:ListAssetModelCompositeModels + - iotsitewise:UntagResource + delete: + - iotsitewise:DeleteAsset + - iotsitewise:DescribeAsset + - iotsitewise:DescribeAssetModel + - iotsitewise:DisassociateAssets + - iotsitewise:ListAssociatedAssets + - iotsitewise:ListAssetProperties + - iotsitewise:ListTagsForResource + - iotsitewise:ListAssetModelCompositeModels + - iotsitewise:ListAssetModelProperties + - iotsitewise:ListAssetProperties + list: + - iotsitewise:ListAssetModels + - iotsitewise:ListAssets + AssetModelCompositeModel: + description: Contains a composite model definition in an asset model. This composite model definition is applied to all assets created from the asset model. + type: object + additionalProperties: false + required: + - Name + - Type + properties: + Id: + description: The Actual ID of the composite model + type: string + minLength: 36 + maxLength: 36 + pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + ExternalId: + description: The External ID of the composite model + type: string + minLength: 2 + maxLength: 128 + pattern: '[a-zA-Z0-9_][a-zA-Z_\-0-9.:]*[a-zA-Z0-9_]+' + ComposedAssetModelId: + description: The component model ID for which the composite model is composed of + type: string + ParentAssetModelCompositeModelExternalId: + description: The parent composite model External ID + type: string + minLength: 2 + maxLength: 128 + pattern: '[a-zA-Z0-9_][a-zA-Z_\-0-9.:]*[a-zA-Z0-9_]+' + Path: + description: The path of the composite model. This is only for derived composite models + type: array + x-insertionOrder: true + items: + type: string + Description: + description: A description for the asset composite model. + type: string + Name: + description: A unique, friendly name for the asset composite model. + type: string + Type: + description: The type of the composite model. For alarm composite models, this type is AWS/ALARM + type: string + CompositeModelProperties: + description: The property definitions of the asset model. You can specify up to 200 properties per asset model. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AssetModelProperty' + PropertyPathDefinition: + description: The definition for property path which is used to reference properties in transforms/metrics + type: object + additionalProperties: false + required: + - Name + properties: + Name: + description: The name of the property + type: string + AssetModelProperty: + description: Contains information about an asset model property. + type: object + additionalProperties: false + required: + - Name + - DataType + - Type + properties: + LogicalId: + description: Customer provided Logical ID for property. + type: string + minLength: 1 + maxLength: 256 + pattern: '[^\u0000-\u001F\u007F]+' + Id: + description: The ID of the Asset Model Property + type: string + minLength: 36 + maxLength: 36 + pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + ExternalId: + description: The External ID of the Asset Model Property + type: string + minLength: 2 + maxLength: 128 + pattern: '[a-zA-Z0-9_][a-zA-Z_\-0-9.:]*[a-zA-Z0-9_]+' + Name: + description: The name of the asset model property. + type: string + DataType: + description: The data type of the asset model property. + $ref: '#/components/schemas/DataType' + DataTypeSpec: + description: The data type of the structure for this property. + $ref: '#/components/schemas/DataTypeSpec' + Unit: + description: The unit of the asset model property, such as Newtons or RPM. + type: string + Type: + description: The property type + $ref: '#/components/schemas/PropertyType' + DataType: + type: string + enum: + - STRING + - INTEGER + - DOUBLE + - BOOLEAN + - STRUCT + DataTypeSpec: + type: string + enum: + - AWS/ALARM_STATE + PropertyType: + description: Contains a property type, which can be one of attribute, measurement, metric, or transform. + type: object + additionalProperties: false + required: + - TypeName + properties: + TypeName: + $ref: '#/components/schemas/TypeName' + Attribute: + $ref: '#/components/schemas/Attribute' + Transform: + $ref: '#/components/schemas/Transform' + Metric: + $ref: '#/components/schemas/Metric' + TypeName: + type: string + enum: + - Measurement + - Attribute + - Transform + - Metric + Attribute: + type: object + additionalProperties: false + properties: + DefaultValue: + type: string + Transform: + type: object + additionalProperties: false + properties: + Expression: + description: The mathematical expression that defines the transformation function. You can specify up to 10 functions per expression. + type: string + Variables: + description: The list of variables used in the expression. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ExpressionVariable' + required: + - Expression + - Variables + Metric: + type: object + additionalProperties: false + properties: + Expression: + description: The mathematical expression that defines the metric aggregation function. You can specify up to 10 functions per expression. + type: string + Variables: + description: The list of variables used in the expression. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ExpressionVariable' + Window: + description: The window (time interval) over which AWS IoT SiteWise computes the metric's aggregation expression + $ref: '#/components/schemas/MetricWindow' + required: + - Expression + - Variables + - Window + MetricWindow: + description: Contains a time interval window used for data aggregate computations (for example, average, sum, count, and so on). + type: object + additionalProperties: false + properties: + Tumbling: + $ref: '#/components/schemas/TumblingWindow' + TumblingWindow: + description: Contains a tumbling window, which is a repeating fixed-sized, non-overlapping, and contiguous time interval. This window is used in metric and aggregation computations. + type: object + additionalProperties: false + properties: + Interval: + $ref: '#/components/schemas/Interval' + Offset: + $ref: '#/components/schemas/Offset' + required: + - Interval + Interval: + description: The time interval for the tumbling window. + type: string + Offset: + description: The shift or reference point on timeline for the contiguous time intervals. + type: string + ExpressionVariable: + type: object + additionalProperties: false + properties: + Name: + description: The friendly name of the variable to be used in the expression. + type: string + Value: + description: The variable that identifies an asset property from which to use values. + $ref: '#/components/schemas/VariableValue' + required: + - Name + - Value + VariableValue: + type: object + additionalProperties: false + properties: + PropertyLogicalId: + type: string + minLength: 1 + maxLength: 256 + pattern: '[^\u0000-\u001F\u007F]+' + PropertyId: + description: The ID of the property that is trying to be referenced + type: string + minLength: 36 + maxLength: 36 + pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + PropertyExternalId: + description: The External ID of the property that is trying to be referenced + type: string + minLength: 2 + maxLength: 128 + pattern: '[a-zA-Z0-9_][a-zA-Z_\-0-9.:]*[a-zA-Z0-9_]+' + PropertyPath: + description: The path of the property that is trying to be referenced + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/PropertyPathDefinition' + HierarchyLogicalId: + type: string + minLength: 1 + maxLength: 256 + pattern: '[^\u0000-\u001F\u007F]+' + HierarchyId: + description: The ID of the hierarchy that is trying to be referenced + type: string + minLength: 36 + maxLength: 36 + pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + HierarchyExternalId: + description: The External ID of the hierarchy that is trying to be referenced + type: string + minLength: 2 + maxLength: 128 + pattern: '[a-zA-Z0-9_][a-zA-Z_\-0-9.:]*[a-zA-Z0-9_]+' + AssetModelHierarchy: + description: Contains information about an asset model hierarchy. + type: object + additionalProperties: false + required: + - Name + - ChildAssetModelId + properties: + Id: + description: Customer provided actual ID for hierarchy + type: string + minLength: 36 + maxLength: 36 + pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + ExternalId: + description: Customer provided external ID for hierarchy + type: string + minLength: 2 + maxLength: 128 + pattern: '[a-zA-Z0-9_][a-zA-Z_\-0-9.:]*[a-zA-Z0-9_]+' + LogicalId: + description: Customer provided logical ID for hierarchy. + type: string + minLength: 1 + maxLength: 256 + pattern: '[^\u0000-\u001F\u007F]+' + Name: + description: The name of the asset model hierarchy. + type: string + ChildAssetModelId: + description: The ID of the asset model. All assets in this hierarchy must be instances of the child AssetModelId asset model. + type: string + AssetModel: + type: object + properties: + AssetModelId: + description: The ID of the asset model. + type: string + minLength: 36 + maxLength: 36 + pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + AssetModelType: + description: The type of the asset model (ASSET_MODEL OR COMPONENT_MODEL) + type: string + AssetModelExternalId: + description: The external ID of the asset model. + type: string + minLength: 2 + maxLength: 128 + pattern: '[a-zA-Z0-9_][a-zA-Z_\-0-9.:]*[a-zA-Z0-9_]+' + AssetModelArn: + description: The ARN of the asset model, which has the following format. + type: string + AssetModelName: + description: A unique, friendly name for the asset model. + type: string + AssetModelDescription: + description: A description for the asset model. + type: string + AssetModelProperties: + description: The property definitions of the asset model. You can specify up to 200 properties per asset model. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AssetModelProperty' + AssetModelCompositeModels: + description: The composite asset models that are part of this asset model. Composite asset models are asset models that contain specific properties. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AssetModelCompositeModel' + AssetModelHierarchies: + description: The hierarchy definitions of the asset model. Each hierarchy specifies an asset model whose assets can be children of any other assets created from this asset model. You can specify up to 10 hierarchies per asset model. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AssetModelHierarchy' + Tags: + description: A list of key-value pairs that contain metadata for the asset model. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - AssetModelName + x-stackql-resource-name: asset_model + description: Resource schema for AWS::IoTSiteWise::AssetModel + x-type-name: AWS::IoTSiteWise::AssetModel + x-stackql-primary-identifier: + - AssetModelId + x-create-only-properties: + - AssetModelType + x-write-only-properties: + - AssetModelProperties/*/DataTypeSpec + - AssetModelProperties/*/Type/Transform/Variables/*/Value/HierarchyLogicalId + - AssetModelProperties/*/Type/Transform/Variables/*/Value/HierarchyId + - AssetModelProperties/*/Type/Metric/Variables/*/Value/HierarchyId + - AssetModelProperties/*/Type/Transform/Variables/*/Value/HierarchyExternalId + - AssetModelProperties/*/Type/Metric/Variables/*/Value/PropertyPath/*/Name + - AssetModelProperties/*/Type/Transform/Variables/*/Value/PropertyPath/*/Name + - AssetModelProperties/*/Type/Transform/Variables/*/Value/HierarchyExternalId + - AssetModelCompositeModels/*/CompositeModelProperties/*/Type/Transform/Variables/*/Value/HierarchyId + - AssetModelCompositeModels/*/CompositeModelProperties/*/Type/Metric/Variables/*/Value/HierarchyId + - AssetModelCompositeModels/*/CompositeModelProperties/*/Type/Transform/Variables/*/Value/HierarchyLogicalId + - AssetModelCompositeModels/*/CompositeModelProperties/*/Type/Transform/Variables/*/Value/HierarchyExternalId + - AssetModelCompositeModels/*/CompositeModelProperties/*/Type/Transform/Variables/*/Value/PropertyPath/*/Name + - AssetModelCompositeModels/*/CompositeModelProperties/*/Type/Metric/Variables/*/Value/PropertyPath/*/Name + - AssetModelCompositeModels/*/CompositeModelProperties/*/DataTypeSpec + x-read-only-properties: + - AssetModelArn + - AssetModelId + - AssetModelProperties/*/Id + - AssetModelProperties/*/Type/Transform/Variables/*/Value/PropertyId + - AssetModelProperties/*/Type/Metric/Variables/*/Value/PropertyId + - AssetModelHierarchies/*/Id + - AssetModelCompositeModels/*/Id + - AssetModelCompositeModels/*/CompositeModelProperties/*/Id + - AssetModelCompositeModels/*/CompositeModelProperties/*/Type/Transform/Variables/*/Value/PropertyId + - AssetModelCompositeModels/*/CompositeModelProperties/*/Type/Metric/Variables/*/Value/PropertyId + x-required-properties: + - AssetModelName + x-taggable: true + x-required-permissions: + create: + - iotsitewise:CreateAssetModel + - iotsitewise:ListTagsForResource + - iotsitewise:TagResource + - iotsitewise:DescribeAssetModel + - iotsitewise:UpdateAssetModel + - iotsitewise:ListAssetModelProperties + - iotsitewise:ListAssetModelCompositeModels + - iotsitewise:UpdateAssetModelCompositeModel + - iotsitewise:DescribeAssetModelCompositeModel + - iotsitewise:CreateAssetModelCompositeModel + read: + - iotsitewise:DescribeAssetModel + - iotsitewise:ListAssetModelProperties + - iotsitewise:DescribeAssetModelCompositeModel + - iotsitewise:ListAssetModelCompositeModels + - iotsitewise:ListTagsForResource + update: + - iotsitewise:DescribeAssetModel + - iotsitewise:ListTagsForResource + - iotsitewise:TagResource + - iotsitewise:UntagResource + - iotsitewise:ListAssetModelProperties + - iotsitewise:ListAssetModelCompositeModels + - iotsitewise:CreateAssetModelCompositeModel + - iotsitewise:UpdateAssetModelCompositeModel + - iotsitewise:DeleteAssetModelCompositeModel + - iotsitewise:DescribeAssetModelCompositeModel + - iotsitewise:UpdateAssetModel + delete: + - iotsitewise:DescribeAssetModel + - iotsitewise:DeleteAssetModel + - iotsitewise:ListAssetModelProperties + - iotsitewise:ListAssetModelCompositeModels + list: + - iotsitewise:DescribeAssetModel + - iotsitewise:ListAssetModels + - iotsitewise:ListTagsForResource + - iotsitewise:ListAssetModelProperties + - iotsitewise:ListAssetModelCompositeModels + Dashboard: + type: object + properties: + ProjectId: + description: The ID of the project in which to create the dashboard. + type: string + DashboardId: + description: The ID of the dashboard. + type: string + DashboardName: + description: A friendly name for the dashboard. + type: string + DashboardDescription: + description: A description for the dashboard. + type: string + DashboardDefinition: + description: The dashboard definition specified in a JSON literal. + type: string + DashboardArn: + description: The ARN of the dashboard. + type: string + Tags: + description: A list of key-value pairs that contain metadata for the dashboard. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - DashboardDefinition + - DashboardDescription + - DashboardName + x-stackql-resource-name: dashboard + description: Resource schema for AWS::IoTSiteWise::Dashboard + x-type-name: AWS::IoTSiteWise::Dashboard + x-stackql-primary-identifier: + - DashboardId + x-stackql-additional-identifiers: + - - DashboardArn + x-create-only-properties: + - ProjectId + x-read-only-properties: + - DashboardArn + - DashboardId + x-required-properties: + - DashboardDefinition + - DashboardDescription + - DashboardName + x-taggable: true + x-required-permissions: + create: + - iotsitewise:CreateDashboard + - iotsitewise:DescribeDashboard + - iotsitewise:ListTagsForResource + - iotsitewise:TagResource + - iotsitewise:DescribeAsset + - iotsitewise:DescribeAssetModel + - iotsitewise:ListAssetModelProperties + - iotsitewise:ListAssetModelCompositeModels + read: + - iotsitewise:DescribeDashboard + - iotsitewise:ListTagsForResource + update: + - iotsitewise:DescribeDashboard + - iotsitewise:UpdateDashboard + - iotsitewise:TagResource + - iotsitewise:UntagResource + - iotsitewise:ListTagsForResource + - iotsitewise:DescribeAsset + - iotsitewise:DescribeAssetModel + - iotsitewise:ListAssetModelProperties + - iotsitewise:ListAssetModelCompositeModels + delete: + - iotsitewise:DescribeDashboard + - iotsitewise:DeleteDashboard + list: + - iotsitewise:ListDashboards + GatewayPlatform: + description: Contains a gateway's platform information. + type: object + additionalProperties: false + properties: + Greengrass: + description: A gateway that runs on AWS IoT Greengrass V1. + $ref: '#/components/schemas/Greengrass' + GreengrassV2: + description: A gateway that runs on AWS IoT Greengrass V2. + $ref: '#/components/schemas/GreengrassV2' + SiemensIE: + description: A gateway that runs on Siemens Industrial Edge. + $ref: '#/components/schemas/SiemensIE' + oneOf: + - required: + - Greengrass + - required: + - GreengrassV2 + - required: + - SiemensIE + Greengrass: + description: Contains the ARN of AWS IoT Greengrass Group V1 that the gateway runs on. + type: object + additionalProperties: false + properties: + GroupArn: + description: The ARN of the Greengrass group. + type: string + required: + - GroupArn + GreengrassV2: + description: Contains the CoreDeviceThingName of AWS IoT Greengrass Group V2 that the gateway runs on. + type: object + additionalProperties: false + properties: + CoreDeviceThingName: + description: The name of the CoreDevice in GreenGrass V2. + type: string + required: + - CoreDeviceThingName + SiemensIE: + description: Contains the IotCoreThingName of AWS IoT Thing that the gateway runs on. + type: object + additionalProperties: false + properties: + IotCoreThingName: + description: The name of the IoT Core Thing. + type: string + required: + - IotCoreThingName + CapabilityNamespace: + description: The namespace of the capability configuration. + type: string + CapabilityConfiguration: + description: The JSON document that defines the gateway capability's configuration. + type: string + GatewayCapabilitySummary: + description: Contains a summary of a gateway capability configuration. + type: object + additionalProperties: false + properties: + CapabilityNamespace: + $ref: '#/components/schemas/CapabilityNamespace' + CapabilityConfiguration: + $ref: '#/components/schemas/CapabilityConfiguration' + required: + - CapabilityNamespace + Gateway: + type: object + properties: + GatewayName: + description: A unique, friendly name for the gateway. + type: string + GatewayPlatform: + description: The gateway's platform. You can only specify one platform in a gateway. + $ref: '#/components/schemas/GatewayPlatform' + Tags: + description: A list of key-value pairs that contain metadata for the gateway. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + GatewayId: + description: The ID of the gateway device. + type: string + GatewayCapabilitySummaries: + description: A list of gateway capability summaries that each contain a namespace and status. + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/GatewayCapabilitySummary' + required: + - GatewayName + - GatewayPlatform + x-stackql-resource-name: gateway + description: Resource schema for AWS::IoTSiteWise::Gateway + x-type-name: AWS::IoTSiteWise::Gateway + x-stackql-primary-identifier: + - GatewayId + x-create-only-properties: + - GatewayPlatform + x-read-only-properties: + - GatewayId + x-required-properties: + - GatewayName + - GatewayPlatform + x-taggable: true + x-required-permissions: + create: + - iotsitewise:CreateGateway + - iotsitewise:DescribeGateway + - iotsitewise:DescribeGatewayCapabilityConfiguration + - iotsitewise:UpdateGatewayCapabilityConfiguration + - iam:PassRole + - iam:GetRole + - greengrass:GetCoreDevice + - iotsitewise:ListTagsForResource + - iotsitewise:TagResource + - iot:DescribeThing + read: + - iotsitewise:DescribeGateway + - iotsitewise:DescribeGatewayCapabilityConfiguration + - iotsitewise:ListTagsForResource + update: + - iotsitewise:UpdateGateway + - iotsitewise:UpdateGatewayCapabilityConfiguration + - iotsitewise:TagResource + - iotsitewise:UntagResource + - iotsitewise:DescribeGateway + - iotsitewise:DescribeGatewayCapabilityConfiguration + - iotsitewise:ListTagsForResource + delete: + - iotsitewise:DescribeGateway + - iotsitewise:DescribeGatewayCapabilityConfiguration + - iotsitewise:DeleteGateway + list: + - iotsitewise:ListGateways + AssetId: + description: The ID of the asset + type: string + x-stackQL-resources: + portals: + name: portals + id: aws.iotsitewise.portals + x-cfn-schema-name: Portal + x-type: list + x-identifiers: + - PortalId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PortalId') as portal_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTSiteWise::Portal' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PortalId') as portal_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTSiteWise::Portal' + AND region = 'us-east-1' + portal: + name: portal + id: aws.iotsitewise.portal + x-cfn-schema-name: Portal + x-type: get + x-identifiers: + - PortalId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PortalAuthMode') as portal_auth_mode, + JSON_EXTRACT(Properties, '$.PortalArn') as portal_arn, + JSON_EXTRACT(Properties, '$.PortalClientId') as portal_client_id, + JSON_EXTRACT(Properties, '$.PortalContactEmail') as portal_contact_email, + JSON_EXTRACT(Properties, '$.PortalDescription') as portal_description, + JSON_EXTRACT(Properties, '$.PortalId') as portal_id, + JSON_EXTRACT(Properties, '$.PortalName') as portal_name, + JSON_EXTRACT(Properties, '$.PortalStartUrl') as portal_start_url, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.NotificationSenderEmail') as notification_sender_email, + JSON_EXTRACT(Properties, '$.Alarms') as alarms, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::Portal' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PortalAuthMode') as portal_auth_mode, + json_extract_path_text(Properties, 'PortalArn') as portal_arn, + json_extract_path_text(Properties, 'PortalClientId') as portal_client_id, + json_extract_path_text(Properties, 'PortalContactEmail') as portal_contact_email, + json_extract_path_text(Properties, 'PortalDescription') as portal_description, + json_extract_path_text(Properties, 'PortalId') as portal_id, + json_extract_path_text(Properties, 'PortalName') as portal_name, + json_extract_path_text(Properties, 'PortalStartUrl') as portal_start_url, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'NotificationSenderEmail') as notification_sender_email, + json_extract_path_text(Properties, 'Alarms') as alarms, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::Portal' + AND data__Identifier = '' + AND region = 'us-east-1' + projects: + name: projects + id: aws.iotsitewise.projects + x-cfn-schema-name: Project + x-type: list + x-identifiers: + - ProjectId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ProjectId') as project_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTSiteWise::Project' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ProjectId') as project_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTSiteWise::Project' + AND region = 'us-east-1' + project: + name: project + id: aws.iotsitewise.project + x-cfn-schema-name: Project + x-type: get + x-identifiers: + - ProjectId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PortalId') as portal_id, + JSON_EXTRACT(Properties, '$.ProjectId') as project_id, + JSON_EXTRACT(Properties, '$.ProjectName') as project_name, + JSON_EXTRACT(Properties, '$.ProjectDescription') as project_description, + JSON_EXTRACT(Properties, '$.ProjectArn') as project_arn, + JSON_EXTRACT(Properties, '$.AssetIds') as asset_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::Project' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PortalId') as portal_id, + json_extract_path_text(Properties, 'ProjectId') as project_id, + json_extract_path_text(Properties, 'ProjectName') as project_name, + json_extract_path_text(Properties, 'ProjectDescription') as project_description, + json_extract_path_text(Properties, 'ProjectArn') as project_arn, + json_extract_path_text(Properties, 'AssetIds') as asset_ids, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::Project' + AND data__Identifier = '' + AND region = 'us-east-1' + access_policies: + name: access_policies + id: aws.iotsitewise.access_policies + x-cfn-schema-name: AccessPolicy + x-type: list + x-identifiers: + - AccessPolicyId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccessPolicyId') as access_policy_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTSiteWise::AccessPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccessPolicyId') as access_policy_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTSiteWise::AccessPolicy' + AND region = 'us-east-1' + access_policy: + name: access_policy + id: aws.iotsitewise.access_policy + x-cfn-schema-name: AccessPolicy + x-type: get + x-identifiers: + - AccessPolicyId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccessPolicyId') as access_policy_id, + JSON_EXTRACT(Properties, '$.AccessPolicyArn') as access_policy_arn, + JSON_EXTRACT(Properties, '$.AccessPolicyIdentity') as access_policy_identity, + JSON_EXTRACT(Properties, '$.AccessPolicyPermission') as access_policy_permission, + JSON_EXTRACT(Properties, '$.AccessPolicyResource') as access_policy_resource + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::AccessPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccessPolicyId') as access_policy_id, + json_extract_path_text(Properties, 'AccessPolicyArn') as access_policy_arn, + json_extract_path_text(Properties, 'AccessPolicyIdentity') as access_policy_identity, + json_extract_path_text(Properties, 'AccessPolicyPermission') as access_policy_permission, + json_extract_path_text(Properties, 'AccessPolicyResource') as access_policy_resource + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::AccessPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + assets: + name: assets + id: aws.iotsitewise.assets + x-cfn-schema-name: Asset + x-type: list + x-identifiers: + - AssetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssetId') as asset_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTSiteWise::Asset' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssetId') as asset_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTSiteWise::Asset' + AND region = 'us-east-1' + asset: + name: asset + id: aws.iotsitewise.asset + x-cfn-schema-name: Asset + x-type: get + x-identifiers: + - AssetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AssetId') as asset_id, + JSON_EXTRACT(Properties, '$.AssetExternalId') as asset_external_id, + JSON_EXTRACT(Properties, '$.AssetModelId') as asset_model_id, + JSON_EXTRACT(Properties, '$.AssetArn') as asset_arn, + JSON_EXTRACT(Properties, '$.AssetName') as asset_name, + JSON_EXTRACT(Properties, '$.AssetDescription') as asset_description, + JSON_EXTRACT(Properties, '$.AssetProperties') as asset_properties, + JSON_EXTRACT(Properties, '$.AssetHierarchies') as asset_hierarchies, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::Asset' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AssetId') as asset_id, + json_extract_path_text(Properties, 'AssetExternalId') as asset_external_id, + json_extract_path_text(Properties, 'AssetModelId') as asset_model_id, + json_extract_path_text(Properties, 'AssetArn') as asset_arn, + json_extract_path_text(Properties, 'AssetName') as asset_name, + json_extract_path_text(Properties, 'AssetDescription') as asset_description, + json_extract_path_text(Properties, 'AssetProperties') as asset_properties, + json_extract_path_text(Properties, 'AssetHierarchies') as asset_hierarchies, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::Asset' + AND data__Identifier = '' + AND region = 'us-east-1' + asset_models: + name: asset_models + id: aws.iotsitewise.asset_models + x-cfn-schema-name: AssetModel + x-type: list + x-identifiers: + - AssetModelId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssetModelId') as asset_model_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTSiteWise::AssetModel' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssetModelId') as asset_model_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTSiteWise::AssetModel' + AND region = 'us-east-1' + asset_model: + name: asset_model + id: aws.iotsitewise.asset_model + x-cfn-schema-name: AssetModel + x-type: get + x-identifiers: + - AssetModelId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AssetModelId') as asset_model_id, + JSON_EXTRACT(Properties, '$.AssetModelType') as asset_model_type, + JSON_EXTRACT(Properties, '$.AssetModelExternalId') as asset_model_external_id, + JSON_EXTRACT(Properties, '$.AssetModelArn') as asset_model_arn, + JSON_EXTRACT(Properties, '$.AssetModelName') as asset_model_name, + JSON_EXTRACT(Properties, '$.AssetModelDescription') as asset_model_description, + JSON_EXTRACT(Properties, '$.AssetModelProperties') as asset_model_properties, + JSON_EXTRACT(Properties, '$.AssetModelCompositeModels') as asset_model_composite_models, + JSON_EXTRACT(Properties, '$.AssetModelHierarchies') as asset_model_hierarchies, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::AssetModel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AssetModelId') as asset_model_id, + json_extract_path_text(Properties, 'AssetModelType') as asset_model_type, + json_extract_path_text(Properties, 'AssetModelExternalId') as asset_model_external_id, + json_extract_path_text(Properties, 'AssetModelArn') as asset_model_arn, + json_extract_path_text(Properties, 'AssetModelName') as asset_model_name, + json_extract_path_text(Properties, 'AssetModelDescription') as asset_model_description, + json_extract_path_text(Properties, 'AssetModelProperties') as asset_model_properties, + json_extract_path_text(Properties, 'AssetModelCompositeModels') as asset_model_composite_models, + json_extract_path_text(Properties, 'AssetModelHierarchies') as asset_model_hierarchies, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::AssetModel' + AND data__Identifier = '' + AND region = 'us-east-1' + dashboards: + name: dashboards + id: aws.iotsitewise.dashboards + x-cfn-schema-name: Dashboard + x-type: list + x-identifiers: + - DashboardId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DashboardId') as dashboard_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTSiteWise::Dashboard' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DashboardId') as dashboard_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTSiteWise::Dashboard' + AND region = 'us-east-1' + dashboard: + name: dashboard + id: aws.iotsitewise.dashboard + x-cfn-schema-name: Dashboard + x-type: get + x-identifiers: + - DashboardId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ProjectId') as project_id, + JSON_EXTRACT(Properties, '$.DashboardId') as dashboard_id, + JSON_EXTRACT(Properties, '$.DashboardName') as dashboard_name, + JSON_EXTRACT(Properties, '$.DashboardDescription') as dashboard_description, + JSON_EXTRACT(Properties, '$.DashboardDefinition') as dashboard_definition, + JSON_EXTRACT(Properties, '$.DashboardArn') as dashboard_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::Dashboard' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ProjectId') as project_id, + json_extract_path_text(Properties, 'DashboardId') as dashboard_id, + json_extract_path_text(Properties, 'DashboardName') as dashboard_name, + json_extract_path_text(Properties, 'DashboardDescription') as dashboard_description, + json_extract_path_text(Properties, 'DashboardDefinition') as dashboard_definition, + json_extract_path_text(Properties, 'DashboardArn') as dashboard_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::Dashboard' + AND data__Identifier = '' + AND region = 'us-east-1' + gateways: + name: gateways + id: aws.iotsitewise.gateways + x-cfn-schema-name: Gateway + x-type: list + x-identifiers: + - GatewayId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GatewayId') as gateway_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTSiteWise::Gateway' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GatewayId') as gateway_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTSiteWise::Gateway' + AND region = 'us-east-1' + gateway: + name: gateway + id: aws.iotsitewise.gateway + x-cfn-schema-name: Gateway + x-type: get + x-identifiers: + - GatewayId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.GatewayName') as gateway_name, + JSON_EXTRACT(Properties, '$.GatewayPlatform') as gateway_platform, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.GatewayId') as gateway_id, + JSON_EXTRACT(Properties, '$.GatewayCapabilitySummaries') as gateway_capability_summaries + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::Gateway' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'GatewayName') as gateway_name, + json_extract_path_text(Properties, 'GatewayPlatform') as gateway_platform, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'GatewayId') as gateway_id, + json_extract_path_text(Properties, 'GatewayCapabilitySummaries') as gateway_capability_summaries + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::Gateway' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/iottwinmaker.yaml b/providers/src/aws/v00.00.00000/services/iottwinmaker.yaml new file mode 100644 index 00000000..f26229c1 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/iottwinmaker.yaml @@ -0,0 +1,1414 @@ +openapi: 3.0.0 +info: + title: IoTTwinMaker + version: 1.0.0 +paths: {} +components: + schemas: + DateTimeFormat: + type: string + format: date-time + ParentComponentType: + type: string + pattern: '[a-zA-Z_\.\-0-9:]+' + PropertyName: + type: string + pattern: '[a-zA-Z_\-0-9]+' + RequiredProperty: + type: string + pattern: '[a-zA-Z_\-0-9]+' + LambdaFunction: + type: object + properties: + Arn: + type: string + pattern: arn:((aws)|(aws-cn)|(aws-us-gov)):lambda:[a-z0-9-]+:[0-9]{12}:function:[\/a-zA-Z0-9_-]+ + minLength: 1 + maxLength: 128 + additionalProperties: false + required: + - Arn + DataConnector: + description: The data connector. + type: object + properties: + IsNative: + description: A Boolean value that specifies whether the data connector is native to IoT TwinMaker. + type: boolean + Lambda: + description: The Lambda function associated with this data connector. + $ref: '#/components/schemas/LambdaFunction' + additionalProperties: false + Function: + description: The function of component type. + type: object + properties: + ImplementedBy: + description: The data connector. + $ref: '#/components/schemas/DataConnector' + RequiredProperties: + description: The required properties of the function. + type: array + minItems: 1 + maxItems: 256 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/RequiredProperty' + Scope: + description: The scope of the function. + type: string + enum: + - ENTITY + - WORKSPACE + additionalProperties: false + DataValue: + description: An object that specifies a value for a property. + type: object + properties: + BooleanValue: + description: A Boolean value. + type: boolean + DoubleValue: + description: A double value. + type: number + Expression: + description: An expression that produces the value. + type: string + pattern: (^\$\{Parameters\.[a-zA-z]+([a-zA-z_0-9]*)}$) + minLength: 1 + maxLength: 316 + IntegerValue: + description: An integer value. + type: integer + ListValue: + description: A list of multiple values. + type: array + minItems: 0 + maxItems: 50 + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/DataValue' + LongValue: + description: A long value. + type: number + StringValue: + description: A string value. + type: string + pattern: .* + minLength: 1 + maxLength: 256 + MapValue: + description: An object that maps strings to multiple DataValue objects. + type: object + x-patternProperties: + '[a-zA-Z_\-0-9]+': + $ref: '#/components/schemas/DataValue' + additionalProperties: false + RelationshipValue: + description: A value that relates a component to another component. + type: object + properties: + TargetComponentName: + type: string + pattern: '[a-zA-Z_\-0-9]+' + minLength: 1 + maxLength: 256 + TargetEntityId: + type: string + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|^[a-zA-Z0-9][a-zA-Z_\-0-9.:]*[a-zA-Z0-9]+' + minLength: 1 + maxLength: 128 + additionalProperties: false + additionalProperties: false + Relationship: + description: The type of the relationship. + type: object + properties: + RelationshipType: + description: The type of the relationship. + type: string + pattern: .* + minLength: 1 + maxLength: 256 + TargetComponentTypeId: + description: The ID of the target component type associated with this relationship. + type: string + pattern: '[a-zA-Z_\.\-0-9:]+' + minLength: 1 + maxLength: 256 + additionalProperties: false + DataType: + description: An object that specifies the data type of a property. + type: object + properties: + AllowedValues: + description: The allowed values for this data type. + type: array + minItems: 0 + maxItems: 50 + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/DataValue' + NestedType: + description: The nested type in the data type. + $ref: '#/components/schemas/DataType' + Relationship: + description: A relationship that associates a component with another component. + $ref: '#/components/schemas/Relationship' + Type: + description: The underlying type of the data type. + type: string + enum: + - RELATIONSHIP + - STRING + - LONG + - BOOLEAN + - INTEGER + - DOUBLE + - LIST + - MAP + UnitOfMeasure: + description: The unit of measure used in this data type. + type: string + pattern: .* + minLength: 1 + maxLength: 256 + additionalProperties: false + PropertyDefinition: + description: An object that sets information about a property. + type: object + properties: + Configurations: + description: An object that specifies information about a property. + type: object + x-patternProperties: + '[a-zA-Z_\-0-9]+': + type: string + pattern: '[a-zA-Z_\-0-9]+' + minLength: 1 + maxLength: 256 + additionalProperties: false + DataType: + description: An object that contains information about the data type. + $ref: '#/components/schemas/DataType' + DefaultValue: + description: An object that contains the default value. + $ref: '#/components/schemas/DataValue' + IsExternalId: + description: A Boolean value that specifies whether the property ID comes from an external data store. + type: boolean + IsRequiredInEntity: + description: A Boolean value that specifies whether the property is required. + type: boolean + IsStoredExternally: + description: A Boolean value that specifies whether the property is stored externally. + type: boolean + IsTimeSeries: + description: A Boolean value that specifies whether the property consists of time series data. + type: boolean + additionalProperties: false + PropertyGroup: + description: An object that specifies information about a property group. + type: object + properties: + GroupType: + description: The type of property group. + type: string + enum: + - TABULAR + PropertyNames: + description: The list of property names in the property group. + type: array + minItems: 1 + maxItems: 256 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/PropertyName' + additionalProperties: false + CompositeComponentType: + description: An object that sets information about a composite component type. + type: object + properties: + ComponentTypeId: + description: The id of the composite component type. + type: string + pattern: '[a-zA-Z_\.\-0-9:]+' + minLength: 1 + maxLength: 256 + additionalProperties: false + Status: + type: object + properties: + State: + type: string + enum: + - CREATING + - UPDATING + - DELETING + - ACTIVE + - ERROR + Error: + type: object + anyOf: + - description: Empty Error object. + type: object + additionalProperties: false + - description: Error object with Message and Code. + type: object + properties: + Message: + type: string + minLength: 0 + maxLength: 2048 + Code: + type: string + enum: + - VALIDATION_ERROR + - INTERNAL_FAILURE + additionalProperties: false + additionalProperties: false + ComponentType: + type: object + properties: + WorkspaceId: + description: The ID of the workspace that contains the component type. + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z_0-9][a-zA-Z_\-0-9]*[a-zA-Z0-9]+' + ComponentTypeId: + description: The ID of the component type. + type: string + minLength: 1 + maxLength: 256 + pattern: '[a-zA-Z_\.\-0-9:]+' + Description: + description: The description of the component type. + type: string + minLength: 0 + maxLength: 512 + ExtendsFrom: + description: Specifies the parent component type to extend. + type: array + minItems: 1 + maxItems: 256 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/ParentComponentType' + Functions: + description: a Map of functions in the component type. Each function's key must be unique to this map. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z_\-0-9]+': + $ref: '#/components/schemas/Function' + IsSingleton: + description: A Boolean value that specifies whether an entity can have more than one component of this type. + type: boolean + PropertyDefinitions: + description: An map of the property definitions in the component type. Each property definition's key must be unique to this map. + type: object + x-patternProperties: + '[a-zA-Z_\-0-9]+': + $ref: '#/components/schemas/PropertyDefinition' + additionalProperties: false + PropertyGroups: + description: An map of the property groups in the component type. Each property group's key must be unique to this map. + type: object + x-patternProperties: + '[a-zA-Z_\-0-9]+': + $ref: '#/components/schemas/PropertyGroup' + additionalProperties: false + CompositeComponentTypes: + description: An map of the composite component types in the component type. Each composite component type's key must be unique to this map. + type: object + x-patternProperties: + '[a-zA-Z_\-0-9]+': + $ref: '#/components/schemas/CompositeComponentType' + additionalProperties: false + Arn: + description: The ARN of the component type. + type: string + minLength: 20 + maxLength: 2048 + pattern: arn:((aws)|(aws-cn)|(aws-us-gov)):iottwinmaker:[a-z0-9-]+:[0-9]{12}:[\/a-zA-Z0-9_\-\.:]+ + CreationDateTime: + description: The date and time when the component type was created. + $ref: '#/components/schemas/DateTimeFormat' + UpdateDateTime: + description: The last date and time when the component type was updated. + $ref: '#/components/schemas/DateTimeFormat' + Status: + description: The current status of the component type. + $ref: '#/components/schemas/Status' + IsAbstract: + description: A Boolean value that specifies whether the component type is abstract. + type: boolean + IsSchemaInitialized: + description: A Boolean value that specifies whether the component type has a schema initializer and that the schema initializer has run. + type: boolean + Tags: + type: object + description: A map of key-value pairs to associate with a resource. + x-patternProperties: + ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$: + type: string + minLength: 1 + maxLength: 256 + maxProperties: 50 + additionalProperties: false + required: + - WorkspaceId + - ComponentTypeId + x-stackql-resource-name: component_type + description: Resource schema for AWS::IoTTwinMaker::ComponentType + x-type-name: AWS::IoTTwinMaker::ComponentType + x-stackql-primary-identifier: + - WorkspaceId + - ComponentTypeId + x-create-only-properties: + - WorkspaceId + - ComponentTypeId + x-read-only-properties: + - Arn + - CreationDateTime + - UpdateDateTime + - Status + - IsAbstract + - IsSchemaInitialized + x-required-properties: + - WorkspaceId + - ComponentTypeId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iottwinmaker:CreateComponentType + - iottwinmaker:GetComponentType + - iottwinmaker:GetWorkspace + - iottwinmaker:ListTagsForResource + - iottwinmaker:TagResource + read: + - iottwinmaker:GetComponentType + - iottwinmaker:GetWorkspace + - iottwinmaker:ListTagsForResource + update: + - iottwinmaker:GetComponentType + - iottwinmaker:GetWorkspace + - iottwinmaker:ListTagsForResource + - iottwinmaker:TagResource + - iottwinmaker:UntagResource + - iottwinmaker:UpdateComponentType + delete: + - iottwinmaker:DeleteComponentType + - iottwinmaker:GetComponentType + - iottwinmaker:GetWorkspace + list: + - iottwinmaker:GetComponentType + - iottwinmaker:GetWorkspace + - iottwinmaker:ListComponentTypes + - iottwinmaker:ListTagsForResource + PropertyDefinitionConfiguration: + description: An object that specifies information about a property configuration. + type: object + x-patternProperties: + '[a-zA-Z_\-0-9]+': + type: string + pattern: '[a-zA-Z_\-0-9]+' + minLength: 1 + maxLength: 256 + additionalProperties: false + Definition: + description: An object that specifies information about a property definition. + type: object + properties: + Configuration: + description: An object that specifies information about a property configuration. + $ref: '#/components/schemas/PropertyDefinitionConfiguration' + DataType: + description: An object that contains information about the data type. + $ref: '#/components/schemas/DataType' + DefaultValue: + description: An object that contains the default value. + $ref: '#/components/schemas/DataValue' + IsExternalId: + description: A Boolean value that specifies whether the property ID comes from an external data store. + type: boolean + IsFinal: + description: A Boolean value that specifies whether the property definition can be updated. + type: boolean + IsImported: + description: A Boolean value that specifies whether the property definition is imported from an external data store. + type: boolean + IsInherited: + description: A Boolean value that specifies whether the property definition is inherited from a parent entity. + type: boolean + IsRequiredInEntity: + description: A Boolean value that specifies whether the property is required. + type: boolean + IsStoredExternally: + description: A Boolean value that specifies whether the property is stored externally. + type: boolean + IsTimeSeries: + description: A Boolean value that specifies whether the property consists of time series data. + type: boolean + additionalProperties: false + Property: + description: An object that specifies information about a property. + type: object + properties: + Definition: + description: The definition of the property. + $ref: '#/components/schemas/Definition' + Value: + description: The value of the property. + $ref: '#/components/schemas/DataValue' + additionalProperties: false + Component: + type: object + properties: + ComponentName: + description: The name of the component. + type: string + pattern: '[a-zA-Z_\-0-9]+' + minLength: 1 + maxLength: 256 + ComponentTypeId: + description: The ID of the component type. + type: string + pattern: '[a-zA-Z_\-0-9]+' + minLength: 1 + maxLength: 256 + Description: + description: The description of the component. + type: string + minLength: 0 + maxLength: 512 + DefinedIn: + description: The name of the property definition set in the component. + type: string + minLength: 1 + maxLength: 256 + Properties: + description: An object that maps strings to the properties to set in the component type. Each string in the mapping must be unique to this object. + type: object + x-patternProperties: + '[a-zA-Z_\-0-9]+': + $ref: '#/components/schemas/Property' + additionalProperties: false + PropertyGroups: + description: An object that maps strings to the property groups to set in the component type. Each string in the mapping must be unique to this object. + type: object + x-patternProperties: + '[a-zA-Z_\-0-9]+': + $ref: '#/components/schemas/PropertyGroup' + additionalProperties: false + Status: + description: The current status of the entity. + $ref: '#/components/schemas/Status' + additionalProperties: false + CompositeComponent: + type: object + properties: + ComponentName: + description: The name of the component. + type: string + pattern: '[a-zA-Z_\-0-9]+' + minLength: 1 + maxLength: 256 + ComponentPath: + description: The path of the component. + type: string + pattern: '[a-zA-Z_\-0-9/]+' + minLength: 1 + maxLength: 256 + ComponentTypeId: + description: The ID of the component type. + type: string + pattern: '[a-zA-Z_\-0-9]+' + minLength: 1 + maxLength: 256 + Description: + description: The description of the component. + type: string + minLength: 0 + maxLength: 512 + Properties: + description: An object that maps strings to the properties to set in the component type. Each string in the mapping must be unique to this object. + type: object + x-patternProperties: + '[a-zA-Z_\-0-9]+': + $ref: '#/components/schemas/Property' + additionalProperties: false + PropertyGroups: + description: An object that maps strings to the property groups to set in the component type. Each string in the mapping must be unique to this object. + type: object + x-patternProperties: + '[a-zA-Z_\-0-9]+': + $ref: '#/components/schemas/PropertyGroup' + additionalProperties: false + Status: + description: The current status of the component. + $ref: '#/components/schemas/Status' + additionalProperties: false + Entity: + type: object + properties: + EntityId: + description: The ID of the entity. + type: string + minLength: 1 + maxLength: 128 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|^[a-zA-Z0-9][a-zA-Z_\-0-9.:]*[a-zA-Z0-9]+' + EntityName: + description: The name of the entity. + type: string + minLength: 1 + maxLength: 256 + pattern: '[a-zA-Z_0-9-.][a-zA-Z_0-9-. ]*[a-zA-Z0-9]+' + Status: + description: The current status of the entity. + $ref: '#/components/schemas/Status' + HasChildEntities: + description: A Boolean value that specifies whether the entity has child entities or not. + type: boolean + ParentEntityId: + description: The ID of the parent entity. + type: string + minLength: 1 + maxLength: 128 + pattern: \$ROOT|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|^[a-zA-Z0-9][a-zA-Z_\-0-9.:]*[a-zA-Z0-9]+ + Arn: + description: The ARN of the entity. + type: string + minLength: 20 + maxLength: 2048 + pattern: arn:((aws)|(aws-cn)|(aws-us-gov)):iottwinmaker:[a-z0-9-]+:[0-9]{12}:[\/a-zA-Z0-9_\-\.:]+ + Description: + description: The description of the entity. + type: string + minLength: 0 + maxLength: 512 + CreationDateTime: + description: The date and time when the entity was created. + $ref: '#/components/schemas/DateTimeFormat' + UpdateDateTime: + description: The last date and time when the entity was updated. + $ref: '#/components/schemas/DateTimeFormat' + Tags: + type: object + description: A key-value pair to associate with a resource. + x-patternProperties: + ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$: + type: string + minLength: 1 + maxLength: 256 + additionalProperties: false + WorkspaceId: + description: The ID of the workspace. + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z_0-9][a-zA-Z_\-0-9]*[a-zA-Z0-9]+' + Components: + description: A map that sets information about a component type. + type: object + x-patternProperties: + '[a-zA-Z_\-0-9]+': + $ref: '#/components/schemas/Component' + additionalProperties: false + CompositeComponents: + description: A map that sets information about a composite component. + type: object + x-patternProperties: + '[a-zA-Z_\-0-9/]+': + $ref: '#/components/schemas/CompositeComponent' + additionalProperties: false + required: + - WorkspaceId + - EntityName + x-stackql-resource-name: entity + description: Resource schema for AWS::IoTTwinMaker::Entity + x-type-name: AWS::IoTTwinMaker::Entity + x-stackql-primary-identifier: + - WorkspaceId + - EntityId + x-create-only-properties: + - WorkspaceId + - EntityId + x-read-only-properties: + - Arn + - CreationDateTime + - UpdateDateTime + - Status + - HasChildEntities + x-required-properties: + - WorkspaceId + - EntityName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iottwinmaker:GetWorkspace + - iottwinmaker:CreateEntity + - iottwinmaker:GetEntity + - iottwinmaker:ListComponents + - iottwinmaker:ListProperties + - iottwinmaker:ListTagsForResource + - iottwinmaker:TagResource + read: + - iottwinmaker:GetComponentType + - iottwinmaker:GetEntity + - iottwinmaker:ListComponents + - iottwinmaker:ListProperties + - iottwinmaker:GetWorkspace + - iottwinmaker:ListEntities + - iottwinmaker:ListTagsForResource + update: + - iottwinmaker:GetComponentType + - iottwinmaker:GetEntity + - iottwinmaker:ListComponents + - iottwinmaker:ListProperties + - iottwinmaker:GetWorkspace + - iottwinmaker:ListTagsForResource + - iottwinmaker:TagResource + - iottwinmaker:UntagResource + - iottwinmaker:UpdateEntity + - iottwinmaker:UpdateComponentType + delete: + - iottwinmaker:GetEntity + - iottwinmaker:GetWorkspace + - iottwinmaker:DeleteEntity + list: + - iottwinmaker:GetWorkspace + - iottwinmaker:ListTagsForResource + - iottwinmaker:GetEntity + - iottwinmaker:ListEntities + Scene: + type: object + properties: + SceneId: + description: The ID of the scene. + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z_0-9][a-zA-Z_\-0-9]*[a-zA-Z0-9]+' + Arn: + description: The ARN of the scene. + type: string + minLength: 20 + maxLength: 2048 + pattern: arn:((aws)|(aws-cn)|(aws-us-gov)):iottwinmaker:[a-z0-9-]+:[0-9]{12}:[\/a-zA-Z0-9_\-\.:]+ + Description: + description: The description of the scene. + type: string + minLength: 0 + maxLength: 512 + ContentLocation: + description: The relative path that specifies the location of the content definition file. + type: string + minLength: 0 + maxLength: 256 + pattern: '[sS]3://[A-Za-z0-9._/-]+' + CreationDateTime: + description: The date and time when the scene was created. + $ref: '#/components/schemas/DateTimeFormat' + UpdateDateTime: + description: The date and time of the current update. + $ref: '#/components/schemas/DateTimeFormat' + Tags: + type: object + description: A key-value pair to associate with a resource. + x-patternProperties: + ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$: + type: string + minLength: 1 + maxLength: 256 + additionalProperties: false + WorkspaceId: + description: The ID of the scene. + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z_0-9][a-zA-Z_\-0-9]*[a-zA-Z0-9]+' + Capabilities: + description: A list of capabilities that the scene uses to render. + type: array + minItems: 0 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + type: string + minLength: 0 + maxLength: 256 + pattern: .* + SceneMetadata: + description: A key-value pair of scene metadata for the scene. + type: object + x-patternProperties: + '[a-zA-Z_\-0-9]+': + type: string + minLength: 0 + maxLength: 2048 + minLength: 0 + maxLength: 50 + additionalProperties: false + GeneratedSceneMetadata: + description: A key-value pair of generated scene metadata for the scene. + type: object + x-patternProperties: + '[a-zA-Z_\-0-9]+': + type: string + minLength: 0 + maxLength: 2048 + minLength: 0 + maxLength: 50 + additionalProperties: false + required: + - WorkspaceId + - SceneId + - ContentLocation + x-stackql-resource-name: scene + description: Resource schema for AWS::IoTTwinMaker::Scene + x-type-name: AWS::IoTTwinMaker::Scene + x-stackql-primary-identifier: + - WorkspaceId + - SceneId + x-create-only-properties: + - SceneId + - WorkspaceId + x-read-only-properties: + - Arn + - CreationDateTime + - UpdateDateTime + - GeneratedSceneMetadata + x-required-properties: + - WorkspaceId + - SceneId + - ContentLocation + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iottwinmaker:CreateScene + - iottwinmaker:GetScene + - iottwinmaker:GetWorkspace + - iottwinmaker:ListTagsForResource + - iottwinmaker:TagResource + read: + - iottwinmaker:GetWorkspace + - iottwinmaker:GetScene + - iottwinmaker:ListTagsForResource + update: + - iottwinmaker:GetScene + - iottwinmaker:GetWorkspace + - iottwinmaker:ListTagsForResource + - iottwinmaker:TagResource + - iottwinmaker:UntagResource + - iottwinmaker:UpdateScene + delete: + - iottwinmaker:DeleteScene + - iottwinmaker:GetScene + - iottwinmaker:GetWorkspace + list: + - iottwinmaker:GetWorkspace + - iottwinmaker:ListTagsForResource + - iottwinmaker:ListScenes + SyncJob: + type: object + properties: + WorkspaceId: + description: The ID of the workspace. + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z_0-9][a-zA-Z_\-0-9]*[a-zA-Z0-9]+' + SyncSource: + description: The source of the SyncJob. + type: string + minLength: 1 + maxLength: 128 + SyncRole: + description: The IAM Role that execute SyncJob. + type: string + minLength: 20 + maxLength: 2048 + pattern: arn:((aws)|(aws-cn)|(aws-us-gov)):iam::[0-9]{12}:role/.* + CreationDateTime: + description: The date and time when the sync job was created. + $ref: '#/components/schemas/DateTimeFormat' + UpdateDateTime: + description: The date and time when the sync job was updated. + $ref: '#/components/schemas/DateTimeFormat' + Arn: + description: The ARN of the SyncJob. + type: string + minLength: 20 + maxLength: 2048 + pattern: arn:((aws)|(aws-cn)|(aws-us-gov)):iottwinmaker:[a-z0-9-]+:[0-9]{12}:[\/a-zA-Z0-9_\-\.:]+ + State: + description: The state of SyncJob. + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z_\-0-9]+' + Tags: + type: object + description: A key-value pair to associate with a resource. + x-patternProperties: + ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$: + type: string + minLength: 1 + maxLength: 256 + additionalProperties: false + required: + - WorkspaceId + - SyncSource + - SyncRole + x-stackql-resource-name: sync_job + description: Resource schema for AWS::IoTTwinMaker::SyncJob + x-type-name: AWS::IoTTwinMaker::SyncJob + x-stackql-primary-identifier: + - WorkspaceId + - SyncSource + x-create-only-properties: + - WorkspaceId + - SyncSource + - SyncRole + - Tags + x-read-only-properties: + - Arn + - CreationDateTime + - UpdateDateTime + - State + x-required-properties: + - WorkspaceId + - SyncSource + - SyncRole + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:PassRole + - iottwinmaker:CreateSyncJob + - iottwinmaker:GetSyncJob + - iottwinmaker:GetWorkspace + - iottwinmaker:ListTagsForResource + - iottwinmaker:TagResource + read: + - iottwinmaker:GetSyncJob + - iottwinmaker:GetWorkspace + - iottwinmaker:ListTagsForResource + delete: + - iottwinmaker:DeleteSyncJob + - iottwinmaker:GetSyncJob + - iottwinmaker:GetWorkspace + list: + - iottwinmaker:GetWorkspace + - iottwinmaker:ListSyncJobs + - iottwinmaker:ListTagsForResource + Workspace: + type: object + properties: + WorkspaceId: + description: The ID of the workspace. + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z_0-9][a-zA-Z_\-0-9]*[a-zA-Z0-9]+' + Arn: + description: The ARN of the workspace. + type: string + minLength: 20 + maxLength: 2048 + pattern: arn:((aws)|(aws-cn)|(aws-us-gov)):iottwinmaker:[a-z0-9-]+:[0-9]{12}:[\/a-zA-Z0-9_\-\.:]+ + Description: + description: The description of the workspace. + type: string + minLength: 0 + maxLength: 512 + Role: + description: The ARN of the execution role associated with the workspace. + type: string + minLength: 20 + maxLength: 2048 + pattern: arn:((aws)|(aws-cn)|(aws-us-gov)):iam::[0-9]{12}:role/.* + S3Location: + description: The ARN of the S3 bucket where resources associated with the workspace are stored. + type: string + CreationDateTime: + description: The date and time when the workspace was created. + $ref: '#/components/schemas/DateTimeFormat' + UpdateDateTime: + description: The date and time of the current update. + $ref: '#/components/schemas/DateTimeFormat' + Tags: + type: object + description: A map of key-value pairs to associate with a resource. + x-patternProperties: + ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$: + type: string + minLength: 1 + maxLength: 256 + maxProperties: 50 + additionalProperties: false + required: + - WorkspaceId + - Role + - S3Location + x-stackql-resource-name: workspace + description: Resource schema for AWS::IoTTwinMaker::Workspace + x-type-name: AWS::IoTTwinMaker::Workspace + x-stackql-primary-identifier: + - WorkspaceId + x-create-only-properties: + - WorkspaceId + x-read-only-properties: + - Arn + - CreationDateTime + - UpdateDateTime + x-required-properties: + - WorkspaceId + - Role + - S3Location + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:PassRole + - iottwinmaker:CreateWorkspace + - iottwinmaker:GetWorkspace + - iottwinmaker:ListTagsForResource + - iottwinmaker:TagResource + read: + - iottwinmaker:GetWorkspace + - iottwinmaker:ListTagsForResource + update: + - iottwinmaker:GetWorkspace + - iottwinmaker:ListTagsForResource + - iottwinmaker:TagResource + - iottwinmaker:UntagResource + - iottwinmaker:UpdateWorkspace + delete: + - iottwinmaker:DeleteWorkspace + - iottwinmaker:GetWorkspace + list: + - iottwinmaker:GetWorkspace + - iottwinmaker:ListTagsForResource + - iottwinmaker:ListWorkspaces + x-stackQL-resources: + component_types: + name: component_types + id: aws.iottwinmaker.component_types + x-cfn-schema-name: ComponentType + x-type: list + x-identifiers: + - WorkspaceId + - ComponentTypeId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.WorkspaceId') as workspace_id, + JSON_EXTRACT(Properties, '$.ComponentTypeId') as component_type_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTTwinMaker::ComponentType' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'WorkspaceId') as workspace_id, + json_extract_path_text(Properties, 'ComponentTypeId') as component_type_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTTwinMaker::ComponentType' + AND region = 'us-east-1' + component_type: + name: component_type + id: aws.iottwinmaker.component_type + x-cfn-schema-name: ComponentType + x-type: get + x-identifiers: + - WorkspaceId + - ComponentTypeId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.WorkspaceId') as workspace_id, + JSON_EXTRACT(Properties, '$.ComponentTypeId') as component_type_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ExtendsFrom') as extends_from, + JSON_EXTRACT(Properties, '$.Functions') as functions, + JSON_EXTRACT(Properties, '$.IsSingleton') as is_singleton, + JSON_EXTRACT(Properties, '$.PropertyDefinitions') as property_definitions, + JSON_EXTRACT(Properties, '$.PropertyGroups') as property_groups, + JSON_EXTRACT(Properties, '$.CompositeComponentTypes') as composite_component_types, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationDateTime') as creation_date_time, + JSON_EXTRACT(Properties, '$.UpdateDateTime') as update_date_time, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.IsAbstract') as is_abstract, + JSON_EXTRACT(Properties, '$.IsSchemaInitialized') as is_schema_initialized, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTTwinMaker::ComponentType' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'WorkspaceId') as workspace_id, + json_extract_path_text(Properties, 'ComponentTypeId') as component_type_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ExtendsFrom') as extends_from, + json_extract_path_text(Properties, 'Functions') as functions, + json_extract_path_text(Properties, 'IsSingleton') as is_singleton, + json_extract_path_text(Properties, 'PropertyDefinitions') as property_definitions, + json_extract_path_text(Properties, 'PropertyGroups') as property_groups, + json_extract_path_text(Properties, 'CompositeComponentTypes') as composite_component_types, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationDateTime') as creation_date_time, + json_extract_path_text(Properties, 'UpdateDateTime') as update_date_time, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'IsAbstract') as is_abstract, + json_extract_path_text(Properties, 'IsSchemaInitialized') as is_schema_initialized, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTTwinMaker::ComponentType' + AND data__Identifier = '|' + AND region = 'us-east-1' + entities: + name: entities + id: aws.iottwinmaker.entities + x-cfn-schema-name: Entity + x-type: list + x-identifiers: + - WorkspaceId + - EntityId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.WorkspaceId') as workspace_id, + JSON_EXTRACT(Properties, '$.EntityId') as entity_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTTwinMaker::Entity' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'WorkspaceId') as workspace_id, + json_extract_path_text(Properties, 'EntityId') as entity_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTTwinMaker::Entity' + AND region = 'us-east-1' + entity: + name: entity + id: aws.iottwinmaker.entity + x-cfn-schema-name: Entity + x-type: get + x-identifiers: + - WorkspaceId + - EntityId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.EntityId') as entity_id, + JSON_EXTRACT(Properties, '$.EntityName') as entity_name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.HasChildEntities') as has_child_entities, + JSON_EXTRACT(Properties, '$.ParentEntityId') as parent_entity_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.CreationDateTime') as creation_date_time, + JSON_EXTRACT(Properties, '$.UpdateDateTime') as update_date_time, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.WorkspaceId') as workspace_id, + JSON_EXTRACT(Properties, '$.Components') as components, + JSON_EXTRACT(Properties, '$.CompositeComponents') as composite_components + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTTwinMaker::Entity' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'EntityId') as entity_id, + json_extract_path_text(Properties, 'EntityName') as entity_name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'HasChildEntities') as has_child_entities, + json_extract_path_text(Properties, 'ParentEntityId') as parent_entity_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'CreationDateTime') as creation_date_time, + json_extract_path_text(Properties, 'UpdateDateTime') as update_date_time, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'WorkspaceId') as workspace_id, + json_extract_path_text(Properties, 'Components') as components, + json_extract_path_text(Properties, 'CompositeComponents') as composite_components + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTTwinMaker::Entity' + AND data__Identifier = '|' + AND region = 'us-east-1' + scenes: + name: scenes + id: aws.iottwinmaker.scenes + x-cfn-schema-name: Scene + x-type: list + x-identifiers: + - WorkspaceId + - SceneId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.WorkspaceId') as workspace_id, + JSON_EXTRACT(Properties, '$.SceneId') as scene_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTTwinMaker::Scene' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'WorkspaceId') as workspace_id, + json_extract_path_text(Properties, 'SceneId') as scene_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTTwinMaker::Scene' + AND region = 'us-east-1' + scene: + name: scene + id: aws.iottwinmaker.scene + x-cfn-schema-name: Scene + x-type: get + x-identifiers: + - WorkspaceId + - SceneId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SceneId') as scene_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ContentLocation') as content_location, + JSON_EXTRACT(Properties, '$.CreationDateTime') as creation_date_time, + JSON_EXTRACT(Properties, '$.UpdateDateTime') as update_date_time, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.WorkspaceId') as workspace_id, + JSON_EXTRACT(Properties, '$.Capabilities') as capabilities, + JSON_EXTRACT(Properties, '$.SceneMetadata') as scene_metadata, + JSON_EXTRACT(Properties, '$.GeneratedSceneMetadata') as generated_scene_metadata + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTTwinMaker::Scene' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SceneId') as scene_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ContentLocation') as content_location, + json_extract_path_text(Properties, 'CreationDateTime') as creation_date_time, + json_extract_path_text(Properties, 'UpdateDateTime') as update_date_time, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'WorkspaceId') as workspace_id, + json_extract_path_text(Properties, 'Capabilities') as capabilities, + json_extract_path_text(Properties, 'SceneMetadata') as scene_metadata, + json_extract_path_text(Properties, 'GeneratedSceneMetadata') as generated_scene_metadata + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTTwinMaker::Scene' + AND data__Identifier = '|' + AND region = 'us-east-1' + sync_jobs: + name: sync_jobs + id: aws.iottwinmaker.sync_jobs + x-cfn-schema-name: SyncJob + x-type: list + x-identifiers: + - WorkspaceId + - SyncSource + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.WorkspaceId') as workspace_id, + JSON_EXTRACT(Properties, '$.SyncSource') as sync_source + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTTwinMaker::SyncJob' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'WorkspaceId') as workspace_id, + json_extract_path_text(Properties, 'SyncSource') as sync_source + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTTwinMaker::SyncJob' + AND region = 'us-east-1' + sync_job: + name: sync_job + id: aws.iottwinmaker.sync_job + x-cfn-schema-name: SyncJob + x-type: get + x-identifiers: + - WorkspaceId + - SyncSource + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.WorkspaceId') as workspace_id, + JSON_EXTRACT(Properties, '$.SyncSource') as sync_source, + JSON_EXTRACT(Properties, '$.SyncRole') as sync_role, + JSON_EXTRACT(Properties, '$.CreationDateTime') as creation_date_time, + JSON_EXTRACT(Properties, '$.UpdateDateTime') as update_date_time, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTTwinMaker::SyncJob' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'WorkspaceId') as workspace_id, + json_extract_path_text(Properties, 'SyncSource') as sync_source, + json_extract_path_text(Properties, 'SyncRole') as sync_role, + json_extract_path_text(Properties, 'CreationDateTime') as creation_date_time, + json_extract_path_text(Properties, 'UpdateDateTime') as update_date_time, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTTwinMaker::SyncJob' + AND data__Identifier = '|' + AND region = 'us-east-1' + workspaces: + name: workspaces + id: aws.iottwinmaker.workspaces + x-cfn-schema-name: Workspace + x-type: list + x-identifiers: + - WorkspaceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.WorkspaceId') as workspace_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTTwinMaker::Workspace' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'WorkspaceId') as workspace_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTTwinMaker::Workspace' + AND region = 'us-east-1' + workspace: + name: workspace + id: aws.iottwinmaker.workspace + x-cfn-schema-name: Workspace + x-type: get + x-identifiers: + - WorkspaceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.WorkspaceId') as workspace_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Role') as role, + JSON_EXTRACT(Properties, '$.S3Location') as s3_location, + JSON_EXTRACT(Properties, '$.CreationDateTime') as creation_date_time, + JSON_EXTRACT(Properties, '$.UpdateDateTime') as update_date_time, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTTwinMaker::Workspace' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'WorkspaceId') as workspace_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Role') as role, + json_extract_path_text(Properties, 'S3Location') as s3_location, + json_extract_path_text(Properties, 'CreationDateTime') as creation_date_time, + json_extract_path_text(Properties, 'UpdateDateTime') as update_date_time, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTTwinMaker::Workspace' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/iotwireless.yaml b/providers/src/aws/v00.00.00000/services/iotwireless.yaml new file mode 100644 index 00000000..97bcfb3d --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/iotwireless.yaml @@ -0,0 +1,2061 @@ +openapi: 3.0.0 +info: + title: IoTWireless + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 0 + maxLength: 256 + additionalProperties: false + Destination: + type: object + properties: + Name: + description: Unique name of destination + type: string + pattern: '[a-zA-Z0-9:_-]+' + maxLength: 128 + Expression: + description: Destination expression + type: string + ExpressionType: + description: Must be RuleName + type: string + enum: + - RuleName + - MqttTopic + - SnsTopic + Description: + description: Destination description + type: string + maxLength: 2048 + Tags: + description: A list of key-value pairs that contain metadata for the destination. + type: array + uniqueItems: true + maxItems: 200 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + RoleArn: + description: AWS role ARN that grants access + type: string + minLength: 20 + maxLength: 2048 + Arn: + description: Destination arn. Returned after successful create. + type: string + required: + - Name + - Expression + - ExpressionType + x-stackql-resource-name: destination + description: Destination's resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::IoTWireless::Destination + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - Name + - Expression + - ExpressionType + x-taggable: true + x-required-permissions: + create: + - iam:PassRole + - iotwireless:CreateDestination + - iotwireless:TagResource + - iotwireless:ListTagsForResource + read: + - iotwireless:GetDestination + - iotwireless:ListTagsForResource + update: + - iam:PassRole + - iotwireless:UpdateDestination + - iotwireless:UntagResource + - iotwireless:ListTagsForResource + delete: + - iotwireless:DeleteDestination + list: + - iotwireless:ListDestinations + - iotwireless:ListTagsForResource + LoRaWANDeviceProfile: + type: object + additionalProperties: false + properties: + SupportsClassB: + type: boolean + ClassBTimeout: + type: integer + minimum: 0 + maximum: 1000 + PingSlotPeriod: + type: integer + minimum: 128 + maximum: 4096 + PingSlotDr: + type: integer + minimum: 0 + maximum: 15 + PingSlotFreq: + type: integer + minimum: 1000000 + maximum: 16700000 + SupportsClassC: + type: boolean + ClassCTimeout: + type: integer + minimum: 0 + maximum: 1000 + MacVersion: + type: string + maxLength: 64 + RegParamsRevision: + type: string + maxLength: 64 + RxDelay1: + type: integer + minimum: 0 + maximum: 15 + RxDrOffset1: + type: integer + minimum: 0 + maximum: 7 + RxFreq2: + type: integer + minimum: 1000000 + maximum: 16700000 + RxDataRate2: + type: integer + minimum: 0 + maximum: 15 + FactoryPresetFreqsList: + type: array + maxItems: 20 + items: + $ref: '#/components/schemas/FactoryPresetFreq' + MaxEirp: + type: integer + minimum: 0 + maximum: 15 + MaxDutyCycle: + type: integer + minimum: 0 + maximum: 100 + SupportsJoin: + type: boolean + RfRegion: + type: string + maxLength: 64 + Supports32BitFCnt: + type: boolean + FactoryPresetFreq: + type: integer + minimum: 1000000 + maximum: 16700000 + DeviceProfile: + type: object + properties: + Name: + description: Name of service profile + type: string + maxLength: 256 + LoRaWAN: + description: LoRaWANDeviceProfile supports all LoRa specific attributes for service profile for CreateDeviceProfile operation + $ref: '#/components/schemas/LoRaWANDeviceProfile' + Tags: + description: A list of key-value pairs that contain metadata for the device profile. + type: array + uniqueItems: true + maxItems: 200 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Arn: + description: Service profile Arn. Returned after successful create. + type: string + Id: + description: Service profile Id. Returned after successful create. + type: string + maxLength: 256 + required: [] + x-stackql-resource-name: device_profile + description: Device Profile's resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::IoTWireless::DeviceProfile + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Arn + - Id + x-required-properties: [] + x-taggable: true + x-required-permissions: + create: + - iotwireless:CreateDeviceProfile + - iotwireless:TagResource + - iotwireless:ListTagsForResource + read: + - iotwireless:GetDeviceProfile + - iotwireless:ListTagsForResource + delete: + - iotwireless:DeleteDeviceProfile + list: + - iotwireless:ListDeviceProfiles + - iotwireless:ListTagsForResource + LoRaWAN: + type: object + properties: + RfRegion: + description: Multicast group LoRaWAN RF region + type: string + minLength: 1 + maxLength: 64 + DlClass: + description: Multicast group LoRaWAN DL Class + type: string + minLength: 1 + maxLength: 64 + NumberOfDevicesRequested: + description: Multicast group number of devices requested. Returned after successful read. + type: integer + NumberOfDevicesInGroup: + description: Multicast group number of devices in group. Returned after successful read. + type: integer + additionalProperties: false + required: + - RfRegion + - DlClass + FuotaTask: + type: object + properties: + Name: + description: Name of FUOTA task + type: string + maxLength: 256 + Description: + description: FUOTA task description + type: string + maxLength: 2048 + LoRaWAN: + description: FUOTA task LoRaWAN + $ref: '#/components/schemas/LoRaWAN' + FirmwareUpdateImage: + description: FUOTA task firmware update image binary S3 link + type: string + minLength: 1 + maxLength: 2048 + FirmwareUpdateRole: + description: FUOTA task firmware IAM role for reading S3 + type: string + minLength: 1 + maxLength: 256 + Arn: + description: FUOTA task arn. Returned after successful create. + type: string + Id: + description: FUOTA task id. Returned after successful create. + type: string + maxLength: 256 + Tags: + description: A list of key-value pairs that contain metadata for the FUOTA task. + type: array + uniqueItems: true + maxItems: 200 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + FuotaTaskStatus: + description: FUOTA task status. Returned after successful read. + type: string + AssociateWirelessDevice: + description: Wireless device to associate. Only for update request. + type: string + maxLength: 256 + DisassociateWirelessDevice: + description: Wireless device to disassociate. Only for update request. + type: string + maxLength: 256 + AssociateMulticastGroup: + description: Multicast group to associate. Only for update request. + type: string + maxLength: 256 + DisassociateMulticastGroup: + description: Multicast group to disassociate. Only for update request. + type: string + maxLength: 256 + required: + - LoRaWAN + - FirmwareUpdateImage + - FirmwareUpdateRole + x-stackql-resource-name: fuota_task + description: Create and manage FUOTA tasks. + x-type-name: AWS::IoTWireless::FuotaTask + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Arn + - Id + - FuotaTaskStatus + - LoRaWAN/StartTime + x-required-properties: + - LoRaWAN + - FirmwareUpdateImage + - FirmwareUpdateRole + x-taggable: true + x-required-permissions: + create: + - iotwireless:CreateFuotaTask + - iotwireless:TagResource + - iotwireless:ListTagsForResource + - iam:GetRole + - iam:PassRole + read: + - iotwireless:GetFuotaTask + - iotwireless:ListTagsForResource + update: + - iam:PassRole + - iotwireless:UpdateFuotaTask + - iotwireless:UntagResource + - iotwireless:ListTagsForResource + - iotwireless:AssociateMulticastGroupWithFuotaTask + - iotwireless:DisassociateMulticastGroupFromFuotaTask + - iotwireless:AssociateWirelessDeviceWithFuotaTask + - iotwireless:DisassociateWirelessDeviceFromFuotaTask + delete: + - iotwireless:DeleteFuotaTask + list: + - iotwireless:ListFuotaTasks + - iotwireless:ListTagsForResource + MulticastGroup: + type: object + properties: + Name: + description: Name of Multicast group + type: string + maxLength: 256 + Description: + description: Multicast group description + type: string + maxLength: 2048 + LoRaWAN: + description: Multicast group LoRaWAN + $ref: '#/components/schemas/LoRaWAN' + Arn: + description: Multicast group arn. Returned after successful create. + type: string + Id: + description: Multicast group id. Returned after successful create. + type: string + maxLength: 256 + Tags: + description: A list of key-value pairs that contain metadata for the Multicast group. + type: array + uniqueItems: true + maxItems: 200 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Status: + description: Multicast group status. Returned after successful read. + type: string + AssociateWirelessDevice: + description: Wireless device to associate. Only for update request. + type: string + maxLength: 256 + DisassociateWirelessDevice: + description: Wireless device to disassociate. Only for update request. + type: string + maxLength: 256 + required: + - LoRaWAN + x-stackql-resource-name: multicast_group + description: Create and manage Multicast groups. + x-type-name: AWS::IoTWireless::MulticastGroup + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Arn + - Id + - Status + - LoRaWAN/NumberOfDevicesRequested + - LoRaWAN/NumberOfDevicesInGroup + x-required-properties: + - LoRaWAN + x-taggable: true + x-required-permissions: + create: + - iotwireless:CreateMulticastGroup + - iotwireless:TagResource + - iotwireless:ListTagsForResource + read: + - iotwireless:GetMulticastGroup + - iotwireless:ListTagsForResource + update: + - iotwireless:UpdateMulticastGroup + - iotwireless:UntagResource + - iotwireless:ListTagsForResource + - iotwireless:AssociateWirelessDeviceWithMulticastGroup + - iotwireless:DisassociateWirelessDeviceFromMulticastGroup + delete: + - iotwireless:DeleteMulticastGroup + list: + - iotwireless:ListMulticastGroups + - iotwireless:ListTagsForResource + WirelessDeviceFrameInfo: + type: string + enum: + - ENABLED + - DISABLED + LogLevel: + type: string + enum: + - INFO + - ERROR + - DISABLED + NetworkAnalyzerConfiguration: + type: object + properties: + Name: + description: Name of the network analyzer configuration + type: string + pattern: ^[a-zA-Z0-9-_]+$ + maxLength: 1024 + Description: + description: The description of the new resource + type: string + maxLength: 2048 + TraceContent: + description: Trace content for your wireless gateway and wireless device resources + type: object + additionalProperties: false + properties: + WirelessDeviceFrameInfo: + $ref: '#/components/schemas/WirelessDeviceFrameInfo' + LogLevel: + $ref: '#/components/schemas/LogLevel' + WirelessDevices: + description: List of wireless gateway resources that have been added to the network analyzer configuration + type: array + x-insertionOrder: false + items: + type: string + maxItems: 250 + WirelessGateways: + description: List of wireless gateway resources that have been added to the network analyzer configuration + type: array + x-insertionOrder: false + items: + type: string + maxItems: 250 + Arn: + description: Arn for network analyzer configuration, Returned upon successful create. + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + required: + - Name + x-stackql-resource-name: network_analyzer_configuration + description: Create and manage NetworkAnalyzerConfiguration resource. + x-type-name: AWS::IoTWireless::NetworkAnalyzerConfiguration + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - Tags + x-read-only-properties: + - Arn + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - iotwireless:CreateNetworkAnalyzerConfiguration + - iotwireless:TagResource + - iotwireless:ListTagsForResource + read: + - iotwireless:GetNetworkAnalyzerConfiguration + - iotwireless:ListTagsForResource + update: + - iotwireless:UpdateNetworkAnalyzerConfiguration + - iotwireless:UntagResource + - iotwireless:ListTagsForResource + delete: + - iotwireless:DeleteNetworkAnalyzerConfiguration + list: + - iotwireless:ListNetworkAnalyzerConfigurations + - iotwireless:ListTagsForResource + SidewalkAccountInfo: + type: object + additionalProperties: false + properties: + AppServerPrivateKey: + type: string + pattern: '[a-fA-F0-9]{64}' + minLength: 1 + maxLength: 4096 + required: + - AppServerPrivateKey + SidewalkAccountInfoWithFingerprint: + type: object + additionalProperties: false + properties: + AmazonId: + type: string + maxLength: 2048 + Fingerprint: + type: string + pattern: '[a-fA-F0-9]{64}' + minLength: 64 + maxLength: 64 + Arn: + type: string + SidewalkUpdateAccount: + type: object + additionalProperties: false + properties: + AppServerPrivateKey: + type: string + pattern: '[a-fA-F0-9]{64}' + minLength: 1 + maxLength: 4096 + PartnerAccount: + type: object + properties: + Sidewalk: + description: The Sidewalk account credentials. + $ref: '#/components/schemas/SidewalkAccountInfo' + PartnerAccountId: + description: The partner account ID to disassociate from the AWS account + type: string + maxLength: 256 + PartnerType: + description: The partner type + type: string + enum: + - Sidewalk + SidewalkResponse: + description: The Sidewalk account credentials. + $ref: '#/components/schemas/SidewalkAccountInfoWithFingerprint' + AccountLinked: + description: Whether the partner account is linked to the AWS account. + type: boolean + SidewalkUpdate: + description: The Sidewalk account credentials. + $ref: '#/components/schemas/SidewalkUpdateAccount' + Fingerprint: + description: The fingerprint of the Sidewalk application server private key. + type: string + Arn: + description: PartnerAccount arn. Returned after successful create. + type: string + Tags: + description: A list of key-value pairs that contain metadata for the destination. + type: array + uniqueItems: true + maxItems: 200 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: partner_account + description: Create and manage partner account + x-type-name: AWS::IoTWireless::PartnerAccount + x-stackql-primary-identifier: + - PartnerAccountId + x-create-only-properties: + - PartnerAccountId + x-write-only-properties: + - SidewalkUpdate + - Sidewalk + x-read-only-properties: + - Arn + - Fingerprint + x-taggable: true + x-required-permissions: + create: + - iotwireless:AssociateAwsAccountWithPartnerAccount + - iotwireless:TagResource + - iotwireless:ListTagsForResource + read: + - iotwireless:GetPartnerAccount + - iotwireless:ListTagsForResource + list: + - iotwireless:ListPartnerAccounts + - iotwireless:ListTagsForResource + update: + - iotwireless:UpdatePartnerAccount + - iotwireless:UntagResource + - iotwireless:ListTagsForResource + delete: + - iotwireless:DisassociateAwsAccountFromPartnerAccount + LoRaWANServiceProfile: + type: object + additionalProperties: false + properties: + UlRate: + type: integer + UlBucketSize: + type: integer + UlRatePolicy: + type: string + DlRate: + type: integer + DlBucketSize: + type: integer + DlRatePolicy: + type: string + AddGwMetadata: + type: boolean + DevStatusReqFreq: + type: integer + ReportDevStatusBattery: + type: boolean + ReportDevStatusMargin: + type: boolean + DrMin: + type: integer + DrMax: + type: integer + ChannelMask: + type: string + PrAllowed: + type: boolean + HrAllowed: + type: boolean + RaAllowed: + type: boolean + NwkGeoLoc: + type: boolean + TargetPer: + type: integer + MinGwDiversity: + type: integer + ServiceProfile: + type: object + properties: + Name: + description: Name of service profile + type: string + maxLength: 256 + LoRaWAN: + description: LoRaWAN supports all LoRa specific attributes for service profile for CreateServiceProfile operation + $ref: '#/components/schemas/LoRaWANServiceProfile' + Tags: + description: A list of key-value pairs that contain metadata for the service profile. + type: array + uniqueItems: true + maxItems: 200 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Arn: + description: Service profile Arn. Returned after successful create. + type: string + Id: + description: Service profile Id. Returned after successful create. + type: string + maxLength: 256 + required: [] + x-stackql-resource-name: service_profile + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::IoTWireless::ServiceProfile + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - Arn + - LoRaWAN/UlRate + - LoRaWAN/UlBucketSize + - LoRaWAN/UlRatePolicy + - LoRaWAN/DlRate + - LoRaWAN/DlBucketSize + - LoRaWAN/DlRatePolicy + - LoRaWAN/DevStatusReqFreq + - LoRaWAN/ReportDevStatusBattery + - LoRaWAN/ReportDevStatusMargin + - LoRaWAN/DrMin + - LoRaWAN/DrMax + - LoRaWAN/ChannelMask + - LoRaWAN/HrAllowed + - LoRaWAN/NwkGeoLoc + - LoRaWAN/TargetPer + - LoRaWAN/MinGwDiversity + x-required-properties: [] + x-taggable: true + x-required-permissions: + create: + - iotwireless:CreateServiceProfile + - iotwireless:TagResource + - iotwireless:ListTagsForResource + read: + - iotwireless:GetServiceProfile + - iotwireless:ListTagsForResource + delete: + - iotwireless:DeleteServiceProfile + list: + - iotwireless:ListServiceProfiles + - iotwireless:ListTagsForResource + LoRaWANGatewayVersion: + type: object + additionalProperties: false + properties: + PackageVersion: + type: string + minLength: 1 + maxLength: 32 + Model: + type: string + minLength: 1 + maxLength: 4096 + Station: + type: string + minLength: 1 + maxLength: 4096 + LoRaWANUpdateGatewayTaskCreate: + type: object + additionalProperties: false + properties: + UpdateSignature: + type: string + minLength: 1 + maxLength: 4096 + SigKeyCrc: + type: integer + format: int64 + CurrentVersion: + $ref: '#/components/schemas/LoRaWANGatewayVersion' + UpdateVersion: + $ref: '#/components/schemas/LoRaWANGatewayVersion' + UpdateWirelessGatewayTaskCreate: + type: object + additionalProperties: false + properties: + UpdateDataSource: + type: string + minLength: 1 + maxLength: 4096 + UpdateDataRole: + type: string + minLength: 1 + maxLength: 2048 + LoRaWAN: + $ref: '#/components/schemas/LoRaWANUpdateGatewayTaskCreate' + LoRaWANUpdateGatewayTaskEntry: + type: object + additionalProperties: false + properties: + CurrentVersion: + $ref: '#/components/schemas/LoRaWANGatewayVersion' + UpdateVersion: + $ref: '#/components/schemas/LoRaWANGatewayVersion' + TaskDefinition: + type: object + properties: + Name: + description: The name of the new resource. + type: string + minLength: 1 + maxLength: 256 + AutoCreateTasks: + description: Whether to automatically create tasks using this task definition for all gateways with the specified current version. If false, the task must me created by calling CreateWirelessGatewayTask. + type: boolean + Update: + description: Information about the gateways to update. + $ref: '#/components/schemas/UpdateWirelessGatewayTaskCreate' + LoRaWANUpdateGatewayTaskEntry: + description: The list of task definitions. + $ref: '#/components/schemas/LoRaWANUpdateGatewayTaskEntry' + Id: + description: The ID of the new wireless gateway task definition + type: string + pattern: '[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}' + TaskDefinitionType: + description: A filter to list only the wireless gateway task definitions that use this task definition type + type: string + enum: + - UPDATE + Arn: + description: TaskDefinition arn. Returned after successful create. + type: string + Tags: + description: A list of key-value pairs that contain metadata for the destination. + type: array + uniqueItems: true + maxItems: 200 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - AutoCreateTasks + x-stackql-resource-name: task_definition + description: Creates a gateway task definition. + x-type-name: AWS::IoTWireless::TaskDefinition + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - Arn + x-required-properties: + - AutoCreateTasks + x-taggable: true + x-required-permissions: + create: + - iotwireless:CreateWirelessGatewayTaskDefinition + - iotwireless:TagResource + - iotwireless:ListTagsForResource + - iam:GetRole + - iam:PassRole + read: + - iotwireless:GetWirelessGatewayTaskDefinition + - iotwireless:ListTagsForResource + delete: + - iotwireless:DeleteWirelessGatewayTaskDefinition + list: + - iotwireless:ListWirelessGatewayTaskDefinitions + - iotwireless:ListTagsForResource + OtaaV10x: + type: object + additionalProperties: false + properties: + AppKey: + type: string + pattern: '[a-fA-F0-9]{32}' + AppEui: + type: string + pattern: '[a-fA-F0-9]{16}' + required: + - AppKey + - AppEui + OtaaV11: + type: object + additionalProperties: false + properties: + AppKey: + type: string + pattern: '[a-fA-F0-9]{32}' + NwkKey: + type: string + pattern: '[a-fA-F0-9]{32}' + JoinEui: + type: string + pattern: '[a-fA-F0-9]{16}' + required: + - AppKey + - NwkKey + - JoinEui + SessionKeysAbpV11: + type: object + additionalProperties: false + properties: + FNwkSIntKey: + type: string + pattern: '[a-fA-F0-9]{32}' + SNwkSIntKey: + type: string + pattern: '[a-fA-F0-9]{32}' + NwkSEncKey: + type: string + pattern: '[a-fA-F0-9]{32}' + AppSKey: + type: string + pattern: '[a-fA-F0-9]{32}' + required: + - FNwkSIntKey + - SNwkSIntKey + - NwkSEncKey + - AppSKey + AbpV11: + type: object + additionalProperties: false + properties: + DevAddr: + type: string + pattern: '[a-fA-F0-9]{8}' + SessionKeys: + $ref: '#/components/schemas/SessionKeysAbpV11' + required: + - DevAddr + - SessionKeys + SessionKeysAbpV10x: + type: object + additionalProperties: false + properties: + NwkSKey: + type: string + pattern: '[a-fA-F0-9]{32}' + AppSKey: + type: string + pattern: '[a-fA-F0-9]{32}' + required: + - NwkSKey + - AppSKey + AbpV10x: + type: object + additionalProperties: false + properties: + DevAddr: + type: string + pattern: '[a-fA-F0-9]{8}' + SessionKeys: + $ref: '#/components/schemas/SessionKeysAbpV10x' + required: + - DevAddr + - SessionKeys + FPorts: + type: object + additionalProperties: false + properties: + Applications: + description: A list of optional LoRaWAN application information, which can be used for geolocation. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Application' + LoRaWANDevice: + type: object + additionalProperties: false + properties: + DevEui: + type: string + pattern: '[a-f0-9]{16}' + DeviceProfileId: + type: string + maxLength: 256 + ServiceProfileId: + type: string + maxLength: 256 + OtaaV11: + $ref: '#/components/schemas/OtaaV11' + OtaaV10x: + $ref: '#/components/schemas/OtaaV10x' + AbpV11: + $ref: '#/components/schemas/AbpV11' + AbpV10x: + $ref: '#/components/schemas/AbpV10x' + FPorts: + $ref: '#/components/schemas/FPorts' + oneOf: + - required: + - OtaaV11 + - required: + - OtaaV10x + - required: + - AbpV11 + - required: + - AbpV10x + Application: + description: LoRaWAN application configuration, which can be used to perform geolocation. + type: object + properties: + DestinationName: + description: The name of the position data destination that describes the AWS IoT rule that processes the device's position data for use by AWS IoT Core for LoRaWAN. + type: string + pattern: '[a-zA-Z0-9-_]+' + maxLength: 128 + FPort: + description: The Fport value. + type: integer + minimum: 1 + maximum: 223 + Type: + description: Application type, which can be specified to obtain real-time position information of your LoRaWAN device. + type: string + enum: + - SemtechGeolocation + additionalProperties: false + WirelessDevice: + type: object + properties: + Type: + description: Wireless device type, currently only Sidewalk and LoRa + type: string + enum: + - Sidewalk + - LoRaWAN + Name: + description: Wireless device name + type: string + maxLength: 256 + Description: + description: Wireless device description + type: string + maxLength: 2048 + DestinationName: + description: Wireless device destination name + type: string + maxLength: 128 + LoRaWAN: + description: The combination of Package, Station and Model which represents the version of the LoRaWAN Wireless Device. + $ref: '#/components/schemas/LoRaWANDevice' + Tags: + description: A list of key-value pairs that contain metadata for the device. Currently not supported, will not create if tags are passed. + type: array + uniqueItems: true + maxItems: 200 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Arn: + description: Wireless device arn. Returned after successful create. + type: string + Id: + description: Wireless device Id. Returned after successful create. + type: string + maxLength: 256 + ThingArn: + description: Thing arn. Passed into update to associate Thing with Wireless device. + type: string + ThingName: + description: Thing Arn. If there is a Thing created, this can be returned with a Get call. + type: string + LastUplinkReceivedAt: + description: The date and time when the most recent uplink was received. + type: string + Positioning: + description: FPort values for the GNSS, stream, and ClockSync functions of the positioning information. + type: string + enum: + - Enabled + - Disabled + required: + - Type + - DestinationName + x-stackql-resource-name: wireless_device + description: Create and manage wireless gateways, including LoRa gateways. + x-type-name: AWS::IoTWireless::WirelessDevice + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - ThingName + - Id + - Arn + x-required-properties: + - Type + - DestinationName + x-taggable: true + x-required-permissions: + create: + - iotwireless:CreateWirelessDevice + - iotwireless:TagResource + - iotwireless:ListTagsForResource + read: + - iotwireless:GetWirelessDevice + - iotwireless:ListTagsForResource + update: + - iotwireless:UpdateWirelessDevice + - iotwireless:UntagResource + - iotwireless:ListTagsForResource + - iotwireless:AssociateWirelessDeviceWithThing + delete: + - iotwireless:DeleteWirelessDevice + - iotwireless:DisassociateWirelessDeviceFromThing + list: + - iotwireless:ListWirelessDevices + - iotwireless:ListTagsForResource + DeviceCreationFileList: + description: sidewalk create device's file path + type: array + items: + type: string + maxLength: 1024 + Role: + description: sidewalk role + type: string + maxLength: 2048 + WirelessDeviceImportTask: + type: object + properties: + Id: + description: Id for Wireless Device Import Task, Returned upon successful start. + type: string + maxLength: 256 + Arn: + description: Arn for Wireless Device Import Task, Returned upon successful start. + type: string + maxLength: 128 + DestinationName: + description: Destination Name for import task + type: string + pattern: '[a-zA-Z0-9-_]+' + maxLength: 128 + CreationDate: + description: CreationDate for import task + type: string + Sidewalk: + description: sidewalk contain file for created device and role + type: object + additionalProperties: false + properties: + SidewalkManufacturingSn: + type: string + maxLength: 64 + DeviceCreationFile: + type: string + maxLength: 1024 + DeviceCreationFileList: + $ref: '#/components/schemas/DeviceCreationFileList' + Role: + $ref: '#/components/schemas/Role' + oneOf: + - allOf: + - required: + - DeviceCreationFile + - required: + - Role + - required: + - SidewalkManufacturingSn + Status: + description: Status for import task + type: string + enum: + - INITIALIZING + - INITIALIZED + - PENDING + - COMPLETE + - FAILED + - DELETING + StatusReason: + description: StatusReason for import task + type: string + InitializedImportedDevicesCount: + description: Initialized Imported Devices Count + type: integer + PendingImportedDevicesCount: + description: Pending Imported Devices Count + type: integer + OnboardedImportedDevicesCount: + description: Onboarded Imported Devices Count + type: integer + FailedImportedDevicesCount: + description: Failed Imported Devices Count + type: integer + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - DestinationName + - Sidewalk + x-stackql-resource-name: wireless_device_import_task + description: Wireless Device Import Tasks + x-type-name: AWS::IoTWireless::WirelessDeviceImportTask + x-stackql-primary-identifier: + - Id + x-write-only-properties: + - Sidewalk/DeviceCreationFile + - Sidewalk/SidewalkManufacturingSn + x-read-only-properties: + - Id + - Arn + - CreationDate + - Status + - StatusReason + - InitializedImportedDevicesCount + - PendingImportedDevicesCount + - OnboardedImportedDevicesCount + - FailedImportedDevicesCount + - Sidewalk/DeviceCreationFileList + x-required-properties: + - DestinationName + - Sidewalk + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - iotwireless:StartWirelessDeviceImportTask + - iotwireless:StartSingleWirelessDeviceImportTask + - iotwireless:TagResource + - iotwireless:ListTagsForResource + - iam:PassRole + read: + - iotwireless:GetWirelessDeviceImportTask + - iotwireless:ListTagsForResource + update: + - iotwireless:UpdateWirelessDeviceImportTask + - iotwireless:UntagResource + - iotwireless:ListTagsForResource + - iam:PassRole + delete: + - iotwireless:DeleteWirelessDeviceImportTask + list: + - iotwireless:ListWirelessDeviceImportTasks + - iotwireless:ListTagsForResource + LoRaWANGateway: + type: object + additionalProperties: false + properties: + GatewayEui: + type: string + pattern: ^(([0-9A-Fa-f]{2}-){7}|([0-9A-Fa-f]{2}:){7}|([0-9A-Fa-f]{2}\s){7}|([0-9A-Fa-f]{2}){7})([0-9A-Fa-f]{2})$ + RfRegion: + type: string + maxLength: 64 + required: + - GatewayEui + - RfRegion + WirelessGateway: + type: object + properties: + Name: + description: Name of Wireless Gateway. + type: string + maxLength: 256 + Description: + description: Description of Wireless Gateway. + type: string + maxLength: 2048 + Tags: + description: A list of key-value pairs that contain metadata for the gateway. + type: array + uniqueItems: true + maxItems: 200 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + LoRaWAN: + description: The combination of Package, Station and Model which represents the version of the LoRaWAN Wireless Gateway. + $ref: '#/components/schemas/LoRaWANGateway' + Arn: + description: Arn for Wireless Gateway. Returned upon successful create. + type: string + Id: + description: Id for Wireless Gateway. Returned upon successful create. + type: string + maxLength: 256 + ThingArn: + description: Thing Arn. Passed into Update to associate a Thing with the Wireless Gateway. + type: string + ThingName: + description: Thing Name. If there is a Thing created, this can be returned with a Get call. + type: string + LastUplinkReceivedAt: + description: The date and time when the most recent uplink was received. + type: string + required: + - LoRaWAN + x-stackql-resource-name: wireless_gateway + description: Create and manage wireless gateways, including LoRa gateways. + x-type-name: AWS::IoTWireless::WirelessGateway + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - Arn + x-required-properties: + - LoRaWAN + x-taggable: true + x-required-permissions: + create: + - iotwireless:CreateWirelessGateway + - iotwireless:TagResource + - iotwireless:ListTagsForResource + read: + - iotwireless:GetWirelessGateway + - iotwireless:ListTagsForResource + update: + - iotwireless:UpdateWirelessGateway + - iotwireless:UntagResource + - iotwireless:ListTagsForResource + - iotwireless:AssociateWirelessGatewayWithThing + delete: + - iotwireless:DeleteWirelessGateway + - iotwireless:DisassociateWirelessGatewayFromThing + list: + - iotwireless:ListWirelessGateways + - iotwireless:ListTagsForResource + x-stackQL-resources: + destinations: + name: destinations + id: aws.iotwireless.destinations + x-cfn-schema-name: Destination + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::Destination' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::Destination' + AND region = 'us-east-1' + destination: + name: destination + id: aws.iotwireless.destination + x-cfn-schema-name: Destination + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Expression') as expression, + JSON_EXTRACT(Properties, '$.ExpressionType') as expression_type, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::Destination' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Expression') as expression, + json_extract_path_text(Properties, 'ExpressionType') as expression_type, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::Destination' + AND data__Identifier = '' + AND region = 'us-east-1' + device_profiles: + name: device_profiles + id: aws.iotwireless.device_profiles + x-cfn-schema-name: DeviceProfile + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::DeviceProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::DeviceProfile' + AND region = 'us-east-1' + device_profile: + name: device_profile + id: aws.iotwireless.device_profile + x-cfn-schema-name: DeviceProfile + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.LoRaWAN') as lo_ra_wan, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::DeviceProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'LoRaWAN') as lo_ra_wan, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::DeviceProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + fuota_tasks: + name: fuota_tasks + id: aws.iotwireless.fuota_tasks + x-cfn-schema-name: FuotaTask + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::FuotaTask' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::FuotaTask' + AND region = 'us-east-1' + fuota_task: + name: fuota_task + id: aws.iotwireless.fuota_task + x-cfn-schema-name: FuotaTask + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.LoRaWAN') as lo_ra_wan, + JSON_EXTRACT(Properties, '$.FirmwareUpdateImage') as firmware_update_image, + JSON_EXTRACT(Properties, '$.FirmwareUpdateRole') as firmware_update_role, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.FuotaTaskStatus') as fuota_task_status, + JSON_EXTRACT(Properties, '$.AssociateWirelessDevice') as associate_wireless_device, + JSON_EXTRACT(Properties, '$.DisassociateWirelessDevice') as disassociate_wireless_device, + JSON_EXTRACT(Properties, '$.AssociateMulticastGroup') as associate_multicast_group, + JSON_EXTRACT(Properties, '$.DisassociateMulticastGroup') as disassociate_multicast_group + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::FuotaTask' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'LoRaWAN') as lo_ra_wan, + json_extract_path_text(Properties, 'FirmwareUpdateImage') as firmware_update_image, + json_extract_path_text(Properties, 'FirmwareUpdateRole') as firmware_update_role, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'FuotaTaskStatus') as fuota_task_status, + json_extract_path_text(Properties, 'AssociateWirelessDevice') as associate_wireless_device, + json_extract_path_text(Properties, 'DisassociateWirelessDevice') as disassociate_wireless_device, + json_extract_path_text(Properties, 'AssociateMulticastGroup') as associate_multicast_group, + json_extract_path_text(Properties, 'DisassociateMulticastGroup') as disassociate_multicast_group + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::FuotaTask' + AND data__Identifier = '' + AND region = 'us-east-1' + multicast_groups: + name: multicast_groups + id: aws.iotwireless.multicast_groups + x-cfn-schema-name: MulticastGroup + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::MulticastGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::MulticastGroup' + AND region = 'us-east-1' + multicast_group: + name: multicast_group + id: aws.iotwireless.multicast_group + x-cfn-schema-name: MulticastGroup + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.LoRaWAN') as lo_ra_wan, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.AssociateWirelessDevice') as associate_wireless_device, + JSON_EXTRACT(Properties, '$.DisassociateWirelessDevice') as disassociate_wireless_device + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::MulticastGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'LoRaWAN') as lo_ra_wan, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'AssociateWirelessDevice') as associate_wireless_device, + json_extract_path_text(Properties, 'DisassociateWirelessDevice') as disassociate_wireless_device + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::MulticastGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + network_analyzer_configurations: + name: network_analyzer_configurations + id: aws.iotwireless.network_analyzer_configurations + x-cfn-schema-name: NetworkAnalyzerConfiguration + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::NetworkAnalyzerConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::NetworkAnalyzerConfiguration' + AND region = 'us-east-1' + network_analyzer_configuration: + name: network_analyzer_configuration + id: aws.iotwireless.network_analyzer_configuration + x-cfn-schema-name: NetworkAnalyzerConfiguration + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.TraceContent') as trace_content, + JSON_EXTRACT(Properties, '$.WirelessDevices') as wireless_devices, + JSON_EXTRACT(Properties, '$.WirelessGateways') as wireless_gateways, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::NetworkAnalyzerConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'TraceContent') as trace_content, + json_extract_path_text(Properties, 'WirelessDevices') as wireless_devices, + json_extract_path_text(Properties, 'WirelessGateways') as wireless_gateways, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::NetworkAnalyzerConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + partner_accounts: + name: partner_accounts + id: aws.iotwireless.partner_accounts + x-cfn-schema-name: PartnerAccount + x-type: list + x-identifiers: + - PartnerAccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PartnerAccountId') as partner_account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::PartnerAccount' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PartnerAccountId') as partner_account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::PartnerAccount' + AND region = 'us-east-1' + partner_account: + name: partner_account + id: aws.iotwireless.partner_account + x-cfn-schema-name: PartnerAccount + x-type: get + x-identifiers: + - PartnerAccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Sidewalk') as sidewalk, + JSON_EXTRACT(Properties, '$.PartnerAccountId') as partner_account_id, + JSON_EXTRACT(Properties, '$.PartnerType') as partner_type, + JSON_EXTRACT(Properties, '$.SidewalkResponse') as sidewalk_response, + JSON_EXTRACT(Properties, '$.AccountLinked') as account_linked, + JSON_EXTRACT(Properties, '$.SidewalkUpdate') as sidewalk_update, + JSON_EXTRACT(Properties, '$.Fingerprint') as fingerprint, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::PartnerAccount' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Sidewalk') as sidewalk, + json_extract_path_text(Properties, 'PartnerAccountId') as partner_account_id, + json_extract_path_text(Properties, 'PartnerType') as partner_type, + json_extract_path_text(Properties, 'SidewalkResponse') as sidewalk_response, + json_extract_path_text(Properties, 'AccountLinked') as account_linked, + json_extract_path_text(Properties, 'SidewalkUpdate') as sidewalk_update, + json_extract_path_text(Properties, 'Fingerprint') as fingerprint, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::PartnerAccount' + AND data__Identifier = '' + AND region = 'us-east-1' + service_profiles: + name: service_profiles + id: aws.iotwireless.service_profiles + x-cfn-schema-name: ServiceProfile + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::ServiceProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::ServiceProfile' + AND region = 'us-east-1' + service_profile: + name: service_profile + id: aws.iotwireless.service_profile + x-cfn-schema-name: ServiceProfile + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.LoRaWAN') as lo_ra_wan, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::ServiceProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'LoRaWAN') as lo_ra_wan, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::ServiceProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + task_definitions: + name: task_definitions + id: aws.iotwireless.task_definitions + x-cfn-schema-name: TaskDefinition + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::TaskDefinition' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::TaskDefinition' + AND region = 'us-east-1' + task_definition: + name: task_definition + id: aws.iotwireless.task_definition + x-cfn-schema-name: TaskDefinition + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.AutoCreateTasks') as auto_create_tasks, + JSON_EXTRACT(Properties, '$.Update') as _update, + JSON_EXTRACT(Properties, '$.LoRaWANUpdateGatewayTaskEntry') as lo_ra_wan_update_gateway_task_entry, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.TaskDefinitionType') as task_definition_type, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::TaskDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'AutoCreateTasks') as auto_create_tasks, + json_extract_path_text(Properties, 'Update') as _update, + json_extract_path_text(Properties, 'LoRaWANUpdateGatewayTaskEntry') as lo_ra_wan_update_gateway_task_entry, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'TaskDefinitionType') as task_definition_type, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::TaskDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + wireless_devices: + name: wireless_devices + id: aws.iotwireless.wireless_devices + x-cfn-schema-name: WirelessDevice + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::WirelessDevice' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::WirelessDevice' + AND region = 'us-east-1' + wireless_device: + name: wireless_device + id: aws.iotwireless.wireless_device + x-cfn-schema-name: WirelessDevice + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DestinationName') as destination_name, + JSON_EXTRACT(Properties, '$.LoRaWAN') as lo_ra_wan, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ThingArn') as thing_arn, + JSON_EXTRACT(Properties, '$.ThingName') as thing_name, + JSON_EXTRACT(Properties, '$.LastUplinkReceivedAt') as last_uplink_received_at, + JSON_EXTRACT(Properties, '$.Positioning') as positioning + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::WirelessDevice' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DestinationName') as destination_name, + json_extract_path_text(Properties, 'LoRaWAN') as lo_ra_wan, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ThingArn') as thing_arn, + json_extract_path_text(Properties, 'ThingName') as thing_name, + json_extract_path_text(Properties, 'LastUplinkReceivedAt') as last_uplink_received_at, + json_extract_path_text(Properties, 'Positioning') as positioning + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::WirelessDevice' + AND data__Identifier = '' + AND region = 'us-east-1' + wireless_device_import_tasks: + name: wireless_device_import_tasks + id: aws.iotwireless.wireless_device_import_tasks + x-cfn-schema-name: WirelessDeviceImportTask + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::WirelessDeviceImportTask' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::WirelessDeviceImportTask' + AND region = 'us-east-1' + wireless_device_import_task: + name: wireless_device_import_task + id: aws.iotwireless.wireless_device_import_task + x-cfn-schema-name: WirelessDeviceImportTask + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DestinationName') as destination_name, + JSON_EXTRACT(Properties, '$.CreationDate') as creation_date, + JSON_EXTRACT(Properties, '$.Sidewalk') as sidewalk, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusReason') as status_reason, + JSON_EXTRACT(Properties, '$.InitializedImportedDevicesCount') as initialized_imported_devices_count, + JSON_EXTRACT(Properties, '$.PendingImportedDevicesCount') as pending_imported_devices_count, + JSON_EXTRACT(Properties, '$.OnboardedImportedDevicesCount') as onboarded_imported_devices_count, + JSON_EXTRACT(Properties, '$.FailedImportedDevicesCount') as failed_imported_devices_count, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::WirelessDeviceImportTask' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DestinationName') as destination_name, + json_extract_path_text(Properties, 'CreationDate') as creation_date, + json_extract_path_text(Properties, 'Sidewalk') as sidewalk, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusReason') as status_reason, + json_extract_path_text(Properties, 'InitializedImportedDevicesCount') as initialized_imported_devices_count, + json_extract_path_text(Properties, 'PendingImportedDevicesCount') as pending_imported_devices_count, + json_extract_path_text(Properties, 'OnboardedImportedDevicesCount') as onboarded_imported_devices_count, + json_extract_path_text(Properties, 'FailedImportedDevicesCount') as failed_imported_devices_count, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::WirelessDeviceImportTask' + AND data__Identifier = '' + AND region = 'us-east-1' + wireless_gateways: + name: wireless_gateways + id: aws.iotwireless.wireless_gateways + x-cfn-schema-name: WirelessGateway + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::WirelessGateway' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTWireless::WirelessGateway' + AND region = 'us-east-1' + wireless_gateway: + name: wireless_gateway + id: aws.iotwireless.wireless_gateway + x-cfn-schema-name: WirelessGateway + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LoRaWAN') as lo_ra_wan, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ThingArn') as thing_arn, + JSON_EXTRACT(Properties, '$.ThingName') as thing_name, + JSON_EXTRACT(Properties, '$.LastUplinkReceivedAt') as last_uplink_received_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::WirelessGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LoRaWAN') as lo_ra_wan, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ThingArn') as thing_arn, + json_extract_path_text(Properties, 'ThingName') as thing_name, + json_extract_path_text(Properties, 'LastUplinkReceivedAt') as last_uplink_received_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTWireless::WirelessGateway' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/ivs.yaml b/providers/src/aws/v00.00.00000/services/ivs.yaml new file mode 100644 index 00000000..ade817de --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/ivs.yaml @@ -0,0 +1,1278 @@ +openapi: 3.0.0 +info: + title: IVS + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 1 + maxLength: 256 + required: + - Value + - Key + Channel: + type: object + properties: + Arn: + description: Channel ARN is automatically generated on creation and assigned as the unique identifier. + type: string + pattern: ^arn:aws:ivs:[a-z0-9-]+:[0-9]+:channel/[a-zA-Z0-9-]+$ + minLength: 1 + maxLength: 128 + Name: + description: Channel + type: string + minLength: 0 + maxLength: 128 + pattern: ^[a-zA-Z0-9-_]*$ + default: '-' + Authorized: + description: Whether the channel is authorized. + type: boolean + default: false + InsecureIngest: + description: Whether the channel allows insecure ingest. + type: boolean + default: false + LatencyMode: + description: Channel latency mode. + type: string + enum: + - NORMAL + - LOW + default: LOW + Type: + description: Channel type, which determines the allowable resolution and bitrate. If you exceed the allowable resolution or bitrate, the stream probably will disconnect immediately. + type: string + enum: + - STANDARD + - BASIC + - ADVANCED_SD + - ADVANCED_HD + default: STANDARD + Tags: + description: A list of key-value pairs that contain metadata for the asset model. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + PlaybackUrl: + description: Channel Playback URL. + type: string + IngestEndpoint: + description: Channel ingest endpoint, part of the definition of an ingest server, used when you set up streaming software. + type: string + RecordingConfigurationArn: + description: 'Recording Configuration ARN. A value other than an empty string indicates that recording is enabled. Default: "" (recording is disabled).' + type: string + default: '' + pattern: ^$|arn:aws:ivs:[a-z0-9-]+:[0-9]+:recording-configuration/[a-zA-Z0-9-]+$ + minLength: 0 + maxLength: 128 + Preset: + description: Optional transcode preset for the channel. This is selectable only for ADVANCED_HD and ADVANCED_SD channel types. For those channel types, the default preset is HIGHER_BANDWIDTH_DELIVERY. For other channel types (BASIC and STANDARD), preset is the empty string (""). + type: string + enum: + - HIGHER_BANDWIDTH_DELIVERY + - CONSTRAINED_BANDWIDTH_DELIVERY + required: [] + x-stackql-resource-name: channel + description: Resource Type definition for AWS::IVS::Channel + x-type-name: AWS::IVS::Channel + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + - PlaybackUrl + - IngestEndpoint + x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ivs:CreateChannel + - ivs:TagResource + read: + - ivs:GetChannel + - ivs:ListTagsForResource + update: + - ivs:GetChannel + - ivs:UpdateChannel + - ivs:TagResource + - ivs:UnTagResource + - ivs:ListTagsForResource + delete: + - ivs:DeleteChannel + - ivs:UnTagResource + list: + - ivs:ListChannels + - ivs:ListTagsForResource + EncoderConfiguration: + type: object + properties: + Arn: + description: Encoder configuration identifier. + type: string + pattern: ^arn:aws:ivs:[a-z0-9-]+:[0-9]+:encoder-configuration/[a-zA-Z0-9-]+$ + minLength: 1 + maxLength: 128 + Video: + description: 'Video configuration. Default: video resolution 1280x720, bitrate 2500 kbps, 30 fps' + type: object + additionalProperties: false + properties: + Bitrate: + description: 'Bitrate for generated output, in bps. Default: 2500000.' + type: integer + minimum: 1 + maximum: 8500000 + default: 2500000 + Framerate: + description: 'Video frame rate, in fps. Default: 30.' + type: number + minimum: 1 + maximum: 60 + default: 30 + Height: + description: 'Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.' + type: integer + minimum: 1 + maximum: 1920 + default: 720 + Width: + description: 'Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.' + type: integer + minimum: 1 + maximum: 1920 + default: 1280 + Name: + description: Encoder configuration name. + type: string + maxLength: 128 + minLength: 0 + pattern: ^[a-zA-Z0-9-_]*$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + required: [] + x-stackql-resource-name: encoder_configuration + description: Resource Type definition for AWS::IVS::EncoderConfiguration. + x-type-name: AWS::IVS::EncoderConfiguration + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - Video + - Video/Bitrate + - Video/Framerate + - Video/Height + - Video/Width + x-read-only-properties: + - Arn + x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ivs:CreateEncoderConfiguration + - ivs:TagResource + read: + - ivs:GetEncoderConfiguration + - ivs:ListTagsForResource + update: + - ivs:GetEncoderConfiguration + - ivs:ListTagsForResource + - ivs:UntagResource + - ivs:TagResource + delete: + - ivs:DeleteEncoderConfiguration + - ivs:UntagResource + list: + - ivs:ListEncoderConfigurations + - ivs:ListTagsForResource + PlaybackKeyPair: + type: object + properties: + Name: + description: An arbitrary string (a nickname) assigned to a playback key pair that helps the customer identify that resource. The value does not need to be unique. + type: string + pattern: ^[a-zA-Z0-9-_]*$ + minLength: 0 + maxLength: 128 + PublicKeyMaterial: + description: The public portion of a customer-generated key pair. + type: string + Fingerprint: + description: Key-pair identifier. + type: string + Arn: + description: Key-pair identifier. + type: string + pattern: ^arn:aws:ivs:[a-z0-9-]+:[0-9]+:playback-key/[a-zA-Z0-9-]+$ + minLength: 1 + maxLength: 128 + Tags: + description: A list of key-value pairs that contain metadata for the asset model. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: playback_key_pair + description: Resource Type definition for AWS::IVS::PlaybackKeyPair + x-type-name: AWS::IVS::PlaybackKeyPair + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - PublicKeyMaterial + - Name + x-write-only-properties: + - PublicKeyMaterial + x-read-only-properties: + - Arn + - Fingerprint + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ivs:ImportPlaybackKeyPair + - ivs:TagResource + read: + - ivs:GetPlaybackKeyPair + update: + - ivs:GetPlaybackKeyPair + - ivs:ListTagsForResource + - ivs:UntagResource + - ivs:TagResource + delete: + - ivs:DeletePlaybackKeyPair + - ivs:UntagResource + list: + - ivs:ListPlaybackKeyPairs + - ivs:ListTagsForResource + PlaybackRestrictionPolicy: + type: object + properties: + Arn: + description: Playback-restriction-policy identifier. + type: string + pattern: ^arn:aws:ivs:[a-z0-9-]+:[0-9]+:playback-restriction-policy/[a-zA-Z0-9-]+$ + minLength: 1 + maxLength: 128 + AllowedCountries: + description: 'A list of country codes that control geoblocking restriction. Allowed values are the officially assigned ISO 3166-1 alpha-2 codes. Default: All countries (an empty array).' + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + default: [] + AllowedOrigins: + description: A list of origin sites that control CORS restriction. Allowed values are the same as valid values of the Origin header defined at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin + type: array + x-insertionOrder: false + items: + type: string + default: [] + EnableStrictOriginEnforcement: + description: Whether channel playback is constrained by origin site. + default: false + type: boolean + Name: + description: Playback-restriction-policy name. + type: string + maxLength: 128 + minLength: 0 + pattern: ^[a-zA-Z0-9-_]*$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + required: + - AllowedCountries + - AllowedOrigins + x-stackql-resource-name: playback_restriction_policy + description: Resource Type definition for AWS::IVS::PlaybackRestrictionPolicy. + x-type-name: AWS::IVS::PlaybackRestrictionPolicy + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + x-required-properties: + - AllowedCountries + - AllowedOrigins + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ivs:CreatePlaybackRestrictionPolicy + - ivs:TagResource + read: + - ivs:GetPlaybackRestrictionPolicy + - ivs:ListTagsForResource + update: + - ivs:GetPlaybackRestrictionPolicy + - ivs:UpdatePlaybackRestrictionPolicy + - ivs:ListTagsForResource + - ivs:UntagResource + - ivs:TagResource + delete: + - ivs:DeletePlaybackRestrictionPolicy + - ivs:UntagResource + list: + - ivs:ListPlaybackRestrictionPolicies + - ivs:ListTagsForResource + DestinationConfiguration: + description: Recording Destination Configuration. + type: object + additionalProperties: false + properties: + S3: + $ref: '#/components/schemas/S3DestinationConfiguration' + required: [] + S3DestinationConfiguration: + description: Recording S3 Destination Configuration. + type: object + additionalProperties: false + properties: + BucketName: + type: string + minLength: 3 + maxLength: 63 + pattern: ^[a-z0-9-.]+$ + required: + - BucketName + ThumbnailConfiguration: + description: Recording Thumbnail Configuration. + type: object + additionalProperties: false + properties: + RecordingMode: + description: Thumbnail Recording Mode, which determines whether thumbnails are recorded at an interval or are disabled. + type: string + enum: + - INTERVAL + - DISABLED + default: INTERVAL + TargetIntervalSeconds: + description: Target Interval Seconds defines the interval at which thumbnails are recorded. This field is required if RecordingMode is INTERVAL. + type: integer + minimum: 1 + maximum: 60 + default: 60 + Resolution: + description: Resolution indicates the desired resolution of recorded thumbnails. + type: string + enum: + - FULL_HD + - HD + - SD + - LOWEST_RESOLUTION + Storage: + description: Storage indicates the format in which thumbnails are recorded. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 2 + items: + type: string + enum: + - SEQUENTIAL + - LATEST + required: [] + RenditionConfiguration: + description: Rendition Configuration describes which renditions should be recorded for a stream. + type: object + additionalProperties: false + properties: + RenditionSelection: + description: Resolution Selection indicates which set of renditions are recorded for a stream. + type: string + enum: + - ALL + - NONE + - CUSTOM + default: ALL + Renditions: + description: Renditions indicates which renditions are recorded for a stream. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 4 + items: + type: string + enum: + - FULL_HD + - HD + - SD + - LOWEST_RESOLUTION + required: [] + RecordingConfiguration: + type: object + properties: + Arn: + description: Recording Configuration ARN is automatically generated on creation and assigned as the unique identifier. + type: string + pattern: ^arn:aws[-a-z]*:ivs:[a-z0-9-]+:[0-9]+:recording-configuration/[a-zA-Z0-9-]+$ + minLength: 0 + maxLength: 128 + Name: + description: Recording Configuration Name. + type: string + minLength: 0 + maxLength: 128 + pattern: ^[a-zA-Z0-9-_]*$ + State: + description: Recording Configuration State. + type: string + enum: + - CREATING + - CREATE_FAILED + - ACTIVE + RecordingReconnectWindowSeconds: + description: Recording Reconnect Window Seconds. (0 means disabled) + type: integer + default: 0 + minimum: 0 + maximum: 300 + DestinationConfiguration: + $ref: '#/components/schemas/DestinationConfiguration' + Tags: + description: A list of key-value pairs that contain metadata for the asset model. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + ThumbnailConfiguration: + $ref: '#/components/schemas/ThumbnailConfiguration' + RenditionConfiguration: + $ref: '#/components/schemas/RenditionConfiguration' + required: + - DestinationConfiguration + x-stackql-resource-name: recording_configuration + description: Resource Type definition for AWS::IVS::RecordingConfiguration + x-type-name: AWS::IVS::RecordingConfiguration + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - DestinationConfiguration + - DestinationConfiguration/S3 + - DestinationConfiguration/S3/BucketName + - RecordingReconnectWindowSeconds + - ThumbnailConfiguration + - ThumbnailConfiguration/RecordingMode + - ThumbnailConfiguration/TargetIntervalSeconds + - ThumbnailConfiguration/Storage + - ThumbnailConfiguration/Resolution + - RenditionConfiguration + - RenditionConfiguration/RenditionSelection + - RenditionConfiguration/Renditions + x-read-only-properties: + - Arn + - State + x-required-properties: + - DestinationConfiguration + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ivs:CreateRecordingConfiguration + - ivs:GetRecordingConfiguration + - ivs:TagResource + - iam:CreateServiceLinkedRole + - iam:PutRolePolicy + - iam:AttachRolePolicy + - s3:ListBucket + - s3:GetBucketLocation + - cloudformation:ListExports + read: + - ivs:GetRecordingConfiguration + - s3:GetBucketLocation + - ivs:ListTagsForResource + update: + - ivs:GetRecordingConfiguration + - sts:AssumeRole + - iam:CreateServiceLinkedRole + - iam:PutRolePolicy + - iam:AttachRolePolicy + - s3:ListBucket + - ivs:TagResource + - ivs:UntagResource + - ivs:ListTagsForResource + delete: + - ivs:DeleteRecordingConfiguration + - ivs:UntagResource + - iam:CreateServiceLinkedRole + list: + - ivs:ListRecordingConfigurations + - s3:GetBucketLocation + - ivs:ListTagsForResource + Stage: + type: object + properties: + Arn: + description: Stage ARN is automatically generated on creation and assigned as the unique identifier. + type: string + pattern: ^arn:aws[-a-z]*:ivs:[a-z0-9-]+:[0-9]+:stage/[a-zA-Z0-9-]+$ + minLength: 0 + maxLength: 128 + Name: + description: Stage name + type: string + minLength: 0 + maxLength: 128 + pattern: ^[a-zA-Z0-9-_]*$ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + ActiveSessionId: + description: ID of the active session within the stage. + type: string + default: '' + minLength: 0 + maxLength: 128 + x-stackql-resource-name: stage + description: Resource Definition for type AWS::IVS::Stage. + x-type-name: AWS::IVS::Stage + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + - ActiveSessionId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ivs:CreateStage + - ivs:GetStage + - ivs:TagResource + - ivs:ListTagsForResource + read: + - ivs:GetStage + - ivs:ListTagsForResource + update: + - ivs:GetStage + - ivs:UpdateStage + - ivs:TagResource + - ivs:UnTagResource + - ivs:ListTagsForResource + delete: + - ivs:DeleteStage + - ivs:UnTagResource + list: + - ivs:ListStages + - ivs:ListTagsForResource + S3StorageConfiguration: + description: A complex type that describes an S3 location where recorded videos will be stored. + type: object + additionalProperties: false + properties: + BucketName: + description: Location (S3 bucket name) where recorded videos will be stored. Note that the StorageConfiguration and S3 bucket must be in the same region as the Composition. + type: string + minLength: 3 + maxLength: 63 + pattern: ^[a-z0-9-.]+$ + required: + - BucketName + StorageConfiguration: + type: object + properties: + Arn: + description: Storage Configuration ARN is automatically generated on creation and assigned as the unique identifier. + type: string + pattern: ^arn:aws[-a-z]*:ivs:[a-z0-9-]+:[0-9]+:storage-configuration/[a-zA-Z0-9-]+$ + minLength: 0 + maxLength: 128 + Name: + description: Storage Configuration Name. + type: string + minLength: 0 + maxLength: 128 + pattern: ^[a-zA-Z0-9-_]*$ + S3: + $ref: '#/components/schemas/S3StorageConfiguration' + Tags: + description: A list of key-value pairs that contain metadata for the asset model. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + required: + - S3 + x-stackql-resource-name: storage_configuration + description: Resource Type definition for AWS::IVS::StorageConfiguration + x-type-name: AWS::IVS::StorageConfiguration + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - S3 + - S3/BucketName + x-read-only-properties: + - Arn + x-required-properties: + - S3 + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ivs:CreateStorageConfiguration + - ivs:GetStorageConfiguration + - ivs:TagResource + - s3:GetBucketLocation + - s3:GetBucketPolicy + - s3:PutBucketPolicy + read: + - ivs:GetStorageConfiguration + - ivs:ListTagsForResource + - s3:GetBucketLocation + update: + - ivs:GetStorageConfiguration + - ivs:TagResource + - ivs:UntagResource + - ivs:ListTagsForResource + delete: + - ivs:DeleteStorageConfiguration + - ivs:UntagResource + - s3:GetBucketPolicy + - s3:DeleteBucketPolicy + - s3:PutBucketPolicy + list: + - ivs:ListStorageConfigurations + - s3:GetBucketLocation + - ivs:ListTagsForResource + StreamKey: + type: object + properties: + Arn: + description: Stream Key ARN is automatically generated on creation and assigned as the unique identifier. + type: string + pattern: ^arn:aws:ivs:[a-z0-9-]+:[0-9]+:stream-key/[a-zA-Z0-9-]+$ + minLength: 1 + maxLength: 128 + ChannelArn: + description: Channel ARN for the stream. + type: string + pattern: ^arn:aws:ivs:[a-z0-9-]+:[0-9]+:channel/[a-zA-Z0-9-]+$ + Tags: + description: A list of key-value pairs that contain metadata for the asset model. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + Value: + description: Stream-key value. + type: string + required: + - ChannelArn + x-stackql-resource-name: stream_key + description: Resource Type definition for AWS::IVS::StreamKey + x-type-name: AWS::IVS::StreamKey + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - ChannelArn + x-read-only-properties: + - Arn + - Value + x-required-properties: + - ChannelArn + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ivs:TagResource + - ivs:UntagResource + - ivs:CreateStreamKey + read: + - ivs:GetStreamKey + - ivs:ListTagsForResource + update: + - ivs:GetStreamKey + - ivs:TagResource + - ivs:UntagResource + - ivs:ListTagsForResource + delete: + - ivs:DeleteStreamKey + - ivs:UntagResource + list: + - ivs:ListStreamKeys + - ivs:ListTagsForResource + x-stackQL-resources: + channels: + name: channels + id: aws.ivs.channels + x-cfn-schema-name: Channel + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::Channel' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::Channel' + AND region = 'us-east-1' + channel: + name: channel + id: aws.ivs.channel + x-cfn-schema-name: Channel + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Authorized') as authorized, + JSON_EXTRACT(Properties, '$.InsecureIngest') as insecure_ingest, + JSON_EXTRACT(Properties, '$.LatencyMode') as latency_mode, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.PlaybackUrl') as playback_url, + JSON_EXTRACT(Properties, '$.IngestEndpoint') as ingest_endpoint, + JSON_EXTRACT(Properties, '$.RecordingConfigurationArn') as recording_configuration_arn, + JSON_EXTRACT(Properties, '$.Preset') as preset + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::Channel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Authorized') as authorized, + json_extract_path_text(Properties, 'InsecureIngest') as insecure_ingest, + json_extract_path_text(Properties, 'LatencyMode') as latency_mode, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'PlaybackUrl') as playback_url, + json_extract_path_text(Properties, 'IngestEndpoint') as ingest_endpoint, + json_extract_path_text(Properties, 'RecordingConfigurationArn') as recording_configuration_arn, + json_extract_path_text(Properties, 'Preset') as preset + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::Channel' + AND data__Identifier = '' + AND region = 'us-east-1' + encoder_configurations: + name: encoder_configurations + id: aws.ivs.encoder_configurations + x-cfn-schema-name: EncoderConfiguration + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::EncoderConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::EncoderConfiguration' + AND region = 'us-east-1' + encoder_configuration: + name: encoder_configuration + id: aws.ivs.encoder_configuration + x-cfn-schema-name: EncoderConfiguration + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Video') as video, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::EncoderConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Video') as video, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::EncoderConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + playback_key_pairs: + name: playback_key_pairs + id: aws.ivs.playback_key_pairs + x-cfn-schema-name: PlaybackKeyPair + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::PlaybackKeyPair' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::PlaybackKeyPair' + AND region = 'us-east-1' + playback_key_pair: + name: playback_key_pair + id: aws.ivs.playback_key_pair + x-cfn-schema-name: PlaybackKeyPair + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.PublicKeyMaterial') as public_key_material, + JSON_EXTRACT(Properties, '$.Fingerprint') as fingerprint, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::PlaybackKeyPair' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'PublicKeyMaterial') as public_key_material, + json_extract_path_text(Properties, 'Fingerprint') as fingerprint, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::PlaybackKeyPair' + AND data__Identifier = '' + AND region = 'us-east-1' + playback_restriction_policies: + name: playback_restriction_policies + id: aws.ivs.playback_restriction_policies + x-cfn-schema-name: PlaybackRestrictionPolicy + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::PlaybackRestrictionPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::PlaybackRestrictionPolicy' + AND region = 'us-east-1' + playback_restriction_policy: + name: playback_restriction_policy + id: aws.ivs.playback_restriction_policy + x-cfn-schema-name: PlaybackRestrictionPolicy + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AllowedCountries') as allowed_countries, + JSON_EXTRACT(Properties, '$.AllowedOrigins') as allowed_origins, + JSON_EXTRACT(Properties, '$.EnableStrictOriginEnforcement') as enable_strict_origin_enforcement, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::PlaybackRestrictionPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AllowedCountries') as allowed_countries, + json_extract_path_text(Properties, 'AllowedOrigins') as allowed_origins, + json_extract_path_text(Properties, 'EnableStrictOriginEnforcement') as enable_strict_origin_enforcement, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::PlaybackRestrictionPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + recording_configurations: + name: recording_configurations + id: aws.ivs.recording_configurations + x-cfn-schema-name: RecordingConfiguration + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::RecordingConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::RecordingConfiguration' + AND region = 'us-east-1' + recording_configuration: + name: recording_configuration + id: aws.ivs.recording_configuration + x-cfn-schema-name: RecordingConfiguration + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.RecordingReconnectWindowSeconds') as recording_reconnect_window_seconds, + JSON_EXTRACT(Properties, '$.DestinationConfiguration') as destination_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ThumbnailConfiguration') as thumbnail_configuration, + JSON_EXTRACT(Properties, '$.RenditionConfiguration') as rendition_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::RecordingConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'RecordingReconnectWindowSeconds') as recording_reconnect_window_seconds, + json_extract_path_text(Properties, 'DestinationConfiguration') as destination_configuration, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ThumbnailConfiguration') as thumbnail_configuration, + json_extract_path_text(Properties, 'RenditionConfiguration') as rendition_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::RecordingConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + stages: + name: stages + id: aws.ivs.stages + x-cfn-schema-name: Stage + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::Stage' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::Stage' + AND region = 'us-east-1' + stage: + name: stage + id: aws.ivs.stage + x-cfn-schema-name: Stage + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ActiveSessionId') as active_session_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::Stage' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ActiveSessionId') as active_session_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::Stage' + AND data__Identifier = '' + AND region = 'us-east-1' + storage_configurations: + name: storage_configurations + id: aws.ivs.storage_configurations + x-cfn-schema-name: StorageConfiguration + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::StorageConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::StorageConfiguration' + AND region = 'us-east-1' + storage_configuration: + name: storage_configuration + id: aws.ivs.storage_configuration + x-cfn-schema-name: StorageConfiguration + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.S3') as s3, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::StorageConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'S3') as s3, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::StorageConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + stream_keys: + name: stream_keys + id: aws.ivs.stream_keys + x-cfn-schema-name: StreamKey + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::StreamKey' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::StreamKey' + AND region = 'us-east-1' + stream_key: + name: stream_key + id: aws.ivs.stream_key + x-cfn-schema-name: StreamKey + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ChannelArn') as channel_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Value') as value + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::StreamKey' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ChannelArn') as channel_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Value') as value + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::StreamKey' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/ivschat.yaml b/providers/src/aws/v00.00.00000/services/ivschat.yaml new file mode 100644 index 00000000..1e5f56fe --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/ivschat.yaml @@ -0,0 +1,420 @@ +openapi: 3.0.0 +info: + title: IVSChat + version: 1.0.0 +paths: {} +components: + schemas: + DestinationConfiguration: + description: Destination configuration for IVS Chat logging. + type: object + additionalProperties: false + properties: + CloudWatchLogs: + $ref: '#/components/schemas/CloudWatchLogsDestinationConfiguration' + Firehose: + $ref: '#/components/schemas/FirehoseDestinationConfiguration' + S3: + $ref: '#/components/schemas/S3DestinationConfiguration' + required: [] + CloudWatchLogsDestinationConfiguration: + description: CloudWatch destination configuration for IVS Chat logging. + type: object + additionalProperties: false + properties: + LogGroupName: + description: Name of the Amazon CloudWatch Logs log group where chat activity will be logged. + type: string + pattern: ^[\.\-_/#A-Za-z0-9]+$ + minLength: 1 + maxLength: 512 + required: + - LogGroupName + FirehoseDestinationConfiguration: + description: Kinesis Firehose destination configuration for IVS Chat logging. + type: object + additionalProperties: false + properties: + DeliveryStreamName: + description: Name of the Amazon Kinesis Firehose delivery stream where chat activity will be logged. + type: string + pattern: ^[a-zA-Z0-9_.-]+$ + minLength: 1 + maxLength: 64 + required: + - DeliveryStreamName + S3DestinationConfiguration: + description: S3 destination configuration for IVS Chat logging. + type: object + additionalProperties: false + properties: + BucketName: + description: Name of the Amazon S3 bucket where chat activity will be logged. + type: string + pattern: ^[a-z0-9-.]+$ + minLength: 3 + maxLength: 63 + required: + - BucketName + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 256 + required: + - Value + - Key + LoggingConfiguration: + type: object + properties: + Arn: + description: LoggingConfiguration ARN is automatically generated on creation and assigned as the unique identifier. + type: string + pattern: ^arn:aws:ivschat:[a-z0-9-]+:[0-9]+:logging-configuration/[a-zA-Z0-9-]+$ + minLength: 1 + maxLength: 128 + Id: + description: The system-generated ID of the logging configuration. + type: string + pattern: ^[a-zA-Z0-9]+$ + minLength: 12 + maxLength: 12 + DestinationConfiguration: + $ref: '#/components/schemas/DestinationConfiguration' + Name: + description: The name of the logging configuration. The value does not need to be unique. + type: string + pattern: ^[a-zA-Z0-9-_]*$ + minLength: 0 + maxLength: 128 + State: + description: The state of the logging configuration. When the state is ACTIVE, the configuration is ready to log chat content. + type: string + enum: + - CREATING + - CREATE_FAILED + - DELETING + - DELETE_FAILED + - UPDATING + - UPDATING_FAILED + - ACTIVE + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - DestinationConfiguration + x-stackql-resource-name: logging_configuration + description: Resource type definition for AWS::IVSChat::LoggingConfiguration. + x-type-name: AWS::IVSChat::LoggingConfiguration + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + - Id + - State + x-required-properties: + - DestinationConfiguration + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ivschat:CreateLoggingConfiguration + - ivschat:GetLoggingConfiguration + - logs:CreateLogDelivery + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - s3:PutBucketPolicy + - s3:GetBucketPolicy + - iam:CreateServiceLinkedRole + - firehose:TagDeliveryStream + - ivschat:TagResource + read: + - ivschat:GetLoggingConfiguration + - ivschat:ListTagsForResource + update: + - ivschat:UpdateLoggingConfiguration + - ivschat:GetLoggingConfiguration + - ivschat:TagResource + - ivschat:UntagResource + - ivschat:ListTagsForResource + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - s3:PutBucketPolicy + - s3:GetBucketPolicy + - iam:CreateServiceLinkedRole + - firehose:TagDeliveryStream + delete: + - ivschat:DeleteLoggingConfiguration + - ivschat:GetLoggingConfiguration + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - ivschat:UntagResource + - logs:GetLogDelivery + list: + - ivschat:ListLoggingConfigurations + - ivschat:ListTagsForResource + MessageReviewHandler: + description: Configuration information for optional review of messages. + type: object + additionalProperties: false + properties: + FallbackResult: + description: Specifies the fallback behavior if the handler does not return a valid response, encounters an error, or times out. + type: string + enum: + - ALLOW + - DENY + default: ALLOW + Uri: + description: Identifier of the message review handler. + type: string + pattern: ^$|^arn:aws:lambda:[a-z0-9-]+:[0-9]{12}:function:.+ + minLength: 0 + maxLength: 170 + required: [] + Room: + type: object + properties: + Arn: + description: Room ARN is automatically generated on creation and assigned as the unique identifier. + type: string + pattern: ^arn:aws:ivschat:[a-z0-9-]+:[0-9]+:room/[a-zA-Z0-9-]+$ + minLength: 1 + maxLength: 128 + Id: + description: The system-generated ID of the room. + type: string + pattern: ^[a-zA-Z0-9]+$ + minLength: 12 + maxLength: 12 + Name: + description: The name of the room. The value does not need to be unique. + type: string + pattern: ^[a-zA-Z0-9-_]*$ + minLength: 0 + maxLength: 128 + LoggingConfigurationIdentifiers: + description: Array of logging configuration identifiers attached to the room. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 50 + items: + type: string + pattern: ^arn:aws:ivschat:[a-z0-9-]+:[0-9]+:logging-configuration/[a-zA-Z0-9-]+$ + minLength: 1 + maxLength: 128 + MaximumMessageLength: + description: The maximum number of characters in a single message. + type: integer + minimum: 1 + maximum: 500 + default: 500 + MaximumMessageRatePerSecond: + description: The maximum number of messages per second that can be sent to the room. + type: integer + minimum: 1 + maximum: 10 + default: 10 + MessageReviewHandler: + $ref: '#/components/schemas/MessageReviewHandler' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: [] + x-stackql-resource-name: room + description: Resource type definition for AWS::IVSChat::Room. + x-type-name: AWS::IVSChat::Room + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + - Id + x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - ivschat:CreateRoom + - ivschat:TagResource + read: + - ivschat:GetRoom + - ivschat:ListTagsForResource + update: + - ivschat:UpdateRoom + - ivschat:TagResource + - ivschat:UntagResource + - ivschat:ListTagsForResource + delete: + - ivschat:DeleteRoom + - ivschat:UntagResource + list: + - ivschat:ListRooms + - ivschat:ListTagsForResource + x-stackQL-resources: + logging_configurations: + name: logging_configurations + id: aws.ivschat.logging_configurations + x-cfn-schema-name: LoggingConfiguration + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVSChat::LoggingConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVSChat::LoggingConfiguration' + AND region = 'us-east-1' + logging_configuration: + name: logging_configuration + id: aws.ivschat.logging_configuration + x-cfn-schema-name: LoggingConfiguration + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.DestinationConfiguration') as destination_configuration, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVSChat::LoggingConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'DestinationConfiguration') as destination_configuration, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVSChat::LoggingConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + rooms: + name: rooms + id: aws.ivschat.rooms + x-cfn-schema-name: Room + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVSChat::Room' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVSChat::Room' + AND region = 'us-east-1' + room: + name: room + id: aws.ivschat.room + x-cfn-schema-name: Room + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.LoggingConfigurationIdentifiers') as logging_configuration_identifiers, + JSON_EXTRACT(Properties, '$.MaximumMessageLength') as maximum_message_length, + JSON_EXTRACT(Properties, '$.MaximumMessageRatePerSecond') as maximum_message_rate_per_second, + JSON_EXTRACT(Properties, '$.MessageReviewHandler') as message_review_handler, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVSChat::Room' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'LoggingConfigurationIdentifiers') as logging_configuration_identifiers, + json_extract_path_text(Properties, 'MaximumMessageLength') as maximum_message_length, + json_extract_path_text(Properties, 'MaximumMessageRatePerSecond') as maximum_message_rate_per_second, + json_extract_path_text(Properties, 'MessageReviewHandler') as message_review_handler, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVSChat::Room' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/kafkaconnect.yaml b/providers/src/aws/v00.00.00000/services/kafkaconnect.yaml new file mode 100644 index 00000000..62fd7f2d --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/kafkaconnect.yaml @@ -0,0 +1,821 @@ +openapi: 3.0.0 +info: + title: KafkaConnect + version: 1.0.0 +paths: {} +components: + schemas: + ApacheKafkaCluster: + description: Details of how to connect to an Apache Kafka cluster. + type: object + additionalProperties: false + properties: + BootstrapServers: + description: The bootstrap servers string of the Apache Kafka cluster. + type: string + Vpc: + $ref: '#/components/schemas/Vpc' + required: + - BootstrapServers + - Vpc + AutoScaling: + description: Details about auto scaling of a connector. + type: object + additionalProperties: false + properties: + MaxWorkerCount: + description: The maximum number of workers for a connector. + type: integer + MinWorkerCount: + description: The minimum number of workers for a connector. + type: integer + ScaleInPolicy: + $ref: '#/components/schemas/ScaleInPolicy' + ScaleOutPolicy: + $ref: '#/components/schemas/ScaleOutPolicy' + McuCount: + description: Specifies how many MSK Connect Units (MCU) as the minimum scaling unit. + type: integer + enum: + - 1 + - 2 + - 4 + - 8 + required: + - MaxWorkerCount + - MinWorkerCount + - ScaleInPolicy + - ScaleOutPolicy + - McuCount + Capacity: + description: Information about the capacity allocated to the connector. + type: object + additionalProperties: false + properties: + AutoScaling: + $ref: '#/components/schemas/AutoScaling' + ProvisionedCapacity: + $ref: '#/components/schemas/ProvisionedCapacity' + oneOf: + - required: + - AutoScaling + - required: + - ProvisionedCapacity + CloudWatchLogsLogDelivery: + description: Details about delivering logs to Amazon CloudWatch Logs. + type: object + additionalProperties: false + properties: + Enabled: + description: Specifies whether the logs get sent to the specified CloudWatch Logs destination. + type: boolean + LogGroup: + description: The CloudWatch log group that is the destination for log delivery. + type: string + required: + - Enabled + CustomPlugin: + type: object + properties: + Name: + description: The name of the custom plugin. + type: string + minLength: 1 + maxLength: 128 + Description: + description: A summary description of the custom plugin. + type: string + maxLength: 1024 + CustomPluginArn: + description: The Amazon Resource Name (ARN) of the custom plugin to use. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn):kafkaconnect:.* + ContentType: + description: The type of the plugin file. + type: string + enum: + - JAR + - ZIP + FileDescription: + $ref: '#/components/schemas/CustomPluginFileDescription' + Location: + $ref: '#/components/schemas/CustomPluginLocation' + Revision: + description: The revision of the custom plugin. + type: integer + format: int64 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - ContentType + - Location + x-stackql-resource-name: custom_plugin + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::KafkaConnect::CustomPlugin + x-stackql-primary-identifier: + - CustomPluginArn + x-stackql-additional-identifiers: + - - Name + x-create-only-properties: + - Name + - Description + - ContentType + - Location + x-read-only-properties: + - CustomPluginArn + - Revision + - FileDescription + x-required-properties: + - Name + - ContentType + - Location + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - kafkaconnect:DescribeCustomPlugin + - kafkaconnect:ListTagsForResource + - kafkaconnect:CreateCustomPlugin + - kafkaconnect:TagResource + - s3:GetObject + - s3:GetObjectVersion + - s3:GetObjectAttributes + - s3:GetObjectVersionAttributes + read: + - kafkaconnect:DescribeCustomPlugin + - kafkaconnect:ListTagsForResource + update: + - kafkaconnect:DescribeCustomPlugin + - kafkaconnect:ListTagsForResource + - kafkaconnect:TagResource + - kafkaconnect:UntagResource + delete: + - kafkaconnect:DeleteCustomPlugin + - kafkaconnect:DescribeCustomPlugin + list: + - kafkaconnect:ListCustomPlugins + FirehoseLogDelivery: + description: Details about delivering logs to Amazon Kinesis Data Firehose. + type: object + additionalProperties: false + properties: + DeliveryStream: + description: The Kinesis Data Firehose delivery stream that is the destination for log delivery. + type: string + Enabled: + description: Specifies whether the logs get sent to the specified Kinesis Data Firehose delivery stream. + type: boolean + required: + - Enabled + KafkaCluster: + description: Details of how to connect to the Kafka cluster. + type: object + additionalProperties: false + properties: + ApacheKafkaCluster: + $ref: '#/components/schemas/ApacheKafkaCluster' + required: + - ApacheKafkaCluster + KafkaClusterClientAuthentication: + description: Details of the client authentication used by the Kafka cluster. + type: object + additionalProperties: false + properties: + AuthenticationType: + $ref: '#/components/schemas/KafkaClusterClientAuthenticationType' + required: + - AuthenticationType + KafkaClusterClientAuthenticationType: + description: The type of client authentication used to connect to the Kafka cluster. Value NONE means that no client authentication is used. + type: string + enum: + - NONE + - IAM + KafkaClusterEncryptionInTransit: + description: Details of encryption in transit to the Kafka cluster. + type: object + additionalProperties: false + properties: + EncryptionType: + $ref: '#/components/schemas/KafkaClusterEncryptionInTransitType' + required: + - EncryptionType + KafkaClusterEncryptionInTransitType: + description: The type of encryption in transit to the Kafka cluster. + type: string + enum: + - PLAINTEXT + - TLS + LogDelivery: + description: Details of what logs are delivered and where they are delivered. + type: object + additionalProperties: false + properties: + WorkerLogDelivery: + $ref: '#/components/schemas/WorkerLogDelivery' + required: + - WorkerLogDelivery + Plugin: + description: Details about a Kafka Connect plugin which will be used with the connector. + type: object + additionalProperties: false + properties: + CustomPlugin: + $ref: '#/components/schemas/CustomPlugin' + required: + - CustomPlugin + ProvisionedCapacity: + description: Details about a fixed capacity allocated to a connector. + type: object + additionalProperties: false + properties: + McuCount: + description: Specifies how many MSK Connect Units (MCU) are allocated to the connector. + type: integer + enum: + - 1 + - 2 + - 4 + - 8 + WorkerCount: + description: Number of workers for a connector. + type: integer + required: + - WorkerCount + S3LogDelivery: + description: Details about delivering logs to Amazon S3. + type: object + additionalProperties: false + properties: + Bucket: + description: The name of the S3 bucket that is the destination for log delivery. + type: string + Enabled: + description: Specifies whether the logs get sent to the specified Amazon S3 destination. + type: boolean + Prefix: + description: The S3 prefix that is the destination for log delivery. + type: string + required: + - Enabled + ScaleInPolicy: + description: Information about the scale in policy of the connector. + type: object + additionalProperties: false + properties: + CpuUtilizationPercentage: + description: Specifies the CPU utilization percentage threshold at which connector scale in should trigger. + type: integer + minimum: 1 + maximum: 100 + required: + - CpuUtilizationPercentage + ScaleOutPolicy: + description: Information about the scale out policy of the connector. + type: object + additionalProperties: false + properties: + CpuUtilizationPercentage: + description: Specifies the CPU utilization percentage threshold at which connector scale out should trigger. + type: integer + minimum: 1 + maximum: 100 + required: + - CpuUtilizationPercentage + Tag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + maxLength: 256 + required: + - Value + - Key + additionalProperties: false + Vpc: + description: Information about a VPC used with the connector. + type: object + additionalProperties: false + properties: + SecurityGroups: + description: The AWS security groups to associate with the elastic network interfaces in order to specify what the connector has access to. + type: array + uniqueItems: true + items: + type: string + x-insertionOrder: false + Subnets: + description: The list of subnets to connect to in the virtual private cloud (VPC). AWS creates elastic network interfaces inside these subnets. + type: array + uniqueItems: true + minItems: 1 + items: + type: string + x-insertionOrder: false + required: + - SecurityGroups + - Subnets + WorkerConfiguration: + type: object + properties: + Name: + description: The name of the worker configuration. + type: string + minLength: 1 + maxLength: 128 + Description: + description: A summary description of the worker configuration. + type: string + maxLength: 1024 + WorkerConfigurationArn: + description: The Amazon Resource Name (ARN) of the custom configuration. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn):kafkaconnect:.* + PropertiesFileContent: + description: Base64 encoded contents of connect-distributed.properties file. + type: string + Revision: + description: The description of a revision of the worker configuration. + type: integer + format: int64 + Tags: + description: A collection of tags associated with a resource + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - PropertiesFileContent + x-stackql-resource-name: worker_configuration + description: The configuration of the workers, which are the processes that run the connector logic. + x-type-name: AWS::KafkaConnect::WorkerConfiguration + x-stackql-primary-identifier: + - WorkerConfigurationArn + x-stackql-additional-identifiers: + - - Name + x-create-only-properties: + - Name + - Description + - PropertiesFileContent + x-read-only-properties: + - WorkerConfigurationArn + - Revision + x-required-properties: + - Name + - PropertiesFileContent + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - kafkaconnect:DescribeWorkerConfiguration + - kafkaconnect:CreateWorkerConfiguration + - kafkaconnect:TagResource + - kafkaconnect:ListTagsForResource + read: + - kafkaconnect:DescribeWorkerConfiguration + - kafkaconnect:ListTagsForResource + update: + - kafkaconnect:DescribeWorkerConfiguration + - kafkaconnect:ListTagsForResource + - kafkaconnect:TagResource + - kafkaconnect:UntagResource + delete: + - kafkaconnect:DescribeWorkerConfiguration + - kafkaconnect:DeleteWorkerConfiguration + list: + - kafkaconnect:ListWorkerConfigurations + WorkerLogDelivery: + description: Specifies where worker logs are delivered. + type: object + additionalProperties: false + properties: + CloudWatchLogs: + $ref: '#/components/schemas/CloudWatchLogsLogDelivery' + Firehose: + $ref: '#/components/schemas/FirehoseLogDelivery' + S3: + $ref: '#/components/schemas/S3LogDelivery' + Connector: + type: object + properties: + Capacity: + $ref: '#/components/schemas/Capacity' + ConnectorArn: + description: Amazon Resource Name for the created Connector. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn):kafkaconnect:.* + ConnectorConfiguration: + description: The configuration for the connector. + type: object + additionalProperties: false + x-patternProperties: + .*: + type: string + ConnectorDescription: + description: A summary description of the connector. + type: string + maxLength: 1024 + ConnectorName: + description: The name of the connector. + type: string + minLength: 1 + maxLength: 128 + KafkaCluster: + $ref: '#/components/schemas/KafkaCluster' + KafkaClusterClientAuthentication: + $ref: '#/components/schemas/KafkaClusterClientAuthentication' + KafkaClusterEncryptionInTransit: + $ref: '#/components/schemas/KafkaClusterEncryptionInTransit' + KafkaConnectVersion: + description: The version of Kafka Connect. It has to be compatible with both the Kafka cluster's version and the plugins. + type: string + LogDelivery: + $ref: '#/components/schemas/LogDelivery' + Plugins: + description: List of plugins to use with the connector. + type: array + uniqueItems: true + minItems: 1 + items: + $ref: '#/components/schemas/Plugin' + x-insertionOrder: false + ServiceExecutionRoleArn: + description: The Amazon Resource Name (ARN) of the IAM role used by the connector to access Amazon S3 objects and other external resources. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn):iam:.* + Tags: + description: A collection of tags associated with a resource + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + WorkerConfiguration: + $ref: '#/components/schemas/WorkerConfiguration' + required: + - Capacity + - ConnectorConfiguration + - ConnectorName + - KafkaConnectVersion + - KafkaCluster + - KafkaClusterClientAuthentication + - KafkaClusterEncryptionInTransit + - Plugins + - ServiceExecutionRoleArn + x-stackql-resource-name: connector + description: Resource Type definition for AWS::KafkaConnect::Connector + x-type-name: AWS::KafkaConnect::Connector + x-stackql-primary-identifier: + - ConnectorArn + x-stackql-additional-identifiers: + - - ConnectorName + x-create-only-properties: + - ConnectorConfiguration + - ConnectorDescription + - ConnectorName + - KafkaCluster + - KafkaClusterClientAuthentication + - KafkaClusterEncryptionInTransit + - KafkaConnectVersion + - LogDelivery + - Plugins + - ServiceExecutionRoleArn + - WorkerConfiguration + x-read-only-properties: + - ConnectorArn + x-required-properties: + - Capacity + - ConnectorConfiguration + - ConnectorName + - KafkaConnectVersion + - KafkaCluster + - KafkaClusterClientAuthentication + - KafkaClusterEncryptionInTransit + - Plugins + - ServiceExecutionRoleArn + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - kafkaconnect:CreateConnector + - kafkaconnect:DescribeConnector + - kafkaconnect:TagResource + - kafkaconnect:ListTagsForResource + - iam:CreateServiceLinkedRole + - iam:PassRole + - ec2:CreateNetworkInterface + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcs + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:ListLogDeliveries + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - firehose:TagDeliveryStream + read: + - kafkaconnect:DescribeConnector + - kafkaconnect:ListTagsForResource + delete: + - kafkaconnect:DeleteConnector + - kafkaconnect:DescribeConnector + - logs:DeleteLogDelivery + - logs:GetLogDelivery + - logs:ListLogDeliveries + update: + - kafkaconnect:UpdateConnector + - kafkaconnect:DescribeConnector + - kafkaconnect:TagResource + - kafkaconnect:ListTagsForResource + - kafkaconnect:UntagResource + - iam:CreateServiceLinkedRole + - logs:UpdateLogDelivery + - logs:GetLogDelivery + - logs:ListLogDeliveries + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - firehose:TagDeliveryStream + list: + - kafkaconnect:ListConnectors + CustomPluginFileDescription: + description: Details about the custom plugin file. + type: object + additionalProperties: false + properties: + FileMd5: + description: The hex-encoded MD5 checksum of the custom plugin file. You can use it to validate the file. + type: string + FileSize: + description: The size in bytes of the custom plugin file. You can use it to validate the file. + type: integer + format: int64 + CustomPluginLocation: + description: Information about the location of a custom plugin. + type: object + additionalProperties: false + properties: + S3Location: + $ref: '#/components/schemas/S3Location' + required: + - S3Location + S3Location: + description: The S3 bucket Amazon Resource Name (ARN), file key, and object version of the plugin file stored in Amazon S3. + type: object + additionalProperties: false + properties: + BucketArn: + type: string + description: The Amazon Resource Name (ARN) of an S3 bucket. + FileKey: + type: string + description: The file key for an object in an S3 bucket. + ObjectVersion: + type: string + description: The version of an object in an S3 bucket. + required: + - BucketArn + - FileKey + x-stackQL-resources: + custom_plugins: + name: custom_plugins + id: aws.kafkaconnect.custom_plugins + x-cfn-schema-name: CustomPlugin + x-type: list + x-identifiers: + - CustomPluginArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CustomPluginArn') as custom_plugin_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KafkaConnect::CustomPlugin' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CustomPluginArn') as custom_plugin_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KafkaConnect::CustomPlugin' + AND region = 'us-east-1' + custom_plugin: + name: custom_plugin + id: aws.kafkaconnect.custom_plugin + x-cfn-schema-name: CustomPlugin + x-type: get + x-identifiers: + - CustomPluginArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.CustomPluginArn') as custom_plugin_arn, + JSON_EXTRACT(Properties, '$.ContentType') as content_type, + JSON_EXTRACT(Properties, '$.FileDescription') as file_description, + JSON_EXTRACT(Properties, '$.Location') as location, + JSON_EXTRACT(Properties, '$.Revision') as revision, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KafkaConnect::CustomPlugin' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'CustomPluginArn') as custom_plugin_arn, + json_extract_path_text(Properties, 'ContentType') as content_type, + json_extract_path_text(Properties, 'FileDescription') as file_description, + json_extract_path_text(Properties, 'Location') as location, + json_extract_path_text(Properties, 'Revision') as revision, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KafkaConnect::CustomPlugin' + AND data__Identifier = '' + AND region = 'us-east-1' + worker_configurations: + name: worker_configurations + id: aws.kafkaconnect.worker_configurations + x-cfn-schema-name: WorkerConfiguration + x-type: list + x-identifiers: + - WorkerConfigurationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.WorkerConfigurationArn') as worker_configuration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KafkaConnect::WorkerConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'WorkerConfigurationArn') as worker_configuration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KafkaConnect::WorkerConfiguration' + AND region = 'us-east-1' + worker_configuration: + name: worker_configuration + id: aws.kafkaconnect.worker_configuration + x-cfn-schema-name: WorkerConfiguration + x-type: get + x-identifiers: + - WorkerConfigurationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.WorkerConfigurationArn') as worker_configuration_arn, + JSON_EXTRACT(Properties, '$.PropertiesFileContent') as properties_file_content, + JSON_EXTRACT(Properties, '$.Revision') as revision, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KafkaConnect::WorkerConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'WorkerConfigurationArn') as worker_configuration_arn, + json_extract_path_text(Properties, 'PropertiesFileContent') as properties_file_content, + json_extract_path_text(Properties, 'Revision') as revision, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KafkaConnect::WorkerConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + connectors: + name: connectors + id: aws.kafkaconnect.connectors + x-cfn-schema-name: Connector + x-type: list + x-identifiers: + - ConnectorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConnectorArn') as connector_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KafkaConnect::Connector' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConnectorArn') as connector_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KafkaConnect::Connector' + AND region = 'us-east-1' + connector: + name: connector + id: aws.kafkaconnect.connector + x-cfn-schema-name: Connector + x-type: get + x-identifiers: + - ConnectorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Capacity') as capacity, + JSON_EXTRACT(Properties, '$.ConnectorArn') as connector_arn, + JSON_EXTRACT(Properties, '$.ConnectorConfiguration') as connector_configuration, + JSON_EXTRACT(Properties, '$.ConnectorDescription') as connector_description, + JSON_EXTRACT(Properties, '$.ConnectorName') as connector_name, + JSON_EXTRACT(Properties, '$.KafkaCluster') as kafka_cluster, + JSON_EXTRACT(Properties, '$.KafkaClusterClientAuthentication') as kafka_cluster_client_authentication, + JSON_EXTRACT(Properties, '$.KafkaClusterEncryptionInTransit') as kafka_cluster_encryption_in_transit, + JSON_EXTRACT(Properties, '$.KafkaConnectVersion') as kafka_connect_version, + JSON_EXTRACT(Properties, '$.LogDelivery') as log_delivery, + JSON_EXTRACT(Properties, '$.Plugins') as plugins, + JSON_EXTRACT(Properties, '$.ServiceExecutionRoleArn') as service_execution_role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.WorkerConfiguration') as worker_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KafkaConnect::Connector' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Capacity') as capacity, + json_extract_path_text(Properties, 'ConnectorArn') as connector_arn, + json_extract_path_text(Properties, 'ConnectorConfiguration') as connector_configuration, + json_extract_path_text(Properties, 'ConnectorDescription') as connector_description, + json_extract_path_text(Properties, 'ConnectorName') as connector_name, + json_extract_path_text(Properties, 'KafkaCluster') as kafka_cluster, + json_extract_path_text(Properties, 'KafkaClusterClientAuthentication') as kafka_cluster_client_authentication, + json_extract_path_text(Properties, 'KafkaClusterEncryptionInTransit') as kafka_cluster_encryption_in_transit, + json_extract_path_text(Properties, 'KafkaConnectVersion') as kafka_connect_version, + json_extract_path_text(Properties, 'LogDelivery') as log_delivery, + json_extract_path_text(Properties, 'Plugins') as plugins, + json_extract_path_text(Properties, 'ServiceExecutionRoleArn') as service_execution_role_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'WorkerConfiguration') as worker_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KafkaConnect::Connector' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/kendra.yaml b/providers/src/aws/v00.00.00000/services/kendra.yaml new file mode 100644 index 00000000..8145432c --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/kendra.yaml @@ -0,0 +1,1857 @@ +openapi: 3.0.0 +info: + title: Kendra + version: 1.0.0 +paths: {} +components: + schemas: + IndexId: + description: Unique ID of Index + type: string + minLength: 36 + maxLength: 36 + Tag: + description: A label for tagging Kendra resources + type: object + properties: + Key: + description: A string used to identify this tag + type: string + minLength: 1 + maxLength: 128 + Value: + description: A string containing the value for the tag + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + TagList: + description: List of tags + type: array + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + DataSourceInclusionsExclusionsStrings: + type: array + maxItems: 100 + items: + type: string + minLength: 1 + maxLength: 50 + S3Path: + type: object + properties: + Bucket: + $ref: '#/components/schemas/S3BucketName' + Key: + $ref: '#/components/schemas/S3ObjectKey' + additionalProperties: false + required: + - Bucket + - Key + S3BucketName: + type: string + minLength: 3 + maxLength: 63 + pattern: '[a-z0-9][\.\-a-z0-9]{1,61}[a-z0-9]' + S3ObjectKey: + type: string + minLength: 1 + maxLength: 1024 + DocumentsMetadataConfiguration: + type: object + properties: + S3Prefix: + $ref: '#/components/schemas/S3ObjectKey' + additionalProperties: false + AccessControlListConfiguration: + type: object + properties: + KeyPath: + $ref: '#/components/schemas/S3ObjectKey' + additionalProperties: false + S3DataSourceConfiguration: + description: S3 data source configuration + type: object + properties: + BucketName: + $ref: '#/components/schemas/S3BucketName' + InclusionPrefixes: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + InclusionPatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + ExclusionPatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + DocumentsMetadataConfiguration: + $ref: '#/components/schemas/DocumentsMetadataConfiguration' + AccessControlListConfiguration: + $ref: '#/components/schemas/AccessControlListConfiguration' + additionalProperties: false + required: + - BucketName + Url: + type: string + minLength: 1 + maxLength: 2048 + pattern: ^(https?|ftp|file):\/\/([^\s]*) + SecretArn: + type: string + minLength: 1 + maxLength: 1284 + pattern: arn:[a-z0-9-\.]{1,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[^/].{0,1023} + DataSourceVpcConfiguration: + type: object + properties: + SubnetIds: + type: array + maxItems: 6 + items: + type: string + minLength: 1 + maxLength: 200 + pattern: '[\-0-9a-zA-Z]+' + SecurityGroupIds: + type: array + maxItems: 10 + items: + type: string + minLength: 1 + maxLength: 200 + pattern: '[\-0-9a-zA-Z]+' + additionalProperties: false + required: + - SubnetIds + - SecurityGroupIds + DataSourceFieldName: + type: string + minLength: 1 + maxLength: 100 + DataSourceToIndexFieldMapping: + type: object + properties: + DataSourceFieldName: + $ref: '#/components/schemas/DataSourceFieldName' + DateFieldFormat: + $ref: '#/components/schemas/DateFieldFormat' + IndexFieldName: + $ref: '#/components/schemas/IndexFieldName' + additionalProperties: false + required: + - DataSourceFieldName + - IndexFieldName + DateFieldFormat: + type: string + minLength: 4 + maxLength: 40 + IndexFieldName: + type: string + minLength: 1 + maxLength: 30 + DataSourceToIndexFieldMappingList: + type: array + maxItems: 100 + items: + $ref: '#/components/schemas/DataSourceToIndexFieldMapping' + DisableLocalGroups: + type: boolean + SharePointConfiguration: + description: SharePoint configuration + type: object + properties: + SharePointVersion: + type: string + enum: + - SHAREPOINT_ONLINE + - SHAREPOINT_2013 + - SHAREPOINT_2016 + Urls: + type: array + maxItems: 100 + items: + $ref: '#/components/schemas/Url' + SecretArn: + $ref: '#/components/schemas/SecretArn' + CrawlAttachments: + type: boolean + UseChangeLog: + type: boolean + InclusionPatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + ExclusionPatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + VpcConfiguration: + $ref: '#/components/schemas/DataSourceVpcConfiguration' + FieldMappings: + $ref: '#/components/schemas/DataSourceToIndexFieldMappingList' + DocumentTitleFieldName: + $ref: '#/components/schemas/DataSourceFieldName' + DisableLocalGroups: + $ref: '#/components/schemas/DisableLocalGroups' + SslCertificateS3Path: + $ref: '#/components/schemas/S3Path' + additionalProperties: false + required: + - Urls + - SecretArn + - SharePointVersion + SalesforceConfiguration: + type: object + properties: + ServerUrl: + $ref: '#/components/schemas/Url' + SecretArn: + $ref: '#/components/schemas/SecretArn' + StandardObjectConfigurations: + $ref: '#/components/schemas/SalesforceStandardObjectConfigurationList' + KnowledgeArticleConfiguration: + $ref: '#/components/schemas/SalesforceKnowledgeArticleConfiguration' + ChatterFeedConfiguration: + $ref: '#/components/schemas/SalesforceChatterFeedConfiguration' + CrawlAttachments: + type: boolean + StandardObjectAttachmentConfiguration: + $ref: '#/components/schemas/SalesforceStandardObjectAttachmentConfiguration' + IncludeAttachmentFilePatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + ExcludeAttachmentFilePatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + additionalProperties: false + required: + - ServerUrl + - SecretArn + SalesforceStandardObjectConfigurationList: + type: array + minItems: 1 + maxItems: 17 + items: + $ref: '#/components/schemas/SalesforceStandardObjectConfiguration' + SalesforceStandardObjectConfiguration: + type: object + properties: + Name: + $ref: '#/components/schemas/SalesforceStandardObjectName' + DocumentDataFieldName: + $ref: '#/components/schemas/DataSourceFieldName' + DocumentTitleFieldName: + $ref: '#/components/schemas/DataSourceFieldName' + FieldMappings: + $ref: '#/components/schemas/DataSourceToIndexFieldMappingList' + additionalProperties: false + required: + - Name + - DocumentDataFieldName + SalesforceStandardObjectName: + type: string + enum: + - ACCOUNT + - CAMPAIGN + - CASE + - CONTACT + - CONTRACT + - DOCUMENT + - GROUP + - IDEA + - LEAD + - OPPORTUNITY + - PARTNER + - PRICEBOOK + - PRODUCT + - PROFILE + - SOLUTION + - TASK + - USER + SalesforceKnowledgeArticleConfiguration: + type: object + properties: + IncludedStates: + $ref: '#/components/schemas/SalesforceKnowledgeArticleStateList' + StandardKnowledgeArticleTypeConfiguration: + $ref: '#/components/schemas/SalesforceStandardKnowledgeArticleTypeConfiguration' + CustomKnowledgeArticleTypeConfigurations: + $ref: '#/components/schemas/SalesforceCustomKnowledgeArticleTypeConfigurationList' + additionalProperties: false + required: + - IncludedStates + SalesforceKnowledgeArticleStateList: + type: array + minItems: 1 + maxItems: 3 + items: + $ref: '#/components/schemas/SalesforceKnowledgeArticleState' + SalesforceKnowledgeArticleState: + type: string + enum: + - DRAFT + - PUBLISHED + - ARCHIVED + SalesforceStandardKnowledgeArticleTypeConfiguration: + type: object + properties: + DocumentDataFieldName: + $ref: '#/components/schemas/DataSourceFieldName' + DocumentTitleFieldName: + $ref: '#/components/schemas/DataSourceFieldName' + FieldMappings: + $ref: '#/components/schemas/DataSourceToIndexFieldMappingList' + additionalProperties: false + required: + - DocumentDataFieldName + SalesforceCustomKnowledgeArticleTypeConfigurationList: + type: array + minItems: 1 + maxItems: 10 + items: + $ref: '#/components/schemas/SalesforceCustomKnowledgeArticleTypeConfiguration' + SalesforceCustomKnowledgeArticleTypeConfiguration: + type: object + properties: + Name: + $ref: '#/components/schemas/SalesforceCustomKnowledgeArticleTypeName' + DocumentDataFieldName: + $ref: '#/components/schemas/DataSourceFieldName' + DocumentTitleFieldName: + $ref: '#/components/schemas/DataSourceFieldName' + FieldMappings: + $ref: '#/components/schemas/DataSourceToIndexFieldMappingList' + additionalProperties: false + required: + - Name + - DocumentDataFieldName + SalesforceCustomKnowledgeArticleTypeName: + type: string + minLength: 1 + maxLength: 100 + SalesforceChatterFeedConfiguration: + type: object + properties: + DocumentDataFieldName: + $ref: '#/components/schemas/DataSourceFieldName' + DocumentTitleFieldName: + $ref: '#/components/schemas/DataSourceFieldName' + FieldMappings: + $ref: '#/components/schemas/DataSourceToIndexFieldMappingList' + IncludeFilterTypes: + $ref: '#/components/schemas/SalesforceChatterFeedIncludeFilterTypes' + additionalProperties: false + required: + - DocumentDataFieldName + SalesforceChatterFeedIncludeFilterTypes: + type: array + minItems: 1 + maxItems: 2 + items: + $ref: '#/components/schemas/SalesforceChatterFeedIncludeFilterType' + SalesforceChatterFeedIncludeFilterType: + type: string + enum: + - ACTIVE_USER + - STANDARD_USER + SalesforceStandardObjectAttachmentConfiguration: + type: object + properties: + DocumentTitleFieldName: + $ref: '#/components/schemas/DataSourceFieldName' + FieldMappings: + $ref: '#/components/schemas/DataSourceToIndexFieldMappingList' + additionalProperties: false + DatabaseConfiguration: + type: object + properties: + DatabaseEngineType: + $ref: '#/components/schemas/DatabaseEngineType' + ConnectionConfiguration: + $ref: '#/components/schemas/ConnectionConfiguration' + VpcConfiguration: + $ref: '#/components/schemas/DataSourceVpcConfiguration' + ColumnConfiguration: + $ref: '#/components/schemas/ColumnConfiguration' + AclConfiguration: + $ref: '#/components/schemas/AclConfiguration' + SqlConfiguration: + $ref: '#/components/schemas/SqlConfiguration' + additionalProperties: false + required: + - ConnectionConfiguration + - ColumnConfiguration + - DatabaseEngineType + DatabaseEngineType: + type: string + enum: + - RDS_AURORA_MYSQL + - RDS_AURORA_POSTGRESQL + - RDS_MYSQL + - RDS_POSTGRESQL + ConnectionConfiguration: + type: object + properties: + DatabaseHost: + $ref: '#/components/schemas/DatabaseHost' + DatabasePort: + $ref: '#/components/schemas/DatabasePort' + DatabaseName: + $ref: '#/components/schemas/DatabaseName' + TableName: + $ref: '#/components/schemas/TableName' + SecretArn: + $ref: '#/components/schemas/SecretArn' + additionalProperties: false + required: + - DatabaseHost + - DatabasePort + - DatabaseName + - TableName + - SecretArn + DatabaseHost: + type: string + minLength: 1 + maxLength: 253 + DatabasePort: + type: integer + minimum: 1 + maximum: 65535 + DatabaseName: + type: string + minLength: 1 + maxLength: 100 + TableName: + type: string + minLength: 1 + maxLength: 100 + ColumnConfiguration: + type: object + properties: + DocumentIdColumnName: + $ref: '#/components/schemas/ColumnName' + DocumentDataColumnName: + $ref: '#/components/schemas/ColumnName' + DocumentTitleColumnName: + $ref: '#/components/schemas/ColumnName' + FieldMappings: + $ref: '#/components/schemas/DataSourceToIndexFieldMappingList' + ChangeDetectingColumns: + $ref: '#/components/schemas/ChangeDetectingColumns' + additionalProperties: false + required: + - DocumentIdColumnName + - DocumentDataColumnName + - ChangeDetectingColumns + ChangeDetectingColumns: + type: array + minItems: 1 + maxItems: 5 + items: + $ref: '#/components/schemas/ColumnName' + ColumnName: + type: string + minLength: 1 + maxLength: 100 + SqlConfiguration: + type: object + properties: + QueryIdentifiersEnclosingOption: + $ref: '#/components/schemas/QueryIdentifiersEnclosingOption' + additionalProperties: false + QueryIdentifiersEnclosingOption: + type: string + enum: + - DOUBLE_QUOTES + - NONE + AclConfiguration: + type: object + properties: + AllowedGroupsColumnName: + $ref: '#/components/schemas/ColumnName' + additionalProperties: false + required: + - AllowedGroupsColumnName + OneDriveConfiguration: + type: object + properties: + TenantDomain: + $ref: '#/components/schemas/TenantDomain' + SecretArn: + $ref: '#/components/schemas/SecretArn' + OneDriveUsers: + $ref: '#/components/schemas/OneDriveUsers' + InclusionPatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + ExclusionPatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + FieldMappings: + $ref: '#/components/schemas/DataSourceToIndexFieldMappingList' + DisableLocalGroups: + $ref: '#/components/schemas/DisableLocalGroups' + additionalProperties: false + required: + - TenantDomain + - SecretArn + - OneDriveUsers + TenantDomain: + type: string + minLength: 1 + maxLength: 256 + pattern: ^([a-zA-Z0-9]+(-[a-zA-Z0-9]+)*\.)+[a-z]{2,}$ + OneDriveUsers: + type: object + properties: + OneDriveUserList: + $ref: '#/components/schemas/OneDriveUserList' + OneDriveUserS3Path: + $ref: '#/components/schemas/S3Path' + additionalProperties: false + oneOf: + - required: + - OneDriveUserList + - required: + - OneDriveUserS3Path + OneDriveUserList: + type: array + minItems: 1 + maxItems: 100 + items: + $ref: '#/components/schemas/OneDriveUser' + OneDriveUser: + type: string + minLength: 1 + maxLength: 256 + pattern: ^(?!\s).+@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$ + ServiceNowConfiguration: + type: object + properties: + HostUrl: + $ref: '#/components/schemas/ServiceNowHostUrl' + SecretArn: + $ref: '#/components/schemas/SecretArn' + ServiceNowBuildVersion: + $ref: '#/components/schemas/ServiceNowBuildVersionType' + AuthenticationType: + $ref: '#/components/schemas/ServiceNowAuthenticationType' + KnowledgeArticleConfiguration: + $ref: '#/components/schemas/ServiceNowKnowledgeArticleConfiguration' + ServiceCatalogConfiguration: + $ref: '#/components/schemas/ServiceNowServiceCatalogConfiguration' + additionalProperties: false + required: + - HostUrl + - SecretArn + - ServiceNowBuildVersion + ServiceNowBuildVersionType: + type: string + enum: + - LONDON + - OTHERS + ServiceNowAuthenticationType: + type: string + enum: + - HTTP_BASIC + - OAUTH2 + ServiceNowServiceCatalogConfiguration: + type: object + properties: + CrawlAttachments: + type: boolean + IncludeAttachmentFilePatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + ExcludeAttachmentFilePatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + DocumentDataFieldName: + $ref: '#/components/schemas/DataSourceFieldName' + DocumentTitleFieldName: + $ref: '#/components/schemas/DataSourceFieldName' + FieldMappings: + $ref: '#/components/schemas/DataSourceToIndexFieldMappingList' + additionalProperties: false + required: + - DocumentDataFieldName + ServiceNowHostUrl: + type: string + minLength: 1 + maxLength: 2048 + pattern: ^(?!(^(https?|ftp|file):\/\/))[a-z0-9-]+(\.service-now\.com)$ + ServiceNowKnowledgeArticleConfiguration: + type: object + properties: + CrawlAttachments: + type: boolean + IncludeAttachmentFilePatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + ExcludeAttachmentFilePatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + DocumentDataFieldName: + $ref: '#/components/schemas/DataSourceFieldName' + DocumentTitleFieldName: + $ref: '#/components/schemas/DataSourceFieldName' + FieldMappings: + $ref: '#/components/schemas/DataSourceToIndexFieldMappingList' + FilterQuery: + $ref: '#/components/schemas/ServiceNowKnowledgeArticleFilterQuery' + additionalProperties: false + required: + - DocumentDataFieldName + ServiceNowKnowledgeArticleFilterQuery: + type: string + minLength: 1 + maxLength: 2048 + ConfluenceConfiguration: + type: object + properties: + ServerUrl: + $ref: '#/components/schemas/Url' + SecretArn: + $ref: '#/components/schemas/SecretArn' + Version: + $ref: '#/components/schemas/ConfluenceVersion' + SpaceConfiguration: + $ref: '#/components/schemas/ConfluenceSpaceConfiguration' + PageConfiguration: + $ref: '#/components/schemas/ConfluencePageConfiguration' + BlogConfiguration: + $ref: '#/components/schemas/ConfluenceBlogConfiguration' + AttachmentConfiguration: + $ref: '#/components/schemas/ConfluenceAttachmentConfiguration' + VpcConfiguration: + $ref: '#/components/schemas/DataSourceVpcConfiguration' + InclusionPatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + ExclusionPatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + additionalProperties: false + required: + - ServerUrl + - SecretArn + - Version + ConfluenceVersion: + type: string + enum: + - CLOUD + - SERVER + ConfluenceSpaceConfiguration: + type: object + properties: + CrawlPersonalSpaces: + type: boolean + CrawlArchivedSpaces: + type: boolean + IncludeSpaces: + $ref: '#/components/schemas/ConfluenceSpaceList' + ExcludeSpaces: + $ref: '#/components/schemas/ConfluenceSpaceList' + SpaceFieldMappings: + $ref: '#/components/schemas/ConfluenceSpaceFieldMappingsList' + additionalProperties: false + ConfluenceSpaceFieldMappingsList: + type: array + minItems: 1 + maxItems: 4 + items: + $ref: '#/components/schemas/ConfluenceSpaceToIndexFieldMapping' + ConfluenceSpaceToIndexFieldMapping: + type: object + properties: + DataSourceFieldName: + $ref: '#/components/schemas/ConfluenceSpaceFieldName' + DateFieldFormat: + $ref: '#/components/schemas/DateFieldFormat' + IndexFieldName: + $ref: '#/components/schemas/IndexFieldName' + additionalProperties: false + required: + - DataSourceFieldName + - IndexFieldName + ConfluenceSpaceFieldName: + type: string + enum: + - DISPLAY_URL + - ITEM_TYPE + - SPACE_KEY + - URL + ConfluenceSpaceList: + type: array + minItems: 1 + items: + $ref: '#/components/schemas/ConfluenceSpaceIdentifier' + ConfluenceSpaceIdentifier: + type: string + minLength: 1 + maxLength: 255 + ConfluencePageConfiguration: + type: object + properties: + PageFieldMappings: + $ref: '#/components/schemas/ConfluencePageFieldMappingsList' + additionalProperties: false + ConfluencePageFieldMappingsList: + type: array + minItems: 1 + maxItems: 12 + items: + $ref: '#/components/schemas/ConfluencePageToIndexFieldMapping' + ConfluencePageToIndexFieldMapping: + type: object + properties: + DataSourceFieldName: + $ref: '#/components/schemas/ConfluencePageFieldName' + DateFieldFormat: + $ref: '#/components/schemas/DateFieldFormat' + IndexFieldName: + $ref: '#/components/schemas/IndexFieldName' + additionalProperties: false + required: + - DataSourceFieldName + - IndexFieldName + ConfluencePageFieldName: + type: string + enum: + - AUTHOR + - CONTENT_STATUS + - CREATED_DATE + - DISPLAY_URL + - ITEM_TYPE + - LABELS + - MODIFIED_DATE + - PARENT_ID + - SPACE_KEY + - SPACE_NAME + - URL + - VERSION + ConfluenceBlogConfiguration: + type: object + properties: + BlogFieldMappings: + $ref: '#/components/schemas/ConfluenceBlogFieldMappingsList' + additionalProperties: false + ConfluenceBlogFieldMappingsList: + type: array + minItems: 1 + maxItems: 9 + items: + $ref: '#/components/schemas/ConfluenceBlogToIndexFieldMapping' + ConfluenceBlogToIndexFieldMapping: + type: object + properties: + DataSourceFieldName: + $ref: '#/components/schemas/ConfluenceBlogFieldName' + DateFieldFormat: + $ref: '#/components/schemas/DateFieldFormat' + IndexFieldName: + $ref: '#/components/schemas/IndexFieldName' + additionalProperties: false + required: + - DataSourceFieldName + - IndexFieldName + ConfluenceBlogFieldName: + type: string + enum: + - AUTHOR + - DISPLAY_URL + - ITEM_TYPE + - LABELS + - PUBLISH_DATE + - SPACE_KEY + - SPACE_NAME + - URL + - VERSION + ConfluenceAttachmentConfiguration: + type: object + properties: + CrawlAttachments: + type: boolean + AttachmentFieldMappings: + $ref: '#/components/schemas/ConfluenceAttachmentFieldMappingsList' + additionalProperties: false + ConfluenceAttachmentFieldMappingsList: + type: array + minItems: 1 + maxItems: 11 + items: + $ref: '#/components/schemas/ConfluenceAttachmentToIndexFieldMapping' + ConfluenceAttachmentToIndexFieldMapping: + type: object + properties: + DataSourceFieldName: + $ref: '#/components/schemas/ConfluenceAttachmentFieldName' + DateFieldFormat: + $ref: '#/components/schemas/DateFieldFormat' + IndexFieldName: + $ref: '#/components/schemas/IndexFieldName' + additionalProperties: false + required: + - DataSourceFieldName + - IndexFieldName + GoogleDriveConfiguration: + type: object + properties: + SecretArn: + $ref: '#/components/schemas/SecretArn' + InclusionPatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + ExclusionPatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + FieldMappings: + $ref: '#/components/schemas/DataSourceToIndexFieldMappingList' + ExcludeMimeTypes: + $ref: '#/components/schemas/ExcludeMimeTypesList' + ExcludeUserAccounts: + $ref: '#/components/schemas/ExcludeUserAccountsList' + ExcludeSharedDrives: + $ref: '#/components/schemas/ExcludeSharedDrivesList' + additionalProperties: false + required: + - SecretArn + ExcludeMimeTypesList: + type: array + minItems: 0 + maxItems: 30 + items: + $ref: '#/components/schemas/MimeType' + MimeType: + type: string + minLength: 1 + maxLength: 256 + ExcludeUserAccountsList: + type: array + minItems: 0 + maxItems: 100 + items: + $ref: '#/components/schemas/UserAccount' + UserAccount: + type: string + minLength: 1 + maxLength: 256 + ExcludeSharedDrivesList: + type: array + minItems: 0 + maxItems: 100 + items: + $ref: '#/components/schemas/SharedDriveId' + SharedDriveId: + type: string + minLength: 1 + maxLength: 256 + ConfluenceAttachmentFieldName: + type: string + enum: + - AUTHOR + - CONTENT_TYPE + - CREATED_DATE + - DISPLAY_URL + - FILE_SIZE + - ITEM_TYPE + - PARENT_ID + - SPACE_KEY + - SPACE_NAME + - URL + - VERSION + WebCrawlerSiteMap: + type: string + pattern: ^(https?):\/\/([^\s]*) + minLength: 1 + maxLength: 2048 + WebCrawlerSiteMaps: + type: array + minItems: 0 + maxItems: 3 + items: + $ref: '#/components/schemas/WebCrawlerSiteMap' + WebCrawlerSiteMapsConfiguration: + type: object + properties: + SiteMaps: + $ref: '#/components/schemas/WebCrawlerSiteMaps' + additionalProperties: false + required: + - SiteMaps + WebCrawlerSeedUrl: + type: string + pattern: ^(https?)://([^\s]*) + minLength: 1 + maxLength: 2048 + WebCrawlerSeedUrlList: + type: array + minItems: 0 + maxItems: 100 + items: + $ref: '#/components/schemas/WebCrawlerSeedUrl' + WebCrawlerSeedUrlConfiguration: + type: object + properties: + SeedUrls: + $ref: '#/components/schemas/WebCrawlerSeedUrlList' + WebCrawlerMode: + type: string + enum: + - HOST_ONLY + - SUBDOMAINS + - EVERYTHING + additionalProperties: false + required: + - SeedUrls + WebCrawlerUrls: + type: object + properties: + SeedUrlConfiguration: + $ref: '#/components/schemas/WebCrawlerSeedUrlConfiguration' + SiteMapsConfiguration: + $ref: '#/components/schemas/WebCrawlerSiteMapsConfiguration' + additionalProperties: false + ProxyConfiguration: + type: object + properties: + Host: + type: string + pattern: ([^\s]*) + minLength: 1 + maxLength: 253 + Port: + type: integer + minimum: 1 + maximum: 65535 + Credentials: + $ref: '#/components/schemas/SecretArn' + additionalProperties: false + required: + - Host + - Port + WebCrawlerBasicAuthentication: + type: object + properties: + Host: + type: string + pattern: ([^\s]*) + minLength: 1 + maxLength: 253 + Port: + type: integer + minimum: 1 + maximum: 65535 + Credentials: + $ref: '#/components/schemas/SecretArn' + additionalProperties: false + required: + - Host + - Port + - Credentials + WebCrawlerBasicAuthenticationList: + type: array + maxItems: 10 + items: + $ref: '#/components/schemas/WebCrawlerBasicAuthentication' + WebCrawlerAuthenticationConfiguration: + type: object + properties: + BasicAuthentication: + $ref: '#/components/schemas/WebCrawlerBasicAuthenticationList' + additionalProperties: false + WebCrawlerConfiguration: + type: object + properties: + Urls: + $ref: '#/components/schemas/WebCrawlerUrls' + CrawlDepth: + type: integer + minimum: 1 + maximum: 10 + MaxLinksPerPage: + type: integer + minimum: 1 + maximum: 1000 + MaxContentSizePerPageInMegaBytes: + type: number + minimum: 0 + maximum: 50 + MaxUrlsPerMinuteCrawlRate: + type: integer + minimum: 1 + maximum: 300 + UrlInclusionPatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + UrlExclusionPatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + ProxyConfiguration: + $ref: '#/components/schemas/ProxyConfiguration' + AuthenticationConfiguration: + $ref: '#/components/schemas/WebCrawlerAuthenticationConfiguration' + additionalProperties: false + required: + - Urls + WorkDocsConfiguration: + type: object + properties: + OrganizationId: + type: string + minLength: 12 + maxLength: 12 + pattern: d-[0-9a-fA-F]{10} + CrawlComments: + type: boolean + UseChangeLog: + type: boolean + InclusionPatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + ExclusionPatterns: + $ref: '#/components/schemas/DataSourceInclusionsExclusionsStrings' + FieldMappings: + $ref: '#/components/schemas/DataSourceToIndexFieldMappingList' + additionalProperties: false + required: + - OrganizationId + DataSourceConfiguration: + type: object + properties: + S3Configuration: + $ref: '#/components/schemas/S3DataSourceConfiguration' + SharePointConfiguration: + $ref: '#/components/schemas/SharePointConfiguration' + SalesforceConfiguration: + $ref: '#/components/schemas/SalesforceConfiguration' + OneDriveConfiguration: + $ref: '#/components/schemas/OneDriveConfiguration' + ServiceNowConfiguration: + $ref: '#/components/schemas/ServiceNowConfiguration' + DatabaseConfiguration: + $ref: '#/components/schemas/DatabaseConfiguration' + ConfluenceConfiguration: + $ref: '#/components/schemas/ConfluenceConfiguration' + GoogleDriveConfiguration: + $ref: '#/components/schemas/GoogleDriveConfiguration' + WebCrawlerConfiguration: + $ref: '#/components/schemas/WebCrawlerConfiguration' + WorkDocsConfiguration: + $ref: '#/components/schemas/WorkDocsConfiguration' + additionalProperties: false + oneOf: + - required: + - S3Configuration + - required: + - SharePointConfiguration + - required: + - SalesforceConfiguration + - required: + - OneDriveConfiguration + - required: + - ServiceNowConfiguration + - required: + - DatabaseConfiguration + - required: + - ConfluenceConfiguration + - required: + - GoogleDriveConfiguration + - required: + - WebCrawlerConfiguration + - required: + - WorkDocsConfiguration + Name: + description: Name of index + type: string + minLength: 1 + maxLength: 1000 + Type: + description: Data source type + type: string + enum: + - S3 + - SHAREPOINT + - SALESFORCE + - ONEDRIVE + - SERVICENOW + - DATABASE + - CUSTOM + - CONFLUENCE + - GOOGLEDRIVE + - WEBCRAWLER + - WORKDOCS + Description: + type: string + maxLength: 1000 + LanguageCode: + description: The code for a language. + type: string + minLength: 2 + maxLength: 10 + pattern: '[a-zA-Z-]*' + RoleArn: + description: Role Arn + type: string + minLength: 1 + maxLength: 1284 + pattern: arn:[a-z0-9-\.]{1,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[^/].{0,1023} + Schedule: + description: Schedule + type: string + maxLength: 1000 + Id: + description: Unique ID of index + type: string + minLength: 36 + maxLength: 36 + Arn: + type: string + maxLength: 1000 + CustomDocumentEnrichmentConfiguration: + type: object + properties: + InlineConfigurations: + $ref: '#/components/schemas/InlineConfigurations' + PreExtractionHookConfiguration: + $ref: '#/components/schemas/HookConfiguration' + PostExtractionHookConfiguration: + $ref: '#/components/schemas/HookConfiguration' + RoleArn: + $ref: '#/components/schemas/RoleArn' + additionalProperties: false + InlineConfigurations: + description: List of InlineCustomDocumentEnrichmentConfigurations + type: array + maxItems: 100 + items: + $ref: '#/components/schemas/InlineCustomDocumentEnrichmentConfiguration' + InlineCustomDocumentEnrichmentConfiguration: + type: object + properties: + Condition: + $ref: '#/components/schemas/DocumentAttributeCondition' + Target: + $ref: '#/components/schemas/DocumentAttributeTarget' + DocumentContentDeletion: + type: boolean + additionalProperties: false + DocumentAttributeCondition: + type: object + properties: + ConditionDocumentAttributeKey: + $ref: '#/components/schemas/DocumentAttributeKey' + Operator: + $ref: '#/components/schemas/ConditionOperator' + ConditionOnValue: + $ref: '#/components/schemas/DocumentAttributeValue' + required: + - ConditionDocumentAttributeKey + - Operator + additionalProperties: false + DocumentAttributeTarget: + type: object + properties: + TargetDocumentAttributeKey: + $ref: '#/components/schemas/DocumentAttributeKey' + TargetDocumentAttributeValueDeletion: + type: boolean + TargetDocumentAttributeValue: + $ref: '#/components/schemas/DocumentAttributeValue' + required: + - TargetDocumentAttributeKey + additionalProperties: false + ConditionOperator: + type: string + enum: + - GreaterThan + - GreaterThanOrEquals + - LessThan + - LessThanOrEquals + - Equals + - NotEquals + - Contains + - NotContains + - Exists + - NotExists + - BeginsWith + DocumentAttributeKey: + type: string + minLength: 1 + maxLength: 200 + pattern: '[a-zA-Z0-9_][a-zA-Z0-9_-]*' + DocumentAttributeValue: + type: object + properties: + StringValue: + type: string + minLength: 1 + maxLength: 2048 + StringListValue: + type: array + items: + type: string + LongValue: + $ref: '#/components/schemas/Long' + DateValue: + $ref: '#/components/schemas/Timestamp' + additionalProperties: false + Long: + type: integer + format: int64 + Timestamp: + type: string + HookConfiguration: + type: object + properties: + InvocationCondition: + $ref: '#/components/schemas/DocumentAttributeCondition' + LambdaArn: + $ref: '#/components/schemas/LambdaArn' + S3Bucket: + $ref: '#/components/schemas/S3BucketName' + required: + - LambdaArn + - S3Bucket + additionalProperties: false + LambdaArn: + type: string + minLength: 1 + maxLength: 2048 + DataSource: + type: object + properties: + Id: + $ref: '#/components/schemas/Id' + Arn: + $ref: '#/components/schemas/Arn' + Name: + $ref: '#/components/schemas/Name' + IndexId: + $ref: '#/components/schemas/IndexId' + Type: + $ref: '#/components/schemas/Type' + DataSourceConfiguration: + $ref: '#/components/schemas/DataSourceConfiguration' + Description: + $ref: '#/components/schemas/Description' + Schedule: + $ref: '#/components/schemas/Schedule' + RoleArn: + $ref: '#/components/schemas/RoleArn' + Tags: + description: Tags for labeling the data source + $ref: '#/components/schemas/TagList' + CustomDocumentEnrichmentConfiguration: + $ref: '#/components/schemas/CustomDocumentEnrichmentConfiguration' + LanguageCode: + $ref: '#/components/schemas/LanguageCode' + required: + - Name + - IndexId + - Type + x-stackql-resource-name: data_source + description: Kendra DataSource + x-type-name: AWS::Kendra::DataSource + x-stackql-primary-identifier: + - Id + - IndexId + x-create-only-properties: + - Type + x-read-only-properties: + - Id + - Arn + x-required-properties: + - Name + - IndexId + - Type + x-required-permissions: + create: + - kendra:CreateDataSource + - kendra:DescribeDataSource + - kendra:ListTagsForResource + - iam:PassRole + - kendra:TagResource + read: + - kendra:DescribeDataSource + - kendra:ListTagsForResource + delete: + - kendra:DescribeDataSource + - kendra:DeleteDataSource + list: + - kendra:ListDataSources + update: + - kendra:DescribeDataSource + - kendra:UpdateDataSource + - kendra:ListTagsForResource + - kendra:TagResource + - kendra:UntagResource + - iam:PassRole + FileFormat: + description: Format of the input file + enum: + - CSV + - CSV_WITH_HEADER + - JSON + type: string + FaqName: + type: string + minLength: 1 + maxLength: 100 + Faq: + type: object + properties: + Id: + $ref: '#/components/schemas/Id' + IndexId: + description: Index ID + $ref: '#/components/schemas/IndexId' + Name: + description: FAQ name + $ref: '#/components/schemas/FaqName' + Description: + description: FAQ description + $ref: '#/components/schemas/Description' + FileFormat: + description: FAQ file format + $ref: '#/components/schemas/FileFormat' + S3Path: + description: FAQ S3 path + $ref: '#/components/schemas/S3Path' + RoleArn: + description: FAQ role ARN + $ref: '#/components/schemas/RoleArn' + Tags: + description: Tags for labeling the FAQ + $ref: '#/components/schemas/TagList' + Arn: + type: string + maxLength: 1000 + LanguageCode: + $ref: '#/components/schemas/LanguageCode' + required: + - IndexId + - Name + - S3Path + - RoleArn + x-stackql-resource-name: faq + description: A Kendra FAQ resource + x-type-name: AWS::Kendra::Faq + x-stackql-primary-identifier: + - Id + - IndexId + x-create-only-properties: + - IndexId + - Name + - S3Path + - RoleArn + - Description + - FileFormat + x-read-only-properties: + - Id + - Arn + x-required-properties: + - IndexId + - Name + - S3Path + - RoleArn + x-required-permissions: + create: + - kendra:CreateFaq + - kendra:DescribeFaq + - iam:PassRole + - kendra:ListTagsForResource + - kendra:TagResource + update: + - kendra:ListTagsForResource + - kendra:UntagResource + - kendra:TagResource + read: + - kendra:DescribeFaq + - kendra:ListTagsForResource + delete: + - kendra:DeleteFaq + - kendra:DescribeFaq + list: + - kendra:ListFaqs + ServerSideEncryptionConfiguration: + type: object + properties: + KmsKeyId: + $ref: '#/components/schemas/KmsKeyId' + additionalProperties: false + KmsKeyId: + type: string + minLength: 1 + maxLength: 2048 + Importance: + type: integer + minimum: 1 + maximum: 10 + Freshness: + type: boolean + Duration: + type: string + minLength: 1 + maxLength: 10 + pattern: '[0-9]+[s]' + Order: + type: string + enum: + - ASCENDING + - DESCENDING + Relevance: + type: object + properties: + Freshness: + $ref: '#/components/schemas/Freshness' + Importance: + $ref: '#/components/schemas/Importance' + Duration: + $ref: '#/components/schemas/Duration' + RankOrder: + $ref: '#/components/schemas/Order' + ValueImportanceItems: + $ref: '#/components/schemas/ValueImportanceItems' + additionalProperties: false + ValueImportanceItems: + type: array + items: + $ref: '#/components/schemas/ValueImportanceItem' + ValueImportanceItem: + type: object + properties: + Key: + $ref: '#/components/schemas/ValueImportanceItemKey' + Value: + $ref: '#/components/schemas/Importance' + additionalProperties: false + ValueImportanceItemKey: + type: string + minLength: 1 + maxLength: 50 + Search: + type: object + properties: + Facetable: + type: boolean + Searchable: + type: boolean + Displayable: + type: boolean + Sortable: + type: boolean + additionalProperties: false + DocumentMetadataConfigurationName: + type: string + minLength: 1 + maxLength: 30 + DocumentAttributeValueType: + type: string + enum: + - STRING_VALUE + - STRING_LIST_VALUE + - LONG_VALUE + - DATE_VALUE + DocumentMetadataConfiguration: + type: object + properties: + Name: + $ref: '#/components/schemas/DocumentMetadataConfigurationName' + Type: + $ref: '#/components/schemas/DocumentAttributeValueType' + Relevance: + $ref: '#/components/schemas/Relevance' + Search: + $ref: '#/components/schemas/Search' + additionalProperties: false + required: + - Name + - Type + DocumentMetadataConfigurationList: + type: array + maxItems: 500 + items: + $ref: '#/components/schemas/DocumentMetadataConfiguration' + StorageCapacityUnits: + type: integer + minimum: 0 + QueryCapacityUnits: + type: integer + minimum: 0 + CapacityUnitsConfiguration: + type: object + properties: + StorageCapacityUnits: + $ref: '#/components/schemas/StorageCapacityUnits' + QueryCapacityUnits: + $ref: '#/components/schemas/QueryCapacityUnits' + additionalProperties: false + required: + - StorageCapacityUnits + - QueryCapacityUnits + Edition: + description: Edition of index + type: string + enum: + - DEVELOPER_EDITION + - ENTERPRISE_EDITION + UserContextPolicy: + type: string + enum: + - ATTRIBUTE_FILTER + - USER_TOKEN + UserNameAttributeField: + type: string + minLength: 1 + maxLength: 100 + GroupAttributeField: + type: string + minLength: 1 + maxLength: 100 + KeyLocation: + type: string + enum: + - URL + - SECRET_MANAGER + Issuer: + type: string + minLength: 1 + maxLength: 65 + ClaimRegex: + type: string + minLength: 1 + maxLength: 100 + JsonTokenTypeConfiguration: + type: object + properties: + UserNameAttributeField: + $ref: '#/components/schemas/UserNameAttributeField' + GroupAttributeField: + $ref: '#/components/schemas/GroupAttributeField' + additionalProperties: false + required: + - UserNameAttributeField + - GroupAttributeField + JwtTokenTypeConfiguration: + type: object + properties: + KeyLocation: + $ref: '#/components/schemas/KeyLocation' + URL: + $ref: '#/components/schemas/Url' + SecretManagerArn: + $ref: '#/components/schemas/RoleArn' + UserNameAttributeField: + $ref: '#/components/schemas/UserNameAttributeField' + GroupAttributeField: + $ref: '#/components/schemas/GroupAttributeField' + Issuer: + $ref: '#/components/schemas/Issuer' + ClaimRegex: + $ref: '#/components/schemas/ClaimRegex' + additionalProperties: false + required: + - KeyLocation + UserTokenConfiguration: + type: object + properties: + JwtTokenTypeConfiguration: + $ref: '#/components/schemas/JwtTokenTypeConfiguration' + JsonTokenTypeConfiguration: + $ref: '#/components/schemas/JsonTokenTypeConfiguration' + additionalProperties: false + UserTokenConfigurationList: + type: array + maxItems: 1 + items: + $ref: '#/components/schemas/UserTokenConfiguration' + Index: + type: object + properties: + Id: + $ref: '#/components/schemas/Id' + Arn: + $ref: '#/components/schemas/Arn' + Description: + description: A description for the index + $ref: '#/components/schemas/Description' + ServerSideEncryptionConfiguration: + description: Server side encryption configuration + $ref: '#/components/schemas/ServerSideEncryptionConfiguration' + Tags: + description: Tags for labeling the index + $ref: '#/components/schemas/TagList' + Name: + $ref: '#/components/schemas/Name' + RoleArn: + $ref: '#/components/schemas/RoleArn' + Edition: + $ref: '#/components/schemas/Edition' + DocumentMetadataConfigurations: + description: Document metadata configurations + $ref: '#/components/schemas/DocumentMetadataConfigurationList' + CapacityUnits: + description: Capacity units + $ref: '#/components/schemas/CapacityUnitsConfiguration' + UserContextPolicy: + $ref: '#/components/schemas/UserContextPolicy' + UserTokenConfigurations: + $ref: '#/components/schemas/UserTokenConfigurationList' + required: + - Name + - RoleArn + - Edition + x-stackql-resource-name: index + description: A Kendra index + x-type-name: AWS::Kendra::Index + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Edition + - ServerSideEncryptionConfiguration + x-read-only-properties: + - Id + - Arn + x-required-properties: + - Name + - RoleArn + - Edition + x-required-permissions: + create: + - kendra:CreateIndex + - kendra:DescribeIndex + - kendra:UpdateIndex + - kendra:ListTagsForResource + - iam:PassRole + - kendra:TagResource + read: + - kendra:DescribeIndex + - kendra:ListTagsForResource + update: + - kendra:DescribeIndex + - kendra:UpdateIndex + - kendra:ListTagsForResource + - kendra:TagResource + - kendra:UntagResource + - iam:PassRole + delete: + - kendra:DescribeIndex + - kendra:DeleteIndex + list: + - kendra:ListIndices + x-stackQL-resources: + data_sources: + name: data_sources + id: aws.kendra.data_sources + x-cfn-schema-name: DataSource + x-type: list + x-identifiers: + - Id + - IndexId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.IndexId') as index_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Kendra::DataSource' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'IndexId') as index_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Kendra::DataSource' + AND region = 'us-east-1' + data_source: + name: data_source + id: aws.kendra.data_source + x-cfn-schema-name: DataSource + x-type: get + x-identifiers: + - Id + - IndexId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.IndexId') as index_id, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.DataSourceConfiguration') as data_source_configuration, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Schedule') as schedule, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CustomDocumentEnrichmentConfiguration') as custom_document_enrichment_configuration, + JSON_EXTRACT(Properties, '$.LanguageCode') as language_code + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Kendra::DataSource' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'IndexId') as index_id, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'DataSourceConfiguration') as data_source_configuration, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Schedule') as schedule, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CustomDocumentEnrichmentConfiguration') as custom_document_enrichment_configuration, + json_extract_path_text(Properties, 'LanguageCode') as language_code + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Kendra::DataSource' + AND data__Identifier = '|' + AND region = 'us-east-1' + faqs: + name: faqs + id: aws.kendra.faqs + x-cfn-schema-name: Faq + x-type: list + x-identifiers: + - Id + - IndexId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.IndexId') as index_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Kendra::Faq' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'IndexId') as index_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Kendra::Faq' + AND region = 'us-east-1' + faq: + name: faq + id: aws.kendra.faq + x-cfn-schema-name: Faq + x-type: get + x-identifiers: + - Id + - IndexId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.IndexId') as index_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.FileFormat') as file_format, + JSON_EXTRACT(Properties, '$.S3Path') as s3_path, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.LanguageCode') as language_code + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Kendra::Faq' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'IndexId') as index_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'FileFormat') as file_format, + json_extract_path_text(Properties, 'S3Path') as s3_path, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'LanguageCode') as language_code + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Kendra::Faq' + AND data__Identifier = '|' + AND region = 'us-east-1' + indices: + name: indices + id: aws.kendra.indices + x-cfn-schema-name: Index + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Kendra::Index' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Kendra::Index' + AND region = 'us-east-1' + index: + name: index + id: aws.kendra.index + x-cfn-schema-name: Index + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Edition') as edition, + JSON_EXTRACT(Properties, '$.DocumentMetadataConfigurations') as document_metadata_configurations, + JSON_EXTRACT(Properties, '$.CapacityUnits') as capacity_units, + JSON_EXTRACT(Properties, '$.UserContextPolicy') as user_context_policy, + JSON_EXTRACT(Properties, '$.UserTokenConfigurations') as user_token_configurations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Kendra::Index' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Edition') as edition, + json_extract_path_text(Properties, 'DocumentMetadataConfigurations') as document_metadata_configurations, + json_extract_path_text(Properties, 'CapacityUnits') as capacity_units, + json_extract_path_text(Properties, 'UserContextPolicy') as user_context_policy, + json_extract_path_text(Properties, 'UserTokenConfigurations') as user_token_configurations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Kendra::Index' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/kendraranking.yaml b/providers/src/aws/v00.00.00000/services/kendraranking.yaml new file mode 100644 index 00000000..b12b9efa --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/kendraranking.yaml @@ -0,0 +1,181 @@ +openapi: 3.0.0 +info: + title: KendraRanking + version: 1.0.0 +paths: {} +components: + schemas: + Description: + type: string + maxLength: 1000 + Tag: + description: A label for tagging KendraRanking resources + type: object + properties: + Key: + description: A string used to identify this tag + type: string + minLength: 1 + maxLength: 128 + Value: + description: A string containing the value for the tag + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Tags: + description: List of tags + type: array + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + RescoreCapacityUnits: + type: integer + minimum: 0 + CapacityUnitsConfiguration: + type: object + properties: + RescoreCapacityUnits: + $ref: '#/components/schemas/RescoreCapacityUnits' + additionalProperties: false + required: + - RescoreCapacityUnits + Name: + description: Name of kendra ranking rescore execution plan + type: string + minLength: 1 + maxLength: 1000 + Id: + description: Unique ID of rescore execution plan + type: string + minLength: 36 + maxLength: 36 + Arn: + type: string + maxLength: 1000 + ExecutionPlan: + type: object + properties: + Id: + $ref: '#/components/schemas/Id' + Arn: + $ref: '#/components/schemas/Arn' + Description: + description: A description for the execution plan + $ref: '#/components/schemas/Description' + Tags: + description: Tags for labeling the execution plan + $ref: '#/components/schemas/Tags' + Name: + $ref: '#/components/schemas/Name' + CapacityUnits: + description: Capacity units + $ref: '#/components/schemas/CapacityUnitsConfiguration' + required: + - Name + x-stackql-resource-name: execution_plan + description: A KendraRanking Rescore execution plan + x-type-name: AWS::KendraRanking::ExecutionPlan + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - Arn + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - kendra-ranking:CreateRescoreExecutionPlan + - kendra-ranking:DescribeRescoreExecutionPlan + - kendra-ranking:UpdateRescoreExecutionPlan + - kendra-ranking:ListTagsForResource + - kendra-ranking:TagResource + read: + - kendra-ranking:DescribeRescoreExecutionPlan + - kendra-ranking:ListTagsForResource + update: + - kendra-ranking:DescribeRescoreExecutionPlan + - kendra-ranking:UpdateRescoreExecutionPlan + - kendra-ranking:ListTagsForResource + - kendra-ranking:TagResource + - kendra-ranking:UntagResource + delete: + - kendra-ranking:DescribeRescoreExecutionPlan + - kendra-ranking:DeleteRescoreExecutionPlan + list: + - kendra-ranking:ListRescoreExecutionPlans + x-stackQL-resources: + execution_plans: + name: execution_plans + id: aws.kendraranking.execution_plans + x-cfn-schema-name: ExecutionPlan + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KendraRanking::ExecutionPlan' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KendraRanking::ExecutionPlan' + AND region = 'us-east-1' + execution_plan: + name: execution_plan + id: aws.kendraranking.execution_plan + x-cfn-schema-name: ExecutionPlan + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.CapacityUnits') as capacity_units + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KendraRanking::ExecutionPlan' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'CapacityUnits') as capacity_units + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KendraRanking::ExecutionPlan' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/kinesis.yaml b/providers/src/aws/v00.00.00000/services/kinesis.yaml new file mode 100644 index 00000000..e775e9d1 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/kinesis.yaml @@ -0,0 +1,212 @@ +openapi: 3.0.0 +info: + title: Kinesis + version: 1.0.0 +paths: {} +components: + schemas: + StreamModeDetails: + description: When specified, enables or updates the mode of stream. Default is PROVISIONED. + additionalProperties: false + type: object + properties: + StreamMode: + description: The mode of the stream + type: string + enum: + - ON_DEMAND + - PROVISIONED + required: + - StreamMode + StreamEncryption: + description: When specified, enables or updates server-side encryption using an AWS KMS key for a specified stream. Removing this property from your stack template and updating your stack disables encryption. + additionalProperties: false + type: object + properties: + EncryptionType: + description: 'The encryption type to use. The only valid value is KMS. ' + type: string + enum: + - KMS + KeyId: + minLength: 1 + description: The GUID for the customer-managed AWS KMS key to use for encryption. This value can be a globally unique identifier, a fully specified Amazon Resource Name (ARN) to either an alias or a key, or an alias name prefixed by "alias/".You can also use a master key owned by Kinesis Data Streams by specifying the alias aws/kinesis. + anyOf: + - relationshipRef: + typeName: AWS::KMS::Key + propertyPath: /properties/Arn + - relationshipRef: + typeName: AWS::KMS::Key + propertyPath: /properties/KeyId + type: string + maxLength: 2048 + required: + - EncryptionType + - KeyId + Tag: + description: An arbitrary set of tags (key-value pairs) to associate with the Kinesis stream. + additionalProperties: false + type: object + properties: + Value: + minLength: 0 + description: 'The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + maxLength: 255 + Key: + minLength: 1 + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + maxLength: 128 + required: + - Key + - Value + Stream: + type: object + properties: + StreamModeDetails: + default: + StreamMode: PROVISIONED + description: The mode in which the stream is running. + $ref: '#/components/schemas/StreamModeDetails' + StreamEncryption: + description: When specified, enables or updates server-side encryption using an AWS KMS key for a specified stream. + $ref: '#/components/schemas/StreamEncryption' + Arn: + description: The Amazon resource name (ARN) of the Kinesis stream + type: string + RetentionPeriodHours: + description: The number of hours for the data records that are stored in shards to remain accessible. + type: integer + minimum: 24 + Tags: + maxItems: 50 + uniqueItems: false + description: An arbitrary set of tags (key–value pairs) to associate with the Kinesis stream. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + Name: + minLength: 1 + pattern: ^[a-zA-Z0-9_.-]+$ + description: The name of the Kinesis stream. + type: string + maxLength: 128 + ShardCount: + description: The number of shards that the stream uses. Required when StreamMode = PROVISIONED is passed. + type: integer + minimum: 1 + x-stackql-resource-name: stream + description: Resource Type definition for AWS::Kinesis::Stream + x-type-name: AWS::Kinesis::Stream + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + x-required-permissions: + read: + - kinesis:DescribeStreamSummary + - kinesis:ListTagsForStream + create: + - kinesis:EnableEnhancedMonitoring + - kinesis:DescribeStreamSummary + - kinesis:CreateStream + - kinesis:IncreaseStreamRetentionPeriod + - kinesis:StartStreamEncryption + - kinesis:AddTagsToStream + - kinesis:ListTagsForStream + update: + - kinesis:EnableEnhancedMonitoring + - kinesis:DisableEnhancedMonitoring + - kinesis:DescribeStreamSummary + - kinesis:UpdateShardCount + - kinesis:UpdateStreamMode + - kinesis:IncreaseStreamRetentionPeriod + - kinesis:DecreaseStreamRetentionPeriod + - kinesis:StartStreamEncryption + - kinesis:StopStreamEncryption + - kinesis:AddTagsToStream + - kinesis:RemoveTagsFromStream + - kinesis:ListTagsForStream + list: + - kinesis:ListStreams + delete: + - kinesis:DescribeStreamSummary + - kinesis:DeleteStream + - kinesis:RemoveTagsFromStream + x-stackQL-resources: + streams: + name: streams + id: aws.kinesis.streams + x-cfn-schema-name: Stream + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Kinesis::Stream' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Kinesis::Stream' + AND region = 'us-east-1' + kinesis_stream: + name: kinesis_stream + id: aws.kinesis.kinesis_stream + x-cfn-schema-name: Stream + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.StreamModeDetails') as stream_mode_details, + JSON_EXTRACT(Properties, '$.StreamEncryption') as stream_encryption, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.RetentionPeriodHours') as retention_period_hours, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ShardCount') as shard_count + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Kinesis::Stream' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'StreamModeDetails') as stream_mode_details, + json_extract_path_text(Properties, 'StreamEncryption') as stream_encryption, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'RetentionPeriodHours') as retention_period_hours, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ShardCount') as shard_count + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Kinesis::Stream' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/kinesisanalyticsv2.yaml b/providers/src/aws/v00.00.00000/services/kinesisanalyticsv2.yaml new file mode 100644 index 00000000..b2fa562a --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/kinesisanalyticsv2.yaml @@ -0,0 +1,827 @@ +openapi: 3.0.0 +info: + title: KinesisAnalyticsV2 + version: 1.0.0 +paths: {} +components: + schemas: + Arn: + description: The Amazon Resource Name + type: string + minLength: 1 + maxLength: 2048 + pattern: ^arn:.*$ + ApplicationConfiguration: + description: Specifies the creation parameters for a Kinesis Data Analytics application. + type: object + additionalProperties: false + properties: + ApplicationCodeConfiguration: + description: The code location and type parameters for a Flink-based Kinesis Data Analytics application. + $ref: '#/components/schemas/ApplicationCodeConfiguration' + ApplicationSnapshotConfiguration: + description: Describes whether snapshots are enabled for a Flink-based Kinesis Data Analytics application. + $ref: '#/components/schemas/ApplicationSnapshotConfiguration' + EnvironmentProperties: + description: Describes execution properties for a Flink-based Kinesis Data Analytics application. + $ref: '#/components/schemas/EnvironmentProperties' + FlinkApplicationConfiguration: + description: The creation and update parameters for a Flink-based Kinesis Data Analytics application. + $ref: '#/components/schemas/FlinkApplicationConfiguration' + SqlApplicationConfiguration: + description: The creation and update parameters for a SQL-based Kinesis Data Analytics application. + $ref: '#/components/schemas/SqlApplicationConfiguration' + ZeppelinApplicationConfiguration: + description: The configuration parameters for a Kinesis Data Analytics Studio notebook. + $ref: '#/components/schemas/ZeppelinApplicationConfiguration' + VpcConfigurations: + description: The array of descriptions of VPC configurations available to the application. + $ref: '#/components/schemas/VpcConfigurations' + RunConfiguration: + description: Identifies the run configuration (start parameters) of a Kinesis Data Analytics application. This section is evaluated only on stack updates for applications in running RUNNING state and has no effect during manual application start. + type: object + additionalProperties: false + properties: + ApplicationRestoreConfiguration: + description: Describes the restore behavior of a restarting application. + $ref: '#/components/schemas/ApplicationRestoreConfiguration' + FlinkRunConfiguration: + description: Describes the starting parameters for a Flink-based Kinesis Data Analytics application. + $ref: '#/components/schemas/FlinkRunConfiguration' + ApplicationRestoreConfiguration: + description: Describes the restore behavior of a restarting application. + type: object + additionalProperties: false + properties: + ApplicationRestoreType: + description: Specifies how the application should be restored. + type: string + enum: + - SKIP_RESTORE_FROM_SNAPSHOT + - RESTORE_FROM_LATEST_SNAPSHOT + - RESTORE_FROM_CUSTOM_SNAPSHOT + SnapshotName: + description: The identifier of an existing snapshot of application state to use to restart an application. The application uses this value if RESTORE_FROM_CUSTOM_SNAPSHOT is specified for the ApplicationRestoreType. + type: string + minLength: 1 + maxLength: 256 + pattern: ^[a-zA-Z0-9_.-]+$ + required: + - ApplicationRestoreType + FlinkRunConfiguration: + description: Describes the starting parameters for a Flink-based Kinesis Data Analytics application. + type: object + additionalProperties: false + properties: + AllowNonRestoredState: + description: When restoring from a snapshot, specifies whether the runtime is allowed to skip a state that cannot be mapped to the new program. Defaults to false. If you update your application without specifying this parameter, AllowNonRestoredState will be set to false, even if it was previously set to true. + type: boolean + ApplicationCodeConfiguration: + description: Describes code configuration for an application. + type: object + additionalProperties: false + properties: + CodeContent: + description: The location and type of the application code. + $ref: '#/components/schemas/CodeContent' + CodeContentType: + description: Specifies whether the code content is in text or zip format. + type: string + enum: + - PLAINTEXT + - ZIPFILE + required: + - CodeContentType + - CodeContent + CodeContent: + description: Specifies either the application code, or the location of the application code, for a Flink-based Kinesis Data Analytics application. + type: object + additionalProperties: false + properties: + ZipFileContent: + description: The zip-format code for a Flink-based Kinesis Data Analytics application. + type: string + S3ContentLocation: + description: Information about the Amazon S3 bucket that contains the application code. + $ref: '#/components/schemas/S3ContentLocation' + TextContent: + description: The text-format code for a Flink-based Kinesis Data Analytics application. + type: string + minLength: 1 + maxLength: 102400 + S3ContentLocation: + description: The location of an application or a custom artifact. + type: object + additionalProperties: false + properties: + BucketARN: + description: The Amazon Resource Name (ARN) for the S3 bucket containing the application code. + $ref: '#/components/schemas/Arn' + FileKey: + description: The file key for the object containing the application code. + type: string + minLength: 1 + maxLength: 1024 + ObjectVersion: + description: The version of the object containing the application code. + type: string + minLength: 1 + maxLength: 1024 + required: + - BucketARN + - FileKey + ApplicationSnapshotConfiguration: + description: Describes whether snapshots are enabled for a Flink-based Kinesis Data Analytics application. + type: object + additionalProperties: false + properties: + SnapshotsEnabled: + description: Describes whether snapshots are enabled for a Flink-based Kinesis Data Analytics application. + type: boolean + required: + - SnapshotsEnabled + EnvironmentProperties: + description: Describes execution properties for a Flink-based Kinesis Data Analytics application. + type: object + additionalProperties: false + properties: + PropertyGroups: + description: Describes the execution property groups. + type: array + uniqueItems: false + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/PropertyGroup' + PropertyGroup: + description: Property key-value pairs passed into an application. + type: object + additionalProperties: false + properties: + PropertyGroupId: + description: Describes the key of an application execution property key-value pair. + type: string + minLength: 1 + maxLength: 50 + pattern: ^[a-zA-Z0-9_.-]+$ + PropertyMap: + description: Describes the value of an application execution property key-value pair. + type: object + additionalProperties: false + maxProperties: 50 + x-patternProperties: + ^.{1,2048}$: + type: string + minLength: 1 + maxLength: 2048 + FlinkApplicationConfiguration: + description: Describes configuration parameters for a Flink-based Kinesis Data Analytics application or a Studio notebook. + type: object + additionalProperties: false + properties: + CheckpointConfiguration: + description: Describes an application's checkpointing configuration. Checkpointing is the process of persisting application state for fault tolerance. For more information, see Checkpoints for Fault Tolerance in the Apache Flink Documentation. + $ref: '#/components/schemas/CheckpointConfiguration' + MonitoringConfiguration: + description: Describes configuration parameters for Amazon CloudWatch logging for an application. + $ref: '#/components/schemas/MonitoringConfiguration' + ParallelismConfiguration: + description: Describes parameters for how an application executes multiple tasks simultaneously. + $ref: '#/components/schemas/ParallelismConfiguration' + CheckpointConfiguration: + description: Describes an application's checkpointing configuration. Checkpointing is the process of persisting application state for fault tolerance. For more information, see Checkpoints for Fault Tolerance in the Apache Flink Documentation. + type: object + additionalProperties: false + properties: + ConfigurationType: + description: Describes whether the application uses Kinesis Data Analytics' default checkpointing behavior. You must set this property to `CUSTOM` in order to set the `CheckpointingEnabled`, `CheckpointInterval`, or `MinPauseBetweenCheckpoints` parameters. + type: string + enum: + - DEFAULT + - CUSTOM + CheckpointingEnabled: + description: Describes whether checkpointing is enabled for a Flink-based Kinesis Data Analytics application. + type: boolean + CheckpointInterval: + description: Describes the interval in milliseconds between checkpoint operations. + type: integer + format: int64 + minimum: 1 + maximum: 9223372036854776000 + MinPauseBetweenCheckpoints: + description: Describes the minimum time in milliseconds after a checkpoint operation completes that a new checkpoint operation can start. If a checkpoint operation takes longer than the CheckpointInterval, the application otherwise performs continual checkpoint operations. For more information, see Tuning Checkpointing in the Apache Flink Documentation. + type: integer + format: int64 + minimum: 0 + maximum: 9223372036854776000 + required: + - ConfigurationType + MonitoringConfiguration: + description: Describes configuration parameters for Amazon CloudWatch logging for a Java-based Kinesis Data Analytics application. For more information about CloudWatch logging, see Monitoring. + type: object + additionalProperties: false + properties: + ConfigurationType: + description: Describes whether to use the default CloudWatch logging configuration for an application. You must set this property to CUSTOM in order to set the LogLevel or MetricsLevel parameters. + type: string + enum: + - DEFAULT + - CUSTOM + MetricsLevel: + description: Describes the granularity of the CloudWatch Logs for an application. The Parallelism level is not recommended for applications with a Parallelism over 64 due to excessive costs. + type: string + enum: + - APPLICATION + - OPERATOR + - PARALLELISM + - TASK + LogLevel: + description: Describes the verbosity of the CloudWatch Logs for an application. + type: string + enum: + - DEBUG + - INFO + - WARN + - ERROR + required: + - ConfigurationType + ParallelismConfiguration: + description: Describes parameters for how a Flink-based Kinesis Data Analytics application executes multiple tasks simultaneously. For more information about parallelism, see Parallel Execution in the Apache Flink Documentation + type: object + additionalProperties: false + properties: + ConfigurationType: + description: Describes whether the application uses the default parallelism for the Kinesis Data Analytics service. You must set this property to `CUSTOM` in order to change your application's `AutoScalingEnabled`, `Parallelism`, or `ParallelismPerKPU` properties. + type: string + enum: + - CUSTOM + - DEFAULT + ParallelismPerKPU: + description: Describes the number of parallel tasks that a Java-based Kinesis Data Analytics application can perform per Kinesis Processing Unit (KPU) used by the application. For more information about KPUs, see Amazon Kinesis Data Analytics Pricing. + type: integer + minimum: 1 + Parallelism: + description: Describes the initial number of parallel tasks that a Java-based Kinesis Data Analytics application can perform. The Kinesis Data Analytics service can increase this number automatically if ParallelismConfiguration:AutoScalingEnabled is set to true. + type: integer + minimum: 1 + AutoScalingEnabled: + description: Describes whether the Kinesis Data Analytics service can increase the parallelism of the application in response to increased throughput. + type: boolean + required: + - ConfigurationType + SqlApplicationConfiguration: + description: Describes the inputs, outputs, and reference data sources for a SQL-based Kinesis Data Analytics application. + type: object + additionalProperties: false + properties: + Inputs: + description: The array of Input objects describing the input streams used by the application. + type: array + maxItems: 1 + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Input' + Input: + description: When you configure the application input for a SQL-based Kinesis Data Analytics application, you specify the streaming source, the in-application stream name that is created, and the mapping between the two. + type: object + additionalProperties: false + properties: + NamePrefix: + description: The name prefix to use when creating an in-application stream. Suppose that you specify a prefix `"MyInApplicationStream"`. Kinesis Data Analytics then creates one or more (as per the InputParallelism count you specified) in-application streams with the names `"MyInApplicationStream_001"`, `"MyInApplicationStream_002"`, and so on. + type: string + minLength: 1 + maxLength: 32 + pattern: ^[^-\s<>&]*$ + InputSchema: + description: Describes the format of the data in the streaming source, and how each data element maps to corresponding columns in the in-application stream that is being created. + $ref: '#/components/schemas/InputSchema' + KinesisStreamsInput: + description: If the streaming source is an Amazon Kinesis data stream, identifies the stream's Amazon Resource Name (ARN). + $ref: '#/components/schemas/KinesisStreamsInput' + KinesisFirehoseInput: + description: If the streaming source is an Amazon Kinesis Data Firehose delivery stream, identifies the delivery stream's ARN. + $ref: '#/components/schemas/KinesisFirehoseInput' + InputProcessingConfiguration: + description: The InputProcessingConfiguration for the input. An input processor transforms records as they are received from the stream, before the application's SQL code executes. Currently, the only input processing configuration available is InputLambdaProcessor. + $ref: '#/components/schemas/InputProcessingConfiguration' + InputParallelism: + description: Describes the number of in-application streams to create. + $ref: '#/components/schemas/InputParallelism' + required: + - NamePrefix + - InputSchema + InputSchema: + description: For a SQL-based Kinesis Data Analytics application, describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream. + type: object + additionalProperties: false + properties: + RecordEncoding: + description: Specifies the encoding of the records in the streaming source. For example, UTF-8. + type: string + enum: + - UTF-8 + RecordColumns: + description: A list of `RecordColumn` objects. + type: array + uniqueItems: false + x-insertionOrder: false + maxItems: 1000 + items: + $ref: '#/components/schemas/RecordColumn' + RecordFormat: + description: Specifies the format of the records on the streaming source. + $ref: '#/components/schemas/RecordFormat' + required: + - RecordColumns + - RecordFormat + RecordColumn: + description: |- + For a SQL-based Kinesis Data Analytics application, describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream. + Also used to describe the format of the reference data source. + type: object + additionalProperties: false + properties: + Mapping: + description: A reference to the data element in the streaming input or the reference data source. + type: string + minLength: 1 + maxLength: 65535 + Name: + description: The name of the column that is created in the in-application input stream or reference table. + type: string + minLength: 1 + maxLength: 256 + pattern: ^[^-\s<>&]*$ + SqlType: + description: The type of column created in the in-application input stream or reference table. + type: string + minLength: 1 + maxLength: 100 + required: + - SqlType + - Name + RecordFormat: + description: For a SQL-based Kinesis Data Analytics application, describes the record format and relevant mapping information that should be applied to schematize the records on the stream. + type: object + additionalProperties: false + properties: + RecordFormatType: + description: The type of record format. + type: string + enum: + - CSV + - JSON + MappingParameters: + description: When you configure application input at the time of creating or updating an application, provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source. + $ref: '#/components/schemas/MappingParameters' + required: + - RecordFormatType + MappingParameters: + description: When you configure a SQL-based Kinesis Data Analytics application's input at the time of creating or updating an application, provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source. + type: object + additionalProperties: false + properties: + CSVMappingParameters: + description: Provides additional mapping information when the record format uses delimiters (for example, CSV). + $ref: '#/components/schemas/CSVMappingParameters' + JSONMappingParameters: + description: Provides additional mapping information when JSON is the record format on the streaming source. + $ref: '#/components/schemas/JSONMappingParameters' + CSVMappingParameters: + description: |- + For a SQL-based Kinesis Data Analytics application, provides additional mapping information when the record format uses delimiters, such as CSV. For example, the following sample records use CSV format, where the records use the '\n' as the row delimiter and a comma (",") as the column delimiter: + `"name1", "address1"` + `"name2", "address2"` + type: object + additionalProperties: false + properties: + RecordColumnDelimiter: + description: The column delimiter. For example, in a CSV format, a comma (",") is the typical column delimiter. + type: string + minLength: 1 + maxLength: 1024 + RecordRowDelimiter: + description: The row delimiter. For example, in a CSV format, '\n' is the typical row delimiter. + type: string + minLength: 1 + maxLength: 1024 + required: + - RecordRowDelimiter + - RecordColumnDelimiter + JSONMappingParameters: + description: For a SQL-based Kinesis Data Analytics application, provides additional mapping information when JSON is the record format on the streaming source. + type: object + additionalProperties: false + properties: + RecordRowPath: + description: The path to the top-level parent that contains the records. + type: string + minLength: 1 + maxLength: 65535 + pattern: ^(?=^\$)(?=^\S+$).*$ + required: + - RecordRowPath + KinesisStreamsInput: + description: Identifies a Kinesis data stream as the streaming source. You provide the stream's Amazon Resource Name (ARN). + type: object + additionalProperties: false + properties: + ResourceARN: + description: The ARN of the input Kinesis data stream to read. + $ref: '#/components/schemas/Arn' + required: + - ResourceARN + KinesisFirehoseInput: + description: For a SQL-based Kinesis Data Analytics application, identifies a Kinesis Data Firehose delivery stream as the streaming source. You provide the delivery stream's Amazon Resource Name (ARN). + type: object + additionalProperties: false + properties: + ResourceARN: + description: The Amazon Resource Name (ARN) of the delivery stream. + $ref: '#/components/schemas/Arn' + required: + - ResourceARN + InputProcessingConfiguration: + description: For an SQL-based Amazon Kinesis Data Analytics application, describes a processor that is used to preprocess the records in the stream before being processed by your application code. Currently, the only input processor available is Amazon Lambda. + type: object + additionalProperties: false + properties: + InputLambdaProcessor: + description: The InputLambdaProcessor that is used to preprocess the records in the stream before being processed by your application code. + $ref: '#/components/schemas/InputLambdaProcessor' + InputLambdaProcessor: + description: An object that contains the Amazon Resource Name (ARN) of the Amazon Lambda function that is used to preprocess records in the stream in a SQL-based Kinesis Data Analytics application. + type: object + additionalProperties: false + properties: + ResourceARN: + description: The ARN of the Amazon Lambda function that operates on records in the stream. + $ref: '#/components/schemas/Arn' + required: + - ResourceARN + InputParallelism: + description: For a SQL-based Kinesis Data Analytics application, describes the number of in-application streams to create for a given streaming source. + type: object + additionalProperties: false + properties: + Count: + description: The number of in-application streams to create. + type: integer + minimum: 1 + maximum: 64 + ZeppelinApplicationConfiguration: + description: The configuration of a Kinesis Data Analytics Studio notebook. + type: object + additionalProperties: false + properties: + CatalogConfiguration: + description: The Amazon Glue Data Catalog that you use in queries in a Kinesis Data Analytics Studio notebook. + $ref: '#/components/schemas/CatalogConfiguration' + MonitoringConfiguration: + description: The monitoring configuration of a Kinesis Data Analytics Studio notebook. + $ref: '#/components/schemas/ZeppelinMonitoringConfiguration' + DeployAsApplicationConfiguration: + description: The information required to deploy a Kinesis Data Analytics Studio notebook as an application with durable state. + $ref: '#/components/schemas/DeployAsApplicationConfiguration' + CustomArtifactsConfiguration: + description: A list of CustomArtifactConfiguration objects. + $ref: '#/components/schemas/CustomArtifactsConfiguration' + CatalogConfiguration: + description: The configuration parameters for the default Amazon Glue database. You use this database for SQL queries that you write in a Kinesis Data Analytics Studio notebook. + type: object + additionalProperties: false + properties: + GlueDataCatalogConfiguration: + description: The configuration parameters for the default Amazon Glue database. You use this database for Apache Flink SQL queries and table API transforms that you write in a Kinesis Data Analytics Studio notebook. + $ref: '#/components/schemas/GlueDataCatalogConfiguration' + GlueDataCatalogConfiguration: + description: The configuration of the Glue Data Catalog that you use for Apache Flink SQL queries and table API transforms that you write in an application. + type: object + additionalProperties: false + properties: + DatabaseARN: + description: The Amazon Resource Name (ARN) of the database. + $ref: '#/components/schemas/Arn' + ZeppelinMonitoringConfiguration: + description: Describes configuration parameters for Amazon CloudWatch logging for a Kinesis Data Analytics Studio notebook. For more information about CloudWatch logging, see Monitoring. + type: object + additionalProperties: false + properties: + LogLevel: + description: The verbosity of the CloudWatch Logs for an application. You can set it to `INFO`, `WARN`, `ERROR`, or `DEBUG`. + type: string + enum: + - DEBUG + - INFO + - WARN + - ERROR + DeployAsApplicationConfiguration: + description: The information required to deploy a Kinesis Data Analytics Studio notebook as an application with durable state. + type: object + additionalProperties: false + properties: + S3ContentLocation: + description: The description of an Amazon S3 object that contains the Amazon Data Analytics application, including the Amazon Resource Name (ARN) of the S3 bucket, the name of the Amazon S3 object that contains the data, and the version number of the Amazon S3 object that contains the data. + $ref: '#/components/schemas/S3ContentBaseLocation' + required: + - S3ContentLocation + S3ContentBaseLocation: + description: The base location of the Amazon Data Analytics application. + type: object + additionalProperties: false + properties: + BucketARN: + description: The Amazon Resource Name (ARN) of the S3 bucket. + $ref: '#/components/schemas/Arn' + BasePath: + description: The base path for the S3 bucket. + type: string + minLength: 1 + maxLength: 1024 + pattern: ^[a-zA-Z0-9/!-_.*'()]+$ + required: + - BucketARN + CustomArtifactsConfiguration: + description: A list of CustomArtifactConfiguration objects. + type: array + uniqueItems: false + x-insertionOrder: false + maxItems: 50 + items: + description: The configuration of connectors and user-defined functions. + $ref: '#/components/schemas/CustomArtifactConfiguration' + CustomArtifactConfiguration: + description: The configuration of connectors and user-defined functions. + type: object + additionalProperties: false + properties: + ArtifactType: + description: Set this to either `UDF` or `DEPENDENCY_JAR`. `UDF` stands for user-defined functions. This type of artifact must be in an S3 bucket. A `DEPENDENCY_JAR` can be in either Maven or an S3 bucket. + type: string + enum: + - DEPENDENCY_JAR + - UDF + MavenReference: + description: The parameters required to fully specify a Maven reference. + $ref: '#/components/schemas/MavenReference' + S3ContentLocation: + description: The location of the custom artifacts. + $ref: '#/components/schemas/S3ContentLocation' + required: + - ArtifactType + MavenReference: + description: The information required to specify a Maven reference. You can use Maven references to specify dependency JAR files. + type: object + additionalProperties: false + properties: + ArtifactId: + description: The artifact ID of the Maven reference. + type: string + minLength: 1 + maxLength: 256 + pattern: ^[a-zA-Z0-9_.-]+$ + GroupId: + description: The group ID of the Maven reference. + type: string + minLength: 1 + maxLength: 256 + pattern: ^[a-zA-Z0-9_.-]+$ + Version: + description: The version of the Maven reference. + type: string + minLength: 1 + maxLength: 256 + pattern: ^[a-zA-Z0-9_.-]+$ + required: + - ArtifactId + - GroupId + - Version + VpcConfigurations: + description: The array of descriptions of VPC configurations available to the application. + type: array + uniqueItems: false + x-insertionOrder: false + maxItems: 1 + items: + description: Describes the parameters of a VPC used by the application. + $ref: '#/components/schemas/VpcConfiguration' + VpcConfiguration: + description: Describes the parameters of a VPC used by the application. + type: object + additionalProperties: false + properties: + SecurityGroupIds: + description: The array of SecurityGroup IDs used by the VPC configuration. + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 1 + maxItems: 5 + items: + type: string + SubnetIds: + description: The array of Subnet IDs used by the VPC configuration. + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 1 + maxItems: 16 + items: + type: string + required: + - SecurityGroupIds + - SubnetIds + ApplicationMaintenanceConfiguration: + description: Describes the maintenance configuration for the application. + type: object + additionalProperties: false + properties: + ApplicationMaintenanceWindowStartTime: + description: The start time for the maintenance window. + type: string + pattern: ^([01][0-9]|2[0-3]):[0-5][0-9]$ + required: + - ApplicationMaintenanceWindowStartTime + Tag: + description: A key-value pair that identifies an application. + type: object + additionalProperties: false + properties: + Key: + description: 'The key name of the tag. You can specify a value that''s 1 to 128 Unicode characters in length and can''t be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + minLength: 1 + maxLength: 128 + Value: + description: The value for the tag. You can specify a value that's 0 to 256 characters in length. + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + Application: + type: object + properties: + ApplicationConfiguration: + description: Use this parameter to configure the application. + $ref: '#/components/schemas/ApplicationConfiguration' + ApplicationDescription: + description: The description of the application. + type: string + default: '' + minLength: 0 + maxLength: 1024 + ApplicationMode: + description: To create a Kinesis Data Analytics Studio notebook, you must set the mode to `INTERACTIVE`. However, for a Kinesis Data Analytics for Apache Flink application, the mode is optional. + type: string + enum: + - INTERACTIVE + - STREAMING + ApplicationName: + description: The name of the application. + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9_.-]+$ + RuntimeEnvironment: + description: The runtime environment for the application. + type: string + ServiceExecutionRole: + description: Specifies the IAM role that the application uses to access external resources. + $ref: '#/components/schemas/Arn' + RunConfiguration: + description: Specifies run configuration (start parameters) of a Kinesis Data Analytics application. Evaluated on update for RUNNING applications an only. + $ref: '#/components/schemas/RunConfiguration' + ApplicationMaintenanceConfiguration: + description: Used to configure start of maintenance window. + $ref: '#/components/schemas/ApplicationMaintenanceConfiguration' + Tags: + description: A list of one or more tags to assign to the application. A tag is a key-value pair that identifies an application. Note that the maximum number of application tags includes system tags. The maximum number of user-defined application tags is 50. + type: array + uniqueItems: false + x-insertionOrder: false + minItems: 1 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + required: + - RuntimeEnvironment + - ServiceExecutionRole + x-stackql-resource-name: application + description: Creates an Amazon Kinesis Data Analytics application. For information about creating a Kinesis Data Analytics application, see [Creating an Application](https://docs.aws.amazon.com/kinesisanalytics/latest/java/getting-started.html). + x-type-name: AWS::KinesisAnalyticsV2::Application + x-stackql-primary-identifier: + - ApplicationName + x-create-only-properties: + - ApplicationName + - ApplicationMode + x-write-only-properties: + - RunConfiguration + - ApplicationConfiguration/EnvironmentProperties + - ApplicationConfiguration/ApplicationCodeConfiguration/CodeContent/ZipFileContent + x-required-properties: + - RuntimeEnvironment + - ServiceExecutionRole + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:PassRole + - kinesisanalytics:CreateApplication + - kinesisanalytics:DescribeApplication + - kinesisanalytics:ListTagsForResource + - kinesisanalytics:UpdateApplicationMaintenanceConfiguration + read: + - kinesisanalytics:DescribeApplication + - kinesisanalytics:ListTagsForResource + update: + - kinesisanalytics:UpdateApplication + - kinesisanalytics:DescribeApplication + - kinesisanalytics:TagResource + - kinesisanalytics:UntagResource + - kinesisanalytics:AddApplicationVpcConfiguration + - kinesisanalytics:DeleteApplicationVpcConfiguration + - kinesisanalytics:UpdateApplicationMaintenanceConfiguration + - kinesisanalytics:ListTagsForResource + delete: + - kinesisanalytics:DescribeApplication + - kinesisanalytics:DeleteApplication + list: + - kinesisanalytics:ListApplications + x-stackQL-resources: + applications: + name: applications + id: aws.kinesisanalyticsv2.applications + x-cfn-schema-name: Application + x-type: list + x-identifiers: + - ApplicationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationName') as application_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KinesisAnalyticsV2::Application' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationName') as application_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KinesisAnalyticsV2::Application' + AND region = 'us-east-1' + application: + name: application + id: aws.kinesisanalyticsv2.application + x-cfn-schema-name: Application + x-type: get + x-identifiers: + - ApplicationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApplicationConfiguration') as application_configuration, + JSON_EXTRACT(Properties, '$.ApplicationDescription') as application_description, + JSON_EXTRACT(Properties, '$.ApplicationMode') as application_mode, + JSON_EXTRACT(Properties, '$.ApplicationName') as application_name, + JSON_EXTRACT(Properties, '$.RuntimeEnvironment') as runtime_environment, + JSON_EXTRACT(Properties, '$.ServiceExecutionRole') as service_execution_role, + JSON_EXTRACT(Properties, '$.RunConfiguration') as run_configuration, + JSON_EXTRACT(Properties, '$.ApplicationMaintenanceConfiguration') as application_maintenance_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KinesisAnalyticsV2::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApplicationConfiguration') as application_configuration, + json_extract_path_text(Properties, 'ApplicationDescription') as application_description, + json_extract_path_text(Properties, 'ApplicationMode') as application_mode, + json_extract_path_text(Properties, 'ApplicationName') as application_name, + json_extract_path_text(Properties, 'RuntimeEnvironment') as runtime_environment, + json_extract_path_text(Properties, 'ServiceExecutionRole') as service_execution_role, + json_extract_path_text(Properties, 'RunConfiguration') as run_configuration, + json_extract_path_text(Properties, 'ApplicationMaintenanceConfiguration') as application_maintenance_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KinesisAnalyticsV2::Application' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/kinesisfirehose.yaml b/providers/src/aws/v00.00.00000/services/kinesisfirehose.yaml new file mode 100644 index 00000000..b8a437ba --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/kinesisfirehose.yaml @@ -0,0 +1,1129 @@ +openapi: 3.0.0 +info: + title: KinesisFirehose + version: 1.0.0 +paths: {} +components: + schemas: + DeliveryStreamEncryptionConfigurationInput: + type: object + additionalProperties: false + properties: + KeyARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + KeyType: + type: string + enum: + - AWS_OWNED_CMK + - CUSTOMER_MANAGED_CMK + required: + - KeyType + SplunkDestinationConfiguration: + type: object + additionalProperties: false + properties: + CloudWatchLoggingOptions: + $ref: '#/components/schemas/CloudWatchLoggingOptions' + HECAcknowledgmentTimeoutInSeconds: + type: integer + minimum: 180 + maximum: 600 + HECEndpoint: + type: string + minLength: 0 + maxLength: 2048 + HECEndpointType: + type: string + enum: + - Raw + - Event + HECToken: + type: string + minLength: 0 + maxLength: 2048 + ProcessingConfiguration: + $ref: '#/components/schemas/ProcessingConfiguration' + RetryOptions: + $ref: '#/components/schemas/SplunkRetryOptions' + S3BackupMode: + type: string + S3Configuration: + $ref: '#/components/schemas/S3DestinationConfiguration' + BufferingHints: + $ref: '#/components/schemas/SplunkBufferingHints' + required: + - HECEndpoint + - S3Configuration + - HECToken + - HECEndpointType + HttpEndpointDestinationConfiguration: + type: object + additionalProperties: false + properties: + RoleARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + EndpointConfiguration: + $ref: '#/components/schemas/HttpEndpointConfiguration' + RequestConfiguration: + $ref: '#/components/schemas/HttpEndpointRequestConfiguration' + BufferingHints: + $ref: '#/components/schemas/BufferingHints' + CloudWatchLoggingOptions: + $ref: '#/components/schemas/CloudWatchLoggingOptions' + ProcessingConfiguration: + $ref: '#/components/schemas/ProcessingConfiguration' + RetryOptions: + $ref: '#/components/schemas/RetryOptions' + S3BackupMode: + type: string + S3Configuration: + $ref: '#/components/schemas/S3DestinationConfiguration' + required: + - EndpointConfiguration + - S3Configuration + KinesisStreamSourceConfiguration: + type: object + additionalProperties: false + properties: + KinesisStreamARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + RoleARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + required: + - RoleARN + - KinesisStreamARN + MSKSourceConfiguration: + type: object + additionalProperties: false + properties: + MSKClusterARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + TopicName: + type: string + minLength: 1 + maxLength: 255 + pattern: '[a-zA-Z0-9\._\-]+' + AuthenticationConfiguration: + $ref: '#/components/schemas/AuthenticationConfiguration' + required: + - MSKClusterARN + - TopicName + - AuthenticationConfiguration + AuthenticationConfiguration: + type: object + additionalProperties: false + properties: + RoleARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + Connectivity: + type: string + enum: + - PUBLIC + - PRIVATE + required: + - RoleARN + - Connectivity + VpcConfiguration: + type: object + additionalProperties: false + properties: + RoleARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + SubnetIds: + type: array + uniqueItems: true + items: + type: string + minLength: 1 + maxLength: 1024 + minItems: 1 + maxItems: 16 + SecurityGroupIds: + type: array + uniqueItems: true + items: + type: string + minLength: 1 + maxLength: 1024 + minItems: 1 + maxItems: 5 + required: + - RoleARN + - SubnetIds + - SecurityGroupIds + DocumentIdOptions: + type: object + additionalProperties: false + properties: + DefaultDocumentIdFormat: + type: string + enum: + - FIREHOSE_DEFAULT + - NO_DOCUMENT_ID + required: + - DefaultDocumentIdFormat + ExtendedS3DestinationConfiguration: + type: object + additionalProperties: false + properties: + BucketARN: + type: string + minLength: 1 + maxLength: 2048 + pattern: arn:.* + BufferingHints: + $ref: '#/components/schemas/BufferingHints' + CloudWatchLoggingOptions: + $ref: '#/components/schemas/CloudWatchLoggingOptions' + CompressionFormat: + type: string + enum: + - UNCOMPRESSED + - GZIP + - ZIP + - Snappy + - HADOOP_SNAPPY + CustomTimeZone: + type: string + minLength: 0 + maxLength: 50 + DataFormatConversionConfiguration: + $ref: '#/components/schemas/DataFormatConversionConfiguration' + DynamicPartitioningConfiguration: + $ref: '#/components/schemas/DynamicPartitioningConfiguration' + EncryptionConfiguration: + $ref: '#/components/schemas/EncryptionConfiguration' + ErrorOutputPrefix: + type: string + minLength: 0 + maxLength: 1024 + FileExtension: + type: string + minLength: 0 + maxLength: 128 + pattern: ^$|\.[0-9a-z!\-_.*'()]+ + Prefix: + type: string + minLength: 0 + maxLength: 1024 + ProcessingConfiguration: + $ref: '#/components/schemas/ProcessingConfiguration' + RoleARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + S3BackupConfiguration: + $ref: '#/components/schemas/S3DestinationConfiguration' + S3BackupMode: + type: string + enum: + - Disabled + - Enabled + required: + - BucketARN + - RoleARN + S3DestinationConfiguration: + type: object + additionalProperties: false + properties: + BucketARN: + type: string + minLength: 1 + maxLength: 2048 + pattern: arn:.* + BufferingHints: + $ref: '#/components/schemas/BufferingHints' + CloudWatchLoggingOptions: + $ref: '#/components/schemas/CloudWatchLoggingOptions' + CompressionFormat: + type: string + enum: + - UNCOMPRESSED + - GZIP + - ZIP + - Snappy + - HADOOP_SNAPPY + EncryptionConfiguration: + $ref: '#/components/schemas/EncryptionConfiguration' + ErrorOutputPrefix: + type: string + minLength: 0 + maxLength: 1024 + Prefix: + type: string + minLength: 0 + maxLength: 1024 + RoleARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + required: + - BucketARN + - RoleARN + RedshiftDestinationConfiguration: + type: object + additionalProperties: false + properties: + CloudWatchLoggingOptions: + $ref: '#/components/schemas/CloudWatchLoggingOptions' + ClusterJDBCURL: + type: string + minLength: 1 + maxLength: 512 + CopyCommand: + $ref: '#/components/schemas/CopyCommand' + Password: + type: string + minLength: 6 + maxLength: 512 + ProcessingConfiguration: + $ref: '#/components/schemas/ProcessingConfiguration' + RetryOptions: + $ref: '#/components/schemas/RedshiftRetryOptions' + RoleARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + S3BackupConfiguration: + $ref: '#/components/schemas/S3DestinationConfiguration' + S3BackupMode: + type: string + enum: + - Disabled + - Enabled + S3Configuration: + $ref: '#/components/schemas/S3DestinationConfiguration' + Username: + type: string + minLength: 1 + maxLength: 512 + required: + - S3Configuration + - Username + - ClusterJDBCURL + - CopyCommand + - RoleARN + - Password + ElasticsearchDestinationConfiguration: + type: object + additionalProperties: false + properties: + BufferingHints: + $ref: '#/components/schemas/ElasticsearchBufferingHints' + CloudWatchLoggingOptions: + $ref: '#/components/schemas/CloudWatchLoggingOptions' + DomainARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + IndexName: + type: string + minLength: 1 + maxLength: 80 + IndexRotationPeriod: + type: string + enum: + - NoRotation + - OneHour + - OneDay + - OneWeek + - OneMonth + ProcessingConfiguration: + $ref: '#/components/schemas/ProcessingConfiguration' + RetryOptions: + $ref: '#/components/schemas/ElasticsearchRetryOptions' + RoleARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + S3BackupMode: + type: string + enum: + - FailedDocumentsOnly + - AllDocuments + S3Configuration: + $ref: '#/components/schemas/S3DestinationConfiguration' + ClusterEndpoint: + type: string + minLength: 1 + maxLength: 512 + pattern: https:.* + TypeName: + type: string + minLength: 0 + maxLength: 100 + VpcConfiguration: + $ref: '#/components/schemas/VpcConfiguration' + DocumentIdOptions: + $ref: '#/components/schemas/DocumentIdOptions' + required: + - IndexName + - S3Configuration + - RoleARN + AmazonopensearchserviceDestinationConfiguration: + type: object + additionalProperties: false + properties: + BufferingHints: + $ref: '#/components/schemas/AmazonopensearchserviceBufferingHints' + CloudWatchLoggingOptions: + $ref: '#/components/schemas/CloudWatchLoggingOptions' + DomainARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + IndexName: + type: string + minLength: 1 + maxLength: 80 + IndexRotationPeriod: + type: string + enum: + - NoRotation + - OneHour + - OneDay + - OneWeek + - OneMonth + ProcessingConfiguration: + $ref: '#/components/schemas/ProcessingConfiguration' + RetryOptions: + $ref: '#/components/schemas/AmazonopensearchserviceRetryOptions' + RoleARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + S3BackupMode: + type: string + enum: + - FailedDocumentsOnly + - AllDocuments + S3Configuration: + $ref: '#/components/schemas/S3DestinationConfiguration' + ClusterEndpoint: + type: string + minLength: 1 + maxLength: 512 + pattern: https:.* + TypeName: + type: string + minLength: 0 + maxLength: 100 + VpcConfiguration: + $ref: '#/components/schemas/VpcConfiguration' + DocumentIdOptions: + $ref: '#/components/schemas/DocumentIdOptions' + required: + - IndexName + - S3Configuration + - RoleARN + AmazonOpenSearchServerlessDestinationConfiguration: + type: object + additionalProperties: false + properties: + BufferingHints: + $ref: '#/components/schemas/AmazonOpenSearchServerlessBufferingHints' + CloudWatchLoggingOptions: + $ref: '#/components/schemas/CloudWatchLoggingOptions' + IndexName: + type: string + minLength: 1 + maxLength: 80 + ProcessingConfiguration: + $ref: '#/components/schemas/ProcessingConfiguration' + RetryOptions: + $ref: '#/components/schemas/AmazonOpenSearchServerlessRetryOptions' + RoleARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + S3BackupMode: + type: string + enum: + - FailedDocumentsOnly + - AllDocuments + S3Configuration: + $ref: '#/components/schemas/S3DestinationConfiguration' + CollectionEndpoint: + type: string + minLength: 1 + maxLength: 512 + pattern: https:.* + VpcConfiguration: + $ref: '#/components/schemas/VpcConfiguration' + required: + - IndexName + - S3Configuration + - RoleARN + SnowflakeDestinationConfiguration: + type: object + additionalProperties: false + properties: + AccountUrl: + type: string + minLength: 24 + maxLength: 2048 + pattern: .+?\.snowflakecomputing\.com + PrivateKey: + type: string + minLength: 256 + maxLength: 4096 + pattern: ^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$ + KeyPassphrase: + type: string + minLength: 7 + maxLength: 255 + User: + type: string + minLength: 1 + maxLength: 255 + Database: + type: string + minLength: 1 + maxLength: 255 + Schema: + type: string + minLength: 1 + maxLength: 255 + Table: + type: string + minLength: 1 + maxLength: 255 + SnowflakeRoleConfiguration: + $ref: '#/components/schemas/SnowflakeRoleConfiguration' + DataLoadingOption: + type: string + enum: + - JSON_MAPPING + - VARIANT_CONTENT_MAPPING + - VARIANT_CONTENT_AND_METADATA_MAPPING + MetaDataColumnName: + type: string + minLength: 1 + maxLength: 255 + ContentColumnName: + type: string + minLength: 1 + maxLength: 255 + SnowflakeVpcConfiguration: + $ref: '#/components/schemas/SnowflakeVpcConfiguration' + CloudWatchLoggingOptions: + $ref: '#/components/schemas/CloudWatchLoggingOptions' + ProcessingConfiguration: + $ref: '#/components/schemas/ProcessingConfiguration' + RoleARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + RetryOptions: + $ref: '#/components/schemas/SnowflakeRetryOptions' + S3BackupMode: + type: string + enum: + - FailedDataOnly + - AllData + S3Configuration: + $ref: '#/components/schemas/S3DestinationConfiguration' + required: + - AccountUrl + - PrivateKey + - User + - Database + - Schema + - Table + - RoleARN + - S3Configuration + BufferingHints: + type: object + additionalProperties: false + properties: + IntervalInSeconds: + type: integer + SizeInMBs: + type: integer + ProcessingConfiguration: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + Processors: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Processor' + SplunkRetryOptions: + type: object + additionalProperties: false + properties: + DurationInSeconds: + type: integer + ElasticsearchRetryOptions: + type: object + additionalProperties: false + properties: + DurationInSeconds: + type: integer + AmazonopensearchserviceRetryOptions: + type: object + additionalProperties: false + properties: + DurationInSeconds: + type: integer + AmazonOpenSearchServerlessRetryOptions: + type: object + additionalProperties: false + properties: + DurationInSeconds: + type: integer + SnowflakeRetryOptions: + type: object + additionalProperties: false + properties: + DurationInSeconds: + type: integer + RedshiftRetryOptions: + type: object + additionalProperties: false + properties: + DurationInSeconds: + type: integer + RetryOptions: + type: object + additionalProperties: false + properties: + DurationInSeconds: + type: integer + DataFormatConversionConfiguration: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + InputFormatConfiguration: + $ref: '#/components/schemas/InputFormatConfiguration' + OutputFormatConfiguration: + $ref: '#/components/schemas/OutputFormatConfiguration' + SchemaConfiguration: + $ref: '#/components/schemas/SchemaConfiguration' + DynamicPartitioningConfiguration: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + RetryOptions: + $ref: '#/components/schemas/RetryOptions' + CopyCommand: + type: object + additionalProperties: false + properties: + CopyOptions: + type: string + minLength: 0 + maxLength: 204800 + DataTableColumns: + type: string + minLength: 0 + maxLength: 204800 + DataTableName: + type: string + minLength: 1 + maxLength: 512 + required: + - DataTableName + EncryptionConfiguration: + type: object + additionalProperties: false + properties: + KMSEncryptionConfig: + $ref: '#/components/schemas/KMSEncryptionConfig' + NoEncryptionConfig: + type: string + enum: + - NoEncryption + ElasticsearchBufferingHints: + type: object + additionalProperties: false + properties: + IntervalInSeconds: + type: integer + SizeInMBs: + type: integer + AmazonopensearchserviceBufferingHints: + type: object + additionalProperties: false + properties: + IntervalInSeconds: + type: integer + SizeInMBs: + type: integer + AmazonOpenSearchServerlessBufferingHints: + type: object + additionalProperties: false + properties: + IntervalInSeconds: + type: integer + SizeInMBs: + type: integer + SplunkBufferingHints: + type: object + additionalProperties: false + properties: + IntervalInSeconds: + type: integer + SizeInMBs: + type: integer + CloudWatchLoggingOptions: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + LogGroupName: + type: string + LogStreamName: + type: string + OutputFormatConfiguration: + type: object + additionalProperties: false + properties: + Serializer: + $ref: '#/components/schemas/Serializer' + Processor: + type: object + additionalProperties: false + properties: + Parameters: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/ProcessorParameter' + Type: + type: string + enum: + - RecordDeAggregation + - Decompression + - CloudWatchLogProcessing + - Lambda + - MetadataExtraction + - AppendDelimiterToRecord + required: + - Type + KMSEncryptionConfig: + type: object + additionalProperties: false + properties: + AWSKMSKeyARN: + type: string + required: + - AWSKMSKeyARN + InputFormatConfiguration: + type: object + additionalProperties: false + properties: + Deserializer: + $ref: '#/components/schemas/Deserializer' + SchemaConfiguration: + type: object + additionalProperties: false + properties: + CatalogId: + type: string + DatabaseName: + type: string + Region: + type: string + RoleARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + TableName: + type: string + VersionId: + type: string + Serializer: + type: object + additionalProperties: false + properties: + OrcSerDe: + $ref: '#/components/schemas/OrcSerDe' + ParquetSerDe: + $ref: '#/components/schemas/ParquetSerDe' + ProcessorParameter: + type: object + additionalProperties: false + properties: + ParameterName: + type: string + ParameterValue: + type: string + required: + - ParameterValue + - ParameterName + Deserializer: + type: object + additionalProperties: false + properties: + HiveJsonSerDe: + $ref: '#/components/schemas/HiveJsonSerDe' + OpenXJsonSerDe: + $ref: '#/components/schemas/OpenXJsonSerDe' + HiveJsonSerDe: + type: object + additionalProperties: false + properties: + TimestampFormats: + type: array + uniqueItems: true + items: + type: string + OrcSerDe: + type: object + additionalProperties: false + properties: + BlockSizeBytes: + type: integer + BloomFilterColumns: + type: array + uniqueItems: true + items: + type: string + BloomFilterFalsePositiveProbability: + type: number + Compression: + type: string + DictionaryKeyThreshold: + type: number + EnablePadding: + type: boolean + FormatVersion: + type: string + PaddingTolerance: + type: number + RowIndexStride: + type: integer + StripeSizeBytes: + type: integer + ParquetSerDe: + type: object + additionalProperties: false + properties: + BlockSizeBytes: + type: integer + Compression: + type: string + EnableDictionaryCompression: + type: boolean + MaxPaddingBytes: + type: integer + PageSizeBytes: + type: integer + WriterVersion: + type: string + OpenXJsonSerDe: + type: object + additionalProperties: false + properties: + CaseInsensitive: + type: boolean + ColumnToJsonKeyMappings: + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + ConvertDotsInJsonKeysToUnderscores: + type: boolean + HttpEndpointRequestConfiguration: + type: object + additionalProperties: false + properties: + ContentEncoding: + type: string + enum: + - NONE + - GZIP + CommonAttributes: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/HttpEndpointCommonAttribute' + minItems: 0 + maxItems: 50 + HttpEndpointCommonAttribute: + type: object + additionalProperties: false + properties: + AttributeName: + type: string + minLength: 1 + maxLength: 256 + AttributeValue: + type: string + minLength: 0 + maxLength: 1024 + required: + - AttributeName + - AttributeValue + HttpEndpointConfiguration: + type: object + additionalProperties: false + properties: + Url: + type: string + minLength: 1 + maxLength: 1000 + AccessKey: + type: string + minLength: 0 + maxLength: 4096 + Name: + type: string + minLength: 1 + maxLength: 256 + required: + - Url + SnowflakeRoleConfiguration: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + SnowflakeRole: + type: string + minLength: 1 + maxLength: 255 + SnowflakeVpcConfiguration: + type: object + additionalProperties: false + properties: + PrivateLinkVpceId: + type: string + minLength: 47 + maxLength: 255 + pattern: ([a-zA-Z0-9\-\_]+\.){2,3}vpce\.[a-zA-Z0-9\-]*\.vpce-svc\-[a-zA-Z0-9\-]{17}$ + required: + - PrivateLinkVpceId + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + pattern: ^(?!aws:)[\p{L}\p{Z}\p{N}_.:\/=+\-@%]*$ + minLength: 1 + maxLength: 128 + Value: + type: string + pattern: ^[\p{L}\p{Z}\p{N}_.:\/=+\-@%]*$ + minLength: 0 + maxLength: 256 + required: + - Key + DeliveryStream: + type: object + properties: + Arn: + type: string + DeliveryStreamEncryptionConfigurationInput: + $ref: '#/components/schemas/DeliveryStreamEncryptionConfigurationInput' + DeliveryStreamName: + type: string + minLength: 1 + maxLength: 64 + pattern: '[a-zA-Z0-9._-]+' + DeliveryStreamType: + type: string + enum: + - DirectPut + - KinesisStreamAsSource + - MSKAsSource + ElasticsearchDestinationConfiguration: + $ref: '#/components/schemas/ElasticsearchDestinationConfiguration' + AmazonopensearchserviceDestinationConfiguration: + $ref: '#/components/schemas/AmazonopensearchserviceDestinationConfiguration' + AmazonOpenSearchServerlessDestinationConfiguration: + $ref: '#/components/schemas/AmazonOpenSearchServerlessDestinationConfiguration' + ExtendedS3DestinationConfiguration: + $ref: '#/components/schemas/ExtendedS3DestinationConfiguration' + KinesisStreamSourceConfiguration: + $ref: '#/components/schemas/KinesisStreamSourceConfiguration' + MSKSourceConfiguration: + $ref: '#/components/schemas/MSKSourceConfiguration' + RedshiftDestinationConfiguration: + $ref: '#/components/schemas/RedshiftDestinationConfiguration' + S3DestinationConfiguration: + $ref: '#/components/schemas/S3DestinationConfiguration' + SplunkDestinationConfiguration: + $ref: '#/components/schemas/SplunkDestinationConfiguration' + HttpEndpointDestinationConfiguration: + $ref: '#/components/schemas/HttpEndpointDestinationConfiguration' + SnowflakeDestinationConfiguration: + $ref: '#/components/schemas/SnowflakeDestinationConfiguration' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + minItems: 1 + maxItems: 50 + x-stackql-resource-name: delivery_stream + description: Resource Type definition for AWS::KinesisFirehose::DeliveryStream + x-type-name: AWS::KinesisFirehose::DeliveryStream + x-stackql-primary-identifier: + - DeliveryStreamName + x-create-only-properties: + - DeliveryStreamName + - DeliveryStreamType + - ElasticsearchDestinationConfiguration/VpcConfiguration + - AmazonopensearchserviceDestinationConfiguration/VpcConfiguration + - AmazonOpenSearchServerlessDestinationConfiguration/VpcConfiguration + - KinesisStreamSourceConfiguration + - MSKSourceConfiguration + - SnowflakeDestinationConfiguration/SnowflakeVpcConfiguration + x-read-only-properties: + - Arn + x-required-permissions: + create: + - firehose:CreateDeliveryStream + - firehose:DescribeDeliveryStream + - iam:GetRole + - iam:PassRole + - kms:CreateGrant + - kms:DescribeKey + read: + - firehose:DescribeDeliveryStream + - firehose:ListTagsForDeliveryStream + update: + - firehose:UpdateDestination + - firehose:DescribeDeliveryStream + - firehose:StartDeliveryStreamEncryption + - firehose:StopDeliveryStreamEncryption + - firehose:ListTagsForDeliveryStream + - firehose:TagDeliveryStream + - firehose:UntagDeliveryStream + - kms:CreateGrant + - kms:RevokeGrant + - kms:DescribeKey + delete: + - firehose:DeleteDeliveryStream + - firehose:DescribeDeliveryStream + - kms:RevokeGrant + - kms:DescribeKey + list: + - firehose:ListDeliveryStreams + x-stackQL-resources: + delivery_streams: + name: delivery_streams + id: aws.kinesisfirehose.delivery_streams + x-cfn-schema-name: DeliveryStream + x-type: list + x-identifiers: + - DeliveryStreamName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DeliveryStreamName') as delivery_stream_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KinesisFirehose::DeliveryStream' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DeliveryStreamName') as delivery_stream_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KinesisFirehose::DeliveryStream' + AND region = 'us-east-1' + delivery_stream: + name: delivery_stream + id: aws.kinesisfirehose.delivery_stream + x-cfn-schema-name: DeliveryStream + x-type: get + x-identifiers: + - DeliveryStreamName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DeliveryStreamEncryptionConfigurationInput') as delivery_stream_encryption_configuration_input, + JSON_EXTRACT(Properties, '$.DeliveryStreamName') as delivery_stream_name, + JSON_EXTRACT(Properties, '$.DeliveryStreamType') as delivery_stream_type, + JSON_EXTRACT(Properties, '$.ElasticsearchDestinationConfiguration') as elasticsearch_destination_configuration, + JSON_EXTRACT(Properties, '$.AmazonopensearchserviceDestinationConfiguration') as amazonopensearchservice_destination_configuration, + JSON_EXTRACT(Properties, '$.AmazonOpenSearchServerlessDestinationConfiguration') as amazon_open_search_serverless_destination_configuration, + JSON_EXTRACT(Properties, '$.ExtendedS3DestinationConfiguration') as extended_s3_destination_configuration, + JSON_EXTRACT(Properties, '$.KinesisStreamSourceConfiguration') as kinesis_stream_source_configuration, + JSON_EXTRACT(Properties, '$.MSKSourceConfiguration') as msk_source_configuration, + JSON_EXTRACT(Properties, '$.RedshiftDestinationConfiguration') as redshift_destination_configuration, + JSON_EXTRACT(Properties, '$.S3DestinationConfiguration') as s3_destination_configuration, + JSON_EXTRACT(Properties, '$.SplunkDestinationConfiguration') as splunk_destination_configuration, + JSON_EXTRACT(Properties, '$.HttpEndpointDestinationConfiguration') as http_endpoint_destination_configuration, + JSON_EXTRACT(Properties, '$.SnowflakeDestinationConfiguration') as snowflake_destination_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KinesisFirehose::DeliveryStream' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DeliveryStreamEncryptionConfigurationInput') as delivery_stream_encryption_configuration_input, + json_extract_path_text(Properties, 'DeliveryStreamName') as delivery_stream_name, + json_extract_path_text(Properties, 'DeliveryStreamType') as delivery_stream_type, + json_extract_path_text(Properties, 'ElasticsearchDestinationConfiguration') as elasticsearch_destination_configuration, + json_extract_path_text(Properties, 'AmazonopensearchserviceDestinationConfiguration') as amazonopensearchservice_destination_configuration, + json_extract_path_text(Properties, 'AmazonOpenSearchServerlessDestinationConfiguration') as amazon_open_search_serverless_destination_configuration, + json_extract_path_text(Properties, 'ExtendedS3DestinationConfiguration') as extended_s3_destination_configuration, + json_extract_path_text(Properties, 'KinesisStreamSourceConfiguration') as kinesis_stream_source_configuration, + json_extract_path_text(Properties, 'MSKSourceConfiguration') as msk_source_configuration, + json_extract_path_text(Properties, 'RedshiftDestinationConfiguration') as redshift_destination_configuration, + json_extract_path_text(Properties, 'S3DestinationConfiguration') as s3_destination_configuration, + json_extract_path_text(Properties, 'SplunkDestinationConfiguration') as splunk_destination_configuration, + json_extract_path_text(Properties, 'HttpEndpointDestinationConfiguration') as http_endpoint_destination_configuration, + json_extract_path_text(Properties, 'SnowflakeDestinationConfiguration') as snowflake_destination_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KinesisFirehose::DeliveryStream' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/kinesisvideo.yaml b/providers/src/aws/v00.00.00000/services/kinesisvideo.yaml new file mode 100644 index 00000000..876914e6 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/kinesisvideo.yaml @@ -0,0 +1,226 @@ +openapi: 3.0.0 +info: + title: KinesisVideo + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to associated with the Kinesis Video Stream. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. Specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. The following characters can be used: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. Specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. The following characters can be used: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + SignalingChannel: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the Kinesis Video Signaling Channel. + type: string + Name: + description: The name of the Kinesis Video Signaling Channel. + type: string + minLength: 1 + maxLength: 256 + pattern: '[a-zA-Z0-9_.-]+' + Type: + description: The type of the Kinesis Video Signaling Channel to create. Currently, SINGLE_MASTER is the only supported channel type. + type: string + enum: + - SINGLE_MASTER + MessageTtlSeconds: + description: The period of time a signaling channel retains undelivered messages before they are discarded. + type: integer + minimum: 5 + maximum: 120 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + minItems: 1 + maxItems: 50 + required: [] + x-stackql-resource-name: signaling_channel + description: Resource Type Definition for AWS::KinesisVideo::SignalingChannel + x-type-name: AWS::KinesisVideo::SignalingChannel + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: [] + x-required-permissions: + create: + - kinesisvideo:CreateSignalingChannel + - kinesisvideo:DescribeSignalingChannel + read: + - kinesisvideo:DescribeSignalingChannel + update: + - kinesisvideo:UpdateSignalingChannel + - kinesisvideo:DescribeSignalingChannel + delete: + - kinesisvideo:DeleteSignalingChannel + - kinesisvideo:DescribeSignalingChannel + Stream: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the Kinesis Video stream. + type: string + Name: + description: The name of the Kinesis Video stream. + type: string + minLength: 1 + maxLength: 256 + pattern: '[a-zA-Z0-9_.-]+' + DataRetentionInHours: + description: The number of hours till which Kinesis Video will retain the data in the stream + type: integer + minimum: 0 + maximum: 87600 + DeviceName: + description: The name of the device that is writing to the stream. + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z0-9_.-]+' + KmsKeyId: + description: AWS KMS key ID that Kinesis Video Streams uses to encrypt stream data. + type: string + minLength: 1 + maxLength: 2048 + pattern: .+ + MediaType: + description: The media type of the stream. Consumers of the stream can use this information when processing the stream. + type: string + minLength: 1 + maxLength: 128 + pattern: '[\w\-\.\+]+/[\w\-\.\+]+(,[\w\-\.\+]+/[\w\-\.\+]+)*' + Tags: + description: An array of key-value pairs associated with the Kinesis Video Stream. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + minItems: 1 + maxItems: 50 + required: [] + x-stackql-resource-name: stream + description: Resource Type Definition for AWS::KinesisVideo::Stream + x-type-name: AWS::KinesisVideo::Stream + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: [] + x-required-permissions: + create: + - kinesisvideo:DescribeStream + - kinesisvideo:CreateStream + read: + - kinesisvideo:DescribeStream + update: + - kinesisvideo:DescribeStream + - kinesisvideo:UpdateStream + - kinesisvideo:UpdateDataRetention + delete: + - kinesisvideo:DescribeStream + - kinesisvideo:DeleteStream + x-stackQL-resources: + signaling_channel: + name: signaling_channel + id: aws.kinesisvideo.signaling_channel + x-cfn-schema-name: SignalingChannel + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.MessageTtlSeconds') as message_ttl_seconds, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KinesisVideo::SignalingChannel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'MessageTtlSeconds') as message_ttl_seconds, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KinesisVideo::SignalingChannel' + AND data__Identifier = '' + AND region = 'us-east-1' + kinesisvideo_stream: + name: kinesisvideo_stream + id: aws.kinesisvideo.kinesisvideo_stream + x-cfn-schema-name: Stream + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.DataRetentionInHours') as data_retention_in_hours, + JSON_EXTRACT(Properties, '$.DeviceName') as device_name, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.MediaType') as media_type, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KinesisVideo::Stream' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'DataRetentionInHours') as data_retention_in_hours, + json_extract_path_text(Properties, 'DeviceName') as device_name, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'MediaType') as media_type, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KinesisVideo::Stream' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/kms.yaml b/providers/src/aws/v00.00.00000/services/kms.yaml new file mode 100644 index 00000000..0342b542 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/kms.yaml @@ -0,0 +1,606 @@ +openapi: 3.0.0 +info: + title: KMS + version: 1.0.0 +paths: {} +components: + schemas: + Alias: + type: object + properties: + TargetKeyId: + minLength: 1 + description: |- + Associates the alias with the specified [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). The KMS key must be in the same AWS-account and Region. + A valid key ID is required. If you supply a null or empty string value, this operation returns an error. + For help finding the key ID and ARN, see [Finding the key ID and ARN](https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) in the *Developer Guide*. + Specify the key ID or the key ARN of the KMS key. + For example: + + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` + + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` + + To get the key ID and key ARN for a KMS key, use [ListKeys](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeys.html) or [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html). + type: string + maxLength: 256 + AliasName: + minLength: 1 + pattern: ^(alias/)[a-zA-Z0-9:/_-]+$ + description: |- + Specifies the alias name. This value must begin with ``alias/`` followed by a name, such as ``alias/ExampleAlias``. + If you change the value of the ``AliasName`` property, the existing alias is deleted and a new alias is created for the specified KMS key. This change can disrupt applications that use the alias. It can also allow or deny access to a KMS key affected by attribute-based access control (ABAC). + The alias must be string of 1-256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name cannot begin with ``alias/aws/``. The ``alias/aws/`` prefix is reserved for [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). + type: string + maxLength: 256 + required: + - AliasName + - TargetKeyId + x-stackql-resource-name: alias + description: >- + The ``AWS::KMS::Alias`` resource specifies a display name for a [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys). You can use an alias to identify a KMS key in the KMS console, in the [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) operation, and in [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations), such as + [Decrypt](https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html) and [GenerateDataKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html). + Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see [ABAC for](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *Developer Guide*. + Using an alias to refer to a KMS key can help you simplify key management. For example, an alias in your code can be associated with different KMS keys i + x-type-name: AWS::KMS::Alias + x-stackql-primary-identifier: + - AliasName + x-create-only-properties: + - AliasName + x-required-properties: + - AliasName + - TargetKeyId + x-tagging: + taggable: false + x-required-permissions: + read: + - kms:ListAliases + create: + - kms:CreateAlias + update: + - kms:UpdateAlias + list: + - kms:ListAliases + delete: + - kms:DeleteAlias + Tag: + description: A key-value pair to associate with a resource. + additionalProperties: false + type: object + properties: + Value: + minLength: 0 + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + maxLength: 256 + Key: + minLength: 1 + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + maxLength: 128 + required: + - Key + - Value + Key: + type: object + properties: + Description: + description: A description of the KMS key. Use a description that helps you to distinguish this KMS key from others in the account, such as its intended use. + type: string + minLength: 0 + maxLength: 8192 + Enabled: + description: |- + Specifies whether the KMS key is enabled. Disabled KMS keys cannot be used in cryptographic operations. + When ``Enabled`` is ``true``, the *key state* of the KMS key is ``Enabled``. When ``Enabled`` is ``false``, the key state of the KMS key is ``Disabled``. The default value is ``true``. + The actual key state of the KMS key might be affected by actions taken outside of CloudFormation, such as running the [EnableKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_EnableKey.html), [DisableKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DisableKey.html), or [ScheduleKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) operations. + For information about the key states of a KMS key, see [Key state: Effect on your KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the *Developer Guide*. + type: boolean + EnableKeyRotation: + description: |- + Enables automatic rotation of the key material for the specified KMS key. By default, automatic key rotation is not enabled. + KMS supports automatic rotation only for symmetric encryption KMS keys (``KeySpec`` = ``SYMMETRIC_DEFAULT``). For asymmetric KMS keys, HMAC KMS keys, and KMS keys with Origin ``EXTERNAL``, omit the ``EnableKeyRotation`` property or set it to ``false``. + To enable automatic key rotation of the key material for a multi-Region KMS key, set ``EnableKeyRotation`` to ``true`` on the primary key (created by using ``AWS::KMS::Key``). KMS copies the rotation status to all replica keys. For details, see [Rotating multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate) in the *Developer Guide*. + When you enable automatic rotation, KMS automatically creates new key material for the KMS key one year after the enable date and every year thereafter. KMS retains all key material until you delete the KMS key. For detailed information about automatic key rotation, see [Rotating KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) in the *Developer Guide*. + type: boolean + KeyPolicy: + description: |- + The key policy to attach to the KMS key. + If you provide a key policy, it must meet the following criteria: + + The key policy must allow the caller to make a subsequent [PutKeyPolicy](https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) in the *Developer Guide*. (To omit this condition, set ``BypassPolicyLockoutSafetyCheck`` to true.) + + Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see [Changes that I make are not always immediately visible](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) in the *User Guide*. + + If you do not provide a key policy, KMS attaches a default key policy to the KMS key. For more information, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) in the *Developer Guide*. + A key policy document can include only the following characters: + + Printable ASCII characters + + Printable characters in the Basic Latin and Latin-1 Supplement character set + + The tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) special characters + + *Minimum*: ``1`` + *Maximum*: ``32768`` + type: object + default: |- + { + "Version": "2012-10-17", + "Id": "key-default", + "Statement": [ + { + "Sid": "Enable IAM User Permissions", + "Effect": "Allow", + "Principal": { + "AWS": "arn::iam:::root" + }, + "Action": "kms:*", + "Resource": "*" + } + ] + } + KeyUsage: + description: |- + Determines the [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. The default value is ``ENCRYPT_DECRYPT``. This property is required for asymmetric KMS keys and HMAC KMS keys. You can't change the ``KeyUsage`` value after the KMS key is created. + If you change the value of the ``KeyUsage`` property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value. + Select only one valid value. + + For symmetric encryption KMS keys, omit the property or specify ``ENCRYPT_DECRYPT``. + + For asymmetric KMS keys with RSA key material, specify ``ENCRYPT_DECRYPT`` or ``SIGN_VERIFY``. + + For asymmetric KMS keys with ECC key material, specify ``SIGN_VERIFY``. + + For asymmetric KMS keys with SM2 (China Regions only) key material, specify ``ENCRYPT_DECRYPT`` or ``SIGN_VERIFY``. + + For HMAC KMS keys, specify ``GENERATE_VERIFY_MAC``. + type: string + default: ENCRYPT_DECRYPT + enum: + - ENCRYPT_DECRYPT + - SIGN_VERIFY + - GENERATE_VERIFY_MAC + Origin: + description: |- + The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The default is ``AWS_KMS``, which means that KMS creates the key material. + To [create a KMS key with no key material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html) (for imported key material), set this value to ``EXTERNAL``. For more information about importing key material into KMS, see [Importing Key Material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) in the *Developer Guide*. + You can ignore ``ENABLED`` when Origin is ``EXTERNAL``. When a KMS key with Origin ``EXTERNAL`` is created, the key state is ``PENDING_IMPORT`` and ``ENABLED`` is ``false``. After you import the key material, ``ENABLED`` updated to ``true``. The KMS key can then be used for Cryptographic Operations. + CFN doesn't support creating an ``Origin`` parameter of the ``AWS_CLOUDHSM`` or ``EXTERNAL_KEY_STORE`` values. + type: string + default: AWS_KMS + enum: + - AWS_KMS + - EXTERNAL + KeySpec: + description: >- + Specifies the type of KMS key to create. The default value, ``SYMMETRIC_DEFAULT``, creates a KMS key with a 256-bit symmetric key for encryption and decryption. In China Regions, ``SYMMETRIC_DEFAULT`` creates a 128-bit symmetric key that uses SM4 encryption. You can't change the ``KeySpec`` value after the KMS key is created. For help choosing a key spec for your KMS key, see [Choosing a KMS key type](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html) in + the *Developer Guide*. + The ``KeySpec`` property determines the type of key material in the KMS key and the algorithms that the KMS key supports. To further restrict the algorithms that can be used with the KMS key, use a condition key in its key policy or IAM policy. For more information, see [condition keys](https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms) in the *Developer Guide*. + If you change the value of the ``KeySpec`` property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value. + [services that are integrated with](https://docs.aws.amazon.com/kms/features/#AWS_Service_Integration) use symmetric encryption KMS keys to protect your data. These services do not support encryption with asymmetric KMS keys. For help determining whether a KMS key is asymmetric, see [Identifying asymmetric KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html) in the *Developer Guide*. + KMS supports the following key specs for KMS keys: + + Symmetric encryption key (default) + + ``SYMMETRIC_DEFAULT`` (AES-256-GCM) + + + HMAC keys (symmetric) + + ``HMAC_224`` + + ``HMAC_256`` + + ``HMAC_384`` + + ``HMAC_512`` + + + Asymmetric RSA key pairs + + ``RSA_2048`` + + ``RSA_3072`` + + ``RSA_4096`` + + + Asymmetric NIST-recommended elliptic curve key pairs + + ``ECC_NIST_P256`` (secp256r1) + + ``ECC_NIST_P384`` (secp384r1) + + ``ECC_NIST_P521`` (secp521r1) + + + Other asymmetric elliptic curve key pairs + + ``ECC_SECG_P256K1`` (secp256k1), commonly used for cryptocurrencies. + + + SM2 key pairs (China Regions only) + + ``SM2`` + type: string + default: SYMMETRIC_DEFAULT + enum: + - SYMMETRIC_DEFAULT + - RSA_2048 + - RSA_3072 + - RSA_4096 + - ECC_NIST_P256 + - ECC_NIST_P384 + - ECC_NIST_P521 + - ECC_SECG_P256K1 + - HMAC_224 + - HMAC_256 + - HMAC_384 + - HMAC_512 + - SM2 + MultiRegion: + description: |- + Creates a multi-Region primary key that you can replicate in other AWS-Regions. You can't change the ``MultiRegion`` value after the KMS key is created. + For a list of AWS-Regions in which multi-Region keys are supported, see [Multi-Region keys in](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the **. + If you change the value of the ``MultiRegion`` property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value. + For a multi-Region key, set to this property to ``true``. For a single-Region key, omit this property or set it to ``false``. The default value is ``false``. + *Multi-Region keys* are an KMS feature that lets you create multiple interoperable KMS keys in different AWS-Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS-Region and decrypt it in a different AWS-Region without making a cross-Region call or exposing the plaintext data. For more information, see [Multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *Developer Guide*. + You can create a symmetric encryption, HMAC, or asymmetric multi-Region KMS key, and you can create a multi-Region key with imported key material. However, you cannot create a multi-Region key in a custom key store. + To create a replica of this primary key in a different AWS-Region , create an [AWS::KMS::ReplicaKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html) resource in a CloudFormation stack in the replica Region. Specify the key ARN of this primary key. + type: boolean + default: false + PendingWindowInDays: + description: |- + Specifies the number of days in the waiting period before KMS deletes a KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days. + When you remove a KMS key from a CloudFormation stack, KMS schedules the KMS key for deletion and starts the mandatory waiting period. The ``PendingWindowInDays`` property determines the length of waiting period. During the waiting period, the key state of KMS key is ``Pending Deletion`` or ``Pending Replica Deletion``, which prevents the KMS key from being used in cryptographic operations. When the waiting period expires, KMS permanently deletes the KMS key. + KMS will not delete a [multi-Region primary key](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) that has replica keys. If you remove a multi-Region primary key from a CloudFormation stack, its key state changes to ``PendingReplicaDeletion`` so it cannot be replicated or used in cryptographic operations. This state can persist indefinitely. When the last of its replica keys is deleted, the key state of the primary key changes to ``PendingDeletion`` and the waiting period specified by ``PendingWindowInDays`` begins. When this waiting period expires, KMS deletes the primary key. For details, see [Deleting multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html) in the *Developer Guide*. + You cannot use a CloudFormation template to cancel deletion of the KMS key after you remove it from the stack, regardless of the waiting period. If you specify a KMS key in your template, even one with the same name, CloudFormation creates a new KMS key. To cancel deletion of a KMS key, use the KMS console or the [CancelKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_CancelKeyDeletion.html) operation. + For information about the ``Pending Deletion`` and ``Pending Replica Deletion`` key states, see [Key state: Effect on your KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the *Developer Guide*. For more information about deleting KMS keys, see the [ScheduleKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) operation in the *API Reference* and [Deleting KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) in the *Developer Guide*. + type: integer + minimum: 7 + maximum: 30 + Tags: + description: |- + Assigns one or more tags to the replica key. + Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see [ABAC for](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *Developer Guide*. + For information about tags in KMS, see [Tagging keys](https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html) in the *Developer Guide*. For information about tags in CloudFormation, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Arn: + type: string + description: '' + KeyId: + type: string + description: '' + BypassPolicyLockoutSafetyCheck: + description: |- + Skips ("bypasses") the key policy lockout safety check. The default value is false. + Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. + For more information, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) in the *Developer Guide*. + Use this parameter only when you intend to prevent the principal that is making the request from making a subsequent [PutKeyPolicy](https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) request on the KMS key. + type: boolean + default: false + RotationPeriodInDays: + description: '' + type: integer + minimum: 90 + maximum: 2560 + default: 365 + x-stackql-resource-name: key + description: >- + The ``AWS::KMS::Key`` resource specifies an [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) in KMSlong. You can use this resource to create symmetric encryption KMS keys, asymmetric KMS keys for encryption or signing, and symmetric HMAC KMS keys. You can use ``AWS::KMS::Key`` to create [multi-Region primary keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-primary-key) of all supported types. To + replicate a multi-Region key, use the ``AWS::KMS::ReplicaKey`` resource. + If you change the value of the ``KeySpec``, ``KeyUsage``, ``Origin``, or ``MultiRegion`` properties of an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing any of its immutable property values. + KMS replaced the term *customer master key (CMK)* with ** and *KMS key*. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term. + You can use symmetric encryption KMS keys to encrypt and decrypt small amounts of data, but they are more commonly used to generate data keys and data key pairs. You can also use a symmetric encryption KMS key to encrypt data stored in AWS services that are [integrated with](https://docs.aws.amazon.com//kms/features/#AWS_Service_Integration). For more information, see [Symmetric encryption KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks) in the *Developer Guide*. + You can use asymmetric KMS keys to encrypt and decrypt data or sign messages and verify signatures. To create an asymmetric key, you must specify an asymmetric ``KeySpec`` value and a ``KeyUsage`` value. For details, see [Asymmetric keys in](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) in the *Developer Guide*. + You can use HMAC KMS keys (which are also symmetric keys) to generate and verify hash-based message authentication codes. To create an HMAC key, you must specify an HMAC ``KeySpec`` value and a ``KeyUsage`` value of ``GENERATE_VERIFY_MAC``. For details, see [HMAC keys in](https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) in the *Developer Guide*. + You can also create symmetric encryption, asymmetric, and HMAC multi-Region primary keys. To create a multi-Region primary key, set the ``MultiRegion`` property to ``true``. For information about multi-Region keys, see [Multi-Region keys in](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *Developer Guide*. + You cannot use the ``AWS::KMS::Key`` resource to specify a KMS key with [imported key material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) or a KMS key in a [custom key store](https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). + *Regions* + KMS CloudFormation resources are available in all Regions in which KMS and CFN are supported. You can use the ``AWS::KMS::Key`` resource to create and manage all KMS key types that are supported in a Region. + x-type-name: AWS::KMS::Key + x-stackql-primary-identifier: + - KeyId + x-write-only-properties: + - PendingWindowInDays + - BypassPolicyLockoutSafetyCheck + - RotationPeriodInDays + x-read-only-properties: + - Arn + - KeyId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - kms:CreateKey + - kms:EnableKeyRotation + - kms:DisableKey + - kms:TagResource + - kms:PutKeyPolicy + read: + - kms:DescribeKey + - kms:GetKeyPolicy + - kms:GetKeyRotationStatus + - kms:ListResourceTags + update: + - kms:DescribeKey + - kms:DisableKey + - kms:DisableKeyRotation + - kms:EnableKey + - kms:EnableKeyRotation + - kms:PutKeyPolicy + - kms:TagResource + - kms:UntagResource + - kms:UpdateKeyDescription + - kms:ListResourceTags + delete: + - kms:DescribeKey + - kms:ScheduleKeyDeletion + list: + - kms:ListKeys + - kms:DescribeKey + ReplicaKey: + type: object + properties: + Description: + minLength: 0 + description: A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use. + type: string + maxLength: 8192 + PendingWindowInDays: + description: Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days. + maximum: 30 + type: integer + minimum: 7 + KeyPolicy: + description: The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules. + type: object + PrimaryKeyArn: + minLength: 1 + description: Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide. + type: string + maxLength: 256 + Enabled: + description: Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations. + type: boolean + KeyId: + type: string + Arn: + type: string + Tags: + uniqueItems: true + description: An array of key-value pairs to apply to this resource. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - PrimaryKeyArn + - KeyPolicy + x-stackql-resource-name: replica_key + description: The AWS::KMS::ReplicaKey resource specifies a multi-region replica AWS KMS key in AWS Key Management Service (AWS KMS). + x-type-name: AWS::KMS::ReplicaKey + x-stackql-primary-identifier: + - KeyId + x-create-only-properties: + - PrimaryKeyArn + x-write-only-properties: + - PendingWindowInDays + x-read-only-properties: + - Arn + - KeyId + x-required-properties: + - PrimaryKeyArn + - KeyPolicy + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + read: + - kms:DescribeKey + - kms:GetKeyPolicy + - kms:ListResourceTags + create: + - kms:ReplicateKey + - kms:CreateKey + - kms:DescribeKey + - kms:DisableKey + - kms:TagResource + update: + - kms:DescribeKey + - kms:DisableKey + - kms:EnableKey + - kms:PutKeyPolicy + - kms:TagResource + - kms:UntagResource + - kms:UpdateKeyDescription + list: + - kms:ListKeys + - kms:DescribeKey + delete: + - kms:DescribeKey + - kms:ScheduleKeyDeletion + x-stackQL-resources: + aliases: + name: aliases + id: aws.kms.aliases + x-cfn-schema-name: Alias + x-type: list + x-identifiers: + - AliasName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AliasName') as alias_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KMS::Alias' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AliasName') as alias_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KMS::Alias' + AND region = 'us-east-1' + alias: + name: alias + id: aws.kms.alias + x-cfn-schema-name: Alias + x-type: get + x-identifiers: + - AliasName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TargetKeyId') as target_key_id, + JSON_EXTRACT(Properties, '$.AliasName') as alias_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KMS::Alias' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TargetKeyId') as target_key_id, + json_extract_path_text(Properties, 'AliasName') as alias_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KMS::Alias' + AND data__Identifier = '' + AND region = 'us-east-1' + keys: + name: keys + id: aws.kms.keys + x-cfn-schema-name: Key + x-type: list + x-identifiers: + - KeyId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.KeyId') as key_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KMS::Key' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'KeyId') as key_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KMS::Key' + AND region = 'us-east-1' + key: + name: key + id: aws.kms.key + x-cfn-schema-name: Key + x-type: get + x-identifiers: + - KeyId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Enabled') as enabled, + JSON_EXTRACT(Properties, '$.EnableKeyRotation') as enable_key_rotation, + JSON_EXTRACT(Properties, '$.KeyPolicy') as key_policy, + JSON_EXTRACT(Properties, '$.KeyUsage') as key_usage, + JSON_EXTRACT(Properties, '$.Origin') as origin, + JSON_EXTRACT(Properties, '$.KeySpec') as key_spec, + JSON_EXTRACT(Properties, '$.MultiRegion') as multi_region, + JSON_EXTRACT(Properties, '$.PendingWindowInDays') as pending_window_in_days, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.KeyId') as key_id, + JSON_EXTRACT(Properties, '$.BypassPolicyLockoutSafetyCheck') as bypass_policy_lockout_safety_check, + JSON_EXTRACT(Properties, '$.RotationPeriodInDays') as rotation_period_in_days + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KMS::Key' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Enabled') as enabled, + json_extract_path_text(Properties, 'EnableKeyRotation') as enable_key_rotation, + json_extract_path_text(Properties, 'KeyPolicy') as key_policy, + json_extract_path_text(Properties, 'KeyUsage') as key_usage, + json_extract_path_text(Properties, 'Origin') as origin, + json_extract_path_text(Properties, 'KeySpec') as key_spec, + json_extract_path_text(Properties, 'MultiRegion') as multi_region, + json_extract_path_text(Properties, 'PendingWindowInDays') as pending_window_in_days, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'KeyId') as key_id, + json_extract_path_text(Properties, 'BypassPolicyLockoutSafetyCheck') as bypass_policy_lockout_safety_check, + json_extract_path_text(Properties, 'RotationPeriodInDays') as rotation_period_in_days + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KMS::Key' + AND data__Identifier = '' + AND region = 'us-east-1' + replica_keys: + name: replica_keys + id: aws.kms.replica_keys + x-cfn-schema-name: ReplicaKey + x-type: list + x-identifiers: + - KeyId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.KeyId') as key_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KMS::ReplicaKey' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'KeyId') as key_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::KMS::ReplicaKey' + AND region = 'us-east-1' + replica_key: + name: replica_key + id: aws.kms.replica_key + x-cfn-schema-name: ReplicaKey + x-type: get + x-identifiers: + - KeyId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.PendingWindowInDays') as pending_window_in_days, + JSON_EXTRACT(Properties, '$.KeyPolicy') as key_policy, + JSON_EXTRACT(Properties, '$.PrimaryKeyArn') as primary_key_arn, + JSON_EXTRACT(Properties, '$.Enabled') as enabled, + JSON_EXTRACT(Properties, '$.KeyId') as key_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KMS::ReplicaKey' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'PendingWindowInDays') as pending_window_in_days, + json_extract_path_text(Properties, 'KeyPolicy') as key_policy, + json_extract_path_text(Properties, 'PrimaryKeyArn') as primary_key_arn, + json_extract_path_text(Properties, 'Enabled') as enabled, + json_extract_path_text(Properties, 'KeyId') as key_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KMS::ReplicaKey' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/lakeformation.yaml b/providers/src/aws/v00.00.00000/services/lakeformation.yaml new file mode 100644 index 00000000..049c16a8 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/lakeformation.yaml @@ -0,0 +1,727 @@ +openapi: 3.0.0 +info: + title: LakeFormation + version: 1.0.0 +paths: {} +components: + schemas: + CatalogIdString: + type: string + minLength: 12 + maxLength: 12 + NameString: + type: string + minLength: 1 + maxLength: 255 + RowFilter: + description: An object representing the Data Cells Filter's Row Filter. Either a Filter Expression or a Wildcard is required. + type: object + properties: + FilterExpression: + description: A PartiQL predicate. + type: string + AllRowsWildcard: + description: An empty object representing a row wildcard. + type: object + additionalProperties: false + additionalProperties: false + ColumnNames: + type: array + items: + $ref: '#/components/schemas/NameString' + x-insertionOrder: false + ColumnWildcard: + type: object + properties: + ExcludedColumnNames: + $ref: '#/components/schemas/ColumnNames' + description: Excludes column names. Any column with this name will be excluded. + additionalProperties: false + description: A wildcard object, consisting of an optional list of excluded column names or indexes. + DataCellsFilter: + type: object + properties: + TableCatalogId: + description: The Catalog Id of the Table on which to create a Data Cells Filter. + $ref: '#/components/schemas/CatalogIdString' + DatabaseName: + description: The name of the Database that the Table resides in. + $ref: '#/components/schemas/NameString' + TableName: + description: The name of the Table to create a Data Cells Filter for. + $ref: '#/components/schemas/NameString' + Name: + description: The desired name of the Data Cells Filter. + $ref: '#/components/schemas/NameString' + RowFilter: + description: An object representing the Data Cells Filter's Row Filter. Either a Filter Expression or a Wildcard is required + $ref: '#/components/schemas/RowFilter' + ColumnNames: + description: A list of columns to be included in this Data Cells Filter. + $ref: '#/components/schemas/ColumnNames' + ColumnWildcard: + description: An object representing the Data Cells Filter's Columns. Either Column Names or a Wildcard is required + $ref: '#/components/schemas/ColumnWildcard' + required: + - TableCatalogId + - DatabaseName + - TableName + - Name + x-stackql-resource-name: data_cells_filter + description: A resource schema representing a Lake Formation Data Cells Filter. + x-type-name: AWS::LakeFormation::DataCellsFilter + x-stackql-primary-identifier: + - TableCatalogId + - DatabaseName + - TableName + - Name + x-create-only-properties: + - TableCatalogId + - DatabaseName + - TableName + - Name + - RowFilter + - ColumnNames + - ColumnWildcard + x-required-properties: + - TableCatalogId + - DatabaseName + - TableName + - Name + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + x-required-permissions: + create: + - lakeformation:CreateDataCellsFilter + - glue:GetTable + delete: + - lakeformation:DeleteDataCellsFilter + read: + - lakeformation:ListDataCellsFilter + list: + - lakeformation:ListDataCellsFilter + PathString: + type: string + ResourceArnString: + type: string + IAMRoleArn: + type: string + pattern: arn:*:iam::[0-9]*:role/.* + LFTag: + type: object + properties: + TagKey: + $ref: '#/components/schemas/LFTagKey' + description: The key-name for the LF-tag. + TagValues: + $ref: '#/components/schemas/TagValueList' + description: A list of possible values of the corresponding ``TagKey`` of an LF-tag key-value pair. + additionalProperties: false + description: The LF-tag key and values attached to a resource. + LFTagPair: + type: object + properties: + CatalogId: + $ref: '#/components/schemas/CatalogIdString' + TagKey: + $ref: '#/components/schemas/LFTagKey' + TagValues: + $ref: '#/components/schemas/TagValueList' + required: + - CatalogId + - TagKey + - TagValues + additionalProperties: false + LFTagsList: + type: array + items: + $ref: '#/components/schemas/LFTagPair' + x-insertionOrder: false + Expression: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/LFTag' + minItems: 1 + maxItems: 5 + DataLakePrincipalString: + type: string + minLength: 1 + maxLength: 255 + DataLakePrincipal: + type: object + properties: + DataLakePrincipalIdentifier: + $ref: '#/components/schemas/DataLakePrincipalString' + additionalProperties: false + ResourceType: + type: string + enum: + - DATABASE + - TABLE + CatalogResource: + type: object + additionalProperties: false + DatabaseResource: + type: object + properties: + CatalogId: + $ref: '#/components/schemas/CatalogIdString' + Name: + $ref: '#/components/schemas/NameString' + required: + - CatalogId + - Name + additionalProperties: false + TableWildcard: + type: object + additionalProperties: false + TableResource: + type: object + properties: + CatalogId: + $ref: '#/components/schemas/CatalogIdString' + DatabaseName: + $ref: '#/components/schemas/NameString' + Name: + $ref: '#/components/schemas/NameString' + TableWildcard: + $ref: '#/components/schemas/TableWildcard' + required: + - CatalogId + - DatabaseName + additionalProperties: false + TableWithColumnsResource: + type: object + properties: + CatalogId: + $ref: '#/components/schemas/CatalogIdString' + DatabaseName: + $ref: '#/components/schemas/NameString' + Name: + $ref: '#/components/schemas/NameString' + ColumnNames: + $ref: '#/components/schemas/ColumnNames' + required: + - CatalogId + - DatabaseName + - Name + - ColumnNames + additionalProperties: false + DataLocationResource: + type: object + properties: + CatalogId: + $ref: '#/components/schemas/CatalogIdString' + description: The identifier for the GLUDC where the location is registered with LFlong. + ResourceArn: + $ref: '#/components/schemas/ResourceArnString' + description: The Amazon Resource Name (ARN) that uniquely identifies the data location resource. + additionalProperties: false + required: + - CatalogId + - ResourceArn + description: A structure for a data location object where permissions are granted or revoked. + DataCellsFilterResource: + type: object + properties: + TableCatalogId: + $ref: '#/components/schemas/CatalogIdString' + description: The ID of the catalog to which the table belongs. + DatabaseName: + $ref: '#/components/schemas/NameString' + description: A database in the GLUDC. + TableName: + $ref: '#/components/schemas/NameString' + description: The name of the table. + Name: + $ref: '#/components/schemas/NameString' + description: The name given by the user to the data filter cell. + additionalProperties: false + required: + - TableCatalogId + - DatabaseName + - TableName + - Name + description: A structure that describes certain columns on certain rows. + LFTagKeyResource: + type: object + properties: + CatalogId: + $ref: '#/components/schemas/CatalogIdString' + description: The identifier for the GLUDC where the location is registered with GLUDC. + TagKey: + $ref: '#/components/schemas/NameString' + description: The key-name for the LF-tag. + TagValues: + $ref: '#/components/schemas/TagValueList' + description: A list of possible values for the corresponding ``TagKey`` of an LF-tag key-value pair. + additionalProperties: false + required: + - CatalogId + - TagKey + - TagValues + description: A structure containing an LF-tag key and values for a resource. + LFTagPolicyResource: + type: object + properties: + CatalogId: + $ref: '#/components/schemas/CatalogIdString' + description: The identifier for the GLUDC. The GLUDC is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your LFlong environment. + ResourceType: + $ref: '#/components/schemas/ResourceType' + description: The resource type for which the LF-tag policy applies. + Expression: + $ref: '#/components/schemas/Expression' + description: A list of LF-tag conditions that apply to the resource's LF-tag policy. + additionalProperties: false + required: + - CatalogId + - ResourceType + - Expression + description: |- + A list of LF-tag conditions that define a resource's LF-tag policy. + A structure that allows an admin to grant user permissions on certain conditions. For example, granting a role access to all columns that do not have the LF-tag 'PII' in tables that have the LF-tag 'Prod'. + Resource: + type: object + properties: + Catalog: + $ref: '#/components/schemas/CatalogResource' + Database: + $ref: '#/components/schemas/DatabaseResource' + Table: + $ref: '#/components/schemas/TableResource' + TableWithColumns: + $ref: '#/components/schemas/TableWithColumnsResource' + additionalProperties: false + NullableBoolean: + type: boolean + Permission: + type: string + enum: + - ALL + - SELECT + - ALTER + - DROP + - DELETE + - INSERT + - DESCRIBE + - CREATE_DATABASE + - CREATE_TABLE + - DATA_LOCATION_ACCESS + - CREATE_TAG + - ASSOCIATE + LFTagKey: + type: string + minLength: 1 + maxLength: 128 + LFTagValue: + type: string + minLength: 0 + maxLength: 256 + DataLakePrincipalList: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/DataLakePrincipal' + PermissionList: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Permission' + TagValueList: + type: array + items: + $ref: '#/components/schemas/LFTagValue' + x-insertionOrder: false + minItems: 1 + maxItems: 50 + PrincipalResourcePair: + type: object + properties: + Principal: + $ref: '#/components/schemas/DataLakePrincipal' + Resource: + $ref: '#/components/schemas/Resource' + additionalProperties: false + required: + - Principal + - Resource + description: '' + PrincipalPermissions: + type: object + properties: + Catalog: + $ref: '#/components/schemas/CatalogIdString' + description: The identifier for the GLUDC. By default, the account ID. The GLUDC is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. + Principal: + $ref: '#/components/schemas/DataLakePrincipal' + description: The principal to be granted a permission. + Resource: + $ref: '#/components/schemas/Resource' + description: The resource to be granted or revoked permissions. + Permissions: + $ref: '#/components/schemas/PermissionList' + description: The permissions granted or revoked. + PermissionsWithGrantOption: + $ref: '#/components/schemas/PermissionList' + description: Indicates the ability to grant permissions (as a subset of permissions granted). + PrincipalIdentifier: + type: string + description: '' + ResourceIdentifier: + type: string + description: '' + required: + - Principal + - Resource + - Permissions + - PermissionsWithGrantOption + x-stackql-resource-name: principal_permissions + description: The ``AWS::LakeFormation::PrincipalPermissions`` resource represents the permissions that a principal has on a GLUDC resource (such as GLUlong databases or GLUlong tables). When you create a ``PrincipalPermissions`` resource, the permissions are granted via the LFlong ``GrantPermissions`` API operation. When you delete a ``PrincipalPermissions`` resource, the permissions on principal-resource pair are revoked via the LFlong ``RevokePermissions`` API operation. + x-type-name: AWS::LakeFormation::PrincipalPermissions + x-stackql-primary-identifier: + - PrincipalIdentifier + - ResourceIdentifier + x-create-only-properties: + - Catalog + - Principal + - Resource + - Permissions + - PermissionsWithGrantOption + x-read-only-properties: + - PrincipalIdentifier + - ResourceIdentifier + x-required-properties: + - Principal + - Resource + - Permissions + - PermissionsWithGrantOption + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + x-required-permissions: + create: + - lakeformation:GrantPermissions + - lakeformation:ListPermissions + - glue:GetTable + - glue:GetDatabase + read: + - lakeformation:ListPermissions + - glue:GetTable + - glue:GetDatabase + delete: + - lakeformation:RevokePermissions + - lakeformation:ListPermissions + - glue:GetTable + - glue:GetDatabase + PrincipalPermissionsList: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/PrincipalPermissions' + Tag: + type: object + properties: + CatalogId: + description: The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. + $ref: '#/components/schemas/CatalogIdString' + TagKey: + description: The key-name for the LF-tag. + $ref: '#/components/schemas/LFTagKey' + TagValues: + description: A list of possible values an attribute can take. + $ref: '#/components/schemas/TagValueList' + required: + - TagKey + - TagValues + x-stackql-resource-name: tag + description: A resource schema representing a Lake Formation Tag. + x-type-name: AWS::LakeFormation::Tag + x-stackql-primary-identifier: + - TagKey + x-create-only-properties: + - CatalogId + - TagKey + x-required-properties: + - TagKey + - TagValues + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + x-required-permissions: + create: + - lakeformation:CreateLFTag + read: + - lakeformation:GetLFTag + update: + - lakeformation:UpdateLFTag + delete: + - lakeformation:DeleteLFTag + list: + - lakeformation:ListLFTags + TagAssociation: + type: object + properties: + Resource: + description: Resource to tag with the Lake Formation Tags + $ref: '#/components/schemas/Resource' + LFTags: + description: List of Lake Formation Tags to associate with the Lake Formation Resource + $ref: '#/components/schemas/LFTagsList' + ResourceIdentifier: + description: Unique string identifying the resource. Used as primary identifier, which ideally should be a string + type: string + TagsIdentifier: + description: Unique string identifying the resource's tags. Used as primary identifier, which ideally should be a string + type: string + required: + - Resource + - LFTags + x-stackql-resource-name: tag_association + description: A resource schema representing a Lake Formation Tag Association. While tag associations are not explicit Lake Formation resources, this CloudFormation resource can be used to associate tags with Lake Formation entities. + x-type-name: AWS::LakeFormation::TagAssociation + x-stackql-primary-identifier: + - ResourceIdentifier + - TagsIdentifier + x-create-only-properties: + - Resource + - LFTags + x-read-only-properties: + - ResourceIdentifier + - TagsIdentifier + x-required-properties: + - Resource + - LFTags + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + x-required-permissions: + create: + - lakeformation:AddLFTagsToResource + - glue:GetDatabase + - glue:GetTable + read: + - lakeformation:GetResourceLFTags + - glue:GetDatabase + - glue:GetTable + delete: + - lakeformation:RemoveLFTagsFromResource + - glue:GetDatabase + - glue:GetTable + x-stackQL-resources: + data_cells_filters: + name: data_cells_filters + id: aws.lakeformation.data_cells_filters + x-cfn-schema-name: DataCellsFilter + x-type: list + x-identifiers: + - TableCatalogId + - DatabaseName + - TableName + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TableCatalogId') as table_catalog_id, + JSON_EXTRACT(Properties, '$.DatabaseName') as database_name, + JSON_EXTRACT(Properties, '$.TableName') as table_name, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LakeFormation::DataCellsFilter' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TableCatalogId') as table_catalog_id, + json_extract_path_text(Properties, 'DatabaseName') as database_name, + json_extract_path_text(Properties, 'TableName') as table_name, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LakeFormation::DataCellsFilter' + AND region = 'us-east-1' + data_cells_filter: + name: data_cells_filter + id: aws.lakeformation.data_cells_filter + x-cfn-schema-name: DataCellsFilter + x-type: get + x-identifiers: + - TableCatalogId + - DatabaseName + - TableName + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TableCatalogId') as table_catalog_id, + JSON_EXTRACT(Properties, '$.DatabaseName') as database_name, + JSON_EXTRACT(Properties, '$.TableName') as table_name, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RowFilter') as row_filter, + JSON_EXTRACT(Properties, '$.ColumnNames') as column_names, + JSON_EXTRACT(Properties, '$.ColumnWildcard') as column_wildcard + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LakeFormation::DataCellsFilter' + AND data__Identifier = '|||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TableCatalogId') as table_catalog_id, + json_extract_path_text(Properties, 'DatabaseName') as database_name, + json_extract_path_text(Properties, 'TableName') as table_name, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RowFilter') as row_filter, + json_extract_path_text(Properties, 'ColumnNames') as column_names, + json_extract_path_text(Properties, 'ColumnWildcard') as column_wildcard + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LakeFormation::DataCellsFilter' + AND data__Identifier = '|||' + AND region = 'us-east-1' + principal_permissions: + name: principal_permissions + id: aws.lakeformation.principal_permissions + x-cfn-schema-name: PrincipalPermissions + x-type: get + x-identifiers: + - PrincipalIdentifier + - ResourceIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Catalog') as catalog, + JSON_EXTRACT(Properties, '$.Principal') as principal, + JSON_EXTRACT(Properties, '$.Resource') as resource, + JSON_EXTRACT(Properties, '$.Permissions') as permissions, + JSON_EXTRACT(Properties, '$.PermissionsWithGrantOption') as permissions_with_grant_option, + JSON_EXTRACT(Properties, '$.PrincipalIdentifier') as principal_identifier, + JSON_EXTRACT(Properties, '$.ResourceIdentifier') as resource_identifier + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LakeFormation::PrincipalPermissions' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Catalog') as catalog, + json_extract_path_text(Properties, 'Principal') as principal, + json_extract_path_text(Properties, 'Resource') as resource, + json_extract_path_text(Properties, 'Permissions') as permissions, + json_extract_path_text(Properties, 'PermissionsWithGrantOption') as permissions_with_grant_option, + json_extract_path_text(Properties, 'PrincipalIdentifier') as principal_identifier, + json_extract_path_text(Properties, 'ResourceIdentifier') as resource_identifier + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LakeFormation::PrincipalPermissions' + AND data__Identifier = '|' + AND region = 'us-east-1' + tags: + name: tags + id: aws.lakeformation.tags + x-cfn-schema-name: Tag + x-type: list + x-identifiers: + - TagKey + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TagKey') as tag_key + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LakeFormation::Tag' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TagKey') as tag_key + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LakeFormation::Tag' + AND region = 'us-east-1' + tag: + name: tag + id: aws.lakeformation.tag + x-cfn-schema-name: Tag + x-type: get + x-identifiers: + - TagKey + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CatalogId') as catalog_id, + JSON_EXTRACT(Properties, '$.TagKey') as tag_key, + JSON_EXTRACT(Properties, '$.TagValues') as tag_values + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LakeFormation::Tag' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CatalogId') as catalog_id, + json_extract_path_text(Properties, 'TagKey') as tag_key, + json_extract_path_text(Properties, 'TagValues') as tag_values + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LakeFormation::Tag' + AND data__Identifier = '' + AND region = 'us-east-1' + tag_association: + name: tag_association + id: aws.lakeformation.tag_association + x-cfn-schema-name: TagAssociation + x-type: get + x-identifiers: + - ResourceIdentifier + - TagsIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Resource') as resource, + JSON_EXTRACT(Properties, '$.LFTags') as lf_tags, + JSON_EXTRACT(Properties, '$.ResourceIdentifier') as resource_identifier, + JSON_EXTRACT(Properties, '$.TagsIdentifier') as tags_identifier + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LakeFormation::TagAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Resource') as resource, + json_extract_path_text(Properties, 'LFTags') as lf_tags, + json_extract_path_text(Properties, 'ResourceIdentifier') as resource_identifier, + json_extract_path_text(Properties, 'TagsIdentifier') as tags_identifier + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LakeFormation::TagAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/lambda.yaml b/providers/src/aws/v00.00.00000/services/lambda.yaml new file mode 100644 index 00000000..419af130 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/lambda.yaml @@ -0,0 +1,2162 @@ +openapi: 3.0.0 +info: + title: Lambda + version: 1.0.0 +paths: {} +components: + schemas: + AllowedPublishers: + type: object + description: When the CodeSigningConfig is later on attached to a function, the function code will be expected to be signed by profiles from this list + additionalProperties: false + properties: + SigningProfileVersionArns: + type: array + description: List of Signing profile version Arns + minItems: 1 + maxItems: 20 + items: + type: string + pattern: arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}(-gov)?-[a-z]+-\d{1})?:(\d{12})?:(.*) + minLength: 12 + maxLength: 1024 + required: + - SigningProfileVersionArns + CodeSigningPolicies: + type: object + description: Policies to control how to act if a signature is invalid + additionalProperties: false + properties: + UntrustedArtifactOnDeployment: + type: string + description: Indicates how Lambda operations involve updating the code artifact will operate. Default to Warn if not provided + default: Warn + enum: + - Warn + - Enforce + required: + - UntrustedArtifactOnDeployment + CodeSigningConfig: + type: object + properties: + Description: + description: A description of the CodeSigningConfig + type: string + minLength: 0 + maxLength: 256 + AllowedPublishers: + description: When the CodeSigningConfig is later on attached to a function, the function code will be expected to be signed by profiles from this list + $ref: '#/components/schemas/AllowedPublishers' + CodeSigningPolicies: + description: Policies to control how to act if a signature is invalid + $ref: '#/components/schemas/CodeSigningPolicies' + CodeSigningConfigId: + description: A unique identifier for CodeSigningConfig resource + type: string + pattern: csc-[a-zA-Z0-9-_\.]{17} + CodeSigningConfigArn: + description: A unique Arn for CodeSigningConfig resource + type: string + pattern: arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:\d{12}:code-signing-config:csc-[a-z0-9]{17} + required: + - AllowedPublishers + x-stackql-resource-name: code_signing_config + description: Resource Type definition for AWS::Lambda::CodeSigningConfig. + x-type-name: AWS::Lambda::CodeSigningConfig + x-stackql-primary-identifier: + - CodeSigningConfigArn + x-read-only-properties: + - CodeSigningConfigId + - CodeSigningConfigArn + x-required-properties: + - AllowedPublishers + x-required-permissions: + create: + - lambda:CreateCodeSigningConfig + read: + - lambda:GetCodeSigningConfig + update: + - lambda:UpdateCodeSigningConfig + delete: + - lambda:DeleteCodeSigningConfig + list: + - lambda:ListCodeSigningConfigs + DestinationConfig: + type: object + additionalProperties: false + description: A configuration object that specifies the destination of an event after Lambda processes it. + properties: + OnFailure: + description: The destination configuration for failed invocations. + $ref: '#/components/schemas/OnFailure' + OnFailure: + type: object + description: A destination for events that failed processing. + additionalProperties: false + properties: + Destination: + description: |- + The Amazon Resource Name (ARN) of the destination resource. + To retain records of [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations), you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination. + To retain records of failed invocations from [Kinesis and DynamoDB event sources](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#event-source-mapping-destinations), you can configure an Amazon SNS topic or Amazon SQS queue as the destination. + To retain records of failed invocations from [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination), you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination. + type: string + pattern: arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}(-gov)?(-iso)?(-isob)?-[a-z]+-\d{1})?:(\d{12})?:(.*) + minLength: 12 + maxLength: 1024 + OnSuccess: + description: The destination configuration for successful invocations. + type: object + properties: + Destination: + description: The Amazon Resource Name (ARN) of the destination resource. + type: string + pattern: ^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}(-gov)?-[a-z]+-\d{1})?:(\d{12})?:(.*) + minLength: 0 + maxLength: 350 + required: + - Destination + additionalProperties: false + EventInvokeConfig: + type: object + properties: + DestinationConfig: + $ref: '#/components/schemas/DestinationConfig' + FunctionName: + description: The name of the Lambda function. + type: string + pattern: ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$ + MaximumEventAgeInSeconds: + description: The maximum age of a request that Lambda sends to a function for processing. + type: integer + minimum: 60 + maximum: 21600 + MaximumRetryAttempts: + description: The maximum number of times to retry when the function returns an error. + type: integer + minimum: 0 + maximum: 2 + Qualifier: + description: The identifier of a version or alias. + type: string + pattern: ^(|[a-zA-Z0-9$_-]{1,129})$ + required: + - FunctionName + - Qualifier + x-stackql-resource-name: event_invoke_config + description: The AWS::Lambda::EventInvokeConfig resource configures options for asynchronous invocation on a version or an alias. + x-type-name: AWS::Lambda::EventInvokeConfig + x-stackql-primary-identifier: + - FunctionName + - Qualifier + x-create-only-properties: + - FunctionName + - Qualifier + x-required-properties: + - FunctionName + - Qualifier + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - lambda:PutFunctionEventInvokeConfig + read: + - lambda:GetFunctionEventInvokeConfig + update: + - lambda:UpdateFunctionEventInvokeConfig + delete: + - lambda:DeleteFunctionEventInvokeConfig + list: + - lambda:ListFunctionEventInvokeConfigs + FilterCriteria: + type: object + description: An object that contains the filters for an event source. + additionalProperties: false + properties: + Filters: + description: A list of filters. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Filter' + minItems: 1 + maxItems: 20 + Filter: + type: object + description: A structure within a ``FilterCriteria`` object that defines an event filtering pattern. + additionalProperties: false + properties: + Pattern: + type: string + description: A filter pattern. For more information on the syntax of a filter pattern, see [Filter rule syntax](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-syntax). + pattern: .* + minLength: 0 + maxLength: 4096 + SourceAccessConfiguration: + type: object + additionalProperties: false + description: An array of the authentication protocol, VPC components, or virtual host to secure and define your event source. + properties: + Type: + description: |- + The type of authentication protocol, VPC components, or virtual host for your event source. For example: ``"Type":"SASL_SCRAM_512_AUTH"``. + + ``BASIC_AUTH`` – (Amazon MQ) The ASMlong secret that stores your broker credentials. + + ``BASIC_AUTH`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL/PLAIN authentication of your Apache Kafka brokers. + + ``VPC_SUBNET`` – (Self-managed Apache Kafka) The subnets associated with your VPC. Lambda connects to these subnets to fetch data from your self-managed Apache Kafka cluster. + + ``VPC_SECURITY_GROUP`` – (Self-managed Apache Kafka) The VPC security group used to manage access to your self-managed Apache Kafka brokers. + + ``SASL_SCRAM_256_AUTH`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-256 authentication of your self-managed Apache Kafka brokers. + + ``SASL_SCRAM_512_AUTH`` – (Amazon MSK, Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-512 authentication of your self-managed Apache Kafka brokers. + + ``VIRTUAL_HOST`` –- (RabbitMQ) The name of the virtual host in your RabbitMQ broker. Lambda uses this RabbitMQ host as the event source. This property cannot be specified in an UpdateEventSourceMapping API call. + + ``CLIENT_CERTIFICATE_TLS_AUTH`` – (Amazon MSK, self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the certificate chain (X.509 PEM), private key (PKCS#8 PEM), and private key password (optional) used for mutual TLS authentication of your MSK/Apache Kafka brokers. + + ``SERVER_ROOT_CA_CERTIFICATE`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the root CA certificate (X.509 PEM) used for TLS encryption of your Apache Kafka brokers. + enum: + - BASIC_AUTH + - VPC_SUBNET + - VPC_SECURITY_GROUP + - SASL_SCRAM_512_AUTH + - SASL_SCRAM_256_AUTH + - VIRTUAL_HOST + - CLIENT_CERTIFICATE_TLS_AUTH + - SERVER_ROOT_CA_CERTIFICATE + type: string + URI: + description: 'The value for your chosen configuration in ``Type``. For example: ``"URI": "arn:aws:secretsmanager:us-east-1:01234567890:secret:MyBrokerSecretName"``.' + type: string + pattern: '[a-zA-Z0-9-\/*:_+=.@-]*' + minLength: 1 + maxLength: 200 + SelfManagedEventSource: + type: object + additionalProperties: false + description: The self-managed Apache Kafka cluster for your event source. + properties: + Endpoints: + description: 'The list of bootstrap servers for your Kafka brokers in the following format: ``"KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"]``.' + $ref: '#/components/schemas/Endpoints' + Endpoints: + type: object + additionalProperties: false + description: 'The list of bootstrap servers for your Kafka brokers in the following format: ``"KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"]``.' + properties: + KafkaBootstrapServers: + type: array + description: 'The list of bootstrap servers for your Kafka brokers in the following format: ``"KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"]``.' + uniqueItems: true + items: + type: string + description: The URL of a Kafka server. + pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]):[0-9]{1,5} + minLength: 1 + maxLength: 300 + minItems: 1 + maxItems: 10 + ConsumerGroupId: + description: The identifier for the Kafka Consumer Group to join. + type: string + pattern: '[a-zA-Z0-9-\/*:_+=.@-]*' + minLength: 1 + maxLength: 200 + AmazonManagedKafkaEventSourceConfig: + description: Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source. + type: object + additionalProperties: false + properties: + ConsumerGroupId: + description: The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see [Customizable consumer group ID](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id). + $ref: '#/components/schemas/ConsumerGroupId' + SelfManagedKafkaEventSourceConfig: + description: Specific configuration settings for a self-managed Apache Kafka event source. + type: object + additionalProperties: false + properties: + ConsumerGroupId: + description: The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see [Customizable consumer group ID](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id). + $ref: '#/components/schemas/ConsumerGroupId' + MaximumConcurrency: + description: The maximum number of concurrent functions that an event source can invoke. + type: integer + minimum: 2 + maximum: 1000 + ScalingConfig: + description: (Amazon SQS only) The scaling configuration for the event source. To remove the configuration, pass an empty value. + type: object + additionalProperties: false + properties: + MaximumConcurrency: + description: Limits the number of concurrent instances that the SQS event source can invoke. + $ref: '#/components/schemas/MaximumConcurrency' + DocumentDBEventSourceConfig: + description: Specific configuration settings for a DocumentDB event source. + type: object + additionalProperties: false + properties: + DatabaseName: + description: The name of the database to consume within the DocumentDB cluster. + type: string + minLength: 1 + maxLength: 63 + CollectionName: + description: The name of the collection to consume within the database. If you do not specify a collection, Lambda consumes all collections. + type: string + minLength: 1 + maxLength: 57 + FullDocument: + description: Determines what DocumentDB sends to your event stream during document update operations. If set to UpdateLookup, DocumentDB sends a delta describing the changes, along with a copy of the entire document. Otherwise, DocumentDB sends only a partial document that contains the changes. + type: string + enum: + - UpdateLookup + - Default + EventSourceMapping: + type: object + properties: + Id: + description: '' + type: string + pattern: '[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}' + minLength: 36 + maxLength: 36 + BatchSize: + description: |- + The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB). + + *Amazon Kinesis* – Default 100. Max 10,000. + + *Amazon DynamoDB Streams* – Default 100. Max 10,000. + + *Amazon Simple Queue Service* – Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10. + + *Amazon Managed Streaming for Apache Kafka* – Default 100. Max 10,000. + + *Self-managed Apache Kafka* – Default 100. Max 10,000. + + *Amazon MQ (ActiveMQ and RabbitMQ)* – Default 100. Max 10,000. + + *DocumentDB* – Default 100. Max 10,000. + type: integer + minimum: 1 + maximum: 10000 + BisectBatchOnFunctionError: + description: (Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false. + type: boolean + DestinationConfig: + description: (Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka event sources only) A configuration object that specifies the destination of an event after Lambda processes it. + $ref: '#/components/schemas/DestinationConfig' + Enabled: + description: |- + When true, the event source mapping is active. When false, Lambda pauses polling and invocation. + Default: True + type: boolean + EventSourceArn: + description: |- + The Amazon Resource Name (ARN) of the event source. + + *Amazon Kinesis* – The ARN of the data stream or a stream consumer. + + *Amazon DynamoDB Streams* – The ARN of the stream. + + *Amazon Simple Queue Service* – The ARN of the queue. + + *Amazon Managed Streaming for Apache Kafka* – The ARN of the cluster or the ARN of the VPC connection (for [cross-account event source mappings](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc)). + + *Amazon MQ* – The ARN of the broker. + + *Amazon DocumentDB* – The ARN of the DocumentDB change stream. + type: string + pattern: arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}(-gov)?(-iso)?(-isob)?-[a-z]+-\d{1})?:(\d{12})?:(.*) + minLength: 12 + maxLength: 1024 + FilterCriteria: + description: An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see [Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html). + $ref: '#/components/schemas/FilterCriteria' + FunctionName: + description: |- + The name or ARN of the Lambda function. + **Name formats** + + *Function name* – ``MyFunction``. + + *Function ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction``. + + *Version or Alias ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD``. + + *Partial ARN* – ``123456789012:function:MyFunction``. + + The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length. + type: string + pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?(-iso)?(-isob)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))? + minLength: 1 + maxLength: 140 + MaximumBatchingWindowInSeconds: + description: |- + The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function. + *Default (, , event sources)*: 0 + *Default (, Kafka, , event sources)*: 500 ms + *Related setting:* For SQS event sources, when you set ``BatchSize`` to a value greater than 10, you must set ``MaximumBatchingWindowInSeconds`` to at least 1. + type: integer + minimum: 0 + maximum: 300 + MaximumRecordAgeInSeconds: + description: |- + (Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records. + The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed + type: integer + minimum: -1 + maximum: 604800 + MaximumRetryAttempts: + description: (Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source. + type: integer + minimum: -1 + maximum: 10000 + ParallelizationFactor: + description: (Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard. The default value is 1. + type: integer + minimum: 1 + maximum: 10 + StartingPosition: + description: |- + The position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB. + + *LATEST* - Read only new records. + + *TRIM_HORIZON* - Process all available records. + + *AT_TIMESTAMP* - Specify a time from which to start reading records. + type: string + pattern: (LATEST|TRIM_HORIZON|AT_TIMESTAMP)+ + minLength: 6 + maxLength: 12 + StartingPositionTimestamp: + description: With ``StartingPosition`` set to ``AT_TIMESTAMP``, the time from which to start reading, in Unix time seconds. ``StartingPositionTimestamp`` cannot be in the future. + type: number + Topics: + description: The name of the Kafka topic. + type: array + uniqueItems: true + items: + type: string + pattern: ^[^.]([a-zA-Z0-9\-_.]+) + minLength: 1 + maxLength: 249 + minItems: 1 + maxItems: 1 + Queues: + description: (Amazon MQ) The name of the Amazon MQ broker destination queue to consume. + type: array + uniqueItems: true + items: + type: string + pattern: '[\s\S]*' + minLength: 1 + maxLength: 1000 + minItems: 1 + maxItems: 1 + SourceAccessConfigurations: + description: An array of the authentication protocol, VPC components, or virtual host to secure and define your event source. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/SourceAccessConfiguration' + minItems: 1 + maxItems: 22 + TumblingWindowInSeconds: + description: (Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds indicates no tumbling window. + type: integer + minimum: 0 + maximum: 900 + FunctionResponseTypes: + description: |- + (Streams and SQS) A list of current response type enums applied to the event source mapping. + Valid Values: ``ReportBatchItemFailures`` + type: array + uniqueItems: true + items: + type: string + enum: + - ReportBatchItemFailures + minLength: 0 + maxLength: 1 + SelfManagedEventSource: + description: The self-managed Apache Kafka cluster for your event source. + $ref: '#/components/schemas/SelfManagedEventSource' + AmazonManagedKafkaEventSourceConfig: + description: Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source. + $ref: '#/components/schemas/AmazonManagedKafkaEventSourceConfig' + SelfManagedKafkaEventSourceConfig: + description: Specific configuration settings for a self-managed Apache Kafka event source. + $ref: '#/components/schemas/SelfManagedKafkaEventSourceConfig' + ScalingConfig: + description: (Amazon SQS only) The scaling configuration for the event source. For more information, see [Configuring maximum concurrency for Amazon SQS event sources](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency). + $ref: '#/components/schemas/ScalingConfig' + DocumentDBEventSourceConfig: + description: Specific configuration settings for a DocumentDB event source. + $ref: '#/components/schemas/DocumentDBEventSourceConfig' + required: + - FunctionName + x-stackql-resource-name: event_source_mapping + description: |- + The ``AWS::Lambda::EventSourceMapping`` resource creates a mapping between an event source and an LAMlong function. LAM reads items from the event source and triggers the function. + For details about each event source type, see the following topics. In particular, each of the topics describes the required and optional parameters for the specific event source. + + [Configuring a Dynamo DB stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-dynamodb-eventsourcemapping) + + [Configuring a Kinesis stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-eventsourcemapping) + + [Configuring an SQS queue as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-eventsource) + + [Configuring an MQ broker as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#services-mq-eventsourcemapping) + + [Configuring MSK as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html) + + [Configuring Self-Managed Apache Kafka as an event source](https://docs.aws.amazon.com/lambda/latest/dg/kafka-smaa.html) + + [Configuring Amazon DocumentDB as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html) + x-type-name: AWS::Lambda::EventSourceMapping + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - EventSourceArn + - StartingPosition + - StartingPositionTimestamp + - SelfManagedEventSource + - AmazonManagedKafkaEventSourceConfig + - SelfManagedKafkaEventSourceConfig + x-read-only-properties: + - Id + x-required-properties: + - FunctionName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - lambda:CreateEventSourceMapping + - lambda:GetEventSourceMapping + delete: + - lambda:DeleteEventSourceMapping + - lambda:GetEventSourceMapping + list: + - lambda:ListEventSourceMappings + read: + - lambda:GetEventSourceMapping + update: + - lambda:UpdateEventSourceMapping + - lambda:GetEventSourceMapping + ImageConfig: + description: Configuration values that override the container image Dockerfile settings. For more information, see [Container image settings](https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms). + additionalProperties: false + type: object + properties: + WorkingDirectory: + description: Specifies the working directory. The length of the directory string cannot exceed 1,000 characters. + type: string + Command: + maxItems: 1500 + uniqueItems: true + description: Specifies parameters that you want to pass in with ENTRYPOINT. You can specify a maximum of 1,500 parameters in the list. + type: array + items: + type: string + EntryPoint: + maxItems: 1500 + uniqueItems: true + description: Specifies the entry point to their application, which is typically the location of the runtime executable. You can specify a maximum of 1,500 string entries in the list. + type: array + items: + type: string + TracingConfig: + description: The function's [](https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html) tracing configuration. To sample and record incoming requests, set ``Mode`` to ``Active``. + additionalProperties: false + type: object + properties: + Mode: + description: The tracing mode. + type: string + enum: + - Active + - PassThrough + VpcConfig: + description: |- + The VPC security groups and subnets that are attached to a Lambda function. When you connect a function to a VPC, Lambda creates an elastic network interface for each combination of security group and subnet in the function's VPC configuration. The function can only access resources and the internet through that VPC. For more information, see [VPC Settings](https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html). + When you delete a function, CFN monitors the state of its network interfaces and waits for Lambda to delete them before proceeding. If the VPC is defined in the same stack, the network interfaces need to be deleted by Lambda before CFN can delete the VPC's resources. + To monitor network interfaces, CFN needs the ``ec2:DescribeNetworkInterfaces`` permission. It obtains this from the user or role that modifies the stack. If you don't provide this permission, CFN does not wait for network interfaces to be deleted. + additionalProperties: false + type: object + properties: + Ipv6AllowedForDualStack: + description: Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. + type: boolean + SecurityGroupIds: + maxItems: 5 + uniqueItems: false + description: A list of VPC security group IDs. + type: array + items: + anyOf: + - relationshipRef: + typeName: AWS::EC2::SecurityGroup + propertyPath: /properties/GroupId + - relationshipRef: + typeName: AWS::EC2::SecurityGroup + propertyPath: /properties/Id + - relationshipRef: + typeName: AWS::EC2::VPC + propertyPath: /properties/DefaultSecurityGroup + type: string + SubnetIds: + maxItems: 16 + uniqueItems: false + description: A list of VPC subnet IDs. + type: array + items: + relationshipRef: + typeName: AWS::EC2::Subnet + propertyPath: /properties/SubnetId + type: string + DeadLetterConfig: + description: The [dead-letter queue](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#dlq) for failed asynchronous invocations. + additionalProperties: false + type: object + properties: + TargetArn: + pattern: ^(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()$ + description: The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic. + anyOf: + - relationshipRef: + typeName: AWS::SQS::Queue + propertyPath: /properties/Arn + - relationshipRef: + typeName: AWS::SNS::Topic + propertyPath: /properties/TopicArn + type: string + RuntimeManagementConfig: + description: Sets the runtime management configuration for a function's version. For more information, see [Runtime updates](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html). + additionalProperties: false + type: object + properties: + UpdateRuntimeOn: + description: |- + Specify the runtime update mode. + + *Auto (default)* - Automatically update to the most recent and secure runtime version using a [Two-phase runtime version rollout](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-two-phase). This is the best choice for most customers to ensure they always benefit from runtime updates. + + *FunctionUpdate* - LAM updates the runtime of you function to the most recent and secure runtime version when you update your function. This approach synchronizes runtime updates with function deployments, giving you control over when runtime updates are applied and allowing you to detect and mitigate rare runtime update incompatibilities early. When using this setting, you need to regularly update your functions to keep their runtime up-to-date. + + *Manual* - You specify a runtime version in your function configuration. The function will use this runtime version indefinitely. In the rare case where a new runtime version is incompatible with an existing function, this allows you to roll back your function to an earlier runtime version. For more information, see [Roll back a runtime version](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-rollback). + + *Valid Values*: ``Auto`` | ``FunctionUpdate`` | ``Manual`` + type: string + enum: + - Auto + - FunctionUpdate + - Manual + RuntimeVersionArn: + description: |- + The ARN of the runtime version you want the function to use. + This is only required if you're using the *Manual* runtime update mode. + type: string + required: + - UpdateRuntimeOn + SnapStart: + description: The function's [SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) setting. + additionalProperties: false + type: object + properties: + ApplyOn: + description: Set ``ApplyOn`` to ``PublishedVersions`` to create a snapshot of the initialized execution environment when you publish a function version. + type: string + enum: + - PublishedVersions + - None + required: + - ApplyOn + SnapStartResponse: + description: The function's [SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) setting. + additionalProperties: false + type: object + properties: + OptimizationStatus: + description: When you provide a [qualified Amazon Resource Name (ARN)](https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html#versioning-versions-using), this response element indicates whether SnapStart is activated for the specified function version. + type: string + enum: + - 'On' + - 'Off' + ApplyOn: + description: When set to ``PublishedVersions``, Lambda creates a snapshot of the execution environment when you publish a function version. + type: string + enum: + - PublishedVersions + - None + Code: + description: |- + The [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template. + Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template. + additionalProperties: false + type: object + properties: + S3ObjectVersion: + minLength: 1 + description: For versioned objects, the version of the deployment package object to use. + type: string + maxLength: 1024 + S3Bucket: + x-relationshipRef: + typeName: AWS::S3::Bucket + propertyPath: /properties/BucketName + minLength: 3 + pattern: ^[0-9A-Za-z\.\-_]*(?``. To use a different log group, enter an existing log group or enter a new log group name. + type: string + maxLength: 512 + SystemLogLevel: + description: Set this property to filter the system logs for your function that Lambda sends to CloudWatch. Lambda only sends system logs at the selected level of detail and lower, where ``DEBUG`` is the highest level and ``WARN`` is the lowest. + type: string + enum: + - DEBUG + - INFO + - WARN + Environment: + description: A function's environment variable settings. You can use environment variables to adjust your function's behavior without updating code. An environment variable is a pair of strings that are stored in a function's version-specific configuration. + additionalProperties: false + type: object + properties: + Variables: + x-patternProperties: + '[a-zA-Z][a-zA-Z0-9_]+': + type: string + description: Environment variable key-value pairs. For more information, see [Using Lambda environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html). + additionalProperties: false + type: object + FileSystemConfig: + description: Details about the connection between a Lambda function and an [Amazon EFS file system](https://docs.aws.amazon.com/lambda/latest/dg/configuration-filesystem.html). + additionalProperties: false + type: object + properties: + Arn: + pattern: ^arn:aws[a-zA-Z-]*:elasticfilesystem:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:\d{12}:access-point/fsap-[a-f0-9]{17}$ + description: The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system. + type: string + maxLength: 200 + LocalMountPath: + pattern: ^/mnt/[a-zA-Z0-9-_.]+$ + description: The path where the function can access the file system, starting with ``/mnt/``. + type: string + maxLength: 160 + required: + - Arn + - LocalMountPath + Tag: + description: '' + additionalProperties: false + type: object + properties: + Value: + minLength: 0 + description: '' + type: string + maxLength: 256 + Key: + minLength: 1 + description: '' + type: string + maxLength: 128 + required: + - Key + EphemeralStorage: + description: The size of the function's ``/tmp`` directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB. + additionalProperties: false + type: object + properties: + Size: + description: The size of the function's ``/tmp`` directory. + maximum: 10240 + type: integer + minimum: 512 + required: + - Size + Function: + type: object + properties: + Description: + description: A description of the function. + type: string + maxLength: 256 + TracingConfig: + description: Set ``Mode`` to ``Active`` to sample and trace a subset of incoming requests with [X-Ray](https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html). + $ref: '#/components/schemas/TracingConfig' + VpcConfig: + description: For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can access resources and the internet only through that VPC. For more information, see [Configuring a Lambda function to access resources in a VPC](https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html). + $ref: '#/components/schemas/VpcConfig' + RuntimeManagementConfig: + description: Sets the runtime management configuration for a function's version. For more information, see [Runtime updates](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html). + $ref: '#/components/schemas/RuntimeManagementConfig' + ReservedConcurrentExecutions: + description: The number of simultaneous executions to reserve for the function. + type: integer + minimum: 0 + SnapStart: + description: The function's [SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) setting. + $ref: '#/components/schemas/SnapStart' + FileSystemConfigs: + maxItems: 1 + description: |- + Connection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an [AWS::EFS::MountTarget](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html) resource, you must also specify a ``DependsOn`` attribute to ensure that the mount target is created or updated before the function. + For more information about using the ``DependsOn`` attribute, see [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html). + type: array + items: + $ref: '#/components/schemas/FileSystemConfig' + FunctionName: + minLength: 1 + description: |- + The name of the Lambda function, up to 64 characters in length. If you don't specify a name, CFN generates one. + If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + type: string + Runtime: + description: |- + The identifier of the function's [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). Runtime is required if the deployment package is a .zip file archive. + The following list includes deprecated runtimes. For more information, see [Runtime deprecation policy](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). + type: string + KmsKeyArn: + pattern: ^(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()$ + description: >- + The ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's [environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption). When [Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your + function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key. + type: string + PackageType: + description: The type of deployment package. Set to ``Image`` for container image and set ``Zip`` for .zip file archive. + type: string + enum: + - Image + - Zip + CodeSigningConfigArn: + pattern: arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:\d{12}:code-signing-config:csc-[a-z0-9]{17} + description: To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. + type: string + Layers: + uniqueItems: false + description: A list of [function layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) to add to the function's execution environment. Specify each layer by its ARN, including the version. + type: array + items: + relationshipRef: + typeName: AWS::Lambda::LayerVersion + propertyPath: /properties/LayerVersionArn + type: string + Tags: + uniqueItems: true + description: A list of [tags](https://docs.aws.amazon.com/lambda/latest/dg/tagging.html) to apply to the function. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + ImageConfig: + description: Configuration values that override the container image Dockerfile settings. For more information, see [Container image settings](https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms). + $ref: '#/components/schemas/ImageConfig' + MemorySize: + description: The amount of [memory available to the function](https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-console) at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB. Note that new AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. You can also request a quota increase. + type: integer + DeadLetterConfig: + description: A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq). + $ref: '#/components/schemas/DeadLetterConfig' + Timeout: + description: The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see [Lambda execution environment](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html). + type: integer + minimum: 1 + Handler: + pattern: ^[^\s]+$ + description: The name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see [Lambda programming model](https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html). + type: string + maxLength: 128 + SnapStartResponse: + description: '' + $ref: '#/components/schemas/SnapStartResponse' + Code: + description: The code for the function. + $ref: '#/components/schemas/Code' + Role: + pattern: ^arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + description: The Amazon Resource Name (ARN) of the function's execution role. + type: string + LoggingConfig: + description: The function's Amazon CloudWatch Logs configuration settings. + $ref: '#/components/schemas/LoggingConfig' + Environment: + description: Environment variables that are accessible from function code during execution. + $ref: '#/components/schemas/Environment' + Arn: + description: '' + type: string + EphemeralStorage: + description: The size of the function's ``/tmp`` directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB. + $ref: '#/components/schemas/EphemeralStorage' + Architectures: + minItems: 1 + maxItems: 1 + uniqueItems: true + description: The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is ``x86_64``. + type: array + items: + type: string + enum: + - x86_64 + - arm64 + required: + - Code + - Role + x-stackql-resource-name: function + description: >- + The ``AWS::Lambda::Function`` resource creates a Lambda function. To create a function, you need a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) and an [execution role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html). The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use AWS services, such as Amazon + CloudWatch Logs for log streaming and AWS X-Ray for request tracing. + You set the package type to ``Image`` if the deployment package is a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html). For a container image, the code property must include the URI of a container image in the Amazon ECR registry. You do not need to specify the handler and runtime properties. + You set the package type to ``Zip`` if the deployment package is a [.zip file archive](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html#gettingstarted-package-zip). For a .zip file archive, the code property specifies the location of the .zip file. You must also specify the handler and runtime properties. For a Python example, see [Deploy Python Lambda functions with .zip file archives](https://docs.aws.amazon.com/lambda/latest/dg/python-package.html). + You can use [code signing](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html) if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with ``UpdateFunctionCode``, Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. + Note that you configure [provisioned concurrency](https://docs.aws.amazon.com/lambda/latest/dg/provisioned-concurrency.html) on a ``AWS::Lambda::Version`` or a ``AWS::Lambda::Alias``. + For a complete introduction to Lambda functions, see [What is Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/lambda-welcome.html) in the *Lambda developer guide.* + x-type-name: AWS::Lambda::Function + x-stackql-primary-identifier: + - FunctionName + x-create-only-properties: + - FunctionName + x-write-only-properties: + - SnapStart + - SnapStart/ApplyOn + - Code + - Code/ImageUri + - Code/S3Bucket + - Code/S3Key + - Code/S3ObjectVersion + - Code/ZipFile + x-read-only-properties: + - SnapStartResponse + - SnapStartResponse/ApplyOn + - SnapStartResponse/OptimizationStatus + - Arn + x-required-properties: + - Code + - Role + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: true + x-required-permissions: + read: + - lambda:GetFunction + - lambda:GetFunctionCodeSigningConfig + create: + - lambda:CreateFunction + - lambda:GetFunction + - lambda:PutFunctionConcurrency + - iam:PassRole + - s3:GetObject + - s3:GetObjectVersion + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcs + - elasticfilesystem:DescribeMountTargets + - kms:CreateGrant + - kms:Decrypt + - kms:Encrypt + - kms:GenerateDataKey + - lambda:GetCodeSigningConfig + - lambda:GetFunctionCodeSigningConfig + - lambda:GetLayerVersion + - lambda:GetRuntimeManagementConfig + - lambda:PutRuntimeManagementConfig + - lambda:TagResource + - lambda:GetPolicy + - lambda:AddPermission + - lambda:RemovePermission + - lambda:GetResourcePolicy + - lambda:PutResourcePolicy + update: + - lambda:DeleteFunctionConcurrency + - lambda:GetFunction + - lambda:PutFunctionConcurrency + - lambda:ListTags + - lambda:TagResource + - lambda:UntagResource + - lambda:UpdateFunctionConfiguration + - lambda:UpdateFunctionCode + - iam:PassRole + - s3:GetObject + - s3:GetObjectVersion + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcs + - elasticfilesystem:DescribeMountTargets + - kms:CreateGrant + - kms:Decrypt + - kms:GenerateDataKey + - lambda:GetRuntimeManagementConfig + - lambda:PutRuntimeManagementConfig + - lambda:PutFunctionCodeSigningConfig + - lambda:DeleteFunctionCodeSigningConfig + - lambda:GetCodeSigningConfig + - lambda:GetFunctionCodeSigningConfig + - lambda:GetPolicy + - lambda:AddPermission + - lambda:RemovePermission + - lambda:GetResourcePolicy + - lambda:PutResourcePolicy + - lambda:DeleteResourcePolicy + list: + - lambda:ListFunctions + delete: + - lambda:DeleteFunction + - lambda:GetFunction + - ec2:DescribeNetworkInterfaces + Content: + type: object + additionalProperties: false + properties: + S3ObjectVersion: + description: For versioned objects, the version of the layer archive object to use. + type: string + S3Bucket: + description: The Amazon S3 bucket of the layer archive. + type: string + S3Key: + description: The Amazon S3 key of the layer archive. + type: string + required: + - S3Bucket + - S3Key + LayerVersion: + type: object + properties: + CompatibleRuntimes: + description: A list of compatible function runtimes. Used for filtering with ListLayers and ListLayerVersions. + type: array + x-insertionOrder: false + uniqueItems: false + items: + type: string + LicenseInfo: + description: The layer's software license. + type: string + Description: + description: The description of the version. + type: string + LayerName: + description: The name or Amazon Resource Name (ARN) of the layer. + type: string + Content: + description: The function layer archive. + $ref: '#/components/schemas/Content' + LayerVersionArn: + type: string + CompatibleArchitectures: + description: A list of compatible instruction set architectures. + type: array + x-insertionOrder: false + uniqueItems: false + items: + type: string + required: + - Content + x-stackql-resource-name: layer_version + description: Resource Type definition for AWS::Lambda::LayerVersion + x-type-name: AWS::Lambda::LayerVersion + x-stackql-primary-identifier: + - LayerVersionArn + x-create-only-properties: + - CompatibleRuntimes + - LicenseInfo + - CompatibleArchitectures + - LayerName + - Description + - Content + x-write-only-properties: + - Content + x-read-only-properties: + - LayerVersionArn + x-required-properties: + - Content + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - lambda:PublishLayerVersion + - s3:GetObject + - s3:GetObjectVersion + read: + - lambda:GetLayerVersion + delete: + - lambda:GetLayerVersion + - lambda:DeleteLayerVersion + list: + - lambda:ListLayerVersions + LayerVersionPermission: + type: object + properties: + Id: + description: ID generated by service + type: string + Action: + description: The API action that grants access to the layer. + type: string + LayerVersionArn: + description: The name or Amazon Resource Name (ARN) of the layer. + type: string + OrganizationId: + description: With the principal set to *, grant permission to all accounts in the specified organization. + type: string + Principal: + description: An account ID, or * to grant layer usage permission to all accounts in an organization, or all AWS accounts (if organizationId is not specified). + type: string + required: + - LayerVersionArn + - Action + - Principal + x-stackql-resource-name: layer_version_permission + description: Schema for Lambda LayerVersionPermission + x-type-name: AWS::Lambda::LayerVersionPermission + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - OrganizationId + - Principal + - Action + - LayerVersionArn + x-read-only-properties: + - Id + x-required-properties: + - LayerVersionArn + - Action + - Principal + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - lambda:AddLayerVersionPermission + read: + - lambda:GetLayerVersionPolicy + delete: + - lambda:GetLayerVersionPolicy + - lambda:RemoveLayerVersionPermission + list: + - lambda:GetLayerVersionPolicy + Permission: + type: object + properties: + Id: + description: '' + type: string + pattern: ^.*$ + minLength: 1 + maxLength: 256 + Action: + description: The action that the principal can use on the function. For example, ``lambda:InvokeFunction`` or ``lambda:GetFunction``. + type: string + pattern: ^(lambda:[*]|lambda:[a-zA-Z]+|[*])$ + minLength: 1 + maxLength: 256 + EventSourceToken: + description: For Alexa Smart Home functions, a token that the invoker must supply. + type: string + pattern: ^[a-zA-Z0-9._\-]+$ + minLength: 1 + maxLength: 256 + FunctionName: + description: |- + The name of the Lambda function, version, or alias. + **Name formats** + + *Function name* – ``my-function`` (name-only), ``my-function:v1`` (with alias). + + *Function ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:my-function``. + + *Partial ARN* – ``123456789012:function:my-function``. + + You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length. + type: string + pattern: ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$ + minLength: 1 + maxLength: 140 + FunctionUrlAuthType: + description: The type of authentication that your function URL uses. Set to ``AWS_IAM`` if you want to restrict access to authenticated users only. Set to ``NONE`` if you want to bypass IAM authentication to create a public endpoint. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). + type: string + enum: + - AWS_IAM + - NONE + Principal: + description: The AWS-service or AWS-account that invokes the function. If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service. + type: string + pattern: ^.*$ + minLength: 1 + maxLength: 256 + PrincipalOrgID: + description: The identifier for your organization in AOlong. Use this to grant permissions to all the AWS-accounts under this organization. + type: string + pattern: ^o-[a-z0-9]{10,32}$ + minLength: 12 + maxLength: 34 + SourceAccount: + description: For AWS-service, the ID of the AWS-account that owns the resource. Use this together with ``SourceArn`` to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account. + type: string + pattern: ^\d{12}$ + minLength: 12 + maxLength: 12 + SourceArn: + description: |- + For AWS-services, the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic. + Note that Lambda configures the comparison using the ``StringLike`` operator. + type: string + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.*)$ + minLength: 12 + maxLength: 1024 + required: + - FunctionName + - Action + - Principal + x-stackql-resource-name: permission + description: |- + The ``AWS::Lambda::Permission`` resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function. + To grant permission to another account, specify the account ID as the ``Principal``. To grant permission to an organization defined in AOlong, specify the organization ID as the ``PrincipalOrgID``. For AWS services, the principal is a domain-style identifier defined by the service, like ``s3.amazonaws.com`` or ``sns.amazonaws.com``. For AWS services, you can also specify the ARN of the associated resource as the ``SourceArn``. If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function. + If your function has a fu + x-type-name: AWS::Lambda::Permission + x-stackql-primary-identifier: + - FunctionName + - Id + x-create-only-properties: + - FunctionName + - FunctionUrlAuthType + - SourceAccount + - SourceArn + - Principal + - PrincipalOrgID + - Action + - EventSourceToken + x-read-only-properties: + - Id + x-required-properties: + - FunctionName + - Action + - Principal + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - lambda:AddPermission + read: + - lambda:GetPolicy + delete: + - lambda:RemovePermission + list: + - lambda:GetPolicy + AllowHeaders: + items: + type: string + minLength: 1 + maxLength: 1024 + type: array + minItems: 1 + maxItems: 100 + x-insertionOrder: true + AllowMethods: + items: + type: string + enum: + - GET + - PUT + - HEAD + - POST + - PATCH + - DELETE + - '*' + type: array + minItems: 1 + maxItems: 6 + x-insertionOrder: true + AllowOrigins: + items: + type: string + minLength: 1 + maxLength: 253 + type: array + minItems: 1 + maxItems: 100 + x-insertionOrder: true + ExposeHeaders: + items: + type: string + minLength: 1 + maxLength: 1024 + type: array + minItems: 1 + maxItems: 100 + x-insertionOrder: true + Cors: + additionalProperties: false + properties: + AllowCredentials: + description: Specifies whether credentials are included in the CORS request. + type: boolean + AllowHeaders: + description: Represents a collection of allowed headers. + $ref: '#/components/schemas/AllowHeaders' + AllowMethods: + description: Represents a collection of allowed HTTP methods. + $ref: '#/components/schemas/AllowMethods' + AllowOrigins: + description: Represents a collection of allowed origins. + $ref: '#/components/schemas/AllowOrigins' + ExposeHeaders: + description: Represents a collection of exposed headers. + $ref: '#/components/schemas/ExposeHeaders' + MaxAge: + type: integer + minimum: 0 + maximum: 86400 + type: object + Url: + type: object + properties: + TargetFunctionArn: + description: The Amazon Resource Name (ARN) of the function associated with the Function URL. + type: string + pattern: ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:((?!\d+)[0-9a-zA-Z-_]+))?$ + Qualifier: + description: The alias qualifier for the target function. If TargetFunctionArn is unqualified then Qualifier must be passed. + type: string + minLength: 1 + maxLength: 128 + pattern: ((?!^[0-9]+$)([a-zA-Z0-9-_]+)) + AuthType: + description: Can be either AWS_IAM if the requests are authorized via IAM, or NONE if no authorization is configured on the Function URL. + type: string + enum: + - AWS_IAM + - NONE + InvokeMode: + description: The invocation mode for the function's URL. Set to BUFFERED if you want to buffer responses before returning them to the client. Set to RESPONSE_STREAM if you want to stream responses, allowing faster time to first byte and larger response payload sizes. If not set, defaults to BUFFERED. + type: string + enum: + - BUFFERED + - RESPONSE_STREAM + FunctionArn: + description: The full Amazon Resource Name (ARN) of the function associated with the Function URL. + type: string + pattern: ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:((?!\d+)[0-9a-zA-Z-_]+))?$ + FunctionUrl: + description: The generated url for this resource. + type: string + Cors: + $ref: '#/components/schemas/Cors' + required: + - TargetFunctionArn + - AuthType + x-stackql-resource-name: url + description: Resource Type definition for AWS::Lambda::Url + x-type-name: AWS::Lambda::Url + x-stackql-primary-identifier: + - FunctionArn + x-create-only-properties: + - TargetFunctionArn + - Qualifier + x-read-only-properties: + - FunctionUrl + - FunctionArn + x-required-properties: + - TargetFunctionArn + - AuthType + x-tagging: + taggable: false + x-required-permissions: + create: + - lambda:CreateFunctionUrlConfig + read: + - lambda:GetFunctionUrlConfig + update: + - lambda:UpdateFunctionUrlConfig + list: + - lambda:ListFunctionUrlConfigs + delete: + - lambda:DeleteFunctionUrlConfig + ProvisionedConcurrencyConfiguration: + type: object + description: A provisioned concurrency configuration for a function's version. + additionalProperties: false + properties: + ProvisionedConcurrentExecutions: + type: integer + description: The amount of provisioned concurrency to allocate for the version. + required: + - ProvisionedConcurrentExecutions + RuntimePolicy: + type: object + description: Runtime Management Config of a function. + additionalProperties: false + properties: + RuntimeVersionArn: + type: string + description: The ARN of the runtime the function is configured to use. If the runtime update mode is manual, the ARN is returned, otherwise null is returned. + minLength: 26 + maxLength: 2048 + pattern: ^arn:(aws[a-zA-Z-]*):lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}::runtime:.+$ + UpdateRuntimeOn: + type: string + description: The runtime update mode. + required: + - UpdateRuntimeOn + Version: + type: object + properties: + FunctionArn: + type: string + description: The ARN of the version. + Version: + type: string + description: The version number. + CodeSha256: + type: string + description: Only publish a version if the hash value matches the value that's specified. Use this option to avoid publishing a version if the function code has changed since you last updated it. Updates are not supported for this property. + Description: + type: string + description: A description for the version to override the description in the function configuration. Updates are not supported for this property. + minLength: 0 + maxLength: 256 + FunctionName: + type: string + description: The name of the Lambda function. + minLength: 1 + maxLength: 140 + pattern: ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$ + ProvisionedConcurrencyConfig: + description: Specifies a provisioned concurrency configuration for a function's version. Updates are not supported for this property. + $ref: '#/components/schemas/ProvisionedConcurrencyConfiguration' + RuntimePolicy: + description: Specifies the runtime management configuration of a function. Displays runtimeVersionArn only for Manual. + $ref: '#/components/schemas/RuntimePolicy' + required: + - FunctionName + x-stackql-resource-name: version + description: Resource Type definition for AWS::Lambda::Version + x-type-name: AWS::Lambda::Version + x-stackql-primary-identifier: + - FunctionArn + x-create-only-properties: + - FunctionName + - Description + - CodeSha256 + - ProvisionedConcurrencyConfig + - RuntimePolicy + x-read-only-properties: + - Version + - FunctionArn + x-required-properties: + - FunctionName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - lambda:PublishVersion + - lambda:GetFunctionConfiguration + - lambda:PutProvisionedConcurrencyConfig + - lambda:GetProvisionedConcurrencyConfig + - lambda:PutRuntimeManagementConfig + - lambda:GetRuntimeManagementConfig + read: + - lambda:GetFunctionConfiguration + - lambda:GetProvisionedConcurrencyConfig + - lambda:GetRuntimeManagementConfig + delete: + - lambda:GetFunctionConfiguration + - lambda:DeleteFunction + list: + - lambda:ListVersionsByFunction + update: [] + x-stackQL-resources: + code_signing_configs: + name: code_signing_configs + id: aws.lambda.code_signing_configs + x-cfn-schema-name: CodeSigningConfig + x-type: list + x-identifiers: + - CodeSigningConfigArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CodeSigningConfigArn') as code_signing_config_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::CodeSigningConfig' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CodeSigningConfigArn') as code_signing_config_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::CodeSigningConfig' + AND region = 'us-east-1' + code_signing_config: + name: code_signing_config + id: aws.lambda.code_signing_config + x-cfn-schema-name: CodeSigningConfig + x-type: get + x-identifiers: + - CodeSigningConfigArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.AllowedPublishers') as allowed_publishers, + JSON_EXTRACT(Properties, '$.CodeSigningPolicies') as code_signing_policies, + JSON_EXTRACT(Properties, '$.CodeSigningConfigId') as code_signing_config_id, + JSON_EXTRACT(Properties, '$.CodeSigningConfigArn') as code_signing_config_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::CodeSigningConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'AllowedPublishers') as allowed_publishers, + json_extract_path_text(Properties, 'CodeSigningPolicies') as code_signing_policies, + json_extract_path_text(Properties, 'CodeSigningConfigId') as code_signing_config_id, + json_extract_path_text(Properties, 'CodeSigningConfigArn') as code_signing_config_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::CodeSigningConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + event_invoke_configs: + name: event_invoke_configs + id: aws.lambda.event_invoke_configs + x-cfn-schema-name: EventInvokeConfig + x-type: list + x-identifiers: + - FunctionName + - Qualifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FunctionName') as function_name, + JSON_EXTRACT(Properties, '$.Qualifier') as qualifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::EventInvokeConfig' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FunctionName') as function_name, + json_extract_path_text(Properties, 'Qualifier') as qualifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::EventInvokeConfig' + AND region = 'us-east-1' + event_invoke_config: + name: event_invoke_config + id: aws.lambda.event_invoke_config + x-cfn-schema-name: EventInvokeConfig + x-type: get + x-identifiers: + - FunctionName + - Qualifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DestinationConfig') as destination_config, + JSON_EXTRACT(Properties, '$.FunctionName') as function_name, + JSON_EXTRACT(Properties, '$.MaximumEventAgeInSeconds') as maximum_event_age_in_seconds, + JSON_EXTRACT(Properties, '$.MaximumRetryAttempts') as maximum_retry_attempts, + JSON_EXTRACT(Properties, '$.Qualifier') as qualifier + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::EventInvokeConfig' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DestinationConfig') as destination_config, + json_extract_path_text(Properties, 'FunctionName') as function_name, + json_extract_path_text(Properties, 'MaximumEventAgeInSeconds') as maximum_event_age_in_seconds, + json_extract_path_text(Properties, 'MaximumRetryAttempts') as maximum_retry_attempts, + json_extract_path_text(Properties, 'Qualifier') as qualifier + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::EventInvokeConfig' + AND data__Identifier = '|' + AND region = 'us-east-1' + event_source_mappings: + name: event_source_mappings + id: aws.lambda.event_source_mappings + x-cfn-schema-name: EventSourceMapping + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::EventSourceMapping' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::EventSourceMapping' + AND region = 'us-east-1' + event_source_mapping: + name: event_source_mapping + id: aws.lambda.event_source_mapping + x-cfn-schema-name: EventSourceMapping + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.BatchSize') as batch_size, + JSON_EXTRACT(Properties, '$.BisectBatchOnFunctionError') as bisect_batch_on_function_error, + JSON_EXTRACT(Properties, '$.DestinationConfig') as destination_config, + JSON_EXTRACT(Properties, '$.Enabled') as enabled, + JSON_EXTRACT(Properties, '$.EventSourceArn') as event_source_arn, + JSON_EXTRACT(Properties, '$.FilterCriteria') as filter_criteria, + JSON_EXTRACT(Properties, '$.FunctionName') as function_name, + JSON_EXTRACT(Properties, '$.MaximumBatchingWindowInSeconds') as maximum_batching_window_in_seconds, + JSON_EXTRACT(Properties, '$.MaximumRecordAgeInSeconds') as maximum_record_age_in_seconds, + JSON_EXTRACT(Properties, '$.MaximumRetryAttempts') as maximum_retry_attempts, + JSON_EXTRACT(Properties, '$.ParallelizationFactor') as parallelization_factor, + JSON_EXTRACT(Properties, '$.StartingPosition') as starting_position, + JSON_EXTRACT(Properties, '$.StartingPositionTimestamp') as starting_position_timestamp, + JSON_EXTRACT(Properties, '$.Topics') as topics, + JSON_EXTRACT(Properties, '$.Queues') as queues, + JSON_EXTRACT(Properties, '$.SourceAccessConfigurations') as source_access_configurations, + JSON_EXTRACT(Properties, '$.TumblingWindowInSeconds') as tumbling_window_in_seconds, + JSON_EXTRACT(Properties, '$.FunctionResponseTypes') as function_response_types, + JSON_EXTRACT(Properties, '$.SelfManagedEventSource') as self_managed_event_source, + JSON_EXTRACT(Properties, '$.AmazonManagedKafkaEventSourceConfig') as amazon_managed_kafka_event_source_config, + JSON_EXTRACT(Properties, '$.SelfManagedKafkaEventSourceConfig') as self_managed_kafka_event_source_config, + JSON_EXTRACT(Properties, '$.ScalingConfig') as scaling_config, + JSON_EXTRACT(Properties, '$.DocumentDBEventSourceConfig') as document_db_event_source_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::EventSourceMapping' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'BatchSize') as batch_size, + json_extract_path_text(Properties, 'BisectBatchOnFunctionError') as bisect_batch_on_function_error, + json_extract_path_text(Properties, 'DestinationConfig') as destination_config, + json_extract_path_text(Properties, 'Enabled') as enabled, + json_extract_path_text(Properties, 'EventSourceArn') as event_source_arn, + json_extract_path_text(Properties, 'FilterCriteria') as filter_criteria, + json_extract_path_text(Properties, 'FunctionName') as function_name, + json_extract_path_text(Properties, 'MaximumBatchingWindowInSeconds') as maximum_batching_window_in_seconds, + json_extract_path_text(Properties, 'MaximumRecordAgeInSeconds') as maximum_record_age_in_seconds, + json_extract_path_text(Properties, 'MaximumRetryAttempts') as maximum_retry_attempts, + json_extract_path_text(Properties, 'ParallelizationFactor') as parallelization_factor, + json_extract_path_text(Properties, 'StartingPosition') as starting_position, + json_extract_path_text(Properties, 'StartingPositionTimestamp') as starting_position_timestamp, + json_extract_path_text(Properties, 'Topics') as topics, + json_extract_path_text(Properties, 'Queues') as queues, + json_extract_path_text(Properties, 'SourceAccessConfigurations') as source_access_configurations, + json_extract_path_text(Properties, 'TumblingWindowInSeconds') as tumbling_window_in_seconds, + json_extract_path_text(Properties, 'FunctionResponseTypes') as function_response_types, + json_extract_path_text(Properties, 'SelfManagedEventSource') as self_managed_event_source, + json_extract_path_text(Properties, 'AmazonManagedKafkaEventSourceConfig') as amazon_managed_kafka_event_source_config, + json_extract_path_text(Properties, 'SelfManagedKafkaEventSourceConfig') as self_managed_kafka_event_source_config, + json_extract_path_text(Properties, 'ScalingConfig') as scaling_config, + json_extract_path_text(Properties, 'DocumentDBEventSourceConfig') as document_db_event_source_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::EventSourceMapping' + AND data__Identifier = '' + AND region = 'us-east-1' + functions: + name: functions + id: aws.lambda.functions + x-cfn-schema-name: Function + x-type: list + x-identifiers: + - FunctionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FunctionName') as function_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::Function' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FunctionName') as function_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::Function' + AND region = 'us-east-1' + function: + name: function + id: aws.lambda.function + x-cfn-schema-name: Function + x-type: get + x-identifiers: + - FunctionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.TracingConfig') as tracing_config, + JSON_EXTRACT(Properties, '$.VpcConfig') as vpc_config, + JSON_EXTRACT(Properties, '$.RuntimeManagementConfig') as runtime_management_config, + JSON_EXTRACT(Properties, '$.ReservedConcurrentExecutions') as reserved_concurrent_executions, + JSON_EXTRACT(Properties, '$.SnapStart') as snap_start, + JSON_EXTRACT(Properties, '$.FileSystemConfigs') as file_system_configs, + JSON_EXTRACT(Properties, '$.FunctionName') as function_name, + JSON_EXTRACT(Properties, '$.Runtime') as runtime, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.PackageType') as package_type, + JSON_EXTRACT(Properties, '$.CodeSigningConfigArn') as code_signing_config_arn, + JSON_EXTRACT(Properties, '$.Layers') as layers, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ImageConfig') as image_config, + JSON_EXTRACT(Properties, '$.MemorySize') as memory_size, + JSON_EXTRACT(Properties, '$.DeadLetterConfig') as dead_letter_config, + JSON_EXTRACT(Properties, '$.Timeout') as timeout, + JSON_EXTRACT(Properties, '$.Handler') as handler, + JSON_EXTRACT(Properties, '$.SnapStartResponse') as snap_start_response, + JSON_EXTRACT(Properties, '$.Code') as code, + JSON_EXTRACT(Properties, '$.Role') as role, + JSON_EXTRACT(Properties, '$.LoggingConfig') as logging_config, + JSON_EXTRACT(Properties, '$.Environment') as environment, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.EphemeralStorage') as ephemeral_storage, + JSON_EXTRACT(Properties, '$.Architectures') as architectures + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::Function' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'TracingConfig') as tracing_config, + json_extract_path_text(Properties, 'VpcConfig') as vpc_config, + json_extract_path_text(Properties, 'RuntimeManagementConfig') as runtime_management_config, + json_extract_path_text(Properties, 'ReservedConcurrentExecutions') as reserved_concurrent_executions, + json_extract_path_text(Properties, 'SnapStart') as snap_start, + json_extract_path_text(Properties, 'FileSystemConfigs') as file_system_configs, + json_extract_path_text(Properties, 'FunctionName') as function_name, + json_extract_path_text(Properties, 'Runtime') as runtime, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'PackageType') as package_type, + json_extract_path_text(Properties, 'CodeSigningConfigArn') as code_signing_config_arn, + json_extract_path_text(Properties, 'Layers') as layers, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ImageConfig') as image_config, + json_extract_path_text(Properties, 'MemorySize') as memory_size, + json_extract_path_text(Properties, 'DeadLetterConfig') as dead_letter_config, + json_extract_path_text(Properties, 'Timeout') as timeout, + json_extract_path_text(Properties, 'Handler') as handler, + json_extract_path_text(Properties, 'SnapStartResponse') as snap_start_response, + json_extract_path_text(Properties, 'Code') as code, + json_extract_path_text(Properties, 'Role') as role, + json_extract_path_text(Properties, 'LoggingConfig') as logging_config, + json_extract_path_text(Properties, 'Environment') as environment, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'EphemeralStorage') as ephemeral_storage, + json_extract_path_text(Properties, 'Architectures') as architectures + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::Function' + AND data__Identifier = '' + AND region = 'us-east-1' + layer_versions: + name: layer_versions + id: aws.lambda.layer_versions + x-cfn-schema-name: LayerVersion + x-type: list + x-identifiers: + - LayerVersionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LayerVersionArn') as layer_version_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::LayerVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LayerVersionArn') as layer_version_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::LayerVersion' + AND region = 'us-east-1' + layer_version: + name: layer_version + id: aws.lambda.layer_version + x-cfn-schema-name: LayerVersion + x-type: get + x-identifiers: + - LayerVersionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CompatibleRuntimes') as compatible_runtimes, + JSON_EXTRACT(Properties, '$.LicenseInfo') as license_info, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.LayerName') as layer_name, + JSON_EXTRACT(Properties, '$.Content') as content, + JSON_EXTRACT(Properties, '$.LayerVersionArn') as layer_version_arn, + JSON_EXTRACT(Properties, '$.CompatibleArchitectures') as compatible_architectures + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::LayerVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CompatibleRuntimes') as compatible_runtimes, + json_extract_path_text(Properties, 'LicenseInfo') as license_info, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'LayerName') as layer_name, + json_extract_path_text(Properties, 'Content') as content, + json_extract_path_text(Properties, 'LayerVersionArn') as layer_version_arn, + json_extract_path_text(Properties, 'CompatibleArchitectures') as compatible_architectures + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::LayerVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + layer_version_permissions: + name: layer_version_permissions + id: aws.lambda.layer_version_permissions + x-cfn-schema-name: LayerVersionPermission + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::LayerVersionPermission' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::LayerVersionPermission' + AND region = 'us-east-1' + layer_version_permission: + name: layer_version_permission + id: aws.lambda.layer_version_permission + x-cfn-schema-name: LayerVersionPermission + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Action') as action, + JSON_EXTRACT(Properties, '$.LayerVersionArn') as layer_version_arn, + JSON_EXTRACT(Properties, '$.OrganizationId') as organization_id, + JSON_EXTRACT(Properties, '$.Principal') as principal + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::LayerVersionPermission' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Action') as action, + json_extract_path_text(Properties, 'LayerVersionArn') as layer_version_arn, + json_extract_path_text(Properties, 'OrganizationId') as organization_id, + json_extract_path_text(Properties, 'Principal') as principal + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::LayerVersionPermission' + AND data__Identifier = '' + AND region = 'us-east-1' + permissions: + name: permissions + id: aws.lambda.permissions + x-cfn-schema-name: Permission + x-type: list + x-identifiers: + - FunctionName + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FunctionName') as function_name, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::Permission' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FunctionName') as function_name, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::Permission' + AND region = 'us-east-1' + permission: + name: permission + id: aws.lambda.permission + x-cfn-schema-name: Permission + x-type: get + x-identifiers: + - FunctionName + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Action') as action, + JSON_EXTRACT(Properties, '$.EventSourceToken') as event_source_token, + JSON_EXTRACT(Properties, '$.FunctionName') as function_name, + JSON_EXTRACT(Properties, '$.FunctionUrlAuthType') as function_url_auth_type, + JSON_EXTRACT(Properties, '$.Principal') as principal, + JSON_EXTRACT(Properties, '$.PrincipalOrgID') as principal_org_id, + JSON_EXTRACT(Properties, '$.SourceAccount') as source_account, + JSON_EXTRACT(Properties, '$.SourceArn') as source_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::Permission' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Action') as action, + json_extract_path_text(Properties, 'EventSourceToken') as event_source_token, + json_extract_path_text(Properties, 'FunctionName') as function_name, + json_extract_path_text(Properties, 'FunctionUrlAuthType') as function_url_auth_type, + json_extract_path_text(Properties, 'Principal') as principal, + json_extract_path_text(Properties, 'PrincipalOrgID') as principal_org_id, + json_extract_path_text(Properties, 'SourceAccount') as source_account, + json_extract_path_text(Properties, 'SourceArn') as source_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::Permission' + AND data__Identifier = '|' + AND region = 'us-east-1' + urls: + name: urls + id: aws.lambda.urls + x-cfn-schema-name: Url + x-type: list + x-identifiers: + - FunctionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FunctionArn') as function_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::Url' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FunctionArn') as function_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::Url' + AND region = 'us-east-1' + url: + name: url + id: aws.lambda.url + x-cfn-schema-name: Url + x-type: get + x-identifiers: + - FunctionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TargetFunctionArn') as target_function_arn, + JSON_EXTRACT(Properties, '$.Qualifier') as qualifier, + JSON_EXTRACT(Properties, '$.AuthType') as auth_type, + JSON_EXTRACT(Properties, '$.InvokeMode') as invoke_mode, + JSON_EXTRACT(Properties, '$.FunctionArn') as function_arn, + JSON_EXTRACT(Properties, '$.FunctionUrl') as function_url, + JSON_EXTRACT(Properties, '$.Cors') as cors + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::Url' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TargetFunctionArn') as target_function_arn, + json_extract_path_text(Properties, 'Qualifier') as qualifier, + json_extract_path_text(Properties, 'AuthType') as auth_type, + json_extract_path_text(Properties, 'InvokeMode') as invoke_mode, + json_extract_path_text(Properties, 'FunctionArn') as function_arn, + json_extract_path_text(Properties, 'FunctionUrl') as function_url, + json_extract_path_text(Properties, 'Cors') as cors + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::Url' + AND data__Identifier = '' + AND region = 'us-east-1' + versions: + name: versions + id: aws.lambda.versions + x-cfn-schema-name: Version + x-type: list + x-identifiers: + - FunctionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FunctionArn') as function_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::Version' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FunctionArn') as function_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::Version' + AND region = 'us-east-1' + version: + name: version + id: aws.lambda.version + x-cfn-schema-name: Version + x-type: get + x-identifiers: + - FunctionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FunctionArn') as function_arn, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.CodeSha256') as code_sha256, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.FunctionName') as function_name, + JSON_EXTRACT(Properties, '$.ProvisionedConcurrencyConfig') as provisioned_concurrency_config, + JSON_EXTRACT(Properties, '$.RuntimePolicy') as runtime_policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::Version' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FunctionArn') as function_arn, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'CodeSha256') as code_sha256, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'FunctionName') as function_name, + json_extract_path_text(Properties, 'ProvisionedConcurrencyConfig') as provisioned_concurrency_config, + json_extract_path_text(Properties, 'RuntimePolicy') as runtime_policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::Version' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/lex.yaml b/providers/src/aws/v00.00.00000/services/lex.yaml new file mode 100644 index 00000000..565e6c15 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/lex.yaml @@ -0,0 +1,2252 @@ +openapi: 3.0.0 +info: + title: Lex + version: 1.0.0 +paths: {} +components: + schemas: + BotAliasLocaleSettingsList: + description: A list of bot alias locale settings to add to the bot alias. + type: array + uniqueItems: true + maxItems: 50 + x-insertionOrder: false + items: + $ref: '#/components/schemas/BotAliasLocaleSettingsItem' + BotAliasLocaleSettingsItem: + description: A locale setting in alias + type: object + properties: + LocaleId: + description: A string used to identify the locale + type: string + minLength: 1 + maxLength: 128 + BotAliasLocaleSetting: + $ref: '#/components/schemas/BotAliasLocaleSettings' + required: + - LocaleId + - BotAliasLocaleSetting + additionalProperties: false + BotAliasLocaleSettings: + description: You can use this parameter to specify a specific Lambda function to run different functions in different locales. + type: object + properties: + CodeHookSpecification: + $ref: '#/components/schemas/CodeHookSpecification' + Enabled: + type: boolean + description: Whether the Lambda code hook is enabled + required: + - Enabled + additionalProperties: false + CodeHookSpecification: + description: Contains information about code hooks that Amazon Lex calls during a conversation. + type: object + properties: + LambdaCodeHook: + $ref: '#/components/schemas/LambdaCodeHook' + required: + - LambdaCodeHook + additionalProperties: false + LambdaCodeHook: + description: Contains information about code hooks that Amazon Lex calls during a conversation. + type: object + properties: + CodeHookInterfaceVersion: + description: The version of the request-response that you want Amazon Lex to use to invoke your Lambda function. + type: string + minLength: 1 + maxLength: 5 + LambdaArn: + description: The Amazon Resource Name (ARN) of the Lambda function. + type: string + minLength: 20 + maxLength: 2048 + required: + - CodeHookInterfaceVersion + - LambdaArn + additionalProperties: false + ConversationLogSettings: + description: Contains information about code hooks that Amazon Lex calls during a conversation. + type: object + properties: + AudioLogSettings: + $ref: '#/components/schemas/AudioLogSettings' + TextLogSettings: + $ref: '#/components/schemas/TextLogSettings' + additionalProperties: false + AudioLogSettings: + description: List of audio log settings + type: array + maxItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/AudioLogSetting' + TextLogSettings: + description: List of text log settings + type: array + maxItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/TextLogSetting' + AudioLogSetting: + description: Settings for logging audio of conversations between Amazon Lex and a user. You specify whether to log audio and the Amazon S3 bucket where the audio file is stored. + type: object + properties: + Destination: + $ref: '#/components/schemas/AudioLogDestination' + Enabled: + type: boolean + description: '' + required: + - Destination + - Enabled + additionalProperties: false + TextLogSetting: + description: Contains information about code hooks that Amazon Lex calls during a conversation. + type: object + properties: + Destination: + $ref: '#/components/schemas/TextLogDestination' + Enabled: + type: boolean + description: '' + required: + - Destination + - Enabled + additionalProperties: false + AudioLogDestination: + description: The location of audio log files collected when conversation logging is enabled for a bot. + type: object + properties: + S3Bucket: + $ref: '#/components/schemas/S3BucketLogDestination' + required: + - S3Bucket + additionalProperties: false + TextLogDestination: + description: Defines the Amazon CloudWatch Logs destination log group for conversation text logs. + type: object + properties: + CloudWatch: + $ref: '#/components/schemas/CloudWatchLogGroupLogDestination' + required: + - CloudWatch + additionalProperties: false + CloudWatchLogGroupLogDestination: + type: object + properties: + CloudWatchLogGroupArn: + description: A string used to identify the groupArn for the Cloudwatch Log Group + type: string + minLength: 1 + maxLength: 2048 + LogPrefix: + description: A string containing the value for the Log Prefix + type: string + minLength: 0 + maxLength: 1024 + required: + - CloudWatchLogGroupArn + - LogPrefix + additionalProperties: false + S3BucketLogDestination: + description: Specifies an Amazon S3 bucket for logging audio conversations + type: object + properties: + S3BucketArn: + type: string + description: The Amazon Resource Name (ARN) of an Amazon S3 bucket where audio log files are stored. + minLength: 1 + maxLength: 2048 + pattern: ^arn:[\w\-]+:s3:::[a-z0-9][\.\-a-z0-9]{1,61}[a-z0-9]$ + LogPrefix: + type: string + description: The Amazon S3 key of the deployment package. + minLength: 0 + maxLength: 1024 + KmsKeyArn: + type: string + description: The Amazon Resource Name (ARN) of an AWS Key Management Service (KMS) key for encrypting audio log files stored in an S3 bucket. + minLength: 20 + maxLength: 2048 + pattern: ^arn:[\w\-]+:kms:[\w\-]+:[\d]{12}:(?:key\/[\w\-]+|alias\/[a-zA-Z0-9:\/_\-]{1,256})$ + required: + - LogPrefix + - S3BucketArn + additionalProperties: false + TestBotAliasSettings: + description: Configuring the test bot alias settings for a given bot + type: object + properties: + BotAliasLocaleSettings: + $ref: '#/components/schemas/BotAliasLocaleSettingsList' + ConversationLogSettings: + $ref: '#/components/schemas/ConversationLogSettings' + Description: + $ref: '#/components/schemas/Description' + SentimentAnalysisSettings: + description: Determines whether Amazon Lex will use Amazon Comprehend to detect the sentiment of user utterances. + type: object + properties: + DetectSentiment: + type: boolean + description: Enable to call Amazon Comprehend for Sentiment natively within Lex + required: + - DetectSentiment + additionalProperties: false + additionalProperties: false + RoleArn: + description: The Amazon Resource Name (ARN) of an IAM role that has permission to access the bot. + type: string + minLength: 32 + maxLength: 2048 + pattern: ^arn:aws[a-zA-Z-]*:iam::[0-9]{12}:role/.*$ + Id: + description: Unique ID of resource + type: string + minLength: 10 + maxLength: 10 + pattern: ^[0-9a-zA-Z]+$ + BotArn: + type: string + minLength: 1 + maxLength: 1011 + pattern: ^arn:aws[a-zA-Z-]*:lex:[a-z]+-[a-z]+-[0-9]:[0-9]{12}:bot/[0-9a-zA-Z]+$ + Name: + description: A unique identifier for a resource. + type: string + minLength: 1 + maxLength: 100 + pattern: ^([0-9a-zA-Z][_-]?)+$ + Description: + description: A description of the version. Use the description to help identify the version in lists. + type: string + maxLength: 200 + DataPrivacy: + description: Provides information on additional privacy protections Amazon Lex should use with the bot's data. + type: object + properties: + ChildDirected: + type: boolean + description: Specify whether your use of Amazon Lex is related to application that is directed or targeted, in whole or in part, to children under age 13 and subject to the Children's Online Privacy Protection Act (COPPA). + required: + - ChildDirected + additionalProperties: false + IdleSessionTTLInSeconds: + description: The time, in seconds, that Amazon Lex should keep information about a user's conversation with the bot. + type: integer + minimum: 60 + maximum: 86400 + Utterance: + description: The sample utterance that Amazon Lex uses to build its machine-learning model to recognize intents/slots. + type: string + SampleUtterance: + description: A sample utterance that invokes an intent or respond to a slot elicitation prompt. + type: object + properties: + Utterance: + $ref: '#/components/schemas/Utterance' + required: + - Utterance + additionalProperties: false + SampleUtterancesList: + description: An array of sample utterances + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/SampleUtterance' + Tag: + description: A label for tagging Lex resources + type: object + properties: + Key: + description: A string used to identify this tag + type: string + minLength: 1 + maxLength: 128 + Value: + description: A string containing the value for the tag + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + LocaleId: + description: The identifier of the language and locale that the bot will be used in. + type: string + VoiceSettings: + description: Settings for using an Amazon Polly voice to communicate with a user. + type: object + properties: + VoiceId: + type: string + description: The Amazon Polly voice ID that Amazon Lex uses for voice interaction with the user. + Engine: + type: string + description: Indicates the type of Amazon Polly voice that Amazon Lex should use for voice interaction with the user. For more information, see the engine parameter of the SynthesizeSpeech operation in the Amazon Polly developer guide. + enum: + - standard + - neural + required: + - VoiceId + additionalProperties: false + ConfidenceThreshold: + description: The specified confidence threshold for inserting the AMAZON.FallbackIntent and AMAZON.KendraSearchIntent intents. + type: number + minimum: 0 + maximum: 1 + ParentIntentSignature: + description: A unique identifier for the built-in intent to base this intent on. + type: string + DialogCodeHookSetting: + description: Settings that determine the Lambda function that Amazon Lex uses for processing user responses. + type: object + properties: + Enabled: + type: boolean + required: + - Enabled + additionalProperties: false + FulfillmentStartResponseSpecification: + description: Provides settings for a message that is sent to the user when a fulfillment Lambda function starts running. + type: object + properties: + MessageGroups: + $ref: '#/components/schemas/MessageGroupsList' + DelayInSeconds: + description: The delay between when the Lambda fulfillment function starts running and the start message is played. If the Lambda function returns before the delay is over, the start message isn't played. + type: integer + minimum: 1 + maximum: 900 + AllowInterrupt: + description: Determines whether the user can interrupt the start message while it is playing. + type: boolean + required: + - DelayInSeconds + - MessageGroups + additionalProperties: false + FulfillmentUpdateResponseSpecification: + description: Provides settings for a message that is sent periodically to the user while a fulfillment Lambda function is running. + type: object + properties: + MessageGroups: + $ref: '#/components/schemas/MessageGroupsList' + FrequencyInSeconds: + description: The frequency that a message is sent to the user. When the period ends, Amazon Lex chooses a message from the message groups and plays it to the user. If the fulfillment Lambda returns before the first period ends, an update message is not played to the user. + type: integer + minimum: 1 + maximum: 900 + AllowInterrupt: + description: Determines whether the user can interrupt an update message while it is playing. + type: boolean + required: + - FrequencyInSeconds + - MessageGroups + additionalProperties: false + FulfillmentUpdatesSpecification: + description: Provides information for updating the user on the progress of fulfilling an intent. + type: object + properties: + StartResponse: + $ref: '#/components/schemas/FulfillmentStartResponseSpecification' + UpdateResponse: + $ref: '#/components/schemas/FulfillmentUpdateResponseSpecification' + TimeoutInSeconds: + description: The length of time that the fulfillment Lambda function should run before it times out. + type: integer + minimum: 1 + maximum: 900 + Active: + description: Determines whether fulfillment updates are sent to the user. When this field is true, updates are sent. + type: boolean + required: + - Active + additionalProperties: false + PostFulfillmentStatusSpecification: + description: Provides a setting that determines whether the post-fulfillment response is sent to the user. + type: object + properties: + SuccessResponse: + description: Specifies a list of message groups that Amazon Lex uses to respond the user input. + $ref: '#/components/schemas/ResponseSpecification' + SuccessNextStep: + description: Specifies the next step in the conversation that Amazon Lex invokes when the fulfillment code hook completes successfully. + $ref: '#/components/schemas/DialogState' + SuccessConditional: + description: A list of conditional branches to evaluate after the fulfillment code hook finishes successfully. + $ref: '#/components/schemas/ConditionalSpecification' + FailureResponse: + description: Specifies a list of message groups that Amazon Lex uses to respond the user input. + $ref: '#/components/schemas/ResponseSpecification' + FailureNextStep: + description: Specifies the next step the bot runs after the fulfillment code hook throws an exception or returns with the State field of the Intent object set to Failed. + $ref: '#/components/schemas/DialogState' + FailureConditional: + description: A list of conditional branches to evaluate after the fulfillment code hook throws an exception or returns with the State field of the Intent object set to Failed. + $ref: '#/components/schemas/ConditionalSpecification' + TimeoutResponse: + description: Specifies a list of message groups that Amazon Lex uses to respond the user input. + $ref: '#/components/schemas/ResponseSpecification' + TimeoutNextStep: + description: Specifies the next step that the bot runs when the fulfillment code hook times out. + $ref: '#/components/schemas/DialogState' + TimeoutConditional: + description: A list of conditional branches to evaluate if the fulfillment code hook times out. + $ref: '#/components/schemas/ConditionalSpecification' + required: [] + additionalProperties: false + FulfillmentCodeHookSetting: + description: Settings that determine if a Lambda function should be invoked to fulfill a specific intent. + type: object + properties: + FulfillmentUpdatesSpecification: + $ref: '#/components/schemas/FulfillmentUpdatesSpecification' + PostFulfillmentStatusSpecification: + $ref: '#/components/schemas/PostFulfillmentStatusSpecification' + Enabled: + type: boolean + IsActive: + description: Determines whether the fulfillment code hook is used. When active is false, the code hook doesn't run. + type: boolean + required: + - Enabled + additionalProperties: false + Button: + description: A button to use on a response card used to gather slot values from a user. + type: object + properties: + Text: + description: The text that appears on the button. + type: string + minLength: 1 + maxLength: 50 + Value: + description: The value returned to Amazon Lex when the user chooses this button. + type: string + minLength: 1 + maxLength: 50 + required: + - Text + - Value + additionalProperties: false + AttachmentTitle: + type: string + minLength: 1 + maxLength: 250 + AttachmentUrl: + type: string + minLength: 1 + maxLength: 250 + ImageResponseCard: + description: A message that defines a response card that the client application can show to the user. + type: object + properties: + Title: + description: The title to display on the response card. + $ref: '#/components/schemas/AttachmentTitle' + Subtitle: + description: The subtitle to display on the response card. + $ref: '#/components/schemas/AttachmentTitle' + ImageUrl: + description: The URL of an image to display on the response card. + $ref: '#/components/schemas/AttachmentUrl' + Buttons: + description: A list of buttons that should be displayed on the response card. + type: array + maxItems: 5 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Button' + required: + - Title + additionalProperties: false + PlainTextMessage: + description: A message in plain text format. + type: object + properties: + Value: + description: The message to send to the user. + type: string + minLength: 1 + maxLength: 1000 + required: + - Value + additionalProperties: false + CustomPayload: + description: A message in a custom format defined by the client application. + type: object + properties: + Value: + description: The string that is sent to your application. + type: string + minLength: 1 + maxLength: 1000 + required: + - Value + additionalProperties: false + SSMLMessage: + description: A message in Speech Synthesis Markup Language (SSML). + type: object + properties: + Value: + description: The SSML text that defines the prompt. + type: string + minLength: 1 + maxLength: 1000 + required: + - Value + additionalProperties: false + Message: + description: The primary message that Amazon Lex should send to the user. + type: object + properties: + PlainTextMessage: + $ref: '#/components/schemas/PlainTextMessage' + CustomPayload: + $ref: '#/components/schemas/CustomPayload' + SSMLMessage: + $ref: '#/components/schemas/SSMLMessage' + ImageResponseCard: + $ref: '#/components/schemas/ImageResponseCard' + required: [] + additionalProperties: false + MessageGroup: + description: One or more messages that Amazon Lex can send to the user. + type: object + properties: + Message: + $ref: '#/components/schemas/Message' + Variations: + description: Message variations to send to the user. + type: array + maxItems: 2 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Message' + required: + - Message + additionalProperties: false + MessageGroupsList: + description: One to 5 message groups that contain update messages. Amazon Lex chooses one of the messages to play to the user. + type: array + minItems: 1 + maxItems: 5 + x-insertionOrder: false + items: + $ref: '#/components/schemas/MessageGroup' + PromptMaxRetries: + description: The maximum number of times the bot tries to elicit a response from the user using this prompt. + type: integer + minimum: 0 + maximum: 5 + MessageSelectionStrategy: + description: Indicates how a message is selected from a message group among retries. + type: string + enum: + - Random + - Ordered + AllowedInputTypes: + description: Specifies the allowed input types. + type: object + properties: + AllowAudioInput: + description: Indicates whether audio input is allowed. + type: boolean + AllowDTMFInput: + description: Indicates whether DTMF input is allowed. + type: boolean + required: + - AllowAudioInput + - AllowDTMFInput + additionalProperties: false + DTMFSpecification: + description: Specifies the settings on DTMF input. + type: object + properties: + DeletionCharacter: + description: The DTMF character that clears the accumulated DTMF digits and immediately ends the input. + type: string + pattern: ^[A-D0-9#*]{1}$ + EndCharacter: + description: The DTMF character that immediately ends input. If the user does not press this character, the input ends after the end timeout. + type: string + pattern: ^[A-D0-9#*]{1}$ + EndTimeoutMs: + description: How long the bot should wait after the last DTMF character input before assuming that the input has concluded. + type: integer + minimum: 1 + MaxLength: + description: The maximum number of DTMF digits allowed in an utterance. + type: integer + minimum: 1 + maximum: 1024 + required: + - DeletionCharacter + - EndCharacter + - EndTimeoutMs + - MaxLength + additionalProperties: false + AudioSpecification: + description: Specifies the audio input specifications. + type: object + properties: + EndTimeoutMs: + description: Time for which a bot waits after the customer stops speaking to assume the utterance is finished. + type: integer + minimum: 1 + MaxLengthMs: + description: Time for how long Amazon Lex waits before speech input is truncated and the speech is returned to application. + type: integer + minimum: 1 + required: + - EndTimeoutMs + - MaxLengthMs + additionalProperties: false + AudioAndDTMFInputSpecification: + description: Specifies the audio and DTMF input specification. + type: object + properties: + StartTimeoutMs: + description: Time for which a bot waits before assuming that the customer isn't going to speak or press a key. This timeout is shared between Audio and DTMF inputs. + type: integer + minimum: 1 + DTMFSpecification: + $ref: '#/components/schemas/DTMFSpecification' + AudioSpecification: + $ref: '#/components/schemas/AudioSpecification' + required: + - StartTimeoutMs + additionalProperties: false + TextInputSpecification: + description: Specifies the text input specifications. + type: object + properties: + StartTimeoutMs: + description: Time for which a bot waits before re-prompting a customer for text input. + type: integer + minimum: 1 + required: + - StartTimeoutMs + additionalProperties: false + PromptAttemptSpecification: + description: Specifies the settings on a prompt attempt. + type: object + properties: + AllowedInputTypes: + $ref: '#/components/schemas/AllowedInputTypes' + AllowInterrupt: + description: Indicates whether the user can interrupt a speech prompt attempt from the bot. + type: boolean + AudioAndDTMFInputSpecification: + $ref: '#/components/schemas/AudioAndDTMFInputSpecification' + TextInputSpecification: + $ref: '#/components/schemas/TextInputSpecification' + required: + - AllowedInputTypes + additionalProperties: false + PromptSpecification: + description: Prompts the user to confirm the intent. + type: object + properties: + MessageGroupsList: + $ref: '#/components/schemas/MessageGroupsList' + MaxRetries: + $ref: '#/components/schemas/PromptMaxRetries' + AllowInterrupt: + description: Indicates whether the user can interrupt a speech prompt from the bot. + type: boolean + MessageSelectionStrategy: + $ref: '#/components/schemas/MessageSelectionStrategy' + PromptAttemptsSpecification: + description: Specifies the advanced settings on each attempt of the prompt. + type: object + x-patternProperties: + ^(Initial|Retry1|Retry2|Retry3|Retry4|Retry5)$: + $ref: '#/components/schemas/PromptAttemptSpecification' + additionalProperties: false + required: + - MessageGroupsList + - MaxRetries + additionalProperties: false + ResponseSpecification: + description: A list of message groups that Amazon Lex uses to respond the user input. + type: object + properties: + MessageGroupsList: + $ref: '#/components/schemas/MessageGroupsList' + AllowInterrupt: + description: Indicates whether the user can interrupt a speech prompt from the bot. + type: boolean + required: + - MessageGroupsList + additionalProperties: false + StillWaitingResponseFrequency: + description: How often a message should be sent to the user in seconds. + type: integer + minimum: 1 + maximum: 300 + StillWaitingResponseTimeout: + description: If Amazon Lex waits longer than this length of time in seconds for a response, it will stop sending messages. + type: integer + minimum: 1 + maximum: 900 + StillWaitingResponseSpecification: + description: StillWaitingResponseSpecification. + type: object + properties: + MessageGroupsList: + $ref: '#/components/schemas/MessageGroupsList' + FrequencyInSeconds: + $ref: '#/components/schemas/StillWaitingResponseFrequency' + TimeoutInSeconds: + $ref: '#/components/schemas/StillWaitingResponseTimeout' + AllowInterrupt: + description: Indicates whether the user can interrupt a speech prompt from the bot. + type: boolean + required: + - MessageGroupsList + - FrequencyInSeconds + - TimeoutInSeconds + additionalProperties: false + IntentConfirmationSetting: + description: Provides a prompt for making sure that the user is ready for the intent to be fulfilled. + type: object + properties: + PromptSpecification: + description: Prompts the user to confirm the intent. This question should have a yes or no answer. + $ref: '#/components/schemas/PromptSpecification' + IsActive: + description: Specifies whether the intent's confirmation is sent to the user. When this field is false, confirmation and declination responses aren't sent. If the active field isn't specified, the default is true. + type: boolean + ConfirmationResponse: + description: Specifies a list of message groups that Amazon Lex uses to respond the user input. + $ref: '#/components/schemas/ResponseSpecification' + ConfirmationNextStep: + description: Specifies the next step that the bot executes when the customer confirms the intent. + $ref: '#/components/schemas/DialogState' + ConfirmationConditional: + description: A list of conditional branches to evaluate after the intent is closed. + $ref: '#/components/schemas/ConditionalSpecification' + DeclinationResponse: + description: When the user answers "no" to the question defined in promptSpecification, Amazon Lex responds with this response to acknowledge that the intent was canceled. + $ref: '#/components/schemas/ResponseSpecification' + DeclinationNextStep: + description: Specifies the next step that the bot executes when the customer declines the intent. + $ref: '#/components/schemas/DialogState' + DeclinationConditional: + description: A list of conditional branches to evaluate after the intent is declined. + $ref: '#/components/schemas/ConditionalSpecification' + FailureResponse: + description: Specifies a list of message groups that Amazon Lex uses to respond the user input. + $ref: '#/components/schemas/ResponseSpecification' + FailureNextStep: + description: The next step to take in the conversation if the confirmation step fails. + $ref: '#/components/schemas/DialogState' + FailureConditional: + description: Provides a list of conditional branches. Branches are evaluated in the order that they are entered in the list. The first branch with a condition that evaluates to true is executed. The last branch in the list is the default branch. The default branch should not have any condition expression. The default branch is executed if no other branch has a matching condition. + $ref: '#/components/schemas/ConditionalSpecification' + CodeHook: + description: The DialogCodeHookInvocationSetting object associated with intent's confirmation step. The dialog code hook is triggered based on these invocation settings when the confirmation next step or declination next step or failure next step is InvokeDialogCodeHook. + $ref: '#/components/schemas/DialogCodeHookInvocationSetting' + ElicitationCodeHook: + description: The DialogCodeHookInvocationSetting used when the code hook is invoked during confirmation prompt retries. + $ref: '#/components/schemas/ElicitationCodeHookInvocationSetting' + required: + - PromptSpecification + additionalProperties: false + IntentClosingSetting: + description: Provides a statement the Amazon Lex conveys to the user when the intent is successfully fulfilled. + type: object + properties: + ClosingResponse: + description: The response that Amazon Lex sends to the user when the intent is complete. + $ref: '#/components/schemas/ResponseSpecification' + IsActive: + description: Specifies whether an intent's closing response is used. When this field is false, the closing response isn't sent to the user. If the active field isn't specified, the default is true. + type: boolean + Conditional: + description: A list of conditional branches associated with the intent's closing response. These branches are executed when the nextStep attribute is set to EvalutateConditional. + $ref: '#/components/schemas/ConditionalSpecification' + NextStep: + description: Specifies the next step that the bot executes after playing the intent's closing response. + $ref: '#/components/schemas/DialogState' + additionalProperties: false + InputContext: + description: InputContext specified for the intent. + type: object + properties: + Name: + description: The name of the context. + $ref: '#/components/schemas/Name' + required: + - Name + additionalProperties: false + InputContextsList: + description: The list of input contexts specified for the intent. + type: array + maxItems: 5 + x-insertionOrder: false + items: + $ref: '#/components/schemas/InputContext' + ContextTimeToLiveInSeconds: + description: The amount of time, in seconds, that the output context should remain active. + type: integer + minimum: 5 + maximum: 86400 + ContextTurnsToLive: + description: The number of conversation turns that the output context should remain active. + type: integer + minimum: 1 + maximum: 20 + OutputContext: + description: A session context that is activated when an intent is fulfilled. + type: object + properties: + Name: + $ref: '#/components/schemas/Name' + TimeToLiveInSeconds: + $ref: '#/components/schemas/ContextTimeToLiveInSeconds' + TurnsToLive: + $ref: '#/components/schemas/ContextTurnsToLive' + required: + - Name + - TimeToLiveInSeconds + - TurnsToLive + additionalProperties: false + OutputContextsList: + description: A list of contexts that the intent activates when it is fulfilled. + type: array + maxItems: 10 + x-insertionOrder: false + items: + $ref: '#/components/schemas/OutputContext' + KendraIndexArn: + description: The Amazon Resource Name (ARN) of the Amazon Kendra index that you want the AMAZON.KendraSearchIntent intent to search. + type: string + minLength: 32 + maxLength: 2048 + pattern: ^arn:aws[a-zA-Z-]*:kendra:[a-z]+-[a-z]+-[0-9]:[0-9]{12}:index/[a-zA-Z0-9][a-zA-Z0-9_-]*$ + QueryFilterString: + description: A query filter that Amazon Lex sends to Amazon Kendra to filter the response from a query. + type: string + minLength: 1 + maxLength: 5000 + KendraConfiguration: + description: Configuration for searching a Amazon Kendra index specified for the intent. + type: object + properties: + KendraIndex: + $ref: '#/components/schemas/KendraIndexArn' + QueryFilterStringEnabled: + description: Determines whether the AMAZON.KendraSearchIntent intent uses a custom query string to query the Amazon Kendra index. + type: boolean + QueryFilterString: + $ref: '#/components/schemas/QueryFilterString' + required: + - KendraIndex + additionalProperties: false + PriorityValue: + description: The priority that a slot should be elicited. + type: integer + minimum: 0 + maximum: 100 + SlotPriority: + description: The priority that Amazon Lex should use when eliciting slot values from a user. + type: object + properties: + Priority: + $ref: '#/components/schemas/PriorityValue' + SlotName: + description: The name of the slot. + $ref: '#/components/schemas/Name' + required: + - SlotName + - Priority + additionalProperties: false + SlotPrioritiesList: + description: List for slot priorities + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/SlotPriority' + Intent: + description: Represents an action that the user wants to perform. + type: object + properties: + Name: + description: The name of the intent. + $ref: '#/components/schemas/Name' + Description: + description: Description of thr intent. + $ref: '#/components/schemas/Description' + ParentIntentSignature: + $ref: '#/components/schemas/ParentIntentSignature' + SampleUtterances: + description: A sample utterance that invokes an intent or respond to a slot elicitation prompt. + $ref: '#/components/schemas/SampleUtterancesList' + DialogCodeHook: + $ref: '#/components/schemas/DialogCodeHookSetting' + FulfillmentCodeHook: + $ref: '#/components/schemas/FulfillmentCodeHookSetting' + IntentConfirmationSetting: + $ref: '#/components/schemas/IntentConfirmationSetting' + IntentClosingSetting: + $ref: '#/components/schemas/IntentClosingSetting' + InitialResponseSetting: + description: Configuration setting for a response sent to the user before Amazon Lex starts eliciting slots. + $ref: '#/components/schemas/InitialResponseSetting' + InputContexts: + $ref: '#/components/schemas/InputContextsList' + OutputContexts: + $ref: '#/components/schemas/OutputContextsList' + KendraConfiguration: + $ref: '#/components/schemas/KendraConfiguration' + SlotPriorities: + $ref: '#/components/schemas/SlotPrioritiesList' + Slots: + description: List of slots + type: array + maxItems: 100 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Slot' + required: + - Name + additionalProperties: false + ParentSlotTypeSignature: + description: The built-in slot type used as a parent of this slot type. + type: string + SlotTypeName: + description: The slot type name that is used in the slot. Allows for custom and built-in slot type names + type: string + SampleValue: + description: Defines one of the values for a slot type. + type: object + properties: + Value: + description: The value that can be used for a slot type. + type: string + minLength: 1 + maxLength: 140 + required: + - Value + additionalProperties: false + SynonymList: + description: Additional values related to the slot type entry. + type: array + maxItems: 10000 + x-insertionOrder: false + items: + $ref: '#/components/schemas/SampleValue' + SlotTypeValue: + description: Value that the slot type can take. + type: object + properties: + SampleValue: + $ref: '#/components/schemas/SampleValue' + Synonyms: + $ref: '#/components/schemas/SynonymList' + required: + - SampleValue + additionalProperties: false + SlotTypeValues: + description: A List of slot type values + type: array + maxItems: 10000 + x-insertionOrder: false + items: + $ref: '#/components/schemas/SlotTypeValue' + SlotValueResolutionStrategy: + type: string + enum: + - ORIGINAL_VALUE + - TOP_RESOLUTION + SlotValueRegexFilter: + description: A regular expression used to validate the value of a slot. + type: object + properties: + Pattern: + description: Regex pattern + type: string + minLength: 1 + maxLength: 300 + required: + - Pattern + additionalProperties: false + AudioRecognitionStrategy: + description: Enables using slot values as a custom vocabulary when recognizing user utterances. + type: string + enum: + - UseSlotValuesAsCustomVocabulary + AdvancedRecognitionSetting: + description: Provides settings that enable advanced recognition settings for slot values. + type: object + properties: + AudioRecognitionStrategy: + $ref: '#/components/schemas/AudioRecognitionStrategy' + additionalProperties: false + SlotValueSelectionSetting: + description: Contains settings used by Amazon Lex to select a slot value. + type: object + properties: + ResolutionStrategy: + $ref: '#/components/schemas/SlotValueResolutionStrategy' + RegexFilter: + $ref: '#/components/schemas/SlotValueRegexFilter' + AdvancedRecognitionSetting: + $ref: '#/components/schemas/AdvancedRecognitionSetting' + required: + - ResolutionStrategy + additionalProperties: false + S3BucketName: + type: string + minLength: 3 + maxLength: 63 + pattern: ^[a-z0-9][\.\-a-z0-9]{1,61}[a-z0-9]$ + S3ObjectKey: + type: string + minLength: 1 + maxLength: 1024 + pattern: '[\.\-\!\*\_\''\(\)a-zA-Z0-9][\.\-\!\*\_\''\(\)\/a-zA-Z0-9]*$' + GrammarSlotTypeSource: + description: Describes the Amazon S3 bucket name and location for the grammar that is the source for the slot type. + type: object + properties: + S3BucketName: + description: The name of the S3 bucket that contains the grammar source. + $ref: '#/components/schemas/S3BucketName' + S3ObjectKey: + description: The path to the grammar in the S3 bucket. + $ref: '#/components/schemas/S3ObjectKey' + KmsKeyArn: + description: The Amazon KMS key required to decrypt the contents of the grammar, if any. + type: string + minLength: 20 + maxLength: 2048 + pattern: ^arn:[\w\-]+:kms:[\w\-]+:[\d]{12}:(?:key\/[\w\-]+|alias\/[a-zA-Z0-9:\/_\-]{1,256})$ + required: + - S3BucketName + - S3ObjectKey + additionalProperties: false + GrammarSlotTypeSetting: + description: Settings required for a slot type based on a grammar that you provide. + type: object + properties: + Source: + $ref: '#/components/schemas/GrammarSlotTypeSource' + additionalProperties: false + ExternalSourceSetting: + description: Provides information about the external source of the slot type's definition. + type: object + properties: + GrammarSlotTypeSetting: + $ref: '#/components/schemas/GrammarSlotTypeSetting' + additionalProperties: false + SlotType: + description: A custom, extended built-in or a grammar slot type. + type: object + properties: + Name: + $ref: '#/components/schemas/Name' + Description: + $ref: '#/components/schemas/Description' + ParentSlotTypeSignature: + $ref: '#/components/schemas/ParentSlotTypeSignature' + SlotTypeValues: + $ref: '#/components/schemas/SlotTypeValues' + ValueSelectionSetting: + $ref: '#/components/schemas/SlotValueSelectionSetting' + ExternalSourceSetting: + $ref: '#/components/schemas/ExternalSourceSetting' + required: + - Name + additionalProperties: false + CustomVocabularyItem: + description: A custom vocabulary item that contains the phrase to recognize and a weight to give the boost. + type: object + properties: + Phrase: + description: Phrase that should be recognized. + type: string + minLength: 1 + maxLength: 100 + Weight: + description: The degree to which the phrase recognition is boosted. The weight 0 means that no boosting will be applied and the entry will only be used for performing replacements using the displayAs field. + type: integer + minimum: 0 + maximum: 3 + DisplayAs: + description: Defines how you want your phrase to look in your transcription output. + type: string + minLength: 1 + maxLength: 100 + required: + - Phrase + additionalProperties: false + CustomVocabularyItems: + type: array + maxItems: 500 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/CustomVocabularyItem' + CustomVocabulary: + description: A custom vocabulary is a list of specific phrases that you want Amazon Lex V2 to recognize in the audio input. + type: object + properties: + CustomVocabularyItems: + $ref: '#/components/schemas/CustomVocabularyItems' + required: + - CustomVocabularyItems + additionalProperties: false + SlotDefaultValue: + description: The default value to use when a user doesn't provide a value for a slot. + type: object + properties: + DefaultValue: + description: The default value to use when a user doesn't provide a value for a slot. + type: string + minLength: 1 + maxLength: 202 + required: + - DefaultValue + additionalProperties: false + SlotDefaultValueSpecification: + description: A list of values that Amazon Lex should use as the default value for a slot. + type: object + properties: + DefaultValueList: + description: A list of slot default values + type: array + maxItems: 10 + x-insertionOrder: false + items: + $ref: '#/components/schemas/SlotDefaultValue' + required: + - DefaultValueList + additionalProperties: false + SlotConstraint: + type: string + enum: + - Required + - Optional + WaitAndContinueSpecification: + description: The prompts that Amazon Lex uses while a bot is waiting for customer input. + type: object + properties: + WaitingResponse: + description: The response that Amazon Lex sends to indicate that the bot is waiting for the conversation to continue. + $ref: '#/components/schemas/ResponseSpecification' + ContinueResponse: + description: The response that Amazon Lex sends to indicate that the bot is ready to continue the conversation. + $ref: '#/components/schemas/ResponseSpecification' + StillWaitingResponse: + description: The response that Amazon Lex sends periodically to the user to indicate that the bot is still waiting for input from the user. + $ref: '#/components/schemas/StillWaitingResponseSpecification' + IsActive: + description: Specifies whether the bot will wait for a user to respond. + type: boolean + required: + - WaitingResponse + - ContinueResponse + additionalProperties: false + SlotValueElicitationSetting: + description: Settings that you can use for eliciting a slot value. + type: object + properties: + DefaultValueSpecification: + description: A list of default values for a slot. + $ref: '#/components/schemas/SlotDefaultValueSpecification' + SlotConstraint: + description: Specifies whether the slot is required or optional. + $ref: '#/components/schemas/SlotConstraint' + PromptSpecification: + description: The prompt that Amazon Lex uses to elicit the slot value from the user. + $ref: '#/components/schemas/PromptSpecification' + SampleUtterances: + description: If you know a specific pattern that users might respond to an Amazon Lex request for a slot value, you can provide those utterances to improve accuracy. + $ref: '#/components/schemas/SampleUtterancesList' + WaitAndContinueSpecification: + description: Specifies the prompts that Amazon Lex uses while a bot is waiting for customer input. + $ref: '#/components/schemas/WaitAndContinueSpecification' + SlotCaptureSetting: + description: Specifies the next stage in the conversation after capturing the slot. + $ref: '#/components/schemas/SlotCaptureSetting' + required: + - SlotConstraint + additionalProperties: false + ObfuscationSetting: + description: Determines whether Amazon Lex obscures slot values in conversation logs. + type: object + properties: + ObfuscationSettingType: + description: Value that determines whether Amazon Lex obscures slot values in conversation logs. The default is to obscure the values. + type: string + enum: + - None + - DefaultObfuscation + required: + - ObfuscationSettingType + additionalProperties: false + MultipleValuesSetting: + description: Indicates whether a slot can return multiple values. + type: object + properties: + AllowMultipleValues: + type: boolean + required: [] + additionalProperties: false + Slot: + description: A slot is a variable needed to fulfill an intent, where an intent can require zero or more slots. + type: object + properties: + Name: + $ref: '#/components/schemas/Name' + Description: + $ref: '#/components/schemas/Description' + SlotTypeName: + $ref: '#/components/schemas/SlotTypeName' + ValueElicitationSetting: + $ref: '#/components/schemas/SlotValueElicitationSetting' + ObfuscationSetting: + $ref: '#/components/schemas/ObfuscationSetting' + MultipleValuesSetting: + $ref: '#/components/schemas/MultipleValuesSetting' + required: + - Name + - SlotTypeName + - ValueElicitationSetting + additionalProperties: false + BotLocale: + description: A locale in the bot, which contains the intents and slot types that the bot uses in conversations with users in the specified language and locale. + type: object + properties: + LocaleId: + $ref: '#/components/schemas/LocaleId' + Description: + $ref: '#/components/schemas/Description' + VoiceSettings: + $ref: '#/components/schemas/VoiceSettings' + NluConfidenceThreshold: + $ref: '#/components/schemas/ConfidenceThreshold' + Intents: + description: List of intents + type: array + maxItems: 1000 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Intent' + SlotTypes: + description: List of SlotTypes + type: array + maxItems: 250 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/SlotType' + CustomVocabulary: + $ref: '#/components/schemas/CustomVocabulary' + required: + - LocaleId + - NluConfidenceThreshold + additionalProperties: false + S3Location: + description: S3 location of bot definitions zip file, if it's not defined inline in CloudFormation. + type: object + properties: + S3Bucket: + description: An Amazon S3 bucket in the same AWS Region as your function. The bucket can be in a different AWS account. + $ref: '#/components/schemas/S3BucketName' + S3ObjectKey: + description: The Amazon S3 key of the deployment package. + $ref: '#/components/schemas/S3ObjectKey' + S3ObjectVersion: + type: string + description: For versioned objects, the version of the deployment package object to use. If not specified, the current object version will be used. + minLength: 1 + maxLength: 1024 + required: + - S3Bucket + - S3ObjectKey + additionalProperties: false + Condition: + description: Provides an expression that evaluates to true or false. + type: object + properties: + ExpressionString: + description: The expression string that is evaluated. + $ref: '#/components/schemas/ConditionExpression' + required: + - ExpressionString + additionalProperties: false + Conditional: + description: Contains conditional branches to fork the conversation flow. + type: object + properties: + IsActive: + type: boolean + ConditionalBranches: + $ref: '#/components/schemas/ConditionalBranches' + required: + - IsActive + - ConditionalBranches + additionalProperties: false + ConditionalSpecification: + description: Provides a list of conditional branches. Branches are evaluated in the order that they are entered in the list. The first branch with a condition that evaluates to true is executed. The last branch in the list is the default branch. The default branch should not have any condition expression. The default branch is executed if no other branch has a matching condition. + type: object + properties: + IsActive: + description: Determines whether a conditional branch is active. When active is false, the conditions are not evaluated. + type: boolean + ConditionalBranches: + description: A list of conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. + $ref: '#/components/schemas/ConditionalBranches' + DefaultBranch: + description: The conditional branch that should be followed when the conditions for other branches are not satisfied. A conditional branch is made up of a condition, a response and a next step. + $ref: '#/components/schemas/DefaultConditionalBranch' + required: + - IsActive + - ConditionalBranches + - DefaultBranch + additionalProperties: false + DefaultConditionalBranch: + description: A set of actions that Amazon Lex should run if none of the other conditions are met. + type: object + properties: + NextStep: + description: The next step in the conversation. + $ref: '#/components/schemas/DialogState' + Response: + description: Specifies a list of message groups that Amazon Lex uses to respond the user input. + $ref: '#/components/schemas/ResponseSpecification' + additionalProperties: false + ConditionalBranch: + description: A set of actions that Amazon Lex should run if the condition is matched. + type: object + properties: + Name: + description: The name of the branch. + $ref: '#/components/schemas/Name' + Condition: + description: Contains the expression to evaluate. If the condition is true, the branch's actions are taken. + $ref: '#/components/schemas/Condition' + NextStep: + description: The next step in the conversation. + $ref: '#/components/schemas/DialogState' + Response: + description: Specifies a list of message groups that Amazon Lex uses to respond the user input. + $ref: '#/components/schemas/ResponseSpecification' + required: + - Name + - Condition + - NextStep + additionalProperties: false + ConditionalBranches: + description: A list of 1 to 4 conditional branches to fork the conversation flow. + type: array + minItems: 1 + maxItems: 4 + x-insertionOrder: true + items: + $ref: '#/components/schemas/ConditionalBranch' + InitialResponseSetting: + description: Configuration setting for a response sent to the user before Amazon Lex starts eliciting slots. + type: object + properties: + InitialResponse: + description: Specifies a list of message groups that Amazon Lex uses to respond the user input. + $ref: '#/components/schemas/ResponseSpecification' + NextStep: + description: The next step in the conversation. + $ref: '#/components/schemas/DialogState' + Conditional: + description: Provides a list of conditional branches. Branches are evaluated in the order that they are entered in the list. The first branch with a condition that evaluates to true is executed. The last branch in the list is the default branch. The default branch should not have any condition expression. The default branch is executed if no other branch has a matching condition. + $ref: '#/components/schemas/ConditionalSpecification' + CodeHook: + description: Settings that specify the dialog code hook that is called by Amazon Lex at a step of the conversation. + $ref: '#/components/schemas/DialogCodeHookInvocationSetting' + additionalProperties: false + ConditionExpression: + description: Expression that is evaluated to true or false at runtime. + type: string + minLength: 1 + maxLength: 1024 + DialogCodeHookInvocationSetting: + description: Settings that specify the dialog code hook that is called by Amazon Lex at a step of the conversation. + type: object + properties: + EnableCodeHookInvocation: + description: Indicates whether a Lambda function should be invoked for the dialog. + type: boolean + IsActive: + description: Determines whether a dialog code hook is used when the intent is activated. + type: boolean + InvocationLabel: + description: A label that indicates the dialog step from which the dialog code hook is happening. + $ref: '#/components/schemas/Name' + PostCodeHookSpecification: + description: Contains the responses and actions that Amazon Lex takes after the Lambda function is complete. + $ref: '#/components/schemas/PostDialogCodeHookInvocationSpecification' + required: + - IsActive + - EnableCodeHookInvocation + - PostCodeHookSpecification + additionalProperties: false + ElicitationCodeHookInvocationSetting: + description: Settings that specify the dialog code hook that is called by Amazon Lex between eliciting slot values. + type: object + properties: + EnableCodeHookInvocation: + description: Indicates whether a Lambda function should be invoked for the dialog. + type: boolean + InvocationLabel: + description: A label that indicates the dialog step from which the dialog code hook is happening. + $ref: '#/components/schemas/Name' + required: + - EnableCodeHookInvocation + additionalProperties: false + PostDialogCodeHookInvocationSpecification: + description: Specifies next steps to run after the dialog code hook finishes. + type: object + properties: + SuccessResponse: + description: Specifies a list of message groups that Amazon Lex uses to respond the user input. + $ref: '#/components/schemas/ResponseSpecification' + SuccessNextStep: + description: Specifics the next step the bot runs after the dialog code hook finishes successfully. + $ref: '#/components/schemas/DialogState' + SuccessConditional: + description: A list of conditional branches to evaluate after the dialog code hook finishes successfully. + $ref: '#/components/schemas/ConditionalSpecification' + FailureResponse: + description: Specifies a list of message groups that Amazon Lex uses to respond the user input. + $ref: '#/components/schemas/ResponseSpecification' + FailureNextStep: + description: Specifies the next step the bot runs after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed. + $ref: '#/components/schemas/DialogState' + FailureConditional: + description: A list of conditional branches to evaluate after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed. + $ref: '#/components/schemas/ConditionalSpecification' + TimeoutResponse: + description: Specifies a list of message groups that Amazon Lex uses to respond the user input. + $ref: '#/components/schemas/ResponseSpecification' + TimeoutNextStep: + description: Specifies the next step that the bot runs when the code hook times out. + $ref: '#/components/schemas/DialogState' + TimeoutConditional: + description: A list of conditional branches to evaluate if the code hook times out. + $ref: '#/components/schemas/ConditionalSpecification' + additionalProperties: false + DialogState: + description: The current state of the conversation with the user. + type: object + properties: + DialogAction: + description: Defines the action that the bot executes at runtime when the conversation reaches this step. + $ref: '#/components/schemas/DialogAction' + Intent: + description: Override settings to configure the intent state. + $ref: '#/components/schemas/IntentOverride' + SessionAttributes: + description: List of session attributes to be applied when the conversation reaches this step. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/SessionAttribute' + additionalProperties: false + DialogAction: + description: Defines the action that the bot executes at runtime when the conversation reaches this step. + type: object + properties: + Type: + description: The action that the bot should execute. + $ref: '#/components/schemas/DialogActionType' + SlotToElicit: + description: If the dialog action is ElicitSlot, defines the slot to elicit from the user. + $ref: '#/components/schemas/Name' + SuppressNextMessage: + description: When true the next message for the intent is not used. + type: boolean + required: + - Type + additionalProperties: false + DialogActionType: + description: The possible values of actions that the conversation can take. + type: string + enum: + - CloseIntent + - ConfirmIntent + - ElicitIntent + - ElicitSlot + - StartIntent + - FulfillIntent + - EndConversation + - EvaluateConditional + - InvokeDialogCodeHook + SessionAttribute: + description: Key/value pair representing session-specific context information. It contains application information passed between Amazon Lex and a client application. + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 1024 + Value: + type: string + minLength: 0 + maxLength: 1024 + required: + - Key + additionalProperties: false + IntentOverride: + description: Override settings to configure the intent state. + type: object + properties: + Name: + description: The name of the intent. Only required when you're switching intents. + $ref: '#/components/schemas/Name' + Slots: + description: A map of all of the slot value overrides for the intent. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/SlotValueOverrideMap' + additionalProperties: false + SlotValueOverrideMap: + description: A map of slot names and their overridden values. + type: object + properties: + SlotName: + $ref: '#/components/schemas/Name' + SlotValueOverride: + $ref: '#/components/schemas/SlotValueOverride' + additionalProperties: false + SlotValueOverride: + description: The slot values that Amazon Lex uses when it sets slot values in a dialog step. + type: object + properties: + Shape: + description: When the shape value is List, it indicates that the values field contains a list of slot values. When the value is Scalar, it indicates that the value field contains a single value. + $ref: '#/components/schemas/SlotShape' + Value: + description: The current value of the slot. + $ref: '#/components/schemas/SlotValue' + Values: + description: A list of one or more values that the user provided for the slot. For example, for a slot that elicits pizza toppings, the values might be "pepperoni" and "pineapple." + $ref: '#/components/schemas/SlotValues' + additionalProperties: false + SlotValue: + description: The value to set in a slot. + type: object + properties: + InterpretedValue: + description: The value that Amazon Lex determines for the slot. + type: string + minLength: 1 + maxLength: 202 + additionalProperties: false + SlotValues: + description: An array of values that slots should be set to + type: array + items: + $ref: '#/components/schemas/SlotValueOverride' + SlotShape: + description: The different shapes that a slot can be in during a conversation. + type: string + enum: + - Scalar + - List + SlotCaptureSetting: + description: Settings used when Amazon Lex successfully captures a slot value from a user. + type: object + properties: + CaptureResponse: + description: Specifies a list of message groups that Amazon Lex uses to respond the user input. + $ref: '#/components/schemas/ResponseSpecification' + CaptureNextStep: + description: Specifies the next step that the bot runs when the slot value is captured before the code hook times out. + $ref: '#/components/schemas/DialogState' + CaptureConditional: + description: A list of conditional branches to evaluate after the slot value is captured. + $ref: '#/components/schemas/ConditionalSpecification' + FailureResponse: + description: Specifies a list of message groups that Amazon Lex uses to respond the user input. + $ref: '#/components/schemas/ResponseSpecification' + FailureNextStep: + description: Specifies the next step that the bot runs when the slot value code is not recognized. + $ref: '#/components/schemas/DialogState' + FailureConditional: + description: A list of conditional branches to evaluate when the slot value isn't captured. + $ref: '#/components/schemas/ConditionalSpecification' + CodeHook: + description: Code hook called after Amazon Lex successfully captures a slot value. + $ref: '#/components/schemas/DialogCodeHookInvocationSetting' + ElicitationCodeHook: + description: Code hook called when Amazon Lex doesn't capture a slot value. + $ref: '#/components/schemas/ElicitationCodeHookInvocationSetting' + additionalProperties: false + Bot: + type: object + properties: + Id: + $ref: '#/components/schemas/Id' + Arn: + $ref: '#/components/schemas/BotArn' + Name: + $ref: '#/components/schemas/Name' + Description: + $ref: '#/components/schemas/Description' + RoleArn: + $ref: '#/components/schemas/RoleArn' + DataPrivacy: + description: Data privacy setting of the Bot. + type: object + properties: + ChildDirected: + type: boolean + description: '' + required: + - ChildDirected + additionalProperties: false + IdleSessionTTLInSeconds: + description: IdleSessionTTLInSeconds of the resource + type: integer + minimum: 60 + maximum: 86400 + BotLocales: + description: List of bot locales + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/BotLocale' + BotFileS3Location: + $ref: '#/components/schemas/S3Location' + BotTags: + description: A list of tags to add to the bot, which can only be added at bot creation. + type: array + uniqueItems: true + maxItems: 200 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + TestBotAliasTags: + description: A list of tags to add to the test alias for a bot, , which can only be added at bot/bot alias creation. + type: array + uniqueItems: true + maxItems: 200 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + AutoBuildBotLocales: + description: Specifies whether to build the bot locales after bot creation completes. + type: boolean + TestBotAliasSettings: + $ref: '#/components/schemas/TestBotAliasSettings' + required: + - Name + - RoleArn + - DataPrivacy + - IdleSessionTTLInSeconds + x-stackql-resource-name: bot + description: Amazon Lex conversational bot performing automated tasks such as ordering a pizza, booking a hotel, and so on. + x-type-name: AWS::Lex::Bot + x-stackql-primary-identifier: + - Id + x-write-only-properties: + - BotLocales + - BotFileS3Location + - AutoBuildBotLocales + - BotTags + - TestBotAliasTags + x-read-only-properties: + - Id + - Arn + x-required-properties: + - Name + - RoleArn + - DataPrivacy + - IdleSessionTTLInSeconds + x-taggable: true + x-required-permissions: + create: + - iam:PassRole + - lex:DescribeBot + - lex:CreateUploadUrl + - lex:StartImport + - lex:DescribeImport + - lex:ListTagsForResource + - lex:TagResource + - lex:CreateBot + - lex:CreateBotLocale + - lex:CreateIntent + - lex:CreateSlot + - lex:CreateSlotType + - lex:UpdateBot + - lex:UpdateBotLocale + - lex:UpdateIntent + - lex:UpdateSlot + - lex:UpdateSlotType + - lex:DeleteBotLocale + - lex:DeleteIntent + - lex:DeleteSlot + - lex:DeleteSlotType + - lex:DescribeBotLocale + - lex:BuildBotLocale + - lex:ListBots + - lex:ListBotLocales + - lex:CreateCustomVocabulary + - lex:UpdateCustomVocabulary + - lex:DeleteCustomVocabulary + - s3:GetObject + - lex:UpdateBotAlias + read: + - lex:DescribeBot + - lex:ListTagsForResource + update: + - iam:PassRole + - lex:DescribeBot + - lex:CreateUploadUrl + - lex:StartImport + - lex:DescribeImport + - lex:ListTagsForResource + - lex:TagResource + - lex:UntagResource + - lex:CreateBot + - lex:CreateBotLocale + - lex:CreateIntent + - lex:CreateSlot + - lex:CreateSlotType + - lex:UpdateBot + - lex:UpdateBotLocale + - lex:UpdateIntent + - lex:UpdateSlot + - lex:UpdateSlotType + - lex:DeleteBotLocale + - lex:DeleteIntent + - lex:DeleteSlot + - lex:DeleteSlotType + - lex:DescribeBotLocale + - lex:BuildBotLocale + - lex:ListBots + - lex:ListBotLocales + - lex:CreateCustomVocabulary + - lex:UpdateCustomVocabulary + - lex:DeleteCustomVocabulary + - s3:GetObject + - lex:UpdateBotAlias + delete: + - lex:DeleteBot + - lex:DescribeBot + - lex:DeleteBotLocale + - lex:DeleteIntent + - lex:DeleteSlotType + - lex:DeleteSlot + - lex:DeleteBotVersion + - lex:DeleteBotChannel + - lex:DeleteBotAlias + - lex:DeleteCustomVocabulary + list: + - lex:ListBots + BotAliasStatus: + type: string + enum: + - Creating + - Available + - Deleting + - Failed + BotVersion: + type: object + properties: + BotId: + $ref: '#/components/schemas/Id' + BotVersion: + $ref: '#/components/schemas/BotVersion' + Description: + $ref: '#/components/schemas/Description' + BotVersionLocaleSpecification: + $ref: '#/components/schemas/BotVersionLocaleSpecificationList' + required: + - BotId + - BotVersionLocaleSpecification + x-stackql-resource-name: bot_version + description: A version is a numbered snapshot of your work that you can publish for use in different parts of your workflow, such as development, beta deployment, and production. + x-type-name: AWS::Lex::BotVersion + x-stackql-primary-identifier: + - BotId + - BotVersion + x-create-only-properties: + - BotId + x-write-only-properties: + - BotVersionLocaleSpecification + x-read-only-properties: + - BotVersion + x-required-properties: + - BotId + - BotVersionLocaleSpecification + x-required-permissions: + create: + - lex:CreateBotVersion + - lex:DescribeBotVersion + - lex:DescribeBot + - lex:DescribeBotLocale + - lex:BuildBotLocale + read: + - lex:DescribeBotVersion + delete: + - lex:DeleteBotVersion + - lex:DescribeBotVersion + list: + - lex:ListBotVersions + Arn: + type: string + maxLength: 1000 + BotAlias: + type: object + properties: + BotAliasId: + $ref: '#/components/schemas/Id' + BotId: + $ref: '#/components/schemas/Id' + Arn: + $ref: '#/components/schemas/Arn' + BotAliasStatus: + $ref: '#/components/schemas/BotAliasStatus' + BotAliasLocaleSettings: + $ref: '#/components/schemas/BotAliasLocaleSettingsList' + BotAliasName: + $ref: '#/components/schemas/Name' + BotVersion: + $ref: '#/components/schemas/BotVersion' + ConversationLogSettings: + $ref: '#/components/schemas/ConversationLogSettings' + Description: + $ref: '#/components/schemas/Description' + SentimentAnalysisSettings: + description: Determines whether Amazon Lex will use Amazon Comprehend to detect the sentiment of user utterances. + type: object + properties: + DetectSentiment: + type: boolean + description: Enable to call Amazon Comprehend for Sentiment natively within Lex + required: + - DetectSentiment + additionalProperties: false + BotAliasTags: + description: A list of tags to add to the bot alias. + type: array + uniqueItems: true + maxItems: 200 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - BotId + - BotAliasName + x-stackql-resource-name: bot_alias + description: A Bot Alias enables you to change the version of a bot without updating applications that use the bot + x-type-name: AWS::Lex::BotAlias + x-stackql-primary-identifier: + - BotAliasId + - BotId + x-create-only-properties: + - BotId + x-write-only-properties: + - BotAliasTags + x-read-only-properties: + - BotAliasId + - Arn + - BotAliasStatus + x-required-properties: + - BotId + - BotAliasName + x-required-permissions: + create: + - lex:CreateBotAlias + - lex:DescribeBot + update: + - lex:UpdateBotAlias + - lex:DescribeBotAlias + - lex:ListTagsForResource + - lex:TagResource + - lex:UntagResource + read: + - lex:DescribeBotAlias + delete: + - lex:DeleteBotAlias + list: + - lex:ListBotAliases + BotVersionLocaleDetails: + description: The version of a bot used for a bot locale. + type: object + properties: + SourceBotVersion: + $ref: '#/components/schemas/BotVersion' + required: + - SourceBotVersion + additionalProperties: false + BotVersionLocaleSpecification: + type: object + properties: + LocaleId: + $ref: '#/components/schemas/LocaleId' + BotVersionLocaleDetails: + $ref: '#/components/schemas/BotVersionLocaleDetails' + required: + - LocaleId + - BotVersionLocaleDetails + additionalProperties: false + BotVersionLocaleSpecificationList: + description: Specifies the locales that Amazon Lex adds to this version. You can choose the Draft version or any other previously published version for each locale. + type: array + x-insertionOrder: false + minItems: 1 + items: + $ref: '#/components/schemas/BotVersionLocaleSpecification' + ResourceArn: + description: The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy is attached to. + type: string + minLength: 1 + maxLength: 1011 + Policy: + description: A resource policy to add to the resource. The policy is a JSON structure following the IAM syntax that contains one or more statements that define the policy. + type: object + RevisionId: + description: The current revision of the resource policy. Use the revision ID to make sure that you are updating the most current version of a resource policy when you add a policy statement to a resource, delete a resource, or update a resource. + type: string + minLength: 1 + maxLength: 5 + pattern: ^[0-9]+$ + PhysicalId: + description: The Physical ID of the resource policy. + type: string + ResourcePolicy: + type: object + properties: + ResourceArn: + $ref: '#/components/schemas/ResourceArn' + RevisionId: + $ref: '#/components/schemas/RevisionId' + Policy: + $ref: '#/components/schemas/Policy' + Id: + $ref: '#/components/schemas/PhysicalId' + required: + - ResourceArn + - Policy + x-stackql-resource-name: resource_policy + description: A resource policy with specified policy statements that attaches to a Lex bot or bot alias. + x-type-name: AWS::Lex::ResourcePolicy + x-stackql-primary-identifier: + - Id + x-stackql-additional-identifiers: + - - ResourceArn + x-read-only-properties: + - Id + - RevisionId + x-required-properties: + - ResourceArn + - Policy + x-required-permissions: + create: + - lex:CreateResourcePolicy + - lex:DescribeResourcePolicy + read: + - lex:DescribeResourcePolicy + update: + - lex:UpdateResourcePolicy + - lex:DescribeResourcePolicy + delete: + - lex:DeleteResourcePolicy + - lex:DescribeResourcePolicy + list: + - lex:DescribeResourcePolicy + x-stackQL-resources: + bots: + name: bots + id: aws.lex.bots + x-cfn-schema-name: Bot + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lex::Bot' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lex::Bot' + AND region = 'us-east-1' + bot: + name: bot + id: aws.lex.bot + x-cfn-schema-name: Bot + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.DataPrivacy') as data_privacy, + JSON_EXTRACT(Properties, '$.IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, + JSON_EXTRACT(Properties, '$.BotLocales') as bot_locales, + JSON_EXTRACT(Properties, '$.BotFileS3Location') as bot_file_s3_location, + JSON_EXTRACT(Properties, '$.BotTags') as bot_tags, + JSON_EXTRACT(Properties, '$.TestBotAliasTags') as test_bot_alias_tags, + JSON_EXTRACT(Properties, '$.AutoBuildBotLocales') as auto_build_bot_locales, + JSON_EXTRACT(Properties, '$.TestBotAliasSettings') as test_bot_alias_settings + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lex::Bot' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'DataPrivacy') as data_privacy, + json_extract_path_text(Properties, 'IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, + json_extract_path_text(Properties, 'BotLocales') as bot_locales, + json_extract_path_text(Properties, 'BotFileS3Location') as bot_file_s3_location, + json_extract_path_text(Properties, 'BotTags') as bot_tags, + json_extract_path_text(Properties, 'TestBotAliasTags') as test_bot_alias_tags, + json_extract_path_text(Properties, 'AutoBuildBotLocales') as auto_build_bot_locales, + json_extract_path_text(Properties, 'TestBotAliasSettings') as test_bot_alias_settings + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lex::Bot' + AND data__Identifier = '' + AND region = 'us-east-1' + bot_versions: + name: bot_versions + id: aws.lex.bot_versions + x-cfn-schema-name: BotVersion + x-type: list + x-identifiers: + - BotId + - BotVersion + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.BotId') as bot_id, + JSON_EXTRACT(Properties, '$.BotVersion') as bot_version + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lex::BotVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'BotId') as bot_id, + json_extract_path_text(Properties, 'BotVersion') as bot_version + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lex::BotVersion' + AND region = 'us-east-1' + bot_version: + name: bot_version + id: aws.lex.bot_version + x-cfn-schema-name: BotVersion + x-type: get + x-identifiers: + - BotId + - BotVersion + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.BotId') as bot_id, + JSON_EXTRACT(Properties, '$.BotVersion') as bot_version, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.BotVersionLocaleSpecification') as bot_version_locale_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lex::BotVersion' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'BotId') as bot_id, + json_extract_path_text(Properties, 'BotVersion') as bot_version, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'BotVersionLocaleSpecification') as bot_version_locale_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lex::BotVersion' + AND data__Identifier = '|' + AND region = 'us-east-1' + bot_aliases: + name: bot_aliases + id: aws.lex.bot_aliases + x-cfn-schema-name: BotAlias + x-type: list + x-identifiers: + - BotAliasId + - BotId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.BotAliasId') as bot_alias_id, + JSON_EXTRACT(Properties, '$.BotId') as bot_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lex::BotAlias' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'BotAliasId') as bot_alias_id, + json_extract_path_text(Properties, 'BotId') as bot_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lex::BotAlias' + AND region = 'us-east-1' + bot_alias: + name: bot_alias + id: aws.lex.bot_alias + x-cfn-schema-name: BotAlias + x-type: get + x-identifiers: + - BotAliasId + - BotId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.BotAliasId') as bot_alias_id, + JSON_EXTRACT(Properties, '$.BotId') as bot_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.BotAliasStatus') as bot_alias_status, + JSON_EXTRACT(Properties, '$.BotAliasLocaleSettings') as bot_alias_locale_settings, + JSON_EXTRACT(Properties, '$.BotAliasName') as bot_alias_name, + JSON_EXTRACT(Properties, '$.BotVersion') as bot_version, + JSON_EXTRACT(Properties, '$.ConversationLogSettings') as conversation_log_settings, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.SentimentAnalysisSettings') as sentiment_analysis_settings, + JSON_EXTRACT(Properties, '$.BotAliasTags') as bot_alias_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lex::BotAlias' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'BotAliasId') as bot_alias_id, + json_extract_path_text(Properties, 'BotId') as bot_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'BotAliasStatus') as bot_alias_status, + json_extract_path_text(Properties, 'BotAliasLocaleSettings') as bot_alias_locale_settings, + json_extract_path_text(Properties, 'BotAliasName') as bot_alias_name, + json_extract_path_text(Properties, 'BotVersion') as bot_version, + json_extract_path_text(Properties, 'ConversationLogSettings') as conversation_log_settings, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'SentimentAnalysisSettings') as sentiment_analysis_settings, + json_extract_path_text(Properties, 'BotAliasTags') as bot_alias_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lex::BotAlias' + AND data__Identifier = '|' + AND region = 'us-east-1' + resource_policies: + name: resource_policies + id: aws.lex.resource_policies + x-cfn-schema-name: ResourcePolicy + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lex::ResourcePolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lex::ResourcePolicy' + AND region = 'us-east-1' + resource_policy: + name: resource_policy + id: aws.lex.resource_policy + x-cfn-schema-name: ResourcePolicy + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.RevisionId') as revision_id, + JSON_EXTRACT(Properties, '$.Policy') as policy, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lex::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'RevisionId') as revision_id, + json_extract_path_text(Properties, 'Policy') as policy, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lex::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/licensemanager.yaml b/providers/src/aws/v00.00.00000/services/licensemanager.yaml new file mode 100644 index 00000000..c857347c --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/licensemanager.yaml @@ -0,0 +1,379 @@ +openapi: 3.0.0 +info: + title: LicenseManager + version: 1.0.0 +paths: {} +components: + schemas: + Arn: + type: string + maxLength: 2048 + Grant: + type: object + properties: + GrantArn: + description: Arn of the grant. + $ref: '#/components/schemas/Arn' + GrantName: + description: Name for the created Grant. + type: string + LicenseArn: + description: License Arn for the grant. + $ref: '#/components/schemas/Arn' + HomeRegion: + description: Home region for the created grant. + type: string + Version: + description: The version of the grant. + type: string + AllowedOperations: + type: array + uniqueItems: true + items: + type: string + Principals: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Arn' + Status: + type: string + required: [] + x-stackql-resource-name: grant + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::LicenseManager::Grant + x-stackql-primary-identifier: + - GrantArn + x-write-only-properties: + - Principals + - AllowedOperations + - Status + x-read-only-properties: + - GrantArn + - Version + x-required-properties: [] + x-required-permissions: + create: + - license-manager:CreateGrant + read: + - license-manager:GetGrant + update: + - license-manager:CreateGrantVersion + delete: + - license-manager:DeleteGrant + list: + - license-manager:ListDistributedGrants + ValidityDateFormat: + type: object + additionalProperties: false + properties: + Begin: + description: Validity begin date for the license. + type: string + format: date-time + End: + description: Validity begin date for the license. + type: string + format: date-time + required: + - Begin + - End + IssuerData: + type: object + properties: + Name: + type: string + SignKey: + type: string + required: + - Name + additionalProperties: false + Entitlement: + type: object + properties: + Name: + type: string + Value: + type: string + MaxCount: + type: integer + Overage: + type: boolean + Unit: + type: string + AllowCheckIn: + type: boolean + required: + - Name + - Unit + additionalProperties: false + ConsumptionConfiguration: + type: object + properties: + RenewType: + type: string + ProvisionalConfiguration: + $ref: '#/components/schemas/ProvisionalConfiguration' + BorrowConfiguration: + $ref: '#/components/schemas/BorrowConfiguration' + additionalProperties: false + ProvisionalConfiguration: + type: object + properties: + MaxTimeToLiveInMinutes: + type: integer + required: + - MaxTimeToLiveInMinutes + additionalProperties: false + BorrowConfiguration: + type: object + properties: + MaxTimeToLiveInMinutes: + type: integer + AllowEarlyCheckIn: + type: boolean + required: + - MaxTimeToLiveInMinutes + - AllowEarlyCheckIn + additionalProperties: false + Metadata: + type: object + properties: + Name: + type: string + Value: + type: string + required: + - Name + - Value + additionalProperties: false + LicenseStatus: + type: string + License: + type: object + properties: + ProductSKU: + description: ProductSKU of the license. + type: string + minLength: 1 + maxLength: 1024 + Issuer: + $ref: '#/components/schemas/IssuerData' + LicenseName: + description: Name for the created license. + type: string + ProductName: + description: Product name for the created license. + type: string + HomeRegion: + description: Home region for the created license. + type: string + Validity: + $ref: '#/components/schemas/ValidityDateFormat' + Entitlements: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Entitlement' + Beneficiary: + description: Beneficiary of the license. + type: string + ConsumptionConfiguration: + $ref: '#/components/schemas/ConsumptionConfiguration' + LicenseMetadata: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Metadata' + LicenseArn: + description: Amazon Resource Name is a unique name for each resource. + $ref: '#/components/schemas/Arn' + Status: + $ref: '#/components/schemas/LicenseStatus' + Version: + description: The version of the license. + type: string + required: + - LicenseName + - ProductName + - Issuer + - HomeRegion + - Validity + - ConsumptionConfiguration + - Entitlements + x-stackql-resource-name: license + description: Resource Type definition for AWS::LicenseManager::License + x-type-name: AWS::LicenseManager::License + x-stackql-primary-identifier: + - LicenseArn + x-write-only-properties: + - Status + x-read-only-properties: + - LicenseArn + - Version + x-required-properties: + - LicenseName + - ProductName + - Issuer + - HomeRegion + - Validity + - ConsumptionConfiguration + - Entitlements + x-required-permissions: + create: + - license-manager:CreateLicense + read: + - license-manager:GetLicense + update: + - license-manager:CreateLicenseVersion + delete: + - license-manager:DeleteLicense + list: + - license-manager:ListLicenses + x-stackQL-resources: + grants: + name: grants + id: aws.licensemanager.grants + x-cfn-schema-name: Grant + x-type: list + x-identifiers: + - GrantArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GrantArn') as grant_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LicenseManager::Grant' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GrantArn') as grant_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LicenseManager::Grant' + AND region = 'us-east-1' + grant: + name: grant + id: aws.licensemanager.grant + x-cfn-schema-name: Grant + x-type: get + x-identifiers: + - GrantArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.GrantArn') as grant_arn, + JSON_EXTRACT(Properties, '$.GrantName') as grant_name, + JSON_EXTRACT(Properties, '$.LicenseArn') as license_arn, + JSON_EXTRACT(Properties, '$.HomeRegion') as home_region, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.AllowedOperations') as allowed_operations, + JSON_EXTRACT(Properties, '$.Principals') as principals, + JSON_EXTRACT(Properties, '$.Status') as status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LicenseManager::Grant' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'GrantArn') as grant_arn, + json_extract_path_text(Properties, 'GrantName') as grant_name, + json_extract_path_text(Properties, 'LicenseArn') as license_arn, + json_extract_path_text(Properties, 'HomeRegion') as home_region, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'AllowedOperations') as allowed_operations, + json_extract_path_text(Properties, 'Principals') as principals, + json_extract_path_text(Properties, 'Status') as status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LicenseManager::Grant' + AND data__Identifier = '' + AND region = 'us-east-1' + licenses: + name: licenses + id: aws.licensemanager.licenses + x-cfn-schema-name: License + x-type: list + x-identifiers: + - LicenseArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LicenseArn') as license_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LicenseManager::License' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LicenseArn') as license_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LicenseManager::License' + AND region = 'us-east-1' + license: + name: license + id: aws.licensemanager.license + x-cfn-schema-name: License + x-type: get + x-identifiers: + - LicenseArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ProductSKU') as product_sku, + JSON_EXTRACT(Properties, '$.Issuer') as issuer, + JSON_EXTRACT(Properties, '$.LicenseName') as license_name, + JSON_EXTRACT(Properties, '$.ProductName') as product_name, + JSON_EXTRACT(Properties, '$.HomeRegion') as home_region, + JSON_EXTRACT(Properties, '$.Validity') as validity, + JSON_EXTRACT(Properties, '$.Entitlements') as entitlements, + JSON_EXTRACT(Properties, '$.Beneficiary') as beneficiary, + JSON_EXTRACT(Properties, '$.ConsumptionConfiguration') as consumption_configuration, + JSON_EXTRACT(Properties, '$.LicenseMetadata') as license_metadata, + JSON_EXTRACT(Properties, '$.LicenseArn') as license_arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Version') as version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LicenseManager::License' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ProductSKU') as product_sku, + json_extract_path_text(Properties, 'Issuer') as issuer, + json_extract_path_text(Properties, 'LicenseName') as license_name, + json_extract_path_text(Properties, 'ProductName') as product_name, + json_extract_path_text(Properties, 'HomeRegion') as home_region, + json_extract_path_text(Properties, 'Validity') as validity, + json_extract_path_text(Properties, 'Entitlements') as entitlements, + json_extract_path_text(Properties, 'Beneficiary') as beneficiary, + json_extract_path_text(Properties, 'ConsumptionConfiguration') as consumption_configuration, + json_extract_path_text(Properties, 'LicenseMetadata') as license_metadata, + json_extract_path_text(Properties, 'LicenseArn') as license_arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Version') as version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LicenseManager::License' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/lightsail.yaml b/providers/src/aws/v00.00.00000/services/lightsail.yaml new file mode 100644 index 00000000..c5391660 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/lightsail.yaml @@ -0,0 +1,2137 @@ +openapi: 3.0.0 +info: + title: Lightsail + version: 1.0.0 +paths: {} +components: + schemas: + Alarm: + type: object + properties: + AlarmName: + description: The name for the alarm. Specify the name of an existing alarm to update, and overwrite the previous configuration of the alarm. + type: string + pattern: \w[\w\-]*\w + MonitoredResourceName: + description: The validation status of the SSL/TLS certificate. + type: string + MetricName: + description: The name of the metric to associate with the alarm. + type: string + ComparisonOperator: + description: The arithmetic operation to use when comparing the specified statistic to the threshold. The specified statistic value is used as the first operand. + type: string + ContactProtocols: + description: The contact protocols to use for the alarm, such as Email, SMS (text messaging), or both. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + AlarmArn: + type: string + DatapointsToAlarm: + description: The number of data points that must be not within the specified threshold to trigger the alarm. If you are setting an "M out of N" alarm, this value (datapointsToAlarm) is the M. + type: integer + EvaluationPeriods: + description: The number of most recent periods over which data is compared to the specified threshold. If you are setting an "M out of N" alarm, this value (evaluationPeriods) is the N. + type: integer + NotificationEnabled: + description: Indicates whether the alarm is enabled. Notifications are enabled by default if you don't specify this parameter. + type: boolean + NotificationTriggers: + description: The alarm states that trigger a notification. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Threshold: + description: The value against which the specified statistic is compared. + type: number + TreatMissingData: + description: Sets how this alarm will handle missing data points. + type: string + State: + description: The current state of the alarm. + type: string + required: + - AlarmName + - MonitoredResourceName + - MetricName + - ComparisonOperator + - EvaluationPeriods + - Threshold + x-stackql-resource-name: alarm + description: Resource Type definition for AWS::Lightsail::Alarm + x-type-name: AWS::Lightsail::Alarm + x-stackql-primary-identifier: + - AlarmName + x-create-only-properties: + - AlarmName + - MonitoredResourceName + - MetricName + x-read-only-properties: + - AlarmArn + - State + x-required-properties: + - AlarmName + - MonitoredResourceName + - MetricName + - ComparisonOperator + - EvaluationPeriods + - Threshold + x-taggable: true + x-required-permissions: + create: + - lightsail:PutAlarm + - lightsail:GetAlarms + read: + - lightsail:GetAlarms + update: + - lightsail:PutAlarm + - lightsail:GetAlarms + delete: + - lightsail:DeleteAlarm + - lightsail:GetAlarms + list: + - lightsail:GetAlarms + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + additionalProperties: false + AccessRules: + description: An object that sets the public accessibility of objects in the specified bucket. + type: object + properties: + GetObject: + type: string + description: Specifies the anonymous access to all objects in a bucket. + AllowPublicOverrides: + type: boolean + description: A Boolean value that indicates whether the access control list (ACL) permissions that are applied to individual objects override the getObject option that is currently specified. + additionalProperties: false + Bucket: + type: object + properties: + BucketName: + description: The name for the bucket. + type: string + pattern: ^[a-z0-9][a-z0-9-]{1,52}[a-z0-9]$ + minLength: 3 + maxLength: 54 + BundleId: + description: The ID of the bundle to use for the bucket. + type: string + BucketArn: + type: string + ObjectVersioning: + description: Specifies whether to enable or disable versioning of objects in the bucket. + type: boolean + AccessRules: + $ref: '#/components/schemas/AccessRules' + ResourcesReceivingAccess: + description: The names of the Lightsail resources for which to set bucket access. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + ReadOnlyAccessAccounts: + description: An array of strings to specify the AWS account IDs that can access the bucket. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Url: + description: The URL of the bucket. + type: string + AbleToUpdateBundle: + description: Indicates whether the bundle that is currently applied to a bucket can be changed to another bundle. You can update a bucket's bundle only one time within a monthly AWS billing cycle. + type: boolean + required: + - BucketName + - BundleId + x-stackql-resource-name: bucket + description: Resource Type definition for AWS::Lightsail::Bucket + x-type-name: AWS::Lightsail::Bucket + x-stackql-primary-identifier: + - BucketName + x-create-only-properties: + - BucketName + x-read-only-properties: + - BucketArn + - Url + - AbleToUpdateBundle + x-required-properties: + - BucketName + - BundleId + x-taggable: true + x-required-permissions: + create: + - lightsail:CreateBucket + - lightsail:GetBuckets + - lightsail:GetInstance + - lightsail:UpdateBucket + - lightsail:UpdateBucketBundle + - lightsail:SetResourceAccessForBucket + - lightsail:TagResource + - lightsail:UntagResource + read: + - lightsail:GetBuckets + delete: + - lightsail:DeleteBucket + - lightsail:GetBuckets + list: + - lightsail:GetBuckets + update: + - lightsail:GetBuckets + - lightsail:GetInstance + - lightsail:UpdateBucket + - lightsail:UpdateBucketBundle + - lightsail:SetResourceAccessForBucket + - lightsail:TagResource + - lightsail:UntagResource + Certificate: + type: object + properties: + CertificateName: + description: The name for the certificate. + type: string + DomainName: + description: The domain name (e.g., example.com ) for the certificate. + type: string + SubjectAlternativeNames: + description: An array of strings that specify the alternate domains (e.g., example2.com) and subdomains (e.g., blog.example.com) for the certificate. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + CertificateArn: + type: string + Status: + description: The validation status of the certificate. + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - CertificateName + - DomainName + x-stackql-resource-name: certificate + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::Lightsail::Certificate + x-stackql-primary-identifier: + - CertificateName + x-create-only-properties: + - CertificateName + - DomainName + - SubjectAlternativeNames + x-read-only-properties: + - CertificateArn + - Status + x-required-properties: + - CertificateName + - DomainName + x-taggable: true + x-required-permissions: + create: + - lightsail:CreateCertificate + - lightsail:GetCertificates + - lightsail:TagResource + - lightsail:UntagResource + read: + - lightsail:GetCertificates + update: + - lightsail:GetCertificates + - lightsail:TagResource + - lightsail:UntagResource + delete: + - lightsail:DeleteCertificate + - lightsail:GetCertificates + list: + - lightsail:GetCertificates + HealthCheckConfig: + description: Describes the health check configuration of an Amazon Lightsail container service. + type: object + properties: + HealthyThreshold: + type: integer + description: The number of consecutive health checks successes required before moving the container to the Healthy state. The default value is 2. + IntervalSeconds: + type: integer + description: The approximate interval, in seconds, between health checks of an individual container. You can specify between 5 and 300 seconds. The default value is 5. + Path: + type: string + description: The path on the container on which to perform the health check. The default value is /. + SuccessCodes: + type: string + description: The HTTP codes to use when checking for a successful response from a container. You can specify values between 200 and 499. You can specify multiple values (for example, 200,202) or a range of values (for example, 200-299). + TimeoutSeconds: + type: integer + description: The amount of time, in seconds, during which no response means a failed health check. You can specify between 2 and 60 seconds. The default value is 2. + UnhealthyThreshold: + type: integer + description: The number of consecutive health check failures required before moving the container to the Unhealthy state. The default value is 2. + additionalProperties: false + PublicEndpoint: + description: Describes the settings of a public endpoint for an Amazon Lightsail container service. + type: object + properties: + ContainerName: + type: string + description: The name of the container for the endpoint. + ContainerPort: + type: integer + description: The port of the container to which traffic is forwarded to. + HealthCheckConfig: + $ref: '#/components/schemas/HealthCheckConfig' + description: An object that describes the health check configuration of the container. + additionalProperties: false + EnvironmentVariable: + type: object + properties: + Variable: + type: string + Value: + type: string + additionalProperties: false + PortInfo: + type: object + properties: + Port: + type: string + Protocol: + type: string + additionalProperties: false + Container: + type: object + properties: + ServiceName: + description: The name for the container service. + type: string + pattern: ^[a-z0-9]{1,2}|[a-z0-9][a-z0-9-]+[a-z0-9]$ + minLength: 1 + maxLength: 63 + Power: + description: The power specification for the container service. + type: string + ContainerArn: + type: string + Scale: + description: The scale specification for the container service. + type: integer + minimum: 1 + maximum: 20 + PublicDomainNames: + description: The public domain names to use with the container service, such as example.com and www.example.com. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/PublicDomainName' + ContainerServiceDeployment: + $ref: '#/components/schemas/ContainerServiceDeployment' + description: Describes a container deployment configuration of an Amazon Lightsail container service. + IsDisabled: + description: A Boolean value to indicate whether the container service is disabled. + type: boolean + PrivateRegistryAccess: + $ref: '#/components/schemas/PrivateRegistryAccess' + description: A Boolean value to indicate whether the container service has access to private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories. + Url: + description: The publicly accessible URL of the container service. + type: string + PrincipalArn: + description: The principal ARN of the container service. + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - ServiceName + - Power + - Scale + x-stackql-resource-name: container + description: Resource Type definition for AWS::Lightsail::Container + x-type-name: AWS::Lightsail::Container + x-stackql-primary-identifier: + - ServiceName + x-create-only-properties: + - ServiceName + x-read-only-properties: + - ContainerArn + - Url + - PrincipalArn + - PrivateRegistryAccess/EcrImagePullerRole/PrincipalArn + x-required-properties: + - ServiceName + - Power + - Scale + x-taggable: true + x-required-permissions: + create: + - lightsail:CreateContainerService + - lightsail:CreateContainerServiceDeployment + - lightsail:GetContainerServices + - lightsail:TagResource + - lightsail:UntagResource + - lightsail:UpdateContainerService + read: + - lightsail:GetContainerServices + delete: + - lightsail:DeleteContainerService + - lightsail:GetContainerServices + list: + - lightsail:GetContainerServices + update: + - lightsail:CreateContainerServiceDeployment + - lightsail:GetContainerServices + - lightsail:TagResource + - lightsail:UntagResource + - lightsail:UpdateContainerService + ContainerServiceDeployment: + description: Describes a container deployment configuration of an Amazon Lightsail container service. + type: object + properties: + Containers: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Container' + description: An object that describes the configuration for the containers of the deployment. + PublicEndpoint: + $ref: '#/components/schemas/PublicEndpoint' + description: An object that describes the endpoint of the deployment. + additionalProperties: false + PublicDomainName: + description: The public domain name to use with the container service, such as example.com and www.example.com. + type: object + properties: + CertificateName: + type: string + DomainNames: + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + description: An object that describes the configuration for the containers of the deployment. + additionalProperties: false + PrivateRegistryAccess: + description: An object to describe the configuration for the container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories. + type: object + properties: + EcrImagePullerRole: + description: An object to describe a request to activate or deactivate the role that you can use to grant an Amazon Lightsail container service access to Amazon Elastic Container Registry (Amazon ECR) private repositories. + type: object + properties: + IsActive: + type: boolean + description: A Boolean value that indicates whether to activate the role. + PrincipalArn: + type: string + description: The Amazon Resource Name (ARN) of the role, if it is activated. + additionalProperties: false + additionalProperties: false + RelationalDatabaseParameter: + description: Describes the parameters of the database. + type: object + properties: + AllowedValues: + type: string + description: Specifies the valid range of values for the parameter. + ApplyMethod: + type: string + description: Indicates when parameter updates are applied. Can be immediate or pending-reboot. + ApplyType: + type: string + description: Specifies the engine-specific parameter type. + DataType: + type: string + description: Specifies the valid data type for the parameter. + Description: + type: string + description: Provides a description of the parameter. + IsModifiable: + type: boolean + description: A Boolean value indicating whether the parameter can be modified. + ParameterName: + type: string + description: Specifies the name of the parameter. + ParameterValue: + type: string + description: Specifies the value of the parameter. + additionalProperties: false + Database: + type: object + properties: + RelationalDatabaseName: + description: The name to use for your new Lightsail database resource. + type: string + pattern: \w[\w\-]*\w + minLength: 2 + maxLength: 255 + DatabaseArn: + type: string + AvailabilityZone: + description: The Availability Zone in which to create your new database. Use the us-east-2a case-sensitive format. + type: string + minLength: 1 + maxLength: 255 + RelationalDatabaseBlueprintId: + description: The blueprint ID for your new database. A blueprint describes the major engine version of a database. + type: string + minLength: 1 + maxLength: 255 + RelationalDatabaseBundleId: + description: The bundle ID for your new database. A bundle describes the performance specifications for your database. + type: string + minLength: 1 + maxLength: 255 + MasterDatabaseName: + description: The name of the database to create when the Lightsail database resource is created. For MySQL, if this parameter isn't specified, no database is created in the database resource. For PostgreSQL, if this parameter isn't specified, a database named postgres is created in the database resource. + type: string + minLength: 1 + maxLength: 255 + MasterUsername: + description: The name for the master user. + type: string + minLength: 1 + maxLength: 63 + MasterUserPassword: + description: The password for the master user. The password can include any printable ASCII character except "/", """, or "@". It cannot contain spaces. + type: string + minLength: 1 + maxLength: 63 + PreferredBackupWindow: + description: The daily time range during which automated backups are created for your new database if automated backups are enabled. + type: string + PreferredMaintenanceWindow: + description: The weekly time range during which system maintenance can occur on your new database. + type: string + PubliclyAccessible: + description: Specifies the accessibility options for your new database. A value of true specifies a database that is available to resources outside of your Lightsail account. A value of false specifies a database that is available only to your Lightsail resources in the same region as your database. + type: boolean + CaCertificateIdentifier: + description: Indicates the certificate that needs to be associated with the database. + type: string + BackupRetention: + description: When true, enables automated backup retention for your database. Updates are applied during the next maintenance window because this can result in an outage. + type: boolean + RotateMasterUserPassword: + description: When true, the master user password is changed to a new strong password generated by Lightsail. Use the get relational database master user password operation to get the new password. + type: boolean + RelationalDatabaseParameters: + description: Update one or more parameters of the relational database. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/RelationalDatabaseParameter' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - RelationalDatabaseName + - RelationalDatabaseBlueprintId + - RelationalDatabaseBundleId + - MasterDatabaseName + - MasterUsername + x-stackql-resource-name: database + description: Resource Type definition for AWS::Lightsail::Database + x-type-name: AWS::Lightsail::Database + x-stackql-primary-identifier: + - RelationalDatabaseName + x-create-only-properties: + - RelationalDatabaseName + - AvailabilityZone + - RelationalDatabaseBlueprintId + - RelationalDatabaseBundleId + - MasterDatabaseName + - MasterUsername + x-write-only-properties: + - MasterUserPassword + - RelationalDatabaseParameters + - RotateMasterUserPassword + x-read-only-properties: + - DatabaseArn + x-required-properties: + - RelationalDatabaseName + - RelationalDatabaseBlueprintId + - RelationalDatabaseBundleId + - MasterDatabaseName + - MasterUsername + x-taggable: true + x-required-permissions: + create: + - lightsail:CreateRelationalDatabase + - lightsail:GetRelationalDatabase + - lightsail:GetRelationalDatabases + - lightsail:GetRegions + - lightsail:TagResource + - lightsail:UntagResource + - lightsail:UpdateRelationalDatabase + - lightsail:UpdateRelationalDatabaseParameters + read: + - lightsail:GetRelationalDatabase + - lightsail:GetRelationalDatabases + update: + - lightsail:GetRelationalDatabase + - lightsail:GetRelationalDatabases + - lightsail:TagResource + - lightsail:UntagResource + - lightsail:UpdateRelationalDatabase + - lightsail:UpdateRelationalDatabaseParameters + delete: + - lightsail:DeleteRelationalDatabase + - lightsail:GetRelationalDatabase + - lightsail:GetRelationalDatabases + list: + - lightsail:GetRelationalDatabases + AutoSnapshotAddOn: + description: An object that represents additional parameters when enabling or modifying the automatic snapshot add-on + type: object + properties: + SnapshotTimeOfDay: + type: string + description: The daily time when an automatic snapshot will be created. + pattern: ^[0-9]{2}:00$ + additionalProperties: false + AddOn: + description: A addon associate with a resource. + type: object + properties: + AddOnType: + type: string + description: The add-on type + minLength: 1 + maxLength: 128 + Status: + type: string + description: Status of the Addon + enum: + - Enabling + - Disabling + - Enabled + - Terminating + - Terminated + - Disabled + - Failed + AutoSnapshotAddOnRequest: + $ref: '#/components/schemas/AutoSnapshotAddOn' + required: + - AddOnType + additionalProperties: false + Location: + description: Location of a resource. + type: object + properties: + AvailabilityZone: + type: string + description: 'The Availability Zone in which to create your instance. Use the following format: us-east-2a (case sensitive). Be sure to add the include Availability Zones parameter to your request.' + RegionName: + type: string + description: The Region Name in which to create your instance. + additionalProperties: false + Disk: + description: Disk associated with the Instance. + type: object + properties: + DiskName: + description: The names to use for your new Lightsail disk. + type: string + pattern: ^[a-zA-Z0-9][\w\-.]*[a-zA-Z0-9]$ + minLength: 1 + maxLength: 254 + SizeInGb: + type: string + description: Size of the disk attached to the Instance. + IsSystemDisk: + type: boolean + description: Is the Attached disk is the system disk of the Instance. + IOPS: + type: integer + description: IOPS of disk. + Path: + type: string + description: Path of the disk attached to the instance. + AttachedTo: + type: string + description: Instance attached to the disk. + AttachmentState: + type: string + description: Attachment state of the disk. + required: + - DiskName + - Path + additionalProperties: false + CacheBehaviorPerPath: + description: Describes the per-path cache behavior of an Amazon Lightsail content delivery network (CDN) distribution. + type: object + properties: + Behavior: + type: string + description: The cache behavior for the specified path. + Path: + type: string + description: The path to a directory or file to cached, or not cache. Use an asterisk symbol to specify wildcard directories (path/to/assets/*), and file types (*.html, *jpg, *js). Directories and file paths are case-sensitive. + additionalProperties: false + CookieObject: + description: Describes whether an Amazon Lightsail content delivery network (CDN) distribution forwards cookies to the origin and, if so, which ones. + type: object + properties: + CookiesAllowList: + description: The specific cookies to forward to your distribution's origin. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Option: + type: string + description: 'Specifies which cookies to forward to the distribution''s origin for a cache behavior: all, none, or allow-list to forward only the cookies specified in the cookiesAllowList parameter.' + additionalProperties: false + HeaderObject: + description: Describes the request headers that a Lightsail distribution bases caching on. + type: object + properties: + HeadersAllowList: + description: The specific headers to forward to your distribution's origin. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Option: + type: string + description: The headers that you want your distribution to forward to your origin and base caching on. + additionalProperties: false + QueryStringObject: + description: Describes the query string parameters that an Amazon Lightsail content delivery network (CDN) distribution to bases caching on. + type: object + properties: + QueryStringsAllowList: + description: The specific query strings that the distribution forwards to the origin. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Option: + type: boolean + description: Indicates whether the distribution forwards and caches based on query strings. + additionalProperties: false + CacheSettings: + description: Describes the cache settings of an Amazon Lightsail content delivery network (CDN) distribution. + type: object + properties: + AllowedHTTPMethods: + type: string + description: The HTTP methods that are processed and forwarded to the distribution's origin. + CachedHTTPMethods: + type: string + description: The HTTP method responses that are cached by your distribution. + DefaultTTL: + type: integer + format: int64 + description: The default amount of time that objects stay in the distribution's cache before the distribution forwards another request to the origin to determine whether the content has been updated. + MaximumTTL: + type: integer + format: int64 + description: The maximum amount of time that objects stay in the distribution's cache before the distribution forwards another request to the origin to determine whether the object has been updated. + MinimumTTL: + type: integer + format: int64 + description: The minimum amount of time that objects stay in the distribution's cache before the distribution forwards another request to the origin to determine whether the object has been updated. + ForwardedCookies: + $ref: '#/components/schemas/CookieObject' + description: An object that describes the cookies that are forwarded to the origin. Your content is cached based on the cookies that are forwarded. + ForwardedHeaders: + $ref: '#/components/schemas/HeaderObject' + description: An object that describes the headers that are forwarded to the origin. Your content is cached based on the headers that are forwarded. + ForwardedQueryStrings: + $ref: '#/components/schemas/QueryStringObject' + description: An object that describes the query strings that are forwarded to the origin. Your content is cached based on the query strings that are forwarded. + additionalProperties: false + CacheBehavior: + description: Describes the default cache behavior of an Amazon Lightsail content delivery network (CDN) distribution. + type: object + properties: + Behavior: + type: string + description: The cache behavior of the distribution. + additionalProperties: false + InputOrigin: + description: Describes the origin resource of an Amazon Lightsail content delivery network (CDN) distribution. + type: object + properties: + Name: + type: string + description: The name of the origin resource. + ProtocolPolicy: + type: string + description: The protocol that your Amazon Lightsail distribution uses when establishing a connection with your origin to pull content. + RegionName: + type: string + description: The AWS Region name of the origin resource. + additionalProperties: false + Distribution: + type: object + properties: + DistributionName: + description: The name for the distribution. + type: string + pattern: \w[\w\-]*\w + DistributionArn: + type: string + BundleId: + description: The bundle ID to use for the distribution. + type: string + IpAddressType: + description: The IP address type for the distribution. + type: string + CacheBehaviors: + description: An array of objects that describe the per-path cache behavior for the distribution. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/CacheBehaviorPerPath' + CacheBehaviorSettings: + description: An object that describes the cache behavior settings for the distribution. + $ref: '#/components/schemas/CacheSettings' + DefaultCacheBehavior: + description: An object that describes the default cache behavior for the distribution. + $ref: '#/components/schemas/CacheBehavior' + Origin: + description: An object that describes the origin resource for the distribution, such as a Lightsail instance or load balancer. + $ref: '#/components/schemas/InputOrigin' + Status: + description: The status of the distribution. + type: string + AbleToUpdateBundle: + description: Indicates whether the bundle that is currently applied to your distribution, specified using the distributionName parameter, can be changed to another bundle. + type: boolean + IsEnabled: + description: Indicates whether the distribution is enabled. + type: boolean + CertificateName: + description: The certificate attached to the Distribution. + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - DistributionName + - BundleId + - DefaultCacheBehavior + - Origin + x-stackql-resource-name: distribution + description: Resource Type definition for AWS::Lightsail::Distribution + x-type-name: AWS::Lightsail::Distribution + x-stackql-primary-identifier: + - DistributionName + x-create-only-properties: + - DistributionName + - IpAddressType + x-read-only-properties: + - DistributionArn + - Status + - AbleToUpdateBundle + x-required-properties: + - DistributionName + - BundleId + - DefaultCacheBehavior + - Origin + x-taggable: true + x-required-permissions: + create: + - lightsail:AttachCertificateToDistribution + - lightsail:CreateDistribution + - lightsail:DetachCertificateFromDistribution + - lightsail:GetCertificates + - lightsail:GetCertificateDetails + - lightsail:GetDistributions + - lightsail:TagResource + - lightsail:UntagResource + - lightsail:UpdateDistribution + - lightsail:UpdateDistributionBundle + read: + - lightsail:GetDistributions + update: + - lightsail:AttachCertificateToDistribution + - lightsail:DetachCertificateFromDistribution + - lightsail:GetCertificates + - lightsail:GetCertificateDetails + - lightsail:GetDistributions + - lightsail:TagResource + - lightsail:UntagResource + - lightsail:UpdateDistribution + - lightsail:UpdateDistributionBundle + delete: + - lightsail:DeleteDistribution + - lightsail:GetDistributions + list: + - lightsail:GetDistributions + ipv6Cidrs: + description: IPv6 Cidrs + type: array + x-insertionOrder: false + items: + type: string + cidrs: + description: cidrs + type: array + x-insertionOrder: false + items: + type: string + cidrListAliases: + description: cidr List Aliases + type: array + x-insertionOrder: false + items: + type: string + Hardware: + description: Hardware of the Instance. + type: object + properties: + CpuCount: + type: integer + description: CPU count of the Instance. + RamSizeInGb: + type: integer + description: RAM Size of the Instance. + Disks: + description: Disks attached to the Instance. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Disk' + additionalProperties: false + State: + description: Current State of the Instance. + type: object + properties: + Code: + type: integer + description: Status code of the Instance. + Name: + type: string + description: Status code of the Instance. + additionalProperties: false + Port: + description: Port of the Instance. + type: object + properties: + FromPort: + type: integer + description: From Port of the Instance. + ToPort: + type: integer + description: To Port of the Instance. + Protocol: + type: string + description: Port Protocol of the Instance. + AccessFrom: + type: string + description: Access From Protocol of the Instance. + AccessType: + type: string + description: Access Type Protocol of the Instance. + CommonName: + type: string + description: CommonName for Protocol of the Instance. + AccessDirection: + type: string + description: Access Direction for Protocol of the Instance(inbound/outbound). + Ipv6Cidrs: + $ref: '#/components/schemas/ipv6Cidrs' + CidrListAliases: + $ref: '#/components/schemas/cidrListAliases' + Cidrs: + $ref: '#/components/schemas/cidrs' + additionalProperties: false + MonthlyTransfer: + description: Monthly Transfer of the Instance. + type: object + properties: + GbPerMonthAllocated: + type: string + description: GbPerMonthAllocated of the Instance. + additionalProperties: false + Networking: + description: Networking of the Instance. + type: object + properties: + Ports: + description: Ports to the Instance. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Port' + MonthlyTransfer: + $ref: '#/components/schemas/MonthlyTransfer' + required: + - Ports + additionalProperties: false + Instance: + type: object + properties: + SupportCode: + description: Support code to help identify any issues + type: string + ResourceType: + description: Resource type of Lightsail instance. + type: string + IsStaticIp: + description: Is the IP Address of the Instance is the static IP + type: boolean + PrivateIpAddress: + description: Private IP Address of the Instance + type: string + PublicIpAddress: + description: Public IP Address of the Instance + type: string + Location: + $ref: '#/components/schemas/Location' + Hardware: + $ref: '#/components/schemas/Hardware' + State: + $ref: '#/components/schemas/State' + Networking: + $ref: '#/components/schemas/Networking' + UserName: + description: Username of the Lightsail instance. + type: string + SshKeyName: + description: SSH Key Name of the Lightsail instance. + type: string + InstanceName: + description: The names to use for your new Lightsail instance. + type: string + pattern: ^[a-zA-Z0-9][\w\-.]*[a-zA-Z0-9]$ + minLength: 1 + maxLength: 254 + AvailabilityZone: + description: 'The Availability Zone in which to create your instance. Use the following format: us-east-2a (case sensitive). Be sure to add the include Availability Zones parameter to your request.' + type: string + minLength: 1 + maxLength: 255 + BundleId: + description: The bundle of specification information for your virtual private server (or instance ), including the pricing plan (e.g., micro_1_0 ). + type: string + minLength: 1 + maxLength: 255 + BlueprintId: + description: The ID for a virtual private server image (e.g., app_wordpress_4_4 or app_lamp_7_0 ). Use the get blueprints operation to return a list of available images (or blueprints ). + type: string + minLength: 1 + maxLength: 255 + AddOns: + description: An array of objects representing the add-ons to enable for the new instance. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AddOn' + UserData: + description: A launch script you can create that configures a server with additional user data. For example, you might want to run apt-get -y update. + type: string + KeyPairName: + description: The name of your key pair. + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + InstanceArn: + type: string + required: + - InstanceName + - BlueprintId + - BundleId + x-stackql-resource-name: instance + description: Resource Type definition for AWS::Lightsail::Instance + x-type-name: AWS::Lightsail::Instance + x-stackql-primary-identifier: + - InstanceName + x-create-only-properties: + - InstanceName + - BlueprintId + - BundleId + - AvailabilityZone + x-write-only-properties: + - UserData + x-read-only-properties: + - InstanceArn + - SshKeyName + - SupportCode + - ResourceType + - IsStaticIp + - PrivateIpAddress + - PublicIpAddress + - Location/AvailabilityZone + - Location/RegionName + - Hardware/CpuCount + - Hardware/RamSizeInGb + - State/Code + - State/Name + - UserName + - Networking/MonthlyTransfer/GbPerMonthAllocated + x-required-properties: + - InstanceName + - BlueprintId + - BundleId + x-taggable: true + x-required-permissions: + create: + - lightsail:CreateInstances + - lightsail:GetInstances + - lightsail:EnableAddOn + - lightsail:GetInstance + - lightsail:DisableAddOn + - lightsail:PutInstancePublicPorts + - lightsail:AttachDisk + - lightsail:DetachDisk + - lightsail:StartInstance + - lightsail:StopInstance + - lightsail:GetDisk + - lightsail:GetRegions + - lightsail:TagResource + - lightsail:UntagResource + read: + - lightsail:GetInstances + - lightsail:GetInstance + delete: + - lightsail:GetInstances + - lightsail:GetInstance + - lightsail:DeleteInstance + list: + - lightsail:GetInstances + update: + - lightsail:GetInstances + - lightsail:GetInstance + - lightsail:DeleteInstance + - lightsail:EnableAddOn + - lightsail:DisableAddOn + - lightsail:PutInstancePublicPorts + - lightsail:AttachDisk + - lightsail:DetachDisk + - lightsail:StartInstance + - lightsail:StopInstance + - lightsail:GetDisk + - lightsail:TagResource + - lightsail:UntagResource + LoadBalancer: + type: object + properties: + LoadBalancerName: + description: The name of your load balancer. + type: string + pattern: \w[\w\-]*\w + LoadBalancerArn: + type: string + InstancePort: + description: The instance port where you're creating your load balancer. + type: integer + IpAddressType: + description: The IP address type for the load balancer. The possible values are ipv4 for IPv4 only, and dualstack for IPv4 and IPv6. The default value is dualstack. + type: string + AttachedInstances: + description: The names of the instances attached to the load balancer. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + HealthCheckPath: + description: The path you provided to perform the load balancer health check. If you didn't specify a health check path, Lightsail uses the root path of your website (e.g., "/"). + type: string + SessionStickinessEnabled: + description: Configuration option to enable session stickiness. + type: boolean + SessionStickinessLBCookieDurationSeconds: + description: Configuration option to adjust session stickiness cookie duration parameter. + type: string + TlsPolicyName: + description: The name of the TLS policy to apply to the load balancer. + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - LoadBalancerName + - InstancePort + x-stackql-resource-name: load_balancer + description: Resource Type definition for AWS::Lightsail::LoadBalancer + x-type-name: AWS::Lightsail::LoadBalancer + x-stackql-primary-identifier: + - LoadBalancerName + x-create-only-properties: + - LoadBalancerName + - InstancePort + - IpAddressType + x-read-only-properties: + - LoadBalancerArn + x-required-properties: + - LoadBalancerName + - InstancePort + x-taggable: true + x-required-permissions: + create: + - lightsail:CreateLoadBalancer + - lightsail:GetLoadBalancer + - lightsail:GetLoadBalancers + - lightsail:GetInstance + - lightsail:AttachInstancesToLoadBalancer + - lightsail:DetachInstancesFromLoadBalancer + - lightsail:UpdateLoadBalancerAttribute + - lightsail:TagResource + - lightsail:UntagResource + read: + - lightsail:GetLoadBalancer + - lightsail:GetLoadBalancers + update: + - lightsail:GetLoadBalancer + - lightsail:GetLoadBalancers + - lightsail:GetInstance + - lightsail:AttachInstancesToLoadBalancer + - lightsail:DetachInstancesFromLoadBalancer + - lightsail:UpdateLoadBalancerAttribute + - lightsail:TagResource + - lightsail:UntagResource + delete: + - lightsail:DeleteLoadBalancer + - lightsail:GetLoadBalancer + - lightsail:GetLoadBalancers + list: + - lightsail:GetLoadBalancers + LoadBalancerTlsCertificate: + type: object + properties: + LoadBalancerName: + description: The name of your load balancer. + type: string + pattern: \w[\w\-]*\w + CertificateName: + description: The SSL/TLS certificate name. + type: string + CertificateDomainName: + description: The domain name (e.g., example.com ) for your SSL/TLS certificate. + type: string + CertificateAlternativeNames: + description: An array of strings listing alternative domains and subdomains for your SSL/TLS certificate. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + LoadBalancerTlsCertificateArn: + type: string + IsAttached: + description: When true, the SSL/TLS certificate is attached to the Lightsail load balancer. + type: boolean + HttpsRedirectionEnabled: + description: A Boolean value that indicates whether HTTPS redirection is enabled for the load balancer. + type: boolean + Status: + description: The validation status of the SSL/TLS certificate. + type: string + required: + - LoadBalancerName + - CertificateName + - CertificateDomainName + x-stackql-resource-name: load_balancer_tls_certificate + description: Resource Type definition for AWS::Lightsail::LoadBalancerTlsCertificate + x-type-name: AWS::Lightsail::LoadBalancerTlsCertificate + x-stackql-primary-identifier: + - CertificateName + - LoadBalancerName + x-create-only-properties: + - LoadBalancerName + - CertificateName + - CertificateDomainName + - CertificateAlternativeNames + x-read-only-properties: + - LoadBalancerTlsCertificateArn + - Status + x-required-properties: + - LoadBalancerName + - CertificateName + - CertificateDomainName + x-taggable: true + x-required-permissions: + create: + - lightsail:CreateLoadBalancerTlsCertificate + - lightsail:GetLoadBalancerTlsCertificates + - lightsail:GetLoadBalancer + - lightsail:AttachLoadBalancerTlsCertificate + - lightsail:UpdateLoadBalancerAttribute + read: + - lightsail:GetLoadBalancerTlsCertificates + - lightsail:GetLoadBalancer + update: + - lightsail:AttachLoadBalancerTlsCertificate + - lightsail:GetLoadBalancerTlsCertificates + - lightsail:GetLoadBalancer + - lightsail:UpdateLoadBalancerAttribute + delete: + - lightsail:DeleteLoadBalancerTlsCertificate + - lightsail:GetLoadBalancerTlsCertificates + - lightsail:GetLoadBalancer + list: + - lightsail:GetLoadBalancerTlsCertificates + - lightsail:GetLoadBalancer + StaticIp: + type: object + properties: + StaticIpName: + description: The name of the static IP address. + type: string + AttachedTo: + description: The instance where the static IP is attached. + type: string + IsAttached: + description: A Boolean value indicating whether the static IP is attached. + type: boolean + IpAddress: + description: The static IP address. + type: string + StaticIpArn: + type: string + required: + - StaticIpName + x-stackql-resource-name: static_ip + description: Resource Type definition for AWS::Lightsail::StaticIp + x-type-name: AWS::Lightsail::StaticIp + x-stackql-primary-identifier: + - StaticIpName + x-create-only-properties: + - StaticIpName + x-read-only-properties: + - StaticIpArn + - IsAttached + - IpAddress + x-required-properties: + - StaticIpName + x-taggable: true + x-required-permissions: + create: + - lightsail:AllocateStaticIp + - lightsail:AttachStaticIp + - lightsail:DetachStaticIp + - lightsail:GetInstance + - lightsail:GetStaticIp + - lightsail:GetStaticIps + read: + - lightsail:GetStaticIp + - lightsail:GetStaticIps + update: + - lightsail:AttachStaticIp + - lightsail:DetachStaticIp + - lightsail:GetInstance + - lightsail:GetStaticIp + - lightsail:GetStaticIps + delete: + - lightsail:GetStaticIp + - lightsail:GetStaticIps + - lightsail:ReleaseStaticIp + list: + - lightsail:GetStaticIps + x-stackQL-resources: + alarms: + name: alarms + id: aws.lightsail.alarms + x-cfn-schema-name: Alarm + x-type: list + x-identifiers: + - AlarmName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AlarmName') as alarm_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::Alarm' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AlarmName') as alarm_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::Alarm' + AND region = 'us-east-1' + alarm: + name: alarm + id: aws.lightsail.alarm + x-cfn-schema-name: Alarm + x-type: get + x-identifiers: + - AlarmName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AlarmName') as alarm_name, + JSON_EXTRACT(Properties, '$.MonitoredResourceName') as monitored_resource_name, + JSON_EXTRACT(Properties, '$.MetricName') as metric_name, + JSON_EXTRACT(Properties, '$.ComparisonOperator') as comparison_operator, + JSON_EXTRACT(Properties, '$.ContactProtocols') as contact_protocols, + JSON_EXTRACT(Properties, '$.AlarmArn') as alarm_arn, + JSON_EXTRACT(Properties, '$.DatapointsToAlarm') as datapoints_to_alarm, + JSON_EXTRACT(Properties, '$.EvaluationPeriods') as evaluation_periods, + JSON_EXTRACT(Properties, '$.NotificationEnabled') as notification_enabled, + JSON_EXTRACT(Properties, '$.NotificationTriggers') as notification_triggers, + JSON_EXTRACT(Properties, '$.Threshold') as threshold, + JSON_EXTRACT(Properties, '$.TreatMissingData') as treat_missing_data, + JSON_EXTRACT(Properties, '$.State') as state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::Alarm' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AlarmName') as alarm_name, + json_extract_path_text(Properties, 'MonitoredResourceName') as monitored_resource_name, + json_extract_path_text(Properties, 'MetricName') as metric_name, + json_extract_path_text(Properties, 'ComparisonOperator') as comparison_operator, + json_extract_path_text(Properties, 'ContactProtocols') as contact_protocols, + json_extract_path_text(Properties, 'AlarmArn') as alarm_arn, + json_extract_path_text(Properties, 'DatapointsToAlarm') as datapoints_to_alarm, + json_extract_path_text(Properties, 'EvaluationPeriods') as evaluation_periods, + json_extract_path_text(Properties, 'NotificationEnabled') as notification_enabled, + json_extract_path_text(Properties, 'NotificationTriggers') as notification_triggers, + json_extract_path_text(Properties, 'Threshold') as threshold, + json_extract_path_text(Properties, 'TreatMissingData') as treat_missing_data, + json_extract_path_text(Properties, 'State') as state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::Alarm' + AND data__Identifier = '' + AND region = 'us-east-1' + buckets: + name: buckets + id: aws.lightsail.buckets + x-cfn-schema-name: Bucket + x-type: list + x-identifiers: + - BucketName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.BucketName') as bucket_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::Bucket' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'BucketName') as bucket_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::Bucket' + AND region = 'us-east-1' + bucket: + name: bucket + id: aws.lightsail.bucket + x-cfn-schema-name: Bucket + x-type: get + x-identifiers: + - BucketName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.BucketName') as bucket_name, + JSON_EXTRACT(Properties, '$.BundleId') as bundle_id, + JSON_EXTRACT(Properties, '$.BucketArn') as bucket_arn, + JSON_EXTRACT(Properties, '$.ObjectVersioning') as object_versioning, + JSON_EXTRACT(Properties, '$.AccessRules') as access_rules, + JSON_EXTRACT(Properties, '$.ResourcesReceivingAccess') as resources_receiving_access, + JSON_EXTRACT(Properties, '$.ReadOnlyAccessAccounts') as read_only_access_accounts, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Url') as url, + JSON_EXTRACT(Properties, '$.AbleToUpdateBundle') as able_to_update_bundle + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::Bucket' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'BucketName') as bucket_name, + json_extract_path_text(Properties, 'BundleId') as bundle_id, + json_extract_path_text(Properties, 'BucketArn') as bucket_arn, + json_extract_path_text(Properties, 'ObjectVersioning') as object_versioning, + json_extract_path_text(Properties, 'AccessRules') as access_rules, + json_extract_path_text(Properties, 'ResourcesReceivingAccess') as resources_receiving_access, + json_extract_path_text(Properties, 'ReadOnlyAccessAccounts') as read_only_access_accounts, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Url') as url, + json_extract_path_text(Properties, 'AbleToUpdateBundle') as able_to_update_bundle + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::Bucket' + AND data__Identifier = '' + AND region = 'us-east-1' + certificates: + name: certificates + id: aws.lightsail.certificates + x-cfn-schema-name: Certificate + x-type: list + x-identifiers: + - CertificateName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CertificateName') as certificate_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::Certificate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CertificateName') as certificate_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::Certificate' + AND region = 'us-east-1' + certificate: + name: certificate + id: aws.lightsail.certificate + x-cfn-schema-name: Certificate + x-type: get + x-identifiers: + - CertificateName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CertificateName') as certificate_name, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.SubjectAlternativeNames') as subject_alternative_names, + JSON_EXTRACT(Properties, '$.CertificateArn') as certificate_arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::Certificate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CertificateName') as certificate_name, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'SubjectAlternativeNames') as subject_alternative_names, + json_extract_path_text(Properties, 'CertificateArn') as certificate_arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::Certificate' + AND data__Identifier = '' + AND region = 'us-east-1' + containers: + name: containers + id: aws.lightsail.containers + x-cfn-schema-name: Container + x-type: list + x-identifiers: + - ServiceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ServiceName') as service_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::Container' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ServiceName') as service_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::Container' + AND region = 'us-east-1' + container: + name: container + id: aws.lightsail.container + x-cfn-schema-name: Container + x-type: get + x-identifiers: + - ServiceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ServiceName') as service_name, + JSON_EXTRACT(Properties, '$.Power') as power, + JSON_EXTRACT(Properties, '$.ContainerArn') as container_arn, + JSON_EXTRACT(Properties, '$.Scale') as scale, + JSON_EXTRACT(Properties, '$.PublicDomainNames') as public_domain_names, + JSON_EXTRACT(Properties, '$.ContainerServiceDeployment') as container_service_deployment, + JSON_EXTRACT(Properties, '$.IsDisabled') as is_disabled, + JSON_EXTRACT(Properties, '$.PrivateRegistryAccess') as private_registry_access, + JSON_EXTRACT(Properties, '$.Url') as url, + JSON_EXTRACT(Properties, '$.PrincipalArn') as principal_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::Container' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ServiceName') as service_name, + json_extract_path_text(Properties, 'Power') as power, + json_extract_path_text(Properties, 'ContainerArn') as container_arn, + json_extract_path_text(Properties, 'Scale') as scale, + json_extract_path_text(Properties, 'PublicDomainNames') as public_domain_names, + json_extract_path_text(Properties, 'ContainerServiceDeployment') as container_service_deployment, + json_extract_path_text(Properties, 'IsDisabled') as is_disabled, + json_extract_path_text(Properties, 'PrivateRegistryAccess') as private_registry_access, + json_extract_path_text(Properties, 'Url') as url, + json_extract_path_text(Properties, 'PrincipalArn') as principal_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::Container' + AND data__Identifier = '' + AND region = 'us-east-1' + databases: + name: databases + id: aws.lightsail.databases + x-cfn-schema-name: Database + x-type: list + x-identifiers: + - RelationalDatabaseName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RelationalDatabaseName') as relational_database_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::Database' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RelationalDatabaseName') as relational_database_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::Database' + AND region = 'us-east-1' + database: + name: database + id: aws.lightsail.database + x-cfn-schema-name: Database + x-type: get + x-identifiers: + - RelationalDatabaseName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RelationalDatabaseName') as relational_database_name, + JSON_EXTRACT(Properties, '$.DatabaseArn') as database_arn, + JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(Properties, '$.RelationalDatabaseBlueprintId') as relational_database_blueprint_id, + JSON_EXTRACT(Properties, '$.RelationalDatabaseBundleId') as relational_database_bundle_id, + JSON_EXTRACT(Properties, '$.MasterDatabaseName') as master_database_name, + JSON_EXTRACT(Properties, '$.MasterUsername') as master_username, + JSON_EXTRACT(Properties, '$.MasterUserPassword') as master_user_password, + JSON_EXTRACT(Properties, '$.PreferredBackupWindow') as preferred_backup_window, + JSON_EXTRACT(Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, + JSON_EXTRACT(Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(Properties, '$.CaCertificateIdentifier') as ca_certificate_identifier, + JSON_EXTRACT(Properties, '$.BackupRetention') as backup_retention, + JSON_EXTRACT(Properties, '$.RotateMasterUserPassword') as rotate_master_user_password, + JSON_EXTRACT(Properties, '$.RelationalDatabaseParameters') as relational_database_parameters, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::Database' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RelationalDatabaseName') as relational_database_name, + json_extract_path_text(Properties, 'DatabaseArn') as database_arn, + json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(Properties, 'RelationalDatabaseBlueprintId') as relational_database_blueprint_id, + json_extract_path_text(Properties, 'RelationalDatabaseBundleId') as relational_database_bundle_id, + json_extract_path_text(Properties, 'MasterDatabaseName') as master_database_name, + json_extract_path_text(Properties, 'MasterUsername') as master_username, + json_extract_path_text(Properties, 'MasterUserPassword') as master_user_password, + json_extract_path_text(Properties, 'PreferredBackupWindow') as preferred_backup_window, + json_extract_path_text(Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, + json_extract_path_text(Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(Properties, 'CaCertificateIdentifier') as ca_certificate_identifier, + json_extract_path_text(Properties, 'BackupRetention') as backup_retention, + json_extract_path_text(Properties, 'RotateMasterUserPassword') as rotate_master_user_password, + json_extract_path_text(Properties, 'RelationalDatabaseParameters') as relational_database_parameters, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::Database' + AND data__Identifier = '' + AND region = 'us-east-1' + distributions: + name: distributions + id: aws.lightsail.distributions + x-cfn-schema-name: Distribution + x-type: list + x-identifiers: + - DistributionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DistributionName') as distribution_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::Distribution' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DistributionName') as distribution_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::Distribution' + AND region = 'us-east-1' + distribution: + name: distribution + id: aws.lightsail.distribution + x-cfn-schema-name: Distribution + x-type: get + x-identifiers: + - DistributionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DistributionName') as distribution_name, + JSON_EXTRACT(Properties, '$.DistributionArn') as distribution_arn, + JSON_EXTRACT(Properties, '$.BundleId') as bundle_id, + JSON_EXTRACT(Properties, '$.IpAddressType') as ip_address_type, + JSON_EXTRACT(Properties, '$.CacheBehaviors') as cache_behaviors, + JSON_EXTRACT(Properties, '$.CacheBehaviorSettings') as cache_behavior_settings, + JSON_EXTRACT(Properties, '$.DefaultCacheBehavior') as default_cache_behavior, + JSON_EXTRACT(Properties, '$.Origin') as origin, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.AbleToUpdateBundle') as able_to_update_bundle, + JSON_EXTRACT(Properties, '$.IsEnabled') as is_enabled, + JSON_EXTRACT(Properties, '$.CertificateName') as certificate_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::Distribution' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DistributionName') as distribution_name, + json_extract_path_text(Properties, 'DistributionArn') as distribution_arn, + json_extract_path_text(Properties, 'BundleId') as bundle_id, + json_extract_path_text(Properties, 'IpAddressType') as ip_address_type, + json_extract_path_text(Properties, 'CacheBehaviors') as cache_behaviors, + json_extract_path_text(Properties, 'CacheBehaviorSettings') as cache_behavior_settings, + json_extract_path_text(Properties, 'DefaultCacheBehavior') as default_cache_behavior, + json_extract_path_text(Properties, 'Origin') as origin, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'AbleToUpdateBundle') as able_to_update_bundle, + json_extract_path_text(Properties, 'IsEnabled') as is_enabled, + json_extract_path_text(Properties, 'CertificateName') as certificate_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::Distribution' + AND data__Identifier = '' + AND region = 'us-east-1' + instances: + name: instances + id: aws.lightsail.instances + x-cfn-schema-name: Instance + x-type: list + x-identifiers: + - InstanceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InstanceName') as instance_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::Instance' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InstanceName') as instance_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::Instance' + AND region = 'us-east-1' + instance: + name: instance + id: aws.lightsail.instance + x-cfn-schema-name: Instance + x-type: get + x-identifiers: + - InstanceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SupportCode') as support_code, + JSON_EXTRACT(Properties, '$.ResourceType') as resource_type, + JSON_EXTRACT(Properties, '$.IsStaticIp') as is_static_ip, + JSON_EXTRACT(Properties, '$.PrivateIpAddress') as private_ip_address, + JSON_EXTRACT(Properties, '$.PublicIpAddress') as public_ip_address, + JSON_EXTRACT(Properties, '$.Location') as location, + JSON_EXTRACT(Properties, '$.Hardware') as hardware, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Networking') as networking, + JSON_EXTRACT(Properties, '$.UserName') as user_name, + JSON_EXTRACT(Properties, '$.SshKeyName') as ssh_key_name, + JSON_EXTRACT(Properties, '$.InstanceName') as instance_name, + JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(Properties, '$.BundleId') as bundle_id, + JSON_EXTRACT(Properties, '$.BlueprintId') as blueprint_id, + JSON_EXTRACT(Properties, '$.AddOns') as add_ons, + JSON_EXTRACT(Properties, '$.UserData') as user_data, + JSON_EXTRACT(Properties, '$.KeyPairName') as key_pair_name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::Instance' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SupportCode') as support_code, + json_extract_path_text(Properties, 'ResourceType') as resource_type, + json_extract_path_text(Properties, 'IsStaticIp') as is_static_ip, + json_extract_path_text(Properties, 'PrivateIpAddress') as private_ip_address, + json_extract_path_text(Properties, 'PublicIpAddress') as public_ip_address, + json_extract_path_text(Properties, 'Location') as location, + json_extract_path_text(Properties, 'Hardware') as hardware, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Networking') as networking, + json_extract_path_text(Properties, 'UserName') as user_name, + json_extract_path_text(Properties, 'SshKeyName') as ssh_key_name, + json_extract_path_text(Properties, 'InstanceName') as instance_name, + json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(Properties, 'BundleId') as bundle_id, + json_extract_path_text(Properties, 'BlueprintId') as blueprint_id, + json_extract_path_text(Properties, 'AddOns') as add_ons, + json_extract_path_text(Properties, 'UserData') as user_data, + json_extract_path_text(Properties, 'KeyPairName') as key_pair_name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::Instance' + AND data__Identifier = '' + AND region = 'us-east-1' + load_balancers: + name: load_balancers + id: aws.lightsail.load_balancers + x-cfn-schema-name: LoadBalancer + x-type: list + x-identifiers: + - LoadBalancerName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LoadBalancerName') as load_balancer_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::LoadBalancer' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LoadBalancerName') as load_balancer_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::LoadBalancer' + AND region = 'us-east-1' + load_balancer: + name: load_balancer + id: aws.lightsail.load_balancer + x-cfn-schema-name: LoadBalancer + x-type: get + x-identifiers: + - LoadBalancerName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LoadBalancerName') as load_balancer_name, + JSON_EXTRACT(Properties, '$.LoadBalancerArn') as load_balancer_arn, + JSON_EXTRACT(Properties, '$.InstancePort') as instance_port, + JSON_EXTRACT(Properties, '$.IpAddressType') as ip_address_type, + JSON_EXTRACT(Properties, '$.AttachedInstances') as attached_instances, + JSON_EXTRACT(Properties, '$.HealthCheckPath') as health_check_path, + JSON_EXTRACT(Properties, '$.SessionStickinessEnabled') as session_stickiness_enabled, + JSON_EXTRACT(Properties, '$.SessionStickinessLBCookieDurationSeconds') as session_stickiness_lb_cookie_duration_seconds, + JSON_EXTRACT(Properties, '$.TlsPolicyName') as tls_policy_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::LoadBalancer' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LoadBalancerName') as load_balancer_name, + json_extract_path_text(Properties, 'LoadBalancerArn') as load_balancer_arn, + json_extract_path_text(Properties, 'InstancePort') as instance_port, + json_extract_path_text(Properties, 'IpAddressType') as ip_address_type, + json_extract_path_text(Properties, 'AttachedInstances') as attached_instances, + json_extract_path_text(Properties, 'HealthCheckPath') as health_check_path, + json_extract_path_text(Properties, 'SessionStickinessEnabled') as session_stickiness_enabled, + json_extract_path_text(Properties, 'SessionStickinessLBCookieDurationSeconds') as session_stickiness_lb_cookie_duration_seconds, + json_extract_path_text(Properties, 'TlsPolicyName') as tls_policy_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::LoadBalancer' + AND data__Identifier = '' + AND region = 'us-east-1' + load_balancer_tls_certificates: + name: load_balancer_tls_certificates + id: aws.lightsail.load_balancer_tls_certificates + x-cfn-schema-name: LoadBalancerTlsCertificate + x-type: list + x-identifiers: + - CertificateName + - LoadBalancerName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CertificateName') as certificate_name, + JSON_EXTRACT(Properties, '$.LoadBalancerName') as load_balancer_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::LoadBalancerTlsCertificate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CertificateName') as certificate_name, + json_extract_path_text(Properties, 'LoadBalancerName') as load_balancer_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::LoadBalancerTlsCertificate' + AND region = 'us-east-1' + load_balancer_tls_certificate: + name: load_balancer_tls_certificate + id: aws.lightsail.load_balancer_tls_certificate + x-cfn-schema-name: LoadBalancerTlsCertificate + x-type: get + x-identifiers: + - CertificateName + - LoadBalancerName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LoadBalancerName') as load_balancer_name, + JSON_EXTRACT(Properties, '$.CertificateName') as certificate_name, + JSON_EXTRACT(Properties, '$.CertificateDomainName') as certificate_domain_name, + JSON_EXTRACT(Properties, '$.CertificateAlternativeNames') as certificate_alternative_names, + JSON_EXTRACT(Properties, '$.LoadBalancerTlsCertificateArn') as load_balancer_tls_certificate_arn, + JSON_EXTRACT(Properties, '$.IsAttached') as is_attached, + JSON_EXTRACT(Properties, '$.HttpsRedirectionEnabled') as https_redirection_enabled, + JSON_EXTRACT(Properties, '$.Status') as status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::LoadBalancerTlsCertificate' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LoadBalancerName') as load_balancer_name, + json_extract_path_text(Properties, 'CertificateName') as certificate_name, + json_extract_path_text(Properties, 'CertificateDomainName') as certificate_domain_name, + json_extract_path_text(Properties, 'CertificateAlternativeNames') as certificate_alternative_names, + json_extract_path_text(Properties, 'LoadBalancerTlsCertificateArn') as load_balancer_tls_certificate_arn, + json_extract_path_text(Properties, 'IsAttached') as is_attached, + json_extract_path_text(Properties, 'HttpsRedirectionEnabled') as https_redirection_enabled, + json_extract_path_text(Properties, 'Status') as status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::LoadBalancerTlsCertificate' + AND data__Identifier = '|' + AND region = 'us-east-1' + static_ips: + name: static_ips + id: aws.lightsail.static_ips + x-cfn-schema-name: StaticIp + x-type: list + x-identifiers: + - StaticIpName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.StaticIpName') as static_ip_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::StaticIp' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'StaticIpName') as static_ip_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lightsail::StaticIp' + AND region = 'us-east-1' + static_ip: + name: static_ip + id: aws.lightsail.static_ip + x-cfn-schema-name: StaticIp + x-type: get + x-identifiers: + - StaticIpName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.StaticIpName') as static_ip_name, + JSON_EXTRACT(Properties, '$.AttachedTo') as attached_to, + JSON_EXTRACT(Properties, '$.IsAttached') as is_attached, + JSON_EXTRACT(Properties, '$.IpAddress') as ip_address, + JSON_EXTRACT(Properties, '$.StaticIpArn') as static_ip_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::StaticIp' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'StaticIpName') as static_ip_name, + json_extract_path_text(Properties, 'AttachedTo') as attached_to, + json_extract_path_text(Properties, 'IsAttached') as is_attached, + json_extract_path_text(Properties, 'IpAddress') as ip_address, + json_extract_path_text(Properties, 'StaticIpArn') as static_ip_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lightsail::StaticIp' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/location.yaml b/providers/src/aws/v00.00.00000/services/location.yaml new file mode 100644 index 00000000..2845e0e0 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/location.yaml @@ -0,0 +1,1200 @@ +openapi: 3.0.0 +info: + title: Location + version: 1.0.0 +paths: {} +components: + schemas: + ApiKeyRestrictions: + type: object + properties: + AllowActions: + type: array + items: + type: string + maxLength: 200 + minLength: 5 + pattern: ^geo:\w*\*?$ + maxItems: 7 + minItems: 1 + x-insertionOrder: false + AllowResources: + type: array + items: + type: string + maxLength: 1600 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*):geo(:([a-z0-9]+([.-][a-z0-9]+)*))(:[0-9]+):((\*)|([-a-z]+[/][*-._\w]+))$ + maxItems: 5 + minItems: 1 + x-insertionOrder: false + AllowReferers: + type: array + items: + type: string + maxLength: 253 + pattern: ^([$\-._+!*\x{60}(),;/?:@=&\w]|%([0-9a-fA-F?]{2}|[0-9a-fA-F?]?[*]))+$ + maxItems: 5 + minItems: 1 + x-insertionOrder: false + required: + - AllowActions + - AllowResources + additionalProperties: false + TagMap: + type: object + maxProperties: 50 + x-patternProperties: + ^[a-zA-Z+-=._:/]+$: + type: string + maxLength: 256 + minLength: 0 + pattern: ^[A-Za-z0-9 _=@:.+-/]*$ + additionalProperties: false + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z+-=._:/]+$ + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + pattern: ^[A-Za-z0-9 _=@:.+-/]*$ + required: + - Key + - Value + additionalProperties: false + iso8601UTC: + description: The datetime value in ISO 8601 format. The timezone is always UTC. (YYYY-MM-DDThh:mm:ss.sssZ) + type: string + pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$ + APIKey: + type: object + properties: + CreateTime: + $ref: '#/components/schemas/iso8601UTC' + Description: + type: string + maxLength: 1000 + minLength: 0 + ExpireTime: + $ref: '#/components/schemas/iso8601UTC' + ForceUpdate: + type: boolean + KeyArn: + type: string + maxLength: 1600 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)?$ + KeyName: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[-._\w]+$ + NoExpiry: + type: boolean + Restrictions: + $ref: '#/components/schemas/ApiKeyRestrictions' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + UpdateTime: + $ref: '#/components/schemas/iso8601UTC' + ForceDelete: + type: boolean + Arn: + type: string + maxLength: 1600 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)?$ + required: + - KeyName + - Restrictions + x-stackql-resource-name: api_key + description: Definition of AWS::Location::APIKey Resource Type + x-type-name: AWS::Location::APIKey + x-stackql-primary-identifier: + - KeyName + x-create-only-properties: + - KeyName + x-write-only-properties: + - ForceUpdate + - ForceDelete + - NoExpiry + x-read-only-properties: + - CreateTime + - Arn + - KeyArn + - UpdateTime + x-required-properties: + - KeyName + - Restrictions + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - geo:CreateKey + - geo:DescribeKey + - geo:TagResource + - geo:UntagResource + - geo:GetMapTile + - geo:GetMapStyleDescriptor + - geo:GetMapSprites + - geo:GetMapGlyphs + - geo:SearchPlaceIndexForText + - geo:SearchPlaceIndexForPosition + - geo:SearchPlaceIndexForSuggestions + - geo:GetPlace + - geo:CalculateRoute + - geo:CalculateRouteMatrix + read: + - geo:DescribeKey + update: + - geo:CreateKey + - geo:DescribeKey + - geo:TagResource + - geo:UntagResource + - geo:GetMapTile + - geo:GetMapStyleDescriptor + - geo:GetMapSprites + - geo:GetMapGlyphs + - geo:SearchPlaceIndexForText + - geo:SearchPlaceIndexForPosition + - geo:SearchPlaceIndexForSuggestions + - geo:GetPlace + - geo:CalculateRoute + - geo:CalculateRouteMatrix + - geo:UpdateKey + delete: + - geo:DeleteKey + - geo:DescribeKey + list: + - geo:ListKeys + PricingPlan: + type: string + enum: + - RequestBasedUsage + GeofenceCollection: + type: object + properties: + CollectionArn: + type: string + maxLength: 1600 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)?$ + CollectionName: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[-._\w]+$ + CreateTime: + $ref: '#/components/schemas/iso8601UTC' + Description: + type: string + maxLength: 1000 + minLength: 0 + KmsKeyId: + type: string + maxLength: 2048 + minLength: 1 + PricingPlan: + $ref: '#/components/schemas/PricingPlan' + PricingPlanDataSource: + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + UpdateTime: + $ref: '#/components/schemas/iso8601UTC' + Arn: + type: string + maxLength: 1600 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)?$ + required: + - CollectionName + x-stackql-resource-name: geofence_collection + description: Definition of AWS::Location::GeofenceCollection Resource Type + x-type-name: AWS::Location::GeofenceCollection + x-stackql-primary-identifier: + - CollectionName + x-create-only-properties: + - CollectionName + - KmsKeyId + x-read-only-properties: + - CollectionArn + - Arn + - CreateTime + - UpdateTime + x-required-properties: + - CollectionName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - geo:CreateGeofenceCollection + - geo:DescribeGeofenceCollection + - geo:TagResource + - geo:UntagResource + - kms:DescribeKey + - kms:CreateGrant + read: + - geo:DescribeGeofenceCollection + - kms:DescribeKey + update: + - geo:CreateGeofenceCollection + - geo:DescribeGeofenceCollection + - geo:TagResource + - geo:UntagResource + - kms:DescribeKey + - kms:CreateGrant + - geo:UpdateGeofenceCollection + delete: + - geo:DeleteGeofenceCollection + - geo:DescribeGeofenceCollection + list: + - geo:ListGeofenceCollections + MapConfiguration: + type: object + properties: + Style: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[-._\w]+$ + PoliticalView: + type: string + maxLength: 3 + minLength: 3 + pattern: ^[A-Z]{3}$ + CustomLayers: + type: array + items: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[-._\w]+$ + maxItems: 10 + required: + - Style + additionalProperties: false + Map: + type: object + properties: + Configuration: + $ref: '#/components/schemas/MapConfiguration' + CreateTime: + $ref: '#/components/schemas/iso8601UTC' + Description: + type: string + maxLength: 1000 + minLength: 0 + MapArn: + type: string + maxLength: 1600 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*):geo(:([a-z0-9]+([.-][a-z0-9]+)*))(:[0-9]+):((\*)|([-a-z]+[/][*-._\w]+))$ + MapName: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[-._\w]+$ + PricingPlan: + $ref: '#/components/schemas/PricingPlan' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + UpdateTime: + $ref: '#/components/schemas/iso8601UTC' + Arn: + type: string + maxLength: 1600 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)?$ + required: + - Configuration + - MapName + x-stackql-resource-name: map + description: Definition of AWS::Location::Map Resource Type + x-type-name: AWS::Location::Map + x-stackql-primary-identifier: + - MapName + x-create-only-properties: + - Configuration + - MapName + x-read-only-properties: + - CreateTime + - Arn + - MapArn + - UpdateTime + x-required-properties: + - Configuration + - MapName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - geo:CreateMap + - geo:DescribeMap + - geo:TagResource + - geo:UntagResource + read: + - geo:DescribeMap + update: + - geo:CreateMap + - geo:DescribeMap + - geo:TagResource + - geo:UntagResource + - geo:UpdateMap + delete: + - geo:DeleteMap + - geo:DescribeMap + list: + - geo:ListMaps + DataSourceConfiguration: + type: object + properties: + IntendedUse: + $ref: '#/components/schemas/IntendedUse' + additionalProperties: false + IntendedUse: + type: string + enum: + - SingleUse + - Storage + PlaceIndex: + type: object + properties: + CreateTime: + $ref: '#/components/schemas/iso8601UTC' + DataSource: + type: string + DataSourceConfiguration: + $ref: '#/components/schemas/DataSourceConfiguration' + Description: + type: string + maxLength: 1000 + minLength: 0 + IndexArn: + type: string + maxLength: 1600 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*):geo(:([a-z0-9]+([.-][a-z0-9]+)*))(:[0-9]+):((\*)|([-a-z]+[/][*-._\w]+))$ + IndexName: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[-._\w]+$ + PricingPlan: + $ref: '#/components/schemas/PricingPlan' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + UpdateTime: + $ref: '#/components/schemas/iso8601UTC' + Arn: + type: string + maxLength: 1600 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)?$ + required: + - DataSource + - IndexName + x-stackql-resource-name: place_index + description: Definition of AWS::Location::PlaceIndex Resource Type + x-type-name: AWS::Location::PlaceIndex + x-stackql-primary-identifier: + - IndexName + x-create-only-properties: + - DataSource + - IndexName + x-read-only-properties: + - CreateTime + - Arn + - IndexArn + - UpdateTime + x-required-properties: + - DataSource + - IndexName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - geo:CreatePlaceIndex + - geo:DescribePlaceIndex + - geo:TagResource + - geo:UntagResource + read: + - geo:DescribePlaceIndex + update: + - geo:CreatePlaceIndex + - geo:DescribePlaceIndex + - geo:TagResource + - geo:UntagResource + - geo:UpdatePlaceIndex + delete: + - geo:DeletePlaceIndex + - geo:DescribePlaceIndex + list: + - geo:ListPlaceIndexes + RouteCalculator: + type: object + properties: + CalculatorArn: + type: string + maxLength: 1600 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*):geo(:([a-z0-9]+([.-][a-z0-9]+)*))(:[0-9]+):((\*)|([-a-z]+[/][*-._\w]+))$ + CalculatorName: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[-._\w]+$ + CreateTime: + $ref: '#/components/schemas/iso8601UTC' + DataSource: + type: string + Description: + type: string + maxLength: 1000 + minLength: 0 + PricingPlan: + $ref: '#/components/schemas/PricingPlan' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + UpdateTime: + $ref: '#/components/schemas/iso8601UTC' + Arn: + type: string + maxLength: 1600 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)?$ + required: + - DataSource + - CalculatorName + x-stackql-resource-name: route_calculator + description: Definition of AWS::Location::RouteCalculator Resource Type + x-type-name: AWS::Location::RouteCalculator + x-stackql-primary-identifier: + - CalculatorName + x-create-only-properties: + - CalculatorName + - DataSource + x-read-only-properties: + - CalculatorArn + - Arn + - CreateTime + - UpdateTime + x-required-properties: + - DataSource + - CalculatorName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - geo:CreateRouteCalculator + - geo:DescribeRouteCalculator + - geo:TagResource + - geo:UntagResource + read: + - geo:DescribeRouteCalculator + update: + - geo:CreateRouteCalculator + - geo:DescribeRouteCalculator + - geo:TagResource + - geo:UntagResource + - geo:UpdateRouteCalculator + delete: + - geo:DeleteRouteCalculator + - geo:DescribeRouteCalculator + list: + - geo:ListRouteCalculators + PositionFiltering: + type: string + enum: + - TimeBased + - DistanceBased + - AccuracyBased + Tracker: + type: object + properties: + CreateTime: + $ref: '#/components/schemas/iso8601UTC' + Description: + type: string + maxLength: 1000 + minLength: 0 + EventBridgeEnabled: + type: boolean + KmsKeyEnableGeospatialQueries: + type: boolean + KmsKeyId: + type: string + maxLength: 2048 + minLength: 1 + PositionFiltering: + $ref: '#/components/schemas/PositionFiltering' + PricingPlan: + $ref: '#/components/schemas/PricingPlan' + PricingPlanDataSource: + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + TrackerArn: + type: string + maxLength: 1600 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)?$ + TrackerName: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[-._\w]+$ + UpdateTime: + $ref: '#/components/schemas/iso8601UTC' + Arn: + type: string + maxLength: 1600 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)?$ + required: + - TrackerName + x-stackql-resource-name: tracker + description: Definition of AWS::Location::Tracker Resource Type + x-type-name: AWS::Location::Tracker + x-stackql-primary-identifier: + - TrackerName + x-create-only-properties: + - KmsKeyId + - TrackerName + x-read-only-properties: + - CreateTime + - Arn + - TrackerArn + - UpdateTime + x-required-properties: + - TrackerName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - geo:CreateTracker + - geo:DescribeTracker + - geo:TagResource + - geo:UntagResource + - kms:DescribeKey + - kms:CreateGrant + read: + - geo:DescribeTracker + - kms:DescribeKey + update: + - geo:CreateTracker + - geo:DescribeTracker + - geo:TagResource + - geo:UntagResource + - kms:DescribeKey + - kms:CreateGrant + - geo:UpdateTracker + delete: + - geo:DeleteTracker + - geo:DescribeTracker + list: + - geo:ListTrackers + TrackerConsumer: + type: object + properties: + ConsumerArn: + type: string + maxLength: 1600 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)?$ + TrackerName: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[-._\w]+$ + required: + - ConsumerArn + - TrackerName + x-stackql-resource-name: tracker_consumer + description: Definition of AWS::Location::TrackerConsumer Resource Type + x-type-name: AWS::Location::TrackerConsumer + x-stackql-primary-identifier: + - TrackerName + - ConsumerArn + x-create-only-properties: + - TrackerName + - ConsumerArn + x-required-properties: + - ConsumerArn + - TrackerName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - geo:AssociateTrackerConsumer + - geo:ListTrackerConsumers + delete: + - geo:DisassociateTrackerConsumer + - geo:ListTrackerConsumers + list: + - geo:ListTrackerConsumers + read: + - geo:ListTrackerConsumers + x-stackQL-resources: + api_keys: + name: api_keys + id: aws.location.api_keys + x-cfn-schema-name: APIKey + x-type: list + x-identifiers: + - KeyName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.KeyName') as key_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Location::APIKey' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'KeyName') as key_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Location::APIKey' + AND region = 'us-east-1' + api_key: + name: api_key + id: aws.location.api_key + x-cfn-schema-name: APIKey + x-type: get + x-identifiers: + - KeyName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CreateTime') as create_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ExpireTime') as expire_time, + JSON_EXTRACT(Properties, '$.ForceUpdate') as force_update, + JSON_EXTRACT(Properties, '$.KeyArn') as key_arn, + JSON_EXTRACT(Properties, '$.KeyName') as key_name, + JSON_EXTRACT(Properties, '$.NoExpiry') as no_expiry, + JSON_EXTRACT(Properties, '$.Restrictions') as restrictions, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UpdateTime') as update_time, + JSON_EXTRACT(Properties, '$.ForceDelete') as force_delete, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Location::APIKey' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CreateTime') as create_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ExpireTime') as expire_time, + json_extract_path_text(Properties, 'ForceUpdate') as force_update, + json_extract_path_text(Properties, 'KeyArn') as key_arn, + json_extract_path_text(Properties, 'KeyName') as key_name, + json_extract_path_text(Properties, 'NoExpiry') as no_expiry, + json_extract_path_text(Properties, 'Restrictions') as restrictions, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UpdateTime') as update_time, + json_extract_path_text(Properties, 'ForceDelete') as force_delete, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Location::APIKey' + AND data__Identifier = '' + AND region = 'us-east-1' + geofence_collections: + name: geofence_collections + id: aws.location.geofence_collections + x-cfn-schema-name: GeofenceCollection + x-type: list + x-identifiers: + - CollectionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CollectionName') as collection_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Location::GeofenceCollection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CollectionName') as collection_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Location::GeofenceCollection' + AND region = 'us-east-1' + geofence_collection: + name: geofence_collection + id: aws.location.geofence_collection + x-cfn-schema-name: GeofenceCollection + x-type: get + x-identifiers: + - CollectionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CollectionArn') as collection_arn, + JSON_EXTRACT(Properties, '$.CollectionName') as collection_name, + JSON_EXTRACT(Properties, '$.CreateTime') as create_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.PricingPlan') as pricing_plan, + JSON_EXTRACT(Properties, '$.PricingPlanDataSource') as pricing_plan_data_source, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UpdateTime') as update_time, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Location::GeofenceCollection' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CollectionArn') as collection_arn, + json_extract_path_text(Properties, 'CollectionName') as collection_name, + json_extract_path_text(Properties, 'CreateTime') as create_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'PricingPlan') as pricing_plan, + json_extract_path_text(Properties, 'PricingPlanDataSource') as pricing_plan_data_source, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UpdateTime') as update_time, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Location::GeofenceCollection' + AND data__Identifier = '' + AND region = 'us-east-1' + maps: + name: maps + id: aws.location.maps + x-cfn-schema-name: Map + x-type: list + x-identifiers: + - MapName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.MapName') as map_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Location::Map' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'MapName') as map_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Location::Map' + AND region = 'us-east-1' + map: + name: map + id: aws.location.map + x-cfn-schema-name: Map + x-type: get + x-identifiers: + - MapName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Configuration') as configuration, + JSON_EXTRACT(Properties, '$.CreateTime') as create_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.MapArn') as map_arn, + JSON_EXTRACT(Properties, '$.MapName') as map_name, + JSON_EXTRACT(Properties, '$.PricingPlan') as pricing_plan, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UpdateTime') as update_time, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Location::Map' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Configuration') as configuration, + json_extract_path_text(Properties, 'CreateTime') as create_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'MapArn') as map_arn, + json_extract_path_text(Properties, 'MapName') as map_name, + json_extract_path_text(Properties, 'PricingPlan') as pricing_plan, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UpdateTime') as update_time, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Location::Map' + AND data__Identifier = '' + AND region = 'us-east-1' + place_indices: + name: place_indices + id: aws.location.place_indices + x-cfn-schema-name: PlaceIndex + x-type: list + x-identifiers: + - IndexName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.IndexName') as index_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Location::PlaceIndex' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'IndexName') as index_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Location::PlaceIndex' + AND region = 'us-east-1' + place_index: + name: place_index + id: aws.location.place_index + x-cfn-schema-name: PlaceIndex + x-type: get + x-identifiers: + - IndexName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CreateTime') as create_time, + JSON_EXTRACT(Properties, '$.DataSource') as data_source, + JSON_EXTRACT(Properties, '$.DataSourceConfiguration') as data_source_configuration, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.IndexArn') as index_arn, + JSON_EXTRACT(Properties, '$.IndexName') as index_name, + JSON_EXTRACT(Properties, '$.PricingPlan') as pricing_plan, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UpdateTime') as update_time, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Location::PlaceIndex' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CreateTime') as create_time, + json_extract_path_text(Properties, 'DataSource') as data_source, + json_extract_path_text(Properties, 'DataSourceConfiguration') as data_source_configuration, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'IndexArn') as index_arn, + json_extract_path_text(Properties, 'IndexName') as index_name, + json_extract_path_text(Properties, 'PricingPlan') as pricing_plan, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UpdateTime') as update_time, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Location::PlaceIndex' + AND data__Identifier = '' + AND region = 'us-east-1' + route_calculators: + name: route_calculators + id: aws.location.route_calculators + x-cfn-schema-name: RouteCalculator + x-type: list + x-identifiers: + - CalculatorName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CalculatorName') as calculator_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Location::RouteCalculator' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CalculatorName') as calculator_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Location::RouteCalculator' + AND region = 'us-east-1' + route_calculator: + name: route_calculator + id: aws.location.route_calculator + x-cfn-schema-name: RouteCalculator + x-type: get + x-identifiers: + - CalculatorName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CalculatorArn') as calculator_arn, + JSON_EXTRACT(Properties, '$.CalculatorName') as calculator_name, + JSON_EXTRACT(Properties, '$.CreateTime') as create_time, + JSON_EXTRACT(Properties, '$.DataSource') as data_source, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.PricingPlan') as pricing_plan, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UpdateTime') as update_time, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Location::RouteCalculator' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CalculatorArn') as calculator_arn, + json_extract_path_text(Properties, 'CalculatorName') as calculator_name, + json_extract_path_text(Properties, 'CreateTime') as create_time, + json_extract_path_text(Properties, 'DataSource') as data_source, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'PricingPlan') as pricing_plan, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UpdateTime') as update_time, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Location::RouteCalculator' + AND data__Identifier = '' + AND region = 'us-east-1' + trackers: + name: trackers + id: aws.location.trackers + x-cfn-schema-name: Tracker + x-type: list + x-identifiers: + - TrackerName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TrackerName') as tracker_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Location::Tracker' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TrackerName') as tracker_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Location::Tracker' + AND region = 'us-east-1' + tracker: + name: tracker + id: aws.location.tracker + x-cfn-schema-name: Tracker + x-type: get + x-identifiers: + - TrackerName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CreateTime') as create_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EventBridgeEnabled') as event_bridge_enabled, + JSON_EXTRACT(Properties, '$.KmsKeyEnableGeospatialQueries') as kms_key_enable_geospatial_queries, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.PositionFiltering') as position_filtering, + JSON_EXTRACT(Properties, '$.PricingPlan') as pricing_plan, + JSON_EXTRACT(Properties, '$.PricingPlanDataSource') as pricing_plan_data_source, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TrackerArn') as tracker_arn, + JSON_EXTRACT(Properties, '$.TrackerName') as tracker_name, + JSON_EXTRACT(Properties, '$.UpdateTime') as update_time, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Location::Tracker' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CreateTime') as create_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EventBridgeEnabled') as event_bridge_enabled, + json_extract_path_text(Properties, 'KmsKeyEnableGeospatialQueries') as kms_key_enable_geospatial_queries, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'PositionFiltering') as position_filtering, + json_extract_path_text(Properties, 'PricingPlan') as pricing_plan, + json_extract_path_text(Properties, 'PricingPlanDataSource') as pricing_plan_data_source, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TrackerArn') as tracker_arn, + json_extract_path_text(Properties, 'TrackerName') as tracker_name, + json_extract_path_text(Properties, 'UpdateTime') as update_time, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Location::Tracker' + AND data__Identifier = '' + AND region = 'us-east-1' + tracker_consumers: + name: tracker_consumers + id: aws.location.tracker_consumers + x-cfn-schema-name: TrackerConsumer + x-type: list + x-identifiers: + - TrackerName + - ConsumerArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TrackerName') as tracker_name, + JSON_EXTRACT(Properties, '$.ConsumerArn') as consumer_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Location::TrackerConsumer' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TrackerName') as tracker_name, + json_extract_path_text(Properties, 'ConsumerArn') as consumer_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Location::TrackerConsumer' + AND region = 'us-east-1' + tracker_consumer: + name: tracker_consumer + id: aws.location.tracker_consumer + x-cfn-schema-name: TrackerConsumer + x-type: get + x-identifiers: + - TrackerName + - ConsumerArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ConsumerArn') as consumer_arn, + JSON_EXTRACT(Properties, '$.TrackerName') as tracker_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Location::TrackerConsumer' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ConsumerArn') as consumer_arn, + json_extract_path_text(Properties, 'TrackerName') as tracker_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Location::TrackerConsumer' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/logs.yaml b/providers/src/aws/v00.00.00000/services/logs.yaml new file mode 100644 index 00000000..2e8d358a --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/logs.yaml @@ -0,0 +1,1626 @@ +openapi: 3.0.0 +info: + title: Logs + version: 1.0.0 +paths: {} +components: + schemas: + AccountPolicy: + type: object + properties: + AccountId: + description: User account id + type: string + pattern: ^\d{12}$ + PolicyName: + description: The name of the account policy + type: string + minLength: 1 + maxLength: 256 + pattern: ^[^:*]{1,256}$ + PolicyDocument: + description: |- + The body of the policy document you want to use for this topic. + + You can only add one policy per PolicyType. + + The policy must be in JSON string format. + + Length Constraints: Maximum length of 30720 + type: string + minLength: 1 + maxLength: 30720 + PolicyType: + description: Type of the policy. + type: string + enum: + - DATA_PROTECTION_POLICY + - SUBSCRIPTION_FILTER_POLICY + Scope: + description: Scope for policy application + type: string + enum: + - ALL + SelectionCriteria: + description: Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes + type: string + required: + - PolicyName + - PolicyType + - PolicyDocument + x-stackql-resource-name: account_policy + description: The AWS::Logs::AccountPolicy resource specifies a CloudWatch Logs AccountPolicy. + x-type-name: AWS::Logs::AccountPolicy + x-stackql-primary-identifier: + - AccountId + - PolicyType + - PolicyName + x-create-only-properties: + - PolicyName + - PolicyType + x-read-only-properties: + - AccountId + x-required-properties: + - PolicyName + - PolicyType + - PolicyDocument + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - logs:PutAccountPolicy + - logs:PutDataProtectionPolicy + - logs:DescribeAccountPolicies + - logs:CreateLogDelivery + - s3:REST.PUT.OBJECT + - firehose:TagDeliveryStream + - logs:PutSubscriptionFilter + - logs:DeleteSubscriptionFilter + - iam:PassRole + read: + - logs:DescribeAccountPolicies + update: + - logs:PutAccountPolicy + - logs:PutDataProtectionPolicy + - logs:DescribeAccountPolicies + - logs:DeleteAccountPolicy + - logs:DeleteDataProtectionPolicy + - logs:CreateLogDelivery + - logs:PutSubscriptionFilter + - logs:DeleteSubscriptionFilter + - s3:REST.PUT.OBJECT + - firehose:TagDeliveryStream + - iam:PassRole + delete: + - logs:DeleteAccountPolicy + - logs:DeleteDataProtectionPolicy + - logs:DescribeAccountPolicies + - logs:DeleteSubscriptionFilter + - iam:PassRole + list: + - logs:DescribeAccountPolicies + Tag: + description: '' + type: object + additionalProperties: false + properties: + Key: + type: string + description: '' + minLength: 1 + maxLength: 128 + Value: + type: string + description: '' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + Arn: + description: The Amazon Resource Name (ARN) that uniquely identifies this delivery source. + type: string + minLength: 16 + maxLength: 2048 + pattern: ^arn:(aws[a-zA-Z-]*)?:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ + Delivery: + type: object + properties: + DeliveryId: + description: The unique ID that identifies this delivery in your account. + type: string + minLength: 1 + maxLength: 64 + pattern: ^[0-9A-Za-z]+$ + Arn: + description: The Amazon Resource Name (ARN) that uniquely identifies this delivery. + $ref: '#/components/schemas/Arn' + DeliverySourceName: + description: The name of the delivery source that is associated with this delivery. + type: string + pattern: '[\w-]*$' + minLength: 1 + maxLength: 60 + DeliveryDestinationArn: + description: The ARN of the delivery destination that is associated with this delivery. + $ref: '#/components/schemas/Arn' + DeliveryDestinationType: + description: Displays whether the delivery destination associated with this delivery is CloudWatch Logs, Amazon S3, or Kinesis Data Firehose. + type: string + minLength: 1 + maxLength: 12 + pattern: ^[0-9A-Za-z]+$ + Tags: + description: The tags that have been assigned to this delivery. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - DeliverySourceName + - DeliveryDestinationArn + x-stackql-resource-name: delivery + description: |- + This structure contains information about one delivery in your account. + + A delivery is a connection between a logical delivery source and a logical delivery destination. + + For more information, see [CreateDelivery](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html). + x-type-name: AWS::Logs::Delivery + x-stackql-primary-identifier: + - DeliveryId + x-create-only-properties: + - DeliverySourceName + - DeliveryDestinationArn + x-read-only-properties: + - DeliveryId + - Arn + - DeliveryDestinationType + x-required-properties: + - DeliverySourceName + - DeliveryDestinationArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - logs:CreateDelivery + - logs:GetDelivery + - logs:DescribeDeliveries + - logs:ListTagsForResource + - logs:TagResource + - logs:GetDeliverySource + - logs:GetDeliveryDestination + read: + - logs:GetDelivery + - logs:ListTagsForResource + update: + - logs:GetDelivery + - logs:ListTagsForResource + - logs:TagResource + - logs:UntagResource + delete: + - logs:DeleteDelivery + - logs:ListTagsForResource + - logs:UntagResource + list: + - logs:DescribeDeliveries + - logs:ListTagsForResource + DestinationPolicy: + type: object + properties: + DeliveryDestinationName: + type: string + description: The name of the delivery destination to assign this policy to + minLength: 1 + maxLength: 60 + DeliveryDestinationPolicy: + type: string + description: The contents of the policy attached to the delivery destination + minLength: 1 + maxLength: 51200 + required: + - DeliveryDestinationName + - DeliveryDestinationPolicy + additionalProperties: false + DeliveryDestination: + type: object + properties: + Name: + description: The name of this delivery destination. + type: string + pattern: '[\w-]*$' + minLength: 1 + maxLength: 60 + Arn: + description: The Amazon Resource Name (ARN) that uniquely identifies this delivery destination. + $ref: '#/components/schemas/Arn' + DestinationResourceArn: + description: The ARN of the AWS resource that will receive the logs. + $ref: '#/components/schemas/Arn' + Tags: + description: The tags that have been assigned to this delivery destination. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + DeliveryDestinationType: + description: Displays whether this delivery destination is CloudWatch Logs, Amazon S3, or Kinesis Data Firehose. + type: string + minLength: 1 + maxLength: 12 + pattern: ^[0-9A-Za-z]+$ + DeliveryDestinationPolicy: + description: |- + IAM policy that grants permissions to CloudWatch Logs to deliver logs cross-account to a specified destination in this account. + + The policy must be in JSON string format. + + Length Constraints: Maximum length of 51200 + type: object + items: + $ref: '#/components/schemas/DestinationPolicy' + required: + - Name + x-stackql-resource-name: delivery_destination + description: |- + This structure contains information about one delivery destination in your account. + + A delivery destination is an AWS resource that represents an AWS service that logs can be sent to CloudWatch Logs, Amazon S3, are supported as Kinesis Data Firehose delivery destinations. + x-type-name: AWS::Logs::DeliveryDestination + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - DestinationResourceArn + x-read-only-properties: + - Arn + - DeliveryDestinationType + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - logs:PutDeliveryDestination + - logs:GetDeliveryDestination + - logs:ListTagsForResource + - logs:TagResource + - logs:UntagResource + - logs:PutDeliveryDestinationPolicy + - logs:GetDeliveryDestinationPolicy + read: + - logs:GetDeliveryDestination + - logs:ListTagsForResource + - logs:GetDeliveryDestinationPolicy + update: + - logs:PutDeliveryDestination + - logs:GetDeliveryDestination + - logs:ListTagsForResource + - logs:TagResource + - logs:UntagResource + - logs:DeleteDeliveryDestinationPolicy + - logs:PutDeliveryDestinationPolicy + - logs:GetDeliveryDestinationPolicy + delete: + - logs:DeleteDeliveryDestination + - logs:DeleteDeliveryDestinationPolicy + list: + - logs:DescribeDeliveryDestinations + - logs:GetDeliveryDestinationPolicy + DeliverySource: + type: object + properties: + Name: + description: The unique name of the Log source. + type: string + pattern: '[\w-]*$' + minLength: 1 + maxLength: 60 + Arn: + description: The Amazon Resource Name (ARN) that uniquely identifies this delivery source. + $ref: '#/components/schemas/Arn' + ResourceArns: + description: This array contains the ARN of the AWS resource that sends logs and is represented by this delivery source. Currently, only one ARN can be in the array. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Arn' + ResourceArn: + description: The ARN of the resource that will be sending the logs. + $ref: '#/components/schemas/Arn' + Service: + description: The AWS service that is sending logs. + type: string + pattern: '[\w-]*$' + minLength: 1 + maxLength: 255 + LogType: + description: The type of logs being delivered. Only mandatory when the resourceArn could match more than one. In such a case, the error message will contain all the possible options. + type: string + pattern: '[\w-]*$' + minLength: 1 + maxLength: 255 + Tags: + description: The tags that have been assigned to this delivery source. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + x-stackql-resource-name: delivery_source + description: |2- + A delivery source is an AWS resource that sends logs to an AWS destination. The destination can be CloudWatch Logs, Amazon S3, or Kinesis Data Firehose. + + Only some AWS services support being configured as a delivery source. These services are listed as Supported [V2 Permissions] in the table at [Enabling logging from AWS services](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html). + x-type-name: AWS::Logs::DeliverySource + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-write-only-properties: + - ResourceArn + x-read-only-properties: + - Service + - ResourceArns + - Arn + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - logs:PutDeliverySource + - logs:GetDeliverySource + - logs:ListTagsForResource + - logs:TagResource + - logs:AllowVendedLogDeliveryForResource + - codewhisperer:AllowVendedLogDeliveryForResource + - autoloop:AllowVendedLogDeliveryForResource + - workmail:AllowVendedLogDeliveryForResource + read: + - logs:GetDeliverySource + - logs:ListTagsForResource + update: + - logs:PutDeliverySource + - logs:GetDeliverySource + - logs:ListTagsForResource + - logs:TagResource + - logs:UntagResource + delete: + - logs:DeleteDeliverySource + list: + - logs:DescribeDeliverySources + Destination: + type: object + properties: + Arn: + type: string + DestinationName: + description: The name of the destination resource + type: string + minLength: 1 + maxLength: 512 + pattern: ^[^:*]{1,512}$ + DestinationPolicy: + description: An IAM policy document that governs which AWS accounts can create subscription filters against this destination. + type: string + minLength: 1 + RoleArn: + description: The ARN of an IAM role that permits CloudWatch Logs to send data to the specified AWS resource + type: string + minLength: 1 + TargetArn: + description: The ARN of the physical target where the log events are delivered (for example, a Kinesis stream) + type: string + minLength: 1 + required: + - DestinationName + - TargetArn + - RoleArn + x-stackql-resource-name: destination + description: The AWS::Logs::Destination resource specifies a CloudWatch Logs destination. A destination encapsulates a physical resource (such as an Amazon Kinesis data stream) and enables you to subscribe that resource to a stream of log events. + x-type-name: AWS::Logs::Destination + x-stackql-primary-identifier: + - DestinationName + x-create-only-properties: + - DestinationName + x-read-only-properties: + - Arn + x-required-properties: + - DestinationName + - TargetArn + - RoleArn + x-tagging: + taggable: false + x-required-permissions: + create: + - logs:PutDestination + - logs:PutDestinationPolicy + - logs:DescribeDestinations + - iam:PassRole + read: + - logs:DescribeDestinations + update: + - logs:PutDestination + - logs:PutDestinationPolicy + - logs:DescribeDestinations + - iam:PassRole + delete: + - logs:DeleteDestination + list: + - logs:DescribeDestinations + LogAnomalyDetector: + type: object + properties: + AccountId: + description: Account ID for owner of detector + type: string + KmsKeyId: + description: The Amazon Resource Name (ARN) of the CMK to use when encrypting log data. + type: string + maxLength: 256 + DetectorName: + description: Name of detector + type: string + LogGroupArnList: + description: List of Arns for the given log group + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + minLength: 20 + maxLength: 2048 + EvaluationFrequency: + description: How often log group is evaluated + type: string + enum: + - FIVE_MIN + - TEN_MIN + - FIFTEEN_MIN + - THIRTY_MIN + - ONE_HOUR + FilterPattern: + description: '' + type: string + pattern: '' + AnomalyDetectorStatus: + description: Current status of detector. + type: string + AnomalyVisibilityTime: + description: '' + type: number + CreationTimeStamp: + description: When detector was created. + type: number + LastModifiedTimeStamp: + description: When detector was lsat modified. + type: number + AnomalyDetectorArn: + description: ARN of LogAnomalyDetector + type: string + required: [] + x-stackql-resource-name: log_anomaly_detector + description: The AWS::Logs::LogAnomalyDetector resource specifies a CloudWatch Logs LogAnomalyDetector. + x-type-name: AWS::Logs::LogAnomalyDetector + x-stackql-primary-identifier: + - AnomalyDetectorArn + x-write-only-properties: + - AccountId + x-read-only-properties: + - AnomalyDetectorArn + - CreationTimeStamp + - LastModifiedTimeStamp + - AnomalyDetectorStatus + x-required-properties: [] + x-tagging: + taggable: false + x-required-permissions: + create: + - logs:CreateLogAnomalyDetector + read: + - logs:GetLogAnomalyDetector + update: + - logs:UpdateLogAnomalyDetector + delete: + - logs:DeleteLogAnomalyDetector + list: + - logs:ListLogAnomalyDetectors + LogGroup: + type: string + pattern: '[\.\-_/#A-Za-z0-9]+' + minLength: 1 + maxLength: 512 + LogStream: + type: object + properties: + LogStreamName: + description: The name of the log stream. The name must be unique wihtin the log group. + type: string + LogGroupName: + description: The name of the log group where the log stream is created. + type: string + required: + - LogGroupName + x-stackql-resource-name: log_stream + description: Resource Type definition for AWS::Logs::LogStream + x-type-name: AWS::Logs::LogStream + x-stackql-primary-identifier: + - LogGroupName + - LogStreamName + x-create-only-properties: + - LogGroupName + - LogStreamName + x-required-properties: + - LogGroupName + x-tagging: + taggable: false + x-required-permissions: + read: + - logs:DescribeLogStreams + create: + - logs:CreateLogStream + - logs:DescribeLogStreams + list: + - logs:DescribeLogStreams + delete: + - logs:DeleteLogStream + MetricTransformation: + description: '``MetricTransformation`` is a property of the ``AWS::Logs::MetricFilter`` resource that describes how to transform log streams into a CloudWatch metric.' + additionalProperties: false + type: object + properties: + DefaultValue: + description: (Optional) The value to emit when a filter pattern does not match a log event. This value can be null. + type: number + MetricName: + minLength: 1 + pattern: ^((?![:*$])[\x00-\x7F]){1,255} + description: The name of the CloudWatch metric. + type: string + maxLength: 255 + MetricValue: + minLength: 1 + pattern: .{1,100} + description: The value that is published to the CloudWatch metric. For example, if you're counting the occurrences of a particular term like ``Error``, specify 1 for the metric value. If you're counting the number of bytes transferred, reference the value that is in the log event by using $. followed by the name of the field that you specified in the filter pattern, such as ``$.size``. + type: string + maxLength: 100 + MetricNamespace: + minLength: 1 + pattern: ^[0-9a-zA-Z\.\-_\/#]{1,256} + description: A custom namespace to contain your metric in CloudWatch. Use namespaces to group together metrics that are similar. For more information, see [Namespaces](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Namespace). + x-$comment: Namespaces can be up to 256 characters long; valid characters include 0-9A-Za-z.-_/# + type: string + maxLength: 256 + Dimensions: + minItems: 1 + maxItems: 3 + uniqueItems: true + description: |- + The fields to use as dimensions for the metric. One metric filter can include as many as three dimensions. + Metrics extracted from log events are charged as custom metrics. To prevent unexpected high charges, do not specify high-cardinality fields such as ``IPAddress`` or ``requestID`` as dimensions. Each different value found for a dimension is treated as a separate metric and accrues charges as a separate custom metric. + CloudWatch Logs disables a metric filter if it generates 1000 different name/value pairs for your specified dimensions within a certain amount of time. This helps to prevent accidental high charges. + You can also set up a billing alarm to alert you if your charges are higher than expected. For more information, see [Creating a Billing Alarm to Monitor Your Estimated Charges](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html). + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Dimension' + Unit: + description: The unit to assign to the metric. If you omit this, the unit is set as ``None``. + type: string + enum: + - Seconds + - Microseconds + - Milliseconds + - Bytes + - Kilobytes + - Megabytes + - Gigabytes + - Terabytes + - Bits + - Kilobits + - Megabits + - Gigabits + - Terabits + - Percent + - Count + - Bytes/Second + - Kilobytes/Second + - Megabytes/Second + - Gigabytes/Second + - Terabytes/Second + - Bits/Second + - Kilobits/Second + - Megabits/Second + - Gigabits/Second + - Terabits/Second + - Count/Second + - None + required: + - MetricName + - MetricNamespace + - MetricValue + Dimension: + description: |- + Specifies the CW metric dimensions to publish with this metric. + Because dimensions are part of the unique identifier for a metric, whenever a unique dimension name/value pair is extracted from your logs, you are creating a new variation of that metric. + For more information about publishing dimensions with metrics created by metric filters, see [Publishing dimensions with metrics from values in JSON or space-delimited log events](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html#logs-metric-filters-dimensions). + Metrics extracted from log events are charged as custom metrics. To prevent unexpected high charges, do not specify high-cardinality fields such as ``IPAddress`` or ``requestID`` as dimensions. Each different value found for a dimension is treated as a separate metric and accrues charges as a separate custom metric. + To help prevent accidental high charges, Amazon disables a metric filter if it generates 1000 different name/value pairs for the dimensions that you have specified within a certain amount of time. + You can also set up a billing alarm to alert you if your charges are higher than expected. For more information, see [Creating a Billing Alarm to Monitor Your Estimated Charges](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html). + additionalProperties: false + type: object + properties: + Value: + minLength: 1 + description: The log event field that will contain the value for this dimension. This dimension will only be published for a metric if the value is found in the log event. For example, ``$.eventType`` for JSON log events, or ``$server`` for space-delimited log events. + type: string + maxLength: 255 + Key: + minLength: 1 + description: |- + The name for the CW metric dimension that the metric filter creates. + Dimension names must contain only ASCII characters, must include at least one non-whitespace character, and cannot start with a colon (:). + type: string + maxLength: 255 + required: + - Key + - Value + MetricFilter: + type: object + properties: + MetricTransformations: + minItems: 1 + maxItems: 1 + description: The metric transformations. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/MetricTransformation' + FilterPattern: + description: A filter pattern for extracting metric data out of ingested log events. For more information, see [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html). + type: string + maxLength: 1024 + LogGroupName: + minLength: 1 + pattern: ^[.\-_/#A-Za-z0-9]{1,512} + description: The name of an existing log group that you want to associate with this metric filter. + type: string + maxLength: 512 + FilterName: + minLength: 1 + pattern: ^[^:*]{1,512} + description: The name of the metric filter. + type: string + maxLength: 512 + required: + - FilterPattern + - LogGroupName + - MetricTransformations + x-stackql-resource-name: metric_filter + description: |- + The ``AWS::Logs::MetricFilter`` resource specifies a metric filter that describes how CWL extracts information from logs and transforms it into Amazon CloudWatch metrics. If you have multiple metric filters that are associated with a log group, all the filters are applied to the log streams in that group. + The maximum number of metric filters that can be associated with a log group is 100. + x-type-name: AWS::Logs::MetricFilter + x-stackql-primary-identifier: + - LogGroupName + - FilterName + x-create-only-properties: + - FilterName + - LogGroupName + x-required-properties: + - FilterPattern + - LogGroupName + - MetricTransformations + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + x-required-permissions: + read: + - logs:DescribeMetricFilters + create: + - logs:PutMetricFilter + - logs:DescribeMetricFilters + update: + - logs:PutMetricFilter + - logs:DescribeMetricFilters + list: + - logs:DescribeMetricFilters + delete: + - logs:DeleteMetricFilter + QueryDefinition: + type: object + properties: + Name: + description: A name for the saved query definition + type: string + minLength: 1 + maxLength: 255 + QueryString: + description: The query string to use for this definition + type: string + minLength: 1 + maxLength: 10000 + LogGroupNames: + description: Optionally define specific log groups as part of your query definition + type: array + x-insertionOrder: false + items: + description: LogGroup name + $ref: '#/components/schemas/LogGroup' + QueryDefinitionId: + description: Unique identifier of a query definition + type: string + minLength: 0 + maxLength: 256 + required: + - Name + - QueryString + x-stackql-resource-name: query_definition + description: The resource schema for AWSLogs QueryDefinition + x-type-name: AWS::Logs::QueryDefinition + x-stackql-primary-identifier: + - QueryDefinitionId + x-read-only-properties: + - QueryDefinitionId + x-required-properties: + - Name + - QueryString + x-tagging: + taggable: false + x-required-permissions: + create: + - logs:PutQueryDefinition + read: + - logs:DescribeQueryDefinitions + update: + - logs:PutQueryDefinition + delete: + - logs:DeleteQueryDefinition + list: + - logs:DescribeQueryDefinitions + ResourcePolicy: + type: object + properties: + PolicyName: + description: A name for resource policy + type: string + pattern: ^([^:*\/]+\/?)*[^:*\/]+$ + minLength: 1 + maxLength: 255 + PolicyDocument: + description: The policy document + type: string + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + minLength: 1 + maxLength: 5120 + required: + - PolicyName + - PolicyDocument + x-stackql-resource-name: resource_policy + description: The resource schema for AWSLogs ResourcePolicy + x-type-name: AWS::Logs::ResourcePolicy + x-stackql-primary-identifier: + - PolicyName + x-create-only-properties: + - PolicyName + x-required-properties: + - PolicyName + - PolicyDocument + x-tagging: + taggable: false + x-required-permissions: + create: + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + read: + - logs:DescribeResourcePolicies + update: + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DeleteResourcePolicy + delete: + - logs:DeleteResourcePolicy + list: + - logs:DescribeResourcePolicies + SubscriptionFilter: + type: object + properties: + FilterName: + description: The name of the subscription filter. + type: string + DestinationArn: + description: The Amazon Resource Name (ARN) of the destination. + type: string + FilterPattern: + description: The filtering expressions that restrict what gets delivered to the destination AWS resource. For more information about the filter pattern syntax, see [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html). + type: string + LogGroupName: + description: The log group to associate with the subscription filter. All log events that are uploaded to this log group are filtered and delivered to the specified AWS resource if the filter pattern matches the log events. + type: string + RoleArn: + description: The ARN of an IAM role that grants CWL permissions to deliver ingested log events to the destination stream. You don't need to provide the ARN when you are working with a logical destination for cross-account delivery. + type: string + Distribution: + description: The method used to distribute log data to the destination, which can be either random or grouped by log stream. + type: string + enum: + - Random + - ByLogStream + required: + - DestinationArn + - FilterPattern + - LogGroupName + x-stackql-resource-name: subscription_filter + description: |- + The ``AWS::Logs::SubscriptionFilter`` resource specifies a subscription filter and associates it with the specified log group. Subscription filters allow you to subscribe to a real-time stream of log events and have them delivered to a specific destination. Currently, the supported destinations are: + + An Amazon Kinesis data stream belonging to the same account as the subscription filter, for same-account delivery. + + A logical destination that belongs to a different account, for cross-account delivery. + + An Amazon Kinesis Firehose delivery stream that belongs to the same account as the subscription filter, for same-account delivery. + + An LAMlong function that belongs to the same account as the subscription filter, for same-account delivery. + + There can be as many as two subscription filters associated with a log group. + x-type-name: AWS::Logs::SubscriptionFilter + x-stackql-primary-identifier: + - FilterName + - LogGroupName + x-create-only-properties: + - FilterName + - LogGroupName + x-required-properties: + - DestinationArn + - FilterPattern + - LogGroupName + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:PassRole + - logs:PutSubscriptionFilter + - logs:DescribeSubscriptionFilters + read: + - logs:DescribeSubscriptionFilters + update: + - iam:PassRole + - logs:PutSubscriptionFilter + - logs:DescribeSubscriptionFilters + delete: + - logs:DeleteSubscriptionFilter + list: + - logs:DescribeSubscriptionFilters + x-stackQL-resources: + account_policies: + name: account_policies + id: aws.logs.account_policies + x-cfn-schema-name: AccountPolicy + x-type: list + x-identifiers: + - AccountId + - PolicyType + - PolicyName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccountId') as account_id, + JSON_EXTRACT(Properties, '$.PolicyType') as policy_type, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::AccountPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccountId') as account_id, + json_extract_path_text(Properties, 'PolicyType') as policy_type, + json_extract_path_text(Properties, 'PolicyName') as policy_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::AccountPolicy' + AND region = 'us-east-1' + account_policy: + name: account_policy + id: aws.logs.account_policy + x-cfn-schema-name: AccountPolicy + x-type: get + x-identifiers: + - AccountId + - PolicyType + - PolicyName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccountId') as account_id, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.PolicyType') as policy_type, + JSON_EXTRACT(Properties, '$.Scope') as scope, + JSON_EXTRACT(Properties, '$.SelectionCriteria') as selection_criteria + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::AccountPolicy' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccountId') as account_id, + json_extract_path_text(Properties, 'PolicyName') as policy_name, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'PolicyType') as policy_type, + json_extract_path_text(Properties, 'Scope') as scope, + json_extract_path_text(Properties, 'SelectionCriteria') as selection_criteria + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::AccountPolicy' + AND data__Identifier = '||' + AND region = 'us-east-1' + deliveries: + name: deliveries + id: aws.logs.deliveries + x-cfn-schema-name: Delivery + x-type: list + x-identifiers: + - DeliveryId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DeliveryId') as delivery_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::Delivery' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DeliveryId') as delivery_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::Delivery' + AND region = 'us-east-1' + delivery: + name: delivery + id: aws.logs.delivery + x-cfn-schema-name: Delivery + x-type: get + x-identifiers: + - DeliveryId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DeliveryId') as delivery_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DeliverySourceName') as delivery_source_name, + JSON_EXTRACT(Properties, '$.DeliveryDestinationArn') as delivery_destination_arn, + JSON_EXTRACT(Properties, '$.DeliveryDestinationType') as delivery_destination_type, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::Delivery' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DeliveryId') as delivery_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DeliverySourceName') as delivery_source_name, + json_extract_path_text(Properties, 'DeliveryDestinationArn') as delivery_destination_arn, + json_extract_path_text(Properties, 'DeliveryDestinationType') as delivery_destination_type, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::Delivery' + AND data__Identifier = '' + AND region = 'us-east-1' + delivery_destinations: + name: delivery_destinations + id: aws.logs.delivery_destinations + x-cfn-schema-name: DeliveryDestination + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::DeliveryDestination' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::DeliveryDestination' + AND region = 'us-east-1' + delivery_destination: + name: delivery_destination + id: aws.logs.delivery_destination + x-cfn-schema-name: DeliveryDestination + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DestinationResourceArn') as destination_resource_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.DeliveryDestinationType') as delivery_destination_type, + JSON_EXTRACT(Properties, '$.DeliveryDestinationPolicy') as delivery_destination_policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::DeliveryDestination' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DestinationResourceArn') as destination_resource_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'DeliveryDestinationType') as delivery_destination_type, + json_extract_path_text(Properties, 'DeliveryDestinationPolicy') as delivery_destination_policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::DeliveryDestination' + AND data__Identifier = '' + AND region = 'us-east-1' + delivery_sources: + name: delivery_sources + id: aws.logs.delivery_sources + x-cfn-schema-name: DeliverySource + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::DeliverySource' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::DeliverySource' + AND region = 'us-east-1' + delivery_source: + name: delivery_source + id: aws.logs.delivery_source + x-cfn-schema-name: DeliverySource + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ResourceArns') as resource_arns, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.Service') as service, + JSON_EXTRACT(Properties, '$.LogType') as log_type, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::DeliverySource' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ResourceArns') as resource_arns, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'Service') as service, + json_extract_path_text(Properties, 'LogType') as log_type, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::DeliverySource' + AND data__Identifier = '' + AND region = 'us-east-1' + destinations: + name: destinations + id: aws.logs.destinations + x-cfn-schema-name: Destination + x-type: list + x-identifiers: + - DestinationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DestinationName') as destination_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::Destination' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DestinationName') as destination_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::Destination' + AND region = 'us-east-1' + destination: + name: destination + id: aws.logs.destination + x-cfn-schema-name: Destination + x-type: get + x-identifiers: + - DestinationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DestinationName') as destination_name, + JSON_EXTRACT(Properties, '$.DestinationPolicy') as destination_policy, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.TargetArn') as target_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::Destination' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DestinationName') as destination_name, + json_extract_path_text(Properties, 'DestinationPolicy') as destination_policy, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'TargetArn') as target_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::Destination' + AND data__Identifier = '' + AND region = 'us-east-1' + log_anomaly_detectors: + name: log_anomaly_detectors + id: aws.logs.log_anomaly_detectors + x-cfn-schema-name: LogAnomalyDetector + x-type: list + x-identifiers: + - AnomalyDetectorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AnomalyDetectorArn') as anomaly_detector_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::LogAnomalyDetector' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AnomalyDetectorArn') as anomaly_detector_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::LogAnomalyDetector' + AND region = 'us-east-1' + log_anomaly_detector: + name: log_anomaly_detector + id: aws.logs.log_anomaly_detector + x-cfn-schema-name: LogAnomalyDetector + x-type: get + x-identifiers: + - AnomalyDetectorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccountId') as account_id, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.DetectorName') as detector_name, + JSON_EXTRACT(Properties, '$.LogGroupArnList') as log_group_arn_list, + JSON_EXTRACT(Properties, '$.EvaluationFrequency') as evaluation_frequency, + JSON_EXTRACT(Properties, '$.FilterPattern') as filter_pattern, + JSON_EXTRACT(Properties, '$.AnomalyDetectorStatus') as anomaly_detector_status, + JSON_EXTRACT(Properties, '$.AnomalyVisibilityTime') as anomaly_visibility_time, + JSON_EXTRACT(Properties, '$.CreationTimeStamp') as creation_time_stamp, + JSON_EXTRACT(Properties, '$.LastModifiedTimeStamp') as last_modified_time_stamp, + JSON_EXTRACT(Properties, '$.AnomalyDetectorArn') as anomaly_detector_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::LogAnomalyDetector' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccountId') as account_id, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'DetectorName') as detector_name, + json_extract_path_text(Properties, 'LogGroupArnList') as log_group_arn_list, + json_extract_path_text(Properties, 'EvaluationFrequency') as evaluation_frequency, + json_extract_path_text(Properties, 'FilterPattern') as filter_pattern, + json_extract_path_text(Properties, 'AnomalyDetectorStatus') as anomaly_detector_status, + json_extract_path_text(Properties, 'AnomalyVisibilityTime') as anomaly_visibility_time, + json_extract_path_text(Properties, 'CreationTimeStamp') as creation_time_stamp, + json_extract_path_text(Properties, 'LastModifiedTimeStamp') as last_modified_time_stamp, + json_extract_path_text(Properties, 'AnomalyDetectorArn') as anomaly_detector_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::LogAnomalyDetector' + AND data__Identifier = '' + AND region = 'us-east-1' + log_streams: + name: log_streams + id: aws.logs.log_streams + x-cfn-schema-name: LogStream + x-type: list + x-identifiers: + - LogGroupName + - LogStreamName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LogGroupName') as log_group_name, + JSON_EXTRACT(Properties, '$.LogStreamName') as log_stream_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::LogStream' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LogGroupName') as log_group_name, + json_extract_path_text(Properties, 'LogStreamName') as log_stream_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::LogStream' + AND region = 'us-east-1' + log_stream: + name: log_stream + id: aws.logs.log_stream + x-cfn-schema-name: LogStream + x-type: get + x-identifiers: + - LogGroupName + - LogStreamName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LogStreamName') as log_stream_name, + JSON_EXTRACT(Properties, '$.LogGroupName') as log_group_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::LogStream' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LogStreamName') as log_stream_name, + json_extract_path_text(Properties, 'LogGroupName') as log_group_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::LogStream' + AND data__Identifier = '|' + AND region = 'us-east-1' + metric_filters: + name: metric_filters + id: aws.logs.metric_filters + x-cfn-schema-name: MetricFilter + x-type: list + x-identifiers: + - LogGroupName + - FilterName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LogGroupName') as log_group_name, + JSON_EXTRACT(Properties, '$.FilterName') as filter_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::MetricFilter' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LogGroupName') as log_group_name, + json_extract_path_text(Properties, 'FilterName') as filter_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::MetricFilter' + AND region = 'us-east-1' + metric_filter: + name: metric_filter + id: aws.logs.metric_filter + x-cfn-schema-name: MetricFilter + x-type: get + x-identifiers: + - LogGroupName + - FilterName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.MetricTransformations') as metric_transformations, + JSON_EXTRACT(Properties, '$.FilterPattern') as filter_pattern, + JSON_EXTRACT(Properties, '$.LogGroupName') as log_group_name, + JSON_EXTRACT(Properties, '$.FilterName') as filter_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::MetricFilter' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'MetricTransformations') as metric_transformations, + json_extract_path_text(Properties, 'FilterPattern') as filter_pattern, + json_extract_path_text(Properties, 'LogGroupName') as log_group_name, + json_extract_path_text(Properties, 'FilterName') as filter_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::MetricFilter' + AND data__Identifier = '|' + AND region = 'us-east-1' + query_definitions: + name: query_definitions + id: aws.logs.query_definitions + x-cfn-schema-name: QueryDefinition + x-type: list + x-identifiers: + - QueryDefinitionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.QueryDefinitionId') as query_definition_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::QueryDefinition' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'QueryDefinitionId') as query_definition_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::QueryDefinition' + AND region = 'us-east-1' + query_definition: + name: query_definition + id: aws.logs.query_definition + x-cfn-schema-name: QueryDefinition + x-type: get + x-identifiers: + - QueryDefinitionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.QueryString') as query_string, + JSON_EXTRACT(Properties, '$.LogGroupNames') as log_group_names, + JSON_EXTRACT(Properties, '$.QueryDefinitionId') as query_definition_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::QueryDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'QueryString') as query_string, + json_extract_path_text(Properties, 'LogGroupNames') as log_group_names, + json_extract_path_text(Properties, 'QueryDefinitionId') as query_definition_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::QueryDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + resource_policies: + name: resource_policies + id: aws.logs.resource_policies + x-cfn-schema-name: ResourcePolicy + x-type: list + x-identifiers: + - PolicyName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::ResourcePolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PolicyName') as policy_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::ResourcePolicy' + AND region = 'us-east-1' + resource_policy: + name: resource_policy + id: aws.logs.resource_policy + x-cfn-schema-name: ResourcePolicy + x-type: get + x-identifiers: + - PolicyName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PolicyName') as policy_name, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + subscription_filters: + name: subscription_filters + id: aws.logs.subscription_filters + x-cfn-schema-name: SubscriptionFilter + x-type: list + x-identifiers: + - FilterName + - LogGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FilterName') as filter_name, + JSON_EXTRACT(Properties, '$.LogGroupName') as log_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::SubscriptionFilter' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FilterName') as filter_name, + json_extract_path_text(Properties, 'LogGroupName') as log_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::SubscriptionFilter' + AND region = 'us-east-1' + subscription_filter: + name: subscription_filter + id: aws.logs.subscription_filter + x-cfn-schema-name: SubscriptionFilter + x-type: get + x-identifiers: + - FilterName + - LogGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FilterName') as filter_name, + JSON_EXTRACT(Properties, '$.DestinationArn') as destination_arn, + JSON_EXTRACT(Properties, '$.FilterPattern') as filter_pattern, + JSON_EXTRACT(Properties, '$.LogGroupName') as log_group_name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Distribution') as distribution + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::SubscriptionFilter' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FilterName') as filter_name, + json_extract_path_text(Properties, 'DestinationArn') as destination_arn, + json_extract_path_text(Properties, 'FilterPattern') as filter_pattern, + json_extract_path_text(Properties, 'LogGroupName') as log_group_name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Distribution') as distribution + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::SubscriptionFilter' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/lookoutequipment.yaml b/providers/src/aws/v00.00.00000/services/lookoutequipment.yaml new file mode 100644 index 00000000..01e019e5 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/lookoutequipment.yaml @@ -0,0 +1,273 @@ +openapi: 3.0.0 +info: + title: LookoutEquipment + version: 1.0.0 +paths: {} +components: + schemas: + Bucket: + type: string + pattern: ^[a-z0-9][\.\-a-z0-9]{1,61}[a-z0-9]$ + minLength: 3 + maxLength: 63 + Prefix: + type: string + minLength: 0 + maxLength: 1024 + S3InputConfiguration: + description: Specifies configuration information for the input data for the inference, including input data S3 location. + type: object + properties: + Bucket: + $ref: '#/components/schemas/Bucket' + Prefix: + $ref: '#/components/schemas/Prefix' + required: + - Bucket + additionalProperties: false + S3OutputConfiguration: + description: Specifies configuration information for the output results from the inference, including output S3 location. + type: object + properties: + Bucket: + $ref: '#/components/schemas/Bucket' + Prefix: + $ref: '#/components/schemas/Prefix' + required: + - Bucket + additionalProperties: false + InputNameConfiguration: + description: Specifies configuration information for the input data for the inference, including timestamp format and delimiter. + type: object + properties: + ComponentTimestampDelimiter: + description: Indicates the delimiter character used between items in the data. + type: string + pattern: ^(\-|\_|\s)?$ + minLength: 0 + maxLength: 1 + TimestampFormat: + description: The format of the timestamp, whether Epoch time, or standard, with or without hyphens (-). + type: string + pattern: ^EPOCH|yyyy-MM-dd-HH-mm-ss|yyyyMMddHHmmss$ + additionalProperties: false + Tag: + description: A tag is a key-value pair that can be added to a resource as metadata. + type: object + properties: + Key: + description: The key for the specified tag. + type: string + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + minLength: 1 + maxLength: 128 + Value: + description: The value for the specified tag. + type: string + pattern: '[\s\w+-=\.:/@]*' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + InferenceScheduler: + type: object + properties: + DataDelayOffsetInMinutes: + description: A period of time (in minutes) by which inference on the data is delayed after the data starts. + type: integer + minimum: 0 + maximum: 60 + DataInputConfiguration: + description: Specifies configuration information for the input data for the inference scheduler, including delimiter, format, and dataset location. + type: object + properties: + InputTimeZoneOffset: + description: Indicates the difference between your time zone and Greenwich Mean Time (GMT). + type: string + pattern: ^(\+|\-)[0-9]{2}\:[0-9]{2}$ + InferenceInputNameConfiguration: + $ref: '#/components/schemas/InputNameConfiguration' + S3InputConfiguration: + $ref: '#/components/schemas/S3InputConfiguration' + required: + - S3InputConfiguration + additionalProperties: false + DataOutputConfiguration: + description: Specifies configuration information for the output results for the inference scheduler, including the S3 location for the output. + type: object + properties: + KmsKeyId: + description: The ID number for the AWS KMS key used to encrypt the inference output. + type: string + pattern: ^[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,2048}$ + minLength: 1 + maxLength: 2048 + S3OutputConfiguration: + $ref: '#/components/schemas/S3OutputConfiguration' + required: + - S3OutputConfiguration + additionalProperties: false + DataUploadFrequency: + description: How often data is uploaded to the source S3 bucket for the input data. + type: string + enum: + - PT5M + - PT10M + - PT15M + - PT30M + - PT1H + InferenceSchedulerName: + description: The name of the inference scheduler being created. + type: string + pattern: ^[0-9a-zA-Z_-]{1,200}$ + minLength: 1 + maxLength: 200 + ModelName: + description: The name of the previously trained ML model being used to create the inference scheduler. + type: string + pattern: ^[0-9a-zA-Z_-]{1,200}$ + minLength: 1 + maxLength: 200 + RoleArn: + description: The Amazon Resource Name (ARN) of a role with permission to access the data source being used for the inference. + type: string + pattern: arn:aws(-[^:]+)?:iam::[0-9]{12}:role/.+ + minLength: 20 + maxLength: 2048 + ServerSideKmsKeyId: + description: Provides the identifier of the AWS KMS customer master key (CMK) used to encrypt inference scheduler data by Amazon Lookout for Equipment. + type: string + pattern: ^[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,2048}$ + minLength: 1 + maxLength: 2048 + Tags: + description: Any tags associated with the inference scheduler. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + InferenceSchedulerArn: + description: The Amazon Resource Name (ARN) of the inference scheduler being created. + type: string + pattern: arn:aws(-[^:]+)?:lookoutequipment:[a-zA-Z0-9\-]*:[0-9]{12}:inference-scheduler\/.+ + minLength: 1 + maxLength: 200 + required: + - DataInputConfiguration + - DataOutputConfiguration + - DataUploadFrequency + - ModelName + - RoleArn + x-stackql-resource-name: inference_scheduler + description: Resource schema for LookoutEquipment InferenceScheduler. + x-type-name: AWS::LookoutEquipment::InferenceScheduler + x-stackql-primary-identifier: + - InferenceSchedulerName + x-create-only-properties: + - InferenceSchedulerName + - ModelName + - ServerSideKmsKeyId + x-read-only-properties: + - InferenceSchedulerArn + x-required-properties: + - DataInputConfiguration + - DataOutputConfiguration + - DataUploadFrequency + - ModelName + - RoleArn + x-taggable: true + x-required-permissions: + create: + - iam:PassRole + - lookoutequipment:CreateInferenceScheduler + - lookoutequipment:DescribeInferenceScheduler + read: + - lookoutequipment:DescribeInferenceScheduler + delete: + - lookoutequipment:DeleteInferenceScheduler + - lookoutequipment:StopInferenceScheduler + - lookoutequipment:DescribeInferenceScheduler + update: + - lookoutequipment:UpdateInferenceScheduler + - lookoutequipment:DescribeInferenceScheduler + - lookoutequipment:StopInferenceScheduler + - lookoutequipment:StartInferenceScheduler + list: + - lookoutequipment:ListInferenceSchedulers + x-stackQL-resources: + inference_schedulers: + name: inference_schedulers + id: aws.lookoutequipment.inference_schedulers + x-cfn-schema-name: InferenceScheduler + x-type: list + x-identifiers: + - InferenceSchedulerName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InferenceSchedulerName') as inference_scheduler_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LookoutEquipment::InferenceScheduler' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InferenceSchedulerName') as inference_scheduler_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LookoutEquipment::InferenceScheduler' + AND region = 'us-east-1' + inference_scheduler: + name: inference_scheduler + id: aws.lookoutequipment.inference_scheduler + x-cfn-schema-name: InferenceScheduler + x-type: get + x-identifiers: + - InferenceSchedulerName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DataDelayOffsetInMinutes') as data_delay_offset_in_minutes, + JSON_EXTRACT(Properties, '$.DataInputConfiguration') as data_input_configuration, + JSON_EXTRACT(Properties, '$.DataOutputConfiguration') as data_output_configuration, + JSON_EXTRACT(Properties, '$.DataUploadFrequency') as data_upload_frequency, + JSON_EXTRACT(Properties, '$.InferenceSchedulerName') as inference_scheduler_name, + JSON_EXTRACT(Properties, '$.ModelName') as model_name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.ServerSideKmsKeyId') as server_side_kms_key_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.InferenceSchedulerArn') as inference_scheduler_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LookoutEquipment::InferenceScheduler' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DataDelayOffsetInMinutes') as data_delay_offset_in_minutes, + json_extract_path_text(Properties, 'DataInputConfiguration') as data_input_configuration, + json_extract_path_text(Properties, 'DataOutputConfiguration') as data_output_configuration, + json_extract_path_text(Properties, 'DataUploadFrequency') as data_upload_frequency, + json_extract_path_text(Properties, 'InferenceSchedulerName') as inference_scheduler_name, + json_extract_path_text(Properties, 'ModelName') as model_name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'ServerSideKmsKeyId') as server_side_kms_key_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'InferenceSchedulerArn') as inference_scheduler_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LookoutEquipment::InferenceScheduler' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/lookoutmetrics.yaml b/providers/src/aws/v00.00.00000/services/lookoutmetrics.yaml new file mode 100644 index 00000000..1fd5b7b5 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/lookoutmetrics.yaml @@ -0,0 +1,633 @@ +openapi: 3.0.0 +info: + title: LookoutMetrics + version: 1.0.0 +paths: {} +components: + schemas: + Arn: + type: string + maxLength: 256 + pattern: arn:([a-z\d-]+):.*:.*:.*:.+ + Action: + type: object + additionalProperties: false + properties: + SNSConfiguration: + $ref: '#/components/schemas/SNSConfiguration' + LambdaConfiguration: + $ref: '#/components/schemas/LambdaConfiguration' + SNSConfiguration: + description: Configuration options for an SNS alert action. + type: object + additionalProperties: false + properties: + RoleArn: + description: ARN of an IAM role that LookoutMetrics should assume to access the SNS topic. + $ref: '#/components/schemas/Arn' + SnsTopicArn: + description: ARN of an SNS topic to send alert notifications to. + $ref: '#/components/schemas/Arn' + required: + - RoleArn + - SnsTopicArn + LambdaConfiguration: + description: Configuration options for a Lambda alert action. + type: object + additionalProperties: false + properties: + RoleArn: + description: ARN of an IAM role that LookoutMetrics should assume to access the Lambda function. + $ref: '#/components/schemas/Arn' + LambdaArn: + description: ARN of a Lambda to send alert notifications to. + $ref: '#/components/schemas/Arn' + required: + - RoleArn + - LambdaArn + Alert: + type: object + properties: + AlertName: + description: The name of the alert. If not provided, a name is generated automatically. + type: string + minLength: 1 + maxLength: 63 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]* + Arn: + description: ARN assigned to the alert. + $ref: '#/components/schemas/Arn' + AlertDescription: + description: A description for the alert. + type: string + maxLength: 256 + pattern: .*\S.* + AnomalyDetectorArn: + description: The Amazon resource name (ARN) of the Anomaly Detector to alert. + type: string + maxLength: 256 + pattern: arn:([a-z\d-]+):.*:.*:.*:.+ + AlertSensitivityThreshold: + description: A number between 0 and 100 (inclusive) that tunes the sensitivity of the alert. + type: integer + minimum: 0 + maximum: 100 + Action: + description: The action to be taken by the alert when an anomaly is detected. + $ref: '#/components/schemas/Action' + required: + - AnomalyDetectorArn + - AlertSensitivityThreshold + - Action + x-stackql-resource-name: alert + description: Resource Type definition for AWS::LookoutMetrics::Alert + x-type-name: AWS::LookoutMetrics::Alert + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - AlertName + - AlertDescription + - AnomalyDetectorArn + - AlertSensitivityThreshold + - Action + x-read-only-properties: + - Arn + x-required-properties: + - AnomalyDetectorArn + - AlertSensitivityThreshold + - Action + x-required-permissions: + create: + - lookoutmetrics:CreateAlert + - iam:PassRole + read: + - lookoutmetrics:DescribeAlert + delete: + - lookoutmetrics:DeleteAlert + list: + - lookoutmetrics:ListAlerts + ColumnName: + description: Name of a column in the data. + type: string + minLength: 1 + maxLength: 63 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]* + Charset: + type: string + maxLength: 63 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]* + CsvFormatDescriptor: + type: object + properties: + FileCompression: + type: string + enum: + - NONE + - GZIP + Charset: + $ref: '#/components/schemas/Charset' + Delimiter: + type: string + maxLength: 1 + pattern: '[^\r\n]' + HeaderList: + type: array + items: + $ref: '#/components/schemas/ColumnName' + QuoteSymbol: + type: string + maxLength: 1 + pattern: '[^\r\n]|^$' + ContainsHeader: + type: boolean + additionalProperties: false + JsonFormatDescriptor: + type: object + properties: + FileCompression: + type: string + enum: + - NONE + - GZIP + Charset: + $ref: '#/components/schemas/Charset' + additionalProperties: false + FileFormatDescriptor: + type: object + properties: + CsvFormatDescriptor: + $ref: '#/components/schemas/CsvFormatDescriptor' + JsonFormatDescriptor: + $ref: '#/components/schemas/JsonFormatDescriptor' + additionalProperties: false + S3SourceConfig: + type: object + properties: + RoleArn: + $ref: '#/components/schemas/Arn' + TemplatedPathList: + type: array + minItems: 1 + maxItems: 1 + items: + type: string + maxLength: 1024 + pattern: ^s3://[a-zA-Z0-9_\-\/ {}=]+$ + HistoricalDataPathList: + type: array + minItems: 1 + maxItems: 1 + items: + type: string + maxLength: 1024 + pattern: ^s3://[a-z0-9].+$ + FileFormatDescriptor: + $ref: '#/components/schemas/FileFormatDescriptor' + additionalProperties: false + required: + - RoleArn + - FileFormatDescriptor + AppFlowConfig: + type: object + properties: + RoleArn: + $ref: '#/components/schemas/Arn' + FlowName: + type: string + maxLength: 256 + pattern: '[a-zA-Z0-9][\w!@#.-]+' + required: + - RoleArn + - FlowName + additionalProperties: false + CloudwatchConfig: + type: object + properties: + RoleArn: + $ref: '#/components/schemas/Arn' + required: + - RoleArn + additionalProperties: false + DatabaseHost: + type: string + minLength: 1 + maxLength: 253 + pattern: .*\S.* + DatabasePort: + type: integer + minimum: 1 + maximum: 65535 + TableName: + type: string + minLength: 1 + maxLength: 100 + pattern: ^[a-zA-Z][a-zA-Z0-9_]*$ + SubnetIdList: + type: array + items: + type: string + maxLength: 255 + pattern: '[\-0-9a-zA-Z]+' + SecurityGroupIdList: + type: array + items: + type: string + minLength: 1 + maxLength: 255 + pattern: '[-0-9a-zA-Z]+' + VpcConfiguration: + type: object + properties: + SubnetIdList: + $ref: '#/components/schemas/SubnetIdList' + SecurityGroupIdList: + $ref: '#/components/schemas/SecurityGroupIdList' + required: + - SubnetIdList + - SecurityGroupIdList + additionalProperties: false + SecretManagerArn: + type: string + maxLength: 256 + pattern: arn:([a-z\d-]+):.*:.*:secret:AmazonLookoutMetrics-.+ + RDSSourceConfig: + type: object + properties: + DBInstanceIdentifier: + type: string + minLength: 1 + maxLength: 63 + pattern: ^[a-zA-Z](?!.*--)(?!.*-$)[0-9a-zA-Z\-]*$ + DatabaseHost: + $ref: '#/components/schemas/DatabaseHost' + DatabasePort: + $ref: '#/components/schemas/DatabasePort' + SecretManagerArn: + $ref: '#/components/schemas/SecretManagerArn' + DatabaseName: + type: string + minLength: 1 + maxLength: 64 + pattern: '[a-zA-Z0-9_]+' + TableName: + $ref: '#/components/schemas/TableName' + RoleArn: + $ref: '#/components/schemas/Arn' + VpcConfiguration: + $ref: '#/components/schemas/VpcConfiguration' + required: + - DBInstanceIdentifier + - DatabaseHost + - DatabasePort + - SecretManagerArn + - DatabaseName + - TableName + - RoleArn + - VpcConfiguration + additionalProperties: false + RedshiftSourceConfig: + type: object + properties: + ClusterIdentifier: + type: string + minLength: 1 + maxLength: 63 + pattern: ^[a-z](?!.*--)(?!.*-$)[0-9a-z\-]*$ + DatabaseHost: + $ref: '#/components/schemas/DatabaseHost' + DatabasePort: + $ref: '#/components/schemas/DatabasePort' + SecretManagerArn: + $ref: '#/components/schemas/SecretManagerArn' + DatabaseName: + type: string + minLength: 1 + maxLength: 100 + pattern: '[a-z0-9]+' + TableName: + $ref: '#/components/schemas/TableName' + RoleArn: + $ref: '#/components/schemas/Arn' + VpcConfiguration: + $ref: '#/components/schemas/VpcConfiguration' + required: + - ClusterIdentifier + - DatabaseHost + - DatabasePort + - SecretManagerArn + - DatabaseName + - TableName + - RoleArn + - VpcConfiguration + additionalProperties: false + MetricSource: + type: object + properties: + S3SourceConfig: + $ref: '#/components/schemas/S3SourceConfig' + RDSSourceConfig: + $ref: '#/components/schemas/RDSSourceConfig' + RedshiftSourceConfig: + $ref: '#/components/schemas/RedshiftSourceConfig' + CloudwatchConfig: + $ref: '#/components/schemas/CloudwatchConfig' + AppFlowConfig: + $ref: '#/components/schemas/AppFlowConfig' + additionalProperties: false + TimestampColumn: + type: object + additionalProperties: false + properties: + ColumnName: + $ref: '#/components/schemas/ColumnName' + ColumnFormat: + description: A timestamp format for the timestamps in the dataset + type: string + maxLength: 63 + pattern: .*\S.* + Metric: + type: object + additionalProperties: false + properties: + MetricName: + $ref: '#/components/schemas/ColumnName' + AggregationFunction: + description: Operator used to aggregate metric values + type: string + enum: + - AVG + - SUM + Namespace: + type: string + minLength: 1 + maxLength: 255 + pattern: '[^:].*' + required: + - MetricName + - AggregationFunction + MetricSet: + type: object + properties: + MetricSetName: + description: The name of the MetricSet. + type: string + minLength: 1 + maxLength: 63 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]* + MetricSetDescription: + description: A description for the MetricSet. + type: string + maxLength: 256 + pattern: .*\S.* + MetricSource: + $ref: '#/components/schemas/MetricSource' + MetricList: + description: Metrics captured by this MetricSet. + type: array + x-insertionOrder: false + minItems: 1 + items: + $ref: '#/components/schemas/Metric' + Offset: + description: Offset, in seconds, between the frequency interval and the time at which the metrics are available. + type: integer + minimum: 0 + maximum: 432000 + TimestampColumn: + $ref: '#/components/schemas/TimestampColumn' + DimensionList: + description: Dimensions for this MetricSet. + type: array + x-insertionOrder: false + minItems: 0 + items: + $ref: '#/components/schemas/ColumnName' + MetricSetFrequency: + description: A frequency period to aggregate the data + type: string + enum: + - PT5M + - PT10M + - PT1H + - P1D + Timezone: + type: string + maxLength: 60 + pattern: .*\S.* + required: + - MetricSetName + - MetricList + - MetricSource + additionalProperties: false + AnomalyDetectorFrequency: + description: Frequency of anomaly detection + type: string + enum: + - PT5M + - PT10M + - PT1H + - P1D + AnomalyDetectorConfig: + type: object + properties: + AnomalyDetectorFrequency: + description: Frequency of anomaly detection + $ref: '#/components/schemas/AnomalyDetectorFrequency' + required: + - AnomalyDetectorFrequency + additionalProperties: false + AnomalyDetector: + type: object + properties: + Arn: + $ref: '#/components/schemas/Arn' + AnomalyDetectorName: + description: Name for the Amazon Lookout for Metrics Anomaly Detector + type: string + minLength: 1 + maxLength: 63 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]* + AnomalyDetectorDescription: + description: A description for the AnomalyDetector. + type: string + maxLength: 256 + pattern: .*\S.* + AnomalyDetectorConfig: + description: Configuration options for the AnomalyDetector + $ref: '#/components/schemas/AnomalyDetectorConfig' + MetricSetList: + description: List of metric sets for anomaly detection + type: array + minItems: 1 + maxItems: 1 + items: + $ref: '#/components/schemas/MetricSet' + KmsKeyArn: + description: KMS key used to encrypt the AnomalyDetector data + type: string + minLength: 20 + maxLength: 2048 + pattern: arn:aws.*:kms:.*:[0-9]{12}:key/.* + required: + - AnomalyDetectorConfig + - MetricSetList + x-stackql-resource-name: anomaly_detector + description: An Amazon Lookout for Metrics Detector + x-type-name: AWS::LookoutMetrics::AnomalyDetector + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - AnomalyDetectorName + - MetricSource + x-read-only-properties: + - Arn + x-required-properties: + - AnomalyDetectorConfig + - MetricSetList + x-required-permissions: + create: + - lookoutmetrics:CreateAnomalyDetector + - lookoutmetrics:DeleteAnomalyDetector + - lookoutmetrics:CreateMetricSet + - iam:PassRole + read: + - lookoutmetrics:DescribeAnomalyDetector + - lookoutmetrics:DescribeMetricSet + - lookoutmetrics:ListMetricSets + update: + - lookoutmetrics:UpdateAnomalyDetector + - lookoutmetrics:UpdateMetricSet + delete: + - lookoutmetrics:DescribeAnomalyDetector + - lookoutmetrics:DeleteAnomalyDetector + list: + - lookoutmetrics:ListAnomalyDetectors + x-stackQL-resources: + alerts: + name: alerts + id: aws.lookoutmetrics.alerts + x-cfn-schema-name: Alert + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LookoutMetrics::Alert' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LookoutMetrics::Alert' + AND region = 'us-east-1' + alert: + name: alert + id: aws.lookoutmetrics.alert + x-cfn-schema-name: Alert + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AlertName') as alert_name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AlertDescription') as alert_description, + JSON_EXTRACT(Properties, '$.AnomalyDetectorArn') as anomaly_detector_arn, + JSON_EXTRACT(Properties, '$.AlertSensitivityThreshold') as alert_sensitivity_threshold, + JSON_EXTRACT(Properties, '$.Action') as action + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LookoutMetrics::Alert' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AlertName') as alert_name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AlertDescription') as alert_description, + json_extract_path_text(Properties, 'AnomalyDetectorArn') as anomaly_detector_arn, + json_extract_path_text(Properties, 'AlertSensitivityThreshold') as alert_sensitivity_threshold, + json_extract_path_text(Properties, 'Action') as action + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LookoutMetrics::Alert' + AND data__Identifier = '' + AND region = 'us-east-1' + anomaly_detectors: + name: anomaly_detectors + id: aws.lookoutmetrics.anomaly_detectors + x-cfn-schema-name: AnomalyDetector + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LookoutMetrics::AnomalyDetector' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LookoutMetrics::AnomalyDetector' + AND region = 'us-east-1' + anomaly_detector: + name: anomaly_detector + id: aws.lookoutmetrics.anomaly_detector + x-cfn-schema-name: AnomalyDetector + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AnomalyDetectorName') as anomaly_detector_name, + JSON_EXTRACT(Properties, '$.AnomalyDetectorDescription') as anomaly_detector_description, + JSON_EXTRACT(Properties, '$.AnomalyDetectorConfig') as anomaly_detector_config, + JSON_EXTRACT(Properties, '$.MetricSetList') as metric_set_list, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LookoutMetrics::AnomalyDetector' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AnomalyDetectorName') as anomaly_detector_name, + json_extract_path_text(Properties, 'AnomalyDetectorDescription') as anomaly_detector_description, + json_extract_path_text(Properties, 'AnomalyDetectorConfig') as anomaly_detector_config, + json_extract_path_text(Properties, 'MetricSetList') as metric_set_list, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LookoutMetrics::AnomalyDetector' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/lookoutvision.yaml b/providers/src/aws/v00.00.00000/services/lookoutvision.yaml new file mode 100644 index 00000000..b72b471d --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/lookoutvision.yaml @@ -0,0 +1,103 @@ +openapi: 3.0.0 +info: + title: LookoutVision + version: 1.0.0 +paths: {} +components: + schemas: + Arn: + type: string + maxLength: 1000 + ProjectName: + description: The name of the Amazon Lookout for Vision project + type: string + minLength: 1 + maxLength: 255 + pattern: '[a-zA-Z0-9][a-zA-Z0-9_\-]*' + Project: + type: object + properties: + Arn: + $ref: '#/components/schemas/Arn' + ProjectName: + $ref: '#/components/schemas/ProjectName' + required: + - ProjectName + x-stackql-resource-name: project + description: The AWS::LookoutVision::Project type creates an Amazon Lookout for Vision project. A project is a grouping of the resources needed to create and manage a Lookout for Vision model. + x-type-name: AWS::LookoutVision::Project + x-stackql-primary-identifier: + - ProjectName + x-create-only-properties: + - ProjectName + x-read-only-properties: + - Arn + x-required-properties: + - ProjectName + x-required-permissions: + create: + - lookoutvision:CreateProject + read: + - lookoutvision:DescribeProject + update: [] + delete: + - lookoutvision:DeleteProject + list: + - lookoutvision:ListProjects + x-stackQL-resources: + projects: + name: projects + id: aws.lookoutvision.projects + x-cfn-schema-name: Project + x-type: list + x-identifiers: + - ProjectName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ProjectName') as project_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LookoutVision::Project' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ProjectName') as project_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LookoutVision::Project' + AND region = 'us-east-1' + project: + name: project + id: aws.lookoutvision.project + x-cfn-schema-name: Project + x-type: get + x-identifiers: + - ProjectName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ProjectName') as project_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LookoutVision::Project' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ProjectName') as project_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LookoutVision::Project' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/m2.yaml b/providers/src/aws/v00.00.00000/services/m2.yaml new file mode 100644 index 00000000..a26f018f --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/m2.yaml @@ -0,0 +1,476 @@ +openapi: 3.0.0 +info: + title: M2 + version: 1.0.0 +paths: {} +components: + schemas: + Definition: + oneOf: + - type: object + title: S3Location + properties: + S3Location: + type: string + pattern: ^\S{1,2000}$ + required: + - S3Location + additionalProperties: false + - type: object + title: Content + properties: + Content: + type: string + maxLength: 65000 + minLength: 1 + required: + - Content + additionalProperties: false + EngineType: + type: string + description: The target platform for the environment. + enum: + - microfocus + - bluage + TagMap: + type: object + description: Defines tags associated to an environment. + maxProperties: 200 + minProperties: 0 + x-patternProperties: + ^(?!aws:).+$: + type: string + maxLength: 256 + minLength: 0 + additionalProperties: false + Application: + type: object + properties: + ApplicationArn: + type: string + pattern: ^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+=,@.-]{0,1023}$ + ApplicationId: + type: string + pattern: ^\S{1,80}$ + Definition: + $ref: '#/components/schemas/Definition' + Description: + type: string + maxLength: 500 + minLength: 0 + EngineType: + $ref: '#/components/schemas/EngineType' + KmsKeyId: + type: string + maxLength: 2048 + description: The ID or the Amazon Resource Name (ARN) of the customer managed KMS Key used for encrypting application-related resources. + Name: + type: string + pattern: ^[A-Za-z0-9][A-Za-z0-9_\-]{1,59}$ + RoleArn: + type: string + pattern: ^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]|):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+=,@.-]{0,1023}$ + Tags: + $ref: '#/components/schemas/TagMap' + required: + - Definition + - EngineType + - Name + x-stackql-resource-name: application + description: Represents an application that runs on an AWS Mainframe Modernization Environment + x-type-name: AWS::M2::Application + x-stackql-primary-identifier: + - ApplicationArn + x-create-only-properties: + - EngineType + - Name + - KmsKeyId + - RoleArn + x-write-only-properties: + - Definition + x-read-only-properties: + - ApplicationArn + - ApplicationId + x-required-properties: + - Definition + - EngineType + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - m2:CreateApplication + - m2:GetApplication + - m2:ListTagsForResource + - m2:TagResource + - s3:GetObject + - s3:ListBucket + - kms:DescribeKey + - kms:CreateGrant + - iam:PassRole + read: + - m2:GetApplication + - m2:ListTagsForResource + update: + - m2:UpdateApplication + - m2:GetApplication + - m2:ListTagsForResource + - m2:TagResource + - m2:UntagResource + - s3:GetObject + - s3:ListBucket + delete: + - elasticloadbalancing:DeleteListener + - elasticloadbalancing:DeleteTargetGroup + - logs:DeleteLogDelivery + - m2:GetApplication + - m2:DeleteApplication + list: + - m2:ListApplications + EfsStorageConfiguration: + type: object + description: Defines the storage configuration for an Amazon EFS file system. + properties: + FileSystemId: + type: string + description: The file system identifier. + pattern: ^\S{1,200}$ + MountPoint: + type: string + description: The mount point for the file system. + pattern: ^\S{1,200}$ + required: + - FileSystemId + - MountPoint + additionalProperties: false + FsxStorageConfiguration: + type: object + description: Defines the storage configuration for an Amazon FSx file system. + properties: + FileSystemId: + type: string + description: The file system identifier. + pattern: ^\S{1,200}$ + MountPoint: + type: string + description: The mount point for the file system. + pattern: ^\S{1,200}$ + required: + - FileSystemId + - MountPoint + additionalProperties: false + HighAvailabilityConfig: + type: object + description: Defines the details of a high availability configuration. + properties: + DesiredCapacity: + type: integer + maximum: 100 + minimum: 1 + required: + - DesiredCapacity + additionalProperties: false + StorageConfiguration: + type: object + description: Defines the storage configuration for an environment. + oneOf: + - properties: + Efs: + $ref: '#/components/schemas/EfsStorageConfiguration' + required: + - Efs + additionalProperties: false + - properties: + Fsx: + $ref: '#/components/schemas/FsxStorageConfiguration' + required: + - Fsx + additionalProperties: false + Environment: + type: object + properties: + Description: + type: string + description: The description of the environment. + maxLength: 500 + minLength: 0 + EngineType: + $ref: '#/components/schemas/EngineType' + EngineVersion: + type: string + description: The version of the runtime engine for the environment. + pattern: ^\S{1,10}$ + EnvironmentArn: + type: string + description: The Amazon Resource Name (ARN) of the runtime environment. + pattern: ^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+=,@.-]{0,1023}$ + EnvironmentId: + type: string + description: The unique identifier of the environment. + pattern: ^\S{1,80}$ + HighAvailabilityConfig: + $ref: '#/components/schemas/HighAvailabilityConfig' + InstanceType: + type: string + description: The type of instance underlying the environment. + pattern: ^\S{1,20}$ + KmsKeyId: + type: string + maxLength: 2048 + description: The ID or the Amazon Resource Name (ARN) of the customer managed KMS Key used for encrypting environment-related resources. + Name: + type: string + description: The name of the environment. + pattern: ^[A-Za-z0-9][A-Za-z0-9_\-]{1,59}$ + PreferredMaintenanceWindow: + type: string + description: Configures a desired maintenance window for the environment. If you do not provide a value, a random system-generated value will be assigned. + pattern: ^\S{1,50}$ + PubliclyAccessible: + type: boolean + description: Specifies whether the environment is publicly accessible. + SecurityGroupIds: + type: array + description: The list of security groups for the VPC associated with this environment. + x-insertionOrder: false + items: + type: string + pattern: ^\S{1,50}$ + StorageConfigurations: + type: array + description: The storage configurations defined for the runtime environment. + x-insertionOrder: false + items: + $ref: '#/components/schemas/StorageConfiguration' + SubnetIds: + type: array + description: The unique identifiers of the subnets assigned to this runtime environment. + x-insertionOrder: false + items: + type: string + pattern: ^\S{1,50}$ + Tags: + description: Tags associated to this environment. + $ref: '#/components/schemas/TagMap' + required: + - EngineType + - InstanceType + - Name + x-stackql-resource-name: environment + description: Represents a runtime environment that can run migrated mainframe applications. + x-type-name: AWS::M2::Environment + x-stackql-primary-identifier: + - EnvironmentArn + x-create-only-properties: + - Description + - EngineType + - KmsKeyId + - Name + - PubliclyAccessible + - SecurityGroupIds + - StorageConfigurations + - SubnetIds + x-read-only-properties: + - EnvironmentArn + - EnvironmentId + x-required-properties: + - EngineType + - InstanceType + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:CreateNetworkInterface + - ec2:CreateNetworkInterfacePermission + - ec2:DescribeNetworkInterfaces + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcAttribute + - ec2:DescribeVpcs + - ec2:ModifyNetworkInterfaceAttribute + - elasticfilesystem:DescribeMountTargets + - elasticloadbalancing:CreateLoadBalancer + - elasticloadbalancing:AddTags + - fsx:DescribeFileSystems + - iam:CreateServiceLinkedRole + - kms:DescribeKey + - kms:CreateGrant + - m2:CreateEnvironment + - m2:GetEnvironment + - m2:ListTagsForResource + - m2:TagResource + read: + - m2:ListTagsForResource + - m2:GetEnvironment + update: + - m2:TagResource + - m2:UntagResource + - m2:ListTagsForResource + - m2:GetEnvironment + - m2:UpdateEnvironment + delete: + - elasticloadbalancing:DeleteLoadBalancer + - m2:DeleteEnvironment + - m2:GetEnvironment + list: + - m2:ListEnvironments + x-stackQL-resources: + applications: + name: applications + id: aws.m2.applications + x-cfn-schema-name: Application + x-type: list + x-identifiers: + - ApplicationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationArn') as application_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::M2::Application' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationArn') as application_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::M2::Application' + AND region = 'us-east-1' + application: + name: application + id: aws.m2.application + x-cfn-schema-name: Application + x-type: get + x-identifiers: + - ApplicationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApplicationArn') as application_arn, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.Definition') as definition, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EngineType') as engine_type, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::M2::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApplicationArn') as application_arn, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'Definition') as definition, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EngineType') as engine_type, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::M2::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + environments: + name: environments + id: aws.m2.environments + x-cfn-schema-name: Environment + x-type: list + x-identifiers: + - EnvironmentArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EnvironmentArn') as environment_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::M2::Environment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EnvironmentArn') as environment_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::M2::Environment' + AND region = 'us-east-1' + environment: + name: environment + id: aws.m2.environment + x-cfn-schema-name: Environment + x-type: get + x-identifiers: + - EnvironmentArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EngineType') as engine_type, + JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(Properties, '$.EnvironmentArn') as environment_arn, + JSON_EXTRACT(Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(Properties, '$.HighAvailabilityConfig') as high_availability_config, + JSON_EXTRACT(Properties, '$.InstanceType') as instance_type, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, + JSON_EXTRACT(Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.StorageConfigurations') as storage_configurations, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::M2::Environment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EngineType') as engine_type, + json_extract_path_text(Properties, 'EngineVersion') as engine_version, + json_extract_path_text(Properties, 'EnvironmentArn') as environment_arn, + json_extract_path_text(Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(Properties, 'HighAvailabilityConfig') as high_availability_config, + json_extract_path_text(Properties, 'InstanceType') as instance_type, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, + json_extract_path_text(Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'StorageConfigurations') as storage_configurations, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::M2::Environment' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/macie.yaml b/providers/src/aws/v00.00.00000/services/macie.yaml new file mode 100644 index 00000000..3fbad4da --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/macie.yaml @@ -0,0 +1,644 @@ +openapi: 3.0.0 +info: + title: Macie + version: 1.0.0 +paths: {} +components: + schemas: + Regex: + type: string + S3WordsList: + type: object + properties: + BucketName: + type: string + ObjectKey: + type: string + required: + - BucketName + - ObjectKey + additionalProperties: false + Criteria: + description: The regex or s3 object to use for the AllowList. + type: object + oneOf: + - additionalProperties: false + properties: + Regex: + type: string + description: The S3 object key for the AllowList. + required: + - Regex + - additionalProperties: false + properties: + S3WordsList: + $ref: '#/components/schemas/S3WordsList' + description: The S3 location for the AllowList. + required: + - S3WordsList + Status: + description: The status for the AllowList + type: string + enum: + - OK + - S3_OBJECT_NOT_FOUND + - S3_USER_ACCESS_DENIED + - S3_OBJECT_ACCESS_DENIED + - S3_THROTTLED + - S3_OBJECT_OVERSIZE + - S3_OBJECT_EMPTY + - UNKNOWN_ERROR + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: The tag's key. + Value: + type: string + description: The tag's value. + required: + - Value + - Key + additionalProperties: false + AllowList: + type: object + properties: + Name: + description: Name of AllowList. + type: string + Description: + description: Description of AllowList. + type: string + Criteria: + description: AllowList criteria. + $ref: '#/components/schemas/Criteria' + Id: + description: AllowList ID. + type: string + Arn: + description: AllowList ARN. + type: string + Status: + description: AllowList status. + $ref: '#/components/schemas/Status' + Tags: + description: A collection of tags associated with a resource + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - Criteria + x-stackql-resource-name: allow_list + description: Macie AllowList resource schema + x-type-name: AWS::Macie::AllowList + x-stackql-primary-identifier: + - Id + x-stackql-additional-identifiers: + - - Arn + x-read-only-properties: + - Id + - Arn + - Status + x-required-properties: + - Name + - Criteria + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - macie2:CreateAllowList + - macie2:GetAllowList + - macie2:TagResource + read: + - macie2:GetAllowList + update: + - macie2:UpdateAllowList + - macie2:GetAllowList + - macie2:TagResource + - macie2:UntagResource + delete: + - macie2:DeleteAllowList + list: + - macie2:ListAllowLists + CustomDataIdentifier: + type: object + properties: + Name: + description: Name of custom data identifier. + type: string + Description: + description: Description of custom data identifier. + type: string + Regex: + description: Regular expression for custom data identifier. + type: string + MaximumMatchDistance: + description: Maximum match distance. + type: integer + Keywords: + description: Keywords to be matched against. + type: array + items: + type: string + IgnoreWords: + description: Words to be ignored. + type: array + items: + type: string + Id: + description: Custom data identifier ID. + type: string + Arn: + description: Custom data identifier ARN. + type: string + Tags: + description: A collection of tags associated with a resource + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - Regex + x-stackql-resource-name: custom_data_identifier + description: Macie CustomDataIdentifier resource schema + x-type-name: AWS::Macie::CustomDataIdentifier + x-stackql-primary-identifier: + - Id + x-stackql-additional-identifiers: + - - Arn + x-create-only-properties: + - Name + - Description + - Regex + - MaximumMatchDistance + - Keywords + - IgnoreWords + x-read-only-properties: + - Id + - Arn + x-required-properties: + - Name + - Regex + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - macie2:CreateCustomDataIdentifier + - macie2:GetCustomDataIdentifier + - macie2:TagResource + read: + - macie2:GetCustomDataIdentifier + delete: + - macie2:DeleteCustomDataIdentifier + list: + - macie2:ListCustomDataIdentifiers + update: + - macie2:TagResource + - macie2:UntagResource + CriterionAdditionalProperties: + type: object + properties: + gt: + type: integer + format: int64 + gte: + type: integer + format: int64 + lt: + type: integer + format: int64 + lte: + type: integer + format: int64 + eq: + type: array + items: + type: string + neq: + type: array + items: + type: string + additionalProperties: false + Criterion: + description: Map of filter criteria. + type: object + x-patternProperties: + \w: + $ref: '#/components/schemas/CriterionAdditionalProperties' + additionalProperties: false + FindingCriteria: + type: object + properties: + Criterion: + $ref: '#/components/schemas/Criterion' + additionalProperties: false + FindingFilterAction: + type: string + enum: + - ARCHIVE + - NOOP + FindingsFilterListItem: + description: Returned by ListHandler representing filter name and ID. + type: object + properties: + Id: + type: string + Name: + type: string + FindingsFilter: + type: object + properties: + Name: + description: Findings filter name + type: string + Description: + description: Findings filter description + type: string + FindingCriteria: + description: Findings filter criteria. + $ref: '#/components/schemas/FindingCriteria' + Action: + description: Findings filter action. + $ref: '#/components/schemas/FindingFilterAction' + Position: + description: Findings filter position. + type: integer + Id: + description: Findings filter ID. + type: string + Arn: + description: Findings filter ARN. + type: string + Tags: + description: A collection of tags associated with a resource + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - FindingCriteria + x-stackql-resource-name: findings_filter + description: Macie FindingsFilter resource schema. + x-type-name: AWS::Macie::FindingsFilter + x-stackql-primary-identifier: + - Id + x-stackql-additional-identifiers: + - - Arn + - - Name + x-read-only-properties: + - Id + - Arn + x-required-properties: + - Name + - FindingCriteria + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - macie2:GetFindingsFilter + - macie2:CreateFindingsFilter + - macie2:TagResource + read: + - macie2:GetFindingsFilter + update: + - macie2:GetFindingsFilter + - macie2:UpdateFindingsFilter + - macie2:TagResource + - macie2:UntagResource + delete: + - macie2:DeleteFindingsFilter + list: + - macie2:ListFindingsFilters + Session: + type: object + properties: + AwsAccountId: + description: AWS account ID of customer + type: string + Status: + description: A enumeration value that specifies the status of the Macie Session. + type: string + enum: + - ENABLED + - PAUSED + default: ENABLED + FindingPublishingFrequency: + description: A enumeration value that specifies how frequently finding updates are published. + type: string + enum: + - FIFTEEN_MINUTES + - ONE_HOUR + - SIX_HOURS + default: SIX_HOURS + ServiceRole: + description: Service role used by Macie + type: string + x-stackql-resource-name: session + description: The AWS::Macie::Session resource specifies a new Amazon Macie session. A session is an object that represents the Amazon Macie service. A session is required for Amazon Macie to become operational. + x-type-name: AWS::Macie::Session + x-stackql-primary-identifier: + - AwsAccountId + x-read-only-properties: + - AwsAccountId + - ServiceRole + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - macie2:GetMacieSession + - macie2:EnableMacie + read: + - macie2:GetMacieSession + list: + - macie2:GetMacieSession + update: + - macie2:GetMacieSession + - macie2:UpdateMacieSession + delete: + - macie2:DisableMacie + x-stackQL-resources: + allow_lists: + name: allow_lists + id: aws.macie.allow_lists + x-cfn-schema-name: AllowList + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Macie::AllowList' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Macie::AllowList' + AND region = 'us-east-1' + allow_list: + name: allow_list + id: aws.macie.allow_list + x-cfn-schema-name: AllowList + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Criteria') as criteria, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Macie::AllowList' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Criteria') as criteria, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Macie::AllowList' + AND data__Identifier = '' + AND region = 'us-east-1' + custom_data_identifiers: + name: custom_data_identifiers + id: aws.macie.custom_data_identifiers + x-cfn-schema-name: CustomDataIdentifier + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Macie::CustomDataIdentifier' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Macie::CustomDataIdentifier' + AND region = 'us-east-1' + custom_data_identifier: + name: custom_data_identifier + id: aws.macie.custom_data_identifier + x-cfn-schema-name: CustomDataIdentifier + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Regex') as regex, + JSON_EXTRACT(Properties, '$.MaximumMatchDistance') as maximum_match_distance, + JSON_EXTRACT(Properties, '$.Keywords') as keywords, + JSON_EXTRACT(Properties, '$.IgnoreWords') as ignore_words, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Macie::CustomDataIdentifier' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Regex') as regex, + json_extract_path_text(Properties, 'MaximumMatchDistance') as maximum_match_distance, + json_extract_path_text(Properties, 'Keywords') as keywords, + json_extract_path_text(Properties, 'IgnoreWords') as ignore_words, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Macie::CustomDataIdentifier' + AND data__Identifier = '' + AND region = 'us-east-1' + findings_filters: + name: findings_filters + id: aws.macie.findings_filters + x-cfn-schema-name: FindingsFilter + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Macie::FindingsFilter' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Macie::FindingsFilter' + AND region = 'us-east-1' + findings_filter: + name: findings_filter + id: aws.macie.findings_filter + x-cfn-schema-name: FindingsFilter + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.FindingCriteria') as finding_criteria, + JSON_EXTRACT(Properties, '$.Action') as action, + JSON_EXTRACT(Properties, '$.Position') as position, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Macie::FindingsFilter' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'FindingCriteria') as finding_criteria, + json_extract_path_text(Properties, 'Action') as action, + json_extract_path_text(Properties, 'Position') as position, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Macie::FindingsFilter' + AND data__Identifier = '' + AND region = 'us-east-1' + sessions: + name: sessions + id: aws.macie.sessions + x-cfn-schema-name: Session + x-type: list + x-identifiers: + - AwsAccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Macie::Session' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Macie::Session' + AND region = 'us-east-1' + session: + name: session + id: aws.macie.session + x-cfn-schema-name: Session + x-type: get + x-identifiers: + - AwsAccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.FindingPublishingFrequency') as finding_publishing_frequency, + JSON_EXTRACT(Properties, '$.ServiceRole') as service_role + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Macie::Session' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'FindingPublishingFrequency') as finding_publishing_frequency, + json_extract_path_text(Properties, 'ServiceRole') as service_role + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Macie::Session' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/managedblockchain.yaml b/providers/src/aws/v00.00.00000/services/managedblockchain.yaml new file mode 100644 index 00000000..6eb68522 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/managedblockchain.yaml @@ -0,0 +1,187 @@ +openapi: 3.0.0 +info: + title: ManagedBlockchain + version: 1.0.0 +paths: {} +components: + schemas: + AccessorStatus: + type: string + enum: + - AVAILABLE + - PENDING_DELETION + - DELETED + AccessorType: + type: string + enum: + - BILLING_TOKEN + NetworkAccessorType: + type: string + enum: + - ETHEREUM_GOERLI + - ETHEREUM_MAINNET + - ETHEREUM_MAINNET_AND_GOERLI + - POLYGON_MAINNET + - POLYGON_MUMBAI + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 127 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 255 + required: + - Key + - Value + additionalProperties: false + Accessor: + type: object + properties: + Arn: + type: string + maxLength: 1011 + minLength: 1 + pattern: ^arn:.+:.+:.+:.+:.+$ + BillingToken: + type: string + maxLength: 42 + minLength: 42 + CreationDate: + type: string + Id: + type: string + maxLength: 32 + minLength: 1 + Status: + $ref: '#/components/schemas/AccessorStatus' + AccessorType: + $ref: '#/components/schemas/AccessorType' + NetworkType: + $ref: '#/components/schemas/NetworkAccessorType' + Tags: + type: array + maxItems: 50 + x-insertionOrder: false + uniqueItems: true + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + required: + - AccessorType + x-stackql-resource-name: accessor + description: Definition of AWS::ManagedBlockchain::com.amazonaws.taiga.webservice.api#Accessor Resource Type + x-type-name: AWS::ManagedBlockchain::Accessor + x-stackql-primary-identifier: + - Id + x-stackql-additional-identifiers: + - - Arn + x-create-only-properties: + - AccessorType + - NetworkType + x-write-only-properties: + - Tags + x-read-only-properties: + - Arn + - Id + - BillingToken + - CreationDate + - Status + x-required-properties: + - AccessorType + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + x-required-permissions: + create: + - managedblockchain:CreateAccessor + - managedblockchain:TagResource + - managedblockchain:GetAccessor + read: + - managedblockchain:GetAccessor + update: + - managedblockchain:GetAccessor + - managedblockchain:CreateAccessor + - managedblockchain:TagResource + - managedblockchain:UntagResource + delete: + - managedblockchain:DeleteAccessor + list: + - managedblockchain:ListAccessors + x-stackQL-resources: + accessors: + name: accessors + id: aws.managedblockchain.accessors + x-cfn-schema-name: Accessor + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ManagedBlockchain::Accessor' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ManagedBlockchain::Accessor' + AND region = 'us-east-1' + accessor: + name: accessor + id: aws.managedblockchain.accessor + x-cfn-schema-name: Accessor + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.BillingToken') as billing_token, + JSON_EXTRACT(Properties, '$.CreationDate') as creation_date, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.AccessorType') as accessor_type, + JSON_EXTRACT(Properties, '$.NetworkType') as network_type, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ManagedBlockchain::Accessor' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'BillingToken') as billing_token, + json_extract_path_text(Properties, 'CreationDate') as creation_date, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'AccessorType') as accessor_type, + json_extract_path_text(Properties, 'NetworkType') as network_type, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ManagedBlockchain::Accessor' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/mediaconnect.yaml b/providers/src/aws/v00.00.00000/services/mediaconnect.yaml new file mode 100644 index 00000000..fb467e2a --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/mediaconnect.yaml @@ -0,0 +1,1499 @@ +openapi: 3.0.0 +info: + title: MediaConnect + version: 1.0.0 +paths: {} +components: + schemas: + FailoverConfig: + type: object + description: The settings for source failover + properties: + State: + type: string + enum: + - ENABLED + - DISABLED + RecoveryWindow: + type: integer + description: Search window time to look for dash-7 packets + FailoverMode: + type: string + description: The type of failover you choose for this flow. MERGE combines the source streams into a single stream, allowing graceful recovery from any single-source loss. FAILOVER allows switching between different streams. + enum: + - MERGE + - FAILOVER + SourcePriority: + type: object + description: The priority you want to assign to a source. You can have a primary stream and a backup stream or two equally prioritized streams. + properties: + PrimarySource: + type: string + description: The name of the source you choose as the primary source for this flow. + required: + - PrimarySource + additionalProperties: false + additionalProperties: false + BridgeStateEnum: + type: string + enum: + - CREATING + - STANDBY + - STARTING + - DEPLOYING + - ACTIVE + - STOPPING + - DELETING + - DELETED + - START_FAILED + - START_PENDING + - UPDATING + FailoverConfigStateEnum: + type: string + enum: + - ENABLED + - DISABLED + FailoverModeEnum: + type: string + enum: + - FAILOVER + SourcePriority: + type: object + description: The priority you want to assign to a source. You can have a primary stream and a backup stream or two equally prioritized streams. + properties: + PrimarySource: + description: The name of the source you choose as the primary source for this flow. + type: string + additionalProperties: false + BridgeOutput: + type: object + properties: + BridgeArn: + description: The Amazon Resource Number (ARN) of the bridge. + type: string + NetworkOutput: + description: The output of the bridge. + $ref: '#/components/schemas/BridgeNetworkOutput' + Name: + type: string + description: The network output name. + required: + - BridgeArn + - Name + - NetworkOutput + x-stackql-resource-name: bridge_output + description: Resource schema for AWS::MediaConnect::BridgeOutput + x-type-name: AWS::MediaConnect::BridgeOutput + x-stackql-primary-identifier: + - BridgeArn + - Name + x-create-only-properties: + - BridgeArn + - Name + x-required-properties: + - BridgeArn + - Name + - NetworkOutput + x-tagging: + taggable: false + x-required-permissions: + create: + - mediaconnect:AddBridgeOutputs + - mediaconnect:DescribeBridge + read: + - mediaconnect:DescribeBridge + update: + - mediaconnect:DescribeBridge + - mediaconnect:UpdateBridgeOutput + delete: + - mediaconnect:RemoveBridgeOutput + BridgeNetworkOutput: + type: object + description: The output of the bridge. A network output is delivered to your premises. + properties: + Protocol: + type: string + enum: + - rtp-fec + - rtp + - udp + description: The network output protocol. + IpAddress: + type: string + description: The network output IP Address. + Port: + type: integer + description: The network output port. + NetworkName: + type: string + description: The network output's gateway network name. + Ttl: + type: integer + description: The network output TTL. + required: + - Protocol + - IpAddress + - Port + - NetworkName + - Ttl + additionalProperties: false + BridgeSource: + type: object + properties: + Name: + type: string + description: The name of the source. + BridgeArn: + description: The Amazon Resource Number (ARN) of the bridge. + type: string + FlowSource: + $ref: '#/components/schemas/BridgeFlowSource' + NetworkSource: + $ref: '#/components/schemas/BridgeNetworkSource' + required: + - Name + - BridgeArn + x-stackql-resource-name: bridge_source + description: Resource schema for AWS::MediaConnect::BridgeSource + x-type-name: AWS::MediaConnect::BridgeSource + x-stackql-primary-identifier: + - BridgeArn + - Name + x-create-only-properties: + - BridgeArn + - Name + x-required-properties: + - Name + - BridgeArn + x-tagging: + taggable: false + x-required-permissions: + create: + - mediaconnect:AddBridgeSources + - mediaconnect:DescribeBridge + read: + - mediaconnect:DescribeBridge + update: + - mediaconnect:DescribeBridge + - mediaconnect:UpdateBridgeSource + delete: + - mediaconnect:RemoveBridgeSource + BridgeFlowSource: + type: object + description: The source of the bridge. A flow source originates in MediaConnect as an existing cloud flow. + properties: + FlowArn: + description: The ARN of the cloud flow used as a source of this bridge. + type: string + FlowVpcInterfaceAttachment: + description: The name of the VPC interface attachment to use for this source. + $ref: '#/components/schemas/VpcInterfaceAttachment' + additionalProperties: false + required: + - FlowArn + VpcInterfaceAttachment: + type: object + description: The settings for attaching a VPC interface to an resource. + properties: + VpcInterfaceName: + type: string + description: The name of the VPC interface to use for this resource. + additionalProperties: false + BridgeNetworkSource: + type: object + description: The source of the bridge. A network source originates at your premises. + properties: + Protocol: + description: The network source protocol. + $ref: '#/components/schemas/ProtocolEnum' + MulticastIp: + description: The network source multicast IP. + type: string + Port: + description: The network source port. + type: integer + NetworkName: + description: The network source's gateway network name. + type: string + required: + - Protocol + - MulticastIp + - Port + - NetworkName + additionalProperties: false + ProtocolEnum: + type: string + enum: + - rtp-fec + - rtp + - udp + IngressGatewayBridge: + type: object + properties: + MaxBitrate: + description: The maximum expected bitrate of the ingress bridge. + type: integer + MaxOutputs: + description: The maximum number of outputs on the ingress bridge. + type: integer + additionalProperties: false + required: + - MaxBitrate + - MaxOutputs + EgressGatewayBridge: + type: object + properties: + MaxBitrate: + type: integer + description: The maximum expected bitrate of the egress bridge. + additionalProperties: false + required: + - MaxBitrate + Bridge: + type: object + properties: + Name: + description: The name of the bridge. + type: string + BridgeArn: + description: The Amazon Resource Number (ARN) of the bridge. + type: string + PlacementArn: + description: The placement Amazon Resource Number (ARN) of the bridge. + type: string + BridgeState: + $ref: '#/components/schemas/BridgeStateEnum' + SourceFailoverConfig: + $ref: '#/components/schemas/FailoverConfig' + Outputs: + description: The outputs on this bridge. + type: array + minItems: 0 + maxItems: 2 + items: + $ref: '#/components/schemas/BridgeOutput' + x-insertionOrder: true + Sources: + description: The sources on this bridge. + type: array + minItems: 0 + maxItems: 2 + items: + $ref: '#/components/schemas/BridgeSource' + x-insertionOrder: true + IngressGatewayBridge: + type: object + $ref: '#/components/schemas/IngressGatewayBridge' + EgressGatewayBridge: + type: object + $ref: '#/components/schemas/EgressGatewayBridge' + required: + - Name + - PlacementArn + - Sources + x-stackql-resource-name: bridge + description: Resource schema for AWS::MediaConnect::Bridge + x-type-name: AWS::MediaConnect::Bridge + x-stackql-primary-identifier: + - BridgeArn + x-read-only-properties: + - BridgeArn + - BridgeState + x-required-properties: + - Name + - PlacementArn + - Sources + x-tagging: + taggable: false + x-required-permissions: + create: + - mediaconnect:CreateBridge + - mediaconnect:DescribeBridge + read: + - mediaconnect:DescribeBridge + update: + - mediaconnect:DescribeBridge + - mediaconnect:UpdateBridge + delete: + - mediaconnect:DescribeBridge + - mediaconnect:DeleteBridge + list: + - mediaconnect:ListBridges + Source: + description: The settings for the source of the flow. + type: object + properties: + SourceArn: + type: string + description: The ARN of the source. + Decryption: + $ref: '#/components/schemas/Encryption' + description: The type of decryption that is used on the content ingested from this source. + Description: + type: string + description: A description for the source. This value is not used or seen outside of the current AWS Elemental MediaConnect account. + EntitlementArn: + type: string + description: The ARN of the entitlement that allows you to subscribe to content that comes from another AWS account. The entitlement is set by the content originator and the ARN is generated as part of the originator's flow. + GatewayBridgeSource: + $ref: '#/components/schemas/GatewayBridgeSource' + description: The source configuration for cloud flows receiving a stream from a bridge. + IngestIp: + type: string + description: The IP address that the flow will be listening on for incoming content. + IngestPort: + type: integer + description: The port that the flow will be listening on for incoming content. + MaxBitrate: + type: integer + description: The smoothing max bitrate for RIST, RTP, and RTP-FEC streams. + MaxLatency: + type: integer + description: The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams. + default: 2000 + MinLatency: + type: integer + description: The minimum latency in milliseconds. + default: 2000 + Name: + type: string + description: The name of the source. + Protocol: + type: string + enum: + - zixi-push + - rtp-fec + - rtp + - rist + - fujitsu-qos + - srt-listener + - srt-caller + description: The protocol that is used by the source. + SenderIpAddress: + type: string + description: The IP address that the flow communicates with to initiate connection with the sender for fujitsu-qos protocol. + SenderControlPort: + type: integer + description: The port that the flow uses to send outbound requests to initiate connection with the sender for fujitsu-qos protocol. + StreamId: + type: string + description: The stream ID that you want to use for this transport. This parameter applies only to Zixi-based streams. + SourceIngestPort: + type: string + description: The port that the flow will be listening on for incoming content.(ReadOnly) + SourceListenerAddress: + type: string + description: Source IP or domain name for SRT-caller protocol. + SourceListenerPort: + type: integer + description: Source port for SRT-caller protocol. + VpcInterfaceName: + type: string + description: The name of the VPC Interface this Source is configured with. + WhitelistCidr: + type: string + description: The range of IP addresses that should be allowed to contribute content to your source. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16. + additionalProperties: false + Encryption: + type: object + description: Information about the encryption of the flow. + properties: + Algorithm: + type: string + enum: + - aes128 + - aes192 + - aes256 + description: The type of algorithm that is used for the encryption (such as aes128, aes192, or aes256). + ConstantInitializationVector: + type: string + description: A 128-bit, 16-byte hex value represented by a 32-character string, to be used with the key for encrypting content. This parameter is not valid for static key encryption. + DeviceId: + type: string + description: The value of one of the devices that you configured with your digital rights management (DRM) platform key provider. This parameter is required for SPEKE encryption and is not valid for static key encryption. + KeyType: + type: string + enum: + - speke + - static-key + - srt-password + description: The type of key that is used for the encryption. If no keyType is provided, the service will use the default setting (static-key). + default: static-key + Region: + type: string + description: The AWS Region that the API Gateway proxy endpoint was created in. This parameter is required for SPEKE encryption and is not valid for static key encryption. + ResourceId: + type: string + description: An identifier for the content. The service sends this value to the key server to identify the current endpoint. The resource ID is also known as the content ID. This parameter is required for SPEKE encryption and is not valid for static key encryption. + RoleArn: + type: string + description: The ARN of the role that you created during setup (when you set up AWS Elemental MediaConnect as a trusted entity). + SecretArn: + type: string + description: ' The ARN of the secret that you created in AWS Secrets Manager to store the encryption key. This parameter is required for static key encryption and is not valid for SPEKE encryption.' + Url: + type: string + description: The URL from the API Gateway proxy that you set up to talk to your key server. This parameter is required for SPEKE encryption and is not valid for static key encryption. + additionalProperties: false + required: + - RoleArn + GatewayBridgeSource: + type: object + description: The source configuration for cloud flows receiving a stream from a bridge. + properties: + BridgeArn: + type: string + description: The ARN of the bridge feeding this flow. + VpcInterfaceAttachment: + $ref: '#/components/schemas/VpcInterfaceAttachment' + description: The name of the VPC interface attachment to use for this bridge source. + additionalProperties: false + required: + - BridgeArn + Flow: + type: object + properties: + FlowArn: + description: The Amazon Resource Name (ARN), a unique identifier for any AWS resource, of the flow. + type: string + Name: + description: The name of the flow. + type: string + AvailabilityZone: + description: The Availability Zone that you want to create the flow in. These options are limited to the Availability Zones within the current AWS. + type: string + FlowAvailabilityZone: + description: The Availability Zone that you want to create the flow in. These options are limited to the Availability Zones within the current AWS.(ReadOnly) + type: string + Source: + description: The source of the flow. + $ref: '#/components/schemas/Source' + SourceFailoverConfig: + description: The source failover config of the flow. + $ref: '#/components/schemas/FailoverConfig' + required: + - Name + - Source + x-stackql-resource-name: flow + description: Resource schema for AWS::MediaConnect::Flow + x-type-name: AWS::MediaConnect::Flow + x-stackql-primary-identifier: + - FlowArn + x-create-only-properties: + - Name + - AvailabilityZone + - Source/Name + x-read-only-properties: + - FlowArn + - FlowAvailabilityZone + - Source/SourceArn + - Source/IngestIp + - Source/SourceIngestPort + x-required-properties: + - Name + - Source + x-required-permissions: + create: + - mediaconnect:CreateFlow + - iam:PassRole + read: + - mediaconnect:DescribeFlow + update: + - mediaconnect:DescribeFlow + - mediaconnect:UpdateFlow + - mediaconnect:UpdateFlowSource + delete: + - mediaconnect:DescribeFlow + - mediaconnect:DeleteFlow + list: + - mediaconnect:ListFlows + FlowEntitlement: + type: object + properties: + FlowArn: + type: string + description: The ARN of the flow. + EntitlementArn: + type: string + description: The ARN of the entitlement. + DataTransferSubscriberFeePercent: + type: integer + default: 0 + description: Percentage from 0-100 of the data transfer cost to be billed to the subscriber. + Description: + type: string + description: A description of the entitlement. + Encryption: + $ref: '#/components/schemas/Encryption' + description: The type of encryption that will be used on the output that is associated with this entitlement. + EntitlementStatus: + type: string + description: ' An indication of whether the entitlement is enabled.' + enum: + - ENABLED + - DISABLED + Name: + type: string + description: The name of the entitlement. + Subscribers: + type: array + description: The AWS account IDs that you want to share your content with. The receiving accounts (subscribers) will be allowed to create their own flow using your content as the source. + items: + type: string + required: + - FlowArn + - Name + - Subscribers + - Description + x-stackql-resource-name: flow_entitlement + description: Resource schema for AWS::MediaConnect::FlowEntitlement + x-type-name: AWS::MediaConnect::FlowEntitlement + x-stackql-primary-identifier: + - EntitlementArn + x-create-only-properties: + - DataTransferSubscriberFeePercent + - Name + x-read-only-properties: + - EntitlementArn + x-required-properties: + - FlowArn + - Name + - Subscribers + - Description + x-required-permissions: + create: + - iam:PassRole + - mediaconnect:GrantFlowEntitlements + read: + - mediaconnect:DescribeFlow + update: + - mediaconnect:DescribeFlow + - mediaconnect:UpdateFlowEntitlement + delete: + - mediaconnect:DescribeFlow + - mediaconnect:RevokeFlowEntitlement + list: + - mediaconnect:DescribeFlow + FlowOutput: + type: object + properties: + FlowArn: + description: The Amazon Resource Name (ARN), a unique identifier for any AWS resource, of the flow. + type: string + OutputArn: + description: The ARN of the output. + type: string + CidrAllowList: + type: array + description: The range of IP addresses that should be allowed to initiate output requests to this flow. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16. + items: + type: string + Encryption: + $ref: '#/components/schemas/Encryption' + description: The type of key used for the encryption. If no keyType is provided, the service will use the default setting (static-key). + Description: + type: string + description: A description of the output. + Destination: + type: string + description: The address where you want to send the output. + MaxLatency: + type: integer + description: The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams. + MinLatency: + type: integer + description: The minimum latency in milliseconds. + Name: + type: string + description: The name of the output. This value must be unique within the current flow. + Port: + type: integer + description: The port to use when content is distributed to this output. + Protocol: + type: string + enum: + - zixi-push + - rtp-fec + - rtp + - zixi-pull + - rist + - fujitsu-qos + - srt-listener + - srt-caller + description: The protocol that is used by the source or output. + RemoteId: + type: string + description: The remote ID for the Zixi-pull stream. + SmoothingLatency: + type: integer + description: The smoothing latency in milliseconds for RIST, RTP, and RTP-FEC streams. + StreamId: + type: string + description: The stream ID that you want to use for this transport. This parameter applies only to Zixi-based streams. + VpcInterfaceAttachment: + $ref: '#/components/schemas/VpcInterfaceAttachment' + description: The name of the VPC interface attachment to use for this output. + required: + - FlowArn + - Protocol + x-stackql-resource-name: flow_output + description: Resource schema for AWS::MediaConnect::FlowOutput + x-type-name: AWS::MediaConnect::FlowOutput + x-stackql-primary-identifier: + - OutputArn + x-create-only-properties: + - Name + x-read-only-properties: + - OutputArn + x-required-properties: + - FlowArn + - Protocol + x-required-permissions: + create: + - iam:PassRole + - mediaconnect:AddFlowOutputs + read: + - mediaconnect:DescribeFlow + update: + - mediaconnect:DescribeFlow + - mediaconnect:UpdateFlowOutput + delete: + - mediaconnect:DescribeFlow + - mediaconnect:RemoveFlowOutput + list: + - mediaconnect:DescribeFlow + FlowSource: + type: object + properties: + FlowArn: + type: string + description: The ARN of the flow. + SourceArn: + type: string + description: The ARN of the source. + Decryption: + $ref: '#/components/schemas/Encryption' + description: The type of encryption that is used on the content ingested from this source. + Description: + type: string + description: A description for the source. This value is not used or seen outside of the current AWS Elemental MediaConnect account. + EntitlementArn: + type: string + description: The ARN of the entitlement that allows you to subscribe to content that comes from another AWS account. The entitlement is set by the content originator and the ARN is generated as part of the originator's flow. + GatewayBridgeSource: + $ref: '#/components/schemas/GatewayBridgeSource' + description: The source configuration for cloud flows receiving a stream from a bridge. + IngestIp: + type: string + description: The IP address that the flow will be listening on for incoming content. + IngestPort: + type: integer + description: The port that the flow will be listening on for incoming content. + MaxBitrate: + type: integer + description: The smoothing max bitrate for RIST, RTP, and RTP-FEC streams. + MaxLatency: + type: integer + description: The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams. + default: 2000 + MinLatency: + type: integer + description: The minimum latency in milliseconds. + default: 2000 + Name: + type: string + description: The name of the source. + Protocol: + type: string + enum: + - zixi-push + - rtp-fec + - rtp + - rist + - srt-listener + - srt-caller + description: The protocol that is used by the source. + SenderIpAddress: + type: string + description: The IP address that the flow communicates with to initiate connection with the sender for fujitsu-qos protocol. + SenderControlPort: + type: integer + description: The port that the flow uses to send outbound requests to initiate connection with the sender for fujitsu-qos protocol. + StreamId: + type: string + description: The stream ID that you want to use for this transport. This parameter applies only to Zixi-based streams. + SourceIngestPort: + type: string + description: The port that the flow will be listening on for incoming content.(ReadOnly) + SourceListenerAddress: + type: string + description: Source IP or domain name for SRT-caller protocol. + SourceListenerPort: + type: integer + description: Source port for SRT-caller protocol. + VpcInterfaceName: + type: string + description: The name of the VPC Interface this Source is configured with. + WhitelistCidr: + type: string + description: The range of IP addresses that should be allowed to contribute content to your source. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16. + required: + - Name + - Description + x-stackql-resource-name: flow_source + description: Resource schema for AWS::MediaConnect::FlowSource + x-type-name: AWS::MediaConnect::FlowSource + x-stackql-primary-identifier: + - SourceArn + x-create-only-properties: + - Name + x-read-only-properties: + - IngestIp + - SourceArn + - SourceIngestPort + x-required-properties: + - Name + - Description + x-required-permissions: + create: + - mediaconnect:CreateFlow + - mediaconnect:DescribeFlow + - mediaconnect:AddFlowSources + - iam:PassRole + read: + - mediaconnect:DescribeFlow + update: + - mediaconnect:DescribeFlow + - mediaconnect:UpdateFlowSource + delete: + - mediaconnect:DescribeFlow + - mediaconnect:RemoveFlowSource + list: + - mediaconnect:DescribeFlow + FlowVpcInterface: + type: object + properties: + FlowArn: + type: string + description: The Amazon Resource Name (ARN), a unique identifier for any AWS resource, of the flow. + Name: + type: string + description: Immutable and has to be a unique against other VpcInterfaces in this Flow. + RoleArn: + type: string + description: Role Arn MediaConnect can assumes to create ENIs in customer's account. + SecurityGroupIds: + type: array + description: Security Group IDs to be used on ENI. + items: + type: string + SubnetId: + type: string + description: Subnet must be in the AZ of the Flow + NetworkInterfaceIds: + type: array + description: IDs of the network interfaces created in customer's account by MediaConnect. + items: + type: string + required: + - FlowArn + - Name + - RoleArn + - SubnetId + - SecurityGroupIds + x-stackql-resource-name: flow_vpc_interface + description: Resource schema for AWS::MediaConnect::FlowVpcInterface + x-type-name: AWS::MediaConnect::FlowVpcInterface + x-stackql-primary-identifier: + - FlowArn + - Name + x-create-only-properties: + - FlowArn + - Name + x-read-only-properties: + - NetworkInterfaceIds + x-required-properties: + - FlowArn + - Name + - RoleArn + - SubnetId + - SecurityGroupIds + x-required-permissions: + create: + - iam:PassRole + - mediaconnect:DescribeFlow + - mediaconnect:AddFlowVpcInterfaces + read: + - mediaconnect:DescribeFlow + update: + - mediaconnect:DescribeFlow + - mediaconnect:AddFlowVpcInterfaces + - mediaconnect:RemoveFlowVpcInterface + delete: + - mediaconnect:DescribeFlow + - mediaconnect:RemoveFlowVpcInterface + list: + - mediaconnect:DescribeFlow + GatewayNetwork: + description: The network settings for a gateway. + type: object + properties: + Name: + type: string + description: The name of the network. This name is used to reference the network and must be unique among networks in this gateway. + CidrBlock: + type: string + description: A unique IP address range to use for this network. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16. + additionalProperties: false + required: + - Name + - CidrBlock + Gateway: + type: object + properties: + Name: + description: The name of the gateway. This name can not be modified after the gateway is created. + type: string + GatewayArn: + description: The Amazon Resource Name (ARN) of the gateway. + type: string + GatewayState: + description: The current status of the gateway. + type: string + enum: + - CREATING + - ACTIVE + - UPDATING + - ERROR + - DELETING + - DELETED + EgressCidrBlocks: + description: The range of IP addresses that contribute content or initiate output requests for flows communicating with this gateway. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16. + type: array + items: + type: string + x-insertionOrder: true + Networks: + type: array + description: The list of networks in the gateway. + minItems: 1 + maxItems: 4 + items: + $ref: '#/components/schemas/GatewayNetwork' + x-insertionOrder: true + required: + - Name + - EgressCidrBlocks + - Networks + x-stackql-resource-name: gateway + description: Resource schema for AWS::MediaConnect::Gateway + x-type-name: AWS::MediaConnect::Gateway + x-stackql-primary-identifier: + - GatewayArn + x-create-only-properties: + - Name + - EgressCidrBlocks + - Networks + - Networks/*/Name + - Networks/*/CidrBlock + x-read-only-properties: + - GatewayArn + - GatewayState + x-required-properties: + - Name + - EgressCidrBlocks + - Networks + x-tagging: + taggable: false + x-required-permissions: + create: + - iam:CreateServiceLinkedRole + - mediaconnect:CreateGateway + - mediaconnect:DescribeGateway + read: + - mediaconnect:DescribeGateway + delete: + - iam:CreateServiceLinkedRole + - mediaconnect:DescribeGateway + - mediaconnect:DeleteGateway + list: + - mediaconnect:ListGateways + x-stackQL-resources: + bridge_output: + name: bridge_output + id: aws.mediaconnect.bridge_output + x-cfn-schema-name: BridgeOutput + x-type: get + x-identifiers: + - BridgeArn + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.BridgeArn') as bridge_arn, + JSON_EXTRACT(Properties, '$.NetworkOutput') as network_output, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::BridgeOutput' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'BridgeArn') as bridge_arn, + json_extract_path_text(Properties, 'NetworkOutput') as network_output, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::BridgeOutput' + AND data__Identifier = '|' + AND region = 'us-east-1' + bridge_source: + name: bridge_source + id: aws.mediaconnect.bridge_source + x-cfn-schema-name: BridgeSource + x-type: get + x-identifiers: + - BridgeArn + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.BridgeArn') as bridge_arn, + JSON_EXTRACT(Properties, '$.FlowSource') as flow_source, + JSON_EXTRACT(Properties, '$.NetworkSource') as network_source + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::BridgeSource' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'BridgeArn') as bridge_arn, + json_extract_path_text(Properties, 'FlowSource') as flow_source, + json_extract_path_text(Properties, 'NetworkSource') as network_source + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::BridgeSource' + AND data__Identifier = '|' + AND region = 'us-east-1' + bridges: + name: bridges + id: aws.mediaconnect.bridges + x-cfn-schema-name: Bridge + x-type: list + x-identifiers: + - BridgeArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.BridgeArn') as bridge_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaConnect::Bridge' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'BridgeArn') as bridge_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaConnect::Bridge' + AND region = 'us-east-1' + bridge: + name: bridge + id: aws.mediaconnect.bridge + x-cfn-schema-name: Bridge + x-type: get + x-identifiers: + - BridgeArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.BridgeArn') as bridge_arn, + JSON_EXTRACT(Properties, '$.PlacementArn') as placement_arn, + JSON_EXTRACT(Properties, '$.BridgeState') as bridge_state, + JSON_EXTRACT(Properties, '$.SourceFailoverConfig') as source_failover_config, + JSON_EXTRACT(Properties, '$.Outputs') as outputs, + JSON_EXTRACT(Properties, '$.Sources') as sources, + JSON_EXTRACT(Properties, '$.IngressGatewayBridge') as ingress_gateway_bridge, + JSON_EXTRACT(Properties, '$.EgressGatewayBridge') as egress_gateway_bridge + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::Bridge' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'BridgeArn') as bridge_arn, + json_extract_path_text(Properties, 'PlacementArn') as placement_arn, + json_extract_path_text(Properties, 'BridgeState') as bridge_state, + json_extract_path_text(Properties, 'SourceFailoverConfig') as source_failover_config, + json_extract_path_text(Properties, 'Outputs') as outputs, + json_extract_path_text(Properties, 'Sources') as sources, + json_extract_path_text(Properties, 'IngressGatewayBridge') as ingress_gateway_bridge, + json_extract_path_text(Properties, 'EgressGatewayBridge') as egress_gateway_bridge + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::Bridge' + AND data__Identifier = '' + AND region = 'us-east-1' + flows: + name: flows + id: aws.mediaconnect.flows + x-cfn-schema-name: Flow + x-type: list + x-identifiers: + - FlowArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FlowArn') as flow_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaConnect::Flow' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FlowArn') as flow_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaConnect::Flow' + AND region = 'us-east-1' + flow: + name: flow + id: aws.mediaconnect.flow + x-cfn-schema-name: Flow + x-type: get + x-identifiers: + - FlowArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FlowArn') as flow_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(Properties, '$.FlowAvailabilityZone') as flow_availability_zone, + JSON_EXTRACT(Properties, '$.Source') as source, + JSON_EXTRACT(Properties, '$.SourceFailoverConfig') as source_failover_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::Flow' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FlowArn') as flow_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(Properties, 'FlowAvailabilityZone') as flow_availability_zone, + json_extract_path_text(Properties, 'Source') as source, + json_extract_path_text(Properties, 'SourceFailoverConfig') as source_failover_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::Flow' + AND data__Identifier = '' + AND region = 'us-east-1' + flow_entitlements: + name: flow_entitlements + id: aws.mediaconnect.flow_entitlements + x-cfn-schema-name: FlowEntitlement + x-type: list + x-identifiers: + - EntitlementArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EntitlementArn') as entitlement_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaConnect::FlowEntitlement' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EntitlementArn') as entitlement_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaConnect::FlowEntitlement' + AND region = 'us-east-1' + flow_entitlement: + name: flow_entitlement + id: aws.mediaconnect.flow_entitlement + x-cfn-schema-name: FlowEntitlement + x-type: get + x-identifiers: + - EntitlementArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FlowArn') as flow_arn, + JSON_EXTRACT(Properties, '$.EntitlementArn') as entitlement_arn, + JSON_EXTRACT(Properties, '$.DataTransferSubscriberFeePercent') as data_transfer_subscriber_fee_percent, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Encryption') as encryption, + JSON_EXTRACT(Properties, '$.EntitlementStatus') as entitlement_status, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Subscribers') as subscribers + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::FlowEntitlement' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FlowArn') as flow_arn, + json_extract_path_text(Properties, 'EntitlementArn') as entitlement_arn, + json_extract_path_text(Properties, 'DataTransferSubscriberFeePercent') as data_transfer_subscriber_fee_percent, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Encryption') as encryption, + json_extract_path_text(Properties, 'EntitlementStatus') as entitlement_status, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Subscribers') as subscribers + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::FlowEntitlement' + AND data__Identifier = '' + AND region = 'us-east-1' + flow_outputs: + name: flow_outputs + id: aws.mediaconnect.flow_outputs + x-cfn-schema-name: FlowOutput + x-type: list + x-identifiers: + - OutputArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.OutputArn') as output_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaConnect::FlowOutput' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'OutputArn') as output_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaConnect::FlowOutput' + AND region = 'us-east-1' + flow_output: + name: flow_output + id: aws.mediaconnect.flow_output + x-cfn-schema-name: FlowOutput + x-type: get + x-identifiers: + - OutputArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FlowArn') as flow_arn, + JSON_EXTRACT(Properties, '$.OutputArn') as output_arn, + JSON_EXTRACT(Properties, '$.CidrAllowList') as cidr_allow_list, + JSON_EXTRACT(Properties, '$.Encryption') as encryption, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Destination') as destination, + JSON_EXTRACT(Properties, '$.MaxLatency') as max_latency, + JSON_EXTRACT(Properties, '$.MinLatency') as min_latency, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.Protocol') as protocol, + JSON_EXTRACT(Properties, '$.RemoteId') as remote_id, + JSON_EXTRACT(Properties, '$.SmoothingLatency') as smoothing_latency, + JSON_EXTRACT(Properties, '$.StreamId') as stream_id, + JSON_EXTRACT(Properties, '$.VpcInterfaceAttachment') as vpc_interface_attachment + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::FlowOutput' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FlowArn') as flow_arn, + json_extract_path_text(Properties, 'OutputArn') as output_arn, + json_extract_path_text(Properties, 'CidrAllowList') as cidr_allow_list, + json_extract_path_text(Properties, 'Encryption') as encryption, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Destination') as destination, + json_extract_path_text(Properties, 'MaxLatency') as max_latency, + json_extract_path_text(Properties, 'MinLatency') as min_latency, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'Protocol') as protocol, + json_extract_path_text(Properties, 'RemoteId') as remote_id, + json_extract_path_text(Properties, 'SmoothingLatency') as smoothing_latency, + json_extract_path_text(Properties, 'StreamId') as stream_id, + json_extract_path_text(Properties, 'VpcInterfaceAttachment') as vpc_interface_attachment + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::FlowOutput' + AND data__Identifier = '' + AND region = 'us-east-1' + flow_sources: + name: flow_sources + id: aws.mediaconnect.flow_sources + x-cfn-schema-name: FlowSource + x-type: list + x-identifiers: + - SourceArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SourceArn') as source_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaConnect::FlowSource' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SourceArn') as source_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaConnect::FlowSource' + AND region = 'us-east-1' + flow_source: + name: flow_source + id: aws.mediaconnect.flow_source + x-cfn-schema-name: FlowSource + x-type: get + x-identifiers: + - SourceArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FlowArn') as flow_arn, + JSON_EXTRACT(Properties, '$.SourceArn') as source_arn, + JSON_EXTRACT(Properties, '$.Decryption') as decryption, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EntitlementArn') as entitlement_arn, + JSON_EXTRACT(Properties, '$.GatewayBridgeSource') as gateway_bridge_source, + JSON_EXTRACT(Properties, '$.IngestIp') as ingest_ip, + JSON_EXTRACT(Properties, '$.IngestPort') as ingest_port, + JSON_EXTRACT(Properties, '$.MaxBitrate') as max_bitrate, + JSON_EXTRACT(Properties, '$.MaxLatency') as max_latency, + JSON_EXTRACT(Properties, '$.MinLatency') as min_latency, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Protocol') as protocol, + JSON_EXTRACT(Properties, '$.SenderIpAddress') as sender_ip_address, + JSON_EXTRACT(Properties, '$.SenderControlPort') as sender_control_port, + JSON_EXTRACT(Properties, '$.StreamId') as stream_id, + JSON_EXTRACT(Properties, '$.SourceIngestPort') as source_ingest_port, + JSON_EXTRACT(Properties, '$.SourceListenerAddress') as source_listener_address, + JSON_EXTRACT(Properties, '$.SourceListenerPort') as source_listener_port, + JSON_EXTRACT(Properties, '$.VpcInterfaceName') as vpc_interface_name, + JSON_EXTRACT(Properties, '$.WhitelistCidr') as whitelist_cidr + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::FlowSource' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FlowArn') as flow_arn, + json_extract_path_text(Properties, 'SourceArn') as source_arn, + json_extract_path_text(Properties, 'Decryption') as decryption, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EntitlementArn') as entitlement_arn, + json_extract_path_text(Properties, 'GatewayBridgeSource') as gateway_bridge_source, + json_extract_path_text(Properties, 'IngestIp') as ingest_ip, + json_extract_path_text(Properties, 'IngestPort') as ingest_port, + json_extract_path_text(Properties, 'MaxBitrate') as max_bitrate, + json_extract_path_text(Properties, 'MaxLatency') as max_latency, + json_extract_path_text(Properties, 'MinLatency') as min_latency, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Protocol') as protocol, + json_extract_path_text(Properties, 'SenderIpAddress') as sender_ip_address, + json_extract_path_text(Properties, 'SenderControlPort') as sender_control_port, + json_extract_path_text(Properties, 'StreamId') as stream_id, + json_extract_path_text(Properties, 'SourceIngestPort') as source_ingest_port, + json_extract_path_text(Properties, 'SourceListenerAddress') as source_listener_address, + json_extract_path_text(Properties, 'SourceListenerPort') as source_listener_port, + json_extract_path_text(Properties, 'VpcInterfaceName') as vpc_interface_name, + json_extract_path_text(Properties, 'WhitelistCidr') as whitelist_cidr + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::FlowSource' + AND data__Identifier = '' + AND region = 'us-east-1' + flow_vpc_interfaces: + name: flow_vpc_interfaces + id: aws.mediaconnect.flow_vpc_interfaces + x-cfn-schema-name: FlowVpcInterface + x-type: list + x-identifiers: + - FlowArn + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FlowArn') as flow_arn, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaConnect::FlowVpcInterface' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FlowArn') as flow_arn, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaConnect::FlowVpcInterface' + AND region = 'us-east-1' + flow_vpc_interface: + name: flow_vpc_interface + id: aws.mediaconnect.flow_vpc_interface + x-cfn-schema-name: FlowVpcInterface + x-type: get + x-identifiers: + - FlowArn + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FlowArn') as flow_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(Properties, '$.NetworkInterfaceIds') as network_interface_ids + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::FlowVpcInterface' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FlowArn') as flow_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'SubnetId') as subnet_id, + json_extract_path_text(Properties, 'NetworkInterfaceIds') as network_interface_ids + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::FlowVpcInterface' + AND data__Identifier = '|' + AND region = 'us-east-1' + gateways: + name: gateways + id: aws.mediaconnect.gateways + x-cfn-schema-name: Gateway + x-type: list + x-identifiers: + - GatewayArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GatewayArn') as gateway_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaConnect::Gateway' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GatewayArn') as gateway_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaConnect::Gateway' + AND region = 'us-east-1' + gateway: + name: gateway + id: aws.mediaconnect.gateway + x-cfn-schema-name: Gateway + x-type: get + x-identifiers: + - GatewayArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.GatewayArn') as gateway_arn, + JSON_EXTRACT(Properties, '$.GatewayState') as gateway_state, + JSON_EXTRACT(Properties, '$.EgressCidrBlocks') as egress_cidr_blocks, + JSON_EXTRACT(Properties, '$.Networks') as networks + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::Gateway' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'GatewayArn') as gateway_arn, + json_extract_path_text(Properties, 'GatewayState') as gateway_state, + json_extract_path_text(Properties, 'EgressCidrBlocks') as egress_cidr_blocks, + json_extract_path_text(Properties, 'Networks') as networks + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::Gateway' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/medialive.yaml b/providers/src/aws/v00.00.00000/services/medialive.yaml new file mode 100644 index 00000000..5f93bb03 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/medialive.yaml @@ -0,0 +1,500 @@ +openapi: 3.0.0 +info: + title: MediaLive + version: 1.0.0 +paths: {} +components: + schemas: + MultiplexOutputDestination: + description: Multiplex MediaConnect output destination settings. + type: object + properties: + MultiplexMediaConnectOutputDestinationSettings: + description: Multiplex MediaConnect output destination settings. + properties: + EntitlementArn: + type: string + description: The MediaConnect entitlement ARN available as a Flow source. + minLength: 1 + additionalProperties: false + additionalProperties: false + MultiplexSettings: + type: object + description: A key-value pair to associate with a resource. + properties: + MaximumVideoBufferDelayMilliseconds: + type: integer + description: Maximum video buffer delay in milliseconds. + minimum: 800 + maximum: 3000 + TransportStreamBitrate: + type: integer + description: Transport stream bit rate. + minimum: 1000000 + maximum: 100000000 + TransportStreamId: + type: integer + description: Transport stream ID. + minimum: 0 + maximum: 65535 + TransportStreamReservedBitrate: + type: integer + description: Transport stream reserved bit rate. + minimum: 0 + maximum: 100000000 + required: + - TransportStreamBitrate + - TransportStreamId + additionalProperties: false + Tags: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + Value: + type: string + additionalProperties: false + Multiplex: + type: object + properties: + Arn: + type: string + description: The unique arn of the multiplex. + AvailabilityZones: + description: A list of availability zones for the multiplex. + type: array + x-insertionOrder: false + items: + type: string + Destinations: + description: A list of the multiplex output destinations. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/MultiplexOutputDestination' + Id: + type: string + description: The unique id of the multiplex. + MultiplexSettings: + $ref: '#/components/schemas/MultiplexSettings' + description: Configuration for a multiplex event. + Name: + type: string + description: Name of multiplex. + PipelinesRunningCount: + type: integer + description: The number of currently healthy pipelines. + ProgramCount: + type: integer + description: The number of programs in the multiplex. + State: + type: string + enum: + - CREATING + - CREATE_FAILED + - IDLE + - STARTING + - RUNNING + - RECOVERING + - STOPPING + - DELETING + - DELETED + Tags: + description: A collection of key-value pairs. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tags' + required: + - AvailabilityZones + - MultiplexSettings + - Name + x-stackql-resource-name: multiplex + description: Resource schema for AWS::MediaLive::Multiplex + x-type-name: AWS::MediaLive::Multiplex + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - AvailabilityZones + x-read-only-properties: + - Arn + - Id + - PipelinesRunningCount + - ProgramCount + - State + x-required-properties: + - AvailabilityZones + - MultiplexSettings + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - medialive:CreateMultiplex + - medialive:DescribeMultiplex + - medialive:CreateTags + read: + - medialive:DescribeMultiplex + update: + - medialive:UpdateMultiplex + - medialive:DescribeMultiplex + - medialive:CreateTags + - medialive:DeleteTags + delete: + - medialive:DeleteMultiplex + - medialive:DescribeMultiplex + list: + - medialive:ListMultiplexes + MultiplexProgramSettings: + description: Multiplex Program settings configuration. + type: object + properties: + PreferredChannelPipeline: + type: string + $ref: '#/components/schemas/PreferredChannelPipeline' + ProgramNumber: + type: integer + description: Unique program number. + minimum: 0 + maximum: 65535 + ServiceDescriptor: + $ref: '#/components/schemas/MultiplexProgramServiceDescriptor' + description: Transport stream service descriptor configuration for the Multiplex program. + VideoSettings: + $ref: '#/components/schemas/MultiplexVideoSettings' + description: Program video settings configuration. + required: + - ProgramNumber + additionalProperties: false + PreferredChannelPipeline: + type: string + description: | + Indicates which pipeline is preferred by the multiplex for program ingest. + If set to \"PIPELINE_0\" or \"PIPELINE_1\" and an unhealthy ingest causes the multiplex to switch to the non-preferred pipeline, + it will switch back once that ingest is healthy again. If set to \"CURRENTLY_ACTIVE\", + it will not switch back to the other pipeline based on it recovering to a healthy state, + it will only switch if the active pipeline becomes unhealthy. + enum: + - CURRENTLY_ACTIVE + - PIPELINE_0 + - PIPELINE_1 + MultiplexProgramServiceDescriptor: + description: Transport stream service descriptor configuration for the Multiplex program. + type: object + properties: + ProviderName: + type: string + description: Name of the provider. + minLength: 1 + maxLength: 256 + ServiceName: + type: string + description: Name of the service. + minLength: 1 + maxLength: 256 + required: + - ProviderName + - ServiceName + additionalProperties: false + MultiplexVideoSettings: + description: The video configuration for each program in a multiplex. + type: object + oneOf: + - type: object + properties: + ConstantBitrate: + type: integer + description: |- + The constant bitrate configuration for the video encode. + When this field is defined, StatmuxSettings must be undefined. + minimum: 100000 + maximum: 100000000 + required: + - ConstantBitrate + additionalProperties: false + - type: object + properties: + StatmuxSettings: + description: |- + Statmux rate control settings. + When this field is defined, ConstantBitrate must be undefined. + $ref: '#/components/schemas/MultiplexStatmuxVideoSettings' + required: + - StatmuxSettings + additionalProperties: false + MultiplexStatmuxVideoSettings: + description: Statmux rate control settings + type: object + properties: + MaximumBitrate: + type: integer + description: Maximum statmux bitrate. + minimum: 100000 + maximum: 100000000 + MinimumBitrate: + type: integer + description: Minimum statmux bitrate. + minimum: 100000 + maximum: 100000000 + Priority: + type: integer + description: The purpose of the priority is to use a combination of the\nmultiplex rate control algorithm and the QVBR capability of the\nencoder to prioritize the video quality of some channels in a\nmultiplex over others. Channels that have a higher priority will\nget higher video quality at the expense of the video quality of\nother channels in the multiplex with lower priority. + minimum: -5 + maximum: 5 + additionalProperties: false + MultiplexProgramPacketIdentifiersMap: + description: Packet identifiers map for a given Multiplex program. + type: object + properties: + AudioPids: + type: array + items: + type: integer + x-insertionOrder: true + DvbSubPids: + type: array + items: + type: integer + x-insertionOrder: true + DvbTeletextPid: + type: integer + EtvPlatformPid: + type: integer + EtvSignalPid: + type: integer + KlvDataPids: + type: array + items: + type: integer + x-insertionOrder: true + PcrPid: + type: integer + PmtPid: + type: integer + PrivateMetadataPid: + type: integer + Scte27Pids: + type: array + items: + type: integer + x-insertionOrder: true + Scte35Pid: + type: integer + TimedMetadataPid: + type: integer + VideoPid: + type: integer + additionalProperties: false + MultiplexProgramPipelineDetail: + description: The current source for one of the pipelines in the multiplex. + type: object + properties: + ActiveChannelPipeline: + type: string + description: Identifies the channel pipeline that is currently active for the pipeline (identified by PipelineId) in the multiplex. + PipelineId: + type: string + description: Identifies a specific pipeline in the multiplex. + additionalProperties: false + Multiplexprogram: + type: object + properties: + ChannelId: + type: string + description: The MediaLive channel associated with the program. + MultiplexId: + type: string + description: The ID of the multiplex that the program belongs to. + MultiplexProgramSettings: + description: The settings for this multiplex program. + $ref: '#/components/schemas/MultiplexProgramSettings' + PreferredChannelPipeline: + description: The settings for this multiplex program. + $ref: '#/components/schemas/PreferredChannelPipeline' + PacketIdentifiersMap: + $ref: '#/components/schemas/MultiplexProgramPacketIdentifiersMap' + description: The packet identifier map for this multiplex program. + PipelineDetails: + description: Contains information about the current sources for the specified program in the specified multiplex. Keep in mind that each multiplex pipeline connects to both pipelines in a given source channel (the channel identified by the program). But only one of those channel pipelines is ever active at one time. + type: array + items: + $ref: '#/components/schemas/MultiplexProgramPipelineDetail' + x-insertionOrder: true + ProgramName: + type: string + description: The name of the multiplex program. + x-stackql-resource-name: multiplexprogram + description: Resource schema for AWS::MediaLive::Multiplexprogram + x-type-name: AWS::MediaLive::Multiplexprogram + x-stackql-primary-identifier: + - ProgramName + - MultiplexId + x-create-only-properties: + - ProgramName + - MultiplexId + x-write-only-properties: + - PreferredChannelPipeline + x-tagging: + taggable: false + x-required-permissions: + create: + - medialive:CreateMultiplexProgram + - medialive:DescribeMultiplexProgram + read: + - medialive:DescribeMultiplexProgram + update: + - medialive:UpdateMultiplexProgram + - medialive:DescribeMultiplexProgram + delete: + - medialive:DeleteMultiplexProgram + - medialive:DescribeMultiplexProgram + list: + - medialive:ListMultiplexPrograms + x-stackQL-resources: + multiplexes: + name: multiplexes + id: aws.medialive.multiplexes + x-cfn-schema-name: Multiplex + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Multiplex' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Multiplex' + AND region = 'us-east-1' + multiplex: + name: multiplex + id: aws.medialive.multiplex + x-cfn-schema-name: Multiplex + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AvailabilityZones') as availability_zones, + JSON_EXTRACT(Properties, '$.Destinations') as destinations, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.MultiplexSettings') as multiplex_settings, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.PipelinesRunningCount') as pipelines_running_count, + JSON_EXTRACT(Properties, '$.ProgramCount') as program_count, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Multiplex' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AvailabilityZones') as availability_zones, + json_extract_path_text(Properties, 'Destinations') as destinations, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'MultiplexSettings') as multiplex_settings, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'PipelinesRunningCount') as pipelines_running_count, + json_extract_path_text(Properties, 'ProgramCount') as program_count, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Multiplex' + AND data__Identifier = '' + AND region = 'us-east-1' + multiplexprograms: + name: multiplexprograms + id: aws.medialive.multiplexprograms + x-cfn-schema-name: Multiplexprogram + x-type: list + x-identifiers: + - ProgramName + - MultiplexId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ProgramName') as program_name, + JSON_EXTRACT(Properties, '$.MultiplexId') as multiplex_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Multiplexprogram' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ProgramName') as program_name, + json_extract_path_text(Properties, 'MultiplexId') as multiplex_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Multiplexprogram' + AND region = 'us-east-1' + multiplexprogram: + name: multiplexprogram + id: aws.medialive.multiplexprogram + x-cfn-schema-name: Multiplexprogram + x-type: get + x-identifiers: + - ProgramName + - MultiplexId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ChannelId') as channel_id, + JSON_EXTRACT(Properties, '$.MultiplexId') as multiplex_id, + JSON_EXTRACT(Properties, '$.MultiplexProgramSettings') as multiplex_program_settings, + JSON_EXTRACT(Properties, '$.PreferredChannelPipeline') as preferred_channel_pipeline, + JSON_EXTRACT(Properties, '$.PacketIdentifiersMap') as packet_identifiers_map, + JSON_EXTRACT(Properties, '$.PipelineDetails') as pipeline_details, + JSON_EXTRACT(Properties, '$.ProgramName') as program_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Multiplexprogram' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ChannelId') as channel_id, + json_extract_path_text(Properties, 'MultiplexId') as multiplex_id, + json_extract_path_text(Properties, 'MultiplexProgramSettings') as multiplex_program_settings, + json_extract_path_text(Properties, 'PreferredChannelPipeline') as preferred_channel_pipeline, + json_extract_path_text(Properties, 'PacketIdentifiersMap') as packet_identifiers_map, + json_extract_path_text(Properties, 'PipelineDetails') as pipeline_details, + json_extract_path_text(Properties, 'ProgramName') as program_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Multiplexprogram' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/mediapackage.yaml b/providers/src/aws/v00.00.00000/services/mediapackage.yaml new file mode 100644 index 00000000..64785ce6 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/mediapackage.yaml @@ -0,0 +1,1081 @@ +openapi: 3.0.0 +info: + title: MediaPackage + version: 1.0.0 +paths: {} +components: + schemas: + EgressEndpoint: + description: The endpoint URL used to access an Asset using one PackagingConfiguration. + type: object + additionalProperties: false + properties: + PackagingConfigurationId: + description: The ID of the PackagingConfiguration being applied to the Asset. + type: string + Url: + description: The URL of the parent manifest for the repackaged Asset. + type: string + required: + - PackagingConfigurationId + - Url + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + Value: + type: string + required: + - Value + - Key + Asset: + type: object + properties: + Arn: + description: The ARN of the Asset. + type: string + CreatedAt: + description: The time the Asset was initially submitted for Ingest. + type: string + EgressEndpoints: + description: The list of egress endpoints available for the Asset. + type: array + items: + $ref: '#/components/schemas/EgressEndpoint' + Id: + description: The unique identifier for the Asset. + type: string + PackagingGroupId: + description: The ID of the PackagingGroup for the Asset. + type: string + ResourceId: + description: The resource ID to include in SPEKE key requests. + type: string + SourceArn: + description: ARN of the source object in S3. + type: string + SourceRoleArn: + description: The IAM role_arn used to access the source S3 bucket. + type: string + Tags: + description: A collection of tags associated with a resource + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + required: + - Id + - PackagingGroupId + - SourceArn + - SourceRoleArn + x-stackql-resource-name: asset + description: Resource schema for AWS::MediaPackage::Asset + x-type-name: AWS::MediaPackage::Asset + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Arn + - CreatedAt + - EgressEndpoints/*/PackagingConfigurationId + - EgressEndpoints/*/Url + x-required-properties: + - Id + - PackagingGroupId + - SourceArn + - SourceRoleArn + x-required-permissions: + create: + - mediapackage-vod:CreateAsset + - mediapackage-vod:DescribeAsset + - mediapackage-vod:TagResource + - iam:PassRole + read: + - mediapackage-vod:DescribeAsset + delete: + - mediapackage-vod:DescribeAsset + - mediapackage-vod:DeleteAsset + list: + - mediapackage-vod:ListAssets + - mediapackage-vod:DescribePackagingGroup + HlsIngest: + description: An HTTP Live Streaming (HLS) ingest resource configuration. + type: object + additionalProperties: false + properties: + ingestEndpoints: + description: A list of endpoints to which the source stream should be sent. + type: array + items: + $ref: '#/components/schemas/IngestEndpoint' + IngestEndpoint: + description: An endpoint for ingesting source content for a Channel. + type: object + additionalProperties: false + properties: + Id: + description: The system generated unique identifier for the IngestEndpoint + type: string + Username: + description: The system generated username for ingest authentication. + type: string + Password: + description: The system generated password for ingest authentication. + type: string + Url: + description: The ingest URL to which the source stream should be sent. + type: string + required: + - Id + - Username + - Password + - Url + LogConfiguration: + type: object + additionalProperties: false + properties: + LogGroupName: + description: 'Sets a custom AWS CloudWatch log group name for egress logs. If a log group name isn''t specified, the default name is used: /aws/MediaPackage/VodEgressAccessLogs.' + type: string + pattern: \A\/aws\/MediaPackage\/[0-9a-zA-Z-_\/\.#]+\Z + minLength: 1 + maxLength: 512 + Channel: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) assigned to the Channel. + type: string + Id: + description: The ID of the Channel. + type: string + pattern: \A[0-9a-zA-Z-_]+\Z + minLength: 1 + maxLength: 256 + Description: + description: A short text description of the Channel. + type: string + HlsIngest: + description: An HTTP Live Streaming (HLS) ingest resource configuration. + $ref: '#/components/schemas/HlsIngest' + Tags: + description: A collection of tags associated with a resource + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + EgressAccessLogs: + description: The configuration parameters for egress access logging. + $ref: '#/components/schemas/LogConfiguration' + IngressAccessLogs: + description: The configuration parameters for egress access logging. + $ref: '#/components/schemas/LogConfiguration' + required: + - Id + x-stackql-resource-name: channel + description: Resource schema for AWS::MediaPackage::Channel + x-type-name: AWS::MediaPackage::Channel + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Id + - Tags + x-read-only-properties: + - Arn + - HlsIngest/ingestEndpoints/*/Id + - HlsIngest/ingestEndpoints/*/Username + - HlsIngest/ingestEndpoints/*/Password + - HlsIngest/ingestEndpoints/*/Url + x-required-properties: + - Id + x-required-permissions: + create: + - mediapackage:CreateChannel + - mediapackage:DescribeChannel + - mediapackage:UpdateChannel + - mediapackage:TagResource + - mediapackage:ConfigureLogs + - iam:CreateServiceLinkedRole + read: + - mediapackage:DescribeChannel + update: + - mediapackage:UpdateChannel + - mediapackage:ConfigureLogs + - iam:CreateServiceLinkedRole + delete: + - mediapackage:DeleteChannel + list: + - mediapackage:ListChannels + MssPackage: + type: object + description: A Microsoft Smooth Streaming (MSS) PackagingConfiguration. + additionalProperties: false + properties: + Encryption: + $ref: '#/components/schemas/MssEncryption' + MssManifests: + description: A list of MSS manifest configurations. + type: array + items: + $ref: '#/components/schemas/MssManifest' + SegmentDurationSeconds: + $ref: '#/components/schemas/SegmentDurationSeconds' + required: + - MssManifests + MssEncryption: + description: A CMAF encryption configuration. + type: object + additionalProperties: false + properties: + SpekeKeyProvider: + $ref: '#/components/schemas/SpekeKeyProvider' + required: + - SpekeKeyProvider + DashPackage: + type: object + description: A Dynamic Adaptive Streaming over HTTP (DASH) packaging configuration. + additionalProperties: false + properties: + DashManifests: + description: A list of DASH manifest configurations. + type: array + items: + $ref: '#/components/schemas/DashManifest' + Encryption: + $ref: '#/components/schemas/DashEncryption' + PeriodTriggers: + description: A list of triggers that controls when the outgoing Dynamic Adaptive Streaming over HTTP (DASH) Media Presentation Description (MPD) will be partitioned into multiple periods. If empty, the content will not be partitioned into more than one period. If the list contains "ADS", new periods will be created where the Asset contains SCTE-35 ad markers. + type: array + items: + type: string + enum: + - ADS + SegmentDurationSeconds: + $ref: '#/components/schemas/SegmentDurationSeconds' + SegmentTemplateFormat: + description: Determines the type of SegmentTemplate included in the Media Presentation Description (MPD). When set to NUMBER_WITH_TIMELINE, a full timeline is presented in each SegmentTemplate, with $Number$ media URLs. When set to TIME_WITH_TIMELINE, a full timeline is presented in each SegmentTemplate, with $Time$ media URLs. When set to NUMBER_WITH_DURATION, only a duration is included in each SegmentTemplate, with $Number$ media URLs. + type: string + enum: + - NUMBER_WITH_TIMELINE + - TIME_WITH_TIMELINE + - NUMBER_WITH_DURATION + IncludeEncoderConfigurationInSegments: + description: When includeEncoderConfigurationInSegments is set to true, MediaPackage places your encoder's Sequence Parameter Set (SPS), Picture Parameter Set (PPS), and Video Parameter Set (VPS) metadata in every video segment instead of in the init fragment. This lets you use different SPS/PPS/VPS settings for your assets during content playback. + type: boolean + IncludeIframeOnlyStream: + description: When enabled, an I-Frame only stream will be included in the output. + type: boolean + required: + - DashManifests + DashEncryption: + type: object + description: A Dynamic Adaptive Streaming over HTTP (DASH) encryption configuration. + additionalProperties: false + properties: + SpekeKeyProvider: + $ref: '#/components/schemas/SpekeKeyProvider' + required: + - SpekeKeyProvider + Authorization: + type: object + additionalProperties: false + properties: + CdnIdentifierSecret: + description: The Amazon Resource Name (ARN) for the secret in AWS Secrets Manager that is used for CDN authorization. + type: string + SecretsRoleArn: + description: The Amazon Resource Name (ARN) for the IAM role that allows MediaPackage to communicate with AWS Secrets Manager. + type: string + required: + - CdnIdentifierSecret + - SecretsRoleArn + HlsPackage: + description: An HTTP Live Streaming (HLS) packaging configuration. + type: object + additionalProperties: false + properties: + Encryption: + $ref: '#/components/schemas/HlsEncryption' + HlsManifests: + description: A list of HLS manifest configurations. + type: array + items: + $ref: '#/components/schemas/HlsManifest' + IncludeDvbSubtitles: + description: When enabled, MediaPackage passes through digital video broadcasting (DVB) subtitles into the output. + type: boolean + SegmentDurationSeconds: + $ref: '#/components/schemas/SegmentDurationSeconds' + UseAudioRenditionGroup: + description: When enabled, audio streams will be placed in rendition groups in the output. + type: boolean + required: + - HlsManifests + HlsEncryption: + description: An HTTP Live Streaming (HLS) encryption configuration. + type: object + additionalProperties: false + properties: + ConstantInitializationVector: + description: An HTTP Live Streaming (HLS) encryption configuration. + type: string + EncryptionMethod: + description: The encryption method to use. + type: string + enum: + - AES_128 + - SAMPLE_AES + SpekeKeyProvider: + $ref: '#/components/schemas/SpekeKeyProvider' + required: + - SpekeKeyProvider + CmafPackage: + description: A CMAF packaging configuration. + type: object + additionalProperties: false + properties: + Encryption: + $ref: '#/components/schemas/CmafEncryption' + HlsManifests: + description: A list of HLS manifest configurations. + type: array + items: + $ref: '#/components/schemas/HlsManifest' + SegmentDurationSeconds: + $ref: '#/components/schemas/SegmentDurationSeconds' + IncludeEncoderConfigurationInSegments: + description: When includeEncoderConfigurationInSegments is set to true, MediaPackage places your encoder's Sequence Parameter Set (SPS), Picture Parameter Set (PPS), and Video Parameter Set (VPS) metadata in every video segment instead of in the init fragment. This lets you use different SPS/PPS/VPS settings for your assets during content playback. + type: boolean + required: + - HlsManifests + CmafEncryption: + type: object + description: A CMAF encryption configuration. + additionalProperties: false + properties: + SpekeKeyProvider: + $ref: '#/components/schemas/SpekeKeyProvider' + required: + - SpekeKeyProvider + HlsManifest: + description: An HTTP Live Streaming (HLS) manifest configuration. + type: object + additionalProperties: false + properties: + AdMarkers: + description: This setting controls how ad markers are included in the packaged OriginEndpoint. "NONE" will omit all SCTE-35 ad markers from the output. "PASSTHROUGH" causes the manifest to contain a copy of the SCTE-35 ad markers (comments) taken directly from the input HTTP Live Streaming (HLS) manifest. "SCTE35_ENHANCED" generates ad markers and blackout tags based on SCTE-35 messages in the input source. + type: string + enum: + - NONE + - SCTE35_ENHANCED + - PASSTHROUGH + IncludeIframeOnlyStream: + description: When enabled, an I-Frame only stream will be included in the output. + type: boolean + ManifestName: + $ref: '#/components/schemas/ManifestName' + ProgramDateTimeIntervalSeconds: + description: >- + The interval (in seconds) between each EXT-X-PROGRAM-DATE-TIME tag inserted into manifests. Additionally, when an interval is specified ID3Timed Metadata messages will be generated every 5 seconds using the ingest time of the content. If the interval is not specified, or set to 0, then no EXT-X-PROGRAM-DATE-TIME tags will be inserted into manifests and no ID3Timed Metadata messages will be generated. Note that irrespective of this parameter, if any ID3 Timed Metadata is found in HTTP + Live Streaming (HLS) input, it will be passed through to HLS output. + type: integer + RepeatExtXKey: + description: When enabled, the EXT-X-KEY tag will be repeated in output manifests. + type: boolean + StreamSelection: + $ref: '#/components/schemas/StreamSelection' + StreamSelection: + description: A StreamSelection configuration. + type: object + additionalProperties: false + properties: + MaxVideoBitsPerSecond: + description: The maximum video bitrate (bps) to include in output. + type: integer + MinVideoBitsPerSecond: + description: The minimum video bitrate (bps) to include in output. + type: integer + StreamOrder: + description: A directive that determines the order of streams in the output. + type: string + enum: + - ORIGINAL + - VIDEO_BITRATE_ASCENDING + - VIDEO_BITRATE_DESCENDING + SpekeKeyProvider: + description: A configuration for accessing an external Secure Packager and Encoder Key Exchange (SPEKE) service that will provide encryption keys. + type: object + additionalProperties: false + properties: + EncryptionContractConfiguration: + $ref: '#/components/schemas/EncryptionContractConfiguration' + RoleArn: + $ref: '#/components/schemas/RoleArn' + SystemIds: + description: The system IDs to include in key requests. + type: array + items: + type: string + Url: + description: The URL of the external key provider service. + type: string + required: + - RoleArn + - SystemIds + - Url + EncryptionContractConfiguration: + description: The configuration to use for encrypting one or more content tracks separately for endpoints that use SPEKE 2.0. + type: object + additionalProperties: false + required: + - PresetSpeke20Audio + - PresetSpeke20Video + properties: + PresetSpeke20Audio: + description: A collection of audio encryption presets. + type: string + enum: + - PRESET-AUDIO-1 + - PRESET-AUDIO-2 + - PRESET-AUDIO-3 + - SHARED + - UNENCRYPTED + PresetSpeke20Video: + description: A collection of video encryption presets. + type: string + enum: + - PRESET-VIDEO-1 + - PRESET-VIDEO-2 + - PRESET-VIDEO-3 + - PRESET-VIDEO-4 + - PRESET-VIDEO-5 + - PRESET-VIDEO-6 + - PRESET-VIDEO-7 + - PRESET-VIDEO-8 + - SHARED + - UNENCRYPTED + AdsOnDeliveryRestrictions: + description: >- + This setting allows the delivery restriction flags on SCTE-35 segmentation descriptors to determine whether a message signals an ad. Choosing "NONE" means no SCTE-35 messages become ads. Choosing "RESTRICTED" means SCTE-35 messages of the types specified in AdTriggers that contain delivery restrictions will be treated as ads. Choosing "UNRESTRICTED" means SCTE-35 messages of the types specified in AdTriggers that do not contain delivery restrictions will be treated as ads. Choosing + "BOTH" means all SCTE-35 messages of the types specified in AdTriggers will be treated as ads. Note that Splice Insert messages do not have these flags and are always treated as ads if specified in AdTriggers. + type: string + enum: + - NONE + - RESTRICTED + - UNRESTRICTED + - BOTH + OriginEndpoint: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) assigned to the OriginEndpoint. + type: string + Url: + description: The URL of the packaged OriginEndpoint for consumption. + type: string + Id: + description: The ID of the OriginEndpoint. + type: string + pattern: \A[0-9a-zA-Z-_]+\Z + minLength: 1 + maxLength: 256 + ChannelId: + description: The ID of the Channel the OriginEndpoint is associated with. + type: string + Description: + description: A short text description of the OriginEndpoint. + type: string + Whitelist: + description: A list of source IP CIDR blocks that will be allowed to access the OriginEndpoint. + type: array + items: + type: string + StartoverWindowSeconds: + description: Maximum duration (seconds) of content to retain for startover playback. If not specified, startover playback will be disabled for the OriginEndpoint. + type: integer + TimeDelaySeconds: + description: Amount of delay (seconds) to enforce on the playback of live content. If not specified, there will be no time delay in effect for the OriginEndpoint. + type: integer + ManifestName: + description: A short string appended to the end of the OriginEndpoint URL. + type: string + Origination: + description: Control whether origination of video is allowed for this OriginEndpoint. If set to ALLOW, the OriginEndpoint may by requested, pursuant to any other form of access control. If set to DENY, the OriginEndpoint may not be requested. This can be helpful for Live to VOD harvesting, or for temporarily disabling origination + type: string + enum: + - ALLOW + - DENY + Authorization: + $ref: '#/components/schemas/Authorization' + HlsPackage: + $ref: '#/components/schemas/HlsPackage' + DashPackage: + $ref: '#/components/schemas/DashPackage' + MssPackage: + $ref: '#/components/schemas/MssPackage' + CmafPackage: + $ref: '#/components/schemas/CmafPackage' + Tags: + description: A collection of tags associated with a resource + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + required: + - Id + - ChannelId + x-stackql-resource-name: origin_endpoint + description: Resource schema for AWS::MediaPackage::OriginEndpoint + x-type-name: AWS::MediaPackage::OriginEndpoint + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Id + x-read-only-properties: + - Arn + - Url + x-required-properties: + - Id + - ChannelId + x-required-permissions: + create: + - mediapackage:CreateOriginEndpoint + - mediapackage:DescribeOriginEndpoint + - mediapackage:DescribeChannel + - mediapackage:TagResource + - iam:PassRole + - acm:DescribeCertificate + read: + - mediapackage:DescribeOriginEndpoint + update: + - mediapackage:UpdateOriginEndpoint + - iam:PassRole + delete: + - mediapackage:DeleteOriginEndpoint + list: + - mediapackage:ListOriginEndpoints + RoleArn: + description: An Amazon Resource Name (ARN) of an IAM role that AWS Elemental MediaPackage will assume when accessing the key provider service. + type: string + SegmentDurationSeconds: + description: Duration (in seconds) of each fragment. Actual fragments will be rounded to the nearest multiple of the source fragment duration. + type: integer + ManifestName: + description: An optional string to include in the name of the manifest. + type: string + DashManifest: + description: A DASH manifest configuration. + type: object + additionalProperties: false + properties: + ManifestLayout: + description: Determines the position of some tags in the Media Presentation Description (MPD). When set to FULL, elements like SegmentTemplate and ContentProtection are included in each Representation. When set to COMPACT, duplicate elements are combined and presented at the AdaptationSet level. + type: string + enum: + - FULL + - COMPACT + ManifestName: + $ref: '#/components/schemas/ManifestName' + MinBufferTimeSeconds: + description: Minimum duration (in seconds) that a player will buffer media before starting the presentation. + type: integer + Profile: + description: The Dynamic Adaptive Streaming over HTTP (DASH) profile type. When set to "HBBTV_1_5", HbbTV 1.5 compliant output is enabled. + type: string + enum: + - NONE + - HBBTV_1_5 + ScteMarkersSource: + description: The source of scte markers used. When set to SEGMENTS, the scte markers are sourced from the segments of the ingested content. When set to MANIFEST, the scte markers are sourced from the manifest of the ingested content. + type: string + enum: + - SEGMENTS + - MANIFEST + StreamSelection: + $ref: '#/components/schemas/StreamSelection' + MssManifest: + description: A Microsoft Smooth Streaming (MSS) manifest configuration. + type: object + additionalProperties: false + properties: + ManifestName: + $ref: '#/components/schemas/ManifestName' + StreamSelection: + $ref: '#/components/schemas/StreamSelection' + PackagingConfiguration: + type: object + properties: + Id: + description: The ID of the PackagingConfiguration. + type: string + PackagingGroupId: + description: The ID of a PackagingGroup. + type: string + Arn: + description: The ARN of the PackagingConfiguration. + type: string + CmafPackage: + description: A CMAF packaging configuration. + $ref: '#/components/schemas/CmafPackage' + DashPackage: + description: A Dynamic Adaptive Streaming over HTTP (DASH) packaging configuration. + $ref: '#/components/schemas/DashPackage' + HlsPackage: + description: An HTTP Live Streaming (HLS) packaging configuration. + $ref: '#/components/schemas/HlsPackage' + MssPackage: + description: A Microsoft Smooth Streaming (MSS) PackagingConfiguration. + $ref: '#/components/schemas/MssPackage' + Tags: + description: A collection of tags associated with a resource + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + required: + - PackagingGroupId + - Id + x-stackql-resource-name: packaging_configuration + description: Resource schema for AWS::MediaPackage::PackagingConfiguration + x-type-name: AWS::MediaPackage::PackagingConfiguration + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Id + x-read-only-properties: + - Arn + x-required-properties: + - PackagingGroupId + - Id + x-required-permissions: + create: + - mediapackage-vod:CreatePackagingConfiguration + - mediapackage-vod:DescribePackagingConfiguration + - mediapackage-vod:TagResource + - iam:PassRole + read: + - mediapackage-vod:DescribePackagingConfiguration + delete: + - mediapackage-vod:DescribePackagingConfiguration + - mediapackage-vod:DeletePackagingConfiguration + list: + - mediapackage-vod:ListPackagingConfigurations + - mediapackage-vod:DescribePackagingGroup + PackagingGroup: + type: object + properties: + Id: + description: The ID of the PackagingGroup. + type: string + pattern: \A[0-9a-zA-Z-_]+\Z + minLength: 1 + maxLength: 256 + Arn: + description: The ARN of the PackagingGroup. + type: string + DomainName: + description: The fully qualified domain name for Assets in the PackagingGroup. + type: string + Authorization: + description: CDN Authorization + $ref: '#/components/schemas/Authorization' + Tags: + description: A collection of tags associated with a resource + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + EgressAccessLogs: + description: The configuration parameters for egress access logging. + $ref: '#/components/schemas/LogConfiguration' + required: + - Id + x-stackql-resource-name: packaging_group + description: Resource schema for AWS::MediaPackage::PackagingGroup + x-type-name: AWS::MediaPackage::PackagingGroup + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Id + - Tags + x-read-only-properties: + - Arn + - DomainName + x-required-properties: + - Id + x-required-permissions: + create: + - mediapackage-vod:CreatePackagingGroup + - mediapackage-vod:DescribePackagingGroup + - mediapackage-vod:TagResource + - mediapackage-vod:ConfigureLogs + - iam:PassRole + - iam:CreateServiceLinkedRole + read: + - mediapackage-vod:DescribePackagingGroup + update: + - mediapackage-vod:DescribePackagingGroup + - mediapackage-vod:UpdatePackagingGroup + - mediapackage-vod:ConfigureLogs + - mediapackage-vod:TagResource + - iam:PassRole + - iam:CreateServiceLinkedRole + list: + - mediapackage-vod:ListPackagingGroups + delete: + - mediapackage-vod:DescribePackagingGroup + - mediapackage-vod:DeletePackagingGroup + x-stackQL-resources: + assets: + name: assets + id: aws.mediapackage.assets + x-cfn-schema-name: Asset + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackage::Asset' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackage::Asset' + AND region = 'us-east-1' + asset: + name: asset + id: aws.mediapackage.asset + x-cfn-schema-name: Asset + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.EgressEndpoints') as egress_endpoints, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.PackagingGroupId') as packaging_group_id, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, + JSON_EXTRACT(Properties, '$.SourceArn') as source_arn, + JSON_EXTRACT(Properties, '$.SourceRoleArn') as source_role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackage::Asset' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'EgressEndpoints') as egress_endpoints, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'PackagingGroupId') as packaging_group_id, + json_extract_path_text(Properties, 'ResourceId') as resource_id, + json_extract_path_text(Properties, 'SourceArn') as source_arn, + json_extract_path_text(Properties, 'SourceRoleArn') as source_role_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackage::Asset' + AND data__Identifier = '' + AND region = 'us-east-1' + channels: + name: channels + id: aws.mediapackage.channels + x-cfn-schema-name: Channel + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackage::Channel' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackage::Channel' + AND region = 'us-east-1' + channel: + name: channel + id: aws.mediapackage.channel + x-cfn-schema-name: Channel + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.HlsIngest') as hls_ingest, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.EgressAccessLogs') as egress_access_logs, + JSON_EXTRACT(Properties, '$.IngressAccessLogs') as ingress_access_logs + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackage::Channel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'HlsIngest') as hls_ingest, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'EgressAccessLogs') as egress_access_logs, + json_extract_path_text(Properties, 'IngressAccessLogs') as ingress_access_logs + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackage::Channel' + AND data__Identifier = '' + AND region = 'us-east-1' + origin_endpoints: + name: origin_endpoints + id: aws.mediapackage.origin_endpoints + x-cfn-schema-name: OriginEndpoint + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackage::OriginEndpoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackage::OriginEndpoint' + AND region = 'us-east-1' + origin_endpoint: + name: origin_endpoint + id: aws.mediapackage.origin_endpoint + x-cfn-schema-name: OriginEndpoint + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Url') as url, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ChannelId') as channel_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Whitelist') as whitelist, + JSON_EXTRACT(Properties, '$.StartoverWindowSeconds') as startover_window_seconds, + JSON_EXTRACT(Properties, '$.TimeDelaySeconds') as time_delay_seconds, + JSON_EXTRACT(Properties, '$.ManifestName') as manifest_name, + JSON_EXTRACT(Properties, '$.Origination') as origination, + JSON_EXTRACT(Properties, '$.Authorization') as authorization, + JSON_EXTRACT(Properties, '$.HlsPackage') as hls_package, + JSON_EXTRACT(Properties, '$.DashPackage') as dash_package, + JSON_EXTRACT(Properties, '$.MssPackage') as mss_package, + JSON_EXTRACT(Properties, '$.CmafPackage') as cmaf_package, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackage::OriginEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Url') as url, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ChannelId') as channel_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Whitelist') as whitelist, + json_extract_path_text(Properties, 'StartoverWindowSeconds') as startover_window_seconds, + json_extract_path_text(Properties, 'TimeDelaySeconds') as time_delay_seconds, + json_extract_path_text(Properties, 'ManifestName') as manifest_name, + json_extract_path_text(Properties, 'Origination') as origination, + json_extract_path_text(Properties, 'Authorization') as authorization, + json_extract_path_text(Properties, 'HlsPackage') as hls_package, + json_extract_path_text(Properties, 'DashPackage') as dash_package, + json_extract_path_text(Properties, 'MssPackage') as mss_package, + json_extract_path_text(Properties, 'CmafPackage') as cmaf_package, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackage::OriginEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + packaging_configurations: + name: packaging_configurations + id: aws.mediapackage.packaging_configurations + x-cfn-schema-name: PackagingConfiguration + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackage::PackagingConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackage::PackagingConfiguration' + AND region = 'us-east-1' + packaging_configuration: + name: packaging_configuration + id: aws.mediapackage.packaging_configuration + x-cfn-schema-name: PackagingConfiguration + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.PackagingGroupId') as packaging_group_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CmafPackage') as cmaf_package, + JSON_EXTRACT(Properties, '$.DashPackage') as dash_package, + JSON_EXTRACT(Properties, '$.HlsPackage') as hls_package, + JSON_EXTRACT(Properties, '$.MssPackage') as mss_package, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackage::PackagingConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'PackagingGroupId') as packaging_group_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CmafPackage') as cmaf_package, + json_extract_path_text(Properties, 'DashPackage') as dash_package, + json_extract_path_text(Properties, 'HlsPackage') as hls_package, + json_extract_path_text(Properties, 'MssPackage') as mss_package, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackage::PackagingConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + packaging_groups: + name: packaging_groups + id: aws.mediapackage.packaging_groups + x-cfn-schema-name: PackagingGroup + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackage::PackagingGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackage::PackagingGroup' + AND region = 'us-east-1' + packaging_group: + name: packaging_group + id: aws.mediapackage.packaging_group + x-cfn-schema-name: PackagingGroup + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.Authorization') as authorization, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.EgressAccessLogs') as egress_access_logs + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackage::PackagingGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'Authorization') as authorization, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'EgressAccessLogs') as egress_access_logs + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackage::PackagingGroup' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/mediapackagev2.yaml b/providers/src/aws/v00.00.00000/services/mediapackagev2.yaml new file mode 100644 index 00000000..4daac6de --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/mediapackagev2.yaml @@ -0,0 +1,977 @@ +openapi: 3.0.0 +info: + title: MediaPackageV2 + version: 1.0.0 +paths: {} +components: + schemas: + IngestEndpoint: + type: object + description:

The ingest domain URL where the source stream should be sent.

+ properties: + Id: + type: string + description:

The system-generated unique identifier for the IngestEndpoint.

+ Url: + type: string + description:

The ingest domain URL where the source stream should be sent.

+ additionalProperties: false + Tag: + type: object + properties: + Key: + type: string + Value: + type: string + additionalProperties: false + Channel: + type: object + properties: + Arn: + type: string + description:

The Amazon Resource Name (ARN) associated with the resource.

+ ChannelGroupName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + ChannelName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + CreatedAt: + type: string + description:

The date and time the channel was created.

+ format: date-time + Description: + type: string + maxLength: 1024 + minLength: 0 + description:

Enter any descriptive text that helps you to identify the channel.

+ IngestEndpoints: + type: array + items: + $ref: '#/components/schemas/IngestEndpoint' + description:

The list of ingest endpoints.

+ ModifiedAt: + type: string + description:

The date and time the channel was modified.

+ format: date-time + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - ChannelGroupName + - ChannelName + x-stackql-resource-name: channel + description:

Represents an entry point into AWS Elemental MediaPackage for an ABR video content stream sent from an upstream encoder such as AWS Elemental MediaLive. The channel continuously analyzes the content that it receives and prepares it to be distributed to consumers via one or more origin endpoints.

+ x-type-name: AWS::MediaPackageV2::Channel + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - ChannelGroupName + - ChannelName + x-create-only-properties: + - ChannelGroupName + - ChannelName + x-read-only-properties: + - Arn + - CreatedAt + - IngestEndpoints + - ModifiedAt + x-required-properties: + - ChannelGroupName + - ChannelName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - mediapackagev2:TagResource + - mediapackagev2:CreateChannel + read: + - mediapackagev2:GetChannel + update: + - mediapackagev2:TagResource + - mediapackagev2:UntagResource + - mediapackagev2:ListTagsForResource + - mediapackagev2:UpdateChannel + delete: + - mediapackagev2:GetChannel + - mediapackagev2:DeleteChannel + list: + - mediapackagev2:ListChannels + ChannelGroup: + type: object + properties: + Arn: + type: string + description:

The Amazon Resource Name (ARN) associated with the resource.

+ ChannelGroupName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + CreatedAt: + type: string + description:

The date and time the channel group was created.

+ format: date-time + Description: + type: string + maxLength: 1024 + minLength: 0 + description:

Enter any descriptive text that helps you to identify the channel group.

+ EgressDomain: + type: string + description:

The output domain where the source stream should be sent. Integrate the domain with a downstream CDN (such as Amazon CloudFront) or playback device.

+ ModifiedAt: + type: string + description:

The date and time the channel group was modified.

+ format: date-time + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - ChannelGroupName + x-stackql-resource-name: channel_group + description:

Represents a channel group that facilitates the grouping of multiple channels.

+ x-type-name: AWS::MediaPackageV2::ChannelGroup + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - ChannelGroupName + x-create-only-properties: + - ChannelGroupName + x-read-only-properties: + - Arn + - CreatedAt + - EgressDomain + - ModifiedAt + x-required-properties: + - ChannelGroupName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - mediapackagev2:TagResource + - mediapackagev2:CreateChannelGroup + read: + - mediapackagev2:GetChannelGroup + update: + - mediapackagev2:TagResource + - mediapackagev2:UntagResource + - mediapackagev2:ListTagsForResource + - mediapackagev2:UpdateChannelGroup + delete: + - mediapackagev2:GetChannelGroup + - mediapackagev2:DeleteChannelGroup + list: + - mediapackagev2:ListChannelGroups + ChannelPolicy: + type: object + properties: + ChannelGroupName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + ChannelName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + Policy: + type: object + required: + - ChannelGroupName + - ChannelName + - Policy + x-stackql-resource-name: channel_policy + description:

Represents a resource-based policy that allows or denies access to a channel.

+ x-type-name: AWS::MediaPackageV2::ChannelPolicy + x-stackql-primary-identifier: + - ChannelGroupName + - ChannelName + x-create-only-properties: + - ChannelGroupName + - ChannelName + x-required-properties: + - ChannelGroupName + - ChannelName + - Policy + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - mediapackagev2:GetChannelPolicy + - mediapackagev2:PutChannelPolicy + read: + - mediapackagev2:GetChannelPolicy + update: + - mediapackagev2:GetChannelPolicy + - mediapackagev2:PutChannelPolicy + delete: + - mediapackagev2:GetChannelPolicy + - mediapackagev2:DeleteChannelPolicy + AdMarkerHls: + type: string + enum: + - DATERANGE + CmafEncryptionMethod: + type: string + enum: + - CENC + - CBCS + ContainerType: + type: string + enum: + - TS + - CMAF + DrmSystem: + type: string + enum: + - CLEAR_KEY_AES_128 + - FAIRPLAY + - PLAYREADY + - WIDEVINE + Encryption: + type: object + description:

The parameters for encrypting content.

+ properties: + ConstantInitializationVector: + type: string + maxLength: 32 + minLength: 32 + pattern: ^[0-9a-fA-F]+$ + description:

A 128-bit, 16-byte hex value represented by a 32-character string, used in conjunction with the key for encrypting content. If you don't specify a value, then MediaPackage creates the constant initialization vector (IV).

+ EncryptionMethod: + $ref: '#/components/schemas/EncryptionMethod' + KeyRotationIntervalSeconds: + type: integer + maximum: 31536000 + minimum: 300 + description: |- +

The frequency (in seconds) of key changes for live workflows, in which content is streamed real time. The service retrieves content keys before the live content begins streaming, and then retrieves them as needed over the lifetime of the workflow. By default, key rotation is set to 300 seconds (5 minutes), the minimum rotation interval, which is equivalent to setting it to 300. If you don't enter an interval, content keys aren't rotated.

+

The following example setting causes the service to rotate keys every thirty minutes: 1800 +

+ SpekeKeyProvider: + $ref: '#/components/schemas/SpekeKeyProvider' + required: + - EncryptionMethod + - SpekeKeyProvider + additionalProperties: false + EncryptionContractConfiguration: + type: object + description:

Configure one or more content encryption keys for your endpoints that use SPEKE Version 2.0. The encryption contract defines which content keys are used to encrypt the audio and video tracks in your stream. To configure the encryption contract, specify which audio and video encryption presets to use.

+ properties: + PresetSpeke20Audio: + $ref: '#/components/schemas/PresetSpeke20Audio' + PresetSpeke20Video: + $ref: '#/components/schemas/PresetSpeke20Video' + required: + - PresetSpeke20Audio + - PresetSpeke20Video + additionalProperties: false + EncryptionMethod: + type: object + description:

The encryption type.

+ properties: + TsEncryptionMethod: + $ref: '#/components/schemas/TsEncryptionMethod' + CmafEncryptionMethod: + $ref: '#/components/schemas/CmafEncryptionMethod' + additionalProperties: false + FilterConfiguration: + type: object + description:

Filter configuration includes settings for manifest filtering, start and end times, and time delay that apply to all of your egress requests for this manifest.

+ properties: + ManifestFilter: + type: string + maxLength: 1024 + minLength: 1 + description:

Optionally specify one or more manifest filters for all of your manifest egress requests. When you include a manifest filter, note that you cannot use an identical manifest filter query parameter for this manifest's endpoint URL.

+ Start: + type: string + description:

Optionally specify the start time for all of your manifest egress requests. When you include start time, note that you cannot use start time query parameters for this manifest's endpoint URL.

+ format: date-time + End: + type: string + description:

Optionally specify the end time for all of your manifest egress requests. When you include end time, note that you cannot use end time query parameters for this manifest's endpoint URL.

+ format: date-time + TimeDelaySeconds: + type: integer + maximum: 1209600 + minimum: 0 + description:

Optionally specify the time delay for all of your manifest egress requests. Enter a value that is smaller than your endpoint's startover window. When you include time delay, note that you cannot use time delay query parameters for this manifest's endpoint URL.

+ additionalProperties: false + HlsManifestConfiguration: + type: object + description:

Retrieve the HTTP live streaming (HLS) manifest configuration.

+ properties: + ManifestName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + description:

A short short string that's appended to the endpoint URL. The manifest name creates a unique path to this endpoint. If you don't enter a value, MediaPackage uses the default manifest name, index. MediaPackage automatically inserts the format extension, such as .m3u8. You can't use the same manifest name if you use HLS manifest and low-latency HLS manifest. The manifestName on the HLSManifest object overrides the manifestName you provided on the originEndpoint object.

+ Url: + type: string + description:

The egress domain URL for stream delivery from MediaPackage.

+ ChildManifestName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + description:

A short string that's appended to the endpoint URL. The child manifest name creates a unique path to this endpoint. If you don't enter a value, MediaPackage uses the default child manifest name, index_1. The manifestName on the HLSManifest object overrides the manifestName you provided on the originEndpoint object.

+ ManifestWindowSeconds: + type: integer + description:

The total duration (in seconds) of the manifest's content.

+ ProgramDateTimeIntervalSeconds: + type: integer + description: |- +

Inserts EXT-X-PROGRAM-DATE-TIME tags in the output manifest at the interval that you specify. If you don't enter an interval, + EXT-X-PROGRAM-DATE-TIME tags aren't included in the manifest. + The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player. + ID3Timed metadata messages generate every 5 seconds whenever the content is ingested.

+

Irrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.

+ ScteHls: + $ref: '#/components/schemas/ScteHls' + FilterConfiguration: + $ref: '#/components/schemas/FilterConfiguration' + required: + - ManifestName + additionalProperties: false + LowLatencyHlsManifestConfiguration: + type: object + description:

Retrieve the low-latency HTTP live streaming (HLS) manifest configuration.

+ properties: + ManifestName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + description:

A short short string that's appended to the endpoint URL. The manifest name creates a unique path to this endpoint. If you don't enter a value, MediaPackage uses the default manifest name, index. MediaPackage automatically inserts the format extension, such as .m3u8. You can't use the same manifest name if you use HLS manifest and low-latency HLS manifest. The manifestName on the HLSManifest object overrides the manifestName you provided on the originEndpoint object.

+ Url: + type: string + description:

The egress domain URL for stream delivery from MediaPackage.

+ ChildManifestName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + description:

A short string that's appended to the endpoint URL. The child manifest name creates a unique path to this endpoint. If you don't enter a value, MediaPackage uses the default child manifest name, index_1. The manifestName on the HLSManifest object overrides the manifestName you provided on the originEndpoint object.

+ ManifestWindowSeconds: + type: integer + description:

The total duration (in seconds) of the manifest's content.

+ ProgramDateTimeIntervalSeconds: + type: integer + description: |- +

Inserts EXT-X-PROGRAM-DATE-TIME tags in the output manifest at the interval that you specify. If you don't enter an interval, + EXT-X-PROGRAM-DATE-TIME tags aren't included in the manifest. + The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player. + ID3Timed metadata messages generate every 5 seconds whenever the content is ingested.

+

Irrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.

+ ScteHls: + $ref: '#/components/schemas/ScteHls' + FilterConfiguration: + $ref: '#/components/schemas/FilterConfiguration' + required: + - ManifestName + additionalProperties: false + PresetSpeke20Audio: + type: string + enum: + - PRESET_AUDIO_1 + - PRESET_AUDIO_2 + - PRESET_AUDIO_3 + - SHARED + - UNENCRYPTED + PresetSpeke20Video: + type: string + enum: + - PRESET_VIDEO_1 + - PRESET_VIDEO_2 + - PRESET_VIDEO_3 + - PRESET_VIDEO_4 + - PRESET_VIDEO_5 + - PRESET_VIDEO_6 + - PRESET_VIDEO_7 + - PRESET_VIDEO_8 + - SHARED + - UNENCRYPTED + Scte: + type: object + description:

The SCTE configuration.

+ properties: + ScteFilter: + type: array + items: + $ref: '#/components/schemas/ScteFilter' + maxItems: 100 + minItems: 0 + description:

The SCTE-35 message types that you want to be treated as ad markers in the output.

+ additionalProperties: false + ScteFilter: + type: string + enum: + - SPLICE_INSERT + - BREAK + - PROVIDER_ADVERTISEMENT + - DISTRIBUTOR_ADVERTISEMENT + - PROVIDER_PLACEMENT_OPPORTUNITY + - DISTRIBUTOR_PLACEMENT_OPPORTUNITY + - PROVIDER_OVERLAY_PLACEMENT_OPPORTUNITY + - DISTRIBUTOR_OVERLAY_PLACEMENT_OPPORTUNITY + - PROGRAM + ScteHls: + type: object + description:

The SCTE configuration.

+ properties: + AdMarkerHls: + $ref: '#/components/schemas/AdMarkerHls' + additionalProperties: false + Segment: + type: object + description:

The segment configuration, including the segment name, duration, and other configuration values.

+ properties: + SegmentDurationSeconds: + type: integer + maximum: 30 + minimum: 1 + description:

The duration (in seconds) of each segment. Enter a value equal to, or a multiple of, the input segment duration. If the value that you enter is different from the input segment duration, MediaPackage rounds segments to the nearest multiple of the input segment duration.

+ SegmentName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + description:

The name that describes the segment. The name is the base name of the segment used in all content manifests inside of the endpoint. You can't use spaces in the name.

+ TsUseAudioRenditionGroup: + type: boolean + description:

When selected, MediaPackage bundles all audio tracks in a rendition group. All other tracks in the stream can be used with any audio rendition from the group.

+ IncludeIframeOnlyStreams: + type: boolean + description:

When selected, the stream set includes an additional I-frame only stream, along with the other tracks. If false, this extra stream is not included. MediaPackage generates an I-frame only stream from the first rendition in the manifest. The service inserts EXT-I-FRAMES-ONLY tags in the output manifest, and then generates and includes an I-frames only playlist in the stream. This playlist permits player functionality like fast forward and rewind.

+ TsIncludeDvbSubtitles: + type: boolean + description:

By default, MediaPackage excludes all digital video broadcasting (DVB) subtitles from the output. When selected, MediaPackage passes through DVB subtitles into the output.

+ Scte: + $ref: '#/components/schemas/Scte' + Encryption: + $ref: '#/components/schemas/Encryption' + additionalProperties: false + SpekeKeyProvider: + type: object + description:

The parameters for the SPEKE key provider.

+ properties: + EncryptionContractConfiguration: + $ref: '#/components/schemas/EncryptionContractConfiguration' + ResourceId: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[0-9a-zA-Z_-]+$ + description: |- +

The unique identifier for the content. The service sends this to the key server to identify the current endpoint. How unique you make this depends on how fine-grained you want access controls to be. The service does not permit you to use the same ID for two simultaneous encryption processes. The resource ID is also known as the content ID.

+

The following example shows a resource ID: MovieNight20171126093045 +

+ DrmSystems: + type: array + items: + $ref: '#/components/schemas/DrmSystem' + maxItems: 4 + minItems: 1 + description:

The DRM solution provider you're using to protect your content during distribution.

+ RoleArn: + type: string + maxLength: 2048 + minLength: 1 + description: |- +

The ARN for the IAM role granted by the key provider that provides access to the key provider API. This role must have a trust policy that allows MediaPackage to assume the role, and it must have a sufficient permissions policy to allow access to the specific key retrieval URL. Get this from your DRM solution provider.

+

Valid format: arn:aws:iam::{accountID}:role/{name}. The following example shows a role ARN: arn:aws:iam::444455556666:role/SpekeAccess +

+ Url: + type: string + maxLength: 1024 + minLength: 1 + description: |- +

The URL of the API Gateway proxy that you set up to talk to your key server. The API Gateway proxy must reside in the same AWS Region as MediaPackage and must start with https://.

+

The following example shows a URL: https://1wm2dx1f33.execute-api.us-west-2.amazonaws.com/SpekeSample/copyProtection +

+ required: + - DrmSystems + - EncryptionContractConfiguration + - ResourceId + - RoleArn + - Url + additionalProperties: false + TsEncryptionMethod: + type: string + enum: + - AES_128 + - SAMPLE_AES + OriginEndpoint: + type: object + properties: + Arn: + type: string + description:

The Amazon Resource Name (ARN) associated with the resource.

+ ChannelGroupName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + ChannelName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + ContainerType: + $ref: '#/components/schemas/ContainerType' + CreatedAt: + type: string + description:

The date and time the origin endpoint was created.

+ format: date-time + Description: + type: string + maxLength: 1024 + minLength: 0 + description:

Enter any descriptive text that helps you to identify the origin endpoint.

+ HlsManifests: + type: array + items: + $ref: '#/components/schemas/HlsManifestConfiguration' + description:

An HTTP live streaming (HLS) manifest configuration.

+ LowLatencyHlsManifests: + type: array + items: + $ref: '#/components/schemas/LowLatencyHlsManifestConfiguration' + description:

A low-latency HLS manifest configuration.

+ ModifiedAt: + type: string + description:

The date and time the origin endpoint was modified.

+ format: date-time + OriginEndpointName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + Segment: + $ref: '#/components/schemas/Segment' + StartoverWindowSeconds: + type: integer + maximum: 1209600 + minimum: 60 + description:

The size of the window (in seconds) to create a window of the live stream that's available for on-demand viewing. Viewers can start-over or catch-up on content that falls within the window. The maximum startover window is 1,209,600 seconds (14 days).

+ Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - ChannelGroupName + - ChannelName + - OriginEndpointName + x-stackql-resource-name: origin_endpoint + description:

Represents an origin endpoint that is associated with a channel, offering a dynamically repackaged version of its content through various streaming media protocols. The content can be efficiently disseminated to end-users via a Content Delivery Network (CDN), like Amazon CloudFront.

+ x-type-name: AWS::MediaPackageV2::OriginEndpoint + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - ChannelGroupName + - ChannelName + - OriginEndpointName + x-create-only-properties: + - ChannelGroupName + - ChannelName + - OriginEndpointName + x-read-only-properties: + - Arn + - CreatedAt + - ModifiedAt + - LowLatencyHlsManifests/*/Url + - HlsManifests/*/Url + x-required-properties: + - ChannelGroupName + - ChannelName + - OriginEndpointName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - mediapackagev2:TagResource + - mediapackagev2:CreateOriginEndpoint + - iam:PassRole + read: + - mediapackagev2:GetOriginEndpoint + update: + - mediapackagev2:TagResource + - mediapackagev2:UntagResource + - mediapackagev2:ListTagsForResource + - mediapackagev2:UpdateOriginEndpoint + - iam:PassRole + delete: + - mediapackagev2:GetOriginEndpoint + - mediapackagev2:DeleteOriginEndpoint + list: + - mediapackagev2:ListOriginEndpoints + OriginEndpointPolicy: + type: object + properties: + ChannelGroupName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + ChannelName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + OriginEndpointName: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + Policy: + type: object + required: + - ChannelGroupName + - ChannelName + - OriginEndpointName + - Policy + x-stackql-resource-name: origin_endpoint_policy + description:

Represents a resource policy that allows or denies access to an origin endpoint.

+ x-type-name: AWS::MediaPackageV2::OriginEndpointPolicy + x-stackql-primary-identifier: + - ChannelGroupName + - ChannelName + - OriginEndpointName + x-create-only-properties: + - ChannelGroupName + - ChannelName + - OriginEndpointName + x-required-properties: + - ChannelGroupName + - ChannelName + - OriginEndpointName + - Policy + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - mediapackagev2:GetOriginEndpointPolicy + - mediapackagev2:PutOriginEndpointPolicy + read: + - mediapackagev2:GetOriginEndpointPolicy + update: + - mediapackagev2:GetOriginEndpointPolicy + - mediapackagev2:PutOriginEndpointPolicy + delete: + - mediapackagev2:GetOriginEndpointPolicy + - mediapackagev2:DeleteOriginEndpointPolicy + x-stackQL-resources: + channels: + name: channels + id: aws.mediapackagev2.channels + x-cfn-schema-name: Channel + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackageV2::Channel' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackageV2::Channel' + AND region = 'us-east-1' + channel: + name: channel + id: aws.mediapackagev2.channel + x-cfn-schema-name: Channel + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ChannelGroupName') as channel_group_name, + JSON_EXTRACT(Properties, '$.ChannelName') as channel_name, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.IngestEndpoints') as ingest_endpoints, + JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackageV2::Channel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ChannelGroupName') as channel_group_name, + json_extract_path_text(Properties, 'ChannelName') as channel_name, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'IngestEndpoints') as ingest_endpoints, + json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackageV2::Channel' + AND data__Identifier = '' + AND region = 'us-east-1' + channel_groups: + name: channel_groups + id: aws.mediapackagev2.channel_groups + x-cfn-schema-name: ChannelGroup + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackageV2::ChannelGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackageV2::ChannelGroup' + AND region = 'us-east-1' + channel_group: + name: channel_group + id: aws.mediapackagev2.channel_group + x-cfn-schema-name: ChannelGroup + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ChannelGroupName') as channel_group_name, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EgressDomain') as egress_domain, + JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackageV2::ChannelGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ChannelGroupName') as channel_group_name, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EgressDomain') as egress_domain, + json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackageV2::ChannelGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + channel_policy: + name: channel_policy + id: aws.mediapackagev2.channel_policy + x-cfn-schema-name: ChannelPolicy + x-type: get + x-identifiers: + - ChannelGroupName + - ChannelName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ChannelGroupName') as channel_group_name, + JSON_EXTRACT(Properties, '$.ChannelName') as channel_name, + JSON_EXTRACT(Properties, '$.Policy') as policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackageV2::ChannelPolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ChannelGroupName') as channel_group_name, + json_extract_path_text(Properties, 'ChannelName') as channel_name, + json_extract_path_text(Properties, 'Policy') as policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackageV2::ChannelPolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + origin_endpoints: + name: origin_endpoints + id: aws.mediapackagev2.origin_endpoints + x-cfn-schema-name: OriginEndpoint + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackageV2::OriginEndpoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaPackageV2::OriginEndpoint' + AND region = 'us-east-1' + origin_endpoint: + name: origin_endpoint + id: aws.mediapackagev2.origin_endpoint + x-cfn-schema-name: OriginEndpoint + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ChannelGroupName') as channel_group_name, + JSON_EXTRACT(Properties, '$.ChannelName') as channel_name, + JSON_EXTRACT(Properties, '$.ContainerType') as container_type, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.HlsManifests') as hls_manifests, + JSON_EXTRACT(Properties, '$.LowLatencyHlsManifests') as low_latency_hls_manifests, + JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.OriginEndpointName') as origin_endpoint_name, + JSON_EXTRACT(Properties, '$.Segment') as segment, + JSON_EXTRACT(Properties, '$.StartoverWindowSeconds') as startover_window_seconds, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackageV2::OriginEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ChannelGroupName') as channel_group_name, + json_extract_path_text(Properties, 'ChannelName') as channel_name, + json_extract_path_text(Properties, 'ContainerType') as container_type, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'HlsManifests') as hls_manifests, + json_extract_path_text(Properties, 'LowLatencyHlsManifests') as low_latency_hls_manifests, + json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'OriginEndpointName') as origin_endpoint_name, + json_extract_path_text(Properties, 'Segment') as segment, + json_extract_path_text(Properties, 'StartoverWindowSeconds') as startover_window_seconds, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackageV2::OriginEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + origin_endpoint_policy: + name: origin_endpoint_policy + id: aws.mediapackagev2.origin_endpoint_policy + x-cfn-schema-name: OriginEndpointPolicy + x-type: get + x-identifiers: + - ChannelGroupName + - ChannelName + - OriginEndpointName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ChannelGroupName') as channel_group_name, + JSON_EXTRACT(Properties, '$.ChannelName') as channel_name, + JSON_EXTRACT(Properties, '$.OriginEndpointName') as origin_endpoint_name, + JSON_EXTRACT(Properties, '$.Policy') as policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackageV2::OriginEndpointPolicy' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ChannelGroupName') as channel_group_name, + json_extract_path_text(Properties, 'ChannelName') as channel_name, + json_extract_path_text(Properties, 'OriginEndpointName') as origin_endpoint_name, + json_extract_path_text(Properties, 'Policy') as policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackageV2::OriginEndpointPolicy' + AND data__Identifier = '||' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/mediatailor.yaml b/providers/src/aws/v00.00.00000/services/mediatailor.yaml new file mode 100644 index 00000000..0b44b105 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/mediatailor.yaml @@ -0,0 +1,1113 @@ +openapi: 3.0.0 +info: + title: MediaTailor + version: 1.0.0 +paths: {} +components: + schemas: + DashPlaylistSettings: + type: object + description:

Dash manifest configuration parameters.

+ properties: + ManifestWindowSeconds: + type: number + description: '

The total duration (in seconds) of each manifest. Minimum value: 30 seconds. Maximum value: 3600 seconds.

' + MinBufferTimeSeconds: + type: number + description: '

Minimum amount of content (measured in seconds) that a player must keep available in the buffer. Minimum value: 2 seconds. Maximum value: 60 seconds.

' + MinUpdatePeriodSeconds: + type: number + description: '

Minimum amount of time (in seconds) that the player should wait before requesting updates to the manifest. Minimum value: 2 seconds. Maximum value: 60 seconds.

' + SuggestedPresentationDelaySeconds: + type: number + description: '

Amount of time (in seconds) that the player should be from the live point at the end of the manifest. Minimum value: 2 seconds. Maximum value: 60 seconds.

' + additionalProperties: false + HlsPlaylistSettings: + type: object + description:

HLS playlist configuration parameters.

+ properties: + ManifestWindowSeconds: + type: number + description: '

The total duration (in seconds) of each manifest. Minimum value: 30 seconds. Maximum value: 3600 seconds.

' + AdMarkupType: + type: array + items: + $ref: '#/components/schemas/AdMarkupType' + description:

Determines the type of SCTE 35 tags to use in ad markup. Specify DATERANGE to use DATERANGE tags (for live or VOD content). Specify SCTE35_ENHANCED to use EXT-X-CUE-OUT and EXT-X-CUE-IN tags (for VOD content only).

+ additionalProperties: false + LogConfigurationForChannel: + type: object + description:

The log configuration for the channel.

+ properties: + LogTypes: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/LogType' + description:

The log types.

+ additionalProperties: false + LogType: + type: string + enum: + - AS_RUN + PlaybackMode: + type: string + enum: + - LOOP + - LINEAR + AdMarkupType: + type: string + enum: + - DATERANGE + - SCTE35_ENHANCED + RequestOutputItem: + type: object + description:

The output configuration for this channel.

+ properties: + DashPlaylistSettings: + $ref: '#/components/schemas/DashPlaylistSettings' + HlsPlaylistSettings: + $ref: '#/components/schemas/HlsPlaylistSettings' + ManifestName: + type: string + description:

The name of the manifest for the channel. The name appears in the PlaybackUrl.

+ SourceGroup: + type: string + description:

A string used to match which HttpPackageConfiguration is used for each VodSource.

+ required: + - ManifestName + - SourceGroup + additionalProperties: false + SlateSource: + type: object + description:

Slate VOD source configuration.

+ properties: + SourceLocationName: + type: string + description:

The name of the source location where the slate VOD source is stored.

+ VodSourceName: + type: string + description:

The slate VOD source name. The VOD source must already exist in a source location before it can be used for slate.

+ additionalProperties: false + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + Value: + type: string + required: + - Value + - Key + Tier: + type: string + enum: + - BASIC + - STANDARD + TimeShiftConfiguration: + type: object + description:

The configuration for time-shifted viewing.

+ properties: + MaxTimeDelaySeconds: + type: number + description:

The maximum time delay for time-shifted viewing. The minimum allowed maximum time delay is 0 seconds, and the maximum allowed maximum time delay is 21600 seconds (6 hours).

+ required: + - MaxTimeDelaySeconds + additionalProperties: false + Channel: + type: object + properties: + Arn: + type: string + description:

The ARN of the channel.

+ Audiences: + type: array + items: + type: string + description:

The list of audiences defined in channel.

+ ChannelName: + type: string + FillerSlate: + $ref: '#/components/schemas/SlateSource' + LogConfiguration: + $ref: '#/components/schemas/LogConfigurationForChannel' + Outputs: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/RequestOutputItem' + description:

The channel's output properties.

+ PlaybackMode: + $ref: '#/components/schemas/PlaybackMode' + Tags: + description: The tags to assign to the channel. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Tier: + $ref: '#/components/schemas/Tier' + TimeShiftConfiguration: + $ref: '#/components/schemas/TimeShiftConfiguration' + required: + - ChannelName + - Outputs + - PlaybackMode + x-stackql-resource-name: channel + description: Definition of AWS::MediaTailor::Channel Resource Type + x-type-name: AWS::MediaTailor::Channel + x-stackql-primary-identifier: + - ChannelName + x-create-only-properties: + - ChannelName + - Tier + x-write-only-properties: + - Outputs + x-read-only-properties: + - Arn + x-required-properties: + - ChannelName + - Outputs + - PlaybackMode + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - mediatailor:CreateChannel + - mediatailor:TagResource + - mediatailor:ConfigureLogsForChannel + - iam:CreateServiceLinkedRole + - mediatailor:DescribeChannel + read: + - mediatailor:DescribeChannel + update: + - mediatailor:UpdateChannel + - mediatailor:TagResource + - mediatailor:UntagResource + - iam:CreateServiceLinkedRole + - mediatailor:ConfigureLogsForChannel + - mediatailor:DescribeChannel + delete: + - mediatailor:DeleteChannel + - mediatailor:DescribeChannel + list: + - mediatailor:ListChannels + ChannelPolicy: + type: object + properties: + ChannelName: + type: string + Policy: + type: object + description:

The IAM policy for the channel. IAM policies are used to control access to your channel.

+ required: + - ChannelName + - Policy + x-stackql-resource-name: channel_policy + description: Definition of AWS::MediaTailor::ChannelPolicy Resource Type + x-type-name: AWS::MediaTailor::ChannelPolicy + x-stackql-primary-identifier: + - ChannelName + x-create-only-properties: + - ChannelName + x-required-properties: + - ChannelName + - Policy + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - mediatailor:PutChannelPolicy + - mediatailor:GetChannelPolicy + read: + - mediatailor:GetChannelPolicy + update: + - mediatailor:PutChannelPolicy + - mediatailor:GetChannelPolicy + delete: + - mediatailor:DeleteChannelPolicy + - mediatailor:GetChannelPolicy + HttpPackageConfiguration: + type: object + description:

The HTTP package configuration properties for the requested VOD source.

+ properties: + Path: + type: string + description:

The relative path to the URL for this VOD source. This is combined with SourceLocation::HttpConfiguration::BaseUrl to form a valid URL.

+ SourceGroup: + type: string + description:

The name of the source group. This has to match one of the Channel::Outputs::SourceGroup.

+ Type: + $ref: '#/components/schemas/Type' + required: + - Path + - SourceGroup + - Type + additionalProperties: false + Type: + type: string + enum: + - DASH + - HLS + LiveSource: + type: object + properties: + Arn: + type: string + description:

The ARN of the live source.

+ HttpPackageConfigurations: + type: array + items: + $ref: '#/components/schemas/HttpPackageConfiguration' + description:

A list of HTTP package configuration parameters for this live source.

+ LiveSourceName: + type: string + SourceLocationName: + type: string + Tags: + description: The tags to assign to the live source. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - HttpPackageConfigurations + - LiveSourceName + - SourceLocationName + x-stackql-resource-name: live_source + description: Definition of AWS::MediaTailor::LiveSource Resource Type + x-type-name: AWS::MediaTailor::LiveSource + x-stackql-primary-identifier: + - LiveSourceName + - SourceLocationName + x-create-only-properties: + - LiveSourceName + - SourceLocationName + x-read-only-properties: + - Arn + x-required-properties: + - HttpPackageConfigurations + - LiveSourceName + - SourceLocationName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - mediatailor:CreateLiveSource + - mediatailor:DescribeLiveSource + - mediatailor:TagResource + read: + - mediatailor:DescribeLiveSource + update: + - mediatailor:UpdateLiveSource + - mediatailor:DescribeLiveSource + - mediatailor:TagResource + - mediatailor:UntagResource + delete: + - mediatailor:DeleteLiveSource + - mediatailor:DescribeLiveSource + list: + - mediatailor:ListLiveSources + AvailSuppression: + description: The configuration for avail suppression, also known as ad suppression. For more information about ad suppression, see Ad Suppression (https://docs.aws.amazon.com/mediatailor/latest/ug/ad-behavior.html). + type: object + additionalProperties: false + properties: + Mode: + description: Sets the ad suppression mode. By default, ad suppression is set to OFF and all ad breaks are filled with ads or slate. When Mode is set to BEHIND_LIVE_EDGE, ad suppression is active and MediaTailor won't fill ad breaks on or behind the ad suppression Value time in the manifest lookback window. + type: string + enum: + - 'OFF' + - BEHIND_LIVE_EDGE + Value: + description: >- + A live edge offset time in HH:MM:SS. MediaTailor won't fill ad breaks on or behind this time in the manifest lookback window. If Value is set to 00:00:00, it is in sync with the live edge, and MediaTailor won't fill any ad breaks on or behind the live edge. If you set a Value time, MediaTailor won't fill any ad breaks on or behind this time in the manifest lookback window. For example, if you set 00:45:00, then MediaTailor will fill ad breaks that occur within 45 minutes behind the + live edge, but won't fill ad breaks on or behind 45 minutes behind the live edge. + type: string + Bumper: + description: The configuration for bumpers. Bumpers are short audio or video clips that play at the start or before the end of an ad break. To learn more about bumpers, see Bumpers (https://docs.aws.amazon.com/mediatailor/latest/ug/bumpers.html). + type: object + additionalProperties: false + properties: + StartUrl: + description: The URL for the start bumper asset. + type: string + EndUrl: + description: The URL for the end bumper asset. + type: string + CdnConfiguration: + description: The configuration for using a content delivery network (CDN), like Amazon CloudFront, for content and ad segment management. + type: object + additionalProperties: false + properties: + AdSegmentUrlPrefix: + description: A non-default content delivery network (CDN) to serve ad segments. By default, AWS Elemental MediaTailor uses Amazon CloudFront with default cache settings as its CDN for ad segments. To set up an alternate CDN, create a rule in your CDN for the origin ads.mediatailor.<region>.amazonaws.com. Then specify the rule's name in this AdSegmentUrlPrefix. When AWS Elemental MediaTailor serves a manifest, it reports your CDN as the source for ad segments. + type: string + ContentSegmentUrlPrefix: + description: A content delivery network (CDN) to cache content segments, so that content requests don't always have to go to the origin server. First, create a rule in your CDN for the content segment origin server. Then specify the rule's name in this ContentSegmentUrlPrefix. When AWS Elemental MediaTailor serves a manifest, it reports your CDN as the source for content segments. + type: string + ConfigurationAliases: + description: The predefined aliases for dynamic variables. + additionalProperties: false + x-patternProperties: + player_params\.\w+\Z: + type: object + DashConfiguration: + description: The configuration for DASH PUT operations. + type: object + additionalProperties: false + properties: + MpdLocation: + description: >- + The setting that controls whether MediaTailor includes the Location tag in DASH manifests. MediaTailor populates the Location tag with the URL for manifest update requests, to be used by players that don't support sticky redirects. Disable this if you have CDN routing rules set up for accessing MediaTailor manifests, and you are either using client-side reporting or your players support sticky HTTP redirects. Valid values are DISABLED and EMT_DEFAULT. The EMT_DEFAULT setting enables + the inclusion of the tag and is the default value. + type: string + OriginManifestType: + description: The setting that controls whether MediaTailor handles manifests from the origin server as multi-period manifests or single-period manifests. If your origin server produces single-period manifests, set this to SINGLE_PERIOD. The default setting is MULTI_PERIOD. For multi-period manifests, omit this setting or set it to MULTI_PERIOD. + type: string + enum: + - SINGLE_PERIOD + - MULTI_PERIOD + ManifestEndpointPrefix: + description: The URL generated by MediaTailor to initiate a DASH playback session. The session uses server-side reporting. + type: string + LivePreRollConfiguration: + description: The configuration for pre-roll ad insertion. + type: object + additionalProperties: false + properties: + AdDecisionServerUrl: + description: The URL for the ad decision server (ADS) for pre-roll ads. This includes the specification of static parameters and placeholders for dynamic parameters. AWS Elemental MediaTailor substitutes player-specific and session-specific parameters as needed when calling the ADS. Alternately, for testing, you can provide a static VAST URL. The maximum length is 25,000 characters. + type: string + MaxDurationSeconds: + description: The maximum allowed duration for the pre-roll ad avail. AWS Elemental MediaTailor won't play pre-roll ads to exceed this duration, regardless of the total duration of ads that the ADS returns. + type: integer + ManifestProcessingRules: + description: The configuration for manifest processing rules. Manifest processing rules enable customization of the personalized manifests created by MediaTailor. + type: object + additionalProperties: false + properties: + AdMarkerPassthrough: + description: For HLS, when set to true, MediaTailor passes through EXT-X-CUE-IN, EXT-X-CUE-OUT, and EXT-X-SPLICEPOINT-SCTE35 ad markers from the origin manifest to the MediaTailor personalized manifest. No logic is applied to these ad markers. For example, if EXT-X-CUE-OUT has a value of 60, but no ads are filled for that ad break, MediaTailor will not set the value to 0. + $ref: '#/components/schemas/AdMarkerPassthrough' + AdMarkerPassthrough: + description: For HLS, when set to true, MediaTailor passes through EXT-X-CUE-IN, EXT-X-CUE-OUT, and EXT-X-SPLICEPOINT-SCTE35 ad markers from the origin manifest to the MediaTailor personalized manifest. No logic is applied to these ad markers. For example, if EXT-X-CUE-OUT has a value of 60, but no ads are filled for that ad break, MediaTailor will not set the value to 0. + type: object + additionalProperties: false + properties: + Enabled: + description: Enables ad marker passthrough for your configuration. + type: boolean + HlsConfiguration: + type: object + additionalProperties: false + properties: + ManifestEndpointPrefix: + description: The URL that is used to initiate a playback session for devices that support Apple HLS. The session uses server-side reporting. + type: string + PlaybackConfiguration: + type: object + properties: + AdDecisionServerUrl: + description: The URL for the ad decision server (ADS). This includes the specification of static parameters and placeholders for dynamic parameters. AWS Elemental MediaTailor substitutes player-specific and session-specific parameters as needed when calling the ADS. Alternately, for testing you can provide a static VAST URL. The maximum length is 25,000 characters. + type: string + AvailSuppression: + description: The configuration for avail suppression, also known as ad suppression. For more information about ad suppression, see Ad Suppression (https://docs.aws.amazon.com/mediatailor/latest/ug/ad-behavior.html). + $ref: '#/components/schemas/AvailSuppression' + Bumper: + description: The configuration for bumpers. Bumpers are short audio or video clips that play at the start or before the end of an ad break. To learn more about bumpers, see Bumpers (https://docs.aws.amazon.com/mediatailor/latest/ug/bumpers.html). + $ref: '#/components/schemas/Bumper' + CdnConfiguration: + description: The configuration for using a content delivery network (CDN), like Amazon CloudFront, for content and ad segment management. + $ref: '#/components/schemas/CdnConfiguration' + ConfigurationAliases: + description: 'The player parameters and aliases used as dynamic variables during session initialization. For more information, see Domain Variables. ' + $ref: '#/components/schemas/ConfigurationAliases' + DashConfiguration: + description: The configuration for DASH content. + $ref: '#/components/schemas/DashConfiguration' + LivePreRollConfiguration: + description: The configuration for pre-roll ad insertion. + $ref: '#/components/schemas/LivePreRollConfiguration' + ManifestProcessingRules: + description: The configuration for manifest processing rules. Manifest processing rules enable customization of the personalized manifests created by MediaTailor. + $ref: '#/components/schemas/ManifestProcessingRules' + Name: + description: The identifier for the playback configuration. + type: string + pattern: ^[a-zA-Z0-9_-]+$ + maxLength: 64 + minLength: 1 + PersonalizationThresholdSeconds: + description: >- + Defines the maximum duration of underfilled ad time (in seconds) allowed in an ad break. If the duration of underfilled ad time exceeds the personalization threshold, then the personalization of the ad break is abandoned and the underlying content is shown. This feature applies to ad replacement in live and VOD streams, rather than ad insertion, because it relies on an underlying content stream. For more information about ad break behavior, including ad replacement and insertion, see + Ad Behavior in AWS Elemental MediaTailor (https://docs.aws.amazon.com/mediatailor/latest/ug/ad-behavior.html). + type: integer + SessionInitializationEndpointPrefix: + description: The URL that the player uses to initialize a session that uses client-side reporting. + type: string + HlsConfiguration: + description: The configuration for HLS content. + $ref: '#/components/schemas/HlsConfiguration' + PlaybackConfigurationArn: + description: The Amazon Resource Name (ARN) for the playback configuration. + type: string + PlaybackEndpointPrefix: + description: The URL that the player accesses to get a manifest from MediaTailor. This session will use server-side reporting. + type: string + SlateAdUrl: + description: The URL for a high-quality video asset to transcode and use to fill in time that's not used by ads. AWS Elemental MediaTailor shows the slate to fill in gaps in media content. Configuring the slate is optional for non-VPAID configurations. For VPAID, the slate is required because MediaTailor provides it in the slots that are designated for dynamic ad content. The slate must be a high-quality asset that contains both audio and video. + type: string + Tags: + description: The tags to assign to the playback configuration. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + TranscodeProfileName: + description: The name that is used to associate this playback configuration with a custom transcode profile. This overrides the dynamic transcoding defaults of MediaTailor. Use this only if you have already set up custom profiles with the help of AWS Support. + type: string + VideoContentSourceUrl: + description: The URL prefix for the parent manifest for the stream, minus the asset ID. The maximum length is 512 characters. + type: string + required: + - Name + - VideoContentSourceUrl + - AdDecisionServerUrl + x-stackql-resource-name: playback_configuration + description: Resource schema for AWS::MediaTailor::PlaybackConfiguration + x-type-name: AWS::MediaTailor::PlaybackConfiguration + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - SessionInitializationEndpointPrefix + - HlsConfiguration/ManifestEndpointPrefix + - DashConfiguration/ManifestEndpointPrefix + - PlaybackConfigurationArn + - PlaybackEndpointPrefix + x-required-properties: + - Name + - VideoContentSourceUrl + - AdDecisionServerUrl + x-tagging: + taggable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - mediatailor:PutPlaybackConfiguration + - mediatailor:ConfigureLogsForPlaybackConfiguration + - iam:CreateServiceLinkedRole + - mediatailor:UntagResource + - mediatailor:TagResource + read: + - mediatailor:GetPlaybackConfiguration + update: + - mediatailor:PutPlaybackConfiguration + - mediatailor:ConfigureLogsForPlaybackConfiguration + - iam:CreateServiceLinkedRole + - mediatailor:UntagResource + - mediatailor:TagResource + delete: + - mediatailor:DeletePlaybackConfiguration + list: + - mediatailor:ListPlaybackConfigurations + AccessConfiguration: + type: object + description:

Access configuration parameters.

+ properties: + AccessType: + $ref: '#/components/schemas/AccessType' + SecretsManagerAccessTokenConfiguration: + $ref: '#/components/schemas/SecretsManagerAccessTokenConfiguration' + additionalProperties: false + AccessType: + type: string + enum: + - S3_SIGV4 + - SECRETS_MANAGER_ACCESS_TOKEN + - AUTODETECT_SIGV4 + DefaultSegmentDeliveryConfiguration: + type: object + description:

The optional configuration for a server that serves segments. Use this if you want the segment delivery server to be different from the source location server. For example, you can configure your source location server to be an origination server, such as MediaPackage, and the segment delivery server to be a content delivery network (CDN), such as CloudFront. If you don't specify a segment delivery server, then the source location server is used.

+ properties: + BaseUrl: + type: string + description:

The hostname of the server that will be used to serve segments. This string must include the protocol, such as https://.

+ additionalProperties: false + HttpConfiguration: + type: object + description:

The HTTP configuration for the source location.

+ properties: + BaseUrl: + type: string + description:

The base URL for the source location host server. This string must include the protocol, such as https://.

+ required: + - BaseUrl + additionalProperties: false + SecretsManagerAccessTokenConfiguration: + type: object + description:

AWS Secrets Manager access token configuration parameters. For information about Secrets Manager access token authentication, see Working with AWS Secrets Manager access token authentication.

+ properties: + HeaderName: + type: string + description:

The name of the HTTP header used to supply the access token in requests to the source location.

+ SecretArn: + type: string + description:

The Amazon Resource Name (ARN) of the AWS Secrets Manager secret that contains the access token.

+ SecretStringKey: + type: string + description:

The AWS Secrets Manager SecretString key associated with the access token. MediaTailor uses the key to look up SecretString key and value pair containing the access token.

+ additionalProperties: false + SegmentDeliveryConfiguration: + type: object + description:

The segment delivery configuration settings.

+ properties: + BaseUrl: + type: string + description:

The base URL of the host or path of the segment delivery server that you're using to serve segments. This is typically a content delivery network (CDN). The URL can be absolute or relative. To use an absolute URL include the protocol, such as https://example.com/some/path. To use a relative URL specify the relative path, such as /some/path*.

+ Name: + type: string + description:

A unique identifier used to distinguish between multiple segment delivery configurations in a source location.

+ additionalProperties: false + SourceLocation: + type: object + properties: + AccessConfiguration: + $ref: '#/components/schemas/AccessConfiguration' + Arn: + type: string + description:

The ARN of the source location.

+ DefaultSegmentDeliveryConfiguration: + $ref: '#/components/schemas/DefaultSegmentDeliveryConfiguration' + HttpConfiguration: + $ref: '#/components/schemas/HttpConfiguration' + SegmentDeliveryConfigurations: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/SegmentDeliveryConfiguration' + description:

A list of the segment delivery configurations associated with this resource.

+ SourceLocationName: + type: string + Tags: + description: The tags to assign to the source location. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - HttpConfiguration + - SourceLocationName + x-stackql-resource-name: source_location + description: Definition of AWS::MediaTailor::SourceLocation Resource Type + x-type-name: AWS::MediaTailor::SourceLocation + x-stackql-primary-identifier: + - SourceLocationName + x-create-only-properties: + - SourceLocationName + x-read-only-properties: + - Arn + x-required-properties: + - HttpConfiguration + - SourceLocationName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - mediatailor:CreateSourceLocation + - mediatailor:DescribeSourceLocation + - mediatailor:TagResource + - secretsmanager:DescribeSecret + - secretsmanager:GetSecretValue + - kms:CreateGrant + read: + - mediatailor:DescribeSourceLocation + update: + - mediatailor:DescribeSourceLocation + - mediatailor:TagResource + - mediatailor:UntagResource + - mediatailor:UpdateSourceLocation + - secretsmanager:DescribeSecret + - secretsmanager:GetSecretValue + - kms:CreateGrant + delete: + - mediatailor:DeleteSourceLocation + - mediatailor:DescribeSourceLocation + list: + - mediatailor:ListSourceLocations + VodSource: + type: object + properties: + Arn: + type: string + description:

The ARN of the VOD source.

+ HttpPackageConfigurations: + type: array + items: + $ref: '#/components/schemas/HttpPackageConfiguration' + description:

A list of HTTP package configuration parameters for this VOD source.

+ SourceLocationName: + type: string + Tags: + description: The tags to assign to the VOD source. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + VodSourceName: + type: string + required: + - HttpPackageConfigurations + - SourceLocationName + - VodSourceName + x-stackql-resource-name: vod_source + description: Definition of AWS::MediaTailor::VodSource Resource Type + x-type-name: AWS::MediaTailor::VodSource + x-stackql-primary-identifier: + - SourceLocationName + - VodSourceName + x-create-only-properties: + - SourceLocationName + - VodSourceName + x-read-only-properties: + - Arn + x-required-properties: + - HttpPackageConfigurations + - SourceLocationName + - VodSourceName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - mediatailor:CreateVodSource + - mediatailor:DescribeVodSource + - mediatailor:TagResource + read: + - mediatailor:DescribeVodSource + update: + - mediatailor:DescribeVodSource + - mediatailor:TagResource + - mediatailor:UntagResource + - mediatailor:UpdateVodSource + delete: + - mediatailor:DeleteVodSource + - mediatailor:DescribeVodSource + list: + - mediatailor:ListVodSources + x-stackQL-resources: + channels: + name: channels + id: aws.mediatailor.channels + x-cfn-schema-name: Channel + x-type: list + x-identifiers: + - ChannelName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ChannelName') as channel_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaTailor::Channel' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ChannelName') as channel_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaTailor::Channel' + AND region = 'us-east-1' + channel: + name: channel + id: aws.mediatailor.channel + x-cfn-schema-name: Channel + x-type: get + x-identifiers: + - ChannelName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Audiences') as audiences, + JSON_EXTRACT(Properties, '$.ChannelName') as channel_name, + JSON_EXTRACT(Properties, '$.FillerSlate') as filler_slate, + JSON_EXTRACT(Properties, '$.LogConfiguration') as log_configuration, + JSON_EXTRACT(Properties, '$.Outputs') as outputs, + JSON_EXTRACT(Properties, '$.PlaybackMode') as playback_mode, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Tier') as tier, + JSON_EXTRACT(Properties, '$.TimeShiftConfiguration') as time_shift_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaTailor::Channel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Audiences') as audiences, + json_extract_path_text(Properties, 'ChannelName') as channel_name, + json_extract_path_text(Properties, 'FillerSlate') as filler_slate, + json_extract_path_text(Properties, 'LogConfiguration') as log_configuration, + json_extract_path_text(Properties, 'Outputs') as outputs, + json_extract_path_text(Properties, 'PlaybackMode') as playback_mode, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Tier') as tier, + json_extract_path_text(Properties, 'TimeShiftConfiguration') as time_shift_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaTailor::Channel' + AND data__Identifier = '' + AND region = 'us-east-1' + channel_policy: + name: channel_policy + id: aws.mediatailor.channel_policy + x-cfn-schema-name: ChannelPolicy + x-type: get + x-identifiers: + - ChannelName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ChannelName') as channel_name, + JSON_EXTRACT(Properties, '$.Policy') as policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaTailor::ChannelPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ChannelName') as channel_name, + json_extract_path_text(Properties, 'Policy') as policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaTailor::ChannelPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + live_sources: + name: live_sources + id: aws.mediatailor.live_sources + x-cfn-schema-name: LiveSource + x-type: list + x-identifiers: + - LiveSourceName + - SourceLocationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LiveSourceName') as live_source_name, + JSON_EXTRACT(Properties, '$.SourceLocationName') as source_location_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaTailor::LiveSource' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LiveSourceName') as live_source_name, + json_extract_path_text(Properties, 'SourceLocationName') as source_location_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaTailor::LiveSource' + AND region = 'us-east-1' + live_source: + name: live_source + id: aws.mediatailor.live_source + x-cfn-schema-name: LiveSource + x-type: get + x-identifiers: + - LiveSourceName + - SourceLocationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.HttpPackageConfigurations') as http_package_configurations, + JSON_EXTRACT(Properties, '$.LiveSourceName') as live_source_name, + JSON_EXTRACT(Properties, '$.SourceLocationName') as source_location_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaTailor::LiveSource' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'HttpPackageConfigurations') as http_package_configurations, + json_extract_path_text(Properties, 'LiveSourceName') as live_source_name, + json_extract_path_text(Properties, 'SourceLocationName') as source_location_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaTailor::LiveSource' + AND data__Identifier = '|' + AND region = 'us-east-1' + playback_configurations: + name: playback_configurations + id: aws.mediatailor.playback_configurations + x-cfn-schema-name: PlaybackConfiguration + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaTailor::PlaybackConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaTailor::PlaybackConfiguration' + AND region = 'us-east-1' + playback_configuration: + name: playback_configuration + id: aws.mediatailor.playback_configuration + x-cfn-schema-name: PlaybackConfiguration + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AdDecisionServerUrl') as ad_decision_server_url, + JSON_EXTRACT(Properties, '$.AvailSuppression') as avail_suppression, + JSON_EXTRACT(Properties, '$.Bumper') as bumper, + JSON_EXTRACT(Properties, '$.CdnConfiguration') as cdn_configuration, + JSON_EXTRACT(Properties, '$.ConfigurationAliases') as configuration_aliases, + JSON_EXTRACT(Properties, '$.DashConfiguration') as dash_configuration, + JSON_EXTRACT(Properties, '$.LivePreRollConfiguration') as live_pre_roll_configuration, + JSON_EXTRACT(Properties, '$.ManifestProcessingRules') as manifest_processing_rules, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.PersonalizationThresholdSeconds') as personalization_threshold_seconds, + JSON_EXTRACT(Properties, '$.SessionInitializationEndpointPrefix') as session_initialization_endpoint_prefix, + JSON_EXTRACT(Properties, '$.HlsConfiguration') as hls_configuration, + JSON_EXTRACT(Properties, '$.PlaybackConfigurationArn') as playback_configuration_arn, + JSON_EXTRACT(Properties, '$.PlaybackEndpointPrefix') as playback_endpoint_prefix, + JSON_EXTRACT(Properties, '$.SlateAdUrl') as slate_ad_url, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TranscodeProfileName') as transcode_profile_name, + JSON_EXTRACT(Properties, '$.VideoContentSourceUrl') as video_content_source_url + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaTailor::PlaybackConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AdDecisionServerUrl') as ad_decision_server_url, + json_extract_path_text(Properties, 'AvailSuppression') as avail_suppression, + json_extract_path_text(Properties, 'Bumper') as bumper, + json_extract_path_text(Properties, 'CdnConfiguration') as cdn_configuration, + json_extract_path_text(Properties, 'ConfigurationAliases') as configuration_aliases, + json_extract_path_text(Properties, 'DashConfiguration') as dash_configuration, + json_extract_path_text(Properties, 'LivePreRollConfiguration') as live_pre_roll_configuration, + json_extract_path_text(Properties, 'ManifestProcessingRules') as manifest_processing_rules, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'PersonalizationThresholdSeconds') as personalization_threshold_seconds, + json_extract_path_text(Properties, 'SessionInitializationEndpointPrefix') as session_initialization_endpoint_prefix, + json_extract_path_text(Properties, 'HlsConfiguration') as hls_configuration, + json_extract_path_text(Properties, 'PlaybackConfigurationArn') as playback_configuration_arn, + json_extract_path_text(Properties, 'PlaybackEndpointPrefix') as playback_endpoint_prefix, + json_extract_path_text(Properties, 'SlateAdUrl') as slate_ad_url, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TranscodeProfileName') as transcode_profile_name, + json_extract_path_text(Properties, 'VideoContentSourceUrl') as video_content_source_url + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaTailor::PlaybackConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + source_locations: + name: source_locations + id: aws.mediatailor.source_locations + x-cfn-schema-name: SourceLocation + x-type: list + x-identifiers: + - SourceLocationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SourceLocationName') as source_location_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaTailor::SourceLocation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SourceLocationName') as source_location_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaTailor::SourceLocation' + AND region = 'us-east-1' + source_location: + name: source_location + id: aws.mediatailor.source_location + x-cfn-schema-name: SourceLocation + x-type: get + x-identifiers: + - SourceLocationName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccessConfiguration') as access_configuration, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DefaultSegmentDeliveryConfiguration') as default_segment_delivery_configuration, + JSON_EXTRACT(Properties, '$.HttpConfiguration') as http_configuration, + JSON_EXTRACT(Properties, '$.SegmentDeliveryConfigurations') as segment_delivery_configurations, + JSON_EXTRACT(Properties, '$.SourceLocationName') as source_location_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaTailor::SourceLocation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccessConfiguration') as access_configuration, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DefaultSegmentDeliveryConfiguration') as default_segment_delivery_configuration, + json_extract_path_text(Properties, 'HttpConfiguration') as http_configuration, + json_extract_path_text(Properties, 'SegmentDeliveryConfigurations') as segment_delivery_configurations, + json_extract_path_text(Properties, 'SourceLocationName') as source_location_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaTailor::SourceLocation' + AND data__Identifier = '' + AND region = 'us-east-1' + vod_sources: + name: vod_sources + id: aws.mediatailor.vod_sources + x-cfn-schema-name: VodSource + x-type: list + x-identifiers: + - SourceLocationName + - VodSourceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SourceLocationName') as source_location_name, + JSON_EXTRACT(Properties, '$.VodSourceName') as vod_source_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaTailor::VodSource' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SourceLocationName') as source_location_name, + json_extract_path_text(Properties, 'VodSourceName') as vod_source_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaTailor::VodSource' + AND region = 'us-east-1' + vod_source: + name: vod_source + id: aws.mediatailor.vod_source + x-cfn-schema-name: VodSource + x-type: get + x-identifiers: + - SourceLocationName + - VodSourceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.HttpPackageConfigurations') as http_package_configurations, + JSON_EXTRACT(Properties, '$.SourceLocationName') as source_location_name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VodSourceName') as vod_source_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaTailor::VodSource' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'HttpPackageConfigurations') as http_package_configurations, + json_extract_path_text(Properties, 'SourceLocationName') as source_location_name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VodSourceName') as vod_source_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaTailor::VodSource' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/memorydb.yaml b/providers/src/aws/v00.00.00000/services/memorydb.yaml new file mode 100644 index 00000000..8251723e --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/memorydb.yaml @@ -0,0 +1,843 @@ +openapi: 3.0.0 +info: + title: MemoryDB + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with ''aws:''. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + pattern: ^(?!aws:)[a-zA-Z0-9 _\.\/=+:\-@]*$ + minLength: 1 + maxLength: 128 + Value: + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + pattern: ^[a-zA-Z0-9 _\.\/=+:\-@]*$ + minLength: 0 + maxLength: 256 + required: + - Key + ACL: + type: object + properties: + Status: + description: Indicates acl status. Can be "creating", "active", "modifying", "deleting". + type: string + ACLName: + description: The name of the acl. + pattern: '[a-z][a-z0-9\\-]*' + type: string + UserNames: + type: array + x-$comment: List of users. + uniqueItems: true + x-insertionOrder: true + items: + type: string + description: List of users associated to this acl. + Arn: + description: The Amazon Resource Name (ARN) of the acl. + type: string + Tags: + description: An array of key-value pairs to apply to this cluster. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - ACLName + x-stackql-resource-name: acl + description: Resource Type definition for AWS::MemoryDB::ACL + x-type-name: AWS::MemoryDB::ACL + x-stackql-primary-identifier: + - ACLName + x-create-only-properties: + - ACLName + x-read-only-properties: + - Status + - Arn + x-required-properties: + - ACLName + x-taggable: true + x-required-permissions: + create: + - memorydb:CreateACL + - memorydb:DescribeACLs + - memorydb:TagResource + - memorydb:ListTags + read: + - memorydb:DescribeACLs + - memorydb:ListTags + update: + - memorydb:UpdateACL + - memorydb:DescribeACLs + - memorydb:ListTags + - memorydb:TagResource + - memorydb:UntagResource + delete: + - memorydb:ModifyReplicationGroup + - memorydb:DeleteACL + - memorydb:DescribeACLs + list: + - memorydb:DescribeACLs + - memorydb:ListTags + Endpoint: + type: object + additionalProperties: false + properties: + Address: + description: The DNS address of the primary read-write node. + type: string + Port: + description: 'The port number that the engine is listening on. ' + type: integer + DataTieringStatus: + type: string + enum: + - 'true' + - 'false' + Cluster: + type: object + properties: + ClusterName: + description: The name of the cluster. This value must be unique as it also serves as the cluster identifier. + pattern: '[a-z][a-z0-9\-]*' + type: string + Description: + description: An optional description of the cluster. + type: string + Status: + description: The status of the cluster. For example, Available, Updating, Creating. + type: string + NodeType: + description: The compute and memory capacity of the nodes in the cluster. + type: string + NumShards: + description: The number of shards the cluster will contain. + type: integer + NumReplicasPerShard: + description: The number of replicas to apply to each shard. The limit is 5. + type: integer + SubnetGroupName: + description: The name of the subnet group to be used for the cluster. + type: string + SecurityGroupIds: + description: One or more Amazon VPC security groups associated with this cluster. + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + MaintenanceWindow: + description: Specifies the weekly time range during which maintenance on the cluster is performed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period. + type: string + ParameterGroupName: + description: The name of the parameter group associated with the cluster. + type: string + ParameterGroupStatus: + description: The status of the parameter group used by the cluster. + type: string + Port: + description: The port number on which each member of the cluster accepts connections. + type: integer + SnapshotRetentionLimit: + description: The number of days for which MemoryDB retains automatic snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, a snapshot that was taken today is retained for 5 days before being deleted. + type: integer + SnapshotWindow: + description: The daily time range (in UTC) during which MemoryDB begins taking a daily snapshot of your cluster. + type: string + ACLName: + description: The name of the Access Control List to associate with the cluster. + type: string + pattern: '[a-zA-Z][a-zA-Z0-9\-]*' + SnsTopicArn: + description: The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) topic to which notifications are sent. + type: string + SnsTopicStatus: + description: The status of the Amazon SNS notification topic. Notifications are sent only if the status is enabled. + type: string + TLSEnabled: + description: |- + A flag that enables in-transit encryption when set to true. + + You cannot modify the value of TransitEncryptionEnabled after the cluster is created. To enable in-transit encryption on a cluster you must set TransitEncryptionEnabled to true when you create a cluster. + type: boolean + DataTiering: + type: object + description: Enables data tiering. Data tiering is only supported for clusters using the r6gd node type. This parameter must be set when using r6gd nodes. + $ref: '#/components/schemas/DataTieringStatus' + KmsKeyId: + description: The ID of the KMS key used to encrypt the cluster. + type: string + SnapshotArns: + description: A list of Amazon Resource Names (ARN) that uniquely identify the RDB snapshot files stored in Amazon S3. The snapshot files are used to populate the new cluster. The Amazon S3 object name in the ARN cannot contain any commas. + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + SnapshotName: + description: The name of a snapshot from which to restore data into the new cluster. The snapshot status changes to restoring while the new cluster is being created. + type: string + FinalSnapshotName: + description: The user-supplied name of a final cluster snapshot. This is the unique name that identifies the snapshot. MemoryDB creates the snapshot, and then deletes the cluster immediately afterward. + type: string + ARN: + description: The Amazon Resource Name (ARN) of the cluster. + type: string + EngineVersion: + description: The Redis engine version used by the cluster. + type: string + ClusterEndpoint: + description: The cluster endpoint. + $ref: '#/components/schemas/Endpoint' + AutoMinorVersionUpgrade: + description: |- + A flag that enables automatic minor version upgrade when set to true. + + You cannot modify the value of AutoMinorVersionUpgrade after the cluster is created. To enable AutoMinorVersionUpgrade on a cluster you must set AutoMinorVersionUpgrade to true when you create a cluster. + type: boolean + Tags: + description: An array of key-value pairs to apply to this cluster. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - ClusterName + - NodeType + - ACLName + x-stackql-resource-name: cluster + description: The AWS::MemoryDB::Cluster resource creates an Amazon MemoryDB Cluster. + x-type-name: AWS::MemoryDB::Cluster + x-stackql-primary-identifier: + - ClusterName + x-create-only-properties: + - ClusterName + - TLSEnabled + - DataTiering + - KmsKeyId + - Port + - SubnetGroupName + - SnapshotArns + - SnapshotName + x-write-only-properties: + - SnapshotArns + - SnapshotName + - FinalSnapshotName + x-read-only-properties: + - Status + - ClusterEndpoint/Address + - ClusterEndpoint/Port + - ARN + - ParameterGroupStatus + x-required-properties: + - ClusterName + - NodeType + - ACLName + x-taggable: true + x-required-permissions: + create: + - memorydb:CreateCluster + - memorydb:DescribeClusters + - memorydb:ListTags + read: + - memorydb:DescribeClusters + - memorydb:ListTags + update: + - memorydb:UpdateCluster + - memorydb:DescribeClusters + - memorydb:ListTags + - memorydb:TagResource + - memorydb:UntagResource + delete: + - memorydb:DeleteCluster + - memorydb:DescribeClusters + list: + - memorydb:DescribeClusters + ParameterGroup: + type: object + properties: + ParameterGroupName: + description: The name of the parameter group. + type: string + Family: + description: The name of the parameter group family that this parameter group is compatible with. + type: string + Description: + description: A description of the parameter group. + type: string + Tags: + description: An array of key-value pairs to apply to this parameter group. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Parameters: + description: An map of parameter names and values for the parameter update. You must supply at least one parameter name and value; subsequent arguments are optional. + type: object + ARN: + description: The Amazon Resource Name (ARN) of the parameter group. + type: string + required: + - ParameterGroupName + - Family + x-stackql-resource-name: parameter_group + description: The AWS::MemoryDB::ParameterGroup resource creates an Amazon MemoryDB ParameterGroup. + x-type-name: AWS::MemoryDB::ParameterGroup + x-stackql-primary-identifier: + - ParameterGroupName + x-create-only-properties: + - ParameterGroupName + - Family + - Description + x-write-only-properties: + - Parameters + x-read-only-properties: + - ARN + x-required-properties: + - ParameterGroupName + - Family + x-taggable: true + x-required-permissions: + create: + - memorydb:CreateParameterGroup + - memorydb:DescribeParameterGroups + - memorydb:TagResource + - memorydb:ListTags + read: + - memorydb:DescribeParameterGroups + - memorydb:ListTags + update: + - memorydb:UpdateParameterGroup + - memorydb:DescribeParameterGroups + - memorydb:DescribeParameters + - memorydb:DescribeClusters + - memorydb:ListTags + - memorydb:TagResource + - memorydb:UntagResource + delete: + - memorydb:DeleteParameterGroup + list: + - memorydb:DescribeParameterGroups + SubnetGroup: + type: object + properties: + SubnetGroupName: + description: The name of the subnet group. This value must be unique as it also serves as the subnet group identifier. + pattern: '[a-z][a-z0-9\-]*' + type: string + Description: + description: An optional description of the subnet group. + type: string + SubnetIds: + description: A list of VPC subnet IDs for the subnet group. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Tags: + description: An array of key-value pairs to apply to this subnet group. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + ARN: + description: The Amazon Resource Name (ARN) of the subnet group. + type: string + required: + - SubnetGroupName + - SubnetIds + x-stackql-resource-name: subnet_group + description: The AWS::MemoryDB::SubnetGroup resource creates an Amazon MemoryDB Subnet Group. + x-type-name: AWS::MemoryDB::SubnetGroup + x-stackql-primary-identifier: + - SubnetGroupName + x-create-only-properties: + - SubnetGroupName + x-read-only-properties: + - ARN + x-required-properties: + - SubnetGroupName + - SubnetIds + x-taggable: true + x-required-permissions: + create: + - memorydb:CreateSubnetGroup + - memorydb:DescribeSubnetGroups + - memorydb:TagResource + - memorydb:ListTags + read: + - memorydb:DescribeSubnetGroups + - memorydb:ListTags + update: + - memorydb:UpdateSubnetGroup + - memorydb:DescribeSubnetGroups + - memorydb:ListTags + - memorydb:TagResource + - memorydb:UntagResource + delete: + - memorydb:DeleteSubnetGroup + - memorydb:DescribeSubnetGroups + list: + - memorydb:DescribeSubnetGroups + User: + type: object + properties: + Status: + description: Indicates the user status. Can be "active", "modifying" or "deleting". + type: string + UserName: + description: The name of the user. + pattern: '[a-z][a-z0-9\\-]*' + type: string + AccessString: + description: Access permissions string used for this user account. + type: string + AuthenticationMode: + type: object + properties: + Type: + type: string + description: Type of authentication strategy for this user. + enum: + - password + - iam + Passwords: + type: array + x-$comment: List of passwords. + uniqueItems: true + x-insertionOrder: true + maxItems: 2 + minItems: 1 + items: + type: string + description: Passwords used for this user account. You can create up to two passwords for each user. + additionalProperties: false + Arn: + description: The Amazon Resource Name (ARN) of the user account. + type: string + Tags: + description: An array of key-value pairs to apply to this user. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - UserName + x-stackql-resource-name: user + description: Resource Type definition for AWS::MemoryDB::User + x-type-name: AWS::MemoryDB::User + x-stackql-primary-identifier: + - UserName + x-create-only-properties: + - UserName + x-write-only-properties: + - AuthenticationMode + - AccessString + x-read-only-properties: + - Status + - Arn + x-required-properties: + - UserName + x-taggable: true + x-required-permissions: + create: + - memorydb:CreateUser + - memorydb:DescribeUsers + - memorydb:TagResource + - memorydb:ListTags + read: + - memorydb:DescribeUsers + - memorydb:ListTags + update: + - memorydb:UpdateUser + - memorydb:DescribeUsers + - memorydb:ListTags + - memorydb:TagResource + - memorydb:UntagResource + delete: + - memorydb:DeleteUser + - memorydb:DescribeUsers + list: + - memorydb:DescribeUsers + - memorydb:ListTags + x-stackQL-resources: + acls: + name: acls + id: aws.memorydb.acls + x-cfn-schema-name: ACL + x-type: list + x-identifiers: + - ACLName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ACLName') as acl_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MemoryDB::ACL' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ACLName') as acl_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MemoryDB::ACL' + AND region = 'us-east-1' + acl: + name: acl + id: aws.memorydb.acl + x-cfn-schema-name: ACL + x-type: get + x-identifiers: + - ACLName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.ACLName') as acl_name, + JSON_EXTRACT(Properties, '$.UserNames') as user_names, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MemoryDB::ACL' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'ACLName') as acl_name, + json_extract_path_text(Properties, 'UserNames') as user_names, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MemoryDB::ACL' + AND data__Identifier = '' + AND region = 'us-east-1' + clusters: + name: clusters + id: aws.memorydb.clusters + x-cfn-schema-name: Cluster + x-type: list + x-identifiers: + - ClusterName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MemoryDB::Cluster' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ClusterName') as cluster_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MemoryDB::Cluster' + AND region = 'us-east-1' + cluster: + name: cluster + id: aws.memorydb.cluster + x-cfn-schema-name: Cluster + x-type: get + x-identifiers: + - ClusterName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.NodeType') as node_type, + JSON_EXTRACT(Properties, '$.NumShards') as num_shards, + JSON_EXTRACT(Properties, '$.NumReplicasPerShard') as num_replicas_per_shard, + JSON_EXTRACT(Properties, '$.SubnetGroupName') as subnet_group_name, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.MaintenanceWindow') as maintenance_window, + JSON_EXTRACT(Properties, '$.ParameterGroupName') as parameter_group_name, + JSON_EXTRACT(Properties, '$.ParameterGroupStatus') as parameter_group_status, + JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.SnapshotRetentionLimit') as snapshot_retention_limit, + JSON_EXTRACT(Properties, '$.SnapshotWindow') as snapshot_window, + JSON_EXTRACT(Properties, '$.ACLName') as acl_name, + JSON_EXTRACT(Properties, '$.SnsTopicArn') as sns_topic_arn, + JSON_EXTRACT(Properties, '$.SnsTopicStatus') as sns_topic_status, + JSON_EXTRACT(Properties, '$.TLSEnabled') as tls_enabled, + JSON_EXTRACT(Properties, '$.DataTiering') as data_tiering, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.SnapshotArns') as snapshot_arns, + JSON_EXTRACT(Properties, '$.SnapshotName') as snapshot_name, + JSON_EXTRACT(Properties, '$.FinalSnapshotName') as final_snapshot_name, + JSON_EXTRACT(Properties, '$.ARN') as arn, + JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(Properties, '$.ClusterEndpoint') as cluster_endpoint, + JSON_EXTRACT(Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MemoryDB::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ClusterName') as cluster_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'NodeType') as node_type, + json_extract_path_text(Properties, 'NumShards') as num_shards, + json_extract_path_text(Properties, 'NumReplicasPerShard') as num_replicas_per_shard, + json_extract_path_text(Properties, 'SubnetGroupName') as subnet_group_name, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'MaintenanceWindow') as maintenance_window, + json_extract_path_text(Properties, 'ParameterGroupName') as parameter_group_name, + json_extract_path_text(Properties, 'ParameterGroupStatus') as parameter_group_status, + json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'SnapshotRetentionLimit') as snapshot_retention_limit, + json_extract_path_text(Properties, 'SnapshotWindow') as snapshot_window, + json_extract_path_text(Properties, 'ACLName') as acl_name, + json_extract_path_text(Properties, 'SnsTopicArn') as sns_topic_arn, + json_extract_path_text(Properties, 'SnsTopicStatus') as sns_topic_status, + json_extract_path_text(Properties, 'TLSEnabled') as tls_enabled, + json_extract_path_text(Properties, 'DataTiering') as data_tiering, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'SnapshotArns') as snapshot_arns, + json_extract_path_text(Properties, 'SnapshotName') as snapshot_name, + json_extract_path_text(Properties, 'FinalSnapshotName') as final_snapshot_name, + json_extract_path_text(Properties, 'ARN') as arn, + json_extract_path_text(Properties, 'EngineVersion') as engine_version, + json_extract_path_text(Properties, 'ClusterEndpoint') as cluster_endpoint, + json_extract_path_text(Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MemoryDB::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + parameter_groups: + name: parameter_groups + id: aws.memorydb.parameter_groups + x-cfn-schema-name: ParameterGroup + x-type: list + x-identifiers: + - ParameterGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ParameterGroupName') as parameter_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MemoryDB::ParameterGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ParameterGroupName') as parameter_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MemoryDB::ParameterGroup' + AND region = 'us-east-1' + parameter_group: + name: parameter_group + id: aws.memorydb.parameter_group + x-cfn-schema-name: ParameterGroup + x-type: get + x-identifiers: + - ParameterGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ParameterGroupName') as parameter_group_name, + JSON_EXTRACT(Properties, '$.Family') as family, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.ARN') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MemoryDB::ParameterGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ParameterGroupName') as parameter_group_name, + json_extract_path_text(Properties, 'Family') as family, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'ARN') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MemoryDB::ParameterGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + subnet_groups: + name: subnet_groups + id: aws.memorydb.subnet_groups + x-cfn-schema-name: SubnetGroup + x-type: list + x-identifiers: + - SubnetGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SubnetGroupName') as subnet_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MemoryDB::SubnetGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SubnetGroupName') as subnet_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MemoryDB::SubnetGroup' + AND region = 'us-east-1' + subnet_group: + name: subnet_group + id: aws.memorydb.subnet_group + x-cfn-schema-name: SubnetGroup + x-type: get + x-identifiers: + - SubnetGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SubnetGroupName') as subnet_group_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ARN') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MemoryDB::SubnetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SubnetGroupName') as subnet_group_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ARN') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MemoryDB::SubnetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + users: + name: users + id: aws.memorydb.users + x-cfn-schema-name: User + x-type: list + x-identifiers: + - UserName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.UserName') as user_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MemoryDB::User' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'UserName') as user_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MemoryDB::User' + AND region = 'us-east-1' + user: + name: user + id: aws.memorydb.user + x-cfn-schema-name: User + x-type: get + x-identifiers: + - UserName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.UserName') as user_name, + JSON_EXTRACT(Properties, '$.AccessString') as access_string, + JSON_EXTRACT(Properties, '$.AuthenticationMode') as authentication_mode, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MemoryDB::User' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'UserName') as user_name, + json_extract_path_text(Properties, 'AccessString') as access_string, + json_extract_path_text(Properties, 'AuthenticationMode') as authentication_mode, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MemoryDB::User' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/msk.yaml b/providers/src/aws/v00.00.00000/services/msk.yaml new file mode 100644 index 00000000..08234905 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/msk.yaml @@ -0,0 +1,1580 @@ +openapi: 3.0.0 +info: + title: MSK + version: 1.0.0 +paths: {} +components: + schemas: + SecretArnList: + type: array + x-insertionOrder: false + items: + type: string + BatchScramSecret: + type: object + properties: + ClusterArn: + type: string + SecretArnList: + $ref: '#/components/schemas/SecretArnList' + required: + - ClusterArn + x-stackql-resource-name: batch_scram_secret + description: Resource Type definition for AWS::MSK::BatchScramSecret + x-type-name: AWS::MSK::BatchScramSecret + x-stackql-primary-identifier: + - ClusterArn + x-create-only-properties: + - ClusterArn + x-required-properties: + - ClusterArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - kafka:BatchAssociateScramSecret + - kafka:ListScramSecrets + - kms:CreateGrant + - kms:DescribeKey + - secretsmanager:GetSecretValue + delete: + - kafka:BatchDisassociateScramSecret + - kafka:ListScramSecrets + - kms:CreateGrant + - kms:DescribeKey + list: + - kafka:ListScramSecrets + - kms:CreateGrant + - kms:DescribeKey + - secretsmanager:GetSecretValue + read: + - kafka:ListScramSecrets + - kms:CreateGrant + - kms:DescribeKey + - secretsmanager:GetSecretValue + update: + - kafka:BatchAssociateScramSecret + - kafka:BatchDisassociateScramSecret + - kafka:ListScramSecrets + - kms:CreateGrant + - kms:DescribeKey + - secretsmanager:GetSecretValue + S3: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + Prefix: + type: string + Bucket: + type: string + required: + - Enabled + BrokerLogs: + type: object + additionalProperties: false + properties: + S3: + $ref: '#/components/schemas/S3' + CloudWatchLogs: + $ref: '#/components/schemas/CloudWatchLogs' + Firehose: + $ref: '#/components/schemas/Firehose' + NodeExporter: + type: object + additionalProperties: false + properties: + EnabledInBroker: + type: boolean + required: + - EnabledInBroker + EncryptionInfo: + type: object + additionalProperties: false + properties: + EncryptionAtRest: + $ref: '#/components/schemas/EncryptionAtRest' + EncryptionInTransit: + $ref: '#/components/schemas/EncryptionInTransit' + Firehose: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + DeliveryStream: + type: string + required: + - Enabled + OpenMonitoring: + type: object + additionalProperties: false + properties: + Prometheus: + $ref: '#/components/schemas/Prometheus' + required: + - Prometheus + Prometheus: + type: object + additionalProperties: false + properties: + JmxExporter: + $ref: '#/components/schemas/JmxExporter' + NodeExporter: + $ref: '#/components/schemas/NodeExporter' + CloudWatchLogs: + type: object + additionalProperties: false + properties: + LogGroup: + type: string + Enabled: + type: boolean + required: + - Enabled + EBSStorageInfo: + type: object + additionalProperties: false + properties: + VolumeSize: + type: integer + minimum: 1 + maximum: 16384 + ProvisionedThroughput: + $ref: '#/components/schemas/ProvisionedThroughput' + ProvisionedThroughput: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + VolumeThroughput: + type: integer + PublicAccess: + type: object + additionalProperties: false + properties: + Type: + type: string + minLength: 7 + maxLength: 23 + VpcConnectivity: + type: object + additionalProperties: false + properties: + ClientAuthentication: + $ref: '#/components/schemas/VpcConnectivityClientAuthentication' + ConfigurationInfo: + type: object + additionalProperties: false + properties: + Revision: + type: integer + Arn: + type: string + required: + - Revision + - Arn + BrokerNodeGroupInfo: + type: object + additionalProperties: false + properties: + StorageInfo: + $ref: '#/components/schemas/StorageInfo' + ConnectivityInfo: + $ref: '#/components/schemas/ConnectivityInfo' + SecurityGroups: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + BrokerAZDistribution: + type: string + minLength: 6 + maxLength: 9 + ClientSubnets: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + InstanceType: + type: string + minLength: 5 + maxLength: 32 + required: + - ClientSubnets + - InstanceType + EncryptionAtRest: + type: object + additionalProperties: false + properties: + DataVolumeKMSKeyId: + type: string + required: + - DataVolumeKMSKeyId + JmxExporter: + type: object + additionalProperties: false + properties: + EnabledInBroker: + type: boolean + required: + - EnabledInBroker + StorageInfo: + type: object + additionalProperties: false + properties: + EBSStorageInfo: + $ref: '#/components/schemas/EBSStorageInfo' + ConnectivityInfo: + type: object + additionalProperties: false + properties: + PublicAccess: + $ref: '#/components/schemas/PublicAccess' + VpcConnectivity: + $ref: '#/components/schemas/VpcConnectivity' + VpcConnectivityTls: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + required: + - Enabled + VpcConnectivitySasl: + type: object + additionalProperties: false + properties: + Scram: + $ref: '#/components/schemas/VpcConnectivityScram' + Iam: + $ref: '#/components/schemas/VpcConnectivityIam' + VpcConnectivityScram: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + required: + - Enabled + VpcConnectivityIam: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + required: + - Enabled + Tls: + type: object + additionalProperties: false + properties: + CertificateAuthorityArnList: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + Enabled: + type: boolean + Sasl: + type: object + additionalProperties: false + properties: + Iam: + $ref: '#/components/schemas/Iam' + required: + - Iam + Scram: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + required: + - Enabled + Iam: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + required: + - Enabled + Unauthenticated: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + required: + - Enabled + ClientAuthentication: + type: object + properties: + Sasl: + $ref: '#/components/schemas/Sasl' + additionalProperties: false + required: + - Sasl + VpcConnectivityClientAuthentication: + type: object + additionalProperties: false + properties: + Tls: + $ref: '#/components/schemas/VpcConnectivityTls' + Sasl: + $ref: '#/components/schemas/VpcConnectivitySasl' + LoggingInfo: + type: object + additionalProperties: false + properties: + BrokerLogs: + $ref: '#/components/schemas/BrokerLogs' + required: + - BrokerLogs + EncryptionInTransit: + type: object + additionalProperties: false + properties: + InCluster: + type: boolean + ClientBroker: + type: string + enum: + - TLS + - TLS_PLAINTEXT + - PLAINTEXT + Cluster: + type: object + properties: + BrokerNodeGroupInfo: + $ref: '#/components/schemas/BrokerNodeGroupInfo' + EnhancedMonitoring: + type: string + minLength: 7 + maxLength: 23 + enum: + - DEFAULT + - PER_BROKER + - PER_TOPIC_PER_BROKER + - PER_TOPIC_PER_PARTITION + KafkaVersion: + type: string + minLength: 1 + maxLength: 128 + NumberOfBrokerNodes: + type: integer + EncryptionInfo: + $ref: '#/components/schemas/EncryptionInfo' + OpenMonitoring: + $ref: '#/components/schemas/OpenMonitoring' + ClusterName: + type: string + minLength: 1 + maxLength: 64 + Arn: + type: string + CurrentVersion: + description: The current version of the MSK cluster + type: string + ClientAuthentication: + $ref: '#/components/schemas/ClientAuthentication' + LoggingInfo: + $ref: '#/components/schemas/LoggingInfo' + Tags: + type: object + description: A key-value pair to associate with a resource. + x-patternProperties: + ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$: + type: string + additionalProperties: false + ConfigurationInfo: + $ref: '#/components/schemas/ConfigurationInfo' + StorageMode: + type: string + minLength: 5 + maxLength: 6 + enum: + - LOCAL + - TIERED + required: + - BrokerNodeGroupInfo + - KafkaVersion + - NumberOfBrokerNodes + - ClusterName + x-stackql-resource-name: cluster + description: Resource Type definition for AWS::MSK::Cluster + x-type-name: AWS::MSK::Cluster + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - BrokerNodeGroupInfo/BrokerAZDistribution + - BrokerNodeGroupInfo/ClientSubnets + - BrokerNodeGroupInfo/SecurityGroups + - EncryptionInfo/EncryptionAtRest + - EncryptionInfo/EncryptionInTransit/InCluster + - ClusterName + x-read-only-properties: + - Arn + x-required-properties: + - BrokerNodeGroupInfo + - KafkaVersion + - NumberOfBrokerNodes + - ClusterName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcs + - iam:AttachRolePolicy + - iam:CreateServiceLinkedRole + - iam:PutRolePolicy + - kms:CreateGrant + - kms:DescribeKey + - kafka:CreateCluster + - kafka:DescribeCluster + - kafka:TagResource + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - firehose:TagDeliveryStream + - acm-pca:GetCertificateAuthorityCertificate + update: + - kafka:UpdateMonitoring + - kafka:UpdateClusterKafkaVersion + - kafka:UpdateClusterConfiguration + - kafka:UpdateBrokerType + - kafka:UpdateBrokerCount + - kafka:UpdateBrokerStorage + - kafka:UpdateStorage + - kafka:UpdateSecurity + - kafka:UpdateConnectivity + - kafka:DescribeCluster + - kafka:DescribeClusterOperation + - kafka:TagResource + - kafka:UntagResource + - ec2:DescribeSubnets + - ec2:DescribeVpcs + - ec2:DescribeSecurityGroups + - iam:AttachRolePolicy + - iam:CreateServiceLinkedRole + - iam:PutRolePolicy + - kms:DescribeKey + - kms:CreateGrant + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - s3:GetBucketPolicy + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - firehose:TagDeliveryStream + - acm-pca:GetCertificateAuthorityCertificate + delete: + - kafka:DeleteCluster + - kafka:DescribeCluster + list: + - kafka:ListClusters + read: + - kafka:DescribeCluster + ClusterPolicy: + type: object + properties: + Policy: + description: A policy document containing permissions to add to the specified cluster. + type: object + ClusterArn: + description: The arn of the cluster for the resource policy. + type: string + pattern: ^arn:[\w-]+:kafka:[\w-]+:\d+:cluster.*\Z + CurrentVersion: + description: The current version of the policy attached to the specified cluster + type: string + pattern: ^(K)([a-zA-Z0-9]+)\Z + required: + - Policy + - ClusterArn + x-stackql-resource-name: cluster_policy + description: Resource Type definition for AWS::MSK::ClusterPolicy + x-type-name: AWS::MSK::ClusterPolicy + x-stackql-primary-identifier: + - ClusterArn + x-create-only-properties: + - ClusterArn + x-read-only-properties: + - CurrentVersion + x-required-properties: + - Policy + - ClusterArn + x-tagging: + taggable: false + x-required-permissions: + create: + - kafka:PutClusterPolicy + - kafka:GetClusterPolicy + read: + - kafka:GetClusterPolicy + list: + - kafka:GetClusterPolicy + update: + - kafka:PutClusterPolicy + - kafka:GetClusterPolicy + delete: + - kafka:DeleteClusterPolicy + - kafka:GetClusterPolicy + KafkaVersionsList: + type: array + x-insertionOrder: false + items: + type: string + LatestRevision: + type: object + additionalProperties: false + properties: + CreationTime: + type: string + Description: + type: string + Revision: + type: integer + Configuration: + type: object + properties: + Name: + type: string + Description: + type: string + ServerProperties: + type: string + KafkaVersionsList: + $ref: '#/components/schemas/KafkaVersionsList' + Arn: + type: string + LatestRevision: + $ref: '#/components/schemas/LatestRevision' + required: + - ServerProperties + - Name + x-stackql-resource-name: configuration + description: Resource Type definition for AWS::MSK::Configuration + x-type-name: AWS::MSK::Configuration + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - KafkaVersionsList + - Name + x-write-only-properties: + - ServerProperties + x-read-only-properties: + - Arn + - LatestRevision/CreationTime + - LatestRevision/Revision + - LatestRevision/Description + x-required-properties: + - ServerProperties + - Name + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - kafka:CreateConfiguration + - Kafka:DescribeConfiguration + delete: + - kafka:DeleteConfiguration + - kafka:DescribeConfiguration + list: + - kafka:ListConfigurations + read: + - kafka:DescribeConfiguration + update: + - kafka:UpdateConfiguration + - kafka:DescribeConfiguration + Tag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + maxLength: 256 + required: + - Value + - Key + additionalProperties: false + TopicReplication: + type: object + additionalProperties: false + properties: + TopicsToReplicate: + description: List of regular expression patterns indicating the topics to copy. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + maxItems: 100 + items: + type: string + maxLength: 249 + TopicsToExclude: + description: List of regular expression patterns indicating the topics that should not be replicated. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + maxItems: 100 + items: + type: string + maxLength: 249 + CopyTopicConfigurations: + description: Whether to periodically configure remote topics to match their corresponding upstream topics. + type: boolean + CopyAccessControlListsForTopics: + description: Whether to periodically configure remote topic ACLs to match their corresponding upstream topics. + type: boolean + DetectAndCopyNewTopics: + description: Whether to periodically check for new topics and partitions. + type: boolean + StartingPosition: + description: Configuration for specifying the position in the topics to start replicating from. + $ref: '#/components/schemas/ReplicationStartingPosition' + required: + - TopicsToReplicate + ReplicationStartingPosition: + description: Configuration for specifying the position in the topics to start replicating from. + type: object + additionalProperties: false + properties: + Type: + $ref: '#/components/schemas/ReplicationStartingPositionType' + required: [] + ReplicationStartingPositionType: + description: The type of replication starting position. + type: string + enum: + - LATEST + - EARLIEST + ConsumerGroupReplication: + description: Configuration relating to consumer group replication. + type: object + additionalProperties: false + properties: + ConsumerGroupsToReplicate: + description: List of regular expression patterns indicating the consumer groups to copy. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 100 + items: + type: string + maxLength: 256 + ConsumerGroupsToExclude: + description: List of regular expression patterns indicating the consumer groups that should not be replicated. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + maxItems: 100 + items: + type: string + maxLength: 256 + SynchroniseConsumerGroupOffsets: + description: Whether to periodically write the translated offsets to __consumer_offsets topic in target cluster. + type: boolean + DetectAndCopyNewConsumerGroups: + description: Whether to periodically check for new consumer groups. + type: boolean + required: + - ConsumerGroupsToReplicate + ReplicationInfo: + description: Specifies configuration for replication between a source and target Kafka cluster. + type: object + additionalProperties: false + properties: + SourceKafkaClusterArn: + description: Amazon Resource Name of the source Kafka cluster. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn):kafka:.* + TargetKafkaClusterArn: + description: Amazon Resource Name of the target Kafka cluster. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn):kafka:.* + TargetCompressionType: + description: The type of compression to use writing records to target Kafka cluster. + type: string + enum: + - NONE + - GZIP + - SNAPPY + - LZ4 + - ZSTD + TopicReplication: + description: Configuration relating to topic replication. + $ref: '#/components/schemas/TopicReplication' + ConsumerGroupReplication: + description: Configuration relating to consumer group replication. + $ref: '#/components/schemas/ConsumerGroupReplication' + required: + - SourceKafkaClusterArn + - TargetKafkaClusterArn + - TopicReplication + - ConsumerGroupReplication + - TargetCompressionType + AmazonMskCluster: + description: Details of an Amazon MSK cluster. + type: object + additionalProperties: false + properties: + MskClusterArn: + description: The ARN of an Amazon MSK cluster. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn):kafka:.* + required: + - MskClusterArn + KafkaClusterClientVpcConfig: + description: Details of an Amazon VPC which has network connectivity to the Kafka cluster. + type: object + additionalProperties: false + properties: + SecurityGroupIds: + description: The AWS security groups to associate with the elastic network interfaces in order to specify what the replicator has access to. If a security group is not specified, the default security group associated with the VPC is used. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + maxItems: 16 + items: + type: string + SubnetIds: + description: The list of subnets to connect to in the virtual private cloud (VPC). AWS creates elastic network interfaces inside these subnets. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 2 + maxItems: 3 + items: + type: string + required: + - SubnetIds + KafkaCluster: + description: Details of a Kafka cluster for replication. + type: object + additionalProperties: false + properties: + AmazonMskCluster: + description: Details of an Amazon MSK cluster. Exactly one of AmazonMskCluster is required. + $ref: '#/components/schemas/AmazonMskCluster' + VpcConfig: + description: Details of an Amazon VPC which has network connectivity to the Apache Kafka cluster. + $ref: '#/components/schemas/KafkaClusterClientVpcConfig' + required: + - AmazonMskCluster + - VpcConfig + Replicator: + type: object + properties: + ReplicatorArn: + description: Amazon Resource Name for the created replicator. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn):kafka:.* + ReplicatorName: + description: The name of the replicator. + type: string + minLength: 1 + maxLength: 128 + pattern: ^[0-9A-Za-z][0-9A-Za-z-]{0,}$ + CurrentVersion: + description: The current version of the MSK replicator. + type: string + Description: + description: A summary description of the replicator. + type: string + maxLength: 1024 + KafkaClusters: + description: Specifies a list of Kafka clusters which are targets of the replicator. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 2 + maxItems: 2 + items: + $ref: '#/components/schemas/KafkaCluster' + ReplicationInfoList: + description: A list of replication configurations, where each configuration targets a given source cluster to target cluster replication flow. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + maxItems: 1 + items: + $ref: '#/components/schemas/ReplicationInfo' + ServiceExecutionRoleArn: + description: The Amazon Resource Name (ARN) of the IAM role used by the replicator to access external resources. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn):iam:.* + Tags: + description: A collection of tags associated with a resource + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - ReplicatorName + - ReplicationInfoList + - KafkaClusters + - ServiceExecutionRoleArn + x-stackql-resource-name: replicator + description: Resource Type definition for AWS::MSK::Replicator + x-type-name: AWS::MSK::Replicator + x-stackql-primary-identifier: + - ReplicatorArn + x-stackql-additional-identifiers: + - - ReplicatorName + x-create-only-properties: + - ReplicatorName + - Description + - KafkaClusters + - ServiceExecutionRoleArn + - ReplicationInfoList/-/TopicReplication/StartingPosition/Type + x-read-only-properties: + - ReplicatorArn + x-required-properties: + - ReplicatorName + - ReplicationInfoList + - KafkaClusters + - ServiceExecutionRoleArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateNetworkInterface + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcs + - iam:CreateServiceLinkedRole + - iam:PassRole + - kafka:CreateReplicator + - kafka:CreateReplicatorReference + - kafka:DescribeClusterV2 + - kafka:DescribeReplicator + - kafka:GetBootstrapBrokers + - kafka:ListTagsForResource + - kafka:TagResource + read: + - kafka:DescribeReplicator + - kafka:ListTagsForResource + update: + - kafka:DescribeReplicator + - kafka:ListTagsForResource + - kafka:TagResource + - kafka:UntagResource + - kafka:UpdateReplicationInfo + delete: + - kafka:DeleteReplicator + - kafka:DescribeReplicator + - kafka:ListTagsForResource + - kafka:UntagResource + list: + - kafka:ListReplicators + VpcConfig: + type: object + additionalProperties: false + properties: + SecurityGroups: + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + SubnetIds: + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + required: + - SubnetIds + ServerlessCluster: + type: object + properties: + Arn: + type: string + ClusterName: + type: string + minLength: 1 + maxLength: 64 + VpcConfigs: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/VpcConfig' + ClientAuthentication: + $ref: '#/components/schemas/ClientAuthentication' + Tags: + type: object + description: A key-value pair to associate with a resource. + x-patternProperties: + ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$: + type: string + additionalProperties: false + required: + - ClusterName + - VpcConfigs + - ClientAuthentication + x-stackql-resource-name: serverless_cluster + description: Resource Type definition for AWS::MSK::ServerlessCluster + x-type-name: AWS::MSK::ServerlessCluster + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - ClusterName + - VpcConfigs + - ClientAuthentication + - Tags + x-read-only-properties: + - Arn + x-required-properties: + - ClusterName + - VpcConfigs + - ClientAuthentication + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - kafka:CreateClusterV2 + - kafka:TagResource + - kafka:DescribeClusterV2 + - ec2:CreateVpcEndpoint + - ec2:CreateTags + - ec2:DescribeVpcAttribute + - ec2:DescribeSubnets + - ec2:DescribeVpcEndpoints + - ec2:DescribeVpcs + - ec2:DescribeSecurityGroups + read: + - kafka:DescribeClusterV2 + delete: + - kafka:DeleteCluster + - kafka:DescribeClusterV2 + - ec2:DeleteVpcEndpoints + list: + - kafka:ListClustersV2 + Authentication: + type: string + description: The type of private link authentication + minLength: 3 + maxLength: 10 + enum: + - SASL_IAM + - SASL_SCRAM + - TLS + ClientSubnets: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + pattern: ^(subnet-)([a-z0-9]+)\Z + SecurityGroups: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + pattern: ^(sg-)([a-z0-9]+)\Z + Tags: + type: object + description: A key-value pair to associate with a resource. + x-patternProperties: + ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$: + type: string + additionalProperties: false + VpcId: + type: string + pattern: ^(vpc-)([a-z0-9]+)\Z + VpcConnection: + type: object + properties: + Arn: + type: string + Authentication: + $ref: '#/components/schemas/Authentication' + ClientSubnets: + $ref: '#/components/schemas/ClientSubnets' + TargetClusterArn: + description: The Amazon Resource Name (ARN) of the target cluster + type: string + pattern: ^arn:[\w-]+:kafka:[\w-]+:\d+:cluster.*\Z + SecurityGroups: + $ref: '#/components/schemas/SecurityGroups' + Tags: + $ref: '#/components/schemas/Tags' + VpcId: + $ref: '#/components/schemas/VpcId' + required: + - Authentication + - ClientSubnets + - SecurityGroups + - TargetClusterArn + - VpcId + x-stackql-resource-name: vpc_connection + description: Resource Type definition for AWS::MSK::VpcConnection + x-type-name: AWS::MSK::VpcConnection + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - ClientSubnets + - Authentication + - SecurityGroups + - TargetClusterArn + - VpcId + x-read-only-properties: + - Arn + x-required-properties: + - Authentication + - ClientSubnets + - SecurityGroups + - TargetClusterArn + - VpcId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ec2:CreateVpcEndpoint + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcAttribute + - ec2:DescribeVpcs + - ec2:DescribeVpcEndpoints + - ec2:AcceptVpcEndpointConnections + - ec2:RejectVpcEndpointConnections + - ec2:DescribeVpcEndpointConnections + - ec2:CreateTags + - iam:AttachRolePolicy + - iam:CreateServiceLinkedRole + - iam:PutRolePolicy + - kafka:CreateVpcConnection + - kafka:DescribeVpcConnection + - kafka:TagResource + - kms:CreateGrant + - kms:DescribeKey + read: + - kafka:DescribeVpcConnection + - kms:CreateGrant + - kms:DescribeKey + update: + - kafka:DescribeVpcConnection + - kms:CreateGrant + - kms:DescribeKey + - kafka:TagResource + - kafka:UntagResource + delete: + - ec2:DeleteVpcEndpoint + - ec2:DeleteVpcEndpoints + - ec2:DescribeVpcEndpoints + - ec2:DescribeVpcEndpointConnections + - kafka:DeleteVpcConnection + - kafka:DescribeVpcConnection + - kms:CreateGrant + - kms:DescribeKey + list: + - kafka:ListVpcConnections + - kms:CreateGrant + - kms:DescribeKey + x-stackQL-resources: + batch_scram_secrets: + name: batch_scram_secrets + id: aws.msk.batch_scram_secrets + x-cfn-schema-name: BatchScramSecret + x-type: list + x-identifiers: + - ClusterArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ClusterArn') as cluster_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MSK::BatchScramSecret' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ClusterArn') as cluster_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MSK::BatchScramSecret' + AND region = 'us-east-1' + batch_scram_secret: + name: batch_scram_secret + id: aws.msk.batch_scram_secret + x-cfn-schema-name: BatchScramSecret + x-type: get + x-identifiers: + - ClusterArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ClusterArn') as cluster_arn, + JSON_EXTRACT(Properties, '$.SecretArnList') as secret_arn_list + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MSK::BatchScramSecret' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ClusterArn') as cluster_arn, + json_extract_path_text(Properties, 'SecretArnList') as secret_arn_list + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MSK::BatchScramSecret' + AND data__Identifier = '' + AND region = 'us-east-1' + clusters: + name: clusters + id: aws.msk.clusters + x-cfn-schema-name: Cluster + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MSK::Cluster' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MSK::Cluster' + AND region = 'us-east-1' + cluster: + name: cluster + id: aws.msk.cluster + x-cfn-schema-name: Cluster + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.BrokerNodeGroupInfo') as broker_node_group_info, + JSON_EXTRACT(Properties, '$.EnhancedMonitoring') as enhanced_monitoring, + JSON_EXTRACT(Properties, '$.KafkaVersion') as kafka_version, + JSON_EXTRACT(Properties, '$.NumberOfBrokerNodes') as number_of_broker_nodes, + JSON_EXTRACT(Properties, '$.EncryptionInfo') as encryption_info, + JSON_EXTRACT(Properties, '$.OpenMonitoring') as open_monitoring, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CurrentVersion') as current_version, + JSON_EXTRACT(Properties, '$.ClientAuthentication') as client_authentication, + JSON_EXTRACT(Properties, '$.LoggingInfo') as logging_info, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ConfigurationInfo') as configuration_info, + JSON_EXTRACT(Properties, '$.StorageMode') as storage_mode + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MSK::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'BrokerNodeGroupInfo') as broker_node_group_info, + json_extract_path_text(Properties, 'EnhancedMonitoring') as enhanced_monitoring, + json_extract_path_text(Properties, 'KafkaVersion') as kafka_version, + json_extract_path_text(Properties, 'NumberOfBrokerNodes') as number_of_broker_nodes, + json_extract_path_text(Properties, 'EncryptionInfo') as encryption_info, + json_extract_path_text(Properties, 'OpenMonitoring') as open_monitoring, + json_extract_path_text(Properties, 'ClusterName') as cluster_name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CurrentVersion') as current_version, + json_extract_path_text(Properties, 'ClientAuthentication') as client_authentication, + json_extract_path_text(Properties, 'LoggingInfo') as logging_info, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ConfigurationInfo') as configuration_info, + json_extract_path_text(Properties, 'StorageMode') as storage_mode + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MSK::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + cluster_policies: + name: cluster_policies + id: aws.msk.cluster_policies + x-cfn-schema-name: ClusterPolicy + x-type: list + x-identifiers: + - ClusterArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ClusterArn') as cluster_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MSK::ClusterPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ClusterArn') as cluster_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MSK::ClusterPolicy' + AND region = 'us-east-1' + cluster_policy: + name: cluster_policy + id: aws.msk.cluster_policy + x-cfn-schema-name: ClusterPolicy + x-type: get + x-identifiers: + - ClusterArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Policy') as policy, + JSON_EXTRACT(Properties, '$.ClusterArn') as cluster_arn, + JSON_EXTRACT(Properties, '$.CurrentVersion') as current_version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MSK::ClusterPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Policy') as policy, + json_extract_path_text(Properties, 'ClusterArn') as cluster_arn, + json_extract_path_text(Properties, 'CurrentVersion') as current_version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MSK::ClusterPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + configurations: + name: configurations + id: aws.msk.configurations + x-cfn-schema-name: Configuration + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MSK::Configuration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MSK::Configuration' + AND region = 'us-east-1' + configuration: + name: configuration + id: aws.msk.configuration + x-cfn-schema-name: Configuration + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ServerProperties') as server_properties, + JSON_EXTRACT(Properties, '$.KafkaVersionsList') as kafka_versions_list, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.LatestRevision') as latest_revision + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MSK::Configuration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ServerProperties') as server_properties, + json_extract_path_text(Properties, 'KafkaVersionsList') as kafka_versions_list, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'LatestRevision') as latest_revision + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MSK::Configuration' + AND data__Identifier = '' + AND region = 'us-east-1' + replicators: + name: replicators + id: aws.msk.replicators + x-cfn-schema-name: Replicator + x-type: list + x-identifiers: + - ReplicatorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ReplicatorArn') as replicator_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MSK::Replicator' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ReplicatorArn') as replicator_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MSK::Replicator' + AND region = 'us-east-1' + replicator: + name: replicator + id: aws.msk.replicator + x-cfn-schema-name: Replicator + x-type: get + x-identifiers: + - ReplicatorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ReplicatorArn') as replicator_arn, + JSON_EXTRACT(Properties, '$.ReplicatorName') as replicator_name, + JSON_EXTRACT(Properties, '$.CurrentVersion') as current_version, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.KafkaClusters') as kafka_clusters, + JSON_EXTRACT(Properties, '$.ReplicationInfoList') as replication_info_list, + JSON_EXTRACT(Properties, '$.ServiceExecutionRoleArn') as service_execution_role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MSK::Replicator' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ReplicatorArn') as replicator_arn, + json_extract_path_text(Properties, 'ReplicatorName') as replicator_name, + json_extract_path_text(Properties, 'CurrentVersion') as current_version, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'KafkaClusters') as kafka_clusters, + json_extract_path_text(Properties, 'ReplicationInfoList') as replication_info_list, + json_extract_path_text(Properties, 'ServiceExecutionRoleArn') as service_execution_role_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MSK::Replicator' + AND data__Identifier = '' + AND region = 'us-east-1' + serverless_clusters: + name: serverless_clusters + id: aws.msk.serverless_clusters + x-cfn-schema-name: ServerlessCluster + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MSK::ServerlessCluster' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MSK::ServerlessCluster' + AND region = 'us-east-1' + serverless_cluster: + name: serverless_cluster + id: aws.msk.serverless_cluster + x-cfn-schema-name: ServerlessCluster + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(Properties, '$.VpcConfigs') as vpc_configs, + JSON_EXTRACT(Properties, '$.ClientAuthentication') as client_authentication, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MSK::ServerlessCluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ClusterName') as cluster_name, + json_extract_path_text(Properties, 'VpcConfigs') as vpc_configs, + json_extract_path_text(Properties, 'ClientAuthentication') as client_authentication, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MSK::ServerlessCluster' + AND data__Identifier = '' + AND region = 'us-east-1' + vpc_connections: + name: vpc_connections + id: aws.msk.vpc_connections + x-cfn-schema-name: VpcConnection + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MSK::VpcConnection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MSK::VpcConnection' + AND region = 'us-east-1' + vpc_connection: + name: vpc_connection + id: aws.msk.vpc_connection + x-cfn-schema-name: VpcConnection + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Authentication') as authentication, + JSON_EXTRACT(Properties, '$.ClientSubnets') as client_subnets, + JSON_EXTRACT(Properties, '$.TargetClusterArn') as target_cluster_arn, + JSON_EXTRACT(Properties, '$.SecurityGroups') as security_groups, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MSK::VpcConnection' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Authentication') as authentication, + json_extract_path_text(Properties, 'ClientSubnets') as client_subnets, + json_extract_path_text(Properties, 'TargetClusterArn') as target_cluster_arn, + json_extract_path_text(Properties, 'SecurityGroups') as security_groups, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MSK::VpcConnection' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/mwaa.yaml b/providers/src/aws/v00.00.00000/services/mwaa.yaml new file mode 100644 index 00000000..fbac7098 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/mwaa.yaml @@ -0,0 +1,507 @@ +openapi: 3.0.0 +info: + title: MWAA + version: 1.0.0 +paths: {} +components: + schemas: + EnvironmentName: + type: string + description: Customer-defined identifier for the environment, unique per customer region. + minLength: 1 + maxLength: 80 + pattern: ^[a-zA-Z][0-9a-zA-Z\-_]*$ + EnvironmentStatus: + type: string + description: The status of the environment. + enum: + - CREATING + - CREATE_FAILED + - AVAILABLE + - UPDATING + - DELETING + - DELETED + - UPDATE_FAILED + - UNAVAILABLE + - PENDING + UpdateStatus: + type: string + description: '' + enum: + - SUCCESS + - PENDING + - FAILED + UpdateError: + type: object + description: The error associated with an update request. + additionalProperties: false + properties: + ErrorCode: + $ref: '#/components/schemas/ErrorCode' + ErrorMessage: + $ref: '#/components/schemas/ErrorMessage' + AirflowArn: + type: string + description: '' + minLength: 1 + maxLength: 1224 + pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:airflow:[a-z0-9\-]+:\d{12}:environment/\w+ + EnvironmentArn: + type: string + description: ARN for the MWAA environment. + minLength: 1 + maxLength: 1224 + pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:airflow:[a-z0-9\-]+:\d{12}:environment/\w+ + S3BucketArn: + type: string + description: ARN for the AWS S3 bucket to use as the source of DAGs and plugins for the environment. + minLength: 1 + maxLength: 1224 + pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:s3:::[a-z0-9.\-]+$ + CreatedAt: + type: string + description: When the environment resource was created. + UpdateCreatedAt: + type: string + description: When the update request was created. + WebserverUrl: + type: string + description: Url endpoint for the environment's Airflow UI. + minLength: 1 + maxLength: 256 + pattern: ^https://.+$ + ExecutionRoleArn: + type: string + description: IAM role to be used by tasks. + maxLength: 1224 + pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + ServiceRoleArn: + type: string + description: IAM role to be used by MWAA to perform AWS API calls on behalf of the customer. + maxLength: 1224 + pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + KmsKey: + type: string + description: |- + The identifier of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use for MWAA data encryption. + + You can specify the CMK using any of the following: + + Key ID. For example, key/1234abcd-12ab-34cd-56ef-1234567890ab. + + Key alias. For example, alias/ExampleAlias. + + Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. + + Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + + AWS authenticates the CMK asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails. + maxLength: 1224 + pattern: ^(((arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:kms:[a-z]{2}-[a-z]+-\d:\d+:)?key\/)?[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|(arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):kms:[a-z]{2}-[a-z]+-\d:\d+:)?alias/.+)$ + AirflowVersion: + type: string + description: Version of airflow to deploy to the environment. + maxLength: 32 + pattern: ^[0-9a-z.]+$ + RelativePath: + type: string + description: Represents an S3 prefix relative to the root of an S3 bucket. + maxLength: 1024 + pattern: .* + ConfigKey: + type: string + description: '' + maxLength: 64 + pattern: ^[a-z]+([a-z._]*[a-z]+)?$ + ConfigValue: + type: string + description: '' + maxLength: 256 + pattern: .* + SecurityGroupId: + type: string + description: '' + minLength: 1 + maxLength: 1024 + pattern: ^sg-[a-zA-Z0-9\-._]+$ + SubnetId: + type: string + description: '' + maxLength: 1024 + pattern: ^subnet-[a-zA-Z0-9\-._]+$ + CloudWatchLogGroupArn: + type: string + description: '' + maxLength: 1224 + pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:logs:[a-z0-9\-]+:\d{12}:log-group:\w+ + LoggingEnabled: + type: boolean + description: '' + LoggingLevel: + type: string + description: '' + enum: + - CRITICAL + - ERROR + - WARNING + - INFO + - DEBUG + EnvironmentClass: + type: string + description: Templated configuration for airflow processes and backing infrastructure. + minLength: 1 + maxLength: 1024 + MaxWorkers: + type: integer + description: Maximum worker compute units. + minimum: 1 + MinWorkers: + type: integer + description: Minimum worker compute units. + minimum: 1 + Schedulers: + type: integer + description: Scheduler compute units. + minimum: 1 + NetworkConfiguration: + type: object + description: Configures the network resources of the environment. + additionalProperties: false + properties: + SubnetIds: + type: array + x-insertionOrder: true + description: A list of subnets to use for the environment. These must be private subnets, in the same VPC, in two different availability zones. + minItems: 2 + maxItems: 2 + items: + $ref: '#/components/schemas/SubnetId' + SecurityGroupIds: + type: array + x-insertionOrder: true + description: A list of security groups to use for the environment. + minItems: 1 + maxItems: 5 + items: + $ref: '#/components/schemas/SecurityGroupId' + LoggingConfiguration: + type: object + description: Logging configuration for the environment. + additionalProperties: false + properties: + DagProcessingLogs: + $ref: '#/components/schemas/ModuleLoggingConfiguration' + SchedulerLogs: + $ref: '#/components/schemas/ModuleLoggingConfiguration' + WebserverLogs: + $ref: '#/components/schemas/ModuleLoggingConfiguration' + WorkerLogs: + $ref: '#/components/schemas/ModuleLoggingConfiguration' + TaskLogs: + $ref: '#/components/schemas/ModuleLoggingConfiguration' + LoggingConfigurationInput: + type: object + description: Configures logging for the environment. + additionalProperties: false + properties: + DagProcessingLogs: + $ref: '#/components/schemas/ModuleLoggingConfigurationInput' + SchedulerLogs: + $ref: '#/components/schemas/ModuleLoggingConfigurationInput' + WebserverLogs: + $ref: '#/components/schemas/ModuleLoggingConfigurationInput' + WorkerLogs: + $ref: '#/components/schemas/ModuleLoggingConfigurationInput' + TaskLogs: + $ref: '#/components/schemas/ModuleLoggingConfigurationInput' + ModuleLoggingConfiguration: + type: object + description: Logging configuration for a specific airflow component. + additionalProperties: false + properties: + Enabled: + $ref: '#/components/schemas/LoggingEnabled' + LogLevel: + $ref: '#/components/schemas/LoggingLevel' + CloudWatchLogGroupArn: + $ref: '#/components/schemas/CloudWatchLogGroupArn' + ModuleLoggingConfigurationInput: + type: object + description: Configures airflow component logging for the environment. + additionalProperties: false + properties: + Enabled: + $ref: '#/components/schemas/LoggingEnabled' + LogLevel: + $ref: '#/components/schemas/LoggingLevel' + LastUpdate: + type: object + description: Details about the last update performed on the environment. + additionalProperties: false + properties: + Status: + $ref: '#/components/schemas/UpdateStatus' + CreatedAt: + $ref: '#/components/schemas/UpdateCreatedAt' + Error: + $ref: '#/components/schemas/UpdateError' + ErrorCode: + type: string + description: The error code associated with an error. + ErrorMessage: + type: string + description: Error message describing a failed operation. + minLength: 1 + maxLength: 1024 + pattern: ^.+$ + S3ObjectVersion: + type: string + description: Represents an version ID for an S3 object. + maxLength: 1024 + WeeklyMaintenanceWindowStart: + type: string + description: Start time for the weekly maintenance window. + maxLength: 9 + pattern: (MON|TUE|WED|THU|FRI|SAT|SUN):([01]\d|2[0-3]):(00|30) + WebserverAccessMode: + type: string + description: Choice for mode of webserver access including over public internet or via private VPC endpoint. + enum: + - PRIVATE_ONLY + - PUBLIC_ONLY + EndpointManagement: + type: string + description: Defines whether the VPC endpoints configured for the environment are created, and managed, by the customer or by Amazon MWAA. + enum: + - CUSTOMER + - SERVICE + CeleryExecutorQueue: + type: string + description: The celery executor queue associated with the environment. + maxLength: 1224 + DatabaseVpcEndpointService: + type: string + description: The database VPC endpoint service name. + maxLength: 1224 + WebserverVpcEndpointService: + type: string + description: The webserver VPC endpoint service name, applicable if private webserver access mode selected. + maxLength: 1224 + Environment: + type: object + properties: + Name: + $ref: '#/components/schemas/EnvironmentName' + Arn: + $ref: '#/components/schemas/EnvironmentArn' + WebserverUrl: + $ref: '#/components/schemas/WebserverUrl' + ExecutionRoleArn: + $ref: '#/components/schemas/ExecutionRoleArn' + KmsKey: + $ref: '#/components/schemas/KmsKey' + AirflowVersion: + $ref: '#/components/schemas/AirflowVersion' + SourceBucketArn: + $ref: '#/components/schemas/S3BucketArn' + DagS3Path: + $ref: '#/components/schemas/RelativePath' + PluginsS3Path: + $ref: '#/components/schemas/RelativePath' + PluginsS3ObjectVersion: + $ref: '#/components/schemas/S3ObjectVersion' + RequirementsS3Path: + $ref: '#/components/schemas/RelativePath' + RequirementsS3ObjectVersion: + $ref: '#/components/schemas/S3ObjectVersion' + StartupScriptS3Path: + $ref: '#/components/schemas/RelativePath' + StartupScriptS3ObjectVersion: + $ref: '#/components/schemas/S3ObjectVersion' + AirflowConfigurationOptions: + type: object + description: |- + Key/value pairs representing Airflow configuration variables. + Keys are prefixed by their section: + + [core] + dags_folder={AIRFLOW_HOME}/dags + + Would be represented as + + "core.dags_folder": "{AIRFLOW_HOME}/dags" + EnvironmentClass: + $ref: '#/components/schemas/EnvironmentClass' + MaxWorkers: + $ref: '#/components/schemas/MaxWorkers' + MinWorkers: + $ref: '#/components/schemas/MinWorkers' + Schedulers: + $ref: '#/components/schemas/Schedulers' + NetworkConfiguration: + $ref: '#/components/schemas/NetworkConfiguration' + LoggingConfiguration: + $ref: '#/components/schemas/LoggingConfiguration' + WeeklyMaintenanceWindowStart: + $ref: '#/components/schemas/WeeklyMaintenanceWindowStart' + Tags: + type: object + description: A map of tags for the environment. + WebserverAccessMode: + $ref: '#/components/schemas/WebserverAccessMode' + EndpointManagement: + $ref: '#/components/schemas/EndpointManagement' + CeleryExecutorQueue: + $ref: '#/components/schemas/CeleryExecutorQueue' + DatabaseVpcEndpointService: + $ref: '#/components/schemas/DatabaseVpcEndpointService' + WebserverVpcEndpointService: + $ref: '#/components/schemas/WebserverVpcEndpointService' + required: + - Name + x-stackql-resource-name: environment + description: Resource schema for AWS::MWAA::Environment + x-type-name: AWS::MWAA::Environment + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - KmsKey + - NetworkConfiguration/SubnetIds + - EndpointManagement + x-read-only-properties: + - Arn + - CeleryExecutorQueue + - DatabaseVpcEndpointService + - WebserverVpcEndpointService + - WebserverUrl + - LoggingConfiguration/DagProcessingLogs/CloudWatchLogGroupArn + - LoggingConfiguration/SchedulerLogs/CloudWatchLogGroupArn + - LoggingConfiguration/WebserverLogs/CloudWatchLogGroupArn + - LoggingConfiguration/WorkerLogs/CloudWatchLogGroupArn + - LoggingConfiguration/TaskLogs/CloudWatchLogGroupArn + x-required-properties: + - Name + x-taggable: true + x-required-permissions: + create: + - airflow:CreateEnvironment + read: + - airflow:GetEnvironment + update: + - airflow:UpdateEnvironment + - airflow:TagResource + - airflow:UntagResource + delete: + - airflow:DeleteEnvironment + list: + - airflow:ListEnvironments + x-stackQL-resources: + environments: + name: environments + id: aws.mwaa.environments + x-cfn-schema-name: Environment + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MWAA::Environment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MWAA::Environment' + AND region = 'us-east-1' + environment: + name: environment + id: aws.mwaa.environment + x-cfn-schema-name: Environment + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.WebserverUrl') as webserver_url, + JSON_EXTRACT(Properties, '$.ExecutionRoleArn') as execution_role_arn, + JSON_EXTRACT(Properties, '$.KmsKey') as kms_key, + JSON_EXTRACT(Properties, '$.AirflowVersion') as airflow_version, + JSON_EXTRACT(Properties, '$.SourceBucketArn') as source_bucket_arn, + JSON_EXTRACT(Properties, '$.DagS3Path') as dag_s3_path, + JSON_EXTRACT(Properties, '$.PluginsS3Path') as plugins_s3_path, + JSON_EXTRACT(Properties, '$.PluginsS3ObjectVersion') as plugins_s3_object_version, + JSON_EXTRACT(Properties, '$.RequirementsS3Path') as requirements_s3_path, + JSON_EXTRACT(Properties, '$.RequirementsS3ObjectVersion') as requirements_s3_object_version, + JSON_EXTRACT(Properties, '$.StartupScriptS3Path') as startup_script_s3_path, + JSON_EXTRACT(Properties, '$.StartupScriptS3ObjectVersion') as startup_script_s3_object_version, + JSON_EXTRACT(Properties, '$.AirflowConfigurationOptions') as airflow_configuration_options, + JSON_EXTRACT(Properties, '$.EnvironmentClass') as environment_class, + JSON_EXTRACT(Properties, '$.MaxWorkers') as max_workers, + JSON_EXTRACT(Properties, '$.MinWorkers') as min_workers, + JSON_EXTRACT(Properties, '$.Schedulers') as schedulers, + JSON_EXTRACT(Properties, '$.NetworkConfiguration') as network_configuration, + JSON_EXTRACT(Properties, '$.LoggingConfiguration') as logging_configuration, + JSON_EXTRACT(Properties, '$.WeeklyMaintenanceWindowStart') as weekly_maintenance_window_start, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.WebserverAccessMode') as webserver_access_mode, + JSON_EXTRACT(Properties, '$.EndpointManagement') as endpoint_management, + JSON_EXTRACT(Properties, '$.CeleryExecutorQueue') as celery_executor_queue, + JSON_EXTRACT(Properties, '$.DatabaseVpcEndpointService') as database_vpc_endpoint_service, + JSON_EXTRACT(Properties, '$.WebserverVpcEndpointService') as webserver_vpc_endpoint_service + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MWAA::Environment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'WebserverUrl') as webserver_url, + json_extract_path_text(Properties, 'ExecutionRoleArn') as execution_role_arn, + json_extract_path_text(Properties, 'KmsKey') as kms_key, + json_extract_path_text(Properties, 'AirflowVersion') as airflow_version, + json_extract_path_text(Properties, 'SourceBucketArn') as source_bucket_arn, + json_extract_path_text(Properties, 'DagS3Path') as dag_s3_path, + json_extract_path_text(Properties, 'PluginsS3Path') as plugins_s3_path, + json_extract_path_text(Properties, 'PluginsS3ObjectVersion') as plugins_s3_object_version, + json_extract_path_text(Properties, 'RequirementsS3Path') as requirements_s3_path, + json_extract_path_text(Properties, 'RequirementsS3ObjectVersion') as requirements_s3_object_version, + json_extract_path_text(Properties, 'StartupScriptS3Path') as startup_script_s3_path, + json_extract_path_text(Properties, 'StartupScriptS3ObjectVersion') as startup_script_s3_object_version, + json_extract_path_text(Properties, 'AirflowConfigurationOptions') as airflow_configuration_options, + json_extract_path_text(Properties, 'EnvironmentClass') as environment_class, + json_extract_path_text(Properties, 'MaxWorkers') as max_workers, + json_extract_path_text(Properties, 'MinWorkers') as min_workers, + json_extract_path_text(Properties, 'Schedulers') as schedulers, + json_extract_path_text(Properties, 'NetworkConfiguration') as network_configuration, + json_extract_path_text(Properties, 'LoggingConfiguration') as logging_configuration, + json_extract_path_text(Properties, 'WeeklyMaintenanceWindowStart') as weekly_maintenance_window_start, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'WebserverAccessMode') as webserver_access_mode, + json_extract_path_text(Properties, 'EndpointManagement') as endpoint_management, + json_extract_path_text(Properties, 'CeleryExecutorQueue') as celery_executor_queue, + json_extract_path_text(Properties, 'DatabaseVpcEndpointService') as database_vpc_endpoint_service, + json_extract_path_text(Properties, 'WebserverVpcEndpointService') as webserver_vpc_endpoint_service + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MWAA::Environment' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/neptune.yaml b/providers/src/aws/v00.00.00000/services/neptune.yaml new file mode 100644 index 00000000..5ac0f030 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/neptune.yaml @@ -0,0 +1,398 @@ +openapi: 3.0.0 +info: + title: Neptune + version: 1.0.0 +paths: {} +components: + schemas: + DBClusterRole: + description: Describes an AWS Identity and Access Management (IAM) role that is associated with a DB cluster. + type: object + additionalProperties: false + properties: + FeatureName: + description: The name of the feature associated with the AWS Identity and Access Management (IAM) role. For the list of supported feature names, see DBEngineVersion in the Amazon Neptune API Reference. + type: string + RoleArn: + description: The Amazon Resource Name (ARN) of the IAM role that is associated with the DB cluster. + type: string + required: + - RoleArn + ServerlessScalingConfiguration: + description: Contains the scaling configuration of an Neptune Serverless DB cluster. + type: object + additionalProperties: false + properties: + MinCapacity: + description: The minimum number of Neptune capacity units (NCUs) for a DB instance in an Neptune Serverless cluster. You can specify NCU values in half-step increments, such as 8, 8.5, 9, and so on. The smallest value you can use is 1, whereas the largest is 128. + type: number + minimum: 1 + maximum: 128 + MaxCapacity: + description: The maximum number of Neptune capacity units (NCUs) for a DB instance in an Neptune Serverless cluster. You can specify NCU values in half-step increments, such as 40, 40.5, 41, and so on. The smallest value you can use is 2.5, whereas the largest is 128. + type: number + minimum: 2.5 + maximum: 128 + required: + - MinCapacity + - MaxCapacity + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 0 + maxLength: 256 + required: + - Key + DBCluster: + type: object + properties: + Endpoint: + description: 'The connection endpoint for the DB cluster. For example: `mystack-mydbcluster-1apw1j4phylrk.cg034hpkmmjt.us-east-2.rds.amazonaws.com`' + type: string + ReadEndpoint: + description: 'The reader endpoint for the DB cluster. For example: `mystack-mydbcluster-ro-1apw1j4phylrk.cg034hpkmmjt.us-east-2.rds.amazonaws.com`' + type: string + ClusterResourceId: + description: 'The resource id for the DB cluster. For example: `cluster-ABCD1234EFGH5678IJKL90MNOP`. The cluster ID uniquely identifies the cluster and is used in things like IAM authentication policies.' + type: string + AssociatedRoles: + description: Provides a list of the AWS Identity and Access Management (IAM) roles that are associated with the DB cluster. IAM roles that are associated with a DB cluster grant permission for the DB cluster to access other AWS services on your behalf. + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/DBClusterRole' + AvailabilityZones: + description: Provides the list of EC2 Availability Zones that instances in the DB cluster can be created in. + type: array + uniqueItems: true + x-insertionOrder: true + items: + type: string + BackupRetentionPeriod: + description: Specifies the number of days for which automatic DB snapshots are retained. + default: 1 + minimum: 1 + type: integer + CopyTagsToSnapshot: + description: A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default behaviour is not to copy them. + type: boolean + DBClusterIdentifier: + description: The DB cluster identifier. Contains a user-supplied DB cluster identifier. This identifier is the unique key that identifies a DB cluster stored as a lowercase string. + type: string + pattern: ^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ + minLength: 1 + maxLength: 63 + DBClusterParameterGroupName: + description: Provides the name of the DB cluster parameter group. + type: string + DBInstanceParameterGroupName: + description: The name of the DB parameter group to apply to all instances of the DB cluster. Used only in case of a major EngineVersion upgrade request. + type: string + DBPort: + description: |- + The port number on which the DB instances in the DB cluster accept connections. + + If not specified, the default port used is `8182`. + + Note: `Port` property will soon be deprecated from this resource. Please update existing templates to rename it with new property `DBPort` having same functionalities. + type: integer + DBSubnetGroupName: + description: Specifies information on the subnet group associated with the DB cluster, including the name, description, and subnets in the subnet group. + type: string + DeletionProtection: + description: Indicates whether or not the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. + type: boolean + EnableCloudwatchLogsExports: + description: Specifies a list of log types that are enabled for export to CloudWatch Logs. + type: array + uniqueItems: true + x-insertionOrder: true + items: + type: string + EngineVersion: + description: Indicates the database engine version. + type: string + IamAuthEnabled: + description: True if mapping of Amazon Identity and Access Management (IAM) accounts to database accounts is enabled, and otherwise false. + type: boolean + KmsKeyId: + description: If `StorageEncrypted` is true, the Amazon KMS key identifier for the encrypted DB cluster. + type: string + Port: + description: 'The port number on which the DB cluster accepts connections. For example: `8182`.' + type: string + PreferredBackupWindow: + description: Specifies the daily time range during which automated backups are created if automated backups are enabled, as determined by the BackupRetentionPeriod. + type: string + PreferredMaintenanceWindow: + description: Specifies the weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). + type: string + RestoreToTime: + description: |- + Creates a new DB cluster from a DB snapshot or DB cluster snapshot. + + If a DB snapshot is specified, the target DB cluster is created from the source DB snapshot with a default configuration and default security group. + + If a DB cluster snapshot is specified, the target DB cluster is created from the source DB cluster restore point with the same configuration as the original source DB cluster, except that the new DB cluster is created with the default security group. + type: string + RestoreType: + description: |- + Creates a new DB cluster from a DB snapshot or DB cluster snapshot. + + If a DB snapshot is specified, the target DB cluster is created from the source DB snapshot with a default configuration and default security group. + + If a DB cluster snapshot is specified, the target DB cluster is created from the source DB cluster restore point with the same configuration as the original source DB cluster, except that the new DB cluster is created with the default security group. + type: string + default: full-copy + ServerlessScalingConfiguration: + description: Contains the scaling configuration used by the Neptune Serverless Instances within this DB cluster. + $ref: '#/components/schemas/ServerlessScalingConfiguration' + SnapshotIdentifier: + description: |- + Specifies the identifier for a DB cluster snapshot. Must match the identifier of an existing snapshot. + + After you restore a DB cluster using a SnapshotIdentifier, you must specify the same SnapshotIdentifier for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the snapshot again, and the data in the database is not changed. + + However, if you don't specify the SnapshotIdentifier, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, the DB cluster is restored from the snapshot specified by the SnapshotIdentifier, and the original DB cluster is deleted. + type: string + SourceDBClusterIdentifier: + description: |- + Creates a new DB cluster from a DB snapshot or DB cluster snapshot. + + If a DB snapshot is specified, the target DB cluster is created from the source DB snapshot with a default configuration and default security group. + + If a DB cluster snapshot is specified, the target DB cluster is created from the source DB cluster restore point with the same configuration as the original source DB cluster, except that the new DB cluster is created with the default security group. + type: string + StorageEncrypted: + description: |- + Indicates whether the DB cluster is encrypted. + + If you specify the `DBClusterIdentifier`, `DBSnapshotIdentifier`, or `SourceDBInstanceIdentifier` property, don't specify this property. The value is inherited from the cluster, snapshot, or source DB instance. If you specify the KmsKeyId property, you must enable encryption. + + If you specify the KmsKeyId, you must enable encryption by setting StorageEncrypted to true. + type: boolean + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: The tags assigned to this cluster. + items: + $ref: '#/components/schemas/Tag' + UseLatestRestorableTime: + description: |- + Creates a new DB cluster from a DB snapshot or DB cluster snapshot. + + If a DB snapshot is specified, the target DB cluster is created from the source DB snapshot with a default configuration and default security group. + + If a DB cluster snapshot is specified, the target DB cluster is created from the source DB cluster restore point with the same configuration as the original source DB cluster, except that the new DB cluster is created with the default security group. + type: boolean + VpcSecurityGroupIds: + description: Provides a list of VPC security groups that the DB cluster belongs to. + uniqueItems: true + x-insertionOrder: true + items: + type: string + type: array + x-stackql-resource-name: db_cluster + description: The AWS::Neptune::DBCluster resource creates an Amazon Neptune DB cluster. + x-type-name: AWS::Neptune::DBCluster + x-stackql-primary-identifier: + - DBClusterIdentifier + x-create-only-properties: + - AvailabilityZones + - DBClusterIdentifier + - DBSubnetGroupName + - KmsKeyId + - RestoreToTime + - RestoreType + - SnapshotIdentifier + - SourceDBClusterIdentifier + - StorageEncrypted + - UseLatestRestorableTime + x-write-only-properties: + - DBInstanceParameterGroupName + - RestoreToTime + - RestoreType + - SnapshotIdentifier + - SourceDBClusterIdentifier + - UseLatestRestorableTime + x-read-only-properties: + - Endpoint + - ClusterResourceId + - Port + - ReadEndpoint + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:PassRole + - rds:AddRoleToDBCluster + - rds:AddTagsToResource + - rds:CreateDBCluster + - rds:CreateDBInstance + - rds:DescribeDBClusters + - rds:ListTagsForResource + - rds:ModifyDBCluster + - rds:RestoreDBClusterFromSnapshot + - rds:RestoreDBClusterToPointInTime + - kms:* + read: + - rds:DescribeDBClusters + - rds:ListTagsForResource + - kms:* + update: + - ec2:DescribeSecurityGroups + - iam:PassRole + - rds:AddRoleToDBCluster + - rds:AddTagsToResource + - rds:DescribeDBClusters + - rds:DescribeDBInstances + - rds:DescribeDBSubnetGroups + - rds:DescribeGlobalClusters + - rds:ListTagsForResource + - rds:ModifyDBCluster + - rds:ModifyDBInstance + - rds:RemoveFromGlobalCluster + - rds:RemoveRoleFromDBCluster + - rds:RemoveTagsFromResource + - kms:* + delete: + - rds:DeleteDBCluster + - rds:DeleteDBInstance + - rds:DescribeDBClusters + - rds:DescribeGlobalClusters + - rds:ListTagsForResource + - rds:RemoveFromGlobalCluster + - rds:CreateDBClusterSnapshot + - kms:* + list: + - rds:DescribeDBClusters + - rds:ListTagsForResource + - kms:* + x-stackQL-resources: + db_clusters: + name: db_clusters + id: aws.neptune.db_clusters + x-cfn-schema-name: DBCluster + x-type: list + x-identifiers: + - DBClusterIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DBClusterIdentifier') as db_cluster_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Neptune::DBCluster' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DBClusterIdentifier') as db_cluster_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Neptune::DBCluster' + AND region = 'us-east-1' + db_cluster: + name: db_cluster + id: aws.neptune.db_cluster + x-cfn-schema-name: DBCluster + x-type: get + x-identifiers: + - DBClusterIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.ReadEndpoint') as read_endpoint, + JSON_EXTRACT(Properties, '$.ClusterResourceId') as cluster_resource_id, + JSON_EXTRACT(Properties, '$.AssociatedRoles') as associated_roles, + JSON_EXTRACT(Properties, '$.AvailabilityZones') as availability_zones, + JSON_EXTRACT(Properties, '$.BackupRetentionPeriod') as backup_retention_period, + JSON_EXTRACT(Properties, '$.CopyTagsToSnapshot') as copy_tags_to_snapshot, + JSON_EXTRACT(Properties, '$.DBClusterIdentifier') as db_cluster_identifier, + JSON_EXTRACT(Properties, '$.DBClusterParameterGroupName') as db_cluster_parameter_group_name, + JSON_EXTRACT(Properties, '$.DBInstanceParameterGroupName') as db_instance_parameter_group_name, + JSON_EXTRACT(Properties, '$.DBPort') as db_port, + JSON_EXTRACT(Properties, '$.DBSubnetGroupName') as db_subnet_group_name, + JSON_EXTRACT(Properties, '$.DeletionProtection') as deletion_protection, + JSON_EXTRACT(Properties, '$.EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, + JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(Properties, '$.IamAuthEnabled') as iam_auth_enabled, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.PreferredBackupWindow') as preferred_backup_window, + JSON_EXTRACT(Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, + JSON_EXTRACT(Properties, '$.RestoreToTime') as restore_to_time, + JSON_EXTRACT(Properties, '$.RestoreType') as restore_type, + JSON_EXTRACT(Properties, '$.ServerlessScalingConfiguration') as serverless_scaling_configuration, + JSON_EXTRACT(Properties, '$.SnapshotIdentifier') as snapshot_identifier, + JSON_EXTRACT(Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, + JSON_EXTRACT(Properties, '$.StorageEncrypted') as storage_encrypted, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UseLatestRestorableTime') as use_latest_restorable_time, + JSON_EXTRACT(Properties, '$.VpcSecurityGroupIds') as vpc_security_group_ids + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Neptune::DBCluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'ReadEndpoint') as read_endpoint, + json_extract_path_text(Properties, 'ClusterResourceId') as cluster_resource_id, + json_extract_path_text(Properties, 'AssociatedRoles') as associated_roles, + json_extract_path_text(Properties, 'AvailabilityZones') as availability_zones, + json_extract_path_text(Properties, 'BackupRetentionPeriod') as backup_retention_period, + json_extract_path_text(Properties, 'CopyTagsToSnapshot') as copy_tags_to_snapshot, + json_extract_path_text(Properties, 'DBClusterIdentifier') as db_cluster_identifier, + json_extract_path_text(Properties, 'DBClusterParameterGroupName') as db_cluster_parameter_group_name, + json_extract_path_text(Properties, 'DBInstanceParameterGroupName') as db_instance_parameter_group_name, + json_extract_path_text(Properties, 'DBPort') as db_port, + json_extract_path_text(Properties, 'DBSubnetGroupName') as db_subnet_group_name, + json_extract_path_text(Properties, 'DeletionProtection') as deletion_protection, + json_extract_path_text(Properties, 'EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, + json_extract_path_text(Properties, 'EngineVersion') as engine_version, + json_extract_path_text(Properties, 'IamAuthEnabled') as iam_auth_enabled, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'PreferredBackupWindow') as preferred_backup_window, + json_extract_path_text(Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, + json_extract_path_text(Properties, 'RestoreToTime') as restore_to_time, + json_extract_path_text(Properties, 'RestoreType') as restore_type, + json_extract_path_text(Properties, 'ServerlessScalingConfiguration') as serverless_scaling_configuration, + json_extract_path_text(Properties, 'SnapshotIdentifier') as snapshot_identifier, + json_extract_path_text(Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, + json_extract_path_text(Properties, 'StorageEncrypted') as storage_encrypted, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UseLatestRestorableTime') as use_latest_restorable_time, + json_extract_path_text(Properties, 'VpcSecurityGroupIds') as vpc_security_group_ids + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Neptune::DBCluster' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/neptunegraph.yaml b/providers/src/aws/v00.00.00000/services/neptunegraph.yaml new file mode 100644 index 00000000..fd1a76b9 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/neptunegraph.yaml @@ -0,0 +1,393 @@ +openapi: 3.0.0 +info: + title: NeptuneGraph + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 0 + maxLength: 256 + required: + - Key + VectorSearchConfiguration: + description: The vector search configuration. + type: object + additionalProperties: false + properties: + VectorSearchDimension: + type: integer + description: The vector search dimension + required: + - VectorSearchDimension + Graph: + type: object + properties: + DeletionProtection: + description: |- + Value that indicates whether the Graph has deletion protection enabled. The graph can't be deleted when deletion protection is enabled. + + _Default_: If not specified, the default value is true. + type: boolean + GraphName: + description: |- + Contains a user-supplied name for the Graph. + + If you don't specify a name, we generate a unique Graph Name using a combination of Stack Name and a UUID comprising of 4 characters. + + _Important_: If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + type: string + pattern: ^[a-zA-z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$ + minLength: 1 + maxLength: 63 + ProvisionedMemory: + description: Memory for the Graph. + type: integer + PublicConnectivity: + description: |- + Specifies whether the Graph can be reached over the internet. Access to all graphs requires IAM authentication. + + When the Graph is publicly reachable, its Domain Name System (DNS) endpoint resolves to the public IP address from the internet. + + When the Graph isn't publicly reachable, you need to create a PrivateGraphEndpoint in a given VPC to ensure the DNS name resolves to a private IP address that is reachable from the VPC. + + _Default_: If not specified, the default value is false. + type: boolean + ReplicaCount: + description: |- + Specifies the number of replicas you want when finished. All replicas will be provisioned in different availability zones. + + Replica Count should always be less than or equal to 2. + + _Default_: If not specified, the default value is 1. + type: integer + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: The tags associated with this graph. + items: + $ref: '#/components/schemas/Tag' + VectorSearchConfiguration: + description: Vector Search Configuration + $ref: '#/components/schemas/VectorSearchConfiguration' + Endpoint: + description: 'The connection endpoint for the graph. For example: `g-12a3bcdef4.us-east-1.neptune-graph.amazonaws.com`' + type: string + GraphArn: + description: Graph resource ARN + type: string + GraphId: + description: The auto-generated id assigned by the service. + type: string + required: + - ProvisionedMemory + x-stackql-resource-name: graph + description: The AWS::NeptuneGraph::Graph resource creates an Amazon NeptuneGraph Graph. + x-type-name: AWS::NeptuneGraph::Graph + x-stackql-primary-identifier: + - GraphId + x-stackql-additional-identifiers: + - - GraphName + x-create-only-properties: + - GraphName + - ReplicaCount + - VectorSearchConfiguration + x-conditional-create-only-properties: + - ProvisionedMemory + x-read-only-properties: + - GraphArn + - GraphId + - Endpoint + x-required-properties: + - ProvisionedMemory + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:PassRole + - neptune-graph:CreateGraph + - neptune-graph:GetGraph + - neptune-graph:ListTagsForResource + - neptune-graph:TagResource + - kms:DescribeKey + - kms:CreateGrant + - kms:Decrypt + - iam:CreateServiceLinkedRole + read: + - neptune-graph:GetGraph + - neptune-graph:ListTagsForResource + - kms:DescribeKey + - kms:CreateGrant + - kms:Decrypt + update: + - iam:PassRole + - neptune-graph:GetGraph + - neptune-graph:ListTagsForResource + - neptune-graph:TagResource + - neptune-graph:UntagResource + - neptune-graph:UpdateGraph + - kms:DescribeKey + - kms:CreateGrant + - kms:Decrypt + delete: + - neptune-graph:DeleteGraph + - neptune-graph:GetGraph + - kms:DescribeKey + - kms:CreateGrant + - kms:Decrypt + list: + - neptune-graph:GetGraph + - neptune-graph:ListGraphs + - kms:DescribeKey + - kms:CreateGrant + - kms:Decrypt + PrivateGraphEndpoint: + type: object + properties: + GraphIdentifier: + description: The auto-generated Graph Id assigned by the service. + type: string + SecurityGroupIds: + description: The security group Ids associated with the VPC where you want the private graph endpoint to be created, ie, the graph will be reachable from within the VPC. + type: array + x-insertionOrder: false + items: + type: string + SubnetIds: + description: The subnet Ids associated with the VPC where you want the private graph endpoint to be created, ie, the graph will be reachable from within the VPC. + type: array + x-insertionOrder: false + items: + type: string + VpcId: + description: The VPC where you want the private graph endpoint to be created, ie, the graph will be reachable from within the VPC. + type: string + PrivateGraphEndpointIdentifier: + description: |- + PrivateGraphEndpoint resource identifier generated by concatenating the associated GraphIdentifier and VpcId with an underscore separator. + + For example, if GraphIdentifier is `g-12a3bcdef4` and VpcId is `vpc-0a12bc34567de8f90`, the generated PrivateGraphEndpointIdentifier will be `g-12a3bcdef4_vpc-0a12bc34567de8f90` + type: string + VpcEndpointId: + description: VPC endpoint that provides a private connection between the Graph and specified VPC. + type: string + required: + - GraphIdentifier + - VpcId + x-stackql-resource-name: private_graph_endpoint + description: The AWS::NeptuneGraph::PrivateGraphEndpoint resource creates an Amazon NeptuneGraph PrivateGraphEndpoint. + x-type-name: AWS::NeptuneGraph::PrivateGraphEndpoint + x-stackql-primary-identifier: + - PrivateGraphEndpointIdentifier + x-stackql-additional-identifiers: + - - GraphIdentifier + - VpcId + x-create-only-properties: + - GraphIdentifier + - SecurityGroupIds + - SubnetIds + - VpcId + x-write-only-properties: + - GraphIdentifier + - SecurityGroupIds + x-read-only-properties: + - PrivateGraphEndpointIdentifier + - VpcEndpointId + x-required-properties: + - GraphIdentifier + - VpcId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:CreateVpcEndpoint + - ec2:DescribeVpcEndpoints + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcs + - ec2:DescribeVpcAttribute + - ec2:DescribeAvailabilityZones + - ec2:ModifyVpcEndpoint + - route53:AssociateVPCWithHostedZone + - iam:PassRole + - neptune-graph:CreatePrivateGraphEndpoint + - neptune-graph:GetPrivateGraphEndpoint + - iam:CreateServiceLinkedRole + read: + - neptune-graph:GetPrivateGraphEndpoint + update: + - iam:PassRole + - neptune-graph:GetPrivateGraphEndpoint + delete: + - ec2:DeleteVpcEndpoints + - ec2:DescribeVpcEndpoints + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcs + - ec2:DescribeVpcAttribute + - ec2:DescribeAvailabilityZones + - ec2:ModifyVpcEndpoint + - route53:DisassociateVPCFromHostedZone + - neptune-graph:DeletePrivateGraphEndpoint + - neptune-graph:GetPrivateGraphEndpoint + list: + - neptune-graph:GetPrivateGraphEndpoint + - neptune-graph:ListPrivateGraphEndpoints + x-stackQL-resources: + graphs: + name: graphs + id: aws.neptunegraph.graphs + x-cfn-schema-name: Graph + x-type: list + x-identifiers: + - GraphId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GraphId') as graph_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NeptuneGraph::Graph' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GraphId') as graph_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NeptuneGraph::Graph' + AND region = 'us-east-1' + graph: + name: graph + id: aws.neptunegraph.graph + x-cfn-schema-name: Graph + x-type: get + x-identifiers: + - GraphId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DeletionProtection') as deletion_protection, + JSON_EXTRACT(Properties, '$.GraphName') as graph_name, + JSON_EXTRACT(Properties, '$.ProvisionedMemory') as provisioned_memory, + JSON_EXTRACT(Properties, '$.PublicConnectivity') as public_connectivity, + JSON_EXTRACT(Properties, '$.ReplicaCount') as replica_count, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VectorSearchConfiguration') as vector_search_configuration, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.GraphArn') as graph_arn, + JSON_EXTRACT(Properties, '$.GraphId') as graph_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NeptuneGraph::Graph' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DeletionProtection') as deletion_protection, + json_extract_path_text(Properties, 'GraphName') as graph_name, + json_extract_path_text(Properties, 'ProvisionedMemory') as provisioned_memory, + json_extract_path_text(Properties, 'PublicConnectivity') as public_connectivity, + json_extract_path_text(Properties, 'ReplicaCount') as replica_count, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VectorSearchConfiguration') as vector_search_configuration, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'GraphArn') as graph_arn, + json_extract_path_text(Properties, 'GraphId') as graph_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NeptuneGraph::Graph' + AND data__Identifier = '' + AND region = 'us-east-1' + private_graph_endpoints: + name: private_graph_endpoints + id: aws.neptunegraph.private_graph_endpoints + x-cfn-schema-name: PrivateGraphEndpoint + x-type: list + x-identifiers: + - PrivateGraphEndpointIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PrivateGraphEndpointIdentifier') as private_graph_endpoint_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NeptuneGraph::PrivateGraphEndpoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PrivateGraphEndpointIdentifier') as private_graph_endpoint_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NeptuneGraph::PrivateGraphEndpoint' + AND region = 'us-east-1' + private_graph_endpoint: + name: private_graph_endpoint + id: aws.neptunegraph.private_graph_endpoint + x-cfn-schema-name: PrivateGraphEndpoint + x-type: get + x-identifiers: + - PrivateGraphEndpointIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.GraphIdentifier') as graph_identifier, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.PrivateGraphEndpointIdentifier') as private_graph_endpoint_identifier, + JSON_EXTRACT(Properties, '$.VpcEndpointId') as vpc_endpoint_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NeptuneGraph::PrivateGraphEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'GraphIdentifier') as graph_identifier, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'PrivateGraphEndpointIdentifier') as private_graph_endpoint_identifier, + json_extract_path_text(Properties, 'VpcEndpointId') as vpc_endpoint_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NeptuneGraph::PrivateGraphEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/networkfirewall.yaml b/providers/src/aws/v00.00.00000/services/networkfirewall.yaml new file mode 100644 index 00000000..a79f8472 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/networkfirewall.yaml @@ -0,0 +1,1344 @@ +openapi: 3.0.0 +info: + title: NetworkFirewall + version: 1.0.0 +paths: {} +components: + schemas: + ResourceArn: + description: A resource ARN. + type: string + pattern: ^(arn:aws.*)$ + minLength: 1 + maxLength: 256 + EndpointId: + description: An endpoint Id. + type: string + SubnetMapping: + type: object + properties: + SubnetId: + description: A SubnetId. + type: string + IPAddressType: + description: A IPAddressType + type: string + required: + - SubnetId + additionalProperties: false + Tag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + pattern: ^.*$ + Value: + type: string + minLength: 0 + maxLength: 255 + pattern: ^.*$ + required: + - Key + - Value + additionalProperties: false + Firewall: + type: object + properties: + FirewallName: + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9-]+$ + FirewallArn: + $ref: '#/components/schemas/ResourceArn' + FirewallId: + type: string + minLength: 36 + maxLength: 36 + pattern: ^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$ + FirewallPolicyArn: + $ref: '#/components/schemas/ResourceArn' + VpcId: + type: string + minLength: 1 + maxLength: 128 + pattern: ^vpc-[0-9a-f]+$ + SubnetMappings: + type: array + minItems: 1 + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/SubnetMapping' + DeleteProtection: + type: boolean + SubnetChangeProtection: + type: boolean + FirewallPolicyChangeProtection: + type: boolean + Description: + type: string + maxLength: 512 + pattern: ^.*$ + EndpointIds: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/EndpointId' + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + required: + - FirewallName + - FirewallPolicyArn + - VpcId + - SubnetMappings + x-stackql-resource-name: firewall + description: Resource type definition for AWS::NetworkFirewall::Firewall + x-type-name: AWS::NetworkFirewall::Firewall + x-stackql-primary-identifier: + - FirewallArn + x-create-only-properties: + - VpcId + - FirewallName + x-read-only-properties: + - FirewallArn + - FirewallId + - EndpointIds + x-required-properties: + - FirewallName + - FirewallPolicyArn + - VpcId + - SubnetMappings + x-tagging: + taggable: true + x-required-permissions: + create: + - ec2:CreateVpcEndpoint + - ec2:DescribeVpcEndpoints + - ec2:DescribeSubnets + - ec2:DescribeVpcs + - iam:CreateServiceLinkedRole + - network-firewall:CreateFirewall + - network-firewall:DescribeFirewallPolicy + - network-firewall:DescribeRuleGroup + - network-firewall:TagResource + - network-firewall:AssociateSubnets + - network-firewall:AssociateFirewallPolicy + - network-firewall:DescribeFirewall + read: + - network-firewall:DescribeFirewall + - network-firewall:ListTagsForResources + update: + - network-firewall:AssociateSubnets + - network-firewall:DisassociateSubnets + - network-firewall:UpdateFirewallDescription + - network-firewall:UpdateFirewallDeleteProtection + - network-firewall:UpdateSubnetChangeProtection + - network-firewall:UpdateFirewallPolicyChangeProtection + - network-firewall:AssociateFirewallPolicy + - network-firewall:TagResource + - network-firewall:UntagResource + - network-firewall:DescribeFirewall + delete: + - ec2:DeleteVpcEndpoints + - ec2:DescribeRouteTables + - logs:DescribeLogGroups + - logs:DescribeResourcePolicies + - logs:GetLogDelivery + - logs:ListLogDeliveries + - network-firewall:DeleteFirewall + - network-firewall:UntagResource + - network-firewall:DescribeFirewall + list: + - network-firewall:ListFirewalls + FirewallPolicy: + type: object + properties: + FirewallPolicyName: + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9-]+$ + FirewallPolicyArn: + $ref: '#/components/schemas/ResourceArn' + FirewallPolicy: + $ref: '#/components/schemas/FirewallPolicy' + FirewallPolicyId: + type: string + minLength: 36 + maxLength: 36 + pattern: ^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$ + Description: + type: string + minLength: 1 + maxLength: 512 + pattern: ^.*$ + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + required: + - FirewallPolicyName + - FirewallPolicy + x-stackql-resource-name: firewall_policy + description: Resource type definition for AWS::NetworkFirewall::FirewallPolicy + x-type-name: AWS::NetworkFirewall::FirewallPolicy + x-stackql-primary-identifier: + - FirewallPolicyArn + x-create-only-properties: + - FirewallPolicyName + x-read-only-properties: + - FirewallPolicyArn + - FirewallPolicyId + x-required-properties: + - FirewallPolicyName + - FirewallPolicy + x-tagging: + taggable: true + x-required-permissions: + create: + - network-firewall:CreateFirewallPolicy + - network-firewall:DescribeFirewallPolicy + - network-firewall:ListTLSInspectionConfigurations + - network-firewall:TagResource + - network-firewall:ListRuleGroups + read: + - network-firewall:DescribeFirewallPolicy + - network-firewall:ListTagsForResources + update: + - network-firewall:UpdateFirewallPolicy + - network-firewall:DescribeFirewallPolicy + - network-firewall:TagResource + - network-firewall:UntagResource + - network-firewall:ListRuleGroups + - network-firewall:ListTLSInspectionConfigurations + delete: + - network-firewall:DeleteFirewallPolicy + - network-firewall:DescribeFirewallPolicy + - network-firewall:UntagResource + list: + - network-firewall:ListFirewallPolicies + RuleVariables: + type: object + properties: + IPSets: + type: object + x-patternProperties: + ^[A-Za-z0-9_]{1,32}$: + $ref: '#/components/schemas/IPSet' + additionalProperties: false + PortSets: + type: object + x-patternProperties: + ^[A-Za-z0-9_]{1,32}$: + $ref: '#/components/schemas/PortSet' + additionalProperties: false + additionalProperties: false + CustomAction: + type: object + properties: + ActionName: + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9]+$ + ActionDefinition: + $ref: '#/components/schemas/ActionDefinition' + required: + - ActionName + - ActionDefinition + additionalProperties: false + ActionDefinition: + type: object + properties: + PublishMetricAction: + $ref: '#/components/schemas/PublishMetricAction' + additionalProperties: false + PublishMetricAction: + type: object + properties: + Dimensions: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/Dimension' + required: + - Dimensions + additionalProperties: false + Dimension: + type: object + properties: + Value: + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9-_ ]+$ + required: + - Value + additionalProperties: false + StatefulRuleGroupReference: + type: object + properties: + ResourceArn: + $ref: '#/components/schemas/ResourceArn' + Priority: + $ref: '#/components/schemas/Priority' + Override: + $ref: '#/components/schemas/StatefulRuleGroupOverride' + required: + - ResourceArn + additionalProperties: false + StatelessRuleGroupReference: + type: object + properties: + ResourceArn: + $ref: '#/components/schemas/ResourceArn' + Priority: + $ref: '#/components/schemas/Priority' + required: + - ResourceArn + - Priority + additionalProperties: false + Priority: + type: integer + minimum: 1 + maximum: 65535 + VariableDefinition: + type: string + minLength: 1 + pattern: ^.*$ + IPSet: + type: object + properties: + Definition: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/VariableDefinition' + additionalProperties: false + StatefulRuleGroupOverride: + type: object + properties: + Action: + $ref: '#/components/schemas/OverrideAction' + additionalProperties: false + OverrideAction: + type: string + enum: + - DROP_TO_ALERT + StatefulEngineOptions: + type: object + properties: + RuleOrder: + $ref: '#/components/schemas/RuleOrder' + StreamExceptionPolicy: + $ref: '#/components/schemas/StreamExceptionPolicy' + additionalProperties: false + RuleOrder: + type: string + enum: + - DEFAULT_ACTION_ORDER + - STRICT_ORDER + StreamExceptionPolicy: + type: string + enum: + - DROP + - CONTINUE + - REJECT + LoggingConfiguration: + type: object + properties: + FirewallName: + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9-]+$ + FirewallArn: + $ref: '#/components/schemas/ResourceArn' + LoggingConfiguration: + $ref: '#/components/schemas/LoggingConfiguration' + required: + - FirewallArn + - LoggingConfiguration + x-stackql-resource-name: logging_configuration + description: Resource type definition for AWS::NetworkFirewall::LoggingConfiguration + x-type-name: AWS::NetworkFirewall::LoggingConfiguration + x-stackql-primary-identifier: + - FirewallArn + x-create-only-properties: + - FirewallName + - FirewallArn + x-required-properties: + - FirewallArn + - LoggingConfiguration + x-tagging: + taggable: false + x-required-permissions: + create: + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:ListLogDeliveries + - s3:PutBucketPolicy + - s3:GetBucketPolicy + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - iam:CreateServiceLinkedRole + - firehose:TagDeliveryStream + - network-firewall:UpdateLoggingConfiguration + - network-firewall:DescribeLoggingConfiguration + read: + - logs:GetLogDelivery + - logs:ListLogDeliveries + - network-firewall:DescribeLoggingConfiguration + update: + - logs:CreateLogDelivery + - logs:DeleteLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:ListLogDeliveries + - s3:PutBucketPolicy + - s3:GetBucketPolicy + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - iam:CreateServiceLinkedRole + - firehose:TagDeliveryStream + - network-firewall:UpdateLoggingConfiguration + - network-firewall:DescribeLoggingConfiguration + delete: + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - logs:GetLogDelivery + - network-firewall:UpdateLoggingConfiguration + - network-firewall:DescribeLoggingConfiguration + list: + - logs:GetLogDelivery + - logs:ListLogDeliveries + - network-firewall:DescribeLoggingConfiguration + LogDestinationConfig: + type: object + properties: + LogType: + type: string + enum: + - ALERT + - FLOW + LogDestinationType: + type: string + enum: + - S3 + - CloudWatchLogs + - KinesisDataFirehose + LogDestination: + type: object + description: A key-value pair to configure the logDestinations. + x-patternProperties: + ^[0-9A-Za-z.\-_@\/]+$: + type: string + minLength: 1 + maxLength: 1024 + minProperties: 1 + additionalProperties: false + required: + - LogType + - LogDestinationType + - LogDestination + additionalProperties: false + RulesString: + type: string + minLength: 0 + maxLength: 1000000 + RuleGroup: + type: object + properties: + RuleGroupName: + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9-]+$ + RuleGroupArn: + $ref: '#/components/schemas/ResourceArn' + RuleGroupId: + type: string + minLength: 36 + maxLength: 36 + pattern: ^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$ + RuleGroup: + $ref: '#/components/schemas/RuleGroup' + Type: + type: string + enum: + - STATELESS + - STATEFUL + Capacity: + type: integer + Description: + type: string + minLength: 1 + maxLength: 512 + pattern: ^.*$ + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + required: + - Type + - Capacity + - RuleGroupName + x-stackql-resource-name: rule_group + description: Resource type definition for AWS::NetworkFirewall::RuleGroup + x-type-name: AWS::NetworkFirewall::RuleGroup + x-stackql-primary-identifier: + - RuleGroupArn + x-create-only-properties: + - RuleGroupName + - Capacity + - Type + x-read-only-properties: + - RuleGroupArn + - RuleGroupId + x-required-properties: + - Type + - Capacity + - RuleGroupName + x-tagging: + taggable: true + x-required-permissions: + create: + - network-firewall:CreateRuleGroup + - network-firewall:DescribeRuleGroup + - network-firewall:TagResource + - network-firewall:ListRuleGroups + - iam:CreateServiceLinkedRole + - ec2:GetManagedPrefixListEntries + read: + - network-firewall:DescribeRuleGroup + - network-firewall:ListTagsForResources + update: + - network-firewall:UpdateRuleGroup + - network-firewall:DescribeRuleGroup + - network-firewall:TagResource + - network-firewall:UntagResource + - iam:CreateServiceLinkedRole + - ec2:GetManagedPrefixListEntries + delete: + - network-firewall:DeleteRuleGroup + - network-firewall:DescribeRuleGroup + - network-firewall:UntagResource + list: + - network-firewall:ListRuleGroups + PortSet: + type: object + properties: + Definition: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/VariableDefinition' + additionalProperties: false + ReferenceSets: + type: object + properties: + IPSetReferences: + type: object + x-patternProperties: + ^[A-Za-z0-9_]{1,32}$: + $ref: '#/components/schemas/IPSetReference' + additionalProperties: false + additionalProperties: false + IPSetReference: + type: object + properties: + ReferenceArn: + $ref: '#/components/schemas/ResourceArn' + additionalProperties: false + RulesSource: + type: object + properties: + RulesString: + $ref: '#/components/schemas/RulesString' + RulesSourceList: + $ref: '#/components/schemas/RulesSourceList' + StatefulRules: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/StatefulRule' + StatelessRulesAndCustomActions: + $ref: '#/components/schemas/StatelessRulesAndCustomActions' + additionalProperties: false + RulesSourceList: + type: object + properties: + Targets: + type: array + x-insertionOrder: true + uniqueItems: false + items: + type: string + TargetTypes: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/TargetType' + GeneratedRulesType: + $ref: '#/components/schemas/GeneratedRulesType' + required: + - Targets + - TargetTypes + - GeneratedRulesType + additionalProperties: false + TargetType: + type: string + enum: + - TLS_SNI + - HTTP_HOST + GeneratedRulesType: + type: string + enum: + - ALLOWLIST + - DENYLIST + StatefulRule: + type: object + properties: + Action: + type: string + enum: + - PASS + - DROP + - ALERT + - REJECT + Header: + $ref: '#/components/schemas/Header' + RuleOptions: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/RuleOption' + required: + - Action + - Header + - RuleOptions + additionalProperties: false + Header: + type: object + properties: + Protocol: + type: string + enum: + - IP + - TCP + - UDP + - ICMP + - HTTP + - FTP + - TLS + - SMB + - DNS + - DCERPC + - SSH + - SMTP + - IMAP + - MSN + - KRB5 + - IKEV2 + - TFTP + - NTP + - DHCP + Source: + type: string + minLength: 1 + maxLength: 1024 + pattern: ^.*$ + SourcePort: + $ref: '#/components/schemas/Port' + Direction: + type: string + enum: + - FORWARD + - ANY + Destination: + type: string + minLength: 1 + maxLength: 1024 + pattern: ^.*$ + DestinationPort: + $ref: '#/components/schemas/Port' + required: + - Protocol + - Source + - SourcePort + - Direction + - Destination + - DestinationPort + additionalProperties: false + RuleOption: + type: object + properties: + Keyword: + type: string + minLength: 1 + maxLength: 128 + pattern: ^.*$ + Settings: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/Setting' + required: + - Keyword + additionalProperties: false + Setting: + type: string + minLength: 1 + maxLength: 8192 + pattern: ^.*$ + Port: + type: string + minLength: 1 + maxLength: 1024 + pattern: ^.*$ + StatelessRulesAndCustomActions: + type: object + properties: + StatelessRules: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/StatelessRule' + CustomActions: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/CustomAction' + required: + - StatelessRules + additionalProperties: false + StatelessRule: + type: object + properties: + RuleDefinition: + $ref: '#/components/schemas/RuleDefinition' + Priority: + type: integer + minimum: 1 + maximum: 65535 + required: + - RuleDefinition + - Priority + additionalProperties: false + RuleDefinition: + type: object + properties: + MatchAttributes: + $ref: '#/components/schemas/MatchAttributes' + Actions: + type: array + x-insertionOrder: true + uniqueItems: false + items: + type: string + required: + - MatchAttributes + - Actions + additionalProperties: false + MatchAttributes: + type: object + properties: + Sources: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/Address' + Destinations: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/Address' + SourcePorts: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/PortRange' + DestinationPorts: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/PortRange' + Protocols: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/ProtocolNumber' + TCPFlags: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/TCPFlagField' + additionalProperties: false + Address: + type: object + properties: + AddressDefinition: + type: string + minLength: 1 + maxLength: 255 + pattern: ^([a-fA-F\d:\.]+/\d{1,3})$ + required: + - AddressDefinition + additionalProperties: false + PortRange: + type: object + properties: + FromPort: + $ref: '#/components/schemas/PortRangeBound' + ToPort: + $ref: '#/components/schemas/PortRangeBound' + required: + - FromPort + - ToPort + additionalProperties: false + PortRangeBound: + type: integer + minimum: 0 + maximum: 65535 + ProtocolNumber: + type: integer + minimum: 0 + maximum: 255 + TCPFlagField: + type: object + properties: + Flags: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/TCPFlag' + Masks: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/TCPFlag' + required: + - Flags + additionalProperties: false + TCPFlag: + type: string + enum: + - FIN + - SYN + - RST + - PSH + - ACK + - URG + - ECE + - CWR + StatefulRuleOptions: + type: object + properties: + RuleOrder: + $ref: '#/components/schemas/RuleOrder' + additionalProperties: false + TLSInspectionConfiguration: + type: object + properties: + TLSInspectionConfigurationName: + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9-]+$ + TLSInspectionConfigurationArn: + $ref: '#/components/schemas/ResourceArn' + TLSInspectionConfiguration: + $ref: '#/components/schemas/TLSInspectionConfiguration' + TLSInspectionConfigurationId: + type: string + minLength: 36 + maxLength: 36 + pattern: ^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$ + Description: + type: string + minLength: 1 + maxLength: 512 + pattern: ^.*$ + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + required: + - TLSInspectionConfigurationName + - TLSInspectionConfiguration + x-stackql-resource-name: tls_inspection_configuration + description: Resource type definition for AWS::NetworkFirewall::TLSInspectionConfiguration + x-type-name: AWS::NetworkFirewall::TLSInspectionConfiguration + x-stackql-primary-identifier: + - TLSInspectionConfigurationArn + x-create-only-properties: + - TLSInspectionConfigurationName + x-read-only-properties: + - TLSInspectionConfigurationArn + - TLSInspectionConfigurationId + x-required-properties: + - TLSInspectionConfigurationName + - TLSInspectionConfiguration + x-tagging: + taggable: true + x-required-permissions: + create: + - iam:CreateServiceLinkedRole + - network-firewall:CreateTLSInspectionConfiguration + - network-firewall:DescribeTLSInspectionConfiguration + - network-firewall:TagResource + read: + - network-firewall:DescribeTLSInspectionConfiguration + - network-firewall:ListTagsForResources + update: + - network-firewall:UpdateTLSInspectionConfiguration + - network-firewall:DescribeTLSInspectionConfiguration + - network-firewall:TagResource + - network-firewall:UntagResource + delete: + - network-firewall:DeleteTLSInspectionConfiguration + - network-firewall:DescribeTLSInspectionConfiguration + - network-firewall:UntagResource + list: + - network-firewall:ListTLSInspectionConfigurations + ServerCertificateConfiguration: + type: object + properties: + ServerCertificates: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/ServerCertificate' + Scopes: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/ServerCertificateScope' + CertificateAuthorityArn: + $ref: '#/components/schemas/ResourceArn' + CheckCertificateRevocationStatus: + type: object + properties: + RevokedStatusAction: + $ref: '#/components/schemas/RevokedStatusAction' + UnknownStatusAction: + $ref: '#/components/schemas/UnknownStatusAction' + additionalProperties: false + additionalProperties: false + RevokedStatusAction: + type: string + enum: + - PASS + - DROP + - REJECT + UnknownStatusAction: + type: string + enum: + - PASS + - DROP + - REJECT + ServerCertificate: + type: object + properties: + ResourceArn: + $ref: '#/components/schemas/ResourceArn' + additionalProperties: false + ServerCertificateScope: + type: object + properties: + Sources: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/Address' + Destinations: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/Address' + SourcePorts: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/PortRange' + DestinationPorts: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/PortRange' + Protocols: + type: array + x-insertionOrder: true + uniqueItems: false + items: + $ref: '#/components/schemas/ProtocolNumber' + additionalProperties: false + x-stackQL-resources: + firewalls: + name: firewalls + id: aws.networkfirewall.firewalls + x-cfn-schema-name: Firewall + x-type: list + x-identifiers: + - FirewallArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FirewallArn') as firewall_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkFirewall::Firewall' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FirewallArn') as firewall_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkFirewall::Firewall' + AND region = 'us-east-1' + firewall: + name: firewall + id: aws.networkfirewall.firewall + x-cfn-schema-name: Firewall + x-type: get + x-identifiers: + - FirewallArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FirewallName') as firewall_name, + JSON_EXTRACT(Properties, '$.FirewallArn') as firewall_arn, + JSON_EXTRACT(Properties, '$.FirewallId') as firewall_id, + JSON_EXTRACT(Properties, '$.FirewallPolicyArn') as firewall_policy_arn, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.SubnetMappings') as subnet_mappings, + JSON_EXTRACT(Properties, '$.DeleteProtection') as delete_protection, + JSON_EXTRACT(Properties, '$.SubnetChangeProtection') as subnet_change_protection, + JSON_EXTRACT(Properties, '$.FirewallPolicyChangeProtection') as firewall_policy_change_protection, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EndpointIds') as endpoint_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkFirewall::Firewall' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FirewallName') as firewall_name, + json_extract_path_text(Properties, 'FirewallArn') as firewall_arn, + json_extract_path_text(Properties, 'FirewallId') as firewall_id, + json_extract_path_text(Properties, 'FirewallPolicyArn') as firewall_policy_arn, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'SubnetMappings') as subnet_mappings, + json_extract_path_text(Properties, 'DeleteProtection') as delete_protection, + json_extract_path_text(Properties, 'SubnetChangeProtection') as subnet_change_protection, + json_extract_path_text(Properties, 'FirewallPolicyChangeProtection') as firewall_policy_change_protection, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EndpointIds') as endpoint_ids, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkFirewall::Firewall' + AND data__Identifier = '' + AND region = 'us-east-1' + firewall_policies: + name: firewall_policies + id: aws.networkfirewall.firewall_policies + x-cfn-schema-name: FirewallPolicy + x-type: list + x-identifiers: + - FirewallPolicyArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FirewallPolicyArn') as firewall_policy_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkFirewall::FirewallPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FirewallPolicyArn') as firewall_policy_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkFirewall::FirewallPolicy' + AND region = 'us-east-1' + firewall_policy: + name: firewall_policy + id: aws.networkfirewall.firewall_policy + x-cfn-schema-name: FirewallPolicy + x-type: get + x-identifiers: + - FirewallPolicyArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FirewallPolicyName') as firewall_policy_name, + JSON_EXTRACT(Properties, '$.FirewallPolicyArn') as firewall_policy_arn, + JSON_EXTRACT(Properties, '$.FirewallPolicy') as firewall_policy, + JSON_EXTRACT(Properties, '$.FirewallPolicyId') as firewall_policy_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkFirewall::FirewallPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FirewallPolicyName') as firewall_policy_name, + json_extract_path_text(Properties, 'FirewallPolicyArn') as firewall_policy_arn, + json_extract_path_text(Properties, 'FirewallPolicy') as firewall_policy, + json_extract_path_text(Properties, 'FirewallPolicyId') as firewall_policy_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkFirewall::FirewallPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + logging_configurations: + name: logging_configurations + id: aws.networkfirewall.logging_configurations + x-cfn-schema-name: LoggingConfiguration + x-type: list + x-identifiers: + - FirewallArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FirewallArn') as firewall_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkFirewall::LoggingConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FirewallArn') as firewall_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkFirewall::LoggingConfiguration' + AND region = 'us-east-1' + logging_configuration: + name: logging_configuration + id: aws.networkfirewall.logging_configuration + x-cfn-schema-name: LoggingConfiguration + x-type: get + x-identifiers: + - FirewallArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FirewallName') as firewall_name, + JSON_EXTRACT(Properties, '$.FirewallArn') as firewall_arn, + JSON_EXTRACT(Properties, '$.LoggingConfiguration') as logging_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkFirewall::LoggingConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FirewallName') as firewall_name, + json_extract_path_text(Properties, 'FirewallArn') as firewall_arn, + json_extract_path_text(Properties, 'LoggingConfiguration') as logging_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkFirewall::LoggingConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + rule_groups: + name: rule_groups + id: aws.networkfirewall.rule_groups + x-cfn-schema-name: RuleGroup + x-type: list + x-identifiers: + - RuleGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RuleGroupArn') as rule_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkFirewall::RuleGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RuleGroupArn') as rule_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkFirewall::RuleGroup' + AND region = 'us-east-1' + rule_group: + name: rule_group + id: aws.networkfirewall.rule_group + x-cfn-schema-name: RuleGroup + x-type: get + x-identifiers: + - RuleGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RuleGroupName') as rule_group_name, + JSON_EXTRACT(Properties, '$.RuleGroupArn') as rule_group_arn, + JSON_EXTRACT(Properties, '$.RuleGroupId') as rule_group_id, + JSON_EXTRACT(Properties, '$.RuleGroup') as rule_group, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Capacity') as capacity, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkFirewall::RuleGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RuleGroupName') as rule_group_name, + json_extract_path_text(Properties, 'RuleGroupArn') as rule_group_arn, + json_extract_path_text(Properties, 'RuleGroupId') as rule_group_id, + json_extract_path_text(Properties, 'RuleGroup') as rule_group, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Capacity') as capacity, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkFirewall::RuleGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + tls_inspection_configurations: + name: tls_inspection_configurations + id: aws.networkfirewall.tls_inspection_configurations + x-cfn-schema-name: TLSInspectionConfiguration + x-type: list + x-identifiers: + - TLSInspectionConfigurationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TLSInspectionConfigurationArn') as tls_inspection_configuration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkFirewall::TLSInspectionConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TLSInspectionConfigurationArn') as tls_inspection_configuration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkFirewall::TLSInspectionConfiguration' + AND region = 'us-east-1' + tls_inspection_configuration: + name: tls_inspection_configuration + id: aws.networkfirewall.tls_inspection_configuration + x-cfn-schema-name: TLSInspectionConfiguration + x-type: get + x-identifiers: + - TLSInspectionConfigurationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TLSInspectionConfigurationName') as tls_inspection_configuration_name, + JSON_EXTRACT(Properties, '$.TLSInspectionConfigurationArn') as tls_inspection_configuration_arn, + JSON_EXTRACT(Properties, '$.TLSInspectionConfiguration') as tls_inspection_configuration, + JSON_EXTRACT(Properties, '$.TLSInspectionConfigurationId') as tls_inspection_configuration_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkFirewall::TLSInspectionConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TLSInspectionConfigurationName') as tls_inspection_configuration_name, + json_extract_path_text(Properties, 'TLSInspectionConfigurationArn') as tls_inspection_configuration_arn, + json_extract_path_text(Properties, 'TLSInspectionConfiguration') as tls_inspection_configuration, + json_extract_path_text(Properties, 'TLSInspectionConfigurationId') as tls_inspection_configuration_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkFirewall::TLSInspectionConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/networkmanager.yaml b/providers/src/aws/v00.00.00000/services/networkmanager.yaml new file mode 100644 index 00000000..a3263741 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/networkmanager.yaml @@ -0,0 +1,2439 @@ +openapi: 3.0.0 +info: + title: NetworkManager + version: 1.0.0 +paths: {} +components: + schemas: + ProposedSegmentChange: + description: The attachment to move from one segment to another. + type: object + properties: + Tags: + description: The key-value tags that changed for the segment. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + AttachmentPolicyRuleNumber: + description: The rule number in the policy document that applies to this change. + type: integer + SegmentName: + description: The name of the segment to change. + type: string + additionalProperties: false + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + required: + - Key + - Value + additionalProperties: false + ConnectAttachmentOptions: + description: Connect attachment options for protocol + type: object + properties: + Protocol: + type: string + description: Tunnel protocol for connect attachment + additionalProperties: false + ConnectAttachment: + type: object + properties: + CoreNetworkId: + description: ID of the CoreNetwork that the attachment will be attached to. + type: string + CoreNetworkArn: + description: The ARN of a core network. + type: string + AttachmentId: + description: The ID of the attachment. + type: string + OwnerAccountId: + description: The ID of the attachment account owner. + type: string + AttachmentType: + description: The type of attachment. + type: string + State: + description: State of the attachment. + type: string + EdgeLocation: + description: Edge location of the attachment. + type: string + ResourceArn: + description: The attachment resource ARN. + type: string + AttachmentPolicyRuleNumber: + description: The policy rule number associated with the attachment. + type: integer + SegmentName: + description: The name of the segment attachment. + type: string + ProposedSegmentChange: + description: The attachment to move from one segment to another. + $ref: '#/components/schemas/ProposedSegmentChange' + Tags: + description: Tags for the attachment. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + CreatedAt: + description: Creation time of the attachment. + type: string + UpdatedAt: + description: Last update time of the attachment. + type: string + TransportAttachmentId: + description: Id of transport attachment + type: string + Options: + description: Protocol options for connect attachment + $ref: '#/components/schemas/ConnectAttachmentOptions' + required: + - CoreNetworkId + - EdgeLocation + - TransportAttachmentId + - Options + x-stackql-resource-name: connect_attachment + description: AWS::NetworkManager::ConnectAttachment Resource Type Definition + x-type-name: AWS::NetworkManager::ConnectAttachment + x-stackql-primary-identifier: + - AttachmentId + x-create-only-properties: + - CoreNetworkId + - EdgeLocation + - TransportAttachmentId + - Options + x-read-only-properties: + - CoreNetworkArn + - CreatedAt + - UpdatedAt + - AttachmentType + - State + - ResourceArn + - AttachmentId + - OwnerAccountId + - AttachmentPolicyRuleNumber + - SegmentName + x-required-properties: + - CoreNetworkId + - EdgeLocation + - TransportAttachmentId + - Options + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - networkmanager:GetConnectAttachment + - networkmanager:CreateConnectAttachment + - networkmanager:TagResource + - ec2:DescribeRegions + read: + - networkmanager:GetConnectAttachment + update: + - networkmanager:GetConnectAttachment + - networkmanager:ListTagsForResource + - networkmanager:TagResource + - networkmanager:UntagResource + - ec2:DescribeRegions + delete: + - networkmanager:GetConnectAttachment + - networkmanager:DeleteAttachment + - ec2:DescribeRegions + list: + - networkmanager:ListAttachments + ConnectPeerConfiguration: + type: object + properties: + CoreNetworkAddress: + description: The IP address of a core network. + type: string + PeerAddress: + description: The IP address of the Connect peer. + type: string + InsideCidrBlocks: + description: The inside IP addresses used for a Connect peer configuration. + type: array + x-insertionOrder: false + items: + type: string + Protocol: + $ref: '#/components/schemas/TunnelProtocol' + BgpConfigurations: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ConnectPeerBgpConfiguration' + additionalProperties: false + TunnelProtocol: + description: The protocol used for a Connect peer configuration. + type: string + BgpOptions: + description: Bgp options + type: object + properties: + PeerAsn: + type: number + additionalProperties: false + ConnectPeerBgpConfiguration: + description: Bgp configuration for connect peer + type: object + properties: + CoreNetworkAsn: + description: The ASN of the Coret Network. + type: number + PeerAsn: + description: The ASN of the Connect peer. + type: number + CoreNetworkAddress: + description: The address of a core network. + type: string + PeerAddress: + description: The address of a core network Connect peer. + type: string + additionalProperties: false + ConnectPeer: + type: object + properties: + PeerAddress: + description: The IP address of the Connect peer. + type: string + CoreNetworkAddress: + description: The IP address of a core network. + type: string + BgpOptions: + description: Bgp options for connect peer. + $ref: '#/components/schemas/BgpOptions' + InsideCidrBlocks: + description: The inside IP addresses used for a Connect peer configuration. + type: array + x-insertionOrder: false + items: + type: string + CoreNetworkId: + description: The ID of the core network. + type: string + ConnectAttachmentId: + description: The ID of the attachment to connect. + type: string + ConnectPeerId: + description: The ID of the Connect peer. + type: string + EdgeLocation: + description: The Connect peer Regions where edges are located. + type: string + State: + description: State of the connect peer. + type: string + CreatedAt: + description: Connect peer creation time. + type: string + Configuration: + description: Configuration of the connect peer. + $ref: '#/components/schemas/ConnectPeerConfiguration' + SubnetArn: + description: The subnet ARN for the connect peer. + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - ConnectAttachmentId + - PeerAddress + x-stackql-resource-name: connect_peer + description: AWS::NetworkManager::ConnectPeer Resource Type Definition. + x-type-name: AWS::NetworkManager::ConnectPeer + x-stackql-primary-identifier: + - ConnectPeerId + x-stackql-additional-identifiers: + - - ConnectAttachmentId + - CoreNetworkAddress + - InsideCidrBlocks + x-create-only-properties: + - PeerAddress + - CoreNetworkAddress + - BgpOptions + - InsideCidrBlocks + - ConnectAttachmentId + - SubnetArn + x-write-only-properties: + - CoreNetworkAddress + - BgpOptions + - SubnetArn + x-read-only-properties: + - ConnectPeerId + - State + - CreatedAt + - Configuration + - CoreNetworkId + - EdgeLocation + x-required-properties: + - ConnectAttachmentId + - PeerAddress + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - networkmanager:GetConnectPeer + - networkmanager:CreateConnectPeer + - networkmanager:TagResource + - ec2:DescribeRegions + read: + - networkmanager:GetConnectPeer + update: + - networkmanager:GetConnectPeer + - networkmanager:ListTagsForResource + - networkmanager:TagResource + - networkmanager:UntagResource + - ec2:DescribeRegions + delete: + - networkmanager:GetConnectPeer + - networkmanager:DeleteConnectPeer + - ec2:DescribeRegions + list: + - networkmanager:ListConnectPeers + CoreNetworkSegment: + type: object + properties: + Name: + type: string + description: Name of segment + EdgeLocations: + type: array + x-insertionOrder: false + items: + type: string + description: The Regions where the edges are located. + SharedSegments: + type: array + x-insertionOrder: false + items: + type: string + description: The shared segments of a core network. + additionalProperties: false + CoreNetworkEdge: + type: object + properties: + EdgeLocation: + type: string + description: The Region where a core network edge is located. + Asn: + type: number + description: The ASN of a core network edge. + InsideCidrBlocks: + type: array + x-insertionOrder: false + items: + type: string + description: The inside IP addresses used for core network edges. + additionalProperties: false + CoreNetwork: + type: object + properties: + GlobalNetworkId: + description: The ID of the global network that your core network is a part of. + type: string + CoreNetworkId: + description: The Id of core network + type: string + CoreNetworkArn: + description: The ARN (Amazon resource name) of core network + type: string + PolicyDocument: + description: Live policy document for the core network, you must provide PolicyDocument in Json Format + type: object + Description: + description: The description of core network + type: string + CreatedAt: + description: The creation time of core network + type: string + State: + description: The state of core network + type: string + Segments: + description: The segments within a core network. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/CoreNetworkSegment' + Edges: + description: The edges within a core network. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/CoreNetworkEdge' + OwnerAccount: + description: Owner of the core network + type: string + Tags: + description: The tags for the global network. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - GlobalNetworkId + x-stackql-resource-name: core_network + description: AWS::NetworkManager::CoreNetwork Resource Type Definition. + x-type-name: AWS::NetworkManager::CoreNetwork + x-stackql-primary-identifier: + - CoreNetworkId + x-stackql-additional-identifiers: + - - CoreNetworkArn + - - GlobalNetworkId + x-create-only-properties: + - GlobalNetworkId + x-read-only-properties: + - OwnerAccount + - CoreNetworkId + - CoreNetworkArn + - CreatedAt + - State + - Segments + - Edges + x-required-properties: + - GlobalNetworkId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - networkmanager:CreateCoreNetwork + - networkmanager:GetCoreNetwork + - networkmanager:GetCoreNetworkPolicy + - networkmanager:TagResource + - ec2:DescribeRegions + read: + - networkmanager:GetCoreNetwork + - networkmanager:GetCoreNetworkPolicy + update: + - networkmanager:UpdateCoreNetwork + - networkmanager:GetCoreNetwork + - networkmanager:ListTagsForResource + - networkmanager:PutCoreNetworkPolicy + - networkmanager:GetCoreNetworkPolicy + - networkmanager:ExecuteCoreNetworkChangeSet + - networkmanager:TagResource + - networkmanager:UntagResource + - ec2:DescribeRegions + delete: + - networkmanager:DeleteCoreNetwork + - networkmanager:UntagResource + - networkmanager:GetCoreNetwork + - networkmanager:GetCoreNetworkPolicy + - ec2:DescribeRegions + list: + - networkmanager:ListCoreNetworks + CustomerGatewayAssociation: + type: object + properties: + GlobalNetworkId: + description: The ID of the global network. + type: string + CustomerGatewayArn: + description: The Amazon Resource Name (ARN) of the customer gateway. + type: string + DeviceId: + description: The ID of the device + type: string + LinkId: + description: The ID of the link + type: string + required: + - GlobalNetworkId + - CustomerGatewayArn + - DeviceId + x-stackql-resource-name: customer_gateway_association + description: The AWS::NetworkManager::CustomerGatewayAssociation type associates a customer gateway with a device and optionally, with a link. + x-type-name: AWS::NetworkManager::CustomerGatewayAssociation + x-stackql-primary-identifier: + - GlobalNetworkId + - CustomerGatewayArn + x-create-only-properties: + - GlobalNetworkId + - CustomerGatewayArn + - DeviceId + - LinkId + x-required-properties: + - GlobalNetworkId + - CustomerGatewayArn + - DeviceId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - networkmanager:GetCustomerGatewayAssociations + - networkmanager:AssociateCustomerGateway + read: + - networkmanager:GetCustomerGatewayAssociations + list: + - networkmanager:GetCustomerGatewayAssociations + delete: + - networkmanager:DisassociateCustomerGateway + Location: + description: The location of the site + type: object + properties: + Address: + description: The physical address. + type: string + Latitude: + description: The latitude. + type: string + Longitude: + description: The longitude. + type: string + additionalProperties: false + AWSLocation: + description: The Amazon Web Services location of the device, if applicable. + type: object + properties: + Zone: + description: The Zone that the device is located in. Specify the ID of an Availability Zone, Local Zone, Wavelength Zone, or an Outpost. + type: string + SubnetArn: + description: The Amazon Resource Name (ARN) of the subnet that the device is located in. + type: string + additionalProperties: false + Device: + type: object + properties: + DeviceArn: + description: The Amazon Resource Name (ARN) of the device. + type: string + DeviceId: + description: The ID of the device. + type: string + Description: + description: The description of the device. + type: string + Tags: + description: The tags for the device. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + GlobalNetworkId: + description: The ID of the global network. + type: string + AWSLocation: + description: The Amazon Web Services location of the device, if applicable. + $ref: '#/components/schemas/AWSLocation' + Location: + description: The site location. + $ref: '#/components/schemas/Location' + Model: + description: The device model + type: string + SerialNumber: + description: The device serial number. + type: string + SiteId: + description: The site ID. + type: string + Type: + description: The device type. + type: string + Vendor: + description: The device vendor. + type: string + CreatedAt: + description: The date and time that the device was created. + type: string + State: + description: The state of the device. + type: string + required: + - GlobalNetworkId + x-stackql-resource-name: device + description: The AWS::NetworkManager::Device type describes a device. + x-type-name: AWS::NetworkManager::Device + x-stackql-primary-identifier: + - GlobalNetworkId + - DeviceId + x-stackql-additional-identifiers: + - - DeviceArn + x-create-only-properties: + - GlobalNetworkId + x-read-only-properties: + - DeviceId + - DeviceArn + - State + - CreatedAt + x-required-properties: + - GlobalNetworkId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - networkmanager:CreateDevice + - networkmanager:GetDevices + - networkmanager:TagResource + read: + - networkmanager:GetDevices + update: + - networkmanager:UpdateDevice + - networkmanager:ListTagsForResource + - networkmanager:GetDevices + - networkmanager:TagResource + - networkmanager:UntagResource + delete: + - networkmanager:GetDevices + - networkmanager:DeleteDevice + list: + - networkmanager:GetDevices + GlobalNetwork: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the global network. + type: string + Id: + description: The ID of the global network. + type: string + Description: + description: The description of the global network. + type: string + Tags: + description: The tags for the global network. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + CreatedAt: + description: The date and time that the global network was created. + type: string + State: + description: The state of the global network. + type: string + x-stackql-resource-name: global_network + description: The AWS::NetworkManager::GlobalNetwork type specifies a global network of the user's account + x-type-name: AWS::NetworkManager::GlobalNetwork + x-stackql-primary-identifier: + - Id + x-stackql-additional-identifiers: + - - Arn + x-read-only-properties: + - Id + - Arn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - networkmanager:CreateGlobalNetwork + - networkmanager:DescribeGlobalNetworks + - networkmanager:TagResource + - iam:CreateServiceLinkedRole + read: + - networkmanager:DescribeGlobalNetworks + update: + - networkmanager:UpdateGlobalNetwork + - networkmanager:DescribeGlobalNetworks + - networkmanager:TagResource + - networkmanager:UntagResource + - networkmanager:ListTagsForResource + delete: + - networkmanager:DeleteGlobalNetwork + - networkmanager:DescribeGlobalNetworks + list: + - networkmanager:DescribeGlobalNetworks + Bandwidth: + description: The bandwidth for the link. + type: object + properties: + DownloadSpeed: + description: Download speed in Mbps. + type: integer + UploadSpeed: + description: Upload speed in Mbps. + type: integer + additionalProperties: false + Link: + type: object + properties: + LinkArn: + description: The Amazon Resource Name (ARN) of the link. + type: string + LinkId: + description: The ID of the link. + type: string + GlobalNetworkId: + description: The ID of the global network. + type: string + SiteId: + description: The ID of the site + type: string + Bandwidth: + description: The Bandwidth for the link. + $ref: '#/components/schemas/Bandwidth' + Provider: + description: The provider of the link. + type: string + Description: + description: The description of the link. + type: string + Tags: + description: The tags for the link. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Type: + description: The type of the link. + type: string + CreatedAt: + description: The date and time that the device was created. + type: string + State: + description: The state of the link. + type: string + required: + - GlobalNetworkId + - SiteId + - Bandwidth + x-stackql-resource-name: link + description: The AWS::NetworkManager::Link type describes a link. + x-type-name: AWS::NetworkManager::Link + x-stackql-primary-identifier: + - GlobalNetworkId + - LinkId + x-stackql-additional-identifiers: + - - LinkArn + x-create-only-properties: + - GlobalNetworkId + - SiteId + x-read-only-properties: + - LinkId + - LinkArn + - CreatedAt + - State + x-required-properties: + - GlobalNetworkId + - SiteId + - Bandwidth + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - networkmanager:CreateLink + - networkmanager:GetLinks + - networkmanager:TagResource + read: + - networkmanager:GetLinks + update: + - networkmanager:ListTagsForResource + - networkmanager:TagResource + - networkmanager:GetLinks + - networkmanager:UntagResource + - networkmanager:UpdateLink + delete: + - networkmanager:GetLinks + - networkmanager:DeleteLink + list: + - networkmanager:GetLinks + LinkAssociation: + type: object + properties: + GlobalNetworkId: + description: The ID of the global network. + type: string + DeviceId: + description: The ID of the device + type: string + LinkId: + description: The ID of the link + type: string + required: + - GlobalNetworkId + - DeviceId + - LinkId + x-stackql-resource-name: link_association + description: The AWS::NetworkManager::LinkAssociation type associates a link to a device. The device and link must be in the same global network and the same site. + x-type-name: AWS::NetworkManager::LinkAssociation + x-stackql-primary-identifier: + - GlobalNetworkId + - DeviceId + - LinkId + x-create-only-properties: + - GlobalNetworkId + - DeviceId + - LinkId + x-required-properties: + - GlobalNetworkId + - DeviceId + - LinkId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - networkmanager:GetLinkAssociations + - networkmanager:AssociateLink + read: + - networkmanager:GetLinkAssociations + list: + - networkmanager:GetLinkAssociations + delete: + - networkmanager:DisassociateLink + Site: + type: object + properties: + SiteArn: + description: The Amazon Resource Name (ARN) of the site. + type: string + SiteId: + description: The ID of the site. + type: string + Description: + description: The description of the site. + type: string + Tags: + description: The tags for the site. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + GlobalNetworkId: + description: The ID of the global network. + type: string + Location: + description: The location of the site. + $ref: '#/components/schemas/Location' + CreatedAt: + description: The date and time that the device was created. + type: string + State: + description: The state of the site. + type: string + required: + - GlobalNetworkId + x-stackql-resource-name: site + description: The AWS::NetworkManager::Site type describes a site. + x-type-name: AWS::NetworkManager::Site + x-stackql-primary-identifier: + - GlobalNetworkId + - SiteId + x-stackql-additional-identifiers: + - - SiteArn + x-create-only-properties: + - GlobalNetworkId + x-read-only-properties: + - SiteId + - SiteArn + - State + - CreatedAt + x-required-properties: + - GlobalNetworkId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - networkmanager:CreateSite + - networkmanager:GetSites + - networkmanager:TagResource + read: + - networkmanager:GetSites + update: + - networkmanager:GetSites + - networkmanager:ListTagsForResource + - networkmanager:TagResource + - networkmanager:UntagResource + - networkmanager:UpdateSite + delete: + - networkmanager:GetSites + - networkmanager:DeleteSite + list: + - networkmanager:GetSites + SiteToSiteVpnAttachment: + type: object + properties: + CoreNetworkId: + description: The ID of a core network where you're creating a site-to-site VPN attachment. + type: string + CoreNetworkArn: + description: The ARN of a core network for the VPC attachment. + type: string + AttachmentId: + description: The ID of the attachment. + type: string + OwnerAccountId: + description: Owner account of the attachment. + type: string + AttachmentType: + description: The type of attachment. + type: string + State: + description: The state of the attachment. + type: string + EdgeLocation: + description: The Region where the edge is located. + type: string + ResourceArn: + description: The ARN of the Resource. + type: string + AttachmentPolicyRuleNumber: + description: The policy rule number associated with the attachment. + type: integer + SegmentName: + description: The name of the segment that attachment is in. + type: string + ProposedSegmentChange: + description: The attachment to move from one segment to another. + $ref: '#/components/schemas/ProposedSegmentChange' + Tags: + description: Tags for the attachment. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + CreatedAt: + description: Creation time of the attachment. + type: string + UpdatedAt: + description: Last update time of the attachment. + type: string + VpnConnectionArn: + description: The ARN of the site-to-site VPN attachment. + type: string + required: + - CoreNetworkId + - VpnConnectionArn + x-stackql-resource-name: site_to_site_vpn_attachment + description: AWS::NetworkManager::SiteToSiteVpnAttachment Resource Type definition. + x-type-name: AWS::NetworkManager::SiteToSiteVpnAttachment + x-stackql-primary-identifier: + - AttachmentId + x-stackql-additional-identifiers: + - - CoreNetworkId + - VpnConnectionArn + x-create-only-properties: + - CoreNetworkId + - VpnConnectionArn + x-read-only-properties: + - CoreNetworkArn + - CreatedAt + - UpdatedAt + - AttachmentType + - State + - ResourceArn + - AttachmentId + - OwnerAccountId + - EdgeLocation + - AttachmentPolicyRuleNumber + - SegmentName + x-required-properties: + - CoreNetworkId + - VpnConnectionArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - networkmanager:GetSiteToSiteVpnAttachment + - networkmanager:CreateSiteToSiteVpnAttachment + - ec2:DescribeRegions + - networkmanager:TagResource + read: + - networkmanager:GetSiteToSiteVpnAttachment + update: + - networkmanager:GetSiteToSiteVpnAttachment + - networkmanager:ListTagsForResource + - networkmanager:TagResource + - networkmanager:UntagResource + - ec2:DescribeRegions + delete: + - networkmanager:GetSiteToSiteVpnAttachment + - networkmanager:DeleteAttachment + - ec2:DescribeRegions + list: + - networkmanager:ListAttachments + TransitGatewayPeering: + type: object + properties: + CoreNetworkId: + description: The Id of the core network that you want to peer a transit gateway to. + type: string + CoreNetworkArn: + description: The ARN (Amazon Resource Name) of the core network that you want to peer a transit gateway to. + type: string + TransitGatewayArn: + description: The ARN (Amazon Resource Name) of the transit gateway that you will peer to a core network + type: string + TransitGatewayPeeringAttachmentId: + description: The ID of the TransitGatewayPeeringAttachment + type: string + PeeringId: + description: The Id of the transit gateway peering + type: string + State: + description: The state of the transit gateway peering + type: string + EdgeLocation: + description: The location of the transit gateway peering + type: string + ResourceArn: + description: The ARN (Amazon Resource Name) of the resource that you will peer to a core network + type: string + OwnerAccountId: + description: Peering owner account Id + type: string + PeeringType: + description: Peering type (TransitGatewayPeering) + type: string + CreatedAt: + description: The creation time of the transit gateway peering + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - CoreNetworkId + - TransitGatewayArn + x-stackql-resource-name: transit_gateway_peering + description: AWS::NetworkManager::TransitGatewayPeering Resoruce Type. + x-type-name: AWS::NetworkManager::TransitGatewayPeering + x-stackql-primary-identifier: + - PeeringId + x-create-only-properties: + - CoreNetworkId + - TransitGatewayArn + x-read-only-properties: + - CoreNetworkArn + - PeeringId + - State + - PeeringType + - OwnerAccountId + - EdgeLocation + - ResourceArn + - CreatedAt + - TransitGatewayPeeringAttachmentId + x-required-properties: + - CoreNetworkId + - TransitGatewayArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - networkmanager:CreateTransitGatewayPeering + - networkmanager:TagResource + - networkmanager:GetTransitGatewayPeering + - iam:CreateServiceLinkedRole + - ec2:CreateTransitGatewayPeeringAttachment + - ec2:AcceptTransitGatewayPeeringAttachment + - ec2:DescribeRegions + read: + - networkmanager:GetTransitGatewayPeering + - networkmanager:TagResource + update: + - networkmanager:TagResource + - networkmanager:UntagResource + - networkmanager:ListTagsForResource + - networkmanager:GetTransitGatewayPeering + - ec2:DescribeRegions + delete: + - networkmanager:DeletePeering + - networkmanager:GetTransitGatewayPeering + - ec2:DescribeRegions + list: + - networkmanager:ListPeerings + TransitGatewayRegistration: + type: object + properties: + GlobalNetworkId: + description: The ID of the global network. + type: string + TransitGatewayArn: + description: The Amazon Resource Name (ARN) of the transit gateway. + type: string + required: + - GlobalNetworkId + - TransitGatewayArn + x-stackql-resource-name: transit_gateway_registration + description: The AWS::NetworkManager::TransitGatewayRegistration type registers a transit gateway in your global network. The transit gateway can be in any AWS Region, but it must be owned by the same AWS account that owns the global network. You cannot register a transit gateway in more than one global network. + x-type-name: AWS::NetworkManager::TransitGatewayRegistration + x-stackql-primary-identifier: + - GlobalNetworkId + - TransitGatewayArn + x-create-only-properties: + - GlobalNetworkId + - TransitGatewayArn + x-required-properties: + - GlobalNetworkId + - TransitGatewayArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - networkmanager:RegisterTransitGateway + - networkmanager:GetTransitGatewayRegistrations + read: + - networkmanager:GetTransitGatewayRegistrations + list: + - networkmanager:GetTransitGatewayRegistrations + delete: + - networkmanager:DeregisterTransitGateway + - networkmanager:GetTransitGatewayRegistrations + TransitGatewayRouteTableAttachment: + type: object + properties: + PeeringId: + description: The Id of peering between transit gateway and core network. + type: string + TransitGatewayRouteTableArn: + description: The Arn of transit gateway route table. + type: string + CoreNetworkId: + description: The ID of a core network where you're creating a site-to-site VPN attachment. + type: string + CoreNetworkArn: + description: The ARN of a core network for the VPC attachment. + type: string + AttachmentId: + description: The ID of the attachment. + type: string + OwnerAccountId: + description: Owner account of the attachment. + type: string + AttachmentType: + description: The type of attachment. + type: string + State: + description: The state of the attachment. + type: string + EdgeLocation: + description: The Region where the edge is located. + type: string + ResourceArn: + description: The ARN of the Resource. + type: string + AttachmentPolicyRuleNumber: + description: The policy rule number associated with the attachment. + type: integer + SegmentName: + description: The name of the segment that attachment is in. + type: string + ProposedSegmentChange: + description: The attachment to move from one segment to another. + $ref: '#/components/schemas/ProposedSegmentChange' + CreatedAt: + description: Creation time of the attachment. + type: string + UpdatedAt: + description: Last update time of the attachment. + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - PeeringId + - TransitGatewayRouteTableArn + x-stackql-resource-name: transit_gateway_route_table_attachment + description: AWS::NetworkManager::TransitGatewayRouteTableAttachment Resource Type definition. + x-type-name: AWS::NetworkManager::TransitGatewayRouteTableAttachment + x-stackql-primary-identifier: + - AttachmentId + x-create-only-properties: + - PeeringId + - TransitGatewayRouteTableArn + x-read-only-properties: + - CoreNetworkArn + - CoreNetworkId + - CreatedAt + - UpdatedAt + - AttachmentType + - State + - ResourceArn + - AttachmentId + - OwnerAccountId + - EdgeLocation + - AttachmentPolicyRuleNumber + - SegmentName + x-required-properties: + - PeeringId + - TransitGatewayRouteTableArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - networkmanager:CreateTransitGatewayRouteTableAttachment + - networkmanager:GetTransitGatewayRouteTableAttachment + - networkmanager:TagResource + - iam:CreateServiceLinkedRole + - ec2:DescribeRegions + read: + - networkmanager:GetTransitGatewayRouteTableAttachment + update: + - networkmanager:GetTransitGatewayRouteTableAttachment + - networkmanager:ListTagsForResource + - networkmanager:TagResource + - networkmanager:UntagResource + - ec2:DescribeRegions + delete: + - networkmanager:GetTransitGatewayRouteTableAttachment + - networkmanager:DeleteAttachment + - ec2:DescribeRegions + list: + - networkmanager:ListAttachments + VpcOptions: + description: Vpc options of the attachment. + type: object + properties: + Ipv6Support: + description: 'Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable' + type: boolean + default: false + ApplianceModeSupport: + description: 'Indicates whether to enable ApplianceModeSupport Support for Vpc Attachment. Valid Values: true | false' + type: boolean + default: false + additionalProperties: false + VpcAttachment: + type: object + properties: + CoreNetworkId: + description: The ID of a core network for the VPC attachment. + type: string + CoreNetworkArn: + description: The ARN of a core network for the VPC attachment. + type: string + AttachmentId: + description: Id of the attachment. + type: string + OwnerAccountId: + description: Owner account of the attachment. + type: string + AttachmentType: + description: Attachment type. + type: string + State: + description: State of the attachment. + type: string + EdgeLocation: + description: The Region where the edge is located. + type: string + VpcArn: + description: The ARN of the VPC. + type: string + ResourceArn: + description: The ARN of the Resource. + type: string + AttachmentPolicyRuleNumber: + description: The policy rule number associated with the attachment. + type: integer + SegmentName: + description: The name of the segment attachment.. + type: string + ProposedSegmentChange: + description: The attachment to move from one segment to another. + $ref: '#/components/schemas/ProposedSegmentChange' + Tags: + description: Tags for the attachment. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + CreatedAt: + description: Creation time of the attachment. + type: string + UpdatedAt: + description: Last update time of the attachment. + type: string + SubnetArns: + description: Subnet Arn list + type: array + x-insertionOrder: false + items: + type: string + Options: + description: Vpc options of the attachment. + $ref: '#/components/schemas/VpcOptions' + required: + - CoreNetworkId + - VpcArn + - SubnetArns + x-stackql-resource-name: vpc_attachment + description: AWS::NetworkManager::VpcAttachment Resoruce Type + x-type-name: AWS::NetworkManager::VpcAttachment + x-stackql-primary-identifier: + - AttachmentId + x-stackql-additional-identifiers: + - - CoreNetworkId + - VpcArn + x-create-only-properties: + - CoreNetworkId + - VpcArn + x-read-only-properties: + - CoreNetworkArn + - CreatedAt + - UpdatedAt + - AttachmentType + - State + - AttachmentId + - OwnerAccountId + - EdgeLocation + - AttachmentPolicyRuleNumber + - SegmentName + - ResourceArn + x-required-properties: + - CoreNetworkId + - VpcArn + - SubnetArns + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - networkmanager:CreateVpcAttachment + - networkmanager:GetVpcAttachment + - networkmanager:TagResource + - ec2:DescribeRegions + - iam:CreateServiceLinkedRole + read: + - networkmanager:GetVpcAttachment + update: + - networkmanager:UpdateVpcAttachment + - networkmanager:GetVpcAttachment + - networkmanager:ListTagsForResource + - networkmanager:TagResource + - networkmanager:UntagResource + - ec2:DescribeRegions + delete: + - networkmanager:DeleteAttachment + - networkmanager:GetVpcAttachment + - networkmanager:UntagResource + - ec2:DescribeRegions + list: + - networkmanager:ListAttachments + x-stackQL-resources: + connect_attachments: + name: connect_attachments + id: aws.networkmanager.connect_attachments + x-cfn-schema-name: ConnectAttachment + x-type: list + x-identifiers: + - AttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AttachmentId') as attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::ConnectAttachment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AttachmentId') as attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::ConnectAttachment' + AND region = 'us-east-1' + connect_attachment: + name: connect_attachment + id: aws.networkmanager.connect_attachment + x-cfn-schema-name: ConnectAttachment + x-type: get + x-identifiers: + - AttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CoreNetworkId') as core_network_id, + JSON_EXTRACT(Properties, '$.CoreNetworkArn') as core_network_arn, + JSON_EXTRACT(Properties, '$.AttachmentId') as attachment_id, + JSON_EXTRACT(Properties, '$.OwnerAccountId') as owner_account_id, + JSON_EXTRACT(Properties, '$.AttachmentType') as attachment_type, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.EdgeLocation') as edge_location, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, + JSON_EXTRACT(Properties, '$.SegmentName') as segment_name, + JSON_EXTRACT(Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.TransportAttachmentId') as transport_attachment_id, + JSON_EXTRACT(Properties, '$.Options') as options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::ConnectAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CoreNetworkId') as core_network_id, + json_extract_path_text(Properties, 'CoreNetworkArn') as core_network_arn, + json_extract_path_text(Properties, 'AttachmentId') as attachment_id, + json_extract_path_text(Properties, 'OwnerAccountId') as owner_account_id, + json_extract_path_text(Properties, 'AttachmentType') as attachment_type, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'EdgeLocation') as edge_location, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, + json_extract_path_text(Properties, 'SegmentName') as segment_name, + json_extract_path_text(Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'TransportAttachmentId') as transport_attachment_id, + json_extract_path_text(Properties, 'Options') as options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::ConnectAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + connect_peers: + name: connect_peers + id: aws.networkmanager.connect_peers + x-cfn-schema-name: ConnectPeer + x-type: list + x-identifiers: + - ConnectPeerId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConnectPeerId') as connect_peer_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::ConnectPeer' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConnectPeerId') as connect_peer_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::ConnectPeer' + AND region = 'us-east-1' + connect_peer: + name: connect_peer + id: aws.networkmanager.connect_peer + x-cfn-schema-name: ConnectPeer + x-type: get + x-identifiers: + - ConnectPeerId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PeerAddress') as peer_address, + JSON_EXTRACT(Properties, '$.CoreNetworkAddress') as core_network_address, + JSON_EXTRACT(Properties, '$.BgpOptions') as bgp_options, + JSON_EXTRACT(Properties, '$.InsideCidrBlocks') as inside_cidr_blocks, + JSON_EXTRACT(Properties, '$.CoreNetworkId') as core_network_id, + JSON_EXTRACT(Properties, '$.ConnectAttachmentId') as connect_attachment_id, + JSON_EXTRACT(Properties, '$.ConnectPeerId') as connect_peer_id, + JSON_EXTRACT(Properties, '$.EdgeLocation') as edge_location, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Configuration') as configuration, + JSON_EXTRACT(Properties, '$.SubnetArn') as subnet_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::ConnectPeer' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PeerAddress') as peer_address, + json_extract_path_text(Properties, 'CoreNetworkAddress') as core_network_address, + json_extract_path_text(Properties, 'BgpOptions') as bgp_options, + json_extract_path_text(Properties, 'InsideCidrBlocks') as inside_cidr_blocks, + json_extract_path_text(Properties, 'CoreNetworkId') as core_network_id, + json_extract_path_text(Properties, 'ConnectAttachmentId') as connect_attachment_id, + json_extract_path_text(Properties, 'ConnectPeerId') as connect_peer_id, + json_extract_path_text(Properties, 'EdgeLocation') as edge_location, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Configuration') as configuration, + json_extract_path_text(Properties, 'SubnetArn') as subnet_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::ConnectPeer' + AND data__Identifier = '' + AND region = 'us-east-1' + core_networks: + name: core_networks + id: aws.networkmanager.core_networks + x-cfn-schema-name: CoreNetwork + x-type: list + x-identifiers: + - CoreNetworkId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CoreNetworkId') as core_network_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::CoreNetwork' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CoreNetworkId') as core_network_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::CoreNetwork' + AND region = 'us-east-1' + core_network: + name: core_network + id: aws.networkmanager.core_network + x-cfn-schema-name: CoreNetwork + x-type: get + x-identifiers: + - CoreNetworkId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.GlobalNetworkId') as global_network_id, + JSON_EXTRACT(Properties, '$.CoreNetworkId') as core_network_id, + JSON_EXTRACT(Properties, '$.CoreNetworkArn') as core_network_arn, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Segments') as segments, + JSON_EXTRACT(Properties, '$.Edges') as edges, + JSON_EXTRACT(Properties, '$.OwnerAccount') as owner_account, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::CoreNetwork' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'GlobalNetworkId') as global_network_id, + json_extract_path_text(Properties, 'CoreNetworkId') as core_network_id, + json_extract_path_text(Properties, 'CoreNetworkArn') as core_network_arn, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Segments') as segments, + json_extract_path_text(Properties, 'Edges') as edges, + json_extract_path_text(Properties, 'OwnerAccount') as owner_account, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::CoreNetwork' + AND data__Identifier = '' + AND region = 'us-east-1' + customer_gateway_associations: + name: customer_gateway_associations + id: aws.networkmanager.customer_gateway_associations + x-cfn-schema-name: CustomerGatewayAssociation + x-type: list + x-identifiers: + - GlobalNetworkId + - CustomerGatewayArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GlobalNetworkId') as global_network_id, + JSON_EXTRACT(Properties, '$.CustomerGatewayArn') as customer_gateway_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::CustomerGatewayAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GlobalNetworkId') as global_network_id, + json_extract_path_text(Properties, 'CustomerGatewayArn') as customer_gateway_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::CustomerGatewayAssociation' + AND region = 'us-east-1' + customer_gateway_association: + name: customer_gateway_association + id: aws.networkmanager.customer_gateway_association + x-cfn-schema-name: CustomerGatewayAssociation + x-type: get + x-identifiers: + - GlobalNetworkId + - CustomerGatewayArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.GlobalNetworkId') as global_network_id, + JSON_EXTRACT(Properties, '$.CustomerGatewayArn') as customer_gateway_arn, + JSON_EXTRACT(Properties, '$.DeviceId') as device_id, + JSON_EXTRACT(Properties, '$.LinkId') as link_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::CustomerGatewayAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'GlobalNetworkId') as global_network_id, + json_extract_path_text(Properties, 'CustomerGatewayArn') as customer_gateway_arn, + json_extract_path_text(Properties, 'DeviceId') as device_id, + json_extract_path_text(Properties, 'LinkId') as link_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::CustomerGatewayAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + devices: + name: devices + id: aws.networkmanager.devices + x-cfn-schema-name: Device + x-type: list + x-identifiers: + - GlobalNetworkId + - DeviceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GlobalNetworkId') as global_network_id, + JSON_EXTRACT(Properties, '$.DeviceId') as device_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::Device' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GlobalNetworkId') as global_network_id, + json_extract_path_text(Properties, 'DeviceId') as device_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::Device' + AND region = 'us-east-1' + device: + name: device + id: aws.networkmanager.device + x-cfn-schema-name: Device + x-type: get + x-identifiers: + - GlobalNetworkId + - DeviceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DeviceArn') as device_arn, + JSON_EXTRACT(Properties, '$.DeviceId') as device_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.GlobalNetworkId') as global_network_id, + JSON_EXTRACT(Properties, '$.AWSLocation') as aws_location, + JSON_EXTRACT(Properties, '$.Location') as location, + JSON_EXTRACT(Properties, '$.Model') as model, + JSON_EXTRACT(Properties, '$.SerialNumber') as serial_number, + JSON_EXTRACT(Properties, '$.SiteId') as site_id, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Vendor') as vendor, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.State') as state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::Device' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DeviceArn') as device_arn, + json_extract_path_text(Properties, 'DeviceId') as device_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'GlobalNetworkId') as global_network_id, + json_extract_path_text(Properties, 'AWSLocation') as aws_location, + json_extract_path_text(Properties, 'Location') as location, + json_extract_path_text(Properties, 'Model') as model, + json_extract_path_text(Properties, 'SerialNumber') as serial_number, + json_extract_path_text(Properties, 'SiteId') as site_id, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Vendor') as vendor, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'State') as state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::Device' + AND data__Identifier = '|' + AND region = 'us-east-1' + global_networks: + name: global_networks + id: aws.networkmanager.global_networks + x-cfn-schema-name: GlobalNetwork + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::GlobalNetwork' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::GlobalNetwork' + AND region = 'us-east-1' + global_network: + name: global_network + id: aws.networkmanager.global_network + x-cfn-schema-name: GlobalNetwork + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.State') as state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::GlobalNetwork' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'State') as state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::GlobalNetwork' + AND data__Identifier = '' + AND region = 'us-east-1' + links: + name: links + id: aws.networkmanager.links + x-cfn-schema-name: Link + x-type: list + x-identifiers: + - GlobalNetworkId + - LinkId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GlobalNetworkId') as global_network_id, + JSON_EXTRACT(Properties, '$.LinkId') as link_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::Link' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GlobalNetworkId') as global_network_id, + json_extract_path_text(Properties, 'LinkId') as link_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::Link' + AND region = 'us-east-1' + link: + name: link + id: aws.networkmanager.link + x-cfn-schema-name: Link + x-type: get + x-identifiers: + - GlobalNetworkId + - LinkId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LinkArn') as link_arn, + JSON_EXTRACT(Properties, '$.LinkId') as link_id, + JSON_EXTRACT(Properties, '$.GlobalNetworkId') as global_network_id, + JSON_EXTRACT(Properties, '$.SiteId') as site_id, + JSON_EXTRACT(Properties, '$.Bandwidth') as bandwidth, + JSON_EXTRACT(Properties, '$.Provider') as provider, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.State') as state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::Link' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LinkArn') as link_arn, + json_extract_path_text(Properties, 'LinkId') as link_id, + json_extract_path_text(Properties, 'GlobalNetworkId') as global_network_id, + json_extract_path_text(Properties, 'SiteId') as site_id, + json_extract_path_text(Properties, 'Bandwidth') as bandwidth, + json_extract_path_text(Properties, 'Provider') as provider, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'State') as state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::Link' + AND data__Identifier = '|' + AND region = 'us-east-1' + link_associations: + name: link_associations + id: aws.networkmanager.link_associations + x-cfn-schema-name: LinkAssociation + x-type: list + x-identifiers: + - GlobalNetworkId + - DeviceId + - LinkId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GlobalNetworkId') as global_network_id, + JSON_EXTRACT(Properties, '$.DeviceId') as device_id, + JSON_EXTRACT(Properties, '$.LinkId') as link_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::LinkAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GlobalNetworkId') as global_network_id, + json_extract_path_text(Properties, 'DeviceId') as device_id, + json_extract_path_text(Properties, 'LinkId') as link_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::LinkAssociation' + AND region = 'us-east-1' + link_association: + name: link_association + id: aws.networkmanager.link_association + x-cfn-schema-name: LinkAssociation + x-type: get + x-identifiers: + - GlobalNetworkId + - DeviceId + - LinkId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.GlobalNetworkId') as global_network_id, + JSON_EXTRACT(Properties, '$.DeviceId') as device_id, + JSON_EXTRACT(Properties, '$.LinkId') as link_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::LinkAssociation' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'GlobalNetworkId') as global_network_id, + json_extract_path_text(Properties, 'DeviceId') as device_id, + json_extract_path_text(Properties, 'LinkId') as link_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::LinkAssociation' + AND data__Identifier = '||' + AND region = 'us-east-1' + sites: + name: sites + id: aws.networkmanager.sites + x-cfn-schema-name: Site + x-type: list + x-identifiers: + - GlobalNetworkId + - SiteId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GlobalNetworkId') as global_network_id, + JSON_EXTRACT(Properties, '$.SiteId') as site_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::Site' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GlobalNetworkId') as global_network_id, + json_extract_path_text(Properties, 'SiteId') as site_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::Site' + AND region = 'us-east-1' + site: + name: site + id: aws.networkmanager.site + x-cfn-schema-name: Site + x-type: get + x-identifiers: + - GlobalNetworkId + - SiteId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SiteArn') as site_arn, + JSON_EXTRACT(Properties, '$.SiteId') as site_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.GlobalNetworkId') as global_network_id, + JSON_EXTRACT(Properties, '$.Location') as location, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.State') as state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::Site' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SiteArn') as site_arn, + json_extract_path_text(Properties, 'SiteId') as site_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'GlobalNetworkId') as global_network_id, + json_extract_path_text(Properties, 'Location') as location, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'State') as state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::Site' + AND data__Identifier = '|' + AND region = 'us-east-1' + site_to_site_vpn_attachments: + name: site_to_site_vpn_attachments + id: aws.networkmanager.site_to_site_vpn_attachments + x-cfn-schema-name: SiteToSiteVpnAttachment + x-type: list + x-identifiers: + - AttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AttachmentId') as attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::SiteToSiteVpnAttachment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AttachmentId') as attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::SiteToSiteVpnAttachment' + AND region = 'us-east-1' + site_to_site_vpn_attachment: + name: site_to_site_vpn_attachment + id: aws.networkmanager.site_to_site_vpn_attachment + x-cfn-schema-name: SiteToSiteVpnAttachment + x-type: get + x-identifiers: + - AttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CoreNetworkId') as core_network_id, + JSON_EXTRACT(Properties, '$.CoreNetworkArn') as core_network_arn, + JSON_EXTRACT(Properties, '$.AttachmentId') as attachment_id, + JSON_EXTRACT(Properties, '$.OwnerAccountId') as owner_account_id, + JSON_EXTRACT(Properties, '$.AttachmentType') as attachment_type, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.EdgeLocation') as edge_location, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, + JSON_EXTRACT(Properties, '$.SegmentName') as segment_name, + JSON_EXTRACT(Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.VpnConnectionArn') as vpn_connection_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::SiteToSiteVpnAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CoreNetworkId') as core_network_id, + json_extract_path_text(Properties, 'CoreNetworkArn') as core_network_arn, + json_extract_path_text(Properties, 'AttachmentId') as attachment_id, + json_extract_path_text(Properties, 'OwnerAccountId') as owner_account_id, + json_extract_path_text(Properties, 'AttachmentType') as attachment_type, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'EdgeLocation') as edge_location, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, + json_extract_path_text(Properties, 'SegmentName') as segment_name, + json_extract_path_text(Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'VpnConnectionArn') as vpn_connection_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::SiteToSiteVpnAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + transit_gateway_peerings: + name: transit_gateway_peerings + id: aws.networkmanager.transit_gateway_peerings + x-cfn-schema-name: TransitGatewayPeering + x-type: list + x-identifiers: + - PeeringId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PeeringId') as peering_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::TransitGatewayPeering' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PeeringId') as peering_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::TransitGatewayPeering' + AND region = 'us-east-1' + transit_gateway_peering: + name: transit_gateway_peering + id: aws.networkmanager.transit_gateway_peering + x-cfn-schema-name: TransitGatewayPeering + x-type: get + x-identifiers: + - PeeringId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CoreNetworkId') as core_network_id, + JSON_EXTRACT(Properties, '$.CoreNetworkArn') as core_network_arn, + JSON_EXTRACT(Properties, '$.TransitGatewayArn') as transit_gateway_arn, + JSON_EXTRACT(Properties, '$.TransitGatewayPeeringAttachmentId') as transit_gateway_peering_attachment_id, + JSON_EXTRACT(Properties, '$.PeeringId') as peering_id, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.EdgeLocation') as edge_location, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.OwnerAccountId') as owner_account_id, + JSON_EXTRACT(Properties, '$.PeeringType') as peering_type, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::TransitGatewayPeering' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CoreNetworkId') as core_network_id, + json_extract_path_text(Properties, 'CoreNetworkArn') as core_network_arn, + json_extract_path_text(Properties, 'TransitGatewayArn') as transit_gateway_arn, + json_extract_path_text(Properties, 'TransitGatewayPeeringAttachmentId') as transit_gateway_peering_attachment_id, + json_extract_path_text(Properties, 'PeeringId') as peering_id, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'EdgeLocation') as edge_location, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'OwnerAccountId') as owner_account_id, + json_extract_path_text(Properties, 'PeeringType') as peering_type, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::TransitGatewayPeering' + AND data__Identifier = '' + AND region = 'us-east-1' + transit_gateway_registrations: + name: transit_gateway_registrations + id: aws.networkmanager.transit_gateway_registrations + x-cfn-schema-name: TransitGatewayRegistration + x-type: list + x-identifiers: + - GlobalNetworkId + - TransitGatewayArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GlobalNetworkId') as global_network_id, + JSON_EXTRACT(Properties, '$.TransitGatewayArn') as transit_gateway_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::TransitGatewayRegistration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GlobalNetworkId') as global_network_id, + json_extract_path_text(Properties, 'TransitGatewayArn') as transit_gateway_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::TransitGatewayRegistration' + AND region = 'us-east-1' + transit_gateway_registration: + name: transit_gateway_registration + id: aws.networkmanager.transit_gateway_registration + x-cfn-schema-name: TransitGatewayRegistration + x-type: get + x-identifiers: + - GlobalNetworkId + - TransitGatewayArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.GlobalNetworkId') as global_network_id, + JSON_EXTRACT(Properties, '$.TransitGatewayArn') as transit_gateway_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::TransitGatewayRegistration' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'GlobalNetworkId') as global_network_id, + json_extract_path_text(Properties, 'TransitGatewayArn') as transit_gateway_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::TransitGatewayRegistration' + AND data__Identifier = '|' + AND region = 'us-east-1' + transit_gateway_route_table_attachments: + name: transit_gateway_route_table_attachments + id: aws.networkmanager.transit_gateway_route_table_attachments + x-cfn-schema-name: TransitGatewayRouteTableAttachment + x-type: list + x-identifiers: + - AttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AttachmentId') as attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::TransitGatewayRouteTableAttachment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AttachmentId') as attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::TransitGatewayRouteTableAttachment' + AND region = 'us-east-1' + transit_gateway_route_table_attachment: + name: transit_gateway_route_table_attachment + id: aws.networkmanager.transit_gateway_route_table_attachment + x-cfn-schema-name: TransitGatewayRouteTableAttachment + x-type: get + x-identifiers: + - AttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PeeringId') as peering_id, + JSON_EXTRACT(Properties, '$.TransitGatewayRouteTableArn') as transit_gateway_route_table_arn, + JSON_EXTRACT(Properties, '$.CoreNetworkId') as core_network_id, + JSON_EXTRACT(Properties, '$.CoreNetworkArn') as core_network_arn, + JSON_EXTRACT(Properties, '$.AttachmentId') as attachment_id, + JSON_EXTRACT(Properties, '$.OwnerAccountId') as owner_account_id, + JSON_EXTRACT(Properties, '$.AttachmentType') as attachment_type, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.EdgeLocation') as edge_location, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, + JSON_EXTRACT(Properties, '$.SegmentName') as segment_name, + JSON_EXTRACT(Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::TransitGatewayRouteTableAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PeeringId') as peering_id, + json_extract_path_text(Properties, 'TransitGatewayRouteTableArn') as transit_gateway_route_table_arn, + json_extract_path_text(Properties, 'CoreNetworkId') as core_network_id, + json_extract_path_text(Properties, 'CoreNetworkArn') as core_network_arn, + json_extract_path_text(Properties, 'AttachmentId') as attachment_id, + json_extract_path_text(Properties, 'OwnerAccountId') as owner_account_id, + json_extract_path_text(Properties, 'AttachmentType') as attachment_type, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'EdgeLocation') as edge_location, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, + json_extract_path_text(Properties, 'SegmentName') as segment_name, + json_extract_path_text(Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::TransitGatewayRouteTableAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + vpc_attachments: + name: vpc_attachments + id: aws.networkmanager.vpc_attachments + x-cfn-schema-name: VpcAttachment + x-type: list + x-identifiers: + - AttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AttachmentId') as attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::VpcAttachment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AttachmentId') as attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::VpcAttachment' + AND region = 'us-east-1' + vpc_attachment: + name: vpc_attachment + id: aws.networkmanager.vpc_attachment + x-cfn-schema-name: VpcAttachment + x-type: get + x-identifiers: + - AttachmentId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CoreNetworkId') as core_network_id, + JSON_EXTRACT(Properties, '$.CoreNetworkArn') as core_network_arn, + JSON_EXTRACT(Properties, '$.AttachmentId') as attachment_id, + JSON_EXTRACT(Properties, '$.OwnerAccountId') as owner_account_id, + JSON_EXTRACT(Properties, '$.AttachmentType') as attachment_type, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.EdgeLocation') as edge_location, + JSON_EXTRACT(Properties, '$.VpcArn') as vpc_arn, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, + JSON_EXTRACT(Properties, '$.SegmentName') as segment_name, + JSON_EXTRACT(Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.SubnetArns') as subnet_arns, + JSON_EXTRACT(Properties, '$.Options') as options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::VpcAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CoreNetworkId') as core_network_id, + json_extract_path_text(Properties, 'CoreNetworkArn') as core_network_arn, + json_extract_path_text(Properties, 'AttachmentId') as attachment_id, + json_extract_path_text(Properties, 'OwnerAccountId') as owner_account_id, + json_extract_path_text(Properties, 'AttachmentType') as attachment_type, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'EdgeLocation') as edge_location, + json_extract_path_text(Properties, 'VpcArn') as vpc_arn, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, + json_extract_path_text(Properties, 'SegmentName') as segment_name, + json_extract_path_text(Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'SubnetArns') as subnet_arns, + json_extract_path_text(Properties, 'Options') as options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::VpcAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/nimblestudio.yaml b/providers/src/aws/v00.00.00000/services/nimblestudio.yaml new file mode 100644 index 00000000..ce1923ca --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/nimblestudio.yaml @@ -0,0 +1,1157 @@ +openapi: 3.0.0 +info: + title: NimbleStudio + version: 1.0.0 +paths: {} +components: + schemas: + AutomaticTerminationMode: + type: string + enum: + - DEACTIVATED + - ACTIVATED + SessionBackupMode: + type: string + enum: + - AUTOMATIC + - DEACTIVATED + SessionPersistenceMode: + type: string + enum: + - DEACTIVATED + - ACTIVATED + StreamConfiguration: + type: object + description:

A configuration for a streaming session.

+ properties: + ClipboardMode: + $ref: '#/components/schemas/StreamingClipboardMode' + Ec2InstanceTypes: + type: array + items: + $ref: '#/components/schemas/StreamingInstanceType' + maxItems: 30 + minItems: 1 + description: |- +

The EC2 instance types that users can select from when launching a streaming session + with this launch profile.

+ MaxSessionLengthInMinutes: + type: number + default: 690 + maximum: 43200 + minimum: 1 + description: |- +

The length of time, in minutes, that a streaming session can be active before it is + stopped or terminated. After this point, Nimble Studio automatically terminates or + stops the session. The default length of time is 690 minutes, and the maximum length of + time is 30 days.

+ StreamingImageIds: + type: array + items: + type: string + maxLength: 22 + minLength: 0 + pattern: ^[a-zA-Z0-9-_]*$ + maxItems: 20 + minItems: 1 + description: |- +

The streaming images that users can select from when launching a streaming session + with this launch profile.

+ MaxStoppedSessionLengthInMinutes: + type: number + default: 0 + maximum: 5760 + minimum: 0 + description: |- +

Integer that determines if you can start and stop your sessions and how long a session + can stay in the STOPPED state. The default value is 0. The maximum value is + 5760.

+

This field is allowed only when sessionPersistenceMode is + ACTIVATED and automaticTerminationMode is + ACTIVATED.

+

If the value is set to 0, your sessions can’t be STOPPED. If you then + call StopStreamingSession, the session fails. If the time that a session + stays in the READY state exceeds the maxSessionLengthInMinutes + value, the session will automatically be terminated (instead of + STOPPED).

+

If the value is set to a positive number, the session can be stopped. You can call + StopStreamingSession to stop sessions in the READY state. + If the time that a session stays in the READY state exceeds the + maxSessionLengthInMinutes value, the session will automatically be + stopped (instead of terminated).

+ SessionStorage: + $ref: '#/components/schemas/StreamConfigurationSessionStorage' + SessionBackup: + $ref: '#/components/schemas/StreamConfigurationSessionBackup' + SessionPersistenceMode: + $ref: '#/components/schemas/SessionPersistenceMode' + VolumeConfiguration: + $ref: '#/components/schemas/VolumeConfiguration' + AutomaticTerminationMode: + $ref: '#/components/schemas/AutomaticTerminationMode' + required: + - ClipboardMode + - Ec2InstanceTypes + - StreamingImageIds + additionalProperties: false + StreamConfigurationSessionBackup: + type: object + description: |- +

Configures how streaming sessions are backed up when launched from this launch + profile.

+ properties: + Mode: + $ref: '#/components/schemas/SessionBackupMode' + MaxBackupsToRetain: + type: number + default: 0 + maximum: 10 + minimum: 0 + description: |- +

The maximum number of backups that each streaming session created from this launch + profile can have.

+ additionalProperties: false + StreamConfigurationSessionStorage: + type: object + description:

The configuration for a streaming session’s upload storage.

+ properties: + Root: + $ref: '#/components/schemas/StreamingSessionStorageRoot' + Mode: + type: array + items: + $ref: '#/components/schemas/StreamingSessionStorageMode' + minItems: 1 + description: |- +

Allows artists to upload files to their workstations. The only valid option is + UPLOAD.

+ required: + - Mode + additionalProperties: false + StreamingClipboardMode: + type: string + enum: + - ENABLED + - DISABLED + StreamingInstanceType: + type: string + enum: + - g4dn.xlarge + - g4dn.2xlarge + - g4dn.4xlarge + - g4dn.8xlarge + - g4dn.12xlarge + - g4dn.16xlarge + - g3.4xlarge + - g3s.xlarge + - g5.xlarge + - g5.2xlarge + - g5.4xlarge + - g5.8xlarge + - g5.16xlarge + StreamingSessionStorageMode: + type: string + enum: + - UPLOAD + StreamingSessionStorageRoot: + type: object + description: |- +

The upload storage root location (folder) on streaming workstations where files are + uploaded.

+ properties: + Linux: + type: string + maxLength: 128 + minLength: 1 + pattern: ^(\$HOME|/)[/]?([A-Za-z0-9-_]+/)*([A-Za-z0-9_-]+)$ + description:

The folder path in Linux workstations where files are uploaded.

+ Windows: + type: string + maxLength: 128 + minLength: 1 + pattern: ^((\%HOMEPATH\%)|[a-zA-Z]:)[\\/](?:[a-zA-Z0-9_-]+[\\/])*[a-zA-Z0-9_-]+$ + description:

The folder path in Windows workstations where files are uploaded.

+ additionalProperties: false + Tags: + type: object + x-patternProperties: + .+: + type: string + additionalProperties: false + VolumeConfiguration: + type: object + description: |- +

Custom volume configuration for the root volumes that are attached to streaming + sessions.

+

This parameter is only allowed when sessionPersistenceMode is + ACTIVATED.

+ properties: + Size: + type: number + default: 500 + maximum: 16000 + minimum: 100 + description: |- +

The size of the root volume that is attached to the streaming session. The root volume + size is measured in GiBs.

+ Throughput: + type: number + default: 125 + maximum: 1000 + minimum: 125 + description: |- +

The throughput to provision for the root volume that is attached to the streaming + session. The throughput is measured in MiB/s.

+ Iops: + type: number + default: 3000 + maximum: 16000 + minimum: 3000 + description: |- +

The number of I/O operations per second for the root volume that is attached to + streaming session.

+ additionalProperties: false + LaunchProfile: + type: object + properties: + Description: + type: string + maxLength: 256 + minLength: 0 + description:

The description.

+ Ec2SubnetIds: + type: array + items: + type: string + maxItems: 6 + minItems: 0 + description: |- +

Specifies the IDs of the EC2 subnets where streaming sessions will be accessible from. + These subnets must support the specified instance types.

+ LaunchProfileId: + type: string + LaunchProfileProtocolVersions: + type: array + items: + type: string + maxLength: 10 + minLength: 0 + pattern: ^2021\-03\-31$ + description: |- +

The version number of the protocol that is used by the launch profile. The only valid + version is "2021-03-31".

+ description: |- +

The version number of the protocol that is used by the launch profile. The only valid + version is "2021-03-31".

+ Name: + type: string + maxLength: 64 + minLength: 1 + description:

The name for the launch profile.

+ StreamConfiguration: + $ref: '#/components/schemas/StreamConfiguration' + StudioComponentIds: + type: array + items: + type: string + maxItems: 100 + minItems: 1 + description: |- +

Unique identifiers for a collection of studio components that can be used with this + launch profile.

+ StudioId: + type: string + description:

The studio ID.

+ Tags: + $ref: '#/components/schemas/Tags' + required: + - StudioId + - Name + - StudioComponentIds + - Ec2SubnetIds + - StreamConfiguration + - LaunchProfileProtocolVersions + x-stackql-resource-name: launch_profile + description: Represents a launch profile which delegates access to a collection of studio components to studio users + x-type-name: AWS::NimbleStudio::LaunchProfile + x-stackql-primary-identifier: + - LaunchProfileId + - StudioId + x-create-only-properties: + - Ec2SubnetIds + - StudioId + - Tags + x-read-only-properties: + - LaunchProfileId + x-required-properties: + - StudioId + - Name + - StudioComponentIds + - Ec2SubnetIds + - StreamConfiguration + - LaunchProfileProtocolVersions + x-required-permissions: + create: + - nimble:CreateLaunchProfile + - nimble:GetLaunchProfile + - nimble:TagResource + - ec2:CreateNetworkInterface + - ec2:CreateNetworkInterfacePermission + - ec2:RunInstances + - ec2:DescribeSubnets + read: + - nimble:GetLaunchProfile + update: + - nimble:UpdateLaunchProfile + - nimble:GetLaunchProfile + - ec2:CreateNetworkInterface + - ec2:CreateNetworkInterfacePermission + - ec2:DescribeSubnets + - ec2:RunInstances + delete: + - nimble:DeleteLaunchProfile + - nimble:GetLaunchProfile + - nimble:UntagResource + list: + - nimble:ListLaunchProfiles + StreamingImageEncryptionConfiguration: + type: object + description:

TODO

+ properties: + KeyType: + $ref: '#/components/schemas/StreamingImageEncryptionConfigurationKeyType' + KeyArn: + type: string + minLength: 4 + pattern: ^arn:.* + description:

The ARN for a KMS key that is used to encrypt studio data.

+ required: + - KeyType + additionalProperties: false + StreamingImageEncryptionConfigurationKeyType: + type: string + description:

+ enum: + - CUSTOMER_MANAGED_KEY + StreamingImage: + type: object + properties: + Description: + type: string + maxLength: 256 + minLength: 0 + description:

A human-readable description of the streaming image.

+ Ec2ImageId: + type: string + pattern: ^ami-[0-9A-z]+$ + description:

The ID of an EC2 machine image with which to create this streaming image.

+ EncryptionConfiguration: + $ref: '#/components/schemas/StreamingImageEncryptionConfiguration' + EulaIds: + type: array + items: + type: string + description:

The list of EULAs that must be accepted before a Streaming Session can be started using this streaming image.

+ Name: + type: string + maxLength: 64 + minLength: 0 + description:

A friendly name for a streaming image resource.

+ Owner: + type: string + description:

The owner of the streaming image, either the studioId that contains the streaming image, or 'amazon' for images that are provided by Amazon Nimble Studio.

+ Platform: + type: string + pattern: ^[a-zA-Z]*$ + description:

The platform of the streaming image, either WINDOWS or LINUX.

+ StreamingImageId: + type: string + StudioId: + type: string + description:

The studioId.

+ Tags: + $ref: '#/components/schemas/Tags' + required: + - StudioId + - Ec2ImageId + - Name + x-stackql-resource-name: streaming_image + description: Represents a streaming session machine image that can be used to launch a streaming session + x-type-name: AWS::NimbleStudio::StreamingImage + x-stackql-primary-identifier: + - StudioId + - StreamingImageId + x-create-only-properties: + - Ec2ImageId + - StudioId + - Tags + x-read-only-properties: + - EncryptionConfiguration + - EulaIds + - Owner + - Platform + - StreamingImageId + x-required-properties: + - StudioId + - Ec2ImageId + - Name + x-required-permissions: + create: + - nimble:CreateStreamingImage + - nimble:GetStreamingImage + - nimble:TagResource + - ec2:DescribeImages + - ec2:DescribeSnapshots + - ec2:ModifyInstanceAttribute + - ec2:ModifySnapshotAttribute + - ec2:ModifyImageAttribute + - ec2:RegisterImage + - kms:Encrypt + - kms:Decrypt + - kms:CreateGrant + - kms:ListGrants + - kms:GenerateDataKey + read: + - nimble:GetStreamingImage + update: + - nimble:UpdateStreamingImage + - nimble:GetStreamingImage + - kms:Encrypt + - kms:Decrypt + - kms:CreateGrant + - kms:ListGrants + - kms:GenerateDataKey + delete: + - nimble:DeleteStreamingImage + - nimble:GetStreamingImage + - nimble:UntagResource + - ec2:ModifyInstanceAttribute + - ec2:ModifySnapshotAttribute + - ec2:DeregisterImage + - ec2:DeleteSnapshot + - kms:ListGrants + - kms:RetireGrant + list: + - nimble:ListStreamingImages + StudioEncryptionConfiguration: + type: object + description:

Configuration of the encryption method that is used for the studio.

+ properties: + KeyType: + $ref: '#/components/schemas/StudioEncryptionConfigurationKeyType' + KeyArn: + type: string + minLength: 4 + pattern: ^arn:.* + description:

The ARN for a KMS key that is used to encrypt studio data.

+ required: + - KeyType + additionalProperties: false + StudioEncryptionConfigurationKeyType: + type: string + description:

The type of KMS key that is used to encrypt studio data.

+ enum: + - AWS_OWNED_KEY + - CUSTOMER_MANAGED_KEY + Studio: + type: object + properties: + AdminRoleArn: + type: string + description:

The IAM role that Studio Admins will assume when logging in to the Nimble Studio portal.

+ DisplayName: + type: string + maxLength: 64 + minLength: 0 + description:

A friendly name for the studio.

+ HomeRegion: + type: string + maxLength: 50 + minLength: 0 + pattern: '[a-z]{2}-?(iso|gov)?-{1}[a-z]*-{1}[0-9]' + description:

The Amazon Web Services Region where the studio resource is located.

+ SsoClientId: + type: string + description:

The Amazon Web Services SSO application client ID used to integrate with Amazon Web Services SSO to enable Amazon Web Services SSO users to log in to Nimble Studio portal.

+ StudioEncryptionConfiguration: + $ref: '#/components/schemas/StudioEncryptionConfiguration' + StudioId: + type: string + StudioName: + type: string + maxLength: 64 + minLength: 3 + pattern: ^[a-z0-9]*$ + description:

The studio name that is used in the URL of the Nimble Studio portal when accessed by Nimble Studio users.

+ StudioUrl: + type: string + description:

The address of the web page for the studio.

+ Tags: + $ref: '#/components/schemas/Tags' + UserRoleArn: + type: string + description:

The IAM role that Studio Users will assume when logging in to the Nimble Studio portal.

+ required: + - DisplayName + - UserRoleArn + - AdminRoleArn + - StudioName + x-stackql-resource-name: studio + description: Represents a studio that contains other Nimble Studio resources + x-type-name: AWS::NimbleStudio::Studio + x-stackql-primary-identifier: + - StudioId + x-create-only-properties: + - StudioName + - Tags + x-read-only-properties: + - HomeRegion + - SsoClientId + - StudioId + - StudioUrl + x-required-properties: + - DisplayName + - UserRoleArn + - AdminRoleArn + - StudioName + x-required-permissions: + create: + - iam:PassRole + - nimble:CreateStudio + - nimble:GetStudio + - nimble:TagResource + - sso:CreateManagedApplicationInstance + - kms:Encrypt + - kms:Decrypt + - kms:CreateGrant + - kms:ListGrants + - kms:GenerateDataKey + read: + - nimble:GetStudio + - kms:Encrypt + - kms:Decrypt + - kms:ListGrants + - kms:GenerateDataKey + update: + - iam:PassRole + - nimble:UpdateStudio + - nimble:GetStudio + - kms:Encrypt + - kms:Decrypt + - kms:CreateGrant + - kms:ListGrants + - kms:GenerateDataKey + delete: + - nimble:DeleteStudio + - nimble:GetStudio + - nimble:UntagResource + - kms:Encrypt + - kms:Decrypt + - kms:ListGrants + - kms:RetireGrant + - kms:GenerateDataKey + - sso:DeleteManagedApplicationInstance + - sso:GetManagedApplicationInstance + list: + - nimble:ListStudios + ActiveDirectoryComputerAttribute: + type: object + description: |- +

An LDAP attribute of an Active Directory computer account, in the form of a name:value + pair.

+ properties: + Name: + type: string + maxLength: 40 + minLength: 1 + description:

The name for the LDAP attribute.

+ Value: + type: string + maxLength: 64 + minLength: 1 + description:

The value for the LDAP attribute.

+ additionalProperties: false + ActiveDirectoryConfiguration: + type: object + description: |- +

The configuration for a Microsoft Active Directory (Microsoft AD) studio + resource.

+ properties: + ComputerAttributes: + type: array + items: + $ref: '#/components/schemas/ActiveDirectoryComputerAttribute' + maxItems: 50 + minItems: 0 + description:

A collection of custom attributes for an Active Directory computer.

+ DirectoryId: + type: string + description: |- +

The directory ID of the Directory Service for Microsoft Active Directory to access + using this studio component.

+ OrganizationalUnitDistinguishedName: + type: string + maxLength: 2000 + minLength: 1 + description: |- +

The distinguished name (DN) and organizational unit (OU) of an Active Directory + computer.

+ additionalProperties: false + ComputeFarmConfiguration: + type: object + description:

The configuration for a render farm that is associated with a studio resource.

+ properties: + ActiveDirectoryUser: + type: string + description: |- +

The name of an Active Directory user that is used on ComputeFarm worker + instances.

+ Endpoint: + type: string + description: |- +

The endpoint of the ComputeFarm that is accessed by the studio component + resource.

+ additionalProperties: false + LaunchProfilePlatform: + type: string + enum: + - LINUX + - WINDOWS + LicenseServiceConfiguration: + type: object + description: |- +

The configuration for a license service that is associated with a studio + resource.

+ properties: + Endpoint: + type: string + description: |- +

The endpoint of the license service that is accessed by the studio component + resource.

+ additionalProperties: false + ScriptParameterKeyValue: + type: object + description:

A parameter for a studio component script, in the form of a key:value pair.

+ properties: + Key: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z_][a-zA-Z0-9_]+$ + description:

A script parameter key.

+ Value: + type: string + maxLength: 256 + minLength: 1 + description:

A script parameter value.

+ additionalProperties: false + SharedFileSystemConfiguration: + type: object + description: |- +

The configuration for a shared file storage system that is associated with a studio + resource.

+ properties: + Endpoint: + type: string + description: |- +

The endpoint of the shared file system that is accessed by the studio component + resource.

+ FileSystemId: + type: string + description:

The unique identifier for a file system.

+ LinuxMountPoint: + type: string + maxLength: 128 + minLength: 0 + pattern: ^(/?|(\$HOME)?(/[^/\n\s\\]+)*)$ + description:

The mount location for a shared file system on a Linux virtual workstation.

+ ShareName: + type: string + description:

The name of the file share.

+ WindowsMountDrive: + type: string + pattern: ^[A-Z]$ + description:

The mount location for a shared file system on a Windows virtual workstation.

+ additionalProperties: false + StudioComponentConfiguration: + description:

The configuration of the studio component, based on component type.

+ oneOf: + - type: object + title: ActiveDirectoryConfiguration + properties: + ActiveDirectoryConfiguration: + $ref: '#/components/schemas/ActiveDirectoryConfiguration' + required: + - ActiveDirectoryConfiguration + additionalProperties: false + - type: object + title: ComputeFarmConfiguration + properties: + ComputeFarmConfiguration: + $ref: '#/components/schemas/ComputeFarmConfiguration' + required: + - ComputeFarmConfiguration + additionalProperties: false + - type: object + title: LicenseServiceConfiguration + properties: + LicenseServiceConfiguration: + $ref: '#/components/schemas/LicenseServiceConfiguration' + required: + - LicenseServiceConfiguration + additionalProperties: false + - type: object + title: SharedFileSystemConfiguration + properties: + SharedFileSystemConfiguration: + $ref: '#/components/schemas/SharedFileSystemConfiguration' + required: + - SharedFileSystemConfiguration + additionalProperties: false + StudioComponentInitializationScript: + type: object + description:

Initialization scripts for studio components.

+ properties: + LaunchProfileProtocolVersion: + type: string + maxLength: 10 + minLength: 0 + pattern: ^2021\-03\-31$ + description: |- +

The version number of the protocol that is used by the launch profile. The only valid + version is "2021-03-31".

+ Platform: + $ref: '#/components/schemas/LaunchProfilePlatform' + RunContext: + $ref: '#/components/schemas/StudioComponentInitializationScriptRunContext' + Script: + type: string + maxLength: 5120 + minLength: 1 + description:

The initialization script.

+ additionalProperties: false + StudioComponentInitializationScriptRunContext: + type: string + enum: + - SYSTEM_INITIALIZATION + - USER_INITIALIZATION + StudioComponentSubtype: + type: string + enum: + - AWS_MANAGED_MICROSOFT_AD + - AMAZON_FSX_FOR_WINDOWS + - AMAZON_FSX_FOR_LUSTRE + - CUSTOM + StudioComponentType: + type: string + enum: + - ACTIVE_DIRECTORY + - SHARED_FILE_SYSTEM + - COMPUTE_FARM + - LICENSE_SERVICE + - CUSTOM + StudioComponent: + type: object + properties: + Configuration: + $ref: '#/components/schemas/StudioComponentConfiguration' + Description: + type: string + maxLength: 256 + minLength: 0 + description:

The description.

+ Ec2SecurityGroupIds: + type: array + items: + type: string + maxItems: 30 + minItems: 0 + description:

The EC2 security groups that control access to the studio component.

+ InitializationScripts: + type: array + items: + $ref: '#/components/schemas/StudioComponentInitializationScript' + description:

Initialization scripts for studio components.

+ Name: + type: string + maxLength: 64 + minLength: 0 + description:

The name for the studio component.

+ RuntimeRoleArn: + type: string + maxLength: 2048 + minLength: 0 + ScriptParameters: + type: array + items: + $ref: '#/components/schemas/ScriptParameterKeyValue' + maxItems: 30 + minItems: 0 + description:

Parameters for the studio component scripts.

+ SecureInitializationRoleArn: + type: string + maxLength: 2048 + minLength: 0 + StudioComponentId: + type: string + StudioId: + type: string + description:

The studio ID.

+ Subtype: + $ref: '#/components/schemas/StudioComponentSubtype' + Tags: + $ref: '#/components/schemas/Tags' + Type: + $ref: '#/components/schemas/StudioComponentType' + required: + - StudioId + - Name + - Type + x-stackql-resource-name: studio_component + description: Represents a studio component that connects a non-Nimble Studio resource in your account to your studio + x-type-name: AWS::NimbleStudio::StudioComponent + x-stackql-primary-identifier: + - StudioComponentId + - StudioId + x-create-only-properties: + - StudioId + - Subtype + - Tags + x-read-only-properties: + - StudioComponentId + x-required-properties: + - StudioId + - Name + - Type + x-required-permissions: + create: + - iam:PassRole + - nimble:CreateStudioComponent + - nimble:GetStudioComponent + - nimble:TagResource + - ds:AuthorizeApplication + - ec2:DescribeSecurityGroups + - fsx:DescribeFilesystems + - ds:DescribeDirectories + read: + - nimble:GetStudioComponent + update: + - iam:PassRole + - nimble:UpdateStudioComponent + - nimble:GetStudioComponent + - ds:AuthorizeApplication + - ec2:DescribeSecurityGroups + - fsx:DescribeFilesystems + - ds:DescribeDirectories + delete: + - nimble:DeleteStudioComponent + - nimble:GetStudioComponent + - nimble:UntagResource + - ds:UnauthorizeApplication + list: + - nimble:ListStudioComponents + x-stackQL-resources: + launch_profiles: + name: launch_profiles + id: aws.nimblestudio.launch_profiles + x-cfn-schema-name: LaunchProfile + x-type: list + x-identifiers: + - LaunchProfileId + - StudioId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LaunchProfileId') as launch_profile_id, + JSON_EXTRACT(Properties, '$.StudioId') as studio_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::LaunchProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LaunchProfileId') as launch_profile_id, + json_extract_path_text(Properties, 'StudioId') as studio_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::LaunchProfile' + AND region = 'us-east-1' + launch_profile: + name: launch_profile + id: aws.nimblestudio.launch_profile + x-cfn-schema-name: LaunchProfile + x-type: get + x-identifiers: + - LaunchProfileId + - StudioId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Ec2SubnetIds') as ec2_subnet_ids, + JSON_EXTRACT(Properties, '$.LaunchProfileId') as launch_profile_id, + JSON_EXTRACT(Properties, '$.LaunchProfileProtocolVersions') as launch_profile_protocol_versions, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.StreamConfiguration') as stream_configuration, + JSON_EXTRACT(Properties, '$.StudioComponentIds') as studio_component_ids, + JSON_EXTRACT(Properties, '$.StudioId') as studio_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::LaunchProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Ec2SubnetIds') as ec2_subnet_ids, + json_extract_path_text(Properties, 'LaunchProfileId') as launch_profile_id, + json_extract_path_text(Properties, 'LaunchProfileProtocolVersions') as launch_profile_protocol_versions, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'StreamConfiguration') as stream_configuration, + json_extract_path_text(Properties, 'StudioComponentIds') as studio_component_ids, + json_extract_path_text(Properties, 'StudioId') as studio_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::LaunchProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' + streaming_images: + name: streaming_images + id: aws.nimblestudio.streaming_images + x-cfn-schema-name: StreamingImage + x-type: list + x-identifiers: + - StudioId + - StreamingImageId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.StudioId') as studio_id, + JSON_EXTRACT(Properties, '$.StreamingImageId') as streaming_image_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::StreamingImage' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'StudioId') as studio_id, + json_extract_path_text(Properties, 'StreamingImageId') as streaming_image_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::StreamingImage' + AND region = 'us-east-1' + streaming_image: + name: streaming_image + id: aws.nimblestudio.streaming_image + x-cfn-schema-name: StreamingImage + x-type: get + x-identifiers: + - StudioId + - StreamingImageId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Ec2ImageId') as ec2_image_id, + JSON_EXTRACT(Properties, '$.EncryptionConfiguration') as encryption_configuration, + JSON_EXTRACT(Properties, '$.EulaIds') as eula_ids, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Owner') as owner, + JSON_EXTRACT(Properties, '$.Platform') as platform, + JSON_EXTRACT(Properties, '$.StreamingImageId') as streaming_image_id, + JSON_EXTRACT(Properties, '$.StudioId') as studio_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::StreamingImage' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Ec2ImageId') as ec2_image_id, + json_extract_path_text(Properties, 'EncryptionConfiguration') as encryption_configuration, + json_extract_path_text(Properties, 'EulaIds') as eula_ids, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Owner') as owner, + json_extract_path_text(Properties, 'Platform') as platform, + json_extract_path_text(Properties, 'StreamingImageId') as streaming_image_id, + json_extract_path_text(Properties, 'StudioId') as studio_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::StreamingImage' + AND data__Identifier = '|' + AND region = 'us-east-1' + studios: + name: studios + id: aws.nimblestudio.studios + x-cfn-schema-name: Studio + x-type: list + x-identifiers: + - StudioId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.StudioId') as studio_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::Studio' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'StudioId') as studio_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::Studio' + AND region = 'us-east-1' + studio: + name: studio + id: aws.nimblestudio.studio + x-cfn-schema-name: Studio + x-type: get + x-identifiers: + - StudioId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AdminRoleArn') as admin_role_arn, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.HomeRegion') as home_region, + JSON_EXTRACT(Properties, '$.SsoClientId') as sso_client_id, + JSON_EXTRACT(Properties, '$.StudioEncryptionConfiguration') as studio_encryption_configuration, + JSON_EXTRACT(Properties, '$.StudioId') as studio_id, + JSON_EXTRACT(Properties, '$.StudioName') as studio_name, + JSON_EXTRACT(Properties, '$.StudioUrl') as studio_url, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UserRoleArn') as user_role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::Studio' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AdminRoleArn') as admin_role_arn, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'HomeRegion') as home_region, + json_extract_path_text(Properties, 'SsoClientId') as sso_client_id, + json_extract_path_text(Properties, 'StudioEncryptionConfiguration') as studio_encryption_configuration, + json_extract_path_text(Properties, 'StudioId') as studio_id, + json_extract_path_text(Properties, 'StudioName') as studio_name, + json_extract_path_text(Properties, 'StudioUrl') as studio_url, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UserRoleArn') as user_role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::Studio' + AND data__Identifier = '' + AND region = 'us-east-1' + studio_components: + name: studio_components + id: aws.nimblestudio.studio_components + x-cfn-schema-name: StudioComponent + x-type: list + x-identifiers: + - StudioComponentId + - StudioId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.StudioComponentId') as studio_component_id, + JSON_EXTRACT(Properties, '$.StudioId') as studio_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::StudioComponent' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'StudioComponentId') as studio_component_id, + json_extract_path_text(Properties, 'StudioId') as studio_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::StudioComponent' + AND region = 'us-east-1' + studio_component: + name: studio_component + id: aws.nimblestudio.studio_component + x-cfn-schema-name: StudioComponent + x-type: get + x-identifiers: + - StudioComponentId + - StudioId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Configuration') as configuration, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Ec2SecurityGroupIds') as ec2_security_group_ids, + JSON_EXTRACT(Properties, '$.InitializationScripts') as initialization_scripts, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RuntimeRoleArn') as runtime_role_arn, + JSON_EXTRACT(Properties, '$.ScriptParameters') as script_parameters, + JSON_EXTRACT(Properties, '$.SecureInitializationRoleArn') as secure_initialization_role_arn, + JSON_EXTRACT(Properties, '$.StudioComponentId') as studio_component_id, + JSON_EXTRACT(Properties, '$.StudioId') as studio_id, + JSON_EXTRACT(Properties, '$.Subtype') as subtype, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::StudioComponent' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Configuration') as configuration, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Ec2SecurityGroupIds') as ec2_security_group_ids, + json_extract_path_text(Properties, 'InitializationScripts') as initialization_scripts, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RuntimeRoleArn') as runtime_role_arn, + json_extract_path_text(Properties, 'ScriptParameters') as script_parameters, + json_extract_path_text(Properties, 'SecureInitializationRoleArn') as secure_initialization_role_arn, + json_extract_path_text(Properties, 'StudioComponentId') as studio_component_id, + json_extract_path_text(Properties, 'StudioId') as studio_id, + json_extract_path_text(Properties, 'Subtype') as subtype, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::StudioComponent' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/oam.yaml b/providers/src/aws/v00.00.00000/services/oam.yaml new file mode 100644 index 00000000..876715c3 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/oam.yaml @@ -0,0 +1,314 @@ +openapi: 3.0.0 +info: + title: Oam + version: 1.0.0 +paths: {} +components: + schemas: + ResourceType: + type: string + enum: + - AWS::CloudWatch::Metric + - AWS::Logs::LogGroup + - AWS::XRay::Trace + - AWS::ApplicationInsights::Application + - AWS::InternetMonitor::Monitor + LinkConfiguration: + type: object + additionalProperties: false + properties: + MetricConfiguration: + $ref: '#/components/schemas/LinkFilter' + LogGroupConfiguration: + $ref: '#/components/schemas/LinkFilter' + LinkFilter: + type: object + additionalProperties: false + properties: + Filter: + type: string + maxLength: 2000 + minLength: 1 + required: + - Filter + Link: + type: object + properties: + Arn: + type: string + maxLength: 2048 + Label: + type: string + LabelTemplate: + type: string + maxLength: 64 + minLength: 1 + ResourceTypes: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ResourceType' + maxItems: 50 + minItems: 1 + uniqueItems: true + SinkIdentifier: + type: string + maxLength: 2048 + minLength: 1 + LinkConfiguration: + $ref: '#/components/schemas/LinkConfiguration' + Tags: + description: Tags to apply to the link + type: object + additionalProperties: false + x-patternProperties: + ^(?!aws:.*)[a-zA-Z0-9\s\_\.\/\=\+\-]{1,128}$: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + pattern: ^(?!aws:.*)[a-zA-Z0-9\s\_\.\/\=\+\-]{0,256}$ + minLength: 0 + maxLength: 256 + required: + - ResourceTypes + - SinkIdentifier + x-stackql-resource-name: link + description: Definition of AWS::Oam::Link Resource Type + x-type-name: AWS::Oam::Link + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - SinkIdentifier + - LabelTemplate + x-write-only-properties: + - LabelTemplate + x-read-only-properties: + - Arn + - Label + x-required-properties: + - ResourceTypes + - SinkIdentifier + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - oam:CreateLink + - oam:GetLink + - cloudwatch:Link + - logs:Link + - xray:Link + - applicationinsights:Link + - internetmonitor:Link + read: + - oam:GetLink + update: + - oam:GetLink + - oam:UpdateLink + - cloudwatch:Link + - logs:Link + - xray:Link + - applicationinsights:Link + - internetmonitor:Link + - oam:TagResource + - oam:UntagResource + delete: + - oam:DeleteLink + - oam:GetLink + list: + - oam:ListLinks + Sink: + type: object + properties: + Arn: + description: The Amazon resource name (ARN) of the ObservabilityAccessManager Sink + type: string + maxLength: 2048 + Name: + description: The name of the ObservabilityAccessManager Sink. + type: string + minLength: 1 + maxLength: 255 + pattern: ^[a-zA-Z0-9_.-]+$ + Policy: + description: The policy of this ObservabilityAccessManager Sink. + type: object + Tags: + description: Tags to apply to the sink + type: object + additionalProperties: false + x-patternProperties: + ^(?!aws:.*)[a-zA-Z0-9\s\_\.\/\=\+\-]{1,128}$: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + pattern: ^(?!aws:.*)[a-zA-Z0-9\s\_\.\/\=\+\-]{0,256}$ + minLength: 0 + maxLength: 256 + required: + - Name + x-stackql-resource-name: sink + description: Resource Type definition for AWS::Oam::Sink + x-type-name: AWS::Oam::Sink + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - oam:CreateSink + - oam:PutSinkPolicy + - oam:GetSinkPolicy + - oam:GetSink + delete: + - oam:DeleteSink + - oam:GetSinkPolicy + - oam:GetSink + list: + - oam:ListSinks + read: + - oam:GetSinkPolicy + - oam:GetSink + update: + - oam:PutSinkPolicy + - oam:GetSinkPolicy + - oam:GetSink + - oam:TagResource + - oam:UntagResource + x-stackQL-resources: + links: + name: links + id: aws.oam.links + x-cfn-schema-name: Link + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Oam::Link' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Oam::Link' + AND region = 'us-east-1' + link: + name: link + id: aws.oam.link + x-cfn-schema-name: Link + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Label') as label, + JSON_EXTRACT(Properties, '$.LabelTemplate') as label_template, + JSON_EXTRACT(Properties, '$.ResourceTypes') as resource_types, + JSON_EXTRACT(Properties, '$.SinkIdentifier') as sink_identifier, + JSON_EXTRACT(Properties, '$.LinkConfiguration') as link_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Oam::Link' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Label') as label, + json_extract_path_text(Properties, 'LabelTemplate') as label_template, + json_extract_path_text(Properties, 'ResourceTypes') as resource_types, + json_extract_path_text(Properties, 'SinkIdentifier') as sink_identifier, + json_extract_path_text(Properties, 'LinkConfiguration') as link_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Oam::Link' + AND data__Identifier = '' + AND region = 'us-east-1' + sinks: + name: sinks + id: aws.oam.sinks + x-cfn-schema-name: Sink + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Oam::Sink' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Oam::Sink' + AND region = 'us-east-1' + sink: + name: sink + id: aws.oam.sink + x-cfn-schema-name: Sink + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Policy') as policy, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Oam::Sink' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Policy') as policy, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Oam::Sink' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/omics.yaml b/providers/src/aws/v00.00.00000/services/omics.yaml new file mode 100644 index 00000000..d4420c21 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/omics.yaml @@ -0,0 +1,1140 @@ +openapi: 3.0.0 +info: + title: Omics + version: 1.0.0 +paths: {} +components: + schemas: + AnnotationType: + type: string + enum: + - GENERIC + - CHR_POS + - CHR_POS_REF_ALT + - CHR_START_END_ONE_BASE + - CHR_START_END_REF_ALT_ONE_BASE + - CHR_START_END_ZERO_BASE + - CHR_START_END_REF_ALT_ZERO_BASE + EncryptionType: + type: string + enum: + - KMS + FormatToHeader: + type: object + x-patternProperties: + .+: + type: string + maxLength: 1000 + minLength: 0 + additionalProperties: false + FormatToHeaderKey: + type: string + enum: + - CHR + - START + - END + - REF + - ALT + - POS + ReferenceItem: + type: object + properties: + ReferenceArn: + type: string + maxLength: 127 + minLength: 1 + pattern: ^arn:.+$ + required: + - ReferenceArn + additionalProperties: false + SchemaItem: + type: object + maxProperties: 1 + minProperties: 1 + x-patternProperties: + ^[a-z0-9_]{1,255}$: + $ref: '#/components/schemas/SchemaValueType' + additionalProperties: false + SchemaValueType: + type: string + enum: + - LONG + - INT + - STRING + - FLOAT + - DOUBLE + - BOOLEAN + SseConfig: + type: object + properties: + Type: + $ref: '#/components/schemas/EncryptionType' + KeyArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: |- + arn:([^: + ]*):([^: + ]*):([^: + ]*):([0-9]{12}):([^: + ]*) + required: + - Type + additionalProperties: false + StoreFormat: + type: string + enum: + - GFF + - TSV + - VCF + StoreOptions: + oneOf: + - type: object + title: TsvStoreOptions + properties: + TsvStoreOptions: + $ref: '#/components/schemas/TsvStoreOptions' + required: + - TsvStoreOptions + additionalProperties: false + StoreStatus: + type: string + enum: + - CREATING + - UPDATING + - DELETING + - ACTIVE + - FAILED + TagMap: + type: object + description: A map of resource tags + x-patternProperties: + .+: + type: string + maxLength: 256 + minLength: 0 + description: Resource tag value + additionalProperties: false + TsvStoreOptions: + type: object + properties: + AnnotationType: + $ref: '#/components/schemas/AnnotationType' + FormatToHeader: + $ref: '#/components/schemas/FormatToHeader' + Schema: + type: array + items: + $ref: '#/components/schemas/SchemaItem' + maxItems: 5000 + minItems: 1 + x-insertionOrder: false + additionalProperties: false + AnnotationStore: + type: object + properties: + CreationTime: + type: string + format: date-time + Description: + type: string + maxLength: 500 + minLength: 0 + Id: + type: string + pattern: ^[a-f0-9]{12}$ + Name: + type: string + pattern: ^([a-z]){1}([a-z0-9_]){2,254} + Reference: + $ref: '#/components/schemas/ReferenceItem' + SseConfig: + $ref: '#/components/schemas/SseConfig' + Status: + $ref: '#/components/schemas/StoreStatus' + StatusMessage: + type: string + maxLength: 1000 + minLength: 0 + StoreArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: |- + ^arn:([^: + ]*):([^: + ]*):([^: + ]*):([0-9]{12}):([^: + ]*)$ + StoreFormat: + $ref: '#/components/schemas/StoreFormat' + StoreOptions: + $ref: '#/components/schemas/StoreOptions' + StoreSizeBytes: + type: number + Tags: + $ref: '#/components/schemas/TagMap' + UpdateTime: + type: string + format: date-time + required: + - Name + - StoreFormat + x-stackql-resource-name: annotation_store + description: Definition of AWS::Omics::AnnotationStore Resource Type + x-type-name: AWS::Omics::AnnotationStore + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - Reference + - SseConfig + - StoreFormat + - StoreOptions + - Tags + x-read-only-properties: + - CreationTime + - Id + - Status + - StatusMessage + - StoreArn + - StoreSizeBytes + - UpdateTime + x-required-properties: + - Name + - StoreFormat + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + x-required-permissions: + create: + - omics:CreateAnnotationStore + - omics:TagResource + - kms:DescribeKey + - kms:GenerateDataKey + - kms:CreateGrant + - ram:AcceptResourceShareInvitation + - ram:GetResourceShareInvitations + - omics:GetAnnotationStore + read: + - omics:GetAnnotationStore + update: + - omics:UpdateAnnotationStore + - omics:TagResource + - omics:UntagResource + - omics:GetAnnotationStore + - omics:ListTagsForResource + delete: + - omics:DeleteAnnotationStore + - omics:ListAnnotationStores + list: + - omics:ListAnnotationStores + ReferenceStore: + type: object + properties: + Arn: + type: string + maxLength: 127 + minLength: 1 + pattern: ^arn:.+$ + description: The store's ARN. + CreationTime: + type: string + description: When the store was created. + format: date-time + Description: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[\p{L}||\p{M}||\p{Z}||\p{S}||\p{N}||\p{P}]+$ + description: A description for the store. + Name: + type: string + maxLength: 127 + minLength: 1 + pattern: ^[\p{L}||\p{M}||\p{Z}||\p{S}||\p{N}||\p{P}]+$ + description: A name for the store. + ReferenceStoreId: + type: string + maxLength: 36 + minLength: 10 + pattern: ^[0-9]+$ + SseConfig: + $ref: '#/components/schemas/SseConfig' + Tags: + $ref: '#/components/schemas/TagMap' + required: + - Name + x-stackql-resource-name: reference_store + description: Definition of AWS::Omics::ReferenceStore Resource Type + x-type-name: AWS::Omics::ReferenceStore + x-stackql-primary-identifier: + - ReferenceStoreId + x-create-only-properties: + - Description + - Name + - SseConfig + - Tags + x-write-only-properties: + - Tags + x-read-only-properties: + - Arn + - CreationTime + - ReferenceStoreId + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + x-required-permissions: + create: + - omics:CreateReferenceStore + - omics:TagResource + read: + - omics:GetReferenceStore + - omics:ListTagsForResource + delete: + - omics:DeleteReferenceStore + list: + - omics:ListReferenceStores + RunGroup: + type: object + properties: + Arn: + type: string + maxLength: 128 + minLength: 1 + pattern: ^arn:.+$ + CreationTime: + type: string + format: date-time + Id: + type: string + maxLength: 18 + minLength: 1 + pattern: ^[0-9]+$ + MaxCpus: + type: number + maximum: 100000 + minimum: 1 + MaxGpus: + type: number + maximum: 100000 + minimum: 1 + MaxDuration: + type: number + maximum: 100000 + minimum: 1 + MaxRuns: + type: number + maximum: 100000 + minimum: 1 + Name: + type: string + maxLength: 128 + minLength: 1 + pattern: ^[\p{L}||\p{M}||\p{Z}||\p{S}||\p{N}||\p{P}]+$ + Tags: + $ref: '#/components/schemas/TagMap' + x-stackql-resource-name: run_group + description: Definition of AWS::Omics::RunGroup Resource Type + x-type-name: AWS::Omics::RunGroup + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Arn + - CreationTime + - Id + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - omics:CreateRunGroup + - omics:TagResource + read: + - omics:GetRunGroup + update: + - omics:UpdateRunGroup + - omics:TagResource + - omics:GetRunGroup + - omics:ListTagsForResource + - omics:UntagResource + delete: + - omics:DeleteRunGroup + - omics:GetRunGroup + list: + - omics:ListRunGroups + SequenceStore: + type: object + properties: + Arn: + type: string + maxLength: 127 + minLength: 1 + pattern: ^arn:.+$ + description: The store's ARN. + CreationTime: + type: string + description: When the store was created. + format: date-time + Description: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[\p{L}||\p{M}||\p{Z}||\p{S}||\p{N}||\p{P}]+$ + description: A description for the store. + Name: + type: string + maxLength: 127 + minLength: 1 + pattern: ^[\p{L}||\p{M}||\p{Z}||\p{S}||\p{N}||\p{P}]+$ + description: A name for the store. + FallbackLocation: + type: string + minLength: 1 + pattern: ^s3:\/\/([a-z0-9][a-z0-9-.]{1,61}[a-z0-9])\/?((.{1,1024})\/)?$ + description: An S3 URI representing the bucket and folder to store failed read set uploads. + SequenceStoreId: + type: string + maxLength: 36 + minLength: 10 + pattern: ^[0-9]+$ + SseConfig: + $ref: '#/components/schemas/SseConfig' + Tags: + $ref: '#/components/schemas/TagMap' + required: + - Name + x-stackql-resource-name: sequence_store + description: Definition of AWS::Omics::SequenceStore Resource Type + x-type-name: AWS::Omics::SequenceStore + x-stackql-primary-identifier: + - SequenceStoreId + x-create-only-properties: + - Description + - Name + - FallbackLocation + - SseConfig + - Tags + x-write-only-properties: + - Tags + x-read-only-properties: + - Arn + - CreationTime + - SequenceStoreId + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + x-required-permissions: + create: + - omics:CreateSequenceStore + - omics:TagResource + read: + - omics:GetSequenceStore + - omics:ListTagsForResource + delete: + - omics:DeleteSequenceStore + list: + - omics:ListSequenceStores + VariantStore: + type: object + properties: + CreationTime: + type: string + format: date-time + Description: + type: string + maxLength: 500 + minLength: 0 + Id: + type: string + pattern: ^[a-f0-9]{12}$ + Name: + type: string + pattern: ^([a-z]){1}([a-z0-9_]){2,254} + Reference: + $ref: '#/components/schemas/ReferenceItem' + SseConfig: + $ref: '#/components/schemas/SseConfig' + Status: + $ref: '#/components/schemas/StoreStatus' + StatusMessage: + type: string + maxLength: 1000 + minLength: 0 + StoreArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: |- + ^arn:([^: + ]*):([^: + ]*):([^: + ]*):([0-9]{12}):([^: + ]*)$ + StoreSizeBytes: + type: number + Tags: + $ref: '#/components/schemas/TagMap' + UpdateTime: + type: string + format: date-time + required: + - Name + - Reference + x-stackql-resource-name: variant_store + description: Definition of AWS::Omics::VariantStore Resource Type + x-type-name: AWS::Omics::VariantStore + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - Reference + - SseConfig + - Tags + x-read-only-properties: + - CreationTime + - Id + - Status + - StatusMessage + - StoreArn + - StoreSizeBytes + - UpdateTime + x-required-properties: + - Name + - Reference + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - omics:CreateVariantStore + - omics:TagResource + - kms:DescribeKey + - kms:GenerateDataKey + - kms:CreateGrant + - ram:AcceptResourceShareInvitation + - ram:GetResourceShareInvitations + - omics:GetVariantStore + read: + - omics:GetVariantStore + update: + - omics:UpdateVariantStore + - omics:TagResource + - omics:UntagResource + - omics:ListTagsForResource + - omics:GetVariantStore + delete: + - omics:DeleteVariantStore + - omics:ListVariantStores + list: + - omics:ListVariantStores + WorkflowEngine: + type: string + maxLength: 64 + minLength: 1 + enum: + - WDL + - NEXTFLOW + - CWL + Accelerators: + type: string + maxLength: 64 + minLength: 1 + enum: + - GPU + WorkflowParameter: + type: object + properties: + Description: + type: string + maxLength: 256 + minLength: 0 + pattern: ^[\p{L}||\p{M}||\p{Z}||\p{S}||\p{N}||\p{P}]+$ + Optional: + type: boolean + additionalProperties: false + WorkflowParameterTemplate: + type: object + maxProperties: 1000 + minProperties: 1 + x-patternProperties: + ^[\p{L}||\p{M}||\p{Z}||\p{S}||\p{N}||\p{P}]+$: + $ref: '#/components/schemas/WorkflowParameter' + additionalProperties: false + WorkflowStatus: + type: string + maxLength: 64 + minLength: 1 + enum: + - CREATING + - ACTIVE + - UPDATING + - DELETED + - FAILED + WorkflowType: + type: string + maxLength: 64 + minLength: 1 + enum: + - PRIVATE + Workflow: + type: object + properties: + Arn: + type: string + maxLength: 128 + minLength: 1 + pattern: ^arn:.+$ + CreationTime: + type: string + format: date-time + DefinitionUri: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[\p{L}||\p{M}||\p{Z}||\p{S}||\p{N}||\p{P}]+$ + Description: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[\p{L}||\p{M}||\p{Z}||\p{S}||\p{N}||\p{P}]+$ + Engine: + $ref: '#/components/schemas/WorkflowEngine' + Id: + type: string + maxLength: 18 + minLength: 1 + pattern: ^[0-9]+$ + Main: + type: string + maxLength: 128 + minLength: 1 + pattern: ^[\p{L}||\p{M}||\p{Z}||\p{S}||\p{N}||\p{P}]+$ + Name: + type: string + maxLength: 128 + minLength: 1 + pattern: ^[\p{L}||\p{M}||\p{Z}||\p{S}||\p{N}||\p{P}]+$ + ParameterTemplate: + $ref: '#/components/schemas/WorkflowParameterTemplate' + Status: + $ref: '#/components/schemas/WorkflowStatus' + Accelerators: + $ref: '#/components/schemas/Accelerators' + StorageCapacity: + type: number + maximum: 100000 + minimum: 0 + Tags: + $ref: '#/components/schemas/TagMap' + Type: + $ref: '#/components/schemas/WorkflowType' + x-stackql-resource-name: workflow + description: Definition of AWS::Omics::Workflow Resource Type + x-type-name: AWS::Omics::Workflow + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - DefinitionUri + - Engine + - Main + - ParameterTemplate + - StorageCapacity + - Accelerators + x-write-only-properties: + - DefinitionUri + x-read-only-properties: + - Arn + - CreationTime + - Id + - Status + - Type + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - omics:CreateWorkflow + - omics:GetWorkflow + - omics:TagResource + - s3:PutObject + - s3:GetObject + - s3:GetObjectAttributes + - s3:HeadObject + - s3:GetEncryptionConfiguration + - kms:Decrypt + - kms:GenerateDataKey + - kms:GenerateDataKeyPair + - kms:GenerateDataKeyPairWithoutPlaintext + - kms:GenerateDataKeyWithoutPlaintext + read: + - omics:GetWorkflow + update: + - omics:UpdateWorkflow + - omics:GetWorkflow + - omics:TagResource + - omics:ListTagsForResource + - omics:UntagResource + delete: + - omics:DeleteWorkflow + - omics:GetWorkflow + list: + - omics:ListWorkflows + x-stackQL-resources: + annotation_stores: + name: annotation_stores + id: aws.omics.annotation_stores + x-cfn-schema-name: AnnotationStore + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Omics::AnnotationStore' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Omics::AnnotationStore' + AND region = 'us-east-1' + annotation_store: + name: annotation_store + id: aws.omics.annotation_store + x-cfn-schema-name: AnnotationStore + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Reference') as reference, + JSON_EXTRACT(Properties, '$.SseConfig') as sse_config, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusMessage') as status_message, + JSON_EXTRACT(Properties, '$.StoreArn') as store_arn, + JSON_EXTRACT(Properties, '$.StoreFormat') as store_format, + JSON_EXTRACT(Properties, '$.StoreOptions') as store_options, + JSON_EXTRACT(Properties, '$.StoreSizeBytes') as store_size_bytes, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UpdateTime') as update_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Omics::AnnotationStore' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Reference') as reference, + json_extract_path_text(Properties, 'SseConfig') as sse_config, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusMessage') as status_message, + json_extract_path_text(Properties, 'StoreArn') as store_arn, + json_extract_path_text(Properties, 'StoreFormat') as store_format, + json_extract_path_text(Properties, 'StoreOptions') as store_options, + json_extract_path_text(Properties, 'StoreSizeBytes') as store_size_bytes, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UpdateTime') as update_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Omics::AnnotationStore' + AND data__Identifier = '' + AND region = 'us-east-1' + reference_stores: + name: reference_stores + id: aws.omics.reference_stores + x-cfn-schema-name: ReferenceStore + x-type: list + x-identifiers: + - ReferenceStoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ReferenceStoreId') as reference_store_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Omics::ReferenceStore' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ReferenceStoreId') as reference_store_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Omics::ReferenceStore' + AND region = 'us-east-1' + reference_store: + name: reference_store + id: aws.omics.reference_store + x-cfn-schema-name: ReferenceStore + x-type: get + x-identifiers: + - ReferenceStoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ReferenceStoreId') as reference_store_id, + JSON_EXTRACT(Properties, '$.SseConfig') as sse_config, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Omics::ReferenceStore' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ReferenceStoreId') as reference_store_id, + json_extract_path_text(Properties, 'SseConfig') as sse_config, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Omics::ReferenceStore' + AND data__Identifier = '' + AND region = 'us-east-1' + run_groups: + name: run_groups + id: aws.omics.run_groups + x-cfn-schema-name: RunGroup + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Omics::RunGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Omics::RunGroup' + AND region = 'us-east-1' + run_group: + name: run_group + id: aws.omics.run_group + x-cfn-schema-name: RunGroup + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.MaxCpus') as max_cpus, + JSON_EXTRACT(Properties, '$.MaxGpus') as max_gpus, + JSON_EXTRACT(Properties, '$.MaxDuration') as max_duration, + JSON_EXTRACT(Properties, '$.MaxRuns') as max_runs, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Omics::RunGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'MaxCpus') as max_cpus, + json_extract_path_text(Properties, 'MaxGpus') as max_gpus, + json_extract_path_text(Properties, 'MaxDuration') as max_duration, + json_extract_path_text(Properties, 'MaxRuns') as max_runs, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Omics::RunGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + sequence_stores: + name: sequence_stores + id: aws.omics.sequence_stores + x-cfn-schema-name: SequenceStore + x-type: list + x-identifiers: + - SequenceStoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SequenceStoreId') as sequence_store_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Omics::SequenceStore' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SequenceStoreId') as sequence_store_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Omics::SequenceStore' + AND region = 'us-east-1' + sequence_store: + name: sequence_store + id: aws.omics.sequence_store + x-cfn-schema-name: SequenceStore + x-type: get + x-identifiers: + - SequenceStoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.FallbackLocation') as fallback_location, + JSON_EXTRACT(Properties, '$.SequenceStoreId') as sequence_store_id, + JSON_EXTRACT(Properties, '$.SseConfig') as sse_config, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Omics::SequenceStore' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'FallbackLocation') as fallback_location, + json_extract_path_text(Properties, 'SequenceStoreId') as sequence_store_id, + json_extract_path_text(Properties, 'SseConfig') as sse_config, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Omics::SequenceStore' + AND data__Identifier = '' + AND region = 'us-east-1' + variant_stores: + name: variant_stores + id: aws.omics.variant_stores + x-cfn-schema-name: VariantStore + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Omics::VariantStore' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Omics::VariantStore' + AND region = 'us-east-1' + variant_store: + name: variant_store + id: aws.omics.variant_store + x-cfn-schema-name: VariantStore + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Reference') as reference, + JSON_EXTRACT(Properties, '$.SseConfig') as sse_config, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusMessage') as status_message, + JSON_EXTRACT(Properties, '$.StoreArn') as store_arn, + JSON_EXTRACT(Properties, '$.StoreSizeBytes') as store_size_bytes, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UpdateTime') as update_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Omics::VariantStore' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Reference') as reference, + json_extract_path_text(Properties, 'SseConfig') as sse_config, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusMessage') as status_message, + json_extract_path_text(Properties, 'StoreArn') as store_arn, + json_extract_path_text(Properties, 'StoreSizeBytes') as store_size_bytes, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UpdateTime') as update_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Omics::VariantStore' + AND data__Identifier = '' + AND region = 'us-east-1' + workflows: + name: workflows + id: aws.omics.workflows + x-cfn-schema-name: Workflow + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Omics::Workflow' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Omics::Workflow' + AND region = 'us-east-1' + workflow: + name: workflow + id: aws.omics.workflow + x-cfn-schema-name: Workflow + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.DefinitionUri') as definition_uri, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Engine') as engine, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Main') as main, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ParameterTemplate') as parameter_template, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Accelerators') as accelerators, + JSON_EXTRACT(Properties, '$.StorageCapacity') as storage_capacity, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Omics::Workflow' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'DefinitionUri') as definition_uri, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Engine') as engine, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Main') as main, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ParameterTemplate') as parameter_template, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Accelerators') as accelerators, + json_extract_path_text(Properties, 'StorageCapacity') as storage_capacity, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Omics::Workflow' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/opensearchserverless.yaml b/providers/src/aws/v00.00.00000/services/opensearchserverless.yaml new file mode 100644 index 00000000..c28a0377 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/opensearchserverless.yaml @@ -0,0 +1,926 @@ +openapi: 3.0.0 +info: + title: OpenSearchServerless + version: 1.0.0 +paths: {} +components: + schemas: + AccessPolicyType: + type: string + description: The possible types for the access policy + enum: + - data + AccessPolicy: + type: object + properties: + Name: + type: string + maxLength: 32 + minLength: 3 + pattern: ^[a-z][a-z0-9-]{2,31}$ + description: The name of the policy + Type: + $ref: '#/components/schemas/AccessPolicyType' + Description: + type: string + maxLength: 1000 + minLength: 1 + description: The description of the policy + Policy: + type: string + minLength: 1 + maxLength: 20480 + pattern: '[\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]+' + description: The JSON policy document that is the content for the policy + required: + - Type + - Name + - Policy + x-stackql-resource-name: access_policy + description: Amazon OpenSearchServerless access policy resource + x-type-name: AWS::OpenSearchServerless::AccessPolicy + x-stackql-primary-identifier: + - Type + - Name + x-create-only-properties: + - Type + - Name + x-required-properties: + - Type + - Name + - Policy + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - aoss:CreateAccessPolicy + - aoss:GetAccessPolicy + read: + - aoss:GetAccessPolicy + update: + - aoss:UpdateAccessPolicy + - aoss:GetAccessPolicy + delete: + - aoss:DeleteAccessPolicy + - aoss:GetAccessPolicy + list: + - aoss:ListAccessPolicies + Tag: + type: object + description: A key-value pair metadata associated with resource + properties: + Key: + type: string + maxLength: 128 + minLength: 1 + description: The key in the key-value pair + Value: + type: string + maxLength: 256 + minLength: 0 + description: The value in the key-value pair + required: + - Key + - Value + additionalProperties: false + CollectionType: + type: string + description: The possible types for the collection + enum: + - SEARCH + - TIMESERIES + - VECTORSEARCH + StandbyReplicas: + type: string + description: The possible standby replicas for the collection + enum: + - ENABLED + - DISABLED + Collection: + type: object + properties: + Description: + type: string + maxLength: 1000 + description: The description of the collection + Id: + type: string + maxLength: 40 + minLength: 3 + description: The identifier of the collection + Name: + type: string + maxLength: 32 + minLength: 3 + pattern: ^[a-z][a-z0-9-]{2,31}$ + description: | + The name of the collection. + + The name must meet the following criteria: + Unique to your account and AWS Region + Starts with a lowercase letter + Contains only lowercase letters a-z, the numbers 0-9 and the hyphen (-) + Contains between 3 and 32 characters + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 50 + minItems: 0 + x-insertionOrder: false + description: List of tags to be added to the resource + Arn: + description: The Amazon Resource Name (ARN) of the collection. + type: string + CollectionEndpoint: + description: The endpoint for the collection. + type: string + DashboardEndpoint: + description: The OpenSearch Dashboards endpoint for the collection. + type: string + Type: + $ref: '#/components/schemas/CollectionType' + StandbyReplicas: + $ref: '#/components/schemas/StandbyReplicas' + required: + - Name + x-stackql-resource-name: collection + description: Amazon OpenSearchServerless collection resource + x-type-name: AWS::OpenSearchServerless::Collection + x-stackql-primary-identifier: + - Id + x-stackql-additional-identifiers: + - - Name + - - Arn + x-create-only-properties: + - Name + - Tags + - Type + x-write-only-properties: + - Tags + x-read-only-properties: + - Id + - Arn + - CollectionEndpoint + - DashboardEndpoint + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - aoss:CreateCollection + - aoss:BatchGetCollection + - iam:CreateServiceLinkedRole + delete: + - aoss:DeleteCollection + - aoss:BatchGetCollection + list: + - aoss:ListCollections + read: + - aoss:BatchGetCollection + update: + - aoss:UpdateCollection + - aoss:BatchGetCollection + LifecyclePolicyType: + type: string + description: The type of lifecycle policy + enum: + - retention + LifecyclePolicy: + type: object + properties: + Name: + type: string + maxLength: 32 + minLength: 3 + pattern: ^[a-z][a-z0-9-]+$ + description: The name of the policy + Type: + $ref: '#/components/schemas/LifecyclePolicyType' + Description: + type: string + maxLength: 1000 + minLength: 0 + description: The description of the policy + Policy: + type: string + minLength: 1 + maxLength: 20480 + pattern: '[\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]+' + description: The JSON policy document that is the content for the policy + required: + - Type + - Name + - Policy + x-stackql-resource-name: lifecycle_policy + description: Amazon OpenSearchServerless lifecycle policy resource + x-type-name: AWS::OpenSearchServerless::LifecyclePolicy + x-stackql-primary-identifier: + - Type + - Name + x-create-only-properties: + - Type + - Name + x-required-properties: + - Type + - Name + - Policy + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - aoss:CreateLifecyclePolicy + read: + - aoss:BatchGetLifecyclePolicy + update: + - aoss:UpdateLifecyclePolicy + - aoss:BatchGetLifecyclePolicy + delete: + - aoss:DeleteLifecyclePolicy + list: + - aoss:ListLifecyclePolicies + SamlConfigOptions: + type: object + description: Describes saml options in form of key value map + properties: + Metadata: + type: string + description: The XML saml provider metadata document that you want to use + maxLength: 51200 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]+' + UserAttribute: + type: string + description: Custom attribute for this saml integration + maxLength: 2048 + minLength: 1 + pattern: '[\w+=,.@-]+' + GroupAttribute: + type: string + description: Group attribute for this saml integration + maxLength: 2048 + minLength: 1 + pattern: '[\w+=,.@-]+' + SessionTimeout: + type: integer + description: Defines the session timeout in minutes + required: + - Metadata + additionalProperties: false + SecurityConfigType: + type: string + description: Config type for security config + enum: + - saml + SecurityConfig: + type: object + properties: + Description: + type: string + maxLength: 1000 + minLength: 1 + description: Security config description + Id: + type: string + maxLength: 100 + minLength: 1 + description: The identifier of the security config + Name: + type: string + maxLength: 32 + minLength: 3 + pattern: ^[a-z][a-z0-9-]{2,31}$ + description: The friendly name of the security config + SamlOptions: + $ref: '#/components/schemas/SamlConfigOptions' + Type: + $ref: '#/components/schemas/SecurityConfigType' + x-stackql-resource-name: security_config + description: Amazon OpenSearchServerless security config resource + x-type-name: AWS::OpenSearchServerless::SecurityConfig + x-stackql-primary-identifier: + - Id + x-stackql-additional-identifiers: + - - Name + x-create-only-properties: + - Type + - Name + x-write-only-properties: + - Name + x-read-only-properties: + - Id + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - aoss:CreateSecurityConfig + read: + - aoss:GetSecurityConfig + update: + - aoss:GetSecurityConfig + - aoss:UpdateSecurityConfig + delete: + - aoss:DeleteSecurityConfig + list: + - aoss:ListSecurityConfigs + SecurityPolicyType: + type: string + description: The possible types for the network policy + enum: + - encryption + - network + SecurityPolicy: + type: object + properties: + Description: + type: string + maxLength: 1000 + minLength: 1 + description: The description of the policy + Policy: + type: string + maxLength: 20480 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]+' + description: The JSON policy document that is the content for the policy + Name: + type: string + maxLength: 32 + minLength: 3 + pattern: ^[a-z][a-z0-9-]{2,31}$ + description: The name of the policy + Type: + $ref: '#/components/schemas/SecurityPolicyType' + required: + - Type + - Name + - Policy + x-stackql-resource-name: security_policy + description: Amazon OpenSearchServerless security policy resource + x-type-name: AWS::OpenSearchServerless::SecurityPolicy + x-stackql-primary-identifier: + - Type + - Name + x-create-only-properties: + - Type + - Name + x-required-properties: + - Type + - Name + - Policy + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - aoss:GetSecurityPolicy + - aoss:CreateSecurityPolicy + - kms:DescribeKey + - kms:CreateGrant + update: + - aoss:GetSecurityPolicy + - aoss:UpdateSecurityPolicy + - kms:DescribeKey + - kms:CreateGrant + delete: + - aoss:GetSecurityPolicy + - aoss:DeleteSecurityPolicy + list: + - aoss:ListSecurityPolicies + read: + - aoss:GetSecurityPolicy + - kms:DescribeKey + VpcEndpoint: + type: object + properties: + Id: + type: string + maxLength: 255 + minLength: 1 + pattern: ^vpce-[0-9a-z]*$ + description: The identifier of the VPC Endpoint + Name: + type: string + maxLength: 32 + minLength: 3 + pattern: ^[a-z][a-z0-9-]{2,31}$ + description: The name of the VPC Endpoint + SecurityGroupIds: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 128 + minLength: 1 + pattern: ^[\w+\-]+$ + maxItems: 5 + minItems: 1 + description: The ID of one or more security groups to associate with the endpoint network interface + SubnetIds: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 32 + minLength: 1 + pattern: ^subnet-([0-9a-f]{8}|[0-9a-f]{17})$ + maxItems: 6 + minItems: 1 + description: The ID of one or more subnets in which to create an endpoint network interface + VpcId: + type: string + maxLength: 255 + minLength: 1 + pattern: ^vpc-[0-9a-z]*$ + description: The ID of the VPC in which the endpoint will be used. + required: + - Name + - VpcId + - SubnetIds + x-stackql-resource-name: vpc_endpoint + description: Amazon OpenSearchServerless vpc endpoint resource + x-type-name: AWS::OpenSearchServerless::VpcEndpoint + x-stackql-primary-identifier: + - Id + x-stackql-additional-identifiers: + - - Name + x-create-only-properties: + - Name + - VpcId + x-read-only-properties: + - Id + x-required-properties: + - Name + - VpcId + - SubnetIds + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - aoss:BatchGetVpcEndpoint + - aoss:CreateVpcEndpoint + - ec2:CreateVpcEndpoint + - ec2:DeleteVpcEndPoints + - ec2:DescribeVpcEndpoints + - ec2:ModifyVpcEndPoint + - ec2:DescribeVpcs + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - ec2:CreateTags + - route53:ChangeResourceRecordSets + - route53:GetChange + - route53:GetHostedZone + - route53:ListResourceRecordSets + - route53:ListHostedZonesByName + - route53:CreateHostedZone + - route53:ListHostedZonesByVPC + - route53:AssociateVPCWithHostedZone + read: + - aoss:BatchGetVpcEndpoint + - ec2:DescribeVpcEndpoints + update: + - aoss:BatchGetVpcEndpoint + - aoss:UpdateVpcEndpoint + - ec2:CreateVpcEndpoint + - ec2:DeleteVpcEndPoints + - ec2:DescribeVpcEndpoints + - ec2:ModifyVpcEndPoint + - ec2:DescribeVpcs + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - ec2:CreateTags + - route53:ChangeResourceRecordSets + - route53:GetChange + - route53:GetHostedZone + - route53:ListResourceRecordSets + - route53:ListHostedZonesByName + - route53:CreateHostedZone + - route53:ListHostedZonesByVPC + - route53:AssociateVPCWithHostedZone + delete: + - aoss:BatchGetVpcEndpoint + - aoss:DeleteVpcEndpoint + - ec2:DeleteVpcEndPoints + - ec2:DescribeVpcEndpoints + - ec2:ModifyVpcEndPoint + - ec2:DescribeVpcs + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - ec2:CreateTags + - route53:ChangeResourceRecordSets + - route53:DeleteHostedZone + - route53:GetChange + - route53:GetHostedZone + - route53:ListResourceRecordSets + - route53:ListHostedZonesByName + - route53:ListHostedZonesByVPC + - route53:AssociateVPCWithHostedZone + list: + - aoss:ListVpcEndpoints + - ec2:DescribeVpcEndpoints + x-stackQL-resources: + access_policies: + name: access_policies + id: aws.opensearchserverless.access_policies + x-cfn-schema-name: AccessPolicy + x-type: list + x-identifiers: + - Type + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpenSearchServerless::AccessPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpenSearchServerless::AccessPolicy' + AND region = 'us-east-1' + access_policy: + name: access_policy + id: aws.opensearchserverless.access_policy + x-cfn-schema-name: AccessPolicy + x-type: get + x-identifiers: + - Type + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Policy') as policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchServerless::AccessPolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Policy') as policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchServerless::AccessPolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + collections: + name: collections + id: aws.opensearchserverless.collections + x-cfn-schema-name: Collection + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpenSearchServerless::Collection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpenSearchServerless::Collection' + AND region = 'us-east-1' + collection: + name: collection + id: aws.opensearchserverless.collection + x-cfn-schema-name: Collection + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CollectionEndpoint') as collection_endpoint, + JSON_EXTRACT(Properties, '$.DashboardEndpoint') as dashboard_endpoint, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.StandbyReplicas') as standby_replicas + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchServerless::Collection' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CollectionEndpoint') as collection_endpoint, + json_extract_path_text(Properties, 'DashboardEndpoint') as dashboard_endpoint, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'StandbyReplicas') as standby_replicas + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchServerless::Collection' + AND data__Identifier = '' + AND region = 'us-east-1' + lifecycle_policies: + name: lifecycle_policies + id: aws.opensearchserverless.lifecycle_policies + x-cfn-schema-name: LifecyclePolicy + x-type: list + x-identifiers: + - Type + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpenSearchServerless::LifecyclePolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpenSearchServerless::LifecyclePolicy' + AND region = 'us-east-1' + lifecycle_policy: + name: lifecycle_policy + id: aws.opensearchserverless.lifecycle_policy + x-cfn-schema-name: LifecyclePolicy + x-type: get + x-identifiers: + - Type + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Policy') as policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchServerless::LifecyclePolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Policy') as policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchServerless::LifecyclePolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + security_configs: + name: security_configs + id: aws.opensearchserverless.security_configs + x-cfn-schema-name: SecurityConfig + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpenSearchServerless::SecurityConfig' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpenSearchServerless::SecurityConfig' + AND region = 'us-east-1' + security_config: + name: security_config + id: aws.opensearchserverless.security_config + x-cfn-schema-name: SecurityConfig + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.SamlOptions') as saml_options, + JSON_EXTRACT(Properties, '$.Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchServerless::SecurityConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'SamlOptions') as saml_options, + json_extract_path_text(Properties, 'Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchServerless::SecurityConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + security_policies: + name: security_policies + id: aws.opensearchserverless.security_policies + x-cfn-schema-name: SecurityPolicy + x-type: list + x-identifiers: + - Type + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpenSearchServerless::SecurityPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpenSearchServerless::SecurityPolicy' + AND region = 'us-east-1' + security_policy: + name: security_policy + id: aws.opensearchserverless.security_policy + x-cfn-schema-name: SecurityPolicy + x-type: get + x-identifiers: + - Type + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Policy') as policy, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchServerless::SecurityPolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Policy') as policy, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchServerless::SecurityPolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + vpc_endpoints: + name: vpc_endpoints + id: aws.opensearchserverless.vpc_endpoints + x-cfn-schema-name: VpcEndpoint + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpenSearchServerless::VpcEndpoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpenSearchServerless::VpcEndpoint' + AND region = 'us-east-1' + vpc_endpoint: + name: vpc_endpoint + id: aws.opensearchserverless.vpc_endpoint + x-cfn-schema-name: VpcEndpoint + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchServerless::VpcEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchServerless::VpcEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/opensearchservice.yaml b/providers/src/aws/v00.00.00000/services/opensearchservice.yaml new file mode 100644 index 00000000..8da8bbbf --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/opensearchservice.yaml @@ -0,0 +1,448 @@ +openapi: 3.0.0 +info: + title: OpenSearchService + version: 1.0.0 +paths: {} +components: + schemas: + ZoneAwarenessConfig: + type: object + additionalProperties: false + properties: + AvailabilityZoneCount: + type: integer + ClusterConfig: + type: object + additionalProperties: false + properties: + InstanceCount: + type: integer + WarmEnabled: + type: boolean + WarmCount: + type: integer + DedicatedMasterEnabled: + type: boolean + ZoneAwarenessConfig: + $ref: '#/components/schemas/ZoneAwarenessConfig' + DedicatedMasterCount: + type: integer + InstanceType: + type: string + WarmType: + type: string + ZoneAwarenessEnabled: + type: boolean + DedicatedMasterType: + type: string + MultiAZWithStandbyEnabled: + type: boolean + ColdStorageOptions: + $ref: '#/components/schemas/ColdStorageOptions' + LogPublishingOption: + type: object + additionalProperties: false + properties: + CloudWatchLogsLogGroupArn: + type: string + Enabled: + type: boolean + SnapshotOptions: + type: object + additionalProperties: false + properties: + AutomatedSnapshotStartHour: + type: integer + VPCOptions: + type: object + additionalProperties: false + properties: + SecurityGroupIds: + type: array + uniqueItems: true + items: + type: string + SubnetIds: + type: array + uniqueItems: true + items: + type: string + NodeToNodeEncryptionOptions: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + DomainEndpointOptions: + type: object + additionalProperties: false + properties: + CustomEndpointCertificateArn: + type: string + CustomEndpointEnabled: + type: boolean + EnforceHTTPS: + type: boolean + CustomEndpoint: + type: string + TLSSecurityPolicy: + type: string + CognitoOptions: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + IdentityPoolId: + type: string + UserPoolId: + type: string + RoleArn: + type: string + MasterUserOptions: + type: object + additionalProperties: false + properties: + MasterUserPassword: + type: string + MasterUserName: + type: string + MasterUserARN: + type: string + Idp: + type: object + additionalProperties: false + properties: + MetadataContent: + type: string + maxLength: 1048576 + minLength: 1 + EntityId: + type: string + required: + - MetadataContent + - EntityId + SAMLOptions: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + Idp: + $ref: '#/components/schemas/Idp' + MasterUserName: + type: string + MasterBackendRole: + type: string + SubjectKey: + type: string + RolesKey: + type: string + SessionTimeoutMinutes: + type: integer + AdvancedSecurityOptionsInput: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + MasterUserOptions: + $ref: '#/components/schemas/MasterUserOptions' + InternalUserDatabaseEnabled: + type: boolean + AnonymousAuthEnabled: + type: boolean + SAMLOptions: + $ref: '#/components/schemas/SAMLOptions' + AnonymousAuthDisableDate: + type: string + EBSOptions: + type: object + additionalProperties: false + properties: + EBSEnabled: + type: boolean + VolumeType: + type: string + Iops: + type: integer + VolumeSize: + type: integer + Throughput: + type: integer + EncryptionAtRestOptions: + type: object + additionalProperties: false + properties: + KmsKeyId: + type: string + Enabled: + type: boolean + Tag: + type: object + additionalProperties: false + properties: + Value: + description: The key of the tag. + type: string + minLength: 0 + maxLength: 256 + Key: + description: The value of the tag. + type: string + minLength: 0 + maxLength: 128 + required: + - Value + - Key + ServiceSoftwareOptions: + type: object + additionalProperties: false + properties: + CurrentVersion: + type: string + NewVersion: + type: string + UpdateAvailable: + type: boolean + Cancellable: + type: boolean + UpdateStatus: + type: string + Description: + type: string + AutomatedUpdateDate: + type: string + OptionalDeployment: + type: boolean + WindowStartTime: + type: object + additionalProperties: false + properties: + Hours: + type: integer + minimum: 0 + maximum: 23 + Minutes: + type: integer + minimum: 0 + maximum: 59 + required: + - Hours + - Minutes + OffPeakWindow: + type: object + additionalProperties: false + properties: + WindowStartTime: + $ref: '#/components/schemas/WindowStartTime' + OffPeakWindowOptions: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + OffPeakWindow: + $ref: '#/components/schemas/OffPeakWindow' + SoftwareUpdateOptions: + type: object + additionalProperties: false + properties: + AutoSoftwareUpdateEnabled: + type: boolean + ColdStorageOptions: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + Domain: + type: object + properties: + ClusterConfig: + $ref: '#/components/schemas/ClusterConfig' + DomainName: + type: string + AccessPolicies: + type: object + IPAddressType: + type: string + EngineVersion: + type: string + AdvancedOptions: + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + LogPublishingOptions: + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + $ref: '#/components/schemas/LogPublishingOption' + SnapshotOptions: + $ref: '#/components/schemas/SnapshotOptions' + VPCOptions: + $ref: '#/components/schemas/VPCOptions' + NodeToNodeEncryptionOptions: + $ref: '#/components/schemas/NodeToNodeEncryptionOptions' + DomainEndpointOptions: + $ref: '#/components/schemas/DomainEndpointOptions' + CognitoOptions: + $ref: '#/components/schemas/CognitoOptions' + AdvancedSecurityOptions: + $ref: '#/components/schemas/AdvancedSecurityOptionsInput' + DomainEndpoint: + type: string + DomainEndpointV2: + type: string + DomainEndpoints: + type: object + additionalProperties: false + x-patternProperties: + ^.*$: + type: string + EBSOptions: + $ref: '#/components/schemas/EBSOptions' + Id: + type: string + Arn: + type: string + DomainArn: + type: string + EncryptionAtRestOptions: + $ref: '#/components/schemas/EncryptionAtRestOptions' + Tags: + description: An arbitrary set of tags (key-value pairs) for this Domain. + items: + $ref: '#/components/schemas/Tag' + type: array + uniqueItems: true + ServiceSoftwareOptions: + $ref: '#/components/schemas/ServiceSoftwareOptions' + OffPeakWindowOptions: + $ref: '#/components/schemas/OffPeakWindowOptions' + SoftwareUpdateOptions: + $ref: '#/components/schemas/SoftwareUpdateOptions' + x-stackql-resource-name: domain + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::OpenSearchService::Domain + x-stackql-primary-identifier: + - DomainName + x-create-only-properties: + - DomainName + x-conditional-create-only-properties: + - EncryptionAtRestOptions/properties + - AdvancedSecurityOptions/properties/Enabled + x-write-only-properties: + - AdvancedSecurityOptions/MasterUserOptions + - AdvancedSecurityOptions/SAMLOptions/MasterUserName + - AdvancedSecurityOptions/SAMLOptions/MasterBackendRole + x-read-only-properties: + - Id + - Arn + - DomainArn + - DomainEndpoint + - DomainEndpointV2 + - DomainEndpoints + - ServiceSoftwareOptions + - AdvancedSecurityOptions/AnonymousAuthDisableDate + x-required-permissions: + create: + - es:CreateDomain + - es:DescribeDomain + - es:AddTags + - es:ListTags + read: + - es:DescribeDomain + - es:ListTags + update: + - es:UpdateDomain + - es:UpgradeDomain + - es:DescribeDomain + - es:AddTags + - es:RemoveTags + - es:ListTags + - es:DescribeDomainChangeProgress + delete: + - es:DeleteDomain + - es:DescribeDomain + x-stackQL-resources: + domain: + name: domain + id: aws.opensearchservice.domain + x-cfn-schema-name: Domain + x-type: get + x-identifiers: + - DomainName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ClusterConfig') as cluster_config, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.AccessPolicies') as access_policies, + JSON_EXTRACT(Properties, '$.IPAddressType') as ip_address_type, + JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(Properties, '$.AdvancedOptions') as advanced_options, + JSON_EXTRACT(Properties, '$.LogPublishingOptions') as log_publishing_options, + JSON_EXTRACT(Properties, '$.SnapshotOptions') as snapshot_options, + JSON_EXTRACT(Properties, '$.VPCOptions') as vpc_options, + JSON_EXTRACT(Properties, '$.NodeToNodeEncryptionOptions') as node_to_node_encryption_options, + JSON_EXTRACT(Properties, '$.DomainEndpointOptions') as domain_endpoint_options, + JSON_EXTRACT(Properties, '$.CognitoOptions') as cognito_options, + JSON_EXTRACT(Properties, '$.AdvancedSecurityOptions') as advanced_security_options, + JSON_EXTRACT(Properties, '$.DomainEndpoint') as domain_endpoint, + JSON_EXTRACT(Properties, '$.DomainEndpointV2') as domain_endpoint_v2, + JSON_EXTRACT(Properties, '$.DomainEndpoints') as domain_endpoints, + JSON_EXTRACT(Properties, '$.EBSOptions') as ebs_options, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DomainArn') as domain_arn, + JSON_EXTRACT(Properties, '$.EncryptionAtRestOptions') as encryption_at_rest_options, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ServiceSoftwareOptions') as service_software_options, + JSON_EXTRACT(Properties, '$.OffPeakWindowOptions') as off_peak_window_options, + JSON_EXTRACT(Properties, '$.SoftwareUpdateOptions') as software_update_options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchService::Domain' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ClusterConfig') as cluster_config, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'AccessPolicies') as access_policies, + json_extract_path_text(Properties, 'IPAddressType') as ip_address_type, + json_extract_path_text(Properties, 'EngineVersion') as engine_version, + json_extract_path_text(Properties, 'AdvancedOptions') as advanced_options, + json_extract_path_text(Properties, 'LogPublishingOptions') as log_publishing_options, + json_extract_path_text(Properties, 'SnapshotOptions') as snapshot_options, + json_extract_path_text(Properties, 'VPCOptions') as vpc_options, + json_extract_path_text(Properties, 'NodeToNodeEncryptionOptions') as node_to_node_encryption_options, + json_extract_path_text(Properties, 'DomainEndpointOptions') as domain_endpoint_options, + json_extract_path_text(Properties, 'CognitoOptions') as cognito_options, + json_extract_path_text(Properties, 'AdvancedSecurityOptions') as advanced_security_options, + json_extract_path_text(Properties, 'DomainEndpoint') as domain_endpoint, + json_extract_path_text(Properties, 'DomainEndpointV2') as domain_endpoint_v2, + json_extract_path_text(Properties, 'DomainEndpoints') as domain_endpoints, + json_extract_path_text(Properties, 'EBSOptions') as ebs_options, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DomainArn') as domain_arn, + json_extract_path_text(Properties, 'EncryptionAtRestOptions') as encryption_at_rest_options, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ServiceSoftwareOptions') as service_software_options, + json_extract_path_text(Properties, 'OffPeakWindowOptions') as off_peak_window_options, + json_extract_path_text(Properties, 'SoftwareUpdateOptions') as software_update_options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchService::Domain' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/opsworkscm.yaml b/providers/src/aws/v00.00.00000/services/opsworkscm.yaml new file mode 100644 index 00000000..1ceb0951 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/opsworkscm.yaml @@ -0,0 +1,286 @@ +openapi: 3.0.0 +info: + title: OpsWorksCM + version: 1.0.0 +paths: {} +components: + schemas: + EngineAttribute: + type: object + additionalProperties: false + properties: + Value: + type: string + pattern: (?s).* + maxLength: 10000 + Name: + type: string + pattern: (?s).* + maxLength: 10000 + Tag: + type: object + additionalProperties: false + properties: + Value: + type: string + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ + minLength: 0 + maxLength: 256 + Key: + type: string + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ + minLength: 1 + maxLength: 128 + required: + - Value + - Key + Server: + type: object + properties: + KeyPair: + type: string + pattern: .* + maxLength: 10000 + EngineVersion: + type: string + maxLength: 10000 + ServiceRoleArn: + type: string + pattern: arn:aws:iam::[0-9]{12}:role/.* + maxLength: 10000 + DisableAutomatedBackup: + type: boolean + BackupId: + type: string + pattern: '[a-zA-Z][a-zA-Z0-9\-\.\:]*' + maxLength: 79 + EngineModel: + type: string + maxLength: 10000 + PreferredMaintenanceWindow: + type: string + pattern: ^((Mon|Tue|Wed|Thu|Fri|Sat|Sun):)?([0-1][0-9]|2[0-3]):[0-5][0-9]$ + maxLength: 10000 + AssociatePublicIpAddress: + type: boolean + InstanceProfileArn: + type: string + pattern: arn:aws:iam::[0-9]{12}:instance-profile/.* + maxLength: 10000 + CustomCertificate: + type: string + pattern: (?s)\s*-----BEGIN CERTIFICATE-----.+-----END CERTIFICATE-----\s* + maxLength: 2097152 + PreferredBackupWindow: + type: string + pattern: ^((Mon|Tue|Wed|Thu|Fri|Sat|Sun):)?([0-1][0-9]|2[0-3]):[0-5][0-9]$ + maxLength: 10000 + SecurityGroupIds: + type: array + uniqueItems: false + items: + type: string + maxLength: 10000 + SubnetIds: + type: array + uniqueItems: false + items: + type: string + maxLength: 10000 + CustomDomain: + type: string + pattern: ^(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$ + maxLength: 253 + Endpoint: + type: string + maxLength: 10000 + CustomPrivateKey: + type: string + pattern: (?ms)\s*^-----BEGIN (?-s:.*)PRIVATE KEY-----$.*?^-----END (?-s:.*)PRIVATE KEY-----$\s* + maxLength: 4096 + ServerName: + type: string + minLength: 1 + maxLength: 40 + pattern: '[a-zA-Z][a-zA-Z0-9\-]*' + EngineAttributes: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/EngineAttribute' + BackupRetentionCount: + type: integer + minLength: 1 + Arn: + type: string + maxLength: 10000 + InstanceType: + type: string + maxLength: 10000 + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + Engine: + type: string + maxLength: 10000 + required: + - ServiceRoleArn + - InstanceProfileArn + - InstanceType + x-stackql-resource-name: server + description: Resource Type definition for AWS::OpsWorksCM::Server + x-type-name: AWS::OpsWorksCM::Server + x-stackql-primary-identifier: + - ServerName + x-create-only-properties: + - KeyPair + - CustomPrivateKey + - ServiceRoleArn + - InstanceType + - CustomCertificate + - CustomDomain + - InstanceProfileArn + - SecurityGroupIds + - ServerName + - SubnetIds + - BackupId + - EngineModel + - AssociatePublicIpAddress + - EngineVersion + - Engine + x-write-only-properties: + - BackupId + - CustomCertificate + - CustomDomain + - CustomPrivateKey + - EngineAttributes + - EngineVersion + - KeyPair + - Tags + x-read-only-properties: + - ServerName + - Endpoint + - Arn + x-required-properties: + - ServiceRoleArn + - InstanceProfileArn + - InstanceType + x-required-permissions: + create: + - opsworks-cm:CreateServer + - opsworks-cm:DescribeServers + - iam:PassRole + delete: + - opsworks-cm:DeleteServer + - opsworks-cm:DescribeServers + update: + - opsworks-cm:UpdateServer + - opsworks-cm:TagResource + - opsworks-cm:UntagResource + - opsworks-cm:DescribeServers + list: + - opsworks-cm:DescribeServers + - opsworks-cm:ListTagsForResource + read: + - opsworks-cm:DescribeServers + x-stackQL-resources: + servers: + name: servers + id: aws.opsworkscm.servers + x-cfn-schema-name: Server + x-type: list + x-identifiers: + - ServerName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ServerName') as server_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpsWorksCM::Server' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ServerName') as server_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpsWorksCM::Server' + AND region = 'us-east-1' + server: + name: server + id: aws.opsworkscm.server + x-cfn-schema-name: Server + x-type: get + x-identifiers: + - ServerName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.KeyPair') as key_pair, + JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(Properties, '$.ServiceRoleArn') as service_role_arn, + JSON_EXTRACT(Properties, '$.DisableAutomatedBackup') as disable_automated_backup, + JSON_EXTRACT(Properties, '$.BackupId') as backup_id, + JSON_EXTRACT(Properties, '$.EngineModel') as engine_model, + JSON_EXTRACT(Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, + JSON_EXTRACT(Properties, '$.AssociatePublicIpAddress') as associate_public_ip_address, + JSON_EXTRACT(Properties, '$.InstanceProfileArn') as instance_profile_arn, + JSON_EXTRACT(Properties, '$.CustomCertificate') as custom_certificate, + JSON_EXTRACT(Properties, '$.PreferredBackupWindow') as preferred_backup_window, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.CustomDomain') as custom_domain, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.CustomPrivateKey') as custom_private_key, + JSON_EXTRACT(Properties, '$.ServerName') as server_name, + JSON_EXTRACT(Properties, '$.EngineAttributes') as engine_attributes, + JSON_EXTRACT(Properties, '$.BackupRetentionCount') as backup_retention_count, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.InstanceType') as instance_type, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Engine') as engine + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpsWorksCM::Server' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'KeyPair') as key_pair, + json_extract_path_text(Properties, 'EngineVersion') as engine_version, + json_extract_path_text(Properties, 'ServiceRoleArn') as service_role_arn, + json_extract_path_text(Properties, 'DisableAutomatedBackup') as disable_automated_backup, + json_extract_path_text(Properties, 'BackupId') as backup_id, + json_extract_path_text(Properties, 'EngineModel') as engine_model, + json_extract_path_text(Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, + json_extract_path_text(Properties, 'AssociatePublicIpAddress') as associate_public_ip_address, + json_extract_path_text(Properties, 'InstanceProfileArn') as instance_profile_arn, + json_extract_path_text(Properties, 'CustomCertificate') as custom_certificate, + json_extract_path_text(Properties, 'PreferredBackupWindow') as preferred_backup_window, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'CustomDomain') as custom_domain, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'CustomPrivateKey') as custom_private_key, + json_extract_path_text(Properties, 'ServerName') as server_name, + json_extract_path_text(Properties, 'EngineAttributes') as engine_attributes, + json_extract_path_text(Properties, 'BackupRetentionCount') as backup_retention_count, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'InstanceType') as instance_type, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Engine') as engine + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpsWorksCM::Server' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/organizations.yaml b/providers/src/aws/v00.00.00000/services/organizations.yaml new file mode 100644 index 00000000..34c63b0a --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/organizations.yaml @@ -0,0 +1,778 @@ +openapi: 3.0.0 +info: + title: Organizations + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A custom key-value pair associated with a resource within your organization. + type: object + properties: + Key: + type: string + description: The key identifier, or name, of the tag. + minLength: 1 + maxLength: 128 + Value: + type: string + description: The string value that's associated with the key of the tag. You can set the value of a tag to an empty string, but you can't set the value of a tag to null. + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Account: + type: object + properties: + AccountName: + description: The friendly name of the member account. + type: string + pattern: '[\u0020-\u007E]+' + minLength: 1 + maxLength: 50 + Email: + description: The email address of the owner to assign to the new member account. + type: string + pattern: '[^\s@]+@[^\s@]+\.[^\s@]+' + minLength: 6 + maxLength: 64 + RoleName: + description: The name of an IAM role that AWS Organizations automatically preconfigures in the new member account. Default name is OrganizationAccountAccessRole if not specified. + type: string + default: OrganizationAccountAccessRole + pattern: '[\w+=,.@-]{1,64}' + minLength: 1 + maxLength: 64 + ParentIds: + description: List of parent nodes for the member account. Currently only one parent at a time is supported. Default is root. + type: array + x-insertionOrder: false + uniqueItems: true + items: + type: string + pattern: ^(r-[0-9a-z]{4,32})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$ + Tags: + description: A list of tags that you want to attach to the newly created account. For each tag in the list, you must specify both a tag key and a value. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + AccountId: + description: If the account was created successfully, the unique identifier (ID) of the new account. + type: string + pattern: ^\d{12}$ + maxLength: 12 + Arn: + description: The Amazon Resource Name (ARN) of the account. + type: string + pattern: ^arn:aws.*:organizations::\d{12}:account\/o-[a-z0-9]{10,32}\/\d{12} + JoinedMethod: + description: The method by which the account joined the organization. + type: string + enum: + - INVITED + - CREATED + JoinedTimestamp: + description: The date the account became a part of the organization. + type: string + Status: + description: The status of the account in the organization. + type: string + enum: + - ACTIVE + - SUSPENDED + - PENDING_CLOSURE + required: + - AccountName + - Email + x-stackql-resource-name: account + description: You can use AWS::Organizations::Account to manage accounts in organization. + x-type-name: AWS::Organizations::Account + x-stackql-primary-identifier: + - AccountId + x-write-only-properties: + - RoleName + x-read-only-properties: + - AccountId + - Status + - JoinedTimestamp + - JoinedMethod + - Arn + x-required-properties: + - AccountName + - Email + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - organizations:CreateAccount + - organizations:DescribeCreateAccountStatus + - organizations:MoveAccount + - organizations:ListParents + - organizations:TagResource + - organizations:DescribeAccount + - organizations:ListTagsForResource + read: + - organizations:DescribeAccount + - organizations:ListParents + - organizations:ListTagsForResource + update: + - organizations:MoveAccount + - organizations:TagResource + - organizations:UntagResource + - organizations:ListRoots + - organizations:DescribeAccount + - organizations:ListParents + - organizations:ListTagsForResource + delete: + - organizations:CloseAccount + list: + - organizations:ListAccounts + Organization: + type: object + properties: + Id: + description: The unique identifier (ID) of an organization. + type: string + pattern: ^o-[a-z0-9]{10,32}$ + Arn: + description: The Amazon Resource Name (ARN) of an organization. + type: string + pattern: ^arn:aws.*:organizations::\d{12}:organization\/o-[a-z0-9]{10,32} + FeatureSet: + description: Specifies the feature set supported by the new organization. Each feature set supports different levels of functionality. + type: string + enum: + - ALL + - CONSOLIDATED_BILLING + default: ALL + ManagementAccountArn: + description: The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization. + type: string + pattern: ^arn:aws.*:organizations::\d{12}:account\/o-[a-z0-9]{10,32}\/\d{12} + ManagementAccountId: + description: The unique identifier (ID) of the management account of an organization. + type: string + pattern: ^\d{12}$ + ManagementAccountEmail: + description: The email address that is associated with the AWS account that is designated as the management account for the organization. + type: string + pattern: '[^\s@]+@[^\s@]+\.[^\s@]+' + minLength: 6 + maxLength: 64 + RootId: + description: The unique identifier (ID) for the root. + type: string + pattern: ^r-[0-9a-z]{4,32}$ + maxLength: 64 + x-stackql-resource-name: organization + description: Resource schema for AWS::Organizations::Organization + x-type-name: AWS::Organizations::Organization + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - Arn + - ManagementAccountArn + - ManagementAccountId + - ManagementAccountEmail + - RootId + x-tagging: + taggable: false + x-required-permissions: + create: + - organizations:CreateOrganization + - organizations:DescribeOrganization + - iam:CreateServiceLinkedRole + - organizations:ListRoots + read: + - organizations:DescribeOrganization + - organizations:ListRoots + delete: + - organizations:DeleteOrganization + - organizations:DescribeOrganization + list: + - organizations:DescribeOrganization + update: [] + OrganizationalUnit: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of this OU. + type: string + pattern: ^arn:aws.*:organizations::\d{12}:ou/o-[a-z0-9]{10,32}/ou-[0-9a-z]{4,32}-[0-9a-z]{8,32} + Id: + description: The unique identifier (ID) associated with this OU. + type: string + pattern: ^ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}$ + maxLength: 68 + Name: + description: The friendly name of this OU. + type: string + pattern: '[\s\S]*' + minLength: 1 + maxLength: 128 + ParentId: + description: The unique identifier (ID) of the parent root or OU that you want to create the new OU in. + type: string + pattern: ^(r-[0-9a-z]{4,32})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$ + maxLength: 100 + Tags: + description: A list of tags that you want to attach to the newly created OU. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - ParentId + x-stackql-resource-name: organizational_unit + description: >- + You can use organizational units (OUs) to group accounts together to administer as a single unit. This greatly simplifies the management of your accounts. For example, you can attach a policy-based control to an OU, and all accounts within the OU automatically inherit the policy. You can create multiple OUs within a single organization, and you can create OUs within other OUs. Each OU can contain multiple accounts, and you can move accounts from one OU to another. However, OU names must + be unique within a parent OU or root. + x-type-name: AWS::Organizations::OrganizationalUnit + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - ParentId + x-read-only-properties: + - Arn + - Id + x-required-properties: + - Name + - ParentId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - organizations:CreateOrganizationalUnit + - organizations:DescribeOrganizationalUnit + - organizations:ListParents + - organizations:ListTagsForResource + - organizations:TagResource + read: + - organizations:DescribeOrganizationalUnit + - organizations:ListParents + - organizations:ListTagsForResource + update: + - organizations:DescribeOrganizationalUnit + - organizations:ListParents + - organizations:ListTagsForResource + - organizations:TagResource + - organizations:UntagResource + - organizations:UpdateOrganizationalUnit + delete: + - organizations:DeleteOrganizationalUnit + list: + - organizations:ListOrganizationalUnitsForParent + Policy: + type: object + properties: + Name: + description: Name of the Policy + type: string + pattern: '[\s\S]*' + minLength: 1 + maxLength: 128 + Type: + description: 'The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY' + type: string + enum: + - SERVICE_CONTROL_POLICY + - AISERVICES_OPT_OUT_POLICY + - BACKUP_POLICY + - TAG_POLICY + Content: + description: The Policy text content. For AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it. + type: object + pattern: '[\s\S]*' + minLength: 1 + maxLength: 1000000 + Description: + description: Human readable description of the policy + pattern: '[\s\S]*' + type: string + maxLength: 512 + TargetIds: + description: List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to + type: array + x-insertionOrder: false + uniqueItems: true + items: + type: string + pattern: ^(r-[0-9a-z]{4,32})|(\d{12})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$ + Tags: + description: A list of tags that you want to attach to the newly created policy. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Id: + description: Id of the Policy + type: string + pattern: ^p-[0-9a-zA-Z_]{8,128}$ + maxLength: 130 + Arn: + description: ARN of the Policy + type: string + pattern: ^arn:aws.*:organizations::[0-9]{12}:policy/o-[a-z0-9]{10}/(service_control|tag|backup|aiservices_opt_out)_policy/p-[a-z0-9]{8} + AwsManaged: + description: A boolean value that indicates whether the specified policy is an AWS managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it. + type: boolean + required: + - Name + - Type + - Content + x-stackql-resource-name: policy + description: Policies in AWS Organizations enable you to manage different features of the AWS accounts in your organization. You can use policies when all features are enabled in your organization. + x-type-name: AWS::Organizations::Policy + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Type + x-read-only-properties: + - Id + - Arn + - AwsManaged + x-required-properties: + - Name + - Type + - Content + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - organizations:CreatePolicy + - organizations:DescribePolicy + - organizations:AttachPolicy + - organizations:ListTagsForResource + - organizations:ListTargetsForPolicy + - organizations:TagResource + read: + - organizations:DescribePolicy + - organizations:ListTargetsForPolicy + - organizations:ListTagsForResource + update: + - organizations:AttachPolicy + - organizations:DetachPolicy + - organizations:UpdatePolicy + - organizations:ListTagsForResource + - organizations:ListTargetsForPolicy + - organizations:TagResource + - organizations:UntagResource + - organizations:DescribePolicy + delete: + - organizations:DetachPolicy + - organizations:DeletePolicy + list: + - organizations:ListPolicies + ResourcePolicy: + type: object + properties: + Id: + description: The unique identifier (ID) associated with this resource policy. + type: string + pattern: ^rp-[0-9a-zA-Z_]{4,128}$ + maxLength: 131 + Arn: + description: The Amazon Resource Name (ARN) of the resource policy. + type: string + pattern: ^arn:aws.*:organizations::\d{12}:resourcepolicy\/o-[a-z0-9]{10,32}\/rp-[0-9a-zA-Z_]{4,128} + Content: + description: The policy document. For AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it. + type: object + pattern: '[\s\S]*' + minLength: 1 + maxLength: 40000 + Tags: + description: A list of tags that you want to attach to the resource policy + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Content + x-stackql-resource-name: resource_policy + description: You can use AWS::Organizations::ResourcePolicy to delegate policy management for AWS Organizations to specified member accounts to perform policy actions that are by default available only to the management account. + x-type-name: AWS::Organizations::ResourcePolicy + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - Arn + x-required-properties: + - Content + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - organizations:PutResourcePolicy + - organizations:DescribeResourcePolicy + - organizations:ListTagsForResource + - organizations:TagResource + read: + - organizations:DescribeResourcePolicy + - organizations:ListTagsForResource + update: + - organizations:DescribeResourcePolicy + - organizations:PutResourcePolicy + - organizations:ListTagsForResource + - organizations:TagResource + - organizations:UntagResource + delete: + - organizations:DeleteResourcePolicy + list: + - organizations:DescribeResourcePolicy + x-stackQL-resources: + accounts: + name: accounts + id: aws.organizations.accounts + x-cfn-schema-name: Account + x-type: list + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Organizations::Account' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Organizations::Account' + AND region = 'us-east-1' + account: + name: account + id: aws.organizations.account + x-cfn-schema-name: Account + x-type: get + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccountName') as account_name, + JSON_EXTRACT(Properties, '$.Email') as email, + JSON_EXTRACT(Properties, '$.RoleName') as role_name, + JSON_EXTRACT(Properties, '$.ParentIds') as parent_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AccountId') as account_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.JoinedMethod') as joined_method, + JSON_EXTRACT(Properties, '$.JoinedTimestamp') as joined_timestamp, + JSON_EXTRACT(Properties, '$.Status') as status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Organizations::Account' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccountName') as account_name, + json_extract_path_text(Properties, 'Email') as email, + json_extract_path_text(Properties, 'RoleName') as role_name, + json_extract_path_text(Properties, 'ParentIds') as parent_ids, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AccountId') as account_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'JoinedMethod') as joined_method, + json_extract_path_text(Properties, 'JoinedTimestamp') as joined_timestamp, + json_extract_path_text(Properties, 'Status') as status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Organizations::Account' + AND data__Identifier = '' + AND region = 'us-east-1' + organizations: + name: organizations + id: aws.organizations.organizations + x-cfn-schema-name: Organization + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Organizations::Organization' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Organizations::Organization' + AND region = 'us-east-1' + organization: + name: organization + id: aws.organizations.organization + x-cfn-schema-name: Organization + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.FeatureSet') as feature_set, + JSON_EXTRACT(Properties, '$.ManagementAccountArn') as management_account_arn, + JSON_EXTRACT(Properties, '$.ManagementAccountId') as management_account_id, + JSON_EXTRACT(Properties, '$.ManagementAccountEmail') as management_account_email, + JSON_EXTRACT(Properties, '$.RootId') as root_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Organizations::Organization' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'FeatureSet') as feature_set, + json_extract_path_text(Properties, 'ManagementAccountArn') as management_account_arn, + json_extract_path_text(Properties, 'ManagementAccountId') as management_account_id, + json_extract_path_text(Properties, 'ManagementAccountEmail') as management_account_email, + json_extract_path_text(Properties, 'RootId') as root_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Organizations::Organization' + AND data__Identifier = '' + AND region = 'us-east-1' + organizational_units: + name: organizational_units + id: aws.organizations.organizational_units + x-cfn-schema-name: OrganizationalUnit + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Organizations::OrganizationalUnit' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Organizations::OrganizationalUnit' + AND region = 'us-east-1' + organizational_unit: + name: organizational_unit + id: aws.organizations.organizational_unit + x-cfn-schema-name: OrganizationalUnit + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ParentId') as parent_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Organizations::OrganizationalUnit' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ParentId') as parent_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Organizations::OrganizationalUnit' + AND data__Identifier = '' + AND region = 'us-east-1' + policies: + name: policies + id: aws.organizations.policies + x-cfn-schema-name: Policy + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Organizations::Policy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Organizations::Policy' + AND region = 'us-east-1' + policy: + name: policy + id: aws.organizations.policy + x-cfn-schema-name: Policy + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Content') as content, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.TargetIds') as target_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AwsManaged') as aws_managed + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Organizations::Policy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Content') as content, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'TargetIds') as target_ids, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AwsManaged') as aws_managed + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Organizations::Policy' + AND data__Identifier = '' + AND region = 'us-east-1' + resource_policies: + name: resource_policies + id: aws.organizations.resource_policies + x-cfn-schema-name: ResourcePolicy + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Organizations::ResourcePolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Organizations::ResourcePolicy' + AND region = 'us-east-1' + resource_policy: + name: resource_policy + id: aws.organizations.resource_policy + x-cfn-schema-name: ResourcePolicy + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Content') as content, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Organizations::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Content') as content, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Organizations::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/osis.yaml b/providers/src/aws/v00.00.00000/services/osis.yaml new file mode 100644 index 00000000..4ea9a8cf --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/osis.yaml @@ -0,0 +1,298 @@ +openapi: 3.0.0 +info: + title: OSIS + version: 1.0.0 +paths: {} +components: + schemas: + BufferOptions: + description: Key-value pairs to configure buffering. + type: object + properties: + PersistentBufferEnabled: + type: boolean + description: Whether persistent buffering should be enabled. + required: + - PersistentBufferEnabled + additionalProperties: false + EncryptionAtRestOptions: + description: Key-value pairs to configure encryption at rest. + type: object + properties: + KmsKeyArn: + type: string + description: The KMS key to use for encrypting data. By default an AWS owned key is used + required: + - KmsKeyArn + additionalProperties: false + LogPublishingOptions: + description: Key-value pairs to configure log publishing. + type: object + properties: + IsLoggingEnabled: + type: boolean + description: Whether logs should be published. + CloudWatchLogDestination: + type: object + description: The destination for OpenSearch Ingestion Service logs sent to Amazon CloudWatch. + properties: + LogGroup: + type: string + minLength: 1 + maxLength: 512 + pattern: \/aws\/vendedlogs\/[\.\-_/#A-Za-z0-9]+ + required: + - LogGroup + additionalProperties: false + additionalProperties: false + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + VpcOptions: + description: Container for the values required to configure VPC access for the pipeline. If you don't specify these values, OpenSearch Ingestion Service creates the pipeline with a public endpoint. + type: object + properties: + SecurityGroupIds: + type: array + x-insertionOrder: false + description: A list of security groups associated with the VPC endpoint. + items: + type: string + minLength: 11 + maxLength: 20 + pattern: sg-\w{8}(\w{9})? + SubnetIds: + type: array + x-insertionOrder: false + description: A list of subnet IDs associated with the VPC endpoint. + items: + type: string + minLength: 15 + maxLength: 24 + pattern: subnet-\w{8}(\w{9})? + required: + - SubnetIds + additionalProperties: false + VpcEndpoint: + description: An OpenSearch Ingestion Service-managed VPC endpoint that will access one or more pipelines. + type: object + properties: + VpcEndpointId: + type: string + description: The unique identifier of the endpoint. + VpcId: + type: string + description: The ID for your VPC. AWS Privatelink generates this value when you create a VPC. + VpcOptions: + $ref: '#/components/schemas/VpcOptions' + additionalProperties: false + Pipeline: + type: object + properties: + BufferOptions: + $ref: '#/components/schemas/BufferOptions' + EncryptionAtRestOptions: + $ref: '#/components/schemas/EncryptionAtRestOptions' + LogPublishingOptions: + $ref: '#/components/schemas/LogPublishingOptions' + MaxUnits: + description: The maximum pipeline capacity, in Ingestion OpenSearch Compute Units (OCUs). + type: integer + minimum: 1 + maximum: 384 + MinUnits: + description: The minimum pipeline capacity, in Ingestion OpenSearch Compute Units (OCUs). + type: integer + minimum: 1 + maximum: 384 + PipelineConfigurationBody: + description: The Data Prepper pipeline configuration. + type: string + minLength: 1 + maxLength: 24000 + PipelineName: + description: Name of the OpenSearch Ingestion Service pipeline to create. Pipeline names are unique across the pipelines owned by an account within an AWS Region. + type: string + minLength: 3 + maxLength: 28 + pattern: '[a-z][a-z0-9\-]+' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + VpcOptions: + $ref: '#/components/schemas/VpcOptions' + VpcEndpoints: + type: array + x-insertionOrder: false + description: The VPC interface endpoints that have access to the pipeline. + items: + $ref: '#/components/schemas/VpcEndpoint' + PipelineArn: + description: The Amazon Resource Name (ARN) of the pipeline. + type: string + minLength: 46 + maxLength: 76 + pattern: ^arn:(aws|aws\-cn|aws\-us\-gov|aws\-iso|aws\-iso\-b):osis:.+:pipeline\/.+$ + IngestEndpointUrls: + type: array + x-insertionOrder: false + description: A list of endpoints that can be used for ingesting data into a pipeline + items: + type: string + required: + - MaxUnits + - MinUnits + - PipelineConfigurationBody + - PipelineName + x-stackql-resource-name: pipeline + description: An OpenSearch Ingestion Service Data Prepper pipeline running Data Prepper. + x-type-name: AWS::OSIS::Pipeline + x-stackql-primary-identifier: + - PipelineArn + x-create-only-properties: + - PipelineName + x-write-only-properties: + - VpcOptions + x-read-only-properties: + - PipelineArn + - IngestEndpointUrls + - VpcEndpoints + x-required-properties: + - MaxUnits + - MinUnits + - PipelineConfigurationBody + - PipelineName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - osis:CreatePipeline + - osis:GetPipeline + - osis:TagResource + - osis:ListTagsForResource + - iam:PassRole + - iam:CreateServiceLinkedRole + - logs:CreateLogDelivery + - kms:DescribeKey + read: + - osis:GetPipeline + - osis:ListTagsForResource + update: + - osis:UpdatePipeline + - osis:GetPipeline + - osis:ListTagsForResource + - osis:TagResource + - osis:UntagResource + - iam:PassRole + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:ListLogDeliveries + - kms:DescribeKey + delete: + - osis:DeletePipeline + - osis:GetPipeline + - logs:GetLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + list: + - osis:ListPipelines + x-stackQL-resources: + pipelines: + name: pipelines + id: aws.osis.pipelines + x-cfn-schema-name: Pipeline + x-type: list + x-identifiers: + - PipelineArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PipelineArn') as pipeline_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OSIS::Pipeline' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PipelineArn') as pipeline_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OSIS::Pipeline' + AND region = 'us-east-1' + pipeline: + name: pipeline + id: aws.osis.pipeline + x-cfn-schema-name: Pipeline + x-type: get + x-identifiers: + - PipelineArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.BufferOptions') as buffer_options, + JSON_EXTRACT(Properties, '$.EncryptionAtRestOptions') as encryption_at_rest_options, + JSON_EXTRACT(Properties, '$.LogPublishingOptions') as log_publishing_options, + JSON_EXTRACT(Properties, '$.MaxUnits') as max_units, + JSON_EXTRACT(Properties, '$.MinUnits') as min_units, + JSON_EXTRACT(Properties, '$.PipelineConfigurationBody') as pipeline_configuration_body, + JSON_EXTRACT(Properties, '$.PipelineName') as pipeline_name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VpcOptions') as vpc_options, + JSON_EXTRACT(Properties, '$.VpcEndpoints') as vpc_endpoints, + JSON_EXTRACT(Properties, '$.PipelineArn') as pipeline_arn, + JSON_EXTRACT(Properties, '$.IngestEndpointUrls') as ingest_endpoint_urls + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OSIS::Pipeline' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'BufferOptions') as buffer_options, + json_extract_path_text(Properties, 'EncryptionAtRestOptions') as encryption_at_rest_options, + json_extract_path_text(Properties, 'LogPublishingOptions') as log_publishing_options, + json_extract_path_text(Properties, 'MaxUnits') as max_units, + json_extract_path_text(Properties, 'MinUnits') as min_units, + json_extract_path_text(Properties, 'PipelineConfigurationBody') as pipeline_configuration_body, + json_extract_path_text(Properties, 'PipelineName') as pipeline_name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VpcOptions') as vpc_options, + json_extract_path_text(Properties, 'VpcEndpoints') as vpc_endpoints, + json_extract_path_text(Properties, 'PipelineArn') as pipeline_arn, + json_extract_path_text(Properties, 'IngestEndpointUrls') as ingest_endpoint_urls + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OSIS::Pipeline' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/panorama.yaml b/providers/src/aws/v00.00.00000/services/panorama.yaml new file mode 100644 index 00000000..e19678cd --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/panorama.yaml @@ -0,0 +1,654 @@ +openapi: 3.0.0 +info: + title: Panorama + version: 1.0.0 +paths: {} +components: + schemas: + DefaultRuntimeContextDevice: + minLength: 1 + pattern: ^[a-zA-Z0-9\-\_]+$ + type: string + maxLength: 255 + Description: + minLength: 0 + pattern: ^.*$ + type: string + maxLength: 255 + DeviceId: + minLength: 1 + pattern: ^[a-zA-Z0-9\-\_]+$ + type: string + maxLength: 255 + ApplicationInstanceStatus: + type: string + enum: + - DEPLOYMENT_PENDING + - DEPLOYMENT_REQUESTED + - DEPLOYMENT_IN_PROGRESS + - DEPLOYMENT_ERROR + - DEPLOYMENT_SUCCEEDED + - REMOVAL_PENDING + - REMOVAL_REQUESTED + - REMOVAL_IN_PROGRESS + - REMOVAL_FAILED + - REMOVAL_SUCCEEDED + ManifestOverridesPayload: + additionalProperties: false + type: object + properties: + PayloadData: + $ref: '#/components/schemas/ManifestOverridesPayloadData' + RuntimeRoleArn: + minLength: 1 + pattern: ^arn:[a-z0-9][-.a-z0-9]{0,62}:iam::[0-9]{12}:role/.+$ + type: string + maxLength: 255 + Timestamp: + type: integer + Name: + minLength: 1 + pattern: ^[a-zA-Z0-9\-\_]+$ + type: string + maxLength: 255 + ApplicationInstanceId: + minLength: 1 + pattern: ^[a-zA-Z0-9\-\_]+$ + type: string + maxLength: 255 + ManifestPayloadData: + minLength: 1 + pattern: ^.+$ + type: string + maxLength: 51200 + ApplicationInstanceHealthStatus: + type: string + enum: + - RUNNING + - ERROR + - NOT_AVAILABLE + StatusFilter: + type: string + enum: + - DEPLOYMENT_SUCCEEDED + - DEPLOYMENT_ERROR + - REMOVAL_SUCCEEDED + - REMOVAL_FAILED + - PROCESSING_DEPLOYMENT + - PROCESSING_REMOVAL + TagList: + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + ManifestPayload: + additionalProperties: false + type: object + properties: + PayloadData: + $ref: '#/components/schemas/ManifestPayloadData' + ApplicationInstanceArn: + minLength: 1 + type: string + maxLength: 255 + ManifestOverridesPayloadData: + minLength: 0 + pattern: ^.+$ + type: string + maxLength: 51200 + ApplicationInstanceStatusDescription: + minLength: 1 + type: string + maxLength: 255 + Tag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + pattern: ^.+$ + Value: + type: string + minLength: 0 + maxLength: 256 + pattern: ^.+$ + required: + - Key + - Value + additionalProperties: false + DeviceName: + minLength: 1 + pattern: ^[a-zA-Z0-9\-\_]+$ + type: string + maxLength: 255 + ApplicationInstance: + type: object + properties: + DefaultRuntimeContextDeviceName: + $ref: '#/components/schemas/DeviceName' + Status: + $ref: '#/components/schemas/ApplicationInstanceStatus' + DefaultRuntimeContextDevice: + $ref: '#/components/schemas/DefaultRuntimeContextDevice' + Description: + $ref: '#/components/schemas/Description' + ApplicationInstanceIdToReplace: + $ref: '#/components/schemas/ApplicationInstanceId' + CreatedTime: + $ref: '#/components/schemas/Timestamp' + HealthStatus: + $ref: '#/components/schemas/ApplicationInstanceHealthStatus' + ManifestOverridesPayload: + $ref: '#/components/schemas/ManifestOverridesPayload' + LastUpdatedTime: + $ref: '#/components/schemas/Timestamp' + RuntimeRoleArn: + $ref: '#/components/schemas/RuntimeRoleArn' + Name: + $ref: '#/components/schemas/Name' + ApplicationInstanceId: + $ref: '#/components/schemas/ApplicationInstanceId' + StatusDescription: + $ref: '#/components/schemas/ApplicationInstanceStatusDescription' + ManifestPayload: + $ref: '#/components/schemas/ManifestPayload' + Arn: + $ref: '#/components/schemas/ApplicationInstanceArn' + Tags: + $ref: '#/components/schemas/TagList' + required: + - ManifestPayload + - DefaultRuntimeContextDevice + x-stackql-resource-name: application_instance + description: Schema for ApplicationInstance CloudFormation Resource + x-type-name: AWS::Panorama::ApplicationInstance + x-stackql-primary-identifier: + - ApplicationInstanceId + x-create-only-properties: + - Name + - Description + - ManifestPayload + - ManifestOverridesPayload + - RuntimeRoleArn + - DefaultRuntimeContextDevice + - ApplicationInstanceIdToReplace + x-write-only-properties: + - ApplicationInstanceIdToReplace + x-read-only-properties: + - ApplicationInstanceId + - Arn + - Status + - HealthStatus + - StatusDescription + - DefaultRuntimeContextDeviceName + - CreatedTime + - LastUpdatedTime + x-required-properties: + - ManifestPayload + - DefaultRuntimeContextDevice + x-taggable: true + x-required-permissions: + read: + - panorama:DescribeApplicationInstance + - panorama:DescribeApplicationInstanceDetails + - panorama:ListTagsForResource + - s3:ListObjects + - s3:GetObject + - s3:GetObjectVersion + create: + - panorama:CreateApplicationInstance + - panorama:ListTagsForResource + - panorama:TagResource + - panorama:DescribeApplicationInstance + - panorama:DescribeApplicationInstanceDetails + - iam:PassRole + - s3:ListBucket + - s3:PutObject + - s3:GetObject + - s3:GetObjectVersion + update: + - panorama:ListTagsForResource + - panorama:TagResource + - panorama:UntagResource + - panorama:DescribeApplicationInstance + - panorama:DescribeApplicationInstanceDetails + - s3:ListObjects + - s3:GetObject + - s3:GetObjectVersion + list: + - panorama:ListApplicationInstances + - s3:ListBucket + - s3:GetObject + - s3:GetObjectVersion + delete: + - panorama:RemoveApplicationInstance + - panorama:DescribeApplicationInstance + - panorama:DescribeApplicationInstanceDetails + - s3:DeleteObject + - s3:DeleteObjectVersion + - s3:DeleteObjectVersionTagging + - s3:ListObjects + - s3:GetObject + - s3:GetObjectVersion + NodePackageName: + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9\-\_]+$ + NodePackageId: + type: string + minLength: 1 + maxLength: 255 + pattern: ^[a-zA-Z0-9\-\_\/]+$ + NodePackageArn: + type: string + minLength: 1 + maxLength: 255 + StorageLocation: + type: object + properties: + Bucket: + type: string + RepoPrefixLocation: + type: string + GeneratedPrefixLocation: + type: string + BinaryPrefixLocation: + type: string + ManifestPrefixLocation: + type: string + additionalProperties: false + Package: + type: object + properties: + PackageName: + $ref: '#/components/schemas/NodePackageName' + PackageId: + $ref: '#/components/schemas/NodePackageId' + Arn: + $ref: '#/components/schemas/NodePackageArn' + StorageLocation: + $ref: '#/components/schemas/StorageLocation' + CreatedTime: + $ref: '#/components/schemas/Timestamp' + Tags: + $ref: '#/components/schemas/TagList' + required: + - PackageName + x-stackql-resource-name: package + description: Schema for Package CloudFormation Resource + x-type-name: AWS::Panorama::Package + x-stackql-primary-identifier: + - PackageId + x-create-only-properties: + - PackageName + x-read-only-properties: + - PackageId + - Arn + - CreatedTime + - StorageLocation/Bucket + - StorageLocation/RepoPrefixLocation + - StorageLocation/GeneratedPrefixLocation + - StorageLocation/BinaryPrefixLocation + - StorageLocation/ManifestPrefixLocation + x-required-properties: + - PackageName + x-taggable: true + x-required-permissions: + create: + - panorama:CreatePackage + - panorama:ListTagsForResource + - panorama:TagResource + - panorama:DescribePackage + - s3:ListBucket + - s3:PutObject + - s3:GetObject + - s3:GetObjectVersion + read: + - panorama:DescribePackage + - panorama:ListTagsForResource + - s3:ListBucket + - s3:GetObject + - s3:GetObjectVersion + update: + - panorama:DescribePackage + - panorama:ListTagsForResource + - panorama:TagResource + - panorama:UntagResource + - s3:PutObject + - s3:ListBucket + - s3:GetObject + - s3:GetObjectVersion + list: + - panorama:ListPackages + - s3:ListBucket + - s3:GetObject + - s3:GetObjectVersion + delete: + - panorama:DeletePackage + - panorama:DescribePackage + - s3:DeleteObject + - s3:DeleteObjectVersion + - s3:DeleteObjectVersionTagging + - s3:ListObjects + - s3:ListObjectsV2 + - s3:ListBucket + - s3:GetObject + - s3:GetObjectVersion + PackageOwnerAccount: + type: string + minLength: 1 + maxLength: 12 + pattern: ^[0-9a-z\_]+$ + NodePackageVersion: + type: string + minLength: 1 + maxLength: 255 + pattern: ^([0-9]+)\.([0-9]+)$ + NodePackagePatchVersion: + type: string + minLength: 1 + maxLength: 255 + pattern: ^[a-z0-9]+$ + PackageVersionStatus: + type: string + enum: + - REGISTER_PENDING + - REGISTER_COMPLETED + - FAILED + - DELETING + PackageVersionStatusDescription: + type: string + minLength: 1 + maxLength: 255 + TimeStamp: + type: integer + PackageVersion: + type: object + properties: + OwnerAccount: + $ref: '#/components/schemas/PackageOwnerAccount' + PackageId: + $ref: '#/components/schemas/NodePackageId' + PackageArn: + $ref: '#/components/schemas/NodePackageArn' + PackageVersion: + $ref: '#/components/schemas/NodePackageVersion' + PatchVersion: + $ref: '#/components/schemas/NodePackagePatchVersion' + MarkLatest: + type: boolean + IsLatestPatch: + type: boolean + PackageName: + $ref: '#/components/schemas/NodePackageName' + Status: + $ref: '#/components/schemas/PackageVersionStatus' + StatusDescription: + $ref: '#/components/schemas/PackageVersionStatusDescription' + RegisteredTime: + $ref: '#/components/schemas/TimeStamp' + UpdatedLatestPatchVersion: + $ref: '#/components/schemas/NodePackagePatchVersion' + required: + - PackageId + - PackageVersion + - PatchVersion + x-stackql-resource-name: package_version + description: Schema for PackageVersion Resource Type + x-type-name: AWS::Panorama::PackageVersion + x-stackql-primary-identifier: + - PackageId + - PackageVersion + - PatchVersion + x-create-only-properties: + - OwnerAccount + - PackageId + - PackageVersion + - PatchVersion + x-write-only-properties: + - UpdatedLatestPatchVersion + x-read-only-properties: + - PackageName + - PackageArn + - Status + - StatusDescription + - IsLatestPatch + - RegisteredTime + x-required-properties: + - PackageId + - PackageVersion + - PatchVersion + x-required-permissions: + create: + - panorama:RegisterPackageVersion + - panorama:DescribePackageVersion + - s3:ListBucket + - s3:PutObject + - s3:GetObject + - s3:GetObjectVersion + read: + - panorama:DescribePackageVersion + - s3:ListBucket + - s3:GetObject + - s3:GetObjectVersion + update: + - panorama:DescribePackageVersion + - panorama:RegisterPackageVersion + - s3:ListBucket + - s3:PutObject + - s3:GetObject + - s3:GetObjectVersion + delete: + - panorama:DeregisterPackageVersion + - panorama:DescribePackageVersion + - s3:DeleteObject + - s3:DeleteObjectVersion + - s3:DeleteObjectVersionTagging + - s3:ListBucket + - s3:GetObject + - s3:GetObjectVersion + x-stackQL-resources: + application_instances: + name: application_instances + id: aws.panorama.application_instances + x-cfn-schema-name: ApplicationInstance + x-type: list + x-identifiers: + - ApplicationInstanceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationInstanceId') as application_instance_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Panorama::ApplicationInstance' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationInstanceId') as application_instance_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Panorama::ApplicationInstance' + AND region = 'us-east-1' + application_instance: + name: application_instance + id: aws.panorama.application_instance + x-cfn-schema-name: ApplicationInstance + x-type: get + x-identifiers: + - ApplicationInstanceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DefaultRuntimeContextDeviceName') as default_runtime_context_device_name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.DefaultRuntimeContextDevice') as default_runtime_context_device, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ApplicationInstanceIdToReplace') as application_instance_id_to_replace, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.HealthStatus') as health_status, + JSON_EXTRACT(Properties, '$.ManifestOverridesPayload') as manifest_overrides_payload, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.RuntimeRoleArn') as runtime_role_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ApplicationInstanceId') as application_instance_id, + JSON_EXTRACT(Properties, '$.StatusDescription') as status_description, + JSON_EXTRACT(Properties, '$.ManifestPayload') as manifest_payload, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Panorama::ApplicationInstance' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DefaultRuntimeContextDeviceName') as default_runtime_context_device_name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'DefaultRuntimeContextDevice') as default_runtime_context_device, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ApplicationInstanceIdToReplace') as application_instance_id_to_replace, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'HealthStatus') as health_status, + json_extract_path_text(Properties, 'ManifestOverridesPayload') as manifest_overrides_payload, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'RuntimeRoleArn') as runtime_role_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ApplicationInstanceId') as application_instance_id, + json_extract_path_text(Properties, 'StatusDescription') as status_description, + json_extract_path_text(Properties, 'ManifestPayload') as manifest_payload, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Panorama::ApplicationInstance' + AND data__Identifier = '' + AND region = 'us-east-1' + packages: + name: packages + id: aws.panorama.packages + x-cfn-schema-name: Package + x-type: list + x-identifiers: + - PackageId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PackageId') as package_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Panorama::Package' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PackageId') as package_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Panorama::Package' + AND region = 'us-east-1' + package: + name: package + id: aws.panorama.package + x-cfn-schema-name: Package + x-type: get + x-identifiers: + - PackageId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PackageName') as package_name, + JSON_EXTRACT(Properties, '$.PackageId') as package_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.StorageLocation') as storage_location, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Panorama::Package' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PackageName') as package_name, + json_extract_path_text(Properties, 'PackageId') as package_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'StorageLocation') as storage_location, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Panorama::Package' + AND data__Identifier = '' + AND region = 'us-east-1' + package_version: + name: package_version + id: aws.panorama.package_version + x-cfn-schema-name: PackageVersion + x-type: get + x-identifiers: + - PackageId + - PackageVersion + - PatchVersion + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.OwnerAccount') as owner_account, + JSON_EXTRACT(Properties, '$.PackageId') as package_id, + JSON_EXTRACT(Properties, '$.PackageArn') as package_arn, + JSON_EXTRACT(Properties, '$.PackageVersion') as package_version, + JSON_EXTRACT(Properties, '$.PatchVersion') as patch_version, + JSON_EXTRACT(Properties, '$.MarkLatest') as mark_latest, + JSON_EXTRACT(Properties, '$.IsLatestPatch') as is_latest_patch, + JSON_EXTRACT(Properties, '$.PackageName') as package_name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusDescription') as status_description, + JSON_EXTRACT(Properties, '$.RegisteredTime') as registered_time, + JSON_EXTRACT(Properties, '$.UpdatedLatestPatchVersion') as updated_latest_patch_version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Panorama::PackageVersion' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'OwnerAccount') as owner_account, + json_extract_path_text(Properties, 'PackageId') as package_id, + json_extract_path_text(Properties, 'PackageArn') as package_arn, + json_extract_path_text(Properties, 'PackageVersion') as package_version, + json_extract_path_text(Properties, 'PatchVersion') as patch_version, + json_extract_path_text(Properties, 'MarkLatest') as mark_latest, + json_extract_path_text(Properties, 'IsLatestPatch') as is_latest_patch, + json_extract_path_text(Properties, 'PackageName') as package_name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusDescription') as status_description, + json_extract_path_text(Properties, 'RegisteredTime') as registered_time, + json_extract_path_text(Properties, 'UpdatedLatestPatchVersion') as updated_latest_patch_version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Panorama::PackageVersion' + AND data__Identifier = '||' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/pcaconnectorad.yaml b/providers/src/aws/v00.00.00000/services/pcaconnectorad.yaml new file mode 100644 index 00000000..66b3ed6e --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/pcaconnectorad.yaml @@ -0,0 +1,1307 @@ +openapi: 3.0.0 +info: + title: PCAConnectorAD + version: 1.0.0 +paths: {} +components: + schemas: + Tags: + type: object + x-patternProperties: + .+: + type: string + additionalProperties: false + VpcInformation: + type: object + properties: + SecurityGroupIds: + type: array + items: + type: string + maxLength: 20 + minLength: 11 + pattern: ^(?:sg-[0-9a-f]{8}|sg-[0-9a-f]{17})$ + maxItems: 5 + minItems: 1 + uniqueItems: true + required: + - SecurityGroupIds + additionalProperties: false + Connector: + type: object + properties: + CertificateAuthorityArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:[\w-]+:acm-pca:[\w-]+:[0-9]+:certificate-authority(\/[\w-]+)$ + ConnectorArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:connector(\/[\w-]+)$ + DirectoryId: + type: string + pattern: ^d-[0-9a-f]{10}$ + Tags: + $ref: '#/components/schemas/Tags' + VpcInformation: + $ref: '#/components/schemas/VpcInformation' + required: + - CertificateAuthorityArn + - DirectoryId + - VpcInformation + x-stackql-resource-name: connector + description: Definition of AWS::PCAConnectorAD::Connector Resource Type + x-type-name: AWS::PCAConnectorAD::Connector + x-stackql-primary-identifier: + - ConnectorArn + x-create-only-properties: + - CertificateAuthorityArn + - DirectoryId + - VpcInformation + x-write-only-properties: + - CertificateAuthorityArn + - DirectoryId + - Tags + - VpcInformation + x-read-only-properties: + - ConnectorArn + x-required-properties: + - CertificateAuthorityArn + - DirectoryId + - VpcInformation + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - acm-pca:DescribeCertificateAuthority + - acm-pca:GetCertificateAuthorityCertificate + - acm-pca:GetCertificate + - acm-pca:IssueCertificate + - ds:DescribeDirectories + - ec2:CreateTags + - ec2:CreateVpcEndpoint + - ec2:DescribeVpcEndpoints + - pca-connector-ad:CreateConnector + - pca-connector-ad:GetConnector + read: + - pca-connector-ad:ListTagsForResource + - pca-connector-ad:GetConnector + delete: + - pca-connector-ad:GetConnector + - pca-connector-ad:DeleteConnector + - ec2:DeleteVpcEndpoints + - ec2:DescribeVpcEndpoints + list: + - pca-connector-ad:ListConnectors + update: + - pca-connector-ad:ListTagsForResource + - pca-connector-ad:TagResource + - pca-connector-ad:UntagResource + DirectoryRegistration: + type: object + properties: + DirectoryId: + type: string + pattern: ^d-[0-9a-f]{10}$ + DirectoryRegistrationArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:directory-registration(\/[\w-]+)$ + Tags: + $ref: '#/components/schemas/Tags' + required: + - DirectoryId + x-stackql-resource-name: directory_registration + description: Definition of AWS::PCAConnectorAD::DirectoryRegistration Resource Type + x-type-name: AWS::PCAConnectorAD::DirectoryRegistration + x-stackql-primary-identifier: + - DirectoryRegistrationArn + x-create-only-properties: + - DirectoryId + x-write-only-properties: + - DirectoryId + - Tags + x-read-only-properties: + - DirectoryRegistrationArn + x-required-properties: + - DirectoryId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - pca-connector-ad:GetDirectoryRegistration + - pca-connector-ad:CreateDirectoryRegistration + - ds:AuthorizeApplication + - ds:DescribeDirectories + read: + - pca-connector-ad:ListTagsForResource + - pca-connector-ad:GetDirectoryRegistration + delete: + - pca-connector-ad:GetDirectoryRegistration + - pca-connector-ad:DeleteDirectoryRegistration + - ds:DescribeDirectories + - ds:UnauthorizeApplication + - ds:UpdateAuthorizedApplication + list: + - pca-connector-ad:ListDirectoryRegistrations + update: + - pca-connector-ad:ListTagsForResource + - pca-connector-ad:TagResource + - pca-connector-ad:UntagResource + ServicePrincipalName: + type: object + properties: + ConnectorArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:connector(\/[\w-]+)$ + DirectoryRegistrationArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:directory-registration(\/[\w-]+)$ + x-stackql-resource-name: service_principal_name + description: Definition of AWS::PCAConnectorAD::ServicePrincipalName Resource Type + x-type-name: AWS::PCAConnectorAD::ServicePrincipalName + x-stackql-primary-identifier: + - ConnectorArn + - DirectoryRegistrationArn + x-create-only-properties: + - ConnectorArn + - DirectoryRegistrationArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ds:UpdateAuthorizedApplication + - pca-connector-ad:GetServicePrincipalName + - pca-connector-ad:CreateServicePrincipalName + read: + - pca-connector-ad:GetServicePrincipalName + delete: + - ds:UpdateAuthorizedApplication + - pca-connector-ad:GetServicePrincipalName + - pca-connector-ad:DeleteServicePrincipalName + list: + - pca-connector-ad:ListServicePrincipalNames + ApplicationPolicies: + type: object + properties: + Critical: + type: boolean + Policies: + type: array + items: + $ref: '#/components/schemas/ApplicationPolicy' + maxItems: 100 + minItems: 1 + uniqueItems: true + required: + - Policies + additionalProperties: false + ApplicationPolicy: + oneOf: + - type: object + title: PolicyType + properties: + PolicyType: + $ref: '#/components/schemas/ApplicationPolicyType' + required: + - PolicyType + additionalProperties: false + - type: object + title: PolicyObjectIdentifier + properties: + PolicyObjectIdentifier: + type: string + maxLength: 64 + minLength: 1 + pattern: ^([0-2])\.([0-9]|([0-3][0-9]))(\.([0-9]+)){0,126}$ + required: + - PolicyObjectIdentifier + additionalProperties: false + ApplicationPolicyType: + type: string + enum: + - ALL_APPLICATION_POLICIES + - ANY_PURPOSE + - ATTESTATION_IDENTITY_KEY_CERTIFICATE + - CERTIFICATE_REQUEST_AGENT + - CLIENT_AUTHENTICATION + - CODE_SIGNING + - CTL_USAGE + - DIGITAL_RIGHTS + - DIRECTORY_SERVICE_EMAIL_REPLICATION + - DISALLOWED_LIST + - DNS_SERVER_TRUST + - DOCUMENT_ENCRYPTION + - DOCUMENT_SIGNING + - DYNAMIC_CODE_GENERATOR + - EARLY_LAUNCH_ANTIMALWARE_DRIVER + - EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION + - ENCLAVE + - ENCRYPTING_FILE_SYSTEM + - ENDORSEMENT_KEY_CERTIFICATE + - FILE_RECOVERY + - HAL_EXTENSION + - IP_SECURITY_END_SYSTEM + - IP_SECURITY_IKE_INTERMEDIATE + - IP_SECURITY_TUNNEL_TERMINATION + - IP_SECURITY_USER + - ISOLATED_USER_MODE + - KDC_AUTHENTICATION + - KERNEL_MODE_CODE_SIGNING + - KEY_PACK_LICENSES + - KEY_RECOVERY + - KEY_RECOVERY_AGENT + - LICENSE_SERVER_VERIFICATION + - LIFETIME_SIGNING + - MICROSOFT_PUBLISHER + - MICROSOFT_TIME_STAMPING + - MICROSOFT_TRUST_LIST_SIGNING + - OCSP_SIGNING + - OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION + - PLATFORM_CERTIFICATE + - PREVIEW_BUILD_SIGNING + - PRIVATE_KEY_ARCHIVAL + - PROTECTED_PROCESS_LIGHT_VERIFICATION + - PROTECTED_PROCESS_VERIFICATION + - QUALIFIED_SUBORDINATION + - REVOKED_LIST_SIGNER + - ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION + - ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION + - ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL + - ROOT_LIST_SIGNER + - SECURE_EMAIL + - SERVER_AUTHENTICATION + - SMART_CARD_LOGIN + - SPC_ENCRYPTED_DIGEST_RETRY_COUNT + - SPC_RELAXED_PE_MARKER_CHECK + - TIME_STAMPING + - WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION + - WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION + - WINDOWS_HARDWARE_DRIVER_VERIFICATION + - WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION + - WINDOWS_KITS_COMPONENT + - WINDOWS_RT_VERIFICATION + - WINDOWS_SOFTWARE_EXTENSION_VERIFICATION + - WINDOWS_STORE + - WINDOWS_SYSTEM_COMPONENT_VERIFICATION + - WINDOWS_TCB_COMPONENT + - WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT + - WINDOWS_UPDATE + CertificateValidity: + type: object + properties: + ValidityPeriod: + $ref: '#/components/schemas/ValidityPeriod' + RenewalPeriod: + $ref: '#/components/schemas/ValidityPeriod' + required: + - RenewalPeriod + - ValidityPeriod + additionalProperties: false + ClientCompatibilityV2: + type: string + enum: + - WINDOWS_SERVER_2003 + - WINDOWS_SERVER_2008 + - WINDOWS_SERVER_2008_R2 + - WINDOWS_SERVER_2012 + - WINDOWS_SERVER_2012_R2 + - WINDOWS_SERVER_2016 + ClientCompatibilityV3: + type: string + enum: + - WINDOWS_SERVER_2008 + - WINDOWS_SERVER_2008_R2 + - WINDOWS_SERVER_2012 + - WINDOWS_SERVER_2012_R2 + - WINDOWS_SERVER_2016 + ClientCompatibilityV4: + type: string + enum: + - WINDOWS_SERVER_2012 + - WINDOWS_SERVER_2012_R2 + - WINDOWS_SERVER_2016 + EnrollmentFlagsV2: + type: object + properties: + IncludeSymmetricAlgorithms: + type: boolean + UserInteractionRequired: + type: boolean + RemoveInvalidCertificateFromPersonalStore: + type: boolean + NoSecurityExtension: + type: boolean + EnableKeyReuseOnNtTokenKeysetStorageFull: + type: boolean + additionalProperties: false + EnrollmentFlagsV3: + type: object + properties: + IncludeSymmetricAlgorithms: + type: boolean + UserInteractionRequired: + type: boolean + RemoveInvalidCertificateFromPersonalStore: + type: boolean + NoSecurityExtension: + type: boolean + EnableKeyReuseOnNtTokenKeysetStorageFull: + type: boolean + additionalProperties: false + EnrollmentFlagsV4: + type: object + properties: + IncludeSymmetricAlgorithms: + type: boolean + UserInteractionRequired: + type: boolean + RemoveInvalidCertificateFromPersonalStore: + type: boolean + NoSecurityExtension: + type: boolean + EnableKeyReuseOnNtTokenKeysetStorageFull: + type: boolean + additionalProperties: false + ExtensionsV2: + type: object + properties: + KeyUsage: + $ref: '#/components/schemas/KeyUsage' + ApplicationPolicies: + $ref: '#/components/schemas/ApplicationPolicies' + required: + - KeyUsage + additionalProperties: false + ExtensionsV3: + type: object + properties: + KeyUsage: + $ref: '#/components/schemas/KeyUsage' + ApplicationPolicies: + $ref: '#/components/schemas/ApplicationPolicies' + required: + - KeyUsage + additionalProperties: false + ExtensionsV4: + type: object + properties: + KeyUsage: + $ref: '#/components/schemas/KeyUsage' + ApplicationPolicies: + $ref: '#/components/schemas/ApplicationPolicies' + required: + - KeyUsage + additionalProperties: false + GeneralFlagsV2: + type: object + properties: + AutoEnrollment: + type: boolean + MachineType: + type: boolean + additionalProperties: false + GeneralFlagsV3: + type: object + properties: + AutoEnrollment: + type: boolean + MachineType: + type: boolean + additionalProperties: false + GeneralFlagsV4: + type: object + properties: + AutoEnrollment: + type: boolean + MachineType: + type: boolean + additionalProperties: false + HashAlgorithm: + type: string + enum: + - SHA256 + - SHA384 + - SHA512 + KeySpec: + type: string + enum: + - KEY_EXCHANGE + - SIGNATURE + KeyUsage: + type: object + properties: + Critical: + type: boolean + UsageFlags: + $ref: '#/components/schemas/KeyUsageFlags' + required: + - UsageFlags + additionalProperties: false + KeyUsageFlags: + type: object + properties: + DigitalSignature: + type: boolean + NonRepudiation: + type: boolean + KeyEncipherment: + type: boolean + DataEncipherment: + type: boolean + KeyAgreement: + type: boolean + additionalProperties: false + KeyUsageProperty: + oneOf: + - type: object + title: PropertyType + properties: + PropertyType: + $ref: '#/components/schemas/KeyUsagePropertyType' + required: + - PropertyType + additionalProperties: false + - type: object + title: PropertyFlags + properties: + PropertyFlags: + $ref: '#/components/schemas/KeyUsagePropertyFlags' + required: + - PropertyFlags + additionalProperties: false + KeyUsagePropertyFlags: + type: object + properties: + Decrypt: + type: boolean + KeyAgreement: + type: boolean + Sign: + type: boolean + additionalProperties: false + KeyUsagePropertyType: + type: string + enum: + - ALL + PrivateKeyAlgorithm: + type: string + enum: + - RSA + - ECDH_P256 + - ECDH_P384 + - ECDH_P521 + PrivateKeyAttributesV2: + type: object + properties: + MinimalKeyLength: + type: number + minimum: 1 + KeySpec: + $ref: '#/components/schemas/KeySpec' + CryptoProviders: + type: array + items: + type: string + maxLength: 100 + minLength: 1 + maxItems: 100 + minItems: 1 + uniqueItems: true + required: + - KeySpec + - MinimalKeyLength + additionalProperties: false + PrivateKeyAttributesV3: + type: object + properties: + MinimalKeyLength: + type: number + minimum: 1 + KeySpec: + $ref: '#/components/schemas/KeySpec' + CryptoProviders: + type: array + items: + type: string + maxLength: 100 + minLength: 1 + maxItems: 100 + minItems: 1 + uniqueItems: true + KeyUsageProperty: + $ref: '#/components/schemas/KeyUsageProperty' + Algorithm: + $ref: '#/components/schemas/PrivateKeyAlgorithm' + required: + - Algorithm + - KeySpec + - KeyUsageProperty + - MinimalKeyLength + additionalProperties: false + PrivateKeyAttributesV4: + type: object + properties: + MinimalKeyLength: + type: number + minimum: 1 + KeySpec: + $ref: '#/components/schemas/KeySpec' + CryptoProviders: + type: array + items: + type: string + maxLength: 100 + minLength: 1 + maxItems: 100 + minItems: 1 + uniqueItems: true + KeyUsageProperty: + $ref: '#/components/schemas/KeyUsageProperty' + Algorithm: + $ref: '#/components/schemas/PrivateKeyAlgorithm' + required: + - KeySpec + - MinimalKeyLength + additionalProperties: false + PrivateKeyFlagsV2: + type: object + properties: + ExportableKey: + type: boolean + StrongKeyProtectionRequired: + type: boolean + ClientVersion: + $ref: '#/components/schemas/ClientCompatibilityV2' + required: + - ClientVersion + additionalProperties: false + PrivateKeyFlagsV3: + type: object + properties: + ExportableKey: + type: boolean + StrongKeyProtectionRequired: + type: boolean + RequireAlternateSignatureAlgorithm: + type: boolean + ClientVersion: + $ref: '#/components/schemas/ClientCompatibilityV3' + required: + - ClientVersion + additionalProperties: false + PrivateKeyFlagsV4: + type: object + properties: + ExportableKey: + type: boolean + StrongKeyProtectionRequired: + type: boolean + RequireAlternateSignatureAlgorithm: + type: boolean + RequireSameKeyRenewal: + type: boolean + UseLegacyProvider: + type: boolean + ClientVersion: + $ref: '#/components/schemas/ClientCompatibilityV4' + required: + - ClientVersion + additionalProperties: false + SubjectNameFlagsV2: + type: object + properties: + SanRequireDomainDns: + type: boolean + SanRequireSpn: + type: boolean + SanRequireDirectoryGuid: + type: boolean + SanRequireUpn: + type: boolean + SanRequireEmail: + type: boolean + SanRequireDns: + type: boolean + RequireDnsAsCn: + type: boolean + RequireEmail: + type: boolean + RequireCommonName: + type: boolean + RequireDirectoryPath: + type: boolean + additionalProperties: false + SubjectNameFlagsV3: + type: object + properties: + SanRequireDomainDns: + type: boolean + SanRequireSpn: + type: boolean + SanRequireDirectoryGuid: + type: boolean + SanRequireUpn: + type: boolean + SanRequireEmail: + type: boolean + SanRequireDns: + type: boolean + RequireDnsAsCn: + type: boolean + RequireEmail: + type: boolean + RequireCommonName: + type: boolean + RequireDirectoryPath: + type: boolean + additionalProperties: false + SubjectNameFlagsV4: + type: object + properties: + SanRequireDomainDns: + type: boolean + SanRequireSpn: + type: boolean + SanRequireDirectoryGuid: + type: boolean + SanRequireUpn: + type: boolean + SanRequireEmail: + type: boolean + SanRequireDns: + type: boolean + RequireDnsAsCn: + type: boolean + RequireEmail: + type: boolean + RequireCommonName: + type: boolean + RequireDirectoryPath: + type: boolean + additionalProperties: false + TemplateDefinition: + oneOf: + - type: object + title: TemplateV2 + properties: + TemplateV2: + $ref: '#/components/schemas/TemplateV2' + required: + - TemplateV2 + additionalProperties: false + - type: object + title: TemplateV3 + properties: + TemplateV3: + $ref: '#/components/schemas/TemplateV3' + required: + - TemplateV3 + additionalProperties: false + - type: object + title: TemplateV4 + properties: + TemplateV4: + $ref: '#/components/schemas/TemplateV4' + required: + - TemplateV4 + additionalProperties: false + TemplateV2: + type: object + properties: + CertificateValidity: + $ref: '#/components/schemas/CertificateValidity' + SupersededTemplates: + type: array + items: + type: string + maxLength: 64 + minLength: 1 + pattern: ^(?!^\s+$)((?![\x5c'\x2b,;<=>#\x22])([\x20-\x7E]))+$ + maxItems: 100 + minItems: 1 + uniqueItems: true + PrivateKeyAttributes: + $ref: '#/components/schemas/PrivateKeyAttributesV2' + PrivateKeyFlags: + $ref: '#/components/schemas/PrivateKeyFlagsV2' + EnrollmentFlags: + $ref: '#/components/schemas/EnrollmentFlagsV2' + SubjectNameFlags: + $ref: '#/components/schemas/SubjectNameFlagsV2' + GeneralFlags: + $ref: '#/components/schemas/GeneralFlagsV2' + Extensions: + $ref: '#/components/schemas/ExtensionsV2' + required: + - CertificateValidity + - EnrollmentFlags + - Extensions + - GeneralFlags + - PrivateKeyAttributes + - PrivateKeyFlags + - SubjectNameFlags + additionalProperties: false + TemplateV3: + type: object + properties: + CertificateValidity: + $ref: '#/components/schemas/CertificateValidity' + SupersededTemplates: + type: array + items: + type: string + maxLength: 64 + minLength: 1 + pattern: ^(?!^\s+$)((?![\x5c'\x2b,;<=>#\x22])([\x20-\x7E]))+$ + maxItems: 100 + minItems: 1 + uniqueItems: true + PrivateKeyAttributes: + $ref: '#/components/schemas/PrivateKeyAttributesV3' + PrivateKeyFlags: + $ref: '#/components/schemas/PrivateKeyFlagsV3' + EnrollmentFlags: + $ref: '#/components/schemas/EnrollmentFlagsV3' + SubjectNameFlags: + $ref: '#/components/schemas/SubjectNameFlagsV3' + GeneralFlags: + $ref: '#/components/schemas/GeneralFlagsV3' + HashAlgorithm: + $ref: '#/components/schemas/HashAlgorithm' + Extensions: + $ref: '#/components/schemas/ExtensionsV3' + required: + - CertificateValidity + - EnrollmentFlags + - Extensions + - GeneralFlags + - HashAlgorithm + - PrivateKeyAttributes + - PrivateKeyFlags + - SubjectNameFlags + additionalProperties: false + TemplateV4: + type: object + properties: + CertificateValidity: + $ref: '#/components/schemas/CertificateValidity' + SupersededTemplates: + type: array + items: + type: string + maxLength: 64 + minLength: 1 + pattern: ^(?!^\s+$)((?![\x5c'\x2b,;<=>#\x22])([\x20-\x7E]))+$ + maxItems: 100 + minItems: 1 + uniqueItems: true + PrivateKeyAttributes: + $ref: '#/components/schemas/PrivateKeyAttributesV4' + PrivateKeyFlags: + $ref: '#/components/schemas/PrivateKeyFlagsV4' + EnrollmentFlags: + $ref: '#/components/schemas/EnrollmentFlagsV4' + SubjectNameFlags: + $ref: '#/components/schemas/SubjectNameFlagsV4' + GeneralFlags: + $ref: '#/components/schemas/GeneralFlagsV4' + HashAlgorithm: + $ref: '#/components/schemas/HashAlgorithm' + Extensions: + $ref: '#/components/schemas/ExtensionsV4' + required: + - CertificateValidity + - EnrollmentFlags + - Extensions + - GeneralFlags + - PrivateKeyAttributes + - PrivateKeyFlags + - SubjectNameFlags + additionalProperties: false + ValidityPeriod: + type: object + properties: + PeriodType: + $ref: '#/components/schemas/ValidityPeriodType' + Period: + type: number + maximum: 8766000 + minimum: 1 + required: + - Period + - PeriodType + additionalProperties: false + ValidityPeriodType: + type: string + enum: + - HOURS + - DAYS + - WEEKS + - MONTHS + - YEARS + Template: + type: object + properties: + ConnectorArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$ + Definition: + $ref: '#/components/schemas/TemplateDefinition' + Name: + type: string + maxLength: 64 + minLength: 1 + pattern: ^(?!^\s+$)((?![\x5c'\x2b,;<=>#\x22])([\x20-\x7E]))+$ + ReenrollAllCertificateHolders: + type: boolean + Tags: + $ref: '#/components/schemas/Tags' + TemplateArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\/template\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$ + required: + - ConnectorArn + - Definition + - Name + x-stackql-resource-name: template + description: Represents a template that defines certificate configurations, both for issuance and client handling + x-type-name: AWS::PCAConnectorAD::Template + x-stackql-primary-identifier: + - TemplateArn + x-create-only-properties: + - ConnectorArn + - Name + x-write-only-properties: + - ConnectorArn + - Definition + - Name + - ReenrollAllCertificateHolders + - Tags + x-read-only-properties: + - TemplateArn + x-required-properties: + - ConnectorArn + - Definition + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - pca-connector-ad:CreateTemplate + read: + - pca-connector-ad:GetTemplate + - pca-connector-ad:ListTagsForResource + update: + - pca-connector-ad:ListTagsForResource + - pca-connector-ad:TagResource + - pca-connector-ad:UntagResource + - pca-connector-ad:UpdateTemplate + delete: + - pca-connector-ad:GetTemplate + - pca-connector-ad:DeleteTemplate + list: + - pca-connector-ad:ListTemplates + AccessRight: + type: string + enum: + - ALLOW + - DENY + AccessRights: + type: object + properties: + Enroll: + $ref: '#/components/schemas/AccessRight' + AutoEnroll: + $ref: '#/components/schemas/AccessRight' + additionalProperties: false + TemplateGroupAccessControlEntry: + type: object + properties: + AccessRights: + $ref: '#/components/schemas/AccessRights' + GroupDisplayName: + type: string + maxLength: 256 + minLength: 0 + pattern: ^[\x20-\x7E]+$ + GroupSecurityIdentifier: + type: string + maxLength: 256 + minLength: 7 + pattern: ^S-[0-9]-([0-9]+-){1,14}[0-9]+$ + TemplateArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:connector(\/[\w-]+)\/template(\/[\w-]+)$ + required: + - AccessRights + - GroupDisplayName + x-stackql-resource-name: template_group_access_control_entry + description: Definition of AWS::PCAConnectorAD::TemplateGroupAccessControlEntry Resource Type + x-type-name: AWS::PCAConnectorAD::TemplateGroupAccessControlEntry + x-stackql-primary-identifier: + - GroupSecurityIdentifier + - TemplateArn + x-create-only-properties: + - GroupSecurityIdentifier + - TemplateArn + x-write-only-properties: + - AccessRights + - GroupDisplayName + x-required-properties: + - AccessRights + - GroupDisplayName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - pca-connector-ad:CreateTemplateGroupAccessControlEntry + read: + - pca-connector-ad:GetTemplateGroupAccessControlEntry + update: + - pca-connector-ad:UpdateTemplateGroupAccessControlEntry + delete: + - pca-connector-ad:DeleteTemplateGroupAccessControlEntry + - pca-connector-ad:GetTemplateGroupAccessControlEntry + list: + - pca-connector-ad:ListTemplateGroupAccessControlEntries + x-stackQL-resources: + connectors: + name: connectors + id: aws.pcaconnectorad.connectors + x-cfn-schema-name: Connector + x-type: list + x-identifiers: + - ConnectorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConnectorArn') as connector_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCAConnectorAD::Connector' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConnectorArn') as connector_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCAConnectorAD::Connector' + AND region = 'us-east-1' + connector: + name: connector + id: aws.pcaconnectorad.connector + x-cfn-schema-name: Connector + x-type: get + x-identifiers: + - ConnectorArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CertificateAuthorityArn') as certificate_authority_arn, + JSON_EXTRACT(Properties, '$.ConnectorArn') as connector_arn, + JSON_EXTRACT(Properties, '$.DirectoryId') as directory_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VpcInformation') as vpc_information + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCAConnectorAD::Connector' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CertificateAuthorityArn') as certificate_authority_arn, + json_extract_path_text(Properties, 'ConnectorArn') as connector_arn, + json_extract_path_text(Properties, 'DirectoryId') as directory_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VpcInformation') as vpc_information + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCAConnectorAD::Connector' + AND data__Identifier = '' + AND region = 'us-east-1' + directory_registrations: + name: directory_registrations + id: aws.pcaconnectorad.directory_registrations + x-cfn-schema-name: DirectoryRegistration + x-type: list + x-identifiers: + - DirectoryRegistrationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DirectoryRegistrationArn') as directory_registration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCAConnectorAD::DirectoryRegistration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DirectoryRegistrationArn') as directory_registration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCAConnectorAD::DirectoryRegistration' + AND region = 'us-east-1' + directory_registration: + name: directory_registration + id: aws.pcaconnectorad.directory_registration + x-cfn-schema-name: DirectoryRegistration + x-type: get + x-identifiers: + - DirectoryRegistrationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DirectoryId') as directory_id, + JSON_EXTRACT(Properties, '$.DirectoryRegistrationArn') as directory_registration_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCAConnectorAD::DirectoryRegistration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DirectoryId') as directory_id, + json_extract_path_text(Properties, 'DirectoryRegistrationArn') as directory_registration_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCAConnectorAD::DirectoryRegistration' + AND data__Identifier = '' + AND region = 'us-east-1' + service_principal_names: + name: service_principal_names + id: aws.pcaconnectorad.service_principal_names + x-cfn-schema-name: ServicePrincipalName + x-type: list + x-identifiers: + - ConnectorArn + - DirectoryRegistrationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConnectorArn') as connector_arn, + JSON_EXTRACT(Properties, '$.DirectoryRegistrationArn') as directory_registration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCAConnectorAD::ServicePrincipalName' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConnectorArn') as connector_arn, + json_extract_path_text(Properties, 'DirectoryRegistrationArn') as directory_registration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCAConnectorAD::ServicePrincipalName' + AND region = 'us-east-1' + service_principal_name: + name: service_principal_name + id: aws.pcaconnectorad.service_principal_name + x-cfn-schema-name: ServicePrincipalName + x-type: get + x-identifiers: + - ConnectorArn + - DirectoryRegistrationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ConnectorArn') as connector_arn, + JSON_EXTRACT(Properties, '$.DirectoryRegistrationArn') as directory_registration_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCAConnectorAD::ServicePrincipalName' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ConnectorArn') as connector_arn, + json_extract_path_text(Properties, 'DirectoryRegistrationArn') as directory_registration_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCAConnectorAD::ServicePrincipalName' + AND data__Identifier = '|' + AND region = 'us-east-1' + templates: + name: templates + id: aws.pcaconnectorad.templates + x-cfn-schema-name: Template + x-type: list + x-identifiers: + - TemplateArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TemplateArn') as template_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCAConnectorAD::Template' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TemplateArn') as template_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCAConnectorAD::Template' + AND region = 'us-east-1' + template: + name: template + id: aws.pcaconnectorad.template + x-cfn-schema-name: Template + x-type: get + x-identifiers: + - TemplateArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ConnectorArn') as connector_arn, + JSON_EXTRACT(Properties, '$.Definition') as definition, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ReenrollAllCertificateHolders') as reenroll_all_certificate_holders, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TemplateArn') as template_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCAConnectorAD::Template' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ConnectorArn') as connector_arn, + json_extract_path_text(Properties, 'Definition') as definition, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ReenrollAllCertificateHolders') as reenroll_all_certificate_holders, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TemplateArn') as template_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCAConnectorAD::Template' + AND data__Identifier = '' + AND region = 'us-east-1' + template_group_access_control_entries: + name: template_group_access_control_entries + id: aws.pcaconnectorad.template_group_access_control_entries + x-cfn-schema-name: TemplateGroupAccessControlEntry + x-type: list + x-identifiers: + - GroupSecurityIdentifier + - TemplateArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GroupSecurityIdentifier') as group_security_identifier, + JSON_EXTRACT(Properties, '$.TemplateArn') as template_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCAConnectorAD::TemplateGroupAccessControlEntry' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GroupSecurityIdentifier') as group_security_identifier, + json_extract_path_text(Properties, 'TemplateArn') as template_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCAConnectorAD::TemplateGroupAccessControlEntry' + AND region = 'us-east-1' + template_group_access_control_entry: + name: template_group_access_control_entry + id: aws.pcaconnectorad.template_group_access_control_entry + x-cfn-schema-name: TemplateGroupAccessControlEntry + x-type: get + x-identifiers: + - GroupSecurityIdentifier + - TemplateArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccessRights') as access_rights, + JSON_EXTRACT(Properties, '$.GroupDisplayName') as group_display_name, + JSON_EXTRACT(Properties, '$.GroupSecurityIdentifier') as group_security_identifier, + JSON_EXTRACT(Properties, '$.TemplateArn') as template_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCAConnectorAD::TemplateGroupAccessControlEntry' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccessRights') as access_rights, + json_extract_path_text(Properties, 'GroupDisplayName') as group_display_name, + json_extract_path_text(Properties, 'GroupSecurityIdentifier') as group_security_identifier, + json_extract_path_text(Properties, 'TemplateArn') as template_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCAConnectorAD::TemplateGroupAccessControlEntry' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/personalize.yaml b/providers/src/aws/v00.00.00000/services/personalize.yaml new file mode 100644 index 00000000..c3ab7239 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/personalize.yaml @@ -0,0 +1,712 @@ +openapi: 3.0.0 +info: + title: Personalize + version: 1.0.0 +paths: {} +components: + schemas: + DatasetImportJob: + description: Initial DatasetImportJob for the created dataset + type: object + properties: + JobName: + description: The name for the dataset import job. + type: string + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]* + minLength: 1 + maxLength: 63 + DatasetImportJobArn: + description: The ARN of the dataset import job + type: string + pattern: arn:([a-z\d-]+):personalize:.*:.*:.+ + maxLength: 256 + DatasetArn: + description: The ARN of the dataset that receives the imported data + type: string + pattern: arn:([a-z\d-]+):personalize:.*:.*:.+ + maxLength: 256 + DataSource: + type: object + description: The Amazon S3 bucket that contains the training data to import. + properties: + DataLocation: + description: The path to the Amazon S3 bucket where the data that you want to upload to your dataset is stored. + type: string + maxLength: 256 + pattern: (s3|http|https)://.+ + additionalProperties: false + RoleArn: + description: The ARN of the IAM role that has permissions to read from the Amazon S3 data source. + type: string + maxLength: 256 + pattern: arn:([a-z\d-]+):iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+ + additionalProperties: false + Dataset: + type: object + properties: + Name: + description: The name for the dataset + type: string + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]* + minLength: 1 + maxLength: 63 + DatasetArn: + description: The ARN of the dataset + type: string + pattern: arn:([a-z\d-]+):personalize:.*:.*:.+ + maxLength: 256 + DatasetType: + description: The type of dataset + type: string + enum: + - Interactions + - Items + - Users + maxLength: 256 + DatasetGroupArn: + description: The Amazon Resource Name (ARN) of the dataset group to add the dataset to + type: string + maxLength: 256 + pattern: arn:([a-z\d-]+):personalize:.*:.*:.+ + SchemaArn: + description: The ARN of the schema to associate with the dataset. The schema defines the dataset fields. + type: string + maxLength: 256 + pattern: arn:([a-z\d-]+):personalize:.*:.*:.+ + DatasetImportJob: + $ref: '#/components/schemas/DatasetImportJob' + required: + - Name + - DatasetType + - DatasetGroupArn + - SchemaArn + x-stackql-resource-name: dataset + description: Resource schema for AWS::Personalize::Dataset. + x-type-name: AWS::Personalize::Dataset + x-stackql-primary-identifier: + - DatasetArn + x-create-only-properties: + - Name + - DatasetType + - DatasetGroupArn + - SchemaArn + x-read-only-properties: + - DatasetArn + x-required-properties: + - Name + - DatasetType + - DatasetGroupArn + - SchemaArn + x-replacement-strategy: delete_then_create + x-required-permissions: + create: + - personalize:CreateDataset + - personalize:DescribeDataset + - personalize:CreateDatasetImportJob + - personalize:DescribeDatasetImportJob + - iam:PassRole + read: + - personalize:DescribeDataset + update: + - personalize:DescribeDataset + - personalize:CreateDatasetImportJob + - personalize:DescribeDatasetImportJob + - iam:PassRole + delete: + - personalize:DeleteDataset + - personalize:DescribeDataset + list: + - personalize:ListDatasets + DatasetGroup: + type: object + properties: + DatasetGroupArn: + description: The Amazon Resource Name (ARN) of the dataset group. + type: string + pattern: arn:([a-z\d-]+):personalize:.*:.*:.+ + maxLength: 256 + Name: + description: The name for the new dataset group. + type: string + minLength: 1 + maxLength: 63 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]* + KmsKeyArn: + description: The Amazon Resource Name(ARN) of a AWS Key Management Service (KMS) key used to encrypt the datasets. + type: string + maxLength: 2048 + pattern: arn:aws.*:kms:.*:[0-9]{12}:key/.* + RoleArn: + description: The ARN of the AWS Identity and Access Management (IAM) role that has permissions to access the AWS Key Management Service (KMS) key. Supplying an IAM role is only valid when also specifying a KMS key. + type: string + pattern: arn:([a-z\d-]+):iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+ + minLength: 0 + maxLength: 256 + Domain: + description: The domain of a Domain dataset group. + type: string + enum: + - ECOMMERCE + - VIDEO_ON_DEMAND + required: + - Name + x-stackql-resource-name: dataset_group + description: Resource Schema for AWS::Personalize::DatasetGroup. + x-type-name: AWS::Personalize::DatasetGroup + x-stackql-primary-identifier: + - DatasetGroupArn + x-create-only-properties: + - Name + - RoleArn + - KmsKeyArn + - Domain + x-read-only-properties: + - DatasetGroupArn + x-required-properties: + - Name + x-required-permissions: + create: + - personalize:CreateDatasetGroup + - personalize:DescribeDatasetGroup + - iam:PassRole + read: + - personalize:DescribeDatasetGroup + delete: + - personalize:DescribeDatasetGroup + - personalize:DeleteDatasetGroup + list: + - personalize:ListDatasetGroups + Schema: + type: object + properties: + Name: + description: Name for the schema. + type: string + minLength: 1 + maxLength: 63 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]* + SchemaArn: + description: Arn for the schema. + type: string + maxLength: 256 + pattern: arn:([a-z\d-]+):personalize:.*:.*:.+ + Schema: + description: A schema in Avro JSON format. + type: string + maxLength: 10000 + Domain: + description: The domain of a Domain dataset group. + type: string + enum: + - ECOMMERCE + - VIDEO_ON_DEMAND + required: + - Name + - Schema + x-stackql-resource-name: schema + description: Resource schema for AWS::Personalize::Schema. + x-type-name: AWS::Personalize::Schema + x-stackql-primary-identifier: + - SchemaArn + x-create-only-properties: + - Name + - Schema + - Domain + x-read-only-properties: + - SchemaArn + x-required-properties: + - Name + - Schema + x-required-permissions: + create: + - personalize:CreateSchema + - personalize:DescribeSchema + read: + - personalize:DescribeSchema + delete: + - personalize:DeleteSchema + - personalize:DescribeSchema + list: + - personalize:ListSchemas + SolutionArn: + description: The ARN of the solution + type: string + maxLength: 256 + pattern: arn:([a-z\d-]+):personalize:.*:.*:.+ + CategoricalHyperParameterRange: + description: Provides the name and values of a Categorical hyperparameter. + type: object + properties: + Name: + description: The name of the hyperparameter. + type: string + maxLength: 256 + Values: + description: A list of the categories for the hyperparameter. + type: array + items: + type: string + maxLength: 1000 + maxItems: 100 + x-insertionOrder: true + additionalProperties: false + ContinuousHyperParameterRange: + description: Provides the name and range of a continuous hyperparameter. + type: object + properties: + Name: + description: The name of the hyperparameter. + type: string + maxLength: 256 + MinValue: + description: The minimum allowable value for the hyperparameter. + type: number + minimum: -1000000 + MaxValue: + description: The maximum allowable value for the hyperparameter. + type: number + minimum: -1000000 + additionalProperties: false + IntegerHyperParameterRange: + description: Provides the name and range of an integer-valued hyperparameter. + type: object + properties: + Name: + description: The name of the hyperparameter. + type: string + maxLength: 256 + MinValue: + description: The minimum allowable value for the hyperparameter. + type: integer + minimum: -1000000 + MaxValue: + description: The maximum allowable value for the hyperparameter. + type: integer + maximum: 1000000 + additionalProperties: false + SolutionConfig: + type: object + description: The configuration to use with the solution. When performAutoML is set to true, Amazon Personalize only evaluates the autoMLConfig section of the solution configuration. + properties: + AlgorithmHyperParameters: + description: Lists the hyperparameter names and ranges. + type: object + x-patternProperties: + .{1,}: + type: string + maxProperties: 100 + additionalProperties: false + AutoMLConfig: + description: The AutoMLConfig object containing a list of recipes to search when AutoML is performed. + type: object + properties: + MetricName: + description: The metric to optimize. + type: string + maxLength: 256 + RecipeList: + description: The list of candidate recipes. + type: array + items: + type: string + maxLength: 256 + pattern: arn:([a-z\d-]+):personalize:.*:.*:.+ + x-insertionOrder: true + maxItems: 100 + additionalProperties: false + EventValueThreshold: + description: Only events with a value greater than or equal to this threshold are used for training a model. + type: string + maxLength: 256 + FeatureTransformationParameters: + description: Lists the feature transformation parameters. + type: object + x-patternProperties: + .{1,}: + type: string + maxProperties: 100 + additionalProperties: false + HpoConfig: + description: Describes the properties for hyperparameter optimization (HPO) + type: object + properties: + AlgorithmHyperParameterRanges: + description: The hyperparameters and their allowable ranges + type: object + properties: + CategoricalHyperParameterRanges: + description: The categorical hyperparameters and their ranges. + type: array + maxItems: 100 + items: + $ref: '#/components/schemas/CategoricalHyperParameterRange' + x-insertionOrder: true + ContinuousHyperParameterRanges: + description: The continuous hyperparameters and their ranges. + type: array + maxItems: 100 + items: + $ref: '#/components/schemas/ContinuousHyperParameterRange' + x-insertionOrder: true + IntegerHyperParameterRanges: + description: The integer hyperparameters and their ranges. + type: array + maxItems: 100 + items: + $ref: '#/components/schemas/IntegerHyperParameterRange' + x-insertionOrder: true + additionalProperties: false + HpoObjective: + description: The metric to optimize during HPO. + type: object + properties: + MetricName: + description: The name of the metric + type: string + maxLength: 256 + Type: + description: The type of the metric. Valid values are Maximize and Minimize. + type: string + enum: + - Maximize + - Minimize + MetricRegex: + description: A regular expression for finding the metric in the training job logs. + type: string + maxLength: 256 + additionalProperties: false + HpoResourceConfig: + description: Describes the resource configuration for hyperparameter optimization (HPO). + type: object + properties: + MaxNumberOfTrainingJobs: + description: The maximum number of training jobs when you create a solution version. The maximum value for maxNumberOfTrainingJobs is 40. + type: string + maxLength: 256 + MaxParallelTrainingJobs: + description: The maximum number of parallel training jobs when you create a solution version. The maximum value for maxParallelTrainingJobs is 10. + type: string + maxLength: 256 + additionalProperties: false + additionalProperties: false + additionalProperties: false + Solution: + type: object + properties: + Name: + description: The name for the solution + type: string + minLength: 1 + maxLength: 63 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]* + SolutionArn: + $ref: '#/components/schemas/SolutionArn' + EventType: + description: When your have multiple event types (using an EVENT_TYPE schema field), this parameter specifies which event type (for example, 'click' or 'like') is used for training the model. If you do not provide an eventType, Amazon Personalize will use all interactions for training with equal weight regardless of type. + type: string + maxLength: 256 + DatasetGroupArn: + description: The ARN of the dataset group that provides the training data. + type: string + maxLength: 256 + pattern: arn:([a-z\d-]+):personalize:.*:.*:.+ + PerformAutoML: + description: Whether to perform automated machine learning (AutoML). The default is false. For this case, you must specify recipeArn. + type: boolean + PerformHPO: + description: Whether to perform hyperparameter optimization (HPO) on the specified or selected recipe. The default is false. When performing AutoML, this parameter is always true and you should not set it to false. + type: boolean + RecipeArn: + description: The ARN of the recipe to use for model training. Only specified when performAutoML is false. + type: string + maxLength: 256 + pattern: arn:([a-z\d-]+):personalize:.*:.*:.+ + SolutionConfig: + $ref: '#/components/schemas/SolutionConfig' + required: + - Name + - DatasetGroupArn + x-stackql-resource-name: solution + description: Resource schema for AWS::Personalize::Solution. + x-type-name: AWS::Personalize::Solution + x-stackql-primary-identifier: + - SolutionArn + x-create-only-properties: + - Name + - EventType + - DatasetGroupArn + - PerformAutoML + - PerformHPO + - RecipeArn + - SolutionConfig + x-read-only-properties: + - SolutionArn + x-required-properties: + - Name + - DatasetGroupArn + x-required-permissions: + create: + - personalize:CreateSolution + - personalize:DescribeSolution + read: + - personalize:DescribeSolution + delete: + - personalize:DeleteSolution + - personalize:DescribeSolution + list: + - personalize:ListSolutions + x-stackQL-resources: + datasets: + name: datasets + id: aws.personalize.datasets + x-cfn-schema-name: Dataset + x-type: list + x-identifiers: + - DatasetArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DatasetArn') as dataset_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Personalize::Dataset' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DatasetArn') as dataset_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Personalize::Dataset' + AND region = 'us-east-1' + dataset: + name: dataset + id: aws.personalize.dataset + x-cfn-schema-name: Dataset + x-type: get + x-identifiers: + - DatasetArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.DatasetArn') as dataset_arn, + JSON_EXTRACT(Properties, '$.DatasetType') as dataset_type, + JSON_EXTRACT(Properties, '$.DatasetGroupArn') as dataset_group_arn, + JSON_EXTRACT(Properties, '$.SchemaArn') as schema_arn, + JSON_EXTRACT(Properties, '$.DatasetImportJob') as dataset_import_job + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Personalize::Dataset' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'DatasetArn') as dataset_arn, + json_extract_path_text(Properties, 'DatasetType') as dataset_type, + json_extract_path_text(Properties, 'DatasetGroupArn') as dataset_group_arn, + json_extract_path_text(Properties, 'SchemaArn') as schema_arn, + json_extract_path_text(Properties, 'DatasetImportJob') as dataset_import_job + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Personalize::Dataset' + AND data__Identifier = '' + AND region = 'us-east-1' + dataset_groups: + name: dataset_groups + id: aws.personalize.dataset_groups + x-cfn-schema-name: DatasetGroup + x-type: list + x-identifiers: + - DatasetGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DatasetGroupArn') as dataset_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Personalize::DatasetGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DatasetGroupArn') as dataset_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Personalize::DatasetGroup' + AND region = 'us-east-1' + dataset_group: + name: dataset_group + id: aws.personalize.dataset_group + x-cfn-schema-name: DatasetGroup + x-type: get + x-identifiers: + - DatasetGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DatasetGroupArn') as dataset_group_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Domain') as domain + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Personalize::DatasetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DatasetGroupArn') as dataset_group_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Domain') as domain + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Personalize::DatasetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + schemata: + name: schemata + id: aws.personalize.schemata + x-cfn-schema-name: Schema + x-type: list + x-identifiers: + - SchemaArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SchemaArn') as schema_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Personalize::Schema' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SchemaArn') as schema_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Personalize::Schema' + AND region = 'us-east-1' + schema: + name: schema + id: aws.personalize.schema + x-cfn-schema-name: Schema + x-type: get + x-identifiers: + - SchemaArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.SchemaArn') as schema_arn, + JSON_EXTRACT(Properties, '$.Schema') as _schema, + JSON_EXTRACT(Properties, '$.Domain') as domain + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Personalize::Schema' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'SchemaArn') as schema_arn, + json_extract_path_text(Properties, 'Schema') as _schema, + json_extract_path_text(Properties, 'Domain') as domain + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Personalize::Schema' + AND data__Identifier = '' + AND region = 'us-east-1' + solutions: + name: solutions + id: aws.personalize.solutions + x-cfn-schema-name: Solution + x-type: list + x-identifiers: + - SolutionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SolutionArn') as solution_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Personalize::Solution' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SolutionArn') as solution_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Personalize::Solution' + AND region = 'us-east-1' + solution: + name: solution + id: aws.personalize.solution + x-cfn-schema-name: Solution + x-type: get + x-identifiers: + - SolutionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.SolutionArn') as solution_arn, + JSON_EXTRACT(Properties, '$.EventType') as event_type, + JSON_EXTRACT(Properties, '$.DatasetGroupArn') as dataset_group_arn, + JSON_EXTRACT(Properties, '$.PerformAutoML') as perform_auto_ml, + JSON_EXTRACT(Properties, '$.PerformHPO') as perform_hpo, + JSON_EXTRACT(Properties, '$.RecipeArn') as recipe_arn, + JSON_EXTRACT(Properties, '$.SolutionConfig') as solution_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Personalize::Solution' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'SolutionArn') as solution_arn, + json_extract_path_text(Properties, 'EventType') as event_type, + json_extract_path_text(Properties, 'DatasetGroupArn') as dataset_group_arn, + json_extract_path_text(Properties, 'PerformAutoML') as perform_auto_ml, + json_extract_path_text(Properties, 'PerformHPO') as perform_hpo, + json_extract_path_text(Properties, 'RecipeArn') as recipe_arn, + json_extract_path_text(Properties, 'SolutionConfig') as solution_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Personalize::Solution' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/pinpoint.yaml b/providers/src/aws/v00.00.00000/services/pinpoint.yaml new file mode 100644 index 00000000..9d66a76b --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/pinpoint.yaml @@ -0,0 +1,216 @@ +openapi: 3.0.0 +info: + title: Pinpoint + version: 1.0.0 +paths: {} +components: + schemas: + Alignment: + enum: + - LEFT + - CENTER + - RIGHT + type: string + BodyConfig: + additionalProperties: false + properties: + Alignment: + $ref: '#/components/schemas/Alignment' + Body: + type: string + TextColor: + type: string + type: object + ButtonAction: + enum: + - LINK + - DEEP_LINK + - CLOSE + type: string + ButtonConfig: + additionalProperties: false + properties: + Android: + $ref: '#/components/schemas/OverrideButtonConfiguration' + DefaultConfig: + $ref: '#/components/schemas/DefaultButtonConfiguration' + IOS: + $ref: '#/components/schemas/OverrideButtonConfiguration' + Web: + $ref: '#/components/schemas/OverrideButtonConfiguration' + type: object + DefaultButtonConfiguration: + additionalProperties: false + properties: + BackgroundColor: + type: string + BorderRadius: + type: integer + ButtonAction: + $ref: '#/components/schemas/ButtonAction' + Link: + type: string + Text: + type: string + TextColor: + type: string + type: object + HeaderConfig: + additionalProperties: false + properties: + Alignment: + $ref: '#/components/schemas/Alignment' + Header: + type: string + TextColor: + type: string + type: object + InAppMessageContent: + additionalProperties: false + properties: + BackgroundColor: + type: string + BodyConfig: + $ref: '#/components/schemas/BodyConfig' + HeaderConfig: + $ref: '#/components/schemas/HeaderConfig' + ImageUrl: + type: string + PrimaryBtn: + $ref: '#/components/schemas/ButtonConfig' + SecondaryBtn: + $ref: '#/components/schemas/ButtonConfig' + type: object + OverrideButtonConfiguration: + additionalProperties: false + properties: + ButtonAction: + $ref: '#/components/schemas/ButtonAction' + Link: + type: string + type: object + InAppTemplate: + type: object + properties: + Arn: + type: string + Content: + x-insertionOrder: true + items: + $ref: '#/components/schemas/InAppMessageContent' + type: array + CustomConfig: + type: object + Layout: + enum: + - BOTTOM_BANNER + - TOP_BANNER + - OVERLAYS + - MOBILE_FEED + - MIDDLE_BANNER + - CAROUSEL + type: string + Tags: + type: object + TemplateDescription: + type: string + TemplateName: + type: string + required: + - TemplateName + x-stackql-resource-name: in_app_template + description: Resource Type definition for AWS::Pinpoint::InAppTemplate + x-type-name: AWS::Pinpoint::InAppTemplate + x-stackql-primary-identifier: + - TemplateName + x-create-only-properties: + - TemplateName + x-read-only-properties: + - Arn + x-required-properties: + - TemplateName + x-taggable: true + x-required-permissions: + create: + - mobiletargeting:CreateInAppTemplate + - mobiletargeting:GetInAppTemplate + - mobiletargeting:TagResource + delete: + - mobiletargeting:DeleteInAppTemplate + - mobiletargeting:GetInAppTemplate + list: + - mobiletargeting:GetInAppTemplate + - mobiletargeting:ListTemplates + read: + - mobiletargeting:GetInAppTemplate + - mobiletargeting:ListTemplates + update: + - mobiletargeting:UpdateInAppTemplate + - mobiletargeting:GetInAppTemplate + x-stackQL-resources: + in_app_templates: + name: in_app_templates + id: aws.pinpoint.in_app_templates + x-cfn-schema-name: InAppTemplate + x-type: list + x-identifiers: + - TemplateName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TemplateName') as template_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Pinpoint::InAppTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TemplateName') as template_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Pinpoint::InAppTemplate' + AND region = 'us-east-1' + in_app_template: + name: in_app_template + id: aws.pinpoint.in_app_template + x-cfn-schema-name: InAppTemplate + x-type: get + x-identifiers: + - TemplateName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Content') as content, + JSON_EXTRACT(Properties, '$.CustomConfig') as custom_config, + JSON_EXTRACT(Properties, '$.Layout') as layout, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TemplateDescription') as template_description, + JSON_EXTRACT(Properties, '$.TemplateName') as template_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Pinpoint::InAppTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Content') as content, + json_extract_path_text(Properties, 'CustomConfig') as custom_config, + json_extract_path_text(Properties, 'Layout') as layout, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TemplateDescription') as template_description, + json_extract_path_text(Properties, 'TemplateName') as template_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Pinpoint::InAppTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/pipes.yaml b/providers/src/aws/v00.00.00000/services/pipes.yaml new file mode 100644 index 00000000..78a97de4 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/pipes.yaml @@ -0,0 +1,1358 @@ +openapi: 3.0.0 +info: + title: Pipes + version: 1.0.0 +paths: {} +components: + schemas: + AssignPublicIp: + type: string + enum: + - ENABLED + - DISABLED + AwsVpcConfiguration: + type: object + properties: + Subnets: + type: array + items: + type: string + maxLength: 1024 + minLength: 1 + pattern: ^subnet-[0-9a-z]*|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + maxItems: 16 + minItems: 0 + SecurityGroups: + type: array + items: + type: string + maxLength: 1024 + minLength: 1 + pattern: ^sg-[0-9a-zA-Z]*|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + maxItems: 5 + minItems: 0 + AssignPublicIp: + $ref: '#/components/schemas/AssignPublicIp' + required: + - Subnets + additionalProperties: false + BatchArrayProperties: + type: object + properties: + Size: + type: integer + default: 0 + maximum: 10000 + minimum: 2 + additionalProperties: false + BatchContainerOverrides: + type: object + properties: + Command: + type: array + items: + type: string + Environment: + type: array + items: + $ref: '#/components/schemas/BatchEnvironmentVariable' + InstanceType: + type: string + ResourceRequirements: + type: array + items: + $ref: '#/components/schemas/BatchResourceRequirement' + additionalProperties: false + BatchEnvironmentVariable: + type: object + properties: + Name: + type: string + Value: + type: string + additionalProperties: false + BatchJobDependency: + type: object + properties: + JobId: + type: string + Type: + $ref: '#/components/schemas/BatchJobDependencyType' + additionalProperties: false + BatchJobDependencyType: + type: string + enum: + - N_TO_N + - SEQUENTIAL + BatchParametersMap: + type: object + x-patternProperties: + .+: + type: string + additionalProperties: false + BatchResourceRequirement: + type: object + properties: + Type: + $ref: '#/components/schemas/BatchResourceRequirementType' + Value: + type: string + required: + - Type + - Value + additionalProperties: false + BatchResourceRequirementType: + type: string + enum: + - GPU + - MEMORY + - VCPU + BatchRetryStrategy: + type: object + properties: + Attempts: + type: integer + default: 0 + maximum: 10 + minimum: 1 + additionalProperties: false + CapacityProviderStrategyItem: + type: object + properties: + CapacityProvider: + type: string + maxLength: 255 + minLength: 1 + Weight: + type: integer + default: 0 + maximum: 1000 + minimum: 0 + Base: + type: integer + default: 0 + maximum: 100000 + minimum: 0 + required: + - CapacityProvider + additionalProperties: false + CloudwatchLogsLogDestination: + type: object + properties: + LogGroupArn: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^(^arn:aws([a-z]|\-)*:logs:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):log-group:.+)$ + additionalProperties: false + DeadLetterConfig: + type: object + properties: + Arn: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ + additionalProperties: false + DynamoDBStreamStartPosition: + type: string + enum: + - TRIM_HORIZON + - LATEST + EcsContainerOverride: + type: object + properties: + Command: + type: array + items: + type: string + Cpu: + type: integer + Environment: + type: array + items: + $ref: '#/components/schemas/EcsEnvironmentVariable' + EnvironmentFiles: + type: array + items: + $ref: '#/components/schemas/EcsEnvironmentFile' + Memory: + type: integer + MemoryReservation: + type: integer + Name: + type: string + ResourceRequirements: + type: array + items: + $ref: '#/components/schemas/EcsResourceRequirement' + additionalProperties: false + EcsEnvironmentFile: + type: object + properties: + Type: + $ref: '#/components/schemas/EcsEnvironmentFileType' + Value: + type: string + required: + - Type + - Value + additionalProperties: false + EcsEnvironmentFileType: + type: string + enum: + - s3 + EcsEnvironmentVariable: + type: object + properties: + Name: + type: string + Value: + type: string + additionalProperties: false + EcsEphemeralStorage: + type: object + properties: + SizeInGiB: + type: integer + default: 0 + maximum: 200 + minimum: 21 + required: + - SizeInGiB + additionalProperties: false + EcsInferenceAcceleratorOverride: + type: object + properties: + DeviceName: + type: string + DeviceType: + type: string + additionalProperties: false + EcsResourceRequirement: + type: object + properties: + Type: + $ref: '#/components/schemas/EcsResourceRequirementType' + Value: + type: string + required: + - Type + - Value + additionalProperties: false + EcsResourceRequirementType: + type: string + enum: + - GPU + - InferenceAccelerator + EcsTaskOverride: + type: object + properties: + ContainerOverrides: + type: array + items: + $ref: '#/components/schemas/EcsContainerOverride' + Cpu: + type: string + EphemeralStorage: + $ref: '#/components/schemas/EcsEphemeralStorage' + ExecutionRoleArn: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + InferenceAcceleratorOverrides: + type: array + items: + $ref: '#/components/schemas/EcsInferenceAcceleratorOverride' + Memory: + type: string + TaskRoleArn: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + additionalProperties: false + Filter: + type: object + properties: + Pattern: + type: string + maxLength: 4096 + minLength: 0 + additionalProperties: false + FilterCriteria: + type: object + properties: + Filters: + type: array + items: + $ref: '#/components/schemas/Filter' + maxItems: 5 + minItems: 0 + additionalProperties: false + FirehoseLogDestination: + type: object + properties: + DeliveryStreamArn: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^(^arn:aws([a-z]|\-)*:firehose:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):deliverystream/.+)$ + additionalProperties: false + HeaderParametersMap: + type: object + x-patternProperties: + ^[!#$%&'*+-.^_`|~0-9a-zA-Z]+|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$: + type: string + maxLength: 512 + minLength: 0 + pattern: ^[ \t]*[\x20-\x7E]+([ \t]+[\x20-\x7E]+)*[ \t]*|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + additionalProperties: false + IncludeExecutionDataOption: + type: string + enum: + - ALL + KinesisStreamStartPosition: + type: string + enum: + - TRIM_HORIZON + - LATEST + - AT_TIMESTAMP + LaunchType: + type: string + enum: + - EC2 + - FARGATE + - EXTERNAL + LogLevel: + type: string + enum: + - 'OFF' + - ERROR + - INFO + - TRACE + MQBrokerAccessCredentials: + oneOf: + - type: object + title: BasicAuth + properties: + BasicAuth: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + description: Optional SecretManager ARN which stores the database credentials + required: + - BasicAuth + additionalProperties: false + MSKAccessCredentials: + oneOf: + - type: object + title: SaslScram512Auth + properties: + SaslScram512Auth: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + description: Optional SecretManager ARN which stores the database credentials + required: + - SaslScram512Auth + additionalProperties: false + - type: object + title: ClientCertificateTlsAuth + properties: + ClientCertificateTlsAuth: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + description: Optional SecretManager ARN which stores the database credentials + required: + - ClientCertificateTlsAuth + additionalProperties: false + MSKStartPosition: + type: string + enum: + - TRIM_HORIZON + - LATEST + NetworkConfiguration: + type: object + properties: + AwsvpcConfiguration: + $ref: '#/components/schemas/AwsVpcConfiguration' + additionalProperties: false + OnPartialBatchItemFailureStreams: + type: string + enum: + - AUTOMATIC_BISECT + PipeEnrichmentHttpParameters: + type: object + properties: + PathParameterValues: + type: array + items: + type: string + pattern: ^(?!\s*$).+|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + HeaderParameters: + $ref: '#/components/schemas/HeaderParametersMap' + QueryStringParameters: + $ref: '#/components/schemas/QueryStringParametersMap' + additionalProperties: false + PipeEnrichmentParameters: + type: object + properties: + InputTemplate: + type: string + maxLength: 8192 + minLength: 0 + HttpParameters: + $ref: '#/components/schemas/PipeEnrichmentHttpParameters' + additionalProperties: false + PipeLogConfiguration: + type: object + properties: + S3LogDestination: + $ref: '#/components/schemas/S3LogDestination' + FirehoseLogDestination: + $ref: '#/components/schemas/FirehoseLogDestination' + CloudwatchLogsLogDestination: + $ref: '#/components/schemas/CloudwatchLogsLogDestination' + Level: + $ref: '#/components/schemas/LogLevel' + IncludeExecutionData: + type: array + items: + $ref: '#/components/schemas/IncludeExecutionDataOption' + uniqueItems: true + additionalProperties: false + PipeSourceActiveMQBrokerParameters: + type: object + properties: + Credentials: + $ref: '#/components/schemas/MQBrokerAccessCredentials' + QueueName: + type: string + maxLength: 1000 + minLength: 1 + pattern: ^[\s\S]*$ + BatchSize: + type: integer + maximum: 10000 + minimum: 1 + MaximumBatchingWindowInSeconds: + type: integer + maximum: 300 + minimum: 0 + required: + - Credentials + - QueueName + additionalProperties: false + PipeSourceDynamoDBStreamParameters: + type: object + properties: + BatchSize: + type: integer + maximum: 10000 + minimum: 1 + DeadLetterConfig: + $ref: '#/components/schemas/DeadLetterConfig' + OnPartialBatchItemFailure: + $ref: '#/components/schemas/OnPartialBatchItemFailureStreams' + MaximumBatchingWindowInSeconds: + type: integer + maximum: 300 + minimum: 0 + MaximumRecordAgeInSeconds: + type: integer + maximum: 604800 + minimum: -1 + MaximumRetryAttempts: + type: integer + maximum: 10000 + minimum: -1 + ParallelizationFactor: + type: integer + maximum: 10 + minimum: 1 + StartingPosition: + $ref: '#/components/schemas/DynamoDBStreamStartPosition' + required: + - StartingPosition + additionalProperties: false + PipeSourceKinesisStreamParameters: + type: object + properties: + BatchSize: + type: integer + maximum: 10000 + minimum: 1 + DeadLetterConfig: + $ref: '#/components/schemas/DeadLetterConfig' + OnPartialBatchItemFailure: + $ref: '#/components/schemas/OnPartialBatchItemFailureStreams' + MaximumBatchingWindowInSeconds: + type: integer + maximum: 300 + minimum: 0 + MaximumRecordAgeInSeconds: + type: integer + maximum: 604800 + minimum: -1 + MaximumRetryAttempts: + type: integer + maximum: 10000 + minimum: -1 + ParallelizationFactor: + type: integer + maximum: 10 + minimum: 1 + StartingPosition: + $ref: '#/components/schemas/KinesisStreamStartPosition' + StartingPositionTimestamp: + type: string + format: date-time + required: + - StartingPosition + additionalProperties: false + PipeSourceManagedStreamingKafkaParameters: + type: object + properties: + TopicName: + type: string + maxLength: 249 + minLength: 1 + pattern: ^[^.]([a-zA-Z0-9\-_.]+)$ + StartingPosition: + $ref: '#/components/schemas/MSKStartPosition' + BatchSize: + type: integer + maximum: 10000 + minimum: 1 + MaximumBatchingWindowInSeconds: + type: integer + maximum: 300 + minimum: 0 + ConsumerGroupID: + type: string + maxLength: 200 + minLength: 1 + pattern: ^[a-zA-Z0-9-\/*:_+=.@-]*$ + Credentials: + $ref: '#/components/schemas/MSKAccessCredentials' + required: + - TopicName + additionalProperties: false + PipeSourceParameters: + type: object + properties: + FilterCriteria: + $ref: '#/components/schemas/FilterCriteria' + KinesisStreamParameters: + $ref: '#/components/schemas/PipeSourceKinesisStreamParameters' + DynamoDBStreamParameters: + $ref: '#/components/schemas/PipeSourceDynamoDBStreamParameters' + SqsQueueParameters: + $ref: '#/components/schemas/PipeSourceSqsQueueParameters' + ActiveMQBrokerParameters: + $ref: '#/components/schemas/PipeSourceActiveMQBrokerParameters' + RabbitMQBrokerParameters: + $ref: '#/components/schemas/PipeSourceRabbitMQBrokerParameters' + ManagedStreamingKafkaParameters: + $ref: '#/components/schemas/PipeSourceManagedStreamingKafkaParameters' + SelfManagedKafkaParameters: + $ref: '#/components/schemas/PipeSourceSelfManagedKafkaParameters' + additionalProperties: false + PipeSourceRabbitMQBrokerParameters: + type: object + properties: + Credentials: + $ref: '#/components/schemas/MQBrokerAccessCredentials' + QueueName: + type: string + maxLength: 1000 + minLength: 1 + pattern: ^[\s\S]*$ + VirtualHost: + type: string + maxLength: 200 + minLength: 1 + pattern: ^[a-zA-Z0-9-\/*:_+=.@-]*$ + BatchSize: + type: integer + maximum: 10000 + minimum: 1 + MaximumBatchingWindowInSeconds: + type: integer + maximum: 300 + minimum: 0 + required: + - Credentials + - QueueName + additionalProperties: false + PipeSourceSelfManagedKafkaParameters: + type: object + properties: + TopicName: + type: string + maxLength: 249 + minLength: 1 + pattern: ^[^.]([a-zA-Z0-9\-_.]+)$ + StartingPosition: + $ref: '#/components/schemas/SelfManagedKafkaStartPosition' + AdditionalBootstrapServers: + type: array + items: + type: string + maxLength: 300 + minLength: 1 + pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]):[0-9]{1,5}$ + maxItems: 2 + minItems: 0 + BatchSize: + type: integer + maximum: 10000 + minimum: 1 + MaximumBatchingWindowInSeconds: + type: integer + maximum: 300 + minimum: 0 + ConsumerGroupID: + type: string + maxLength: 200 + minLength: 1 + pattern: ^[a-zA-Z0-9-\/*:_+=.@-]*$ + Credentials: + $ref: '#/components/schemas/SelfManagedKafkaAccessConfigurationCredentials' + ServerRootCaCertificate: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + description: Optional SecretManager ARN which stores the database credentials + Vpc: + $ref: '#/components/schemas/SelfManagedKafkaAccessConfigurationVpc' + required: + - TopicName + additionalProperties: false + PipeSourceSqsQueueParameters: + type: object + properties: + BatchSize: + type: integer + maximum: 10000 + minimum: 1 + MaximumBatchingWindowInSeconds: + type: integer + maximum: 300 + minimum: 0 + additionalProperties: false + PipeState: + type: string + enum: + - RUNNING + - STOPPED + - CREATING + - UPDATING + - DELETING + - STARTING + - STOPPING + - CREATE_FAILED + - UPDATE_FAILED + - START_FAILED + - STOP_FAILED + - DELETE_FAILED + - CREATE_ROLLBACK_FAILED + - DELETE_ROLLBACK_FAILED + - UPDATE_ROLLBACK_FAILED + PipeTargetBatchJobParameters: + type: object + properties: + JobDefinition: + type: string + JobName: + type: string + ArrayProperties: + $ref: '#/components/schemas/BatchArrayProperties' + RetryStrategy: + $ref: '#/components/schemas/BatchRetryStrategy' + ContainerOverrides: + $ref: '#/components/schemas/BatchContainerOverrides' + DependsOn: + type: array + items: + $ref: '#/components/schemas/BatchJobDependency' + maxItems: 20 + minItems: 0 + Parameters: + $ref: '#/components/schemas/BatchParametersMap' + required: + - JobDefinition + - JobName + additionalProperties: false + PipeTargetCloudWatchLogsParameters: + type: object + properties: + LogStreamName: + type: string + maxLength: 256 + minLength: 1 + Timestamp: + type: string + maxLength: 256 + minLength: 1 + pattern: ^\$(\.[\w_-]+(\[(\d+|\*)\])*)*$ + additionalProperties: false + PipeTargetEcsTaskParameters: + type: object + properties: + TaskDefinitionArn: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + TaskCount: + type: integer + minimum: 1 + LaunchType: + $ref: '#/components/schemas/LaunchType' + NetworkConfiguration: + $ref: '#/components/schemas/NetworkConfiguration' + PlatformVersion: + type: string + Group: + type: string + CapacityProviderStrategy: + type: array + items: + $ref: '#/components/schemas/CapacityProviderStrategyItem' + maxItems: 6 + minItems: 0 + EnableECSManagedTags: + type: boolean + default: false + EnableExecuteCommand: + type: boolean + default: false + PlacementConstraints: + type: array + items: + $ref: '#/components/schemas/PlacementConstraint' + maxItems: 10 + minItems: 0 + PlacementStrategy: + type: array + items: + $ref: '#/components/schemas/PlacementStrategy' + maxItems: 5 + minItems: 0 + PropagateTags: + $ref: '#/components/schemas/PropagateTags' + ReferenceId: + type: string + maxLength: 1024 + minLength: 0 + Overrides: + $ref: '#/components/schemas/EcsTaskOverride' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - TaskDefinitionArn + additionalProperties: false + PipeTargetEventBridgeEventBusParameters: + type: object + properties: + EndpointId: + type: string + maxLength: 50 + minLength: 1 + pattern: ^[A-Za-z0-9\-]+[\.][A-Za-z0-9\-]+$ + DetailType: + type: string + maxLength: 128 + minLength: 1 + Source: + type: string + maxLength: 256 + minLength: 1 + pattern: (?=[/\.\-_A-Za-z0-9]+)((?!aws\.).*)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*) + Resources: + type: array + items: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + maxItems: 10 + minItems: 0 + Time: + type: string + maxLength: 256 + minLength: 1 + pattern: ^\$(\.[\w/_-]+(\[(\d+|\*)\])*)*$ + additionalProperties: false + PipeTargetHttpParameters: + type: object + properties: + PathParameterValues: + type: array + items: + type: string + pattern: ^(?!\s*$).+|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + HeaderParameters: + $ref: '#/components/schemas/HeaderParametersMap' + QueryStringParameters: + $ref: '#/components/schemas/QueryStringParametersMap' + additionalProperties: false + PipeTargetInvocationType: + type: string + enum: + - REQUEST_RESPONSE + - FIRE_AND_FORGET + PipeTargetKinesisStreamParameters: + type: object + properties: + PartitionKey: + type: string + maxLength: 256 + minLength: 0 + required: + - PartitionKey + additionalProperties: false + PipeTargetLambdaFunctionParameters: + type: object + properties: + InvocationType: + $ref: '#/components/schemas/PipeTargetInvocationType' + additionalProperties: false + PipeTargetParameters: + type: object + properties: + InputTemplate: + type: string + maxLength: 8192 + minLength: 0 + LambdaFunctionParameters: + $ref: '#/components/schemas/PipeTargetLambdaFunctionParameters' + StepFunctionStateMachineParameters: + $ref: '#/components/schemas/PipeTargetStateMachineParameters' + KinesisStreamParameters: + $ref: '#/components/schemas/PipeTargetKinesisStreamParameters' + EcsTaskParameters: + $ref: '#/components/schemas/PipeTargetEcsTaskParameters' + BatchJobParameters: + $ref: '#/components/schemas/PipeTargetBatchJobParameters' + SqsQueueParameters: + $ref: '#/components/schemas/PipeTargetSqsQueueParameters' + HttpParameters: + $ref: '#/components/schemas/PipeTargetHttpParameters' + RedshiftDataParameters: + $ref: '#/components/schemas/PipeTargetRedshiftDataParameters' + SageMakerPipelineParameters: + $ref: '#/components/schemas/PipeTargetSageMakerPipelineParameters' + EventBridgeEventBusParameters: + $ref: '#/components/schemas/PipeTargetEventBridgeEventBusParameters' + CloudWatchLogsParameters: + $ref: '#/components/schemas/PipeTargetCloudWatchLogsParameters' + additionalProperties: false + PipeTargetRedshiftDataParameters: + type: object + properties: + SecretManagerArn: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + description: Optional SecretManager ARN which stores the database credentials + Database: + type: string + maxLength: 64 + minLength: 1 + description: Redshift Database + DbUser: + type: string + maxLength: 128 + minLength: 1 + description: Database user name + StatementName: + type: string + maxLength: 500 + minLength: 1 + description: A name for Redshift DataAPI statement which can be used as filter of ListStatement. + WithEvent: + type: boolean + default: false + Sqls: + type: array + items: + type: string + maxLength: 100000 + minLength: 1 + description: A single Redshift SQL + maxItems: 40 + minItems: 1 + description: A list of SQLs. + required: + - Database + - Sqls + additionalProperties: false + PipeTargetSageMakerPipelineParameters: + type: object + properties: + PipelineParameterList: + type: array + items: + $ref: '#/components/schemas/SageMakerPipelineParameter' + maxItems: 200 + minItems: 0 + additionalProperties: false + PipeTargetSqsQueueParameters: + type: object + properties: + MessageGroupId: + type: string + maxLength: 100 + minLength: 0 + MessageDeduplicationId: + type: string + maxLength: 100 + minLength: 0 + additionalProperties: false + PipeTargetStateMachineParameters: + type: object + properties: + InvocationType: + $ref: '#/components/schemas/PipeTargetInvocationType' + additionalProperties: false + PlacementConstraint: + type: object + properties: + Type: + $ref: '#/components/schemas/PlacementConstraintType' + Expression: + type: string + maxLength: 2000 + minLength: 0 + additionalProperties: false + PlacementConstraintType: + type: string + enum: + - distinctInstance + - memberOf + PlacementStrategy: + type: object + properties: + Type: + $ref: '#/components/schemas/PlacementStrategyType' + Field: + type: string + maxLength: 255 + minLength: 0 + additionalProperties: false + PlacementStrategyType: + type: string + enum: + - random + - spread + - binpack + PropagateTags: + type: string + enum: + - TASK_DEFINITION + QueryStringParametersMap: + type: object + x-patternProperties: + ^[^\x00-\x1F\x7F]+|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$: + type: string + maxLength: 512 + minLength: 0 + pattern: ^[^\x00-\x09\x0B\x0C\x0E-\x1F\x7F]+|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + additionalProperties: false + RequestedPipeState: + type: string + enum: + - RUNNING + - STOPPED + S3LogDestination: + type: object + properties: + BucketName: + type: string + Prefix: + type: string + BucketOwner: + type: string + OutputFormat: + $ref: '#/components/schemas/S3OutputFormat' + additionalProperties: false + S3OutputFormat: + type: string + enum: + - json + - plain + - w3c + SageMakerPipelineParameter: + type: object + properties: + Name: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])*|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + Value: + type: string + maxLength: 1024 + minLength: 0 + required: + - Name + - Value + additionalProperties: false + SelfManagedKafkaAccessConfigurationCredentials: + oneOf: + - type: object + title: BasicAuth + properties: + BasicAuth: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + description: Optional SecretManager ARN which stores the database credentials + required: + - BasicAuth + additionalProperties: false + - type: object + title: SaslScram512Auth + properties: + SaslScram512Auth: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + description: Optional SecretManager ARN which stores the database credentials + required: + - SaslScram512Auth + additionalProperties: false + - type: object + title: SaslScram256Auth + properties: + SaslScram256Auth: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + description: Optional SecretManager ARN which stores the database credentials + required: + - SaslScram256Auth + additionalProperties: false + - type: object + title: ClientCertificateTlsAuth + properties: + ClientCertificateTlsAuth: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + description: Optional SecretManager ARN which stores the database credentials + required: + - ClientCertificateTlsAuth + additionalProperties: false + SelfManagedKafkaAccessConfigurationVpc: + type: object + properties: + Subnets: + type: array + items: + type: string + maxLength: 1024 + minLength: 1 + pattern: ^subnet-[0-9a-z]*$ + maxItems: 16 + minItems: 0 + description: List of SubnetId. + SecurityGroup: + type: array + items: + type: string + maxLength: 1024 + minLength: 1 + pattern: ^sg-[0-9a-zA-Z]*$ + maxItems: 5 + minItems: 0 + description: List of SecurityGroupId. + additionalProperties: false + SelfManagedKafkaStartPosition: + type: string + enum: + - TRIM_HORIZON + - LATEST + Tag: + type: object + properties: + Key: + type: string + maxLength: 128 + minLength: 1 + Value: + type: string + maxLength: 256 + minLength: 0 + required: + - Key + - Value + additionalProperties: false + TagMap: + type: object + maxProperties: 50 + minProperties: 1 + x-patternProperties: + .+: + type: string + maxLength: 256 + minLength: 0 + additionalProperties: false + Pipe: + type: object + properties: + Arn: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^arn:aws([a-z]|\-)*:([a-zA-Z0-9\-]+):([a-z]|\d|\-)*:([0-9]{12})?:(.+)$ + CreationTime: + type: string + format: date-time + CurrentState: + $ref: '#/components/schemas/PipeState' + Description: + type: string + maxLength: 512 + minLength: 0 + pattern: ^.*$ + DesiredState: + $ref: '#/components/schemas/RequestedPipeState' + Enrichment: + type: string + maxLength: 1600 + minLength: 0 + pattern: ^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ + EnrichmentParameters: + $ref: '#/components/schemas/PipeEnrichmentParameters' + LastModifiedTime: + type: string + format: date-time + LogConfiguration: + $ref: '#/components/schemas/PipeLogConfiguration' + Name: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[\.\-_A-Za-z0-9]+$ + RoleArn: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z0-9+=,.@\-_/]+$ + Source: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^smk://(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]):[0-9]{1,5}|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ + SourceParameters: + $ref: '#/components/schemas/PipeSourceParameters' + StateReason: + type: string + maxLength: 512 + minLength: 0 + pattern: ^.*$ + Tags: + $ref: '#/components/schemas/TagMap' + Target: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ + TargetParameters: + $ref: '#/components/schemas/PipeTargetParameters' + required: + - RoleArn + - Source + - Target + x-stackql-resource-name: pipe + description: Definition of AWS::Pipes::Pipe Resource Type + x-type-name: AWS::Pipes::Pipe + x-stackql-primary-identifier: + - Name + x-stackql-additional-identifiers: + - - Arn + x-create-only-properties: + - Name + - Source + - SourceParameters/DynamoDBStreamParameters/StartingPosition + - SourceParameters/KinesisStreamParameters/StartingPosition + - SourceParameters/KinesisStreamParameters/StartingPositionTimestamp + - SourceParameters/ActiveMQBrokerParameters/QueueName + - SourceParameters/RabbitMQBrokerParameters/QueueName + - SourceParameters/RabbitMQBrokerParameters/VirtualHost + - SourceParameters/ManagedStreamingKafkaParameters/TopicName + - SourceParameters/ManagedStreamingKafkaParameters/StartingPosition + - SourceParameters/ManagedStreamingKafkaParameters/ConsumerGroupID + - SourceParameters/SelfManagedApacheKafkaParameters/TopicName + - SourceParameters/SelfManagedApacheKafkaParameters/StartingPosition + - SourceParameters/SelfManagedApacheKafkaParameters/AdditionalBootstrapServers + - SourceParameters/SelfManagedApacheKafkaParameters/ConsumerGroupID + x-write-only-properties: + - TargetParameters + - SourceParameters + x-read-only-properties: + - Arn + - CreationTime + - CurrentState + - LastModifiedTime + - StateReason + x-required-properties: + - RoleArn + - Source + - Target + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - pipes:CreatePipe + - pipes:DescribePipe + - pipes:TagResource + - iam:PassRole + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - iam:CreateServiceLinkedRole + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:ListLogDeliveries + - s3:PutBucketPolicy + - s3:GetBucketPolicy + - firehose:TagDeliveryStream + read: + - pipes:DescribePipe + update: + - pipes:UpdatePipe + - pipes:TagResource + - pipes:UntagResource + - pipes:DescribePipe + - iam:PassRole + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - iam:CreateServiceLinkedRole + - logs:CreateLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:GetLogDelivery + - logs:ListLogDeliveries + - s3:PutBucketPolicy + - s3:GetBucketPolicy + - firehose:TagDeliveryStream + delete: + - pipes:DeletePipe + - pipes:DescribePipe + - logs:CreateLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:GetLogDelivery + - logs:ListLogDeliveries + list: + - pipes:ListPipes + x-stackQL-resources: + pipes: + name: pipes + id: aws.pipes.pipes + x-cfn-schema-name: Pipe + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Pipes::Pipe' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Pipes::Pipe' + AND region = 'us-east-1' + pipe: + name: pipe + id: aws.pipes.pipe + x-cfn-schema-name: Pipe + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.CurrentState') as current_state, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DesiredState') as desired_state, + JSON_EXTRACT(Properties, '$.Enrichment') as enrichment, + JSON_EXTRACT(Properties, '$.EnrichmentParameters') as enrichment_parameters, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time, + JSON_EXTRACT(Properties, '$.LogConfiguration') as log_configuration, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Source') as source, + JSON_EXTRACT(Properties, '$.SourceParameters') as source_parameters, + JSON_EXTRACT(Properties, '$.StateReason') as state_reason, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Target') as target, + JSON_EXTRACT(Properties, '$.TargetParameters') as target_parameters + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Pipes::Pipe' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'CurrentState') as current_state, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DesiredState') as desired_state, + json_extract_path_text(Properties, 'Enrichment') as enrichment, + json_extract_path_text(Properties, 'EnrichmentParameters') as enrichment_parameters, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time, + json_extract_path_text(Properties, 'LogConfiguration') as log_configuration, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Source') as source, + json_extract_path_text(Properties, 'SourceParameters') as source_parameters, + json_extract_path_text(Properties, 'StateReason') as state_reason, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Target') as target, + json_extract_path_text(Properties, 'TargetParameters') as target_parameters + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Pipes::Pipe' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/proton.yaml b/providers/src/aws/v00.00.00000/services/proton.yaml new file mode 100644 index 00000000..317c5ce8 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/proton.yaml @@ -0,0 +1,510 @@ +openapi: 3.0.0 +info: + title: Proton + version: 1.0.0 +paths: {} +components: + schemas: + Status: + type: string + enum: + - PENDING + - CONNECTED + - REJECTED + Tag: + type: object + description:

A description of a resource tag.

+ properties: + Key: + type: string + maxLength: 128 + minLength: 1 + description:

The key of the resource tag.

+ Value: + type: string + maxLength: 256 + minLength: 0 + description:

The value of the resource tag.

+ required: + - Key + - Value + additionalProperties: false + EnvironmentAccountConnection: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the environment account connection. + type: string + CodebuildRoleArn: + description: The Amazon Resource Name (ARN) of an IAM service role in the environment account. AWS Proton uses this role to provision infrastructure resources using CodeBuild-based provisioning in the associated environment account. + type: string + minLength: 1 + maxLength: 200 + pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::\d{12}:role/([\w+=,.@-]{1,512}[/:])*([\w+=,.@-]{1,64})$ + ComponentRoleArn: + description: The Amazon Resource Name (ARN) of the IAM service role that AWS Proton uses when provisioning directly defined components in the associated environment account. It determines the scope of infrastructure that a component can provision in the account. + type: string + minLength: 1 + maxLength: 200 + pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::\d{12}:role/([\w+=,.@-]{1,512}[/:])*([\w+=,.@-]{1,64})$ + EnvironmentAccountId: + description: The environment account that's connected to the environment account connection. + type: string + pattern: ^\d{12}$ + EnvironmentName: + description: The name of the AWS Proton environment that's created in the associated management account. + type: string + pattern: ^[0-9A-Za-z]+[0-9A-Za-z_\-]*$ + minLength: 1 + maxLength: 100 + Id: + description: The ID of the environment account connection. + type: string + pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + ManagementAccountId: + description: The ID of the management account that accepts or rejects the environment account connection. You create an manage the AWS Proton environment in this account. If the management account accepts the environment account connection, AWS Proton can use the associated IAM role to provision environment infrastructure resources in the associated environment account. + type: string + pattern: ^\d{12}$ + RoleArn: + description: The Amazon Resource Name (ARN) of the IAM service role that's created in the environment account. AWS Proton uses this role to provision infrastructure resources in the associated environment account. + type: string + minLength: 1 + maxLength: 200 + pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::\d{12}:role/([\w+=,.@-]{1,512}[/:])*([\w+=,.@-]{1,64})$ + Status: + description: The status of the environment account connection. + $ref: '#/components/schemas/Status' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + uniqueItems: true + x-insertionOrder: false + description: |- +

An optional list of metadata items that you can associate with the Proton environment account connection. A tag is a key-value pair.

+

For more information, see Proton resources and tagging in the + Proton User Guide.

+ x-stackql-resource-name: environment_account_connection + description: Resource Schema describing various properties for AWS Proton Environment Account Connections resources. + x-type-name: AWS::Proton::EnvironmentAccountConnection + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - Id + x-read-only-properties: + - Arn + - Id + - Status + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - proton:CreateEnvironmentAccountConnection + - proton:TagResource + - iam:PassRole + - proton:ListTagsForResource + - proton:GetEnvironmentAccountConnection + read: + - proton:GetEnvironmentAccountConnection + - proton:ListTagsForResource + - iam:PassRole + - proton:GetEnvironmentAccountConnection + update: + - proton:CreateEnvironmentAccountConnection + - proton:ListTagsForResource + - proton:TagResource + - proton:UntagResource + - proton:UpdateEnvironmentAccountConnection + - iam:PassRole + - proton:GetEnvironmentAccountConnection + delete: + - proton:DeleteEnvironmentAccountConnection + - proton:UntagResource + - iam:PassRole + - proton:ListTagsForResource + - proton:GetEnvironmentAccountConnection + list: + - proton:ListEnvironmentAccountConnections + Provisioning: + type: string + enum: + - CUSTOMER_MANAGED + EnvironmentTemplate: + type: object + properties: + Arn: + type: string + description:

The Amazon Resource Name (ARN) of the environment template.

+ Description: + type: string + maxLength: 500 + minLength: 0 + description:

A description of the environment template.

+ DisplayName: + type: string + maxLength: 100 + minLength: 1 + description:

The environment template name as displayed in the developer interface.

+ EncryptionKey: + type: string + maxLength: 200 + minLength: 1 + pattern: ^arn:(aws|aws-cn|aws-us-gov):[a-zA-Z0-9-]+:[a-zA-Z0-9-]*:\d{12}:([\w+=,.@-]+[/:])*[\w+=,.@-]+$ + description:

A customer provided encryption key that Proton uses to encrypt data.

+ Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[0-9A-Za-z]+[0-9A-Za-z_\-]*$ + Provisioning: + $ref: '#/components/schemas/Provisioning' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 50 + minItems: 0 + uniqueItems: true + description: |- +

An optional list of metadata items that you can associate with the Proton environment template. A tag is a key-value pair.

+

For more information, see Proton resources and tagging in the + Proton User Guide.

+ x-stackql-resource-name: environment_template + description: Definition of AWS::Proton::EnvironmentTemplate Resource Type + x-type-name: AWS::Proton::EnvironmentTemplate + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - Name + x-create-only-properties: + - EncryptionKey + - Name + - Provisioning + x-read-only-properties: + - Arn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - proton:CreateEnvironmentTemplate + - proton:TagResource + - proton:GetEnvironmentTemplate + - kms:* + read: + - proton:GetEnvironmentTemplate + - proton:ListTagsForResource + - kms:* + update: + - proton:CreateEnvironmentTemplate + - proton:ListTagsForResource + - proton:TagResource + - proton:UntagResource + - proton:UpdateEnvironmentTemplate + - proton:GetEnvironmentTemplate + - kms:* + delete: + - proton:DeleteEnvironmentTemplate + - proton:GetEnvironmentTemplate + - kms:* + list: + - proton:ListEnvironmentTemplates + ServiceTemplate: + type: object + properties: + Arn: + type: string + maxLength: 200 + minLength: 1 + pattern: ^arn:(aws|aws-cn|aws-us-gov):[a-zA-Z0-9-]+:[a-zA-Z0-9-]*:\d{12}:([\w+=,.@-]+[/:])*[\w+=,.@-]+$ + description:

The Amazon Resource Name (ARN) of the service template.

+ Description: + type: string + maxLength: 500 + minLength: 0 + description:

A description of the service template.

+ DisplayName: + type: string + maxLength: 100 + minLength: 1 + description:

The name of the service template as displayed in the developer interface.

+ EncryptionKey: + type: string + maxLength: 200 + minLength: 1 + pattern: ^arn:(aws|aws-cn|aws-us-gov):[a-zA-Z0-9-]+:[a-zA-Z0-9-]*:\d{12}:([\w+=,.@-]+[/:])*[\w+=,.@-]+$ + description:

A customer provided encryption key that's used to encrypt data.

+ Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[0-9A-Za-z]+[0-9A-Za-z_\-]*$ + PipelineProvisioning: + $ref: '#/components/schemas/Provisioning' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 50 + minItems: 0 + uniqueItems: true + description: |- +

An optional list of metadata items that you can associate with the Proton service template. A tag is a key-value pair.

+

For more information, see Proton resources and tagging in the + Proton User Guide.

+ x-stackql-resource-name: service_template + description: Definition of AWS::Proton::ServiceTemplate Resource Type + x-type-name: AWS::Proton::ServiceTemplate + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - Name + x-create-only-properties: + - EncryptionKey + - Name + - PipelineProvisioning + x-read-only-properties: + - Arn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - proton:CreateServiceTemplate + - proton:TagResource + - kms:* + - proton:GetServiceTemplate + read: + - proton:GetServiceTemplate + - proton:ListTagsForResource + - kms:* + update: + - proton:GetServiceTemplate + - proton:CreateServiceTemplate + - proton:ListTagsForResource + - proton:TagResource + - proton:UntagResource + - proton:UpdateServiceTemplate + - kms:* + delete: + - proton:DeleteServiceTemplate + - proton:UntagResource + - kms:* + - proton:GetServiceTemplate + list: + - proton:ListServiceTemplates + x-stackQL-resources: + environment_account_connections: + name: environment_account_connections + id: aws.proton.environment_account_connections + x-cfn-schema-name: EnvironmentAccountConnection + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Proton::EnvironmentAccountConnection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Proton::EnvironmentAccountConnection' + AND region = 'us-east-1' + environment_account_connection: + name: environment_account_connection + id: aws.proton.environment_account_connection + x-cfn-schema-name: EnvironmentAccountConnection + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CodebuildRoleArn') as codebuild_role_arn, + JSON_EXTRACT(Properties, '$.ComponentRoleArn') as component_role_arn, + JSON_EXTRACT(Properties, '$.EnvironmentAccountId') as environment_account_id, + JSON_EXTRACT(Properties, '$.EnvironmentName') as environment_name, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ManagementAccountId') as management_account_id, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Proton::EnvironmentAccountConnection' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CodebuildRoleArn') as codebuild_role_arn, + json_extract_path_text(Properties, 'ComponentRoleArn') as component_role_arn, + json_extract_path_text(Properties, 'EnvironmentAccountId') as environment_account_id, + json_extract_path_text(Properties, 'EnvironmentName') as environment_name, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ManagementAccountId') as management_account_id, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Proton::EnvironmentAccountConnection' + AND data__Identifier = '' + AND region = 'us-east-1' + environment_templates: + name: environment_templates + id: aws.proton.environment_templates + x-cfn-schema-name: EnvironmentTemplate + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Proton::EnvironmentTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Proton::EnvironmentTemplate' + AND region = 'us-east-1' + environment_template: + name: environment_template + id: aws.proton.environment_template + x-cfn-schema-name: EnvironmentTemplate + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.EncryptionKey') as encryption_key, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Provisioning') as provisioning, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Proton::EnvironmentTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'EncryptionKey') as encryption_key, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Provisioning') as provisioning, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Proton::EnvironmentTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + service_templates: + name: service_templates + id: aws.proton.service_templates + x-cfn-schema-name: ServiceTemplate + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Proton::ServiceTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Proton::ServiceTemplate' + AND region = 'us-east-1' + service_template: + name: service_template + id: aws.proton.service_template + x-cfn-schema-name: ServiceTemplate + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.EncryptionKey') as encryption_key, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.PipelineProvisioning') as pipeline_provisioning, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Proton::ServiceTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'EncryptionKey') as encryption_key, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'PipelineProvisioning') as pipeline_provisioning, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Proton::ServiceTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/qldb.yaml b/providers/src/aws/v00.00.00000/services/qldb.yaml new file mode 100644 index 00000000..a4ce409b --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/qldb.yaml @@ -0,0 +1,184 @@ +openapi: 3.0.0 +info: + title: QLDB + version: 1.0.0 +paths: {} +components: + schemas: + Arn: + type: string + pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:[\w+=/,.@-]*:[0-9]*:[\w+=,.@-]+(/[\w+=,.@-]+)* + KinesisConfiguration: + type: object + properties: + StreamArn: + type: object + $ref: '#/components/schemas/Arn' + AggregationEnabled: + type: boolean + additionalProperties: false + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 127 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 255 + required: + - Key + - Value + additionalProperties: false + Stream: + type: object + properties: + LedgerName: + type: string + StreamName: + type: string + RoleArn: + $ref: '#/components/schemas/Arn' + InclusiveStartTime: + type: string + ExclusiveEndTime: + type: string + KinesisConfiguration: + $ref: '#/components/schemas/KinesisConfiguration' + Tags: + type: array + maxItems: 50 + x-insertionOrder: false + uniqueItems: true + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + Arn: + $ref: '#/components/schemas/Arn' + Id: + type: string + required: + - LedgerName + - StreamName + - RoleArn + - KinesisConfiguration + - InclusiveStartTime + x-stackql-resource-name: stream + description: Resource schema for AWS::QLDB::Stream. + x-type-name: AWS::QLDB::Stream + x-stackql-primary-identifier: + - LedgerName + - Id + x-create-only-properties: + - LedgerName + - StreamName + - RoleArn + - KinesisConfiguration + - InclusiveStartTime + - ExclusiveEndTime + x-read-only-properties: + - Id + - Arn + x-required-properties: + - LedgerName + - StreamName + - RoleArn + - KinesisConfiguration + - InclusiveStartTime + x-required-permissions: + create: + - iam:PassRole + - qldb:StreamJournalToKinesis + - qldb:DescribeJournalKinesisStream + delete: + - qldb:CancelJournalKinesisStream + - qldb:DescribeJournalKinesisStream + read: + - qldb:DescribeJournalKinesisStream + - qldb:ListTagsForResource + update: + - qldb:DescribeJournalKinesisStream + - qldb:UntagResource + - qldb:TagResource + list: + - qldb:listJournalKinesisStreamsForLedger + x-stackQL-resources: + streams: + name: streams + id: aws.qldb.streams + x-cfn-schema-name: Stream + x-type: list + x-identifiers: + - LedgerName + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LedgerName') as ledger_name, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QLDB::Stream' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LedgerName') as ledger_name, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QLDB::Stream' + AND region = 'us-east-1' + qldb_stream: + name: qldb_stream + id: aws.qldb.qldb_stream + x-cfn-schema-name: Stream + x-type: get + x-identifiers: + - LedgerName + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LedgerName') as ledger_name, + JSON_EXTRACT(Properties, '$.StreamName') as stream_name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.InclusiveStartTime') as inclusive_start_time, + JSON_EXTRACT(Properties, '$.ExclusiveEndTime') as exclusive_end_time, + JSON_EXTRACT(Properties, '$.KinesisConfiguration') as kinesis_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QLDB::Stream' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LedgerName') as ledger_name, + json_extract_path_text(Properties, 'StreamName') as stream_name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'InclusiveStartTime') as inclusive_start_time, + json_extract_path_text(Properties, 'ExclusiveEndTime') as exclusive_end_time, + json_extract_path_text(Properties, 'KinesisConfiguration') as kinesis_configuration, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QLDB::Stream' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/quicksight.yaml b/providers/src/aws/v00.00.00000/services/quicksight.yaml new file mode 100644 index 00000000..a35afd8b --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/quicksight.yaml @@ -0,0 +1,12454 @@ +openapi: 3.0.0 +info: + title: QuickSight + version: 1.0.0 +paths: {} +components: + schemas: + AggregationFunction: + type: object + properties: + NumericalAggregationFunction: + $ref: '#/components/schemas/NumericalAggregationFunction' + CategoricalAggregationFunction: + $ref: '#/components/schemas/CategoricalAggregationFunction' + DateAggregationFunction: + $ref: '#/components/schemas/DateAggregationFunction' + AttributeAggregationFunction: + $ref: '#/components/schemas/AttributeAggregationFunction' + additionalProperties: false + AggregationSortConfiguration: + type: object + properties: + Column: + $ref: '#/components/schemas/ColumnIdentifier' + SortDirection: + $ref: '#/components/schemas/SortDirection' + AggregationFunction: + $ref: '#/components/schemas/AggregationFunction' + required: + - Column + - SortDirection + additionalProperties: false + AllSheetsFilterScopeConfiguration: + type: object + additionalProperties: false + AnalysisDefaults: + type: object + properties: + DefaultNewSheetConfiguration: + $ref: '#/components/schemas/DefaultNewSheetConfiguration' + required: + - DefaultNewSheetConfiguration + additionalProperties: false + AnalysisDefinition: + type: object + properties: + DataSetIdentifierDeclarations: + type: array + items: + $ref: '#/components/schemas/DataSetIdentifierDeclaration' + maxItems: 50 + minItems: 1 + Sheets: + type: array + items: + $ref: '#/components/schemas/SheetDefinition' + maxItems: 20 + minItems: 0 + CalculatedFields: + type: array + items: + $ref: '#/components/schemas/CalculatedField' + maxItems: 500 + minItems: 0 + ParameterDeclarations: + type: array + items: + $ref: '#/components/schemas/ParameterDeclaration' + maxItems: 200 + minItems: 0 + FilterGroups: + type: array + items: + $ref: '#/components/schemas/FilterGroup' + maxItems: 2000 + minItems: 0 + ColumnConfigurations: + type: array + items: + $ref: '#/components/schemas/ColumnConfiguration' + maxItems: 200 + minItems: 0 + AnalysisDefaults: + $ref: '#/components/schemas/AnalysisDefaults' + Options: + $ref: '#/components/schemas/AssetOptions' + required: + - DataSetIdentifierDeclarations + additionalProperties: false + AnalysisError: + type: object + properties: + Type: + $ref: '#/components/schemas/AnalysisErrorType' + Message: + type: string + pattern: .*\S.* + ViolatedEntities: + type: array + items: + $ref: '#/components/schemas/Entity' + maxItems: 200 + minItems: 0 + additionalProperties: false + AnalysisErrorType: + type: string + enum: + - ACCESS_DENIED + - SOURCE_NOT_FOUND + - DATA_SET_NOT_FOUND + - INTERNAL_FAILURE + - PARAMETER_VALUE_INCOMPATIBLE + - PARAMETER_TYPE_INVALID + - PARAMETER_NOT_FOUND + - COLUMN_TYPE_MISMATCH + - COLUMN_GEOGRAPHIC_ROLE_MISMATCH + - COLUMN_REPLACEMENT_MISSING + AnalysisSourceEntity: + type: object + properties: + SourceTemplate: + $ref: '#/components/schemas/AnalysisSourceTemplate' + additionalProperties: false + AnalysisSourceTemplate: + type: object + properties: + DataSetReferences: + type: array + items: + $ref: '#/components/schemas/DataSetReference' + minItems: 1 + Arn: + type: string + required: + - Arn + - DataSetReferences + additionalProperties: false + AnchorDateConfiguration: + type: object + properties: + AnchorOption: + $ref: '#/components/schemas/AnchorOption' + ParameterName: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + additionalProperties: false + AnchorOption: + type: string + enum: + - NOW + ArcAxisConfiguration: + type: object + properties: + Range: + $ref: '#/components/schemas/ArcAxisDisplayRange' + ReserveRange: + type: number + default: 0 + additionalProperties: false + ArcAxisDisplayRange: + type: object + properties: + Min: + type: number + default: null + Max: + type: number + default: null + additionalProperties: false + ArcConfiguration: + type: object + properties: + ArcAngle: + type: number + default: null + ArcThickness: + $ref: '#/components/schemas/ArcThicknessOptions' + additionalProperties: false + ArcOptions: + type: object + properties: + ArcThickness: + $ref: '#/components/schemas/ArcThickness' + additionalProperties: false + ArcThickness: + type: string + enum: + - SMALL + - MEDIUM + - LARGE + - WHOLE + ArcThicknessOptions: + type: string + enum: + - SMALL + - MEDIUM + - LARGE + AssetOptions: + type: object + properties: + Timezone: + type: string + WeekStart: + $ref: '#/components/schemas/DayOfTheWeek' + additionalProperties: false + AttributeAggregationFunction: + type: object + properties: + SimpleAttributeAggregation: + $ref: '#/components/schemas/SimpleAttributeAggregationFunction' + ValueForMultipleValues: + type: string + additionalProperties: false + AxisBinding: + type: string + enum: + - PRIMARY_YAXIS + - SECONDARY_YAXIS + AxisDataOptions: + type: object + properties: + NumericAxisOptions: + $ref: '#/components/schemas/NumericAxisOptions' + DateAxisOptions: + $ref: '#/components/schemas/DateAxisOptions' + additionalProperties: false + AxisDisplayDataDrivenRange: + type: object + additionalProperties: false + AxisDisplayMinMaxRange: + type: object + properties: + Minimum: + type: number + default: null + Maximum: + type: number + default: null + additionalProperties: false + AxisDisplayOptions: + type: object + properties: + TickLabelOptions: + $ref: '#/components/schemas/AxisTickLabelOptions' + AxisLineVisibility: + $ref: '#/components/schemas/Visibility' + GridLineVisibility: + $ref: '#/components/schemas/Visibility' + DataOptions: + $ref: '#/components/schemas/AxisDataOptions' + ScrollbarOptions: + $ref: '#/components/schemas/ScrollBarOptions' + AxisOffset: + type: string + description: String based length that is composed of value and unit in px + additionalProperties: false + AxisDisplayRange: + type: object + properties: + MinMax: + $ref: '#/components/schemas/AxisDisplayMinMaxRange' + DataDriven: + $ref: '#/components/schemas/AxisDisplayDataDrivenRange' + additionalProperties: false + AxisLabelOptions: + type: object + properties: + FontConfiguration: + $ref: '#/components/schemas/FontConfiguration' + CustomLabel: + type: string + ApplyTo: + $ref: '#/components/schemas/AxisLabelReferenceOptions' + additionalProperties: false + AxisLabelReferenceOptions: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + Column: + $ref: '#/components/schemas/ColumnIdentifier' + required: + - Column + - FieldId + additionalProperties: false + AxisLinearScale: + type: object + properties: + StepCount: + type: number + default: null + StepSize: + type: number + default: null + additionalProperties: false + AxisLogarithmicScale: + type: object + properties: + Base: + type: number + default: null + additionalProperties: false + AxisScale: + type: object + properties: + Linear: + $ref: '#/components/schemas/AxisLinearScale' + Logarithmic: + $ref: '#/components/schemas/AxisLogarithmicScale' + additionalProperties: false + AxisTickLabelOptions: + type: object + properties: + LabelOptions: + $ref: '#/components/schemas/LabelOptions' + RotationAngle: + type: number + default: null + additionalProperties: false + BarChartAggregatedFieldWells: + type: object + properties: + Category: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + Values: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + Colors: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + SmallMultiples: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 1 + minItems: 0 + additionalProperties: false + BarChartConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/BarChartFieldWells' + SortConfiguration: + $ref: '#/components/schemas/BarChartSortConfiguration' + Orientation: + $ref: '#/components/schemas/BarChartOrientation' + BarsArrangement: + $ref: '#/components/schemas/BarsArrangement' + VisualPalette: + $ref: '#/components/schemas/VisualPalette' + SmallMultiplesOptions: + $ref: '#/components/schemas/SmallMultiplesOptions' + CategoryAxis: + $ref: '#/components/schemas/AxisDisplayOptions' + CategoryLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + ValueAxis: + $ref: '#/components/schemas/AxisDisplayOptions' + ValueLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + ColorLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + Legend: + $ref: '#/components/schemas/LegendOptions' + DataLabels: + $ref: '#/components/schemas/DataLabelOptions' + Tooltip: + $ref: '#/components/schemas/TooltipOptions' + ReferenceLines: + type: array + items: + $ref: '#/components/schemas/ReferenceLine' + maxItems: 20 + minItems: 0 + ContributionAnalysisDefaults: + type: array + items: + $ref: '#/components/schemas/ContributionAnalysisDefault' + maxItems: 200 + minItems: 1 + additionalProperties: false + BarChartFieldWells: + type: object + properties: + BarChartAggregatedFieldWells: + $ref: '#/components/schemas/BarChartAggregatedFieldWells' + additionalProperties: false + BarChartOrientation: + type: string + enum: + - HORIZONTAL + - VERTICAL + BarChartSortConfiguration: + type: object + properties: + CategorySort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + CategoryItemsLimit: + $ref: '#/components/schemas/ItemsLimitConfiguration' + ColorSort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + ColorItemsLimit: + $ref: '#/components/schemas/ItemsLimitConfiguration' + SmallMultiplesSort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + SmallMultiplesLimitConfiguration: + $ref: '#/components/schemas/ItemsLimitConfiguration' + additionalProperties: false + BarChartVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/BarChartConfiguration' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + ColumnHierarchies: + type: array + items: + $ref: '#/components/schemas/ColumnHierarchy' + maxItems: 2 + minItems: 0 + required: + - VisualId + additionalProperties: false + BarsArrangement: + type: string + enum: + - CLUSTERED + - STACKED + - STACKED_PERCENT + BaseMapStyleType: + type: string + enum: + - LIGHT_GRAY + - DARK_GRAY + - STREET + - IMAGERY + BinCountOptions: + type: object + properties: + Value: + type: number + minimum: 0 + additionalProperties: false + BinWidthOptions: + type: object + properties: + Value: + type: number + minimum: 0 + BinCountLimit: + type: number + maximum: 1000 + minimum: 0 + additionalProperties: false + BodySectionConfiguration: + type: object + properties: + SectionId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Content: + $ref: '#/components/schemas/BodySectionContent' + Style: + $ref: '#/components/schemas/SectionStyle' + PageBreakConfiguration: + $ref: '#/components/schemas/SectionPageBreakConfiguration' + required: + - Content + - SectionId + additionalProperties: false + BodySectionContent: + type: object + properties: + Layout: + $ref: '#/components/schemas/SectionLayoutConfiguration' + additionalProperties: false + BoxPlotAggregatedFieldWells: + type: object + properties: + GroupBy: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 1 + minItems: 0 + Values: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 5 + minItems: 0 + additionalProperties: false + BoxPlotChartConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/BoxPlotFieldWells' + SortConfiguration: + $ref: '#/components/schemas/BoxPlotSortConfiguration' + BoxPlotOptions: + $ref: '#/components/schemas/BoxPlotOptions' + CategoryAxis: + $ref: '#/components/schemas/AxisDisplayOptions' + CategoryLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + PrimaryYAxisDisplayOptions: + $ref: '#/components/schemas/AxisDisplayOptions' + PrimaryYAxisLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + Legend: + $ref: '#/components/schemas/LegendOptions' + Tooltip: + $ref: '#/components/schemas/TooltipOptions' + ReferenceLines: + type: array + items: + $ref: '#/components/schemas/ReferenceLine' + maxItems: 20 + minItems: 0 + VisualPalette: + $ref: '#/components/schemas/VisualPalette' + additionalProperties: false + BoxPlotFieldWells: + type: object + properties: + BoxPlotAggregatedFieldWells: + $ref: '#/components/schemas/BoxPlotAggregatedFieldWells' + additionalProperties: false + BoxPlotFillStyle: + type: string + enum: + - SOLID + - TRANSPARENT + BoxPlotOptions: + type: object + properties: + StyleOptions: + $ref: '#/components/schemas/BoxPlotStyleOptions' + OutlierVisibility: + $ref: '#/components/schemas/Visibility' + AllDataPointsVisibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + BoxPlotSortConfiguration: + type: object + properties: + CategorySort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + PaginationConfiguration: + $ref: '#/components/schemas/PaginationConfiguration' + additionalProperties: false + BoxPlotStyleOptions: + type: object + properties: + FillStyle: + $ref: '#/components/schemas/BoxPlotFillStyle' + additionalProperties: false + BoxPlotVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/BoxPlotChartConfiguration' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + ColumnHierarchies: + type: array + items: + $ref: '#/components/schemas/ColumnHierarchy' + maxItems: 2 + minItems: 0 + required: + - VisualId + additionalProperties: false + CalculatedField: + type: object + properties: + DataSetIdentifier: + type: string + maxLength: 2048 + minLength: 1 + Name: + type: string + maxLength: 127 + minLength: 1 + Expression: + type: string + maxLength: 32000 + minLength: 1 + required: + - DataSetIdentifier + - Expression + - Name + additionalProperties: false + CalculatedMeasureField: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + Expression: + type: string + maxLength: 4096 + minLength: 1 + required: + - Expression + - FieldId + additionalProperties: false + CascadingControlConfiguration: + type: object + properties: + SourceControls: + type: array + items: + $ref: '#/components/schemas/CascadingControlSource' + maxItems: 200 + minItems: 0 + additionalProperties: false + CascadingControlSource: + type: object + properties: + SourceSheetControlId: + type: string + ColumnToMatch: + $ref: '#/components/schemas/ColumnIdentifier' + additionalProperties: false + CategoricalAggregationFunction: + type: string + enum: + - COUNT + - DISTINCT_COUNT + CategoricalDimensionField: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + Column: + $ref: '#/components/schemas/ColumnIdentifier' + HierarchyId: + type: string + maxLength: 512 + minLength: 1 + FormatConfiguration: + $ref: '#/components/schemas/StringFormatConfiguration' + required: + - Column + - FieldId + additionalProperties: false + CategoricalMeasureField: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + Column: + $ref: '#/components/schemas/ColumnIdentifier' + AggregationFunction: + $ref: '#/components/schemas/CategoricalAggregationFunction' + FormatConfiguration: + $ref: '#/components/schemas/StringFormatConfiguration' + required: + - Column + - FieldId + additionalProperties: false + CategoryDrillDownFilter: + type: object + properties: + Column: + $ref: '#/components/schemas/ColumnIdentifier' + CategoryValues: + type: array + items: + type: string + maxLength: 512 + minLength: 0 + maxItems: 100000 + minItems: 0 + required: + - CategoryValues + - Column + additionalProperties: false + CategoryFilter: + type: object + properties: + FilterId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Column: + $ref: '#/components/schemas/ColumnIdentifier' + Configuration: + $ref: '#/components/schemas/CategoryFilterConfiguration' + required: + - Column + - Configuration + - FilterId + additionalProperties: false + CategoryFilterConfiguration: + type: object + properties: + FilterListConfiguration: + $ref: '#/components/schemas/FilterListConfiguration' + CustomFilterListConfiguration: + $ref: '#/components/schemas/CustomFilterListConfiguration' + CustomFilterConfiguration: + $ref: '#/components/schemas/CustomFilterConfiguration' + additionalProperties: false + CategoryFilterMatchOperator: + type: string + enum: + - EQUALS + - DOES_NOT_EQUAL + - CONTAINS + - DOES_NOT_CONTAIN + - STARTS_WITH + - ENDS_WITH + CategoryFilterSelectAllOptions: + type: string + enum: + - FILTER_ALL_VALUES + ChartAxisLabelOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + SortIconVisibility: + $ref: '#/components/schemas/Visibility' + AxisLabelOptions: + type: array + items: + $ref: '#/components/schemas/AxisLabelOptions' + maxItems: 100 + minItems: 0 + additionalProperties: false + ClusterMarker: + type: object + properties: + SimpleClusterMarker: + $ref: '#/components/schemas/SimpleClusterMarker' + additionalProperties: false + ClusterMarkerConfiguration: + type: object + properties: + ClusterMarker: + $ref: '#/components/schemas/ClusterMarker' + additionalProperties: false + ColorFillType: + type: string + enum: + - DISCRETE + - GRADIENT + ColorScale: + type: object + properties: + Colors: + type: array + items: + $ref: '#/components/schemas/DataColor' + maxItems: 3 + minItems: 2 + ColorFillType: + $ref: '#/components/schemas/ColorFillType' + NullValueColor: + $ref: '#/components/schemas/DataColor' + required: + - ColorFillType + - Colors + additionalProperties: false + ColorsConfiguration: + type: object + properties: + CustomColors: + type: array + items: + $ref: '#/components/schemas/CustomColor' + maxItems: 50 + minItems: 0 + additionalProperties: false + ColumnConfiguration: + type: object + properties: + Column: + $ref: '#/components/schemas/ColumnIdentifier' + FormatConfiguration: + $ref: '#/components/schemas/FormatConfiguration' + Role: + $ref: '#/components/schemas/ColumnRole' + ColorsConfiguration: + $ref: '#/components/schemas/ColorsConfiguration' + required: + - Column + additionalProperties: false + ColumnHierarchy: + type: object + properties: + ExplicitHierarchy: + $ref: '#/components/schemas/ExplicitHierarchy' + DateTimeHierarchy: + $ref: '#/components/schemas/DateTimeHierarchy' + PredefinedHierarchy: + $ref: '#/components/schemas/PredefinedHierarchy' + additionalProperties: false + ColumnIdentifier: + type: object + properties: + DataSetIdentifier: + type: string + maxLength: 2048 + minLength: 1 + ColumnName: + type: string + maxLength: 127 + minLength: 1 + required: + - ColumnName + - DataSetIdentifier + additionalProperties: false + ColumnRole: + type: string + enum: + - DIMENSION + - MEASURE + ColumnSort: + type: object + properties: + SortBy: + $ref: '#/components/schemas/ColumnIdentifier' + Direction: + $ref: '#/components/schemas/SortDirection' + AggregationFunction: + $ref: '#/components/schemas/AggregationFunction' + required: + - Direction + - SortBy + additionalProperties: false + ColumnTooltipItem: + type: object + properties: + Column: + $ref: '#/components/schemas/ColumnIdentifier' + Label: + type: string + Visibility: + $ref: '#/components/schemas/Visibility' + Aggregation: + $ref: '#/components/schemas/AggregationFunction' + required: + - Column + additionalProperties: false + ComboChartAggregatedFieldWells: + type: object + properties: + Category: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + BarValues: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + Colors: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + LineValues: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + additionalProperties: false + ComboChartConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/ComboChartFieldWells' + SortConfiguration: + $ref: '#/components/schemas/ComboChartSortConfiguration' + BarsArrangement: + $ref: '#/components/schemas/BarsArrangement' + CategoryAxis: + $ref: '#/components/schemas/AxisDisplayOptions' + CategoryLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + PrimaryYAxisDisplayOptions: + $ref: '#/components/schemas/AxisDisplayOptions' + PrimaryYAxisLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + SecondaryYAxisDisplayOptions: + $ref: '#/components/schemas/AxisDisplayOptions' + SecondaryYAxisLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + ColorLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + Legend: + $ref: '#/components/schemas/LegendOptions' + BarDataLabels: + $ref: '#/components/schemas/DataLabelOptions' + LineDataLabels: + $ref: '#/components/schemas/DataLabelOptions' + Tooltip: + $ref: '#/components/schemas/TooltipOptions' + ReferenceLines: + type: array + items: + $ref: '#/components/schemas/ReferenceLine' + maxItems: 20 + minItems: 0 + VisualPalette: + $ref: '#/components/schemas/VisualPalette' + additionalProperties: false + ComboChartFieldWells: + type: object + properties: + ComboChartAggregatedFieldWells: + $ref: '#/components/schemas/ComboChartAggregatedFieldWells' + additionalProperties: false + ComboChartSortConfiguration: + type: object + properties: + CategorySort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + CategoryItemsLimit: + $ref: '#/components/schemas/ItemsLimitConfiguration' + ColorSort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + ColorItemsLimit: + $ref: '#/components/schemas/ItemsLimitConfiguration' + additionalProperties: false + ComboChartVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/ComboChartConfiguration' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + ColumnHierarchies: + type: array + items: + $ref: '#/components/schemas/ColumnHierarchy' + maxItems: 2 + minItems: 0 + required: + - VisualId + additionalProperties: false + ComparisonConfiguration: + type: object + properties: + ComparisonMethod: + $ref: '#/components/schemas/ComparisonMethod' + ComparisonFormat: + $ref: '#/components/schemas/ComparisonFormatConfiguration' + additionalProperties: false + ComparisonFormatConfiguration: + type: object + properties: + NumberDisplayFormatConfiguration: + $ref: '#/components/schemas/NumberDisplayFormatConfiguration' + PercentageDisplayFormatConfiguration: + $ref: '#/components/schemas/PercentageDisplayFormatConfiguration' + additionalProperties: false + ComparisonMethod: + type: string + enum: + - DIFFERENCE + - PERCENT_DIFFERENCE + - PERCENT + Computation: + type: object + properties: + TopBottomRanked: + $ref: '#/components/schemas/TopBottomRankedComputation' + TopBottomMovers: + $ref: '#/components/schemas/TopBottomMoversComputation' + TotalAggregation: + $ref: '#/components/schemas/TotalAggregationComputation' + MaximumMinimum: + $ref: '#/components/schemas/MaximumMinimumComputation' + MetricComparison: + $ref: '#/components/schemas/MetricComparisonComputation' + PeriodOverPeriod: + $ref: '#/components/schemas/PeriodOverPeriodComputation' + PeriodToDate: + $ref: '#/components/schemas/PeriodToDateComputation' + GrowthRate: + $ref: '#/components/schemas/GrowthRateComputation' + UniqueValues: + $ref: '#/components/schemas/UniqueValuesComputation' + Forecast: + $ref: '#/components/schemas/ForecastComputation' + additionalProperties: false + ConditionalFormattingColor: + type: object + properties: + Solid: + $ref: '#/components/schemas/ConditionalFormattingSolidColor' + Gradient: + $ref: '#/components/schemas/ConditionalFormattingGradientColor' + additionalProperties: false + ConditionalFormattingCustomIconCondition: + type: object + properties: + Expression: + type: string + maxLength: 4096 + minLength: 1 + IconOptions: + $ref: '#/components/schemas/ConditionalFormattingCustomIconOptions' + Color: + type: string + pattern: ^#[A-F0-9]{6}$ + DisplayConfiguration: + $ref: '#/components/schemas/ConditionalFormattingIconDisplayConfiguration' + required: + - Expression + - IconOptions + additionalProperties: false + ConditionalFormattingCustomIconOptions: + type: object + properties: + Icon: + $ref: '#/components/schemas/Icon' + UnicodeIcon: + type: string + pattern: ^[^\u0000-\u00FF]$ + additionalProperties: false + ConditionalFormattingGradientColor: + type: object + properties: + Expression: + type: string + maxLength: 4096 + minLength: 1 + Color: + $ref: '#/components/schemas/GradientColor' + required: + - Color + - Expression + additionalProperties: false + ConditionalFormattingIcon: + type: object + properties: + IconSet: + $ref: '#/components/schemas/ConditionalFormattingIconSet' + CustomCondition: + $ref: '#/components/schemas/ConditionalFormattingCustomIconCondition' + additionalProperties: false + ConditionalFormattingIconDisplayConfiguration: + type: object + properties: + IconDisplayOption: + $ref: '#/components/schemas/ConditionalFormattingIconDisplayOption' + additionalProperties: false + ConditionalFormattingIconDisplayOption: + type: string + enum: + - ICON_ONLY + ConditionalFormattingIconSet: + type: object + properties: + Expression: + type: string + maxLength: 4096 + minLength: 1 + IconSetType: + $ref: '#/components/schemas/ConditionalFormattingIconSetType' + required: + - Expression + additionalProperties: false + ConditionalFormattingIconSetType: + type: string + enum: + - PLUS_MINUS + - CHECK_X + - THREE_COLOR_ARROW + - THREE_GRAY_ARROW + - CARET_UP_MINUS_DOWN + - THREE_SHAPE + - THREE_CIRCLE + - FLAGS + - BARS + - FOUR_COLOR_ARROW + - FOUR_GRAY_ARROW + ConditionalFormattingSolidColor: + type: object + properties: + Expression: + type: string + maxLength: 4096 + minLength: 1 + Color: + type: string + pattern: ^#[A-F0-9]{6}$ + required: + - Expression + additionalProperties: false + ContributionAnalysisDefault: + type: object + properties: + MeasureFieldId: + type: string + maxLength: 512 + minLength: 1 + ContributorDimensions: + type: array + items: + $ref: '#/components/schemas/ColumnIdentifier' + maxItems: 4 + minItems: 1 + required: + - ContributorDimensions + - MeasureFieldId + additionalProperties: false + CrossDatasetTypes: + type: string + enum: + - ALL_DATASETS + - SINGLE_DATASET + CurrencyDisplayFormatConfiguration: + type: object + properties: + Prefix: + type: string + maxLength: 128 + minLength: 1 + Suffix: + type: string + maxLength: 128 + minLength: 1 + SeparatorConfiguration: + $ref: '#/components/schemas/NumericSeparatorConfiguration' + Symbol: + type: string + pattern: '[A-Z]{3}' + DecimalPlacesConfiguration: + $ref: '#/components/schemas/DecimalPlacesConfiguration' + NumberScale: + $ref: '#/components/schemas/NumberScale' + NegativeValueConfiguration: + $ref: '#/components/schemas/NegativeValueConfiguration' + NullValueFormatConfiguration: + $ref: '#/components/schemas/NullValueFormatConfiguration' + additionalProperties: false + CustomActionFilterOperation: + type: object + properties: + SelectedFieldsConfiguration: + $ref: '#/components/schemas/FilterOperationSelectedFieldsConfiguration' + TargetVisualsConfiguration: + $ref: '#/components/schemas/FilterOperationTargetVisualsConfiguration' + required: + - SelectedFieldsConfiguration + - TargetVisualsConfiguration + additionalProperties: false + CustomActionNavigationOperation: + type: object + properties: + LocalNavigationConfiguration: + $ref: '#/components/schemas/LocalNavigationConfiguration' + additionalProperties: false + CustomActionSetParametersOperation: + type: object + properties: + ParameterValueConfigurations: + type: array + items: + $ref: '#/components/schemas/SetParameterValueConfiguration' + maxItems: 200 + minItems: 1 + required: + - ParameterValueConfigurations + additionalProperties: false + CustomActionURLOperation: + type: object + properties: + URLTemplate: + type: string + maxLength: 2048 + minLength: 1 + URLTarget: + $ref: '#/components/schemas/URLTargetConfiguration' + required: + - URLTarget + - URLTemplate + additionalProperties: false + CustomColor: + type: object + properties: + FieldValue: + type: string + maxLength: 2048 + minLength: 0 + Color: + type: string + pattern: ^#[A-F0-9]{6}$ + SpecialValue: + $ref: '#/components/schemas/SpecialValue' + required: + - Color + additionalProperties: false + CustomContentConfiguration: + type: object + properties: + ContentUrl: + type: string + maxLength: 2048 + minLength: 1 + ContentType: + $ref: '#/components/schemas/CustomContentType' + ImageScaling: + $ref: '#/components/schemas/CustomContentImageScalingConfiguration' + additionalProperties: false + CustomContentImageScalingConfiguration: + type: string + enum: + - FIT_TO_HEIGHT + - FIT_TO_WIDTH + - DO_NOT_SCALE + - SCALE_TO_VISUAL + CustomContentType: + type: string + enum: + - IMAGE + - OTHER_EMBEDDED_CONTENT + CustomContentVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/CustomContentConfiguration' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + DataSetIdentifier: + type: string + maxLength: 2048 + minLength: 1 + required: + - DataSetIdentifier + - VisualId + additionalProperties: false + CustomFilterConfiguration: + type: object + properties: + MatchOperator: + $ref: '#/components/schemas/CategoryFilterMatchOperator' + CategoryValue: + type: string + maxLength: 512 + minLength: 0 + SelectAllOptions: + $ref: '#/components/schemas/CategoryFilterSelectAllOptions' + ParameterName: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + NullOption: + $ref: '#/components/schemas/FilterNullOption' + required: + - MatchOperator + - NullOption + additionalProperties: false + CustomFilterListConfiguration: + type: object + properties: + MatchOperator: + $ref: '#/components/schemas/CategoryFilterMatchOperator' + CategoryValues: + type: array + items: + type: string + maxLength: 512 + minLength: 0 + maxItems: 100000 + minItems: 0 + SelectAllOptions: + $ref: '#/components/schemas/CategoryFilterSelectAllOptions' + NullOption: + $ref: '#/components/schemas/FilterNullOption' + required: + - MatchOperator + - NullOption + additionalProperties: false + CustomNarrativeOptions: + type: object + properties: + Narrative: + type: string + maxLength: 150000 + minLength: 0 + required: + - Narrative + additionalProperties: false + CustomParameterValues: + type: object + properties: + StringValues: + type: array + items: + type: string + maxItems: 50000 + minItems: 0 + IntegerValues: + type: array + items: + type: number + maxItems: 50000 + minItems: 0 + DecimalValues: + type: array + items: + type: number + maxItems: 50000 + minItems: 0 + DateTimeValues: + type: array + items: + type: string + format: date-time + maxItems: 50000 + minItems: 0 + additionalProperties: false + CustomValuesConfiguration: + type: object + properties: + IncludeNullValue: + type: boolean + CustomValues: + $ref: '#/components/schemas/CustomParameterValues' + required: + - CustomValues + additionalProperties: false + DataBarsOptions: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + PositiveColor: + type: string + pattern: ^#[A-F0-9]{6}$ + NegativeColor: + type: string + pattern: ^#[A-F0-9]{6}$ + required: + - FieldId + additionalProperties: false + DataColor: + type: object + properties: + Color: + type: string + pattern: ^#[A-F0-9]{6}$ + DataValue: + type: number + default: null + additionalProperties: false + DataFieldSeriesItem: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + FieldValue: + type: string + AxisBinding: + $ref: '#/components/schemas/AxisBinding' + Settings: + $ref: '#/components/schemas/LineChartSeriesSettings' + required: + - AxisBinding + - FieldId + additionalProperties: false + DataLabelContent: + type: string + enum: + - VALUE + - PERCENT + - VALUE_AND_PERCENT + DataLabelOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + CategoryLabelVisibility: + $ref: '#/components/schemas/Visibility' + MeasureLabelVisibility: + $ref: '#/components/schemas/Visibility' + DataLabelTypes: + type: array + items: + $ref: '#/components/schemas/DataLabelType' + maxItems: 100 + minItems: 0 + Position: + $ref: '#/components/schemas/DataLabelPosition' + LabelContent: + $ref: '#/components/schemas/DataLabelContent' + LabelFontConfiguration: + $ref: '#/components/schemas/FontConfiguration' + LabelColor: + type: string + pattern: ^#[A-F0-9]{6}$ + Overlap: + $ref: '#/components/schemas/DataLabelOverlap' + TotalsVisibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + DataLabelOverlap: + type: string + enum: + - DISABLE_OVERLAP + - ENABLE_OVERLAP + DataLabelPosition: + type: string + enum: + - INSIDE + - OUTSIDE + - LEFT + - TOP + - BOTTOM + - RIGHT + DataLabelType: + type: object + properties: + FieldLabelType: + $ref: '#/components/schemas/FieldLabelType' + DataPathLabelType: + $ref: '#/components/schemas/DataPathLabelType' + RangeEndsLabelType: + $ref: '#/components/schemas/RangeEndsLabelType' + MinimumLabelType: + $ref: '#/components/schemas/MinimumLabelType' + MaximumLabelType: + $ref: '#/components/schemas/MaximumLabelType' + additionalProperties: false + DataPathColor: + type: object + properties: + Element: + $ref: '#/components/schemas/DataPathValue' + Color: + type: string + pattern: ^#[A-F0-9]{6}$ + TimeGranularity: + $ref: '#/components/schemas/TimeGranularity' + required: + - Color + - Element + additionalProperties: false + DataPathLabelType: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + FieldValue: + type: string + maxLength: 2048 + minLength: 0 + Visibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + DataPathSort: + type: object + properties: + Direction: + $ref: '#/components/schemas/SortDirection' + SortPaths: + type: array + items: + $ref: '#/components/schemas/DataPathValue' + maxItems: 20 + minItems: 0 + required: + - Direction + - SortPaths + additionalProperties: false + DataPathType: + type: object + properties: + PivotTableDataPathType: + $ref: '#/components/schemas/PivotTableDataPathType' + additionalProperties: false + DataPathValue: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + FieldValue: + type: string + maxLength: 2048 + minLength: 0 + DataPathType: + $ref: '#/components/schemas/DataPathType' + additionalProperties: false + DataSetIdentifierDeclaration: + type: object + properties: + Identifier: + type: string + maxLength: 2048 + minLength: 1 + DataSetArn: + type: string + required: + - DataSetArn + - Identifier + additionalProperties: false + DataSetReference: + type: object + properties: + DataSetPlaceholder: + type: string + pattern: .*\S.* + DataSetArn: + type: string + required: + - DataSetArn + - DataSetPlaceholder + additionalProperties: false + DateAggregationFunction: + type: string + enum: + - COUNT + - DISTINCT_COUNT + - MIN + - MAX + DateAxisOptions: + type: object + properties: + MissingDateVisibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + DateDimensionField: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + Column: + $ref: '#/components/schemas/ColumnIdentifier' + DateGranularity: + $ref: '#/components/schemas/TimeGranularity' + HierarchyId: + type: string + maxLength: 512 + minLength: 1 + FormatConfiguration: + $ref: '#/components/schemas/DateTimeFormatConfiguration' + required: + - Column + - FieldId + additionalProperties: false + DateMeasureField: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + Column: + $ref: '#/components/schemas/ColumnIdentifier' + AggregationFunction: + $ref: '#/components/schemas/DateAggregationFunction' + FormatConfiguration: + $ref: '#/components/schemas/DateTimeFormatConfiguration' + required: + - Column + - FieldId + additionalProperties: false + DateTimeDefaultValues: + type: object + properties: + DynamicValue: + $ref: '#/components/schemas/DynamicDefaultValue' + StaticValues: + type: array + items: + type: string + format: date-time + maxItems: 50000 + minItems: 0 + RollingDate: + $ref: '#/components/schemas/RollingDateConfiguration' + additionalProperties: false + DateTimeFormatConfiguration: + type: object + properties: + DateTimeFormat: + type: string + maxLength: 128 + minLength: 1 + NullValueFormatConfiguration: + $ref: '#/components/schemas/NullValueFormatConfiguration' + NumericFormatConfiguration: + $ref: '#/components/schemas/NumericFormatConfiguration' + additionalProperties: false + DateTimeHierarchy: + type: object + properties: + HierarchyId: + type: string + maxLength: 512 + minLength: 1 + DrillDownFilters: + type: array + items: + $ref: '#/components/schemas/DrillDownFilter' + maxItems: 10 + minItems: 0 + required: + - HierarchyId + additionalProperties: false + DateTimeParameter: + type: object + properties: + Name: + type: string + pattern: .*\S.* + Values: + type: array + items: + type: string + required: + - Name + - Values + additionalProperties: false + DateTimeParameterDeclaration: + type: object + properties: + Name: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + DefaultValues: + $ref: '#/components/schemas/DateTimeDefaultValues' + TimeGranularity: + $ref: '#/components/schemas/TimeGranularity' + ValueWhenUnset: + $ref: '#/components/schemas/DateTimeValueWhenUnsetConfiguration' + MappedDataSetParameters: + type: array + items: + $ref: '#/components/schemas/MappedDataSetParameter' + maxItems: 150 + minItems: 0 + required: + - Name + additionalProperties: false + DateTimePickerControlDisplayOptions: + type: object + properties: + TitleOptions: + $ref: '#/components/schemas/LabelOptions' + DateTimeFormat: + type: string + maxLength: 128 + minLength: 1 + InfoIconLabelOptions: + $ref: '#/components/schemas/SheetControlInfoIconLabelOptions' + additionalProperties: false + DateTimeValueWhenUnsetConfiguration: + type: object + properties: + ValueWhenUnsetOption: + $ref: '#/components/schemas/ValueWhenUnsetOption' + CustomValue: + type: string + format: date-time + additionalProperties: false + DayOfTheWeek: + type: string + enum: + - SUNDAY + - MONDAY + - TUESDAY + - WEDNESDAY + - THURSDAY + - FRIDAY + - SATURDAY + DecimalDefaultValues: + type: object + properties: + DynamicValue: + $ref: '#/components/schemas/DynamicDefaultValue' + StaticValues: + type: array + items: + type: number + maxItems: 50000 + minItems: 0 + additionalProperties: false + DecimalParameter: + type: object + properties: + Name: + type: string + pattern: .*\S.* + Values: + type: array + items: + type: number + default: 0 + required: + - Name + - Values + additionalProperties: false + DecimalParameterDeclaration: + type: object + properties: + ParameterValueType: + $ref: '#/components/schemas/ParameterValueType' + Name: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + DefaultValues: + $ref: '#/components/schemas/DecimalDefaultValues' + ValueWhenUnset: + $ref: '#/components/schemas/DecimalValueWhenUnsetConfiguration' + MappedDataSetParameters: + type: array + items: + $ref: '#/components/schemas/MappedDataSetParameter' + maxItems: 150 + minItems: 0 + required: + - Name + - ParameterValueType + additionalProperties: false + DecimalPlacesConfiguration: + type: object + properties: + DecimalPlaces: + type: number + maximum: 20 + minimum: 0 + required: + - DecimalPlaces + additionalProperties: false + DecimalValueWhenUnsetConfiguration: + type: object + properties: + ValueWhenUnsetOption: + $ref: '#/components/schemas/ValueWhenUnsetOption' + CustomValue: + type: number + default: null + additionalProperties: false + DefaultFreeFormLayoutConfiguration: + type: object + properties: + CanvasSizeOptions: + $ref: '#/components/schemas/FreeFormLayoutCanvasSizeOptions' + required: + - CanvasSizeOptions + additionalProperties: false + DefaultGridLayoutConfiguration: + type: object + properties: + CanvasSizeOptions: + $ref: '#/components/schemas/GridLayoutCanvasSizeOptions' + required: + - CanvasSizeOptions + additionalProperties: false + DefaultInteractiveLayoutConfiguration: + type: object + properties: + Grid: + $ref: '#/components/schemas/DefaultGridLayoutConfiguration' + FreeForm: + $ref: '#/components/schemas/DefaultFreeFormLayoutConfiguration' + additionalProperties: false + DefaultNewSheetConfiguration: + type: object + properties: + InteractiveLayoutConfiguration: + $ref: '#/components/schemas/DefaultInteractiveLayoutConfiguration' + PaginatedLayoutConfiguration: + $ref: '#/components/schemas/DefaultPaginatedLayoutConfiguration' + SheetContentType: + $ref: '#/components/schemas/SheetContentType' + additionalProperties: false + DefaultPaginatedLayoutConfiguration: + type: object + properties: + SectionBased: + $ref: '#/components/schemas/DefaultSectionBasedLayoutConfiguration' + additionalProperties: false + DefaultSectionBasedLayoutConfiguration: + type: object + properties: + CanvasSizeOptions: + $ref: '#/components/schemas/SectionBasedLayoutCanvasSizeOptions' + required: + - CanvasSizeOptions + additionalProperties: false + DestinationParameterValueConfiguration: + type: object + properties: + CustomValuesConfiguration: + $ref: '#/components/schemas/CustomValuesConfiguration' + SelectAllValueOptions: + $ref: '#/components/schemas/SelectAllValueOptions' + SourceParameterName: + type: string + SourceField: + type: string + maxLength: 512 + minLength: 1 + SourceColumn: + $ref: '#/components/schemas/ColumnIdentifier' + additionalProperties: false + DimensionField: + type: object + properties: + NumericalDimensionField: + $ref: '#/components/schemas/NumericalDimensionField' + CategoricalDimensionField: + $ref: '#/components/schemas/CategoricalDimensionField' + DateDimensionField: + $ref: '#/components/schemas/DateDimensionField' + additionalProperties: false + DonutCenterOptions: + type: object + properties: + LabelVisibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + DonutOptions: + type: object + properties: + ArcOptions: + $ref: '#/components/schemas/ArcOptions' + DonutCenterOptions: + $ref: '#/components/schemas/DonutCenterOptions' + additionalProperties: false + DrillDownFilter: + type: object + properties: + NumericEqualityFilter: + $ref: '#/components/schemas/NumericEqualityDrillDownFilter' + CategoryFilter: + $ref: '#/components/schemas/CategoryDrillDownFilter' + TimeRangeFilter: + $ref: '#/components/schemas/TimeRangeDrillDownFilter' + additionalProperties: false + DropDownControlDisplayOptions: + type: object + properties: + SelectAllOptions: + $ref: '#/components/schemas/ListControlSelectAllOptions' + TitleOptions: + $ref: '#/components/schemas/LabelOptions' + InfoIconLabelOptions: + $ref: '#/components/schemas/SheetControlInfoIconLabelOptions' + additionalProperties: false + DynamicDefaultValue: + type: object + properties: + UserNameColumn: + $ref: '#/components/schemas/ColumnIdentifier' + GroupNameColumn: + $ref: '#/components/schemas/ColumnIdentifier' + DefaultValueColumn: + $ref: '#/components/schemas/ColumnIdentifier' + required: + - DefaultValueColumn + additionalProperties: false + EmptyVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + DataSetIdentifier: + type: string + maxLength: 2048 + minLength: 1 + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + required: + - DataSetIdentifier + - VisualId + additionalProperties: false + Entity: + type: object + properties: + Path: + type: string + pattern: .*\S.* + additionalProperties: false + ExcludePeriodConfiguration: + type: object + properties: + Amount: + type: number + default: null + Granularity: + $ref: '#/components/schemas/TimeGranularity' + Status: + $ref: '#/components/schemas/WidgetStatus' + required: + - Amount + - Granularity + additionalProperties: false + ExplicitHierarchy: + type: object + properties: + HierarchyId: + type: string + maxLength: 512 + minLength: 1 + Columns: + type: array + items: + $ref: '#/components/schemas/ColumnIdentifier' + maxItems: 10 + minItems: 2 + DrillDownFilters: + type: array + items: + $ref: '#/components/schemas/DrillDownFilter' + maxItems: 10 + minItems: 0 + required: + - Columns + - HierarchyId + additionalProperties: false + FieldBasedTooltip: + type: object + properties: + AggregationVisibility: + $ref: '#/components/schemas/Visibility' + TooltipTitleType: + $ref: '#/components/schemas/TooltipTitleType' + TooltipFields: + type: array + items: + $ref: '#/components/schemas/TooltipItem' + maxItems: 100 + minItems: 0 + additionalProperties: false + FieldLabelType: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + Visibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + FieldSeriesItem: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + AxisBinding: + $ref: '#/components/schemas/AxisBinding' + Settings: + $ref: '#/components/schemas/LineChartSeriesSettings' + required: + - AxisBinding + - FieldId + additionalProperties: false + FieldSort: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + Direction: + $ref: '#/components/schemas/SortDirection' + required: + - Direction + - FieldId + additionalProperties: false + FieldSortOptions: + type: object + properties: + FieldSort: + $ref: '#/components/schemas/FieldSort' + ColumnSort: + $ref: '#/components/schemas/ColumnSort' + additionalProperties: false + FieldTooltipItem: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + Label: + type: string + Visibility: + $ref: '#/components/schemas/Visibility' + required: + - FieldId + additionalProperties: false + FilledMapAggregatedFieldWells: + type: object + properties: + Geospatial: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 1 + minItems: 0 + Values: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 1 + minItems: 0 + additionalProperties: false + FilledMapConditionalFormatting: + type: object + properties: + ConditionalFormattingOptions: + type: array + items: + $ref: '#/components/schemas/FilledMapConditionalFormattingOption' + maxItems: 200 + minItems: 0 + required: + - ConditionalFormattingOptions + additionalProperties: false + FilledMapConditionalFormattingOption: + type: object + properties: + Shape: + $ref: '#/components/schemas/FilledMapShapeConditionalFormatting' + required: + - Shape + additionalProperties: false + FilledMapConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/FilledMapFieldWells' + SortConfiguration: + $ref: '#/components/schemas/FilledMapSortConfiguration' + Legend: + $ref: '#/components/schemas/LegendOptions' + Tooltip: + $ref: '#/components/schemas/TooltipOptions' + WindowOptions: + $ref: '#/components/schemas/GeospatialWindowOptions' + MapStyleOptions: + $ref: '#/components/schemas/GeospatialMapStyleOptions' + additionalProperties: false + FilledMapFieldWells: + type: object + properties: + FilledMapAggregatedFieldWells: + $ref: '#/components/schemas/FilledMapAggregatedFieldWells' + additionalProperties: false + FilledMapShapeConditionalFormatting: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + Format: + $ref: '#/components/schemas/ShapeConditionalFormat' + required: + - FieldId + additionalProperties: false + FilledMapSortConfiguration: + type: object + properties: + CategorySort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + additionalProperties: false + FilledMapVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/FilledMapConfiguration' + ConditionalFormatting: + $ref: '#/components/schemas/FilledMapConditionalFormatting' + ColumnHierarchies: + type: array + items: + $ref: '#/components/schemas/ColumnHierarchy' + maxItems: 2 + minItems: 0 + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + required: + - VisualId + additionalProperties: false + Filter: + type: object + properties: + CategoryFilter: + $ref: '#/components/schemas/CategoryFilter' + NumericRangeFilter: + $ref: '#/components/schemas/NumericRangeFilter' + NumericEqualityFilter: + $ref: '#/components/schemas/NumericEqualityFilter' + TimeEqualityFilter: + $ref: '#/components/schemas/TimeEqualityFilter' + TimeRangeFilter: + $ref: '#/components/schemas/TimeRangeFilter' + RelativeDatesFilter: + $ref: '#/components/schemas/RelativeDatesFilter' + TopBottomFilter: + $ref: '#/components/schemas/TopBottomFilter' + additionalProperties: false + FilterControl: + type: object + properties: + DateTimePicker: + $ref: '#/components/schemas/FilterDateTimePickerControl' + List: + $ref: '#/components/schemas/FilterListControl' + Dropdown: + $ref: '#/components/schemas/FilterDropDownControl' + TextField: + $ref: '#/components/schemas/FilterTextFieldControl' + TextArea: + $ref: '#/components/schemas/FilterTextAreaControl' + Slider: + $ref: '#/components/schemas/FilterSliderControl' + RelativeDateTime: + $ref: '#/components/schemas/FilterRelativeDateTimeControl' + additionalProperties: false + FilterDateTimePickerControl: + type: object + properties: + FilterControlId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + type: string + maxLength: 2048 + minLength: 1 + SourceFilterId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + DisplayOptions: + $ref: '#/components/schemas/DateTimePickerControlDisplayOptions' + Type: + $ref: '#/components/schemas/SheetControlDateTimePickerType' + required: + - FilterControlId + - SourceFilterId + - Title + additionalProperties: false + FilterDropDownControl: + type: object + properties: + FilterControlId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + type: string + maxLength: 2048 + minLength: 1 + SourceFilterId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + DisplayOptions: + $ref: '#/components/schemas/DropDownControlDisplayOptions' + Type: + $ref: '#/components/schemas/SheetControlListType' + SelectableValues: + $ref: '#/components/schemas/FilterSelectableValues' + CascadingControlConfiguration: + $ref: '#/components/schemas/CascadingControlConfiguration' + required: + - FilterControlId + - SourceFilterId + - Title + additionalProperties: false + FilterGroup: + type: object + properties: + FilterGroupId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Filters: + type: array + items: + $ref: '#/components/schemas/Filter' + maxItems: 20 + minItems: 0 + ScopeConfiguration: + $ref: '#/components/schemas/FilterScopeConfiguration' + Status: + $ref: '#/components/schemas/WidgetStatus' + CrossDataset: + $ref: '#/components/schemas/CrossDatasetTypes' + required: + - CrossDataset + - FilterGroupId + - Filters + - ScopeConfiguration + additionalProperties: false + FilterListConfiguration: + type: object + properties: + MatchOperator: + $ref: '#/components/schemas/CategoryFilterMatchOperator' + CategoryValues: + type: array + items: + type: string + maxLength: 512 + minLength: 0 + maxItems: 100000 + minItems: 0 + SelectAllOptions: + $ref: '#/components/schemas/CategoryFilterSelectAllOptions' + NullOption: + $ref: '#/components/schemas/FilterNullOption' + required: + - MatchOperator + additionalProperties: false + FilterListControl: + type: object + properties: + FilterControlId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + type: string + maxLength: 2048 + minLength: 1 + SourceFilterId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + DisplayOptions: + $ref: '#/components/schemas/ListControlDisplayOptions' + Type: + $ref: '#/components/schemas/SheetControlListType' + SelectableValues: + $ref: '#/components/schemas/FilterSelectableValues' + CascadingControlConfiguration: + $ref: '#/components/schemas/CascadingControlConfiguration' + required: + - FilterControlId + - SourceFilterId + - Title + additionalProperties: false + FilterNullOption: + type: string + enum: + - ALL_VALUES + - NULLS_ONLY + - NON_NULLS_ONLY + FilterOperationSelectedFieldsConfiguration: + type: object + properties: + SelectedFields: + type: array + items: + type: string + maxLength: 512 + minLength: 1 + maxItems: 20 + minItems: 1 + SelectedFieldOptions: + $ref: '#/components/schemas/SelectedFieldOptions' + SelectedColumns: + type: array + items: + $ref: '#/components/schemas/ColumnIdentifier' + maxItems: 10 + minItems: 0 + additionalProperties: false + FilterOperationTargetVisualsConfiguration: + type: object + properties: + SameSheetTargetVisualConfiguration: + $ref: '#/components/schemas/SameSheetTargetVisualConfiguration' + additionalProperties: false + FilterRelativeDateTimeControl: + type: object + properties: + FilterControlId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + type: string + maxLength: 2048 + minLength: 1 + SourceFilterId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + DisplayOptions: + $ref: '#/components/schemas/RelativeDateTimeControlDisplayOptions' + required: + - FilterControlId + - SourceFilterId + - Title + additionalProperties: false + FilterScopeConfiguration: + type: object + properties: + SelectedSheets: + $ref: '#/components/schemas/SelectedSheetsFilterScopeConfiguration' + AllSheets: + $ref: '#/components/schemas/AllSheetsFilterScopeConfiguration' + additionalProperties: false + FilterSelectableValues: + type: object + properties: + Values: + type: array + items: + type: string + maxItems: 50000 + minItems: 0 + additionalProperties: false + FilterSliderControl: + type: object + properties: + FilterControlId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + type: string + maxLength: 2048 + minLength: 1 + SourceFilterId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + DisplayOptions: + $ref: '#/components/schemas/SliderControlDisplayOptions' + Type: + $ref: '#/components/schemas/SheetControlSliderType' + MaximumValue: + type: number + default: 0 + MinimumValue: + type: number + default: 0 + StepSize: + type: number + default: 0 + required: + - FilterControlId + - MaximumValue + - MinimumValue + - SourceFilterId + - StepSize + - Title + additionalProperties: false + FilterTextAreaControl: + type: object + properties: + FilterControlId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + type: string + maxLength: 2048 + minLength: 1 + SourceFilterId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Delimiter: + type: string + maxLength: 2048 + minLength: 1 + DisplayOptions: + $ref: '#/components/schemas/TextAreaControlDisplayOptions' + required: + - FilterControlId + - SourceFilterId + - Title + additionalProperties: false + FilterTextFieldControl: + type: object + properties: + FilterControlId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + type: string + maxLength: 2048 + minLength: 1 + SourceFilterId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + DisplayOptions: + $ref: '#/components/schemas/TextFieldControlDisplayOptions' + required: + - FilterControlId + - SourceFilterId + - Title + additionalProperties: false + FilterVisualScope: + type: string + enum: + - ALL_VISUALS + - SELECTED_VISUALS + FontConfiguration: + type: object + properties: + FontSize: + $ref: '#/components/schemas/FontSize' + FontDecoration: + $ref: '#/components/schemas/FontDecoration' + FontColor: + type: string + pattern: ^#[A-F0-9]{6}$ + FontWeight: + $ref: '#/components/schemas/FontWeight' + FontStyle: + $ref: '#/components/schemas/FontStyle' + additionalProperties: false + FontDecoration: + type: string + enum: + - UNDERLINE + - NONE + FontSize: + type: object + properties: + Relative: + $ref: '#/components/schemas/RelativeFontSize' + additionalProperties: false + FontStyle: + type: string + enum: + - NORMAL + - ITALIC + FontWeight: + type: object + properties: + Name: + $ref: '#/components/schemas/FontWeightName' + additionalProperties: false + FontWeightName: + type: string + enum: + - NORMAL + - BOLD + ForecastComputation: + type: object + properties: + ComputationId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Name: + type: string + Time: + $ref: '#/components/schemas/DimensionField' + Value: + $ref: '#/components/schemas/MeasureField' + PeriodsForward: + type: number + maximum: 1000 + minimum: 1 + PeriodsBackward: + type: number + maximum: 1000 + minimum: 0 + UpperBoundary: + type: number + default: null + LowerBoundary: + type: number + default: null + PredictionInterval: + type: number + maximum: 95 + minimum: 50 + Seasonality: + $ref: '#/components/schemas/ForecastComputationSeasonality' + CustomSeasonalityValue: + type: number + default: null + maximum: 180 + minimum: 1 + required: + - ComputationId + additionalProperties: false + ForecastComputationSeasonality: + type: string + enum: + - AUTOMATIC + - CUSTOM + ForecastConfiguration: + type: object + properties: + ForecastProperties: + $ref: '#/components/schemas/TimeBasedForecastProperties' + Scenario: + $ref: '#/components/schemas/ForecastScenario' + additionalProperties: false + ForecastScenario: + type: object + properties: + WhatIfPointScenario: + $ref: '#/components/schemas/WhatIfPointScenario' + WhatIfRangeScenario: + $ref: '#/components/schemas/WhatIfRangeScenario' + additionalProperties: false + FormatConfiguration: + type: object + properties: + StringFormatConfiguration: + $ref: '#/components/schemas/StringFormatConfiguration' + NumberFormatConfiguration: + $ref: '#/components/schemas/NumberFormatConfiguration' + DateTimeFormatConfiguration: + $ref: '#/components/schemas/DateTimeFormatConfiguration' + additionalProperties: false + FreeFormLayoutCanvasSizeOptions: + type: object + properties: + ScreenCanvasSizeOptions: + $ref: '#/components/schemas/FreeFormLayoutScreenCanvasSizeOptions' + additionalProperties: false + FreeFormLayoutConfiguration: + type: object + properties: + Elements: + type: array + items: + $ref: '#/components/schemas/FreeFormLayoutElement' + maxItems: 430 + minItems: 0 + CanvasSizeOptions: + $ref: '#/components/schemas/FreeFormLayoutCanvasSizeOptions' + required: + - Elements + additionalProperties: false + FreeFormLayoutElement: + type: object + properties: + ElementId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + ElementType: + $ref: '#/components/schemas/LayoutElementType' + XAxisLocation: + type: string + description: String based length that is composed of value and unit in px + YAxisLocation: + type: string + description: String based length that is composed of value and unit in px with Integer.MAX_VALUE as maximum value + Width: + type: string + description: String based length that is composed of value and unit in px + Height: + type: string + description: String based length that is composed of value and unit in px + Visibility: + $ref: '#/components/schemas/Visibility' + RenderingRules: + type: array + items: + $ref: '#/components/schemas/SheetElementRenderingRule' + maxItems: 10000 + minItems: 0 + BorderStyle: + $ref: '#/components/schemas/FreeFormLayoutElementBorderStyle' + SelectedBorderStyle: + $ref: '#/components/schemas/FreeFormLayoutElementBorderStyle' + BackgroundStyle: + $ref: '#/components/schemas/FreeFormLayoutElementBackgroundStyle' + LoadingAnimation: + $ref: '#/components/schemas/LoadingAnimation' + required: + - ElementId + - ElementType + - Height + - Width + - XAxisLocation + - YAxisLocation + additionalProperties: false + FreeFormLayoutElementBackgroundStyle: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + Color: + type: string + pattern: ^#[A-F0-9]{6}(?:[A-F0-9]{2})?$ + additionalProperties: false + FreeFormLayoutElementBorderStyle: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + Color: + type: string + pattern: ^#[A-F0-9]{6}(?:[A-F0-9]{2})?$ + additionalProperties: false + FreeFormLayoutScreenCanvasSizeOptions: + type: object + properties: + OptimizedViewPortWidth: + type: string + description: String based length that is composed of value and unit in px + required: + - OptimizedViewPortWidth + additionalProperties: false + FreeFormSectionLayoutConfiguration: + type: object + properties: + Elements: + type: array + items: + $ref: '#/components/schemas/FreeFormLayoutElement' + maxItems: 430 + minItems: 0 + required: + - Elements + additionalProperties: false + FunnelChartAggregatedFieldWells: + type: object + properties: + Category: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 1 + minItems: 0 + Values: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 1 + minItems: 0 + additionalProperties: false + FunnelChartConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/FunnelChartFieldWells' + SortConfiguration: + $ref: '#/components/schemas/FunnelChartSortConfiguration' + CategoryLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + ValueLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + Tooltip: + $ref: '#/components/schemas/TooltipOptions' + DataLabelOptions: + $ref: '#/components/schemas/FunnelChartDataLabelOptions' + VisualPalette: + $ref: '#/components/schemas/VisualPalette' + additionalProperties: false + FunnelChartDataLabelOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + CategoryLabelVisibility: + $ref: '#/components/schemas/Visibility' + MeasureLabelVisibility: + $ref: '#/components/schemas/Visibility' + Position: + $ref: '#/components/schemas/DataLabelPosition' + LabelFontConfiguration: + $ref: '#/components/schemas/FontConfiguration' + LabelColor: + type: string + pattern: ^#[A-F0-9]{6}$ + MeasureDataLabelStyle: + $ref: '#/components/schemas/FunnelChartMeasureDataLabelStyle' + additionalProperties: false + FunnelChartFieldWells: + type: object + properties: + FunnelChartAggregatedFieldWells: + $ref: '#/components/schemas/FunnelChartAggregatedFieldWells' + additionalProperties: false + FunnelChartMeasureDataLabelStyle: + type: string + enum: + - VALUE_ONLY + - PERCENTAGE_BY_FIRST_STAGE + - PERCENTAGE_BY_PREVIOUS_STAGE + - VALUE_AND_PERCENTAGE_BY_FIRST_STAGE + - VALUE_AND_PERCENTAGE_BY_PREVIOUS_STAGE + FunnelChartSortConfiguration: + type: object + properties: + CategorySort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + CategoryItemsLimit: + $ref: '#/components/schemas/ItemsLimitConfiguration' + additionalProperties: false + FunnelChartVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/FunnelChartConfiguration' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + ColumnHierarchies: + type: array + items: + $ref: '#/components/schemas/ColumnHierarchy' + maxItems: 2 + minItems: 0 + required: + - VisualId + additionalProperties: false + GaugeChartArcConditionalFormatting: + type: object + properties: + ForegroundColor: + $ref: '#/components/schemas/ConditionalFormattingColor' + additionalProperties: false + GaugeChartConditionalFormatting: + type: object + properties: + ConditionalFormattingOptions: + type: array + items: + $ref: '#/components/schemas/GaugeChartConditionalFormattingOption' + maxItems: 100 + minItems: 0 + additionalProperties: false + GaugeChartConditionalFormattingOption: + type: object + properties: + PrimaryValue: + $ref: '#/components/schemas/GaugeChartPrimaryValueConditionalFormatting' + Arc: + $ref: '#/components/schemas/GaugeChartArcConditionalFormatting' + additionalProperties: false + GaugeChartConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/GaugeChartFieldWells' + GaugeChartOptions: + $ref: '#/components/schemas/GaugeChartOptions' + DataLabels: + $ref: '#/components/schemas/DataLabelOptions' + TooltipOptions: + $ref: '#/components/schemas/TooltipOptions' + VisualPalette: + $ref: '#/components/schemas/VisualPalette' + additionalProperties: false + GaugeChartFieldWells: + type: object + properties: + Values: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + TargetValues: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + additionalProperties: false + GaugeChartOptions: + type: object + properties: + PrimaryValueDisplayType: + $ref: '#/components/schemas/PrimaryValueDisplayType' + Comparison: + $ref: '#/components/schemas/ComparisonConfiguration' + ArcAxis: + $ref: '#/components/schemas/ArcAxisConfiguration' + Arc: + $ref: '#/components/schemas/ArcConfiguration' + PrimaryValueFontConfiguration: + $ref: '#/components/schemas/FontConfiguration' + additionalProperties: false + GaugeChartPrimaryValueConditionalFormatting: + type: object + properties: + TextColor: + $ref: '#/components/schemas/ConditionalFormattingColor' + Icon: + $ref: '#/components/schemas/ConditionalFormattingIcon' + additionalProperties: false + GaugeChartVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/GaugeChartConfiguration' + ConditionalFormatting: + $ref: '#/components/schemas/GaugeChartConditionalFormatting' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + required: + - VisualId + additionalProperties: false + GeospatialCoordinateBounds: + type: object + properties: + North: + type: number + maximum: 90 + minimum: -90 + South: + type: number + maximum: 90 + minimum: -90 + West: + type: number + maximum: 1800 + minimum: -1800 + East: + type: number + maximum: 1800 + minimum: -1800 + required: + - East + - North + - South + - West + additionalProperties: false + GeospatialHeatmapColorScale: + type: object + properties: + Colors: + type: array + items: + $ref: '#/components/schemas/GeospatialHeatmapDataColor' + maxItems: 2 + minItems: 2 + additionalProperties: false + GeospatialHeatmapConfiguration: + type: object + properties: + HeatmapColor: + $ref: '#/components/schemas/GeospatialHeatmapColorScale' + additionalProperties: false + GeospatialHeatmapDataColor: + type: object + properties: + Color: + type: string + pattern: ^#[A-F0-9]{6}$ + required: + - Color + additionalProperties: false + GeospatialMapAggregatedFieldWells: + type: object + properties: + Geospatial: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + Values: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + Colors: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + additionalProperties: false + GeospatialMapConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/GeospatialMapFieldWells' + Legend: + $ref: '#/components/schemas/LegendOptions' + Tooltip: + $ref: '#/components/schemas/TooltipOptions' + WindowOptions: + $ref: '#/components/schemas/GeospatialWindowOptions' + MapStyleOptions: + $ref: '#/components/schemas/GeospatialMapStyleOptions' + PointStyleOptions: + $ref: '#/components/schemas/GeospatialPointStyleOptions' + VisualPalette: + $ref: '#/components/schemas/VisualPalette' + additionalProperties: false + GeospatialMapFieldWells: + type: object + properties: + GeospatialMapAggregatedFieldWells: + $ref: '#/components/schemas/GeospatialMapAggregatedFieldWells' + additionalProperties: false + GeospatialMapStyleOptions: + type: object + properties: + BaseMapStyle: + $ref: '#/components/schemas/BaseMapStyleType' + additionalProperties: false + GeospatialMapVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/GeospatialMapConfiguration' + ColumnHierarchies: + type: array + items: + $ref: '#/components/schemas/ColumnHierarchy' + maxItems: 2 + minItems: 0 + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + required: + - VisualId + additionalProperties: false + GeospatialPointStyleOptions: + type: object + properties: + SelectedPointStyle: + $ref: '#/components/schemas/GeospatialSelectedPointStyle' + ClusterMarkerConfiguration: + $ref: '#/components/schemas/ClusterMarkerConfiguration' + HeatmapConfiguration: + $ref: '#/components/schemas/GeospatialHeatmapConfiguration' + additionalProperties: false + GeospatialSelectedPointStyle: + type: string + enum: + - POINT + - CLUSTER + - HEATMAP + GeospatialWindowOptions: + type: object + properties: + Bounds: + $ref: '#/components/schemas/GeospatialCoordinateBounds' + MapZoomMode: + $ref: '#/components/schemas/MapZoomMode' + additionalProperties: false + GlobalTableBorderOptions: + type: object + properties: + UniformBorder: + $ref: '#/components/schemas/TableBorderOptions' + SideSpecificBorder: + $ref: '#/components/schemas/TableSideBorderOptions' + additionalProperties: false + GradientColor: + type: object + properties: + Stops: + type: array + items: + $ref: '#/components/schemas/GradientStop' + maxItems: 100 + minItems: 0 + additionalProperties: false + GradientStop: + type: object + properties: + GradientOffset: + type: number + default: 0 + DataValue: + type: number + default: null + Color: + type: string + pattern: ^#[A-F0-9]{6}$ + required: + - GradientOffset + additionalProperties: false + GridLayoutCanvasSizeOptions: + type: object + properties: + ScreenCanvasSizeOptions: + $ref: '#/components/schemas/GridLayoutScreenCanvasSizeOptions' + additionalProperties: false + GridLayoutConfiguration: + type: object + properties: + Elements: + type: array + items: + $ref: '#/components/schemas/GridLayoutElement' + maxItems: 430 + minItems: 0 + CanvasSizeOptions: + $ref: '#/components/schemas/GridLayoutCanvasSizeOptions' + required: + - Elements + additionalProperties: false + GridLayoutElement: + type: object + properties: + ElementId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + ElementType: + $ref: '#/components/schemas/LayoutElementType' + ColumnIndex: + type: number + maximum: 35 + minimum: 0 + ColumnSpan: + type: number + maximum: 36 + minimum: 1 + RowIndex: + type: number + maximum: 9009 + minimum: 0 + RowSpan: + type: number + maximum: 21 + minimum: 1 + required: + - ColumnSpan + - ElementId + - ElementType + - RowSpan + additionalProperties: false + GridLayoutScreenCanvasSizeOptions: + type: object + properties: + ResizeOption: + $ref: '#/components/schemas/ResizeOption' + OptimizedViewPortWidth: + type: string + description: String based length that is composed of value and unit in px + required: + - ResizeOption + additionalProperties: false + GrowthRateComputation: + type: object + properties: + ComputationId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Name: + type: string + Time: + $ref: '#/components/schemas/DimensionField' + Value: + $ref: '#/components/schemas/MeasureField' + PeriodSize: + type: number + default: 0 + maximum: 52 + minimum: 2 + required: + - ComputationId + additionalProperties: false + HeaderFooterSectionConfiguration: + type: object + properties: + SectionId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Layout: + $ref: '#/components/schemas/SectionLayoutConfiguration' + Style: + $ref: '#/components/schemas/SectionStyle' + required: + - Layout + - SectionId + additionalProperties: false + HeatMapAggregatedFieldWells: + type: object + properties: + Rows: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 1 + minItems: 0 + Columns: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 1 + minItems: 0 + Values: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 1 + minItems: 0 + additionalProperties: false + HeatMapConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/HeatMapFieldWells' + SortConfiguration: + $ref: '#/components/schemas/HeatMapSortConfiguration' + RowLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + ColumnLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + ColorScale: + $ref: '#/components/schemas/ColorScale' + Legend: + $ref: '#/components/schemas/LegendOptions' + DataLabels: + $ref: '#/components/schemas/DataLabelOptions' + Tooltip: + $ref: '#/components/schemas/TooltipOptions' + additionalProperties: false + HeatMapFieldWells: + type: object + properties: + HeatMapAggregatedFieldWells: + $ref: '#/components/schemas/HeatMapAggregatedFieldWells' + additionalProperties: false + HeatMapSortConfiguration: + type: object + properties: + HeatMapRowSort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + HeatMapColumnSort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + HeatMapRowItemsLimitConfiguration: + $ref: '#/components/schemas/ItemsLimitConfiguration' + HeatMapColumnItemsLimitConfiguration: + $ref: '#/components/schemas/ItemsLimitConfiguration' + additionalProperties: false + HeatMapVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/HeatMapConfiguration' + ColumnHierarchies: + type: array + items: + $ref: '#/components/schemas/ColumnHierarchy' + maxItems: 2 + minItems: 0 + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + required: + - VisualId + additionalProperties: false + HistogramAggregatedFieldWells: + type: object + properties: + Values: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 1 + minItems: 0 + additionalProperties: false + HistogramBinOptions: + type: object + properties: + SelectedBinType: + $ref: '#/components/schemas/HistogramBinType' + BinCount: + $ref: '#/components/schemas/BinCountOptions' + BinWidth: + $ref: '#/components/schemas/BinWidthOptions' + StartValue: + type: number + default: null + additionalProperties: false + HistogramBinType: + type: string + enum: + - BIN_COUNT + - BIN_WIDTH + HistogramConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/HistogramFieldWells' + XAxisDisplayOptions: + $ref: '#/components/schemas/AxisDisplayOptions' + XAxisLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + YAxisDisplayOptions: + $ref: '#/components/schemas/AxisDisplayOptions' + BinOptions: + $ref: '#/components/schemas/HistogramBinOptions' + DataLabels: + $ref: '#/components/schemas/DataLabelOptions' + Tooltip: + $ref: '#/components/schemas/TooltipOptions' + VisualPalette: + $ref: '#/components/schemas/VisualPalette' + additionalProperties: false + HistogramFieldWells: + type: object + properties: + HistogramAggregatedFieldWells: + $ref: '#/components/schemas/HistogramAggregatedFieldWells' + additionalProperties: false + HistogramVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/HistogramConfiguration' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + required: + - VisualId + additionalProperties: false + HorizontalTextAlignment: + type: string + enum: + - LEFT + - CENTER + - RIGHT + - AUTO + Icon: + type: string + enum: + - CARET_UP + - CARET_DOWN + - PLUS + - MINUS + - ARROW_UP + - ARROW_DOWN + - ARROW_LEFT + - ARROW_UP_LEFT + - ARROW_DOWN_LEFT + - ARROW_RIGHT + - ARROW_UP_RIGHT + - ARROW_DOWN_RIGHT + - FACE_UP + - FACE_DOWN + - FACE_FLAT + - ONE_BAR + - TWO_BAR + - THREE_BAR + - CIRCLE + - TRIANGLE + - SQUARE + - FLAG + - THUMBS_UP + - THUMBS_DOWN + - CHECKMARK + - X + InsightConfiguration: + type: object + properties: + Computations: + type: array + items: + $ref: '#/components/schemas/Computation' + maxItems: 100 + minItems: 0 + CustomNarrative: + $ref: '#/components/schemas/CustomNarrativeOptions' + additionalProperties: false + InsightVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + InsightConfiguration: + $ref: '#/components/schemas/InsightConfiguration' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + DataSetIdentifier: + type: string + maxLength: 2048 + minLength: 1 + required: + - DataSetIdentifier + - VisualId + additionalProperties: false + IntegerDefaultValues: + type: object + properties: + DynamicValue: + $ref: '#/components/schemas/DynamicDefaultValue' + StaticValues: + type: array + items: + type: number + maxItems: 50000 + minItems: 0 + additionalProperties: false + IntegerParameter: + type: object + properties: + Name: + type: string + pattern: .*\S.* + Values: + type: array + items: + type: number + default: 0 + required: + - Name + - Values + additionalProperties: false + IntegerParameterDeclaration: + type: object + properties: + ParameterValueType: + $ref: '#/components/schemas/ParameterValueType' + Name: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + DefaultValues: + $ref: '#/components/schemas/IntegerDefaultValues' + ValueWhenUnset: + $ref: '#/components/schemas/IntegerValueWhenUnsetConfiguration' + MappedDataSetParameters: + type: array + items: + $ref: '#/components/schemas/MappedDataSetParameter' + maxItems: 150 + minItems: 0 + required: + - Name + - ParameterValueType + additionalProperties: false + IntegerValueWhenUnsetConfiguration: + type: object + properties: + ValueWhenUnsetOption: + $ref: '#/components/schemas/ValueWhenUnsetOption' + CustomValue: + type: number + default: null + additionalProperties: false + ItemsLimitConfiguration: + type: object + properties: + ItemsLimit: + type: number + default: null + OtherCategories: + $ref: '#/components/schemas/OtherCategories' + additionalProperties: false + KPIActualValueConditionalFormatting: + type: object + properties: + TextColor: + $ref: '#/components/schemas/ConditionalFormattingColor' + Icon: + $ref: '#/components/schemas/ConditionalFormattingIcon' + additionalProperties: false + KPIComparisonValueConditionalFormatting: + type: object + properties: + TextColor: + $ref: '#/components/schemas/ConditionalFormattingColor' + Icon: + $ref: '#/components/schemas/ConditionalFormattingIcon' + additionalProperties: false + KPIConditionalFormatting: + type: object + properties: + ConditionalFormattingOptions: + type: array + items: + $ref: '#/components/schemas/KPIConditionalFormattingOption' + maxItems: 100 + minItems: 0 + additionalProperties: false + KPIConditionalFormattingOption: + type: object + properties: + PrimaryValue: + $ref: '#/components/schemas/KPIPrimaryValueConditionalFormatting' + ProgressBar: + $ref: '#/components/schemas/KPIProgressBarConditionalFormatting' + ActualValue: + $ref: '#/components/schemas/KPIActualValueConditionalFormatting' + ComparisonValue: + $ref: '#/components/schemas/KPIComparisonValueConditionalFormatting' + additionalProperties: false + KPIConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/KPIFieldWells' + SortConfiguration: + $ref: '#/components/schemas/KPISortConfiguration' + KPIOptions: + $ref: '#/components/schemas/KPIOptions' + additionalProperties: false + KPIFieldWells: + type: object + properties: + Values: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + TargetValues: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + TrendGroups: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + additionalProperties: false + KPIOptions: + type: object + properties: + ProgressBar: + $ref: '#/components/schemas/ProgressBarOptions' + TrendArrows: + $ref: '#/components/schemas/TrendArrowOptions' + SecondaryValue: + $ref: '#/components/schemas/SecondaryValueOptions' + Comparison: + $ref: '#/components/schemas/ComparisonConfiguration' + PrimaryValueDisplayType: + $ref: '#/components/schemas/PrimaryValueDisplayType' + PrimaryValueFontConfiguration: + $ref: '#/components/schemas/FontConfiguration' + SecondaryValueFontConfiguration: + $ref: '#/components/schemas/FontConfiguration' + Sparkline: + $ref: '#/components/schemas/KPISparklineOptions' + VisualLayoutOptions: + $ref: '#/components/schemas/KPIVisualLayoutOptions' + additionalProperties: false + KPIPrimaryValueConditionalFormatting: + type: object + properties: + TextColor: + $ref: '#/components/schemas/ConditionalFormattingColor' + Icon: + $ref: '#/components/schemas/ConditionalFormattingIcon' + additionalProperties: false + KPIProgressBarConditionalFormatting: + type: object + properties: + ForegroundColor: + $ref: '#/components/schemas/ConditionalFormattingColor' + additionalProperties: false + KPISortConfiguration: + type: object + properties: + TrendGroupSort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + additionalProperties: false + KPISparklineOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + Type: + $ref: '#/components/schemas/KPISparklineType' + Color: + type: string + pattern: ^#[A-F0-9]{6}$ + TooltipVisibility: + $ref: '#/components/schemas/Visibility' + required: + - Type + additionalProperties: false + KPISparklineType: + type: string + enum: + - LINE + - AREA + KPIVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/KPIConfiguration' + ConditionalFormatting: + $ref: '#/components/schemas/KPIConditionalFormatting' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + ColumnHierarchies: + type: array + items: + $ref: '#/components/schemas/ColumnHierarchy' + maxItems: 2 + minItems: 0 + required: + - VisualId + additionalProperties: false + KPIVisualLayoutOptions: + type: object + properties: + StandardLayout: + $ref: '#/components/schemas/KPIVisualStandardLayout' + additionalProperties: false + KPIVisualStandardLayout: + type: object + properties: + Type: + $ref: '#/components/schemas/KPIVisualStandardLayoutType' + required: + - Type + additionalProperties: false + KPIVisualStandardLayoutType: + type: string + enum: + - CLASSIC + - VERTICAL + LabelOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + FontConfiguration: + $ref: '#/components/schemas/FontConfiguration' + CustomLabel: + type: string + additionalProperties: false + Layout: + type: object + properties: + Configuration: + $ref: '#/components/schemas/LayoutConfiguration' + required: + - Configuration + additionalProperties: false + LayoutConfiguration: + type: object + properties: + GridLayout: + $ref: '#/components/schemas/GridLayoutConfiguration' + FreeFormLayout: + $ref: '#/components/schemas/FreeFormLayoutConfiguration' + SectionBasedLayout: + $ref: '#/components/schemas/SectionBasedLayoutConfiguration' + additionalProperties: false + LayoutElementType: + type: string + enum: + - VISUAL + - FILTER_CONTROL + - PARAMETER_CONTROL + - TEXT_BOX + LegendOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + Title: + $ref: '#/components/schemas/LabelOptions' + Position: + $ref: '#/components/schemas/LegendPosition' + Width: + type: string + description: String based length that is composed of value and unit in px + Height: + type: string + description: String based length that is composed of value and unit in px + additionalProperties: false + LegendPosition: + type: string + enum: + - AUTO + - RIGHT + - BOTTOM + - TOP + LineChartAggregatedFieldWells: + type: object + properties: + Category: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + Values: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + Colors: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + SmallMultiples: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 1 + minItems: 0 + additionalProperties: false + LineChartConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/LineChartFieldWells' + SortConfiguration: + $ref: '#/components/schemas/LineChartSortConfiguration' + ForecastConfigurations: + type: array + items: + $ref: '#/components/schemas/ForecastConfiguration' + maxItems: 10 + minItems: 0 + Type: + $ref: '#/components/schemas/LineChartType' + SmallMultiplesOptions: + $ref: '#/components/schemas/SmallMultiplesOptions' + XAxisDisplayOptions: + $ref: '#/components/schemas/AxisDisplayOptions' + XAxisLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + PrimaryYAxisDisplayOptions: + $ref: '#/components/schemas/LineSeriesAxisDisplayOptions' + PrimaryYAxisLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + SecondaryYAxisDisplayOptions: + $ref: '#/components/schemas/LineSeriesAxisDisplayOptions' + SecondaryYAxisLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + DefaultSeriesSettings: + $ref: '#/components/schemas/LineChartDefaultSeriesSettings' + Series: + type: array + items: + $ref: '#/components/schemas/SeriesItem' + maxItems: 10 + minItems: 0 + Legend: + $ref: '#/components/schemas/LegendOptions' + DataLabels: + $ref: '#/components/schemas/DataLabelOptions' + ReferenceLines: + type: array + items: + $ref: '#/components/schemas/ReferenceLine' + maxItems: 20 + minItems: 0 + Tooltip: + $ref: '#/components/schemas/TooltipOptions' + ContributionAnalysisDefaults: + type: array + items: + $ref: '#/components/schemas/ContributionAnalysisDefault' + maxItems: 200 + minItems: 1 + VisualPalette: + $ref: '#/components/schemas/VisualPalette' + additionalProperties: false + LineChartDefaultSeriesSettings: + type: object + properties: + AxisBinding: + $ref: '#/components/schemas/AxisBinding' + LineStyleSettings: + $ref: '#/components/schemas/LineChartLineStyleSettings' + MarkerStyleSettings: + $ref: '#/components/schemas/LineChartMarkerStyleSettings' + additionalProperties: false + LineChartFieldWells: + type: object + properties: + LineChartAggregatedFieldWells: + $ref: '#/components/schemas/LineChartAggregatedFieldWells' + additionalProperties: false + LineChartLineStyle: + type: string + enum: + - SOLID + - DOTTED + - DASHED + LineChartLineStyleSettings: + type: object + properties: + LineVisibility: + $ref: '#/components/schemas/Visibility' + LineInterpolation: + $ref: '#/components/schemas/LineInterpolation' + LineStyle: + $ref: '#/components/schemas/LineChartLineStyle' + LineWidth: + type: string + description: String based length that is composed of value and unit in px + additionalProperties: false + LineChartMarkerShape: + type: string + enum: + - CIRCLE + - TRIANGLE + - SQUARE + - DIAMOND + - ROUNDED_SQUARE + LineChartMarkerStyleSettings: + type: object + properties: + MarkerVisibility: + $ref: '#/components/schemas/Visibility' + MarkerShape: + $ref: '#/components/schemas/LineChartMarkerShape' + MarkerSize: + type: string + description: String based length that is composed of value and unit in px + MarkerColor: + type: string + pattern: ^#[A-F0-9]{6}$ + additionalProperties: false + LineChartSeriesSettings: + type: object + properties: + LineStyleSettings: + $ref: '#/components/schemas/LineChartLineStyleSettings' + MarkerStyleSettings: + $ref: '#/components/schemas/LineChartMarkerStyleSettings' + additionalProperties: false + LineChartSortConfiguration: + type: object + properties: + CategorySort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + CategoryItemsLimitConfiguration: + $ref: '#/components/schemas/ItemsLimitConfiguration' + ColorItemsLimitConfiguration: + $ref: '#/components/schemas/ItemsLimitConfiguration' + SmallMultiplesSort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + SmallMultiplesLimitConfiguration: + $ref: '#/components/schemas/ItemsLimitConfiguration' + additionalProperties: false + LineChartType: + type: string + enum: + - LINE + - AREA + - STACKED_AREA + LineChartVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/LineChartConfiguration' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + ColumnHierarchies: + type: array + items: + $ref: '#/components/schemas/ColumnHierarchy' + maxItems: 2 + minItems: 0 + required: + - VisualId + additionalProperties: false + LineInterpolation: + type: string + enum: + - LINEAR + - SMOOTH + - STEPPED + LineSeriesAxisDisplayOptions: + type: object + properties: + AxisOptions: + $ref: '#/components/schemas/AxisDisplayOptions' + MissingDataConfigurations: + type: array + items: + $ref: '#/components/schemas/MissingDataConfiguration' + maxItems: 100 + minItems: 0 + additionalProperties: false + ListControlDisplayOptions: + type: object + properties: + SearchOptions: + $ref: '#/components/schemas/ListControlSearchOptions' + SelectAllOptions: + $ref: '#/components/schemas/ListControlSelectAllOptions' + TitleOptions: + $ref: '#/components/schemas/LabelOptions' + InfoIconLabelOptions: + $ref: '#/components/schemas/SheetControlInfoIconLabelOptions' + additionalProperties: false + ListControlSearchOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + ListControlSelectAllOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + LoadingAnimation: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + LocalNavigationConfiguration: + type: object + properties: + TargetSheetId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + required: + - TargetSheetId + additionalProperties: false + LongFormatText: + type: object + properties: + PlainText: + type: string + maxLength: 1024 + minLength: 1 + RichText: + type: string + maxLength: 2048 + minLength: 1 + additionalProperties: false + MapZoomMode: + type: string + enum: + - AUTO + - MANUAL + MappedDataSetParameter: + type: object + properties: + DataSetIdentifier: + type: string + maxLength: 2048 + minLength: 1 + DataSetParameterName: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + required: + - DataSetIdentifier + - DataSetParameterName + additionalProperties: false + MaximumLabelType: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + MaximumMinimumComputation: + type: object + properties: + ComputationId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Name: + type: string + Time: + $ref: '#/components/schemas/DimensionField' + Value: + $ref: '#/components/schemas/MeasureField' + Type: + $ref: '#/components/schemas/MaximumMinimumComputationType' + required: + - ComputationId + - Type + additionalProperties: false + MaximumMinimumComputationType: + type: string + enum: + - MAXIMUM + - MINIMUM + MeasureField: + type: object + properties: + NumericalMeasureField: + $ref: '#/components/schemas/NumericalMeasureField' + CategoricalMeasureField: + $ref: '#/components/schemas/CategoricalMeasureField' + DateMeasureField: + $ref: '#/components/schemas/DateMeasureField' + CalculatedMeasureField: + $ref: '#/components/schemas/CalculatedMeasureField' + additionalProperties: false + MetricComparisonComputation: + type: object + properties: + ComputationId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Name: + type: string + Time: + $ref: '#/components/schemas/DimensionField' + FromValue: + $ref: '#/components/schemas/MeasureField' + TargetValue: + $ref: '#/components/schemas/MeasureField' + required: + - ComputationId + additionalProperties: false + MinimumLabelType: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + MissingDataConfiguration: + type: object + properties: + TreatmentOption: + $ref: '#/components/schemas/MissingDataTreatmentOption' + additionalProperties: false + MissingDataTreatmentOption: + type: string + enum: + - INTERPOLATE + - SHOW_AS_ZERO + - SHOW_AS_BLANK + NegativeValueConfiguration: + type: object + properties: + DisplayMode: + $ref: '#/components/schemas/NegativeValueDisplayMode' + required: + - DisplayMode + additionalProperties: false + NegativeValueDisplayMode: + type: string + enum: + - POSITIVE + - NEGATIVE + NullValueFormatConfiguration: + type: object + properties: + NullString: + type: string + maxLength: 128 + minLength: 1 + required: + - NullString + additionalProperties: false + NumberDisplayFormatConfiguration: + type: object + properties: + Prefix: + type: string + maxLength: 128 + minLength: 1 + Suffix: + type: string + maxLength: 128 + minLength: 1 + SeparatorConfiguration: + $ref: '#/components/schemas/NumericSeparatorConfiguration' + DecimalPlacesConfiguration: + $ref: '#/components/schemas/DecimalPlacesConfiguration' + NumberScale: + $ref: '#/components/schemas/NumberScale' + NegativeValueConfiguration: + $ref: '#/components/schemas/NegativeValueConfiguration' + NullValueFormatConfiguration: + $ref: '#/components/schemas/NullValueFormatConfiguration' + additionalProperties: false + NumberFormatConfiguration: + type: object + properties: + FormatConfiguration: + $ref: '#/components/schemas/NumericFormatConfiguration' + additionalProperties: false + NumberScale: + type: string + enum: + - NONE + - AUTO + - THOUSANDS + - MILLIONS + - BILLIONS + - TRILLIONS + NumericAxisOptions: + type: object + properties: + Scale: + $ref: '#/components/schemas/AxisScale' + Range: + $ref: '#/components/schemas/AxisDisplayRange' + additionalProperties: false + NumericEqualityDrillDownFilter: + type: object + properties: + Column: + $ref: '#/components/schemas/ColumnIdentifier' + Value: + type: number + default: 0 + required: + - Column + - Value + additionalProperties: false + NumericEqualityFilter: + type: object + properties: + FilterId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Column: + $ref: '#/components/schemas/ColumnIdentifier' + Value: + type: number + default: null + SelectAllOptions: + $ref: '#/components/schemas/NumericFilterSelectAllOptions' + MatchOperator: + $ref: '#/components/schemas/NumericEqualityMatchOperator' + AggregationFunction: + $ref: '#/components/schemas/AggregationFunction' + ParameterName: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + NullOption: + $ref: '#/components/schemas/FilterNullOption' + required: + - Column + - FilterId + - MatchOperator + - NullOption + additionalProperties: false + NumericEqualityMatchOperator: + type: string + enum: + - EQUALS + - DOES_NOT_EQUAL + NumericFilterSelectAllOptions: + type: string + enum: + - FILTER_ALL_VALUES + NumericFormatConfiguration: + type: object + properties: + NumberDisplayFormatConfiguration: + $ref: '#/components/schemas/NumberDisplayFormatConfiguration' + CurrencyDisplayFormatConfiguration: + $ref: '#/components/schemas/CurrencyDisplayFormatConfiguration' + PercentageDisplayFormatConfiguration: + $ref: '#/components/schemas/PercentageDisplayFormatConfiguration' + additionalProperties: false + NumericRangeFilter: + type: object + properties: + FilterId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Column: + $ref: '#/components/schemas/ColumnIdentifier' + IncludeMinimum: + type: boolean + default: null + IncludeMaximum: + type: boolean + default: null + RangeMinimum: + $ref: '#/components/schemas/NumericRangeFilterValue' + RangeMaximum: + $ref: '#/components/schemas/NumericRangeFilterValue' + SelectAllOptions: + $ref: '#/components/schemas/NumericFilterSelectAllOptions' + AggregationFunction: + $ref: '#/components/schemas/AggregationFunction' + NullOption: + $ref: '#/components/schemas/FilterNullOption' + required: + - Column + - FilterId + - NullOption + additionalProperties: false + NumericRangeFilterValue: + type: object + properties: + StaticValue: + type: number + default: null + Parameter: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + additionalProperties: false + NumericSeparatorConfiguration: + type: object + properties: + DecimalSeparator: + $ref: '#/components/schemas/NumericSeparatorSymbol' + ThousandsSeparator: + $ref: '#/components/schemas/ThousandSeparatorOptions' + additionalProperties: false + NumericSeparatorSymbol: + type: string + enum: + - COMMA + - DOT + - SPACE + NumericalAggregationFunction: + type: object + properties: + SimpleNumericalAggregation: + $ref: '#/components/schemas/SimpleNumericalAggregationFunction' + PercentileAggregation: + $ref: '#/components/schemas/PercentileAggregation' + additionalProperties: false + NumericalDimensionField: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + Column: + $ref: '#/components/schemas/ColumnIdentifier' + HierarchyId: + type: string + maxLength: 512 + minLength: 1 + FormatConfiguration: + $ref: '#/components/schemas/NumberFormatConfiguration' + required: + - Column + - FieldId + additionalProperties: false + NumericalMeasureField: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + Column: + $ref: '#/components/schemas/ColumnIdentifier' + AggregationFunction: + $ref: '#/components/schemas/NumericalAggregationFunction' + FormatConfiguration: + $ref: '#/components/schemas/NumberFormatConfiguration' + required: + - Column + - FieldId + additionalProperties: false + OtherCategories: + type: string + enum: + - INCLUDE + - EXCLUDE + PaginationConfiguration: + type: object + properties: + PageSize: + type: number + default: null + PageNumber: + type: number + minimum: 0 + required: + - PageNumber + - PageSize + additionalProperties: false + PanelBorderStyle: + type: string + enum: + - SOLID + - DASHED + - DOTTED + PanelConfiguration: + type: object + properties: + Title: + $ref: '#/components/schemas/PanelTitleOptions' + BorderVisibility: + $ref: '#/components/schemas/Visibility' + BorderThickness: + type: string + description: String based length that is composed of value and unit in px + BorderStyle: + $ref: '#/components/schemas/PanelBorderStyle' + BorderColor: + type: string + pattern: ^#[A-F0-9]{6}(?:[A-F0-9]{2})?$ + GutterVisibility: + $ref: '#/components/schemas/Visibility' + GutterSpacing: + type: string + description: String based length that is composed of value and unit in px + BackgroundVisibility: + $ref: '#/components/schemas/Visibility' + BackgroundColor: + type: string + pattern: ^#[A-F0-9]{6}(?:[A-F0-9]{2})?$ + additionalProperties: false + PanelTitleOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + FontConfiguration: + $ref: '#/components/schemas/FontConfiguration' + HorizontalTextAlignment: + $ref: '#/components/schemas/HorizontalTextAlignment' + additionalProperties: false + PaperOrientation: + type: string + enum: + - PORTRAIT + - LANDSCAPE + PaperSize: + type: string + enum: + - US_LETTER + - US_LEGAL + - US_TABLOID_LEDGER + - A0 + - A1 + - A2 + - A3 + - A4 + - A5 + - JIS_B4 + - JIS_B5 + ParameterControl: + type: object + properties: + DateTimePicker: + $ref: '#/components/schemas/ParameterDateTimePickerControl' + List: + $ref: '#/components/schemas/ParameterListControl' + Dropdown: + $ref: '#/components/schemas/ParameterDropDownControl' + TextField: + $ref: '#/components/schemas/ParameterTextFieldControl' + TextArea: + $ref: '#/components/schemas/ParameterTextAreaControl' + Slider: + $ref: '#/components/schemas/ParameterSliderControl' + additionalProperties: false + ParameterDateTimePickerControl: + type: object + properties: + ParameterControlId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + type: string + maxLength: 2048 + minLength: 1 + SourceParameterName: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + DisplayOptions: + $ref: '#/components/schemas/DateTimePickerControlDisplayOptions' + required: + - ParameterControlId + - SourceParameterName + - Title + additionalProperties: false + ParameterDeclaration: + type: object + properties: + StringParameterDeclaration: + $ref: '#/components/schemas/StringParameterDeclaration' + DecimalParameterDeclaration: + $ref: '#/components/schemas/DecimalParameterDeclaration' + IntegerParameterDeclaration: + $ref: '#/components/schemas/IntegerParameterDeclaration' + DateTimeParameterDeclaration: + $ref: '#/components/schemas/DateTimeParameterDeclaration' + additionalProperties: false + ParameterDropDownControl: + type: object + properties: + ParameterControlId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + type: string + maxLength: 2048 + minLength: 1 + SourceParameterName: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + DisplayOptions: + $ref: '#/components/schemas/DropDownControlDisplayOptions' + Type: + $ref: '#/components/schemas/SheetControlListType' + SelectableValues: + $ref: '#/components/schemas/ParameterSelectableValues' + CascadingControlConfiguration: + $ref: '#/components/schemas/CascadingControlConfiguration' + required: + - ParameterControlId + - SourceParameterName + - Title + additionalProperties: false + ParameterListControl: + type: object + properties: + ParameterControlId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + type: string + maxLength: 2048 + minLength: 1 + SourceParameterName: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + DisplayOptions: + $ref: '#/components/schemas/ListControlDisplayOptions' + Type: + $ref: '#/components/schemas/SheetControlListType' + SelectableValues: + $ref: '#/components/schemas/ParameterSelectableValues' + CascadingControlConfiguration: + $ref: '#/components/schemas/CascadingControlConfiguration' + required: + - ParameterControlId + - SourceParameterName + - Title + additionalProperties: false + ParameterSelectableValues: + type: object + properties: + Values: + type: array + items: + type: string + maxItems: 50000 + minItems: 0 + LinkToDataSetColumn: + $ref: '#/components/schemas/ColumnIdentifier' + additionalProperties: false + ParameterSliderControl: + type: object + properties: + ParameterControlId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + type: string + maxLength: 2048 + minLength: 1 + SourceParameterName: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + DisplayOptions: + $ref: '#/components/schemas/SliderControlDisplayOptions' + MaximumValue: + type: number + default: 0 + MinimumValue: + type: number + default: 0 + StepSize: + type: number + default: 0 + required: + - MaximumValue + - MinimumValue + - ParameterControlId + - SourceParameterName + - StepSize + - Title + additionalProperties: false + ParameterTextAreaControl: + type: object + properties: + ParameterControlId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + type: string + maxLength: 2048 + minLength: 1 + SourceParameterName: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + Delimiter: + type: string + maxLength: 2048 + minLength: 1 + DisplayOptions: + $ref: '#/components/schemas/TextAreaControlDisplayOptions' + required: + - ParameterControlId + - SourceParameterName + - Title + additionalProperties: false + ParameterTextFieldControl: + type: object + properties: + ParameterControlId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + type: string + maxLength: 2048 + minLength: 1 + SourceParameterName: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + DisplayOptions: + $ref: '#/components/schemas/TextFieldControlDisplayOptions' + required: + - ParameterControlId + - SourceParameterName + - Title + additionalProperties: false + ParameterValueType: + type: string + enum: + - MULTI_VALUED + - SINGLE_VALUED + Parameters: + type: object + properties: + StringParameters: + type: array + items: + $ref: '#/components/schemas/StringParameter' + maxItems: 100 + minItems: 0 + IntegerParameters: + type: array + items: + $ref: '#/components/schemas/IntegerParameter' + maxItems: 100 + minItems: 0 + DecimalParameters: + type: array + items: + $ref: '#/components/schemas/DecimalParameter' + maxItems: 100 + minItems: 0 + DateTimeParameters: + type: array + items: + $ref: '#/components/schemas/DateTimeParameter' + maxItems: 100 + minItems: 0 + additionalProperties: false + PercentVisibleRange: + type: object + properties: + From: + type: number + default: null + maximum: 100 + minimum: 0 + To: + type: number + default: null + maximum: 100 + minimum: 0 + additionalProperties: false + PercentageDisplayFormatConfiguration: + type: object + properties: + Prefix: + type: string + maxLength: 128 + minLength: 1 + Suffix: + type: string + maxLength: 128 + minLength: 1 + SeparatorConfiguration: + $ref: '#/components/schemas/NumericSeparatorConfiguration' + DecimalPlacesConfiguration: + $ref: '#/components/schemas/DecimalPlacesConfiguration' + NegativeValueConfiguration: + $ref: '#/components/schemas/NegativeValueConfiguration' + NullValueFormatConfiguration: + $ref: '#/components/schemas/NullValueFormatConfiguration' + additionalProperties: false + PercentileAggregation: + type: object + properties: + PercentileValue: + type: number + maximum: 100 + minimum: 0 + additionalProperties: false + PeriodOverPeriodComputation: + type: object + properties: + ComputationId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Name: + type: string + Time: + $ref: '#/components/schemas/DimensionField' + Value: + $ref: '#/components/schemas/MeasureField' + required: + - ComputationId + additionalProperties: false + PeriodToDateComputation: + type: object + properties: + ComputationId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Name: + type: string + Time: + $ref: '#/components/schemas/DimensionField' + Value: + $ref: '#/components/schemas/MeasureField' + PeriodTimeGranularity: + $ref: '#/components/schemas/TimeGranularity' + required: + - ComputationId + additionalProperties: false + PieChartAggregatedFieldWells: + type: object + properties: + Category: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + Values: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + SmallMultiples: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 1 + minItems: 0 + additionalProperties: false + PieChartConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/PieChartFieldWells' + SortConfiguration: + $ref: '#/components/schemas/PieChartSortConfiguration' + DonutOptions: + $ref: '#/components/schemas/DonutOptions' + SmallMultiplesOptions: + $ref: '#/components/schemas/SmallMultiplesOptions' + CategoryLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + ValueLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + Legend: + $ref: '#/components/schemas/LegendOptions' + DataLabels: + $ref: '#/components/schemas/DataLabelOptions' + Tooltip: + $ref: '#/components/schemas/TooltipOptions' + VisualPalette: + $ref: '#/components/schemas/VisualPalette' + ContributionAnalysisDefaults: + type: array + items: + $ref: '#/components/schemas/ContributionAnalysisDefault' + maxItems: 200 + minItems: 1 + additionalProperties: false + PieChartFieldWells: + type: object + properties: + PieChartAggregatedFieldWells: + $ref: '#/components/schemas/PieChartAggregatedFieldWells' + additionalProperties: false + PieChartSortConfiguration: + type: object + properties: + CategorySort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + CategoryItemsLimit: + $ref: '#/components/schemas/ItemsLimitConfiguration' + SmallMultiplesSort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + SmallMultiplesLimitConfiguration: + $ref: '#/components/schemas/ItemsLimitConfiguration' + additionalProperties: false + PieChartVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/PieChartConfiguration' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + ColumnHierarchies: + type: array + items: + $ref: '#/components/schemas/ColumnHierarchy' + maxItems: 2 + minItems: 0 + required: + - VisualId + additionalProperties: false + PivotFieldSortOptions: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + SortBy: + $ref: '#/components/schemas/PivotTableSortBy' + required: + - FieldId + - SortBy + additionalProperties: false + PivotTableAggregatedFieldWells: + type: object + properties: + Rows: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 40 + minItems: 0 + Columns: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 40 + minItems: 0 + Values: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 40 + minItems: 0 + additionalProperties: false + PivotTableCellConditionalFormatting: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + TextFormat: + $ref: '#/components/schemas/TextConditionalFormat' + Scope: + $ref: '#/components/schemas/PivotTableConditionalFormattingScope' + Scopes: + type: array + items: + $ref: '#/components/schemas/PivotTableConditionalFormattingScope' + maxItems: 3 + minItems: 0 + required: + - FieldId + additionalProperties: false + PivotTableConditionalFormatting: + type: object + properties: + ConditionalFormattingOptions: + type: array + items: + $ref: '#/components/schemas/PivotTableConditionalFormattingOption' + maxItems: 100 + minItems: 0 + additionalProperties: false + PivotTableConditionalFormattingOption: + type: object + properties: + Cell: + $ref: '#/components/schemas/PivotTableCellConditionalFormatting' + additionalProperties: false + PivotTableConditionalFormattingScope: + type: object + properties: + Role: + $ref: '#/components/schemas/PivotTableConditionalFormattingScopeRole' + additionalProperties: false + PivotTableConditionalFormattingScopeRole: + type: string + enum: + - FIELD + - FIELD_TOTAL + - GRAND_TOTAL + PivotTableConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/PivotTableFieldWells' + SortConfiguration: + $ref: '#/components/schemas/PivotTableSortConfiguration' + TableOptions: + $ref: '#/components/schemas/PivotTableOptions' + TotalOptions: + $ref: '#/components/schemas/PivotTableTotalOptions' + FieldOptions: + $ref: '#/components/schemas/PivotTableFieldOptions' + PaginatedReportOptions: + $ref: '#/components/schemas/PivotTablePaginatedReportOptions' + additionalProperties: false + PivotTableDataPathOption: + type: object + properties: + DataPathList: + type: array + items: + $ref: '#/components/schemas/DataPathValue' + maxItems: 20 + minItems: 0 + Width: + type: string + description: String based length that is composed of value and unit in px + required: + - DataPathList + additionalProperties: false + PivotTableDataPathType: + type: string + enum: + - HIERARCHY_ROWS_LAYOUT_COLUMN + - MULTIPLE_ROW_METRICS_COLUMN + - EMPTY_COLUMN_HEADER + - COUNT_METRIC_COLUMN + PivotTableFieldCollapseState: + type: string + enum: + - COLLAPSED + - EXPANDED + PivotTableFieldCollapseStateOption: + type: object + properties: + Target: + $ref: '#/components/schemas/PivotTableFieldCollapseStateTarget' + State: + $ref: '#/components/schemas/PivotTableFieldCollapseState' + required: + - Target + additionalProperties: false + PivotTableFieldCollapseStateTarget: + type: object + properties: + FieldId: + type: string + FieldDataPathValues: + type: array + items: + $ref: '#/components/schemas/DataPathValue' + maxItems: 20 + minItems: 0 + additionalProperties: false + PivotTableFieldOption: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + CustomLabel: + type: string + maxLength: 2048 + minLength: 1 + Visibility: + $ref: '#/components/schemas/Visibility' + required: + - FieldId + additionalProperties: false + PivotTableFieldOptions: + type: object + properties: + SelectedFieldOptions: + type: array + items: + $ref: '#/components/schemas/PivotTableFieldOption' + maxItems: 100 + minItems: 0 + DataPathOptions: + type: array + items: + $ref: '#/components/schemas/PivotTableDataPathOption' + maxItems: 100 + minItems: 0 + CollapseStateOptions: + type: array + items: + $ref: '#/components/schemas/PivotTableFieldCollapseStateOption' + additionalProperties: false + PivotTableFieldSubtotalOptions: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + additionalProperties: false + PivotTableFieldWells: + type: object + properties: + PivotTableAggregatedFieldWells: + $ref: '#/components/schemas/PivotTableAggregatedFieldWells' + additionalProperties: false + PivotTableMetricPlacement: + type: string + enum: + - ROW + - COLUMN + PivotTableOptions: + type: object + properties: + MetricPlacement: + $ref: '#/components/schemas/PivotTableMetricPlacement' + SingleMetricVisibility: + $ref: '#/components/schemas/Visibility' + ColumnNamesVisibility: + $ref: '#/components/schemas/Visibility' + ToggleButtonsVisibility: + $ref: '#/components/schemas/Visibility' + ColumnHeaderStyle: + $ref: '#/components/schemas/TableCellStyle' + RowHeaderStyle: + $ref: '#/components/schemas/TableCellStyle' + CellStyle: + $ref: '#/components/schemas/TableCellStyle' + RowFieldNamesStyle: + $ref: '#/components/schemas/TableCellStyle' + RowAlternateColorOptions: + $ref: '#/components/schemas/RowAlternateColorOptions' + CollapsedRowDimensionsVisibility: + $ref: '#/components/schemas/Visibility' + RowsLayout: + $ref: '#/components/schemas/PivotTableRowsLayout' + RowsLabelOptions: + $ref: '#/components/schemas/PivotTableRowsLabelOptions' + DefaultCellWidth: + type: string + description: String based length that is composed of value and unit in px + additionalProperties: false + PivotTablePaginatedReportOptions: + type: object + properties: + VerticalOverflowVisibility: + $ref: '#/components/schemas/Visibility' + OverflowColumnHeaderVisibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + PivotTableRowsLabelOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + CustomLabel: + type: string + maxLength: 1024 + minLength: 1 + additionalProperties: false + PivotTableRowsLayout: + type: string + enum: + - TABULAR + - HIERARCHY + PivotTableSortBy: + type: object + properties: + Field: + $ref: '#/components/schemas/FieldSort' + Column: + $ref: '#/components/schemas/ColumnSort' + DataPath: + $ref: '#/components/schemas/DataPathSort' + additionalProperties: false + PivotTableSortConfiguration: + type: object + properties: + FieldSortOptions: + type: array + items: + $ref: '#/components/schemas/PivotFieldSortOptions' + maxItems: 200 + minItems: 0 + additionalProperties: false + PivotTableSubtotalLevel: + type: string + enum: + - ALL + - CUSTOM + - LAST + PivotTableTotalOptions: + type: object + properties: + RowSubtotalOptions: + $ref: '#/components/schemas/SubtotalOptions' + ColumnSubtotalOptions: + $ref: '#/components/schemas/SubtotalOptions' + RowTotalOptions: + $ref: '#/components/schemas/PivotTotalOptions' + ColumnTotalOptions: + $ref: '#/components/schemas/PivotTotalOptions' + additionalProperties: false + PivotTableVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/PivotTableConfiguration' + ConditionalFormatting: + $ref: '#/components/schemas/PivotTableConditionalFormatting' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + required: + - VisualId + additionalProperties: false + PivotTotalOptions: + type: object + properties: + TotalsVisibility: + $ref: '#/components/schemas/Visibility' + TotalAggregationOptions: + type: array + items: + $ref: '#/components/schemas/TotalAggregationOption' + maxItems: 200 + minItems: 0 + Placement: + $ref: '#/components/schemas/TableTotalsPlacement' + ScrollStatus: + $ref: '#/components/schemas/TableTotalsScrollStatus' + CustomLabel: + type: string + TotalCellStyle: + $ref: '#/components/schemas/TableCellStyle' + ValueCellStyle: + $ref: '#/components/schemas/TableCellStyle' + MetricHeaderCellStyle: + $ref: '#/components/schemas/TableCellStyle' + additionalProperties: false + PredefinedHierarchy: + type: object + properties: + HierarchyId: + type: string + maxLength: 512 + minLength: 1 + Columns: + type: array + items: + $ref: '#/components/schemas/ColumnIdentifier' + maxItems: 10 + minItems: 1 + DrillDownFilters: + type: array + items: + $ref: '#/components/schemas/DrillDownFilter' + maxItems: 10 + minItems: 0 + required: + - Columns + - HierarchyId + additionalProperties: false + PrimaryValueDisplayType: + type: string + enum: + - HIDDEN + - COMPARISON + - ACTUAL + ProgressBarOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + RadarChartAggregatedFieldWells: + type: object + properties: + Category: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 1 + minItems: 0 + Color: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 1 + minItems: 0 + Values: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 20 + minItems: 0 + additionalProperties: false + RadarChartAreaStyleSettings: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + RadarChartAxesRangeScale: + type: string + enum: + - AUTO + - INDEPENDENT + - SHARED + RadarChartConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/RadarChartFieldWells' + SortConfiguration: + $ref: '#/components/schemas/RadarChartSortConfiguration' + Shape: + $ref: '#/components/schemas/RadarChartShape' + BaseSeriesSettings: + $ref: '#/components/schemas/RadarChartSeriesSettings' + StartAngle: + type: number + maximum: 360 + minimum: -360 + VisualPalette: + $ref: '#/components/schemas/VisualPalette' + AlternateBandColorsVisibility: + $ref: '#/components/schemas/Visibility' + AlternateBandEvenColor: + type: string + pattern: ^#[A-F0-9]{6}$ + AlternateBandOddColor: + type: string + pattern: ^#[A-F0-9]{6}$ + CategoryAxis: + $ref: '#/components/schemas/AxisDisplayOptions' + CategoryLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + ColorAxis: + $ref: '#/components/schemas/AxisDisplayOptions' + ColorLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + Legend: + $ref: '#/components/schemas/LegendOptions' + AxesRangeScale: + $ref: '#/components/schemas/RadarChartAxesRangeScale' + additionalProperties: false + RadarChartFieldWells: + type: object + properties: + RadarChartAggregatedFieldWells: + $ref: '#/components/schemas/RadarChartAggregatedFieldWells' + additionalProperties: false + RadarChartSeriesSettings: + type: object + properties: + AreaStyleSettings: + $ref: '#/components/schemas/RadarChartAreaStyleSettings' + additionalProperties: false + RadarChartShape: + type: string + enum: + - CIRCLE + - POLYGON + RadarChartSortConfiguration: + type: object + properties: + CategorySort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + CategoryItemsLimit: + $ref: '#/components/schemas/ItemsLimitConfiguration' + ColorSort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + ColorItemsLimit: + $ref: '#/components/schemas/ItemsLimitConfiguration' + additionalProperties: false + RadarChartVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/RadarChartConfiguration' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + ColumnHierarchies: + type: array + items: + $ref: '#/components/schemas/ColumnHierarchy' + maxItems: 2 + minItems: 0 + required: + - VisualId + additionalProperties: false + RangeEndsLabelType: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + ReferenceLine: + type: object + properties: + Status: + $ref: '#/components/schemas/WidgetStatus' + DataConfiguration: + $ref: '#/components/schemas/ReferenceLineDataConfiguration' + StyleConfiguration: + $ref: '#/components/schemas/ReferenceLineStyleConfiguration' + LabelConfiguration: + $ref: '#/components/schemas/ReferenceLineLabelConfiguration' + required: + - DataConfiguration + additionalProperties: false + ReferenceLineCustomLabelConfiguration: + type: object + properties: + CustomLabel: + type: string + pattern: .*\S.* + required: + - CustomLabel + additionalProperties: false + ReferenceLineDataConfiguration: + type: object + properties: + StaticConfiguration: + $ref: '#/components/schemas/ReferenceLineStaticDataConfiguration' + DynamicConfiguration: + $ref: '#/components/schemas/ReferenceLineDynamicDataConfiguration' + AxisBinding: + $ref: '#/components/schemas/AxisBinding' + SeriesType: + $ref: '#/components/schemas/ReferenceLineSeriesType' + additionalProperties: false + ReferenceLineDynamicDataConfiguration: + type: object + properties: + Column: + $ref: '#/components/schemas/ColumnIdentifier' + MeasureAggregationFunction: + $ref: '#/components/schemas/AggregationFunction' + Calculation: + $ref: '#/components/schemas/NumericalAggregationFunction' + required: + - Calculation + - Column + additionalProperties: false + ReferenceLineLabelConfiguration: + type: object + properties: + ValueLabelConfiguration: + $ref: '#/components/schemas/ReferenceLineValueLabelConfiguration' + CustomLabelConfiguration: + $ref: '#/components/schemas/ReferenceLineCustomLabelConfiguration' + FontConfiguration: + $ref: '#/components/schemas/FontConfiguration' + FontColor: + type: string + pattern: ^#[A-F0-9]{6}$ + HorizontalPosition: + $ref: '#/components/schemas/ReferenceLineLabelHorizontalPosition' + VerticalPosition: + $ref: '#/components/schemas/ReferenceLineLabelVerticalPosition' + additionalProperties: false + ReferenceLineLabelHorizontalPosition: + type: string + enum: + - LEFT + - CENTER + - RIGHT + ReferenceLineLabelVerticalPosition: + type: string + enum: + - ABOVE + - BELOW + ReferenceLinePatternType: + type: string + enum: + - SOLID + - DASHED + - DOTTED + ReferenceLineSeriesType: + type: string + enum: + - BAR + - LINE + ReferenceLineStaticDataConfiguration: + type: object + properties: + Value: + type: number + default: 0 + required: + - Value + additionalProperties: false + ReferenceLineStyleConfiguration: + type: object + properties: + Pattern: + $ref: '#/components/schemas/ReferenceLinePatternType' + Color: + type: string + pattern: ^#[A-F0-9]{6}$ + additionalProperties: false + ReferenceLineValueLabelConfiguration: + type: object + properties: + RelativePosition: + $ref: '#/components/schemas/ReferenceLineValueLabelRelativePosition' + FormatConfiguration: + $ref: '#/components/schemas/NumericFormatConfiguration' + additionalProperties: false + ReferenceLineValueLabelRelativePosition: + type: string + enum: + - BEFORE_CUSTOM_LABEL + - AFTER_CUSTOM_LABEL + RelativeDateTimeControlDisplayOptions: + type: object + properties: + TitleOptions: + $ref: '#/components/schemas/LabelOptions' + DateTimeFormat: + type: string + maxLength: 128 + minLength: 1 + InfoIconLabelOptions: + $ref: '#/components/schemas/SheetControlInfoIconLabelOptions' + additionalProperties: false + RelativeDateType: + type: string + enum: + - PREVIOUS + - THIS + - LAST + - NOW + - NEXT + RelativeDatesFilter: + type: object + properties: + FilterId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Column: + $ref: '#/components/schemas/ColumnIdentifier' + AnchorDateConfiguration: + $ref: '#/components/schemas/AnchorDateConfiguration' + MinimumGranularity: + $ref: '#/components/schemas/TimeGranularity' + TimeGranularity: + $ref: '#/components/schemas/TimeGranularity' + RelativeDateType: + $ref: '#/components/schemas/RelativeDateType' + RelativeDateValue: + type: number + default: null + ParameterName: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + NullOption: + $ref: '#/components/schemas/FilterNullOption' + ExcludePeriodConfiguration: + $ref: '#/components/schemas/ExcludePeriodConfiguration' + required: + - AnchorDateConfiguration + - Column + - FilterId + - NullOption + - RelativeDateType + - TimeGranularity + additionalProperties: false + RelativeFontSize: + type: string + enum: + - EXTRA_SMALL + - SMALL + - MEDIUM + - LARGE + - EXTRA_LARGE + ResizeOption: + type: string + enum: + - FIXED + - RESPONSIVE + ResourcePermission: + type: object + properties: + Principal: + type: string + maxLength: 256 + minLength: 1 + Actions: + type: array + items: + type: string + maxItems: 20 + minItems: 1 + required: + - Actions + - Principal + additionalProperties: false + ResourceStatus: + type: string + enum: + - CREATION_IN_PROGRESS + - CREATION_SUCCESSFUL + - CREATION_FAILED + - UPDATE_IN_PROGRESS + - UPDATE_SUCCESSFUL + - UPDATE_FAILED + - DELETED + RollingDateConfiguration: + type: object + properties: + DataSetIdentifier: + type: string + maxLength: 2048 + minLength: 1 + Expression: + type: string + maxLength: 4096 + minLength: 1 + required: + - Expression + additionalProperties: false + RowAlternateColorOptions: + type: object + properties: + Status: + $ref: '#/components/schemas/WidgetStatus' + RowAlternateColors: + type: array + items: + type: string + pattern: ^#[A-F0-9]{6}$ + maxItems: 1 + minItems: 0 + UsePrimaryBackgroundColor: + $ref: '#/components/schemas/WidgetStatus' + additionalProperties: false + SameSheetTargetVisualConfiguration: + type: object + properties: + TargetVisuals: + type: array + items: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + maxItems: 50 + minItems: 1 + TargetVisualOptions: + $ref: '#/components/schemas/TargetVisualOptions' + additionalProperties: false + SankeyDiagramAggregatedFieldWells: + type: object + properties: + Source: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + Destination: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + Weight: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + additionalProperties: false + SankeyDiagramChartConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/SankeyDiagramFieldWells' + SortConfiguration: + $ref: '#/components/schemas/SankeyDiagramSortConfiguration' + DataLabels: + $ref: '#/components/schemas/DataLabelOptions' + additionalProperties: false + SankeyDiagramFieldWells: + type: object + properties: + SankeyDiagramAggregatedFieldWells: + $ref: '#/components/schemas/SankeyDiagramAggregatedFieldWells' + additionalProperties: false + SankeyDiagramSortConfiguration: + type: object + properties: + WeightSort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + SourceItemsLimit: + $ref: '#/components/schemas/ItemsLimitConfiguration' + DestinationItemsLimit: + $ref: '#/components/schemas/ItemsLimitConfiguration' + additionalProperties: false + SankeyDiagramVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/SankeyDiagramChartConfiguration' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + required: + - VisualId + additionalProperties: false + ScatterPlotCategoricallyAggregatedFieldWells: + type: object + properties: + XAxis: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + YAxis: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + Category: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + Size: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + Label: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + additionalProperties: false + ScatterPlotConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/ScatterPlotFieldWells' + XAxisLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + XAxisDisplayOptions: + $ref: '#/components/schemas/AxisDisplayOptions' + YAxisLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + YAxisDisplayOptions: + $ref: '#/components/schemas/AxisDisplayOptions' + Legend: + $ref: '#/components/schemas/LegendOptions' + DataLabels: + $ref: '#/components/schemas/DataLabelOptions' + Tooltip: + $ref: '#/components/schemas/TooltipOptions' + VisualPalette: + $ref: '#/components/schemas/VisualPalette' + additionalProperties: false + ScatterPlotFieldWells: + type: object + properties: + ScatterPlotCategoricallyAggregatedFieldWells: + $ref: '#/components/schemas/ScatterPlotCategoricallyAggregatedFieldWells' + ScatterPlotUnaggregatedFieldWells: + $ref: '#/components/schemas/ScatterPlotUnaggregatedFieldWells' + additionalProperties: false + ScatterPlotUnaggregatedFieldWells: + type: object + properties: + XAxis: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + YAxis: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + Size: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + Category: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + Label: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + additionalProperties: false + ScatterPlotVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/ScatterPlotConfiguration' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + ColumnHierarchies: + type: array + items: + $ref: '#/components/schemas/ColumnHierarchy' + maxItems: 2 + minItems: 0 + required: + - VisualId + additionalProperties: false + ScrollBarOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + VisibleRange: + $ref: '#/components/schemas/VisibleRangeOptions' + additionalProperties: false + SecondaryValueOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + SectionAfterPageBreak: + type: object + properties: + Status: + $ref: '#/components/schemas/SectionPageBreakStatus' + additionalProperties: false + SectionBasedLayoutCanvasSizeOptions: + type: object + properties: + PaperCanvasSizeOptions: + $ref: '#/components/schemas/SectionBasedLayoutPaperCanvasSizeOptions' + additionalProperties: false + SectionBasedLayoutConfiguration: + type: object + properties: + HeaderSections: + type: array + items: + $ref: '#/components/schemas/HeaderFooterSectionConfiguration' + maxItems: 1 + minItems: 0 + BodySections: + type: array + items: + $ref: '#/components/schemas/BodySectionConfiguration' + maxItems: 28 + minItems: 0 + FooterSections: + type: array + items: + $ref: '#/components/schemas/HeaderFooterSectionConfiguration' + maxItems: 1 + minItems: 0 + CanvasSizeOptions: + $ref: '#/components/schemas/SectionBasedLayoutCanvasSizeOptions' + required: + - BodySections + - CanvasSizeOptions + - FooterSections + - HeaderSections + additionalProperties: false + SectionBasedLayoutPaperCanvasSizeOptions: + type: object + properties: + PaperSize: + $ref: '#/components/schemas/PaperSize' + PaperOrientation: + $ref: '#/components/schemas/PaperOrientation' + PaperMargin: + $ref: '#/components/schemas/Spacing' + additionalProperties: false + SectionLayoutConfiguration: + type: object + properties: + FreeFormLayout: + $ref: '#/components/schemas/FreeFormSectionLayoutConfiguration' + required: + - FreeFormLayout + additionalProperties: false + SectionPageBreakConfiguration: + type: object + properties: + After: + $ref: '#/components/schemas/SectionAfterPageBreak' + additionalProperties: false + SectionPageBreakStatus: + type: string + enum: + - ENABLED + - DISABLED + SectionStyle: + type: object + properties: + Height: + type: string + description: String based length that is composed of value and unit in px + Padding: + $ref: '#/components/schemas/Spacing' + additionalProperties: false + SelectAllValueOptions: + type: string + enum: + - ALL_VALUES + SelectedFieldOptions: + type: string + enum: + - ALL_FIELDS + SelectedSheetsFilterScopeConfiguration: + type: object + properties: + SheetVisualScopingConfigurations: + type: array + items: + $ref: '#/components/schemas/SheetVisualScopingConfiguration' + maxItems: 50 + minItems: 1 + additionalProperties: false + SelectedTooltipType: + type: string + enum: + - BASIC + - DETAILED + SeriesItem: + type: object + properties: + FieldSeriesItem: + $ref: '#/components/schemas/FieldSeriesItem' + DataFieldSeriesItem: + $ref: '#/components/schemas/DataFieldSeriesItem' + additionalProperties: false + SetParameterValueConfiguration: + type: object + properties: + DestinationParameterName: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + Value: + $ref: '#/components/schemas/DestinationParameterValueConfiguration' + required: + - DestinationParameterName + - Value + additionalProperties: false + ShapeConditionalFormat: + type: object + properties: + BackgroundColor: + $ref: '#/components/schemas/ConditionalFormattingColor' + required: + - BackgroundColor + additionalProperties: false + Sheet: + type: object + properties: + SheetId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Name: + type: string + maxLength: 2048 + minLength: 1 + additionalProperties: false + SheetContentType: + type: string + enum: + - PAGINATED + - INTERACTIVE + SheetControlDateTimePickerType: + type: string + enum: + - SINGLE_VALUED + - DATE_RANGE + SheetControlInfoIconLabelOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + InfoIconText: + type: string + maxLength: 100 + minLength: 1 + additionalProperties: false + SheetControlLayout: + type: object + properties: + Configuration: + $ref: '#/components/schemas/SheetControlLayoutConfiguration' + required: + - Configuration + additionalProperties: false + SheetControlLayoutConfiguration: + type: object + properties: + GridLayout: + $ref: '#/components/schemas/GridLayoutConfiguration' + additionalProperties: false + SheetControlListType: + type: string + enum: + - MULTI_SELECT + - SINGLE_SELECT + SheetControlSliderType: + type: string + enum: + - SINGLE_POINT + - RANGE + SheetDefinition: + type: object + properties: + SheetId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + type: string + maxLength: 1024 + minLength: 1 + Description: + type: string + maxLength: 1024 + minLength: 1 + Name: + type: string + maxLength: 2048 + minLength: 1 + ParameterControls: + type: array + items: + $ref: '#/components/schemas/ParameterControl' + maxItems: 200 + minItems: 0 + FilterControls: + type: array + items: + $ref: '#/components/schemas/FilterControl' + maxItems: 200 + minItems: 0 + Visuals: + type: array + items: + $ref: '#/components/schemas/Visual' + maxItems: 50 + minItems: 0 + TextBoxes: + type: array + items: + $ref: '#/components/schemas/SheetTextBox' + maxItems: 100 + minItems: 0 + Layouts: + type: array + items: + $ref: '#/components/schemas/Layout' + maxItems: 1 + minItems: 1 + SheetControlLayouts: + type: array + items: + $ref: '#/components/schemas/SheetControlLayout' + maxItems: 1 + minItems: 0 + ContentType: + $ref: '#/components/schemas/SheetContentType' + required: + - SheetId + additionalProperties: false + SheetElementConfigurationOverrides: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + SheetElementRenderingRule: + type: object + properties: + Expression: + type: string + maxLength: 4096 + minLength: 1 + ConfigurationOverrides: + $ref: '#/components/schemas/SheetElementConfigurationOverrides' + required: + - ConfigurationOverrides + - Expression + additionalProperties: false + SheetTextBox: + type: object + properties: + SheetTextBoxId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Content: + type: string + maxLength: 150000 + minLength: 0 + required: + - SheetTextBoxId + additionalProperties: false + SheetVisualScopingConfiguration: + type: object + properties: + SheetId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Scope: + $ref: '#/components/schemas/FilterVisualScope' + VisualIds: + type: array + items: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + maxItems: 50 + minItems: 0 + required: + - Scope + - SheetId + additionalProperties: false + ShortFormatText: + type: object + properties: + PlainText: + type: string + maxLength: 512 + minLength: 1 + RichText: + type: string + maxLength: 1024 + minLength: 1 + additionalProperties: false + SimpleAttributeAggregationFunction: + type: string + enum: + - UNIQUE_VALUE + SimpleClusterMarker: + type: object + properties: + Color: + type: string + pattern: ^#[A-F0-9]{6}$ + additionalProperties: false + SimpleNumericalAggregationFunction: + type: string + enum: + - SUM + - AVERAGE + - MIN + - MAX + - COUNT + - DISTINCT_COUNT + - VAR + - VARP + - STDEV + - STDEVP + - MEDIAN + SimpleTotalAggregationFunction: + type: string + enum: + - DEFAULT + - SUM + - AVERAGE + - MIN + - MAX + - NONE + SliderControlDisplayOptions: + type: object + properties: + TitleOptions: + $ref: '#/components/schemas/LabelOptions' + InfoIconLabelOptions: + $ref: '#/components/schemas/SheetControlInfoIconLabelOptions' + additionalProperties: false + SmallMultiplesAxisPlacement: + type: string + enum: + - OUTSIDE + - INSIDE + SmallMultiplesAxisProperties: + type: object + properties: + Scale: + $ref: '#/components/schemas/SmallMultiplesAxisScale' + Placement: + $ref: '#/components/schemas/SmallMultiplesAxisPlacement' + additionalProperties: false + SmallMultiplesAxisScale: + type: string + enum: + - SHARED + - INDEPENDENT + SmallMultiplesOptions: + type: object + properties: + MaxVisibleRows: + type: number + maximum: 10 + minimum: 1 + MaxVisibleColumns: + type: number + maximum: 10 + minimum: 1 + PanelConfiguration: + $ref: '#/components/schemas/PanelConfiguration' + XAxis: + $ref: '#/components/schemas/SmallMultiplesAxisProperties' + YAxis: + $ref: '#/components/schemas/SmallMultiplesAxisProperties' + additionalProperties: false + SortDirection: + type: string + enum: + - ASC + - DESC + Spacing: + type: object + properties: + Top: + type: string + description: String based length that is composed of value and unit + Bottom: + type: string + description: String based length that is composed of value and unit + Left: + type: string + description: String based length that is composed of value and unit + Right: + type: string + description: String based length that is composed of value and unit + additionalProperties: false + SpecialValue: + type: string + enum: + - EMPTY + - 'NULL' + - OTHER + StringDefaultValues: + type: object + properties: + DynamicValue: + $ref: '#/components/schemas/DynamicDefaultValue' + StaticValues: + type: array + items: + type: string + maxItems: 50000 + minItems: 0 + additionalProperties: false + StringFormatConfiguration: + type: object + properties: + NullValueFormatConfiguration: + $ref: '#/components/schemas/NullValueFormatConfiguration' + NumericFormatConfiguration: + $ref: '#/components/schemas/NumericFormatConfiguration' + additionalProperties: false + StringParameter: + type: object + properties: + Name: + type: string + pattern: .*\S.* + Values: + type: array + items: + type: string + required: + - Name + - Values + additionalProperties: false + StringParameterDeclaration: + type: object + properties: + ParameterValueType: + $ref: '#/components/schemas/ParameterValueType' + Name: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + DefaultValues: + $ref: '#/components/schemas/StringDefaultValues' + ValueWhenUnset: + $ref: '#/components/schemas/StringValueWhenUnsetConfiguration' + MappedDataSetParameters: + type: array + items: + $ref: '#/components/schemas/MappedDataSetParameter' + maxItems: 150 + minItems: 0 + required: + - Name + - ParameterValueType + additionalProperties: false + StringValueWhenUnsetConfiguration: + type: object + properties: + ValueWhenUnsetOption: + $ref: '#/components/schemas/ValueWhenUnsetOption' + CustomValue: + type: string + additionalProperties: false + StyledCellType: + type: string + enum: + - TOTAL + - METRIC_HEADER + - VALUE + SubtotalOptions: + type: object + properties: + TotalsVisibility: + $ref: '#/components/schemas/Visibility' + CustomLabel: + type: string + FieldLevel: + $ref: '#/components/schemas/PivotTableSubtotalLevel' + FieldLevelOptions: + type: array + items: + $ref: '#/components/schemas/PivotTableFieldSubtotalOptions' + maxItems: 100 + minItems: 0 + TotalCellStyle: + $ref: '#/components/schemas/TableCellStyle' + ValueCellStyle: + $ref: '#/components/schemas/TableCellStyle' + MetricHeaderCellStyle: + $ref: '#/components/schemas/TableCellStyle' + StyleTargets: + type: array + items: + $ref: '#/components/schemas/TableStyleTarget' + maxItems: 3 + minItems: 0 + additionalProperties: false + TableAggregatedFieldWells: + type: object + properties: + GroupBy: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + Values: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + additionalProperties: false + TableBorderOptions: + type: object + properties: + Color: + type: string + pattern: ^#[A-F0-9]{6}$ + Thickness: + type: number + maximum: 4 + minimum: 1 + Style: + $ref: '#/components/schemas/TableBorderStyle' + additionalProperties: false + TableBorderStyle: + type: string + enum: + - NONE + - SOLID + TableCellConditionalFormatting: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + TextFormat: + $ref: '#/components/schemas/TextConditionalFormat' + required: + - FieldId + additionalProperties: false + TableCellImageScalingConfiguration: + type: string + enum: + - FIT_TO_CELL_HEIGHT + - FIT_TO_CELL_WIDTH + - DO_NOT_SCALE + TableCellImageSizingConfiguration: + type: object + properties: + TableCellImageScalingConfiguration: + $ref: '#/components/schemas/TableCellImageScalingConfiguration' + additionalProperties: false + TableCellStyle: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + FontConfiguration: + $ref: '#/components/schemas/FontConfiguration' + TextWrap: + $ref: '#/components/schemas/TextWrap' + HorizontalTextAlignment: + $ref: '#/components/schemas/HorizontalTextAlignment' + VerticalTextAlignment: + $ref: '#/components/schemas/VerticalTextAlignment' + BackgroundColor: + type: string + pattern: ^#[A-F0-9]{6}$ + Height: + type: number + maximum: 500 + minimum: 8 + Border: + $ref: '#/components/schemas/GlobalTableBorderOptions' + additionalProperties: false + TableConditionalFormatting: + type: object + properties: + ConditionalFormattingOptions: + type: array + items: + $ref: '#/components/schemas/TableConditionalFormattingOption' + maxItems: 100 + minItems: 0 + additionalProperties: false + TableConditionalFormattingOption: + type: object + properties: + Cell: + $ref: '#/components/schemas/TableCellConditionalFormatting' + Row: + $ref: '#/components/schemas/TableRowConditionalFormatting' + additionalProperties: false + TableConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/TableFieldWells' + SortConfiguration: + $ref: '#/components/schemas/TableSortConfiguration' + TableOptions: + $ref: '#/components/schemas/TableOptions' + TotalOptions: + $ref: '#/components/schemas/TotalOptions' + FieldOptions: + $ref: '#/components/schemas/TableFieldOptions' + PaginatedReportOptions: + $ref: '#/components/schemas/TablePaginatedReportOptions' + TableInlineVisualizations: + type: array + items: + $ref: '#/components/schemas/TableInlineVisualization' + maxItems: 200 + minItems: 0 + additionalProperties: false + TableFieldCustomIconContent: + type: object + properties: + Icon: + $ref: '#/components/schemas/TableFieldIconSetType' + additionalProperties: false + TableFieldCustomTextContent: + type: object + properties: + Value: + type: string + FontConfiguration: + $ref: '#/components/schemas/FontConfiguration' + required: + - FontConfiguration + additionalProperties: false + TableFieldIconSetType: + type: string + enum: + - LINK + TableFieldImageConfiguration: + type: object + properties: + SizingOptions: + $ref: '#/components/schemas/TableCellImageSizingConfiguration' + additionalProperties: false + TableFieldLinkConfiguration: + type: object + properties: + Target: + $ref: '#/components/schemas/URLTargetConfiguration' + Content: + $ref: '#/components/schemas/TableFieldLinkContentConfiguration' + required: + - Content + - Target + additionalProperties: false + TableFieldLinkContentConfiguration: + type: object + properties: + CustomTextContent: + $ref: '#/components/schemas/TableFieldCustomTextContent' + CustomIconContent: + $ref: '#/components/schemas/TableFieldCustomIconContent' + additionalProperties: false + TableFieldOption: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + Width: + type: string + description: String based length that is composed of value and unit in px + CustomLabel: + type: string + maxLength: 2048 + minLength: 1 + Visibility: + $ref: '#/components/schemas/Visibility' + URLStyling: + $ref: '#/components/schemas/TableFieldURLConfiguration' + required: + - FieldId + additionalProperties: false + TableFieldOptions: + type: object + properties: + SelectedFieldOptions: + type: array + items: + $ref: '#/components/schemas/TableFieldOption' + maxItems: 100 + minItems: 0 + Order: + type: array + items: + type: string + maxLength: 512 + minLength: 1 + maxItems: 200 + minItems: 0 + PinnedFieldOptions: + $ref: '#/components/schemas/TablePinnedFieldOptions' + additionalProperties: false + TableFieldURLConfiguration: + type: object + properties: + LinkConfiguration: + $ref: '#/components/schemas/TableFieldLinkConfiguration' + ImageConfiguration: + $ref: '#/components/schemas/TableFieldImageConfiguration' + additionalProperties: false + TableFieldWells: + type: object + properties: + TableAggregatedFieldWells: + $ref: '#/components/schemas/TableAggregatedFieldWells' + TableUnaggregatedFieldWells: + $ref: '#/components/schemas/TableUnaggregatedFieldWells' + additionalProperties: false + TableInlineVisualization: + type: object + properties: + DataBars: + $ref: '#/components/schemas/DataBarsOptions' + additionalProperties: false + TableOptions: + type: object + properties: + Orientation: + $ref: '#/components/schemas/TableOrientation' + HeaderStyle: + $ref: '#/components/schemas/TableCellStyle' + CellStyle: + $ref: '#/components/schemas/TableCellStyle' + RowAlternateColorOptions: + $ref: '#/components/schemas/RowAlternateColorOptions' + additionalProperties: false + TableOrientation: + type: string + enum: + - VERTICAL + - HORIZONTAL + TablePaginatedReportOptions: + type: object + properties: + VerticalOverflowVisibility: + $ref: '#/components/schemas/Visibility' + OverflowColumnHeaderVisibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + TablePinnedFieldOptions: + type: object + properties: + PinnedLeftFields: + type: array + items: + type: string + maxLength: 512 + minLength: 1 + maxItems: 201 + minItems: 0 + additionalProperties: false + TableRowConditionalFormatting: + type: object + properties: + BackgroundColor: + $ref: '#/components/schemas/ConditionalFormattingColor' + TextColor: + $ref: '#/components/schemas/ConditionalFormattingColor' + additionalProperties: false + TableSideBorderOptions: + type: object + properties: + InnerVertical: + $ref: '#/components/schemas/TableBorderOptions' + InnerHorizontal: + $ref: '#/components/schemas/TableBorderOptions' + Left: + $ref: '#/components/schemas/TableBorderOptions' + Right: + $ref: '#/components/schemas/TableBorderOptions' + Top: + $ref: '#/components/schemas/TableBorderOptions' + Bottom: + $ref: '#/components/schemas/TableBorderOptions' + additionalProperties: false + TableSortConfiguration: + type: object + properties: + RowSort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + PaginationConfiguration: + $ref: '#/components/schemas/PaginationConfiguration' + additionalProperties: false + TableStyleTarget: + type: object + properties: + CellType: + $ref: '#/components/schemas/StyledCellType' + required: + - CellType + additionalProperties: false + TableTotalsPlacement: + type: string + enum: + - START + - END + - AUTO + TableTotalsScrollStatus: + type: string + enum: + - PINNED + - SCROLLED + TableUnaggregatedFieldWells: + type: object + properties: + Values: + type: array + items: + $ref: '#/components/schemas/UnaggregatedField' + maxItems: 200 + minItems: 0 + additionalProperties: false + TableVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/TableConfiguration' + ConditionalFormatting: + $ref: '#/components/schemas/TableConditionalFormatting' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + required: + - VisualId + additionalProperties: false + Tag: + type: object + properties: + Value: + type: string + maxLength: 256 + minLength: 1 + Key: + type: string + maxLength: 128 + minLength: 1 + additionalProperties: false + required: + - Key + - Value + TargetVisualOptions: + type: string + enum: + - ALL_VISUALS + TextAreaControlDisplayOptions: + type: object + properties: + TitleOptions: + $ref: '#/components/schemas/LabelOptions' + PlaceholderOptions: + $ref: '#/components/schemas/TextControlPlaceholderOptions' + InfoIconLabelOptions: + $ref: '#/components/schemas/SheetControlInfoIconLabelOptions' + additionalProperties: false + TextConditionalFormat: + type: object + properties: + BackgroundColor: + $ref: '#/components/schemas/ConditionalFormattingColor' + TextColor: + $ref: '#/components/schemas/ConditionalFormattingColor' + Icon: + $ref: '#/components/schemas/ConditionalFormattingIcon' + additionalProperties: false + TextControlPlaceholderOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + TextFieldControlDisplayOptions: + type: object + properties: + TitleOptions: + $ref: '#/components/schemas/LabelOptions' + PlaceholderOptions: + $ref: '#/components/schemas/TextControlPlaceholderOptions' + InfoIconLabelOptions: + $ref: '#/components/schemas/SheetControlInfoIconLabelOptions' + additionalProperties: false + TextWrap: + type: string + enum: + - NONE + - WRAP + ThousandSeparatorOptions: + type: object + properties: + Symbol: + $ref: '#/components/schemas/NumericSeparatorSymbol' + Visibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + TimeBasedForecastProperties: + type: object + properties: + PeriodsForward: + type: number + maximum: 1000 + minimum: 1 + PeriodsBackward: + type: number + maximum: 1000 + minimum: 0 + UpperBoundary: + type: number + default: null + LowerBoundary: + type: number + default: null + PredictionInterval: + type: number + maximum: 95 + minimum: 50 + Seasonality: + type: number + maximum: 180 + minimum: 1 + additionalProperties: false + TimeEqualityFilter: + type: object + properties: + FilterId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Column: + $ref: '#/components/schemas/ColumnIdentifier' + Value: + type: string + format: date-time + RollingDate: + $ref: '#/components/schemas/RollingDateConfiguration' + ParameterName: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + TimeGranularity: + $ref: '#/components/schemas/TimeGranularity' + required: + - Column + - FilterId + additionalProperties: false + TimeGranularity: + type: string + enum: + - YEAR + - QUARTER + - MONTH + - WEEK + - DAY + - HOUR + - MINUTE + - SECOND + - MILLISECOND + TimeRangeDrillDownFilter: + type: object + properties: + Column: + $ref: '#/components/schemas/ColumnIdentifier' + RangeMinimum: + type: string + format: date-time + RangeMaximum: + type: string + format: date-time + TimeGranularity: + $ref: '#/components/schemas/TimeGranularity' + required: + - Column + - RangeMaximum + - RangeMinimum + - TimeGranularity + additionalProperties: false + TimeRangeFilter: + type: object + properties: + FilterId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Column: + $ref: '#/components/schemas/ColumnIdentifier' + IncludeMinimum: + type: boolean + default: null + IncludeMaximum: + type: boolean + default: null + RangeMinimumValue: + $ref: '#/components/schemas/TimeRangeFilterValue' + RangeMaximumValue: + $ref: '#/components/schemas/TimeRangeFilterValue' + NullOption: + $ref: '#/components/schemas/FilterNullOption' + ExcludePeriodConfiguration: + $ref: '#/components/schemas/ExcludePeriodConfiguration' + TimeGranularity: + $ref: '#/components/schemas/TimeGranularity' + required: + - Column + - FilterId + - NullOption + additionalProperties: false + TimeRangeFilterValue: + type: object + properties: + StaticValue: + type: string + format: date-time + RollingDate: + $ref: '#/components/schemas/RollingDateConfiguration' + Parameter: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + additionalProperties: false + TooltipItem: + type: object + properties: + FieldTooltipItem: + $ref: '#/components/schemas/FieldTooltipItem' + ColumnTooltipItem: + $ref: '#/components/schemas/ColumnTooltipItem' + additionalProperties: false + TooltipOptions: + type: object + properties: + TooltipVisibility: + $ref: '#/components/schemas/Visibility' + SelectedTooltipType: + $ref: '#/components/schemas/SelectedTooltipType' + FieldBasedTooltip: + $ref: '#/components/schemas/FieldBasedTooltip' + additionalProperties: false + TooltipTitleType: + type: string + enum: + - NONE + - PRIMARY_VALUE + TopBottomComputationType: + type: string + enum: + - TOP + - BOTTOM + TopBottomFilter: + type: object + properties: + FilterId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Column: + $ref: '#/components/schemas/ColumnIdentifier' + Limit: + type: number + default: null + AggregationSortConfigurations: + type: array + items: + $ref: '#/components/schemas/AggregationSortConfiguration' + maxItems: 100 + minItems: 0 + TimeGranularity: + $ref: '#/components/schemas/TimeGranularity' + ParameterName: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + required: + - AggregationSortConfigurations + - Column + - FilterId + additionalProperties: false + TopBottomMoversComputation: + type: object + properties: + ComputationId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Name: + type: string + Time: + $ref: '#/components/schemas/DimensionField' + Category: + $ref: '#/components/schemas/DimensionField' + Value: + $ref: '#/components/schemas/MeasureField' + MoverSize: + type: number + default: 0 + maximum: 20 + minimum: 1 + SortOrder: + $ref: '#/components/schemas/TopBottomSortOrder' + Type: + $ref: '#/components/schemas/TopBottomComputationType' + required: + - ComputationId + - Type + additionalProperties: false + TopBottomRankedComputation: + type: object + properties: + ComputationId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Name: + type: string + Category: + $ref: '#/components/schemas/DimensionField' + Value: + $ref: '#/components/schemas/MeasureField' + ResultSize: + type: number + default: 0 + maximum: 20 + minimum: 1 + Type: + $ref: '#/components/schemas/TopBottomComputationType' + required: + - ComputationId + - Type + additionalProperties: false + TopBottomSortOrder: + type: string + enum: + - PERCENT_DIFFERENCE + - ABSOLUTE_DIFFERENCE + TotalAggregationComputation: + type: object + properties: + ComputationId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Name: + type: string + Value: + $ref: '#/components/schemas/MeasureField' + required: + - ComputationId + additionalProperties: false + TotalAggregationFunction: + type: object + properties: + SimpleTotalAggregationFunction: + $ref: '#/components/schemas/SimpleTotalAggregationFunction' + additionalProperties: false + TotalAggregationOption: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + TotalAggregationFunction: + $ref: '#/components/schemas/TotalAggregationFunction' + required: + - FieldId + - TotalAggregationFunction + additionalProperties: false + TotalOptions: + type: object + properties: + TotalsVisibility: + $ref: '#/components/schemas/Visibility' + TotalAggregationOptions: + type: array + items: + $ref: '#/components/schemas/TotalAggregationOption' + maxItems: 200 + minItems: 0 + Placement: + $ref: '#/components/schemas/TableTotalsPlacement' + ScrollStatus: + $ref: '#/components/schemas/TableTotalsScrollStatus' + CustomLabel: + type: string + TotalCellStyle: + $ref: '#/components/schemas/TableCellStyle' + additionalProperties: false + TreeMapAggregatedFieldWells: + type: object + properties: + Groups: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 1 + minItems: 0 + Sizes: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 1 + minItems: 0 + Colors: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 1 + minItems: 0 + additionalProperties: false + TreeMapConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/TreeMapFieldWells' + SortConfiguration: + $ref: '#/components/schemas/TreeMapSortConfiguration' + GroupLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + SizeLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + ColorLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + ColorScale: + $ref: '#/components/schemas/ColorScale' + Legend: + $ref: '#/components/schemas/LegendOptions' + DataLabels: + $ref: '#/components/schemas/DataLabelOptions' + Tooltip: + $ref: '#/components/schemas/TooltipOptions' + additionalProperties: false + TreeMapFieldWells: + type: object + properties: + TreeMapAggregatedFieldWells: + $ref: '#/components/schemas/TreeMapAggregatedFieldWells' + additionalProperties: false + TreeMapSortConfiguration: + type: object + properties: + TreeMapSort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + TreeMapGroupItemsLimitConfiguration: + $ref: '#/components/schemas/ItemsLimitConfiguration' + additionalProperties: false + TreeMapVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/TreeMapConfiguration' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + ColumnHierarchies: + type: array + items: + $ref: '#/components/schemas/ColumnHierarchy' + maxItems: 2 + minItems: 0 + required: + - VisualId + additionalProperties: false + TrendArrowOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + additionalProperties: false + URLTargetConfiguration: + type: string + enum: + - NEW_TAB + - NEW_WINDOW + - SAME_TAB + UnaggregatedField: + type: object + properties: + FieldId: + type: string + maxLength: 512 + minLength: 1 + Column: + $ref: '#/components/schemas/ColumnIdentifier' + FormatConfiguration: + $ref: '#/components/schemas/FormatConfiguration' + required: + - Column + - FieldId + additionalProperties: false + UniqueValuesComputation: + type: object + properties: + ComputationId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Name: + type: string + Category: + $ref: '#/components/schemas/DimensionField' + required: + - ComputationId + additionalProperties: false + ValidationStrategy: + type: object + properties: + Mode: + $ref: '#/components/schemas/ValidationStrategyMode' + required: + - Mode + additionalProperties: false + ValidationStrategyMode: + type: string + enum: + - STRICT + - LENIENT + ValueWhenUnsetOption: + type: string + enum: + - RECOMMENDED_VALUE + - 'NULL' + VerticalTextAlignment: + type: string + enum: + - TOP + - MIDDLE + - BOTTOM + - AUTO + Visibility: + type: string + enum: + - HIDDEN + - VISIBLE + VisibleRangeOptions: + type: object + properties: + PercentRange: + $ref: '#/components/schemas/PercentVisibleRange' + additionalProperties: false + Visual: + type: object + properties: + TableVisual: + $ref: '#/components/schemas/TableVisual' + PivotTableVisual: + $ref: '#/components/schemas/PivotTableVisual' + BarChartVisual: + $ref: '#/components/schemas/BarChartVisual' + KPIVisual: + $ref: '#/components/schemas/KPIVisual' + PieChartVisual: + $ref: '#/components/schemas/PieChartVisual' + GaugeChartVisual: + $ref: '#/components/schemas/GaugeChartVisual' + LineChartVisual: + $ref: '#/components/schemas/LineChartVisual' + HeatMapVisual: + $ref: '#/components/schemas/HeatMapVisual' + TreeMapVisual: + $ref: '#/components/schemas/TreeMapVisual' + GeospatialMapVisual: + $ref: '#/components/schemas/GeospatialMapVisual' + FilledMapVisual: + $ref: '#/components/schemas/FilledMapVisual' + FunnelChartVisual: + $ref: '#/components/schemas/FunnelChartVisual' + ScatterPlotVisual: + $ref: '#/components/schemas/ScatterPlotVisual' + ComboChartVisual: + $ref: '#/components/schemas/ComboChartVisual' + BoxPlotVisual: + $ref: '#/components/schemas/BoxPlotVisual' + WaterfallVisual: + $ref: '#/components/schemas/WaterfallVisual' + HistogramVisual: + $ref: '#/components/schemas/HistogramVisual' + WordCloudVisual: + $ref: '#/components/schemas/WordCloudVisual' + InsightVisual: + $ref: '#/components/schemas/InsightVisual' + SankeyDiagramVisual: + $ref: '#/components/schemas/SankeyDiagramVisual' + CustomContentVisual: + $ref: '#/components/schemas/CustomContentVisual' + EmptyVisual: + $ref: '#/components/schemas/EmptyVisual' + RadarChartVisual: + $ref: '#/components/schemas/RadarChartVisual' + additionalProperties: false + VisualCustomAction: + type: object + properties: + CustomActionId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Name: + type: string + maxLength: 256 + minLength: 1 + Status: + $ref: '#/components/schemas/WidgetStatus' + Trigger: + $ref: '#/components/schemas/VisualCustomActionTrigger' + ActionOperations: + type: array + items: + $ref: '#/components/schemas/VisualCustomActionOperation' + maxItems: 2 + minItems: 1 + required: + - ActionOperations + - CustomActionId + - Name + - Trigger + additionalProperties: false + VisualCustomActionOperation: + type: object + properties: + FilterOperation: + $ref: '#/components/schemas/CustomActionFilterOperation' + NavigationOperation: + $ref: '#/components/schemas/CustomActionNavigationOperation' + URLOperation: + $ref: '#/components/schemas/CustomActionURLOperation' + SetParametersOperation: + $ref: '#/components/schemas/CustomActionSetParametersOperation' + additionalProperties: false + VisualCustomActionTrigger: + type: string + enum: + - DATA_POINT_CLICK + - DATA_POINT_MENU + VisualPalette: + type: object + properties: + ChartColor: + type: string + pattern: ^#[A-F0-9]{6}$ + ColorMap: + type: array + items: + $ref: '#/components/schemas/DataPathColor' + maxItems: 5000 + minItems: 0 + additionalProperties: false + VisualSubtitleLabelOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + FormatText: + $ref: '#/components/schemas/LongFormatText' + additionalProperties: false + VisualTitleLabelOptions: + type: object + properties: + Visibility: + $ref: '#/components/schemas/Visibility' + FormatText: + $ref: '#/components/schemas/ShortFormatText' + additionalProperties: false + WaterfallChartAggregatedFieldWells: + type: object + properties: + Categories: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + Values: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 200 + minItems: 0 + Breakdowns: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 200 + minItems: 0 + additionalProperties: false + WaterfallChartConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/WaterfallChartFieldWells' + SortConfiguration: + $ref: '#/components/schemas/WaterfallChartSortConfiguration' + WaterfallChartOptions: + $ref: '#/components/schemas/WaterfallChartOptions' + CategoryAxisLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + CategoryAxisDisplayOptions: + $ref: '#/components/schemas/AxisDisplayOptions' + PrimaryYAxisLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + PrimaryYAxisDisplayOptions: + $ref: '#/components/schemas/AxisDisplayOptions' + Legend: + $ref: '#/components/schemas/LegendOptions' + DataLabels: + $ref: '#/components/schemas/DataLabelOptions' + VisualPalette: + $ref: '#/components/schemas/VisualPalette' + additionalProperties: false + WaterfallChartFieldWells: + type: object + properties: + WaterfallChartAggregatedFieldWells: + $ref: '#/components/schemas/WaterfallChartAggregatedFieldWells' + additionalProperties: false + WaterfallChartOptions: + type: object + properties: + TotalBarLabel: + type: string + additionalProperties: false + WaterfallChartSortConfiguration: + type: object + properties: + CategorySort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + BreakdownItemsLimit: + $ref: '#/components/schemas/ItemsLimitConfiguration' + additionalProperties: false + WaterfallVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/WaterfallChartConfiguration' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + ColumnHierarchies: + type: array + items: + $ref: '#/components/schemas/ColumnHierarchy' + maxItems: 2 + minItems: 0 + required: + - VisualId + additionalProperties: false + WhatIfPointScenario: + type: object + properties: + Date: + type: string + format: date-time + Value: + type: number + default: 0 + required: + - Date + - Value + additionalProperties: false + WhatIfRangeScenario: + type: object + properties: + StartDate: + type: string + format: date-time + EndDate: + type: string + format: date-time + Value: + type: number + default: 0 + required: + - EndDate + - StartDate + - Value + additionalProperties: false + WidgetStatus: + type: string + enum: + - ENABLED + - DISABLED + WordCloudAggregatedFieldWells: + type: object + properties: + GroupBy: + type: array + items: + $ref: '#/components/schemas/DimensionField' + maxItems: 10 + minItems: 0 + Size: + type: array + items: + $ref: '#/components/schemas/MeasureField' + maxItems: 1 + minItems: 0 + additionalProperties: false + WordCloudChartConfiguration: + type: object + properties: + FieldWells: + $ref: '#/components/schemas/WordCloudFieldWells' + SortConfiguration: + $ref: '#/components/schemas/WordCloudSortConfiguration' + CategoryLabelOptions: + $ref: '#/components/schemas/ChartAxisLabelOptions' + WordCloudOptions: + $ref: '#/components/schemas/WordCloudOptions' + additionalProperties: false + WordCloudCloudLayout: + type: string + enum: + - FLUID + - NORMAL + WordCloudFieldWells: + type: object + properties: + WordCloudAggregatedFieldWells: + $ref: '#/components/schemas/WordCloudAggregatedFieldWells' + additionalProperties: false + WordCloudOptions: + type: object + properties: + WordOrientation: + $ref: '#/components/schemas/WordCloudWordOrientation' + WordScaling: + $ref: '#/components/schemas/WordCloudWordScaling' + CloudLayout: + $ref: '#/components/schemas/WordCloudCloudLayout' + WordCasing: + $ref: '#/components/schemas/WordCloudWordCasing' + WordPadding: + $ref: '#/components/schemas/WordCloudWordPadding' + MaximumStringLength: + type: number + maximum: 100 + minimum: 1 + additionalProperties: false + WordCloudSortConfiguration: + type: object + properties: + CategoryItemsLimit: + $ref: '#/components/schemas/ItemsLimitConfiguration' + CategorySort: + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' + maxItems: 100 + minItems: 0 + additionalProperties: false + WordCloudVisual: + type: object + properties: + VisualId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + ChartConfiguration: + $ref: '#/components/schemas/WordCloudChartConfiguration' + Actions: + type: array + items: + $ref: '#/components/schemas/VisualCustomAction' + maxItems: 10 + minItems: 0 + ColumnHierarchies: + type: array + items: + $ref: '#/components/schemas/ColumnHierarchy' + maxItems: 2 + minItems: 0 + required: + - VisualId + additionalProperties: false + WordCloudWordCasing: + type: string + enum: + - LOWER_CASE + - EXISTING_CASE + WordCloudWordOrientation: + type: string + enum: + - HORIZONTAL + - HORIZONTAL_AND_VERTICAL + WordCloudWordPadding: + type: string + enum: + - NONE + - SMALL + - MEDIUM + - LARGE + WordCloudWordScaling: + type: string + enum: + - EMPHASIZE + - NORMAL + Analysis: + type: object + properties: + AnalysisId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Arn: + type: string + AwsAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^[0-9]{12}$ + CreatedTime: + type: string + format: date-time + DataSetArns: + type: array + items: + type: string + maxItems: 100 + minItems: 0 + Definition: + $ref: '#/components/schemas/AnalysisDefinition' + Errors: + type: array + items: + $ref: '#/components/schemas/AnalysisError' + minItems: 1 + LastUpdatedTime: + type: string + format: date-time + Name: + type: string + maxLength: 2048 + minLength: 1 + Parameters: + $ref: '#/components/schemas/Parameters' + Permissions: + type: array + items: + $ref: '#/components/schemas/ResourcePermission' + maxItems: 64 + minItems: 1 + Sheets: + type: array + items: + $ref: '#/components/schemas/Sheet' + maxItems: 20 + minItems: 0 + SourceEntity: + $ref: '#/components/schemas/AnalysisSourceEntity' + Status: + $ref: '#/components/schemas/ResourceStatus' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 1 + ThemeArn: + type: string + ValidationStrategy: + $ref: '#/components/schemas/ValidationStrategy' + required: + - AwsAccountId + - AnalysisId + - Name + x-stackql-resource-name: analysis + description: Definition of the AWS::QuickSight::Analysis Resource Type. + x-type-name: AWS::QuickSight::Analysis + x-stackql-primary-identifier: + - AnalysisId + - AwsAccountId + x-create-only-properties: + - AnalysisId + - AwsAccountId + x-write-only-properties: + - Definition + - Parameters + - SourceEntity + - Status + - ValidationStrategy + x-read-only-properties: + - Arn + - CreatedTime + - DataSetArns + - LastUpdatedTime + x-required-properties: + - AwsAccountId + - AnalysisId + - Name + x-required-permissions: + create: + - quicksight:DescribeAnalysis + - quicksight:DescribeAnalysisPermissions + - quicksight:CreateAnalysis + - quicksight:DescribeTemplate + - quicksight:DescribeTheme + - quicksight:PassDataSet + - quicksight:TagResource + - quicksight:UntagResource + - quicksight:ListTagsForResource + read: + - quicksight:DescribeAnalysis + - quicksight:DescribeAnalysisPermissions + - quicksight:ListTagsForResource + update: + - quicksight:DescribeAnalysis + - quicksight:DescribeAnalysisPermissions + - quicksight:UpdateAnalysis + - quicksight:UpdateAnalysisPermissions + - quicksight:DescribeTemplate + - quicksight:DescribeTheme + - quicksight:PassDataSet + - quicksight:TagResource + - quicksight:UntagResource + - quicksight:ListTagsForResource + delete: + - quicksight:DescribeAnalysis + - quicksight:DeleteAnalysis + list: + - quicksight:ListAnalyses + AdHocFilteringOption: + type: object + properties: + AvailabilityStatus: + $ref: '#/components/schemas/DashboardBehavior' + additionalProperties: false + DashboardBehavior: + type: string + enum: + - ENABLED + - DISABLED + DashboardError: + type: object + properties: + Type: + $ref: '#/components/schemas/DashboardErrorType' + Message: + type: string + pattern: .*\S.* + ViolatedEntities: + type: array + items: + $ref: '#/components/schemas/Entity' + maxItems: 200 + minItems: 0 + additionalProperties: false + DashboardErrorType: + type: string + enum: + - ACCESS_DENIED + - SOURCE_NOT_FOUND + - DATA_SET_NOT_FOUND + - INTERNAL_FAILURE + - PARAMETER_VALUE_INCOMPATIBLE + - PARAMETER_TYPE_INVALID + - PARAMETER_NOT_FOUND + - COLUMN_TYPE_MISMATCH + - COLUMN_GEOGRAPHIC_ROLE_MISMATCH + - COLUMN_REPLACEMENT_MISSING + DashboardPublishOptions: + type: object + properties: + AdHocFilteringOption: + $ref: '#/components/schemas/AdHocFilteringOption' + ExportToCSVOption: + $ref: '#/components/schemas/ExportToCSVOption' + SheetControlsOption: + $ref: '#/components/schemas/SheetControlsOption' + VisualPublishOptions: + $ref: '#/components/schemas/DashboardVisualPublishOptions' + SheetLayoutElementMaximizationOption: + $ref: '#/components/schemas/SheetLayoutElementMaximizationOption' + VisualMenuOption: + $ref: '#/components/schemas/VisualMenuOption' + VisualAxisSortOption: + $ref: '#/components/schemas/VisualAxisSortOption' + ExportWithHiddenFieldsOption: + $ref: '#/components/schemas/ExportWithHiddenFieldsOption' + DataPointDrillUpDownOption: + $ref: '#/components/schemas/DataPointDrillUpDownOption' + DataPointMenuLabelOption: + $ref: '#/components/schemas/DataPointMenuLabelOption' + DataPointTooltipOption: + $ref: '#/components/schemas/DataPointTooltipOption' + additionalProperties: false + DashboardSourceEntity: + type: object + properties: + SourceTemplate: + $ref: '#/components/schemas/DashboardSourceTemplate' + additionalProperties: false + DashboardSourceTemplate: + type: object + properties: + DataSetReferences: + type: array + items: + $ref: '#/components/schemas/DataSetReference' + minItems: 1 + Arn: + type: string + required: + - Arn + - DataSetReferences + additionalProperties: false + DashboardUIState: + type: string + enum: + - EXPANDED + - COLLAPSED + DashboardVersion: + type: object + properties: + CreatedTime: + type: string + format: date-time + Errors: + type: array + items: + $ref: '#/components/schemas/DashboardError' + minItems: 1 + VersionNumber: + type: number + minimum: 1 + Status: + $ref: '#/components/schemas/ResourceStatus' + Arn: + type: string + SourceEntityArn: + type: string + DataSetArns: + type: array + items: + type: string + maxItems: 100 + minItems: 0 + Description: + type: string + maxLength: 512 + minLength: 1 + ThemeArn: + type: string + Sheets: + type: array + items: + $ref: '#/components/schemas/Sheet' + maxItems: 20 + minItems: 0 + additionalProperties: false + DashboardVersionDefinition: + type: object + properties: + DataSetIdentifierDeclarations: + type: array + items: + $ref: '#/components/schemas/DataSetIdentifierDeclaration' + maxItems: 50 + minItems: 1 + Sheets: + type: array + items: + $ref: '#/components/schemas/SheetDefinition' + maxItems: 20 + minItems: 0 + CalculatedFields: + type: array + items: + $ref: '#/components/schemas/CalculatedField' + maxItems: 500 + minItems: 0 + ParameterDeclarations: + type: array + items: + $ref: '#/components/schemas/ParameterDeclaration' + maxItems: 200 + minItems: 0 + FilterGroups: + type: array + items: + $ref: '#/components/schemas/FilterGroup' + maxItems: 2000 + minItems: 0 + ColumnConfigurations: + type: array + items: + $ref: '#/components/schemas/ColumnConfiguration' + maxItems: 200 + minItems: 0 + AnalysisDefaults: + $ref: '#/components/schemas/AnalysisDefaults' + Options: + $ref: '#/components/schemas/AssetOptions' + required: + - DataSetIdentifierDeclarations + additionalProperties: false + DashboardVisualPublishOptions: + type: object + properties: + ExportHiddenFieldsOption: + $ref: '#/components/schemas/ExportHiddenFieldsOption' + additionalProperties: false + DataPointDrillUpDownOption: + type: object + properties: + AvailabilityStatus: + $ref: '#/components/schemas/DashboardBehavior' + additionalProperties: false + DataPointMenuLabelOption: + type: object + properties: + AvailabilityStatus: + $ref: '#/components/schemas/DashboardBehavior' + additionalProperties: false + DataPointTooltipOption: + type: object + properties: + AvailabilityStatus: + $ref: '#/components/schemas/DashboardBehavior' + additionalProperties: false + ExportHiddenFieldsOption: + type: object + properties: + AvailabilityStatus: + $ref: '#/components/schemas/DashboardBehavior' + additionalProperties: false + ExportToCSVOption: + type: object + properties: + AvailabilityStatus: + $ref: '#/components/schemas/DashboardBehavior' + additionalProperties: false + ExportWithHiddenFieldsOption: + type: object + properties: + AvailabilityStatus: + $ref: '#/components/schemas/DashboardBehavior' + additionalProperties: false + LinkSharingConfiguration: + type: object + properties: + Permissions: + type: array + items: + $ref: '#/components/schemas/ResourcePermission' + maxItems: 64 + minItems: 1 + additionalProperties: false + SheetControlsOption: + type: object + properties: + VisibilityState: + $ref: '#/components/schemas/DashboardUIState' + additionalProperties: false + SheetLayoutElementMaximizationOption: + type: object + properties: + AvailabilityStatus: + $ref: '#/components/schemas/DashboardBehavior' + additionalProperties: false + VisualAxisSortOption: + type: object + properties: + AvailabilityStatus: + $ref: '#/components/schemas/DashboardBehavior' + additionalProperties: false + VisualMenuOption: + type: object + properties: + AvailabilityStatus: + $ref: '#/components/schemas/DashboardBehavior' + additionalProperties: false + Dashboard: + type: object + properties: + Arn: + type: string + AwsAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^[0-9]{12}$ + CreatedTime: + type: string + format: date-time + DashboardId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + DashboardPublishOptions: + $ref: '#/components/schemas/DashboardPublishOptions' + Definition: + $ref: '#/components/schemas/DashboardVersionDefinition' + LastPublishedTime: + type: string + format: date-time + LastUpdatedTime: + type: string + format: date-time + LinkEntities: + type: array + items: + type: string + maxLength: 1024 + minLength: 1 + pattern: ^arn:aws[\w\-]*:quicksight:[\w\-]+:\d+:analysis/[\w\-]{1,512} + maxItems: 5 + minItems: 0 + LinkSharingConfiguration: + $ref: '#/components/schemas/LinkSharingConfiguration' + Name: + type: string + maxLength: 2048 + minLength: 1 + Parameters: + $ref: '#/components/schemas/Parameters' + Permissions: + type: array + items: + $ref: '#/components/schemas/ResourcePermission' + maxItems: 64 + minItems: 1 + SourceEntity: + $ref: '#/components/schemas/DashboardSourceEntity' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 1 + ThemeArn: + type: string + ValidationStrategy: + $ref: '#/components/schemas/ValidationStrategy' + Version: + $ref: '#/components/schemas/DashboardVersion' + VersionDescription: + type: string + maxLength: 512 + minLength: 1 + required: + - AwsAccountId + - DashboardId + - Name + x-stackql-resource-name: dashboard + description: Definition of the AWS::QuickSight::Dashboard Resource Type. + x-type-name: AWS::QuickSight::Dashboard + x-stackql-primary-identifier: + - AwsAccountId + - DashboardId + x-create-only-properties: + - AwsAccountId + - DashboardId + x-write-only-properties: + - DashboardPublishOptions + - Definition + - LinkSharingConfiguration + - Parameters + - SourceEntity + - ThemeArn + - VersionDescription + - ValidationStrategy + x-read-only-properties: + - Arn + - CreatedTime + - LastPublishedTime + - LastUpdatedTime + - Version + x-required-properties: + - AwsAccountId + - DashboardId + - Name + x-required-permissions: + create: + - quicksight:DescribeDashboard + - quicksight:DescribeDashboardPermissions + - quicksight:CreateDashboard + - quicksight:DescribeTemplate + - quicksight:DescribeTheme + - quicksight:PassDataSet + - quicksight:TagResource + - quicksight:UntagResource + - quicksight:ListTagsForResource + read: + - quicksight:DescribeDashboard + - quicksight:DescribeDashboardPermissions + - quicksight:ListTagsForResource + update: + - quicksight:DescribeDashboard + - quicksight:DescribeDashboardPermissions + - quicksight:UpdateDashboard + - quicksight:UpdateDashboardLinks + - quicksight:UpdateDashboardPermissions + - quicksight:UpdateDashboardPublishedVersion + - quicksight:DescribeTemplate + - quicksight:DescribeTheme + - quicksight:PassDataSet + - quicksight:TagResource + - quicksight:UntagResource + - quicksight:ListTagsForResource + delete: + - quicksight:DescribeDashboard + - quicksight:DeleteDashboard + list: + - quicksight:ListDashboards + CalculatedColumn: + type: object + description:

A calculated column for a dataset.

+ properties: + ColumnId: + type: string + maxLength: 64 + minLength: 1 + description: |- +

A unique ID to identify a calculated column. During a dataset update, if the column ID + of a calculated column matches that of an existing calculated column, Amazon QuickSight + preserves the existing calculated column.

+ ColumnName: + type: string + maxLength: 128 + minLength: 1 + description:

Column name.

+ Expression: + type: string + maxLength: 4096 + minLength: 1 + description:

An expression that defines the calculated column.

+ required: + - ColumnId + - ColumnName + - Expression + additionalProperties: false + CastColumnTypeOperation: + type: object + description:

A transform operation that casts a column to a different type.

+ properties: + ColumnName: + type: string + maxLength: 128 + minLength: 1 + description:

Column name.

+ Format: + type: string + maxLength: 32 + minLength: 0 + description: |- +

When casting a column from string to datetime type, you can supply a string in a + format supported by Amazon QuickSight to denote the source data format.

+ NewColumnType: + $ref: '#/components/schemas/ColumnDataType' + SubType: + $ref: '#/components/schemas/ColumnSubDataType' + required: + - ColumnName + - NewColumnType + additionalProperties: false + ColumnDataType: + type: string + enum: + - STRING + - INTEGER + - DECIMAL + - DATETIME + ColumnSubDataType: + type: string + enum: + - FIXED + - FLOAT + ColumnDescription: + type: object + description:

Metadata that contains a description for a column.

+ properties: + Text: + type: string + maxLength: 500 + minLength: 0 + description:

The text of a description for a column.

+ additionalProperties: false + ColumnGroup: + type: object + description: |- +

Groupings of columns that work together in certain Amazon QuickSight features. This is + a variant type structure. For this structure to be valid, only one of the attributes can + be non-null.

+ properties: + GeoSpatialColumnGroup: + $ref: '#/components/schemas/GeoSpatialColumnGroup' + additionalProperties: false + ColumnLevelPermissionRule: + type: object + properties: + ColumnNames: + type: array + items: + type: string + minItems: 1 + Principals: + type: array + items: + type: string + maxItems: 100 + minItems: 1 + additionalProperties: false + ColumnTag: + type: object + description: |- +

A tag for a column in a TagColumnOperation structure. This is a + variant type structure. For this structure to be valid, only one of the attributes can + be non-null.

+ properties: + ColumnGeographicRole: + $ref: '#/components/schemas/GeoSpatialDataRole' + ColumnDescription: + $ref: '#/components/schemas/ColumnDescription' + additionalProperties: false + CreateColumnsOperation: + type: object + description: |- +

A transform operation that creates calculated columns. Columns created in one such + operation form a lexical closure.

+ properties: + Columns: + type: array + items: + $ref: '#/components/schemas/CalculatedColumn' + maxItems: 128 + minItems: 1 + description:

Calculated columns to create.

+ required: + - Columns + additionalProperties: false + CustomSql: + type: object + description:

A physical table type built from the results of the custom SQL query.

+ properties: + DataSourceArn: + type: string + description:

The Amazon Resource Name (ARN) of the data source.

+ SqlQuery: + type: string + maxLength: 65536 + minLength: 1 + description:

The SQL query.

+ Columns: + type: array + items: + $ref: '#/components/schemas/InputColumn' + maxItems: 2048 + minItems: 1 + description:

The column schema from the SQL query result set.

+ Name: + type: string + maxLength: 128 + minLength: 1 + description:

A display name for the SQL query result.

+ required: + - Columns + - DataSourceArn + - Name + - SqlQuery + additionalProperties: false + DataSetImportMode: + type: string + enum: + - SPICE + - DIRECT_QUERY + DatasetParameter: + type: object + description:

A parameter created in the dataset that could be of any one data type such as string, integer, decimal or datetime.

+ properties: + StringDatasetParameter: + $ref: '#/components/schemas/StringDatasetParameter' + DecimalDatasetParameter: + $ref: '#/components/schemas/DecimalDatasetParameter' + IntegerDatasetParameter: + $ref: '#/components/schemas/IntegerDatasetParameter' + DateTimeDatasetParameter: + $ref: '#/components/schemas/DateTimeDatasetParameter' + additionalProperties: false + DatasetParameterId: + type: string + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + description:

Identifier of the parameter created in the dataset.

+ DatasetParameterName: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + description:

Name of the parameter created in the dataset.

+ DatasetParameterValueType: + type: string + enum: + - MULTI_VALUED + - SINGLE_VALUED + description:

Every parameter value could be either a single value or multi value which helps to validate before evaluation.

+ DateTimeDatasetParameter: + type: object + description:

A parameter created in the dataset of date time data type.

+ properties: + Id: + $ref: '#/components/schemas/DatasetParameterId' + Name: + $ref: '#/components/schemas/DatasetParameterName' + ValueType: + $ref: '#/components/schemas/DatasetParameterValueType' + TimeGranularity: + $ref: '#/components/schemas/TimeGranularity' + DefaultValues: + $ref: '#/components/schemas/DateTimeDatasetParameterDefaultValues' + required: + - Id + - Name + - ValueType + additionalProperties: false + DateTimeDatasetParameterDefaultValues: + type: object + description:

List of default values defined for a given string date time parameter type. Currently only static values are supported.

+ properties: + StaticValues: + $ref: '#/components/schemas/DateTimeDatasetParameterValueList' + description:

List of static default values defined for a given string date time parameter type.

+ additionalProperties: false + DateTimeDatasetParameterValueList: + type: array + items: + type: string + description:

Default value defined for the dataset parameter of date time type.

+ maxItems: 32 + minItems: 1 + DecimalDatasetParameter: + type: object + description:

A parameter created in the dataset of decimal data type.

+ properties: + Id: + $ref: '#/components/schemas/DatasetParameterId' + Name: + $ref: '#/components/schemas/DatasetParameterName' + ValueType: + $ref: '#/components/schemas/DatasetParameterValueType' + DefaultValues: + $ref: '#/components/schemas/DecimalDatasetParameterDefaultValues' + required: + - Id + - Name + - ValueType + additionalProperties: false + DecimalDatasetParameterDefaultValues: + type: object + description:

List of default values defined for a given decimal dataset parameter type. Currently only static values are supported.

+ properties: + StaticValues: + $ref: '#/components/schemas/DecimalDatasetParameterValueList' + description:

List of static default values defined for a given decimal dataset parameter type.

+ additionalProperties: false + DecimalDatasetParameterValueList: + type: array + items: + type: number + description:

Default value defined for the dataset parameter of decimal type.

+ maxItems: 32 + minItems: 1 + IntegerDatasetParameter: + type: object + description:

A parameter created in the dataset of integer data type.

+ properties: + Id: + $ref: '#/components/schemas/DatasetParameterId' + Name: + $ref: '#/components/schemas/DatasetParameterName' + ValueType: + $ref: '#/components/schemas/DatasetParameterValueType' + DefaultValues: + $ref: '#/components/schemas/IntegerDatasetParameterDefaultValues' + required: + - Id + - Name + - ValueType + additionalProperties: false + IntegerDatasetParameterDefaultValues: + type: object + description:

List of default values defined for a given integer dataset parameter type. Currently only static values are supported.

+ properties: + StaticValues: + $ref: '#/components/schemas/IntegerDatasetParameterValueList' + description:

List of static default values defined for a given integer dataset parameter type.

+ additionalProperties: false + IntegerDatasetParameterValueList: + type: array + items: + type: number + description:

Default value defined for the dataset parameter of integer type.

+ maxItems: 32 + minItems: 1 + StringDatasetParameter: + type: object + description:

A parameter created in the dataset of string data type.

+ properties: + Id: + $ref: '#/components/schemas/DatasetParameterId' + Name: + $ref: '#/components/schemas/DatasetParameterName' + ValueType: + $ref: '#/components/schemas/DatasetParameterValueType' + DefaultValues: + $ref: '#/components/schemas/StringDatasetParameterDefaultValues' + required: + - Id + - Name + - ValueType + additionalProperties: false + StringDatasetParameterDefaultValues: + type: object + description:

List of default values defined for a given string dataset parameter type. Currently only static values are supported.

+ properties: + StaticValues: + $ref: '#/components/schemas/StringDatasetParameterValueList' + description:

List of static default values defined for a given string dataset parameter type.

+ additionalProperties: false + StringDatasetParameterValueList: + type: array + items: + type: string + description:

Default value defined for the dataset parameter of string type.

+ maxItems: 32 + minItems: 1 + FieldFolder: + type: object + properties: + Description: + type: string + maxLength: 500 + minLength: 0 + Columns: + type: array + items: + type: string + maxItems: 5000 + minItems: 0 + additionalProperties: false + FieldFolderMap: + type: object + x-patternProperties: + .+: + $ref: '#/components/schemas/FieldFolder' + additionalProperties: false + FileFormat: + type: string + enum: + - CSV + - TSV + - CLF + - ELF + - XLSX + - JSON + FilterOperation: + type: object + description:

A transform operation that filters rows based on a condition.

+ properties: + ConditionExpression: + type: string + maxLength: 4096 + minLength: 1 + description: |- +

An expression that must evaluate to a Boolean value. Rows for which the expression + evaluates to true are kept in the dataset.

+ required: + - ConditionExpression + additionalProperties: false + GeoSpatialColumnGroup: + type: object + description:

Geospatial column group that denotes a hierarchy.

+ properties: + Columns: + type: array + items: + type: string + maxLength: 128 + minLength: 1 + maxItems: 16 + minItems: 1 + description:

Columns in this hierarchy.

+ CountryCode: + $ref: '#/components/schemas/GeoSpatialCountryCode' + Name: + type: string + maxLength: 64 + minLength: 1 + description:

A display name for the hierarchy.

+ required: + - Columns + - Name + additionalProperties: false + GeoSpatialCountryCode: + type: string + enum: + - US + GeoSpatialDataRole: + type: string + enum: + - COUNTRY + - STATE + - COUNTY + - CITY + - POSTCODE + - LONGITUDE + - LATITUDE + - POLITICAL1 + InputColumn: + type: object + description:

Metadata for a column that is used as the input of a transform operation.

+ properties: + Type: + $ref: '#/components/schemas/InputColumnDataType' + SubType: + $ref: '#/components/schemas/ColumnSubDataType' + Name: + type: string + maxLength: 128 + minLength: 1 + description:

The name of this column in the underlying data source.

+ required: + - Name + - Type + additionalProperties: false + InputColumnDataType: + type: string + enum: + - STRING + - INTEGER + - DECIMAL + - DATETIME + - BIT + - BOOLEAN + - JSON + RefreshConfiguration: + type: object + description:

Refresh Configuration.

+ properties: + IncrementalRefresh: + $ref: '#/components/schemas/IncrementalRefresh' + additionalProperties: false + IncrementalRefresh: + type: object + description:

Incremental Refresh

+ properties: + LookbackWindow: + $ref: '#/components/schemas/LookbackWindow' + additionalProperties: false + LookbackWindow: + type: object + properties: + ColumnName: + type: string + description:

Column Name

+ Size: + type: number + description:

Size

+ minimum: 1 + SizeUnit: + $ref: '#/components/schemas/SizeUnit' + additionalProperties: false + SizeUnit: + type: string + enum: + - HOUR + - DAY + - WEEK + JoinInstruction: + type: object + description:

Join instruction.

+ properties: + OnClause: + type: string + maxLength: 512 + minLength: 1 + description:

On Clause.

+ Type: + $ref: '#/components/schemas/JoinType' + LeftJoinKeyProperties: + $ref: '#/components/schemas/JoinKeyProperties' + LeftOperand: + type: string + maxLength: 64 + minLength: 1 + pattern: '[0-9a-zA-Z-]*' + description:

Left operand.

+ RightOperand: + type: string + maxLength: 64 + minLength: 1 + pattern: '[0-9a-zA-Z-]*' + description:

Right operand.

+ RightJoinKeyProperties: + $ref: '#/components/schemas/JoinKeyProperties' + required: + - LeftOperand + - OnClause + - RightOperand + - Type + additionalProperties: false + JoinKeyProperties: + type: object + properties: + UniqueKey: + type: boolean + additionalProperties: false + JoinType: + type: string + enum: + - INNER + - OUTER + - LEFT + - RIGHT + LogicalTable: + type: object + description: |- +

A logical table is a unit that joins and that data + transformations operate on. A logical table has a source, which can be either a physical + table or result of a join. When a logical table points to a physical table, the logical + table acts as a mutable copy of that physical table through transform operations.

+ properties: + Alias: + type: string + maxLength: 64 + minLength: 1 + description:

A display name for the logical table.

+ DataTransforms: + type: array + items: + $ref: '#/components/schemas/TransformOperation' + maxItems: 2048 + minItems: 1 + description:

Transform operations that act on this logical table.

+ Source: + $ref: '#/components/schemas/LogicalTableSource' + required: + - Alias + - Source + additionalProperties: false + LogicalTableMap: + type: object + maxProperties: 64 + minProperties: 1 + x-patternProperties: + '[0-9a-zA-Z-]*': + $ref: '#/components/schemas/LogicalTable' + additionalProperties: false + LogicalTableSource: + type: object + description: |- +

Information about the source of a logical table. This is a variant type structure. For + this structure to be valid, only one of the attributes can be non-null.

+ properties: + PhysicalTableId: + type: string + maxLength: 64 + minLength: 1 + pattern: '[0-9a-zA-Z-]*' + description:

Physical table ID.

+ JoinInstruction: + $ref: '#/components/schemas/JoinInstruction' + DataSetArn: + type: string + description:

The Amazon Resource Name (ARN) for the dataset.

+ additionalProperties: false + NewDefaultValues: + type: object + properties: + StringStaticValues: + $ref: '#/components/schemas/StringDatasetParameterValueList' + DecimalStaticValues: + $ref: '#/components/schemas/DecimalDatasetParameterValueList' + DateTimeStaticValues: + $ref: '#/components/schemas/DateTimeDatasetParameterValueList' + IntegerStaticValues: + $ref: '#/components/schemas/IntegerDatasetParameterValueList' + additionalProperties: false + OutputColumn: + type: object + description:

Output column.

+ properties: + Type: + $ref: '#/components/schemas/ColumnDataType' + SubType: + $ref: '#/components/schemas/ColumnSubDataType' + Description: + type: string + maxLength: 500 + minLength: 0 + description:

A description for a column.

+ Name: + type: string + maxLength: 128 + minLength: 1 + description:

A display name for the dataset.

+ additionalProperties: false + OverrideDatasetParameterOperation: + type: object + description:

A transform operation that overrides the dataset parameter values defined in another dataset.

+ properties: + ParameterName: + $ref: '#/components/schemas/DatasetParameterName' + description:

The name of the parameter to be overridden with different values.

+ NewParameterName: + $ref: '#/components/schemas/DatasetParameterName' + description:

The new name for the parameter.

+ NewDefaultValues: + $ref: '#/components/schemas/NewDefaultValues' + description:

The new default values for the parameter.

+ required: + - ParameterName + additionalProperties: false + PhysicalTable: + type: object + description: |- +

A view of a data source that contains information about the shape of the data in the + underlying source. This is a variant type structure. For this structure to be valid, + only one of the attributes can be non-null.

+ properties: + RelationalTable: + $ref: '#/components/schemas/RelationalTable' + CustomSql: + $ref: '#/components/schemas/CustomSql' + S3Source: + $ref: '#/components/schemas/S3Source' + additionalProperties: false + PhysicalTableMap: + type: object + maxProperties: 32 + minProperties: 0 + x-patternProperties: + '[0-9a-zA-Z-]*': + $ref: '#/components/schemas/PhysicalTable' + additionalProperties: false + ProjectOperation: + type: object + description: |- +

A transform operation that projects columns. Operations that come after a projection + can only refer to projected columns.

+ properties: + ProjectedColumns: + type: array + items: + type: string + maxItems: 2000 + minItems: 1 + description:

Projected columns.

+ required: + - ProjectedColumns + additionalProperties: false + RelationalTable: + type: object + description:

A physical table type for relational data sources.

+ properties: + DataSourceArn: + type: string + description:

The Amazon Resource Name (ARN) for the data source.

+ InputColumns: + type: array + items: + $ref: '#/components/schemas/InputColumn' + maxItems: 2048 + minItems: 1 + description:

The column schema of the table.

+ Schema: + type: string + maxLength: 64 + minLength: 0 + description:

The schema name. This name applies to certain relational database engines.

+ Catalog: + type: string + description:

The catalog associated with a table.

+ maxLength: 256 + minLength: 0 + Name: + type: string + maxLength: 64 + minLength: 1 + description:

The name of the relational table.

+ required: + - DataSourceArn + - InputColumns + - Name + additionalProperties: false + RenameColumnOperation: + type: object + description:

A transform operation that renames a column.

+ properties: + NewColumnName: + type: string + maxLength: 128 + minLength: 1 + description:

The new name for the column.

+ ColumnName: + type: string + maxLength: 128 + minLength: 1 + description:

The name of the column to be renamed.

+ required: + - ColumnName + - NewColumnName + additionalProperties: false + RowLevelPermissionDataSet: + type: object + description:

The row-level security configuration for the dataset.

+ properties: + Arn: + type: string + description:

The Amazon Resource Name (ARN) of the permission dataset.

+ Namespace: + type: string + maxLength: 64 + minLength: 0 + pattern: ^[a-zA-Z0-9._-]*$ + description:

The namespace associated with the row-level permissions dataset.

+ PermissionPolicy: + $ref: '#/components/schemas/RowLevelPermissionPolicy' + FormatVersion: + $ref: '#/components/schemas/RowLevelPermissionFormatVersion' + Status: + $ref: '#/components/schemas/Status' + required: + - Arn + - PermissionPolicy + additionalProperties: false + RowLevelPermissionPolicy: + type: string + enum: + - GRANT_ACCESS + - DENY_ACCESS + RowLevelPermissionFormatVersion: + type: string + enum: + - VERSION_1 + - VERSION_2 + RowLevelPermissionTagConfiguration: + type: object + description:

The configuration of tags on a dataset to set row-level security.

+ properties: + Status: + $ref: '#/components/schemas/Status' + TagRules: + type: array + items: + $ref: '#/components/schemas/RowLevelPermissionTagRule' + maxItems: 50 + minItems: 1 + description:

A set of rules associated with row-level security, such as the tag names and columns that they are assigned to.

+ TagRuleConfigurations: + type: array + items: + $ref: '#/components/schemas/RowLevelPermissionTagRuleConfiguration' + maxItems: 50 + minItems: 1 + description:

A list of tag configuration rules to apply to a dataset. All tag configurations have the OR condition. Tags within each tile will be joined (AND). At least one rule in this structure must have all tag values assigned to it to apply Row-level security (RLS) to the dataset.

+ required: + - TagRules + additionalProperties: false + Status: + type: string + enum: + - ENABLED + - DISABLED + RowLevelPermissionTagRule: + type: object + description:

Permission for the resource.

+ properties: + ColumnName: + type: string + description:

The column name that a tag key is assigned to.

+ TagKey: + type: string + maxLength: 128 + minLength: 1 + description:

The unique key for a tag.

+ MatchAllValue: + type: string + maxLength: 256 + minLength: 1 + description:

A string that you want to use to filter by all the values in a column in the dataset and don’t want to list the values one by one. For example, you can use an asterisk as your match all value.

+ TagMultiValueDelimiter: + type: string + maxLength: 10 + description:

A string that you want to use to delimit the values when you pass the values at run time. For example, you can delimit the values with a comma.

+ required: + - ColumnName + - TagKey + additionalProperties: false + RowLevelPermissionTagRuleConfiguration: + type: array + items: + type: string + maxLength: 128 + minLength: 1 + maxItems: 50 + minItems: 1 + S3Source: + type: object + description:

A physical table type for as S3 data source.

+ properties: + DataSourceArn: + type: string + description:

The amazon Resource Name (ARN) for the data source.

+ InputColumns: + type: array + items: + $ref: '#/components/schemas/InputColumn' + maxItems: 2048 + minItems: 1 + description:

A physical table type for as S3 data source.

+ UploadSettings: + $ref: '#/components/schemas/UploadSettings' + required: + - DataSourceArn + - InputColumns + additionalProperties: false + TagColumnOperation: + type: object + description:

A transform operation that tags a column with additional information.

+ properties: + ColumnName: + type: string + maxLength: 128 + minLength: 1 + description:

The column that this operation acts on.

+ Tags: + type: array + items: + $ref: '#/components/schemas/ColumnTag' + maxItems: 16 + minItems: 1 + description: |- +

The dataset column tag, currently only used for geospatial type tagging. .

+ +

This is not tags for the AWS tagging feature. .

+ + required: + - ColumnName + - Tags + additionalProperties: false + TextQualifier: + type: string + enum: + - DOUBLE_QUOTE + - SINGLE_QUOTE + TransformOperation: + type: object + description: |- +

A data transformation on a logical table. This is a variant type structure. For this + structure to be valid, only one of the attributes can be non-null.

+ properties: + TagColumnOperation: + $ref: '#/components/schemas/TagColumnOperation' + FilterOperation: + $ref: '#/components/schemas/FilterOperation' + CastColumnTypeOperation: + $ref: '#/components/schemas/CastColumnTypeOperation' + CreateColumnsOperation: + $ref: '#/components/schemas/CreateColumnsOperation' + RenameColumnOperation: + $ref: '#/components/schemas/RenameColumnOperation' + ProjectOperation: + $ref: '#/components/schemas/ProjectOperation' + OverrideDatasetParameterOperation: + $ref: '#/components/schemas/OverrideDatasetParameterOperation' + additionalProperties: false + UploadSettings: + type: object + description:

Information about the format for a source file or files.

+ properties: + ContainsHeader: + type: boolean + description:

Whether the file has a header row, or the files each have a header row.

+ TextQualifier: + $ref: '#/components/schemas/TextQualifier' + Format: + $ref: '#/components/schemas/FileFormat' + StartFromRow: + type: number + minimum: 1 + description:

A row number to start reading data from.

+ Delimiter: + type: string + maxLength: 1 + minLength: 1 + description:

The delimiter between values in the file.

+ additionalProperties: false + IngestionWaitPolicy: + type: object + description:

Wait policy to use when creating/updating dataset. Default is to wait for SPICE ingestion to finish with timeout of 36 hours.

+ properties: + WaitForSpiceIngestion: + type: boolean + description: |- +

Wait for SPICE ingestion to finish to mark dataset creation/update successful. Default (true). + Applicable only when DataSetImportMode mode is set to SPICE.

+ default: true + IngestionWaitTimeInHours: + type: number + description: |- +

The maximum time (in hours) to wait for Ingestion to complete. Default timeout is 36 hours. + Applicable only when DataSetImportMode mode is set to SPICE and WaitForSpiceIngestion is set to true.

+ minimum: 1 + maximum: 36 + default: 36 + additionalProperties: false + DataSetUsageConfiguration: + type: object + description:

The dataset usage configuration for the dataset.

+ properties: + DisableUseAsDirectQuerySource: + type: boolean + DisableUseAsImportedSource: + type: boolean + additionalProperties: false + DataSetRefreshProperties: + type: object + description:

The dataset refresh properties for the dataset.

+ properties: + RefreshConfiguration: + $ref: '#/components/schemas/RefreshConfiguration' + additionalProperties: false + DataSet: + type: object + properties: + Arn: + type: string + description:

The Amazon Resource Name (ARN) of the resource.

+ AwsAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^[0-9]{12}$ + ColumnGroups: + type: array + items: + $ref: '#/components/schemas/ColumnGroup' + maxItems: 8 + minItems: 1 + description:

Groupings of columns that work together in certain QuickSight features. Currently, only geospatial hierarchy is supported.

+ ColumnLevelPermissionRules: + type: array + items: + $ref: '#/components/schemas/ColumnLevelPermissionRule' + minItems: 1 + ConsumedSpiceCapacityInBytes: + type: number + description: |- +

The amount of SPICE capacity used by this dataset. This is 0 if the dataset isn't + imported into SPICE.

+ CreatedTime: + type: string + description:

The time that this dataset was created.

+ format: string + DataSetId: + type: string + DatasetParameters: + type: array + items: + $ref: '#/components/schemas/DatasetParameter' + maxItems: 32 + minItems: 1 + description:

The parameters declared in the dataset.

+ FieldFolders: + $ref: '#/components/schemas/FieldFolderMap' + ImportMode: + $ref: '#/components/schemas/DataSetImportMode' + LastUpdatedTime: + type: string + description:

The last time that this dataset was updated.

+ format: string + LogicalTableMap: + $ref: '#/components/schemas/LogicalTableMap' + Name: + type: string + maxLength: 128 + minLength: 1 + description:

The display name for the dataset.

+ OutputColumns: + type: array + items: + $ref: '#/components/schemas/OutputColumn' + description: |- +

The list of columns after all transforms. These columns are available in templates, + analyses, and dashboards.

+ Permissions: + type: array + items: + $ref: '#/components/schemas/ResourcePermission' + maxItems: 64 + minItems: 1 + description:

A list of resource permissions on the dataset.

+ PhysicalTableMap: + $ref: '#/components/schemas/PhysicalTableMap' + RowLevelPermissionDataSet: + $ref: '#/components/schemas/RowLevelPermissionDataSet' + RowLevelPermissionTagConfiguration: + $ref: '#/components/schemas/RowLevelPermissionTagConfiguration' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 1 + description:

Contains a map of the key-value pairs for the resource tag or tags assigned to the dataset.

+ IngestionWaitPolicy: + $ref: '#/components/schemas/IngestionWaitPolicy' + DataSetUsageConfiguration: + $ref: '#/components/schemas/DataSetUsageConfiguration' + DataSetRefreshProperties: + $ref: '#/components/schemas/DataSetRefreshProperties' + x-stackql-resource-name: data_set + description: Definition of the AWS::QuickSight::DataSet Resource Type. + x-type-name: AWS::QuickSight::DataSet + x-stackql-primary-identifier: + - AwsAccountId + - DataSetId + x-create-only-properties: + - AwsAccountId + - DataSetId + x-write-only-properties: + - FieldFolders + - IngestionWaitPolicy + x-read-only-properties: + - Arn + - ConsumedSpiceCapacityInBytes + - CreatedTime + - LastUpdatedTime + - OutputColumns + x-required-permissions: + create: + - quicksight:DescribeDataSet + - quicksight:DescribeDataSetPermissions + - quicksight:DescribeIngestion + - quicksight:ListIngestions + - quicksight:CreateDataSet + - quicksight:PassDataSource + - quicksight:PassDataSet + - quicksight:TagResource + - quicksight:ListTagsForResource + - quicksight:DescribeDataSetRefreshProperties + - quicksight:PutDataSetRefreshProperties + read: + - quicksight:DescribeDataSet + - quicksight:DescribeDataSetPermissions + - quicksight:ListTagsForResource + - quicksight:DescribeDataSetRefreshProperties + update: + - quicksight:DescribeDataSet + - quicksight:DescribeDataSetPermissions + - quicksight:PassDataSource + - quicksight:UpdateDataSet + - quicksight:UpdateDataSetPermissions + - quicksight:PassDataSet + - quicksight:DescribeIngestion + - quicksight:ListIngestions + - quicksight:CancelIngestion + - quicksight:TagResource + - quicksight:UntagResource + - quicksight:ListTagsForResource + - quicksight:PutDataSetRefreshProperties + - quicksight:DescribeDataSetRefreshProperties + - quicksight:DeleteDataSetRefreshProperties + delete: + - quicksight:DescribeDataSet + - quicksight:DeleteDataSet + - quicksight:ListTagsForResource + - quicksight:DescribeIngestion + - quicksight:DeleteDataSetRefreshProperties + - quicksight:DescribeDataSetRefreshProperties + list: + - quicksight:DescribeDataSet + - quicksight:ListDataSets + AmazonElasticsearchParameters: + type: object + description:

Amazon Elasticsearch Service parameters.

+ properties: + Domain: + type: string + maxLength: 64 + minLength: 1 + description:

The Amazon Elasticsearch Service domain.

+ required: + - Domain + AmazonOpenSearchParameters: + type: object + description:

Amazon OpenSearch Service parameters.

+ properties: + Domain: + type: string + maxLength: 64 + minLength: 1 + description:

The Amazon OpenSearch Service domain.

+ required: + - Domain + AthenaParameters: + type: object + description:

Amazon Athena parameters.

+ properties: + WorkGroup: + type: string + maxLength: 128 + minLength: 1 + description:

The workgroup that Amazon Athena uses.

+ RoleArn: + type: string + maxLength: 2048 + minLength: 20 + description:

Use the RoleArn structure to override an account-wide role for a specific Athena data source. For example, say an account administrator has turned off all Athena access with an account-wide role. The administrator can then use RoleArn to bypass the account-wide role and allow Athena access for the single Athena data source that is specified in the structure, even if the account-wide role forbidding Athena access is still active.

+ AuroraParameters: + type: object + description:

Amazon Aurora parameters.

+ properties: + Port: + type: number + maximum: 65535 + minimum: 1 + description:

Port.

+ Database: + type: string + maxLength: 128 + minLength: 1 + description:

Database.

+ Host: + type: string + maxLength: 256 + minLength: 1 + description:

Host.

+ required: + - Database + - Host + - Port + AuroraPostgreSqlParameters: + type: object + description:

Amazon Aurora with PostgreSQL compatibility parameters.

+ properties: + Port: + type: number + maximum: 65535 + minimum: 1 + description:

Port.

+ Database: + type: string + maxLength: 128 + minLength: 1 + description:

Database.

+ Host: + type: string + maxLength: 256 + minLength: 1 + description:

Host.

+ required: + - Database + - Host + - Port + AwsIotAnalyticsParameters: + type: object + description:

AWS IoT Analytics parameters.

+ properties: + DataSetName: + type: string + maxLength: 128 + minLength: 1 + description:

Dataset name.

+ required: + - DataSetName + CredentialPair: + type: object + description:

The combination of user name and password that are used as credentials.

+ properties: + AlternateDataSourceParameters: + type: array + items: + $ref: '#/components/schemas/DataSourceParameters' + maxItems: 50 + minItems: 1 + description: |- +

A set of alternate data source parameters that you want to share for these + credentials. The credentials are applied in tandem with the data source parameters when + you copy a data source by using a create or update request. The API operation compares + the DataSourceParameters structure that's in the request with the + structures in the AlternateDataSourceParameters allow list. If the + structures are an exact match, the request is allowed to use the new data source with + the existing credentials. If the AlternateDataSourceParameters list is + null, the DataSourceParameters originally used with these + Credentials is automatically allowed.

+ Username: + type: string + maxLength: 64 + minLength: 1 + description:

User name.

+ Password: + type: string + maxLength: 1024 + minLength: 1 + description:

Password.

+ required: + - Password + - Username + DatabricksParameters: + type: object + description:

Databricks parameters.

+ properties: + Host: + type: string + maxLength: 256 + minLength: 1 + description:

Host.

+ Port: + type: number + maximum: 65535 + minimum: 1 + description:

Port.

+ SqlEndpointPath: + type: string + maxLength: 4096 + minLength: 1 + description:

The HTTP Path of the Databricks data source.

+ required: + - Host + - Port + - SqlEndpointPath + DataSourceCredentials: + type: object + description: |- +

Data source credentials. This is a variant type structure. For this structure to be + valid, only one of the attributes can be non-null.

+ properties: + CopySourceArn: + type: string + pattern: ^arn:[-a-z0-9]*:quicksight:[-a-z0-9]*:[0-9]{12}:datasource/.+ + description: |- +

The Amazon Resource Name (ARN) of a data source that has the credential pair that you + want to use. When CopySourceArn is not null, the credential pair from the + data source in the ARN is used as the credentials for the + DataSourceCredentials structure.

+ CredentialPair: + $ref: '#/components/schemas/CredentialPair' + SecretArn: + type: string + pattern: ^arn:[-a-z0-9]*:secretsmanager:[-a-z0-9]*:[0-9]{12}:secret:.+ + maxLength: 2048 + minLength: 1 + description:

The Amazon Resource Name (ARN) of the secret associated with the data source in Amazon Secrets Manager.

+ DataSourceErrorInfo: + type: object + description:

Error information for the data source creation or update.

+ properties: + Type: + $ref: '#/components/schemas/DataSourceErrorInfoType' + Message: + type: string + description:

Error message.

+ DataSourceErrorInfoType: + type: string + enum: + - ACCESS_DENIED + - COPY_SOURCE_NOT_FOUND + - TIMEOUT + - ENGINE_VERSION_NOT_SUPPORTED + - UNKNOWN_HOST + - GENERIC_SQL_FAILURE + - CONFLICT + - UNKNOWN + DataSourceParameters: + type: object + description: |- +

The parameters that Amazon QuickSight uses to connect to your underlying data source. + This is a variant type structure. For this structure to be valid, only one of the + attributes can be non-null.

+ properties: + AuroraPostgreSqlParameters: + $ref: '#/components/schemas/AuroraPostgreSqlParameters' + TeradataParameters: + $ref: '#/components/schemas/TeradataParameters' + RdsParameters: + $ref: '#/components/schemas/RdsParameters' + AthenaParameters: + $ref: '#/components/schemas/AthenaParameters' + SparkParameters: + $ref: '#/components/schemas/SparkParameters' + MariaDbParameters: + $ref: '#/components/schemas/MariaDbParameters' + OracleParameters: + $ref: '#/components/schemas/OracleParameters' + PrestoParameters: + $ref: '#/components/schemas/PrestoParameters' + RedshiftParameters: + $ref: '#/components/schemas/RedshiftParameters' + MySqlParameters: + $ref: '#/components/schemas/MySqlParameters' + SqlServerParameters: + $ref: '#/components/schemas/SqlServerParameters' + SnowflakeParameters: + $ref: '#/components/schemas/SnowflakeParameters' + AmazonElasticsearchParameters: + $ref: '#/components/schemas/AmazonElasticsearchParameters' + AmazonOpenSearchParameters: + $ref: '#/components/schemas/AmazonOpenSearchParameters' + PostgreSqlParameters: + $ref: '#/components/schemas/PostgreSqlParameters' + AuroraParameters: + $ref: '#/components/schemas/AuroraParameters' + S3Parameters: + $ref: '#/components/schemas/S3Parameters' + DatabricksParameters: + $ref: '#/components/schemas/DatabricksParameters' + StarburstParameters: + $ref: '#/components/schemas/StarburstParameters' + TrinoParameters: + $ref: '#/components/schemas/TrinoParameters' + DataSourceType: + type: string + enum: + - ADOBE_ANALYTICS + - AMAZON_ELASTICSEARCH + - AMAZON_OPENSEARCH + - ATHENA + - AURORA + - AURORA_POSTGRESQL + - AWS_IOT_ANALYTICS + - DATABRICKS + - GITHUB + - JIRA + - MARIADB + - MYSQL + - ORACLE + - POSTGRESQL + - PRESTO + - REDSHIFT + - S3 + - SALESFORCE + - SERVICENOW + - SNOWFLAKE + - SPARK + - SQLSERVER + - TERADATA + - TWITTER + - TIMESTREAM + - STARBURST + - TRINO + ManifestFileLocation: + type: object + description:

Amazon S3 manifest file location.

+ properties: + Bucket: + type: string + maxLength: 1024 + minLength: 1 + description:

Amazon S3 bucket.

+ Key: + type: string + maxLength: 1024 + minLength: 1 + description:

Amazon S3 key that identifies an object.

+ required: + - Bucket + - Key + MariaDbParameters: + type: object + description:

MariaDB parameters.

+ properties: + Port: + type: number + maximum: 65535 + minimum: 1 + description:

Port.

+ Database: + type: string + maxLength: 128 + minLength: 1 + description:

Database.

+ Host: + type: string + maxLength: 256 + minLength: 1 + description:

Host.

+ required: + - Database + - Host + - Port + MySqlParameters: + type: object + description:

MySQL parameters.

+ properties: + Port: + type: number + maximum: 65535 + minimum: 1 + description:

Port.

+ Database: + type: string + maxLength: 128 + minLength: 1 + description:

Database.

+ Host: + type: string + maxLength: 256 + minLength: 1 + description:

Host.

+ required: + - Database + - Host + - Port + OracleParameters: + type: object + properties: + Port: + type: number + maximum: 65535 + minimum: 1 + Database: + type: string + maxLength: 128 + minLength: 1 + Host: + type: string + maxLength: 256 + minLength: 1 + required: + - Database + - Host + - Port + PostgreSqlParameters: + type: object + description:

PostgreSQL parameters.

+ properties: + Port: + type: number + maximum: 65535 + minimum: 1 + description:

Port.

+ Database: + type: string + maxLength: 128 + minLength: 1 + description:

Database.

+ Host: + type: string + maxLength: 256 + minLength: 1 + description:

Host.

+ required: + - Database + - Host + - Port + PrestoParameters: + type: object + description:

Presto parameters.

+ properties: + Port: + type: number + maximum: 65535 + minimum: 1 + description:

Port.

+ Host: + type: string + maxLength: 256 + minLength: 1 + description:

Host.

+ Catalog: + type: string + maxLength: 128 + minLength: 0 + description:

Catalog.

+ required: + - Catalog + - Host + - Port + RdsParameters: + type: object + description:

Amazon RDS parameters.

+ properties: + InstanceId: + type: string + maxLength: 64 + minLength: 1 + description:

Instance ID.

+ Database: + type: string + maxLength: 128 + minLength: 1 + description:

Database.

+ required: + - Database + - InstanceId + RedshiftParameters: + type: object + description: |- +

Amazon Redshift parameters. The ClusterId field can be blank if + Host and Port are both set. The Host and + Port fields can be blank if the ClusterId field is set.

+ properties: + ClusterId: + type: string + maxLength: 64 + minLength: 1 + description: |- +

Cluster ID. This field can be blank if the Host and Port are + provided.

+ Port: + type: number + maximum: 65535 + minimum: 0 + description:

Port. This field can be blank if the ClusterId is provided.

+ Database: + type: string + maxLength: 128 + minLength: 1 + description:

Database.

+ Host: + type: string + maxLength: 256 + minLength: 1 + description:

Host. This field can be blank if ClusterId is provided.

+ required: + - Database + S3Parameters: + type: object + description:

S3 parameters.

+ properties: + ManifestFileLocation: + $ref: '#/components/schemas/ManifestFileLocation' + RoleArn: + type: string + maxLength: 2048 + minLength: 20 + description:

Use the RoleArn structure to override an account-wide role for a specific S3 data source. For example, say an account administrator has turned off all S3 access with an account-wide role. The administrator can then use RoleArn to bypass the account-wide role and allow S3 access for the single S3 data source that is specified in the structure, even if the account-wide role forbidding S3 access is still active.

+ required: + - ManifestFileLocation + SnowflakeParameters: + type: object + description:

Snowflake parameters.

+ properties: + Warehouse: + type: string + maxLength: 128 + minLength: 0 + description:

Warehouse.

+ Database: + type: string + maxLength: 128 + minLength: 1 + description:

Database.

+ Host: + type: string + maxLength: 256 + minLength: 1 + description:

Host.

+ required: + - Database + - Host + - Warehouse + StarburstParameters: + type: object + description:

Starburst parameters.

+ properties: + Host: + type: string + maxLength: 256 + minLength: 1 + description:

Host.

+ Port: + type: number + maximum: 65535 + minimum: 1 + description:

Port.

+ Catalog: + type: string + maxLength: 128 + minLength: 0 + description:

Catalog.

+ ProductType: + $ref: '#/components/schemas/StarburstProductType' + required: + - Host + - Port + - Catalog + StarburstProductType: + type: string + enum: + - GALAXY + - ENTERPRISE + TrinoParameters: + type: object + description:

Trino parameters.

+ properties: + Host: + type: string + maxLength: 256 + minLength: 1 + description:

Host.

+ Port: + type: number + maximum: 65535 + minimum: 1 + description:

Port.

+ Catalog: + type: string + maxLength: 128 + minLength: 0 + description:

Catalog.

+ required: + - Host + - Port + - Catalog + SparkParameters: + type: object + description:

Spark parameters.

+ properties: + Port: + type: number + maximum: 65535 + minimum: 1 + description:

Port.

+ Host: + type: string + maxLength: 256 + minLength: 1 + description:

Host.

+ required: + - Host + - Port + SqlServerParameters: + type: object + description:

SQL Server parameters.

+ properties: + Port: + type: number + maximum: 65535 + minimum: 1 + description:

Port.

+ Database: + type: string + maxLength: 128 + minLength: 1 + description:

Database.

+ Host: + type: string + maxLength: 256 + minLength: 1 + description:

Host.

+ required: + - Database + - Host + - Port + SslProperties: + type: object + description: |- +

Secure Socket Layer (SSL) properties that apply when QuickSight connects to your + underlying data source.

+ properties: + DisableSsl: + type: boolean + description:

A Boolean option to control whether SSL should be disabled.

+ TeradataParameters: + type: object + description:

Teradata parameters.

+ properties: + Port: + type: number + maximum: 65535 + minimum: 1 + description:

Port.

+ Database: + type: string + maxLength: 128 + minLength: 1 + description:

Database.

+ Host: + type: string + maxLength: 256 + minLength: 1 + description:

Host.

+ required: + - Database + - Host + - Port + VpcConnectionProperties: + type: object + description:

VPC connection properties.

+ properties: + VpcConnectionArn: + type: string + description:

The Amazon Resource Name (ARN) for the VPC connection.

+ required: + - VpcConnectionArn + DataSource: + type: object + properties: + AlternateDataSourceParameters: + type: array + items: + $ref: '#/components/schemas/DataSourceParameters' + maxItems: 50 + minItems: 1 + description: |- +

A set of alternate data source parameters that you want to share for the credentials + stored with this data source. The credentials are applied in tandem with the data source + parameters when you copy a data source by using a create or update request. The API + operation compares the DataSourceParameters structure that's in the request + with the structures in the AlternateDataSourceParameters allow list. If the + structures are an exact match, the request is allowed to use the credentials from this + existing data source. If the AlternateDataSourceParameters list is null, + the Credentials originally used with this DataSourceParameters + are automatically allowed.

+ Arn: + type: string + description:

The Amazon Resource Name (ARN) of the data source.

+ AwsAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^[0-9]{12}$ + CreatedTime: + type: string + description:

The time that this data source was created.

+ format: date-time + Credentials: + $ref: '#/components/schemas/DataSourceCredentials' + DataSourceId: + type: string + DataSourceParameters: + $ref: '#/components/schemas/DataSourceParameters' + ErrorInfo: + $ref: '#/components/schemas/DataSourceErrorInfo' + LastUpdatedTime: + type: string + description:

The last time that this data source was updated.

+ format: date-time + Name: + type: string + maxLength: 128 + minLength: 1 + description:

A display name for the data source.

+ Permissions: + type: array + items: + $ref: '#/components/schemas/ResourcePermission' + maxItems: 64 + minItems: 1 + description:

A list of resource permissions on the data source.

+ SslProperties: + $ref: '#/components/schemas/SslProperties' + Status: + $ref: '#/components/schemas/ResourceStatus' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 1 + description:

Contains a map of the key-value pairs for the resource tag or tags assigned to the data source.

+ Type: + $ref: '#/components/schemas/DataSourceType' + VpcConnectionProperties: + $ref: '#/components/schemas/VpcConnectionProperties' + x-stackql-resource-name: data_source + description: Definition of the AWS::QuickSight::DataSource Resource Type. + x-type-name: AWS::QuickSight::DataSource + x-stackql-primary-identifier: + - AwsAccountId + - DataSourceId + x-create-only-properties: + - AwsAccountId + - DataSourceId + - Type + x-write-only-properties: + - Credentials + x-read-only-properties: + - Arn + - CreatedTime + - LastUpdatedTime + - Status + x-required-permissions: + create: + - quicksight:CreateDataSource + - quicksight:DescribeDataSource + - quicksight:DescribeDataSourcePermissions + - quicksight:TagResource + - quicksight:ListTagsForResource + read: + - quicksight:DescribeDataSource + - quicksight:DescribeDataSourcePermissions + - quicksight:ListTagsForResource + update: + - quicksight:DescribeDataSource + - quicksight:DescribeDataSourcePermissions + - quicksight:UpdateDataSource + - quicksight:UpdateDataSourcePermissions + - quicksight:TagResource + - quicksight:UntagResource + - quicksight:ListTagsForResource + delete: + - quicksight:DescribeDataSource + - quicksight:DescribeDataSourcePermissions + - quicksight:DeleteDataSource + - quicksight:ListTagsForResource + list: + - quicksight:DescribeDataSource + - quicksight:ListDataSources + RefreshScheduleMap: + type: object + properties: + ScheduleId: + type: string + maxLength: 128 + minLength: 1 + description:

An unique identifier for the refresh schedule.

+ ScheduleFrequency: + type: object + description:

Information about the schedule frequency.

+ properties: + Interval: + type: string + enum: + - MINUTE15 + - MINUTE30 + - HOURLY + - DAILY + - WEEKLY + - MONTHLY + RefreshOnDay: + type: object + description:

The day scheduled for refresh.

+ properties: + DayOfWeek: + type: string + enum: + - SUNDAY + - MONDAY + - TUESDAY + - WEDNESDAY + - THURSDAY + - FRIDAY + - SATURDAY + DayOfMonth: + type: string + maxLength: 128 + minLength: 1 + description:

The Day Of Month for scheduled refresh.

+ additionalProperties: false + required: [] + TimeZone: + type: string + maxLength: 128 + minLength: 1 + description:

The timezone for scheduled refresh.

+ TimeOfTheDay: + type: string + maxLength: 128 + minLength: 1 + description:

The time of the day for scheduled refresh.

+ additionalProperties: false + required: [] + StartAfterDateTime: + type: string + maxLength: 128 + minLength: 1 + description:

The date time after which refresh is to be scheduled

+ RefreshType: + type: string + enum: + - FULL_REFRESH + - INCREMENTAL_REFRESH + additionalProperties: false + required: [] + RefreshSchedule: + type: object + properties: + Arn: + type: string + description:

The Amazon Resource Name (ARN) of the data source.

+ AwsAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^[0-9]{12}$ + DataSetId: + type: string + Schedule: + $ref: '#/components/schemas/RefreshScheduleMap' + required: [] + x-stackql-resource-name: refresh_schedule + description: Definition of the AWS::QuickSight::RefreshSchedule Resource Type. + x-type-name: AWS::QuickSight::RefreshSchedule + x-stackql-primary-identifier: + - AwsAccountId + - DataSetId + - Schedule/ScheduleId + x-create-only-properties: + - AwsAccountId + - DataSetId + - Schedule/ScheduleId + x-read-only-properties: + - Arn + x-required-properties: [] + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - quicksight:CreateRefreshSchedule + - quicksight:DescribeRefreshSchedule + update: + - quicksight:UpdateRefreshSchedule + - quicksight:DescribeRefreshSchedule + delete: + - quicksight:DeleteRefreshSchedule + - quicksight:DescribeRefreshSchedule + list: + - quicksight:ListRefreshSchedules + read: + - quicksight:DescribeRefreshSchedule + ColumnGroupColumnSchema: + type: object + properties: + Name: + type: string + additionalProperties: false + ColumnGroupSchema: + type: object + properties: + Name: + type: string + ColumnGroupColumnSchemaList: + type: array + items: + $ref: '#/components/schemas/ColumnGroupColumnSchema' + maxItems: 500 + minItems: 0 + additionalProperties: false + ColumnSchema: + type: object + properties: + Name: + type: string + DataType: + type: string + GeographicRole: + type: string + additionalProperties: false + DataSetConfiguration: + type: object + properties: + Placeholder: + type: string + DataSetSchema: + $ref: '#/components/schemas/DataSetSchema' + ColumnGroupSchemaList: + type: array + items: + $ref: '#/components/schemas/ColumnGroupSchema' + maxItems: 500 + minItems: 0 + additionalProperties: false + DataSetSchema: + type: object + properties: + ColumnSchemaList: + type: array + items: + $ref: '#/components/schemas/ColumnSchema' + maxItems: 500 + minItems: 0 + additionalProperties: false + TemplateError: + type: object + properties: + Type: + $ref: '#/components/schemas/TemplateErrorType' + Message: + type: string + pattern: .*\S.* + ViolatedEntities: + type: array + items: + $ref: '#/components/schemas/Entity' + maxItems: 200 + minItems: 0 + additionalProperties: false + TemplateErrorType: + type: string + enum: + - SOURCE_NOT_FOUND + - DATA_SET_NOT_FOUND + - INTERNAL_FAILURE + - ACCESS_DENIED + TemplateSourceAnalysis: + type: object + properties: + Arn: + type: string + DataSetReferences: + type: array + items: + $ref: '#/components/schemas/DataSetReference' + minItems: 1 + required: + - Arn + - DataSetReferences + additionalProperties: false + TemplateSourceEntity: + type: object + properties: + SourceAnalysis: + $ref: '#/components/schemas/TemplateSourceAnalysis' + SourceTemplate: + $ref: '#/components/schemas/TemplateSourceTemplate' + additionalProperties: false + TemplateSourceTemplate: + type: object + properties: + Arn: + type: string + required: + - Arn + additionalProperties: false + TemplateVersion: + type: object + properties: + CreatedTime: + type: string + format: date-time + Errors: + type: array + items: + $ref: '#/components/schemas/TemplateError' + minItems: 1 + VersionNumber: + type: number + minimum: 1 + Status: + $ref: '#/components/schemas/ResourceStatus' + DataSetConfigurations: + type: array + items: + $ref: '#/components/schemas/DataSetConfiguration' + maxItems: 30 + minItems: 0 + Description: + type: string + maxLength: 512 + minLength: 1 + SourceEntityArn: + type: string + ThemeArn: + type: string + Sheets: + type: array + items: + $ref: '#/components/schemas/Sheet' + maxItems: 20 + minItems: 0 + additionalProperties: false + TemplateVersionDefinition: + type: object + properties: + DataSetConfigurations: + type: array + items: + $ref: '#/components/schemas/DataSetConfiguration' + maxItems: 30 + minItems: 0 + Sheets: + type: array + items: + $ref: '#/components/schemas/SheetDefinition' + maxItems: 20 + minItems: 0 + CalculatedFields: + type: array + items: + $ref: '#/components/schemas/CalculatedField' + maxItems: 500 + minItems: 0 + ParameterDeclarations: + type: array + items: + $ref: '#/components/schemas/ParameterDeclaration' + maxItems: 200 + minItems: 0 + FilterGroups: + type: array + items: + $ref: '#/components/schemas/FilterGroup' + maxItems: 2000 + minItems: 0 + ColumnConfigurations: + type: array + items: + $ref: '#/components/schemas/ColumnConfiguration' + maxItems: 200 + minItems: 0 + AnalysisDefaults: + $ref: '#/components/schemas/AnalysisDefaults' + Options: + $ref: '#/components/schemas/AssetOptions' + required: + - DataSetConfigurations + additionalProperties: false + Template: + type: object + properties: + Arn: + type: string + AwsAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^[0-9]{12}$ + CreatedTime: + type: string + format: date-time + Definition: + $ref: '#/components/schemas/TemplateVersionDefinition' + LastUpdatedTime: + type: string + format: date-time + Name: + type: string + maxLength: 2048 + minLength: 1 + Permissions: + type: array + items: + $ref: '#/components/schemas/ResourcePermission' + maxItems: 64 + minItems: 1 + SourceEntity: + $ref: '#/components/schemas/TemplateSourceEntity' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 1 + TemplateId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + ValidationStrategy: + $ref: '#/components/schemas/ValidationStrategy' + Version: + $ref: '#/components/schemas/TemplateVersion' + VersionDescription: + type: string + maxLength: 512 + minLength: 1 + required: + - AwsAccountId + - TemplateId + x-stackql-resource-name: template + description: Definition of the AWS::QuickSight::Template Resource Type. + x-type-name: AWS::QuickSight::Template + x-stackql-primary-identifier: + - AwsAccountId + - TemplateId + x-create-only-properties: + - AwsAccountId + - TemplateId + x-write-only-properties: + - Definition + - VersionDescription + - SourceEntity + - ValidationStrategy + x-read-only-properties: + - Arn + - CreatedTime + - LastUpdatedTime + - Version + x-required-properties: + - AwsAccountId + - TemplateId + x-required-permissions: + create: + - quicksight:DescribeTemplate + - quicksight:DescribeTemplatePermissions + - quicksight:CreateTemplate + - quicksight:DescribeAnalysis + - quicksight:TagResource + - quicksight:UntagResource + - quicksight:ListTagsForResource + read: + - quicksight:DescribeTemplate + - quicksight:DescribeTemplatePermissions + - quicksight:ListTagsForResource + update: + - quicksight:DescribeTemplate + - quicksight:DescribeTemplatePermissions + - quicksight:UpdateTemplate + - quicksight:UpdateTemplatePermissions + - quicksight:PassDataSet + - quicksight:TagResource + - quicksight:UntagResource + - quicksight:ListTagsForResource + delete: + - quicksight:DescribeTemplate + - quicksight:DeleteTemplate + list: + - quicksight:ListTemplates + BorderStyle: + type: object + properties: + Show: + type: boolean + default: null + additionalProperties: false + DataColorPalette: + type: object + properties: + Colors: + type: array + items: + type: string + pattern: ^#[A-F0-9]{6}$ + maxItems: 100 + minItems: 0 + MinMaxGradient: + type: array + items: + type: string + pattern: ^#[A-F0-9]{6}$ + maxItems: 100 + minItems: 0 + EmptyFillColor: + type: string + pattern: ^#[A-F0-9]{6}$ + additionalProperties: false + Font: + type: object + properties: + FontFamily: + type: string + additionalProperties: false + GutterStyle: + type: object + properties: + Show: + type: boolean + default: null + additionalProperties: false + MarginStyle: + type: object + properties: + Show: + type: boolean + default: null + additionalProperties: false + SheetStyle: + type: object + properties: + Tile: + $ref: '#/components/schemas/TileStyle' + TileLayout: + $ref: '#/components/schemas/TileLayoutStyle' + additionalProperties: false + ThemeConfiguration: + type: object + properties: + DataColorPalette: + $ref: '#/components/schemas/DataColorPalette' + UIColorPalette: + $ref: '#/components/schemas/UIColorPalette' + Sheet: + $ref: '#/components/schemas/SheetStyle' + Typography: + $ref: '#/components/schemas/Typography' + additionalProperties: false + ThemeError: + type: object + properties: + Type: + $ref: '#/components/schemas/ThemeErrorType' + Message: + type: string + pattern: .*\S.* + additionalProperties: false + ThemeErrorType: + type: string + enum: + - INTERNAL_FAILURE + ThemeType: + type: string + enum: + - QUICKSIGHT + - CUSTOM + - ALL + ThemeVersion: + type: object + properties: + VersionNumber: + type: number + minimum: 1 + Arn: + type: string + Description: + type: string + maxLength: 512 + minLength: 1 + BaseThemeId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + CreatedTime: + type: string + format: date-time + Configuration: + $ref: '#/components/schemas/ThemeConfiguration' + Errors: + type: array + items: + $ref: '#/components/schemas/ThemeError' + minItems: 1 + Status: + $ref: '#/components/schemas/ResourceStatus' + additionalProperties: false + TileLayoutStyle: + type: object + properties: + Gutter: + $ref: '#/components/schemas/GutterStyle' + Margin: + $ref: '#/components/schemas/MarginStyle' + additionalProperties: false + TileStyle: + type: object + properties: + Border: + $ref: '#/components/schemas/BorderStyle' + additionalProperties: false + Typography: + type: object + properties: + FontFamilies: + type: array + items: + $ref: '#/components/schemas/Font' + maxItems: 5 + minItems: 0 + additionalProperties: false + UIColorPalette: + type: object + properties: + PrimaryForeground: + type: string + pattern: ^#[A-F0-9]{6}$ + PrimaryBackground: + type: string + pattern: ^#[A-F0-9]{6}$ + SecondaryForeground: + type: string + pattern: ^#[A-F0-9]{6}$ + SecondaryBackground: + type: string + pattern: ^#[A-F0-9]{6}$ + Accent: + type: string + pattern: ^#[A-F0-9]{6}$ + AccentForeground: + type: string + pattern: ^#[A-F0-9]{6}$ + Danger: + type: string + pattern: ^#[A-F0-9]{6}$ + DangerForeground: + type: string + pattern: ^#[A-F0-9]{6}$ + Warning: + type: string + pattern: ^#[A-F0-9]{6}$ + WarningForeground: + type: string + pattern: ^#[A-F0-9]{6}$ + Success: + type: string + pattern: ^#[A-F0-9]{6}$ + SuccessForeground: + type: string + pattern: ^#[A-F0-9]{6}$ + Dimension: + type: string + pattern: ^#[A-F0-9]{6}$ + DimensionForeground: + type: string + pattern: ^#[A-F0-9]{6}$ + Measure: + type: string + pattern: ^#[A-F0-9]{6}$ + MeasureForeground: + type: string + pattern: ^#[A-F0-9]{6}$ + additionalProperties: false + Theme: + type: object + properties: + Arn: + type: string + AwsAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^[0-9]{12}$ + BaseThemeId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Configuration: + $ref: '#/components/schemas/ThemeConfiguration' + CreatedTime: + type: string + format: date-time + LastUpdatedTime: + type: string + format: date-time + Name: + type: string + maxLength: 2048 + minLength: 1 + Permissions: + type: array + items: + $ref: '#/components/schemas/ResourcePermission' + maxItems: 64 + minItems: 1 + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 1 + ThemeId: + type: string + maxLength: 512 + minLength: 1 + pattern: '[\w\-]+' + Type: + $ref: '#/components/schemas/ThemeType' + Version: + $ref: '#/components/schemas/ThemeVersion' + VersionDescription: + type: string + maxLength: 512 + minLength: 1 + required: + - AwsAccountId + - ThemeId + - BaseThemeId + - Configuration + - Name + x-stackql-resource-name: theme + description: Definition of the AWS::QuickSight::Theme Resource Type. + x-type-name: AWS::QuickSight::Theme + x-stackql-primary-identifier: + - ThemeId + - AwsAccountId + x-create-only-properties: + - AwsAccountId + - ThemeId + x-write-only-properties: + - BaseThemeId + - Configuration + - VersionDescription + x-read-only-properties: + - CreatedTime + - Version + - LastUpdatedTime + - Arn + - Type + x-required-properties: + - AwsAccountId + - ThemeId + - BaseThemeId + - Configuration + - Name + x-required-permissions: + read: + - quicksight:DescribeTheme + - quicksight:DescribeThemePermissions + - quicksight:ListTagsForResource + create: + - quicksight:DescribeTheme + - quicksight:DescribeThemePermissions + - quicksight:CreateTheme + - quicksight:TagResource + - quicksight:UntagResource + - quicksight:ListTagsForResource + list: + - quicksight:ListThemes + update: + - quicksight:DescribeTheme + - quicksight:DescribeThemePermissions + - quicksight:UpdateTheme + - quicksight:UpdateThemePermissions + - quicksight:TagResource + - quicksight:UntagResource + - quicksight:ListTagsForResource + delete: + - quicksight:DescribeTheme + - quicksight:DeleteTheme + AggregationFunctionParameters: + type: object + x-patternProperties: + .+: + type: string + maxLength: 256 + minLength: 0 + additionalProperties: false + AuthorSpecifiedAggregation: + type: string + enum: + - COUNT + - DISTINCT_COUNT + - MIN + - MAX + - MEDIAN + - SUM + - AVERAGE + - STDEV + - STDEVP + - VAR + - VARP + - PERCENTILE + CategoryFilterFunction: + type: string + enum: + - EXACT + - CONTAINS + CategoryFilterType: + type: string + enum: + - CUSTOM_FILTER + - CUSTOM_FILTER_LIST + - FILTER_LIST + CellValueSynonym: + type: object + properties: + CellValue: + type: string + maxLength: 256 + minLength: 0 + Synonyms: + type: array + items: + type: string + additionalProperties: false + CollectiveConstant: + type: object + properties: + ValueList: + type: array + items: + type: string + additionalProperties: false + ColumnDataRole: + type: string + enum: + - DIMENSION + - MEASURE + ColumnOrderingType: + type: string + enum: + - GREATER_IS_BETTER + - LESSER_IS_BETTER + - SPECIFIED + ComparativeOrder: + type: object + properties: + UseOrdering: + $ref: '#/components/schemas/ColumnOrderingType' + SpecifedOrder: + type: array + items: + type: string + TreatUndefinedSpecifiedValues: + $ref: '#/components/schemas/UndefinedSpecifiedValueType' + additionalProperties: false + ConstantType: + type: string + enum: + - SINGULAR + - RANGE + - COLLECTIVE + DataAggregation: + type: object + properties: + DatasetRowDateGranularity: + $ref: '#/components/schemas/TopicTimeGranularity' + DefaultDateColumnName: + type: string + maxLength: 256 + minLength: 0 + additionalProperties: false + DatasetMetadata: + type: object + properties: + DatasetArn: + type: string + DatasetName: + type: string + maxLength: 256 + minLength: 0 + DatasetDescription: + type: string + maxLength: 256 + minLength: 0 + DataAggregation: + $ref: '#/components/schemas/DataAggregation' + Filters: + type: array + items: + $ref: '#/components/schemas/TopicFilter' + Columns: + type: array + items: + $ref: '#/components/schemas/TopicColumn' + CalculatedFields: + type: array + items: + $ref: '#/components/schemas/TopicCalculatedField' + NamedEntities: + type: array + items: + $ref: '#/components/schemas/TopicNamedEntity' + required: + - DatasetArn + additionalProperties: false + DefaultAggregation: + type: string + enum: + - SUM + - MAX + - MIN + - COUNT + - DISTINCT_COUNT + - AVERAGE + - MEDIAN + - STDEV + - STDEVP + - VAR + - VARP + DefaultFormatting: + type: object + properties: + DisplayFormat: + $ref: '#/components/schemas/DisplayFormat' + DisplayFormatOptions: + $ref: '#/components/schemas/DisplayFormatOptions' + additionalProperties: false + DisplayFormat: + type: string + enum: + - AUTO + - PERCENT + - CURRENCY + - NUMBER + - DATE + - STRING + DisplayFormatOptions: + type: object + properties: + UseBlankCellFormat: + type: boolean + default: false + BlankCellFormat: + type: string + maxLength: 256 + minLength: 0 + DateFormat: + type: string + maxLength: 256 + minLength: 0 + DecimalSeparator: + $ref: '#/components/schemas/TopicNumericSeparatorSymbol' + GroupingSeparator: + type: string + maxLength: 256 + minLength: 0 + UseGrouping: + type: boolean + default: false + FractionDigits: + type: number + default: 0 + Prefix: + type: string + maxLength: 256 + minLength: 0 + Suffix: + type: string + maxLength: 256 + minLength: 0 + UnitScaler: + $ref: '#/components/schemas/NumberScale' + NegativeFormat: + $ref: '#/components/schemas/NegativeFormat' + CurrencySymbol: + type: string + maxLength: 256 + minLength: 0 + additionalProperties: false + FilterClass: + type: string + enum: + - ENFORCED_VALUE_FILTER + - CONDITIONAL_VALUE_FILTER + - NAMED_VALUE_FILTER + NamedEntityAggType: + type: string + enum: + - SUM + - MIN + - MAX + - COUNT + - AVERAGE + - DISTINCT_COUNT + - STDEV + - STDEVP + - VAR + - VARP + - PERCENTILE + - MEDIAN + - CUSTOM + NamedEntityDefinition: + type: object + properties: + FieldName: + type: string + maxLength: 256 + minLength: 0 + PropertyName: + type: string + maxLength: 256 + minLength: 0 + PropertyRole: + $ref: '#/components/schemas/PropertyRole' + PropertyUsage: + $ref: '#/components/schemas/PropertyUsage' + Metric: + $ref: '#/components/schemas/NamedEntityDefinitionMetric' + additionalProperties: false + NamedEntityDefinitionMetric: + type: object + properties: + Aggregation: + $ref: '#/components/schemas/NamedEntityAggType' + AggregationFunctionParameters: + $ref: '#/components/schemas/AggregationFunctionParameters' + additionalProperties: false + NamedFilterAggType: + type: string + enum: + - NO_AGGREGATION + - SUM + - AVERAGE + - COUNT + - DISTINCT_COUNT + - MAX + - MEDIAN + - MIN + - STDEV + - STDEVP + - VAR + - VARP + NamedFilterType: + type: string + enum: + - CATEGORY_FILTER + - NUMERIC_EQUALITY_FILTER + - NUMERIC_RANGE_FILTER + - DATE_RANGE_FILTER + - RELATIVE_DATE_FILTER + NegativeFormat: + type: object + properties: + Prefix: + type: string + maxLength: 256 + minLength: 0 + Suffix: + type: string + maxLength: 256 + minLength: 0 + additionalProperties: false + PropertyRole: + type: string + enum: + - PRIMARY + - ID + PropertyUsage: + type: string + enum: + - INHERIT + - DIMENSION + - MEASURE + RangeConstant: + type: object + properties: + Minimum: + type: string + maxLength: 256 + minLength: 0 + Maximum: + type: string + maxLength: 256 + minLength: 0 + additionalProperties: false + SemanticEntityType: + type: object + properties: + TypeName: + type: string + maxLength: 256 + minLength: 0 + SubTypeName: + type: string + maxLength: 256 + minLength: 0 + TypeParameters: + $ref: '#/components/schemas/TypeParameters' + additionalProperties: false + SemanticType: + type: object + properties: + TypeName: + type: string + maxLength: 256 + minLength: 0 + SubTypeName: + type: string + maxLength: 256 + minLength: 0 + TypeParameters: + $ref: '#/components/schemas/TypeParameters' + TruthyCellValue: + type: string + TruthyCellValueSynonyms: + type: array + items: + type: string + FalseyCellValue: + type: string + FalseyCellValueSynonyms: + type: array + items: + type: string + additionalProperties: false + TopicCalculatedField: + type: object + properties: + CalculatedFieldName: + type: string + maxLength: 256 + minLength: 0 + CalculatedFieldDescription: + type: string + maxLength: 256 + minLength: 0 + Expression: + type: string + maxLength: 4096 + minLength: 1 + CalculatedFieldSynonyms: + type: array + items: + type: string + maxLength: 256 + minLength: 0 + IsIncludedInTopic: + type: boolean + default: false + ColumnDataRole: + $ref: '#/components/schemas/ColumnDataRole' + TimeGranularity: + $ref: '#/components/schemas/TopicTimeGranularity' + DefaultFormatting: + $ref: '#/components/schemas/DefaultFormatting' + Aggregation: + $ref: '#/components/schemas/DefaultAggregation' + ComparativeOrder: + $ref: '#/components/schemas/ComparativeOrder' + SemanticType: + $ref: '#/components/schemas/SemanticType' + AllowedAggregations: + type: array + items: + $ref: '#/components/schemas/AuthorSpecifiedAggregation' + NotAllowedAggregations: + type: array + items: + $ref: '#/components/schemas/AuthorSpecifiedAggregation' + NeverAggregateInFilter: + type: boolean + default: false + NonAdditive: + type: boolean + default: false + CellValueSynonyms: + type: array + items: + $ref: '#/components/schemas/CellValueSynonym' + required: + - CalculatedFieldName + - Expression + additionalProperties: false + TopicCategoryFilter: + type: object + properties: + CategoryFilterFunction: + $ref: '#/components/schemas/CategoryFilterFunction' + CategoryFilterType: + $ref: '#/components/schemas/CategoryFilterType' + Constant: + $ref: '#/components/schemas/TopicCategoryFilterConstant' + Inverse: + type: boolean + default: false + additionalProperties: false + TopicCategoryFilterConstant: + type: object + properties: + ConstantType: + $ref: '#/components/schemas/ConstantType' + SingularConstant: + type: string + maxLength: 256 + minLength: 0 + CollectiveConstant: + $ref: '#/components/schemas/CollectiveConstant' + additionalProperties: false + TopicColumn: + type: object + properties: + ColumnName: + type: string + maxLength: 256 + minLength: 0 + ColumnFriendlyName: + type: string + maxLength: 256 + minLength: 0 + ColumnDescription: + type: string + maxLength: 256 + minLength: 0 + ColumnSynonyms: + type: array + items: + type: string + maxLength: 256 + minLength: 0 + ColumnDataRole: + $ref: '#/components/schemas/ColumnDataRole' + Aggregation: + $ref: '#/components/schemas/DefaultAggregation' + IsIncludedInTopic: + type: boolean + default: false + ComparativeOrder: + $ref: '#/components/schemas/ComparativeOrder' + SemanticType: + $ref: '#/components/schemas/SemanticType' + TimeGranularity: + $ref: '#/components/schemas/TopicTimeGranularity' + AllowedAggregations: + type: array + items: + $ref: '#/components/schemas/AuthorSpecifiedAggregation' + NotAllowedAggregations: + type: array + items: + $ref: '#/components/schemas/AuthorSpecifiedAggregation' + DefaultFormatting: + $ref: '#/components/schemas/DefaultFormatting' + NeverAggregateInFilter: + type: boolean + default: false + NonAdditive: + type: boolean + default: false + CellValueSynonyms: + type: array + items: + $ref: '#/components/schemas/CellValueSynonym' + required: + - ColumnName + additionalProperties: false + TopicDateRangeFilter: + type: object + properties: + Inclusive: + type: boolean + default: false + Constant: + $ref: '#/components/schemas/TopicRangeFilterConstant' + additionalProperties: false + TopicDetails: + type: object + properties: + Name: + type: string + maxLength: 128 + minLength: 1 + Description: + type: string + maxLength: 256 + minLength: 0 + DataSets: + type: array + items: + $ref: '#/components/schemas/DatasetMetadata' + UserExperienceVersion: + $ref: '#/components/schemas/TopicUserExperienceVersion' + additionalProperties: false + TopicFilter: + type: object + properties: + FilterDescription: + type: string + maxLength: 256 + minLength: 0 + FilterClass: + $ref: '#/components/schemas/FilterClass' + FilterName: + type: string + maxLength: 256 + minLength: 0 + FilterSynonyms: + type: array + items: + type: string + maxLength: 256 + minLength: 0 + OperandFieldName: + type: string + maxLength: 256 + minLength: 0 + FilterType: + $ref: '#/components/schemas/NamedFilterType' + CategoryFilter: + $ref: '#/components/schemas/TopicCategoryFilter' + NumericEqualityFilter: + $ref: '#/components/schemas/TopicNumericEqualityFilter' + NumericRangeFilter: + $ref: '#/components/schemas/TopicNumericRangeFilter' + DateRangeFilter: + $ref: '#/components/schemas/TopicDateRangeFilter' + RelativeDateFilter: + $ref: '#/components/schemas/TopicRelativeDateFilter' + required: + - FilterName + - OperandFieldName + additionalProperties: false + TopicNamedEntity: + type: object + properties: + EntityName: + type: string + maxLength: 256 + minLength: 0 + EntityDescription: + type: string + maxLength: 256 + minLength: 0 + EntitySynonyms: + type: array + items: + type: string + maxLength: 256 + minLength: 0 + SemanticEntityType: + $ref: '#/components/schemas/SemanticEntityType' + Definition: + type: array + items: + $ref: '#/components/schemas/NamedEntityDefinition' + required: + - EntityName + additionalProperties: false + TopicNumericEqualityFilter: + type: object + properties: + Constant: + $ref: '#/components/schemas/TopicSingularFilterConstant' + Aggregation: + $ref: '#/components/schemas/NamedFilterAggType' + additionalProperties: false + TopicNumericRangeFilter: + type: object + properties: + Inclusive: + type: boolean + default: false + Constant: + $ref: '#/components/schemas/TopicRangeFilterConstant' + Aggregation: + $ref: '#/components/schemas/NamedFilterAggType' + additionalProperties: false + TopicNumericSeparatorSymbol: + type: string + enum: + - COMMA + - DOT + TopicRangeFilterConstant: + type: object + properties: + ConstantType: + $ref: '#/components/schemas/ConstantType' + RangeConstant: + $ref: '#/components/schemas/RangeConstant' + additionalProperties: false + TopicRelativeDateFilter: + type: object + properties: + TimeGranularity: + $ref: '#/components/schemas/TopicTimeGranularity' + RelativeDateFilterFunction: + $ref: '#/components/schemas/TopicRelativeDateFilterFunction' + Constant: + $ref: '#/components/schemas/TopicSingularFilterConstant' + additionalProperties: false + TopicRelativeDateFilterFunction: + type: string + enum: + - PREVIOUS + - THIS + - LAST + - NEXT + - NOW + TopicSingularFilterConstant: + type: object + properties: + ConstantType: + $ref: '#/components/schemas/ConstantType' + SingularConstant: + type: string + maxLength: 256 + minLength: 0 + additionalProperties: false + TopicTimeGranularity: + type: string + enum: + - SECOND + - MINUTE + - HOUR + - DAY + - WEEK + - MONTH + - QUARTER + - YEAR + TopicUserExperienceVersion: + type: string + enum: + - LEGACY + - NEW_READER_EXPERIENCE + TypeParameters: + type: object + x-patternProperties: + .+: + type: string + maxLength: 256 + minLength: 0 + additionalProperties: false + UndefinedSpecifiedValueType: + type: string + enum: + - LEAST + - MOST + Topic: + type: object + properties: + Arn: + type: string + AwsAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^[0-9]{12}$ + DataSets: + type: array + items: + $ref: '#/components/schemas/DatasetMetadata' + Description: + type: string + maxLength: 256 + minLength: 0 + Name: + type: string + maxLength: 128 + minLength: 1 + TopicId: + type: string + maxLength: 256 + minLength: 0 + pattern: ^[A-Za-z0-9-_.\\+]*$ + UserExperienceVersion: + $ref: '#/components/schemas/TopicUserExperienceVersion' + x-stackql-resource-name: topic + description: Definition of the AWS::QuickSight::Topic Resource Type. + x-type-name: AWS::QuickSight::Topic + x-stackql-primary-identifier: + - AwsAccountId + - TopicId + x-create-only-properties: + - AwsAccountId + - TopicId + x-read-only-properties: + - Arn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - quicksight:CreateTopic + - quicksight:PassDataSet + - quicksight:DescribeTopicRefresh + read: + - quicksight:DescribeTopic + update: + - quicksight:UpdateTopic + - quicksight:PassDataSet + - quicksight:DescribeTopicRefresh + delete: + - quicksight:DeleteTopic + list: + - quicksight:ListTopics + Arn: + type: string + DnsResolvers: + type: array + items: + type: string + x-insertionOrder: false + NetworkInterfaces: + type: array + items: + $ref: '#/components/schemas/NetworkInterface' + maxItems: 15 + x-insertionOrder: false + NetworkInterface: + type: object + properties: + SubnetId: + $ref: '#/components/schemas/SubnetId' + AvailabilityZone: + type: string + ErrorMessage: + type: string + Status: + type: string + enum: + - CREATING + - AVAILABLE + - CREATION_FAILED + - UPDATING + - UPDATE_FAILED + - DELETING + - DELETED + - DELETION_FAILED + - DELETION_SCHEDULED + - ATTACHMENT_FAILED_ROLLBACK_FAILED + NetworkInterfaceId: + $ref: '#/components/schemas/NetworkInterfaceId' + additionalProperties: false + required: [] + NetworkInterfaceId: + type: string + pattern: ^eni-[0-9a-z]*$ + maxLength: 255 + RoleArn: + type: string + SecurityGroupIds: + type: array + items: + $ref: '#/components/schemas/SecurityGroupId' + maxItems: 16 + minItems: 1 + x-insertionOrder: false + SecurityGroupId: + type: string + pattern: ^sg-[0-9a-z]*$ + maxItems: 255 + minItems: 1 + SubnetIds: + type: array + items: + $ref: '#/components/schemas/SubnetId' + maxItems: 15 + minItems: 2 + x-insertionOrder: false + SubnetId: + type: string + pattern: ^subnet-[0-9a-z]*$ + maxLength: 255 + minLength: 1 + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 1 + x-insertionOrder: false + VPCConnectionId: + type: string + maxLength: 1000 + minLength: 1 + pattern: '[\w\-]+' + VPCId: + type: string + VPCConnectionResourceStatus: + type: string + enum: + - CREATION_IN_PROGRESS + - CREATION_SUCCESSFUL + - CREATION_FAILED + - UPDATE_IN_PROGRESS + - UPDATE_SUCCESSFUL + - UPDATE_FAILED + - DELETION_IN_PROGRESS + - DELETION_FAILED + - DELETED + VPCConnectionAvailabilityStatus: + type: string + enum: + - AVAILABLE + - UNAVAILABLE + - PARTIALLY_AVAILABLE + VPCConnection: + type: object + properties: + Arn: + $ref: '#/components/schemas/Arn' + AwsAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^[0-9]{12}$ + Name: + type: string + maxLength: 128 + minLength: 1 + VPCConnectionId: + $ref: '#/components/schemas/VPCConnectionId' + VPCId: + $ref: '#/components/schemas/VPCId' + SecurityGroupIds: + $ref: '#/components/schemas/SecurityGroupIds' + SubnetIds: + $ref: '#/components/schemas/SubnetIds' + DnsResolvers: + $ref: '#/components/schemas/DnsResolvers' + Status: + $ref: '#/components/schemas/VPCConnectionResourceStatus' + AvailabilityStatus: + $ref: '#/components/schemas/VPCConnectionAvailabilityStatus' + NetworkInterfaces: + $ref: '#/components/schemas/NetworkInterfaces' + RoleArn: + $ref: '#/components/schemas/RoleArn' + CreatedTime: + type: string + format: date-time + LastUpdatedTime: + type: string + format: date-time + Tags: + $ref: '#/components/schemas/Tags' + x-stackql-resource-name: vpc_connection + description: Definition of the AWS::QuickSight::VPCConnection Resource Type. + x-type-name: AWS::QuickSight::VPCConnection + x-stackql-primary-identifier: + - AwsAccountId + - VPCConnectionId + x-create-only-properties: + - AwsAccountId + - VPCConnectionId + x-write-only-properties: + - SubnetIds + x-read-only-properties: + - Arn + - CreatedTime + - LastUpdatedTime + - NetworkInterfaces + - Status + - VPCId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - quicksight:CreateVPCConnection + - quicksight:DescribeVPCConnection + - quicksight:ListTagsForResource + - quicksight:TagResource + - iam:PassRole + read: + - quicksight:DescribeVPCConnection + - quicksight:ListTagsForResource + update: + - quicksight:DescribeVPCConnection + - quicksight:UpdateVPCConnection + - quicksight:TagResource + - quicksight:UntagResource + - quicksight:ListTagsForResource + - iam:PassRole + delete: + - quicksight:DescribeVPCConnection + - quicksight:DeleteVPCConnection + - quicksight:ListTagsForResource + - iam:PassRole + list: + - quicksight:ListVPCConnections + x-stackQL-resources: + analyses: + name: analyses + id: aws.quicksight.analyses + x-cfn-schema-name: Analysis + x-type: list + x-identifiers: + - AnalysisId + - AwsAccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AnalysisId') as analysis_id, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Analysis' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AnalysisId') as analysis_id, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Analysis' + AND region = 'us-east-1' + analysis: + name: analysis + id: aws.quicksight.analysis + x-cfn-schema-name: Analysis + x-type: get + x-identifiers: + - AnalysisId + - AwsAccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AnalysisId') as analysis_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.DataSetArns') as data_set_arns, + JSON_EXTRACT(Properties, '$.Definition') as definition, + JSON_EXTRACT(Properties, '$.Errors') as errors, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.Permissions') as permissions, + JSON_EXTRACT(Properties, '$.Sheets') as sheets, + JSON_EXTRACT(Properties, '$.SourceEntity') as source_entity, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ThemeArn') as theme_arn, + JSON_EXTRACT(Properties, '$.ValidationStrategy') as validation_strategy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::Analysis' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AnalysisId') as analysis_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'DataSetArns') as data_set_arns, + json_extract_path_text(Properties, 'Definition') as definition, + json_extract_path_text(Properties, 'Errors') as errors, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'Permissions') as permissions, + json_extract_path_text(Properties, 'Sheets') as sheets, + json_extract_path_text(Properties, 'SourceEntity') as source_entity, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ThemeArn') as theme_arn, + json_extract_path_text(Properties, 'ValidationStrategy') as validation_strategy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::Analysis' + AND data__Identifier = '|' + AND region = 'us-east-1' + dashboards: + name: dashboards + id: aws.quicksight.dashboards + x-cfn-schema-name: Dashboard + x-type: list + x-identifiers: + - AwsAccountId + - DashboardId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.DashboardId') as dashboard_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Dashboard' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'DashboardId') as dashboard_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Dashboard' + AND region = 'us-east-1' + dashboard: + name: dashboard + id: aws.quicksight.dashboard + x-cfn-schema-name: Dashboard + x-type: get + x-identifiers: + - AwsAccountId + - DashboardId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.DashboardId') as dashboard_id, + JSON_EXTRACT(Properties, '$.DashboardPublishOptions') as dashboard_publish_options, + JSON_EXTRACT(Properties, '$.Definition') as definition, + JSON_EXTRACT(Properties, '$.LastPublishedTime') as last_published_time, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.LinkEntities') as link_entities, + JSON_EXTRACT(Properties, '$.LinkSharingConfiguration') as link_sharing_configuration, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.Permissions') as permissions, + JSON_EXTRACT(Properties, '$.SourceEntity') as source_entity, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ThemeArn') as theme_arn, + JSON_EXTRACT(Properties, '$.ValidationStrategy') as validation_strategy, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.VersionDescription') as version_description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::Dashboard' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'DashboardId') as dashboard_id, + json_extract_path_text(Properties, 'DashboardPublishOptions') as dashboard_publish_options, + json_extract_path_text(Properties, 'Definition') as definition, + json_extract_path_text(Properties, 'LastPublishedTime') as last_published_time, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'LinkEntities') as link_entities, + json_extract_path_text(Properties, 'LinkSharingConfiguration') as link_sharing_configuration, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'Permissions') as permissions, + json_extract_path_text(Properties, 'SourceEntity') as source_entity, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ThemeArn') as theme_arn, + json_extract_path_text(Properties, 'ValidationStrategy') as validation_strategy, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'VersionDescription') as version_description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::Dashboard' + AND data__Identifier = '|' + AND region = 'us-east-1' + data_sets: + name: data_sets + id: aws.quicksight.data_sets + x-cfn-schema-name: DataSet + x-type: list + x-identifiers: + - AwsAccountId + - DataSetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.DataSetId') as data_set_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::DataSet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'DataSetId') as data_set_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::DataSet' + AND region = 'us-east-1' + data_set: + name: data_set + id: aws.quicksight.data_set + x-cfn-schema-name: DataSet + x-type: get + x-identifiers: + - AwsAccountId + - DataSetId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.ColumnGroups') as column_groups, + JSON_EXTRACT(Properties, '$.ColumnLevelPermissionRules') as column_level_permission_rules, + JSON_EXTRACT(Properties, '$.ConsumedSpiceCapacityInBytes') as consumed_spice_capacity_in_bytes, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.DataSetId') as data_set_id, + JSON_EXTRACT(Properties, '$.DatasetParameters') as dataset_parameters, + JSON_EXTRACT(Properties, '$.FieldFolders') as field_folders, + JSON_EXTRACT(Properties, '$.ImportMode') as import_mode, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.LogicalTableMap') as logical_table_map, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.OutputColumns') as output_columns, + JSON_EXTRACT(Properties, '$.Permissions') as permissions, + JSON_EXTRACT(Properties, '$.PhysicalTableMap') as physical_table_map, + JSON_EXTRACT(Properties, '$.RowLevelPermissionDataSet') as row_level_permission_data_set, + JSON_EXTRACT(Properties, '$.RowLevelPermissionTagConfiguration') as row_level_permission_tag_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.IngestionWaitPolicy') as ingestion_wait_policy, + JSON_EXTRACT(Properties, '$.DataSetUsageConfiguration') as data_set_usage_configuration, + JSON_EXTRACT(Properties, '$.DataSetRefreshProperties') as data_set_refresh_properties + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::DataSet' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'ColumnGroups') as column_groups, + json_extract_path_text(Properties, 'ColumnLevelPermissionRules') as column_level_permission_rules, + json_extract_path_text(Properties, 'ConsumedSpiceCapacityInBytes') as consumed_spice_capacity_in_bytes, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'DataSetId') as data_set_id, + json_extract_path_text(Properties, 'DatasetParameters') as dataset_parameters, + json_extract_path_text(Properties, 'FieldFolders') as field_folders, + json_extract_path_text(Properties, 'ImportMode') as import_mode, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'LogicalTableMap') as logical_table_map, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'OutputColumns') as output_columns, + json_extract_path_text(Properties, 'Permissions') as permissions, + json_extract_path_text(Properties, 'PhysicalTableMap') as physical_table_map, + json_extract_path_text(Properties, 'RowLevelPermissionDataSet') as row_level_permission_data_set, + json_extract_path_text(Properties, 'RowLevelPermissionTagConfiguration') as row_level_permission_tag_configuration, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'IngestionWaitPolicy') as ingestion_wait_policy, + json_extract_path_text(Properties, 'DataSetUsageConfiguration') as data_set_usage_configuration, + json_extract_path_text(Properties, 'DataSetRefreshProperties') as data_set_refresh_properties + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::DataSet' + AND data__Identifier = '|' + AND region = 'us-east-1' + data_sources: + name: data_sources + id: aws.quicksight.data_sources + x-cfn-schema-name: DataSource + x-type: list + x-identifiers: + - AwsAccountId + - DataSourceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.DataSourceId') as data_source_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::DataSource' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'DataSourceId') as data_source_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::DataSource' + AND region = 'us-east-1' + data_source: + name: data_source + id: aws.quicksight.data_source + x-cfn-schema-name: DataSource + x-type: get + x-identifiers: + - AwsAccountId + - DataSourceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AlternateDataSourceParameters') as alternate_data_source_parameters, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.Credentials') as credentials, + JSON_EXTRACT(Properties, '$.DataSourceId') as data_source_id, + JSON_EXTRACT(Properties, '$.DataSourceParameters') as data_source_parameters, + JSON_EXTRACT(Properties, '$.ErrorInfo') as error_info, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Permissions') as permissions, + JSON_EXTRACT(Properties, '$.SslProperties') as ssl_properties, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.VpcConnectionProperties') as vpc_connection_properties + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::DataSource' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AlternateDataSourceParameters') as alternate_data_source_parameters, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'Credentials') as credentials, + json_extract_path_text(Properties, 'DataSourceId') as data_source_id, + json_extract_path_text(Properties, 'DataSourceParameters') as data_source_parameters, + json_extract_path_text(Properties, 'ErrorInfo') as error_info, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Permissions') as permissions, + json_extract_path_text(Properties, 'SslProperties') as ssl_properties, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'VpcConnectionProperties') as vpc_connection_properties + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::DataSource' + AND data__Identifier = '|' + AND region = 'us-east-1' + refresh_schedules: + name: refresh_schedules + id: aws.quicksight.refresh_schedules + x-cfn-schema-name: RefreshSchedule + x-type: list + x-identifiers: + - AwsAccountId + - DataSetId + - Schedule/ScheduleId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.DataSetId') as data_set_id, + JSON_EXTRACT(Properties, '$.Schedule.ScheduleId') as schedule__schedule_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::RefreshSchedule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'DataSetId') as data_set_id, + json_extract_path_text(Properties, 'Schedule', 'ScheduleId') as schedule__schedule_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::RefreshSchedule' + AND region = 'us-east-1' + refresh_schedule: + name: refresh_schedule + id: aws.quicksight.refresh_schedule + x-cfn-schema-name: RefreshSchedule + x-type: get + x-identifiers: + - AwsAccountId + - DataSetId + - Schedule/ScheduleId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.DataSetId') as data_set_id, + JSON_EXTRACT(Properties, '$.Schedule') as schedule + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::RefreshSchedule' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'DataSetId') as data_set_id, + json_extract_path_text(Properties, 'Schedule') as schedule + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::RefreshSchedule' + AND data__Identifier = '||' + AND region = 'us-east-1' + templates: + name: templates + id: aws.quicksight.templates + x-cfn-schema-name: Template + x-type: list + x-identifiers: + - AwsAccountId + - TemplateId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.TemplateId') as template_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Template' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'TemplateId') as template_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Template' + AND region = 'us-east-1' + template: + name: template + id: aws.quicksight.template + x-cfn-schema-name: Template + x-type: get + x-identifiers: + - AwsAccountId + - TemplateId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.Definition') as definition, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Permissions') as permissions, + JSON_EXTRACT(Properties, '$.SourceEntity') as source_entity, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TemplateId') as template_id, + JSON_EXTRACT(Properties, '$.ValidationStrategy') as validation_strategy, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.VersionDescription') as version_description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::Template' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'Definition') as definition, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Permissions') as permissions, + json_extract_path_text(Properties, 'SourceEntity') as source_entity, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TemplateId') as template_id, + json_extract_path_text(Properties, 'ValidationStrategy') as validation_strategy, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'VersionDescription') as version_description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::Template' + AND data__Identifier = '|' + AND region = 'us-east-1' + themes: + name: themes + id: aws.quicksight.themes + x-cfn-schema-name: Theme + x-type: list + x-identifiers: + - ThemeId + - AwsAccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ThemeId') as theme_id, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Theme' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ThemeId') as theme_id, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Theme' + AND region = 'us-east-1' + theme: + name: theme + id: aws.quicksight.theme + x-cfn-schema-name: Theme + x-type: get + x-identifiers: + - ThemeId + - AwsAccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.BaseThemeId') as base_theme_id, + JSON_EXTRACT(Properties, '$.Configuration') as configuration, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Permissions') as permissions, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ThemeId') as theme_id, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.VersionDescription') as version_description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::Theme' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'BaseThemeId') as base_theme_id, + json_extract_path_text(Properties, 'Configuration') as configuration, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Permissions') as permissions, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ThemeId') as theme_id, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'VersionDescription') as version_description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::Theme' + AND data__Identifier = '|' + AND region = 'us-east-1' + topics: + name: topics + id: aws.quicksight.topics + x-cfn-schema-name: Topic + x-type: list + x-identifiers: + - AwsAccountId + - TopicId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.TopicId') as topic_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Topic' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'TopicId') as topic_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Topic' + AND region = 'us-east-1' + topic: + name: topic + id: aws.quicksight.topic + x-cfn-schema-name: Topic + x-type: get + x-identifiers: + - AwsAccountId + - TopicId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.DataSets') as data_sets, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.TopicId') as topic_id, + JSON_EXTRACT(Properties, '$.UserExperienceVersion') as user_experience_version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::Topic' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'DataSets') as data_sets, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'TopicId') as topic_id, + json_extract_path_text(Properties, 'UserExperienceVersion') as user_experience_version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::Topic' + AND data__Identifier = '|' + AND region = 'us-east-1' + vpc_connections: + name: vpc_connections + id: aws.quicksight.vpc_connections + x-cfn-schema-name: VPCConnection + x-type: list + x-identifiers: + - AwsAccountId + - VPCConnectionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.VPCConnectionId') as vpc_connection_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::VPCConnection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'VPCConnectionId') as vpc_connection_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::VPCConnection' + AND region = 'us-east-1' + vpc_connection: + name: vpc_connection + id: aws.quicksight.vpc_connection + x-cfn-schema-name: VPCConnection + x-type: get + x-identifiers: + - AwsAccountId + - VPCConnectionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.VPCConnectionId') as vpc_connection_id, + JSON_EXTRACT(Properties, '$.VPCId') as vpc_id, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.DnsResolvers') as dns_resolvers, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.AvailabilityStatus') as availability_status, + JSON_EXTRACT(Properties, '$.NetworkInterfaces') as network_interfaces, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::VPCConnection' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'VPCConnectionId') as vpc_connection_id, + json_extract_path_text(Properties, 'VPCId') as vpc_id, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'DnsResolvers') as dns_resolvers, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'AvailabilityStatus') as availability_status, + json_extract_path_text(Properties, 'NetworkInterfaces') as network_interfaces, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::VPCConnection' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/ram.yaml b/providers/src/aws/v00.00.00000/services/ram.yaml new file mode 100644 index 00000000..30fd68cd --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/ram.yaml @@ -0,0 +1,170 @@ +openapi: 3.0.0 +info: + title: RAM + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + Permission: + type: object + properties: + Arn: + type: string + Name: + description: The name of the permission. + type: string + Version: + description: Version of the permission. + type: string + IsResourceTypeDefault: + description: Set to true to use this as the default permission. + type: boolean + PermissionType: + type: string + ResourceType: + description: The resource type this permission can be used with. + type: string + PolicyTemplate: + description: Policy template for the permission. + type: object + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - ResourceType + - PolicyTemplate + x-stackql-resource-name: permission + description: Resource type definition for AWS::RAM::Permission + x-type-name: AWS::RAM::Permission + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - ResourceType + - PolicyTemplate + x-read-only-properties: + - Arn + - Version + - IsResourceTypeDefault + - PermissionType + x-required-properties: + - Name + - ResourceType + - PolicyTemplate + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - ram:CreatePermission + - ram:TagResource + read: + - ram:GetPermission + update: + - ram:CreatePermissionVersion + - ram:DeletePermissionVersion + - ram:SetDefaultPermissionVersion + - ram:GetPermission + - ram:ReplacePermissionAssociations + - ram:ListReplacePermissionAssociationsWork + - ram:ListPermissionVersions + - ram:UntagResource + - ram:TagResource + delete: + - ram:DeletePermissionVersion + - ram:DeletePermission + list: + - ram:ListPermissions + - ram:ListPermissionVersions + x-stackQL-resources: + permissions: + name: permissions + id: aws.ram.permissions + x-cfn-schema-name: Permission + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RAM::Permission' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RAM::Permission' + AND region = 'us-east-1' + permission: + name: permission + id: aws.ram.permission + x-cfn-schema-name: Permission + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.IsResourceTypeDefault') as is_resource_type_default, + JSON_EXTRACT(Properties, '$.PermissionType') as permission_type, + JSON_EXTRACT(Properties, '$.ResourceType') as resource_type, + JSON_EXTRACT(Properties, '$.PolicyTemplate') as policy_template, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RAM::Permission' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'IsResourceTypeDefault') as is_resource_type_default, + json_extract_path_text(Properties, 'PermissionType') as permission_type, + json_extract_path_text(Properties, 'ResourceType') as resource_type, + json_extract_path_text(Properties, 'PolicyTemplate') as policy_template, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RAM::Permission' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/rds.yaml b/providers/src/aws/v00.00.00000/services/rds.yaml new file mode 100644 index 00000000..5089773f --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/rds.yaml @@ -0,0 +1,3474 @@ +openapi: 3.0.0 +info: + title: RDS + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 0 + maxLength: 256 + required: + - Key + CustomDBEngineVersion: + type: object + properties: + DatabaseInstallationFilesS3BucketName: + type: string + description: The name of an Amazon S3 bucket that contains database installation files for your CEV. For example, a valid bucket name is `my-custom-installation-files`. + minLength: 3 + maxLength: 63 + DatabaseInstallationFilesS3Prefix: + type: string + description: The Amazon S3 directory that contains the database installation files for your CEV. For example, a valid bucket name is `123456789012/cev1`. If this setting isn't specified, no prefix is assumed. + minLength: 1 + maxLength: 255 + Description: + type: string + description: An optional description of your CEV. + minLength: 1 + maxLength: 1000 + Engine: + type: string + description: The database engine to use for your custom engine version (CEV). The only supported value is `custom-oracle-ee`. + minLength: 1 + maxLength: 35 + EngineVersion: + type: string + description: The name of your CEV. The name format is 19.customized_string . For example, a valid name is 19.my_cev1. This setting is required for RDS Custom for Oracle, but optional for Amazon RDS. The combination of Engine and EngineVersion is unique per customer per Region. + minLength: 1 + maxLength: 60 + KMSKeyId: + type: string + description: The AWS KMS key identifier for an encrypted CEV. A symmetric KMS key is required for RDS Custom, but optional for Amazon RDS. + minLength: 1 + maxLength: 2048 + Manifest: + type: string + description: The CEV manifest, which is a JSON document that describes the installation .zip files stored in Amazon S3. Specify the name/value pairs in a file or a quoted string. RDS Custom applies the patches in the order in which they are listed. + minLength: 1 + maxLength: 51000 + DBEngineVersionArn: + type: string + description: The ARN of the custom engine version. + SourceCustomDbEngineVersionIdentifier: + type: string + description: The identifier of the source custom engine version. + UseAwsProvidedLatestImage: + type: boolean + description: A value that indicates whether AWS provided latest image is applied automatically to the Custom Engine Version. By default, AWS provided latest image is applied automatically. This value is only applied on create. + ImageId: + type: string + description: The identifier of Amazon Machine Image (AMI) used for CEV. + Status: + type: string + description: The availability status to be assigned to the CEV. + default: available + enum: + - available + - inactive + - inactive-except-restore + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Engine + - EngineVersion + x-stackql-resource-name: customdb_engine_version + description: The AWS::RDS::CustomDBEngineVersion resource creates an Amazon RDS custom DB engine version. + x-type-name: AWS::RDS::CustomDBEngineVersion + x-stackql-primary-identifier: + - Engine + - EngineVersion + x-create-only-properties: + - Engine + - EngineVersion + - DatabaseInstallationFilesS3BucketName + - DatabaseInstallationFilesS3Prefix + - ImageId + - KMSKeyId + - Manifest + - SourceCustomDbEngineVersionIdentifier + - UseAwsProvidedLatestImage + x-write-only-properties: + - Manifest + - SourceCustomDbEngineVersionIdentifier + - UseAwsProvidedLatestImage + x-read-only-properties: + - DBEngineVersionArn + x-required-properties: + - Engine + - EngineVersion + x-tagging: + taggable: true + x-required-permissions: + create: + - ec2:CopySnapshot + - ec2:DeleteSnapshot + - ec2:DescribeSnapshots + - kms:CreateGrant + - kms:Decrypt + - kms:DescribeKey + - kms:GenerateDataKey + - kms:ReEncrypt + - mediaimport:CreateDatabaseBinarySnapshot + - rds:AddTagsToResource + - rds:CreateCustomDBEngineVersion + - rds:DescribeDBEngineVersions + - rds:ModifyCustomDBEngineVersion + - s3:CreateBucket + - s3:GetObject + - s3:GetObjectAcl + - s3:GetObjectTagging + - s3:ListBucket + - s3:PutBucketObjectLockConfiguration + - s3:PutBucketPolicy + - s3:PutBucketVersioning + read: + - rds:DescribeDBEngineVersions + update: + - rds:AddTagsToResource + - rds:DescribeDBEngineVersions + - rds:ModifyCustomDBEngineVersion + - rds:RemoveTagsFromResource + delete: + - rds:DeleteCustomDBEngineVersion + - rds:DescribeDBEngineVersions + list: + - rds:DescribeDBEngineVersions + Endpoint: + type: object + additionalProperties: false + properties: + Address: + type: string + description: Specifies the DNS address of the DB instance. + Port: + type: string + description: Specifies the port that the database engine is listening on. + HostedZoneId: + type: string + description: Specifies the ID that Amazon Route 53 assigns when you create a hosted zone. + description: |- + This data type represents the information you need to connect to an Amazon RDS DB instance. This data type is used as a response element in the following actions: + + ``CreateDBInstance`` + + ``DescribeDBInstances`` + + ``DeleteDBInstance`` + + For the data structure that represents Amazon Aurora DB cluster endpoints, see ``DBClusterEndpoint``. + ReadEndpoint: + type: object + additionalProperties: false + properties: + Address: + description: The reader endpoint for the DB cluster. + type: string + DBClusterRole: + description: Describes an AWS Identity and Access Management (IAM) role that is associated with a DB cluster. + type: object + additionalProperties: false + properties: + FeatureName: + description: The name of the feature associated with the AWS Identity and Access Management (IAM) role. For the list of supported feature names, see DBEngineVersion in the Amazon RDS API Reference. + type: string + RoleArn: + description: The Amazon Resource Name (ARN) of the IAM role that is associated with the DB cluster. + type: string + required: + - RoleArn + ServerlessV2ScalingConfiguration: + description: Contains the scaling configuration of an Aurora Serverless v2 DB cluster. + type: object + additionalProperties: false + properties: + MinCapacity: + description: The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 8, 8.5, 9, and so on. The smallest value that you can use is 0.5. + type: number + MaxCapacity: + description: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 128. + type: number + ScalingConfiguration: + description: The ScalingConfiguration property type specifies the scaling configuration of an Aurora Serverless DB cluster. + type: object + additionalProperties: false + properties: + AutoPause: + description: A value that indicates whether to allow or disallow automatic pause for an Aurora DB cluster in serverless DB engine mode. A DB cluster can be paused only when it's idle (it has no connections). + type: boolean + MaxCapacity: + description: |- + The maximum capacity for an Aurora DB cluster in serverless DB engine mode. + For Aurora MySQL, valid capacity values are 1, 2, 4, 8, 16, 32, 64, 128, and 256. + For Aurora PostgreSQL, valid capacity values are 2, 4, 8, 16, 32, 64, 192, and 384. + The maximum capacity must be greater than or equal to the minimum capacity. + type: integer + MinCapacity: + description: |- + The minimum capacity for an Aurora DB cluster in serverless DB engine mode. + For Aurora MySQL, valid capacity values are 1, 2, 4, 8, 16, 32, 64, 128, and 256. + For Aurora PostgreSQL, valid capacity values are 2, 4, 8, 16, 32, 64, 192, and 384. + The minimum capacity must be less than or equal to the maximum capacity. + type: integer + SecondsBeforeTimeout: + description: |- + The amount of time, in seconds, that Aurora Serverless v1 tries to find a scaling point to perform seamless scaling before enforcing the timeout action. + The default is 300. + type: integer + SecondsUntilAutoPause: + description: The time, in seconds, before an Aurora DB cluster in serverless mode is paused. + type: integer + TimeoutAction: + description: |- + The action to take when the timeout is reached, either ForceApplyCapacityChange or RollbackCapacityChange. + ForceApplyCapacityChange sets the capacity to the specified value as soon as possible. + RollbackCapacityChange, the default, ignores the capacity change if a scaling point isn't found in the timeout period. + + For more information, see Autoscaling for Aurora Serverless v1 in the Amazon Aurora User Guide. + type: string + MasterUserSecret: + type: object + additionalProperties: false + properties: + SecretArn: + type: string + description: The Amazon Resource Name (ARN) of the secret. + KmsKeyId: + type: string + description: The AWS KMS key identifier that is used to encrypt the secret. + description: |- + The ``MasterUserSecret`` return value specifies the secret managed by RDS in AWS Secrets Manager for the master user password. + For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide* and [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) in the *Amazon Aurora User Guide.* + DBCluster: + type: object + properties: + Endpoint: + $ref: '#/components/schemas/Endpoint' + ReadEndpoint: + $ref: '#/components/schemas/ReadEndpoint' + AllocatedStorage: + description: The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster. + type: integer + AssociatedRoles: + description: Provides a list of the AWS Identity and Access Management (IAM) roles that are associated with the DB cluster. IAM roles that are associated with a DB cluster grant permission for the DB cluster to access other AWS services on your behalf. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/DBClusterRole' + AvailabilityZones: + description: A list of Availability Zones (AZs) where instances in the DB cluster can be created. For information on AWS Regions and Availability Zones, see Choosing the Regions and Availability Zones in the Amazon Aurora User Guide. + type: array + uniqueItems: true + items: + type: string + AutoMinorVersionUpgrade: + description: A value that indicates whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically. + type: boolean + BacktrackWindow: + description: The target backtrack window, in seconds. To disable backtracking, set this value to 0. + default: 0 + minimum: 0 + type: integer + BackupRetentionPeriod: + description: The number of days for which automated backups are retained. + default: 1 + minimum: 1 + type: integer + CopyTagsToSnapshot: + description: A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them. + type: boolean + DatabaseName: + description: The name of your database. If you don't provide a name, then Amazon RDS won't create a database in this DB cluster. For naming constraints, see Naming Constraints in the Amazon RDS User Guide. + type: string + DBClusterArn: + type: string + description: The Amazon Resource Name (ARN) for the DB cluster. + DBClusterInstanceClass: + description: The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge. + type: string + DBClusterResourceId: + description: The AWS Region-unique, immutable identifier for the DB cluster. + type: string + DBInstanceParameterGroupName: + description: The name of the DB parameter group to apply to all instances of the DB cluster. + type: string + DBSystemId: + description: Reserved for future use. + type: string + GlobalClusterIdentifier: + description: |- + If you are configuring an Aurora global database cluster and want your Aurora DB cluster to be a secondary member in the global database cluster, specify the global cluster ID of the global database cluster. To define the primary database cluster of the global cluster, use the AWS::RDS::GlobalCluster resource. + + If you aren't configuring a global database cluster, don't specify this property. + type: string + pattern: ^$|^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ + minLength: 0 + maxLength: 63 + DBClusterIdentifier: + description: The DB cluster identifier. This parameter is stored as a lowercase string. + type: string + pattern: ^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ + minLength: 1 + maxLength: 63 + DBClusterParameterGroupName: + description: The name of the DB cluster parameter group to associate with this DB cluster. + type: string + default: default.aurora5.6 + DBSubnetGroupName: + description: A DB subnet group that you want to associate with this DB cluster. + type: string + DeletionProtection: + description: A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. + type: boolean + Domain: + description: The Active Directory directory ID to create the DB cluster in. + type: string + DomainIAMRoleName: + description: Specify the name of the IAM role to be used when making API calls to the Directory Service. + type: string + EnableCloudwatchLogsExports: + description: The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide. + type: array + uniqueItems: true + items: + type: string + EnableGlobalWriteForwarding: + description: Specifies whether to enable this DB cluster to forward write operations to the primary cluster of a global cluster (Aurora global database). By default, write operations are not allowed on Aurora DB clusters that are secondary clusters in an Aurora global database. + type: boolean + EnableHttpEndpoint: + description: A value that indicates whether to enable the HTTP endpoint for DB cluster. By default, the HTTP endpoint is disabled. + type: boolean + EnableIAMDatabaseAuthentication: + description: A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. + type: boolean + Engine: + description: 'The name of the database engine to be used for this DB cluster. Valid Values: aurora (for MySQL 5.6-compatible Aurora), aurora-mysql (for MySQL 5.7-compatible Aurora), and aurora-postgresql' + type: string + EngineMode: + description: The DB engine mode of the DB cluster, either provisioned, serverless, parallelquery, global, or multimaster. + type: string + EngineVersion: + description: The version number of the database engine to use. + type: string + ManageMasterUserPassword: + description: A value that indicates whether to manage the master user password with AWS Secrets Manager. + type: boolean + Iops: + description: The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster. + type: integer + KmsKeyId: + description: The Amazon Resource Name (ARN) of the AWS Key Management Service master key that is used to encrypt the database instances in the DB cluster, such as arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. If you enable the StorageEncrypted property but don't specify this property, the default master key is used. If you specify this property, you must set the StorageEncrypted property to true. + type: string + MasterUsername: + description: The name of the master user for the DB cluster. You must specify MasterUsername, unless you specify SnapshotIdentifier. In that case, don't specify MasterUsername. + type: string + pattern: ^[a-zA-Z]{1}[a-zA-Z0-9_]*$ + minLength: 1 + MasterUserPassword: + description: The master password for the DB instance. + type: string + MasterUserSecret: + $ref: '#/components/schemas/MasterUserSecret' + description: Contains the secret managed by RDS in AWS Secrets Manager for the master user password. + MonitoringInterval: + description: The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify 0. The default is 0. + type: integer + default: 0 + MonitoringRoleArn: + description: The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. + type: string + NetworkType: + description: The network type of the DB cluster. + type: string + PerformanceInsightsEnabled: + description: A value that indicates whether to turn on Performance Insights for the DB cluster. + type: boolean + PerformanceInsightsKmsKeyId: + description: The Amazon Web Services KMS key identifier for encryption of Performance Insights data. + type: string + PerformanceInsightsRetentionPeriod: + description: The amount of time, in days, to retain Performance Insights data. + type: integer + Port: + description: 'The port number on which the instances in the DB cluster accept connections. Default: 3306 if engine is set as aurora or 5432 if set to aurora-postgresql.' + type: integer + PreferredBackupWindow: + description: The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter. The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region. To see the time blocks available, see Adjusting the Preferred DB Cluster Maintenance Window in the Amazon Aurora User Guide. + type: string + PreferredMaintenanceWindow: + description: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see Adjusting the Preferred DB Cluster Maintenance Window in the Amazon Aurora User Guide. + type: string + PubliclyAccessible: + description: A value that indicates whether the DB cluster is publicly accessible. + type: boolean + ReplicationSourceIdentifier: + description: The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a Read Replica. + type: string + RestoreToTime: + description: 'The date and time to restore the DB cluster to. Value must be a time in Universal Coordinated Time (UTC) format. An example: 2015-03-07T23:45:00Z' + type: string + RestoreType: + description: |- + The type of restore to be performed. You can specify one of the following values: + full-copy - The new DB cluster is restored as a full copy of the source DB cluster. + copy-on-write - The new DB cluster is restored as a clone of the source DB cluster. + type: string + default: full-copy + ServerlessV2ScalingConfiguration: + description: Contains the scaling configuration of an Aurora Serverless v2 DB cluster. + $ref: '#/components/schemas/ServerlessV2ScalingConfiguration' + ScalingConfiguration: + description: The ScalingConfiguration property type specifies the scaling configuration of an Aurora Serverless DB cluster. + $ref: '#/components/schemas/ScalingConfiguration' + SnapshotIdentifier: + description: >- + The identifier for the DB snapshot or DB cluster snapshot to restore from. + + You can use either the name or the Amazon Resource Name (ARN) to specify a DB cluster snapshot. However, you can use only the ARN to specify a DB snapshot. + + After you restore a DB cluster with a SnapshotIdentifier property, you must specify the same SnapshotIdentifier property for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the snapshot again, and the data in the database is not changed. However, if you don't specify the SnapshotIdentifier property, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different + from the previous snapshot restore property, the DB cluster is restored from the specified SnapshotIdentifier property, and the original DB cluster is deleted. + type: string + SourceDBClusterIdentifier: + description: The identifier of the source DB cluster from which to restore. + type: string + SourceRegion: + description: The AWS Region which contains the source DB cluster when replicating a DB cluster. For example, us-east-1. + type: string + StorageEncrypted: + description: |- + Indicates whether the DB instance is encrypted. + If you specify the DBClusterIdentifier, SnapshotIdentifier, or SourceDBInstanceIdentifier property, don't specify this property. The value is inherited from the cluster, snapshot, or source DB instance. + type: boolean + StorageThroughput: + description: Specifies the storage throughput value for the DB cluster. This setting applies only to the gp3 storage type. + type: integer + StorageType: + description: Specifies the storage type to be associated with the DB cluster. + type: string + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + UseLatestRestorableTime: + description: A value that indicates whether to restore the DB cluster to the latest restorable backup time. By default, the DB cluster is not restored to the latest restorable backup time. + type: boolean + VpcSecurityGroupIds: + description: A list of EC2 VPC security groups to associate with this DB cluster. + uniqueItems: true + items: + type: string + type: array + x-stackql-resource-name: db_cluster + description: The AWS::RDS::DBCluster resource creates an Amazon Aurora DB cluster. + x-type-name: AWS::RDS::DBCluster + x-stackql-primary-identifier: + - DBClusterIdentifier + x-create-only-properties: + - AvailabilityZones + - DBClusterIdentifier + - DBSubnetGroupName + - DBSystemId + - DatabaseName + - EngineMode + - KmsKeyId + - PubliclyAccessible + - RestoreToTime + - RestoreType + - SnapshotIdentifier + - SourceDBClusterIdentifier + - SourceRegion + - StorageEncrypted + - UseLatestRestorableTime + x-conditional-create-only-properties: + - Engine + - GlobalClusterIdentifier + - MasterUsername + x-write-only-properties: + - DBInstanceParameterGroupName + - MasterUserPassword + - RestoreToTime + - RestoreType + - SnapshotIdentifier + - SourceDBClusterIdentifier + - SourceRegion + - UseLatestRestorableTime + x-read-only-properties: + - DBClusterArn + - DBClusterResourceId + - Endpoint + - Endpoint/Address + - Endpoint/Port + - ReadEndpoint/Port + - ReadEndpoint/Address + - MasterUserSecret/SecretArn + - StorageThroughput + x-required-permissions: + create: + - iam:CreateServiceLinkedRole + - iam:PassRole + - rds:AddRoleToDBCluster + - rds:AddTagsToResource + - rds:CreateDBCluster + - rds:CreateDBInstance + - rds:DescribeDBClusters + - rds:DescribeEvents + - rds:EnableHttpEndpoint + - rds:ModifyDBCluster + - rds:RestoreDBClusterFromSnapshot + - rds:RestoreDBClusterToPointInTime + - secretsmanager:CreateSecret + - secretsmanager:TagResource + read: + - rds:DescribeDBClusters + update: + - ec2:DescribeSecurityGroups + - iam:PassRole + - rds:AddRoleToDBCluster + - rds:AddTagsToResource + - rds:DescribeDBClusters + - rds:DescribeDBSubnetGroups + - rds:DescribeEvents + - rds:DescribeGlobalClusters + - rds:DisableHttpEndpoint + - rds:EnableHttpEndpoint + - rds:ModifyDBCluster + - rds:ModifyDBInstance + - rds:RemoveFromGlobalCluster + - rds:RemoveRoleFromDBCluster + - rds:RemoveTagsFromResource + - secretsmanager:CreateSecret + - secretsmanager:TagResource + delete: + - rds:CreateDBClusterSnapshot + - rds:DeleteDBCluster + - rds:DeleteDBInstance + - rds:DescribeDBClusters + - rds:DescribeGlobalClusters + - rds:RemoveFromGlobalCluster + list: + - rds:DescribeDBClusters + DBClusterParameterGroup: + type: object + properties: + Description: + description: A friendly description for this DB cluster parameter group. + type: string + Family: + description: The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a DB engine and engine version compatible with that DB cluster parameter group family. + type: string + Parameters: + description: An array of parameters to be modified. A maximum of 20 parameters can be modified in a single request. + type: object + DBClusterParameterGroupName: + type: string + pattern: ^[a-zA-Z]{1}(?:-?[a-zA-Z0-9])*$ + Tags: + description: The list of tags for the cluster parameter group. + type: array + maxItems: 50 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Description + - Family + - Parameters + x-stackql-resource-name: db_cluster_parameter_group + description: The AWS::RDS::DBClusterParameterGroup resource creates a new Amazon RDS DB cluster parameter group. For more information, see Managing an Amazon Aurora DB Cluster in the Amazon Aurora User Guide. + x-type-name: AWS::RDS::DBClusterParameterGroup + x-stackql-primary-identifier: + - DBClusterParameterGroupName + x-create-only-properties: + - DBClusterParameterGroupName + - Description + - Family + x-required-properties: + - Description + - Family + - Parameters + x-required-permissions: + create: + - iam:CreateServiceLinkedRole + - rds:AddTagsToResource + - rds:CreateDBClusterParameterGroup + - rds:DescribeDBClusterParameterGroups + - rds:DescribeDBClusterParameters + - rds:DescribeDBClusters + - rds:DescribeEngineDefaultClusterParameters + - rds:ListTagsForResource + - rds:ModifyDBClusterParameterGroup + - rds:RemoveTagsFromResource + read: + - rds:DescribeDBClusterParameterGroups + - rds:DescribeDBClusterParameters + - rds:DescribeEngineDefaultClusterParameters + - rds:ListTagsForResource + update: + - rds:AddTagsToResource + - rds:DescribeDBClusterParameterGroups + - rds:DescribeDBClusterParameters + - rds:DescribeDBClusters + - rds:DescribeEngineDefaultClusterParameters + - rds:ListTagsForResource + - rds:ModifyDBClusterParameterGroup + - rds:RemoveTagsFromResource + - rds:ResetDBClusterParameterGroup + delete: + - rds:DeleteDBClusterParameterGroup + list: + - rds:DescribeDBClusterParameterGroups + CertificateDetails: + type: object + additionalProperties: false + properties: + CAIdentifier: + type: string + description: The CA identifier of the CA certificate used for the DB instance's server certificate. + ValidTill: + type: string + format: date-time + description: The expiration date of the DB instance’s server certificate. + description: |- + Returns the details of the DB instance’s server certificate. + For more information, see [Using SSL/TLS to encrypt a connection to a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) in the *Amazon RDS User Guide* and [Using SSL/TLS to encrypt a connection to a DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) in the *Amazon Aurora User Guide*. + DBInstanceRole: + type: object + additionalProperties: false + properties: + FeatureName: + type: string + description: The name of the feature associated with the AWS Identity and Access Management (IAM) role. IAM roles that are associated with a DB instance grant permission for the DB instance to access other AWS services on your behalf. For the list of supported feature names, see the ``SupportedFeatureNames`` description in [DBEngineVersion](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DBEngineVersion.html) in the *Amazon RDS API Reference*. + RoleArn: + type: string + description: The Amazon Resource Name (ARN) of the IAM role that is associated with the DB instance. + required: + - FeatureName + - RoleArn + description: Information about an AWS Identity and Access Management (IAM) role that is associated with a DB instance. + ProcessorFeature: + type: object + additionalProperties: false + properties: + Name: + type: string + enum: + - coreCount + - threadsPerCore + description: The name of the processor feature. Valid names are ``coreCount`` and ``threadsPerCore``. + Value: + type: string + description: The value of a processor feature name. + description: The ``ProcessorFeature`` property type specifies the processor features of a DB instance class status. + DBInstance: + type: object + properties: + AllocatedStorage: + type: string + description: |- + The amount of storage in gibibytes (GiB) to be initially allocated for the database instance. + If any value is set in the ``Iops`` parameter, ``AllocatedStorage`` must be at least 100 GiB, which corresponds to the minimum Iops value of 1,000. If you increase the ``Iops`` value (in 1,000 IOPS increments), then you must also increase the ``AllocatedStorage`` value (in 100-GiB increments). + *Amazon Aurora* + Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume. + *Db2* + Constraints to the amount of storage for each storage type are the following: + + General Purpose (SSD) storage (gp3): Must be an integer from 20 to 64000. + + Provisioned IOPS storage (io1): Must be an integer from 100 to 64000. + + *MySQL* + Constraints to the amount of storage for each storage type are the following: + + General Purpose (SSD) storage (gp2): Must be an integer fro + pattern: ^[0-9]*$ + AllowMajorVersionUpgrade: + type: boolean + description: |- + A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. + Constraints: Major version upgrades must be allowed when specifying a value for the ``EngineVersion`` parameter that is a different major version than the DB instance's current version. + AssociatedRoles: + type: array + items: + $ref: '#/components/schemas/DBInstanceRole' + description: |- + The IAMlong (IAM) roles associated with the DB instance. + *Amazon Aurora* + Not applicable. The associated roles are managed by the DB cluster. + AutoMinorVersionUpgrade: + type: boolean + description: A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically. + AutomaticBackupReplicationRegion: + type: string + description: The destination region for the backup replication of the DB instance. For more info, see [Replicating automated backups to another Region](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html) in the *Amazon RDS User Guide*. + AvailabilityZone: + type: string + description: |- + The Availability Zone (AZ) where the database will be created. For information on AWS-Regions and Availability Zones, see [Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html). + For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one. + Default: A random, system-chosen Availability Zone in the endpoint's AWS-Region. + Constraints: + + The ``AvailabilityZone`` parameter can't be specified if the DB instance is a Multi-AZ deployment. + + The specified Availability Zone must be in the same AWS-Region as the current endpoint. + + Example: ``us-east-1d`` + BackupRetentionPeriod: + type: integer + minimum: 0 + default: 1 + description: |- + The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups. + *Amazon Aurora* + Not applicable. The retention period for automated backups is managed by the DB cluster. + Default: 1 + Constraints: + + Must be a value from 0 to 35 + + Can't be set to 0 if the DB instance is a source to read replicas + CACertificateIdentifier: + type: string + description: |- + The identifier of the CA certificate for this DB instance. + For more information, see [Using SSL/TLS to encrypt a connection to a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) in the *Amazon RDS User Guide* and [Using SSL/TLS to encrypt a connection to a DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) in the *Amazon Aurora User Guide*. + CertificateDetails: + $ref: '#/components/schemas/CertificateDetails' + description: The details of the DB instance's server certificate. + CertificateRotationRestart: + type: boolean + description: |- + Specifies whether the DB instance is restarted when you rotate your SSL/TLS certificate. + By default, the DB instance is restarted when you rotate your SSL/TLS certificate. The certificate is not updated until the DB instance is restarted. + Set this parameter only if you are *not* using SSL/TLS to connect to the DB instance. + If you are using SSL/TLS to connect to the DB instance, follow the appropriate instructions for your DB engine to rotate your SSL/TLS certificate: + + For more information about rotating your SSL/TLS certificate for RDS DB engines, see [Rotating Your SSL/TLS Certificate.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon RDS User Guide.* + + For more information about rotating your SSL/TLS certificate for Aurora DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon Aurora User Gui + CharacterSetName: + type: string + description: |- + For supported engines, indicates that the DB instance should be associated with the specified character set. + *Amazon Aurora* + Not applicable. The character set is managed by the DB cluster. For more information, see [AWS::RDS::DBCluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html). + CopyTagsToSnapshot: + type: boolean + description: |- + Specifies whether to copy tags from the DB instance to snapshots of the DB instance. By default, tags are not copied. + This setting doesn't apply to Amazon Aurora DB instances. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting. + CustomIAMInstanceProfile: + type: string + description: |- + The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. + This setting is required for RDS Custom. + Constraints: + + The profile must exist in your account. + + The profile must have an IAM role that Amazon EC2 has permissions to assume. + + The instance profile name and the associated IAM role name must start with the prefix ``AWSRDSCustom``. + + For the list of permissions required for the IAM role, see [Configure IAM and your VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc) in the *Amazon RDS User Guide*. + DBClusterIdentifier: + type: string + description: The identifier of the DB cluster that the instance will belong to. + DBClusterSnapshotIdentifier: + type: string + description: |- + The identifier for the RDS for MySQL Multi-AZ DB cluster snapshot to restore from. + For more information on Multi-AZ DB clusters, see [Multi-AZ DB cluster deployments](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) in the *Amazon RDS User Guide*. + Constraints: + + Must match the identifier of an existing Multi-AZ DB cluster snapshot. + + Can't be specified when ``DBSnapshotIdentifier`` is specified. + + Must be specified when ``DBSnapshotIdentifier`` isn't specified. + + If you are restoring from a shared manual Multi-AZ DB cluster snapshot, the ``DBClusterSnapshotIdentifier`` must be the ARN of the shared snapshot. + + Can't be the identifier of an Aurora DB cluster snapshot. + + Can't be the identifier of an RDS for PostgreSQL Multi-AZ DB cluster snapshot. + DBInstanceArn: + type: string + description: '' + DBInstanceClass: + type: string + description: |- + The compute and memory capacity of the DB instance, for example, ``db.m4.large``. Not all DB instance classes are available in all AWS Regions, or for all database engines. + For the full list of DB instance classes, and availability for your engine, see [DB Instance Class](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) in the *Amazon RDS User Guide.* For more information about DB instance class pricing and AWS Region support for DB instance classes, see [Amazon RDS Pricing](https://docs.aws.amazon.com/rds/pricing/). + DBInstanceIdentifier: + type: string + pattern: ^$|^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ + minLength: 1 + maxLength: 63 + description: |- + A name for the DB instance. If you specify a name, AWS CloudFormation converts it to lowercase. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the DB instance. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). + For information about constraints that apply to DB instance identifiers, see [Naming constraints in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon RDS User Guide*. + If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + DbiResourceId: + type: string + description: '' + DBName: + type: string + description: |- + The meaning of this parameter differs according to the database engine you use. + If you specify the ``DBSnapshotIdentifier`` property, this property only applies to RDS for Oracle. + *Amazon Aurora* + Not applicable. The database name is managed by the DB cluster. + *Db2* + The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance. + Constraints: + + Must contain 1 to 64 letters or numbers. + + Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). + + Can't be a word reserved by the specified database engine. + + *MySQL* + The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. + Constraints: + + Must contain 1 to 64 letters or numbers. + + Can't be a word reserved by the specified database engine + + *MariaDB* + The name of the database to create when the DB instance is + DBParameterGroupName: + type: string + description: |- + The name of an existing DB parameter group or a reference to an [AWS::RDS::DBParameterGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbparametergroup.html) resource created in the template. + To list all of the available DB parameter group names, use the following command: + ``aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName" --output text`` + If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot. + If you don't specify a value for ``DBParameterGroupName`` property, the default DB parameter group for the specified engine and engine version is used. + DBSecurityGroups: + type: array + uniqueItems: true + items: + type: string + description: |- + A list of the DB security groups to assign to the DB instance. The list can include both the name of existing DB security groups or references to AWS::RDS::DBSecurityGroup resources created in the template. + If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice versa. Also, note that the DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups. + If you specify this property, AWS CloudFormation sends only the following properties (if specified) to Amazon RDS during create operations: + + ``AllocatedStorage`` + + ``AutoMinorVersionUpgrade`` + + ``AvailabilityZone`` + + ``BackupRetentionPeriod`` + + ``CharacterSetName`` + + ``DBInstanceClass`` + + ``DBName`` + + ``DBParameterGroupName`` + + ``DBSecurityGroups`` + + ``DBSubnetGroupName`` + + ``Engine`` + + ``EngineVersion`` + + ``Iops`` + + ``LicenseModel`` + + + DBSnapshotIdentifier: + type: string + description: |- + The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. + By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. + Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazo + DBSubnetGroupName: + type: string + description: |- + A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. + If there's no DB subnet group, then the DB instance isn't a VPC DB instance. + For more information about using Amazon RDS in a VPC, see [Using Amazon RDS with Amazon Virtual Private Cloud (VPC)](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*. + *Amazon Aurora* + Not applicable. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting. + DBSystemId: + type: string + description: The Oracle system identifier (SID), which is the name of the Oracle database instance that manages your database files. In this context, the term "Oracle database instance" refers exclusively to the system global area (SGA) and Oracle background processes. If you don't specify a SID, the value defaults to ``RDSCDB``. The Oracle SID is also the name of your CDB. + DedicatedLogVolume: + type: boolean + description: Indicates whether the DB instance has a dedicated log volume (DLV) enabled. + DeleteAutomatedBackups: + type: boolean + description: |- + A value that indicates whether to remove automated backups immediately after the DB instance is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB instance is deleted. + *Amazon Aurora* + Not applicable. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the DB cluster are not deleted. + DeletionProtection: + type: boolean + description: |- + A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see [Deleting a DB Instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). + *Amazon Aurora* + Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see ``CreateDBCluster``. DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster. + Domain: + type: string + description: |- + The Active Directory directory ID to create the DB instance in. Currently, only Db2, MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain. + For more information, see [Kerberos Authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) in the *Amazon RDS User Guide*. + DomainAuthSecretArn: + type: string + description: |- + The ARN for the Secrets Manager secret with the credentials for the user joining the domain. + Example: ``arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456`` + DomainDnsIps: + type: array + items: + type: string + description: |- + The IPv4 DNS IP addresses of your primary and secondary Active Directory domain controllers. + Constraints: + + Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. + + Example: ``123.124.125.126,234.235.236.237`` + DomainFqdn: + type: string + description: |- + The fully qualified domain name (FQDN) of an Active Directory domain. + Constraints: + + Can't be longer than 64 characters. + + Example: ``mymanagedADtest.mymanagedAD.mydomain`` + DomainIAMRoleName: + type: string + description: |- + The name of the IAM role to use when making API calls to the Directory Service. + This setting doesn't apply to the following DB instances: + + Amazon Aurora (The domain is managed by the DB cluster.) + + RDS Custom + DomainOu: + type: string + description: |- + The Active Directory organizational unit for your DB instance to join. + Constraints: + + Must be in the distinguished name format. + + Can't be longer than 64 characters. + + Example: ``OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain`` + EnableCloudwatchLogsExports: + type: array + items: + type: string + description: |- + The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see [Publishing Database Logs to Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) in the *Amazon Relational Database Service User Guide*. + *Amazon Aurora* + Not applicable. CloudWatch Logs exports are managed by the DB cluster. + *Db2* + Valid values: ``diag.log``, ``notify.log`` + *MariaDB* + Valid values: ``audit``, ``error``, ``general``, ``slowquery`` + *Microsoft SQL Server* + Valid values: ``agent``, ``error`` + *MySQL* + Valid values: ``audit``, ``error``, ``general``, ``slowquery`` + *Oracle* + Valid values: ``alert``, ``audit``, ``listener``, ``trace``, ``oemagent`` + *PostgreSQL* + Valid values: ``postgresql``, ``upgrade`` + EnableIAMDatabaseAuthentication: + type: boolean + description: |- + A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. + This property is supported for RDS for MariaDB, RDS for MySQL, and RDS for PostgreSQL. For more information, see [IAM Database Authentication for MariaDB, MySQL, and PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) in the *Amazon RDS User Guide.* + *Amazon Aurora* + Not applicable. Mapping AWS IAM accounts to database accounts is managed by the DB cluster. + EnablePerformanceInsights: + type: boolean + description: |- + Specifies whether to enable Performance Insights for the DB instance. For more information, see [Using Amazon Performance Insights](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) in the *Amazon RDS User Guide*. + This setting doesn't apply to RDS Custom DB instances. + Endpoint: + $ref: '#/components/schemas/Endpoint' + description: |- + The connection endpoint for the DB instance. + The endpoint might not be shown for instances with the status of ``creating``. + Engine: + type: string + description: |- + The name of the database engine that you want to use for this DB instance. + Not every database engine is available in every AWS Region. + When you are creating a DB instance, the ``Engine`` property is required. + Valid Values: + + ``aurora-mysql`` (for Aurora MySQL DB instances) + + ``aurora-postgresql`` (for Aurora PostgreSQL DB instances) + + ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances) + + ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances) + + ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances) + + ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances) + + ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances) + + ``db2-ae`` + + ``db2-se`` + + ``mariadb`` + + ``mysql`` + + ``oracle-ee`` + + ``oracle-ee-cdb`` + + ``oracle-se2`` + + ``oracle-se2-cdb`` + + ``postgres`` + + ``sqlserver-ee`` + + ``sqlserver-se`` + + ``sqlserver-ex`` + + ``sqlserver-web`` + EngineVersion: + type: string + description: |- + The version number of the database engine to use. + For a list of valid engine versions, use the ``DescribeDBEngineVersions`` action. + The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region. + *Amazon Aurora* + Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster. + *Db2* + See [Amazon RDS for Db2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* + *MariaDB* + See [MariaDB on Amazon RDS Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* + *Microsoft SQL Server* + See [Microsoft SQL Server Versions on Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSu + ManageMasterUserPassword: + type: boolean + description: |- + Specifies whether to manage the master user password with AWS Secrets Manager. + For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.* + Constraints: + + Can't manage the master user password with AWS Secrets Manager if ``MasterUserPassword`` is specified. + Iops: + type: integer + description: |- + The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. + If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GiB of storage (a ratio of 5:1), or specify 2000 IOPS with 200 GiB of storage (a ratio of 10:1). For more information, see [Amazon RDS Provisioned IOPS Storage to Improve Performance](https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/CHAP_Storage.html#USER_PIOPS) in the *Amazon RDS User Guide*. + If you specify ``io1`` for the ``StorageType`` property, then you must also specify the ``Iops`` property. + Constraints: + + For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple between .5 and 50 of the storage amount for the DB instance. + + For RDS for SQL Server - Must be a multip + KmsKeyId: + type: string + description: |- + The ARN of the AWS KMS key that's used to encrypt the DB instance, such as ``arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef``. If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true. + If you specify the ``SourceDBInstanceIdentifier`` property, the value is inherited from the source DB instance if the read replica is created in the same region. + If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region. + If you specify the ``SnapshotIdentifier`` property, the ``StorageEncrypted`` property value is inherited from the snapshot, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is us + LicenseModel: + type: string + description: |- + License model information for this DB instance. + Valid Values: + + Aurora MySQL - ``general-public-license`` + + Aurora PostgreSQL - ``postgresql-license`` + + RDS for Db2 - ``bring-your-own-license``. For more information about RDS for Db2 licensing, see [](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html) in the *Amazon RDS User Guide.* + + RDS for MariaDB - ``general-public-license`` + + RDS for Microsoft SQL Server - ``license-included`` + + RDS for MySQL - ``general-public-license`` + + RDS for Oracle - ``bring-your-own-license`` or ``license-included`` + + RDS for PostgreSQL - ``postgresql-license`` + + If you've specified ``DBSecurityGroups`` and then you update the license model, AWS CloudFormation replaces the underlying DB instance. This will incur some interruptions to database availability. + MasterUsername: + type: string + pattern: ^[a-zA-Z][a-zA-Z0-9_]{0,127}$ + description: |- + The master user name for the DB instance. + If you specify the ``SourceDBInstanceIdentifier`` or ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the source DB instance or snapshot. + When migrating a self-managed Db2 database, we recommend that you use the same master username as your self-managed Db2 instance name. + *Amazon Aurora* + Not applicable. The name for the master user is managed by the DB cluster. + *RDS for Db2* + Constraints: + + Must be 1 to 16 letters or numbers. + + First character must be a letter. + + Can't be a reserved word for the chosen database engine. + + *RDS for MariaDB* + Constraints: + + Must be 1 to 16 letters or numbers. + + Can't be a reserved word for the chosen database engine. + + *RDS for Microsoft SQL Server* + Constraints: + + Must be 1 to 128 letters or numbers. + + First character must be a letter. + + Can't be a reserved word for the chosen database engine. + + *RDS for MySQL* + Constrain + minLength: 1 + maxLength: 128 + MasterUserPassword: + type: string + description: |- + The password for the master user. The password can include any printable ASCII character except "/", """, or "@". + *Amazon Aurora* + Not applicable. The password for the master user is managed by the DB cluster. + *RDS for Db2* + Must contain from 8 to 255 characters. + *RDS for MariaDB* + Constraints: Must contain from 8 to 41 characters. + *RDS for Microsoft SQL Server* + Constraints: Must contain from 8 to 128 characters. + *RDS for MySQL* + Constraints: Must contain from 8 to 41 characters. + *RDS for Oracle* + Constraints: Must contain from 8 to 30 characters. + *RDS for PostgreSQL* + Constraints: Must contain from 8 to 128 characters. + MasterUserSecret: + $ref: '#/components/schemas/MasterUserSecret' + description: |- + The secret managed by RDS in AWS Secrets Manager for the master user password. + For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.* + MaxAllocatedStorage: + type: integer + description: |- + The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance. + For more information about this setting, including limitations that apply to it, see [Managing capacity automatically with Amazon RDS storage autoscaling](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) in the *Amazon RDS User Guide*. + This setting doesn't apply to the following DB instances: + + Amazon Aurora (Storage is managed by the DB cluster.) + + RDS Custom + MonitoringInterval: + type: integer + default: 0 + description: |- + The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify 0. The default is 0. + If ``MonitoringRoleArn`` is specified, then you must set ``MonitoringInterval`` to a value other than 0. + This setting doesn't apply to RDS Custom. + Valid Values: ``0, 1, 5, 10, 15, 30, 60`` + MonitoringRoleArn: + type: string + description: |- + The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, ``arn:aws:iam:123456789012:role/emaccess``. For information on creating a monitoring role, see [Setting Up and Enabling Enhanced Monitoring](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) in the *Amazon RDS User Guide*. + If ``MonitoringInterval`` is set to a value other than ``0``, then you must supply a ``MonitoringRoleArn`` value. + This setting doesn't apply to RDS Custom DB instances. + MultiAZ: + type: boolean + description: |- + Specifies whether the database instance is a Multi-AZ DB instance deployment. You can't set the ``AvailabilityZone`` parameter if the ``MultiAZ`` parameter is set to true. + For more information, see [Multi-AZ deployments for high availability](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html) in the *Amazon RDS User Guide*. + *Amazon Aurora* + Not applicable. Amazon Aurora storage is replicated across all of the Availability Zones and doesn't require the ``MultiAZ`` option to be set. + NcharCharacterSetName: + type: string + description: |- + The name of the NCHAR character set for the Oracle DB instance. + This setting doesn't apply to RDS Custom DB instances. + NetworkType: + description: |- + The network type of the DB instance. + Valid values: + + ``IPV4`` + + ``DUAL`` + + The network type is determined by the ``DBSubnetGroup`` specified for the DB instance. A ``DBSubnetGroup`` can support only the IPv4 protocol or the IPv4 and IPv6 protocols (``DUAL``). + For more information, see [Working with a DB instance in a VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) in the *Amazon RDS User Guide.* + type: string + OptionGroupName: + type: string + description: |- + Indicates that the DB instance should be associated with the specified option group. + Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance once it is associated with a DB instance. + PerformanceInsightsKMSKeyId: + type: string + description: |- + The AWS KMS key identifier for encryption of Performance Insights data. + The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. + If you do not specify a value for ``PerformanceInsightsKMSKeyId``, then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS account. Your AWS account has a different default KMS key for each AWS Region. + For information about enabling Performance Insights, see [EnablePerformanceInsights](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-enableperformanceinsights). + PerformanceInsightsRetentionPeriod: + type: integer + description: |- + The number of days to retain Performance Insights data. + This setting doesn't apply to RDS Custom DB instances. + Valid Values: + + ``7`` + + *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31) + + ``731`` + + Default: ``7`` days + If you specify a retention period that isn't valid, such as ``94``, Amazon RDS returns an error. + Port: + type: string + description: |- + The port number on which the database accepts connections. + *Amazon Aurora* + Not applicable. The port number is managed by the DB cluster. + *Db2* + Default value: ``50000`` + pattern: ^\d*$ + PreferredBackupWindow: + type: string + description: |- + The daily time range during which automated backups are created if automated backups are enabled, using the ``BackupRetentionPeriod`` parameter. For more information, see [Backup Window](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) in the *Amazon RDS User Guide.* + Constraints: + + Must be in the format ``hh24:mi-hh24:mi``. + + Must be in Universal Coordinated Time (UTC). + + Must not conflict with the preferred maintenance window. + + Must be at least 30 minutes. + + *Amazon Aurora* + Not applicable. The daily time range for creating automated backups is managed by the DB cluster. + PreferredMaintenanceWindow: + type: string + description: |- + The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). + Format: ``ddd:hh24:mi-ddd:hh24:mi`` + The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Adjusting the Preferred DB Instance Maintenance Window](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow) in the *Amazon RDS User Guide.* + This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately. + Constraints: Minimum 30-minute window. + ProcessorFeatures: + type: array + items: + $ref: '#/components/schemas/ProcessorFeature' + description: |- + The number of CPU cores and the number of threads per core for the DB instance class of the DB instance. + This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. + PromotionTier: + type: integer + minimum: 0 + default: 1 + description: |- + The order of priority in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see [Fault Tolerance for an Aurora DB Cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance) in the *Amazon Aurora User Guide*. + This setting doesn't apply to RDS Custom DB instances. + Default: ``1`` + Valid Values: ``0 - 15`` + PubliclyAccessible: + type: boolean + description: |- + Indicates whether the DB instance is an internet-facing instance. If you specify true, AWS CloudFormation creates an instance with a publicly resolvable DNS name, which resolves to a public IP address. If you specify false, AWS CloudFormation creates an internal instance with a DNS name that resolves to a private IP address. + The default behavior value depends on your VPC setup and the database subnet group. For more information, see the ``PubliclyAccessible`` parameter in the [CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) in the *Amazon RDS API Reference*. + ReplicaMode: + description: |- + The open mode of an Oracle read replica. For more information, see [Working with Oracle Read Replicas for Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html) in the *Amazon RDS User Guide*. + This setting is only supported in RDS for Oracle. + Default: ``open-read-only`` + Valid Values: ``open-read-only`` or ``mounted`` + type: string + RestoreTime: + description: |- + The date and time to restore from. + Constraints: + + Must be a time in Universal Coordinated Time (UTC) format. + + Must be before the latest restorable time for the DB instance. + + Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled. + + Example: ``2009-09-07T23:45:00Z`` + type: string + format: date-time + SourceDBClusterIdentifier: + description: |- + The identifier of the Multi-AZ DB cluster that will act as the source for the read replica. Each DB cluster can have up to 15 read replicas. + Constraints: + + Must be the identifier of an existing Multi-AZ DB cluster. + + Can't be specified if the ``SourceDBInstanceIdentifier`` parameter is also specified. + + The specified DB cluster must have automatic backups enabled, that is, its backup retention period must be greater than 0. + + The source DB cluster must be in the same AWS-Region as the read replica. Cross-Region replication isn't supported. + type: string + SourceDbiResourceId: + type: string + description: The resource ID of the source DB instance from which to restore. + SourceDBInstanceAutomatedBackupsArn: + type: string + description: |- + The Amazon Resource Name (ARN) of the replicated automated backups from which to restore, for example, ``arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE``. + This setting doesn't apply to RDS Custom. + SourceDBInstanceIdentifier: + type: string + description: |- + If you want to create a read replica DB instance, specify the ID of the source DB instance. Each DB instance can have a limited number of read replicas. For more information, see [Working with Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/USER_ReadRepl.html) in the *Amazon RDS User Guide*. + For information about constraints that apply to DB instance identifiers, see [Naming constraints in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon RDS User Guide*. + The ``SourceDBInstanceIdentifier`` property determines whether a DB instance is a read replica. If you remove the ``SourceDBInstanceIdentifier`` property from your template and then update your stack, AWS CloudFormation promotes the Read Replica to a standalone DB instance. + + If you specify a source DB instance that uses VPC security groups, we recommend that you specify the ``VPCSecurityGroups`` property. If you don't specify the + SourceRegion: + type: string + description: The ID of the region that contains the source DB instance for the read replica. + StorageEncrypted: + type: boolean + description: |- + A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted. + If you specify the ``KmsKeyId`` property, then you must enable encryption. + If you specify the ``SourceDBInstanceIdentifier`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. + If you specify the ``DBSnapshotIdentifier`` and the specified snapshot is encrypted, don't specify this property. The value is inherited from the snapshot, and the specified ``KmsKeyId`` property is used. + If you specify the ``DBSnapshotIdentifier`` and the specified snapshot isn't encrypted, you can use this property to specify that the restored DB instance is encrypted. Specify the ``KmsKeyId`` property for the KMS key to use for encryption. If you don't want the restored DB instance to be encrypted, then don't set this property or set it to ``false``. + *Amazon Aurora* + Not applicable. The encrypt + StorageType: + type: string + description: |- + Specifies the storage type to be associated with the DB instance. + Valid values: ``gp2 | gp3 | io1 | standard`` + The ``standard`` value is also known as magnetic. + If you specify ``io1`` or ``gp3``, you must also include a value for the ``Iops`` parameter. + Default: ``io1`` if the ``Iops`` parameter is specified, otherwise ``gp2`` + For more information, see [Amazon RDS DB Instance Storage](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html) in the *Amazon RDS User Guide*. + *Amazon Aurora* + Not applicable. Aurora data is stored in the cluster volume, which is a single, virtual volume that uses solid state drives (SSDs). + StorageThroughput: + type: integer + description: |- + Specifies the storage throughput value for the DB instance. This setting applies only to the ``gp3`` storage type. + This setting doesn't apply to RDS Custom or Amazon Aurora. + Tags: + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + description: An optional array of key-value pairs to apply to this DB instance. + TdeCredentialArn: + type: string + description: '' + TdeCredentialPassword: + type: string + description: '' + Timezone: + type: string + description: The time zone of the DB instance. The time zone parameter is currently supported only by [Microsoft SQL Server](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone). + UseDefaultProcessorFeatures: + type: boolean + description: |- + Specifies whether the DB instance class of the DB instance uses its default processor features. + This setting doesn't apply to RDS Custom DB instances. + UseLatestRestorableTime: + type: boolean + description: |- + Specifies whether the DB instance is restored from the latest backup time. By default, the DB instance isn't restored from the latest backup time. + Constraints: + + Can't be specified if the ``RestoreTime`` parameter is provided. + VPCSecurityGroups: + type: array + uniqueItems: true + items: + type: string + description: |- + A list of the VPC security group IDs to assign to the DB instance. The list can include both the physical IDs of existing VPC security groups and references to [AWS::EC2::SecurityGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html) resources created in the template. + If you plan to update the resource, don't specify VPC security groups in a shared VPC. + If you set ``VPCSecurityGroups``, you must not set [DBSecurityGroups](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsecuritygroups), and vice versa. + You can migrate a DB instance in your stack from an RDS DB security group to a VPC security group, but keep the following in mind: + + You can't revert to using an RDS security group after you establish a VPC security group membership. + + When you migrate your DB instance to VPC security groups, if your stack update rolls back because the DB instanc + x-stackql-resource-name: db_instance + description: |- + The ``AWS::RDS::DBInstance`` resource creates an Amazon DB instance. The new DB instance can be an RDS DB instance, or it can be a DB instance in an Aurora DB cluster. + For more information about creating an RDS DB instance, see [Creating an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html) in the *Amazon RDS User Guide*. + For more information about creating a DB instance in an Aurora DB cluster, see [Creating an Amazon Aurora DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.CreateInstance.html) in the *Amazon Aurora User Guide*. + If you import an existing DB instance, and the template configuration doesn't match the actual configuration of the DB instance, AWS CloudFormation applies the changes in the template during the import operation. + If a DB instance is deleted or replaced during an update, AWS CloudFormation deletes all automated snapshots. However, it retains manual DB snapshots. During an + x-type-name: AWS::RDS::DBInstance + x-stackql-primary-identifier: + - DBInstanceIdentifier + x-create-only-properties: + - CharacterSetName + - CustomIAMInstanceProfile + - DBClusterIdentifier + - DBInstanceIdentifier + - DBName + - DBSubnetGroupName + - KmsKeyId + - MasterUsername + - NcharCharacterSetName + - Port + - SourceRegion + - StorageEncrypted + - Timezone + x-conditional-create-only-properties: + - AutoMinorVersionUpgrade + - AvailabilityZone + - BackupRetentionPeriod + - DBClusterSnapshotIdentifier + - DBParameterGroupName + - DBSnapshotIdentifier + - Engine + - MultiAZ + - PerformanceInsightsKMSKeyId + - PreferredMaintenanceWindow + - RestoreTime + - SourceDBClusterIdentifier + - SourceDBInstanceAutomatedBackupsArn + - SourceDBInstanceIdentifier + - SourceDbiResourceId + - StorageType + - UseLatestRestorableTime + x-write-only-properties: + - AllowMajorVersionUpgrade + - CertificateRotationRestart + - DBSnapshotIdentifier + - DeleteAutomatedBackups + - MasterUserPassword + - Port + - RestoreTime + - SourceDBInstanceAutomatedBackupsArn + - SourceDBInstanceIdentifier + - SourceDbiResourceId + - SourceRegion + - TdeCredentialPassword + - UseDefaultProcessorFeatures + - UseLatestRestorableTime + x-read-only-properties: + - Endpoint/Address + - Endpoint/Port + - Endpoint/HostedZoneId + - DbiResourceId + - DBInstanceArn + - DBSystemId + - MasterUserSecret/SecretArn + - CertificateDetails/CAIdentifier + - CertificateDetails/ValidTill + x-required-permissions: + create: + - ec2:DescribeAccountAttributes + - ec2:DescribeAvailabilityZones + - ec2:DescribeInternetGateways + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcAttribute + - ec2:DescribeVpcs + - iam:CreateServiceLinkedRole + - iam:GetRole + - iam:ListRoles + - iam:PassRole + - kms:CreateGrant + - kms:DescribeKey + - rds:AddRoleToDBInstance + - rds:AddTagsToResource + - rds:CreateDBInstance + - rds:CreateDBInstanceReadReplica + - rds:DescribeDBInstances + - rds:DescribeDBClusters + - rds:DescribeDBClusterSnapshots + - rds:DescribeDBInstanceAutomatedBackups + - rds:DescribeDBSnapshots + - rds:DescribeEvents + - rds:ModifyDBInstance + - rds:RebootDBInstance + - rds:RestoreDBInstanceFromDBSnapshot + - rds:RestoreDBInstanceToPointInTime + - rds:StartDBInstanceAutomatedBackupsReplication + - secretsmanager:CreateSecret + - secretsmanager:TagResource + read: + - ec2:DescribeAccountAttributes + - ec2:DescribeAvailabilityZones + - ec2:DescribeInternetGateways + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcAttribute + - ec2:DescribeVpcs + - rds:DescribeDBInstances + update: + - ec2:DescribeAccountAttributes + - ec2:DescribeAvailabilityZones + - ec2:DescribeInternetGateways + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcAttribute + - ec2:DescribeVpcs + - iam:CreateServiceLinkedRole + - iam:GetRole + - iam:ListRoles + - iam:PassRole + - kms:CreateGrant + - kms:DescribeKey + - rds:AddRoleToDBInstance + - rds:AddTagsToResource + - rds:DescribeDBClusters + - rds:DescribeDBEngineVersions + - rds:DescribeDBInstances + - rds:DescribeDBParameterGroups + - rds:DescribeEvents + - rds:ModifyDBInstance + - rds:PromoteReadReplica + - rds:RebootDBInstance + - rds:RemoveRoleFromDBInstance + - rds:RemoveTagsFromResource + - rds:StartDBInstanceAutomatedBackupsReplication + - rds:StopDBInstanceAutomatedBackupsReplication + - secretsmanager:CreateSecret + - secretsmanager:TagResource + delete: + - rds:CreateDBSnapshot + - rds:DeleteDBInstance + - rds:DescribeDBInstances + list: + - rds:DescribeDBInstances + DBParameterGroup: + type: object + properties: + DBParameterGroupName: + description: |- + The name of the DB parameter group. + Constraints: + + Must be 1 to 255 letters, numbers, or hyphens. + + First character must be a letter + + Can't end with a hyphen or contain two consecutive hyphens + + If you don't specify a value for ``DBParameterGroupName`` property, a name is automatically created for the DB parameter group. + This value is stored as a lowercase string. + type: string + pattern: ^[a-zA-Z]{1}(?:-?[a-zA-Z0-9])*$ + Description: + description: Provides the customer-specified description for this DB parameter group. + type: string + Family: + description: |- + The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a DB engine and engine version compatible with that DB parameter group family. + The DB parameter group family can't be changed when updating a DB parameter group. + To list all of the available parameter group families, use the following command: + ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"`` + The output contains duplicates. + For more information, see ``CreateDBParameterGroup``. + type: string + Parameters: + description: |- + An array of parameter names and values for the parameter update. At least one parameter name and value must be supplied. Subsequent arguments are optional. + RDS for Db2 requires you to bring your own Db2 license. You must enter your IBM customer ID (``rds.ibm_customer_id``) and site number (``rds.ibm_site_id``) before starting a Db2 instance. + For more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see [Working with DB Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide*. + For more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see [Working with DB Parameter Groups and DB Cluster Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*. + AWS CloudFormation doesn't support specifying an apply method for each individual + type: object + Tags: + description: |- + An optional array of key-value pairs to apply to this DB parameter group. + Currently, this is the only property that supports drift detection. + type: array + maxItems: 50 + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Family + - Description + x-stackql-resource-name: db_parameter_group + description: |- + The ``AWS::RDS::DBParameterGroup`` resource creates a custom parameter group for an RDS database family. + This type can be declared in a template and referenced in the ``DBParameterGroupName`` property of an ``AWS::RDS::DBInstance`` resource. + For information about configuring parameters for Amazon RDS DB instances, see [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide*. + For information about configuring parameters for Amazon Aurora DB instances, see [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*. + Applying a parameter group to a DB instance may require the DB instance to reboot, resulting in a database outage for the duration of the reboot. + x-type-name: AWS::RDS::DBParameterGroup + x-stackql-primary-identifier: + - DBParameterGroupName + x-create-only-properties: + - DBParameterGroupName + - Description + - Family + x-required-properties: + - Family + - Description + x-required-permissions: + create: + - iam:CreateServiceLinkedRole + - rds:AddTagsToResource + - rds:CreateDBParameterGroup + - rds:DescribeDBParameterGroups + - rds:DescribeDBParameters + - rds:DescribeEngineDefaultParameters + - rds:ListTagsForResource + - rds:ModifyDBParameterGroup + - rds:RemoveTagsFromResource + read: + - rds:DescribeDBParameterGroups + - rds:DescribeDBParameters + - rds:DescribeEngineDefaultParameters + - rds:ListTagsForResource + update: + - rds:AddTagsToResource + - rds:DescribeDBParameterGroups + - rds:DescribeDBParameters + - rds:DescribeEngineDefaultParameters + - rds:ListTagsForResource + - rds:ModifyDBParameterGroup + - rds:ResetDBParameterGroup + - rds:RemoveTagsFromResource + delete: + - rds:DeleteDBParameterGroup + list: + - rds:DescribeDBParameterGroups + AuthFormat: + type: object + properties: + AuthScheme: + description: 'The type of authentication that the proxy uses for connections from the proxy to the underlying database. ' + type: string + enum: + - SECRETS + Description: + description: 'A user-specified description about the authentication used by a proxy to log in as a specific database user. ' + type: string + IAMAuth: + description: Whether to require or disallow Amazon Web Services Identity and Access Management (IAM) authentication for connections to the proxy. The ENABLED value is valid only for proxies with RDS for Microsoft SQL Server. + type: string + enum: + - DISABLED + - REQUIRED + - ENABLED + SecretArn: + description: 'The Amazon Resource Name (ARN) representing the secret that the proxy uses to authenticate to the RDS DB instance or Aurora DB cluster. These secrets are stored within Amazon Secrets Manager. ' + type: string + ClientPasswordAuthType: + description: The type of authentication the proxy uses for connections from clients. + type: string + enum: + - MYSQL_NATIVE_PASSWORD + - POSTGRES_SCRAM_SHA_256 + - POSTGRES_MD5 + - SQL_SERVER_AUTHENTICATION + additionalProperties: false + TagFormat: + type: object + properties: + Key: + type: string + pattern: (\w|\d|\s|\\|-|\.:=+-)* + maxLength: 128 + Value: + type: string + pattern: (\w|\d|\s|\\|-|\.:=+-)* + maxLength: 128 + additionalProperties: false + DBProxy: + type: object + properties: + Auth: + description: The authorization mechanism that the proxy uses. + type: array + x-insertionOrder: false + minItems: 1 + items: + $ref: '#/components/schemas/AuthFormat' + DBProxyArn: + description: The Amazon Resource Name (ARN) for the proxy. + type: string + DBProxyName: + description: The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region. + type: string + pattern: '[0-z]*' + maxLength: 64 + DebugLogging: + description: Whether the proxy includes detailed information about SQL statements in its logs. + type: boolean + Endpoint: + description: The endpoint that you can use to connect to the proxy. You include the endpoint value in the connection string for a database client application. + type: string + EngineFamily: + description: The kinds of databases that the proxy can connect to. + type: string + enum: + - MYSQL + - POSTGRESQL + - SQLSERVER + IdleClientTimeout: + description: The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. + type: integer + RequireTLS: + description: A Boolean parameter that specifies whether Transport Layer Security (TLS) encryption is required for connections to the proxy. + type: boolean + RoleArn: + description: The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager. + type: string + Tags: + description: An optional set of key-value pairs to associate arbitrary data of your choosing with the proxy. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/TagFormat' + VpcId: + description: VPC ID to associate with the new DB proxy. + type: string + VpcSecurityGroupIds: + description: VPC security group IDs to associate with the new proxy. + type: array + x-insertionOrder: false + minItems: 1 + items: + type: string + VpcSubnetIds: + description: VPC subnet IDs to associate with the new proxy. + type: array + x-insertionOrder: false + minItems: 2 + items: + type: string + required: + - Auth + - DBProxyName + - EngineFamily + - RoleArn + - VpcSubnetIds + x-stackql-resource-name: db_proxy + description: Resource schema for AWS::RDS::DBProxy + x-type-name: AWS::RDS::DBProxy + x-stackql-primary-identifier: + - DBProxyName + x-create-only-properties: + - DBProxyName + - EngineFamily + - VpcSubnetIds + x-read-only-properties: + - DBProxyArn + - Endpoint + - VpcId + x-required-properties: + - Auth + - DBProxyName + - EngineFamily + - RoleArn + - VpcSubnetIds + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - rds:CreateDBProxy + - rds:DescribeDBProxies + - iam:PassRole + read: + - rds:DescribeDBProxies + update: + - rds:ModifyDBProxy + - rds:AddTagsToResource + - rds:RemoveTagsFromResource + - iam:PassRole + delete: + - rds:DescribeDBProxies + - rds:DeleteDBProxy + list: + - rds:DescribeDBProxies + DBProxyEndpoint: + type: object + properties: + DBProxyEndpointName: + description: The identifier for the DB proxy endpoint. This name must be unique for all DB proxy endpoints owned by your AWS account in the specified AWS Region. + type: string + pattern: '[0-z]*' + maxLength: 64 + DBProxyEndpointArn: + description: The Amazon Resource Name (ARN) for the DB proxy endpoint. + type: string + pattern: arn:aws[A-Za-z0-9-]{0,64}:rds:[A-Za-z0-9-]{1,64}:[0-9]{12}:.* + DBProxyName: + description: The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region. + type: string + pattern: '[0-z]*' + maxLength: 64 + VpcId: + description: VPC ID to associate with the new DB proxy endpoint. + type: string + VpcSecurityGroupIds: + description: VPC security group IDs to associate with the new DB proxy endpoint. + type: array + x-insertionOrder: false + minItems: 1 + items: + type: string + VpcSubnetIds: + description: VPC subnet IDs to associate with the new DB proxy endpoint. + type: array + minItems: 2 + x-insertionOrder: false + items: + type: string + Endpoint: + description: The endpoint that you can use to connect to the DB proxy. You include the endpoint value in the connection string for a database client application. + type: string + maxLength: 256 + TargetRole: + description: A value that indicates whether the DB proxy endpoint can be used for read/write or read-only operations. + type: string + enum: + - READ_WRITE + - READ_ONLY + IsDefault: + description: A value that indicates whether this endpoint is the default endpoint for the associated DB proxy. Default DB proxy endpoints always have read/write capability. Other endpoints that you associate with the DB proxy can be either read/write or read-only. + type: boolean + Tags: + description: An optional set of key-value pairs to associate arbitrary data of your choosing with the DB proxy endpoint. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/TagFormat' + required: + - DBProxyName + - DBProxyEndpointName + - VpcSubnetIds + x-stackql-resource-name: db_proxy_endpoint + description: Resource schema for AWS::RDS::DBProxyEndpoint. + x-type-name: AWS::RDS::DBProxyEndpoint + x-stackql-primary-identifier: + - DBProxyEndpointName + x-create-only-properties: + - DBProxyName + - DBProxyEndpointName + - VpcSubnetIds + x-read-only-properties: + - DBProxyEndpointArn + - Endpoint + - VpcId + - IsDefault + x-required-properties: + - DBProxyName + - DBProxyEndpointName + - VpcSubnetIds + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - rds:CreateDBProxyEndpoint + - rds:DescribeDBProxyEndpoints + read: + - rds:DescribeDBProxyEndpoints + - rds:ListTagsForResource + update: + - rds:ModifyDBProxyEndpoint + - rds:AddTagsToResource + - rds:RemoveTagsFromResource + delete: + - rds:DescribeDBProxyEndpoints + - rds:DeleteDBProxyEndpoint + list: + - rds:DescribeDBProxyEndpoints + ConnectionPoolConfigurationInfoFormat: + type: object + properties: + MaxConnectionsPercent: + description: The maximum size of the connection pool for each target in a target group. + type: integer + minimum: 0 + maximum: 100 + MaxIdleConnectionsPercent: + description: Controls how actively the proxy closes idle database connections in the connection pool. + type: integer + minimum: 0 + maximum: 100 + ConnectionBorrowTimeout: + description: The number of seconds for a proxy to wait for a connection to become available in the connection pool. + type: integer + SessionPinningFilters: + description: Each item in the list represents a class of SQL operations that normally cause all later statements in a session using a proxy to be pinned to the same underlying database connection. + type: array + x-insertionOrder: false + items: + type: string + InitQuery: + description: One or more SQL statements for the proxy to run when opening each new database connection. + type: string + additionalProperties: false + DBProxyTargetGroup: + type: object + properties: + DBProxyName: + description: The identifier for the proxy. + type: string + pattern: '[A-z][0-z]*' + maxLength: 64 + TargetGroupArn: + description: The Amazon Resource Name (ARN) representing the target group. + type: string + TargetGroupName: + description: The identifier for the DBProxyTargetGroup + type: string + enum: + - default + ConnectionPoolConfigurationInfo: + $ref: '#/components/schemas/ConnectionPoolConfigurationInfoFormat' + DBInstanceIdentifiers: + type: array + x-insertionOrder: false + items: + type: string + DBClusterIdentifiers: + type: array + x-insertionOrder: false + items: + type: string + required: + - DBProxyName + - TargetGroupName + x-stackql-resource-name: db_proxy_target_group + description: Resource schema for AWS::RDS::DBProxyTargetGroup + x-type-name: AWS::RDS::DBProxyTargetGroup + x-stackql-primary-identifier: + - TargetGroupArn + x-create-only-properties: + - DBProxyName + - TargetGroupName + x-read-only-properties: + - TargetGroupArn + x-required-properties: + - DBProxyName + - TargetGroupName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - rds:DescribeDBProxies + - rds:DescribeDBProxyTargetGroups + - rds:ModifyDBProxyTargetGroup + - rds:RegisterDBProxyTargets + read: + - rds:DescribeDBProxyTargetGroups + - rds:DescribeDBProxyTargets + update: + - rds:DescribeDBProxyTargetGroups + - rds:ModifyDBProxyTargetGroup + - rds:RegisterDBProxyTargets + - rds:DeregisterDBProxyTargets + delete: + - rds:DeregisterDBProxyTargets + list: + - rds:DescribeDBProxyTargetGroups + DBSubnetGroup: + type: object + properties: + DBSubnetGroupDescription: + type: string + description: The description for the DB subnet group. + DBSubnetGroupName: + type: string + pattern: ^(?!default$)[a-zA-Z]{1}[a-zA-Z0-9-_\.\s]{0,254}$ + description: |- + The name for the DB subnet group. This value is stored as a lowercase string. + Constraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be "Default". + Example: ``mysubnetgroup`` + SubnetIds: + type: array + uniqueItems: false + items: + type: string + description: The EC2 Subnet IDs for the DB subnet group. + Tags: + type: array + maxItems: 50 + uniqueItems: false + x-insertionOrder: false + description: An optional array of key-value pairs to apply to this DB subnet group. + items: + $ref: '#/components/schemas/Tag' + required: + - DBSubnetGroupDescription + - SubnetIds + x-stackql-resource-name: db_subnet_group + description: |- + The ``AWS::RDS::DBSubnetGroup`` resource creates a database subnet group. Subnet groups must contain at least two subnets in two different Availability Zones in the same region. + For more information, see [Working with DB subnet groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets) in the *Amazon RDS User Guide*. + x-type-name: AWS::RDS::DBSubnetGroup + x-stackql-primary-identifier: + - DBSubnetGroupName + x-create-only-properties: + - DBSubnetGroupName + x-write-only-properties: + - SubnetIds + x-required-properties: + - DBSubnetGroupDescription + - SubnetIds + x-required-permissions: + create: + - iam:CreateServiceLinkedRole + - rds:CreateDBSubnetGroup + - rds:DescribeDBSubnetGroups + - rds:AddTagsToResource + - rds:RemoveTagsFromResource + - rds:ListTagsForResource + read: + - rds:DescribeDBSubnetGroups + - rds:ListTagsForResource + update: + - rds:ModifyDBSubnetGroup + - rds:DescribeDBSubnetGroups + - rds:AddTagsToResource + - rds:RemoveTagsFromResource + - rds:ListTagsForResource + delete: + - rds:DeleteDBSubnetGroup + - rds:DescribeDBSubnetGroups + - rds:ListTagsForResource + list: + - rds:DescribeDBSubnetGroups + EventSubscription: + type: object + properties: + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + SubscriptionName: + description: The name of the subscription. + type: string + maxLength: 255 + Enabled: + description: A Boolean value; set to true to activate the subscription, set to false to create the subscription but not active it. + type: boolean + default: true + EventCategories: + description: A list of event categories for a SourceType that you want to subscribe to. You can see a list of the categories for a given SourceType in the Events topic in the Amazon RDS User Guide or by using the DescribeEventCategories action. + type: array + uniqueItems: true + items: + type: string + SnsTopicArn: + description: The Amazon Resource Name (ARN) of the SNS topic created for event notification. The ARN is created by Amazon SNS when you create a topic and subscribe to it. + type: string + SourceIds: + description: The list of identifiers of the event sources for which events will be returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it cannot end with a hyphen or contain two consecutive hyphens. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + SourceType: + description: The type of source that will be generating the events. For example, if you want to be notified of events generated by a DB instance, you would set this parameter to db-instance. if this value is not specified, all events are returned. + type: string + required: + - SnsTopicArn + x-stackql-resource-name: event_subscription + description: The AWS::RDS::EventSubscription resource allows you to receive notifications for Amazon Relational Database Service events through the Amazon Simple Notification Service (Amazon SNS). For more information, see Using Amazon RDS Event Notification in the Amazon RDS User Guide. + x-type-name: AWS::RDS::EventSubscription + x-stackql-primary-identifier: + - SubscriptionName + x-create-only-properties: + - SubscriptionName + - SnsTopicArn + x-required-properties: + - SnsTopicArn + x-required-permissions: + create: + - iam:CreateServiceLinkedRole + - rds:CreateEventSubscription + - rds:DescribeEventSubscriptions + - rds:ListTagsForResource + - rds:AddTagsToResource + - rds:RemoveTagsFromResource + read: + - rds:DescribeEventSubscriptions + - rds:ListTagsForResource + update: + - rds:ModifyEventSubscription + - rds:AddSourceIdentifierToSubscription + - rds:RemoveSourceIdentifierFromSubscription + - rds:DescribeEventSubscriptions + - rds:ListTagsForResource + - rds:AddTagsToResource + - rds:RemoveTagsFromResource + delete: + - rds:DeleteEventSubscription + - rds:DescribeEventSubscriptions + list: + - rds:DescribeEventSubscriptions + GlobalCluster: + type: object + properties: + Engine: + description: |- + The name of the database engine to be used for this DB cluster. Valid Values: aurora (for MySQL 5.6-compatible Aurora), aurora-mysql (for MySQL 5.7-compatible Aurora). + If you specify the SourceDBClusterIdentifier property, don't specify this property. The value is inherited from the cluster. + type: string + enum: + - aurora + - aurora-mysql + - aurora-postgresql + EngineVersion: + description: The version number of the database engine to use. If you specify the SourceDBClusterIdentifier property, don't specify this property. The value is inherited from the cluster. + type: string + DeletionProtection: + description: The deletion protection setting for the new global database. The global database can't be deleted when deletion protection is enabled. + type: boolean + GlobalClusterIdentifier: + description: The cluster identifier of the new global database cluster. This parameter is stored as a lowercase string. + type: string + pattern: ^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ + SourceDBClusterIdentifier: + description: The Amazon Resource Name (ARN) to use as the primary cluster of the global database. This parameter is optional. This parameter is stored as a lowercase string. + type: string + oneOf: + - pattern: ^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ + - pattern: ^(?=.{40,128}$)arn.* + StorageEncrypted: + description: |2- + The storage encryption setting for the new global database cluster. + If you specify the SourceDBClusterIdentifier property, don't specify this property. The value is inherited from the cluster. + type: boolean + x-stackql-resource-name: global_cluster + description: Resource Type definition for AWS::RDS::GlobalCluster + x-type-name: AWS::RDS::GlobalCluster + x-stackql-primary-identifier: + - GlobalClusterIdentifier + x-create-only-properties: + - GlobalClusterIdentifier + - SourceDBClusterIdentifier + - StorageEncrypted + - Engine + x-required-permissions: + create: + - rds:CreateGlobalCluster + - rds:DescribeDBClusters + - rds:DescribeGlobalClusters + read: + - rds:DescribeGlobalClusters + update: + - rds:ModifyGlobalCluster + - rds:DescribeGlobalClusters + delete: + - rds:DescribeGlobalClusters + - rds:DeleteGlobalCluster + - rds:RemoveFromGlobalCluster + - rds:DescribeDBClusters + list: + - rds:DescribeGlobalClusters + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + EncryptionContextMap: + type: object + x-patternProperties: + ^[\s\S]*$: + type: string + maxLength: 131072 + minLength: 0 + description: An optional set of non-secret key–value pairs that contains additional contextual information about the data. + additionalProperties: false + Integration: + type: object + properties: + IntegrationName: + description: The name of the integration. + type: string + minLength: 1 + maxLength: 64 + Description: + type: string + description: The description of the integration. + minLength: 1 + maxLength: 1000 + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + DataFilter: + type: string + description: The data filter for the integration. + minLength: 1 + maxLength: 25600 + pattern: '[a-zA-Z0-9_ "\\\-$,*.:?+\/]*' + SourceArn: + type: string + description: The Amazon Resource Name (ARN) of the Aurora DB cluster to use as the source for replication. + TargetArn: + type: string + description: The ARN of the Redshift data warehouse to use as the target for replication. + IntegrationArn: + type: string + description: The ARN of the integration. + KMSKeyId: + type: string + description: An optional AWS Key Management System (AWS KMS) key ARN for the key used to to encrypt the integration. The resource accepts the key ID and the key ARN forms. The key ID form can be used if the KMS key is owned by te same account. If the KMS key belongs to a different account than the calling account, the full key ARN must be specified. Do not use the key alias or the key alias ARN as this will cause a false drift of the resource. + AdditionalEncryptionContext: + $ref: '#/components/schemas/EncryptionContextMap' + CreateTime: + type: string + required: + - SourceArn + - TargetArn + x-stackql-resource-name: integration + description: Creates a zero-ETL integration with Amazon Redshift. + x-type-name: AWS::RDS::Integration + x-stackql-primary-identifier: + - IntegrationArn + x-create-only-properties: + - SourceArn + - TargetArn + - KMSKeyId + - AdditionalEncryptionContext + x-read-only-properties: + - IntegrationArn + - CreateTime + x-required-properties: + - SourceArn + - TargetArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - rds:CreateIntegration + - rds:DescribeIntegrations + - rds:AddTagsToResource + - kms:CreateGrant + - kms:DescribeKey + - redshift:CreateInboundIntegration + read: + - rds:DescribeIntegrations + update: + - rds:DescribeIntegrations + - rds:AddTagsToResource + - rds:RemoveTagsFromResource + - rds:ModifyIntegration + delete: + - rds:DeleteIntegration + - rds:DescribeIntegrations + list: + - rds:DescribeIntegrations + OptionConfiguration: + description: The OptionConfiguration property type specifies an individual option, and its settings, within an AWS::RDS::OptionGroup resource. + type: object + properties: + DBSecurityGroupMemberships: + description: A list of DBSecurityGroupMembership name strings used for this option. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + OptionName: + description: The configuration of options to include in a group. + type: string + OptionSettings: + description: The option settings to include in an option group. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/OptionSetting' + OptionVersion: + description: The version for the option. + type: string + Port: + description: The optional port for the option. + type: integer + VpcSecurityGroupMemberships: + description: A list of VpcSecurityGroupMembership name strings used for this option. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + additionalProperties: false + required: + - OptionName + OptionSetting: + description: The OptionSetting property type specifies the value for an option within an OptionSetting property. + type: object + properties: + Name: + description: The name of the option that has settings that you can set. + type: string + Value: + description: The current value of the option setting. + type: string + additionalProperties: false + OptionGroup: + type: object + properties: + OptionGroupName: + description: Specifies the name of the option group. + type: string + OptionGroupDescription: + description: Provides a description of the option group. + type: string + EngineName: + description: Indicates the name of the engine that this option group can be applied to. + type: string + MajorEngineVersion: + description: Indicates the major engine version associated with this option group. + type: string + OptionConfigurations: + description: Indicates what options are available in the option group. + type: array + x-arrayType: AttributeList + x-insertionOrder: false + items: + $ref: '#/components/schemas/OptionConfiguration' + Tags: + type: array + description: An array of key-value pairs to apply to this resource. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - EngineName + - MajorEngineVersion + - OptionGroupDescription + x-stackql-resource-name: option_group + description: The AWS::RDS::OptionGroup resource creates an option group, to enable and configure features that are specific to a particular DB engine. + x-type-name: AWS::RDS::OptionGroup + x-stackql-primary-identifier: + - OptionGroupName + x-create-only-properties: + - EngineName + - MajorEngineVersion + - OptionGroupDescription + - OptionGroupName + x-required-properties: + - EngineName + - MajorEngineVersion + - OptionGroupDescription + x-required-permissions: + create: + - iam:CreateServiceLinkedRole + - rds:AddTagsToResource + - rds:CreateOptionGroup + - rds:DescribeOptionGroups + - rds:ListTagsForResource + - rds:ModifyOptionGroup + - rds:RemoveTagsFromResource + read: + - rds:DescribeOptionGroups + - rds:ListTagsForResource + update: + - rds:AddTagsToResource + - rds:DescribeOptionGroups + - rds:ListTagsForResource + - rds:ModifyOptionGroup + - rds:RemoveTagsFromResource + delete: + - rds:DeleteOptionGroup + - rds:DescribeOptionGroups + - rds:ListTagsForResource + - rds:RemoveTagsFromResource + list: + - rds:DescribeOptionGroups + x-stackQL-resources: + customdb_engine_versions: + name: customdb_engine_versions + id: aws.rds.customdb_engine_versions + x-cfn-schema-name: CustomDBEngineVersion + x-type: list + x-identifiers: + - Engine + - EngineVersion + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Engine') as engine, + JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::CustomDBEngineVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Engine') as engine, + json_extract_path_text(Properties, 'EngineVersion') as engine_version + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::CustomDBEngineVersion' + AND region = 'us-east-1' + customdb_engine_version: + name: customdb_engine_version + id: aws.rds.customdb_engine_version + x-cfn-schema-name: CustomDBEngineVersion + x-type: get + x-identifiers: + - Engine + - EngineVersion + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DatabaseInstallationFilesS3BucketName') as database_installation_files_s3_bucket_name, + JSON_EXTRACT(Properties, '$.DatabaseInstallationFilesS3Prefix') as database_installation_files_s3_prefix, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Engine') as engine, + JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(Properties, '$.KMSKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.Manifest') as manifest, + JSON_EXTRACT(Properties, '$.DBEngineVersionArn') as db_engine_version_arn, + JSON_EXTRACT(Properties, '$.SourceCustomDbEngineVersionIdentifier') as source_custom_db_engine_version_identifier, + JSON_EXTRACT(Properties, '$.UseAwsProvidedLatestImage') as use_aws_provided_latest_image, + JSON_EXTRACT(Properties, '$.ImageId') as image_id, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::CustomDBEngineVersion' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DatabaseInstallationFilesS3BucketName') as database_installation_files_s3_bucket_name, + json_extract_path_text(Properties, 'DatabaseInstallationFilesS3Prefix') as database_installation_files_s3_prefix, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Engine') as engine, + json_extract_path_text(Properties, 'EngineVersion') as engine_version, + json_extract_path_text(Properties, 'KMSKeyId') as kms_key_id, + json_extract_path_text(Properties, 'Manifest') as manifest, + json_extract_path_text(Properties, 'DBEngineVersionArn') as db_engine_version_arn, + json_extract_path_text(Properties, 'SourceCustomDbEngineVersionIdentifier') as source_custom_db_engine_version_identifier, + json_extract_path_text(Properties, 'UseAwsProvidedLatestImage') as use_aws_provided_latest_image, + json_extract_path_text(Properties, 'ImageId') as image_id, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::CustomDBEngineVersion' + AND data__Identifier = '|' + AND region = 'us-east-1' + db_clusters: + name: db_clusters + id: aws.rds.db_clusters + x-cfn-schema-name: DBCluster + x-type: list + x-identifiers: + - DBClusterIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DBClusterIdentifier') as db_cluster_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBCluster' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DBClusterIdentifier') as db_cluster_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBCluster' + AND region = 'us-east-1' + db_cluster: + name: db_cluster + id: aws.rds.db_cluster + x-cfn-schema-name: DBCluster + x-type: get + x-identifiers: + - DBClusterIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.ReadEndpoint') as read_endpoint, + JSON_EXTRACT(Properties, '$.AllocatedStorage') as allocated_storage, + JSON_EXTRACT(Properties, '$.AssociatedRoles') as associated_roles, + JSON_EXTRACT(Properties, '$.AvailabilityZones') as availability_zones, + JSON_EXTRACT(Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + JSON_EXTRACT(Properties, '$.BacktrackWindow') as backtrack_window, + JSON_EXTRACT(Properties, '$.BackupRetentionPeriod') as backup_retention_period, + JSON_EXTRACT(Properties, '$.CopyTagsToSnapshot') as copy_tags_to_snapshot, + JSON_EXTRACT(Properties, '$.DatabaseName') as database_name, + JSON_EXTRACT(Properties, '$.DBClusterArn') as db_cluster_arn, + JSON_EXTRACT(Properties, '$.DBClusterInstanceClass') as db_cluster_instance_class, + JSON_EXTRACT(Properties, '$.DBClusterResourceId') as db_cluster_resource_id, + JSON_EXTRACT(Properties, '$.DBInstanceParameterGroupName') as db_instance_parameter_group_name, + JSON_EXTRACT(Properties, '$.DBSystemId') as db_system_id, + JSON_EXTRACT(Properties, '$.GlobalClusterIdentifier') as global_cluster_identifier, + JSON_EXTRACT(Properties, '$.DBClusterIdentifier') as db_cluster_identifier, + JSON_EXTRACT(Properties, '$.DBClusterParameterGroupName') as db_cluster_parameter_group_name, + JSON_EXTRACT(Properties, '$.DBSubnetGroupName') as db_subnet_group_name, + JSON_EXTRACT(Properties, '$.DeletionProtection') as deletion_protection, + JSON_EXTRACT(Properties, '$.Domain') as domain, + JSON_EXTRACT(Properties, '$.DomainIAMRoleName') as domain_iam_role_name, + JSON_EXTRACT(Properties, '$.EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, + JSON_EXTRACT(Properties, '$.EnableGlobalWriteForwarding') as enable_global_write_forwarding, + JSON_EXTRACT(Properties, '$.EnableHttpEndpoint') as enable_http_endpoint, + JSON_EXTRACT(Properties, '$.EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + JSON_EXTRACT(Properties, '$.Engine') as engine, + JSON_EXTRACT(Properties, '$.EngineMode') as engine_mode, + JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(Properties, '$.ManageMasterUserPassword') as manage_master_user_password, + JSON_EXTRACT(Properties, '$.Iops') as iops, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.MasterUsername') as master_username, + JSON_EXTRACT(Properties, '$.MasterUserPassword') as master_user_password, + JSON_EXTRACT(Properties, '$.MasterUserSecret') as master_user_secret, + JSON_EXTRACT(Properties, '$.MonitoringInterval') as monitoring_interval, + JSON_EXTRACT(Properties, '$.MonitoringRoleArn') as monitoring_role_arn, + JSON_EXTRACT(Properties, '$.NetworkType') as network_type, + JSON_EXTRACT(Properties, '$.PerformanceInsightsEnabled') as performance_insights_enabled, + JSON_EXTRACT(Properties, '$.PerformanceInsightsKmsKeyId') as performance_insights_kms_key_id, + JSON_EXTRACT(Properties, '$.PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.PreferredBackupWindow') as preferred_backup_window, + JSON_EXTRACT(Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, + JSON_EXTRACT(Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(Properties, '$.ReplicationSourceIdentifier') as replication_source_identifier, + JSON_EXTRACT(Properties, '$.RestoreToTime') as restore_to_time, + JSON_EXTRACT(Properties, '$.RestoreType') as restore_type, + JSON_EXTRACT(Properties, '$.ServerlessV2ScalingConfiguration') as serverless_v2_scaling_configuration, + JSON_EXTRACT(Properties, '$.ScalingConfiguration') as scaling_configuration, + JSON_EXTRACT(Properties, '$.SnapshotIdentifier') as snapshot_identifier, + JSON_EXTRACT(Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, + JSON_EXTRACT(Properties, '$.SourceRegion') as source_region, + JSON_EXTRACT(Properties, '$.StorageEncrypted') as storage_encrypted, + JSON_EXTRACT(Properties, '$.StorageThroughput') as storage_throughput, + JSON_EXTRACT(Properties, '$.StorageType') as storage_type, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UseLatestRestorableTime') as use_latest_restorable_time, + JSON_EXTRACT(Properties, '$.VpcSecurityGroupIds') as vpc_security_group_ids + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBCluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'ReadEndpoint') as read_endpoint, + json_extract_path_text(Properties, 'AllocatedStorage') as allocated_storage, + json_extract_path_text(Properties, 'AssociatedRoles') as associated_roles, + json_extract_path_text(Properties, 'AvailabilityZones') as availability_zones, + json_extract_path_text(Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + json_extract_path_text(Properties, 'BacktrackWindow') as backtrack_window, + json_extract_path_text(Properties, 'BackupRetentionPeriod') as backup_retention_period, + json_extract_path_text(Properties, 'CopyTagsToSnapshot') as copy_tags_to_snapshot, + json_extract_path_text(Properties, 'DatabaseName') as database_name, + json_extract_path_text(Properties, 'DBClusterArn') as db_cluster_arn, + json_extract_path_text(Properties, 'DBClusterInstanceClass') as db_cluster_instance_class, + json_extract_path_text(Properties, 'DBClusterResourceId') as db_cluster_resource_id, + json_extract_path_text(Properties, 'DBInstanceParameterGroupName') as db_instance_parameter_group_name, + json_extract_path_text(Properties, 'DBSystemId') as db_system_id, + json_extract_path_text(Properties, 'GlobalClusterIdentifier') as global_cluster_identifier, + json_extract_path_text(Properties, 'DBClusterIdentifier') as db_cluster_identifier, + json_extract_path_text(Properties, 'DBClusterParameterGroupName') as db_cluster_parameter_group_name, + json_extract_path_text(Properties, 'DBSubnetGroupName') as db_subnet_group_name, + json_extract_path_text(Properties, 'DeletionProtection') as deletion_protection, + json_extract_path_text(Properties, 'Domain') as domain, + json_extract_path_text(Properties, 'DomainIAMRoleName') as domain_iam_role_name, + json_extract_path_text(Properties, 'EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, + json_extract_path_text(Properties, 'EnableGlobalWriteForwarding') as enable_global_write_forwarding, + json_extract_path_text(Properties, 'EnableHttpEndpoint') as enable_http_endpoint, + json_extract_path_text(Properties, 'EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + json_extract_path_text(Properties, 'Engine') as engine, + json_extract_path_text(Properties, 'EngineMode') as engine_mode, + json_extract_path_text(Properties, 'EngineVersion') as engine_version, + json_extract_path_text(Properties, 'ManageMasterUserPassword') as manage_master_user_password, + json_extract_path_text(Properties, 'Iops') as iops, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'MasterUsername') as master_username, + json_extract_path_text(Properties, 'MasterUserPassword') as master_user_password, + json_extract_path_text(Properties, 'MasterUserSecret') as master_user_secret, + json_extract_path_text(Properties, 'MonitoringInterval') as monitoring_interval, + json_extract_path_text(Properties, 'MonitoringRoleArn') as monitoring_role_arn, + json_extract_path_text(Properties, 'NetworkType') as network_type, + json_extract_path_text(Properties, 'PerformanceInsightsEnabled') as performance_insights_enabled, + json_extract_path_text(Properties, 'PerformanceInsightsKmsKeyId') as performance_insights_kms_key_id, + json_extract_path_text(Properties, 'PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'PreferredBackupWindow') as preferred_backup_window, + json_extract_path_text(Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, + json_extract_path_text(Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(Properties, 'ReplicationSourceIdentifier') as replication_source_identifier, + json_extract_path_text(Properties, 'RestoreToTime') as restore_to_time, + json_extract_path_text(Properties, 'RestoreType') as restore_type, + json_extract_path_text(Properties, 'ServerlessV2ScalingConfiguration') as serverless_v2_scaling_configuration, + json_extract_path_text(Properties, 'ScalingConfiguration') as scaling_configuration, + json_extract_path_text(Properties, 'SnapshotIdentifier') as snapshot_identifier, + json_extract_path_text(Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, + json_extract_path_text(Properties, 'SourceRegion') as source_region, + json_extract_path_text(Properties, 'StorageEncrypted') as storage_encrypted, + json_extract_path_text(Properties, 'StorageThroughput') as storage_throughput, + json_extract_path_text(Properties, 'StorageType') as storage_type, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UseLatestRestorableTime') as use_latest_restorable_time, + json_extract_path_text(Properties, 'VpcSecurityGroupIds') as vpc_security_group_ids + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBCluster' + AND data__Identifier = '' + AND region = 'us-east-1' + db_cluster_parameter_groups: + name: db_cluster_parameter_groups + id: aws.rds.db_cluster_parameter_groups + x-cfn-schema-name: DBClusterParameterGroup + x-type: list + x-identifiers: + - DBClusterParameterGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DBClusterParameterGroupName') as db_cluster_parameter_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBClusterParameterGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DBClusterParameterGroupName') as db_cluster_parameter_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBClusterParameterGroup' + AND region = 'us-east-1' + db_cluster_parameter_group: + name: db_cluster_parameter_group + id: aws.rds.db_cluster_parameter_group + x-cfn-schema-name: DBClusterParameterGroup + x-type: get + x-identifiers: + - DBClusterParameterGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Family') as family, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.DBClusterParameterGroupName') as db_cluster_parameter_group_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBClusterParameterGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Family') as family, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'DBClusterParameterGroupName') as db_cluster_parameter_group_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBClusterParameterGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + db_instances: + name: db_instances + id: aws.rds.db_instances + x-cfn-schema-name: DBInstance + x-type: list + x-identifiers: + - DBInstanceIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DBInstanceIdentifier') as db_instance_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBInstance' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DBInstanceIdentifier') as db_instance_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBInstance' + AND region = 'us-east-1' + db_instance: + name: db_instance + id: aws.rds.db_instance + x-cfn-schema-name: DBInstance + x-type: get + x-identifiers: + - DBInstanceIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AllocatedStorage') as allocated_storage, + JSON_EXTRACT(Properties, '$.AllowMajorVersionUpgrade') as allow_major_version_upgrade, + JSON_EXTRACT(Properties, '$.AssociatedRoles') as associated_roles, + JSON_EXTRACT(Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + JSON_EXTRACT(Properties, '$.AutomaticBackupReplicationRegion') as automatic_backup_replication_region, + JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(Properties, '$.BackupRetentionPeriod') as backup_retention_period, + JSON_EXTRACT(Properties, '$.CACertificateIdentifier') as ca_certificate_identifier, + JSON_EXTRACT(Properties, '$.CertificateDetails') as certificate_details, + JSON_EXTRACT(Properties, '$.CertificateRotationRestart') as certificate_rotation_restart, + JSON_EXTRACT(Properties, '$.CharacterSetName') as character_set_name, + JSON_EXTRACT(Properties, '$.CopyTagsToSnapshot') as copy_tags_to_snapshot, + JSON_EXTRACT(Properties, '$.CustomIAMInstanceProfile') as custom_iam_instance_profile, + JSON_EXTRACT(Properties, '$.DBClusterIdentifier') as db_cluster_identifier, + JSON_EXTRACT(Properties, '$.DBClusterSnapshotIdentifier') as db_cluster_snapshot_identifier, + JSON_EXTRACT(Properties, '$.DBInstanceArn') as db_instance_arn, + JSON_EXTRACT(Properties, '$.DBInstanceClass') as db_instance_class, + JSON_EXTRACT(Properties, '$.DBInstanceIdentifier') as db_instance_identifier, + JSON_EXTRACT(Properties, '$.DbiResourceId') as dbi_resource_id, + JSON_EXTRACT(Properties, '$.DBName') as db_name, + JSON_EXTRACT(Properties, '$.DBParameterGroupName') as db_parameter_group_name, + JSON_EXTRACT(Properties, '$.DBSecurityGroups') as db_security_groups, + JSON_EXTRACT(Properties, '$.DBSnapshotIdentifier') as db_snapshot_identifier, + JSON_EXTRACT(Properties, '$.DBSubnetGroupName') as db_subnet_group_name, + JSON_EXTRACT(Properties, '$.DBSystemId') as db_system_id, + JSON_EXTRACT(Properties, '$.DedicatedLogVolume') as dedicated_log_volume, + JSON_EXTRACT(Properties, '$.DeleteAutomatedBackups') as delete_automated_backups, + JSON_EXTRACT(Properties, '$.DeletionProtection') as deletion_protection, + JSON_EXTRACT(Properties, '$.Domain') as domain, + JSON_EXTRACT(Properties, '$.DomainAuthSecretArn') as domain_auth_secret_arn, + JSON_EXTRACT(Properties, '$.DomainDnsIps') as domain_dns_ips, + JSON_EXTRACT(Properties, '$.DomainFqdn') as domain_fqdn, + JSON_EXTRACT(Properties, '$.DomainIAMRoleName') as domain_iam_role_name, + JSON_EXTRACT(Properties, '$.DomainOu') as domain_ou, + JSON_EXTRACT(Properties, '$.EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, + JSON_EXTRACT(Properties, '$.EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + JSON_EXTRACT(Properties, '$.EnablePerformanceInsights') as enable_performance_insights, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.Engine') as engine, + JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(Properties, '$.ManageMasterUserPassword') as manage_master_user_password, + JSON_EXTRACT(Properties, '$.Iops') as iops, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.LicenseModel') as license_model, + JSON_EXTRACT(Properties, '$.MasterUsername') as master_username, + JSON_EXTRACT(Properties, '$.MasterUserPassword') as master_user_password, + JSON_EXTRACT(Properties, '$.MasterUserSecret') as master_user_secret, + JSON_EXTRACT(Properties, '$.MaxAllocatedStorage') as max_allocated_storage, + JSON_EXTRACT(Properties, '$.MonitoringInterval') as monitoring_interval, + JSON_EXTRACT(Properties, '$.MonitoringRoleArn') as monitoring_role_arn, + JSON_EXTRACT(Properties, '$.MultiAZ') as multi_az, + JSON_EXTRACT(Properties, '$.NcharCharacterSetName') as nchar_character_set_name, + JSON_EXTRACT(Properties, '$.NetworkType') as network_type, + JSON_EXTRACT(Properties, '$.OptionGroupName') as option_group_name, + JSON_EXTRACT(Properties, '$.PerformanceInsightsKMSKeyId') as performance_insights_kms_key_id, + JSON_EXTRACT(Properties, '$.PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.PreferredBackupWindow') as preferred_backup_window, + JSON_EXTRACT(Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, + JSON_EXTRACT(Properties, '$.ProcessorFeatures') as processor_features, + JSON_EXTRACT(Properties, '$.PromotionTier') as promotion_tier, + JSON_EXTRACT(Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(Properties, '$.ReplicaMode') as replica_mode, + JSON_EXTRACT(Properties, '$.RestoreTime') as restore_time, + JSON_EXTRACT(Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, + JSON_EXTRACT(Properties, '$.SourceDbiResourceId') as source_dbi_resource_id, + JSON_EXTRACT(Properties, '$.SourceDBInstanceAutomatedBackupsArn') as source_db_instance_automated_backups_arn, + JSON_EXTRACT(Properties, '$.SourceDBInstanceIdentifier') as source_db_instance_identifier, + JSON_EXTRACT(Properties, '$.SourceRegion') as source_region, + JSON_EXTRACT(Properties, '$.StorageEncrypted') as storage_encrypted, + JSON_EXTRACT(Properties, '$.StorageType') as storage_type, + JSON_EXTRACT(Properties, '$.StorageThroughput') as storage_throughput, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TdeCredentialArn') as tde_credential_arn, + JSON_EXTRACT(Properties, '$.TdeCredentialPassword') as tde_credential_password, + JSON_EXTRACT(Properties, '$.Timezone') as timezone, + JSON_EXTRACT(Properties, '$.UseDefaultProcessorFeatures') as use_default_processor_features, + JSON_EXTRACT(Properties, '$.UseLatestRestorableTime') as use_latest_restorable_time, + JSON_EXTRACT(Properties, '$.VPCSecurityGroups') as vpc_security_groups + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBInstance' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AllocatedStorage') as allocated_storage, + json_extract_path_text(Properties, 'AllowMajorVersionUpgrade') as allow_major_version_upgrade, + json_extract_path_text(Properties, 'AssociatedRoles') as associated_roles, + json_extract_path_text(Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + json_extract_path_text(Properties, 'AutomaticBackupReplicationRegion') as automatic_backup_replication_region, + json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(Properties, 'BackupRetentionPeriod') as backup_retention_period, + json_extract_path_text(Properties, 'CACertificateIdentifier') as ca_certificate_identifier, + json_extract_path_text(Properties, 'CertificateDetails') as certificate_details, + json_extract_path_text(Properties, 'CertificateRotationRestart') as certificate_rotation_restart, + json_extract_path_text(Properties, 'CharacterSetName') as character_set_name, + json_extract_path_text(Properties, 'CopyTagsToSnapshot') as copy_tags_to_snapshot, + json_extract_path_text(Properties, 'CustomIAMInstanceProfile') as custom_iam_instance_profile, + json_extract_path_text(Properties, 'DBClusterIdentifier') as db_cluster_identifier, + json_extract_path_text(Properties, 'DBClusterSnapshotIdentifier') as db_cluster_snapshot_identifier, + json_extract_path_text(Properties, 'DBInstanceArn') as db_instance_arn, + json_extract_path_text(Properties, 'DBInstanceClass') as db_instance_class, + json_extract_path_text(Properties, 'DBInstanceIdentifier') as db_instance_identifier, + json_extract_path_text(Properties, 'DbiResourceId') as dbi_resource_id, + json_extract_path_text(Properties, 'DBName') as db_name, + json_extract_path_text(Properties, 'DBParameterGroupName') as db_parameter_group_name, + json_extract_path_text(Properties, 'DBSecurityGroups') as db_security_groups, + json_extract_path_text(Properties, 'DBSnapshotIdentifier') as db_snapshot_identifier, + json_extract_path_text(Properties, 'DBSubnetGroupName') as db_subnet_group_name, + json_extract_path_text(Properties, 'DBSystemId') as db_system_id, + json_extract_path_text(Properties, 'DedicatedLogVolume') as dedicated_log_volume, + json_extract_path_text(Properties, 'DeleteAutomatedBackups') as delete_automated_backups, + json_extract_path_text(Properties, 'DeletionProtection') as deletion_protection, + json_extract_path_text(Properties, 'Domain') as domain, + json_extract_path_text(Properties, 'DomainAuthSecretArn') as domain_auth_secret_arn, + json_extract_path_text(Properties, 'DomainDnsIps') as domain_dns_ips, + json_extract_path_text(Properties, 'DomainFqdn') as domain_fqdn, + json_extract_path_text(Properties, 'DomainIAMRoleName') as domain_iam_role_name, + json_extract_path_text(Properties, 'DomainOu') as domain_ou, + json_extract_path_text(Properties, 'EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, + json_extract_path_text(Properties, 'EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + json_extract_path_text(Properties, 'EnablePerformanceInsights') as enable_performance_insights, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'Engine') as engine, + json_extract_path_text(Properties, 'EngineVersion') as engine_version, + json_extract_path_text(Properties, 'ManageMasterUserPassword') as manage_master_user_password, + json_extract_path_text(Properties, 'Iops') as iops, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'LicenseModel') as license_model, + json_extract_path_text(Properties, 'MasterUsername') as master_username, + json_extract_path_text(Properties, 'MasterUserPassword') as master_user_password, + json_extract_path_text(Properties, 'MasterUserSecret') as master_user_secret, + json_extract_path_text(Properties, 'MaxAllocatedStorage') as max_allocated_storage, + json_extract_path_text(Properties, 'MonitoringInterval') as monitoring_interval, + json_extract_path_text(Properties, 'MonitoringRoleArn') as monitoring_role_arn, + json_extract_path_text(Properties, 'MultiAZ') as multi_az, + json_extract_path_text(Properties, 'NcharCharacterSetName') as nchar_character_set_name, + json_extract_path_text(Properties, 'NetworkType') as network_type, + json_extract_path_text(Properties, 'OptionGroupName') as option_group_name, + json_extract_path_text(Properties, 'PerformanceInsightsKMSKeyId') as performance_insights_kms_key_id, + json_extract_path_text(Properties, 'PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'PreferredBackupWindow') as preferred_backup_window, + json_extract_path_text(Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, + json_extract_path_text(Properties, 'ProcessorFeatures') as processor_features, + json_extract_path_text(Properties, 'PromotionTier') as promotion_tier, + json_extract_path_text(Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(Properties, 'ReplicaMode') as replica_mode, + json_extract_path_text(Properties, 'RestoreTime') as restore_time, + json_extract_path_text(Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, + json_extract_path_text(Properties, 'SourceDbiResourceId') as source_dbi_resource_id, + json_extract_path_text(Properties, 'SourceDBInstanceAutomatedBackupsArn') as source_db_instance_automated_backups_arn, + json_extract_path_text(Properties, 'SourceDBInstanceIdentifier') as source_db_instance_identifier, + json_extract_path_text(Properties, 'SourceRegion') as source_region, + json_extract_path_text(Properties, 'StorageEncrypted') as storage_encrypted, + json_extract_path_text(Properties, 'StorageType') as storage_type, + json_extract_path_text(Properties, 'StorageThroughput') as storage_throughput, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TdeCredentialArn') as tde_credential_arn, + json_extract_path_text(Properties, 'TdeCredentialPassword') as tde_credential_password, + json_extract_path_text(Properties, 'Timezone') as timezone, + json_extract_path_text(Properties, 'UseDefaultProcessorFeatures') as use_default_processor_features, + json_extract_path_text(Properties, 'UseLatestRestorableTime') as use_latest_restorable_time, + json_extract_path_text(Properties, 'VPCSecurityGroups') as vpc_security_groups + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBInstance' + AND data__Identifier = '' + AND region = 'us-east-1' + db_parameter_groups: + name: db_parameter_groups + id: aws.rds.db_parameter_groups + x-cfn-schema-name: DBParameterGroup + x-type: list + x-identifiers: + - DBParameterGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DBParameterGroupName') as db_parameter_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBParameterGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DBParameterGroupName') as db_parameter_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBParameterGroup' + AND region = 'us-east-1' + db_parameter_group: + name: db_parameter_group + id: aws.rds.db_parameter_group + x-cfn-schema-name: DBParameterGroup + x-type: get + x-identifiers: + - DBParameterGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DBParameterGroupName') as db_parameter_group_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Family') as family, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBParameterGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DBParameterGroupName') as db_parameter_group_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Family') as family, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBParameterGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + db_proxies: + name: db_proxies + id: aws.rds.db_proxies + x-cfn-schema-name: DBProxy + x-type: list + x-identifiers: + - DBProxyName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DBProxyName') as db_proxy_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBProxy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DBProxyName') as db_proxy_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBProxy' + AND region = 'us-east-1' + db_proxy: + name: db_proxy + id: aws.rds.db_proxy + x-cfn-schema-name: DBProxy + x-type: get + x-identifiers: + - DBProxyName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Auth') as auth, + JSON_EXTRACT(Properties, '$.DBProxyArn') as db_proxy_arn, + JSON_EXTRACT(Properties, '$.DBProxyName') as db_proxy_name, + JSON_EXTRACT(Properties, '$.DebugLogging') as debug_logging, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.EngineFamily') as engine_family, + JSON_EXTRACT(Properties, '$.IdleClientTimeout') as idle_client_timeout, + JSON_EXTRACT(Properties, '$.RequireTLS') as require_tls, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.VpcSecurityGroupIds') as vpc_security_group_ids, + JSON_EXTRACT(Properties, '$.VpcSubnetIds') as vpc_subnet_ids + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBProxy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Auth') as auth, + json_extract_path_text(Properties, 'DBProxyArn') as db_proxy_arn, + json_extract_path_text(Properties, 'DBProxyName') as db_proxy_name, + json_extract_path_text(Properties, 'DebugLogging') as debug_logging, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'EngineFamily') as engine_family, + json_extract_path_text(Properties, 'IdleClientTimeout') as idle_client_timeout, + json_extract_path_text(Properties, 'RequireTLS') as require_tls, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'VpcSecurityGroupIds') as vpc_security_group_ids, + json_extract_path_text(Properties, 'VpcSubnetIds') as vpc_subnet_ids + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBProxy' + AND data__Identifier = '' + AND region = 'us-east-1' + db_proxy_endpoints: + name: db_proxy_endpoints + id: aws.rds.db_proxy_endpoints + x-cfn-schema-name: DBProxyEndpoint + x-type: list + x-identifiers: + - DBProxyEndpointName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DBProxyEndpointName') as db_proxy_endpoint_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBProxyEndpoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DBProxyEndpointName') as db_proxy_endpoint_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBProxyEndpoint' + AND region = 'us-east-1' + db_proxy_endpoint: + name: db_proxy_endpoint + id: aws.rds.db_proxy_endpoint + x-cfn-schema-name: DBProxyEndpoint + x-type: get + x-identifiers: + - DBProxyEndpointName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DBProxyEndpointName') as db_proxy_endpoint_name, + JSON_EXTRACT(Properties, '$.DBProxyEndpointArn') as db_proxy_endpoint_arn, + JSON_EXTRACT(Properties, '$.DBProxyName') as db_proxy_name, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.VpcSecurityGroupIds') as vpc_security_group_ids, + JSON_EXTRACT(Properties, '$.VpcSubnetIds') as vpc_subnet_ids, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.TargetRole') as target_role, + JSON_EXTRACT(Properties, '$.IsDefault') as is_default, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBProxyEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DBProxyEndpointName') as db_proxy_endpoint_name, + json_extract_path_text(Properties, 'DBProxyEndpointArn') as db_proxy_endpoint_arn, + json_extract_path_text(Properties, 'DBProxyName') as db_proxy_name, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'VpcSecurityGroupIds') as vpc_security_group_ids, + json_extract_path_text(Properties, 'VpcSubnetIds') as vpc_subnet_ids, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'TargetRole') as target_role, + json_extract_path_text(Properties, 'IsDefault') as is_default, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBProxyEndpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + db_proxy_target_groups: + name: db_proxy_target_groups + id: aws.rds.db_proxy_target_groups + x-cfn-schema-name: DBProxyTargetGroup + x-type: list + x-identifiers: + - TargetGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TargetGroupArn') as target_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBProxyTargetGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TargetGroupArn') as target_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBProxyTargetGroup' + AND region = 'us-east-1' + db_proxy_target_group: + name: db_proxy_target_group + id: aws.rds.db_proxy_target_group + x-cfn-schema-name: DBProxyTargetGroup + x-type: get + x-identifiers: + - TargetGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DBProxyName') as db_proxy_name, + JSON_EXTRACT(Properties, '$.TargetGroupArn') as target_group_arn, + JSON_EXTRACT(Properties, '$.TargetGroupName') as target_group_name, + JSON_EXTRACT(Properties, '$.ConnectionPoolConfigurationInfo') as connection_pool_configuration_info, + JSON_EXTRACT(Properties, '$.DBInstanceIdentifiers') as db_instance_identifiers, + JSON_EXTRACT(Properties, '$.DBClusterIdentifiers') as db_cluster_identifiers + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBProxyTargetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DBProxyName') as db_proxy_name, + json_extract_path_text(Properties, 'TargetGroupArn') as target_group_arn, + json_extract_path_text(Properties, 'TargetGroupName') as target_group_name, + json_extract_path_text(Properties, 'ConnectionPoolConfigurationInfo') as connection_pool_configuration_info, + json_extract_path_text(Properties, 'DBInstanceIdentifiers') as db_instance_identifiers, + json_extract_path_text(Properties, 'DBClusterIdentifiers') as db_cluster_identifiers + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBProxyTargetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + db_subnet_groups: + name: db_subnet_groups + id: aws.rds.db_subnet_groups + x-cfn-schema-name: DBSubnetGroup + x-type: list + x-identifiers: + - DBSubnetGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DBSubnetGroupName') as db_subnet_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBSubnetGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DBSubnetGroupName') as db_subnet_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBSubnetGroup' + AND region = 'us-east-1' + db_subnet_group: + name: db_subnet_group + id: aws.rds.db_subnet_group + x-cfn-schema-name: DBSubnetGroup + x-type: get + x-identifiers: + - DBSubnetGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DBSubnetGroupDescription') as db_subnet_group_description, + JSON_EXTRACT(Properties, '$.DBSubnetGroupName') as db_subnet_group_name, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBSubnetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DBSubnetGroupDescription') as db_subnet_group_description, + json_extract_path_text(Properties, 'DBSubnetGroupName') as db_subnet_group_name, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBSubnetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + event_subscriptions: + name: event_subscriptions + id: aws.rds.event_subscriptions + x-cfn-schema-name: EventSubscription + x-type: list + x-identifiers: + - SubscriptionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SubscriptionName') as subscription_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::EventSubscription' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SubscriptionName') as subscription_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::EventSubscription' + AND region = 'us-east-1' + event_subscription: + name: event_subscription + id: aws.rds.event_subscription + x-cfn-schema-name: EventSubscription + x-type: get + x-identifiers: + - SubscriptionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.SubscriptionName') as subscription_name, + JSON_EXTRACT(Properties, '$.Enabled') as enabled, + JSON_EXTRACT(Properties, '$.EventCategories') as event_categories, + JSON_EXTRACT(Properties, '$.SnsTopicArn') as sns_topic_arn, + JSON_EXTRACT(Properties, '$.SourceIds') as source_ids, + JSON_EXTRACT(Properties, '$.SourceType') as source_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::EventSubscription' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'SubscriptionName') as subscription_name, + json_extract_path_text(Properties, 'Enabled') as enabled, + json_extract_path_text(Properties, 'EventCategories') as event_categories, + json_extract_path_text(Properties, 'SnsTopicArn') as sns_topic_arn, + json_extract_path_text(Properties, 'SourceIds') as source_ids, + json_extract_path_text(Properties, 'SourceType') as source_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::EventSubscription' + AND data__Identifier = '' + AND region = 'us-east-1' + global_clusters: + name: global_clusters + id: aws.rds.global_clusters + x-cfn-schema-name: GlobalCluster + x-type: list + x-identifiers: + - GlobalClusterIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GlobalClusterIdentifier') as global_cluster_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::GlobalCluster' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GlobalClusterIdentifier') as global_cluster_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::GlobalCluster' + AND region = 'us-east-1' + global_cluster: + name: global_cluster + id: aws.rds.global_cluster + x-cfn-schema-name: GlobalCluster + x-type: get + x-identifiers: + - GlobalClusterIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Engine') as engine, + JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(Properties, '$.DeletionProtection') as deletion_protection, + JSON_EXTRACT(Properties, '$.GlobalClusterIdentifier') as global_cluster_identifier, + JSON_EXTRACT(Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, + JSON_EXTRACT(Properties, '$.StorageEncrypted') as storage_encrypted + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::GlobalCluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Engine') as engine, + json_extract_path_text(Properties, 'EngineVersion') as engine_version, + json_extract_path_text(Properties, 'DeletionProtection') as deletion_protection, + json_extract_path_text(Properties, 'GlobalClusterIdentifier') as global_cluster_identifier, + json_extract_path_text(Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, + json_extract_path_text(Properties, 'StorageEncrypted') as storage_encrypted + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::GlobalCluster' + AND data__Identifier = '' + AND region = 'us-east-1' + integrations: + name: integrations + id: aws.rds.integrations + x-cfn-schema-name: Integration + x-type: list + x-identifiers: + - IntegrationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.IntegrationArn') as integration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::Integration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'IntegrationArn') as integration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::Integration' + AND region = 'us-east-1' + integration: + name: integration + id: aws.rds.integration + x-cfn-schema-name: Integration + x-type: get + x-identifiers: + - IntegrationArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IntegrationName') as integration_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.DataFilter') as data_filter, + JSON_EXTRACT(Properties, '$.SourceArn') as source_arn, + JSON_EXTRACT(Properties, '$.TargetArn') as target_arn, + JSON_EXTRACT(Properties, '$.IntegrationArn') as integration_arn, + JSON_EXTRACT(Properties, '$.KMSKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.AdditionalEncryptionContext') as additional_encryption_context, + JSON_EXTRACT(Properties, '$.CreateTime') as create_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::Integration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IntegrationName') as integration_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'DataFilter') as data_filter, + json_extract_path_text(Properties, 'SourceArn') as source_arn, + json_extract_path_text(Properties, 'TargetArn') as target_arn, + json_extract_path_text(Properties, 'IntegrationArn') as integration_arn, + json_extract_path_text(Properties, 'KMSKeyId') as kms_key_id, + json_extract_path_text(Properties, 'AdditionalEncryptionContext') as additional_encryption_context, + json_extract_path_text(Properties, 'CreateTime') as create_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::Integration' + AND data__Identifier = '' + AND region = 'us-east-1' + option_groups: + name: option_groups + id: aws.rds.option_groups + x-cfn-schema-name: OptionGroup + x-type: list + x-identifiers: + - OptionGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.OptionGroupName') as option_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::OptionGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'OptionGroupName') as option_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::OptionGroup' + AND region = 'us-east-1' + option_group: + name: option_group + id: aws.rds.option_group + x-cfn-schema-name: OptionGroup + x-type: get + x-identifiers: + - OptionGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.OptionGroupName') as option_group_name, + JSON_EXTRACT(Properties, '$.OptionGroupDescription') as option_group_description, + JSON_EXTRACT(Properties, '$.EngineName') as engine_name, + JSON_EXTRACT(Properties, '$.MajorEngineVersion') as major_engine_version, + JSON_EXTRACT(Properties, '$.OptionConfigurations') as option_configurations, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::OptionGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'OptionGroupName') as option_group_name, + json_extract_path_text(Properties, 'OptionGroupDescription') as option_group_description, + json_extract_path_text(Properties, 'EngineName') as engine_name, + json_extract_path_text(Properties, 'MajorEngineVersion') as major_engine_version, + json_extract_path_text(Properties, 'OptionConfigurations') as option_configurations, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::OptionGroup' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/redshift.yaml b/providers/src/aws/v00.00.00000/services/redshift.yaml new file mode 100644 index 00000000..bf8f9317 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/redshift.yaml @@ -0,0 +1,1706 @@ +openapi: 3.0.0 +info: + title: Redshift + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + LoggingProperties: + type: object + additionalProperties: false + properties: + BucketName: + type: string + S3KeyPrefix: + type: string + Endpoint: + type: object + additionalProperties: false + properties: + Port: + type: string + Address: + type: string + Cluster: + type: object + properties: + ClusterIdentifier: + description: A unique identifier for the cluster. You use this identifier to refer to the cluster for any subsequent cluster operations such as deleting or modifying. All alphabetical characters must be lower case, no hypens at the end, no two consecutive hyphens. Cluster name should be unique for all clusters within an AWS account + type: string + maxLength: 63 + ClusterNamespaceArn: + description: The Amazon Resource Name (ARN) of the cluster namespace. + type: string + MasterUsername: + description: The user name associated with the master user account for the cluster that is being created. The user name can't be PUBLIC and first character must be a letter. + type: string + maxLength: 128 + MasterUserPassword: + description: The password associated with the master user account for the cluster that is being created. You can't use MasterUserPassword if ManageMasterPassword is true. Password must be between 8 and 64 characters in length, should have at least one uppercase letter.Must contain at least one lowercase letter.Must contain one number.Can be any printable ASCII character. + type: string + maxLength: 64 + NodeType: + description: 'The node type to be provisioned for the cluster.Valid Values: ds2.xlarge | ds2.8xlarge | dc1.large | dc1.8xlarge | dc2.large | dc2.8xlarge | ra3.4xlarge | ra3.16xlarge' + type: string + AllowVersionUpgrade: + description: Major version upgrades can be applied during the maintenance window to the Amazon Redshift engine that is running on the cluster. Default value is True + type: boolean + AutomatedSnapshotRetentionPeriod: + description: The number of days that automated snapshots are retained. If the value is 0, automated snapshots are disabled. Default value is 1 + type: integer + AvailabilityZone: + description: 'The EC2 Availability Zone (AZ) in which you want Amazon Redshift to provision the cluster. Default: A random, system-chosen Availability Zone in the region that is specified by the endpoint' + type: string + ClusterParameterGroupName: + description: The name of the parameter group to be associated with this cluster. + type: string + maxLength: 255 + ClusterType: + description: The type of the cluster. When cluster type is specified as single-node, the NumberOfNodes parameter is not required and if multi-node, the NumberOfNodes parameter is required + type: string + ClusterVersion: + description: The version of the Amazon Redshift engine software that you want to deploy on the cluster.The version selected runs on all the nodes in the cluster. + type: string + ClusterSubnetGroupName: + description: The name of a cluster subnet group to be associated with this cluster. + type: string + DBName: + description: The name of the first database to be created when the cluster is created. To create additional databases after the cluster is created, connect to the cluster with a SQL client and use SQL commands to create a database. + type: string + ElasticIp: + description: The Elastic IP (EIP) address for the cluster. + type: string + Encrypted: + description: If true, the data in the cluster is encrypted at rest. + type: boolean + HsmClientCertificateIdentifier: + description: Specifies the name of the HSM client certificate the Amazon Redshift cluster uses to retrieve the data encryption keys stored in an HSM + type: string + HsmConfigurationIdentifier: + description: Specifies the name of the HSM configuration that contains the information the Amazon Redshift cluster can use to retrieve and store keys in an HSM. + type: string + KmsKeyId: + description: The AWS Key Management Service (KMS) key ID of the encryption key that you want to use to encrypt data in the cluster. + type: string + NumberOfNodes: + description: The number of compute nodes in the cluster. This parameter is required when the ClusterType parameter is specified as multi-node. + type: integer + Port: + description: The port number on which the cluster accepts incoming connections. The cluster is accessible only via the JDBC and ODBC connection strings + type: integer + PreferredMaintenanceWindow: + description: The weekly time range (in UTC) during which automated cluster maintenance can occur. + type: string + PubliclyAccessible: + description: If true, the cluster can be accessed from a public network. + type: boolean + ClusterSecurityGroups: + description: A list of security groups to be associated with this cluster. + type: array + x-insertionOrder: false + uniqueItems: false + items: + type: string + IamRoles: + description: A list of AWS Identity and Access Management (IAM) roles that can be used by the cluster to access other AWS services. You must supply the IAM roles in their Amazon Resource Name (ARN) format. You can supply up to 50 IAM roles in a single request + type: array + x-insertionOrder: false + maxItems: 50 + items: + type: string + Tags: + description: The list of tags for the cluster parameter group. + type: array + x-insertionOrder: false + maxItems: 50 + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + VpcSecurityGroupIds: + description: A list of Virtual Private Cloud (VPC) security groups to be associated with the cluster. + type: array + x-insertionOrder: false + uniqueItems: false + items: + type: string + SnapshotClusterIdentifier: + description: The name of the cluster the source snapshot was created from. This parameter is required if your IAM user has a policy containing a snapshot resource element that specifies anything other than * for the cluster name. + type: string + SnapshotIdentifier: + description: The name of the snapshot from which to create the new cluster. This parameter isn't case sensitive. + type: string + OwnerAccount: + type: string + LoggingProperties: + $ref: '#/components/schemas/LoggingProperties' + Endpoint: + $ref: '#/components/schemas/Endpoint' + DestinationRegion: + description: 'The destination AWS Region that you want to copy snapshots to. Constraints: Must be the name of a valid AWS Region. For more information, see Regions and Endpoints in the Amazon Web Services [https://docs.aws.amazon.com/general/latest/gr/rande.html#redshift_region] General Reference' + type: string + SnapshotCopyRetentionPeriod: + description: |- + The number of days to retain automated snapshots in the destination region after they are copied from the source region. + + Default is 7. + + Constraints: Must be at least 1 and no more than 35. + type: integer + SnapshotCopyGrantName: + description: The name of the snapshot copy grant to use when snapshots of an AWS KMS-encrypted cluster are copied to the destination region. + type: string + ManualSnapshotRetentionPeriod: + description: |- + The number of days to retain newly copied snapshots in the destination AWS Region after they are copied from the source AWS Region. If the value is -1, the manual snapshot is retained indefinitely. + + The value must be either -1 or an integer between 1 and 3,653. + type: integer + SnapshotCopyManual: + description: Indicates whether to apply the snapshot retention period to newly copied manual snapshots instead of automated snapshots. + type: boolean + AvailabilityZoneRelocation: + description: The option to enable relocation for an Amazon Redshift cluster between Availability Zones after the cluster modification is complete. + type: boolean + AvailabilityZoneRelocationStatus: + description: The availability zone relocation status of the cluster + type: string + AquaConfigurationStatus: + description: | + The value represents how the cluster is configured to use AQUA (Advanced Query Accelerator) after the cluster is restored. Possible values include the following. + + enabled - Use AQUA if it is available for the current Region and Amazon Redshift node type. + disabled - Don't use AQUA. + auto - Amazon Redshift determines whether to use AQUA. + type: string + Classic: + description: A boolean value indicating whether the resize operation is using the classic resize process. If you don't provide this parameter or set the value to false , the resize type is elastic. + type: boolean + EnhancedVpcRouting: + description: |- + An option that specifies whether to create the cluster with enhanced VPC routing enabled. To create a cluster that uses enhanced VPC routing, the cluster must be in a VPC. For more information, see Enhanced VPC Routing in the Amazon Redshift Cluster Management Guide. + + If this option is true , enhanced VPC routing is enabled. + + Default: false + type: boolean + MaintenanceTrackName: + description: The name for the maintenance track that you want to assign for the cluster. This name change is asynchronous. The new track name stays in the PendingModifiedValues for the cluster until the next maintenance window. When the maintenance track changes, the cluster is switched to the latest cluster release available for the maintenance track. At this point, the maintenance track name is applied. + type: string + DeferMaintenance: + description: A boolean indicating whether to enable the deferred maintenance window. + type: boolean + DeferMaintenanceIdentifier: + description: A unique identifier for the deferred maintenance window. + type: string + DeferMaintenanceStartTime: + description: A timestamp indicating the start time for the deferred maintenance window. + type: string + DeferMaintenanceEndTime: + description: A timestamp indicating end time for the deferred maintenance window. If you specify an end time, you can't specify a duration. + type: string + DeferMaintenanceDuration: + description: An integer indicating the duration of the maintenance window in days. If you specify a duration, you can't specify an end time. The duration must be 45 days or less. + type: integer + RevisionTarget: + description: The identifier of the database revision. You can retrieve this value from the response to the DescribeClusterDbRevisions request. + type: string + ResourceAction: + description: The Redshift operation to be performed. Resource Action supports pause-cluster, resume-cluster, failover-primary-compute APIs + type: string + RotateEncryptionKey: + description: A boolean indicating if we want to rotate Encryption Keys. + type: boolean + MultiAZ: + description: A boolean indicating if the redshift cluster is multi-az or not. If you don't provide this parameter or set the value to false, the redshift cluster will be single-az. + type: boolean + NamespaceResourcePolicy: + description: The namespace resource policy document that will be attached to a Redshift cluster. + type: object + ManageMasterPassword: + description: A boolean indicating if the redshift cluster's admin user credentials is managed by Redshift or not. You can't use MasterUserPassword if ManageMasterPassword is true. If ManageMasterPassword is false or not set, Amazon Redshift uses MasterUserPassword for the admin user account's password. + type: boolean + MasterPasswordSecretKmsKeyId: + description: The ID of the Key Management Service (KMS) key used to encrypt and store the cluster's admin user credentials secret. + type: string + MasterPasswordSecretArn: + description: The Amazon Resource Name (ARN) for the cluster's admin user credentials secret. + type: string + required: + - NodeType + - MasterUsername + - DBName + - ClusterType + x-stackql-resource-name: cluster + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::Redshift::Cluster + x-stackql-primary-identifier: + - ClusterIdentifier + x-create-only-properties: + - ClusterIdentifier + - OwnerAccount + - SnapshotIdentifier + - DBName + - SnapshotClusterIdentifier + - ClusterSubnetGroupName + - MasterUsername + x-write-only-properties: + - MasterUserPassword + - Classic + - SnapshotIdentifier + - DeferMaintenance + - DeferMaintenanceDuration + - ManageMasterPassword + x-read-only-properties: + - DeferMaintenanceIdentifier + - Endpoint/Port + - Endpoint/Address + - ClusterNamespaceArn + - MasterPasswordSecretArn + x-required-properties: + - NodeType + - MasterUsername + - DBName + - ClusterType + x-tagging: + taggable: true + x-required-permissions: + create: + - iam:PassRole + - iam:CreateServiceLinkedRole + - redshift:DescribeClusters + - redshift:CreateCluster + - redshift:RestoreFromClusterSnapshot + - redshift:EnableLogging + - redshift:DescribeLoggingStatus + - redshift:CreateTags + - redshift:DescribeTags + - redshift:GetResourcePolicy + - redshift:PutResourcePolicy + - redshift:ModifyClusterMaintenance + - ec2:DescribeVpcs + - ec2:DescribeSubnets + - ec2:DescribeNetworkInterfaces + - ec2:DescribeAddresses + - ec2:AssociateAddress + - ec2:CreateNetworkInterface + - ec2:ModifyNetworkInterfaceAttribute + - ec2:CreateVpcEndpoint + - ec2:DescribeVpcEndpoints + - ec2:ModifyVpcEndpoint + - ec2:AllocateAddress + - ec2:CreateSecurityGroup + - ec2:DescribeVpcAttribute + - ec2:DescribeSecurityGroups + - ec2:DescribeInternetGateways + - ec2:DescribeSecurityGroupRules + - ec2:DescribeAvailabilityZones + - ec2:DescribeNetworkAcls + - ec2:DescribeRouteTables + - cloudwatch:PutMetricData + read: + - redshift:DescribeClusters + - redshift:DescribeLoggingStatus + - redshift:DescribeSnapshotCopyGrant + - redshift:DescribeClusterDbRevisions + - redshift:DescribeTags + - redshift:GetResourcePolicy + update: + - iam:PassRole + - redshift:DescribeClusters + - redshift:ModifyCluster + - redshift:ModifyClusterIamRoles + - redshift:EnableLogging + - redshift:CreateTags + - redshift:DeleteTags + - redshift:DescribeTags + - redshift:DisableLogging + - redshift:DescribeLoggingStatus + - redshift:RebootCluster + - redshift:EnableSnapshotCopy + - redshift:DisableSnapshotCopy + - redshift:ModifySnapshotCopyRetentionPeriod + - redshift:ModifyAquaConfiguration + - redshift:ResizeCluster + - redshift:ModifyClusterMaintenance + - redshift:DescribeClusterDbRevisions + - redshift:ModifyClusterDbRevisions + - redshift:PauseCluster + - redshift:ResumeCluster + - redshift:RotateEncryptionKey + - redshift:FailoverPrimaryCompute + - redshift:PutResourcePolicy + - redshift:GetResourcePolicy + - redshift:DeleteResourcePolicy + - cloudwatch:PutMetricData + delete: + - redshift:DescribeTags + - redshift:DescribeClusters + - redshift:DeleteCluster + list: + - redshift:DescribeTags + - redshift:DescribeClusters + Parameter: + type: object + additionalProperties: false + properties: + ParameterName: + type: string + description: The name of the parameter. + ParameterValue: + type: string + description: The value of the parameter. If `ParameterName` is `wlm_json_configuration`, then the maximum size of `ParameterValue` is 8000 characters. + required: + - ParameterValue + - ParameterName + ClusterParameterGroup: + type: object + properties: + ParameterGroupName: + type: string + description: The name of the cluster parameter group. + maxLength: 255 + Description: + type: string + description: A description of the parameter group. + ParameterGroupFamily: + type: string + description: The Amazon Redshift engine version to which the cluster parameter group applies. The cluster engine version determines the set of parameters. + Parameters: + type: array + description: An array of parameters to be modified. A maximum of 20 parameters can be modified in a single request. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Parameter' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Description + - ParameterGroupFamily + x-stackql-resource-name: cluster_parameter_group + description: Resource Type definition for AWS::Redshift::ClusterParameterGroup + x-type-name: AWS::Redshift::ClusterParameterGroup + x-stackql-primary-identifier: + - ParameterGroupName + x-create-only-properties: + - ParameterGroupName + - ParameterGroupFamily + - Description + x-write-only-properties: + - Tags + - Tags/*/Key + - Tags/*/Value + x-required-properties: + - Description + - ParameterGroupFamily + x-tagging: + taggable: true + x-required-permissions: + create: + - redshift:CreateClusterParameterGroup + - redshift:ModifyClusterParameterGroup + - redshift:DescribeClusterParameterGroups + - redshift:DescribeClusterParameters + - redshift:DescribeTags + - redshift:CreateTags + - ec2:AllocateAddress + - ec2:AssociateAddress + - ec2:AttachNetworkInterface + - ec2:DescribeAccountAttributes + - ec2:DescribeAddresses + - ec2:DescribeAvailabilityZones + - ec2:DescribeInternetGateways + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcs + read: + - redshift:DescribeClusterParameterGroups + - initech:DescribeReport + - redshift:DescribeClusterParameters + - redshift:DescribeTags + update: + - redshift:DescribeClusterParameterGroups + - redshift:ResetClusterParameterGroup + - redshift:ModifyClusterParameterGroup + - redshift:DescribeClusterParameters + - redshift:DescribeTags + - redshift:CreateTags + - redshift:DeleteTags + - initech:UpdateReport + delete: + - redshift:DescribeTags + - redshift:DescribeClusterParameterGroups + - redshift:DeleteClusterParameterGroup + - redshift:DescribeClusterParameters + - initech:DeleteReport + list: + - redshift:DescribeTags + - redshift:DescribeClusterParameterGroups + - redshift:DescribeClusterParameters + - initech:ListReports + ClusterSubnetGroup: + type: object + properties: + Description: + description: The description of the parameter group. + type: string + SubnetIds: + description: The list of VPC subnet IDs + type: array + x-insertionOrder: false + maxItems: 20 + items: + type: string + Tags: + description: The list of tags for the cluster parameter group. + type: array + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + ClusterSubnetGroupName: + description: 'This name must be unique for all subnet groups that are created by your AWS account. If costumer do not provide it, cloudformation will generate it. Must not be "Default". ' + type: string + maxLength: 255 + required: + - Description + - SubnetIds + x-stackql-resource-name: cluster_subnet_group + description: Specifies an Amazon Redshift subnet group. + x-type-name: AWS::Redshift::ClusterSubnetGroup + x-stackql-primary-identifier: + - ClusterSubnetGroupName + x-write-only-properties: + - Tags + - Tags/*/Key + - Tags/*/Value + x-read-only-properties: + - ClusterSubnetGroupName + x-required-properties: + - Description + - SubnetIds + x-tagging: + taggable: true + x-required-permissions: + create: + - redshift:CreateClusterSubnetGroup + - redshift:CreateTags + - redshift:DescribeClusterSubnetGroups + - redshift:DescribeTags + - ec2:AllocateAddress + - ec2:AssociateAddress + - ec2:AttachNetworkInterface + - ec2:DescribeAccountAttributes + - ec2:DescribeAddresses + - ec2:DescribeAvailabilityZones + - ec2:DescribeInternetGateways + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcs + read: + - redshift:DescribeClusterSubnetGroups + - redshift:DescribeTags + - ec2:AllocateAddress + - ec2:AssociateAddress + - ec2:AttachNetworkInterface + - ec2:DescribeAccountAttributes + - ec2:DescribeAddresses + - ec2:DescribeAvailabilityZones + - ec2:DescribeInternetGateways + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcs + update: + - redshift:ModifyClusterSubnetGroup + - redshift:DescribeClusterSubnetGroups + - redshift:DescribeTags + - redshift:CreateTags + - redshift:DeleteTags + - ec2:AllocateAddress + - ec2:AssociateAddress + - ec2:AttachNetworkInterface + - ec2:DescribeAccountAttributes + - ec2:DescribeAddresses + - ec2:DescribeAvailabilityZones + - ec2:DescribeInternetGateways + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcs + delete: + - redshift:DeleteClusterSubnetGroup + - redshift:DescribeClusterSubnetGroups + - redshift:DescribeTags + - ec2:AllocateAddress + - ec2:AssociateAddress + - ec2:AttachNetworkInterface + - ec2:DescribeAccountAttributes + - ec2:DescribeAddresses + - ec2:DescribeAvailabilityZones + - ec2:DescribeInternetGateways + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcs + list: + - redshift:DescribeClusterSubnetGroups + - redshift:DescribeTags + - ec2:AllocateAddress + - ec2:AssociateAddress + - ec2:AttachNetworkInterface + - ec2:DescribeAccountAttributes + - ec2:DescribeAddresses + - ec2:DescribeAvailabilityZones + - ec2:DescribeInternetGateways + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcs + VpcSecurityGroup: + description: Describes the members of a VPC security group. + type: object + properties: + VpcSecurityGroupId: + type: string + description: The identifier of the VPC security group. + Status: + type: string + description: The status of the VPC security group. + additionalProperties: false + NetworkInterface: + description: Describes a network interface. + type: object + properties: + NetworkInterfaceId: + type: string + description: The network interface identifier. + SubnetId: + type: string + description: The subnet identifier. + PrivateIpAddress: + type: string + description: The IPv4 address of the network interface within the subnet. + AvailabilityZone: + type: string + description: The Availability Zone. + additionalProperties: false + EndpointAccess: + type: object + properties: + Address: + description: The DNS address of the endpoint. + type: string + ClusterIdentifier: + description: A unique identifier for the cluster. You use this identifier to refer to the cluster for any subsequent cluster operations such as deleting or modifying. All alphabetical characters must be lower case, no hypens at the end, no two consecutive hyphens. Cluster name should be unique for all clusters within an AWS account + type: string + VpcSecurityGroups: + description: A list of Virtual Private Cloud (VPC) security groups to be associated with the endpoint. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/VpcSecurityGroup' + ResourceOwner: + description: The AWS account ID of the owner of the cluster. + type: string + pattern: ^\d{12}$ + EndpointStatus: + description: The status of the endpoint. + type: string + EndpointName: + description: The name of the endpoint. + type: string + pattern: ^(?=^[a-z][a-z0-9]*(-[a-z0-9]+)*$).{1,30}$ + EndpointCreateTime: + description: The time (UTC) that the endpoint was created. + type: string + SubnetGroupName: + description: The subnet group name where Amazon Redshift chooses to deploy the endpoint. + type: string + pattern: ^(?=^[a-zA-Z0-9-]+$).{1,255}$ + Port: + description: The port number on which the cluster accepts incoming connections. + type: integer + VpcSecurityGroupIds: + description: A list of vpc security group ids to apply to the created endpoint access. + type: array + x-insertionOrder: false + items: + type: string + VpcEndpoint: + description: The connection endpoint for connecting to an Amazon Redshift cluster through the proxy. + type: object + properties: + VpcEndpointId: + type: string + description: The connection endpoint ID for connecting an Amazon Redshift cluster through the proxy. + VpcId: + type: string + description: The VPC identifier that the endpoint is associated. + NetworkInterfaces: + type: array + x-insertionOrder: false + description: One or more network interfaces of the endpoint. Also known as an interface endpoint. + items: + $ref: '#/components/schemas/NetworkInterface' + additionalProperties: false + required: + - ClusterIdentifier + - SubnetGroupName + - EndpointName + - VpcSecurityGroupIds + x-stackql-resource-name: endpoint_access + description: Resource schema for a Redshift-managed VPC endpoint. + x-type-name: AWS::Redshift::EndpointAccess + x-stackql-primary-identifier: + - EndpointName + x-create-only-properties: + - EndpointName + - ClusterIdentifier + - ResourceOwner + - SubnetGroupName + x-read-only-properties: + - Address + - EndpointStatus + - EndpointCreateTime + - Port + - VpcSecurityGroups + - VpcSecurityGroups/*/VpcSecurityGroupId + - VpcSecurityGroups/*/Status + - VpcEndpoint + - VpcEndpoint/VpcEndpointId + - VpcEndpoint/VpcId + - VpcEndpoint/NetworkInterfaces/*/NetworkInterfaceId + - VpcEndpoint/NetworkInterfaces/*/PrivateIpAddress + - VpcEndpoint/NetworkInterfaces/*/SubnetId + - VpcEndpoint/NetworkInterfaces/*/AvailabilityZone + x-required-properties: + - ClusterIdentifier + - SubnetGroupName + - EndpointName + - VpcSecurityGroupIds + x-tagging: + taggable: false + x-required-permissions: + create: + - redshift:CreateEndpointAccess + - redshift:DescribeEndpointAccess + - ec2:CreateClientVpnEndpoint + - ec2:CreateVpcEndpoint + - ec2:DescribeVpcAttribute + - ec2:DescribeSecurityGroups + - ec2:DescribeAddresses + - ec2:DescribeInternetGateways + - ec2:DescribeSubnets + read: + - redshift:DescribeEndpointAccess + - ec2:DescribeClientVpnEndpoints + - ec2:DescribeVpcEndpoint + - ec2:DescribeVpcAttribute + - ec2:DescribeSecurityGroups + - ec2:DescribeAddresses + - ec2:DescribeInternetGateways + - ec2:DescribeSubnets + update: + - redshift:DescribeEndpointAccess + - redshift:ModifyEndpointAccess + - ec2:ModifyClientVpnEndpoint + - ec2:ModifyVpcEndpoint + - ec2:DescribeVpcAttribute + - ec2:DescribeSecurityGroups + - ec2:DescribeAddresses + - ec2:DescribeInternetGateways + - ec2:DescribeSubnets + delete: + - redshift:DeleteEndpointAccess + - redshift:DescribeEndpointAccess + - ec2:DeleteClientVpnEndpoint + - ec2:DeleteVpcEndpoint + - ec2:DescribeVpcAttribute + - ec2:DescribeSecurityGroups + - ec2:DescribeAddresses + - ec2:DescribeInternetGateways + - ec2:DescribeSubnets + - ec2:DescribeVpcEndpoint + list: + - redshift:DescribeEndpointAccess + - ec2:DescribeClientVpnEndpoints + - ec2:DescribeVpcEndpoints + - ec2:DescribeVpcAttribute + - ec2:DescribeSecurityGroups + - ec2:DescribeAddresses + - ec2:DescribeInternetGateways + - ec2:DescribeSubnets + AwsAccount: + type: string + pattern: ^\d{12}$ + VpcId: + type: string + pattern: ^vpc-[A-Za-z0-9]{1,17}$ + EndpointAuthorization: + type: object + properties: + Grantor: + description: The AWS account ID of the cluster owner. + $ref: '#/components/schemas/AwsAccount' + Grantee: + description: The AWS account ID of the grantee of the cluster. + $ref: '#/components/schemas/AwsAccount' + ClusterIdentifier: + description: The cluster identifier. + type: string + pattern: ^(?=^[a-z][a-z0-9]*(-[a-z0-9]+)*$).{1,63}$ + AuthorizeTime: + description: The time (UTC) when the authorization was created. + type: string + ClusterStatus: + description: The status of the cluster. + type: string + Status: + description: The status of the authorization action. + type: string + AllowedAllVPCs: + description: Indicates whether all VPCs in the grantee account are allowed access to the cluster. + type: boolean + AllowedVPCs: + description: The VPCs allowed access to the cluster. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/VpcId' + EndpointCount: + description: The number of Redshift-managed VPC endpoints created for the authorization. + type: integer + Account: + description: The target AWS account ID to grant or revoke access for. + $ref: '#/components/schemas/AwsAccount' + VpcIds: + description: The virtual private cloud (VPC) identifiers to grant or revoke access to. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/VpcId' + Force: + description: ' Indicates whether to force the revoke action. If true, the Redshift-managed VPC endpoints associated with the endpoint authorization are also deleted.' + type: boolean + required: + - ClusterIdentifier + - Account + x-stackql-resource-name: endpoint_authorization + description: Describes an endpoint authorization for authorizing Redshift-managed VPC endpoint access to a cluster across AWS accounts. + x-type-name: AWS::Redshift::EndpointAuthorization + x-stackql-primary-identifier: + - ClusterIdentifier + - Account + x-create-only-properties: + - ClusterIdentifier + - Account + x-write-only-properties: + - Force + x-read-only-properties: + - Grantor + - Grantee + - AuthorizeTime + - ClusterStatus + - Status + - AllowedAllVPCs + - AllowedVPCs + - EndpointCount + x-required-properties: + - ClusterIdentifier + - Account + x-tagging: + taggable: false + x-required-permissions: + create: + - redshift:AuthorizeEndpointAccess + - redshift:DescribeEndpointAuthorization + read: + - redshift:DescribeEndpointAuthorization + update: + - redshift:AuthorizeEndpointAccess + - redshift:DescribeEndpointAuthorization + - redshift:RevokeEndpointAccess + delete: + - redshift:RevokeEndpointAccess + - redshift:DeleteEndpointAccess + - redshift:DescribeEndpointAuthorization + - ec2:DeleteClientVpnEndpoint + - ec2:DescribeVpcAttribute + - ec2:DescribeSecurityGroups + - ec2:DescribeAddresses + - ec2:DescribeInternetGateways + - ec2:DescribeSubnets + list: + - redshift:DescribeEndpointAuthorization + EventSubscription: + type: object + properties: + SubscriptionName: + description: The name of the Amazon Redshift event notification subscription + type: string + pattern: ^(?=^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$).{1,255}$ + SnsTopicArn: + description: The Amazon Resource Name (ARN) of the Amazon SNS topic used to transmit the event notifications. + type: string + SourceType: + description: The type of source that will be generating the events. + type: string + enum: + - cluster + - cluster-parameter-group + - cluster-security-group + - cluster-snapshot + - scheduled-action + SourceIds: + description: A list of one or more identifiers of Amazon Redshift source objects. + type: array + x-insertionOrder: false + items: + type: string + EventCategories: + description: Specifies the Amazon Redshift event categories to be published by the event notification subscription. + type: array + x-insertionOrder: false + uniqueItems: true + items: + type: string + enum: + - configuration + - management + - monitoring + - security + - pending + Severity: + description: Specifies the Amazon Redshift event severity to be published by the event notification subscription. + type: string + enum: + - ERROR + - INFO + Enabled: + description: A boolean value; set to true to activate the subscription, and set to false to create the subscription but not activate it. + type: boolean + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + CustomerAwsId: + description: The AWS account associated with the Amazon Redshift event notification subscription. + type: string + CustSubscriptionId: + description: The name of the Amazon Redshift event notification subscription. + type: string + Status: + description: The status of the Amazon Redshift event notification subscription. + type: string + enum: + - active + - no-permission + - topic-not-exist + SubscriptionCreationTime: + description: The date and time the Amazon Redshift event notification subscription was created. + type: string + SourceIdsList: + description: A list of the sources that publish events to the Amazon Redshift event notification subscription. + type: array + x-insertionOrder: false + items: + type: string + EventCategoriesList: + description: The list of Amazon Redshift event categories specified in the event notification subscription. + type: array + x-insertionOrder: false + uniqueItems: true + items: + type: string + required: + - SubscriptionName + x-stackql-resource-name: event_subscription + description: The `AWS::Redshift::EventSubscription` resource creates an Amazon Redshift Event Subscription. + x-type-name: AWS::Redshift::EventSubscription + x-stackql-primary-identifier: + - SubscriptionName + x-create-only-properties: + - SubscriptionName + x-write-only-properties: + - Tags + - Tags/*/Key + - Tags/*/Value + x-read-only-properties: + - CustomerAwsId + - CustSubscriptionId + - Status + - SubscriptionCreationTime + - SourceIdsList + - EventCategoriesList + x-required-properties: + - SubscriptionName + x-tagging: + taggable: true + x-required-permissions: + create: + - redshift:CreateEventSubscription + - redshift:CreateTags + - redshift:DescribeTags + - redshift:DescribeEventSubscriptions + read: + - redshift:DescribeEventSubscriptions + - redshift:DescribeTags + update: + - redshift:ModifyEventSubscription + - redshift:CreateTags + - redshift:DescribeTags + - redshift:DescribeEventSubscriptions + - redshift:DeleteTags + delete: + - redshift:DescribeEventSubscriptions + - redshift:DeleteEventSubscription + - redshift:DescribeTags + - redshift:DeleteTags + list: + - redshift:DescribeTags + - redshift:DescribeEventSubscriptions + ResizeClusterMessage: + description: Describes a resize cluster operation. For example, a scheduled action to run the `ResizeCluster` API operation. + type: object + properties: + ClusterIdentifier: + type: string + ClusterType: + type: string + NodeType: + type: string + NumberOfNodes: + type: integer + Classic: + type: boolean + required: + - ClusterIdentifier + additionalProperties: false + PauseClusterMessage: + description: Describes a pause cluster operation. For example, a scheduled action to run the `PauseCluster` API operation. + type: object + properties: + ClusterIdentifier: + type: string + required: + - ClusterIdentifier + additionalProperties: false + ResumeClusterMessage: + description: Describes a resume cluster operation. For example, a scheduled action to run the `ResumeCluster` API operation. + type: object + properties: + ClusterIdentifier: + type: string + required: + - ClusterIdentifier + additionalProperties: false + ScheduledActionType: + type: object + oneOf: + - properties: + ResizeCluster: + $ref: '#/components/schemas/ResizeClusterMessage' + additionalProperties: false + - properties: + PauseCluster: + $ref: '#/components/schemas/PauseClusterMessage' + additionalProperties: false + - properties: + ResumeCluster: + $ref: '#/components/schemas/ResumeClusterMessage' + additionalProperties: false + timestamp: + type: string + ScheduledAction: + type: object + properties: + ScheduledActionName: + description: The name of the scheduled action. The name must be unique within an account. + type: string + TargetAction: + description: A JSON format string of the Amazon Redshift API operation with input parameters. + $ref: '#/components/schemas/ScheduledActionType' + Schedule: + description: The schedule in `at( )` or `cron( )` format. + type: string + IamRole: + description: The IAM role to assume to run the target action. + type: string + ScheduledActionDescription: + description: The description of the scheduled action. + type: string + StartTime: + description: The start time in UTC of the scheduled action. Before this time, the scheduled action does not trigger. + $ref: '#/components/schemas/timestamp' + EndTime: + description: The end time in UTC of the scheduled action. After this time, the scheduled action does not trigger. + $ref: '#/components/schemas/timestamp' + Enable: + description: If true, the schedule is enabled. If false, the scheduled action does not trigger. + type: boolean + State: + description: The state of the scheduled action. + type: string + enum: + - ACTIVE + - DISABLED + NextInvocations: + description: List of times when the scheduled action will run. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/timestamp' + required: + - ScheduledActionName + x-stackql-resource-name: scheduled_action + description: The `AWS::Redshift::ScheduledAction` resource creates an Amazon Redshift Scheduled Action. + x-type-name: AWS::Redshift::ScheduledAction + x-stackql-primary-identifier: + - ScheduledActionName + x-create-only-properties: + - ScheduledActionName + x-read-only-properties: + - State + - NextInvocations + x-required-properties: + - ScheduledActionName + x-tagging: + taggable: false + x-required-permissions: + create: + - redshift:CreateScheduledAction + - redshift:DescribeScheduledActions + - redshift:DescribeTags + - redshift:PauseCluster + - redshift:ResumeCluster + - redshift:ResizeCluster + - iam:PassRole + read: + - redshift:DescribeScheduledActions + - redshift:DescribeTags + update: + - redshift:DescribeScheduledActions + - redshift:ModifyScheduledAction + - redshift:PauseCluster + - redshift:ResumeCluster + - redshift:ResizeCluster + - redshift:DescribeTags + - iam:PassRole + delete: + - redshift:DescribeTags + - redshift:DescribeScheduledActions + - redshift:DeleteScheduledAction + list: + - redshift:DescribeTags + - redshift:DescribeScheduledActions + x-stackQL-resources: + clusters: + name: clusters + id: aws.redshift.clusters + x-cfn-schema-name: Cluster + x-type: list + x-identifiers: + - ClusterIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ClusterIdentifier') as cluster_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::Cluster' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ClusterIdentifier') as cluster_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::Cluster' + AND region = 'us-east-1' + cluster: + name: cluster + id: aws.redshift.cluster + x-cfn-schema-name: Cluster + x-type: get + x-identifiers: + - ClusterIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ClusterIdentifier') as cluster_identifier, + JSON_EXTRACT(Properties, '$.ClusterNamespaceArn') as cluster_namespace_arn, + JSON_EXTRACT(Properties, '$.MasterUsername') as master_username, + JSON_EXTRACT(Properties, '$.MasterUserPassword') as master_user_password, + JSON_EXTRACT(Properties, '$.NodeType') as node_type, + JSON_EXTRACT(Properties, '$.AllowVersionUpgrade') as allow_version_upgrade, + JSON_EXTRACT(Properties, '$.AutomatedSnapshotRetentionPeriod') as automated_snapshot_retention_period, + JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(Properties, '$.ClusterParameterGroupName') as cluster_parameter_group_name, + JSON_EXTRACT(Properties, '$.ClusterType') as cluster_type, + JSON_EXTRACT(Properties, '$.ClusterVersion') as cluster_version, + JSON_EXTRACT(Properties, '$.ClusterSubnetGroupName') as cluster_subnet_group_name, + JSON_EXTRACT(Properties, '$.DBName') as db_name, + JSON_EXTRACT(Properties, '$.ElasticIp') as elastic_ip, + JSON_EXTRACT(Properties, '$.Encrypted') as encrypted, + JSON_EXTRACT(Properties, '$.HsmClientCertificateIdentifier') as hsm_client_certificate_identifier, + JSON_EXTRACT(Properties, '$.HsmConfigurationIdentifier') as hsm_configuration_identifier, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.NumberOfNodes') as number_of_nodes, + JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, + JSON_EXTRACT(Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(Properties, '$.ClusterSecurityGroups') as cluster_security_groups, + JSON_EXTRACT(Properties, '$.IamRoles') as iam_roles, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VpcSecurityGroupIds') as vpc_security_group_ids, + JSON_EXTRACT(Properties, '$.SnapshotClusterIdentifier') as snapshot_cluster_identifier, + JSON_EXTRACT(Properties, '$.SnapshotIdentifier') as snapshot_identifier, + JSON_EXTRACT(Properties, '$.OwnerAccount') as owner_account, + JSON_EXTRACT(Properties, '$.LoggingProperties') as logging_properties, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.DestinationRegion') as destination_region, + JSON_EXTRACT(Properties, '$.SnapshotCopyRetentionPeriod') as snapshot_copy_retention_period, + JSON_EXTRACT(Properties, '$.SnapshotCopyGrantName') as snapshot_copy_grant_name, + JSON_EXTRACT(Properties, '$.ManualSnapshotRetentionPeriod') as manual_snapshot_retention_period, + JSON_EXTRACT(Properties, '$.SnapshotCopyManual') as snapshot_copy_manual, + JSON_EXTRACT(Properties, '$.AvailabilityZoneRelocation') as availability_zone_relocation, + JSON_EXTRACT(Properties, '$.AvailabilityZoneRelocationStatus') as availability_zone_relocation_status, + JSON_EXTRACT(Properties, '$.AquaConfigurationStatus') as aqua_configuration_status, + JSON_EXTRACT(Properties, '$.Classic') as classic, + JSON_EXTRACT(Properties, '$.EnhancedVpcRouting') as enhanced_vpc_routing, + JSON_EXTRACT(Properties, '$.MaintenanceTrackName') as maintenance_track_name, + JSON_EXTRACT(Properties, '$.DeferMaintenance') as defer_maintenance, + JSON_EXTRACT(Properties, '$.DeferMaintenanceIdentifier') as defer_maintenance_identifier, + JSON_EXTRACT(Properties, '$.DeferMaintenanceStartTime') as defer_maintenance_start_time, + JSON_EXTRACT(Properties, '$.DeferMaintenanceEndTime') as defer_maintenance_end_time, + JSON_EXTRACT(Properties, '$.DeferMaintenanceDuration') as defer_maintenance_duration, + JSON_EXTRACT(Properties, '$.RevisionTarget') as revision_target, + JSON_EXTRACT(Properties, '$.ResourceAction') as resource_action, + JSON_EXTRACT(Properties, '$.RotateEncryptionKey') as rotate_encryption_key, + JSON_EXTRACT(Properties, '$.MultiAZ') as multi_az, + JSON_EXTRACT(Properties, '$.NamespaceResourcePolicy') as namespace_resource_policy, + JSON_EXTRACT(Properties, '$.ManageMasterPassword') as manage_master_password, + JSON_EXTRACT(Properties, '$.MasterPasswordSecretKmsKeyId') as master_password_secret_kms_key_id, + JSON_EXTRACT(Properties, '$.MasterPasswordSecretArn') as master_password_secret_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ClusterIdentifier') as cluster_identifier, + json_extract_path_text(Properties, 'ClusterNamespaceArn') as cluster_namespace_arn, + json_extract_path_text(Properties, 'MasterUsername') as master_username, + json_extract_path_text(Properties, 'MasterUserPassword') as master_user_password, + json_extract_path_text(Properties, 'NodeType') as node_type, + json_extract_path_text(Properties, 'AllowVersionUpgrade') as allow_version_upgrade, + json_extract_path_text(Properties, 'AutomatedSnapshotRetentionPeriod') as automated_snapshot_retention_period, + json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(Properties, 'ClusterParameterGroupName') as cluster_parameter_group_name, + json_extract_path_text(Properties, 'ClusterType') as cluster_type, + json_extract_path_text(Properties, 'ClusterVersion') as cluster_version, + json_extract_path_text(Properties, 'ClusterSubnetGroupName') as cluster_subnet_group_name, + json_extract_path_text(Properties, 'DBName') as db_name, + json_extract_path_text(Properties, 'ElasticIp') as elastic_ip, + json_extract_path_text(Properties, 'Encrypted') as encrypted, + json_extract_path_text(Properties, 'HsmClientCertificateIdentifier') as hsm_client_certificate_identifier, + json_extract_path_text(Properties, 'HsmConfigurationIdentifier') as hsm_configuration_identifier, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'NumberOfNodes') as number_of_nodes, + json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, + json_extract_path_text(Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(Properties, 'ClusterSecurityGroups') as cluster_security_groups, + json_extract_path_text(Properties, 'IamRoles') as iam_roles, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VpcSecurityGroupIds') as vpc_security_group_ids, + json_extract_path_text(Properties, 'SnapshotClusterIdentifier') as snapshot_cluster_identifier, + json_extract_path_text(Properties, 'SnapshotIdentifier') as snapshot_identifier, + json_extract_path_text(Properties, 'OwnerAccount') as owner_account, + json_extract_path_text(Properties, 'LoggingProperties') as logging_properties, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'DestinationRegion') as destination_region, + json_extract_path_text(Properties, 'SnapshotCopyRetentionPeriod') as snapshot_copy_retention_period, + json_extract_path_text(Properties, 'SnapshotCopyGrantName') as snapshot_copy_grant_name, + json_extract_path_text(Properties, 'ManualSnapshotRetentionPeriod') as manual_snapshot_retention_period, + json_extract_path_text(Properties, 'SnapshotCopyManual') as snapshot_copy_manual, + json_extract_path_text(Properties, 'AvailabilityZoneRelocation') as availability_zone_relocation, + json_extract_path_text(Properties, 'AvailabilityZoneRelocationStatus') as availability_zone_relocation_status, + json_extract_path_text(Properties, 'AquaConfigurationStatus') as aqua_configuration_status, + json_extract_path_text(Properties, 'Classic') as classic, + json_extract_path_text(Properties, 'EnhancedVpcRouting') as enhanced_vpc_routing, + json_extract_path_text(Properties, 'MaintenanceTrackName') as maintenance_track_name, + json_extract_path_text(Properties, 'DeferMaintenance') as defer_maintenance, + json_extract_path_text(Properties, 'DeferMaintenanceIdentifier') as defer_maintenance_identifier, + json_extract_path_text(Properties, 'DeferMaintenanceStartTime') as defer_maintenance_start_time, + json_extract_path_text(Properties, 'DeferMaintenanceEndTime') as defer_maintenance_end_time, + json_extract_path_text(Properties, 'DeferMaintenanceDuration') as defer_maintenance_duration, + json_extract_path_text(Properties, 'RevisionTarget') as revision_target, + json_extract_path_text(Properties, 'ResourceAction') as resource_action, + json_extract_path_text(Properties, 'RotateEncryptionKey') as rotate_encryption_key, + json_extract_path_text(Properties, 'MultiAZ') as multi_az, + json_extract_path_text(Properties, 'NamespaceResourcePolicy') as namespace_resource_policy, + json_extract_path_text(Properties, 'ManageMasterPassword') as manage_master_password, + json_extract_path_text(Properties, 'MasterPasswordSecretKmsKeyId') as master_password_secret_kms_key_id, + json_extract_path_text(Properties, 'MasterPasswordSecretArn') as master_password_secret_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + cluster_parameter_groups: + name: cluster_parameter_groups + id: aws.redshift.cluster_parameter_groups + x-cfn-schema-name: ClusterParameterGroup + x-type: list + x-identifiers: + - ParameterGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ParameterGroupName') as parameter_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::ClusterParameterGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ParameterGroupName') as parameter_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::ClusterParameterGroup' + AND region = 'us-east-1' + cluster_parameter_group: + name: cluster_parameter_group + id: aws.redshift.cluster_parameter_group + x-cfn-schema-name: ClusterParameterGroup + x-type: get + x-identifiers: + - ParameterGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ParameterGroupName') as parameter_group_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ParameterGroupFamily') as parameter_group_family, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::ClusterParameterGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ParameterGroupName') as parameter_group_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ParameterGroupFamily') as parameter_group_family, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::ClusterParameterGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + cluster_subnet_groups: + name: cluster_subnet_groups + id: aws.redshift.cluster_subnet_groups + x-cfn-schema-name: ClusterSubnetGroup + x-type: list + x-identifiers: + - ClusterSubnetGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ClusterSubnetGroupName') as cluster_subnet_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::ClusterSubnetGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ClusterSubnetGroupName') as cluster_subnet_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::ClusterSubnetGroup' + AND region = 'us-east-1' + cluster_subnet_group: + name: cluster_subnet_group + id: aws.redshift.cluster_subnet_group + x-cfn-schema-name: ClusterSubnetGroup + x-type: get + x-identifiers: + - ClusterSubnetGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ClusterSubnetGroupName') as cluster_subnet_group_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::ClusterSubnetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ClusterSubnetGroupName') as cluster_subnet_group_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::ClusterSubnetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + endpoint_accesses: + name: endpoint_accesses + id: aws.redshift.endpoint_accesses + x-cfn-schema-name: EndpointAccess + x-type: list + x-identifiers: + - EndpointName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EndpointName') as endpoint_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::EndpointAccess' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EndpointName') as endpoint_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::EndpointAccess' + AND region = 'us-east-1' + endpoint_access: + name: endpoint_access + id: aws.redshift.endpoint_access + x-cfn-schema-name: EndpointAccess + x-type: get + x-identifiers: + - EndpointName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Address') as address, + JSON_EXTRACT(Properties, '$.ClusterIdentifier') as cluster_identifier, + JSON_EXTRACT(Properties, '$.VpcSecurityGroups') as vpc_security_groups, + JSON_EXTRACT(Properties, '$.ResourceOwner') as resource_owner, + JSON_EXTRACT(Properties, '$.EndpointStatus') as endpoint_status, + JSON_EXTRACT(Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(Properties, '$.EndpointCreateTime') as endpoint_create_time, + JSON_EXTRACT(Properties, '$.SubnetGroupName') as subnet_group_name, + JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.VpcSecurityGroupIds') as vpc_security_group_ids, + JSON_EXTRACT(Properties, '$.VpcEndpoint') as vpc_endpoint + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::EndpointAccess' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Address') as address, + json_extract_path_text(Properties, 'ClusterIdentifier') as cluster_identifier, + json_extract_path_text(Properties, 'VpcSecurityGroups') as vpc_security_groups, + json_extract_path_text(Properties, 'ResourceOwner') as resource_owner, + json_extract_path_text(Properties, 'EndpointStatus') as endpoint_status, + json_extract_path_text(Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(Properties, 'EndpointCreateTime') as endpoint_create_time, + json_extract_path_text(Properties, 'SubnetGroupName') as subnet_group_name, + json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'VpcSecurityGroupIds') as vpc_security_group_ids, + json_extract_path_text(Properties, 'VpcEndpoint') as vpc_endpoint + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::EndpointAccess' + AND data__Identifier = '' + AND region = 'us-east-1' + endpoint_authorizations: + name: endpoint_authorizations + id: aws.redshift.endpoint_authorizations + x-cfn-schema-name: EndpointAuthorization + x-type: list + x-identifiers: + - ClusterIdentifier + - Account + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ClusterIdentifier') as cluster_identifier, + JSON_EXTRACT(Properties, '$.Account') as account + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::EndpointAuthorization' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ClusterIdentifier') as cluster_identifier, + json_extract_path_text(Properties, 'Account') as account + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::EndpointAuthorization' + AND region = 'us-east-1' + endpoint_authorization: + name: endpoint_authorization + id: aws.redshift.endpoint_authorization + x-cfn-schema-name: EndpointAuthorization + x-type: get + x-identifiers: + - ClusterIdentifier + - Account + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Grantor') as grantor, + JSON_EXTRACT(Properties, '$.Grantee') as grantee, + JSON_EXTRACT(Properties, '$.ClusterIdentifier') as cluster_identifier, + JSON_EXTRACT(Properties, '$.AuthorizeTime') as authorize_time, + JSON_EXTRACT(Properties, '$.ClusterStatus') as cluster_status, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.AllowedAllVPCs') as allowed_all_vpcs, + JSON_EXTRACT(Properties, '$.AllowedVPCs') as allowed_vpcs, + JSON_EXTRACT(Properties, '$.EndpointCount') as endpoint_count, + JSON_EXTRACT(Properties, '$.Account') as account, + JSON_EXTRACT(Properties, '$.VpcIds') as vpc_ids, + JSON_EXTRACT(Properties, '$.Force') as _force + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::EndpointAuthorization' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Grantor') as grantor, + json_extract_path_text(Properties, 'Grantee') as grantee, + json_extract_path_text(Properties, 'ClusterIdentifier') as cluster_identifier, + json_extract_path_text(Properties, 'AuthorizeTime') as authorize_time, + json_extract_path_text(Properties, 'ClusterStatus') as cluster_status, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'AllowedAllVPCs') as allowed_all_vpcs, + json_extract_path_text(Properties, 'AllowedVPCs') as allowed_vpcs, + json_extract_path_text(Properties, 'EndpointCount') as endpoint_count, + json_extract_path_text(Properties, 'Account') as account, + json_extract_path_text(Properties, 'VpcIds') as vpc_ids, + json_extract_path_text(Properties, 'Force') as _force + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::EndpointAuthorization' + AND data__Identifier = '|' + AND region = 'us-east-1' + event_subscriptions: + name: event_subscriptions + id: aws.redshift.event_subscriptions + x-cfn-schema-name: EventSubscription + x-type: list + x-identifiers: + - SubscriptionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SubscriptionName') as subscription_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::EventSubscription' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SubscriptionName') as subscription_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::EventSubscription' + AND region = 'us-east-1' + event_subscription: + name: event_subscription + id: aws.redshift.event_subscription + x-cfn-schema-name: EventSubscription + x-type: get + x-identifiers: + - SubscriptionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SubscriptionName') as subscription_name, + JSON_EXTRACT(Properties, '$.SnsTopicArn') as sns_topic_arn, + JSON_EXTRACT(Properties, '$.SourceType') as source_type, + JSON_EXTRACT(Properties, '$.SourceIds') as source_ids, + JSON_EXTRACT(Properties, '$.EventCategories') as event_categories, + JSON_EXTRACT(Properties, '$.Severity') as severity, + JSON_EXTRACT(Properties, '$.Enabled') as enabled, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CustomerAwsId') as customer_aws_id, + JSON_EXTRACT(Properties, '$.CustSubscriptionId') as cust_subscription_id, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.SubscriptionCreationTime') as subscription_creation_time, + JSON_EXTRACT(Properties, '$.SourceIdsList') as source_ids_list, + JSON_EXTRACT(Properties, '$.EventCategoriesList') as event_categories_list + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::EventSubscription' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SubscriptionName') as subscription_name, + json_extract_path_text(Properties, 'SnsTopicArn') as sns_topic_arn, + json_extract_path_text(Properties, 'SourceType') as source_type, + json_extract_path_text(Properties, 'SourceIds') as source_ids, + json_extract_path_text(Properties, 'EventCategories') as event_categories, + json_extract_path_text(Properties, 'Severity') as severity, + json_extract_path_text(Properties, 'Enabled') as enabled, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CustomerAwsId') as customer_aws_id, + json_extract_path_text(Properties, 'CustSubscriptionId') as cust_subscription_id, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'SubscriptionCreationTime') as subscription_creation_time, + json_extract_path_text(Properties, 'SourceIdsList') as source_ids_list, + json_extract_path_text(Properties, 'EventCategoriesList') as event_categories_list + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::EventSubscription' + AND data__Identifier = '' + AND region = 'us-east-1' + scheduled_actions: + name: scheduled_actions + id: aws.redshift.scheduled_actions + x-cfn-schema-name: ScheduledAction + x-type: list + x-identifiers: + - ScheduledActionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ScheduledActionName') as scheduled_action_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::ScheduledAction' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ScheduledActionName') as scheduled_action_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::ScheduledAction' + AND region = 'us-east-1' + scheduled_action: + name: scheduled_action + id: aws.redshift.scheduled_action + x-cfn-schema-name: ScheduledAction + x-type: get + x-identifiers: + - ScheduledActionName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ScheduledActionName') as scheduled_action_name, + JSON_EXTRACT(Properties, '$.TargetAction') as target_action, + JSON_EXTRACT(Properties, '$.Schedule') as schedule, + JSON_EXTRACT(Properties, '$.IamRole') as iam_role, + JSON_EXTRACT(Properties, '$.ScheduledActionDescription') as scheduled_action_description, + JSON_EXTRACT(Properties, '$.StartTime') as start_time, + JSON_EXTRACT(Properties, '$.EndTime') as end_time, + JSON_EXTRACT(Properties, '$.Enable') as enable, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.NextInvocations') as next_invocations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::ScheduledAction' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ScheduledActionName') as scheduled_action_name, + json_extract_path_text(Properties, 'TargetAction') as target_action, + json_extract_path_text(Properties, 'Schedule') as schedule, + json_extract_path_text(Properties, 'IamRole') as iam_role, + json_extract_path_text(Properties, 'ScheduledActionDescription') as scheduled_action_description, + json_extract_path_text(Properties, 'StartTime') as start_time, + json_extract_path_text(Properties, 'EndTime') as end_time, + json_extract_path_text(Properties, 'Enable') as enable, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'NextInvocations') as next_invocations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::ScheduledAction' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/redshiftserverless.yaml b/providers/src/aws/v00.00.00000/services/redshiftserverless.yaml new file mode 100644 index 00000000..66518d2d --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/redshiftserverless.yaml @@ -0,0 +1,632 @@ +openapi: 3.0.0 +info: + title: RedshiftServerless + version: 1.0.0 +paths: {} +components: + schemas: + LogExport: + type: string + enum: + - useractivitylog + - userlog + - connectionlog + Namespace: + type: object + properties: + AdminPasswordSecretKmsKeyId: + description: The ID of the AWS Key Management Service (KMS) key used to encrypt and store the namespace's admin credentials secret. You can only use this parameter if manageAdminPassword is true. + type: string + AdminUserPassword: + description: The password associated with the admin user for the namespace that is being created. Password must be at least 8 characters in length, should be any printable ASCII character. Must contain at least one lowercase letter, one uppercase letter and one decimal digit. You can't use adminUserPassword if manageAdminPassword is true. + type: string + maxLength: 64 + minLength: 8 + pattern: ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[^\x00-\x20\x22\x27\x2f\x40\x5c\x7f-\uffff]+ + AdminUsername: + description: The user name associated with the admin user for the namespace that is being created. Only alphanumeric characters and underscores are allowed. It should start with an alphabet. + type: string + pattern: '[a-zA-Z][a-zA-Z_0-9+.@-]*' + DbName: + description: The database name associated for the namespace that is being created. Only alphanumeric characters and underscores are allowed. It should start with an alphabet. + type: string + pattern: '[a-zA-Z][a-zA-Z_0-9+.@-]*' + maxLength: 127 + DefaultIamRoleArn: + description: The default IAM role ARN for the namespace that is being created. + type: string + IamRoles: + description: A list of AWS Identity and Access Management (IAM) roles that can be used by the namespace to access other AWS services. You must supply the IAM roles in their Amazon Resource Name (ARN) format. The Default role limit for each request is 10. + type: array + x-insertionOrder: false + items: + type: string + maxLength: 512 + minLength: 0 + KmsKeyId: + description: The AWS Key Management Service (KMS) key ID of the encryption key that you want to use to encrypt data in the namespace. + type: string + LogExports: + description: 'The collection of log types to be exported provided by the customer. Should only be one of the three supported log types: userlog, useractivitylog and connectionlog' + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/LogExport' + maxItems: 16 + minItems: 0 + ManageAdminPassword: + description: If true, Amazon Redshift uses AWS Secrets Manager to manage the namespace's admin credentials. You can't use adminUserPassword if manageAdminPassword is true. If manageAdminPassword is false or not set, Amazon Redshift uses adminUserPassword for the admin user account's password. + type: boolean + Namespace: + $ref: '#/components/schemas/Namespace' + description: Definition of Namespace resource. + NamespaceName: + description: A unique identifier for the namespace. You use this identifier to refer to the namespace for any subsequent namespace operations such as deleting or modifying. All alphabetical characters must be lower case. Namespace name should be unique for all namespaces within an AWS account. + type: string + maxLength: 64 + minLength: 3 + pattern: ^[a-z0-9-]+$ + Tags: + description: The list of tags for the namespace. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + FinalSnapshotName: + description: The name of the namespace the source snapshot was created from. Please specify the name if needed before deleting namespace + type: string + pattern: '[a-z][a-z0-9]*(-[a-z0-9]+)*' + maxLength: 255 + FinalSnapshotRetentionPeriod: + description: The number of days to retain automated snapshot in the destination region after they are copied from the source region. If the value is -1, the manual snapshot is retained indefinitely. The value must be either -1 or an integer between 1 and 3,653. + type: integer + NamespaceResourcePolicy: + description: The resource policy document that will be attached to the namespace. + type: object + RedshiftIdcApplicationArn: + description: The ARN for the Redshift application that integrates with IAM Identity Center. + type: string + SnapshotCopyConfigurations: + description: The snapshot copy configurations for the namespace. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/SnapshotCopyConfiguration' + maxItems: 1 + minItems: 0 + required: + - NamespaceName + x-stackql-resource-name: namespace + description: Definition of AWS::RedshiftServerless::Namespace Resource Type + x-type-name: AWS::RedshiftServerless::Namespace + x-stackql-primary-identifier: + - NamespaceName + x-create-only-properties: + - NamespaceName + - Tags + x-write-only-properties: + - AdminUserPassword + - FinalSnapshotName + - FinalSnapshotRetentionPeriod + - Tags + - Tags/*/Key + - Tags/*/Value + - ManageAdminPassword + - RedshiftIdcApplicationArn + x-read-only-properties: + - Namespace + - Namespace/NamespaceArn + - Namespace/NamespaceId + - Namespace/NamespaceName + - Namespace/AdminUsername + - Namespace/DbName + - Namespace/KmsKeyId + - Namespace/DefaultIamRoleArn + - Namespace/IamRoles + - Namespace/LogExports + - Namespace/Status + - Namespace/CreationDate + x-required-properties: + - NamespaceName + x-tagging: + taggable: false + x-required-permissions: + create: + - iam:PassRole + - kms:TagResource + - kms:UntagResource + - kms:ScheduleKeyDeletion + - kms:CancelKeyDeletion + - kms:Encrypt + - kms:Decrypt + - kms:DescribeKey + - kms:GenerateDataKeyPair + - kms:GenerateDataKey + - kms:CreateGrant + - kms:ListGrants + - kms:RevokeGrant + - kms:RetireGrant + - redshift-serverless:CreateNamespace + - redshift-serverless:GetNamespace + - redshift-serverless:ListSnapshotCopyConfigurations + - redshift-serverless:CreateSnapshotCopyConfiguration + - redshift:GetResourcePolicy + - redshift:PutResourcePolicy + - secretsmanager:CreateSecret + - secretsmanager:TagResource + - secretsmanager:RotateSecret + - secretsmanager:DescribeSecret + read: + - iam:PassRole + - redshift-serverless:GetNamespace + - redshift:GetResourcePolicy + - redshift-serverless:ListSnapshotCopyConfigurations + update: + - iam:PassRole + - kms:TagResource + - kms:UntagResource + - kms:ScheduleKeyDeletion + - kms:CancelKeyDeletion + - kms:Encrypt + - kms:Decrypt + - kms:DescribeKey + - kms:CreateGrant + - kms:ListGrants + - kms:RevokeGrant + - kms:RetireGrant + - kms:GenerateDataKeyPair + - kms:GenerateDataKey + - redshift-serverless:UpdateNamespace + - redshift-serverless:GetNamespace + - redshift-serverless:ListSnapshotCopyConfigurations + - redshift-serverless:CreateSnapshotCopyConfiguration + - redshift-serverless:UpdateSnapshotCopyConfiguration + - redshift-serverless:DeleteSnapshotCopyConfiguration + - redshift:GetResourcePolicy + - redshift:PutResourcePolicy + - redshift:DeleteResourcePolicy + - secretsmanager:CreateSecret + - secretsmanager:TagResource + - secretsmanager:RotateSecret + - secretsmanager:DescribeSecret + - secretsmanager:UpdateSecret + - secretsmanager:DeleteSecret + delete: + - iam:PassRole + - redshift-serverless:DeleteNamespace + - redshift-serverless:GetNamespace + - kms:RetireGrant + - secretsmanager:DescribeSecret + - secretsmanager:DeleteSecret + - redshift:DeleteResourcePolicy + list: + - iam:PassRole + - redshift-serverless:ListNamespaces + NamespaceStatus: + type: string + enum: + - AVAILABLE + - MODIFYING + - DELETING + Tag: + type: object + properties: + Key: + type: string + maxLength: 128 + minLength: 1 + Value: + type: string + maxLength: 256 + minLength: 0 + required: + - Key + - Value + additionalProperties: false + SnapshotCopyConfiguration: + type: object + properties: + DestinationRegion: + type: string + DestinationKmsKeyId: + type: string + SnapshotRetentionPeriod: + type: integer + required: + - DestinationRegion + additionalProperties: false + ConfigParameter: + type: object + properties: + ParameterKey: + type: string + maxLength: 255 + minLength: 0 + ParameterValue: + type: string + maxLength: 15000 + minLength: 0 + additionalProperties: false + Endpoint: + type: object + properties: + Address: + type: string + Port: + type: integer + VpcEndpoints: + type: array + items: + $ref: '#/components/schemas/VpcEndpoint' + x-insertionOrder: false + additionalProperties: false + NetworkInterface: + type: object + properties: + NetworkInterfaceId: + type: string + SubnetId: + type: string + PrivateIpAddress: + type: string + AvailabilityZone: + type: string + additionalProperties: false + VpcEndpoint: + type: object + properties: + VpcEndpointId: + type: string + VpcId: + type: string + NetworkInterfaces: + type: array + items: + $ref: '#/components/schemas/NetworkInterface' + x-insertionOrder: false + additionalProperties: false + Workgroup: + type: object + properties: + WorkgroupName: + description: The name of the workgroup. + type: string + pattern: ^(?=^[a-z0-9-]+$).{3,64}$ + maxLength: 64 + minLength: 3 + NamespaceName: + description: The namespace the workgroup is associated with. + type: string + pattern: ^(?=^[a-z0-9-]+$).{3,64}$ + maxLength: 64 + minLength: 3 + BaseCapacity: + description: The base compute capacity of the workgroup in Redshift Processing Units (RPUs). + type: integer + MaxCapacity: + description: The max compute capacity of the workgroup in Redshift Processing Units (RPUs). + type: integer + EnhancedVpcRouting: + description: The value that specifies whether to enable enhanced virtual private cloud (VPC) routing, which forces Amazon Redshift Serverless to route traffic through your VPC. + type: boolean + default: false + ConfigParameters: + description: A list of parameters to set for finer control over a database. Available options are datestyle, enable_user_activity_logging, query_group, search_path, max_query_execution_time, and require_ssl. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/ConfigParameter' + minItems: 1 + SecurityGroupIds: + description: A list of security group IDs to associate with the workgroup. + type: array + x-insertionOrder: false + items: + type: string + pattern: ^sg-[0-9a-fA-F]{8,}$ + maxLength: 255 + minLength: 0 + maxItems: 32 + minItems: 1 + SubnetIds: + description: A list of subnet IDs the workgroup is associated with. + type: array + x-insertionOrder: false + items: + type: string + pattern: ^subnet-[0-9a-fA-F]{8,}$ + maxLength: 255 + minLength: 0 + maxItems: 32 + minItems: 1 + PubliclyAccessible: + description: A value that specifies whether the workgroup can be accessible from a public network. + type: boolean + default: false + Port: + description: The custom port to use when connecting to a workgroup. Valid port ranges are 5431-5455 and 8191-8215. The default is 5439. + type: integer + Tags: + description: The map of the key-value pairs used to tag the workgroup. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + Workgroup: + description: Definition for workgroup resource + $ref: '#/components/schemas/Workgroup' + required: + - WorkgroupName + x-stackql-resource-name: workgroup + description: Definition of AWS::RedshiftServerless::Workgroup Resource Type + x-type-name: AWS::RedshiftServerless::Workgroup + x-stackql-primary-identifier: + - WorkgroupName + x-create-only-properties: + - WorkgroupName + - NamespaceName + x-write-only-properties: + - BaseCapacity + - MaxCapacity + - ConfigParameters + - SecurityGroupIds + - SubnetIds + - Tags + - Tags/*/Key + - Tags/*/Value + x-read-only-properties: + - Workgroup + - Workgroup/WorkgroupId + - Workgroup/WorkgroupArn + - Workgroup/WorkgroupName + - Workgroup/NamespaceName + - Workgroup/BaseCapacity + - Workgroup/MaxCapacity + - Workgroup/EnhancedVpcRouting + - Workgroup/ConfigParameters/*/ParameterKey + - Workgroup/ConfigParameters/*/ParameterValue + - Workgroup/SecurityGroupIds + - Workgroup/SubnetIds + - Workgroup/Status + - Workgroup/Endpoint/Address + - Workgroup/Endpoint/Port + - Workgroup/Endpoint/VpcEndpoints/*/VpcEndpointId + - Workgroup/Endpoint/VpcEndpoints/*/VpcId + - Workgroup/Endpoint/VpcEndpoints/*/NetworkInterfaces/*/NetworkInterfaceId + - Workgroup/Endpoint/VpcEndpoints/*/NetworkInterfaces/*/SubnetId + - Workgroup/Endpoint/VpcEndpoints/*/NetworkInterfaces/*/PrivateIpAddress + - Workgroup/Endpoint/VpcEndpoints/*/NetworkInterfaces/*/AvailabilityZone + - Workgroup/PubliclyAccessible + - Workgroup/CreationDate + x-required-properties: + - WorkgroupName + x-tagging: + taggable: true + x-required-permissions: + create: + - ec2:DescribeVpcAttribute + - ec2:DescribeSecurityGroups + - ec2:DescribeAddresses + - ec2:DescribeInternetGateways + - ec2:DescribeSubnets + - ec2:DescribeAccountAttributes + - ec2:DescribeAvailabilityZones + - redshift-serverless:CreateNamespace + - redshift-serverless:CreateWorkgroup + - redshift-serverless:GetWorkgroup + read: + - ec2:DescribeVpcAttribute + - ec2:DescribeSecurityGroups + - ec2:DescribeAddresses + - ec2:DescribeInternetGateways + - ec2:DescribeSubnets + - ec2:DescribeAccountAttributes + - ec2:DescribeAvailabilityZones + - redshift-serverless:GetWorkgroup + update: + - ec2:DescribeVpcAttribute + - ec2:DescribeSecurityGroups + - ec2:DescribeAddresses + - ec2:DescribeInternetGateways + - ec2:DescribeSubnets + - ec2:DescribeAccountAttributes + - ec2:DescribeAvailabilityZones + - redshift-serverless:ListTagsForResource + - redshift-serverless:TagResource + - redshift-serverless:UntagResource + - redshift-serverless:GetWorkgroup + - redshift-serverless:UpdateWorkgroup + delete: + - ec2:DescribeVpcAttribute + - ec2:DescribeSecurityGroups + - ec2:DescribeAddresses + - ec2:DescribeInternetGateways + - ec2:DescribeSubnets + - ec2:DescribeAccountAttributes + - ec2:DescribeAvailabilityZones + - redshift-serverless:GetWorkgroup + - redshift-serverless:DeleteWorkgroup + list: + - ec2:DescribeVpcAttribute + - ec2:DescribeSecurityGroups + - ec2:DescribeAddresses + - ec2:DescribeInternetGateways + - ec2:DescribeSubnets + - ec2:DescribeAccountAttributes + - ec2:DescribeAvailabilityZones + - redshift-serverless:ListWorkgroups + WorkgroupStatus: + type: string + enum: + - CREATING + - AVAILABLE + - MODIFYING + - DELETING + x-stackQL-resources: + namespaces: + name: namespaces + id: aws.redshiftserverless.namespaces + x-cfn-schema-name: Namespace + x-type: list + x-identifiers: + - NamespaceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.NamespaceName') as namespace_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RedshiftServerless::Namespace' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'NamespaceName') as namespace_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RedshiftServerless::Namespace' + AND region = 'us-east-1' + namespace: + name: namespace + id: aws.redshiftserverless.namespace + x-cfn-schema-name: Namespace + x-type: get + x-identifiers: + - NamespaceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AdminPasswordSecretKmsKeyId') as admin_password_secret_kms_key_id, + JSON_EXTRACT(Properties, '$.AdminUserPassword') as admin_user_password, + JSON_EXTRACT(Properties, '$.AdminUsername') as admin_username, + JSON_EXTRACT(Properties, '$.DbName') as db_name, + JSON_EXTRACT(Properties, '$.DefaultIamRoleArn') as default_iam_role_arn, + JSON_EXTRACT(Properties, '$.IamRoles') as iam_roles, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.LogExports') as log_exports, + JSON_EXTRACT(Properties, '$.ManageAdminPassword') as manage_admin_password, + JSON_EXTRACT(Properties, '$.Namespace') as namespace, + JSON_EXTRACT(Properties, '$.NamespaceName') as namespace_name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.FinalSnapshotName') as final_snapshot_name, + JSON_EXTRACT(Properties, '$.FinalSnapshotRetentionPeriod') as final_snapshot_retention_period, + JSON_EXTRACT(Properties, '$.NamespaceResourcePolicy') as namespace_resource_policy, + JSON_EXTRACT(Properties, '$.RedshiftIdcApplicationArn') as redshift_idc_application_arn, + JSON_EXTRACT(Properties, '$.SnapshotCopyConfigurations') as snapshot_copy_configurations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RedshiftServerless::Namespace' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AdminPasswordSecretKmsKeyId') as admin_password_secret_kms_key_id, + json_extract_path_text(Properties, 'AdminUserPassword') as admin_user_password, + json_extract_path_text(Properties, 'AdminUsername') as admin_username, + json_extract_path_text(Properties, 'DbName') as db_name, + json_extract_path_text(Properties, 'DefaultIamRoleArn') as default_iam_role_arn, + json_extract_path_text(Properties, 'IamRoles') as iam_roles, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'LogExports') as log_exports, + json_extract_path_text(Properties, 'ManageAdminPassword') as manage_admin_password, + json_extract_path_text(Properties, 'Namespace') as namespace, + json_extract_path_text(Properties, 'NamespaceName') as namespace_name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'FinalSnapshotName') as final_snapshot_name, + json_extract_path_text(Properties, 'FinalSnapshotRetentionPeriod') as final_snapshot_retention_period, + json_extract_path_text(Properties, 'NamespaceResourcePolicy') as namespace_resource_policy, + json_extract_path_text(Properties, 'RedshiftIdcApplicationArn') as redshift_idc_application_arn, + json_extract_path_text(Properties, 'SnapshotCopyConfigurations') as snapshot_copy_configurations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RedshiftServerless::Namespace' + AND data__Identifier = '' + AND region = 'us-east-1' + workgroups: + name: workgroups + id: aws.redshiftserverless.workgroups + x-cfn-schema-name: Workgroup + x-type: list + x-identifiers: + - WorkgroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.WorkgroupName') as workgroup_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RedshiftServerless::Workgroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'WorkgroupName') as workgroup_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RedshiftServerless::Workgroup' + AND region = 'us-east-1' + workgroup: + name: workgroup + id: aws.redshiftserverless.workgroup + x-cfn-schema-name: Workgroup + x-type: get + x-identifiers: + - WorkgroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.WorkgroupName') as workgroup_name, + JSON_EXTRACT(Properties, '$.NamespaceName') as namespace_name, + JSON_EXTRACT(Properties, '$.BaseCapacity') as base_capacity, + JSON_EXTRACT(Properties, '$.MaxCapacity') as max_capacity, + JSON_EXTRACT(Properties, '$.EnhancedVpcRouting') as enhanced_vpc_routing, + JSON_EXTRACT(Properties, '$.ConfigParameters') as config_parameters, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Workgroup') as workgroup + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RedshiftServerless::Workgroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'WorkgroupName') as workgroup_name, + json_extract_path_text(Properties, 'NamespaceName') as namespace_name, + json_extract_path_text(Properties, 'BaseCapacity') as base_capacity, + json_extract_path_text(Properties, 'MaxCapacity') as max_capacity, + json_extract_path_text(Properties, 'EnhancedVpcRouting') as enhanced_vpc_routing, + json_extract_path_text(Properties, 'ConfigParameters') as config_parameters, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Workgroup') as workgroup + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RedshiftServerless::Workgroup' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/refactorspaces.yaml b/providers/src/aws/v00.00.00000/services/refactorspaces.yaml new file mode 100644 index 00000000..43d56a59 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/refactorspaces.yaml @@ -0,0 +1,985 @@ +openapi: 3.0.0 +info: + title: RefactorSpaces + version: 1.0.0 +paths: {} +components: + schemas: + ApiGatewayEndpointType: + type: string + enum: + - REGIONAL + - PRIVATE + ApiGatewayProxyInput: + type: object + properties: + StageName: + type: string + maxLength: 128 + minLength: 1 + pattern: ^[-a-zA-Z0-9_]*$ + EndpointType: + $ref: '#/components/schemas/ApiGatewayEndpointType' + additionalProperties: false + ProxyType: + type: string + enum: + - API_GATEWAY + Tag: + description: A label for tagging Environment resource + type: object + properties: + Key: + description: A string used to identify this tag + type: string + minLength: 1 + maxLength: 128 + pattern: ^(?!aws:).+ + Value: + description: A string containing the value for the tag + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Application: + type: object + properties: + ApiGatewayProxy: + $ref: '#/components/schemas/ApiGatewayProxyInput' + Arn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:(aws[a-zA-Z-]*)?:refactor-spaces:[a-zA-Z0-9\-]+:\w{12}:[a-zA-Z_0-9+=,.@\-_/]+$ + ApiGatewayId: + type: string + maxLength: 10 + minLength: 10 + pattern: ^[a-z0-9]{10}$ + VpcLinkId: + type: string + maxLength: 10 + minLength: 10 + pattern: ^[a-z0-9]{10}$ + NlbArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:(aws[a-zA-Z-]*)?:elasticloadbalancing:[a-zA-Z0-9\\-]+:\\w{12}:[a-zA-Z_0-9+=,.@\\-_\/]+$ + NlbName: + type: string + maxLength: 32 + minLength: 1 + pattern: ^(?!internal-)[a-zA-Z0-9]+[a-zA-Z0-9-_ ]+.*[^-]$ + ApplicationIdentifier: + type: string + maxLength: 14 + minLength: 14 + pattern: ^app-([0-9A-Za-z]{10}$) + EnvironmentIdentifier: + type: string + maxLength: 14 + minLength: 14 + pattern: ^env-([0-9A-Za-z]{10}$) + Name: + type: string + maxLength: 63 + minLength: 3 + pattern: ^(?!app-)[a-zA-Z0-9]+[a-zA-Z0-9-_ ]+$ + ProxyType: + $ref: '#/components/schemas/ProxyType' + VpcId: + type: string + maxLength: 21 + minLength: 12 + pattern: ^vpc-[-a-f0-9]{8}([-a-f0-9]{9})?$ + StageName: + type: string + maxLength: 128 + minLength: 1 + pattern: ^[-a-zA-Z0-9_]*$ + ProxyUrl: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^http://[-a-zA-Z0-9+\x38@#/%?=~_|!:,.;]*[-a-zA-Z0-9+\x38@#/%=~_|]$ + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + description: Metadata that you can assign to help organize the frameworks that you create. Each tag is a key-value pair. + required: + - EnvironmentIdentifier + - VpcId + - Name + - ProxyType + x-stackql-resource-name: application + description: Definition of AWS::RefactorSpaces::Application Resource Type + x-type-name: AWS::RefactorSpaces::Application + x-stackql-primary-identifier: + - EnvironmentIdentifier + - ApplicationIdentifier + x-create-only-properties: + - ApiGatewayProxy + - EnvironmentIdentifier + - Name + - ProxyType + - VpcId + x-write-only-properties: + - ApiGatewayProxy + x-read-only-properties: + - ApplicationIdentifier + - Arn + - ApiGatewayId + - VpcLinkId + - NlbArn + - NlbName + - ProxyUrl + - StageName + x-required-properties: + - EnvironmentIdentifier + - VpcId + - Name + - ProxyType + x-taggable: true + x-required-permissions: + create: + - refactor-spaces:GetApplication + - refactor-spaces:CreateApplication + - refactor-spaces:TagResource + - ec2:CreateTags + - ec2:CreateVpcEndpointServiceConfiguration + - ec2:DescribeVpcs + - ec2:DescribeSubnets + - ec2:DescribeVpcEndpointServiceConfigurations + - ec2:DescribeAccountAttributes + - ec2:DescribeInternetGateways + - ec2:ModifyVpcEndpointServicePermissions + - apigateway:DELETE + - apigateway:GET + - apigateway:PATCH + - apigateway:POST + - apigateway:PUT + - apigateway:UpdateRestApiPolicy + - apigateway:Update* + - apigateway:Delete* + - apigateway:Get* + - apigateway:Put* + - elasticloadbalancing:CreateLoadBalancer + - elasticloadbalancing:DescribeLoadBalancers + - elasticloadbalancing:DescribeTags + - elasticloadbalancing:AddTags + - iam:CreateServiceLinkedRole + read: + - refactor-spaces:GetApplication + - refactor-spaces:ListTagsForResource + delete: + - refactor-spaces:GetApplication + - refactor-spaces:DeleteApplication + - refactor-spaces:UntagResource + - ec2:DescribeVpcEndpointServiceConfigurations + - ec2:DeleteRoute + - ec2:DeleteSecurityGroup + - ec2:DeleteTransitGateway + - ec2:DeleteTransitGatewayVpcAttachment + - ec2:DeleteVpcEndpointServiceConfigurations + - ec2:DeleteTags + - ec2:RevokeSecurityGroupIngress + - elasticloadbalancing:DeleteLoadBalancer + - apigateway:Update* + - apigateway:Delete* + - apigateway:Get* + - apigateway:Put* + list: + - refactor-spaces:ListApplications + - refactor-spaces:ListTagsForResource + NetworkFabricType: + type: string + enum: + - TRANSIT_GATEWAY + - NONE + Environment: + type: object + properties: + Description: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9-_\s\.\!\*\#\@\']+$ + EnvironmentIdentifier: + type: string + maxLength: 14 + minLength: 14 + pattern: ^env-([0-9A-Za-z]{10}$) + Name: + type: string + maxLength: 63 + minLength: 3 + pattern: ^(?!env-)[a-zA-Z0-9]+[a-zA-Z0-9-_ ]+$ + NetworkFabricType: + $ref: '#/components/schemas/NetworkFabricType' + Arn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:(aws[a-zA-Z-]*)?:refactor-spaces:[a-zA-Z0-9\-]+:\w{12}:[a-zA-Z_0-9+=,.@\-_/]+$ + TransitGatewayId: + type: string + maxLength: 21 + minLength: 21 + pattern: ^tgw-[-a-f0-9]{17}$ + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + description: Metadata that you can assign to help organize the frameworks that you create. Each tag is a key-value pair. + required: + - Name + - NetworkFabricType + x-stackql-resource-name: environment + description: Definition of AWS::RefactorSpaces::Environment Resource Type + x-type-name: AWS::RefactorSpaces::Environment + x-stackql-primary-identifier: + - EnvironmentIdentifier + x-create-only-properties: + - Description + - Name + - NetworkFabricType + x-write-only-properties: + - Description + - Name + - NetworkFabricType + x-read-only-properties: + - EnvironmentIdentifier + - Arn + - TransitGatewayId + x-required-properties: + - Name + - NetworkFabricType + x-taggable: true + x-required-permissions: + create: + - refactor-spaces:CreateEnvironment + - refactor-spaces:GetEnvironment + - refactor-spaces:TagResource + - ec2:CreateTransitGateway + - ec2:AuthorizeSecurityGroupIngress + - ec2:CreateSecurityGroup + - ec2:CreateTags + - ec2:DescribeNetworkInterfaces + - ec2:DescribeRouteTables + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeTags + - ec2:DescribeTransitGateways + - ec2:DescribeTransitGatewayVpcAttachments + - ec2:DescribeVpcEndpointServiceConfigurations + - ec2:ModifyVpcEndpointServicePermissions + - ec2:RevokeSecurityGroupIngress + - ram:AssociateResourceShare + - ram:CreateResourceShare + - ram:GetResourceShareAssociations + - ram:GetResourceShares + - ram:TagResource + - ram:GetResourceShareInvitations + - ram:AcceptResourceShareInvitation + - ram:DisassociateResourceShare + - tag:GetResources + - iam:CreateServiceLinkedRole + read: + - refactor-spaces:GetEnvironment + - refactor-spaces:ListTagsForResource + delete: + - refactor-spaces:GetEnvironment + - refactor-spaces:DeleteEnvironment + - refactor-spaces:UntagResource + - ec2:DescribeTransitGateways + - ec2:DescribeTransitGatewayVpcAttachments + - ec2:DeleteTransitGateway + - ec2:DeleteTransitGatewayVpcAttachment + - ec2:DeleteTags + - ram:GetResourceShareAssociations + - ram:DeleteResourceShare + list: + - refactor-spaces:ListEnvironments + - refactor-spaces:ListTagsForResource + RouteActivationState: + type: string + enum: + - INACTIVE + - ACTIVE + Method: + type: string + enum: + - DELETE + - GET + - HEAD + - OPTIONS + - PATCH + - POST + - PUT + RouteType: + type: string + enum: + - DEFAULT + - URI_PATH + DefaultRouteInput: + type: object + properties: + ActivationState: + $ref: '#/components/schemas/RouteActivationState' + required: + - ActivationState + additionalProperties: false + UriPathRouteInput: + type: object + properties: + SourcePath: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^(/([a-zA-Z0-9._:-]+|\{[a-zA-Z0-9._:-]+\}))+$ + ActivationState: + $ref: '#/components/schemas/RouteActivationState' + Methods: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Method' + IncludeChildPaths: + type: boolean + AppendSourcePath: + type: boolean + required: + - ActivationState + additionalProperties: false + Route: + type: object + properties: + PathResourceToId: + type: string + Arn: + type: string + minLength: 20 + maxLength: 2048 + pattern: ^arn:(aws[a-zA-Z-]*)?:refactor-spaces:[a-zA-Z0-9\-]+:\w{12}:[a-zA-Z_0-9+=,.@\-_/]+$ + ApplicationIdentifier: + type: string + maxLength: 14 + minLength: 14 + pattern: ^app-([0-9A-Za-z]{10}$) + EnvironmentIdentifier: + type: string + maxLength: 14 + minLength: 14 + pattern: ^env-([0-9A-Za-z]{10}$) + RouteIdentifier: + type: string + maxLength: 14 + minLength: 14 + pattern: ^rte-([0-9A-Za-z]{10}$) + RouteType: + $ref: '#/components/schemas/RouteType' + ServiceIdentifier: + type: string + maxLength: 14 + minLength: 14 + pattern: ^svc-([0-9A-Za-z]{10}$) + DefaultRoute: + $ref: '#/components/schemas/DefaultRouteInput' + UriPathRoute: + $ref: '#/components/schemas/UriPathRouteInput' + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + description: Metadata that you can assign to help organize the frameworks that you create. Each tag is a key-value pair. + required: + - EnvironmentIdentifier + - ApplicationIdentifier + - ServiceIdentifier + - RouteType + x-stackql-resource-name: route + description: Definition of AWS::RefactorSpaces::Route Resource Type + x-type-name: AWS::RefactorSpaces::Route + x-stackql-primary-identifier: + - EnvironmentIdentifier + - ApplicationIdentifier + - RouteIdentifier + x-create-only-properties: + - ApplicationIdentifier + - EnvironmentIdentifier + - RouteType + - ServiceIdentifier + - UriPathRoute/SourcePath + - UriPathRoute/Methods + - UriPathRoute/IncludeChildPaths + - UriPathRoute/AppendSourcePath + x-write-only-properties: + - RouteType + - ServiceIdentifier + - DefaultRoute + - UriPathRoute + x-read-only-properties: + - RouteIdentifier + - PathResourceToId + - Arn + x-required-properties: + - EnvironmentIdentifier + - ApplicationIdentifier + - ServiceIdentifier + - RouteType + x-taggable: true + x-required-permissions: + create: + - refactor-spaces:CreateRoute + - refactor-spaces:GetRoute + - refactor-spaces:TagResource + - iam:CreateServiceLinkedRole + - apigateway:GET + - apigateway:PATCH + - apigateway:POST + - apigateway:PUT + - apigateway:DELETE + - apigateway:UpdateRestApiPolicy + - lambda:GetFunctionConfiguration + - lambda:AddPermission + - elasticloadbalancing:DescribeListeners + - elasticloadbalancing:DescribeTargetGroups + - elasticloadbalancing:CreateListener + - elasticloadbalancing:CreateTargetGroup + - elasticloadbalancing:DescribeTags + - elasticloadbalancing:AddTags + - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DescribeTargetHealth + - ec2:DescribeSubnets + - tag:GetResources + read: + - refactor-spaces:GetRoute + - refactor-spaces:ListTagsForResource + delete: + - refactor-spaces:DeleteRoute + - refactor-spaces:GetRoute + - refactor-spaces:UntagResource + - apigateway:GET + - apigateway:PATCH + - apigateway:POST + - apigateway:PUT + - apigateway:DELETE + - apigateway:UpdateRestApiPolicy + - lambda:GetFunctionConfiguration + - lambda:AddPermission + - elasticloadbalancing:DescribeListeners + - elasticloadbalancing:DescribeTargetGroups + - elasticloadbalancing:CreateListener + - elasticloadbalancing:CreateTargetGroup + - elasticloadbalancing:DeleteListener + - elasticloadbalancing:DeleteTargetGroup + - elasticloadbalancing:DescribeTags + - elasticloadbalancing:AddTags + - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DescribeTargetHealth + - ec2:DescribeSubnets + - tag:GetResources + list: + - refactor-spaces:ListRoutes + - refactor-spaces:ListTagsForResource + update: + - refactor-spaces:UpdateRoute + - refactor-spaces:GetRoute + - refactor-spaces:TagResource + - iam:CreateServiceLinkedRole + - apigateway:GET + - apigateway:PATCH + - apigateway:POST + - apigateway:PUT + - apigateway:DELETE + - apigateway:UpdateRestApiPolicy + - lambda:GetFunctionConfiguration + - lambda:AddPermission + - elasticloadbalancing:DescribeListeners + - elasticloadbalancing:DescribeTargetGroups + - elasticloadbalancing:CreateListener + - elasticloadbalancing:CreateTargetGroup + - elasticloadbalancing:DeleteListener + - elasticloadbalancing:DeleteTargetGroup + - elasticloadbalancing:DescribeTags + - elasticloadbalancing:AddTags + - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DescribeTargetHealth + - ec2:DescribeSubnets + - ec2:DescribeSubnets + - tag:GetResources + LambdaEndpointInput: + type: object + properties: + Arn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:\d{12}:function:[a-zA-Z0-9-_]+(:(\$LATEST|[a-zA-Z0-9-_]+))?$ + required: + - Arn + additionalProperties: false + ServiceEndpointType: + type: string + enum: + - LAMBDA + - URL + UrlEndpointInput: + type: object + properties: + HealthUrl: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^https?://[-a-zA-Z0-9+\x38@#/%?=~_|!:,.;]*[-a-zA-Z0-9+\x38@#/%=~_|]$ + Url: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^https?://[-a-zA-Z0-9+\x38@#/%?=~_|!:,.;]*[-a-zA-Z0-9+\x38@#/%=~_|]$ + required: + - Url + additionalProperties: false + Service: + type: object + properties: + Arn: + type: string + minLength: 20 + maxLength: 2048 + pattern: ^arn:(aws[a-zA-Z-]*)?:refactor-spaces:[a-zA-Z0-9\-]+:\w{12}:[a-zA-Z_0-9+=,.@\-_/]+$ + ApplicationIdentifier: + type: string + maxLength: 14 + minLength: 14 + pattern: ^app-([0-9A-Za-z]{10}$) + Description: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9-_\s\.\!\*\#\@\']+$ + EndpointType: + $ref: '#/components/schemas/ServiceEndpointType' + EnvironmentIdentifier: + type: string + maxLength: 14 + minLength: 14 + pattern: ^env-([0-9A-Za-z]{10}$) + LambdaEndpoint: + $ref: '#/components/schemas/LambdaEndpointInput' + Name: + type: string + maxLength: 63 + minLength: 3 + pattern: ^(?!svc-)[a-zA-Z0-9]+[a-zA-Z0-9-_ ]+$ + ServiceIdentifier: + type: string + maxLength: 14 + minLength: 14 + pattern: ^svc-([0-9A-Za-z]{10}$) + UrlEndpoint: + $ref: '#/components/schemas/UrlEndpointInput' + VpcId: + type: string + maxLength: 21 + minLength: 12 + pattern: ^vpc-[-a-f0-9]{8}([-a-f0-9]{9})?$ + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + description: Metadata that you can assign to help organize the frameworks that you create. Each tag is a key-value pair. + required: + - EnvironmentIdentifier + - ApplicationIdentifier + - EndpointType + - Name + x-stackql-resource-name: service + description: Definition of AWS::RefactorSpaces::Service Resource Type + x-type-name: AWS::RefactorSpaces::Service + x-stackql-primary-identifier: + - EnvironmentIdentifier + - ApplicationIdentifier + - ServiceIdentifier + x-create-only-properties: + - Description + - EndpointType + - EnvironmentIdentifier + - ApplicationIdentifier + - LambdaEndpoint + - Name + - UrlEndpoint + - VpcId + x-write-only-properties: + - Description + - EndpointType + - LambdaEndpoint + - Name + - UrlEndpoint + - VpcId + x-read-only-properties: + - ServiceIdentifier + - Arn + x-required-properties: + - EnvironmentIdentifier + - ApplicationIdentifier + - EndpointType + - Name + x-taggable: true + x-required-permissions: + create: + - refactor-spaces:CreateService + - refactor-spaces:GetService + - refactor-spaces:TagResource + - ec2:DescribeVpcs + - ec2:DescribeSubnets + - ec2:DescribeRouteTables + - ec2:CreateTags + - ec2:CreateTransitGatewayVpcAttachment + - ec2:DescribeTransitGatewayVpcAttachments + - ec2:CreateSecurityGroup + - ec2:AuthorizeSecurityGroupIngress + - ec2:CreateRoute + - lambda:GetFunctionConfiguration + read: + - refactor-spacess:GetService + - refactor-spaces:ListTagsForResource + delete: + - refactor-spaces:DeleteService + - refactor-spaces:GetService + - refactor-spaces:UntagResource + - ram:DisassociateResourceShare + - ec2:DescribeNetworkInterfaces + - ec2:DescribeRouteTables + - ec2:DescribeTransitGatewayVpcAttachments + - ec2:DescribeSecurityGroups + - ec2:DeleteSecurityGroup + - ec2:DeleteRoute + - ec2:RevokeSecurityGroupIngress + - ec2:DeleteTransitGatewayVpcAttachment + - ec2:DeleteTags + list: + - refactor-spaces:ListServices + - refactor-spaces:ListTagsForResource + x-stackQL-resources: + applications: + name: applications + id: aws.refactorspaces.applications + x-cfn-schema-name: Application + x-type: list + x-identifiers: + - EnvironmentIdentifier + - ApplicationIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EnvironmentIdentifier') as environment_identifier, + JSON_EXTRACT(Properties, '$.ApplicationIdentifier') as application_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RefactorSpaces::Application' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EnvironmentIdentifier') as environment_identifier, + json_extract_path_text(Properties, 'ApplicationIdentifier') as application_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RefactorSpaces::Application' + AND region = 'us-east-1' + application: + name: application + id: aws.refactorspaces.application + x-cfn-schema-name: Application + x-type: get + x-identifiers: + - EnvironmentIdentifier + - ApplicationIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApiGatewayProxy') as api_gateway_proxy, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ApiGatewayId') as api_gateway_id, + JSON_EXTRACT(Properties, '$.VpcLinkId') as vpc_link_id, + JSON_EXTRACT(Properties, '$.NlbArn') as nlb_arn, + JSON_EXTRACT(Properties, '$.NlbName') as nlb_name, + JSON_EXTRACT(Properties, '$.ApplicationIdentifier') as application_identifier, + JSON_EXTRACT(Properties, '$.EnvironmentIdentifier') as environment_identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ProxyType') as proxy_type, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.StageName') as stage_name, + JSON_EXTRACT(Properties, '$.ProxyUrl') as proxy_url, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RefactorSpaces::Application' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApiGatewayProxy') as api_gateway_proxy, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ApiGatewayId') as api_gateway_id, + json_extract_path_text(Properties, 'VpcLinkId') as vpc_link_id, + json_extract_path_text(Properties, 'NlbArn') as nlb_arn, + json_extract_path_text(Properties, 'NlbName') as nlb_name, + json_extract_path_text(Properties, 'ApplicationIdentifier') as application_identifier, + json_extract_path_text(Properties, 'EnvironmentIdentifier') as environment_identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ProxyType') as proxy_type, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'StageName') as stage_name, + json_extract_path_text(Properties, 'ProxyUrl') as proxy_url, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RefactorSpaces::Application' + AND data__Identifier = '|' + AND region = 'us-east-1' + environments: + name: environments + id: aws.refactorspaces.environments + x-cfn-schema-name: Environment + x-type: list + x-identifiers: + - EnvironmentIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EnvironmentIdentifier') as environment_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RefactorSpaces::Environment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EnvironmentIdentifier') as environment_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RefactorSpaces::Environment' + AND region = 'us-east-1' + environment: + name: environment + id: aws.refactorspaces.environment + x-cfn-schema-name: Environment + x-type: get + x-identifiers: + - EnvironmentIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EnvironmentIdentifier') as environment_identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.NetworkFabricType') as network_fabric_type, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.TransitGatewayId') as transit_gateway_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RefactorSpaces::Environment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EnvironmentIdentifier') as environment_identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'NetworkFabricType') as network_fabric_type, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'TransitGatewayId') as transit_gateway_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RefactorSpaces::Environment' + AND data__Identifier = '' + AND region = 'us-east-1' + routes: + name: routes + id: aws.refactorspaces.routes + x-cfn-schema-name: Route + x-type: list + x-identifiers: + - EnvironmentIdentifier + - ApplicationIdentifier + - RouteIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EnvironmentIdentifier') as environment_identifier, + JSON_EXTRACT(Properties, '$.ApplicationIdentifier') as application_identifier, + JSON_EXTRACT(Properties, '$.RouteIdentifier') as route_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RefactorSpaces::Route' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EnvironmentIdentifier') as environment_identifier, + json_extract_path_text(Properties, 'ApplicationIdentifier') as application_identifier, + json_extract_path_text(Properties, 'RouteIdentifier') as route_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RefactorSpaces::Route' + AND region = 'us-east-1' + route: + name: route + id: aws.refactorspaces.route + x-cfn-schema-name: Route + x-type: get + x-identifiers: + - EnvironmentIdentifier + - ApplicationIdentifier + - RouteIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PathResourceToId') as path_resource_to_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ApplicationIdentifier') as application_identifier, + JSON_EXTRACT(Properties, '$.EnvironmentIdentifier') as environment_identifier, + JSON_EXTRACT(Properties, '$.RouteIdentifier') as route_identifier, + JSON_EXTRACT(Properties, '$.RouteType') as route_type, + JSON_EXTRACT(Properties, '$.ServiceIdentifier') as service_identifier, + JSON_EXTRACT(Properties, '$.DefaultRoute') as default_route, + JSON_EXTRACT(Properties, '$.UriPathRoute') as uri_path_route, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RefactorSpaces::Route' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PathResourceToId') as path_resource_to_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ApplicationIdentifier') as application_identifier, + json_extract_path_text(Properties, 'EnvironmentIdentifier') as environment_identifier, + json_extract_path_text(Properties, 'RouteIdentifier') as route_identifier, + json_extract_path_text(Properties, 'RouteType') as route_type, + json_extract_path_text(Properties, 'ServiceIdentifier') as service_identifier, + json_extract_path_text(Properties, 'DefaultRoute') as default_route, + json_extract_path_text(Properties, 'UriPathRoute') as uri_path_route, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RefactorSpaces::Route' + AND data__Identifier = '||' + AND region = 'us-east-1' + services: + name: services + id: aws.refactorspaces.services + x-cfn-schema-name: Service + x-type: list + x-identifiers: + - EnvironmentIdentifier + - ApplicationIdentifier + - ServiceIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EnvironmentIdentifier') as environment_identifier, + JSON_EXTRACT(Properties, '$.ApplicationIdentifier') as application_identifier, + JSON_EXTRACT(Properties, '$.ServiceIdentifier') as service_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RefactorSpaces::Service' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EnvironmentIdentifier') as environment_identifier, + json_extract_path_text(Properties, 'ApplicationIdentifier') as application_identifier, + json_extract_path_text(Properties, 'ServiceIdentifier') as service_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RefactorSpaces::Service' + AND region = 'us-east-1' + service: + name: service + id: aws.refactorspaces.service + x-cfn-schema-name: Service + x-type: get + x-identifiers: + - EnvironmentIdentifier + - ApplicationIdentifier + - ServiceIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ApplicationIdentifier') as application_identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EndpointType') as endpoint_type, + JSON_EXTRACT(Properties, '$.EnvironmentIdentifier') as environment_identifier, + JSON_EXTRACT(Properties, '$.LambdaEndpoint') as lambda_endpoint, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ServiceIdentifier') as service_identifier, + JSON_EXTRACT(Properties, '$.UrlEndpoint') as url_endpoint, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RefactorSpaces::Service' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ApplicationIdentifier') as application_identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EndpointType') as endpoint_type, + json_extract_path_text(Properties, 'EnvironmentIdentifier') as environment_identifier, + json_extract_path_text(Properties, 'LambdaEndpoint') as lambda_endpoint, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ServiceIdentifier') as service_identifier, + json_extract_path_text(Properties, 'UrlEndpoint') as url_endpoint, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RefactorSpaces::Service' + AND data__Identifier = '||' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/rekognition.yaml b/providers/src/aws/v00.00.00000/services/rekognition.yaml new file mode 100644 index 00000000..fb57acd3 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/rekognition.yaml @@ -0,0 +1,584 @@ +openapi: 3.0.0 +info: + title: Rekognition + version: 1.0.0 +paths: {} +components: + schemas: + Arn: + description: The ARN of the stream processor + type: string + maxLength: 2048 + CollectionId: + description: The name of the collection + type: string + maxLength: 255 + pattern: \A[a-zA-Z0-9_\.\-]+$ + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + pattern: \A(?!aws:)[a-zA-Z0-9+\-=\._\:\/@]+$ + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + pattern: \A[a-zA-Z0-9+\-=\._\:\/@]+$ + required: + - Key + - Value + additionalProperties: false + Collection: + type: object + properties: + Arn: + $ref: '#/components/schemas/Arn' + CollectionId: + $ref: '#/components/schemas/CollectionId' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + required: + - CollectionId + x-stackql-resource-name: collection + description: The AWS::Rekognition::Collection type creates an Amazon Rekognition Collection. A collection is a logical grouping of information about detected faces which can later be referenced for searches on the group + x-type-name: AWS::Rekognition::Collection + x-stackql-primary-identifier: + - CollectionId + x-create-only-properties: + - CollectionId + x-read-only-properties: + - Arn + x-required-properties: + - CollectionId + x-taggable: true + x-required-permissions: + create: + - rekognition:CreateCollection + - rekognition:DescribeCollection + - rekognition:ListTagsForResource + - rekognition:TagResource + read: + - rekognition:DescribeCollection + - rekognition:ListTagsForResource + update: + - rekognition:TagResource + - rekognition:UntagResource + - rekognition:DescribeCollection + - rekognition:ListTagsForResource + delete: + - rekognition:DeleteCollection + list: + - rekognition:ListCollections + ProjectName: + description: The name of the project + type: string + minLength: 1 + maxLength: 255 + pattern: '[a-zA-Z0-9][a-zA-Z0-9_\-]*' + Project: + type: object + properties: + Arn: + $ref: '#/components/schemas/Arn' + ProjectName: + $ref: '#/components/schemas/ProjectName' + required: + - ProjectName + x-stackql-resource-name: project + description: The AWS::Rekognition::Project type creates an Amazon Rekognition CustomLabels Project. A project is a grouping of the resources needed to create and manage Dataset and ProjectVersions. + x-type-name: AWS::Rekognition::Project + x-stackql-primary-identifier: + - ProjectName + x-create-only-properties: + - ProjectName + x-read-only-properties: + - Arn + x-required-properties: + - ProjectName + x-required-permissions: + create: + - rekognition:CreateProject + read: + - rekognition:DescribeProjects + update: [] + delete: + - rekognition:DescribeProjects + - rekognition:DeleteProject + list: + - rekognition:DescribeProjects + KinesisVideoStream: + description: The Kinesis Video Stream that streams the source video. + type: object + properties: + Arn: + description: ARN of the Kinesis Video Stream that streams the source video. + type: string + maxLength: 2048 + pattern: (^arn:([a-z\d-]+):kinesisvideo:([a-z\d-]+):\d{12}:.+$) + required: + - Arn + additionalProperties: false + S3Destination: + description: The S3 location in customer's account where inference output & artifacts are stored, as part of connected home feature. + type: object + properties: + BucketName: + description: Name of the S3 bucket. + type: string + maxLength: 63 + ObjectKeyPrefix: + description: The object key prefix path where the results will be stored. Default is no prefix path + type: string + maxLength: 256 + required: + - BucketName + additionalProperties: false + KinesisDataStream: + description: The Amazon Kinesis Data Stream stream to which the Amazon Rekognition stream processor streams the analysis results, as part of face search feature. + type: object + properties: + Arn: + description: ARN of the Kinesis Data Stream stream. + type: string + maxLength: 2048 + pattern: (^arn:([a-z\d-]+):kinesis:([a-z\d-]+):\d{12}:.+$) + required: + - Arn + additionalProperties: false + Labels: + description: List of labels that need to be detected in the video stream. Current supported values are PERSON, PET, PACKAGE, ALL. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + items: + type: string + minLength: 1 + maxLength: 128 + ConnectedHomeSettings: + description: Connected home settings to use on a streaming video. Note that either ConnectedHomeSettings or FaceSearchSettings should be set. Not both + type: object + properties: + Labels: + $ref: '#/components/schemas/Labels' + MinConfidence: + description: Minimum object class match confidence score that must be met to return a result for a recognized object. + type: number + minimum: 0 + maximum: 100 + required: + - Labels + additionalProperties: false + FaceSearchSettings: + description: Face search settings to use on a streaming video. Note that either FaceSearchSettings or ConnectedHomeSettings should be set. Not both + type: object + properties: + CollectionId: + description: The ID of a collection that contains faces that you want to search for. + type: string + maxLength: 255 + pattern: \A[a-zA-Z0-9_\.\-]+$ + FaceMatchThreshold: + description: Minimum face match confidence score percentage that must be met to return a result for a recognized face. The default is 80. 0 is the lowest confidence. 100 is the highest confidence. Values between 0 and 100 are accepted. + type: number + minimum: 0 + maximum: 100 + required: + - CollectionId + additionalProperties: false + NotificationChannel: + description: The ARN of the SNS notification channel where events of interests are published, as part of connected home feature. + type: object + properties: + Arn: + description: ARN of the SNS topic. + type: string + maxLength: 2048 + required: + - Arn + additionalProperties: false + Point: + description: An (X, Y) cartesian coordinate denoting a point on the frame + type: object + properties: + X: + description: The X coordinate of the point. + type: number + 'Y': + description: The Y coordinate of the point. + type: number + required: + - X + - 'Y' + additionalProperties: false + Polygon: + description: A polygon showing a region of interest. Note that the ordering of the Point entries matter in defining the polygon + type: array + uniqueItems: true + x-insertionOrder: true + minItems: 3 + items: + $ref: '#/components/schemas/Point' + BoundingBox: + description: A bounding box denoting a region of interest in the frame to be analyzed. + type: object + properties: + Height: + type: number + minimum: 0 + maximum: 100 + Width: + type: number + minimum: 0 + maximum: 100 + Left: + type: number + minimum: 0 + maximum: 100 + Top: + type: number + minimum: 0 + maximum: 100 + required: + - Height + - Width + - Left + - Top + additionalProperties: false + DataSharingPreference: + description: Indicates whether Rekognition is allowed to store the video stream data for model-training. + properties: + OptIn: + description: Flag to enable data-sharing + type: boolean + required: + - OptIn + type: object + additionalProperties: false + StreamProcessor: + type: object + properties: + Arn: + $ref: '#/components/schemas/Arn' + Name: + description: Name of the stream processor. It's an identifier you assign to the stream processor. You can use it to manage the stream processor. + type: string + minLength: 1 + maxLength: 128 + pattern: '[a-zA-Z0-9_.\-]+' + KmsKeyId: + description: The KMS key that is used by Rekognition to encrypt any intermediate customer metadata and store in the customer's S3 bucket. + type: string + RoleArn: + description: ARN of the IAM role that allows access to the stream processor, and provides Rekognition read permissions for KVS stream and write permissions to S3 bucket and SNS topic. + type: string + maxLength: 2048 + pattern: arn:aws(-[\w]+)*:iam::[0-9]{12}:role/.* + KinesisVideoStream: + $ref: '#/components/schemas/KinesisVideoStream' + FaceSearchSettings: + $ref: '#/components/schemas/FaceSearchSettings' + ConnectedHomeSettings: + $ref: '#/components/schemas/ConnectedHomeSettings' + KinesisDataStream: + $ref: '#/components/schemas/KinesisDataStream' + S3Destination: + $ref: '#/components/schemas/S3Destination' + NotificationChannel: + $ref: '#/components/schemas/NotificationChannel' + DataSharingPreference: + $ref: '#/components/schemas/DataSharingPreference' + PolygonRegionsOfInterest: + description: The PolygonRegionsOfInterest specifies a set of polygon areas of interest in the video frames to analyze, as part of connected home feature. Each polygon is in turn, an ordered list of Point + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + items: + $ref: '#/components/schemas/Polygon' + BoundingBoxRegionsOfInterest: + description: The BoundingBoxRegionsOfInterest specifies an array of bounding boxes of interest in the video frames to analyze, as part of connected home feature. If an object is partially in a region of interest, Rekognition will tag it as detected if the overlap of the object with the region-of-interest is greater than 20%. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + items: + $ref: '#/components/schemas/BoundingBox' + Status: + description: Current status of the stream processor. + type: string + StatusMessage: + description: Detailed status message about the stream processor. + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + required: + - RoleArn + - KinesisVideoStream + x-stackql-resource-name: stream_processor + description: |+ + The AWS::Rekognition::StreamProcessor type is used to create an Amazon Rekognition StreamProcessor that you can use to analyze streaming videos. + + x-type-name: AWS::Rekognition::StreamProcessor + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - KmsKeyId + - RoleArn + - KinesisVideoStream + - ConnectedHomeSettings + - FaceSearchSettings + - KinesisDataStream + - S3Destination + - NotificationChannel + - BoundingBoxRegionsOfInterest + - PolygonRegionsOfInterest + - DataSharingPreference + x-read-only-properties: + - Arn + - Status + - StatusMessage + x-required-properties: + - RoleArn + - KinesisVideoStream + x-replacement-strategy: delete_then_create + x-taggable: true + x-required-permissions: + create: + - rekognition:CreateStreamProcessor + - iam:PassRole + - rekognition:DescribeStreamProcessor + - rekognition:ListTagsForResource + - rekognition:TagResource + read: + - rekognition:DescribeStreamProcessor + - rekognition:ListTagsForResource + update: + - rekognition:TagResource + - rekognition:UntagResource + - rekognition:ListTagsForResource + - rekognition:DescribeStreamProcessor + delete: + - rekognition:DeleteStreamProcessor + list: + - rekognition:ListStreamProcessors + x-stackQL-resources: + collections: + name: collections + id: aws.rekognition.collections + x-cfn-schema-name: Collection + x-type: list + x-identifiers: + - CollectionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CollectionId') as collection_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Rekognition::Collection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CollectionId') as collection_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Rekognition::Collection' + AND region = 'us-east-1' + collection: + name: collection + id: aws.rekognition.collection + x-cfn-schema-name: Collection + x-type: get + x-identifiers: + - CollectionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CollectionId') as collection_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Rekognition::Collection' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CollectionId') as collection_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Rekognition::Collection' + AND data__Identifier = '' + AND region = 'us-east-1' + projects: + name: projects + id: aws.rekognition.projects + x-cfn-schema-name: Project + x-type: list + x-identifiers: + - ProjectName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ProjectName') as project_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Rekognition::Project' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ProjectName') as project_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Rekognition::Project' + AND region = 'us-east-1' + project: + name: project + id: aws.rekognition.project + x-cfn-schema-name: Project + x-type: get + x-identifiers: + - ProjectName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ProjectName') as project_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Rekognition::Project' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ProjectName') as project_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Rekognition::Project' + AND data__Identifier = '' + AND region = 'us-east-1' + stream_processors: + name: stream_processors + id: aws.rekognition.stream_processors + x-cfn-schema-name: StreamProcessor + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Rekognition::StreamProcessor' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Rekognition::StreamProcessor' + AND region = 'us-east-1' + stream_processor: + name: stream_processor + id: aws.rekognition.stream_processor + x-cfn-schema-name: StreamProcessor + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.KinesisVideoStream') as kinesis_video_stream, + JSON_EXTRACT(Properties, '$.FaceSearchSettings') as face_search_settings, + JSON_EXTRACT(Properties, '$.ConnectedHomeSettings') as connected_home_settings, + JSON_EXTRACT(Properties, '$.KinesisDataStream') as kinesis_data_stream, + JSON_EXTRACT(Properties, '$.S3Destination') as s3_destination, + JSON_EXTRACT(Properties, '$.NotificationChannel') as notification_channel, + JSON_EXTRACT(Properties, '$.DataSharingPreference') as data_sharing_preference, + JSON_EXTRACT(Properties, '$.PolygonRegionsOfInterest') as polygon_regions_of_interest, + JSON_EXTRACT(Properties, '$.BoundingBoxRegionsOfInterest') as bounding_box_regions_of_interest, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusMessage') as status_message, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Rekognition::StreamProcessor' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'KinesisVideoStream') as kinesis_video_stream, + json_extract_path_text(Properties, 'FaceSearchSettings') as face_search_settings, + json_extract_path_text(Properties, 'ConnectedHomeSettings') as connected_home_settings, + json_extract_path_text(Properties, 'KinesisDataStream') as kinesis_data_stream, + json_extract_path_text(Properties, 'S3Destination') as s3_destination, + json_extract_path_text(Properties, 'NotificationChannel') as notification_channel, + json_extract_path_text(Properties, 'DataSharingPreference') as data_sharing_preference, + json_extract_path_text(Properties, 'PolygonRegionsOfInterest') as polygon_regions_of_interest, + json_extract_path_text(Properties, 'BoundingBoxRegionsOfInterest') as bounding_box_regions_of_interest, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusMessage') as status_message, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Rekognition::StreamProcessor' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/resiliencehub.yaml b/providers/src/aws/v00.00.00000/services/resiliencehub.yaml new file mode 100644 index 00000000..69adee42 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/resiliencehub.yaml @@ -0,0 +1,488 @@ +openapi: 3.0.0 +info: + title: ResilienceHub + version: 1.0.0 +paths: {} +components: + schemas: + TagValue: + type: string + maxLength: 256 + TagMap: + type: object + x-patternProperties: + .{1,128}: + $ref: '#/components/schemas/TagValue' + additionalProperties: false + PhysicalResourceId: + type: object + additionalProperties: false + properties: + AwsAccountId: + type: string + pattern: ^[0-9]{12}$ + AwsRegion: + type: string + pattern: ^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]$ + Identifier: + type: string + minLength: 1 + maxLength: 255 + Type: + type: string + pattern: Arn|Native + required: + - Identifier + - Type + ResourceMapping: + description: Resource mapping is used to map logical resources from template to physical resource + type: object + additionalProperties: false + properties: + LogicalStackName: + type: string + MappingType: + type: string + pattern: CfnStack|Resource|Terraform|EKS + ResourceName: + type: string + pattern: ^[A-Za-z0-9][A-Za-z0-9_\-]{1,59}$ + TerraformSourceName: + type: string + EksSourceName: + type: string + PhysicalResourceId: + $ref: '#/components/schemas/PhysicalResourceId' + required: + - MappingType + - PhysicalResourceId + IamRoleArn: + type: string + pattern: arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):iam::[0-9]{12}:role\/(([\u0021-\u007E]+\u002F){1,511})?[A-Za-z0-9+=,.@_/-]{1,64}$ + PermissionModel: + description: Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment. + type: object + additionalProperties: false + properties: + Type: + description: Defines how AWS Resilience Hub scans your resources. It can scan for the resources by using a pre-existing role in your AWS account, or by using the credentials of the current IAM user. + type: string + enum: + - LegacyIAMUser + - RoleBased + InvokerRoleName: + description: Existing AWS IAM role name in the primary AWS account that will be assumed by AWS Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment. + type: string + pattern: ((\u002F[\u0021-\u007E]+\u002F){1,511})?[A-Za-z0-9+=,.@_/-]{1,64} + CrossAccountRoleArns: + description: Defines a list of role Amazon Resource Names (ARNs) to be used in other accounts. These ARNs are used for querying purposes while importing resources and assessing your application. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/IamRoleArn' + required: + - Type + EventSubscription: + description: Indicates an event you would like to subscribe and get notification for. + type: object + additionalProperties: false + properties: + Name: + description: Unique name to identify an event subscription. + type: string + maxLength: 256 + EventType: + description: The type of event you would like to subscribe and get notification for. + type: string + enum: + - ScheduledAssessmentFailure + - DriftDetected + SnsTopicArn: + description: Amazon Resource Name (ARN) of the Amazon Simple Notification Service topic. + type: string + pattern: ^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+.-]{0,1023}$ + required: + - Name + - EventType + App: + type: object + properties: + Name: + description: Name of the app. + type: string + pattern: ^[A-Za-z0-9][A-Za-z0-9_\-]{1,59}$ + Description: + description: App description. + type: string + minLength: 0 + maxLength: 500 + AppArn: + type: string + description: Amazon Resource Name (ARN) of the App. + pattern: ^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ + ResiliencyPolicyArn: + type: string + description: Amazon Resource Name (ARN) of the Resiliency Policy. + pattern: ^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ + Tags: + $ref: '#/components/schemas/TagMap' + AppTemplateBody: + description: A string containing full ResilienceHub app template body. + type: string + minLength: 0 + maxLength: 409600 + pattern: ^[\w\s:,-\.'\/{}\[\]:"]+$ + ResourceMappings: + description: An array of ResourceMapping objects. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/ResourceMapping' + AppAssessmentSchedule: + description: Assessment execution schedule. + type: string + enum: + - Disabled + - Daily + PermissionModel: + $ref: '#/components/schemas/PermissionModel' + EventSubscriptions: + description: The list of events you would like to subscribe and get notification for. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/EventSubscription' + DriftStatus: + description: Indicates if compliance drifts (deviations) were detected while running an assessment for your application. + type: string + enum: + - NotChecked + - NotDetected + - Detected + required: + - Name + - AppTemplateBody + - ResourceMappings + x-stackql-resource-name: app + description: Resource Type Definition for AWS::ResilienceHub::App. + x-type-name: AWS::ResilienceHub::App + x-stackql-primary-identifier: + - AppArn + x-create-only-properties: + - Name + x-read-only-properties: + - AppArn + - DriftStatus + x-required-properties: + - Name + - AppTemplateBody + - ResourceMappings + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - cloudformation:DescribeStacks + - cloudformation:ListStackResources + - s3:GetBucketLocation + - s3:GetObject + - s3:ListAllMyBuckets + - autoscaling:DescribeAutoScalingGroups + - apigateway:GET + - ec2:Describe* + - ecs:DescribeServices + - eks:DescribeCluster + - elasticfilesystem:DescribeFileSystems + - elasticloadbalancing:DescribeLoadBalancers + - lambda:GetFunction* + - rds:Describe* + - dynamodb:Describe* + - sqs:GetQueueAttributes + - sns:GetTopicAttributes + - route53:List* + - iam:PassRole + - resiliencehub:* + read: + - resiliencehub:DescribeApp + - resiliencehub:DescribeAppVersionTemplate + - resiliencehub:ListAppVersionResourceMappings + - resiliencehub:ListTagsForResource + update: + - cloudformation:DescribeStacks + - cloudformation:ListStackResources + - s3:GetBucketLocation + - s3:GetObject + - s3:ListAllMyBuckets + - autoscaling:DescribeAutoScalingGroups + - apigateway:GET + - ec2:Describe* + - ecs:DescribeServices + - eks:DescribeCluster + - elasticfilesystem:DescribeFileSystems + - elasticloadbalancing:DescribeLoadBalancers + - lambda:GetFunction* + - rds:Describe* + - dynamodb:Describe* + - sqs:GetQueueAttributes + - sns:GetTopicAttributes + - route53:List* + - iam:PassRole + - resiliencehub:* + delete: + - resiliencehub:DeleteApp + - resiliencehub:UntagResource + - resiliencehub:ListApps + list: + - resiliencehub:ListApps + FailurePolicy: + description: Failure Policy. + type: object + properties: + RtoInSecs: + description: RTO in seconds. + type: integer + RpoInSecs: + description: RPO in seconds. + type: integer + required: + - RtoInSecs + - RpoInSecs + additionalProperties: false + PolicyMap: + type: object + properties: + AZ: + $ref: '#/components/schemas/FailurePolicy' + Hardware: + $ref: '#/components/schemas/FailurePolicy' + Software: + $ref: '#/components/schemas/FailurePolicy' + Region: + $ref: '#/components/schemas/FailurePolicy' + required: + - AZ + - Hardware + - Software + additionalProperties: false + ResiliencyPolicy: + type: object + properties: + PolicyName: + description: Name of Resiliency Policy. + type: string + pattern: ^[A-Za-z0-9][A-Za-z0-9_\-]{1,59}$ + PolicyDescription: + description: Description of Resiliency Policy. + type: string + maxLength: 500 + DataLocationConstraint: + type: string + description: Data Location Constraint of the Policy. + enum: + - AnyLocation + - SameContinent + - SameCountry + Tier: + type: string + description: Resiliency Policy Tier. + enum: + - MissionCritical + - Critical + - Important + - CoreServices + - NonCritical + Policy: + $ref: '#/components/schemas/PolicyMap' + PolicyArn: + type: string + description: Amazon Resource Name (ARN) of the Resiliency Policy. + pattern: ^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ + Tags: + $ref: '#/components/schemas/TagMap' + required: + - PolicyName + - Tier + - Policy + x-stackql-resource-name: resiliency_policy + description: Resource Type Definition for Resiliency Policy. + x-type-name: AWS::ResilienceHub::ResiliencyPolicy + x-stackql-primary-identifier: + - PolicyArn + x-read-only-properties: + - PolicyArn + x-required-properties: + - PolicyName + - Tier + - Policy + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - resiliencehub:CreateResiliencyPolicy + - resiliencehub:DescribeResiliencyPolicy + - resiliencehub:TagResource + update: + - resiliencehub:DescribeResiliencyPolicy + - resiliencehub:UpdateResiliencyPolicy + - resiliencehub:TagResource + - resiliencehub:UntagResource + - resiliencehub:ListTagsForResource + read: + - resiliencehub:DescribeResiliencyPolicy + - resiliencehub:ListTagsForResource + delete: + - resiliencehub:DeleteResiliencyPolicy + - resiliencehub:UntagResource + list: + - resiliencehub:ListResiliencyPolicies + x-stackQL-resources: + apps: + name: apps + id: aws.resiliencehub.apps + x-cfn-schema-name: App + x-type: list + x-identifiers: + - AppArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AppArn') as app_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ResilienceHub::App' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AppArn') as app_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ResilienceHub::App' + AND region = 'us-east-1' + app: + name: app + id: aws.resiliencehub.app + x-cfn-schema-name: App + x-type: get + x-identifiers: + - AppArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.AppArn') as app_arn, + JSON_EXTRACT(Properties, '$.ResiliencyPolicyArn') as resiliency_policy_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AppTemplateBody') as app_template_body, + JSON_EXTRACT(Properties, '$.ResourceMappings') as resource_mappings, + JSON_EXTRACT(Properties, '$.AppAssessmentSchedule') as app_assessment_schedule, + JSON_EXTRACT(Properties, '$.PermissionModel') as permission_model, + JSON_EXTRACT(Properties, '$.EventSubscriptions') as event_subscriptions, + JSON_EXTRACT(Properties, '$.DriftStatus') as drift_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ResilienceHub::App' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'AppArn') as app_arn, + json_extract_path_text(Properties, 'ResiliencyPolicyArn') as resiliency_policy_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AppTemplateBody') as app_template_body, + json_extract_path_text(Properties, 'ResourceMappings') as resource_mappings, + json_extract_path_text(Properties, 'AppAssessmentSchedule') as app_assessment_schedule, + json_extract_path_text(Properties, 'PermissionModel') as permission_model, + json_extract_path_text(Properties, 'EventSubscriptions') as event_subscriptions, + json_extract_path_text(Properties, 'DriftStatus') as drift_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ResilienceHub::App' + AND data__Identifier = '' + AND region = 'us-east-1' + resiliency_policies: + name: resiliency_policies + id: aws.resiliencehub.resiliency_policies + x-cfn-schema-name: ResiliencyPolicy + x-type: list + x-identifiers: + - PolicyArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PolicyArn') as policy_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ResilienceHub::ResiliencyPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PolicyArn') as policy_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ResilienceHub::ResiliencyPolicy' + AND region = 'us-east-1' + resiliency_policy: + name: resiliency_policy + id: aws.resiliencehub.resiliency_policy + x-cfn-schema-name: ResiliencyPolicy + x-type: get + x-identifiers: + - PolicyArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, + JSON_EXTRACT(Properties, '$.PolicyDescription') as policy_description, + JSON_EXTRACT(Properties, '$.DataLocationConstraint') as data_location_constraint, + JSON_EXTRACT(Properties, '$.Tier') as tier, + JSON_EXTRACT(Properties, '$.Policy') as policy, + JSON_EXTRACT(Properties, '$.PolicyArn') as policy_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ResilienceHub::ResiliencyPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PolicyName') as policy_name, + json_extract_path_text(Properties, 'PolicyDescription') as policy_description, + json_extract_path_text(Properties, 'DataLocationConstraint') as data_location_constraint, + json_extract_path_text(Properties, 'Tier') as tier, + json_extract_path_text(Properties, 'Policy') as policy, + json_extract_path_text(Properties, 'PolicyArn') as policy_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ResilienceHub::ResiliencyPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/resourceexplorer2.yaml b/providers/src/aws/v00.00.00000/services/resourceexplorer2.yaml new file mode 100644 index 00000000..47cec11f --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/resourceexplorer2.yaml @@ -0,0 +1,342 @@ +openapi: 3.0.0 +info: + title: ResourceExplorer2 + version: 1.0.0 +paths: {} +components: + schemas: + DefaultViewAssociation: + type: object + properties: + ViewArn: + type: string + AssociatedAwsPrincipal: + description: The AWS principal that the default view is associated with, used as the unique identifier for this resource. + type: string + pattern: ^[0-9]{12}$ + required: + - ViewArn + x-stackql-resource-name: default_view_association + description: Definition of AWS::ResourceExplorer2::DefaultViewAssociation Resource Type + x-type-name: AWS::ResourceExplorer2::DefaultViewAssociation + x-stackql-primary-identifier: + - AssociatedAwsPrincipal + x-read-only-properties: + - AssociatedAwsPrincipal + x-required-properties: + - ViewArn + x-tagging: + taggable: false + x-required-permissions: + create: + - resource-explorer-2:GetDefaultView + - resource-explorer-2:AssociateDefaultView + update: + - resource-explorer-2:GetDefaultView + - resource-explorer-2:AssociateDefaultView + read: + - resource-explorer-2:GetDefaultView + delete: + - resource-explorer-2:GetDefaultView + - resource-explorer-2:DisassociateDefaultView + IndexType: + type: string + enum: + - LOCAL + - AGGREGATOR + TagMap: + type: object + x-patternProperties: + .+: + type: string + additionalProperties: false + IndexState: + type: string + enum: + - ACTIVE + - CREATING + - DELETING + - DELETED + - UPDATING + Index: + type: object + properties: + Arn: + type: string + Tags: + $ref: '#/components/schemas/TagMap' + Type: + $ref: '#/components/schemas/IndexType' + IndexState: + $ref: '#/components/schemas/IndexState' + required: + - Type + x-stackql-resource-name: index + description: Definition of AWS::ResourceExplorer2::Index Resource Type + x-type-name: AWS::ResourceExplorer2::Index + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + - IndexState + x-required-properties: + - Type + x-tagging: + taggable: true + tagOnCreate: true + cloudFormationSystemTags: false + tagUpdatable: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - resource-explorer-2:CreateIndex + - resource-explorer-2:GetIndex + - resource-explorer-2:TagResource + - resource-explorer-2:UpdateIndexType + - resource-explorer-2:DeleteIndex + - iam:CreateServiceLinkedRole + update: + - resource-explorer-2:GetIndex + - resource-explorer-2:UpdateIndexType + - resource-explorer-2:TagResource + - resource-explorer-2:UntagResource + - resource-explorer-2:ListTagsForResource + delete: + - resource-explorer-2:DeleteIndex + - resource-explorer-2:GetIndex + - resource-explorer-2:UntagResource + list: + - resource-explorer-2:ListIndexes + read: + - resource-explorer-2:GetIndex + IncludedProperty: + type: object + properties: + Name: + type: string + maxLength: 1011 + minLength: 1 + required: + - Name + additionalProperties: false + SearchFilter: + type: object + properties: + FilterString: + type: string + maxLength: 2048 + minLength: 0 + required: + - FilterString + additionalProperties: false + View: + type: object + properties: + Filters: + $ref: '#/components/schemas/SearchFilter' + IncludedProperties: + type: array + items: + $ref: '#/components/schemas/IncludedProperty' + Scope: + type: string + Tags: + $ref: '#/components/schemas/TagMap' + ViewArn: + type: string + ViewName: + type: string + pattern: ^[a-zA-Z0-9\-]{1,64}$ + required: + - ViewName + x-stackql-resource-name: view + description: Definition of AWS::ResourceExplorer2::View Resource Type + x-type-name: AWS::ResourceExplorer2::View + x-stackql-primary-identifier: + - ViewArn + x-create-only-properties: + - Scope + - ViewName + x-read-only-properties: + - ViewArn + x-required-properties: + - ViewName + x-tagging: + taggable: true + tagOnCreate: true + cloudFormationSystemTags: false + tagUpdatable: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - resource-explorer-2:CreateView + - resource-explorer-2:TagResource + read: + - resource-explorer-2:GetView + update: + - resource-explorer-2:UpdateView + - resource-explorer-2:TagResource + - resource-explorer-2:UntagResource + - resource-explorer-2:ListTagsForResource + delete: + - resource-explorer-2:DeleteView + - resource-explorer-2:GetView + - resource-explorer-2:UntagResource + list: + - resource-explorer-2:ListViews + x-stackQL-resources: + default_view_association: + name: default_view_association + id: aws.resourceexplorer2.default_view_association + x-cfn-schema-name: DefaultViewAssociation + x-type: get + x-identifiers: + - AssociatedAwsPrincipal + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ViewArn') as view_arn, + JSON_EXTRACT(Properties, '$.AssociatedAwsPrincipal') as associated_aws_principal + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ResourceExplorer2::DefaultViewAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ViewArn') as view_arn, + json_extract_path_text(Properties, 'AssociatedAwsPrincipal') as associated_aws_principal + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ResourceExplorer2::DefaultViewAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + indices: + name: indices + id: aws.resourceexplorer2.indices + x-cfn-schema-name: Index + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ResourceExplorer2::Index' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ResourceExplorer2::Index' + AND region = 'us-east-1' + index: + name: index + id: aws.resourceexplorer2.index + x-cfn-schema-name: Index + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.IndexState') as index_state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ResourceExplorer2::Index' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'IndexState') as index_state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ResourceExplorer2::Index' + AND data__Identifier = '' + AND region = 'us-east-1' + views: + name: views + id: aws.resourceexplorer2.views + x-cfn-schema-name: View + x-type: list + x-identifiers: + - ViewArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ViewArn') as view_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ResourceExplorer2::View' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ViewArn') as view_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ResourceExplorer2::View' + AND region = 'us-east-1' + view: + name: view + id: aws.resourceexplorer2.view + x-cfn-schema-name: View + x-type: get + x-identifiers: + - ViewArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Filters') as filters, + JSON_EXTRACT(Properties, '$.IncludedProperties') as included_properties, + JSON_EXTRACT(Properties, '$.Scope') as scope, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ViewArn') as view_arn, + JSON_EXTRACT(Properties, '$.ViewName') as view_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ResourceExplorer2::View' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Filters') as filters, + json_extract_path_text(Properties, 'IncludedProperties') as included_properties, + json_extract_path_text(Properties, 'Scope') as scope, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ViewArn') as view_arn, + json_extract_path_text(Properties, 'ViewName') as view_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ResourceExplorer2::View' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/resourcegroups.yaml b/providers/src/aws/v00.00.00000/services/resourcegroups.yaml new file mode 100644 index 00000000..c4fbf8e8 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/resourcegroups.yaml @@ -0,0 +1,218 @@ +openapi: 3.0.0 +info: + title: ResourceGroups + version: 1.0.0 +paths: {} +components: + schemas: + ResourceQuery: + type: object + properties: + Type: + type: string + enum: + - TAG_FILTERS_1_0 + - CLOUDFORMATION_STACK_1_0 + Query: + $ref: '#/components/schemas/Query' + additionalProperties: false + Query: + type: object + properties: + ResourceTypeFilters: + type: array + items: + type: string + StackIdentifier: + type: string + TagFilters: + type: array + items: + $ref: '#/components/schemas/TagFilter' + additionalProperties: false + TagFilter: + type: object + properties: + Key: + type: string + Values: + type: array + items: + type: string + additionalProperties: false + Tag: + type: object + properties: + Key: + type: string + pattern: ^(?!aws:).+ + Value: + type: string + additionalProperties: false + Configuration: + type: array + items: + $ref: '#/components/schemas/ConfigurationItem' + ConfigurationItem: + type: object + properties: + Type: + type: string + Parameters: + type: array + items: + $ref: '#/components/schemas/ConfigurationParameter' + additionalProperties: false + ConfigurationParameter: + type: object + properties: + Name: + type: string + Values: + type: array + items: + type: string + additionalProperties: false + Group: + type: object + properties: + Name: + description: The name of the resource group + type: string + maxLength: 128 + Description: + description: The description of the resource group + type: string + maxLength: 512 + ResourceQuery: + $ref: '#/components/schemas/ResourceQuery' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + Arn: + description: The Resource Group ARN. + type: string + Configuration: + $ref: '#/components/schemas/Configuration' + Resources: + type: array + items: + type: string + required: + - Name + x-stackql-resource-name: group + description: Schema for ResourceGroups::Group + x-type-name: AWS::ResourceGroups::Group + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - resource-groups:CreateGroup + - resource-groups:Tag + - cloudformation:DescribeStacks + - cloudformation:ListStackResources + - resource-groups:ListGroupResources + - resource-groups:GroupResources + read: + - resource-groups:GetGroup + - resource-groups:GetGroupQuery + - resource-groups:GetTags + - resource-groups:GetGroupConfiguration + - resource-groups:ListGroupResources + update: + - resource-groups:UpdateGroup + - resource-groups:GetTags + - resource-groups:GetGroupQuery + - resource-groups:UpdateGroupQuery + - resource-groups:Tag + - resource-groups:Untag + - resource-groups:PutGroupConfiguration + - resource-groups:GetGroupConfiguration + - resource-groups:ListGroupResources + - resource-groups:GroupResources + - resource-groups:UnGroupResources + delete: + - resource-groups:DeleteGroup + - resource-groups:UnGroupResources + list: + - resource-groups:ListGroups + x-stackQL-resources: + groups: + name: groups + id: aws.resourcegroups.groups + x-cfn-schema-name: Group + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ResourceGroups::Group' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ResourceGroups::Group' + AND region = 'us-east-1' + group: + name: group + id: aws.resourcegroups.group + x-cfn-schema-name: Group + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ResourceQuery') as resource_query, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Configuration') as configuration, + JSON_EXTRACT(Properties, '$.Resources') as resources + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ResourceGroups::Group' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ResourceQuery') as resource_query, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Configuration') as configuration, + json_extract_path_text(Properties, 'Resources') as resources + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ResourceGroups::Group' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/robomaker.yaml b/providers/src/aws/v00.00.00000/services/robomaker.yaml new file mode 100644 index 00000000..a127b592 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/robomaker.yaml @@ -0,0 +1,772 @@ +openapi: 3.0.0 +info: + title: RoboMaker + version: 1.0.0 +paths: {} +components: + schemas: + Arn: + type: string + pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:[\w+=/,.@-]*:[0-9]*:[\w+=,.@-]+(/[\w+=,.@-]+)* + Tags: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + x-patternProperties: + ^[a-zA-Z0-9-]{1,128}$: + type: string + description: 'The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 256 + Fleet: + type: object + properties: + Arn: + $ref: '#/components/schemas/Arn' + Tags: + $ref: '#/components/schemas/Tags' + Name: + description: The name of the fleet. + type: string + minLength: 1 + maxLength: 255 + pattern: '[a-zA-Z0-9_\-]{1,255}$' + required: [] + x-stackql-resource-name: fleet + description: AWS::RoboMaker::Fleet resource creates an AWS RoboMaker fleet. Fleets contain robots and can receive deployments. + x-type-name: AWS::RoboMaker::Fleet + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: [] + x-required-permissions: + create: + - robomaker:CreateFleet + read: + - robomaker:DescribeFleet + delete: + - robomaker:DeleteFleet + update: + - robomaker:TagResource + - robomaker:UntagResource + list: + - robomaker:ListFleets + Robot: + type: object + properties: + Arn: + $ref: '#/components/schemas/Arn' + Fleet: + description: The Amazon Resource Name (ARN) of the fleet. + type: string + minLength: 1 + maxLength: 1224 + Architecture: + description: The target architecture of the robot. + type: string + enum: + - X86_64 + - ARM64 + - ARMHF + GreengrassGroupId: + description: The Greengrass group id. + type: string + minLength: 1 + maxLength: 1224 + Tags: + $ref: '#/components/schemas/Tags' + Name: + description: The name for the robot. + type: string + minLength: 1 + maxLength: 255 + required: + - GreengrassGroupId + - Architecture + x-stackql-resource-name: robot + description: AWS::RoboMaker::Robot resource creates an AWS RoboMaker Robot. + x-type-name: AWS::RoboMaker::Robot + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - GreengrassGroupId + - Name + - Architecture + - Fleet + x-read-only-properties: + - Arn + x-required-properties: + - GreengrassGroupId + - Architecture + x-required-permissions: + create: + - robomaker:CreateRobot + - robomaker:RegisterRobot + read: + - robomaker:DescribeRobot + delete: + - robomaker:DescribeRobot + - robomaker:DeleteRobot + - robomaker:DeregisterRobot + list: + - robomaker:ListRobots + update: + - robomaker:TagResource + - robomaker:UntagResource + SourceConfig: + type: object + description: Information about a source configuration. + properties: + S3Bucket: + type: string + description: The Amazon S3 bucket name. + pattern: '[a-z0-9][a-z0-9.\-]*[a-z0-9]' + S3Key: + type: string + description: The s3 object key. + minLength: 1 + maxLength: 1024 + Architecture: + type: string + description: The target processor architecture for the application. + enum: + - X86_64 + - ARM64 + - ARMHF + required: + - S3Bucket + - S3Key + - Architecture + additionalProperties: false + RobotSoftwareSuite: + description: Information about a robot software suite. + type: object + properties: + Name: + type: string + description: The name of the robot software suite. + enum: + - ROS + - ROS2 + - General + Version: + type: string + description: The version of the robot software suite. + enum: + - Kinetic + - Melodic + - Dashing + - Foxy + required: + - Name + additionalProperties: false + RobotApplication: + type: object + properties: + Name: + description: The name of the robot application. + type: string + minLength: 1 + maxLength: 255 + Sources: + description: The sources of the robot application. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/SourceConfig' + Environment: + description: The URI of the Docker image for the robot application. + type: string + RobotSoftwareSuite: + $ref: '#/components/schemas/RobotSoftwareSuite' + CurrentRevisionId: + description: The revision ID of robot application. + type: string + minLength: 1 + maxLength: 40 + Arn: + $ref: '#/components/schemas/Arn' + Tags: + $ref: '#/components/schemas/Tags' + required: + - RobotSoftwareSuite + x-stackql-resource-name: robot_application + description: This schema is for testing purpose only. + x-type-name: AWS::RoboMaker::RobotApplication + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-write-only-properties: + - RobotSoftwareSuite/Version + - Sources + x-read-only-properties: + - Arn + x-required-properties: + - RobotSoftwareSuite + x-required-permissions: + create: + - robomaker:CreateRobotApplication + - robomaker:TagResource + - robomaker:UntagResource + - ecr:BatchGetImage + - ecr:GetAuthorizationToken + - ecr:BatchCheckLayerAvailability + - ecr-public:GetAuthorizationToken + - sts:GetServiceBearerToken + read: + - robomaker:DescribeRobotApplication + update: + - robomaker:TagResource + - robomaker:UntagResource + - robomaker:UpdateRobotApplication + - ecr:BatchGetImage + - ecr:GetAuthorizationToken + - ecr:BatchCheckLayerAvailability + - ecr-public:GetAuthorizationToken + delete: + - robomaker:DescribeRobotApplication + - robomaker:DeleteRobotApplication + list: + - robomaker:ListRobotApplications + RobotApplicationVersion: + type: object + properties: + Application: + $ref: '#/components/schemas/Arn' + CurrentRevisionId: + description: The revision ID of robot application. + type: string + minLength: 1 + maxLength: 40 + pattern: '[a-zA-Z0-9_.\-]*' + ApplicationVersion: + type: string + Arn: + $ref: '#/components/schemas/Arn' + required: + - Application + x-stackql-resource-name: robot_application_version + description: AWS::RoboMaker::RobotApplicationVersion resource creates an AWS RoboMaker RobotApplicationVersion. This helps you control which code your robot uses. + x-type-name: AWS::RoboMaker::RobotApplicationVersion + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Application + - CurrentRevisionId + x-read-only-properties: + - ApplicationVersion + - Arn + x-required-properties: + - Application + x-required-permissions: + create: + - robomaker:CreateRobotApplicationVersion + - s3:GetObject + - ecr:BatchGetImage + - ecr:GetAuthorizationToken + - ecr:BatchCheckLayerAvailability + - ecr-public:GetAuthorizationToken + - sts:GetServiceBearerToken + delete: + - robomaker:DeleteRobotApplication + - robomaker:DescribeRobotApplication + read: + - robomaker:DescribeRobotApplication + RenderingEngine: + description: Information about a rendering engine. + type: object + properties: + Name: + type: string + description: The name of the rendering engine. + enum: + - OGRE + Version: + type: string + description: The version of the rendering engine. + pattern: 1.x + required: + - Name + - Version + additionalProperties: false + SimulationSoftwareSuite: + description: Information about a simulation software suite. + type: object + properties: + Name: + type: string + description: The name of the simulation software suite. + enum: + - Gazebo + - RosbagPlay + - SimulationRuntime + Version: + type: string + description: The version of the simulation software suite. + enum: + - '7' + - '9' + - '11' + - Kinetic + - Melodic + - Dashing + - Foxy + required: + - Name + additionalProperties: false + SimulationApplication: + type: object + properties: + Arn: + $ref: '#/components/schemas/Arn' + Name: + description: The name of the simulation application. + type: string + minLength: 1 + maxLength: 255 + pattern: '[a-zA-Z0-9_\-]*' + CurrentRevisionId: + description: The current revision id. + type: string + RenderingEngine: + description: The rendering engine for the simulation application. + $ref: '#/components/schemas/RenderingEngine' + RobotSoftwareSuite: + description: The robot software suite used by the simulation application. + $ref: '#/components/schemas/RobotSoftwareSuite' + SimulationSoftwareSuite: + description: The simulation software suite used by the simulation application. + $ref: '#/components/schemas/SimulationSoftwareSuite' + Sources: + description: The sources of the simulation application. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/SourceConfig' + Environment: + description: The URI of the Docker image for the robot application. + type: string + Tags: + $ref: '#/components/schemas/Tags' + required: + - RobotSoftwareSuite + - SimulationSoftwareSuite + x-stackql-resource-name: simulation_application + description: This schema is for testing purpose only. + x-type-name: AWS::RoboMaker::SimulationApplication + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-write-only-properties: + - RenderingEngine + - RobotSoftwareSuite/Version + - Sources + - SimulationSoftwareSuite/Version + x-read-only-properties: + - Arn + x-required-properties: + - RobotSoftwareSuite + - SimulationSoftwareSuite + x-required-permissions: + create: + - robomaker:CreateSimulationApplication + - robomaker:TagResource + - robomaker:UntagResource + - ecr:BatchGetImage + - ecr:GetAuthorizationToken + - ecr:BatchCheckLayerAvailability + - ecr-public:GetAuthorizationToken + - sts:GetServiceBearerToken + read: + - robomaker:DescribeSimulationApplication + update: + - robomaker:TagResource + - robomaker:UntagResource + - robomaker:UpdateSimulationApplication + - ecr:BatchGetImage + - ecr:GetAuthorizationToken + - ecr:BatchCheckLayerAvailability + - ecr-public:GetAuthorizationToken + delete: + - robomaker:DescribeSimulationApplication + - robomaker:DeleteSimulationApplication + list: + - robomaker:ListSimulationApplications + SimulationApplicationVersion: + type: object + properties: + Application: + $ref: '#/components/schemas/Arn' + CurrentRevisionId: + description: The revision ID of robot application. + type: string + minLength: 1 + maxLength: 40 + pattern: '[a-zA-Z0-9_.\-]*' + ApplicationVersion: + type: string + Arn: + $ref: '#/components/schemas/Arn' + required: + - Application + x-stackql-resource-name: simulation_application_version + description: AWS::RoboMaker::SimulationApplicationVersion resource creates an AWS RoboMaker SimulationApplicationVersion. This helps you control which code your simulation uses. + x-type-name: AWS::RoboMaker::SimulationApplicationVersion + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Application + - CurrentRevisionId + x-read-only-properties: + - ApplicationVersion + - Arn + x-required-properties: + - Application + x-required-permissions: + create: + - robomaker:CreateSimulationApplicationVersion + - s3:GetObject + - ecr:BatchGetImage + - ecr:GetAuthorizationToken + - ecr:BatchCheckLayerAvailability + - ecr-public:GetAuthorizationToken + - sts:GetServiceBearerToken + delete: + - robomaker:DeleteSimulationApplication + - robomaker:DescribeSimulationApplication + read: + - robomaker:DescribeSimulationApplication + x-stackQL-resources: + fleets: + name: fleets + id: aws.robomaker.fleets + x-cfn-schema-name: Fleet + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RoboMaker::Fleet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RoboMaker::Fleet' + AND region = 'us-east-1' + fleet: + name: fleet + id: aws.robomaker.fleet + x-cfn-schema-name: Fleet + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RoboMaker::Fleet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RoboMaker::Fleet' + AND data__Identifier = '' + AND region = 'us-east-1' + robots: + name: robots + id: aws.robomaker.robots + x-cfn-schema-name: Robot + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RoboMaker::Robot' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RoboMaker::Robot' + AND region = 'us-east-1' + robot: + name: robot + id: aws.robomaker.robot + x-cfn-schema-name: Robot + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Fleet') as fleet, + JSON_EXTRACT(Properties, '$.Architecture') as architecture, + JSON_EXTRACT(Properties, '$.GreengrassGroupId') as greengrass_group_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RoboMaker::Robot' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Fleet') as fleet, + json_extract_path_text(Properties, 'Architecture') as architecture, + json_extract_path_text(Properties, 'GreengrassGroupId') as greengrass_group_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RoboMaker::Robot' + AND data__Identifier = '' + AND region = 'us-east-1' + robot_applications: + name: robot_applications + id: aws.robomaker.robot_applications + x-cfn-schema-name: RobotApplication + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RoboMaker::RobotApplication' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RoboMaker::RobotApplication' + AND region = 'us-east-1' + robot_application: + name: robot_application + id: aws.robomaker.robot_application + x-cfn-schema-name: RobotApplication + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Sources') as sources, + JSON_EXTRACT(Properties, '$.Environment') as environment, + JSON_EXTRACT(Properties, '$.RobotSoftwareSuite') as robot_software_suite, + JSON_EXTRACT(Properties, '$.CurrentRevisionId') as current_revision_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RoboMaker::RobotApplication' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Sources') as sources, + json_extract_path_text(Properties, 'Environment') as environment, + json_extract_path_text(Properties, 'RobotSoftwareSuite') as robot_software_suite, + json_extract_path_text(Properties, 'CurrentRevisionId') as current_revision_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RoboMaker::RobotApplication' + AND data__Identifier = '' + AND region = 'us-east-1' + robot_application_version: + name: robot_application_version + id: aws.robomaker.robot_application_version + x-cfn-schema-name: RobotApplicationVersion + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Application') as application, + JSON_EXTRACT(Properties, '$.CurrentRevisionId') as current_revision_id, + JSON_EXTRACT(Properties, '$.ApplicationVersion') as application_version, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RoboMaker::RobotApplicationVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Application') as application, + json_extract_path_text(Properties, 'CurrentRevisionId') as current_revision_id, + json_extract_path_text(Properties, 'ApplicationVersion') as application_version, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RoboMaker::RobotApplicationVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + simulation_applications: + name: simulation_applications + id: aws.robomaker.simulation_applications + x-cfn-schema-name: SimulationApplication + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RoboMaker::SimulationApplication' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RoboMaker::SimulationApplication' + AND region = 'us-east-1' + simulation_application: + name: simulation_application + id: aws.robomaker.simulation_application + x-cfn-schema-name: SimulationApplication + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.CurrentRevisionId') as current_revision_id, + JSON_EXTRACT(Properties, '$.RenderingEngine') as rendering_engine, + JSON_EXTRACT(Properties, '$.RobotSoftwareSuite') as robot_software_suite, + JSON_EXTRACT(Properties, '$.SimulationSoftwareSuite') as simulation_software_suite, + JSON_EXTRACT(Properties, '$.Sources') as sources, + JSON_EXTRACT(Properties, '$.Environment') as environment, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RoboMaker::SimulationApplication' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'CurrentRevisionId') as current_revision_id, + json_extract_path_text(Properties, 'RenderingEngine') as rendering_engine, + json_extract_path_text(Properties, 'RobotSoftwareSuite') as robot_software_suite, + json_extract_path_text(Properties, 'SimulationSoftwareSuite') as simulation_software_suite, + json_extract_path_text(Properties, 'Sources') as sources, + json_extract_path_text(Properties, 'Environment') as environment, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RoboMaker::SimulationApplication' + AND data__Identifier = '' + AND region = 'us-east-1' + simulation_application_version: + name: simulation_application_version + id: aws.robomaker.simulation_application_version + x-cfn-schema-name: SimulationApplicationVersion + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Application') as application, + JSON_EXTRACT(Properties, '$.CurrentRevisionId') as current_revision_id, + JSON_EXTRACT(Properties, '$.ApplicationVersion') as application_version, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RoboMaker::SimulationApplicationVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Application') as application, + json_extract_path_text(Properties, 'CurrentRevisionId') as current_revision_id, + json_extract_path_text(Properties, 'ApplicationVersion') as application_version, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RoboMaker::SimulationApplicationVersion' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/rolesanywhere.yaml b/providers/src/aws/v00.00.00000/services/rolesanywhere.yaml new file mode 100644 index 00000000..88748002 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/rolesanywhere.yaml @@ -0,0 +1,491 @@ +openapi: 3.0.0 +info: + title: RolesAnywhere + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + properties: + Key: + type: string + maxLength: 128 + minLength: 1 + Value: + type: string + maxLength: 256 + minLength: 0 + required: + - Key + - Value + additionalProperties: false + CRL: + type: object + properties: + CrlData: + type: string + CrlId: + type: string + pattern: '[a-f0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}' + Enabled: + type: boolean + Name: + type: string + TrustAnchorArn: + type: string + pattern: ^arn:aws(-[^:]+)?:rolesanywhere(:.*){2}(:trust-anchor.*)$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + required: + - Name + - CrlData + x-stackql-resource-name: crl + description: Definition of AWS::RolesAnywhere::CRL Resource Type + x-type-name: AWS::RolesAnywhere::CRL + x-stackql-primary-identifier: + - CrlId + x-read-only-properties: + - CrlId + x-required-properties: + - Name + - CrlData + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - rolesanywhere:ImportCrl + - rolesanywhere:TagResource + - rolesanywhere:ListTagsForResource + read: + - rolesanywhere:GetCrl + - rolesanywhere:ListTagsForResource + update: + - rolesanywhere:EnableCrl + - rolesanywhere:DisableCrl + - rolesanywhere:UpdateCrl + - rolesanywhere:TagResource + - rolesanywhere:UntagResource + - rolesanywhere:ListTagsForResource + delete: + - rolesanywhere:DeleteCrl + list: + - rolesanywhere:ListCrls + - rolesanywhere:ListTagsForResource + Profile: + type: object + properties: + DurationSeconds: + type: number + maximum: 43200 + minimum: 900 + Enabled: + type: boolean + ManagedPolicyArns: + type: array + items: + type: string + Name: + type: string + ProfileArn: + type: string + ProfileId: + type: string + pattern: '[a-f0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}' + RequireInstanceProperties: + type: boolean + RoleArns: + type: array + items: + type: string + maxLength: 1011 + minLength: 1 + SessionPolicy: + type: string + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + required: + - Name + - RoleArns + x-stackql-resource-name: profile + description: Definition of AWS::RolesAnywhere::Profile Resource Type + x-type-name: AWS::RolesAnywhere::Profile + x-stackql-primary-identifier: + - ProfileId + x-read-only-properties: + - ProfileId + - ProfileArn + x-required-properties: + - Name + - RoleArns + x-required-permissions: + create: + - iam:GetRole + - iam:GetPolicy + - iam:PassRole + - rolesanywhere:CreateProfile + - rolesanywhere:TagResource + - rolesanywhere:ListTagsForResource + read: + - rolesanywhere:GetProfile + - rolesanywhere:ListTagsForResource + update: + - iam:GetRole + - iam:GetPolicy + - iam:PassRole + - rolesanywhere:UpdateProfile + - rolesanywhere:EnableProfile + - rolesanywhere:DisableProfile + - rolesanywhere:TagResource + - rolesanywhere:UntagResource + - rolesanywhere:ListTagsForResource + delete: + - rolesanywhere:DeleteProfile + list: + - rolesanywhere:ListProfiles + - rolesanywhere:ListTagsForResource + NotificationChannel: + type: string + enum: + - ALL + NotificationEvent: + type: string + enum: + - CA_CERTIFICATE_EXPIRY + - END_ENTITY_CERTIFICATE_EXPIRY + NotificationSetting: + type: object + properties: + Enabled: + type: boolean + Event: + $ref: '#/components/schemas/NotificationEvent' + Threshold: + type: number + maximum: 360 + minimum: 1 + Channel: + $ref: '#/components/schemas/NotificationChannel' + required: + - Enabled + - Event + additionalProperties: false + Source: + type: object + properties: + SourceType: + $ref: '#/components/schemas/TrustAnchorType' + SourceData: + $ref: '#/components/schemas/SourceData' + additionalProperties: false + SourceData: + oneOf: + - type: object + title: X509CertificateData + properties: + X509CertificateData: + type: string + required: + - X509CertificateData + additionalProperties: false + - type: object + title: AcmPcaArn + properties: + AcmPcaArn: + type: string + required: + - AcmPcaArn + additionalProperties: false + TrustAnchorType: + type: string + enum: + - AWS_ACM_PCA + - CERTIFICATE_BUNDLE + - SELF_SIGNED_REPOSITORY + TrustAnchor: + type: object + properties: + Enabled: + type: boolean + Name: + type: string + NotificationSettings: + type: array + items: + $ref: '#/components/schemas/NotificationSetting' + maxItems: 50 + minItems: 0 + Source: + $ref: '#/components/schemas/Source' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + TrustAnchorId: + type: string + pattern: '[a-f0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}' + TrustAnchorArn: + type: string + pattern: '[a-f0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}' + required: + - Name + - Source + x-stackql-resource-name: trust_anchor + description: Definition of AWS::RolesAnywhere::TrustAnchor Resource Type. + x-type-name: AWS::RolesAnywhere::TrustAnchor + x-stackql-primary-identifier: + - TrustAnchorId + x-read-only-properties: + - TrustAnchorId + - TrustAnchorArn + x-required-properties: + - Name + - Source + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:CreateServiceLinkedRole + - rolesanywhere:CreateTrustAnchor + - rolesanywhere:TagResource + - rolesanywhere:ListTagsForResource + read: + - rolesanywhere:GetTrustAnchor + - rolesanywhere:ListTagsForResource + update: + - acm-pca:GetCertificateAuthorityCertificate + - rolesanywhere:ListTagsForResource + - rolesanywhere:TagResource + - rolesanywhere:UntagResource + - rolesanywhere:EnableTrustAnchor + - rolesanywhere:DisableTrustAnchor + - rolesanywhere:UpdateTrustAnchor + - rolesanywhere:GetTrustAnchor + - rolesanywhere:PutNotificationSettings + - rolesanywhere:ResetNotificationSettings + delete: + - rolesanywhere:DeleteTrustAnchor + list: + - rolesanywhere:ListTrustAnchors + - rolesanywhere:ListTagsForResource + x-stackQL-resources: + crls: + name: crls + id: aws.rolesanywhere.crls + x-cfn-schema-name: CRL + x-type: list + x-identifiers: + - CrlId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CrlId') as crl_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RolesAnywhere::CRL' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CrlId') as crl_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RolesAnywhere::CRL' + AND region = 'us-east-1' + crl: + name: crl + id: aws.rolesanywhere.crl + x-cfn-schema-name: CRL + x-type: get + x-identifiers: + - CrlId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CrlData') as crl_data, + JSON_EXTRACT(Properties, '$.CrlId') as crl_id, + JSON_EXTRACT(Properties, '$.Enabled') as enabled, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.TrustAnchorArn') as trust_anchor_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RolesAnywhere::CRL' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CrlData') as crl_data, + json_extract_path_text(Properties, 'CrlId') as crl_id, + json_extract_path_text(Properties, 'Enabled') as enabled, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'TrustAnchorArn') as trust_anchor_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RolesAnywhere::CRL' + AND data__Identifier = '' + AND region = 'us-east-1' + profiles: + name: profiles + id: aws.rolesanywhere.profiles + x-cfn-schema-name: Profile + x-type: list + x-identifiers: + - ProfileId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ProfileId') as profile_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RolesAnywhere::Profile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ProfileId') as profile_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RolesAnywhere::Profile' + AND region = 'us-east-1' + profile: + name: profile + id: aws.rolesanywhere.profile + x-cfn-schema-name: Profile + x-type: get + x-identifiers: + - ProfileId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DurationSeconds') as duration_seconds, + JSON_EXTRACT(Properties, '$.Enabled') as enabled, + JSON_EXTRACT(Properties, '$.ManagedPolicyArns') as managed_policy_arns, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ProfileArn') as profile_arn, + JSON_EXTRACT(Properties, '$.ProfileId') as profile_id, + JSON_EXTRACT(Properties, '$.RequireInstanceProperties') as require_instance_properties, + JSON_EXTRACT(Properties, '$.RoleArns') as role_arns, + JSON_EXTRACT(Properties, '$.SessionPolicy') as session_policy, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RolesAnywhere::Profile' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DurationSeconds') as duration_seconds, + json_extract_path_text(Properties, 'Enabled') as enabled, + json_extract_path_text(Properties, 'ManagedPolicyArns') as managed_policy_arns, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ProfileArn') as profile_arn, + json_extract_path_text(Properties, 'ProfileId') as profile_id, + json_extract_path_text(Properties, 'RequireInstanceProperties') as require_instance_properties, + json_extract_path_text(Properties, 'RoleArns') as role_arns, + json_extract_path_text(Properties, 'SessionPolicy') as session_policy, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RolesAnywhere::Profile' + AND data__Identifier = '' + AND region = 'us-east-1' + trust_anchors: + name: trust_anchors + id: aws.rolesanywhere.trust_anchors + x-cfn-schema-name: TrustAnchor + x-type: list + x-identifiers: + - TrustAnchorId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TrustAnchorId') as trust_anchor_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RolesAnywhere::TrustAnchor' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TrustAnchorId') as trust_anchor_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RolesAnywhere::TrustAnchor' + AND region = 'us-east-1' + trust_anchor: + name: trust_anchor + id: aws.rolesanywhere.trust_anchor + x-cfn-schema-name: TrustAnchor + x-type: get + x-identifiers: + - TrustAnchorId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Enabled') as enabled, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.NotificationSettings') as notification_settings, + JSON_EXTRACT(Properties, '$.Source') as source, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TrustAnchorId') as trust_anchor_id, + JSON_EXTRACT(Properties, '$.TrustAnchorArn') as trust_anchor_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RolesAnywhere::TrustAnchor' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Enabled') as enabled, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'NotificationSettings') as notification_settings, + json_extract_path_text(Properties, 'Source') as source, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TrustAnchorId') as trust_anchor_id, + json_extract_path_text(Properties, 'TrustAnchorArn') as trust_anchor_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RolesAnywhere::TrustAnchor' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/route53.yaml b/providers/src/aws/v00.00.00000/services/route53.yaml new file mode 100644 index 00000000..2ec4a59e --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/route53.yaml @@ -0,0 +1,825 @@ +openapi: 3.0.0 +info: + title: Route53 + version: 1.0.0 +paths: {} +components: + schemas: + Location: + type: object + additionalProperties: false + properties: + LocationName: + description: The name of the location that is associated with the CIDR collection. + type: string + minLength: 1 + maxLength: 16 + CidrList: + description: A list of CIDR blocks. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + required: + - LocationName + - CidrList + CidrCollection: + type: object + properties: + Id: + description: UUID of the CIDR collection. + type: string + Name: + description: A unique name for the CIDR collection. + type: string + pattern: ^[0-9A-Za-z_\-]+$ + minLength: 1 + maxLength: 64 + Arn: + description: The Amazon resource name (ARN) to uniquely identify the AWS resource. + type: string + Locations: + description: A complex type that contains information about the list of CIDR locations. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Location' + required: + - Name + x-stackql-resource-name: cidr_collection + description: Resource schema for AWS::Route53::CidrCollection. + x-type-name: AWS::Route53::CidrCollection + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Name + x-read-only-properties: + - Id + - Arn + x-required-properties: + - Name + x-tagging: + taggable: false + tagUpdatable: false + x-required-permissions: + create: + - route53:CreateCidrCollection + - route53:ChangeCidrCollection + read: + - route53:ListCidrCollections + - route53:ListCidrBlocks + update: + - route53:ChangeCidrCollection + delete: + - route53:DeleteCidrCollection + - route53:ChangeCidrCollection + list: + - route53:ListCidrCollections + - route53:ListCidrBlocks + DNSSEC: + type: object + properties: + HostedZoneId: + description: The unique string (ID) used to identify a hosted zone. + type: string + pattern: ^[A-Z0-9]{1,32}$ + required: + - HostedZoneId + x-stackql-resource-name: dnssec + description: Resource used to control (enable/disable) DNSSEC in a specific hosted zone. + x-type-name: AWS::Route53::DNSSEC + x-stackql-primary-identifier: + - HostedZoneId + x-create-only-properties: + - HostedZoneId + x-required-properties: + - HostedZoneId + x-tagging: + taggable: false + x-required-permissions: + create: + - route53:GetDNSSEC + - route53:EnableHostedZoneDNSSEC + - kms:DescribeKey + - kms:GetPublicKey + - kms:Sign + - kms:CreateGrant + read: + - route53:GetDNSSEC + delete: + - route53:GetDNSSEC + - route53:DisableHostedZoneDNSSEC + - kms:DescribeKey + - kms:GetPublicKey + - kms:Sign + - kms:CreateGrant + list: + - route53:GetDNSSEC + - route53:ListHostedZones + AlarmIdentifier: + description: A complex type that identifies the CloudWatch alarm that you want Amazon Route 53 health checkers to use to determine whether the specified health check is healthy. + type: object + additionalProperties: false + properties: + Name: + description: The name of the CloudWatch alarm that you want Amazon Route 53 health checkers to use to determine whether this health check is healthy. + type: string + minLength: 1 + maxLength: 256 + Region: + description: For the CloudWatch alarm that you want Route 53 health checkers to use to determine whether this health check is healthy, the region that the alarm was created in. + type: string + required: + - Name + - Region + HealthCheckTag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + type: string + description: The key name of the tag. + maxLength: 128 + Value: + type: string + description: The value for the tag. + maxLength: 256 + required: + - Value + - Key + HealthCheck: + type: object + properties: + HealthCheckId: + type: string + HealthCheckConfig: + description: A complex type that contains information about the health check. + type: object + properties: + AlarmIdentifier: + $ref: '#/components/schemas/AlarmIdentifier' + ChildHealthChecks: + type: array + items: + type: string + maxItems: 256 + x-insertionOrder: false + EnableSNI: + type: boolean + FailureThreshold: + type: integer + minimum: 1 + maximum: 10 + FullyQualifiedDomainName: + type: string + maxLength: 255 + HealthThreshold: + type: integer + minimum: 0 + maximum: 256 + InsufficientDataHealthStatus: + type: string + enum: + - Healthy + - LastKnownStatus + - Unhealthy + Inverted: + type: boolean + IPAddress: + type: string + maxLength: 45 + pattern: >- + ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$ + MeasureLatency: + type: boolean + Port: + type: integer + minimum: 1 + maximum: 65535 + Regions: + type: array + items: + type: string + maxItems: 64 + x-insertionOrder: false + RequestInterval: + type: integer + minimum: 10 + maximum: 30 + ResourcePath: + type: string + maxLength: 255 + SearchString: + type: string + maxLength: 255 + RoutingControlArn: + type: string + minLength: 1 + maxLength: 255 + Type: + type: string + enum: + - CALCULATED + - CLOUDWATCH_METRIC + - HTTP + - HTTP_STR_MATCH + - HTTPS + - HTTPS_STR_MATCH + - TCP + - RECOVERY_CONTROL + required: + - Type + additionalProperties: false + HealthCheckTags: + type: array + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/HealthCheckTag' + required: + - HealthCheckConfig + x-stackql-resource-name: health_check + description: Resource schema for AWS::Route53::HealthCheck. + x-type-name: AWS::Route53::HealthCheck + x-stackql-primary-identifier: + - HealthCheckId + x-create-only-properties: + - HealthCheckConfig/Type + - HealthCheckConfig/MeasureLatency + - HealthCheckConfig/RequestInterval + x-read-only-properties: + - HealthCheckId + x-required-properties: + - HealthCheckConfig + x-taggable: true + x-required-permissions: + create: + - route53:CreateHealthCheck + - route53:ChangeTagsForResource + - cloudwatch:DescribeAlarms + - route53-recovery-control-config:DescribeRoutingControl + read: + - route53:GetHealthCheck + - route53:ListTagsForResource + update: + - route53:UpdateHealthCheck + - route53:ChangeTagsForResource + - route53:ListTagsForResource + - cloudwatch:DescribeAlarms + delete: + - route53:DeleteHealthCheck + list: + - route53:ListHealthChecks + - route53:ListTagsForResource + HostedZoneConfig: + description: A complex type that contains an optional comment about your hosted zone. If you don't want to specify a comment, omit both the ``HostedZoneConfig`` and ``Comment`` elements. + type: object + additionalProperties: false + properties: + Comment: + description: Any comments that you want to include about the hosted zone. + type: string + maxLength: 256 + HostedZoneTag: + description: A complex type that contains information about a tag that you want to add or edit for the specified health check or hosted zone. + type: object + additionalProperties: false + properties: + Key: + type: string + description: |- + The value of ``Key`` depends on the operation that you want to perform: + + *Add a tag to a health check or hosted zone*: ``Key`` is the name that you want to give the new tag. + + *Edit a tag*: ``Key`` is the name of the tag that you want to change the ``Value`` for. + + *Delete a key*: ``Key`` is the name of the tag you want to remove. + + *Give a name to a health check*: Edit the default ``Name`` tag. In the Amazon Route 53 console, the list of your health checks includes a *Name* column that lets you see the name that you've given to each health check. + maxLength: 128 + Value: + type: string + description: |- + The value of ``Value`` depends on the operation that you want to perform: + + *Add a tag to a health check or hosted zone*: ``Value`` is the value that you want to give the new tag. + + *Edit a tag*: ``Value`` is the new value that you want to assign the tag. + maxLength: 256 + required: + - Value + - Key + QueryLoggingConfig: + description: A complex type that contains information about a configuration for DNS query logging. + type: object + additionalProperties: false + properties: + CloudWatchLogsLogGroupArn: + description: The Amazon Resource Name (ARN) of the CloudWatch Logs log group that Amazon Route 53 is publishing logs to. + type: string + required: + - CloudWatchLogsLogGroupArn + VPC: + description: |- + *Private hosted zones only:* A complex type that contains information about an Amazon VPC. Route 53 Resolver uses the records in the private hosted zone to route traffic in that VPC. + For public hosted zones, omit ``VPCs``, ``VPCId``, and ``VPCRegion``. + type: object + additionalProperties: false + properties: + VPCId: + description: |- + *Private hosted zones only:* The ID of an Amazon VPC. + For public hosted zones, omit ``VPCs``, ``VPCId``, and ``VPCRegion``. + type: string + VPCRegion: + description: |- + *Private hosted zones only:* The region that an Amazon VPC was created in. + For public hosted zones, omit ``VPCs``, ``VPCId``, and ``VPCRegion``. + type: string + required: + - VPCId + - VPCRegion + HostedZone: + type: object + properties: + Id: + type: string + description: '' + HostedZoneConfig: + $ref: '#/components/schemas/HostedZoneConfig' + description: |- + A complex type that contains an optional comment. + If you don't want to specify a comment, omit the ``HostedZoneConfig`` and ``Comment`` elements. + HostedZoneTags: + description: |- + Adds, edits, or deletes tags for a health check or a hosted zone. + For information about using tags for cost allocation, see [Using Cost Allocation Tags](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) in the *User Guide*. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/HostedZoneTag' + Name: + description: |- + The name of the domain. Specify a fully qualified domain name, for example, *www.example.com*. The trailing dot is optional; Amazon Route 53 assumes that the domain name is fully qualified. This means that Route 53 treats *www.example.com* (without a trailing dot) and *www.example.com.* (with a trailing dot) as identical. + If you're creating a public hosted zone, this is the name you have registered with your DNS registrar. If your domain name is registered with a registrar other than Route 53, change the name servers for your domain to the set of ``NameServers`` that are returned by the ``Fn::GetAtt`` intrinsic function. + type: string + maxLength: 1024 + QueryLoggingConfig: + $ref: '#/components/schemas/QueryLoggingConfig' + description: |- + Creates a configuration for DNS query logging. After you create a query logging configuration, Amazon Route 53 begins to publish log data to an Amazon CloudWatch Logs log group. + DNS query logs contain information about the queries that Route 53 receives for a specified public hosted zone, such as the following: + + Route 53 edge location that responded to the DNS query + + Domain or subdomain that was requested + + DNS record type, such as A or AAAA + + DNS response code, such as ``NoError`` or ``ServFail`` + + + Log Group and Resource Policy Before you create a query logging configuration, perform the following operations. If you create a query logging configuration using the Route 53 console, Route 53 performs these operations automatically. Create a CloudWatch Logs log group, and make note of the ARN, which you specify when you create a query logging configuration. Note the following: You must create the log group in the us-east-1 region. You must use the same to create the log group and the hosted zone that you want to configure query logging for. When you create log groups for query logging, we recommend that you use a consistent prefix, for example: /aws/route53/hosted zone name In the next step, you'll create a resource policy, which controls access to one or more log groups and the associated resources, such as Route 53 hosted zones. There's a limit on the number of resource policies that you can create, so we recommend that you use a consistent prefix so you can use the same resource policy for all the log groups that you create for query logging. Create a CloudWatch Logs resource policy, and give it the permissions that Route 53 needs to create log streams and to send query logs to log streams. For the value of Resource, specify the ARN for the log group that you created in the previous step. To use the same resource policy for all the CloudWatch Logs log groups that you created for query logging configurations, replace the hosted zone name with *, for example: arn:aws:logs:us-east-1:123412341234:log-group:/aws/route53/* To avoid the confused deputy problem, a security issue where an entity without a permission for an action can coerce a more-privileged entity to perform it, you can optionally limit the permissions that a service has to a resource in a resource-based policy by supplying the following values: For aws:SourceArn, supply the hosted zone ARN used in creating the query logging configuration. For example, aws:SourceArn: arn:aws:route53:::hostedzone/hosted zone ID. For aws:SourceAccount, supply the account ID for the account that creates the query logging configuration. For example, aws:SourceAccount:111111111111. For more information, see The confused deputy problem in the IAM User Guide. You can't use the CloudWatch console to create or edit a resource policy. You must use the CloudWatch API, one of the SDKs, or the . + Log Streams and Edge Locations When Route 53 finishes creating the configuration for DNS query logging, it does the following: Creates a log stream for an edge location the first time that the edge location responds to DNS queries for the specified hosted zone. That log stream is used to log all queries that Route 53 responds to for that edge location. Begins to send query logs to the applicable log stream. The name of each log stream is in the following format: hosted zone ID/edge location code The edge location code is a three-letter code and an arbitrarily assigned number, for example, DFW3. The three-letter code typically corresponds with the International Air Transport Association airport code for an airport near the edge location. (These abbreviations might change in the future.) For a list of edge locations, see "The Route 53 Global Network" on the Route 53 Product Details page. + Queries That Are Logged Query logs contain only the queries that DNS resolvers forward to Route 53. If a DNS resolver has already cached the response to a query (such as the IP address for a load balancer for example.com), the resolver will continue to return the cached response. It doesn't forward another query to Route 53 until the TTL for the corresponding resource record set expires. Depending on how many DNS queries are submitted for a resource record set, and depending on the TTL for that resource record set, query logs might contain information about only one query out of every several thousand queries that are submitted to DNS. For more information about how DNS works, see Routing Internet Traffic to Your Website or Web Application in the Amazon Route 53 Developer Guide. + Log File Format For a list of the values in each query log and the format of each value, see Logging DNS Queries in the Amazon Route 53 Developer Guide. + Pricing For information about charges for query logs, see Amazon CloudWatch Pricing. + How to Stop Logging If you want Route 53 to stop sending query logs to CloudWatch Logs, delete the query logging configuration. For more information, see DeleteQueryLoggingConfig. + VPCs: + description: |- + *Private hosted zones:* A complex type that contains information about the VPCs that are associated with the specified hosted zone. + For public hosted zones, omit ``VPCs``, ``VPCId``, and ``VPCRegion``. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/VPC' + NameServers: + type: array + uniqueItems: false + items: + type: string + description: '' + x-stackql-resource-name: hosted_zone + description: |- + Creates a new public or private hosted zone. You create records in a public hosted zone to define how you want to route traffic on the internet for a domain, such as example.com, and its subdomains (apex.example.com, acme.example.com). You create records in a private hosted zone to define how you want to route traffic for a domain and its subdomains within one or more Amazon Virtual Private Clouds (Amazon VPCs). + You can't convert a public hosted zone to a private hosted zone or vice versa. Instead, you must create a new hosted zone with the same name and create new resource record sets. + For more information about charges for hosted zones, see [Amazon Route 53 Pricing](https://docs.aws.amazon.com/route53/pricing/). + Note the following: + + You can't create a hosted zone for a top-level domain (TLD) such as .com. + + If your domain is registered with a registrar other than Route 53, you must update the name servers with your registrar to make Route 53 the DNS service for the domain. For more information, see [Migrating DNS Service for an Existing Domain to Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/MigratingDNS.html) in the *Amazon Route 53 Developer Guide*. + + When you submit a ``CreateHostedZone`` request, the initial status of the hosted zone is ``PENDING``. For public hosted zones, this means that the NS and SOA records are not yet available on all Route 53 DNS servers. When the NS and SOA records are available, the status of the zone changes to ``INSYNC``. + The ``CreateHostedZone`` request requires the caller to have an ``ec2:DescribeVpcs`` permission. + When creating private hosted zones, the Amazon VPC must belong to the same partition where the hosted zone is created. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. + The following are the supported partitions: + + ``aws`` - AWS-Regions + + ``aws-cn`` - China Regions + + ``aws-us-gov`` - govcloud-us-region + + For more information, see [Access Management](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. + x-type-name: AWS::Route53::HostedZone + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Name + x-read-only-properties: + - Id + - NameServers + x-required-permissions: + create: + - route53:CreateHostedZone + - route53:CreateQueryLoggingConfig + - route53:ChangeTagsForResource + - route53:GetChange + - route53:AssociateVPCWithHostedZone + - ec2:DescribeVpcs + read: + - route53:GetHostedZone + - route53:ListTagsForResource + - route53:ListQueryLoggingConfigs + update: + - route53:GetChange + - route53:ListTagsForResource + - route53:UpdateHostedZoneComment + - route53:ChangeTagsForResource + - route53:AssociateVPCWithHostedZone + - route53:DisassociateVPCFromHostedZone + - route53:CreateQueryLoggingConfig + - route53:DeleteQueryLoggingConfig + - ec2:DescribeVpcs + delete: + - route53:DeleteHostedZone + - route53:DeleteQueryLoggingConfig + - route53:ListQueryLoggingConfigs + - route53:GetChange + list: + - route53:GetHostedZone + - route53:ListHostedZones + - route53:ListHostedZonesByName + - route53:ListQueryLoggingConfigs + - route53:ListTagsForResource + KeySigningKey: + type: object + properties: + HostedZoneId: + description: The unique string (ID) used to identify a hosted zone. + type: string + pattern: ^[A-Z0-9]{1,32}$ + Status: + description: A string specifying the initial status of the key signing key (KSK). You can set the value to ACTIVE or INACTIVE. + type: string + enum: + - ACTIVE + - INACTIVE + Name: + description: An alphanumeric string used to identify a key signing key (KSK). Name must be unique for each key signing key in the same hosted zone. + type: string + pattern: ^[a-zA-Z0-9_]{3,128}$ + KeyManagementServiceArn: + description: The Amazon resource name (ARN) for a customer managed key (CMK) in AWS Key Management Service (KMS). The KeyManagementServiceArn must be unique for each key signing key (KSK) in a single hosted zone. + type: string + minLength: 1 + maxLength: 256 + required: + - Status + - HostedZoneId + - Name + - KeyManagementServiceArn + x-stackql-resource-name: key_signing_key + description: Represents a key signing key (KSK) associated with a hosted zone. You can only have two KSKs per hosted zone. + x-type-name: AWS::Route53::KeySigningKey + x-stackql-primary-identifier: + - HostedZoneId + - Name + x-create-only-properties: + - HostedZoneId + - Name + - KeyManagementServiceArn + x-required-properties: + - Status + - HostedZoneId + - Name + - KeyManagementServiceArn + x-tagging: + taggable: false + x-required-permissions: + create: + - route53:CreateKeySigningKey + - kms:DescribeKey + - kms:GetPublicKey + - kms:Sign + - kms:CreateGrant + read: + - route53:GetDNSSEC + update: + - route53:GetDNSSEC + - route53:ActivateKeySigningKey + - route53:DeactivateKeySigningKey + - kms:DescribeKey + - kms:GetPublicKey + - kms:Sign + - kms:CreateGrant + delete: + - route53:DeactivateKeySigningKey + - route53:DeleteKeySigningKey + - kms:DescribeKey + - kms:GetPublicKey + - kms:Sign + - kms:CreateGrant + list: + - route53:GetDNSSEC + - route53:ListHostedZones + x-stackQL-resources: + cidr_collections: + name: cidr_collections + id: aws.route53.cidr_collections + x-cfn-schema-name: CidrCollection + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53::CidrCollection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53::CidrCollection' + AND region = 'us-east-1' + cidr_collection: + name: cidr_collection + id: aws.route53.cidr_collection + x-cfn-schema-name: CidrCollection + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Locations') as locations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53::CidrCollection' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Locations') as locations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53::CidrCollection' + AND data__Identifier = '' + AND region = 'us-east-1' + dnssecs: + name: dnssecs + id: aws.route53.dnssecs + x-cfn-schema-name: DNSSEC + x-type: list + x-identifiers: + - HostedZoneId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.HostedZoneId') as hosted_zone_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53::DNSSEC' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'HostedZoneId') as hosted_zone_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53::DNSSEC' + AND region = 'us-east-1' + dnssec: + name: dnssec + id: aws.route53.dnssec + x-cfn-schema-name: DNSSEC + x-type: get + x-identifiers: + - HostedZoneId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.HostedZoneId') as hosted_zone_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53::DNSSEC' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'HostedZoneId') as hosted_zone_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53::DNSSEC' + AND data__Identifier = '' + AND region = 'us-east-1' + health_checks: + name: health_checks + id: aws.route53.health_checks + x-cfn-schema-name: HealthCheck + x-type: list + x-identifiers: + - HealthCheckId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.HealthCheckId') as health_check_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53::HealthCheck' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'HealthCheckId') as health_check_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53::HealthCheck' + AND region = 'us-east-1' + health_check: + name: health_check + id: aws.route53.health_check + x-cfn-schema-name: HealthCheck + x-type: get + x-identifiers: + - HealthCheckId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.HealthCheckId') as health_check_id, + JSON_EXTRACT(Properties, '$.HealthCheckConfig') as health_check_config, + JSON_EXTRACT(Properties, '$.HealthCheckTags') as health_check_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53::HealthCheck' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'HealthCheckId') as health_check_id, + json_extract_path_text(Properties, 'HealthCheckConfig') as health_check_config, + json_extract_path_text(Properties, 'HealthCheckTags') as health_check_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53::HealthCheck' + AND data__Identifier = '' + AND region = 'us-east-1' + hosted_zones: + name: hosted_zones + id: aws.route53.hosted_zones + x-cfn-schema-name: HostedZone + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53::HostedZone' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53::HostedZone' + AND region = 'us-east-1' + hosted_zone: + name: hosted_zone + id: aws.route53.hosted_zone + x-cfn-schema-name: HostedZone + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.HostedZoneConfig') as hosted_zone_config, + JSON_EXTRACT(Properties, '$.HostedZoneTags') as hosted_zone_tags, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.QueryLoggingConfig') as query_logging_config, + JSON_EXTRACT(Properties, '$.VPCs') as vpcs, + JSON_EXTRACT(Properties, '$.NameServers') as name_servers + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53::HostedZone' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'HostedZoneConfig') as hosted_zone_config, + json_extract_path_text(Properties, 'HostedZoneTags') as hosted_zone_tags, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'QueryLoggingConfig') as query_logging_config, + json_extract_path_text(Properties, 'VPCs') as vpcs, + json_extract_path_text(Properties, 'NameServers') as name_servers + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53::HostedZone' + AND data__Identifier = '' + AND region = 'us-east-1' + key_signing_keys: + name: key_signing_keys + id: aws.route53.key_signing_keys + x-cfn-schema-name: KeySigningKey + x-type: list + x-identifiers: + - HostedZoneId + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.HostedZoneId') as hosted_zone_id, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53::KeySigningKey' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'HostedZoneId') as hosted_zone_id, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53::KeySigningKey' + AND region = 'us-east-1' + key_signing_key: + name: key_signing_key + id: aws.route53.key_signing_key + x-cfn-schema-name: KeySigningKey + x-type: get + x-identifiers: + - HostedZoneId + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.HostedZoneId') as hosted_zone_id, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.KeyManagementServiceArn') as key_management_service_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53::KeySigningKey' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'HostedZoneId') as hosted_zone_id, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'KeyManagementServiceArn') as key_management_service_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53::KeySigningKey' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/route53recoverycontrol.yaml b/providers/src/aws/v00.00.00000/services/route53recoverycontrol.yaml new file mode 100644 index 00000000..fd1fd0ff --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/route53recoverycontrol.yaml @@ -0,0 +1,632 @@ +openapi: 3.0.0 +info: + title: Route53RecoveryControl + version: 1.0.0 +paths: {} +components: + schemas: + ClusterEndpoint: + type: object + properties: + Endpoint: + type: string + minLength: 1 + maxLength: 128 + Region: + type: string + minLength: 1 + maxLength: 32 + additionalProperties: false + Tag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + maxLength: 256 + required: + - Value + - Key + additionalProperties: false + Cluster: + type: object + properties: + Name: + description: Name of a Cluster. You can use any non-white space character in the name + type: string + minLength: 1 + maxLength: 64 + ClusterArn: + description: The Amazon Resource Name (ARN) of the cluster. + type: string + minLength: 1 + maxLength: 2048 + Status: + description: 'Deployment status of a resource. Status can be one of the following: PENDING, DEPLOYED, PENDING_DELETION.' + type: string + enum: + - PENDING + - DEPLOYED + - PENDING_DELETION + ClusterEndpoints: + description: Endpoints for the cluster. + type: array + items: + $ref: '#/components/schemas/ClusterEndpoint' + x-insertionOrder: false + Tags: + description: A collection of tags associated with a resource + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 20 + x-insertionOrder: false + required: + - Name + x-stackql-resource-name: cluster + description: AWS Route53 Recovery Control Cluster resource schema + x-type-name: AWS::Route53RecoveryControl::Cluster + x-stackql-primary-identifier: + - ClusterArn + x-create-only-properties: + - Name + - Tags + x-write-only-properties: + - Tags + x-read-only-properties: + - ClusterArn + - ClusterEndpoints + - Status + x-required-properties: + - Name + x-taggable: true + x-required-permissions: + create: + - route53-recovery-control-config:CreateCluster + - route53-recovery-control-config:DescribeCluster + - route53-recovery-control-config:ListTagsForResource + - route53-recovery-control-config:TagResource + read: + - route53-recovery-control-config:DescribeCluster + - route53-recovery-control-config:ListTagsForResource + delete: + - route53-recovery-control-config:DescribeCluster + - route53-recovery-control-config:DeleteCluster + list: + - route53-recovery-control-config:ListClusters + ControlPanel: + type: object + properties: + ClusterArn: + description: Cluster to associate with the Control Panel + type: string + ControlPanelArn: + description: The Amazon Resource Name (ARN) of the cluster. + type: string + Name: + description: The name of the control panel. You can use any non-white space character in the name. + type: string + minLength: 1 + maxLength: 64 + Status: + description: 'The deployment status of control panel. Status can be one of the following: PENDING, DEPLOYED, PENDING_DELETION.' + type: string + enum: + - PENDING + - DEPLOYED + - PENDING_DELETION + DefaultControlPanel: + description: A flag that Amazon Route 53 Application Recovery Controller sets to true to designate the default control panel for a cluster. When you create a cluster, Amazon Route 53 Application Recovery Controller creates a control panel, and sets this flag for that control panel. If you create a control panel yourself, this flag is set to false. + type: boolean + RoutingControlCount: + description: Count of associated routing controls + type: integer + Tags: + description: A collection of tags associated with a resource + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 20 + x-insertionOrder: false + required: + - Name + x-stackql-resource-name: control_panel + description: AWS Route53 Recovery Control Control Panel resource schema . + x-type-name: AWS::Route53RecoveryControl::ControlPanel + x-stackql-primary-identifier: + - ControlPanelArn + x-create-only-properties: + - ClusterArn + - Tags + x-write-only-properties: + - Tags + x-read-only-properties: + - ControlPanelArn + - Status + - RoutingControlCount + - DefaultControlPanel + x-required-properties: + - Name + x-taggable: true + x-required-permissions: + create: + - route53-recovery-control-config:CreateControlPanel + - route53-recovery-control-config:DescribeCluster + - route53-recovery-control-config:DescribeControlPanel + - route53-recovery-control-config:ListTagsForResource + - route53-recovery-control-config:TagResource + read: + - route53-recovery-control-config:DescribeControlPanel + - route53-recovery-control-config:ListTagsForResource + update: + - route53-recovery-control-config:UpdateControlPanel + - route53-recovery-control-config:DescribeControlPanel + - route53-recovery-control-config:ListTagsForResource + - route53-recovery-control-config:TagResource + - route53-recovery-control-config:UntagResource + delete: + - route53-recovery-control-config:DeleteControlPanel + - route53-recovery-control-config:DescribeControlPanel + list: + - route53-recovery-control-config:ListControlPanels + RoutingControl: + type: object + properties: + RoutingControlArn: + description: The Amazon Resource Name (ARN) of the routing control. + type: string + ControlPanelArn: + description: The Amazon Resource Name (ARN) of the control panel. + type: string + Name: + description: The name of the routing control. You can use any non-white space character in the name. + type: string + minLength: 1 + maxLength: 64 + Status: + description: 'The deployment status of the routing control. Status can be one of the following: PENDING, DEPLOYED, PENDING_DELETION.' + type: string + enum: + - PENDING + - DEPLOYED + - PENDING_DELETION + ClusterArn: + description: Arn associated with Control Panel + type: string + required: + - Name + x-stackql-resource-name: routing_control + description: AWS Route53 Recovery Control Routing Control resource schema . + x-type-name: AWS::Route53RecoveryControl::RoutingControl + x-stackql-primary-identifier: + - RoutingControlArn + x-create-only-properties: + - ControlPanelArn + - ClusterArn + x-write-only-properties: + - ClusterArn + x-read-only-properties: + - RoutingControlArn + - Status + x-required-properties: + - Name + x-required-permissions: + create: + - route53-recovery-control-config:CreateRoutingControl + - route53-recovery-control-config:DescribeRoutingControl + - route53-recovery-control-config:DescribeControlPanel + - route53-recovery-control-config:DescribeCluster + read: + - route53-recovery-control-config:DescribeRoutingControl + update: + - route53-recovery-control-config:UpdateRoutingControl + - route53-recovery-control-config:DescribeRoutingControl + - route53-recovery-control-config:DescribeControlPanel + delete: + - route53-recovery-control-config:DescribeRoutingControl + - route53-recovery-control-config:DeleteRoutingControl + list: + - route53-recovery-control-config:ListRoutingControls + SafetyRuleName: + description: The name for the safety rule. + type: string + RuleType: + description: 'A rule can be one of the following: ATLEAST, AND, or OR.' + type: string + enum: + - AND + - OR + - ATLEAST + RuleConfig: + description: The rule configuration for an assertion rule or gating rule. This is the criteria that you set for specific assertion controls (routing controls) or gating controls. This configuration specifies how many controls must be enabled after a transaction completes. + type: object + properties: + Type: + $ref: '#/components/schemas/RuleType' + Threshold: + description: The value of N, when you specify an ATLEAST rule type. That is, Threshold is the number of controls that must be set when you specify an ATLEAST type. + type: integer + Inverted: + description: Logical negation of the rule. If the rule would usually evaluate true, it's evaluated as false, and vice versa. + type: boolean + required: + - Type + - Threshold + - Inverted + additionalProperties: false + GatingRule: + description: A gating rule verifies that a set of gating controls evaluates as true, based on a rule configuration that you specify. If the gating rule evaluates to true, Amazon Route 53 Application Recovery Controller allows a set of routing control state changes to run and complete against the set of target controls. + type: object + properties: + GatingControls: + description: The gating controls for the gating rule. That is, routing controls that are evaluated by the rule configuration that you specify. + type: array + items: + type: string + x-insertionOrder: false + TargetControls: + description: |- + Routing controls that can only be set or unset if the specified RuleConfig evaluates to true for the specified GatingControls. For example, say you have three gating controls, one for each of three AWS Regions. Now you specify AtLeast 2 as your RuleConfig. With these settings, you can only change (set or unset) the routing controls that you have specified as TargetControls if that rule evaluates to true. + In other words, your ability to change the routing controls that you have specified as TargetControls is gated by the rule that you set for the routing controls in GatingControls. + type: array + items: + type: string + x-insertionOrder: false + WaitPeriodMs: + description: An evaluation period, in milliseconds (ms), during which any request against the target routing controls will fail. This helps prevent "flapping" of state. The wait period is 5000 ms by default, but you can choose a custom value. + type: integer + required: + - WaitPeriodMs + - TargetControls + - GatingControls + additionalProperties: false + AssertionRule: + description: An assertion rule enforces that, when a routing control state is changed, that the criteria set by the rule configuration is met. Otherwise, the change to the routing control is not accepted. + type: object + properties: + WaitPeriodMs: + description: An evaluation period, in milliseconds (ms), during which any request against the target routing controls will fail. This helps prevent "flapping" of state. The wait period is 5000 ms by default, but you can choose a custom value. + type: integer + AssertedControls: + description: The routing controls that are part of transactions that are evaluated to determine if a request to change a routing control state is allowed. For example, you might include three routing controls, one for each of three AWS Regions. + type: array + items: + type: string + x-insertionOrder: false + required: + - AssertedControls + - WaitPeriodMs + additionalProperties: false + SafetyRule: + type: object + properties: + AssertionRule: + $ref: '#/components/schemas/AssertionRule' + GatingRule: + $ref: '#/components/schemas/GatingRule' + Name: + $ref: '#/components/schemas/SafetyRuleName' + SafetyRuleArn: + description: The Amazon Resource Name (ARN) of the safety rule. + type: string + ControlPanelArn: + description: The Amazon Resource Name (ARN) of the control panel. + type: string + Status: + description: 'The deployment status of the routing control. Status can be one of the following: PENDING, DEPLOYED, PENDING_DELETION.' + type: string + enum: + - PENDING + - DEPLOYED + - PENDING_DELETION + RuleConfig: + $ref: '#/components/schemas/RuleConfig' + Tags: + description: A collection of tags associated with a resource + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 20 + x-insertionOrder: false + required: [] + x-stackql-resource-name: safety_rule + description: Resource schema for AWS Route53 Recovery Control basic constructs and validation rules. + x-type-name: AWS::Route53RecoveryControl::SafetyRule + x-stackql-primary-identifier: + - SafetyRuleArn + x-create-only-properties: + - ControlPanelArn + - RuleConfig + - ControlPanelArn + - Tags + x-write-only-properties: + - Tags + x-read-only-properties: + - SafetyRuleArn + - Status + x-required-properties: [] + x-taggable: true + x-required-permissions: + create: + - route53-recovery-control-config:CreateSafetyRule + - route53-recovery-control-config:DescribeSafetyRule + - route53-recovery-control-config:DescribeControlPanel + - route53-recovery-control-config:DescribeRoutingControl + - route53-recovery-control-config:ListTagsForResource + - route53-recovery-control-config:TagResource + read: + - route53-recovery-control-config:DescribeSafetyRule + - route53-recovery-control-config:ListTagsForResource + update: + - route53-recovery-control-config:UpdateSafetyRule + - route53-recovery-control-config:DescribeSafetyRule + - route53-recovery-control-config:ListTagsForResource + - route53-recovery-control-config:TagResource + - route53-recovery-control-config:UntagResource + delete: + - route53-recovery-control-config:DescribeSafetyRule + - route53-recovery-control-config:DeleteSafetyRule + list: + - route53-recovery-control-config:ListSafetyRules + x-stackQL-resources: + clusters: + name: clusters + id: aws.route53recoverycontrol.clusters + x-cfn-schema-name: Cluster + x-type: list + x-identifiers: + - ClusterArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ClusterArn') as cluster_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryControl::Cluster' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ClusterArn') as cluster_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryControl::Cluster' + AND region = 'us-east-1' + cluster: + name: cluster + id: aws.route53recoverycontrol.cluster + x-cfn-schema-name: Cluster + x-type: get + x-identifiers: + - ClusterArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ClusterArn') as cluster_arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.ClusterEndpoints') as cluster_endpoints, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryControl::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ClusterArn') as cluster_arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'ClusterEndpoints') as cluster_endpoints, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryControl::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + control_panels: + name: control_panels + id: aws.route53recoverycontrol.control_panels + x-cfn-schema-name: ControlPanel + x-type: list + x-identifiers: + - ControlPanelArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ControlPanelArn') as control_panel_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryControl::ControlPanel' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ControlPanelArn') as control_panel_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryControl::ControlPanel' + AND region = 'us-east-1' + control_panel: + name: control_panel + id: aws.route53recoverycontrol.control_panel + x-cfn-schema-name: ControlPanel + x-type: get + x-identifiers: + - ControlPanelArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ClusterArn') as cluster_arn, + JSON_EXTRACT(Properties, '$.ControlPanelArn') as control_panel_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.DefaultControlPanel') as default_control_panel, + JSON_EXTRACT(Properties, '$.RoutingControlCount') as routing_control_count, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryControl::ControlPanel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ClusterArn') as cluster_arn, + json_extract_path_text(Properties, 'ControlPanelArn') as control_panel_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'DefaultControlPanel') as default_control_panel, + json_extract_path_text(Properties, 'RoutingControlCount') as routing_control_count, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryControl::ControlPanel' + AND data__Identifier = '' + AND region = 'us-east-1' + routing_controls: + name: routing_controls + id: aws.route53recoverycontrol.routing_controls + x-cfn-schema-name: RoutingControl + x-type: list + x-identifiers: + - RoutingControlArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RoutingControlArn') as routing_control_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryControl::RoutingControl' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RoutingControlArn') as routing_control_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryControl::RoutingControl' + AND region = 'us-east-1' + routing_control: + name: routing_control + id: aws.route53recoverycontrol.routing_control + x-cfn-schema-name: RoutingControl + x-type: get + x-identifiers: + - RoutingControlArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RoutingControlArn') as routing_control_arn, + JSON_EXTRACT(Properties, '$.ControlPanelArn') as control_panel_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.ClusterArn') as cluster_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryControl::RoutingControl' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RoutingControlArn') as routing_control_arn, + json_extract_path_text(Properties, 'ControlPanelArn') as control_panel_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'ClusterArn') as cluster_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryControl::RoutingControl' + AND data__Identifier = '' + AND region = 'us-east-1' + safety_rules: + name: safety_rules + id: aws.route53recoverycontrol.safety_rules + x-cfn-schema-name: SafetyRule + x-type: list + x-identifiers: + - SafetyRuleArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SafetyRuleArn') as safety_rule_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryControl::SafetyRule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SafetyRuleArn') as safety_rule_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryControl::SafetyRule' + AND region = 'us-east-1' + safety_rule: + name: safety_rule + id: aws.route53recoverycontrol.safety_rule + x-cfn-schema-name: SafetyRule + x-type: get + x-identifiers: + - SafetyRuleArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AssertionRule') as assertion_rule, + JSON_EXTRACT(Properties, '$.GatingRule') as gating_rule, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.SafetyRuleArn') as safety_rule_arn, + JSON_EXTRACT(Properties, '$.ControlPanelArn') as control_panel_arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.RuleConfig') as rule_config, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryControl::SafetyRule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AssertionRule') as assertion_rule, + json_extract_path_text(Properties, 'GatingRule') as gating_rule, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'SafetyRuleArn') as safety_rule_arn, + json_extract_path_text(Properties, 'ControlPanelArn') as control_panel_arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'RuleConfig') as rule_config, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryControl::SafetyRule' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/route53recoveryreadiness.yaml b/providers/src/aws/v00.00.00000/services/route53recoveryreadiness.yaml new file mode 100644 index 00000000..59861ca3 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/route53recoveryreadiness.yaml @@ -0,0 +1,592 @@ +openapi: 3.0.0 +info: + title: Route53RecoveryReadiness + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + Value: + type: string + required: + - Value + - Key + Cell: + type: object + properties: + CellName: + description: The name of the cell to create. + type: string + pattern: '[a-zA-Z0-9_]+' + maxLength: 64 + CellArn: + description: The Amazon Resource Name (ARN) of the cell. + type: string + maxLength: 256 + Cells: + description: A list of cell Amazon Resource Names (ARNs) contained within this cell, for use in nested cells. For example, Availability Zones within specific Regions. + type: array + items: + type: string + maxItems: 5 + x-insertionOrder: false + ParentReadinessScopes: + description: The readiness scope for the cell, which can be a cell Amazon Resource Name (ARN) or a recovery group ARN. This is a list but currently can have only one element. + type: array + items: + type: string + maxItems: 5 + x-insertionOrder: false + Tags: + description: A collection of tags associated with a resource + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 20 + x-insertionOrder: false + x-stackql-resource-name: cell + description: The API Schema for AWS Route53 Recovery Readiness Cells. + x-type-name: AWS::Route53RecoveryReadiness::Cell + x-stackql-primary-identifier: + - CellName + x-create-only-properties: + - CellName + x-read-only-properties: + - CellArn + - ParentReadinessScopes + x-taggable: true + x-required-permissions: + create: + - route53-recovery-readiness:CreateCell + - route53-recovery-readiness:GetCell + - route53-recovery-readiness:ListTagsForResources + - route53-recovery-readiness:TagResource + read: + - route53-recovery-readiness:GetCell + - route53-recovery-readiness:ListTagsForResources + update: + - route53-recovery-readiness:GetCell + - route53-recovery-readiness:ListTagsForResources + - route53-recovery-readiness:TagResource + - route53-recovery-readiness:UntagResource + - route53-recovery-readiness:UpdateCell + delete: + - route53-recovery-readiness:DeleteCell + - route53-recovery-readiness:GetCell + list: + - route53-recovery-readiness:ListCells + ReadinessCheck: + type: object + properties: + ResourceSetName: + description: The name of the resource set to check. + type: string + pattern: '[a-zA-Z0-9_]+' + minLength: 1 + maxLength: 64 + ReadinessCheckName: + description: Name of the ReadinessCheck to create. + type: string + pattern: '[a-zA-Z0-9_]+' + minLength: 1 + maxLength: 64 + ReadinessCheckArn: + description: The Amazon Resource Name (ARN) of the readiness check. + type: string + maxLength: 256 + Tags: + description: A collection of tags associated with a resource. + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 20 + x-insertionOrder: false + x-stackql-resource-name: readiness_check + description: Aws Route53 Recovery Readiness Check Schema and API specification. + x-type-name: AWS::Route53RecoveryReadiness::ReadinessCheck + x-stackql-primary-identifier: + - ReadinessCheckName + x-create-only-properties: + - ReadinessCheckName + x-read-only-properties: + - ReadinessCheckArn + x-taggable: true + x-required-permissions: + create: + - route53-recovery-readiness:CreateReadinessCheck + - route53-recovery-readiness:GetResourceSet + - route53-recovery-readiness:GetReadinessCheck + - route53-recovery-readiness:ListTagsForResources + - route53-recovery-readiness:TagResource + read: + - route53-recovery-readiness:GetReadinessCheck + - route53-recovery-readiness:ListTagsForResources + update: + - route53-recovery-readiness:UpdateReadinessCheck + - route53-recovery-readiness:GetResourceSet + - route53-recovery-readiness:GetReadinessCheck + - route53-recovery-readiness:ListTagsForResources + - route53-recovery-readiness:TagResource + - route53-recovery-readiness:UntagResource + delete: + - route53-recovery-readiness:DeleteReadinessCheck + - route53-recovery-readiness:GetReadinessCheck + list: + - route53-recovery-readiness:ListReadinessChecks + - route53-recovery-readiness:GetReadinessChecks + RecoveryGroup: + type: object + properties: + RecoveryGroupName: + description: The name of the recovery group to create. + type: string + pattern: '[a-zA-Z0-9_]+' + minLength: 1 + maxLength: 64 + Cells: + description: A list of the cell Amazon Resource Names (ARNs) in the recovery group. + type: array + items: + type: string + minLength: 1 + maxLength: 256 + maxItems: 5 + x-insertionOrder: false + RecoveryGroupArn: + description: A collection of tags associated with a resource. + type: string + maxLength: 256 + Tags: + description: A collection of tags associated with a resource. + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 20 + x-insertionOrder: false + x-stackql-resource-name: recovery_group + description: AWS Route53 Recovery Readiness Recovery Group Schema and API specifications. + x-type-name: AWS::Route53RecoveryReadiness::RecoveryGroup + x-stackql-primary-identifier: + - RecoveryGroupName + x-create-only-properties: + - RecoveryGroupName + x-read-only-properties: + - RecoveryGroupArn + x-taggable: true + x-required-permissions: + create: + - route53-recovery-readiness:CreateRecoveryGroup + - route53-recovery-readiness:GetRecoveryGroup + - route53-recovery-readiness:GetCell + - route53-recovery-readiness:ListTagsForResources + - route53-recovery-readiness:TagResource + read: + - route53-recovery-readiness:GetRecoveryGroup + - route53-recovery-readiness:ListTagsForResources + update: + - route53-recovery-readiness:UpdateRecoveryGroup + - route53-recovery-readiness:GetRecoveryGroup + - route53-recovery-readiness:GetCell + - route53-recovery-readiness:ListTagsForResources + - route53-recovery-readiness:TagResource + - route53-recovery-readiness:UntagResource + delete: + - route53-recovery-readiness:DeleteRecoveryGroup + - route53-recovery-readiness:GetRecoveryGroup + list: + - route53-recovery-readiness:ListRecoveryGroups + NLBResource: + description: The Network Load Balancer resource that a DNS target resource points to. + type: object + properties: + Arn: + description: A Network Load Balancer resource Amazon Resource Name (ARN). + type: string + additionalProperties: false + R53ResourceRecord: + description: The Route 53 resource that a DNS target resource record points to. + type: object + properties: + DomainName: + description: The DNS target domain name. + type: string + RecordSetId: + description: The Resource Record set id. + type: string + additionalProperties: false + TargetResource: + description: The target resource that the Route 53 record points to. + type: object + properties: + NLBResource: + $ref: '#/components/schemas/NLBResource' + R53Resource: + $ref: '#/components/schemas/R53ResourceRecord' + oneOf: + - required: + - NLBResource + - required: + - R53Resource + additionalProperties: false + DNSTargetResource: + description: A component for DNS/routing control readiness checks. + type: object + properties: + DomainName: + description: The domain name that acts as an ingress point to a portion of the customer application. + type: string + RecordSetId: + description: The Route 53 record set ID that will uniquely identify a DNS record, given a name and a type. + type: string + HostedZoneArn: + description: The hosted zone Amazon Resource Name (ARN) that contains the DNS record with the provided name of the target resource. + type: string + RecordType: + description: The type of DNS record of the target resource. + type: string + TargetResource: + $ref: '#/components/schemas/TargetResource' + additionalProperties: false + Resource: + description: The resource element of a ResourceSet + type: object + properties: + ResourceArn: + description: The Amazon Resource Name (ARN) of the AWS resource. + type: string + ComponentId: + description: The component identifier of the resource, generated when DNS target resource is used. + type: string + DnsTargetResource: + $ref: '#/components/schemas/DNSTargetResource' + ReadinessScopes: + description: A list of recovery group Amazon Resource Names (ARNs) and cell ARNs that this resource is contained within. + type: array + items: + type: string + maxItems: 5 + x-insertionOrder: false + additionalProperties: false + ResourceSet: + type: object + properties: + ResourceSetName: + description: The name of the resource set to create. + type: string + Resources: + description: A list of resource objects in the resource set. + type: array + items: + $ref: '#/components/schemas/Resource' + minItems: 1 + maxItems: 6 + x-insertionOrder: false + ResourceSetArn: + description: The Amazon Resource Name (ARN) of the resource set. + type: string + minLength: 1 + maxLength: 256 + ResourceSetType: + description: |- + The resource type of the resources in the resource set. Enter one of the following values for resource type: + + AWS: :AutoScaling: :AutoScalingGroup, AWS: :CloudWatch: :Alarm, AWS: :EC2: :CustomerGateway, AWS: :DynamoDB: :Table, AWS: :EC2: :Volume, AWS: :ElasticLoadBalancing: :LoadBalancer, AWS: :ElasticLoadBalancingV2: :LoadBalancer, AWS: :MSK: :Cluster, AWS: :RDS: :DBCluster, AWS: :Route53: :HealthCheck, AWS: :SQS: :Queue, AWS: :SNS: :Topic, AWS: :SNS: :Subscription, AWS: :EC2: :VPC, AWS: :EC2: :VPNConnection, AWS: :EC2: :VPNGateway, AWS::Route53RecoveryReadiness::DNSTargetResource + type: string + Tags: + description: A tag to associate with the parameters for a resource set. + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 20 + x-insertionOrder: false + required: + - ResourceSetType + - Resources + x-stackql-resource-name: resource_set + description: Schema for the AWS Route53 Recovery Readiness ResourceSet Resource and API. + x-type-name: AWS::Route53RecoveryReadiness::ResourceSet + x-stackql-primary-identifier: + - ResourceSetName + x-create-only-properties: + - ResourceSetName + - ResourceSetType + x-read-only-properties: + - ResourceSetArn + x-required-properties: + - ResourceSetType + - Resources + x-taggable: true + x-required-permissions: + create: + - route53-recovery-readiness:CreateResourceSet + - route53-recovery-readiness:GetResourceSet + - route53-recovery-readiness:GetRecoveryGroup + - route53-recovery-readiness:GetCell + - route53-recovery-readiness:ListTagsForResources + - route53-recovery-readiness:TagResource + read: + - route53-recovery-readiness:GetResourceSet + - route53-recovery-readiness:ListTagsForResources + update: + - route53-recovery-readiness:UpdateResourceSet + - route53-recovery-readiness:GetResourceSet + - route53-recovery-readiness:GetRecoveryGroup + - route53-recovery-readiness:GetCell + - route53-recovery-readiness:ListTagsForResources + - route53-recovery-readiness:TagResource + - route53-recovery-readiness:UntagResource + delete: + - route53-recovery-readiness:DeleteResourceSet + - route53-recovery-readiness:GetResourceSet + list: + - route53-recovery-readiness:ListResourceSets + x-stackQL-resources: + cells: + name: cells + id: aws.route53recoveryreadiness.cells + x-cfn-schema-name: Cell + x-type: list + x-identifiers: + - CellName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CellName') as cell_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::Cell' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CellName') as cell_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::Cell' + AND region = 'us-east-1' + cell: + name: cell + id: aws.route53recoveryreadiness.cell + x-cfn-schema-name: Cell + x-type: get + x-identifiers: + - CellName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CellName') as cell_name, + JSON_EXTRACT(Properties, '$.CellArn') as cell_arn, + JSON_EXTRACT(Properties, '$.Cells') as cells, + JSON_EXTRACT(Properties, '$.ParentReadinessScopes') as parent_readiness_scopes, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::Cell' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CellName') as cell_name, + json_extract_path_text(Properties, 'CellArn') as cell_arn, + json_extract_path_text(Properties, 'Cells') as cells, + json_extract_path_text(Properties, 'ParentReadinessScopes') as parent_readiness_scopes, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::Cell' + AND data__Identifier = '' + AND region = 'us-east-1' + readiness_checks: + name: readiness_checks + id: aws.route53recoveryreadiness.readiness_checks + x-cfn-schema-name: ReadinessCheck + x-type: list + x-identifiers: + - ReadinessCheckName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ReadinessCheckName') as readiness_check_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::ReadinessCheck' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ReadinessCheckName') as readiness_check_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::ReadinessCheck' + AND region = 'us-east-1' + readiness_check: + name: readiness_check + id: aws.route53recoveryreadiness.readiness_check + x-cfn-schema-name: ReadinessCheck + x-type: get + x-identifiers: + - ReadinessCheckName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ResourceSetName') as resource_set_name, + JSON_EXTRACT(Properties, '$.ReadinessCheckName') as readiness_check_name, + JSON_EXTRACT(Properties, '$.ReadinessCheckArn') as readiness_check_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::ReadinessCheck' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ResourceSetName') as resource_set_name, + json_extract_path_text(Properties, 'ReadinessCheckName') as readiness_check_name, + json_extract_path_text(Properties, 'ReadinessCheckArn') as readiness_check_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::ReadinessCheck' + AND data__Identifier = '' + AND region = 'us-east-1' + recovery_groups: + name: recovery_groups + id: aws.route53recoveryreadiness.recovery_groups + x-cfn-schema-name: RecoveryGroup + x-type: list + x-identifiers: + - RecoveryGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RecoveryGroupName') as recovery_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::RecoveryGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RecoveryGroupName') as recovery_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::RecoveryGroup' + AND region = 'us-east-1' + recovery_group: + name: recovery_group + id: aws.route53recoveryreadiness.recovery_group + x-cfn-schema-name: RecoveryGroup + x-type: get + x-identifiers: + - RecoveryGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RecoveryGroupName') as recovery_group_name, + JSON_EXTRACT(Properties, '$.Cells') as cells, + JSON_EXTRACT(Properties, '$.RecoveryGroupArn') as recovery_group_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::RecoveryGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RecoveryGroupName') as recovery_group_name, + json_extract_path_text(Properties, 'Cells') as cells, + json_extract_path_text(Properties, 'RecoveryGroupArn') as recovery_group_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::RecoveryGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + resource_sets: + name: resource_sets + id: aws.route53recoveryreadiness.resource_sets + x-cfn-schema-name: ResourceSet + x-type: list + x-identifiers: + - ResourceSetName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ResourceSetName') as resource_set_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::ResourceSet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ResourceSetName') as resource_set_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::ResourceSet' + AND region = 'us-east-1' + resource_set: + name: resource_set + id: aws.route53recoveryreadiness.resource_set + x-cfn-schema-name: ResourceSet + x-type: get + x-identifiers: + - ResourceSetName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ResourceSetName') as resource_set_name, + JSON_EXTRACT(Properties, '$.Resources') as resources, + JSON_EXTRACT(Properties, '$.ResourceSetArn') as resource_set_arn, + JSON_EXTRACT(Properties, '$.ResourceSetType') as resource_set_type, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::ResourceSet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ResourceSetName') as resource_set_name, + json_extract_path_text(Properties, 'Resources') as resources, + json_extract_path_text(Properties, 'ResourceSetArn') as resource_set_arn, + json_extract_path_text(Properties, 'ResourceSetType') as resource_set_type, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53RecoveryReadiness::ResourceSet' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/route53resolver.yaml b/providers/src/aws/v00.00.00000/services/route53resolver.yaml new file mode 100644 index 00000000..ea1a0ee3 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/route53resolver.yaml @@ -0,0 +1,1767 @@ +openapi: 3.0.0 +info: + title: Route53Resolver + version: 1.0.0 +paths: {} +components: + schemas: + Domains: + description: An inline list of domains to use for this domain list. + type: array + uniqueItems: true + items: + description: FirewallDomainName + type: string + minLength: 1 + maxLength: 255 + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Value + - Key + FirewallDomainList: + type: object + properties: + Id: + description: ResourceId + type: string + minLength: 1 + maxLength: 64 + Arn: + description: Arn + type: string + minLength: 1 + maxLength: 600 + Name: + description: FirewallDomainListName + type: string + pattern: (?!^[0-9]+$)([a-zA-Z0-9\-_' ']+) + minLength: 1 + maxLength: 64 + DomainCount: + description: Count + type: integer + minimum: 0 + Status: + description: ResolverFirewallDomainList, possible values are COMPLETE, DELETING, UPDATING, COMPLETE_IMPORT_FAILED, IMPORTING, and INACTIVE_OWNER_ACCOUNT_CLOSED. + type: string + enum: + - COMPLETE + - DELETING + - UPDATING + - COMPLETE_IMPORT_FAILED + - IMPORTING + - INACTIVE_OWNER_ACCOUNT_CLOSED + StatusMessage: + description: FirewallDomainListAssociationStatus + type: string + ManagedOwnerName: + description: ServicePrincipal + type: string + minLength: 1 + maxLength: 512 + CreatorRequestId: + description: The id of the creator request. + type: string + minLength: 1 + maxLength: 255 + CreationTime: + description: Rfc3339TimeString + type: string + minLength: 20 + maxLength: 40 + ModificationTime: + description: Rfc3339TimeString + type: string + minLength: 20 + maxLength: 40 + Domains: + $ref: '#/components/schemas/Domains' + DomainFileUrl: + description: S3 URL to import domains from. + type: string + minLength: 1 + maxLength: 1024 + Tags: + description: Tags + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: firewall_domain_list + description: Resource schema for AWS::Route53Resolver::FirewallDomainList. + x-type-name: AWS::Route53Resolver::FirewallDomainList + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Name + x-write-only-properties: + - Domains + - DomainFileUrl + x-read-only-properties: + - Id + - Arn + - DomainCount + - Status + - StatusMessage + - ManagedOwnerName + - CreatorRequestId + - CreationTime + - ModificationTime + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - route53resolver:* + - ec2:* + - logs:* + - iam:* + - lambda:* + - s3:* + list: + - route53resolver:* + - ec2:* + - logs:* + - iam:* + - lambda:* + - s3:* + read: + - route53resolver:* + - ec2:* + - logs:* + - iam:* + - lambda:* + - s3:* + delete: + - route53resolver:* + - ec2:* + - logs:* + - iam:* + - lambda:* + - s3:* + update: + - route53resolver:* + - ec2:* + - logs:* + - iam:* + - lambda:* + - s3:* + FirewallRule: + description: Firewall Rule associating the Rule Group to a Domain List + type: object + properties: + FirewallDomainListId: + description: ResourceId + type: string + minLength: 1 + maxLength: 64 + Priority: + description: Rule Priority + type: integer + Action: + description: Rule Action + type: string + enum: + - ALLOW + - BLOCK + - ALERT + BlockResponse: + description: BlockResponse + type: string + enum: + - NODATA + - NXDOMAIN + - OVERRIDE + BlockOverrideDomain: + description: BlockOverrideDomain + type: string + minLength: 1 + maxLength: 255 + BlockOverrideDnsType: + description: BlockOverrideDnsType + type: string + enum: + - CNAME + BlockOverrideTtl: + description: BlockOverrideTtl + type: integer + minimum: 0 + maximum: 604800 + Qtype: + description: Qtype + type: string + minLength: 1 + maxLength: 16 + required: + - FirewallDomainListId + - Priority + - Action + additionalProperties: false + FirewallRuleGroup: + type: object + properties: + Id: + description: ResourceId + type: string + minLength: 1 + maxLength: 64 + Arn: + description: Arn + type: string + minLength: 1 + maxLength: 600 + Name: + description: FirewallRuleGroupName + type: string + pattern: (?!^[0-9]+$)([a-zA-Z0-9\-_' ']+) + minLength: 1 + maxLength: 64 + RuleCount: + description: Count + type: integer + Status: + description: ResolverFirewallRuleGroupAssociation, possible values are COMPLETE, DELETING, UPDATING, and INACTIVE_OWNER_ACCOUNT_CLOSED. + type: string + enum: + - COMPLETE + - DELETING + - UPDATING + - INACTIVE_OWNER_ACCOUNT_CLOSED + StatusMessage: + description: FirewallRuleGroupStatus + type: string + OwnerId: + description: AccountId + type: string + minLength: 12 + maxLength: 32 + ShareStatus: + description: ShareStatus, possible values are NOT_SHARED, SHARED_WITH_ME, SHARED_BY_ME. + type: string + enum: + - NOT_SHARED + - SHARED_WITH_ME + - SHARED_BY_ME + CreatorRequestId: + description: The id of the creator request. + type: string + minLength: 1 + maxLength: 255 + CreationTime: + description: Rfc3339TimeString + type: string + minLength: 20 + maxLength: 40 + ModificationTime: + description: Rfc3339TimeString + type: string + minLength: 20 + maxLength: 40 + FirewallRules: + description: FirewallRules + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/FirewallRule' + Tags: + description: Tags + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: firewall_rule_group + description: Resource schema for AWS::Route53Resolver::FirewallRuleGroup. + x-type-name: AWS::Route53Resolver::FirewallRuleGroup + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Name + x-read-only-properties: + - Id + - Arn + - RuleCount + - Status + - StatusMessage + - OwnerId + - ShareStatus + - CreatorRequestId + - CreationTime + - ModificationTime + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - route53resolver:* + - ec2:* + - logs:* + - iam:* + - lambda:* + - s3:* + read: + - route53resolver:* + - ec2:* + - logs:* + - iam:* + - lambda:* + - s3:* + list: + - route53resolver:* + - ec2:* + - logs:* + - iam:* + - lambda:* + - s3:* + delete: + - route53resolver:* + - ec2:* + - logs:* + - iam:* + - lambda:* + - s3:* + update: + - route53resolver:* + - ec2:* + - logs:* + - iam:* + - lambda:* + - s3:* + FirewallRuleGroupAssociation: + type: object + properties: + Id: + description: Id + type: string + minLength: 1 + maxLength: 64 + Arn: + description: Arn + type: string + minLength: 1 + maxLength: 600 + FirewallRuleGroupId: + description: FirewallRuleGroupId + type: string + minLength: 1 + maxLength: 64 + VpcId: + description: VpcId + type: string + minLength: 1 + maxLength: 64 + Name: + description: FirewallRuleGroupAssociationName + type: string + pattern: (?!^[0-9]+$)([a-zA-Z0-9\-_' ']+) + minLength: 0 + maxLength: 64 + Priority: + description: Priority + type: integer + MutationProtection: + description: MutationProtectionStatus + type: string + enum: + - ENABLED + - DISABLED + ManagedOwnerName: + description: ServicePrincipal + type: string + minLength: 1 + maxLength: 512 + Status: + description: ResolverFirewallRuleGroupAssociation, possible values are COMPLETE, DELETING, UPDATING, and INACTIVE_OWNER_ACCOUNT_CLOSED. + type: string + enum: + - COMPLETE + - DELETING + - UPDATING + - INACTIVE_OWNER_ACCOUNT_CLOSED + StatusMessage: + description: FirewallDomainListAssociationStatus + type: string + CreatorRequestId: + description: The id of the creator request. + type: string + minLength: 1 + maxLength: 255 + CreationTime: + description: Rfc3339TimeString + type: string + minLength: 20 + maxLength: 40 + ModificationTime: + description: Rfc3339TimeString + type: string + minLength: 20 + maxLength: 40 + Tags: + description: Tags + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + required: + - FirewallRuleGroupId + - VpcId + - Priority + x-stackql-resource-name: firewall_rule_group_association + description: Resource schema for AWS::Route53Resolver::FirewallRuleGroupAssociation. + x-type-name: AWS::Route53Resolver::FirewallRuleGroupAssociation + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - FirewallRuleGroupId + - VpcId + x-read-only-properties: + - Id + - Arn + - ManagedOwnerName + - Status + - StatusMessage + - CreatorRequestId + - CreationTime + - ModificationTime + x-required-properties: + - FirewallRuleGroupId + - VpcId + - Priority + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - route53resolver:* + - ec2:* + - logs:* + - iam:* + - lambda:* + - s3:* + read: + - route53resolver:* + - ec2:* + - logs:* + - iam:* + - lambda:* + - s3:* + list: + - route53resolver:* + - ec2:* + - logs:* + - iam:* + - lambda:* + - s3:* + delete: + - route53resolver:* + - ec2:* + - logs:* + - iam:* + - lambda:* + - s3:* + update: + - route53resolver:* + - ec2:* + - logs:* + - iam:* + - lambda:* + - s3:* + OutpostResolver: + type: object + properties: + Id: + description: Id + type: string + minLength: 1 + maxLength: 64 + CreatorRequestId: + description: The id of the creator request. + type: string + minLength: 1 + maxLength: 255 + Name: + description: The OutpostResolver name. + type: string + minLength: 1 + maxLength: 255 + Arn: + description: The OutpostResolver ARN. + type: string + minLength: 1 + maxLength: 1024 + OutpostArn: + description: The Outpost ARN. + type: string + minLength: 1 + maxLength: 1024 + PreferredInstanceType: + description: The OutpostResolver instance type. + type: string + minLength: 1 + maxLength: 255 + Status: + description: The OutpostResolver status, possible values are CREATING, OPERATIONAL, UPDATING, DELETING, ACTION_NEEDED, FAILED_CREATION and FAILED_DELETION. + type: string + enum: + - CREATING + - OPERATIONAL + - DELETING + - UPDATING + - ACTION_NEEDED + - FAILED_CREATION + - FAILED_DELETION + StatusMessage: + description: The OutpostResolver status message. + type: string + InstanceCount: + description: The number of OutpostResolvers. + type: integer + minimum: 4 + maximum: 256 + CreationTime: + description: The OutpostResolver creation time + type: string + minLength: 20 + maxLength: 40 + ModificationTime: + description: The OutpostResolver last modified time + type: string + minLength: 20 + maxLength: 40 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - OutpostArn + - PreferredInstanceType + - Name + x-stackql-resource-name: outpost_resolver + description: Resource schema for AWS::Route53Resolver::OutpostResolver. + x-type-name: AWS::Route53Resolver::OutpostResolver + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - OutpostArn + x-read-only-properties: + - Id + - Arn + - Status + - StatusMessage + - CreationTime + - ModificationTime + - CreatorRequestId + x-required-properties: + - OutpostArn + - PreferredInstanceType + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - route53resolver:CreateOutpostResolver + - route53resolver:GetOutpostResolver + - route53resolver:ListTagsForResource + - outposts:GetOutpost + read: + - route53resolver:GetOutpostResolver + - route53resolver:ListTagsForResource + update: + - route53resolver:UpdateOutpostResolver + - route53resolver:GetOutpostResolver + - route53resolver:UntagResource + - route53resolver:TagResource + - route53resolver:ListTagsForResource + delete: + - route53resolver:DeleteOutpostResolver + - route53resolver:GetOutpostResolver + - route53resolver:ListOutpostResolvers + - route53resolver:ListResolverEndpoints + list: + - route53resolver:ListOutpostResolvers + - route53resolver:ListTagsForResource + ResolverConfig: + type: object + properties: + Id: + description: Id + type: string + minLength: 1 + maxLength: 64 + OwnerId: + description: AccountId + type: string + minLength: 12 + maxLength: 32 + ResourceId: + description: ResourceId + type: string + minLength: 1 + maxLength: 64 + AutodefinedReverse: + description: ResolverAutodefinedReverseStatus, possible values are ENABLING, ENABLED, DISABLING AND DISABLED. + type: string + enum: + - ENABLING + - ENABLED + - DISABLING + - DISABLED + AutodefinedReverseFlag: + description: Represents the desired status of AutodefinedReverse. The only supported value on creation is DISABLE. Deletion of this resource will return AutodefinedReverse to its default value (ENABLED). + type: string + enum: + - DISABLE + required: + - ResourceId + - AutodefinedReverseFlag + x-stackql-resource-name: resolver_config + description: Resource schema for AWS::Route53Resolver::ResolverConfig. + x-type-name: AWS::Route53Resolver::ResolverConfig + x-stackql-primary-identifier: + - ResourceId + x-create-only-properties: + - ResourceId + - AutodefinedReverseFlag + x-read-only-properties: + - OwnerId + - Id + - AutodefinedReverse + x-required-properties: + - ResourceId + - AutodefinedReverseFlag + x-required-permissions: + create: + - route53resolver:UpdateResolverConfig + - route53resolver:GetResolverConfig + - ec2:DescribeVpcs + read: + - route53resolver:GetResolverConfig + - ec2:DescribeVpcs + delete: + - route53resolver:UpdateResolverConfig + - route53resolver:ListResolverConfigs + - ec2:DescribeVpcs + list: + - route53resolver:ListResolverConfigs + - ec2:DescribeVpcs + ResolverDNSSECConfig: + type: object + properties: + Id: + description: Id + type: string + minLength: 1 + maxLength: 64 + OwnerId: + description: AccountId + type: string + minLength: 12 + maxLength: 32 + ResourceId: + description: ResourceId + type: string + minLength: 1 + maxLength: 64 + ValidationStatus: + description: ResolverDNSSECValidationStatus, possible values are ENABLING, ENABLED, DISABLING AND DISABLED. + type: string + enum: + - ENABLING + - ENABLED + - DISABLING + - DISABLED + x-stackql-resource-name: resolverdnssec_config + description: Resource schema for AWS::Route53Resolver::ResolverDNSSECConfig. + x-type-name: AWS::Route53Resolver::ResolverDNSSECConfig + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - ResourceId + x-read-only-properties: + - OwnerId + - Id + - ValidationStatus + x-tagging: + taggable: false + x-required-permissions: + create: + - resolverdnssec:CreateConfig + - route53resolver:UpdateResolverDnssecConfig + - route53resolver:GetResolverDnssecConfig + - ec2:DescribeVpcs + read: + - resolverdnssec:GetConfig + - route53resolver:ListResolverDnssecConfigs + delete: + - resolverdnssec:DeleteConfig + - route53resolver:UpdateResolverDnssecConfig + - route53resolver:ListResolverDnssecConfigs + - ec2:DescribeVpcs + list: + - resolverdnssec:ListConfig + - route53resolver:ListResolverDnssecConfigs + ResolverQueryLoggingConfig: + type: object + properties: + Id: + description: ResourceId + type: string + minLength: 1 + maxLength: 64 + OwnerId: + description: AccountId + type: string + minLength: 12 + maxLength: 32 + Status: + description: ResolverQueryLogConfigStatus, possible values are CREATING, CREATED, DELETED AND FAILED. + type: string + enum: + - CREATING + - CREATED + - DELETING + - FAILED + ShareStatus: + description: ShareStatus, possible values are NOT_SHARED, SHARED_WITH_ME, SHARED_BY_ME. + type: string + enum: + - NOT_SHARED + - SHARED_WITH_ME + - SHARED_BY_ME + AssociationCount: + description: Count + type: integer + Arn: + description: Arn + type: string + minLength: 1 + maxLength: 600 + Name: + description: ResolverQueryLogConfigName + type: string + pattern: (?!^[0-9]+$)([a-zA-Z0-9\-_' ']+) + minLength: 1 + maxLength: 64 + CreatorRequestId: + description: The id of the creator request. + type: string + minLength: 1 + maxLength: 255 + DestinationArn: + description: destination arn + type: string + minLength: 1 + maxLength: 600 + CreationTime: + description: Rfc3339TimeString + type: string + minLength: 20 + maxLength: 40 + x-stackql-resource-name: resolver_query_logging_config + description: Resource schema for AWS::Route53Resolver::ResolverQueryLoggingConfig. + x-type-name: AWS::Route53Resolver::ResolverQueryLoggingConfig + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Name + - DestinationArn + x-read-only-properties: + - OwnerId + - Status + - ShareStatus + - AssociationCount + - Arn + - CreatorRequestId + - CreationTime + - Id + x-required-permissions: + create: + - resolverquerylogging:CreateConfig + - resolverquerylogging:GetConfig + - route53resolver:CreateResolverQueryLogConfig + - route53resolver:GetResolverQueryLogConfig + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - iam:CreateServiceLinkedRole + read: + - resolverquerylogging:GetConfig + - route53resolver:GetResolverQueryLogConfig + delete: + - resolverquerylogging:DeleteConfig + - resolverquerylogging:ListConfig + - route53resolver:DeleteResolverQueryLogConfig + - route53resolver:ListResolverQueryLogConfigs + list: + - resolverquerylogging:ListConfig + - route53resolver:ListResolverQueryLogConfigs + ResolverQueryLoggingConfigAssociation: + type: object + properties: + Id: + description: Id + type: string + minLength: 1 + maxLength: 64 + ResolverQueryLogConfigId: + description: ResolverQueryLogConfigId + type: string + minLength: 1 + maxLength: 64 + ResourceId: + description: ResourceId + type: string + minLength: 1 + maxLength: 64 + Status: + description: ResolverQueryLogConfigAssociationStatus + type: string + enum: + - CREATING + - ACTIVE + - ACTION_NEEDED + - DELETING + - FAILED + - OVERRIDDEN + Error: + description: ResolverQueryLogConfigAssociationError + type: string + enum: + - NONE + - DESTINATION_NOT_FOUND + - ACCESS_DENIED + ErrorMessage: + description: ResolverQueryLogConfigAssociationErrorMessage + type: string + CreationTime: + description: Rfc3339TimeString + type: string + minLength: 20 + maxLength: 40 + x-stackql-resource-name: resolver_query_logging_config_association + description: Resource schema for AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation. + x-type-name: AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - ResolverQueryLogConfigId + - ResourceId + x-read-only-properties: + - Status + - Error + - ErrorMessage + - CreationTime + - Id + x-required-permissions: + create: + - resolverquerylogging:AssociateConfig + - resolverquerylogging:GetConfigAssociation + - route53resolver:AssociateResolverQueryLogConfig + - ec2:DescribeVpcs + - route53resolver:GetResolverQueryLogConfigAssociation + read: + - resolverquerylogging:GetConfigAssociation + - route53resolver:GetResolverQueryLogConfigAssociation + delete: + - resolverquerylogging:DisassociateConfig + - resolverquerylogging:ListConfigAssociation + - route53resolver:DisassociateResolverQueryLogConfig + - route53resolver:ListResolverQueryLogConfigAssociations + - route53resolver:GetResolverQueryLogConfigAssociation + list: + - resolverquerylogging:ListConfigAssociations + - route53resolver:ListResolverQueryLogConfigAssociations + TargetAddress: + type: object + additionalProperties: false + properties: + Ip: + type: string + description: 'One IP address that you want to forward DNS queries to. You can specify only IPv4 addresses. ' + Ipv6: + type: string + description: 'One IPv6 address that you want to forward DNS queries to. You can specify only IPv6 addresses. ' + Port: + type: string + description: 'The port at Ip that you want to forward DNS queries to. ' + minLength: 0 + maxLength: 65535 + Protocol: + type: string + description: 'The protocol that you want to use to forward DNS queries. ' + enum: + - Do53 + - DoH + ResolverRule: + type: object + properties: + ResolverEndpointId: + type: string + description: The ID of the endpoint that the rule is associated with. + minLength: 1 + maxLength: 64 + DomainName: + type: string + description: DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps + minLength: 1 + maxLength: 256 + Name: + type: string + description: The name for the Resolver rule + minLength: 0 + maxLength: 64 + RuleType: + type: string + description: When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD. When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM. + enum: + - FORWARD + - SYSTEM + - RECURSIVE + Tags: + type: array + description: An array of key-value pairs to apply to this resource. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + TargetIps: + type: array + description: An array that contains the IP addresses and ports that an outbound endpoint forwards DNS queries to. Typically, these are the IP addresses of DNS resolvers on your network. Specify IPv4 addresses. IPv6 is not supported. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/TargetAddress' + Arn: + type: string + description: The Amazon Resource Name (ARN) of the resolver rule. + ResolverRuleId: + type: string + description: The ID of the endpoint that the rule is associated with. + required: + - DomainName + - RuleType + x-stackql-resource-name: resolver_rule + description: Resource Type definition for AWS::Route53Resolver::ResolverRule + x-type-name: AWS::Route53Resolver::ResolverRule + x-stackql-primary-identifier: + - ResolverRuleId + x-create-only-properties: + - RuleType + x-conditional-create-only-properties: + - DomainName + x-read-only-properties: + - Arn + - ResolverRuleId + x-required-properties: + - DomainName + - RuleType + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - route53resolver:CreateResolverRule + - route53resolver:GetResolverRule + - route53resolver:ListTagsForResource + - route53resolver:TagResource + read: + - route53resolver:GetResolverRule + - route53resolver:ListTagsForResource + update: + - route53resolver:UpdateResolverRule + - route53resolver:GetResolverRule + - route53resolver:ListTagsForResource + - route53resolver:TagResource + - route53resolver:UntagResource + delete: + - route53resolver:DeleteResolverRule + - route53resolver:GetResolverRule + list: + - route53resolver:ListResolverRules + ResolverRuleAssociation: + type: object + properties: + VPCId: + description: The ID of the VPC that you associated the Resolver rule with. + type: string + ResolverRuleId: + description: The ID of the Resolver rule that you associated with the VPC that is specified by ``VPCId``. + type: string + ResolverRuleAssociationId: + description: '' + type: string + Name: + description: The name of an association between a Resolver rule and a VPC. + type: string + required: + - VPCId + - ResolverRuleId + x-stackql-resource-name: resolver_rule_association + description: >- + In the response to an [AssociateResolverRule](https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverRule.html), [DisassociateResolverRule](https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DisassociateResolverRule.html), or [ListResolverRuleAssociations](https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html) request, provides information about an association between a + resolver rule and a VPC. The association determines which DNS queries that originate in the VPC are forwarded to your network. + x-type-name: AWS::Route53Resolver::ResolverRuleAssociation + x-stackql-primary-identifier: + - ResolverRuleAssociationId + x-create-only-properties: + - Name + - VPCId + - ResolverRuleId + x-read-only-properties: + - ResolverRuleAssociationId + x-required-properties: + - VPCId + - ResolverRuleId + x-required-permissions: + create: + - route53resolver:AssociateResolverRule + - route53resolver:GetResolverRuleAssociation + - ec2:DescribeVpcs + read: + - route53resolver:GetResolverRuleAssociation + delete: + - route53resolver:DisassociateResolverRule + - route53resolver:GetResolverRuleAssociation + list: + - route53resolver:ListResolverRuleAssociations + x-stackQL-resources: + firewall_domain_lists: + name: firewall_domain_lists + id: aws.route53resolver.firewall_domain_lists + x-cfn-schema-name: FirewallDomainList + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::FirewallDomainList' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::FirewallDomainList' + AND region = 'us-east-1' + firewall_domain_list: + name: firewall_domain_list + id: aws.route53resolver.firewall_domain_list + x-cfn-schema-name: FirewallDomainList + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.DomainCount') as domain_count, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusMessage') as status_message, + JSON_EXTRACT(Properties, '$.ManagedOwnerName') as managed_owner_name, + JSON_EXTRACT(Properties, '$.CreatorRequestId') as creator_request_id, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.ModificationTime') as modification_time, + JSON_EXTRACT(Properties, '$.Domains') as domains, + JSON_EXTRACT(Properties, '$.DomainFileUrl') as domain_file_url, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::FirewallDomainList' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'DomainCount') as domain_count, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusMessage') as status_message, + json_extract_path_text(Properties, 'ManagedOwnerName') as managed_owner_name, + json_extract_path_text(Properties, 'CreatorRequestId') as creator_request_id, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'ModificationTime') as modification_time, + json_extract_path_text(Properties, 'Domains') as domains, + json_extract_path_text(Properties, 'DomainFileUrl') as domain_file_url, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::FirewallDomainList' + AND data__Identifier = '' + AND region = 'us-east-1' + firewall_rule_groups: + name: firewall_rule_groups + id: aws.route53resolver.firewall_rule_groups + x-cfn-schema-name: FirewallRuleGroup + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::FirewallRuleGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::FirewallRuleGroup' + AND region = 'us-east-1' + firewall_rule_group: + name: firewall_rule_group + id: aws.route53resolver.firewall_rule_group + x-cfn-schema-name: FirewallRuleGroup + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RuleCount') as rule_count, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusMessage') as status_message, + JSON_EXTRACT(Properties, '$.OwnerId') as owner_id, + JSON_EXTRACT(Properties, '$.ShareStatus') as share_status, + JSON_EXTRACT(Properties, '$.CreatorRequestId') as creator_request_id, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.ModificationTime') as modification_time, + JSON_EXTRACT(Properties, '$.FirewallRules') as firewall_rules, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::FirewallRuleGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RuleCount') as rule_count, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusMessage') as status_message, + json_extract_path_text(Properties, 'OwnerId') as owner_id, + json_extract_path_text(Properties, 'ShareStatus') as share_status, + json_extract_path_text(Properties, 'CreatorRequestId') as creator_request_id, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'ModificationTime') as modification_time, + json_extract_path_text(Properties, 'FirewallRules') as firewall_rules, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::FirewallRuleGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + firewall_rule_group_associations: + name: firewall_rule_group_associations + id: aws.route53resolver.firewall_rule_group_associations + x-cfn-schema-name: FirewallRuleGroupAssociation + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::FirewallRuleGroupAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::FirewallRuleGroupAssociation' + AND region = 'us-east-1' + firewall_rule_group_association: + name: firewall_rule_group_association + id: aws.route53resolver.firewall_rule_group_association + x-cfn-schema-name: FirewallRuleGroupAssociation + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.FirewallRuleGroupId') as firewall_rule_group_id, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Priority') as priority, + JSON_EXTRACT(Properties, '$.MutationProtection') as mutation_protection, + JSON_EXTRACT(Properties, '$.ManagedOwnerName') as managed_owner_name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusMessage') as status_message, + JSON_EXTRACT(Properties, '$.CreatorRequestId') as creator_request_id, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.ModificationTime') as modification_time, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::FirewallRuleGroupAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'FirewallRuleGroupId') as firewall_rule_group_id, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Priority') as priority, + json_extract_path_text(Properties, 'MutationProtection') as mutation_protection, + json_extract_path_text(Properties, 'ManagedOwnerName') as managed_owner_name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusMessage') as status_message, + json_extract_path_text(Properties, 'CreatorRequestId') as creator_request_id, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'ModificationTime') as modification_time, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::FirewallRuleGroupAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + outpost_resolvers: + name: outpost_resolvers + id: aws.route53resolver.outpost_resolvers + x-cfn-schema-name: OutpostResolver + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::OutpostResolver' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::OutpostResolver' + AND region = 'us-east-1' + outpost_resolver: + name: outpost_resolver + id: aws.route53resolver.outpost_resolver + x-cfn-schema-name: OutpostResolver + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.CreatorRequestId') as creator_request_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.OutpostArn') as outpost_arn, + JSON_EXTRACT(Properties, '$.PreferredInstanceType') as preferred_instance_type, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusMessage') as status_message, + JSON_EXTRACT(Properties, '$.InstanceCount') as instance_count, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.ModificationTime') as modification_time, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::OutpostResolver' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'CreatorRequestId') as creator_request_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'OutpostArn') as outpost_arn, + json_extract_path_text(Properties, 'PreferredInstanceType') as preferred_instance_type, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusMessage') as status_message, + json_extract_path_text(Properties, 'InstanceCount') as instance_count, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'ModificationTime') as modification_time, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::OutpostResolver' + AND data__Identifier = '' + AND region = 'us-east-1' + resolver_configs: + name: resolver_configs + id: aws.route53resolver.resolver_configs + x-cfn-schema-name: ResolverConfig + x-type: list + x-identifiers: + - ResourceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::ResolverConfig' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ResourceId') as resource_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::ResolverConfig' + AND region = 'us-east-1' + resolver_config: + name: resolver_config + id: aws.route53resolver.resolver_config + x-cfn-schema-name: ResolverConfig + x-type: get + x-identifiers: + - ResourceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.OwnerId') as owner_id, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, + JSON_EXTRACT(Properties, '$.AutodefinedReverse') as autodefined_reverse, + JSON_EXTRACT(Properties, '$.AutodefinedReverseFlag') as autodefined_reverse_flag + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::ResolverConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'OwnerId') as owner_id, + json_extract_path_text(Properties, 'ResourceId') as resource_id, + json_extract_path_text(Properties, 'AutodefinedReverse') as autodefined_reverse, + json_extract_path_text(Properties, 'AutodefinedReverseFlag') as autodefined_reverse_flag + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::ResolverConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + resolverdnssec_configs: + name: resolverdnssec_configs + id: aws.route53resolver.resolverdnssec_configs + x-cfn-schema-name: ResolverDNSSECConfig + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::ResolverDNSSECConfig' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::ResolverDNSSECConfig' + AND region = 'us-east-1' + resolverdnssec_config: + name: resolverdnssec_config + id: aws.route53resolver.resolverdnssec_config + x-cfn-schema-name: ResolverDNSSECConfig + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.OwnerId') as owner_id, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, + JSON_EXTRACT(Properties, '$.ValidationStatus') as validation_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::ResolverDNSSECConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'OwnerId') as owner_id, + json_extract_path_text(Properties, 'ResourceId') as resource_id, + json_extract_path_text(Properties, 'ValidationStatus') as validation_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::ResolverDNSSECConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + resolver_query_logging_configs: + name: resolver_query_logging_configs + id: aws.route53resolver.resolver_query_logging_configs + x-cfn-schema-name: ResolverQueryLoggingConfig + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::ResolverQueryLoggingConfig' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::ResolverQueryLoggingConfig' + AND region = 'us-east-1' + resolver_query_logging_config: + name: resolver_query_logging_config + id: aws.route53resolver.resolver_query_logging_config + x-cfn-schema-name: ResolverQueryLoggingConfig + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.OwnerId') as owner_id, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.ShareStatus') as share_status, + JSON_EXTRACT(Properties, '$.AssociationCount') as association_count, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.CreatorRequestId') as creator_request_id, + JSON_EXTRACT(Properties, '$.DestinationArn') as destination_arn, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::ResolverQueryLoggingConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'OwnerId') as owner_id, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'ShareStatus') as share_status, + json_extract_path_text(Properties, 'AssociationCount') as association_count, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'CreatorRequestId') as creator_request_id, + json_extract_path_text(Properties, 'DestinationArn') as destination_arn, + json_extract_path_text(Properties, 'CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::ResolverQueryLoggingConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + resolver_query_logging_config_associations: + name: resolver_query_logging_config_associations + id: aws.route53resolver.resolver_query_logging_config_associations + x-cfn-schema-name: ResolverQueryLoggingConfigAssociation + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation' + AND region = 'us-east-1' + resolver_query_logging_config_association: + name: resolver_query_logging_config_association + id: aws.route53resolver.resolver_query_logging_config_association + x-cfn-schema-name: ResolverQueryLoggingConfigAssociation + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ResolverQueryLogConfigId') as resolver_query_log_config_id, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Error') as error, + JSON_EXTRACT(Properties, '$.ErrorMessage') as error_message, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ResolverQueryLogConfigId') as resolver_query_log_config_id, + json_extract_path_text(Properties, 'ResourceId') as resource_id, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Error') as error, + json_extract_path_text(Properties, 'ErrorMessage') as error_message, + json_extract_path_text(Properties, 'CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + resolver_rules: + name: resolver_rules + id: aws.route53resolver.resolver_rules + x-cfn-schema-name: ResolverRule + x-type: list + x-identifiers: + - ResolverRuleId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ResolverRuleId') as resolver_rule_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::ResolverRule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ResolverRuleId') as resolver_rule_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::ResolverRule' + AND region = 'us-east-1' + resolver_rule: + name: resolver_rule + id: aws.route53resolver.resolver_rule + x-cfn-schema-name: ResolverRule + x-type: get + x-identifiers: + - ResolverRuleId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ResolverEndpointId') as resolver_endpoint_id, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RuleType') as rule_type, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TargetIps') as target_ips, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ResolverRuleId') as resolver_rule_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::ResolverRule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ResolverEndpointId') as resolver_endpoint_id, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RuleType') as rule_type, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TargetIps') as target_ips, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ResolverRuleId') as resolver_rule_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::ResolverRule' + AND data__Identifier = '' + AND region = 'us-east-1' + resolver_rule_associations: + name: resolver_rule_associations + id: aws.route53resolver.resolver_rule_associations + x-cfn-schema-name: ResolverRuleAssociation + x-type: list + x-identifiers: + - ResolverRuleAssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ResolverRuleAssociationId') as resolver_rule_association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::ResolverRuleAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ResolverRuleAssociationId') as resolver_rule_association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Route53Resolver::ResolverRuleAssociation' + AND region = 'us-east-1' + resolver_rule_association: + name: resolver_rule_association + id: aws.route53resolver.resolver_rule_association + x-cfn-schema-name: ResolverRuleAssociation + x-type: get + x-identifiers: + - ResolverRuleAssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.VPCId') as vpc_id, + JSON_EXTRACT(Properties, '$.ResolverRuleId') as resolver_rule_id, + JSON_EXTRACT(Properties, '$.ResolverRuleAssociationId') as resolver_rule_association_id, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::ResolverRuleAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'VPCId') as vpc_id, + json_extract_path_text(Properties, 'ResolverRuleId') as resolver_rule_id, + json_extract_path_text(Properties, 'ResolverRuleAssociationId') as resolver_rule_association_id, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::ResolverRuleAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/rum.yaml b/providers/src/aws/v00.00.00000/services/rum.yaml new file mode 100644 index 00000000..9753f6be --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/rum.yaml @@ -0,0 +1,461 @@ +openapi: 3.0.0 +info: + title: RUM + version: 1.0.0 +paths: {} +components: + schemas: + AppMonitorConfiguration: + description: AppMonitor configuration + type: object + additionalProperties: false + properties: + IdentityPoolId: + description: The ID of the identity pool that is used to authorize the sending of data to RUM. + minLength: 1 + maxLength: 55 + pattern: '[\w-]+:[0-9a-f-]+' + type: string + ExcludedPages: + description: A list of URLs in your website or application to exclude from RUM data collection. You can't include both ExcludedPages and IncludedPages in the same operation. + $ref: '#/components/schemas/Pages' + IncludedPages: + description: If this app monitor is to collect data from only certain pages in your application, this structure lists those pages. You can't include both ExcludedPages and IncludedPages in the same operation. + $ref: '#/components/schemas/Pages' + FavoritePages: + description: A list of pages in the RUM console that are to be displayed with a favorite icon. + $ref: '#/components/schemas/FavoritePages' + SessionSampleRate: + description: Specifies the percentage of user sessions to use for RUM data collection. Choosing a higher percentage gives you more data but also incurs more costs. The number you specify is the percentage of user sessions that will be used. If you omit this parameter, the default of 10 is used. + type: number + minimum: 0 + maximum: 1 + GuestRoleArn: + description: The ARN of the guest IAM role that is attached to the identity pool that is used to authorize the sending of data to RUM. + $ref: '#/components/schemas/Arn' + AllowCookies: + description: If you set this to true, the RUM web client sets two cookies, a session cookie and a user cookie. The cookies allow the RUM web client to collect data relating to the number of users an application has and the behavior of the application across a sequence of events. Cookies are stored in the top-level domain of the current page. + type: boolean + Telemetries: + description: An array that lists the types of telemetry data that this app monitor is to collect. + type: array + items: + $ref: '#/components/schemas/Telemetry' + x-insertionOrder: false + EnableXRay: + description: If you set this to true, RUM enables xray tracing for the user sessions that RUM samples. RUM adds an xray trace header to allowed HTTP requests. It also records an xray segment for allowed HTTP requests. You can see traces and segments from these user sessions in the xray console and the CW ServiceLens console. + type: boolean + MetricDestinations: + description: An array of structures which define the destinations and the metrics that you want to send. + type: array + minItems: 0 + maxItems: 20 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/MetricDestination' + TagDef: + description: Assigns one or more tags (key-value pairs) to the app monitor. Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values. Tags don't have any semantic meaning to AWS and are interpreted strictly as strings of characters.You can associate as many as 50 tags with an app monitor. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Tag: + description: A key-value pair to associate with a resource. + additionalProperties: false + type: object + properties: + Key: + type: string + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 0 + maxLength: 256 + required: + - Value + - Key + Pages: + type: array + description: List of url pages + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Url' + x-insertionOrder: false + FavoritePages: + type: array + description: List of favorite pages + minItems: 0 + maxItems: 50 + items: + type: string + x-insertionOrder: false + Url: + description: Page Url + type: string + pattern: https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*) + minLength: 1 + maxLength: 1260 + Arn: + description: Resource ARN + type: string + pattern: arn:[^:]*:[^:]*:[^:]*:[^:]*:.* + Telemetry: + type: string + enum: + - errors + - performance + - http + MetricDestination: + description: An structure which defines the destination and the metrics that you want to send. + additionalProperties: false + type: object + properties: + Destination: + description: Defines the destination to send the metrics to. Valid values are CloudWatch and Evidently. If you specify Evidently, you must also specify the ARN of the Evidently experiment that is to be the destination and an IAM role that has permission to write to the experiment. + type: string + enum: + - CloudWatch + - Evidently + DestinationArn: + type: string + pattern: arn:[^:]*:[^:]*:[^:]*:[^:]*:.* + description: Use this parameter only if Destination is Evidently. This parameter specifies the ARN of the Evidently experiment that will receive the extended metrics. + IamRoleArn: + type: string + pattern: arn:[^:]*:[^:]*:[^:]*:[^:]*:.* + description: |- + This parameter is required if Destination is Evidently. If Destination is CloudWatch, do not use this parameter. + + This parameter specifies the ARN of an IAM role that RUM will assume to write to the Evidently experiment that you are sending metrics to. This role must have permission to write to that experiment. + MetricDefinitions: + description: An array of structures which define the metrics that you want to send. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 2000 + items: + $ref: '#/components/schemas/MetricDefinition' + required: + - Destination + MetricDefinition: + description: A single metric definition + additionalProperties: false + type: object + properties: + Name: + description: |- + The name for the metric that is defined in this structure. For extended metrics, valid values are the following: + + PerformanceNavigationDuration + + PerformanceResourceDuration + + NavigationSatisfiedTransaction + + NavigationToleratedTransaction + + NavigationFrustratedTransaction + + WebVitalsCumulativeLayoutShift + + WebVitalsFirstInputDelay + + WebVitalsLargestContentfulPaint + + JsErrorCount + + HttpErrorCount + + SessionCount + type: string + minLength: 1 + maxLength: 255 + Namespace: + description: The namespace used by CloudWatch Metrics for the metric that is defined in this structure + type: string + pattern: '[a-zA-Z0-9-._/#:]+$' + minLength: 1 + maxLength: 237 + ValueKey: + description: |- + The field within the event object that the metric value is sourced from. + + If you omit this field, a hardcoded value of 1 is pushed as the metric value. This is useful if you just want to count the number of events that the filter catches. + + If this metric is sent to Evidently, this field will be passed to Evidently raw and Evidently will handle data extraction from the event. + type: string + pattern: .* + minLength: 1 + maxLength: 256 + UnitLabel: + description: The CloudWatch metric unit to use for this metric. If you omit this field, the metric is recorded with no unit. + type: string + minLength: 1 + maxLength: 256 + DimensionKeys: + description: |- + Use this field only if you are sending the metric to CloudWatch. + + This field is a map of field paths to dimension names. It defines the dimensions to associate with this metric in CloudWatch. For extended metrics, valid values for the entries in this field are the following: + + "metadata.pageId": "PageId" + + "metadata.browserName": "BrowserName" + + "metadata.deviceType": "DeviceType" + + "metadata.osName": "OSName" + + "metadata.countryCode": "CountryCode" + + "event_details.fileType": "FileType" + + All dimensions listed in this field must also be included in EventPattern. + type: object + x-patternProperties: + ^(?!:).*[^\s].*: + type: string + pattern: .*[^\s].* + minLength: 1 + maxLength: 255 + additionalProperties: false + EventPattern: + description: |- + The pattern that defines the metric, specified as a JSON object. RUM checks events that happen in a user's session against the pattern, and events that match the pattern are sent to the metric destination. + + When you define extended metrics, the metric definition is not valid if EventPattern is omitted. + + Example event patterns: + + '{ "event_type": ["com.amazon.rum.js_error_event"], "metadata": { "browserName": [ "Chrome", "Safari" ], } }' + + '{ "event_type": ["com.amazon.rum.performance_navigation_event"], "metadata": { "browserName": [ "Chrome", "Firefox" ] }, "event_details": { "duration": [{ "numeric": [ "<", 2000 ] }] } }' + + '{ "event_type": ["com.amazon.rum.performance_navigation_event"], "metadata": { "browserName": [ "Chrome", "Safari" ], "countryCode": [ "US" ] }, "event_details": { "duration": [{ "numeric": [ ">=", 2000, "<", 8000 ] }] } }' + + If the metrics destination' is CloudWatch and the event also matches a value in DimensionKeys, then the metric is published with the specified dimensions. + type: string + minLength: 1 + maxLength: 4000 + required: + - Name + CustomEventsStatus: + type: string + enum: + - ENABLED + - DISABLED + CustomEvents: + description: AppMonitor custom events configuration + type: object + additionalProperties: false + properties: + Status: + description: Indicates whether AppMonitor accepts custom events. + $ref: '#/components/schemas/CustomEventsStatus' + AppMonitor: + type: object + properties: + Id: + description: The unique ID of the new app monitor. + type: string + pattern: ^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$ + minLength: 36 + maxLength: 36 + Name: + description: A name for the app monitor + type: string + pattern: '[\.\-_/#A-Za-z0-9]+' + minLength: 1 + maxLength: 255 + Domain: + description: The top-level internet domain name for which your application has administrative authority. + type: string + pattern: ^(localhost)|^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(?![-.])([A-Za-z0-9-\.\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))|^(\*\.)(?![-.])([A-Za-z0-9-\.\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1})) + minLength: 1 + maxLength: 253 + CwLogEnabled: + description: Data collected by RUM is kept by RUM for 30 days and then deleted. This parameter specifies whether RUM sends a copy of this telemetry data to CWLlong in your account. This enables you to keep the telemetry data for more than 30 days, but it does incur CWLlong charges. If you omit this parameter, the default is false + type: boolean + Tags: + $ref: '#/components/schemas/TagDef' + AppMonitorConfiguration: + $ref: '#/components/schemas/AppMonitorConfiguration' + CustomEvents: + $ref: '#/components/schemas/CustomEvents' + required: + - Name + - Domain + x-stackql-resource-name: app_monitor + description: Resource Type definition for AWS::RUM::AppMonitor + x-type-name: AWS::RUM::AppMonitor + x-stackql-primary-identifier: + - Name + x-stackql-additional-identifiers: + - - Id + x-create-only-properties: + - Name + x-read-only-properties: + - Id + x-required-properties: + - Name + - Domain + x-taggable: true + x-required-permissions: + create: + - rum:CreateAppMonitor + - dynamodb:GetItem + - dynamodb:PutItem + - s3:GetObject + - s3:PutObject + - s3:GetObjectAcl + - s3:DoesObjectExist + - logs:CreateLogDelivery + - logs:CreateLogGroup + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - logs:PutRetentionPolicy + - rum:TagResource + - cognito-identity:DescribeIdentityPool + - iam:GetRole + - iam:CreateServiceLinkedRole + - rum:PutRumMetricsDestination + - rum:BatchCreateRumMetricDefinitions + read: + - rum:GetAppMonitor + - dynamodb:GetItem + - s3:GetObject + - s3:DoesObjectExist + - s3:GetObjectAcl + - rum:ListTagsForResource + - rum:ListRumMetricsDestinations + - rum:BatchGetRumMetricDefinitions + update: + - rum:UpdateAppMonitor + - dynamodb:GetItem + - dynamodb:PutItem + - dynamodb:UpdateItem + - dynamodb:Query + - s3:GetObject + - s3:PutObject + - s3:GetObjectAcl + - s3:DoesObjectExist + - logs:CreateLogDelivery + - logs:CreateLogGroup + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - logs:PutRetentionPolicy + - rum:TagResource + - rum:UntagResource + - rum:ListTagsForResource + - iam:GetRole + - iam:CreateServiceLinkedRole + - rum:PutRumMetricsDestination + - rum:DeleteRumMetricsDestination + - rum:ListRumMetricsDestinations + - rum:BatchCreateRumMetricDefinitions + - rum:BatchDeleteRumMetricDefinitions + - rum:BatchGetRumMetricDefinitions + - rum:UpdateRumMetricDefinition + delete: + - rum:DeleteAppMonitor + - dynamodb:DeleteItem + - dynamodb:Query + - logs:DeleteLogDelivery + - s3:DeleteObject + - s3:DoesObjectExist + - rum:UntagResource + - rum:DeleteRumMetricsDestination + - rum:BatchDeleteRumMetricDefinitions + list: + - rum:ListAppMonitors + - dynamodb:DescribeTable + - rum:GetAppMonitor + - dynamodb:GetItem + - dynamodb:BatchGetItem + - dynamodb:Query + - s3:GetObject + - s3:DoesObjectExist + - s3:GetObjectAcl + - logs:DescribeLogGroups + - rum:ListTagsForResource + x-stackQL-resources: + app_monitors: + name: app_monitors + id: aws.rum.app_monitors + x-cfn-schema-name: AppMonitor + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RUM::AppMonitor' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RUM::AppMonitor' + AND region = 'us-east-1' + app_monitor: + name: app_monitor + id: aws.rum.app_monitor + x-cfn-schema-name: AppMonitor + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Domain') as domain, + JSON_EXTRACT(Properties, '$.CwLogEnabled') as cw_log_enabled, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AppMonitorConfiguration') as app_monitor_configuration, + JSON_EXTRACT(Properties, '$.CustomEvents') as custom_events + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RUM::AppMonitor' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Domain') as domain, + json_extract_path_text(Properties, 'CwLogEnabled') as cw_log_enabled, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AppMonitorConfiguration') as app_monitor_configuration, + json_extract_path_text(Properties, 'CustomEvents') as custom_events + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RUM::AppMonitor' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/s3express.yaml b/providers/src/aws/v00.00.00000/services/s3express.yaml new file mode 100644 index 00000000..02a0e548 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/s3express.yaml @@ -0,0 +1,223 @@ +openapi: 3.0.0 +info: + title: S3Express + version: 1.0.0 +paths: {} +components: + schemas: + BucketPolicy: + type: object + properties: + Bucket: + description: The name of the S3 directory bucket to which the policy applies. + type: string + PolicyDocument: + description: A policy document containing permissions to add to the specified bucket. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. + type: object + required: + - Bucket + - PolicyDocument + x-stackql-resource-name: bucket_policy + description: Resource Type definition for AWS::S3Express::BucketPolicy. + x-type-name: AWS::S3Express::BucketPolicy + x-stackql-primary-identifier: + - Bucket + x-create-only-properties: + - Bucket + x-required-properties: + - Bucket + - PolicyDocument + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - s3express:GetBucketPolicy + - s3express:PutBucketPolicy + read: + - s3express:GetBucketPolicy + update: + - s3express:GetBucketPolicy + - s3express:PutBucketPolicy + delete: + - s3express:GetBucketPolicy + - s3express:DeleteBucketPolicy + list: + - s3express:GetBucketPolicy + - s3express:ListAllMyDirectoryBuckets + Arn: + description: The Amazon Resource Name (ARN) of the specified bucket. + type: string + DirectoryBucket: + type: object + properties: + BucketName: + description: Specifies a name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format 'bucket_base_name--az_id--x-s3' (for example, 'DOC-EXAMPLE-BUCKET--usw2-az1--x-s3'). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the bucket name. + maxLength: 63 + pattern: ^[a-z0-9][a-z0-9//.//-]*[a-z0-9]$ + type: string + LocationName: + description: Specifies the AZ ID of the Availability Zone where the directory bucket will be created. An example AZ ID value is 'use1-az5'. + type: string + DataRedundancy: + description: Specifies the number of Availability Zone that's used for redundancy for the bucket. + type: string + enum: + - SingleAvailabilityZone + Arn: + $ref: '#/components/schemas/Arn' + description: Returns the Amazon Resource Name (ARN) of the specified bucket. + x-examples: + - arn:aws:s3express:us-west-2:123456789123:bucket/DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 + required: + - LocationName + - DataRedundancy + x-stackql-resource-name: directory_bucket + description: Resource Type definition for AWS::S3Express::DirectoryBucket. + x-type-name: AWS::S3Express::DirectoryBucket + x-stackql-primary-identifier: + - BucketName + x-create-only-properties: + - BucketName + - LocationName + - DataRedundancy + x-read-only-properties: + - Arn + x-required-properties: + - LocationName + - DataRedundancy + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - s3express:CreateBucket + - s3express:ListAllMyDirectoryBuckets + read: + - s3express:ListAllMyDirectoryBuckets + delete: + - s3express:DeleteBucket + - s3express:ListAllMyDirectoryBuckets + list: + - s3express:ListAllMyDirectoryBuckets + x-stackQL-resources: + bucket_policies: + name: bucket_policies + id: aws.s3express.bucket_policies + x-cfn-schema-name: BucketPolicy + x-type: list + x-identifiers: + - Bucket + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Bucket') as bucket + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3Express::BucketPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Bucket') as bucket + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3Express::BucketPolicy' + AND region = 'us-east-1' + bucket_policy: + name: bucket_policy + id: aws.s3express.bucket_policy + x-cfn-schema-name: BucketPolicy + x-type: get + x-identifiers: + - Bucket + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Bucket') as bucket, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Express::BucketPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Bucket') as bucket, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Express::BucketPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + directory_buckets: + name: directory_buckets + id: aws.s3express.directory_buckets + x-cfn-schema-name: DirectoryBucket + x-type: list + x-identifiers: + - BucketName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.BucketName') as bucket_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3Express::DirectoryBucket' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'BucketName') as bucket_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3Express::DirectoryBucket' + AND region = 'us-east-1' + directory_bucket: + name: directory_bucket + id: aws.s3express.directory_bucket + x-cfn-schema-name: DirectoryBucket + x-type: get + x-identifiers: + - BucketName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.BucketName') as bucket_name, + JSON_EXTRACT(Properties, '$.LocationName') as location_name, + JSON_EXTRACT(Properties, '$.DataRedundancy') as data_redundancy, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Express::DirectoryBucket' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'BucketName') as bucket_name, + json_extract_path_text(Properties, 'LocationName') as location_name, + json_extract_path_text(Properties, 'DataRedundancy') as data_redundancy, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Express::DirectoryBucket' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/s3objectlambda.yaml b/providers/src/aws/v00.00.00000/services/s3objectlambda.yaml new file mode 100644 index 00000000..1f90880c --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/s3objectlambda.yaml @@ -0,0 +1,319 @@ +openapi: 3.0.0 +info: + title: S3ObjectLambda + version: 1.0.0 +paths: {} +components: + schemas: + PublicAccessBlockConfiguration: + type: object + additionalProperties: false + description: The Public Access Block Configuration is used to block policies that would allow public access to this Object lambda Access Point. All public access to Object lambda Access Points are blocked by default, and any policy that would give public access to them will be also blocked. This behavior cannot be changed for Object lambda Access Points. + properties: + BlockPublicAcls: + type: boolean + description: |- + Specifies whether Amazon S3 should block public access control lists (ACLs) to this object lambda access point. Setting this element to TRUE causes the following behavior: + - PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public. + - PUT Object calls fail if the request includes a public ACL. + . - PUT Bucket calls fail if the request includes a public ACL. + Enabling this setting doesn't affect existing policies or ACLs. + IgnorePublicAcls: + type: boolean + description: Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain. Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. + BlockPublicPolicy: + type: boolean + description: Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. Enabling this setting doesn't affect existing bucket policies. + RestrictPublicBuckets: + type: boolean + description: |- + Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to TRUE restricts access to this bucket to only AWS services and authorized users within this account if the bucket has a public policy. + Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. + ObjectLambdaConfiguration: + type: object + additionalProperties: false + description: Configuration to be applied to this Object lambda Access Point. It specifies Supporting Access Point, Transformation Configurations. Customers can also set if they like to enable Cloudwatch metrics for accesses to this Object lambda Access Point. Default setting for Cloudwatch metrics is disable. + properties: + SupportingAccessPoint: + type: string + minLength: 1 + maxLength: 2048 + AllowedFeatures: + type: array + x-insertionOrder: false + uniqueItems: true + items: + type: string + CloudWatchMetricsEnabled: + type: boolean + TransformationConfigurations: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/TransformationConfiguration' + required: + - SupportingAccessPoint + - TransformationConfigurations + TransformationConfiguration: + type: object + additionalProperties: false + description: Configuration to define what content transformation will be applied on which S3 Action. + properties: + Actions: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Action' + ContentTransformation: + type: object + oneOf: + - additionalProperties: false + properties: + AwsLambda: + $ref: '#/components/schemas/AwsLambda' + required: + - AwsLambda + required: + - Actions + - ContentTransformation + AwsLambda: + type: object + additionalProperties: false + properties: + FunctionArn: + type: string + minLength: 1 + maxLength: 2048 + FunctionPayload: + type: string + required: + - FunctionArn + Action: + type: string + Alias: + type: object + additionalProperties: false + properties: + Status: + type: string + description: The status of the Object Lambda alias. + pattern: ^[A-Z]*$ + Value: + type: string + description: The value of the Object Lambda alias. + pattern: ^[a-z0-9\-]*$ + required: + - Value + PolicyStatus: + type: object + additionalProperties: false + properties: + IsPublic: + type: boolean + description: Specifies whether the Object lambda Access Point Policy is Public or not. Object lambda Access Points are private by default. + AccessPoint: + type: object + properties: + Name: + description: The name you want to assign to this Object lambda Access Point. + type: string + pattern: ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ + minLength: 3 + maxLength: 45 + Alias: + $ref: '#/components/schemas/Alias' + Arn: + type: string + pattern: arn:[^:]+:s3-object-lambda:[^:]*:\d{12}:accesspoint/.* + CreationDate: + description: The date and time when the Object lambda Access Point was created. + type: string + PublicAccessBlockConfiguration: + description: The PublicAccessBlock configuration that you want to apply to this Access Point. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status 'The Meaning of Public' in the Amazon Simple Storage Service Developer Guide. + $ref: '#/components/schemas/PublicAccessBlockConfiguration' + PolicyStatus: + $ref: '#/components/schemas/PolicyStatus' + ObjectLambdaConfiguration: + description: The Object lambda Access Point Configuration that configures transformations to be applied on the objects on specified S3 Actions + $ref: '#/components/schemas/ObjectLambdaConfiguration' + required: + - ObjectLambdaConfiguration + x-stackql-resource-name: access_point + description: The AWS::S3ObjectLambda::AccessPoint resource is an Amazon S3ObjectLambda resource type that you can use to add computation to S3 actions + x-type-name: AWS::S3ObjectLambda::AccessPoint + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + - Alias + - Alias/Value + - Alias/Status + - PolicyStatus + - PolicyStatus/IsPublic + - CreationDate + - PublicAccessBlockConfiguration + x-required-properties: + - ObjectLambdaConfiguration + x-tagging: + taggable: false + x-required-permissions: + create: + - s3:CreateAccessPointForObjectLambda + - s3:PutAccessPointConfigurationForObjectLambda + - s3:GetAccessPointForObjectLambda + - s3:GetAccessPointPolicyStatusForObjectLambda + - s3:GetAccessPointConfigurationForObjectLambda + read: + - s3:GetAccessPointForObjectLambda + - s3:GetAccessPointPolicyStatusForObjectLambda + - s3:GetAccessPointConfigurationForObjectLambda + update: + - s3:PutAccessPointConfigurationForObjectLambda + - s3:GetAccessPointForObjectLambda + - s3:GetAccessPointPolicyStatusForObjectLambda + - s3:GetAccessPointConfigurationForObjectLambda + delete: + - s3:DeleteAccessPointForObjectLambda + list: + - s3:ListAccessPointsForObjectLambda + AccessPointPolicy: + type: object + properties: + ObjectLambdaAccessPoint: + description: The name of the Amazon S3 ObjectLambdaAccessPoint to which the policy applies. + type: string + pattern: ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ + minLength: 3 + maxLength: 45 + PolicyDocument: + description: 'A policy document containing permissions to add to the specified ObjectLambdaAccessPoint. For more information, see Access Policy Language Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html) in the Amazon Simple Storage Service Developer Guide. ' + type: object + required: + - ObjectLambdaAccessPoint + - PolicyDocument + x-stackql-resource-name: access_point_policy + description: AWS::S3ObjectLambda::AccessPointPolicy resource is an Amazon S3ObjectLambda policy type that you can use to control permissions for your S3ObjectLambda + x-type-name: AWS::S3ObjectLambda::AccessPointPolicy + x-stackql-primary-identifier: + - ObjectLambdaAccessPoint + x-create-only-properties: + - ObjectLambdaAccessPoint + x-required-properties: + - ObjectLambdaAccessPoint + - PolicyDocument + x-tagging: + taggable: false + x-required-permissions: + create: + - s3:PutAccessPointPolicyForObjectLambda + - s3:GetAccessPointPolicyForObjectLambda + read: + - s3:GetAccessPointPolicyForObjectLambda + update: + - s3:PutAccessPointPolicyForObjectLambda + - s3:GetAccessPointPolicyForObjectLambda + delete: + - s3:DeleteAccessPointPolicyForObjectLambda + - s3:GetAccessPointPolicyForObjectLambda + x-stackQL-resources: + access_points: + name: access_points + id: aws.s3objectlambda.access_points + x-cfn-schema-name: AccessPoint + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3ObjectLambda::AccessPoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3ObjectLambda::AccessPoint' + AND region = 'us-east-1' + access_point: + name: access_point + id: aws.s3objectlambda.access_point + x-cfn-schema-name: AccessPoint + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Alias') as alias, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationDate') as creation_date, + JSON_EXTRACT(Properties, '$.PublicAccessBlockConfiguration') as public_access_block_configuration, + JSON_EXTRACT(Properties, '$.PolicyStatus') as policy_status, + JSON_EXTRACT(Properties, '$.ObjectLambdaConfiguration') as object_lambda_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3ObjectLambda::AccessPoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Alias') as alias, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationDate') as creation_date, + json_extract_path_text(Properties, 'PublicAccessBlockConfiguration') as public_access_block_configuration, + json_extract_path_text(Properties, 'PolicyStatus') as policy_status, + json_extract_path_text(Properties, 'ObjectLambdaConfiguration') as object_lambda_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3ObjectLambda::AccessPoint' + AND data__Identifier = '' + AND region = 'us-east-1' + access_point_policy: + name: access_point_policy + id: aws.s3objectlambda.access_point_policy + x-cfn-schema-name: AccessPointPolicy + x-type: get + x-identifiers: + - ObjectLambdaAccessPoint + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ObjectLambdaAccessPoint') as object_lambda_access_point, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3ObjectLambda::AccessPointPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ObjectLambdaAccessPoint') as object_lambda_access_point, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3ObjectLambda::AccessPointPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/s3outposts.yaml b/providers/src/aws/v00.00.00000/services/s3outposts.yaml new file mode 100644 index 00000000..dd1ce0b6 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/s3outposts.yaml @@ -0,0 +1,696 @@ +openapi: 3.0.0 +info: + title: S3Outposts + version: 1.0.0 +paths: {} +components: + schemas: + VpcConfiguration: + type: object + additionalProperties: false + properties: + VpcId: + description: Virtual Private Cloud (VPC) Id from which AccessPoint will allow requests. + type: string + minLength: 1 + maxLength: 1024 + AccessPoint: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the specified AccessPoint. + maxLength: 2048 + minLength: 20 + pattern: ^arn:[^:]+:s3-outposts:[a-zA-Z0-9\-]+:\d{12}:outpost\/[^:]+\/accesspoint\/[^:]+$ + type: string + Bucket: + description: The Amazon Resource Name (ARN) of the bucket you want to associate this AccessPoint with. + maxLength: 2048 + minLength: 20 + pattern: ^arn:[^:]+:s3-outposts:[a-zA-Z0-9\-]+:\d{12}:outpost\/[^:]+\/bucket\/[^:]+$ + type: string + Name: + description: A name for the AccessPoint. + maxLength: 50 + minLength: 3 + pattern: ^[a-z0-9]([a-z0-9\\-]*[a-z0-9])?$ + type: string + VpcConfiguration: + description: Virtual Private Cloud (VPC) from which requests can be made to the AccessPoint. + $ref: '#/components/schemas/VpcConfiguration' + Policy: + description: The access point policy associated with this access point. + type: object + required: + - Bucket + - Name + - VpcConfiguration + x-stackql-resource-name: access_point + description: Resource Type Definition for AWS::S3Outposts::AccessPoint + x-type-name: AWS::S3Outposts::AccessPoint + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Bucket + - Name + - VpcConfiguration + x-read-only-properties: + - Arn + x-required-properties: + - Bucket + - Name + - VpcConfiguration + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - s3-outposts:CreateAccessPoint + - s3-outposts:GetAccessPoint + - s3-outposts:PutAccessPointPolicy + - s3-outposts:GetAccessPointPolicy + read: + - s3-outposts:GetAccessPoint + - s3-outposts:GetAccessPointPolicy + update: + - s3-outposts:GetAccessPoint + - s3-outposts:PutAccessPointPolicy + - s3-outposts:GetAccessPointPolicy + - s3-outposts:DeleteAccessPointPolicy + delete: + - s3-outposts:DeleteAccessPoint + - s3-outposts:DeleteAccessPointPolicy + list: + - s3-outposts:ListAccessPoints + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + minLength: 1 + maxLength: 1024 + pattern: ^(?!aws:.*)([\p{L}\p{Z}\p{N}_.:=+\/\-@%]*)$ + Value: + type: string + minLength: 1 + maxLength: 1024 + pattern: ^([\p{L}\p{Z}\p{N}_.:=+\/\-@%]*)$ + required: + - Key + - Value + LifecycleConfiguration: + type: object + additionalProperties: false + properties: + Rules: + description: A list of lifecycle rules for individual objects in an Amazon S3Outposts bucket. + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Rule' + required: + - Rules + Rule: + description: 'Specifies lifecycle rules for an Amazon S3Outposts bucket. You must specify at least one of the following: AbortIncompleteMultipartUpload, ExpirationDate, ExpirationInDays.' + type: object + additionalProperties: false + properties: + Status: + type: string + enum: + - Enabled + - Disabled + Id: + type: string + maxLength: 255 + description: Unique identifier for the lifecycle rule. The value can't be longer than 255 characters. + AbortIncompleteMultipartUpload: + description: Specifies a lifecycle rule that stops incomplete multipart uploads to an Amazon S3Outposts bucket. + $ref: '#/components/schemas/AbortIncompleteMultipartUpload' + ExpirationDate: + description: Indicates when objects are deleted from Amazon S3Outposts. The date value must be in ISO 8601 format. The time is always midnight UTC. + $ref: '#/components/schemas/iso8601UTC' + ExpirationInDays: + description: Indicates the number of days after creation when objects are deleted from Amazon S3Outposts. + type: integer + minimum: 1 + Filter: + description: The container for the filter of the lifecycle rule. + type: object + additionalProperties: false + properties: + Prefix: + description: Object key prefix that identifies one or more objects to which this rule applies. + $ref: '#/components/schemas/FilterPrefix' + Tag: + description: Specifies a tag used to identify a subset of objects for an Amazon S3Outposts bucket. + $ref: '#/components/schemas/FilterTag' + AndOperator: + description: The container for the AND condition for the lifecycle rule. A combination of Prefix and 1 or more Tags OR a minimum of 2 or more tags. + $ref: '#/components/schemas/FilterAndOperator' + oneOf: + - required: + - Prefix + - required: + - Tag + - required: + - AndOperator + anyOf: + - required: + - Status + - AbortIncompleteMultipartUpload + - required: + - Status + - ExpirationDate + - required: + - Status + - ExpirationInDays + iso8601UTC: + description: The date value in ISO 8601 format. The timezone is always UTC. (YYYY-MM-DDThh:mm:ssZ) + type: string + pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$ + AbortIncompleteMultipartUpload: + description: Specifies the days since the initiation of an incomplete multipart upload that Amazon S3Outposts will wait before permanently removing all parts of the upload. + type: object + additionalProperties: false + properties: + DaysAfterInitiation: + description: Specifies the number of days after which Amazon S3Outposts aborts an incomplete multipart upload. + type: integer + minimum: 0 + required: + - DaysAfterInitiation + FilterPrefix: + description: Prefix identifies one or more objects to which the rule applies. + type: string + FilterTag: + description: Tag used to identify a subset of objects for an Amazon S3Outposts bucket. + type: object + additionalProperties: false + properties: + Key: + type: string + minLength: 1 + maxLength: 1024 + pattern: ^([\p{L}\p{Z}\p{N}_.:=+\/\-@%]*)$ + Value: + type: string + minLength: 1 + maxLength: 1024 + pattern: ^([\p{L}\p{Z}\p{N}_.:=+\/\-@%]*)$ + required: + - Key + - Value + FilterAndOperator: + oneOf: + - type: object + additionalProperties: false + required: + - Tags + properties: + Prefix: + description: Prefix identifies one or more objects to which the rule applies. + $ref: '#/components/schemas/FilterPrefix' + Tags: + description: All of these tags must exist in the object's tag set in order for the rule to apply. + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 1 + items: + $ref: '#/components/schemas/FilterTag' + Bucket: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the specified bucket. + maxLength: 2048 + minLength: 20 + pattern: ^arn:[^:]+:s3-outposts:[a-zA-Z0-9\-]+:\d{12}:outpost\/[^:]+\/bucket\/[^:]+$ + type: string + BucketName: + description: A name for the bucket. + maxLength: 63 + minLength: 3 + pattern: (?=^.{3,63}$)(?!^(\d+\.)+\d+$)(^(([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])$) + type: string + OutpostId: + description: The id of the customer outpost on which the bucket resides. + pattern: ^(op-[a-f0-9]{17}|\d{12}|ec2)$ + type: string + Tags: + description: An arbitrary set of tags (key-value pairs) for this S3Outposts bucket. + items: + $ref: '#/components/schemas/Tag' + type: array + x-insertionOrder: false + uniqueItems: true + LifecycleConfiguration: + description: Rules that define how Amazon S3Outposts manages objects during their lifetime. + $ref: '#/components/schemas/LifecycleConfiguration' + required: + - BucketName + - OutpostId + x-stackql-resource-name: bucket + description: Resource Type Definition for AWS::S3Outposts::Bucket + x-type-name: AWS::S3Outposts::Bucket + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - BucketName + - OutpostId + x-read-only-properties: + - Arn + x-required-properties: + - BucketName + - OutpostId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - s3-outposts:CreateBucket + - s3-outposts:PutBucketTagging + - s3-outposts:PutLifecycleConfiguration + read: + - s3-outposts:GetBucket + - s3-outposts:GetBucketTagging + - s3-outposts:GetLifecycleConfiguration + update: + - s3-outposts:PutBucketTagging + - s3-outposts:DeleteBucketTagging + - s3-outposts:PutLifecycleConfiguration + delete: + - s3-outposts:DeleteBucket + list: + - s3-outposts:ListRegionalBuckets + BucketPolicy: + type: object + properties: + Bucket: + description: The Amazon Resource Name (ARN) of the specified bucket. + maxLength: 2048 + minLength: 20 + pattern: ^arn:[^:]+:s3-outposts:[a-zA-Z0-9\-]+:\d{12}:outpost\/[^:]+\/bucket\/[^:]+$ + type: string + PolicyDocument: + description: A policy document containing permissions to add to the specified bucket. + type: object + required: + - Bucket + - PolicyDocument + x-stackql-resource-name: bucket_policy + description: Resource Type Definition for AWS::S3Outposts::BucketPolicy + x-type-name: AWS::S3Outposts::BucketPolicy + x-stackql-primary-identifier: + - Bucket + x-create-only-properties: + - Bucket + x-required-properties: + - Bucket + - PolicyDocument + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - s3-outposts:PutBucketPolicy + - s3-outposts:GetBucketPolicy + read: + - s3-outposts:GetBucketPolicy + update: + - s3-outposts:PutBucketPolicy + - s3-outposts:GetBucketPolicy + delete: + - s3-outposts:DeleteBucketPolicy + - s3-outposts:GetBucketPolicy + NetworkInterface: + description: The container for the network interface. + type: object + additionalProperties: false + properties: + NetworkInterfaceId: + type: string + minLength: 1 + maxLength: 100 + required: + - NetworkInterfaceId + FailedReason: + type: object + additionalProperties: false + properties: + ErrorCode: + type: string + description: The failure code, if any, for a create or delete endpoint operation. + Message: + type: string + description: Additional error details describing the endpoint failure and recommended action. + Endpoint: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the endpoint. + minLength: 5 + maxLength: 500 + type: string + pattern: ^arn:[^:]+:s3-outposts:[a-zA-Z0-9\-]+:\d{12}:outpost\/[^:]+\/endpoint/[a-zA-Z0-9]{19}$ + CidrBlock: + description: The VPC CIDR committed by this endpoint. + minLength: 1 + maxLength: 20 + type: string + CreationTime: + description: The time the endpoint was created. + $ref: '#/components/schemas/iso8601UTC' + Id: + description: The ID of the endpoint. + minLength: 5 + maxLength: 500 + type: string + pattern: ^[a-zA-Z0-9]{19}$ + NetworkInterfaces: + description: The network interfaces of the endpoint. + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/NetworkInterface' + OutpostId: + description: The id of the customer outpost on which the bucket resides. + pattern: ^(op-[a-f0-9]{17}|\d{12}|ec2)$ + type: string + SecurityGroupId: + description: The ID of the security group to use with the endpoint. + minLength: 1 + maxLength: 100 + type: string + pattern: ^sg-([0-9a-f]{8}|[0-9a-f]{17})$ + Status: + type: string + enum: + - Available + - Pending + - Deleting + - Create_Failed + - Delete_Failed + SubnetId: + description: The ID of the subnet in the selected VPC. The subnet must belong to the Outpost. + minLength: 1 + maxLength: 100 + type: string + pattern: ^subnet-([0-9a-f]{8}|[0-9a-f]{17})$ + AccessType: + description: The type of access for the on-premise network connectivity for the Outpost endpoint. To access endpoint from an on-premises network, you must specify the access type and provide the customer owned Ipv4 pool. + type: string + enum: + - CustomerOwnedIp + - Private + default: Private + CustomerOwnedIpv4Pool: + description: The ID of the customer-owned IPv4 pool for the Endpoint. IP addresses will be allocated from this pool for the endpoint. + type: string + pattern: ^ipv4pool-coip-([0-9a-f]{17})$ + FailedReason: + description: The failure reason, if any, for a create or delete endpoint operation. + $ref: '#/components/schemas/FailedReason' + required: + - OutpostId + - SecurityGroupId + - SubnetId + x-stackql-resource-name: endpoint + description: Resource Type Definition for AWS::S3Outposts::Endpoint + x-type-name: AWS::S3Outposts::Endpoint + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - OutpostId + - SecurityGroupId + - SubnetId + - AccessType + - CustomerOwnedIpv4Pool + x-read-only-properties: + - Arn + - CidrBlock + - CreationTime + - Id + - NetworkInterfaces + - Status + x-required-properties: + - OutpostId + - SecurityGroupId + - SubnetId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - s3-outposts:CreateEndpoint + read: + - s3-outposts:ListEndpoints + delete: + - s3-outposts:DeleteEndpoint + list: + - s3-outposts:ListEndpoints + x-stackQL-resources: + access_points: + name: access_points + id: aws.s3outposts.access_points + x-cfn-schema-name: AccessPoint + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3Outposts::AccessPoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3Outposts::AccessPoint' + AND region = 'us-east-1' + access_point: + name: access_point + id: aws.s3outposts.access_point + x-cfn-schema-name: AccessPoint + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Bucket') as bucket, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.VpcConfiguration') as vpc_configuration, + JSON_EXTRACT(Properties, '$.Policy') as policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Outposts::AccessPoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Bucket') as bucket, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'VpcConfiguration') as vpc_configuration, + json_extract_path_text(Properties, 'Policy') as policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Outposts::AccessPoint' + AND data__Identifier = '' + AND region = 'us-east-1' + buckets: + name: buckets + id: aws.s3outposts.buckets + x-cfn-schema-name: Bucket + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3Outposts::Bucket' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3Outposts::Bucket' + AND region = 'us-east-1' + bucket: + name: bucket + id: aws.s3outposts.bucket + x-cfn-schema-name: Bucket + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.BucketName') as bucket_name, + JSON_EXTRACT(Properties, '$.OutpostId') as outpost_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LifecycleConfiguration') as lifecycle_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Outposts::Bucket' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'BucketName') as bucket_name, + json_extract_path_text(Properties, 'OutpostId') as outpost_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LifecycleConfiguration') as lifecycle_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Outposts::Bucket' + AND data__Identifier = '' + AND region = 'us-east-1' + bucket_policy: + name: bucket_policy + id: aws.s3outposts.bucket_policy + x-cfn-schema-name: BucketPolicy + x-type: get + x-identifiers: + - Bucket + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Bucket') as bucket, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Outposts::BucketPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Bucket') as bucket, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Outposts::BucketPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + endpoints: + name: endpoints + id: aws.s3outposts.endpoints + x-cfn-schema-name: Endpoint + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3Outposts::Endpoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3Outposts::Endpoint' + AND region = 'us-east-1' + endpoint: + name: endpoint + id: aws.s3outposts.endpoint + x-cfn-schema-name: Endpoint + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CidrBlock') as cidr_block, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.NetworkInterfaces') as network_interfaces, + JSON_EXTRACT(Properties, '$.OutpostId') as outpost_id, + JSON_EXTRACT(Properties, '$.SecurityGroupId') as security_group_id, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(Properties, '$.AccessType') as access_type, + JSON_EXTRACT(Properties, '$.CustomerOwnedIpv4Pool') as customer_owned_ipv4_pool, + JSON_EXTRACT(Properties, '$.FailedReason') as failed_reason + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Outposts::Endpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CidrBlock') as cidr_block, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'NetworkInterfaces') as network_interfaces, + json_extract_path_text(Properties, 'OutpostId') as outpost_id, + json_extract_path_text(Properties, 'SecurityGroupId') as security_group_id, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'SubnetId') as subnet_id, + json_extract_path_text(Properties, 'AccessType') as access_type, + json_extract_path_text(Properties, 'CustomerOwnedIpv4Pool') as customer_owned_ipv4_pool, + json_extract_path_text(Properties, 'FailedReason') as failed_reason + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Outposts::Endpoint' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/sagemaker.yaml b/providers/src/aws/v00.00.00000/services/sagemaker.yaml new file mode 100644 index 00000000..30dc1806 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/sagemaker.yaml @@ -0,0 +1,6786 @@ +openapi: 3.0.0 +info: + title: SageMaker + version: 1.0.0 +paths: {} +components: + schemas: + ResourceSpec: + type: object + additionalProperties: false + properties: + InstanceType: + type: string + description: The instance type that the image version runs on. + enum: + - system + - ml.t3.micro + - ml.t3.small + - ml.t3.medium + - ml.t3.large + - ml.t3.xlarge + - ml.t3.2xlarge + - ml.m5.large + - ml.m5.xlarge + - ml.m5.2xlarge + - ml.m5.4xlarge + - ml.m5.8xlarge + - ml.m5.12xlarge + - ml.m5.16xlarge + - ml.m5.24xlarge + - ml.c5.large + - ml.c5.xlarge + - ml.c5.2xlarge + - ml.c5.4xlarge + - ml.c5.9xlarge + - ml.c5.12xlarge + - ml.c5.18xlarge + - ml.c5.24xlarge + - ml.p3.2xlarge + - ml.p3.8xlarge + - ml.p3.16xlarge + - ml.g4dn.xlarge + - ml.g4dn.2xlarge + - ml.g4dn.4xlarge + - ml.g4dn.8xlarge + - ml.g4dn.12xlarge + - ml.g4dn.16xlarge + - ml.r5.large + - ml.r5.xlarge + - ml.r5.2xlarge + - ml.r5.4xlarge + - ml.r5.8xlarge + - ml.r5.12xlarge + - ml.r5.16xlarge + - ml.r5.24xlarge + - ml.p3dn.24xlarge + - ml.m5d.large + - ml.m5d.xlarge + - ml.m5d.2xlarge + - ml.m5d.4xlarge + - ml.m5d.8xlarge + - ml.m5d.12xlarge + - ml.m5d.16xlarge + - ml.m5d.24xlarge + - ml.g5.xlarge + - ml.g5.2xlarge + - ml.g5.4xlarge + - ml.g5.8xlarge + - ml.g5.12xlarge + - ml.g5.16xlarge + - ml.g5.24xlarge + - ml.g5.48xlarge + - ml.p4d.24xlarge + - ml.p4de.24xlarge + - ml.geospatial.interactive + - ml.trn1.2xlarge + - ml.trn1.32xlarge + - ml.trn1n.32xlarge + SageMakerImageArn: + type: string + description: The ARN of the SageMaker image that the image version belongs to. + maxLength: 256 + pattern: ^arn:aws(-[\w]+)*:sagemaker:.+:[0-9]{12}:image/[a-z0-9]([-.]?[a-z0-9])*$ + SageMakerImageVersionArn: + type: string + description: The ARN of the image version created on the instance. + maxLength: 256 + pattern: ^arn:aws(-[\w]+)*:sagemaker:.+:[0-9]{12}:image-version/[a-z0-9]([-.]?[a-z0-9])*/[0-9]+$ + Tag: + type: object + additionalProperties: false + properties: + Value: + type: string + minLength: 1 + maxLength: 128 + Key: + type: string + minLength: 1 + maxLength: 128 + required: + - Key + - Value + App: + type: object + properties: + AppArn: + type: string + description: The Amazon Resource Name (ARN) of the app. + minLength: 1 + maxLength: 256 + pattern: arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:app/.* + AppName: + type: string + description: The name of the app. + minLength: 1 + maxLength: 63 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62} + AppType: + type: string + description: The type of app. + enum: + - JupyterServer + - KernelGateway + - RStudioServerPro + - RSessionGateway + - Canvas + DomainId: + type: string + description: The domain ID. + minLength: 1 + maxLength: 63 + ResourceSpec: + $ref: '#/components/schemas/ResourceSpec' + description: The instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. + Tags: + type: array + description: A list of tags to apply to the app. + uniqueItems: false + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + UserProfileName: + type: string + description: The user profile name. + minLength: 1 + maxLength: 63 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62} + required: + - AppName + - AppType + - DomainId + - UserProfileName + x-stackql-resource-name: app + description: Resource Type definition for AWS::SageMaker::App + x-type-name: AWS::SageMaker::App + x-stackql-primary-identifier: + - AppName + - AppType + - DomainId + - UserProfileName + x-create-only-properties: + - AppName + - AppType + - DomainId + - UserProfileName + - Tags + - ResourceSpec + x-write-only-properties: + - Tags + x-read-only-properties: + - AppArn + x-required-properties: + - AppName + - AppType + - DomainId + - UserProfileName + x-required-permissions: + create: + - sagemaker:CreateApp + - sagemaker:DescribeApp + read: + - sagemaker:DescribeApp + - sagemaker:DescribeApp + delete: + - sagemaker:DeleteApp + - sagemaker:DescribeApp + list: + - sagemaker:ListApps + KernelGatewayImageConfig: + type: object + description: The configuration for the file system and kernels in a SageMaker image running as a KernelGateway app. + additionalProperties: false + properties: + FileSystemConfig: + $ref: '#/components/schemas/FileSystemConfig' + description: The Amazon Elastic File System (EFS) storage configuration for a SageMaker image. + KernelSpecs: + type: array + description: The specification of the Jupyter kernels in the image. + minItems: 1 + maxItems: 1 + items: + $ref: '#/components/schemas/KernelSpec' + required: + - KernelSpecs + JupyterLabAppImageConfig: + type: object + description: The configuration for the kernels in a SageMaker image running as a JupyterLab app. + additionalProperties: false + properties: + ContainerConfig: + $ref: '#/components/schemas/ContainerConfig' + description: The container configuration for a SageMaker image. + CodeEditorAppImageConfig: + type: object + description: The configuration for the kernels in a SageMaker image running as a CodeEditor app. + additionalProperties: false + properties: + ContainerConfig: + $ref: '#/components/schemas/ContainerConfig' + description: The container configuration for a SageMaker image. + ContainerConfig: + type: object + description: The container configuration for a SageMaker image. + additionalProperties: false + properties: + ContainerArguments: + type: array + description: A list of arguments to apply to the container. + uniqueItems: false + items: + $ref: '#/components/schemas/CustomImageContainerArguments' + minItems: 0 + maxItems: 50 + ContainerEntrypoint: + type: array + description: The custom entry point to use on container. + uniqueItems: false + items: + $ref: '#/components/schemas/CustomImageContainerEntrypoint' + minItems: 0 + maxItems: 1 + ContainerEnvironmentVariables: + type: array + description: A list of variables to apply to the custom container. + uniqueItems: false + items: + $ref: '#/components/schemas/CustomImageContainerEnvironmentVariable' + minItems: 0 + maxItems: 25 + CustomImageContainerArguments: + type: string + description: The container image arguments + minLength: 1 + maxLength: 64 + pattern: ^(?!\s*$).+ + CustomImageContainerEntrypoint: + type: string + description: The container entry point + minLength: 1 + maxLength: 256 + pattern: ^(?!\s*$).+ + CustomImageContainerEnvironmentVariable: + type: object + additionalProperties: false + properties: + Value: + type: string + minLength: 1 + maxLength: 256 + pattern: ^(?!\s*$).+ + Key: + type: string + minLength: 1 + maxLength: 256 + pattern: ^(?!\s*$).+ + required: + - Key + - Value + FileSystemConfig: + type: object + description: The Amazon Elastic File System (EFS) storage configuration for a SageMaker image. + additionalProperties: false + properties: + DefaultGid: + type: integer + description: The default POSIX group ID (GID). If not specified, defaults to 100. + minimum: 0 + maximum: 65535 + DefaultUid: + type: integer + description: The default POSIX user ID (UID). If not specified, defaults to 1000. + minimum: 0 + maximum: 65535 + MountPath: + type: string + description: The path within the image to mount the user's EFS home directory. The directory should be empty. If not specified, defaults to /home/sagemaker-user. + minLength: 1 + maxLength: 1024 + pattern: ^/.* + KernelSpec: + type: object + additionalProperties: false + properties: + DisplayName: + type: string + description: The display name of the kernel. + minLength: 1 + maxLength: 1024 + Name: + type: string + description: The name of the kernel. + minLength: 1 + maxLength: 1024 + required: + - Name + AppImageConfig: + type: object + properties: + AppImageConfigArn: + type: string + description: The Amazon Resource Name (ARN) of the AppImageConfig. + minLength: 1 + maxLength: 256 + pattern: arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:app-image-config/.* + AppImageConfigName: + type: string + description: The Name of the AppImageConfig. + minLength: 1 + maxLength: 63 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62} + KernelGatewayImageConfig: + $ref: '#/components/schemas/KernelGatewayImageConfig' + description: The KernelGatewayImageConfig. + JupyterLabAppImageConfig: + $ref: '#/components/schemas/JupyterLabAppImageConfig' + description: The JupyterLabAppImageConfig. + CodeEditorAppImageConfig: + $ref: '#/components/schemas/CodeEditorAppImageConfig' + description: The CodeEditorAppImageConfig. + Tags: + type: array + description: A list of tags to apply to the AppImageConfig. + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + required: + - AppImageConfigName + x-stackql-resource-name: app_image_config + description: Resource Type definition for AWS::SageMaker::AppImageConfig + x-type-name: AWS::SageMaker::AppImageConfig + x-stackql-primary-identifier: + - AppImageConfigName + x-create-only-properties: + - AppImageConfigName + - Tags + x-write-only-properties: + - Tags + x-read-only-properties: + - AppImageConfigArn + x-required-properties: + - AppImageConfigName + x-required-permissions: + create: + - sagemaker:CreateAppImageConfig + - sagemaker:DescribeAppImageConfig + read: + - sagemaker:DescribeAppImageConfig + update: + - sagemaker:UpdateAppImageConfig + - sagemaker:DescribeAppImageConfig + delete: + - sagemaker:DeleteAppImageConfig + - sagemaker:DescribeAppImageConfig + list: + - sagemaker:ListAppImageConfigs + DataQualityBaselineConfig: + type: object + additionalProperties: false + description: Baseline configuration used to validate that the data conforms to the specified constraints and statistics. + properties: + BaseliningJobName: + $ref: '#/components/schemas/ProcessingJobName' + ConstraintsResource: + $ref: '#/components/schemas/ConstraintsResource' + StatisticsResource: + $ref: '#/components/schemas/StatisticsResource' + ConstraintsResource: + type: object + additionalProperties: false + description: The baseline constraints resource for a monitoring job. + properties: + S3Uri: + description: The Amazon S3 URI for baseline constraint file in Amazon S3 that the current monitoring job should validated against. + $ref: '#/components/schemas/S3Uri' + StatisticsResource: + type: object + additionalProperties: false + description: The baseline statistics resource for a monitoring job. + properties: + S3Uri: + description: The Amazon S3 URI for the baseline statistics file in Amazon S3 that the current monitoring job should be validated against. + $ref: '#/components/schemas/S3Uri' + S3Uri: + type: string + description: The Amazon S3 URI. + pattern: ^(https|s3)://([^/]+)/?(.*)$ + maxLength: 1024 + DataQualityAppSpecification: + type: object + additionalProperties: false + description: Container image configuration object for the monitoring job. + properties: + ContainerArguments: + type: array + description: An array of arguments for the container used to run the monitoring job. + maxItems: 50 + items: + type: string + minLength: 1 + maxLength: 256 + ContainerEntrypoint: + type: array + description: Specifies the entrypoint for a container used to run the monitoring job. + maxItems: 100 + items: + type: string + minLength: 1 + maxLength: 256 + ImageUri: + type: string + description: The container image to be run by the monitoring job. + pattern: .* + maxLength: 255 + PostAnalyticsProcessorSourceUri: + description: An Amazon S3 URI to a script that is called after analysis has been performed. Applicable only for the built-in (first party) containers. + $ref: '#/components/schemas/S3Uri' + RecordPreprocessorSourceUri: + description: An Amazon S3 URI to a script that is called per row prior to running analysis. It can base64 decode the payload and convert it into a flatted json so that the built-in container can use the converted data. Applicable only for the built-in (first party) containers + $ref: '#/components/schemas/S3Uri' + Environment: + type: object + additionalProperties: false + description: Sets the environment variables in the Docker container + x-patternProperties: + '[a-zA-Z_][a-zA-Z0-9_]*': + type: string + minLength: 1 + maxLength: 256 + '[\S\s]*': + type: string + maxLength: 256 + required: + - ImageUri + DataQualityJobInput: + type: object + additionalProperties: false + description: The inputs for a monitoring job. + properties: + EndpointInput: + $ref: '#/components/schemas/EndpointInput' + BatchTransformInput: + $ref: '#/components/schemas/BatchTransformInput' + EndpointInput: + type: object + additionalProperties: false + description: The endpoint for a monitoring job. + properties: + EndpointName: + $ref: '#/components/schemas/EndpointName' + LocalPath: + type: string + description: Path to the filesystem where the endpoint data is available to the container. + pattern: .* + maxLength: 256 + S3DataDistributionType: + type: string + description: Whether input data distributed in Amazon S3 is fully replicated or sharded by an S3 key. Defauts to FullyReplicated + enum: + - FullyReplicated + - ShardedByS3Key + S3InputMode: + type: string + description: Whether the Pipe or File is used as the input mode for transfering data for the monitoring job. Pipe mode is recommended for large datasets. File mode is useful for small files that fit in memory. Defaults to File. + enum: + - Pipe + - File + ExcludeFeaturesAttribute: + type: string + description: Indexes or names of the features to be excluded from analysis + maxLength: 100 + required: + - EndpointName + - LocalPath + BatchTransformInput: + type: object + additionalProperties: false + description: The batch transform input for a monitoring job. + properties: + DataCapturedDestinationS3Uri: + type: string + description: A URI that identifies the Amazon S3 storage location where Batch Transform Job captures data. + pattern: ^(https|s3)://([^/]+)/?(.*)$ + maxLength: 512 + DatasetFormat: + $ref: '#/components/schemas/DatasetFormat' + LocalPath: + type: string + description: Path to the filesystem where the endpoint data is available to the container. + pattern: .* + maxLength: 256 + S3DataDistributionType: + type: string + description: Whether input data distributed in Amazon S3 is fully replicated or sharded by an S3 key. Defauts to FullyReplicated + enum: + - FullyReplicated + - ShardedByS3Key + S3InputMode: + type: string + description: Whether the Pipe or File is used as the input mode for transfering data for the monitoring job. Pipe mode is recommended for large datasets. File mode is useful for small files that fit in memory. Defaults to File. + enum: + - Pipe + - File + ExcludeFeaturesAttribute: + type: string + description: Indexes or names of the features to be excluded from analysis + maxLength: 100 + required: + - DataCapturedDestinationS3Uri + - DatasetFormat + - LocalPath + MonitoringOutputConfig: + type: object + additionalProperties: false + description: The output configuration for monitoring jobs. + properties: + KmsKeyId: + type: string + description: The AWS Key Management Service (AWS KMS) key that Amazon SageMaker uses to encrypt the model artifacts at rest using Amazon S3 server-side encryption. + pattern: .* + maxLength: 2048 + MonitoringOutputs: + type: array + description: Monitoring outputs for monitoring jobs. This is where the output of the periodic monitoring jobs is uploaded. + minLength: 1 + maxLength: 1 + items: + $ref: '#/components/schemas/MonitoringOutput' + required: + - MonitoringOutputs + MonitoringOutput: + type: object + additionalProperties: false + description: The output object for a monitoring job. + properties: + S3Output: + $ref: '#/components/schemas/S3Output' + required: + - S3Output + S3Output: + type: object + additionalProperties: false + description: Information about where and how to store the results of a monitoring job. + properties: + LocalPath: + type: string + description: The local path to the Amazon S3 storage location where Amazon SageMaker saves the results of a monitoring job. LocalPath is an absolute path for the output data. + pattern: .* + maxLength: 256 + S3UploadMode: + type: string + description: Whether to upload the results of the monitoring job continuously or after the job completes. + enum: + - Continuous + - EndOfJob + S3Uri: + type: string + description: A URI that identifies the Amazon S3 storage location where Amazon SageMaker saves the results of a monitoring job. + pattern: ^(https|s3)://([^/]+)/?(.*)$ + maxLength: 512 + required: + - LocalPath + - S3Uri + MonitoringResources: + type: object + additionalProperties: false + description: Identifies the resources to deploy for a monitoring job. + properties: + ClusterConfig: + $ref: '#/components/schemas/ClusterConfig' + required: + - ClusterConfig + ClusterConfig: + type: object + additionalProperties: false + description: Configuration for the cluster used to run model monitoring jobs. + properties: + InstanceCount: + description: The number of ML compute instances to use in the model monitoring job. For distributed processing jobs, specify a value greater than 1. The default value is 1. + type: integer + minimum: 1 + maximum: 100 + InstanceType: + description: The ML compute instance type for the processing job. + type: string + VolumeKmsKeyId: + description: The AWS Key Management Service (AWS KMS) key that Amazon SageMaker uses to encrypt data on the storage volume attached to the ML compute instance(s) that run the model monitoring job. + type: string + minimum: 1 + maximum: 2048 + VolumeSizeInGB: + description: The size of the ML storage volume, in gigabytes, that you want to provision. You must specify sufficient ML storage for your scenario. + type: integer + minimum: 1 + maximum: 16384 + required: + - InstanceCount + - InstanceType + - VolumeSizeInGB + NetworkConfig: + type: object + additionalProperties: false + description: Networking options for a job, such as network traffic encryption between containers, whether to allow inbound and outbound network calls to and from containers, and the VPC subnets and security groups to use for VPC-enabled jobs. + properties: + EnableInterContainerTrafficEncryption: + description: Whether to encrypt all communications between distributed processing jobs. Choose True to encrypt communications. Encryption provides greater security for distributed processing jobs, but the processing might take longer. + type: boolean + EnableNetworkIsolation: + description: Whether to allow inbound and outbound network calls to and from the containers used for the processing job. + type: boolean + VpcConfig: + $ref: '#/components/schemas/VpcConfig' + VpcConfig: + type: object + additionalProperties: false + description: Specifies a VPC that your training jobs and hosted models have access to. Control access to and from your training and model containers by configuring the VPC. + properties: + SecurityGroupIds: + description: The VPC security group IDs, in the form sg-xxxxxxxx. Specify the security groups for the VPC that is specified in the Subnets field. + type: array + minItems: 1 + maxItems: 5 + items: + type: string + maxLength: 32 + pattern: '[-0-9a-zA-Z]+' + Subnets: + description: The ID of the subnets in the VPC to which you want to connect to your monitoring jobs. + type: array + minItems: 1 + maxItems: 16 + items: + type: string + maxLength: 32 + pattern: '[-0-9a-zA-Z]+' + required: + - SecurityGroupIds + - Subnets + StoppingCondition: + type: object + additionalProperties: false + description: Specifies a time limit for how long the monitoring job is allowed to run. + properties: + MaxRuntimeInSeconds: + description: The maximum runtime allowed in seconds. + type: integer + minimum: 1 + maximum: 86400 + required: + - MaxRuntimeInSeconds + EndpointName: + type: string + description: The name of the endpoint used to run the monitoring job. + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])* + maxLength: 63 + JobDefinitionName: + type: string + description: The name of the job definition. + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])*$ + maxLength: 63 + ProcessingJobName: + type: string + description: The name of a processing job + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])*$ + minLength: 1 + maxLength: 63 + DatasetFormat: + description: The dataset format of the data to monitor + type: object + properties: + Csv: + $ref: '#/components/schemas/Csv' + Json: + $ref: '#/components/schemas/Json' + Parquet: + $ref: '#/components/schemas/Parquet' + Csv: + description: The CSV format + type: object + properties: + Header: + description: A boolean flag indicating if given CSV has header + type: boolean + Json: + description: The Json format + type: object + properties: + Line: + description: A boolean flag indicating if it is JSON line format + type: boolean + Parquet: + description: A flag indicating if the dataset format is Parquet + type: boolean + DataQualityJobDefinition: + type: object + properties: + JobDefinitionArn: + description: The Amazon Resource Name (ARN) of job definition. + type: string + minLength: 1 + maxLength: 256 + JobDefinitionName: + $ref: '#/components/schemas/JobDefinitionName' + DataQualityBaselineConfig: + $ref: '#/components/schemas/DataQualityBaselineConfig' + DataQualityAppSpecification: + $ref: '#/components/schemas/DataQualityAppSpecification' + DataQualityJobInput: + $ref: '#/components/schemas/DataQualityJobInput' + DataQualityJobOutputConfig: + $ref: '#/components/schemas/MonitoringOutputConfig' + JobResources: + $ref: '#/components/schemas/MonitoringResources' + NetworkConfig: + $ref: '#/components/schemas/NetworkConfig' + EndpointName: + $ref: '#/components/schemas/EndpointName' + RoleArn: + description: The Amazon Resource Name (ARN) of an IAM role that Amazon SageMaker can assume to perform tasks on your behalf. + type: string + pattern: ^arn:aws[a-z\-]*:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + minLength: 20 + maxLength: 2048 + StoppingCondition: + $ref: '#/components/schemas/StoppingCondition' + Tags: + type: array + maxItems: 50 + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + CreationTime: + description: The time at which the job definition was created. + type: string + required: + - DataQualityAppSpecification + - DataQualityJobInput + - DataQualityJobOutputConfig + - JobResources + - RoleArn + x-stackql-resource-name: data_quality_job_definition + description: Resource Type definition for AWS::SageMaker::DataQualityJobDefinition + x-type-name: AWS::SageMaker::DataQualityJobDefinition + x-stackql-primary-identifier: + - JobDefinitionArn + x-create-only-properties: + - JobDefinitionName + - DataQualityAppSpecification + - DataQualityBaselineConfig + - DataQualityJobInput + - DataQualityJobOutputConfig + - JobResources + - NetworkConfig + - RoleArn + - StoppingCondition + - Tags + - EndpointName + x-write-only-properties: + - EndpointName + - Tags + - Tags/*/Key + - Tags/*/Value + x-read-only-properties: + - CreationTime + - JobDefinitionArn + x-required-properties: + - DataQualityAppSpecification + - DataQualityJobInput + - DataQualityJobOutputConfig + - JobResources + - RoleArn + x-required-permissions: + create: + - sagemaker:CreateDataQualityJobDefinition + - sagemaker:DescribeDataQualityJobDefinition + - sagemaker:AddTags + - iam:PassRole + delete: + - sagemaker:DeleteDataQualityJobDefinition + read: + - sagemaker:DescribeDataQualityJobDefinition + list: + - sagemaker:ListDataQualityJobDefinitions + - sagemaker:ListTags + Device: + type: object + properties: + DeviceFleetName: + description: The name of the edge device fleet + type: string + pattern: ^[a-zA-Z0-9](-*_*[a-zA-Z0-9])*$ + minLength: 1 + maxLength: 63 + Device: + description: The Edge Device you want to register against a device fleet + $ref: '#/components/schemas/Device' + Tags: + description: Associate tags with the resource + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - DeviceFleetName + x-stackql-resource-name: device + description: Resource schema for AWS::SageMaker::Device + x-type-name: AWS::SageMaker::Device + x-stackql-primary-identifier: + - Device/DeviceName + x-create-only-properties: + - Device/DeviceName + x-required-properties: + - DeviceFleetName + x-required-permissions: + create: + - sagemaker:RegisterDevices + read: + - sagemaker:DescribeDevice + update: + - sagemaker:UpdateDevices + delete: + - sagemaker:DeregisterDevices + EdgeOutputConfig: + type: object + properties: + S3OutputLocation: + description: The Amazon Simple Storage (S3) bucket URI + type: string + pattern: ^s3://([^/]+)/?(.*)$ + maxLength: 1024 + KmsKeyId: + description: The KMS key id used for encryption on the S3 bucket + type: string + pattern: '[a-zA-Z0-9:_-]+' + minLength: 1 + maxLength: 2048 + required: + - S3OutputLocation + additionalProperties: false + DeviceFleet: + type: object + properties: + Description: + description: Description for the edge device fleet + type: string + pattern: '[\S\s]+' + minLength: 0 + maxLength: 800 + DeviceFleetName: + description: The name of the edge device fleet + type: string + pattern: ^[a-zA-Z0-9](-*_*[a-zA-Z0-9])*$ + minLength: 1 + maxLength: 63 + OutputConfig: + description: S3 bucket and an ecryption key id (if available) to store outputs for the fleet + $ref: '#/components/schemas/EdgeOutputConfig' + RoleArn: + description: Role associated with the device fleet + type: string + pattern: ^arn:aws[a-z\-]*:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + minLength: 20 + maxLength: 2048 + Tags: + description: Associate tags with the resource + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - DeviceFleetName + - OutputConfig + - RoleArn + x-stackql-resource-name: device_fleet + description: Resource schema for AWS::SageMaker::DeviceFleet + x-type-name: AWS::SageMaker::DeviceFleet + x-stackql-primary-identifier: + - DeviceFleetName + x-create-only-properties: + - DeviceFleetName + x-required-properties: + - DeviceFleetName + - OutputConfig + - RoleArn + x-required-permissions: + create: + - sagemaker:CreateDeviceFleet + - iam:PassRole + read: + - sagemaker:DescribeDeviceFleet + update: + - sagemaker:UpdateDeviceFleet + - iam:PassRole + delete: + - sagemaker:DeleteDeviceFleet + UserSettings: + type: object + description: A collection of settings that apply to users of Amazon SageMaker Studio. These settings are specified when the CreateUserProfile API is called, and as DefaultUserSettings when the CreateDomain API is called. + additionalProperties: false + properties: + ExecutionRole: + type: string + description: The user profile Amazon Resource Name (ARN). + minLength: 20 + maxLength: 2048 + pattern: ^arn:aws[a-z\-]*:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + JupyterServerAppSettings: + $ref: '#/components/schemas/JupyterServerAppSettings' + description: The Jupyter server's app settings. + KernelGatewayAppSettings: + $ref: '#/components/schemas/KernelGatewayAppSettings' + description: The kernel gateway app settings. + RStudioServerProAppSettings: + $ref: '#/components/schemas/RStudioServerProAppSettings' + JupyterLabAppSettings: + $ref: '#/components/schemas/JupyterLabAppSettings' + SpaceStorageSettings: + $ref: '#/components/schemas/DefaultSpaceStorageSettings' + CodeEditorAppSettings: + $ref: '#/components/schemas/CodeEditorAppSettings' + DefaultLandingUri: + type: string + description: Defines which Amazon SageMaker application users are directed to by default. + maxLength: 1023 + StudioWebPortal: + type: string + description: Indicates whether the Studio experience is available to users. If not, users cannot access Studio. + enum: + - ENABLED + - DISABLED + CustomPosixUserConfig: + $ref: '#/components/schemas/CustomPosixUserConfig' + CustomFileSystemConfigs: + type: array + uniqueItems: true + minItems: 0 + maxItems: 2 + items: + $ref: '#/components/schemas/CustomFileSystemConfig' + SecurityGroups: + type: array + description: The security groups for the Amazon Virtual Private Cloud (VPC) that Studio uses for communication. + uniqueItems: false + minItems: 0 + maxItems: 5 + items: + type: string + maxLength: 32 + pattern: '[-0-9a-zA-Z]+' + SharingSettings: + $ref: '#/components/schemas/SharingSettings' + description: The sharing settings. + DefaultSpaceSettings: + type: object + description: A collection of settings that apply to spaces of Amazon SageMaker Studio. These settings are specified when the Create/Update Domain API is called. + additionalProperties: false + properties: + ExecutionRole: + type: string + description: The execution role for the space. + minLength: 20 + maxLength: 2048 + pattern: ^arn:aws[a-z\-]*:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + JupyterServerAppSettings: + $ref: '#/components/schemas/JupyterServerAppSettings' + description: The Jupyter server's app settings. + KernelGatewayAppSettings: + $ref: '#/components/schemas/KernelGatewayAppSettings' + description: The kernel gateway app settings. + SecurityGroups: + type: array + description: The security groups for the Amazon Virtual Private Cloud (VPC) that Studio uses for communication. + uniqueItems: false + x-insertionOrder: false + minItems: 0 + maxItems: 5 + items: + type: string + maxLength: 32 + pattern: '[-0-9a-zA-Z]+' + required: + - ExecutionRole + JupyterServerAppSettings: + type: object + description: The JupyterServer app settings. + additionalProperties: false + properties: + DefaultResourceSpec: + $ref: '#/components/schemas/ResourceSpec' + KernelGatewayAppSettings: + type: object + description: The kernel gateway app settings. + additionalProperties: false + properties: + CustomImages: + type: array + description: A list of custom SageMaker images that are configured to run as a KernelGateway app. + uniqueItems: false + minItems: 0 + maxItems: 30 + items: + $ref: '#/components/schemas/CustomImage' + DefaultResourceSpec: + $ref: '#/components/schemas/ResourceSpec' + description: The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the KernelGateway app. + JupyterLabAppSettings: + type: object + description: The JupyterLab app settings. + additionalProperties: false + properties: + DefaultResourceSpec: + $ref: '#/components/schemas/ResourceSpec' + description: The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the JupyterLab app. + LifecycleConfigArns: + type: array + description: A list of LifecycleConfigArns available for use with JupyterLab apps. + uniqueItems: false + minItems: 0 + maxItems: 30 + items: + $ref: '#/components/schemas/StudioLifecycleConfigArn' + CodeRepositories: + type: array + description: A list of CodeRepositories available for use with JupyterLab apps. + uniqueItems: false + minItems: 0 + maxItems: 30 + items: + $ref: '#/components/schemas/CodeRepository' + CustomImages: + type: array + description: A list of custom images available for use for JupyterLab apps + uniqueItems: false + minItems: 0 + maxItems: 30 + items: + $ref: '#/components/schemas/CustomImage' + CodeRepository: + type: object + additionalProperties: false + properties: + RepositoryUrl: + type: string + description: A CodeRepository (valid URL) to be used within Jupyter's Git extension. + maxLength: 256 + pattern: ^https://([.\-_a-zA-Z0-9]+/?){3,1016}$ + required: + - RepositoryUrl + DefaultSpaceStorageSettings: + type: object + description: Default storage settings for a space. + additionalProperties: false + properties: + DefaultEbsStorageSettings: + $ref: '#/components/schemas/DefaultEbsStorageSettings' + DefaultEbsStorageSettings: + type: object + description: Properties related to the Amazon Elastic Block Store volume. + additionalProperties: false + properties: + DefaultEbsVolumeSizeInGb: + description: Default size of the Amazon EBS volume in Gb + $ref: '#/components/schemas/SpaceEbsVolumeSizeInGb' + MaximumEbsVolumeSizeInGb: + description: Maximum size of the Amazon EBS volume in Gb. Must be greater than or equal to the DefaultEbsVolumeSizeInGb. + $ref: '#/components/schemas/SpaceEbsVolumeSizeInGb' + required: + - DefaultEbsVolumeSizeInGb + - MaximumEbsVolumeSizeInGb + SpaceEbsVolumeSizeInGb: + type: integer + minimum: 5 + maximum: 16384 + CodeEditorAppSettings: + type: object + description: The CodeEditor app settings. + additionalProperties: false + properties: + DefaultResourceSpec: + $ref: '#/components/schemas/ResourceSpec' + description: The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the CodeEditor app. + LifecycleConfigArns: + type: array + description: A list of LifecycleConfigArns available for use with CodeEditor apps. + uniqueItems: false + minItems: 0 + maxItems: 30 + items: + $ref: '#/components/schemas/StudioLifecycleConfigArn' + CustomImages: + type: array + description: A list of custom images for use for CodeEditor apps. + uniqueItems: false + minItems: 0 + maxItems: 30 + items: + $ref: '#/components/schemas/CustomImage' + StudioLifecycleConfigArn: + type: string + description: The Amazon Resource Name (ARN) of the Lifecycle Configuration to attach to the Resource. + maxLength: 256 + pattern: arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:studio-lifecycle-config/.* + CustomPosixUserConfig: + type: object + additionalProperties: false + properties: + Uid: + type: integer + minimum: 10000 + maximum: 4000000 + Gid: + type: integer + minimum: 1001 + maximum: 4000000 + required: + - Uid + - Gid + CustomFileSystemConfig: + type: object + additionalProperties: false + properties: + EFSFileSystemConfig: + $ref: '#/components/schemas/EFSFileSystemConfig' + EFSFileSystemConfig: + type: object + additionalProperties: false + properties: + FileSystemPath: + type: string + pattern: ^\/\S*$ + minLength: 1 + maxLength: 256 + FileSystemId: + type: string + minLength: 11 + maxLength: 21 + pattern: ^(fs-[0-9a-f]{8,})$ + required: + - FileSystemId + CustomImage: + type: object + description: A custom SageMaker image. + additionalProperties: false + properties: + AppImageConfigName: + type: string + description: The Name of the AppImageConfig. + maxLength: 63 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62} + ImageName: + type: string + description: The name of the CustomImage. Must be unique to your account. + maxLength: 63 + pattern: ^[a-zA-Z0-9]([-.]?[a-zA-Z0-9]){0,62}$ + ImageVersionNumber: + type: integer + description: The version number of the CustomImage. + minimum: 0 + required: + - AppImageConfigName + - ImageName + SharingSettings: + type: object + description: Specifies options when sharing an Amazon SageMaker Studio notebook. These settings are specified as part of DefaultUserSettings when the CreateDomain API is called, and as part of UserSettings when the CreateUserProfile API is called. + additionalProperties: false + properties: + NotebookOutputOption: + type: string + description: Whether to include the notebook cell output when sharing the notebook. The default is Disabled. + enum: + - Allowed + - Disabled + S3KmsKeyId: + type: string + description: When NotebookOutputOption is Allowed, the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket. + maxLength: 2048 + pattern: .* + S3OutputPath: + type: string + description: When NotebookOutputOption is Allowed, the Amazon S3 bucket used to store the shared notebook snapshots. + maxLength: 1024 + pattern: ^(https|s3)://([^/]+)/?(.*)$ + DomainSettings: + type: object + description: A collection of Domain settings. + additionalProperties: false + properties: + SecurityGroupIds: + type: array + description: The security groups for the Amazon Virtual Private Cloud that the Domain uses for communication between Domain-level apps and user apps. + uniqueItems: false + x-insertionOrder: false + minItems: 1 + maxItems: 3 + items: + type: string + maxLength: 32 + pattern: '[-0-9a-zA-Z]+' + RStudioServerProDomainSettings: + $ref: '#/components/schemas/RStudioServerProDomainSettings' + DockerSettings: + $ref: '#/components/schemas/DockerSettings' + DockerSettings: + type: object + description: A collection of settings that are required to start docker-proxy server. + additionalProperties: false + properties: + EnableDockerAccess: + type: string + description: The flag to enable/disable docker-proxy server + enum: + - ENABLED + - DISABLED + VpcOnlyTrustedAccounts: + type: array + description: A list of account id's that would be used to pull images from in VpcOnly mode + uniqueItems: false + x-insertionOrder: false + minItems: 0 + maxItems: 10 + items: + type: string + maxLength: 12 + pattern: ^[0-9]$ + RStudioServerProDomainSettings: + type: object + description: A collection of settings that update the current configuration for the RStudioServerPro Domain-level app. + additionalProperties: false + properties: + DomainExecutionRoleArn: + type: string + description: The ARN of the execution role for the RStudioServerPro Domain-level app. + minLength: 20 + maxLength: 2048 + pattern: ^arn:aws[a-z\-]*:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + RStudioConnectUrl: + type: string + description: A URL pointing to an RStudio Connect server. + pattern: ^(https:|http:|www\.)\S* + RStudioPackageManagerUrl: + type: string + description: A URL pointing to an RStudio Package Manager server. + pattern: ^(https:|http:|www\.)\S* + DefaultResourceSpec: + $ref: '#/components/schemas/ResourceSpec' + required: + - DomainExecutionRoleArn + RSessionAppSettings: + type: object + description: A collection of settings that apply to an RSessionGateway app. + additionalProperties: false + properties: + CustomImages: + type: array + description: A list of custom SageMaker images that are configured to run as a KernelGateway app. + x-insertionOrder: false + uniqueItems: false + minItems: 0 + maxItems: 30 + items: + $ref: '#/components/schemas/CustomImage' + DefaultResourceSpec: + $ref: '#/components/schemas/ResourceSpec' + RStudioServerProAppSettings: + type: object + description: A collection of settings that configure user interaction with the RStudioServerPro app. + additionalProperties: false + properties: + AccessStatus: + type: string + description: Indicates whether the current user has access to the RStudioServerPro app. + enum: + - ENABLED + - DISABLED + UserGroup: + type: string + description: The level of permissions that the user has within the RStudioServerPro app. This value defaults to User. The Admin value allows the user access to the RStudio Administrative Dashboard. + enum: + - R_STUDIO_ADMIN + - R_STUDIO_USER + Domain: + description: The machine learning domain of the model package you specified. + type: string + FeatureDefinition: + type: object + additionalProperties: false + properties: + FeatureName: + type: string + minLength: 1 + maxLength: 64 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,63} + FeatureType: + type: string + enum: + - Integral + - Fractional + - String + required: + - FeatureName + - FeatureType + KmsKeyId: + type: string + maxLength: 2048 + StorageType: + type: string + enum: + - Standard + - InMemory + TtlDuration: + type: object + description: TTL configuration of the feature group + additionalProperties: false + properties: + Unit: + $ref: '#/components/schemas/Unit' + Value: + $ref: '#/components/schemas/Value' + Unit: + type: string + description: Unit of ttl configuration + enum: + - Seconds + - Minutes + - Hours + - Days + - Weeks + Value: + type: integer + description: Value of ttl configuration + OnlineStoreSecurityConfig: + type: object + additionalProperties: false + properties: + KmsKeyId: + $ref: '#/components/schemas/KmsKeyId' + S3StorageConfig: + type: object + additionalProperties: false + properties: + S3Uri: + type: string + maxLength: 1024 + pattern: ^(https|s3)://([^/]+)/?(.*)$ + KmsKeyId: + $ref: '#/components/schemas/KmsKeyId' + required: + - S3Uri + DataCatalogConfig: + type: object + additionalProperties: false + properties: + TableName: + type: string + minLength: 1 + maxLength: 255 + pattern: "[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\t]*" + Catalog: + type: string + minLength: 1 + maxLength: 255 + pattern: "[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\t]*" + Database: + type: string + minLength: 1 + maxLength: 255 + pattern: "[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\t]*" + required: + - TableName + - Catalog + - Database + TableFormat: + type: string + description: Format for the offline store feature group. Iceberg is the optimal format for feature groups shared between offline and online stores. + enum: + - Iceberg + - Glue + ThroughputMode: + type: string + description: Throughput mode configuration of the feature group + enum: + - OnDemand + - Provisioned + ThroughputConfig: + type: object + additionalProperties: false + properties: + ThroughputMode: + $ref: '#/components/schemas/ThroughputMode' + ProvisionedReadCapacityUnits: + type: integer + description: For provisioned feature groups with online store enabled, this indicates the read throughput you are billed for and can consume without throttling. + ProvisionedWriteCapacityUnits: + type: integer + description: For provisioned feature groups, this indicates the write throughput you are billed for and can consume without throttling. + required: + - ThroughputMode + FeatureGroup: + type: object + properties: + FeatureGroupName: + type: string + description: The Name of the FeatureGroup. + minLength: 1 + maxLength: 64 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,63} + RecordIdentifierFeatureName: + type: string + description: The Record Identifier Feature Name. + minLength: 1 + maxLength: 64 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,63} + EventTimeFeatureName: + type: string + description: The Event Time Feature Name. + minLength: 1 + maxLength: 64 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,63} + FeatureDefinitions: + type: array + description: An Array of Feature Definition + uniqueItems: false + x-insertionOrder: false + minItems: 1 + maxItems: 2500 + items: + $ref: '#/components/schemas/FeatureDefinition' + OnlineStoreConfig: + type: object + additionalProperties: false + properties: + SecurityConfig: + $ref: '#/components/schemas/OnlineStoreSecurityConfig' + EnableOnlineStore: + type: boolean + StorageType: + $ref: '#/components/schemas/StorageType' + TtlDuration: + $ref: '#/components/schemas/TtlDuration' + OfflineStoreConfig: + type: object + additionalProperties: false + properties: + S3StorageConfig: + $ref: '#/components/schemas/S3StorageConfig' + DisableGlueTableCreation: + type: boolean + DataCatalogConfig: + $ref: '#/components/schemas/DataCatalogConfig' + TableFormat: + $ref: '#/components/schemas/TableFormat' + required: + - S3StorageConfig + ThroughputConfig: + $ref: '#/components/schemas/ThroughputConfig' + RoleArn: + type: string + description: Role Arn + minLength: 20 + maxLength: 2048 + pattern: ^arn:aws[a-z\-]*:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + Description: + type: string + description: Description about the FeatureGroup. + maxLength: 128 + CreationTime: + description: A timestamp of FeatureGroup creation time. + type: string + FeatureGroupStatus: + description: The status of the feature group. + type: string + Tags: + type: array + description: An array of key-value pair to apply to this resource. + uniqueItems: false + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + required: + - FeatureGroupName + - RecordIdentifierFeatureName + - EventTimeFeatureName + - FeatureDefinitions + x-stackql-resource-name: feature_group + description: Resource Type definition for AWS::SageMaker::FeatureGroup + x-type-name: AWS::SageMaker::FeatureGroup + x-stackql-primary-identifier: + - FeatureGroupName + x-create-only-properties: + - FeatureGroupName + - RecordIdentifierFeatureName + - EventTimeFeatureName + - OnlineStoreConfig/SecurityConfig + - OnlineStoreConfig/EnableOnlineStore + - OnlineStoreConfig/StorageType + - OfflineStoreConfig + - RoleArn + - Description + - Tags + x-read-only-properties: + - CreationTime + - FeatureGroupStatus + x-required-properties: + - FeatureGroupName + - RecordIdentifierFeatureName + - EventTimeFeatureName + - FeatureDefinitions + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:PassRole + - kms:CreateGrant + - kms:DescribeKey + - glue:CreateTable + - glue:GetTable + - glue:CreateDatabase + - glue:GetDatabase + - sagemaker:CreateFeatureGroup + - sagemaker:DescribeFeatureGroup + - sagemaker:AddTags + - sagemaker:ListTags + update: + - sagemaker:UpdateFeatureGroup + - sagemaker:DescribeFeatureGroup + - sagemaker:AddTags + - sagemaker:ListTags + - sagemaker:DeleteTags + read: + - sagemaker:DescribeFeatureGroup + - sagemaker:ListTags + delete: + - sagemaker:DeleteFeatureGroup + - sagemaker:DescribeFeatureGroup + list: + - sagemaker:ListFeatureGroups + ImageName: + type: string + description: The name of the image this version belongs to. + pattern: ^[A-Za-z0-9]([-.]?[A-Za-z0-9])*$ + minLength: 1 + maxLength: 63 + ImageArn: + type: string + description: The Amazon Resource Name (ARN) of the parent image. + minLength: 1 + maxLength: 256 + pattern: ^arn:aws(-[\w]+)*:sagemaker:[a-z0-9\-]*:[0-9]{12}:image\/[a-zA-Z0-9]([-.]?[a-zA-Z0-9])*$ + ImageRoleArn: + description: The Amazon Resource Name (ARN) of an IAM role that enables Amazon SageMaker to perform tasks on behalf of the customer. + type: string + minLength: 1 + maxLength: 256 + pattern: ^arn:aws(-[\w]+)*:iam::[0-9]{12}:role/.*$ + ImageDisplayName: + type: string + description: The display name of the image. + pattern: ^[A-Za-z0-9 -_]+$ + minLength: 1 + maxLength: 128 + ImageDescription: + type: string + description: A description of the image. + pattern: .+ + minLength: 1 + maxLength: 512 + Image: + type: object + properties: + ImageName: + $ref: '#/components/schemas/ImageName' + ImageArn: + $ref: '#/components/schemas/ImageArn' + ImageRoleArn: + $ref: '#/components/schemas/ImageRoleArn' + ImageDisplayName: + $ref: '#/components/schemas/ImageDisplayName' + ImageDescription: + $ref: '#/components/schemas/ImageDescription' + Tags: + type: array + maxItems: 50 + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + required: + - ImageName + - ImageRoleArn + x-stackql-resource-name: image + description: Resource Type definition for AWS::SageMaker::Image + x-type-name: AWS::SageMaker::Image + x-stackql-primary-identifier: + - ImageArn + x-stackql-additional-identifiers: + - - ImageName + x-create-only-properties: + - ImageName + x-read-only-properties: + - ImageArn + x-required-properties: + - ImageName + - ImageRoleArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - sagemaker:CreateImage + - sagemaker:DescribeImage + - iam:PassRole + - sagemaker:AddTags + - sagemaker:ListTags + read: + - sagemaker:DescribeImage + - sagemaker:ListTags + update: + - sagemaker:UpdateImage + - sagemaker:DescribeImage + - sagemaker:ListTags + - sagemaker:AddTags + - sagemaker:DeleteTags + - iam:PassRole + delete: + - sagemaker:DeleteImage + - sagemaker:DescribeImage + list: + - sagemaker:ListImages + ImageVersionArn: + type: string + description: The Amazon Resource Name (ARN) of the image version. + minLength: 1 + maxLength: 256 + pattern: ^arn:aws(-[\w]+)*:sagemaker:[a-z0-9\-]*:[0-9]{12}:image-version\/[a-zA-Z0-9]([-.]?[a-zA-Z0-9])*\/[0-9]+$ + BaseImage: + type: string + description: The registry path of the container image on which this image version is based. + minLength: 1 + maxLength: 255 + pattern: .+ + ContainerImage: + description: The image to use for the container that will be materialized for the inference component + type: string + pattern: '[\S]+' + maxLength: 255 + Alias: + type: string + description: The alias of the image version. + minLength: 1 + maxLength: 128 + pattern: (?!^[.-])^([a-zA-Z0-9-_.]+)$ + Aliases: + type: array + description: List of aliases for the image version. + items: + $ref: '#/components/schemas/Alias' + Version: + type: integer + description: The version number of the image version. + minimum: 1 + VendorGuidance: + type: string + description: The availability of the image version specified by the maintainer. + enum: + - NOT_PROVIDED + - STABLE + - TO_BE_ARCHIVED + - ARCHIVED + JobType: + type: string + description: Indicates SageMaker job type compatibility. + enum: + - TRAINING + - INFERENCE + - NOTEBOOK_KERNEL + MLFramework: + type: string + description: The machine learning framework vended in the image version. + pattern: ^[a-zA-Z]+ ?\d+\.\d+(\.\d+)?$ + minLength: 1 + maxLength: 128 + ProgrammingLang: + type: string + description: The supported programming language and its version. + pattern: ^[a-zA-Z]+ ?\d+\.\d+(\.\d+)?$ + minLength: 1 + maxLength: 128 + Processor: + type: string + description: Indicates CPU or GPU compatibility. + enum: + - CPU + - GPU + Horovod: + type: boolean + description: Indicates Horovod compatibility. + ReleaseNotes: + type: string + description: The maintainer description of the image version. + pattern: .* + minLength: 1 + maxLength: 255 + ImageVersion: + type: object + properties: + ImageName: + $ref: '#/components/schemas/ImageName' + ImageArn: + $ref: '#/components/schemas/ImageArn' + ImageVersionArn: + $ref: '#/components/schemas/ImageVersionArn' + BaseImage: + $ref: '#/components/schemas/BaseImage' + ContainerImage: + $ref: '#/components/schemas/ContainerImage' + Version: + $ref: '#/components/schemas/Version' + Alias: + $ref: '#/components/schemas/Alias' + Aliases: + $ref: '#/components/schemas/Aliases' + VendorGuidance: + $ref: '#/components/schemas/VendorGuidance' + JobType: + $ref: '#/components/schemas/JobType' + MLFramework: + $ref: '#/components/schemas/MLFramework' + ProgrammingLang: + $ref: '#/components/schemas/ProgrammingLang' + Processor: + $ref: '#/components/schemas/Processor' + Horovod: + $ref: '#/components/schemas/Horovod' + ReleaseNotes: + $ref: '#/components/schemas/ReleaseNotes' + required: + - ImageName + - BaseImage + x-stackql-resource-name: image_version + description: Resource Type definition for AWS::SageMaker::ImageVersion + x-type-name: AWS::SageMaker::ImageVersion + x-stackql-primary-identifier: + - ImageVersionArn + x-create-only-properties: + - ImageName + - BaseImage + x-write-only-properties: + - Aliases + - Alias + x-read-only-properties: + - ImageVersionArn + - ImageArn + - Version + - ContainerImage + x-required-properties: + - ImageName + - BaseImage + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - sagemaker:CreateImageVersion + - sagemaker:DescribeImageVersion + read: + - sagemaker:DescribeImageVersion + update: + - sagemaker:UpdateImageVersion + - sagemaker:DescribeImageVersion + - sagemaker:ListAliases + delete: + - sagemaker:DeleteImageVersion + - sagemaker:DescribeImageVersion + list: + - sagemaker:ListImageVersions + InferenceComponentArn: + description: The Amazon Resource Name (ARN) of the inference component + type: string + minLength: 1 + maxLength: 256 + InferenceComponentName: + description: The name of the inference component + type: string + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])*$ + maxLength: 63 + EndpointArn: + description: The Amazon Resource Name (ARN) of the endpoint the inference component is associated with + type: string + minLength: 1 + maxLength: 256 + VariantName: + description: The name of the endpoint variant the inference component is associated with + type: string + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])*$ + maxLength: 63 + FailureReason: + description: The failure reason if the inference component is in a failed state + type: string + maxLength: 63 + ModelName: + description: The name of the model to use with the inference component + type: string + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])*$ + maxLength: 63 + Timestamp: + type: string + DeployedImage: + description: '' + type: object + additionalProperties: false + properties: + SpecifiedImage: + $ref: '#/components/schemas/ContainerImage' + ResolvedImage: + $ref: '#/components/schemas/ContainerImage' + ResolutionTime: + $ref: '#/components/schemas/Timestamp' + Url: + type: string + pattern: ^(https|s3)://([^/]+)/?(.*)$ + maxLength: 1024 + EnvironmentMap: + description: Environment variables to specify on the container + type: object + additionalProperties: false + maxProperties: 16 + x-patternProperties: + ^[a-zA-Z_][a-zA-Z0-9_]{1,1024}$: + type: string + pattern: ^[\S\s]*$ + maxLength: 1024 + InferenceComponentContainerSpecification: + description: '' + type: object + additionalProperties: false + properties: + DeployedImage: + $ref: '#/components/schemas/DeployedImage' + Image: + $ref: '#/components/schemas/ContainerImage' + ArtifactUrl: + $ref: '#/components/schemas/Url' + Environment: + $ref: '#/components/schemas/EnvironmentMap' + StartupParameterTimeoutInSeconds: + type: integer + minimum: 60 + maximum: 3600 + InferenceComponentStartupParameters: + description: '' + type: object + additionalProperties: false + properties: + ModelDataDownloadTimeoutInSeconds: + $ref: '#/components/schemas/StartupParameterTimeoutInSeconds' + ContainerStartupHealthCheckTimeoutInSeconds: + $ref: '#/components/schemas/StartupParameterTimeoutInSeconds' + NumberOfCpuCores: + type: number + minimum: 0.25 + NumberOfAcceleratorDevices: + type: number + minimum: 1 + MemoryInMb: + type: integer + minimum: 128 + InferenceComponentComputeResourceRequirements: + description: '' + type: object + additionalProperties: false + properties: + NumberOfCpuCoresRequired: + $ref: '#/components/schemas/NumberOfCpuCores' + NumberOfAcceleratorDevicesRequired: + $ref: '#/components/schemas/NumberOfAcceleratorDevices' + MinMemoryRequiredInMb: + $ref: '#/components/schemas/MemoryInMb' + MaxMemoryRequiredInMb: + $ref: '#/components/schemas/MemoryInMb' + InferenceComponentSpecification: + description: The specification for the inference component + type: object + additionalProperties: false + properties: + ModelName: + $ref: '#/components/schemas/ModelName' + Container: + $ref: '#/components/schemas/InferenceComponentContainerSpecification' + StartupParameters: + $ref: '#/components/schemas/InferenceComponentStartupParameters' + ComputeResourceRequirements: + $ref: '#/components/schemas/InferenceComponentComputeResourceRequirements' + required: + - ComputeResourceRequirements + InferenceComponentCopyCount: + description: The number of copies for the inference component + type: integer + minimum: 0 + InferenceComponentRuntimeConfig: + description: The runtime config for the inference component + type: object + additionalProperties: false + properties: + CopyCount: + $ref: '#/components/schemas/InferenceComponentCopyCount' + DesiredCopyCount: + $ref: '#/components/schemas/InferenceComponentCopyCount' + CurrentCopyCount: + $ref: '#/components/schemas/InferenceComponentCopyCount' + InferenceComponentStatus: + type: string + enum: + - InService + - Creating + - Updating + - Failed + - Deleting + TagList: + type: array + maxItems: 50 + description: An array of tags to apply to the resource + items: + $ref: '#/components/schemas/Tag' + InferenceComponent: + type: object + properties: + InferenceComponentArn: + $ref: '#/components/schemas/InferenceComponentArn' + InferenceComponentName: + $ref: '#/components/schemas/InferenceComponentName' + EndpointArn: + $ref: '#/components/schemas/EndpointArn' + EndpointName: + $ref: '#/components/schemas/EndpointName' + VariantName: + $ref: '#/components/schemas/VariantName' + FailureReason: + $ref: '#/components/schemas/FailureReason' + Specification: + $ref: '#/components/schemas/InferenceComponentSpecification' + RuntimeConfig: + $ref: '#/components/schemas/InferenceComponentRuntimeConfig' + InferenceComponentStatus: + $ref: '#/components/schemas/InferenceComponentStatus' + CreationTime: + $ref: '#/components/schemas/Timestamp' + LastModifiedTime: + $ref: '#/components/schemas/Timestamp' + Tags: + $ref: '#/components/schemas/TagList' + required: + - EndpointName + - VariantName + - Specification + - RuntimeConfig + x-stackql-resource-name: inference_component + description: Resource Type definition for AWS::SageMaker::InferenceComponent + x-type-name: AWS::SageMaker::InferenceComponent + x-stackql-primary-identifier: + - InferenceComponentArn + x-write-only-properties: + - Specification/Container/Image + - RuntimeConfig/CopyCount + x-read-only-properties: + - InferenceComponentArn + - Specification/Container/DeployedImage + - RuntimeConfig/DesiredCopyCount + - RuntimeConfig/CurrentCopyCount + - CreationTime + - LastModifiedTime + - FailureReason + - InferenceComponentStatus + x-required-properties: + - EndpointName + - VariantName + - Specification + - RuntimeConfig + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - sagemaker:AddTags + - sagemaker:ListTags + - sagemaker:CreateInferenceComponent + - sagemaker:DescribeInferenceComponent + update: + - sagemaker:UpdateInferenceComponent + - sagemaker:UpdateInferenceComponentRuntimeConfig + - sagemaker:DescribeInferenceComponent + - sagemaker:AddTags + - sagemaker:ListTags + - sagemaker:DeleteTags + delete: + - sagemaker:DescribeInferenceComponent + - sagemaker:DeleteInferenceComponent + - sagemaker:DeleteTags + read: + - sagemaker:DescribeInferenceComponent + - sagemaker:ListTags + list: + - sagemaker:ListInferenceComponents + - sagemaker:DescribeInferenceComponent + - sagemaker:ListTags + EndpointMetadata: + description: The metadata of the endpoint on which the inference experiment ran. + type: object + additionalProperties: false + properties: + EndpointName: + $ref: '#/components/schemas/EndpointName' + EndpointConfigName: + description: The name of the endpoint configuration. + type: string + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])* + maxLength: 63 + EndpointStatus: + description: The status of the endpoint. For possible values of the status of an endpoint. + type: string + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])* + enum: + - Creating + - Updating + - SystemUpdating + - RollingBack + - InService + - OutOfService + - Deleting + - Failed + required: + - EndpointName + CaptureContentTypeHeader: + description: Configuration specifying how to treat different headers. If no headers are specified SageMaker will by default base64 encode when capturing the data. + type: object + additionalProperties: false + properties: + CsvContentTypes: + description: The list of all content type headers that SageMaker will treat as CSV and capture accordingly. + type: array + minItems: 1 + maxItems: 10 + items: + type: string + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])*/[a-zA-Z0-9](-*[a-zA-Z0-9.])* + minLength: 1 + maxLength: 256 + JsonContentTypes: + description: The list of all content type headers that SageMaker will treat as JSON and capture accordingly. + type: array + minItems: 1 + maxItems: 10 + items: + type: string + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])*/[a-zA-Z0-9](-*[a-zA-Z0-9.])* + minLength: 1 + maxLength: 256 + DataStorageConfig: + description: The Amazon S3 location and configuration for storing inference request and response data. + type: object + additionalProperties: false + properties: + Destination: + description: The Amazon S3 bucket where the inference request and response data is stored. + type: string + pattern: ^(https|s3)://([^/])/?(.*)$ + maxLength: 512 + KmsKey: + description: The AWS Key Management Service key that Amazon SageMaker uses to encrypt captured data at rest using Amazon S3 server-side encryption. + type: string + pattern: .* + maxLength: 2048 + ContentType: + $ref: '#/components/schemas/CaptureContentTypeHeader' + required: + - Destination + InferenceExperimentSchedule: + description: The duration for which you want the inference experiment to run. + type: object + additionalProperties: false + properties: + StartTime: + description: The timestamp at which the inference experiment started or will start. + type: string + EndTime: + description: The timestamp at which the inference experiment ended or will end. + type: string + RealTimeInferenceConfig: + description: The infrastructure configuration for deploying the model to a real-time inference endpoint. + type: object + additionalProperties: false + properties: + InstanceType: + description: The instance type the model is deployed to. + type: string + InstanceCount: + description: The number of instances of the type specified by InstanceType. + type: integer + required: + - InstanceType + - InstanceCount + ModelInfrastructureConfig: + description: The configuration for the infrastructure that the model will be deployed to. + type: object + additionalProperties: false + properties: + InfrastructureType: + description: The type of the inference experiment that you want to run. + type: string + enum: + - RealTimeInference + RealTimeInferenceConfig: + $ref: '#/components/schemas/RealTimeInferenceConfig' + required: + - InfrastructureType + - RealTimeInferenceConfig + ModelVariantConfig: + description: Contains information about the deployment options of a model. + type: object + additionalProperties: false + properties: + ModelName: + description: The name of the Amazon SageMaker Model entity. + type: string + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])* + maxLength: 63 + VariantName: + description: The name of the variant. + type: string + pattern: ^[a-zA-Z0-9]([\-a-zA-Z0-9]*[a-zA-Z0-9])? + maxLength: 63 + InfrastructureConfig: + $ref: '#/components/schemas/ModelInfrastructureConfig' + required: + - ModelName + - VariantName + - InfrastructureConfig + ShadowModelVariantConfig: + description: The name and sampling percentage of a shadow variant. + type: object + additionalProperties: false + properties: + ShadowModelVariantName: + description: The name of the shadow variant. + type: string + pattern: ^[a-zA-Z0-9]([\-a-zA-Z0-9]*[a-zA-Z0-9])? + maxLength: 63 + SamplingPercentage: + description: The percentage of inference requests that Amazon SageMaker replicates from the production variant to the shadow variant. + type: integer + maximum: 100 + required: + - ShadowModelVariantName + - SamplingPercentage + ShadowModeConfig: + description: The configuration of ShadowMode inference experiment type. Use this field to specify a production variant which takes all the inference requests, and a shadow variant to which Amazon SageMaker replicates a percentage of the inference requests. For the shadow variant also specify the percentage of requests that Amazon SageMaker replicates. + type: object + additionalProperties: false + properties: + SourceModelVariantName: + description: The name of the production variant, which takes all the inference requests. + type: string + pattern: ^[a-zA-Z0-9]([\-a-zA-Z0-9]*[a-zA-Z0-9])? + maxLength: 63 + ShadowModelVariants: + description: List of shadow variant configurations. + type: array + minItems: 1 + maxItems: 1 + items: + $ref: '#/components/schemas/ShadowModelVariantConfig' + required: + - SourceModelVariantName + - ShadowModelVariants + InferenceExperiment: + type: object + properties: + Arn: + description: The Amazon Resource Name (ARN) of the inference experiment. + type: string + pattern: ^arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:inference-experiment/[a-zA-Z_0-9+=,.@\-_/]+$ + minLength: 20 + maxLength: 256 + Name: + description: The name for the inference experiment. + type: string + minLength: 1 + maxLength: 120 + Type: + description: The type of the inference experiment that you want to run. + type: string + enum: + - ShadowMode + Description: + description: The description of the inference experiment. + type: string + pattern: .* + minLength: 1 + maxLength: 1024 + RoleArn: + description: The Amazon Resource Name (ARN) of an IAM role that Amazon SageMaker can assume to access model artifacts and container images, and manage Amazon SageMaker Inference endpoints for model deployment. + type: string + pattern: ^arn:aws[a-z\-]*:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + minLength: 20 + maxLength: 2048 + EndpointName: + $ref: '#/components/schemas/EndpointName' + EndpointMetadata: + $ref: '#/components/schemas/EndpointMetadata' + Schedule: + $ref: '#/components/schemas/InferenceExperimentSchedule' + KmsKey: + type: string + description: The AWS Key Management Service (AWS KMS) key that Amazon SageMaker uses to encrypt data on the storage volume attached to the ML compute instance that hosts the endpoint. + pattern: .* + maxLength: 2048 + DataStorageConfig: + $ref: '#/components/schemas/DataStorageConfig' + ModelVariants: + type: array + description: An array of ModelVariantConfig objects. Each ModelVariantConfig object in the array describes the infrastructure configuration for the corresponding variant. + maxItems: 2 + items: + $ref: '#/components/schemas/ModelVariantConfig' + ShadowModeConfig: + $ref: '#/components/schemas/ShadowModeConfig' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + CreationTime: + description: The timestamp at which you created the inference experiment. + type: string + LastModifiedTime: + description: The timestamp at which you last modified the inference experiment. + type: string + Status: + description: The status of the inference experiment. + type: string + enum: + - Creating + - Created + - Updating + - Starting + - Stopping + - Running + - Completed + - Cancelled + StatusReason: + description: The error message or client-specified reason from the StopInferenceExperiment API, that explains the status of the inference experiment. + type: string + pattern: .* + minLength: 1 + maxLength: 1024 + DesiredState: + description: The desired state of the experiment after starting or stopping operation. + type: string + enum: + - Running + - Completed + - Cancelled + required: + - Name + - Type + - RoleArn + - EndpointName + - ModelVariants + x-stackql-resource-name: inference_experiment + description: Resource Type definition for AWS::SageMaker::InferenceExperiment + x-type-name: AWS::SageMaker::InferenceExperiment + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - Type + - RoleArn + - EndpointName + - KmsKey + x-read-only-properties: + - Arn + - CreationTime + - LastModifiedTime + - EndpointMetadata + - Status + x-required-properties: + - Name + - Type + - RoleArn + - EndpointName + - ModelVariants + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - sagemaker:CreateInferenceExperiment + - sagemaker:DescribeInferenceExperiment + - sagemaker:AddTags + - sagemaker:ListTags + - iam:PassRole + delete: + - sagemaker:DeleteInferenceExperiment + - sagemaker:DescribeInferenceExperiment + - sagemaker:StopInferenceExperiment + - sagemaker:ListTags + list: + - sagemaker:ListInferenceExperiments + read: + - sagemaker:DescribeInferenceExperiment + - sagemaker:ListTags + update: + - sagemaker:UpdateInferenceExperiment + - sagemaker:StartInferenceExperiment + - sagemaker:StopInferenceExperiment + - sagemaker:DescribeInferenceExperiment + - sagemaker:AddTags + - sagemaker:DeleteTags + - sagemaker:ListTags + ModelBiasBaselineConfig: + type: object + additionalProperties: false + description: Baseline configuration used to validate that the data conforms to the specified constraints and statistics. + properties: + BaseliningJobName: + $ref: '#/components/schemas/ProcessingJobName' + ConstraintsResource: + $ref: '#/components/schemas/ConstraintsResource' + ModelBiasAppSpecification: + type: object + additionalProperties: false + description: Container image configuration object for the monitoring job. + properties: + ImageUri: + type: string + description: The container image to be run by the monitoring job. + pattern: .* + maxLength: 255 + ConfigUri: + description: The S3 URI to an analysis configuration file + $ref: '#/components/schemas/S3Uri' + Environment: + type: object + additionalProperties: false + description: Sets the environment variables in the Docker container + x-patternProperties: + '[a-zA-Z_][a-zA-Z0-9_]*': + type: string + minLength: 1 + maxLength: 256 + '[\S\s]*': + type: string + maxLength: 256 + required: + - ImageUri + - ConfigUri + ModelBiasJobInput: + type: object + additionalProperties: false + description: The inputs for a monitoring job. + properties: + EndpointInput: + $ref: '#/components/schemas/EndpointInput' + BatchTransformInput: + $ref: '#/components/schemas/BatchTransformInput' + GroundTruthS3Input: + $ref: '#/components/schemas/MonitoringGroundTruthS3Input' + required: + - GroundTruthS3Input + MonitoringTimeOffsetString: + type: string + description: The time offsets in ISO duration format + pattern: ^.?P.* + minLength: 1 + maxLength: 15 + MonitoringGroundTruthS3Input: + type: object + additionalProperties: false + description: 'Ground truth input provided in S3 ' + properties: + S3Uri: + type: string + description: A URI that identifies the Amazon S3 storage location where Amazon SageMaker saves the results of a monitoring job. + pattern: ^(https|s3)://([^/]+)/?(.*)$ + maxLength: 512 + required: + - S3Uri + ModelBiasJobDefinition: + type: object + properties: + JobDefinitionArn: + description: The Amazon Resource Name (ARN) of job definition. + type: string + minLength: 1 + maxLength: 256 + JobDefinitionName: + $ref: '#/components/schemas/JobDefinitionName' + ModelBiasBaselineConfig: + $ref: '#/components/schemas/ModelBiasBaselineConfig' + ModelBiasAppSpecification: + $ref: '#/components/schemas/ModelBiasAppSpecification' + ModelBiasJobInput: + $ref: '#/components/schemas/ModelBiasJobInput' + ModelBiasJobOutputConfig: + $ref: '#/components/schemas/MonitoringOutputConfig' + JobResources: + $ref: '#/components/schemas/MonitoringResources' + NetworkConfig: + $ref: '#/components/schemas/NetworkConfig' + EndpointName: + $ref: '#/components/schemas/EndpointName' + RoleArn: + description: The Amazon Resource Name (ARN) of an IAM role that Amazon SageMaker can assume to perform tasks on your behalf. + type: string + pattern: ^arn:aws[a-z\-]*:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + minLength: 20 + maxLength: 2048 + StoppingCondition: + $ref: '#/components/schemas/StoppingCondition' + Tags: + type: array + maxItems: 50 + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + CreationTime: + description: The time at which the job definition was created. + type: string + required: + - ModelBiasAppSpecification + - ModelBiasJobInput + - ModelBiasJobOutputConfig + - JobResources + - RoleArn + x-stackql-resource-name: model_bias_job_definition + description: Resource Type definition for AWS::SageMaker::ModelBiasJobDefinition + x-type-name: AWS::SageMaker::ModelBiasJobDefinition + x-stackql-primary-identifier: + - JobDefinitionArn + x-create-only-properties: + - JobDefinitionName + - ModelBiasAppSpecification + - ModelBiasBaselineConfig + - ModelBiasJobInput + - ModelBiasJobOutputConfig + - JobResources + - NetworkConfig + - RoleArn + - StoppingCondition + - Tags + - EndpointName + x-write-only-properties: + - EndpointName + - Tags + - Tags/*/Key + - Tags/*/Value + x-read-only-properties: + - CreationTime + - JobDefinitionArn + x-required-properties: + - ModelBiasAppSpecification + - ModelBiasJobInput + - ModelBiasJobOutputConfig + - JobResources + - RoleArn + x-required-permissions: + create: + - sagemaker:CreateModelBiasJobDefinition + - sagemaker:DescribeModelBiasJobDefinition + - iam:PassRole + - sagemaker:AddTags + delete: + - sagemaker:DeleteModelBiasJobDefinition + read: + - sagemaker:DescribeModelBiasJobDefinition + list: + - sagemaker:ListModelBiasJobDefinitions + - sagemaker:ListTags + SecurityConfig: + type: object + description: |+ + An optional Key Management Service key to encrypt, decrypt, and re-encrypt model card content for regulated workloads with highly sensitive data. + + additionalProperties: false + properties: + KmsKeyId: + type: string + description: A Key Management Service key ID to use for encrypting a model card. + maxLength: 2048 + pattern: .* + UserContext: + description: Information about the user who created or modified an experiment, trial, trial component, lineage group, project, or model card. + type: object + additionalProperties: false + properties: + UserProfileArn: + description: The Amazon Resource Name (ARN) of the user's profile. + type: string + default: UnsetValue + UserProfileName: + description: The name of the user's profile. + type: string + default: UnsetValue + DomainId: + description: The domain associated with the user. + type: string + default: UnsetValue + Content: + type: object + description: The content of the model card. + additionalProperties: false + properties: + ModelOverview: + $ref: '#/components/schemas/ModelOverview' + ModelPackageDetails: + $ref: '#/components/schemas/ModelPackageDetails' + IntendedUses: + $ref: '#/components/schemas/IntendedUses' + BusinessDetails: + $ref: '#/components/schemas/BusinessDetails' + TrainingDetails: + $ref: '#/components/schemas/TrainingDetails' + EvaluationDetails: + $ref: '#/components/schemas/EvaluationDetails' + AdditionalInformation: + $ref: '#/components/schemas/AdditionalInformation' + ModelOverview: + type: object + description: Overview about the model. + additionalProperties: false + properties: + ModelDescription: + description: description of model. + type: string + maxLength: 1024 + ModelOwner: + description: Owner of model. + type: string + maxLength: 1024 + ModelCreator: + description: Creator of model. + type: string + maxLength: 1024 + ProblemType: + description: Problem being solved with the model. + type: string + maxLength: 1024 + AlgorithmType: + description: Algorithm used to solve the problem. + type: string + maxLength: 1024 + ModelId: + description: SageMaker Model Arn or Non SageMaker Model id. + type: string + maxLength: 1024 + ModelArtifact: + description: Location of the model artifact. + type: array + x-insertionOrder: true + maxItems: 15 + items: + type: string + maxLength: 1024 + ModelName: + description: Name of the model. + type: string + maxLength: 1024 + ModelVersion: + description: Version of the model. + type: number + minimum: 1 + InferenceEnvironment: + description: Overview about the inference. + type: object + additionalProperties: false + properties: + ContainerImage: + description: SageMaker inference image uri. + type: array + x-insertionOrder: true + maxItems: 15 + items: + type: string + maxLength: 1024 + ModelPackageDetails: + description: Metadata information related to model package version + type: object + additionalProperties: false + properties: + ModelPackageDescription: + description: A brief summary of the model package + type: string + maxLength: 1024 + ModelPackageArn: + description: The Amazon Resource Name (ARN) of the model package + type: string + minLength: 1 + maxLength: 2048 + CreatedBy: + description: Information about the user who created model package. + $ref: '#/components/schemas/ModelPackageCreator' + ModelPackageStatus: + description: Current status of model package + type: string + enum: + - Pending + - InProgress + - Completed + - Failed + - Deleting + ModelApprovalStatus: + description: Current approval status of model package + type: string + enum: + - Approved + - Rejected + - PendingManualApproval + ApprovalDescription: + description: A description provided for the model approval + type: string + maxLength: 1024 + ModelPackageGroupName: + description: If the model is a versioned model, the name of the model group that the versioned model belongs to. + type: string + minLength: 1 + maxLength: 63 + ModelPackageName: + description: Name of the model package + type: string + minLength: 1 + maxLength: 63 + ModelPackageVersion: + description: Version of the model package + type: number + minimum: 1 + Domain: + description: The machine learning domain of the model package you specified. Common machine learning domains include computer vision and natural language processing. + type: string + Task: + description: The machine learning task you specified that your model package accomplishes. Common machine learning tasks include object detection and image classification. + type: string + SourceAlgorithms: + description: A list of algorithms that were used to create a model package. + $ref: '#/components/schemas/SourceAlgorithms' + InferenceSpecification: + description: Details about inference jobs that can be run with models based on this model package. + $ref: '#/components/schemas/InferenceSpecification' + IntendedUses: + description: Intended usage of model. + type: object + additionalProperties: false + properties: + PurposeOfModel: + description: Why the model was developed? + type: string + maxLength: 2048 + IntendedUses: + description: intended use cases. + type: string + maxLength: 2048 + FactorsAffectingModelEfficiency: + type: string + maxLength: 2048 + RiskRating: + $ref: '#/components/schemas/RiskRating' + ExplanationsForRiskRating: + type: string + maxLength: 2048 + BusinessDetails: + description: Business details. + type: object + additionalProperties: false + properties: + BusinessProblem: + type: string + description: What business problem does the model solve? + maxLength: 2048 + BusinessStakeholders: + type: string + description: Business stakeholders. + maxLength: 2048 + LineOfBusiness: + type: string + description: Line of business. + maxLength: 2048 + TrainingDetails: + description: Overview about the training. + type: object + additionalProperties: false + properties: + ObjectiveFunction: + $ref: '#/components/schemas/ObjectiveFunction' + TrainingObservations: + type: string + maxLength: 1024 + TrainingJobDetails: + type: object + additionalProperties: false + properties: + TrainingArn: + description: SageMaker Training job arn. + type: string + maxLength: 1024 + TrainingDatasets: + description: Location of the model datasets. + type: array + x-insertionOrder: true + maxItems: 15 + items: + type: string + maxLength: 1024 + TrainingEnvironment: + type: object + additionalProperties: false + properties: + ContainerImage: + description: SageMaker training image uri. + type: array + x-insertionOrder: true + maxItems: 15 + items: + type: string + maxLength: 1024 + TrainingMetrics: + type: array + x-insertionOrder: true + items: + maxItems: 50 + $ref: '#/components/schemas/TrainingMetric' + UserProvidedTrainingMetrics: + type: array + x-insertionOrder: true + items: + maxItems: 50 + $ref: '#/components/schemas/TrainingMetric' + HyperParameters: + type: array + x-insertionOrder: true + items: + maxItems: 100 + $ref: '#/components/schemas/TrainingHyperParameter' + UserProvidedHyperParameters: + type: array + x-insertionOrder: true + items: + maxItems: 100 + $ref: '#/components/schemas/TrainingHyperParameter' + EvaluationDetails: + type: array + default: [] + x-insertionOrder: true + items: + $ref: '#/components/schemas/EvaluationDetail' + EvaluationDetail: + description: item of evaluation details + type: object + required: + - Name + additionalProperties: false + properties: + Name: + type: string + pattern: .{1,63} + EvaluationObservation: + type: string + maxLength: 2096 + EvaluationJobArn: + type: string + maxLength: 256 + Datasets: + type: array + x-insertionOrder: true + items: + type: string + maxLength: 1024 + maxItems: 10 + Metadata: + description: additional attributes associated with the evaluation results. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z_][a-zA-Z0-9_]*': + type: string + maxLength: 1024 + MetricGroups: + type: array + x-insertionOrder: true + default: [] + items: + $ref: '#/components/schemas/MetricGroup' + MetricGroup: + type: object + description: item in metric groups + additionalProperties: false + required: + - Name + - MetricData + properties: + Name: + type: string + pattern: .{1,63} + MetricData: + type: array + x-insertionOrder: true + items: + anyOf: + - $ref: '#/components/schemas/SimpleMetric' + - $ref: '#/components/schemas/LinearGraphMetric' + - $ref: '#/components/schemas/BarChartMetric' + - $ref: '#/components/schemas/MatrixMetric' + AdditionalInformation: + type: object + additionalProperties: false + properties: + EthicalConsiderations: + description: Any ethical considerations that the author wants to provide. + type: string + maxLength: 2048 + CaveatsAndRecommendations: + description: Caveats and recommendations for people who might use this model in their applications. + type: string + maxLength: 2048 + CustomDetails: + type: object + description: customer details. + additionalProperties: false + x-patternProperties: + '[a-zA-Z_][a-zA-Z0-9_]*': + type: string + maxLength: 1024 + ModelPackageCreator: + type: object + additionalProperties: false + properties: + UserProfileName: + description: The name of the user's profile in Studio + type: string + maxLength: 63 + SourceAlgorithms: + type: array + minItems: 1 + maxItems: 1 + x-insertionOrder: true + items: + $ref: '#/components/schemas/SourceAlgorithm' + SourceAlgorithm: + description: Specifies an algorithm that was used to create the model package. The algorithm must be either an algorithm resource in your Amazon SageMaker account or an algorithm in AWS Marketplace that you are subscribed to. + type: object + additionalProperties: false + properties: + AlgorithmName: + description: The name of an algorithm that was used to create the model package. The algorithm must be either an algorithm resource in your Amazon SageMaker account or an algorithm in AWS Marketplace that you are subscribed to. + type: string + minLength: 1 + maxLength: 170 + pattern: (arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:[a-z\-]*\/)?([a-zA-Z0-9]([a-zA-Z0-9-]){0,62})(?|||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AppArn') as app_arn, + json_extract_path_text(Properties, 'AppName') as app_name, + json_extract_path_text(Properties, 'AppType') as app_type, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'ResourceSpec') as resource_spec, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UserProfileName') as user_profile_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::App' + AND data__Identifier = '|||' + AND region = 'us-east-1' + app_image_configs: + name: app_image_configs + id: aws.sagemaker.app_image_configs + x-cfn-schema-name: AppImageConfig + x-type: list + x-identifiers: + - AppImageConfigName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AppImageConfigName') as app_image_config_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::AppImageConfig' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AppImageConfigName') as app_image_config_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::AppImageConfig' + AND region = 'us-east-1' + app_image_config: + name: app_image_config + id: aws.sagemaker.app_image_config + x-cfn-schema-name: AppImageConfig + x-type: get + x-identifiers: + - AppImageConfigName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AppImageConfigArn') as app_image_config_arn, + JSON_EXTRACT(Properties, '$.AppImageConfigName') as app_image_config_name, + JSON_EXTRACT(Properties, '$.KernelGatewayImageConfig') as kernel_gateway_image_config, + JSON_EXTRACT(Properties, '$.JupyterLabAppImageConfig') as jupyter_lab_app_image_config, + JSON_EXTRACT(Properties, '$.CodeEditorAppImageConfig') as code_editor_app_image_config, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::AppImageConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AppImageConfigArn') as app_image_config_arn, + json_extract_path_text(Properties, 'AppImageConfigName') as app_image_config_name, + json_extract_path_text(Properties, 'KernelGatewayImageConfig') as kernel_gateway_image_config, + json_extract_path_text(Properties, 'JupyterLabAppImageConfig') as jupyter_lab_app_image_config, + json_extract_path_text(Properties, 'CodeEditorAppImageConfig') as code_editor_app_image_config, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::AppImageConfig' + AND data__Identifier = '' + AND region = 'us-east-1' + data_quality_job_definitions: + name: data_quality_job_definitions + id: aws.sagemaker.data_quality_job_definitions + x-cfn-schema-name: DataQualityJobDefinition + x-type: list + x-identifiers: + - JobDefinitionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.JobDefinitionArn') as job_definition_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::DataQualityJobDefinition' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'JobDefinitionArn') as job_definition_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::DataQualityJobDefinition' + AND region = 'us-east-1' + data_quality_job_definition: + name: data_quality_job_definition + id: aws.sagemaker.data_quality_job_definition + x-cfn-schema-name: DataQualityJobDefinition + x-type: get + x-identifiers: + - JobDefinitionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.JobDefinitionArn') as job_definition_arn, + JSON_EXTRACT(Properties, '$.JobDefinitionName') as job_definition_name, + JSON_EXTRACT(Properties, '$.DataQualityBaselineConfig') as data_quality_baseline_config, + JSON_EXTRACT(Properties, '$.DataQualityAppSpecification') as data_quality_app_specification, + JSON_EXTRACT(Properties, '$.DataQualityJobInput') as data_quality_job_input, + JSON_EXTRACT(Properties, '$.DataQualityJobOutputConfig') as data_quality_job_output_config, + JSON_EXTRACT(Properties, '$.JobResources') as job_resources, + JSON_EXTRACT(Properties, '$.NetworkConfig') as network_config, + JSON_EXTRACT(Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.StoppingCondition') as stopping_condition, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::DataQualityJobDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'JobDefinitionArn') as job_definition_arn, + json_extract_path_text(Properties, 'JobDefinitionName') as job_definition_name, + json_extract_path_text(Properties, 'DataQualityBaselineConfig') as data_quality_baseline_config, + json_extract_path_text(Properties, 'DataQualityAppSpecification') as data_quality_app_specification, + json_extract_path_text(Properties, 'DataQualityJobInput') as data_quality_job_input, + json_extract_path_text(Properties, 'DataQualityJobOutputConfig') as data_quality_job_output_config, + json_extract_path_text(Properties, 'JobResources') as job_resources, + json_extract_path_text(Properties, 'NetworkConfig') as network_config, + json_extract_path_text(Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'StoppingCondition') as stopping_condition, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::DataQualityJobDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + device: + name: device + id: aws.sagemaker.device + x-cfn-schema-name: Device + x-type: get + x-identifiers: + - Device/DeviceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DeviceFleetName') as device_fleet_name, + JSON_EXTRACT(Properties, '$.Device') as device, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Device' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DeviceFleetName') as device_fleet_name, + json_extract_path_text(Properties, 'Device') as device, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Device' + AND data__Identifier = '' + AND region = 'us-east-1' + device_fleet: + name: device_fleet + id: aws.sagemaker.device_fleet + x-cfn-schema-name: DeviceFleet + x-type: get + x-identifiers: + - DeviceFleetName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DeviceFleetName') as device_fleet_name, + JSON_EXTRACT(Properties, '$.OutputConfig') as output_config, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::DeviceFleet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DeviceFleetName') as device_fleet_name, + json_extract_path_text(Properties, 'OutputConfig') as output_config, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::DeviceFleet' + AND data__Identifier = '' + AND region = 'us-east-1' + feature_groups: + name: feature_groups + id: aws.sagemaker.feature_groups + x-cfn-schema-name: FeatureGroup + x-type: list + x-identifiers: + - FeatureGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FeatureGroupName') as feature_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::FeatureGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FeatureGroupName') as feature_group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::FeatureGroup' + AND region = 'us-east-1' + feature_group: + name: feature_group + id: aws.sagemaker.feature_group + x-cfn-schema-name: FeatureGroup + x-type: get + x-identifiers: + - FeatureGroupName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FeatureGroupName') as feature_group_name, + JSON_EXTRACT(Properties, '$.RecordIdentifierFeatureName') as record_identifier_feature_name, + JSON_EXTRACT(Properties, '$.EventTimeFeatureName') as event_time_feature_name, + JSON_EXTRACT(Properties, '$.FeatureDefinitions') as feature_definitions, + JSON_EXTRACT(Properties, '$.OnlineStoreConfig') as online_store_config, + JSON_EXTRACT(Properties, '$.OfflineStoreConfig') as offline_store_config, + JSON_EXTRACT(Properties, '$.ThroughputConfig') as throughput_config, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.FeatureGroupStatus') as feature_group_status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::FeatureGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FeatureGroupName') as feature_group_name, + json_extract_path_text(Properties, 'RecordIdentifierFeatureName') as record_identifier_feature_name, + json_extract_path_text(Properties, 'EventTimeFeatureName') as event_time_feature_name, + json_extract_path_text(Properties, 'FeatureDefinitions') as feature_definitions, + json_extract_path_text(Properties, 'OnlineStoreConfig') as online_store_config, + json_extract_path_text(Properties, 'OfflineStoreConfig') as offline_store_config, + json_extract_path_text(Properties, 'ThroughputConfig') as throughput_config, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'FeatureGroupStatus') as feature_group_status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::FeatureGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + images: + name: images + id: aws.sagemaker.images + x-cfn-schema-name: Image + x-type: list + x-identifiers: + - ImageArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ImageArn') as image_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Image' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ImageArn') as image_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Image' + AND region = 'us-east-1' + image: + name: image + id: aws.sagemaker.image + x-cfn-schema-name: Image + x-type: get + x-identifiers: + - ImageArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ImageName') as image_name, + JSON_EXTRACT(Properties, '$.ImageArn') as image_arn, + JSON_EXTRACT(Properties, '$.ImageRoleArn') as image_role_arn, + JSON_EXTRACT(Properties, '$.ImageDisplayName') as image_display_name, + JSON_EXTRACT(Properties, '$.ImageDescription') as image_description, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Image' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ImageName') as image_name, + json_extract_path_text(Properties, 'ImageArn') as image_arn, + json_extract_path_text(Properties, 'ImageRoleArn') as image_role_arn, + json_extract_path_text(Properties, 'ImageDisplayName') as image_display_name, + json_extract_path_text(Properties, 'ImageDescription') as image_description, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Image' + AND data__Identifier = '' + AND region = 'us-east-1' + image_versions: + name: image_versions + id: aws.sagemaker.image_versions + x-cfn-schema-name: ImageVersion + x-type: list + x-identifiers: + - ImageVersionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ImageVersionArn') as image_version_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ImageVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ImageVersionArn') as image_version_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ImageVersion' + AND region = 'us-east-1' + image_version: + name: image_version + id: aws.sagemaker.image_version + x-cfn-schema-name: ImageVersion + x-type: get + x-identifiers: + - ImageVersionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ImageName') as image_name, + JSON_EXTRACT(Properties, '$.ImageArn') as image_arn, + JSON_EXTRACT(Properties, '$.ImageVersionArn') as image_version_arn, + JSON_EXTRACT(Properties, '$.BaseImage') as base_image, + JSON_EXTRACT(Properties, '$.ContainerImage') as container_image, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.Alias') as alias, + JSON_EXTRACT(Properties, '$.Aliases') as aliases, + JSON_EXTRACT(Properties, '$.VendorGuidance') as vendor_guidance, + JSON_EXTRACT(Properties, '$.JobType') as job_type, + JSON_EXTRACT(Properties, '$.MLFramework') as ml_framework, + JSON_EXTRACT(Properties, '$.ProgrammingLang') as programming_lang, + JSON_EXTRACT(Properties, '$.Processor') as processor, + JSON_EXTRACT(Properties, '$.Horovod') as horovod, + JSON_EXTRACT(Properties, '$.ReleaseNotes') as release_notes + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ImageVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ImageName') as image_name, + json_extract_path_text(Properties, 'ImageArn') as image_arn, + json_extract_path_text(Properties, 'ImageVersionArn') as image_version_arn, + json_extract_path_text(Properties, 'BaseImage') as base_image, + json_extract_path_text(Properties, 'ContainerImage') as container_image, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'Alias') as alias, + json_extract_path_text(Properties, 'Aliases') as aliases, + json_extract_path_text(Properties, 'VendorGuidance') as vendor_guidance, + json_extract_path_text(Properties, 'JobType') as job_type, + json_extract_path_text(Properties, 'MLFramework') as ml_framework, + json_extract_path_text(Properties, 'ProgrammingLang') as programming_lang, + json_extract_path_text(Properties, 'Processor') as processor, + json_extract_path_text(Properties, 'Horovod') as horovod, + json_extract_path_text(Properties, 'ReleaseNotes') as release_notes + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ImageVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + inference_components: + name: inference_components + id: aws.sagemaker.inference_components + x-cfn-schema-name: InferenceComponent + x-type: list + x-identifiers: + - InferenceComponentArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InferenceComponentArn') as inference_component_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::InferenceComponent' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InferenceComponentArn') as inference_component_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::InferenceComponent' + AND region = 'us-east-1' + inference_component: + name: inference_component + id: aws.sagemaker.inference_component + x-cfn-schema-name: InferenceComponent + x-type: get + x-identifiers: + - InferenceComponentArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InferenceComponentArn') as inference_component_arn, + JSON_EXTRACT(Properties, '$.InferenceComponentName') as inference_component_name, + JSON_EXTRACT(Properties, '$.EndpointArn') as endpoint_arn, + JSON_EXTRACT(Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(Properties, '$.VariantName') as variant_name, + JSON_EXTRACT(Properties, '$.FailureReason') as failure_reason, + JSON_EXTRACT(Properties, '$.Specification') as specification, + JSON_EXTRACT(Properties, '$.RuntimeConfig') as runtime_config, + JSON_EXTRACT(Properties, '$.InferenceComponentStatus') as inference_component_status, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::InferenceComponent' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InferenceComponentArn') as inference_component_arn, + json_extract_path_text(Properties, 'InferenceComponentName') as inference_component_name, + json_extract_path_text(Properties, 'EndpointArn') as endpoint_arn, + json_extract_path_text(Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(Properties, 'VariantName') as variant_name, + json_extract_path_text(Properties, 'FailureReason') as failure_reason, + json_extract_path_text(Properties, 'Specification') as specification, + json_extract_path_text(Properties, 'RuntimeConfig') as runtime_config, + json_extract_path_text(Properties, 'InferenceComponentStatus') as inference_component_status, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::InferenceComponent' + AND data__Identifier = '' + AND region = 'us-east-1' + inference_experiments: + name: inference_experiments + id: aws.sagemaker.inference_experiments + x-cfn-schema-name: InferenceExperiment + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::InferenceExperiment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::InferenceExperiment' + AND region = 'us-east-1' + inference_experiment: + name: inference_experiment + id: aws.sagemaker.inference_experiment + x-cfn-schema-name: InferenceExperiment + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(Properties, '$.EndpointMetadata') as endpoint_metadata, + JSON_EXTRACT(Properties, '$.Schedule') as schedule, + JSON_EXTRACT(Properties, '$.KmsKey') as kms_key, + JSON_EXTRACT(Properties, '$.DataStorageConfig') as data_storage_config, + JSON_EXTRACT(Properties, '$.ModelVariants') as model_variants, + JSON_EXTRACT(Properties, '$.ShadowModeConfig') as shadow_mode_config, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusReason') as status_reason, + JSON_EXTRACT(Properties, '$.DesiredState') as desired_state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::InferenceExperiment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(Properties, 'EndpointMetadata') as endpoint_metadata, + json_extract_path_text(Properties, 'Schedule') as schedule, + json_extract_path_text(Properties, 'KmsKey') as kms_key, + json_extract_path_text(Properties, 'DataStorageConfig') as data_storage_config, + json_extract_path_text(Properties, 'ModelVariants') as model_variants, + json_extract_path_text(Properties, 'ShadowModeConfig') as shadow_mode_config, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusReason') as status_reason, + json_extract_path_text(Properties, 'DesiredState') as desired_state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::InferenceExperiment' + AND data__Identifier = '' + AND region = 'us-east-1' + model_bias_job_definitions: + name: model_bias_job_definitions + id: aws.sagemaker.model_bias_job_definitions + x-cfn-schema-name: ModelBiasJobDefinition + x-type: list + x-identifiers: + - JobDefinitionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.JobDefinitionArn') as job_definition_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'JobDefinitionArn') as job_definition_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + AND region = 'us-east-1' + model_bias_job_definition: + name: model_bias_job_definition + id: aws.sagemaker.model_bias_job_definition + x-cfn-schema-name: ModelBiasJobDefinition + x-type: get + x-identifiers: + - JobDefinitionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.JobDefinitionArn') as job_definition_arn, + JSON_EXTRACT(Properties, '$.JobDefinitionName') as job_definition_name, + JSON_EXTRACT(Properties, '$.ModelBiasBaselineConfig') as model_bias_baseline_config, + JSON_EXTRACT(Properties, '$.ModelBiasAppSpecification') as model_bias_app_specification, + JSON_EXTRACT(Properties, '$.ModelBiasJobInput') as model_bias_job_input, + JSON_EXTRACT(Properties, '$.ModelBiasJobOutputConfig') as model_bias_job_output_config, + JSON_EXTRACT(Properties, '$.JobResources') as job_resources, + JSON_EXTRACT(Properties, '$.NetworkConfig') as network_config, + JSON_EXTRACT(Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.StoppingCondition') as stopping_condition, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'JobDefinitionArn') as job_definition_arn, + json_extract_path_text(Properties, 'JobDefinitionName') as job_definition_name, + json_extract_path_text(Properties, 'ModelBiasBaselineConfig') as model_bias_baseline_config, + json_extract_path_text(Properties, 'ModelBiasAppSpecification') as model_bias_app_specification, + json_extract_path_text(Properties, 'ModelBiasJobInput') as model_bias_job_input, + json_extract_path_text(Properties, 'ModelBiasJobOutputConfig') as model_bias_job_output_config, + json_extract_path_text(Properties, 'JobResources') as job_resources, + json_extract_path_text(Properties, 'NetworkConfig') as network_config, + json_extract_path_text(Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'StoppingCondition') as stopping_condition, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + model_cards: + name: model_cards + id: aws.sagemaker.model_cards + x-cfn-schema-name: ModelCard + x-type: list + x-identifiers: + - ModelCardName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ModelCardName') as model_card_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelCard' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ModelCardName') as model_card_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelCard' + AND region = 'us-east-1' + model_card: + name: model_card + id: aws.sagemaker.model_card + x-cfn-schema-name: ModelCard + x-type: get + x-identifiers: + - ModelCardName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ModelCardArn') as model_card_arn, + JSON_EXTRACT(Properties, '$.ModelCardVersion') as model_card_version, + JSON_EXTRACT(Properties, '$.ModelCardName') as model_card_name, + JSON_EXTRACT(Properties, '$.SecurityConfig') as security_config, + JSON_EXTRACT(Properties, '$.ModelCardStatus') as model_card_status, + JSON_EXTRACT(Properties, '$.Content') as content, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.CreatedBy') as created_by, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time, + JSON_EXTRACT(Properties, '$.LastModifiedBy') as last_modified_by, + JSON_EXTRACT(Properties, '$.ModelCardProcessingStatus') as model_card_processing_status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelCard' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ModelCardArn') as model_card_arn, + json_extract_path_text(Properties, 'ModelCardVersion') as model_card_version, + json_extract_path_text(Properties, 'ModelCardName') as model_card_name, + json_extract_path_text(Properties, 'SecurityConfig') as security_config, + json_extract_path_text(Properties, 'ModelCardStatus') as model_card_status, + json_extract_path_text(Properties, 'Content') as content, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'CreatedBy') as created_by, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time, + json_extract_path_text(Properties, 'LastModifiedBy') as last_modified_by, + json_extract_path_text(Properties, 'ModelCardProcessingStatus') as model_card_processing_status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelCard' + AND data__Identifier = '' + AND region = 'us-east-1' + model_explainability_job_definitions: + name: model_explainability_job_definitions + id: aws.sagemaker.model_explainability_job_definitions + x-cfn-schema-name: ModelExplainabilityJobDefinition + x-type: list + x-identifiers: + - JobDefinitionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.JobDefinitionArn') as job_definition_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelExplainabilityJobDefinition' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'JobDefinitionArn') as job_definition_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelExplainabilityJobDefinition' + AND region = 'us-east-1' + model_explainability_job_definition: + name: model_explainability_job_definition + id: aws.sagemaker.model_explainability_job_definition + x-cfn-schema-name: ModelExplainabilityJobDefinition + x-type: get + x-identifiers: + - JobDefinitionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.JobDefinitionArn') as job_definition_arn, + JSON_EXTRACT(Properties, '$.JobDefinitionName') as job_definition_name, + JSON_EXTRACT(Properties, '$.ModelExplainabilityBaselineConfig') as model_explainability_baseline_config, + JSON_EXTRACT(Properties, '$.ModelExplainabilityAppSpecification') as model_explainability_app_specification, + JSON_EXTRACT(Properties, '$.ModelExplainabilityJobInput') as model_explainability_job_input, + JSON_EXTRACT(Properties, '$.ModelExplainabilityJobOutputConfig') as model_explainability_job_output_config, + JSON_EXTRACT(Properties, '$.JobResources') as job_resources, + JSON_EXTRACT(Properties, '$.NetworkConfig') as network_config, + JSON_EXTRACT(Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.StoppingCondition') as stopping_condition, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelExplainabilityJobDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'JobDefinitionArn') as job_definition_arn, + json_extract_path_text(Properties, 'JobDefinitionName') as job_definition_name, + json_extract_path_text(Properties, 'ModelExplainabilityBaselineConfig') as model_explainability_baseline_config, + json_extract_path_text(Properties, 'ModelExplainabilityAppSpecification') as model_explainability_app_specification, + json_extract_path_text(Properties, 'ModelExplainabilityJobInput') as model_explainability_job_input, + json_extract_path_text(Properties, 'ModelExplainabilityJobOutputConfig') as model_explainability_job_output_config, + json_extract_path_text(Properties, 'JobResources') as job_resources, + json_extract_path_text(Properties, 'NetworkConfig') as network_config, + json_extract_path_text(Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'StoppingCondition') as stopping_condition, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelExplainabilityJobDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + model_packages: + name: model_packages + id: aws.sagemaker.model_packages + x-cfn-schema-name: ModelPackage + x-type: list + x-identifiers: + - ModelPackageArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ModelPackageArn') as model_package_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelPackage' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ModelPackageArn') as model_package_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelPackage' + AND region = 'us-east-1' + model_package: + name: model_package + id: aws.sagemaker.model_package + x-cfn-schema-name: ModelPackage + x-type: get + x-identifiers: + - ModelPackageArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AdditionalInferenceSpecifications') as additional_inference_specifications, + JSON_EXTRACT(Properties, '$.CertifyForMarketplace') as certify_for_marketplace, + JSON_EXTRACT(Properties, '$.ClientToken') as client_token, + JSON_EXTRACT(Properties, '$.CustomerMetadataProperties') as customer_metadata_properties, + JSON_EXTRACT(Properties, '$.Domain') as domain, + JSON_EXTRACT(Properties, '$.DriftCheckBaselines') as drift_check_baselines, + JSON_EXTRACT(Properties, '$.InferenceSpecification') as inference_specification, + JSON_EXTRACT(Properties, '$.MetadataProperties') as metadata_properties, + JSON_EXTRACT(Properties, '$.ModelApprovalStatus') as model_approval_status, + JSON_EXTRACT(Properties, '$.ModelMetrics') as model_metrics, + JSON_EXTRACT(Properties, '$.ModelPackageDescription') as model_package_description, + JSON_EXTRACT(Properties, '$.ModelPackageGroupName') as model_package_group_name, + JSON_EXTRACT(Properties, '$.ModelPackageName') as model_package_name, + JSON_EXTRACT(Properties, '$.SamplePayloadUrl') as sample_payload_url, + JSON_EXTRACT(Properties, '$.SkipModelValidation') as skip_model_validation, + JSON_EXTRACT(Properties, '$.SourceAlgorithmSpecification') as source_algorithm_specification, + JSON_EXTRACT(Properties, '$.Task') as task, + JSON_EXTRACT(Properties, '$.ValidationSpecification') as validation_specification, + JSON_EXTRACT(Properties, '$.ModelPackageArn') as model_package_arn, + JSON_EXTRACT(Properties, '$.ApprovalDescription') as approval_description, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time, + JSON_EXTRACT(Properties, '$.ModelPackageStatus') as model_package_status, + JSON_EXTRACT(Properties, '$.ModelPackageVersion') as model_package_version, + JSON_EXTRACT(Properties, '$.AdditionalInferenceSpecificationsToAdd') as additional_inference_specifications_to_add, + JSON_EXTRACT(Properties, '$.ModelPackageStatusDetails') as model_package_status_details + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelPackage' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AdditionalInferenceSpecifications') as additional_inference_specifications, + json_extract_path_text(Properties, 'CertifyForMarketplace') as certify_for_marketplace, + json_extract_path_text(Properties, 'ClientToken') as client_token, + json_extract_path_text(Properties, 'CustomerMetadataProperties') as customer_metadata_properties, + json_extract_path_text(Properties, 'Domain') as domain, + json_extract_path_text(Properties, 'DriftCheckBaselines') as drift_check_baselines, + json_extract_path_text(Properties, 'InferenceSpecification') as inference_specification, + json_extract_path_text(Properties, 'MetadataProperties') as metadata_properties, + json_extract_path_text(Properties, 'ModelApprovalStatus') as model_approval_status, + json_extract_path_text(Properties, 'ModelMetrics') as model_metrics, + json_extract_path_text(Properties, 'ModelPackageDescription') as model_package_description, + json_extract_path_text(Properties, 'ModelPackageGroupName') as model_package_group_name, + json_extract_path_text(Properties, 'ModelPackageName') as model_package_name, + json_extract_path_text(Properties, 'SamplePayloadUrl') as sample_payload_url, + json_extract_path_text(Properties, 'SkipModelValidation') as skip_model_validation, + json_extract_path_text(Properties, 'SourceAlgorithmSpecification') as source_algorithm_specification, + json_extract_path_text(Properties, 'Task') as task, + json_extract_path_text(Properties, 'ValidationSpecification') as validation_specification, + json_extract_path_text(Properties, 'ModelPackageArn') as model_package_arn, + json_extract_path_text(Properties, 'ApprovalDescription') as approval_description, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time, + json_extract_path_text(Properties, 'ModelPackageStatus') as model_package_status, + json_extract_path_text(Properties, 'ModelPackageVersion') as model_package_version, + json_extract_path_text(Properties, 'AdditionalInferenceSpecificationsToAdd') as additional_inference_specifications_to_add, + json_extract_path_text(Properties, 'ModelPackageStatusDetails') as model_package_status_details + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelPackage' + AND data__Identifier = '' + AND region = 'us-east-1' + model_package_groups: + name: model_package_groups + id: aws.sagemaker.model_package_groups + x-cfn-schema-name: ModelPackageGroup + x-type: list + x-identifiers: + - ModelPackageGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ModelPackageGroupArn') as model_package_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelPackageGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ModelPackageGroupArn') as model_package_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelPackageGroup' + AND region = 'us-east-1' + model_package_group: + name: model_package_group + id: aws.sagemaker.model_package_group + x-cfn-schema-name: ModelPackageGroup + x-type: get + x-identifiers: + - ModelPackageGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ModelPackageGroupArn') as model_package_group_arn, + JSON_EXTRACT(Properties, '$.ModelPackageGroupName') as model_package_group_name, + JSON_EXTRACT(Properties, '$.ModelPackageGroupDescription') as model_package_group_description, + JSON_EXTRACT(Properties, '$.ModelPackageGroupPolicy') as model_package_group_policy, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.ModelPackageGroupStatus') as model_package_group_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelPackageGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ModelPackageGroupArn') as model_package_group_arn, + json_extract_path_text(Properties, 'ModelPackageGroupName') as model_package_group_name, + json_extract_path_text(Properties, 'ModelPackageGroupDescription') as model_package_group_description, + json_extract_path_text(Properties, 'ModelPackageGroupPolicy') as model_package_group_policy, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'ModelPackageGroupStatus') as model_package_group_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelPackageGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + model_quality_job_definitions: + name: model_quality_job_definitions + id: aws.sagemaker.model_quality_job_definitions + x-cfn-schema-name: ModelQualityJobDefinition + x-type: list + x-identifiers: + - JobDefinitionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.JobDefinitionArn') as job_definition_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelQualityJobDefinition' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'JobDefinitionArn') as job_definition_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelQualityJobDefinition' + AND region = 'us-east-1' + model_quality_job_definition: + name: model_quality_job_definition + id: aws.sagemaker.model_quality_job_definition + x-cfn-schema-name: ModelQualityJobDefinition + x-type: get + x-identifiers: + - JobDefinitionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.JobDefinitionArn') as job_definition_arn, + JSON_EXTRACT(Properties, '$.JobDefinitionName') as job_definition_name, + JSON_EXTRACT(Properties, '$.ModelQualityBaselineConfig') as model_quality_baseline_config, + JSON_EXTRACT(Properties, '$.ModelQualityAppSpecification') as model_quality_app_specification, + JSON_EXTRACT(Properties, '$.ModelQualityJobInput') as model_quality_job_input, + JSON_EXTRACT(Properties, '$.ModelQualityJobOutputConfig') as model_quality_job_output_config, + JSON_EXTRACT(Properties, '$.JobResources') as job_resources, + JSON_EXTRACT(Properties, '$.NetworkConfig') as network_config, + JSON_EXTRACT(Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.StoppingCondition') as stopping_condition, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelQualityJobDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'JobDefinitionArn') as job_definition_arn, + json_extract_path_text(Properties, 'JobDefinitionName') as job_definition_name, + json_extract_path_text(Properties, 'ModelQualityBaselineConfig') as model_quality_baseline_config, + json_extract_path_text(Properties, 'ModelQualityAppSpecification') as model_quality_app_specification, + json_extract_path_text(Properties, 'ModelQualityJobInput') as model_quality_job_input, + json_extract_path_text(Properties, 'ModelQualityJobOutputConfig') as model_quality_job_output_config, + json_extract_path_text(Properties, 'JobResources') as job_resources, + json_extract_path_text(Properties, 'NetworkConfig') as network_config, + json_extract_path_text(Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'StoppingCondition') as stopping_condition, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelQualityJobDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + monitoring_schedules: + name: monitoring_schedules + id: aws.sagemaker.monitoring_schedules + x-cfn-schema-name: MonitoringSchedule + x-type: list + x-identifiers: + - MonitoringScheduleArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.MonitoringScheduleArn') as monitoring_schedule_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::MonitoringSchedule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'MonitoringScheduleArn') as monitoring_schedule_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::MonitoringSchedule' + AND region = 'us-east-1' + monitoring_schedule: + name: monitoring_schedule + id: aws.sagemaker.monitoring_schedule + x-cfn-schema-name: MonitoringSchedule + x-type: get + x-identifiers: + - MonitoringScheduleArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.MonitoringScheduleArn') as monitoring_schedule_arn, + JSON_EXTRACT(Properties, '$.MonitoringScheduleName') as monitoring_schedule_name, + JSON_EXTRACT(Properties, '$.MonitoringScheduleConfig') as monitoring_schedule_config, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(Properties, '$.FailureReason') as failure_reason, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time, + JSON_EXTRACT(Properties, '$.LastMonitoringExecutionSummary') as last_monitoring_execution_summary, + JSON_EXTRACT(Properties, '$.MonitoringScheduleStatus') as monitoring_schedule_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::MonitoringSchedule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'MonitoringScheduleArn') as monitoring_schedule_arn, + json_extract_path_text(Properties, 'MonitoringScheduleName') as monitoring_schedule_name, + json_extract_path_text(Properties, 'MonitoringScheduleConfig') as monitoring_schedule_config, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(Properties, 'FailureReason') as failure_reason, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time, + json_extract_path_text(Properties, 'LastMonitoringExecutionSummary') as last_monitoring_execution_summary, + json_extract_path_text(Properties, 'MonitoringScheduleStatus') as monitoring_schedule_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::MonitoringSchedule' + AND data__Identifier = '' + AND region = 'us-east-1' + pipelines: + name: pipelines + id: aws.sagemaker.pipelines + x-cfn-schema-name: Pipeline + x-type: list + x-identifiers: + - PipelineName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PipelineName') as pipeline_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Pipeline' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PipelineName') as pipeline_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Pipeline' + AND region = 'us-east-1' + pipeline: + name: pipeline + id: aws.sagemaker.pipeline + x-cfn-schema-name: Pipeline + x-type: get + x-identifiers: + - PipelineName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PipelineName') as pipeline_name, + JSON_EXTRACT(Properties, '$.PipelineDisplayName') as pipeline_display_name, + JSON_EXTRACT(Properties, '$.PipelineDescription') as pipeline_description, + JSON_EXTRACT(Properties, '$.PipelineDefinition') as pipeline_definition, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ParallelismConfiguration') as parallelism_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Pipeline' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PipelineName') as pipeline_name, + json_extract_path_text(Properties, 'PipelineDisplayName') as pipeline_display_name, + json_extract_path_text(Properties, 'PipelineDescription') as pipeline_description, + json_extract_path_text(Properties, 'PipelineDefinition') as pipeline_definition, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ParallelismConfiguration') as parallelism_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Pipeline' + AND data__Identifier = '' + AND region = 'us-east-1' + projects: + name: projects + id: aws.sagemaker.projects + x-cfn-schema-name: Project + x-type: list + x-identifiers: + - ProjectArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ProjectArn') as project_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Project' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ProjectArn') as project_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Project' + AND region = 'us-east-1' + project: + name: project + id: aws.sagemaker.project + x-cfn-schema-name: Project + x-type: get + x-identifiers: + - ProjectArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ProjectArn') as project_arn, + JSON_EXTRACT(Properties, '$.ProjectId') as project_id, + JSON_EXTRACT(Properties, '$.ProjectName') as project_name, + JSON_EXTRACT(Properties, '$.ProjectDescription') as project_description, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.ServiceCatalogProvisioningDetails') as service_catalog_provisioning_details, + JSON_EXTRACT(Properties, '$.ServiceCatalogProvisionedProductDetails') as service_catalog_provisioned_product_details, + JSON_EXTRACT(Properties, '$.ProjectStatus') as project_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Project' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ProjectArn') as project_arn, + json_extract_path_text(Properties, 'ProjectId') as project_id, + json_extract_path_text(Properties, 'ProjectName') as project_name, + json_extract_path_text(Properties, 'ProjectDescription') as project_description, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'ServiceCatalogProvisioningDetails') as service_catalog_provisioning_details, + json_extract_path_text(Properties, 'ServiceCatalogProvisionedProductDetails') as service_catalog_provisioned_product_details, + json_extract_path_text(Properties, 'ProjectStatus') as project_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Project' + AND data__Identifier = '' + AND region = 'us-east-1' + spaces: + name: spaces + id: aws.sagemaker.spaces + x-cfn-schema-name: Space + x-type: list + x-identifiers: + - DomainId + - SpaceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.SpaceName') as space_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Space' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'SpaceName') as space_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Space' + AND region = 'us-east-1' + space: + name: space + id: aws.sagemaker.space + x-cfn-schema-name: Space + x-type: get + x-identifiers: + - DomainId + - SpaceName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SpaceArn') as space_arn, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.SpaceName') as space_name, + JSON_EXTRACT(Properties, '$.SpaceSettings') as space_settings, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.OwnershipSettings') as ownership_settings, + JSON_EXTRACT(Properties, '$.SpaceSharingSettings') as space_sharing_settings, + JSON_EXTRACT(Properties, '$.SpaceDisplayName') as space_display_name, + JSON_EXTRACT(Properties, '$.Url') as url + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Space' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SpaceArn') as space_arn, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'SpaceName') as space_name, + json_extract_path_text(Properties, 'SpaceSettings') as space_settings, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'OwnershipSettings') as ownership_settings, + json_extract_path_text(Properties, 'SpaceSharingSettings') as space_sharing_settings, + json_extract_path_text(Properties, 'SpaceDisplayName') as space_display_name, + json_extract_path_text(Properties, 'Url') as url + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Space' + AND data__Identifier = '|' + AND region = 'us-east-1' + user_profiles: + name: user_profiles + id: aws.sagemaker.user_profiles + x-cfn-schema-name: UserProfile + x-type: list + x-identifiers: + - UserProfileName + - DomainId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.UserProfileName') as user_profile_name, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::UserProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'UserProfileName') as user_profile_name, + json_extract_path_text(Properties, 'DomainId') as domain_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::UserProfile' + AND region = 'us-east-1' + user_profile: + name: user_profile + id: aws.sagemaker.user_profile + x-cfn-schema-name: UserProfile + x-type: get + x-identifiers: + - UserProfileName + - DomainId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.UserProfileArn') as user_profile_arn, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.SingleSignOnUserIdentifier') as single_sign_on_user_identifier, + JSON_EXTRACT(Properties, '$.SingleSignOnUserValue') as single_sign_on_user_value, + JSON_EXTRACT(Properties, '$.UserProfileName') as user_profile_name, + JSON_EXTRACT(Properties, '$.UserSettings') as user_settings, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::UserProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'UserProfileArn') as user_profile_arn, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'SingleSignOnUserIdentifier') as single_sign_on_user_identifier, + json_extract_path_text(Properties, 'SingleSignOnUserValue') as single_sign_on_user_value, + json_extract_path_text(Properties, 'UserProfileName') as user_profile_name, + json_extract_path_text(Properties, 'UserSettings') as user_settings, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::UserProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/scheduler.yaml b/providers/src/aws/v00.00.00000/services/scheduler.yaml new file mode 100644 index 00000000..7a1eca85 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/scheduler.yaml @@ -0,0 +1,694 @@ +openapi: 3.0.0 +info: + title: Scheduler + version: 1.0.0 +paths: {} +components: + schemas: + AssignPublicIp: + type: string + description: Specifies whether the task's elastic network interface receives a public IP address. You can specify ENABLED only when LaunchType in EcsParameters is set to FARGATE. + enum: + - ENABLED + - DISABLED + AwsVpcConfiguration: + type: object + description: This structure specifies the VPC subnets and security groups for the task, and whether a public IP address is to be used. This structure is relevant only for ECS tasks that use the awsvpc network mode. + properties: + Subnets: + type: array + items: + type: string + maxLength: 1000 + minLength: 1 + description: Specifies the subnet associated with the task. + maxItems: 16 + minItems: 1 + description: Specifies the subnets associated with the task. These subnets must all be in the same VPC. You can specify as many as 16 subnets. + x-insertionOrder: false + SecurityGroups: + type: array + items: + type: string + maxLength: 1000 + minLength: 1 + description: Specifies the security group associated with the task. + maxItems: 5 + minItems: 1 + description: Specifies the security groups associated with the task. These security groups must all be in the same VPC. You can specify as many as five security groups. If you do not specify a security group, the default security group for the VPC is used. + x-insertionOrder: false + AssignPublicIp: + $ref: '#/components/schemas/AssignPublicIp' + required: + - Subnets + additionalProperties: false + CapacityProviderStrategyItem: + type: object + description: The details of a capacity provider strategy. + properties: + CapacityProvider: + type: string + maxLength: 255 + minLength: 1 + description: The short name of the capacity provider. + Weight: + type: number + default: 0 + maximum: 1000 + minimum: 0 + description: The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied. + Base: + type: number + default: 0 + maximum: 100000 + minimum: 0 + description: The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. If no value is specified, the default value of 0 is used. + required: + - CapacityProvider + additionalProperties: false + DeadLetterConfig: + type: object + description: A DeadLetterConfig object that contains information about a dead-letter queue configuration. + properties: + Arn: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^arn:aws(-[a-z]+)?:sqs:[a-z0-9\-]+:\d{12}:[a-zA-Z0-9\-_]+$ + description: The ARN of the SQS queue specified as the target for the dead-letter queue. + additionalProperties: false + EcsParameters: + type: object + description: The custom parameters to be used when the target is an Amazon ECS task. + properties: + TaskDefinitionArn: + type: string + maxLength: 1600 + minLength: 1 + description: The ARN of the task definition to use if the event target is an Amazon ECS task. + TaskCount: + type: number + maximum: 10 + minimum: 1 + description: The number of tasks to create based on TaskDefinition. The default is 1. + LaunchType: + $ref: '#/components/schemas/LaunchType' + NetworkConfiguration: + $ref: '#/components/schemas/NetworkConfiguration' + PlatformVersion: + type: string + maxLength: 64 + minLength: 1 + description: Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as 1.1.0. + Group: + type: string + maxLength: 255 + minLength: 1 + description: Specifies an ECS task group for the task. The maximum length is 255 characters. + CapacityProviderStrategy: + type: array + items: + $ref: '#/components/schemas/CapacityProviderStrategyItem' + maxItems: 6 + description: The capacity provider strategy to use for the task. + x-insertionOrder: false + EnableECSManagedTags: + type: boolean + description: Specifies whether to enable Amazon ECS managed tags for the task. For more information, see Tagging Your Amazon ECS Resources in the Amazon Elastic Container Service Developer Guide. + EnableExecuteCommand: + type: boolean + description: Whether or not to enable the execute command functionality for the containers in this task. If true, this enables execute command functionality on all containers in the task. + PlacementConstraints: + type: array + items: + $ref: '#/components/schemas/PlacementConstraint' + maxItems: 10 + description: An array of placement constraint objects to use for the task. You can specify up to 10 constraints per task (including constraints in the task definition and those specified at runtime). + x-insertionOrder: false + PlacementStrategy: + type: array + items: + $ref: '#/components/schemas/PlacementStrategy' + maxItems: 5 + description: The placement strategy objects to use for the task. You can specify a maximum of five strategy rules per task. + x-insertionOrder: false + PropagateTags: + $ref: '#/components/schemas/PropagateTags' + ReferenceId: + type: string + maxLength: 1024 + description: The reference ID to use for the task. + Tags: + type: array + items: + $ref: '#/components/schemas/TagMap' + maxItems: 50 + minItems: 0 + description: The metadata that you apply to the task to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. To learn more, see RunTask in the Amazon ECS API Reference. + x-insertionOrder: false + required: + - TaskDefinitionArn + additionalProperties: false + EventBridgeParameters: + type: object + description: EventBridge PutEvent predefined target type. + properties: + DetailType: + type: string + maxLength: 128 + minLength: 1 + description: Free-form string, with a maximum of 128 characters, used to decide what fields to expect in the event detail. + Source: + type: string + maxLength: 256 + minLength: 1 + pattern: ^(?=[/\.\-_A-Za-z0-9]+)((?!aws\.).*)|(\$(\.[\w_-]+(\[(\d+|\*)\])*)*)$ + description: The source of the event. + required: + - DetailType + - Source + additionalProperties: false + FlexibleTimeWindow: + type: object + description: Flexible time window allows configuration of a window within which a schedule can be invoked + properties: + Mode: + $ref: '#/components/schemas/FlexibleTimeWindowMode' + MaximumWindowInMinutes: + type: number + maximum: 1440 + minimum: 1 + description: The maximum time window during which a schedule can be invoked. + required: + - Mode + additionalProperties: false + FlexibleTimeWindowMode: + type: string + description: Determines whether the schedule is executed within a flexible time window. + enum: + - 'OFF' + - FLEXIBLE + KinesisParameters: + type: object + description: The custom parameter you can use to control the shard to which EventBridge Scheduler sends the event. + properties: + PartitionKey: + type: string + maxLength: 256 + minLength: 1 + description: The custom parameter used as the Kinesis partition key. For more information, see Amazon Kinesis Streams Key Concepts in the Amazon Kinesis Streams Developer Guide. + required: + - PartitionKey + additionalProperties: false + LaunchType: + type: string + description: Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. The FARGATE value is supported only in the Regions where AWS Fargate with Amazon ECS is supported. For more information, see AWS Fargate on Amazon ECS in the Amazon Elastic Container Service Developer Guide. + enum: + - EC2 + - FARGATE + - EXTERNAL + NetworkConfiguration: + type: object + description: This structure specifies the network configuration for an ECS task. + properties: + AwsvpcConfiguration: + $ref: '#/components/schemas/AwsVpcConfiguration' + additionalProperties: false + PlacementConstraint: + type: object + description: An object representing a constraint on task placement. + properties: + Type: + $ref: '#/components/schemas/PlacementConstraintType' + Expression: + type: string + maxLength: 2000 + description: A cluster query language expression to apply to the constraint. You cannot specify an expression if the constraint type is distinctInstance. To learn more, see Cluster Query Language in the Amazon Elastic Container Service Developer Guide. + additionalProperties: false + PlacementConstraintType: + type: string + description: The type of constraint. Use distinctInstance to ensure that each task in a particular group is running on a different container instance. Use memberOf to restrict the selection to a group of valid candidates. + enum: + - distinctInstance + - memberOf + PlacementStrategy: + type: object + description: The task placement strategy for a task or service. + properties: + Type: + $ref: '#/components/schemas/PlacementStrategyType' + Field: + type: string + maxLength: 255 + description: The field to apply the placement strategy against. For the spread placement strategy, valid values are instanceId (or host, which has the same effect), or any platform or custom attribute that is applied to a container instance, such as attribute:ecs.availability-zone. For the binpack placement strategy, valid values are cpu and memory. For the random placement strategy, this field is not used. + additionalProperties: false + PlacementStrategyType: + type: string + description: >- + The type of placement strategy. The random placement strategy randomly places tasks on available candidates. The spread placement strategy spreads placement across available candidates evenly based on the field parameter. The binpack strategy places tasks on available candidates that have the least available amount of the resource that is specified with the field parameter. For example, if you binpack on memory, a task is placed on the instance with the least amount of remaining memory + (but still enough to run the task). + enum: + - random + - spread + - binpack + PropagateTags: + type: string + description: Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags are not propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the TagResource API action. + enum: + - TASK_DEFINITION + RetryPolicy: + type: object + description: A RetryPolicy object that includes information about the retry policy settings. + properties: + MaximumEventAgeInSeconds: + type: number + maximum: 86400 + minimum: 60 + description: The maximum amount of time, in seconds, to continue to make retry attempts. + MaximumRetryAttempts: + type: number + maximum: 185 + minimum: 0 + description: The maximum number of retry attempts to make before the request fails. Retry attempts with exponential backoff continue until either the maximum number of attempts is made or until the duration of the MaximumEventAgeInSeconds is reached. + additionalProperties: false + SageMakerPipelineParameter: + type: object + description: Name/Value pair of a parameter to start execution of a SageMaker Model Building Pipeline. + properties: + Name: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9\-_]*$ + description: Name of parameter to start execution of a SageMaker Model Building Pipeline. + Value: + type: string + maxLength: 1024 + minLength: 1 + description: Value of parameter to start execution of a SageMaker Model Building Pipeline. + required: + - Name + - Value + additionalProperties: false + SageMakerPipelineParameters: + type: object + description: These are custom parameters to use when the target is a SageMaker Model Building Pipeline that starts based on AWS EventBridge Scheduler schedules. + properties: + PipelineParameterList: + type: array + items: + $ref: '#/components/schemas/SageMakerPipelineParameter' + maxItems: 200 + minItems: 0 + description: List of Parameter names and values for SageMaker Model Building Pipeline execution. + x-insertionOrder: false + additionalProperties: false + ScheduleState: + type: string + description: Specifies whether the schedule is enabled or disabled. + enum: + - ENABLED + - DISABLED + SqsParameters: + type: object + description: Contains the message group ID to use when the target is a FIFO queue. If you specify an SQS FIFO queue as a target, the queue must have content-based deduplication enabled. + properties: + MessageGroupId: + type: string + maxLength: 128 + minLength: 1 + description: The FIFO message group ID to use as the target. + additionalProperties: false + TagMap: + type: object + x-patternProperties: + .+: + type: string + maxLength: 256 + minLength: 1 + additionalProperties: false + Target: + type: object + description: The schedule target. + properties: + Arn: + type: string + maxLength: 1600 + minLength: 1 + description: The Amazon Resource Name (ARN) of the target. + RoleArn: + type: string + maxLength: 1600 + minLength: 1 + pattern: ^arn:aws(-[a-z]+)?:iam::\d{12}:role\/[\w+=,.@\/-]+$ + description: The Amazon Resource Name (ARN) of the IAM role to be used for this target when the schedule is triggered. + DeadLetterConfig: + $ref: '#/components/schemas/DeadLetterConfig' + RetryPolicy: + $ref: '#/components/schemas/RetryPolicy' + Input: + type: string + minLength: 1 + description: The text, or well-formed JSON, passed to the target. If you are configuring a templated Lambda, AWS Step Functions, or Amazon EventBridge target, the input must be a well-formed JSON. For all other target types, a JSON is not required. If you do not specify anything for this field, EventBridge Scheduler delivers a default notification to the target. + EcsParameters: + $ref: '#/components/schemas/EcsParameters' + EventBridgeParameters: + $ref: '#/components/schemas/EventBridgeParameters' + KinesisParameters: + $ref: '#/components/schemas/KinesisParameters' + SageMakerPipelineParameters: + $ref: '#/components/schemas/SageMakerPipelineParameters' + SqsParameters: + $ref: '#/components/schemas/SqsParameters' + required: + - Arn + - RoleArn + additionalProperties: false + Schedule: + type: object + properties: + Arn: + type: string + maxLength: 1224 + minLength: 1 + pattern: ^arn:aws(-[a-z]+)?:scheduler:[a-z0-9\-]+:\d{12}:schedule\/[0-9a-zA-Z-_.]+\/[0-9a-zA-Z-_.]+$ + description: The Amazon Resource Name (ARN) of the schedule. + Description: + type: string + maxLength: 512 + minLength: 0 + description: The description of the schedule. + EndDate: + type: string + description: The date, in UTC, before which the schedule can invoke its target. Depending on the schedule's recurrence expression, invocations might stop on, or before, the EndDate you specify. + format: date-time + FlexibleTimeWindow: + $ref: '#/components/schemas/FlexibleTimeWindow' + GroupName: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[0-9a-zA-Z-_.]+$ + description: The name of the schedule group to associate with this schedule. If you omit this, the default schedule group is used. + KmsKeyArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(-[a-z]+)?:kms:[a-z0-9\-]+:\d{12}:(key|alias)\/[0-9a-zA-Z-_]*$ + description: The ARN for a KMS Key that will be used to encrypt customer data. + Name: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[0-9a-zA-Z-_.]+$ + ScheduleExpression: + type: string + maxLength: 256 + minLength: 1 + description: The scheduling expression. + ScheduleExpressionTimezone: + type: string + maxLength: 50 + minLength: 1 + description: The timezone in which the scheduling expression is evaluated. + StartDate: + type: string + description: The date, in UTC, after which the schedule can begin invoking its target. Depending on the schedule's recurrence expression, invocations might occur on, or after, the StartDate you specify. + format: date-time + State: + $ref: '#/components/schemas/ScheduleState' + Target: + $ref: '#/components/schemas/Target' + required: + - FlexibleTimeWindow + - ScheduleExpression + - Target + x-stackql-resource-name: schedule + description: Definition of AWS::Scheduler::Schedule Resource Type + x-type-name: AWS::Scheduler::Schedule + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - FlexibleTimeWindow + - ScheduleExpression + - Target + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - scheduler:CreateSchedule + - scheduler:GetSchedule + - iam:PassRole + read: + - scheduler:GetSchedule + update: + - scheduler:UpdateSchedule + - scheduler:GetSchedule + - iam:PassRole + delete: + - scheduler:DeleteSchedule + - scheduler:GetSchedule + list: + - scheduler:ListSchedules + ScheduleGroupState: + type: string + description: Specifies the state of the schedule group. + enum: + - ACTIVE + - DELETING + Tag: + type: object + description: Tag to associate with the resource. + properties: + Key: + type: string + maxLength: 128 + minLength: 1 + description: Key for the tag + Value: + type: string + maxLength: 256 + minLength: 1 + description: Value for the tag + required: + - Key + - Value + additionalProperties: false + ScheduleGroup: + type: object + properties: + Arn: + type: string + maxLength: 1224 + minLength: 1 + pattern: ^arn:aws(-[a-z]+)?:scheduler:[a-z0-9\-]+:\d{12}:schedule-group\/[0-9a-zA-Z-_.]+$ + description: The Amazon Resource Name (ARN) of the schedule group. + CreationDate: + type: string + description: The time at which the schedule group was created. + format: date-time + LastModificationDate: + type: string + description: The time at which the schedule group was last modified. + format: date-time + Name: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[0-9a-zA-Z-_.]+$ + State: + $ref: '#/components/schemas/ScheduleGroupState' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + description: The list of tags to associate with the schedule group. + x-insertionOrder: false + x-stackql-resource-name: schedule_group + description: Definition of AWS::Scheduler::ScheduleGroup Resource Type + x-type-name: AWS::Scheduler::ScheduleGroup + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + - CreationDate + - LastModificationDate + - State + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - scheduler:TagResource + - scheduler:CreateScheduleGroup + - scheduler:GetScheduleGroup + - scheduler:ListTagsForResource + read: + - scheduler:GetScheduleGroup + - scheduler:ListTagsForResource + update: + - scheduler:TagResource + - scheduler:UntagResource + - scheduler:ListTagsForResource + - scheduler:GetScheduleGroup + delete: + - scheduler:DeleteScheduleGroup + - scheduler:GetScheduleGroup + - scheduler:DeleteSchedule + list: + - scheduler:ListScheduleGroups + x-stackQL-resources: + schedules: + name: schedules + id: aws.scheduler.schedules + x-cfn-schema-name: Schedule + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Scheduler::Schedule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Scheduler::Schedule' + AND region = 'us-east-1' + schedule: + name: schedule + id: aws.scheduler.schedule + x-cfn-schema-name: Schedule + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EndDate') as end_date, + JSON_EXTRACT(Properties, '$.FlexibleTimeWindow') as flexible_time_window, + JSON_EXTRACT(Properties, '$.GroupName') as group_name, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ScheduleExpression') as schedule_expression, + JSON_EXTRACT(Properties, '$.ScheduleExpressionTimezone') as schedule_expression_timezone, + JSON_EXTRACT(Properties, '$.StartDate') as start_date, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Target') as target + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Scheduler::Schedule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EndDate') as end_date, + json_extract_path_text(Properties, 'FlexibleTimeWindow') as flexible_time_window, + json_extract_path_text(Properties, 'GroupName') as group_name, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ScheduleExpression') as schedule_expression, + json_extract_path_text(Properties, 'ScheduleExpressionTimezone') as schedule_expression_timezone, + json_extract_path_text(Properties, 'StartDate') as start_date, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Target') as target + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Scheduler::Schedule' + AND data__Identifier = '' + AND region = 'us-east-1' + schedule_groups: + name: schedule_groups + id: aws.scheduler.schedule_groups + x-cfn-schema-name: ScheduleGroup + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Scheduler::ScheduleGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Scheduler::ScheduleGroup' + AND region = 'us-east-1' + schedule_group: + name: schedule_group + id: aws.scheduler.schedule_group + x-cfn-schema-name: ScheduleGroup + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationDate') as creation_date, + JSON_EXTRACT(Properties, '$.LastModificationDate') as last_modification_date, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Scheduler::ScheduleGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationDate') as creation_date, + json_extract_path_text(Properties, 'LastModificationDate') as last_modification_date, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Scheduler::ScheduleGroup' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/secretsmanager.yaml b/providers/src/aws/v00.00.00000/services/secretsmanager.yaml new file mode 100644 index 00000000..907d46a7 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/secretsmanager.yaml @@ -0,0 +1,244 @@ +openapi: 3.0.0 +info: + title: SecretsManager + version: 1.0.0 +paths: {} +components: + schemas: + GenerateSecretString: + type: object + additionalProperties: false + properties: + ExcludeUppercase: + type: boolean + description: Specifies whether to exclude uppercase letters from the password. If you don't include this switch, the password can contain uppercase letters. + RequireEachIncludedType: + type: boolean + description: Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation. If you don't include this switch, the password contains at least one of every character type. + IncludeSpace: + type: boolean + description: Specifies whether to include the space character. If you include this switch, the password can contain space characters. + ExcludeCharacters: + type: string + description: A string of the characters that you don't want in the password. + GenerateStringKey: + type: string + description: The JSON key name for the key/value pair, where the value is the generated password. This pair is added to the JSON structure specified by the ``SecretStringTemplate`` parameter. If you specify this parameter, then you must also specify ``SecretStringTemplate``. + PasswordLength: + type: integer + description: The length of the password. If you don't include this parameter, the default length is 32 characters. + ExcludePunctuation: + type: boolean + description: 'Specifies whether to exclude the following punctuation characters from the password: ``! " # $ % & '' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~``. If you don''t include this switch, the password can contain punctuation.' + ExcludeLowercase: + type: boolean + description: Specifies whether to exclude lowercase letters from the password. If you don't include this switch, the password can contain lowercase letters. + SecretStringTemplate: + type: string + description: A template that the generated string must match. When you make a change to this property, a new secret version is created. + ExcludeNumbers: + type: boolean + description: Specifies whether to exclude numbers from the password. If you don't include this switch, the password can contain numbers. + description: |- + Generates a random password. We recommend that you specify the maximum length and include every character type that the system you are generating a password for can support. + *Required permissions:* ``secretsmanager:GetRandomPassword``. For more information, see [IAM policy actions for Secrets Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions) and [Authentication and access control in Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). + ReplicaRegion: + type: object + description: Specifies a ``Region`` and the ``KmsKeyId`` for a replica secret. + additionalProperties: false + properties: + KmsKeyId: + type: string + description: The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include this field, Secrets Manager uses ``aws/secretsmanager``. + Region: + type: string + description: A string that represents a ``Region``, for example "us-east-1". + required: + - Region + Tag: + type: object + description: A structure that contains information about a tag. + additionalProperties: false + properties: + Value: + type: string + description: The string value associated with the key of the tag. + Key: + type: string + description: The key identifier, or name, of the tag. + required: + - Value + - Key + Secret: + type: object + properties: + Description: + type: string + description: The description of the secret. + KmsKeyId: + type: string + description: |- + The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt the secret value in the secret. An alias is always prefixed by ``alias/``, for example ``alias/aws/secretsmanager``. For more information, see [About aliases](https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html). + To use a KMS key in a different account, use the key ARN or the alias ARN. + If you don't specify this value, then Secrets Manager uses the key ``aws/secretsmanager``. If that key doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value. + If the secret is in a different AWS account from the credentials calling the API, then you can't use ``aws/secretsmanager`` to encrypt the secret, and you must create and use a customer managed KMS key. + SecretString: + type: string + description: The text to encrypt and store in the secret. We recommend you use a JSON structure of key/value pairs for your secret value. To generate a random password, use ``GenerateSecretString`` instead. If you omit both ``GenerateSecretString`` and ``SecretString``, you create an empty secret. When you make a change to this property, a new secret version is created. + GenerateSecretString: + $ref: '#/components/schemas/GenerateSecretString' + description: |- + A structure that specifies how to generate a password to encrypt and store in the secret. To include a specific string in the secret, use ``SecretString`` instead. If you omit both ``GenerateSecretString`` and ``SecretString``, you create an empty secret. When you make a change to this property, a new secret version is created. + We recommend that you specify the maximum length and include every character type that the system you are generating a password for can support. + ReplicaRegions: + type: array + description: A custom type that specifies a ``Region`` and the ``KmsKeyId`` for a replica secret. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/ReplicaRegion' + Id: + type: string + description: '' + Tags: + type: array + description: |- + A list of tags to attach to the secret. Each tag is a key and value pair of strings in a JSON text string, for example: + ``[{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]`` + Secrets Manager tag key names are case sensitive. A tag with the key "ABC" is a different tag from one with key "abc". + Stack-level tags, tags you apply to the CloudFormation stack, are also attached to the secret. + If you check tags in permissions policies as part of your security strategy, then adding or removing a tag can change permissions. If the completion of this operation would result in you losing your permissions for this secret, then Secrets Manager blocks the operation and returns an ``Access Denied`` error. For more information, see [Control access to secrets using tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac) and [Limit access to identities with tags that match secrets' tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2). + For information about how to format a JSON parameter for the various command line tool environments, see [Using JSON for Parameters](https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json). If your command-line tool or SDK requires quotation marks around the parameter, you should use single quotes to avoid confusion with the double quotes required in the JSON text. + The following restrictions apply to tags: + + Maximum number of tags per secret: 50 + + Maximum key length: 127 Unicode characters in UTF-8 + + Maximum value length: 255 Unicode characters in UTF-8 + + Tag keys and values are case sensitive. + + Do not use the ``aws:`` prefix in your tag names or values because AWS reserves it for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit. + + If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Name: + type: string + description: |- + The name of the new secret. + The secret name can contain ASCII letters, numbers, and the following characters: /_+=.@- + Do not end your secret name with a hyphen followed by six characters. If you do so, you risk confusion and unexpected results when searching for a secret by partial ARN. Secrets Manager automatically adds a hyphen and six random characters after the secret name at the end of the ARN. + x-stackql-resource-name: secret + description: |- + Creates a new secret. A *secret* can be a password, a set of credentials such as a user name and password, an OAuth token, or other secret information that you store in an encrypted form in Secrets Manager. + For RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html). + To retrieve a secret in a CFNshort template, use a *dynamic reference*. For more information, see [Retrieve a secret in an resource](https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_reference-secret.html). + A common scenario is to first create a secret with ``GenerateSecretString``, which generates a password, and then use a dynamic reference to retrieve the username and password from the secret to use as credentials for a new database. See the example *Creating a Redshift cluster and a secret for the admin credentials*. + For information about creating a secret in the console, see [Create a secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html). For information about creating a secret using the CLI or SDK, see [CreateSecret](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html). + For information about retrieving a secret in code, see [Retrieve secrets from Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html). + x-type-name: AWS::SecretsManager::Secret + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Name + x-write-only-properties: + - SecretString + - GenerateSecretString + x-read-only-properties: + - Id + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - secretsmanager:DescribeSecret + - secretsmanager:GetRandomPassword + - secretsmanager:CreateSecret + - secretsmanager:TagResource + delete: + - secretsmanager:DeleteSecret + - secretsmanager:DescribeSecret + - secretsmanager:RemoveRegionsFromReplication + list: + - secretsmanager:ListSecrets + read: + - secretsmanager:DescribeSecret + - secretsmanager:GetSecretValue + update: + - secretsmanager:UpdateSecret + - secretsmanager:TagResource + - secretsmanager:UntagResource + - secretsmanager:GetRandomPassword + - secretsmanager:GetSecretValue + - secretsmanager:ReplicateSecretToRegions + - secretsmanager:RemoveRegionsFromReplication + x-stackQL-resources: + secrets: + name: secrets + id: aws.secretsmanager.secrets + x-cfn-schema-name: Secret + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecretsManager::Secret' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecretsManager::Secret' + AND region = 'us-east-1' + secret: + name: secret + id: aws.secretsmanager.secret + x-cfn-schema-name: Secret + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.SecretString') as secret_string, + JSON_EXTRACT(Properties, '$.GenerateSecretString') as generate_secret_string, + JSON_EXTRACT(Properties, '$.ReplicaRegions') as replica_regions, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecretsManager::Secret' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'SecretString') as secret_string, + json_extract_path_text(Properties, 'GenerateSecretString') as generate_secret_string, + json_extract_path_text(Properties, 'ReplicaRegions') as replica_regions, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecretsManager::Secret' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/securityhub.yaml b/providers/src/aws/v00.00.00000/services/securityhub.yaml new file mode 100644 index 00000000..1a32e78d --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/securityhub.yaml @@ -0,0 +1,2089 @@ +openapi: 3.0.0 +info: + title: SecurityHub + version: 1.0.0 +paths: {} +components: + schemas: + Tags: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + x-patternProperties: + ^[a-zA-Z0-9-_]{1,128}$: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + NonEmptyString: + description: Non-empty string definition. + type: string + minLength: 1 + DateFilter: + description: A date filter for querying findings. + properties: + DateRange: + $ref: '#/components/schemas/DateRange' + End: + $ref: '#/components/schemas/ISO8601DateString' + Start: + $ref: '#/components/schemas/ISO8601DateString' + type: object + additionalProperties: false + DateRange: + description: A date range for the date filter. + properties: + Unit: + description: A date range unit for the date filter. + enum: + - DAYS + type: string + Value: + description: A date range value for the date filter. + type: number + required: + - Unit + - Value + type: object + additionalProperties: false + BooleanFilter: + description: Boolean filter for querying findings. + properties: + Value: + description: The value of the boolean. + type: boolean + required: + - Value + type: object + additionalProperties: false + MapFilter: + description: A map filter for filtering AWS Security Hub findings. + properties: + Comparison: + description: The condition to apply to the key value when filtering Security Hub findings with a map filter. + enum: + - EQUALS + - NOT_EQUALS + type: string + Key: + $ref: '#/components/schemas/NonEmptyString' + Value: + $ref: '#/components/schemas/NonEmptyString' + required: + - Comparison + - Key + - Value + type: object + additionalProperties: false + NumberFilter: + description: A number filter for querying findings. + properties: + Eq: + description: The equal-to condition to be applied to a single field when querying for findings. + type: number + Gte: + description: The greater-than-equal condition to be applied to a single field when querying for findings. + type: number + Lte: + description: The less-than-equal condition to be applied to a single field when querying for findings. + type: number + type: object + additionalProperties: false + StringFilter: + description: A string filter for filtering AWS Security Hub findings. + properties: + Comparison: + $ref: '#/components/schemas/StringFilterComparison' + Value: + $ref: '#/components/schemas/NonEmptyString' + required: + - Comparison + - Value + type: object + additionalProperties: false + StringFilterComparison: + description: The condition to apply to a string value when filtering Security Hub findings. + enum: + - EQUALS + - PREFIX + - NOT_EQUALS + - PREFIX_NOT_EQUALS + type: string + ISO8601DateString: + description: The date and time, in UTC and ISO 8601 format. + type: string + pattern: ^([\+-]?\d{4}(?!\d{2}))((-?)((0[1-9]|1[0-2])(\3([12]\d|0[1-9]|3[01]))?|W([0-4]\d|5[0-2])(-?[1-7])?|(00[1-9]|0[1-9]\d|[12]\d{2}|3([0-5]\d|6[1-6])))([tT]((([01]\d|2[0-3])((:?)[0-5]\d)?|24\:?00)([\.,]\d+(?!:))?)?(\17[0-5]\d([\.,]\d+)?)?([zZ]|([\+-])([01]\d|2[0-3]):?([0-5]\d)?)?)?)?$ + arn: + description: The Amazon Resource Name (ARN) of the automation rule. + type: string + minLength: 12 + maxLength: 2048 + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso-?[a-z]{0,2}):[A-Za-z0-9]{1,63}:[a-z]+-([a-z]{1,10}-)?[a-z]+-[0-9]+:([0-9]{12})?:.+$ + arnOrId: + description: The Amazon Resource Name (ARN) or Id of the automation rule. + anyOf: + - type: string + minLength: 1 + maxLength: 512 + - $ref: '#/components/schemas/arn' + timestamp: + type: string + format: date-time + pattern: (\d\d\d\d)-[0-1](\d)-[0-3](\d)[Tt](?:[0-2](\d):[0-5](\d):[0-5](\d)|23:59:60)(?:\.(\d)+)?(?:[Zz]|[+-](\d\d)(?::?(\d\d))?)$ + int100: + description: Integer from 0 to 100. + type: integer + minimum: 0 + maximum: 100 + map: + description: An object of user-defined name and value string pair added to a finding. + type: object + minProperties: 1 + maxProperties: 50 + x-patternProperties: + ^[-_+=.:/@\w\s]{1,128}$: + description: The value for the key in the map + type: string + minLength: 0 + maxLength: 1024 + additionalProperties: false + RelatedFinding: + description: Provides details about a list of findings that the current finding relates to. + type: object + properties: + ProductArn: + $ref: '#/components/schemas/arn' + description: The Amazon Resource Name (ARN) for the product that generated a related finding. + Id: + $ref: '#/components/schemas/arnOrId' + description: '' + additionalProperties: false + required: + - ProductArn + - Id + NoteUpdate: + description: '' + type: object + properties: + Text: + description: '' + type: string + minLength: 1 + maxLength: 512 + UpdatedBy: + $ref: '#/components/schemas/arnOrId' + description: '' + additionalProperties: false + required: + - Text + - UpdatedBy + WorkflowUpdate: + description: '' + type: object + properties: + Status: + description: '' + type: string + enum: + - NEW + - NOTIFIED + - RESOLVED + - SUPPRESSED + required: + - Status + additionalProperties: false + SeverityUpdate: + description: '' + type: object + properties: + Product: + description: '' + type: number + Label: + description: '' + type: string + enum: + - INFORMATIONAL + - LOW + - MEDIUM + - HIGH + - CRITICAL + Normalized: + $ref: '#/components/schemas/int100' + description: '' + additionalProperties: false + AutomationRulesFindingFieldsUpdate: + description: The rule action will update the ``Note`` field of a finding. + type: object + properties: + Types: + description: '' + type: array + maxItems: 50 + uniqueItems: true + items: + type: string + pattern: ^([^/]+)(/[^/]+){0,2}$ + Severity: + type: object + description: The rule action will update the ``Severity`` field of a finding. + $ref: '#/components/schemas/SeverityUpdate' + Confidence: + $ref: '#/components/schemas/int100' + description: '' + Criticality: + $ref: '#/components/schemas/int100' + description: '' + UserDefinedFields: + $ref: '#/components/schemas/map' + description: '' + VerificationState: + description: '' + type: string + enum: + - UNKNOWN + - TRUE_POSITIVE + - FALSE_POSITIVE + - BENIGN_POSITIVE + RelatedFindings: + description: The rule action will update the ``RelatedFindings`` field of a finding. + type: array + minItems: 1 + maxItems: 10 + items: + $ref: '#/components/schemas/RelatedFinding' + Note: + type: object + description: The rule action will update the ``Note`` field of a finding. + $ref: '#/components/schemas/NoteUpdate' + Workflow: + type: object + description: The rule action will update the ``Workflow`` field of a finding. + $ref: '#/components/schemas/WorkflowUpdate' + AutomationRulesAction: + description: '' + type: object + properties: + Type: + description: '' + type: string + enum: + - FINDING_FIELDS_UPDATE + FindingFieldsUpdate: + $ref: '#/components/schemas/AutomationRulesFindingFieldsUpdate' + description: '' + required: + - Type + - FindingFieldsUpdate + AutomationRulesFindingFilters: + description: '' + type: object + additionalProperties: false + properties: + ProductArn: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + AwsAccountId: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 100 + Id: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + GeneratorId: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 100 + Type: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + FirstObservedAt: + description: '' + items: + $ref: '#/components/schemas/DateFilter' + type: array + maxItems: 20 + LastObservedAt: + description: '' + items: + $ref: '#/components/schemas/DateFilter' + type: array + maxItems: 20 + CreatedAt: + description: '' + items: + $ref: '#/components/schemas/DateFilter' + type: array + maxItems: 20 + UpdatedAt: + description: '' + items: + $ref: '#/components/schemas/DateFilter' + type: array + maxItems: 20 + Confidence: + description: '' + items: + $ref: '#/components/schemas/NumberFilter' + type: array + maxItems: 20 + Criticality: + description: '' + items: + $ref: '#/components/schemas/NumberFilter' + type: array + maxItems: 20 + Title: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 100 + Description: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + SourceUrl: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + ProductName: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + CompanyName: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + SeverityLabel: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + ResourceType: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + ResourceId: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 100 + ResourcePartition: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + ResourceRegion: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + ResourceTags: + description: '' + items: + $ref: '#/components/schemas/MapFilter' + type: array + maxItems: 20 + ResourceDetailsOther: + description: '' + items: + $ref: '#/components/schemas/MapFilter' + type: array + maxItems: 20 + ComplianceStatus: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + ComplianceSecurityControlId: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + ComplianceAssociatedStandardsId: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + VerificationState: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + WorkflowStatus: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + RecordState: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + RelatedFindingsProductArn: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + RelatedFindingsId: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + NoteText: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + NoteUpdatedAt: + description: '' + items: + $ref: '#/components/schemas/DateFilter' + type: array + maxItems: 20 + NoteUpdatedBy: + description: '' + items: + $ref: '#/components/schemas/StringFilter' + type: array + maxItems: 20 + UserDefinedFields: + description: '' + items: + $ref: '#/components/schemas/MapFilter' + type: array + maxItems: 20 + AutomationRule: + type: object + properties: + RuleArn: + description: '' + type: string + pattern: arn:aws\S*:securityhub:\S* + RuleStatus: + description: Whether the rule is active after it is created. If this parameter is equal to ``ENABLED``, ASH applies the rule to findings and finding updates after the rule is created. + type: string + enum: + - ENABLED + - DISABLED + RuleOrder: + description: '' + type: integer + minimum: 1 + maximum: 1000 + Description: + description: '' + type: string + minLength: 1 + maxLength: 1024 + RuleName: + description: '' + type: string + minLength: 1 + maxLength: 256 + CreatedAt: + description: '' + $ref: '#/components/schemas/ISO8601DateString' + UpdatedAt: + description: '' + $ref: '#/components/schemas/ISO8601DateString' + CreatedBy: + description: '' + type: string + minLength: 1 + maxLength: 256 + IsTerminal: + description: '' + type: boolean + Actions: + type: array + description: '' + items: + $ref: '#/components/schemas/AutomationRulesAction' + minItems: 1 + maxItems: 1 + Criteria: + description: A set of [Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding. + $ref: '#/components/schemas/AutomationRulesFindingFilters' + Tags: + description: '' + $ref: '#/components/schemas/Tags' + x-stackql-resource-name: automation_rule + description: The ``AWS::SecurityHub::AutomationRule`` resource specifies an automation rule based on input parameters. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *User Guide*. + x-type-name: AWS::SecurityHub::AutomationRule + x-stackql-primary-identifier: + - RuleArn + x-read-only-properties: + - RuleArn + - CreatedAt + - UpdatedAt + - CreatedBy + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - securityhub:CreateAutomationRule + - securityhub:TagResource + - securityhub:ListTagsForResource + read: + - securityhub:ListAutomationRules + - securityhub:BatchGetAutomationRules + - securityhub:ListTagsForResource + update: + - securityhub:BatchUpdateAutomationRules + - securityhub:TagResource + - securityhub:UntagResource + - securityhub:ListTagsForResource + delete: + - securityhub:BatchDeleteAutomationRules + - securityhub:BatchGetAutomationRules + list: + - securityhub:ListAutomationRules + - securityhub:ListTagsForResource + DelegatedAdmin: + type: object + properties: + DelegatedAdminIdentifier: + description: The identifier of the DelegatedAdmin being created and assigned as the unique identifier + type: string + pattern: ^[0-9]{12}/[a-zA-Z0-9-]{1,32}$ + AdminAccountId: + description: The Amazon Web Services account identifier of the account to designate as the Security Hub administrator account + type: string + pattern: ^[0-9]{12}$ + Status: + description: The current status of the Security Hub administrator account. Indicates whether the account is currently enabled as a Security Hub administrator + type: string + enum: + - ENABLED + - DISABLE_IN_PROGRESS + required: + - AdminAccountId + x-stackql-resource-name: delegated_admin + description: The AWS::SecurityHub::DelegatedAdmin resource represents the AWS Security Hub delegated admin account in your organization. One delegated admin resource is allowed to create for the organization in each region in which you configure the AdminAccountId. + x-type-name: AWS::SecurityHub::DelegatedAdmin + x-stackql-primary-identifier: + - DelegatedAdminIdentifier + x-create-only-properties: + - AdminAccountId + x-read-only-properties: + - DelegatedAdminIdentifier + - Status + x-required-properties: + - AdminAccountId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - securityhub:EnableOrganizationAdminAccount + - organizations:DescribeOrganization + - organizations:EnableAWSServiceAccess + - organizations:RegisterDelegatedAdministrator + read: + - securityhub:ListOrganizationAdminAccounts + - organizations:DescribeOrganization + delete: + - securityhub:DisableOrganizationAdminAccount + - organizations:DescribeOrganization + list: + - securityhub:ListOrganizationAdminAccounts + - organizations:DescribeOrganization + Hub: + type: object + properties: + ARN: + description: An ARN is automatically created for the customer. + type: string + pattern: ^arn:.* + EnableDefaultStandards: + description: Whether to enable the security standards that Security Hub has designated as automatically enabled. + type: boolean + ControlFindingGenerator: + description: This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards. + type: string + pattern: ^(SECURITY_CONTROL|STANDARD_CONTROL)$ + AutoEnableControls: + description: Whether to automatically enable new controls when they are added to standards that are enabled + type: boolean + Tags: + $ref: '#/components/schemas/Tags' + SubscribedAt: + description: The date and time when Security Hub was enabled in the account. + type: string + x-stackql-resource-name: hub + description: |+ + The AWS::SecurityHub::Hub resource represents the implementation of the AWS Security Hub service in your account. One hub resource is created for each Region in which you enable Security Hub. + + x-type-name: AWS::SecurityHub::Hub + x-stackql-primary-identifier: + - ARN + x-write-only-properties: + - EnableDefaultStandards + x-read-only-properties: + - ARN + - SubscribedAt + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - securityhub:EnableSecurityHub + - securityhub:UpdateSecurityHubConfiguration + - securityhub:TagResource + - securityhub:ListTagsForResource + read: + - securityhub:DescribeHub + - securityhub:ListTagsForResource + update: + - securityhub:DescribeHub + - securityhub:UpdateSecurityHubConfiguration + - securityhub:TagResource + - securityhub:UntagResource + - securityhub:ListTagsForResource + delete: + - securityhub:DisableSecurityHub + list: + - securityhub:DescribeHub + - securityhub:ListTagsForResource + IpFilter: + description: The IP filter for querying findings. + properties: + Cidr: + description: A finding's CIDR value. + $ref: '#/components/schemas/NonEmptyString' + required: + - Cidr + type: object + additionalProperties: false + KeywordFilter: + description: A keyword filter for querying findings. + properties: + Value: + description: A value for the keyword. + $ref: '#/components/schemas/NonEmptyString' + required: + - Value + type: object + additionalProperties: false + AwsSecurityFindingFilters: + description: A collection of filters that are applied to all active findings aggregated by AWS Security Hub. + type: object + additionalProperties: false + properties: + ProductArn: + description: The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + AwsAccountId: + description: The AWS account ID in which a finding is generated. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + AwsAccountName: + description: The name of the AWS account in which a finding is generated. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + Id: + description: The security findings provider-specific identifier for a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + GeneratorId: + description: The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + Type: + description: A finding type in the format of namespace/category/classifier that classifies a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + Region: + description: The Region from which the finding was generated. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + FirstObservedAt: + description: An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured. + items: + $ref: '#/components/schemas/DateFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + LastObservedAt: + description: An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured. + items: + $ref: '#/components/schemas/DateFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + CreatedAt: + description: An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured. + items: + $ref: '#/components/schemas/DateFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + UpdatedAt: + description: An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record. + items: + $ref: '#/components/schemas/DateFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + SeverityLabel: + description: The label of a finding's severity. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + Confidence: + description: A finding's confidence. + items: + $ref: '#/components/schemas/NumberFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + Criticality: + description: The level of importance assigned to the resources associated with the finding. + items: + $ref: '#/components/schemas/NumberFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + Title: + description: A finding's title. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + Description: + description: A finding's description. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + RecommendationText: + description: The recommendation of what to do about the issue described in a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + SourceUrl: + description: A URL that links to a page about the current finding in the security findings provider's solution. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ProductFields: + description: A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format. + items: + $ref: '#/components/schemas/MapFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ProductName: + description: The name of the solution (product) that generates findings. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + CompanyName: + description: The name of the findings provider (company) that owns the solution (product) that generates findings. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + UserDefinedFields: + description: A list of name/value string pairs associated with the finding. + items: + $ref: '#/components/schemas/MapFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + MalwareName: + description: The name of the malware that was observed. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + MalwareType: + description: The type of the malware that was observed. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + MalwarePath: + description: The filesystem path of the malware that was observed. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + MalwareState: + description: The state of the malware that was observed. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + NetworkDirection: + description: Indicates the direction of network traffic associated with a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + NetworkProtocol: + description: The protocol of network-related information about a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + NetworkSourceIpV4: + description: The source IPv4 address of network-related information about a finding. + items: + $ref: '#/components/schemas/IpFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + NetworkSourceIpV6: + description: The source IPv6 address of network-related information about a finding. + items: + $ref: '#/components/schemas/IpFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + NetworkSourcePort: + description: The source port of network-related information about a finding. + items: + $ref: '#/components/schemas/NumberFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + NetworkSourceDomain: + description: The source domain of network-related information about a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + NetworkSourceMac: + description: The source media access control (MAC) address of network-related information about a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + NetworkDestinationIpV4: + description: The destination IPv4 address of network-related information about a finding. + items: + $ref: '#/components/schemas/IpFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + NetworkDestinationIpV6: + description: The destination IPv6 address of network-related information about a finding. + items: + $ref: '#/components/schemas/IpFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + NetworkDestinationPort: + description: The destination port of network-related information about a finding. + items: + $ref: '#/components/schemas/NumberFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + NetworkDestinationDomain: + description: The destination domain of network-related information about a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ProcessName: + description: The name of the process. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ProcessPath: + description: The path to the process executable. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ProcessPid: + description: The process ID. + items: + $ref: '#/components/schemas/NumberFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ProcessParentPid: + description: The parent process ID. + items: + $ref: '#/components/schemas/NumberFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ProcessLaunchedAt: + description: A timestamp that identifies when the process was launched. + items: + $ref: '#/components/schemas/DateFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ProcessTerminatedAt: + description: A timestamp that identifies when the process was terminated. + items: + $ref: '#/components/schemas/DateFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ThreatIntelIndicatorType: + description: The type of a threat intelligence indicator. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ThreatIntelIndicatorValue: + description: The value of a threat intelligence indicator. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ThreatIntelIndicatorCategory: + description: The category of a threat intelligence indicator. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ThreatIntelIndicatorLastObservedAt: + description: A timestamp that identifies the last observation of a threat intelligence indicator. + items: + $ref: '#/components/schemas/DateFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ThreatIntelIndicatorSource: + description: The source of the threat intelligence. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ThreatIntelIndicatorSourceUrl: + description: The URL for more details from the source of the threat intelligence. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceType: + description: Specifies the type of the resource that details are provided for. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceId: + description: The canonical identifier for the given resource type. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourcePartition: + description: The canonical AWS partition name that the Region is assigned to. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceRegion: + description: The canonical AWS external Region name where this resource is located. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceTags: + description: A list of AWS tags associated with a resource at the time the finding was processed. + items: + $ref: '#/components/schemas/MapFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsEc2InstanceType: + description: The instance type of the instance. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsEc2InstanceImageId: + description: The Amazon Machine Image (AMI) ID of the instance. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsEc2InstanceIpV4Addresses: + description: The IPv4 addresses associated with the instance. + items: + $ref: '#/components/schemas/IpFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsEc2InstanceIpV6Addresses: + description: The IPv6 addresses associated with the instance. + items: + $ref: '#/components/schemas/IpFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsEc2InstanceKeyName: + description: The key name associated with the instance. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsEc2InstanceIamInstanceProfileArn: + description: The IAM profile ARN of the instance. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsEc2InstanceVpcId: + description: The identifier of the VPC that the instance was launched in. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsEc2InstanceSubnetId: + description: The identifier of the subnet that the instance was launched in. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsEc2InstanceLaunchedAt: + description: The date and time the instance was launched. + items: + $ref: '#/components/schemas/DateFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsS3BucketOwnerId: + description: The canonical user ID of the owner of the S3 bucket. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsS3BucketOwnerName: + description: The display name of the owner of the S3 bucket. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsIamAccessKeyStatus: + description: The status of the IAM access key related to a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsIamAccessKeyCreatedAt: + description: The creation date/time of the IAM access key related to a finding. + items: + $ref: '#/components/schemas/DateFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceContainerName: + description: The name of the container related to a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceContainerImageId: + description: The identifier of the image related to a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceContainerImageName: + description: The name of the image related to a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceContainerLaunchedAt: + description: A timestamp that identifies when the container was started. + items: + $ref: '#/components/schemas/DateFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceDetailsOther: + description: The details of a resource that doesn't have a specific subfield for the resource type defined. + items: + $ref: '#/components/schemas/MapFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ComplianceStatus: + description: Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + VerificationState: + description: The veracity of a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + WorkflowState: + description: The workflow state of a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + WorkflowStatus: + description: The status of the investigation into a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + RecordState: + description: The updated record state for the finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + RelatedFindingsProductArn: + description: The ARN of the solution that generated a related finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + RelatedFindingsId: + description: The solution-generated identifier for a related finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceApplicationArn: + description: The ARN of the application that is related to a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceApplicationName: + description: The name of the application that is related to a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + NoteText: + description: The text of a note. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + NoteUpdatedAt: + description: The timestamp of when the note was updated. + items: + $ref: '#/components/schemas/DateFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + NoteUpdatedBy: + description: The principal that created a note. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + Sample: + description: Indicates whether or not sample findings are included in the filter results. + items: + $ref: '#/components/schemas/BooleanFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ComplianceAssociatedStandardsId: + description: The unique identifier of a standard in which a control is enabled. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ComplianceSecurityControlId: + description: The unique identifier of a control across standards. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ComplianceSecurityControlParametersName: + description: The name of a security control parameter. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ComplianceSecurityControlParametersValue: + description: The current value of a security control parameter. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + FindingProviderFieldsConfidence: + description: The finding provider value for the finding confidence. + items: + $ref: '#/components/schemas/NumberFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + FindingProviderFieldsCriticality: + description: The finding provider value for the level of importance assigned to the resources associated with the findings. + items: + $ref: '#/components/schemas/NumberFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + FindingProviderFieldsRelatedFindingsId: + description: The finding identifier of a related finding that is identified by the finding provider. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + FindingProviderFieldsRelatedFindingsProductArn: + description: The ARN of the solution that generated a related finding that is identified by the finding provider. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + FindingProviderFieldsSeverityLabel: + description: The finding provider value for the severity label. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + FindingProviderFieldsSeverityOriginal: + description: The finding provider's original value for the severity. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + FindingProviderFieldsTypes: + description: One or more finding types that the finding provider assigned to the finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsIamAccessKeyPrincipalName: + description: The name of the principal that is associated with an IAM access key. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsIamUserUserName: + description: The name of an IAM user. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + VulnerabilitiesExploitAvailable: + description: Indicates whether a software vulnerability in your environment has a known exploit. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + VulnerabilitiesFixAvailable: + description: Indicates whether a vulnerability is fixed in a newer version of the affected software packages. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + Keyword: + description: A keyword for a finding. + items: + $ref: '#/components/schemas/KeywordFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + ResourceAwsIamAccessKeyUserName: + description: The user associated with the IAM access key related to a finding. + items: + $ref: '#/components/schemas/StringFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + SeverityNormalized: + description: The normalized severity of a finding. + items: + $ref: '#/components/schemas/NumberFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + SeverityProduct: + description: The native severity as defined by the security findings provider's solution that generated the finding. + items: + $ref: '#/components/schemas/NumberFilter' + type: array + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + Insight: + type: object + properties: + InsightArn: + description: The ARN of a Security Hub insight + type: string + pattern: arn:aws\S*:securityhub:\S* + Name: + description: The name of a Security Hub insight + type: string + minLength: 1 + maxLength: 128 + Filters: + description: One or more attributes used to filter the findings included in the insight + $ref: '#/components/schemas/AwsSecurityFindingFilters' + maxProperties: 10 + GroupByAttribute: + description: The grouping attribute for the insight's findings + $ref: '#/components/schemas/NonEmptyString' + required: + - Filters + - Name + - GroupByAttribute + x-stackql-resource-name: insight + description: The AWS::SecurityHub::Insight resource represents the AWS Security Hub Insight in your account. An AWS Security Hub insight is a collection of related findings. + x-type-name: AWS::SecurityHub::Insight + x-stackql-primary-identifier: + - InsightArn + x-read-only-properties: + - InsightArn + x-required-properties: + - Filters + - Name + - GroupByAttribute + x-tagging: + taggable: false + x-required-permissions: + create: + - securityhub:CreateInsight + read: + - securityhub:GetInsights + update: + - securityhub:UpdateInsight + delete: + - securityhub:GetInsights + - securityhub:DeleteInsight + list: + - securityhub:GetInsights + ProductSubscription: + type: object + properties: + ProductArn: + description: The generic ARN of the product being subscribed to + type: string + pattern: arn:aws\S*:securityhub:\S* + ProductSubscriptionArn: + description: The ARN of the product subscription for the account + type: string + pattern: arn:aws\S*:securityhub:\S* + required: + - ProductArn + x-stackql-resource-name: product_subscription + description: The AWS::SecurityHub::ProductSubscription resource represents a subscription to a service that is allowed to generate findings for your Security Hub account. One product subscription resource is created for each product enabled. + x-type-name: AWS::SecurityHub::ProductSubscription + x-stackql-primary-identifier: + - ProductSubscriptionArn + x-create-only-properties: + - ProductArn + x-read-only-properties: + - ProductSubscriptionArn + x-required-properties: + - ProductArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - securityhub:EnableImportFindingsForProduct + read: + - securityhub:ListEnabledProductsForImport + delete: + - securityhub:ListEnabledProductsForImport + - securityhub:DisableImportFindingsForProduct + list: + - securityhub:ListEnabledProductsForImport + StandardsControl: + description: Provides details about an individual security control. For a list of ASH controls, see [controls reference](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-controls-reference.html) in the *User Guide*. + type: object + properties: + StandardsControlArn: + type: string + description: The Amazon Resource Name (ARN) of the control. + pattern: arn:aws\S*:securityhub:\S* + Reason: + type: string + description: A user-defined reason for changing a control's enablement status in a specified standard. If you are disabling a control, then this property is required. + required: + - StandardsControlArn + additionalProperties: false + Standard: + type: object + properties: + StandardsSubscriptionArn: + description: '' + type: string + pattern: arn:aws\S*:securityhub:\S* + StandardsArn: + description: The ARN of the standard that you want to enable. To view a list of available ASH standards and their ARNs, use the [DescribeStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html) API operation. + type: string + pattern: arn:aws\S*:securityhub:\S + DisabledStandardsControls: + description: |- + Specifies which controls are to be disabled in a standard. + *Maximum*: ``100`` + type: array + minItems: 0 + maxItems: 100 + items: + $ref: '#/components/schemas/StandardsControl' + x-insertionOrder: true + uniqueItems: true + required: + - StandardsArn + x-stackql-resource-name: standard + description: |- + The ``AWS::SecurityHub::Standard`` resource specifies the enablement of a security standard. The standard is identified by the ``StandardsArn`` property. To view a list of ASH standards and their Amazon Resource Names (ARNs), use the [DescribeStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html) API operation. + You must create a separate ``AWS::SecurityHub::Standard`` resource for each standard that you want to enable. + For more information about ASH standards, see [standards reference](https://docs.aws.amazon.com/securityhub/latest/userguide/standards-reference.html) in the *User Guide*. + x-type-name: AWS::SecurityHub::Standard + x-stackql-primary-identifier: + - StandardsSubscriptionArn + x-stackql-additional-identifiers: + - - StandardsArn + x-create-only-properties: + - StandardsArn + x-read-only-properties: + - StandardsSubscriptionArn + x-required-properties: + - StandardsArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - securityhub:GetEnabledStandards + - securityhub:BatchEnableStandards + - securityhub:UpdateStandardsControl + read: + - securityhub:GetEnabledStandards + - securityhub:DescribeStandardsControls + update: + - securityhub:GetEnabledStandards + - securityhub:UpdateStandardsControl + delete: + - securityhub:GetEnabledStandards + - securityhub:BatchDisableStandards + list: + - securityhub:GetEnabledStandards + x-stackQL-resources: + automation_rules: + name: automation_rules + id: aws.securityhub.automation_rules + x-cfn-schema-name: AutomationRule + x-type: list + x-identifiers: + - RuleArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RuleArn') as rule_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityHub::AutomationRule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RuleArn') as rule_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityHub::AutomationRule' + AND region = 'us-east-1' + automation_rule: + name: automation_rule + id: aws.securityhub.automation_rule + x-cfn-schema-name: AutomationRule + x-type: get + x-identifiers: + - RuleArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RuleArn') as rule_arn, + JSON_EXTRACT(Properties, '$.RuleStatus') as rule_status, + JSON_EXTRACT(Properties, '$.RuleOrder') as rule_order, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.RuleName') as rule_name, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.CreatedBy') as created_by, + JSON_EXTRACT(Properties, '$.IsTerminal') as is_terminal, + JSON_EXTRACT(Properties, '$.Actions') as actions, + JSON_EXTRACT(Properties, '$.Criteria') as criteria, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityHub::AutomationRule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RuleArn') as rule_arn, + json_extract_path_text(Properties, 'RuleStatus') as rule_status, + json_extract_path_text(Properties, 'RuleOrder') as rule_order, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'RuleName') as rule_name, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'CreatedBy') as created_by, + json_extract_path_text(Properties, 'IsTerminal') as is_terminal, + json_extract_path_text(Properties, 'Actions') as actions, + json_extract_path_text(Properties, 'Criteria') as criteria, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityHub::AutomationRule' + AND data__Identifier = '' + AND region = 'us-east-1' + delegated_admins: + name: delegated_admins + id: aws.securityhub.delegated_admins + x-cfn-schema-name: DelegatedAdmin + x-type: list + x-identifiers: + - DelegatedAdminIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DelegatedAdminIdentifier') as delegated_admin_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityHub::DelegatedAdmin' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DelegatedAdminIdentifier') as delegated_admin_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityHub::DelegatedAdmin' + AND region = 'us-east-1' + delegated_admin: + name: delegated_admin + id: aws.securityhub.delegated_admin + x-cfn-schema-name: DelegatedAdmin + x-type: get + x-identifiers: + - DelegatedAdminIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DelegatedAdminIdentifier') as delegated_admin_identifier, + JSON_EXTRACT(Properties, '$.AdminAccountId') as admin_account_id, + JSON_EXTRACT(Properties, '$.Status') as status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityHub::DelegatedAdmin' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DelegatedAdminIdentifier') as delegated_admin_identifier, + json_extract_path_text(Properties, 'AdminAccountId') as admin_account_id, + json_extract_path_text(Properties, 'Status') as status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityHub::DelegatedAdmin' + AND data__Identifier = '' + AND region = 'us-east-1' + hubs: + name: hubs + id: aws.securityhub.hubs + x-cfn-schema-name: Hub + x-type: list + x-identifiers: + - ARN + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ARN') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityHub::Hub' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ARN') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityHub::Hub' + AND region = 'us-east-1' + hub: + name: hub + id: aws.securityhub.hub + x-cfn-schema-name: Hub + x-type: get + x-identifiers: + - ARN + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ARN') as arn, + JSON_EXTRACT(Properties, '$.EnableDefaultStandards') as enable_default_standards, + JSON_EXTRACT(Properties, '$.ControlFindingGenerator') as control_finding_generator, + JSON_EXTRACT(Properties, '$.AutoEnableControls') as auto_enable_controls, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.SubscribedAt') as subscribed_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityHub::Hub' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ARN') as arn, + json_extract_path_text(Properties, 'EnableDefaultStandards') as enable_default_standards, + json_extract_path_text(Properties, 'ControlFindingGenerator') as control_finding_generator, + json_extract_path_text(Properties, 'AutoEnableControls') as auto_enable_controls, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'SubscribedAt') as subscribed_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityHub::Hub' + AND data__Identifier = '' + AND region = 'us-east-1' + insights: + name: insights + id: aws.securityhub.insights + x-cfn-schema-name: Insight + x-type: list + x-identifiers: + - InsightArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InsightArn') as insight_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityHub::Insight' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InsightArn') as insight_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityHub::Insight' + AND region = 'us-east-1' + insight: + name: insight + id: aws.securityhub.insight + x-cfn-schema-name: Insight + x-type: get + x-identifiers: + - InsightArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InsightArn') as insight_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Filters') as filters, + JSON_EXTRACT(Properties, '$.GroupByAttribute') as group_by_attribute + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityHub::Insight' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InsightArn') as insight_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Filters') as filters, + json_extract_path_text(Properties, 'GroupByAttribute') as group_by_attribute + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityHub::Insight' + AND data__Identifier = '' + AND region = 'us-east-1' + product_subscriptions: + name: product_subscriptions + id: aws.securityhub.product_subscriptions + x-cfn-schema-name: ProductSubscription + x-type: list + x-identifiers: + - ProductSubscriptionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ProductSubscriptionArn') as product_subscription_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityHub::ProductSubscription' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ProductSubscriptionArn') as product_subscription_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityHub::ProductSubscription' + AND region = 'us-east-1' + product_subscription: + name: product_subscription + id: aws.securityhub.product_subscription + x-cfn-schema-name: ProductSubscription + x-type: get + x-identifiers: + - ProductSubscriptionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ProductArn') as product_arn, + JSON_EXTRACT(Properties, '$.ProductSubscriptionArn') as product_subscription_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityHub::ProductSubscription' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ProductArn') as product_arn, + json_extract_path_text(Properties, 'ProductSubscriptionArn') as product_subscription_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityHub::ProductSubscription' + AND data__Identifier = '' + AND region = 'us-east-1' + standards: + name: standards + id: aws.securityhub.standards + x-cfn-schema-name: Standard + x-type: list + x-identifiers: + - StandardsSubscriptionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.StandardsSubscriptionArn') as standards_subscription_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityHub::Standard' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'StandardsSubscriptionArn') as standards_subscription_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityHub::Standard' + AND region = 'us-east-1' + standard: + name: standard + id: aws.securityhub.standard + x-cfn-schema-name: Standard + x-type: get + x-identifiers: + - StandardsSubscriptionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.StandardsSubscriptionArn') as standards_subscription_arn, + JSON_EXTRACT(Properties, '$.StandardsArn') as standards_arn, + JSON_EXTRACT(Properties, '$.DisabledStandardsControls') as disabled_standards_controls + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityHub::Standard' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'StandardsSubscriptionArn') as standards_subscription_arn, + json_extract_path_text(Properties, 'StandardsArn') as standards_arn, + json_extract_path_text(Properties, 'DisabledStandardsControls') as disabled_standards_controls + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityHub::Standard' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/securitylake.yaml b/providers/src/aws/v00.00.00000/services/securitylake.yaml new file mode 100644 index 00000000..44a90dab --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/securitylake.yaml @@ -0,0 +1,551 @@ +openapi: 3.0.0 +info: + title: SecurityLake + version: 1.0.0 +paths: {} +components: + schemas: + AwsLogSource: + type: object + properties: + SourceName: + type: string + description: The name for a AWS source. This must be a Regionally unique value. + SourceVersion: + type: string + pattern: ^(latest|[0-9]\.[0-9])$ + description: The version for a AWS source. This must be a Regionally unique value. + description: Amazon Security Lake supports log and event collection for natively supported AWS services. + additionalProperties: false + EncryptionConfiguration: + description: Provides encryption details of Amazon Security Lake object. + type: object + additionalProperties: false + properties: + KmsKeyId: + description: The id of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object. + type: string + LifecycleConfiguration: + description: Provides lifecycle details of Amazon Security Lake object. + type: object + additionalProperties: false + properties: + Expiration: + $ref: '#/components/schemas/Expiration' + Transitions: + description: Provides data storage transition details of Amazon Security Lake object. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Transitions' + Expiration: + description: Provides data expiration details of Amazon Security Lake object. + type: object + additionalProperties: false + properties: + Days: + $ref: '#/components/schemas/Days' + Days: + description: Number of days before data expires in the Amazon Security Lake object. + type: integer + minimum: 1 + Transitions: + type: object + additionalProperties: false + properties: + Days: + description: Number of days before data transitions to a different S3 Storage Class in the Amazon Security Lake object. + type: integer + minimum: 1 + StorageClass: + description: The range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads. + type: string + ReplicationConfiguration: + description: Provides replication details of Amazon Security Lake object. + type: object + additionalProperties: false + properties: + Regions: + $ref: '#/components/schemas/Regions' + RoleArn: + description: Replication settings for the Amazon S3 buckets. This parameter uses the AWS Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct. + type: string + pattern: ^arn:.*$ + Regions: + description: Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different AWS Regions or within the same Region as the source bucket. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + pattern: ^(af|ap|ca|eu|me|sa|us)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\d+$ + Tag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + description: The name of the tag. This is a general label that acts as a category for a more specific tag value (value). + Value: + type: string + minLength: 0 + maxLength: 256 + description: The value that is associated with the specified tag key (key). This value acts as a descriptor for the tag key. A tag value cannot be null, but it can be an empty string. + required: + - Key + - Value + additionalProperties: false + DataLake: + type: object + properties: + EncryptionConfiguration: + $ref: '#/components/schemas/EncryptionConfiguration' + LifecycleConfiguration: + $ref: '#/components/schemas/LifecycleConfiguration' + ReplicationConfiguration: + $ref: '#/components/schemas/ReplicationConfiguration' + MetaStoreManagerRoleArn: + description: The Amazon Resource Name (ARN) used to index AWS Glue table partitions that are generated by the ingestion and normalization of AWS log sources and custom sources. + type: string + pattern: ^arn:.*$ + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Arn: + description: The Amazon Resource Name (ARN) created by you to provide to the subscriber. + type: string + minLength: 1 + maxLength: 1011 + S3BucketArn: + description: The ARN for the Amazon Security Lake Amazon S3 bucket. + type: string + x-stackql-resource-name: data_lake + description: Resource Type definition for AWS::SecurityLake::DataLake + x-type-name: AWS::SecurityLake::DataLake + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - MetaStoreManagerRoleArn + x-write-only-properties: + - MetaStoreManagerRoleArn + x-read-only-properties: + - Arn + - S3BucketArn + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - events:* + - iam:CreateServiceLinkedRole + - iam:GetRole + - iam:ListAttachedRolePolicies + - iam:PutRolePolicy + - iam:PassRole + - glue:* + - organizations:* + - kms:DescribeKey + - kms:CreateGrant + - lakeformation:* + - lambda:* + - s3:* + - securitylake:CreateDataLake + - securitylake:TagResource + - securitylake:List* + - sqs:* + update: + - events:* + - iam:CreateServiceLinkedRole + - iam:DeleteRolePolicy + - iam:GetRole + - iam:PassRole + - iam:PutRolePolicy + - kms:DescribeKey + - kms:CreateGrant + - lakeformation:* + - lambda:* + - organizations:* + - s3:* + - securitylake:List* + - securitylake:TagResource + - securitylake:UntagResource + - securitylake:UpdateDataLake + - sqs:* + delete: + - organizations:* + - securitylake:DeleteDataLake + - securitylake:List* + read: + - securitylake:List* + list: + - securitylake:List* + AccessTypes: + type: array + x-insertionOrder: true + items: + type: string + enum: + - LAKEFORMATION + - S3 + minItems: 1 + uniqueItems: true + description: The Amazon S3 or AWS Lake Formation access type. + CustomLogSource: + type: object + properties: + SourceName: + type: string + pattern: ^[\\\w\-_:/.]*$ + minLength: 1 + maxLength: 64 + description: The name for a third-party custom source. This must be a Regionally unique value. + SourceVersion: + type: string + pattern: ^[A-Za-z0-9\-\.\_]*$ + minLength: 1 + maxLength: 32 + description: The version for a third-party custom source. This must be a Regionally unique value. + additionalProperties: false + Source: + oneOf: + - type: object + properties: + AwsLogSource: + $ref: '#/components/schemas/AwsLogSource' + required: + - AwsLogSource + additionalProperties: false + - type: object + properties: + CustomLogSource: + $ref: '#/components/schemas/CustomLogSource' + required: + - CustomLogSource + additionalProperties: false + Subscriber: + type: object + properties: + AccessTypes: + $ref: '#/components/schemas/AccessTypes' + DataLakeArn: + description: The ARN for the data lake. + type: string + minLength: 1 + maxLength: 256 + SubscriberIdentity: + type: object + properties: + ExternalId: + type: string + pattern: ^[\w+=,.@:/-]*$ + minLength: 2 + maxLength: 1224 + description: The external ID used to establish trust relationship with the AWS identity. + Principal: + type: string + pattern: ^([0-9]{12}|[a-z0-9\.\-]*\.(amazonaws|amazon)\.com)$ + description: The AWS identity principal. + required: + - ExternalId + - Principal + description: The AWS identity used to access your data. + additionalProperties: false + SubscriberName: + type: string + pattern: ^[\\\w\s\-_:/,.@=+]*$ + minLength: 1 + maxLength: 64 + description: The name of your Security Lake subscriber account. + SubscriberDescription: + type: string + description: The description for your subscriber account in Security Lake. + Tags: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/Tag' + description: An array of objects, one for each tag to associate with the subscriber. For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string. + Sources: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/Source' + description: The supported AWS services from which logs and events are collected. + ResourceShareArn: + type: string + ResourceShareName: + type: string + SubscriberRoleArn: + type: string + S3BucketArn: + type: string + SubscriberArn: + type: string + required: + - AccessTypes + - DataLakeArn + - Sources + - SubscriberIdentity + - SubscriberName + x-stackql-resource-name: subscriber + description: Resource Type definition for AWS::SecurityLake::Subscriber + x-type-name: AWS::SecurityLake::Subscriber + x-stackql-primary-identifier: + - SubscriberArn + x-create-only-properties: + - DataLakeArn + x-read-only-properties: + - SubscriberArn + - S3BucketArn + - SubscriberRoleArn + - ResourceShareArn + - ResourceShareName + x-required-properties: + - AccessTypes + - DataLakeArn + - Sources + - SubscriberIdentity + - SubscriberName + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - securitylake:CreateSubscriber + - securitylake:CreateCustomLogSource + - securitylake:CreateDataLake + - securitylake:TagResource + - securitylake:GetSubscriber + - securitylake:ListTagsForResource + - iam:GetRole + - iam:GetRolePolicy + - iam:PutRolePolicy + - iam:CreateRole + - iam:CreateServiceLinkedRole + - glue:GetDatabase + - glue:GetTable + - lakeformation:RegisterResource + - lakeformation:GrantPermissions + - lakeformation:RevokePermissions + - lakeformation:ListPermissions + - ram:GetResourceShareAssociations + - ram:CreateResourceShare + - ram:UpdateResourceShare + - ram:GetResourceShares + read: + - securitylake:GetSubscriber + - securitylake:ListTagsForResource + update: + - securitylake:UpdateSubscriber + - securitylake:GetSubscriber + - securitylake:TagResource + - securitylake:UntagResource + - securitylake:ListTagsForResource + - glue:GetDatabase + - glue:GetTable + - lakeformation:ListPermissions + - lakeformation:GrantPermissions + - lakeformation:RevokePermissions + - ram:CreateResourceShare + - ram:GetResourceShares + - ram:GetResourceShareAssociations + - ram:UpdateResourceShare + - ram:DeleteResourceShare + - iam:CreateRole + - iam:GetRole + - iam:DeleteRole + - iam:PutRolePolicy + - iam:DeleteRolePolicy + - iam:ListRolePolicies + - events:CreateApiDestination + - events:CreateConnection + - events:ListApiDestinations + - events:ListConnections + - events:PutRule + - events:UpdateApiDestination + - events:UpdateConnection + - events:DeleteApiDestination + - events:DeleteConnection + - events:DeleteRule + - events:RemoveTargets + - events:ListTargetsByRule + - events:DescribeRule + - events:PutTargets + delete: + - securitylake:DeleteSubscriber + - iam:GetRole + - iam:ListRolePolicies + - iam:DeleteRole + - iam:DeleteRolePolicy + - glue:GetTable + - lakeformation:RevokePermissions + - lakeformation:ListPermissions + - ram:GetResourceShares + - ram:DeleteResourceShare + - events:DeleteApiDestination + - events:DeleteConnection + - events:DeleteRule + - events:ListApiDestinations + - events:ListTargetsByRule + - events:DescribeRule + - events:RemoveTargets + - sqs:DeleteQueue + - sqs:GetQueueUrl + list: + - securitylake:ListSubscribers + x-stackQL-resources: + data_lakes: + name: data_lakes + id: aws.securitylake.data_lakes + x-cfn-schema-name: DataLake + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityLake::DataLake' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityLake::DataLake' + AND region = 'us-east-1' + data_lake: + name: data_lake + id: aws.securitylake.data_lake + x-cfn-schema-name: DataLake + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.EncryptionConfiguration') as encryption_configuration, + JSON_EXTRACT(Properties, '$.LifecycleConfiguration') as lifecycle_configuration, + JSON_EXTRACT(Properties, '$.ReplicationConfiguration') as replication_configuration, + JSON_EXTRACT(Properties, '$.MetaStoreManagerRoleArn') as meta_store_manager_role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.S3BucketArn') as s3_bucket_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityLake::DataLake' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'EncryptionConfiguration') as encryption_configuration, + json_extract_path_text(Properties, 'LifecycleConfiguration') as lifecycle_configuration, + json_extract_path_text(Properties, 'ReplicationConfiguration') as replication_configuration, + json_extract_path_text(Properties, 'MetaStoreManagerRoleArn') as meta_store_manager_role_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'S3BucketArn') as s3_bucket_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityLake::DataLake' + AND data__Identifier = '' + AND region = 'us-east-1' + subscribers: + name: subscribers + id: aws.securitylake.subscribers + x-cfn-schema-name: Subscriber + x-type: list + x-identifiers: + - SubscriberArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SubscriberArn') as subscriber_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityLake::Subscriber' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SubscriberArn') as subscriber_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecurityLake::Subscriber' + AND region = 'us-east-1' + subscriber: + name: subscriber + id: aws.securitylake.subscriber + x-cfn-schema-name: Subscriber + x-type: get + x-identifiers: + - SubscriberArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccessTypes') as access_types, + JSON_EXTRACT(Properties, '$.DataLakeArn') as data_lake_arn, + JSON_EXTRACT(Properties, '$.SubscriberIdentity') as subscriber_identity, + JSON_EXTRACT(Properties, '$.SubscriberName') as subscriber_name, + JSON_EXTRACT(Properties, '$.SubscriberDescription') as subscriber_description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Sources') as sources, + JSON_EXTRACT(Properties, '$.ResourceShareArn') as resource_share_arn, + JSON_EXTRACT(Properties, '$.ResourceShareName') as resource_share_name, + JSON_EXTRACT(Properties, '$.SubscriberRoleArn') as subscriber_role_arn, + JSON_EXTRACT(Properties, '$.S3BucketArn') as s3_bucket_arn, + JSON_EXTRACT(Properties, '$.SubscriberArn') as subscriber_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityLake::Subscriber' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccessTypes') as access_types, + json_extract_path_text(Properties, 'DataLakeArn') as data_lake_arn, + json_extract_path_text(Properties, 'SubscriberIdentity') as subscriber_identity, + json_extract_path_text(Properties, 'SubscriberName') as subscriber_name, + json_extract_path_text(Properties, 'SubscriberDescription') as subscriber_description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Sources') as sources, + json_extract_path_text(Properties, 'ResourceShareArn') as resource_share_arn, + json_extract_path_text(Properties, 'ResourceShareName') as resource_share_name, + json_extract_path_text(Properties, 'SubscriberRoleArn') as subscriber_role_arn, + json_extract_path_text(Properties, 'S3BucketArn') as s3_bucket_arn, + json_extract_path_text(Properties, 'SubscriberArn') as subscriber_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecurityLake::Subscriber' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/servicecatalog.yaml b/providers/src/aws/v00.00.00000/services/servicecatalog.yaml new file mode 100644 index 00000000..e5f1d6b7 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/servicecatalog.yaml @@ -0,0 +1,482 @@ +openapi: 3.0.0 +info: + title: ServiceCatalog + version: 1.0.0 +paths: {} +components: + schemas: + ProvisioningPreferences: + type: object + properties: + StackSetAccounts: + type: array + uniqueItems: true + items: + type: string + pattern: ^[0-9]{12}$ + StackSetFailureToleranceCount: + type: integer + minimum: 0 + StackSetFailureTolerancePercentage: + type: integer + minimum: 0 + maximum: 100 + StackSetMaxConcurrencyCount: + type: integer + minimum: 1 + StackSetMaxConcurrencyPercentage: + type: integer + minimum: 1 + maximum: 100 + StackSetOperationType: + type: string + enum: + - CREATE + - UPDATE + - DELETE + StackSetRegions: + type: array + uniqueItems: true + items: + type: string + pattern: ^[a-z]{2}-([a-z]+-)+[1-9] + additionalProperties: false + ProvisioningParameter: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 1000 + Value: + type: string + maxLength: 4096 + additionalProperties: false + required: + - Key + - Value + Tag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ + Value: + type: string + minLength: 1 + maxLength: 256 + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ + additionalProperties: false + required: + - Key + - Value + OutputType: + type: string + CloudFormationProvisionedProduct: + type: object + properties: + AcceptLanguage: + type: string + enum: + - en + - jp + - zh + NotificationArns: + type: array + uniqueItems: true + items: + type: string + maxItems: 5 + PathId: + type: string + minLength: 1 + maxLength: 100 + PathName: + type: string + minLength: 1 + maxLength: 100 + ProductId: + type: string + minLength: 1 + maxLength: 100 + ProductName: + type: string + minLength: 1 + maxLength: 128 + ProvisionedProductName: + type: string + minLength: 1 + maxLength: 128 + ProvisioningArtifactId: + type: string + minLength: 1 + maxLength: 100 + ProvisioningArtifactName: + type: string + ProvisioningParameters: + type: array + items: + $ref: '#/components/schemas/ProvisioningParameter' + ProvisioningPreferences: + $ref: '#/components/schemas/ProvisioningPreferences' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + ProvisionedProductId: + type: string + minLength: 1 + maxLength: 50 + RecordId: + type: string + minLength: 1 + maxLength: 50 + CloudformationStackArn: + type: string + minLength: 1 + maxLength: 256 + Outputs: + description: List of key-value pair outputs. + type: object + x-patternProperties: + ^[A-Za-z0-9]{1,64}$: + $ref: '#/components/schemas/OutputType' + additionalProperties: false + maxProperties: 100 + x-stackql-resource-name: cloud_formation_provisioned_product + description: Resource Schema for AWS::ServiceCatalog::CloudFormationProvisionedProduct + x-type-name: AWS::ServiceCatalog::CloudFormationProvisionedProduct + x-documentation-url: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicecatalog-cloudformationprovisionedproduct.html + x-stackql-primary-identifier: + - ProvisionedProductId + x-create-only-properties: + - NotificationArns + - ProvisionedProductName + x-read-only-properties: + - RecordId + - CloudformationStackArn + - Outputs + - ProvisionedProductId + x-required-permissions: + create: + - '*' + read: + - '*' + update: + - '*' + delete: + - '*' + DefinitionParameter: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 1000 + Value: + type: string + maxLength: 4096 + additionalProperties: false + required: + - Key + - Value + ServiceAction: + type: object + properties: + AcceptLanguage: + type: string + enum: + - en + - jp + - zh + Name: + type: string + minLength: 1 + maxLength: 256 + DefinitionType: + type: string + enum: + - SSM_AUTOMATION + Definition: + type: array + items: + $ref: '#/components/schemas/DefinitionParameter' + Description: + type: string + maxLength: 1024 + Id: + type: string + minLength: 1 + maxLength: 100 + required: + - Name + - DefinitionType + - Definition + x-stackql-resource-name: service_action + description: Resource Schema for AWS::ServiceCatalog::ServiceAction + x-type-name: AWS::ServiceCatalog::ServiceAction + x-stackql-primary-identifier: + - Id + x-write-only-properties: + - AcceptLanguage + x-read-only-properties: + - Id + x-required-properties: + - Name + - DefinitionType + - Definition + x-required-permissions: + create: + - servicecatalog:CreateServiceAction + - ssm:DescribeDocument + - iam:GetRole + read: + - servicecatalog:DescribeServiceAction + update: + - servicecatalog:UpdateServiceAction + - iam:GetRole + - ssm:DescribeDocument + delete: + - servicecatalog:DeleteServiceAction + list: + - servicecatalog:ListServiceActions + ServiceActionAssociation: + type: object + properties: + ProductId: + type: string + pattern: ^[a-zA-Z0-9][a-zA-Z0-9_-]{1,99}\Z + minLength: 1 + maxLength: 100 + ProvisioningArtifactId: + type: string + pattern: ^[a-zA-Z0-9][a-zA-Z0-9_-]{1,99}\Z + minLength: 1 + maxLength: 100 + ServiceActionId: + type: string + pattern: ^[a-zA-Z0-9][a-zA-Z0-9_-]{1,99}\Z + minLength: 1 + maxLength: 100 + required: + - ProductId + - ProvisioningArtifactId + - ServiceActionId + x-stackql-resource-name: service_action_association + description: Resource Schema for AWS::ServiceCatalog::ServiceActionAssociation + x-type-name: AWS::ServiceCatalog::ServiceActionAssociation + x-stackql-primary-identifier: + - ProductId + - ProvisioningArtifactId + - ServiceActionId + x-create-only-properties: + - ProductId + - ProvisioningArtifactId + - ServiceActionId + x-required-properties: + - ProductId + - ProvisioningArtifactId + - ServiceActionId + x-required-permissions: + create: + - servicecatalog:AssociateServiceActionWithProvisioningArtifact + - servicecatalog:ListServiceActionsForProvisioningArtifact + read: + - servicecatalog:ListServiceActionsForProvisioningArtifact + delete: + - servicecatalog:DisassociateServiceActionFromProvisioningArtifact + - servicecatalog:ListServiceActionsForProvisioningArtifact + list: + - servicecatalog:ListServiceActionsForProvisioningArtifact + x-stackQL-resources: + cloud_formation_provisioned_product: + name: cloud_formation_provisioned_product + id: aws.servicecatalog.cloud_formation_provisioned_product + x-cfn-schema-name: CloudFormationProvisionedProduct + x-type: get + x-identifiers: + - ProvisionedProductId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AcceptLanguage') as accept_language, + JSON_EXTRACT(Properties, '$.NotificationArns') as notification_arns, + JSON_EXTRACT(Properties, '$.PathId') as path_id, + JSON_EXTRACT(Properties, '$.PathName') as path_name, + JSON_EXTRACT(Properties, '$.ProductId') as product_id, + JSON_EXTRACT(Properties, '$.ProductName') as product_name, + JSON_EXTRACT(Properties, '$.ProvisionedProductName') as provisioned_product_name, + JSON_EXTRACT(Properties, '$.ProvisioningArtifactId') as provisioning_artifact_id, + JSON_EXTRACT(Properties, '$.ProvisioningArtifactName') as provisioning_artifact_name, + JSON_EXTRACT(Properties, '$.ProvisioningParameters') as provisioning_parameters, + JSON_EXTRACT(Properties, '$.ProvisioningPreferences') as provisioning_preferences, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ProvisionedProductId') as provisioned_product_id, + JSON_EXTRACT(Properties, '$.RecordId') as record_id, + JSON_EXTRACT(Properties, '$.CloudformationStackArn') as cloudformation_stack_arn, + JSON_EXTRACT(Properties, '$.Outputs') as outputs + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ServiceCatalog::CloudFormationProvisionedProduct' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AcceptLanguage') as accept_language, + json_extract_path_text(Properties, 'NotificationArns') as notification_arns, + json_extract_path_text(Properties, 'PathId') as path_id, + json_extract_path_text(Properties, 'PathName') as path_name, + json_extract_path_text(Properties, 'ProductId') as product_id, + json_extract_path_text(Properties, 'ProductName') as product_name, + json_extract_path_text(Properties, 'ProvisionedProductName') as provisioned_product_name, + json_extract_path_text(Properties, 'ProvisioningArtifactId') as provisioning_artifact_id, + json_extract_path_text(Properties, 'ProvisioningArtifactName') as provisioning_artifact_name, + json_extract_path_text(Properties, 'ProvisioningParameters') as provisioning_parameters, + json_extract_path_text(Properties, 'ProvisioningPreferences') as provisioning_preferences, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ProvisionedProductId') as provisioned_product_id, + json_extract_path_text(Properties, 'RecordId') as record_id, + json_extract_path_text(Properties, 'CloudformationStackArn') as cloudformation_stack_arn, + json_extract_path_text(Properties, 'Outputs') as outputs + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ServiceCatalog::CloudFormationProvisionedProduct' + AND data__Identifier = '' + AND region = 'us-east-1' + service_actions: + name: service_actions + id: aws.servicecatalog.service_actions + x-cfn-schema-name: ServiceAction + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ServiceCatalog::ServiceAction' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ServiceCatalog::ServiceAction' + AND region = 'us-east-1' + service_action: + name: service_action + id: aws.servicecatalog.service_action + x-cfn-schema-name: ServiceAction + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AcceptLanguage') as accept_language, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.DefinitionType') as definition_type, + JSON_EXTRACT(Properties, '$.Definition') as definition, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ServiceCatalog::ServiceAction' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AcceptLanguage') as accept_language, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'DefinitionType') as definition_type, + json_extract_path_text(Properties, 'Definition') as definition, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ServiceCatalog::ServiceAction' + AND data__Identifier = '' + AND region = 'us-east-1' + service_action_associations: + name: service_action_associations + id: aws.servicecatalog.service_action_associations + x-cfn-schema-name: ServiceActionAssociation + x-type: list + x-identifiers: + - ProductId + - ProvisioningArtifactId + - ServiceActionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ProductId') as product_id, + JSON_EXTRACT(Properties, '$.ProvisioningArtifactId') as provisioning_artifact_id, + JSON_EXTRACT(Properties, '$.ServiceActionId') as service_action_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ServiceCatalog::ServiceActionAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ProductId') as product_id, + json_extract_path_text(Properties, 'ProvisioningArtifactId') as provisioning_artifact_id, + json_extract_path_text(Properties, 'ServiceActionId') as service_action_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ServiceCatalog::ServiceActionAssociation' + AND region = 'us-east-1' + service_action_association: + name: service_action_association + id: aws.servicecatalog.service_action_association + x-cfn-schema-name: ServiceActionAssociation + x-type: get + x-identifiers: + - ProductId + - ProvisioningArtifactId + - ServiceActionId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ProductId') as product_id, + JSON_EXTRACT(Properties, '$.ProvisioningArtifactId') as provisioning_artifact_id, + JSON_EXTRACT(Properties, '$.ServiceActionId') as service_action_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ServiceCatalog::ServiceActionAssociation' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ProductId') as product_id, + json_extract_path_text(Properties, 'ProvisioningArtifactId') as provisioning_artifact_id, + json_extract_path_text(Properties, 'ServiceActionId') as service_action_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ServiceCatalog::ServiceActionAssociation' + AND data__Identifier = '||' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/servicecatalogappregistry.yaml b/providers/src/aws/v00.00.00000/services/servicecatalogappregistry.yaml new file mode 100644 index 00000000..0d80482b --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/servicecatalogappregistry.yaml @@ -0,0 +1,537 @@ +openapi: 3.0.0 +info: + title: ServiceCatalogAppRegistry + version: 1.0.0 +paths: {} +components: + schemas: + Tags: + type: object + x-patternProperties: + ^[a-zA-Z+-=._:/]+$: + type: string + maxLength: 256 + maxProperties: 50 + additionalProperties: false + Application: + type: object + properties: + Id: + type: string + pattern: '[a-z0-9]{26}' + Arn: + type: string + pattern: arn:aws[-a-z]*:servicecatalog:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:/applications/[a-z0-9]+ + Name: + type: string + description: 'The name of the application. ' + minLength: 1 + maxLength: 256 + pattern: \w+ + Description: + type: string + description: 'The description of the application. ' + maxLength: 1024 + Tags: + $ref: '#/components/schemas/Tags' + ApplicationTagKey: + type: string + description: The key of the AWS application tag, which is awsApplication. Applications created before 11/13/2023 or applications without the AWS application tag resource group return no value. + maxLength: 128 + pattern: \w+ + ApplicationTagValue: + type: string + description: 'The value of the AWS application tag, which is the identifier of an associated resource. Applications created before 11/13/2023 or applications without the AWS application tag resource group return no value. ' + maxLength: 256 + pattern: \[a-zA-Z0-9_-:/]+ + ApplicationName: + type: string + description: 'The name of the application. ' + minLength: 1 + maxLength: 256 + pattern: \w+ + required: + - Name + x-stackql-resource-name: application + description: Resource Schema for AWS::ServiceCatalogAppRegistry::Application + x-type-name: AWS::ServiceCatalogAppRegistry::Application + x-documentation-url: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicecatalog-appregistry-application.html + x-stackql-primary-identifier: + - Id + x-stackql-additional-identifiers: + - - Name + x-read-only-properties: + - Id + - Arn + - ApplicationName + - ApplicationTagKey + - ApplicationTagValue + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - servicecatalog:CreateApplication + - servicecatalog:TagResource + - iam:CreateServiceLinkedRole + read: + - servicecatalog:GetApplication + update: + - servicecatalog:GetApplication + - servicecatalog:ListTagsForResource + - servicecatalog:TagResource + - servicecatalog:UntagResource + - servicecatalog:UpdateApplication + - iam:CreateServiceLinkedRole + delete: + - servicecatalog:DeleteApplication + list: + - servicecatalog:ListApplications + AttributeGroup: + type: object + properties: + Id: + type: string + pattern: '[a-z0-9]{12}' + Arn: + type: string + pattern: arn:aws[-a-z]*:servicecatalog:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:/attribute-groups/[a-z0-9]+ + Name: + type: string + description: 'The name of the attribute group. ' + minLength: 1 + maxLength: 256 + pattern: \w+ + Description: + type: string + description: 'The description of the attribute group. ' + maxLength: 1024 + Attributes: + type: object + Tags: + $ref: '#/components/schemas/Tags' + required: + - Name + - Attributes + x-stackql-resource-name: attribute_group + description: Resource Schema for AWS::ServiceCatalogAppRegistry::AttributeGroup. + x-type-name: AWS::ServiceCatalogAppRegistry::AttributeGroup + x-documentation-url: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicecatalog-appregistry-attributegroup.html + x-stackql-primary-identifier: + - Id + x-stackql-additional-identifiers: + - - Name + x-read-only-properties: + - Id + - Arn + x-required-properties: + - Name + - Attributes + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + x-required-permissions: + create: + - servicecatalog:CreateAttributeGroup + - servicecatalog:TagResource + read: + - servicecatalog:GetAttributeGroup + update: + - servicecatalog:GetAttributeGroup + - servicecatalog:UpdateAttributeGroup + - servicecatalog:ListTagsForResource + - servicecatalog:TagResource + - servicecatalog:UntagResource + delete: + - servicecatalog:DeleteAttributeGroup + list: + - servicecatalog:ListAttributeGroups + AttributeGroupAssociation: + type: object + properties: + Application: + type: string + description: The name or the Id of the Application. + minLength: 1 + maxLength: 256 + pattern: \w+|[a-z0-9]{12} + AttributeGroup: + type: string + description: The name or the Id of the AttributeGroup. + minLength: 1 + maxLength: 256 + pattern: \w+|[a-z0-9]{12} + ApplicationArn: + type: string + pattern: arn:aws[-a-z]*:servicecatalog:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:/applications/[a-z0-9]+ + AttributeGroupArn: + type: string + pattern: arn:aws[-a-z]*:servicecatalog:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:/attribute-groups/[a-z0-9]+ + required: + - Application + - AttributeGroup + x-stackql-resource-name: attribute_group_association + description: Resource Schema for AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation. + x-type-name: AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation + x-documentation-url: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicecatalog-appregistry-attributegroupassociation.html + x-stackql-primary-identifier: + - ApplicationArn + - AttributeGroupArn + x-create-only-properties: + - Application + - AttributeGroup + x-read-only-properties: + - ApplicationArn + - AttributeGroupArn + x-required-properties: + - Application + - AttributeGroup + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - servicecatalog:AssociateAttributeGroup + read: + - servicecatalog:ListAttributeGroupsForApplication + delete: + - servicecatalog:DisassociateAttributeGroup + list: + - servicecatalog:ListAttributeGroupsForApplication + ResourceAssociation: + type: object + properties: + Application: + type: string + description: The name or the Id of the Application. + minLength: 1 + maxLength: 256 + pattern: \w+|[a-z0-9]{12} + Resource: + type: string + description: The name or the Id of the Resource. + pattern: \w+|arn:aws[-a-z]*:cloudformation:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:stack/[a-zA-Z][-A-Za-z0-9]{0,127}/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12} + ResourceType: + type: string + description: The type of the CFN Resource for now it's enum CFN_STACK. + enum: + - CFN_STACK + ApplicationArn: + type: string + pattern: arn:aws[-a-z]*:servicecatalog:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:/applications/[a-z0-9]+ + ResourceArn: + type: string + pattern: arn:aws[-a-z]*:cloudformation:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:stack/[a-zA-Z][-A-Za-z0-9]{0,127}/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12} + required: + - Application + - Resource + - ResourceType + x-stackql-resource-name: resource_association + description: Resource Schema for AWS::ServiceCatalogAppRegistry::ResourceAssociation + x-type-name: AWS::ServiceCatalogAppRegistry::ResourceAssociation + x-documentation-url: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicecatalog-appregistry-resourceassociation.html + x-stackql-primary-identifier: + - ApplicationArn + - ResourceArn + - ResourceType + x-create-only-properties: + - Application + - Resource + - ResourceType + x-read-only-properties: + - ApplicationArn + - ResourceArn + x-required-properties: + - Application + - Resource + - ResourceType + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - servicecatalog:AssociateResource + - cloudformation:DescribeStacks + read: + - servicecatalog:ListAssociatedResources + delete: + - servicecatalog:DisassociateResource + list: + - servicecatalog:ListAssociatedResources + x-stackQL-resources: + applications: + name: applications + id: aws.servicecatalogappregistry.applications + x-cfn-schema-name: Application + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::Application' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::Application' + AND region = 'us-east-1' + application: + name: application + id: aws.servicecatalogappregistry.application + x-cfn-schema-name: Application + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ApplicationTagKey') as application_tag_key, + JSON_EXTRACT(Properties, '$.ApplicationTagValue') as application_tag_value, + JSON_EXTRACT(Properties, '$.ApplicationName') as application_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ApplicationTagKey') as application_tag_key, + json_extract_path_text(Properties, 'ApplicationTagValue') as application_tag_value, + json_extract_path_text(Properties, 'ApplicationName') as application_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + attribute_groups: + name: attribute_groups + id: aws.servicecatalogappregistry.attribute_groups + x-cfn-schema-name: AttributeGroup + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::AttributeGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::AttributeGroup' + AND region = 'us-east-1' + attribute_group: + name: attribute_group + id: aws.servicecatalogappregistry.attribute_group + x-cfn-schema-name: AttributeGroup + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Attributes') as attributes, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::AttributeGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Attributes') as attributes, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::AttributeGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + attribute_group_associations: + name: attribute_group_associations + id: aws.servicecatalogappregistry.attribute_group_associations + x-cfn-schema-name: AttributeGroupAssociation + x-type: list + x-identifiers: + - ApplicationArn + - AttributeGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationArn') as application_arn, + JSON_EXTRACT(Properties, '$.AttributeGroupArn') as attribute_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationArn') as application_arn, + json_extract_path_text(Properties, 'AttributeGroupArn') as attribute_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation' + AND region = 'us-east-1' + attribute_group_association: + name: attribute_group_association + id: aws.servicecatalogappregistry.attribute_group_association + x-cfn-schema-name: AttributeGroupAssociation + x-type: get + x-identifiers: + - ApplicationArn + - AttributeGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Application') as application, + JSON_EXTRACT(Properties, '$.AttributeGroup') as attribute_group, + JSON_EXTRACT(Properties, '$.ApplicationArn') as application_arn, + JSON_EXTRACT(Properties, '$.AttributeGroupArn') as attribute_group_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Application') as application, + json_extract_path_text(Properties, 'AttributeGroup') as attribute_group, + json_extract_path_text(Properties, 'ApplicationArn') as application_arn, + json_extract_path_text(Properties, 'AttributeGroupArn') as attribute_group_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + resource_associations: + name: resource_associations + id: aws.servicecatalogappregistry.resource_associations + x-cfn-schema-name: ResourceAssociation + x-type: list + x-identifiers: + - ApplicationArn + - ResourceArn + - ResourceType + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationArn') as application_arn, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.ResourceType') as resource_type + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::ResourceAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationArn') as application_arn, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'ResourceType') as resource_type + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::ResourceAssociation' + AND region = 'us-east-1' + resource_association: + name: resource_association + id: aws.servicecatalogappregistry.resource_association + x-cfn-schema-name: ResourceAssociation + x-type: get + x-identifiers: + - ApplicationArn + - ResourceArn + - ResourceType + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Application') as application, + JSON_EXTRACT(Properties, '$.Resource') as resource, + JSON_EXTRACT(Properties, '$.ResourceType') as resource_type, + JSON_EXTRACT(Properties, '$.ApplicationArn') as application_arn, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::ResourceAssociation' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Application') as application, + json_extract_path_text(Properties, 'Resource') as resource, + json_extract_path_text(Properties, 'ResourceType') as resource_type, + json_extract_path_text(Properties, 'ApplicationArn') as application_arn, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ServiceCatalogAppRegistry::ResourceAssociation' + AND data__Identifier = '||' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/ses.yaml b/providers/src/aws/v00.00.00000/services/ses.yaml new file mode 100644 index 00000000..ba4df55f --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/ses.yaml @@ -0,0 +1,972 @@ +openapi: 3.0.0 +info: + title: SES + version: 1.0.0 +paths: {} +components: + schemas: + TrackingOptions: + description: An object that defines the open and click tracking options for emails that you send using the configuration set. + type: object + additionalProperties: false + properties: + CustomRedirectDomain: + type: string + description: The domain to use for tracking open and click events. + DeliveryOptions: + description: An object that defines the dedicated IP pool that is used to send emails that you send using the configuration set. + type: object + additionalProperties: false + properties: + TlsPolicy: + type: string + description: Specifies whether messages that use the configuration set are required to use Transport Layer Security (TLS). If the value is Require , messages are only delivered if a TLS connection can be established. If the value is Optional , messages can be delivered in plain text if a TLS connection can't be established. + pattern: REQUIRE|OPTIONAL + SendingPoolName: + type: string + description: The name of the dedicated IP pool to associate with the configuration set. + ReputationOptions: + description: An object that defines whether or not Amazon SES collects reputation metrics for the emails that you send that use the configuration set. + type: object + additionalProperties: false + properties: + ReputationMetricsEnabled: + type: boolean + description: If true , tracking of reputation metrics is enabled for the configuration set. If false , tracking of reputation metrics is disabled for the configuration set. + pattern: true|false + SendingOptions: + description: An object that defines whether or not Amazon SES can send email that you send using the configuration set. + type: object + additionalProperties: false + properties: + SendingEnabled: + type: boolean + pattern: true|false + SuppressionOptions: + description: An object that contains information about the suppression list preferences for your account. + type: object + additionalProperties: false + properties: + SuppressedReasons: + type: array + uniqueItems: false + x-insertionOrder: false + description: A list that contains the reasons that email addresses are automatically added to the suppression list for your account. + items: + type: string + description: The reason that the address was added to the suppression list for your account + pattern: BOUNCE|COMPLAINT + DashboardOptions: + type: object + description: Preferences regarding the Dashboard feature. + additionalProperties: false + properties: + EngagementMetrics: + type: string + description: Whether emails sent with this configuration set have engagement tracking enabled. + pattern: ENABLED|DISABLED + required: + - EngagementMetrics + GuardianOptions: + type: object + description: Preferences regarding the Guardian feature. + additionalProperties: false + properties: + OptimizedSharedDelivery: + type: string + description: Whether emails sent with this configuration set have optimized delivery algorithm enabled. + pattern: ENABLED|DISABLED + required: + - OptimizedSharedDelivery + VdmOptions: + description: An object that contains Virtual Deliverability Manager (VDM) settings for this configuration set. + type: object + additionalProperties: false + properties: + DashboardOptions: + $ref: '#/components/schemas/DashboardOptions' + GuardianOptions: + $ref: '#/components/schemas/GuardianOptions' + ConfigurationSet: + type: object + properties: + Name: + description: The name of the configuration set. + type: string + pattern: ^[a-zA-Z0-9_-]{1,64}$ + TrackingOptions: + $ref: '#/components/schemas/TrackingOptions' + DeliveryOptions: + $ref: '#/components/schemas/DeliveryOptions' + ReputationOptions: + $ref: '#/components/schemas/ReputationOptions' + SendingOptions: + $ref: '#/components/schemas/SendingOptions' + SuppressionOptions: + $ref: '#/components/schemas/SuppressionOptions' + VdmOptions: + $ref: '#/components/schemas/VdmOptions' + x-stackql-resource-name: configuration_set + description: Resource schema for AWS::SES::ConfigurationSet. + x-type-name: AWS::SES::ConfigurationSet + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-required-permissions: + create: + - ses:CreateConfigurationSet + read: + - ses:GetConfigurationSet + - ses:DescribeConfigurationSet + update: + - ses:PutConfigurationSetTrackingOptions + - ses:PutConfigurationSetDeliveryOptions + - ses:PutConfigurationSetReputationOptions + - ses:PutConfigurationSetSendingOptions + - ses:PutConfigurationSetSuppressionOptions + - ses:PutConfigurationSetVdmOptions + delete: + - ses:DeleteConfigurationSet + list: + - ses:ListConfigurationSets + EventDestination: + type: object + additionalProperties: false + properties: + Name: + description: The name of the event destination set. + type: string + pattern: ^[a-zA-Z0-9_-]{0,64}$ + Enabled: + description: 'Sets whether Amazon SES publishes events to this destination when you send an email with the associated configuration set. Set to true to enable publishing to this destination; set to false to prevent publishing to this destination. The default value is false. ' + type: boolean + MatchingEventTypes: + type: array + uniqueItems: false + x-insertionOrder: false + description: The type of email sending events, send, reject, bounce, complaint, delivery, open, click, renderingFailure, deliveryDelay, and subscription. + items: + type: string + CloudWatchDestination: + description: An object that contains the names, default values, and sources of the dimensions associated with an Amazon CloudWatch event destination. + $ref: '#/components/schemas/CloudWatchDestination' + KinesisFirehoseDestination: + description: An object that contains the delivery stream ARN and the IAM role ARN associated with an Amazon Kinesis Firehose event destination. + $ref: '#/components/schemas/KinesisFirehoseDestination' + SnsDestination: + description: An object that contains SNS topic ARN associated event destination. + $ref: '#/components/schemas/SnsDestination' + required: + - MatchingEventTypes + SnsDestination: + type: object + additionalProperties: false + description: An object that contains SNS topic ARN associated event destination. + properties: + TopicARN: + type: string + minLength: 36 + maxLength: 1024 + pattern: ^arn:aws[a-z0-9-]*:sns:[a-z0-9-]+:\d{12}:[^:]+$ + required: + - TopicARN + KinesisFirehoseDestination: + type: object + additionalProperties: false + description: An object that contains the delivery stream ARN and the IAM role ARN associated with an Amazon Kinesis Firehose event destination. + properties: + IAMRoleARN: + description: The ARN of the IAM role under which Amazon SES publishes email sending events to the Amazon Kinesis Firehose stream. + type: string + DeliveryStreamARN: + description: The ARN of the Amazon Kinesis Firehose stream that email sending events should be published to. + type: string + required: + - IAMRoleARN + - DeliveryStreamARN + CloudWatchDestination: + type: object + additionalProperties: false + description: An object that contains the names, default values, and sources of the dimensions associated with an Amazon CloudWatch event destination. + properties: + DimensionConfigurations: + type: array + uniqueItems: false + x-insertionOrder: false + description: A list of dimensions upon which to categorize your emails when you publish email sending events to Amazon CloudWatch. + items: + $ref: '#/components/schemas/DimensionConfiguration' + DimensionConfiguration: + type: object + additionalProperties: false + description: A list of dimensions upon which to categorize your emails when you publish email sending events to Amazon CloudWatch. + properties: + DimensionValueSource: + description: The place where Amazon SES finds the value of a dimension to publish to Amazon CloudWatch. To use the message tags that you specify using an X-SES-MESSAGE-TAGS header or a parameter to the SendEmail/SendRawEmail API, specify messageTag. To use your own email headers, specify emailHeader. To put a custom tag on any link included in your email, specify linkTag. + type: string + DefaultDimensionValue: + description: The default value of the dimension that is published to Amazon CloudWatch if you do not provide the value of the dimension when you send an email. + type: string + pattern: ^[a-zA-Z0-9_-]{1,256}$ + maxLength: 256 + minLength: 1 + DimensionName: + description: The name of an Amazon CloudWatch dimension associated with an email sending metric. + type: string + pattern: ^[a-zA-Z0-9_:-]{1,256}$ + maxLength: 256 + minLength: 1 + required: + - DimensionValueSource + - DefaultDimensionValue + - DimensionName + ConfigurationSetEventDestination: + type: object + properties: + Id: + type: string + ConfigurationSetName: + description: The name of the configuration set that contains the event destination. + type: string + EventDestination: + description: The event destination object. + $ref: '#/components/schemas/EventDestination' + required: + - ConfigurationSetName + - EventDestination + x-stackql-resource-name: configuration_set_event_destination + description: Resource Type definition for AWS::SES::ConfigurationSetEventDestination + x-type-name: AWS::SES::ConfigurationSetEventDestination + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - ConfigurationSetName + x-read-only-properties: + - Id + x-required-properties: + - ConfigurationSetName + - EventDestination + x-required-permissions: + create: + - ses:CreateConfigurationSetEventDestination + - ses:GetConfigurationSetEventDestinations + - ses:DescribeConfigurationSet + update: + - ses:UpdateConfigurationSetEventDestination + - ses:GetConfigurationSetEventDestinations + delete: + - ses:DeleteConfigurationSetEventDestination + read: + - ses:GetConfigurationSetEventDestinations + - ses:DescribeConfigurationSet + Tag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Topic: + type: object + properties: + TopicName: + description: The name of the topic. + type: string + pattern: ^[a-zA-Z0-9_-]{1,64}$ + DisplayName: + description: The display name of the topic. + type: string + minLength: 0 + maxLength: 128 + Description: + description: The description of the topic. + type: string + minLength: 0 + maxLength: 500 + DefaultSubscriptionStatus: + type: string + required: + - TopicName + - DisplayName + - DefaultSubscriptionStatus + additionalProperties: false + ContactList: + type: object + properties: + ContactListName: + description: The name of the contact list. + type: string + pattern: ^[a-zA-Z0-9_-]{1,64}$ + Description: + description: The description of the contact list. + type: string + maxLength: 500 + Topics: + description: The topics associated with the contact list. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Topic' + minItems: 0 + maxItems: 20 + Tags: + description: The tags (keys and values) associated with the contact list. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + x-stackql-resource-name: contact_list + description: Resource schema for AWS::SES::ContactList. + x-type-name: AWS::SES::ContactList + x-stackql-primary-identifier: + - ContactListName + x-create-only-properties: + - ContactListName + x-required-permissions: + create: + - ses:CreateContactList + read: + - ses:GetContactList + update: + - ses:UpdateContactList + - ses:UntagResource + - ses:TagResource + delete: + - ses:DeleteContactList + list: + - ses:ListContactLists + DedicatedIpPool: + type: object + properties: + PoolName: + type: string + description: The name of the dedicated IP pool. + pattern: ^[a-z0-9_-]{0,64}$ + ScalingMode: + type: string + description: Specifies whether the dedicated IP pool is managed or not. The default value is STANDARD. + pattern: ^(STANDARD|MANAGED)$ + x-stackql-resource-name: dedicated_ip_pool + description: Resource Type definition for AWS::SES::DedicatedIpPool + x-type-name: AWS::SES::DedicatedIpPool + x-stackql-primary-identifier: + - PoolName + x-create-only-properties: + - PoolName + x-conditional-create-only-properties: + - ScalingMode + x-required-permissions: + create: + - ses:CreateDedicatedIpPool + - ses:GetDedicatedIpPool + - ses:GetDedicatedIps + read: + - ses:GetDedicatedIpPool + - ses:GetDedicatedIps + update: + - ses:PutDedicatedIpPoolScalingAttributes + - ses:GetDedicatedIpPool + delete: + - ses:DeleteDedicatedIpPool + list: + - ses:ListDedicatedIpPools + DkimSigningAttributes: + type: object + additionalProperties: false + description: If your request includes this object, Amazon SES configures the identity to use Bring Your Own DKIM (BYODKIM) for DKIM authentication purposes, or, configures the key length to be used for Easy DKIM. + properties: + DomainSigningSelector: + type: string + description: '[Bring Your Own DKIM] A string that''s used to identify a public key in the DNS configuration for a domain.' + DomainSigningPrivateKey: + type: string + description: '[Bring Your Own DKIM] A private key that''s used to generate a DKIM signature. The private key must use 1024 or 2048-bit RSA encryption, and must be encoded using base64 encoding.' + NextSigningKeyLength: + type: string + description: '[Easy DKIM] The key length of the future DKIM key pair to be generated. This can be changed at most once per day.' + pattern: RSA_1024_BIT|RSA_2048_BIT + ConfigurationSetAttributes: + type: object + additionalProperties: false + description: Used to associate a configuration set with an email identity. + properties: + ConfigurationSetName: + type: string + description: The configuration set to use by default when sending from this identity. Note that any configuration set defined in the email sending request takes precedence. + DkimAttributes: + type: object + additionalProperties: false + description: Used to enable or disable DKIM authentication for an email identity. + properties: + SigningEnabled: + type: boolean + description: Sets the DKIM signing configuration for the identity. When you set this value true, then the messages that are sent from the identity are signed using DKIM. If you set this value to false, your messages are sent without DKIM signing. + MailFromAttributes: + type: object + additionalProperties: false + description: Used to enable or disable the custom Mail-From domain configuration for an email identity. + properties: + MailFromDomain: + type: string + description: The custom MAIL FROM domain that you want the verified identity to use + BehaviorOnMxFailure: + type: string + description: The action to take if the required MX record isn't found when you send an email. When you set this value to UseDefaultValue , the mail is sent using amazonses.com as the MAIL FROM domain. When you set this value to RejectMessage , the Amazon SES API v2 returns a MailFromDomainNotVerified error, and doesn't attempt to deliver the email. + pattern: USE_DEFAULT_VALUE|REJECT_MESSAGE + FeedbackAttributes: + type: object + additionalProperties: false + description: Used to enable or disable feedback forwarding for an identity. + properties: + EmailForwardingEnabled: + type: boolean + description: If the value is true, you receive email notifications when bounce or complaint events occur + EmailIdentity: + type: object + properties: + EmailIdentity: + type: string + description: The email address or domain to verify. + ConfigurationSetAttributes: + $ref: '#/components/schemas/ConfigurationSetAttributes' + DkimSigningAttributes: + $ref: '#/components/schemas/DkimSigningAttributes' + DkimAttributes: + $ref: '#/components/schemas/DkimAttributes' + MailFromAttributes: + $ref: '#/components/schemas/MailFromAttributes' + FeedbackAttributes: + $ref: '#/components/schemas/FeedbackAttributes' + DkimDNSTokenName1: + type: string + DkimDNSTokenName2: + type: string + DkimDNSTokenName3: + type: string + DkimDNSTokenValue1: + type: string + DkimDNSTokenValue2: + type: string + DkimDNSTokenValue3: + type: string + required: + - EmailIdentity + x-stackql-resource-name: email_identity + description: Resource Type definition for AWS::SES::EmailIdentity + x-type-name: AWS::SES::EmailIdentity + x-stackql-primary-identifier: + - EmailIdentity + x-create-only-properties: + - EmailIdentity + x-write-only-properties: + - DkimSigningAttributes/DomainSigningSelector + - DkimSigningAttributes/DomainSigningPrivateKey + x-read-only-properties: + - DkimDNSTokenName1 + - DkimDNSTokenName2 + - DkimDNSTokenName3 + - DkimDNSTokenValue1 + - DkimDNSTokenValue2 + - DkimDNSTokenValue3 + x-required-properties: + - EmailIdentity + x-required-permissions: + create: + - ses:CreateEmailIdentity + - ses:PutEmailIdentityMailFromAttributes + - ses:PutEmailIdentityFeedbackAttributes + - ses:PutEmailIdentityDkimAttributes + - ses:GetEmailIdentity + read: + - ses:GetEmailIdentity + update: + - ses:PutEmailIdentityMailFromAttributes + - ses:PutEmailIdentityFeedbackAttributes + - ses:PutEmailIdentityConfigurationSetAttributes + - ses:PutEmailIdentityDkimSigningAttributes + - ses:PutEmailIdentityDkimAttributes + - ses:GetEmailIdentity + delete: + - ses:DeleteEmailIdentity + list: + - ses:ListEmailIdentities + Template: + type: object + properties: + Id: + type: string + Template: + $ref: '#/components/schemas/Template' + x-stackql-resource-name: template + description: Resource Type definition for AWS::SES::Template + x-type-name: AWS::SES::Template + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Template/TemplateName + x-read-only-properties: + - Id + x-required-permissions: + create: + - ses:CreateEmailTemplate + - ses:GetEmailTemplate + - ses:CreateTemplate + - ses:GetTemplate + read: + - ses:GetEmailTemplate + - ses:GetTemplate + delete: + - ses:DeleteEmailTemplate + - ses:DeleteTemplate + update: + - ses:GetEmailTemplate + - ses:UpdateEmailTemplate + - ses:GetTemplate + - ses:UpdateTemplate + list: + - ses:ListEmailTemplates + - ses:ListTemplates + DashboardAttributes: + type: object + additionalProperties: false + description: Preferences regarding the Dashboard feature. + properties: + EngagementMetrics: + type: string + description: Whether emails sent from this account have engagement tracking enabled. + pattern: ENABLED|DISABLED + GuardianAttributes: + type: object + additionalProperties: false + description: Preferences regarding the Guardian feature. + properties: + OptimizedSharedDelivery: + type: string + description: Whether emails sent from this account have optimized delivery algorithm enabled. + pattern: ENABLED|DISABLED + VdmAttributes: + type: object + properties: + VdmAttributesResourceId: + type: string + description: Unique identifier for this resource + DashboardAttributes: + $ref: '#/components/schemas/DashboardAttributes' + GuardianAttributes: + $ref: '#/components/schemas/GuardianAttributes' + x-stackql-resource-name: vdm_attributes + description: Resource Type definition for AWS::SES::VdmAttributes + x-type-name: AWS::SES::VdmAttributes + x-stackql-primary-identifier: + - VdmAttributesResourceId + x-read-only-properties: + - VdmAttributesResourceId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ses:PutAccountVdmAttributes + - ses:GetAccount + read: + - ses:GetAccount + update: + - ses:PutAccountVdmAttributes + - ses:GetAccount + delete: + - ses:PutAccountVdmAttributes + - ses:GetAccount + x-stackQL-resources: + configuration_sets: + name: configuration_sets + id: aws.ses.configuration_sets + x-cfn-schema-name: ConfigurationSet + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::ConfigurationSet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::ConfigurationSet' + AND region = 'us-east-1' + configuration_set: + name: configuration_set + id: aws.ses.configuration_set + x-cfn-schema-name: ConfigurationSet + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.TrackingOptions') as tracking_options, + JSON_EXTRACT(Properties, '$.DeliveryOptions') as delivery_options, + JSON_EXTRACT(Properties, '$.ReputationOptions') as reputation_options, + JSON_EXTRACT(Properties, '$.SendingOptions') as sending_options, + JSON_EXTRACT(Properties, '$.SuppressionOptions') as suppression_options, + JSON_EXTRACT(Properties, '$.VdmOptions') as vdm_options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ConfigurationSet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'TrackingOptions') as tracking_options, + json_extract_path_text(Properties, 'DeliveryOptions') as delivery_options, + json_extract_path_text(Properties, 'ReputationOptions') as reputation_options, + json_extract_path_text(Properties, 'SendingOptions') as sending_options, + json_extract_path_text(Properties, 'SuppressionOptions') as suppression_options, + json_extract_path_text(Properties, 'VdmOptions') as vdm_options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ConfigurationSet' + AND data__Identifier = '' + AND region = 'us-east-1' + configuration_set_event_destination: + name: configuration_set_event_destination + id: aws.ses.configuration_set_event_destination + x-cfn-schema-name: ConfigurationSetEventDestination + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ConfigurationSetName') as configuration_set_name, + JSON_EXTRACT(Properties, '$.EventDestination') as event_destination + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ConfigurationSetEventDestination' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ConfigurationSetName') as configuration_set_name, + json_extract_path_text(Properties, 'EventDestination') as event_destination + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ConfigurationSetEventDestination' + AND data__Identifier = '' + AND region = 'us-east-1' + contact_lists: + name: contact_lists + id: aws.ses.contact_lists + x-cfn-schema-name: ContactList + x-type: list + x-identifiers: + - ContactListName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ContactListName') as contact_list_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::ContactList' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ContactListName') as contact_list_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::ContactList' + AND region = 'us-east-1' + contact_list: + name: contact_list + id: aws.ses.contact_list + x-cfn-schema-name: ContactList + x-type: get + x-identifiers: + - ContactListName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ContactListName') as contact_list_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Topics') as topics, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ContactList' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ContactListName') as contact_list_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Topics') as topics, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ContactList' + AND data__Identifier = '' + AND region = 'us-east-1' + dedicated_ip_pools: + name: dedicated_ip_pools + id: aws.ses.dedicated_ip_pools + x-cfn-schema-name: DedicatedIpPool + x-type: list + x-identifiers: + - PoolName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PoolName') as pool_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::DedicatedIpPool' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PoolName') as pool_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::DedicatedIpPool' + AND region = 'us-east-1' + dedicated_ip_pool: + name: dedicated_ip_pool + id: aws.ses.dedicated_ip_pool + x-cfn-schema-name: DedicatedIpPool + x-type: get + x-identifiers: + - PoolName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PoolName') as pool_name, + JSON_EXTRACT(Properties, '$.ScalingMode') as scaling_mode + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::DedicatedIpPool' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PoolName') as pool_name, + json_extract_path_text(Properties, 'ScalingMode') as scaling_mode + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::DedicatedIpPool' + AND data__Identifier = '' + AND region = 'us-east-1' + email_identities: + name: email_identities + id: aws.ses.email_identities + x-cfn-schema-name: EmailIdentity + x-type: list + x-identifiers: + - EmailIdentity + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EmailIdentity') as email_identity + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::EmailIdentity' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EmailIdentity') as email_identity + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::EmailIdentity' + AND region = 'us-east-1' + email_identity: + name: email_identity + id: aws.ses.email_identity + x-cfn-schema-name: EmailIdentity + x-type: get + x-identifiers: + - EmailIdentity + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.EmailIdentity') as email_identity, + JSON_EXTRACT(Properties, '$.ConfigurationSetAttributes') as configuration_set_attributes, + JSON_EXTRACT(Properties, '$.DkimSigningAttributes') as dkim_signing_attributes, + JSON_EXTRACT(Properties, '$.DkimAttributes') as dkim_attributes, + JSON_EXTRACT(Properties, '$.MailFromAttributes') as mail_from_attributes, + JSON_EXTRACT(Properties, '$.FeedbackAttributes') as feedback_attributes, + JSON_EXTRACT(Properties, '$.DkimDNSTokenName1') as dkim_dns_token_name1, + JSON_EXTRACT(Properties, '$.DkimDNSTokenName2') as dkim_dns_token_name2, + JSON_EXTRACT(Properties, '$.DkimDNSTokenName3') as dkim_dns_token_name3, + JSON_EXTRACT(Properties, '$.DkimDNSTokenValue1') as dkim_dns_token_value1, + JSON_EXTRACT(Properties, '$.DkimDNSTokenValue2') as dkim_dns_token_value2, + JSON_EXTRACT(Properties, '$.DkimDNSTokenValue3') as dkim_dns_token_value3 + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::EmailIdentity' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'EmailIdentity') as email_identity, + json_extract_path_text(Properties, 'ConfigurationSetAttributes') as configuration_set_attributes, + json_extract_path_text(Properties, 'DkimSigningAttributes') as dkim_signing_attributes, + json_extract_path_text(Properties, 'DkimAttributes') as dkim_attributes, + json_extract_path_text(Properties, 'MailFromAttributes') as mail_from_attributes, + json_extract_path_text(Properties, 'FeedbackAttributes') as feedback_attributes, + json_extract_path_text(Properties, 'DkimDNSTokenName1') as dkim_dns_token_name1, + json_extract_path_text(Properties, 'DkimDNSTokenName2') as dkim_dns_token_name2, + json_extract_path_text(Properties, 'DkimDNSTokenName3') as dkim_dns_token_name3, + json_extract_path_text(Properties, 'DkimDNSTokenValue1') as dkim_dns_token_value1, + json_extract_path_text(Properties, 'DkimDNSTokenValue2') as dkim_dns_token_value2, + json_extract_path_text(Properties, 'DkimDNSTokenValue3') as dkim_dns_token_value3 + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::EmailIdentity' + AND data__Identifier = '' + AND region = 'us-east-1' + templates: + name: templates + id: aws.ses.templates + x-cfn-schema-name: Template + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::Template' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::Template' + AND region = 'us-east-1' + template: + name: template + id: aws.ses.template + x-cfn-schema-name: Template + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Template') as template + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::Template' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Template') as template + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::Template' + AND data__Identifier = '' + AND region = 'us-east-1' + vdm_attributes: + name: vdm_attributes + id: aws.ses.vdm_attributes + x-cfn-schema-name: VdmAttributes + x-type: get + x-identifiers: + - VdmAttributesResourceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.VdmAttributesResourceId') as vdm_attributes_resource_id, + JSON_EXTRACT(Properties, '$.DashboardAttributes') as dashboard_attributes, + JSON_EXTRACT(Properties, '$.GuardianAttributes') as guardian_attributes + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::VdmAttributes' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'VdmAttributesResourceId') as vdm_attributes_resource_id, + json_extract_path_text(Properties, 'DashboardAttributes') as dashboard_attributes, + json_extract_path_text(Properties, 'GuardianAttributes') as guardian_attributes + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::VdmAttributes' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/shield.yaml b/providers/src/aws/v00.00.00000/services/shield.yaml new file mode 100644 index 00000000..6721af9d --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/shield.yaml @@ -0,0 +1,660 @@ +openapi: 3.0.0 +info: + title: Shield + version: 1.0.0 +paths: {} +components: + schemas: + DRTAccess: + type: object + properties: + AccountId: + type: string + LogBucketList: + description: Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources. You can associate up to 10 Amazon S3 buckets with your subscription. + type: array + x-insertionOrder: false + minItems: 0 + maxItems: 10 + items: + type: string + minLength: 3 + maxLength: 63 + RoleArn: + description: Authorizes the Shield Response Team (SRT) using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks. This enables the SRT to inspect your AWS WAF configuration and create or update AWS WAF rules and web ACLs. + type: string + maxLength: 2048 + required: + - RoleArn + x-stackql-resource-name: drt_access + description: Config the role and list of Amazon S3 log buckets used by the Shield Response Team (SRT) to access your AWS account while assisting with attack mitigation. + x-type-name: AWS::Shield::DRTAccess + x-stackql-primary-identifier: + - AccountId + x-read-only-properties: + - AccountId + x-required-properties: + - RoleArn + x-tagging: + taggable: false + x-required-permissions: + create: + - shield:DescribeDRTAccess + - shield:AssociateDRTLogBucket + - shield:AssociateDRTRole + - iam:PassRole + - iam:GetRole + - iam:ListAttachedRolePolicies + - s3:GetBucketPolicy + - s3:PutBucketPolicy + delete: + - shield:DescribeDRTAccess + - shield:DisassociateDRTLogBucket + - shield:DisassociateDRTRole + - iam:PassRole + - iam:GetRole + - iam:ListAttachedRolePolicies + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - s3:DeleteBucketPolicy + read: + - shield:DescribeDRTAccess + update: + - shield:DescribeDRTAccess + - shield:AssociateDRTLogBucket + - shield:AssociateDRTRole + - shield:DisassociateDRTLogBucket + - shield:DisassociateDRTRole + - iam:PassRole + - iam:GetRole + - iam:ListAttachedRolePolicies + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - s3:DeleteBucketPolicy + list: [] + EmergencyContact: + description: An emergency contact is used by Shield Response Team (SRT) to contact you for escalations to the SRT and to initiate proactive customer support. An emergency contact requires an email address. + type: object + additionalProperties: false + required: + - EmailAddress + properties: + ContactNotes: + description: Additional notes regarding the contact. + type: string + minLength: 1 + maxLength: 1024 + pattern: ^[\w\s\.\-,:/()+@]*$ + EmailAddress: + description: The email address for the contact. + type: string + minLength: 1 + maxLength: 150 + pattern: ^\S+@\S+\.\S+$ + PhoneNumber: + description: The phone number for the contact + type: string + minLength: 1 + maxLength: 16 + pattern: ^\+[1-9]\d{1,14}$ + ProactiveEngagement: + type: object + properties: + AccountId: + type: string + ProactiveEngagementStatus: + description: |- + If `ENABLED`, the Shield Response Team (SRT) will use email and phone to notify contacts about escalations to the SRT and to initiate proactive customer support. + If `DISABLED`, the SRT will not proactively notify contacts about escalations or to initiate proactive customer support. + type: string + enum: + - ENABLED + - DISABLED + EmergencyContactList: + description: |- + A list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you for escalations to the SRT and to initiate proactive customer support. + To enable proactive engagement, the contact list must include at least one phone number. + type: array + x-insertionOrder: false + minItems: 1 + maxItems: 10 + items: + $ref: '#/components/schemas/EmergencyContact' + required: + - ProactiveEngagementStatus + - EmergencyContactList + x-stackql-resource-name: proactive_engagement + description: Authorizes the Shield Response Team (SRT) to use email and phone to notify contacts about escalations to the SRT and to initiate proactive customer support. + x-type-name: AWS::Shield::ProactiveEngagement + x-stackql-primary-identifier: + - AccountId + x-read-only-properties: + - AccountId + x-required-properties: + - ProactiveEngagementStatus + - EmergencyContactList + x-tagging: + taggable: false + x-required-permissions: + create: + - shield:DescribeSubscription + - shield:DescribeEmergencyContactSettings + - shield:AssociateProactiveEngagementDetails + - shield:UpdateEmergencyContactSettings + - shield:EnableProactiveEngagement + delete: + - shield:DescribeSubscription + - shield:DescribeEmergencyContactSettings + - shield:UpdateEmergencyContactSettings + - shield:DisableProactiveEngagement + read: + - shield:DescribeSubscription + - shield:DescribeEmergencyContactSettings + update: + - shield:DescribeSubscription + - shield:DescribeEmergencyContactSettings + - shield:UpdateEmergencyContactSettings + - shield:EnableProactiveEngagement + - shield:DisableProactiveEngagement + list: + - shield:DescribeSubscription + - shield:DescribeEmergencyContactSettings + Tag: + description: >- + A tag associated with an AWS resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing or other management. Typically, the tag key represents a category, such as "environment", and the tag value represents a specific value within that category, such as "test," "development," or "production". Or you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each AWS + resource, up to 50 tags for a resource. + type: object + additionalProperties: false + required: + - Key + - Value + properties: + Key: + description: Part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as "customer." Tag keys are case-sensitive. + type: string + minLength: 1 + maxLength: 128 + Value: + description: Part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as "companyA" or "companyB." Tag values are case-sensitive. + type: string + minLength: 0 + maxLength: 256 + ApplicationLayerAutomaticResponseConfiguration: + description: The automatic application layer DDoS mitigation settings for a Protection. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks. + type: object + additionalProperties: false + required: + - Action + - Status + properties: + Action: + type: object + description: Specifies the action setting that Shield Advanced should use in the AWS WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the AWS WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource. + oneOf: + - type: object + additionalProperties: false + properties: + Count: + description: |- + Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF `Count` action. + You must specify exactly one action, either `Block` or `Count`. + type: object + additionalProperties: false + - type: object + additionalProperties: false + properties: + Block: + description: |- + Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF `Block` action. + You must specify exactly one action, either `Block` or `Count`. + type: object + additionalProperties: false + Status: + description: Indicates whether automatic application layer DDoS mitigation is enabled for the protection. + type: string + enum: + - ENABLED + - DISABLED + Protection: + type: object + properties: + ProtectionId: + description: The unique identifier (ID) of the protection. + type: string + ProtectionArn: + description: The ARN (Amazon Resource Name) of the protection. + type: string + Name: + description: Friendly name for the Protection. + type: string + minLength: 1 + maxLength: 128 + pattern: '[ a-zA-Z0-9_\.\-]*' + ResourceArn: + description: The ARN (Amazon Resource Name) of the resource to be protected. + type: string + minLength: 1 + maxLength: 2048 + HealthCheckArns: + description: The Amazon Resource Names (ARNs) of the health check to associate with the protection. + type: array + x-insertionOrder: false + maxItems: 1 + items: + type: string + minLength: 1 + maxLength: 2048 + ApplicationLayerAutomaticResponseConfiguration: + $ref: '#/components/schemas/ApplicationLayerAutomaticResponseConfiguration' + Tags: + description: One or more tag key-value pairs for the Protection object. + type: array + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - ResourceArn + x-stackql-resource-name: protection + description: Enables AWS Shield Advanced for a specific AWS resource. The resource can be an Amazon CloudFront distribution, Amazon Route 53 hosted zone, AWS Global Accelerator standard accelerator, Elastic IP Address, Application Load Balancer, or a Classic Load Balancer. You can protect Amazon EC2 instances and Network Load Balancers by association with protected Amazon EC2 Elastic IP addresses. + x-type-name: AWS::Shield::Protection + x-stackql-primary-identifier: + - ProtectionArn + x-create-only-properties: + - Name + - ResourceArn + x-read-only-properties: + - ProtectionId + - ProtectionArn + x-required-properties: + - Name + - ResourceArn + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + x-required-permissions: + create: + - shield:CreateProtection + - shield:DeleteProtection + - shield:DescribeProtection + - shield:ListProtections + - shield:EnableApplicationLayerAutomaticResponse + - shield:AssociateHealthCheck + - shield:TagResource + - ec2:DescribeAddresses + - elasticloadbalancing:DescribeLoadBalancers + - route53:GetHealthCheck + - iam:GetRole + - iam:CreateServiceLinkedRole + - wafv2:GetWebACLForResource + - wafv2:GetWebACL + delete: + - shield:DeleteProtection + - shield:UntagResource + read: + - shield:DescribeProtection + - shield:ListTagsForResource + update: + - shield:DescribeProtection + - shield:AssociateHealthCheck + - shield:DisassociateHealthCheck + - shield:EnableApplicationLayerAutomaticResponse + - shield:UpdateApplicationLayerAutomaticResponse + - shield:DisableApplicationLayerAutomaticResponse + - shield:ListTagsForResource + - shield:TagResource + - shield:UntagResource + - route53:GetHealthCheck + - iam:GetRole + - iam:CreateServiceLinkedRole + - wafv2:GetWebACLForResource + - wafv2:GetWebACL + list: + - shield:ListProtections + ProtectionGroup: + type: object + properties: + ProtectionGroupId: + description: The name of the protection group. You use this to identify the protection group in lists and to manage the protection group, for example to update, delete, or describe it. + type: string + pattern: '[a-zA-Z0-9\-]*' + minLength: 1 + maxLength: 36 + ProtectionGroupArn: + description: The ARN (Amazon Resource Name) of the protection group. + type: string + Aggregation: + description: |- + Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events. + * Sum - Use the total traffic across the group. This is a good choice for most cases. Examples include Elastic IP addresses for EC2 instances that scale manually or automatically. + * Mean - Use the average of the traffic across the group. This is a good choice for resources that share traffic uniformly. Examples include accelerators and load balancers. + * Max - Use the highest traffic from each resource. This is useful for resources that don't share traffic and for resources that share that traffic in a non-uniform way. Examples include Amazon CloudFront and origin resources for CloudFront distributions. + type: string + enum: + - SUM + - MEAN + - MAX + Pattern: + description: The criteria to use to choose the protected resources for inclusion in the group. You can include all resources that have protections, provide a list of resource Amazon Resource Names (ARNs), or include all resources of a specified resource type. + type: string + enum: + - ALL + - ARBITRARY + - BY_RESOURCE_TYPE + Members: + description: The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set `Pattern` to `ARBITRARY` and you must not set it for any other `Pattern` setting. + type: array + x-insertionOrder: false + maxItems: 10000 + items: + type: string + minLength: 1 + maxLength: 2048 + ResourceType: + description: The resource type to include in the protection group. All protected resources of this type are included in the protection group. Newly protected resources of this type are automatically added to the group. You must set this when you set `Pattern` to `BY_RESOURCE_TYPE` and you must not set it for any other `Pattern` setting. + type: string + enum: + - CLOUDFRONT_DISTRIBUTION + - ROUTE_53_HOSTED_ZONE + - ELASTIC_IP_ALLOCATION + - CLASSIC_LOAD_BALANCER + - APPLICATION_LOAD_BALANCER + - GLOBAL_ACCELERATOR + Tags: + description: One or more tag key-value pairs for the Protection object. + type: array + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + required: + - Aggregation + - Pattern + - ProtectionGroupId + x-stackql-resource-name: protection_group + description: A grouping of protected resources so they can be handled as a collective. This resource grouping improves the accuracy of detection and reduces false positives. + x-type-name: AWS::Shield::ProtectionGroup + x-stackql-primary-identifier: + - ProtectionGroupArn + x-create-only-properties: + - ProtectionGroupId + x-read-only-properties: + - ProtectionGroupArn + x-required-properties: + - Aggregation + - Pattern + - ProtectionGroupId + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + x-required-permissions: + create: + - shield:CreateProtectionGroup + - shield:TagResource + delete: + - shield:DeleteProtectionGroup + - shield:UntagResource + read: + - shield:DescribeProtectionGroup + - shield:ListTagsForResource + update: + - shield:UpdateProtectionGroup + - shield:ListTagsForResource + - shield:TagResource + - shield:UntagResource + list: + - shield:ListProtectionGroups + x-stackQL-resources: + drt_accesses: + name: drt_accesses + id: aws.shield.drt_accesses + x-cfn-schema-name: DRTAccess + x-type: list + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Shield::DRTAccess' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Shield::DRTAccess' + AND region = 'us-east-1' + drt_access: + name: drt_access + id: aws.shield.drt_access + x-cfn-schema-name: DRTAccess + x-type: get + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccountId') as account_id, + JSON_EXTRACT(Properties, '$.LogBucketList') as log_bucket_list, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Shield::DRTAccess' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccountId') as account_id, + json_extract_path_text(Properties, 'LogBucketList') as log_bucket_list, + json_extract_path_text(Properties, 'RoleArn') as role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Shield::DRTAccess' + AND data__Identifier = '' + AND region = 'us-east-1' + proactive_engagements: + name: proactive_engagements + id: aws.shield.proactive_engagements + x-cfn-schema-name: ProactiveEngagement + x-type: list + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Shield::ProactiveEngagement' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccountId') as account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Shield::ProactiveEngagement' + AND region = 'us-east-1' + proactive_engagement: + name: proactive_engagement + id: aws.shield.proactive_engagement + x-cfn-schema-name: ProactiveEngagement + x-type: get + x-identifiers: + - AccountId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccountId') as account_id, + JSON_EXTRACT(Properties, '$.ProactiveEngagementStatus') as proactive_engagement_status, + JSON_EXTRACT(Properties, '$.EmergencyContactList') as emergency_contact_list + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Shield::ProactiveEngagement' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccountId') as account_id, + json_extract_path_text(Properties, 'ProactiveEngagementStatus') as proactive_engagement_status, + json_extract_path_text(Properties, 'EmergencyContactList') as emergency_contact_list + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Shield::ProactiveEngagement' + AND data__Identifier = '' + AND region = 'us-east-1' + protections: + name: protections + id: aws.shield.protections + x-cfn-schema-name: Protection + x-type: list + x-identifiers: + - ProtectionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ProtectionArn') as protection_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Shield::Protection' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ProtectionArn') as protection_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Shield::Protection' + AND region = 'us-east-1' + protection: + name: protection + id: aws.shield.protection + x-cfn-schema-name: Protection + x-type: get + x-identifiers: + - ProtectionArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ProtectionId') as protection_id, + JSON_EXTRACT(Properties, '$.ProtectionArn') as protection_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.HealthCheckArns') as health_check_arns, + JSON_EXTRACT(Properties, '$.ApplicationLayerAutomaticResponseConfiguration') as application_layer_automatic_response_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Shield::Protection' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ProtectionId') as protection_id, + json_extract_path_text(Properties, 'ProtectionArn') as protection_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'HealthCheckArns') as health_check_arns, + json_extract_path_text(Properties, 'ApplicationLayerAutomaticResponseConfiguration') as application_layer_automatic_response_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Shield::Protection' + AND data__Identifier = '' + AND region = 'us-east-1' + protection_groups: + name: protection_groups + id: aws.shield.protection_groups + x-cfn-schema-name: ProtectionGroup + x-type: list + x-identifiers: + - ProtectionGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ProtectionGroupArn') as protection_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Shield::ProtectionGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ProtectionGroupArn') as protection_group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Shield::ProtectionGroup' + AND region = 'us-east-1' + protection_group: + name: protection_group + id: aws.shield.protection_group + x-cfn-schema-name: ProtectionGroup + x-type: get + x-identifiers: + - ProtectionGroupArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ProtectionGroupId') as protection_group_id, + JSON_EXTRACT(Properties, '$.ProtectionGroupArn') as protection_group_arn, + JSON_EXTRACT(Properties, '$.Aggregation') as aggregation, + JSON_EXTRACT(Properties, '$.Pattern') as pattern, + JSON_EXTRACT(Properties, '$.Members') as members, + JSON_EXTRACT(Properties, '$.ResourceType') as resource_type, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Shield::ProtectionGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ProtectionGroupId') as protection_group_id, + json_extract_path_text(Properties, 'ProtectionGroupArn') as protection_group_arn, + json_extract_path_text(Properties, 'Aggregation') as aggregation, + json_extract_path_text(Properties, 'Pattern') as pattern, + json_extract_path_text(Properties, 'Members') as members, + json_extract_path_text(Properties, 'ResourceType') as resource_type, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Shield::ProtectionGroup' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/signer.yaml b/providers/src/aws/v00.00.00000/services/signer.yaml new file mode 100644 index 00000000..982f82a5 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/signer.yaml @@ -0,0 +1,285 @@ +openapi: 3.0.0 +info: + title: Signer + version: 1.0.0 +paths: {} +components: + schemas: + ProfilePermission: + type: object + properties: + ProfileName: + type: string + ProfileVersion: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + Action: + type: string + Principal: + type: string + StatementId: + type: string + required: + - ProfileName + - Action + - Principal + - StatementId + x-stackql-resource-name: profile_permission + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::Signer::ProfilePermission + x-stackql-primary-identifier: + - StatementId + - ProfileName + x-create-only-properties: + - ProfileName + - Action + - Principal + - StatementId + - ProfileVersion + x-required-properties: + - ProfileName + - Action + - Principal + - StatementId + x-required-permissions: + create: + - signer:AddProfilePermission + - signer:ListProfilePermissions + read: + - signer:ListProfilePermissions + delete: + - signer:RemoveProfilePermission + - signer:ListProfilePermissions + list: + - signer:ListProfilePermissions + - signer:GetSigningProfile + PlatformId: + type: string + enum: + - AWSLambda-SHA384-ECDSA + - Notation-OCI-SHA384-ECDSA + Arn: + type: string + pattern: ^arn:aws(-(cn|us-gov))?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ + ProfileVersion: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + SignatureValidityPeriod: + type: object + properties: + Value: + type: integer + Type: + type: string + enum: + - DAYS + - MONTHS + - YEARS + additionalProperties: false + Tag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 127 + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + Value: + type: string + minLength: 1 + maxLength: 255 + additionalProperties: false + SigningProfile: + type: object + properties: + ProfileName: + description: 'A name for the signing profile. AWS CloudFormation generates a unique physical ID and uses that ID for the signing profile name. ' + type: string + ProfileVersion: + description: A version for the signing profile. AWS Signer generates a unique version for each profile of the same profile name. + $ref: '#/components/schemas/ProfileVersion' + Arn: + description: The Amazon Resource Name (ARN) of the specified signing profile. + $ref: '#/components/schemas/Arn' + ProfileVersionArn: + description: The Amazon Resource Name (ARN) of the specified signing profile version. + $ref: '#/components/schemas/Arn' + SignatureValidityPeriod: + description: Signature validity period of the profile. + $ref: '#/components/schemas/SignatureValidityPeriod' + PlatformId: + description: The ID of the target signing platform. + $ref: '#/components/schemas/PlatformId' + Tags: + type: array + description: A list of tags associated with the signing profile. + items: + $ref: '#/components/schemas/Tag' + required: + - PlatformId + x-stackql-resource-name: signing_profile + description: A signing profile is a signing template that can be used to carry out a pre-defined signing job. + x-type-name: AWS::Signer::SigningProfile + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - ProfileName + - - ProfileVersionArn + x-create-only-properties: + - PlatformId + - SignatureValidityPeriod + x-read-only-properties: + - ProfileName + - ProfileVersion + - Arn + - ProfileVersionArn + x-required-properties: + - PlatformId + x-required-permissions: + create: + - signer:PutSigningProfile + - signer:TagResource + read: + - signer:GetSigningProfile + delete: + - signer:CancelSigningProfile + - signer:GetSigningProfile + list: + - signer:ListSigningProfiles + update: + - signer:TagResource + - signer:UntagResource + - signer:GetSigningProfile + x-stackQL-resources: + profile_permissions: + name: profile_permissions + id: aws.signer.profile_permissions + x-cfn-schema-name: ProfilePermission + x-type: list + x-identifiers: + - StatementId + - ProfileName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.StatementId') as statement_id, + JSON_EXTRACT(Properties, '$.ProfileName') as profile_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Signer::ProfilePermission' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'StatementId') as statement_id, + json_extract_path_text(Properties, 'ProfileName') as profile_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Signer::ProfilePermission' + AND region = 'us-east-1' + profile_permission: + name: profile_permission + id: aws.signer.profile_permission + x-cfn-schema-name: ProfilePermission + x-type: get + x-identifiers: + - StatementId + - ProfileName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ProfileName') as profile_name, + JSON_EXTRACT(Properties, '$.ProfileVersion') as profile_version, + JSON_EXTRACT(Properties, '$.Action') as action, + JSON_EXTRACT(Properties, '$.Principal') as principal, + JSON_EXTRACT(Properties, '$.StatementId') as statement_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Signer::ProfilePermission' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ProfileName') as profile_name, + json_extract_path_text(Properties, 'ProfileVersion') as profile_version, + json_extract_path_text(Properties, 'Action') as action, + json_extract_path_text(Properties, 'Principal') as principal, + json_extract_path_text(Properties, 'StatementId') as statement_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Signer::ProfilePermission' + AND data__Identifier = '|' + AND region = 'us-east-1' + signing_profiles: + name: signing_profiles + id: aws.signer.signing_profiles + x-cfn-schema-name: SigningProfile + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Signer::SigningProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Signer::SigningProfile' + AND region = 'us-east-1' + signing_profile: + name: signing_profile + id: aws.signer.signing_profile + x-cfn-schema-name: SigningProfile + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ProfileName') as profile_name, + JSON_EXTRACT(Properties, '$.ProfileVersion') as profile_version, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ProfileVersionArn') as profile_version_arn, + JSON_EXTRACT(Properties, '$.SignatureValidityPeriod') as signature_validity_period, + JSON_EXTRACT(Properties, '$.PlatformId') as platform_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Signer::SigningProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ProfileName') as profile_name, + json_extract_path_text(Properties, 'ProfileVersion') as profile_version, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ProfileVersionArn') as profile_version_arn, + json_extract_path_text(Properties, 'SignatureValidityPeriod') as signature_validity_period, + json_extract_path_text(Properties, 'PlatformId') as platform_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Signer::SigningProfile' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/simspaceweaver.yaml b/providers/src/aws/v00.00.00000/services/simspaceweaver.yaml new file mode 100644 index 00000000..79861fa9 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/simspaceweaver.yaml @@ -0,0 +1,157 @@ +openapi: 3.0.0 +info: + title: SimSpaceWeaver + version: 1.0.0 +paths: {} +components: + schemas: + S3Location: + type: object + properties: + BucketName: + description: The Schema S3 bucket name. + type: string + minLength: 3 + maxLength: 63 + pattern: '[a-zA-Z0-9_\-]{3,63}$' + ObjectKey: + description: This is the schema S3 object key, which includes the full path of "folders" from the bucket root to the schema. + type: string + minLength: 3 + maxLength: 255 + required: + - BucketName + - ObjectKey + additionalProperties: false + Simulation: + type: object + properties: + Name: + description: The name of the simulation. + type: string + minLength: 1 + maxLength: 2048 + pattern: '[a-zA-Z0-9_\-]{1,2048}$' + RoleArn: + description: Role ARN. + type: string + SchemaS3Location: + $ref: '#/components/schemas/S3Location' + DescribePayload: + description: Json object with all simulation details + type: string + MaximumDuration: + description: The maximum running time of the simulation. + type: string + minLength: 2 + maxLength: 6 + SnapshotS3Location: + $ref: '#/components/schemas/S3Location' + required: + - Name + - RoleArn + x-stackql-resource-name: simulation + description: AWS::SimSpaceWeaver::Simulation resource creates an AWS Simulation. + x-type-name: AWS::SimSpaceWeaver::Simulation + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - RoleArn + - SchemaS3Location + - SnapshotS3Location + - MaximumDuration + x-read-only-properties: + - DescribePayload + x-required-properties: + - Name + - RoleArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - simspaceweaver:StartSimulation + - simspaceweaver:DescribeSimulation + - iam:GetRole + - iam:PassRole + read: + - simspaceweaver:DescribeSimulation + update: + - simspaceweaver:StartSimulation + - simspaceweaver:StopSimulation + - simspaceweaver:DeleteSimulation + - simspaceweaver:DescribeSimulation + delete: + - simspaceweaver:StopSimulation + - simspaceweaver:DeleteSimulation + - simspaceweaver:DescribeSimulation + list: + - simspaceweaver:ListSimulations + x-stackQL-resources: + simulations: + name: simulations + id: aws.simspaceweaver.simulations + x-cfn-schema-name: Simulation + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SimSpaceWeaver::Simulation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SimSpaceWeaver::Simulation' + AND region = 'us-east-1' + simulation: + name: simulation + id: aws.simspaceweaver.simulation + x-cfn-schema-name: Simulation + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.SchemaS3Location') as schema_s3_location, + JSON_EXTRACT(Properties, '$.DescribePayload') as describe_payload, + JSON_EXTRACT(Properties, '$.MaximumDuration') as maximum_duration, + JSON_EXTRACT(Properties, '$.SnapshotS3Location') as snapshot_s3_location + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SimSpaceWeaver::Simulation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'SchemaS3Location') as schema_s3_location, + json_extract_path_text(Properties, 'DescribePayload') as describe_payload, + json_extract_path_text(Properties, 'MaximumDuration') as maximum_duration, + json_extract_path_text(Properties, 'SnapshotS3Location') as snapshot_s3_location + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SimSpaceWeaver::Simulation' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/sns.yaml b/providers/src/aws/v00.00.00000/services/sns.yaml new file mode 100644 index 00000000..6c1967b9 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/sns.yaml @@ -0,0 +1,350 @@ +openapi: 3.0.0 +info: + title: SNS + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + description: The required key portion of the tag. + Value: + type: string + description: The optional value portion of the tag. + required: + - Value + - Key + description: The list of tags to be added to the specified topic. + Subscription: + type: object + additionalProperties: false + properties: + Endpoint: + type: string + anyOf: + - relationshipRef: + typeName: AWS::Lambda::Function + propertyPath: /properties/Arn + - relationshipRef: + typeName: AWS::SQS::Queue + propertyPath: /properties/Arn + description: The endpoint that receives notifications from the SNS topic. The endpoint value depends on the protocol that you specify. For more information, see the ``Endpoint`` parameter of the ``Subscribe`` action in the *API Reference*. + Protocol: + type: string + description: The subscription's protocol. For more information, see the ``Protocol`` parameter of the ``Subscribe`` action in the *API Reference*. + required: + - Endpoint + - Protocol + description: |- + ``Subscription`` is an embedded property that describes the subscription endpoints of an SNS topic. + For full control over subscription behavior (for example, delivery policy, filtering, raw message delivery, and cross-region subscriptions), use the [AWS::SNS::Subscription](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html) resource. + LoggingConfig: + type: object + additionalProperties: false + properties: + Protocol: + type: string + description: '' + enum: + - http/s + - sqs + - lambda + - firehose + - application + SuccessFeedbackRoleArn: + type: string + description: '' + SuccessFeedbackSampleRate: + type: string + description: '' + FailureFeedbackRoleArn: + type: string + description: '' + required: + - Protocol + description: '' + Topic: + type: object + properties: + DisplayName: + description: The display name to use for an SNS topic with SMS subscriptions. The display name must be maximum 100 characters long, including hyphens (-), underscores (_), spaces, and tabs. + type: string + KmsMasterKeyId: + description: |- + The ID of an AWS managed customer master key (CMK) for SNS or a custom CMK. For more information, see [Key terms](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html#sse-key-terms). For more examples, see ``KeyId`` in the *API Reference*. + This property applies only to [server-side-encryption](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html). + type: string + anyOf: + - relationshipRef: + typeName: AWS::KMS::Key + propertyPath: /properties/Arn + - relationshipRef: + typeName: AWS::KMS::Key + propertyPath: /properties/KeyId + - relationshipRef: + typeName: AWS::KMS::Alias + propertyPath: /properties/AliasName + DataProtectionPolicy: + description: |- + The body of the policy document you want to use for this topic. + You can only add one policy per topic. + The policy must be in JSON string format. + Length Constraints: Maximum length of 30,720. + type: object + Subscription: + description: |- + The SNS subscriptions (endpoints) for this topic. + If you specify the ``Subscription`` property in the ``AWS::SNS::Topic`` resource and it creates an associated subscription resource, the associated subscription is not deleted when the ``AWS::SNS::Topic`` resource is deleted. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Subscription' + FifoTopic: + description: Set to true to create a FIFO topic. + type: boolean + ContentBasedDeduplication: + description: |- + Enables content-based deduplication for FIFO topics. + + By default, ``ContentBasedDeduplication`` is set to ``false``. If you create a FIFO topic and this attribute is ``false``, you must specify a value for the ``MessageDeduplicationId`` parameter for the [Publish](https://docs.aws.amazon.com/sns/latest/api/API_Publish.html) action. + + When you set ``ContentBasedDeduplication`` to ``true``, SNS uses a SHA-256 hash to generate the ``MessageDeduplicationId`` using the body of the message (but not the attributes of the message). + (Optional) To override the generated value, you can specify a value for the the ``MessageDeduplicationId`` parameter for the ``Publish`` action. + type: boolean + ArchivePolicy: + description: The archive policy determines the number of days SNS retains messages. You can set a retention period from 1 to 365 days. + type: object + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + description: |- + The list of tags to add to a new topic. + To be able to tag a topic on creation, you must have the ``sns:CreateTopic`` and ``sns:TagResource`` permissions. + TopicName: + description: |- + The name of the topic you want to create. Topic names must include only uppercase and lowercase ASCII letters, numbers, underscores, and hyphens, and must be between 1 and 256 characters long. FIFO topic names must end with ``.fifo``. + If you don't specify a name, CFN generates a unique physical ID and uses that ID for the topic name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). + If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + type: string + TopicArn: + type: string + description: '' + SignatureVersion: + description: The signature version corresponds to the hashing algorithm used while creating the signature of the notifications, subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS. By default, ``SignatureVersion`` is set to ``1``. + type: string + TracingConfig: + description: Tracing mode of an SNS topic. By default ``TracingConfig`` is set to ``PassThrough``, and the topic passes through the tracing header it receives from an SNS publisher to its subscriptions. If set to ``Active``, SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true. + type: string + DeliveryStatusLogging: + description: '' + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/LoggingConfig' + x-stackql-resource-name: topic + description: |- + The ``AWS::SNS::Topic`` resource creates a topic to which notifications can be published. + One account can create a maximum of 100,000 standard topics and 1,000 FIFO topics. For more information, see [endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/sns.html) in the *General Reference*. + The structure of ``AUTHPARAMS`` depends on the .signature of the API request. For more information, see [Examples of the complete Signature Version 4 signing process](https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html) in the *General Reference*. + x-type-name: AWS::SNS::Topic + x-stackql-primary-identifier: + - TopicArn + x-create-only-properties: + - TopicName + - FifoTopic + x-read-only-properties: + - TopicArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - sns:CreateTopic + - sns:TagResource + - sns:Subscribe + - sns:GetTopicAttributes + - sns:PutDataProtectionPolicy + - iam:GetRole + - iam:PassRole + read: + - sns:GetTopicAttributes + - sns:ListTagsForResource + - sns:ListSubscriptionsByTopic + - sns:GetDataProtectionPolicy + update: + - sns:SetTopicAttributes + - sns:TagResource + - sns:UntagResource + - sns:Subscribe + - sns:Unsubscribe + - sns:GetTopicAttributes + - sns:ListTagsForResource + - sns:ListSubscriptionsByTopic + - sns:GetDataProtectionPolicy + - sns:PutDataProtectionPolicy + - iam:GetRole + - iam:PassRole + delete: + - sns:GetTopicAttributes + - sns:DeleteTopic + list: + - sns:ListTopics + TopicInlinePolicy: + type: object + properties: + PolicyDocument: + description: A policy document that contains permissions to add to the specified SNS topics. + type: object + TopicArn: + description: The Amazon Resource Name (ARN) of the topic to which you want to add the policy. + type: string + required: + - PolicyDocument + - TopicArn + x-stackql-resource-name: topic_inline_policy + description: Schema for AWS::SNS::TopicInlinePolicy + x-type-name: AWS::SNS::TopicInlinePolicy + x-stackql-primary-identifier: + - TopicArn + x-create-only-properties: + - TopicArn + x-required-properties: + - PolicyDocument + - TopicArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - sns:SetTopicAttributes + - sns:GetTopicAttributes + read: + - sns:GetTopicAttributes + delete: + - sns:SetTopicAttributes + - sns:GetTopicAttributes + update: + - sns:SetTopicAttributes + - sns:GetTopicAttributes + x-stackQL-resources: + topics: + name: topics + id: aws.sns.topics + x-cfn-schema-name: Topic + x-type: list + x-identifiers: + - TopicArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TopicArn') as topic_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SNS::Topic' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TopicArn') as topic_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SNS::Topic' + AND region = 'us-east-1' + topic: + name: topic + id: aws.sns.topic + x-cfn-schema-name: Topic + x-type: get + x-identifiers: + - TopicArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.KmsMasterKeyId') as kms_master_key_id, + JSON_EXTRACT(Properties, '$.DataProtectionPolicy') as data_protection_policy, + JSON_EXTRACT(Properties, '$.Subscription') as subscription, + JSON_EXTRACT(Properties, '$.FifoTopic') as fifo_topic, + JSON_EXTRACT(Properties, '$.ContentBasedDeduplication') as content_based_deduplication, + JSON_EXTRACT(Properties, '$.ArchivePolicy') as archive_policy, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TopicName') as topic_name, + JSON_EXTRACT(Properties, '$.TopicArn') as topic_arn, + JSON_EXTRACT(Properties, '$.SignatureVersion') as signature_version, + JSON_EXTRACT(Properties, '$.TracingConfig') as tracing_config, + JSON_EXTRACT(Properties, '$.DeliveryStatusLogging') as delivery_status_logging + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SNS::Topic' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'KmsMasterKeyId') as kms_master_key_id, + json_extract_path_text(Properties, 'DataProtectionPolicy') as data_protection_policy, + json_extract_path_text(Properties, 'Subscription') as subscription, + json_extract_path_text(Properties, 'FifoTopic') as fifo_topic, + json_extract_path_text(Properties, 'ContentBasedDeduplication') as content_based_deduplication, + json_extract_path_text(Properties, 'ArchivePolicy') as archive_policy, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TopicName') as topic_name, + json_extract_path_text(Properties, 'TopicArn') as topic_arn, + json_extract_path_text(Properties, 'SignatureVersion') as signature_version, + json_extract_path_text(Properties, 'TracingConfig') as tracing_config, + json_extract_path_text(Properties, 'DeliveryStatusLogging') as delivery_status_logging + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SNS::Topic' + AND data__Identifier = '' + AND region = 'us-east-1' + topic_inline_policy: + name: topic_inline_policy + id: aws.sns.topic_inline_policy + x-cfn-schema-name: TopicInlinePolicy + x-type: get + x-identifiers: + - TopicArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.TopicArn') as topic_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SNS::TopicInlinePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'TopicArn') as topic_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SNS::TopicInlinePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/sqs.yaml b/providers/src/aws/v00.00.00000/services/sqs.yaml new file mode 100644 index 00000000..70fd0929 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/sqs.yaml @@ -0,0 +1,327 @@ +openapi: 3.0.0 +info: + title: SQS + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + additionalProperties: false + properties: + Key: + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + Value: + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + required: + - Value + - Key + description: '' + Queue: + type: object + properties: + QueueUrl: + type: string + description: '' + Arn: + type: string + description: '' + ContentBasedDeduplication: + type: boolean + description: For first-in-first-out (FIFO) queues, specifies whether to enable content-based deduplication. During the deduplication interval, SQS treats messages that are sent with identical content as duplicates and delivers only one copy of the message. For more information, see the ``ContentBasedDeduplication`` attribute for the ``CreateQueue`` action in the *API Reference*. + DeduplicationScope: + description: |- + For high throughput for FIFO queues, specifies whether message deduplication occurs at the message group or queue level. Valid values are ``messageGroup`` and ``queue``. + To enable high throughput for a FIFO queue, set this attribute to ``messageGroup`` *and* set the ``FifoThroughputLimit`` attribute to ``perMessageGroupId``. If you set these attributes to anything other than these values, normal throughput is in effect and deduplication occurs as specified. For more information, see [High throughput for FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html) and [Quotas related to messages](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html) in the *Developer Guide*. + type: string + DelaySeconds: + type: integer + description: The time in seconds for which the delivery of all messages in the queue is delayed. You can specify an integer value of ``0`` to ``900`` (15 minutes). The default value is ``0``. + FifoQueue: + type: boolean + description: If set to true, creates a FIFO queue. If you don't specify this property, SQS creates a standard queue. For more information, see [FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) in the *Developer Guide*. + FifoThroughputLimit: + description: |- + For high throughput for FIFO queues, specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are ``perQueue`` and ``perMessageGroupId``. + To enable high throughput for a FIFO queue, set this attribute to ``perMessageGroupId`` *and* set the ``DeduplicationScope`` attribute to ``messageGroup``. If you set these attributes to anything other than these values, normal throughput is in effect and deduplication occurs as specified. For more information, see [High throughput for FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html) and [Quotas related to messages](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html) in the *Developer Guide*. + type: string + KmsDataKeyReusePeriodSeconds: + type: integer + description: |- + The length of time in seconds for which SQS can reuse a data key to encrypt or decrypt messages before calling KMS again. The value must be an integer between 60 (1 minute) and 86,400 (24 hours). The default is 300 (5 minutes). + A shorter time period provides better security, but results in more calls to KMS, which might incur charges after Free Tier. For more information, see [Encryption at rest](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work) in the *Developer Guide*. + KmsMasterKeyId: + type: string + description: |- + The ID of an AWS Key Management Service (KMS) for SQS, or a custom KMS. To use the AWS managed KMS for SQS, specify a (default) alias ARN, alias name (e.g. ``alias/aws/sqs``), key ARN, or key ID. For more information, see the following: + + [Encryption at rest](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html) in the *Developer Guide* + + [CreateQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_CreateQueue.html) in the *API Reference* + + [Request Parameters](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) in the *Key Management Service API Reference* + + The Key Management Service (KMS) section of the [Best Practices](https://docs.aws.amazon.com/https://d0.awsstatic.com/whitepapers/aws-kms-best-practices.pdf) whitepaper + SqsManagedSseEnabled: + type: boolean + description: Enables server-side queue encryption using SQS owned encryption keys. Only one server-side encryption option is supported per queue (for example, [SSE-KMS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html) or [SSE-SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sqs-sse-queue.html)). When ``SqsManagedSseEnabled`` is not defined, ``SSE-SQS`` encryption is enabled by default. + MaximumMessageSize: + type: integer + description: The limit of how many bytes that a message can contain before SQS rejects it. You can specify an integer value from ``1,024`` bytes (1 KiB) to ``262,144`` bytes (256 KiB). The default value is ``262,144`` (256 KiB). + MessageRetentionPeriod: + type: integer + description: The number of seconds that SQS retains a message. You can specify an integer value from ``60`` seconds (1 minute) to ``1,209,600`` seconds (14 days). The default value is ``345,600`` seconds (4 days). + QueueName: + type: string + description: |- + A name for the queue. To create a FIFO queue, the name of your FIFO queue must end with the ``.fifo`` suffix. For more information, see [FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) in the *Developer Guide*. + If you don't specify a name, CFN generates a unique physical ID and uses that ID for the queue name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) in the *User Guide*. + If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + ReceiveMessageWaitTimeSeconds: + type: integer + description: >- + Specifies the duration, in seconds, that the ReceiveMessage action call waits until a message is in the queue in order to include it in the response, rather than returning an empty response if a message isn't yet available. You can specify an integer from 1 to 20. Short polling is used as the default or when you specify 0 for this property. For more information, see [Consuming messages using long + polling](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-short-and-long-polling.html#sqs-long-polling) in the *Developer Guide*. + RedriveAllowPolicy: + type: object + description: |- + The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows: + + ``redrivePermission``: The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are: + + ``allowAll``: (Default) Any source queues in this AWS account in the same Region can specify this queue as the dead-letter queue. + + ``denyAll``: No source queues can specify this queue as the dead-letter queue. + + ``byQueue``: Only queues specified by the ``sourceQueueArns`` parameter can specify this queue as the dead-letter queue. + + + ``sourceQueueArns``: The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the ``redrivePermission`` parameter is set to ``byQueue``. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the ``redrivePermission`` parameter to ``allowAll``. + RedrivePolicy: + type: object + description: |- + The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows: + + ``deadLetterTargetArn``: The Amazon Resource Name (ARN) of the dead-letter queue to which SQS moves messages after the value of ``maxReceiveCount`` is exceeded. + + ``maxReceiveCount``: The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the ``ReceiveCount`` for a message exceeds the ``maxReceiveCount`` for a queue, SQS moves the message to the dead-letter-queue. + + The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue. + *JSON* + ``{ "deadLetterTargetArn" : String, "maxReceiveCount" : Integer }`` + *YAML* + ``deadLetterTargetArn : String`` + ``maxReceiveCount : Integer`` + Tags: + type: array + description: The tags that you attach to this queue. For more information, see [Resource tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) in the *User Guide*. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + VisibilityTimeout: + type: integer + description: |- + The length of time during which a message will be unavailable after a message is delivered from the queue. This blocks other components from receiving the same message and gives the initial component time to process and delete the message from the queue. + Values must be from 0 to 43,200 seconds (12 hours). If you don't specify a value, AWS CloudFormation uses the default value of 30 seconds. + For more information about SQS queue visibility timeouts, see [Visibility timeout](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) in the *Developer Guide*. + x-stackql-resource-name: queue + description: |- + The ``AWS::SQS::Queue`` resource creates an SQS standard or FIFO queue. + Keep the following caveats in mind: + + If you don't specify the ``FifoQueue`` property, SQS creates a standard queue. + You can't change the queue type after you create it and you can't convert an existing standard queue into a FIFO queue. You must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue. For more information, see [Moving from a standard queue to a FIFO queue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-moving.html) in the *Developer Guide*. + + If you don't provide a value for a property, the queue is created with the default value for the property. + + If you delete a queue, you must wait at least 60 seconds before creating a queue with the same name. + + To successfully create a new queue, you must provide a queue name that adheres to the [limits related to queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/limits-queues.html) and is unique within the scope of your queues. + + For more information about creating FIFO (first-in-first-out) queues, see [Creating an queue ()](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/screate-queue-cloudformation.html) in the *Developer Guide*. + x-type-name: AWS::SQS::Queue + x-stackql-primary-identifier: + - QueueUrl + x-create-only-properties: + - FifoQueue + - QueueName + x-read-only-properties: + - QueueUrl + - Arn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - sqs:CreateQueue + - sqs:GetQueueUrl + - sqs:GetQueueAttributes + - sqs:ListQueueTags + - sqs:TagQueue + read: + - sqs:GetQueueAttributes + - sqs:ListQueueTags + update: + - sqs:SetQueueAttributes + - sqs:GetQueueAttributes + - sqs:ListQueueTags + - sqs:TagQueue + - sqs:UntagQueue + delete: + - sqs:DeleteQueue + - sqs:GetQueueAttributes + list: + - sqs:ListQueues + QueueInlinePolicy: + type: object + properties: + PolicyDocument: + description: A policy document that contains permissions to add to the specified SQS queue + type: object + Queue: + description: The URL of the SQS queue. + type: string + required: + - PolicyDocument + - Queue + x-stackql-resource-name: queue_inline_policy + description: Schema for SQS QueueInlinePolicy + x-type-name: AWS::SQS::QueueInlinePolicy + x-stackql-primary-identifier: + - Queue + x-create-only-properties: + - Queue + x-required-properties: + - PolicyDocument + - Queue + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - sqs:SetQueueAttributes + - sqs:GetQueueAttributes + - sqs:GetQueueUrl + read: + - sqs:GetQueueAttributes + - sqs:GetQueueUrl + delete: + - sqs:SetQueueAttributes + - sqs:GetQueueAttributes + update: + - sqs:SetQueueAttributes + - sqs:GetQueueAttributes + - sqs:GetQueueUrl + x-stackQL-resources: + queues: + name: queues + id: aws.sqs.queues + x-cfn-schema-name: Queue + x-type: list + x-identifiers: + - QueueUrl + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.QueueUrl') as queue_url + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SQS::Queue' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'QueueUrl') as queue_url + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SQS::Queue' + AND region = 'us-east-1' + queue: + name: queue + id: aws.sqs.queue + x-cfn-schema-name: Queue + x-type: get + x-identifiers: + - QueueUrl + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.QueueUrl') as queue_url, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ContentBasedDeduplication') as content_based_deduplication, + JSON_EXTRACT(Properties, '$.DeduplicationScope') as deduplication_scope, + JSON_EXTRACT(Properties, '$.DelaySeconds') as delay_seconds, + JSON_EXTRACT(Properties, '$.FifoQueue') as fifo_queue, + JSON_EXTRACT(Properties, '$.FifoThroughputLimit') as fifo_throughput_limit, + JSON_EXTRACT(Properties, '$.KmsDataKeyReusePeriodSeconds') as kms_data_key_reuse_period_seconds, + JSON_EXTRACT(Properties, '$.KmsMasterKeyId') as kms_master_key_id, + JSON_EXTRACT(Properties, '$.SqsManagedSseEnabled') as sqs_managed_sse_enabled, + JSON_EXTRACT(Properties, '$.MaximumMessageSize') as maximum_message_size, + JSON_EXTRACT(Properties, '$.MessageRetentionPeriod') as message_retention_period, + JSON_EXTRACT(Properties, '$.QueueName') as queue_name, + JSON_EXTRACT(Properties, '$.ReceiveMessageWaitTimeSeconds') as receive_message_wait_time_seconds, + JSON_EXTRACT(Properties, '$.RedriveAllowPolicy') as redrive_allow_policy, + JSON_EXTRACT(Properties, '$.RedrivePolicy') as redrive_policy, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VisibilityTimeout') as visibility_timeout + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SQS::Queue' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'QueueUrl') as queue_url, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ContentBasedDeduplication') as content_based_deduplication, + json_extract_path_text(Properties, 'DeduplicationScope') as deduplication_scope, + json_extract_path_text(Properties, 'DelaySeconds') as delay_seconds, + json_extract_path_text(Properties, 'FifoQueue') as fifo_queue, + json_extract_path_text(Properties, 'FifoThroughputLimit') as fifo_throughput_limit, + json_extract_path_text(Properties, 'KmsDataKeyReusePeriodSeconds') as kms_data_key_reuse_period_seconds, + json_extract_path_text(Properties, 'KmsMasterKeyId') as kms_master_key_id, + json_extract_path_text(Properties, 'SqsManagedSseEnabled') as sqs_managed_sse_enabled, + json_extract_path_text(Properties, 'MaximumMessageSize') as maximum_message_size, + json_extract_path_text(Properties, 'MessageRetentionPeriod') as message_retention_period, + json_extract_path_text(Properties, 'QueueName') as queue_name, + json_extract_path_text(Properties, 'ReceiveMessageWaitTimeSeconds') as receive_message_wait_time_seconds, + json_extract_path_text(Properties, 'RedriveAllowPolicy') as redrive_allow_policy, + json_extract_path_text(Properties, 'RedrivePolicy') as redrive_policy, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VisibilityTimeout') as visibility_timeout + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SQS::Queue' + AND data__Identifier = '' + AND region = 'us-east-1' + queue_inline_policy: + name: queue_inline_policy + id: aws.sqs.queue_inline_policy + x-cfn-schema-name: QueueInlinePolicy + x-type: get + x-identifiers: + - Queue + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.Queue') as queue + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SQS::QueueInlinePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'Queue') as queue + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SQS::QueueInlinePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/ssm.yaml b/providers/src/aws/v00.00.00000/services/ssm.yaml new file mode 100644 index 00000000..85a5e7de --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/ssm.yaml @@ -0,0 +1,1379 @@ +openapi: 3.0.0 +info: + title: SSM + version: 1.0.0 +paths: {} +components: + schemas: + Target: + additionalProperties: false + type: object + properties: + Values: + minItems: 0 + maxItems: 50 + type: array + items: + anyOf: + - relationshipRef: + typeName: AWS::EC2::Instance + propertyPath: /properties/Id + type: string + Key: + pattern: ^[\p{L}\p{Z}\p{N}_.:/=+\-@]{1,128}$|resource-groups:Name + type: string + required: + - Key + - Values + S3KeyPrefix: + type: string + maxLength: 1024 + S3Region: + minLength: 3 + type: string + maxLength: 20 + S3OutputLocation: + additionalProperties: false + type: object + properties: + OutputS3KeyPrefix: + $ref: '#/components/schemas/S3KeyPrefix' + OutputS3Region: + $ref: '#/components/schemas/S3Region' + OutputS3BucketName: + $ref: '#/components/schemas/S3BucketName' + S3BucketName: + x-relationshipRef: + typeName: AWS::S3::Bucket + propertyPath: /properties/BucketName + minLength: 3 + type: string + maxLength: 63 + InstanceAssociationOutputLocation: + additionalProperties: false + type: object + properties: + S3Location: + $ref: '#/components/schemas/S3OutputLocation' + ParameterValues: + type: array + items: + type: string + Association: + type: object + properties: + AssociationName: + pattern: ^[a-zA-Z0-9_\-.]{3,128}$ + description: The name of the association. + type: string + CalendarNames: + x-examples: + - - calendar1 + - calendar2 + - - calendar3 + type: array + items: + type: string + ScheduleExpression: + x-examples: + - cron(0 0 */1 * * ? *) + - cron(0 16 ? * TUE *) + - rate(30 minutes) + - rate(7 days) + minLength: 1 + description: A Cron or Rate expression that specifies when the association is applied to the target. + type: string + maxLength: 256 + MaxErrors: + x-examples: + - 1% + - 10% + - 50% + - '1' + pattern: ^([1-9][0-9]{0,6}|[0]|[1-9][0-9]%|[0-9]%|100%)$ + type: string + Parameters: + x-patternProperties: + .{1,255}: + $ref: '#/components/schemas/ParameterValues' + description: Parameter values that the SSM document uses at runtime. + additionalProperties: false + type: object + InstanceId: + x-examples: + - i-0e60836d21cf313c4 + - mi-0532c22e49636ee13 + pattern: (^i-(\w{8}|\w{17})$)|(^mi-\w{17}$) + description: The ID of the instance that the SSM document is associated with. + type: string + WaitForSuccessTimeoutSeconds: + maximum: 172800 + type: integer + minimum: 15 + MaxConcurrency: + x-examples: + - 1% + - 10% + - 50% + - '1' + pattern: ^([1-9][0-9]{0,6}|[1-9][0-9]%|[1-9]%|100%)$ + type: string + ComplianceSeverity: + type: string + enum: + - CRITICAL + - HIGH + - MEDIUM + - LOW + - UNSPECIFIED + Targets: + minItems: 0 + maxItems: 5 + description: The targets that the SSM document sends commands to. + type: array + items: + $ref: '#/components/schemas/Target' + SyncCompliance: + type: string + enum: + - AUTO + - MANUAL + OutputLocation: + $ref: '#/components/schemas/InstanceAssociationOutputLocation' + ScheduleOffset: + maximum: 6 + type: integer + minimum: 1 + Name: + x-examples: + - AWS-GatherSoftwareInventory + - MyCustomSSMDocument + pattern: ^[a-zA-Z0-9_\-.:/]{3,200}$ + description: The name of the SSM document. + type: string + ApplyOnlyAtCronInterval: + type: boolean + DocumentVersion: + pattern: ([$]LATEST|[$]DEFAULT|^[1-9][0-9]*$) + description: The version of the SSM document to associate with the target. + type: string + AssociationId: + x-examples: + - 88df7b09-95e8-48c4-a3cb-08c2c20d5110 + - 203dd0ec-0055-4bf0-a872-707f72ef06aa + pattern: '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}' + description: Unique identifier of the association. + type: string + AutomationTargetParameterName: + minLength: 1 + type: string + maxLength: 50 + required: + - Name + x-stackql-resource-name: association + description: The AWS::SSM::Association resource associates an SSM document in AWS Systems Manager with EC2 instances that contain a configuration agent to process the document. + x-type-name: AWS::SSM::Association + x-stackql-primary-identifier: + - AssociationId + x-write-only-properties: + - WaitForSuccessTimeoutSeconds + x-read-only-properties: + - AssociationId + x-required-properties: + - Name + x-tagging: + taggable: false + x-required-permissions: + read: + - ssm:DescribeAssociation + - resource-groups:GetGroupQuery + - resource-groups:ListGroups + - resource-groups:ListGroupResources + create: + - ec2:DescribeInstanceStatus + - iam:PassRole + - iam:CreateServiceLinkedRole + - ssm:CreateAssociation + - ssm:DescribeAssociation + - ssm:GetCalendarState + update: + - iam:PassRole + - ssm:UpdateAssociation + - ssm:GetCalendarState + list: + - ssm:ListAssociations + delete: + - ssm:DeleteAssociation + AttachmentsSource: + type: object + properties: + Key: + description: The key of a key-value pair that identifies the location of an attachment to a document. + type: string + enum: + - SourceUrl + - S3FileUrl + - AttachmentReference + Values: + description: The value of a key-value pair that identifies the location of an attachment to a document. The format for Value depends on the type of key you specify. + type: array + items: + type: string + minLength: 1 + maxLength: 100000 + minItems: 1 + maxItems: 1 + x-insertionOrder: false + Name: + description: The name of the document attachment file. + type: string + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ + minLength: 1 + maxLength: 128 + additionalProperties: false + Tag: + description: Metadata that you assign to your AWS resources. + type: object + additionalProperties: false + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 1 + maxLength: 256 + required: + - Value + - Key + DocumentRequires: + type: object + properties: + Name: + description: The name of the required SSM document. The name can be an Amazon Resource Name (ARN). + type: string + pattern: ^[a-zA-Z0-9_\-.:/]{3,200}$ + maxLength: 200 + Version: + description: The document version required by the current document. + type: string + pattern: ([$]LATEST|[$]DEFAULT|^[1-9][0-9]*$) + maxLength: 8 + additionalProperties: false + Document: + type: object + properties: + Content: + description: The content for the Systems Manager document in JSON, YAML or String format. + type: object + Attachments: + description: A list of key and value pairs that describe attachments to a version of a document. + type: array + items: + $ref: '#/components/schemas/AttachmentsSource' + minItems: 0 + maxItems: 20 + x-insertionOrder: false + Name: + description: A name for the Systems Manager document. + type: string + pattern: ^[a-zA-Z0-9_\-.]{3,128}$ + VersionName: + description: An optional field specifying the version of the artifact you are creating with the document. This value is unique across all versions of a document, and cannot be changed. + type: string + pattern: ^[a-zA-Z0-9_\-.]{1,128}$ + DocumentType: + description: The type of document to create. + type: string + enum: + - ApplicationConfiguration + - ApplicationConfigurationSchema + - Automation + - Automation.ChangeTemplate + - ChangeCalendar + - CloudFormation + - Command + - DeploymentStrategy + - Package + - Policy + - ProblemAnalysis + - ProblemAnalysisTemplate + - Session + DocumentFormat: + description: Specify the document format for the request. The document format can be either JSON or YAML. JSON is the default format. + type: string + enum: + - YAML + - JSON + - TEXT + default: JSON + TargetType: + description: Specify a target type to define the kinds of resources the document can run on. + type: string + pattern: ^\/[\w\.\-\:\/]*$ + Tags: + description: Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 1000 + x-insertionOrder: false + Requires: + description: A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document. + type: array + items: + $ref: '#/components/schemas/DocumentRequires' + minItems: 1 + x-insertionOrder: false + UpdateMethod: + description: Update method - when set to 'Replace', the update will replace the existing document; when set to 'NewVersion', the update will create a new version. + type: string + enum: + - Replace + - NewVersion + default: Replace + required: + - Content + x-stackql-resource-name: document + description: The AWS::SSM::Document resource is an SSM document in AWS Systems Manager that defines the actions that Systems Manager performs, which can be used to set up and run commands on your instances. + x-type-name: AWS::SSM::Document + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - DocumentType + x-conditional-create-only-properties: + - Content + - Attachments + - VersionName + - DocumentFormat + - TargetType + - Requires + x-write-only-properties: + - UpdateMethod + - Attachments + x-required-properties: + - Content + x-tagging: + taggable: true + x-required-permissions: + create: + - ssm:CreateDocument + - ssm:GetDocument + - ssm:AddTagsToResource + - ssm:ListTagsForResource + - s3:GetObject + - iam:PassRole + read: + - ssm:GetDocument + - ssm:ListTagsForResource + update: + - ssm:UpdateDocument + - s3:GetObject + - ssm:AddTagsToResource + - ssm:RemoveTagsFromResource + - ssm:ListTagsForResource + - iam:PassRole + - ssm:UpdateDocumentDefaultVersion + - ssm:DescribeDocument + delete: + - ssm:DeleteDocument + - ssm:GetDocument + list: + - ssm:ListDocuments + Parameter: + type: object + properties: + Type: + type: string + description: The type of parameter. + enum: + - String + - StringList + Value: + type: string + description: |- + The parameter value. + If type is ``StringList``, the system returns a comma-separated string with no spaces between commas in the ``Value`` field. + Description: + type: string + description: Information about the parameter. + Policies: + type: string + description: |- + Information about the policies assigned to a parameter. + [Assigning parameter policies](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-policies.html) in the *User Guide*. + AllowedPattern: + type: string + description: 'A regular expression used to validate the parameter value. For example, for ``String`` types with values restricted to numbers, you can specify the following: ``AllowedPattern=^\d+$``' + Tier: + type: string + description: The parameter tier. + enum: + - Standard + - Advanced + - Intelligent-Tiering + Tags: + type: object + description: Optional metadata that you assign to a resource in the form of an arbitrary set of tags (key-value pairs). Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a SYS parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter. + x-patternProperties: + ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$: + type: string + additionalProperties: false + DataType: + type: string + description: The data type of the parameter, such as ``text`` or ``aws:ec2:image``. The default is ``text``. + enum: + - text + - aws:ec2:image + Name: + type: string + description: |- + The name of the parameter. + The maximum length constraint listed below includes capacity for additional system attributes that aren't part of the name. The maximum length for a parameter name, including the full length of the parameter Amazon Resource Name (ARN), is 1011 characters. For example, the length of the following parameter name is 65 characters, not 20 characters: ``arn:aws:ssm:us-east-2:111222333444:parameter/ExampleParameterName`` + required: + - Value + - Type + x-stackql-resource-name: parameter + description: |- + The ``AWS::SSM::Parameter`` resource creates an SSM parameter in SYSlong Parameter Store. + To create an SSM parameter, you must have the IAMlong (IAM) permissions ``ssm:PutParameter`` and ``ssm:AddTagsToResource``. On stack creation, CFNlong adds the following three tags to the parameter: ``aws:cloudformation:stack-name``, ``aws:cloudformation:logical-id``, and ``aws:cloudformation:stack-id``, in addition to any custom tags you specify. + To add, update, or remove tags during stack update, you must have IAM permissions for both ``ssm:AddTagsToResource`` and ``ssm:RemoveTagsFromResource``. For more information, see [Managing Access Using Policies](https://docs.aws.amazon.com/systems-manager/latest/userguide/security-iam.html#security_iam_access-manage) in the *User Guide*. + For information about valid values for parameters, see [About requirements and constraints for parameter names](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-su-create.html#sysman-parameter-name-constraints) in the *User Guide* and [PutParameter](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutParameter.html) in the *API Reference*. + x-type-name: AWS::SSM::Parameter + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-write-only-properties: + - Tags + - Description + - Tier + - AllowedPattern + - Policies + x-required-properties: + - Value + - Type + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ssm:PutParameter + - ssm:AddTagsToResource + - ssm:GetParameters + read: + - ssm:GetParameters + update: + - ssm:PutParameter + - ssm:AddTagsToResource + - ssm:RemoveTagsFromResource + - ssm:GetParameters + delete: + - ssm:DeleteParameter + list: + - ssm:DescribeParameters + PatchFilterGroup: + description: The patch filter group that defines the criteria for the rule. + type: object + additionalProperties: false + properties: + PatchFilters: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/PatchFilter' + minItems: 0 + maxItems: 5 + PatchSource: + description: Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only. + type: object + additionalProperties: false + properties: + Products: + type: array + uniqueItems: false + items: + type: string + minLength: 1 + maxLength: 128 + minItems: 0 + maxItems: 20 + Configuration: + type: string + minLength: 1 + maxLength: 1024 + Name: + type: string + pattern: ^[a-zA-Z0-9_\-.]{3,50}$ + RuleGroup: + description: A set of rules defining the approval rules for a patch baseline. + type: object + additionalProperties: false + properties: + PatchRules: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Rule' + minItems: 0 + maxItems: 10 + x-insertionOrder: false + Rule: + description: Defines an approval rule for a patch baseline. + type: object + additionalProperties: false + properties: + ApproveUntilDate: + type: string + minLength: 0 + maxLength: 10 + EnableNonSecurity: + type: boolean + default: false + PatchFilterGroup: + $ref: '#/components/schemas/PatchFilterGroup' + ApproveAfterDays: + type: integer + minimum: 0 + maximum: 360 + ComplianceLevel: + type: string + enum: + - CRITICAL + - HIGH + - INFORMATIONAL + - LOW + - MEDIUM + - UNSPECIFIED + x-insertionOrder: false + PatchFilter: + description: Defines which patches should be included in a patch baseline. + type: object + additionalProperties: false + properties: + Values: + type: array + uniqueItems: false + items: + type: string + minLength: 1 + maxLength: 64 + minItems: 0 + maxItems: 20 + Key: + type: string + enum: + - ADVISORY_ID + - ARCH + - BUGZILLA_ID + - CLASSIFICATION + - CVE_ID + - EPOCH + - MSRC_SEVERITY + - NAME + - PATCH_ID + - PATCH_SET + - PRIORITY + - PRODUCT + - PRODUCT_FAMILY + - RELEASE + - REPOSITORY + - SECTION + - SECURITY + - SEVERITY + - VERSION + PatchBaseline: + type: object + properties: + Id: + description: The ID of the patch baseline. + type: string + pattern: ^[a-zA-Z0-9_\-:/]{20,128}$ + minLength: 20 + maxLength: 128 + DefaultBaseline: + description: Set the baseline as default baseline. Only registering to default patch baseline is allowed. + type: boolean + default: false + OperatingSystem: + description: Defines the operating system the patch baseline applies to. The Default value is WINDOWS. + type: string + default: WINDOWS + enum: + - WINDOWS + - AMAZON_LINUX + - AMAZON_LINUX_2 + - AMAZON_LINUX_2022 + - AMAZON_LINUX_2023 + - UBUNTU + - REDHAT_ENTERPRISE_LINUX + - SUSE + - CENTOS + - ORACLE_LINUX + - DEBIAN + - MACOS + - RASPBIAN + - ROCKY_LINUX + - ALMA_LINUX + Description: + description: The description of the patch baseline. + type: string + minLength: 1 + maxLength: 1024 + ApprovalRules: + $ref: '#/components/schemas/RuleGroup' + Sources: + description: Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only. + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/PatchSource' + minItems: 0 + maxItems: 20 + Name: + description: The name of the patch baseline. + type: string + pattern: ^[a-zA-Z0-9_\-.]{3,128}$ + minLength: 3 + maxLength: 128 + RejectedPatches: + description: A list of explicitly rejected patches for the baseline. + type: array + uniqueItems: false + items: + type: string + minLength: 1 + maxLength: 100 + minItems: 0 + maxItems: 50 + x-insertionOrder: false + ApprovedPatches: + description: A list of explicitly approved patches for the baseline. + type: array + uniqueItems: false + items: + type: string + minLength: 1 + maxLength: 100 + minItems: 0 + maxItems: 50 + x-insertionOrder: false + RejectedPatchesAction: + description: The action for Patch Manager to take on patches included in the RejectedPackages list. + type: string + default: ALLOW_AS_DEPENDENCY + enum: + - ALLOW_AS_DEPENDENCY + - BLOCK + PatchGroups: + description: PatchGroups is used to associate instances with a specific patch baseline + type: array + uniqueItems: false + items: + type: string + minLength: 1 + maxLength: 256 + ApprovedPatchesComplianceLevel: + description: Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED. + type: string + default: UNSPECIFIED + enum: + - CRITICAL + - HIGH + - MEDIUM + - LOW + - INFORMATIONAL + - UNSPECIFIED + ApprovedPatchesEnableNonSecurity: + description: Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only. + type: boolean + default: false + GlobalFilters: + description: A set of global filters used to include patches in the baseline. + $ref: '#/components/schemas/PatchFilterGroup' + Tags: + description: Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways. + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 1000 + required: + - Name + x-stackql-resource-name: patch_baseline + description: Resource Type definition for AWS::SSM::PatchBaseline + x-type-name: AWS::SSM::PatchBaseline + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - OperatingSystem + x-read-only-properties: + - Id + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ssm:CreatePatchBaseline + - ssm:RegisterPatchBaselineForPatchGroup + - ssm:AddTagsToResource + - ssm:RemoveTagsFromResource + - ssm:ListTagsForResource + - ssm:GetDefaultPatchBaseline + - ssm:RegisterDefaultPatchBaseline + delete: + - ssm:DeletePatchBaseline + - ssm:GetPatchBaseline + - ssm:DeregisterPatchBaselineForPatchGroup + list: + - ssm:DescribePatchBaselines + - ssm:GetDefaultPatchBaseline + - ssm:GetPatchBaseline + - ssm:ListTagsForResource + read: + - ssm:GetDefaultPatchBaseline + - ssm:GetPatchBaseline + - ssm:ListTagsForResource + update: + - ssm:UpdatePatchBaseline + - ssm:DeregisterPatchBaselineForPatchGroup + - ssm:AddTagsToResource + - ssm:RemoveTagsFromResource + - ssm:ListTagsForResource + - ssm:GetDefaultPatchBaseline + - ssm:RegisterDefaultPatchBaseline + S3Destination: + type: object + additionalProperties: false + properties: + KMSKeyArn: + type: string + minLength: 1 + maxLength: 512 + BucketPrefix: + type: string + minLength: 1 + maxLength: 256 + BucketName: + type: string + minLength: 1 + maxLength: 2048 + BucketRegion: + type: string + minLength: 1 + maxLength: 64 + SyncFormat: + type: string + minLength: 1 + maxLength: 1024 + required: + - BucketName + - BucketRegion + - SyncFormat + SyncSource: + type: object + additionalProperties: false + properties: + IncludeFutureRegions: + type: boolean + SourceRegions: + type: array + uniqueItems: false + items: + type: string + SourceType: + type: string + minLength: 1 + maxLength: 64 + AwsOrganizationsSource: + $ref: '#/components/schemas/AwsOrganizationsSource' + required: + - SourceType + - SourceRegions + AwsOrganizationsSource: + type: object + additionalProperties: false + properties: + OrganizationalUnits: + type: array + uniqueItems: false + items: + type: string + OrganizationSourceType: + type: string + minLength: 1 + maxLength: 64 + required: + - OrganizationSourceType + ResourceDataSync: + type: object + properties: + S3Destination: + $ref: '#/components/schemas/S3Destination' + KMSKeyArn: + type: string + minLength: 0 + maxLength: 512 + SyncSource: + $ref: '#/components/schemas/SyncSource' + BucketName: + type: string + minLength: 1 + maxLength: 2048 + BucketRegion: + type: string + minLength: 1 + maxLength: 64 + SyncFormat: + type: string + minLength: 0 + maxLength: 1024 + SyncName: + type: string + minLength: 1 + maxLength: 64 + SyncType: + type: string + minLength: 1 + maxLength: 64 + BucketPrefix: + type: string + minLength: 0 + maxLength: 64 + required: + - SyncName + x-stackql-resource-name: resource_data_sync + description: Resource Type definition for AWS::SSM::ResourceDataSync + x-type-name: AWS::SSM::ResourceDataSync + x-stackql-primary-identifier: + - SyncName + x-create-only-properties: + - KMSKeyArn + - SyncFormat + - BucketPrefix + - SyncName + - BucketRegion + - BucketName + - S3Destination + - SyncType + x-read-only-properties: + - SyncName + x-required-properties: + - SyncName + x-required-permissions: + create: + - ssm:CreateResourceDataSync + - ssm:ListResourceDataSync + delete: + - ssm:ListResourceDataSync + - ssm:DeleteResourceDataSync + update: + - ssm:ListResourceDataSync + - ssm:UpdateResourceDataSync + list: + - ssm:ListResourceDataSync + read: + - ssm:ListResourceDataSync + ResourcePolicy: + type: object + properties: + ResourceArn: + type: string + description: Arn of OpsItemGroup etc. + Policy: + type: object + description: Actual policy statement. + PolicyId: + type: string + description: 'An unique identifier within the policies of a resource. ' + PolicyHash: + type: string + description: A snapshot identifier for the policy over time. + required: + - ResourceArn + - Policy + x-stackql-resource-name: resource_policy + description: Resource Type definition for AWS::SSM::ResourcePolicy + x-type-name: AWS::SSM::ResourcePolicy + x-stackql-primary-identifier: + - PolicyId + - ResourceArn + x-create-only-properties: + - ResourceArn + x-read-only-properties: + - PolicyId + - PolicyHash + x-required-properties: + - ResourceArn + - Policy + x-tagging: + taggable: false + x-required-permissions: + create: + - ssm:PutResourcePolicy + read: + - ssm:GetResourcePolicies + update: + - ssm:PutResourcePolicy + delete: + - ssm:DeleteResourcePolicy + list: + - ssm:GetResourcePolicies + x-stackQL-resources: + associations: + name: associations + id: aws.ssm.associations + x-cfn-schema-name: Association + x-type: list + x-identifiers: + - AssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssociationId') as association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSM::Association' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssociationId') as association_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSM::Association' + AND region = 'us-east-1' + association: + name: association + id: aws.ssm.association + x-cfn-schema-name: Association + x-type: get + x-identifiers: + - AssociationId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AssociationName') as association_name, + JSON_EXTRACT(Properties, '$.CalendarNames') as calendar_names, + JSON_EXTRACT(Properties, '$.ScheduleExpression') as schedule_expression, + JSON_EXTRACT(Properties, '$.MaxErrors') as max_errors, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(Properties, '$.WaitForSuccessTimeoutSeconds') as wait_for_success_timeout_seconds, + JSON_EXTRACT(Properties, '$.MaxConcurrency') as max_concurrency, + JSON_EXTRACT(Properties, '$.ComplianceSeverity') as compliance_severity, + JSON_EXTRACT(Properties, '$.Targets') as targets, + JSON_EXTRACT(Properties, '$.SyncCompliance') as sync_compliance, + JSON_EXTRACT(Properties, '$.OutputLocation') as output_location, + JSON_EXTRACT(Properties, '$.ScheduleOffset') as schedule_offset, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ApplyOnlyAtCronInterval') as apply_only_at_cron_interval, + JSON_EXTRACT(Properties, '$.DocumentVersion') as document_version, + JSON_EXTRACT(Properties, '$.AssociationId') as association_id, + JSON_EXTRACT(Properties, '$.AutomationTargetParameterName') as automation_target_parameter_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSM::Association' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AssociationName') as association_name, + json_extract_path_text(Properties, 'CalendarNames') as calendar_names, + json_extract_path_text(Properties, 'ScheduleExpression') as schedule_expression, + json_extract_path_text(Properties, 'MaxErrors') as max_errors, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'InstanceId') as instance_id, + json_extract_path_text(Properties, 'WaitForSuccessTimeoutSeconds') as wait_for_success_timeout_seconds, + json_extract_path_text(Properties, 'MaxConcurrency') as max_concurrency, + json_extract_path_text(Properties, 'ComplianceSeverity') as compliance_severity, + json_extract_path_text(Properties, 'Targets') as targets, + json_extract_path_text(Properties, 'SyncCompliance') as sync_compliance, + json_extract_path_text(Properties, 'OutputLocation') as output_location, + json_extract_path_text(Properties, 'ScheduleOffset') as schedule_offset, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ApplyOnlyAtCronInterval') as apply_only_at_cron_interval, + json_extract_path_text(Properties, 'DocumentVersion') as document_version, + json_extract_path_text(Properties, 'AssociationId') as association_id, + json_extract_path_text(Properties, 'AutomationTargetParameterName') as automation_target_parameter_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSM::Association' + AND data__Identifier = '' + AND region = 'us-east-1' + documents: + name: documents + id: aws.ssm.documents + x-cfn-schema-name: Document + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSM::Document' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSM::Document' + AND region = 'us-east-1' + document: + name: document + id: aws.ssm.document + x-cfn-schema-name: Document + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Content') as content, + JSON_EXTRACT(Properties, '$.Attachments') as attachments, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.VersionName') as version_name, + JSON_EXTRACT(Properties, '$.DocumentType') as document_type, + JSON_EXTRACT(Properties, '$.DocumentFormat') as document_format, + JSON_EXTRACT(Properties, '$.TargetType') as target_type, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Requires') as requires, + JSON_EXTRACT(Properties, '$.UpdateMethod') as update_method + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSM::Document' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Content') as content, + json_extract_path_text(Properties, 'Attachments') as attachments, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'VersionName') as version_name, + json_extract_path_text(Properties, 'DocumentType') as document_type, + json_extract_path_text(Properties, 'DocumentFormat') as document_format, + json_extract_path_text(Properties, 'TargetType') as target_type, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Requires') as requires, + json_extract_path_text(Properties, 'UpdateMethod') as update_method + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSM::Document' + AND data__Identifier = '' + AND region = 'us-east-1' + parameters: + name: parameters + id: aws.ssm.parameters + x-cfn-schema-name: Parameter + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSM::Parameter' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSM::Parameter' + AND region = 'us-east-1' + parameter: + name: parameter + id: aws.ssm.parameter + x-cfn-schema-name: Parameter + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Value') as value, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Policies') as policies, + JSON_EXTRACT(Properties, '$.AllowedPattern') as allowed_pattern, + JSON_EXTRACT(Properties, '$.Tier') as tier, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.DataType') as data_type, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSM::Parameter' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Value') as value, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Policies') as policies, + json_extract_path_text(Properties, 'AllowedPattern') as allowed_pattern, + json_extract_path_text(Properties, 'Tier') as tier, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'DataType') as data_type, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSM::Parameter' + AND data__Identifier = '' + AND region = 'us-east-1' + patch_baselines: + name: patch_baselines + id: aws.ssm.patch_baselines + x-cfn-schema-name: PatchBaseline + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSM::PatchBaseline' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSM::PatchBaseline' + AND region = 'us-east-1' + patch_baseline: + name: patch_baseline + id: aws.ssm.patch_baseline + x-cfn-schema-name: PatchBaseline + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.DefaultBaseline') as default_baseline, + JSON_EXTRACT(Properties, '$.OperatingSystem') as operating_system, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ApprovalRules') as approval_rules, + JSON_EXTRACT(Properties, '$.Sources') as sources, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RejectedPatches') as rejected_patches, + JSON_EXTRACT(Properties, '$.ApprovedPatches') as approved_patches, + JSON_EXTRACT(Properties, '$.RejectedPatchesAction') as rejected_patches_action, + JSON_EXTRACT(Properties, '$.PatchGroups') as patch_groups, + JSON_EXTRACT(Properties, '$.ApprovedPatchesComplianceLevel') as approved_patches_compliance_level, + JSON_EXTRACT(Properties, '$.ApprovedPatchesEnableNonSecurity') as approved_patches_enable_non_security, + JSON_EXTRACT(Properties, '$.GlobalFilters') as global_filters, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSM::PatchBaseline' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'DefaultBaseline') as default_baseline, + json_extract_path_text(Properties, 'OperatingSystem') as operating_system, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ApprovalRules') as approval_rules, + json_extract_path_text(Properties, 'Sources') as sources, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RejectedPatches') as rejected_patches, + json_extract_path_text(Properties, 'ApprovedPatches') as approved_patches, + json_extract_path_text(Properties, 'RejectedPatchesAction') as rejected_patches_action, + json_extract_path_text(Properties, 'PatchGroups') as patch_groups, + json_extract_path_text(Properties, 'ApprovedPatchesComplianceLevel') as approved_patches_compliance_level, + json_extract_path_text(Properties, 'ApprovedPatchesEnableNonSecurity') as approved_patches_enable_non_security, + json_extract_path_text(Properties, 'GlobalFilters') as global_filters, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSM::PatchBaseline' + AND data__Identifier = '' + AND region = 'us-east-1' + resource_data_syncs: + name: resource_data_syncs + id: aws.ssm.resource_data_syncs + x-cfn-schema-name: ResourceDataSync + x-type: list + x-identifiers: + - SyncName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SyncName') as sync_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSM::ResourceDataSync' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SyncName') as sync_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSM::ResourceDataSync' + AND region = 'us-east-1' + resource_data_sync: + name: resource_data_sync + id: aws.ssm.resource_data_sync + x-cfn-schema-name: ResourceDataSync + x-type: get + x-identifiers: + - SyncName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.S3Destination') as s3_destination, + JSON_EXTRACT(Properties, '$.KMSKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.SyncSource') as sync_source, + JSON_EXTRACT(Properties, '$.BucketName') as bucket_name, + JSON_EXTRACT(Properties, '$.BucketRegion') as bucket_region, + JSON_EXTRACT(Properties, '$.SyncFormat') as sync_format, + JSON_EXTRACT(Properties, '$.SyncName') as sync_name, + JSON_EXTRACT(Properties, '$.SyncType') as sync_type, + JSON_EXTRACT(Properties, '$.BucketPrefix') as bucket_prefix + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSM::ResourceDataSync' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'S3Destination') as s3_destination, + json_extract_path_text(Properties, 'KMSKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'SyncSource') as sync_source, + json_extract_path_text(Properties, 'BucketName') as bucket_name, + json_extract_path_text(Properties, 'BucketRegion') as bucket_region, + json_extract_path_text(Properties, 'SyncFormat') as sync_format, + json_extract_path_text(Properties, 'SyncName') as sync_name, + json_extract_path_text(Properties, 'SyncType') as sync_type, + json_extract_path_text(Properties, 'BucketPrefix') as bucket_prefix + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSM::ResourceDataSync' + AND data__Identifier = '' + AND region = 'us-east-1' + resource_policies: + name: resource_policies + id: aws.ssm.resource_policies + x-cfn-schema-name: ResourcePolicy + x-type: list + x-identifiers: + - PolicyId + - ResourceArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PolicyId') as policy_id, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSM::ResourcePolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PolicyId') as policy_id, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSM::ResourcePolicy' + AND region = 'us-east-1' + resource_policy: + name: resource_policy + id: aws.ssm.resource_policy + x-cfn-schema-name: ResourcePolicy + x-type: get + x-identifiers: + - PolicyId + - ResourceArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.Policy') as policy, + JSON_EXTRACT(Properties, '$.PolicyId') as policy_id, + JSON_EXTRACT(Properties, '$.PolicyHash') as policy_hash + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSM::ResourcePolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'Policy') as policy, + json_extract_path_text(Properties, 'PolicyId') as policy_id, + json_extract_path_text(Properties, 'PolicyHash') as policy_hash + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSM::ResourcePolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/ssmcontacts.yaml b/providers/src/aws/v00.00.00000/services/ssmcontacts.yaml new file mode 100644 index 00000000..e21db11f --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/ssmcontacts.yaml @@ -0,0 +1,700 @@ +openapi: 3.0.0 +info: + title: SSMContacts + version: 1.0.0 +paths: {} +components: + schemas: + ContactTargetInfo: + type: object + description: The contact that SSM Incident Manager is engaging during an incident. + properties: + ContactId: + description: The Amazon Resource Name (ARN) of the contact. + type: string + IsEssential: + type: boolean + description: A Boolean value determining if the contact's acknowledgement stops the progress of stages in the plan. + required: + - ContactId + - IsEssential + additionalProperties: false + ChannelTargetInfo: + type: object + description: Information about the contact channel that SSM Incident Manager uses to engage the contact. + properties: + ChannelId: + description: The Amazon Resource Name (ARN) of the contact channel. + type: string + RetryIntervalInMinutes: + type: integer + description: The number of minutes to wait to retry sending engagement in the case the engagement initially fails. + required: + - ChannelId + - RetryIntervalInMinutes + additionalProperties: false + Stage: + description: A set amount of time that an escalation plan or engagement plan engages the specified contacts or contact methods. + type: object + properties: + DurationInMinutes: + description: The time to wait until beginning the next stage. + type: integer + Targets: + type: array + x-insertionOrder: false + description: The contacts or contact methods that the escalation plan or engagement plan is engaging. + items: + $ref: '#/components/schemas/Targets' + required: + - DurationInMinutes + additionalProperties: false + Targets: + description: The contacts or contact methods that the escalation plan or engagement plan is engaging. + type: object + properties: + ContactTargetInfo: + $ref: '#/components/schemas/ContactTargetInfo' + ChannelTargetInfo: + $ref: '#/components/schemas/ChannelTargetInfo' + additionalProperties: false + oneOf: + - required: + - ChannelTargetInfo + - required: + - ContactTargetInfo + Contact: + type: object + properties: + Alias: + description: Alias of the contact. String value with 20 to 256 characters. Only alphabetical, numeric characters, dash, or underscore allowed. + type: string + minLength: 1 + maxLength: 255 + pattern: ^[a-z0-9_\-\.]*$ + DisplayName: + description: Name of the contact. String value with 3 to 256 characters. Only alphabetical, space, numeric characters, dash, or underscore allowed. + type: string + minLength: 1 + maxLength: 255 + pattern: ^[a-zA-Z0-9_\-\s]*$ + Type: + description: 'Contact type, which specify type of contact. Currently supported values: “PERSONAL”, “SHARED”, “OTHER“.' + type: string + enum: + - PERSONAL + - ESCALATION + - ONCALL_SCHEDULE + Plan: + description: The stages that an escalation plan or engagement plan engages contacts and contact methods in. + type: array + items: + $ref: '#/components/schemas/Stage' + Arn: + type: string + description: The Amazon Resource Name (ARN) of the contact. + required: + - Alias + - DisplayName + - Type + x-stackql-resource-name: contact + description: Resource Type definition for AWS::SSMContacts::Contact + x-type-name: AWS::SSMContacts::Contact + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Alias + - Type + x-write-only-properties: + - Plan + x-read-only-properties: + - Arn + x-required-properties: + - Alias + - DisplayName + - Type + x-required-permissions: + create: + - ssm-contacts:CreateContact + - ssm-contacts:GetContact + - ssm-contacts:AssociateContact + read: + - ssm-contacts:GetContact + update: + - ssm-contacts:UpdateContact + - ssm-contacts:GetContact + - ssm-contacts:AssociateContact + delete: + - ssm-contacts:DeleteContact + - ssm-contacts:GetContact + - ssm-contacts:AssociateContact + list: + - ssm-contacts:ListContacts + ContactChannel: + type: object + properties: + ContactId: + description: ARN of the contact resource + type: string + minLength: 1 + maxLength: 2048 + pattern: arn:[-\w+=\/,.@]+:[-\w+=\/,.@]+:[-\w+=\/,.@]*:[0-9]+:([\w+=\/,.@:-]+)* + ChannelName: + description: The device name. String of 6 to 50 alphabetical, numeric, dash, and underscore characters. + type: string + minLength: 1 + maxLength: 255 + pattern: '[a-zA-Z 0-9_\-+''&\uD83C-\uDBFF\uDC00-\uDFFF\u2000-\u3300]+' + ChannelType: + description: 'Device type, which specify notification channel. Currently supported values: “SMS”, “VOICE”, “EMAIL”, “CHATBOT.' + type: string + enum: + - SMS + - VOICE + - EMAIL + DeferActivation: + type: boolean + description: If you want to activate the channel at a later time, you can choose to defer activation. SSM Incident Manager can't engage your contact channel until it has been activated. + ChannelAddress: + description: The details that SSM Incident Manager uses when trying to engage the contact channel. + type: string + Arn: + type: string + description: The Amazon Resource Name (ARN) of the engagement to a contact channel. + x-stackql-resource-name: contact_channel + description: Resource Type definition for AWS::SSMContacts::ContactChannel + x-type-name: AWS::SSMContacts::ContactChannel + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - ContactId + - ChannelType + x-write-only-properties: + - DeferActivation + x-read-only-properties: + - Arn + x-required-permissions: + create: + - ssm-contacts:CreateContactChannel + - ssm-contacts:GetContactChannel + read: + - ssm-contacts:GetContactChannel + update: + - ssm-contacts:UpdateContactChannel + - ssm-contacts:GetContactChannel + delete: + - ssm-contacts:DeleteContactChannel + - ssm-contacts:GetContactChannel + list: + - ssm-contacts:ListContactChannels + Plan: + type: object + properties: + ContactId: + description: Contact ID for the AWS SSM Incident Manager Contact to associate the plan. + type: string + pattern: arn:[-\w+=\/,.@]+:[-\w+=\/,.@]+:[-\w+=\/,.@]*:[0-9]+:([\w+=\/,.@:-]+)* + Stages: + description: The stages that an escalation plan or engagement plan engages contacts and contact methods in. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Stage' + RotationIds: + description: Rotation Ids to associate with Oncall Contact for engagement. + type: array + x-insertionOrder: false + items: + type: string + Arn: + type: string + description: The Amazon Resource Name (ARN) of the contact. + x-stackql-resource-name: plan + description: Engagement Plan for a SSM Incident Manager Contact. + x-type-name: AWS::SSMContacts::Plan + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - ContactId + x-write-only-properties: + - RotationIds + x-read-only-properties: + - Arn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ssm-contacts:UpdateContact + - ssm-contacts:GetContact + - ssm-contacts:AssociateContact + read: + - ssm-contacts:GetContact + update: + - ssm-contacts:UpdateContact + - ssm-contacts:GetContact + - ssm-contacts:AssociateContact + delete: + - ssm-contacts:UpdateContact + - ssm-contacts:GetContact + - ssm-contacts:AssociateContact + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + description: The key name of the tag + type: string + minLength: 1 + maxLength: 128 + Value: + description: The value for the tag. + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + HandOffTime: + type: string + pattern: ^([0-9]|0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$ + description: Details about when an on-call rotation shift begins or ends. Time of the day in format HH:MM + CoverageTime: + type: object + description: StartTime and EndTime for the Shift + properties: + StartTime: + $ref: '#/components/schemas/HandOffTime' + EndTime: + $ref: '#/components/schemas/HandOffTime' + required: + - StartTime + - EndTime + additionalProperties: false + ShiftCoverage: + type: object + description: Information about the days of the week included in on-call rotation coverage. + properties: + DayOfWeek: + $ref: '#/components/schemas/DayOfWeek' + CoverageTimes: + description: Information about when an on-call shift begins and ends. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/CoverageTime' + required: + - DayOfWeek + - CoverageTimes + additionalProperties: false + DayOfWeek: + description: 'The day of the week when weekly recurring on-call shift rotations begin. ' + type: string + enum: + - MON + - TUE + - WED + - THU + - FRI + - SAT + - SUN + MonthlySetting: + type: object + description: DayOfWeek for Month and HandOff Time for Monthly Recurring Rotation. + properties: + DayOfMonth: + description: The day of the month when monthly recurring on-call rotations begin. + type: integer + minimum: 1 + maximum: 31 + HandOffTime: + $ref: '#/components/schemas/HandOffTime' + required: + - DayOfMonth + - HandOffTime + additionalProperties: false + WeeklySetting: + type: object + description: DayOfWeek for Rotation and HandOff Time for Weekly Recurring Rotation. + properties: + DayOfWeek: + $ref: '#/components/schemas/DayOfWeek' + HandOffTime: + $ref: '#/components/schemas/HandOffTime' + required: + - DayOfWeek + - HandOffTime + additionalProperties: false + DailySetting: + type: object + description: Handoff time for Daily Recurring Rotation. + properties: + HandOffTime: + $ref: '#/components/schemas/HandOffTime' + required: + - HandOffTime + additionalProperties: false + RecurrenceSettings: + description: Information about when an on-call rotation is in effect and how long the rotation period lasts. + type: object + properties: + MonthlySettings: + description: Information about on-call rotations that recur monthly. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/MonthlySetting' + WeeklySettings: + description: Information about on-call rotations that recur weekly. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/WeeklySetting' + DailySettings: + description: Information about on-call rotations that recur daily. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/HandOffTime' + NumberOfOnCalls: + type: integer + description: Number of Oncalls per shift. + minimum: 1 + RecurrenceMultiplier: + type: integer + description: The number of days, weeks, or months a single rotation lasts. + minimum: 1 + maximum: 100 + ShiftCoverages: + type: array + x-insertionOrder: false + description: Information about the days of the week included in on-call rotation coverage. + items: + $ref: '#/components/schemas/ShiftCoverage' + additionalProperties: false + oneOf: + - required: + - NumberOfOnCalls + - RecurrenceMultiplier + - WeeklySettings + - required: + - NumberOfOnCalls + - RecurrenceMultiplier + - MonthlySettings + - required: + - NumberOfOnCalls + - RecurrenceMultiplier + - DailySettings + Rotation: + type: object + properties: + Name: + description: Name of the Rotation + type: string + pattern: ^[a-zA-Z0-9_]*$ + ContactIds: + description: Members of the rotation + type: array + x-insertionOrder: false + items: + type: string + StartTime: + description: Start time of the first shift of Oncall Schedule + type: string + pattern: ^(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2})$ + TimeZoneId: + description: TimeZone Identifier for the Oncall Schedule + type: string + Recurrence: + $ref: '#/components/schemas/RecurrenceSettings' + Tags: + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + Arn: + type: string + description: The Amazon Resource Name (ARN) of the rotation. + required: + - Name + - ContactIds + - StartTime + - TimeZoneId + - Recurrence + x-stackql-resource-name: rotation + description: Resource Type definition for AWS::SSMContacts::Rotation. + x-type-name: AWS::SSMContacts::Rotation + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + x-required-properties: + - Name + - ContactIds + - StartTime + - TimeZoneId + - Recurrence + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ssm-contacts:CreateRotation + - ssm-contacts:GetRotation + - ssm-contacts:TagResource + - ssm-contacts:ListTagsForResource + - ssm-contacts:UntagResource + read: + - ssm-contacts:GetRotation + - ssm-contacts:TagResource + - ssm-contacts:ListTagsForResource + - ssm-contacts:UntagResource + update: + - ssm-contacts:UpdateRotation + - ssm-contacts:GetRotation + - ssm-contacts:TagResource + - ssm-contacts:ListTagsForResource + - ssm-contacts:UntagResource + delete: + - ssm-contacts:DeleteRotation + - ssm-contacts:GetRotation + - ssm-contacts:ListTagsForResource + - ssm-contacts:UntagResource + list: + - ssm-contacts:ListRotations + - ssm-contacts:GetRotation + - ssm-contacts:ListTagsForResource + x-stackQL-resources: + contacts: + name: contacts + id: aws.ssmcontacts.contacts + x-cfn-schema-name: Contact + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSMContacts::Contact' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSMContacts::Contact' + AND region = 'us-east-1' + contact: + name: contact + id: aws.ssmcontacts.contact + x-cfn-schema-name: Contact + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Alias') as alias, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Plan') as plan, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSMContacts::Contact' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Alias') as alias, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Plan') as plan, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSMContacts::Contact' + AND data__Identifier = '' + AND region = 'us-east-1' + contact_channels: + name: contact_channels + id: aws.ssmcontacts.contact_channels + x-cfn-schema-name: ContactChannel + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSMContacts::ContactChannel' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSMContacts::ContactChannel' + AND region = 'us-east-1' + contact_channel: + name: contact_channel + id: aws.ssmcontacts.contact_channel + x-cfn-schema-name: ContactChannel + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ContactId') as contact_id, + JSON_EXTRACT(Properties, '$.ChannelName') as channel_name, + JSON_EXTRACT(Properties, '$.ChannelType') as channel_type, + JSON_EXTRACT(Properties, '$.DeferActivation') as defer_activation, + JSON_EXTRACT(Properties, '$.ChannelAddress') as channel_address, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSMContacts::ContactChannel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ContactId') as contact_id, + json_extract_path_text(Properties, 'ChannelName') as channel_name, + json_extract_path_text(Properties, 'ChannelType') as channel_type, + json_extract_path_text(Properties, 'DeferActivation') as defer_activation, + json_extract_path_text(Properties, 'ChannelAddress') as channel_address, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSMContacts::ContactChannel' + AND data__Identifier = '' + AND region = 'us-east-1' + plan: + name: plan + id: aws.ssmcontacts.plan + x-cfn-schema-name: Plan + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ContactId') as contact_id, + JSON_EXTRACT(Properties, '$.Stages') as stages, + JSON_EXTRACT(Properties, '$.RotationIds') as rotation_ids, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSMContacts::Plan' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ContactId') as contact_id, + json_extract_path_text(Properties, 'Stages') as stages, + json_extract_path_text(Properties, 'RotationIds') as rotation_ids, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSMContacts::Plan' + AND data__Identifier = '' + AND region = 'us-east-1' + rotations: + name: rotations + id: aws.ssmcontacts.rotations + x-cfn-schema-name: Rotation + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSMContacts::Rotation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSMContacts::Rotation' + AND region = 'us-east-1' + rotation: + name: rotation + id: aws.ssmcontacts.rotation + x-cfn-schema-name: Rotation + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ContactIds') as contact_ids, + JSON_EXTRACT(Properties, '$.StartTime') as start_time, + JSON_EXTRACT(Properties, '$.TimeZoneId') as time_zone_id, + JSON_EXTRACT(Properties, '$.Recurrence') as recurrence, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSMContacts::Rotation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ContactIds') as contact_ids, + json_extract_path_text(Properties, 'StartTime') as start_time, + json_extract_path_text(Properties, 'TimeZoneId') as time_zone_id, + json_extract_path_text(Properties, 'Recurrence') as recurrence, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSMContacts::Rotation' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/ssmincidents.yaml b/providers/src/aws/v00.00.00000/services/ssmincidents.yaml new file mode 100644 index 00000000..e7a4fbef --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/ssmincidents.yaml @@ -0,0 +1,575 @@ +openapi: 3.0.0 +info: + title: SSMIncidents + version: 1.0.0 +paths: {} +components: + schemas: + Arn: + description: The ARN of the ReplicationSet. + type: string + pattern: ^arn:aws(-(cn|us-gov|iso(-b)?))?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ + maxLength: 1000 + RegionName: + description: The AWS region name. + type: string + maxLength: 20 + ReplicationRegion: + description: The ReplicationSet regional configuration. + type: object + additionalProperties: false + properties: + RegionName: + $ref: '#/components/schemas/RegionName' + RegionConfiguration: + $ref: '#/components/schemas/RegionConfiguration' + RegionConfiguration: + description: The ReplicationSet regional configuration. + type: object + additionalProperties: false + properties: + SseKmsKeyId: + $ref: '#/components/schemas/Arn' + required: + - SseKmsKeyId + DeletionProtected: + description: Configures the ReplicationSet deletion protection. + type: boolean + RegionList: + type: array + minItems: 1 + maxItems: 3 + items: + $ref: '#/components/schemas/ReplicationRegion' + x-insertionOrder: false + uniqueItems: true + Tag: + description: A key-value pair to tag a resource. + additionalProperties: false + type: object + properties: + Key: + type: string + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 1 + maxLength: 256 + required: + - Value + - Key + ReplicationSet: + type: object + properties: + Arn: + description: The ARN of the ReplicationSet. + $ref: '#/components/schemas/Arn' + additionalProperties: false + Regions: + description: The ReplicationSet configuration. + $ref: '#/components/schemas/RegionList' + DeletionProtected: + $ref: '#/components/schemas/DeletionProtected' + default: false + Tags: + description: The tags to apply to the replication set. + type: array + default: [] + uniqueItems: true + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + required: + - Regions + x-stackql-resource-name: replication_set + description: Resource type definition for AWS::SSMIncidents::ReplicationSet + x-type-name: AWS::SSMIncidents::ReplicationSet + x-stackql-primary-identifier: + - Arn + x-read-only-properties: + - Arn + x-required-properties: + - Regions + x-taggable: true + x-required-permissions: + create: + - ssm-incidents:CreateReplicationSet + - ssm-incidents:ListReplicationSets + - ssm-incidents:UpdateDeletionProtection + - ssm-incidents:GetReplicationSet + - ssm-incidents:TagResource + - ssm-incidents:ListTagsForResource + - iam:CreateServiceLinkedRole + read: + - ssm-incidents:ListReplicationSets + - ssm-incidents:GetReplicationSet + - ssm-incidents:ListTagsForResource + update: + - ssm-incidents:UpdateReplicationSet + - ssm-incidents:UpdateDeletionProtection + - ssm-incidents:GetReplicationSet + - ssm-incidents:TagResource + - ssm-incidents:UntagResource + - ssm-incidents:ListTagsForResource + delete: + - ssm-incidents:DeleteReplicationSet + - ssm-incidents:GetReplicationSet + list: + - ssm-incidents:ListReplicationSets + SSMContact: + description: The ARN of the contact. + type: string + pattern: ^arn:aws(-(cn|us-gov))?:ssm-contacts:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ + maxLength: 1000 + SnsArn: + description: The ARN of the Chatbot SNS topic. + type: string + pattern: ^arn:aws(-(cn|us-gov))?:sns:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ + maxLength: 1000 + NotificationTargetItem: + description: A notification target. + type: object + additionalProperties: false + properties: + SnsTopicArn: + $ref: '#/components/schemas/SnsArn' + Action: + description: The automation configuration to launch. + additionalProperties: false + type: object + properties: + SsmAutomation: + $ref: '#/components/schemas/SsmAutomation' + SsmAutomation: + description: The configuration to use when starting the SSM automation document. + type: object + additionalProperties: false + required: + - RoleArn + - DocumentName + properties: + RoleArn: + description: The role ARN to use when starting the SSM automation document. + type: string + pattern: ^arn:aws(-(cn|us-gov))?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ + maxLength: 1000 + DocumentName: + description: The document name to use when starting the SSM automation document. + type: string + maxLength: 128 + DocumentVersion: + description: The version of the document to use when starting the SSM automation document. + type: string + maxLength: 128 + TargetAccount: + description: The account type to use when starting the SSM automation document. + type: string + enum: + - IMPACTED_ACCOUNT + - RESPONSE_PLAN_OWNER_ACCOUNT + Parameters: + description: The parameters to set when starting the SSM automation document. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/SsmParameter' + minItems: 1 + maxItems: 200 + default: [] + DynamicParameters: + description: The parameters with dynamic values to set when starting the SSM automation document. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/DynamicSsmParameter' + maxItems: 200 + default: [] + SsmParameter: + description: A parameter to set when starting the SSM automation document. + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 50 + Values: + type: array + uniqueItems: true + x-insertionOrder: true + maxItems: 10 + items: + $ref: '#/components/schemas/SsmParameterValue' + required: + - Values + - Key + additionalProperties: false + SsmParameterValue: + description: A value of the parameter to set when starting the SSM automation document. + type: string + maxLength: 10000 + DynamicSsmParameter: + description: A parameter with a dynamic value to set when starting the SSM automation document. + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 50 + Value: + $ref: '#/components/schemas/DynamicSsmParameterValue' + required: + - Value + - Key + additionalProperties: false + DynamicSsmParameterValue: + description: Value of the dynamic parameter to set when starting the SSM automation document. + additionalProperties: false + type: object + properties: + Variable: + $ref: '#/components/schemas/VariableType' + VariableType: + description: The variable types used as dynamic parameter value when starting the SSM automation document. + type: string + enum: + - INCIDENT_RECORD_ARN + - INVOLVED_RESOURCES + Integration: + type: object + additionalProperties: false + properties: + PagerDutyConfiguration: + $ref: '#/components/schemas/PagerDutyConfiguration' + oneOf: + - required: + - PagerDutyConfiguration + PagerDutyConfiguration: + description: The pagerDuty configuration to use when starting the incident. + type: object + additionalProperties: false + required: + - Name + - SecretId + - PagerDutyIncidentConfiguration + properties: + Name: + description: The name of the pagerDuty configuration. + type: string + minLength: 1 + maxLength: 200 + SecretId: + description: The AWS secrets manager secretId storing the pagerDuty token. + type: string + minLength: 1 + maxLength: 512 + PagerDutyIncidentConfiguration: + $ref: '#/components/schemas/PagerDutyIncidentConfiguration' + PagerDutyIncidentConfiguration: + description: The pagerDuty incident configuration. + additionalProperties: false + type: object + properties: + ServiceId: + description: The pagerDuty serviceId. + type: string + minLength: 1 + maxLength: 200 + required: + - ServiceId + IncidentTemplate: + description: The incident template configuration. + additionalProperties: false + type: object + required: + - Title + - Impact + properties: + DedupeString: + description: The deduplication string. + type: string + maxLength: 1000 + minLength: 1 + Impact: + description: The impact value. + type: integer + minimum: 1 + maximum: 5 + NotificationTargets: + description: The list of notification targets. + type: array + default: [] + maxItems: 10 + items: + $ref: '#/components/schemas/NotificationTargetItem' + x-insertionOrder: false + Summary: + description: The summary string. + type: string + maxLength: 4000 + minLength: 1 + Title: + description: The title string. + type: string + maxLength: 200 + IncidentTags: + description: Tags that get applied to incidents created by the StartIncident API action. + type: array + uniqueItems: true + x-insertionOrder: false + default: [] + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + ChatbotSns: + type: array + uniqueItems: true + x-insertionOrder: true + default: [] + items: + $ref: '#/components/schemas/SnsArn' + ChatChannel: + description: The chat channel configuration. + additionalProperties: false + type: object + properties: + ChatbotSns: + $ref: '#/components/schemas/ChatbotSns' + ResponsePlan: + type: object + properties: + Arn: + description: The ARN of the response plan. + type: string + pattern: ^arn:aws(-(cn|us-gov))?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ + maxLength: 1000 + Name: + description: The name of the response plan. + type: string + pattern: ^[a-zA-Z0-9_-]*$ + maxLength: 200 + minLength: 1 + DisplayName: + description: The display name of the response plan. + type: string + maxLength: 200 + minLength: 1 + ChatChannel: + $ref: '#/components/schemas/ChatChannel' + Engagements: + description: The list of engagements to use. + type: array + default: [] + maxItems: 5 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/SSMContact' + Actions: + description: The list of actions. + type: array + default: [] + uniqueItems: true + x-insertionOrder: true + maxItems: 1 + items: + $ref: '#/components/schemas/Action' + Integrations: + description: The list of integrations. + type: array + default: [] + uniqueItems: true + x-insertionOrder: true + maxItems: 1 + items: + $ref: '#/components/schemas/Integration' + Tags: + description: The tags to apply to the response plan. + type: array + default: [] + uniqueItems: true + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + IncidentTemplate: + $ref: '#/components/schemas/IncidentTemplate' + required: + - Name + - IncidentTemplate + x-stackql-resource-name: response_plan + description: Resource type definition for AWS::SSMIncidents::ResponsePlan + x-type-name: AWS::SSMIncidents::ResponsePlan + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - Name + - IncidentTemplate + x-taggable: true + x-required-permissions: + create: + - ssm-incidents:CreateResponsePlan + - ssm-incidents:GetResponsePlan + - ssm-incidents:TagResource + - ssm-incidents:ListTagsForResource + - iam:PassRole + - secretsmanager:GetSecretValue + - kms:Decrypt + - kms:GenerateDataKey* + read: + - ssm-incidents:GetResponsePlan + - ssm-incidents:ListTagsForResource + update: + - ssm-incidents:UpdateResponsePlan + - ssm-incidents:GetResponsePlan + - ssm-incidents:TagResource + - ssm-incidents:UntagResource + - ssm-incidents:ListTagsForResource + - iam:PassRole + - secretsmanager:GetSecretValue + - kms:Decrypt + - kms:GenerateDataKey* + delete: + - ssm-incidents:DeleteResponsePlan + - ssm-incidents:GetResponsePlan + list: + - ssm-incidents:ListResponsePlans + x-stackQL-resources: + replication_sets: + name: replication_sets + id: aws.ssmincidents.replication_sets + x-cfn-schema-name: ReplicationSet + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSMIncidents::ReplicationSet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSMIncidents::ReplicationSet' + AND region = 'us-east-1' + replication_set: + name: replication_set + id: aws.ssmincidents.replication_set + x-cfn-schema-name: ReplicationSet + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Regions') as regions, + JSON_EXTRACT(Properties, '$.DeletionProtected') as deletion_protected, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSMIncidents::ReplicationSet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Regions') as regions, + json_extract_path_text(Properties, 'DeletionProtected') as deletion_protected, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSMIncidents::ReplicationSet' + AND data__Identifier = '' + AND region = 'us-east-1' + response_plans: + name: response_plans + id: aws.ssmincidents.response_plans + x-cfn-schema-name: ResponsePlan + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSMIncidents::ResponsePlan' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSMIncidents::ResponsePlan' + AND region = 'us-east-1' + response_plan: + name: response_plan + id: aws.ssmincidents.response_plan + x-cfn-schema-name: ResponsePlan + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.ChatChannel') as chat_channel, + JSON_EXTRACT(Properties, '$.Engagements') as engagements, + JSON_EXTRACT(Properties, '$.Actions') as actions, + JSON_EXTRACT(Properties, '$.Integrations') as integrations, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.IncidentTemplate') as incident_template + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSMIncidents::ResponsePlan' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'ChatChannel') as chat_channel, + json_extract_path_text(Properties, 'Engagements') as engagements, + json_extract_path_text(Properties, 'Actions') as actions, + json_extract_path_text(Properties, 'Integrations') as integrations, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'IncidentTemplate') as incident_template + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSMIncidents::ResponsePlan' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/sso.yaml b/providers/src/aws/v00.00.00000/services/sso.yaml new file mode 100644 index 00000000..b592ea37 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/sso.yaml @@ -0,0 +1,590 @@ +openapi: 3.0.0 +info: + title: SSO + version: 1.0.0 +paths: {} +components: + schemas: + Assignment: + type: object + properties: + InstanceArn: + description: The sso instance that the permission set is owned. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16} + minLength: 10 + maxLength: 1224 + TargetId: + description: The account id to be provisioned. + type: string + pattern: \d{12} + TargetType: + description: The type of resource to be provsioned to, only aws account now + type: string + enum: + - AWS_ACCOUNT + PermissionSetArn: + description: The permission set that the assignemt will be assigned + type: string + pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::permissionSet/(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16} + minLength: 10 + maxLength: 1224 + PrincipalType: + description: The assignee's type, user/group + type: string + enum: + - USER + - GROUP + PrincipalId: + description: The assignee's identifier, user id/group id + type: string + pattern: ^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$ + minLength: 1 + maxLength: 47 + required: + - InstanceArn + - TargetId + - TargetType + - PermissionSetArn + - PrincipalType + - PrincipalId + x-stackql-resource-name: assignment + description: Resource Type definition for SSO assignmet + x-type-name: AWS::SSO::Assignment + x-stackql-primary-identifier: + - InstanceArn + - TargetId + - TargetType + - PermissionSetArn + - PrincipalType + - PrincipalId + x-create-only-properties: + - InstanceArn + - TargetId + - TargetType + - PermissionSetArn + - PrincipalType + - PrincipalId + x-required-properties: + - InstanceArn + - TargetId + - TargetType + - PermissionSetArn + - PrincipalType + - PrincipalId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + x-required-permissions: + create: + - sso:CreateAccountAssignment + - sso:DescribeAccountAssignmentCreationStatus + - sso:ListAccountAssignments + - iam:GetSAMLProvider + - iam:CreateSAMLProvider + - iam:AttachRolePolicy + - iam:PutRolePolicy + - iam:CreateRole + - iam:ListRolePolicies + read: + - sso:ListAccountAssignments + - iam:GetSAMLProvider + - iam:ListRolePolicies + delete: + - sso:ListAccountAssignments + - sso:DeleteAccountAssignment + - sso:DescribeAccountAssignmentDeletionStatus + - iam:GetSAMLProvider + - iam:ListRolePolicies + list: + - sso:ListAccountAssignments + - iam:ListRolePolicies + AccessControlAttributeValueSource: + type: string + minLength: 0 + maxLength: 256 + pattern: '[\p{L}\p{Z}\p{N}_.:\/=+\-@\[\]\{\}\$\\"]*' + AccessControlAttributeValueSourceList: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/AccessControlAttributeValueSource' + maxItems: 1 + AccessControlAttributeValue: + type: object + properties: + Source: + $ref: '#/components/schemas/AccessControlAttributeValueSourceList' + required: + - Source + additionalProperties: false + AccessControlAttribute: + type: object + properties: + Key: + type: string + pattern: '[\p{L}\p{Z}\p{N}_.:\/=+\-@]+' + minLength: 1 + maxLength: 128 + Value: + $ref: '#/components/schemas/AccessControlAttributeValue' + required: + - Key + - Value + additionalProperties: false + AccessControlAttributeList: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AccessControlAttribute' + maxItems: 50 + InstanceAccessControlAttributeConfiguration: + type: object + properties: + InstanceArn: + description: The ARN of the AWS SSO instance under which the operation will be executed. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16} + minLength: 10 + maxLength: 1224 + InstanceAccessControlAttributeConfiguration: + description: The InstanceAccessControlAttributeConfiguration property has been deprecated but is still supported for backwards compatibility purposes. We recomend that you use AccessControlAttributes property instead. + type: object + properties: + AccessControlAttributes: + $ref: '#/components/schemas/AccessControlAttributeList' + required: + - AccessControlAttributes + additionalProperties: false + AccessControlAttributes: + $ref: '#/components/schemas/AccessControlAttributeList' + required: + - InstanceArn + x-stackql-resource-name: instance_access_control_attribute_configuration + description: Resource Type definition for SSO InstanceAccessControlAttributeConfiguration + x-type-name: AWS::SSO::InstanceAccessControlAttributeConfiguration + x-stackql-primary-identifier: + - InstanceArn + x-create-only-properties: + - InstanceArn + x-required-properties: + - InstanceArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + x-required-permissions: + create: + - sso:CreateInstanceAccessControlAttributeConfiguration + - sso:UpdateApplicationProfileForAWSAccountInstance + - sso:DescribeInstanceAccessControlAttributeConfiguration + read: + - sso:DescribeInstanceAccessControlAttributeConfiguration + update: + - sso:UpdateInstanceAccessControlAttributeConfiguration + - sso:DescribeInstanceAccessControlAttributeConfiguration + delete: + - sso:DeleteInstanceAccessControlAttributeConfiguration + - sso:DescribeInstanceAccessControlAttributeConfiguration + list: + - sso:DescribeInstanceAccessControlAttributeConfiguration + Tag: + description: The metadata that you apply to the permission set to help you categorize and organize them. + type: object + properties: + Key: + type: string + pattern: '[\w+=,.@-]+' + minLength: 1 + maxLength: 128 + Value: + type: string + pattern: '[\w+=,.@-]+' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + ManagedPolicyArn: + description: The managed policy to attach. + type: string + minLength: 20 + maxLength: 2048 + CustomerManagedPolicyReference: + type: object + properties: + Name: + type: string + pattern: '[\w+=,.@-]+' + minLength: 1 + maxLength: 128 + Path: + type: string + pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ + minLength: 1 + maxLength: 512 + required: + - Name + additionalProperties: false + PermissionsBoundary: + type: object + additionalProperties: false + properties: + CustomerManagedPolicyReference: + $ref: '#/components/schemas/CustomerManagedPolicyReference' + ManagedPolicyArn: + $ref: '#/components/schemas/ManagedPolicyArn' + PermissionSet: + type: object + properties: + Name: + description: The name you want to assign to this permission set. + type: string + pattern: '[\w+=,.@-]+' + minLength: 1 + maxLength: 32 + PermissionSetArn: + description: The permission set that the policy will be attached to + type: string + pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::permissionSet/(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16} + minLength: 10 + maxLength: 1224 + Description: + description: The permission set description. + type: string + pattern: '[\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]*' + minLength: 1 + maxLength: 700 + InstanceArn: + description: The sso instance arn that the permission set is owned. + type: string + pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16} + minLength: 10 + maxLength: 1224 + SessionDuration: + description: The length of time that a user can be signed in to an AWS account. + type: string + pattern: ^(-?)P(?=\d|T\d)(?:(\d+)Y)?(?:(\d+)M)?(?:(\d+)([DW]))?(?:T(?:(\d+)H)?(?:(\d+)M)?(?:(\d+(?:\.\d+)?)S)?)?$ + minLength: 1 + maxLength: 100 + RelayStateType: + description: The relay state URL that redirect links to any service in the AWS Management Console. + type: string + pattern: '[a-zA-Z0-9&$@#\/%?=~\-_''"|!:,.;*+\[\]\ \(\)\{\}]+' + minLength: 1 + maxLength: 240 + ManagedPolicies: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ManagedPolicyArn' + maxItems: 20 + default: [] + InlinePolicy: + description: The inline policy to put in permission set. + type: object + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + maxItems: 50 + CustomerManagedPolicyReferences: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/CustomerManagedPolicyReference' + maxItems: 20 + default: [] + PermissionsBoundary: + $ref: '#/components/schemas/PermissionsBoundary' + required: + - Name + - InstanceArn + x-stackql-resource-name: permission_set + description: Resource Type definition for SSO PermissionSet + x-type-name: AWS::SSO::PermissionSet + x-stackql-primary-identifier: + - InstanceArn + - PermissionSetArn + x-create-only-properties: + - InstanceArn + - Name + x-read-only-properties: + - PermissionSetArn + x-required-properties: + - Name + - InstanceArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - sso:CreatePermissionSet + - sso:PutInlinePolicyToPermissionSet + - sso:AttachManagedPolicyToPermissionSet + - sso:AttachCustomerManagedPolicyReferenceToPermissionSet + - sso:PutPermissionsBoundaryToPermissionSet + - sso:TagResource + - sso:DescribePermissionSet + - sso:ListTagsForResource + - sso:ListManagedPoliciesInPermissionSet + - sso:ListCustomerManagedPolicyReferencesInPermissionSet + - sso:GetInlinePolicyForPermissionSet + - sso:GetPermissionsBoundaryForPermissionSet + read: + - sso:DescribePermissionSet + - sso:ListTagsForResource + - sso:ListManagedPoliciesInPermissionSet + - sso:ListCustomerManagedPolicyReferencesInPermissionSet + - sso:GetInlinePolicyForPermissionSet + - sso:GetPermissionsBoundaryForPermissionSet + update: + - sso:UpdatePermissionSet + - sso:TagResource + - sso:UntagResource + - sso:ListTagsForResource + - sso:AttachManagedPolicyToPermissionSet + - sso:AttachCustomerManagedPolicyReferenceToPermissionSet + - sso:DetachManagedPolicyFromPermissionSet + - sso:DetachCustomerManagedPolicyReferenceFromPermissionSet + - sso:ListManagedPoliciesInPermissionSet + - sso:ListCustomerManagedPolicyReferencesInPermissionSet + - sso:PutInlinePolicyToPermissionSet + - sso:GetPermissionsBoundaryForPermissionSet + - sso:DeletePermissionsBoundaryFromPermissionSet + - sso:PutPermissionsBoundaryToPermissionSet + - sso:DeleteInlinePolicyFromPermissionSet + - sso:ProvisionPermissionSet + - sso:DescribePermissionSet + - sso:GetInlinePolicyForPermissionSet + - sso:DescribePermissionSetProvisioningStatus + delete: + - sso:DeletePermissionSet + list: + - sso:DescribePermissionSet + x-stackQL-resources: + assignments: + name: assignments + id: aws.sso.assignments + x-cfn-schema-name: Assignment + x-type: list + x-identifiers: + - InstanceArn + - TargetId + - TargetType + - PermissionSetArn + - PrincipalType + - PrincipalId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.TargetId') as target_id, + JSON_EXTRACT(Properties, '$.TargetType') as target_type, + JSON_EXTRACT(Properties, '$.PermissionSetArn') as permission_set_arn, + JSON_EXTRACT(Properties, '$.PrincipalType') as principal_type, + JSON_EXTRACT(Properties, '$.PrincipalId') as principal_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSO::Assignment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'TargetId') as target_id, + json_extract_path_text(Properties, 'TargetType') as target_type, + json_extract_path_text(Properties, 'PermissionSetArn') as permission_set_arn, + json_extract_path_text(Properties, 'PrincipalType') as principal_type, + json_extract_path_text(Properties, 'PrincipalId') as principal_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSO::Assignment' + AND region = 'us-east-1' + assignment: + name: assignment + id: aws.sso.assignment + x-cfn-schema-name: Assignment + x-type: get + x-identifiers: + - InstanceArn + - TargetId + - TargetType + - PermissionSetArn + - PrincipalType + - PrincipalId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.TargetId') as target_id, + JSON_EXTRACT(Properties, '$.TargetType') as target_type, + JSON_EXTRACT(Properties, '$.PermissionSetArn') as permission_set_arn, + JSON_EXTRACT(Properties, '$.PrincipalType') as principal_type, + JSON_EXTRACT(Properties, '$.PrincipalId') as principal_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSO::Assignment' + AND data__Identifier = '|||||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'TargetId') as target_id, + json_extract_path_text(Properties, 'TargetType') as target_type, + json_extract_path_text(Properties, 'PermissionSetArn') as permission_set_arn, + json_extract_path_text(Properties, 'PrincipalType') as principal_type, + json_extract_path_text(Properties, 'PrincipalId') as principal_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSO::Assignment' + AND data__Identifier = '|||||' + AND region = 'us-east-1' + instance_access_control_attribute_configurations: + name: instance_access_control_attribute_configurations + id: aws.sso.instance_access_control_attribute_configurations + x-cfn-schema-name: InstanceAccessControlAttributeConfiguration + x-type: list + x-identifiers: + - InstanceArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSO::InstanceAccessControlAttributeConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSO::InstanceAccessControlAttributeConfiguration' + AND region = 'us-east-1' + instance_access_control_attribute_configuration: + name: instance_access_control_attribute_configuration + id: aws.sso.instance_access_control_attribute_configuration + x-cfn-schema-name: InstanceAccessControlAttributeConfiguration + x-type: get + x-identifiers: + - InstanceArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.InstanceAccessControlAttributeConfiguration') as instance_access_control_attribute_configuration, + JSON_EXTRACT(Properties, '$.AccessControlAttributes') as access_control_attributes + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSO::InstanceAccessControlAttributeConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'InstanceAccessControlAttributeConfiguration') as instance_access_control_attribute_configuration, + json_extract_path_text(Properties, 'AccessControlAttributes') as access_control_attributes + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSO::InstanceAccessControlAttributeConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + permission_sets: + name: permission_sets + id: aws.sso.permission_sets + x-cfn-schema-name: PermissionSet + x-type: list + x-identifiers: + - InstanceArn + - PermissionSetArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.PermissionSetArn') as permission_set_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSO::PermissionSet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'PermissionSetArn') as permission_set_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSO::PermissionSet' + AND region = 'us-east-1' + permission_set: + name: permission_set + id: aws.sso.permission_set + x-cfn-schema-name: PermissionSet + x-type: get + x-identifiers: + - InstanceArn + - PermissionSetArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.PermissionSetArn') as permission_set_arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.SessionDuration') as session_duration, + JSON_EXTRACT(Properties, '$.RelayStateType') as relay_state_type, + JSON_EXTRACT(Properties, '$.ManagedPolicies') as managed_policies, + JSON_EXTRACT(Properties, '$.InlinePolicy') as inline_policy, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CustomerManagedPolicyReferences') as customer_managed_policy_references, + JSON_EXTRACT(Properties, '$.PermissionsBoundary') as permissions_boundary + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSO::PermissionSet' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'PermissionSetArn') as permission_set_arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'SessionDuration') as session_duration, + json_extract_path_text(Properties, 'RelayStateType') as relay_state_type, + json_extract_path_text(Properties, 'ManagedPolicies') as managed_policies, + json_extract_path_text(Properties, 'InlinePolicy') as inline_policy, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CustomerManagedPolicyReferences') as customer_managed_policy_references, + json_extract_path_text(Properties, 'PermissionsBoundary') as permissions_boundary + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSO::PermissionSet' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/stepfunctions.yaml b/providers/src/aws/v00.00.00000/services/stepfunctions.yaml new file mode 100644 index 00000000..b26f0092 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/stepfunctions.yaml @@ -0,0 +1,634 @@ +openapi: 3.0.0 +info: + title: StepFunctions + version: 1.0.0 +paths: {} +components: + schemas: + TagsEntry: + additionalProperties: false + type: object + properties: + Value: + minLength: 1 + type: string + maxLength: 256 + Key: + minLength: 1 + type: string + maxLength: 128 + required: + - Key + - Value + Activity: + type: object + properties: + Arn: + type: string + minLength: 1 + maxLength: 2048 + Name: + type: string + minLength: 1 + maxLength: 80 + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/TagsEntry' + required: + - Name + x-stackql-resource-name: activity + description: Resource schema for Activity + x-type-name: AWS::StepFunctions::Activity + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - states:CreateActivity + read: + - states:DescribeActivity + - states:ListTagsForResource + update: + - states:ListTagsForResource + - states:TagResource + - states:UntagResource + delete: + - states:DeleteActivity + LoggingConfiguration: + additionalProperties: false + type: object + properties: + IncludeExecutionData: + type: boolean + Destinations: + minItems: 1 + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/LogDestination' + Level: + type: string + enum: + - ALL + - ERROR + - FATAL + - 'OFF' + DefinitionSubstitutions: + x-patternProperties: + .*: + anyOf: + - type: string + - type: integer + - type: boolean + additionalProperties: false + type: object + minProperties: 1 + Definition: + type: object + minProperties: 1 + LogDestination: + additionalProperties: false + type: object + properties: + CloudWatchLogsLogGroup: + $ref: '#/components/schemas/CloudWatchLogsLogGroup' + CloudWatchLogsLogGroup: + additionalProperties: false + type: object + properties: + LogGroupArn: + x-relationshipRef: + typeName: AWS::Logs::LogGroup + propertyPath: /properties/Arn + minLength: 1 + type: string + maxLength: 256 + S3Location: + additionalProperties: false + type: object + properties: + Bucket: + type: string + Version: + type: string + Key: + type: string + required: + - Bucket + - Key + TracingConfiguration: + additionalProperties: false + type: object + properties: + Enabled: + type: boolean + StateMachine: + type: object + properties: + DefinitionSubstitutions: + $ref: '#/components/schemas/DefinitionSubstitutions' + Definition: + $ref: '#/components/schemas/Definition' + RoleArn: + minLength: 1 + type: string + maxLength: 256 + Name: + minLength: 1 + type: string + maxLength: 80 + StateMachineType: + type: string + enum: + - STANDARD + - EXPRESS + TracingConfiguration: + $ref: '#/components/schemas/TracingConfiguration' + DefinitionString: + minLength: 1 + type: string + maxLength: 1048576 + LoggingConfiguration: + $ref: '#/components/schemas/LoggingConfiguration' + StateMachineRevisionId: + minLength: 1 + type: string + maxLength: 256 + DefinitionS3Location: + $ref: '#/components/schemas/S3Location' + Arn: + minLength: 1 + type: string + maxLength: 2048 + StateMachineName: + minLength: 1 + type: string + maxLength: 80 + Tags: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/TagsEntry' + required: + - RoleArn + x-stackql-resource-name: state_machine + description: Resource schema for StateMachine + x-type-name: AWS::StepFunctions::StateMachine + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - StateMachineName + x-create-only-properties: + - StateMachineName + - StateMachineType + x-write-only-properties: + - Definition + - DefinitionS3Location + - DefinitionSubstitutions + x-read-only-properties: + - Arn + - Name + - StateMachineRevisionId + x-required-properties: + - RoleArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: true + x-required-permissions: + read: + - states:DescribeStateMachine + - states:ListTagsForResource + create: + - states:CreateStateMachine + - states:DescribeStateMachine + - states:TagResource + - iam:PassRole + - s3:GetObject + update: + - states:UpdateStateMachine + - states:TagResource + - states:UntagResource + - states:ListTagsForResource + - iam:PassRole + list: + - states:ListStateMachines + delete: + - states:DeleteStateMachine + - states:DescribeStateMachine + RoutingConfigurationVersion: + type: object + properties: + StateMachineVersionArn: + type: string + description: The Amazon Resource Name (ARN) that identifies one or two state machine versions defined in the routing configuration. + minLength: 1 + maxLength: 2048 + Weight: + type: integer + description: The percentage of traffic you want to route to the state machine version. The sum of the weights in the routing configuration must be equal to 100. + minimum: 0 + maximum: 100 + required: + - StateMachineVersionArn + - Weight + additionalProperties: false + RoutingConfiguration: + type: array + description: The routing configuration of the alias. One or two versions can be mapped to an alias to split StartExecution requests of the same state machine. + minItems: 1 + maxItems: 2 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/RoutingConfigurationVersion' + DeploymentPreference: + type: object + description: The settings to enable gradual state machine deployments. + properties: + StateMachineVersionArn: + type: string + minLength: 1 + maxLength: 2048 + Type: + type: string + description: The type of deployment to perform. + enum: + - LINEAR + - ALL_AT_ONCE + - CANARY + Percentage: + type: integer + description: The percentage of traffic to shift to the new version in each increment. + minimum: 1 + maximum: 99 + Interval: + type: integer + description: The time in minutes between each traffic shifting increment. + minimum: 1 + maximum: 2100 + Alarms: + type: array + description: A list of CloudWatch alarm names that will be monitored during the deployment. The deployment will fail and rollback if any alarms go into ALARM state. + minItems: 1 + maxItems: 100 + uniqueItems: true + x-insertionOrder: false + items: + type: string + minLength: 1 + maxLength: 256 + required: + - StateMachineVersionArn + - Type + additionalProperties: false + StateMachineAlias: + type: object + properties: + Arn: + type: string + minLength: 1 + maxLength: 2048 + description: The ARN of the alias. + Name: + type: string + description: The alias name. + minLength: 1 + maxLength: 80 + Description: + type: string + description: An optional description of the alias. + minLength: 1 + maxLength: 256 + RoutingConfiguration: + $ref: '#/components/schemas/RoutingConfiguration' + DeploymentPreference: + $ref: '#/components/schemas/DeploymentPreference' + x-stackql-resource-name: state_machine_alias + description: Resource schema for StateMachineAlias + x-type-name: AWS::StepFunctions::StateMachineAlias + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-write-only-properties: + - DeploymentPreference + x-read-only-properties: + - Arn + x-tagging: + taggable: false + x-required-permissions: + create: + - states:CreateStateMachineAlias + - states:DescribeStateMachineAlias + read: + - states:DescribeStateMachineAlias + update: + - cloudwatch:DescribeAlarms + - states:UpdateStateMachineAlias + - states:DescribeStateMachineAlias + delete: + - states:DescribeStateMachineAlias + - states:DeleteStateMachineAlias + list: + - states:ListStateMachineAliases + StateMachineVersion: + type: object + properties: + Arn: + type: string + minLength: 1 + maxLength: 2048 + StateMachineArn: + type: string + minLength: 1 + maxLength: 2048 + StateMachineRevisionId: + type: string + minLength: 1 + maxLength: 2048 + Description: + type: string + minLength: 1 + maxLength: 2048 + required: + - StateMachineArn + x-stackql-resource-name: state_machine_version + description: Resource schema for StateMachineVersion + x-type-name: AWS::StepFunctions::StateMachineVersion + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - StateMachineArn + - StateMachineRevisionId + x-write-only-properties: + - StateMachineArn + x-read-only-properties: + - Arn + x-required-properties: + - StateMachineArn + x-tagging: + taggable: false + x-required-permissions: + create: + - states:PublishStateMachineVersion + - states:ListStateMachineVersions + - states:DescribeStateMachine + read: + - states:DescribeStateMachine + delete: + - states:DeleteStateMachineVersion + - states:DescribeStateMachine + list: + - states:ListStateMachineVersions + x-stackQL-resources: + activity: + name: activity + id: aws.stepfunctions.activity + x-cfn-schema-name: Activity + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::StepFunctions::Activity' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::StepFunctions::Activity' + AND data__Identifier = '' + AND region = 'us-east-1' + state_machines: + name: state_machines + id: aws.stepfunctions.state_machines + x-cfn-schema-name: StateMachine + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::StepFunctions::StateMachine' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::StepFunctions::StateMachine' + AND region = 'us-east-1' + state_machine: + name: state_machine + id: aws.stepfunctions.state_machine + x-cfn-schema-name: StateMachine + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DefinitionSubstitutions') as definition_substitutions, + JSON_EXTRACT(Properties, '$.Definition') as definition, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.StateMachineType') as state_machine_type, + JSON_EXTRACT(Properties, '$.TracingConfiguration') as tracing_configuration, + JSON_EXTRACT(Properties, '$.DefinitionString') as definition_string, + JSON_EXTRACT(Properties, '$.LoggingConfiguration') as logging_configuration, + JSON_EXTRACT(Properties, '$.StateMachineRevisionId') as state_machine_revision_id, + JSON_EXTRACT(Properties, '$.DefinitionS3Location') as definition_s3_location, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.StateMachineName') as state_machine_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::StepFunctions::StateMachine' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DefinitionSubstitutions') as definition_substitutions, + json_extract_path_text(Properties, 'Definition') as definition, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'StateMachineType') as state_machine_type, + json_extract_path_text(Properties, 'TracingConfiguration') as tracing_configuration, + json_extract_path_text(Properties, 'DefinitionString') as definition_string, + json_extract_path_text(Properties, 'LoggingConfiguration') as logging_configuration, + json_extract_path_text(Properties, 'StateMachineRevisionId') as state_machine_revision_id, + json_extract_path_text(Properties, 'DefinitionS3Location') as definition_s3_location, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'StateMachineName') as state_machine_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::StepFunctions::StateMachine' + AND data__Identifier = '' + AND region = 'us-east-1' + state_machine_aliases: + name: state_machine_aliases + id: aws.stepfunctions.state_machine_aliases + x-cfn-schema-name: StateMachineAlias + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::StepFunctions::StateMachineAlias' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::StepFunctions::StateMachineAlias' + AND region = 'us-east-1' + state_machine_alias: + name: state_machine_alias + id: aws.stepfunctions.state_machine_alias + x-cfn-schema-name: StateMachineAlias + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.RoutingConfiguration') as routing_configuration, + JSON_EXTRACT(Properties, '$.DeploymentPreference') as deployment_preference + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::StepFunctions::StateMachineAlias' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'RoutingConfiguration') as routing_configuration, + json_extract_path_text(Properties, 'DeploymentPreference') as deployment_preference + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::StepFunctions::StateMachineAlias' + AND data__Identifier = '' + AND region = 'us-east-1' + state_machine_versions: + name: state_machine_versions + id: aws.stepfunctions.state_machine_versions + x-cfn-schema-name: StateMachineVersion + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::StepFunctions::StateMachineVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::StepFunctions::StateMachineVersion' + AND region = 'us-east-1' + state_machine_version: + name: state_machine_version + id: aws.stepfunctions.state_machine_version + x-cfn-schema-name: StateMachineVersion + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.StateMachineArn') as state_machine_arn, + JSON_EXTRACT(Properties, '$.StateMachineRevisionId') as state_machine_revision_id, + JSON_EXTRACT(Properties, '$.Description') as description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::StepFunctions::StateMachineVersion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'StateMachineArn') as state_machine_arn, + json_extract_path_text(Properties, 'StateMachineRevisionId') as state_machine_revision_id, + json_extract_path_text(Properties, 'Description') as description + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::StepFunctions::StateMachineVersion' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/supportapp.yaml b/providers/src/aws/v00.00.00000/services/supportapp.yaml new file mode 100644 index 00000000..f8564847 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/supportapp.yaml @@ -0,0 +1,352 @@ +openapi: 3.0.0 +info: + title: SupportApp + version: 1.0.0 +paths: {} +components: + schemas: + AccountAlias: + type: object + properties: + AccountAlias: + description: An account alias associated with a customer's account. + type: string + pattern: ^[\w\- ]+$ + minLength: 1 + maxLength: 30 + AccountAliasResourceId: + description: Unique identifier representing an alias tied to an account + type: string + pattern: ^[\w\- ]+$ + minLength: 29 + maxLength: 29 + required: + - AccountAlias + x-stackql-resource-name: account_alias + description: An AWS Support App resource that creates, updates, reads, and deletes a customer's account alias. + x-type-name: AWS::SupportApp::AccountAlias + x-stackql-primary-identifier: + - AccountAliasResourceId + x-read-only-properties: + - AccountAliasResourceId + x-required-properties: + - AccountAlias + x-required-permissions: + create: + - supportapp:PutAccountAlias + - supportapp:GetAccountAlias + read: + - supportapp:GetAccountAlias + update: + - supportapp:PutAccountAlias + - supportapp:GetAccountAlias + delete: + - supportapp:DeleteAccountAlias + - supportapp:GetAccountAlias + list: + - supportapp:GetAccountAlias + SlackChannelConfiguration: + type: object + properties: + TeamId: + description: The team ID in Slack, which uniquely identifies a workspace. + type: string + pattern: ^\S+$ + minLength: 1 + maxLength: 256 + ChannelId: + description: The channel ID in Slack, which identifies a channel within a workspace. + type: string + pattern: ^\S+$ + minLength: 1 + maxLength: 256 + ChannelName: + description: The channel name in Slack. + type: string + pattern: ^.+$ + minLength: 1 + maxLength: 256 + NotifyOnCreateOrReopenCase: + description: Whether to notify when a case is created or reopened. + type: boolean + NotifyOnAddCorrespondenceToCase: + description: Whether to notify when a correspondence is added to a case. + type: boolean + NotifyOnResolveCase: + description: Whether to notify when a case is resolved. + type: boolean + NotifyOnCaseSeverity: + description: The severity level of a support case that a customer wants to get notified for. + type: string + enum: + - none + - all + - high + ChannelRoleArn: + description: The Amazon Resource Name (ARN) of an IAM role that grants the AWS Support App access to perform operations for AWS services. + type: string + pattern: ^arn:aws[-a-z0-9]*:iam::[0-9]{12}:role\/(.+)$ + minLength: 31 + maxLength: 2048 + required: + - TeamId + - ChannelId + - NotifyOnCaseSeverity + - ChannelRoleArn + x-stackql-resource-name: slack_channel_configuration + description: An AWS Support App resource that creates, updates, lists and deletes Slack channel configurations. + x-type-name: AWS::SupportApp::SlackChannelConfiguration + x-stackql-primary-identifier: + - TeamId + - ChannelId + x-create-only-properties: + - TeamId + - ChannelId + x-required-properties: + - TeamId + - ChannelId + - NotifyOnCaseSeverity + - ChannelRoleArn + x-required-permissions: + create: + - supportapp:CreateSlackChannelConfiguration + - supportapp:ListSlackChannelConfigurations + read: + - supportapp:ListSlackChannelConfigurations + update: + - supportapp:UpdateSlackChannelConfiguration + - supportapp:ListSlackChannelConfigurations + delete: + - supportapp:DeleteSlackChannelConfiguration + - supportapp:ListSlackChannelConfigurations + list: + - supportapp:ListSlackChannelConfigurations + SlackWorkspaceConfiguration: + type: object + properties: + TeamId: + description: The team ID in Slack, which uniquely identifies a workspace. + type: string + pattern: ^\S+$ + minLength: 1 + maxLength: 256 + VersionId: + description: An identifier used to update an existing Slack workspace configuration in AWS CloudFormation. + type: string + pattern: ^[0-9]+$ + minLength: 1 + maxLength: 256 + required: + - TeamId + x-stackql-resource-name: slack_workspace_configuration + description: An AWS Support App resource that creates, updates, lists, and deletes Slack workspace configurations. + x-type-name: AWS::SupportApp::SlackWorkspaceConfiguration + x-stackql-primary-identifier: + - TeamId + x-create-only-properties: + - TeamId + x-write-only-properties: + - VersionId + x-required-properties: + - TeamId + x-tagging: + taggable: false + x-required-permissions: + create: + - supportapp:RegisterSlackWorkspaceForOrganization + - supportapp:ListSlackWorkspaceConfigurations + read: + - supportapp:ListSlackWorkspaceConfigurations + update: + - supportapp:RegisterSlackWorkspaceForOrganization + - supportapp:ListSlackWorkspaceConfigurations + delete: + - supportapp:ListSlackWorkspaceConfigurations + - supportapp:DeleteSlackWorkspaceConfiguration + list: + - supportapp:ListSlackWorkspaceConfigurations + x-stackQL-resources: + account_aliases: + name: account_aliases + id: aws.supportapp.account_aliases + x-cfn-schema-name: AccountAlias + x-type: list + x-identifiers: + - AccountAliasResourceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccountAliasResourceId') as account_alias_resource_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SupportApp::AccountAlias' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccountAliasResourceId') as account_alias_resource_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SupportApp::AccountAlias' + AND region = 'us-east-1' + account_alias: + name: account_alias + id: aws.supportapp.account_alias + x-cfn-schema-name: AccountAlias + x-type: get + x-identifiers: + - AccountAliasResourceId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccountAlias') as account_alias, + JSON_EXTRACT(Properties, '$.AccountAliasResourceId') as account_alias_resource_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SupportApp::AccountAlias' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccountAlias') as account_alias, + json_extract_path_text(Properties, 'AccountAliasResourceId') as account_alias_resource_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SupportApp::AccountAlias' + AND data__Identifier = '' + AND region = 'us-east-1' + slack_channel_configurations: + name: slack_channel_configurations + id: aws.supportapp.slack_channel_configurations + x-cfn-schema-name: SlackChannelConfiguration + x-type: list + x-identifiers: + - TeamId + - ChannelId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TeamId') as team_id, + JSON_EXTRACT(Properties, '$.ChannelId') as channel_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SupportApp::SlackChannelConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TeamId') as team_id, + json_extract_path_text(Properties, 'ChannelId') as channel_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SupportApp::SlackChannelConfiguration' + AND region = 'us-east-1' + slack_channel_configuration: + name: slack_channel_configuration + id: aws.supportapp.slack_channel_configuration + x-cfn-schema-name: SlackChannelConfiguration + x-type: get + x-identifiers: + - TeamId + - ChannelId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TeamId') as team_id, + JSON_EXTRACT(Properties, '$.ChannelId') as channel_id, + JSON_EXTRACT(Properties, '$.ChannelName') as channel_name, + JSON_EXTRACT(Properties, '$.NotifyOnCreateOrReopenCase') as notify_on_create_or_reopen_case, + JSON_EXTRACT(Properties, '$.NotifyOnAddCorrespondenceToCase') as notify_on_add_correspondence_to_case, + JSON_EXTRACT(Properties, '$.NotifyOnResolveCase') as notify_on_resolve_case, + JSON_EXTRACT(Properties, '$.NotifyOnCaseSeverity') as notify_on_case_severity, + JSON_EXTRACT(Properties, '$.ChannelRoleArn') as channel_role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SupportApp::SlackChannelConfiguration' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TeamId') as team_id, + json_extract_path_text(Properties, 'ChannelId') as channel_id, + json_extract_path_text(Properties, 'ChannelName') as channel_name, + json_extract_path_text(Properties, 'NotifyOnCreateOrReopenCase') as notify_on_create_or_reopen_case, + json_extract_path_text(Properties, 'NotifyOnAddCorrespondenceToCase') as notify_on_add_correspondence_to_case, + json_extract_path_text(Properties, 'NotifyOnResolveCase') as notify_on_resolve_case, + json_extract_path_text(Properties, 'NotifyOnCaseSeverity') as notify_on_case_severity, + json_extract_path_text(Properties, 'ChannelRoleArn') as channel_role_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SupportApp::SlackChannelConfiguration' + AND data__Identifier = '|' + AND region = 'us-east-1' + slack_workspace_configurations: + name: slack_workspace_configurations + id: aws.supportapp.slack_workspace_configurations + x-cfn-schema-name: SlackWorkspaceConfiguration + x-type: list + x-identifiers: + - TeamId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TeamId') as team_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SupportApp::SlackWorkspaceConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TeamId') as team_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SupportApp::SlackWorkspaceConfiguration' + AND region = 'us-east-1' + slack_workspace_configuration: + name: slack_workspace_configuration + id: aws.supportapp.slack_workspace_configuration + x-cfn-schema-name: SlackWorkspaceConfiguration + x-type: get + x-identifiers: + - TeamId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TeamId') as team_id, + JSON_EXTRACT(Properties, '$.VersionId') as version_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SupportApp::SlackWorkspaceConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TeamId') as team_id, + json_extract_path_text(Properties, 'VersionId') as version_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SupportApp::SlackWorkspaceConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/synthetics.yaml b/providers/src/aws/v00.00.00000/services/synthetics.yaml new file mode 100644 index 00000000..68d4c1ef --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/synthetics.yaml @@ -0,0 +1,503 @@ +openapi: 3.0.0 +info: + title: Synthetics + version: 1.0.0 +paths: {} +components: + schemas: + Schedule: + type: object + additionalProperties: false + properties: + Expression: + type: string + DurationInSeconds: + type: string + required: + - Expression + Code: + type: object + additionalProperties: false + properties: + S3Bucket: + type: string + S3Key: + type: string + S3ObjectVersion: + type: string + Script: + type: string + Handler: + type: string + SourceLocationArn: + type: string + required: + - Handler + oneOf: + - required: + - S3Bucket + - S3Key + - required: + - Script + Tag: + description: A key-value pair to associate with a resource. + additionalProperties: false + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 128 + pattern: ^(?!aws:)([a-zA-Z\d\s_.:/=+\-@]+)$ + Value: + type: string + description: 'The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 0 + maxLength: 256 + pattern: ^([a-zA-Z\d\s_.:/=+\-@]*)$ + required: + - Value + - Key + VPCConfig: + type: object + additionalProperties: false + properties: + VpcId: + type: string + SubnetIds: + type: array + items: + type: string + SecurityGroupIds: + type: array + items: + type: string + required: + - SubnetIds + - SecurityGroupIds + RunConfig: + type: object + additionalProperties: false + properties: + TimeoutInSeconds: + description: Provide maximum canary timeout per run in seconds + type: integer + MemoryInMB: + description: Provide maximum memory available for canary in MB + type: integer + ActiveTracing: + description: Enable active tracing if set to true + type: boolean + EnvironmentVariables: + type: object + additionalProperties: false + description: Environment variable key-value pairs. + x-patternProperties: + '[a-zA-Z][a-zA-Z0-9_]+': + type: string + VisualReference: + type: object + additionalProperties: false + properties: + BaseCanaryRunId: + type: string + description: Canary run id to be used as base reference for visual testing + BaseScreenshots: + type: array + description: List of screenshots used as base reference for visual testing + items: + $ref: '#/components/schemas/BaseScreenshot' + required: + - BaseCanaryRunId + BaseScreenshot: + type: object + properties: + ScreenshotName: + type: string + description: Name of the screenshot to be used as base reference for visual testing + IgnoreCoordinates: + type: array + description: List of coordinates of rectangles to be ignored during visual testing + items: + type: string + description: Coordinates of a rectangle to be ignored during visual testing + required: + - ScreenshotName + ArtifactConfig: + type: object + additionalProperties: false + properties: + S3Encryption: + $ref: '#/components/schemas/S3Encryption' + description: Encryption configuration for uploading artifacts to S3 + S3Encryption: + type: object + additionalProperties: false + properties: + EncryptionMode: + type: string + description: 'Encryption mode for encrypting artifacts when uploading to S3. Valid values: SSE_S3 and SSE_KMS.' + KmsKeyArn: + type: string + description: KMS key Arn for encrypting artifacts when uploading to S3. You must specify KMS key Arn for SSE_KMS encryption mode only. + Canary: + type: object + properties: + Name: + description: Name of the canary. + type: string + pattern: ^[0-9a-z_\-]{1,21}$ + Id: + description: Id of the canary + type: string + State: + description: State of the canary + type: string + Code: + description: Provide the canary script source + $ref: '#/components/schemas/Code' + ArtifactS3Location: + description: Provide the s3 bucket output location for test results + type: string + pattern: ^(s3|S3):// + ArtifactConfig: + description: Provide artifact configuration + $ref: '#/components/schemas/ArtifactConfig' + Schedule: + description: Frequency to run your canaries + $ref: '#/components/schemas/Schedule' + ExecutionRoleArn: + description: Lambda Execution role used to run your canaries + type: string + RuntimeVersion: + description: Runtime version of Synthetics Library + type: string + SuccessRetentionPeriod: + description: Retention period of successful canary runs represented in number of days + type: integer + FailureRetentionPeriod: + description: Retention period of failed canary runs represented in number of days + type: integer + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + VPCConfig: + description: Provide VPC Configuration if enabled. + $ref: '#/components/schemas/VPCConfig' + RunConfig: + description: Provide canary run configuration + $ref: '#/components/schemas/RunConfig' + StartCanaryAfterCreation: + description: Runs canary if set to True. Default is False + type: boolean + VisualReference: + description: Visual reference configuration for visual testing + $ref: '#/components/schemas/VisualReference' + DeleteLambdaResourcesOnCanaryDeletion: + description: Deletes associated lambda resources created by Synthetics if set to True. Default is False + type: boolean + required: + - Name + - Code + - ArtifactS3Location + - ExecutionRoleArn + - Schedule + - RuntimeVersion + x-stackql-resource-name: canary + description: Resource Type definition for AWS::Synthetics::Canary + x-type-name: AWS::Synthetics::Canary + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-write-only-properties: + - Code/S3Bucket + - Code/S3Key + - Code/S3ObjectVersion + - Code/Script + - DeleteLambdaResourcesOnCanaryDeletion + - StartCanaryAfterCreation + - RunConfig/EnvironmentVariables + - VisualReference + x-read-only-properties: + - Id + - State + - Code/SourceLocationArn + x-required-properties: + - Name + - Code + - ArtifactS3Location + - ExecutionRoleArn + - Schedule + - RuntimeVersion + x-tagging: + taggable: true + x-required-permissions: + create: + - synthetics:CreateCanary + - synthetics:StartCanary + - synthetics:GetCanary + - synthetics:TagResource + - s3:CreateBucket + - s3:GetObject + - s3:GetObjectVersion + - s3:PutBucketEncryption + - s3:PutEncryptionConfiguration + - s3:GetBucketLocation + - lambda:CreateFunction + - lambda:AddPermission + - lambda:PublishVersion + - lambda:UpdateFunctionConfiguration + - lambda:GetFunctionConfiguration + - lambda:GetLayerVersionByArn + - lambda:GetLayerVersion + - lambda:PublishLayerVersion + - ec2:DescribeVpcs + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - iam:PassRole + update: + - synthetics:UpdateCanary + - synthetics:StartCanary + - synthetics:StopCanary + - synthetics:GetCanary + - synthetics:TagResource + - synthetics:UntagResource + - s3:GetObject + - s3:GetObjectVersion + - s3:PutBucketEncryption + - s3:PutEncryptionConfiguration + - s3:GetBucketLocation + - lambda:AddPermission + - lambda:PublishVersion + - lambda:UpdateFunctionConfiguration + - lambda:GetFunctionConfiguration + - lambda:GetLayerVersionByArn + - lambda:GetLayerVersion + - lambda:PublishLayerVersion + - iam:PassRole + read: + - synthetics:GetCanary + - synthetics:DescribeCanaries + - synthetics:ListTagsForResource + - iam:ListRoles + - s3:ListAllMyBuckets + - s3:GetBucketLocation + delete: + - synthetics:DeleteCanary + - synthetics:GetCanary + list: + - synthetics:DescribeCanaries + ResourceArn: + type: string + description: Provide Canary Arn associated with the group. + pattern: arn:(aws[a-zA-Z-]*)?:synthetics:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:\d{12}:canary:[0-9a-z_\-] + Group: + type: object + properties: + Name: + description: Name of the group. + type: string + pattern: ^[0-9a-z_\-]{1,64}$ + Id: + description: Id of the group. + type: string + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + ResourceArns: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/ResourceArn' + maxItems: 10 + required: + - Name + x-stackql-resource-name: group + description: Resource Type definition for AWS::Synthetics::Group + x-type-name: AWS::Synthetics::Group + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Id + x-required-properties: + - Name + x-tagging: + taggable: true + x-required-permissions: + create: + - synthetics:CreateGroup + - synthetics:AssociateResource + - synthetics:TagResource + - synthetics:GetGroup + update: + - synthetics:AssociateResource + - synthetics:DisassociateResource + - synthetics:TagResource + - synthetics:UntagResource + - synthetics:GetGroup + - synthetics:ListGroupResources + read: + - synthetics:GetGroup + - synthetics:ListTagsForResource + - synthetics:ListGroupResources + delete: + - synthetics:DeleteGroup + - synthetics:GetGroup + list: + - synthetics:ListGroups + x-stackQL-resources: + canaries: + name: canaries + id: aws.synthetics.canaries + x-cfn-schema-name: Canary + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Synthetics::Canary' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Synthetics::Canary' + AND region = 'us-east-1' + canary: + name: canary + id: aws.synthetics.canary + x-cfn-schema-name: Canary + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Code') as code, + JSON_EXTRACT(Properties, '$.ArtifactS3Location') as artifact_s3_location, + JSON_EXTRACT(Properties, '$.ArtifactConfig') as artifact_config, + JSON_EXTRACT(Properties, '$.Schedule') as schedule, + JSON_EXTRACT(Properties, '$.ExecutionRoleArn') as execution_role_arn, + JSON_EXTRACT(Properties, '$.RuntimeVersion') as runtime_version, + JSON_EXTRACT(Properties, '$.SuccessRetentionPeriod') as success_retention_period, + JSON_EXTRACT(Properties, '$.FailureRetentionPeriod') as failure_retention_period, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VPCConfig') as vpc_config, + JSON_EXTRACT(Properties, '$.RunConfig') as run_config, + JSON_EXTRACT(Properties, '$.StartCanaryAfterCreation') as start_canary_after_creation, + JSON_EXTRACT(Properties, '$.VisualReference') as visual_reference, + JSON_EXTRACT(Properties, '$.DeleteLambdaResourcesOnCanaryDeletion') as delete_lambda_resources_on_canary_deletion + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Synthetics::Canary' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Code') as code, + json_extract_path_text(Properties, 'ArtifactS3Location') as artifact_s3_location, + json_extract_path_text(Properties, 'ArtifactConfig') as artifact_config, + json_extract_path_text(Properties, 'Schedule') as schedule, + json_extract_path_text(Properties, 'ExecutionRoleArn') as execution_role_arn, + json_extract_path_text(Properties, 'RuntimeVersion') as runtime_version, + json_extract_path_text(Properties, 'SuccessRetentionPeriod') as success_retention_period, + json_extract_path_text(Properties, 'FailureRetentionPeriod') as failure_retention_period, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VPCConfig') as vpc_config, + json_extract_path_text(Properties, 'RunConfig') as run_config, + json_extract_path_text(Properties, 'StartCanaryAfterCreation') as start_canary_after_creation, + json_extract_path_text(Properties, 'VisualReference') as visual_reference, + json_extract_path_text(Properties, 'DeleteLambdaResourcesOnCanaryDeletion') as delete_lambda_resources_on_canary_deletion + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Synthetics::Canary' + AND data__Identifier = '' + AND region = 'us-east-1' + groups: + name: groups + id: aws.synthetics.groups + x-cfn-schema-name: Group + x-type: list + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Synthetics::Group' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Synthetics::Group' + AND region = 'us-east-1' + group: + name: group + id: aws.synthetics.group + x-cfn-schema-name: Group + x-type: get + x-identifiers: + - Name + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ResourceArns') as resource_arns + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Synthetics::Group' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ResourceArns') as resource_arns + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Synthetics::Group' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/systemsmanagersap.yaml b/providers/src/aws/v00.00.00000/services/systemsmanagersap.yaml new file mode 100644 index 00000000..7d92decd --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/systemsmanagersap.yaml @@ -0,0 +1,197 @@ +openapi: 3.0.0 +info: + title: SystemsManagerSAP + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + type: string + minLength: 1 + maxLength: 128 + Value: + description: 'The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Credential: + type: object + properties: + DatabaseName: + type: string + pattern: ^(?=.{1,100}$).* + CredentialType: + type: string + enum: + - ADMIN + SecretId: + type: string + pattern: ^(?=.{1,100}$).* + additionalProperties: false + Instance: + type: string + pattern: ^i-[\w\d]{8}$|^i-[\w\d]{17}$ + Application: + type: object + properties: + ApplicationId: + type: string + pattern: '[\w\d]{1,50}' + ApplicationType: + type: string + enum: + - HANA + Arn: + description: The ARN of the Helix application + type: string + pattern: ^arn:(.+:){2,4}.+$|^arn:(.+:){1,3}.+\/.+$ + Credentials: + type: array + items: + $ref: '#/components/schemas/Credential' + minItems: 1 + x-insertionOrder: true + Instances: + type: array + items: + $ref: '#/components/schemas/Instance' + minItems: 1 + x-insertionOrder: true + SapInstanceNumber: + type: string + pattern: '[0-9]{2}' + Sid: + type: string + pattern: '[A-Z][A-Z0-9]{2}' + Tags: + description: The tags of a SystemsManagerSAP application. + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: true + required: + - ApplicationId + - ApplicationType + x-stackql-resource-name: application + description: Resource schema for AWS::SystemsManagerSAP::Application + x-type-name: AWS::SystemsManagerSAP::Application + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Credentials + - Instances + - SapInstanceNumber + - Sid + x-write-only-properties: + - Credentials + - Instances + - SapInstanceNumber + - Sid + x-read-only-properties: + - Arn + x-required-properties: + - ApplicationId + - ApplicationType + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - ssm-sap:RegisterApplication + - ssm-sap:GetApplication + - ssm-sap:TagResource + - ssm-sap:ListTagsForResource + read: + - ssm-sap:GetApplication + - ssm-sap:ListTagsForResource + update: + - ssm-sap:TagResource + - ssm-sap:UntagResource + - ssm-sap:ListTagsForResource + - ssm-sap:GetApplication + delete: + - ssm-sap:DeregisterApplication + - ssm-sap:GetApplication + list: + - ssm-sap:ListApplications + x-stackQL-resources: + applications: + name: applications + id: aws.systemsmanagersap.applications + x-cfn-schema-name: Application + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SystemsManagerSAP::Application' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SystemsManagerSAP::Application' + AND region = 'us-east-1' + application: + name: application + id: aws.systemsmanagersap.application + x-cfn-schema-name: Application + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.ApplicationType') as application_type, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Credentials') as credentials, + JSON_EXTRACT(Properties, '$.Instances') as instances, + JSON_EXTRACT(Properties, '$.SapInstanceNumber') as sap_instance_number, + JSON_EXTRACT(Properties, '$.Sid') as sid, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SystemsManagerSAP::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'ApplicationType') as application_type, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Credentials') as credentials, + json_extract_path_text(Properties, 'Instances') as instances, + json_extract_path_text(Properties, 'SapInstanceNumber') as sap_instance_number, + json_extract_path_text(Properties, 'Sid') as sid, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SystemsManagerSAP::Application' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/timestream.yaml b/providers/src/aws/v00.00.00000/services/timestream.yaml new file mode 100644 index 00000000..f2e0fdf4 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/timestream.yaml @@ -0,0 +1,1178 @@ +openapi: 3.0.0 +info: + title: Timestream + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: You can use the Resource Tags property to apply tags to resources, which can help you identify and categorize those resources. + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 0 + maxLength: 256 + additionalProperties: false + Database: + type: object + properties: + Arn: + type: string + DatabaseName: + description: The name for the database. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the database name. + type: string + pattern: ^[a-zA-Z0-9_.-]{3,256}$ + KmsKeyId: + description: The KMS key for the database. If the KMS key is not specified, the database will be encrypted with a Timestream managed KMS key located in your account. + type: string + minLength: 1 + maxLength: 2048 + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 200 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: database + description: The AWS::Timestream::Database resource creates a Timestream database. + x-type-name: AWS::Timestream::Database + x-stackql-primary-identifier: + - DatabaseName + x-create-only-properties: + - DatabaseName + x-read-only-properties: + - Arn + x-required-permissions: + create: + - timestream:CreateDatabase + - timestream:DescribeEndpoints + - timestream:TagResource + - kms:CreateGrant + - kms:DescribeKey + - kms:Decrypt + read: + - timestream:DescribeDatabase + - timestream:DescribeEndpoints + - timestream:ListTagsForResource + update: + - timestream:UpdateDatabase + - timestream:DescribeDatabase + - timestream:DescribeEndpoints + - timestream:TagResource + - timestream:UntagResource + delete: + - timestream:DeleteDatabase + - timestream:DescribeEndpoints + list: + - timestream:ListDatabases + - timestream:DescribeEndpoints + InfluxDBInstance: + type: object + properties: + Username: + type: string + minLength: 1 + maxLength: 64 + description: The username for the InfluxDB instance. + Password: + type: string + minLength: 8 + maxLength: 64 + pattern: ^[a-zA-Z0-9]+$ + description: The password for the InfluxDB instance. + Organization: + type: string + minLength: 1 + maxLength: 64 + description: The organization for the InfluxDB instance. + Bucket: + type: string + minLength: 2 + maxLength: 64 + pattern: ^[^_][^"]*$ + description: The bucket for the InfluxDB instance. + DbInstanceType: + type: string + enum: + - db.influx.medium + - db.influx.large + - db.influx.xlarge + - db.influx.2xlarge + - db.influx.4xlarge + - db.influx.8xlarge + - db.influx.12xlarge + - db.influx.16xlarge + description: The compute instance of the InfluxDB instance. + VpcSubnetIds: + type: array + x-insertionOrder: false + items: + type: string + minItems: 1 + maxItems: 3 + description: A list of EC2 subnet IDs for this InfluxDB instance. + VpcSecurityGroupIds: + type: array + x-insertionOrder: false + items: + type: string + minItems: 1 + maxItems: 5 + description: A list of Amazon EC2 VPC security groups to associate with this InfluxDB instance. + PubliclyAccessible: + type: boolean + description: Attach a public IP to the customer ENI. + default: false + DbStorageType: + type: string + enum: + - InfluxIOIncludedT1 + - InfluxIOIncludedT2 + - InfluxIOIncludedT3 + description: The storage type of the InfluxDB instance. + AllocatedStorage: + type: integer + minimum: 20 + maximum: 16384 + description: The allocated storage for the InfluxDB instance. + DbParameterGroupIdentifier: + type: string + minLength: 3 + maxLength: 64 + pattern: ^[a-zA-Z0-9]+$ + description: The name of an existing InfluxDB parameter group. + LogDeliveryConfiguration: + type: object + description: Configuration for sending logs to customer account from the InfluxDB instance. + properties: + S3Configuration: + description: S3 configuration for sending logs to customer account from the InfluxDB instance. + type: object + properties: + BucketName: + description: The bucket name for logs to be sent from the InfluxDB instance + type: string + minLength: 3 + maxLength: 63 + pattern: ^[0-9a-z]+[0-9a-z\.\-]*[0-9a-z]+$ + Enabled: + description: Specifies whether logging to customer specified bucket is enabled. + type: boolean + required: + - Enabled + - BucketName + additionalProperties: false + required: + - S3Configuration + additionalProperties: false + Status: + type: string + description: Status of the InfluxDB Instance. + enum: + - CREATING + - AVAILABLE + - DELETING + - MODIFYING + - UPDATING + - DELETED + - FAILED + Arn: + type: string + minLength: 1 + maxLength: 1011 + pattern: ^arn:aws[a-z\-]*:timestream\-influxdb:[a-z0-9\-]+:[0-9]{12}:(db\-instance)/[a-zA-Z0-9]{3,64}$ + description: The Amazon Resource Name (ARN) that is associated with the InfluxDB instance. + Name: + type: string + minLength: 3 + maxLength: 40 + pattern: ^[a-zA-z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$ + description: The unique name that is associated with the InfluxDB instance. + AvailabilityZone: + type: string + description: The Availability Zone (AZ) where the InfluxDB instance is created. + SecondaryAvailabilityZone: + type: string + description: The Secondary Availability Zone (AZ) where the InfluxDB instance is created, if DeploymentType is set as WITH_MULTIAZ_STANDBY. + Endpoint: + type: string + description: The connection endpoint for the InfluxDB instance. + InfluxAuthParametersSecretArn: + type: string + pattern: ^arn:[a-z]*:secretsmanager:[a-z\-0-9]*:[0-9]*:secret:[a-zA-Z0-9\-]* + description: The Auth parameters secret Amazon Resource name (ARN) that is associated with the InfluxDB instance. + Id: + type: string + pattern: ^[a-zA-Z0-9]+$ + minLength: 3 + maxLength: 64 + description: The service generated unique identifier for InfluxDB instance. + DeploymentType: + type: string + description: Deployment type of the InfluxDB Instance. + enum: + - SINGLE_AZ + - WITH_MULTIAZ_STANDBY + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + minItems: 1 + maxItems: 200 + description: An arbitrary set of tags (key-value pairs) for this DB instance. + x-stackql-resource-name: influxdb_instance + description: The AWS::Timestream::InfluxDBInstance resource creates an InfluxDB instance. + x-type-name: AWS::Timestream::InfluxDBInstance + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Name + - Username + - Password + - Organization + - Bucket + - DbInstanceType + - VpcSubnetIds + - VpcSecurityGroupIds + - PubliclyAccessible + - DbStorageType + - AllocatedStorage + - DeploymentType + x-write-only-properties: + - Username + - Password + - Organization + - Bucket + x-read-only-properties: + - Status + - Arn + - Id + - AvailabilityZone + - Endpoint + - SecondaryAvailabilityZone + - InfluxAuthParametersSecretArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - s3:ListBucket + - s3:GetBucketPolicy + - timestream-influxdb:GetDbInstance + - timestream-influxdb:ListDbInstances + - timestream-influxdb:CreateDbInstance + - timestream-influxdb:TagResource + - timestream-influxdb:ListTagsForResource + - ec2:DescribeSubnets + - ec2:DescribeVpcs + - ec2:DescribeNetworkInterfaces + - ec2:DescribeSecurityGroups + - ec2:CreateNetworkInterface + - iam:CreateServiceLinkedRole + read: + - timestream-influxdb:GetDbInstance + - timestream-influxdb:ListTagsForResource + update: + - s3:ListBucket + - s3:GetBucketPolicy + - timestream-influxdb:GetDbInstance + - timestream-influxdb:ListDbInstances + - timestream-influxdb:UpdateDbInstance + - timestream-influxdb:TagResource + - timestream-influxdb:UntagResource + - timestream-influxdb:ListTagsForResource + delete: + - timestream-influxdb:GetDbInstance + - timestream-influxdb:ListDbInstances + - timestream-influxdb:DeleteDbInstance + list: + - timestream-influxdb:ListDbInstances + Arn: + description: Amazon Resource Name of the scheduled query that is generated upon creation. + type: string + minLength: 1 + maxLength: 2048 + ScheduledQueryName: + description: The name of the scheduled query. Scheduled query names must be unique within each Region. + type: string + pattern: '[a-zA-Z0-9_.-]+' + minLength: 1 + maxLength: 64 + QueryString: + description: >- + The query string to run. Parameter names can be specified in the query string @ character followed by an identifier. The named Parameter @scheduled_runtime is reserved and can be used in the query to get the time at which the query is scheduled to run. The timestamp calculated according to the ScheduleConfiguration parameter, will be the value of @scheduled_runtime paramater for each query run. For example, consider an instance of a scheduled query executing on 2021-12-01 00:00:00. For + this instance, the @scheduled_runtime parameter is initialized to the timestamp 2021-12-01 00:00:00 when invoking the query. + type: string + minLength: 1 + maxLength: 262144 + ScheduleConfiguration: + description: Configuration for when the scheduled query is executed. + type: object + properties: + ScheduleExpression: + $ref: '#/components/schemas/ScheduleExpression' + required: + - ScheduleExpression + additionalProperties: false + NotificationConfiguration: + description: Notification configuration for the scheduled query. A notification is sent by Timestream when a query run finishes, when the state is updated or when you delete it. + type: object + properties: + SnsConfiguration: + $ref: '#/components/schemas/SnsConfiguration' + required: + - SnsConfiguration + additionalProperties: false + ClientToken: + description: Using a ClientToken makes the call to CreateScheduledQuery idempotent, in other words, making the same request repeatedly will produce the same result. Making multiple identical CreateScheduledQuery requests has the same effect as making a single request. If CreateScheduledQuery is called without a ClientToken, the Query SDK generates a ClientToken on your behalf. After 8 hours, any request with the same ClientToken is treated as a new request. + type: string + minLength: 32 + maxLength: 128 + ScheduledQueryExecutionRoleArn: + description: The ARN for the IAM role that Timestream will assume when running the scheduled query. + type: string + minLength: 1 + maxLength: 2048 + TargetConfiguration: + description: Configuration of target store where scheduled query results are written to. + type: object + properties: + TimestreamConfiguration: + $ref: '#/components/schemas/TimestreamConfiguration' + required: + - TimestreamConfiguration + additionalProperties: false + ErrorReportConfiguration: + description: Configuration for error reporting. Error reports will be generated when a problem is encountered when writing the query results. + type: object + properties: + S3Configuration: + $ref: '#/components/schemas/S3Configuration' + required: + - S3Configuration + additionalProperties: false + KmsKeyId: + description: The Amazon KMS key used to encrypt the scheduled query resource, at-rest. If the Amazon KMS key is not specified, the scheduled query resource will be encrypted with a Timestream owned Amazon KMS key. To specify a KMS key, use the key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix the name with alias/. If ErrorReportConfiguration uses SSE_KMS as encryption type, the same KmsKeyId is used to encrypt the error report at rest. + type: string + minLength: 1 + maxLength: 2048 + Tags: + description: A list of key-value pairs to label the scheduled query. + type: array + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + ScheduleExpression: + description: An expression that denotes when to trigger the scheduled query run. This can be a cron expression or a rate expression. + type: string + minLength: 1 + maxLength: 256 + SnsConfiguration: + description: SNS configuration for notification upon scheduled query execution. + type: object + properties: + TopicArn: + $ref: '#/components/schemas/TopicArn' + required: + - TopicArn + additionalProperties: false + TopicArn: + description: SNS topic ARN that the scheduled query status notifications will be sent to. + type: string + minLength: 1 + maxLength: 2048 + TimestreamConfiguration: + description: Configuration needed to write data into the Timestream database and table. + type: object + properties: + DatabaseName: + $ref: '#/components/schemas/DatabaseName' + TableName: + $ref: '#/components/schemas/TableName' + TimeColumn: + $ref: '#/components/schemas/TimeColumn' + DimensionMappings: + $ref: '#/components/schemas/DimensionMappings' + MultiMeasureMappings: + $ref: '#/components/schemas/MultiMeasureMappings' + MixedMeasureMappings: + $ref: '#/components/schemas/MixedMeasureMappings' + MeasureNameColumn: + $ref: '#/components/schemas/MeasureNameColumn' + required: + - DatabaseName + - TableName + - TimeColumn + - DimensionMappings + additionalProperties: false + DatabaseName: + description: Name of Timestream database to which the query result will be written. + type: string + TableName: + description: Name of Timestream table that the query result will be written to. The table should be within the same database that is provided in Timestream configuration. + type: string + TimeColumn: + description: Column from query result that should be used as the time column in destination table. Column type for this should be TIMESTAMP. + type: string + DimensionMappings: + description: This is to allow mapping column(s) from the query result to the dimension in the destination table. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/DimensionMapping' + DimensionMapping: + description: This type is used to map column(s) from the query result to a dimension in the destination table. + type: object + properties: + Name: + $ref: '#/components/schemas/DimensionMappingName' + DimensionValueType: + $ref: '#/components/schemas/DimensionValueType' + required: + - Name + - DimensionValueType + additionalProperties: false + DimensionMappingName: + description: Column name from query result. + type: string + DimensionValueType: + description: Type for the dimension. + type: string + enum: + - VARCHAR + MultiMeasureMappings: + description: Only one of MixedMeasureMappings or MultiMeasureMappings is to be provided. MultiMeasureMappings can be used to ingest data as multi measures in the derived table. + type: object + properties: + TargetMultiMeasureName: + $ref: '#/components/schemas/TargetMultiMeasureName' + MultiMeasureAttributeMappings: + $ref: '#/components/schemas/MultiMeasureAttributeMappingList' + required: + - MultiMeasureAttributeMappings + additionalProperties: false + TargetMultiMeasureName: + description: Name of the target multi-measure in the derived table. Required if MeasureNameColumn is not provided. If MeasureNameColumn is provided then the value from that column will be used as the multi-measure name. + type: string + MultiMeasureAttributeMappingList: + description: Required. Attribute mappings to be used for mapping query results to ingest data for multi-measure attributes. + type: array + x-insertionOrder: false + minItems: 1 + items: + $ref: '#/components/schemas/MultiMeasureAttributeMapping' + MultiMeasureAttributeMapping: + description: An attribute mapping to be used for mapping query results to ingest data for multi-measure attributes. + type: object + properties: + SourceColumn: + $ref: '#/components/schemas/MultiMeasureAttributeMappingSourceColumn' + MeasureValueType: + $ref: '#/components/schemas/MultiMeasureAttributeMappingMeasureValueType' + TargetMultiMeasureAttributeName: + $ref: '#/components/schemas/TargetMultiMeasureAttributeName' + required: + - SourceColumn + - MeasureValueType + additionalProperties: false + MultiMeasureAttributeMappingSourceColumn: + description: Source measure value column in the query result where the attribute value is to be read. + type: string + MultiMeasureAttributeMappingMeasureValueType: + description: Value type of the measure value column to be read from the query result. + type: string + enum: + - BIGINT + - BOOLEAN + - DOUBLE + - VARCHAR + - TIMESTAMP + TargetMultiMeasureAttributeName: + description: Custom name to be used for attribute name in derived table. If not provided, source column name would be used. + type: string + MixedMeasureMappings: + description: Specifies how to map measures to multi-measure records. + type: array + x-insertionOrder: false + minItems: 1 + items: + $ref: '#/components/schemas/MixedMeasureMapping' + MixedMeasureMapping: + description: MixedMeasureMappings are mappings that can be used to ingest data into a mixture of narrow and multi measures in the derived table. + type: object + properties: + MeasureName: + $ref: '#/components/schemas/MixedMeasureMappingMeasureName' + SourceColumn: + $ref: '#/components/schemas/MixedMeasureMappingSourceColumn' + TargetMeasureName: + $ref: '#/components/schemas/MixedMeasureMappingTargetMeasureName' + MeasureValueType: + $ref: '#/components/schemas/MixedMeasureMappingMeasureValueType' + MultiMeasureAttributeMappings: + $ref: '#/components/schemas/MultiMeasureAttributeMappingList' + required: + - MeasureValueType + additionalProperties: false + MixedMeasureMappingMeasureName: + description: Refers to the value of the measure name in a result row. This field is required if MeasureNameColumn is provided. + type: string + MixedMeasureMappingSourceColumn: + description: This field refers to the source column from which the measure value is to be read for result materialization. + type: string + MixedMeasureMappingTargetMeasureName: + description: Target measure name to be used. If not provided, the target measure name by default would be MeasureName if provided, or SourceColumn otherwise. + type: string + MixedMeasureMappingMeasureValueType: + description: Type of the value that is to be read from SourceColumn. If the mapping is for MULTI, use MeasureValueType.MULTI. + type: string + enum: + - BIGINT + - BOOLEAN + - DOUBLE + - VARCHAR + - MULTI + MeasureNameColumn: + description: Name of the measure name column from the query result. + type: string + S3Configuration: + description: Details on S3 location for error reports that result from running a query. + type: object + properties: + BucketName: + $ref: '#/components/schemas/BucketName' + ObjectKeyPrefix: + $ref: '#/components/schemas/ObjectKeyPrefix' + EncryptionOption: + $ref: '#/components/schemas/EncryptionOption' + required: + - BucketName + additionalProperties: false + BucketName: + description: Name of the S3 bucket under which error reports will be created. + type: string + minLength: 3 + maxLength: 63 + pattern: '[a-z0-9][\.\-a-z0-9]{1,61}[a-z0-9]' + ObjectKeyPrefix: + description: Prefix for error report keys. + type: string + minLength: 1 + maxLength: 896 + pattern: '[a-zA-Z0-9|!\-_*''\(\)]([a-zA-Z0-9]|[!\-_*''\(\)\/.])+' + EncryptionOption: + description: Encryption at rest options for the error reports. If no encryption option is specified, Timestream will choose SSE_S3 as default. + type: string + enum: + - SSE_S3 + - SSE_KMS + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + ScheduledQuery: + type: object + properties: + Arn: + $ref: '#/components/schemas/Arn' + ScheduledQueryName: + $ref: '#/components/schemas/ScheduledQueryName' + QueryString: + $ref: '#/components/schemas/QueryString' + ScheduleConfiguration: + $ref: '#/components/schemas/ScheduleConfiguration' + NotificationConfiguration: + $ref: '#/components/schemas/NotificationConfiguration' + ClientToken: + $ref: '#/components/schemas/ClientToken' + ScheduledQueryExecutionRoleArn: + $ref: '#/components/schemas/ScheduledQueryExecutionRoleArn' + TargetConfiguration: + $ref: '#/components/schemas/TargetConfiguration' + ErrorReportConfiguration: + $ref: '#/components/schemas/ErrorReportConfiguration' + KmsKeyId: + $ref: '#/components/schemas/KmsKeyId' + SQName: + description: The name of the scheduled query. Scheduled query names must be unique within each Region. + type: string + SQQueryString: + description: >- + The query string to run. Parameter names can be specified in the query string @ character followed by an identifier. The named Parameter @scheduled_runtime is reserved and can be used in the query to get the time at which the query is scheduled to run. The timestamp calculated according to the ScheduleConfiguration parameter, will be the value of @scheduled_runtime paramater for each query run. For example, consider an instance of a scheduled query executing on 2021-12-01 00:00:00. + For this instance, the @scheduled_runtime parameter is initialized to the timestamp 2021-12-01 00:00:00 when invoking the query. + type: string + SQScheduleConfiguration: + description: Configuration for when the scheduled query is executed. + type: string + SQNotificationConfiguration: + description: Notification configuration for the scheduled query. A notification is sent by Timestream when a query run finishes, when the state is updated or when you delete it. + type: string + SQScheduledQueryExecutionRoleArn: + description: The ARN for the IAM role that Timestream will assume when running the scheduled query. + type: string + SQTargetConfiguration: + description: Configuration of target store where scheduled query results are written to. + type: string + SQErrorReportConfiguration: + description: Configuration for error reporting. Error reports will be generated when a problem is encountered when writing the query results. + type: string + SQKmsKeyId: + description: The Amazon KMS key used to encrypt the scheduled query resource, at-rest. If the Amazon KMS key is not specified, the scheduled query resource will be encrypted with a Timestream owned Amazon KMS key. To specify a KMS key, use the key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix the name with alias/. If ErrorReportConfiguration uses SSE_KMS as encryption type, the same KmsKeyId is used to encrypt the error report at rest. + type: string + Tags: + $ref: '#/components/schemas/Tags' + required: + - QueryString + - ScheduleConfiguration + - NotificationConfiguration + - ScheduledQueryExecutionRoleArn + - ErrorReportConfiguration + x-stackql-resource-name: scheduled_query + description: The AWS::Timestream::ScheduledQuery resource creates a Timestream Scheduled Query. + x-type-name: AWS::Timestream::ScheduledQuery + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - ScheduledQueryName + - QueryString + - ScheduleConfiguration + - NotificationConfiguration + - ClientToken + - ScheduledQueryExecutionRoleArn + - TargetConfiguration + - ErrorReportConfiguration + - KmsKeyId + x-read-only-properties: + - Arn + - SQName + - SQQueryString + - SQScheduleConfiguration + - SQNotificationConfiguration + - SQScheduledQueryExecutionRoleArn + - SQTargetConfiguration + - SQErrorReportConfiguration + - SQKmsKeyId + x-required-properties: + - QueryString + - ScheduleConfiguration + - NotificationConfiguration + - ScheduledQueryExecutionRoleArn + - ErrorReportConfiguration + x-required-permissions: + create: + - timestream:CreateScheduledQuery + - timestream:DescribeEndpoints + read: + - timestream:DescribeScheduledQuery + - timestream:ListTagsForResource + - timestream:DescribeEndpoints + update: + - timestream:UpdateScheduledQuery + - timestream:TagResource + - timestream:UntagResource + - timestream:DescribeEndpoints + delete: + - timestream:DeleteScheduledQuery + - timestream:DescribeEndpoints + list: + - timestream:ListScheduledQueries + - timestream:DescribeEndpoints + PartitionKeyList: + description: A list of partition keys defining the attributes used to partition the table data. The order of the list determines the partition hierarchy. The name and type of each partition key as well as the partition key order cannot be changed after the table is created. However, the enforcement level of each partition key can be changed. + type: array + minItems: 1 + items: + $ref: '#/components/schemas/PartitionKey' + x-insertionOrder: true + PartitionKey: + description: 'An attribute used in partitioning data in a table. There are two types of partition keys: dimension keys and measure keys. A dimension key partitions data on a dimension name, while a measure key partitions data on the measure name.' + type: object + properties: + Type: + $ref: '#/components/schemas/PartitionKeyType' + Name: + $ref: '#/components/schemas/SchemaName' + EnforcementInRecord: + $ref: '#/components/schemas/PartitionKeyEnforcementLevel' + required: + - Type + additionalProperties: false + PartitionKeyType: + description: The type of the partition key. Options are DIMENSION (dimension key) and MEASURE (measure key). + type: string + enum: + - DIMENSION + - MEASURE + SchemaName: + description: The name of the attribute used for a dimension key. + type: string + minLength: 1 + maxLength: 2048 + PartitionKeyEnforcementLevel: + description: The level of enforcement for the specification of a dimension key in ingested records. Options are REQUIRED (dimension key must be specified) and OPTIONAL (dimension key does not have to be specified). + type: string + enum: + - REQUIRED + - OPTIONAL + Table: + type: object + properties: + Arn: + type: string + Name: + description: The table name exposed as a read-only attribute. + type: string + DatabaseName: + description: The name for the database which the table to be created belongs to. + type: string + pattern: ^[a-zA-Z0-9_.-]{3,256}$ + TableName: + description: The name for the table. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the table name. + type: string + pattern: ^[a-zA-Z0-9_.-]{3,256}$ + RetentionProperties: + description: The retention duration of the memory store and the magnetic store. + type: object + properties: + MemoryStoreRetentionPeriodInHours: + description: The duration for which data must be stored in the memory store. + type: string + MagneticStoreRetentionPeriodInDays: + description: The duration for which data must be stored in the magnetic store. + type: string + additionalProperties: false + Schema: + description: A Schema specifies the expected data model of the table. + type: object + properties: + CompositePartitionKey: + $ref: '#/components/schemas/PartitionKeyList' + additionalProperties: false + MagneticStoreWriteProperties: + description: The properties that determine whether magnetic store writes are enabled. + type: object + properties: + EnableMagneticStoreWrites: + description: Boolean flag indicating whether magnetic store writes are enabled. + type: boolean + MagneticStoreRejectedDataLocation: + description: Location to store information about records that were asynchronously rejected during magnetic store writes. + type: object + properties: + S3Configuration: + description: S3 configuration for location to store rejections from magnetic store writes + type: object + properties: + BucketName: + description: The bucket name used to store the data. + type: string + ObjectKeyPrefix: + description: String used to prefix all data in the bucket. + type: string + EncryptionOption: + description: Either SSE_KMS or SSE_S3. + type: string + KmsKeyId: + description: Must be provided if SSE_KMS is specified as the encryption option + type: string + required: + - EncryptionOption + - BucketName + additionalProperties: false + additionalProperties: false + required: + - EnableMagneticStoreWrites + additionalProperties: false + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + maxItems: 200 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - DatabaseName + x-stackql-resource-name: table + description: The AWS::Timestream::Table resource creates a Timestream Table. + x-type-name: AWS::Timestream::Table + x-stackql-primary-identifier: + - DatabaseName + - TableName + x-create-only-properties: + - DatabaseName + - TableName + x-read-only-properties: + - Arn + - Name + x-required-properties: + - DatabaseName + x-required-permissions: + create: + - timestream:CreateTable + - timestream:DescribeEndpoints + - timestream:TagResource + - s3:PutObject + - s3:GetObject + - s3:GetBucketAcl + - kms:GenerateDataKey* + - kms:DescribeKey + - kms:Encrypt + read: + - timestream:DescribeTable + - timestream:DescribeEndpoints + - timestream:ListTagsForResource + update: + - timestream:UpdateTable + - timestream:DescribeEndpoints + - timestream:TagResource + - timestream:UntagResource + - s3:PutObject + - s3:GetObject + - s3:GetBucketAcl + - kms:GenerateDataKey* + - kms:DescribeKey + - kms:Encrypt + delete: + - timestream:DeleteTable + - timestream:DescribeEndpoints + - timestream:DescribeTable + list: + - timestream:ListTables + - timestream:DescribeEndpoints + x-stackQL-resources: + databases: + name: databases + id: aws.timestream.databases + x-cfn-schema-name: Database + x-type: list + x-identifiers: + - DatabaseName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DatabaseName') as database_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Timestream::Database' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DatabaseName') as database_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Timestream::Database' + AND region = 'us-east-1' + database: + name: database + id: aws.timestream.database + x-cfn-schema-name: Database + x-type: get + x-identifiers: + - DatabaseName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DatabaseName') as database_name, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Timestream::Database' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DatabaseName') as database_name, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Timestream::Database' + AND data__Identifier = '' + AND region = 'us-east-1' + influxdb_instances: + name: influxdb_instances + id: aws.timestream.influxdb_instances + x-cfn-schema-name: InfluxDBInstance + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Timestream::InfluxDBInstance' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Timestream::InfluxDBInstance' + AND region = 'us-east-1' + influxdb_instance: + name: influxdb_instance + id: aws.timestream.influxdb_instance + x-cfn-schema-name: InfluxDBInstance + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Username') as username, + JSON_EXTRACT(Properties, '$.Password') as password, + JSON_EXTRACT(Properties, '$.Organization') as organization, + JSON_EXTRACT(Properties, '$.Bucket') as bucket, + JSON_EXTRACT(Properties, '$.DbInstanceType') as db_instance_type, + JSON_EXTRACT(Properties, '$.VpcSubnetIds') as vpc_subnet_ids, + JSON_EXTRACT(Properties, '$.VpcSecurityGroupIds') as vpc_security_group_ids, + JSON_EXTRACT(Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(Properties, '$.DbStorageType') as db_storage_type, + JSON_EXTRACT(Properties, '$.AllocatedStorage') as allocated_storage, + JSON_EXTRACT(Properties, '$.DbParameterGroupIdentifier') as db_parameter_group_identifier, + JSON_EXTRACT(Properties, '$.LogDeliveryConfiguration') as log_delivery_configuration, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(Properties, '$.SecondaryAvailabilityZone') as secondary_availability_zone, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.InfluxAuthParametersSecretArn') as influx_auth_parameters_secret_arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.DeploymentType') as deployment_type, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Timestream::InfluxDBInstance' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Username') as username, + json_extract_path_text(Properties, 'Password') as password, + json_extract_path_text(Properties, 'Organization') as organization, + json_extract_path_text(Properties, 'Bucket') as bucket, + json_extract_path_text(Properties, 'DbInstanceType') as db_instance_type, + json_extract_path_text(Properties, 'VpcSubnetIds') as vpc_subnet_ids, + json_extract_path_text(Properties, 'VpcSecurityGroupIds') as vpc_security_group_ids, + json_extract_path_text(Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(Properties, 'DbStorageType') as db_storage_type, + json_extract_path_text(Properties, 'AllocatedStorage') as allocated_storage, + json_extract_path_text(Properties, 'DbParameterGroupIdentifier') as db_parameter_group_identifier, + json_extract_path_text(Properties, 'LogDeliveryConfiguration') as log_delivery_configuration, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(Properties, 'SecondaryAvailabilityZone') as secondary_availability_zone, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'InfluxAuthParametersSecretArn') as influx_auth_parameters_secret_arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'DeploymentType') as deployment_type, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Timestream::InfluxDBInstance' + AND data__Identifier = '' + AND region = 'us-east-1' + scheduled_queries: + name: scheduled_queries + id: aws.timestream.scheduled_queries + x-cfn-schema-name: ScheduledQuery + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Timestream::ScheduledQuery' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Timestream::ScheduledQuery' + AND region = 'us-east-1' + scheduled_query: + name: scheduled_query + id: aws.timestream.scheduled_query + x-cfn-schema-name: ScheduledQuery + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ScheduledQueryName') as scheduled_query_name, + JSON_EXTRACT(Properties, '$.QueryString') as query_string, + JSON_EXTRACT(Properties, '$.ScheduleConfiguration') as schedule_configuration, + JSON_EXTRACT(Properties, '$.NotificationConfiguration') as notification_configuration, + JSON_EXTRACT(Properties, '$.ClientToken') as client_token, + JSON_EXTRACT(Properties, '$.ScheduledQueryExecutionRoleArn') as scheduled_query_execution_role_arn, + JSON_EXTRACT(Properties, '$.TargetConfiguration') as target_configuration, + JSON_EXTRACT(Properties, '$.ErrorReportConfiguration') as error_report_configuration, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.SQName') as sq_name, + JSON_EXTRACT(Properties, '$.SQQueryString') as sq_query_string, + JSON_EXTRACT(Properties, '$.SQScheduleConfiguration') as sq_schedule_configuration, + JSON_EXTRACT(Properties, '$.SQNotificationConfiguration') as sq_notification_configuration, + JSON_EXTRACT(Properties, '$.SQScheduledQueryExecutionRoleArn') as sq_scheduled_query_execution_role_arn, + JSON_EXTRACT(Properties, '$.SQTargetConfiguration') as sq_target_configuration, + JSON_EXTRACT(Properties, '$.SQErrorReportConfiguration') as sq_error_report_configuration, + JSON_EXTRACT(Properties, '$.SQKmsKeyId') as sq_kms_key_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Timestream::ScheduledQuery' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ScheduledQueryName') as scheduled_query_name, + json_extract_path_text(Properties, 'QueryString') as query_string, + json_extract_path_text(Properties, 'ScheduleConfiguration') as schedule_configuration, + json_extract_path_text(Properties, 'NotificationConfiguration') as notification_configuration, + json_extract_path_text(Properties, 'ClientToken') as client_token, + json_extract_path_text(Properties, 'ScheduledQueryExecutionRoleArn') as scheduled_query_execution_role_arn, + json_extract_path_text(Properties, 'TargetConfiguration') as target_configuration, + json_extract_path_text(Properties, 'ErrorReportConfiguration') as error_report_configuration, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'SQName') as sq_name, + json_extract_path_text(Properties, 'SQQueryString') as sq_query_string, + json_extract_path_text(Properties, 'SQScheduleConfiguration') as sq_schedule_configuration, + json_extract_path_text(Properties, 'SQNotificationConfiguration') as sq_notification_configuration, + json_extract_path_text(Properties, 'SQScheduledQueryExecutionRoleArn') as sq_scheduled_query_execution_role_arn, + json_extract_path_text(Properties, 'SQTargetConfiguration') as sq_target_configuration, + json_extract_path_text(Properties, 'SQErrorReportConfiguration') as sq_error_report_configuration, + json_extract_path_text(Properties, 'SQKmsKeyId') as sq_kms_key_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Timestream::ScheduledQuery' + AND data__Identifier = '' + AND region = 'us-east-1' + tables: + name: tables + id: aws.timestream.tables + x-cfn-schema-name: Table + x-type: list + x-identifiers: + - DatabaseName + - TableName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DatabaseName') as database_name, + JSON_EXTRACT(Properties, '$.TableName') as table_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Timestream::Table' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DatabaseName') as database_name, + json_extract_path_text(Properties, 'TableName') as table_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Timestream::Table' + AND region = 'us-east-1' + table: + name: table + id: aws.timestream.table + x-cfn-schema-name: Table + x-type: get + x-identifiers: + - DatabaseName + - TableName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.DatabaseName') as database_name, + JSON_EXTRACT(Properties, '$.TableName') as table_name, + JSON_EXTRACT(Properties, '$.RetentionProperties') as retention_properties, + JSON_EXTRACT(Properties, '$.Schema') as _schema, + JSON_EXTRACT(Properties, '$.MagneticStoreWriteProperties') as magnetic_store_write_properties, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Timestream::Table' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'DatabaseName') as database_name, + json_extract_path_text(Properties, 'TableName') as table_name, + json_extract_path_text(Properties, 'RetentionProperties') as retention_properties, + json_extract_path_text(Properties, 'Schema') as _schema, + json_extract_path_text(Properties, 'MagneticStoreWriteProperties') as magnetic_store_write_properties, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Timestream::Table' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/transfer.yaml b/providers/src/aws/v00.00.00000/services/transfer.yaml new file mode 100644 index 00000000..6abed60d --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/transfer.yaml @@ -0,0 +1,1146 @@ +openapi: 3.0.0 +info: + title: Transfer + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + description: Creates a key-value pair for a specific resource. + type: object + properties: + Key: + type: string + description: The name assigned to the tag that you create. + minLength: 1 + maxLength: 128 + Value: + type: string + description: Contains one or more values that you assigned to the key name you create. + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Agreement: + type: object + properties: + Description: + description: A textual description for the agreement. + type: string + pattern: ^[\w\- ]*$ + minLength: 1 + maxLength: 200 + ServerId: + description: A unique identifier for the server. + type: string + pattern: ^s-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + LocalProfileId: + description: A unique identifier for the local profile. + type: string + pattern: ^p-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + PartnerProfileId: + description: A unique identifier for the partner profile. + type: string + pattern: ^p-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + BaseDirectory: + description: Specifies the base directory for the agreement. + type: string + pattern: ^$|/.* + maxLength: 1024 + AccessRole: + description: Specifies the access role for the agreement. + type: string + pattern: arn:.*role/.* + minLength: 20 + maxLength: 2048 + Status: + description: Specifies the status of the agreement. + type: string + enum: + - ACTIVE + - INACTIVE + Tags: + description: Key-value pairs that can be used to group and search for agreements. Tags are metadata attached to agreements for any purpose. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + AgreementId: + description: A unique identifier for the agreement. + type: string + pattern: ^a-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + Arn: + description: Specifies the unique Amazon Resource Name (ARN) for the agreement. + type: string + pattern: arn:.* + minLength: 20 + maxLength: 1600 + required: + - ServerId + - LocalProfileId + - PartnerProfileId + - BaseDirectory + - AccessRole + x-stackql-resource-name: agreement + description: Resource Type definition for AWS::Transfer::Agreement + x-type-name: AWS::Transfer::Agreement + x-stackql-primary-identifier: + - AgreementId + - ServerId + x-create-only-properties: + - ServerId + x-read-only-properties: + - AgreementId + - Arn + x-required-properties: + - ServerId + - LocalProfileId + - PartnerProfileId + - BaseDirectory + - AccessRole + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - transfer:CreateAgreement + - transfer:TagResource + - iam:PassRole + read: + - transfer:DescribeAgreement + update: + - transfer:UpdateAgreement + - transfer:UnTagResource + - transfer:TagResource + - iam:PassRole + delete: + - transfer:DeleteAgreement + list: + - transfer:ListAgreements + Certificate: + type: object + properties: + Usage: + description: Specifies the usage type for the certificate. + type: string + enum: + - SIGNING + - ENCRYPTION + Certificate: + description: Specifies the certificate body to be imported. + type: string + pattern: "^[\t\n\r -ÿ]*" + minLength: 1 + maxLength: 16384 + CertificateChain: + description: Specifies the certificate chain to be imported. + type: string + pattern: "^[\t\n\r -ÿ]*" + minLength: 1 + maxLength: 2097152 + PrivateKey: + description: Specifies the private key for the certificate. + type: string + pattern: "^[\t\n\r -ÿ]*" + minLength: 1 + maxLength: 16384 + ActiveDate: + description: Specifies the active date for the certificate. + type: string + InactiveDate: + description: Specifies the inactive date for the certificate. + type: string + Description: + description: A textual description for the certificate. + type: string + pattern: ^[\w\- ]*$ + minLength: 1 + maxLength: 200 + Tags: + description: Key-value pairs that can be used to group and search for certificates. Tags are metadata attached to certificates for any purpose. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Arn: + description: Specifies the unique Amazon Resource Name (ARN) for the agreement. + type: string + pattern: arn:.* + minLength: 20 + maxLength: 1600 + CertificateId: + description: A unique identifier for the certificate. + type: string + pattern: ^cert-([0-9a-f]{17})$ + minLength: 22 + maxLength: 22 + Status: + description: A status description for the certificate. + type: string + enum: + - ACTIVE + - PENDING + - INACTIVE + Type: + description: Describing the type of certificate. With or without a private key. + type: string + enum: + - CERTIFICATE + - CERTIFICATE_WITH_PRIVATE_KEY + Serial: + description: Specifies Certificate's serial. + type: string + pattern: ^[\p{XDigit}{2}:?]* + minLength: 0 + maxLength: 48 + NotBeforeDate: + description: Specifies the not before date for the certificate. + type: string + NotAfterDate: + description: Specifies the not after date for the certificate. + type: string + required: + - Certificate + - Usage + x-stackql-resource-name: certificate + description: Resource Type definition for AWS::Transfer::Certificate + x-type-name: AWS::Transfer::Certificate + x-stackql-primary-identifier: + - CertificateId + x-create-only-properties: + - Certificate + - CertificateChain + - PrivateKey + x-write-only-properties: + - PrivateKey + x-read-only-properties: + - Arn + - CertificateId + - Status + - Type + - Serial + - NotAfterDate + - NotBeforeDate + x-required-properties: + - Certificate + - Usage + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - transfer:ImportCertificate + - transfer:TagResource + read: + - transfer:DescribeCertificate + update: + - transfer:UpdateCertificate + - transfer:UnTagResource + - transfer:TagResource + delete: + - transfer:DeleteCertificate + list: + - transfer:ListCertificates + SftpConnectorTrustedHostKey: + description: The public host key for the external server to which you are connecting. + type: string + minLength: 1 + maxLength: 2048 + Connector: + type: object + properties: + AccessRole: + description: Specifies the access role for the connector. + type: string + pattern: arn:.*role/.* + minLength: 20 + maxLength: 2048 + As2Config: + description: Configuration for an AS2 connector. + type: object + properties: + LocalProfileId: + type: string + description: A unique identifier for the local profile. + pattern: ^p-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + PartnerProfileId: + type: string + description: A unique identifier for the partner profile. + pattern: ^p-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + MessageSubject: + type: string + description: The message subject for this AS2 connector configuration. + pattern: ^[\p{Print}\p{Blank}]+ + minLength: 1 + maxLength: 1024 + Compression: + type: string + description: Compression setting for this AS2 connector configuration. + enum: + - ZLIB + - DISABLED + EncryptionAlgorithm: + type: string + description: Encryption algorithm for this AS2 connector configuration. + enum: + - AES128_CBC + - AES192_CBC + - AES256_CBC + - NONE + SigningAlgorithm: + type: string + description: Signing algorithm for this AS2 connector configuration. + enum: + - SHA256 + - SHA384 + - SHA512 + - SHA1 + - NONE + MdnSigningAlgorithm: + type: string + description: MDN Signing algorithm for this AS2 connector configuration. + enum: + - SHA256 + - SHA384 + - SHA512 + - SHA1 + - NONE + - DEFAULT + MdnResponse: + type: string + description: MDN Response setting for this AS2 connector configuration. + enum: + - SYNC + - NONE + BasicAuthSecretId: + type: string + description: ARN or name of the secret in AWS Secrets Manager which contains the credentials for Basic authentication. If empty, Basic authentication is disabled for the AS2 connector + minLength: 0 + maxLength: 2048 + additionalProperties: false + SftpConfig: + description: Configuration for an SFTP connector. + type: object + properties: + UserSecretId: + type: string + description: ARN or name of the secret in AWS Secrets Manager which contains the SFTP user's private keys or passwords. + minLength: 1 + maxLength: 2048 + TrustedHostKeys: + description: List of public host keys, for the external server to which you are connecting. + type: array + maxItems: 10 + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/SftpConnectorTrustedHostKey' + additionalProperties: false + Arn: + description: Specifies the unique Amazon Resource Name (ARN) for the connector. + type: string + pattern: arn:.* + minLength: 20 + maxLength: 1600 + ConnectorId: + description: A unique identifier for the connector. + type: string + pattern: ^c-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + LoggingRole: + description: Specifies the logging role for the connector. + type: string + pattern: arn:.*role/.* + minLength: 20 + maxLength: 2048 + Tags: + description: Key-value pairs that can be used to group and search for connectors. Tags are metadata attached to connectors for any purpose. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Url: + description: URL for Connector + type: string + maxLength: 255 + required: + - AccessRole + - Url + x-stackql-resource-name: connector + description: Resource Type definition for AWS::Transfer::Connector + x-type-name: AWS::Transfer::Connector + x-stackql-primary-identifier: + - ConnectorId + x-read-only-properties: + - Arn + - ConnectorId + x-required-properties: + - AccessRole + - Url + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - transfer:CreateConnector + - transfer:TagResource + - iam:PassRole + read: + - transfer:DescribeConnector + update: + - transfer:UpdateConnector + - transfer:UnTagResource + - transfer:TagResource + - iam:PassRole + delete: + - transfer:DeleteConnector + list: + - transfer:ListConnectors + CertificateId: + description: A unique identifier for the certificate. + type: string + pattern: ^cert-([0-9a-f]{17})$ + minLength: 22 + maxLength: 22 + Profile: + type: object + properties: + As2Id: + description: AS2 identifier agreed with a trading partner. + type: string + minLength: 1 + maxLength: 128 + ProfileType: + description: Enum specifying whether the profile is local or associated with a trading partner. + type: string + enum: + - LOCAL + - PARTNER + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + maxItems: 50 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + CertificateIds: + description: List of the certificate IDs associated with this profile to be used for encryption and signing of AS2 messages. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/CertificateId' + Arn: + description: Specifies the unique Amazon Resource Name (ARN) for the profile. + type: string + pattern: arn:.* + minLength: 20 + maxLength: 1600 + ProfileId: + description: A unique identifier for the profile + type: string + pattern: ^p-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + required: + - As2Id + - ProfileType + x-stackql-resource-name: profile + description: Resource Type definition for AWS::Transfer::Profile + x-type-name: AWS::Transfer::Profile + x-stackql-primary-identifier: + - ProfileId + x-create-only-properties: + - ProfileType + x-read-only-properties: + - Arn + - ProfileId + x-required-properties: + - As2Id + - ProfileType + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - transfer:CreateProfile + - transfer:TagResource + read: + - transfer:DescribeProfile + update: + - transfer:UpdateProfile + - transfer:UnTagResource + - transfer:TagResource + delete: + - transfer:DeleteProfile + list: + - transfer:ListProfiles + S3Tag: + description: Specifies the key-value pair that are assigned to a file during the execution of a Tagging step. + type: object + properties: + Key: + description: The name assigned to the tag that you create. + type: string + minLength: 1 + maxLength: 128 + Value: + description: The value that corresponds to the key. + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + EfsInputFileLocation: + description: Specifies the details for an EFS file. + type: object + properties: + FileSystemId: + description: Specifies the EFS filesystem that contains the file. + type: string + pattern: ^(arn:aws[-a-z]*:elasticfilesystem:[0-9a-z-:]+:(access-point/fsap|file-system/fs)-[0-9a-f]{8,40}|fs(ap)?-[0-9a-f]{8,40})$ + minLength: 0 + maxLength: 128 + Path: + description: The name assigned to the file when it was created in EFS. You use the object path to retrieve the object. + type: string + pattern: ^[^\x00]+$ + minLength: 1 + maxLength: 65536 + additionalProperties: false + S3InputFileLocation: + description: Specifies the details for a S3 file. + type: object + properties: + Bucket: + description: Specifies the S3 bucket that contains the file. + type: string + pattern: ^[a-z0-9][\.\-a-z0-9]{1,61}[a-z0-9]$ + minLength: 3 + maxLength: 63 + Key: + description: The name assigned to the file when it was created in S3. You use the object key to retrieve the object. + type: string + pattern: .* + minLength: 0 + maxLength: 1024 + additionalProperties: false + InputFileLocation: + description: Specifies the location for the file being decrypted. Only applicable for the Decrypt type of workflow steps. + type: object + properties: + S3FileLocation: + $ref: '#/components/schemas/S3InputFileLocation' + EfsFileLocation: + $ref: '#/components/schemas/EfsInputFileLocation' + additionalProperties: false + S3FileLocation: + description: Specifies the location for the file being copied. Only applicable for the Copy type of workflow steps. + type: object + properties: + S3FileLocation: + $ref: '#/components/schemas/S3InputFileLocation' + additionalProperties: false + WorkflowStep: + description: The basic building block of a workflow. + type: object + properties: + CopyStepDetails: + description: Details for a step that performs a file copy. + type: object + properties: + DestinationFileLocation: + $ref: '#/components/schemas/S3FileLocation' + Name: + description: The name of the step, used as an identifier. + type: string + pattern: ^[\w-]*$ + minLength: 0 + maxLength: 30 + OverwriteExisting: + description: A flag that indicates whether or not to overwrite an existing file of the same name. The default is FALSE. + type: string + enum: + - 'TRUE' + - 'FALSE' + SourceFileLocation: + description: Specifies which file to use as input to the workflow step. + type: string + pattern: ^\$\{(\w+.)+\w+\}$ + minLength: 0 + maxLength: 256 + additionalProperties: false + CustomStepDetails: + description: Details for a step that invokes a lambda function. + type: object + properties: + Name: + description: The name of the step, used as an identifier. + type: string + pattern: ^[\w-]*$ + minLength: 0 + maxLength: 30 + Target: + description: The ARN for the lambda function that is being called. + type: string + pattern: arn:[a-z-]+:lambda:.*$ + minLength: 0 + maxLength: 170 + TimeoutSeconds: + description: Timeout, in seconds, for the step. + type: integer + minimum: 1 + maximum: 1800 + SourceFileLocation: + description: Specifies which file to use as input to the workflow step. + type: string + pattern: ^\$\{(\w+.)+\w+\}$ + minLength: 0 + maxLength: 256 + additionalProperties: false + DecryptStepDetails: + description: Details for a step that performs a file decryption. + type: object + properties: + DestinationFileLocation: + $ref: '#/components/schemas/InputFileLocation' + Name: + description: The name of the step, used as an identifier. + type: string + pattern: ^[\w-]*$ + minLength: 0 + maxLength: 30 + Type: + description: Specifies which encryption method to use. + type: string + enum: + - PGP + OverwriteExisting: + description: A flag that indicates whether or not to overwrite an existing file of the same name. The default is FALSE. + type: string + enum: + - 'TRUE' + - 'FALSE' + SourceFileLocation: + description: Specifies which file to use as input to the workflow step. + type: string + pattern: ^\$\{(\w+.)+\w+\}$ + minLength: 0 + maxLength: 256 + additionalProperties: false + DeleteStepDetails: + description: Details for a step that deletes the file. + type: object + properties: + Name: + description: The name of the step, used as an identifier. + type: string + pattern: ^[\w-]*$ + minLength: 0 + maxLength: 30 + SourceFileLocation: + description: Specifies which file to use as input to the workflow step. + type: string + pattern: ^\$\{(\w+.)+\w+\}$ + minLength: 0 + maxLength: 256 + additionalProperties: false + TagStepDetails: + description: Details for a step that creates one or more tags. + type: object + properties: + Name: + description: The name of the step, used as an identifier. + type: string + pattern: ^[\w-]*$ + minLength: 0 + maxLength: 30 + Tags: + description: Array that contains from 1 to 10 key/value pairs. + type: array + maxItems: 10 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/S3Tag' + SourceFileLocation: + description: Specifies which file to use as input to the workflow step. + type: string + pattern: ^\$\{(\w+.)+\w+\}$ + minLength: 0 + maxLength: 256 + additionalProperties: false + Type: + type: string + enum: + - COPY + - CUSTOM + - DECRYPT + - DELETE + - TAG + additionalProperties: false + Workflow: + type: object + properties: + OnExceptionSteps: + description: Specifies the steps (actions) to take if any errors are encountered during execution of the workflow. + type: array + maxItems: 8 + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/WorkflowStep' + Steps: + description: Specifies the details for the steps that are in the specified workflow. + type: array + maxItems: 8 + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/WorkflowStep' + Tags: + description: Key-value pairs that can be used to group and search for workflows. Tags are metadata attached to workflows for any purpose. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Description: + description: A textual description for the workflow. + type: string + pattern: ^[\w\- ]*$ + minLength: 0 + maxLength: 256 + WorkflowId: + description: A unique identifier for the workflow. + type: string + pattern: ^w-([a-z0-9]{17})$ + minLength: 19 + maxLength: 19 + Arn: + description: Specifies the unique Amazon Resource Name (ARN) for the workflow. + type: string + pattern: arn:.* + minLength: 20 + maxLength: 1600 + required: + - Steps + x-stackql-resource-name: workflow + description: Resource Type definition for AWS::Transfer::Workflow + x-type-name: AWS::Transfer::Workflow + x-stackql-primary-identifier: + - WorkflowId + x-create-only-properties: + - Steps + - OnExceptionSteps + - Description + x-read-only-properties: + - WorkflowId + - Arn + x-required-properties: + - Steps + x-taggable: true + x-required-permissions: + create: + - transfer:CreateWorkflow + - transfer:TagResource + read: + - transfer:DescribeWorkflow + delete: + - transfer:DeleteWorkflow + list: + - transfer:ListWorkflows + update: + - transfer:UnTagResource + - transfer:TagResource + x-stackQL-resources: + agreements: + name: agreements + id: aws.transfer.agreements + x-cfn-schema-name: Agreement + x-type: list + x-identifiers: + - AgreementId + - ServerId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AgreementId') as agreement_id, + JSON_EXTRACT(Properties, '$.ServerId') as server_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Agreement' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AgreementId') as agreement_id, + json_extract_path_text(Properties, 'ServerId') as server_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Agreement' + AND region = 'us-east-1' + agreement: + name: agreement + id: aws.transfer.agreement + x-cfn-schema-name: Agreement + x-type: get + x-identifiers: + - AgreementId + - ServerId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ServerId') as server_id, + JSON_EXTRACT(Properties, '$.LocalProfileId') as local_profile_id, + JSON_EXTRACT(Properties, '$.PartnerProfileId') as partner_profile_id, + JSON_EXTRACT(Properties, '$.BaseDirectory') as base_directory, + JSON_EXTRACT(Properties, '$.AccessRole') as access_role, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AgreementId') as agreement_id, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Agreement' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ServerId') as server_id, + json_extract_path_text(Properties, 'LocalProfileId') as local_profile_id, + json_extract_path_text(Properties, 'PartnerProfileId') as partner_profile_id, + json_extract_path_text(Properties, 'BaseDirectory') as base_directory, + json_extract_path_text(Properties, 'AccessRole') as access_role, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AgreementId') as agreement_id, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Agreement' + AND data__Identifier = '|' + AND region = 'us-east-1' + certificates: + name: certificates + id: aws.transfer.certificates + x-cfn-schema-name: Certificate + x-type: list + x-identifiers: + - CertificateId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CertificateId') as certificate_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Certificate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CertificateId') as certificate_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Certificate' + AND region = 'us-east-1' + certificate: + name: certificate + id: aws.transfer.certificate + x-cfn-schema-name: Certificate + x-type: get + x-identifiers: + - CertificateId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Usage') as usage, + JSON_EXTRACT(Properties, '$.Certificate') as certificate, + JSON_EXTRACT(Properties, '$.CertificateChain') as certificate_chain, + JSON_EXTRACT(Properties, '$.PrivateKey') as private_key, + JSON_EXTRACT(Properties, '$.ActiveDate') as active_date, + JSON_EXTRACT(Properties, '$.InactiveDate') as inactive_date, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CertificateId') as certificate_id, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Serial') as serial, + JSON_EXTRACT(Properties, '$.NotBeforeDate') as not_before_date, + JSON_EXTRACT(Properties, '$.NotAfterDate') as not_after_date + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Certificate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Usage') as usage, + json_extract_path_text(Properties, 'Certificate') as certificate, + json_extract_path_text(Properties, 'CertificateChain') as certificate_chain, + json_extract_path_text(Properties, 'PrivateKey') as private_key, + json_extract_path_text(Properties, 'ActiveDate') as active_date, + json_extract_path_text(Properties, 'InactiveDate') as inactive_date, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CertificateId') as certificate_id, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Serial') as serial, + json_extract_path_text(Properties, 'NotBeforeDate') as not_before_date, + json_extract_path_text(Properties, 'NotAfterDate') as not_after_date + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Certificate' + AND data__Identifier = '' + AND region = 'us-east-1' + connectors: + name: connectors + id: aws.transfer.connectors + x-cfn-schema-name: Connector + x-type: list + x-identifiers: + - ConnectorId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConnectorId') as connector_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Connector' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConnectorId') as connector_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Connector' + AND region = 'us-east-1' + connector: + name: connector + id: aws.transfer.connector + x-cfn-schema-name: Connector + x-type: get + x-identifiers: + - ConnectorId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccessRole') as access_role, + JSON_EXTRACT(Properties, '$.As2Config') as as2_config, + JSON_EXTRACT(Properties, '$.SftpConfig') as sftp_config, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ConnectorId') as connector_id, + JSON_EXTRACT(Properties, '$.LoggingRole') as logging_role, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Url') as url + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Connector' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccessRole') as access_role, + json_extract_path_text(Properties, 'As2Config') as as2_config, + json_extract_path_text(Properties, 'SftpConfig') as sftp_config, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ConnectorId') as connector_id, + json_extract_path_text(Properties, 'LoggingRole') as logging_role, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Url') as url + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Connector' + AND data__Identifier = '' + AND region = 'us-east-1' + profiles: + name: profiles + id: aws.transfer.profiles + x-cfn-schema-name: Profile + x-type: list + x-identifiers: + - ProfileId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ProfileId') as profile_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Profile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ProfileId') as profile_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Profile' + AND region = 'us-east-1' + profile: + name: profile + id: aws.transfer.profile + x-cfn-schema-name: Profile + x-type: get + x-identifiers: + - ProfileId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.As2Id') as as2_id, + JSON_EXTRACT(Properties, '$.ProfileType') as profile_type, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CertificateIds') as certificate_ids, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ProfileId') as profile_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Profile' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'As2Id') as as2_id, + json_extract_path_text(Properties, 'ProfileType') as profile_type, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CertificateIds') as certificate_ids, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ProfileId') as profile_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Profile' + AND data__Identifier = '' + AND region = 'us-east-1' + workflows: + name: workflows + id: aws.transfer.workflows + x-cfn-schema-name: Workflow + x-type: list + x-identifiers: + - WorkflowId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.WorkflowId') as workflow_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Workflow' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'WorkflowId') as workflow_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Workflow' + AND region = 'us-east-1' + workflow: + name: workflow + id: aws.transfer.workflow + x-cfn-schema-name: Workflow + x-type: get + x-identifiers: + - WorkflowId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.OnExceptionSteps') as on_exception_steps, + JSON_EXTRACT(Properties, '$.Steps') as steps, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.WorkflowId') as workflow_id, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Workflow' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'OnExceptionSteps') as on_exception_steps, + json_extract_path_text(Properties, 'Steps') as steps, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'WorkflowId') as workflow_id, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Workflow' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/verifiedpermissions.yaml b/providers/src/aws/v00.00.00000/services/verifiedpermissions.yaml new file mode 100644 index 00000000..d2143bf4 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/verifiedpermissions.yaml @@ -0,0 +1,665 @@ +openapi: 3.0.0 +info: + title: VerifiedPermissions + version: 1.0.0 +paths: {} +components: + schemas: + CognitoGroupConfiguration: + type: object + properties: + GroupEntityType: + type: string + maxLength: 200 + minLength: 1 + pattern: ^([_a-zA-Z][_a-zA-Z0-9]*::)*[_a-zA-Z][_a-zA-Z0-9]*$ + required: + - GroupEntityType + additionalProperties: false + CognitoUserPoolConfiguration: + type: object + properties: + UserPoolArn: + type: string + maxLength: 255 + minLength: 1 + pattern: ^arn:[a-zA-Z0-9-]+:cognito-idp:(([a-zA-Z0-9-]+:\d{12}:userpool/[\w-]+_[0-9a-zA-Z]+))$ + ClientIds: + type: array + items: + type: string + maxLength: 255 + minLength: 1 + pattern: ^.*$ + maxItems: 1000 + minItems: 0 + x-insertionOrder: false + GroupConfiguration: + $ref: '#/components/schemas/CognitoGroupConfiguration' + required: + - UserPoolArn + additionalProperties: false + IdentitySourceConfiguration: + type: object + x-title: CognitoUserPoolConfiguration + properties: + CognitoUserPoolConfiguration: + $ref: '#/components/schemas/CognitoUserPoolConfiguration' + required: + - CognitoUserPoolConfiguration + additionalProperties: false + IdentitySourceDetails: + type: object + properties: + ClientIds: + type: array + items: + type: string + maxLength: 255 + minLength: 1 + pattern: ^.*$ + maxItems: 1000 + minItems: 0 + x-insertionOrder: false + UserPoolArn: + type: string + maxLength: 255 + minLength: 1 + pattern: ^arn:[a-zA-Z0-9-]+:cognito-idp:(([a-zA-Z0-9-]+:\d{12}:userpool/[\w-]+_[0-9a-zA-Z]+))$ + DiscoveryUrl: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^https://.*$ + OpenIdIssuer: + $ref: '#/components/schemas/OpenIdIssuer' + additionalProperties: false + OpenIdIssuer: + type: string + enum: + - COGNITO + IdentitySource: + type: object + properties: + Configuration: + $ref: '#/components/schemas/IdentitySourceConfiguration' + Details: + $ref: '#/components/schemas/IdentitySourceDetails' + IdentitySourceId: + type: string + maxLength: 200 + minLength: 1 + pattern: ^[a-zA-Z0-9-]*$ + PolicyStoreId: + type: string + maxLength: 200 + minLength: 1 + pattern: ^[a-zA-Z0-9-]*$ + PrincipalEntityType: + type: string + maxLength: 200 + minLength: 1 + pattern: ^.*$ + required: + - Configuration + - PolicyStoreId + x-stackql-resource-name: identity_source + description: Definition of AWS::VerifiedPermissions::IdentitySource Resource Type + x-type-name: AWS::VerifiedPermissions::IdentitySource + x-stackql-primary-identifier: + - IdentitySourceId + - PolicyStoreId + x-create-only-properties: + - PolicyStoreId + x-read-only-properties: + - Details + - IdentitySourceId + x-required-properties: + - Configuration + - PolicyStoreId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - verifiedpermissions:CreateIdentitySource + - verifiedpermissions:GetIdentitySource + - cognito-idp:DescribeUserPool + - cognito-idp:ListUserPoolClients + read: + - verifiedpermissions:GetIdentitySource + - cognito-idp:DescribeUserPool + - cognito-idp:ListUserPoolClients + update: + - verifiedpermissions:UpdateIdentitySource + - verifiedpermissions:GetIdentitySource + - cognito-idp:DescribeUserPool + - cognito-idp:ListUserPoolClients + delete: + - verifiedpermissions:DeleteIdentitySource + - verifiedpermissions:GetIdentitySource + - cognito-idp:DescribeUserPool + - cognito-idp:ListUserPoolClients + list: + - verifiedpermissions:ListIdentitySources + - verifiedpermissions:GetIdentitySource + - cognito-idp:DescribeUserPool + - cognito-idp:ListUserPoolClients + EntityIdentifier: + type: object + properties: + EntityType: + type: string + maxLength: 200 + minLength: 1 + pattern: ^.*$ + EntityId: + type: string + maxLength: 200 + minLength: 1 + pattern: ^.*$ + required: + - EntityId + - EntityType + additionalProperties: false + PolicyDefinition: + oneOf: + - type: object + title: Static + properties: + Static: + $ref: '#/components/schemas/StaticPolicyDefinition' + required: + - Static + additionalProperties: false + - type: object + title: TemplateLinked + properties: + TemplateLinked: + $ref: '#/components/schemas/TemplateLinkedPolicyDefinition' + required: + - TemplateLinked + additionalProperties: false + PolicyType: + type: string + enum: + - STATIC + - TEMPLATE_LINKED + StaticPolicyDefinition: + type: object + properties: + Description: + type: string + maxLength: 150 + minLength: 0 + Statement: + type: string + maxLength: 10000 + minLength: 1 + required: + - Statement + additionalProperties: false + TemplateLinkedPolicyDefinition: + type: object + properties: + PolicyTemplateId: + type: string + maxLength: 200 + minLength: 1 + pattern: ^[a-zA-Z0-9-]*$ + Principal: + $ref: '#/components/schemas/EntityIdentifier' + Resource: + $ref: '#/components/schemas/EntityIdentifier' + required: + - PolicyTemplateId + additionalProperties: false + Policy: + type: object + properties: + Definition: + $ref: '#/components/schemas/PolicyDefinition' + PolicyId: + type: string + maxLength: 200 + minLength: 1 + pattern: ^[a-zA-Z0-9-]*$ + PolicyStoreId: + type: string + maxLength: 200 + minLength: 1 + pattern: ^[a-zA-Z0-9-]*$ + PolicyType: + $ref: '#/components/schemas/PolicyType' + required: + - Definition + - PolicyStoreId + x-stackql-resource-name: policy + description: Definition of AWS::VerifiedPermissions::Policy Resource Type + x-type-name: AWS::VerifiedPermissions::Policy + x-stackql-primary-identifier: + - PolicyId + - PolicyStoreId + x-create-only-properties: + - PolicyStoreId + x-read-only-properties: + - PolicyId + - PolicyType + x-required-properties: + - Definition + - PolicyStoreId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - verifiedpermissions:CreatePolicy + - verifiedpermissions:GetPolicy + read: + - verifiedpermissions:GetPolicy + update: + - verifiedpermissions:UpdatePolicy + - verifiedpermissions:GetPolicy + delete: + - verifiedpermissions:DeletePolicy + - verifiedpermissions:GetPolicy + list: + - verifiedpermissions:ListPolicies + - verifiedpermissions:GetPolicy + ValidationMode: + type: string + enum: + - 'OFF' + - STRICT + ValidationSettings: + type: object + properties: + Mode: + $ref: '#/components/schemas/ValidationMode' + required: + - Mode + additionalProperties: false + SchemaJson: + type: string + SchemaDefinition: + type: object + properties: + CedarJson: + $ref: '#/components/schemas/SchemaJson' + additionalProperties: false + PolicyStore: + type: object + properties: + Arn: + type: string + maxLength: 2500 + minLength: 1 + pattern: ^arn:[^:]*:[^:]*:[^:]*:[^:]*:.*$ + Description: + type: string + maxLength: 150 + minLength: 0 + PolicyStoreId: + type: string + maxLength: 200 + minLength: 1 + pattern: ^[a-zA-Z0-9-]*$ + ValidationSettings: + $ref: '#/components/schemas/ValidationSettings' + Schema: + $ref: '#/components/schemas/SchemaDefinition' + required: + - ValidationSettings + x-stackql-resource-name: policy_store + description: Represents a policy store that you can place schema, policies, and policy templates in to validate authorization requests + x-type-name: AWS::VerifiedPermissions::PolicyStore + x-stackql-primary-identifier: + - PolicyStoreId + x-read-only-properties: + - Arn + - PolicyStoreId + x-required-properties: + - ValidationSettings + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - verifiedpermissions:CreatePolicyStore + - verifiedpermissions:GetPolicyStore + - verifiedpermissions:PutSchema + read: + - verifiedpermissions:GetPolicyStore + - verifiedpermissions:GetSchema + update: + - verifiedpermissions:UpdatePolicyStore + - verifiedpermissions:GetPolicyStore + - verifiedpermissions:GetSchema + - verifiedpermissions:PutSchema + delete: + - verifiedpermissions:DeletePolicyStore + - verifiedpermissions:GetPolicyStore + list: + - verifiedpermissions:ListPolicyStores + - verifiedpermissions:GetPolicyStore + - verifiedpermissions:GetSchema + PolicyTemplate: + type: object + properties: + Description: + type: string + maxLength: 150 + minLength: 0 + PolicyStoreId: + type: string + maxLength: 200 + minLength: 1 + pattern: ^[a-zA-Z0-9-]*$ + PolicyTemplateId: + type: string + maxLength: 200 + minLength: 1 + pattern: ^[a-zA-Z0-9-]*$ + Statement: + type: string + maxLength: 10000 + minLength: 1 + required: + - Statement + - PolicyStoreId + x-stackql-resource-name: policy_template + description: Definition of AWS::VerifiedPermissions::PolicyTemplate Resource Type + x-type-name: AWS::VerifiedPermissions::PolicyTemplate + x-stackql-primary-identifier: + - PolicyStoreId + - PolicyTemplateId + x-create-only-properties: + - PolicyStoreId + x-read-only-properties: + - PolicyTemplateId + x-required-properties: + - Statement + - PolicyStoreId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - verifiedpermissions:CreatePolicyTemplate + - verifiedpermissions:GetPolicyTemplate + read: + - verifiedpermissions:GetPolicyTemplate + update: + - verifiedpermissions:UpdatePolicyTemplate + - verifiedpermissions:GetPolicyTemplate + delete: + - verifiedpermissions:DeletePolicyTemplate + - verifiedpermissions:GetPolicyTemplate + list: + - verifiedpermissions:ListPolicyTemplates + - verifiedpermissions:GetPolicyTemplate + x-stackQL-resources: + identity_sources: + name: identity_sources + id: aws.verifiedpermissions.identity_sources + x-cfn-schema-name: IdentitySource + x-type: list + x-identifiers: + - IdentitySourceId + - PolicyStoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.IdentitySourceId') as identity_source_id, + JSON_EXTRACT(Properties, '$.PolicyStoreId') as policy_store_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VerifiedPermissions::IdentitySource' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'IdentitySourceId') as identity_source_id, + json_extract_path_text(Properties, 'PolicyStoreId') as policy_store_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VerifiedPermissions::IdentitySource' + AND region = 'us-east-1' + identity_source: + name: identity_source + id: aws.verifiedpermissions.identity_source + x-cfn-schema-name: IdentitySource + x-type: get + x-identifiers: + - IdentitySourceId + - PolicyStoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Configuration') as configuration, + JSON_EXTRACT(Properties, '$.Details') as details, + JSON_EXTRACT(Properties, '$.IdentitySourceId') as identity_source_id, + JSON_EXTRACT(Properties, '$.PolicyStoreId') as policy_store_id, + JSON_EXTRACT(Properties, '$.PrincipalEntityType') as principal_entity_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VerifiedPermissions::IdentitySource' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Configuration') as configuration, + json_extract_path_text(Properties, 'Details') as details, + json_extract_path_text(Properties, 'IdentitySourceId') as identity_source_id, + json_extract_path_text(Properties, 'PolicyStoreId') as policy_store_id, + json_extract_path_text(Properties, 'PrincipalEntityType') as principal_entity_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VerifiedPermissions::IdentitySource' + AND data__Identifier = '|' + AND region = 'us-east-1' + policies: + name: policies + id: aws.verifiedpermissions.policies + x-cfn-schema-name: Policy + x-type: list + x-identifiers: + - PolicyId + - PolicyStoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PolicyId') as policy_id, + JSON_EXTRACT(Properties, '$.PolicyStoreId') as policy_store_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VerifiedPermissions::Policy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PolicyId') as policy_id, + json_extract_path_text(Properties, 'PolicyStoreId') as policy_store_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VerifiedPermissions::Policy' + AND region = 'us-east-1' + policy: + name: policy + id: aws.verifiedpermissions.policy + x-cfn-schema-name: Policy + x-type: get + x-identifiers: + - PolicyId + - PolicyStoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Definition') as definition, + JSON_EXTRACT(Properties, '$.PolicyId') as policy_id, + JSON_EXTRACT(Properties, '$.PolicyStoreId') as policy_store_id, + JSON_EXTRACT(Properties, '$.PolicyType') as policy_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VerifiedPermissions::Policy' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Definition') as definition, + json_extract_path_text(Properties, 'PolicyId') as policy_id, + json_extract_path_text(Properties, 'PolicyStoreId') as policy_store_id, + json_extract_path_text(Properties, 'PolicyType') as policy_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VerifiedPermissions::Policy' + AND data__Identifier = '|' + AND region = 'us-east-1' + policy_stores: + name: policy_stores + id: aws.verifiedpermissions.policy_stores + x-cfn-schema-name: PolicyStore + x-type: list + x-identifiers: + - PolicyStoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PolicyStoreId') as policy_store_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VerifiedPermissions::PolicyStore' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PolicyStoreId') as policy_store_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VerifiedPermissions::PolicyStore' + AND region = 'us-east-1' + policy_store: + name: policy_store + id: aws.verifiedpermissions.policy_store + x-cfn-schema-name: PolicyStore + x-type: get + x-identifiers: + - PolicyStoreId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.PolicyStoreId') as policy_store_id, + JSON_EXTRACT(Properties, '$.ValidationSettings') as validation_settings, + JSON_EXTRACT(Properties, '$.Schema') as _schema + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VerifiedPermissions::PolicyStore' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'PolicyStoreId') as policy_store_id, + json_extract_path_text(Properties, 'ValidationSettings') as validation_settings, + json_extract_path_text(Properties, 'Schema') as _schema + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VerifiedPermissions::PolicyStore' + AND data__Identifier = '' + AND region = 'us-east-1' + policy_templates: + name: policy_templates + id: aws.verifiedpermissions.policy_templates + x-cfn-schema-name: PolicyTemplate + x-type: list + x-identifiers: + - PolicyStoreId + - PolicyTemplateId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PolicyStoreId') as policy_store_id, + JSON_EXTRACT(Properties, '$.PolicyTemplateId') as policy_template_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VerifiedPermissions::PolicyTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PolicyStoreId') as policy_store_id, + json_extract_path_text(Properties, 'PolicyTemplateId') as policy_template_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VerifiedPermissions::PolicyTemplate' + AND region = 'us-east-1' + policy_template: + name: policy_template + id: aws.verifiedpermissions.policy_template + x-cfn-schema-name: PolicyTemplate + x-type: get + x-identifiers: + - PolicyStoreId + - PolicyTemplateId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.PolicyStoreId') as policy_store_id, + JSON_EXTRACT(Properties, '$.PolicyTemplateId') as policy_template_id, + JSON_EXTRACT(Properties, '$.Statement') as statement + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VerifiedPermissions::PolicyTemplate' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'PolicyStoreId') as policy_store_id, + json_extract_path_text(Properties, 'PolicyTemplateId') as policy_template_id, + json_extract_path_text(Properties, 'Statement') as statement + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VerifiedPermissions::PolicyTemplate' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/voiceid.yaml b/providers/src/aws/v00.00.00000/services/voiceid.yaml new file mode 100644 index 00000000..93079670 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/voiceid.yaml @@ -0,0 +1,176 @@ +openapi: 3.0.0 +info: + title: VoiceID + version: 1.0.0 +paths: {} +components: + schemas: + ServerSideEncryptionConfiguration: + type: object + properties: + KmsKeyId: + type: string + maxLength: 2048 + minLength: 1 + required: + - KmsKeyId + additionalProperties: false + Tag: + type: object + properties: + Key: + type: string + maxLength: 128 + minLength: 1 + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ + Value: + type: string + maxLength: 256 + minLength: 0 + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ + required: + - Key + - Value + additionalProperties: false + Domain: + type: object + properties: + Description: + type: string + maxLength: 1024 + minLength: 1 + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-%@]*)$ + DomainId: + type: string + maxLength: 22 + minLength: 22 + pattern: ^[a-zA-Z0-9]{22}$ + Name: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9_-]*$ + ServerSideEncryptionConfiguration: + $ref: '#/components/schemas/ServerSideEncryptionConfiguration' + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + required: + - Name + - ServerSideEncryptionConfiguration + x-stackql-resource-name: domain + description: The AWS::VoiceID::Domain resource specifies an Amazon VoiceID Domain. + x-type-name: AWS::VoiceID::Domain + x-stackql-primary-identifier: + - DomainId + x-write-only-properties: + - Description + - Name + - ServerSideEncryptionConfiguration + x-read-only-properties: + - DomainId + x-required-properties: + - Name + - ServerSideEncryptionConfiguration + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: '#/properties/Tags' + x-required-permissions: + create: + - voiceid:CreateDomain + - voiceid:DescribeDomain + - voiceid:TagResource + - voiceid:ListTagsForResource + - kms:CreateGrant + - kms:DescribeKey + - kms:Decrypt + read: + - voiceid:DescribeDomain + - voiceid:ListTagsForResource + - kms:Decrypt + update: + - voiceid:DescribeDomain + - voiceid:UpdateDomain + - voiceid:TagResource + - voiceid:UntagResource + - voiceid:ListTagsForResource + - kms:CreateGrant + - kms:Decrypt + - kms:DescribeKey + delete: + - voiceid:DeleteDomain + - voiceid:DescribeDomain + - kms:Decrypt + list: + - voiceid:ListDomains + - kms:Decrypt + x-stackQL-resources: + domains: + name: domains + id: aws.voiceid.domains + x-cfn-schema-name: Domain + x-type: list + x-identifiers: + - DomainId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VoiceID::Domain' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainId') as domain_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VoiceID::Domain' + AND region = 'us-east-1' + domain: + name: domain + id: aws.voiceid.domain + x-cfn-schema-name: Domain + x-type: get + x-identifiers: + - DomainId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VoiceID::Domain' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VoiceID::Domain' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/vpclattice.yaml b/providers/src/aws/v00.00.00000/services/vpclattice.yaml new file mode 100644 index 00000000..73008968 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/vpclattice.yaml @@ -0,0 +1,1896 @@ +openapi: 3.0.0 +info: + title: VpcLattice + version: 1.0.0 +paths: {} +components: + schemas: + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 1 + maxLength: 256 + required: + - Key + - Value + AccessLogSubscription: + type: object + properties: + Arn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:accesslogsubscription/als-[0-9a-z]{17}$ + DestinationArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)?$ + Id: + type: string + maxLength: 21 + minLength: 21 + pattern: ^als-[0-9a-z]{17}$ + ResourceArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc))-[0-9a-z]{17}$ + ResourceId: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^((sn)|(svc))-[0-9a-z]{17}$ + ResourceIdentifier: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^((((sn)|(svc))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc))-[0-9a-z]{17}))$ + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + required: + - DestinationArn + x-stackql-resource-name: access_log_subscription + description: Enables access logs to be sent to Amazon CloudWatch, Amazon S3, and Amazon Kinesis Data Firehose. The service network owner can use the access logs to audit the services in the network. The service network owner will only see access logs from clients and services that are associated with their service network. Access log entries represent traffic originated from VPCs associated with that network. + x-type-name: AWS::VpcLattice::AccessLogSubscription + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - Id + - - ResourceIdentifier + x-create-only-properties: + - ResourceIdentifier + x-write-only-properties: + - ResourceIdentifier + x-read-only-properties: + - Arn + - Id + - ResourceArn + - ResourceId + x-required-properties: + - DestinationArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - vpc-lattice:CreateAccessLogSubscription + - vpc-lattice:TagResource + - vpc-lattice:GetAccessLogSubscription + - vpc-lattice:ListTagsForResource + - logs:CreateLogDelivery + - logs:CreateLogStream + - logs:PutDestination + - logs:PutDestinationPolicy + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - logs:GetLogDelivery + - s3:PutBucketLogging + - s3:GetBucketLogging + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - firehose:TagDeliveryStream + - firehose:CreateDeliveryStream + - firehose:DescribeDeliveryStream + - iam:CreateServiceLinkedRole + read: + - vpc-lattice:GetAccessLogSubscription + - vpc-lattice:ListTagsForResource + - logs:GetLogDelivery + update: + - vpc-lattice:GetAccessLogSubscription + - vpc-lattice:UpdateAccessLogSubscription + - vpc-lattice:TagResource + - vpc-lattice:UntagResource + - logs:UpdateLogDelivery + - firehose:UpdateDestination + - logs:CreateLogDelivery + - logs:CreateLogStream + - logs:PutDestination + - logs:PutDestinationPolicy + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - logs:GetLogDelivery + - s3:PutBucketLogging + - s3:GetBucketLogging + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - firehose:TagDeliveryStream + - firehose:CreateDeliveryStream + - firehose:DescribeDeliveryStream + delete: + - vpc-lattice:DeleteAccessLogSubscription + - vpc-lattice:UntagResource + - logs:DeleteLogDelivery + - logs:DeleteLogStream + - logs:GetLogDelivery + - logs:DeleteDestination + - s3:PutBucketLogging + - iam:GetServiceLinkedRoleDeletionStatus + - iam:DeleteServiceLinkedRole + - firehose:DeleteDeliveryStream + - firehose:UntagDeliveryStream + list: + - vpc-lattice:ListAccessLogSubscriptions + AuthPolicy: + type: object + properties: + ResourceIdentifier: + type: string + pattern: ^((((sn)|(svc))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc))-[0-9a-z]{17}))$ + maxLength: 200 + minLength: 21 + Policy: + type: object + State: + type: string + enum: + - ACTIVE + - INACTIVE + required: + - ResourceIdentifier + - Policy + x-stackql-resource-name: auth_policy + description: Creates or updates the auth policy. + x-type-name: AWS::VpcLattice::AuthPolicy + x-stackql-primary-identifier: + - ResourceIdentifier + x-create-only-properties: + - ResourceIdentifier + x-read-only-properties: + - State + x-required-properties: + - ResourceIdentifier + - Policy + x-tagging: + taggable: false + x-required-permissions: + create: + - vpc-lattice:GetAuthPolicy + - vpc-lattice:PutAuthPolicy + read: + - vpc-lattice:GetAuthPolicy + update: + - vpc-lattice:GetAuthPolicy + - vpc-lattice:PutAuthPolicy + delete: + - vpc-lattice:GetAuthPolicy + - vpc-lattice:DeleteAuthPolicy + Forward: + type: object + properties: + TargetGroups: + type: array + items: + $ref: '#/components/schemas/WeightedTargetGroup' + maxItems: 2 + minItems: 1 + x-insertionOrder: false + required: + - TargetGroups + additionalProperties: false + FixedResponse: + type: object + additionalProperties: false + properties: + StatusCode: + type: integer + maximum: 599 + minimum: 100 + required: + - StatusCode + DefaultAction: + type: object + additionalProperties: false + properties: + Forward: + $ref: '#/components/schemas/Forward' + FixedResponse: + $ref: '#/components/schemas/FixedResponse' + required: [] + WeightedTargetGroup: + type: object + properties: + TargetGroupIdentifier: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^((tg-[0-9a-z]{17})|(arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:targetgroup/tg-[0-9a-z]{17}))$ + Weight: + type: integer + maximum: 999 + minimum: 1 + required: + - TargetGroupIdentifier + additionalProperties: false + Listener: + type: object + properties: + Arn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:service/svc-[0-9a-z]{17}/listener/listener-[0-9a-z]{17}$ + DefaultAction: + $ref: '#/components/schemas/DefaultAction' + Id: + type: string + maxLength: 26 + minLength: 26 + pattern: ^listener-[0-9a-z]{17}$ + Name: + type: string + maxLength: 63 + minLength: 3 + pattern: ^(?!listener-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ + Port: + type: integer + maximum: 65535 + minimum: 1 + Protocol: + type: string + enum: + - HTTP + - HTTPS + ServiceArn: + type: string + maxLength: 2048 + minLength: 21 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:service/svc-[0-9a-z]{17}$ + ServiceId: + type: string + maxLength: 21 + minLength: 21 + pattern: ^svc-[0-9a-z]{17}$ + ServiceIdentifier: + type: string + maxLength: 2048 + minLength: 21 + pattern: ^((svc-[0-9a-z]{17})|(arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:service/svc-[0-9a-z]{17}))$ + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + required: + - DefaultAction + - Protocol + x-stackql-resource-name: listener + description: Creates a listener for a service. Before you start using your Amazon VPC Lattice service, you must add one or more listeners. A listener is a process that checks for connection requests to your services. + x-type-name: AWS::VpcLattice::Listener + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - ServiceIdentifier + - Name + - Port + x-create-only-properties: + - ServiceIdentifier + - Name + - Port + - Protocol + x-write-only-properties: + - ServiceIdentifier + x-read-only-properties: + - Arn + - Id + - ServiceArn + - ServiceId + x-required-properties: + - DefaultAction + - Protocol + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - vpc-lattice:CreateListener + - vpc-lattice:TagResource + - vpc-lattice:GetListener + - vpc-lattice:ListTagsForResource + read: + - vpc-lattice:GetListener + - vpc-lattice:ListTagsForResource + update: + - vpc-lattice:UpdateListener + - vpc-lattice:TagResource + - vpc-lattice:UntagResource + - vpc-lattice:GetListener + - vpc-lattice:ListTagsForResource + delete: + - vpc-lattice:DeleteListener + list: + - vpc-lattice:ListListeners + ResourcePolicy: + type: object + properties: + ResourceArn: + type: string + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc))-[0-9a-z]{17}$ + minLength: 20 + maxLength: 200 + Policy: + type: object + required: + - ResourceArn + - Policy + x-stackql-resource-name: resource_policy + description: Retrieves information about the resource policy. The resource policy is an IAM policy created by AWS RAM on behalf of the resource owner when they share a resource. + x-type-name: AWS::VpcLattice::ResourcePolicy + x-stackql-primary-identifier: + - ResourceArn + x-create-only-properties: + - ResourceArn + x-required-properties: + - ResourceArn + - Policy + x-tagging: + taggable: false + x-required-permissions: + create: + - vpc-lattice:GetResourcePolicy + - vpc-lattice:PutResourcePolicy + read: + - vpc-lattice:GetResourcePolicy + update: + - vpc-lattice:GetResourcePolicy + - vpc-lattice:PutResourcePolicy + delete: + - vpc-lattice:GetResourcePolicy + - vpc-lattice:DeleteResourcePolicy + HeaderMatch: + type: object + properties: + Name: + type: string + maxLength: 40 + minLength: 1 + Match: + $ref: '#/components/schemas/HeaderMatchType' + CaseSensitive: + type: boolean + default: false + required: + - Match + - Name + additionalProperties: false + HeaderMatchType: + type: object + additionalProperties: false + properties: + Exact: + type: string + maxLength: 128 + minLength: 1 + Prefix: + type: string + maxLength: 128 + minLength: 1 + Contains: + type: string + maxLength: 128 + minLength: 1 + HttpMatch: + type: object + properties: + Method: + type: string + enum: + - CONNECT + - DELETE + - GET + - HEAD + - OPTIONS + - POST + - PUT + - TRACE + PathMatch: + $ref: '#/components/schemas/PathMatch' + HeaderMatches: + type: array + maxItems: 5 + items: + $ref: '#/components/schemas/HeaderMatch' + x-insertionOrder: false + additionalProperties: false + PathMatch: + type: object + additionalProperties: false + properties: + Match: + $ref: '#/components/schemas/PathMatchType' + CaseSensitive: + type: boolean + default: false + required: + - Match + PathMatchType: + type: object + additionalProperties: false + properties: + Exact: + type: string + maxLength: 128 + minLength: 1 + pattern: ^\/[a-zA-Z0-9@:%_+.~#?&\/=-]*$ + Prefix: + type: string + maxLength: 128 + minLength: 1 + pattern: ^\/[a-zA-Z0-9@:%_+.~#?&\/=-]*$ + Action: + type: object + x-title: Forward + properties: + Forward: + $ref: '#/components/schemas/Forward' + FixedResponse: + $ref: '#/components/schemas/FixedResponse' + required: [] + additionalProperties: false + Match: + type: object + x-title: HttpMatch + properties: + HttpMatch: + $ref: '#/components/schemas/HttpMatch' + required: + - HttpMatch + additionalProperties: false + Rule: + type: object + properties: + Action: + $ref: '#/components/schemas/Action' + Arn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:service/svc-[0-9a-z]{17}/listener/listener-[0-9a-z]{17}/rule/((rule-[0-9a-z]{17})|(default))$ + Id: + type: string + maxLength: 22 + minLength: 7 + pattern: ^((rule-[0-9a-z]{17})|(default))$ + ListenerIdentifier: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^((listener-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:service/svc-[0-9a-z]{17}/listener/listener-[0-9a-z]{17}))$ + Match: + $ref: '#/components/schemas/Match' + Name: + type: string + maxLength: 63 + minLength: 3 + pattern: ^(?!rule-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ + Priority: + type: integer + maximum: 100 + minimum: 1 + ServiceIdentifier: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^((svc-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:service/svc-[0-9a-z]{17}))$ + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + required: + - Action + - Match + - Priority + x-stackql-resource-name: rule + description: Creates a listener rule. Each listener has a default rule for checking connection requests, but you can define additional rules. Each rule consists of a priority, one or more actions, and one or more conditions. + x-type-name: AWS::VpcLattice::Rule + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - ServiceIdentifier + - ListenerIdentifier + - Name + x-create-only-properties: + - ListenerIdentifier + - ServiceIdentifier + - Name + x-write-only-properties: + - ListenerIdentifier + - ServiceIdentifier + x-read-only-properties: + - Arn + - Id + x-required-properties: + - Action + - Match + - Priority + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - vpc-lattice:CreateRule + - vpc-lattice:GetRule + - vpc-lattice:ListTagsForResource + - vpc-lattice:TagResource + read: + - vpc-lattice:GetRule + - vpc-lattice:ListTagsForResource + update: + - vpc-lattice:UpdateRule + - vpc-lattice:GetRule + - vpc-lattice:TagResource + - vpc-lattice:UntagResource + delete: + - vpc-lattice:DeleteRule + list: + - vpc-lattice:ListRules + DnsEntry: + type: object + additionalProperties: false + properties: + DomainName: + type: string + HostedZoneId: + type: string + Service: + type: object + properties: + Arn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:service/svc-[0-9a-z]{17}$ + AuthType: + type: string + default: NONE + enum: + - NONE + - AWS_IAM + CreatedAt: + type: string + DnsEntry: + $ref: '#/components/schemas/DnsEntry' + Id: + type: string + maxLength: 21 + minLength: 21 + pattern: ^svc-[0-9a-z]{17}$ + LastUpdatedAt: + type: string + Name: + type: string + maxLength: 40 + minLength: 3 + pattern: ^(?!svc-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ + Status: + type: string + enum: + - ACTIVE + - CREATE_IN_PROGRESS + - DELETE_IN_PROGRESS + - CREATE_FAILED + - DELETE_FAILED + CertificateArn: + type: string + maxLength: 2048 + pattern: ^(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:certificate/[0-9a-z-]+)?$ + CustomDomainName: + type: string + maxLength: 255 + minLength: 3 + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: service + description: A service is any software application that can run on instances containers, or serverless functions within an account or virtual private cloud (VPC). + x-type-name: AWS::VpcLattice::Service + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - Id + - - Name + x-create-only-properties: + - Name + - CustomDomainName + x-read-only-properties: + - Arn + - CreatedAt + - DnsEntry/DomainName + - DnsEntry/HostedZoneId + - Id + - LastUpdatedAt + - Status + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - vpc-lattice:CreateService + - vpc-lattice:GetService + - vpc-lattice:ListTagsForResource + - vpc-lattice:TagResource + - acm:DescribeCertificate + - acm:ListCertificates + - iam:CreateServiceLinkedRole + read: + - vpc-lattice:GetService + - vpc-lattice:ListTagsForResource + update: + - vpc-lattice:UpdateService + - vpc-lattice:TagResource + - vpc-lattice:UntagResource + - vpc-lattice:GetService + - vpc-lattice:ListTagsForResource + delete: + - vpc-lattice:DeleteService + - vpc-lattice:GetService + list: + - vpc-lattice:ListServices + ServiceNetwork: + type: object + properties: + Arn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetwork/sn-[0-9a-z]{17}$ + CreatedAt: + type: string + Id: + type: string + maxLength: 20 + minLength: 20 + pattern: ^sn-[0-9a-z]{17}$ + LastUpdatedAt: + type: string + Name: + type: string + maxLength: 63 + minLength: 3 + pattern: ^(?!servicenetwork-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ + AuthType: + type: string + default: NONE + enum: + - NONE + - AWS_IAM + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: service_network + description: A service network is a logical boundary for a collection of services. You can associate services and VPCs with a service network. + x-type-name: AWS::VpcLattice::ServiceNetwork + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - Id + - - Name + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + - CreatedAt + - Id + - LastUpdatedAt + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - vpc-lattice:GetServiceNetwork + - vpc-lattice:ListTagsForResource + - vpc-lattice:CreateServiceNetwork + - vpc-lattice:TagResource + - iam:CreateServiceLinkedRole + read: + - vpc-lattice:GetServiceNetwork + - vpc-lattice:ListTagsForResource + update: + - vpc-lattice:GetServiceNetwork + - vpc-lattice:UpdateServiceNetwork + - vpc-lattice:TagResource + - vpc-lattice:UntagResource + delete: + - vpc-lattice:DeleteServiceNetwork + list: + - vpc-lattice:ListServiceNetworks + ServiceNetworkServiceAssociation: + type: object + properties: + Arn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetworkserviceassociation/snsa-[0-9a-z]{17}$ + CreatedAt: + type: string + DnsEntry: + $ref: '#/components/schemas/DnsEntry' + Id: + type: string + maxLength: 2048 + minLength: 17 + pattern: ^snsa-[0-9a-z]{17}$ + ServiceNetworkArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetwork/sn-[0-9a-z]{17}$ + ServiceNetworkId: + type: string + maxLength: 20 + minLength: 20 + pattern: ^sn-[0-9a-z]{17}$ + ServiceNetworkIdentifier: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^((sn-[0-9a-z]{17})|(arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetwork/sn-[0-9a-z]{17}))$ + ServiceNetworkName: + type: string + maxLength: 63 + minLength: 3 + pattern: ^(?!servicenetwork-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ + ServiceArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:service/svc-[0-9a-z]{17}$ + ServiceId: + type: string + maxLength: 21 + minLength: 21 + pattern: ^svc-[0-9a-z]{17}$ + ServiceIdentifier: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^((svc-[0-9a-z]{17})|(arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:service/svc-[0-9a-z]{17}))$ + ServiceName: + type: string + maxLength: 40 + minLength: 3 + pattern: ^(?!svc-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ + Status: + type: string + enum: + - CREATE_IN_PROGRESS + - ACTIVE + - DELETE_IN_PROGRESS + - CREATE_FAILED + - DELETE_FAILED + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: service_network_service_association + description: Associates a service with a service network. + x-type-name: AWS::VpcLattice::ServiceNetworkServiceAssociation + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - Id + - - ServiceNetworkIdentifier + - ServiceIdentifier + x-create-only-properties: + - ServiceNetworkIdentifier + - ServiceIdentifier + x-write-only-properties: + - ServiceNetworkIdentifier + - ServiceIdentifier + x-read-only-properties: + - Arn + - CreatedAt + - DnsEntry/DomainName + - DnsEntry/HostedZoneId + - Id + - ServiceNetworkArn + - ServiceNetworkId + - ServiceNetworkName + - ServiceArn + - ServiceId + - ServiceName + - Status + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - vpc-lattice:CreateServiceNetworkServiceAssociation + - vpc-lattice:GetServiceNetworkServiceAssociation + - vpc-lattice:TagResource + - vpc-lattice:ListTagsForResource + read: + - vpc-lattice:GetServiceNetworkServiceAssociation + - vpc-lattice:ListTagsForResource + update: + - vpc-lattice:TagResource + - vpc-lattice:UntagResource + - vpc-lattice:GetServiceNetworkServiceAssociation + - vpc-lattice:ListTagsForResource + delete: + - vpc-lattice:DeleteServiceNetworkServiceAssociation + - vpc-lattice:GetServiceNetworkServiceAssociation + list: + - vpc-lattice:ListServiceNetworkServiceAssociations + ServiceNetworkVpcAssociation: + type: object + properties: + Arn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetworkvpcassociation/snva-[0-9a-z]{17}$ + CreatedAt: + type: string + SecurityGroupIds: + type: array + x-insertionOrder: false + uniqueItems: true + items: + type: string + maxLength: 200 + minLength: 0 + pattern: ^sg-(([0-9a-z]{8})|([0-9a-z]{17}))$ + Id: + type: string + maxLength: 22 + minLength: 22 + pattern: ^snva-[0-9a-z]{17}$ + ServiceNetworkArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetwork/sn-[0-9a-z]{17}$ + ServiceNetworkId: + type: string + maxLength: 20 + minLength: 20 + pattern: ^sn-[0-9a-z]{17}$ + ServiceNetworkIdentifier: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^((sn-[0-9a-z]{17})|(arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetwork/sn-[0-9a-z]{17}))$ + ServiceNetworkName: + type: string + maxLength: 63 + minLength: 3 + pattern: ^(?!servicenetwork-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ + Status: + type: string + enum: + - CREATE_IN_PROGRESS + - ACTIVE + - UPDATE_IN_PROGRESS + - DELETE_IN_PROGRESS + - CREATE_FAILED + - DELETE_FAILED + VpcId: + type: string + maxLength: 2048 + minLength: 5 + pattern: ^vpc-(([0-9a-z]{8})|([0-9a-z]{17}))$ + VpcIdentifier: + type: string + maxLength: 2048 + minLength: 5 + pattern: ^vpc-(([0-9a-z]{8})|([0-9a-z]{17}))$ + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: service_network_vpc_association + description: Associates a VPC with a service network. + x-type-name: AWS::VpcLattice::ServiceNetworkVpcAssociation + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - Id + - - ServiceNetworkIdentifier + - VpcIdentifier + x-create-only-properties: + - ServiceNetworkIdentifier + - VpcIdentifier + x-write-only-properties: + - ServiceNetworkIdentifier + - VpcIdentifier + x-read-only-properties: + - Arn + - CreatedAt + - Id + - ServiceNetworkArn + - ServiceNetworkId + - ServiceNetworkName + - Status + - VpcId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - vpc-lattice:CreateServiceNetworkVpcAssociation + - vpc-lattice:GetServiceNetworkVpcAssociation + - vpc-lattice:ListServiceNetworkVpcAssociations + - vpc-lattice:ListTagsForResource + - ec2:DescribeSecurityGroups + - ec2:DescribeVpcs + - vpc-lattice:TagResource + read: + - vpc-lattice:GetServiceNetworkVpcAssociation + - vpc-lattice:ListTagsForResource + update: + - vpc-lattice:TagResource + - vpc-lattice:UntagResource + - vpc-lattice:GetServiceNetworkVpcAssociation + - vpc-lattice:UpdateServiceNetworkVpcAssociation + - ec2:DescribeSecurityGroups + - vpc-lattice:ListTagsForResource + delete: + - vpc-lattice:DeleteServiceNetworkVpcAssociation + - vpc-lattice:GetServiceNetworkVpcAssociation + list: + - vpc-lattice:ListServiceNetworkVpcAssociations + HealthCheckConfig: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + Protocol: + type: string + enum: + - HTTP + - HTTPS + ProtocolVersion: + type: string + enum: + - HTTP1 + - HTTP2 + - GRPC + Port: + type: integer + maximum: 65535 + minimum: 1 + Path: + type: string + maxLength: 2048 + minLength: 0 + pattern: (^/[a-zA-Z0-9@:%_+.~#?&/=-]*$|(^$)) + HealthCheckIntervalSeconds: + type: integer + maximum: 300 + minimum: 5 + HealthCheckTimeoutSeconds: + type: integer + maximum: 120 + minimum: 1 + HealthyThresholdCount: + type: integer + maximum: 10 + minimum: 2 + UnhealthyThresholdCount: + type: integer + maximum: 10 + minimum: 2 + Matcher: + $ref: '#/components/schemas/Matcher' + Matcher: + type: object + additionalProperties: false + properties: + HttpCode: + type: string + minLength: 3 + maxLength: 2000 + pattern: ^[0-9-,]+$ + required: + - HttpCode + TargetGroupConfig: + type: object + additionalProperties: false + properties: + Port: + type: integer + maximum: 65535 + minimum: 1 + Protocol: + type: string + enum: + - HTTP + - HTTPS + ProtocolVersion: + type: string + default: HTTP1 + enum: + - HTTP1 + - HTTP2 + - GRPC + IpAddressType: + type: string + default: IPV4 + enum: + - IPV4 + - IPV6 + LambdaEventStructureVersion: + type: string + enum: + - V1 + - V2 + VpcIdentifier: + type: string + maxLength: 2048 + minLength: 5 + pattern: ^vpc-(([0-9a-z]{8})|([0-9a-z]{17}))$ + HealthCheck: + $ref: '#/components/schemas/HealthCheckConfig' + required: [] + Target: + type: object + additionalProperties: false + properties: + Id: + type: string + Port: + type: integer + maximum: 65535 + minimum: 1 + required: + - Id + TargetGroup: + type: object + properties: + Arn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:targetgroup/tg-[0-9a-z]{17}$ + Config: + $ref: '#/components/schemas/TargetGroupConfig' + CreatedAt: + type: string + Id: + type: string + maxLength: 20 + minLength: 20 + pattern: ^tg-[0-9a-z]{17}$ + LastUpdatedAt: + type: string + Name: + type: string + maxLength: 128 + minLength: 3 + pattern: ^(?!tg-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ + Status: + type: string + enum: + - CREATE_IN_PROGRESS + - ACTIVE + - DELETE_IN_PROGRESS + - CREATE_FAILED + - DELETE_FAILED + Type: + type: string + enum: + - IP + - LAMBDA + - INSTANCE + - ALB + Targets: + type: array + x-insertionOrder: false + minItems: 0 + maxItems: 100 + default: [] + items: + $ref: '#/components/schemas/Target' + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + required: + - Type + x-stackql-resource-name: target_group + description: A target group is a collection of targets, or compute resources, that run your application or service. A target group can only be used by a single service. + x-type-name: AWS::VpcLattice::TargetGroup + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - Id + - - Name + x-create-only-properties: + - Name + - Type + - Config/Port + - Config/IpAddressType + - Config/Protocol + - Config/ProtocolVersion + - Config/VpcIdentifier + - Config/LambdaEventStructureVersion + x-read-only-properties: + - Arn + - CreatedAt + - Id + - LastUpdatedAt + - Status + x-required-properties: + - Type + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - vpc-lattice:CreateTargetGroup + - vpc-lattice:GetTargetGroup + - vpc-lattice:RegisterTargets + - vpc-lattice:ListTargets + - vpc-lattice:ListTagsForResource + - vpc-lattice:TagResource + - vpc-lattice:UntagResource + - ec2:DescribeVpcs + - ec2:DescribeInstances + - ec2:DescribeSubnets + - ec2:DescribeAvailabilityZoneMappings + - lambda:Invoke + - lambda:AddPermission + - elasticloadbalancing:DescribeLoadBalancers + - iam:CreateServiceLinkedRole + read: + - vpc-lattice:GetTargetGroup + - vpc-lattice:ListTargets + - vpc-lattice:ListTagsForResource + update: + - vpc-lattice:UpdateTargetGroup + - vpc-lattice:GetTargetGroup + - vpc-lattice:ListTargets + - vpc-lattice:RegisterTargets + - vpc-lattice:DeregisterTargets + - ec2:DescribeVpcs + - ec2:DescribeInstances + - ec2:DescribeSubnets + - ec2:DescribeAvailabilityZoneMappings + - elasticloadbalancing:DescribeLoadBalancers + - lambda:Invoke + - lambda:RemovePermission + - lambda:AddPermission + - vpc-lattice:TagResource + - vpc-lattice:UntagResource + - vpc-lattice:ListTagsForResource + delete: + - vpc-lattice:DeleteTargetGroup + - vpc-lattice:GetTargetGroup + - vpc-lattice:DeregisterTargets + - vpc-lattice:ListTargets + - lambda:RemovePermission + list: + - vpc-lattice:ListTargetGroups + x-stackQL-resources: + access_log_subscriptions: + name: access_log_subscriptions + id: aws.vpclattice.access_log_subscriptions + x-cfn-schema-name: AccessLogSubscription + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::AccessLogSubscription' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::AccessLogSubscription' + AND region = 'us-east-1' + access_log_subscription: + name: access_log_subscription + id: aws.vpclattice.access_log_subscription + x-cfn-schema-name: AccessLogSubscription + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DestinationArn') as destination_arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, + JSON_EXTRACT(Properties, '$.ResourceIdentifier') as resource_identifier, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::AccessLogSubscription' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DestinationArn') as destination_arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'ResourceId') as resource_id, + json_extract_path_text(Properties, 'ResourceIdentifier') as resource_identifier, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::AccessLogSubscription' + AND data__Identifier = '' + AND region = 'us-east-1' + auth_policy: + name: auth_policy + id: aws.vpclattice.auth_policy + x-cfn-schema-name: AuthPolicy + x-type: get + x-identifiers: + - ResourceIdentifier + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ResourceIdentifier') as resource_identifier, + JSON_EXTRACT(Properties, '$.Policy') as policy, + JSON_EXTRACT(Properties, '$.State') as state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::AuthPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ResourceIdentifier') as resource_identifier, + json_extract_path_text(Properties, 'Policy') as policy, + json_extract_path_text(Properties, 'State') as state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::AuthPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + listeners: + name: listeners + id: aws.vpclattice.listeners + x-cfn-schema-name: Listener + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::Listener' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::Listener' + AND region = 'us-east-1' + listener: + name: listener + id: aws.vpclattice.listener + x-cfn-schema-name: Listener + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DefaultAction') as default_action, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.Protocol') as protocol, + JSON_EXTRACT(Properties, '$.ServiceArn') as service_arn, + JSON_EXTRACT(Properties, '$.ServiceId') as service_id, + JSON_EXTRACT(Properties, '$.ServiceIdentifier') as service_identifier, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::Listener' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DefaultAction') as default_action, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'Protocol') as protocol, + json_extract_path_text(Properties, 'ServiceArn') as service_arn, + json_extract_path_text(Properties, 'ServiceId') as service_id, + json_extract_path_text(Properties, 'ServiceIdentifier') as service_identifier, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::Listener' + AND data__Identifier = '' + AND region = 'us-east-1' + resource_policy: + name: resource_policy + id: aws.vpclattice.resource_policy + x-cfn-schema-name: ResourcePolicy + x-type: get + x-identifiers: + - ResourceArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.Policy') as policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'Policy') as policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + rules: + name: rules + id: aws.vpclattice.rules + x-cfn-schema-name: Rule + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::Rule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::Rule' + AND region = 'us-east-1' + rule: + name: rule + id: aws.vpclattice.rule + x-cfn-schema-name: Rule + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Action') as action, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ListenerIdentifier') as listener_identifier, + JSON_EXTRACT(Properties, '$.Match') as _match, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Priority') as priority, + JSON_EXTRACT(Properties, '$.ServiceIdentifier') as service_identifier, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::Rule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Action') as action, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ListenerIdentifier') as listener_identifier, + json_extract_path_text(Properties, 'Match') as _match, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Priority') as priority, + json_extract_path_text(Properties, 'ServiceIdentifier') as service_identifier, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::Rule' + AND data__Identifier = '' + AND region = 'us-east-1' + services: + name: services + id: aws.vpclattice.services + x-cfn-schema-name: Service + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::Service' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::Service' + AND region = 'us-east-1' + service: + name: service + id: aws.vpclattice.service + x-cfn-schema-name: Service + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AuthType') as auth_type, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.DnsEntry') as dns_entry, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.CertificateArn') as certificate_arn, + JSON_EXTRACT(Properties, '$.CustomDomainName') as custom_domain_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::Service' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AuthType') as auth_type, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'DnsEntry') as dns_entry, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'CertificateArn') as certificate_arn, + json_extract_path_text(Properties, 'CustomDomainName') as custom_domain_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::Service' + AND data__Identifier = '' + AND region = 'us-east-1' + service_networks: + name: service_networks + id: aws.vpclattice.service_networks + x-cfn-schema-name: ServiceNetwork + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + AND region = 'us-east-1' + service_network: + name: service_network + id: aws.vpclattice.service_network + x-cfn-schema-name: ServiceNetwork + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.AuthType') as auth_type, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'AuthType') as auth_type, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + AND data__Identifier = '' + AND region = 'us-east-1' + service_network_service_associations: + name: service_network_service_associations + id: aws.vpclattice.service_network_service_associations + x-cfn-schema-name: ServiceNetworkServiceAssociation + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetworkServiceAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetworkServiceAssociation' + AND region = 'us-east-1' + service_network_service_association: + name: service_network_service_association + id: aws.vpclattice.service_network_service_association + x-cfn-schema-name: ServiceNetworkServiceAssociation + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.DnsEntry') as dns_entry, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ServiceNetworkArn') as service_network_arn, + JSON_EXTRACT(Properties, '$.ServiceNetworkId') as service_network_id, + JSON_EXTRACT(Properties, '$.ServiceNetworkIdentifier') as service_network_identifier, + JSON_EXTRACT(Properties, '$.ServiceNetworkName') as service_network_name, + JSON_EXTRACT(Properties, '$.ServiceArn') as service_arn, + JSON_EXTRACT(Properties, '$.ServiceId') as service_id, + JSON_EXTRACT(Properties, '$.ServiceIdentifier') as service_identifier, + JSON_EXTRACT(Properties, '$.ServiceName') as service_name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetworkServiceAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'DnsEntry') as dns_entry, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ServiceNetworkArn') as service_network_arn, + json_extract_path_text(Properties, 'ServiceNetworkId') as service_network_id, + json_extract_path_text(Properties, 'ServiceNetworkIdentifier') as service_network_identifier, + json_extract_path_text(Properties, 'ServiceNetworkName') as service_network_name, + json_extract_path_text(Properties, 'ServiceArn') as service_arn, + json_extract_path_text(Properties, 'ServiceId') as service_id, + json_extract_path_text(Properties, 'ServiceIdentifier') as service_identifier, + json_extract_path_text(Properties, 'ServiceName') as service_name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetworkServiceAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + service_network_vpc_associations: + name: service_network_vpc_associations + id: aws.vpclattice.service_network_vpc_associations + x-cfn-schema-name: ServiceNetworkVpcAssociation + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetworkVpcAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetworkVpcAssociation' + AND region = 'us-east-1' + service_network_vpc_association: + name: service_network_vpc_association + id: aws.vpclattice.service_network_vpc_association + x-cfn-schema-name: ServiceNetworkVpcAssociation + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ServiceNetworkArn') as service_network_arn, + JSON_EXTRACT(Properties, '$.ServiceNetworkId') as service_network_id, + JSON_EXTRACT(Properties, '$.ServiceNetworkIdentifier') as service_network_identifier, + JSON_EXTRACT(Properties, '$.ServiceNetworkName') as service_network_name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.VpcIdentifier') as vpc_identifier, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetworkVpcAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ServiceNetworkArn') as service_network_arn, + json_extract_path_text(Properties, 'ServiceNetworkId') as service_network_id, + json_extract_path_text(Properties, 'ServiceNetworkIdentifier') as service_network_identifier, + json_extract_path_text(Properties, 'ServiceNetworkName') as service_network_name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'VpcIdentifier') as vpc_identifier, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetworkVpcAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + target_groups: + name: target_groups + id: aws.vpclattice.target_groups + x-cfn-schema-name: TargetGroup + x-type: list + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::TargetGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::TargetGroup' + AND region = 'us-east-1' + target_group: + name: target_group + id: aws.vpclattice.target_group + x-cfn-schema-name: TargetGroup + x-type: get + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Config') as config, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Targets') as targets, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::TargetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Config') as config, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Targets') as targets, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::TargetGroup' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/wafv2.yaml b/providers/src/aws/v00.00.00000/services/wafv2.yaml new file mode 100644 index 00000000..8fc166c7 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/wafv2.yaml @@ -0,0 +1,2373 @@ +openapi: 3.0.0 +info: + title: WAFv2 + version: 1.0.0 +paths: {} +components: + schemas: + EntityName: + description: Name of the WebACL. + type: string + pattern: ^[0-9A-Za-z_-]{1,128}$ + EntityDescription: + description: Description of the entity. + type: string + pattern: ^[a-zA-Z0-9=:#@/\-,.][a-zA-Z0-9+=:#@/\-,.\s]+[a-zA-Z0-9+=:#@/\-,.]{1,256}$ + EntityId: + description: Id of the WebACL + type: string + pattern: ^[0-9a-f]{8}-(?:[0-9a-f]{4}-){3}[0-9a-f]{12}$ + Scope: + description: Use CLOUDFRONT for CloudFront WebACL, use REGIONAL for Application Load Balancer and API Gateway. + type: string + enum: + - CLOUDFRONT + - REGIONAL + IPAddressVersion: + description: Type of addresses in the IPSet, use IPV4 for IPV4 IP addresses, IPV6 for IPV6 address. + type: string + enum: + - IPV4 + - IPV6 + IPAddress: + description: IP address + type: string + maxLength: 50 + minLength: 1 + ResourceArn: + type: string + minLength: 20 + maxLength: 2048 + Tag: + type: object + properties: + Key: + type: string + minLength: 1 + maxLength: 128 + Value: + type: string + minLength: 0 + maxLength: 256 + additionalProperties: false + IPSet: + type: object + properties: + Arn: + $ref: '#/components/schemas/ResourceArn' + Description: + $ref: '#/components/schemas/EntityDescription' + Name: + $ref: '#/components/schemas/EntityName' + Id: + $ref: '#/components/schemas/EntityId' + Scope: + $ref: '#/components/schemas/Scope' + IPAddressVersion: + $ref: '#/components/schemas/IPAddressVersion' + Addresses: + description: List of IPAddresses. + type: array + items: + $ref: '#/components/schemas/IPAddress' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + minItems: 1 + required: + - Addresses + - IPAddressVersion + - Scope + x-stackql-resource-name: ip_set + description: Contains a list of IP addresses. This can be either IPV4 or IPV6. The list will be mutually + x-type-name: AWS::WAFv2::IPSet + x-stackql-primary-identifier: + - Name + - Id + - Scope + x-create-only-properties: + - Name + - Scope + x-read-only-properties: + - Arn + - Id + x-required-properties: + - Addresses + - IPAddressVersion + - Scope + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - wafv2:CreateIPSet + - wafv2:GetIPSet + - wafv2:ListTagsForResource + delete: + - wafv2:DeleteIPSet + - wafv2:GetIPSet + read: + - wafv2:GetIPSet + - wafv2:ListTagsForResource + update: + - wafv2:UpdateIPSet + - wafv2:GetIPSet + - wafv2:ListTagsForResource + list: + - wafv2:listIPSets + Filter: + type: object + properties: + Behavior: + description: 'How to handle logs that satisfy the filter''s conditions and requirement. ' + type: string + enum: + - KEEP + - DROP + Conditions: + description: Match conditions for the filter. + type: array + minItems: 1 + items: + $ref: '#/components/schemas/Condition' + Requirement: + description: Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. + type: string + enum: + - MEETS_ALL + - MEETS_ANY + additionalProperties: false + required: + - Behavior + - Conditions + - Requirement + Condition: + type: object + additionalProperties: false + properties: + ActionCondition: + description: A single action condition. + type: object + additionalProperties: false + properties: + Action: + description: Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. + type: string + enum: + - ALLOW + - BLOCK + - COUNT + - CAPTCHA + - CHALLENGE + - EXCLUDED_AS_COUNT + required: + - Action + LabelNameCondition: + description: A single label name condition. + type: object + additionalProperties: false + properties: + LabelName: + description: 'The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. ' + type: string + required: + - LabelName + FieldToMatch: + description: Field of the request to match. + type: object + properties: + SingleHeader: + type: object + properties: + Name: + type: string + required: + - Name + additionalProperties: false + SingleQueryArgument: + description: One query argument in a web request, identified by name, for example UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive. + type: object + properties: + Name: + type: string + required: + - Name + additionalProperties: false + AllQueryArguments: + description: All query arguments of a web request. + type: object + UriPath: + description: The path component of the URI of a web request. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg. + type: object + QueryString: + description: The query string of a web request. This is the part of a URL that appears after a ? character, if any. + type: object + Body: + $ref: '#/components/schemas/Body' + Method: + description: The HTTP method of a web request. The method indicates the type of operation that the request is asking the origin to perform. + type: object + JsonBody: + $ref: '#/components/schemas/JsonBody' + Headers: + $ref: '#/components/schemas/Headers' + Cookies: + $ref: '#/components/schemas/Cookies' + JA3Fingerprint: + $ref: '#/components/schemas/JA3Fingerprint' + additionalProperties: false + LoggingConfiguration: + type: object + properties: + ResourceArn: + description: The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs. + type: string + LogDestinationConfigs: + description: The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL. + type: array + items: + type: string + RedactedFields: + description: The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/FieldToMatch' + ManagedByFirewallManager: + description: Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration. + type: boolean + LoggingFilter: + description: Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. + type: object + additionalProperties: false + properties: + DefaultBehavior: + description: Default handling for logs that don't match any of the specified filtering conditions. + type: string + enum: + - KEEP + - DROP + Filters: + description: The filters that you want to apply to the logs. + type: array + minItems: 1 + items: + $ref: '#/components/schemas/Filter' + required: + - DefaultBehavior + - Filters + required: + - ResourceArn + - LogDestinationConfigs + x-stackql-resource-name: logging_configuration + description: A WAFv2 Logging Configuration Resource Provider + x-type-name: AWS::WAFv2::LoggingConfiguration + x-stackql-primary-identifier: + - ResourceArn + x-create-only-properties: + - ResourceArn + x-read-only-properties: + - ManagedByFirewallManager + x-required-properties: + - ResourceArn + - LogDestinationConfigs + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - wafv2:PutLoggingConfiguration + - wafv2:GetLoggingConfiguration + - firehose:ListDeliveryStreams + - iam:CreateServiceLinkedRole + - iam:DescribeOrganization + - logs:CreateLogDelivery + - s3:PutBucketPolicy + - s3:GetBucketPolicy + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + read: + - wafv2:GetLoggingConfiguration + update: + - wafv2:PutLoggingConfiguration + - wafv2:GetLoggingConfiguration + - firehose:ListDeliveryStreams + - iam:CreateServiceLinkedRole + - iam:DescribeOrganization + - logs:CreateLogDelivery + - s3:PutBucketPolicy + - s3:GetBucketPolicy + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + delete: + - wafv2:DeleteLoggingConfiguration + - wafv2:GetLoggingConfiguration + - logs:DeleteLogDelivery + list: + - wafv2:ListLoggingConfigurations + RegexPatternSet: + type: object + properties: + Arn: + description: ARN of the WAF entity. + type: string + Description: + description: Description of the entity. + type: string + pattern: ^[a-zA-Z0-9=:#@/\-,.][a-zA-Z0-9+=:#@/\-,.\s]+[a-zA-Z0-9+=:#@/\-,.]{1,256}$ + Name: + description: Name of the RegexPatternSet. + type: string + pattern: ^[0-9A-Za-z_-]{1,128}$ + Id: + description: Id of the RegexPatternSet + type: string + pattern: ^[0-9a-f]{8}-(?:[0-9a-f]{4}-){3}[0-9a-f]{12}$ + RegularExpressionList: + type: array + items: + type: string + Scope: + description: Use CLOUDFRONT for CloudFront RegexPatternSet, use REGIONAL for Application Load Balancer and API Gateway. + type: string + enum: + - CLOUDFRONT + - REGIONAL + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + minItems: 1 + required: + - Scope + - RegularExpressionList + x-stackql-resource-name: regex_pattern_set + description: Contains a list of Regular expressions based on the provided inputs. RegexPatternSet can be used with other WAF entities with RegexPatternSetReferenceStatement to perform other actions . + x-type-name: AWS::WAFv2::RegexPatternSet + x-stackql-primary-identifier: + - Name + - Id + - Scope + x-create-only-properties: + - Name + - Scope + x-read-only-properties: + - Arn + - Id + x-required-properties: + - Scope + - RegularExpressionList + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - wafv2:CreateRegexPatternSet + - wafv2:GetRegexPatternSet + - wafv2:ListTagsForResource + delete: + - wafv2:DeleteRegexPatternSet + - wafv2:GetRegexPatternSet + read: + - wafv2:GetRegexPatternSet + - wafv2:ListTagsForResource + update: + - wafv2:UpdateRegexPatternSet + - wafv2:GetRegexPatternSet + - wafv2:ListTagsForResource + list: + - wafv2:listRegexPatternSets + AndStatement: + type: object + properties: + Statements: + type: array + items: + $ref: '#/components/schemas/Statement' + required: + - Statements + additionalProperties: false + ByteMatchStatement: + description: Byte Match statement. + type: object + properties: + SearchString: + $ref: '#/components/schemas/SearchString' + SearchStringBase64: + $ref: '#/components/schemas/SearchStringBase64' + FieldToMatch: + $ref: '#/components/schemas/FieldToMatch' + TextTransformations: + type: array + items: + $ref: '#/components/schemas/TextTransformation' + PositionalConstraint: + $ref: '#/components/schemas/PositionalConstraint' + required: + - FieldToMatch + - PositionalConstraint + - TextTransformations + additionalProperties: false + JsonBody: + description: Inspect the request body as JSON. The request body immediately follows the request headers. + type: object + properties: + MatchPattern: + $ref: '#/components/schemas/JsonMatchPattern' + MatchScope: + $ref: '#/components/schemas/JsonMatchScope' + InvalidFallbackBehavior: + $ref: '#/components/schemas/BodyParsingFallbackBehavior' + OversizeHandling: + $ref: '#/components/schemas/OversizeHandling' + required: + - MatchPattern + - MatchScope + additionalProperties: false + BodyParsingFallbackBehavior: + description: The inspection behavior to fall back to if the JSON in the request body is invalid. + type: string + enum: + - MATCH + - NO_MATCH + - EVALUATE_AS_STRING + JsonMatchScope: + description: The parts of the JSON to match against using the MatchPattern. + type: string + enum: + - ALL + - KEY + - VALUE + JsonMatchPattern: + description: The pattern to look for in the JSON body. + type: object + properties: + All: + description: Inspect all parts of the web request's JSON body. + type: object + IncludedPaths: + type: array + items: + $ref: '#/components/schemas/JsonPointerPath' + additionalProperties: false + JsonPointerPath: + description: JSON pointer path in the web request's JSON body + type: string + pattern: ^[\/]+([^~]*(~[01])*)*{1,512}$ + GeoMatchStatement: + type: object + properties: + CountryCodes: + type: array + items: + type: string + minLength: 1 + maxLength: 2 + ForwardedIPConfig: + $ref: '#/components/schemas/ForwardedIPConfiguration' + additionalProperties: false + IPSetReferenceStatement: + type: object + properties: + Arn: + $ref: '#/components/schemas/ResourceArn' + IPSetForwardedIPConfig: + $ref: '#/components/schemas/IPSetForwardedIPConfiguration' + required: + - Arn + additionalProperties: false + NotStatement: + type: object + properties: + Statement: + $ref: '#/components/schemas/Statement' + required: + - Statement + additionalProperties: false + OrStatement: + type: object + properties: + Statements: + type: array + items: + $ref: '#/components/schemas/Statement' + required: + - Statements + additionalProperties: false + PositionalConstraint: + description: Position of the evaluation in the FieldToMatch of request. + type: string + enum: + - EXACTLY + - STARTS_WITH + - ENDS_WITH + - CONTAINS + - CONTAINS_WORD + RateBasedStatement: + type: object + properties: + Limit: + $ref: '#/components/schemas/RateLimit' + EvaluationWindowSec: + $ref: '#/components/schemas/EvaluationWindowSec' + AggregateKeyType: + type: string + enum: + - CONSTANT + - IP + - FORWARDED_IP + - CUSTOM_KEYS + CustomKeys: + description: Specifies the aggregate keys to use in a rate-base rule. + type: array + items: + $ref: '#/components/schemas/RateBasedStatementCustomKey' + maxItems: 5 + ScopeDownStatement: + $ref: '#/components/schemas/Statement' + ForwardedIPConfig: + $ref: '#/components/schemas/ForwardedIPConfiguration' + required: + - Limit + - AggregateKeyType + additionalProperties: false + RateBasedStatementCustomKey: + description: Specifies a single custom aggregate key for a rate-base rule. + type: object + properties: + Cookie: + $ref: '#/components/schemas/RateLimitCookie' + ForwardedIP: + $ref: '#/components/schemas/RateLimitForwardedIP' + Header: + $ref: '#/components/schemas/RateLimitHeader' + HTTPMethod: + $ref: '#/components/schemas/RateLimitHTTPMethod' + IP: + $ref: '#/components/schemas/RateLimitIP' + LabelNamespace: + $ref: '#/components/schemas/RateLimitLabelNamespace' + QueryArgument: + $ref: '#/components/schemas/RateLimitQueryArgument' + QueryString: + $ref: '#/components/schemas/RateLimitQueryString' + UriPath: + $ref: '#/components/schemas/RateLimitUriPath' + additionalProperties: false + RateLimitCookie: + description: Specifies a cookie as an aggregate key for a rate-based rule. + type: object + properties: + Name: + description: The name of the cookie to use. + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 64 + TextTransformations: + type: array + items: + $ref: '#/components/schemas/TextTransformation' + required: + - Name + - TextTransformations + additionalProperties: false + RateLimitForwardedIP: + description: Specifies the first IP address in an HTTP header as an aggregate key for a rate-based rule. + type: object + RateLimitHeader: + description: Specifies a header as an aggregate key for a rate-based rule. + type: object + properties: + Name: + description: The name of the header to use. + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 64 + TextTransformations: + type: array + items: + $ref: '#/components/schemas/TextTransformation' + required: + - Name + - TextTransformations + additionalProperties: false + RateLimitHTTPMethod: + description: Specifies the request's HTTP method as an aggregate key for a rate-based rule. + type: object + RateLimitIP: + description: Specifies the IP address in the web request as an aggregate key for a rate-based rule. + type: object + RateLimitLabelNamespace: + description: Specifies a label namespace to use as an aggregate key for a rate-based rule. + type: object + properties: + Namespace: + description: The namespace to use for aggregation. + type: string + pattern: ^[0-9A-Za-z_:-]{1,1024}$ + required: + - Namespace + additionalProperties: false + RateLimitQueryArgument: + description: Specifies a query argument in the request as an aggregate key for a rate-based rule. + type: object + properties: + Name: + description: The name of the query argument to use. + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 64 + TextTransformations: + type: array + items: + $ref: '#/components/schemas/TextTransformation' + required: + - Name + - TextTransformations + additionalProperties: false + RateLimitQueryString: + description: Specifies the request's query string as an aggregate key for a rate-based rule. + type: object + properties: + TextTransformations: + type: array + items: + $ref: '#/components/schemas/TextTransformation' + required: + - TextTransformations + additionalProperties: false + RateLimitUriPath: + description: Specifies the request's URI Path as an aggregate key for a rate-based rule. + type: object + properties: + TextTransformations: + type: array + items: + $ref: '#/components/schemas/TextTransformation' + required: + - TextTransformations + additionalProperties: false + RateLimit: + type: integer + minimum: 100 + maximum: 2000000000 + EvaluationWindowSec: + type: integer + enum: + - 60 + - 120 + - 300 + - 600 + RegexPatternSetReferenceStatement: + type: object + properties: + Arn: + $ref: '#/components/schemas/ResourceArn' + FieldToMatch: + $ref: '#/components/schemas/FieldToMatch' + TextTransformations: + type: array + items: + $ref: '#/components/schemas/TextTransformation' + required: + - Arn + - FieldToMatch + - TextTransformations + additionalProperties: false + ForwardedIPConfiguration: + type: object + properties: + HeaderName: + type: string + pattern: ^[a-zA-Z0-9-]+{1,255}$ + FallbackBehavior: + type: string + enum: + - MATCH + - NO_MATCH + required: + - HeaderName + - FallbackBehavior + additionalProperties: false + IPSetForwardedIPConfiguration: + type: object + properties: + HeaderName: + type: string + pattern: ^[a-zA-Z0-9-]+{1,255}$ + FallbackBehavior: + type: string + enum: + - MATCH + - NO_MATCH + Position: + type: string + enum: + - FIRST + - LAST + - ANY + required: + - HeaderName + - FallbackBehavior + - Position + additionalProperties: false + Rule: + description: Rule of WebACL that contains condition and action. + type: object + properties: + Name: + $ref: '#/components/schemas/EntityName' + Priority: + $ref: '#/components/schemas/RulePriority' + Statement: + $ref: '#/components/schemas/Statement' + Action: + $ref: '#/components/schemas/RuleAction' + OverrideAction: + $ref: '#/components/schemas/OverrideAction' + RuleLabels: + description: Collection of Rule Labels. + type: array + items: + $ref: '#/components/schemas/Label' + VisibilityConfig: + $ref: '#/components/schemas/VisibilityConfig' + CaptchaConfig: + $ref: '#/components/schemas/CaptchaConfig' + ChallengeConfig: + $ref: '#/components/schemas/ChallengeConfig' + required: + - Name + - Priority + - Statement + - VisibilityConfig + additionalProperties: false + RuleAction: + description: Action taken when Rule matches its condition. + type: object + properties: + Allow: + $ref: '#/components/schemas/AllowAction' + Block: + $ref: '#/components/schemas/BlockAction' + Count: + $ref: '#/components/schemas/CountAction' + Captcha: + $ref: '#/components/schemas/CaptchaAction' + Challenge: + $ref: '#/components/schemas/ChallengeAction' + additionalProperties: false + AllowAction: + description: Allow traffic towards application. + type: object + properties: + CustomRequestHandling: + $ref: '#/components/schemas/CustomRequestHandling' + additionalProperties: false + BlockAction: + description: Block traffic towards application. + type: object + properties: + CustomResponse: + $ref: '#/components/schemas/CustomResponse' + additionalProperties: false + CountAction: + description: Allow traffic towards application. + type: object + properties: + CustomRequestHandling: + $ref: '#/components/schemas/CustomRequestHandling' + additionalProperties: false + CaptchaAction: + description: Checks valid token exists with request. + type: object + properties: + CustomRequestHandling: + $ref: '#/components/schemas/CustomRequestHandling' + additionalProperties: false + ChallengeAction: + description: Checks that the request has a valid token with an unexpired challenge timestamp and, if not, returns a browser challenge to the client. + type: object + properties: + CustomRequestHandling: + $ref: '#/components/schemas/CustomRequestHandling' + additionalProperties: false + CustomHTTPHeaderName: + description: HTTP header name. + type: string + minLength: 1 + maxLength: 64 + CustomHTTPHeaderValue: + description: HTTP header value. + type: string + minLength: 1 + maxLength: 255 + CustomHTTPHeader: + description: HTTP header. + type: object + properties: + Name: + $ref: '#/components/schemas/CustomHTTPHeaderName' + Value: + $ref: '#/components/schemas/CustomHTTPHeaderValue' + required: + - Name + - Value + additionalProperties: false + CustomRequestHandling: + description: Custom request handling. + type: object + properties: + InsertHeaders: + description: Collection of HTTP headers. + type: array + items: + $ref: '#/components/schemas/CustomHTTPHeader' + minItems: 1 + required: + - InsertHeaders + additionalProperties: false + ResponseStatusCode: + description: Custom response code. + type: integer + minimum: 200 + maximum: 599 + ResponseContentType: + description: Valid values are TEXT_PLAIN, TEXT_HTML, and APPLICATION_JSON. + type: string + enum: + - TEXT_PLAIN + - TEXT_HTML + - APPLICATION_JSON + ResponseContent: + description: Response content. + type: string + minLength: 1 + maxLength: 10240 + CustomResponseBody: + description: Custom response body. + type: object + properties: + ContentType: + $ref: '#/components/schemas/ResponseContentType' + Content: + $ref: '#/components/schemas/ResponseContent' + required: + - ContentType + - Content + additionalProperties: false + CustomResponse: + description: Custom response. + type: object + properties: + ResponseCode: + $ref: '#/components/schemas/ResponseStatusCode' + CustomResponseBodyKey: + description: Custom response body key. + type: string + pattern: ^[\w\-]+$ + ResponseHeaders: + description: Collection of HTTP headers. + type: array + items: + $ref: '#/components/schemas/CustomHTTPHeader' + minItems: 1 + required: + - ResponseCode + additionalProperties: false + CustomResponseBodies: + description: Custom response key and body map. + type: object + x-patternProperties: + ^[\w\-]+$: + $ref: '#/components/schemas/CustomResponseBody' + minProperties: 1 + additionalProperties: false + RuleGroup: + type: object + properties: + Arn: + $ref: '#/components/schemas/ResourceArn' + Capacity: + type: integer + minimum: 0 + Description: + $ref: '#/components/schemas/EntityDescription' + Name: + $ref: '#/components/schemas/EntityName' + Id: + $ref: '#/components/schemas/EntityId' + Scope: + $ref: '#/components/schemas/Scope' + Rules: + description: Collection of Rules. + type: array + items: + $ref: '#/components/schemas/Rule' + VisibilityConfig: + $ref: '#/components/schemas/VisibilityConfig' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + minItems: 1 + LabelNamespace: + $ref: '#/components/schemas/LabelName' + CustomResponseBodies: + $ref: '#/components/schemas/CustomResponseBodies' + AvailableLabels: + description: Collection of Available Labels. + type: array + items: + $ref: '#/components/schemas/LabelSummary' + ConsumedLabels: + description: Collection of Consumed Labels. + type: array + items: + $ref: '#/components/schemas/LabelSummary' + required: + - Capacity + - Scope + - VisibilityConfig + x-stackql-resource-name: rule_group + description: >- + Contains the Rules that identify the requests that you want to allow, block, or count. In a RuleGroup, you also specify a default action (ALLOW or BLOCK), and the action for each Rule that you add to a RuleGroup, for example, block requests from specified IP addresses or block requests from specified referrers. You also associate the RuleGroup with a CloudFront distribution to identify the requests that you want AWS WAF to filter. If you add more than one Rule to a RuleGroup, a request + needs to match only one of the specifications to be allowed, blocked, or counted. + x-type-name: AWS::WAFv2::RuleGroup + x-stackql-primary-identifier: + - Name + - Id + - Scope + x-create-only-properties: + - Name + - Scope + x-read-only-properties: + - Arn + - Id + - LabelNamespace + - AvailableLabels/*/Name + - ConsumedLabels/*/Name + x-required-properties: + - Capacity + - Scope + - VisibilityConfig + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - wafv2:CreateRuleGroup + - wafv2:GetRuleGroup + - wafv2:ListTagsForResource + delete: + - wafv2:DeleteRuleGroup + - wafv2:GetRuleGroup + read: + - wafv2:GetRuleGroup + - wafv2:ListTagsForResource + update: + - wafv2:UpdateRuleGroup + - wafv2:GetRuleGroup + - wafv2:ListTagsForResource + list: + - wafv2:listRuleGroups + RulePriority: + description: Priority of the Rule, Rules get evaluated from lower to higher priority. + type: integer + minimum: 0 + SearchString: + description: String that is searched to find a match. + type: string + SearchStringBase64: + description: Base64 encoded string that is searched to find a match. + type: string + SizeConstraintStatement: + description: Size Constraint statement. + type: object + properties: + FieldToMatch: + $ref: '#/components/schemas/FieldToMatch' + ComparisonOperator: + type: string + enum: + - EQ + - NE + - LE + - LT + - GE + - GT + Size: + type: number + minimum: 0 + maximum: 21474836480 + TextTransformations: + type: array + items: + $ref: '#/components/schemas/TextTransformation' + required: + - FieldToMatch + - ComparisonOperator + - Size + - TextTransformations + additionalProperties: false + SqliMatchStatement: + description: Sqli Match Statement. + type: object + properties: + FieldToMatch: + $ref: '#/components/schemas/FieldToMatch' + TextTransformations: + type: array + items: + $ref: '#/components/schemas/TextTransformation' + SensitivityLevel: + $ref: '#/components/schemas/SensitivityLevel' + required: + - FieldToMatch + - TextTransformations + additionalProperties: false + Statement: + description: First level statement that contains conditions, such as ByteMatch, SizeConstraint, etc + type: object + properties: + ByteMatchStatement: + $ref: '#/components/schemas/ByteMatchStatement' + SqliMatchStatement: + $ref: '#/components/schemas/SqliMatchStatement' + XssMatchStatement: + $ref: '#/components/schemas/XssMatchStatement' + SizeConstraintStatement: + $ref: '#/components/schemas/SizeConstraintStatement' + GeoMatchStatement: + $ref: '#/components/schemas/GeoMatchStatement' + RuleGroupReferenceStatement: + $ref: '#/components/schemas/RuleGroupReferenceStatement' + IPSetReferenceStatement: + $ref: '#/components/schemas/IPSetReferenceStatement' + RegexPatternSetReferenceStatement: + $ref: '#/components/schemas/RegexPatternSetReferenceStatement' + ManagedRuleGroupStatement: + $ref: '#/components/schemas/ManagedRuleGroupStatement' + RateBasedStatement: + $ref: '#/components/schemas/RateBasedStatement' + AndStatement: + $ref: '#/components/schemas/AndStatement' + OrStatement: + $ref: '#/components/schemas/OrStatement' + NotStatement: + $ref: '#/components/schemas/NotStatement' + LabelMatchStatement: + $ref: '#/components/schemas/LabelMatchStatement' + RegexMatchStatement: + $ref: '#/components/schemas/RegexMatchStatement' + additionalProperties: false + TextTransformation: + description: Text Transformation on the Search String before match. + type: object + properties: + Priority: + $ref: '#/components/schemas/TextTransformationPriority' + Type: + $ref: '#/components/schemas/TextTransformationType' + required: + - Priority + - Type + additionalProperties: false + TextTransformationPriority: + description: Priority of Rule being evaluated. + type: integer + minimum: 0 + TextTransformationType: + description: Type of text transformation. + type: string + enum: + - NONE + - COMPRESS_WHITE_SPACE + - HTML_ENTITY_DECODE + - LOWERCASE + - CMD_LINE + - URL_DECODE + - BASE64_DECODE + - HEX_DECODE + - MD5 + - REPLACE_COMMENTS + - ESCAPE_SEQ_DECODE + - SQL_HEX_DECODE + - CSS_DECODE + - JS_DECODE + - NORMALIZE_PATH + - NORMALIZE_PATH_WIN + - REMOVE_NULLS + - REPLACE_NULLS + - BASE64_DECODE_EXT + - URL_DECODE_UNI + - UTF8_TO_UNICODE + VisibilityConfig: + description: Visibility Metric of the WebACL. + type: object + properties: + SampledRequestsEnabled: + type: boolean + CloudWatchMetricsEnabled: + type: boolean + MetricName: + type: string + maxLength: 128 + minLength: 1 + required: + - SampledRequestsEnabled + - CloudWatchMetricsEnabled + - MetricName + additionalProperties: false + XssMatchStatement: + description: Xss Match Statement. + type: object + properties: + FieldToMatch: + $ref: '#/components/schemas/FieldToMatch' + TextTransformations: + type: array + items: + $ref: '#/components/schemas/TextTransformation' + required: + - FieldToMatch + - TextTransformations + additionalProperties: false + LabelName: + description: Name of the Label. + type: string + pattern: ^[0-9A-Za-z_:-]{1,1024}$ + LabelSummary: + type: object + properties: + Name: + $ref: '#/components/schemas/LabelName' + additionalProperties: false + Label: + type: object + properties: + Name: + $ref: '#/components/schemas/LabelName' + required: + - Name + additionalProperties: false + LabelMatchKey: + type: string + pattern: ^[0-9A-Za-z_:-]{1,1024}$ + LabelMatchScope: + type: string + enum: + - LABEL + - NAMESPACE + LabelMatchStatement: + type: object + properties: + Scope: + $ref: '#/components/schemas/LabelMatchScope' + Key: + $ref: '#/components/schemas/LabelMatchKey' + required: + - Scope + - Key + additionalProperties: false + RegexMatchStatement: + type: object + properties: + RegexString: + type: string + maxLength: 512 + minLength: 1 + FieldToMatch: + $ref: '#/components/schemas/FieldToMatch' + TextTransformations: + type: array + items: + $ref: '#/components/schemas/TextTransformation' + required: + - RegexString + - FieldToMatch + - TextTransformations + additionalProperties: false + CaptchaConfig: + type: object + properties: + ImmunityTimeProperty: + $ref: '#/components/schemas/ImmunityTimeProperty' + additionalProperties: false + ChallengeConfig: + type: object + properties: + ImmunityTimeProperty: + $ref: '#/components/schemas/ImmunityTimeProperty' + additionalProperties: false + ImmunityTimeProperty: + type: object + properties: + ImmunityTime: + type: integer + minimum: 60 + maximum: 259200 + required: + - ImmunityTime + additionalProperties: false + Body: + description: The body of a web request. This immediately follows the request headers. + type: object + properties: + OversizeHandling: + $ref: '#/components/schemas/OversizeHandling' + additionalProperties: false + Headers: + description: Includes headers of a web request. + type: object + properties: + MatchPattern: + $ref: '#/components/schemas/HeaderMatchPattern' + MatchScope: + $ref: '#/components/schemas/MapMatchScope' + OversizeHandling: + $ref: '#/components/schemas/OversizeHandling' + required: + - MatchPattern + - MatchScope + - OversizeHandling + additionalProperties: false + Cookies: + description: Includes cookies of a web request. + type: object + properties: + MatchPattern: + $ref: '#/components/schemas/CookieMatchPattern' + MatchScope: + $ref: '#/components/schemas/MapMatchScope' + OversizeHandling: + $ref: '#/components/schemas/OversizeHandling' + required: + - MatchPattern + - MatchScope + - OversizeHandling + additionalProperties: false + HeaderMatchPattern: + description: The pattern to look for in the request headers. + type: object + properties: + All: + description: Inspect all parts of the web request headers. + type: object + IncludedHeaders: + type: array + items: + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 64 + minItems: 1 + maxItems: 199 + ExcludedHeaders: + type: array + items: + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 64 + minItems: 1 + maxItems: 199 + additionalProperties: false + CookieMatchPattern: + description: The pattern to look for in the request cookies. + type: object + properties: + All: + description: Inspect all parts of the web request cookies. + type: object + IncludedCookies: + type: array + items: + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 60 + minItems: 1 + maxItems: 199 + ExcludedCookies: + type: array + items: + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 60 + minItems: 1 + maxItems: 199 + additionalProperties: false + MapMatchScope: + description: The parts of the request to match against using the MatchPattern. + type: string + enum: + - ALL + - KEY + - VALUE + OversizeHandling: + description: Handling of requests containing oversize fields + type: string + enum: + - CONTINUE + - MATCH + - NO_MATCH + SensitivityLevel: + description: Sensitivity Level current only used for sqli match statements. + type: string + enum: + - LOW + - HIGH + JA3Fingerprint: + description: Includes the JA3 fingerprint of a web request. + type: object + properties: + FallbackBehavior: + type: string + enum: + - MATCH + - NO_MATCH + required: + - FallbackBehavior + additionalProperties: false + DefaultAction: + description: Default Action WebACL will take against ingress traffic when there is no matching Rule. + type: object + properties: + Allow: + $ref: '#/components/schemas/AllowAction' + Block: + $ref: '#/components/schemas/BlockAction' + additionalProperties: false + ExcludedRule: + description: Excluded Rule in the RuleGroup or ManagedRuleGroup will not be evaluated. + type: object + properties: + Name: + $ref: '#/components/schemas/EntityName' + required: + - Name + additionalProperties: false + RuleActionOverride: + description: Action override for rules in the rule group. + type: object + properties: + Name: + $ref: '#/components/schemas/EntityName' + ActionToUse: + $ref: '#/components/schemas/RuleAction' + required: + - Name + - ActionToUse + additionalProperties: false + ExcludedRules: + type: array + items: + $ref: '#/components/schemas/ExcludedRule' + ManagedRuleGroupStatement: + type: object + properties: + Name: + $ref: '#/components/schemas/EntityName' + VendorName: + type: string + Version: + type: string + pattern: ^[\w#:\.\-/]+$ + minLength: 1 + maxLength: 64 + ExcludedRules: + type: array + items: + $ref: '#/components/schemas/ExcludedRule' + ScopeDownStatement: + $ref: '#/components/schemas/Statement' + ManagedRuleGroupConfigs: + description: Collection of ManagedRuleGroupConfig. + type: array + items: + $ref: '#/components/schemas/ManagedRuleGroupConfig' + RuleActionOverrides: + description: Action overrides for rules in the rule group. + type: array + items: + $ref: '#/components/schemas/RuleActionOverride' + maxItems: 100 + required: + - VendorName + - Name + additionalProperties: false + OverrideAction: + description: Override a RuleGroup or ManagedRuleGroup behavior. This can only be applied to Rule that has RuleGroupReferenceStatement or ManagedRuleGroupReferenceStatement. + type: object + properties: + Count: + description: Count traffic towards application. + type: object + None: + description: Keep the RuleGroup or ManagedRuleGroup behavior as is. + type: object + additionalProperties: false + QueryString: + type: object + Rules: + description: Collection of Rules. + type: array + items: + $ref: '#/components/schemas/Rule' + RuleGroupReferenceStatement: + type: object + properties: + Arn: + $ref: '#/components/schemas/ResourceArn' + ExcludedRules: + type: array + items: + $ref: '#/components/schemas/ExcludedRule' + RuleActionOverrides: + description: Action overrides for rules in the rule group. + type: array + items: + $ref: '#/components/schemas/RuleActionOverride' + maxItems: 100 + required: + - Arn + additionalProperties: false + SingleHeader: + type: object + properties: + Name: + type: string + additionalProperties: false + SingleQueryArgument: + type: object + properties: + Name: + type: string + additionalProperties: false + UriPath: + type: object + ManagedRuleGroupConfig: + description: ManagedRuleGroupConfig. + type: object + properties: + LoginPath: + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 256 + PayloadType: + type: string + enum: + - JSON + - FORM_ENCODED + UsernameField: + $ref: '#/components/schemas/FieldIdentifier' + PasswordField: + $ref: '#/components/schemas/FieldIdentifier' + AWSManagedRulesBotControlRuleSet: + $ref: '#/components/schemas/AWSManagedRulesBotControlRuleSet' + AWSManagedRulesATPRuleSet: + $ref: '#/components/schemas/AWSManagedRulesATPRuleSet' + AWSManagedRulesACFPRuleSet: + $ref: '#/components/schemas/AWSManagedRulesACFPRuleSet' + additionalProperties: false + AWSManagedRulesBotControlRuleSet: + description: Configures how to use the Bot Control managed rule group in the web ACL + type: object + properties: + InspectionLevel: + type: string + enum: + - COMMON + - TARGETED + EnableMachineLearning: + type: boolean + required: + - InspectionLevel + additionalProperties: false + AWSManagedRulesATPRuleSet: + description: Configures how to use the Account Takeover Prevention managed rule group in the web ACL + type: object + properties: + LoginPath: + type: string + EnableRegexInPath: + type: boolean + RequestInspection: + $ref: '#/components/schemas/RequestInspection' + ResponseInspection: + $ref: '#/components/schemas/ResponseInspection' + required: + - LoginPath + additionalProperties: false + AWSManagedRulesACFPRuleSet: + description: Configures how to use the Account creation fraud prevention managed rule group in the web ACL + type: object + properties: + CreationPath: + type: string + RegistrationPagePath: + type: string + RequestInspection: + $ref: '#/components/schemas/RequestInspectionACFP' + ResponseInspection: + $ref: '#/components/schemas/ResponseInspection' + EnableRegexInPath: + type: boolean + required: + - CreationPath + - RegistrationPagePath + - RequestInspection + additionalProperties: false + RequestInspection: + description: Configures the inspection of login requests + type: object + properties: + PayloadType: + type: string + enum: + - JSON + - FORM_ENCODED + UsernameField: + $ref: '#/components/schemas/FieldIdentifier' + PasswordField: + $ref: '#/components/schemas/FieldIdentifier' + required: + - PayloadType + - UsernameField + - PasswordField + additionalProperties: false + RequestInspectionACFP: + description: Configures the inspection of sign-up requests + type: object + properties: + PayloadType: + type: string + enum: + - JSON + - FORM_ENCODED + UsernameField: + $ref: '#/components/schemas/FieldIdentifier' + PasswordField: + $ref: '#/components/schemas/FieldIdentifier' + EmailField: + $ref: '#/components/schemas/FieldIdentifier' + PhoneNumberFields: + type: array + items: + $ref: '#/components/schemas/PhoneNumberField' + AddressFields: + type: array + items: + $ref: '#/components/schemas/AddressField' + required: + - PayloadType + additionalProperties: false + ResponseInspection: + description: Configures the inspection of login responses + type: object + properties: + StatusCode: + $ref: '#/components/schemas/ResponseInspectionStatusCode' + Header: + $ref: '#/components/schemas/ResponseInspectionHeader' + BodyContains: + $ref: '#/components/schemas/ResponseInspectionBodyContains' + Json: + $ref: '#/components/schemas/ResponseInspectionJson' + additionalProperties: false + ResponseInspectionStatusCode: + description: Response status codes that indicate success or failure of a login request + type: object + properties: + SuccessCodes: + type: array + items: + type: integer + minLength: 0 + maxLength: 999 + minItems: 1 + maxItems: 10 + FailureCodes: + type: array + items: + type: integer + minLength: 0 + maxLength: 999 + minItems: 1 + maxItems: 10 + required: + - SuccessCodes + - FailureCodes + additionalProperties: false + ResponseInspectionHeader: + description: Response headers that indicate success or failure of a login request + type: object + properties: + Name: + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 200 + SuccessValues: + type: array + items: + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 100 + minItems: 1 + maxItems: 3 + FailureValues: + type: array + items: + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 100 + minItems: 1 + maxItems: 3 + required: + - Name + - SuccessValues + - FailureValues + additionalProperties: false + ResponseInspectionBodyContains: + description: Response body contents that indicate success or failure of a login request + type: object + properties: + SuccessStrings: + type: array + items: + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 100 + minItems: 1 + maxItems: 5 + FailureStrings: + type: array + items: + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 100 + minItems: 1 + maxItems: 5 + required: + - SuccessStrings + - FailureStrings + additionalProperties: false + ResponseInspectionJson: + description: Response JSON that indicate success or failure of a login request + type: object + properties: + Identifier: + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 512 + SuccessValues: + type: array + items: + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 100 + minItems: 1 + maxItems: 5 + FailureValues: + type: array + items: + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 100 + minItems: 1 + maxItems: 5 + required: + - Identifier + - SuccessValues + - FailureValues + additionalProperties: false + TokenDomains: + description: List of domains to accept in web request tokens, in addition to the domain of the protected resource. + type: array + items: + type: string + pattern: ^[\w\.\-/]+$ + minLength: 1 + maxLength: 253 + AssociationConfig: + description: AssociationConfig for body inspection + type: object + properties: + RequestBody: + $ref: '#/components/schemas/RequestBody' + additionalProperties: false + RequestBody: + type: object + description: Map of AssociatedResourceType and RequestBodyAssociatedResourceTypeConfig + x-patternProperties: + ^(CLOUDFRONT|API_GATEWAY|COGNITO_USER_POOL|APP_RUNNER_SERVICE|VERIFIED_ACCESS_INSTANCE)$: + $ref: '#/components/schemas/RequestBodyAssociatedResourceTypeConfig' + additionalProperties: false + RequestBodyAssociatedResourceTypeConfig: + description: Configures the inspection size in the request body. + type: object + properties: + DefaultSizeInspectionLimit: + $ref: '#/components/schemas/SizeInspectionLimit' + required: + - DefaultSizeInspectionLimit + additionalProperties: false + SizeInspectionLimit: + type: string + enum: + - KB_16 + - KB_32 + - KB_48 + - KB_64 + PhoneNumberField: + $ref: '#/components/schemas/FieldIdentifier' + AddressField: + $ref: '#/components/schemas/FieldIdentifier' + FieldIdentifier: + type: object + properties: + Identifier: + type: string + pattern: .*\S.* + minLength: 1 + maxLength: 512 + required: + - Identifier + additionalProperties: false + WebACL: + type: object + properties: + Arn: + $ref: '#/components/schemas/ResourceArn' + Capacity: + type: integer + minimum: 0 + DefaultAction: + $ref: '#/components/schemas/DefaultAction' + Description: + $ref: '#/components/schemas/EntityDescription' + Name: + $ref: '#/components/schemas/EntityName' + Id: + $ref: '#/components/schemas/EntityId' + Scope: + $ref: '#/components/schemas/Scope' + Rules: + description: Collection of Rules. + type: array + items: + $ref: '#/components/schemas/Rule' + VisibilityConfig: + $ref: '#/components/schemas/VisibilityConfig' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + minItems: 1 + LabelNamespace: + $ref: '#/components/schemas/LabelName' + CustomResponseBodies: + $ref: '#/components/schemas/CustomResponseBodies' + CaptchaConfig: + $ref: '#/components/schemas/CaptchaConfig' + ChallengeConfig: + $ref: '#/components/schemas/ChallengeConfig' + TokenDomains: + $ref: '#/components/schemas/TokenDomains' + AssociationConfig: + $ref: '#/components/schemas/AssociationConfig' + required: + - DefaultAction + - Scope + - VisibilityConfig + x-stackql-resource-name: web_acl + description: >- + Contains the Rules that identify the requests that you want to allow, block, or count. In a WebACL, you also specify a default action (ALLOW or BLOCK), and the action for each Rule that you add to a WebACL, for example, block requests from specified IP addresses or block requests from specified referrers. You also associate the WebACL with a CloudFront distribution to identify the requests that you want AWS WAF to filter. If you add more than one Rule to a WebACL, a request needs to + match only one of the specifications to be allowed, blocked, or counted. + x-type-name: AWS::WAFv2::WebACL + x-stackql-primary-identifier: + - Name + - Id + - Scope + x-create-only-properties: + - Name + - Scope + x-read-only-properties: + - Arn + - Capacity + - Id + - LabelNamespace + x-required-properties: + - DefaultAction + - Scope + - VisibilityConfig + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - wafv2:CreateWebACL + - wafv2:GetWebACL + - wafv2:ListTagsForResource + delete: + - wafv2:DeleteWebACL + - wafv2:GetWebACL + read: + - wafv2:GetWebACL + - wafv2:ListTagsForResource + update: + - wafv2:UpdateWebACL + - wafv2:GetWebACL + - wafv2:ListTagsForResource + list: + - wafv2:listWebACLs + WebACLAssociation: + type: object + properties: + ResourceArn: + $ref: '#/components/schemas/ResourceArn' + WebACLArn: + $ref: '#/components/schemas/ResourceArn' + required: + - ResourceArn + - WebACLArn + x-stackql-resource-name: webacl_association + description: Associates WebACL to Application Load Balancer, CloudFront or API Gateway. + x-type-name: AWS::WAFv2::WebACLAssociation + x-stackql-primary-identifier: + - ResourceArn + - WebACLArn + x-create-only-properties: + - ResourceArn + - WebACLArn + x-required-properties: + - ResourceArn + - WebACLArn + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: false + tagUpdatable: false + taggable: false + x-required-permissions: + create: + - wafv2:AssociateWebACL + - wafv2:GetWebACLForResource + - wafv2:GetWebACL + - wafv2:DisassociateWebACL + - elasticloadbalancing:SetWebACL + - apigateway:SetWebACL + - appsync:SetWebACL + - cognito-idp:AssociateWebACL + - cognito-idp:DisassociateWebACL + - cognito-idp:GetWebACLForResource + - apprunner:AssociateWebAcl + - apprunner:DisassociateWebAcl + - apprunner:DescribeWebAclForService + - ec2:AssociateVerifiedAccessInstanceWebAcl + - ec2:DisassociateVerifiedAccessInstanceWebAcl + - ec2:DescribeVerifiedAccessInstanceWebAclAssociations + - ec2:GetVerifiedAccessInstanceWebAcl + delete: + - wafv2:AssociateWebACL + - wafv2:GetWebACLForResource + - wafv2:GetWebACL + - wafv2:DisassociateWebACL + - elasticloadbalancing:SetWebACL + - apigateway:SetWebACL + - appsync:SetWebACL + - cognito-idp:AssociateWebACL + - cognito-idp:DisassociateWebACL + - cognito-idp:GetWebACLForResource + - apprunner:AssociateWebAcl + - apprunner:DisassociateWebAcl + - apprunner:DescribeWebAclForService + - ec2:AssociateVerifiedAccessInstanceWebAcl + - ec2:DisassociateVerifiedAccessInstanceWebAcl + - ec2:DescribeVerifiedAccessInstanceWebAclAssociations + - ec2:GetVerifiedAccessInstanceWebAcl + read: + - wafv2:AssociateWebACL + - wafv2:GetWebACLForResource + - wafv2:GetWebACL + - wafv2:DisassociateWebACL + - elasticloadbalancing:SetWebACL + - apigateway:SetWebACL + - appsync:SetWebACL + - cognito-idp:AssociateWebACL + - cognito-idp:DisassociateWebACL + - cognito-idp:GetWebACLForResource + - apprunner:AssociateWebAcl + - apprunner:DisassociateWebAcl + - apprunner:DescribeWebAclForService + - ec2:AssociateVerifiedAccessInstanceWebAcl + - ec2:DisassociateVerifiedAccessInstanceWebAcl + - ec2:DescribeVerifiedAccessInstanceWebAclAssociations + - ec2:GetVerifiedAccessInstanceWebAcl + update: + - wafv2:AssociateWebACL + - wafv2:GetWebACLForResource + - wafv2:GetWebACL + - wafv2:DisassociateWebACL + - elasticloadbalancing:SetWebACL + - apigateway:SetWebACL + - appsync:SetWebACL + - cognito-idp:AssociateWebACL + - cognito-idp:DisassociateWebACL + - cognito-idp:GetWebACLForResource + - apprunner:AssociateWebAcl + - apprunner:DisassociateWebAcl + - apprunner:DescribeWebAclForService + - ec2:AssociateVerifiedAccessInstanceWebAcl + - ec2:DisassociateVerifiedAccessInstanceWebAcl + - ec2:DescribeVerifiedAccessInstanceWebAclAssociations + - ec2:GetVerifiedAccessInstanceWebAcl + x-stackQL-resources: + ip_sets: + name: ip_sets + id: aws.wafv2.ip_sets + x-cfn-schema-name: IPSet + x-type: list + x-identifiers: + - Name + - Id + - Scope + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Scope') as scope + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WAFv2::IPSet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Scope') as scope + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WAFv2::IPSet' + AND region = 'us-east-1' + ip_set: + name: ip_set + id: aws.wafv2.ip_set + x-cfn-schema-name: IPSet + x-type: get + x-identifiers: + - Name + - Id + - Scope + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Scope') as scope, + JSON_EXTRACT(Properties, '$.IPAddressVersion') as ip_address_version, + JSON_EXTRACT(Properties, '$.Addresses') as addresses, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WAFv2::IPSet' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Scope') as scope, + json_extract_path_text(Properties, 'IPAddressVersion') as ip_address_version, + json_extract_path_text(Properties, 'Addresses') as addresses, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WAFv2::IPSet' + AND data__Identifier = '||' + AND region = 'us-east-1' + logging_configurations: + name: logging_configurations + id: aws.wafv2.logging_configurations + x-cfn-schema-name: LoggingConfiguration + x-type: list + x-identifiers: + - ResourceArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WAFv2::LoggingConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WAFv2::LoggingConfiguration' + AND region = 'us-east-1' + logging_configuration: + name: logging_configuration + id: aws.wafv2.logging_configuration + x-cfn-schema-name: LoggingConfiguration + x-type: get + x-identifiers: + - ResourceArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.LogDestinationConfigs') as log_destination_configs, + JSON_EXTRACT(Properties, '$.RedactedFields') as redacted_fields, + JSON_EXTRACT(Properties, '$.ManagedByFirewallManager') as managed_by_firewall_manager, + JSON_EXTRACT(Properties, '$.LoggingFilter') as logging_filter + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WAFv2::LoggingConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'LogDestinationConfigs') as log_destination_configs, + json_extract_path_text(Properties, 'RedactedFields') as redacted_fields, + json_extract_path_text(Properties, 'ManagedByFirewallManager') as managed_by_firewall_manager, + json_extract_path_text(Properties, 'LoggingFilter') as logging_filter + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WAFv2::LoggingConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + regex_pattern_sets: + name: regex_pattern_sets + id: aws.wafv2.regex_pattern_sets + x-cfn-schema-name: RegexPatternSet + x-type: list + x-identifiers: + - Name + - Id + - Scope + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Scope') as scope + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WAFv2::RegexPatternSet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Scope') as scope + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WAFv2::RegexPatternSet' + AND region = 'us-east-1' + regex_pattern_set: + name: regex_pattern_set + id: aws.wafv2.regex_pattern_set + x-cfn-schema-name: RegexPatternSet + x-type: get + x-identifiers: + - Name + - Id + - Scope + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.RegularExpressionList') as regular_expression_list, + JSON_EXTRACT(Properties, '$.Scope') as scope, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WAFv2::RegexPatternSet' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'RegularExpressionList') as regular_expression_list, + json_extract_path_text(Properties, 'Scope') as scope, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WAFv2::RegexPatternSet' + AND data__Identifier = '||' + AND region = 'us-east-1' + rule_groups: + name: rule_groups + id: aws.wafv2.rule_groups + x-cfn-schema-name: RuleGroup + x-type: list + x-identifiers: + - Name + - Id + - Scope + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Scope') as scope + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WAFv2::RuleGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Scope') as scope + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WAFv2::RuleGroup' + AND region = 'us-east-1' + rule_group: + name: rule_group + id: aws.wafv2.rule_group + x-cfn-schema-name: RuleGroup + x-type: get + x-identifiers: + - Name + - Id + - Scope + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Capacity') as capacity, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Scope') as scope, + JSON_EXTRACT(Properties, '$.Rules') as rules, + JSON_EXTRACT(Properties, '$.VisibilityConfig') as visibility_config, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LabelNamespace') as label_namespace, + JSON_EXTRACT(Properties, '$.CustomResponseBodies') as custom_response_bodies, + JSON_EXTRACT(Properties, '$.AvailableLabels') as available_labels, + JSON_EXTRACT(Properties, '$.ConsumedLabels') as consumed_labels + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WAFv2::RuleGroup' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Capacity') as capacity, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Scope') as scope, + json_extract_path_text(Properties, 'Rules') as rules, + json_extract_path_text(Properties, 'VisibilityConfig') as visibility_config, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LabelNamespace') as label_namespace, + json_extract_path_text(Properties, 'CustomResponseBodies') as custom_response_bodies, + json_extract_path_text(Properties, 'AvailableLabels') as available_labels, + json_extract_path_text(Properties, 'ConsumedLabels') as consumed_labels + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WAFv2::RuleGroup' + AND data__Identifier = '||' + AND region = 'us-east-1' + web_acls: + name: web_acls + id: aws.wafv2.web_acls + x-cfn-schema-name: WebACL + x-type: list + x-identifiers: + - Name + - Id + - Scope + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Scope') as scope + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WAFv2::WebACL' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Scope') as scope + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WAFv2::WebACL' + AND region = 'us-east-1' + web_acl: + name: web_acl + id: aws.wafv2.web_acl + x-cfn-schema-name: WebACL + x-type: get + x-identifiers: + - Name + - Id + - Scope + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Capacity') as capacity, + JSON_EXTRACT(Properties, '$.DefaultAction') as default_action, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Scope') as scope, + JSON_EXTRACT(Properties, '$.Rules') as rules, + JSON_EXTRACT(Properties, '$.VisibilityConfig') as visibility_config, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LabelNamespace') as label_namespace, + JSON_EXTRACT(Properties, '$.CustomResponseBodies') as custom_response_bodies, + JSON_EXTRACT(Properties, '$.CaptchaConfig') as captcha_config, + JSON_EXTRACT(Properties, '$.ChallengeConfig') as challenge_config, + JSON_EXTRACT(Properties, '$.TokenDomains') as token_domains, + JSON_EXTRACT(Properties, '$.AssociationConfig') as association_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WAFv2::WebACL' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Capacity') as capacity, + json_extract_path_text(Properties, 'DefaultAction') as default_action, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Scope') as scope, + json_extract_path_text(Properties, 'Rules') as rules, + json_extract_path_text(Properties, 'VisibilityConfig') as visibility_config, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LabelNamespace') as label_namespace, + json_extract_path_text(Properties, 'CustomResponseBodies') as custom_response_bodies, + json_extract_path_text(Properties, 'CaptchaConfig') as captcha_config, + json_extract_path_text(Properties, 'ChallengeConfig') as challenge_config, + json_extract_path_text(Properties, 'TokenDomains') as token_domains, + json_extract_path_text(Properties, 'AssociationConfig') as association_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WAFv2::WebACL' + AND data__Identifier = '||' + AND region = 'us-east-1' + webacl_association: + name: webacl_association + id: aws.wafv2.webacl_association + x-cfn-schema-name: WebACLAssociation + x-type: get + x-identifiers: + - ResourceArn + - WebACLArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.WebACLArn') as web_acl_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WAFv2::WebACLAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'WebACLArn') as web_acl_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WAFv2::WebACLAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/wisdom.yaml b/providers/src/aws/v00.00.00000/services/wisdom.yaml new file mode 100644 index 00000000..5c9682bb --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/wisdom.yaml @@ -0,0 +1,505 @@ +openapi: 3.0.0 +info: + title: Wisdom + version: 1.0.0 +paths: {} +components: + schemas: + AssistantType: + type: string + enum: + - AGENT + ServerSideEncryptionConfiguration: + type: object + properties: + KmsKeyId: + type: string + maxLength: 4096 + minLength: 1 + additionalProperties: false + Tag: + additionalProperties: false + properties: + Key: + maxLength: 128 + minLength: 1 + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + type: string + Value: + maxLength: 256 + minLength: 1 + type: string + required: + - Key + - Value + type: object + Assistant: + type: object + properties: + Type: + $ref: '#/components/schemas/AssistantType' + Description: + type: string + maxLength: 255 + minLength: 1 + AssistantArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AssistantId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + ServerSideEncryptionConfiguration: + $ref: '#/components/schemas/ServerSideEncryptionConfiguration' + Tags: + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + type: array + Name: + type: string + maxLength: 255 + minLength: 1 + required: + - Name + - Type + x-stackql-resource-name: assistant + description: Definition of AWS::Wisdom::Assistant Resource Type + x-type-name: AWS::Wisdom::Assistant + x-stackql-primary-identifier: + - AssistantId + x-stackql-additional-identifiers: + - - AssistantArn + x-create-only-properties: + - Description + - Name + - ServerSideEncryptionConfiguration + - Tags + - Type + x-read-only-properties: + - AssistantId + - AssistantArn + x-required-properties: + - Name + - Type + x-replacement-strategy: delete_then_create + x-required-permissions: + create: + - kms:CreateGrant + - kms:DescribeKey + - wisdom:CreateAssistant + - wisdom:TagResource + update: + - wisdom:GetAssistant + read: + - wisdom:GetAssistant + list: + - wisdom:ListAssistants + delete: + - wisdom:DeleteAssistant + AssociationData: + type: object + properties: + KnowledgeBaseId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + required: + - KnowledgeBaseId + additionalProperties: false + AssociationType: + type: string + enum: + - KNOWLEDGE_BASE + AssistantAssociation: + type: object + properties: + AssistantAssociationArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AssistantArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AssistantAssociationId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + AssistantId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + Association: + $ref: '#/components/schemas/AssociationData' + AssociationType: + $ref: '#/components/schemas/AssociationType' + Tags: + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + type: array + required: + - Association + - AssociationType + - AssistantId + x-stackql-resource-name: assistant_association + description: Definition of AWS::Wisdom::AssistantAssociation Resource Type + x-type-name: AWS::Wisdom::AssistantAssociation + x-stackql-primary-identifier: + - AssistantAssociationId + - AssistantId + x-stackql-additional-identifiers: + - - AssistantAssociationArn + - AssistantArn + x-create-only-properties: + - Association + - AssociationType + - AssistantId + - Tags + x-read-only-properties: + - AssistantAssociationId + - AssistantAssociationArn + - AssistantArn + x-required-properties: + - Association + - AssociationType + - AssistantId + x-replacement-strategy: delete_then_create + x-required-permissions: + create: + - wisdom:CreateAssistantAssociation + - wisdom:TagResource + update: + - wisdom:GetAssistantAssociation + read: + - wisdom:GetAssistantAssociation + list: + - wisdom:ListAssistantAssociations + delete: + - wisdom:DeleteAssistantAssociation + AppIntegrationsConfiguration: + type: object + properties: + ObjectFields: + type: array + items: + type: string + maxLength: 4096 + minLength: 1 + x-insertionOrder: false + maxItems: 100 + minItems: 1 + AppIntegrationArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:[a-z-]+?:[a-z-]+?:[a-z0-9-]*?:([0-9]{12})?:[a-zA-Z0-9-:/]+$ + required: + - AppIntegrationArn + additionalProperties: false + KnowledgeBaseType: + type: string + enum: + - EXTERNAL + - CUSTOM + RenderingConfiguration: + type: object + properties: + TemplateUri: + type: string + maxLength: 4096 + minLength: 1 + additionalProperties: false + SourceConfiguration: + type: object + properties: + AppIntegrations: + $ref: '#/components/schemas/AppIntegrationsConfiguration' + oneOf: + - required: + - AppIntegrations + additionalProperties: false + KnowledgeBase: + type: object + properties: + Description: + type: string + maxLength: 255 + minLength: 1 + KnowledgeBaseArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + KnowledgeBaseId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + KnowledgeBaseType: + $ref: '#/components/schemas/KnowledgeBaseType' + Name: + type: string + maxLength: 255 + minLength: 1 + RenderingConfiguration: + $ref: '#/components/schemas/RenderingConfiguration' + ServerSideEncryptionConfiguration: + $ref: '#/components/schemas/ServerSideEncryptionConfiguration' + SourceConfiguration: + $ref: '#/components/schemas/SourceConfiguration' + Tags: + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + type: array + required: + - KnowledgeBaseType + - Name + x-stackql-resource-name: knowledge_base + description: Definition of AWS::Wisdom::KnowledgeBase Resource Type + x-type-name: AWS::Wisdom::KnowledgeBase + x-stackql-primary-identifier: + - KnowledgeBaseId + x-stackql-additional-identifiers: + - - KnowledgeBaseArn + x-create-only-properties: + - Description + - KnowledgeBaseType + - Name + - ServerSideEncryptionConfiguration + - SourceConfiguration + - Tags + x-read-only-properties: + - KnowledgeBaseId + - KnowledgeBaseArn + x-required-properties: + - KnowledgeBaseType + - Name + x-replacement-strategy: delete_then_create + x-required-permissions: + create: + - appflow:CreateFlow + - appflow:DeleteFlow + - appflow:StartFlow + - appflow:TagResource + - appflow:UseConnectorProfile + - app-integrations:CreateDataIntegrationAssociation + - app-integrations:GetDataIntegration + - kms:DescribeKey + - kms:CreateGrant + - kms:ListGrants + - wisdom:CreateKnowledgeBase + - wisdom:TagResource + update: + - wisdom:GetKnowledgeBase + delete: + - appflow:DeleteFlow + - appflow:StopFlow + - app-integrations:DeleteDataIntegrationAssociation + - wisdom:DeleteKnowledgeBase + list: + - wisdom:ListKnowledgeBases + read: + - wisdom:GetKnowledgeBase + x-stackQL-resources: + assistants: + name: assistants + id: aws.wisdom.assistants + x-cfn-schema-name: Assistant + x-type: list + x-identifiers: + - AssistantId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::Assistant' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssistantId') as assistant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::Assistant' + AND region = 'us-east-1' + assistant: + name: assistant + id: aws.wisdom.assistant + x-cfn-schema-name: Assistant + x-type: get + x-identifiers: + - AssistantId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::Assistant' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(Properties, 'AssistantId') as assistant_id, + json_extract_path_text(Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::Assistant' + AND data__Identifier = '' + AND region = 'us-east-1' + assistant_associations: + name: assistant_associations + id: aws.wisdom.assistant_associations + x-cfn-schema-name: AssistantAssociation + x-type: list + x-identifiers: + - AssistantAssociationId + - AssistantId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssistantAssociationId') as assistant_association_id, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssistantAssociationId') as assistant_association_id, + json_extract_path_text(Properties, 'AssistantId') as assistant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND region = 'us-east-1' + assistant_association: + name: assistant_association + id: aws.wisdom.assistant_association + x-cfn-schema-name: AssistantAssociation + x-type: get + x-identifiers: + - AssistantAssociationId + - AssistantId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AssistantAssociationArn') as assistant_association_arn, + JSON_EXTRACT(Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(Properties, '$.AssistantAssociationId') as assistant_association_id, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(Properties, '$.Association') as association, + JSON_EXTRACT(Properties, '$.AssociationType') as association_type, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AssistantAssociationArn') as assistant_association_arn, + json_extract_path_text(Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(Properties, 'AssistantAssociationId') as assistant_association_id, + json_extract_path_text(Properties, 'AssistantId') as assistant_id, + json_extract_path_text(Properties, 'Association') as association, + json_extract_path_text(Properties, 'AssociationType') as association_type, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + knowledge_bases: + name: knowledge_bases + id: aws.wisdom.knowledge_bases + x-cfn-schema-name: KnowledgeBase + x-type: list + x-identifiers: + - KnowledgeBaseId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::KnowledgeBase' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::KnowledgeBase' + AND region = 'us-east-1' + knowledge_base: + name: knowledge_base + id: aws.wisdom.knowledge_base + x-cfn-schema-name: KnowledgeBase + x-type: get + x-identifiers: + - KnowledgeBaseId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, + JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id, + JSON_EXTRACT(Properties, '$.KnowledgeBaseType') as knowledge_base_type, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RenderingConfiguration') as rendering_configuration, + JSON_EXTRACT(Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + JSON_EXTRACT(Properties, '$.SourceConfiguration') as source_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::KnowledgeBase' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'KnowledgeBaseArn') as knowledge_base_arn, + json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id, + json_extract_path_text(Properties, 'KnowledgeBaseType') as knowledge_base_type, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RenderingConfiguration') as rendering_configuration, + json_extract_path_text(Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + json_extract_path_text(Properties, 'SourceConfiguration') as source_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::KnowledgeBase' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/workspaces.yaml b/providers/src/aws/v00.00.00000/services/workspaces.yaml new file mode 100644 index 00000000..d5f65d1c --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/workspaces.yaml @@ -0,0 +1,133 @@ +openapi: 3.0.0 +info: + title: WorkSpaces + version: 1.0.0 +paths: {} +components: + schemas: + ConnectionAliasAssociation: + type: object + additionalProperties: false + properties: + AssociationStatus: + type: string + enum: + - NOT_ASSOCIATED + - PENDING_ASSOCIATION + - ASSOCIATED_WITH_OWNER_ACCOUNT + - ASSOCIATED_WITH_SHARED_ACCOUNT + - PENDING_DISASSOCIATION + AssociatedAccountId: + type: string + ResourceId: + type: string + pattern: .+ + minLength: 1 + maxLength: 1000 + ConnectionIdentifier: + type: string + maxLength: 20 + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + Value: + type: string + required: + - Value + - Key + ConnectionAlias: + type: object + properties: + Associations: + type: array + maxLength: 25 + minLength: 1 + items: + $ref: '#/components/schemas/ConnectionAliasAssociation' + AliasId: + type: string + pattern: ^wsca-[0-9a-z]{8,63}$ + maxLength: 68 + minLength: 13 + ConnectionString: + type: string + pattern: ^[.0-9a-zA-Z\-]{1,255}$ + minLength: 1 + maxLength: 255 + ConnectionAliasState: + type: string + enum: + - CREATING + - CREATED + - DELETING + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + required: + - ConnectionString + x-stackql-resource-name: connection_alias + description: Resource Type definition for AWS::WorkSpaces::ConnectionAlias + x-type-name: AWS::WorkSpaces::ConnectionAlias + x-stackql-primary-identifier: + - AliasId + x-create-only-properties: + - ConnectionString + - Tags + x-read-only-properties: + - ConnectionAliasState + - AliasId + - Associations + x-required-properties: + - ConnectionString + x-required-permissions: + create: + - workspaces:CreateConnectionAlias + read: + - workspaces:DescribeConnectionAliases + delete: + - workspaces:DeleteConnectionAlias + x-stackQL-resources: + connection_alias: + name: connection_alias + id: aws.workspaces.connection_alias + x-cfn-schema-name: ConnectionAlias + x-type: get + x-identifiers: + - AliasId + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Associations') as associations, + JSON_EXTRACT(Properties, '$.AliasId') as alias_id, + JSON_EXTRACT(Properties, '$.ConnectionString') as connection_string, + JSON_EXTRACT(Properties, '$.ConnectionAliasState') as connection_alias_state, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpaces::ConnectionAlias' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Associations') as associations, + json_extract_path_text(Properties, 'AliasId') as alias_id, + json_extract_path_text(Properties, 'ConnectionString') as connection_string, + json_extract_path_text(Properties, 'ConnectionAliasState') as connection_alias_state, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpaces::ConnectionAlias' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/workspacesthinclient.yaml b/providers/src/aws/v00.00.00000/services/workspacesthinclient.yaml new file mode 100644 index 00000000..cb4ab30b --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/workspacesthinclient.yaml @@ -0,0 +1,339 @@ +openapi: 3.0.0 +info: + title: WorkSpacesThinClient + version: 1.0.0 +paths: {} +components: + schemas: + Hour: + type: integer + minimum: 0 + maximum: 23 + Minute: + type: integer + minimum: 0 + maximum: 59 + DayOfWeek: + type: string + enum: + - MONDAY + - TUESDAY + - WEDNESDAY + - THURSDAY + - FRIDAY + - SATURDAY + - SUNDAY + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 1 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + maxLength: 256 + required: + - Key + - Value + MaintenanceWindow: + type: object + additionalProperties: false + properties: + Type: + description: The type of maintenance window. + type: string + enum: + - SYSTEM + - CUSTOM + StartTimeHour: + description: The hour start time of maintenance window. + $ref: '#/components/schemas/Hour' + StartTimeMinute: + description: The minute start time of maintenance window. + $ref: '#/components/schemas/Minute' + EndTimeHour: + description: The hour end time of maintenance window. + $ref: '#/components/schemas/Hour' + EndTimeMinute: + description: The minute end time of maintenance window. + $ref: '#/components/schemas/Minute' + DaysOfTheWeek: + description: The date of maintenance window. + type: array + minItems: 1 + maxItems: 7 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/DayOfWeek' + ApplyTimeOf: + description: The desired time zone maintenance window. + type: string + enum: + - UTC + - DEVICE + required: + - Type + Environment: + type: object + properties: + Id: + description: Unique identifier of the environment. + type: string + pattern: ^[a-z0-9]{9}$ + Name: + description: The name of the environment. + type: string + pattern: ^.+$ + minLength: 1 + maxLength: 64 + DesktopArn: + description: The Amazon Resource Name (ARN) of the desktop to stream from Amazon WorkSpaces, WorkSpaces Web, or AppStream 2.0. + type: string + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[0-9]{0,12}:[a-zA-Z0-9\-\/\._]+$ + minLength: 20 + maxLength: 2048 + DesktopEndpoint: + description: The URL for the identity provider login (only for environments that use AppStream 2.0). + type: string + pattern: ^(https:\/\/)[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,32}(:[0-9]{1,5})?(\/.*)?$ + minLength: 1 + maxLength: 1024 + DesktopType: + description: The type of VDI. + type: string + enum: + - workspaces + - appstream + - workspaces-web + ActivationCode: + description: Activation code for devices associated with environment. + type: string + pattern: ^[a-z]{2}[a-z0-9]{6}$ + RegisteredDevicesCount: + description: Number of devices registered to the environment. + type: integer + minimum: 0 + SoftwareSetUpdateSchedule: + description: An option to define if software updates should be applied within a maintenance window. + type: string + enum: + - USE_MAINTENANCE_WINDOW + - APPLY_IMMEDIATELY + MaintenanceWindow: + description: A specification for a time window to apply software updates. + $ref: '#/components/schemas/MaintenanceWindow' + SoftwareSetUpdateMode: + description: An option to define which software updates to apply. + type: string + enum: + - USE_LATEST + - USE_DESIRED + DesiredSoftwareSetId: + description: The ID of the software set to apply. + type: string + pattern: ^[0-9]{1,9}$ + PendingSoftwareSetId: + description: The ID of the software set that is pending to be installed. + type: string + pattern: ^[0-9]{1,9}$ + PendingSoftwareSetVersion: + description: The version of the software set that is pending to be installed. + type: string + SoftwareSetComplianceStatus: + description: Describes if the software currently installed on all devices in the environment is a supported version. + type: string + enum: + - COMPLIANT + - NOT_COMPLIANT + - NO_REGISTERED_DEVICES + CreatedAt: + description: The timestamp in unix epoch format when environment was created. + type: string + UpdatedAt: + description: The timestamp in unix epoch format when environment was last updated. + type: string + Arn: + description: The environment ARN. + type: string + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[0-9]{0,12}:[a-zA-Z0-9\-\/\._]+$ + minLength: 20 + maxLength: 2048 + KmsKeyArn: + description: The Amazon Resource Name (ARN) of the AWS Key Management Service key used to encrypt the environment. + type: string + pattern: ^arn:[\w+=\/,.@-]+:kms:[a-zA-Z0-9\-]*:[0-9]{0,12}:key\/[a-zA-Z0-9-]+$ + minLength: 20 + maxLength: 2048 + Tags: + type: array + maxItems: 20 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + required: + - DesktopArn + x-stackql-resource-name: environment + description: Resource type definition for AWS::WorkSpacesThinClient::Environment. + x-type-name: AWS::WorkSpacesThinClient::Environment + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - KmsKeyArn + - DesktopArn + x-read-only-properties: + - Id + - ActivationCode + - Arn + - CreatedAt + - DesktopType + - RegisteredDevicesCount + - UpdatedAt + - PendingSoftwareSetId + - PendingSoftwareSetVersion + - SoftwareSetComplianceStatus + x-required-properties: + - DesktopArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - thinclient:CreateEnvironment + - thinclient:TagResource + - thinclient:ListTagsForResource + - appstream:DescribeStacks + - workspaces:DescribeWorkspaceDirectories + - workspaces-web:GetPortal + - workspaces-web:GetUserSettings + - kms:DescribeKey + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + read: + - thinclient:GetEnvironment + - thinclient:ListTagsForResource + - kms:Decrypt + update: + - appstream:DescribeStacks + - workspaces:DescribeWorkspaceDirectories + - workspaces-web:GetPortal + - workspaces-web:GetUserSettings + - thinclient:UpdateEnvironment + - thinclient:GetEnvironment + - thinclient:TagResource + - thinclient:UntagResource + - thinclient:ListTagsForResource + - kms:Decrypt + - kms:GenerateDataKey + delete: + - thinclient:DeleteEnvironment + - thinclient:UntagResource + - kms:Decrypt + - kms:RetireGrant + list: + - thinclient:ListEnvironment + - thinclient:ListTagsForResource + - kms:Decrypt + x-stackQL-resources: + environments: + name: environments + id: aws.workspacesthinclient.environments + x-cfn-schema-name: Environment + x-type: list + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpacesThinClient::Environment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpacesThinClient::Environment' + AND region = 'us-east-1' + environment: + name: environment + id: aws.workspacesthinclient.environment + x-cfn-schema-name: Environment + x-type: get + x-identifiers: + - Id + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.DesktopArn') as desktop_arn, + JSON_EXTRACT(Properties, '$.DesktopEndpoint') as desktop_endpoint, + JSON_EXTRACT(Properties, '$.DesktopType') as desktop_type, + JSON_EXTRACT(Properties, '$.ActivationCode') as activation_code, + JSON_EXTRACT(Properties, '$.RegisteredDevicesCount') as registered_devices_count, + JSON_EXTRACT(Properties, '$.SoftwareSetUpdateSchedule') as software_set_update_schedule, + JSON_EXTRACT(Properties, '$.MaintenanceWindow') as maintenance_window, + JSON_EXTRACT(Properties, '$.SoftwareSetUpdateMode') as software_set_update_mode, + JSON_EXTRACT(Properties, '$.DesiredSoftwareSetId') as desired_software_set_id, + JSON_EXTRACT(Properties, '$.PendingSoftwareSetId') as pending_software_set_id, + JSON_EXTRACT(Properties, '$.PendingSoftwareSetVersion') as pending_software_set_version, + JSON_EXTRACT(Properties, '$.SoftwareSetComplianceStatus') as software_set_compliance_status, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesThinClient::Environment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'DesktopArn') as desktop_arn, + json_extract_path_text(Properties, 'DesktopEndpoint') as desktop_endpoint, + json_extract_path_text(Properties, 'DesktopType') as desktop_type, + json_extract_path_text(Properties, 'ActivationCode') as activation_code, + json_extract_path_text(Properties, 'RegisteredDevicesCount') as registered_devices_count, + json_extract_path_text(Properties, 'SoftwareSetUpdateSchedule') as software_set_update_schedule, + json_extract_path_text(Properties, 'MaintenanceWindow') as maintenance_window, + json_extract_path_text(Properties, 'SoftwareSetUpdateMode') as software_set_update_mode, + json_extract_path_text(Properties, 'DesiredSoftwareSetId') as desired_software_set_id, + json_extract_path_text(Properties, 'PendingSoftwareSetId') as pending_software_set_id, + json_extract_path_text(Properties, 'PendingSoftwareSetVersion') as pending_software_set_version, + json_extract_path_text(Properties, 'SoftwareSetComplianceStatus') as software_set_compliance_status, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesThinClient::Environment' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/workspacesweb.yaml b/providers/src/aws/v00.00.00000/services/workspacesweb.yaml new file mode 100644 index 00000000..dde7213c --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/workspacesweb.yaml @@ -0,0 +1,1378 @@ +openapi: 3.0.0 +info: + title: WorkSpacesWeb + version: 1.0.0 +paths: {} +components: + schemas: + EncryptionContextMap: + type: object + x-patternProperties: + ^[\s\S]*$: + type: string + maxLength: 131072 + minLength: 0 + pattern: ^[\s\S]*$ + additionalProperties: false + Tag: + type: object + properties: + Key: + type: string + maxLength: 128 + minLength: 1 + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ + Value: + type: string + maxLength: 256 + minLength: 0 + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ + required: + - Key + - Value + additionalProperties: false + BrowserSettings: + type: object + properties: + AdditionalEncryptionContext: + $ref: '#/components/schemas/EncryptionContextMap' + AssociatedPortalArns: + type: array + items: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + x-insertionOrder: false + BrowserPolicy: + type: string + maxLength: 131072 + minLength: 2 + pattern: \{[\S\s]*\}\s* + BrowserSettingsArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + CustomerManagedKey: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:kms:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:key\/[a-zA-Z0-9-]+$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-insertionOrder: false + x-stackql-resource-name: browser_settings + description: Definition of AWS::WorkSpacesWeb::BrowserSettings Resource Type + x-type-name: AWS::WorkSpacesWeb::BrowserSettings + x-stackql-primary-identifier: + - BrowserSettingsArn + x-create-only-properties: + - AdditionalEncryptionContext + - CustomerManagedKey + x-write-only-properties: + - AdditionalEncryptionContext + - CustomerManagedKey + x-read-only-properties: + - AssociatedPortalArns + - BrowserSettingsArn + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - workspaces-web:CreateBrowserSettings + - workspaces-web:GetBrowserSettings + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + read: + - workspaces-web:GetBrowserSettings + - workspaces-web:ListBrowserSettings + - workspaces-web:ListTagsForResource + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + update: + - workspaces-web:UpdateBrowserSettings + - workspaces-web:TagResource + - workspaces-web:UntagResource + - workspaces-web:GetBrowserSettings + - workspaces-web:ListBrowserSettings + - workspaces-web:ListTagsForResource + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + delete: + - workspaces-web:GetBrowserSettings + - workspaces-web:DeleteBrowserSettings + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + list: + - workspaces-web:ListBrowserSettings + IdentityProviderDetails: + type: object + x-patternProperties: + ^[\s\S]*$: + type: string + maxLength: 131072 + minLength: 0 + pattern: ^[\s\S]*$ + additionalProperties: false + IdentityProviderType: + type: string + enum: + - SAML + - Facebook + - Google + - LoginWithAmazon + - SignInWithApple + - OIDC + IdentityProvider: + type: object + properties: + IdentityProviderArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36}){2,}$ + IdentityProviderDetails: + $ref: '#/components/schemas/IdentityProviderDetails' + IdentityProviderName: + type: string + maxLength: 32 + minLength: 1 + pattern: ^[^_][\p{L}\p{M}\p{S}\p{N}\p{P}][^_]+$ + IdentityProviderType: + $ref: '#/components/schemas/IdentityProviderType' + PortalArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + required: + - IdentityProviderDetails + - IdentityProviderName + - IdentityProviderType + x-stackql-resource-name: identity_provider + description: Definition of AWS::WorkSpacesWeb::IdentityProvider Resource Type + x-type-name: AWS::WorkSpacesWeb::IdentityProvider + x-stackql-primary-identifier: + - IdentityProviderArn + x-create-only-properties: + - PortalArn + x-write-only-properties: + - PortalArn + x-read-only-properties: + - IdentityProviderArn + x-required-properties: + - IdentityProviderDetails + - IdentityProviderName + - IdentityProviderType + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - workspaces-web:CreateIdentityProvider + - workspaces-web:GetIdentityProvider + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource + read: + - workspaces-web:GetIdentityProvider + - workspaces-web:ListIdentityProviders + - workspaces-web:ListTagsForResource + update: + - workspaces-web:UpdateIdentityProvider + - workspaces-web:TagResource + - workspaces-web:UntagResource + - workspaces-web:GetIdentityProvider + - workspaces-web:ListIdentityProviders + - workspaces-web:ListTagsForResource + delete: + - workspaces-web:GetIdentityProvider + - workspaces-web:DeleteIdentityProvider + list: + - workspaces-web:ListIdentityProviders + IpRule: + type: object + properties: + IpRange: + type: string + pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:/([0-9]|[12][0-9]|3[0-2])|)$ + description: A single IP address or an IP address range in CIDR notation + Description: + type: string + maxLength: 256 + minLength: 1 + pattern: ^.+$ + required: + - IpRange + additionalProperties: false + IpAccessSettings: + type: object + properties: + AdditionalEncryptionContext: + $ref: '#/components/schemas/EncryptionContextMap' + AssociatedPortalArns: + type: array + items: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + x-insertionOrder: false + CreationDate: + type: string + format: date-time + CustomerManagedKey: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:kms:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:key\/[a-zA-Z0-9-]+$ + Description: + type: string + maxLength: 256 + minLength: 1 + pattern: ^.+$ + DisplayName: + type: string + maxLength: 64 + minLength: 1 + pattern: ^.+$ + IpAccessSettingsArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + IpRules: + type: array + items: + $ref: '#/components/schemas/IpRule' + maxItems: 100 + minItems: 1 + x-insertionOrder: false + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-insertionOrder: false + required: + - IpRules + x-stackql-resource-name: ip_access_settings + description: Definition of AWS::WorkSpacesWeb::IpAccessSettings Resource Type + x-type-name: AWS::WorkSpacesWeb::IpAccessSettings + x-stackql-primary-identifier: + - IpAccessSettingsArn + x-create-only-properties: + - AdditionalEncryptionContext + - CustomerManagedKey + x-write-only-properties: + - AdditionalEncryptionContext + - CustomerManagedKey + x-read-only-properties: + - AssociatedPortalArns + - CreationDate + - IpAccessSettingsArn + x-required-properties: + - IpRules + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - workspaces-web:CreateIpAccessSettings + - workspaces-web:GetIpAccessSettings + - workspaces-web:ListIpAccessSettings + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + read: + - workspaces-web:GetIpAccessSettings + - workspaces-web:ListIpAccessSettings + - workspaces-web:ListTagsForResource + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + update: + - workspaces-web:UpdateIpAccessSettings + - workspaces-web:TagResource + - workspaces-web:UntagResource + - workspaces-web:GetIpAccessSettings + - workspaces-web:ListIpAccessSettings + - workspaces-web:ListTagsForResource + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + delete: + - workspaces-web:GetIpAccessSettings + - workspaces-web:ListIpAccessSettings + - workspaces-web:DeleteIpAccessSettings + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + list: + - workspaces-web:ListIpAccessSettings + NetworkSettings: + type: object + properties: + AssociatedPortalArns: + type: array + items: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + x-insertionOrder: false + NetworkSettingsArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + SecurityGroupIds: + type: array + items: + type: string + maxLength: 128 + minLength: 1 + pattern: ^[\w+\-]+$ + maxItems: 5 + minItems: 1 + x-insertionOrder: false + SubnetIds: + type: array + items: + type: string + maxLength: 32 + minLength: 1 + pattern: ^subnet-([0-9a-f]{8}|[0-9a-f]{17})$ + maxItems: 3 + minItems: 2 + x-insertionOrder: false + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-insertionOrder: false + VpcId: + type: string + maxLength: 255 + minLength: 1 + pattern: ^vpc-[0-9a-z]*$ + required: + - SecurityGroupIds + - SubnetIds + - VpcId + x-stackql-resource-name: network_settings + description: Definition of AWS::WorkSpacesWeb::NetworkSettings Resource Type + x-type-name: AWS::WorkSpacesWeb::NetworkSettings + x-stackql-primary-identifier: + - NetworkSettingsArn + x-read-only-properties: + - AssociatedPortalArns + - NetworkSettingsArn + x-required-properties: + - SecurityGroupIds + - SubnetIds + - VpcId + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - workspaces-web:CreateNetworkSettings + - workspaces-web:GetNetworkSettings + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource + read: + - workspaces-web:GetNetworkSettings + - workspaces-web:ListTagsForResource + update: + - workspaces-web:UpdateNetworkSettings + - workspaces-web:UpdateResource + - workspaces-web:TagResource + - workspaces-web:UntagResource + - workspaces-web:GetNetworkSettings + - workspaces-web:ListTagsForResource + delete: + - workspaces-web:GetNetworkSettings + - workspaces-web:DeleteNetworkSettings + list: + - workspaces-web:ListNetworkSettings + AuthenticationType: + type: string + enum: + - Standard + - IAM_Identity_Center + BrowserType: + type: string + enum: + - Chrome + PortalStatus: + type: string + enum: + - Incomplete + - Pending + - Active + RendererType: + type: string + enum: + - AppStream + Portal: + type: object + properties: + AdditionalEncryptionContext: + $ref: '#/components/schemas/EncryptionContextMap' + AuthenticationType: + $ref: '#/components/schemas/AuthenticationType' + BrowserSettingsArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + BrowserType: + $ref: '#/components/schemas/BrowserType' + CreationDate: + type: string + format: date-time + CustomerManagedKey: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:kms:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:key\/[a-zA-Z0-9-]+$ + DisplayName: + type: string + maxLength: 64 + minLength: 1 + pattern: ^.+$ + IpAccessSettingsArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + NetworkSettingsArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + PortalArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + PortalEndpoint: + type: string + maxLength: 253 + minLength: 1 + pattern: ^[a-zA-Z0-9]?((?!-)([A-Za-z0-9-]*[A-Za-z0-9])\.)+[a-zA-Z0-9]+$ + PortalStatus: + $ref: '#/components/schemas/PortalStatus' + RendererType: + $ref: '#/components/schemas/RendererType' + ServiceProviderSamlMetadata: + type: string + maxLength: 204800 + minLength: 0 + pattern: ^.*$ + StatusReason: + type: string + maxLength: 1024 + minLength: 1 + pattern: .* + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-insertionOrder: false + TrustStoreArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + UserAccessLoggingSettingsArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + UserSettingsArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + x-stackql-resource-name: portal + description: Definition of AWS::WorkSpacesWeb::Portal Resource Type + x-type-name: AWS::WorkSpacesWeb::Portal + x-stackql-primary-identifier: + - PortalArn + x-create-only-properties: + - AdditionalEncryptionContext + - CustomerManagedKey + x-write-only-properties: + - AdditionalEncryptionContext + - CustomerManagedKey + x-read-only-properties: + - BrowserType + - CreationDate + - PortalArn + - PortalEndpoint + - PortalStatus + - RendererType + - ServiceProviderSamlMetadata + - StatusReason + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - workspaces-web:CreatePortal + - workspaces-web:GetPortal + - workspaces-web:GetPortalServiceProviderMetadata + - workspaces-web:AssociateBrowserSettings + - workspaces-web:AssociateIpAccessSettings + - workspaces-web:AssociateNetworkSettings + - workspaces-web:AssociateTrustStore + - workspaces-web:AssociateUserAccessLoggingSettings + - workspaces-web:AssociateUserSettings + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + - ec2:CreateNetworkInterface + - ec2:CreateNetworkInterfacePermission + - ec2:DeleteNetworkInterface + - ec2:DeleteNetworkInterfacePermission + - ec2:ModifyNetworkInterfaceAttribute + - kinesis:PutRecord + - kinesis:PutRecords + - kinesis:DescribeStreamSummary + - sso:CreateManagedApplicationInstance + - sso:DescribeRegisteredRegions + read: + - workspaces-web:GetPortal + - workspaces-web:GetPortalServiceProviderMetadata + - workspaces-web:ListTagsForResource + - kms:Decrypt + update: + - workspaces-web:GetPortal + - workspaces-web:GetPortalServiceProviderMetadata + - workspaces-web:UpdatePortal + - workspaces-web:AssociateBrowserSettings + - workspaces-web:AssociateIpAccessSettings + - workspaces-web:AssociateNetworkSettings + - workspaces-web:AssociateTrustStore + - workspaces-web:AssociateUserAccessLoggingSettings + - workspaces-web:AssociateUserSettings + - workspaces-web:DisassociateBrowserSettings + - workspaces-web:DisassociateIpAccessSettings + - workspaces-web:DisassociateNetworkSettings + - workspaces-web:DisassociateTrustStore + - workspaces-web:DisassociateUserAccessLoggingSettings + - workspaces-web:DisassociateUserSettings + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource + - workspaces-web:UntagResource + - kms:CreateGrant + - kms:Encrypt + - kms:GenerateDataKey + - kms:Decrypt + - ec2:CreateNetworkInterface + - ec2:CreateNetworkInterfacePermission + - ec2:DeleteNetworkInterface + - ec2:DeleteNetworkInterfacePermission + - ec2:ModifyNetworkInterfaceAttribute + - kinesis:PutRecord + - kinesis:PutRecords + - kinesis:DescribeStreamSummary + - sso:CreateManagedApplicationInstance + - sso:DeleteManagedApplicationInstance + - sso:DescribeRegisteredRegions + - sso:GetApplicationInstance + - sso:ListApplicationInstances + delete: + - workspaces-web:GetPortal + - workspaces-web:DeletePortal + - workspaces-web:DisassociateBrowserSettings + - workspaces-web:DisassociateIpAccessSettings + - workspaces-web:DisassociateNetworkSettings + - workspaces-web:DisassociateTrustStore + - workspaces-web:DisassociateUserAccessLoggingSettings + - workspaces-web:DisassociateUserSettings + - kms:Decrypt + - sso:DeleteManagedApplicationInstance + list: + - workspaces-web:ListPortals + - kms:Decrypt + TrustStore: + type: object + properties: + AssociatedPortalArns: + type: array + items: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + x-insertionOrder: false + CertificateList: + type: array + items: + type: string + x-insertionOrder: false + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-insertionOrder: false + TrustStoreArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + required: + - CertificateList + x-stackql-resource-name: trust_store + description: Definition of AWS::WorkSpacesWeb::TrustStore Resource Type + x-type-name: AWS::WorkSpacesWeb::TrustStore + x-stackql-primary-identifier: + - TrustStoreArn + x-read-only-properties: + - AssociatedPortalArns + - TrustStoreArn + x-required-properties: + - CertificateList + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - workspaces-web:CreateTrustStore + - workspaces-web:GetTrustStore + - workspaces-web:GetTrustStoreCertificate + - workspaces-web:ListTrustStoreCertificates + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource + read: + - workspaces-web:GetTrustStore + - workspaces-web:GetTrustStoreCertificate + - workspaces-web:ListTagsForResource + - workspaces-web:ListTrustStoreCertificates + update: + - workspaces-web:UpdateTrustStore + - workspaces-web:TagResource + - workspaces-web:UntagResource + - workspaces-web:GetTrustStore + - workspaces-web:GetTrustStoreCertificate + - workspaces-web:ListTagsForResource + - workspaces-web:ListTrustStoreCertificates + delete: + - workspaces-web:GetTrustStore + - workspaces-web:GetTrustStoreCertificate + - workspaces-web:DeleteTrustStore + list: + - workspaces-web:ListTrustStores + - workspaces-web:ListTrustStoreCertificates + UserAccessLoggingSettings: + type: object + properties: + AssociatedPortalArns: + type: array + items: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + x-insertionOrder: false + KinesisStreamArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: arn:[\w+=/,.@-]+:kinesis:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:stream/.+ + description: Kinesis stream ARN to which log events are published. + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-insertionOrder: false + UserAccessLoggingSettingsArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + required: + - KinesisStreamArn + x-stackql-resource-name: user_access_logging_settings + description: Definition of AWS::WorkSpacesWeb::UserAccessLoggingSettings Resource Type + x-type-name: AWS::WorkSpacesWeb::UserAccessLoggingSettings + x-stackql-primary-identifier: + - UserAccessLoggingSettingsArn + x-read-only-properties: + - AssociatedPortalArns + - UserAccessLoggingSettingsArn + x-required-properties: + - KinesisStreamArn + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - workspaces-web:CreateUserAccessLoggingSettings + - workspaces-web:GetUserAccessLoggingSettings + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource + read: + - workspaces-web:GetUserAccessLoggingSettings + - workspaces-web:ListTagsForResource + update: + - workspaces-web:UpdateUserAccessLoggingSettings + - workspaces-web:TagResource + - workspaces-web:UntagResource + - workspaces-web:GetUserAccessLoggingSettings + - workspaces-web:ListTagsForResource + - kinesis:PutRecord + - kinesis:PutRecords + delete: + - workspaces-web:GetUserAccessLoggingSettings + - workspaces-web:DeleteUserAccessLoggingSettings + list: + - workspaces-web:ListUserAccessLoggingSettings + CookieSpecification: + type: object + properties: + Domain: + type: string + maxLength: 253 + minLength: 0 + pattern: ^(\.?)(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)*[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$ + Name: + type: string + maxLength: 4096 + minLength: 0 + Path: + type: string + maxLength: 2000 + minLength: 0 + pattern: ^/(\S)*$ + required: + - Domain + additionalProperties: false + CookieSynchronizationConfiguration: + type: object + properties: + Allowlist: + type: array + items: + $ref: '#/components/schemas/CookieSpecification' + maxItems: 10 + minItems: 0 + x-insertionOrder: false + Blocklist: + type: array + items: + $ref: '#/components/schemas/CookieSpecification' + maxItems: 10 + minItems: 0 + x-insertionOrder: false + required: + - Allowlist + additionalProperties: false + EnabledType: + type: string + enum: + - Disabled + - Enabled + UserSettings: + type: object + properties: + AdditionalEncryptionContext: + $ref: '#/components/schemas/EncryptionContextMap' + AssociatedPortalArns: + type: array + items: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + x-insertionOrder: false + CookieSynchronizationConfiguration: + $ref: '#/components/schemas/CookieSynchronizationConfiguration' + CopyAllowed: + $ref: '#/components/schemas/EnabledType' + CustomerManagedKey: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:kms:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:key\/[a-zA-Z0-9-]+$ + DisconnectTimeoutInMinutes: + type: number + default: null + maximum: 600 + minimum: 1 + DownloadAllowed: + $ref: '#/components/schemas/EnabledType' + IdleDisconnectTimeoutInMinutes: + type: number + default: null + maximum: 60 + minimum: 0 + PasteAllowed: + $ref: '#/components/schemas/EnabledType' + PrintAllowed: + $ref: '#/components/schemas/EnabledType' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-insertionOrder: false + UploadAllowed: + $ref: '#/components/schemas/EnabledType' + UserSettingsArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + required: + - CopyAllowed + - DownloadAllowed + - PasteAllowed + - PrintAllowed + - UploadAllowed + x-stackql-resource-name: user_settings + description: Definition of AWS::WorkSpacesWeb::UserSettings Resource Type + x-type-name: AWS::WorkSpacesWeb::UserSettings + x-stackql-primary-identifier: + - UserSettingsArn + x-create-only-properties: + - AdditionalEncryptionContext + - CustomerManagedKey + x-write-only-properties: + - AdditionalEncryptionContext + - CustomerManagedKey + x-read-only-properties: + - AssociatedPortalArns + - UserSettingsArn + x-required-properties: + - CopyAllowed + - DownloadAllowed + - PasteAllowed + - PrintAllowed + - UploadAllowed + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - workspaces-web:CreateUserSettings + - workspaces-web:GetUserSettings + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + read: + - workspaces-web:GetUserSettings + - workspaces-web:ListTagsForResource + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + update: + - workspaces-web:UpdateUserSettings + - workspaces-web:TagResource + - workspaces-web:UntagResource + - workspaces-web:GetUserSettings + - workspaces-web:ListTagsForResource + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + delete: + - workspaces-web:GetUserSettings + - workspaces-web:DeleteUserSettings + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + list: + - workspaces-web:ListUserSettings + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + x-stackQL-resources: + browser_settings: + name: browser_settings + id: aws.workspacesweb.browser_settings + x-cfn-schema-name: BrowserSettings + x-type: get + x-identifiers: + - BrowserSettingsArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AdditionalEncryptionContext') as additional_encryption_context, + JSON_EXTRACT(Properties, '$.AssociatedPortalArns') as associated_portal_arns, + JSON_EXTRACT(Properties, '$.BrowserPolicy') as browser_policy, + JSON_EXTRACT(Properties, '$.BrowserSettingsArn') as browser_settings_arn, + JSON_EXTRACT(Properties, '$.CustomerManagedKey') as customer_managed_key, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AdditionalEncryptionContext') as additional_encryption_context, + json_extract_path_text(Properties, 'AssociatedPortalArns') as associated_portal_arns, + json_extract_path_text(Properties, 'BrowserPolicy') as browser_policy, + json_extract_path_text(Properties, 'BrowserSettingsArn') as browser_settings_arn, + json_extract_path_text(Properties, 'CustomerManagedKey') as customer_managed_key, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + AND data__Identifier = '' + AND region = 'us-east-1' + identity_providers: + name: identity_providers + id: aws.workspacesweb.identity_providers + x-cfn-schema-name: IdentityProvider + x-type: list + x-identifiers: + - IdentityProviderArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.IdentityProviderArn') as identity_provider_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpacesWeb::IdentityProvider' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'IdentityProviderArn') as identity_provider_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpacesWeb::IdentityProvider' + AND region = 'us-east-1' + identity_provider: + name: identity_provider + id: aws.workspacesweb.identity_provider + x-cfn-schema-name: IdentityProvider + x-type: get + x-identifiers: + - IdentityProviderArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IdentityProviderArn') as identity_provider_arn, + JSON_EXTRACT(Properties, '$.IdentityProviderDetails') as identity_provider_details, + JSON_EXTRACT(Properties, '$.IdentityProviderName') as identity_provider_name, + JSON_EXTRACT(Properties, '$.IdentityProviderType') as identity_provider_type, + JSON_EXTRACT(Properties, '$.PortalArn') as portal_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::IdentityProvider' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IdentityProviderArn') as identity_provider_arn, + json_extract_path_text(Properties, 'IdentityProviderDetails') as identity_provider_details, + json_extract_path_text(Properties, 'IdentityProviderName') as identity_provider_name, + json_extract_path_text(Properties, 'IdentityProviderType') as identity_provider_type, + json_extract_path_text(Properties, 'PortalArn') as portal_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::IdentityProvider' + AND data__Identifier = '' + AND region = 'us-east-1' + ip_access_settings: + name: ip_access_settings + id: aws.workspacesweb.ip_access_settings + x-cfn-schema-name: IpAccessSettings + x-type: get + x-identifiers: + - IpAccessSettingsArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AdditionalEncryptionContext') as additional_encryption_context, + JSON_EXTRACT(Properties, '$.AssociatedPortalArns') as associated_portal_arns, + JSON_EXTRACT(Properties, '$.CreationDate') as creation_date, + JSON_EXTRACT(Properties, '$.CustomerManagedKey') as customer_managed_key, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.IpAccessSettingsArn') as ip_access_settings_arn, + JSON_EXTRACT(Properties, '$.IpRules') as ip_rules, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::IpAccessSettings' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AdditionalEncryptionContext') as additional_encryption_context, + json_extract_path_text(Properties, 'AssociatedPortalArns') as associated_portal_arns, + json_extract_path_text(Properties, 'CreationDate') as creation_date, + json_extract_path_text(Properties, 'CustomerManagedKey') as customer_managed_key, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'IpAccessSettingsArn') as ip_access_settings_arn, + json_extract_path_text(Properties, 'IpRules') as ip_rules, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::IpAccessSettings' + AND data__Identifier = '' + AND region = 'us-east-1' + network_settings: + name: network_settings + id: aws.workspacesweb.network_settings + x-cfn-schema-name: NetworkSettings + x-type: get + x-identifiers: + - NetworkSettingsArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AssociatedPortalArns') as associated_portal_arns, + JSON_EXTRACT(Properties, '$.NetworkSettingsArn') as network_settings_arn, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::NetworkSettings' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AssociatedPortalArns') as associated_portal_arns, + json_extract_path_text(Properties, 'NetworkSettingsArn') as network_settings_arn, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'VpcId') as vpc_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::NetworkSettings' + AND data__Identifier = '' + AND region = 'us-east-1' + portals: + name: portals + id: aws.workspacesweb.portals + x-cfn-schema-name: Portal + x-type: list + x-identifiers: + - PortalArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PortalArn') as portal_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpacesWeb::Portal' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PortalArn') as portal_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpacesWeb::Portal' + AND region = 'us-east-1' + portal: + name: portal + id: aws.workspacesweb.portal + x-cfn-schema-name: Portal + x-type: get + x-identifiers: + - PortalArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AdditionalEncryptionContext') as additional_encryption_context, + JSON_EXTRACT(Properties, '$.AuthenticationType') as authentication_type, + JSON_EXTRACT(Properties, '$.BrowserSettingsArn') as browser_settings_arn, + JSON_EXTRACT(Properties, '$.BrowserType') as browser_type, + JSON_EXTRACT(Properties, '$.CreationDate') as creation_date, + JSON_EXTRACT(Properties, '$.CustomerManagedKey') as customer_managed_key, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.IpAccessSettingsArn') as ip_access_settings_arn, + JSON_EXTRACT(Properties, '$.NetworkSettingsArn') as network_settings_arn, + JSON_EXTRACT(Properties, '$.PortalArn') as portal_arn, + JSON_EXTRACT(Properties, '$.PortalEndpoint') as portal_endpoint, + JSON_EXTRACT(Properties, '$.PortalStatus') as portal_status, + JSON_EXTRACT(Properties, '$.RendererType') as renderer_type, + JSON_EXTRACT(Properties, '$.ServiceProviderSamlMetadata') as service_provider_saml_metadata, + JSON_EXTRACT(Properties, '$.StatusReason') as status_reason, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TrustStoreArn') as trust_store_arn, + JSON_EXTRACT(Properties, '$.UserAccessLoggingSettingsArn') as user_access_logging_settings_arn, + JSON_EXTRACT(Properties, '$.UserSettingsArn') as user_settings_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::Portal' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AdditionalEncryptionContext') as additional_encryption_context, + json_extract_path_text(Properties, 'AuthenticationType') as authentication_type, + json_extract_path_text(Properties, 'BrowserSettingsArn') as browser_settings_arn, + json_extract_path_text(Properties, 'BrowserType') as browser_type, + json_extract_path_text(Properties, 'CreationDate') as creation_date, + json_extract_path_text(Properties, 'CustomerManagedKey') as customer_managed_key, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'IpAccessSettingsArn') as ip_access_settings_arn, + json_extract_path_text(Properties, 'NetworkSettingsArn') as network_settings_arn, + json_extract_path_text(Properties, 'PortalArn') as portal_arn, + json_extract_path_text(Properties, 'PortalEndpoint') as portal_endpoint, + json_extract_path_text(Properties, 'PortalStatus') as portal_status, + json_extract_path_text(Properties, 'RendererType') as renderer_type, + json_extract_path_text(Properties, 'ServiceProviderSamlMetadata') as service_provider_saml_metadata, + json_extract_path_text(Properties, 'StatusReason') as status_reason, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TrustStoreArn') as trust_store_arn, + json_extract_path_text(Properties, 'UserAccessLoggingSettingsArn') as user_access_logging_settings_arn, + json_extract_path_text(Properties, 'UserSettingsArn') as user_settings_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::Portal' + AND data__Identifier = '' + AND region = 'us-east-1' + trust_stores: + name: trust_stores + id: aws.workspacesweb.trust_stores + x-cfn-schema-name: TrustStore + x-type: list + x-identifiers: + - TrustStoreArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TrustStoreArn') as trust_store_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpacesWeb::TrustStore' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TrustStoreArn') as trust_store_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpacesWeb::TrustStore' + AND region = 'us-east-1' + trust_store: + name: trust_store + id: aws.workspacesweb.trust_store + x-cfn-schema-name: TrustStore + x-type: get + x-identifiers: + - TrustStoreArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AssociatedPortalArns') as associated_portal_arns, + JSON_EXTRACT(Properties, '$.CertificateList') as certificate_list, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TrustStoreArn') as trust_store_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::TrustStore' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AssociatedPortalArns') as associated_portal_arns, + json_extract_path_text(Properties, 'CertificateList') as certificate_list, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TrustStoreArn') as trust_store_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::TrustStore' + AND data__Identifier = '' + AND region = 'us-east-1' + user_access_logging_settings: + name: user_access_logging_settings + id: aws.workspacesweb.user_access_logging_settings + x-cfn-schema-name: UserAccessLoggingSettings + x-type: get + x-identifiers: + - UserAccessLoggingSettingsArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AssociatedPortalArns') as associated_portal_arns, + JSON_EXTRACT(Properties, '$.KinesisStreamArn') as kinesis_stream_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UserAccessLoggingSettingsArn') as user_access_logging_settings_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::UserAccessLoggingSettings' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AssociatedPortalArns') as associated_portal_arns, + json_extract_path_text(Properties, 'KinesisStreamArn') as kinesis_stream_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UserAccessLoggingSettingsArn') as user_access_logging_settings_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::UserAccessLoggingSettings' + AND data__Identifier = '' + AND region = 'us-east-1' + user_settings: + name: user_settings + id: aws.workspacesweb.user_settings + x-cfn-schema-name: UserSettings + x-type: get + x-identifiers: + - UserSettingsArn + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AdditionalEncryptionContext') as additional_encryption_context, + JSON_EXTRACT(Properties, '$.AssociatedPortalArns') as associated_portal_arns, + JSON_EXTRACT(Properties, '$.CookieSynchronizationConfiguration') as cookie_synchronization_configuration, + JSON_EXTRACT(Properties, '$.CopyAllowed') as copy_allowed, + JSON_EXTRACT(Properties, '$.CustomerManagedKey') as customer_managed_key, + JSON_EXTRACT(Properties, '$.DisconnectTimeoutInMinutes') as disconnect_timeout_in_minutes, + JSON_EXTRACT(Properties, '$.DownloadAllowed') as download_allowed, + JSON_EXTRACT(Properties, '$.IdleDisconnectTimeoutInMinutes') as idle_disconnect_timeout_in_minutes, + JSON_EXTRACT(Properties, '$.PasteAllowed') as paste_allowed, + JSON_EXTRACT(Properties, '$.PrintAllowed') as print_allowed, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UploadAllowed') as upload_allowed, + JSON_EXTRACT(Properties, '$.UserSettingsArn') as user_settings_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::UserSettings' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AdditionalEncryptionContext') as additional_encryption_context, + json_extract_path_text(Properties, 'AssociatedPortalArns') as associated_portal_arns, + json_extract_path_text(Properties, 'CookieSynchronizationConfiguration') as cookie_synchronization_configuration, + json_extract_path_text(Properties, 'CopyAllowed') as copy_allowed, + json_extract_path_text(Properties, 'CustomerManagedKey') as customer_managed_key, + json_extract_path_text(Properties, 'DisconnectTimeoutInMinutes') as disconnect_timeout_in_minutes, + json_extract_path_text(Properties, 'DownloadAllowed') as download_allowed, + json_extract_path_text(Properties, 'IdleDisconnectTimeoutInMinutes') as idle_disconnect_timeout_in_minutes, + json_extract_path_text(Properties, 'PasteAllowed') as paste_allowed, + json_extract_path_text(Properties, 'PrintAllowed') as print_allowed, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UploadAllowed') as upload_allowed, + json_extract_path_text(Properties, 'UserSettingsArn') as user_settings_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::UserSettings' + AND data__Identifier = '' + AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/xray.yaml b/providers/src/aws/v00.00.00000/services/xray.yaml new file mode 100644 index 00000000..95d1d28f --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/xray.yaml @@ -0,0 +1,434 @@ +openapi: 3.0.0 +info: + title: XRay + version: 1.0.0 +paths: {} +components: + schemas: + InsightsConfiguration: + type: object + additionalProperties: false + properties: + InsightsEnabled: + description: Set the InsightsEnabled value to true to enable insights or false to disable insights. + type: boolean + NotificationsEnabled: + description: Set the NotificationsEnabled value to true to enable insights notifications. Notifications can only be enabled on a group with InsightsEnabled set to true. + type: boolean + Tag: + type: object + properties: + Key: + type: string + description: The key name of the tag. + Value: + type: string + description: The value for the tag. + required: + - Key + - Value + additionalProperties: false + Tags: + type: array + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + Group: + type: object + properties: + FilterExpression: + description: The filter expression defining criteria by which to group traces. + type: string + GroupName: + description: The case-sensitive name of the new group. Names must be unique. + type: string + minLength: 1 + maxLength: 32 + GroupARN: + description: The ARN of the group that was generated on creation. + type: string + minLength: 1 + maxLength: 400 + InsightsConfiguration: + $ref: '#/components/schemas/InsightsConfiguration' + Tags: + $ref: '#/components/schemas/Tags' + required: + - GroupName + x-stackql-resource-name: group + description: This schema provides construct and validation rules for AWS-XRay Group resource parameters. + x-type-name: AWS::XRay::Group + x-stackql-primary-identifier: + - GroupARN + x-read-only-properties: + - GroupARN + x-required-properties: + - GroupName + x-required-permissions: + create: + - xray:CreateGroup + - xray:TagResource + read: + - xray:GetGroup + - xray:ListTagsForResource + update: + - xray:UpdateGroup + - xray:TagResource + - xray:UntagResource + - xray:ListTagsForResource + delete: + - xray:DeleteGroup + list: + - xray:GetGroups + - xray:ListTagsForResource + ResourcePolicy: + type: object + properties: + PolicyName: + description: The name of the resource policy. Must be unique within a specific AWS account. + type: string + pattern: '[\w+=,.@-]+' + minLength: 1 + maxLength: 128 + PolicyDocument: + description: The resource policy document, which can be up to 5kb in size. + type: string + minLength: 1 + maxLength: 5120 + BypassPolicyLockoutCheck: + description: A flag to indicate whether to bypass the resource policy lockout safety check + type: boolean + required: + - PolicyName + - PolicyDocument + x-stackql-resource-name: resource_policy + description: This schema provides construct and validation rules for AWS-XRay Resource Policy resource parameters. + x-type-name: AWS::XRay::ResourcePolicy + x-stackql-primary-identifier: + - PolicyName + x-create-only-properties: + - PolicyName + x-write-only-properties: + - BypassPolicyLockoutCheck + x-required-properties: + - PolicyName + - PolicyDocument + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - xray:PutResourcePolicy + - xray:ListResourcePolicies + read: + - xray:ListResourcePolicies + update: + - xray:PutResourcePolicy + - xray:ListResourcePolicies + delete: + - xray:DeleteResourcePolicy + list: + - xray:ListResourcePolicies + SamplingRule: + type: object + properties: + SamplingRule: + $ref: '#/components/schemas/SamplingRule' + SamplingRuleRecord: + $ref: '#/components/schemas/SamplingRuleRecord' + SamplingRuleUpdate: + $ref: '#/components/schemas/SamplingRuleUpdate' + RuleARN: + $ref: '#/components/schemas/RuleARN' + RuleName: + $ref: '#/components/schemas/RuleName' + Tags: + $ref: '#/components/schemas/Tags' + x-stackql-resource-name: sampling_rule + description: This schema provides construct and validation rules for AWS-XRay SamplingRule resource parameters. + x-type-name: AWS::XRay::SamplingRule + x-stackql-primary-identifier: + - RuleARN + x-create-only-properties: + - SamplingRule/Version + x-read-only-properties: + - RuleARN + x-required-permissions: + create: + - xray:CreateSamplingRule + - xray:TagResource + read: + - xray:GetSamplingRules + - xray:ListTagsForResource + update: + - xray:UpdateSamplingRule + - xray:TagResource + - xray:UntagResource + - xray:ListTagsForResource + delete: + - xray:DeleteSamplingRule + list: + - xray:GetSamplingRules + - xray:ListTagsForResource + SamplingRuleRecord: + type: object + additionalProperties: false + properties: + CreatedAt: + description: When the rule was created, in Unix time seconds. + type: string + ModifiedAt: + description: When the rule was modified, in Unix time seconds. + type: string + SamplingRule: + $ref: '#/components/schemas/SamplingRule' + SamplingRuleUpdate: + type: object + additionalProperties: false + properties: + Attributes: + x-$comment: String to string map + description: Matches attributes derived from the request. + type: object + x-patternProperties: + .{1,}: + type: string + additionalProperties: false + FixedRate: + description: The percentage of matching requests to instrument, after the reservoir is exhausted. + type: number + minimum: 0 + maximum: 1 + Host: + description: Matches the hostname from a request URL. + type: string + maxLength: 64 + HTTPMethod: + description: Matches the HTTP method from a request URL. + type: string + maxLength: 10 + Priority: + description: The priority of the sampling rule. + type: integer + minimum: 1 + maximum: 9999 + ReservoirSize: + description: A fixed number of matching requests to instrument per second, prior to applying the fixed rate. The reservoir is not used directly by services, but applies to all services using the rule collectively. + type: integer + minimum: 0 + ResourceARN: + description: Matches the ARN of the AWS resource on which the service runs. + type: string + maxLength: 500 + RuleARN: + $ref: '#/components/schemas/RuleARN' + RuleName: + $ref: '#/components/schemas/RuleName' + ServiceName: + description: Matches the name that the service uses to identify itself in segments. + type: string + maxLength: 64 + ServiceType: + description: Matches the origin that the service uses to identify its type in segments. + type: string + maxLength: 64 + URLPath: + description: Matches the path from a request URL. + type: string + maxLength: 128 + RuleName: + description: The ARN of the sampling rule. Specify a rule by either name or ARN, but not both. + type: string + minLength: 1 + maxLength: 32 + RuleARN: + description: The ARN of the sampling rule. Specify a rule by either name or ARN, but not both. + type: string + x-stackQL-resources: + groups: + name: groups + id: aws.xray.groups + x-cfn-schema-name: Group + x-type: list + x-identifiers: + - GroupARN + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GroupARN') as group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::XRay::Group' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GroupARN') as group_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::XRay::Group' + AND region = 'us-east-1' + group: + name: group + id: aws.xray.group + x-cfn-schema-name: Group + x-type: get + x-identifiers: + - GroupARN + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FilterExpression') as filter_expression, + JSON_EXTRACT(Properties, '$.GroupName') as group_name, + JSON_EXTRACT(Properties, '$.GroupARN') as group_arn, + JSON_EXTRACT(Properties, '$.InsightsConfiguration') as insights_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::XRay::Group' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FilterExpression') as filter_expression, + json_extract_path_text(Properties, 'GroupName') as group_name, + json_extract_path_text(Properties, 'GroupARN') as group_arn, + json_extract_path_text(Properties, 'InsightsConfiguration') as insights_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::XRay::Group' + AND data__Identifier = '' + AND region = 'us-east-1' + resource_policies: + name: resource_policies + id: aws.xray.resource_policies + x-cfn-schema-name: ResourcePolicy + x-type: list + x-identifiers: + - PolicyName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::XRay::ResourcePolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PolicyName') as policy_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::XRay::ResourcePolicy' + AND region = 'us-east-1' + resource_policy: + name: resource_policy + id: aws.xray.resource_policy + x-cfn-schema-name: ResourcePolicy + x-type: get + x-identifiers: + - PolicyName + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.BypassPolicyLockoutCheck') as bypass_policy_lockout_check + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::XRay::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PolicyName') as policy_name, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'BypassPolicyLockoutCheck') as bypass_policy_lockout_check + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::XRay::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + sampling_rules: + name: sampling_rules + id: aws.xray.sampling_rules + x-cfn-schema-name: SamplingRule + x-type: list + x-identifiers: + - RuleARN + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RuleARN') as rule_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::XRay::SamplingRule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RuleARN') as rule_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::XRay::SamplingRule' + AND region = 'us-east-1' + sampling_rule: + name: sampling_rule + id: aws.xray.sampling_rule + x-cfn-schema-name: SamplingRule + x-type: get + x-identifiers: + - RuleARN + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SamplingRule') as sampling_rule, + JSON_EXTRACT(Properties, '$.SamplingRuleRecord') as sampling_rule_record, + JSON_EXTRACT(Properties, '$.SamplingRuleUpdate') as sampling_rule_update, + JSON_EXTRACT(Properties, '$.RuleARN') as rule_arn, + JSON_EXTRACT(Properties, '$.RuleName') as rule_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::XRay::SamplingRule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SamplingRule') as sampling_rule, + json_extract_path_text(Properties, 'SamplingRuleRecord') as sampling_rule_record, + json_extract_path_text(Properties, 'SamplingRuleUpdate') as sampling_rule_update, + json_extract_path_text(Properties, 'RuleARN') as rule_arn, + json_extract_path_text(Properties, 'RuleName') as rule_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::XRay::SamplingRule' + AND data__Identifier = '' + AND region = 'us-east-1'